diff --git a/.build_exclusions b/.build_exclusions
index b8a9d2465a61..226dfd415add 100644
--- a/.build_exclusions
+++ b/.build_exclusions
@@ -10,10 +10,8 @@ chrome/content/rules/validity-*
 chrome/content/rules/make-*
 *.xcf.gz
 .gitignore
-webextension/.gitignore
-chrome-resources/update-from-chrome-svn.sh
-webextension/chrome-resources/update-from-chrome-svn.sh
 .eslintrc.json
-webextension/.eslintrc.json
 .eslintignore
 node_modules
+package-lock.json
+test
diff --git a/.editorconfig b/.editorconfig
index e93ea3f1b6c3..3188469e924a 100644
--- a/.editorconfig
+++ b/.editorconfig
@@ -1,4 +1,4 @@
-# EditorConfig is awesome: http://EditorConfig.org
+# EditorConfig is awesome: https://EditorConfig.org
 
 root = true
 
diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md
index ba89d09a6c9e..e57a0b19e0e8 100644
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -4,37 +4,8 @@
 [//]: # (Please help us by following this issue template.)
 [//]: # (You can delete all blank lines and all lines starting)
 [//]: # (with the comment marker, such as this one.)
-[//]: #
-[//]: # (Delete all but one of the following "Type" lines.)
-[//]: # (Leave in the line that best describes the issue you are reporting.)
 
-Type: ruleset issue
-Type: new ruleset
-Type: code issue
-Type: feature request
 Type: other
 
-[//]: # (If you are reporting a ruleset/website problem, include the top-level)
-[//]: # (domain below. For example, if you want to report an issue about)
-[//]: # ("one.example.com" and "two.example.com", then the line below should)
-[//]: # (be:)
-[//]: #
-[//]: # (Domain: example.com)
-[//]: #
-[//]: # (Be sure to remove the parenthesis and comment marker.  If you are only)
-[//]: # (reporting an issue about "one.example.com", then the line below should)
-[//]: # (be:)
-[//]: #
-[//]: # (Domain: one.example.com) 
-[//]: #
-[//]: # (Only include one top-level domain. If you have more than one top-level)
-[//]: # (domain to report, such as both "example.com" and "example.org", open a)
-[//]: # (new issue for each top-level domain.)
-[//]: #
-[//]: # (If you are not reporting a ruleset/website problem, you can delete the)
-[//]: # ("Domain" line or leave it blank.)
-
-Domain:
-
 [//]: # (Include any other relevant information below. Thank you again for)
 [//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/code-issue.md b/.github/ISSUE_TEMPLATE/code-issue.md
new file mode 100644
index 000000000000..c62ff8b75aff
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/code-issue.md
@@ -0,0 +1,16 @@
+---
+name: Code issue report
+about: Report an issue about our code
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+
+Type: code issue
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md
new file mode 100644
index 000000000000..eb831076fd25
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/feature-request.md
@@ -0,0 +1,16 @@
+---
+name: Feature request
+about: Request a feature to help us improve HTTPS Everywhere
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+
+Type: feature request
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/new-ruleset.md b/.github/ISSUE_TEMPLATE/new-ruleset.md
new file mode 100644
index 000000000000..59250bbece3f
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/new-ruleset.md
@@ -0,0 +1,42 @@
+---
+name: New ruleset
+about: Request/submit a new ruleset
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+[//]: #
+[//]: # (Delete all but one of the following "Type" lines.)
+[//]: # (Leave in the line that best describes the issue you are reporting.)
+[//]: #
+[//]: # (If you are submitting a new ruleset, please check the list at)
+[//]: # (https://www.eff.org/https-everywhere/atlas/index.html and the open)
+[//]: # (issues and pull requests to make sure it doesn't already exist.)
+
+Type: new ruleset
+
+[//]: # (If you are reporting a ruleset/website problem, include the top-level)
+[//]: # (domain below. For example, if you want to report an issue about)
+[//]: # ("one.example.com" and "two.example.com", then the line below should)
+[//]: # (be:)
+[//]: #
+[//]: # (Domain: example.com)
+[//]: #
+[//]: # (Be sure to remove the parenthesis and comment marker.  If you are only)
+[//]: # (reporting an issue about "one.example.com", then the line below should)
+[//]: # (be:)
+[//]: #
+[//]: # (Domain: one.example.com)
+[//]: #
+[//]: # (Only include one top-level domain. If you have more than one top-level)
+[//]: # (domain to report, such as both "example.com" and "example.org", open a)
+[//]: # (new issue for each top-level domain.)
+
+Domain:
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/ISSUE_TEMPLATE/ruleset-issue.md b/.github/ISSUE_TEMPLATE/ruleset-issue.md
new file mode 100644
index 000000000000..7b1217b52b42
--- /dev/null
+++ b/.github/ISSUE_TEMPLATE/ruleset-issue.md
@@ -0,0 +1,22 @@
+---
+name: Ruleset/website issue report
+about: Report a issue about a ruleset/website
+---
+
+[//]: # (Thank you for reporting an issue to HTTPS Everywhere.)
+[//]: # (We welcome input from users on improving this project.)
+[//]: #
+[//]: # (Please help us by following this issue template.)
+[//]: # (You can delete all blank lines and all lines starting)
+[//]: # (with the comment marker, such as this one.)
+[//]: #
+
+Type: ruleset/website issue
+
+[//]: # (Uncomment and fill the domain bellow if you belive that yet another)
+[//]: # (domain should be added to the existing ruleset.)
+
+[//]: # Domain:
+
+[//]: # (Include any other relevant information below. Thank you again for)
+[//]: # (helping to improve HTTPS Everywhere.)
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 000000000000..89917ee4ceb8
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,20 @@
+version: 2
+updates:
+  # Maintain dependencies for npm
+  - package-ecosystem: "npm"
+    directory: "/chromium/"
+    schedule:
+      interval: "weekly"
+      day: "monday"
+      time: "06:00"
+    assignees:
+      - "zoracon"
+    commit-message:
+      prefix: "npmauto"
+    labels:
+      - "dependencies"
+    pull-request-branch-name:
+      separator: "-"
+    reviewers:
+      - "zoracon"
+    versioning-strategy: widen
diff --git a/.github/pull_request_template.md b/.github/pull_request_template.md
new file mode 100644
index 000000000000..ef2f1688f71e
--- /dev/null
+++ b/.github/pull_request_template.md
@@ -0,0 +1,9 @@
+Fixes #(issue)
+
+## Type of change
+
+- [ ] Bug fix (non-breaking change which fixes an issue)
+- [ ] New feature (non-breaking change which adds functionality)
+- [ ] Refactoring existing code
+- [ ] New Ruleset
+- [ ] Existing Ruleset
diff --git a/.gitignore b/.gitignore
index 252f5c330084..104e25eb17f3 100644
--- a/.gitignore
+++ b/.gitignore
@@ -11,7 +11,7 @@ chromium.pem
 from-preloads/
 pkg/
 src/chrome/content/rules/default.rulesets
-src/chrome/content/rulesets.json
+src/chrome/content/rules/default.rulesets.json
 src/defaults/rulesets.sqlite
 test_profile/
 tokenkeys.py*
diff --git a/.gitmodules b/.gitmodules
index 049bbbed911c..1919060dd62c 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -2,3 +2,7 @@
 	path = translations
 	url = https://git.torproject.org/translation.git
 	branch = https_everywhere
+
+[submodule "lib-wasm"]
+	path = lib-wasm
+	url = https://github.com/EFForg/https-everywhere-lib-wasm.git
diff --git a/.travis.yml b/.travis.yml
index 3fda2a067fb8..f028c3a3915c 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,28 +1,29 @@
 sudo: required
 os: linux
-dist: trusty
+dist: bionic
 language: python
 python: 3.6
-group: deprecated-2017Q4
+group: bionic
 services:
   - docker
+  - xvfb
 matrix:
   fast_finish: true
   include:
     - env: TEST="lint"
       language: node_js
       node_js:
-        - "node"
+        - "lts/*"
     - env: TEST="unittests"
       language: node_js
-      node_js: node
-        - "node"
+      node_js:
+        - "lts/*"
     - env: TEST="validations"
     - env: TEST="fetch"
     - env: TEST="preloaded"
-    - addons:
-        chrome: beta
-      env: TEST="chrome beta" BROWSER=google-chrome-beta
+    # - addons:
+    #     chrome: beta
+    #   env: TEST="chrome beta" BROWSER=google-chrome-beta
     - addons:
         chrome: stable
       env: TEST="chrome stable" BROWSER=google-chrome-stable
@@ -32,8 +33,5 @@ matrix:
     - addons:
         firefox: latest-esr
       env: TEST="firefox esr" BROWSER=firefox
-before_install:
-  - export DISPLAY=:99.0
-  - sh -e /etc/init.d/xvfb start
 before_script: travis_retry test/setup_travis.sh
 script: . test/run_travis.sh
diff --git a/CODE_OF_CONDUCT.md b/CODE_OF_CONDUCT.md
new file mode 100644
index 000000000000..f5636ad09567
--- /dev/null
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1 @@
+This project is governed by [EFF's Public Projects Code of Conduct](https://www.eff.org/pages/eppcode).
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 3bef3a56544f..3ddaf4439e1d 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -1,41 +1,51 @@
 # Table of Contents
 
-* [Welcome!](#welcome)
-    * [HTTPS Everywhere Source Code Layout](#https-everywhere-source-code-layout)
-    * [Submitting Changes](#submitting-changes)
-* [Contributing Rulesets](#contributing-rulesets)
-    * [General Info](#general-info)
-    * [New Rulesets](#new-rulesets)
-    * [Minimum Requirements for a Ruleset PR](#minimum-requirements-for-a-ruleset-pr)
-    * [Testing](#testing)
-    * [Ruleset Style Guide](#ruleset-style-guide)
-        * [Motivation](#motivation)
-        * [Indentation & Misc Stylistic Conventions](#indentation--misc-stylistic-conventions)
-        * [Wildcards in Targets](#wildcards-in-targets)
-            * [Left-Wildcards](#left-wildcards)
-            * [Edge-Case: Right-Wildcards](#edge-case-right-wildcards)
-        * [Complicated Regex in Rules](#complicated-regex-in-rules)
-        * [Enumerating Subdomains](#enumerating-subdomains)
-        * [Target Ordering](#target-ordering)
-        * [Rule Ordering](#rule-ordering)
-        * [Non-working hosts](#non-working-hosts)
-        * [Ruleset Names](#ruleset-names)
-            * [Filenames](#filenames)
-        * [Cross-referencing Rulesets](#cross-referencing-rulesets)
-        * [Regex Conventions](#regex-conventions)
-        * [Snapping Redirects](#snapping-redirects)
-        * [Example: Ruleset before style guidelines are applied](#example-ruleset-before-style-guidelines-are-applied)
-        * [Example: Ruleset after style guidelines are applied, with test URLs](#example-ruleset-after-style-guidelines-are-applied-with-test-urls)
-    * [Removal of Rules](#removal-of-rules)
-        * [Regular Rules](#regular-rules)
-        * [HSTS Preloaded Rules](#hsts-preloaded-rules)
-* [Contributing Code](#contributing-code)
-* [Contributing Documentation](#contributing-documentation)
-* [Contributing Translations](#contributing-translations)
-
-* * *
+## General Info
 
-# Welcome!
+**On May 31st, 2021 we will end manual additions to the rulesets.** Please see [this explanation on the future of HTTPSE Rulesets.](https://github.com/EFForg/https-everywhere/blob/master/docs/adrs/duckduckgo-smarter-encryption.md)
+
+We will continue accept requests on rulesets already in our list that are causing significant breakage for users through the summer. However, in autumn, we will begin the plan to ultimately move our crowdsourced rulesets out of the extension in favor of the Smarter Encryption Ruleset.
+
+- [Table of Contents](#table-of-contents)
+- [Welcome](#welcome)
+  - [HTTPS Everywhere Source Code Layout](#https-everywhere-source-code-layout)
+  - [Install Dependencies and Test Build](#install-dependencies-and-test-build)
+  - [Precommit Testing](#precommit-testing)
+  - [Testing](#testing)
+    - [Quickly Testing a Ruleset](#quickly-testing-a-ruleset)
+    - [Coverage](#coverage)
+  - [Submitting Changes](#submitting-changes)
+  - [Contributing Rulesets](#contributing-rulesets)
+    - [General Info](#general-info)
+    - [New Rulesets](#new-rulesets)
+    - [Minimum Requirements for a Ruleset PR](#minimum-requirements-for-a-ruleset-pr)
+  - [Ruleset Style Guide](#ruleset-style-guide)
+    - [Motivation](#motivation)
+    - [Indentation & Misc Stylistic Conventions](#indentation--misc-stylistic-conventions)
+    - [Wildcards in Targets](#wildcards-in-targets)
+      - [Left-Wildcards](#left-wildcards)
+      - [Edge-Case: Right-Wildcards](#edge-case-right-wildcards)
+    - [Complicated Regex in Rules](#complicated-regex-in-rules)
+    - [Enumerating Subdomains](#enumerating-subdomains)
+    - [Target Ordering](#target-ordering)
+    - [Rule Ordering](#rule-ordering)
+    - [Non-working hosts](#non-working-hosts)
+    - [Ruleset Names](#ruleset-names)
+      - [Filenames](#filenames)
+    - [Cross-referencing Rulesets](#cross-referencing-rulesets)
+    - [Regex Conventions](#regex-conventions)
+    - [Snapping Redirects](#snapping-redirects)
+    - [Example: Ruleset before style guidelines are applied](#example-ruleset-before-style-guidelines-are-applied)
+    - [Example: Ruleset after style guidelines are applied, with test URLs](#example-ruleset-after-style-guidelines-are-applied-with-test-urls)
+  - [Removal of Rules](#removal-of-rules)
+    - [Regular Rules](#regular-rules)
+    - [HSTS Preloaded Rules](#hsts-preloaded-rules)
+  - [Contributing Code](#contributing-code)
+  - [Contributing Documentation](#contributing-documentation)
+  - [Pull Requests from Deleted Accounts](#pull-requests-from-deleted-accounts)
+  - [Contributing Translations](#contributing-translations)
+
+# Welcome
 
 Welcome, and thank you for your interest in contributing to HTTPS Everywhere! HTTPS Everywhere depends on the open source community for its continued success, so any contribution is appreciated.
 
@@ -43,12 +53,13 @@ One of the things that makes it easy to contribute to HTTPS Everywhere is that y
 
 If you want to have the greatest impact, however, you can help be a ruleset maintainer. Ruleset maintainers are trusted volunteers who examine rulesets contributed by others and work with them to ensure that these rulesets work properly and are styled correctly before they're merged in. While we currently have a couple of extremely dedicated and extremely proficient ruleset maintainers, the backlog of sites to add to HTTPS Everywhere just keeps growing, and they need help! If you would like to volunteer to become one, the best thing to do is to build trust in your work by monitoring the repository, contributing pull requests, and commenting on issues that interest you. Then you can contact us at https-everywhere-rules-owner [at] eff <dot> org expressing your interest in helping out.
 
-If you get stuck we have two publicly-archived mailing lists: the https-everywhere list (https://lists.eff.org/mailman/listinfo/https-everywhere) is for discussing the project as a whole, and the https-everywhere-rulesets list (https://lists.eff.org/mailman/listinfo/https-everywhere-rules) is for discussing the `rulesets` and their contents, including patches and git pull requests.
+If you get stuck we have two publicly-archived mailing lists: the [https-everywhere list](https://lists.eff.org/mailman/listinfo/https-everywhere) is for discussing the project as a whole, and the [https-everywhere-rulesets list](https://lists.eff.org/mailman/listinfo/https-everywhere-rules) is for discussing the `rulesets` and their contents, including patches and git pull requests.
 
 You can also find more information on about HTTPS Everywhere on our [FAQ](https://www.eff.org/https-everywhere/faq) page.
 
-Thanks again, and we look forward to your contributions!
+Also, please remember that this project is governed by [EFF's Public Projects Code of Conduct](https://www.eff.org/pages/eppcode).
 
+Thanks again, and we look forward to your contributions!
 
 ## HTTPS Everywhere Source Code Layout
 
@@ -62,37 +73,98 @@ The utilities ([`utils`](utils) top-level path) include scripts that build the e
 
 Tests are performed in headless browsers and located in the [`test`](test) top-level path.  These are written in Python, and some of the wrappers for these tests are in shell scripts.
 
+Source Tree:
+
+		chromium/                 WebExtension source code (for Firefox & Chromium/chrome)
+		chromium/external         External dependencies
+		chromium/test             Unit tests
+
+		rules/                    Symbolic link to src/chrome/content/rules
+
+		src/chrome/content/rules  Ruleset files live here
+
+		test/                     Travis unit test source code live here
+
+		utils/                    Various utilities (includes some Travis test source)
+
+## Install Dependencies and Test Build
+
+Get the packages you need and install a git hook to run tests before push:
+
+		bash install-dev-dependencies.sh
+
+Run the ruleset validations and browser tests:
+
+		bash test.sh
+
+Run the latest code and rulesets in a standalone Firefox profile:
+
+		bash test/firefox.sh --justrun
+
+Run the latest code and rulesets in a standalone profile for a specific version of Firefox:
+
+		FIREFOX=/path/to/firefox bash test/firefox.sh --justrun
+
+Run the latest code and rulesets in a standalone Chromium profile:
+
+		bash test/chromium.sh --justrun
+
+Run the latest code and rulesets in a standalone Tor Browser profile:
+
+		bash test/tor-browser.sh path_to_tor_browser.tar.xz
+
+Build the Firefox (.xpi) & Chromium (.crx) extensions:
+
+		bash make.sh
+
+Both of the build commands store their output under pkg/.
+
+## Precommit Testing
+
+One can run the available test suites automatically by enabling the precommit
+hook provided with:
+
+		ln -s ../../hooks/precommit .git/hooks/pre-commit
+
+## Testing
+
+### Quickly Testing a Ruleset
+
+1. Open a version of the Firefox or Chrome browser without HTTPS Everywhere loaded to the HTTP endpoint
+
+2. From your working ruleset branch, test with running `bash test/firefox.sh --justrun` or `bash test/chromium.sh --justrun` to open a fresh profile with the extension loaded and click around and compare the look and functionality of both sites. If something fails to load or looks strange, you may be able to debug the problem by opening the network tab of your browser debugging tool.  Modify the `ruleset` until you get it in a good state - you'll have to re-run the HTTPS Everywhere-equipped browser upon each change.
+
+### Coverage
+
+Please reference [HTTPS Ruleset Checker](https://github.com/EFForg/https-everywhere/blob/master/test/rules/README.md) to properly test rulesets against our tests before sending a pull request.
+
 ## Submitting Changes
 
 To submit changes, open a pull request from our [GitHub repository](https://github.com/efforg/https-everywhere).
 
 HTTPS Everywhere is maintained by a limited set of staff and volunteers.  Please be mindful that we may take a while before we're able to review your contributions.
 
-* * *
-
-# Contributing Rulesets
-
-## General Info
+## Contributing Rulesets
 
 Thanks for your interest in contributing to the HTTPS Everywhere `rulesets`! There's just a few things you should know before jumping in. First some terminology, which will help you understand how exactly `rulesets` are structured and what each one contains:
 
-- `ruleset`: a scope in which `rules`, `targets`, and `tests` are contained. `rulesets` are usually named after the entity which controls the group of `targets` contained in it.  There is one `ruleset` per XML file within the `src/chrome/content/rules` directory.
-- `target`: a Fully Qualified Domain Name which may include a wildcard specified by `*.` on the left side, which `rules` are applied to. There may be many `targets` within any given `ruleset`.
-- `rule`: a specific regular expression rewrite that is applied for all matching `targets` within the same `ruleset`.  There may be many `rules` within any given `ruleset`.
-- `test`: a URL for which a request is made to ensure that the rewrite is working properly.  There may be many `tests` within any given `ruleset`.
+* `ruleset`: a scope in which `rules`, `targets`, and `tests` are contained. `rulesets` are usually named after the entity which controls the group of `targets` contained in it.  There is one `ruleset` per XML file within the `src/chrome/content/rules` directory.
+* `target`: a Fully Qualified Domain Name which may include a wildcard specified by `*.` on the left side, which `rules` are applied to. There may be many `targets` within any given `ruleset`.
+* `rule`: a specific regular expression rewrite that is applied for all matching `targets` within the same `ruleset`.  There may be many `rules` within any given `ruleset`.
+* `test`: a URL for which a request is made to ensure that the rewrite is working properly.  There may be many `tests` within any given `ruleset`.
 
 ```xml
 <!--
-        An example ruleset. Note that this example doesn't necessarily
-        satisfy the style criteria described below - we just have it
-        here to show you what the components of a ruleset looks like.
+				An example ruleset. Note that this example doesn't necessarily
+				satisfy the style criteria described below - we just have it
+				here to show you what the components of a ruleset looks like.
 -->
 <ruleset name="eff.org">
-        <target host="*.eff.org" />
+				<target host="*.eff.org" />
 
-        <rule from="^http:" to="https:" />
+				<rule from="^http:" to="https:" />
 
-        <test url="http://www.eff.org/https-everywhere/" />
+				<test url="http://www.eff.org/https-everywhere/" />
 </ruleset>
 ```
 
@@ -100,18 +172,20 @@ HTTPS Everywhere includes tens of thousands of `rulesets`.  Any one of these sit
 
 Some `rulesets` have the attribute `platform="mixedcontent"`.  These `rulesets` cause problems in browsers that enable active mixed-content (loading insecure resources in a secure page) blocking.  When browsers started enforcing active mixed-content blocking, some HTTPS sites started to break.  That's why we introduced this tag - it disables those `rulesets` for browsers blocking active mixed content.  It is likely that many of these sites have fixed this historical problem, so we particularly encourage `ruleset` contributors to fix these `rulesets` first:
 
-    git grep -i mixedcontent src/chrome/content/rules
+		git grep -i mixedcontent src/chrome/content/rules
 
-## New Rulesets
+### New Rulesets
 
 If you want to create new `rulesets` to submit to us, we expect them to be in the `src/chrome/content/rules` directory. That directory also contains a useful script, `make-trivial-rule`, to create a simple `ruleset` for a specified domain. There is also a script in `test/validations/special/run.py`, to check all the pending `rulesets` for several common errors and oversights. For example, if you wanted to make a `ruleset` for the `example.com` domain, you could run:
-```
+
+```bash
 cd src/chrome/content/rules
 bash ./make-trivial-rule example.com
 ```
+
 This would create `Example.com.xml`, which you could then take a look at and edit based on your knowledge of any specific URLs at `example.com` that do or don't work in HTTPS. Please have a look at our Ruleset Style Guide below, where you can find useful tips about finding more subdomains. Our goal is to have as many subdomains covered as we can find.
 
-## Minimum Requirements for a Ruleset PR
+### Minimum Requirements for a Ruleset PR
 
 There are several volunteers to HTTPS Everywhere who have graciously dedicated their time to look at the `ruleset` contributions and work with contributors to ensure quality of the pull requests before merging.  It is typical for there to be several back-and-forth communications with these `ruleset` maintainers before a PR is in a good shape to merge.  Please be patient and respectful, the maintainers are donating their time for no benefit other than the satisfaction of making the web more secure.  They are under no obligation to merge your request, and may reject it if it is impossible to ensure quality.  You can identify these volunteers by looking for the "Collaborator" identifier in their comments on HTTPS Everywhere issues and pull requests.
 
@@ -119,12 +193,6 @@ In the back-and-forth process of getting the `ruleset` in good shape, there may
 
 We prefer small, granular changes to the rulesets.  Not only are these easier to test and review, this results in cleaner commits.
 
-## Testing
-
-A general workflow for testing sites that provide both HTTP and HTTPS follows.  Open a version of the browser of your choice without HTTPS Everywhere loaded to the HTTP endpoint, alongside the browser with the latest code and rulesets for HTTPS Everywhere loaded to the HTTPS endpoint (as described in [README.md](README.md).)  Click around and compare the look and functionality of both sites.
-
-If something fails to load or looks strange, you may be able to debug the problem by opening the network tab of your browser debugging tool.  Modify the `ruleset` until you get it in a good state - you'll have to re-run the HTTPS Everywhere-equipped browser upon each change.
-
 ## Ruleset Style Guide
 
 ### Motivation
@@ -170,19 +238,19 @@ In general, avoid using open-ended regex in rules.  In certain cases, open-ended
 Examples:
 
 * Rulesets with a lot of domains that we can catch with a simple regex that would be tedious and error-prone to list individually, like [`360.cn.xml`](https://github.com/EFForg/https-everywhere/blob/9698e64a2de7cf37509ab13ba9dcfd5bd4f84a95/src/chrome/content/rules/360.cn.xml#L98-L103)
-* CDNs with an arbitrarily large number of subdomains, like https://github.com/EFForg/https-everywhere/pull/7484#issuecomment-262852427 .
+* CDNs with an arbitrarily large number of subdomains ([example](https://github.com/EFForg/https-everywhere/pull/7484#issuecomment-262852427)).
 
 ### Enumerating Subdomains
 
 If you're not sure what subdomains might exist, you can install the `Sublist3r` tool:
 
-    git clone https://github.com/aboul3la/Sublist3r.git
-    cd Sublist3r
-    sudo pip install -r requirements.txt # or use virtualenv...
+		git clone https://github.com/aboul3la/Sublist3r.git
+		cd Sublist3r
+		sudo pip install -r requirements.txt # or use virtualenv...
 
 Then you can to enumerate the list of subdomains:
 
-    python sublist3r.py -d example.com -e Baidu,Yahoo,Google,Bing,Ask,Netcraft,Virustotal,SSL
+		python sublist3r.py -d example.com -e Baidu,Yahoo,Google,Bing,Ask,Netcraft,Virustotal,SSL
 
 Alternatively, you can iteratively use Google queries and enumerate the list of results like such:
 
@@ -196,15 +264,15 @@ Alternatively, you can iteratively use Google queries and enumerate the list of
 
 In all cases where there is a list of domains, sort them in alphabetical order starting from the top level domain at the right reading left, moving ^ and www to the top of their group. For example:
 
-    example.com
-    www.example.com
-    a.example.com
-    www.a.example.com
-    b.a.example.com
-    b.example.com
-    example.net
-    www.example.net
-    a.example.net
+		example.com
+		www.example.com
+		a.example.com
+		www.a.example.com
+		b.a.example.com
+		b.example.com
+		example.net
+		www.example.net
+		a.example.net
 
 ### Rule Ordering
 
@@ -217,23 +285,23 @@ It is useful to list hosts that do not work in the comments of a `ruleset`.  Thi
 For easy reading, please avoid using UTF characters unless in the rare instances that they are part of the hostname itself.
 
 Example:
+
 ```xml
 <!--
-        Invalid certificate:
-                8marta.glavbukh.ru
-                forum2.glavbukh.ru (incomplete certificate chain)
+	Invalid certificate:
+					incomplete.example.com (incomplete certificate chain)
+					selfsigned.example.com
+					wronghost.example.com
 
-        Redirect to HTTP:
-                8marta2013.glavbukh.ru
-                den.glavbukh.ru
+	Redirect to HTTP:
+					httponly.example.com
 
-        Refused:
-                e.glavbukh.ru
-                www.e.glavbukh.ru
+	Refused:
+					abc.example.com
+					abc.abc.example.com
 
-        Time out:
-                psd.glavbukh.ru
-                str.glavbukh.ru
+	Time out:
+					drop.example.com
 
 -->
 ```
@@ -278,17 +346,17 @@ Prefer capturing groups `(www\.)?` over non-capturing `(?:www\.)?`. The non-capt
 
 ### Snapping Redirects
 
-Avoid snapping redirects. For instance, if https://foo.fm serves HTTPS correctly, but redirects to https://foo.com, it's tempting to rewrite foo.fm to foo.com, to save users the latency of the redirect. However, such rulesets are less obviously correct and require more scrutiny. And the redirect can go out of date and cause problems. HTTPS Everywhere rulesets should change requests the minimum amount necessary to ensure a secure connection.
+Avoid snapping redirects. For instance, if `https://foo.fm` serves HTTPS correctly, but redirects to `https://foo.com`, it's tempting to rewrite `foo.fm` to `foo.com`, to save users the latency of the redirect. However, such rulesets are less obviously correct and require more scrutiny. And the redirect can go out of date and cause problems. HTTPS Everywhere rulesets should change requests the minimum amount necessary to ensure a secure connection.
 
 ### Example: Ruleset before style guidelines are applied
 
 ```xml
 <ruleset name="WHATWG.org">
-  <target host='whatwg.org' />
-  <target host="*.whatwg.org" />
+		<target host='whatwg.org' />
+		<target host="*.whatwg.org" />
 
-  <rule from="^http://((?:developers|html-differences|images|resources|\w+\.spec|wiki|www)\.)?whatwg\.org/"
-    to="https://$1whatwg.org/" />
+		<rule from="^http://((?:developers|html-differences|images|resources|\w+\.spec|wiki|www)\.)?whatwg\.org/"
+		to="https://$1whatwg.org/" />
 </ruleset>
 ```
 
@@ -309,8 +377,7 @@ Avoid snapping redirects. For instance, if https://foo.fm serves HTTPS correctly
 		<test url="http://dom.spec.whatwg.org/" />
 	<target host="wiki.whatwg.org" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
 ```
 
@@ -326,59 +393,45 @@ In `utils` we have a tool called `hsts-prune` which removes `targets` from rules
 
 > Let `included domain` denote either a `target`, or a parent of a `target`.  Let `supported browsers` include the ESR, Dev, and Stable releases of Firefox, and the Stable release of Chromium.  If `included domain` is a parent of the `target`, the `included domain` must be present in the HSTS preload list for all `supported browsers` with the relevant flag which denotes inclusion of subdomains set to `true`.  If `included domain` is the `target` itself, it must be included the HSTS preload list for all `supported browsers`.  Additionally, if the http endpoint of the `target` exists, it must issue a 3XX redirect to the https endpoint for that target.  Additionally, the https endpoint for the `target` must deliver a `Strict-Transport-Security` header with the following directives present:
 >
-> - `max-age` >= 10886400
-> - `includeSubDomains`
-> - `preload`
+> * `max-age` >= 31536000
+> * `includeSubDomains`
+> * `preload`
 >
 > If all the above conditions are met, a contributor may remove the `target` from the HTTPS Everywhere rulesets.  If all targets are removed for a ruleset, the contributor is advised to remove the ruleset file itself.  The ruleset `rule` and `test` tags may need to be modified in order to pass the ruleset coverage test.
 
 Every new pull request automatically has the `hsts-prune` utility applied to it as part of the continual integration process.  If a new PR introduces a `target` which is preloaded, it will fail the CI test suite.  See:
 
-- `.travis.yml`
-- `test/run_travis.sh`
+* `.travis.yml`
+* `test/run_travis.sh`
 
-* * *
-
-# Contributing Code
+## Contributing Code
 
 In addition to `ruleset` contributions, we also encourage code contributions to HTTPS Everywhere.  There are a few considerations to keep in mind when contributing code.
 
 Officially supported browsers:
 
-- Firefox Stable
-- Firefox ESR
-- Chromium Stable
+* Firefox Stable
+* Firefox ESR
+* Chromium Stable
 
 We also informally support the Opera browser, but do not have tooling around testing Opera.  Firefox ESR is supported because this is what the [Tor Browser](https://www.torproject.org/projects/torbrowser.html.en), which includes HTTPS Everywhere, is built upon.  For the test commands, refer to [README.md](README.md).
 
-The current extension maintainer is @Hainish.  You can tag him for PRs which involve the core codebase.
+The current extension maintainer is [@zoracon](https://github.com/zoracon).  You can tag them for PRs which involve the core codebase.
 
 Several of our utilities and our full test suite is written in Python.  Eventually we would like the whole codebase to be standardized as JavaScript.  If you are so inclined, it would be helpful to rewrite the tooling and tests into JavaScript while maintaining the functionality.
 
-* * *
-
-# Contributing Documentation
+## Contributing Documentation
 
 Standalone documentation should be written in [Markdown](https://en.wikipedia.org/wiki/Markdown) that follows the [Google style guide](https://github.com/google/styleguide/blob/gh-pages/docguide/style.md). If you are updating existing documentation that does not follow the Google style guide, then you should follow the style of the file you are updating.
 
 * * *
 
-# Pull Requests from Deleted Accounts
+## Pull Requests from Deleted Accounts
 
 Sometimes a contributor will [delete their GitHub account](https://help.github.com/articles/deleting-your-user-account/) after submitting a pull request, resulting in the pull request being associated with the [Ghost user (@ghost)](https://github.com/ghost).  These @ghost pull requests can cause problems for HTTPS Everywhere maintainers, leaving questions unanswered and closing off the possibility of receiving maintainer feedback to solicit clarification or request changes.
 
 We ask that if you want to delete your GitHub account, you either close your HTTPS Everywhere pull requests before you delete your account, or wait to delete your account until we merge your pull requests. Otherwise, maintainers are free to close @ghost pull requests without any comment.
 
-* * *
-
-# Contributing Translations
-
-HTTPS Everywhere translations are handled through Transifex.  The easiest way to help with translations is to [create a Transifex account](https://www.transifex.com/signup/) if you don't already have one.  Then log into your account and click "Explore", then search for "Tor Project", and click on The Tor Project.  Then choose the language you plan to translate into, click on the name of that language, and then click "Join team" and "Go" to accept joining the translation team for your language.
-
-Then, in the Tor Project resources list, find and click the link for the file
+## Contributing Translations
 
-    HTTPS Everywhere - https-everywhere.dtd
-
-and choose "Translate now" to enter the translation interface.
-
-* * *
+We are reviewing our process around translations and currently discussing ways to improve. Translations are still processed under the same entity and those who have an account already, do not need to take action at this time. Thank you for your contributions.
diff --git a/LICENSE.txt b/LICENSE.txt
index 454ba6460dab..7c7a3bde0e95 100644
--- a/LICENSE.txt
+++ b/LICENSE.txt
@@ -1,12 +1,15 @@
 HTTPS Everywhere:
-Copyright © 2010-2017 Electronic Frontier Foundation and others
+Copyright © 2010-2021 Electronic Frontier Foundation and others
 Licensed GPL v2+
 
 HTTPS Everywhere Rulesets (src/chrome/content/rules):
 To the extent copyright applies to the rulesets, they can be used according to GPL v2 or later.
 
+The DuckDuckGo Smarter Encryption list, utilized by HTTPS Everywhere at https://www.https-rulesets.org/ddg, is publicly available under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0. International license. 
+If you'd like to license the list for commercial use, please reach out to: https://help.duckduckgo.com/duckduckgo-help-pages/company/contact-us/
+
 Issue Format Bot (utils/issue-format-bot/*):
 Copyright © 2017 AJ Jordan, AGPLv3+
 
-The build system incorporates code from Python 3.6
+The build system incorporates code from Python 3.6 and Python 3 respectively
 Copyright © 2001-2018 Python Software Foundation; All Rights Reserved
diff --git a/README.md b/README.md
index 9e10be63cde6..d3255879024e 100644
--- a/README.md
+++ b/README.md
@@ -1,69 +1,23 @@
-[HTTPS Everywhere](https://www.eff.org/https-everywhere) [![Build Status](https://travis-ci.org/EFForg/https-everywhere.svg?branch=master)](https://travis-ci.org/EFForg/https-everywhere)
+[![Build Status](https://travis-ci.com/EFForg/https-everywhere.svg?branch=master)](https://travis-ci.com/EFForg/https-everywhere)
 [![Coverage Status](https://coveralls.io/repos/github/EFForg/https-everywhere/badge.svg?branch=master)](https://coveralls.io/github/EFForg/https-everywhere?branch=master)
-================
 
-Getting Started
----------------
+# Update on HTTPS Everywhere
+⚠️This project is no longer being maintained or updated. Please uninstall and direct users to the advice below to switch to HTTPS by default natively.
 
-Get the packages you need and install a git hook to run tests before push:
+You no longer need HTTPS Everywhere to set HTTPS by default! Major browsers now offer native support for an HTTPS only mode.
+Find out how to turn it on [here](https://www.eff.org/https-everywhere/set-https-default-your-browser).
 
-    bash install-dev-dependencies.sh
+This extension will be sunset by January 2023.
 
-Run the ruleset validations and browser tests:
 
-    bash test.sh
+# Getting Started With HTTPS Everywhere
 
-Run the latest code and rulesets in a standalone Firefox profile:
+HTTPS Everywhere is a Firefox, Chrome, and Opera extension that encrypts your communications with many major websites, making your browsing more secure. Encrypt the web: [Install HTTPS Everywhere today](https://www.eff.org/https-everywhere).
 
-    bash test/firefox.sh --justrun
+## For Users
 
-Run the latest code and rulesets in a standalone profile for a specific version of Firefox:
+Want to install or uninstall HTTPS Everywhere? Have questions? [View this guide](https://www.eff.org/https-everywhere) for installation and here for [FAQs](https://www.eff.org/https-everywhere/faq).
 
-    FIREFOX=/path/to/firefox bash test/firefox.sh --justrun
+## For Website Owners and Maintainers
 
-Run the latest code and rulesets in a standalone Chromium profile:
-
-    bash test/chromium.sh --justrun
-
-Run the latest code and rulesets in a standalone Tor Browser profile:
-
-    bash test/tor-browser.sh path_to_tor_browser.tar.xz
-
-Build the Firefox (.xpi) & Chromium (.crx) extensions:
-
-    bash make.sh
-
-Both of the build commands store their output under pkg/.
-
-Precommit Testing
------------------
-
-One can run the available test suites automatically by enabling the precommit
-hook provided with:
-
-    ln -s ../../hooks/precommit .git/hooks/pre-commit
-
-Source Tree
------------
-
-This is the source tree for HTTPS Everywhere for Firefox and Chrome.
-
-Important directories you might want to know about
-
-
-    chromium/                 WebExtension source code (for Firefox & Chromium/chrome)
-    chromium/external         External dependencies
-    chromium/test             Unit tests
-
-    rules/                    Symbolic link to src/chrome/content/rules
-
-    src/chrome/content/rules  Ruleset files live here
-
-    test/                     Travis unit test source code live here
-
-    utils/                    Various utilities (includes some Travis test source)
-
-Hacking on the Source Code
---------------------------
-
-Please refer to our [contributing](CONTRIBUTING.md) document to contribute to the project.
+Want to deploy HTTPS on your site? [View this guide](https://www.eff.org/https-everywhere/deploying-https).
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 000000000000..186e6892ac86
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,17 @@
+# Security Policy
+
+## Supported Versions
+
+Use this section to tell people about which versions of your project are
+currently being supported with security updates.
+
+| Browser         |  Supported         |
+| --------------- | ------------------ |
+| Firefox         | :white_check_mark: |
+| Firefox Android | :white_check_mark: |
+| Chrome          | :white_check_mark: |
+| Opera           | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+https://www.eff.org/security
diff --git a/browser-dist/README.md b/browser-dist/README.md
new file mode 100644
index 000000000000..47385bff828a
--- /dev/null
+++ b/browser-dist/README.md
@@ -0,0 +1,32 @@
+# Browser Distribution Special Cases
+
+## Edge
+
+Case:
+Edge does not accept CRX files for direct upload to store.
+
+Work around: `edge.sh`
+
+## Opera
+
+Case:
+Opera does not accept `default.rulesets` due to strict MIME type restriction
+
+In order to not disrupt many downstream channels, we are building a separate CRX file for Opera for now.
+
+Work around: `opera.sh`
+
+## Build process
+
+These scripts are normally ran after main build and deployment is finished. The reason being we want a confirmed CRX file upload to Chrome to build the Edge zip and Opera crx distributions on.
+
+## CRX Verification of Files before Upload
+
+Install Node Package for CRX Verification via NPM
+`[sudo] npm -g i crx3-utils`
+
+### Verify CRX file
+
+1. `crx3-info rsa 0 < $crx > public.pem`
+2. `crx3-verify rsa 0 public.pem < $crx`
+3. `echo "CRX verified"`
diff --git a/browser-dist/edge.sh b/browser-dist/edge.sh
new file mode 100755
index 000000000000..d8d62cd4a259
--- /dev/null
+++ b/browser-dist/edge.sh
@@ -0,0 +1,25 @@
+#!/bin/bash
+# Written for transparency and reproducibility on Edge upload
+# See browser-dist.md for more info
+
+VERSION=`python3 -c "import json ; print(json.loads(open('../chromium/manifest.json').read())['version'])"`
+crx_cws="../pkg/https-everywhere-$VERSION-cws.crx"
+crx_eff="../pkg/https-everywhere-$VERSION-eff.crx"
+
+crx3-info rsa 0 < $crx_cws > public.pem
+crx3-verify rsa 0 public.pem < $crx_cws
+echo "CRX verified"
+
+#Build Edge Zip File
+echo "Building Edge Zip"
+crx3-info < $crx_eff | awk '/^header/ {print $2}' \
+    | xargs -I% dd if=$crx_eff iflag=skip_bytes skip=% > https-everywhere-$VERSION-edge.zip
+
+echo >&2 "Edge zip package has sha256sum: `openssl dgst -sha256 -binary "https-everywhere-$VERSION-edge.zip" | xxd -p`"
+
+mv https-everywhere-$VERSION-edge.zip ../pkg/https-everywhere-$VERSION-edge.zip
+
+echo "Created pkg/https-everywhere-$VERSION-edge.zip"
+
+#Now remove unneeded pem file
+rm public.pem
\ No newline at end of file
diff --git a/browser-dist/opera.sh b/browser-dist/opera.sh
new file mode 100755
index 000000000000..261b8ad41b6c
--- /dev/null
+++ b/browser-dist/opera.sh
@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+
+# Build an HTTPS Everywhere Opera CRX Distribution
+# Written for transparency and reproducibility on Opera upload
+# See browser-dist.md for more info
+
+# To build the current state of the tree:
+#
+#     ./browser-dist-opera.sh
+#
+# To build a particular tagged release:
+#
+#     ./browser-dist-opera.sh <version number>
+#
+# eg:
+#
+#     ./browser-dist-opera.sh 2017.8.15
+#
+# Note that .crx files must be signed; this script makes you a
+# "dummy-chromium.pem" private key for you to sign your own local releases,
+# but these .crx files won't detect and upgrade to official HTTPS Everywhere
+# releases signed by EFF :/.  We should find a more elegant arrangement.
+
+! getopt --test > /dev/null
+if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
+  echo 'I’m sorry, `getopt --test` failed in this environment.'
+  exit 1
+fi
+
+OPTIONS=eck:
+LONGOPTS=remove-extension-update,remove-update-channels,key:
+! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS --name "$0" -- "$@")
+if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+  # e.g. return value is 1
+  #  then getopt has complained about wrong arguments to stdout
+  exit 2
+fi
+
+# read getopt’s output this way to handle the quoting right:
+eval set -- "$PARSED"
+
+REMOVE_EXTENSION_UPDATE=false
+REMOVE_UPDATE_CHANNELS=false
+KEY=$(pwd)/dummy-chromium.pem
+while true; do
+  case "$1" in
+    -e|--remove-extension-update)
+      REMOVE_EXTENSION_UPDATE=true
+      shift
+      ;;
+    -c|--remove-update-channels)
+      REMOVE_UPDATE_CHANNELS=true
+      shift
+      ;;
+    -k|--key)
+      KEY="$2"
+      shift 2
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Programming error"
+      exit 3
+      ;;
+  esac
+done
+
+if [ "${KEY:0:1}" != "/" ]; then
+  echo "Key must be specified as an absolute path."
+  exit 4
+fi
+
+cd $(dirname $0)
+
+if [ -n "$1" ]; then
+  BRANCH=`git branch | head -n 1 | cut -d \  -f 2-`
+  SUBDIR=checkout
+  [ -d $SUBDIR ] || mkdir $SUBDIR
+  cp -r -f -a .git $SUBDIR
+  cd $SUBDIR
+  git reset --hard "$1"
+  git submodule update --recursive -f
+fi
+
+VERSION=`python3 -c "import json ; print(json.loads(open('../chromium/manifest.json').read())['version'])"`
+
+echo "Building version" $VERSION
+
+[ -d pkg ] || mkdir -p ../pkg
+[ -e pkg/crx-opera ] && rm -rf ../pkg/crx-opera
+
+# Clean up obsolete ruleset databases, just in case they still exist.
+rm -f src/chrome/content/rules/default.rulesets src/defaults/rulesets.sqlite
+
+mkdir -p ../pkg/crx-opera/rules
+cd ../pkg/crx-opera
+cp -a ../../chromium/* ./
+# Turn the Firefox translations into the appropriate Chrome format:
+rm -rf _locales/
+mkdir _locales/
+python3 ../../utils/chromium-translations.py ../../translations/ _locales/
+python3 ../../utils/chromium-translations.py ../../src/chrome/locale/ _locales/
+do_not_ship="*.py *.xml"
+rm -f $do_not_ship
+
+mkdir wasm
+cp ../../lib-wasm/pkg/*.wasm wasm
+cp ../../lib-wasm/pkg/*.js wasm
+
+cd ../..
+
+python3 ./utils/merge-rulesets.py || exit 5
+
+cp src/chrome/content/rules/default.rulesets.json pkg/crx-opera/rules/default.rulesets.json
+
+sed -i -e "s/VERSION/$VERSION/g" pkg/crx-opera/manifest.json
+
+for x in `cat .build_exclusions`; do
+  rm -rf pkg/crx-opera/$x
+done
+
+#Create Opera CRX caveat
+cd pkg/crx-opera
+sed -i 's/rules\/default.rulesets/rules\/default.rulesets.json/g' background-scripts/update.js
+cd ../..
+
+# Remove the 'applications' manifest key from the crx version of the extension, change the 'author' string to a hash, and add the "update_url" manifest key
+# "update_url" needs to be present to avoid problems reported in https://bugs.chromium.org/p/chromium/issues/detail?id=805755
+python3 -c "import json; m=json.loads(open('pkg/crx-opera/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; open('pkg/crx-opera/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+
+# If the --remove-update-channels flag is set, remove all out-of-band update channels
+if $REMOVE_UPDATE_CHANNELS; then
+  echo "Flag --remove-update-channels specified.  Removing all out-of-band update channels."
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/crx-opera/background-scripts/update_channels.js
+fi
+
+if [ -n "$BRANCH" ] ; then
+  crx_opera="pkg/https-everywhere-$VERSION-opera.crx"
+else
+  crx_opera="pkg/https-everywhere-$VERSION-pre-opera.crx"
+fi
+if ! [ -f "$KEY" ] ; then
+  echo "Making a dummy signing key for local build purposes"
+  openssl genrsa -out /tmp/dummy-chromium.pem 768
+  openssl pkcs8 -topk8 -nocrypt -in /tmp/dummy-chromium.pem -out $KEY
+fi
+
+# now pack the crx'es
+BROWSER="chromium-browser"
+which $BROWSER || BROWSER="chromium"
+
+$BROWSER --no-message-box --pack-extension="pkg/crx-opera" --pack-extension-key="$KEY" 2> /dev/null
+
+mv pkg/crx-opera.crx $crx_opera
+
+echo >&2 "Opera crx package has sha256sum: `openssl dgst -sha256 -binary "$crx_opera" | xxd -p`"
+echo >&2 "Total included rules: `find src/chrome/content/rules -name "*.xml" | wc -l`"
+echo >&2 "Rules disabled by default: `find src/chrome/content/rules -name "*.xml" | xargs grep -F default_off | wc -l`"
+
+echo "Created $crx_opera"
+
+if [ -n "$BRANCH" ]; then
+  cd ..
+  cp $SUBDIR/$crx_opera pkg
+  rm -rf $SUBDIR
+fi
diff --git a/chromium/.eslintignore b/chromium/.eslintignore
index 79f09976bfe8..6f1043967f94 100644
--- a/chromium/.eslintignore
+++ b/chromium/.eslintignore
@@ -1 +1 @@
-external/*
+external/
diff --git a/chromium/.eslintrc.json b/chromium/.eslintrc.json
index 2851620f3a87..c696ae27c66e 100644
--- a/chromium/.eslintrc.json
+++ b/chromium/.eslintrc.json
@@ -5,17 +5,23 @@
     "webextensions": true
   },
   "parserOptions": {
-    "ecmaVersion": 2017,
+    "ecmaVersion": 2019,
     "sourceType": "script"
   },
   "rules": {
     "indent": ["error", 2, {"outerIIFEBody": 0}],
     "no-unused-vars": "error",
     "no-undef": "error",
-    "strict": ["error", "global"]
+    "strict": ["error", "global"],
+    "semi": ["error", "always"],
+    "space-before-blocks": ["error"],
+    "brace-style": ["error"],
+    "no-invalid-regexp": "error",
+    "no-trailing-spaces": "error"
   },
   "globals": {
     "exports": true,
-    "require": true
+    "require": true,
+    "wasm_bindgen": true
   }
 }
diff --git a/chromium/.gitignore b/chromium/.gitignore
index 7f2b090f975b..94dda0257826 100644
--- a/chromium/.gitignore
+++ b/chromium/.gitignore
@@ -1 +1,2 @@
+.nyc_output
 updates.xml
diff --git a/chromium/background-scripts/background.js b/chromium/background-scripts/background.js
index 4208e9d0efd5..331e6dc22432 100644
--- a/chromium/background-scripts/background.js
+++ b/chromium/background-scripts/background.js
@@ -5,49 +5,88 @@
 const rules = require('./rules'),
   store = require('./store'),
   incognito = require('./incognito'),
-  util = require('./util');
-
+  util = require('./util'),
+  update = require('./update'),
+  { update_channels } = require('./update_channels'),
+  wasm = require('./wasm'),
+  ipUtils = require('./ip_utils'),
+  ssl_codes = require('./ssl_codes');
 
 let all_rules = new rules.RuleSets();
+let blooms = [];
 
 async function initialize() {
+  await wasm.initialize();
   await store.initialize();
   await store.performMigrations();
   await initializeStoredGlobals();
-  await all_rules.loadFromBrowserStorage(store);
+  await getUpgradeToSecureAvailable();
+  await update.initialize(store, initializeAllRules);
+  await all_rules.loadFromBrowserStorage(store, update.applyStoredRulesets);
+  await update.applyStoredBlooms(blooms);
   await incognito.onIncognitoDestruction(destroy_caches);
 }
 initialize();
 
 async function initializeAllRules() {
   const r = new rules.RuleSets();
-  await r.loadFromBrowserStorage(store);
+  await r.loadFromBrowserStorage(store, update.applyStoredRulesets);
   Object.assign(all_rules, r);
+  blooms.length = 0;
+  await update.applyStoredBlooms(blooms);
 }
 
 /**
  * Load preferences. Structure is:
  *  {
  *    httpNowhere: Boolean,
- *    showCounter: Boolean,
  *    isExtensionEnabled: Boolean
  *  }
  */
 var httpNowhereOn = false;
-var showCounter = true;
 var isExtensionEnabled = true;
+let disabledList = new Set();
+let httpOnceList = new Set();
+
+/**
+ * Check if HTTPS Everywhere should be ON for host
+ */
+function isExtensionDisabledOnSite(host) {
+  // make sure the host is not matched in the httpOnceList
+  if (httpOnceList.has(host)) {
+    return true;
+  }
+
+  // make sure the host is not matched in the disabledList
+  if (disabledList.has(host)) {
+    return true;
+  }
+
+  // make sure the host is matched by any wildcard expressions in the disabledList
+  const experessions = util.getWildcardExpressions(host);
+  for (const expression of experessions) {
+    if (disabledList.has(expression)) {
+      return true;
+    }
+  }
 
-function initializeStoredGlobals(){
+  // otherwise return false
+  return false;
+}
+
+function initializeStoredGlobals() {
   return new Promise(resolve => {
     store.get({
       httpNowhere: false,
-      showCounter: true,
       globalEnabled: true,
-      enableMixedRulesets: false
+      enableMixedRulesets: false,
+      disabledList: []
     }, function(item) {
       httpNowhereOn = item.httpNowhere;
-      showCounter = item.showCounter;
       isExtensionEnabled = item.globalEnabled;
+      for (let disabledSite of item.disabledList) {
+        disabledList.add(disabledSite);
+      }
       updateState();
 
       rules.settings.enableMixedRulesets = item.enableMixedRulesets;
@@ -57,20 +96,42 @@ function initializeStoredGlobals(){
   });
 }
 
+/** @type {boolean} */
+let upgradeToSecureAvailable = false;
+
+function getUpgradeToSecureAvailable() {
+  if (typeof browser !== 'undefined') {
+    return browser.runtime.getBrowserInfo().then(function(info) {
+      let version = info.version.match(/^(\d+)/)[1];
+      if (info.name == "Firefox" && version >= 59) {
+        upgradeToSecureAvailable = true;
+      } else {
+        upgradeToSecureAvailable = false;
+      }
+    });
+  } else {
+    return new Promise(resolve => {
+      upgradeToSecureAvailable = false;
+      resolve();
+    });
+  }
+}
+
 chrome.storage.onChanged.addListener(async function(changes, areaName) {
   if (areaName === 'sync' || areaName === 'local') {
     if ('httpNowhere' in changes) {
       httpNowhereOn = changes.httpNowhere.newValue;
       updateState();
     }
-    if ('showCounter' in changes) {
-      showCounter = changes.showCounter.newValue;
-      updateState();
-    }
     if ('globalEnabled' in changes) {
       isExtensionEnabled = changes.globalEnabled.newValue;
       updateState();
     }
+    if ('enableMixedRulesets' in changes) {
+      // Don't require users to restart the browsers
+      rules.settings.enableMixedRulesets = changes.enableMixedRulesets.newValue;
+      initializeAllRules();
+    }
     if ('debugging_rulesets' in changes) {
       initializeAllRules();
     }
@@ -86,20 +147,23 @@ if (chrome.windows) {
   chrome.windows.onFocusChanged.addListener(function() {
     updateState();
   });
+
+  // Grant access to HTTP site only during session, clear once window is closed
+  chrome.windows.onRemoved.addListener(function() {
+    chrome.windows.getAll({}, function(windows) {
+      if(windows.length > 0) {
+        return;
+      } else {
+        httpOnceList.clear();
+      }
+    });
+  });
+
 }
 chrome.webNavigation.onCompleted.addListener(function() {
   updateState();
 });
 
-// Records which tabId's are active in the HTTPS Switch Planner (see
-// pages/devtools/panel-ux.js).
-var switchPlannerEnabledFor = {};
-// Detailed information recorded when the HTTPS Switch Planner is active.
-// Structure is:
-//   switchPlannerInfo[tabId]["rw"/"nrw"][resource_host][active_content][url];
-// rw / nrw stand for "rewritten" versus "not rewritten"
-var switchPlannerInfo = {};
-
 /**
  * Set the icon color correctly
  * active: extension is enabled.
@@ -118,33 +182,37 @@ function updateState () {
     iconState = 'blocking';
   }
 
-  if ('setIcon' in chrome.browserAction) {
-    chrome.browserAction.setIcon({
-      path: {
-        38: 'images/icons/icon-' + iconState + '-38.png'
-      }
-    });
-  }
-
   chrome.browserAction.setTitle({
     title: 'HTTPS Everywhere' + ((iconState === 'active') ? '' : ' (' + iconState + ')')
   });
 
-  chrome.tabs.query({ active: true, currentWindow: true }, function(tabs) {
-    if (!tabs || tabs.length === 0) {
-      return;
-    }
-    const tabId = tabs[0].id;
-    const activeCount = appliedRulesets.getActiveRulesetCount(tabId);
+  const chromeUrl = 'chrome://';
 
-    if ('setBadgeBackgroundColor' in chrome.browserAction) {
-      chrome.browserAction.setBadgeBackgroundColor({ color: '#666666', tabId });
+  chrome.tabs.query({ active: true, currentWindow: true, status: 'complete' }, function(tabs) {
+    if (!tabs || tabs.length === 0 || tabs[0].url.startsWith(chromeUrl) ) {
+      return;
     }
 
-    const showBadge = activeCount > 0 && isExtensionEnabled && showCounter;
+    // tabUrl.host instead of hostname should be used to show the "disabled" status properly (#19293)
+    const tabUrl = new URL(tabs[0].url);
+    const host = util.getNormalisedHostname(tabUrl.host);
 
-    if ('setBadgeText' in chrome.browserAction) {
-      chrome.browserAction.setBadgeText({ text: showBadge ? String(activeCount) : '', tabId });
+    if (isExtensionDisabledOnSite(host) || iconState == "disabled") {
+      if ('setIcon' in chrome.browserAction) {
+        chrome.browserAction.setIcon({
+          path: {
+            38: 'images/icons/icon-disabled-38.png'
+          }
+        });
+      }
+    } else {
+      if ('setIcon' in chrome.browserAction) {
+        chrome.browserAction.setIcon({
+          path: {
+            38: 'images/icons/icon-' + iconState + '-38.png'
+          }
+        });
+      }
     }
   });
 }
@@ -153,44 +221,63 @@ function updateState () {
  * The following allows fennec to interact with the popup ui
  * */
 chrome.browserAction.onClicked.addListener(e => {
-  const url = chrome.extension.getURL("/pages/popup/index.html?tabId=" + e.id);
+  const url = chrome.runtime.getURL("/pages/popup/index.html?tabId=" + e.id);
   chrome.tabs.create({
     url
   });
 });
 
-
-
 /**
- * Add a listener for removed tabs
+ * A centralized storage for browsing data within the browser session.
  */
-function AppliedRulesets() {
-  this.active_tab_rules = new Map();
-  this.active_tab_main_frames = new Map();
+function BrowserSession() {
+  this.tabs = new Map();
+  this.requests = new Map();
 
-  let that = this;
   if (chrome.tabs) {
-    chrome.tabs.onRemoved.addListener(function(tabId) {
-      that.removeTab(tabId);
+    chrome.tabs.onRemoved.addListener(tabId => {
+      this.deleteTab(tabId);
     });
   }
 }
 
-AppliedRulesets.prototype = {
-  addRulesetToTab: function(tabId, type, ruleset) {
-    if (!this.active_tab_main_frames.has(tabId)) {
-      this.active_tab_main_frames.set(tabId, false);
+BrowserSession.prototype = {
+  putTab: function(tabId, key, value, overwrite) {
+    if (!this.tabs.has(tabId)) {
+      this.tabs.set(tabId, {});
+    }
+
+    if (!(key in this.tabs.get(tabId)) || overwrite) {
+      this.tabs.get(tabId)[key] = value;
+    }
+  },
+
+  getTab: function(tabId, key, defaultValue) {
+    if (this.tabs.has(tabId) && key in this.tabs.get(tabId)) {
+      return this.tabs.get(tabId)[key];
+    }
+    return defaultValue;
+  },
+
+  deleteTab: function(tabId) {
+    if (this.tabs.has(tabId)) {
+      this.tabs.delete(tabId);
     }
+  },
+
+  putTabAppliedRulesets: function(tabId, type, ruleset) {
+    this.putTab(tabId, "main_frame", false, false);
 
     // always show main_frame ruleset on the top
     if (type == "main_frame") {
-      this.active_tab_main_frames.set(tabId, true);
-      this.active_tab_rules.set(tabId, [ruleset,]);
+      this.putTab(tabId, "main_frame", true, true);
+      this.putTab(tabId, "applied_rulesets", [ruleset,], true);
       return ;
     }
 
-    if (this.active_tab_rules.has(tabId)) {
-      let rulesets = this.active_tab_rules.get(tabId);
+    // sort by ruleset names alphabetically, case-insensitive
+    if (this.getTab(tabId, "applied_rulesets", null)) {
+      let rulesets = this.getTab(tabId, "applied_rulesets", null);
       let insertIndex = 0;
 
       const ruleset_name = ruleset.name.toLowerCase();
@@ -200,7 +287,7 @@ AppliedRulesets.prototype = {
 
         if (item_name == ruleset_name) {
           return ;
-        } else if (insertIndex == 0 && this.active_tab_main_frames.get(tabId)) {
+        } else if (insertIndex == 0 && this.getTab(tabId, "main_frame", false)) {
           insertIndex = 1;
         } else if (item_name < ruleset_name) {
           insertIndex++;
@@ -208,45 +295,46 @@ AppliedRulesets.prototype = {
       }
       rulesets.splice(insertIndex, 0, ruleset);
     } else {
-      this.active_tab_rules.set(tabId, [ruleset,]);
+      this.putTab(tabId, "applied_rulesets", [ruleset,], true);
     }
   },
 
-  getRulesets: function(tabId) {
-    if (this.active_tab_rules.has(tabId)) {
-      return this.active_tab_rules.get(tabId);
-    } else {
-      return null;
-    }
+  getTabAppliedRulesets: function(tabId) {
+    return this.getTab(tabId, "applied_rulesets", null);
   },
 
-  removeTab: function(tabId) {
-    this.active_tab_rules.delete(tabId);
-    this.active_tab_main_frames.delete(tabId);
+  putRequest: function(requestId, key, value) {
+    if (!this.requests.has(requestId)) {
+      this.requests.set(requestId, {});
+    }
+    this.requests.get(requestId)[key] = value;
   },
 
-  getActiveRulesetCount: function (tabId) {
-    let activeCount = 0;
+  getRequest: function(requestId, key, defaultValue) {
+    if (this.requests.has(requestId) && key in this.requests.get(requestId)) {
+      return this.requests.get(requestId)[key];
+    }
+    return defaultValue;
+  },
 
-    const rulesets = this.getRulesets(tabId);
-    if (rulesets) {
-      for (const ruleset of rulesets) {
-        if (ruleset.active) {
-          activeCount++;
-        }
-      }
+  deleteRequest: function(requestId) {
+    if (this.requests.has(requestId)) {
+      this.requests.delete(requestId);
     }
-    return activeCount;
   }
 };
 
-var appliedRulesets = new AppliedRulesets();
+let browserSession = new BrowserSession();
 
 var urlBlacklist = new Set();
 
-// redirect counter workaround
-// TODO: Remove this code if they ever give us a real counter
-var redirectCounter = new Map();
+const cancelUrl = chrome.runtime.getURL("/pages/cancel/index.html");
+
+function redirectOnCancel(shouldCancel, originURL) {
+  return shouldCancel ? {redirectUrl: newCancelUrl(originURL)} : {cancel: false};
+}
+
+const newCancelUrl = originURL => `${cancelUrl}?originURL=${encodeURIComponent(originURL)}`;
 
 /**
  * Called before a HTTP(s) request. Does the heavy lifting
@@ -262,20 +350,42 @@ function onBeforeRequest(details) {
   let uri = new URL(details.url);
 
   // Normalise hosts with tailing dots, e.g. "www.example.com."
-  let canonical_host = uri.hostname;
-  while (canonical_host.charAt(canonical_host.length - 1) == ".") {
-    canonical_host = canonical_host.slice(0, -1);
-    uri.hostname = canonical_host;
+  uri.hostname = util.getNormalisedHostname(uri.hostname);
+
+  let ip = ipUtils.parseIp(uri.hostname);
+
+  let isLocalIp = false;
+
+  if (ip !== -1) {
+    isLocalIp = ipUtils.isLocalIp(ip);
+  }
+
+  if (details.type == "main_frame") {
+    // Clear the content from previous browser session.
+    // This needed to be done before this listener returns,
+    // otherwise, the extension popup might include rulesets
+    // from previous page.
+    browserSession.deleteTab(details.tabId);
+
+    // Check if an user has disabled HTTPS Everywhere on this site.  We should
+    // ensure that all subresources are not run through HTTPS Everywhere as well.
+    browserSession.putTab(details.tabId, 'first_party_host', uri.host, true);
+  }
+
+  if (isExtensionDisabledOnSite(browserSession.getTab(details.tabId, 'first_party_host', null))) {
+    return;
   }
 
   // Should the request be canceled?
+  // true if the URL is a http:// connection to a remote canonical host, and not
+  // a tor hidden service
   const shouldCancel = httpNowhereOn &&
-    uri.protocol === 'http:' &&
+    (uri.protocol === 'http:' || uri.protocol === 'ftp:') &&
     uri.hostname.slice(-6) !== '.onion' &&
     uri.hostname !== 'localhost' &&
-    !/^127(\.[0-9]{1,3}){3}$/.test(canonical_host) &&
-    !/^0\.0\.0\.0$/.test(canonical_host) &&
-    uri.hostname !== '[::1]';
+    !uri.hostname.endsWith('.localhost') &&
+    uri.hostname !== '[::1]' &&
+    !isLocalIp;
 
   // If there is a username / password, put them aside during the ruleset
   // analysis process
@@ -290,38 +400,53 @@ function onBeforeRequest(details) {
     uri.password = '';
   }
 
-  var canonical_url = uri.href;
-  if (details.url != canonical_url && !using_credentials_in_url) {
+  if (details.url != uri.href && !using_credentials_in_url) {
     util.log(util.INFO, "Original url " + details.url +
-        " changed before processing to " + canonical_url);
+        " changed before processing to " + uri.href);
   }
-  if (urlBlacklist.has(canonical_url)) {
-    return {cancel: shouldCancel};
+  if (urlBlacklist.has(uri.href)) {
+    return redirectOnCancel(shouldCancel, details.url);
   }
 
-  if (details.type == "main_frame") {
-    appliedRulesets.removeTab(details.tabId);
+  if (browserSession.getRequest(details.requestId, "redirect_count", 0) >= 8) {
+    util.log(util.NOTE, "Redirect counter hit for " + uri.href);
+    urlBlacklist.add(uri.href);
+    rules.settings.domainBlacklist.add(uri.hostname);
+    util.log(util.WARN, "Domain blacklisted " + uri.hostname);
+    return redirectOnCancel(shouldCancel, details.url);
   }
 
-  var potentiallyApplicable = all_rules.potentiallyApplicableRulesets(canonical_host);
-
-  if (redirectCounter.get(details.requestId) >= 8) {
-    util.log(util.NOTE, "Redirect counter hit for " + canonical_url);
-    urlBlacklist.add(canonical_url);
-    rules.settings.domainBlacklist.add(canonical_host);
-    util.log(util.WARN, "Domain blacklisted " + canonical_host);
-    return {cancel: shouldCancel};
-  }
+  // whether to use mozilla's upgradeToSecure BlockingResponse if available
+  let upgradeToSecure = false;
+  let newuristr = null;
 
-  var newuristr = null;
+  let potentiallyApplicable = all_rules.potentiallyApplicableRulesets(uri.hostname);
 
   for (let ruleset of potentiallyApplicable) {
-    appliedRulesets.addRulesetToTab(details.tabId, details.type, ruleset);
-    if (ruleset.active && !newuristr) {
-      newuristr = ruleset.apply(canonical_url);
+    if (details.url.match(ruleset.scope)) {
+      browserSession.putTabAppliedRulesets(details.tabId, details.type, ruleset);
+      if (ruleset.active && !newuristr) {
+        newuristr = ruleset.apply(uri.href);
+      }
     }
   }
 
+  if (newuristr == null && blooms.length > 0 && uri.protocol === 'http:') {
+    for(let bloom of blooms) {
+      if(bloom.check(uri.hostname)) {
+        newuristr = uri.href.replace(/^http:/, "https:");
+        break;
+      }
+    }
+  }
+
+  // only use upgradeToSecure for trivial rewrites
+  if (upgradeToSecureAvailable && newuristr) {
+    // check rewritten URIs against the trivially upgraded URI
+    const trivialUpgradeUri = uri.href.replace(/^http:/, "https:");
+    upgradeToSecure = (newuristr == trivialUpgradeUri);
+  }
+
   // re-insert userpass info which was stripped temporarily
   if (using_credentials_in_url) {
     if (newuristr) {
@@ -330,124 +455,49 @@ function onBeforeRequest(details) {
       uri_with_credentials.password = tmp_pass;
       newuristr = uri_with_credentials.href;
     } else {
-      const canonical_url_with_credentials = new URL(canonical_url);
-      canonical_url_with_credentials.username = tmp_user;
-      canonical_url_with_credentials.password = tmp_pass;
-      canonical_url = canonical_url_with_credentials.href;
+      const url_with_credentials = new URL(uri.href);
+      url_with_credentials.username = tmp_user;
+      url_with_credentials.password = tmp_pass;
+      uri.href = url_with_credentials.href;
     }
   }
 
-  // In Switch Planner Mode, record any non-rewriteable
-  // HTTP URIs by parent hostname, along with the resource type.
-  if (switchPlannerEnabledFor[details.tabId] && uri.protocol !== "https:") {
-    writeToSwitchPlanner(details.type,
-      details.tabId,
-      canonical_host,
-      details.url,
-      newuristr);
-  }
-
   if (httpNowhereOn) {
     // If loading a main frame, try the HTTPS version as an alternative to
     // failing.
     if (shouldCancel) {
       if (!newuristr) {
-        return {redirectUrl: canonical_url.replace(/^http:/, "https:")};
+        newuristr = uri.href.replace(/^http:/, "https:");
+        browserSession.putRequest(details.requestId, "simple_http_nowhere_redirect", true);
+        upgradeToSecure = true;
       } else {
-        return {redirectUrl: newuristr.replace(/^http:/, "https:")};
+        newuristr = newuristr.replace(/^http:/, "https:");
       }
     }
-    if (newuristr && newuristr.substring(0, 5) === "http:") {
-      // Abort early if we're about to redirect to HTTP in HTTP Nowhere mode
-      return {cancel: true};
+    if (
+      newuristr &&
+      (
+        newuristr.substring(0, 5) === "http:" ||
+        newuristr.substring(0, 4) === "ftp:"
+      )
+    ) {
+      // Abort early if we're about to redirect to HTTP or FTP in HTTP Nowhere mode
+      return {redirectUrl: newCancelUrl(newuristr)};
     }
   }
 
-  if (newuristr) {
+  if (upgradeToSecureAvailable && upgradeToSecure) {
+    util.log(util.INFO, 'onBeforeRequest returning upgradeToSecure: true');
+    return {upgradeToSecure: true};
+  } else if (newuristr) {
+    util.log(util.INFO, 'onBeforeRequest returning redirectUrl: ' + newuristr);
     return {redirectUrl: newuristr};
   } else {
-    return {cancel: shouldCancel};
+    util.log(util.INFO, 'onBeforeRequest returning shouldCancel: ' + shouldCancel);
+    return redirectOnCancel(shouldCancel, details.url);
   }
 }
 
-
-// Map of which values for the `type' enum denote active vs passive content.
-// https://developer.chrome.com/extensions/webRequest.html#event-onBeforeRequest
-const mixedContentTypes = {
-  object: 1, other: 1, script: 1, stylesheet: 1, sub_frame: 1, xmlhttprequest: 1,
-  image: 0, main_frame: 0
-};
-
-/**
- * Record a non-HTTPS URL loaded by a given hostname in the Switch Planner, for
- * use in determining which resources need to be ported to HTTPS.
- * (Reminder: Switch planner is the pro-tool enabled by switching into debug-mode)
- *
- * @param type: type of the resource (see activeTypes and passiveTypes arrays)
- * @param tab_id: The id of the tab
- * @param resource_host: The host of the original url
- * @param resource_url: the original url
- * @param rewritten_url: The url rewritten to
- * */
-function writeToSwitchPlanner(type, tab_id, resource_host, resource_url, rewritten_url) {
-  let rw = rewritten_url ? "rw" : "nrw";
-
-  let active_content = 1;
-  if (mixedContentTypes.hasOwnProperty(type)) {
-    active_content = mixedContentTypes[type];
-  } else {
-    util.log(util.WARN, "Unknown type from onBeforeRequest details: `" + type + "', assuming active");
-  }
-
-  if (!switchPlannerInfo[tab_id]) {
-    switchPlannerInfo[tab_id] = {};
-    switchPlannerInfo[tab_id]["rw"] = {};
-    switchPlannerInfo[tab_id]["nrw"] = {};
-  }
-  if (!switchPlannerInfo[tab_id][rw][resource_host])
-    switchPlannerInfo[tab_id][rw][resource_host] = {};
-  if (!switchPlannerInfo[tab_id][rw][resource_host][active_content])
-    switchPlannerInfo[tab_id][rw][resource_host][active_content] = {};
-
-  switchPlannerInfo[tab_id][rw][resource_host][active_content][resource_url] = 1;
-}
-
-/**
- * Return the number of properties in an object. For associative maps, this is
- * their size.
- * @param obj: object to calc the size for
- * */
-function objSize(obj) {
-  if (typeof obj == 'undefined') return 0;
-  var size = 0, key;
-  for (key in obj) {
-    if (obj.hasOwnProperty(key)) size++;
-  }
-  return size;
-}
-
-/**
- * Make an array of asset hosts by score so we can sort them,
- * presenting the most important ones first.
- * */
-function sortSwitchPlanner(tab_id, rewritten) {
-  var asset_host_list = [];
-  if (typeof switchPlannerInfo[tab_id] === 'undefined' ||
-      typeof switchPlannerInfo[tab_id][rewritten] === 'undefined') {
-    return [];
-  }
-  var tabInfo = switchPlannerInfo[tab_id][rewritten];
-  for (var asset_host in tabInfo) {
-    var ah = tabInfo[asset_host];
-    var activeCount = objSize(ah[1]);
-    var passiveCount = objSize(ah[0]);
-    var score = activeCount * 100 + passiveCount;
-    asset_host_list.push([score, activeCount, passiveCount, asset_host]);
-  }
-  asset_host_list.sort(function(a,b){return a[0]-b[0];});
-  return asset_host_list;
-}
-
 /**
  * monitor cookie changes. Automatically convert them to secure cookies
  * @param changeInfo Cookie changed info, see Chrome doc
@@ -455,19 +505,31 @@ function sortSwitchPlanner(tab_id, rewritten) {
 function onCookieChanged(changeInfo) {
   if (!changeInfo.removed && !changeInfo.cookie.secure && isExtensionEnabled) {
     if (all_rules.shouldSecureCookie(changeInfo.cookie)) {
-      var cookie = {name:changeInfo.cookie.name,
+      let cookie = {
+        name:changeInfo.cookie.name,
         value:changeInfo.cookie.value,
         path:changeInfo.cookie.path,
         httpOnly:changeInfo.cookie.httpOnly,
         expirationDate:changeInfo.cookie.expirationDate,
         storeId:changeInfo.cookie.storeId,
-        secure: true};
+        secure: true
+      };
 
       // Host-only cookies don't set the domain field.
       if (!changeInfo.cookie.hostOnly) {
         cookie.domain = changeInfo.cookie.domain;
       }
 
+      // Chromium cookie sameSite status, see https://tools.ietf.org/html/draft-west-first-party-cookies
+      if (changeInfo.cookie.sameSite) {
+        cookie.sameSite = changeInfo.cookie.sameSite;
+      }
+
+      // Firefox first-party isolation
+      if (changeInfo.cookie.firstPartyDomain) {
+        cookie.firstPartyDomain = changeInfo.cookie.firstPartyDomain;
+      }
+
       // The cookie API is magical -- we must recreate the URL from the domain and path.
       if (changeInfo.cookie.domain[0] == ".") {
         cookie.url = "https://www" + changeInfo.cookie.domain + cookie.path;
@@ -491,13 +553,12 @@ function onBeforeRedirect(details) {
   // Catch redirect loops (ignoring about:blank, etc. caused by other extensions)
   let prefix = details.redirectUrl.substring(0, 5);
   if (prefix === "http:" || prefix === "https") {
-    let count = redirectCounter.get(details.requestId);
+    let count = browserSession.getRequest(details.requestId, "redirect_count", 0);
     if (count) {
-      redirectCounter.set(details.requestId, count + 1);
-      util.log(util.DBUG, "Got redirect id "+details.requestId+
-                ": "+count);
+      browserSession.putRequest(details.requestId, "redirect_count", count + 1);
+      util.log(util.DBUG, "Got redirect id " + details.requestId + ": "+count);
     } else {
-      redirectCounter.set(details.requestId, 1);
+      browserSession.putRequest(details.requestId, "redirect_count", 1);
     }
   }
 }
@@ -507,9 +568,7 @@ function onBeforeRedirect(details) {
  * @param details details for the chrome.webRequest (see chrome doc)
  */
 function onCompleted(details) {
-  if (redirectCounter.has(details.requestId)) {
-    redirectCounter.delete(details.requestId);
-  }
+  browserSession.deleteRequest(details.requestId);
 }
 
 /**
@@ -517,61 +576,100 @@ function onCompleted(details) {
  * @param details details for the chrome.webRequest (see chrome doc)
  */
 function onErrorOccurred(details) {
-  if (redirectCounter.has(details.requestId)) {
-    redirectCounter.delete(details.requestId);
+  if (httpNowhereOn &&
+    details.type == "main_frame" &&
+    browserSession.getRequest(details.requestId, "simple_http_nowhere_redirect", false) &&
+    // Enumerate errors that are likely due to HTTPS misconfigurations
+    ssl_codes.error_list.some(message => details.error.includes(message))
+  ) {
+    let url = new URL(details.url);
+    if (url.protocol == "https:") {
+      url.protocol = "http:";
+    }
+    chrome.tabs.update(details.tabId, {url: newCancelUrl(url.toString())});
   }
+
+  browserSession.deleteRequest(details.requestId);
 }
 
 /**
- * handle webrequest.onHeadersReceived, insert upgrade-insecure-requests directive
+ * handle webrequest.onHeadersReceived, insert upgrade-insecure-requests directive and
+ * rewrite access-control-allow-origin if presented in HTTP Nowhere mode
  * @param details details for the chrome.webRequest (see chrome doc)
  */
 function onHeadersReceived(details) {
   if (isExtensionEnabled && httpNowhereOn) {
-    // Do not upgrade the .onion requests in HTTP Nowhere Mode,
+    // Do not upgrade the .onion requests in EASE mode,
     // See https://github.com/EFForg/https-everywhere/pull/14600#discussion_r168072480
     const uri = new URL(details.url);
-    if (uri.hostname.slice(-6) == '.onion') {
+    const hostname = util.getNormalisedHostname(uri.hostname);
+    if (hostname.slice(-6) == '.onion') {
+      return {};
+    }
+
+    // Do not upgrade resources if the first-party domain disbled EASE mode
+    // This is needed for HTTPS sites serve mixed content and is broken
+    if (isExtensionDisabledOnSite(browserSession.getTab(details.tabId, 'first_party_host', null))) {
       return {};
     }
 
+    let responseHeadersChanged = false;
+    let cspHeaderFound = false;
+
     for (const idx in details.responseHeaders) {
       if (details.responseHeaders[idx].name.match(/Content-Security-Policy/i)) {
         // Existing CSP headers found
+        cspHeaderFound = true;
         const value = details.responseHeaders[idx].value;
 
         // Prepend if no upgrade-insecure-requests directive exists
         if (!value.match(/upgrade-insecure-requests/i)) {
           details.responseHeaders[idx].value = "upgrade-insecure-requests; " + value;
-          return {responseHeaders: details.responseHeaders};
+          responseHeadersChanged = true;
         }
-        return {};
       }
+
+      if (details.responseHeaders[idx].name.match(/Access-Control-Allow-Origin/i)) {
+        // Existing access-control-allow-origin header found
+        const value = details.responseHeaders[idx].value;
+
+        // If HTTP protocol is used, change it to HTTPS
+        if (value.match(/http:/)) {
+          details.responseHeaders[idx].value = value.replace(/http:/g, "https:");
+          responseHeadersChanged = true;
+        }
+      }
+    }
+
+    if (!cspHeaderFound) {
+      // CSP headers not found
+      const upgradeInsecureRequests = {
+        name: 'Content-Security-Policy',
+        value: 'upgrade-insecure-requests'
+      };
+      details.responseHeaders.push(upgradeInsecureRequests);
+      responseHeadersChanged = true;
     }
 
-    // CSP headers not found
-    const upgradeInsecureRequests = {
-      name: 'Content-Security-Policy',
-      value: 'upgrade-insecure-requests'
+    if (responseHeadersChanged) {
+      return {responseHeaders: details.responseHeaders};
     }
-    details.responseHeaders.push(upgradeInsecureRequests);
-    return {responseHeaders: details.responseHeaders};
   }
   return {};
 }
 
 // Registers the handler for requests
 // See: https://github.com/EFForg/https-everywhere/issues/10039
-chrome.webRequest.onBeforeRequest.addListener(onBeforeRequest, {urls: ["*://*/*"]}, ["blocking"]);
+chrome.webRequest.onBeforeRequest.addListener(onBeforeRequest, {urls: ["*://*/*", "ftp://*/*"]}, ["blocking"]);
 
 // Try to catch redirect loops on URLs we've redirected to HTTPS.
 chrome.webRequest.onBeforeRedirect.addListener(onBeforeRedirect, {urls: ["https://*/*"]});
 
-// Cleanup redirectCounter if neccessary
+// Cleanup redirectCounter if necessary
 chrome.webRequest.onCompleted.addListener(onCompleted, {urls: ["*://*/*"]});
 
-// Cleanup redirectCounter if neccessary
-chrome.webRequest.onErrorOccurred.addListener(onErrorOccurred, {urls: ["*://*/*"]})
+// Cleanup redirectCounter if necessary
+chrome.webRequest.onErrorOccurred.addListener(onErrorOccurred, {urls: ["*://*/*"]});
 
 // Insert upgrade-insecure-requests directive in httpNowhere mode
 chrome.webRequest.onHeadersReceived.addListener(onHeadersReceived, {urls: ["https://*/*"]}, ["blocking", "responseHeaders"]);
@@ -579,125 +677,283 @@ chrome.webRequest.onHeadersReceived.addListener(onHeadersReceived, {urls: ["http
 // Listen for cookies set/updated and secure them if applicable. This function is async/nonblocking.
 chrome.cookies.onChanged.addListener(onCookieChanged);
 
+// This is necessary for communication with the popup in Firefox Private
+// Browsing Mode, see https://bugzilla.mozilla.org/show_bug.cgi?id=1329304
+chrome.runtime.onMessage.addListener(function(message, sender, sendResponse) {
+
+  function get_update_channels_generic(update_channels) {
+    let last_updated_promises = [];
+    for(let update_channel of update_channels) {
+      last_updated_promises.push(new Promise(resolve => {
+        store.local.get({['uc-timestamp: ' + update_channel.name]: 0}, item => {
+          resolve([update_channel.name, item['uc-timestamp: ' + update_channel.name]]);
+        });
+      }));
+    }
+    Promise.all(last_updated_promises).then(results => {
+      const last_updated = results.reduce((obj, item) => {
+        obj[item[0]] = item[1];
+        return obj;
+      }, {});
+      sendResponse({update_channels, last_updated});
+    });
+  }
 
-/**
- * disable switch Planner
- * @param tabId the Tab to disable for
- */
-function disableSwitchPlannerFor(tabId) {
-  delete switchPlannerEnabledFor[tabId];
-  // Clear stored URL info.
-  delete switchPlannerInfo[tabId];
-}
-
-/**
- * Enable switch planner for specific tab
- * @param tabId the tab to enable it for
- */
-function enableSwitchPlannerFor(tabId) {
-  switchPlannerEnabledFor[tabId] = true;
-}
+  function storeDisabledList(message) {
 
-// Listen for connection from the DevTools panel so we can set up communication.
-chrome.runtime.onConnect.addListener(function (port) {
-  if (port.name == "devtools-page") {
-    chrome.runtime.onMessage.addListener(function(message, sender, sendResponse){
-      var tabId = message.tabId;
+    const disabledListArray = Array.from(disabledList);
+    const httpOnceListArray = Array.from(httpOnceList);
 
-      var disableOnCloseCallback = function() {
-        util.log(util.DBUG, "Devtools window for tab " + tabId + " closed, clearing data.");
-        disableSwitchPlannerFor(tabId);
-      };
+    if (message === 'once') {
+      store.set({httpOnceList: httpOnceListArray}, () => {
+        sendResponse(true);
+      });
+    } else {
+      store.set({disabledList: disabledListArray}, () => {
+        sendResponse(true);
+      });
+    }
 
-      if (message.type === "enable") {
-        enableSwitchPlannerFor(tabId);
-        port.onDisconnect.addListener(disableOnCloseCallback);
-      } else if (message.type === "disable") {
-        disableSwitchPlannerFor(tabId);
-      } else if (message.type === "getHosts") {
-        sendResponse({
-          nrw: sortSwitchPlanner(tabId, "nrw"),
-          rw: sortSwitchPlanner(tabId, "rw")
-        });
-      }
-    });
+    return true;
   }
-});
 
-// This is necessary for communication with the popup in Firefox Private
-// Browsing Mode, see https://bugzilla.mozilla.org/show_bug.cgi?id=1329304
-chrome.runtime.onMessage.addListener(function(message, sender, sendResponse){
-  if (message.type == "get_option") {
-    store.get(message.object, sendResponse);
-    return true;
-  } else if (message.type == "set_option") {
-    store.set(message.object, item => {
-      if (sendResponse) {
-        sendResponse(item);
+  const responses = {
+    get_option: () => {
+      store.get(message.object, sendResponse);
+      return true;
+    },
+    set_option: () => {
+      store.set(message.object, item => {
+        if (sendResponse) {
+          sendResponse(item);
+        }
+      });
+    },
+    delete_from_ruleset_cache: () => {
+      all_rules.ruleCache.delete(message.object);
+    },
+    get_applied_rulesets: () => {
+      sendResponse(browserSession.getTabAppliedRulesets(message.object));
+      return true;
+    },
+    set_ruleset_active_status: () => {
+      let rulesets = browserSession.getTabAppliedRulesets(message.object.tab_id);
+
+      for (let ruleset of rulesets) {
+        if (ruleset.name == message.object.name) {
+          ruleset.active = message.object.active;
+          if (ruleset.default_state == message.object.active) {
+            message.object.active = undefined;
+          }
+          break;
+        }
       }
-    });
-  } else if (message.type == "delete_from_ruleset_cache") {
-    all_rules.ruleCache.delete(message.object);
-  } else if (message.type == "get_active_rulesets") {
-    sendResponse(appliedRulesets.getRulesets(message.object));
-  } else if (message.type == "set_ruleset_active_status") {
-    let rulesets = appliedRulesets.getRulesets(message.object.tab_id);
-
-    for (let ruleset of rulesets) {
-      if (ruleset.name == message.object.name) {
-        ruleset.active = message.object.active;
-        if (ruleset.default_state == message.object.active) {
-          message.object.active = undefined;
+
+      all_rules.setRuleActiveState(message.object.name, message.object.active).then(() => {
+        sendResponse(true);
+      });
+
+      return true;
+    },
+    reset_to_defaults: () => {
+      // restore the 'default states' of the rulesets
+      store.set_promise('ruleActiveStates', {}).then(() => {
+        // clear the caches such that it becomes stateless
+        destroy_caches();
+        // re-activate all rules according to the new states
+        initializeAllRules();
+        // reload tabs when operations completed
+        chrome.tabs.reload();
+      });
+    },
+    get_user_rules: () => {
+      store.get_promise(all_rules.USER_RULE_KEY, []).then(userRules => sendResponse(userRules));
+      return true;
+    },
+    add_new_rule: () => {
+      all_rules.addNewRuleAndStore(message.object).then(() => {
+        sendResponse(true);
+      });
+      return true;
+    },
+    remove_rule: () => {
+      all_rules.removeRuleAndStore(message.object.ruleset, message.object.src)
+        .then(() => {
+          /**
+           * FIXME: initializeAllRules is needed for calls from the option pages.
+           * Since message.object is not of type Ruleset, rules.removeUserRule
+           * is not usable...
+           */
+          if (message.object.src === 'options') {
+            return initializeAllRules();
+          }
+        })
+        .then(() => {
+          if (sendResponse !== null) {
+            sendResponse(true);
+          }
+        });
+      return true;
+    },
+    get_update_channel_timestamps: () => {
+      update.getUpdateChannelTimestamps().then(timestamps => sendResponse(timestamps));
+      return true;
+    },
+    get_pinned_update_channels: () => {
+      get_update_channels_generic(update_channels);
+      return true;
+    },
+    get_stored_update_channels: () => {
+      store.get({update_channels: []}, item => {
+        get_update_channels_generic(item.update_channels);
+      });
+      return true;
+    },
+    create_update_channel: () => {
+
+      store.get({update_channels: []}, item => {
+
+        const update_channel_names = update_channels.concat(item.update_channels).reduce((obj, item) => {
+          obj.add(item.name);
+          return obj;
+        }, new Set());
+
+        if(update_channel_names.has(message.object)) {
+          return sendResponse(false);
         }
-        break;
+
+        item.update_channels.push({
+          name: message.object,
+          jwk: {},
+          update_path_prefix: '',
+          scope: ''
+        });
+
+        store.set({update_channels: item.update_channels}, () => {
+          sendResponse(true);
+        });
+
+      });
+      return true;
+    },
+    delete_update_channel: () => {
+      store.get({update_channels: []}, item => {
+        store.set({update_channels: item.update_channels.filter(update_channel => {
+          return (update_channel.name != message.object);
+        })}, () => {
+          store.local.remove([
+            'uc-timestamp: ' + message.object,
+            'uc-stored-timestamp: ' + message.object,
+            'rulesets: ' + message.object,
+            'bloom: ' + message.object,
+            'bloom_bitmap_bits: ' + message.object,
+            'bloom_k_num: ' + message.object,
+            'bloom_sip_keys_0_0: ' + message.object,
+            'bloom_sip_keys_0_1: ' + message.object,
+            'bloom_sip_keys_1_0: ' + message.object,
+            'bloom_sip_keys_1_1: ' + message.object,
+          ], () => {
+            initializeAllRules();
+            sendResponse(true);
+          });
+        });
+      });
+      return true;
+    },
+    update_update_channel: () => {
+      store.get({update_channels: []}, item => {
+        let scope_changed = false;
+        item.update_channels = item.update_channels.map(update_channel => {
+          if(update_channel.name == message.object.name) {
+            if(update_channel.scope != message.object.scope) {
+              scope_changed = true;
+            }
+            update_channel = message.object;
+          }
+          return update_channel;
+        });
+
+        // Ensure that we check for new rulesets from the update channel immediately.
+        // If the scope has changed, make sure that the rulesets are re-initialized.
+        update.removeStorageListener();
+        store.set({update_channels: item.update_channels}, () => {
+          update.loadUpdateChannelsKeys().then(() => {
+            update.resetTimer();
+            if(scope_changed) {
+              initializeAllRules();
+            }
+            sendResponse(true);
+          });
+          update.addStorageListener();
+        });
+      });
+      return true;
+    },
+    get_simple_rules_ending_with: () => {
+      return sendResponse(all_rules.getSimpleRulesEndingWith(message.object));
+    },
+    get_last_checked: () => {
+      store.local.get({'last-checked': false}, item => {
+        sendResponse(item['last-checked']);
+      });
+      return true;
+    },
+    disable_on_site_once: () => {
+      httpOnceList.add(message.object);
+      return storeDisabledList('once');
+    },
+    disable_on_site: () => {
+      const host = util.getNormalisedHostname(message.object);
+      // always validate hostname before adding it to the disabled list
+      if (util.isValidHostname(host)) {
+        disabledList.add(host);
+        return storeDisabledList('disable');
+      }
+      return sendResponse(false);
+    },
+    enable_on_site: () => {
+      disabledList.delete(util.getNormalisedHostname(message.object));
+      return storeDisabledList('enable');
+    },
+    check_if_site_disabled: () => {
+      return sendResponse(isExtensionDisabledOnSite(util.getNormalisedHostname(message.object)));
+    },
+    is_firefox: () => {
+      if(typeof(browser) != "undefined") {
+        browser.runtime.getBrowserInfo().then(function(info) {
+          if (info.name == "Firefox") {
+            sendResponse(true);
+          } else {
+            sendResponse(false);
+          }
+        });
+      } else {
+        sendResponse(false);
       }
+      return true;
     }
-
-    all_rules.setRuleActiveState(message.object.name, message.object.active).then(() => {
-      sendResponse(true);
-    });
-    return true;
-  } else if (message.type == "add_new_rule") {
-    all_rules.addNewRuleAndStore(message.object).then(() => {
-      sendResponse(true);
-    });
-    return true;
-  } else if (message.type == "remove_rule") {
-    all_rules.removeRuleAndStore(message.object);
-  } else if (message.type == "import_settings") {
-    // This is used when importing settings from the options ui
-    import_settings(message.object).then(() => {
-      sendResponse(true);
-    });
+  };
+  if (message.type in responses) {
+    return responses[message.type]();
   }
 });
 
 /**
- * Import extension settings (custom rulesets, ruleset toggles, globals) from an object
- * @param settings the settings object
+ * @description Notify users about extension sunsetting in January 2023 and instructions turn on HTTPS natively
+ * @link https://www.eff.org/deeplinks/2021/09/https-actually-everywhere
  */
-async function import_settings(settings) {
-  if (settings && settings.changed) {
-    let ruleActiveStates = {};
-    // Load all the ruleset toggles into memory and store
-    for (const ruleset_name in settings.rule_toggle) {
-      ruleActiveStates[ruleset_name] = (settings.rule_toggle[ruleset_name] == "true");
-    }
-
-    // Save settings
-    await new Promise(resolve => {
-      store.set({
-        legacy_custom_rulesets: settings.custom_rulesets,
-        httpNowhere: settings.prefs.http_nowhere_enabled,
-        showCounter: settings.prefs.show_counter,
-        globalEnabled: settings.prefs.global_enabled,
-        ruleActiveStates
-      }, resolve);
-    });
-
-    initializeAllRules();
+chrome.runtime.onInstalled.addListener(async ({reason, temporary}) => {
+  if (temporary) return;
+  switch (reason) {
+  case "install":
+  case "update":
+    {
+      const url = "https://www.eff.org/https-everywhere/set-https-default-your-browser";
+      await chrome.tabs.create({ active : false, url: url });
+    }
+    break;
   }
-}
+});
 
 /**
  * Clear any cache/ blacklist we have.
@@ -708,13 +964,13 @@ function destroy_caches() {
   all_rules.ruleCache.clear();
   rules.settings.domainBlacklist.clear();
   urlBlacklist.clear();
+  httpOnceList.clear();
 }
 
 Object.assign(exports, {
   all_rules,
-  urlBlacklist,
-  sortSwitchPlanner,
-  switchPlannerInfo
+  blooms,
+  urlBlacklist
 });
 
 })(typeof exports == 'undefined' ? require.scopes.background = {} : exports);
diff --git a/chromium/background-scripts/incognito.js b/chromium/background-scripts/incognito.js
index ca521771a524..7d4bc815c729 100644
--- a/chromium/background-scripts/incognito.js
+++ b/chromium/background-scripts/incognito.js
@@ -43,7 +43,7 @@ Incognito.prototype = {
       }
     }
   },
-}
+};
 
 /**
  * Check if any incognito window still exists
diff --git a/chromium/background-scripts/ip_utils.js b/chromium/background-scripts/ip_utils.js
new file mode 100644
index 000000000000..90e0b1a44530
--- /dev/null
+++ b/chromium/background-scripts/ip_utils.js
@@ -0,0 +1,71 @@
+'use strict';
+
+(function (exports) {
+
+/**
+ * Parse and convert literal IP address into numerical IP address.
+ * @param {string} ip
+ * @returns {number}
+ */
+const parseIp = ip => {
+  if (!/^[0-9.]+$/.test(ip)) {
+    return -1;
+  }
+
+  /** @type {string[]} */
+  const octets = ip.split('.');
+
+  if (octets.length !== 4) {
+    return -1;
+  }
+
+  let ipN = 0;
+
+  for (const octet of octets) {
+    if (octet === '') {
+      return -1;
+    }
+
+    const octetN = parseInt(octet);
+
+    if (octetN < 0 || octetN > 255) {
+      return -1;
+    }
+
+    ipN = (ipN << 8) | octetN;
+  }
+
+  return ipN >>> 0;
+};
+
+/**
+ * Check if the numeric IP address is within a certain range.
+ * @param {number} ip
+ * @param {number[]} range
+ * @returns {boolean}
+ */
+const isIpInRange = (ip, [rangeIp, mask]) => (ip & mask) >>> 0 === rangeIp;
+
+// A list of local IP address ranges
+const localRanges = [
+  [/* 0.0.0.0         */ 0x00000000, /* 255.255.255.255 */ 0xffffffff],
+  [/* 127.0.0.0       */ 0x7f000000, /* 255.0.0.0       */ 0xff000000],
+  [/* 10.0.0.0        */ 0x0a000000, /* 255.0.0.0       */ 0xff000000],
+  [/* 172.16.0.0      */ 0xac100000, /* 255.240.0.0     */ 0xfff00000],
+  [/* 192.168.0.0     */ 0xc0a80000, /* 255.255.0.0     */ 0xffff0000],
+];
+
+/**
+ * Check if the numeric IP address is inside the local IP address ranges.
+ * @param {number} ip
+ * @returns {boolean}
+ */
+const isLocalIp = ip => localRanges.some(range => isIpInRange(ip, range));
+
+Object.assign(exports, {
+  parseIp,
+  isIpInRange,
+  isLocalIp
+});
+
+})(typeof exports !== 'undefined' ? exports : require.scopes.ip_utils = {});
diff --git a/chromium/background-scripts/modules/ssl_codes.js b/chromium/background-scripts/modules/ssl_codes.js
new file mode 100644
index 000000000000..ed955ec8355a
--- /dev/null
+++ b/chromium/background-scripts/modules/ssl_codes.js
@@ -0,0 +1,48 @@
+"use strict";
+
+/**
+ * @exports error_list
+ * @type {array}
+ * @description A list of known SSL config errors to filter through and not try to upgrade the user
+ * @see
+ * Chrome SSL errors: https://github.com/chromium/chromium/blob/master/components/domain_reliability/util.cc
+ * Firefox SSL Errors: https://hg.mozilla.org/releases/mozilla-release/file/tip/security/manager/locales/en-US/chrome/pipnss/nsserrors.properties
+ */
+
+(function (exports) {
+
+const error_list = [
+  "net::ERR_SSL_PROTOCOL_ERROR",
+  "net::ERR_SSL_VERSION_OR_CIPHER_MISMATCH",
+  "net::ERR_SSL_UNRECOGNIZED_NAME_ALERT",
+  "net::ERR_SSL_PINNED_KEY_NOT_IN_CERT_CHAIN",
+  "net::ERR_CERT_COMMON_NAME_INVALID",
+  "net::ERR_CERT_DATE_INVALID",
+  "net::ERR_CERT_AUTHORITY_INVALID",
+  "net::ERR_CERT_REVOKED",
+  "net::ERR_CERT_INVALID",
+  "net::ERR_CONNECTION_CLOSED",
+  "net::ERR_CONNECTION_RESET",
+  "net::ERR_CONNECTION_REFUSED",
+  "net::ERR_CONNECTION_ABORTED",
+  "net::ERR_CONNECTION_FAILED",
+  "net::ERR_ABORTED", ,
+  "NS_ERROR_CONNECTION_REFUSED",
+  "NS_ERROR_NET_ON_TLS_HANDSHAKE_ENDED",
+  "NS_BINDING_ABORTED",
+  "SSL received a record that exceeded the maximum permissible length.",
+  "Peer’s Certificate has expired.",
+  "Unable to communicate securely with peer: requested domain name does not match the server’s certificate.",
+  "Peer’s Certificate issuer is not recognized.",
+  "Peer’s Certificate has been revoked.",
+  "Peer reports it experienced an internal error.",
+  "The server uses key pinning (HPKP) but no trusted certificate chain could be constructed that matches the pinset. Key pinning violations cannot be overridden.",
+  "SSL received a weak ephemeral Diffie-Hellman key in Server Key Exchange handshake message.",
+  "The certificate was signed using a signature algorithm that is disabled because it is not secure.",
+  "Cannot communicate securely with peer: no common encryption algorithm(s).",
+  "SSL peer has no certificate for the requested DNS name."
+];
+
+Object.assign(exports, { error_list });
+
+})(typeof exports !== 'undefined' ? exports : require.scopes.ssl_codes = {});
\ No newline at end of file
diff --git a/chromium/background-scripts/rules.js b/chromium/background-scripts/rules.js
index 06030d38de2d..7f0a5b550637 100644
--- a/chromium/background-scripts/rules.js
+++ b/chromium/background-scripts/rules.js
@@ -2,7 +2,8 @@
 
 (function(exports) {
 
-const util = require('./util');
+const util = require('./util'),
+  wasm = require('./wasm');
 
 let settings = {
   enableMixedRulesets: false,
@@ -10,50 +11,50 @@ let settings = {
 };
 
 // To reduce memory usage for the numerous rules/cookies with trivial rules
-const trivial_rule_from_c = /^http:/;
-const trivial_rule_to = 'https:';
 const trivial_cookie_rule_c = /.+/;
 
-// Empty iterable singleton to reduce memory usage
-const nullIterable = Object.create(null, {
-  [Symbol.iterator]: {
-    value: function* () {
-      // do nothing
-    }
-  },
+/* A map of all scope RegExp objects */
+const scopes = new Map();
 
-  size: {
-    value: 0
-  },
-});
+/**
+ * Returns the scope object from the map for the given scope string.
+ * @param {string} scope ruleset scope string
+ * @returns {RegExp}
+ */
+function getScope(scope) {
+  if (!scopes.has(scope)) {
+    scopes.set(scope, new RegExp(scope));
+  }
+  return scopes.get(scope);
+}
 
 /**
- * A single rule
+ * Constructs a single rule
  * @param from
  * @param to
  * @constructor
  */
 function Rule(from, to) {
+  this.from_c = new RegExp(from);
+  this.to = to;
+}
+
+// To reduce memory usage for the numerous rules/cookies with trivial rules
+const trivial_rule = new Rule("^http:", "https:");
+
+/**
+ * Returns a common trivial rule or constructs a new one.
+ */
+function getRule(from, to) {
   if (from === "^http:" && to === "https:") {
     // This is a trivial rule, rewriting http->https with no complex RegExp.
-    this.to = trivial_rule_to;
-    this.from_c = trivial_rule_from_c;
+    return trivial_rule;
   } else {
     // This is a non-trivial rule.
-    this.to = to;
-    this.from_c = new RegExp(from);
+    return new Rule(from, to);
   }
 }
 
-/**
- * Regex-Compile a pattern
- * @param pattern The pattern to compile
- * @constructor
- */
-function Exclusion(pattern) {
-  this.pattern_c = new RegExp(pattern);
-}
-
 /**
  * Generates a CookieRule
  * @param host The host regex to compile
@@ -78,18 +79,20 @@ function CookieRule(host, cookiename) {
 
 /**
  *A collection of rules
- * @param set_name The name of this set
- * @param default_state activity state
- * @param note Note will be displayed in popup
+ * @param {string} set_name The name of this set
+ * @param {boolean} default_state activity state
+ * @param {string} scope ruleset scope string
+ * @param {string} note Note will be displayed in popup
  * @constructor
  */
-function RuleSet(set_name, default_state, note) {
+function RuleSet(set_name, default_state, scope, note) {
   this.name = set_name;
   this.rules = [];
   this.exclusions = null;
   this.cookierules = null;
   this.active = default_state;
   this.default_state = default_state;
+  this.scope = getScope(scope);
   this.note = note;
 }
 
@@ -102,13 +105,9 @@ RuleSet.prototype = {
   apply: function(urispec) {
     var returl = null;
     // If we're covered by an exclusion, go home
-    if (this.exclusions !== null) {
-      for (let exclusion of this.exclusions) {
-        if (exclusion.pattern_c.test(urispec)) {
-          util.log(util.DBUG, "excluded uri " + urispec);
-          return null;
-        }
-      }
+    if (this.exclusions !== null && this.exclusions.test(urispec)) {
+      util.log(util.DBUG, "excluded uri " + urispec);
+      return null;
     }
 
     // Okay, now find the first rule that triggers
@@ -130,21 +129,21 @@ RuleSet.prototype = {
   isEquivalentTo: function(ruleset) {
     if(this.name != ruleset.name ||
        this.note != ruleset.note ||
-       this.state != ruleset.state ||
+       this.active != ruleset.active ||
        this.default_state != ruleset.default_state) {
       return false;
     }
 
     try {
-      var this_exclusions_length = this.exclusions.length;
+      var this_exclusions_source = this.exclusions.source;
     } catch(e) {
-      var this_exclusions_length = 0;
+      var this_exclusions_source = null;
     }
 
     try {
-      var ruleset_exclusions_length = ruleset.exclusions.length;
+      var ruleset_exclusions_source = ruleset.exclusions.source;
     } catch(e) {
-      var ruleset_exclusions_length = 0;
+      var ruleset_exclusions_source = null;
     }
 
     try {
@@ -159,24 +158,22 @@ RuleSet.prototype = {
       var ruleset_rules_length = 0;
     }
 
-    if(this_exclusions_length != ruleset_exclusions_length ||
-       this_rules_length != ruleset_rules_length) {
+    if(this_rules_length != ruleset_rules_length) {
       return false;
     }
-    if(this_exclusions_length > 0) {
-      for(let x = 0; x < this.exclusions.length; x++){
-        if(this.exclusions[x].pattern_c != ruleset.exclusions[x].pattern_c) {
-          return false;
-        }
-      }
+
+    if (this_exclusions_source != ruleset_exclusions_source) {
+      return false;
     }
+
     if(this_rules_length > 0) {
-      for(let x = 0; x < this.rules.length; x++){
+      for(let x = 0; x < this.rules.length; x++) {
         if(this.rules[x].to != ruleset.rules[x].to) {
           return false;
         }
       }
     }
+
     return true;
   }
 
@@ -184,7 +181,6 @@ RuleSet.prototype = {
 
 /**
  * Initialize Rule Sets
- * @param ruleActiveStates default state for rules
  * @constructor
  */
 function RuleSets() {
@@ -197,7 +193,10 @@ function RuleSets() {
   // A cache for cookie hostnames.
   this.cookieHostCache = new Map();
 
-  // A hash of rule name -> active status (true/false).
+  /**
+   * A hash of rule name -> active status (true/false).
+   * @type {Object<string, boolean>}
+   */
   this.ruleActiveStates = {};
 
   // The key to retrieve user rules from the storage api
@@ -213,50 +212,77 @@ RuleSets.prototype = {
    * Load packaged rulesets, and rulesets in browser storage
    * @param store object from store.js
    */
-  loadFromBrowserStorage: async function(store) {
+  loadFromBrowserStorage: async function(store, applyStoredFunc) {
     this.store = store;
     this.ruleActiveStates = await this.store.get_promise('ruleActiveStates', {});
-    this.addFromJson(util.loadExtensionFile('rules/default.rulesets', 'json'));
-    this.loadStoredUserRules();
+    try {
+      this.wasm_rs = wasm.RuleSets.new();
+    } catch(e) {
+      util.log(util.WARN, 'Falling back to pure JS implementation: ' + e);
+    }
+    await applyStoredFunc(this);
+    await this.loadStoredUserRules();
     await this.addStoredCustomRulesets();
   },
 
   /**
-   * Iterate through data XML and load rulesets
+   * Convert XML to JS and load rulesets
+   * @param {Document} ruleXml
+   * @param {string} scope
    */
-  addFromXml: function(ruleXml) {
-    var sets = ruleXml.getElementsByTagName("ruleset");
-    for (let s of sets) {
-      try {
-        this.parseOneXmlRuleset(s);
-      } catch (e) {
-        util.log(util.WARN, 'Error processing ruleset:' + e);
-      }
+  addFromXml: function(ruleXml, scope) {
+    const rulesets_xml = ruleXml.getElementsByTagName("ruleset");
+
+    let rulesets = [];
+    for (let ruleset_xml of rulesets_xml) {
+      rulesets.push(this.convertOneXmlToJs(ruleset_xml));
     }
+
+    this.addFromJson(rulesets, scope);
   },
 
-  addFromJson: function(ruleJson) {
-    for (let ruleset of ruleJson) {
-      try {
-        this.parseOneJsonRuleset(ruleset);
-      } catch(e) {
-        util.log(util.WARN, 'Error processing ruleset:' + e);
+  /**
+   * @param {*} ruleJson
+   * @param {string} scope
+   */
+  addFromJson: function(ruleJson, scope) {
+    if (this.wasm_rs) {
+      this.wasm_rs.add_all_from_js_array(
+        ruleJson,
+        settings.enableMixedRulesets,
+        this.ruleActiveStates,
+        scope);
+    } else {
+      for (let ruleset of ruleJson) {
+        try {
+          this.parseOneJsonRuleset(ruleset, scope);
+        } catch(e) {
+          util.log(util.WARN, 'Error processing ruleset:' + e);
+        }
       }
     }
   },
 
-  parseOneJsonRuleset: function(ruletag) {
+  /**
+   * Parse one JSON format ruleset element
+   * @param {*} ruletag
+   * @param {string} scope
+   */
+  parseOneJsonRuleset: function(ruletag, scope) {
     var default_state = true;
     var note = "";
     var default_off = ruletag["default_off"];
     if (default_off) {
       default_state = false;
+      if (default_off === "user rule") {
+        default_state = true;
+      }
       note += default_off + "\n";
     }
 
     // If a ruleset declares a platform, and we don't match it, treat it as
     // off-by-default. In practice, this excludes "mixedcontent" rules.
-    var platform = ruletag["platform"]
+    var platform = ruletag["platform"];
     if (platform) {
       default_state = false;
       if (platform == "mixedcontent" && settings.enableMixedRulesets) {
@@ -265,7 +291,7 @@ RuleSets.prototype = {
       note += "Platform(s): " + platform + "\n";
     }
 
-    var rule_set = new RuleSet(ruletag["name"], default_state, note.trim());
+    var rule_set = new RuleSet(ruletag["name"], default_state, scope, note.trim());
 
     // Read user prefs
     if (rule_set.name in this.ruleActiveStates) {
@@ -275,20 +301,13 @@ RuleSets.prototype = {
     var rules = ruletag["rule"];
     for (let rule of rules) {
       if (rule["from"] != null && rule["to"] != null) {
-        rule_set.rules.push(new Rule(rule["from"], rule["to"]));
+        rule_set.rules.push(getRule(rule["from"], rule["to"]));
       }
     }
 
     var exclusions = ruletag["exclusion"];
     if (exclusions != null) {
-      for (let exclusion of exclusions) {
-        if (exclusion != null) {
-          if (!rule_set.exclusions) {
-            rule_set.exclusions = [];
-          }
-          rule_set.exclusions.push(new Exclusion(exclusion));
-        }
-      }
+      rule_set.exclusions = new RegExp(exclusions.join("|"));
     }
 
     var cookierules = ruletag["securecookie"];
@@ -317,22 +336,27 @@ RuleSets.prototype = {
   /**
    * Load a user rule
    * @param params
+   * @param {string} scope
    * @returns {boolean}
    */
-  addUserRule : function(params) {
+  addUserRule : function(params, scope) {
     util.log(util.INFO, 'adding new user rule for ' + JSON.stringify(params));
-    var new_rule_set = new RuleSet(params.host, true, "user rule");
-    var new_rule = new Rule(params.urlMatcher, params.redirectTo);
-    new_rule_set.rules.push(new_rule);
-    if (!this.targets.has(params.host)) {
-      this.targets.set(params.host, []);
+    if (this.wasm_rs) {
+      this.wasm_rs.add_all_from_js_array(
+        [params],
+        settings.enableMixedRulesets,
+        this.ruleActiveStates,
+        scope);
+    } else {
+      this.parseOneJsonRuleset(params, scope);
     }
-    this.ruleCache.delete(params.host);
-    // TODO: maybe promote this rule?
-    this.targets.get(params.host).push(new_rule_set);
-    if (new_rule_set.name in this.ruleActiveStates) {
-      new_rule_set.active = this.ruleActiveStates[new_rule_set.name];
+
+    // clear cache so new rule take effect immediately
+    for (const target of params.target) {
+      this.ruleCache.delete(target);
     }
+
+    // TODO: maybe promote this rule?
     util.log(util.INFO, 'done adding rule');
     return true;
   },
@@ -342,20 +366,38 @@ RuleSets.prototype = {
    * @param params
    * @returns {boolean}
    */
-  removeUserRule: function(ruleset) {
+  removeUserRule: function(ruleset, src) {
+    /**
+     * FIXME: We have to use ruleset.name here because the ruleset itself
+     * carries no information on the target it is applying on. This also
+     * made it impossible for users to set custom ruleset name.
+     */
     util.log(util.INFO, 'removing user rule for ' + JSON.stringify(ruleset));
+
+    // Remove any cache from runtime
     this.ruleCache.delete(ruleset.name);
 
+    if (src === 'popup') {
 
-    var tmp = this.targets.get(ruleset.name).filter(r =>
-      !(r.isEquivalentTo(ruleset))
-    );
-    this.targets.set(ruleset.name, tmp);
+      if (this.wasm_rs) {
+        this.wasm_rs.remove_ruleset(ruleset);
+      } else {
+        const tmp = this.targets.get(ruleset.name).filter(r => !r.isEquivalentTo(ruleset));
+        this.targets.set(ruleset.name, tmp);
 
-    if (this.targets.get(ruleset.name).length == 0) {
-      this.targets.delete(ruleset.name);
+        if (this.targets.get(ruleset.name).length == 0) {
+          this.targets.delete(ruleset.name);
+        }
+      }
     }
 
+    if (src === 'options') {
+      /**
+       * FIXME: There is nothing we can do if the call comes from the
+       * option page because isEquivalentTo cannot work reliably.
+       * Leave the heavy duties to background.js to call initializeAllRules
+       */
+    }
     util.log(util.INFO, 'done removing rule');
     return true;
   },
@@ -370,12 +412,12 @@ RuleSets.prototype = {
   /**
   * Load all stored user rules into this RuleSet object
   */
-  loadStoredUserRules: async function() {
-    const user_rules = await this.getStoredUserRules();
-    for (let user_rule of user_rules) {
-      this.addUserRule(user_rule);
-    }
-    util.log(util.INFO, 'loaded ' + user_rules.length + ' stored user rules');
+  loadStoredUserRules: function() {
+    return this.getStoredUserRules()
+      .then(userRules => {
+        this.addFromJson(userRules, '');
+        util.log(util.INFO, `loaded ${userRules.length} stored user rules`);
+      });
   },
 
   /**
@@ -384,7 +426,7 @@ RuleSets.prototype = {
   * @param cb: Callback to call after success/fail
   * */
   addNewRuleAndStore: async function(params) {
-    if (this.addUserRule(params)) {
+    if (this.addUserRule(params, '')) {
       // If we successfully added the user rule, save it in the storage
       // api so it's automatically applied when the extension is
       // reloaded.
@@ -401,19 +443,26 @@ RuleSets.prototype = {
   * Removes a user rule
   * @param ruleset: the ruleset to remove
   * */
-  removeRuleAndStore: async function(ruleset) {
-    if (this.removeUserRule(ruleset)) {
-      // If we successfully removed the user rule, remove it in local storage too
+  removeRuleAndStore: async function(ruleset, src) {
+    if (this.removeUserRule(ruleset, src)) {
       let userRules = await this.getStoredUserRules();
-      userRules = userRules.filter(r =>
-        !(r.host == ruleset.name &&
-          r.redirectTo == ruleset.rules[0].to)
-      );
+
+      if (src === 'popup') {
+        userRules = userRules.filter(r =>
+          !(r.name === ruleset.name && r.rule[0].to === ruleset.rules[0].to)
+        );
+      }
+
+      if (src === 'options') {
+        userRules = userRules.filter(r =>
+          !(r.name === ruleset.name && r.rule[0].to === ruleset.rule[0].to)
+        );
+      }
       await this.store.set_promise(this.USER_RULE_KEY, userRules);
     }
   },
 
-  addStoredCustomRulesets: function(){
+  addStoredCustomRulesets: function() {
     return new Promise(resolve => {
       this.store.get({
         legacy_custom_rulesets: [],
@@ -427,17 +476,17 @@ RuleSets.prototype = {
   },
 
   // Load in the legacy custom rulesets, if any
-  loadCustomRulesets: function(legacy_custom_rulesets){
-    for(let legacy_custom_ruleset of legacy_custom_rulesets){
+  loadCustomRulesets: function(legacy_custom_rulesets) {
+    for(let legacy_custom_ruleset of legacy_custom_rulesets) {
       this.loadCustomRuleset(legacy_custom_ruleset);
     }
   },
 
-  loadCustomRuleset: function(ruleset_string){
-    this.addFromXml((new DOMParser()).parseFromString(ruleset_string, 'text/xml'));
+  loadCustomRuleset: function(ruleset_string) {
+    this.addFromXml((new DOMParser()).parseFromString(ruleset_string, 'text/xml'), '');
   },
 
-  setRuleActiveState: async function(ruleset_name, active){
+  setRuleActiveState: async function(ruleset_name, active) {
     if (active == undefined) {
       delete this.ruleActiveStates[ruleset_name];
     } else {
@@ -447,70 +496,70 @@ RuleSets.prototype = {
   },
 
   /**
-   * Does the loading of a ruleset.
+   * Converts an XML ruleset to a JS ruleset for parsing
    * @param ruletag The whole <ruleset> tag to parse
    */
-  parseOneXmlRuleset: function(ruletag) {
-    var default_state = true;
-    var note = "";
-    var default_off = ruletag.getAttribute("default_off");
-    if (default_off) {
-      default_state = false;
-      note += default_off + "\n";
-    }
+  convertOneXmlToJs: function(ruletag) {
+    try {
+      let ruleset = {};
 
-    // If a ruleset declares a platform, and we don't match it, treat it as
-    // off-by-default. In practice, this excludes "mixedcontent" rules.
-    var platform = ruletag.getAttribute("platform");
-    if (platform) {
-      default_state = false;
-      if (platform == "mixedcontent" && settings.enableMixedRulesets) {
-        default_state = true;
+      let default_off = ruletag.getAttribute("default_off");
+      if (default_off) {
+        ruleset["default_off"] = default_off;
       }
-      note += "Platform(s): " + platform + "\n";
-    }
 
-    var rule_set = new RuleSet(ruletag.getAttribute("name"),
-      default_state,
-      note.trim());
+      let platform = ruletag.getAttribute("platform");
+      if (platform) {
+        ruleset["platform"] = platform;
+      }
 
-    // Read user prefs
-    if (rule_set.name in this.ruleActiveStates) {
-      rule_set.active = (this.ruleActiveStates[rule_set.name] == "true");
-    }
+      let name = ruletag.getAttribute("name");
+      if (name) {
+        ruleset["name"] = name;
+      }
 
-    var rules = ruletag.getElementsByTagName("rule");
-    for (let rule of rules) {
-      rule_set.rules.push(new Rule(rule.getAttribute("from"),
-        rule.getAttribute("to")));
-    }
+      let rules = [];
+      for (let rule of ruletag.getElementsByTagName("rule")) {
+        rules.push({
+          from: rule.getAttribute("from"),
+          to: rule.getAttribute("to")
+        });
+      }
+      if (rules.length > 0) {
+        ruleset["rule"] = rules;
+      }
 
-    var exclusions = ruletag.getElementsByTagName("exclusion");
-    if (exclusions.length > 0) {
-      rule_set.exclusions = [];
-      for (let exclusion of exclusions) {
-        rule_set.exclusions.push(
-          new Exclusion(exclusion.getAttribute("pattern")));
+      let exclusions = [];
+      for (let exclusion of ruletag.getElementsByTagName("exclusion")) {
+        exclusions.push(exclusion.getAttribute("pattern"));
+      }
+      if (exclusions.length > 0) {
+        ruleset["exclusion"] = exclusions;
       }
-    }
 
-    var cookierules = ruletag.getElementsByTagName("securecookie");
-    if (cookierules.length > 0) {
-      rule_set.cookierules = [];
-      for (let cookierule of cookierules) {
-        rule_set.cookierules.push(
-          new CookieRule(cookierule.getAttribute("host"),
-            cookierule.getAttribute("name")));
+      let cookierules = [];
+      for (let cookierule of ruletag.getElementsByTagName("securecookie")) {
+        cookierules.push({
+          host: cookierule.getAttribute("host"),
+          name: cookierule.getAttribute("name")
+        });
+      }
+      if (cookierules.length > 0) {
+        ruleset["securecookie"] = cookierules;
       }
-    }
 
-    var targets = ruletag.getElementsByTagName("target");
-    for (let target of targets) {
-      var host = target.getAttribute("host");
-      if (!this.targets.has(host)) {
-        this.targets.set(host, []);
+      let targets = [];
+      for (let target of ruletag.getElementsByTagName("target")) {
+        targets.push(target.getAttribute("host"));
       }
-      this.targets.get(host).push(rule_set);
+      if (targets.length > 0) {
+        ruleset["target"] = targets;
+      }
+
+      return ruleset;
+    } catch (e) {
+      util.log(util.WARN, 'Error converting ruleset to JS:' + e);
+      return {};
     }
   },
 
@@ -529,50 +578,59 @@ RuleSets.prototype = {
       util.log(util.DBUG, "Ruleset cache miss for " + host);
     }
 
-    // Let's begin search
-    // Copy the host targsts so we don't modify them.
-    let results = (this.targets.has(host) ?
-      new Set([...this.targets.get(host)]) :
-      new Set());
+    let results;
+    if (this.wasm_rs) {
+      let pa = this.wasm_rs.potentially_applicable(host);
+      results = new Set([...pa].map(ruleset => {
+        let rs = new RuleSet(ruleset.name, ruleset.default_state, ruleset.scope, ruleset.note);
 
-    // Ensure host is well-formed (RFC 1035)
-    if (host.length <= 0 || host.length > 255 || host.indexOf("..") != -1) {
-      util.log(util.WARN, "Malformed host passed to potentiallyApplicableRulesets: " + host);
-      return nullIterable;
-    }
-
-    // Replace each portion of the domain with a * in turn
-    let segmented = host.split(".");
-    for (let i = 0; i < segmented.length; i++) {
-      let tmp = segmented[i];
-      segmented[i] = "*";
+        if (ruleset.cookierules) {
+          let cookierules = ruleset.cookierules.map(cookierule => {
+            return new CookieRule(cookierule.host, cookierule.name);
+          });
+          rs.cookierules = cookierules;
+        } else {
+          rs.cookierules = null;
+        }
 
-      results = (this.targets.has(segmented.join(".")) ?
-        new Set([...results, ...this.targets.get(segmented.join("."))]) :
-        results);
+        let rules = ruleset.rules.map(rule => {
+          return getRule(rule.from, rule.to);
+        });
+        rs.rules = rules;
 
-      segmented[i] = tmp;
-    }
+        if (ruleset.exclusions) {
+          rs.exclusions = new RegExp(ruleset.exclusions);
+        } else {
+          rs.exclusions = null;
+        }
 
-    // now eat away from the left, with *, so that for x.y.z.google.com we
-    // check *.z.google.com and *.google.com (we did *.y.z.google.com above)
-    for (let i = 2; i <= segmented.length - 2; i++) {
-      let t = "*." + segmented.slice(i, segmented.length).join(".");
+        rs.active = ruleset.active;
 
-      results = (this.targets.has(t) ?
-        new Set([...results, ...this.targets.get(t)]) :
-        results);
-    }
+        return rs;
+      }));
+    } else {
+      // Let's begin search
+      results = (this.targets.has(host) ?
+        new Set([...this.targets.get(host)]) :
+        new Set());
+
+      let expressions = util.getWildcardExpressions(host);
+      for (const expression of expressions) {
+        results = (this.targets.has(expression) ?
+          new Set([...results, ...this.targets.get(expression)]) :
+          results);
+      }
 
-    // Clean the results list, which may contain duplicates or undefined entries
-    results.delete(undefined);
+      // Clean the results list, which may contain duplicates or undefined entries
+      results.delete(undefined);
 
-    util.log(util.DBUG,"Applicable rules for " + host + ":");
-    if (results.size == 0) {
-      util.log(util.DBUG, "  None");
-      results = nullIterable;
-    } else {
-      results.forEach(result => util.log(util.DBUG, "  " + result.name));
+      util.log(util.DBUG,"Applicable rules for " + host + ":");
+      if (results.size == 0) {
+        util.log(util.DBUG, "  None");
+        results = util.nullIterable;
+      } else {
+        results.forEach(result => util.log(util.DBUG, "  " + result.name));
+      }
     }
 
     // Insert results into the ruleset cache
@@ -590,39 +648,15 @@ RuleSets.prototype = {
   /**
    * Check to see if the Cookie object c meets any of our cookierule criteria for being marked as secure.
    * @param cookie The cookie to test
-   * @returns {*} ruleset or null
+   * @returns {*} true or false
    */
   shouldSecureCookie: function(cookie) {
-    var hostname = cookie.domain;
+    let hostname = cookie.domain;
     // cookie domain scopes can start with .
     while (hostname.charAt(0) == ".") {
       hostname = hostname.slice(1);
     }
 
-    if (!this.safeToSecureCookie(hostname)) {
-      return null;
-    }
-
-    var potentiallyApplicable = this.potentiallyApplicableRulesets(hostname);
-    for (let ruleset of potentiallyApplicable) {
-      if (ruleset.cookierules !== null && ruleset.active) {
-        for (let cookierules of ruleset.cookierules) {
-          var cr = cookierules;
-          if (cr.host_c.test(cookie.domain) && cr.name_c.test(cookie.name)) {
-            return ruleset;
-          }
-        }
-      }
-    }
-    return null;
-  },
-
-  /**
-   * Check if it is secure to secure the cookie (=patch the secure flag in).
-   * @param domain The domain of the cookie
-   * @returns {*} true or false
-   */
-  safeToSecureCookie: function(domain) {
     // Check if the domain might be being served over HTTP.  If so, it isn't
     // safe to secure a cookie!  We can't always know this for sure because
     // observing cookie-changed doesn't give us enough context to know the
@@ -635,20 +669,57 @@ RuleSets.prototype = {
     // observed and the domain blacklisted, a cookie might already have been
     // flagged as secure.
 
-    if (settings.domainBlacklist.has(domain)) {
-      util.log(util.INFO, "cookies for " + domain + "blacklisted");
+    if (settings.domainBlacklist.has(hostname)) {
+      util.log(util.INFO, "cookies for " + hostname + "blacklisted");
       return false;
     }
-    var cached_item = this.cookieHostCache.get(domain);
-    if (cached_item !== undefined) {
-      util.log(util.DBUG, "Cookie host cache hit for " + domain);
-      return cached_item;
+
+    // Second, we need a cookie pass two tests before patching it
+    //   (1) it is safe to secure the cookie, as per safeToSecureCookie()
+    //   (2) it matches with the CookieRule
+    //
+    // We kept a cache of the results for (1), if we have a cached result which
+    //   (a) is false, we should not secure the cookie for sure
+    //   (b) is true, we need to perform test (2)
+    //
+    // Otherwise,
+    //   (c) We need to perform (1) and (2) in place
+
+    let safe = false;
+    if (this.cookieHostCache.has(hostname)) {
+      util.log(util.DBUG, "Cookie host cache hit for " + hostname);
+      safe = this.cookieHostCache.get(hostname); // true only if it is case (b)
+      if (!safe) {
+        return false; // (a)
+      }
+    } else {
+      util.log(util.DBUG, "Cookie host cache miss for " + hostname);
     }
-    util.log(util.DBUG, "Cookie host cache miss for " + domain);
 
-    // If we passed that test, make up a random URL on the domain, and see if
-    // we would HTTPSify that.
+    const potentiallyApplicable = this.potentiallyApplicableRulesets(hostname);
+    for (const ruleset of potentiallyApplicable) {
+      if (ruleset.cookierules !== null && ruleset.active) {
+        // safe is false only indicate the lack of a cached result
+        // we cannot use it to avoid looping here
+        for (const cookierule of ruleset.cookierules) {
+          // if safe is true, it is case (b); otherwise it is case (c)
+          if (cookierule.host_c.test(cookie.domain) && cookierule.name_c.test(cookie.name)) {
+            return safe || this.safeToSecureCookie(hostname, potentiallyApplicable);
+          }
+        }
+      }
+    }
+    return false;
+  },
 
+  /**
+   * Check if it is secure to secure the cookie (=patch the secure flag in).
+   * @param domain The domain of the cookie
+   * @param potentiallyApplicable
+   * @returns {*} true or false
+   */
+  safeToSecureCookie: function(domain, potentiallyApplicable) {
+    // Make up a random URL on the domain, and see if we would HTTPSify that.
     var nonce_path = "/" + Math.random().toString();
     var test_uri = "http://" + domain + nonce_path + nonce_path;
 
@@ -659,12 +730,8 @@ RuleSets.prototype = {
     }
 
     util.log(util.INFO, "Testing securecookie applicability with " + test_uri);
-    var potentiallyApplicable = this.potentiallyApplicableRulesets(domain);
     for (let ruleset of potentiallyApplicable) {
-      if (!ruleset.active) {
-        continue;
-      }
-      if (ruleset.apply(test_uri)) {
+      if (ruleset.active && ruleset.apply(test_uri)) {
         util.log(util.INFO, "Cookie domain could be secured.");
         this.cookieHostCache.set(domain, true);
         return true;
@@ -675,6 +742,36 @@ RuleSets.prototype = {
     return false;
   },
 
+  /**
+   * Get a list of simple rules (active, with no exclusions) for all hosts that
+   * are in a single ruleset, and end in the specified ending.
+   * @param ending Target ending to search for
+   * @returns A list of { host, from_regex, to, scope_regex }
+   */
+  getSimpleRulesEndingWith: function(ending) {
+    let results;
+
+    if (this.wasm_rs) {
+      results = this.wasm_rs.get_simple_rules_ending_with(ending);
+    } else {
+      results = [];
+      for(let [host, rulesets] of this.targets) {
+        if (host.endsWith(ending) &&
+            rulesets.length == 1 &&
+            rulesets[0].active === true &&
+            rulesets[0].exclusions == null
+        ) {
+          for (let rule of rulesets[0].rules) {
+            if (rule.from_c.test("http://" + host + "/")) {
+              results.push({ host, from_regex: rule.from_c.toString(), to: rule.to, scope_regex: rulesets[0].scope.toString() });
+            }
+          }
+        }
+      }
+    }
+    return results;
+  },
+
   /**
    * Rewrite an URI
    * @param urispec The uri to rewrite
@@ -694,14 +791,12 @@ RuleSets.prototype = {
 };
 
 Object.assign(exports, {
-  nullIterable,
   settings,
-  trivial_rule_to,
-  trivial_rule_from_c,
-  Exclusion,
+  trivial_rule,
   Rule,
   RuleSet,
-  RuleSets
+  RuleSets,
+  getRule
 });
 
 })(typeof exports == 'undefined' ? require.scopes.rules = {} : exports);
diff --git a/chromium/background-scripts/store.js b/chromium/background-scripts/store.js
index 8e296dfe59fc..e3af7cb8086f 100644
--- a/chromium/background-scripts/store.js
+++ b/chromium/background-scripts/store.js
@@ -3,12 +3,13 @@
 (function(exports) {
 
 const rules = require('./rules');
+const util = require("./util");
 
 function initialize() {
   return new Promise(resolve => {
     if (chrome.storage.sync) {
       chrome.storage.sync.set({"sync-set-test": true}, () => {
-        if(chrome.runtime.lastError){
+        if(chrome.runtime.lastError) {
           setStorage(chrome.storage.local);
         } else {
           setStorage(chrome.storage.sync);
@@ -22,47 +23,116 @@ function initialize() {
   });
 }
 
+/* Storage promise setters and getters */
+
+function generic_get_promise(key, default_val, storage) {
+  return new Promise(res => storage.get({[key]: default_val}, data => res(data[key])));
+}
+
+function generic_set_promise(key, value, storage) {
+  return new Promise(res => storage.set({[key]: value}, res));
+}
+
 function get_promise(key, default_val) {
-  return new Promise(res => exports.get({[key]: default_val}, data => res(data[key])));
+  return generic_get_promise(key, default_val, exports);
 }
 
 function set_promise(key, value) {
-  return new Promise(res => exports.set({[key]: value}, res));
+  return generic_set_promise(key, value, exports);
 }
 
-async function performMigrations() {
-  const migration_version = await get_promise('migration_version', 0);
+function local_get_promise(key, default_val) {
+  return generic_get_promise(key, default_val, chrome.storage.local);
+}
 
-  if (migration_version < 1) {
+function local_set_promise(key, value) {
+  return generic_set_promise(key, value, chrome.storage.local);
+}
 
-    let ls;
-    try {
-      ls = localStorage;
-    } catch(e) {}
 
-    let ruleActiveStates = {};
-    for (const key in ls) {
-      if (ls.hasOwnProperty(key)) {
-        if (key == rules.RuleSets().USER_RULE_KEY){
-          await set_promise(rules.RuleSets().USER_RULE_KEY, JSON.parse(ls[key]));
-        } else {
-          ruleActiveStates[key] = (ls[key] == "true");
+
+async function performMigrations() {
+  let migration_version = await get_promise('migration_version', 0);
+
+  try {
+    if (migration_version === 0) {
+      let ls = localStorage;
+      let ruleActiveStates = {};
+
+      for (let key in ls) {
+        if (ls.hasOwnProperty(key)) {
+          if (rules.RuleSets().USER_RULE_KEY === key) {
+            await set_promise(rules.RuleSets().USER_RULE_KEY, JSON.parse(ls[key]));
+          } else {
+            ruleActiveStates[key] = (ls[key] === "true");
+          }
         }
       }
+      migration_version = 1;
+      await set_promise('migration_version', migration_version);
+      await set_promise('ruleActiveStates', ruleActiveStates);
     }
-    await set_promise('ruleActiveStates', ruleActiveStates);
+
+  } catch (e) {
+    // do nothing
   }
 
-  await set_promise('migration_version', 1);
+  if (migration_version <= 1) {
+    await get_promise(rules.RuleSets().USER_RULE_KEY, [])
+      .then(userRules => {
+        userRules = userRules.map(userRule => {
+          return {
+            name: userRule.host,
+            target: [userRule.host],
+            rule: [{ from: userRule.urlMatcher, to: userRule.redirectTo }],
+            default_off: "user rule"
+          };
+        });
+        return userRules;
+      })
+      .then(userRules => {
+        return set_promise(rules.RuleSets().USER_RULE_KEY, userRules);
+      });
+
+    migration_version = 2;
+    await set_promise('migration_version', migration_version);
+  }
+
+  if (migration_version <= 2) {
+    await get_promise('disabledList', [])
+      .then(disabledList => {
+        disabledList = disabledList.map(item => {
+          return util.getNormalisedHostname(item);
+        });
+        return disabledList;
+      })
+      .then(disabledList => {
+        return set_promise('disabledList', disabledList);
+      });
+
+    migration_version = 3;
+    await set_promise('migration_version', migration_version);
+  }
 }
 
+const local = {
+  get: (...args) => chrome.storage.local.get(...args),
+  set: (...args) => chrome.storage.local.set(...args),
+  remove: (...args) => chrome.storage.local.remove(...args),
+  get_promise: local_get_promise,
+  set_promise: local_set_promise
+};
+
 function setStorage(store) {
   Object.assign(exports, {
     get: store.get.bind(store),
     set: store.set.bind(store),
+    remove: store.remove.bind(store),
     get_promise,
-    set_promise
+    set_promise,
+    local
   });
+  chrome.runtime.sendMessage("store_initialized");
 }
 
 Object.assign(exports, {
diff --git a/chromium/background-scripts/update.js b/chromium/background-scripts/update.js
new file mode 100644
index 000000000000..a0bc7fdf85e9
--- /dev/null
+++ b/chromium/background-scripts/update.js
@@ -0,0 +1,480 @@
+/* global pako */
+
+"use strict";
+
+let combined_update_channels, extension_version;
+const { update_channels } = require('./update_channels');
+const wasm = require('./wasm');
+
+// Determine if we're in the tests.  If so, define some necessary components.
+if (typeof window === "undefined") {
+  var WebCrypto = require("node-webcrypto-ossl"),
+    crypto = new WebCrypto(),
+    atob = require("atob"),
+    btoa = require("btoa"),
+    pako = require('../external/pako-1.0.5/pako_inflate.min.js'),
+    { TextDecoder } = require('text-encoding'),
+    chrome = require("sinon-chrome"),
+    window = { atob, btoa, chrome, crypto, pako, TextDecoder },
+    fs = require('fs');
+
+  extension_version = JSON.parse(fs.readFileSync('./manifest.json')).version;
+
+  combined_update_channels = update_channels;
+} else {
+  extension_version = chrome.runtime.getManifest().version;
+}
+
+(function(exports) {
+
+const util = require('./util');
+
+let store,
+  background_callback;
+
+// how often we should check for new rulesets
+const periodicity = 86400;
+
+const extension_date = new Date(extension_version.split('.').slice(0,3).join('-'));
+const extension_timestamp = extension_date.getTime() / 1000;
+
+let imported_keys;
+
+// update channels are loaded from `background-scripts/update_channels.js` as well as the storage api
+async function loadUpdateChannelsKeys() {
+  util.log(util.NOTE, 'Loading update channels and importing associated public keys.');
+
+  const stored_update_channels = await store.get_promise('update_channels', []);
+  const combined_update_channels_preflight = update_channels.concat(stored_update_channels);
+
+  imported_keys = {};
+  combined_update_channels = [];
+
+  for(let update_channel of combined_update_channels_preflight) {
+
+    try{
+      imported_keys[update_channel.name] = await window.crypto.subtle.importKey(
+        "jwk",
+        update_channel.jwk,
+        {
+          name: "RSA-PSS",
+          hash: {name: "SHA-256"},
+        },
+        false,
+        ["verify"]
+      );
+      combined_update_channels.push(update_channel);
+      util.log(util.NOTE, update_channel.name + ': Update channel key loaded.');
+    } catch(err) {
+      util.log(util.WARN, update_channel.name + ': Could not import key.  Aborting.');
+    }
+  }
+}
+
+
+// Determine the time until we should check for new rulesets
+async function timeToNextCheck() {
+  const last_checked = await store.local.get_promise('last-checked', false);
+  if(last_checked) {
+    const current_timestamp = Date.now() / 1000;
+    const secs_since_last_checked = current_timestamp - last_checked;
+    return Math.max(0, periodicity - secs_since_last_checked);
+  } else {
+    return 0;
+  }
+}
+
+// Check for new rulesets immediately
+async function resetTimer() {
+  await store.local.set_promise('last-checked', false);
+  destroyTimer();
+  await createTimer();
+}
+
+// Check for new updates. If found, return the timestamp. If not, return false
+async function checkForNewUpdates(update_channel) {
+  let timestamp_result = await fetch(update_channel.update_path_prefix + (update_channel.format == "bloom" ? "/latest-bloom-timestamp" : "/latest-rulesets-timestamp"));
+  if(timestamp_result.status == 200) {
+    let uc_timestamp = Number(await timestamp_result.text());
+
+    if((await store.local.get_promise('uc-timestamp: ' + update_channel.name, 0)) < uc_timestamp) {
+      return uc_timestamp;
+    }
+  }
+  return false;
+}
+
+// Retrieve the timestamp for when an update channel was published
+async function getUpdateChannelTimestamps() {
+  let timestamp_promises = [];
+  for(let update_channel of combined_update_channels) {
+    timestamp_promises.push(new Promise(async resolve => {
+      let timestamp = await store.local.get_promise('uc-stored-timestamp: ' + update_channel.name, 0);
+      resolve([update_channel, timestamp]);
+    }));
+  }
+  let timestamps = await Promise.all(timestamp_promises);
+  return timestamps;
+}
+
+// Download and return new rulesets
+async function getNewRulesets(rulesets_timestamp, update_channel) {
+
+  store.local.set_promise('uc-timestamp: ' + update_channel.name, rulesets_timestamp);
+
+  let signature_promise = fetch(update_channel.update_path_prefix + "/rulesets-signature." + rulesets_timestamp + ".sha256");
+  let rulesets_promise = fetch(update_channel.update_path_prefix + "/default.rulesets." + rulesets_timestamp + ".gz");
+
+  let responses = await Promise.all([
+    signature_promise,
+    rulesets_promise
+  ]);
+
+  let resolutions = await Promise.all([
+    responses[0].arrayBuffer(),
+    responses[1].arrayBuffer()
+  ]);
+
+  return {
+    signature_array_buffer: resolutions[0],
+    rulesets_array_buffer: resolutions[1]
+  };
+}
+
+// Download and return new bloom
+async function getNewBloom(bloom_timestamp, update_channel) {
+  store.local.set_promise('uc-timestamp: ' + update_channel.name, bloom_timestamp);
+
+  let signature_promise = fetch(update_channel.update_path_prefix + "/bloom-signature." + bloom_timestamp + ".sha256");
+  let bloom_metadata_promise = fetch(update_channel.update_path_prefix + "/bloom-metadata." + bloom_timestamp + ".json");
+  let bloom_promise = fetch(update_channel.update_path_prefix + "/bloom." + bloom_timestamp + ".bin");
+
+  let responses = await Promise.all([
+    signature_promise,
+    bloom_metadata_promise,
+    bloom_promise
+  ]);
+
+  let resolutions = await Promise.all([
+    responses[0].arrayBuffer(),
+    responses[1].arrayBuffer(),
+    responses[2].arrayBuffer()
+  ]);
+
+  return {
+    signature_array_buffer: resolutions[0],
+    bloom_metadata_array_buffer: resolutions[1],
+    bloom_array_buffer: resolutions[2],
+  };
+
+}
+
+// Returns a promise which verifies that the rulesets have a valid EFF
+// signature, and if so, stores them and returns true.
+// Otherwise, it throws an exception.
+function verifyAndStoreNewRulesets(new_rulesets, rulesets_timestamp, update_channel) {
+  return new Promise((resolve, reject) => {
+    window.crypto.subtle.verify(
+      {
+        name: "RSA-PSS",
+        saltLength: 32
+      },
+      imported_keys[update_channel.name],
+      new_rulesets.signature_array_buffer,
+      new_rulesets.rulesets_array_buffer
+    ).then(async isvalid => {
+      if(isvalid) {
+        util.log(util.NOTE, update_channel.name + ': Downloaded ruleset signature checks out.  Storing rulesets.');
+
+        const rulesets_gz = util.ArrayBufferToString(new_rulesets.rulesets_array_buffer);
+        const rulesets_byte_array = pako.inflate(rulesets_gz);
+        const rulesets = new TextDecoder("utf-8").decode(rulesets_byte_array);
+        const rulesets_json = JSON.parse(rulesets);
+
+        if(rulesets_json.timestamp != rulesets_timestamp) {
+          reject(update_channel.name + ': Downloaded ruleset had an incorrect timestamp.  This may be an attempted downgrade attack.  Aborting.');
+        } else {
+          await store.local.set_promise('rulesets: ' + update_channel.name, window.btoa(rulesets_gz));
+          resolve(true);
+        }
+      } else {
+        reject(update_channel.name + ': Downloaded ruleset signature is invalid.  Aborting.');
+      }
+    }).catch(() => {
+      reject(update_channel.name + ': Downloaded ruleset signature could not be verified.  Aborting.');
+    });
+  });
+}
+
+// Returns a promise which verifies that the bloom has a valid EFF
+// signature, and if so, stores it and returns true.
+// Otherwise, it throws an exception.
+function verifyAndStoreNewBloom(new_bloom, bloom_timestamp, update_channel) {
+  return new Promise((resolve, reject) => {
+    window.crypto.subtle.verify(
+      {
+        name: "RSA-PSS",
+        saltLength: 32
+      },
+      imported_keys[update_channel.name],
+      new_bloom.signature_array_buffer,
+      new_bloom.bloom_metadata_array_buffer
+    ).then(async isvalid => {
+      if(isvalid) {
+        util.log(util.NOTE, update_channel.name + ': Bloom filter metadata signature checks out.');
+
+        const bloom_metadata = JSON.parse(util.ArrayBufferToString(new_bloom.bloom_metadata_array_buffer));
+        const bloom_str = util.ArrayBufferToString(new_bloom.bloom_array_buffer);
+
+        if(bloom_metadata.timestamp != bloom_timestamp) {
+          reject(update_channel.name + ': Downloaded bloom filter had an incorrect timestamp.  This may be an attempted downgrade attack.  Aborting.');
+        } else if(await sha256sum(new_bloom.bloom_array_buffer) != bloom_metadata.sha256sum) {
+          reject(update_channel.name + ': sha256sum of the bloom filter is invalid.  Aborting.');
+        } else {
+          await store.local.set_promise('bloom: ' + update_channel.name, window.btoa(bloom_str));
+          await store.local.set_promise('bloom_bitmap_bits: ' + update_channel.name, bloom_metadata.bitmap_bits);
+          await store.local.set_promise('bloom_k_num: ' + update_channel.name, bloom_metadata.k_num);
+          await store.local.set_promise('bloom_sip_keys_0_0: ' + update_channel.name, bloom_metadata.sip_keys[0][0]);
+          await store.local.set_promise('bloom_sip_keys_0_1: ' + update_channel.name, bloom_metadata.sip_keys[0][1]);
+          await store.local.set_promise('bloom_sip_keys_1_0: ' + update_channel.name, bloom_metadata.sip_keys[1][0]);
+          await store.local.set_promise('bloom_sip_keys_1_1: ' + update_channel.name, bloom_metadata.sip_keys[1][1]);
+          resolve(true);
+        }
+      } else {
+        reject(update_channel.name + ': Downloaded bloom filter metadata signature is invalid.  Aborting.');
+      }
+    }).catch(() => {
+      reject(update_channel.name + ': Downloaded bloom signature could not be verified.  Aborting.');
+    });
+  });
+}
+
+async function sha256sum(buffer) {
+  const hashBuffer = await window.crypto.subtle.digest('SHA-256', buffer);
+  const hashArray = Array.from(new Uint8Array(hashBuffer));
+  const hashHex = hashArray.map(b => ('00' + b.toString(16)).slice(-2)).join('');
+  return hashHex;
+}
+
+function isNotUndefined(subject) {
+  return (typeof subject != 'undefined');
+}
+
+// Apply the rulesets we have stored.
+async function applyStoredRulesets(rulesets_obj) {
+  let rulesets_promises = [];
+  for(let update_channel of combined_update_channels) {
+    if(update_channel.format == "rulesets" || !update_channel.format) {
+      rulesets_promises.push(new Promise(resolve => {
+        const key = 'rulesets: ' + update_channel.name;
+        chrome.storage.local.get(key, root => {
+          if(root[key]) {
+            util.log(util.NOTE, update_channel.name + ': Applying stored rulesets.');
+
+            const rulesets_gz = window.atob(root[key]);
+            const rulesets_byte_array = pako.inflate(rulesets_gz);
+            const rulesets_string = new TextDecoder("utf-8").decode(rulesets_byte_array);
+            const rulesets_json = JSON.parse(rulesets_string);
+
+            resolve({json: rulesets_json, scope: update_channel.scope, replaces: update_channel.replaces_default_rulesets});
+          } else {
+            resolve();
+          }
+        });
+      }));
+    }
+  }
+
+  const rulesets_results = (await Promise.all(rulesets_promises)).filter(isNotUndefined);
+
+  let replaces = false;
+  for(const rulesets_result of rulesets_results) {
+    if(rulesets_result.replaces === true) {
+      replaces = true;
+    }
+    rulesets_obj.addFromJson(rulesets_result.json.rulesets, rulesets_result.scope);
+  }
+
+  if(!replaces) {
+    rulesets_obj.addFromJson(util.loadExtensionFile('rules/default.rulesets', 'json'), '');
+  }
+}
+
+// Apply the blooms we have stored.
+async function applyStoredBlooms(bloom_arr) {
+  let bloom_promises = [];
+  for(let update_channel of combined_update_channels) {
+    if(update_channel.format == "bloom") {
+      bloom_promises.push(new Promise(resolve => {
+        const key = 'bloom: ' + update_channel.name;
+        chrome.storage.local.get(key, async root => {
+          if(root[key]) {
+            util.log(util.NOTE, update_channel.name + ': Applying stored bloom filter.');
+            const bloom = util.StringToArrayBuffer(window.atob(root[key]));
+            const bloom_bitmap_bits = await store.local.get_promise('bloom_bitmap_bits: ' + update_channel.name, "");
+            const bloom_k_num = await store.local.get_promise('bloom_k_num: ' + update_channel.name, "");
+            const bloom_sip_keys_0_0 = await store.local.get_promise('bloom_sip_keys_0_0: ' + update_channel.name, "");
+            const bloom_sip_keys_0_1 = await store.local.get_promise('bloom_sip_keys_0_1: ' + update_channel.name, "");
+            const bloom_sip_keys_1_0 = await store.local.get_promise('bloom_sip_keys_1_0: ' + update_channel.name, "");
+            const bloom_sip_keys_1_1 = await store.local.get_promise('bloom_sip_keys_1_1: ' + update_channel.name, "");
+
+            try{
+              resolve(wasm.Bloom.from_existing(bloom, bloom_bitmap_bits, bloom_k_num, [[bloom_sip_keys_0_0, bloom_sip_keys_0_1], [bloom_sip_keys_1_0, bloom_sip_keys_1_1]]));
+            } catch(_) {
+              resolve();
+            }
+          } else {
+            resolve();
+          }
+        });
+      }));
+    }
+  }
+
+  bloom_arr.length = 0;
+  const bloom_results = (await Promise.all(bloom_promises)).filter(isNotUndefined);
+  for(const bloom_result of bloom_results) {
+    bloom_arr.push(bloom_result);
+  }
+}
+
+
+// basic workflow for periodic checks
+async function performCheck() {
+  util.log(util.NOTE, 'Checking for new updates.');
+
+  const current_timestamp = Date.now() / 1000;
+  store.local.set_promise('last-checked', current_timestamp);
+
+  let num_updates = 0;
+  for(let update_channel of combined_update_channels) {
+    if(update_channel.format == "bloom") {
+      let new_bloom_timestamp = await checkForNewUpdates(update_channel);
+      if(new_bloom_timestamp) {
+        util.log(util.NOTE, update_channel.name + ': A new bloom filter has been released.  Downloading now.');
+        let new_bloom = await getNewBloom(new_bloom_timestamp, update_channel);
+        try{
+          await verifyAndStoreNewBloom(new_bloom, new_bloom_timestamp, update_channel);
+          store.local.set_promise('uc-stored-timestamp: ' + update_channel.name, new_bloom_timestamp);
+          num_updates++;
+        } catch(err) {
+          util.log(util.WARN, update_channel.name + ': ' + err);
+        }
+      }
+    } else {
+      let new_rulesets_timestamp = await checkForNewUpdates(update_channel);
+      if(new_rulesets_timestamp) {
+
+        if(update_channel.replaces_default_rulesets && extension_timestamp > new_rulesets_timestamp) {
+          util.log(util.NOTE, update_channel.name + ': A new ruleset bundle has been released, but it is older than the extension-bundled rulesets it replaces.  Skipping.');
+          continue;
+        }
+
+        util.log(util.NOTE, update_channel.name + ': A new ruleset bundle has been released.  Downloading now.');
+        let new_rulesets = await getNewRulesets(new_rulesets_timestamp, update_channel);
+        try{
+          await verifyAndStoreNewRulesets(new_rulesets, new_rulesets_timestamp, update_channel);
+          store.local.set_promise('uc-stored-timestamp: ' + update_channel.name, new_rulesets_timestamp);
+          num_updates++;
+        } catch(err) {
+          util.log(util.WARN, update_channel.name + ': ' + err);
+        }
+      }
+    }
+  }
+  if(num_updates > 0) {
+    background_callback();
+  }
+};
+
+async function storageListener(changes, areaName) {
+  if (areaName === 'sync' || areaName === 'local') {
+    if ('autoUpdateRulesets' in changes) {
+      if (changes.autoUpdateRulesets.newValue) {
+        await createTimer();
+      } else {
+        destroyTimer();
+      }
+    }
+  }
+
+  if ('update_channels' in changes) {
+    await loadUpdateChannelsKeys();
+  }
+};
+
+function addStorageListener() {
+  chrome.storage.onChanged.addListener(storageListener);
+}
+
+function removeStorageListener() {
+  chrome.storage.onChanged.removeListener(storageListener);
+}
+
+addStorageListener();
+
+let initialCheck,
+  subsequentChecks;
+
+async function createTimer() {
+  const time_to_next_check = await timeToNextCheck();
+
+  initialCheck = setTimeout(() => {
+    performCheck();
+    subsequentChecks = setInterval(performCheck, periodicity * 1000);
+  }, time_to_next_check * 1000);
+}
+
+function destroyTimer() {
+  if (initialCheck) {
+    clearTimeout(initialCheck);
+  }
+  if (subsequentChecks) {
+    clearInterval(subsequentChecks);
+  }
+}
+
+function clear_replacement_update_channels() {
+  let keys = [];
+  for (const update_channel of combined_update_channels) {
+    if(update_channel.replaces_default_rulesets) {
+      util.log(util.NOTE, update_channel.name + ': You have a new version of the extension.  Clearing any stored rulesets, which replace the new extension-bundled ones.');
+      keys.push('uc-timestamp: ' + update_channel.name);
+      keys.push('uc-stored-timestamp: ' + update_channel.name);
+      keys.push('rulesets: ' + update_channel.name);
+    }
+  }
+
+  return new Promise(resolve => {
+    chrome.storage.local.remove(keys, resolve);
+  });
+}
+
+async function initialize(store_param, cb) {
+  store = store_param;
+  background_callback = cb;
+
+  await loadUpdateChannelsKeys();
+
+  if (await store.local.get_promise('extensionTimestamp', 0) !== extension_timestamp) {
+    await clear_replacement_update_channels();
+    await store.local.set_promise('extensionTimestamp', extension_timestamp);
+  }
+
+  if (await store.get_promise('autoUpdateRulesets', true)) {
+    await createTimer();
+  }
+}
+
+Object.assign(exports, {
+  applyStoredRulesets,
+  applyStoredBlooms,
+  initialize,
+  getUpdateChannelTimestamps,
+  resetTimer,
+  loadUpdateChannelsKeys,
+  addStorageListener,
+  removeStorageListener,
+});
+
+})(typeof exports == 'undefined' ? require.scopes.update = {} : exports);
diff --git a/chromium/background-scripts/update_channels.js b/chromium/background-scripts/update_channels.js
new file mode 100644
index 000000000000..80494ef0f2cc
--- /dev/null
+++ b/chromium/background-scripts/update_channels.js
@@ -0,0 +1,44 @@
+/* exported update_channels */
+
+'use strict';
+
+(function (exports) {
+
+exports.update_channels = [
+  {
+    name: 'EFF (Full)',
+    jwk: {
+      kty: 'RSA',
+      e: 'AQAB',
+      n: '1cwvFQu3Kw-Pz8bcEFuV5zx0ZheDsc4Tva7Qv6BL90_sDLqCW79Y543nDkPtNVfFH_89pt2kSPp_IcS5XnYiw6zBQeFuILFw5JpvZt14K0s4' +
+        'e025Q9CXfhYKIBKT9PnqihwAacjMa6rQb7RTu7XxVvqxRb3b0vx2CR40LSlYZ8H_KpeaUwq2oz-fyrI6LFTeYvbO3ZuLKeK5xV1a32xeTVMF' +
+        'kIj3LxnQalxq-DRHfj7LRRoTnbRDW4uoDc8aVpLFliuO79jUKbobz4slpiWJ4wjKR_O6OK13HbZUiOSxi8Bms-UqBPOyzbMVpmA7lv_zWdaL' +
+        'u1IVlVXQyLVbbrqI6llRqfHdcJoEl-eC48AofuB-relQtjTEK_hyBf7sPwrbqAarjRjlyEx6Qy5gTXyxM9attfNAeupYR6jm8LKm6TFpfWky' +
+        'DxUmj_f5pJMBWNTomV74f8iQ2M18_KWMUDCOf80tR0t21Q1iCWdvA3K_KJn05tTLyumlwwlQijMqRkYuao-CX9L3DJIaB3VPYPTSIPUr7oi1' +
+        '6agsuamOyiOtlZiRpEvoNg2ksJMZtwnj5xhBQydkdhMW2ZpHDzcLuZlhJYZL_l3_7wuzRM7vpyA9obP92CpZRFJErGZmFxJC93I4U9-0B0wg' +
+        '-sbyMKGJ5j1BWTnibCklDXtWzXtuiz18EgE'
+    },
+    update_path_prefix: 'https://www.https-rulesets.org/v1/',
+    scope: '',
+    replaces_default_rulesets: true
+  },
+  {
+    name: 'DuckDuckGo Smarter Encryption',
+    format: 'bloom',
+    jwk: {
+      kty: 'RSA',
+      e: 'AQAB',
+      n: '1cwvFQu3Kw-Pz8bcEFuV5zx0ZheDsc4Tva7Qv6BL90_sDLqCW79Y543nDkPtNVfFH_89pt2kSPp_IcS5XnYiw6zBQeFuILFw5JpvZt14K0s4' +
+        'e025Q9CXfhYKIBKT9PnqihwAacjMa6rQb7RTu7XxVvqxRb3b0vx2CR40LSlYZ8H_KpeaUwq2oz-fyrI6LFTeYvbO3ZuLKeK5xV1a32xeTVMF' +
+        'kIj3LxnQalxq-DRHfj7LRRoTnbRDW4uoDc8aVpLFliuO79jUKbobz4slpiWJ4wjKR_O6OK13HbZUiOSxi8Bms-UqBPOyzbMVpmA7lv_zWdaL' +
+        'u1IVlVXQyLVbbrqI6llRqfHdcJoEl-eC48AofuB-relQtjTEK_hyBf7sPwrbqAarjRjlyEx6Qy5gTXyxM9attfNAeupYR6jm8LKm6TFpfWky' +
+        'DxUmj_f5pJMBWNTomV74f8iQ2M18_KWMUDCOf80tR0t21Q1iCWdvA3K_KJn05tTLyumlwwlQijMqRkYuao-CX9L3DJIaB3VPYPTSIPUr7oi1' +
+        '6agsuamOyiOtlZiRpEvoNg2ksJMZtwnj5xhBQydkdhMW2ZpHDzcLuZlhJYZL_l3_7wuzRM7vpyA9obP92CpZRFJErGZmFxJC93I4U9-0B0wg' +
+        '-sbyMKGJ5j1BWTnibCklDXtWzXtuiz18EgE'
+    },
+    update_path_prefix: 'https://www.https-rulesets.org/ddg/',
+    scope: '',
+  }
+];
+
+})(typeof exports === 'undefined' ? require.scopes.update_channels = {} : exports);
diff --git a/chromium/background-scripts/util.js b/chromium/background-scripts/util.js
index 5763ff6b839e..e2b069b8017d 100644
--- a/chromium/background-scripts/util.js
+++ b/chromium/background-scripts/util.js
@@ -45,7 +45,7 @@ function loadExtensionFile(url, returnType) {
   var xhr = new XMLHttpRequest();
   // Use blocking XHR to ensure everything is loaded by the time
   // we return.
-  xhr.open("GET", chrome.extension.getURL(url), false);
+  xhr.open("GET", chrome.runtime.getURL(url), false);
   xhr.send(null);
   // Get file contents
   if (xhr.readyState !== 4) {
@@ -60,6 +60,108 @@ function loadExtensionFile(url, returnType) {
   return xhr.responseText;
 }
 
+/**
+ * Remove tailing dots from hostname, e.g. "www.example.com."
+ * Preserve port numbers if they are used
+ */
+function getNormalisedHostname(host) {
+  let [ hostname, port ] = host.split(":");
+  while (hostname && hostname[hostname.length - 1] === '.' && hostname !== '.') {
+    hostname = hostname.slice(0, -1);
+  }
+  if (port) {
+    return `${hostname}:${port}`;
+  }
+  return hostname;
+}
+
+// Empty iterable singleton to reduce memory usage
+const nullIterable = Object.create(null, {
+  [Symbol.iterator]: {
+    value: function* () {
+      // do nothing
+    }
+  },
+
+  size: {
+    value: 0
+  },
+});
+
+/**
+ * Return true if host is well-formed (RFC 1035)
+ */
+function isValidHostname(host) {
+  if (host && host.length > 0 && host.length <= 255 && host.indexOf("..") === -1) {
+    return true;
+  }
+  return false;
+}
+
+/**
+ * Return a list of wildcard expressions which support
+ * the host under HTTPS Everywhere's implementation
+ */
+function getWildcardExpressions(host) {
+  // Ensure host is well-formed (RFC 1035)
+  if (!isValidHostname(host)) {
+    return nullIterable;
+  }
+
+  // Ensure host does not contain a wildcard itself
+  if (host.indexOf("*") != -1) {
+    return nullIterable;
+  }
+
+  let results = [];
+
+  // Replace www.example.com with www.example.*
+  // eat away from the right for once and only once
+  let segmented = host.split(".");
+  if (segmented.length > 1) {
+    const tmp = [...segmented.slice(0, segmented.length - 1), "*"].join(".");
+    results.push(tmp);
+  }
+
+  // now eat away from the left, with *, so that for x.y.z.google.com we
+  // check *.y.z.google.com, *.z.google.com and *.google.com
+  for (let i = 1; i < segmented.length - 1; i++) {
+    const tmp = ["*", ...segmented.slice(i, segmented.length)].join(".");
+    results.push(tmp);
+  }
+  return results;
+}
+
+/**
+ * Convert an ArrayBuffer to string
+ *
+ * @param array: an ArrayBuffer to convert
+ */
+function ArrayBufferToString(ab) {
+  let array = new Uint8Array(ab);
+  let string = "";
+
+  for (let byte of array) {
+    string += String.fromCharCode(byte);
+  }
+
+  return string;
+}
+
+/**
+ * Convert a string to an ArrayBuffer
+ *
+ * @param string: a string to convert
+ */
+function StringToArrayBuffer(str) {
+  var byteArray = new Uint8Array(str.length);
+  for (var i = 0; i < str.length; i++) {
+    byteArray[i] = str.charCodeAt(i);
+  }
+  return byteArray;
+}
+
+
 Object.assign(exports, {
   VERB,
   DBUG,
@@ -67,9 +169,15 @@ Object.assign(exports, {
   NOTE,
   WARN,
   log,
+  nullIterable,
+  isValidHostname,
+  getNormalisedHostname,
+  getWildcardExpressions,
   setDefaultLogLevel,
   getDefaultLogLevel,
-  loadExtensionFile
+  loadExtensionFile,
+  ArrayBufferToString,
+  StringToArrayBuffer
 });
 
 })(typeof exports == 'undefined' ? require.scopes.util = {} : exports);
diff --git a/chromium/background-scripts/wasm.js b/chromium/background-scripts/wasm.js
new file mode 100644
index 000000000000..551b1d3ea672
--- /dev/null
+++ b/chromium/background-scripts/wasm.js
@@ -0,0 +1,27 @@
+"use strict";
+
+(function(exports) {
+
+const util = require('./util'),
+  { RuleSets, Bloom } = wasm_bindgen;
+
+async function initialize() {
+  try {
+    await wasm_bindgen(chrome.runtime.getURL('wasm/https_everywhere_lib_wasm_bg.wasm'));
+  } catch(e) {
+    util.log(util.WARN, 'The wasm library has not loaded correctly: ' + e);
+  }
+}
+
+function is_enabled() {
+  return true;
+}
+
+Object.assign(exports, {
+  initialize,
+  RuleSets,
+  Bloom,
+  is_enabled,
+});
+
+})(typeof exports == 'undefined' ? require.scopes.wasm = {} : exports);
diff --git a/chromium/external/README.md b/chromium/external/README.md
index 138cb46cc0ad..031cf55c1721 100644
--- a/chromium/external/README.md
+++ b/chromium/external/README.md
@@ -4,7 +4,7 @@ This directory contains files that are external dependencies for HTTPS Everywher
 
 ## CodeMirror 5.31.0
 
-```
+```bash
 $ npm install uglify-js@3.1.9
 $ npm install uglifycss@0.0.27
 $ curl -o codemirror.zip https://codemirror.net/codemirror-5.31.0.zip
@@ -40,3 +40,13 @@ uglifycss \
   --output codemirror-5.31.0.min.css \
   codemirror-5.31.0/lib/codemirror.css
 ```
+
+## Pako 1.0.5
+
+`$ npm install pako@1.0.5`
+
+### pako_inflate.min.js
+
+```bash
+
+$ cp node_modules/pako/dist/pako_inflate.js pako-1.0.5/pako_inflate.min.js
diff --git a/chromium/external/pako-1.0.5/pako_inflate.min.js b/chromium/external/pako-1.0.5/pako_inflate.min.js
new file mode 100644
index 000000000000..fdd03f31a5be
--- /dev/null
+++ b/chromium/external/pako-1.0.5/pako_inflate.min.js
@@ -0,0 +1,3290 @@
+/* pako 1.0.5 nodeca/pako */(function(f){if(typeof exports==="object"&&typeof module!=="undefined"){module.exports=f()}else if(typeof define==="function"&&define.amd){define([],f)}else{var g;if(typeof window!=="undefined"){g=window}else if(typeof global!=="undefined"){g=global}else if(typeof self!=="undefined"){g=self}else{g=this}g.pako = f()}})(function(){var define,module,exports;return (function e(t,n,r){function s(o,u){if(!n[o]){if(!t[o]){var a=typeof require=="function"&&require;if(!u&&a)return a(o,!0);if(i)return i(o,!0);var f=new Error("Cannot find module '"+o+"'");throw f.code="MODULE_NOT_FOUND",f}var l=n[o]={exports:{}};t[o][0].call(l.exports,function(e){var n=t[o][1][e];return s(n?n:e)},l,l.exports,e,t,n,r)}return n[o].exports}var i=typeof require=="function"&&require;for(var o=0;o<r.length;o++)s(r[o]);return s})({1:[function(require,module,exports){
+'use strict';
+
+
+var TYPED_OK =  (typeof Uint8Array !== 'undefined') &&
+                (typeof Uint16Array !== 'undefined') &&
+                (typeof Int32Array !== 'undefined');
+
+
+exports.assign = function (obj /*from1, from2, from3, ...*/) {
+  var sources = Array.prototype.slice.call(arguments, 1);
+  while (sources.length) {
+    var source = sources.shift();
+    if (!source) { continue; }
+
+    if (typeof source !== 'object') {
+      throw new TypeError(source + 'must be non-object');
+    }
+
+    for (var p in source) {
+      if (source.hasOwnProperty(p)) {
+        obj[p] = source[p];
+      }
+    }
+  }
+
+  return obj;
+};
+
+
+// reduce buffer size, avoiding mem copy
+exports.shrinkBuf = function (buf, size) {
+  if (buf.length === size) { return buf; }
+  if (buf.subarray) { return buf.subarray(0, size); }
+  buf.length = size;
+  return buf;
+};
+
+
+var fnTyped = {
+  arraySet: function (dest, src, src_offs, len, dest_offs) {
+    if (src.subarray && dest.subarray) {
+      dest.set(src.subarray(src_offs, src_offs + len), dest_offs);
+      return;
+    }
+    // Fallback to ordinary array
+    for (var i = 0; i < len; i++) {
+      dest[dest_offs + i] = src[src_offs + i];
+    }
+  },
+  // Join array of chunks to single array.
+  flattenChunks: function (chunks) {
+    var i, l, len, pos, chunk, result;
+
+    // calculate data length
+    len = 0;
+    for (i = 0, l = chunks.length; i < l; i++) {
+      len += chunks[i].length;
+    }
+
+    // join chunks
+    result = new Uint8Array(len);
+    pos = 0;
+    for (i = 0, l = chunks.length; i < l; i++) {
+      chunk = chunks[i];
+      result.set(chunk, pos);
+      pos += chunk.length;
+    }
+
+    return result;
+  }
+};
+
+var fnUntyped = {
+  arraySet: function (dest, src, src_offs, len, dest_offs) {
+    for (var i = 0; i < len; i++) {
+      dest[dest_offs + i] = src[src_offs + i];
+    }
+  },
+  // Join array of chunks to single array.
+  flattenChunks: function (chunks) {
+    return [].concat.apply([], chunks);
+  }
+};
+
+
+// Enable/Disable typed arrays use, for testing
+//
+exports.setTyped = function (on) {
+  if (on) {
+    exports.Buf8  = Uint8Array;
+    exports.Buf16 = Uint16Array;
+    exports.Buf32 = Int32Array;
+    exports.assign(exports, fnTyped);
+  } else {
+    exports.Buf8  = Array;
+    exports.Buf16 = Array;
+    exports.Buf32 = Array;
+    exports.assign(exports, fnUntyped);
+  }
+};
+
+exports.setTyped(TYPED_OK);
+
+},{}],2:[function(require,module,exports){
+// String encode/decode helpers
+'use strict';
+
+
+var utils = require('./common');
+
+
+// Quick check if we can use fast array to bin string conversion
+//
+// - apply(Array) can fail on Android 2.2
+// - apply(Uint8Array) can fail on iOS 5.1 Safary
+//
+var STR_APPLY_OK = true;
+var STR_APPLY_UIA_OK = true;
+
+try { String.fromCharCode.apply(null, [ 0 ]); } catch (__) { STR_APPLY_OK = false; }
+try { String.fromCharCode.apply(null, new Uint8Array(1)); } catch (__) { STR_APPLY_UIA_OK = false; }
+
+
+// Table with utf8 lengths (calculated by first byte of sequence)
+// Note, that 5 & 6-byte values and some 4-byte values can not be represented in JS,
+// because max possible codepoint is 0x10ffff
+var _utf8len = new utils.Buf8(256);
+for (var q = 0; q < 256; q++) {
+  _utf8len[q] = (q >= 252 ? 6 : q >= 248 ? 5 : q >= 240 ? 4 : q >= 224 ? 3 : q >= 192 ? 2 : 1);
+}
+_utf8len[254] = _utf8len[254] = 1; // Invalid sequence start
+
+
+// convert string to array (typed, when possible)
+exports.string2buf = function (str) {
+  var buf, c, c2, m_pos, i, str_len = str.length, buf_len = 0;
+
+  // count binary size
+  for (m_pos = 0; m_pos < str_len; m_pos++) {
+    c = str.charCodeAt(m_pos);
+    if ((c & 0xfc00) === 0xd800 && (m_pos + 1 < str_len)) {
+      c2 = str.charCodeAt(m_pos + 1);
+      if ((c2 & 0xfc00) === 0xdc00) {
+        c = 0x10000 + ((c - 0xd800) << 10) + (c2 - 0xdc00);
+        m_pos++;
+      }
+    }
+    buf_len += c < 0x80 ? 1 : c < 0x800 ? 2 : c < 0x10000 ? 3 : 4;
+  }
+
+  // allocate buffer
+  buf = new utils.Buf8(buf_len);
+
+  // convert
+  for (i = 0, m_pos = 0; i < buf_len; m_pos++) {
+    c = str.charCodeAt(m_pos);
+    if ((c & 0xfc00) === 0xd800 && (m_pos + 1 < str_len)) {
+      c2 = str.charCodeAt(m_pos + 1);
+      if ((c2 & 0xfc00) === 0xdc00) {
+        c = 0x10000 + ((c - 0xd800) << 10) + (c2 - 0xdc00);
+        m_pos++;
+      }
+    }
+    if (c < 0x80) {
+      /* one byte */
+      buf[i++] = c;
+    } else if (c < 0x800) {
+      /* two bytes */
+      buf[i++] = 0xC0 | (c >>> 6);
+      buf[i++] = 0x80 | (c & 0x3f);
+    } else if (c < 0x10000) {
+      /* three bytes */
+      buf[i++] = 0xE0 | (c >>> 12);
+      buf[i++] = 0x80 | (c >>> 6 & 0x3f);
+      buf[i++] = 0x80 | (c & 0x3f);
+    } else {
+      /* four bytes */
+      buf[i++] = 0xf0 | (c >>> 18);
+      buf[i++] = 0x80 | (c >>> 12 & 0x3f);
+      buf[i++] = 0x80 | (c >>> 6 & 0x3f);
+      buf[i++] = 0x80 | (c & 0x3f);
+    }
+  }
+
+  return buf;
+};
+
+// Helper (used in 2 places)
+function buf2binstring(buf, len) {
+  // use fallback for big arrays to avoid stack overflow
+  if (len < 65537) {
+    if ((buf.subarray && STR_APPLY_UIA_OK) || (!buf.subarray && STR_APPLY_OK)) {
+      return String.fromCharCode.apply(null, utils.shrinkBuf(buf, len));
+    }
+  }
+
+  var result = '';
+  for (var i = 0; i < len; i++) {
+    result += String.fromCharCode(buf[i]);
+  }
+  return result;
+}
+
+
+// Convert byte array to binary string
+exports.buf2binstring = function (buf) {
+  return buf2binstring(buf, buf.length);
+};
+
+
+// Convert binary string (typed, when possible)
+exports.binstring2buf = function (str) {
+  var buf = new utils.Buf8(str.length);
+  for (var i = 0, len = buf.length; i < len; i++) {
+    buf[i] = str.charCodeAt(i);
+  }
+  return buf;
+};
+
+
+// convert array to string
+exports.buf2string = function (buf, max) {
+  var i, out, c, c_len;
+  var len = max || buf.length;
+
+  // Reserve max possible length (2 words per char)
+  // NB: by unknown reasons, Array is significantly faster for
+  //     String.fromCharCode.apply than Uint16Array.
+  var utf16buf = new Array(len * 2);
+
+  for (out = 0, i = 0; i < len;) {
+    c = buf[i++];
+    // quick process ascii
+    if (c < 0x80) { utf16buf[out++] = c; continue; }
+
+    c_len = _utf8len[c];
+    // skip 5 & 6 byte codes
+    if (c_len > 4) { utf16buf[out++] = 0xfffd; i += c_len - 1; continue; }
+
+    // apply mask on first byte
+    c &= c_len === 2 ? 0x1f : c_len === 3 ? 0x0f : 0x07;
+    // join the rest
+    while (c_len > 1 && i < len) {
+      c = (c << 6) | (buf[i++] & 0x3f);
+      c_len--;
+    }
+
+    // terminated by end of string?
+    if (c_len > 1) { utf16buf[out++] = 0xfffd; continue; }
+
+    if (c < 0x10000) {
+      utf16buf[out++] = c;
+    } else {
+      c -= 0x10000;
+      utf16buf[out++] = 0xd800 | ((c >> 10) & 0x3ff);
+      utf16buf[out++] = 0xdc00 | (c & 0x3ff);
+    }
+  }
+
+  return buf2binstring(utf16buf, out);
+};
+
+
+// Calculate max possible position in utf8 buffer,
+// that will not break sequence. If that's not possible
+// - (very small limits) return max size as is.
+//
+// buf[] - utf8 bytes array
+// max   - length limit (mandatory);
+exports.utf8border = function (buf, max) {
+  var pos;
+
+  max = max || buf.length;
+  if (max > buf.length) { max = buf.length; }
+
+  // go back from last position, until start of sequence found
+  pos = max - 1;
+  while (pos >= 0 && (buf[pos] & 0xC0) === 0x80) { pos--; }
+
+  // Fuckup - very small and broken sequence,
+  // return max, because we should return something anyway.
+  if (pos < 0) { return max; }
+
+  // If we came to start of buffer - that means vuffer is too small,
+  // return max too.
+  if (pos === 0) { return max; }
+
+  return (pos + _utf8len[buf[pos]] > max) ? pos : max;
+};
+
+},{"./common":1}],3:[function(require,module,exports){
+'use strict';
+
+// Note: adler32 takes 12% for level 0 and 2% for level 6.
+// It doesn't worth to make additional optimizationa as in original.
+// Small size is preferable.
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+function adler32(adler, buf, len, pos) {
+  var s1 = (adler & 0xffff) |0,
+      s2 = ((adler >>> 16) & 0xffff) |0,
+      n = 0;
+
+  while (len !== 0) {
+    // Set limit ~ twice less than 5552, to keep
+    // s2 in 31-bits, because we force signed ints.
+    // in other case %= will fail.
+    n = len > 2000 ? 2000 : len;
+    len -= n;
+
+    do {
+      s1 = (s1 + buf[pos++]) |0;
+      s2 = (s2 + s1) |0;
+    } while (--n);
+
+    s1 %= 65521;
+    s2 %= 65521;
+  }
+
+  return (s1 | (s2 << 16)) |0;
+}
+
+
+module.exports = adler32;
+
+},{}],4:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+module.exports = {
+
+  /* Allowed flush values; see deflate() and inflate() below for details */
+  Z_NO_FLUSH:         0,
+  Z_PARTIAL_FLUSH:    1,
+  Z_SYNC_FLUSH:       2,
+  Z_FULL_FLUSH:       3,
+  Z_FINISH:           4,
+  Z_BLOCK:            5,
+  Z_TREES:            6,
+
+  /* Return codes for the compression/decompression functions. Negative values
+  * are errors, positive values are used for special but normal events.
+  */
+  Z_OK:               0,
+  Z_STREAM_END:       1,
+  Z_NEED_DICT:        2,
+  Z_ERRNO:           -1,
+  Z_STREAM_ERROR:    -2,
+  Z_DATA_ERROR:      -3,
+  //Z_MEM_ERROR:     -4,
+  Z_BUF_ERROR:       -5,
+  //Z_VERSION_ERROR: -6,
+
+  /* compression levels */
+  Z_NO_COMPRESSION:         0,
+  Z_BEST_SPEED:             1,
+  Z_BEST_COMPRESSION:       9,
+  Z_DEFAULT_COMPRESSION:   -1,
+
+
+  Z_FILTERED:               1,
+  Z_HUFFMAN_ONLY:           2,
+  Z_RLE:                    3,
+  Z_FIXED:                  4,
+  Z_DEFAULT_STRATEGY:       0,
+
+  /* Possible values of the data_type field (though see inflate()) */
+  Z_BINARY:                 0,
+  Z_TEXT:                   1,
+  //Z_ASCII:                1, // = Z_TEXT (deprecated)
+  Z_UNKNOWN:                2,
+
+  /* The deflate compression method */
+  Z_DEFLATED:               8
+  //Z_NULL:                 null // Use -1 or null inline, depending on var type
+};
+
+},{}],5:[function(require,module,exports){
+'use strict';
+
+// Note: we can't get significant speed boost here.
+// So write code to minimize size - no pregenerated tables
+// and array tools dependencies.
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+// Use ordinary array, since untyped makes no boost here
+function makeTable() {
+  var c, table = [];
+
+  for (var n = 0; n < 256; n++) {
+    c = n;
+    for (var k = 0; k < 8; k++) {
+      c = ((c & 1) ? (0xEDB88320 ^ (c >>> 1)) : (c >>> 1));
+    }
+    table[n] = c;
+  }
+
+  return table;
+}
+
+// Create table on load. Just 255 signed longs. Not a problem.
+var crcTable = makeTable();
+
+
+function crc32(crc, buf, len, pos) {
+  var t = crcTable,
+      end = pos + len;
+
+  crc ^= -1;
+
+  for (var i = pos; i < end; i++) {
+    crc = (crc >>> 8) ^ t[(crc ^ buf[i]) & 0xFF];
+  }
+
+  return (crc ^ (-1)); // >>> 0;
+}
+
+
+module.exports = crc32;
+
+},{}],6:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+function GZheader() {
+  /* true if compressed data believed to be text */
+  this.text       = 0;
+  /* modification time */
+  this.time       = 0;
+  /* extra flags (not used when writing a gzip file) */
+  this.xflags     = 0;
+  /* operating system */
+  this.os         = 0;
+  /* pointer to extra field or Z_NULL if none */
+  this.extra      = null;
+  /* extra field length (valid if extra != Z_NULL) */
+  this.extra_len  = 0; // Actually, we don't need it in JS,
+                       // but leave for few code modifications
+
+  //
+  // Setup limits is not necessary because in js we should not preallocate memory
+  // for inflate use constant limit in 65536 bytes
+  //
+
+  /* space at extra (only when reading header) */
+  // this.extra_max  = 0;
+  /* pointer to zero-terminated file name or Z_NULL */
+  this.name       = '';
+  /* space at name (only when reading header) */
+  // this.name_max   = 0;
+  /* pointer to zero-terminated comment or Z_NULL */
+  this.comment    = '';
+  /* space at comment (only when reading header) */
+  // this.comm_max   = 0;
+  /* true if there was or will be a header crc */
+  this.hcrc       = 0;
+  /* true when done reading gzip header (not used when writing a gzip file) */
+  this.done       = false;
+}
+
+module.exports = GZheader;
+
+},{}],7:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+// See state defs from inflate.js
+var BAD = 30;       /* got a data error -- remain here until reset */
+var TYPE = 12;      /* i: waiting for type bits, including last-flag bit */
+
+/*
+   Decode literal, length, and distance codes and write out the resulting
+   literal and match bytes until either not enough input or output is
+   available, an end-of-block is encountered, or a data error is encountered.
+   When large enough input and output buffers are supplied to inflate(), for
+   example, a 16K input buffer and a 64K output buffer, more than 95% of the
+   inflate execution time is spent in this routine.
+
+   Entry assumptions:
+
+        state.mode === LEN
+        strm.avail_in >= 6
+        strm.avail_out >= 258
+        start >= strm.avail_out
+        state.bits < 8
+
+   On return, state.mode is one of:
+
+        LEN -- ran out of enough output space or enough available input
+        TYPE -- reached end of block code, inflate() to interpret next block
+        BAD -- error in block data
+
+   Notes:
+
+    - The maximum input bits used by a length/distance pair is 15 bits for the
+      length code, 5 bits for the length extra, 15 bits for the distance code,
+      and 13 bits for the distance extra.  This totals 48 bits, or six bytes.
+      Therefore if strm.avail_in >= 6, then there is enough input to avoid
+      checking for available input while decoding.
+
+    - The maximum bytes that a single length/distance pair can output is 258
+      bytes, which is the maximum length that can be coded.  inflate_fast()
+      requires strm.avail_out >= 258 for each loop to avoid checking for
+      output space.
+ */
+module.exports = function inflate_fast(strm, start) {
+  var state;
+  var _in;                    /* local strm.input */
+  var last;                   /* have enough input while in < last */
+  var _out;                   /* local strm.output */
+  var beg;                    /* inflate()'s initial strm.output */
+  var end;                    /* while out < end, enough space available */
+//#ifdef INFLATE_STRICT
+  var dmax;                   /* maximum distance from zlib header */
+//#endif
+  var wsize;                  /* window size or zero if not using window */
+  var whave;                  /* valid bytes in the window */
+  var wnext;                  /* window write index */
+  // Use `s_window` instead `window`, avoid conflict with instrumentation tools
+  var s_window;               /* allocated sliding window, if wsize != 0 */
+  var hold;                   /* local strm.hold */
+  var bits;                   /* local strm.bits */
+  var lcode;                  /* local strm.lencode */
+  var dcode;                  /* local strm.distcode */
+  var lmask;                  /* mask for first level of length codes */
+  var dmask;                  /* mask for first level of distance codes */
+  var here;                   /* retrieved table entry */
+  var op;                     /* code bits, operation, extra bits, or */
+                              /*  window position, window bytes to copy */
+  var len;                    /* match length, unused bytes */
+  var dist;                   /* match distance */
+  var from;                   /* where to copy match from */
+  var from_source;
+
+
+  var input, output; // JS specific, because we have no pointers
+
+  /* copy state to local variables */
+  state = strm.state;
+  //here = state.here;
+  _in = strm.next_in;
+  input = strm.input;
+  last = _in + (strm.avail_in - 5);
+  _out = strm.next_out;
+  output = strm.output;
+  beg = _out - (start - strm.avail_out);
+  end = _out + (strm.avail_out - 257);
+//#ifdef INFLATE_STRICT
+  dmax = state.dmax;
+//#endif
+  wsize = state.wsize;
+  whave = state.whave;
+  wnext = state.wnext;
+  s_window = state.window;
+  hold = state.hold;
+  bits = state.bits;
+  lcode = state.lencode;
+  dcode = state.distcode;
+  lmask = (1 << state.lenbits) - 1;
+  dmask = (1 << state.distbits) - 1;
+
+
+  /* decode literals and length/distances until end-of-block or not enough
+     input data or output space */
+
+  top:
+  do {
+    if (bits < 15) {
+      hold += input[_in++] << bits;
+      bits += 8;
+      hold += input[_in++] << bits;
+      bits += 8;
+    }
+
+    here = lcode[hold & lmask];
+
+    dolen:
+    for (;;) { // Goto emulation
+      op = here >>> 24/*here.bits*/;
+      hold >>>= op;
+      bits -= op;
+      op = (here >>> 16) & 0xff/*here.op*/;
+      if (op === 0) {                          /* literal */
+        //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+        //        "inflate:         literal '%c'\n" :
+        //        "inflate:         literal 0x%02x\n", here.val));
+        output[_out++] = here & 0xffff/*here.val*/;
+      }
+      else if (op & 16) {                     /* length base */
+        len = here & 0xffff/*here.val*/;
+        op &= 15;                           /* number of extra bits */
+        if (op) {
+          if (bits < op) {
+            hold += input[_in++] << bits;
+            bits += 8;
+          }
+          len += hold & ((1 << op) - 1);
+          hold >>>= op;
+          bits -= op;
+        }
+        //Tracevv((stderr, "inflate:         length %u\n", len));
+        if (bits < 15) {
+          hold += input[_in++] << bits;
+          bits += 8;
+          hold += input[_in++] << bits;
+          bits += 8;
+        }
+        here = dcode[hold & dmask];
+
+        dodist:
+        for (;;) { // goto emulation
+          op = here >>> 24/*here.bits*/;
+          hold >>>= op;
+          bits -= op;
+          op = (here >>> 16) & 0xff/*here.op*/;
+
+          if (op & 16) {                      /* distance base */
+            dist = here & 0xffff/*here.val*/;
+            op &= 15;                       /* number of extra bits */
+            if (bits < op) {
+              hold += input[_in++] << bits;
+              bits += 8;
+              if (bits < op) {
+                hold += input[_in++] << bits;
+                bits += 8;
+              }
+            }
+            dist += hold & ((1 << op) - 1);
+//#ifdef INFLATE_STRICT
+            if (dist > dmax) {
+              strm.msg = 'invalid distance too far back';
+              state.mode = BAD;
+              break top;
+            }
+//#endif
+            hold >>>= op;
+            bits -= op;
+            //Tracevv((stderr, "inflate:         distance %u\n", dist));
+            op = _out - beg;                /* max distance in output */
+            if (dist > op) {                /* see if copy from window */
+              op = dist - op;               /* distance back in window */
+              if (op > whave) {
+                if (state.sane) {
+                  strm.msg = 'invalid distance too far back';
+                  state.mode = BAD;
+                  break top;
+                }
+
+// (!) This block is disabled in zlib defailts,
+// don't enable it for binary compatibility
+//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+//                if (len <= op - whave) {
+//                  do {
+//                    output[_out++] = 0;
+//                  } while (--len);
+//                  continue top;
+//                }
+//                len -= op - whave;
+//                do {
+//                  output[_out++] = 0;
+//                } while (--op > whave);
+//                if (op === 0) {
+//                  from = _out - dist;
+//                  do {
+//                    output[_out++] = output[from++];
+//                  } while (--len);
+//                  continue top;
+//                }
+//#endif
+              }
+              from = 0; // window index
+              from_source = s_window;
+              if (wnext === 0) {           /* very common case */
+                from += wsize - op;
+                if (op < len) {         /* some from window */
+                  len -= op;
+                  do {
+                    output[_out++] = s_window[from++];
+                  } while (--op);
+                  from = _out - dist;  /* rest from output */
+                  from_source = output;
+                }
+              }
+              else if (wnext < op) {      /* wrap around window */
+                from += wsize + wnext - op;
+                op -= wnext;
+                if (op < len) {         /* some from end of window */
+                  len -= op;
+                  do {
+                    output[_out++] = s_window[from++];
+                  } while (--op);
+                  from = 0;
+                  if (wnext < len) {  /* some from start of window */
+                    op = wnext;
+                    len -= op;
+                    do {
+                      output[_out++] = s_window[from++];
+                    } while (--op);
+                    from = _out - dist;      /* rest from output */
+                    from_source = output;
+                  }
+                }
+              }
+              else {                      /* contiguous in window */
+                from += wnext - op;
+                if (op < len) {         /* some from window */
+                  len -= op;
+                  do {
+                    output[_out++] = s_window[from++];
+                  } while (--op);
+                  from = _out - dist;  /* rest from output */
+                  from_source = output;
+                }
+              }
+              while (len > 2) {
+                output[_out++] = from_source[from++];
+                output[_out++] = from_source[from++];
+                output[_out++] = from_source[from++];
+                len -= 3;
+              }
+              if (len) {
+                output[_out++] = from_source[from++];
+                if (len > 1) {
+                  output[_out++] = from_source[from++];
+                }
+              }
+            }
+            else {
+              from = _out - dist;          /* copy direct from output */
+              do {                        /* minimum length is three */
+                output[_out++] = output[from++];
+                output[_out++] = output[from++];
+                output[_out++] = output[from++];
+                len -= 3;
+              } while (len > 2);
+              if (len) {
+                output[_out++] = output[from++];
+                if (len > 1) {
+                  output[_out++] = output[from++];
+                }
+              }
+            }
+          }
+          else if ((op & 64) === 0) {          /* 2nd level distance code */
+            here = dcode[(here & 0xffff)/*here.val*/ + (hold & ((1 << op) - 1))];
+            continue dodist;
+          }
+          else {
+            strm.msg = 'invalid distance code';
+            state.mode = BAD;
+            break top;
+          }
+
+          break; // need to emulate goto via "continue"
+        }
+      }
+      else if ((op & 64) === 0) {              /* 2nd level length code */
+        here = lcode[(here & 0xffff)/*here.val*/ + (hold & ((1 << op) - 1))];
+        continue dolen;
+      }
+      else if (op & 32) {                     /* end-of-block */
+        //Tracevv((stderr, "inflate:         end of block\n"));
+        state.mode = TYPE;
+        break top;
+      }
+      else {
+        strm.msg = 'invalid literal/length code';
+        state.mode = BAD;
+        break top;
+      }
+
+      break; // need to emulate goto via "continue"
+    }
+  } while (_in < last && _out < end);
+
+  /* return unused bytes (on entry, bits < 8, so in won't go too far back) */
+  len = bits >> 3;
+  _in -= len;
+  bits -= len << 3;
+  hold &= (1 << bits) - 1;
+
+  /* update state and return */
+  strm.next_in = _in;
+  strm.next_out = _out;
+  strm.avail_in = (_in < last ? 5 + (last - _in) : 5 - (_in - last));
+  strm.avail_out = (_out < end ? 257 + (end - _out) : 257 - (_out - end));
+  state.hold = hold;
+  state.bits = bits;
+  return;
+};
+
+},{}],8:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+var utils         = require('../utils/common');
+var adler32       = require('./adler32');
+var crc32         = require('./crc32');
+var inflate_fast  = require('./inffast');
+var inflate_table = require('./inftrees');
+
+var CODES = 0;
+var LENS = 1;
+var DISTS = 2;
+
+/* Public constants ==========================================================*/
+/* ===========================================================================*/
+
+
+/* Allowed flush values; see deflate() and inflate() below for details */
+//var Z_NO_FLUSH      = 0;
+//var Z_PARTIAL_FLUSH = 1;
+//var Z_SYNC_FLUSH    = 2;
+//var Z_FULL_FLUSH    = 3;
+var Z_FINISH        = 4;
+var Z_BLOCK         = 5;
+var Z_TREES         = 6;
+
+
+/* Return codes for the compression/decompression functions. Negative values
+ * are errors, positive values are used for special but normal events.
+ */
+var Z_OK            = 0;
+var Z_STREAM_END    = 1;
+var Z_NEED_DICT     = 2;
+//var Z_ERRNO         = -1;
+var Z_STREAM_ERROR  = -2;
+var Z_DATA_ERROR    = -3;
+var Z_MEM_ERROR     = -4;
+var Z_BUF_ERROR     = -5;
+//var Z_VERSION_ERROR = -6;
+
+/* The deflate compression method */
+var Z_DEFLATED  = 8;
+
+
+/* STATES ====================================================================*/
+/* ===========================================================================*/
+
+
+var    HEAD = 1;       /* i: waiting for magic header */
+var    FLAGS = 2;      /* i: waiting for method and flags (gzip) */
+var    TIME = 3;       /* i: waiting for modification time (gzip) */
+var    OS = 4;         /* i: waiting for extra flags and operating system (gzip) */
+var    EXLEN = 5;      /* i: waiting for extra length (gzip) */
+var    EXTRA = 6;      /* i: waiting for extra bytes (gzip) */
+var    NAME = 7;       /* i: waiting for end of file name (gzip) */
+var    COMMENT = 8;    /* i: waiting for end of comment (gzip) */
+var    HCRC = 9;       /* i: waiting for header crc (gzip) */
+var    DICTID = 10;    /* i: waiting for dictionary check value */
+var    DICT = 11;      /* waiting for inflateSetDictionary() call */
+var        TYPE = 12;      /* i: waiting for type bits, including last-flag bit */
+var        TYPEDO = 13;    /* i: same, but skip check to exit inflate on new block */
+var        STORED = 14;    /* i: waiting for stored size (length and complement) */
+var        COPY_ = 15;     /* i/o: same as COPY below, but only first time in */
+var        COPY = 16;      /* i/o: waiting for input or output to copy stored block */
+var        TABLE = 17;     /* i: waiting for dynamic block table lengths */
+var        LENLENS = 18;   /* i: waiting for code length code lengths */
+var        CODELENS = 19;  /* i: waiting for length/lit and distance code lengths */
+var            LEN_ = 20;      /* i: same as LEN below, but only first time in */
+var            LEN = 21;       /* i: waiting for length/lit/eob code */
+var            LENEXT = 22;    /* i: waiting for length extra bits */
+var            DIST = 23;      /* i: waiting for distance code */
+var            DISTEXT = 24;   /* i: waiting for distance extra bits */
+var            MATCH = 25;     /* o: waiting for output space to copy string */
+var            LIT = 26;       /* o: waiting for output space to write literal */
+var    CHECK = 27;     /* i: waiting for 32-bit check value */
+var    LENGTH = 28;    /* i: waiting for 32-bit length (gzip) */
+var    DONE = 29;      /* finished check, done -- remain here until reset */
+var    BAD = 30;       /* got a data error -- remain here until reset */
+var    MEM = 31;       /* got an inflate() memory error -- remain here until reset */
+var    SYNC = 32;      /* looking for synchronization bytes to restart inflate() */
+
+/* ===========================================================================*/
+
+
+
+var ENOUGH_LENS = 852;
+var ENOUGH_DISTS = 592;
+//var ENOUGH =  (ENOUGH_LENS+ENOUGH_DISTS);
+
+var MAX_WBITS = 15;
+/* 32K LZ77 window */
+var DEF_WBITS = MAX_WBITS;
+
+
+function zswap32(q) {
+  return  (((q >>> 24) & 0xff) +
+          ((q >>> 8) & 0xff00) +
+          ((q & 0xff00) << 8) +
+          ((q & 0xff) << 24));
+}
+
+
+function InflateState() {
+  this.mode = 0;             /* current inflate mode */
+  this.last = false;          /* true if processing last block */
+  this.wrap = 0;              /* bit 0 true for zlib, bit 1 true for gzip */
+  this.havedict = false;      /* true if dictionary provided */
+  this.flags = 0;             /* gzip header method and flags (0 if zlib) */
+  this.dmax = 0;              /* zlib header max distance (INFLATE_STRICT) */
+  this.check = 0;             /* protected copy of check value */
+  this.total = 0;             /* protected copy of output count */
+  // TODO: may be {}
+  this.head = null;           /* where to save gzip header information */
+
+  /* sliding window */
+  this.wbits = 0;             /* log base 2 of requested window size */
+  this.wsize = 0;             /* window size or zero if not using window */
+  this.whave = 0;             /* valid bytes in the window */
+  this.wnext = 0;             /* window write index */
+  this.window = null;         /* allocated sliding window, if needed */
+
+  /* bit accumulator */
+  this.hold = 0;              /* input bit accumulator */
+  this.bits = 0;              /* number of bits in "in" */
+
+  /* for string and stored block copying */
+  this.length = 0;            /* literal or length of data to copy */
+  this.offset = 0;            /* distance back to copy string from */
+
+  /* for table and code decoding */
+  this.extra = 0;             /* extra bits needed */
+
+  /* fixed and dynamic code tables */
+  this.lencode = null;          /* starting table for length/literal codes */
+  this.distcode = null;         /* starting table for distance codes */
+  this.lenbits = 0;           /* index bits for lencode */
+  this.distbits = 0;          /* index bits for distcode */
+
+  /* dynamic table building */
+  this.ncode = 0;             /* number of code length code lengths */
+  this.nlen = 0;              /* number of length code lengths */
+  this.ndist = 0;             /* number of distance code lengths */
+  this.have = 0;              /* number of code lengths in lens[] */
+  this.next = null;              /* next available space in codes[] */
+
+  this.lens = new utils.Buf16(320); /* temporary storage for code lengths */
+  this.work = new utils.Buf16(288); /* work area for code table building */
+
+  /*
+   because we don't have pointers in js, we use lencode and distcode directly
+   as buffers so we don't need codes
+  */
+  //this.codes = new utils.Buf32(ENOUGH);       /* space for code tables */
+  this.lendyn = null;              /* dynamic table for length/literal codes (JS specific) */
+  this.distdyn = null;             /* dynamic table for distance codes (JS specific) */
+  this.sane = 0;                   /* if false, allow invalid distance too far */
+  this.back = 0;                   /* bits back of last unprocessed length/lit */
+  this.was = 0;                    /* initial length of match */
+}
+
+function inflateResetKeep(strm) {
+  var state;
+
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+  strm.total_in = strm.total_out = state.total = 0;
+  strm.msg = ''; /*Z_NULL*/
+  if (state.wrap) {       /* to support ill-conceived Java test suite */
+    strm.adler = state.wrap & 1;
+  }
+  state.mode = HEAD;
+  state.last = 0;
+  state.havedict = 0;
+  state.dmax = 32768;
+  state.head = null/*Z_NULL*/;
+  state.hold = 0;
+  state.bits = 0;
+  //state.lencode = state.distcode = state.next = state.codes;
+  state.lencode = state.lendyn = new utils.Buf32(ENOUGH_LENS);
+  state.distcode = state.distdyn = new utils.Buf32(ENOUGH_DISTS);
+
+  state.sane = 1;
+  state.back = -1;
+  //Tracev((stderr, "inflate: reset\n"));
+  return Z_OK;
+}
+
+function inflateReset(strm) {
+  var state;
+
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+  state.wsize = 0;
+  state.whave = 0;
+  state.wnext = 0;
+  return inflateResetKeep(strm);
+
+}
+
+function inflateReset2(strm, windowBits) {
+  var wrap;
+  var state;
+
+  /* get the state */
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+
+  /* extract wrap request from windowBits parameter */
+  if (windowBits < 0) {
+    wrap = 0;
+    windowBits = -windowBits;
+  }
+  else {
+    wrap = (windowBits >> 4) + 1;
+    if (windowBits < 48) {
+      windowBits &= 15;
+    }
+  }
+
+  /* set number of window bits, free window if different */
+  if (windowBits && (windowBits < 8 || windowBits > 15)) {
+    return Z_STREAM_ERROR;
+  }
+  if (state.window !== null && state.wbits !== windowBits) {
+    state.window = null;
+  }
+
+  /* update state and reset the rest of it */
+  state.wrap = wrap;
+  state.wbits = windowBits;
+  return inflateReset(strm);
+}
+
+function inflateInit2(strm, windowBits) {
+  var ret;
+  var state;
+
+  if (!strm) { return Z_STREAM_ERROR; }
+  //strm.msg = Z_NULL;                 /* in case we return an error */
+
+  state = new InflateState();
+
+  //if (state === Z_NULL) return Z_MEM_ERROR;
+  //Tracev((stderr, "inflate: allocated\n"));
+  strm.state = state;
+  state.window = null/*Z_NULL*/;
+  ret = inflateReset2(strm, windowBits);
+  if (ret !== Z_OK) {
+    strm.state = null/*Z_NULL*/;
+  }
+  return ret;
+}
+
+function inflateInit(strm) {
+  return inflateInit2(strm, DEF_WBITS);
+}
+
+
+/*
+ Return state with length and distance decoding tables and index sizes set to
+ fixed code decoding.  Normally this returns fixed tables from inffixed.h.
+ If BUILDFIXED is defined, then instead this routine builds the tables the
+ first time it's called, and returns those tables the first time and
+ thereafter.  This reduces the size of the code by about 2K bytes, in
+ exchange for a little execution time.  However, BUILDFIXED should not be
+ used for threaded applications, since the rewriting of the tables and virgin
+ may not be thread-safe.
+ */
+var virgin = true;
+
+var lenfix, distfix; // We have no pointers in JS, so keep tables separate
+
+function fixedtables(state) {
+  /* build fixed huffman tables if first call (may not be thread safe) */
+  if (virgin) {
+    var sym;
+
+    lenfix = new utils.Buf32(512);
+    distfix = new utils.Buf32(32);
+
+    /* literal/length table */
+    sym = 0;
+    while (sym < 144) { state.lens[sym++] = 8; }
+    while (sym < 256) { state.lens[sym++] = 9; }
+    while (sym < 280) { state.lens[sym++] = 7; }
+    while (sym < 288) { state.lens[sym++] = 8; }
+
+    inflate_table(LENS,  state.lens, 0, 288, lenfix,   0, state.work, { bits: 9 });
+
+    /* distance table */
+    sym = 0;
+    while (sym < 32) { state.lens[sym++] = 5; }
+
+    inflate_table(DISTS, state.lens, 0, 32,   distfix, 0, state.work, { bits: 5 });
+
+    /* do this just once */
+    virgin = false;
+  }
+
+  state.lencode = lenfix;
+  state.lenbits = 9;
+  state.distcode = distfix;
+  state.distbits = 5;
+}
+
+
+/*
+ Update the window with the last wsize (normally 32K) bytes written before
+ returning.  If window does not exist yet, create it.  This is only called
+ when a window is already in use, or when output has been written during this
+ inflate call, but the end of the deflate stream has not been reached yet.
+ It is also called to create a window for dictionary data when a dictionary
+ is loaded.
+
+ Providing output buffers larger than 32K to inflate() should provide a speed
+ advantage, since only the last 32K of output is copied to the sliding window
+ upon return from inflate(), and since all distances after the first 32K of
+ output will fall in the output data, making match copies simpler and faster.
+ The advantage may be dependent on the size of the processor's data caches.
+ */
+function updatewindow(strm, src, end, copy) {
+  var dist;
+  var state = strm.state;
+
+  /* if it hasn't been done already, allocate space for the window */
+  if (state.window === null) {
+    state.wsize = 1 << state.wbits;
+    state.wnext = 0;
+    state.whave = 0;
+
+    state.window = new utils.Buf8(state.wsize);
+  }
+
+  /* copy state->wsize or less output bytes into the circular window */
+  if (copy >= state.wsize) {
+    utils.arraySet(state.window, src, end - state.wsize, state.wsize, 0);
+    state.wnext = 0;
+    state.whave = state.wsize;
+  }
+  else {
+    dist = state.wsize - state.wnext;
+    if (dist > copy) {
+      dist = copy;
+    }
+    //zmemcpy(state->window + state->wnext, end - copy, dist);
+    utils.arraySet(state.window, src, end - copy, dist, state.wnext);
+    copy -= dist;
+    if (copy) {
+      //zmemcpy(state->window, end - copy, copy);
+      utils.arraySet(state.window, src, end - copy, copy, 0);
+      state.wnext = copy;
+      state.whave = state.wsize;
+    }
+    else {
+      state.wnext += dist;
+      if (state.wnext === state.wsize) { state.wnext = 0; }
+      if (state.whave < state.wsize) { state.whave += dist; }
+    }
+  }
+  return 0;
+}
+
+function inflate(strm, flush) {
+  var state;
+  var input, output;          // input/output buffers
+  var next;                   /* next input INDEX */
+  var put;                    /* next output INDEX */
+  var have, left;             /* available input and output */
+  var hold;                   /* bit buffer */
+  var bits;                   /* bits in bit buffer */
+  var _in, _out;              /* save starting available input and output */
+  var copy;                   /* number of stored or match bytes to copy */
+  var from;                   /* where to copy match bytes from */
+  var from_source;
+  var here = 0;               /* current decoding table entry */
+  var here_bits, here_op, here_val; // paked "here" denormalized (JS specific)
+  //var last;                   /* parent table entry */
+  var last_bits, last_op, last_val; // paked "last" denormalized (JS specific)
+  var len;                    /* length to copy for repeats, bits to drop */
+  var ret;                    /* return code */
+  var hbuf = new utils.Buf8(4);    /* buffer for gzip header crc calculation */
+  var opts;
+
+  var n; // temporary var for NEED_BITS
+
+  var order = /* permutation of code lengths */
+    [ 16, 17, 18, 0, 8, 7, 9, 6, 10, 5, 11, 4, 12, 3, 13, 2, 14, 1, 15 ];
+
+
+  if (!strm || !strm.state || !strm.output ||
+      (!strm.input && strm.avail_in !== 0)) {
+    return Z_STREAM_ERROR;
+  }
+
+  state = strm.state;
+  if (state.mode === TYPE) { state.mode = TYPEDO; }    /* skip check */
+
+
+  //--- LOAD() ---
+  put = strm.next_out;
+  output = strm.output;
+  left = strm.avail_out;
+  next = strm.next_in;
+  input = strm.input;
+  have = strm.avail_in;
+  hold = state.hold;
+  bits = state.bits;
+  //---
+
+  _in = have;
+  _out = left;
+  ret = Z_OK;
+
+  inf_leave: // goto emulation
+  for (;;) {
+    switch (state.mode) {
+    case HEAD:
+      if (state.wrap === 0) {
+        state.mode = TYPEDO;
+        break;
+      }
+      //=== NEEDBITS(16);
+      while (bits < 16) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if ((state.wrap & 2) && hold === 0x8b1f) {  /* gzip header */
+        state.check = 0/*crc32(0L, Z_NULL, 0)*/;
+        //=== CRC2(state.check, hold);
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        state.check = crc32(state.check, hbuf, 2, 0);
+        //===//
+
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+        state.mode = FLAGS;
+        break;
+      }
+      state.flags = 0;           /* expect zlib header */
+      if (state.head) {
+        state.head.done = false;
+      }
+      if (!(state.wrap & 1) ||   /* check if zlib header allowed */
+        (((hold & 0xff)/*BITS(8)*/ << 8) + (hold >> 8)) % 31) {
+        strm.msg = 'incorrect header check';
+        state.mode = BAD;
+        break;
+      }
+      if ((hold & 0x0f)/*BITS(4)*/ !== Z_DEFLATED) {
+        strm.msg = 'unknown compression method';
+        state.mode = BAD;
+        break;
+      }
+      //--- DROPBITS(4) ---//
+      hold >>>= 4;
+      bits -= 4;
+      //---//
+      len = (hold & 0x0f)/*BITS(4)*/ + 8;
+      if (state.wbits === 0) {
+        state.wbits = len;
+      }
+      else if (len > state.wbits) {
+        strm.msg = 'invalid window size';
+        state.mode = BAD;
+        break;
+      }
+      state.dmax = 1 << len;
+      //Tracev((stderr, "inflate:   zlib header ok\n"));
+      strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;
+      state.mode = hold & 0x200 ? DICTID : TYPE;
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      break;
+    case FLAGS:
+      //=== NEEDBITS(16); */
+      while (bits < 16) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      state.flags = hold;
+      if ((state.flags & 0xff) !== Z_DEFLATED) {
+        strm.msg = 'unknown compression method';
+        state.mode = BAD;
+        break;
+      }
+      if (state.flags & 0xe000) {
+        strm.msg = 'unknown header flags set';
+        state.mode = BAD;
+        break;
+      }
+      if (state.head) {
+        state.head.text = ((hold >> 8) & 1);
+      }
+      if (state.flags & 0x0200) {
+        //=== CRC2(state.check, hold);
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        state.check = crc32(state.check, hbuf, 2, 0);
+        //===//
+      }
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = TIME;
+      /* falls through */
+    case TIME:
+      //=== NEEDBITS(32); */
+      while (bits < 32) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if (state.head) {
+        state.head.time = hold;
+      }
+      if (state.flags & 0x0200) {
+        //=== CRC4(state.check, hold)
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        hbuf[2] = (hold >>> 16) & 0xff;
+        hbuf[3] = (hold >>> 24) & 0xff;
+        state.check = crc32(state.check, hbuf, 4, 0);
+        //===
+      }
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = OS;
+      /* falls through */
+    case OS:
+      //=== NEEDBITS(16); */
+      while (bits < 16) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if (state.head) {
+        state.head.xflags = (hold & 0xff);
+        state.head.os = (hold >> 8);
+      }
+      if (state.flags & 0x0200) {
+        //=== CRC2(state.check, hold);
+        hbuf[0] = hold & 0xff;
+        hbuf[1] = (hold >>> 8) & 0xff;
+        state.check = crc32(state.check, hbuf, 2, 0);
+        //===//
+      }
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = EXLEN;
+      /* falls through */
+    case EXLEN:
+      if (state.flags & 0x0400) {
+        //=== NEEDBITS(16); */
+        while (bits < 16) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.length = hold;
+        if (state.head) {
+          state.head.extra_len = hold;
+        }
+        if (state.flags & 0x0200) {
+          //=== CRC2(state.check, hold);
+          hbuf[0] = hold & 0xff;
+          hbuf[1] = (hold >>> 8) & 0xff;
+          state.check = crc32(state.check, hbuf, 2, 0);
+          //===//
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+      }
+      else if (state.head) {
+        state.head.extra = null/*Z_NULL*/;
+      }
+      state.mode = EXTRA;
+      /* falls through */
+    case EXTRA:
+      if (state.flags & 0x0400) {
+        copy = state.length;
+        if (copy > have) { copy = have; }
+        if (copy) {
+          if (state.head) {
+            len = state.head.extra_len - state.length;
+            if (!state.head.extra) {
+              // Use untyped array for more conveniend processing later
+              state.head.extra = new Array(state.head.extra_len);
+            }
+            utils.arraySet(
+              state.head.extra,
+              input,
+              next,
+              // extra field is limited to 65536 bytes
+              // - no need for additional size check
+              copy,
+              /*len + copy > state.head.extra_max - len ? state.head.extra_max : copy,*/
+              len
+            );
+            //zmemcpy(state.head.extra + len, next,
+            //        len + copy > state.head.extra_max ?
+            //        state.head.extra_max - len : copy);
+          }
+          if (state.flags & 0x0200) {
+            state.check = crc32(state.check, input, copy, next);
+          }
+          have -= copy;
+          next += copy;
+          state.length -= copy;
+        }
+        if (state.length) { break inf_leave; }
+      }
+      state.length = 0;
+      state.mode = NAME;
+      /* falls through */
+    case NAME:
+      if (state.flags & 0x0800) {
+        if (have === 0) { break inf_leave; }
+        copy = 0;
+        do {
+          // TODO: 2 or 1 bytes?
+          len = input[next + copy++];
+          /* use constant limit because in js we should not preallocate memory */
+          if (state.head && len &&
+              (state.length < 65536 /*state.head.name_max*/)) {
+            state.head.name += String.fromCharCode(len);
+          }
+        } while (len && copy < have);
+
+        if (state.flags & 0x0200) {
+          state.check = crc32(state.check, input, copy, next);
+        }
+        have -= copy;
+        next += copy;
+        if (len) { break inf_leave; }
+      }
+      else if (state.head) {
+        state.head.name = null;
+      }
+      state.length = 0;
+      state.mode = COMMENT;
+      /* falls through */
+    case COMMENT:
+      if (state.flags & 0x1000) {
+        if (have === 0) { break inf_leave; }
+        copy = 0;
+        do {
+          len = input[next + copy++];
+          /* use constant limit because in js we should not preallocate memory */
+          if (state.head && len &&
+              (state.length < 65536 /*state.head.comm_max*/)) {
+            state.head.comment += String.fromCharCode(len);
+          }
+        } while (len && copy < have);
+        if (state.flags & 0x0200) {
+          state.check = crc32(state.check, input, copy, next);
+        }
+        have -= copy;
+        next += copy;
+        if (len) { break inf_leave; }
+      }
+      else if (state.head) {
+        state.head.comment = null;
+      }
+      state.mode = HCRC;
+      /* falls through */
+    case HCRC:
+      if (state.flags & 0x0200) {
+        //=== NEEDBITS(16); */
+        while (bits < 16) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        if (hold !== (state.check & 0xffff)) {
+          strm.msg = 'header crc mismatch';
+          state.mode = BAD;
+          break;
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+      }
+      if (state.head) {
+        state.head.hcrc = ((state.flags >> 9) & 1);
+        state.head.done = true;
+      }
+      strm.adler = state.check = 0;
+      state.mode = TYPE;
+      break;
+    case DICTID:
+      //=== NEEDBITS(32); */
+      while (bits < 32) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      strm.adler = state.check = zswap32(hold);
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = DICT;
+      /* falls through */
+    case DICT:
+      if (state.havedict === 0) {
+        //--- RESTORE() ---
+        strm.next_out = put;
+        strm.avail_out = left;
+        strm.next_in = next;
+        strm.avail_in = have;
+        state.hold = hold;
+        state.bits = bits;
+        //---
+        return Z_NEED_DICT;
+      }
+      strm.adler = state.check = 1/*adler32(0L, Z_NULL, 0)*/;
+      state.mode = TYPE;
+      /* falls through */
+    case TYPE:
+      if (flush === Z_BLOCK || flush === Z_TREES) { break inf_leave; }
+      /* falls through */
+    case TYPEDO:
+      if (state.last) {
+        //--- BYTEBITS() ---//
+        hold >>>= bits & 7;
+        bits -= bits & 7;
+        //---//
+        state.mode = CHECK;
+        break;
+      }
+      //=== NEEDBITS(3); */
+      while (bits < 3) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      state.last = (hold & 0x01)/*BITS(1)*/;
+      //--- DROPBITS(1) ---//
+      hold >>>= 1;
+      bits -= 1;
+      //---//
+
+      switch ((hold & 0x03)/*BITS(2)*/) {
+      case 0:                             /* stored block */
+        //Tracev((stderr, "inflate:     stored block%s\n",
+        //        state.last ? " (last)" : ""));
+        state.mode = STORED;
+        break;
+      case 1:                             /* fixed block */
+        fixedtables(state);
+        //Tracev((stderr, "inflate:     fixed codes block%s\n",
+        //        state.last ? " (last)" : ""));
+        state.mode = LEN_;             /* decode codes */
+        if (flush === Z_TREES) {
+          //--- DROPBITS(2) ---//
+          hold >>>= 2;
+          bits -= 2;
+          //---//
+          break inf_leave;
+        }
+        break;
+      case 2:                             /* dynamic block */
+        //Tracev((stderr, "inflate:     dynamic codes block%s\n",
+        //        state.last ? " (last)" : ""));
+        state.mode = TABLE;
+        break;
+      case 3:
+        strm.msg = 'invalid block type';
+        state.mode = BAD;
+      }
+      //--- DROPBITS(2) ---//
+      hold >>>= 2;
+      bits -= 2;
+      //---//
+      break;
+    case STORED:
+      //--- BYTEBITS() ---// /* go to byte boundary */
+      hold >>>= bits & 7;
+      bits -= bits & 7;
+      //---//
+      //=== NEEDBITS(32); */
+      while (bits < 32) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      if ((hold & 0xffff) !== ((hold >>> 16) ^ 0xffff)) {
+        strm.msg = 'invalid stored block lengths';
+        state.mode = BAD;
+        break;
+      }
+      state.length = hold & 0xffff;
+      //Tracev((stderr, "inflate:       stored length %u\n",
+      //        state.length));
+      //=== INITBITS();
+      hold = 0;
+      bits = 0;
+      //===//
+      state.mode = COPY_;
+      if (flush === Z_TREES) { break inf_leave; }
+      /* falls through */
+    case COPY_:
+      state.mode = COPY;
+      /* falls through */
+    case COPY:
+      copy = state.length;
+      if (copy) {
+        if (copy > have) { copy = have; }
+        if (copy > left) { copy = left; }
+        if (copy === 0) { break inf_leave; }
+        //--- zmemcpy(put, next, copy); ---
+        utils.arraySet(output, input, next, copy, put);
+        //---//
+        have -= copy;
+        next += copy;
+        left -= copy;
+        put += copy;
+        state.length -= copy;
+        break;
+      }
+      //Tracev((stderr, "inflate:       stored end\n"));
+      state.mode = TYPE;
+      break;
+    case TABLE:
+      //=== NEEDBITS(14); */
+      while (bits < 14) {
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+      }
+      //===//
+      state.nlen = (hold & 0x1f)/*BITS(5)*/ + 257;
+      //--- DROPBITS(5) ---//
+      hold >>>= 5;
+      bits -= 5;
+      //---//
+      state.ndist = (hold & 0x1f)/*BITS(5)*/ + 1;
+      //--- DROPBITS(5) ---//
+      hold >>>= 5;
+      bits -= 5;
+      //---//
+      state.ncode = (hold & 0x0f)/*BITS(4)*/ + 4;
+      //--- DROPBITS(4) ---//
+      hold >>>= 4;
+      bits -= 4;
+      //---//
+//#ifndef PKZIP_BUG_WORKAROUND
+      if (state.nlen > 286 || state.ndist > 30) {
+        strm.msg = 'too many length or distance symbols';
+        state.mode = BAD;
+        break;
+      }
+//#endif
+      //Tracev((stderr, "inflate:       table sizes ok\n"));
+      state.have = 0;
+      state.mode = LENLENS;
+      /* falls through */
+    case LENLENS:
+      while (state.have < state.ncode) {
+        //=== NEEDBITS(3);
+        while (bits < 3) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.lens[order[state.have++]] = (hold & 0x07);//BITS(3);
+        //--- DROPBITS(3) ---//
+        hold >>>= 3;
+        bits -= 3;
+        //---//
+      }
+      while (state.have < 19) {
+        state.lens[order[state.have++]] = 0;
+      }
+      // We have separate tables & no pointers. 2 commented lines below not needed.
+      //state.next = state.codes;
+      //state.lencode = state.next;
+      // Switch to use dynamic table
+      state.lencode = state.lendyn;
+      state.lenbits = 7;
+
+      opts = { bits: state.lenbits };
+      ret = inflate_table(CODES, state.lens, 0, 19, state.lencode, 0, state.work, opts);
+      state.lenbits = opts.bits;
+
+      if (ret) {
+        strm.msg = 'invalid code lengths set';
+        state.mode = BAD;
+        break;
+      }
+      //Tracev((stderr, "inflate:       code lengths ok\n"));
+      state.have = 0;
+      state.mode = CODELENS;
+      /* falls through */
+    case CODELENS:
+      while (state.have < state.nlen + state.ndist) {
+        for (;;) {
+          here = state.lencode[hold & ((1 << state.lenbits) - 1)];/*BITS(state.lenbits)*/
+          here_bits = here >>> 24;
+          here_op = (here >>> 16) & 0xff;
+          here_val = here & 0xffff;
+
+          if ((here_bits) <= bits) { break; }
+          //--- PULLBYTE() ---//
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+          //---//
+        }
+        if (here_val < 16) {
+          //--- DROPBITS(here.bits) ---//
+          hold >>>= here_bits;
+          bits -= here_bits;
+          //---//
+          state.lens[state.have++] = here_val;
+        }
+        else {
+          if (here_val === 16) {
+            //=== NEEDBITS(here.bits + 2);
+            n = here_bits + 2;
+            while (bits < n) {
+              if (have === 0) { break inf_leave; }
+              have--;
+              hold += input[next++] << bits;
+              bits += 8;
+            }
+            //===//
+            //--- DROPBITS(here.bits) ---//
+            hold >>>= here_bits;
+            bits -= here_bits;
+            //---//
+            if (state.have === 0) {
+              strm.msg = 'invalid bit length repeat';
+              state.mode = BAD;
+              break;
+            }
+            len = state.lens[state.have - 1];
+            copy = 3 + (hold & 0x03);//BITS(2);
+            //--- DROPBITS(2) ---//
+            hold >>>= 2;
+            bits -= 2;
+            //---//
+          }
+          else if (here_val === 17) {
+            //=== NEEDBITS(here.bits + 3);
+            n = here_bits + 3;
+            while (bits < n) {
+              if (have === 0) { break inf_leave; }
+              have--;
+              hold += input[next++] << bits;
+              bits += 8;
+            }
+            //===//
+            //--- DROPBITS(here.bits) ---//
+            hold >>>= here_bits;
+            bits -= here_bits;
+            //---//
+            len = 0;
+            copy = 3 + (hold & 0x07);//BITS(3);
+            //--- DROPBITS(3) ---//
+            hold >>>= 3;
+            bits -= 3;
+            //---//
+          }
+          else {
+            //=== NEEDBITS(here.bits + 7);
+            n = here_bits + 7;
+            while (bits < n) {
+              if (have === 0) { break inf_leave; }
+              have--;
+              hold += input[next++] << bits;
+              bits += 8;
+            }
+            //===//
+            //--- DROPBITS(here.bits) ---//
+            hold >>>= here_bits;
+            bits -= here_bits;
+            //---//
+            len = 0;
+            copy = 11 + (hold & 0x7f);//BITS(7);
+            //--- DROPBITS(7) ---//
+            hold >>>= 7;
+            bits -= 7;
+            //---//
+          }
+          if (state.have + copy > state.nlen + state.ndist) {
+            strm.msg = 'invalid bit length repeat';
+            state.mode = BAD;
+            break;
+          }
+          while (copy--) {
+            state.lens[state.have++] = len;
+          }
+        }
+      }
+
+      /* handle error breaks in while */
+      if (state.mode === BAD) { break; }
+
+      /* check for end-of-block code (better have one) */
+      if (state.lens[256] === 0) {
+        strm.msg = 'invalid code -- missing end-of-block';
+        state.mode = BAD;
+        break;
+      }
+
+      /* build code tables -- note: do not change the lenbits or distbits
+         values here (9 and 6) without reading the comments in inftrees.h
+         concerning the ENOUGH constants, which depend on those values */
+      state.lenbits = 9;
+
+      opts = { bits: state.lenbits };
+      ret = inflate_table(LENS, state.lens, 0, state.nlen, state.lencode, 0, state.work, opts);
+      // We have separate tables & no pointers. 2 commented lines below not needed.
+      // state.next_index = opts.table_index;
+      state.lenbits = opts.bits;
+      // state.lencode = state.next;
+
+      if (ret) {
+        strm.msg = 'invalid literal/lengths set';
+        state.mode = BAD;
+        break;
+      }
+
+      state.distbits = 6;
+      //state.distcode.copy(state.codes);
+      // Switch to use dynamic table
+      state.distcode = state.distdyn;
+      opts = { bits: state.distbits };
+      ret = inflate_table(DISTS, state.lens, state.nlen, state.ndist, state.distcode, 0, state.work, opts);
+      // We have separate tables & no pointers. 2 commented lines below not needed.
+      // state.next_index = opts.table_index;
+      state.distbits = opts.bits;
+      // state.distcode = state.next;
+
+      if (ret) {
+        strm.msg = 'invalid distances set';
+        state.mode = BAD;
+        break;
+      }
+      //Tracev((stderr, 'inflate:       codes ok\n'));
+      state.mode = LEN_;
+      if (flush === Z_TREES) { break inf_leave; }
+      /* falls through */
+    case LEN_:
+      state.mode = LEN;
+      /* falls through */
+    case LEN:
+      if (have >= 6 && left >= 258) {
+        //--- RESTORE() ---
+        strm.next_out = put;
+        strm.avail_out = left;
+        strm.next_in = next;
+        strm.avail_in = have;
+        state.hold = hold;
+        state.bits = bits;
+        //---
+        inflate_fast(strm, _out);
+        //--- LOAD() ---
+        put = strm.next_out;
+        output = strm.output;
+        left = strm.avail_out;
+        next = strm.next_in;
+        input = strm.input;
+        have = strm.avail_in;
+        hold = state.hold;
+        bits = state.bits;
+        //---
+
+        if (state.mode === TYPE) {
+          state.back = -1;
+        }
+        break;
+      }
+      state.back = 0;
+      for (;;) {
+        here = state.lencode[hold & ((1 << state.lenbits) - 1)];  /*BITS(state.lenbits)*/
+        here_bits = here >>> 24;
+        here_op = (here >>> 16) & 0xff;
+        here_val = here & 0xffff;
+
+        if (here_bits <= bits) { break; }
+        //--- PULLBYTE() ---//
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+        //---//
+      }
+      if (here_op && (here_op & 0xf0) === 0) {
+        last_bits = here_bits;
+        last_op = here_op;
+        last_val = here_val;
+        for (;;) {
+          here = state.lencode[last_val +
+                  ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];
+          here_bits = here >>> 24;
+          here_op = (here >>> 16) & 0xff;
+          here_val = here & 0xffff;
+
+          if ((last_bits + here_bits) <= bits) { break; }
+          //--- PULLBYTE() ---//
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+          //---//
+        }
+        //--- DROPBITS(last.bits) ---//
+        hold >>>= last_bits;
+        bits -= last_bits;
+        //---//
+        state.back += last_bits;
+      }
+      //--- DROPBITS(here.bits) ---//
+      hold >>>= here_bits;
+      bits -= here_bits;
+      //---//
+      state.back += here_bits;
+      state.length = here_val;
+      if (here_op === 0) {
+        //Tracevv((stderr, here.val >= 0x20 && here.val < 0x7f ?
+        //        "inflate:         literal '%c'\n" :
+        //        "inflate:         literal 0x%02x\n", here.val));
+        state.mode = LIT;
+        break;
+      }
+      if (here_op & 32) {
+        //Tracevv((stderr, "inflate:         end of block\n"));
+        state.back = -1;
+        state.mode = TYPE;
+        break;
+      }
+      if (here_op & 64) {
+        strm.msg = 'invalid literal/length code';
+        state.mode = BAD;
+        break;
+      }
+      state.extra = here_op & 15;
+      state.mode = LENEXT;
+      /* falls through */
+    case LENEXT:
+      if (state.extra) {
+        //=== NEEDBITS(state.extra);
+        n = state.extra;
+        while (bits < n) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.length += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;
+        //--- DROPBITS(state.extra) ---//
+        hold >>>= state.extra;
+        bits -= state.extra;
+        //---//
+        state.back += state.extra;
+      }
+      //Tracevv((stderr, "inflate:         length %u\n", state.length));
+      state.was = state.length;
+      state.mode = DIST;
+      /* falls through */
+    case DIST:
+      for (;;) {
+        here = state.distcode[hold & ((1 << state.distbits) - 1)];/*BITS(state.distbits)*/
+        here_bits = here >>> 24;
+        here_op = (here >>> 16) & 0xff;
+        here_val = here & 0xffff;
+
+        if ((here_bits) <= bits) { break; }
+        //--- PULLBYTE() ---//
+        if (have === 0) { break inf_leave; }
+        have--;
+        hold += input[next++] << bits;
+        bits += 8;
+        //---//
+      }
+      if ((here_op & 0xf0) === 0) {
+        last_bits = here_bits;
+        last_op = here_op;
+        last_val = here_val;
+        for (;;) {
+          here = state.distcode[last_val +
+                  ((hold & ((1 << (last_bits + last_op)) - 1))/*BITS(last.bits + last.op)*/ >> last_bits)];
+          here_bits = here >>> 24;
+          here_op = (here >>> 16) & 0xff;
+          here_val = here & 0xffff;
+
+          if ((last_bits + here_bits) <= bits) { break; }
+          //--- PULLBYTE() ---//
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+          //---//
+        }
+        //--- DROPBITS(last.bits) ---//
+        hold >>>= last_bits;
+        bits -= last_bits;
+        //---//
+        state.back += last_bits;
+      }
+      //--- DROPBITS(here.bits) ---//
+      hold >>>= here_bits;
+      bits -= here_bits;
+      //---//
+      state.back += here_bits;
+      if (here_op & 64) {
+        strm.msg = 'invalid distance code';
+        state.mode = BAD;
+        break;
+      }
+      state.offset = here_val;
+      state.extra = (here_op) & 15;
+      state.mode = DISTEXT;
+      /* falls through */
+    case DISTEXT:
+      if (state.extra) {
+        //=== NEEDBITS(state.extra);
+        n = state.extra;
+        while (bits < n) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        state.offset += hold & ((1 << state.extra) - 1)/*BITS(state.extra)*/;
+        //--- DROPBITS(state.extra) ---//
+        hold >>>= state.extra;
+        bits -= state.extra;
+        //---//
+        state.back += state.extra;
+      }
+//#ifdef INFLATE_STRICT
+      if (state.offset > state.dmax) {
+        strm.msg = 'invalid distance too far back';
+        state.mode = BAD;
+        break;
+      }
+//#endif
+      //Tracevv((stderr, "inflate:         distance %u\n", state.offset));
+      state.mode = MATCH;
+      /* falls through */
+    case MATCH:
+      if (left === 0) { break inf_leave; }
+      copy = _out - left;
+      if (state.offset > copy) {         /* copy from window */
+        copy = state.offset - copy;
+        if (copy > state.whave) {
+          if (state.sane) {
+            strm.msg = 'invalid distance too far back';
+            state.mode = BAD;
+            break;
+          }
+// (!) This block is disabled in zlib defailts,
+// don't enable it for binary compatibility
+//#ifdef INFLATE_ALLOW_INVALID_DISTANCE_TOOFAR_ARRR
+//          Trace((stderr, "inflate.c too far\n"));
+//          copy -= state.whave;
+//          if (copy > state.length) { copy = state.length; }
+//          if (copy > left) { copy = left; }
+//          left -= copy;
+//          state.length -= copy;
+//          do {
+//            output[put++] = 0;
+//          } while (--copy);
+//          if (state.length === 0) { state.mode = LEN; }
+//          break;
+//#endif
+        }
+        if (copy > state.wnext) {
+          copy -= state.wnext;
+          from = state.wsize - copy;
+        }
+        else {
+          from = state.wnext - copy;
+        }
+        if (copy > state.length) { copy = state.length; }
+        from_source = state.window;
+      }
+      else {                              /* copy from output */
+        from_source = output;
+        from = put - state.offset;
+        copy = state.length;
+      }
+      if (copy > left) { copy = left; }
+      left -= copy;
+      state.length -= copy;
+      do {
+        output[put++] = from_source[from++];
+      } while (--copy);
+      if (state.length === 0) { state.mode = LEN; }
+      break;
+    case LIT:
+      if (left === 0) { break inf_leave; }
+      output[put++] = state.length;
+      left--;
+      state.mode = LEN;
+      break;
+    case CHECK:
+      if (state.wrap) {
+        //=== NEEDBITS(32);
+        while (bits < 32) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          // Use '|' insdead of '+' to make sure that result is signed
+          hold |= input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        _out -= left;
+        strm.total_out += _out;
+        state.total += _out;
+        if (_out) {
+          strm.adler = state.check =
+              /*UPDATE(state.check, put - _out, _out);*/
+              (state.flags ? crc32(state.check, output, _out, put - _out) : adler32(state.check, output, _out, put - _out));
+
+        }
+        _out = left;
+        // NB: crc32 stored as signed 32-bit int, zswap32 returns signed too
+        if ((state.flags ? hold : zswap32(hold)) !== state.check) {
+          strm.msg = 'incorrect data check';
+          state.mode = BAD;
+          break;
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+        //Tracev((stderr, "inflate:   check matches trailer\n"));
+      }
+      state.mode = LENGTH;
+      /* falls through */
+    case LENGTH:
+      if (state.wrap && state.flags) {
+        //=== NEEDBITS(32);
+        while (bits < 32) {
+          if (have === 0) { break inf_leave; }
+          have--;
+          hold += input[next++] << bits;
+          bits += 8;
+        }
+        //===//
+        if (hold !== (state.total & 0xffffffff)) {
+          strm.msg = 'incorrect length check';
+          state.mode = BAD;
+          break;
+        }
+        //=== INITBITS();
+        hold = 0;
+        bits = 0;
+        //===//
+        //Tracev((stderr, "inflate:   length matches trailer\n"));
+      }
+      state.mode = DONE;
+      /* falls through */
+    case DONE:
+      ret = Z_STREAM_END;
+      break inf_leave;
+    case BAD:
+      ret = Z_DATA_ERROR;
+      break inf_leave;
+    case MEM:
+      return Z_MEM_ERROR;
+    case SYNC:
+      /* falls through */
+    default:
+      return Z_STREAM_ERROR;
+    }
+  }
+
+  // inf_leave <- here is real place for "goto inf_leave", emulated via "break inf_leave"
+
+  /*
+     Return from inflate(), updating the total counts and the check value.
+     If there was no progress during the inflate() call, return a buffer
+     error.  Call updatewindow() to create and/or update the window state.
+     Note: a memory error from inflate() is non-recoverable.
+   */
+
+  //--- RESTORE() ---
+  strm.next_out = put;
+  strm.avail_out = left;
+  strm.next_in = next;
+  strm.avail_in = have;
+  state.hold = hold;
+  state.bits = bits;
+  //---
+
+  if (state.wsize || (_out !== strm.avail_out && state.mode < BAD &&
+                      (state.mode < CHECK || flush !== Z_FINISH))) {
+    if (updatewindow(strm, strm.output, strm.next_out, _out - strm.avail_out)) {
+      state.mode = MEM;
+      return Z_MEM_ERROR;
+    }
+  }
+  _in -= strm.avail_in;
+  _out -= strm.avail_out;
+  strm.total_in += _in;
+  strm.total_out += _out;
+  state.total += _out;
+  if (state.wrap && _out) {
+    strm.adler = state.check = /*UPDATE(state.check, strm.next_out - _out, _out);*/
+      (state.flags ? crc32(state.check, output, _out, strm.next_out - _out) : adler32(state.check, output, _out, strm.next_out - _out));
+  }
+  strm.data_type = state.bits + (state.last ? 64 : 0) +
+                    (state.mode === TYPE ? 128 : 0) +
+                    (state.mode === LEN_ || state.mode === COPY_ ? 256 : 0);
+  if (((_in === 0 && _out === 0) || flush === Z_FINISH) && ret === Z_OK) {
+    ret = Z_BUF_ERROR;
+  }
+  return ret;
+}
+
+function inflateEnd(strm) {
+
+  if (!strm || !strm.state /*|| strm->zfree == (free_func)0*/) {
+    return Z_STREAM_ERROR;
+  }
+
+  var state = strm.state;
+  if (state.window) {
+    state.window = null;
+  }
+  strm.state = null;
+  return Z_OK;
+}
+
+function inflateGetHeader(strm, head) {
+  var state;
+
+  /* check state */
+  if (!strm || !strm.state) { return Z_STREAM_ERROR; }
+  state = strm.state;
+  if ((state.wrap & 2) === 0) { return Z_STREAM_ERROR; }
+
+  /* save header structure */
+  state.head = head;
+  head.done = false;
+  return Z_OK;
+}
+
+function inflateSetDictionary(strm, dictionary) {
+  var dictLength = dictionary.length;
+
+  var state;
+  var dictid;
+  var ret;
+
+  /* check state */
+  if (!strm /* == Z_NULL */ || !strm.state /* == Z_NULL */) { return Z_STREAM_ERROR; }
+  state = strm.state;
+
+  if (state.wrap !== 0 && state.mode !== DICT) {
+    return Z_STREAM_ERROR;
+  }
+
+  /* check for correct dictionary identifier */
+  if (state.mode === DICT) {
+    dictid = 1; /* adler32(0, null, 0)*/
+    /* dictid = adler32(dictid, dictionary, dictLength); */
+    dictid = adler32(dictid, dictionary, dictLength, 0);
+    if (dictid !== state.check) {
+      return Z_DATA_ERROR;
+    }
+  }
+  /* copy dictionary to window using updatewindow(), which will amend the
+   existing dictionary if appropriate */
+  ret = updatewindow(strm, dictionary, dictLength, dictLength);
+  if (ret) {
+    state.mode = MEM;
+    return Z_MEM_ERROR;
+  }
+  state.havedict = 1;
+  // Tracev((stderr, "inflate:   dictionary set\n"));
+  return Z_OK;
+}
+
+exports.inflateReset = inflateReset;
+exports.inflateReset2 = inflateReset2;
+exports.inflateResetKeep = inflateResetKeep;
+exports.inflateInit = inflateInit;
+exports.inflateInit2 = inflateInit2;
+exports.inflate = inflate;
+exports.inflateEnd = inflateEnd;
+exports.inflateGetHeader = inflateGetHeader;
+exports.inflateSetDictionary = inflateSetDictionary;
+exports.inflateInfo = 'pako inflate (from Nodeca project)';
+
+/* Not implemented
+exports.inflateCopy = inflateCopy;
+exports.inflateGetDictionary = inflateGetDictionary;
+exports.inflateMark = inflateMark;
+exports.inflatePrime = inflatePrime;
+exports.inflateSync = inflateSync;
+exports.inflateSyncPoint = inflateSyncPoint;
+exports.inflateUndermine = inflateUndermine;
+*/
+
+},{"../utils/common":1,"./adler32":3,"./crc32":5,"./inffast":7,"./inftrees":9}],9:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+var utils = require('../utils/common');
+
+var MAXBITS = 15;
+var ENOUGH_LENS = 852;
+var ENOUGH_DISTS = 592;
+//var ENOUGH = (ENOUGH_LENS+ENOUGH_DISTS);
+
+var CODES = 0;
+var LENS = 1;
+var DISTS = 2;
+
+var lbase = [ /* Length codes 257..285 base */
+  3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 15, 17, 19, 23, 27, 31,
+  35, 43, 51, 59, 67, 83, 99, 115, 131, 163, 195, 227, 258, 0, 0
+];
+
+var lext = [ /* Length codes 257..285 extra */
+  16, 16, 16, 16, 16, 16, 16, 16, 17, 17, 17, 17, 18, 18, 18, 18,
+  19, 19, 19, 19, 20, 20, 20, 20, 21, 21, 21, 21, 16, 72, 78
+];
+
+var dbase = [ /* Distance codes 0..29 base */
+  1, 2, 3, 4, 5, 7, 9, 13, 17, 25, 33, 49, 65, 97, 129, 193,
+  257, 385, 513, 769, 1025, 1537, 2049, 3073, 4097, 6145,
+  8193, 12289, 16385, 24577, 0, 0
+];
+
+var dext = [ /* Distance codes 0..29 extra */
+  16, 16, 16, 16, 17, 17, 18, 18, 19, 19, 20, 20, 21, 21, 22, 22,
+  23, 23, 24, 24, 25, 25, 26, 26, 27, 27,
+  28, 28, 29, 29, 64, 64
+];
+
+module.exports = function inflate_table(type, lens, lens_index, codes, table, table_index, work, opts)
+{
+  var bits = opts.bits;
+      //here = opts.here; /* table entry for duplication */
+
+  var len = 0;               /* a code's length in bits */
+  var sym = 0;               /* index of code symbols */
+  var min = 0, max = 0;          /* minimum and maximum code lengths */
+  var root = 0;              /* number of index bits for root table */
+  var curr = 0;              /* number of index bits for current table */
+  var drop = 0;              /* code bits to drop for sub-table */
+  var left = 0;                   /* number of prefix codes available */
+  var used = 0;              /* code entries in table used */
+  var huff = 0;              /* Huffman code */
+  var incr;              /* for incrementing code, index */
+  var fill;              /* index for replicating entries */
+  var low;               /* low bits for current root entry */
+  var mask;              /* mask for low root bits */
+  var next;             /* next available space in table */
+  var base = null;     /* base value table to use */
+  var base_index = 0;
+//  var shoextra;    /* extra bits table to use */
+  var end;                    /* use base and extra for symbol > end */
+  var count = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1];    /* number of codes of each length */
+  var offs = new utils.Buf16(MAXBITS + 1); //[MAXBITS+1];     /* offsets in table for each length */
+  var extra = null;
+  var extra_index = 0;
+
+  var here_bits, here_op, here_val;
+
+  /*
+   Process a set of code lengths to create a canonical Huffman code.  The
+   code lengths are lens[0..codes-1].  Each length corresponds to the
+   symbols 0..codes-1.  The Huffman code is generated by first sorting the
+   symbols by length from short to long, and retaining the symbol order
+   for codes with equal lengths.  Then the code starts with all zero bits
+   for the first code of the shortest length, and the codes are integer
+   increments for the same length, and zeros are appended as the length
+   increases.  For the deflate format, these bits are stored backwards
+   from their more natural integer increment ordering, and so when the
+   decoding tables are built in the large loop below, the integer codes
+   are incremented backwards.
+
+   This routine assumes, but does not check, that all of the entries in
+   lens[] are in the range 0..MAXBITS.  The caller must assure this.
+   1..MAXBITS is interpreted as that code length.  zero means that that
+   symbol does not occur in this code.
+
+   The codes are sorted by computing a count of codes for each length,
+   creating from that a table of starting indices for each length in the
+   sorted table, and then entering the symbols in order in the sorted
+   table.  The sorted table is work[], with that space being provided by
+   the caller.
+
+   The length counts are used for other purposes as well, i.e. finding
+   the minimum and maximum length codes, determining if there are any
+   codes at all, checking for a valid set of lengths, and looking ahead
+   at length counts to determine sub-table sizes when building the
+   decoding tables.
+   */
+
+  /* accumulate lengths for codes (assumes lens[] all in 0..MAXBITS) */
+  for (len = 0; len <= MAXBITS; len++) {
+    count[len] = 0;
+  }
+  for (sym = 0; sym < codes; sym++) {
+    count[lens[lens_index + sym]]++;
+  }
+
+  /* bound code lengths, force root to be within code lengths */
+  root = bits;
+  for (max = MAXBITS; max >= 1; max--) {
+    if (count[max] !== 0) { break; }
+  }
+  if (root > max) {
+    root = max;
+  }
+  if (max === 0) {                     /* no symbols to code at all */
+    //table.op[opts.table_index] = 64;  //here.op = (var char)64;    /* invalid code marker */
+    //table.bits[opts.table_index] = 1;   //here.bits = (var char)1;
+    //table.val[opts.table_index++] = 0;   //here.val = (var short)0;
+    table[table_index++] = (1 << 24) | (64 << 16) | 0;
+
+
+    //table.op[opts.table_index] = 64;
+    //table.bits[opts.table_index] = 1;
+    //table.val[opts.table_index++] = 0;
+    table[table_index++] = (1 << 24) | (64 << 16) | 0;
+
+    opts.bits = 1;
+    return 0;     /* no symbols, but wait for decoding to report error */
+  }
+  for (min = 1; min < max; min++) {
+    if (count[min] !== 0) { break; }
+  }
+  if (root < min) {
+    root = min;
+  }
+
+  /* check for an over-subscribed or incomplete set of lengths */
+  left = 1;
+  for (len = 1; len <= MAXBITS; len++) {
+    left <<= 1;
+    left -= count[len];
+    if (left < 0) {
+      return -1;
+    }        /* over-subscribed */
+  }
+  if (left > 0 && (type === CODES || max !== 1)) {
+    return -1;                      /* incomplete set */
+  }
+
+  /* generate offsets into symbol table for each length for sorting */
+  offs[1] = 0;
+  for (len = 1; len < MAXBITS; len++) {
+    offs[len + 1] = offs[len] + count[len];
+  }
+
+  /* sort symbols by length, by symbol order within each length */
+  for (sym = 0; sym < codes; sym++) {
+    if (lens[lens_index + sym] !== 0) {
+      work[offs[lens[lens_index + sym]]++] = sym;
+    }
+  }
+
+  /*
+   Create and fill in decoding tables.  In this loop, the table being
+   filled is at next and has curr index bits.  The code being used is huff
+   with length len.  That code is converted to an index by dropping drop
+   bits off of the bottom.  For codes where len is less than drop + curr,
+   those top drop + curr - len bits are incremented through all values to
+   fill the table with replicated entries.
+
+   root is the number of index bits for the root table.  When len exceeds
+   root, sub-tables are created pointed to by the root entry with an index
+   of the low root bits of huff.  This is saved in low to check for when a
+   new sub-table should be started.  drop is zero when the root table is
+   being filled, and drop is root when sub-tables are being filled.
+
+   When a new sub-table is needed, it is necessary to look ahead in the
+   code lengths to determine what size sub-table is needed.  The length
+   counts are used for this, and so count[] is decremented as codes are
+   entered in the tables.
+
+   used keeps track of how many table entries have been allocated from the
+   provided *table space.  It is checked for LENS and DIST tables against
+   the constants ENOUGH_LENS and ENOUGH_DISTS to guard against changes in
+   the initial root table size constants.  See the comments in inftrees.h
+   for more information.
+
+   sym increments through all symbols, and the loop terminates when
+   all codes of length max, i.e. all codes, have been processed.  This
+   routine permits incomplete codes, so another loop after this one fills
+   in the rest of the decoding tables with invalid code markers.
+   */
+
+  /* set up for code type */
+  // poor man optimization - use if-else instead of switch,
+  // to avoid deopts in old v8
+  if (type === CODES) {
+    base = extra = work;    /* dummy value--not used */
+    end = 19;
+
+  } else if (type === LENS) {
+    base = lbase;
+    base_index -= 257;
+    extra = lext;
+    extra_index -= 257;
+    end = 256;
+
+  } else {                    /* DISTS */
+    base = dbase;
+    extra = dext;
+    end = -1;
+  }
+
+  /* initialize opts for loop */
+  huff = 0;                   /* starting code */
+  sym = 0;                    /* starting code symbol */
+  len = min;                  /* starting code length */
+  next = table_index;              /* current table to fill in */
+  curr = root;                /* current table index bits */
+  drop = 0;                   /* current bits to drop from code for index */
+  low = -1;                   /* trigger new sub-table when len > root */
+  used = 1 << root;          /* use root table entries */
+  mask = used - 1;            /* mask for comparing low */
+
+  /* check available table space */
+  if ((type === LENS && used > ENOUGH_LENS) ||
+    (type === DISTS && used > ENOUGH_DISTS)) {
+    return 1;
+  }
+
+  /* process all codes and make table entries */
+  for (;;) {
+    /* create table entry */
+    here_bits = len - drop;
+    if (work[sym] < end) {
+      here_op = 0;
+      here_val = work[sym];
+    }
+    else if (work[sym] > end) {
+      here_op = extra[extra_index + work[sym]];
+      here_val = base[base_index + work[sym]];
+    }
+    else {
+      here_op = 32 + 64;         /* end of block */
+      here_val = 0;
+    }
+
+    /* replicate for those indices with low len bits equal to huff */
+    incr = 1 << (len - drop);
+    fill = 1 << curr;
+    min = fill;                 /* save offset to next table */
+    do {
+      fill -= incr;
+      table[next + (huff >> drop) + fill] = (here_bits << 24) | (here_op << 16) | here_val |0;
+    } while (fill !== 0);
+
+    /* backwards increment the len-bit code huff */
+    incr = 1 << (len - 1);
+    while (huff & incr) {
+      incr >>= 1;
+    }
+    if (incr !== 0) {
+      huff &= incr - 1;
+      huff += incr;
+    } else {
+      huff = 0;
+    }
+
+    /* go to next symbol, update count, len */
+    sym++;
+    if (--count[len] === 0) {
+      if (len === max) { break; }
+      len = lens[lens_index + work[sym]];
+    }
+
+    /* create new sub-table if needed */
+    if (len > root && (huff & mask) !== low) {
+      /* if first time, transition to sub-tables */
+      if (drop === 0) {
+        drop = root;
+      }
+
+      /* increment past last table */
+      next += min;            /* here min is 1 << curr */
+
+      /* determine length of next table */
+      curr = len - drop;
+      left = 1 << curr;
+      while (curr + drop < max) {
+        left -= count[curr + drop];
+        if (left <= 0) { break; }
+        curr++;
+        left <<= 1;
+      }
+
+      /* check for enough space */
+      used += 1 << curr;
+      if ((type === LENS && used > ENOUGH_LENS) ||
+        (type === DISTS && used > ENOUGH_DISTS)) {
+        return 1;
+      }
+
+      /* point entry in root table to sub-table */
+      low = huff & mask;
+      /*table.op[low] = curr;
+      table.bits[low] = root;
+      table.val[low] = next - opts.table_index;*/
+      table[low] = (root << 24) | (curr << 16) | (next - table_index) |0;
+    }
+  }
+
+  /* fill in remaining table entry if code is incomplete (guaranteed to have
+   at most one remaining entry, since if the code is incomplete, the
+   maximum code length that was allowed to get this far is one bit) */
+  if (huff !== 0) {
+    //table.op[next + huff] = 64;            /* invalid code marker */
+    //table.bits[next + huff] = len - drop;
+    //table.val[next + huff] = 0;
+    table[next + huff] = ((len - drop) << 24) | (64 << 16) |0;
+  }
+
+  /* set return parameters */
+  //opts.table_index += used;
+  opts.bits = root;
+  return 0;
+};
+
+},{"../utils/common":1}],10:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+module.exports = {
+  2:      'need dictionary',     /* Z_NEED_DICT       2  */
+  1:      'stream end',          /* Z_STREAM_END      1  */
+  0:      '',                    /* Z_OK              0  */
+  '-1':   'file error',          /* Z_ERRNO         (-1) */
+  '-2':   'stream error',        /* Z_STREAM_ERROR  (-2) */
+  '-3':   'data error',          /* Z_DATA_ERROR    (-3) */
+  '-4':   'insufficient memory', /* Z_MEM_ERROR     (-4) */
+  '-5':   'buffer error',        /* Z_BUF_ERROR     (-5) */
+  '-6':   'incompatible version' /* Z_VERSION_ERROR (-6) */
+};
+
+},{}],11:[function(require,module,exports){
+'use strict';
+
+// (C) 1995-2013 Jean-loup Gailly and Mark Adler
+// (C) 2014-2017 Vitaly Puzrin and Andrey Tupitsin
+//
+// This software is provided 'as-is', without any express or implied
+// warranty. In no event will the authors be held liable for any damages
+// arising from the use of this software.
+//
+// Permission is granted to anyone to use this software for any purpose,
+// including commercial applications, and to alter it and redistribute it
+// freely, subject to the following restrictions:
+//
+// 1. The origin of this software must not be misrepresented; you must not
+//   claim that you wrote the original software. If you use this software
+//   in a product, an acknowledgment in the product documentation would be
+//   appreciated but is not required.
+// 2. Altered source versions must be plainly marked as such, and must not be
+//   misrepresented as being the original software.
+// 3. This notice may not be removed or altered from any source distribution.
+
+function ZStream() {
+  /* next input byte */
+  this.input = null; // JS specific, because we have no pointers
+  this.next_in = 0;
+  /* number of bytes available at input */
+  this.avail_in = 0;
+  /* total number of input bytes read so far */
+  this.total_in = 0;
+  /* next output byte should be put there */
+  this.output = null; // JS specific, because we have no pointers
+  this.next_out = 0;
+  /* remaining free space at output */
+  this.avail_out = 0;
+  /* total number of bytes output so far */
+  this.total_out = 0;
+  /* last error message, NULL if no error */
+  this.msg = ''/*Z_NULL*/;
+  /* not visible by applications */
+  this.state = null;
+  /* best guess about the data type: binary or text */
+  this.data_type = 2/*Z_UNKNOWN*/;
+  /* adler32 value of the uncompressed data */
+  this.adler = 0;
+}
+
+module.exports = ZStream;
+
+},{}],"/lib/inflate.js":[function(require,module,exports){
+'use strict';
+
+
+var zlib_inflate = require('./zlib/inflate');
+var utils        = require('./utils/common');
+var strings      = require('./utils/strings');
+var c            = require('./zlib/constants');
+var msg          = require('./zlib/messages');
+var ZStream      = require('./zlib/zstream');
+var GZheader     = require('./zlib/gzheader');
+
+var toString = Object.prototype.toString;
+
+/**
+ * class Inflate
+ *
+ * Generic JS-style wrapper for zlib calls. If you don't need
+ * streaming behaviour - use more simple functions: [[inflate]]
+ * and [[inflateRaw]].
+ **/
+
+/* internal
+ * inflate.chunks -> Array
+ *
+ * Chunks of output data, if [[Inflate#onData]] not overriden.
+ **/
+
+/**
+ * Inflate.result -> Uint8Array|Array|String
+ *
+ * Uncompressed result, generated by default [[Inflate#onData]]
+ * and [[Inflate#onEnd]] handlers. Filled after you push last chunk
+ * (call [[Inflate#push]] with `Z_FINISH` / `true` param) or if you
+ * push a chunk with explicit flush (call [[Inflate#push]] with
+ * `Z_SYNC_FLUSH` param).
+ **/
+
+/**
+ * Inflate.err -> Number
+ *
+ * Error code after inflate finished. 0 (Z_OK) on success.
+ * Should be checked if broken data possible.
+ **/
+
+/**
+ * Inflate.msg -> String
+ *
+ * Error message, if [[Inflate.err]] != 0
+ **/
+
+
+/**
+ * new Inflate(options)
+ * - options (Object): zlib inflate options.
+ *
+ * Creates new inflator instance with specified params. Throws exception
+ * on bad params. Supported options:
+ *
+ * - `windowBits`
+ * - `dictionary`
+ *
+ * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)
+ * for more information on these.
+ *
+ * Additional options, for internal needs:
+ *
+ * - `chunkSize` - size of generated data chunks (16K by default)
+ * - `raw` (Boolean) - do raw inflate
+ * - `to` (String) - if equal to 'string', then result will be converted
+ *   from utf8 to utf16 (javascript) string. When string output requested,
+ *   chunk length can differ from `chunkSize`, depending on content.
+ *
+ * By default, when no options set, autodetect deflate/gzip data format via
+ * wrapper header.
+ *
+ * ##### Example:
+ *
+ * ```javascript
+ * var pako = require('pako')
+ *   , chunk1 = Uint8Array([1,2,3,4,5,6,7,8,9])
+ *   , chunk2 = Uint8Array([10,11,12,13,14,15,16,17,18,19]);
+ *
+ * var inflate = new pako.Inflate({ level: 3});
+ *
+ * inflate.push(chunk1, false);
+ * inflate.push(chunk2, true);  // true -> last chunk
+ *
+ * if (inflate.err) { throw new Error(inflate.err); }
+ *
+ * console.log(inflate.result);
+ * ```
+ **/
+function Inflate(options) {
+  if (!(this instanceof Inflate)) return new Inflate(options);
+
+  this.options = utils.assign({
+    chunkSize: 16384,
+    windowBits: 0,
+    to: ''
+  }, options || {});
+
+  var opt = this.options;
+
+  // Force window size for `raw` data, if not set directly,
+  // because we have no header for autodetect.
+  if (opt.raw && (opt.windowBits >= 0) && (opt.windowBits < 16)) {
+    opt.windowBits = -opt.windowBits;
+    if (opt.windowBits === 0) { opt.windowBits = -15; }
+  }
+
+  // If `windowBits` not defined (and mode not raw) - set autodetect flag for gzip/deflate
+  if ((opt.windowBits >= 0) && (opt.windowBits < 16) &&
+      !(options && options.windowBits)) {
+    opt.windowBits += 32;
+  }
+
+  // Gzip header has no info about windows size, we can do autodetect only
+  // for deflate. So, if window size not set, force it to max when gzip possible
+  if ((opt.windowBits > 15) && (opt.windowBits < 48)) {
+    // bit 3 (16) -> gzipped data
+    // bit 4 (32) -> autodetect gzip/deflate
+    if ((opt.windowBits & 15) === 0) {
+      opt.windowBits |= 15;
+    }
+  }
+
+  this.err    = 0;      // error code, if happens (0 = Z_OK)
+  this.msg    = '';     // error message
+  this.ended  = false;  // used to avoid multiple onEnd() calls
+  this.chunks = [];     // chunks of compressed data
+
+  this.strm   = new ZStream();
+  this.strm.avail_out = 0;
+
+  var status  = zlib_inflate.inflateInit2(
+    this.strm,
+    opt.windowBits
+  );
+
+  if (status !== c.Z_OK) {
+    throw new Error(msg[status]);
+  }
+
+  this.header = new GZheader();
+
+  zlib_inflate.inflateGetHeader(this.strm, this.header);
+}
+
+/**
+ * Inflate#push(data[, mode]) -> Boolean
+ * - data (Uint8Array|Array|ArrayBuffer|String): input data
+ * - mode (Number|Boolean): 0..6 for corresponding Z_NO_FLUSH..Z_TREE modes.
+ *   See constants. Skipped or `false` means Z_NO_FLUSH, `true` meansh Z_FINISH.
+ *
+ * Sends input data to inflate pipe, generating [[Inflate#onData]] calls with
+ * new output chunks. Returns `true` on success. The last data block must have
+ * mode Z_FINISH (or `true`). That will flush internal pending buffers and call
+ * [[Inflate#onEnd]]. For interim explicit flushes (without ending the stream) you
+ * can use mode Z_SYNC_FLUSH, keeping the decompression context.
+ *
+ * On fail call [[Inflate#onEnd]] with error code and return false.
+ *
+ * We strongly recommend to use `Uint8Array` on input for best speed (output
+ * format is detected automatically). Also, don't skip last param and always
+ * use the same type in your code (boolean or number). That will improve JS speed.
+ *
+ * For regular `Array`-s make sure all elements are [0..255].
+ *
+ * ##### Example
+ *
+ * ```javascript
+ * push(chunk, false); // push one of data chunks
+ * ...
+ * push(chunk, true);  // push last chunk
+ * ```
+ **/
+Inflate.prototype.push = function (data, mode) {
+  var strm = this.strm;
+  var chunkSize = this.options.chunkSize;
+  var dictionary = this.options.dictionary;
+  var status, _mode;
+  var next_out_utf8, tail, utf8str;
+  var dict;
+
+  // Flag to properly process Z_BUF_ERROR on testing inflate call
+  // when we check that all output data was flushed.
+  var allowBufError = false;
+
+  if (this.ended) { return false; }
+  _mode = (mode === ~~mode) ? mode : ((mode === true) ? c.Z_FINISH : c.Z_NO_FLUSH);
+
+  // Convert data if needed
+  if (typeof data === 'string') {
+    // Only binary strings can be decompressed on practice
+    strm.input = strings.binstring2buf(data);
+  } else if (toString.call(data) === '[object ArrayBuffer]') {
+    strm.input = new Uint8Array(data);
+  } else {
+    strm.input = data;
+  }
+
+  strm.next_in = 0;
+  strm.avail_in = strm.input.length;
+
+  do {
+    if (strm.avail_out === 0) {
+      strm.output = new utils.Buf8(chunkSize);
+      strm.next_out = 0;
+      strm.avail_out = chunkSize;
+    }
+
+    status = zlib_inflate.inflate(strm, c.Z_NO_FLUSH);    /* no bad return value */
+
+    if (status === c.Z_NEED_DICT && dictionary) {
+      // Convert data if needed
+      if (typeof dictionary === 'string') {
+        dict = strings.string2buf(dictionary);
+      } else if (toString.call(dictionary) === '[object ArrayBuffer]') {
+        dict = new Uint8Array(dictionary);
+      } else {
+        dict = dictionary;
+      }
+
+      status = zlib_inflate.inflateSetDictionary(this.strm, dict);
+
+    }
+
+    if (status === c.Z_BUF_ERROR && allowBufError === true) {
+      status = c.Z_OK;
+      allowBufError = false;
+    }
+
+    if (status !== c.Z_STREAM_END && status !== c.Z_OK) {
+      this.onEnd(status);
+      this.ended = true;
+      return false;
+    }
+
+    if (strm.next_out) {
+      if (strm.avail_out === 0 || status === c.Z_STREAM_END || (strm.avail_in === 0 && (_mode === c.Z_FINISH || _mode === c.Z_SYNC_FLUSH))) {
+
+        if (this.options.to === 'string') {
+
+          next_out_utf8 = strings.utf8border(strm.output, strm.next_out);
+
+          tail = strm.next_out - next_out_utf8;
+          utf8str = strings.buf2string(strm.output, next_out_utf8);
+
+          // move tail
+          strm.next_out = tail;
+          strm.avail_out = chunkSize - tail;
+          if (tail) { utils.arraySet(strm.output, strm.output, next_out_utf8, tail, 0); }
+
+          this.onData(utf8str);
+
+        } else {
+          this.onData(utils.shrinkBuf(strm.output, strm.next_out));
+        }
+      }
+    }
+
+    // When no more input data, we should check that internal inflate buffers
+    // are flushed. The only way to do it when avail_out = 0 - run one more
+    // inflate pass. But if output data not exists, inflate return Z_BUF_ERROR.
+    // Here we set flag to process this error properly.
+    //
+    // NOTE. Deflate does not return error in this case and does not needs such
+    // logic.
+    if (strm.avail_in === 0 && strm.avail_out === 0) {
+      allowBufError = true;
+    }
+
+  } while ((strm.avail_in > 0 || strm.avail_out === 0) && status !== c.Z_STREAM_END);
+
+  if (status === c.Z_STREAM_END) {
+    _mode = c.Z_FINISH;
+  }
+
+  // Finalize on the last chunk.
+  if (_mode === c.Z_FINISH) {
+    status = zlib_inflate.inflateEnd(this.strm);
+    this.onEnd(status);
+    this.ended = true;
+    return status === c.Z_OK;
+  }
+
+  // callback interim results if Z_SYNC_FLUSH.
+  if (_mode === c.Z_SYNC_FLUSH) {
+    this.onEnd(c.Z_OK);
+    strm.avail_out = 0;
+    return true;
+  }
+
+  return true;
+};
+
+
+/**
+ * Inflate#onData(chunk) -> Void
+ * - chunk (Uint8Array|Array|String): ouput data. Type of array depends
+ *   on js engine support. When string output requested, each chunk
+ *   will be string.
+ *
+ * By default, stores data blocks in `chunks[]` property and glue
+ * those in `onEnd`. Override this handler, if you need another behaviour.
+ **/
+Inflate.prototype.onData = function (chunk) {
+  this.chunks.push(chunk);
+};
+
+
+/**
+ * Inflate#onEnd(status) -> Void
+ * - status (Number): inflate status. 0 (Z_OK) on success,
+ *   other if not.
+ *
+ * Called either after you tell inflate that the input stream is
+ * complete (Z_FINISH) or should be flushed (Z_SYNC_FLUSH)
+ * or if an error happened. By default - join collected chunks,
+ * free memory and fill `results` / `err` properties.
+ **/
+Inflate.prototype.onEnd = function (status) {
+  // On success - join
+  if (status === c.Z_OK) {
+    if (this.options.to === 'string') {
+      // Glue & convert here, until we teach pako to send
+      // utf8 alligned strings to onData
+      this.result = this.chunks.join('');
+    } else {
+      this.result = utils.flattenChunks(this.chunks);
+    }
+  }
+  this.chunks = [];
+  this.err = status;
+  this.msg = this.strm.msg;
+};
+
+
+/**
+ * inflate(data[, options]) -> Uint8Array|Array|String
+ * - data (Uint8Array|Array|String): input data to decompress.
+ * - options (Object): zlib inflate options.
+ *
+ * Decompress `data` with inflate/ungzip and `options`. Autodetect
+ * format via wrapper header by default. That's why we don't provide
+ * separate `ungzip` method.
+ *
+ * Supported options are:
+ *
+ * - windowBits
+ *
+ * [http://zlib.net/manual.html#Advanced](http://zlib.net/manual.html#Advanced)
+ * for more information.
+ *
+ * Sugar (options):
+ *
+ * - `raw` (Boolean) - say that we work with raw stream, if you don't wish to specify
+ *   negative windowBits implicitly.
+ * - `to` (String) - if equal to 'string', then result will be converted
+ *   from utf8 to utf16 (javascript) string. When string output requested,
+ *   chunk length can differ from `chunkSize`, depending on content.
+ *
+ *
+ * ##### Example:
+ *
+ * ```javascript
+ * var pako = require('pako')
+ *   , input = pako.deflate([1,2,3,4,5,6,7,8,9])
+ *   , output;
+ *
+ * try {
+ *   output = pako.inflate(input);
+ * } catch (err)
+ *   console.log(err);
+ * }
+ * ```
+ **/
+function inflate(input, options) {
+  var inflator = new Inflate(options);
+
+  inflator.push(input, true);
+
+  // That will never happens, if you don't cheat with options :)
+  if (inflator.err) { throw inflator.msg || msg[inflator.err]; }
+
+  return inflator.result;
+}
+
+
+/**
+ * inflateRaw(data[, options]) -> Uint8Array|Array|String
+ * - data (Uint8Array|Array|String): input data to decompress.
+ * - options (Object): zlib inflate options.
+ *
+ * The same as [[inflate]], but creates raw data, without wrapper
+ * (header and adler32 crc).
+ **/
+function inflateRaw(input, options) {
+  options = options || {};
+  options.raw = true;
+  return inflate(input, options);
+}
+
+
+/**
+ * ungzip(data[, options]) -> Uint8Array|Array|String
+ * - data (Uint8Array|Array|String): input data to decompress.
+ * - options (Object): zlib inflate options.
+ *
+ * Just shortcut to [[inflate]], because it autodetects format
+ * by header.content. Done for convenience.
+ **/
+
+
+exports.Inflate = Inflate;
+exports.inflate = inflate;
+exports.inflateRaw = inflateRaw;
+exports.ungzip  = inflate;
+
+},{"./utils/common":1,"./utils/strings":2,"./zlib/constants":4,"./zlib/gzheader":6,"./zlib/inflate":8,"./zlib/messages":10,"./zlib/zstream":11}]},{},[])("/lib/inflate.js")
+});
\ No newline at end of file
diff --git a/chromium/images/HTTPS-Everywhere-Logo.png b/chromium/images/HTTPS-Everywhere-Logo.png
new file mode 100644
index 000000000000..d1ebd640731b
Binary files /dev/null and b/chromium/images/HTTPS-Everywhere-Logo.png differ
diff --git a/chromium/images/banner-red.svg b/chromium/images/banner-red.svg
new file mode 100644
index 000000000000..5e1e54b9f800
--- /dev/null
+++ b/chromium/images/banner-red.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 1244 263"><style>.a{fill:#020202}@media(prefers-color-scheme:dark){.a{fill:#fff}}</style><path class="a" d="M1243.4 8.5h-35.6l-53.1 146.7h35.6zm-59.2 0h-35.6l-53.1 146.7h35.7zm-108.6 91.10001c-5.6 0-10.1 1.8-13.6 5.3s-5.3 8.1-5.3 13.6c0 5.7 1.8 10.3 5.3 13.8s8.1 5.3 13.6 5.3c5.7 0 10.3-1.8 13.8-5.3s5.3-8.1 5.3-13.8c0-5.6-1.8-10.1-5.3-13.6-3.5-3.6-8.1-5.3-13.8-5.3zm0-55.1c-5.6 0-10.1 1.8-13.6 5.3s-5.3 8.1-5.3 13.6c0 5.7 1.8 10.3 5.3 13.8s8.1 5.3 13.6 5.3c5.7 0 10.3-1.8 13.8-5.3s5.3-8.1 5.3-13.8c0-5.6-1.8-10.1-5.3-13.6s-8.1-5.3-13.8-5.3zm-104.9-43.6c11.7 0 23.3 1.6 34.9 4.8 11.6 3.2 21.7 7.5 30.2 12.9l-17.9 37.6c-8.4-4.6-17.5-8.6-27.4-12.2-9.9-3.6-17.9-5.3-24-5.3-6.1 0-9.2 2.1-9.2 6.2 0 2.8 1.9 5.3 5.8 7.4 3.8 2.1 8.6 3.7 14.3 4.8 5.7 1.1 11.9 2.9 18.7 5.2 6.8 2.3 13 5 18.7 8 5.7 3 10.5 7.6 14.3 13.8 3.8 6.2 5.8 13.6 5.8 22.1 0 15.8-6 27.8-17.9 35.9-12 8.1-27 12.2-45 12.2-13.2 0-26.6-2.1-40-6.3-13.4-4.2-25.1-10.1-34.9-17.6l18.4-37.1c7.5 6.3 17 11.7 28.4 16.3 11.4 4.6 20.9 6.9 28.6 6.9 8 0 12-2.6 12-7.7 0-3-1.9-5.5-5.8-7.6-3.8-2.1-8.6-3.6-14.3-4.7-5.7-1.1-11.9-2.7-18.7-4.9-6.8-2.2-13-4.7-18.7-7.6-5.7-2.8-10.5-7.2-14.3-13.1-3.8-5.9-5.8-13-5.8-21.2 0-14.9 5.8-26.8 17.4-35.5 11.4-8.9 26.9-13.3 46.4-13.3zm-211.3 2.1h70.2c19.5 0 34.6 4.7 45.3 14 10.7 9.3 16 22.5 16 39.6 0 18.1-5.3 32.1-16 42.2-10.7 10-25.8 15.1-45.3 15.1h-20.7v38.9h-49.5zm49.5 37.6v35.6H827c5.4 0 9.6-1.6 12.5-4.8 2.9-3.2 4.4-7.6 4.4-13.3 0-5.5-1.5-9.9-4.4-12.9-2.9-3.1-7.1-4.6-12.5-4.6zm-61.3 1.5h-42.7v110.6h-49.5v-110.6h-42.5v-39.1h134.7zm-145.8 0h-42.7v110.6h-49.5v-110.6h-42.5v-39.1h134.7zm-146.4 110.6h-49.5v-54h-46.3v54H310v-149.7h49.5v58.1h46.3v-58.1h49.5v149.7z"/><path fill="#630000" d="M0 218V3h215l45 45v215H45z"/><path fill="#931111" d="M215 3l45 45v215L0 3z"/><path fill="#ec1e1e" d="M0 3h215v215H0zm1229.9 196.5h-43.7v10.4h39.7v21.3h-39.7v10.5h44.8V263h-73v-84.9h71.9zm-112.2 63.6l-10.2-22.1H1097v22.1h-28.1v-84.9h41.1c11.6 0 20.5 2.6 26.8 7.9 6.3 5.3 9.5 12.8 9.5 22.5 0 12.4-4.5 21.4-13.5 26.9l16.7 27.6zm-20.7-43.4h13c3.1 0 5.4-.9 7.1-2.7 1.7-1.8 2.5-4.3 2.5-7.6 0-3.2-.8-5.6-2.5-7.3-1.7-1.7-4-2.6-7.1-2.6h-13zm-41.2-20.2H1012v10.4h39.7v21.3H1012v10.5h44.8V263h-72.9v-84.9h71.9zm-85.3 63.6h-28.1v-30.7h-26.3v30.7H888v-84.9h28.1v33h26.3v-33h28.1zm-117.1 0h-29l-11.8-50.8-12.1 50.8h-29L744 178.2h30.1l12.8 55.7 12.6-55.6 27.4-.1 12.8 55.7 12.6-55.7H881zm-139.2-26.4v26.4h-28.1v-25.8l-31-59.1h28l17.1 32.7 16.5-32.7h28zm-91.6 26.4L612.4 241h-10.5v22.1h-28.1v-84.9h41.1c11.6 0 20.5 2.6 26.8 7.9 6.3 5.3 9.5 12.8 9.5 22.5 0 12.4-4.5 21.4-13.5 26.9l16.7 27.6zm-20.7-43.4h13c3.1 0 5.4-.9 7.1-2.7 1.7-1.8 2.5-4.3 2.5-7.6 0-3.2-.8-5.6-2.5-7.3-1.7-1.7-4-2.6-7.1-2.6h-13zm-41.2-20.2H517v10.4h39.7v21.3H517v10.5h44.8V263h-72.9v-84.9h71.9v21.4zm-111.1 63.6h-29.1l-32.2-84.9h30.1l17.6 55.7 17.4-55.7H482zm-67.8-63.6h-43.7v10.4h39.7v21.3h-39.7v10.5h44.8V263H310v-84.9h71.9v21.4z"/><path fill="#fff" d="M111.35 41.4c10.5 0 21 1.4 31.5 4.3s19.5 6.8 27.3 11.7l-16.2 33.9c-7.6-4.1-15.8-7.8-24.7-11-8.9-3.2-16.1-4.8-21.7-4.8-5.5 0-8.3 1.9-8.3 5.6 0 2.6 1.7 4.8 5.2 6.6 3.5 1.9 7.8 3.3 12.9 4.3 5.1 1 10.8 2.6 16.9 4.7 6.1 2.1 11.7 4.5 16.9 7.2 5.1 2.7 9.4 6.8 12.9 12.4 3.5 5.6 5.2 12.2 5.2 19.9 0 14.3-5.4 25-16.2 32.4-10.8 7.3-24.3 11-40.6 11-11.9 0-24-1.9-36.1-5.7-12.1-3.8-22.6-9.1-31.5-15.9l16.6-33.5c6.8 5.7 15.3 10.6 25.6 14.7 10.3 4.2 18.9 6.3 25.8 6.3 7.2 0 10.8-2.3 10.8-6.9 0-2.7-1.7-5-5.2-6.8-3.5-1.9-7.8-3.3-12.9-4.2-5.1-1-10.8-2.4-16.9-4.4-6.1-2-11.7-4.3-16.9-6.8-5.1-2.6-9.4-6.5-12.9-11.8-3.5-5.3-5.2-11.7-5.2-19.2 0-13.5 5.2-24.2 15.7-32.1 10.4-7.9 24.4-11.9 42-11.9z"/></svg>
\ No newline at end of file
diff --git a/chromium/images/eff-logo-monogram-red.png b/chromium/images/eff-logo-monogram-red.png
new file mode 100644
index 000000000000..2b91daab5203
Binary files /dev/null and b/chromium/images/eff-logo-monogram-red.png differ
diff --git a/chromium/images/onboarding/httpseverywhere-logo.png b/chromium/images/onboarding/httpseverywhere-logo.png
new file mode 100644
index 000000000000..30aebc3ee763
Binary files /dev/null and b/chromium/images/onboarding/httpseverywhere-logo.png differ
diff --git a/chromium/manifest.json b/chromium/manifest.json
index a35f275e6f42..5a1ee704713e 100644
--- a/chromium/manifest.json
+++ b/chromium/manifest.json
@@ -10,9 +10,16 @@
         "scripts": [
             "background-scripts/bootstrap.js",
             "background-scripts/util.js",
+            "wasm/https_everywhere_lib_wasm.js",
+            "background-scripts/wasm.js",
+            "background-scripts/update_channels.js",
+            "background-scripts/update.js",
             "background-scripts/rules.js",
             "background-scripts/store.js",
+            "external/pako-1.0.5/pako_inflate.min.js",
             "background-scripts/incognito.js",
+            "background-scripts/ip_utils.js",
+            "background-scripts/modules/ssl_codes.js",
             "background-scripts/background.js"
         ]
     },
@@ -23,19 +30,20 @@
         "default_popup": "pages/popup/index.html",
         "default_title": "__MSG_about_ext_name__"
     },
+    "content_security_policy": "script-src 'self' 'wasm-eval'; object-src 'self'",
     "default_locale": "en",
     "description": "__MSG_about_ext_description__",
-    "devtools_page": "pages/devtools/index.html",
     "homepage_url": "https://www.eff.org/https-everywhere",
     "icons": {
         "128": "images/icons/icon-active-128.png",
         "48": "images/icons/icon-active-48.png"
     },
-    "incognito": "spanning",
+    "incognito": "split",
     "manifest_version": 2,
     "minimum_chrome_version": "55",
     "name": "__MSG_about_ext_name__",
     "options_ui": {
+        "open_in_tab": true,
         "page": "pages/options/index.html"
     },
     "permissions": [
@@ -45,7 +53,11 @@
         "tabs",
         "cookies",
         "storage",
-        "*://*/*"
+        "*://*/*",
+        "ftp://*/*"
     ],
-    "version": "2018.3.13"
+    "version": "2022.5.24",
+    "web_accessible_resources": [
+        "/pages/cancel/index.html"
+    ]
 }
\ No newline at end of file
diff --git a/chromium/package-lock.json b/chromium/package-lock.json
new file mode 100644
index 000000000000..0886adcdb32c
--- /dev/null
+++ b/chromium/package-lock.json
@@ -0,0 +1,2909 @@
+{
+  "name": "https-everywhere",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@babel/code-frame": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.10.4.tgz",
+      "integrity": "sha512-vG6SvB6oYEhvgisZNFRmRCUkLz11c7rp+tbNTynGqc6mS1d5ATd/sGyV6W0KZZnXRKMTzZDRgQT3Ou9jhpAfUg==",
+      "dev": true,
+      "requires": {
+        "@babel/highlight": "^7.10.4"
+      }
+    },
+    "@babel/core": {
+      "version": "7.11.1",
+      "resolved": "https://registry.npmjs.org/@babel/core/-/core-7.11.1.tgz",
+      "integrity": "sha512-XqF7F6FWQdKGGWAzGELL+aCO1p+lRY5Tj5/tbT3St1G8NaH70jhhDIKknIZaDans0OQBG5wRAldROLHSt44BgQ==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/generator": "^7.11.0",
+        "@babel/helper-module-transforms": "^7.11.0",
+        "@babel/helpers": "^7.10.4",
+        "@babel/parser": "^7.11.1",
+        "@babel/template": "^7.10.4",
+        "@babel/traverse": "^7.11.0",
+        "@babel/types": "^7.11.0",
+        "convert-source-map": "^1.7.0",
+        "debug": "^4.1.0",
+        "gensync": "^1.0.0-beta.1",
+        "json5": "^2.1.2",
+        "lodash": "^4.17.19",
+        "resolve": "^1.3.2",
+        "semver": "^5.4.1",
+        "source-map": "^0.5.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "semver": {
+          "version": "5.7.1",
+          "resolved": "https://registry.npmjs.org/semver/-/semver-5.7.1.tgz",
+          "integrity": "sha512-sauaDf/PZdVgrLTNYHRtpXa1iRiKcaebiKQ1BJdpQlWH2lCvexQdX55snPFyK7QzpudqbCI0qXFfOasHdyNDGQ==",
+          "dev": true
+        }
+      }
+    },
+    "@babel/generator": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/generator/-/generator-7.11.0.tgz",
+      "integrity": "sha512-fEm3Uzw7Mc9Xi//qU20cBKatTfs2aOtKqmvy/Vm7RkJEGFQ4xc9myCfbXxqK//ZS8MR/ciOHw6meGASJuKmDfQ==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.11.0",
+        "jsesc": "^2.5.1",
+        "source-map": "^0.5.0"
+      }
+    },
+    "@babel/helper-function-name": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-function-name/-/helper-function-name-7.10.4.tgz",
+      "integrity": "sha512-YdaSyz1n8gY44EmN7x44zBn9zQ1Ry2Y+3GTA+3vH6Mizke1Vw0aWDM66FOYEPw8//qKkmqOckrGgTYa+6sceqQ==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-get-function-arity": "^7.10.4",
+        "@babel/template": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-get-function-arity": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-get-function-arity/-/helper-get-function-arity-7.10.4.tgz",
+      "integrity": "sha512-EkN3YDB+SRDgiIUnNgcmiD361ti+AVbL3f3Henf6dqqUyr5dMsorno0lJWJuLhDhkI5sYEpgj6y9kB8AOU1I2A==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-member-expression-to-functions": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-member-expression-to-functions/-/helper-member-expression-to-functions-7.11.0.tgz",
+      "integrity": "sha512-JbFlKHFntRV5qKw3YC0CvQnDZ4XMwgzzBbld7Ly4Mj4cbFy3KywcR8NtNctRToMWJOVvLINJv525Gd6wwVEx/Q==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.11.0"
+      }
+    },
+    "@babel/helper-module-imports": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-imports/-/helper-module-imports-7.10.4.tgz",
+      "integrity": "sha512-nEQJHqYavI217oD9+s5MUBzk6x1IlvoS9WTPfgG43CbMEeStE0v+r+TucWdx8KFGowPGvyOkDT9+7DHedIDnVw==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-module-transforms": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-module-transforms/-/helper-module-transforms-7.11.0.tgz",
+      "integrity": "sha512-02EVu8COMuTRO1TAzdMtpBPbe6aQ1w/8fePD2YgQmxZU4gpNWaL9gK3Jp7dxlkUlUCJOTaSeA+Hrm1BRQwqIhg==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-module-imports": "^7.10.4",
+        "@babel/helper-replace-supers": "^7.10.4",
+        "@babel/helper-simple-access": "^7.10.4",
+        "@babel/helper-split-export-declaration": "^7.11.0",
+        "@babel/template": "^7.10.4",
+        "@babel/types": "^7.11.0",
+        "lodash": "^4.17.19"
+      }
+    },
+    "@babel/helper-optimise-call-expression": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-optimise-call-expression/-/helper-optimise-call-expression-7.10.4.tgz",
+      "integrity": "sha512-n3UGKY4VXwXThEiKrgRAoVPBMqeoPgHVqiHZOanAJCG9nQUL2pLRQirUzl0ioKclHGpGqRgIOkgcIJaIWLpygg==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-replace-supers": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-replace-supers/-/helper-replace-supers-7.10.4.tgz",
+      "integrity": "sha512-sPxZfFXocEymYTdVK1UNmFPBN+Hv5mJkLPsYWwGBxZAxaWfFu+xqp7b6qWD0yjNuNL2VKc6L5M18tOXUP7NU0A==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-member-expression-to-functions": "^7.10.4",
+        "@babel/helper-optimise-call-expression": "^7.10.4",
+        "@babel/traverse": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-simple-access": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-simple-access/-/helper-simple-access-7.10.4.tgz",
+      "integrity": "sha512-0fMy72ej/VEvF8ULmX6yb5MtHG4uH4Dbd6I/aHDb/JVg0bbivwt9Wg+h3uMvX+QSFtwr5MeItvazbrc4jtRAXw==",
+      "dev": true,
+      "requires": {
+        "@babel/template": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/helper-split-export-declaration": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/helper-split-export-declaration/-/helper-split-export-declaration-7.11.0.tgz",
+      "integrity": "sha512-74Vejvp6mHkGE+m+k5vHY93FX2cAtrw1zXrZXRlG4l410Nm9PxfEiVTn1PjDPV5SnmieiueY4AFg2xqhNFuuZg==",
+      "dev": true,
+      "requires": {
+        "@babel/types": "^7.11.0"
+      }
+    },
+    "@babel/helper-validator-identifier": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.10.4.tgz",
+      "integrity": "sha512-3U9y+43hz7ZM+rzG24Qe2mufW5KhvFg/NhnNph+i9mgCtdTCtMJuI1TMkrIUiK7Ix4PYlRF9I5dhqaLYA/ADXw==",
+      "dev": true
+    },
+    "@babel/helpers": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helpers/-/helpers-7.10.4.tgz",
+      "integrity": "sha512-L2gX/XeUONeEbI78dXSrJzGdz4GQ+ZTA/aazfUsFaWjSe95kiCuOZ5HsXvkiw3iwF+mFHSRUfJU8t6YavocdXA==",
+      "dev": true,
+      "requires": {
+        "@babel/template": "^7.10.4",
+        "@babel/traverse": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/highlight": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz",
+      "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "chalk": "^2.0.0",
+        "js-tokens": "^4.0.0"
+      }
+    },
+    "@babel/parser": {
+      "version": "7.11.3",
+      "resolved": "https://registry.npmjs.org/@babel/parser/-/parser-7.11.3.tgz",
+      "integrity": "sha512-REo8xv7+sDxkKvoxEywIdsNFiZLybwdI7hcT5uEPyQrSMB4YQ973BfC9OOrD/81MaIjh6UxdulIQXkjmiH3PcA==",
+      "dev": true
+    },
+    "@babel/runtime": {
+      "version": "7.12.5",
+      "resolved": "https://registry.npmjs.org/@babel/runtime/-/runtime-7.12.5.tgz",
+      "integrity": "sha512-plcc+hbExy3McchJCEQG3knOsuh3HH+Prx1P6cLIkET/0dLuQDEnrT+s27Axgc9bqfsmNUNHfscgMUdBpC9xfg==",
+      "dev": true,
+      "requires": {
+        "regenerator-runtime": "^0.13.4"
+      }
+    },
+    "@babel/template": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/template/-/template-7.10.4.tgz",
+      "integrity": "sha512-ZCjD27cGJFUB6nmCB1Enki3r+L5kJveX9pq1SvAUKoICy6CZ9yD8xO086YXdYhvNjBdnekm4ZnaP5yC8Cs/1tA==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/parser": "^7.10.4",
+        "@babel/types": "^7.10.4"
+      }
+    },
+    "@babel/traverse": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/traverse/-/traverse-7.11.0.tgz",
+      "integrity": "sha512-ZB2V+LskoWKNpMq6E5UUCrjtDUh5IOTAyIl0dTjIEoXum/iKWkoIEKIRDnUucO6f+2FzNkE0oD4RLKoPIufDtg==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.10.4",
+        "@babel/generator": "^7.11.0",
+        "@babel/helper-function-name": "^7.10.4",
+        "@babel/helper-split-export-declaration": "^7.11.0",
+        "@babel/parser": "^7.11.0",
+        "@babel/types": "^7.11.0",
+        "debug": "^4.1.0",
+        "globals": "^11.1.0",
+        "lodash": "^4.17.19"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        }
+      }
+    },
+    "@babel/types": {
+      "version": "7.11.0",
+      "resolved": "https://registry.npmjs.org/@babel/types/-/types-7.11.0.tgz",
+      "integrity": "sha512-O53yME4ZZI0jO1EVGtF1ePGl0LHirG4P1ibcD80XyzZcKhcMFeCXmh4Xb1ifGBIV233Qg12x4rBfQgA+tmOukA==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "lodash": "^4.17.19",
+        "to-fast-properties": "^2.0.0"
+      }
+    },
+    "@codemirror/autocomplete": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/autocomplete/-/autocomplete-6.0.2.tgz",
+      "integrity": "sha512-9PDjnllmXan/7Uax87KGORbxerDJ/cu10SB+n4Jz0zXMEvIh3+TGgZxhIvDOtaQ4jDBQEM7kHYW4vLdQB0DGZQ==",
+      "dev": true,
+      "requires": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@codemirror/commands": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/@codemirror/commands/-/commands-6.0.1.tgz",
+      "integrity": "sha512-iNHDByicYqQjs0Wo1MKGfqNbMYMyhS9WV6EwMVwsHXImlFemgEUC+c5X22bXKBStN3qnwg4fArNZM+gkv22baQ==",
+      "dev": true,
+      "requires": {
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@codemirror/language": {
+      "version": "6.2.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/language/-/language-6.2.0.tgz",
+      "integrity": "sha512-tabB0Ef/BflwoEmTB4a//WZ9P90UQyne9qWB9YFsmeS4bnEqSys7UpGk/da1URMXhyfuzWCwp+AQNMhvu8SfnA==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "@lezer/common": "^1.0.0",
+        "@lezer/highlight": "^1.0.0",
+        "@lezer/lr": "^1.0.0",
+        "style-mod": "^4.0.0"
+      }
+    },
+    "@codemirror/lint": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/lint/-/lint-6.0.0.tgz",
+      "integrity": "sha512-nUUXcJW1Xp54kNs+a1ToPLK8MadO0rMTnJB8Zk4Z8gBdrN0kqV7uvUraU/T2yqg+grDNR38Vmy/MrhQN/RgwiA==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "crelt": "^1.0.5"
+      }
+    },
+    "@codemirror/search": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/search/-/search-6.0.0.tgz",
+      "integrity": "sha512-rL0rd3AhI0TAsaJPUaEwC63KHLO7KL0Z/dYozXj6E7L3wNHRyx7RfE0/j5HsIf912EE5n2PCb4Vg0rGYmDv4UQ==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0",
+        "crelt": "^1.0.5"
+      }
+    },
+    "@codemirror/state": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/@codemirror/state/-/state-6.1.0.tgz",
+      "integrity": "sha512-qbUr94DZTe6/V1VS7LDLz11rM/1t/nJxR1El4I6UaxDEdc0aZZvq6JCLJWiRmUf95NRAnDH6fhXn+PWp9wGCIg==",
+      "dev": true
+    },
+    "@codemirror/view": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/@codemirror/view/-/view-6.0.2.tgz",
+      "integrity": "sha512-mnVT/q1JvKPjpmjXJNeCi/xHyaJ3abGJsumIVpdQ1nE1MXAyHf7GHWt8QpWMUvDiqF0j+inkhVR2OviTdFFX7Q==",
+      "dev": true,
+      "requires": {
+        "@codemirror/state": "^6.0.0",
+        "style-mod": "^4.0.0",
+        "w3c-keyname": "^2.2.4"
+      }
+    },
+    "@istanbuljs/load-nyc-config": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/load-nyc-config/-/load-nyc-config-1.1.0.tgz",
+      "integrity": "sha512-VjeHSlIzpv/NyD3N0YuHfXOPDIixcA1q2ZV98wsMqcYlPmv2n3Yb2lYP9XMElnaFVXg5A7YLTeLu6V84uQDjmQ==",
+      "dev": true,
+      "requires": {
+        "camelcase": "^5.3.1",
+        "find-up": "^4.1.0",
+        "get-package-type": "^0.1.0",
+        "js-yaml": "^3.13.1",
+        "resolve-from": "^5.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+          "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+          "dev": true,
+          "requires": {
+            "locate-path": "^5.0.0",
+            "path-exists": "^4.0.0"
+          }
+        },
+        "locate-path": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+          "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^4.1.0"
+          }
+        },
+        "p-locate": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+          "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+          "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+          "dev": true
+        }
+      }
+    },
+    "@istanbuljs/schema": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/@istanbuljs/schema/-/schema-0.1.2.tgz",
+      "integrity": "sha512-tsAQNx32a8CoFhjhijUIhI4kccIAgmGhy8LZMZgGfmXcpMbPRUqn5LWmgRttILi6yeGmBJd2xsPkFMs0PzgPCw==",
+      "dev": true
+    },
+    "@lezer/common": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@lezer/common/-/common-1.0.0.tgz",
+      "integrity": "sha512-ohydQe+Hb+w4oMDvXzs8uuJd2NoA3D8YDcLiuDsLqH+yflDTPEpgCsWI3/6rH5C3BAedtH1/R51dxENldQceEA==",
+      "dev": true
+    },
+    "@lezer/highlight": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/@lezer/highlight/-/highlight-1.0.0.tgz",
+      "integrity": "sha512-nsCnNtim90UKsB5YxoX65v3GEIw3iCHw9RM2DtdgkiqAbKh9pCdvi8AWNwkYf10Lu6fxNhXPpkpHbW6mihhvJA==",
+      "dev": true,
+      "requires": {
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@lezer/lr": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/@lezer/lr/-/lr-1.1.0.tgz",
+      "integrity": "sha512-Iad04uVwk1PvSnj25mqj7zEEIRAsasbsTRmVzI0AUTs/+1Dz1//iYAaoLr7A+Xa7bZDfql5MKTxZmSlkYZD3Dg==",
+      "dev": true,
+      "requires": {
+        "@lezer/common": "^1.0.0"
+      }
+    },
+    "@sinonjs/commons": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.1.tgz",
+      "integrity": "sha512-892K+kWUUi3cl+LlqEWIDrhvLgdL79tECi8JZUyq6IviKy/DNhuzCRlbHUjxK89f4ypPMMaFnFuR9Ie6DoIMsw==",
+      "dev": true,
+      "requires": {
+        "type-detect": "4.0.8"
+      }
+    },
+    "@sinonjs/fake-timers": {
+      "version": "9.1.2",
+      "resolved": "https://registry.npmjs.org/@sinonjs/fake-timers/-/fake-timers-9.1.2.tgz",
+      "integrity": "sha512-BPS4ynJW/o92PUR4wgriz2Ud5gpST5vz6GQfMixEDK0Z8ZCUv2M7SkBLykH56T++Xs+8ln9zTGbOvNGIe02/jw==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.7.0"
+      }
+    },
+    "@sinonjs/samsam": {
+      "version": "6.1.1",
+      "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-6.1.1.tgz",
+      "integrity": "sha512-cZ7rKJTLiE7u7Wi/v9Hc2fs3Ucc3jrWeMgPHbbTCeVAB2S0wOBbYlkJVeNSL04i7fdhT8wIbDq1zhC/PXTD2SA==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.6.0",
+        "lodash.get": "^4.4.2",
+        "type-detect": "^4.0.8"
+      }
+    },
+    "@sinonjs/text-encoding": {
+      "version": "0.7.1",
+      "resolved": "https://registry.npmjs.org/@sinonjs/text-encoding/-/text-encoding-0.7.1.tgz",
+      "integrity": "sha512-+iTbntw2IZPb/anVDbypzfQa+ay64MW0Zo8aJ8gZPWMMK6/OubMVb6lUPMagqjOPnmtauXnFCACVl3O7ogjeqQ==",
+      "dev": true
+    },
+    "@types/color-name": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz",
+      "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
+      "dev": true
+    },
+    "@ungap/promise-all-settled": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/@ungap/promise-all-settled/-/promise-all-settled-1.1.2.tgz",
+      "integrity": "sha512-sL/cEvJWAnClXw0wHk85/2L0G6Sj8UB0Ctc1TEMbKSsmpRosqhwj9gWgFRZSrBr2f9tiXISwNhCPmlfqUqyb9Q==",
+      "dev": true
+    },
+    "aggregate-error": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/aggregate-error/-/aggregate-error-3.0.1.tgz",
+      "integrity": "sha512-quoaXsZ9/BLNae5yiNoUz+Nhkwz83GhWwtYFglcjEQB2NDHCIpApbqXxIFnm4Pq/Nvhrsq5sYJFyohrrxnTGAA==",
+      "dev": true,
+      "requires": {
+        "clean-stack": "^2.0.0",
+        "indent-string": "^4.0.0"
+      }
+    },
+    "ajv": {
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "dev": true,
+      "requires": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      }
+    },
+    "ansi-colors": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
+      "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "anymatch": {
+      "version": "3.1.2",
+      "resolved": "https://registry.npmjs.org/anymatch/-/anymatch-3.1.2.tgz",
+      "integrity": "sha512-P43ePfOAIupkguHUycrc4qJ9kz8ZiuOUijaETwX7THt0Y/GNK7v0aa8rY816xWjZ7rJdA5XdMcpVFTKMq+RvWg==",
+      "dev": true,
+      "requires": {
+        "normalize-path": "^3.0.0",
+        "picomatch": "^2.0.4"
+      }
+    },
+    "append-transform": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/append-transform/-/append-transform-2.0.0.tgz",
+      "integrity": "sha512-7yeyCEurROLQJFv5Xj4lEGTy0borxepjFv1g22oAdqFu//SrAlDl1O1Nxx15SH1RoliUml6p8dwJW9jvZughhg==",
+      "dev": true,
+      "requires": {
+        "default-require-extensions": "^3.0.0"
+      }
+    },
+    "archy": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/archy/-/archy-1.0.0.tgz",
+      "integrity": "sha1-+cjBN1fMHde8N5rHeyxipcKGjEA=",
+      "dev": true
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "array-from": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/array-from/-/array-from-2.1.1.tgz",
+      "integrity": "sha1-z+nYwmYoudxa7MYqn12PHzUsEZU=",
+      "dev": true
+    },
+    "asn1": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "dev": true,
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
+    "assert-plus": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU=",
+      "dev": true
+    },
+    "assertion-error": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
+      "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
+      "dev": true
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=",
+      "dev": true
+    },
+    "atob": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/atob/-/atob-2.1.2.tgz",
+      "integrity": "sha512-Wm6ukoaOGJi/73p/cl2GvLjTI5JM1k/O14isD73YML8StrH/7/lRFgmg8nICZgD3bZZvjwCGxtMOD3wWNAu8cg==",
+      "dev": true
+    },
+    "aws-sign2": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg=",
+      "dev": true
+    },
+    "aws4": {
+      "version": "1.11.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.11.0.tgz",
+      "integrity": "sha512-xh1Rl34h6Fi1DC2WWKfxUTVqRsNnr6LsKz2+hfwDxQJWmrx8+c7ylaqBMcHfl1U1r2dsifOvKX3LQuLNZ+XSvA==",
+      "dev": true
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
+      "dev": true
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "dev": true,
+      "requires": {
+        "tweetnacl": "^0.14.3"
+      }
+    },
+    "binary-extensions": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/binary-extensions/-/binary-extensions-2.2.0.tgz",
+      "integrity": "sha512-jDctJ/IVQbZoJykoeHbhXpOlNBqGNcwXJKJog42E5HDPUwQTSdjCHdihjj0DlnheQ7blbT6dHOafNAiS8ooQKA==",
+      "dev": true
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "braces": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/braces/-/braces-3.0.2.tgz",
+      "integrity": "sha512-b8um+L1RzM3WDSzvhm6gIz1yfTbBt6YTlcEKAvsmqCZZFw46z626lVj9j1yEPW33H5H+lBQpZMP1k8l+78Ha0A==",
+      "dev": true,
+      "requires": {
+        "fill-range": "^7.0.1"
+      }
+    },
+    "browser-stdout": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz",
+      "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==",
+      "dev": true
+    },
+    "btoa": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/btoa/-/btoa-1.2.1.tgz",
+      "integrity": "sha512-SB4/MIGlsiVkMcHmT+pSmIPoNDoHg+7cMzmt3Uxt628MTz2487DKSqK/fuhFBrkuqrYv5UCEnACpF4dTFNKc/g==",
+      "dev": true
+    },
+    "caching-transform": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/caching-transform/-/caching-transform-4.0.0.tgz",
+      "integrity": "sha512-kpqOvwXnjjN44D89K5ccQC+RUrsy7jB/XLlRrx0D7/2HNcTPqzsb6XgYoErwko6QsV184CA2YgS1fxDiiDZMWA==",
+      "dev": true,
+      "requires": {
+        "hasha": "^5.0.0",
+        "make-dir": "^3.0.0",
+        "package-hash": "^4.0.0",
+        "write-file-atomic": "^3.0.0"
+      }
+    },
+    "camelcase": {
+      "version": "5.3.1",
+      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-5.3.1.tgz",
+      "integrity": "sha512-L28STB170nwWS63UjtlEOE3dldQApaJXZkOI1uMFfzf3rRuPegHaHesyee+YxQ+W6SvRDQV6UrdOdRiR153wJg==",
+      "dev": true
+    },
+    "caseless": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
+      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw=",
+      "dev": true
+    },
+    "chai": {
+      "version": "4.3.6",
+      "resolved": "https://registry.npmjs.org/chai/-/chai-4.3.6.tgz",
+      "integrity": "sha512-bbcp3YfHCUzMOvKqsztczerVgBKSsEijCySNlHHbX3VG1nskvqjz5Rfso1gGwD6w6oOV3eI60pKuMOV5MV7p3Q==",
+      "dev": true,
+      "requires": {
+        "assertion-error": "^1.1.0",
+        "check-error": "^1.0.2",
+        "deep-eql": "^3.0.1",
+        "get-func-name": "^2.0.0",
+        "loupe": "^2.3.1",
+        "pathval": "^1.1.1",
+        "type-detect": "^4.0.5"
+      }
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      },
+      "dependencies": {
+        "has-flag": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+          "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "5.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
+    "check-error": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
+      "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=",
+      "dev": true
+    },
+    "chokidar": {
+      "version": "3.5.3",
+      "resolved": "https://registry.npmjs.org/chokidar/-/chokidar-3.5.3.tgz",
+      "integrity": "sha512-Dr3sfKRP6oTcjf2JmUmFJfeVMvXBdegxB0iVQ5eb2V10uFJUCAS8OByZdVAyVb8xXNz3GjjTgj9kLWsZTqE6kw==",
+      "dev": true,
+      "requires": {
+        "anymatch": "~3.1.2",
+        "braces": "~3.0.2",
+        "fsevents": "~2.3.2",
+        "glob-parent": "~5.1.2",
+        "is-binary-path": "~2.1.0",
+        "is-glob": "~4.0.1",
+        "normalize-path": "~3.0.0",
+        "readdirp": "~3.6.0"
+      }
+    },
+    "clean-stack": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/clean-stack/-/clean-stack-2.2.0.tgz",
+      "integrity": "sha512-4diC9HaTE+KRAMWhDhrGOECgWZxoevMc5TlkObMqNSsVU62PYzXZ/SMTjzyGAFF1YusgxGcSWTEXBhp0CPwQ1A==",
+      "dev": true
+    },
+    "cliui": {
+      "version": "7.0.4",
+      "resolved": "https://registry.npmjs.org/cliui/-/cliui-7.0.4.tgz",
+      "integrity": "sha512-OcRE68cOsVMXp1Yvonl/fzkQOyjLSu/8bhPDfQt0e0/Eb283TKP20Fs2MqoPsr9SwA595rRCA+QMzYc9nBP+JQ==",
+      "dev": true,
+      "requires": {
+        "string-width": "^4.2.0",
+        "strip-ansi": "^6.0.0",
+        "wrap-ansi": "^7.0.0"
+      }
+    },
+    "codemirror": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/codemirror/-/codemirror-6.0.1.tgz",
+      "integrity": "sha512-J8j+nZ+CdWmIeFIGXEFbFPtpiYacFMDR8GlHK3IyHQJMCaVRfGx9NT+Hxivv1ckLWPvNdZqndbr/7lVhrf/Svg==",
+      "dev": true,
+      "requires": {
+        "@codemirror/autocomplete": "^6.0.0",
+        "@codemirror/commands": "^6.0.0",
+        "@codemirror/language": "^6.0.0",
+        "@codemirror/lint": "^6.0.0",
+        "@codemirror/search": "^6.0.0",
+        "@codemirror/state": "^6.0.0",
+        "@codemirror/view": "^6.0.0"
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "dev": true,
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
+    },
+    "commondir": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/commondir/-/commondir-1.0.1.tgz",
+      "integrity": "sha1-3dgA2gxmEnOTzKWVDqloo6rxJTs=",
+      "dev": true
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
+    },
+    "convert-source-map": {
+      "version": "1.7.0",
+      "resolved": "https://registry.npmjs.org/convert-source-map/-/convert-source-map-1.7.0.tgz",
+      "integrity": "sha512-4FJkXzKXEDB1snCFZlLP4gpC3JILicCpGbzG9f9G7tGqGCzETQ2hWPrcinA9oU4wtf2biUaEH5065UnMeR33oA==",
+      "dev": true,
+      "requires": {
+        "safe-buffer": "~5.1.1"
+      }
+    },
+    "core-js": {
+      "version": "3.8.1",
+      "resolved": "https://registry.npmjs.org/core-js/-/core-js-3.8.1.tgz",
+      "integrity": "sha512-9Id2xHY1W7m8hCl8NkhQn5CufmF/WuR30BTRewvCXc1aZd3kMECwNZ69ndLbekKfakw9Rf2Xyc+QR6E7Gg+obg==",
+      "dev": true
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
+      "dev": true
+    },
+    "coveralls": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/coveralls/-/coveralls-3.1.1.tgz",
+      "integrity": "sha512-+dxnG2NHncSD1NrqbSM3dn/lE57O6Qf/koe9+I7c+wzkqRmEvcp0kgJdxKInzYzkICKkFMZsX3Vct3++tsF9ww==",
+      "dev": true,
+      "requires": {
+        "js-yaml": "^3.13.1",
+        "lcov-parse": "^1.0.0",
+        "log-driver": "^1.2.7",
+        "minimist": "^1.2.5",
+        "request": "^2.88.2"
+      }
+    },
+    "crelt": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/crelt/-/crelt-1.0.5.tgz",
+      "integrity": "sha512-+BO9wPPi+DWTDcNYhr/W90myha8ptzftZT+LwcmUbbok0rcP/fequmFYCw8NMoH7pkAZQzU78b3kYrlua5a9eA==",
+      "dev": true
+    },
+    "cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dev": true,
+      "requires": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      }
+    },
+    "dashdash": {
+      "version": "1.14.1",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
+      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "debug": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.2.0.tgz",
+      "integrity": "sha512-IX2ncY78vDTjZMFUdmsvIRFY2Cf4FnD0wRs+nQwJU8Lu99/tPFdb0VybiiMTPe3I6rQmwsqQqRBvxU+bZ/I8sg==",
+      "dev": true,
+      "requires": {
+        "ms": "2.1.2"
+      }
+    },
+    "decamelize": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
+      "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA=",
+      "dev": true
+    },
+    "deep-eql": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz",
+      "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==",
+      "dev": true,
+      "requires": {
+        "type-detect": "^4.0.0"
+      }
+    },
+    "default-require-extensions": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/default-require-extensions/-/default-require-extensions-3.0.0.tgz",
+      "integrity": "sha512-ek6DpXq/SCpvjhpFsLFRVtIxJCRw6fUR42lYMVZuUMK7n8eMz4Uh5clckdBjEpLhn/gEBZo7hDJnJcwdKLKQjg==",
+      "dev": true,
+      "requires": {
+        "strip-bom": "^4.0.0"
+      }
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
+      "dev": true
+    },
+    "diff": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/diff/-/diff-5.0.0.tgz",
+      "integrity": "sha512-/VTCrvm5Z0JGty/BWHljh+BAiw3IK+2j87NGMu8Nwc/f48WoDAC395uomO9ZD117ZOBaHmkX1oyLvkVM/aIT3w==",
+      "dev": true
+    },
+    "ecc-jsbn": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "dev": true,
+      "requires": {
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
+      }
+    },
+    "emoji-regex": {
+      "version": "8.0.0",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+      "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+      "dev": true
+    },
+    "es6-error": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/es6-error/-/es6-error-4.1.1.tgz",
+      "integrity": "sha512-Um/+FxMr9CISWh0bi5Zv0iOD+4cFh5qLeks1qhAopKVAJw3drgKbKySikp7wGhDL0HPeaja0P5ULZrxLkniUVg==",
+      "dev": true
+    },
+    "escalade": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/escalade/-/escalade-3.1.1.tgz",
+      "integrity": "sha512-k0er2gUkLf8O0zKJiAhmkTnJlTvINGv7ygDNPbeIsX/TJjGJZHuh9B2UxbsaEkmlEo9MfhrSzmhIlhRlI2GXnw==",
+      "dev": true
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
+      "dev": true
+    },
+    "extsprintf": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
+      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU=",
+      "dev": true
+    },
+    "fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "dev": true
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true
+    },
+    "fetch-mock": {
+      "version": "9.11.0",
+      "resolved": "https://registry.npmjs.org/fetch-mock/-/fetch-mock-9.11.0.tgz",
+      "integrity": "sha512-PG1XUv+x7iag5p/iNHD4/jdpxL9FtVSqRMUQhPab4hVDt80T1MH5ehzVrL2IdXO9Q2iBggArFvPqjUbHFuI58Q==",
+      "dev": true,
+      "requires": {
+        "@babel/core": "^7.0.0",
+        "@babel/runtime": "^7.0.0",
+        "core-js": "^3.0.0",
+        "debug": "^4.1.1",
+        "glob-to-regexp": "^0.4.0",
+        "is-subset": "^0.1.1",
+        "lodash.isequal": "^4.5.0",
+        "path-to-regexp": "^2.2.1",
+        "querystring": "^0.2.0",
+        "whatwg-url": "^6.5.0"
+      }
+    },
+    "fill-range": {
+      "version": "7.0.1",
+      "resolved": "https://registry.npmjs.org/fill-range/-/fill-range-7.0.1.tgz",
+      "integrity": "sha512-qOo9F+dMUmC2Lcb4BbVvnKJxTPjCm+RRpe4gDuGrzkL7mEVl/djYSu2OdQ2Pa302N4oqkSg9ir6jaLWJ2USVpQ==",
+      "dev": true,
+      "requires": {
+        "to-regex-range": "^5.0.1"
+      }
+    },
+    "find-cache-dir": {
+      "version": "3.3.1",
+      "resolved": "https://registry.npmjs.org/find-cache-dir/-/find-cache-dir-3.3.1.tgz",
+      "integrity": "sha512-t2GDMt3oGC/v+BMwzmllWDuJF/xcDtE5j/fCGbqDD7OLuJkj0cfh1YSA5VKPvwMeLFLNDBkwOKZ2X85jGLVftQ==",
+      "dev": true,
+      "requires": {
+        "commondir": "^1.0.1",
+        "make-dir": "^3.0.2",
+        "pkg-dir": "^4.1.0"
+      }
+    },
+    "find-up": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-5.0.0.tgz",
+      "integrity": "sha512-78/PXT1wlLLDgTzDs7sjq9hzz0vXD+zn+7wypEe4fXQxCmdmqfGsEPQxmiCSQI3ajFV91bVSsvNtrJRiW6nGng==",
+      "dev": true,
+      "requires": {
+        "locate-path": "^6.0.0",
+        "path-exists": "^4.0.0"
+      }
+    },
+    "flat": {
+      "version": "5.0.2",
+      "resolved": "https://registry.npmjs.org/flat/-/flat-5.0.2.tgz",
+      "integrity": "sha512-b6suED+5/3rTpUBdG1gupIl8MPFCAMA0QXwmljLhvCUKcUvdE4gWky9zpuGCcXHOsz4J9wPGNWq6OKpmIzz3hQ==",
+      "dev": true
+    },
+    "foreground-child": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/foreground-child/-/foreground-child-2.0.0.tgz",
+      "integrity": "sha512-dCIq9FpEcyQyXKCkyzmlPTFNgrCzPudOe+mhvJU5zAtlBnGVy2yKxtfsxK2tQBThwq225jcvBjpw1Gr40uzZCA==",
+      "dev": true,
+      "requires": {
+        "cross-spawn": "^7.0.0",
+        "signal-exit": "^3.0.2"
+      }
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
+      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE=",
+      "dev": true
+    },
+    "form-data": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
+      "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
+      "dev": true,
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.6",
+        "mime-types": "^2.1.12"
+      }
+    },
+    "fromentries": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/fromentries/-/fromentries-1.2.1.tgz",
+      "integrity": "sha512-Xu2Qh8yqYuDhQGOhD5iJGninErSfI9A3FrriD3tjUgV5VbJFeH8vfgZ9HnC6jWN80QDVNQK5vmxRAmEAp7Mevw==",
+      "dev": true
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+      "dev": true
+    },
+    "fsevents": {
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/fsevents/-/fsevents-2.3.2.tgz",
+      "integrity": "sha512-xiqMQR4xAeHTuB9uWm+fFRcIOgKBMiOBP+eXiyT7jsgVCq1bkVygt00oASowB7EdtpOHaaPgKt812P9ab+DDKA==",
+      "dev": true,
+      "optional": true
+    },
+    "gensync": {
+      "version": "1.0.0-beta.1",
+      "resolved": "https://registry.npmjs.org/gensync/-/gensync-1.0.0-beta.1.tgz",
+      "integrity": "sha512-r8EC6NO1sngH/zdD9fiRDLdcgnbayXah+mLgManTaIZJqEC1MZstmnox8KpnI2/fxQwrp5OpCOYWLp4rBl4Jcg==",
+      "dev": true
+    },
+    "get-caller-file": {
+      "version": "2.0.5",
+      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-2.0.5.tgz",
+      "integrity": "sha512-DyFP3BM/3YHTQOCUL/w0OZHR0lpKeGrxotcHWcqNEdnltqFwXVfhEBQ94eIo34AfQpo0rGki4cyIiftY06h2Fg==",
+      "dev": true
+    },
+    "get-func-name": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz",
+      "integrity": "sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=",
+      "dev": true
+    },
+    "get-package-type": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/get-package-type/-/get-package-type-0.1.0.tgz",
+      "integrity": "sha512-pjzuKtY64GYfWizNAJ0fr9VqttZkNiK2iS430LtIHzjBEr6bX8Am2zm4sW4Ro5wjWW5cAlRL1qAMTcXbjNAO2Q==",
+      "dev": true
+    },
+    "getpass": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
+      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "requires": {
+        "is-glob": "^4.0.1"
+      }
+    },
+    "glob-to-regexp": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/glob-to-regexp/-/glob-to-regexp-0.4.1.tgz",
+      "integrity": "sha512-lkX1HJXwyMcprw/5YUZc2s7DrpAiHB21/V+E1rHUrVNokkvB6bqMzT0VfV6/86ZNabt1k14YOIaT7nDvOX3Iiw==",
+      "dev": true
+    },
+    "globals": {
+      "version": "11.12.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.12.0.tgz",
+      "integrity": "sha512-WOBp/EEGUiIsJSp7wcv/y6MO+lV9UoncWqxuFfm8eBwzWNgyfBd6Gz+IeKQ9jCmyhoH99g15M3T+QaVHFjizVA==",
+      "dev": true
+    },
+    "graceful-fs": {
+      "version": "4.2.4",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz",
+      "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw==",
+      "dev": true
+    },
+    "har-schema": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI=",
+      "dev": true
+    },
+    "har-validator": {
+      "version": "5.1.5",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz",
+      "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==",
+      "dev": true,
+      "requires": {
+        "ajv": "^6.12.3",
+        "har-schema": "^2.0.0"
+      }
+    },
+    "has-flag": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+      "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+      "dev": true
+    },
+    "hasha": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/hasha/-/hasha-5.2.0.tgz",
+      "integrity": "sha512-2W+jKdQbAdSIrggA8Q35Br8qKadTrqCTC8+XZvBWepKDK6m9XkX6Iz1a2yh2KP01kzAR/dpuMeUnocoLYDcskw==",
+      "dev": true,
+      "requires": {
+        "is-stream": "^2.0.0",
+        "type-fest": "^0.8.0"
+      }
+    },
+    "he": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/he/-/he-1.2.0.tgz",
+      "integrity": "sha512-F/1DnUGPopORZi0ni+CvrCgHQ5FyEAHRLSApuYWMmrbSwoN2Mn/7k+Gl38gJnR7yyDZk6WLXwiGod1JOWNDKGw==",
+      "dev": true
+    },
+    "html-escaper": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/html-escaper/-/html-escaper-2.0.2.tgz",
+      "integrity": "sha512-H2iMtd0I4Mt5eYiapRdIDjp+XzelXQ0tFE4JS7YFwFevXXMmOp9myNrUvCg0D6ws8iqkRPBfKHgbwig1SmlLfg==",
+      "dev": true
+    },
+    "http-signature": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "jsprim": "^1.2.2",
+        "sshpk": "^1.7.0"
+      }
+    },
+    "imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
+      "dev": true
+    },
+    "indent-string": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/indent-string/-/indent-string-4.0.0.tgz",
+      "integrity": "sha512-EdDDZu4A2OyIK7Lr/2zG+w5jmbuk1DVBnEwREQvBzspBJkCEbRa8GxU1lghYcaGJCnRWibjDXlq779X1/y5xwg==",
+      "dev": true
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4=",
+      "dev": true
+    },
+    "is-binary-path": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-binary-path/-/is-binary-path-2.1.0.tgz",
+      "integrity": "sha512-ZMERYes6pDydyuGidse7OsHxtbI7WVeUEozgR/g7rd0xUimYNlvZRE/K2MgZTjWy725IfelLeVcEM97mmtRGXw==",
+      "dev": true,
+      "requires": {
+        "binary-extensions": "^2.0.0"
+      }
+    },
+    "is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+      "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+      "dev": true
+    },
+    "is-glob": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.3.tgz",
+      "integrity": "sha512-xelSayHH36ZgE7ZWhli7pW34hNbNl8Ojv5KVmkJD4hBdD3th8Tfk9vYasLM+mXWOZhFkgZfxhLSnrwRr4elSSg==",
+      "dev": true,
+      "requires": {
+        "is-extglob": "^2.1.1"
+      }
+    },
+    "is-number": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/is-number/-/is-number-7.0.0.tgz",
+      "integrity": "sha512-41Cifkg6e8TylSpdtTpeLVMqvSBEVzTttHvERD741+pnZ8ANv0004MRL43QKPDlK9cGvNp6NZWZUBlbGXYxxng==",
+      "dev": true
+    },
+    "is-plain-obj": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-2.1.0.tgz",
+      "integrity": "sha512-YWnfyRwxL/+SsrWYfOpUtz5b3YD+nyfkHvjbcanzk8zgyO4ASD67uVMRt8k5bM4lLMDnXfriRhOpemw+NfT1eA==",
+      "dev": true
+    },
+    "is-stream": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-2.0.0.tgz",
+      "integrity": "sha512-XCoy+WlUr7d1+Z8GgSuXmpuUFC9fOhRXglJMx+dwLKTkL44Cjd4W1Z5P+BQZpr+cR93aGP4S/s7Ftw6Nd/kiEw==",
+      "dev": true
+    },
+    "is-subset": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/is-subset/-/is-subset-0.1.1.tgz",
+      "integrity": "sha1-ilkRfZMt4d4A8kX83TnOQ/HpOaY=",
+      "dev": true
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
+      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo=",
+      "dev": true
+    },
+    "is-unicode-supported": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/is-unicode-supported/-/is-unicode-supported-0.1.0.tgz",
+      "integrity": "sha512-knxG2q4UC3u8stRGyAVJCOdxFmv5DZiRcdlIaAQXAbSfJya+OhopNotLQrstBhququ4ZpuKbDc/8S6mgXgPFPw==",
+      "dev": true
+    },
+    "is-windows": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/is-windows/-/is-windows-1.0.2.tgz",
+      "integrity": "sha512-eXK1UInq2bPmjyX6e3VHIzMLobc4J94i4AWn+Hpq3OU5KkrRC96OAcR3PRJ/pGu6m8TRnBHP9dkXQVsT/COVIA==",
+      "dev": true
+    },
+    "isarray": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
+      "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
+      "dev": true
+    },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
+      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo=",
+      "dev": true
+    },
+    "istanbul-lib-coverage": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.0.0.tgz",
+      "integrity": "sha512-UiUIqxMgRDET6eR+o5HbfRYP1l0hqkWOs7vNxC/mggutCMUIhWMm8gAHb8tHlyfD3/l6rlgNA5cKdDzEAf6hEg==",
+      "dev": true
+    },
+    "istanbul-lib-hook": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-hook/-/istanbul-lib-hook-3.0.0.tgz",
+      "integrity": "sha512-Pt/uge1Q9s+5VAZ+pCo16TYMWPBIl+oaNIjgLQxcX0itS6ueeaA+pEfThZpH8WxhFgCiEb8sAJY6MdUKgiIWaQ==",
+      "dev": true,
+      "requires": {
+        "append-transform": "^2.0.0"
+      }
+    },
+    "istanbul-lib-instrument": {
+      "version": "4.0.3",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-instrument/-/istanbul-lib-instrument-4.0.3.tgz",
+      "integrity": "sha512-BXgQl9kf4WTCPCCpmFGoJkz/+uhvm7h7PFKUYxh7qarQd3ER33vHG//qaE8eN25l07YqZPpHXU9I09l/RD5aGQ==",
+      "dev": true,
+      "requires": {
+        "@babel/core": "^7.7.5",
+        "@istanbuljs/schema": "^0.1.2",
+        "istanbul-lib-coverage": "^3.0.0",
+        "semver": "^6.3.0"
+      }
+    },
+    "istanbul-lib-processinfo": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-processinfo/-/istanbul-lib-processinfo-2.0.2.tgz",
+      "integrity": "sha512-kOwpa7z9hme+IBPZMzQ5vdQj8srYgAtaRqeI48NGmAQ+/5yKiHLV0QbYqQpxsdEF0+w14SoB8YbnHKcXE2KnYw==",
+      "dev": true,
+      "requires": {
+        "archy": "^1.0.0",
+        "cross-spawn": "^7.0.0",
+        "istanbul-lib-coverage": "^3.0.0-alpha.1",
+        "make-dir": "^3.0.0",
+        "p-map": "^3.0.0",
+        "rimraf": "^3.0.0",
+        "uuid": "^3.3.3"
+      },
+      "dependencies": {
+        "uuid": {
+          "version": "3.4.0",
+          "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+          "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==",
+          "dev": true
+        }
+      }
+    },
+    "istanbul-lib-report": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-report/-/istanbul-lib-report-3.0.0.tgz",
+      "integrity": "sha512-wcdi+uAKzfiGT2abPpKZ0hSU1rGQjUQnLvtY5MpQ7QCTahD3VODhcu4wcfY1YtkGaDD5yuydOLINXsfbus9ROw==",
+      "dev": true,
+      "requires": {
+        "istanbul-lib-coverage": "^3.0.0",
+        "make-dir": "^3.0.0",
+        "supports-color": "^7.1.0"
+      }
+    },
+    "istanbul-lib-source-maps": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/istanbul-lib-source-maps/-/istanbul-lib-source-maps-4.0.0.tgz",
+      "integrity": "sha512-c16LpFRkR8vQXyHZ5nLpY35JZtzj1PQY1iZmesUbf1FZHbIupcWfjgOXBY9YHkLEQ6puz1u4Dgj6qmU/DisrZg==",
+      "dev": true,
+      "requires": {
+        "debug": "^4.1.1",
+        "istanbul-lib-coverage": "^3.0.0",
+        "source-map": "^0.6.1"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+          "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+          "dev": true,
+          "requires": {
+            "ms": "^2.1.1"
+          }
+        },
+        "source-map": {
+          "version": "0.6.1",
+          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.6.1.tgz",
+          "integrity": "sha512-UjgapumWlbMhkBgzT7Ykc5YXUT46F0iKu8SGXq0bcwP5dz/h0Plj6enJqjz1Zbq2l5WaqYnrVbwWOWMyF3F47g==",
+          "dev": true
+        }
+      }
+    },
+    "istanbul-reports": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/istanbul-reports/-/istanbul-reports-3.0.2.tgz",
+      "integrity": "sha512-9tZvz7AiR3PEDNGiV9vIouQ/EAcqMXFmkcA1CDFTwOB98OZVDL0PH9glHotf5Ugp6GCOTypfzGWI/OqjWNCRUw==",
+      "dev": true,
+      "requires": {
+        "html-escaper": "^2.0.0",
+        "istanbul-lib-report": "^3.0.0"
+      }
+    },
+    "js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.13.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
+      "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "jsbn": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
+      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
+      "dev": true
+    },
+    "jsesc": {
+      "version": "2.5.2",
+      "resolved": "https://registry.npmjs.org/jsesc/-/jsesc-2.5.2.tgz",
+      "integrity": "sha512-OYu7XEzjkCQ3C5Ps3QIZsQfNpqoJyZZA99wd9aWd05NCtC5pWOkShK2mkL6HXQR6/Cy2lbNdPlZBpuQHXE63gA==",
+      "dev": true
+    },
+    "json-schema": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
+      "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA==",
+      "dev": true
+    },
+    "json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
+      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus=",
+      "dev": true
+    },
+    "json5": {
+      "version": "2.1.3",
+      "resolved": "https://registry.npmjs.org/json5/-/json5-2.1.3.tgz",
+      "integrity": "sha512-KXPvOm8K9IJKFM0bmdn8QXh7udDh1g/giieX0NLCaMnb4hEiVFqnop2ImTXCc5e0/oHz3LTqmHGtExn5hfMkOA==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "jsprim": {
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
+      "integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==",
+      "dev": true,
+      "requires": {
+        "assert-plus": "1.0.0",
+        "extsprintf": "1.3.0",
+        "json-schema": "0.4.0",
+        "verror": "1.10.0"
+      }
+    },
+    "just-extend": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-4.1.0.tgz",
+      "integrity": "sha512-ApcjaOdVTJ7y4r08xI5wIqpvwS48Q0PBG4DJROcEkH1f8MdAiNFyFxz3xoL0LWAVwjrwPYZdVHHxhRHcx/uGLA==",
+      "dev": true
+    },
+    "lcov-parse": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/lcov-parse/-/lcov-parse-1.0.0.tgz",
+      "integrity": "sha1-6w1GtUER68VhrLTECO+TY73I9+A=",
+      "dev": true
+    },
+    "locate-path": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-6.0.0.tgz",
+      "integrity": "sha512-iPZK6eYjbxRu3uB4/WZ3EsEIMJFMqAoopl3R+zuq0UjcAm/MO6KCweDgPfP3elTztoKP3KtnVHxTn2NHBSDVUw==",
+      "dev": true,
+      "requires": {
+        "p-locate": "^5.0.0"
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "lodash.flattendeep": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/lodash.flattendeep/-/lodash.flattendeep-4.4.0.tgz",
+      "integrity": "sha1-+wMJF/hqMTTlvJvsDWngAT3f7bI=",
+      "dev": true
+    },
+    "lodash.get": {
+      "version": "4.4.2",
+      "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
+      "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=",
+      "dev": true
+    },
+    "lodash.isequal": {
+      "version": "4.5.0",
+      "resolved": "https://registry.npmjs.org/lodash.isequal/-/lodash.isequal-4.5.0.tgz",
+      "integrity": "sha1-QVxEePK8wwEgwizhDtMib30+GOA=",
+      "dev": true
+    },
+    "lodash.sortby": {
+      "version": "4.7.0",
+      "resolved": "https://registry.npmjs.org/lodash.sortby/-/lodash.sortby-4.7.0.tgz",
+      "integrity": "sha1-7dFMgk4sycHgsKG0K7UhBRakJDg=",
+      "dev": true
+    },
+    "log-driver": {
+      "version": "1.2.7",
+      "resolved": "https://registry.npmjs.org/log-driver/-/log-driver-1.2.7.tgz",
+      "integrity": "sha512-U7KCmLdqsGHBLeWqYlFA0V0Sl6P08EE1ZrmA9cxjUE0WVqT9qnyVDPz1kzpFEP0jdJuFnasWIfSd7fsaNXkpbg==",
+      "dev": true
+    },
+    "log-symbols": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/log-symbols/-/log-symbols-4.1.0.tgz",
+      "integrity": "sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==",
+      "dev": true,
+      "requires": {
+        "chalk": "^4.1.0",
+        "is-unicode-supported": "^0.1.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.3.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+          "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^2.0.1"
+          }
+        },
+        "chalk": {
+          "version": "4.1.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.2.tgz",
+          "integrity": "sha512-oKnbhFyRIXpUuez8iBMmyEa4nbj4IOQyuhc/wy9kY7/WVPcwIO9VA668Pu8RkO7+0G76SLROeyw9CpQ061i4mA==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^4.1.0",
+            "supports-color": "^7.1.0"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        }
+      }
+    },
+    "lolex": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/lolex/-/lolex-4.2.0.tgz",
+      "integrity": "sha512-gKO5uExCXvSm6zbF562EvM+rd1kQDnB9AZBbiQVzf1ZmdDpxUSvpnAaVOP83N/31mRK8Ml8/VE8DMvsAZQ+7wg==",
+      "dev": true
+    },
+    "loupe": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/loupe/-/loupe-2.3.1.tgz",
+      "integrity": "sha512-EN1D3jyVmaX4tnajVlfbREU4axL647hLec1h/PXAb8CPDMJiYitcWF2UeLVNttRqaIqQs4x+mRvXf+d+TlDrCA==",
+      "dev": true,
+      "requires": {
+        "get-func-name": "^2.0.0"
+      }
+    },
+    "make-dir": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/make-dir/-/make-dir-3.1.0.tgz",
+      "integrity": "sha512-g3FeP20LNwhALb/6Cz6Dd4F2ngze0jz7tbzrD2wAV+o9FeNHe4rL+yK2md0J/fiSf1sa1ADhXqi5+oVwOM/eGw==",
+      "dev": true,
+      "requires": {
+        "semver": "^6.0.0"
+      }
+    },
+    "mime-db": {
+      "version": "1.48.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.48.0.tgz",
+      "integrity": "sha512-FM3QwxV+TnZYQ2aRqhlKBMHxk10lTbMt3bBkMAp54ddrNeVSfcQYOOKuGuy3Ddrm38I04If834fOUSq1yzslJQ==",
+      "dev": true
+    },
+    "mime-types": {
+      "version": "2.1.31",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.31.tgz",
+      "integrity": "sha512-XGZnNzm3QvgKxa8dpzyhFTHmpP3l5YNusmne07VUOXxou9CqUqYa/HBy124RqtVh/O2pECas/MOcsDgpilPOPg==",
+      "dev": true,
+      "requires": {
+        "mime-db": "1.48.0"
+      }
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
+      "dev": true
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "mocha": {
+      "version": "10.0.0",
+      "resolved": "https://registry.npmjs.org/mocha/-/mocha-10.0.0.tgz",
+      "integrity": "sha512-0Wl+elVUD43Y0BqPZBzZt8Tnkw9CMUdNYnUsTfOM1vuhJVZL+kiesFYsqwBkEEuEixaiPe5ZQdqDgX2jddhmoA==",
+      "dev": true,
+      "requires": {
+        "@ungap/promise-all-settled": "1.1.2",
+        "ansi-colors": "4.1.1",
+        "browser-stdout": "1.3.1",
+        "chokidar": "3.5.3",
+        "debug": "4.3.4",
+        "diff": "5.0.0",
+        "escape-string-regexp": "4.0.0",
+        "find-up": "5.0.0",
+        "glob": "7.2.0",
+        "he": "1.2.0",
+        "js-yaml": "4.1.0",
+        "log-symbols": "4.1.0",
+        "minimatch": "5.0.1",
+        "ms": "2.1.3",
+        "nanoid": "3.3.3",
+        "serialize-javascript": "6.0.0",
+        "strip-json-comments": "3.1.1",
+        "supports-color": "8.1.1",
+        "workerpool": "6.2.1",
+        "yargs": "16.2.0",
+        "yargs-parser": "20.2.4",
+        "yargs-unparser": "2.0.0"
+      },
+      "dependencies": {
+        "argparse": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/argparse/-/argparse-2.0.1.tgz",
+          "integrity": "sha512-8+9WqebbFzpX9OR+Wa6O29asIogeRMzcGtAINdpMHHyAg10f05aSFVBbcEqGf/PXw1EjAZ+q2/bEBg3DvurK3Q==",
+          "dev": true
+        },
+        "debug": {
+          "version": "4.3.4",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-4.3.4.tgz",
+          "integrity": "sha512-PRWFHuSU3eDtQJPvnNY7Jcket1j0t5OuOsFzPPzsekD52Zl8qUfFIPEiswXqIvHWGVHOgX+7G/vCNNhehwxfkQ==",
+          "dev": true,
+          "requires": {
+            "ms": "2.1.2"
+          },
+          "dependencies": {
+            "ms": {
+              "version": "2.1.2",
+              "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+              "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+              "dev": true
+            }
+          }
+        },
+        "escape-string-regexp": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-4.0.0.tgz",
+          "integrity": "sha512-TtpcNJ3XAzx3Gq8sWRzJaVajRs0uVxA2YAkdb1jm2YkPz4G6egUFAyA3n5vtEIZefPk5Wa4UXbKuS5fKkJWdgA==",
+          "dev": true
+        },
+        "glob": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/glob/-/glob-7.2.0.tgz",
+          "integrity": "sha512-lmLf6gtyrPq8tTjSmrO94wBeQbFR3HbLHbuyD69wuyQkImp2hWqMGB47OX65FBkPffO641IP9jWa1z4ivqG26Q==",
+          "dev": true,
+          "requires": {
+            "fs.realpath": "^1.0.0",
+            "inflight": "^1.0.4",
+            "inherits": "2",
+            "minimatch": "^3.0.4",
+            "once": "^1.3.0",
+            "path-is-absolute": "^1.0.0"
+          },
+          "dependencies": {
+            "minimatch": {
+              "version": "3.1.2",
+              "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.1.2.tgz",
+              "integrity": "sha512-J7p63hRiAjw1NDEww1W7i37+ByIrOWO5XQQAzZ3VOcL0PNybwpfmV/N05zFAzwQ9USyEcX6t3UO+K5aqBQOIHw==",
+              "dev": true,
+              "requires": {
+                "brace-expansion": "^1.1.7"
+              }
+            }
+          }
+        },
+        "js-yaml": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-4.1.0.tgz",
+          "integrity": "sha512-wpxZs9NoxZaJESJGIZTyDEaYpl0FKSA+FB9aJiyemKhMwkxQg63h4T1KJgUGHpTqPDNRcmmYLugrRjJlBtWvRA==",
+          "dev": true,
+          "requires": {
+            "argparse": "^2.0.1"
+          }
+        },
+        "minimatch": {
+          "version": "5.0.1",
+          "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-5.0.1.tgz",
+          "integrity": "sha512-nLDxIFRyhDblz3qMuq+SoRZED4+miJ/G+tdDrjkkkRnjAsBexeGpgjLEQ0blJy7rHhR2b93rhQY4SvyWu9v03g==",
+          "dev": true,
+          "requires": {
+            "brace-expansion": "^2.0.1"
+          },
+          "dependencies": {
+            "brace-expansion": {
+              "version": "2.0.1",
+              "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-2.0.1.tgz",
+              "integrity": "sha512-XnAIvQ8eM+kC6aULx6wuQiwVsnzsi9d3WxzV3FpWTGA19F621kwdbsAcFKXgKUHZWsy+mY6iL1sHTxWEFCytDA==",
+              "dev": true,
+              "requires": {
+                "balanced-match": "^1.0.0"
+              }
+            }
+          }
+        },
+        "ms": {
+          "version": "2.1.3",
+          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.3.tgz",
+          "integrity": "sha512-6FlzubTLZG3J2a/NVCAleEhjzq5oxgHyaCU9yYXvcLsvoVaHJq/s5xXI6/XXP6tz7R9xAOtHnSO/tXtF3WRTlA==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "8.1.1",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-8.1.1.tgz",
+          "integrity": "sha512-MpUEN2OodtUzxvKQl72cUF7RQ5EiHsGvSsVG0ia9c5RbWGL2CI4C7EpPS8UTBIplnlzZiNuV56w+FuNxy3ty2Q==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "ms": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+      "dev": true
+    },
+    "nan": {
+      "version": "2.16.0",
+      "resolved": "https://registry.npmjs.org/nan/-/nan-2.16.0.tgz",
+      "integrity": "sha512-UdAqHyFngu7TfQKsCBgAA6pWDkT8MAO7d0jyOecVhN5354xbLqdn8mV9Tat9gepAupm0bt2DbeaSC8vS52MuFA==",
+      "dev": true
+    },
+    "nanoid": {
+      "version": "3.3.3",
+      "resolved": "https://registry.npmjs.org/nanoid/-/nanoid-3.3.3.tgz",
+      "integrity": "sha512-p1sjXuopFs0xg+fPASzQ28agW1oHD7xDsd9Xkf3T15H3c/cifrFHVwrh74PdoklAPi+i7MdRsE47vm2r6JoB+w==",
+      "dev": true
+    },
+    "nise": {
+      "version": "5.1.1",
+      "resolved": "https://registry.npmjs.org/nise/-/nise-5.1.1.tgz",
+      "integrity": "sha512-yr5kW2THW1AkxVmCnKEh4nbYkJdB3I7LUkiUgOvEkOp414mc2UMaHMA7pjq1nYowhdoJZGwEKGaQVbxfpWj10A==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.8.3",
+        "@sinonjs/fake-timers": ">=5",
+        "@sinonjs/text-encoding": "^0.7.1",
+        "just-extend": "^4.0.2",
+        "path-to-regexp": "^1.7.0"
+      },
+      "dependencies": {
+        "@sinonjs/commons": {
+          "version": "1.8.3",
+          "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz",
+          "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==",
+          "dev": true,
+          "requires": {
+            "type-detect": "4.0.8"
+          }
+        },
+        "path-to-regexp": {
+          "version": "1.8.0",
+          "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
+          "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
+          "dev": true,
+          "requires": {
+            "isarray": "0.0.1"
+          }
+        }
+      }
+    },
+    "node-preload": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/node-preload/-/node-preload-0.2.1.tgz",
+      "integrity": "sha512-RM5oyBy45cLEoHqCeh+MNuFAxO0vTFBLskvQbOKnEE7YTTSN4tbN8QWDIPQ6L+WvKsB/qLEGpYe2ZZ9d4W9OIQ==",
+      "dev": true,
+      "requires": {
+        "process-on-spawn": "^1.0.0"
+      }
+    },
+    "node-webcrypto-ossl": {
+      "version": "1.0.49",
+      "resolved": "https://registry.npmjs.org/node-webcrypto-ossl/-/node-webcrypto-ossl-1.0.49.tgz",
+      "integrity": "sha512-Zs73PeTWoUXUFicvAaxZC6ZyVCuq1Eg/Q4rYqiWyBY4eWIbZPFiRIi/KRM0A9GVKBPRNraaXsVmRAC83jEQ6nw==",
+      "dev": true,
+      "requires": {
+        "mkdirp": "^0.5.5",
+        "nan": "^2.14.0",
+        "tslib": "^1.11.1",
+        "webcrypto-core": "^0.1.27"
+      }
+    },
+    "normalize-path": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/normalize-path/-/normalize-path-3.0.0.tgz",
+      "integrity": "sha512-6eZs5Ls3WtCisHWp9S2GUy8dqkpGi4BVSz3GaqiE6ezub0512ESztXUwUB6C6IKbQkY2Pnb/mD4WYojCRwcwLA==",
+      "dev": true
+    },
+    "nyc": {
+      "version": "15.1.0",
+      "resolved": "https://registry.npmjs.org/nyc/-/nyc-15.1.0.tgz",
+      "integrity": "sha512-jMW04n9SxKdKi1ZMGhvUTHBN0EICCRkHemEoE5jm6mTYcqcdas0ATzgUgejlQUHMvpnOZqGB5Xxsv9KxJW1j8A==",
+      "dev": true,
+      "requires": {
+        "@istanbuljs/load-nyc-config": "^1.0.0",
+        "@istanbuljs/schema": "^0.1.2",
+        "caching-transform": "^4.0.0",
+        "convert-source-map": "^1.7.0",
+        "decamelize": "^1.2.0",
+        "find-cache-dir": "^3.2.0",
+        "find-up": "^4.1.0",
+        "foreground-child": "^2.0.0",
+        "get-package-type": "^0.1.0",
+        "glob": "^7.1.6",
+        "istanbul-lib-coverage": "^3.0.0",
+        "istanbul-lib-hook": "^3.0.0",
+        "istanbul-lib-instrument": "^4.0.0",
+        "istanbul-lib-processinfo": "^2.0.2",
+        "istanbul-lib-report": "^3.0.0",
+        "istanbul-lib-source-maps": "^4.0.0",
+        "istanbul-reports": "^3.0.2",
+        "make-dir": "^3.0.0",
+        "node-preload": "^0.2.1",
+        "p-map": "^3.0.0",
+        "process-on-spawn": "^1.0.0",
+        "resolve-from": "^5.0.0",
+        "rimraf": "^3.0.0",
+        "signal-exit": "^3.0.2",
+        "spawn-wrap": "^2.0.0",
+        "test-exclude": "^6.0.0",
+        "yargs": "^15.0.2"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz",
+          "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==",
+          "dev": true,
+          "requires": {
+            "@types/color-name": "^1.1.1",
+            "color-convert": "^2.0.1"
+          }
+        },
+        "cliui": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/cliui/-/cliui-6.0.0.tgz",
+          "integrity": "sha512-t6wbgtoCXvAzst7QgXxJYqPt0usEfbgQdftEPbLL/cvv6HPE5VgvqCuAIDR0NgU52ds6rFwqrgakNLrHEjCbrQ==",
+          "dev": true,
+          "requires": {
+            "string-width": "^4.2.0",
+            "strip-ansi": "^6.0.0",
+            "wrap-ansi": "^6.2.0"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        },
+        "emoji-regex": {
+          "version": "8.0.0",
+          "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-8.0.0.tgz",
+          "integrity": "sha512-MSjYzcWNOA0ewAHpz0MxpYFvwg6yjy1NG3xteoqz644VCo/RPgnr1/GGt+ic3iJTzQ8Eu3TdM14SawnVUmGE6A==",
+          "dev": true
+        },
+        "find-up": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+          "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+          "dev": true,
+          "requires": {
+            "locate-path": "^5.0.0",
+            "path-exists": "^4.0.0"
+          }
+        },
+        "is-fullwidth-code-point": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-3.0.0.tgz",
+          "integrity": "sha512-zymm5+u+sCsSWyD9qNaejV3DFvhCKclKdizYaJUuHA83RLjb7nSuGnddCHGv0hk+KY7BMAlsWeK4Ueg6EV6XQg==",
+          "dev": true
+        },
+        "locate-path": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+          "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^4.1.0"
+          }
+        },
+        "p-locate": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+          "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+          "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+          "dev": true
+        },
+        "string-width": {
+          "version": "4.2.0",
+          "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.0.tgz",
+          "integrity": "sha512-zUz5JD+tgqtuDjMhwIg5uFVV3dtqZ9yQJlZVfq4I01/K5Paj5UHj7VyrQOJvzawSVlKpObApbfD0Ed6yJc+1eg==",
+          "dev": true,
+          "requires": {
+            "emoji-regex": "^8.0.0",
+            "is-fullwidth-code-point": "^3.0.0",
+            "strip-ansi": "^6.0.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "6.0.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz",
+          "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^5.0.0"
+          }
+        },
+        "wrap-ansi": {
+          "version": "6.2.0",
+          "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-6.2.0.tgz",
+          "integrity": "sha512-r6lPcBGxZXlIcymEu7InxDMhdW0KDxpLgoFLcguasxCaJ/SOIZwINatK9KY/tf+ZrlywOKU0UDj3ATXUBfxJXA==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^4.0.0",
+            "string-width": "^4.1.0",
+            "strip-ansi": "^6.0.0"
+          }
+        },
+        "y18n": {
+          "version": "4.0.1",
+          "resolved": "https://registry.npmjs.org/y18n/-/y18n-4.0.1.tgz",
+          "integrity": "sha512-wNcy4NvjMYL8gogWWYAO7ZFWFfHcbdbE57tZO8e4cbpj8tfUcwrwqSl3ad8HxpYWCdXcJUCeKKZS62Av1affwQ==",
+          "dev": true
+        },
+        "yargs": {
+          "version": "15.4.1",
+          "resolved": "https://registry.npmjs.org/yargs/-/yargs-15.4.1.tgz",
+          "integrity": "sha512-aePbxDmcYW++PaqBsJ+HYUFwCdv4LVvdnhBy78E57PIor8/OVvhMrADFFEDh8DHDFRv/O9i3lPhsENjO7QX0+A==",
+          "dev": true,
+          "requires": {
+            "cliui": "^6.0.0",
+            "decamelize": "^1.2.0",
+            "find-up": "^4.1.0",
+            "get-caller-file": "^2.0.1",
+            "require-directory": "^2.1.1",
+            "require-main-filename": "^2.0.0",
+            "set-blocking": "^2.0.0",
+            "string-width": "^4.2.0",
+            "which-module": "^2.0.0",
+            "y18n": "^4.0.0",
+            "yargs-parser": "^18.1.2"
+          }
+        },
+        "yargs-parser": {
+          "version": "18.1.3",
+          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-18.1.3.tgz",
+          "integrity": "sha512-o50j0JeToy/4K6OZcaQmW6lyXXKhq7csREXcDwk2omFPJEwUNOVtJKvmDr9EI1fAJZUyZcRF7kxGBWmRXudrCQ==",
+          "dev": true,
+          "requires": {
+            "camelcase": "^5.0.0",
+            "decamelize": "^1.2.0"
+          }
+        }
+      }
+    },
+    "oauth-sign": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ==",
+      "dev": true
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dev": true,
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "p-limit": {
+      "version": "2.2.1",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-2.2.1.tgz",
+      "integrity": "sha512-85Tk+90UCVWvbDavCLKPOLC9vvY8OwEX/RtKF+/1OADJMVlFfEHOiMTPVyxg7mk/dKa+ipdHm0OUkTvCpMTuwg==",
+      "dev": true,
+      "requires": {
+        "p-try": "^2.0.0"
+      }
+    },
+    "p-locate": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-5.0.0.tgz",
+      "integrity": "sha512-LaNjtRWUBY++zB5nE/NwcaoMylSPk+S+ZHNB1TzdbMJMny6dynpAGt7X/tl/QYq3TIeE6nxHppbo2LGymrG5Pw==",
+      "dev": true,
+      "requires": {
+        "p-limit": "^3.0.2"
+      },
+      "dependencies": {
+        "p-limit": {
+          "version": "3.1.0",
+          "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-3.1.0.tgz",
+          "integrity": "sha512-TYOanM3wGwNGsZN2cVTYPArw454xnXj5qmWF1bEoAc4+cU/ol7GVh7odevjp1FNHduHc3KZMcFduxU5Xc6uJRQ==",
+          "dev": true,
+          "requires": {
+            "yocto-queue": "^0.1.0"
+          }
+        }
+      }
+    },
+    "p-map": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/p-map/-/p-map-3.0.0.tgz",
+      "integrity": "sha512-d3qXVTF/s+W+CdJ5A29wywV2n8CQQYahlgz2bFiA+4eVNJbHJodPZ+/gXwPGh0bOqA+j8S+6+ckmvLGPk1QpxQ==",
+      "dev": true,
+      "requires": {
+        "aggregate-error": "^3.0.0"
+      }
+    },
+    "p-try": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-2.2.0.tgz",
+      "integrity": "sha512-R4nPAVTAU0B9D35/Gk3uJf/7XYbQcyohSKdvAxIRSNghFl4e71hVoGnBNQz9cWaXxO2I10KTC+3jMdvvoKw6dQ==",
+      "dev": true
+    },
+    "package-hash": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/package-hash/-/package-hash-4.0.0.tgz",
+      "integrity": "sha512-whdkPIooSu/bASggZ96BWVvZTRMOFxnyUG5PnTSGKoJE2gd5mbVNmR2Nj20QFzxYYgAXpoqC+AiXzl+UMRh7zQ==",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.15",
+        "hasha": "^5.0.0",
+        "lodash.flattendeep": "^4.4.0",
+        "release-zalgo": "^1.0.0"
+      }
+    },
+    "pako": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/pako/-/pako-2.0.4.tgz",
+      "integrity": "sha512-v8tweI900AUkZN6heMU/4Uy4cXRc2AYNRggVmTR+dEncawDJgCdLMximOVA2p4qO57WMynangsfGRb5WD6L1Bg==",
+      "dev": true
+    },
+    "path-exists": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+      "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+      "dev": true
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "dev": true
+    },
+    "path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true
+    },
+    "path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true
+    },
+    "path-to-regexp": {
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-2.4.0.tgz",
+      "integrity": "sha512-G6zHoVqC6GGTQkZwF4lkuEyMbVOjoBKAEybQUypI1WTkqinCOrq2x6U2+phkJ1XsEMTy4LjtwPI7HW+NVrRR2w==",
+      "dev": true
+    },
+    "pathval": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.1.tgz",
+      "integrity": "sha512-Dp6zGqpTdETdR63lehJYPeIOqpiNBNtc7BpWSLrOje7UaIsE5aY92r/AunQA7rsXvet3lrJ3JnZX29UPTKXyKQ==",
+      "dev": true
+    },
+    "performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns=",
+      "dev": true
+    },
+    "picomatch": {
+      "version": "2.3.1",
+      "resolved": "https://registry.npmjs.org/picomatch/-/picomatch-2.3.1.tgz",
+      "integrity": "sha512-JU3teHTNjmE2VCGFzuY8EXzCDVwEqB2a8fsIvwaStHhAWJEeVd1o1QD80CU6+ZdEXXSLbSsuLwJjkCBWqRQUVA==",
+      "dev": true
+    },
+    "pkg-dir": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-4.2.0.tgz",
+      "integrity": "sha512-HRDzbaKjC+AOWVXxAU/x54COGeIv9eb+6CkDSQoNTt4XyWoIJvuPsXizxu/Fr23EiekbtZwmh1IcIG/l/a10GQ==",
+      "dev": true,
+      "requires": {
+        "find-up": "^4.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-4.1.0.tgz",
+          "integrity": "sha512-PpOwAdQ/YlXQ2vj8a3h8IipDuYRi3wceVQQGYWxNINccq40Anw7BlsEXCMbt1Zt+OLA6Fq9suIpIWD0OsnISlw==",
+          "dev": true,
+          "requires": {
+            "locate-path": "^5.0.0",
+            "path-exists": "^4.0.0"
+          }
+        },
+        "locate-path": {
+          "version": "5.0.0",
+          "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-5.0.0.tgz",
+          "integrity": "sha512-t7hw9pI+WvuwNJXwk5zVHpyhIqzg2qTlklJOf0mVxGSbe3Fp2VieZcduNYjaLDoy6p9uGpQEGWG87WpMKlNq8g==",
+          "dev": true,
+          "requires": {
+            "p-locate": "^4.1.0"
+          }
+        },
+        "p-locate": {
+          "version": "4.1.0",
+          "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-4.1.0.tgz",
+          "integrity": "sha512-R79ZZ/0wAxKGu3oYMlz8jy/kbhsNrS7SKZ7PxEHBgJ5+F2mtFW2fK2cOtBh1cHYkQsbzFV7I+EoRKe6Yt0oK7A==",
+          "dev": true,
+          "requires": {
+            "p-limit": "^2.2.0"
+          }
+        },
+        "path-exists": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-4.0.0.tgz",
+          "integrity": "sha512-ak9Qy5Q7jYb2Wwcey5Fpvg2KoAc/ZIhLSLOSBmRmygPsGwkVVt0fZa0qrtMz+m6tJTAHfZQ8FnmB4MG4LWy7/w==",
+          "dev": true
+        }
+      }
+    },
+    "process-on-spawn": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/process-on-spawn/-/process-on-spawn-1.0.0.tgz",
+      "integrity": "sha512-1WsPDsUSMmZH5LeMLegqkPDrsGgsWwk1Exipy2hvB0o/F0ASzbpIctSCcZIK1ykJvtTJULEH+20WOFjMvGnCTg==",
+      "dev": true,
+      "requires": {
+        "fromentries": "^1.2.0"
+      }
+    },
+    "psl": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz",
+      "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ==",
+      "dev": true
+    },
+    "punycode": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==",
+      "dev": true
+    },
+    "qs": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA==",
+      "dev": true
+    },
+    "querystring": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/querystring/-/querystring-0.2.0.tgz",
+      "integrity": "sha1-sgmEkgO7Jd+CDadW50cAWHhSFiA=",
+      "dev": true
+    },
+    "randombytes": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
+      "integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
+      "dev": true,
+      "requires": {
+        "safe-buffer": "^5.1.0"
+      }
+    },
+    "readdirp": {
+      "version": "3.6.0",
+      "resolved": "https://registry.npmjs.org/readdirp/-/readdirp-3.6.0.tgz",
+      "integrity": "sha512-hOS089on8RduqdbhvQ5Z37A0ESjsqz6qnRcffsMU3495FuTdqSm+7bhJ29JvIOsBDEEnan5DPu9t3To9VRlMzA==",
+      "dev": true,
+      "requires": {
+        "picomatch": "^2.2.1"
+      }
+    },
+    "regenerator-runtime": {
+      "version": "0.13.7",
+      "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.13.7.tgz",
+      "integrity": "sha512-a54FxoJDIr27pgf7IgeQGxmqUNYrcV338lf/6gH456HZ/PhX+5BcwHXG9ajESmwe6WRO0tAzRUrRmNONWgkrew==",
+      "dev": true
+    },
+    "release-zalgo": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/release-zalgo/-/release-zalgo-1.0.0.tgz",
+      "integrity": "sha1-CXALflB0Mpc5Mw5TXFqQ+2eFFzA=",
+      "dev": true,
+      "requires": {
+        "es6-error": "^4.0.1"
+      }
+    },
+    "request": {
+      "version": "2.88.2",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz",
+      "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==",
+      "dev": true,
+      "requires": {
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
+        "caseless": "~0.12.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
+        "forever-agent": "~0.6.1",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.3",
+        "http-signature": "~1.2.0",
+        "is-typedarray": "~1.0.0",
+        "isstream": "~0.1.2",
+        "json-stringify-safe": "~5.0.1",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.5.0",
+        "tunnel-agent": "^0.6.0",
+        "uuid": "^3.3.2"
+      }
+    },
+    "require-directory": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
+      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I=",
+      "dev": true
+    },
+    "require-main-filename": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-2.0.0.tgz",
+      "integrity": "sha512-NKN5kMDylKuldxYLSUfrbo5Tuzh4hd+2E8NPPX02mZtn1VuREQToYe/ZdlJy+J3uCpfaiGF05e7B8W0iXbQHmg==",
+      "dev": true
+    },
+    "resolve": {
+      "version": "1.17.0",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.17.0.tgz",
+      "integrity": "sha512-ic+7JYiV8Vi2yzQGFWOkiZD5Z9z7O2Zhm9XMaTxdJExKasieFCr+yXZ/WmXsckHiKl12ar0y6XiXDx3m4RHn1w==",
+      "dev": true,
+      "requires": {
+        "path-parse": "^1.0.6"
+      }
+    },
+    "resolve-from": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-5.0.0.tgz",
+      "integrity": "sha512-qYg9KP24dD5qka9J47d0aVky0N+b4fTU89LN9iDnjB5waksiC49rvMB0PrUJQGoTmH50XPiqOvAjDfaijGxYZw==",
+      "dev": true
+    },
+    "rimraf": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-3.0.2.tgz",
+      "integrity": "sha512-JZkJMZkAGFFPP2YqXZXPbMlMBgsxzE8ILs4lMIX/2o0L9UBw9O/Y3o6wFw/i9YLapcUJWwqbi3kdxIPdC62TIA==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.1.3"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g==",
+      "dev": true
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg==",
+      "dev": true
+    },
+    "semver": {
+      "version": "6.3.0",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-6.3.0.tgz",
+      "integrity": "sha512-b39TBaTSfV6yBrapU89p5fKekE2m/NwnDocOVruQFS1/veMgdzuPcnOM34M6CwxW8jH/lxEa5rBoDeUwu5HHTw==",
+      "dev": true
+    },
+    "serialize-javascript": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.0.tgz",
+      "integrity": "sha512-Qr3TosvguFt8ePWqsvRfrKyQXIiW+nGbYpy8XK24NQHE83caxWt+mIymTT19DGFbNWNLfEwsrkSmN64lVWB9ag==",
+      "dev": true,
+      "requires": {
+        "randombytes": "^2.1.0"
+      }
+    },
+    "set-blocking": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
+      "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc=",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "^3.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true
+    },
+    "signal-exit": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.3.tgz",
+      "integrity": "sha512-VUJ49FC8U1OxwZLxIbTTrDvLnf/6TDgxZcK8wxR8zs13xpx7xbG60ndBlhNrFi2EMuFRoeDoJO7wthSLq42EjA==",
+      "dev": true
+    },
+    "sinon": {
+      "version": "14.0.0",
+      "resolved": "https://registry.npmjs.org/sinon/-/sinon-14.0.0.tgz",
+      "integrity": "sha512-ugA6BFmE+WrJdh0owRZHToLd32Uw3Lxq6E6LtNRU+xTVBefx632h03Q7apXWRsRdZAJ41LB8aUfn2+O4jsDNMw==",
+      "dev": true,
+      "requires": {
+        "@sinonjs/commons": "^1.8.3",
+        "@sinonjs/fake-timers": "^9.1.2",
+        "@sinonjs/samsam": "^6.1.1",
+        "diff": "^5.0.0",
+        "nise": "^5.1.1",
+        "supports-color": "^7.2.0"
+      },
+      "dependencies": {
+        "@sinonjs/commons": {
+          "version": "1.8.3",
+          "resolved": "https://registry.npmjs.org/@sinonjs/commons/-/commons-1.8.3.tgz",
+          "integrity": "sha512-xkNcLAn/wZaX14RPlwizcKicDk9G3F8m2nU3L7Ukm5zBgTwiT0wsoFAHx9Jq56fJA1z/7uKGtCRu16sOUCLIHQ==",
+          "dev": true,
+          "requires": {
+            "type-detect": "4.0.8"
+          }
+        },
+        "supports-color": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+          "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "sinon-chrome": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/sinon-chrome/-/sinon-chrome-3.0.1.tgz",
+      "integrity": "sha512-NTEFhyuiWEMnRmIqldUiA2DhKn2EqnZxyEk5Ez5rBXj+Nl54aJ0MEmF4wjltrxecxd8zlNLxyE0HyLabev9JsQ==",
+      "dev": true,
+      "requires": {
+        "lodash": "^4.16.3",
+        "sinon": "^7.2.3",
+        "urijs": "^1.18.2"
+      },
+      "dependencies": {
+        "@sinonjs/formatio": {
+          "version": "3.2.2",
+          "resolved": "https://registry.npmjs.org/@sinonjs/formatio/-/formatio-3.2.2.tgz",
+          "integrity": "sha512-B8SEsgd8gArBLMD6zpRw3juQ2FVSsmdd7qlevyDqzS9WTCtvF55/gAL+h6gue8ZvPYcdiPdvueM/qm//9XzyTQ==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/commons": "^1",
+            "@sinonjs/samsam": "^3.1.0"
+          }
+        },
+        "@sinonjs/samsam": {
+          "version": "3.3.3",
+          "resolved": "https://registry.npmjs.org/@sinonjs/samsam/-/samsam-3.3.3.tgz",
+          "integrity": "sha512-bKCMKZvWIjYD0BLGnNrxVuw4dkWCYsLqFOUWw8VgKF/+5Y+mE7LfHWPIYoDXowH+3a9LsWDMo0uAP8YDosPvHQ==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/commons": "^1.3.0",
+            "array-from": "^2.1.1",
+            "lodash": "^4.17.15"
+          }
+        },
+        "diff": {
+          "version": "3.5.0",
+          "resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
+          "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
+          "dev": true
+        },
+        "has-flag": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+          "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+          "dev": true
+        },
+        "nise": {
+          "version": "1.5.3",
+          "resolved": "https://registry.npmjs.org/nise/-/nise-1.5.3.tgz",
+          "integrity": "sha512-Ymbac/94xeIrMf59REBPOv0thr+CJVFMhrlAkW/gjCIE58BGQdCj0x7KRCb3yz+Ga2Rz3E9XXSvUyyxqqhjQAQ==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/formatio": "^3.2.1",
+            "@sinonjs/text-encoding": "^0.7.1",
+            "just-extend": "^4.0.2",
+            "lolex": "^5.0.1",
+            "path-to-regexp": "^1.7.0"
+          },
+          "dependencies": {
+            "lolex": {
+              "version": "5.1.2",
+              "resolved": "https://registry.npmjs.org/lolex/-/lolex-5.1.2.tgz",
+              "integrity": "sha512-h4hmjAvHTmd+25JSwrtTIuwbKdwg5NzZVRMLn9saij4SZaepCrTCxPr35H/3bjwfMJtN+t3CX8672UIkglz28A==",
+              "dev": true,
+              "requires": {
+                "@sinonjs/commons": "^1.7.0"
+              }
+            }
+          }
+        },
+        "path-to-regexp": {
+          "version": "1.8.0",
+          "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.8.0.tgz",
+          "integrity": "sha512-n43JRhlUKUAlibEJhPeir1ncUID16QnEjNpwzNdO3Lm4ywrBpBZ5oLD0I6br9evr1Y9JTqwRtAh7JLoOzAQdVA==",
+          "dev": true,
+          "requires": {
+            "isarray": "0.0.1"
+          }
+        },
+        "sinon": {
+          "version": "7.5.0",
+          "resolved": "https://registry.npmjs.org/sinon/-/sinon-7.5.0.tgz",
+          "integrity": "sha512-AoD0oJWerp0/rY9czP/D6hDTTUYGpObhZjMpd7Cl/A6+j0xBE+ayL/ldfggkBXUs0IkvIiM1ljM8+WkOc5k78Q==",
+          "dev": true,
+          "requires": {
+            "@sinonjs/commons": "^1.4.0",
+            "@sinonjs/formatio": "^3.2.1",
+            "@sinonjs/samsam": "^3.3.3",
+            "diff": "^3.5.0",
+            "lolex": "^4.2.0",
+            "nise": "^1.5.2",
+            "supports-color": "^5.5.0"
+          }
+        },
+        "supports-color": {
+          "version": "5.5.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+          "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^3.0.0"
+          }
+        }
+      }
+    },
+    "source-map": {
+      "version": "0.5.7",
+      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
+      "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
+      "dev": true
+    },
+    "spawn-wrap": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/spawn-wrap/-/spawn-wrap-2.0.0.tgz",
+      "integrity": "sha512-EeajNjfN9zMnULLwhZZQU3GWBoFNkbngTUPfaawT4RkMiviTxcX0qfhVbGey39mfctfDHkWtuecgQ8NJcyQWHg==",
+      "dev": true,
+      "requires": {
+        "foreground-child": "^2.0.0",
+        "is-windows": "^1.0.2",
+        "make-dir": "^3.0.0",
+        "rimraf": "^3.0.0",
+        "signal-exit": "^3.0.2",
+        "which": "^2.0.1"
+      }
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "sshpk": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz",
+      "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
+      "dev": true,
+      "requires": {
+        "asn1": "~0.2.3",
+        "assert-plus": "^1.0.0",
+        "bcrypt-pbkdf": "^1.0.0",
+        "dashdash": "^1.12.0",
+        "ecc-jsbn": "~0.1.1",
+        "getpass": "^0.1.1",
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
+        "tweetnacl": "~0.14.0"
+      }
+    },
+    "string-width": {
+      "version": "4.2.3",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz",
+      "integrity": "sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g==",
+      "dev": true,
+      "requires": {
+        "emoji-regex": "^8.0.0",
+        "is-fullwidth-code-point": "^3.0.0",
+        "strip-ansi": "^6.0.1"
+      }
+    },
+    "strip-ansi": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz",
+      "integrity": "sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A==",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^5.0.1"
+      }
+    },
+    "strip-bom": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-4.0.0.tgz",
+      "integrity": "sha512-3xurFv5tEgii33Zi8Jtp55wEIILR9eh34FAW00PZf+JnSsTmV/ioewSgQl97JHvgjoRGwPShsWm+IdrxB35d0w==",
+      "dev": true
+    },
+    "strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "dev": true
+    },
+    "style-mod": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/style-mod/-/style-mod-4.0.0.tgz",
+      "integrity": "sha512-OPhtyEjyyN9x3nhPsu76f52yUGXiZcgvsrFVtvTkyGRQJ0XK+GPc6ov1z+lRpbeabka+MYEQxOYRnt5nF30aMw==",
+      "dev": true
+    },
+    "supports-color": {
+      "version": "7.1.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.1.0.tgz",
+      "integrity": "sha512-oRSIpR8pxT1Wr2FquTNnGet79b3BWljqOuoW/h4oBhxJ/HUbX5nX6JSruTkvXDCFMwDPvsaTTbvMLKZWSy0R5g==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^4.0.0"
+      }
+    },
+    "test-exclude": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/test-exclude/-/test-exclude-6.0.0.tgz",
+      "integrity": "sha512-cAGWPIyOHU6zlmg88jwm7VRyXnMN7iV68OGAbYDk/Mh/xC/pzVPlQtY6ngoIH/5/tciuhGfvESU8GrHrcxD56w==",
+      "dev": true,
+      "requires": {
+        "@istanbuljs/schema": "^0.1.2",
+        "glob": "^7.1.4",
+        "minimatch": "^3.0.4"
+      }
+    },
+    "text-encoding": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.7.0.tgz",
+      "integrity": "sha512-oJQ3f1hrOnbRLOcwKz0Liq2IcrvDeZRHXhd9RgLrsT+DjWY/nty1Hi7v3dtkaEYbPYe0mUoOfzRrMwfXXwgPUA==",
+      "dev": true
+    },
+    "to-fast-properties": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/to-fast-properties/-/to-fast-properties-2.0.0.tgz",
+      "integrity": "sha1-3F5pjL0HkmW8c+A3doGk5Og/YW4=",
+      "dev": true
+    },
+    "to-regex-range": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/to-regex-range/-/to-regex-range-5.0.1.tgz",
+      "integrity": "sha512-65P7iz6X5yEr1cwcgvQxbbIw7Uk3gOy5dIdtZ4rDveLqhrdJP+Li/Hx6tyK0NEb+2GCyneCMJiGqrADCSNk8sQ==",
+      "dev": true,
+      "requires": {
+        "is-number": "^7.0.0"
+      }
+    },
+    "tough-cookie": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
+      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
+      "dev": true,
+      "requires": {
+        "psl": "^1.1.28",
+        "punycode": "^2.1.1"
+      }
+    },
+    "tr46": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-1.0.1.tgz",
+      "integrity": "sha1-qLE/1r/SSJUZZ0zN5VujaTtwbQk=",
+      "dev": true,
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "tslib": {
+      "version": "1.13.0",
+      "resolved": "https://registry.npmjs.org/tslib/-/tslib-1.13.0.tgz",
+      "integrity": "sha512-i/6DQjL8Xf3be4K/E6Wgpekn5Qasl1usyw++dAA35Ue5orEn65VIxOA+YvNNl9HV3qv70T7CNwjODHZrLwvd1Q==",
+      "dev": true
+    },
+    "tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "dev": true,
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "tweetnacl": {
+      "version": "0.14.5",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
+      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
+      "dev": true
+    },
+    "type-detect": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
+      "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
+      "dev": true
+    },
+    "type-fest": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz",
+      "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==",
+      "dev": true
+    },
+    "typedarray-to-buffer": {
+      "version": "3.1.5",
+      "resolved": "https://registry.npmjs.org/typedarray-to-buffer/-/typedarray-to-buffer-3.1.5.tgz",
+      "integrity": "sha512-zdu8XMNEDepKKR+XYOXAVPtWui0ly0NtohUscw+UmaHiAWT8hrV1rr//H6V+0DvJ3OQ19S979M0laLfX8rm82Q==",
+      "dev": true,
+      "requires": {
+        "is-typedarray": "^1.0.0"
+      }
+    },
+    "uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "dev": true,
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "urijs": {
+      "version": "1.19.11",
+      "resolved": "https://registry.npmjs.org/urijs/-/urijs-1.19.11.tgz",
+      "integrity": "sha512-HXgFDgDommxn5/bIv0cnQZsPhHDA90NPHD6+c/v21U5+Sx5hoP8+dP9IZXBU1gIfvdRfhG8cel9QNPeionfcCQ==",
+      "dev": true
+    },
+    "uuid": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+      "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A==",
+      "dev": true
+    },
+    "verror": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
+      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "dev": true,
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      }
+    },
+    "w3c-keyname": {
+      "version": "2.2.4",
+      "resolved": "https://registry.npmjs.org/w3c-keyname/-/w3c-keyname-2.2.4.tgz",
+      "integrity": "sha512-tOhfEwEzFLJzf6d1ZPkYfGj+FWhIpBux9ppoP3rlclw3Z0BZv3N7b7030Z1kYth+6rDuAsXUFr+d0VE6Ed1ikw==",
+      "dev": true
+    },
+    "webcrypto-core": {
+      "version": "0.1.27",
+      "resolved": "https://registry.npmjs.org/webcrypto-core/-/webcrypto-core-0.1.27.tgz",
+      "integrity": "sha512-r0MSFxvqaIjoqIKerm80P9+7n1dWBG88PYnshJk57J4uZuXlqNX8yQixrEIe3CGqrJ7xwfGM2SQGR4AlJYr02g==",
+      "dev": true,
+      "requires": {
+        "tslib": "^1.7.1"
+      }
+    },
+    "webidl-conversions": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz",
+      "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==",
+      "dev": true
+    },
+    "whatwg-url": {
+      "version": "6.5.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-6.5.0.tgz",
+      "integrity": "sha512-rhRZRqx/TLJQWUpQ6bmrt2UV4f0HCQ463yQuONJqC6fO2VoEb1pTYddbe59SkYq87aoM5A3bdhMZiUiVws+fzQ==",
+      "dev": true,
+      "requires": {
+        "lodash.sortby": "^4.7.0",
+        "tr46": "^1.0.1",
+        "webidl-conversions": "^4.0.2"
+      }
+    },
+    "which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "requires": {
+        "isexe": "^2.0.0"
+      }
+    },
+    "which-module": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz",
+      "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=",
+      "dev": true
+    },
+    "workerpool": {
+      "version": "6.2.1",
+      "resolved": "https://registry.npmjs.org/workerpool/-/workerpool-6.2.1.tgz",
+      "integrity": "sha512-ILEIE97kDZvF9Wb9f6h5aXK4swSlKGUcOEGiIYb2OOu/IrDU9iwj0fD//SsA6E5ibwJxpEvhullJY4Sl4GcpAw==",
+      "dev": true
+    },
+    "wrap-ansi": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz",
+      "integrity": "sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^4.0.0",
+        "string-width": "^4.1.0",
+        "strip-ansi": "^6.0.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.3.0",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.3.0.tgz",
+          "integrity": "sha512-zbB9rCJAT1rbjiVDb2hqKFHNYLxgtk8NURxZ3IZwD3F6NtxbXZQCnnSi1Lkx+IDohdPlFp222wVALIheZJQSEg==",
+          "dev": true,
+          "requires": {
+            "color-convert": "^2.0.1"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        }
+      }
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
+      "dev": true
+    },
+    "write-file-atomic": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/write-file-atomic/-/write-file-atomic-3.0.3.tgz",
+      "integrity": "sha512-AvHcyZ5JnSfq3ioSyjrBkH9yW4m7Ayk8/9My/DD9onKeu/94fwrMocemO2QAJFAlnnDN+ZDS+ZjAR5ua1/PV/Q==",
+      "dev": true,
+      "requires": {
+        "imurmurhash": "^0.1.4",
+        "is-typedarray": "^1.0.0",
+        "signal-exit": "^3.0.2",
+        "typedarray-to-buffer": "^3.1.5"
+      }
+    },
+    "y18n": {
+      "version": "5.0.8",
+      "resolved": "https://registry.npmjs.org/y18n/-/y18n-5.0.8.tgz",
+      "integrity": "sha512-0pfFzegeDWJHJIAmTLRP2DwHjdF5s7jo9tuztdQxAhINCdvS+3nGINqPd00AphqJR/0LhANUS6/+7SCb98YOfA==",
+      "dev": true
+    },
+    "yargs": {
+      "version": "16.2.0",
+      "resolved": "https://registry.npmjs.org/yargs/-/yargs-16.2.0.tgz",
+      "integrity": "sha512-D1mvvtDG0L5ft/jGWkLpG1+m0eQxOfaBvTNELraWj22wSVUMWxZUvYgJYcKh6jGGIkJFhH4IZPQhR4TKpc8mBw==",
+      "dev": true,
+      "requires": {
+        "cliui": "^7.0.2",
+        "escalade": "^3.1.1",
+        "get-caller-file": "^2.0.5",
+        "require-directory": "^2.1.1",
+        "string-width": "^4.2.0",
+        "y18n": "^5.0.5",
+        "yargs-parser": "^20.2.2"
+      }
+    },
+    "yargs-parser": {
+      "version": "20.2.4",
+      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-20.2.4.tgz",
+      "integrity": "sha512-WOkpgNhPTlE73h4VFAFsOnomJVaovO8VqLDzy5saChRBFQFBoMYirowyW+Q9HB4HFF4Z7VZTiG3iSzJJA29yRA==",
+      "dev": true
+    },
+    "yargs-unparser": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/yargs-unparser/-/yargs-unparser-2.0.0.tgz",
+      "integrity": "sha512-7pRTIA9Qc1caZ0bZ6RYRGbHJthJWuakf+WmHK0rVeLkNrrGhfoabBNdue6kdINI6r4if7ocq9aD/n7xwKOdzOA==",
+      "dev": true,
+      "requires": {
+        "camelcase": "^6.0.0",
+        "decamelize": "^4.0.0",
+        "flat": "^5.0.2",
+        "is-plain-obj": "^2.1.0"
+      },
+      "dependencies": {
+        "camelcase": {
+          "version": "6.3.0",
+          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-6.3.0.tgz",
+          "integrity": "sha512-Gmy6FhYlCY7uOElZUSbxo2UCDH8owEk996gkbrpsgGtrJLM3J7jGxl9Ic7Qwwj4ivOE5AWZWRMecDdF7hqGjFA==",
+          "dev": true
+        },
+        "decamelize": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-4.0.0.tgz",
+          "integrity": "sha512-9iE1PgSik9HeIIw2JO94IidnE3eBoQrFJ3w7sFuzSX4DpmZ3v5sZpUiV5Swcf6mQEF+Y0ru8Neo+p+nyh2J+hQ==",
+          "dev": true
+        }
+      }
+    },
+    "yocto-queue": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/yocto-queue/-/yocto-queue-0.1.0.tgz",
+      "integrity": "sha512-rVksvsnNCdJ/ohGc6xgPwyN8eheCxsiLM8mxuE/t/mOVqJewPuO1miLpTHQiRgTKCLexL4MeAFVagts7HmNZ2Q==",
+      "dev": true
+    }
+  }
+}
diff --git a/chromium/package.json b/chromium/package.json
index ba50bed95a3b..8918b2b89a60 100644
--- a/chromium/package.json
+++ b/chromium/package.json
@@ -3,18 +3,32 @@
   "version": "1.0.0",
   "description": "",
   "main": "utils.js",
-  "dependencies": {},
   "devDependencies": {
-    "chai": "^4.1.2",
-    "coveralls": "^3.0.0",
-    "mocha": "^4.0.0",
-    "nyc": "^11.2.1"
+    "atob": "^2.0.3",
+    "btoa": "^1.1.2",
+    "chai": "^4.2.0",
+    "coveralls": "^3.1.0",
+    "codemirror": "~6.0.1",
+    "fetch-mock": "^9.10.7",
+    "mocha": "^10.0.0",
+    "nan": "^2.14.1",
+    "node-webcrypto-ossl": "^1.0.49",
+    "nyc": "^15.1.0",
+    "pako": "~2.0.2",
+    "sinon": "^14.0.0",
+    "sinon-chrome": "^3.0.1",
+    "text-encoding": "^0.7.0"
   },
   "scripts": {
     "test": "mocha",
     "cover": "nyc --reporter=html --reporter=text mocha",
     "report": "nyc report --reporter=text-lcov | coveralls"
   },
+  "nyc": {
+    "exclude": [
+      "external"
+    ]
+  },
   "keywords": [],
   "author": "",
   "license": "GPL-2.0+"
diff --git a/chromium/pages/base.css b/chromium/pages/base.css
new file mode 100644
index 000000000000..92adbf8a2dd6
--- /dev/null
+++ b/chromium/pages/base.css
@@ -0,0 +1,46 @@
+:root {
+  --https-blue: #0a84ff;
+  --darker-blue: #0060df;
+  --text-main: #000;
+  --text-secondary: #464646;
+  --light-grey: #ececec;
+  --space: 5px;
+  --font: 'Lucida Grande', 'Segoe UI', Tahoma, 'DejaVu Sans', Arial, sans-serif;
+  --code-font: 'VeraMono';
+}
+
+/*--------------------------------------------------------------
+# Layout
+--------------------------------------------------------------*/
+.grid {
+  display: grid;
+  grid-template-columns: 1fr 1fr 1fr;
+  row-gap: 16px;
+}
+
+/*--------------------------------------------------------------
+# Typography
+--------------------------------------------------------------*/
+.font {
+  font-family: var(--font);
+}
+
+/*--------------------------------------------------------------
+# Elements
+--------------------------------------------------------------*/
+.button {
+  border: var(--https-blue) solid 1px;
+  color: var(--text-main);
+  display: block;
+  font-size: 12px;
+  font-weight: bold;
+  margin: var(--space) auto;
+  padding: 10px;
+  text-align: center;
+  text-decoration: none;
+}
+
+.button:hover {
+  background-color: var(--darker-blue);
+  color: #fff;
+}
diff --git a/chromium/pages/cancel/index.html b/chromium/pages/cancel/index.html
new file mode 100644
index 000000000000..ec2518437350
--- /dev/null
+++ b/chromium/pages/cancel/index.html
@@ -0,0 +1,32 @@
+<!doctype html>
+<html>
+  <head>
+    <!-- Required meta tags -->
+    <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no">
+
+    <title>⚠ HTTPS Everywhere ⚠</title>
+    <link href="style.css" rel="stylesheet">
+    <link rel="icon" href="/images/icons/icon-blocking-38.png">
+  </head>
+  <body>
+      <div class="banner">
+        <img src="/images/banner-red.svg" alt="HTTPS Everywhere">
+      </div>
+
+      <div class="explainer" data-i18n="cancel_he_blocking_explainer"></div>
+
+      <div class="copy_block">
+        <pre id="url-value"></pre>
+        <button id="copy-url" class="ease_button" data-i18n="cancel_copy_url"></button>
+      </div>
+
+      <div class="button_options">
+        <button id="http-once-button" class="ease_button" data-i18n="cancel_http_once"></button>
+        <button id="open-url-button" class="ease_button" data-i18n="cancel_open_page"></button>
+      </div>
+    <script src="/pages/translation.js"></script>
+    <script src="/pages/util.js"></script>
+    <script src="ux.js"></script>
+  </body>
+</html>
diff --git a/chromium/pages/cancel/style.css b/chromium/pages/cancel/style.css
new file mode 100644
index 000000000000..aeba151a0749
--- /dev/null
+++ b/chromium/pages/cancel/style.css
@@ -0,0 +1,130 @@
+@import "../main.css";
+
+body {
+  display: grid;
+  grid-template-columns: 1fr 1fr 1fr;
+  margin: 2% auto;
+  font-size: 12pt;
+  font-family: sans-serif;
+  line-height: 150%;
+  row-gap: 16px;
+}
+
+/*---------
+# GRID LAYOUT
+---------*/
+.banner {
+  grid-column: 2;
+  grid-row: 1;
+}
+.explainer {
+  grid-column: 2;
+  grid-row: 2;
+}
+.copy_block {
+  grid-column: 2;
+  grid-row: 3;
+}
+.button_options {
+  grid-column: 2;
+  grid-row: 4;
+}
+
+h1 {
+  display: block;
+}
+
+h1 img {
+  width: 100%;
+  height: auto;
+}
+
+#url-paragraph {
+  display: inline-flex;
+  overflow: hidden;
+  white-space: nowrap;
+  text-overflow: ellipsis;
+}
+
+.ease_button {
+  background-color: #ec1e1e;
+  border: 1px solid #ec1e1e;
+  border-radius: 4px;
+  color: #fff;
+  cursor: pointer;
+  padding: 0.5em 1em;
+  float: none;
+  font-size: 12pt;
+  font-weight: normal;
+  margin: 8px 0;
+  line-height: 150%;
+}
+
+button:last-child {
+  margin: 0;
+}
+
+#url-value{
+ float: left;
+ font-weight: bold;
+ margin: 2% 2% 0 0;
+}
+#copy-url, #open-url-button{
+  background-color: var(--light-grey) !important;
+  border: 1px solid var(--text-secondary) !important;
+}
+#copy-url {
+  color: var(--text-secondary) !important;
+  font-size: 14px;
+}
+#open-url-button {
+  color: #666666 !important;
+}
+#copy-url:hover, #open-url-button:hover {
+  background-color: var(--text-secondary) !important;
+  border: 1px solid var(--text-secondary) !important;
+  color: var(--light-grey) !important;
+}
+
+@media screen and (max-width: 800px) {
+  body {
+    grid-template-columns: 1fr;
+    margin: 5%;
+  }
+  .banner {
+    grid-row: 1;
+  }
+  .explainer {
+    grid-row: 2;
+  }
+  .copy_block {
+    grid-row: 3;
+  }
+  .button_options {
+    grid-row: 4;
+  }
+  .ease_button {
+    width: 100%;
+    margin: 8px 0;
+  }
+}
+
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #202023;
+    color: #f9f9fa;
+  }
+
+  a {
+    color: #45a1ff;
+  }
+
+  .ease_button {
+    color: #202023;
+  }
+
+  .ease_button:hover {
+    background-color: #202023;
+    border-color: #ec1e1e;
+  }
+}
diff --git a/chromium/pages/cancel/ux.js b/chromium/pages/cancel/ux.js
new file mode 100644
index 000000000000..d13dfdfb711a
--- /dev/null
+++ b/chromium/pages/cancel/ux.js
@@ -0,0 +1,124 @@
+/* global sendMessage */
+
+"use strict";
+
+let observer;
+document.addEventListener("DOMContentLoaded", () => {
+  const explainer = document.querySelector("[data-i18n=cancel_he_blocking_explainer]");
+  observer = new MutationObserver(() => {
+    replaceLink(explainer);
+  });
+  if (explainer.innerText.length > 0) {
+    replaceLink(explainer);
+  } else {
+    observer.observe(explainer, {childList: true});
+  }
+  displayURL();
+});
+
+function replaceLink(explainer) {
+  observer.disconnect();
+  const linkText = chrome.i18n.getMessage("cancel_he_blocking_network");
+  const link = document.createElement("a");
+  link.classList.add("wikilink");
+  link.href = "https://en.wikipedia.org/wiki/Downgrade_attack";
+  link.innerText = linkText;
+  explainer.innerHTML = explainer.innerHTML.replace(linkText, link.outerHTML);
+
+  /*
+    In response to translation of i18n string "cancel_he_blocking_network".
+    Within context of the paragraph and as a standalone string can be interpreted differently
+    langauge to language.
+
+    So if link fails to swap in replace, this conditional is triggered
+  */
+  if (document.getElementsByClassName("wikilink").length === 0) {
+    link.innerText = linkText;
+    explainer.after(link);
+  }
+
+}
+
+function displayURL() {
+  const searchParams = new URLSearchParams(window.location.search);
+  const originURL = searchParams.get('originURL');
+  const originURLLink = document.getElementById('url-value');
+  const openURLButton = document.getElementById('open-url-button');
+  const openHttpOnce = document.getElementById('http-once-button');
+  const copyButton = document.getElementById('copy-url');
+  const url = new URL(originURL);
+
+  originURLLink.innerText = originURL;
+  originURLLink.href = originURL;
+
+  openURLButton.addEventListener("click", function() {
+    sendMessage("disable_on_site", url.host, () => {
+      window.location = originURL;
+    });
+
+    return false;
+  });
+
+  // Copy URL Feature on EASE
+
+  function copyLinkAlternate() {
+    let isSuccessful = false;
+
+    const sel = window.getSelection();
+
+    try {
+      sel.removeAllRanges();
+
+      const range = document.createRange();
+      range.selectNode(originURLLink);
+
+      sel.addRange(range);
+
+      isSuccessful = document.execCommand("copy");
+
+      sel.removeAllRanges();
+
+      return isSuccessful;
+    } catch (err) {
+      console.error(err);
+
+      sel.removeAllRanges();
+
+      return false;
+    }
+  }
+
+  async function copyLink() {
+    try {
+      await navigator.clipboard.writeText(originURL);
+      return true;
+    } catch (err) {
+      return copyLinkAlternate();
+    }
+  }
+
+  let restoreTimeout = null;
+
+  copyButton.addEventListener("click", async () => {
+    if (await copyLink()) {
+      copyButton.innerText = chrome.i18n.getMessage("cancel_copied_url");
+
+      if (restoreTimeout !== null) {
+        clearTimeout(restoreTimeout);
+      }
+
+      restoreTimeout = setTimeout(() => {
+        copyButton.innerText = chrome.i18n.getMessage("cancel_copy_url");
+        restoreTimeout = null;
+      }, 1500);
+    }
+  });
+
+  openHttpOnce.addEventListener("click", function() {
+    sendMessage("disable_on_site_once", url.host, () => {
+      window.location = originURL;
+    });
+
+    return false;
+  });
+}
diff --git a/chromium/pages/debugging-rulesets/index.html b/chromium/pages/debugging-rulesets/index.html
index bd6f74332d1a..d3e91227f4c3 100644
--- a/chromium/pages/debugging-rulesets/index.html
+++ b/chromium/pages/debugging-rulesets/index.html
@@ -19,7 +19,7 @@
     <textarea id="codemirror-textarea"></textarea>
     <button type="button" id="save-button">Save</button>
     <div id="saved-text">Saved!</div>
-    <script src="../send-message.js"></script>
+    <script src="../util.js"></script>
     <script src="ux.js"></script>
   </body>
 </html>
diff --git a/chromium/pages/debugging-rulesets/ux.js b/chromium/pages/debugging-rulesets/ux.js
index be6c8b56fd22..0df93d8dd080 100644
--- a/chromium/pages/debugging-rulesets/ux.js
+++ b/chromium/pages/debugging-rulesets/ux.js
@@ -34,7 +34,9 @@ document.getElementById("save-button").addEventListener("click", e => {
   e.preventDefault();
   sendMessage("set_option", { debugging_rulesets: cm.getValue() }, () => {
     savedTextElement.style.display = "block";
-    setTimeout(() => { savedTextElement.style.display = "none" }, 1000);
+    setTimeout(() => {
+      savedTextElement.style.display = "none";
+    }, 1000);
 
     valueHasChanged = false;
     document.title = savedTitle;
diff --git a/chromium/pages/devtools/index.html b/chromium/pages/devtools/index.html
deleted file mode 100644
index 0e6df7285c74..000000000000
--- a/chromium/pages/devtools/index.html
+++ /dev/null
@@ -1,9 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta charset="utf-8">
-    <title></title>
-    <script src="ux.js"></script>
-  </head>
-  <body></body>
-</html>
diff --git a/chromium/pages/devtools/panel-ux.js b/chromium/pages/devtools/panel-ux.js
deleted file mode 100644
index 2cd6a56973cc..000000000000
--- a/chromium/pages/devtools/panel-ux.js
+++ /dev/null
@@ -1,131 +0,0 @@
-"use strict";
-
-function e(id) {
-  return document.getElementById(id);
-}
-
-/**
- * Send message to main extension for HTML to display
- * @param type: enable/disable
- */
-function sendMessage(type) {
-  chrome.runtime.sendMessage({
-    type: type,
-    tabId: chrome.devtools.inspectedWindow.tabId,
-  });
-}
-
-/**
- * Turn on the Switch Planner recording mode, and hide the long description.
- */
-function enableSwitchPlanner() {
-  sendMessage("enable");
-  e("SwitchPlannerDescription").style.display = "none";
-  e("SwitchPlannerDetails").style.display = "block";
-  // Hack: Fetch and display summary information from background page
-  // once per second.
-  setInterval(display, 1000);
-  chrome.devtools.inspectedWindow.reload();
-}
-
-/**
- * Disable the switch planner and reload, so any state is forgotten and
- * the long description is restored.
- */
-function disableSwitchPlanner() {
-  sendMessage("disable");
-  document.location.reload();
-}
-
-/**
- * Fetch summary HTML of the planner results from the background page for
- * display in the devtools panel.
- */
-function display() {
-  chrome.runtime.sendMessage({
-    type: "getHosts",
-    tabId: chrome.devtools.inspectedWindow.tabId,
-  }, function(response) {
-    var switch_planner_details = e("SwitchPlannerDetails");
-    while (switch_planner_details.firstChild) {
-      switch_planner_details.removeChild(switch_planner_details.firstChild);
-    }
-
-    var nrw_text_div = document.createElement("div");
-    nrw_text_div.innerText = "Unrewritten HTTP resources loaded from this tab (enable HTTPS on these domains and add them to HTTPS Everywhere):"
-    var nrw_div = switchPlannerSmallHtmlSection(response.nrw);
-    var rw_text_div = document.createElement("div");
-    rw_text_div.style.marginTop = "20px";
-    rw_text_div.innerText = "Resources rewritten successfully from this tab (update these in your source code):"
-    var rw_div = switchPlannerSmallHtmlSection(response.rw);
-
-    switch_planner_details.appendChild(nrw_text_div);
-    switch_planner_details.appendChild(nrw_div);
-    switch_planner_details.appendChild(rw_text_div);
-    switch_planner_details.appendChild(rw_div);
-
-    e("SwitchPlannerResults").style.display = "block";
-  });
-}
-
-/**
-* Format the switch planner output for presentation to a user.
-* */
-function switchPlannerSmallHtmlSection(asset_host_list) {
-  var wrapper_div = document.createElement("div");
-  if (asset_host_list.length == 0) {
-    wrapper_div.style.fontWeight = "bold";
-    wrapper_div.innerText = "none";
-    return wrapper_div;
-  }
-
-  for (var i = asset_host_list.length - 1; i >= 0; i--) {
-    var host = asset_host_list[i][3];
-    var activeCount = asset_host_list[i][1];
-    var passiveCount = asset_host_list[i][2];
-
-    var div = document.createElement("div");
-    var b = document.createElement("b");
-    b.innerText = host;
-    div.appendChild(b);
-
-    var text_arr = [];
-    if (activeCount > 0) {
-      text_arr.push(activeCount + " active");
-    }
-    if (passiveCount > 0) {
-      text_arr.push(passiveCount + " passive");
-    }
-    div.appendChild(document.createTextNode(": " + text_arr.join(', ')));
-
-    wrapper_div.appendChild(div);
-  }
-  return wrapper_div;
-}
-
-window.onload = function() {
-  // Open a connection to the background page. Right now this is only used
-  // by the background page so it knows when the devtools pane has closed.
-  // We don't receive messages from the background page currently, though that
-  // may be a future improvement. Sending messages to the background page doesn't
-  // require an existing connection.
-  chrome.runtime.connect({ name: "devtools-page" });
-
-  var checkbox = e("SwitchPlannerCheckbox");
-  checkbox.addEventListener("change", function() {
-    if (checkbox.checked) {
-      enableSwitchPlanner();
-    } else {
-      disableSwitchPlanner();
-    }
-  });
-
-  e("SwitchPlannerDetailsLink").addEventListener("click", function() {
-    window.open("/pages/switch-planner/index.html?tab=" + chrome.devtools.inspectedWindow.tabId);
-  });
-  // Since this is rendered in a devtools console, we have to make clicks on the
-  // link open a new window.
-  e("MixedContentLink").addEventListener("click", function(e) {
-    window.open(e.target.href);
-  });
-};
diff --git a/chromium/pages/devtools/panel.html b/chromium/pages/devtools/panel.html
deleted file mode 100644
index f5f6859ec48c..000000000000
--- a/chromium/pages/devtools/panel.html
+++ /dev/null
@@ -1,38 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta charset="utf-8">
-    <title></title>
-    <style>
-      html {
-        background: #fff;
-        color: #000;
-      }
-    </style>
-  </head>
-  <body>
-    <div id="SwitchPlanner">
-      <input type="checkbox" id="SwitchPlannerCheckbox">
-      <label for="SwitchPlannerCheckbox">Enable HTTPS Switch Planner mode (reloads page).</label>
-      <br>
-      <div id="SwitchPlannerDescription">
-        <p>Switch Planner mode helps prepare for your site's switch to HTTPS by generating a report of external HTTP
-        resources that might not yet be available on HTTPS.</p>
-        <p>After enabling, navigate around your site and try to exercise all functionality in order to get a
-        comprehensive list of external resources.</p>
-        <p>For each group of resources listed as "Unrewritten," find out whether they are available on HTTPS. If so:
-        add a rule to HTTPS Everywhere! If not: try to make them available over HTTPS or use a different resource or
-        provider. Otherwise your site will generate <a id="MixedContentLink"
-        href="https://developer.mozilla.org/en-US/docs/Security/MixedContent#Mixed_passive.2Fdisplay_content">Mixed
-        Content</a> (passive or active) errors when you turn on HTTPS.</p>
-        <p>For most accurate results, disable ad blockers before using. Closing this panel will deactivate Switch
-        Planner mode and clear stored data.</p>
-      </div>
-      <div id="SwitchPlannerResults" style="display: none">
-        <div id="SwitchPlannerDetails"></div>
-        <a id="SwitchPlannerDetailsLink" href="javascript:void 0">details</a>
-      </div>
-    </div>
-    <script src="panel-ux.js"></script>
-  </body>
-</html>
diff --git a/chromium/pages/devtools/ux.js b/chromium/pages/devtools/ux.js
deleted file mode 100644
index e88391c0f486..000000000000
--- a/chromium/pages/devtools/ux.js
+++ /dev/null
@@ -1,7 +0,0 @@
-"use strict";
-
-chrome.devtools.panels.create("HTTPS Everywhere",
-  "/images/icons/icon-active-38.png",
-  "/pages/devtools/panel.html",
-  function() { }
-);
diff --git a/chromium/pages/main.css b/chromium/pages/main.css
new file mode 100644
index 000000000000..2772c46141e7
--- /dev/null
+++ b/chromium/pages/main.css
@@ -0,0 +1,21 @@
+/*--------------------------------------------------------------
+>>> TABLE OF CONTENTS:
+----------------------------------------------------------------
+# Base
+  - Layout
+	- Typography
+	- Elements
+	- Links
+# Utilities
+	- Accessibility
+
+--------------------------------------------------------------*/
+
+/*--------------------------------------------------------------
+# Base
+--------------------------------------------------------------*/
+@import "base.css";
+
+/* Utilities - TBA
+--------------------------------------------- */
+
diff --git a/chromium/pages/options/index.html b/chromium/pages/options/index.html
index 12e6940f26c3..b6bdc337cfb3 100644
--- a/chromium/pages/options/index.html
+++ b/chromium/pages/options/index.html
@@ -2,28 +2,64 @@
 <html>
   <head>
     <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
     <title></title>
     <link href="style.css" rel="stylesheet">
   </head>
-  <body>
-    <div class="section-header"><span class="section-header-span" data-i18n="options_generalSettings"></span></div>
-    <div id='counter-wrapper'>
-      <input type="checkbox" id="showCounter">
-      <label for="showCounter" data-i18n="menu_showCounter"></label>
+  <body class="font">
+    <section class="header-wrapper">
+      <span class="button section-header-span active" data-show="general-settings-wrapper" data-i18n="options_generalSettings"></span>
+      <span class="button section-header-span inactive" data-show="advanced-settings-wrapper" data-i18n="options_advancedSettings"></span>
+      <span class="button section-header-span inactive" data-show="update-channels-wrapper" data-i18n="options_updateChannels"></span>
+    </section>
+    <div class="section-wrapper" id="general-settings-wrapper">
+      <div id="update-wrapper" class="settings-wrapper">
+        <input type="checkbox" id="autoUpdateRulesets">
+        <label for="autoUpdateRulesets" data-i18n="options_autoUpdateRulesets"></label>
+      </div>
+      <div id="user-rules-wrapper">
+        <p class="user-rules-wrapper-header" data-i18n="options_userRulesListed"></p>
+      </div>
+      <div id="disabled-rules-wrapper">
+        <p class="disabled-rules-wrapper-header" data-i18n="options_disabledUrlsListed"></p>
+        <div id="add-disabled-site-wrapper">
+          <button class="button" id="add-disabled-site" data-i18n="options_addDisabledSite"></button>
+          <input type="text" id="disabled-site" />
+        </div>
+        <div id="add-disabled-site-invalid-host" data-i18n="options_hostNotFormattedCorrectly"></div>
+      </div>
     </div>
 
-    <div id="import-confirmed" data-i18n="options_imported"></div>
+    <div class="section-wrapper" id="advanced-settings-wrapper">
+      <div id="mixed-rulesets-wrapper" class="settings-wrapper">
+        <input type="checkbox" id="enableMixedRulesets">
+        <label for="enableMixedRulesets" data-i18n="options_enableMixedRulesets"></label>
+      </div>
+      <div id="show-devtools-tab-wrapper" class="settings-wrapper">
+        <input type="checkbox" id="showDevtoolsTab">
+        <label for="showDevtoolsTab" data-i18n="options_showDevtoolsTab"></label>
+      </div>
+    </div>
+
+    <div class="section-wrapper" id="update-channels-wrapper">
+      <div id="update-channels-error">
+        <span id="update-channels-error-text"></span>
+        <img id="update-channels-error-hide" src="/images/remove.png">
+      </div>
+      <div id="update-channels-warning" data-i18n="options_updateChannelsWarning"></div>
+      <div id="update-channels-last-checked"></div>
+      <div class="clearer"></div>
+      <div id="update-channels-list"></div>
+      <div id="add-update-channel-wrapper">
+        <button class="button" id="add-update-channel" data-i18n="options_addUpdateChannel"></button>
+        <input type="text" id="update-channel-name" />
+      </div>
+    </div>
 
-    <form>
-      <div class="section-header"><span class="section-header-span" data-i18n="options_importSettings"></span></div>
-      <section id="ImportSettings" class="options">
-        <input id="import-settings" type="file" accept="application/json">
-      </section>
-      <button type="submit" id="import" data-i18n="options_import" disabled></button>
-    </form>
+    <a id="secretArea" href="/pages/debugging-rulesets/index.html" target="_blank" class="hidden" data-i18n="options_debuggingRulesets"></a>
 
     <script src="ux.js"></script>
     <script src="../translation.js"></script>
-    <script src="../send-message.js"></script>
+    <script src="../util.js"></script>
   </body>
 </html>
diff --git a/chromium/pages/options/style.css b/chromium/pages/options/style.css
index 0787d3f21c10..032a7bad7a44 100644
--- a/chromium/pages/options/style.css
+++ b/chromium/pages/options/style.css
@@ -1,14 +1,93 @@
-#counter-wrapper{
-  margin: 10px 0 20px 0;
+@import "../main.css";
+
+body{
+  display: grid;
+  grid-template-columns: 1fr 1fr 1fr;
 }
 
-.section-header{
-  margin-bottom: 10px;
+/*---------
+# GRID LAYOUT
+---------*/
+.header-wrapper, .section-wrapper {
+  margin: auto;
+}
+.header-wrapper {
+  display: inline-flex;
+  grid-column: 2;
+  grid-row: 1;
+}
+.section-wrapper {
+  grid-column: 2;
+  grid-row: 2;
+}
+#add-disabled-site-wrapper {
+  float: left;
+}
+#add-update-channel-wrapper {
+  display: inline-block;
 }
 
-.section-header-span{
+.settings-wrapper{
+  margin: 10px 0 0 0;
+}
+
+.settings-wrapper#update-wrapper{
+  margin-bottom: 20px;
+}
+
+.settings-wrapper#show-devtools-tab-wrapper{
+  margin-bottom: 20px;
+}
+
+/** User rules Option**/
+.user-rules-wrapper-header {
+  font-weight: bold;
+  padding-left: 5px;
+}
+.user-rules-list-item:last-of-type {
+  border-bottom: none;
+}
+.user-rules-list-item {
+  border-bottom: 1px solid #ccc;
+  display: inline-flex;
+  margin-left: 5%;
+  width: 80%;
+}
+.user-rules-list-item p {
+  width: 100%;
+}
+
+/** Disabled Sites Option**/
+#add-disabled-site-invalid-host {
+  font-weight: bold;
+  color: red;
+  display: none;
+}
+.disabled-rules-wrapper-header {
+  font-weight: bold;
+  padding-left: 5px;
+}
+img.remove{
+  cursor: pointer;
+  float: right;
+  height: 15px;
+  margin-top: -34px;
+  width: 15px;
+}
+.disabled-rule-list-item:last-of-type {
+  border-bottom: none;
+}
+.disabled-rule-list-item {
   border-bottom: 1px solid #ccc;
-  font-size: 15px;
+  clear: both;
+}
+.disabled-rule-list-item p {
+  width: 80%;
+  word-wrap: anywhere;
+}
+
+.section-header{
+  margin-bottom: 10px;
 }
 
 #import{
@@ -19,3 +98,167 @@
 #import-confirmed{
   display: none;
 }
+
+.section-header-span{
+  cursor: pointer;
+  padding: 8px;
+  margin-left: 0 !important;
+  margin-right: var(--space) !important;
+  display: inline-block;
+}
+
+.section-header-span.active{
+  background-color: var(--darker-blue);
+  color: #FFF;
+}
+.section-header-span.inactive{
+  background-color: var(--light-grey);
+}
+.section-header-span.inactive:hover {
+  background-color: var(--darker-blue);
+}
+
+.update-channel{
+  border: 1px solid grey;
+  border-radius: 20px;
+  margin-top: 30px;
+  margin-bottom: 30px;
+  padding: 6px;
+}
+
+.update-channel-name{
+  font-weight: bold;
+  font-size: 14px;
+  margin: 10px;
+}
+
+.update-channel-column-left {
+  width: 89px;
+  float: left;
+  font-size: 13px;
+  text-align: right;
+  margin-right: 10px;
+  min-height: 1px;
+}
+
+.update-channel-column-right {
+  float: left;
+  width: 380px;
+}
+
+textarea.update-channel-jwk {
+  width: 367px;
+  height: 250px;
+  resize: vertical;
+}
+
+input.update-channel-path-prefix, input.update-channel-scope {
+  width: 367px;
+}
+
+div.update-channel-row-scope {
+  margin-top: 3px;
+}
+
+.update-channel-column-right button {
+  float: right;
+  margin: 10px;
+  border-radius: 7px;
+}
+
+button#add-update-channel, button#add-disabled-site {
+  float: right;
+  height: 30px;
+  margin: 0px 10px 10px 10px;
+  padding: 6px;
+}
+
+input#update-channel-name, input#disabled-site {
+  float: right;
+}
+
+.clearer{
+  clear: both;
+}
+
+.update-channel-last-updated {
+  float: right;
+  font-weight: lighter;
+  font-size: 10px;
+}
+
+div#update-channels-error, div#update-channels-warning {
+  margin-top: 20px;
+  font-weight: bold;
+  padding: 10px;
+  border-radius: 10px;
+}
+
+div#update-channels-error {
+  background-color: #CC3333;
+  display: none;
+  color: white;
+}
+
+div#update-channels-warning {
+  background-color: #FFCC00;
+  font-color: black;
+}
+
+#update-channels-error-text{
+  display: inline-block;
+  width: 460px;
+}
+
+img#update-channels-error-hide {
+  float: right;
+}
+
+div#update-channels-last-checked {
+  margin-top: 10px;
+  float: right;
+  font-weight: bold;
+  font-size: 10px;
+}
+
+#update-channels-list {
+  display: inline-block;
+}
+
+@keyframes flash {
+  from {
+    background: #fc0;
+  }
+  to {
+    background: transparent;
+  }
+}
+
+#secretArea {
+  border-radius: 5px;
+  padding: 5px;
+}
+
+.hidden {
+  display: none
+}
+
+.flash {
+  animation: flash 1s ease-out;
+}
+
+@media (prefers-color-scheme: dark) {
+  body {
+    background-color: #202023;
+    color: #f9f9fa;
+  }
+
+  .section-header-span, div#update-channels-warning {
+    color: #000;
+  }
+
+  textarea, input[type=text] {
+    background-color: #202023;
+    color: #f9f9fa;
+  }
+}
diff --git a/chromium/pages/options/ux.js b/chromium/pages/options/ux.js
index a76e4583ab13..07d94dc9928d 100644
--- a/chromium/pages/options/ux.js
+++ b/chromium/pages/options/ux.js
@@ -1,48 +1,422 @@
 /* global sendMessage */
+/* global getOption_ */
+/* global e */
+/* global show, hide */
 
 "use strict";
 
 document.addEventListener("DOMContentLoaded", () => {
+  const secretArea = document.getElementById('secretArea');
 
-  let json_data;
-  let import_button = document.querySelector("#import");
+  const onKeyDownHandler = evt => {
+    if (evt.ctrlKey && evt.key === 'z') {
+      secretArea.classList.remove('hidden');
+      secretArea.classList.add('flash');
 
-  function import_json(e) {
-    e.preventDefault();
+      sendMessage('set_option', { developerMode: true });
 
-    let settings = JSON.parse(json_data);
-    sendMessage("import_settings", settings, () => {
-      document.querySelector("#import-confirmed").style.display = "block";
-      document.querySelector("form").style.display = "none";
+      document.removeEventListener('keydown', onKeyDownHandler);
+
+      evt.preventDefault();
+    }
+  };
+
+  sendMessage('get_option', { developerMode: false }, item => {
+    if (item.developerMode) {
+      secretArea.classList.remove('hidden');
+    } else {
+      document.addEventListener('keydown', onKeyDownHandler);
+    }
+  });
+
+  const autoUpdateRulesets = document.getElementById("autoUpdateRulesets");
+  const enableMixedRulesets = document.getElementById("enableMixedRulesets");
+  const showDevtoolsTab = document.getElementById("showDevtoolsTab");
+
+  const defaultOptions = {
+    autoUpdateRulesets: true,
+    enableMixedRulesets: false,
+    showDevtoolsTab: true
+  };
+
+  sendMessage("get_option", defaultOptions, item => {
+    autoUpdateRulesets.checked = item.autoUpdateRulesets;
+    enableMixedRulesets.checked = item.enableMixedRulesets;
+    showDevtoolsTab.checked = item.showDevtoolsTab;
+
+    autoUpdateRulesets.addEventListener("change", () => {
+      sendMessage("set_option", { autoUpdateRulesets: autoUpdateRulesets.checked });
     });
-  }
 
-  document.querySelector("#import-settings").addEventListener("change", () => {
-    const file = event.target.files[0];
-    const reader = new FileReader();
-    reader.addEventListener("load", event => {
-      json_data = event.target.result;
-      import_button.disabled = false;
+    enableMixedRulesets.addEventListener("change", () => {
+      sendMessage("set_option", { enableMixedRulesets: enableMixedRulesets.checked });
     });
 
-    reader.readAsText(file);
+    showDevtoolsTab.addEventListener("change", () => {
+      sendMessage("set_option", { showDevtoolsTab: showDevtoolsTab.checked });
+    });
+  });
+
+  function onlyShowSection(sectionId) {
+    document.querySelectorAll('.section-wrapper').forEach(sw => {
+      sw.style.display = "none";
+    });
+    document.getElementById(sectionId).style.display = "block";
+  }
+  onlyShowSection('general-settings-wrapper');
+
+  document.querySelectorAll('.section-header-span').forEach(shs => {
+    shs.addEventListener("click", () => {
+      document.querySelectorAll('.section-header-span').forEach(shs => {
+        shs.classList.remove("active");
+        shs.classList.add("inactive");
+      });
+      shs.classList.remove("inactive");
+      shs.classList.add("active");
+      onlyShowSection(shs.dataset.show);
+    });
   });
 
-  document.querySelector("form").addEventListener("submit", import_json);
+  function create_update_channel_element(update_channel, last_updated, locked) {
+    let ruleset_version_string;
+
+    if(last_updated) {
+      const ruleset_date = new Date(last_updated * 1000);
+      ruleset_version_string = ruleset_date.getUTCFullYear() + "." + (ruleset_date.getUTCMonth() + 1) + "." + ruleset_date.getUTCDate();
+    } else {
+      ruleset_version_string = "n/a";
+    }
+
+    const update_channel_div = document.createElement('div');
+    update_channel_div.className = "update-channel";
+
+    const update_channel_name = document.createElement('div');
+    update_channel_name.className = "update-channel-name";
+    update_channel_name.innerText = update_channel.name;
+    update_channel_div.appendChild(update_channel_name);
+    const update_channel_last_updated = document.createElement('div');
+    update_channel_last_updated.className = "update-channel-last-updated";
+    update_channel_last_updated.innerText = chrome.i18n.getMessage("options_storedRulesetsVersion") + ruleset_version_string;
+    update_channel_name.appendChild(update_channel_last_updated);
+
+    const update_channel_row_format = document.createElement('div');
+    update_channel_row_format.className = "update-channel-row-format";
+    update_channel_div.appendChild(update_channel_row_format);
+    const update_channel_format_column_left = document.createElement('div');
+    update_channel_format_column_left.className = "update-channel-column-left";
+    update_channel_format_column_left.innerText = "Format:";
+    update_channel_row_format.appendChild(update_channel_format_column_left);
+    const update_channel_format_column_right = document.createElement('div');
+    update_channel_format_column_right.className = "update-channel-column-right";
+    update_channel_row_format.appendChild(update_channel_format_column_right);
+    const update_channel_format = document.createElement('select');
+    update_channel_format.className = "update-channel-format";
+    update_channel_format.setAttribute("data-name", update_channel.name);
+    update_channel_format.disabled = locked;
+    update_channel_format_column_right.appendChild(update_channel_format);
+    const update_channel_format_option_ruleset = document.createElement('option');
+    update_channel_format_option_ruleset.value = "ruleset";
+    update_channel_format_option_ruleset.innerText = "ruleset";
+    update_channel_format_option_ruleset.defaultSelected = true;
+    update_channel_format_option_ruleset.selected = (update_channel.format == "ruleset");
+    update_channel_format.appendChild(update_channel_format_option_ruleset);
+    const update_channel_format_option_bloom = document.createElement('option');
+    update_channel_format_option_bloom.value = "bloom";
+    update_channel_format_option_bloom.innerText = "bloom";
+    update_channel_format_option_bloom.selected = (update_channel.format == "bloom");
+    update_channel_format.appendChild(update_channel_format_option_bloom);
+
+    const update_channel_row_jwk = document.createElement('div');
+    update_channel_row_jwk.className = "update-channel-row-jwk";
+    update_channel_div.appendChild(update_channel_row_jwk);
+    const update_channel_jwk_column_left = document.createElement('div');
+    update_channel_jwk_column_left.className = "update-channel-column-left";
+    update_channel_jwk_column_left.innerText = "JWK:";
+    update_channel_row_jwk.appendChild(update_channel_jwk_column_left);
+    const update_channel_jwk_column_right = document.createElement('div');
+    update_channel_jwk_column_right.className = "update-channel-column-right";
+    update_channel_row_jwk.appendChild(update_channel_jwk_column_right);
+    const update_channel_jwk = document.createElement('textarea');
+    update_channel_jwk.className = "update-channel-jwk";
+    update_channel_jwk.setAttribute("data-name", update_channel.name);
+    update_channel_jwk.disabled = locked;
+    update_channel_jwk.innerText = JSON.stringify(update_channel.jwk);
+    update_channel_jwk_column_right.appendChild(update_channel_jwk);
+
+    const update_channel_row_path_prefix = document.createElement('div');
+    update_channel_row_path_prefix.className = "update-channel-row-path-prefix";
+    update_channel_div.appendChild(update_channel_row_path_prefix);
+    const update_channel_path_prefix_column_left = document.createElement('div');
+    update_channel_path_prefix_column_left.className = "update-channel-column-left";
+    update_channel_path_prefix_column_left.innerText = "Path Prefix:";
+    update_channel_row_path_prefix.appendChild(update_channel_path_prefix_column_left);
+    const update_channel_path_prefix_column_right = document.createElement('div');
+    update_channel_path_prefix_column_right.className = "update-channel-column-right";
+    update_channel_row_path_prefix.appendChild(update_channel_path_prefix_column_right);
+    const update_channel_path_prefix = document.createElement('input');
+    update_channel_path_prefix.setAttribute("type", "text");
+    update_channel_path_prefix.className = "update-channel-path-prefix";
+    update_channel_path_prefix.setAttribute("data-name", update_channel.name);
+    update_channel_path_prefix.disabled = locked;
+    update_channel_path_prefix.value = update_channel.update_path_prefix;
+    update_channel_path_prefix_column_right.appendChild(update_channel_path_prefix);
+
+    let clearer = document.createElement('div');
+    clearer.className = "clearer";
+    update_channel_div.appendChild(clearer);
+
+    const update_channel_row_scope = document.createElement('div');
+    if(update_channel.format == "bloom") {
+      update_channel_row_scope.style.display = "none";
+    }
+    update_channel_row_scope.className = "update-channel-row-scope";
+    update_channel_div.appendChild(update_channel_row_scope);
+    const update_channel_scope_column_left = document.createElement('div');
+    update_channel_scope_column_left.className = "update-channel-column-left";
+    update_channel_scope_column_left.innerText = "Scope:";
+    update_channel_row_scope.appendChild(update_channel_scope_column_left);
+    const update_channel_scope_column_right = document.createElement('div');
+    update_channel_scope_column_right.className = "update-channel-column-right";
+    update_channel_row_scope.appendChild(update_channel_scope_column_right);
+    const update_channel_scope = document.createElement('input');
+    update_channel_scope.setAttribute("type", "text");
+    update_channel_scope.className = "update-channel-scope";
+    update_channel_scope.setAttribute("data-name", update_channel.name);
+    update_channel_scope.disabled = locked;
+    update_channel_scope.value = update_channel.scope;
+    update_channel_scope_column_right.appendChild(update_channel_scope);
+
+    const update_channel_row_controls = document.createElement('div');
+    update_channel_row_controls.className = "update-channel-row-controls";
+    update_channel_div.appendChild(update_channel_row_controls);
+    const update_channel_controls_column_left = document.createElement('div');
+    update_channel_controls_column_left.className = "update-channel-column-left";
+    update_channel_controls_column_left.innerText = " ";
+    update_channel_row_controls.appendChild(update_channel_controls_column_left);
+    const update_channel_controls_column_right = document.createElement('div');
+    update_channel_controls_column_right.className = "update-channel-column-right";
+    update_channel_row_controls.appendChild(update_channel_controls_column_right);
+    const update_channel_update = document.createElement('button');
+    update_channel_update.className = "update-channel-update";
+    update_channel_update.setAttribute("data-name", update_channel.name);
+    update_channel_update.disabled = locked;
+    update_channel_update.innerText = chrome.i18n.getMessage("options_update");
+    update_channel_controls_column_right.appendChild(update_channel_update);
+    const update_channel_delete = document.createElement('button');
+    update_channel_delete.className = "update-channel-update";
+    update_channel_delete.setAttribute("data-name", update_channel.name);
+    update_channel_delete.disabled = locked;
+    update_channel_delete.innerText = chrome.i18n.getMessage("options_delete");
+    update_channel_controls_column_right.appendChild(update_channel_delete);
+
+    clearer = document.createElement('div');
+    clearer.className = "clearer";
+    update_channel_div.appendChild(clearer);
+
+    update_channel_format.addEventListener("change", () => {
+      if(update_channel_format.value == "bloom") {
+        update_channel_row_scope.style.display = "none";
+      } else {
+        update_channel_row_scope.style.display = "block";
+      }
+    });
+    update_channel_delete.addEventListener("click", () => {
+      sendMessage("delete_update_channel", update_channel.name, () => {
+        render_update_channels();
+      });
+    });
+
+    update_channel_update.addEventListener("click", () => {
+      sendMessage("update_update_channel", {
+        name: update_channel.name,
+        format: update_channel_format.value,
+        jwk: JSON.parse(update_channel_jwk.value),
+        update_path_prefix: update_channel_path_prefix.value,
+        scope: update_channel_scope.value
+      }, () => {
+        render_update_channels();
+      });
+    });
+
+    return update_channel_div;
+  }
+
+  function render_update_channels() {
+    const update_channels_list = document.getElementById("update-channels-list");
+    while(update_channels_list.firstChild) {
+      update_channels_list.removeChild(update_channels_list.firstChild);
+    }
 
-  const showCounter = document.getElementById("showCounter");
+    sendMessage("get_pinned_update_channels", null, item => {
+      for(const update_channel of item.update_channels) {
+        update_channels_list.appendChild(
+          create_update_channel_element(
+            update_channel,
+            item.last_updated[update_channel.name],
+            true,
+          )
+        );
+
+      }
+    });
 
-  sendMessage("get_option", { showCounter: true }, item => {
-    showCounter.checked = item.showCounter;
-    showCounter.addEventListener("change", () => {
-      sendMessage("set_option", { showCounter: showCounter.checked });
+    sendMessage("get_stored_update_channels", null, item => {
+      for(const update_channel of item.update_channels) {
+        update_channels_list.appendChild(
+          create_update_channel_element(
+            update_channel,
+            item.last_updated[update_channel.name],
+            update_channel.locked === true,
+          )
+        );
+      }
     });
+  }
+  render_update_channels();
+
+  const add_update_channel = document.getElementById("add-update-channel");
+  const update_channel_name_div = document.getElementById("update-channel-name");
+  const update_channels_error_text = document.getElementById("update-channels-error-text");
+  const update_channels_error = document.getElementById("update-channels-error");
+  update_channel_name_div.setAttribute("placeholder", chrome.i18n.getMessage("options_enterUpdateChannelName"));
+
+  function displayError(text) {
+    update_channels_error_text.innerText = text;
+    update_channels_error.style.display = "block";
+    window.scrollTo(0,0);
+  }
+
+  // Get a list of user Rules
+  sendMessage("get_user_rules", null, userRules => {
+    let user_rules_parent = e("user-rules-wrapper");
+
+    if ( 0 === userRules.length) {
+      hide(user_rules_parent);
+      return ;
+    }
+
+    // img element "remove button"
+    let templateRemove = document.createElement("img");
+    templateRemove.src = chrome.runtime.getURL("images/remove.png");
+    templateRemove.className = "remove";
+
+    for (const userRule of userRules) {
+      let user_rule_host = document.createElement("div");
+      let user_rule_name = document.createElement("p");
+      let remove = templateRemove.cloneNode(true);
+
+      user_rule_host.className = "user-rules-list-item";
+      user_rule_name.className = "user-rules-list-item-single";
+      user_rule_name.innerText = userRule.name;
+      user_rule_host.appendChild(user_rule_name);
+      user_rules_parent.appendChild(user_rule_host);
+      user_rule_host.appendChild(remove);
+
+      remove.addEventListener("click", () => {
+        // assume the removal is successful and hide ui element
+        hide( user_rule_host );
+        // remove the user rule
+        sendMessage("remove_rule", { ruleset: userRule, src: 'options' });
+      });
+    }
   });
 
-  document.onkeydown = function(evt) {
-    evt = evt || window.event;
-    if (evt.ctrlKey && evt.keyCode == 90) {
-      window.open("/pages/debugging-rulesets/index.html");
+  // HTTPS Everywhere Sites Disabled section in General Settings module
+  getOption_("disabledList", [], function(item) {
+    let rule_host_parent = e("disabled-rules-wrapper");
+
+    // img element "remove button"
+    let templateRemove = document.createElement("img");
+    templateRemove.src = chrome.runtime.getURL("images/remove.png");
+    templateRemove.className = "remove";
+
+    if( item ) {
+      for (const key of item.disabledList) {
+        let rule_host = document.createElement("div");
+        let remove = templateRemove.cloneNode(true);
+        let rule_host_site_name = document.createElement("p");
+
+        rule_host.className = "disabled-rule-list-item";
+        rule_host_site_name.className = "disabled-rule-list-item_single";
+        rule_host_site_name.innerText = key;
+        rule_host.appendChild( rule_host_site_name);
+        rule_host_parent.appendChild(rule_host);
+        rule_host.appendChild(remove);
+
+        remove.addEventListener("click", () => {
+          hide( rule_host );
+          sendMessage("enable_on_site", key);
+        });
+      }
     }
-  };
+  });
+
+  const add_disabled_site = document.getElementById("add-disabled-site");
+  const disabled_site_input = document.getElementById("disabled-site");
+  const add_disabled_site_invalid_host = document.getElementById('add-disabled-site-invalid-host');
+  disabled_site_input.setAttribute("placeholder", chrome.i18n.getMessage("options_enterDisabledSite"));
+  function isValidHost(host) {
+    try {
+      new URL(`http://${host}/`);
+      return true;
+    } catch {
+      return false;
+    }
+  }
+  add_disabled_site.addEventListener("click", function() {
+    const host = disabled_site_input.value;
+
+    if (isValidHost(host)) {
+      hide(add_disabled_site_invalid_host);
+      sendMessage("disable_on_site", disabled_site_input.value, okay => {
+        if (okay) {
+          chrome.tabs.reload();
+        }
+      });
+    } else {
+      show(add_disabled_site_invalid_host);
+    }
+  });
+
+  add_update_channel.addEventListener("click", () => {
+    const update_channel_name = update_channel_name_div.value;
+    if(update_channel_name.trim() == "") {
+      displayError("Error: The update channel name is blank.  Please enter another name.");
+    } else {
+      update_channel_name_div.value = "";
+      sendMessage("create_update_channel", update_channel_name, result => {
+        if(result == true) {
+          render_update_channels();
+        } else {
+          displayError("Error: There already exists an update channel with this name.");
+        }
+      });
+    }
+  });
+
+  const update_channels_error_hide = document.getElementById("update-channels-error-hide");
+  update_channels_error_hide.addEventListener("click", () => {
+    update_channels_error.style.display = "none";
+  });
+
+  const update_channels_last_checked = document.getElementById("update-channels-last-checked");
+  sendMessage("get_last_checked", null, last_checked => {
+    let last_checked_string;
+    if(last_checked) {
+      const last_checked_date = new Date(last_checked * 1000);
+      const options = {
+        year: '2-digit',
+        month: '2-digit',
+        day: '2-digit',
+        hour: '2-digit',
+        minute: '2-digit',
+        timeZoneName: 'short'
+      };
+      const customDateTime = new Intl.DateTimeFormat('default', options).format;
+      last_checked_string = customDateTime(last_checked_date);
+    } else {
+      last_checked_string = chrome.i18n.getMessage("options_updatesLastCheckedNever");
+    }
+    update_channels_last_checked.innerText = chrome.i18n.getMessage("options_updatesLastChecked") + last_checked_string;
+  });
 });
diff --git a/chromium/pages/popup/index.html b/chromium/pages/popup/index.html
index 95b0cd4aa823..d9441f2d3e9d 100644
--- a/chromium/pages/popup/index.html
+++ b/chromium/pages/popup/index.html
@@ -2,74 +2,103 @@
 <html>
   <head>
     <meta charset="utf-8">
+    <meta name="viewport" content="width=device-width, initial-scale=1">
     <title data-i18n="about_ext_name"></title>
 
     <link href="style.css" rel="stylesheet">
     <script src="ux.js"></script>
     <script src="../translation.js"></script>
-    <script src="../send-message.js"></script>
+    <script src="../util.js"></script>
   </head>
   <body>
     <header>
-      <h1 data-i18n="about_ext_name"></h1>
+      <div class="logo-container">
+        <img src="../../images/HTTPS-Everywhere-Logo.png" alt="HTTPS Everywhere logo">
+      </div>
+
+      <small>
+        <span data-i18n="about_version">Version</span>: <span id="current-version"></span>
+        <br>
+        <span id="rulesets-versions"></span>
+      </small>
     </header>
 
-    <section id="disableButton" class="options" style="visibility: hidden;">
-      <div class="onoffswitch">
-        <input id="onoffswitch" type="checkbox" checked>
-        <label data-i18n="menu_globalEnable" for="onoffswitch"></label>
+    <section id="disableButton" class="options settings_block" style="visibility: hidden;">
+      <div class="onoffswitch switch" aria-label="Toggle on or off">
+        <h1 id="onoffswitch_label" data-i18n="menu_globalEnable"></h1>
+        <span class="slider round"></span>
+        <input aria-hidden="true" id="onoffswitch" type="checkbox" checked> <label id="onoffswitch__label" for="onoffswitch">
+        </label>
       </div>
     </section>
 
-    <section id="HttpNowhere" class="options" style="visibility: hidden;">
-      <input id="http-nowhere-checkbox" type="checkbox">
-      <label data-i18n="menu_blockUnencryptedRequests" for="http-nowhere-checkbox"></label>
+    <section id="HttpNowhere" class="options settings_block" style="visibility: hidden;">
+      <h1 id="HttpNowhere__header"></h1>
+      <input aria-hidden="true" id="http-nowhere-checkbox" type="checkbox"><label id="http-nowhere-checkbox_label" aria-label="Toggle on or off" for="http-nowhere-checkbox"></label>
+      <h2 id="HttpNowhere__explained"></h2>
     </section>
 
-    <div id="RuleManagement">
-      <section>
-        <a href="javascript:void 0" id="add-rule-link" data-i18n="chrome_add_rule"></a>
-        <div id="add-new-rule-div" style="display: none">
-          <h3 data-i18n="about_add_new_rule"></h3>
-          <p data-i18n="chrome_always_https_for_host"></p>
-          <label for="new-rule-host" data-i18n="chrome_host"></label><br>
-          <input size="50" id="new-rule-host" type="text" disabled><br>
-          <div id="new-rule-regular-text">
-            <a href="javascript:void 0" id="new-rule-show-advanced-link" data-i18n="chrome_show_advanced"></a><br>
-          </div>
-          <div id="new-rule-advanced" style="display: none">
-            <a href="javascript:void 0" id="new-rule-hide-advanced-link" data-i18n="chrome_hide_advanced"></a><br>
-            <br>
-            <label for="new-rule-name" data-i18n="chrome_rule_name"></label><br>
-            <input size="50" id="new-rule-name" type="text"><br>
-            <label for="new-rule-regex" data-i18n="chrome_regex"></label><br>
-            <input size="50" id="new-rule-regex" type="text"><br>
-            <label for="new-rule-redirect" data-i18n="chrome_redirect_to"></label><br>
-            <input size="50" id="new-rule-redirect" type="text"><br>
-          </div>
-          <button id="add-new-rule-button" data-i18n="chrome_add_new_rule"></button><br>
-          <button id="cancel-new-rule" data-i18n="chrome_status_cancel_button"></button>
-        </div>
+    <section id="RuleManagement" class="settings_block">
+      <section id="settingsForThisSite">
+        <h1 data-i18n="chrome_settings_for_this_site_header"></h1>
+        <h2 data-i18n="chrome_settings_for_this_site_subheader"></h2>
       </section>
-
-      <section id="StableRules" class="rules">
-        <h3 data-i18n="chrome_stable_rules"></h3>
-        <p class="description" data-i18n="chrome_stable_rules_description"></p>
+      <section id="disableEnableSection">
+          <a href="javascript:void 0" id="disable-on-this-site" class="button" data-i18n="chrome_disable_on_this_site"></a>
+          <a href="javascript:void 0" id="enable-on-this-site" class="button" data-i18n="chrome_enable_on_this_site"></a>
       </section>
+      <div id="RuleManagement__see_more--prompt" class="see_more__prompt" aria-label="Listen or See more for explanation">
+        <span id="RuleManagement__see_more" class="see_more__arrow down"></span>
+        <span class="see_more__text" data-i18n="menu_seeMore"></span>
+      </div>
+      <div class="see_more__content hide">
+        <p class="see_more--clarified" data-i18n="chrome_settings_for_this_site_explained"></p>
 
-      <section id="UnstableRules" class="rules">
-        <h3 data-i18n="chrome_experimental_rules"></h3>
-        <p class="description" data-i18n="chrome_experimental_rules_description"></p>
-      </section>
-    </div>
+        <section id="addRuleSection">
+          <a href="javascript:void 0" id="add-rule-link" class="button" data-i18n="chrome_add_rule"></a>
+          <div id="add-new-rule-div" style="display: none">
+            <h3 data-i18n="about_add_new_rule"></h3>
+            <p data-i18n="chrome_always_https_for_host"></p>
+            <label for="new-rule-host" data-i18n="chrome_host" class="label_nontoggle"></label>
+            <input size="50" id="new-rule-host" type="text" disabled><br>
+            <div id="new-rule-regular-text">
+              <a href="javascript:void 0" id="new-rule-show-advanced-link" class="button" data-i18n="chrome_show_advanced"></a><br>
+            </div>
+            <div id="new-rule-advanced" style="display: none">
+              <a href="javascript:void 0" id="new-rule-hide-advanced-link" class="button" data-i18n="chrome_hide_advanced"></a><br>
+              <label for="new-rule-name" data-i18n="chrome_rule_name" class="label_nontoggle"></label>
+              <input size="50" id="new-rule-name" type="text">
+              <label for="new-rule-regex" data-i18n="chrome_regex" class="label_nontoggle"></label>
+              <input size="50" id="new-rule-regex" type="text">
+              <label for="new-rule-redirect" data-i18n="chrome_redirect_to" class="label_nontoggle"></label>
+              <input size="50" id="new-rule-redirect" type="text">
+            </div>
+            <button id="add-new-rule-button" class="button" data-i18n="chrome_add_new_rule"></button>
+            <button id="cancel-new-rule" class="button" data-i18n="chrome_status_cancel_button"></button>
+          </div>
+        </section>
+
+        <section id="StableRules" class="rules">
+          <h3 data-i18n="chrome_stable_rules"></h3>
+          <span id="RuleManagement--counter"></span>
+          <h2 class="description" data-i18n="chrome_stable_rules_description"></h2>
+        </section>
+
+        <section id="UnstableRules" class="rules">
+          <h3 data-i18n="chrome_experimental_rules"></h3>
+          <h2 class="description" data-i18n="chrome_experimental_rules_description"></h2>
+        </section>
+      </div>
+    </section>
+
+    <section id="resetButton" class="options">
+      <a href="javascript:void 0" id="reset-to-defaults" class="button" data-i18n="prefs_reset_defaults"></a>
+    </section>
 
     <footer>
-      <a id="viewAllRules" href="https://www.eff.org/https-everywhere/atlas" target="_blank" data-i18n="menu_viewAllRules"></a><br>
-      <br>
-      <a id="aboutTitle" href="https://www.eff.org/https-everywhere" target="_blank" data-i18n="about_title"></a><br>
-      <br>
-      <a id="donateEFF" href="https://supporters.eff.org/donate/support-https-everywhere" target="_blank" data-i18n="menu_donate_eff_imperative"></a>
-      <p><small>(<span data-i18n="about_version">Version</span>: <span id="current-version"></span>)</small></p>
+      <a class="button" id="viewAllRules" href="https://atlas.eff.org/index.html" target="_blank" data-i18n="menu_viewAllRules"></a>
+      <a class="button" id="aboutTitle" href="https://www.eff.org/https-everywhere" target="_blank" data-i18n="about_title"></a>
+      <a class="button" id="donateEFF" href="https://supporters.eff.org/donate/support-https-everywhere" target="_blank" data-i18n="menu_donate_eff_imperative"></a>
     </footer>
 
   </body>
diff --git a/chromium/pages/popup/style.css b/chromium/pages/popup/style.css
index 1a520badf730..304f2f8bf23f 100644
--- a/chromium/pages/popup/style.css
+++ b/chromium/pages/popup/style.css
@@ -1,127 +1,313 @@
-html {
-  background-color: #fff
-}
+@import "../main.css";
 
 body {
-  cursor: default;
-  margin-left: 1em;
-  margin-right: 1em;
-  margin-top: 0;
-  margin-bottom: 0;
-  min-width: 20em;
+  color: var(--text-secondary);
   font-family: 'Lucida Grande', 'Segoe UI', Tahoma, 'DejaVu Sans', Arial, sans-serif;
-  font-size: 75%;
-  color: #303942;
+  margin: 0;
+  max-width: 400px;
+  min-width: 360px;
 }
 
-p {
-  line-height: 1.8em;
+header {
+  background-color: var(--light-grey);
+  color: var(--text-main);
+  display: flex;
+  padding: var(--space);
 }
 
-h1, h2, h3 {
-  user-select: none;
-  font-weight: normal;
-  line-height: 1;
+header h1 {
+  font-size: 2em;
+}
+
+header .logo-container {
+  margin: var(--space);
+  width: 85%;
+}
+
+header .logo-container img {
+  width: 100%;
+}
+
+header small {
+  color: #000;
+  display: block;
+  font-size: .70em;
+  font-weight: bold;
+  margin: 1%;
+  width: 100%;
 }
 
 h1 {
-  font-size: 1.5em;
+  font-size: 16px;
+  margin: var(--space) auto
 }
 
 h2 {
-  font-size: 1.3em;
-  margin-bottom: 0.4em;
+  clear: both;
+  font-size: 12px;
+  font-weight: normal;
+  margin: 0;
 }
 
 h3 {
-  color: black;
-  font-size: 1.2em;
-  margin-bottom: 0.8em;
+  font-size: 16px;
 }
 
-a {
-  color: #15c;
-  text-decoration: underline;
+h1,
+h2 {
+  color: var(--text-main);
 }
 
-a:active {
-  color: #052577;
+footer {
+  display: inline-flex;
+  margin: var(--space);
 }
 
-/* Don't wrap text for important stuff. */
-h1, h2, h3, .rule {
-  white-space: nowrap;
+footer a.button {
+  margin: var(--space);
 }
 
-/* Hide rules & options if the extension is off. */
-.disabled #RuleManagement,.disabled #HttpNowhere {
-  display: none;
+/* Elements */
+.settings_block {
+  padding: 5px 1em 20px 1em;
+  border-bottom: var(--light-grey) solid 1px;
 }
 
-/* Initially hide section (until rules get added). */
-section.rules {
-  display: none;
+.see_more__prompt {
+  color: var(--text-main);
+  cursor: pointer;
+  font-size: 12px;
+  float: right;
+  margin: 5px 0;
+  padding: 10px 0;
 }
 
-.rule {
+.see_more__arrow {
+  border: solid var(--darker-blue);
+  border-width: 0 3px 3px 0;
+  float: right;
+  margin-left: 10px;
+  margin-top: 3px;
+  padding: 3px;
+}
+
+.see_more__content.show p {
+  font-size: 12px;
+  margin: 10px 0;
+}
+
+.down {
+  transform: rotate(45deg);
+}
+
+.up {
+  transform: rotate(-135deg);
+}
+
+input[type=checkbox] {
+  opacity: 0;
+}
+
+label {
+  background: grey;
+  border-radius: 25px;
+  color: var(--text-main);
+  cursor: pointer;
+  display: block;
+  float: right;
+  font-weight: bold;
+  height: 30px;
+  position: relative;
+  text-indent: -400px;
+  width: 50px;
+}
+
+label:after {
+  background: #fff;
+  border-radius: 90px;
+  content: '';
+  height: 20px;
+  left: 5px;
+  position: absolute;
+  top: 5px;
+  transition: 0.3s; /* Acts on transform below */
+  width: 20px;
+}
+input:checked+label {
+  background: var(--https-blue);
+}
+/* position  when checked*/
+input:checked+label:after {
+  left: calc(100% - 5px);
+  transform: translateX(-100%);
+}
+
+.label_nontoggle {
+  background: none;
+  border-radius: 0;
+  color: var(--text-main);
+  display: block;
+  font-weight: normal;
+  height: inherit;
+  position: relative;
+  text-indent: 0;
+  width: auto;
+}
+
+.label_nontoggle:after {
+  background: none;
+  border-radius: 0;
+  content: none;
+  height: auto;
+  left: initial;
+  position: relative;
+  top: initial;
+  transition: none;
+  width: auto;
+}
+
+/* Specific rules */
+.rule.checkbox {
+  clear: both;
+  margin: 5% auto;
+}
+
+.rule.checkbox .remove {
+  float: left;
+}
+
+.rule.checkbox label {
+  font-size: 12px;
+  font-weight: normal;
   height: 25px;
+  text-indent: -285px;
+  width: 40px;
+}
+.rule.checkbox label:after {
+  border-radius: 20px;
+  height: 15px;
+  width: 15px;
 }
 
-.rule label {
-  padding: 0;
-  max-width: 93%;
-  overflow: hidden;
+#disable-on-this-site {
+  clear: both;
 }
 
-/* Underline rules that have notes. */
-.rule [title] {
-  border-bottom: 1px dotted;
-  cursor: help;
+#disableButton {
+  display: block;
 }
 
-input[type='checkbox'] {
-  vertical-align: middle;
+#HttpNowhere h1,
+#disableButton h1 {
+  float: left;
 }
 
-.rule input[type='checkbox'] {
-  margin: 0;
+#RuleManagement {
+  padding: 5px 1em 10px 1em;
+}
+
+#settingsForThisSite h1 {
+  float: left;
 }
 
-.rule span {
-  margin-left: 0.6em;
+#addRuleSection label,
+#addRuleSection button {
+  font-size: 14px;
+  width: 100%;
 }
 
-.rule img.remove {
+#addRuleSection input {
+  background: #fff;
+  border: 1px solid #000;
   float: right;
+  margin: 5px auto;
+  padding: 5px;
+  width: 95%;
 }
 
-header {
-  border-bottom: 1px solid #eee;
+#new-rule-advanced,
+#new-rule-regular-text {
+  margin-top: 40px;
 }
 
-header > h1 {
-  margin: 0;
-  padding: 21px 0 13px;
+#HttpNowhere {
+  display: block;
+  padding: 5px 1em;
 }
 
-section {
-  padding-left: 18px;
-  padding-top: 9px;
-  padding-bottom: 9px;
+#StableRules h3 {
+  float: left;
+  margin: 10px;
+}
+#StableRules h2 {
+  margin-left: 10px;
+}
+#StableRules #RuleManagement--counter {
+  background: var(--darker-blue);
+  border-radius: 20px;
+  color: #fff;
+  display: block;
+  float: left;
+  font-size: 12px;
+  font-weight: bold;
+  height: 15px;
+  margin-top: 8px;
+  padding: 5px;
+  text-align: center;
+  width: 15px;
 }
 
-section > h3 {
-  margin-left: -18px;
+/* Event based */
+.see_more--clarified {
+  font-size: 12px;
 }
 
-footer {
-  border-top: 1px solid #eee;
-  margin-top: 8px;
-  padding-top: 8px;
-  padding-bottom: 8px;
+/* Hide rules & options if the extension is off. */
+.disabled #RuleManagement,
+.disabled #HttpNowhere {
+  display: none;
 }
 
 /* By default the "Add a rule" link is hidden. It's shown on HTTPS sites only. */
-#add-rule-link {
+#addRuleSection {
   display: none;
 }
+
+#rulesets-versions {
+  display: block;
+  clear: both;
+}
+
+.rulesets-version {
+  display: block;
+}
+
+#resetButton {
+  display: inline-flex;
+  margin: 10px;
+  width: 95%;
+}
+#reset-to-defaults {
+  width: 100%;
+}
+
+/* Initially hide section (until rules get added). */
+section.rules {
+  display: none;
+}
+
+/* For "see more" content */
+.hide {
+  height: 0;
+  opacity: 0;
+  overflow: hidden;
+  transition: 0s;
+  visibility: hidden;
+}
+
+.show {
+  clear: both;
+  opacity: 1;
+  transition: visibility 0s linear 0s, opacity 300ms;
+  visibility: visible;
+}
diff --git a/chromium/pages/popup/ux.js b/chromium/pages/popup/ux.js
index 980d7da75d15..f38f22535b82 100644
--- a/chromium/pages/popup/ux.js
+++ b/chromium/pages/popup/ux.js
@@ -1,86 +1,134 @@
+/* global e */
+/* global hide */
+/* global show */
 /* global sendMessage */
+/* global getOption_ */
+/* global setOption_ */
 
 "use strict";
 
-var stableRules = null;
-var unstableRules = null;
-
-function e(id) {
-  return document.getElementById(id);
-}
-
 /**
  * Handles rule (de)activation in the popup
- * @param checkbox checkbox being clicked
- * @param ruleset the ruleset tied tot he checkbox
  */
-function toggleRuleLine(checkbox, ruleset, tab_id) {
-  var ruleset_active = checkbox.checked;
-  var set_ruleset = {
-    active: ruleset_active,
-    name: ruleset.name,
-    tab_id: tab_id
-  };
-
-  sendMessage("set_ruleset_active_status", set_ruleset, function(){
-
-    if (ruleset_active == ruleset.default_state) {
+function toggleRuleLine(event) {
+  getTab(activeTab => {
+    const set_ruleset = {
+      active: event.target.checked,
+      name: event.target.parentNode.innerText,
+      tab_id: activeTab.id,
+    };
+
+    sendMessage("set_ruleset_active_status", set_ruleset, () => {
       // purge the name from the cache so that this unchecking is persistent.
-      sendMessage("delete_from_ruleset_cache", ruleset.name);
-    }
-
-    // Now reload the selected tab of the current window.
-    chrome.tabs.reload();
+      sendMessage("delete_from_ruleset_cache", set_ruleset.name, () => {
+        // Now reload the selected tab of the current window.
+        chrome.tabs.reload(set_ruleset.tab_id);
+      });
+    });
   });
 }
 
 /**
- * Creates a rule line (including checkbox and icon) for the popup
- * @param ruleset the ruleset to build the line for
- * @returns {*}
+ * @param {object} event
+ * @description Toggles content for user to view rules and explanations for different modes
  */
-function appendRuleLineToListDiv(ruleset, list_div, tab_id) {
-
-  // parent block for line
-  var line = document.createElement("div");
-  line.className = "rule checkbox";
-
-  // label "container"
-  var label = document.createElement("label");
-
-  // checkbox
-  var checkbox = document.createElement("input");
-  checkbox.type = "checkbox";
-  checkbox.checked = ruleset.active;
-  checkbox.onchange = function() {
-    toggleRuleLine(checkbox, ruleset, tab_id);
-  };
-  label.appendChild(checkbox);
-
-  // label text
-  var text = document.createElement("span");
-  text.innerText = ruleset.name;
-  if (ruleset.note.length) {
-    text.title = ruleset.note;
+function toggleSeeMore(event) {
+  let target = event.target;
+  let content;
+
+  if (target !== this) {
+    content = document.querySelector('.see_more__content');
+  } else {
+    content = target.parentNode.querySelector('.see_more__content');
   }
 
-  if(ruleset.note == "user rule") {
-    var remove = document.createElement("img");
-    remove.src = chrome.extension.getURL("images/remove.png");
-    remove.className = "remove";
-    line.appendChild(remove);
+  let arrow  = target.parentNode.querySelector('.see_more__arrow');
+  let text = target.parentNode.querySelector('.see_more__text');
 
-    remove.addEventListener("click", function(){
-      sendMessage("remove_rule", ruleset);
-      list_div.removeChild(line);
-    });
+  if(arrow.classList.contains('down')) {
+    arrow.classList.replace('down', 'up');
+    text.innerText = chrome.i18n.getMessage("menu_seeLess");
+  } else if (arrow.classList.contains('up')) {
+    arrow.classList.replace('up', 'down');
+    text.innerText = chrome.i18n.getMessage("menu_seeMore");
   }
 
-  label.appendChild(text);
-
-  line.appendChild(label);
+  if (content.classList.contains('hide')) {
+    content.classList.replace('hide', 'show');
+  } else if (content.classList.contains('show')) {
+    content.classList.replace('show', 'hide');
+  }
+}
 
-  list_div.appendChild(line);
+/**
+ * Creates rule lines (including checkbox and icon) for the popup
+ * @param rulesets
+ * @param list_div
+ * @param {string} ruleType
+ * @returns {*}
+ */
+function appendRulesToListDiv(rulesets, list_div, ruleType) {
+  if (rulesets && rulesets.length) {
+    // template parent block for each ruleset
+    let templateLine = document.createElement("div");
+    templateLine.className = "rule checkbox";
+
+    // label "container"
+    let templateLabel = document.createElement("label");
+
+    // checkbox
+    let templateCheckbox = document.createElement("input");
+    templateCheckbox.type = "checkbox";
+
+    // label text
+    let templateLabelText = document.createElement("span");
+
+    // img "remove" button
+    let templateRemove = document.createElement("img");
+    templateRemove.src = chrome.runtime.getURL("images/remove.png");
+    templateRemove.className = "remove";
+
+    templateLine.appendChild(templateCheckbox);
+    templateLabel.appendChild(templateLabelText);
+    templateLine.appendChild(templateLabel);
+
+    let increment = 0;
+
+    for (const ruleset of rulesets) {
+      increment++;
+      let line = templateLine.cloneNode(true);
+      let checkbox = line.querySelector("input[type=checkbox]");
+      let label = line.querySelector("label");
+      let text = line.querySelector("span");
+
+      // For each "id" attribute in each checkbox input and "for" attribute in label
+      checkbox.setAttribute("id", `${ruleType}_ruleset_${increment}`);
+      label.setAttribute("for", `${ruleType}_ruleset_${increment}`);
+
+      checkbox.checked = ruleset.active;
+      text.innerText = ruleset.name;
+
+      // Add listener to capture the toggle event
+      line.addEventListener("click", toggleRuleLine);
+
+      if (ruleset.note && ruleset.note.length) {
+        line.title = ruleset.note;
+
+        if (ruleset.note === "user rule") {
+          let remove = templateRemove.cloneNode(true);
+          line.appendChild(remove);
+
+          remove.addEventListener("click", () => {
+            sendMessage("remove_rule", { ruleset, src: 'popup' }, () => {
+              list_div.removeChild(line);
+            });
+          });
+        }
+      }
+      list_div.appendChild(line);
+    }
+    show(list_div);
+  }
 }
 
 function showHttpNowhereUI() {
@@ -88,6 +136,11 @@ function showHttpNowhereUI() {
   getOption_('httpNowhere', false, function(item) {
     if (item.httpNowhere) {
       e('http-nowhere-checkbox').checked = true;
+      e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOn");
+      e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedBlocked");
+    } else {
+      e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOff");
+      e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedAllowed");
     }
     e('HttpNowhere').style.visibility = "visible";
   });
@@ -96,54 +149,58 @@ function showHttpNowhereUI() {
 // Change the UI to reflect extension enabled/disabled
 function updateEnabledDisabledUI() {
   getOption_('globalEnabled', true, function(item) {
-    document.getElementById('onoffswitch').checked = item.globalEnabled;
+    e('onoffswitch').checked = item.globalEnabled;
     e('disableButton').style.visibility = "visible";
     // Hide or show the rules sections
     if (item.globalEnabled) {
-      document.body.className = ""
-      showHttpNowhereUI()
+      document.body.className = "";
+      e('onoffswitch_label').innerText = chrome.i18n.getMessage("menu_globalEnable");
+      showHttpNowhereUI();
     } else {
-      document.body.className = "disabled"
+      document.body.className = "disabled";
+      e('onoffswitch_label').innerText = chrome.i18n.getMessage("menu_globalDisable");
     }
   });
 }
 
 // Toggle extension enabled/disabled status
 function toggleEnabledDisabled() {
-  var extension_toggle_effect = function(){
+  let extension_toggle_effect = function() {
     updateEnabledDisabledUI();
-    // The extension state changed, so reload this tab.
-    chrome.tabs.reload();
-    window.close();
-  }
+    // The extension state changed, give some time for toggle animation and reload tab
+    setTimeout(function() {
+      chrome.tabs.reload();
+      window.close();
+    }, 1500);
+  };
 
   getOption_('globalEnabled', true, function(item) {
     setOption_('globalEnabled', !item.globalEnabled, extension_toggle_effect);
   });
-
 }
 
 /**
- * Create the list of rules for a specific tab
- * @param tabArray
+ * @description Create the list of rules for a specific tab
+ * @param activeTab
  */
-function gotTab(activeTab) {
-  sendMessage("get_active_rulesets", activeTab.id, function(rulesets) {
+function listRules(activeTab) {
+  sendMessage("get_applied_rulesets", activeTab.id, function(rulesets) {
     if (rulesets) {
-      for (const ruleset of rulesets) {
-        let listDiv = stableRules;
+      // show the number of potentially applicable rulesets
+      let counter = rulesets.length;
+      let counterElement = document.querySelector("#RuleManagement--counter");
+      counterElement.innerText = counter;
 
-        if (!ruleset.default_state) {
-          listDiv = unstableRules;
-        }
-        appendRuleLineToListDiv(ruleset, listDiv, activeTab.id);
-        listDiv.style.display = 'block';
-      }
+      const stableRules = rulesets.filter(ruleset => ruleset.default_state);
+      const unstableRules = rulesets.filter(ruleset => !ruleset.default_state);
+
+      appendRulesToListDiv(stableRules, e("StableRules"), 'stable');
+      appendRulesToListDiv(unstableRules, e("UnstableRules"), 'unstable');
     }
 
-    // Only show the "Add a rule" link if we're on an HTTPS page
+    // Only show the "Add a rule" section if we're on an HTTPS page
     if (/^https:/.test(activeTab.url)) {
-      show(e("add-rule-link"));
+      show(e("addRuleSection"));
     }
   });
 }
@@ -152,35 +209,97 @@ function gotTab(activeTab) {
  * Fill in content into the popup on load
  */
 document.addEventListener("DOMContentLoaded", function () {
-  stableRules = document.getElementById("StableRules");
-  unstableRules = document.getElementById("UnstableRules");
-  getTab(gotTab);
+  getTab(tab => {
+    const url = new URL(tab.url);
+    sendMessage("check_if_site_disabled", url.host, disabled => {
+      if(!disabled) {
+        listRules(tab);
+      }
+      showEnableOrDisable(url, disabled);
+    });
+  });
 
   // Set up the enabled/disabled switch & hide/show rules
   updateEnabledDisabledUI();
-  document.getElementById('onoffswitch').addEventListener('click', toggleEnabledDisabled);
+  e('onoffswitch').addEventListener('click', toggleEnabledDisabled);
   e('http-nowhere-checkbox').addEventListener('click', toggleHttpNowhere, false);
+  e('RuleManagement__see_more--prompt').addEventListener('click', toggleSeeMore);
+
+  e('reset-to-defaults').addEventListener('click', () => {
+    sendMessage("is_firefox", null, is_firefox => {
+      if (is_firefox) {
+        sendMessage("reset_to_defaults", null, () => {
+          window.close();
+        });
+      } else {
+        if (confirm(chrome.i18n.getMessage("prefs_reset_defaults_message"))) {
+          sendMessage("reset_to_defaults", null, () => {
+            window.close();
+          });
+        }
+      }
+    });
+  });
 
   // Print the extension's current version.
   var the_manifest = chrome.runtime.getManifest();
-  var version_info = document.getElementById('current-version');
+  var version_info = e('current-version');
   version_info.innerText = the_manifest.version;
 
+  let rulesets_versions = e('rulesets-versions');
+
+  rulesets_versions.addSpan = function(update_channel_name, ruleset_version_string) {
+    let timestamp_span = document.createElement("span");
+    timestamp_span.className = "rulesets-version";
+    timestamp_span.innerText = `${chrome.i18n.getMessage("about_rulesets_version")} ${update_channel_name}: ${ruleset_version_string}`;
+    this.appendChild(timestamp_span);
+  };
+
+  sendMessage("get_update_channel_timestamps", null, timestamps => {
+    let replaces = timestamps.some(([update_channel, timestamp]) =>
+      update_channel.replaces_default_rulesets && timestamp > 0
+    );
+    if(!replaces) {
+      rulesets_versions.addSpan("EFF (Full, Bundled)", the_manifest.version);
+    }
+    for(let [update_channel, timestamp] of timestamps) {
+      if(timestamp > 0) {
+        let ruleset_date = new Date(timestamp * 1000);
+        let ruleset_version_string = ruleset_date.getUTCFullYear() + "." + (ruleset_date.getUTCMonth() + 1) + "." + ruleset_date.getUTCDate();
+
+        rulesets_versions.addSpan(update_channel.name, ruleset_version_string);
+      }
+    }
+  });
   e("aboutTitle").title = chrome.i18n.getMessage("about_title");
   e("add-rule-link").addEventListener("click", addManualRule);
+  e("disable-on-this-site").addEventListener("click", disableOnSite);
+  e("enable-on-this-site").addEventListener("click", enableOnSite);
 });
 
-
 var escapeForRegex = function( value ) {
   return value.replace(/[\-\[\]{}()*+?.,\\\^$|#\s]/g, "\\$&");
 };
 
-function hide(elem) {
-  elem.style.display = "none";
-}
-
-function show(elem) {
-  elem.style.display = "block";
+function showEnableOrDisable(url, disabled) {
+  if (["http:", "https:", "ftp:"].indexOf(url.protocol) != -1) {
+    const disableLink = e("disable-on-this-site");
+    const enableLink = e("enable-on-this-site");
+    const addRuleSection = e("addRuleSection");
+    const resetToDefaults = e('reset-to-defaults');
+    if (disabled) {
+      show(enableLink);
+      hide(disableLink);
+      hide(addRuleSection);
+      hide(resetToDefaults);
+    } else {
+      show(disableLink);
+      hide(enableLink);
+    }
+  } else {
+    const disableEnableSection = e("disableEnableSection");
+    hide(disableEnableSection);
+  }
 }
 
 /**
@@ -203,9 +322,14 @@ function addManualRule() {
 
     e("add-new-rule-button").addEventListener("click", function() {
       const params = {
-        host : e("new-rule-host").value,
-        redirectTo : e("new-rule-redirect").value,
-        urlMatcher : e("new-rule-regex").value
+        /**
+         * FIXME: the current implementation forbide users setting custom
+         * ruleset names...
+         */
+        name: e("new-rule-host").value,
+        target : [e("new-rule-host").value],
+        rule: [{ to: e("new-rule-redirect").value, from: e("new-rule-regex").value }],
+        default_off: "user rule"
       };
       sendMessage("add_new_rule", params, function() {
         location.reload();
@@ -229,22 +353,46 @@ function addManualRule() {
   });
 }
 
-function toggleHttpNowhere() {
-  getOption_('httpNowhere', false, function(item) {
-    setOption_('httpNowhere', !item.httpNowhere);
+/**
+ * Disable HTTPS Everywhere on a particular FQDN
+ */
+function disableOnSite() {
+  getTab(function(tab) {
+    const url = new URL(tab.url);
+    sendMessage("disable_on_site", url.host);
+    chrome.tabs.reload(tab.id);
+    window.close();
   });
 }
 
-function getOption_(opt, defaultOpt, callback) {
-  var details = {};
-  details[opt] = defaultOpt;
-  sendMessage("get_option", details, callback);
+function enableOnSite() {
+  getTab(function(tab) {
+    const url = new URL(tab.url);
+    sendMessage("enable_on_site", url.host);
+    chrome.tabs.reload(tab.id);
+    window.close();
+  });
 }
 
-function setOption_(opt, value, callback) {
-  var details = {};
-  details[opt] = value;
-  sendMessage("set_option", details, callback);
+/**
+ * @description Turns EASE Mode on and off
+ */
+function toggleHttpNowhere() {
+  getTab(tab => {
+    getOption_('httpNowhere', false, item => {
+      const enabled = !item.httpNowhere;
+      setOption_('httpNowhere', enabled, () => {
+        if (enabled) {
+          chrome.tabs.reload(tab.id);
+          e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOn");
+          e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedBlocked");
+        } else {
+          e('HttpNowhere__header').innerText = chrome.i18n.getMessage("menu_encryptAllSitesEligibleOff");
+          e('HttpNowhere__explained').innerText = chrome.i18n.getMessage("menu_httpNoWhereExplainedAllowed");
+        }
+      });
+    });
+  });
 }
 
 function getTab(callback) {
@@ -255,3 +403,15 @@ function getTab(callback) {
   }
   chrome.tabs.query({active: true, lastFocusedWindow: true}, tabs => callback(tabs[0]));
 }
+
+// This code fixes a Chromium-specific bug that causes links in extension popup
+// to open in regular tab even if the popup is opened in incognito mode.
+
+document.addEventListener('click', e => {
+  const { target } = e;
+
+  if (target.matches('a[target="_blank"]')) {
+    chrome.tabs.create({ url: target.href });
+    e.preventDefault();
+  }
+});
diff --git a/chromium/pages/send-message.js b/chromium/pages/send-message.js
deleted file mode 100644
index da8adf5763c0..000000000000
--- a/chromium/pages/send-message.js
+++ /dev/null
@@ -1,7 +0,0 @@
-/* exported sendMessage */
-
-"use strict";
-
-function sendMessage(type, object, callback) {
-  chrome.runtime.sendMessage({ type, object }, callback);
-}
diff --git a/chromium/pages/switch-planner/index.html b/chromium/pages/switch-planner/index.html
deleted file mode 100644
index 5150fc220483..000000000000
--- a/chromium/pages/switch-planner/index.html
+++ /dev/null
@@ -1,11 +0,0 @@
-<!doctype html>
-<html>
-  <head>
-    <meta charset="utf-8">
-    <title></title>
-  </head>
-  <body>
-    <div id="content"></div>
-    <script src="ux.js"></script>
-  </body>
-</html>
diff --git a/chromium/pages/switch-planner/ux.js b/chromium/pages/switch-planner/ux.js
deleted file mode 100644
index 1562f8f1445e..000000000000
--- a/chromium/pages/switch-planner/ux.js
+++ /dev/null
@@ -1,88 +0,0 @@
-"use strict";
-
-document.addEventListener("DOMContentLoaded", () => {
-  const background = chrome.extension.getBackgroundPage().require('./background');
-  var tab = document.location.search.match(/tab=([^&]*)/)[1];
-  var content = document.getElementById("content");
-
-  var nrw_text_div = document.createElement("div");
-  nrw_text_div.innerText = "Unrewritten HTTP resources loaded from this tab (enable HTTPS on these domains and add them to HTTPS Everywhere):"
-  var nrw_div = switchPlannerDetailsHtmlSection(
-    background.sortSwitchPlanner(tab, "nrw"),
-    background.switchPlannerInfo[tab]["nrw"]
-  );
-  var rw_text_div = document.createElement("div");
-  rw_text_div.style.marginTop = "20px";
-  rw_text_div.innerText = "Resources rewritten successfully from this tab (update these in your source code):"
-  var rw_div = switchPlannerDetailsHtmlSection(
-    background.sortSwitchPlanner(tab, "rw"),
-    background.switchPlannerInfo[tab]["rw"]
-  );
-
-  content.appendChild(nrw_text_div);
-  content.appendChild(nrw_div);
-  content.appendChild(rw_text_div);
-  content.appendChild(rw_div);
-});
-
-/**
- * Generate the detailed html fot the switch planner, by section
- * */
-function switchPlannerDetailsHtmlSection(asset_host_list, link_keys) {
-  var wrapper_div = document.createElement("div");
-  if (asset_host_list.length == 0) {
-    wrapper_div.style.fontWeight = "bold";
-    wrapper_div.innerText = "none";
-    return wrapper_div;
-  }
-
-  for (var i = asset_host_list.length - 1; i >= 0; i--) {
-    var host = asset_host_list[i][3];
-    var activeCount = asset_host_list[i][1];
-    var passiveCount = asset_host_list[i][2];
-
-    var div = document.createElement("div");
-    div.style.marginTop = "20px";
-    var b = document.createElement("b");
-    b.innerText = host;
-    div.appendChild(b);
-
-    if (activeCount > 0) {
-      var active_div = document.createElement("div");
-      active_div.appendChild(document.createTextNode(activeCount + " active"));
-      for (const link of linksFromKeys(link_keys[host][1])) {
-        active_div.appendChild(link);
-      }
-      div.appendChild(active_div);
-    }
-    if (passiveCount > 0) {
-      var passive_div = document.createElement("div");
-      passive_div.appendChild(document.createTextNode(passiveCount + " passive"));
-      for (const link of linksFromKeys(link_keys[host][0])) {
-        passive_div.appendChild(link);
-      }
-      div.appendChild(passive_div);
-    }
-    wrapper_div.appendChild(div);
-  }
-  return wrapper_div;
-}
-
-/**
- * Generate a HTML link from urls in map
- * map: the map containing the urls
- * */
-function linksFromKeys(map) {
-  if (typeof map == 'undefined') return "";
-  var links = [];
-  for (var key in map) {
-    if (map.hasOwnProperty(key)) {
-      var link = document.createElement("a");
-      link.style.display = "block";
-      link.href = key;
-      link.innerText = key;
-      links.push(link);
-    }
-  }
-  return links;
-}
diff --git a/chromium/pages/translation.js b/chromium/pages/translation.js
index 5cdbd9925264..c6c3163ab9a6 100644
--- a/chromium/pages/translation.js
+++ b/chromium/pages/translation.js
@@ -3,6 +3,6 @@
 document.addEventListener("DOMContentLoaded", () => {
   // Auto-translate all elements with data-i18n attributes
   for (const element of document.querySelectorAll("[data-i18n]")) {
-    element.innerText = chrome.i18n.getMessage(element.getAttribute("data-i18n"));
+    element.innerText = chrome.i18n.getMessage(element.getAttribute("data-i18n")).replace(/&quot;/g,"\"");
   }
 });
diff --git a/chromium/pages/util.js b/chromium/pages/util.js
new file mode 100644
index 000000000000..4e5aea4f9acd
--- /dev/null
+++ b/chromium/pages/util.js
@@ -0,0 +1,46 @@
+/* exported e */
+/* exported hide */
+/* exported show */
+/* exported sendMessage */
+/* exported getOption_ */
+/* exported setOption_ */
+
+"use strict";
+
+/**
+ * Element helper functions
+ */
+function e(id) {
+  return document.getElementById(id);
+}
+
+function hide(elem) {
+  elem.style.display = "none";
+}
+
+function show(elem) {
+  elem.style.display = "block";
+}
+
+function sendMessage(type, object, callback) {
+  chrome.runtime.sendMessage({ type, object }, callback);
+}
+
+/**
+* Get an option from global settings
+* @param {string} opt
+* @param {mixed} defaultOpt
+* @param {object} callback
+* @returns mixed
+*/
+function getOption_(opt, defaultOpt, callback) {
+  let details = {};
+  details[opt] = defaultOpt;
+  sendMessage("get_option", details, callback);
+}
+
+function setOption_(opt, value, callback) {
+  var details = {};
+  details[opt] = value;
+  sendMessage("set_option", details, callback);
+}
diff --git a/chromium/test/example.rulesets.gz b/chromium/test/example.rulesets.gz
new file mode 100644
index 000000000000..401811763ff8
Binary files /dev/null and b/chromium/test/example.rulesets.gz differ
diff --git a/chromium/test/incognito_test.js b/chromium/test/incognito_test.js
index 75eede4a4cff..64cbe5ab8aa5 100644
--- a/chromium/test/incognito_test.js
+++ b/chromium/test/incognito_test.js
@@ -1,4 +1,4 @@
-'use strict'
+'use strict';
 
 const expect = require('chai').expect,
   tu = require('./testing_utils'),
@@ -19,11 +19,11 @@ describe('incognito.js', function() {
       this.callbackCalled = false;
       this.callback = () => this.callbackCalled = true;
       this.instance = incognito.onIncognitoDestruction(this.callback);
-    })
+    });
 
     it('no incognito session by default', function() {
       expect(incognito.state.incognito_session_exists).to.be.false;
-    })
+    });
 
     it('with no incognito, callback not called', async function() {
       incognito.state.incognito_session_exists = false;
@@ -54,6 +54,6 @@ describe('incognito.js', function() {
     it('detects when an incognito window is created', function() {
       this.instance.detect_incognito_creation({incognito: true});
       expect(incognito.state.incognito_session_exists, 'constant changed').to.be.true;
-    })
+    });
   });
 });
diff --git a/chromium/test/ip_utils_test.js b/chromium/test/ip_utils_test.js
new file mode 100644
index 000000000000..6301872ae646
--- /dev/null
+++ b/chromium/test/ip_utils_test.js
@@ -0,0 +1,92 @@
+'use strict';
+
+const { parseIp, isIpInRange, isLocalIp } = require('../background-scripts/ip_utils');
+
+const assert = require('chai').assert;
+
+describe('ip_utils.js', () => {
+  describe('parseIp', () => {
+    it('rejects an empty string', () => {
+      assert(parseIp('') === -1);
+    });
+
+    it('rejects a string consisting entirely of dots', () => {
+      assert(parseIp('.') === -1);
+      assert(parseIp('..') === -1);
+      assert(parseIp('...') === -1);
+      assert(parseIp('....') === -1);
+    });
+
+    it('rejects a string consisting only of digits', () => {
+      assert(parseIp('1') === -1);
+    });
+
+    it('rejects a string not consisting of four parts separated by dots', () => {
+      assert(parseIp('1.1') === -1);
+      assert(parseIp('1.1.1') === -1);
+      assert(parseIp('1.1.1.1.1') === -1);
+    });
+
+    it('rejects a well-formed IP address followed by one or multiple trailing dots', () => {
+      assert(parseIp('1.1.1.1.') === -1);
+      assert(parseIp('1.1.1.1..') === -1);
+      assert(parseIp('1.1.1.1...') === -1);
+    });
+
+    it('rejects an IP address-like string with omitted parts', () => {
+      assert(parseIp('.1.1.1') === -1);
+      assert(parseIp('1..1.1') === -1);
+      assert(parseIp('1.1..1') === -1);
+      assert(parseIp('1.1.1.') === -1);
+    });
+
+    it('rejects an IP address-like string with invalid parts', () => {
+      assert(parseIp('192.168.1.256') === -1);
+      assert(parseIp('192.168.256.1') === -1);
+      assert(parseIp('192.256.1.1') === -1);
+      assert(parseIp('256.168.1.1') === -1);
+      assert(parseIp('256.168.1.-1') === -1);
+    });
+
+    it('correctly parses well-formed IP addresses', () => {
+      assert(parseIp('192.168.0.1') === 0xc0a80001);
+      assert(parseIp('127.0.0.1') === 0x7f000001);
+      assert(parseIp('1.1.1.1') === 0x01010101);
+      assert(parseIp('8.8.8.8') === 0x08080808);
+    });
+  });
+
+  describe('isIpInRange', () => {
+    it('correctly detects if IP is in range', () => {
+      assert(isIpInRange(0xabadcafe, [0x00000000, 0x00000000]));
+      assert(isIpInRange(0x7f000001, [0x7f000000, 0xff000000]));
+      assert(isIpInRange(0xc0a80001, [0xc0a80000, 0xffff0000]));
+      assert(isIpInRange(0xc0a80101, [0xc0a80100, 0xffffff00]));
+      assert(isIpInRange(0xdeadbeef, [0xdeadbeef, 0xffffffff]));
+    });
+
+    it('correctly detects if IP is outside of range', () => {
+      assert(!isIpInRange(0xaaaaaaaa, [0xdeadbeef, 0xffffffff]));
+      assert(!isIpInRange(0xaaaaaaaa, [0x7f000000, 0xff000000]));
+      assert(!isIpInRange(0xaaaaaaaa, [0xc0a80000, 0xffff0000]));
+    });
+  });
+
+  describe('isLocalIp', () => {
+    it('correctly detects if IP is a private network or loopback address', () => {
+      assert(isLocalIp(0x00000000));
+      assert(isLocalIp(0x7fabcdef));
+      assert(isLocalIp(0x0aabcdef));
+      assert(isLocalIp(0xc0a8abcd));
+      assert(isLocalIp(0xac1abcde));
+    });
+
+    it('correctly detects if IP is not a private network or loopback address', () => {
+      assert(!isLocalIp(0x00abcdef));
+      assert(!isLocalIp(0x01010101));
+      assert(!isLocalIp(0x01000001));
+      assert(!isLocalIp(0x08080808));
+      assert(!isLocalIp(0x08080404));
+    });
+  });
+});
diff --git a/chromium/test/rules_test.js b/chromium/test/rules_test.js
index 89219d1f84b9..ae31ad0060ba 100644
--- a/chromium/test/rules_test.js
+++ b/chromium/test/rules_test.js
@@ -1,41 +1,36 @@
-'use strict'
+'use strict';
+
+const text_encoding = require('text-encoding');
+global.TextDecoder = text_encoding.TextDecoder;
+global.TextEncoder = text_encoding.TextEncoder;
+global.self = global;
+require("../../lib-wasm/pkg/https_everywhere_lib_wasm.js");
 
 const assert = require('chai').assert,
   rules = require('../background-scripts/rules');
 
-const Exclusion = rules.Exclusion,
-  Rule = rules.Rule,
+const Rule = rules.Rule,
   RuleSet = rules.RuleSet,
-  RuleSets = rules.RuleSets;
+  RuleSets = rules.RuleSets,
+  getRule = rules.getRule;
 
 
 describe('rules.js', function() {
   let test_str = 'test';
 
-  describe('nullIterable', function() {
-    it('is iterable zero times and is size 0', function() {
-      let count = 0;
-      for (let _ of rules.nullIterable) { // eslint-disable-line no-unused-vars
-        count += 1;
-      }
-      assert.strictEqual(count, 0);
-      assert.strictEqual(rules.nullIterable.size,  0);
-      assert.isEmpty(rules.nullIterable);
-    });
-  });
-
-  describe('Exclusion', function() {
-    it('constructs', function() {
-      let exclusion = new Exclusion(test_str);
-      assert.isTrue(exclusion.pattern_c.test(test_str), true);
-    });
-  });
-
   describe('Rule', function() {
     it('constructs trivial rule', function() {
       let rule = new Rule('^http:', 'https:');
-      assert.equal(rule.to, rules.trivial_rule_to);
-      assert.equal(rule.from_c, rules.trivial_rule_from_c);
+      assert.equal(rule.to, rules.trivial_rule.to);
+      assert.deepEqual(rule.from_c, rules.trivial_rule.from_c);
+    });
+  });
+
+  describe('getRule', function() {
+    it('returns trivial rule object', function() {
+      let trivial = rules.trivial_rule;
+      let rule = getRule('^http:', 'https:');
+      assert.equal(rule, trivial);
     });
   });
 
@@ -46,7 +41,7 @@ describe('rules.js', function() {
 
     describe('#apply', function() {
       it('excludes excluded uris', function() {
-        this.ruleset.exclusions = [new Exclusion(test_str)];
+        this.ruleset.exclusions = new RegExp(test_str);
         assert.isNull(this.ruleset.apply(test_str));
       });
 
@@ -73,8 +68,8 @@ describe('rules.js', function() {
       it('not equivalent with different exclusions', function() {
         let rs_a = new RuleSet(...inputs),
           rs_b = new RuleSet(...inputs);
-        rs_a.exclusions = [new Exclusion('foo')];
-        rs_b.exclusions = [new Exclusion('bar')];
+        rs_a.exclusions = new RegExp('foo');
+        rs_b.exclusions = new RegExp('bar');
 
         assert.isFalse(rs_a.isEquivalentTo(rs_b));
       });
@@ -93,7 +88,7 @@ describe('rules.js', function() {
         assert.isTrue(rs.isEquivalentTo(rs));
       });
     });
-  })
+  });
 
   describe('RuleSets', function() {
     let rules_json = [{
@@ -102,7 +97,8 @@ describe('rules.js', function() {
         to: "https:",
         from: "^http:"
       }],
-      target: ["freerangekitten.com", "www.freerangekitten.com"]
+      target: ["freerangekitten.com", "www.freerangekitten.com"],
+      exclusion: ["foo", "bar"]
     }];
 
     beforeEach(function() {
@@ -112,9 +108,14 @@ describe('rules.js', function() {
     describe('#addFromJson', function() {
       it('can add a rule', function() {
         this.rsets.addFromJson(rules_json);
-
         assert.isTrue(this.rsets.targets.has('freerangekitten.com'));
       });
+
+      it('parses exclusions', function() {
+        this.rsets.addFromJson(rules_json);
+        let rs = [...this.rsets.targets.get('freerangekitten.com')][0];
+        assert.strictEqual(rs.exclusions.source, "foo|bar");
+      });
     });
 
     describe('#rewriteURI', function() {
@@ -124,12 +125,21 @@ describe('rules.js', function() {
 
         let newuri = this.rsets.rewriteURI('http://' + host + '/', host);
 
-        assert.strictEqual(newuri, 'https://' + host + '/', 'protocol changed to https')
-      })
+        assert.strictEqual(newuri, 'https://' + host + '/', 'protocol changed to https');
+      });
 
       it('does not rewrite unknown hosts', function() {
         assert.isNull(this.rsets.rewriteURI('http://unknown.com/', 'unknown.com'));
-      })
+      });
+
+      it('does not rewrite excluded URLs', function() {
+        this.rsets.addFromJson(rules_json);
+        assert.isNull(this.rsets.rewriteURI('http://freerangekitten.com/foo', 'freerangekitten.com'));
+        assert.isNull(this.rsets.rewriteURI('http://www.freerangekitten.com/bar', 'freerangekitten.com'));
+
+        let newuri = this.rsets.rewriteURI('http://freerangekitten.com/baz', 'freerangekitten.com');
+        assert.strictEqual(newuri, 'https://freerangekitten.com/baz', 'protocol changed to https');
+      });
     });
 
     describe('#potentiallyApplicableRulesets', function() {
@@ -187,17 +197,25 @@ describe('rules.js', function() {
           assert.deepEqual(res3, new Set(value), 'wildcard matches sub domains');
         });
 
-        it('matches middle wildcards', function() {
-          let target = 'sub.*.' + host;
+        it('matches right wildcards', function() {
+          const target = host + '.*';
           this.rsets.targets.set(target, value);
 
-          let res1 = this.rsets.potentiallyApplicableRulesets('sub.star.' + host);
+          const res1 = this.rsets.potentiallyApplicableRulesets(host + '.tld');
           assert.deepEqual(res1, new Set(value), 'default case');
 
-          let res2 = this.rsets.potentiallyApplicableRulesets('sub.foo.bar.' + host);
-          assert.isEmpty(res2, new Set(value), 'only matches one label');
+          const res2 = this.rsets.potentiallyApplicableRulesets(host + '.tld.com');
+          assert.isEmpty(res2, 'wildcard matches second level domains');
+        });
+
+        it('ignore middle wildcards', function() {
+          const target = 'www.*.' + host;
+          this.rsets.targets.set(target, value);
+
+          const res1 = this.rsets.potentiallyApplicableRulesets('www.cdn.' + host);
+          assert.isEmpty(res1, 'middle wildcards are matched');
         });
       });
     });
   });
-})
+});
diff --git a/chromium/test/testing_utils.js b/chromium/test/testing_utils.js
index eddfadb9ee3f..66657aa8fb93 100644
--- a/chromium/test/testing_utils.js
+++ b/chromium/test/testing_utils.js
@@ -1,9 +1,9 @@
-'use strict'
+'use strict';
 
 function Mock() {
   let out = function() {
     out.calledWith = Array.from(arguments);
-  }
+  };
   return out;
 }
 
diff --git a/chromium/test/update_test.js b/chromium/test/update_test.js
new file mode 100644
index 000000000000..33d96412168e
--- /dev/null
+++ b/chromium/test/update_test.js
@@ -0,0 +1,71 @@
+'use strict';
+
+const assert = require('chai').assert,
+  update = require('../background-scripts/update'),
+  chrome = require("sinon-chrome"),
+  util = require('../background-scripts/util'),
+  atob = require("atob"),
+  TextDecoder = require('text-encoding').TextDecoder,
+  sinon = require('sinon');
+
+const fs = require('fs'),
+  { update_channels } = require('../background-scripts/update_channels'),
+  pako = require('../external/pako-1.0.5/pako_inflate.min.js');
+
+util.setDefaultLogLevel(util.WARN);
+
+describe('update.js', function() {
+  const example_rulesets_gz = fs.readFileSync(__dirname + '/example.rulesets.gz');
+
+  describe('applyStoredRulesets', function() {
+    beforeEach(() => {
+      chrome.flush();
+      if(util.loadExtensionFile.restore) {
+        util.loadExtensionFile.restore();
+      }
+    });
+
+    it('applies compressed rulesets from chrome.storage', function(done) {
+      let apply_promises = [];
+
+      for(let update_channel of update_channels) {
+        const key = 'rulesets: ' + update_channel.name;
+        chrome.storage.local.get.withArgs(key).yields({[key]: example_rulesets_gz});
+      }
+
+      update.applyStoredRulesets({addFromJson: response => {
+        apply_promises.push(new Promise(resolve => {
+          assert.isArray(response);
+          assert.equal(response[0].name, "Example.com");
+          resolve();
+        }));
+
+
+        Promise.all(apply_promises).then(() => done());
+
+      }});
+
+    });
+
+    it('applies rulesets from local extension file', function(done) {
+      for(let update_channel of update_channels) {
+        const key = 'rulesets: ' + update_channel.name;
+        chrome.storage.local.get.withArgs(key).yields({});
+      }
+
+      const example_rulesets_byte_array = pako.inflate(atob(example_rulesets_gz));
+      const example_rulesets = new TextDecoder("utf-8").decode(example_rulesets_byte_array);
+      const example_rulesets_json = JSON.parse(example_rulesets);
+
+      sinon.stub(util, "loadExtensionFile").returns(example_rulesets_json.rulesets);
+
+      update.applyStoredRulesets({addFromJson: response => {
+        assert.isArray(response);
+        assert.equal(response[0].name, "Example.com");
+        done();
+      }});
+    });
+
+  });
+
+});
diff --git a/chromium/test/util_test.js b/chromium/test/util_test.js
new file mode 100644
index 000000000000..af43df7440d1
--- /dev/null
+++ b/chromium/test/util_test.js
@@ -0,0 +1,105 @@
+'use strict';
+
+const assert = require('chai').assert,
+  util = require('../background-scripts/util');
+
+
+describe('util.js', function() {
+  describe('nullIterable', function() {
+    it('is iterable zero times and is size 0', function() {
+      let count = 0;
+      for (let _ of util.nullIterable) { // eslint-disable-line no-unused-vars
+        count += 1;
+      }
+      assert.strictEqual(count, 0);
+      assert.strictEqual(util.nullIterable.size,  0);
+      assert.isEmpty(util.nullIterable);
+    });
+  });
+
+  describe('isValidHostname', function() {
+    it('return true for common hosts', function() {
+      assert.strictEqual(util.isValidHostname('example.com'). true);
+      assert.strictEqual(util.isValidHostname('www.example.com'). true);
+      assert.strictEqual(util.isValidHostname('www.subdomain.example.com'). true);
+    });
+
+    it('return true for wildcard hosts', function() {
+      assert.strictEqual(util.isValidHostname('example.*'). true);
+      assert.strictEqual(util.isValidHostname('example.com.*'). true);
+      assert.strictEqual(util.isValidHostname('*.example.com'). true);
+      assert.strictEqual(util.isValidHostname('*.subdomain.example.com'). true);
+    });
+
+    it('return false for ill-formed hosts', function() {
+      // construct a lengthy hostname which host.length > 255
+      let prefix = "e1234567890.";
+      let lengthyHostname = "example.com";
+
+      for (let i = 0; i < 100; ++i) {
+        lengthyHostname = (prefix + lengthyHostname);
+      }
+
+      assert.strictEqual(util.isValidHostname(null), false);
+      assert.strictEqual(util.isValidHostname(''), false);
+      assert.strictEqual(util.isValidHostname(lengthyHostname), false);
+      assert.strictEqual(util.isValidHostname('example..com'), false);
+      assert.strictEqual(util.isValidHostname('www.example..com'), false);
+    });
+  });
+
+  describe('getNormalisedHostname', function() {
+    it('preserve port numbers', function() {
+      assert.strictEqual(util.getNormalisedHostname('example.com'), 'example.com');
+      assert.strictEqual(util.getNormalisedHostname('example.com:8080'), 'example.com:8080');
+    });
+
+    it('removes tailing dots and preserve port numbers', function() {
+      assert.strictEqual(util.getNormalisedHostname('example.com.'), 'example.com');
+      assert.strictEqual(util.getNormalisedHostname('example.com.:8080'), 'example.com:8080');
+      assert.strictEqual(util.getNormalisedHostname('example.com..'), 'example.com');
+      assert.strictEqual(util.getNormalisedHostname('example.com..:8080'), 'example.com:8080');
+    });
+
+    it('preserves a single dot', function() {
+      assert.strictEqual(util.getNormalisedHostname('.'), '.');
+    });
+  });
+
+  describe('getWildcardExpressions', function() {
+    it('return empty result for ill-formed hosts', function() {
+      assert.strictEqual(util.getWildcardExpressions(null).size, 0);
+      assert.strictEqual(util.getWildcardExpressions('').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('example.com..').size, 0);
+    });
+
+    it('return empty result for wildcard hosts', function() {
+      assert.strictEqual(util.getWildcardExpressions('example.*').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('example.com.*').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('*.example.com').size, 0);
+      assert.strictEqual(util.getWildcardExpressions('*.subdomain.example.com').size, 0);
+    });
+
+    it('return list of supported wildcard expression', function() {
+      const params = {
+        'example.com': [
+          'example.*'
+        ],
+        'www.example.com': [
+          'www.example.*',
+          '*.example.com'
+        ],
+        'x.y.z.google.com': [
+          'x.y.z.google.*',
+          '*.y.z.google.com',
+          '*.z.google.com',
+          '*.google.com',
+        ]
+      };
+
+      for (const host in params) {
+        assert.deepEqual(util.getWildcardExpressions(host), params[host]);
+      }
+    });
+  });
+});
diff --git a/chromium/updates-master.xml b/chromium/updates-master.xml
deleted file mode 100644
index da7b7a5ffbfc..000000000000
--- a/chromium/updates-master.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<?xml version='1.0' encoding='UTF-8'?>
-<gupdate xmlns='http://www.google.com/update2/response' protocol='2.0'>
-  <app appid='gcbommkclmclpchllfjekcdonpmejbdp'>
-    <updatecheck codebase='https://www.eff.org/files/https-everywhere-chrome-VERSION.crx' version='VERSION' />
-  </app>
-</gupdate>
diff --git a/docs/adrs/bloom-filter-rule-signing.md b/docs/adrs/bloom-filter-rule-signing.md
new file mode 100644
index 000000000000..09b0fda6f2aa
--- /dev/null
+++ b/docs/adrs/bloom-filter-rule-signing.md
@@ -0,0 +1,28 @@
+# Bloom Filters and Async Rust for Ruleset Signing
+
+* Status: Deployed
+* Deciders: EFF (@zoracon and @hainish)
+* Deploy Date: 2021-03-03
+
+## Context and Problem Statement
+
+With larger ruleset lists to be signed on the DuckDuckGo Update channel, a better way to digest and form ruleset files were needed.
+
+## Decision Drivers
+
+* Bloom filters are able to ingest greater data sets at less memory expense
+* Rust is already incorporated in HTTPS Everywhere and is a memory safe language
+
+## Decision Outcome
+
+Created an async Rust script that ingests DuckDuckGo's Smarter Encryption list, compares to the Majestic Million list, and forms a bloom file and associated metadata.
+
+### Consequences and Concerns
+
+An accepted false positive is declared when the filter is generated.
+
+[Comment](https://github.com/EFForg/https-everywhere/pull/19910#issuecomment-771102775)
+
+## Links for Further Context
+* [Bloom Filter Script](https://github.com/EFForg/generate-smarter-encryption-bloom-filter)
+
diff --git a/docs/adrs/duckduckgo-smarter-encryption.md b/docs/adrs/duckduckgo-smarter-encryption.md
new file mode 100644
index 000000000000..a9c49824c9ae
--- /dev/null
+++ b/docs/adrs/duckduckgo-smarter-encryption.md
@@ -0,0 +1,33 @@
+# Incorporating DuckDuckGo Smarter Encryption
+
+* Status: Pending
+* Deciders: EFF (@zoracon and @hainish) and DuckDuckGo
+* Deploy Date: 2021-04-15
+
+## Context and Problem Statement
+
+With the increased HTTPS traffic, the current model of listed sites that support HTTPS is no longer a maintenance task that makes sense to uphold.
+
+## Decision Drivers
+
+* Firefox has an HTTPS-Only option
+* Browsers and websites are moving away from issues that created need for more granular ruleset maintenance.
+    * Mixed content is now blocked in major browsers
+    * Different domains for secure connection are now an older habit (i.e. secure.google.com)
+    * TLS 1.0, 1.1 deprecation 
+* Chrome’s Manifest V3 will force the extensions to have a ruleset cap. Instead of competing with other extensions like DuckDuckGo,  if the user prefers to use HTTPS Everywhere or DuckDuckGo's privacy essentials, we will provide the same coverage.
+* DuckDuckGo’s Smarter Encryption covers more domains than our current, more manual model.
+
+## Decision Outcome
+
+We chose to add the DuckDuckGo Smarter Encryption update channel, because it no longer is beneficial to diverse efforts with others with similar goals in this space.
+
+### Consequences and Concerns
+
+* We have many downstream partners supported and unofficial that rely on our current rulesets. This transition gives them time to make the needed decisions on their before we completely switch over to using DuckDuckGo's Smarter Encryption, and sunset our current rulesets in HTTPS Everywhere
+* …
+
+## Links for Further Context
+
+* https://spreadprivacy.com/duckduckgo-smarter-encryption/
+* https://www.eff.org/deeplinks/2020/11/10-years-https-everywhere
\ No newline at end of file
diff --git a/docs/en_US/development.md b/docs/en_US/development.md
index ea2cd107ea79..b6041f652a98 100644
--- a/docs/en_US/development.md
+++ b/docs/en_US/development.md
@@ -93,7 +93,8 @@ workflow down.
 
 First, tell git your name:
 
-    git config --global user.name "Your Name"   git config --global user.email "you@example.com"
+    git config --global user.name "Your Name"
+    git config --global user.email "you@example.com"
 
 Then, get a copy of the 'origin' repository:
 
diff --git a/docs/en_US/faq.md b/docs/en_US/faq.md
index e9e993b1222b..1a805b5bcf53 100644
--- a/docs/en_US/faq.md
+++ b/docs/en_US/faq.md
@@ -12,9 +12,9 @@ here](https://www.eff.org/https-everywhere/development).
     network?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
 *   [Will there be a version of HTTPS Everywhere for IE, Safari, or some other
     browser?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
-*   [Why use a whitelist of sites that support HTTPS? Why can't you try to use
+*   [Why use a allowlist of sites that support HTTPS? Why can't you try to use
     HTTPS for every last site, and only fall back to HTTP if it isn't
-    available?](#why-use-a-whitelist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+    available?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
 *   [How do I get rid of/move the HTTPS Everywhere button in the
     toolbar?](#how-do-i-get-rid-ofmove-the-https-everywhere-button-in-the-toolbar)
 *   [When does HTTPS Everywhere protect me? When does it not protect
@@ -79,7 +79,7 @@ perform secure request rewriting in these browsers, feel free to let us know at
 https-everywhere at EFF.org (but note that modifying document.location or
 window.location in JavaScript is not secure).
 
-### [Why use a whitelist of sites that support HTTPS? Why can't you try to use HTTPS for every last site, and only fall back to HTTP if it isn't available?](#why-use-a-whitelist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+### [Why use a allowlist of sites that support HTTPS? Why can't you try to use HTTPS for every last site, and only fall back to HTTP if it isn't available?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
 
 There are several problems with the idea of trying to automatically detect
 HTTPS on every site. There is no guarantee that sites are going to give the
diff --git a/docs/en_US/https-everywhere-popup-updated.png b/docs/en_US/https-everywhere-popup-updated.png
new file mode 100644
index 000000000000..02023090383a
Binary files /dev/null and b/docs/en_US/https-everywhere-popup-updated.png differ
diff --git a/docs/en_US/https-everywhere-popup.png b/docs/en_US/https-everywhere-popup.png
new file mode 100644
index 000000000000..373cba228739
Binary files /dev/null and b/docs/en_US/https-everywhere-popup.png differ
diff --git a/docs/en_US/https-updates.png b/docs/en_US/https-updates.png
new file mode 100644
index 000000000000..61b79a28a0b5
Binary files /dev/null and b/docs/en_US/https-updates.png differ
diff --git a/docs/en_US/my-lan.png b/docs/en_US/my-lan.png
new file mode 100644
index 000000000000..4442b022754f
Binary files /dev/null and b/docs/en_US/my-lan.png differ
diff --git a/docs/en_US/options.png b/docs/en_US/options.png
new file mode 100644
index 000000000000..77b8e5d5dce4
Binary files /dev/null and b/docs/en_US/options.png differ
diff --git a/docs/en_US/ruleset-update-channels.md b/docs/en_US/ruleset-update-channels.md
new file mode 100644
index 000000000000..24828ac0129d
--- /dev/null
+++ b/docs/en_US/ruleset-update-channels.md
@@ -0,0 +1,180 @@
+* [Ruleset Update Channels](#ruleset-update-channels)
+  * [Update Channel Format & Logic](#update-channel-format--logic)
+  * [Publishing Custom Update Channels](#publishing-custom-update-channels)
+    * [1. Creating an RSA key and generating a `jwk` object from it](#1-creating-an-rsa-key-and-generating-a-jwk-object-from-it)
+    * [2. Signing rulesets with this key](#2-signing-rulesets-with-this-key)
+      * [Setup](#setup)
+      * [Signing](#signing)
+    * [3. Publishing those rulesets somewhere](#3-publishing-those-rulesets-somewhere)
+    * [4. Getting users to use your update channel](#4-getting-users-to-use-your-update-channel)
+  * [Adding and Deleting Update Channels](#adding-and-deleting-update-channels)
+
+# Ruleset Update Channels
+
+Whenever you download HTTPS Everywhere, it comes with a long list of *rulesets* that are maintained by the community.  These rulesets tell HTTPS Everywhere when and how to redirect requests to the secure version of a site.  HTTPS Everywhere includes tens of thousands of these rulesets, which are public and ever-changing as we expand and improve coverage.  They are delivered to you with each new version of the extension, along with all the code that makes up the extension itself.  Between and in addition to extension updates, code within the extension fetches regular updates to the rulesets.  This ensures that you get more up-to-date coverage for sites that offer HTTPS, and you'll encounter fewer sites that break due to bugs in our list of supported sites.
+
+![](https-updates.png)
+
+We deliver these rulesets via what we call an *update channel*.  Currently, HTTPS Everywhere is delivered with a single update channel, named `EFF (Full)`.  You can see this channel when you click on the HTTPS Everywhere icon and look at the bottom of the popup:
+
+![](https-everywhere-popup.png)
+
+First, the extension version is shown (in this case 2018.8.22), and then the version of the rulesets for a given update channel is shown (in this case 2018.8.30).
+
+## Update Channel Format & Logic
+
+Update channels can be found in [`chromium/background-scripts/update_channels.js`](https://github.com/EFForg/https-everywhere/blob/master/chromium/background-scripts/update_channels.js), and consist of:
+
+1. A `name` string, which identifies it and will be displayed in the extension popup
+2. A `jwk` object, which defines the RSA public key to use when verifying downloaded rulesets
+3. A `update_path_prefix` string, which tells the extension where to look for new rulesets
+4. A `scope` string, which is used to construct a JavaScript `RegExp` object
+5. A `replaces_default_rulesets` boolean, which tells the extension whether to overwrite the rulesets bundled with the extension
+
+Every 24 hours, the extension checks the URL contained in `update_path_prefix` appended with `/latest-rulesets-timestamp` (in the case of `EFF (Full)`, `https://www.https-rulesets.org/v1//latest-rulesets-timestamp`).  If it discovers the timestamp has updated since the last time it fetched the rulesets, it will download a new ruleset, following the format `update_path_prefix` appended with `default.rulesets.XXXXXXXXXX.gz`, where `XXXXXXXXXX` is the timestamp discovered in the previous request.  At the same time, a corresponding signature for that file is downloaded, `update_path_prefix` appended with `rulesets-signature.XXXXXXXXXX.sha256`, again with the timestamp replacing the `XXXXXXXXXX`.
+
+It then attempts to verify the rulesets, which are signed with the private RSA key corresponding to the public key in the update channel's `jwk` object.  If the signature verifies, the rulesets are stored and applied to the running instance of the extension.  If it can not be verified, the rulesets are discarded and the last known good state is used.
+
+Once the rulesets are stored, they will be allowed to operate on URLs only within the `scope` of the update channel, as found above.  URLs must match the regular expression in this string in order to be redirected.  This string will be used as the first and only argument when constructing a JavaScript `RegExp` object.  If you wanted to define an update channel that only operated on URLs with the `www` subdomain, you could do so by entering the string `^https?://www\\.`, for example:
+
+```javascript
+> re = new RegExp('^https?://www\\.');
+/^https?:\/\/www\./
+> "http://www.example.com/".match(re);
+[ 'http://www.',
+  index: 0,
+  input: 'http://www.example.com/',
+  groups: undefined ]
+> "http://example.com/".match(re);
+null
+```
+
+## Publishing Custom Update Channels
+
+In addition to the rulesets contained in the EFF update channel, you may want to publish your own.  There are a few instances where this may be useful:
+
+1. You are on a corporate LAN and would rather not divulge the internal DNS records for various services by submitting rulesets to the public list
+2. You are an organization that verifies `onion` services, and would like to create vanity URLs for the `onion` services that you've verified (this will make [usability of onion URLs](https://blog.torproject.org/cooking-onions-names-your-onions) much better)
+3. You would like to implement tracker blocking within HTTPS Everywhere by forwarding a list of hosts to an unroutable address
+
+There may be additional use cases not enumerated here.  For this to be effective, an organization has to publish their own custom update channel.  This involves a few steps:
+
+1. Creating an RSA key and generating a `jwk` object from it
+2. Signing rulesets with this key
+3. Publishing those rulesets somewhere
+4. Getting users to use your update channel
+
+We will go through each of these in sequence, but first, you'll want to consider if you want your signing process airgapped or not.  Airgapped signing has the advantage of making it hard for malware to exfiltrate key material and thus forge a signed ruleset update, but it will also make it slightly more difficult to sign.  If you decide on an airgapped signing process, you may want to copy the script [`utils/sign-rulesets/async-airgap.sh`](https://github.com/EFForg/https-everywhere/blob/master/utils/sign-rulesets/async-airgap.sh) to the airgap *before* cutting off networking for the last time.  You may also want to install the `python-qr` code on this machine to easily copy the RSA public key to your development environment, once generated, as well as `qrencode` and `eog` for ease in the signing process.
+
+### 1. Creating an RSA key and generating a `jwk` object from it
+
+To create an RSA key, issue the following command (either on your development machine if you are not using an airgapped process, or the airgap if you are):
+
+    openssl genrsa -out key.pem 4092
+
+Your RSA keypair will now be stored in the file `key.pem`.  To generate a corresping public key, issue this command:
+
+    openssl rsa -in key.pem -outform PEM -pubout -out public.pem
+
+Your public key is now stored in `public.pem`.  If you are using an airgap, copy this public key (with whatever method is safest in your setup, perhaps with the `qr` command) to your development environment.
+
+At this point, you will need to generate a `jwk` object from the public key.  This can be done with the `pem-jwk` node package.  You'll have to download node.js and npm, or just issue this command in docker:
+
+    sudo docker run -it -v $(pwd):/opt --workdir /opt node bash
+
+And you will be booted into a node environment.  Next, run
+
+    npm install -g pem-jwk
+
+This will install the `pem-jwk` package globally.  You can now run
+
+    cat public.pem | pem-jwk
+
+And you should see a `jwk` object displayed.  Take note of this, you will need it later.
+
+### 2. Signing rulesets with this key
+
+#### Setup
+
+On your development machine, clone or download the HTTPS Everywhere repository.  Since it's quite large, it will suffice to do a shallow clone:
+
+    git clone --depth=1 https://github.com/EFForg/https-everywhere.git
+
+or
+
+    curl -sLO https://github.com/EFForg/https-everywhere/archive/master.zip; unzip master.zip; mv https-everywhere-master https-everywhere
+
+Next,
+
+    cd https-everywhere
+    rm rules/*.xml
+
+This will remove all the rulesets bundled with the extension itself.  All the rulesets you want to sign for your update channel must be in the `rules` directory before moving to the next step.  Generate an example ruleset or use your own ruleset:
+
+    cd rules
+    ./make-trivial-rule example.com
+    cd ..
+
+#### Signing
+
+You will need python 3.6 on your system or available via docker for the next step.
+
+    sudo docker run -it -v $(pwd):/opt --workdir /opt python:3.6 bash
+
+Next, run
+
+    python3 utils/merge-rulesets.py
+
+You should see the following output:
+
+```shell
+ * Parsing XML ruleset and constructing JSON library...
+ * Writing JSON library to src/chrome/content/rules/default.rulesets
+ * Everything is okay.
+```
+
+This prepares the file you are about to sign.  If your do not have an airgap, run the following command:
+
+    utils/sign-rulesets/standalone.sh /path/to/key.pem /some/output/path
+
+If you have an airgapped setup, run the following command on your development machine:
+
+    utils/sign-rulesets/async-request.sh /path/to/public.pem /some/output/path
+
+This will display a hash for signing, as well as a metahash.  On your airgap machine, run the `async-airgap.sh` script that you had previously copied to it:
+
+    ./async-airgap.sh /path/to/key.pem SHA256_HASH
+
+typing the hash carefully.  Check the metahash to make sure it is the same as what was displayed on your development machine.  This will output base64-encoded data as well as a QR code representing that data that you can scan, and send that data to your development machine.  Once you have that data from the QR code pasted into the development machine prompt, press Ctrl-D and you should have output indicating that your rulesets have been signed successfully.
+
+### 3. Publishing those rulesets somewhere
+
+Once you've signed the rulesets successfully, choose a public URL to make these rulesets accessible.  You may want to use a CDN if you expect a lot of traffic on this endpoint.  Your rulesets as well as their signatures are stored in `/some/output/path` you chose above, you need only to upload them to an endpoint your users can access.
+
+### 4. Getting users to use your update channel
+
+Once you've established an update channel by publishing your rulesets, you'll want to let your users know how to use them.  From step 1 above, you have a `jwk` object.  You may want to also only allow modification of certain URLs, using the `scope` field.  The `update_path_prefix` field will simply be the public URL that you chose in step 3.
+
+If your users are using a custom build of HTTPS Everywhere (such as in a corporate LAN environment), you can modify [`chromium/background-scripts/update_channels.js`](https://github.com/EFForg/https-everywhere/blob/master/chromium/background-scripts/update_channels.js) to include a new update channel in the same format as the EFF update channel.
+
+In most cases, your users will just be using a standard HTTPS Everywhere build.  In this case, they will have to add your update channel using the UX, as explained below.
+
+## Adding and Deleting Update Channels
+
+In addition to being defined in `update_channels.js`, users can add additional update channels via the extension options.
+
+In Firefox, enter `about:addons` into the URL bar, then click on `Extensions` on the left navbar, then click `Preferences` next to the HTTPS Everywhere extension.
+
+In Chrome, right-click on the HTTPS Everywhere icon and click `Options`.
+
+You will now see the HTTPS Everywhere options page.  Click `Update Channels`.
+
+You will now see a list of update channels, with `EFF (Full)` being the first.  Below, you can add a new update channel.  Once you hit `Update`, the channel will download a new ruleset release (if available) from the channel.
+
+![](options.png)
+
+If a new ruleset update is available, after a few seconds you should now see the new ruleset version in the bottom of the extension popup:
+
+![](my-lan.png)
+
+You can also delete rulesets from the extension options.  Under `Update Channels`, just click `Delete` for the channel you want to delete.  This will immediately remove the rulesets from this update channel.
diff --git a/docs/en_US/rulesets.md b/docs/en_US/rulesets.md
index cf607772cf8a..f9f71f020f34 100644
--- a/docs/en_US/rulesets.md
+++ b/docs/en_US/rulesets.md
@@ -3,14 +3,14 @@
 This page describes how to write rulesets for [HTTPS
 Everywhere](https://eff.org/https-everywhere), a browser extension that
 switches sites over from HTTP to HTTPS automatically. HTTPS Everywhere comes
-with [thousands](http://www.eff.org/https-everywhere/atlas/) of rulesets that
+with [thousands](https://atlas.eff.org/index.html) of rulesets that
 tell HTTPS Everywhere which sites it should switch to HTTPS and how. If there
 is a site that offers HTTPS and is not handled by the extension, this guide
 will explain how to add that site.
 
 #### [Rulesets](#rulesets)
 
-A `ruleset` is an [XML](http://www.xml.com/pub/a/98/10/guide0.html?page=2) file
+A `ruleset` is an [XML](https://www.xml.com/pub/a/98/10/guide0.html?page=2) file
 describing behavior for a site or group of sites. A ruleset contains one or
 more `rules`. For example, here is
 [`RabbitMQ.xml`](https://github.com/efforg/https-everywhere/blob/master/src/chrome/content/rules/RabbitMQ.xml),
@@ -18,11 +18,11 @@ from the addon distribution:
 
 ```xml
 <ruleset name="RabbitMQ">
-        <target host="rabbitmq.com" />
-        <target host="www.rabbitmq.com" />
+	<target host="rabbitmq.com" />
+	<target host="www.rabbitmq.com" />
 
-        <rule from="^http:"
-                to="https:" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
 ```
 
@@ -37,7 +37,7 @@ match that host name.
 
 HTTPS Everywhere then tries each rule in those rulesets against the full URL.
 If the [Regular
-Expression](http://www.regular-expressions.info/quickstart.html), or regexp, in
+Expression](https://www.regular-expressions.info/quickstart.html), or regexp, in
 one of those rules matches, HTTPS Everywhere [rewrites the
 URL](#rules-and-regular-expressions) according the `to` attribute of the rule.
 
@@ -58,16 +58,16 @@ separate target.
 #### [Rules and Regular Expressions](#rules-and-regular-expressions)
 
 The `rule` tags do the actual rewriting work. The `from` attribute of each rule
-is a [regular expression](http://www.regular-expressions.info/quickstart.html)
+is a [regular expression](https://www.regular-expressions.info/quickstart.html)
 matched against a full URL. You can use rules to rewrite URLs in simple or
 complicated ways. Here's a simplified (and now obsolete) example for Wikipedia:
 
 ```xml
 <ruleset name="Wikipedia">
-  <target host="*.wikipedia.org" />
+	<target host="*.wikipedia.org" />
 
-  <rule from="^http://(\w{2})\.wikipedia\.org/wiki/"
-          to="https://secure.wikimedia.org/wikipedia/$1/wiki/"/>
+	<rule from="^http://(\w{2})\.wikipedia\.org/wiki/"
+		to="https://secure.wikimedia.org/wikipedia/$1/wiki/"/>
 </ruleset>
 ```
 
@@ -84,9 +84,9 @@ between rulesets is unspecified. Only the first rule or exception matching a
 given URL is applied.
 
 Rules are evaluated using [Javascript regular
-expressions](http://www.regular-expressions.info/javascript.html), which are
+expressions](https://www.regular-expressions.info/javascript.html), which are
 similar but not identical to [Perl-style regular
-expressions.](http://www.regular-expressions.info/pcre.html) Note that if your
+expressions.](https://www.regular-expressions.info/pcre.html) Note that if your
 rules include ampersands (&amp;), they need to be appropriately XML-encoded:
 replace each occurrence of **&amp;** with **&amp;#x26;**.
 
@@ -97,7 +97,7 @@ the rule should **not** be applied. The Stack Exchange rule contains an
 exclusion for the OpenID login path, which breaks logins if it is rewritten:
 
 ```xml
-<exclusion pattern="^http://(?:\w+\.)?stack(?:exchange|overflow)\.com/users/authenticate/" />
+<exclusion pattern="^http://(\w+\.)?stack(exchange|overflow)\.com/users/authenticate/" />
 ```
 
 Exclusions are always evaluated before rules in a given ruleset. Matching any
@@ -118,7 +118,7 @@ less cumbersome.
 #### [Secure Cookies](#secure-cookies)
 
 Many HTTPS websites fail to correctly set the [secure
-flag](https://secure.wikimedia.org/wikipedia/en/wiki/HTTP_cookie#Secure_and_HttpOnly)
+flag](https://en.wikipedia.org/wiki/HTTP_cookie#Secure_and_HttpOnly)
 on authentication and/or tracking cookies. HTTPS Everywhere provides a facility
 for turning this flag on. For instance:
 
@@ -189,8 +189,8 @@ element, with a value explaining why the rule is off.
 
 ```xml
 <ruleset name="Amazon (buggy)" default_off="breaks site">
-   <target host="www.amazon.*" />
-   <target host="amazon.*" />
+	<target host="www.amazon.*" />
+	<target host="amazon.*" />
 </ruleset> 
 ```
 
@@ -200,13 +200,9 @@ file.
 #### [Mixed Content Blocking (MCB)](#mixed-content-blocking-mcb)
 
 Some rulesets may trigger active mixed content (i.e. scripts loaded over HTTP
-instead of HTTPS). This type of mixed content is blocked in both
-[Chrome](https://trac.torproject.org/projects/tor/ticket/6975) and Firefox,
+instead of HTTPS). This type of mixed content is blocked in most major browsers,
 before HTTPS Everywhere has a chance to rewrite the URLs to an HTTPS version.
-This generally breaks the site. However, the Tor Browser doesn&apos;t block
-mixed content, in order to allow HTTPS Everywhere to try and rewrite the URLs
-to an HTTPS version.
-
-To enable a rule only on platforms that allow mixed content (currently only the
-Tor Browser), you can add a `platform="mixedcontent"` attribute to the ruleset
-element.
+This generally breaks the site. Depending on their configuration and threat
+model, some users might however decide to enable these rulesets via a global
+option in HTTPS Everywhere. To that effect, such rulesets are identified with 
+the specific `platform="mixedcontent"` attribute to the ruleset element.
diff --git a/docs/es/faq.md b/docs/es/faq.md
index c3074a1dd629..bdd7547fc376 100644
--- a/docs/es/faq.md
+++ b/docs/es/faq.md
@@ -12,10 +12,10 @@ recursos [enumerados aquí](https://www.eff.org/https-everywhere/development).
     inalámbrica?](#why-is-https-everywhere-preventing-me-from-joining-this-hotelschoolother-wireless-network)
 *   [¿Habrá una versión de HTTPS Everywhere para IE, Safari o algún otro
     navegador?](#will-there-be-a-version-of-https-everywhere-for-ie-safari-or-some-other-browser)
-*   [¿Por qué utilizar una lista blanca de sitios que admiten HTTPS? ¿Por qué
+*   [¿Por qué utilizar una lista de sitios aprobados que admiten HTTPS? ¿Por qué
     no pueden intentar utilizar HTTPS para cada sitio, y sólo volver a HTTP si
     no está
-    disponible?](#why-use-a-whitelist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+    disponible?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
 *   [¿Cómo puedo eliminar o mover el botón HTTPS Everywhere de la barra de
     herramientas?](#how-do-i-get-rid-ofmove-the-https-everywhere-button-in-the-toolbar)
 *   [¿Cuándo me protege HTTPS Everywhere? ¿Cuándo no me
@@ -82,7 +82,7 @@ estos navegadores, no dude en hacérnoslo saber en https-everywhere en EFF.org
 (pero tenga en cuenta que modificar document.location o window.location en
 JavaScript no es seguro).
 
-### [¿Por qué utilizar una lista blanca de sitios que admiten HTTPS? ¿Por qué no pueden intentar utilizar HTTPS para cada sitio, y sólo volver a HTTP si no está disponible?](#why-use-a-whitelist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
+### [¿Por qué utilizar una lista de sitios aprobados que admiten HTTPS? ¿Por qué no pueden intentar utilizar HTTPS para cada sitio, y sólo volver a HTTP si no está disponible?](#why-use-a-allowlist-of-sites-that-support-https-why-cant-you-try-to-use-https-for-every-last-site-and-only-fall-back-to-http-if-it-isnt-available)
 
 Hay varios problemas con la idea de tratar de detectar automáticamente HTTPS en
 cada sitio. No hay ninguna garantía de que los sitios van a dar la misma
diff --git a/dummy-chromium.pem b/dummy-chromium.pem
index 00a62898fc11..b6bb2a5ed409 100644
--- a/dummy-chromium.pem
+++ b/dummy-chromium.pem
@@ -1,27 +1,13 @@
------BEGIN RSA PRIVATE KEY-----
-MIIEogIBAAKCAQEAt4ew59KRXh6f9/sk4gbt5LqO5+yOGwEw6kwZxZl66BdZZyg5
-lFIt7je6s/OmEPpq4pHZ7cROfckYnOacFHYng68ZvYY2/0l7iBY1CjKMwe9TFoYv
-uqG6dCC2h4sbzikTO2dvarxptnSVm5Zbuw6mQTmCRKUzcey/njPq49nu0RcKvm+c
-NVRZCLofKHrioQcVt+9ig9I390Z9sF7l1uNy7IVdRw4B8KMJT22ghEGusYmFioHR
-jzVpTSetxcEfznJVzZWLfKqU45CY+ggDy2MhNVRFvTlFkENJoOtKRj/Xp6/0FqY4
-FqhglMdQI6cmhQibmQdzv9Q39P3lGRU3AEVJawIDAQABAoIBADEk75UUCIMIdlOD
-95tiuZ8O6adm66KFjiCfIiOMdqHhZro9xjVWUCBC4ga/zo8rTyW+YnnNoCsEh0e0
-ZMUB4pDbeWwLnXx8o8yMDcXeRVzFBh247tzt46ym+dmPwXFSBGlayDXvn+sQiuMv
-vv527MP4b06MYhs2hxUI1/QNbmqkaZNlJVaXlVjdNGjbdsEy8rVQIxdKkEG0qVKN
-4wH7aVmRTAYDJedDc+8eePviCYfthr1/1qX7Wj/sY+rKQFoxwTRhTs2hRwV0U0Wl
-1Gmk2Gz07l1M2mY+cImowOPYZT1jwiFSwoOczJNEmupH/F1VLomH12bkcb2l2lwi
-Ne1JubECgYEA5zYUfdm1/5SBnAmONcReos6w3CjzxlD7dcaFx1XIaGSfGU+H7MO7
-tdQfMVsAq+6SoO+DRBDS3Dn/2/imFxQ+2dYpuJvbQOzNKLqLU9M7LF8kBJFxP35C
-8GVhe6l+c8Csl4nK/bllzLsxtCatzL+cs7TNCvZUeQD6G86PoM1zH8MCgYEAyzTu
-y0UgG67a+MFcVdngRwcFIX06YeQSxAEkRFULaa/Yh6KEwaeYhTPv8rGIPJLAS8T7
-5UVJ4T3yVCPQBZ0Y11tLvh7onRTeEKevihBEDSSIsf020mYwgX5F3TD6JlwjVIpV
-k96AtDRcd27Y5eznCu94QyPbjUQbegWHNH9LfTkCgYBvIHwK3PfvpmYBJEqYpxBB
-OgyhVIGOQOALhGZKH33aRvp9BM+0yYLP6usvIqkY+eq5tUSnE1r1hF7oUAMsNova
-0WduFmL0OpyExdwvZuga9INwOqNuu/Xaay/GavmfEu0hTJYnCtPV6ecCylBgh3v+
-l5ixeyGwovqTIN3BkN2TVwKBgDighJcCqWLthDnj8G5AK/6/Fw/xDM7wtsYGJ2wf
-YvHNvgJ2KJaqtJcSFSDFlliC8LFssGGAwIjTMW9/F14pHB4PY/kUNfBoO0Xa5NEN
-nVkoQCuRi7BwJ74+SQvNtTfxXysU7aoqTCVrngTuT+Uq8muatiHHoUwpmZqUZcwc
-WRYJAoGACI3XKiDqhbVoDOvyTkDP1Fo651OH6z/6XTBEYB4ICoY7O2kL4BUwnUkh
-uzDVkAi5XrztUKZPE/HISTgq09umkrw4taFAXs3cBbLSns0C32SggNZGUCSfFScx
-hys49ypF5iddhaMBD5WtUMhrWTc1rUUQGaOlQ10xmAy1yCA2VK0=
------END RSA PRIVATE KEY-----
+-----BEGIN PRIVATE KEY-----
+MIIB5gIBADANBgkqhkiG9w0BAQEFAASCAdAwggHMAgEAAmEA3BZGOZsEWGEc82Yz
+Ddrey4Vp8dV4AQZPu2tM32Z6ZEx2538G3bWu5g0OPzX8Oqvzqr8ZRIvxcBbL3kgZ
+5wnhjVRTlWy0jxZDHCvVsATzhbhAt505zljHaRS1PrCYfV/nAgMBAAECYCQpRMCS
+R9R9oFQdpqXQIGswMIgbmuwQLWmN58ONAu8X4TGIHYiwIVyLKJwaMqcxOTn753Us
+7vFbGwoMnO3Krzh1Xn9z6uKnB7dDotgc9ZIQ5Ja8ExjJhl5iBMSWePYWAQIxAPRo
+yZ+JdWu+/y+/F6KsiCDx8EmdV8Dd09BogXH31S2VtSUEfZd/UDUPgbRgo+c9dwIx
+AOaGNJyJbHY4UCxC2hRBRZGNlic8SaFKEQAtN28gMWMDMgAh0ik8YtrPffBed+bN
+EQIxAOwTAx0MItTt6YLu6x9/0wUva89PIWHzYhKdvtqcbdbYEd4tljntCUYXMktO
+RUKoRQIxAL/3PHKqoc6kwGbLWO2LGVLHNCYCN1J/6j5aaRI6HcZVD9s6TteV+MA8
+D6UOFgz18QIxAJKXHDXXF+LXGsOwRMcp8nqg9Ri9daWW74JWyozFRqIsRhnhDhw9
+8f4cUAPw7BquBw==
+-----END PRIVATE KEY-----
diff --git a/hooks/precommit b/hooks/precommit
index b57ed3bcbc0f..04c65b738ac5 100755
--- a/hooks/precommit
+++ b/hooks/precommit
@@ -39,7 +39,7 @@ if [ "$CHANGED_RULESETS" ]; then
             continue
         fi
 
-        python3.6 test/validations/special/run.py --quiet $FILE
+        python3 test/validations/special/run.py --quiet $FILE
         RESULT=$?
 
         if [ $RESULT -ne 0 ]; then
diff --git a/install-dev-dependencies.sh b/install-dev-dependencies.sh
index 03f85b7dd6f9..9259d02b8676 100755
--- a/install-dev-dependencies.sh
+++ b/install-dev-dependencies.sh
@@ -9,7 +9,7 @@ if [ "$1" != "--no-prompt" ]; then
   echo "may alter your system, installing requirements both within the package"
   echo "management system and also external binaries."
   echo
-  echo -n "Are you sure you want to continue? [Y/n]: "
+  echo -n "Are you sure you want to continue? [y/N]: "
   read CONTINUE
   CONTINUE=`echo $CONTINUE | xargs | head -c 1 | awk '{print tolower($0)}'`
   if [ "$CONTINUE" != "y" ]; then
@@ -22,48 +22,57 @@ if [ $UID != 0 ]; then
   SUDO_SHIM=sudo
 fi
 
-if type apt-get >/dev/null ; then
+if [ "`uname -m`" == "x86_64" ]; then
+  ARCH=64
+else
+  ARCH=32
+fi
+
+# debian based installation
+if type apt-get>/dev/null 2>&1;  then
   $SUDO_SHIM apt-get update
   $SUDO_SHIM apt-get install -y lsb-release
   BROWSERS="firefox chromium-browser"
   CHROMEDRIVER="chromium-chromedriver"
   if [[ "$(lsb_release -is)" == "Debian" ]]; then
-    # Iceweasel is the rebranded Firefox that Debian ships, and Chromium
-    # takes the name of 'chromium' instead of 'chromium-browser' in
+    # Chromium takes the name of 'chromium' instead of 'chromium-browser' in
     # Debian 7 (wheezy) and later.
-    BROWSERS="iceweasel chromium"
-    CHROMEDRIVER="chromedriver"
+    BROWSERS="firefox-esr chromium"
+    CHROMEDRIVER="chromium-driver"
   fi
   $SUDO_SHIM apt-get install -y libxml2-dev libxml2-utils libxslt1-dev \
-    python3.6-dev $BROWSERS zip sqlite3 python3-pip libcurl4-openssl-dev xvfb \
+    python3-dev $BROWSERS zip sqlite3 python3-pip libcurl4-openssl-dev xvfb \
+    nodejs \
+    npm \
     libssl-dev git curl $CHROMEDRIVER
-  if ! type geckodriver >/dev/null; then
-    curl -LO "https://github.com/mozilla/geckodriver/releases/download/v0.17.0/geckodriver-v0.17.0-linux64.tar.gz"
-    tar -zxvf "geckodriver-v0.17.0-linux64.tar.gz"
-    rm -f "geckodriver-v0.17.0-linux64.tar.gz"
+  if ! type geckodriver >/dev/null 2>&1;  then
+    curl -LO "https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-linux$ARCH.tar.gz"
+    tar -zxvf "geckodriver-v0.24.0-linux$ARCH.tar.gz"
+    rm -f "geckodriver-v0.24.0-linux$ARCH.tar.gz"
     $SUDO_SHIM mv geckodriver /usr/bin/geckodriver
     $SUDO_SHIM chown root /usr/bin/geckodriver
     $SUDO_SHIM chmod 755 /usr/bin/geckodriver
   fi
-  if [ ! -f /usr/lib/chromium/chromedriver ] && [ -f `which chromedriver` ]; then
-    ln -s `which chromedriver` /usr/lib/chromium/chromedriver
+  if [ ! -f /usr/lib/chromium-browser/chromedriver ] && [ -f `which chromedriver` ]; then
+    $SUDO_SHIM ln -s `which chromedriver` /usr/lib/chromium-browser/chromedriver
   fi
-elif type brew >/dev/null ; then
+
+# macOS installation
+elif type brew >/dev/null 2>&1; then
   brew list python &>/dev/null || brew install python
-  brew install libxml2 gnu-sed chromedriver
+  brew cask install chromedriver
+  brew install libxml2 gnu-sed
+  brew install node
   if ! echo $PATH | grep -ql /usr/local/bin ; then
     echo '/usr/local/bin not found in $PATH, please add it.'
   fi
-elif type dnf >/dev/null ; then
+
+# distros that use rpm (Fedora, Suse, CentOS) installation
+elif type dnf >/dev/null 2>&1; then
   $SUDO_SHIM dnf install -y firefox gcc git libcurl-devel libxml2-devel \
-    libxslt-devel python-devel redhat-rpm-config xorg-x11-server-Xvfb which \
+    libxslt-devel python3-devel redhat-rpm-config xorg-x11-server-Xvfb which \
     findutils procps openssl openssl-devel chromium GConf2
   if ! type chromedriver >/dev/null; then
-    if [ "`uname -m`" == "x86_64" ]; then
-      ARCH=64
-    else
-      ARCH=32
-    fi
     curl -O "https://chromedriver.storage.googleapis.com/2.23/chromedriver_linux$ARCH.zip"
     unzip "chromedriver_linux$ARCH.zip"
     rm -f "chromedriver_linux$ARCH.zip"
@@ -71,20 +80,31 @@ elif type dnf >/dev/null ; then
     $SUDO_SHIM chown root /usr/bin/chromedriver
     $SUDO_SHIM chmod 755 /usr/bin/chromedriver
   fi
-  if ! type geckodriver >/dev/null; then
-    curl -LO "https://github.com/mozilla/geckodriver/releases/download/v0.17.0/geckodriver-v0.17.0-macos.tar.gz"
-    tar -zxvf "geckodriver-v0.17.0-macos.tar.gz"
-    rm -f "geckodriver-v0.17.0-macos.tar.gz"
+  if ! type geckodriver >/dev/null 2>&1;  then
+    curl -LO "https://github.com/mozilla/geckodriver/releases/download/v0.24.0/geckodriver-v0.24.0-macos.tar.gz"
+    tar -zxvf "geckodriver-v0.24.0-macos.tar.gz"
+    rm -f "geckodriver-v0.24.0-macos.tar.gz"
     $SUDO_SHIM mv geckodriver /usr/bin/geckodriver
     $SUDO_SHIM chown root /usr/bin/geckodriver
     $SUDO_SHIM chmod 755 /usr/bin/geckodriver
   fi
+
   # This is needed for Firefox on some systems. See here for more information:
   # https://github.com/EFForg/https-everywhere/pull/5584#issuecomment-238655443
   if [ ! -f /var/lib/dbus/machine-id ]; then
     $SUDO_SHIM sh -c 'dbus-uuidgen > /var/lib/dbus/machine-id'
   fi
   export PYCURL_SSL_LIBRARY=openssl
+
+  #Node
+  curl -sL https://rpm.nodesource.com/setup_12.x | $SUDO_SHIM bash -
+  $SUDO_SHIM yum install -y nodejs
+  $SUDO_SHIM yum install gcc-c++ make
+else
+    echo \
+    "Your distro isn't supported by this script yet!"\
+    "Please install dependencies manually."
+    exit
 fi
 
 # Get the addon SDK submodule and rule checker
@@ -92,7 +112,7 @@ git submodule init
 git submodule update
 
 # Install Python packages
-pip3 install --user --no-allow-insecure --no-allow-external -r requirements.txt
+pip3 install --user -r requirements.txt
 cd test/rules
 pip3 install --user -r requirements.txt
 cd -
@@ -100,5 +120,8 @@ cd test/chromium
 pip3 install --user -r requirements.txt
 cd -
 
+# Install Node Package for CRX Verification
+$SUDO_SHIM npm -g i crx3-utils
+
 # Install git hook to run tests before pushing.
 ln -sf ../../test.sh .git/hooks/pre-push
diff --git a/lib-wasm b/lib-wasm
new file mode 160000
index 000000000000..dfad18667846
--- /dev/null
+++ b/lib-wasm
@@ -0,0 +1 @@
+Subproject commit dfad186678467a3f78e0d6a61400ed2f9c5d663d
diff --git a/make.sh b/make.sh
index df63f752201c..415b80090c4a 100755
--- a/make.sh
+++ b/make.sh
@@ -19,9 +19,63 @@
 # but these .crx files won't detect and upgrade to official HTTPS Everywhere
 # releases signed by EFF :/.  We should find a more elegant arrangement.
 
+! getopt --test > /dev/null
+if [[ ${PIPESTATUS[0]} -ne 4 ]]; then
+  echo 'I’m sorry, `getopt --test` failed in this environment.'
+  exit 1
+fi
+
+OPTIONS=eck:
+LONGOPTS=remove-extension-update,remove-update-channels,key:
+! PARSED=$(getopt --options=$OPTIONS --longoptions=$LONGOPTS --name "$0" -- "$@")
+if [[ ${PIPESTATUS[0]} -ne 0 ]]; then
+  # e.g. return value is 1
+  #  then getopt has complained about wrong arguments to stdout
+  exit 2
+fi
+
+# read getopt’s output this way to handle the quoting right:
+eval set -- "$PARSED"
+
+REMOVE_EXTENSION_UPDATE=false
+REMOVE_UPDATE_CHANNELS=false
+KEY=$(pwd)/dummy-chromium.pem
+while true; do
+  case "$1" in
+    -e|--remove-extension-update)
+      REMOVE_EXTENSION_UPDATE=true
+      shift
+      ;;
+    -c|--remove-update-channels)
+      REMOVE_UPDATE_CHANNELS=true
+      shift
+      ;;
+    -k|--key)
+      KEY="$2"
+      shift 2
+      ;;
+    --)
+      shift
+      break
+      ;;
+    *)
+      echo "Programming error"
+      exit 3
+      ;;
+  esac
+done
+
+if [ "${KEY:0:1}" != "/" ]; then
+  echo "Key must be specified as an absolute path."
+  exit 4
+fi
+
+
+
+
 cd $(dirname $0)
 
-if [ -n "$1" -a "$1" != "--remove-update-channel" ]; then
+if [ -n "$1" ]; then
   BRANCH=`git branch | head -n 1 | cut -d \  -f 2-`
   SUBDIR=checkout
   [ -d $SUBDIR ] || mkdir $SUBDIR
@@ -31,116 +85,111 @@ if [ -n "$1" -a "$1" != "--remove-update-channel" ]; then
   git submodule update --recursive -f
 fi
 
-VERSION=`python3.6 -c "import json ; print(json.loads(open('chromium/manifest.json').read())['version'])"`
+VERSION=`python3 -c "import json ; print(json.loads(open('chromium/manifest.json').read())['version'])"`
 
 echo "Building version" $VERSION
 
 [ -d pkg ] || mkdir -p pkg
-[ -e pkg/crx ] && rm -rf pkg/crx
+[ -e pkg/crx-cws ] && rm -rf pkg/crx-cws
+[ -e pkg/crx-eff ] && rm -rf pkg/crx-eff
 [ -e pkg/xpi-amo ] && rm -rf pkg/xpi-amo
 [ -e pkg/xpi-eff ] && rm -rf pkg/xpi-eff
 
 # Clean up obsolete ruleset databases, just in case they still exist.
 rm -f src/chrome/content/rules/default.rulesets src/defaults/rulesets.sqlite
 
-sed -e "s/VERSION/$VERSION/g" chromium/updates-master.xml > chromium/updates.xml
-
-mkdir -p pkg/crx/rules
-cd pkg/crx
+mkdir -p pkg/crx-cws/rules
+cd pkg/crx-cws
 cp -a ../../chromium/* ./
 # Turn the Firefox translations into the appropriate Chrome format:
 rm -rf _locales/
 mkdir _locales/
-python3.6 ../../utils/chromium-translations.py ../../translations/ _locales/
-python3.6 ../../utils/chromium-translations.py ../../src/chrome/locale/ _locales/
+python3 ../../utils/chromium-translations.py ../../translations/ _locales/
+python3 ../../utils/chromium-translations.py ../../src/chrome/locale/ _locales/
 do_not_ship="*.py *.xml"
 rm -f $do_not_ship
+
+mkdir wasm
+cp ../../lib-wasm/pkg/*.wasm wasm
+cp ../../lib-wasm/pkg/*.js wasm
+
 cd ../..
 
-python3.6 ./utils/merge-rulesets.py || exit 1
+python3 ./utils/merge-rulesets.py || exit 5
+
+cp src/chrome/content/rules/default.rulesets pkg/crx-cws/rules/default.rulesets
 
-cp src/chrome/content/rules/default.rulesets pkg/crx/rules/default.rulesets
+sed -i -e "s/VERSION/$VERSION/g" pkg/crx-cws/manifest.json
 
-sed -i -e "s/VERSION/$VERSION/g" pkg/crx/manifest.json
+for x in `cat .build_exclusions`; do
+  rm -rf pkg/crx-cws/$x
+done
 
-cp -a pkg/crx pkg/xpi-amo
-cp -a pkg/crx pkg/xpi-eff
+cp -a pkg/crx-cws pkg/crx-eff
+cp -a pkg/crx-cws pkg/xpi-amo
+cp -a pkg/crx-cws pkg/xpi-eff
 cp -a src/META-INF pkg/xpi-amo
 cp -a src/META-INF pkg/xpi-eff
 
+
 # Remove the 'applications' manifest key from the crx version of the extension, change the 'author' string to a hash, and add the "update_url" manifest key
 # "update_url" needs to be present to avoid problems reported in https://bugs.chromium.org/p/chromium/issues/detail?id=805755
-python3.6 -c "import json; m=json.loads(open('pkg/crx/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; m['update_url'] = 'https://clients2.google.com/service/update2/crx'; open('pkg/crx/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+python3 -c "import json; m=json.loads(open('pkg/crx-cws/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; m['update_url'] = 'https://clients2.google.com/service/update2/crx'; open('pkg/crx-cws/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+python3 -c "import json; m=json.loads(open('pkg/crx-eff/manifest.json').read()); m['author']={'email': 'eff.software.projects@gmail.com'}; del m['applications']; open('pkg/crx-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
 # Remove the 'update_url' manifest key from the xpi version of the extension delivered to AMO
-python3.6 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); del m['applications']['gecko']['update_url']; m['applications']['gecko']['id'] = 'https-everywhere@eff.org'; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+python3 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); del m['applications']['gecko']['update_url']; m['applications']['gecko']['id'] = 'https-everywhere@eff.org'; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+
+# Remove the incognito key in AMO packages: #16394
+python3 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); del m['incognito']; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+python3 -c "import json; m=json.loads(open('pkg/xpi-eff/manifest.json').read()); del m['incognito']; open('pkg/xpi-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+
+# If the --remove-extension-update flag is set, ensure the extension is unable to update
+if $REMOVE_EXTENSION_UPDATE; then
+  echo "Flag --remove-extension-update specified.  Removing the XPI extensions' ability to update."
+  python3 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); m['applications']['gecko']['update_url'] = 'https://127.0.0.1'; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+  python3 -c "import json; m=json.loads(open('pkg/xpi-eff/manifest.json').read()); m['applications']['gecko']['update_url'] = 'https://127.0.0.1'; open('pkg/xpi-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+fi
 
-# If the --remove-update-channel flag is set, ensure the extension is unable to update
-if [ "$1" == "--remove-update-channel" -o "$2" == "--remove-update-channel" ]; then
-  echo "Flag --remove-update-channel specified.  Removing the XPI extensions' ability to update."
-  python3.6 -c "import json; m=json.loads(open('pkg/xpi-amo/manifest.json').read()); m['applications']['gecko']['update_url'] = 'data:text/plain,'; open('pkg/xpi-amo/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
-  python3.6 -c "import json; m=json.loads(open('pkg/xpi-eff/manifest.json').read()); m['applications']['gecko']['update_url'] = 'data:text/plain,'; open('pkg/xpi-eff/manifest.json','w').write(json.dumps(m,indent=4,sort_keys=True))"
+# If the --remove-update-channels flag is set, remove all out-of-band update channels
+if $REMOVE_UPDATE_CHANNELS; then
+  echo "Flag --remove-update-channels specified.  Removing all out-of-band update channels."
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/crx-cws/background-scripts/update_channels.js
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/crx-eff/background-scripts/update_channels.js
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/xpi-amo/background-scripts/update_channels.js
+  echo "require.scopes.update_channels.update_channels = [];" >> pkg/xpi-eff/background-scripts/update_channels.js
 fi
 
 if [ -n "$BRANCH" ] ; then
-  crx="pkg/https-everywhere-$VERSION.crx"
+  crx_cws="pkg/https-everywhere-$VERSION-cws.crx"
+  crx_eff="pkg/https-everywhere-$VERSION-eff.crx"
   xpi_amo="pkg/https-everywhere-$VERSION-amo.xpi"
   xpi_eff="pkg/https-everywhere-$VERSION-eff.xpi"
-  key=../dummy-chromium.pem
+
 else
-  crx="pkg/https-everywhere-$VERSION~pre.crx"
+  crx_cws="pkg/https-everywhere-$VERSION~pre-cws.crx"
+  crx_eff="pkg/https-everywhere-$VERSION~pre-eff.crx"
   xpi_amo="pkg/https-everywhere-$VERSION~pre-amo.xpi"
   xpi_eff="pkg/https-everywhere-$VERSION~pre-eff.xpi"
-  key=dummy-chromium.pem
 fi
-if ! [ -f "$key" ] ; then
+if ! [ -f "$KEY" ] ; then
   echo "Making a dummy signing key for local build purposes"
-  openssl genrsa 2048 > "$key"
+  openssl genrsa -out /tmp/dummy-chromium.pem 768
+  openssl pkcs8 -topk8 -nocrypt -in /tmp/dummy-chromium.pem -out $KEY
 fi
 
 
-## Based on https://code.google.com/chrome/extensions/crx.html
-
-dir=pkg/crx
-name=pkg/crx
-pub="$name.pub"
-sig="$name.sig"
-zip="$name.zip"
-trap 'rm -f "$pub" "$sig" "$zip"' EXIT
-
-# zip up the crx dir
-cwd=$(pwd -P)
-(cd "$dir" && ../../utils/create_zip.py -n "$cwd/$zip" -x "../../.build_exclusions" .)
-echo >&2 "CWS crx package has sha1sum: `sha1sum "$cwd/$zip"`"
-
-# signature
-openssl sha1 -sha1 -binary -sign "$key" < "$zip" > "$sig"
-
-# public key
-openssl rsa -pubout -outform DER < "$key" > "$pub" 2>/dev/null
+# now pack the crx'es
+BROWSER="chromium-browser"
+which $BROWSER || BROWSER="chromium"
 
-byte_swap () {
-  # Take "abcdefgh" and return it as "ghefcdab"
-  echo "${1:6:2}${1:4:2}${1:2:2}${1:0:2}"
-}
-
-crmagic_hex="4372 3234" # Cr24
-version_hex="0200 0000" # 2
-pub_len_hex=$(byte_swap $(printf '%08x\n' $(ls -l "$pub" | awk '{print $5}')))
-sig_len_hex=$(byte_swap $(printf '%08x\n' $(ls -l "$sig" | awk '{print $5}')))
-
-# Case-insensitive matching is a GNU extension unavailable when using BSD sed.
-if [[ "$(sed --version 2>&1)" =~ "GNU" ]]; then
-  sed="sed"
-elif [[ "$(gsed --version 2>&1)" =~ "GNU" ]]; then
-  sed="gsed"
-fi
-
-(
-  echo "$crmagic_hex $version_hex $pub_len_hex $sig_len_hex" | $sed -e 's/\s//g' -e 's/\([0-9A-F]\{2\}\)/\\\\\\x\1/gI' | xargs printf
-  cat "$pub" "$sig" "$zip"
-) > "$crx"
+$BROWSER --no-message-box --pack-extension="pkg/crx-cws" --pack-extension-key="$KEY" 2> /dev/null
+$BROWSER --no-message-box --pack-extension="pkg/crx-eff" --pack-extension-key="$KEY" 2> /dev/null
 
+mv pkg/crx-cws.crx $crx_cws
+mv pkg/crx-eff.crx $crx_eff
 
+echo >&2 "CWS crx package has sha256sum: `openssl dgst -sha256 -binary "$crx_cws" | xxd -p`"
+echo >&2 "EFF crx package has sha256sum: `openssl dgst -sha256 -binary "$crx_eff" | xxd -p`"
 
 # now zip up the xpi AMO dir
 name=pkg/xpi-amo
@@ -149,12 +198,10 @@ zip="$name.zip"
 
 cwd=$(pwd -P)
 (cd "$dir" && ../../utils/create_zip.py -n "$cwd/$zip" -x "../../.build_exclusions" .)
-echo >&2 "AMO xpi package has sha1sum: `sha1sum "$cwd/$zip"`"
+echo >&2 "AMO xpi package has sha256sum: `openssl dgst -sha256 -binary "$cwd/$zip" | xxd -p`"
 
 cp $zip $xpi_amo
 
-
-
 # now zip up the xpi EFF dir
 name=pkg/xpi-eff
 dir=pkg/xpi-eff
@@ -162,12 +209,10 @@ zip="$name.zip"
 
 cwd=$(pwd -P)
 (cd "$dir" && ../../utils/create_zip.py -n "$cwd/$zip" -x "../../.build_exclusions" .)
-echo >&2 "EFF xpi package has sha1sum: `sha1sum "$cwd/$zip"`"
+echo >&2 "EFF xpi package has sha256sum: `openssl dgst -sha256 -binary "$cwd/$zip" | xxd -p`"
 
 cp $zip $xpi_eff
 
-
-
 bash utils/android-push.sh "$xpi_eff"
 
 echo >&2 "Total included rules: `find src/chrome/content/rules -name "*.xml" | wc -l`"
@@ -177,11 +222,13 @@ echo >&2 "Rules disabled by default: `find src/chrome/content/rules -name "*.xml
 # see test/selenium/shim.py
 echo "Created $xpi_amo"
 echo "Created $xpi_eff"
-echo "Created $crx"
+echo "Created $crx_cws"
+echo "Created $crx_eff"
 
 if [ -n "$BRANCH" ]; then
   cd ..
-  cp $SUBDIR/$crx pkg
+  cp $SUBDIR/$crx_cws pkg
+  cp $SUBDIR/$crx_eff pkg
   cp $SUBDIR/$xpi_amo pkg
   cp $SUBDIR/$xpi_eff pkg
   rm -rf $SUBDIR
diff --git a/src/Changelog b/src/Changelog
index 568d13b2c981..db2f228f30d0 100644
--- a/src/Changelog
+++ b/src/Changelog
@@ -1,3 +1,165 @@
+2022.5.24
+* Improved EASE mode prompt
+* Add background tab on install or update to educate users on HTTPS only mode features in their browsers
+* Updated dependencies
+
+2021.7.13
+* Amend Incognito Key for Chrome and Firefox #20092
+* Fix unexpected arithmetic operations on strings #20043
+* Remove Top Alexa Labeller #20083
+* Update deprecated log function #20101
+* Patch Chrome Test Failure #20102
+
+2021.4.15
+* Add DuckDuckGo Smarter Encryption update channel
+* Bloom filter for rulesets
+* Firefox Fenix option page updates for Android users
+* Move to Python 3 from Python 3.6
+* Fix undefined type access
+* Fix empty default types
+
+2021.1.27
+* EASE Mode UI Changes
+* NPM Dependency updates
+* Geckodriver pull update
+* Chromedriver pull update
+* Integrate CSS Grid for Options Page and EASE UI
+* Put Options in new tab
+
+2020.11.17
+* Copy URL in EASE interstitial
+* Dependapot NPM updates
+* CRX distribution scripts for transparency for Edge and Opera
+* Port inclusion on allowlist for EASE
+* UI change to reflect a global setting
+
+2020.8.13
+* Fix port based whitelsiting issue #19291
+* Update documentation
+* Update dependencies (NPM and Chromedriver)
+* Minor code fixes in JS
+
+2020.5.19
+* Reverting Onboarding page for the time being
+* Patch for whitelisting rules and EASE mode issue
+* Double rule load patch in update channels
+* Fix minor JS and UX issues
+
+2020.3.16
+* EASE HTTP Once CSS fix
+* Allow users to whitelist hosts from the option page
+* EASE mode fixes for locale issue
+* Fetch Test Prep, TLS 1.2 update
+* Fetch Test Prep, Updated check rules script
+* Fix options page appearance on Firefox when dark mode is on
+* Dark mode adjustments
+
+2019.11.7
+* EASE HTTP Once Exception
+* Add Private network IPs to exclusion for HTTPSE
+* Revert icons back to previous state
+* Optimizations to url handling and hsts prune
+
+2019.6.27
+  * Making stylistic changes for mobile friendliness in Fennec
+  * Inclusion and use of the lib-wasm submodule, lowering memory overhead
+  * Refactor secure cookie logic
+  * Code cleanup
+  * Bundled ruleset updates
+
+2019.6.4
+  * Fix bug where link HTML is replaced in cancel page, instead of text
+  * Bundled ruleset updates
+
+2019.5.13
+  * UI nd functionality patches for stable rules
+  * Translations string fixes
+  * Minor npm updates for HSTS pruning
+
+2019.5.6
+  * UI tweaks for spacing and font sizes
+  * Fix reload bug
+  * Patch for offline release channel
+
+2019.5.2
+  * UI changes in extension menu (#17854)
+  * EASE interstitial UI tweaks (#17347)
+  * Remove support for wildcard in the middle (#12319)
+  * Update default timestamp for deterministic builds (#17623)
+  * Refactor and enhance trivialize-cookie-rules.js (#17438)
+  * Run HSTS-prune and fix impacted rulesets (#17338)
+  * Update HSTS preload max age (#17564)
+  * Fix DeprecationWarning in HTTPS Everywhere Checker (#17596 )
+  * Fix Chromium local store exception (#17557)
+  * Remove middle wildcard support in rules.js (#17715)
+
+
+2019.1.31
+   * Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
+   * EASE mode patches for interstitial page and reload to trigger for EASE mode
+   * ES Lint clean up
+   * Disable test for Chrome (will work in patch while disabled)
+   * Deprecate I.P.s in rulesets (Special case for DNS I.P.s)
+
+2019.1.7
+  * Change "Block all unencrypted requests" language to "Encrypt all sites eligible"
+  * Amend check_rules.py fetch test to disable rules only if all rules are problematic,
+    and comment rules out if other rules are functional in the set
+  * HSTS Prune and updates
+  * Bundled ruleset updates
+
+2018.10.31
+  * Add additional error code for 'Block all unencrypted requests' interstitial
+    page.
+  * Fix race condition when adding update channel
+  * Add UX to remove user rules in options page
+  * Bundled ruleset updates
+
+2018.9.19
+  * Ensure the 'Block all unencrypted requests' interstitial page catches more
+    HTTPS misconfigurations (#16418)
+  * Allow users to disable HTTPS Everywhere on specific sites.  Add additional
+    UX controls in the options page for this. (#10041)
+  * Adding 'scope' to update channels, which defines regex limiting the URLs
+    an update channel is allowed to operate on (#16430)
+  * Bundled ruleset updates
+
+2018.8.22
+  * Adding a warning to pages which 'Block all unencrypted requests' is unable
+    to upgrade
+  * Adding a UX that enables users to add, delete, and edit update channels
+  * Reduces memory overhead by optimizing exclusion regex
+  * Block insecure FTP connections when 'Block all unencrypted requests'
+    is checked. This triggers a permissions dialogue in Firefox 57+, see
+    https://github.com/EFForg/https-everywhere/issues/16377#issuecomment-415492846
+    for more info.
+  * Bundled ruleset updates
+
+2018.6.21
+  * Fix: URLs with a hostname of '.' cause endless loop to be triggered
+  * Bundled ruleset updates
+
+2018.6.13
+  * Improve popup page performance and slightly reduce memory usage
+  * Measure and slightly improve memory usage for rulesets
+  * Fix CORS issues in Firefox. This bug was previously breaking embedded
+    videos or css on many websites. Chrome browser was not affected by this
+    bug
+  * Add "Reset to Defaults" option to reset the default ruleset states
+  * Add "Show Devtools tab" option to hide CDT tab
+  * Bundled ruleset updates
+
+2018.4.11
+  * Reduce out-of-band ruleset update TTL from 48 to 24 hours
+  * Bundled ruleset updates
+
+2018.4.3
+  * Applies the out-of-band ruleset updates, sourced from
+    https://www.https-rulesets.org/.  Clients perform a periodic check for new
+    rulesets to download, which are verified with the Web Crypto API using a
+    pinned key, then applied.
+  * Ruleset updates
+
 2018.3.13
   * The unused `cacert` platform was removed from rulesets for simplicity
   * Organizing the add-on files into a clean directory structure
diff --git a/src/META-INF/cose.manifest b/src/META-INF/cose.manifest
new file mode 100644
index 000000000000..045ba86369fd
--- /dev/null
+++ b/src/META-INF/cose.manifest
@@ -0,0 +1,732 @@
+Manifest-Version: 1.0
+
+Name: manifest.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: X0hd0tplhCo2R8s3OE27fLAZFD8=
+SHA256-Digest: iKk69TG3OJJNjjAJPTe72S+qXa4k/xL8yKmPzAGmaxg=
+
+Name: package.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HQyF0Be9Z+C72YzyWk6LqTSCxkU=
+SHA256-Digest: 1v7I/u/oNho1Z8rtRLepk7VY9i0r8EktoXSvvy92SsE=
+
+Name: _locales/ace/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ach/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/af/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iOMFMT97+EoNCW6DRomntg8GSHk=
+SHA256-Digest: cw+OPqn11qIyL1P5cFnPmxrYTVKQ0oPX10+1KjXtNoc=
+
+Name: _locales/af_ZA/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ar/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pxQQhQSkkjd9EAlMdZmvk+qmXhg=
+SHA256-Digest: MORqa6PigyGRYrjsjuUVk80TAKErKzIZy9G5UnPV20U=
+
+Name: _locales/ar_EG/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/ast/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VdPNPPiC8Ro2JsmoBFkdW3TAy2c=
+SHA256-Digest: 4zrpaArMxcBnUHIyLdenD/CDBXFXDgnSki4HzzEB0J8=
+
+Name: _locales/az/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 3+BLldWYu7TK8cGkwWGVp8z0EUk=
+SHA256-Digest: hfU635JcDvcEJzmbg2zkxSrfMEe0SVNvq8U9wj1SvNg=
+
+Name: _locales/be/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /7FQnv3lG2OqZFTdc3/fmuOznX8=
+SHA256-Digest: OrCo5OOtp9o91snpAQUrgUG1KbmJ7ScDZ3tncnnV2po=
+
+Name: _locales/bg/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uvPzsM24ej+LdWMNASNfYE1+tBs=
+SHA256-Digest: Z0AMZvlkzgDfeSMbZQ+AdhZryI8kmsdpYpvOz8lM9TI=
+
+Name: _locales/bn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dVoXHkj2UXzj4ctLQ7g2+cQu/o8=
+SHA256-Digest: hTaM5b35bOJhTSV38ajtBg58bV5TdC47xttlYiZM/aU=
+
+Name: _locales/br/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZW6ty00kj6yNkgcEnnvyQjjgrWg=
+SHA256-Digest: sTBK8ujpW+kR/M9mXe2ShZUChO9Ytu7gKVYQkaOwrZU=
+
+Name: _locales/bs/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vg2wDGtsbEZthKbRz9yUjj7Q8YA=
+SHA256-Digest: vQgF2n0ktL3LZ1rqMaiZvCxRRt41I6PLvVHRJYvHb8o=
+
+Name: _locales/ca/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /COeM2de5nZc7h2xYUdMcQqMeJw=
+SHA256-Digest: otyh6c/nvuTuTZfmLv2FfYlbI6fkf9ibQ4zZYWll2Bk=
+
+Name: _locales/cmn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/cs/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PSPcBF4f2cciaztX/tDK489gG6w=
+SHA256-Digest: nhqVZbEdeQLOEfTuC4WQZqq4nVX6TLgsumEei+NDJjo=
+
+Name: _locales/cy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: A9MVuoq+YeTB4AJ7qXIW2t/2reU=
+SHA256-Digest: MMpP51GLMadXFrMHt8O5C2q5x9ipotM+rbjBCSAIa0k=
+
+Name: _locales/da/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6EA7b3gcz67OK5/NhNpqiv8JsRw=
+SHA256-Digest: XvGrh0Pr/cIN0+h7dYRhsWrE2sbpvCGejLUk5g2cb+M=
+
+Name: _locales/de/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5DxSzfj3HAO19N93skW8074DacU=
+SHA256-Digest: 6RRsp8DV8g7u3majB5LXV/HNNz9wltPP3/drftJO+t0=
+
+Name: _locales/el/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cDgo3bT3QsyvgW6sNV1v7VhD+c0=
+SHA256-Digest: oBZLruNBa+ryEI2AaAM1IuFsmVxF73+deXjq7P6lunM=
+
+Name: _locales/en/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_GB/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_US/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/eo/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cTvPwrTLEg/CLQ7vP936VGhWMBA=
+SHA256-Digest: 6Tb3+j9lXyFMz+bKnJ+MnaIRIAaOIgFGgGFeLUWIHB0=
+
+Name: _locales/es/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wdTXKRaKo3+lt2F/WAfhHECWQ0Q=
+SHA256-Digest: 6LOKxRvSfOFCftbixNJLi3ILtnXblwVUdYoxy0KkUKE=
+
+Name: _locales/es_AR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: jNe5tt2sg9FYb/CklhOA/EfCNso=
+SHA256-Digest: ejlUkVhdh38l0SQqB2iuiCGTJgg/HnUZ6YB1BIowEUI=
+
+Name: _locales/es_MX/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8r5iYER0e+Z9xsXkisoWpgiV6wY=
+SHA256-Digest: nNkWHeZ9eKPmXKJTHyKHmuqMNO9w7KdMoCpNtykVJSo=
+
+Name: _locales/et/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: RuKFi2LDlh1aZ/sgjAQHk9Dr0aU=
+SHA256-Digest: kEGCDq7xq97+kttCcjDTrhV+IRBdvTdokVw5x4MjUrg=
+
+Name: _locales/eu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CfUVBO8uVqaEVg2rfNiEzhOOIxs=
+SHA256-Digest: U4RrQUCTj9jzxLMjadoUZlclwDWv7StaWVTd+VfnN2I=
+
+Name: _locales/fa/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Zi0T7F3MTegvevGxycGERaO+y+k=
+SHA256-Digest: FppLjcJVwKmgWnEVG8DUj/OfX/mPJaRmMHYdzdQ4Qk4=
+
+Name: _locales/fi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ijd1g6JcPeStcajdi2p49GxtL/s=
+SHA256-Digest: XtP/3kb3g9EEZXkGRsQh5oEGWm5XdCCVHsY4eBWi2Lo=
+
+Name: _locales/fr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4Kl28lQ4AxcFKuI1qPanfKBIO1I=
+SHA256-Digest: JR6Ytgifw1eNfP5eEY9DW2+NyBy5t5m8jcfG1eElpos=
+
+Name: _locales/fr_FR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /siGONOTKZIcZRCh3Gjklyi6FpA=
+SHA256-Digest: JOAxkWbsFpRl+/JTJ9Ii5P0ixY1UOkuZHRAjMb86eWI=
+
+Name: _locales/fy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: qYt2G1hP0Cs203jLvxdBLgv4MGQ=
+SHA256-Digest: cNu7cS359ufs/B5EXOMBJIvVbfB8V9sQpFxorgrRxxg=
+
+Name: _locales/ga/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oNZb00MUZHcEuMm1CKosXijaWgw=
+SHA256-Digest: knCNuU+/o1k+pt0GMADpt3nuzqz17npT4Olsoj8EL7o=
+
+Name: _locales/gd/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/gl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: WBkm2qWTCShjdj+kFKqzxnZIoFg=
+SHA256-Digest: Y3K9ZWg9+2pL1r34SJhQYu26Viki5wqVlJmLmVfhQdo=
+
+Name: _locales/gu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cxaffBOuU3Z+D/AJ6TQAXNFki3M=
+SHA256-Digest: pTrp2BlrTKilZg+sRGpeuYQVSrInYg7QtVBMrLANj4Q=
+
+Name: _locales/he/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zshsgYzIwWg+jtvY4ingp8vw64c=
+SHA256-Digest: BxJrAMOZ4VuFbXDVimpAN0xMEQBNZZkrmFWnTAXibks=
+
+Name: _locales/hi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QRpvL2rosEDoTdx6BxxGGJpSVmo=
+SHA256-Digest: liYeP2q1gkXphKzxxJNsqTh7+T1gzKsee+6vReQMdhs=
+
+Name: _locales/hr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: x/3lhb7z7CVqZZdn3midgSjn5tY=
+SHA256-Digest: HHx+VP0HB42dWTZ38cR004DWeQpFRgaF5TULrZkatwI=
+
+Name: _locales/hu/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4eKsxvmbG58FfD5yjfm4b3cr+g4=
+SHA256-Digest: i9dh17H4Ruxjb3oxA4GPRJvRPecXQf3U+qaBlGj2qps=
+
+Name: _locales/hy/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QzXAZ5katx2Ye+1QFyFHLcMJROM=
+SHA256-Digest: HSYKniubHesccfXGMZYre5wJva2MRztMYAhMHMA2+Z4=
+
+Name: _locales/ia/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Mm0o9mYuk3kCk5WbKuPCFU7zpqo=
+SHA256-Digest: 6ORLVTr02qalRUcK63Ir1GXjw/p+v6nrK9/zI66QL6o=
+
+Name: _locales/id/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 9QctIupOryS8eWp04EJHAWNYj7c=
+SHA256-Digest: NfVmJxGSWj5onjEn4//gX5P8n3QnqBXXP5Z9Lf+578M=
+
+Name: _locales/is/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /P9T+vTThdd7i1pmGcYD6nOkY44=
+SHA256-Digest: L1OQmFHZBhJHVvNqOh3610u1MS+SLQd9NHvYu2FkRVE=
+
+Name: _locales/it/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QfqJFvpr/CghH/0gsO9h+sYKy1Y=
+SHA256-Digest: vtdELbvnbICfJVOrxFLjaJq656uK7EK2pTcecgf4dNc=
+
+Name: _locales/ja/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7zImT7HvkvCQpdObYY520peFtDs=
+SHA256-Digest: mjSxBaiB+SkXyspN3wi6aodH4rYgcp6da2exdiEcGU4=
+
+Name: _locales/ka/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: fHsD070Q4aHyxYhCNfQIYT3MKS0=
+SHA256-Digest: yeIbx8SP8Wa4kvXo6Lzx9wrRj1LynhWFd2nbPUqZEsk=
+
+Name: _locales/kab/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/kk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8Sdjq0KMj4ANwq94weNnUQYtI+s=
+SHA256-Digest: bTKB9CkWNhqawbJDhs1/GX4/z4j0Vg4cx31zKw44f5Y=
+
+Name: _locales/km/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w5qIgDP+885pZJMl8FyA2yGUt1A=
+SHA256-Digest: sjEA2JwKdlS1D1hQxKQedb9DYCwOSDhyxusv/cUTkvE=
+
+Name: _locales/kn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdvnoS3SrWGvRWSyvuRqoWvRiWc=
+SHA256-Digest: TaiiWa/PbBrRxhqRBYvFWtGmyyy/ovdu/yhHq/w9jk4=
+
+Name: _locales/ko/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GqRtNAUwxrLDluWtx2LqjXzg+50=
+SHA256-Digest: McBNqK4HaGAS0dEAMzOD8lrwecj6CFapkKhRgZpR2qU=
+
+Name: _locales/lt/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cBHtxCIgs0M0vuawqYXF7qBAPZo=
+SHA256-Digest: RvNH3JOZbIBt6KKPOdP91hxzpQQLbYxJxWeg36ncftU=
+
+Name: _locales/lv/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ljoDEg01zL32eJF/+OECLuPZkoY=
+SHA256-Digest: +pRZCbp3zfzTbM0UqTpiJd23dSymtKZxiZlqD9zNZEw=
+
+Name: _locales/mk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dHL1X/r5TNAy5AXujh48jmaBZMY=
+SHA256-Digest: Fs8OnAZZqmqEZHAoYINC1qjLdniDuxjboibfVPvcxek=
+
+Name: _locales/ml/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yjvR4hUOwBfI4/NLchJglHMznUY=
+SHA256-Digest: /LzzQ1QQeGqOJGuwyf7hF1ynGzYojAJy8SjnfpqP8nU=
+
+Name: _locales/mr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VqbEpeDWqRRSDXueR7OXzV5Zi0c=
+SHA256-Digest: DXWyMnlhjkPGEZgaBzsqFEU88IvmcrerTATrEqY+fqY=
+
+Name: _locales/ms_MY/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pNrnIUMZ1KSdavj7IpvgaXtMW1Y=
+SHA256-Digest: WjOfy4w9K1h+lN9Ld1JdzPwXrpU3TYqIpcQLVhzSsKM=
+
+Name: _locales/my/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kPgWIxR2rynJkEykmF/T0clmLcU=
+SHA256-Digest: pVtnX3UxISFA90i1ivkuL01oGhoah2AqzAJosnkZMCw=
+
+Name: _locales/nb/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: xCCz+aU59J3pUBQrTu8Sookw3Xc=
+SHA256-Digest: aHFiDv13/G909I851CrVRUPMSAyxLABNIT5TkFPWolw=
+
+Name: _locales/ne/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/nl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uHnFt32GmeGIWlUhV2oc0YwDBoQ=
+SHA256-Digest: EPKDxQlVhuigsi6at+OnLBBaPbqbNuYdbHu3nEx6Lv8=
+
+Name: _locales/nl_BE/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: vpN/Tt8RJNjNrjzQhvaCLnu818Y=
+SHA256-Digest: UMIycHh4OpfT6XEX5IkOJbBhBEmykK3QzilVLqxXbas=
+
+Name: _locales/nn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /uRXmVZ2hcY4LDKBmhSwYPb+v9A=
+SHA256-Digest: /VRfKB4L2T8XMwAUR9UCXed+uPckbOsicnTGYCRT62U=
+
+Name: _locales/oc/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: LEIoVVmbjin2D0Bj5PimJENOmCQ=
+SHA256-Digest: smQMMM7KSF/9lT0ryK07dEWxGtf3tYjF58E/kOIlNKY=
+
+Name: _locales/or/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ps0uvWBAvc6crMC3f7ztPoWLYHI=
+SHA256-Digest: sX3swrX1p95cHWLBMrKDJ8mCOM/k+g3kR6+vKtjUlIY=
+
+Name: _locales/pa/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: +P2o0dGSh7jJUtVjUFU70dqtxiI=
+SHA256-Digest: sHFd6kvNEbfWPpbLyIutoZkkEm0A9yWhjdbsXZ5YH5s=
+
+Name: _locales/pl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w97eXym45Cju4UUq2hDgfYZEivM=
+SHA256-Digest: 8dpWSVyqOkrMcQs4Ub98uEHMtAkwdtuag9kfv31TnwY=
+
+Name: _locales/pt_BR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: B9dLWSgVB9XeiQqqE9ceVH+KFqw=
+SHA256-Digest: bkAA6J0bp9u83YD/Cea1ggdTUpXBl47Pb/RAgW/QO9c=
+
+Name: _locales/pt_PT/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MFTtI6bvZgIBNjfsrsEes5SZWWM=
+SHA256-Digest: 6Oe7CSTsLlbxPCEcuVYO5tqvl3/TLquitxYnh40167c=
+
+Name: _locales/ro/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iZA4eB6bVN8w8JNfUaLiB04ZeEU=
+SHA256-Digest: esk4A/1PXdU5yjo/Y/f3zS1fzrVQUIhGPFyAS1eSw+k=
+
+Name: _locales/ro_RO/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iCzvlQJKPogorBRk1ZaRc1PHSzk=
+SHA256-Digest: f6sPhnOcfaNWIONa4Ow+YtnAM3GXnWIG1WXDRHOtves=
+
+Name: _locales/ru/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7icD6gFZZYuaRFlZHpM3v4S4rbw=
+SHA256-Digest: PsIJMB4ploNqnBAmnqfFHDXH+zFdu4P6BNZMnIwT0ok=
+
+Name: _locales/si/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: KM47GTd9GQqAik45v3TwGKzhUqI=
+SHA256-Digest: 3PvBqbX4qA1rQB4l+mrxTb6mwA7ssWzrxjn1VJn5peA=
+
+Name: _locales/si_LK/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /XRTG3mjOsamcRjwWbYUqmyS+jw=
+SHA256-Digest: XbC317Ovdr7RhMsUfhfXDV1yDh+4pz86mQMG1PFGLdY=
+
+Name: _locales/sk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8g2uM/IilbLetxLlpS1+hm+gb2w=
+SHA256-Digest: bnqVDCFodbSbseUbLOrdCwprRMxbpCYHMvVbz/3KP/o=
+
+Name: _locales/sl/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdQaZFkibS04O78qFlB6kmwhF9c=
+SHA256-Digest: 9pLwtRZfEy2la4LfIgkbDR/M+nNotJAA5wzEgT+AfyI=
+
+Name: _locales/sl_SI/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wFhFU0upAYqmmQI/nRnGEnqP30Y=
+SHA256-Digest: qx/D6APKUhcKmNWwCHD/baIjzMFQNTR4/Rt6LvOTQ4Q=
+
+Name: _locales/son/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/sq/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 87nTmcsWpoEAsJTN4/ZFf+01I8A=
+SHA256-Digest: POGPrXKN5GuJ59k227ozXns25ogQdzOOgA3azEA1f94=
+
+Name: _locales/sr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zJI0kCSZIB/4rfhaGxg0aUGrbtQ=
+SHA256-Digest: tfKdrL6vsCYxRU/QeEvAZC58y6qDuEKkhNi17r1e/8o=
+
+Name: _locales/sv/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UI6tx0CmaOkUsjASOmQvxNRkX+c=
+SHA256-Digest: WnBcBaT7T7yKHUvac2bn2q5alrsbfEiLOQUXPIQLurQ=
+
+Name: _locales/sw/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JSf0a8gCwILGBI0T4d/FfWfIGDc=
+SHA256-Digest: Z+oQpHb/T+I2XZ+JVJZW1KMeAP6yK/x9Quts8n64AlQ=
+
+Name: _locales/ta/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CW5Q8ok59gE/ZC8A4uPqW4cIfhI=
+SHA256-Digest: vOG/RBohVZklUTu6y6cjUWg5RyNIbwaB33kUr5Ko2PI=
+
+Name: _locales/te/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: N/QOkBiJYvqsksR5+NWuHA0/fxk=
+SHA256-Digest: jZC8UbVBsT2RvDZ1uebHtr76/oRaNdlmxLKWLnDaI3A=
+
+Name: _locales/templates/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/th/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QaLDEcDBj6HdEh+eAhQ02DWS81c=
+SHA256-Digest: ucjQxKDoCEwzTat3hNNjtMRJ/u85+QK47Rw93C4J8Sk=
+
+Name: _locales/tr/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MDXJjWJjdDGjeYfHHa2+LsPj2tM=
+SHA256-Digest: vdziBTOIPyWhvyfApPrN8jZMww3lePVgo4zDkwcv9og=
+
+Name: _locales/uk/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TargN1mxonMdbvos0GBcCxU0+dI=
+SHA256-Digest: 6ZRhyVruPhNEb5UPYCrb/EFcy6ArHSNqxBy4KNEhq/c=
+
+Name: _locales/ur/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kUEeTx9OeiESvvWjprUjqluEhZk=
+SHA256-Digest: ADAHAHlOUIGXLO2Aj5/it+lavjH4WkbjLV43yI6CO4s=
+
+Name: _locales/uz/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bmGV4U+3LA14ZwC5RcRdN5RB+tk=
+SHA256-Digest: SPoiBWn8W+vyUJHKfocitJ5y6RjXedgta0HxflAFB9Y=
+
+Name: _locales/vi/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMY5uzc6vq9pP9hqFNGlOgVYZ8k=
+SHA256-Digest: OidbjDj9CBSxmM5oW3RagDo6ZNvA+5P9CGN8C0cbgms=
+
+Name: _locales/zh-Hant/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: NXT6rNViMHWrKSlecajyj80CeIg=
+SHA256-Digest: 3zXYNMBhIcIsuhQRzfIAFhV3GdeGZXgyc+h5bFXMZtk=
+
+Name: _locales/zh/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vu5rZrqGhcESvjluy4x3EcMPi4o=
+SHA256-Digest: karIDiNHSaijMuQkVkG71+StamzOq9ZeGiQhzwJjTAw=
+
+Name: _locales/zh_CN/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HWK9jni02GGBk/XOVpL/R1rs0NI=
+SHA256-Digest: Hl+NW/IGzS73WJhUVgY9cPJvMyb0ZomG7k64dzoJ1wc=
+
+Name: _locales/zh_HK/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oZ9Ht83pERBafXR1h2mucibzUUo=
+SHA256-Digest: Vq5s6nfmwfxvTVQlmjFCHCYlzvJanl+4I8J2h8F0hjs=
+
+Name: _locales/zh_TW/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yfJJJg+Uan6mqiwEm4W0l5tT+nU=
+SHA256-Digest: Xj6MJjfhW3liYqF0UIY6flSaOxnNyr4Urgu2gffF99I=
+
+Name: background-scripts/background.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMCKwYZnhsRm4ExhG1q6wY+DQno=
+SHA256-Digest: D4ogTIq+ze3hPGkcxzkc2jFho2hACQn3iYc2oaw4egE=
+
+Name: background-scripts/bootstrap.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TSwjfTzojZXN1Iul+mBttRl/MAg=
+SHA256-Digest: WcKbJ0zQK8948MJzbMTTCf807jEGH7Bj8k7CuWCx0aM=
+
+Name: background-scripts/incognito.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JXSvrJhaxqSgUtXqlm0r21VqSlo=
+SHA256-Digest: AnGJOJ4CKWmdFZaWNzvm7NWZjbzCKkdawPc8RZCH4d0=
+
+Name: background-scripts/ip_utils.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8RyxTy1FNW0wvKPs+DqKNNZYvV0=
+SHA256-Digest: F9Ij1ZyfnpmmCM0W3+WXfaBO/rnUAFZtXc2N305Qod8=
+
+Name: background-scripts/rules.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 2dd1eq7Y16RvpmADSFGYSFdRvNc=
+SHA256-Digest: 9Qw9Xoky6/2DvBn5nza/xBXbjaWkEBI9hPaaqAdQDqU=
+
+Name: background-scripts/store.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IdAI+nj6uuahTeT28Xx1QJwLveM=
+SHA256-Digest: lyCBwe6g79MMTtU1xyGBiIJidhqUsW/9YUXX158t6z8=
+
+Name: background-scripts/update.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Z/kkBlC2HeS/G5zlAbeiFwLpgIQ=
+SHA256-Digest: R1y7pQHEB8w7mNOn0zxEL20mys/8sOZxy5238BzhNoI=
+
+Name: background-scripts/update_channels.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kA9YO0yjVOE6vw2mpWPePkWyt/I=
+SHA256-Digest: L966QoT5hiVg5mzQq9dACJ5o8OVsROxhNRd+LebsAQQ=
+
+Name: background-scripts/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pjJWekzg0QW6/0qYNf1pISXO14s=
+SHA256-Digest: 1Cykm0yxo5EZs0+fZWtUPzHa38B6ZalDAOojqu5awgo=
+
+Name: background-scripts/wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7pQTqvYA4el8WRX7FjQNUUcMUwg=
+SHA256-Digest: TMk4CQYN4lxkG/ZBq+wp4erwwo8knS0H5HHBCa7LW08=
+
+Name: background-scripts/modules/ssl_codes.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: t5DE+asvCaL1VaVhVXbJDQXQaHw=
+SHA256-Digest: hGKfRGrQWsXH8+9OfHcHM4I45d6DIIxClYqMSH1oBCA=
+
+Name: external/README.md
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DgCQOA7tYbKkLcJ92flagYsm0nI=
+SHA256-Digest: So9vbyA/ExcM/wEms+bwz/YVVa2ayDCNnJ5sYJk40tk=
+
+Name: external/codemirror/codemirror-5.31.0.min.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6L9PQ9XeTmwE+7WJ29O7oelFX7Y=
+SHA256-Digest: fIaQYYF933S7mhBn4vqsgaawzXI4iELVCrvv83rZ5ic=
+
+Name: external/codemirror/codemirror-5.31.0.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iJyQEWjgaJ3IVz2bsX+RSnjLzGw=
+SHA256-Digest: yTU67I79B7rqtdoOdsJHDDK/92GDEeGj4+93U41HPgE=
+
+Name: external/codemirror/codemirror-5.31.0.xml.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DMaXXHyF/jzGu8wJN2a1yHxkNHU=
+SHA256-Digest: d+N19fPYNZkqDuOxqLM8MHSxTiGDF/j5WLdynJ2D8/k=
+
+Name: external/pako-1.0.5/pako_inflate.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: V7Fd/JcXF6Ar68Oa5X3/rO7giNs=
+SHA256-Digest: h8L84MNiYQCe/szpOr1i5Cge5x/8EsvaaTlcdG9vOnE=
+
+Name: images/HTTPS-Everywhere-Logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: E0ESMX+oJaAutg08/RPfpc3Ix5E=
+SHA256-Digest: PKyVOZS7bg8UVeQDG3npTYLKtnB5FgmmdfoW/NC02bQ=
+
+Name: images/banner-red.svg
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZnApE5t/iqGaVc0fdm7I0Rpvdsk=
+SHA256-Digest: obGxFfdgfzgg0jj59ThEpLQwowcJCioxsVS/+X7Mtvg=
+
+Name: images/eff-logo-monogram-red.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5sbYS58Ze3MdPgDNas/ZnFn128Q=
+SHA256-Digest: aPdsjK4CCl3M8HBgqCLA5vu5n+w9cCs75gs0j5x/0Ak=
+
+Name: images/remove.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Pn9f97i3AIFlAMf420qZNzvA7DY=
+SHA256-Digest: 7TrWr2ZkK0faWgDYUz9WtV3voVjEwqjLq0ROGvkU6y0=
+
+Name: images/icons/icon-active-128.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: p71skXMtghXylXMvFLnYW/jPos0=
+SHA256-Digest: 1DbMnWBmqaIRzzkUyRpdRzxz8z1HtUGq6RzRKcINuEA=
+
+Name: images/icons/icon-active-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: EleX4C/tgOj+W71fueie7ZoXAAY=
+SHA256-Digest: YgkTENwvpAo6Bb9WsTrUr+CfKY+gsQfq6uPoGdMw6kI=
+
+Name: images/icons/icon-active-48.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VVqz4q4/4awX6PXZhnQmGFkAiqc=
+SHA256-Digest: pfkIfbdzORmTjUTLb2SsmaLv4oafijkSttiU3lUcKmM=
+
+Name: images/icons/icon-blocking-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IebllmIP/cUmB0piMroSEA7HnHc=
+SHA256-Digest: 9oP7jvbkH3KM4VG+kAnItkvsT00o9/KKHvhexTJHCD4=
+
+Name: images/icons/icon-disabled-38.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PJqzR54BFgNofExLbYn8DMEyvzE=
+SHA256-Digest: 2PzhLQJedFJa+ZOnE/j8r+XELaoYAn5ptQCSyNbmDcE=
+
+Name: images/onboarding/httpseverywhere-logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XYvqYHk+Ebepsvq4U3bo9rYMqQI=
+SHA256-Digest: 292a2wZxJ/ltXI+/9OdCzMX2YZnJDWMYUoVOOnU+sUs=
+
+Name: pages/base.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Yk+MDy/I88Qd0VMzEBIbf0fBo0s=
+SHA256-Digest: D7uZfk1BrCzx3HFnEBtdaN0E6rC6pErEZAd1X85xgCo=
+
+Name: pages/main.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UN8/2mEQ6JZ7MTJiWQN8f77AgP8=
+SHA256-Digest: QhiZj5JKVR1gPvtg6EaZxI735GiFeZglzuSkTJpZvpE=
+
+Name: pages/translation.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QMAZVa3usW8vcXwN2WP4lvIQQxQ=
+SHA256-Digest: +qWz2YZH5C1UqzTixYwsS3185+wd+q8Dhlm5czDI54w=
+
+Name: pages/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XzUESMiqZDZv/WRcv+j8f/R/7uw=
+SHA256-Digest: tSZjbu7zilv5pujsEyp/+6HCfr7iu+KfoXNiftpAKAY=
+
+Name: pages/cancel/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: h94rEtsYrj+TsIBk2x+UqRhOHDM=
+SHA256-Digest: Fgv98mLYPbIiOUi3HAw4YktUVkkt+7clLW2IgxTD9us=
+
+Name: pages/cancel/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 0L/xbmBq8hCu58P61j4htTOA4Wk=
+SHA256-Digest: ejF/rMWvajSbZFxp0hRT6SzhobQ3aILcf5pN1BTOGEE=
+
+Name: pages/cancel/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UtFAiW+HLmKUFMV/v2hPR5haiAI=
+SHA256-Digest: i3Vc/dqv2XS12us9g1J5f6iMIZC0gI36g5N/FEKX1pw=
+
+Name: pages/debugging-rulesets/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DuBJ5S+QY5nztsCAqOuTgKmu4no=
+SHA256-Digest: J4l9PsxyBqZKSYfqo5Zp80vXBJ7mqRVKNS2KoVU9F5o=
+
+Name: pages/debugging-rulesets/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 1DuOcKAihj5zxJ0CIgam4iq8YXc=
+SHA256-Digest: 9H1UQpqT3UDDSt2ao6Zgr4iT5o/iQ62HolhTDqNHHCE=
+
+Name: pages/debugging-rulesets/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IyqmSEBIenfSG4Mk++ciVOvpQvI=
+SHA256-Digest: OVzkDGtCe3pg65opGnboDfrFsqFsLJxa5CQxBPA9gi0=
+
+Name: pages/options/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cXwoesX+lTfZgizRwhLvV5iFNDQ=
+SHA256-Digest: OzLgxg/tYfU/fSAIHLxBZ/++9W6FgznEEGHflPJ9aq8=
+
+Name: pages/options/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: m7GC//67J6ErvL9Wp1FvAUMLk/8=
+SHA256-Digest: O5CikoWfyy2E2v3es6BJGltQ+OKfeD/uIYp9xsrqsF4=
+
+Name: pages/options/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bUAAi8jBxAk5YiNWqSyiXxkSPs4=
+SHA256-Digest: WzJSEmMXT7Qi7rKftAFtuD6oRK0bfaLtzqCvtgwJ+/c=
+
+Name: pages/popup/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5vBn8FGlSOjp7z4UozcN+hnm3iI=
+SHA256-Digest: JoShZlQiKjzRj2JxRHXHW4Df2LsKWf568UU/oKVePpQ=
+
+Name: pages/popup/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: aPvKt4RXG/BofewRf4CE4mBg1lg=
+SHA256-Digest: H6iKtXGZJ/o2chDo+KZtB8VNYdaadxE8+143tDhl3/U=
+
+Name: pages/popup/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 68pu62q/sp5slQO9MUxCOv+ofU0=
+SHA256-Digest: 6VKXwWx0rQ6KoTh0OQ4KpscxkgcW433VAazICjc3bCM=
+
+Name: rules/default.rulesets
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: hqWsDDcf2fp+r/dTBZqGw2eaqb0=
+SHA256-Digest: hnQbXIa2D+1lFh6i13HSkXQyYa/TxpKrPlx3QzgnnX0=
+
+Name: wasm/https_everywhere_lib_wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ELfS13+0aPyRX67301qNv6fm3pk=
+SHA256-Digest: 519ILW7r7LqFtGI6M22GuXDA6xYikE6EngbvlT9//Lw=
+
+Name: wasm/https_everywhere_lib_wasm_bg.wasm
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: SBxLOV763w4ke4LOL1574PW9hCs=
+SHA256-Digest: 7JqJ7u/5t5yGxh8p2+YCmgl+LeoRWQRlDJY9cLxWqA4=
+
diff --git a/src/META-INF/cose.sig b/src/META-INF/cose.sig
new file mode 100644
index 000000000000..c124769c1e40
Binary files /dev/null and b/src/META-INF/cose.sig differ
diff --git a/src/META-INF/manifest.mf b/src/META-INF/manifest.mf
index ac1f12d8c26f..35f49ce809b8 100644
--- a/src/META-INF/manifest.mf
+++ b/src/META-INF/manifest.mf
@@ -1,1316 +1,742 @@
 Manifest-Version: 1.0
 
 Name: manifest.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: QnVERHZXjJA1v2JXvuVn8w==
-SHA1-Digest: ZqxtzrlkB16zChfvw/atX+7kJDk=
-SHA256-Digest: P6WqYGCVp4Mdnf5o37SI6XUygmpt6tpF3T//0F7zxnc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: X0hd0tplhCo2R8s3OE27fLAZFD8=
+SHA256-Digest: iKk69TG3OJJNjjAJPTe72S+qXa4k/xL8yKmPzAGmaxg=
 
 Name: package.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BkjiQ855jU5esOxdhPsIyg==
-SHA1-Digest: KnghD9Y8ZIw4rji19UNOZS8SI08=
-SHA256-Digest: G9kQEYnvpJ0W20Plj80eceT+ZTvwm+N5FZEsigDoKTE=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HQyF0Be9Z+C72YzyWk6LqTSCxkU=
+SHA256-Digest: 1v7I/u/oNho1Z8rtRLepk7VY9i0r8EktoXSvvy92SsE=
 
-Name: _locales/ach/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Name: _locales/ace/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
-Name: _locales/ady/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Name: _locales/ach/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/af/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: QrP8qP/ik06SaFcRjeXJiw==
-SHA1-Digest: 8iDooeI8hlA2C0p3TyLTFws09VA=
-SHA256-Digest: t3WAguN2sXCZeDPdoSakO9Ymh0w6Qk4/yoZcjahU2ow=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iOMFMT97+EoNCW6DRomntg8GSHk=
+SHA256-Digest: cw+OPqn11qIyL1P5cFnPmxrYTVKQ0oPX10+1KjXtNoc=
 
 Name: _locales/af_ZA/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: fvpiFgE+kh6+hbEU30UZSQ==
-SHA1-Digest: ISyE3JH9f7NG5eIVN6pUORAmesI=
-SHA256-Digest: QyQ3grU6uKx5M4zNDb8YQE0CKIeWSKimPEXER/If+z4=
-
-Name: _locales/ak/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/am/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ao2nZ+mpr831ud+LF5+7Ww==
-SHA1-Digest: 4O0qbV73S9T82r/xMpkYLUrg5tw=
-SHA256-Digest: qnsiaqEphlIjoCVcbKSKhlobuw/0IKz0R3P5lRXHTVE=
-
-Name: _locales/am_ET/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: hZHp/bXG9mmRkN2uzrb+5w==
-SHA1-Digest: Tu3kgpVVO5uV/C/zRBD2W87pLgo=
-SHA256-Digest: wmFxaa+VYwpAPEskSDuzmQhnLtMrZPzTli6N57LYmLw=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/ar/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: TK5Xk+k8dMCLhCmstRFsmA==
-SHA1-Digest: s3rkRnq644zii6MqpSGR45ymJgM=
-SHA256-Digest: r62fJLK++godrgDXnHcINfALVHkYY6me9VM5tURmcCY=
-
-Name: _locales/ar_AA/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 6zP0AK747FsOwwOJugfYvQ==
-SHA1-Digest: mdM7LrdnOH2mxzWkiwS9o0gDwFM=
-SHA256-Digest: hqgei4z1fnHXoReyN9SgliTYaRdUM7fyqqT5/nd5sAo=
-
-Name: _locales/arn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pxQQhQSkkjd9EAlMdZmvk+qmXhg=
+SHA256-Digest: MORqa6PigyGRYrjsjuUVk80TAKErKzIZy9G5UnPV20U=
+
+Name: _locales/ar_EG/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/ast/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: jsfwDX72OXxkxfF9+N6ssQ==
-SHA1-Digest: X8REK3uLUdmPgToFD2nzZxkPqWQ=
-SHA256-Digest: l4vdykI/CNsRtNwFwerjp8tDtkkzGC8+Ga2ff4wDmqM=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VdPNPPiC8Ro2JsmoBFkdW3TAy2c=
+SHA256-Digest: 4zrpaArMxcBnUHIyLdenD/CDBXFXDgnSki4HzzEB0J8=
 
 Name: _locales/az/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 9+DO97Y3O4GLP9CW5uoH+A==
-SHA1-Digest: eU7BuXyoQjXPzbENMt66oORs+aI=
-SHA256-Digest: qiYSmhfNPk7DcV//ugG3DWe19m0HqHYf5DIbWuWAs64=
-
-Name: _locales/ba/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/bal/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BNI3d+r1Z00iZD7FNjCs9Q==
-SHA1-Digest: RzXQoy5Wr29tYchTAc8/i8NIf9M=
-SHA256-Digest: cRVv1MeLYeQCd7yJXI0DvkqDZJscVh/WHufqTLj+QHU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 3+BLldWYu7TK8cGkwWGVp8z0EUk=
+SHA256-Digest: hfU635JcDvcEJzmbg2zkxSrfMEe0SVNvq8U9wj1SvNg=
 
 Name: _locales/be/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Kv6cApccBSMjk744cSBguA==
-SHA1-Digest: kTtU6C4q+hZfDyISjk/aO/ZwDRk=
-SHA256-Digest: QyVtZSMvBRjPTe30CjBGF+MMaJazrz0X3E+UU2iJFHs=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /7FQnv3lG2OqZFTdc3/fmuOznX8=
+SHA256-Digest: OrCo5OOtp9o91snpAQUrgUG1KbmJ7ScDZ3tncnnV2po=
 
 Name: _locales/bg/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: nP/pWtUIZUPp8qL2KrV/Xw==
-SHA1-Digest: P282Sd9mi34cEzZQfIOGf6aSTp4=
-SHA256-Digest: efnELj9y73HhInX1Dui7eyBS0iIFCdi8GVzpe+DEYa4=
-
-Name: _locales/bg_BG/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: fvpiFgE+kh6+hbEU30UZSQ==
-SHA1-Digest: ISyE3JH9f7NG5eIVN6pUORAmesI=
-SHA256-Digest: QyQ3grU6uKx5M4zNDb8YQE0CKIeWSKimPEXER/If+z4=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uvPzsM24ej+LdWMNASNfYE1+tBs=
+SHA256-Digest: Z0AMZvlkzgDfeSMbZQ+AdhZryI8kmsdpYpvOz8lM9TI=
 
 Name: _locales/bn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: EUpkXGzHgTkKo7C4npBk3Q==
-SHA1-Digest: kvA4LJ1qSDfLT+cYtX9yz37yaAg=
-SHA256-Digest: jdWKEoj3ll+MDFqO5O53jH97Wvsd5S+beiZ7Q0haPaE=
-
-Name: _locales/bn_BD/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: JOajenS85iBCVyB24cVDfA==
-SHA1-Digest: nr7kQt+DFmALA/WnuQyff5754nU=
-SHA256-Digest: Vtb1+OmhjNeIVBD1kfJYmLKhPvI3I0kEbHpZKxZwbkI=
-
-Name: _locales/bn_IN/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/bo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ErOLX/uqDydIibxJ/BGiuA==
-SHA1-Digest: rxaTbB51XiPMMDiP6t8dLtPzPHk=
-SHA256-Digest: oYnpsjqr2D99vw+ePCQBbnQyIixBrLccARFAiUHOrSQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dVoXHkj2UXzj4ctLQ7g2+cQu/o8=
+SHA256-Digest: hTaM5b35bOJhTSV38ajtBg58bV5TdC47xttlYiZM/aU=
 
 Name: _locales/br/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: tn0Mcn8pIVhGvH+JG8mvoA==
-SHA1-Digest: wjeH2NiI3UrBWeYZL63yHSFFS5o=
-SHA256-Digest: i0OsFK7zmzrRJVIOFjRcv/MRf4AXbVKiAzaYDdPtWO4=
-
-Name: _locales/brx/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BF4EDryoZx9fjdjR3/2h0g==
-SHA1-Digest: qp3R5mu3xKnBImiAXf+MLz38UCA=
-SHA256-Digest: 7vMFNzl/hqzLbRdFYbHale8lEXq6vtTsRtJ6di/+1BY=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZW6ty00kj6yNkgcEnnvyQjjgrWg=
+SHA256-Digest: sTBK8ujpW+kR/M9mXe2ShZUChO9Ytu7gKVYQkaOwrZU=
 
 Name: _locales/bs/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: wtf9+57xMNVJ+U7OZU2IUw==
-SHA1-Digest: OGK1P5EnDT7q8GWEwjM1/7aPTWU=
-SHA256-Digest: gu11/z/tPX2lJkHfeDI3ewb/CwY8YwIpYs/kX55+JHo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vg2wDGtsbEZthKbRz9yUjj7Q8YA=
+SHA256-Digest: vQgF2n0ktL3LZ1rqMaiZvCxRRt41I6PLvVHRJYvHb8o=
 
 Name: _locales/ca/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: xUTRdXiMEOD9Z6e8ywYGNg==
-SHA1-Digest: /I0Fwl0cBg+Zyc8GQeOBrtlrfKg=
-SHA256-Digest: p2ooN1BTKS85yU8wYwxOJZ90ITghVHl6bdvD8Ubxyfc=
-
-Name: _locales/ca_ES/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 7oECuvydKqgfx01QhHuBnA==
-SHA1-Digest: OO2Rq0nIhgpW93YPU/5yin1CEWw=
-SHA256-Digest: gwOmGaS1/C+ibIvRBnwE9pv/ne55UHLQqU4EMY1NRdw=
-
-Name: _locales/ceb/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/co/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BNI3d+r1Z00iZD7FNjCs9Q==
-SHA1-Digest: RzXQoy5Wr29tYchTAc8/i8NIf9M=
-SHA256-Digest: cRVv1MeLYeQCd7yJXI0DvkqDZJscVh/WHufqTLj+QHU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /COeM2de5nZc7h2xYUdMcQqMeJw=
+SHA256-Digest: otyh6c/nvuTuTZfmLv2FfYlbI6fkf9ibQ4zZYWll2Bk=
+
+Name: _locales/cmn/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/cs/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: qIwkcmab+0QG4r44Sd5i9w==
-SHA1-Digest: 5Qx7aXI8Tq5YTGQ7eddOpvnKBKU=
-SHA256-Digest: gL+NBqcX81giy89OHxRUMQVQs1T0y1aPINyryQZ33Zs=
-
-Name: _locales/cs_CZ/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 6zP0AK747FsOwwOJugfYvQ==
-SHA1-Digest: mdM7LrdnOH2mxzWkiwS9o0gDwFM=
-SHA256-Digest: hqgei4z1fnHXoReyN9SgliTYaRdUM7fyqqT5/nd5sAo=
-
-Name: _locales/csb/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/cv/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: PSPcBF4f2cciaztX/tDK489gG6w=
+SHA256-Digest: nhqVZbEdeQLOEfTuC4WQZqq4nVX6TLgsumEei+NDJjo=
 
 Name: _locales/cy/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: YDebH6XuvkVYw9OprgWmkw==
-SHA1-Digest: vHI2Obg5ycdNglheir3U+S4gel4=
-SHA256-Digest: GdkPkmBMwPlGk0EVGVYcfkzoBU4xfib70xglOsJeyKg=
-
-Name: _locales/cy_GB/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 6zP0AK747FsOwwOJugfYvQ==
-SHA1-Digest: mdM7LrdnOH2mxzWkiwS9o0gDwFM=
-SHA256-Digest: hqgei4z1fnHXoReyN9SgliTYaRdUM7fyqqT5/nd5sAo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: A9MVuoq+YeTB4AJ7qXIW2t/2reU=
+SHA256-Digest: MMpP51GLMadXFrMHt8O5C2q5x9ipotM+rbjBCSAIa0k=
 
 Name: _locales/da/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: mp7vlYQ+NzZW/liDR2kp5w==
-SHA1-Digest: qLVBy2K2+u2uTnyRpDm4KdPCIFk=
-SHA256-Digest: RKBjqpdjdgRI25f2WnlWjbyz2qtycBMm/1kAXQK2uSk=
-
-Name: _locales/da_DK/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 6zP0AK747FsOwwOJugfYvQ==
-SHA1-Digest: mdM7LrdnOH2mxzWkiwS9o0gDwFM=
-SHA256-Digest: hqgei4z1fnHXoReyN9SgliTYaRdUM7fyqqT5/nd5sAo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 6EA7b3gcz67OK5/NhNpqiv8JsRw=
+SHA256-Digest: XvGrh0Pr/cIN0+h7dYRhsWrE2sbpvCGejLUk5g2cb+M=
 
 Name: _locales/de/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: rb/qDPi+8zd6JiZvyzok8w==
-SHA1-Digest: P32Es3QFMUTxDYKAXTWkwxTXAdw=
-SHA256-Digest: EIaSDt2X6S01RZaJaRywXsWtdSmk76wmn4eadQF9/q4=
-
-Name: _locales/dz/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5DxSzfj3HAO19N93skW8074DacU=
+SHA256-Digest: 6RRsp8DV8g7u3majB5LXV/HNNz9wltPP3/drftJO+t0=
 
 Name: _locales/el/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: E0vVWcsI3JyCUMgrfEbRRQ==
-SHA1-Digest: zo/cib0Z2EjwNoqCTxGAf02I/Pw=
-SHA256-Digest: cUDjkGr5Uwlw9MHvwZRueJHOY33l3QW7Ql5Op7+HiSE=
-
-Name: _locales/el_GR/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: fvpiFgE+kh6+hbEU30UZSQ==
-SHA1-Digest: ISyE3JH9f7NG5eIVN6pUORAmesI=
-SHA256-Digest: QyQ3grU6uKx5M4zNDb8YQE0CKIeWSKimPEXER/If+z4=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cDgo3bT3QsyvgW6sNV1v7VhD+c0=
+SHA256-Digest: oBZLruNBa+ryEI2AaAM1IuFsmVxF73+deXjq7P6lunM=
 
 Name: _locales/en/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/en_GB/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
+
+Name: _locales/en_US/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/eo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: bhFCOi7W4NusIeXhgn0H8g==
-SHA1-Digest: /dGB1dGACuNGB2wfLInXL18Li04=
-SHA256-Digest: pqxzjm1I56SNNPEl4UJanGIF/UcDCP+ucDKRPKPOinY=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cTvPwrTLEg/CLQ7vP936VGhWMBA=
+SHA256-Digest: 6Tb3+j9lXyFMz+bKnJ+MnaIRIAaOIgFGgGFeLUWIHB0=
 
 Name: _locales/es/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: c3ASoZIBIIywtlz4z+tAXQ==
-SHA1-Digest: EZr2+gL33D9p6pIHaQ2BK81ht1s=
-SHA256-Digest: nWFMCyEeDt5ul9SSF2FXYSGUukWGI0lOBd2XW2O0h90=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wdTXKRaKo3+lt2F/WAfhHECWQ0Q=
+SHA256-Digest: 6LOKxRvSfOFCftbixNJLi3ILtnXblwVUdYoxy0KkUKE=
 
 Name: _locales/es_AR/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: qNvpoOjTHLvDwvvdfW96wg==
-SHA1-Digest: Fb1M9NvI4ZupNIyVhtbOLYOULzA=
-SHA256-Digest: qu/41Avf9tJoR0DVCxhfM28jysaXhyDhb6aqziU8H40=
-
-Name: _locales/es_CL/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: GFcsjPbhub/ONamhrunV0w==
-SHA1-Digest: inHnYtnw3TXhTmUnqn3gCchQk64=
-SHA256-Digest: ATU4kByI9RwgWmyLt01XTg5d6qXXvgX3qqA5bT6wNSE=
-
-Name: _locales/es_CO/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Ezdifm/evZq/sIf0t2cB6A==
-SHA1-Digest: rEi7WwqG+vAX4vheRUtziL/Ej9I=
-SHA256-Digest: Lz/gboy9byfKFjlrHdru5ap31ukayi4ux6nQVbzW/E8=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: jNe5tt2sg9FYb/CklhOA/EfCNso=
+SHA256-Digest: ejlUkVhdh38l0SQqB2iuiCGTJgg/HnUZ6YB1BIowEUI=
 
 Name: _locales/es_MX/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: KDLWWlYlvbVR6wgVDm/Ogw==
-SHA1-Digest: DiixGruOLspweqMVyrqpca/2Q/U=
-SHA256-Digest: w6j9TlQHApWGHQpceRX65t8BDOPkE8q8WP6fDOYBjD8=
-
-Name: _locales/es_NI/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: fvpiFgE+kh6+hbEU30UZSQ==
-SHA1-Digest: ISyE3JH9f7NG5eIVN6pUORAmesI=
-SHA256-Digest: QyQ3grU6uKx5M4zNDb8YQE0CKIeWSKimPEXER/If+z4=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8r5iYER0e+Z9xsXkisoWpgiV6wY=
+SHA256-Digest: nNkWHeZ9eKPmXKJTHyKHmuqMNO9w7KdMoCpNtykVJSo=
 
 Name: _locales/et/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: LIXii2G8s8yqPPD5ZIteGQ==
-SHA1-Digest: 6HyGFX7XszHt52Ml81storTP/h0=
-SHA256-Digest: cakH54dFlje9pNmwrId0UXIVZVmSf/h9nataEALOpxc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: RuKFi2LDlh1aZ/sgjAQHk9Dr0aU=
+SHA256-Digest: kEGCDq7xq97+kttCcjDTrhV+IRBdvTdokVw5x4MjUrg=
 
 Name: _locales/eu/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: SPmYmvkSDlUjNdpYkKukww==
-SHA1-Digest: tiQXxEwrmXVXCMf74NdXtP2PldA=
-SHA256-Digest: 74rPIihlpZ/bbn0wQaM8KHngMdQHOWm1tmtkfepE6T8=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CfUVBO8uVqaEVg2rfNiEzhOOIxs=
+SHA256-Digest: U4RrQUCTj9jzxLMjadoUZlclwDWv7StaWVTd+VfnN2I=
 
 Name: _locales/fa/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Jr4cZCUzLgqGz6VNFCRpyw==
-SHA1-Digest: q2kQUhZvRQKIeSejNoenWh3FWxo=
-SHA256-Digest: LrN5BaDi1n64bDMq3pBLm33Wa/7JWX3jnrZLsjvRpMk=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Zi0T7F3MTegvevGxycGERaO+y+k=
+SHA256-Digest: FppLjcJVwKmgWnEVG8DUj/OfX/mPJaRmMHYdzdQ4Qk4=
 
 Name: _locales/fi/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: hfAgoFte8Y4+9BKi8C8QGg==
-SHA1-Digest: M2gujDfYLtq2qNvNwp45181WoGU=
-SHA256-Digest: r9v4CnaNtIuPdrd8C/M1qsmgdhtt07taR9FQ46FA/Vo=
-
-Name: _locales/fil/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: tsVi9AvgYCUViOP4RuOvpg==
-SHA1-Digest: iweucF9wOyW9Gww9vNE1zOiKyIs=
-SHA256-Digest: PoE6OaMrP0Vs8qOnwZj5pjRHfNgyoB1+br5Xng1VU/k=
-
-Name: _locales/fo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: l6pkmEC3Cilq8D+GZ6huXA==
-SHA1-Digest: HT7UegyWR2gV4JaIfsyXJNwIF9Y=
-SHA256-Digest: /o78RFtjVqLAW0K+AJaSzoySUy9zn+3PWlh+GICa+cs=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ijd1g6JcPeStcajdi2p49GxtL/s=
+SHA256-Digest: XtP/3kb3g9EEZXkGRsQh5oEGWm5XdCCVHsY4eBWi2Lo=
 
 Name: _locales/fr/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: +BCGPQ/D3gf6ZDnWMyR+vA==
-SHA1-Digest: C8mLp1l5f0VSywLMAGguAp5Xdhc=
-SHA256-Digest: nG3BVccg7xVJ8rI2v22ubg8A2tppAgQYb4VPl5WwxjY=
-
-Name: _locales/fr_CA/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 1VAElquNzHTgaf6TEPBQ1w==
-SHA1-Digest: cZJEsG8J84m/isy3VTlKjEd4lMs=
-SHA256-Digest: DUrXGtn2CuZFKveXfBo/TptRRQGCDR6dcqaAKDo2FrE=
-
-Name: _locales/fur/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4Kl28lQ4AxcFKuI1qPanfKBIO1I=
+SHA256-Digest: JR6Ytgifw1eNfP5eEY9DW2+NyBy5t5m8jcfG1eElpos=
+
+Name: _locales/fr_FR/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /siGONOTKZIcZRCh3Gjklyi6FpA=
+SHA256-Digest: JOAxkWbsFpRl+/JTJ9Ii5P0ixY1UOkuZHRAjMb86eWI=
 
 Name: _locales/fy/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: iJIoo14CqjDaufhMeHEg1Q==
-SHA1-Digest: PBN35fca7cY2Yw6yguDHOe2D3mI=
-SHA256-Digest: C2EqOz4Iv4cpmPC6MBD0g2Q5ODx2KOF3R5YsiJ6/0Hc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: qYt2G1hP0Cs203jLvxdBLgv4MGQ=
+SHA256-Digest: cNu7cS359ufs/B5EXOMBJIvVbfB8V9sQpFxorgrRxxg=
 
 Name: _locales/ga/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: bLbOmbLuu5C0yz4v9fR0qw==
-SHA1-Digest: xjTFA/Pyz4SLyNah5j49TRB58a4=
-SHA256-Digest: JtGjlNcjM04HQMykxh56nA/tBd2iX3cZySXE75dZziU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oNZb00MUZHcEuMm1CKosXijaWgw=
+SHA256-Digest: knCNuU+/o1k+pt0GMADpt3nuzqz17npT4Olsoj8EL7o=
 
 Name: _locales/gd/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/gl/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: hfsh9zYrgSLzLwbNbEqkjQ==
-SHA1-Digest: 1B2nPsH4tqrZyjZXFQuIO7fA57M=
-SHA256-Digest: 5xGXvSQ0fodQcN/vDfXVJfsUvETBOWKjNL+xI+1gYpY=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: WBkm2qWTCShjdj+kFKqzxnZIoFg=
+SHA256-Digest: Y3K9ZWg9+2pL1r34SJhQYu26Viki5wqVlJmLmVfhQdo=
 
 Name: _locales/gu/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 1bcQgj8xIGaVHMx60b/34A==
-SHA1-Digest: ZA/9elyHRdJe+iWGsYUK8p4J5EY=
-SHA256-Digest: 2VNTRuCdpAL9J6OmQBGcKLlT5tgRhgfLjdAQVhNTWvA=
-
-Name: _locales/gu_IN/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: PswWEObOjz/JWK6HnwcuDg==
-SHA1-Digest: tLY+bCELqZMh7zsH1dwrww7jALo=
-SHA256-Digest: eOj3PK49v8pY/17l+ZouPrl0feHUkZaqGstOq5wzoWs=
-
-Name: _locales/gun/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/ha/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cxaffBOuU3Z+D/AJ6TQAXNFki3M=
+SHA256-Digest: pTrp2BlrTKilZg+sRGpeuYQVSrInYg7QtVBMrLANj4Q=
 
 Name: _locales/he/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: I4VQv8JPTpYsiTC9zxJI3w==
-SHA1-Digest: IYj+JIjS4b14Ls+CMMu1Ok2qf3Y=
-SHA256-Digest: nzdUjojbl83wTgD63L9SgwLnwIa43w00LlerU6FUyqc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zshsgYzIwWg+jtvY4ingp8vw64c=
+SHA256-Digest: BxJrAMOZ4VuFbXDVimpAN0xMEQBNZZkrmFWnTAXibks=
 
 Name: _locales/hi/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: TeX07/mLgO+3QvXh+as1lg==
-SHA1-Digest: y913exROOucFfkse1hgL4faTUUs=
-SHA256-Digest: mhP+brFLhL8P5GO1i1T9G2wNdDl9TVDEX2rY9foDaQA=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QRpvL2rosEDoTdx6BxxGGJpSVmo=
+SHA256-Digest: liYeP2q1gkXphKzxxJNsqTh7+T1gzKsee+6vReQMdhs=
 
 Name: _locales/hr/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: eyt5Q+WVy88GABWBVZ9Scw==
-SHA1-Digest: rULT8xOZivVGd8EmIZTIHdbl9xg=
-SHA256-Digest: iBLVMHoITfVaP9ifU4Rm3Cc+jz/kIdaNF/dnDVBSsdg=
-
-Name: _locales/hr_HR/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: LcyrmuY6JuBIWSlZ+HI+gA==
-SHA1-Digest: msxkwNPM88QPVDiePqhwH7yRnao=
-SHA256-Digest: VmsCb5MZwa7zq28OyyGN/3Kcphsdw+XroasXUr9Y9Vk=
-
-Name: _locales/ht/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: x/3lhb7z7CVqZZdn3midgSjn5tY=
+SHA256-Digest: HHx+VP0HB42dWTZ38cR004DWeQpFRgaF5TULrZkatwI=
 
 Name: _locales/hu/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: dxETChbUwA08tJYSSer8cQ==
-SHA1-Digest: 68UcUd2etljz+iUZkl+2TqlrUbM=
-SHA256-Digest: HdJGYEmuFLaISYYXGTvJzu7E8uegNfvZaB+uETOJZvw=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 4eKsxvmbG58FfD5yjfm4b3cr+g4=
+SHA256-Digest: i9dh17H4Ruxjb3oxA4GPRJvRPecXQf3U+qaBlGj2qps=
 
 Name: _locales/hy/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: MNm6Jay2dpP/5K6SmgfsNw==
-SHA1-Digest: ZTaWRGL/mUcsPzO8PY04OzRpxXk=
-SHA256-Digest: SYR8a/F9EatsNVK4DuNpRMR91wlyIr00EJ8Lzm6hc5s=
-
-Name: _locales/hy_AM/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BNI3d+r1Z00iZD7FNjCs9Q==
-SHA1-Digest: RzXQoy5Wr29tYchTAc8/i8NIf9M=
-SHA256-Digest: cRVv1MeLYeQCd7yJXI0DvkqDZJscVh/WHufqTLj+QHU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QzXAZ5katx2Ye+1QFyFHLcMJROM=
+SHA256-Digest: HSYKniubHesccfXGMZYre5wJva2MRztMYAhMHMA2+Z4=
 
 Name: _locales/ia/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: wvd/jCKGuplM5zJ+CVVC3Q==
-SHA1-Digest: kKE/lrnNBI7ObgTVtHlJpnlkqMI=
-SHA256-Digest: Gt2MohevkV9Pw6Vxk40ng8IRSZN/VnQmsc6HXQJ0Saw=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Mm0o9mYuk3kCk5WbKuPCFU7zpqo=
+SHA256-Digest: 6ORLVTr02qalRUcK63Ir1GXjw/p+v6nrK9/zI66QL6o=
 
 Name: _locales/id/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ASwud1XKYzKzfWv4FoI+aw==
-SHA1-Digest: DZK6I6t2bdVGKezjx2mn8NPTYCQ=
-SHA256-Digest: wdFrLrKz/TE7Qkqdu6cT4jqNyQj56H/s/wL9hUuwybs=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 9QctIupOryS8eWp04EJHAWNYj7c=
+SHA256-Digest: NfVmJxGSWj5onjEn4//gX5P8n3QnqBXXP5Z9Lf+578M=
 
 Name: _locales/is/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: KqgD8sAcINl1E0soHKwwBA==
-SHA1-Digest: sNsfxmgxE0S5yHD0egcenjFek6M=
-SHA256-Digest: SIOUgKLnQJ9PuD5PIk+nDssVDZpYGPaJcW9CXvI1Iio=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /P9T+vTThdd7i1pmGcYD6nOkY44=
+SHA256-Digest: L1OQmFHZBhJHVvNqOh3610u1MS+SLQd9NHvYu2FkRVE=
 
 Name: _locales/it/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: r0xo9tBV4jsi/fpCMsZGxg==
-SHA1-Digest: tavF+CnStNfZoVMjsXnrqSSGZWg=
-SHA256-Digest: dPMlNfWtX6gwVOlqZ1nUHcqZIkZ9bnAqSlmLrX0eP70=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QfqJFvpr/CghH/0gsO9h+sYKy1Y=
+SHA256-Digest: vtdELbvnbICfJVOrxFLjaJq656uK7EK2pTcecgf4dNc=
 
 Name: _locales/ja/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Gc+Rx51ScMIzYsjTe0mgUg==
-SHA1-Digest: /Ej5kRSu9loAFjfygI6J6qduxrc=
-SHA256-Digest: HlYYMYCUV7+qr8wNVTBi5P5TX+4axdARzrRfW9ZgQR8=
-
-Name: _locales/jbo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BNI3d+r1Z00iZD7FNjCs9Q==
-SHA1-Digest: RzXQoy5Wr29tYchTAc8/i8NIf9M=
-SHA256-Digest: cRVv1MeLYeQCd7yJXI0DvkqDZJscVh/WHufqTLj+QHU=
-
-Name: _locales/jv/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7zImT7HvkvCQpdObYY520peFtDs=
+SHA256-Digest: mjSxBaiB+SkXyspN3wi6aodH4rYgcp6da2exdiEcGU4=
 
 Name: _locales/ka/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 7VFThqiob0oCGVOfdVZ2aw==
-SHA1-Digest: cfBqzfKw+Eg+IJr5duhmD8/TOkU=
-SHA256-Digest: vuBgIWlT0CjWwKNcGzQ9VXYbvnmtVOiYDUzsL/8c/T0=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: fHsD070Q4aHyxYhCNfQIYT3MKS0=
+SHA256-Digest: yeIbx8SP8Wa4kvXo6Lzx9wrRj1LynhWFd2nbPUqZEsk=
+
+Name: _locales/kab/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/kk/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: O3M56FMB9l32RlZVqVGMPg==
-SHA1-Digest: l3IMd/C2XCae9QyMHcMn6oZOI6s=
-SHA256-Digest: U9TzOML4Ags60fXl+9aSUYjfr7eX3ZlMCKtWJ0EJ838=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8Sdjq0KMj4ANwq94weNnUQYtI+s=
+SHA256-Digest: bTKB9CkWNhqawbJDhs1/GX4/z4j0Vg4cx31zKw44f5Y=
 
 Name: _locales/km/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vBt++Unhr120qpT5C08RKQ==
-SHA1-Digest: f2stiqfStjrfea2n2Ai6UAMuRuQ=
-SHA256-Digest: F30sCHa5+tDuPE84yBtqmE8PTp4oeDEqw6X8iSxQ19U=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w5qIgDP+885pZJMl8FyA2yGUt1A=
+SHA256-Digest: sjEA2JwKdlS1D1hQxKQedb9DYCwOSDhyxusv/cUTkvE=
 
 Name: _locales/kn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: poaYhKzsynJ0hPYWq6mwEA==
-SHA1-Digest: VEdkrJ2/bq8XbYw70wORLCUzzuU=
-SHA256-Digest: sSzuDkChkLlrwmpTbnGpoUoDE+RlVwTN9fEt3tKEUQU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdvnoS3SrWGvRWSyvuRqoWvRiWc=
+SHA256-Digest: TaiiWa/PbBrRxhqRBYvFWtGmyyy/ovdu/yhHq/w9jk4=
 
 Name: _locales/ko/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BdOBLLKOwODWkoHbRZf4kw==
-SHA1-Digest: brzgWZZX+6R8SL4zlFAXipjMNWc=
-SHA256-Digest: l7Hh6hLvHScKUr1/qjpVmDdE202E+1XEbSCaz607b88=
-
-Name: _locales/ko_KR/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ZkSzzV6oid0zbWewFw5a4g==
-SHA1-Digest: LzPVfFuYMG7oDxjvyoqKmV8dH7A=
-SHA256-Digest: wBYZlMuXzsLHv2CrwTr/jB1iQhtNXZORcMPOEFQT8YY=
-
-Name: _locales/ku/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/ku_IQ/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: +mfOW1DpBWbVc5tKHjFzrg==
-SHA1-Digest: hdOaiNz9qI01Fhe85JLuKAZ8Sts=
-SHA256-Digest: Yrpb+R3JutbvcBwUXVyExTuFjbSbajAko4/7Opg4SoM=
-
-Name: _locales/kw/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/ky/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 1v3bahI+TyArzQxHbo+tvg==
-SHA1-Digest: rC20iCFOKIdMsmzfaKooA9am6Ok=
-SHA256-Digest: VA/90TkyTdUJ0Gf4RQodoke9NnfBeIOoYFaCDkkDq8o=
-
-Name: _locales/la/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: zE+5E32rDzAVQ1pFNKcFLg==
-SHA1-Digest: W64o4lqxA5DwVUt0Bu7ubDL5XSw=
-SHA256-Digest: ACfkKvDptlEcnp3xBkdON03K8+DrMz9g1NARol1GvyI=
-
-Name: _locales/lb/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 4wP3a0aHlO9J08ouUVukeg==
-SHA1-Digest: Ff8nGZdQVFHBriEvZvhMxOF1K6g=
-SHA256-Digest: kWw3+dmWxTOpNsQ7djlBG/OTliWroP7mRc+WNJ4HYaI=
-
-Name: _locales/lg/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: CmANA1mgHtYuLoR+8lUA8A==
-SHA1-Digest: usBIvuGGx+HjW08UpHGYUaTqurE=
-SHA256-Digest: NOLwd/Y2SeX8fikXucZlgM3iDQTWYHyWyJC8nrC25iU=
-
-Name: _locales/ln/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/lo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: JZZf5z4YuSGzohZ1kOQWew==
-SHA1-Digest: uZRyqDYiIPJt9vq5awMEsS6/OQE=
-SHA256-Digest: bF0Gfw1OSddjSCnh4CdUmG8+DQmjvpeilbKfl5RBzQs=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GqRtNAUwxrLDluWtx2LqjXzg+50=
+SHA256-Digest: McBNqK4HaGAS0dEAMzOD8lrwecj6CFapkKhRgZpR2qU=
 
 Name: _locales/lt/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: YCpenKEi1oZwkaaLo8GKeA==
-SHA1-Digest: toCINniRqBQbbqVpo61nfxNh8pY=
-SHA256-Digest: U2alcHHpnxomA72N0zo9vhqFiDuQLtvMNT+piIgZ0Rc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cBHtxCIgs0M0vuawqYXF7qBAPZo=
+SHA256-Digest: RvNH3JOZbIBt6KKPOdP91hxzpQQLbYxJxWeg36ncftU=
 
 Name: _locales/lv/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: TEnA7pp5vL/43tRsKp5lWQ==
-SHA1-Digest: IS1UXx0G335XhJuSy8s7noAhlOw=
-SHA256-Digest: i/2X8kls7GXeEpmux1PcZq0oLHGEm0HSSz9AXzvdkiY=
-
-Name: _locales/mg/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/mi/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ljoDEg01zL32eJF/+OECLuPZkoY=
+SHA256-Digest: +pRZCbp3zfzTbM0UqTpiJd23dSymtKZxiZlqD9zNZEw=
 
 Name: _locales/mk/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Uq0EdUWxU3HD51cyyUnC5g==
-SHA1-Digest: gMjPDneI+GxOq2LgWJbWe/k+O5g=
-SHA256-Digest: vUOBSNuUNTiJC+PvN3mh3Vm9RiGImc5LOezmQw1W5H4=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: dHL1X/r5TNAy5AXujh48jmaBZMY=
+SHA256-Digest: Fs8OnAZZqmqEZHAoYINC1qjLdniDuxjboibfVPvcxek=
 
 Name: _locales/ml/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: SCjN2cay7y1IqQnGkgSeBQ==
-SHA1-Digest: lhgluzQrNJmxkqQQXARwoXc34Z4=
-SHA256-Digest: TnmsbFV0ved6phYpcy90FNgzZx9EM3WcHr9hgcafXDY=
-
-Name: _locales/mn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: /hqCpCUwJHnha1ryd7omBg==
-SHA1-Digest: XzWi3+mPz9MFbsSZoW9vvHdb3MM=
-SHA256-Digest: K2BbJ7115ZQph3Cb/QXweWuEX4GzsNao9wrC7iVeQ+s=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yjvR4hUOwBfI4/NLchJglHMznUY=
+SHA256-Digest: /LzzQ1QQeGqOJGuwyf7hF1ynGzYojAJy8SjnfpqP8nU=
 
 Name: _locales/mr/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: kCW07Im7fa4kTgfczYaCjw==
-SHA1-Digest: V8WrKBf4irdmtV8yIJxKuAWwN2I=
-SHA256-Digest: 9lGSHvXEVu6tZFuezwxS4n8JdCK4TkutVeXFeq00deo=
-
-Name: _locales/ms/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: g4pwZCtIupPAWr29rE/4ow==
-SHA1-Digest: D93mOzJsMCSIwc1TS1w0PrEZkRQ=
-SHA256-Digest: kQyR/zXC5sPesgU75jbs33G7TI52IZbxsrxZlFrR9VY=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: VqbEpeDWqRRSDXueR7OXzV5Zi0c=
+SHA256-Digest: DXWyMnlhjkPGEZgaBzsqFEU88IvmcrerTATrEqY+fqY=
 
 Name: _locales/ms_MY/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BGoQZkS9c46AbglBLOhAgw==
-SHA1-Digest: fa+eXftLxpxfxyAyJPVts26w7/c=
-SHA256-Digest: LHAOmuus/vZFOI7zBdbZrNouM3fpgjkUvyZQS9DTDM8=
-
-Name: _locales/mt/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pNrnIUMZ1KSdavj7IpvgaXtMW1Y=
+SHA256-Digest: WjOfy4w9K1h+lN9Ld1JdzPwXrpU3TYqIpcQLVhzSsKM=
 
 Name: _locales/my/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 9UKY1Eot/+MtFGFqtW6Y5A==
-SHA1-Digest: Ng5XzEbt/smtdmIrWzl4i2p2M+c=
-SHA256-Digest: 7R7A87UcMuJxOtp6XLeF7jkSCt9pw7bsMKGlmz965G4=
-
-Name: _locales/nah/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/nap/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kPgWIxR2rynJkEykmF/T0clmLcU=
+SHA256-Digest: pVtnX3UxISFA90i1ivkuL01oGhoah2AqzAJosnkZMCw=
 
 Name: _locales/nb/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 3itx4NBLkRWkENTTZ+ndpQ==
-SHA1-Digest: dt8XNR0BBtp6SQbq8TgLsA3PODs=
-SHA256-Digest: lcs/vFMqeJHskAEsROMCgtqc0lootqNcUJOl3UiM7ls=
-
-Name: _locales/nds/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: xCCz+aU59J3pUBQrTu8Sookw3Xc=
+SHA256-Digest: aHFiDv13/G909I851CrVRUPMSAyxLABNIT5TkFPWolw=
 
 Name: _locales/ne/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/nl/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: abplyRXjWNjJ89AwJzKs0A==
-SHA1-Digest: 6IEvo3Br79iZ73eZHgcwOxXkKDc=
-SHA256-Digest: Y+wt9Lfj7N2f+XZuczFnsRJZETME8Wb3IxGpTxG4mFM=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: uHnFt32GmeGIWlUhV2oc0YwDBoQ=
+SHA256-Digest: EPKDxQlVhuigsi6at+OnLBBaPbqbNuYdbHu3nEx6Lv8=
 
 Name: _locales/nl_BE/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 5wv0KXVYdmXBI1NSAj6jng==
-SHA1-Digest: p7Rz3DBrbRm+y4rj/JmuF7uRmuA=
-SHA256-Digest: uYnF/S7F802DN/DyxTq/OBeXdcJyDGg+XATW2kNr9zc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: vpN/Tt8RJNjNrjzQhvaCLnu818Y=
+SHA256-Digest: UMIycHh4OpfT6XEX5IkOJbBhBEmykK3QzilVLqxXbas=
 
 Name: _locales/nn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 2DqPRPC1O1+qoeElC703Vw==
-SHA1-Digest: P79yjSSPaVjDuOjOQuoumw75Et4=
-SHA256-Digest: abVt/VMFCPeF+SGf0cuLX5mX4bttceH64CSeyjdphaA=
-
-Name: _locales/nso/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /uRXmVZ2hcY4LDKBmhSwYPb+v9A=
+SHA256-Digest: /VRfKB4L2T8XMwAUR9UCXed+uPckbOsicnTGYCRT62U=
 
 Name: _locales/oc/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Z4hbybrcED70sGH2RzuLwQ==
-SHA1-Digest: SQPjV3A7fPlrKOZSvVBoBdI8+iw=
-SHA256-Digest: eIdZnhu56Y6Zt//0hLx2o57Ghiuvu+uOHKgsib+ef/U=
-
-Name: _locales/om/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: IxuENjd9fcrvgHzPUR0ZLg==
-SHA1-Digest: EgxjV0iwvwFxNHnzjovujskjk2M=
-SHA256-Digest: 1Y1ljPO7PC/zSFg8qCApiccrnQBgQXj+THLFYe8ef1Y=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: LEIoVVmbjin2D0Bj5PimJENOmCQ=
+SHA256-Digest: smQMMM7KSF/9lT0ryK07dEWxGtf3tYjF58E/kOIlNKY=
 
 Name: _locales/or/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Ps0uvWBAvc6crMC3f7ztPoWLYHI=
+SHA256-Digest: sX3swrX1p95cHWLBMrKDJ8mCOM/k+g3kR6+vKtjUlIY=
 
 Name: _locales/pa/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: mUZlfhnBeBYSikNTZqB5Rw==
-SHA1-Digest: 62VFBoisOvsp4XDwT5fCQtx7gQg=
-SHA256-Digest: JESaEK4RXLSqkawphYLJkbVHiBODyykWlBnqofj4iZ0=
-
-Name: _locales/pap/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: +P2o0dGSh7jJUtVjUFU70dqtxiI=
+SHA256-Digest: sHFd6kvNEbfWPpbLyIutoZkkEm0A9yWhjdbsXZ5YH5s=
 
 Name: _locales/pl/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 4sA18FnxtCt89rz7JTFshw==
-SHA1-Digest: 5sNxW9Ch0+qzm/JfpfBWUNzMuUI=
-SHA256-Digest: KhOO3IpK1Wh5NJ36jftCTaCFuUJ711ktD6Yr9kUkJqc=
-
-Name: _locales/pl_PL/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: RuTxzGDKeiPVDy2zU/RWkQ==
-SHA1-Digest: 7RYUMXFRNqPPEH3KbsA2b1cW32M=
-SHA256-Digest: LYbnKtDF6mmHc0gIloo1tY4wdXta0cLqAkgP6OJcGI4=
-
-Name: _locales/pms/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/ps/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/pt/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vlQ9+/ARMb2KvfZ7Ze57Pg==
-SHA1-Digest: lh/4m13pwEe64clTzyx0gpGHPEw=
-SHA256-Digest: wattpsz8S3Lxq/zOLMm7ujrwvAf25Ba/e1Du67J8yWA=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: w97eXym45Cju4UUq2hDgfYZEivM=
+SHA256-Digest: 8dpWSVyqOkrMcQs4Ub98uEHMtAkwdtuag9kfv31TnwY=
 
 Name: _locales/pt_BR/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: +zQ4qCHHKhYMUHpaDsHMIg==
-SHA1-Digest: xNkYxiqeUxeIhEaQzLJemBN3wEY=
-SHA256-Digest: FPc5rNm9seVHnLckRrP3BQtKrwohIhay98Zpcmbwn5M=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: B9dLWSgVB9XeiQqqE9ceVH+KFqw=
+SHA256-Digest: bkAA6J0bp9u83YD/Cea1ggdTUpXBl47Pb/RAgW/QO9c=
+
+Name: _locales/pt_PT/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MFTtI6bvZgIBNjfsrsEes5SZWWM=
+SHA256-Digest: 6Oe7CSTsLlbxPCEcuVYO5tqvl3/TLquitxYnh40167c=
 
 Name: _locales/ro/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 0VHFiF1eRFtU+l9g3mGqCA==
-SHA1-Digest: ZscSfNKMWekiS+74TIeq9dNBOhs=
-SHA256-Digest: mO7KtcAm6L+ymHDxPbqx9Ccd/j3F2v+5ZIIUzaJjB6k=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iZA4eB6bVN8w8JNfUaLiB04ZeEU=
+SHA256-Digest: esk4A/1PXdU5yjo/Y/f3zS1fzrVQUIhGPFyAS1eSw+k=
+
+Name: _locales/ro_RO/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: iCzvlQJKPogorBRk1ZaRc1PHSzk=
+SHA256-Digest: f6sPhnOcfaNWIONa4Ow+YtnAM3GXnWIG1WXDRHOtves=
 
 Name: _locales/ru/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Yt7avr9ldbfeBsXNOsR4uw==
-SHA1-Digest: rnNEcTGzt17JvVTRk+H4o2ILxoI=
-SHA256-Digest: 8dZAEH1qv16esP86wVRSdG2DPbHwbYCtn+lPqrLU54A=
-
-Name: _locales/ru@petr1708/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: TJNVp1IANDmTHiyclptswA==
-SHA1-Digest: h8uZrghIyZscpZsqYv5SdMrbFLk=
-SHA256-Digest: 7OIDa/76zqX4A6QdXxr11vpZLqgEmFdOpt04undLRuo=
-
-Name: _locales/sa/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BNI3d+r1Z00iZD7FNjCs9Q==
-SHA1-Digest: RzXQoy5Wr29tYchTAc8/i8NIf9M=
-SHA256-Digest: cRVv1MeLYeQCd7yJXI0DvkqDZJscVh/WHufqTLj+QHU=
-
-Name: _locales/scn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/sco/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7icD6gFZZYuaRFlZHpM3v4S4rbw=
+SHA256-Digest: PsIJMB4ploNqnBAmnqfFHDXH+zFdu4P6BNZMnIwT0ok=
 
 Name: _locales/si/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: BNI3d+r1Z00iZD7FNjCs9Q==
-SHA1-Digest: RzXQoy5Wr29tYchTAc8/i8NIf9M=
-SHA256-Digest: cRVv1MeLYeQCd7yJXI0DvkqDZJscVh/WHufqTLj+QHU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: KM47GTd9GQqAik45v3TwGKzhUqI=
+SHA256-Digest: 3PvBqbX4qA1rQB4l+mrxTb6mwA7ssWzrxjn1VJn5peA=
 
 Name: _locales/si_LK/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: kUuX2SgcfTuse4wGpT0x1A==
-SHA1-Digest: dY27kocNzMcqjo/kks/MC7js6gU=
-SHA256-Digest: XUNq5+4H88bkIpkG/v3iVmrMD9n5xan1HPqAVWrPGKQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: /XRTG3mjOsamcRjwWbYUqmyS+jw=
+SHA256-Digest: XbC317Ovdr7RhMsUfhfXDV1yDh+4pz86mQMG1PFGLdY=
 
 Name: _locales/sk/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ox7wpB0btiGyo901TwQaPQ==
-SHA1-Digest: Q88eNJanMA693MVUEso8GGYSOHE=
-SHA256-Digest: ocjVUN+BKH03blBr+oDb555yv9MGZxeoN57duLBMKKw=
-
-Name: _locales/sk_SK/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 7u+uHl+BFyiZupsixcvV4A==
-SHA1-Digest: 54TyczGz8/MjIqY93YrTmf7Btuw=
-SHA256-Digest: e5uU0WM32cD1ounIQH5fu6yPxgyywvd2QgYZmNkfOLI=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8g2uM/IilbLetxLlpS1+hm+gb2w=
+SHA256-Digest: bnqVDCFodbSbseUbLOrdCwprRMxbpCYHMvVbz/3KP/o=
 
 Name: _locales/sl/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Y7L2vZzvfPGDWYVF2bmdHA==
-SHA1-Digest: EJjXz8x5sbee9C/wwvaL2C3obA8=
-SHA256-Digest: gffsSSQzVTU8p1CIN8DS2WCTicC52BcsAr1rEqh/3UM=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MdQaZFkibS04O78qFlB6kmwhF9c=
+SHA256-Digest: 9pLwtRZfEy2la4LfIgkbDR/M+nNotJAA5wzEgT+AfyI=
 
 Name: _locales/sl_SI/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 2+bUwfW+m03lHSiFBVScfg==
-SHA1-Digest: 4DaQj7zyVsPP03v/6WoKbuMLHG4=
-SHA256-Digest: idHY/grN7pNe5jeT0FM6faJYwWOYy+3/J+8A30td7OI=
-
-Name: _locales/sn/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: TyHB/45DhL+a9sGv5s2uMw==
-SHA1-Digest: aTzYUZe4fLKEhfRMrMGLTYKMZlk=
-SHA256-Digest: HIwUF8SsUW/67067Wuv8il58CBSFB3IHZpZK1ckYcoY=
-
-Name: _locales/so/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: wFhFU0upAYqmmQI/nRnGEnqP30Y=
+SHA256-Digest: qx/D6APKUhcKmNWwCHD/baIjzMFQNTR4/Rt6LvOTQ4Q=
 
 Name: _locales/son/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/sq/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: urCNCbBYbdEysOykOEtSRg==
-SHA1-Digest: fbGgddA7OH30Pkb04qknTE8sJJQ=
-SHA256-Digest: SH1MPYhYZwOwThX+CL+DMtnSlE6NZU2mxXb+asBLFm8=
-
-Name: _locales/sq_AL/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 6zP0AK747FsOwwOJugfYvQ==
-SHA1-Digest: mdM7LrdnOH2mxzWkiwS9o0gDwFM=
-SHA256-Digest: hqgei4z1fnHXoReyN9SgliTYaRdUM7fyqqT5/nd5sAo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 87nTmcsWpoEAsJTN4/ZFf+01I8A=
+SHA256-Digest: POGPrXKN5GuJ59k227ozXns25ogQdzOOgA3azEA1f94=
 
 Name: _locales/sr/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 1R+nYFv0qIrteSnIuUiI5Q==
-SHA1-Digest: UoPvYUdD4qLvRmRFlaX0aoO3+BM=
-SHA256-Digest: Wwgr2YyaJ0guz2PYyZta8wVs9NJfJnr6TnvKZRpCEfI=
-
-Name: _locales/sr@latin/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: tgQyS518t/gNYtPezA7xQw==
-SHA1-Digest: KGud290mx33wFXHJWv4dqT9kiHA=
-SHA256-Digest: H0ikCVTwuF0jRVZgx+HH+HI0xx1IvltKSzXFxubFHDg=
-
-Name: _locales/st/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/su/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: zJI0kCSZIB/4rfhaGxg0aUGrbtQ=
+SHA256-Digest: tfKdrL6vsCYxRU/QeEvAZC58y6qDuEKkhNi17r1e/8o=
 
 Name: _locales/sv/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: mO+o12EhfsVOnTo8/RzA9A==
-SHA1-Digest: o17nkWGm4ogNxnr8dxONuG4D4gE=
-SHA256-Digest: JdBkQBaEkiwocwoedUEP5DdG+bHZUTLrSnGxBNFblQk=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UI6tx0CmaOkUsjASOmQvxNRkX+c=
+SHA256-Digest: WnBcBaT7T7yKHUvac2bn2q5alrsbfEiLOQUXPIQLurQ=
 
 Name: _locales/sw/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/szl/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JSf0a8gCwILGBI0T4d/FfWfIGDc=
+SHA256-Digest: Z+oQpHb/T+I2XZ+JVJZW1KMeAP6yK/x9Quts8n64AlQ=
 
 Name: _locales/ta/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vEUSCprIkYTaIwT/ukaQTw==
-SHA1-Digest: 9uXYs0g/4UZFq8fZEA9NeboH3y0=
-SHA256-Digest: b9hNrzQ5Uk2XwZbKxBc9nIo/GP976NJSnE9fYw7C6X4=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: CW5Q8ok59gE/ZC8A4uPqW4cIfhI=
+SHA256-Digest: vOG/RBohVZklUTu6y6cjUWg5RyNIbwaB33kUr5Ko2PI=
 
 Name: _locales/te/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: LnmcFrCI7hF7bIOR0qqqVQ==
-SHA1-Digest: dlidJV2WZUJmhQ9oih0wpCLCn80=
-SHA256-Digest: Yi30GyW1vVp+opXpR5XajfCpMf+EH06bsR8NJVCZzy8=
-
-Name: _locales/te_IN/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: N/QOkBiJYvqsksR5+NWuHA0/fxk=
+SHA256-Digest: jZC8UbVBsT2RvDZ1uebHtr76/oRaNdlmxLKWLnDaI3A=
 
 Name: _locales/templates/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/tg/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: TJNVp1IANDmTHiyclptswA==
-SHA1-Digest: h8uZrghIyZscpZsqYv5SdMrbFLk=
-SHA256-Digest: 7OIDa/76zqX4A6QdXxr11vpZLqgEmFdOpt04undLRuo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ofcr0jXThFpy+75hHp2/Q7a13Iw=
+SHA256-Digest: fzhILeKwf6EXocFvocLJMDTVFY7948hKtI6L6UG8GFU=
 
 Name: _locales/th/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: kUe3lQJq/HsA64W1w6vsJA==
-SHA1-Digest: ACYF31xWuSfe630yH7rWTtDZAas=
-SHA256-Digest: VAREKAhna9FgZwpgQn1TvhlxLGLLjKy9gCM7h2CubCM=
-
-Name: _locales/ti/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: cYYW7sQ7sFE8XdkOcjm8QA==
-SHA1-Digest: pmaNYAgwjDFAj1bRYaMlq41sRm4=
-SHA256-Digest: LJ/SpPgfY4iVs6LsdqUE7XmIGe6i53B740tNoFYhqVc=
-
-Name: _locales/tk/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: GxLfo2IwRJ3Or0RQcGjVZw==
-SHA1-Digest: AnZg+hULS0QcS/YcCY2uZi/3qpI=
-SHA256-Digest: lYFhTlvMXkuZc2tLVHuUPIYTGvrqJo4Z+IMZR0xQsQ0=
-
-Name: _locales/tl_PH/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 3yy2claPfVAbBjnmoKapNA==
-SHA1-Digest: NcE6Ykg9Gf3GCxvKtKRWDn5xNho=
-SHA256-Digest: uCDD3mSX+jqNmi/gS8VZcouai/hWRmrA31Ppzl1z4fY=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QaLDEcDBj6HdEh+eAhQ02DWS81c=
+SHA256-Digest: ucjQxKDoCEwzTat3hNNjtMRJ/u85+QK47Rw93C4J8Sk=
 
 Name: _locales/tr/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: /1ylQWUMUumPzXFaog1ypw==
-SHA1-Digest: 3wcnp0yx6a44RQAzLse0YdGOymk=
-SHA256-Digest: nyhXH3dcmSmZGKhlrczUjFD0WLTG8of29fTrFIsu7lU=
-
-Name: _locales/tzm/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/ug@Arab/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 9lYm7K0Nklj7ZW5S+lyDJg==
-SHA1-Digest: 1WHZbRzVnvk8AZgYWszV0ifV3LE=
-SHA256-Digest: 3KG623PyNrHuEYx5qgZn7HSne82I7u/bO2My22xkrxo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: MDXJjWJjdDGjeYfHHa2+LsPj2tM=
+SHA256-Digest: vdziBTOIPyWhvyfApPrN8jZMww3lePVgo4zDkwcv9og=
 
 Name: _locales/uk/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: YyDuJ8LMRmQqAnmndvR78g==
-SHA1-Digest: uK2BipzA5MUtXMmGXX4KiptqN+E=
-SHA256-Digest: /DG0nsBcFsDaq2TlT2hHdIUYj6kPB0NSKm5FvtiNZlU=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: TargN1mxonMdbvos0GBcCxU0+dI=
+SHA256-Digest: 6ZRhyVruPhNEb5UPYCrb/EFcy6ArHSNqxBy4KNEhq/c=
 
 Name: _locales/ur/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: moR6QFSzEonnQHYqFTkYQA==
-SHA1-Digest: 2Jix6FpdJ3yO8Wk2X9gN+zI+sbE=
-SHA256-Digest: IRi3s5BOUOfwl65Tf/YQhfxulqiRyPVU6+sgl9n39rI=
-
-Name: _locales/ur_PK/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: jAjtZxYZtx8nJwyTyd7wuA==
-SHA1-Digest: 3L7oJOisCbhMwxq/vCTcqtm3fc4=
-SHA256-Digest: rNkh2Cw0LPxslVGPDRI7kMLq7IGvGQzIJ8GMcdsmNwk=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kUEeTx9OeiESvvWjprUjqluEhZk=
+SHA256-Digest: ADAHAHlOUIGXLO2Aj5/it+lavjH4WkbjLV43yI6CO4s=
 
 Name: _locales/uz/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: pzYqqcsvhjyMSTyouT73DQ==
-SHA1-Digest: q7baT29sZ7kXIXfYRbHRt1JipYI=
-SHA256-Digest: rihMsAEqG1YmoduT4QUZKHp8ugF0xoxJ+VjYEyCcQ1Y=
-
-Name: _locales/ve/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bmGV4U+3LA14ZwC5RcRdN5RB+tk=
+SHA256-Digest: SPoiBWn8W+vyUJHKfocitJ5y6RjXedgta0HxflAFB9Y=
 
 Name: _locales/vi/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: eXi915ZcclI3DLek3k2xow==
-SHA1-Digest: EvB1C2LBw98y3hpRXdhTdo1d5vg=
-SHA256-Digest: yap772/pQs1wRrDIFzbuVcPoX7exfnx4dG3s7zcJK58=
-
-Name: _locales/wa/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/wo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
-
-Name: _locales/yo/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: rPTs5xH7W1hEzS345TyH+A==
-SHA1-Digest: 7yyv3puI51sM2PGXsCtM0KaMt7w=
-SHA256-Digest: 7W7Ayk6uqvOiIiu0rOFqjb+NgxbyWrghsezc2onBDDE=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMY5uzc6vq9pP9hqFNGlOgVYZ8k=
+SHA256-Digest: OidbjDj9CBSxmM5oW3RagDo6ZNvA+5P9CGN8C0cbgms=
 
-Name: _locales/zh/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: fvpiFgE+kh6+hbEU30UZSQ==
-SHA1-Digest: ISyE3JH9f7NG5eIVN6pUORAmesI=
-SHA256-Digest: QyQ3grU6uKx5M4zNDb8YQE0CKIeWSKimPEXER/If+z4=
+Name: _locales/zh-Hant/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: NXT6rNViMHWrKSlecajyj80CeIg=
+SHA256-Digest: 3zXYNMBhIcIsuhQRzfIAFhV3GdeGZXgyc+h5bFXMZtk=
 
-Name: _locales/zh-CN/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: yfCyijSdHrnvzFX/jutVUA==
-SHA1-Digest: JqCcBuncKuLM4j7LRowdaDPeMKM=
-SHA256-Digest: O1gCtmgeg+XMbPmbF87kNoyqpLZNdOK+NelQelBoPUQ=
+Name: _locales/zh/messages.json
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Vu5rZrqGhcESvjluy4x3EcMPi4o=
+SHA256-Digest: karIDiNHSaijMuQkVkG71+StamzOq9ZeGiQhzwJjTAw=
 
 Name: _locales/zh_CN/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: A9gQQ/2mTEfWxZsWPCUhnw==
-SHA1-Digest: gqGIRIB5xYrJuuv75gHZ95h8f0I=
-SHA256-Digest: lJky3Yb8w+S6jEhvvX/4AafCnALu/IttKo82J0ziaVg=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: HWK9jni02GGBk/XOVpL/R1rs0NI=
+SHA256-Digest: Hl+NW/IGzS73WJhUVgY9cPJvMyb0ZomG7k64dzoJ1wc=
 
 Name: _locales/zh_HK/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: OsJ8mG1XMX7f8McZRvaptQ==
-SHA1-Digest: T5ycQtNgMBBduviQzSUTiViUSr4=
-SHA256-Digest: //+2duvCnIh3IiBiJpQ0BK1kKnj8xqbf0lZ6lv5Wvwo=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: oZ9Ht83pERBafXR1h2mucibzUUo=
+SHA256-Digest: Vq5s6nfmwfxvTVQlmjFCHCYlzvJanl+4I8J2h8F0hjs=
 
 Name: _locales/zh_TW/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: HkC6Fuatilw7IYbtLA6lFg==
-SHA1-Digest: OwcKOCrB+GpPgjobUX6Ns/TdbQg=
-SHA256-Digest: zWLqOtW+2GUCMLC44+a9nQCGE0u4D+uzCXQ4g8eoV/E=
-
-Name: _locales/zu/messages.json
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vnA2rbN22t65WXuBlguZmw==
-SHA1-Digest: CwB1TFaZsKXNUxYEje83thW9Ez8=
-SHA256-Digest: RRz3p7i8gITVNWOVE39Z9SOR4uz75tPfHVbXFViBwrQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: yfJJJg+Uan6mqiwEm4W0l5tT+nU=
+SHA256-Digest: Xj6MJjfhW3liYqF0UIY6flSaOxnNyr4Urgu2gffF99I=
 
 Name: background-scripts/background.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: zz/4Y94XNd8bs6WpNBe8OQ==
-SHA1-Digest: gz1/IhWy4HnoKVRUx2r9LkPkf4E=
-SHA256-Digest: I2O6qRHbQkLk0MFkn/HcJwcbU4oXLtiGntaEdWf3ruk=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: GMCKwYZnhsRm4ExhG1q6wY+DQno=
+SHA256-Digest: D4ogTIq+ze3hPGkcxzkc2jFho2hACQn3iYc2oaw4egE=
 
 Name: background-scripts/bootstrap.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ok9QgnJcXieW5vLC9QQSGg==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: TSwjfTzojZXN1Iul+mBttRl/MAg=
 SHA256-Digest: WcKbJ0zQK8948MJzbMTTCf807jEGH7Bj8k7CuWCx0aM=
 
 Name: background-scripts/incognito.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: b3/mBZXgt58910tFDiwDlg==
-SHA1-Digest: yb8hDRKxyRv4VfPLW3qXO+PxkWA=
-SHA256-Digest: DBM+qz9EuGEbDINUiLnX/OD9dJV8ynOtRtvFO3NSnAA=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: JXSvrJhaxqSgUtXqlm0r21VqSlo=
+SHA256-Digest: AnGJOJ4CKWmdFZaWNzvm7NWZjbzCKkdawPc8RZCH4d0=
+
+Name: background-scripts/ip_utils.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 8RyxTy1FNW0wvKPs+DqKNNZYvV0=
+SHA256-Digest: F9Ij1ZyfnpmmCM0W3+WXfaBO/rnUAFZtXc2N305Qod8=
 
 Name: background-scripts/rules.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: evu2VbY7EWwbtTojpl94iw==
-SHA1-Digest: txt8TDUF/NU3dyGZ4wJADXmLD5I=
-SHA256-Digest: L3W4Ns+0OuYcxgOtCmEpajxDv2l+25rgYRAdREapdP8=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 2dd1eq7Y16RvpmADSFGYSFdRvNc=
+SHA256-Digest: 9Qw9Xoky6/2DvBn5nza/xBXbjaWkEBI9hPaaqAdQDqU=
 
 Name: background-scripts/store.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: O+V64B536X/uN4ONVAjY0w==
-SHA1-Digest: 7q+6fjf8/g/O5RFwIcTjZ3tOiII=
-SHA256-Digest: 1Iejg6FAIpe0FlLLT7JGCewakGFhyUXXY2uQtA3iVio=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IdAI+nj6uuahTeT28Xx1QJwLveM=
+SHA256-Digest: lyCBwe6g79MMTtU1xyGBiIJidhqUsW/9YUXX158t6z8=
+
+Name: background-scripts/update.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Z/kkBlC2HeS/G5zlAbeiFwLpgIQ=
+SHA256-Digest: R1y7pQHEB8w7mNOn0zxEL20mys/8sOZxy5238BzhNoI=
+
+Name: background-scripts/update_channels.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: kA9YO0yjVOE6vw2mpWPePkWyt/I=
+SHA256-Digest: L966QoT5hiVg5mzQq9dACJ5o8OVsROxhNRd+LebsAQQ=
 
 Name: background-scripts/util.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: GDu0GzxpiMHp7Ne/mxtwJg==
-SHA1-Digest: X5DugoYfkCGuUxuuBKxoXI4sT9w=
-SHA256-Digest: m5bwdxqCe7/sEX48Anj/KMSG4sM/UzwhAVruoiHc1sY=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: pjJWekzg0QW6/0qYNf1pISXO14s=
+SHA256-Digest: 1Cykm0yxo5EZs0+fZWtUPzHa38B6ZalDAOojqu5awgo=
+
+Name: background-scripts/wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 7pQTqvYA4el8WRX7FjQNUUcMUwg=
+SHA256-Digest: TMk4CQYN4lxkG/ZBq+wp4erwwo8knS0H5HHBCa7LW08=
+
+Name: background-scripts/modules/ssl_codes.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: t5DE+asvCaL1VaVhVXbJDQXQaHw=
+SHA256-Digest: hGKfRGrQWsXH8+9OfHcHM4I45d6DIIxClYqMSH1oBCA=
 
 Name: external/README.md
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: CKdrNV9QhxaLsjGCmqVzfQ==
-SHA1-Digest: KBB0g+uXnnkRmVes2lODgKrmQjE=
-SHA256-Digest: I3KX2Iyqy4Lo/zjcW1mIQJOezjne+aBUkGM0/7vu/X8=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DgCQOA7tYbKkLcJ92flagYsm0nI=
+SHA256-Digest: So9vbyA/ExcM/wEms+bwz/YVVa2ayDCNnJ5sYJk40tk=
 
 Name: external/codemirror/codemirror-5.31.0.min.css
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: vgSVAyZSaYT0xZds7kCcbw==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: 6L9PQ9XeTmwE+7WJ29O7oelFX7Y=
 SHA256-Digest: fIaQYYF933S7mhBn4vqsgaawzXI4iELVCrvv83rZ5ic=
 
 Name: external/codemirror/codemirror-5.31.0.min.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: iTfS1rRHdmm6Fb4m/8oczQ==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: iJyQEWjgaJ3IVz2bsX+RSnjLzGw=
 SHA256-Digest: yTU67I79B7rqtdoOdsJHDDK/92GDEeGj4+93U41HPgE=
 
 Name: external/codemirror/codemirror-5.31.0.xml.min.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Xsyfc05ZXPUFnI3I/8EfGw==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: DMaXXHyF/jzGu8wJN2a1yHxkNHU=
 SHA256-Digest: d+N19fPYNZkqDuOxqLM8MHSxTiGDF/j5WLdynJ2D8/k=
 
+Name: external/pako-1.0.5/pako_inflate.min.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: V7Fd/JcXF6Ar68Oa5X3/rO7giNs=
+SHA256-Digest: h8L84MNiYQCe/szpOr1i5Cge5x/8EsvaaTlcdG9vOnE=
+
+Name: images/HTTPS-Everywhere-Logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: E0ESMX+oJaAutg08/RPfpc3Ix5E=
+SHA256-Digest: PKyVOZS7bg8UVeQDG3npTYLKtnB5FgmmdfoW/NC02bQ=
+
+Name: images/banner-red.svg
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ZnApE5t/iqGaVc0fdm7I0Rpvdsk=
+SHA256-Digest: obGxFfdgfzgg0jj59ThEpLQwowcJCioxsVS/+X7Mtvg=
+
+Name: images/eff-logo-monogram-red.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5sbYS58Ze3MdPgDNas/ZnFn128Q=
+SHA256-Digest: aPdsjK4CCl3M8HBgqCLA5vu5n+w9cCs75gs0j5x/0Ak=
+
 Name: images/remove.png
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 5cEC/96nu9+3tZZEOPpaqQ==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: Pn9f97i3AIFlAMf420qZNzvA7DY=
 SHA256-Digest: 7TrWr2ZkK0faWgDYUz9WtV3voVjEwqjLq0ROGvkU6y0=
 
 Name: images/icons/icon-active-128.png
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: lIl6t/HENidgZJkkLmHO8w==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: p71skXMtghXylXMvFLnYW/jPos0=
 SHA256-Digest: 1DbMnWBmqaIRzzkUyRpdRzxz8z1HtUGq6RzRKcINuEA=
 
 Name: images/icons/icon-active-38.png
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: AOpKNhC5hOWlgXEIWgONbw==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: EleX4C/tgOj+W71fueie7ZoXAAY=
 SHA256-Digest: YgkTENwvpAo6Bb9WsTrUr+CfKY+gsQfq6uPoGdMw6kI=
 
 Name: images/icons/icon-active-48.png
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: HnL4MsWBAIFEbOdSxgbs3Q==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: VVqz4q4/4awX6PXZhnQmGFkAiqc=
 SHA256-Digest: pfkIfbdzORmTjUTLb2SsmaLv4oafijkSttiU3lUcKmM=
 
 Name: images/icons/icon-blocking-38.png
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 1lt5NoNjnQyk9V8eu7AUIg==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: IebllmIP/cUmB0piMroSEA7HnHc=
 SHA256-Digest: 9oP7jvbkH3KM4VG+kAnItkvsT00o9/KKHvhexTJHCD4=
 
 Name: images/icons/icon-disabled-38.png
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: zqGLqPGDGsV629Ubs5TxxQ==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: PJqzR54BFgNofExLbYn8DMEyvzE=
 SHA256-Digest: 2PzhLQJedFJa+ZOnE/j8r+XELaoYAn5ptQCSyNbmDcE=
 
-Name: pages/send-message.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: rmSGFp68ayWKmwhFExLZEQ==
-SHA1-Digest: +UrGk9ru4aqjp2UREPivEVNbk+Y=
-SHA256-Digest: VLXVT+IcKozocoqG1c7F9pD8MdpdPLlkXxLrRNR+9tk=
+Name: images/onboarding/httpseverywhere-logo.png
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XYvqYHk+Ebepsvq4U3bo9rYMqQI=
+SHA256-Digest: 292a2wZxJ/ltXI+/9OdCzMX2YZnJDWMYUoVOOnU+sUs=
+
+Name: pages/base.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: Yk+MDy/I88Qd0VMzEBIbf0fBo0s=
+SHA256-Digest: D7uZfk1BrCzx3HFnEBtdaN0E6rC6pErEZAd1X85xgCo=
+
+Name: pages/main.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UN8/2mEQ6JZ7MTJiWQN8f77AgP8=
+SHA256-Digest: QhiZj5JKVR1gPvtg6EaZxI735GiFeZglzuSkTJpZvpE=
 
 Name: pages/translation.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: xdJRwoXZx9T+bfLw78i8Cg==
-SHA1-Digest: Ipy5U9Bbkmc/EN3beorvHm8lnhw=
-SHA256-Digest: v7VPLY3Udj0dWZOQDnUazJvwzBSHyCoomrnATUHv5sc=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: QMAZVa3usW8vcXwN2WP4lvIQQxQ=
+SHA256-Digest: +qWz2YZH5C1UqzTixYwsS3185+wd+q8Dhlm5czDI54w=
+
+Name: pages/util.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: XzUESMiqZDZv/WRcv+j8f/R/7uw=
+SHA256-Digest: tSZjbu7zilv5pujsEyp/+6HCfr7iu+KfoXNiftpAKAY=
+
+Name: pages/cancel/index.html
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: h94rEtsYrj+TsIBk2x+UqRhOHDM=
+SHA256-Digest: Fgv98mLYPbIiOUi3HAw4YktUVkkt+7clLW2IgxTD9us=
+
+Name: pages/cancel/style.css
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 0L/xbmBq8hCu58P61j4htTOA4Wk=
+SHA256-Digest: ejF/rMWvajSbZFxp0hRT6SzhobQ3aILcf5pN1BTOGEE=
+
+Name: pages/cancel/ux.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: UtFAiW+HLmKUFMV/v2hPR5haiAI=
+SHA256-Digest: i3Vc/dqv2XS12us9g1J5f6iMIZC0gI36g5N/FEKX1pw=
 
 Name: pages/debugging-rulesets/index.html
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: zKkXxWw9IK8J3/2FwM+LNA==
-SHA1-Digest: GfRWinVzzfMtGrv4JBNxxC0G4Lk=
-SHA256-Digest: FdWC93eU2oqU7IrJQMaV2ubTE9mwFldU9Fr5YvgrPHw=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: DuBJ5S+QY5nztsCAqOuTgKmu4no=
+SHA256-Digest: J4l9PsxyBqZKSYfqo5Zp80vXBJ7mqRVKNS2KoVU9F5o=
 
 Name: pages/debugging-rulesets/style.css
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 7tbZ/OfcfYqsnf6SrMDpHQ==
+Digest-Algorithms: SHA1 SHA256
 SHA1-Digest: 1DuOcKAihj5zxJ0CIgam4iq8YXc=
 SHA256-Digest: 9H1UQpqT3UDDSt2ao6Zgr4iT5o/iQ62HolhTDqNHHCE=
 
 Name: pages/debugging-rulesets/ux.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: wuMY38n8KZtxNpk5vT14ow==
-SHA1-Digest: hAn8WW97FT95OOQeyLV3oSoRSR4=
-SHA256-Digest: apO+neQVQIxI0ZVzm5tmQtJQ87DRhQHblM/gjYOQ/kc=
-
-Name: pages/devtools/index.html
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: PMuxejO4jegcZ2TgSAkbVg==
-SHA1-Digest: cPjPyoGTYh+4Usqzwe4qtvc1Ya8=
-SHA256-Digest: 5HIRRMUa0ff00e5I6h2hvJXrZNiBsv0sIN46vtPGay8=
-
-Name: pages/devtools/panel-ux.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: p8bHWDC7WXscEaUKNQU/pw==
-SHA1-Digest: J6qrekL1oWQhi/2yyfnDQlilnlw=
-SHA256-Digest: mlU11Y6+f1UHZGLSE7o0fpoIardlC+xHzMiB2U09cGo=
-
-Name: pages/devtools/panel.html
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 3drurSWa22F4jZb25hbfFg==
-SHA1-Digest: WoWP2Y8kWi5+bhNW5qrUxZJtSrk=
-SHA256-Digest: l+3I5VjjWWHHs9TlyGPYGI1q7yPX7xMnx3kw8BMKFb8=
-
-Name: pages/devtools/ux.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: c1iZhhCDcgG1WRqR9uxg5w==
-SHA1-Digest: mMylbITovRnCHacrCp+c53HmLzM=
-SHA256-Digest: gO+lRH49Pagzn5w/iZIn9dDVxj7pbLfZjRy+Vtsa1N8=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: IyqmSEBIenfSG4Mk++ciVOvpQvI=
+SHA256-Digest: OVzkDGtCe3pg65opGnboDfrFsqFsLJxa5CQxBPA9gi0=
 
 Name: pages/options/index.html
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: hh3oKDmGCpjWcRc3bGx7qQ==
-SHA1-Digest: YD9nIelWjSZ9667KRUDmWaBmabE=
-SHA256-Digest: nRocsCOWZIZKtsW5MBpMLhocL8MlBv+pnbivHATlmmw=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: cXwoesX+lTfZgizRwhLvV5iFNDQ=
+SHA256-Digest: OzLgxg/tYfU/fSAIHLxBZ/++9W6FgznEEGHflPJ9aq8=
 
 Name: pages/options/style.css
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: W9az+c4bBqgkDTR5/BdmBQ==
-SHA1-Digest: aivtHPV2fwRoONj3ApSO16JKAWA=
-SHA256-Digest: mumAokBEIyhuA98fsYTSeqbO2fnPc6X68iZMxY0onMA=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: m7GC//67J6ErvL9Wp1FvAUMLk/8=
+SHA256-Digest: O5CikoWfyy2E2v3es6BJGltQ+OKfeD/uIYp9xsrqsF4=
 
 Name: pages/options/ux.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 8iyVt4XiM1f9gfDc/NUj1Q==
-SHA1-Digest: 1xlg5GsJ4Hg/kaROr7GiUF+pf6I=
-SHA256-Digest: g3ORzai7d76xMFnwF+0mqKgiopOOpH5BuC+PkomhPhE=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: bUAAi8jBxAk5YiNWqSyiXxkSPs4=
+SHA256-Digest: WzJSEmMXT7Qi7rKftAFtuD6oRK0bfaLtzqCvtgwJ+/c=
 
 Name: pages/popup/index.html
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Mz82KPe4KUuzmuxhpQ89lA==
-SHA1-Digest: UFAqYTeBUivitFcI0M8AsbdOf98=
-SHA256-Digest: zoGpVUdwY5LjId8A3rhCpO2EUR4JrBuFAzAlkin99/Y=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 5vBn8FGlSOjp7z4UozcN+hnm3iI=
+SHA256-Digest: JoShZlQiKjzRj2JxRHXHW4Df2LsKWf568UU/oKVePpQ=
 
 Name: pages/popup/style.css
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: Tm5iH1K+/kaJk3kNQT9xkQ==
-SHA1-Digest: azlA1n+vJnigl7qrFPlFoOB1tII=
-SHA256-Digest: CQKxhDPSvE9l40q6dlQRzYldwrHH6RBGneFfAbI6sZQ=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: aPvKt4RXG/BofewRf4CE4mBg1lg=
+SHA256-Digest: H6iKtXGZJ/o2chDo+KZtB8VNYdaadxE8+143tDhl3/U=
 
 Name: pages/popup/ux.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: NXI6NzEp7RZRkQM23w/sdA==
-SHA1-Digest: WuX75APqo1j7TAjHsGJzcuPHzlY=
-SHA256-Digest: Usp9+Hd9Z583vmiWnwg6oRycRQBYwfcTizRYpBVGr9M=
-
-Name: pages/switch-planner/index.html
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: qZHXn5Hjy8dXLrPqXbjoYQ==
-SHA1-Digest: BU+nO+DL3pE1eKN3GGPaEuhXXGg=
-SHA256-Digest: UGHgOVXfeFTuOAofCa1uElZm2/VPdjwWOt/F5t7e+z0=
-
-Name: pages/switch-planner/ux.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: He/vvbKah80s2V2cGjsQrw==
-SHA1-Digest: nl+yUph4RTjiLYLH/olpDH3C2tM=
-SHA256-Digest: nIAiYdD9Ai/BpsH6s8WjbyFCR8SJE+heXYxuEOPQprE=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: 68pu62q/sp5slQO9MUxCOv+ofU0=
+SHA256-Digest: 6VKXwWx0rQ6KoTh0OQ4KpscxkgcW433VAazICjc3bCM=
 
 Name: rules/default.rulesets
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 0G887SHJLk7fmhQR6SQebg==
-SHA1-Digest: dzfl2nM7Ohr2Bkyic9R8LvJOUL8=
-SHA256-Digest: FmMFwX2xyiOgtpkKV/EDcTpNIaq1xRovBK+trOJYsS8=
-
-Name: test/.eslintrc
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: ydcCXYl7/gOKEtRxJSnZ5A==
-SHA1-Digest: wLRJfzSdmljdfcjwP26+YP0OSVQ=
-SHA256-Digest: i77BfhPEiY+Tt+5JvB9oAmVzyCVsxO+bdIwG/J29zrI=
-
-Name: test/incognito_test.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: 3+w9gkBwP4wXogPsozBnkA==
-SHA1-Digest: 1ojEsgM7S7bJ7xb94nTW6zPofY4=
-SHA256-Digest: jwnOrwD8mrzrxRZLgVflO+tyHFTXfhBoOhzFWRvCD18=
-
-Name: test/rules_test.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: mjxTOU6LE2C4FcrRNeIDVA==
-SHA1-Digest: lzVmS9QuONKFyQSI8jxTvQ6gcks=
-SHA256-Digest: HkzeqTFPncLlmjDIMI+BaBADpLpbSTlDUfj5j+rwZtI=
-
-Name: test/testing_utils.js
-Digest-Algorithms: MD5 SHA1 SHA256
-MD5-Digest: p/F0TA3dHMLPTLoorEfGPg==
-SHA1-Digest: lKM3ccWICGdNKYDsgBgKCJWvJM4=
-SHA256-Digest: 73ndwrf8ubmKmuTtokL54VZnsnLcov+sKA/xH7IvUFg=
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: hqWsDDcf2fp+r/dTBZqGw2eaqb0=
+SHA256-Digest: hnQbXIa2D+1lFh6i13HSkXQyYa/TxpKrPlx3QzgnnX0=
+
+Name: wasm/https_everywhere_lib_wasm.js
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: ELfS13+0aPyRX67301qNv6fm3pk=
+SHA256-Digest: 519ILW7r7LqFtGI6M22GuXDA6xYikE6EngbvlT9//Lw=
+
+Name: wasm/https_everywhere_lib_wasm_bg.wasm
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: SBxLOV763w4ke4LOL1574PW9hCs=
+SHA256-Digest: 7JqJ7u/5t5yGxh8p2+YCmgl+LeoRWQRlDJY9cLxWqA4=
+
+Name: META-INF/cose.manifest
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: +bvUG+miP05322u9llsWujjkaHA=
+SHA256-Digest: 0Rlv88HrG62MD20B3q/kRBPi9i8RxxgbxR5fKNHkV+Q=
+
+Name: META-INF/cose.sig
+Digest-Algorithms: SHA1 SHA256
+SHA1-Digest: AusKfF2Hd6KpGJFyy+AgY3k6fvA=
+SHA256-Digest: fk2cPQJETV0QGzKdhH6cQytV8e2iU8Y7jIZoDBzOT7U=
 
diff --git a/src/META-INF/mozilla.rsa b/src/META-INF/mozilla.rsa
index d7436b14c1b9..d9e0388cc60c 100644
Binary files a/src/META-INF/mozilla.rsa and b/src/META-INF/mozilla.rsa differ
diff --git a/src/META-INF/mozilla.sf b/src/META-INF/mozilla.sf
index 60a33fd684da..98f503350eae 100644
--- a/src/META-INF/mozilla.sf
+++ b/src/META-INF/mozilla.sf
@@ -1,5 +1,4 @@
 Signature-Version: 1.0
-MD5-Digest-Manifest: aF2Wq4fcofhrYPhGazjrWQ==
-SHA1-Digest-Manifest: fZSkGDxjdyhKJVB555pUQM9ICZ4=
-SHA256-Digest-Manifest: 4Q7ZCHFMsHDBO8amCmHuJiCOLr6miCAK5eYvW+TBs6o=
+SHA1-Digest-Manifest: L31wgRQGJBOG3iJjSeLF4dXsod8=
+SHA256-Digest-Manifest: S3HRAq2xWZ+ssLk+lltuxaJGsOPVGY0M8JJuWG6J2us=
 
diff --git a/src/chrome/content/rules/01.org.xml b/src/chrome/content/rules/01.org.xml
deleted file mode 100644
index da5efd8bd69b..000000000000
--- a/src/chrome/content/rules/01.org.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
-	Invalid Certificate:
-		intel-iot-refkit.01.org
-		origin-download.01.org
--->
-<ruleset name="01.org">
-	<target host="01.org" />
-	<target host="www.01.org" />
-	<target host="download.01.org" />
-	<target host="lists.01.org" />
-	<target host="ml01.01.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/02ch.su.xml b/src/chrome/content/rules/02ch.su.xml
new file mode 100644
index 000000000000..21b3eb364444
--- /dev/null
+++ b/src/chrome/content/rules/02ch.su.xml
@@ -0,0 +1,6 @@
+<ruleset name="02ch.su">
+	<target host="02ch.su" />
+	<target host="www.02ch.su" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/0bin.net.xml b/src/chrome/content/rules/0bin.net.xml
index 9958af696a90..59783a130616 100644
--- a/src/chrome/content/rules/0bin.net.xml
+++ b/src/chrome/content/rules/0bin.net.xml
@@ -10,7 +10,7 @@
 
     <rule from="^http://www\.0bin\.net/"
             to="https://0bin.net/" />
-    
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/0chan.one.xml b/src/chrome/content/rules/0chan.one.xml
new file mode 100644
index 000000000000..a5d94e8e6c65
--- /dev/null
+++ b/src/chrome/content/rules/0chan.one.xml
@@ -0,0 +1,6 @@
+<ruleset name="0chan.one">
+	<target host="0chan.one" />
+	<target host="www.0chan.one" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/0x41.no.xml b/src/chrome/content/rules/0x41.no.xml
deleted file mode 100644
index d8fe24fb9df8..000000000000
--- a/src/chrome/content/rules/0x41.no.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.0x41.no
-
--->
-<ruleset name="0x41.no">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="0x41.no" />
-	<target host="www.0x41.no" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.0x41\.no$" name="^_wp_session$" /-->
-
-	<securecookie host="^www\.0x41\.no$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/0x539.se.xml b/src/chrome/content/rules/0x539.se.xml
deleted file mode 100644
index f897ea8fdb41..000000000000
--- a/src/chrome/content/rules/0x539.se.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	www.0x539.se: Mismatched
-
--->
-<ruleset name="0x539.se">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="0x539.se" />
-	<target host="wp.0x539.se" />
-
-	<!--	Complications:
-				-->
-	<target host="www.0x539.se" />
-
-
-	<rule from="^http://www\.0x539\.se/"
-		to="https://0x539.se/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/1-800courier.com.xml b/src/chrome/content/rules/1-800courier.com.xml
new file mode 100644
index 000000000000..fb31b46e5001
--- /dev/null
+++ b/src/chrome/content/rules/1-800courier.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- blog.1-800courier.com
+		- webmail.1-800courier.com
+
+	Wildcard DNS records:
+		- *.1-800courier.com
+-->
+
+<ruleset name="1-800courier.com">
+	<target host="1-800courier.com" />
+	<target host="www.1-800courier.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1.0.0.1.xml b/src/chrome/content/rules/1.0.0.1.xml
new file mode 100644
index 000000000000..1d46eeb11c6b
--- /dev/null
+++ b/src/chrome/content/rules/1.0.0.1.xml
@@ -0,0 +1,12 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+-->
+
+<ruleset name="1.0.0.1">
+	<target host="1.0.0.1" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1.1.1.1.xml b/src/chrome/content/rules/1.1.1.1.xml
new file mode 100644
index 000000000000..c6249f83c425
--- /dev/null
+++ b/src/chrome/content/rules/1.1.1.1.xml
@@ -0,0 +1,12 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+-->
+
+<ruleset name="1.1.1.1">
+	<target host="1.1.1.1" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/100-Gute-Gruende.de.xml b/src/chrome/content/rules/100-Gute-Gruende.de.xml
deleted file mode 100644
index 649a0d65945a..000000000000
--- a/src/chrome/content/rules/100-Gute-Gruende.de.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="100-gute-gruende.de">
-  <target host="www.100-gute-gruende.de" />
-  <target host="100-gute-gruende.de" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/100R.org.xml b/src/chrome/content/rules/100R.org.xml
index c683f925df4f..f79f105d178d 100644
--- a/src/chrome/content/rules/100R.org.xml
+++ b/src/chrome/content/rules/100R.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://cf9.100r.org/ => https://cf9.100r.org/: (51, "SSL: no altern
 	* Secured by us
 
 -->
-<ruleset name="100R.org" default_off='failed ruleset test'>
+<ruleset name="100R.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/101domain.com-falsemixed.xml b/src/chrome/content/rules/101domain.com-falsemixed.xml
deleted file mode 100644
index 240046213d09..000000000000
--- a/src/chrome/content/rules/101domain.com-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://portuguese.101domain.com/ => https://portuguese.101domain.com/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://spanish.101domain.com/ => https://spanish.101domain.com/: (28, 'Connection timed out after 20001 milliseconds')
-
-	For rules not causing false/broken MCB, see 101domain.com.xml.
-
--->
-<ruleset name="101domain.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="portuguese.101domain.com" />
-	<target host="spanish.101domain.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/101domain.com.xml b/src/chrome/content/rules/101domain.com.xml
index dbb50871c567..8fbcddd6549c 100644
--- a/src/chrome/content/rules/101domain.com.xml
+++ b/src/chrome/content/rules/101domain.com.xml
@@ -1,100 +1,16 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://portuguese.101domain.com/css/pt_BR/101domain.css => https://portuguese.101domain.com/css/pt_BR/101domain.css: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://portuguese.101domain.com/favicon.ico => https://portuguese.101domain.com/favicon.ico: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://portuguese.101domain.com/images/pt_BR/template/arrow_header.gif => https://portuguese.101domain.com/images/pt_BR/template/arrow_header.gif: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://spanish.101domain.com/css/es_MX/101domain.css.m => https://spanish.101domain.com/css/es_MX/101domain.css.m: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://spanish.101domain.com/favicon.ico => https://spanish.101domain.com/favicon.ico: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://spanish.101domain.com/images/es_MX/template/arrow_header.gif => https://spanish.101domain.com/images/es_MX/template/arrow_header.gif: (28, 'Connection timed out after 20001 milliseconds')
-
-	For rules causing false/broken MCB, see 101domain.com-falsemixed.xml.
-
-
-	Partially covered subdomains:
-
-		- portuguese *
-		- spanish *
-
-	* Avoiding broken MCB
-
-
-	Problematic subdomains:
-
-		- spanish ¹
-		- russian *
-		- portuguese ¹
-
-	¹ Mixed css
-	* Mismatched, CN: www.101domain.ru
-
-
-	Fully covered subdomains:
-
-		- (www.)?
-		- blog
-		- cdn
-		- my
-		- russian	(→ www.101domain.ru)
-
-
-	Mixed content:
-
-		- css on portuguese, spanish  from $self *
-		- Images on portuguese, spanish from $self *
-		- favicon on portuguese, spanish from $self *
-
-	* Secured by us
-
+	Refused:
+		- portuguese
+		- spanish
 -->
-<ruleset name="101domain.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="101domain.com (partial)">
 	<target host="101domain.com" />
+	<target host="www.101domain.com" />
 	<target host="blog.101domain.com" />
 	<target host="cdn.101domain.com" />
 	<target host="my.101domain.com" />
-	<target host="portuguese.101domain.com" />
-	<target host="spanish.101domain.com" />
-	<target host="www.101domain.com" />
-
-	<!--	Complications:
-				-->
-	<target host="russian.101domain.com" />
-
-		<!--	Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://(?:portuguese|spanish)\.101domain\.com/+(?!css/|favicon\.ico|images/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://portuguese.101domain.com/servico_dominio_trustee.htm" />
-			<test url="http://portuguese.101domain.com/servidor_busca_whois.htm" />
-
-			<test url="http://spanish.101domain.com/alternativa_de_dominios.htm" />
-			<test url="http://spanish.101domain.com/hosting_gratis_de_dominios.htm" />
-
-			<!--	-ve:
-					-->
-			<test url="http://portuguese.101domain.com/css/pt_BR/101domain.css" />
-			<test url="http://portuguese.101domain.com/favicon.ico" />
-			<test url="http://portuguese.101domain.com/images/pt_BR/template/arrow_header.gif" />
-
-			<test url="http://spanish.101domain.com/css/es_MX/101domain.css.m" />
-			<test url="http://spanish.101domain.com/favicon.ico" />
-			<test url="http://spanish.101domain.com/images/es_MX/template/arrow_header.gif" />
-
-
-	<!--	Redirect drops path but not args:
-							-->
-	<rule from="^http://russian\.101domain\.com/[^?]*"
-		to="https://www.101domain.ru/" />
-
-		<test url="http://russian.101domain.com/?f" />
-		<test url="http://russian.101domain.com/?o" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/101weiqi.xml b/src/chrome/content/rules/101weiqi.xml
index 6674bf3c3010..5cad4e7cf343 100644
--- a/src/chrome/content/rules/101weiqi.xml
+++ b/src/chrome/content/rules/101weiqi.xml
@@ -3,7 +3,7 @@
 		demo.101weiqi.com
 -->
 <ruleset name="101weiqi.com">
-	<!--	
+	<!--
 	101weiqi.com use the http://www.qiniu.com/ cloud for some files.
 	However, they do not support https directly and make some mixedcontent problem.
 	Lucky, the host owner has binded domain, so we can redirect them to the main host, which support https.
@@ -11,10 +11,10 @@
 	<target host="7j1yxi.com1.z0.glb.clouddn.com" />
 	<rule from="^http://7j1yxi\.com1\.z0\.glb\.clouddn\.com/" to="https://www.101weiqi.com/" />
 		<test url="http://7j1yxi.com1.z0.glb.clouddn.com/file/head/2015/7/23/4882_56993_51_2.png" />
-	
+
 	<target host="101weiqi.com" />
 	<target host="www.101weiqi.com" />
 		<test url="http://www.101weiqi.com/login" />
-		
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/1105_Media.com.xml b/src/chrome/content/rules/1105_Media.com.xml
index 42fd6994d115..4ff869a9a340 100644
--- a/src/chrome/content/rules/1105_Media.com.xml
+++ b/src/chrome/content/rules/1105_Media.com.xml
@@ -1,7 +1,11 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://www.1105media.com/ => https://www.1105media.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
+
 	Other 1105 Media rulesets:
 
-		- 1105_pubs.com.xml
 		- ADTmag.com.xml
 		- AWSInsider.net.xml
 		- campustechnology.com.xml
@@ -26,7 +30,7 @@
 				-->
 	<target host="1105media.com" />
 	<target host="design.1105media.com" />
-	<target host="www.1105media.com" />
+	<!-- target host="www.1105media.com" /-->
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/1105_pubs.com.xml b/src/chrome/content/rules/1105_pubs.com.xml
deleted file mode 100644
index 7f005038f371..000000000000
--- a/src/chrome/content/rules/1105_pubs.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other 1105 Media coverage, see 1105_Media.com.xml.
-
-
-	Fully covered hosts in *1105pubs.com:
-
-		- newsletters
-
-
-	Insecure cookies are set for these hosts:
-
-		- newsletters.1105pubs.com
-
--->
-<ruleset name="1105 pubs.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="newsletters.1105pubs.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^newsletters\.1105pubs\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^newsletters\.1105pubs\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/112-akersloot.nl.xml b/src/chrome/content/rules/112-akersloot.nl.xml
index b0d56cad7d1c..6d7bb589b737 100644
--- a/src/chrome/content/rules/112-akersloot.nl.xml
+++ b/src/chrome/content/rules/112-akersloot.nl.xml
@@ -1,7 +1,7 @@
-<ruleset name="112-akersloot.nl">
-	<target host="112-akersloot.nl" />
-	<target host="www.112-akersloot.nl" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
\ No newline at end of file
+<ruleset name="112-akersloot.nl">
+	<target host="112-akersloot.nl" />
+	<target host="www.112-akersloot.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/112-uitgeest.nl.xml b/src/chrome/content/rules/112-uitgeest.nl.xml
index ea0e3e19e2d3..17ba4c4f4589 100644
--- a/src/chrome/content/rules/112-uitgeest.nl.xml
+++ b/src/chrome/content/rules/112-uitgeest.nl.xml
@@ -1,7 +1,7 @@
-<ruleset name="112-uitgeest.nl">
-	<target host="112-uitgeest.nl" />
-	<target host="www.112-uitgeest.nl" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
\ No newline at end of file
+<ruleset name="112-uitgeest.nl">
+	<target host="112-uitgeest.nl" />
+	<target host="www.112-uitgeest.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1177.se.xml b/src/chrome/content/rules/1177.se.xml
index 88c8687566e3..bd41f6d2564f 100644
--- a/src/chrome/content/rules/1177.se.xml
+++ b/src/chrome/content/rules/1177.se.xml
@@ -1,13 +1,60 @@
-<!--
-	Cert only matches *.1177.se
+<!-- Problematic subdomains: 
+		
+		Certificate errors:
+			- blogg.1177.se
+			- personal.formular.1177.se
+			- professional.pep.1177.se
+			- sit.sob.1177.se
+			- acc.hogkostnadsskydd.1177.se
+		
+		Time-out:	
+			- kontaktkortsadmin.1177.se 
 
+		Connection refused:
+			- netscaler.beta.1177.se
+		
+		Redirects to non-working sites: 
+			- sit.personal.formular.1177.se 
+			- sit.formular.1177.se
 -->
-<ruleset name="1177.se">
-
-	<target host="1177.se" />
-	<target host="www.1177.se" />
-
-
-	<rule from="^http:" to="https:" />
 
+<ruleset name="1177.se">
+	<target host="1177.se"/>
+	<target host="www.1177.se"/>
+	<target host="e-tjanster.1177.se"/>
+	<target host="at.e-tjanster.1177.se"/>
+	<target host="dev.e-tjanster.1177.se"/>
+	<target host="st.e-tjanster.1177.se"/>
+	<target host="anatomiskatlas.1177.se"/>
+	<target host="arende.1177.se"/>
+	<target host="acc.arende.1177.se"/>
+	<target host="personal.arende.1177.se"/>
+	<target host="acc.personal.arende.1177.se"/>
+	<target host="sys.personal.arende.1177.se"/>
+	<target host="sys.arende.1177.se"/>
+	<target host="formular.1177.se"/>
+	<target host="qa.formular.1177.se"/>
+	<target host="hogkostnadsskydd.1177.se"/>
+	<target host="journalen.1177.se"/>
+	<target host="lakemedelsnara.1177.se"/>
+	<target host="media.1177.se"/>
+	<target host="pep.1177.se"/>
+	<target host="personal.1177.se"/>
+	<target host="redaktor.1177.se"/>
+	<target host="sob.1177.se"/>
+	<target host="at.sob.1177.se"/>
+	<target host="dv.at.sob.1177.se"/>
+	<target host="personal.at.sob.1177.se"/>
+	<target host="dv.personal.at.sob.1177.se"/>
+	<target host="personal2.at.sob.1177.se"/>
+	<target host="demo.sob.1177.se"/>
+	<target host="dv.sob.1177.se"/>
+	<target host="personal.sob.1177.se"/>
+	<target host="rokfri.1177.se"/>
+	<target host="selftest.1177.se"/>
+	<target host="tidbokning.1177.se"/>
+	<target host="acc.tidbokning.1177.se"/>
+	<target host="vaga-beratta.1177.se"/>
+	
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/11footballclub.xml b/src/chrome/content/rules/11footballclub.xml
index 4f3399fb0064..44ad5fddb611 100644
--- a/src/chrome/content/rules/11footballclub.xml
+++ b/src/chrome/content/rules/11footballclub.xml
@@ -6,7 +6,7 @@ Fetch error: http://cdn.11footballclub.com/ => https://cdn.11footballclub.com/:
 Fetch error: http://www.11footballclub.com/ => https://www.11footballclub.com/: (35, 'Unknown SSL protocol error in connection to www.11footballclub.com:443 ')
 
 -->
-<ruleset name="11footballclub" default_off='failed ruleset test'>
+<ruleset name="11footballclub" default_off="failed ruleset test">
 
 	<target host="11footballclub.com" />
 	<target host="cdn.11footballclub.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.11footballclub.com/ => https://www.11footballclub.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/123-reg.xml b/src/chrome/content/rules/123-reg.xml
index 456b258e034c..d29487376f73 100644
--- a/src/chrome/content/rules/123-reg.xml
+++ b/src/chrome/content/rules/123-reg.xml
@@ -8,8 +8,9 @@ Non-2xx HTTP code: http://ssllin1.123-secure.com/ (200) => https://ssllin1.123-s
 
 	<target host="123-reg.co.uk" />
 	<target host="*.123-reg.co.uk" />
-	<target host="ssllin1.123-secure.com" />
-
+    <test url="http://pophost.123-reg.co.uk/" />
+    <test url="http://sso.123-reg.co.uk/" />
+    <test url="http://dav.123-reg.co.uk/" />
 
 	<securecookie host="^.*\.123-reg\.co\.uk$" name=".+" />
 
@@ -23,19 +24,13 @@ Non-2xx HTTP code: http://ssllin1.123-secure.com/ (200) => https://ssllin1.123-s
 				-->
 	<rule from="^http://inside\.123-reg\.co\.uk/"
 		to="https://www.123-reg.co.uk/blog/" />
+    <test url="http://inside.123-reg.co.uk/blog/online-marketing/podcasts-vs-youtube-videos-business/" />
 
-	<!--	Observed subdomains:
-
-			- img1
-			- img2
-			- static
-			- webmail
-			- www
-				-->
-	<rule from="^http://(\w+\.)?123-reg\.co\.uk/"
-		to="https://$1123-reg.co.uk/" />
-
-	<rule from="^http://ssllin1\.123-secure\.com/"
+	<!--
+    Removed due to bad request on HTTPS
+    <rule from="^http://ssllin1\.123-secure\.com/"
 		to="https://ssllin1.123-secure.com/" />
+  -->
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/123domain.eu.xml b/src/chrome/content/rules/123domain.eu.xml
new file mode 100644
index 000000000000..4334bee0ec97
--- /dev/null
+++ b/src/chrome/content/rules/123domain.eu.xml
@@ -0,0 +1,34 @@
+<!--
+  Refused:
+    - kz-hosting
+
+  Mismatched:
+    - smtp1.mail
+    - smtp2.mail
+
+  Timeout:
+    - qs
+    - www.qs
+
+  HTTP != HTTPS:
+    - relaunch
+
+  Incomplete certificate chain:
+    - whois
+-->
+<ruleset name="123domain.eu">
+	<target host="123domain.eu" />
+	<target host="www.123domain.eu" />
+	<target host="cloud.123domain.eu" />
+	<target host="demo.123domain.eu" />
+	<target host="imap.123domain.eu" />
+	<target host="mail.123domain.eu" />
+	<target host="my.123domain.eu" />
+	<target host="piwik.123domain.eu" />
+	<target host="pop.123domain.eu" />
+	<target host="service.123domain.eu" />
+	<target host="smtp.123domain.eu" />
+	<target host="webmail.123domain.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/126.com.xml b/src/chrome/content/rules/126.com.xml
index 2f6a976019ad..da0c9639946c 100644
--- a/src/chrome/content/rules/126.com.xml
+++ b/src/chrome/content/rules/126.com.xml
@@ -1,12 +1,6 @@
 <!--
 	MCB:
 		help.mail.126.com	(Only break ads)
-		vip.126.com
-		cards.mail.126.com	(Break nothing)
-		cards.vip.126.com
-
-	Mismatch:
-		ming.126.com
 -->
 <ruleset name="126.com">
 	<target host="126.com" />
@@ -15,7 +9,12 @@
 	<target host="cards.mail.126.com" />
 	<target host="help.mail.126.com" />
 	<target host="ssl.mail.126.com" />
+	<target host="ming.126.com" />
 	<target host="passport.126.com" />
+	<target host="vip.126.com" />
+	<target host="cards.vip.126.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/126.net.xml b/src/chrome/content/rules/126.net.xml
index f5d87e78d2f9..b2a22113a66e 100644
--- a/src/chrome/content/rules/126.net.xml
+++ b/src/chrome/content/rules/126.net.xml
@@ -1,65 +1,59 @@
 <!--
-	Incomplete cert chain:
-		l.bst.126.net			https://l.bst.126.net/rsc/img/weibo.png
+	502: May avaiable in China, however get 502 errors by Tor.
+		imglf(\d).ph.126.net
+		imgsize.ph.126.net
+		lofter.ph.126.net			Equal to imglf\d+.ph.126.net
 
 	Mismatch:
-		s2.open.126.net			https://s2.open.126.net/ocb/css/style.css
-		img.ph.126.net			Equal to lofter.
-		imglf[0-3].ph.126.net	Equal to lofter.
-		music.ph.126.net		https://music.ph.126.net/ph.js
+		s2.open.126.net				Equal to s2.open.163.com
+		img.ph.126.net				Equal to lofter.ph.126.net
+		imglf.ph.126.net
+		music.ph.126.net			https://music.ph.126.net/ph.js
 		file.ws.stu.126.net
 
+	Redirect to http:
+		easyread.ph.126.net
+
 	Refuse to connect:
-		m10.music.126.net		(Outside China)
+		m10.music.126.net			(Outside China)
 -->
 <ruleset name="126.net">
+	<target host="l.bst.126.net" />
+		<test url="http://l.bst.126.net/rsc/img/weibo.png" />
 	<target host="img3.126.net" />
 		<test url="http://img3.126.net/kaola/150512/js/jquery-1.4.2.js" />
 	<target host="img1.money.126.net" />
 		<test url="http://img1.money.126.net/data/hs/time/today/0000001.json" />
 	<target host="img2.money.126.net" />
+	<target host="d1.music.126.net" />
+	<target host="d2.music.126.net" />
 	<target host="p1.music.126.net" />
 		<test url="http://p1.music.126.net/5QxEuxegyf6w6A8xaH4fwA==/18732379604094419.jpg" />
 	<target host="p2.music.126.net" />
 	<target host="p3.music.126.net" />
 	<target host="p4.music.126.net" />
 	<target host="s1.music.126.net" />
-		<test url="http://s1.music.126.net/download/android/CloudMusic_official_3.8.0_166749.apk" />
+		<!-- too big to test url="http://s1.music.126.net/download/android/CloudMusic_official_3.8.0_166749.apk" /-->
 	<target host="s2.music.126.net" />
 	<target host="s3.music.126.net" />
 	<target host="s4.music.126.net" />
-	<target host="pimg1.126.net" />
-		<test url="http://pimg1.126.net/silver/product/fams/banner/902d4fad-7b08-4977-8cb4-501d0927811a.jpg" />
+	<target host="*.nosdn0.126.net" />
+		<test url="http://imglf3.nosdn0.126.net/img/WFU1VmZJa3UxeFltWTJ4ZDNOZDU4NXRmUFVLR1lXS1gySnpVQ2JObm95VjZjQjNGWVBjU2x3PT0.jpg" />
+		<test url="http://imglf4.nosdn0.126.net/img/WFU1VmZJa3UxeFltWTJ4ZDNOZDU4M2wwT05lSzRHZjZkN2RTOFMxOEFPVGRjTmlQdkRIcDlBPT0.jpg" />
+		<test url="http://imglf6.nosdn0.126.net/img/WFU1VmZJa3UxeFltWTJ4ZDNOZDU4K3VuTEdoMmZZcGJzR2YyMFdidWlsVFBlNWwzMlkzZTFnPT0.jpg" />
 	<target host="cst.stu.126.net" />
 		<test url="http://cst.stu.126.net/u/js/cms/reuglar.0.3.1.js" />
 	<target host="ct.stu.126.net" />
+	<target host="jdvodluwytr3t.vod.126.net" />
 	<target host="file.ws.126.net" />
 		<test url="http://file.ws.126.net/3g/client/netease_newsreader_android.apk" />
 	<target host="yuedust.yuedu.126.net" />
 
-	<!--	Complications:	-->
-	<target host="*.ph.126.net" />
-		<test url="http://easyread.ph.126.net/0jkjwGfV7I4EJXnYlRBkVg==/7917077456266817441.jpg" />
-		<test url="http://imglf4.ph.126.net/Hl-5m6FPM6qEZVodyHeJXQ==/6598068123274897199.png" />
-		<test url="http://imglf99.ph.126.net/Hl-5m6FPM6qEZVodyHeJXQ==/6598068123274897199.png" />
-		<test url="http://imglf999.ph.126.net/Xxbx69RhsRMFfTVsEvTxmw==/6631199707099665283.png" />
-		<test url="http://imgsize.ph.126.net/?imgurl=http://lovepicture.nosdn.127.net/-1909745056204601718?imageView_90x90x0x85.net" />
-		<test url="http://lofter.ph.126.net/3ZY1gdaZcahG6CmxojI-ZQ==/5629506131282902209.png" />
-
-	<!--
-		Mismatch:
-		get some img tests on
-		https://sizhisizhi.lofter.com/post/1d69592c_a0f5e04
-			-->
-	<rule from="^http://img(lf(0|1|2|3))?\.ph\.126\.net/" to="https://lofter.ph.126.net/" />
-		<test url="http://img.ph.126.net/3ZY1gdaZcahG6CmxojI-ZQ==/5629506131282902209.png" />
-		<test url="http://imglf0.ph.126.net/D61yq3VyoEw7K55pJ8WcBA==/6598261637321193102.png" />
-		<test url="http://imglf1.ph.126.net/-SuPNwU7ZdssmN_A_j_OTw==/6631428405518237572.png" />
-		<test url="http://imglf2.ph.126.net/Hl-5m6FPM6qEZVodyHeJXQ==/6598068123274897199.png" />
-		<test url="http://imglf3.ph.126.net/Hl-5m6FPM6qEZVodyHeJXQ==/6598068123274897199.png" />
-
-	<exclusion pattern="^http://music\.ph\.126\.net/" />
-		<test url="http://music.ph.126.net/ph.js" />
+	<!--	Mismatched:	-->
+	<target host="s2.open.126.net" />
+	<rule from="^http://s2\.open\.126\.net/"
+			to="https://s2.open.163.com/" />
+		<test url="http://s2.open.126.net/ocb/css/style.css" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/1431am.org.xml b/src/chrome/content/rules/1431am.org.xml
index 48015c7154c2..c047e970c5ff 100644
--- a/src/chrome/content/rules/1431am.org.xml
+++ b/src/chrome/content/rules/1431am.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://1431am.org/ => https://1431am.org/: (60, 'SSL certificate pr
 Fetch error: http://www.1431am.org/ => https://www.1431am.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="1431am.org" default_off='failed ruleset test'>
+<ruleset name="1431am.org" default_off="failed ruleset test">
 
 	<target host="1431am.org" />
 	<target host="www.1431am.org" />
diff --git a/src/chrome/content/rules/148apps.com.xml b/src/chrome/content/rules/148apps.com.xml
deleted file mode 100644
index b44873843429..000000000000
--- a/src/chrome/content/rules/148apps.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional hosts in *.148apps.com:
-	    beta.images.148apps.com (Error 403 - Forbidden)
-    	beta.media.148apps.com (Error 403 - Forbidden) 
-	    static.148apps.com (Error 404)
-		beta.static.148apps.com (Error 403 - Forbidden)
-
-	HTTPS Connection Refused:
-	
-		ads.148apps.com
-		forum.148apps.com
-		store.148apps.com
-		img.148apps.com
-
--->
-<ruleset name="148apps" platform="mixedcontent">
-
-	<target host="148apps.com" />
-	<target host="www.148apps.com" />
-	<target host="images.148apps.com" />
-	<target host="media.148apps.com" />
-	<target host="static.148apps.com" />
-	
-	<test url="http://static.148apps.com/img/148apps-logo-266x.png" />
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/163.com-mixedcontent.xml b/src/chrome/content/rules/163.com-mixedcontent.xml
new file mode 100644
index 000000000000..891b9b795035
--- /dev/null
+++ b/src/chrome/content/rules/163.com-mixedcontent.xml
@@ -0,0 +1,9 @@
+<!--
+	For rules not causing problems, see 163.com.xml.
+-->
+<ruleset name="163.com-mixedcontent" platform="mixedcontent">
+	<target host="live.163.com" />
+	<target host="i.money.163.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/163.com-problematic.xml b/src/chrome/content/rules/163.com-problematic.xml
deleted file mode 100644
index b7a9ecc40e71..000000000000
--- a/src/chrome/content/rules/163.com-problematic.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules not causing problems, see 163.com.xml.
--->
-<ruleset name="163.com-problematic">
-
-	<target host="i.money.163.com" />
-		<exclusion pattern="^http://i\.money\.163\.com/$" />
-
-		<rule from="^http://i\.money\.163\.com/(\S+)\.json"
-			to="https://i.money.163.com/$1.json" />
-
-		<test url="http://i.money.163.com/app/api/version/android.json" />
-		<test url="http://i.money.163.com/hs/api/myStockList.json" />
-		<test url="http://i.money.163.com/guess/bet/initBet.json" />
-
-	<target host="piao.163.com" />
-		<exclusion pattern="^http://piao\.163\.com/$" />
-
-		<rule from="^http://piao\.163\.com/favicon\.ico/"
-			to="https://piao.163.com/favicon.ico/" />
-
-		<test url="http://piao.163.com/favicon.ico/" />
-
-		<rule from="^http://piao\.163\.com/movie/get_phone\.html"
-			to="https://piao.163.com/movie/get_phone.html" />
-
-		<test url="http://piao.163.com/movie/get_phone.html" />
-</ruleset>
diff --git a/src/chrome/content/rules/163.com.xml b/src/chrome/content/rules/163.com.xml
index 50c9f2d32431..872e04b916a6 100644
--- a/src/chrome/content/rules/163.com.xml
+++ b/src/chrome/content/rules/163.com.xml
@@ -1,89 +1,70 @@
 <!--
-	For rules causing MCB, see 163.com-problematic.xml.
+	For rules causing MCB, see 163.com-mixedcontent.xml.
 
-	Nonfunctional hosts in *163.com:
-		- adgeo ʳ
-		- auto ⁵
-		- biz ʳ
-		- caipiao ⁵
-		- game.campus ²
-		- corp ʳ
-		- gb.corp ʳ
-		- data ʳ
-		- developer
-		- digi ʳ
-		- e ʳ
-		- emarketing ʳ
-		- ent ʳ
-		- fankui ²
-		- game ⁵
-		- hr.game ʳ
-		- gamer ⁵
-		- help ⁵
-		- home ʳ
-		- lady ⁵
-		- mall ᵇ
-		- money ⁵
-		- men ʳ
-		- news ʳ
-		- img.nie ⁵
-		- pay ʳ
-		- sports ʳ
-		- tech ʳ
-		- v ʳ
-		- vhouse ʳ
-		- view ʳ
-		- www ⁵
-		- yuehui ʳ
-		- zh ⁵
-	² 502
-	³ 403
-	⁴ 404
-	⁵ 503
-	ᵇ Blank page
-	ʳ Refused
+	503:
+		gamer.163.com
+		zh.163.com
 
-	Problematic hosts in *163.com:
-		- ^
-		- 1 ᵉ
-		- cc ˣ
-		- support.dun ᵐ
-		- fa ˣ
-		- fm ᵉ
-		- res.nie ᵐ
-		- piao ˣ
-		- pimg ᵐ	https://pimg.163.com/urs/img/mistakertu.gif
-		- qiye ᵐ
-		- sitemap ᵐ
-		- api.t ᵉ
-		- you ᵉ
-		- b.you ˣ
-	ᵉ Expired
-	ᵐ Mismatched
-	ˣ Mixed css or iframe
+	Mixmatched:
+		support.dun.163.com
+		img.nie.163.com
+		res.nie.163.com
+		qiye.163.com
+		sitemap.163.com
 
-	Mixed content:
-		- Bugs, on:
-			- i.money from 163.wrating.com
-			- i.money from developer.163.com
-		- help.mail	(Only break ads)
-	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	Redirect to http:
+		developer.163.com
+		rec.g.163.com		http://rec.g.163.com/kaolaadclick/api/dsp/show.s
+		app.yuedu.163.com
+
+	Refused:
+		corp.163.com
+		gb.corp.163.com
+		data.163.com
+		digi.163.com
+		e.163.com
+		emarketing.163.com
+		ent.163.com
+		hr.game.163.com
+		home.163.com
+		men.163.com
+		news.163.com
+		pay.163.com
+		sports.163.com
+		tech.163.com
+		v.163.com
+		vhouse.163.com
+		view.163.com
+		yuehui.163.com
+
+	Timeout:
+		^					https://travis-ci.org/EFForg/https-everywhere/jobs/522370910#L639
+		fankui.163.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/666649722#L409
+		game.campus.163.com
+		18.mail.163.com		https://travis-ci.org/EFForg/https-everywhere/jobs/522370910#L640
+		pimg.163.com		https://travis-ci.org/EFForg/https-everywhere/jobs/522370910#L641
+		chat.study.163.com	https://travis-ci.org/EFForg/https-everywhere/jobs/522379611#L653
 -->
 <ruleset name="163.com">
 	<!-- Directly: -->
+	<target host="www.163.com" />
+	<target host="1.163.com" />
 	<target host="3g.163.com" />
-	<target host="888.163.com" />
+	<target host="adgeo.163.com" />
 	<target host="analytics.163.com" />
-	<target host="baoxian.163.com" />
+	<target host="auto.163.com" />
+	<target host="biz.163.com" />
+	<target host="cc.163.com" />
 	<target host="mshare.cc.163.com" />
 	<target host="dun.163.com" />
 	<target host="cdn.easyread.163.com" />
 	<target host="email.163.com" />
 	<target host="email2.163.com" />
+	<target host="fm.163.com" />
+	<target host="help.163.com" />
 	<target host="iad.g.163.com" />
 		<test url="http://iad.g.163.com/wa/ad" />
-	<target host="rec.g.163.com" />
-		<test url="http://rec.g.163.com/kaolaadclick/api/dsp/show.s" />
+	<target host="game.163.com" />
 	<target host="gm.163.com" />
 		<target host="box.gm.163.com" />
 		<target host="epay.gm.163.com" />
@@ -106,45 +87,48 @@
 		<target host="xy3.gm.163.com" />
 		<target host="xyq.gm.163.com" />
 		<target host="y3.gm.163.com" />
-		<target host="zh.gm.163.com" />
 		<target host="zmq.gm.163.com" />
+	<target host="lady.163.com" />
 	<target host="love.163.com" />
 	<target host="m.163.com" />
 	<target host="c.m.163.com" />
 		<test url="http://c.m.163.com/news/a/C2ADQI8H0524ADMM.html" />
 	<target host="mail.163.com" />
-	<target host="18.mail.163.com" />
+	<target host="dm.mail.163.com" />
 	<target host="help.mail.163.com" />
 	<target host="pstat.mail.163.com" />
 	<target host="iplocator.mail.163.com" />
 		<test url="http://iplocator.mail.163.com/iplocator?callback=fGetLocator" />
 	<target host="msg.mail.163.com" />
 	<target host="mima.163.com" />
+	<target host="money.163.com" />
 	<target host="music.163.com" />
+	<target host="open.163.com" />
 	<target host="www.qiye.163.com" />
 	<target host="dl.reg.163.com" />
+	<target host="hc.reg.163.com" />
 	<target host="webzj.reg.163.com" />
 	<target host="yun.reg.163.com" />
 		<test url="http://yun.reg.163.com/cloud/versions/1.0.0/cloudstyle.css" />
 	<target host="study.163.com" />
-	<target host="chat.study.163.com" />
-	<target host="trip.163.com" />
 	<target host="vipmail.163.com" />
+	<target host="you.163.com" />
+	<target host="b.you.163.com" />
 	<target host="cps.you.163.com" />
 	<target host="open.you.163.com" />
 	<target host="m.you.163.com" />
 	<target host="yuedu.163.com" />
-	<target host="app.yuedu.163.com" />
-	<target host="zhidao.163.com" />
 
 	<!-- Complications: -->
+	<target host="163.com" />
+
 	<target host="reg.163.com" />
-		<exclusion pattern="http://reg\.163\.com/(Main\.do|Main\.jsp|update\.html)$" />
-		<!--	Break '免费邮箱' '网易易盾' '花田' and so on after login.	-->
-		<test url="http://reg.163.com/Main.do" />
-		<test url="http://reg.163.com/Main.jsp" />
 		<!--	Redirect to http:	-->
+		<exclusion pattern="http://reg\.163\.com/update\.html?$" />
+		<test url="http://reg.163.com/update.htm" />
 		<test url="http://reg.163.com/update.html" />
 
+	<rule from="^http://163\.com/" to="https://www.163.com/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/168qiquan.com.xml b/src/chrome/content/rules/168qiquan.com.xml
deleted file mode 100644
index 0beadaa22210..000000000000
--- a/src/chrome/content/rules/168qiquan.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other anyoption coverage, see Anyoption.com.xml.
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="168qiquan.com (partial)">
-
-	<target host="hk.168qiquan.com" />
-
-
-	<rule from="^http://hk\.168qiquan\.com/(?=bridge/|css/|favicon\.ico|images/|javax\.faces\.resource/|jsp?/|thickbox/|undefined/)"
-		to="https://hk.168qiquan.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/16chan.nl.xml b/src/chrome/content/rules/16chan.nl.xml
deleted file mode 100644
index 4a3751944861..000000000000
--- a/src/chrome/content/rules/16chan.nl.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://16chan.nl/ => https://16chan.nl/: (7, 'Failed to connect to 16chan.nl port 443: Connection refused')
-Fetch error: http://www.16chan.nl/ => https://16chan.nl/: (7, 'Failed to connect to 16chan.nl port 443: Connection refused')
-
-	www.16chan.nl: Mismatched
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .16chan.nl
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="16chan.nl" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="16chan.nl" />
-
-	<!--	Complications:
-				-->
-	<target host="www.16chan.nl" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.16chan\.nl$" name="^infinity_next_session$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://www\.16chan\.nl/"
-		to="https://16chan.nl/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/179.ru.xml b/src/chrome/content/rules/179.ru.xml
new file mode 100644
index 000000000000..14bd29d6180d
--- /dev/null
+++ b/src/chrome/content/rules/179.ru.xml
@@ -0,0 +1,35 @@
+<!--
+	HTTPS broken:
+		2011.179.ru
+		biobase.179.ru
+		v2017-b2.179.ru
+		vezdehod.179.ru
+
+	Mixed content:
+		2013.179.ru
+
+	There are a few domain names whose only purpose appears to be a redirect.
+	For example, http://wiki.179.ru/ redirects to https://server.179.ru/wiki/.
+	For those domain names, HTTPS does not work;
+	but non-root URLs like http://wiki.179.ru/foo simply give an error.
+		bak.179.ru
+		monitor.179.ru
+		sbory.179.ru
+		support.179.ru
+		t3.179.ru
+		wiki.179.ru
+-->
+<ruleset name="179.ru">
+	<target host="179.ru" />
+	<target host="www.179.ru" />
+	<target host="2012.179.ru" />
+	<target host="2015.179.ru" />
+	<target host="dop.179.ru" />
+	<target host="moodle.179.ru" />
+	<target host="open.179.ru" />
+	<target host="server.179.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/17track.net.xml b/src/chrome/content/rules/17track.net.xml
index 45e481b582d3..f5c0c2e364f8 100644
--- a/src/chrome/content/rules/17track.net.xml
+++ b/src/chrome/content/rules/17track.net.xml
@@ -1,6 +1,8 @@
-<ruleset name="17track.net" platform="mixedcontent">
-  <target host="17track.net" />
-  <target host="www.17track.net" />
+<ruleset name="17track.net (partial)">
+	<target host="17track.net" />
+	<target host="www.17track.net" />
 
-  <rule from="^http:" to="https:" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/1Cart.xml b/src/chrome/content/rules/1Cart.xml
deleted file mode 100644
index cf4cc25f186d..000000000000
--- a/src/chrome/content/rules/1Cart.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="1Cart">
-
-	<target host="1cart.com"/>
-	<target host="www.1cart.com"/>
-	<target host="1cart.co.nz"/>
-	<target host="www.1cart.co.nz"/>
-
-	<securecookie host="^(www\.)?1cart\.com$" name=".+" />
-
-	<rule from="^http://(www\.)?1cart\.co\.nz/"
-		to="https://1cart.com/"/>
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/1PipFix.xml b/src/chrome/content/rules/1PipFix.xml
index b88e35caa893..0c91ce8616af 100644
--- a/src/chrome/content/rules/1PipFix.xml
+++ b/src/chrome/content/rules/1PipFix.xml
@@ -5,7 +5,7 @@ Fetch error: http://1pipfix.com/ => https://1pipfix.com/: (28, 'Connection timed
 Fetch error: http://www.1pipfix.com/ => https://www.1pipfix.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="1PipFix" default_off='failed ruleset test'>
+<ruleset name="1PipFix" default_off="failed ruleset test">
 
 	<target host="1pipfix.com" />
 	<target host="www.1pipfix.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.1pipfix.com/ => https://www.1pipfix.com/: (28, 'Connecti
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/1ShoppingCart.com.xml b/src/chrome/content/rules/1ShoppingCart.com.xml
index e6a5a7768990..9d7f2ed5f8c1 100644
--- a/src/chrome/content/rules/1ShoppingCart.com.xml
+++ b/src/chrome/content/rules/1ShoppingCart.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://1shoppingcart.com/ => https://1shoppingcart.com/: Too many r
 	For other Web.com Group coverage, see Web.com.xml.
 
 -->
-<ruleset name="1ShoppingCart.com (partial)" default_off='failed ruleset test'>
+<ruleset name="1ShoppingCart.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/1X.xml b/src/chrome/content/rules/1X.xml
index d140fde2d896..cfa766f3292b 100644
--- a/src/chrome/content/rules/1X.xml
+++ b/src/chrome/content/rules/1X.xml
@@ -12,7 +12,7 @@ Fetch error: http://owa.1x.com/ => https://owa.1x.com/: (60, 'SSL certificate pr
 	² Mismatched
 
 -->
-<ruleset name="1X.com" default_off='failed ruleset test'>
+<ruleset name="1X.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/1_Deg.org.xml b/src/chrome/content/rules/1_Deg.org.xml
index e97d2348dfcc..ae7de6e4a9c3 100644
--- a/src/chrome/content/rules/1_Deg.org.xml
+++ b/src/chrome/content/rules/1_Deg.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://1deg.org/ => https://1deg.org/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="1 Deg.org" default_off='failed ruleset test'>
+<ruleset name="1 Deg.org" default_off="failed ruleset test">
 
 	<target host="1deg.org" />
 	<target host="www.1deg.org" />
diff --git a/src/chrome/content/rules/1and1-Internet.xml b/src/chrome/content/rules/1and1-Internet.xml
index f6da61397807..5f6f32a58dcc 100644
--- a/src/chrome/content/rules/1and1-Internet.xml
+++ b/src/chrome/content/rules/1and1-Internet.xml
@@ -32,7 +32,7 @@ Fetch error: http://webdesk.1and1.com/ => https://webdesk.1and1.com/: (7, 'Faile
 	ᵐ Mismatched
 
 -->
-<ruleset name="1and1.com" default_off='failed ruleset test'>
+<ruleset name="1and1.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/1and1.ca.xml b/src/chrome/content/rules/1and1.ca.xml
index 16a78c99baa4..5d0f43291d06 100644
--- a/src/chrome/content/rules/1and1.ca.xml
+++ b/src/chrome/content/rules/1and1.ca.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.forum.1and1.ca/ => https://www.forum.1and1.ca/: (6, 'Cou
 	ᵐ Mismatched
 
 -->
-<ruleset name="1and1.ca (partial)" default_off='failed ruleset test'>
+<ruleset name="1and1.ca (partial)" default_off="failed ruleset test">
 
 	<!--target host="analytics.1and1.ca" /-->
 	<target host="account.1and1.ca" />
diff --git a/src/chrome/content/rules/1anh.com.xml b/src/chrome/content/rules/1anh.com.xml
index f494bb3b1621..3246ba264fcc 100644
--- a/src/chrome/content/rules/1anh.com.xml
+++ b/src/chrome/content/rules/1anh.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://1anh.com/ => https://1anh.com/: (28, 'Connection timed out a
 Fetch error: http://www.1anh.com/ => https://www.1anh.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="1anh.com" default_off='failed ruleset test'>
+<ruleset name="1anh.com" default_off="failed ruleset test">
 
 	<target host="1anh.com" />
 	<target host="www.1anh.com" />
diff --git a/src/chrome/content/rules/1c-bitrix.ru.xml b/src/chrome/content/rules/1c-bitrix.ru.xml
index 160be81021a2..4903e992bcbb 100644
--- a/src/chrome/content/rules/1c-bitrix.ru.xml
+++ b/src/chrome/content/rules/1c-bitrix.ru.xml
@@ -13,7 +13,14 @@
 <ruleset name="1c-bitrix.ru (partial)">
 
 	<target host="1c-bitrix.ru" />
-	<target host="*.1c-bitrix.ru" />
+	<target host="www.1c-bitrix.ru" />
+	<target host="1c.1c-bitrix.ru" />
+	<target host="academy.1c-bitrix.ru" />
+	<target host="dev.1c-bitrix.ru" />
+	<target host="idea.1c-bitrix.ru" />
+	<target host="marketplace.1c-bitrix.ru" />
+	<target host="partners.1c-bitrix.ru" />
+	<target host="promo.1c-bitrix.ru" />
 
 
 	<securecookie host="^\.1c-bitrix\.ru$" name=".+" />
@@ -22,7 +29,6 @@
 	<rule from="^http://(?:www\.)?1c-bitrix\.ru/"
 		to="https://www.1c-bitrix.ru/" />
 
-	<rule from="^http://(1c|academy|dev|idea|marketplace|partners|promo)\.1c-bitrix\.ru/"
-		to="https://$1.1c-bitrix.ru/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1d4.us.xml b/src/chrome/content/rules/1d4.us.xml
index a8a4fd07b215..0494998650df 100644
--- a/src/chrome/content/rules/1d4.us.xml
+++ b/src/chrome/content/rules/1d4.us.xml
@@ -6,7 +6,7 @@ Fetch error: http://1d4.us/ => https://1d4.us/: (28, 'Operation timed out after
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="1d4.us" default_off='failed ruleset test'>
+<ruleset name="1d4.us" default_off="failed ruleset test">
 
 	<target host="1d4.us" />
 	<target host="*.1d4.us" />
diff --git a/src/chrome/content/rules/1fichier.xml b/src/chrome/content/rules/1fichier.xml
index 69fec7acf0ab..8d3fe557b874 100644
--- a/src/chrome/content/rules/1fichier.xml
+++ b/src/chrome/content/rules/1fichier.xml
@@ -4,12 +4,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://st-1.1fichier.com/ => https://st-1.1fichier.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 	All non-1fichier.com URLs are mirrors of https://1fichier.com/ .
-	
+
 	Mismatch:
 	- dfichiers.com
 -->
 
-<ruleset name="1fichier" default_off='failed ruleset test'>
+<ruleset name="1fichier" default_off="failed ruleset test">
 
 	<target host="1fichier.com" />
 	<target host="*.1fichier.com" />
diff --git a/src/chrome/content/rules/1freehosting.com.xml b/src/chrome/content/rules/1freehosting.com.xml
new file mode 100644
index 000000000000..d894b26dc5e1
--- /dev/null
+++ b/src/chrome/content/rules/1freehosting.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		cpanel.1freehosting.com
+-->
+<ruleset name="1freehosting.com">
+	<target host="1freehosting.com" />
+	<target host="www.1freehosting.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1nsk.ru-problematic.xml b/src/chrome/content/rules/1nsk.ru-problematic.xml
index a6975dde1b4e..20f974c0c941 100644
--- a/src/chrome/content/rules/1nsk.ru-problematic.xml
+++ b/src/chrome/content/rules/1nsk.ru-problematic.xml
@@ -5,7 +5,8 @@
 <ruleset name="1nsk.ru (problematic)" default_off="expired, self-signed">
 
 	<target host="1nsk.ru" />
-	<target host="*.1nsk.ru" />
+	<target host="www.1nsk.ru" />
+	<target host="b.1nsk.ru" />
 
 
 	<securecookie host="^b?\.1nsk\.ru$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?1nsk\.ru/"
 		to="https://www.1nsk.ru/" />
 
-	<rule from="^http://b\.1nsk\.ru/"
-		to="https://b.1nsk.ru/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1nsk.ru.xml b/src/chrome/content/rules/1nsk.ru.xml
index 237142e6d4ac..3a86e6c1e5c3 100644
--- a/src/chrome/content/rules/1nsk.ru.xml
+++ b/src/chrome/content/rules/1nsk.ru.xml
@@ -15,7 +15,7 @@ Fetch error: http://live.1nsk.ru/ => https://live.1nsk.ru/: (28, 'Connection tim
 	* Works; expired 2012-02-28, self-signed
 
 -->
-<ruleset name="1nsk.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="1nsk.ru (partial)" default_off="failed ruleset test">
 
 	<target host="live.1nsk.ru" />
 
@@ -25,4 +25,4 @@ Fetch error: http://live.1nsk.ru/ => https://live.1nsk.ru/: (28, 'Connection tim
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/1over1.net.xml b/src/chrome/content/rules/1over1.net.xml
new file mode 100644
index 000000000000..77c1e327632e
--- /dev/null
+++ b/src/chrome/content/rules/1over1.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="1over1">
+	<target host="1over1.net" />
+	<target host="www.1over1.net" />
+
+	<!--	MCB:	-->
+	<exclusion pattern="^http://(www\.)?1over1\.net/forum\.php" />
+		<test url="http://1over1.net/forum.php"/>
+		<test url="http://www.1over1.net/forum.php"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/1s_and_0s.nl.xml b/src/chrome/content/rules/1s_and_0s.nl.xml
deleted file mode 100644
index 476230097062..000000000000
--- a/src/chrome/content/rules/1s_and_0s.nl.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="1s and 0s.nl">
-
-	<target host="1sand0s.nl" />
-	<target host="www.1sand0s.nl" />
-
-	<rule from="^http://(www\.)?1sand0s\.nl/"
-		to="https://1sand0s.nl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/1stWarning.com.xml b/src/chrome/content/rules/1stWarning.com.xml
index 7abb6d742a42..1fc53a466043 100644
--- a/src/chrome/content/rules/1stWarning.com.xml
+++ b/src/chrome/content/rules/1stWarning.com.xml
@@ -8,7 +8,7 @@
 	<target host="www.1stwarning.com" />
 
 
-	<securecookie host="^(?:.*\.)?1stwarning\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/1tulatv.ru.xml b/src/chrome/content/rules/1tulatv.ru.xml
index 9f9275a12434..decbd6147f3e 100644
--- a/src/chrome/content/rules/1tulatv.ru.xml
+++ b/src/chrome/content/rules/1tulatv.ru.xml
@@ -1,5 +1,8 @@
-<ruleset name="1tulatv.ru" platform="mixedcontent">
+<ruleset name="1tulatv.ru">
 	<target host="1tulatv.ru" />
 	<target host="www.1tulatv.ru" />
+
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/1xbet.com.xml b/src/chrome/content/rules/1xbet.com.xml
deleted file mode 100644
index 14e8cf5768f3..000000000000
--- a/src/chrome/content/rules/1xbet.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Other 1xbet rulesets:
-
-		- Xbetsport.com.xml
-
--->
-<ruleset name="1xbet.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="1xbet.com" />
-	<target host="www.1xbet.com" />
-
-
-	<securecookie host="^(?:w*\.)?1xbet\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/2020mobile.es.xml b/src/chrome/content/rules/2020mobile.es.xml
index c256ffde06f0..7ae5c8dd31c6 100644
--- a/src/chrome/content/rules/2020mobile.es.xml
+++ b/src/chrome/content/rules/2020mobile.es.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.2020mobile.es/ => https://www.2020mobile.es/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 Fetch error: http://2020mobile.es/ => https://www.2020mobile.es/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="2020mobile" default_off='failed ruleset test'>
+<ruleset name="2020mobile" default_off="failed ruleset test">
   <target host="www.2020mobile.es"/>
   <target host="2020mobile.es"/>
 
diff --git a/src/chrome/content/rules/20min.ch-mixedcontent.xml b/src/chrome/content/rules/20min.ch-mixedcontent.xml
deleted file mode 100644
index 1a73adb858b7..000000000000
--- a/src/chrome/content/rules/20min.ch-mixedcontent.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other 20min.ch coverage, see 20min.ch.xml.
--->
-<ruleset name="20min.ch (mixedcontent)" platform="mixedcontent">
-	<target host="www.20min.ch" />
-	<target host="m.20min.ch" />
-
-	<!-- already covered by 20min.ch.xml -->
-	<exclusion pattern="^http://www\.20min\.ch/(2010|printpdf)/" />
-	<exclusion pattern="^http://m\.20min\.ch/(printpdf|webapp)/" />
-
-	<test url="http://www.20min.ch/2010/img/navigation/20min_logo.png" />
-	<test url="http://m.20min.ch/webapp/img/de/logo.png" />
-	<test url="http://www.20min.ch/printpdf/" />
-	<test url="http://m.20min.ch/printpdf/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/20min.ch.xml b/src/chrome/content/rules/20min.ch.xml
index b42393283f49..0a0c49462bc4 100644
--- a/src/chrome/content/rules/20min.ch.xml
+++ b/src/chrome/content/rules/20min.ch.xml
@@ -1,51 +1,24 @@
 <!--
 	Other 20min rulesets:
 		- 20min-tv.ch.xml
-		- 20min.ch-mixedcontent.xml
 		- 20minuti.ch.xml
 
-	Nonfunctional hosts in *.20min.ch:
-		- 20min.ch (h)
-		- www.20min.ch (some pages redirect to http;
-			works with "?httpsredirect" parameter, but has mixed content issues then)
-		- deal.20min.ch (m)
-		- m.20min.ch (some pages have mixed content issues)
-		- secretescapes.20min.ch (e)
-		- static01.20min.ch (r)
-		- tilllate.20min.ch (m)
+	20min.ch has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
 
-		The host has various subdomains as shortlinks to articles.
-		Those subdomains redirect to http and their www prefixed alias mismatches the cert.
-
-	e: certificate expired
-	h: http redirect
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
-
-	HTTP redirect to 20min.ch on all *.20minuten.ch hosts.
+	Mismatched, different cert from rest of domains:
+		- secretescapes
+		- tilllate
 -->
 <ruleset name="20min.ch (partial)">
+	<target host="20min.ch" />
 	<target host="www.20min.ch" />
 	<target host="api.20min.ch" />
+	<target host="deal.20min.ch" />
 	<target host="m.20min.ch" />
 	<target host="mediadaten.20min.ch" />
 	<target host="mediakit.20min.ch" />
 
-	<exclusion pattern="^http://www\.20min\.ch/$" />
-	<exclusion pattern="^http://m\.20min\.ch/$" />
-
-	<test url="http://www.20min.ch/2010/img/navigation/20min_logo.png" />
-	<test url="http://m.20min.ch/webapp/img/de/logo.png" />
-	<test url="http://www.20min.ch/printpdf/" />
-	<test url="http://m.20min.ch/printpdf/" />
-
-	<rule from="^http://www\.20min\.ch/2010/" to="https://www.20min.ch/2010/" />
-	<rule from="^http://m\.20min\.ch/webapp/" to="https://m.20min.ch/webapp/" />
-	<rule from="^http://www\.20min\.ch/printpdf/" to="https://www.20min.ch/printpdf/" />
-	<rule from="^http://m\.20min\.ch/printpdf/" to="https://m.20min.ch/printpdf/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(api|mediadaten|mediakit)\.20min\.ch/"
-		to="https://$1.20min.ch/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/20minutes.fr.xml b/src/chrome/content/rules/20minutes.fr.xml
index 989d7f9f7379..8c6a79b02988 100644
--- a/src/chrome/content/rules/20minutes.fr.xml
+++ b/src/chrome/content/rules/20minutes.fr.xml
@@ -42,7 +42,7 @@
 	<rule from="^http://20minutes\.fr/"
 		to="https://www.20minutes.fr/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/20minuti.ch.xml b/src/chrome/content/rules/20minuti.ch.xml
index 561bce8b1020..4323316e18ca 100644
--- a/src/chrome/content/rules/20minuti.ch.xml
+++ b/src/chrome/content/rules/20minuti.ch.xml
@@ -1,21 +1,13 @@
 <!--
 	For other 20min.ch coverage, see 20min.ch.xml.
-
-	Nonfunctional hosts in *.20minuti.ch:
-		- 20minuti.ch (502)
-		- www.20minuti.ch (some pages have mixed content issues)
-		- m.20minuti.ch (some pages have mixed content issues)
-
-	h: http redirect
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
 -->
-<ruleset name="20minuti.ch" platform="mixedcontent">
+<ruleset name="20minuti.ch">
+	<target host="20minuti.ch" />
 	<target host="www.20minuti.ch" />
 	<target host="m.20minuti.ch" />
 	<target host="epaper.20minuti.ch" />
 
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/21.co.xml b/src/chrome/content/rules/21.co.xml
index aba675c3c6c3..6d75d4d28de6 100644
--- a/src/chrome/content/rules/21.co.xml
+++ b/src/chrome/content/rules/21.co.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://slack.21.co/ (200) => https://slack.21.co/ (526)
 		4xx client error:
 			 - files.21.co
 -->
-<ruleset name="21.co" default_off='failed ruleset test'>
+<ruleset name="21.co" default_off="failed ruleset test">
 	<target host="21.co" />
 	<target host="www.21.co" />
 	<target host="api.21.co" />
diff --git a/src/chrome/content/rules/22Fevrier2019.org.xml b/src/chrome/content/rules/22Fevrier2019.org.xml
new file mode 100644
index 000000000000..64371073a2d3
--- /dev/null
+++ b/src/chrome/content/rules/22Fevrier2019.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="22Fevrier2019.org">
+	<target host="22fevrier2019.org" />
+	<target host="www.22fevrier2019.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/23Systems.xml b/src/chrome/content/rules/23Systems.xml
index b517473c8f75..cefde1351ed3 100644
--- a/src/chrome/content/rules/23Systems.xml
+++ b/src/chrome/content/rules/23Systems.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/24-7_Customer.xml b/src/chrome/content/rules/24-7_Customer.xml
deleted file mode 100644
index 2e06b6e38ba1..000000000000
--- a/src/chrome/content/rules/24-7_Customer.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)247-inc.com
-
--->
-<ruleset name="24/7 Customer (partial)">
-
-	<target host="cdn.247ilabs.com" />
-	<target host="psp.247ilabs.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/247exchange.com.xml b/src/chrome/content/rules/247exchange.com.xml
deleted file mode 100644
index c5ddd861c198..000000000000
--- a/src/chrome/content/rules/247exchange.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://broker.247exchange.com/ => https://broker.247exchange.com/: (6, 'Could not resolve host: broker.247exchange.com')
-
--->
-<ruleset name="247exchange.com" default_off='failed ruleset test'>
-	<target host="247exchange.com" />
-	<target host="www.247exchange.com" />
-	<target host="blog.247exchange.com" />
-	<target host="broker.247exchange.com" />
-	<target host="help.247exchange.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/247filmz.xml b/src/chrome/content/rules/247filmz.xml
index 73a1481ae283..3817a6e5ddf1 100644
--- a/src/chrome/content/rules/247filmz.xml
+++ b/src/chrome/content/rules/247filmz.xml
@@ -5,7 +5,7 @@ Fetch error: http://247filmz.com/ => https://247filmz.com/: (51, "SSL: no altern
 Fetch error: http://www.247filmz.com/ => https://www.247filmz.com/: (6, 'Could not resolve host: www.247filmz.com')
 
 -->
-<ruleset name="247filmz" default_off='failed ruleset test'>
+<ruleset name="247filmz" default_off="failed ruleset test">
 
 	<target host="247filmz.com" />
 	<target host="www.247filmz.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.247filmz.com/ => https://www.247filmz.com/: (6, 'Could n
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/24img.com.xml b/src/chrome/content/rules/24img.com.xml
index 46cd2753f689..1f5092abe2a8 100644
--- a/src/chrome/content/rules/24img.com.xml
+++ b/src/chrome/content/rules/24img.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://search.24img.com/ => https://search.24img.com/: (6, 'Could n
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="24img.com" default_off='failed ruleset test'>
+<ruleset name="24img.com" default_off="failed ruleset test">
 
 	<target host="24img.com" />
 	<target host="search.24img.com" />
diff --git a/src/chrome/content/rules/24pay.me.xml b/src/chrome/content/rules/24pay.me.xml
deleted file mode 100644
index 74125c2721b1..000000000000
--- a/src/chrome/content/rules/24pay.me.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="24pay.me">
-	<target host="24pay.me" />
-	<target host="www.24pay.me" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/24paybank.com.xml b/src/chrome/content/rules/24paybank.com.xml
index 73940e4967bf..b75ac446040c 100644
--- a/src/chrome/content/rules/24paybank.com.xml
+++ b/src/chrome/content/rules/24paybank.com.xml
@@ -11,7 +11,7 @@ support2.24paybank.com ¹
 
 ¹ mismatch
 -->
-<ruleset name="24paybank.com" default_off='failed ruleset test'>
+<ruleset name="24paybank.com" default_off="failed ruleset test">
 	<target host="24paybank.com" />
 	<target host="www.24paybank.com" />
 	<target host="support.24paybank.com" />
diff --git a/src/chrome/content/rules/254a.com.xml b/src/chrome/content/rules/254a.com.xml
deleted file mode 100644
index 7696aec103b9..000000000000
--- a/src/chrome/content/rules/254a.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="254a.com">
-
-	<target host="d.254a.com" />
-
-
-	<securecookie host="^d\.254a\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/256stuff.com.xml b/src/chrome/content/rules/256stuff.com.xml
new file mode 100644
index 000000000000..519d69ef2797
--- /dev/null
+++ b/src/chrome/content/rules/256stuff.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www
+		- outside
+-->
+<ruleset name="256stuff.com">
+	<target host="256stuff.com" />
+	<target host="www.256stuff.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.256stuff\.com/" to="https://256stuff.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/25thandclement.com.xml b/src/chrome/content/rules/25thandclement.com.xml
new file mode 100644
index 000000000000..dacc742d9b1f
--- /dev/null
+++ b/src/chrome/content/rules/25thandclement.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="25thandclement.com">
+	<target host="25thandclement.com" />
+	<target host="www.25thandclement.com" />
+	<target host="wilbur.25thandclement.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/2Dialog.com.xml b/src/chrome/content/rules/2Dialog.com.xml
index 28f1e62ac87d..04ca950d87fa 100644
--- a/src/chrome/content/rules/2Dialog.com.xml
+++ b/src/chrome/content/rules/2Dialog.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.2dialog.com/ => http://www.2dialog.com/: Redirect for 'h
 	Some pages redirect to http.../$
 
 -->
-<ruleset name="2Dialog.com (partial)" default_off='failed ruleset test'>
+<ruleset name="2Dialog.com (partial)" default_off="failed ruleset test">
 
 	<target host="2dialog.com" />
 	<target host="www.2dialog.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.2dialog.com/ => http://www.2dialog.com/: Redirect for 'h
 	<rule from="^http://(www\.)?2dialog\.com/([\w-]+/admin\.php|(?:[\w-]+/)?(?:cs|image|j)s/|favicon\.ico)"
 		to="https://$12dialog.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/2GIS.ru.xml b/src/chrome/content/rules/2GIS.ru.xml
index c73c2d5c62c2..2c34c624788a 100644
--- a/src/chrome/content/rules/2GIS.ru.xml
+++ b/src/chrome/content/rules/2GIS.ru.xml
@@ -20,7 +20,8 @@
 <ruleset name="2GIS.ru (partial)">
 
 	<target host="2gis.ru" />
-	<target host="*.2gis.ru" />
+	<target host="app.2gis.ru" />
+	<target host="www.2gis.ru" />
 
 
 	<rule from="^http://(?:(app\.)|www\.)?2gis\.ru/"
diff --git a/src/chrome/content/rules/2K_Games.xml b/src/chrome/content/rules/2K_Games.xml
index e9b8fb965c2e..f8620958fea3 100644
--- a/src/chrome/content/rules/2K_Games.xml
+++ b/src/chrome/content/rules/2K_Games.xml
@@ -1,5 +1,5 @@
 <!--
-	For other 2K Games coverage, see 
+	For other 2K Games coverage, see
 		+ 2K.com.xml
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/2K_Sports.xml b/src/chrome/content/rules/2K_Sports.xml
index beead9daa9b0..1e310410bdf5 100644
--- a/src/chrome/content/rules/2K_Sports.xml
+++ b/src/chrome/content/rules/2K_Sports.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.2ksports.com/ => https://www.2ksports.com/: (35, 'error:
 	For other 2K Games coverage, see 2K_Games.xml.
 
 -->
-<ruleset name="2K Sports.com" default_off='failed ruleset test'>
+<ruleset name="2K Sports.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/2_Ton.com.au.xml b/src/chrome/content/rules/2_Ton.com.au.xml
index ac431509e373..a16e58dff5d8 100644
--- a/src/chrome/content/rules/2_Ton.com.au.xml
+++ b/src/chrome/content/rules/2_Ton.com.au.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.2ton.com.au/ => https://www.2ton.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'www.2ton.com.au'")
 
 -->
-<ruleset name="2 Ton.com.au" default_off='failed ruleset test'>
+<ruleset name="2 Ton.com.au" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/2ch.cm.xml b/src/chrome/content/rules/2ch.cm.xml
index 72f890382316..bf553e49f91a 100644
--- a/src/chrome/content/rules/2ch.cm.xml
+++ b/src/chrome/content/rules/2ch.cm.xml
@@ -5,7 +5,7 @@ Fetch error: http://2ch.cm/ => https://2ch.cm/: (51, "SSL: no alternative certif
 Fetch error: http://www.2ch.cm/ => https://www.2ch.cm/: (51, "SSL: no alternative certificate subject name matches target host name 'www.2ch.cm'")
 
 -->
-<ruleset name="2ch.cm" default_off='failed ruleset test'>
+<ruleset name="2ch.cm" default_off="failed ruleset test">
 
 	<target host="2ch.cm" />
 	<target host="www.2ch.cm" />
diff --git a/src/chrome/content/rules/2ch.net.xml b/src/chrome/content/rules/2ch.net.xml
index c1b9e92d5ee1..ded17a2a59a9 100644
--- a/src/chrome/content/rules/2ch.net.xml
+++ b/src/chrome/content/rules/2ch.net.xml
@@ -12,7 +12,7 @@
 		- Images on (www.)?, (board_name) from www.2ch.net ˢ
 
 		- Ads / bugs, on:
-		
+
 			- (www.)? from img.bbchat.tv ᵈ
 			- www2 from vsc.send.microad.jp ᵈ
 
diff --git a/src/chrome/content/rules/2dehands.be.xml b/src/chrome/content/rules/2dehands.be.xml
index 365ac33c18de..273dccf81d7c 100644
--- a/src/chrome/content/rules/2dehands.be.xml
+++ b/src/chrome/content/rules/2dehands.be.xml
@@ -14,7 +14,7 @@
 		- img.xp	(r)
 		- www.xp2	(r)
 		- img.xp2	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/2ememain.be.xml b/src/chrome/content/rules/2ememain.be.xml
index 7a7ae0c1dea7..32ecae7faa52 100644
--- a/src/chrome/content/rules/2ememain.be.xml
+++ b/src/chrome/content/rules/2ememain.be.xml
@@ -14,7 +14,7 @@
 		- img.xp	(r)
 		- www.xp2	(r)
 		- img.xp2	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/2x.com.xml b/src/chrome/content/rules/2x.com.xml
deleted file mode 100644
index aec295bcdcff..000000000000
--- a/src/chrome/content/rules/2x.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="2x.com">
-	<target host="2x.com" />
-	<target host="www.2x.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/3.cn.xml b/src/chrome/content/rules/3.cn.xml
index 59ccf96b006d..a006043699dd 100644
--- a/src/chrome/content/rules/3.cn.xml
+++ b/src/chrome/content/rules/3.cn.xml
@@ -10,9 +10,8 @@
 	<target host="c0.3.cn" />
 		<test url="http://c0.3.cn/stock?skuId=10309761430&amp;venderId=124424&amp;cat=9987,653,655&amp;area=1_72_2799_0&amp;buyNum=1&amp;extraParam={%22originid%22:%221%22}&amp;ch=1&amp;pduid=1292621468&amp;pdpin=&amp;callback=getStockCallback" />
 	<target host="d.3.cn" />
-		<test url="http://d.3.cn/desc/10055355038?cdn=2&amp;callback=showdesc" />
 	<target host="dc.3.cn" />
-		<test url="http://dc.3.cn/cathot/get2?callback=jQuery3666891&amp;_=1466600720701" />
+		<test url="http://dc.3.cn/cathot/get2" />
 	<target host="p.3.cn" />
 		<test url="http://p.3.cn/prices/get?type=1&amp;area=1_72_2799&amp;pdtk=&amp;pduid=1292621468&amp;pdpin=&amp;pdbp=0&amp;skuid=J_10309761430&amp;callback=cnp" />
 	<target host="px.3.cn" />
diff --git a/src/chrome/content/rules/32Red_Online_Casino.xml b/src/chrome/content/rules/32Red_Online_Casino.xml
index 0ab17c90568b..4ec359e75102 100644
--- a/src/chrome/content/rules/32Red_Online_Casino.xml
+++ b/src/chrome/content/rules/32Red_Online_Casino.xml
@@ -17,7 +17,12 @@
 <ruleset name="32Red Online Casino">
 
 	<target host="32red.com" />
-	<target host="*.32red.com" />
+	<target host="www.32red.com" />
+	<target host="affiliates.32red.com" />
+	<target host="assets.32red.com" />
+	<target host="gamesarcade.32red.com" />
+	<target host="images.32red.com" />
+	<target host="livecasino.32red.com" />
 
 
 	<securecookie host="^(?:affiliates|gamesarcade|livecasino|www)?\.32red\.com$" name=".+" />
@@ -26,7 +31,6 @@
 	<rule from="^http://(?:www\.)?32red\.com/"
 		to="https://www.32red.com/" />
 
-	<rule from="^http://(affiliates|assets|gamesarcade|images|livecasino)\.32red\.com/"
-		to="https://$1.32red.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/33Across.xml b/src/chrome/content/rules/33Across.xml
index e960828ed6e4..ec1abf8e4b5b 100644
--- a/src/chrome/content/rules/33Across.xml
+++ b/src/chrome/content/rules/33Across.xml
@@ -32,7 +32,7 @@
 		<exclusion pattern="^http://socialdna\." />
 
 
-	<securecookie host="^(?:.*\.)?33across\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?33across\.com/"
diff --git a/src/chrome/content/rules/33Bits.org.xml b/src/chrome/content/rules/33Bits.org.xml
deleted file mode 100644
index f3acb3e91833..000000000000
--- a/src/chrome/content/rules/33Bits.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="33Bits.org">
-
-	<target host="33bits.org" />
-	<target host="www.33bits.org" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/33option.com.xml b/src/chrome/content/rules/33option.com.xml
index 9fa061429b67..d530e92b1f33 100644
--- a/src/chrome/content/rules/33option.com.xml
+++ b/src/chrome/content/rules/33option.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://33option.com/ => https://33option.com/: (60, 'SSL certificat
 Fetch error: http://www.33option.com/ => https://www.33option.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="33option.com" default_off='failed ruleset test'>
+<ruleset name="33option.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/350.org.xml b/src/chrome/content/rules/350.org.xml
deleted file mode 100644
index 4ddbb90df781..000000000000
--- a/src/chrome/content/rules/350.org.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<!--
-	Refused:
-		archive.350.org
-		sign.350.org
-
-	Invalid certificate:
-		400.350.org
-		400de.350.org
-		400es.350.org
-		400pt.350.org	
-		dots.350.org
-		earth.350.org
-		help.350.org
-		list.350.org
-		local.350.org (redirect to world.350.org)
-		map.350.org
-		share.350.org
-		archive.workshops.350.org
-
-	Redirect to http:
-		pacific.350.org
-		world.350.org
-
-	No working URL known:
-		offline.350.org
-		stage.350.org
-
-	Handled in Bitly_branded_short_domains.xml:
-		go.350.org
-
--->
-<ruleset name="350.org">
-
-	<target host="350.org" />
-	<target host="www.350.org" />
-	<target host="act.350.org" />
-	<target host="art.350.org" />
-	<target host="campaigns.350.org" />
-	<target host="cdn.350.org" />
-	<target host="chamber.350.org" />
-	<target host="earth.350.org" />
-	<target host="math.350.org" />
-	<target host="maths.350.org" />
-	<target host="radiowave.350.org" />
-	<target host="training.350.org" />
-	<target host="trainings.350.org" />
-	<target host="ar.trainings.350.org" />
-	<target host="de.trainings.350.org" />
-	<target host="es.trainings.350.org" />
-	<target host="fr.trainings.350.org" />
-	<target host="pt.trainings.350.org" />
-	<target host="tr.trainings.350.org" />
-	<target host="zh.trainings.350.org" />
-	<target host="workshops.350.org" />
-
-	<securecookie host="^act\.350\.org$" name=".+" />
-
-	<rule from="^http://earth\.350\.org/"
-		to="https://art.350.org/earth/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/350zEvolution.com.xml b/src/chrome/content/rules/350zEvolution.com.xml
index 94f864bb33b2..19d1aff7c7a4 100644
--- a/src/chrome/content/rules/350zEvolution.com.xml
+++ b/src/chrome/content/rules/350zEvolution.com.xml
@@ -8,7 +8,7 @@
 	<target host="www.350zevolution.com" />
 
 
-	<securecookie host="^(?:.*\.)?350zevolution\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/360Cities.xml b/src/chrome/content/rules/360Cities.xml
index 9930cd0bb0d7..a61a0136ff17 100644
--- a/src/chrome/content/rules/360Cities.xml
+++ b/src/chrome/content/rules/360Cities.xml
@@ -1,25 +1,15 @@
-<!--
-	Nonfunctional subdomains:
-
-		- help
-
--->
 <ruleset name="360Cities (partial)">
 
 	<target host="360cities.net" />
-	<target host="*.360cities.net" />
+	<target host="www.360cities.net" />
+	<target host="cdn1.360cities.net" />
+	<target host="cdn2.360cities.net" />
+	<target host="help.360cities.net" />
 
 
 	<securecookie host="^www\.360cities\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?360cities\.net/"
-		to="https://$1360cities.net/" />
-
-	<rule from="^http://cdn1\.360cities\.net/"
-		to="https://d2dw0c606n9zn3.cloudfront.net/" />
-
-	<rule from="^http://cdn2\.360cities\.net/"
-		to="https://d3tllcxe89i3i3.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/360_Safe.com.xml b/src/chrome/content/rules/360_Safe.com.xml
index 7edda2f6b815..a528dec3cfc0 100644
--- a/src/chrome/content/rules/360_Safe.com.xml
+++ b/src/chrome/content/rules/360_Safe.com.xml
@@ -1,32 +1,15 @@
 <!--
 	For other Qihoo 360 Technology coverage, see 360.cn.xml.
 
-
-	Nonfunctional hosts in *360safe.com:
-
-		- bbs ᵈ
-
-	ᵈ Dropped
-
-
-	Problematic hosts in *360safe.com:
-
-		- dl ᵐ
-		- down ᵐ
-
-	ᵐ Mismatched
-
+	Mismatched:
+		bbs
 -->
-<ruleset name="360 Safe.com (partial)" default_off="mismatched">
+<ruleset name="360_Safe.com">
 
 	<target host="dl.360safe.com" />
 	<target host="down.360safe.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/365_Tickets_Global.com.xml b/src/chrome/content/rules/365_Tickets_Global.com.xml
deleted file mode 100644
index b1a765efb859..000000000000
--- a/src/chrome/content/rules/365_Tickets_Global.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Other 365 Tickets rulesets:
-
-		- 365_Tickets.co.uk.xml
-		- 365_Tickets.com.xml
-		- 365_Tickets_Central.com.xml
-		- 365_Tickets_Scotland.com.xml
-
-
-	(www.) doesn't exist.
-
--->
-<ruleset name="365 Tickets Global.com">
-
-	<target host="*.365ticketsglobal.com" />
-
-
-	<securecookie host="^\.365ticketsglobal\.com$" name=".+" />
-
-
-	<rule from="^http://(cs|image)s\.365ticketsglobal\.com/"
-		to="https://$1s.365ticketsglobal.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/36Kr.xml b/src/chrome/content/rules/36Kr.xml
index 929ab9dd7f29..34018363174f 100644
--- a/src/chrome/content/rules/36Kr.xml
+++ b/src/chrome/content/rules/36Kr.xml
@@ -4,7 +4,7 @@
 		events.36kr.com
 		qiye.36kr.com
 		research.36kr.com
-		
+
 		krspace.cn
 -->
 
@@ -18,7 +18,7 @@
 	<target host="rong.36kr.com" />
 	<target host="www.36kr.com" />
 	<target host="z.36kr.com" />
-	
+
 	<target host="a.36krcnd.com" />
 	<target host="pic.36krcnd.com" />
 	<target host="sta.36krcnd.com" />
diff --git a/src/chrome/content/rules/38.de.xml b/src/chrome/content/rules/38.de.xml
index 7fb95349b831..3428213ee900 100644
--- a/src/chrome/content/rules/38.de.xml
+++ b/src/chrome/content/rules/38.de.xml
@@ -8,7 +8,7 @@
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="38.de" default_off="missing certificate chain">
+<ruleset name="38.de" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
@@ -19,7 +19,7 @@
 	<target host="38.de" />
 
 		<test url="http://www.38.de/" />
-	
+
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/38degrees.xml b/src/chrome/content/rules/38degrees.xml
index 49bc208c5724..a707cc835528 100644
--- a/src/chrome/content/rules/38degrees.xml
+++ b/src/chrome/content/rules/38degrees.xml
@@ -12,7 +12,7 @@
 					-->
 	<!--securecookie host="^you\.38degrees\.org\.uk$" name="^_agra_session$" /-->
 
-    <securecookie host="^(?:.*\.)?38degrees\.org\.uk$" name=".+" />
+    <securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/3Blue1Brown.com.xml b/src/chrome/content/rules/3Blue1Brown.com.xml
new file mode 100644
index 000000000000..3e1f7e72e86a
--- /dev/null
+++ b/src/chrome/content/rules/3Blue1Brown.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="3Blue1Brown.com">
+	<target host="3blue1brown.com" />
+	<target host="www.3blue1brown.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3DCenter.org.xml b/src/chrome/content/rules/3DCenter.org.xml
index d7f9b5fb33c0..57b83cf6b455 100644
--- a/src/chrome/content/rules/3DCenter.org.xml
+++ b/src/chrome/content/rules/3DCenter.org.xml
@@ -21,6 +21,6 @@
 	<rule from="^http://3dcenter\.org/"
 			to="https://www.3dcenter.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/3DStats.xml b/src/chrome/content/rules/3DStats.xml
deleted file mode 100644
index bffa312923ca..000000000000
--- a/src/chrome/content/rules/3DStats.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- 3dstats.com
-		- www.3dstats.com
-
--->
-<ruleset name="3DStats.com">
-
-	<target host="3dstats.com"/>
-	<target host="www.3dstats.com"/>
-
-		<test url="http://www.3dstats.com/cgi-bin/connect.cgi?usr=" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?3dstats\.com$" name="^NC1U$" /-->
-
-	<securecookie host="^(?:.*\.)?3dstats\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/3D_Robotics.com.xml b/src/chrome/content/rules/3D_Robotics.com.xml
index ff41d350ef67..6b4c6a76482a 100644
--- a/src/chrome/content/rules/3D_Robotics.com.xml
+++ b/src/chrome/content/rules/3D_Robotics.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.store.3drobotics.com/ => https://www.store.3drobotics.co
 	* Secured by us
 
 -->
-<ruleset name="3D Robotics.com (partial)" default_off='failed ruleset test'>
+<ruleset name="3D Robotics.com (partial)" default_off="failed ruleset test">
 
 	<target host="store.3drobotics.com" />
 	<target host="www.store.3drobotics.com" />
diff --git a/src/chrome/content/rules/3D_Vision_Live.com.xml b/src/chrome/content/rules/3D_Vision_Live.com.xml
deleted file mode 100644
index fa6301b5df9a..000000000000
--- a/src/chrome/content/rules/3D_Vision_Live.com.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	For other nVidia coverage, see NVidia.xml.
-
-
-	Nonfunctional subdomains:
-
-		- photos	(refused)
-
-
-	Problematic subdomains:
-
-		- ^		(dropped)
-		- api.photos	(shows api.beta; self-signed, CN: api.beta.phereo.com)
-		- www		(expired 2013-12-04)
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- www *
-			- api.photos
-			- photos.3dvisionlive.s3.amazonaws.com via api.photos *
-			- www.fordela.com
-
-		- Web bugs, on www from omniture.nvidia.com *
-
-	* Secured by us
-
--->
-<ruleset name="3D Vision Live.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.3dvisionlive.com" />
-
-	<!--	Complications:
-				-->
-	<target host="3dvisionlive.com" />
-
-
-	<securecookie host="^\.3dvisionlive\.com$" name=".+" />
-
-
-	<rule from="^http://3dvisionlive\.com/"
-		to="https://www.3dvisionlive.com/" />
-
-	<!--rule from="^http://api\.photos\.3dvisionlive\.com/imagestore/(\w{32})/thumb/square/208/"
-		to="https://s3.amazonaws.com/photos.3dvisionlive/$2/images/$1/cached.thumb.square.208.208.0.0" /-->
-	<!--
-		\2 is unpredictable; e.g. DarkStarSword, DaveAugust, Stuart, teface, etc.	-->
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/3bbwifi.com.xml b/src/chrome/content/rules/3bbwifi.com.xml
index 3d8dcac15c04..1fb8eaca8f1a 100644
--- a/src/chrome/content/rules/3bbwifi.com.xml
+++ b/src/chrome/content/rules/3bbwifi.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://3bbwifi.com/ => https://www.3bbwifi.com/: (60, 'SSL certific
 Fetch error: http://www.3bbwifi.com/ => https://www.3bbwifi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="3bbwifi.com" default_off='failed ruleset test'>
+<ruleset name="3bbwifi.com" default_off="failed ruleset test">
   <target host="3bbwifi.com" />
   <target host="www.3bbwifi.com" />
 
diff --git a/src/chrome/content/rules/3conline.com.xml b/src/chrome/content/rules/3conline.com.xml
index 1b153bbcbfe0..44e78147d47d 100644
--- a/src/chrome/content/rules/3conline.com.xml
+++ b/src/chrome/content/rules/3conline.com.xml
@@ -11,8 +11,8 @@ Fetch error: http://js.3conline.com/ => https://js.3conline.com/: (28, 'Connecti
 		- www
 -->
 
-<ruleset name="3conline.com (partial)" default_off='failed ruleset test'>
-  
+<ruleset name="3conline.com (partial)" default_off="failed ruleset test">
+
 	<target host="i1.3conline.com" />
 	<target host="i2.3conline.com" />
 	<target host="i3.3conline.com" />
diff --git a/src/chrome/content/rules/3ders.org.xml b/src/chrome/content/rules/3ders.org.xml
new file mode 100644
index 000000000000..812016c74e73
--- /dev/null
+++ b/src/chrome/content/rules/3ders.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Chain issue, missing intermediate:
+		- forum.3ders.org
+-->
+
+<ruleset name="3ders.org">
+	<target host="3ders.org" />
+	<target host="www.3ders.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/3sat.xml b/src/chrome/content/rules/3sat.xml
index 8104f510c603..bccbd1b00f2c 100644
--- a/src/chrome/content/rules/3sat.xml
+++ b/src/chrome/content/rules/3sat.xml
@@ -1,15 +1,35 @@
 <!--
+	Invalid certificate:
+		- www.pressetreff
+
 	Mismatch:
 		- webstory
+
+	Non-2xx HTTP code:
+		- player
 -->
-<ruleset name="3sat" default_off='breaks video streaming'>
+<ruleset name="3sat.de">
+
 	<target host="3sat.de"/>
 	<target host="www.3sat.de"/>
-	<target host="appproxy.3sat.de"/>
+	<target host="api.3sat.de" />
+	<target host="archiv.3sat.de" />
 	<target host="blog.3sat.de"/>
+	<target host="dev.3sat.de" />
 	<target host="forum.3sat.de"/>
+	<target host="hbbtv.3sat.de" />
+	<target host="kurz.3sat.de" />
+	<target host="ngp.3sat.de" />
+	<target host="origin.3sat.de" />
+	<target host="podcast.3sat.de" />
+	<target host="presse.3sat.de" />
 	<target host="pressetreff.3sat.de"/>
+	<target host="quiz.3sat.de" />
+	<target host="tmd.3sat.de" />
+	<target host="webapp.3sat.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:"/>
 
-	<rule from="^http:"
-		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/3suisses.de.xml b/src/chrome/content/rules/3suisses.de.xml
deleted file mode 100644
index d05d3bd2c0aa..000000000000
--- a/src/chrome/content/rules/3suisses.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="3suisses.de">
-  <target host="3suisses.de" />
-  <target host="www.3suisses.de" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/3taps.xml b/src/chrome/content/rules/3taps.xml
index 2fe2cd365ee3..6ebb54a8ff55 100644
--- a/src/chrome/content/rules/3taps.xml
+++ b/src/chrome/content/rules/3taps.xml
@@ -6,7 +6,7 @@ Fetch error: http://developer.3taps.com/ => https://developer.3taps.com/: (51, "
 Fetch error: http://www.3taps.com/ => https://www.3taps.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="3taps" default_off='failed ruleset test'>
+<ruleset name="3taps" default_off="failed ruleset test">
 
 	<target host="3taps.com" />
 	<target host="developer.3taps.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.3taps.com/ => https://www.3taps.com/: (60, 'SSL certific
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/3v1n0.net.xml b/src/chrome/content/rules/3v1n0.net.xml
index 048322d452b8..d3718ff44dab 100644
--- a/src/chrome/content/rules/3v1n0.net.xml
+++ b/src/chrome/content/rules/3v1n0.net.xml
@@ -2,7 +2,7 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- blog from fonts.googleapis.com ˢ
 			- www from tumblelog.3v1n0.net ˢ
 			- www from www.3v1n0.net ˢ
diff --git a/src/chrome/content/rules/42Floors.com.xml b/src/chrome/content/rules/42Floors.com.xml
index 8bd4015b8c86..9f821890956b 100644
--- a/src/chrome/content/rules/42Floors.com.xml
+++ b/src/chrome/content/rules/42Floors.com.xml
@@ -27,7 +27,7 @@ Fetch error: http://images.42floors.com/ => https://images.42floors.com/: (6, 'C
 	² Secured by us
 
 -->
-<ruleset name="42Floors.com (partial)" default_off='failed ruleset test'>
+<ruleset name="42Floors.com (partial)" default_off="failed ruleset test">
 
 	<target host="42floors.com" />
 	<target host="cdn.42floors.com" />
diff --git a/src/chrome/content/rules/435_by_MJC.com.xml b/src/chrome/content/rules/435_by_MJC.com.xml
index 44241c7cbe39..b12646d38f12 100644
--- a/src/chrome/content/rules/435_by_MJC.com.xml
+++ b/src/chrome/content/rules/435_by_MJC.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.435bymjc.com/ => https://www.435bymjc.com/: (60, 'SSL ce
 		- www.435bymjc.com
 
 -->
-<ruleset name="435 by MJC.com" default_off='failed ruleset test'>
+<ruleset name="435 by MJC.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/43rumors.com.xml b/src/chrome/content/rules/43rumors.com.xml
new file mode 100644
index 000000000000..00522c9de72e
--- /dev/null
+++ b/src/chrome/content/rules/43rumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="43rumors.com">
+	<target host="43rumors.com" />
+	<target host="www.43rumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/451-Group.xml b/src/chrome/content/rules/451-Group.xml
index 0a67f11cf648..1e5017b81d8c 100644
--- a/src/chrome/content/rules/451-Group.xml
+++ b/src/chrome/content/rules/451-Group.xml
@@ -3,7 +3,7 @@
 	<target host="451research.com"/>
 	<target host="www.451research.com"/>
 
-	<securecookie host="^(?:.*\.)?451research\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/4D.com.xml b/src/chrome/content/rules/4D.com.xml
index e65eac2f5652..9cea66d66c22 100644
--- a/src/chrome/content/rules/4D.com.xml
+++ b/src/chrome/content/rules/4D.com.xml
@@ -6,13 +6,12 @@
 -->
 <ruleset name="4D.com (partial)">
 
-	<target host="*.4d.com" />
+	<target host="store.4d.com" />
 
 
 	<securecookie host="^\.store\.4d\.com$" name=".+" />
 
 
-	<rule from="^http://store\.4d\.com/"
-		to="https://store.4d.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/4DO.xml b/src/chrome/content/rules/4DO.xml
index 58e8c75870a5..fd1f5c59b2ce 100644
--- a/src/chrome/content/rules/4DO.xml
+++ b/src/chrome/content/rules/4DO.xml
@@ -2,7 +2,9 @@
 
 	<!--	Cert: *.ipage.com	-->
 	<target host="fourdo.com" />
-	<target host="*.fourdo.com" />
+	<target host="www.fourdo.com" />
+	<target host="forum.fourdo.com" />
+	<target host="wiki.fourdo.com" />
 
 
 	<securecookie host="^.*\.fourdo\.com$" name=".+" />
@@ -12,7 +14,6 @@
 	<rule from="^http://(?:www\.)?fourdo\.com/"
 		to="https://www.fourdo.com/" />
 
-	<rule from="^http://(forum|wiki)\.fourdo\.com/"
-		to="https://$1.fourdo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/4Tulemar.xml b/src/chrome/content/rules/4Tulemar.xml
deleted file mode 100644
index 28c9eeec7977..000000000000
--- a/src/chrome/content/rules/4Tulemar.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://resources.4tulemar.com/ => https://resources.4tulemar.com/: (6, 'Could not resolve host: resources.4tulemar.com')
-
-	Mixed content:
-
-		Scripts from:
-
-			- www.jscache.com *
-			- www.tripadvisor.com *
-
-		css from:
-
-			- c1.tacdn.com *
-
-		Image from:
-
-			- resources.4tulemar.com *
-
-	* Secured by us
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="4Tulemar" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="4tulemar.com" />
-	<target host="resources.4tulemar.com" />
-	<target host="www.4tulemar.com" />
-
-
-	<securecookie host=".*\.4tulemar\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/4chan.xml b/src/chrome/content/rules/4chan.xml
index 4410d888cb8c..2fb4acd8e0f2 100644
--- a/src/chrome/content/rules/4chan.xml
+++ b/src/chrome/content/rules/4chan.xml
@@ -33,6 +33,7 @@
 
 	<target host="4channel.org" />
 	<target host="www.4channel.org" />
+	<target host="boards.4channel.org" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/4gamer.net.xml b/src/chrome/content/rules/4gamer.net.xml
index 9fb642a3ff72..03483c12eb68 100644
--- a/src/chrome/content/rules/4gamer.net.xml
+++ b/src/chrome/content/rules/4gamer.net.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?4gamer\.net/(favicon\.ico|images/)"
 		to="https://www.4gamer.net/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/4sevens.xml b/src/chrome/content/rules/4sevens.xml
index 21c867d3f559..7828e2b4d682 100644
--- a/src/chrome/content/rules/4sevens.xml
+++ b/src/chrome/content/rules/4sevens.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.4sevens.com/ => https://www.4sevens.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://4sevens.com/ => https://www.4sevens.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="4sevens" default_off='failed ruleset test'>
+<ruleset name="4sevens" default_off="failed ruleset test">
   <target host="www.4sevens.com" />
   <target host="4sevens.com" />
 
diff --git a/src/chrome/content/rules/5000etherhomepage.com.xml b/src/chrome/content/rules/5000etherhomepage.com.xml
deleted file mode 100644
index fec2675dd568..000000000000
--- a/src/chrome/content/rules/5000etherhomepage.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="5000etherhomepage.com">
-	<target host="5000etherhomepage.com" />
-	<target host="www.5000etherhomepage.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/500px.org.xml b/src/chrome/content/rules/500px.org.xml
index 2dc25d4c7780..7b8fc39a8167 100644
--- a/src/chrome/content/rules/500px.org.xml
+++ b/src/chrome/content/rules/500px.org.xml
@@ -1,27 +1,34 @@
 <!--
 	For other 500px coverage, see 500px.com.xml.
 
+	Invalid certificate:
+		500px.org
+		www.500px.org
 
-	CDN buckets:
-
-		- wac.6614.edgecastcdn.net/??6614/
-
-			- pacdn
-			- ppcdn
+	Different content http/https:
+		assetcdn2.500px.org
 
+	No working URL known:
+		pgcdn.500px.org
+		prcdn.500px.org
 -->
 <ruleset name="500px.org (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="assetcdn.500px.org" />
+		<test url="http://assetcdn.500px.org/assets/static_pages/home/home_feed-2cdb8fbf9e98212d61e977b0149c0b18.jpg" />
+	<target host="dlcdn.500px.org" />
+	<target host="drscdn.500px.org" />
+		<test url="http://drscdn.500px.org/user_avatar/2403507/q%3D85_w%3D100_h%3D100/v2?webp=true&amp;v=6&amp;sig=7d0ccb896d7d259e3bca7f573ff040c21dc18706e2e74b64e662c9105abe621a" />
+	<target host="mktcdn.500px.org" />
 	<target host="pacdn.500px.org" />
+		<test url="http://pacdn.500px.org/7414565/dcd94655030015b53af308862d328d74f0feb6e4/cover_2048.jpg" />
 	<target host="ppcdn.500px.org" />
+		<test url="http://ppcdn.500px.org/96496237/c4fed65b554428956caf9c1792fbe9ad88131b24/2048.jpg" />
 	<target host="primecdn.500px.org" />
 
 		<!--	404:
 				-->
-		<exclusion pattern="^http://assetcdn\.500px\.org/$" />
+		<exclusion pattern="^http://(asset|drs|pa|pp)cdn\.500px\.org/$" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/51fanli.net.xml b/src/chrome/content/rules/51fanli.net.xml
index 1afa4dde29c7..5db79933ec03 100644
--- a/src/chrome/content/rules/51fanli.net.xml
+++ b/src/chrome/content/rules/51fanli.net.xml
@@ -1,13 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://static.51fanli.net/ => https://static.51fanli.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	For other Fanli coverage, see Fanli.com.xml.
 
-	Mismatch:
-		imagefile.51fanli.com
+  Expired Certificate:
+    imagefile.51fanli.net
 -->
 
 <ruleset name="51fanli.net">
 	<target host="51fanli.net" />
-	<target host="imagefile.51fanli.net" />
 	<target host="imagefile2.51fanli.net" />
 	<target host="l0.51fanli.net" />
 	<target host="l1.51fanli.net" />
@@ -20,15 +24,10 @@
 	<target host="spic3.51fanli.net" />
 	<target host="spic4.51fanli.net" />
 	<target host="spic5.51fanli.net" />
-	<target host="static.51fanli.net" />
+	<!-- target host="static.51fanli.net" /-->
 	<target host="static2.51fanli.net" />
 	<target host="www.51fanli.net" />
 
-	<target host="imagefile.51fanli.com" />
-	<rule from="^http://imagefile\.51fanli\.com/"
-			to="https://imagefile.51fanli.net/" />
-		<test url="http://imagefile.51fanli.com/UploadPic/2010/8/17/2010817192827470.jpg" />
-
 	<securecookie host="^\w" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/55ch.org.xml b/src/chrome/content/rules/55ch.org.xml
index acf1b118b4c9..d1bb32bf6765 100644
--- a/src/chrome/content/rules/55ch.org.xml
+++ b/src/chrome/content/rules/55ch.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://55ch.org/ => https://55ch.org/: (35, 'error:14077410:SSL rou
 Fetch error: http://www.55ch.org/ => https://www.55ch.org/: (7, 'Failed to connect to www.55ch.org port 443: Connection refused')
 
 -->
-<ruleset name="55ch.org" default_off='failed ruleset test'>
+<ruleset name="55ch.org" default_off="failed ruleset test">
 
 	<target host="55ch.org" />
 	<target host="www.55ch.org" />
diff --git a/src/chrome/content/rules/58.com.xml b/src/chrome/content/rules/58.com.xml
index 52415b55abff..c3b56b8d1a20 100644
--- a/src/chrome/content/rules/58.com.xml
+++ b/src/chrome/content/rules/58.com.xml
@@ -14,6 +14,7 @@
 		pic2.58.com		( https://pic2.58.com/m58/app58/m_static/home.html )
 		api.wireless.58.com
 		api.wap.58.com
+    flash.bangbang.58.com
 
 	Redirects to 404 error page:
 		^58.com
@@ -23,14 +24,15 @@
 		jing.58.com
 		verifycode.58.com
 		(city).58.com	( bj.58.com and so on. )
+
+  502
+    tracklog.58.com
 -->
 
 <ruleset name="58.com (partial)">
 	<target host="404.58.com" />
 	<target host="api.58.com" />
 		<test url="http://api.58.com/comm/nearCities-bj" />
-	<target host="flash.bangbang.58.com" />
-		<test url="http://flash.bangbang.58.com/web/im_filter_1.3.swf" />
 	<target host="cube.58.com" />
 		<test url="http://cube.58.com/cube/loadPromotionData" />
 	<target host="dk.58.com" />
@@ -42,8 +44,6 @@
 	<target host="passport.58.com" />
 	<target host="static.58.com" />
 	<target host="status.58.com" />
-	<target host="tracklog.58.com" />
-		<test url="http://tracklog.58.com/pc/click/empty.js.gif" />
 	<target host="tuiguang.58.com" />
 	<target host="refresh.vip.58.com" />
 		<test url="http://refresh.vip.58.com/common/novipprice" />
diff --git a/src/chrome/content/rules/5NINES.xml b/src/chrome/content/rules/5NINES.xml
index bb3c63d81f73..3c9f0edad71e 100644
--- a/src/chrome/content/rules/5NINES.xml
+++ b/src/chrome/content/rules/5NINES.xml
@@ -9,7 +9,7 @@ Fetch error: http://portal.5ninesdata.com/ => https://portal.5ninesdata.com/: (2
 		- (www.)enjoy5nines.com		(ditto)
 
 -->
-<ruleset name="5NINES (partial)" default_off='failed ruleset test'>
+<ruleset name="5NINES (partial)" default_off="failed ruleset test">
 
 	<target host="portal.5ninesdata.com" />
 
diff --git a/src/chrome/content/rules/5ch.xml b/src/chrome/content/rules/5ch.xml
new file mode 100644
index 000000000000..dc7c80a0d85c
--- /dev/null
+++ b/src/chrome/content/rules/5ch.xml
@@ -0,0 +1,44 @@
+<ruleset name="5ch.net">
+	<target host="5ch.net" />
+	<target host="*.5ch.net" />
+	<test url="http://www2.5ch.net/" />
+	<test url="http://itest.5ch.net/" />
+	<test url="http://premium.5ch.net/" />
+	<test url="http://be.5ch.net/" />
+	<test url="http://i.5ch.net/" />
+	<test url="http://headline.5ch.net/" />
+	<test url="http://newsnavi.5ch.net/" />
+	<test url="http://info.5ch.net/" />
+	<test url="http://o.5ch.net/" />
+	<test url="http://stat.5ch.net/" />
+	<test url="http://find.5ch.net/" />
+	<test url="http://menu.5ch.net/" />
+	<test url="http://dig.5ch.net/" />
+	<test url="http://qb5.5ch.net/" />
+
+	<test url="http://agree.5ch.net/" />
+	<test url="http://asahi.5ch.net/" />
+	<test url="http://egg.5ch.net/" />
+	<test url="http://fate.5ch.net/" />
+	<test url="http://hayabusa9.5ch.net/" />
+	<test url="http://hebi.5ch.net/" />
+	<test url="http://himawari.5ch.net/" />
+	<test url="http://krsw.5ch.net/" />
+	<test url="http://lavender.5ch.net/" />
+	<test url="http://leia.5ch.net/" />
+	<test url="http://mao.5ch.net/" />
+	<test url="http://matsuri.5ch.net/" />
+	<test url="http://medaka.5ch.net/" />
+	<test url="http://mevius.5ch.net/" />
+	<test url="http://nhk2.5ch.net/" />
+	<test url="http://rio2016.5ch.net/" />
+	<test url="http://rosie.5ch.net/" />
+	<test url="http://swallow.5ch.net/" />
+	<test url="http://tanuki.5ch.net/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/5min.com.xml b/src/chrome/content/rules/5min.com.xml
index d699dc1478b8..b7fcc5b390e4 100644
--- a/src/chrome/content/rules/5min.com.xml
+++ b/src/chrome/content/rules/5min.com.xml
@@ -61,7 +61,7 @@ Fetch error: http://pthumbnails.5min.com/ => https://thumbnails.5min.com/: (60,
 	* Akamai
 
 -->
-<ruleset name="5min.com (partial)" default_off='failed ruleset test'>
+<ruleset name="5min.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/5vpn.net.xml b/src/chrome/content/rules/5vpn.net.xml
deleted file mode 100644
index 1c49aefd7f78..000000000000
--- a/src/chrome/content/rules/5vpn.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="5vpn.net">
-
-	<target host="5vpn.net" />
-	<target host="www.5vpn.net" />
-
-
-	<securecookie host="^(?:www\.)?5vpn.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/66option.com.xml b/src/chrome/content/rules/66option.com.xml
deleted file mode 100644
index 92a8a84c3999..000000000000
--- a/src/chrome/content/rules/66option.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="66option.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="66option.com" />
-	<target host="news.66option.com" />
-	<target host="www.66option.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/680news.com.xml b/src/chrome/content/rules/680news.com.xml
new file mode 100644
index 000000000000..a678585d2d54
--- /dev/null
+++ b/src/chrome/content/rules/680news.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Active mixed content:
+		- player.680news.com
+		- pmd.680news.com
+
+	Invalid certificate:
+		- live.680news.com
+
+	Timed out:
+		- 680news.com, equivalent to www.680news.com
+-->
+
+<ruleset name="680news.com">
+	<target host="680news.com" />
+	<target host="www.680news.com" />
+
+	<rule from="^http://680news\.com/"
+		to="https://www.680news.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/6PM.com.xml b/src/chrome/content/rules/6PM.com.xml
deleted file mode 100644
index aecbef4ad1cb..000000000000
--- a/src/chrome/content/rules/6PM.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-	
-
-	Note: This site blocks Tor users
-
-
-	(www.)?: Mismatched
-
--->
-<ruleset name="6PM.com (partial)" default_off="needs clearnet testing">
-
-	<target host="secure-www.6pm.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/6Scan_Security.com.xml b/src/chrome/content/rules/6Scan_Security.com.xml
deleted file mode 100644
index f3cd6c21a7c9..000000000000
--- a/src/chrome/content/rules/6Scan_Security.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="6Scan Security.com">
-	<target host="6scansecurity.com" />
-	<target host="www.6scansecurity.com" />
-	<target host="billing.6scansecurity.com" />
-	<target host="portal.6scansecurity.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/6april.org.xml b/src/chrome/content/rules/6april.org.xml
deleted file mode 100644
index 439bac3ae5b2..000000000000
--- a/src/chrome/content/rules/6april.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="6april.org">
-	<target host="6april.org" />
-	<target host="www.6april.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/6to4.ru.xml b/src/chrome/content/rules/6to4.ru.xml
deleted file mode 100644
index 60f957bf7f8c..000000000000
--- a/src/chrome/content/rules/6to4.ru.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!--
-www.6to4.ru nonexist
--->
-<ruleset name="6to4.ru">
-	<target host="6to4.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/6xq.net.xml b/src/chrome/content/rules/6xq.net.xml
index eeb062a71207..41c0554a742a 100644
--- a/src/chrome/content/rules/6xq.net.xml
+++ b/src/chrome/content/rules/6xq.net.xml
@@ -3,12 +3,12 @@
 		SSL peer certificate was not OK:
 			 - ns.6xq.net
 
+    Connection refused:
+      - luna.6xq.net
+
 -->
 <ruleset name="6xq.net">
 	<target host="6xq.net" />
-	<target host="www.6xq.net" />
-	<target host="luna.6xq.net" />
-		<test url="http://luna.6xq.net/luna.png" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/7-Eleven.com.xml b/src/chrome/content/rules/7-Eleven.com.xml
index 97428923c846..cbbdbba3b91b 100644
--- a/src/chrome/content/rules/7-Eleven.com.xml
+++ b/src/chrome/content/rules/7-Eleven.com.xml
@@ -1,84 +1,22 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://apply.7-eleven.com/ => https://apply.7-eleven.com/: (51, "SSL: no alternative certificate subject name matches target host name 'apply.7-eleven.com'")
-
-	Nonfunctional hosts in *7-eleven.com:
-
-		- blog.franchise ¹
-		- www.realestate ²
-
-	¹ Refused
-	² Dropped
-
-
-	Problematic hosts in *7-eleven.com:
-	
-		- ^ *
-		- careers *
-		- corp *
-		- franchise *
-
-	* Mismatched
-
-
-	Mixed content:
-
-		- Bugs, on;
-
-			- sites from b.collective-media.net *
-			- sites from pubads.g.doubleclick.net
-
-	* Secured by us
-
+	Non-functional hosts
+		Timeout was reached:
+		- 7-eleven.com
+		- realestate.7-eleven.com
+		- www.realestate.7-eleven.com
+
+		SSL peer certificate was not OK:
+		- apply.7-eleven.com
+		- blog.franchise.7-eleven.com
+		- sites.7-eleven.com
 -->
-<ruleset name="7-Eleven.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="apply.7-eleven.com" />
-	<target host="sites.7-eleven.com" />
+<ruleset name="7-Eleven.com (partial)">
 	<target host="www.7-eleven.com" />
-
-	<!--	Complications:
-				-->
-	<target host="7-eleven.com" />
 	<target host="careers.7-eleven.com" />
 	<target host="corp.7-eleven.com" />
 	<target host="franchise.7-eleven.com" />
 
-		<test url="http://careers.7-eleven.com/careers/Careers.html" />
-		<test url="http://sites.7-eleven.com/franchise/home" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^\.7-eleven\.com$" name="^__qca$" />
-
-
-	<rule from="^http://7-eleven\.com/"
-		to="https://www.7-eleven.com/" />
-
-	<!--	Redirect drops args and forward slash:
-							-->
-	<rule from="^http://careers\.7-eleven\.com/+(?:\?.*)?$"
-		to="https://sites.7-eleven.com/careers/Careers.html" />
-
-		<test url="http://careers.7-eleven.com//" />
-		<test url="http://careers.7-eleven.com/?" />
-
-	<!--	Redirect drops args and forward slash:
-							-->
-	<rule from="^http://franchise\.7-eleven\.com/+(?:\?.*)?$"
-		to="https://sites.7-eleven.com/franchise/home" />
-
-		<test url="http://franchise.7-eleven.com//" />
-		<test url="http://franchise.7-eleven.com/?" />
-
-	<rule from="^http://(?:careers|corp|franchise)\.7-eleven\.com/"
-		to="https://sites.7-eleven.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/7-Zip.org.xml b/src/chrome/content/rules/7-Zip.org.xml
new file mode 100644
index 000000000000..de74249a118c
--- /dev/null
+++ b/src/chrome/content/rules/7-Zip.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="7-Zip.org">
+
+	<target host="7-zip.org" />
+	<target host="www.7-zip.org" />
+	<target host="d.7-zip.org" />
+	<target host="dl.7-zip.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/7Headlines.com.xml b/src/chrome/content/rules/7Headlines.com.xml
deleted file mode 100644
index e0830a2a803e..000000000000
--- a/src/chrome/content/rules/7Headlines.com.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	For other Pixnet coverage, see Pixnet.net.xml.
-
-
-	CDN buckets:
-
-		- asset-7headlines.pixfs.net
-
-
-	^7headlines.com: Refused
-	asset.7headlines.net: 503, akamai
-
--->
-<ruleset name="7Headlines.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.7headlines.com" />
-
-	<!--	Complications:
-				-->
-	<target host="7headlines.com" />
-	<target host="asset.7headlines.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.7headlines\.com$" name="^7headlines$" /-->
-
-	<securecookie host="^\.7headlines\.com$" name=".+" />
-
-
-	<rule from="^http://7headlines\.com/"
-		to="https://www.7headlines.com/" />
-
-	<!--	s? for protocol-relative inclusions
-						-->
-	<rule from="^https?://asset\.7headlines\.net/"
-		to="https://asset-7headlines.pixfs.net/" />
-
-		<test url="https://asset.7headlines.net/style/images/paper-bg.png" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/7_Elements.co.uk.xml b/src/chrome/content/rules/7_Elements.co.uk.xml
index 0a416d1689cb..682ff45af2dd 100644
--- a/src/chrome/content/rules/7_Elements.co.uk.xml
+++ b/src/chrome/content/rules/7_Elements.co.uk.xml
@@ -9,7 +9,7 @@ Non-2xx HTTP code: http://7elements.co.uk/ (200) => https://7elements.co.uk/ (40
 		- www.7elements.co.uk
 
 -->
-<ruleset name="7 Elements.co.uk" default_off='failed ruleset test'>
+<ruleset name="7 Elements.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/7search.com.xml b/src/chrome/content/rules/7search.com.xml
deleted file mode 100644
index d4617af617d3..000000000000
--- a/src/chrome/content/rules/7search.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional hosts in *7search.com:
-
-		- blog *
-		- faq *
-
-	* Refused
-
--->
-<ruleset name="7search.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="7search.com" />
-	<target host="conversion.7search.com" />
-	<target host="www.7search.com" />
-
-		<test url="http://conversion.7search.com/conversion/v1/?advid=&amp;urlid=&amp;type=purchase&amp;value=1&amp;noscript=1" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/7terminals.com.xml b/src/chrome/content/rules/7terminals.com.xml
deleted file mode 100644
index d98f7fffbb5f..000000000000
--- a/src/chrome/content/rules/7terminals.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from ^self...:9000
-
--->
-<ruleset name="7terminals.com">
-
-	<target host="7terminals.com" />
-	<target host="www.7terminals.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/80s_Purple.com.xml b/src/chrome/content/rules/80s_Purple.com.xml
index df30f27eb2f9..0c6bb197559e 100644
--- a/src/chrome/content/rules/80s_Purple.com.xml
+++ b/src/chrome/content/rules/80s_Purple.com.xml
@@ -32,7 +32,9 @@ Fetch error: http://80spurple.com/ => https://80spurple.com/: (28, 'Operation ti
 <ruleset name="80s Purple.com">
 
 	<target host="80spurple.com" />
-	<target host="*.80spurple.com" />
+	<target host="smcdn.80spurple.com" />
+	<target host="news.80spurple.com" />
+	<target host="www.80spurple.com" />
 
 
 	<securecookie host=".*\.80spurple\.com$" name=".+" />
@@ -41,4 +43,4 @@ Fetch error: http://80spurple.com/ => https://80spurple.com/: (28, 'Operation ti
 	<rule from="^http://(?:smcdn\.|(news\.|www\.))?80spurple\.com/"
 		to="https://$180spurple.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/888173.net-falsemixed.xml b/src/chrome/content/rules/888173.net-falsemixed.xml
index 6dce3aa9573b..fffe526cc5bd 100644
--- a/src/chrome/content/rules/888173.net-falsemixed.xml
+++ b/src/chrome/content/rules/888173.net-falsemixed.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="888173.net (false MCB)" platform="mixedcontent">
 
-	<target host="*.888173.net" />
+	<target host="www.888173.net" />
 
 
-	<securecookie host="^\.888173\.net$" name=".+" />
 
-
-	<rule from="^http://www\.888173\.net/"
-		to="https://www.888173.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/888VoIP.com.xml b/src/chrome/content/rules/888VoIP.com.xml
index 95c888019d7b..b0824b616e25 100644
--- a/src/chrome/content/rules/888VoIP.com.xml
+++ b/src/chrome/content/rules/888VoIP.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://888voip.com/ => https://888voip.com/: Too many redirects whi
 Fetch error: http://www.888voip.com/ => https://www.888voip.com/: Too many redirects while fetching 'https://www.888voip.com/'
 
 -->
-<ruleset name="888VoIP.com" default_off='failed ruleset test'>
+<ruleset name="888VoIP.com" default_off="failed ruleset test">
 
 	<target host="888voip.com" />
 	<target host="www.888voip.com" />
diff --git a/src/chrome/content/rules/8R.com.xml b/src/chrome/content/rules/8R.com.xml
deleted file mode 100644
index 7b9f46785808..000000000000
--- a/src/chrome/content/rules/8R.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-<!--
-	^: Dropped
-
-
-	Insecure cookies are set for these domains:
-
-		- 8r.com
-		- .8r.com
-		- www.8r.com
-
--->
-<ruleset name="8R.com">
-
-	<target host="8r.com" />
-	<target host="www.8r.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www.)?8r\.com$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^\.8r\.com$" name="^zJSESSIONID$" /-->
-
-	<securecookie host="^(?:\.|www\.)?8r\.com$" name=".+" />
-
-
-	<rule from="^http://8r\.com/"
-		to="https://www.8r.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/8chan.co.xml b/src/chrome/content/rules/8chan.co.xml
deleted file mode 100644
index 1f702f7fc3e7..000000000000
--- a/src/chrome/content/rules/8chan.co.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://media.8chan.co/ => https://media.8chan.co/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-
--->
-<ruleset name="8chan" default_off='failed ruleset test'>
-  <target host="8chan.co" />
-  <target host="jp.8chan.co" />
-  <target host="media.8chan.co" />
-
-  <rule from="^http://(?:www\.)?8chan\.co/" to="https://8chan.co/"/>
-  <rule from="^http://jp\.8chan\.co/" to="https://jp.8chan.co/"/>
-  <rule from="^http://media\.8chan\.co/" to="https://media.8chan.co/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/8tracks.xml b/src/chrome/content/rules/8tracks.xml
index f3ece9cbf230..308b6769ec64 100644
--- a/src/chrome/content/rules/8tracks.xml
+++ b/src/chrome/content/rules/8tracks.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.8tracks.com/ => https://www.8tracks.com/: (7, 'Failed to
 			- imgix.8tracks.com
 
 -->
-<ruleset name="8tracks.com" default_off='failed ruleset test'>
+<ruleset name="8tracks.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/911.gov.xml b/src/chrome/content/rules/911.gov.xml
deleted file mode 100644
index efafecf6c827..000000000000
--- a/src/chrome/content/rules/911.gov.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-
--->
-<ruleset name="911.gov">
-
-	<target host="911.gov" />
-	<target host="www.911.gov" />
-	<target host="resourcecenter.911.gov" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/95516.com.xml b/src/chrome/content/rules/95516.com.xml
index 3c967fbb85ec..0fa0e5c1d607 100644
--- a/src/chrome/content/rules/95516.com.xml
+++ b/src/chrome/content/rules/95516.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://nmg.95516.com/ => https://nmg.95516.com/: (60, 'SSL certific
 	502
 		- 62.95516.com
 -->
-<ruleset name="95516.com" default_off='failed ruleset test'>
+<ruleset name="95516.com" default_off="failed ruleset test">
 	<target host="95516.com" />
 	<target host="www.95516.com" />
 	<target host="app.95516.com" />
diff --git a/src/chrome/content/rules/9anime.to.xml b/src/chrome/content/rules/9anime.to.xml
new file mode 100644
index 000000000000..a364c0bf83f6
--- /dev/null
+++ b/src/chrome/content/rules/9anime.to.xml
@@ -0,0 +1,19 @@
+<ruleset name="9anime.to">
+	<target host="9anime.to" />
+	<target host="www.9anime.to" />
+	<target host="test.9anime.to" />
+	<target host="www1.9anime.to" />
+	<target host="www2.9anime.to" />
+	<target host="www3.9anime.to" />
+	<target host="www4.9anime.to" />
+	<target host="www5.9anime.to" />
+	<target host="www6.9anime.to" />
+	<target host="www7.9anime.to" />
+	<target host="www8.9anime.to" />
+	<target host="www9.9anime.to" />
+	<target host="www10.9anime.to" />
+	<target host="www11.9anime.to" />
+	<target host="www12.9anime.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9gag.com.xml b/src/chrome/content/rules/9gag.com.xml
index 386d33da0a88..44b89bcf123f 100644
--- a/src/chrome/content/rules/9gag.com.xml
+++ b/src/chrome/content/rules/9gag.com.xml
@@ -1,50 +1,4 @@
-<!--
-	Non-functional hosts in *.9gag.com
-		SSL peer certificate was not OK:
-			 - comment.cdn.9gag.com
-			 - featured.cdn.9gag.com
-			 - mailer.9gag.com
-			 - push.notif.9gag.com
-			 - tumblr.9gag.com
-
-		4xx client error:
-			 - admin.9gag.com
-			 - api.9gag.com
-			 - comment.9gag.com
-			 - comment-cdn.9gag.com
-			 - comment-push.9gag.com
-			 - notif.9gag.com
-			 - notif-push.9gag.com
--->
 <ruleset name="9GAG.com (partial)">
-	<!-- *.9gag.com -->
-	<target host="9gag.com" />
-	<target host="www.9gag.com" />
-	<target host="about.9gag.com" />
-	<target host="accounts.9gag.com" />
-	<target host="accounts-cdn.9gag.com" />
-	<target host="accounts-query.9gag.com" />
-	<target host="ads.9gag.com" />
-	<target host="ajax-cdn.9gag.com" />
-	<target host="avatars-cdn.9gag.com" />
-	<target host="engineering.9gag.com" />
-	<target host="featured-cdn.9gag.com" />
-	<target host="game.9gag.com" />
-	<target host="global.9gag.com" />
-	<target host="images-cdn.9gag.com" />
-	<target host="m.9gag.com" />
-	<target host="media.9gag.com" />
-	<target host="mt.9gag.com" />
-	<target host="p.9gag.com" />
-	<target host="rlog.9gag.com" />
-	<target host="t.9gag.com" />
-		<test url="http://t.9gag.com/img.gif" />
-	<target host="web-t.9gag.com" />
-
-	<securecookie host="^accounts\.9gag\.com$" name=".+" />
-	<securecookie host="^m\.9gag\.com$" name=".+" />
-
-
 	<!-- *.9cache.com -->
 	<target host="*.9cache.com" />
 		<test url="http://assets-9gag-fun.9cache.com/s/fab0aa49/38c7a8cea6cf3426da879c8aef0bb6abae1a5d5e/static/dist/web6/css/gag.css" />
diff --git a/src/chrome/content/rules/9p.io.xml b/src/chrome/content/rules/9p.io.xml
new file mode 100644
index 000000000000..e6ccff92c248
--- /dev/null
+++ b/src/chrome/content/rules/9p.io.xml
@@ -0,0 +1,5 @@
+<ruleset name="9p.io">
+	<target host="9p.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/9tv.co.il.xml b/src/chrome/content/rules/9tv.co.il.xml
index f334837fd545..001299cad4cd 100644
--- a/src/chrome/content/rules/9tv.co.il.xml
+++ b/src/chrome/content/rules/9tv.co.il.xml
@@ -19,7 +19,7 @@ vek.9tv.co.il mixed content
 ¹ mismatch
 ³ timed out
 -->
-<ruleset name="9tv.co.il" default_off='failed ruleset test'>
+<ruleset name="9tv.co.il" default_off="failed ruleset test">
 	<target host="9tv.co.il" />
 	<target host="www.9tv.co.il" />
 	<target host="ad.9tv.co.il" />
diff --git a/src/chrome/content/rules/A14_Electronics.com.xml b/src/chrome/content/rules/A14_Electronics.com.xml
index d239b200e61b..d4328c44642b 100644
--- a/src/chrome/content/rules/A14_Electronics.com.xml
+++ b/src/chrome/content/rules/A14_Electronics.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://a14electronics.com/ => https://a14electronics.com/: (51, "SSL: no alternative certificate subject name matches target host name 'a14electronics.com'")
 
 -->
-<ruleset name="A14 Electronics.com" default_off='failed ruleset test'>
+<ruleset name="A14 Electronics.com" default_off="failed ruleset test">
 
 	<target host="a14electronics.com" />
 	<target host="www.a14electronics.com" />
diff --git a/src/chrome/content/rules/A1A_Fast_Cash.xml b/src/chrome/content/rules/A1A_Fast_Cash.xml
deleted file mode 100644
index 98ebd020e18f..000000000000
--- a/src/chrome/content/rules/A1A_Fast_Cash.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="A1A Fast Cash">
-
-	<target host="a1afastcash.com" />
-	<target host="www.a1afastcash.com" />
-
-
-	<securecookie host="^(?:www)?\.a1afastcash.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/A4apphack-mismatches.xml b/src/chrome/content/rules/A4apphack-mismatches.xml
index d92baf46dd23..08202c62838a 100644
--- a/src/chrome/content/rules/A4apphack-mismatches.xml
+++ b/src/chrome/content/rules/A4apphack-mismatches.xml
@@ -2,7 +2,8 @@
 
 	<!--	Cert: *.bluehost.com	-->
 	<target host="a4apphack.com" />
-	<target host="*.a4apphack.com" />
+	<target host="www.a4apphack.com" />
+	<target host="apps.a4apphack.com" />
 
 
 	<!--	At least some pages redirect recursively.	-->
diff --git a/src/chrome/content/rules/A4uexpo.com.xml b/src/chrome/content/rules/A4uexpo.com.xml
index 2b47c2710bfa..6c81d0a6a1dd 100644
--- a/src/chrome/content/rules/A4uexpo.com.xml
+++ b/src/chrome/content/rules/A4uexpo.com.xml
@@ -30,7 +30,7 @@
 <ruleset name="a4uexpo.com (false MCB)" default_off="expired" platform="mixedcontent">
 
 	<target host="a4uexpo.com" />
-	<target host="*.a4uexpo.com" />
+	<target host="www.a4uexpo.com" />
 
 
 	<securecookie host="^\.a4uexpo\.com$" name="^__utm\w$" />
@@ -39,4 +39,4 @@
 	<rule from="^http://(?:www\.)?a4uexpo\.com/"
 		to="https://www.a4uexpo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/A8.net.xml b/src/chrome/content/rules/A8.net.xml
index 82f31db724dc..578190266b39 100644
--- a/src/chrome/content/rules/A8.net.xml
+++ b/src/chrome/content/rules/A8.net.xml
@@ -17,7 +17,6 @@
 	<rule from="^http://a8\.net/"
 		to="https://a8.net/" />
 
-		<test url="http://a8.net/" />
 
 	<rule from="^http://(ad-api|direct|items|ow|pub|px|rot\d+|rpx|rws|statics|support|www|www\d+)\.a8\.net/"
 		to="https://$1.a8.net/" />
diff --git a/src/chrome/content/rules/AA.net.uk.xml b/src/chrome/content/rules/AA.net.uk.xml
index e5f41de6e9b6..8cea07fb1174 100644
--- a/src/chrome/content/rules/AA.net.uk.xml
+++ b/src/chrome/content/rules/AA.net.uk.xml
@@ -29,13 +29,15 @@
 -->
 <ruleset name="AA.net.uk (partial)">
 
-	<target host="*.aa.net.uk" />
+	<target host="accounts.aa.net.uk" />
+	<target host="clueless.aa.net.uk" />
+	<target host="order.aa.net.uk" />
+	<target host="status.aa.net.uk" />
 
 
 	<securecookie host="^(?:accounts|clueless|status)\.aa\.net\.uk$" name=".+" />
 
 
-	<rule from="^http://(accounts|clueless|order|status)\.aa\.net\.uk/"
-		to="https://$1.aa.net.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AA.xml b/src/chrome/content/rules/AA.xml
deleted file mode 100644
index 9bbb1405868f..000000000000
--- a/src/chrome/content/rules/AA.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://aa.com/ (200) => https://aa.com/ (403)
-Fetch error: http://ox-d.aa.com/ => https://ox-d.aa.com/: (60, 'SSL certificate problem: certificate has expired')
-
--->
-<ruleset name="American Airlines" default_off='failed ruleset test'>
-
-	<target host="aa.com" />
-	<target host="ox-d.aa.com" />
-	<target host="www.aa.com" />
-
-	<securecookie host="^(?:.*\.)aa\.com$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AAAS.org.xml b/src/chrome/content/rules/AAAS.org.xml
index 51bc7f18003d..3954f329da01 100644
--- a/src/chrome/content/rules/AAAS.org.xml
+++ b/src/chrome/content/rules/AAAS.org.xml
@@ -18,7 +18,7 @@
 		- promo (different content)
 		- secureapps (cert chain)
 		- zserver (tls error)
-	
+
 	There are a further 50+ subdomains that do not support HTTPS.
 
 -->
diff --git a/src/chrome/content/rules/AABEST.com.xml b/src/chrome/content/rules/AABEST.com.xml
new file mode 100644
index 000000000000..9d4ce04c3565
--- /dev/null
+++ b/src/chrome/content/rules/AABEST.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other AASTOCKS.com related rulesets, see AASTOCKS.com.xml.
+-->
+<ruleset name="AABEST.com">
+	<target host="aabest.com" />
+	<target host="www.aabest.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AACQA.gov.au.xml b/src/chrome/content/rules/AACQA.gov.au.xml
index 74724e317a7b..36b23acc4ff0 100644
--- a/src/chrome/content/rules/AACQA.gov.au.xml
+++ b/src/chrome/content/rules/AACQA.gov.au.xml
@@ -23,6 +23,6 @@
 	<rule from="^http://aacqa\.gov\.au/"
 			to="https://www.aacqa.gov.au/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AARP.org.xml b/src/chrome/content/rules/AARP.org.xml
index 315415537e10..9064a50f6b58 100644
--- a/src/chrome/content/rules/AARP.org.xml
+++ b/src/chrome/content/rules/AARP.org.xml
@@ -64,7 +64,7 @@ Fetch error: http://action.aarp.org/ => https://action.aarp.org/: Too many redir
 	² Not secured by us <= expired
 
 -->
-<ruleset name="AARP.org (partial)" default_off='failed ruleset test'>
+<ruleset name="AARP.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AAS.org.xml b/src/chrome/content/rules/AAS.org.xml
index 9dd34e0c832b..f8c3550abe99 100644
--- a/src/chrome/content/rules/AAS.org.xml
+++ b/src/chrome/content/rules/AAS.org.xml
@@ -43,7 +43,7 @@ Fetch error: http://apj.aas.org/ => https://iopscience.iop.org/0004-637X: (28, '
 		- members.aas.org
 
 -->
-<ruleset name="AAS.org (partial)" default_off='failed ruleset test'>
+<ruleset name="AAS.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AASTOCKS.com.xml b/src/chrome/content/rules/AASTOCKS.com.xml
new file mode 100644
index 000000000000..3772da297842
--- /dev/null
+++ b/src/chrome/content/rules/AASTOCKS.com.xml
@@ -0,0 +1,152 @@
+<!--
+	Other AASTOCKS.com related rulesets:
+		+ AABEST.com.xml
+
+	Non-functional hosts
+		No working 200/3XX URL(s):
+			 - dl.aastocks.com
+			 - dpdata1.aastocks.com
+			 - icbc-web.aastocks.com
+			 - ims.aastocks.com
+			 - product3.aastocks.com
+			 - services5.aastocks.com
+			 - stanjson.aastocks.com
+			 - stanjson-uat.aastocks.com
+
+		Connection refused:
+			 - fpdata.aastocks.com
+			 - fxcharts.aastocks.com
+			 - hkg.aastocks.com
+			 - m.aastocks.com
+
+		Timeout was reached:
+			 - bb.aastocks.com
+			 - bochk.aastocks.com
+			 - cms.aastocks.com
+			 - cncharts.aastocks.com
+			 - cniis.aastocks.com
+			 - download-hk.aastocks.com
+			 - fdl.aastocks.com
+			 - fund.aastocks.com
+			 - fx.aastocks.com
+			 - payment.aastocks.com
+			 - tldata.aastocks.com
+			 - video.aastocks.com
+			 - ws2.aastocks.com
+			 - wss-uat.aastocks.com
+			 - wss1.aastocks.com
+			 - wss4.aastocks.com
+			 - wssf1.aastocks.com
+
+		SSL connect error:
+			 - uat1ntt.aastocks.com:8090
+			 - uat2.aastocks.com:8090
+
+		SSL peer certificate or SSH remote key was not OK:
+			 - ad.aastocks.com
+			 - cbproduct.aastocks.com
+			 - chartservices2.aastocks.com
+			 - cn.aastocks.com
+			 - corp.aastocks.com
+			 - data-uat.aastocks.com
+			 - freequote.aastocks.com
+			 - logon-uat.aastocks.com
+			 - my.aastocks.com
+			 - product2.aastocks.com
+			 - product2-uat.aastocks.com
+			 - services1-uat.aastocks.com
+			 - services2.aastocks.com
+			 - services3.aastocks.com
+			 - www.us.aastocks.com
+			 - wwwhk.aastocks.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+			 - iis.aastocks.com
+			 - comm1.internet.aastocks.com
+			 - mail.aastocks.com
+			 - preview.aastocks.com
+			 - pushweb2.aastocks.com
+			 - qs.aastocks.com
+			 - stat.aastocks.com
+			 - wss2.aastocks.com
+
+		Redirect to HTTP:
+			 - aastocks.com
+			 - www.aastocks.com
+
+		CORS Blocking:
+			- fdata.aastocks.com on www.aastocks.com
+
+-->
+<ruleset name="AASTOCKS.com (partial)">
+	<target host="accounts.aastocks.com" />
+	<test url="http://accounts.aastocks.com/tc/mainsite/registration.aspx" />
+
+	<target host="charts.aastocks.com" />
+	<target host="data1.aastocks.com" />
+	<test url="http://data1.aastocks.com/bkrIDEng.htm" />
+
+	<target host="fcadata.aastocks.com" />
+	<target host="fcsdata.aastocks.com" />
+	<target host="fctdata.aastocks.com" />
+	<target host="chartdata1.internet.aastocks.com" />
+	<!--
+		On Chromium browers, this will break the dynamic chart due to a
+		missing 'Access-Control-Allow-Origin' header; this do not affect
+		Firefox at the time of testing (Firefox 61+).
+	-->
+	<exclusion pattern="^http://chartdata1\.internet\.aastocks\.com/servlet/iDataServlet/" />
+	<test url="http://chartdata1.internet.aastocks.com/servlet/iDataServlet/getdaily?id=00005.HK&amp;type=24&amp;market=1&amp;level=1&amp;period=21&amp;encoding=utf8" />
+
+	<target host="hkg.aastocks.com" />
+	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_17.jpg" />
+	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_76.png" />
+	<target host="hkg1.aastocks.com" />
+	<target host="hkg3.aastocks.com" />
+	<target host="hkg8.aastocks.com" />
+	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_69.JPG" />
+	<test url="http://hkg1.aastocks.com/ad/images/5938/banner.htm" />
+	<test url="http://hkg3.aastocks.com/ad/imagesbanner/script/rvfl.js" />
+	<test url="http://hkg8.aastocks.com/ad/delivery/spc.php" />
+
+	<target host="logon.aastocks.com" />
+	<test url="http://logon.aastocks.com/payment/tc/termsconditions.aspx" />
+
+	<target host="m.aastocks.com" />
+	<target host="mpdata.aastocks.com" />
+
+	<target host="plib.aastocks.com" />
+	<test url="http://plib.aastocks.com/aafnnews/image/20150327111120156_s.jpg" />
+
+	<target host="product1.aastocks.com" />
+	<test url="http://product1.aastocks.com/snapshot/mebr/Portfolio.aspx?IsDelay=1" />
+
+	<target host="product1-uat.aastocks.com" />
+	<test url="http://product1-uat.aastocks.com/Snapshot/MEBR/MDetailQuote.aspx?symbol=00941" />
+
+	<target host="services1.aastocks.com" />
+	<test url="http://services1.aastocks.com/bchk/main.aspx?aalanguage=eng" />
+
+	<target host="wdata.aastocks.com" />
+	<test url="http://wdata.aastocks.com/web/images/videotype/pg6_s.png?ver=20181113170559" />
+	<target host="webchart.aastocks.com" />
+	<test url="http://webchart.aastocks.com/chart/indices/indexdailychart.aspx" />
+
+	<target host="pdata1.aastocks.com" />
+	<target host="secure.aastocks.com" />
+	<target host="st.aastocks.com" />
+	<target host="uat2.aastocks.com" />
+
+	<securecookie host="hkg\.aastocks\.com" name=".+" />
+	<securecookie host="hkg1\.aastocks\.com" name=".+" />
+	<securecookie host="hkg3\.aastocks\.com" name=".+" />
+	<securecookie host="hkg8\.aastocks\.com" name=".+" />
+
+	<securecookie host="logon\.aastocks\.com" name=".+" />
+	<securecookie host="secure\.aastocks\.com" name=".+" />
+
+	<rule from="^http://hkg\.aastocks\.com/"
+		to="https://hkg3.aastocks.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ABC-Online.xml b/src/chrome/content/rules/ABC-Online.xml
index 7937c585203a..16ca8477add4 100644
--- a/src/chrome/content/rules/ABC-Online.xml
+++ b/src/chrome/content/rules/ABC-Online.xml
@@ -3,48 +3,21 @@
 
 		- ABC-Music-Publishing.xml
 
-
-	CDN buckets:
-
-		- d1ros97qkrwjf5.cloudfront.net
-		- d3mfbaa198drag.cloudfront.net
-		- cp44823.edgefcs.net
-
-
-	Nonfunctional:
-
-		- about.abc.net.au ¹
-		- mpegmedia.abc.net.au ²
-		- origin.abc.net.au ³		(redirects to www via http)
-		- (www.)abc.net.au ²
-		- www2b.abc.net.au ³
-		- (www.)abccommercial.com.au ³
-		- (www.)abccontentsales.com.au ³
-		- (www.)abcdigmusic.net.au
-		- (www.)radioaustralianews.net.au ³
-		- (www.)triplejunearthed.com ³
-
-	¹ 503, akamai
-	² 504, akamai
-	³ Dropped
-
+	Non-functional hosts in *.abc.net.au
+		Timeout:
+		- shop.abc.net.au
 -->
 <ruleset name="ABC Online (partial)">
 
-	<target host="shop.abc.net.au" />
-	<target host="abccommercial.com" />
-	<target host="*.abccommercial.com" />
-
+	<!-- *.abc.net.au -->
+	<target host="abc.net.au" />
+	<target host="www.abc.net.au" />
+	<target host="about.abc.net.au" />
 
-	<securecookie host="^shop.abc.net.au$" name=".+" />
-	<securecookie host="^\.abccommercial\.com$" name=".+" />
-
-
-	<rule from="^http://shop\.abc\.net\.au/"
-		to="https://shop.abc.net.au/" />
+	<!-- *.abccommercial.com -->
+	<target host="abccommercial.com" />
+	<target host="www.abccommercial.com" />
 
-	<!--	Cert isn't valid for !www	-->
-	<rule from="^http://(?:www\.)?abccomercial\.com/"
-		to="https://abccomercial.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ABCNews.com.xml b/src/chrome/content/rules/ABCNews.com.xml
new file mode 100644
index 000000000000..2175b87535a2
--- /dev/null
+++ b/src/chrome/content/rules/ABCNews.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- abcnews.com
+		- feeds.abcnews.com
+		- liveblog.abcnews.com
+
+		SSL connect error:
+		- blogs.abcnews.com
+		- www.blogs.abcnews.com
+
+		SSL peer certificate was not OK:
+		- abclive.abcnews.com
+		- abcuni.abcnews.com
+		- i.abcnews.com
+-->
+<ruleset name="ABCNews.com">
+	<target host="abcnews.com" />
+	<target host="a.abcnews.com" />
+	<target host="media.abcnews.com" />
+	<target host="s.abcnews.com" />
+	<target host="video-cdn.abcnews.com" />
+
+	<rule from="^http://abcnews\.com/"
+		  	to="https://abcnews.go.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ABCNews.go.com.xml b/src/chrome/content/rules/ABCNews.go.com.xml
new file mode 100644
index 000000000000..e59f4b268340
--- /dev/null
+++ b/src/chrome/content/rules/ABCNews.go.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- liveblog.abcnews.go.com
+-->
+<ruleset name="ABCNews.go.com">
+	<target host="abcnews.go.com" />
+	<target host="a.abcnews.go.com" />
+	<target host="preview.abcnews.go.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ABC_News-falsemixed.xml b/src/chrome/content/rules/ABC_News-falsemixed.xml
deleted file mode 100644
index a0556f6807b6..000000000000
--- a/src/chrome/content/rules/ABC_News-falsemixed.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see ABC_News.xml.
-
--->
-<ruleset name="ABC News (false MCB)" platform="mixedcontent" default_off="JS redirect loop">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="abcnews.go.com" />
-
-	<!--	Complications:
-				-->
-	<target host="a.abcnews.com" />
-	<target host="a.abcnews.go.com" />
-
-
-	<rule from="^http://a\.abcnews(?:\.go)?\.com/"
-		to="https://abcnews.go.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ABC_News.xml b/src/chrome/content/rules/ABC_News.xml
deleted file mode 100644
index 54e916a19a73..000000000000
--- a/src/chrome/content/rules/ABC_News.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see ABC_News-falsemixed.xml.
-
-
-	Problematic domains:
-
-		- a.abcnews.com *
-		- a.abcnews.go.com *
-
-	* 503, akamai
-
-
-	Mixed content:
-
-		- css on abcnews.go.com from a.abcnews.com
-
-		- Images, on:
-
-			- abcnews.go.com from a.abcnews.com
-			- abcnews.go.com from a.abcnews.com
-
-		- Ads/bugs, on:
-
-			- abcnews.go.com from www.googleadservices.com
-			- abcnews.go.com from pixel.quantserve.com
-
--->
-<ruleset name="ABC News (partial)" default_off="JS redirect loop">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="abcnews.go.com" />
-
-	<!--	Complications:
-				-->
-	<target host="a.abcnews.com" />
-	<target host="a.abcnews.go.com" />
-
-		<!--	Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://abcnews\.go\.com/+(?!assets/|favicon\.ico|gma$|images/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://abcnews.go.com/entertainment" />
-			<test url="http://abcnews.go.com/health" />
-			<test url="http://abcnews.go.com/sports" />
-			<test url="http://abcnews.go.com/topics/" />
-			<test url="http://abcnews.go.com/us" />
-
-			<!--	-ve:
-					-->
-			<test url="http://abcnews.go.com/assets/images/v3/pixel_eee.gif" />
-			<test url="http://abcnews.go.com/favicon.ico" />
-			<test url="http://abcnews.go.com/gma" />
-			<test url="http://abcnews.go.com/images/Entertainment/gty_blake_and_miranda_mm_150720_16x9t_240.jpg" />
-
-		<!--	https://github.com/EFForg/https-everywhere/issues/2274#issuecomment-122768270
-
-			Avoid video breakage:
-						-->
-		<exclusion pattern="^http://a\.abcnews(?:\.go)?\.com/.+(?!(?:gif|jpg|png)(?:$|\?))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://a.abcnews.com/assets/beta/_sass/css/icons.css" />
-			<test url="http://a.abcnews.com/assets/beta/css/page-types/header_.css" />
-			<test url="http://a.abcnews.com/assets/scss/css/indexv2.css" />
-			<test url="http://a.abcnews.com/assets/scss/css/indexv3.css" />
-			<test url="http://a.abcnews.com/assets/scss/css/nav_hp.css" />
-			<test url="http://a.abcnews.com/assets/scss/css/nav_sub.css" />
-			<test url="http://a.abcnews.com/assets/scss/css/videolightbox.css" />
-			<test url="http://a.abcnews.com/assets/scss/css/videoplayer.css" />
-
-			<!--	-ve:
-					-->
-			<test url="http://a.abcnews.com/assets/images/spacer.gif" />
-
-
-	<rule from="^http://a\.abcnews(?:\.go)?\.com/"
-		to="https://abcnews.go.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ABI_Research.xml b/src/chrome/content/rules/ABI_Research.xml
index 1e9ca7c95e38..f226f9389f78 100644
--- a/src/chrome/content/rules/ABI_Research.xml
+++ b/src/chrome/content/rules/ABI_Research.xml
@@ -1,7 +1,6 @@
 <!--
 	Other ABI Research rulesets:
 
-		- TeardownIQ.com.xml
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/ABestWeb.com.xml b/src/chrome/content/rules/ABestWeb.com.xml
deleted file mode 100644
index 6415c37f24eb..000000000000
--- a/src/chrome/content/rules/ABestWeb.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other iNET Interactive coverage, see INet-Interactive.xml.
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="ABestWeb.com">
-
-	<target host="abestweb.com" />
-	<target host="www.abestweb.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ACCAN.xml b/src/chrome/content/rules/ACCAN.xml
index e87354c60c01..2e4e08a95249 100644
--- a/src/chrome/content/rules/ACCAN.xml
+++ b/src/chrome/content/rules/ACCAN.xml
@@ -3,4 +3,4 @@
 	<target host="www.accan.org.au" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLS.org.xml b/src/chrome/content/rules/ACLS.org.xml
index abe586ff4d7c..e602a9e41b4f 100644
--- a/src/chrome/content/rules/ACLS.org.xml
+++ b/src/chrome/content/rules/ACLS.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.acls.org/ => https://www.acls.org/: (60, 'SSL certificat
 		- ^	(dropped)
 
 -->
-<ruleset name="ACLS.org" default_off='failed ruleset test'>
+<ruleset name="ACLS.org" default_off="failed ruleset test">
 
 	<target host="acls.org" />
 	<target host="www.acls.org" />
@@ -29,4 +29,4 @@ Fetch error: http://www.acls.org/ => https://www.acls.org/: (60, 'SSL certificat
 	<rule from="^http://www\.acls\.org/"
 		to="https://www.acls.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Southern-California.xml b/src/chrome/content/rules/ACLU-of-Southern-California.xml
deleted file mode 100644
index ba90fc9d6428..000000000000
--- a/src/chrome/content/rules/ACLU-of-Southern-California.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other ACLU rulesets, see ACLU.xml
-
-	Login required:
-		remote.aclu-sc.org
-
--->
-<ruleset name="ACLU of Southern California">
-
-	<target host="aclu-sc.org" />
-	<target host="www.aclu-sc.org" />
-	<target host="intra.aclu-sc.org" />
-	<target host="adfs.aclu-sc.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ACLU-of-Texas.xml b/src/chrome/content/rules/ACLU-of-Texas.xml
index e28a61ac6fe2..b28775ab5f0e 100644
--- a/src/chrome/content/rules/ACLU-of-Texas.xml
+++ b/src/chrome/content/rules/ACLU-of-Texas.xml
@@ -1,6 +1,6 @@
 <ruleset name="ACLU of Texas">
 	<target host="aclutx.org" />
-	<target host="vpn.aclutx.org" />	
+	<target host="vpn.aclutx.org" />
 	<target host="www.aclutx.org" />
 
 	<securecookie host="^(?:vpn|www)\.aclutx\.org$" name=".+" />
diff --git a/src/chrome/content/rules/ACLU.xml b/src/chrome/content/rules/ACLU.xml
index 7e1fe34a75d2..e2421d90b3e1 100644
--- a/src/chrome/content/rules/ACLU.xml
+++ b/src/chrome/content/rules/ACLU.xml
@@ -1,4 +1,15 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://bullhorn.aclu.org/ => https://bullhorn.aclu.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ms.clicks.actions.aclu.org/ => https://ms.clicks.actions.aclu.org/: (7, 'Failed to connect to ms.clicks.actions.aclu.org port 443: Connection refused')
+Fetch error: http://affiliateshop.aclu.org/ => https://affiliateshop.aclu.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mail.aclu.org/ => https://mail.aclu.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://survey.aclu.org/ => https://survey.aclu.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://login-msol-dc.vtv.aclu.org/ => https://login-msol-dc.vtv.aclu.org/: (6, 'Could not resolve host: login-msol-dc.vtv.aclu.org')
+Fetch error: http://login-msol-ny1.vtv.aclu.org/ => https://login-msol-ny1.vtv.aclu.org/: (28, 'Resolving timed out after 20533 milliseconds')
+
 
 	Other ACLU rulesets:
 
@@ -18,12 +29,10 @@
 		- ACLU-of-North-Carolina.xml
 		- ACLU_of_Northern_California.xml
 		- ACLU-of-San-Diego.xml
-		- ACLU-of-Southern-California.xml
 		- ACLU-of-Texas.xml
 		- ACLU-of-Virginia.xml
 		- ACLU-of-Washington.xml
 		- ACLU_SoCal.org.xml
-		- Champaign-County-ACLU.xml
 		- Mi-ACLU.xml
 		- New_Hampshire_Civil_Liberties_Union.xml
 		- Privacy-SOS.xml
@@ -42,20 +51,20 @@
 	<target host="aclu.org" />
 	<target host="www.aclu.org" />
 	<target host="action.aclu.org" />
-	<target host="bullhorn.aclu.org" />
-	<target host="ms.clicks.actions.aclu.org" />
-	<target host="affiliateshop.aclu.org" />
+	<!-- target host="bullhorn.aclu.org" /-->
+	<!-- target host="ms.clicks.actions.aclu.org" /-->
+	<!-- target host="affiliateshop.aclu.org" /-->
 	<target host="constitutionday.aclu.org" />
 	<target host="fbapp.aclu.org" />
 	<target host="filestorage.aclu.org" />
-	<target host="mail.aclu.org" />
+	<!-- target host="mail.aclu.org" /-->
 	<target host="metrics.aclu.org" />
 	<target host="privacyapp.aclu.org" />
 	<target host="shop.aclu.org" />
 	<target host="smetrics.aclu.org" />
-	<target host="survey.aclu.org" />
-	<target host="login-msol-dc.vtv.aclu.org" />
-	<target host="login-msol-ny1.vtv.aclu.org" />
+	<!-- target host="survey.aclu.org" /-->
+	<!-- target host="login-msol-dc.vtv.aclu.org" /-->
+	<!-- target host="login-msol-ny1.vtv.aclu.org" /-->
 
 
 	<securecookie host=".+" name=".+" />
diff --git a/src/chrome/content/rules/ACPICA.org.xml b/src/chrome/content/rules/ACPICA.org.xml
deleted file mode 100644
index 66006b4e169c..000000000000
--- a/src/chrome/content/rules/ACPICA.org.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://bugs.acpica.org/ => https://bugs.acpica.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	For other Intel coverage, see Intel.xml.
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- bugs
-		- lists
-
--->
-<ruleset name="ACPICA.org" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="acpica.org" />
-	<target host="bugs.acpica.org" />
-	<target host="lists.acpica.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.acpica.org" />
-
-
-	<securecookie host="^(?:bugs\.)?acpica\.org$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://www\.acpica\.org/"
-		to="https://acpica.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ACTION_Kooperative.xml b/src/chrome/content/rules/ACTION_Kooperative.xml
index 70d821917f14..e51c28a9f031 100644
--- a/src/chrome/content/rules/ACTION_Kooperative.xml
+++ b/src/chrome/content/rules/ACTION_Kooperative.xml
@@ -6,7 +6,7 @@ Fetch error: http://mail.action.at/ => https://mail.action.at/: (60, 'SSL certif
 Disabled by https-everywhere-checker because:
 Fetch error: http://mail.action.at/ => https://mail.action.at/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.action.at'")
 -->
-<ruleset name="A.C.T.I.O.N Kooperative (partial)" default_off='failed ruleset test'>
+<ruleset name="A.C.T.I.O.N Kooperative (partial)" default_off="failed ruleset test">
 
 	<target host="mail.action.at" />
 
@@ -16,4 +16,4 @@ Fetch error: http://mail.action.at/ => https://mail.action.at/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AD4mat.xml b/src/chrome/content/rules/AD4mat.xml
index bdbb22d4d9da..3d7b38983c89 100644
--- a/src/chrome/content/rules/AD4mat.xml
+++ b/src/chrome/content/rules/AD4mat.xml
@@ -19,7 +19,7 @@
 
 	Cert mismatch:
 		- gd.ad4mat.de
-		
+
 	TimeOut:
 		- ch.ad4mat.info
 		- it.ad4mat.info
@@ -35,5 +35,5 @@
 
 	<rule from="^http:"
 		to="https:" />
- 
+
 </ruleset>
diff --git a/src/chrome/content/rules/ADCocktail.xml b/src/chrome/content/rules/ADCocktail.xml
index 5c395f07d98d..3a87a35d1df9 100644
--- a/src/chrome/content/rules/ADCocktail.xml
+++ b/src/chrome/content/rules/ADCocktail.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml b/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml
index 4d3531a765a7..67386ac06618 100644
--- a/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml
+++ b/src/chrome/content/rules/ADD-Assoc-Southern-Region.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://adda-sr.org/ => https://www.adda-sr.org/: (7, 'Failed to connect to www.adda-sr.org port 443: Connection refused')
 Fetch error: http://www.adda-sr.org/ => https://www.adda-sr.org/: (7, 'Failed to connect to www.adda-sr.org port 443: Connection refused')
 -->
-<ruleset name="Attention Deficit Disorders Association - Southern Region" default_off='failed ruleset test'>
+<ruleset name="Attention Deficit Disorders Association - Southern Region" default_off="failed ruleset test">
 	<target host="adda-sr.org" />
 	<target host="www.adda-sr.org" />
 
diff --git a/src/chrome/content/rules/ADP_Retirement_Services.xml b/src/chrome/content/rules/ADP_Retirement_Services.xml
index 2dce6fb2c363..f4057bb2a8ae 100644
--- a/src/chrome/content/rules/ADP_Retirement_Services.xml
+++ b/src/chrome/content/rules/ADP_Retirement_Services.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mykplan.com/ => https://mykplan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mykplan.com'")
 
 -->
-<ruleset name="ADP Retirement Services" default_off='failed ruleset test'>
+<ruleset name="ADP Retirement Services" default_off="failed ruleset test">
 	<target host="mykplan.com" />
 	<target host="www.mykplan.com" />
 
diff --git a/src/chrome/content/rules/ADP_VirtualEdge.xml b/src/chrome/content/rules/ADP_VirtualEdge.xml
deleted file mode 100644
index 70e64cca26c9..000000000000
--- a/src/chrome/content/rules/ADP_VirtualEdge.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
-
-
-	Cert only matches www.
-
--->
-<ruleset name="ADP VirtualEdge">
-
-	<target host="virtualedge.com" />
-	<target host="www.virtualedge.com" />
-
-
-	<securecookie host="^www\.virtualedge\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?virtualedge\.com/"
-		to="https://www.virtualedge.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ADUM.fr.xml b/src/chrome/content/rules/ADUM.fr.xml
index 40e70e7cf5c2..6ed9d5088156 100644
--- a/src/chrome/content/rules/ADUM.fr.xml
+++ b/src/chrome/content/rules/ADUM.fr.xml
@@ -1,15 +1,12 @@
 <!--
-	No working URL known:
-		svn.adum.fr
-
+	HTTP ≠ HTTPS:
+		- svn.adum.fr
 -->
-<ruleset name="Accès Doctorat Unique et Mutualisé" platform="mixedcontent">
-
+<ruleset name="ADUM.fr">
 	<target host="adum.fr" />
-		<test url="http://adum.fr/as/ed/adumfr/page.pl?page=reseauADUM" />
 	<target host="www.adum.fr" />
-		<test url="http://www.adum.fr/as/ed/adumfr/page.pl?page=reseauADUM" />
 
-	<rule from="^http:" to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ADindex.xml b/src/chrome/content/rules/ADindex.xml
index 29812a0fc204..c95baa934c84 100644
--- a/src/chrome/content/rules/ADindex.xml
+++ b/src/chrome/content/rules/ADindex.xml
@@ -4,9 +4,9 @@
 	<target host="www.adindex.de" />
 
 
-	<securecookie host="^(?:.*\.)?adindex\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AEGEE-Enschede.nl.xml b/src/chrome/content/rules/AEGEE-Enschede.nl.xml
index b4983e5dfd3b..825ca0631e98 100644
--- a/src/chrome/content/rules/AEGEE-Enschede.nl.xml
+++ b/src/chrome/content/rules/AEGEE-Enschede.nl.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AEMI.xml b/src/chrome/content/rules/AEMI.xml
deleted file mode 100644
index 6d2a928f107a..000000000000
--- a/src/chrome/content/rules/AEMI.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://aemi.edu.au/ => http://aemi.edu.au/: (60, 'SSL certificate problem: certificate has expired')
-
--->
-<ruleset name="Australian Emergency Management Institute" default_off='failed ruleset test'>
-	<target host="aemi.edu.au" />
-	<target host="*.aemi.edu.au" />
-
-	<rule from="^http://(?:www\.)?schools\.aemi\.edu\.au/"
-		to="https://schools.aemi.edu.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AFS.xml b/src/chrome/content/rules/AFS.xml
index 44cbe3f863d3..d232e543e238 100644
--- a/src/chrome/content/rules/AFS.xml
+++ b/src/chrome/content/rules/AFS.xml
@@ -37,7 +37,7 @@
 
 -->
 <ruleset name="AFS">
-	
+
 	<!-- International -->
 	<target host="afs.org" />
 	<target host="www.afs.org" />
@@ -82,7 +82,7 @@
 	<!-- Bosnia and Herzegovina -->
 	<target host="afs.ba" />
 	<target host="www.afs.ba" />
-	
+
 	<!-- Brazil -->
 	<target host="afs.org.br" />
 	<target host="www.afs.org.br" />
@@ -198,7 +198,7 @@
 	<!-- Netherlands -->
 	<target host="afs.nl" />
 	<target host="www.afs.nl" />
-	
+
 	<!-- New Zealand -->
 	<target host="afs.org.nz" />
 	<target host="www.afs.org.nz" />
diff --git a/src/chrome/content/rules/AI-Radio.org.xml b/src/chrome/content/rules/AI-Radio.org.xml
index 8504d98a9e7a..4d89e37f28e0 100644
--- a/src/chrome/content/rules/AI-Radio.org.xml
+++ b/src/chrome/content/rules/AI-Radio.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://ai-radio.org/ => https://ai-radio.org/: (60, 'SSL certificat
 Fetch error: http://www.ai-radio.org/ => https://www.ai-radio.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="AI-Radio.org" default_off='failed ruleset test'>
+<ruleset name="AI-Radio.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AIA-Surety.xml b/src/chrome/content/rules/AIA-Surety.xml
index b9d4af0056bf..54da7900484e 100644
--- a/src/chrome/content/rules/AIA-Surety.xml
+++ b/src/chrome/content/rules/AIA-Surety.xml
@@ -1,18 +1,15 @@
 <ruleset name="AIA Surety">
 
 	<target host="aiasurety.com" />
-	<target host="*.aiasurety.com" />
+	<target host="becomeanagent.aiasurety.com" />
+	<target host="www.aiasurety.com" />
 	<target host="expertbail.com" />
 	<target host="www.expertbail.com" />
 
 
-	<securecookie host="^(?:.*\.)?(?:aiasurety|expertbail)\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://((?:becomeanagent|www)\.)?aiasurety\.com/"
-		to="https://$1aiasurety.com/" />
-
-	<rule from="^http://(www\.)?expertbail\.com/"
-		to="https://$1expertbail.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AIM.com.xml b/src/chrome/content/rules/AIM.com.xml
deleted file mode 100644
index 5ba924f8d68d..000000000000
--- a/src/chrome/content/rules/AIM.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other AOL coverage, see AOL.xml.
-
-
-	Problematic domains:
-
-		- aim.com
-		- cdn.aim.com		(akamai)
-
--->
-<ruleset name="AIM.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.aim.com" />
-
-	<!--	Complications:
-				-->
-	<target host="aim.com" />
-	<target host="cdn.aim.com" />
-
-
-	<rule from="^http://(?:cdn\.)?aim\.com/"
-		to="https://www.aim.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AIP.org.xml b/src/chrome/content/rules/AIP.org.xml
index fa0dbc82a2eb..ae751b49dc66 100644
--- a/src/chrome/content/rules/AIP.org.xml
+++ b/src/chrome/content/rules/AIP.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://scitation.aip.org/images/aip/aip_logo_transparent.gif => htt
 	^aip.org: Mismatched
 
 -->
-<ruleset name="AIP.org (partial)" default_off='failed ruleset test'>
+<ruleset name="AIP.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AJC.com.xml b/src/chrome/content/rules/AJC.com.xml
index 7329529c63e8..e45f20f82011 100644
--- a/src/chrome/content/rules/AJC.com.xml
+++ b/src/chrome/content/rules/AJC.com.xml
@@ -12,24 +12,5 @@
 	<target host="store.ajc.com" />
 	<target host="subscribe.ajc.com" />
 
-	<!-- 
-	Rewrite rule must touch https to fix errors caused by the site adding
-	https to links that do not support it. When a user requests a page
-	on https://www.ajc.com, it often seems to add https to other ajc.com
-	links on that page regardless of whether or not the subdomain supports
-	https. This can be a problem because clicking on a https://ajc.com link
-	results in an invalid cert error. The rule fixes this by rewriting
-	https://ajc.com links (which don't support https) to https://www.ajc.com
-	links (which do support https).
-
-	Example:
-		https://www.ajc.com/news/local/woman-emory-doctors-left-camera-body-after-surgery/Ajt6yMsjByDAWJTLfkDCyM/
-		The Most Read sidebar on the above page (or most any other page) is
-		an example of behavior that necessitates the rule. https://ajc.com
-		links are created despite it not supporting https. Visiting that page
-		and clicking on one of the https://ajc.com links on the sidebar
-		(while the below rule is disabled) should reproduce the issue.
-	-->
-	<rule from="^https?://ajc\.com/" to="https://www.ajc.com/"/>
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AK-Vorrat.de.xml b/src/chrome/content/rules/AK-Vorrat.de.xml
index 87e6a3d93407..325f0ef16767 100644
--- a/src/chrome/content/rules/AK-Vorrat.de.xml
+++ b/src/chrome/content/rules/AK-Vorrat.de.xml
@@ -15,7 +15,7 @@
 		tuebingen.vorratsdatenspeicherung.de
 
 -->
-<ruleset name="Vorratsdatenspeicherung.de" default_off="missing certificate chain">
+<ruleset name="Vorratsdatenspeicherung.de" default_off="cert-chain">
 
 	<target host="vorratsdatenspeicherung.de" />
 	<target host="www.vorratsdatenspeicherung.de" />
diff --git a/src/chrome/content/rules/AKG.com.xml b/src/chrome/content/rules/AKG.com.xml
new file mode 100644
index 000000000000..587ccf16dfaa
--- /dev/null
+++ b/src/chrome/content/rules/AKG.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- br.akg.com
+		- static.akg.com
+
+		Incomplete certificate chain error:
+		- akg.com
+-->
+<ruleset name="AKG.com">
+	<target host="akg.com" />
+	<target host="www.akg.com" />
+	<target host="at.akg.com" />
+	<target host="au.akg.com" />
+	<target host="be.akg.com" />
+	<target host="ch.akg.com" />
+	<target host="cn.akg.com" />
+	<target host="de.akg.com" />
+	<target host="dk.akg.com" />
+	<target host="eu.akg.com" />
+	<target host="fi.akg.com" />
+	<target host="fr.akg.com" />
+	<target host="id.akg.com" />
+	<target host="jp.akg.com" />
+	<target host="kh.akg.com" />
+	<target host="kr.akg.com" />
+	<target host="my.akg.com" />
+	<target host="nl.akg.com" />
+	<target host="no.akg.com" />
+	<target host="ph.akg.com" />
+	<target host="pl.akg.com" />
+	<target host="ru.akg.com" />
+	<target host="se.akg.com" />
+	<target host="support.akg.com" />
+	<target host="th.akg.com" />
+	<target host="tw.akg.com" />
+	<target host="uk.akg.com" />
+	<target host="vn.akg.com" />
+
+	<rule from="^http://akg\.com/"
+		to="https://www.akg.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ALA.org.xml b/src/chrome/content/rules/ALA.org.xml
index cb74822769a1..7b84840c9a11 100644
--- a/src/chrome/content/rules/ALA.org.xml
+++ b/src/chrome/content/rules/ALA.org.xml
@@ -46,7 +46,7 @@ Fetch error: http://joblist.ala.org/ => https://joblist.ala.org/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="ALA.org (partial)" default_off='failed ruleset test'>
+<ruleset name="ALA.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ALDI.xml b/src/chrome/content/rules/ALDI.xml
index 0636cc71db2c..a3aec17cc9a1 100644
--- a/src/chrome/content/rules/ALDI.xml
+++ b/src/chrome/content/rules/ALDI.xml
@@ -29,7 +29,7 @@ Refused:
 	- transparenz.aldi-nord.de
 	- *aldi.com
 -->
-<ruleset name="Aldi" default_off='failed ruleset test'>
+<ruleset name="Aldi" default_off="failed ruleset test">
 	<target host="aldi-mobile.ch"/>
 	<target host="www.aldi-mobile.ch"/>
 	<target host="mypages.aldi-mobile.ch"/>
diff --git a/src/chrome/content/rules/ALDImobile.com.au.xml b/src/chrome/content/rules/ALDImobile.com.au.xml
index eef8402717fc..c604db0486e0 100644
--- a/src/chrome/content/rules/ALDImobile.com.au.xml
+++ b/src/chrome/content/rules/ALDImobile.com.au.xml
@@ -4,6 +4,6 @@
 
   	<securecookie host="^.*\.aldimobile\.com\.au$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ALPriorityUSA.com.xml b/src/chrome/content/rules/ALPriorityUSA.com.xml
new file mode 100644
index 000000000000..ed7d1ab4dd60
--- /dev/null
+++ b/src/chrome/content/rules/ALPriorityUSA.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="ALPriorityUSA.com">
+	<target host="alpriorityusa.com" />
+	<target host="www.alpriorityusa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ALTS.Trade.xml b/src/chrome/content/rules/ALTS.Trade.xml
index 6869bbeae7e4..08a6a2821c74 100644
--- a/src/chrome/content/rules/ALTS.Trade.xml
+++ b/src/chrome/content/rules/ALTS.Trade.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.alts.trade/ => https://alts.trade/: (7, 'Failed to conne
 		- .alts.trade
 
 -->
-<ruleset name="ALTS.Trade" default_off='failed ruleset test'>
+<ruleset name="ALTS.Trade" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ALT_Linux.org-problematic.xml b/src/chrome/content/rules/ALT_Linux.org-problematic.xml
index 3a55b9ee54d6..3d1d070c9f4d 100644
--- a/src/chrome/content/rules/ALT_Linux.org-problematic.xml
+++ b/src/chrome/content/rules/ALT_Linux.org-problematic.xml
@@ -5,7 +5,7 @@
 	Server sends includeSubdomains in HSTS header.
 
 -->
-<ruleset name="ALT Linux.org (untrusted root)" default_off="untrusted root">
+<ruleset name="ALT Linux.org (untrusted root)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AMC.xml b/src/chrome/content/rules/AMC.xml
index 059e60ce487c..afe918873fd2 100644
--- a/src/chrome/content/rules/AMC.xml
+++ b/src/chrome/content/rules/AMC.xml
@@ -20,19 +20,19 @@ Fetch error: http://media.amctv.com/ => https://media.amctv.com/: (7, 'Failed to
 	Mixed content:
 
 		- css, on:
-		
+
 			- www from $self ˢ
 			- www from fast.fonts.net ˢ
 
 		- Images, on:
-		
+
 			- www from $self ˢ
 			- www from images.amcnetworks.com ˢ
 
 	ˢ Secured by us
 
 -->
-<ruleset name="AMC TV.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="AMC TV.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AMPR.org.xml b/src/chrome/content/rules/AMPR.org.xml
new file mode 100644
index 000000000000..b9a54fd51861
--- /dev/null
+++ b/src/chrome/content/rules/AMPR.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="AMPR.org (partial)">
+
+	<target host="ampr.org" />
+	<target host="www.ampr.org" />
+	<target host="de.ampr.org" />
+	<target host="www.de.ampr.org" />
+	<target host="mailman.ampr.org" />
+	<target host="portal.ampr.org" />
+	<target host="wiki.ampr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://ampr.org/,
+	http://ampr.org/ redirects to https://www.ampr.org/ -->
+	<rule from="^http://ampr\.org/"
+		to="https://www.ampr.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AMS.org.xml b/src/chrome/content/rules/AMS.org.xml
index 8fefacd38a19..ced1f5703c86 100644
--- a/src/chrome/content/rules/AMS.org.xml
+++ b/src/chrome/content/rules/AMS.org.xml
@@ -59,9 +59,9 @@
 		<test url="http://www.ams.org/favicon.ico" />
 
 	<!-- Direct rewrites -->
-	<rule from="^http://ams\.org/" 
+	<rule from="^http://ams\.org/"
 			to="https://ams.org/" />
 
-	<rule from="^http://(amsweb|attach|surveys)\.ams\.org/" 
+	<rule from="^http://(amsweb|attach|surveys)\.ams\.org/"
 			to="https://$1.ams.org/" />
 </ruleset>
diff --git a/src/chrome/content/rules/ANB.xml b/src/chrome/content/rules/ANB.xml
index 5cc26a93f6bc..dd067ee6eabe 100644
--- a/src/chrome/content/rules/ANB.xml
+++ b/src/chrome/content/rules/ANB.xml
@@ -4,10 +4,12 @@ Fetch error: http://anb.com.sa/ => https://www.anb.com.sa/: (60, 'SSL certificat
 -->
 <ruleset name="ANB">
   <target host="anb.com.sa" />
-  <target host="*.anb.com.sa" />
+  <target host="e.anb.com.sa" />
+  <target host="ebusiness.anb.com.sa" />
+  <target host="onlinebanking.anb.com.sa" />
+  <target host="www.anb.com.sa" />
 
   <rule from="^http://anb\.com\.sa/"
 	  to="https://www.anb.com.sa/" />
-  <rule from="^http://(e|ebusiness|onlinebanking|www)\.anb\.com\.sa/"
-	  to="https://$1.anb.com.sa/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ANU.edu.au.xml b/src/chrome/content/rules/ANU.edu.au.xml
new file mode 100644
index 000000000000..09e701064628
--- /dev/null
+++ b/src/chrome/content/rules/ANU.edu.au.xml
@@ -0,0 +1,1159 @@
+<!--
+	Timeout:
+		anu-infra-psc
+		anu-mms1-con
+		anuartcollection
+		anuauth10
+		anuauth11
+		anuauth8
+		anuauth9
+		anublogs
+		anulb01-mgmt
+		anulb02-mgmt
+		anumail-dev
+		anusf
+		anuvc01
+		anuvc02
+		apfrf
+		apicm-prod
+		apicm-uat
+		apicm1-p1
+		apicm1-p2
+		apicm1-t1
+		apicm1-t2
+		apicp-prod
+		apicp1-p1
+		apicp1-p2
+		apicp1-p3
+		apocrypha
+		apocrypha1-p1
+		argon
+		arts
+		atlantis2
+		atrium
+		auson
+		biorepository
+		biorepository-test
+		caldwell
+		atrium.cap
+		capdc01.cap
+		capdc02.cap
+		crawford03.cap
+		mdm.cap
+		tmosxs.cap
+		capture
+		capture-test
+		cassexg02
+		cassmail
+		cbe-hpc-head
+		orsee.cbenet
+		vcsvr01.cbenet
+		accoladedb.cecs
+		altiris.cecs
+		carrinas.cecs
+		cvr-eng.cecs
+		dev-cecs.cecs
+		dev-cs.cecs
+		dev-eng.cecs
+		dev-engn.cecs
+		dev-users.cecs
+		devolve.cecs
+		egw.cecs
+		escher.cecs
+		evolve.cecs
+		evolvepass.cecs
+		gserver.cecs
+		l4f-dev.cecs
+		limesurvey.cecs
+		lists.cecs
+		passwd.cecs
+		password.cecs
+		test-accolade.cecs
+		test-cecs.cecs
+		test-cs.cecs
+		test-eng.cecs
+		test-engn.cecs
+		test-mahara.cecs
+		test-users.cecs
+		tproxy.cecs
+		vlab.cecs
+		clearpass
+		comp-bio
+		dev.cs92acep
+		dev.cs92devl
+		dev.cs92int
+		dev.cs92sit
+		csadmin
+		csitsvr2
+		admin.csplay
+		datamining
+		dbmgmt
+		dev-emhprac
+		doihelpdesk
+		doiweb-repo
+		doohan
+		dragonlair
+		dspace-dev
+		dspace-test
+		eformsdevl
+		ehub
+		www.ehub
+		ehubassist
+		es-portal-dev
+		es-portal-uat
+		esb-dev
+		esb1-dp-p1
+		esb1-dp-p2
+		esftps
+		dev.esig
+		dev2.esig
+		esldap
+		espgw
+		espims01
+		espmx
+		eta.fec
+		admin.fin
+		finadmin
+		foa
+		forms-dev
+		dev.fs92acep
+		dev.fs92devl
+		dev.fs92int
+		dev.fs92sit
+		dev.fs92uat
+		fses60-102
+		admin.fsplay
+		geos
+		gislibrary
+		gislibrary-extreme-weather
+		grace
+		graphc-legacy
+		graphc-portal3
+		graphc-test
+		graphc2018
+		h1
+		app.hracep
+		dev.hracep
+		app.hrdevl
+		dev.hrdevl
+		dev.hrint
+		dev.hrmtp
+		hroffer-acep
+		identity6-z1
+		ippha
+		ipumsi
+		issisp
+		itsctx01
+		itsweb-repo
+		itsweb-repo3-p1
+		dnalims.jcs
+		jira-test
+		mail.johnxxiii
+		juggle-idrac
+		langevin
+		lawitinternal
+		lawlss
+		lawmedia2
+		lawprint
+		lawrems
+		lawsignage
+		leep
+		login
+		login-prod-1
+		login-test
+		mail
+		mail2-smtp-t1
+		acep.maximo
+		maxplay
+		medonline
+		missus
+		mrbspma
+		mso
+		mudslide
+		nacact
+		nagios-chm
+		ncig-archive
+		ncig-ihhr
+		nlc
+		olams
+		olams-dev
+		olams-test
+		onestop
+		panorama
+		admin.phire
+		dev.phiredev
+		plexus-beta
+		pravda-vm
+		press-files
+		printq
+		r-nceph
+		requests
+		rhsat2
+		rhsat2-p1
+		rims-cra-demo
+		rims-demo
+		riskassess
+		rpa
+		rpadevl
+		calendar.rsaa
+		intranetfiles.rsb
+		isr.rsbs
+		backuppc.rses
+		backuppc2.rses
+		backuppc3.rses
+		backuppc4.rses
+		backuppc5.rses
+		backuppc6.rses
+		backuppc7.rses
+		intranet.rses
+		jupyter.rses
+		jupyter2.rses
+		altiris.rsise
+		cups.rsise
+		egw.rsise
+		escher.rsise
+		mars.rsise
+		ntp1.rsise
+		passwd.rsise
+		password.rsise
+		printers.rsise
+		rsphymail
+		admin.sas
+		sca-lws01
+		sciencedev1
+		sciencedev2
+		sciencedev3
+		sciencedev4
+		scribe
+		sealevel
+		securityscanner
+		sf
+		shrimp
+		smtphost
+		sophosupdate
+		sshr92acep
+		sshracep
+		selfservice.sshracep
+		surat2-p1
+		svn
+		tectonics
+		test-clone
+		timetablescheduler
+		timetabling
+		traveller
+		honolulu.tuds
+		uds
+		anuvc01.uds
+		anuvc02.uds
+		anuvpsc01.uds
+		anuvpsc02.uds
+		udsdc01.uds
+		udsdc02.uds
+		udsdc03.uds
+		udsdc04.uds
+		udsdhg01.uds
+		udsexamweb99.uds
+		udssrwebd01.uds
+		udssrwebd02.uds
+		udssrwebp01.uds
+		udssrwebp02.uds
+		udsstaff.uds
+		udsts02.uds
+		udstsapp01.uds
+		udsicprint07
+		udspbgw101a
+		udsssweb99-a
+		udsstaff
+		varese
+		virtual-dev
+		virtualclinic
+		vision
+		voicemail
+		webct
+		webpublishing
+		wedge
+		wirelessprint
+
+	Connection refused:
+		www.anclas
+		apcd
+		www.aushons
+		bellschool
+		apcd.bellschool
+		dpa.bellschool
+		ir.bellschool
+		psc.bellschool
+		sdsc.bellschool
+		biol3157
+		jh.borevitzlab
+		bullfrog
+		cantabile
+		ips.cap
+		cdi.ips.cap
+		accolade.cecs
+		prod-repo.cecs
+		sdaas.cecs
+		techbroker.cecs
+		chelt
+		chinainstitute
+		chl
+		dhhdev
+		edmund
+		encore
+		epinet
+		es-cms
+		es-cms-internal
+		facilities-intranet
+		code.h1svr
+		hcc-workshop
+		library-login-dev
+		linguistics
+		macho
+		membrane
+		menzieshealthpolicy
+		confluence.mso
+		myanmar
+		nbac
+		origin
+		ourmobserved
+		pacificinstitute
+		philrsss
+		regnet
+		rses
+		www.rses
+		thairainbowarchive
+		autodiscover.tuds
+		mail.tuds
+		wwwrses
+
+	Mismatch:
+		www.acbee
+		aclf
+		acls
+		www.ada
+		ageing
+		amee
+		anff-act
+		graphc.aphcri
+		apnsrv01
+		www.archives
+		www.biology
+		www.bluepages
+		www.cama
+		janzdb-dev.cap
+		www.cdi
+		cornelius.cecs
+		docker.cecs
+		rproxy.cecs
+		svn.cecs
+		cs.club
+		mso.club
+		sailing.club
+		scuba.club
+		hhs.cmbe
+		cmbe-cpms
+		www.coombs
+		cos
+		calf.crawford
+		cpc.crawford
+		cses
+		demo.drupal
+		dspace
+		dspace-prod1
+		www.earlytraumagrief
+		www.ecocomm
+		economics
+		www.ecouch
+		eformsdlm
+		ehrenfest
+		engn
+		eportfolio-stage-1904
+		esb1-dp-d2
+		esproxy
+		www.eutrade
+		archive.evaluations
+		geography
+		graphc-p
+		graphcdev
+		dev.hr92acep
+		dev.hr92int
+		dev.hr92sit
+		impact
+		internaljobs
+		jcs
+		www.jcs
+		brf.jcs
+		jobs
+		lionelmurphy
+		math
+		www.math
+		www.maths
+		mgscap01
+		naturalhazards
+		programsandcourses-test
+		www.qc09
+		www.regnet
+		resourcebooker-rsb
+		rsa
+		rsabis
+		rscweb
+		rsm
+		rumici
+		www.science
+		www.services
+		sres-people
+		app.sshrdevl
+		tchpre
+		underbelly
+		unihouse
+		www.unihouse
+		vpn
+		web4-nci
+		legaloffice.weblogs
+		wwwmaths
+		youthinfocus
+
+	Invalid cert chain:
+		aes
+		andosl
+		appc87
+		apsa
+		archives-dev
+		archives-test
+		archivescollection
+		arm
+		arp
+		assda
+		assdaweb
+		assdawiki
+		axiom
+		intranet.biology
+		acr.cdhr
+		acrvis.cdhr
+		cdhr-linkeddata
+		cdhr-projects
+		cdhrdatasys
+		cdhrsys
+		cars.cecs
+		cm.cecs
+		cvpr.cecs
+		cvpr11.cecs
+		goolma.cecs
+		icaps08.cecs
+		levine.cecs
+		login.cecs
+		old-cecs.cecs
+		oldcecs.cecs
+		people.cecs
+		psi.cecs
+		rml.cecs
+		rooms.cecs
+		ssll.cecs
+		studentdb.cecs
+		template.cecs
+		changes
+		intranet.chemistry
+		clug
+		admin.cmbe-cpms
+		intranet.cmbe-cpms
+		contenthub
+		intranet.cpas
+		ctlab
+		www.ctlab
+		discus
+		dld-prod10
+		drwn
+		re100.eng
+		fusion17
+		gaskap
+		www.gemini
+		geminus
+		gh-residents
+		gwadw17
+		gwadw2017
+		hciss
+		healthstewardship
+		iraf
+		irsociety
+		jag
+		jagws01
+		jagws03
+		apf.jagws03
+		aphcri.jagws03
+		arm.jagws03
+		biology.jagws03
+		brf.jagws03
+		cba.jagws03
+		cci.jagws03
+		chemistry.jagws03
+		cpas.jagws03
+		crahw.jagws03
+		demo-drupal.jagws03
+		drupal.jagws03
+		earlytraumagrief.jagws03
+		energy.jagws03
+		fenner.jagws03
+		healthstewardship.jagws03
+		ihig.jagws03
+		intranet-jcsmr.jagws03
+		intranet-maths.jagws03
+		intranet-nceph.jagws03
+		intranet-psychology.jagws03
+		intranet-rsph.jagws03
+		jcmrf.jagws03
+		maths.jagws03
+		microscopy.jagws03
+		nceph.jagws03
+		ncig.jagws03
+		nimhr.jagws03
+		psychology.jagws03
+		rsaa.jagws03
+		rsph.jagws03
+		scienceshop.jagws03
+		intranet.jcsmr
+		mailman
+		mailman2-p1
+		mappings
+		archives.maths
+		intranet.maths
+		teaching.maths
+		maths-people
+		intranet.medicalschool
+		migrate
+		miocene
+		mplanet
+		www.mso
+		hg.mso
+		svn.mso
+		trac.mso
+		webmail.mso
+		msowww
+		msowwwtest
+		intranet.nceph
+		openingdoors
+		pandora
+		intranet.psychology
+		reqbook
+		rml
+		robotics
+		rsaart
+		abotea.rsise
+		andosl.rsise
+		cars.rsise
+		cecs.rsise
+		csl.rsise
+		ftp.rsise
+		goolma.rsise
+		itdb.rsise
+		login.rsise
+		loginsatie.rsise
+		lss.rsise
+		mlss.rsise
+		mlss08.rsise
+		mlss10.rsise
+		netdb.rsise
+		network.rsise
+		networktest.rsise
+		ptv.rsise
+		quail.rsise
+		quang.rsise
+		rooms.rsise
+		roomstest.rsise
+		satie.rsise
+		sql.rsise
+		studentdb.rsise
+		twb.rsise
+		users.rsise
+		usmc07.rsise
+		weather.rsise
+		weblogin.rsise
+		wws.rsise
+		wws2005.rsise
+		wws2006.rsise
+		intranet.rsph
+		sca-lws03
+		admin.science
+		intranet.science
+		web.science
+		scienceshop
+		www.scienceshop
+		scinet
+		serafina
+		skymapper
+		solar
+		solar-thermal
+		stg
+		mentors.stlc
+		stromlo
+		ftp.syseng
+		tosca
+		trust
+		vos
+		weblogs
+		anucs.weblogs
+		cahat.weblogs
+		cbeit.weblogs
+		dhg.weblogs
+		efs.weblogs
+		iodp.weblogs
+		ippa.weblogs
+		pmo.weblogs
+		tto.weblogs
+		wwwmacho
+
+	Self-signed:
+		adb
+		adbonline
+		baxter2015
+		bloch
+		cgp
+		cmtp
+		commad2010
+		cpss
+		gem2012
+		hccda
+		hias
+		ia
+		karri
+		labouraustralia
+		library-dev
+		ncta2011
+		oa
+		adb.online
+		pib
+		pma01
+		prl
+		sciencewise
+		tpsrv
+
+	Expired:
+		archives.cap
+		artofcomputing.cecs
+		chl-old
+		ciw
+		intersections
+		www.nsc
+		pacling
+		theanufund
+
+	Invalid route:
+		aus-cscap
+		bricc
+		cigj
+		cmhs
+		dynopta
+		eduroam
+		groundwater
+		jabberwocky
+		technegas.jcs
+		techserv.jcs
+		laserspark
+		moodle
+		netcomms
+		www.oef
+		osasc
+		osmium
+		plexus-staging
+		positron
+		rcsr
+		renew
+		rspas
+		www.rsphysse
+		rsphyweb
+		sdsadmin01
+		sdsc
+		sp3
+		surat
+		vuv14
+		wireless
+		xct
+
+	Invalid redirect:
+		archives
+		users.cecs
+		bbbutton.cecs
+
+	Connection issue:
+		anumc
+		graphcwiki.aphcri
+		artserve
+		asiapacificweek
+		cbeml01v.cbenet
+		aulus.cecs
+		engageasia
+		hipass
+		admin.hr
+		dev.hr92devl
+		hradmin
+		admin.hrplay
+		jira
+		marxists
+		pasifika
+		rubens
+		starrez-prod
+		test-style
+		wald
+		winwebacep
+-->
+<ruleset name="Australian National University">
+	<target host="anu.edu.au" />
+	<target host="www.anu.edu.au" />
+	<target host="3ai.anu.edu.au" />
+	<target host="3ainstitute.anu.edu.au" />
+	<target host="aat.anu.edu.au" />
+	<target host="abc.anu.edu.au" />
+	<target host="about.anu.edu.au" />
+	<target host="abrf.anu.edu.au" />
+	<target host="academicskills.anu.edu.au" />
+	<target host="acatlgn.anu.edu.au" />
+	<target host="acih.anu.edu.au" />
+	<target host="acthra.anu.edu.au" />
+	<target host="adsri.anu.edu.au" />
+	<target host="advancementservices.anu.edu.au" />
+	<target host="afec.anu.edu.au" />
+	<target host="alliance.anu.edu.au" />
+	<target host="alumni.anu.edu.au" />
+	<target host="alumniandfriends.anu.edu.au" />
+	<target host="alumniawards.anu.edu.au" />
+	<target host="anclas.anu.edu.au" />
+	<target host="andc.anu.edu.au" />
+	<target host="anip.anu.edu.au" />
+	<target host="anthropology.anu.edu.au" />
+	<target host="anu-int.anu.edu.au" />
+	<target host="anuadri.anu.edu.au" />
+	<target host="anuapartments.anu.edu.au" />
+	<target host="anuga.anu.edu.au" />
+	<target host="anulib.anu.edu.au" />
+	<target host="anumail.anu.edu.au" />
+	<target host="anums-sonia.anu.edu.au" />
+	<target host="anums-sonia-dev.anu.edu.au" />
+	<target host="anuvpn.anu.edu.au" />
+	<target host="apf.anu.edu.au" />
+	<target host="aphcri.anu.edu.au" />
+	<target host="api.anu.edu.au" />
+	<target host="apiuat.anu.edu.au" />
+	<target host="apneg.anu.edu.au" />
+	<target host="apntest2.anu.edu.au" />
+	<target host="apollo.anu.edu.au" />
+	<target host="apply-asa.anu.edu.au" />
+	<target host="www.apply-asa.anu.edu.au" />
+	<target host="www.apply-international.anu.edu.au" />
+	<target host="arcgis.anu.edu.au" />
+	<target host="archaeology.anu.edu.au" />
+	<target host="archanth.anu.edu.au" />
+	<target host="aries.anu.edu.au" />
+	<target host="asa2017.anu.edu.au" />
+	<target host="asiapacific.anu.edu.au" />
+	<target host="ask.anu.edu.au" />
+	<target host="atomlaser.anu.edu.au" />
+	<target host="aurj.anu.edu.au" />
+	<target host="ausi.anu.edu.au" />
+	<target host="aussa.anu.edu.au" />
+	<target host="autodiscover.anu.edu.au" />
+	<target host="bandg.anu.edu.au" />
+	<target host="bblmci.anu.edu.au" />
+	<target host="beacon.anu.edu.au" />
+	<target host="www.beacon.anu.edu.au" />
+	<target host="biology.anu.edu.au" />
+	<target host="biology-assets.anu.edu.au" />
+	<target host="bluepages.anu.edu.au" />
+	<target host="bookbrf.anu.edu.au" />
+	<target host="borevitzlab.anu.edu.au" />
+	<target host="gvm.borevitzlab.anu.edu.au" />
+	<target host="brf.anu.edu.au" />
+	<target host="request.brf.anu.edu.au" />
+	<target host="brucehall.anu.edu.au" />
+	<target host="burgmann.anu.edu.au" />
+	<target host="www.burgmann.anu.edu.au" />
+	<target host="mail.burgmann.anu.edu.au" />
+	<target host="burgmannportal.anu.edu.au" />
+	<target host="caepr.anu.edu.au" />
+	<target host="cais.anu.edu.au" />
+	<target host="cam.anu.edu.au" />
+	<target host="cama.anu.edu.au" />
+	<target host="campusmap.anu.edu.au" />
+	<target host="camstorage.anu.edu.au" />
+	<target host="careerhub.anu.edu.au" />
+	<target host="cass.anu.edu.au" />
+	<target host="www.cass.anu.edu.au" />
+	<target host="archanth.cass.anu.edu.au" />
+	<target host="caepr.cass.anu.edu.au" />
+	<target host="cais.cass.anu.edu.au" />
+	<target host="cdhr.cass.anu.edu.au" />
+	<target host="csrm.cass.anu.edu.au" />
+	<target host="demography.cass.anu.edu.au" />
+	<target host="history.cass.anu.edu.au" />
+	<target host="hrc.cass.anu.edu.au" />
+	<target host="music.cass.anu.edu.au" />
+	<target host="philosophy.cass.anu.edu.au" />
+	<target host="planner.cass.anu.edu.au" />
+	<target host="politicsir.cass.anu.edu.au" />
+	<target host="rsha.cass.anu.edu.au" />
+	<target host="rsss.cass.anu.edu.au" />
+	<target host="slll.cass.anu.edu.au" />
+	<target host="soad.cass.anu.edu.au" />
+	<target host="sociology.cass.anu.edu.au" />
+	<target host="cba.anu.edu.au" />
+	<target host="cbe.anu.edu.au" />
+	<target host="www.cbe.anu.edu.au" />
+	<target host="blog.cbe.anu.edu.au" />
+	<target host="cbevirtual.cbenet.anu.edu.au" />
+	<target host="cce.anu.edu.au" />
+	<target host="ccep.anu.edu.au" />
+	<target host="cci.anu.edu.au" />
+	<target host="cdhr.anu.edu.au" />
+	<target host="cecs.anu.edu.au" />
+	<target host="www.cecs.anu.edu.au" />
+	<target host="3ainstitute.cecs.anu.edu.au" />
+	<target host="3ai.cecs.anu.edu.au" />
+	<target host="aecilius.cecs.anu.edu.au" />
+	<target host="cims.cecs.anu.edu.au" />
+	<target host="cims-dev.cecs.anu.edu.au" />
+	<target host="codebench.cecs.anu.edu.au" />
+	<target host="cyber.cecs.anu.edu.au" />
+	<target host="cyberinstitute.cecs.anu.edu.au" />
+	<target host="cybersecurity.cecs.anu.edu.au" />
+	<target host="discourse.cecs.anu.edu.au" />
+	<target host="f2.cecs.anu.edu.au" />
+	<target host="gchallenges.cecs.anu.edu.au" />
+	<target host="gitlab.cecs.anu.edu.au" />
+	<target host="l4f.cecs.anu.edu.au" />
+	<target host="mattermost.cecs.anu.edu.au" />
+	<target host="ohioh.cecs.anu.edu.au" />
+	<target host="orthoapp.cecs.anu.edu.au" />
+	<target host="redmine.cecs.anu.edu.au" />
+	<target host="certifieddocs.anu.edu.au" />
+	<target host="ces.anu.edu.au" />
+	<target host="chemistry.anu.edu.au" />
+	<target host="choose.anu.edu.au" />
+	<target host="cims.anu.edu.au" />
+	<target host="climate.anu.edu.au" />
+	<target host="cmbe.anu.edu.au" />
+	<target host="cmhr.anu.edu.au" />
+	<target host="www.cmhr.anu.edu.au" />
+	<target host="cms.anu.edu.au" />
+	<target host="api.cms.anu.edu.au" />
+	<target host="cnnd.anu.edu.au" />
+	<target host="cognitivehealth.anu.edu.au" />
+	<target host="commons.anu.edu.au" />
+	<target host="consciousness.anu.edu.au" />
+	<target host="copyright.anu.edu.au" />
+	<target host="costing.anu.edu.au" />
+	<target host="counselling.anu.edu.au" />
+	<target host="cpas.anu.edu.au" />
+	<target host="www.cpas.anu.edu.au" />
+	<target host="cpms.anu.edu.au" />
+	<target host="crahw.anu.edu.au" />
+	<target host="crawford.anu.edu.au" />
+	<target host="www.crawford.anu.edu.au" />
+	<target host="acbee.crawford.anu.edu.au" />
+	<target host="acde.crawford.anu.edu.au" />
+	<target host="ajrc.crawford.anu.edu.au" />
+	<target host="apps.crawford.anu.edu.au" />
+	<target host="asiaandthepacificpolicystudies.crawford.anu.edu.au" />
+	<target host="cama.crawford.anu.edu.au" />
+	<target host="ccep.crawford.anu.edu.au" />
+	<target host="cnnd.crawford.anu.edu.au" />
+	<target host="coombs-forum.crawford.anu.edu.au" />
+	<target host="dev.crawford.anu.edu.au" />
+	<target host="devpolicy.crawford.anu.edu.au" />
+	<target host="nsc.crawford.anu.edu.au" />
+	<target host="taxpolicy.crawford.anu.edu.au" />
+	<target host="tric.crawford.anu.edu.au" />
+	<target host="creativearts.anu.edu.au" />
+	<target host="cres.anu.edu.au" />
+	<target host="cs.anu.edu.au" />
+	<target host="cweep.anu.edu.au" />
+	<target host="cyber.anu.edu.au" />
+	<target host="cyberinstitute.anu.edu.au" />
+	<target host="cybersecurity.anu.edu.au" />
+	<target host="datacommons.anu.edu.au" />
+	<target host="ddca.anu.edu.au" />
+	<target host="ddca-staging.anu.edu.au" />
+	<target host="demography.anu.edu.au" />
+	<target host="dev-dri.anu.edu.au" />
+	<target host="devpolicy.anu.edu.au" />
+	<target host="dhg.anu.edu.au" />
+	<target host="dhh.anu.edu.au" />
+	<target host="digitalcollections.anu.edu.au" />
+	<target host="disability.anu.edu.au" />
+	<target host="dmm.anu.edu.au" />
+	<target host="dri.anu.edu.au" />
+	<target host="drss.anu.edu.au" />
+	<target host="drupal.anu.edu.au" />
+	<target host="eah.anu.edu.au" />
+	<target host="earlytraumagrief.anu.edu.au" />
+	<target host="ecouch.anu.edu.au" />
+	<target host="eeme.anu.edu.au" />
+	<target host="eforms.anu.edu.au" />
+	<target host="eformscd.anu.edu.au" />
+	<target host="eformsci.anu.edu.au" />
+	<target host="emhprac.anu.edu.au" />
+	<target host="energy.anu.edu.au" />
+	<target host="eng.anu.edu.au" />
+	<target host="eportfolio.anu.edu.au" />
+	<target host="eportfolio-cldev.anu.edu.au" />
+	<target host="eportfolio-stage.anu.edu.au" />
+	<target host="eportfolio-test.anu.edu.au" />
+	<target host="eportfolio-test-1810.anu.edu.au" />
+	<target host="eportfolio-test-1904.anu.edu.au" />
+	<target host="epress.anu.edu.au" />
+	<target host="era.anu.edu.au" />
+	<target host="era-test.anu.edu.au" />
+	<target host="erms.anu.edu.au" />
+	<target host="esincludes.anu.edu.au" />
+	<target host="espfin.anu.edu.au" />
+	<target host="esweb.anu.edu.au" />
+	<target host="evaluations.anu.edu.au" />
+	<target host="dev.evaluations.anu.edu.au" />
+	<target host="events.anu.edu.au" />
+	<target host="eview.anu.edu.au" />
+	<target host="exams.anu.edu.au" />
+	<target host="exams-dev.anu.edu.au" />
+	<target host="experts.anu.edu.au" />
+	<target host="extension.anu.edu.au" />
+	<target host="facilities.anu.edu.au" />
+	<target host="fenner-school.anu.edu.au" />
+	<target host="fennerhall.anu.edu.au" />
+	<target host="fennerschool.anu.edu.au" />
+	<target host="fennerschool-associated.anu.edu.au" />
+	<target host="fennerschool-internal.anu.edu.au" />
+	<target host="fennerschool-people.anu.edu.au" />
+	<target host="fennerschool-research.anu.edu.au" />
+	<target host="fennerweb.anu.edu.au" />
+	<target host="find.anu.edu.au" />
+	<target host="foi.anu.edu.au" />
+	<target host="freilich.anu.edu.au" />
+	<target host="gambling.anu.edu.au" />
+	<target host="gitlab.anu.edu.au" />
+	<target host="givingonline.anu.edu.au" />
+	<target host="gnosia.anu.edu.au" />
+	<target host="gpportal.anu.edu.au" />
+	<target host="grandchallenges.anu.edu.au" />
+	<target host="graphc.anu.edu.au" />
+	<target host="graphc-atlas.anu.edu.au" />
+	<target host="graphc-dev.anu.edu.au" />
+	<target host="graphc-gis.anu.edu.au" />
+	<target host="graphc-portal1.anu.edu.au" />
+	<target host="graphc-portal2.anu.edu.au" />
+	<target host="graphcls.anu.edu.au" />
+	<target host="graphcred.anu.edu.au" />
+	<target host="graphcwiki.anu.edu.au" />
+	<target host="greenict.anu.edu.au" />
+	<target host="griffinhall.anu.edu.au" />
+	<target host="health.anu.edu.au" />
+	<target host="history.anu.edu.au" />
+	<target host="hmi.anu.edu.au" />
+	<target host="www.hmi.anu.edu.au" />
+	<target host="horus.anu.edu.au" />
+	<target host="selfservice.horus.anu.edu.au" />
+	<target host="housingonline.anu.edu.au" />
+	<target host="hr.anu.edu.au" />
+	<target host="hrc.anu.edu.au" />
+	<target host="humanities.anu.edu.au" />
+	<target host="i2s.anu.edu.au" />
+	<target host="www.i2s.anu.edu.au" />
+	<target host="icam.anu.edu.au" />
+	<target host="icfbookings-jcsmr.anu.edu.au" />
+	<target host="icprintadmin.anu.edu.au" />
+	<target host="identity.anu.edu.au" />
+	<target host="idp-dev.anu.edu.au" />
+	<target host="idp2.anu.edu.au" />
+	<target host="idtc-ci01.anu.edu.au" />
+	<target host="idtc-d01.anu.edu.au" />
+	<target host="idtc-p01.anu.edu.au" />
+	<target host="iguide.anu.edu.au" />
+	<target host="ihig.anu.edu.au" />
+	<target host="ilp.anu.edu.au" />
+	<target host="imagebank.anu.edu.au" />
+	<target host="indigenous.anu.edu.au" />
+	<target host="info.anu.edu.au" />
+	<target host="information.anu.edu.au" />
+	<target host="innovation.anu.edu.au" />
+	<target host="inspace.anu.edu.au" />
+	<target host="ippa.anu.edu.au" />
+	<target host="isis.anu.edu.au" />
+	<target host="itservicedesk.anu.edu.au" />
+	<target host="itservices.anu.edu.au" />
+	<target host="jagws02.anu.edu.au" />
+	<target host="jcmrf.anu.edu.au" />
+	<target host="jcsmr.anu.edu.au" />
+	<target host="jikesrvm.anu.edu.au" />
+	<target host="johnxxiii.anu.edu.au" />
+	<target host="kambri.anu.edu.au" />
+	<target host="kioloa.anu.edu.au" />
+	<target host="kioloa-vfa.anu.edu.au" />
+	<target host="languages.anu.edu.au" />
+	<target host="law.anu.edu.au" />
+	<target host="www.law.anu.edu.au" />
+	<target host="flr.law.anu.edu.au" />
+	<target host="lawschool.anu.edu.au" />
+	<target host="lcms.anu.edu.au" />
+	<target host="lcms-test.anu.edu.au" />
+	<target host="learn.anu.edu.au" />
+	<target host="legalpractice.anu.edu.au" />
+	<target host="libguides.anu.edu.au" />
+	<target host="library.anu.edu.au" />
+	<target host="library-admin.anu.edu.au" />
+	<target host="lifecourse.anu.edu.au" />
+	<target host="linkr.anu.edu.au" />
+	<target host="linux.anu.edu.au" />
+	<target host="livingknowledge.anu.edu.au" />
+	<target host="llewellynhall.anu.edu.au" />
+	<target host="makerspace.anu.edu.au" />
+	<target host="marketing.anu.edu.au" />
+	<target host="maths.anu.edu.au" />
+	<target host="maths-intranet.anu.edu.au" />
+	<target host="matlab.anu.edu.au" />
+	<target host="mattermost.anu.edu.au" />
+	<target host="medicalschool.anu.edu.au" />
+	<target host="microscopy.anu.edu.au" />
+	<target host="mimo.anu.edu.au" />
+	<target host="moodgym.anu.edu.au" />
+	<target host="www.moodgym.anu.edu.au" />
+	<target host="music.anu.edu.au" />
+	<target host="myfiles.anu.edu.au" />
+	<target host="naru.anu.edu.au" />
+	<target host="ncb.anu.edu.au" />
+	<target host="nceph.anu.edu.au" />
+	<target host="ncig.anu.edu.au" />
+	<target host="ncis.anu.edu.au" />
+	<target host="nectar.anu.edu.au" />
+	<target host="neuroscience.anu.edu.au" />
+	<target host="news.anu.edu.au" />
+	<target host="nimhr.anu.edu.au" />
+	<target host="www.nimhr.anu.edu.au" />
+	<target host="online.anu.edu.au" />
+	<target host="openresearch.anu.edu.au" />
+	<target host="openresearch-repository.anu.edu.au" />
+	<target host="orientation.anu.edu.au" />
+	<target host="ovumkc.anu.edu.au" />
+	<target host="oxfordaustraliascholarships.anu.edu.au" />
+	<target host="parsa.anu.edu.au" />
+	<target host="persianlanguage.anu.edu.au" />
+	<target host="philanthropy.anu.edu.au" />
+	<target host="philosophy.anu.edu.au" />
+	<target host="photonics.anu.edu.au" />
+	<target host="physics.anu.edu.au" />
+	<target host="www.physics.anu.edu.au" />
+	<target host="git.physics.anu.edu.au" />
+	<target host="people.physics.anu.edu.au" />
+	<target host="plexus.anu.edu.au" />
+	<target host="policies.anu.edu.au" />
+	<target host="politics.anu.edu.au" />
+	<target host="polsir-prod.anu.edu.au" />
+	<target host="pop-up.anu.edu.au" />
+	<target host="preference.anu.edu.au" />
+	<target host="press.anu.edu.au" />
+	<target host="programsandcourses.anu.edu.au" />
+	<target host="admin.programsandcourses.anu.edu.au" />
+	<target host="admin.programsandcourses-test.anu.edu.au" />
+	<target host="projects.anu.edu.au" />
+	<target host="psychology.anu.edu.au" />
+	<target host="publicpolicy.anu.edu.au" />
+	<target host="qrng.anu.edu.au" />
+	<target host="rcc.anu.edu.au" />
+	<target host="conference.rcc.anu.edu.au" />
+	<target host="devconference.rcc.anu.edu.au" />
+	<target host="devportal.rcc.anu.edu.au" />
+	<target host="devsrweb.rcc.anu.edu.au" />
+	<target host="portal.rcc.anu.edu.au" />
+	<target host="srweb.rcc.anu.edu.au" />
+	<target host="recharge.anu.edu.au" />
+	<target host="reporter.anu.edu.au" />
+	<target host="research.anu.edu.au" />
+	<target host="researchers.anu.edu.au" />
+	<target host="researchstudents.anu.edu.au" />
+	<target host="www.rsa.anu.edu.au" />
+	<target host="rsaa.anu.edu.au" />
+	<target host="www.rsaa.anu.edu.au" />
+	<target host="www.rsabis.anu.edu.au" />
+	<target host="rsbbox.anu.edu.au" />
+	<target host="rsc.anu.edu.au" />
+	<target host="rse.anu.edu.au" />
+	<target host="www.rse.anu.edu.au" />
+	<target host="rsfas.anu.edu.au" />
+	<target host="www.rsfas.anu.edu.au" />
+	<target host="rsha.anu.edu.au" />
+	<target host="www.rsm.anu.edu.au" />
+	<target host="rspepeople.anu.edu.au" />
+	<target host="rsph.anu.edu.au" />
+	<target host="rss.anu.edu.au" />
+	<target host="rsss.anu.edu.au" />
+	<target host="samba.anu.edu.au" />
+	<target host="sari.anu.edu.au" />
+	<target host="sca-lws02.anu.edu.au" />
+	<target host="scapa.anu.edu.au" />
+	<target host="scholarships.anu.edu.au" />
+	<target host="scholarships-test.anu.edu.au" />
+	<target host="scholarskeep.anu.edu.au" />
+	<target host="science.anu.edu.au" />
+	<target host="scienceinternships.anu.edu.au" />
+	<target host="scienceprod1.anu.edu.au" />
+	<target host="scienceprod2.anu.edu.au" />
+	<target host="scinews.anu.edu.au" />
+	<target host="scu.anu.edu.au" />
+	<target host="scu-dev.anu.edu.au" />
+	<target host="search.anu.edu.au" />
+	<target host="secondarycollege.anu.edu.au" />
+	<target host="servicedesk.anu.edu.au" />
+	<target host="services.anu.edu.au" />
+	<target host="shop.anu.edu.au" />
+	<target host="sig.anu.edu.au" />
+	<target host="slc.anu.edu.au" />
+	<target host="slll.anu.edu.au" />
+	<target host="soa.anu.edu.au" />
+	<target host="soa-dev.anu.edu.au" />
+	<target host="sociology.anu.edu.au" />
+	<target host="solinvictus.anu.edu.au" />
+	<target host="specicount.anu.edu.au" />
+	<target host="sres.anu.edu.au" />
+	<target host="srr.anu.edu.au" />
+	<target host="srwfoundation.anu.edu.au" />
+	<target host="staff-iguide.anu.edu.au" />
+	<target host="stg-06.anu.edu.au" />
+	<target host="stlc.anu.edu.au" />
+	<target host="sts.anu.edu.au" />
+	<target host="student.anu.edu.au" />
+	<target host="studentjournals.anu.edu.au" />
+	<target host="students.anu.edu.au" />
+	<target host="students-prod.anu.edu.au" />
+	<target host="studyat.anu.edu.au" />
+	<target host="tch.anu.edu.au" />
+	<target host="tgn.anu.edu.au" />
+	<target host="www.tgn.anu.edu.au" />
+	<target host="timetable.anu.edu.au" />
+	<target host="toadhall.anu.edu.au" />
+	<target host="toast.anu.edu.au" />
+	<target host="training.anu.edu.au" />
+	<target host="transport.anu.edu.au" />
+	<target host="tto.anu.edu.au" />
+	<target host="tuckwell.anu.edu.au" />
+	<target host="tulgey.anu.edu.au" />
+	<target host="autodiscover.uds.anu.edu.au" />
+	<target host="mail.uds.anu.edu.au" />
+	<target host="udsexamweb01.uds.anu.edu.au" />
+	<target host="udspbgw101.uds.anu.edu.au" />
+	<target host="udsadfs.anu.edu.au" />
+	<target host="unistats.anu.edu.au" />
+	<target host="unistats-dev.anu.edu.au" />
+	<target host="ursula.anu.edu.au" />
+	<target host="vc-courses.anu.edu.au" />
+	<target host="vcdesk.anu.edu.au" />
+	<target host="virtual.anu.edu.au" />
+	<target host="virtual-dev1.anu.edu.au" />
+	<target host="virtualopenday.anu.edu.au" />
+	<target host="voteparsa.anu.edu.au" />
+	<target host="wattle.anu.edu.au" />
+	<target host="wattlecourses.anu.edu.au" />
+	<target host="webmango.anu.edu.au" />
+	<target host="webmango-staging.anu.edu.au" />
+	<target host="wiltshire.anu.edu.au" />
+	<target host="wirelessprinting.anu.edu.au" />
+	<target host="www-acep.anu.edu.au" />
+	<target host="www-dev1.anu.edu.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ANZ.co.nz.xml b/src/chrome/content/rules/ANZ.co.nz.xml
index 6c424d4c7621..0a3e376e9563 100644
--- a/src/chrome/content/rules/ANZ.co.nz.xml
+++ b/src/chrome/content/rules/ANZ.co.nz.xml
@@ -1,18 +1,27 @@
 <!--
 
 	For other ANZ coverage, see ANZ.com.xml
-	
+
 
 	Non-functional subdomains:
-	
+
 		- 3dsecure	(t)
 		- design.apps	(e)
 		- b2b	(t)
 		- b2b-a	(t)
 		- businessoutlook	(t)
+		- chat	(e)
+		- collect	(i)
 		- collect-oat	(i)
+		- comms		(r)
+		- customer	(i)
+		- digitaloatb	(m)
+		- digitaloatc	(m)
+		- digitaloatd	(m)
+		- digitalsit1	(r)
 		- ematching1	(t)
 		- ematching2	(t)
+		- fastpay-oat	(t)
 		- game	(t)
 		- game-oat	(t)
 		- gomoneymobile	(t)
@@ -23,17 +32,22 @@
 		- ks-b	(t)
 		- m	(t)
 		- moretooffer	(i)
+		- my	(r)
 		- myphotocard	(t)
+		- www.nonprod-staging-www	(r)
 		- ns1	(t)
 		- ns2	(t)
+		- onlinestore-oat	(t)
 		- onlinestore-oat2	(m)
 		- onlinestoreoat	(m)
 		- privatebank	(m)
+		- accountant.requestfinancials	(i)
 		- oat.accountant.requestfinancials	(i)
 		- sit.accountant.requestfinancials	(i)
 		- banker.requestfinancials	(i)
 		- oat.banker.requestfinancials	(i)
 		- sit.banker.requestfinancials	(i)
+		- customer.requestfinancials	(i)
 		- oat.customer.requestfinancials	(i)
 		- sit.customer.requestfinancials	(i)
 		- lending-api.requestfinancials	(i)
@@ -46,10 +60,13 @@
 		- sit.myob-accountright-live-v2.requestfinancials	(i)
 		- sit.xero-xro-api-v2.requestfinancials	(i)
 		- salesadmin	(r)
+		- secureoatc	(m)
 		- secureoatd	(r)
+		- securesit1	(SSL error)
+		- tools-oat		(t)
 		- tools-oat2	(m)
 		- toolsuat	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
@@ -57,7 +74,7 @@
 	r: connection refused
 	s: self-signed certificate
 	t: timeout on https
-	
+
 -->
 <ruleset name="ANZ.co.nz">
 
@@ -74,19 +91,10 @@
 	<target host="admin.businessbanker.anz.co.nz" />
 	<target host="www.admin.businessbanker.anz.co.nz" />
 	<target host="m.businessbanker.anz.co.nz" />
-	<target host="chat.anz.co.nz" />
-	<target host="collect.anz.co.nz" />
-	<target host="comms.anz.co.nz" />
-	<target host="customer.anz.co.nz" />
 	<target host="digital.anz.co.nz" />
 	<target host="digitalmediaapi.anz.co.nz" />
 	<target host="digitaloat.anz.co.nz" />
-	<target host="digitaloatb.anz.co.nz" />
-	<target host="digitaloatc.anz.co.nz" />
-	<target host="digitaloatd.anz.co.nz" />
-	<target host="digitalsit1.anz.co.nz" />
 	<target host="fastpay.anz.co.nz" />
-	<target host="fastpay-oat.anz.co.nz" />
 	<target host="fund.anz.co.nz" />
 	<target host="futurewise.anz.co.nz" />
 	<target host="futurewiseuat.anz.co.nz" />
@@ -98,13 +106,11 @@
 	<target host="merchandise.anz.co.nz" />
 	<target host="mmm.anz.co.nz" />
 	<target host="mmmoat.anz.co.nz" />
-	<target host="my.anz.co.nz" />
 	<target host="myfuture.anz.co.nz" />
 	<target host="myfuture-oat.anz.co.nz" />
 	<target host="www.nonprod-dev1-www.anz.co.nz" />
 	<target host="www.nonprod-dev2-www.anz.co.nz" />
 	<target host="www.nonprod-sandpit-www.anz.co.nz" />
-	<target host="www.nonprod-staging-www.anz.co.nz" />
 	<target host="www.nonprod-test1-www.anz.co.nz" />
 	<target host="www.nonprod-test2-www.anz.co.nz" />
 	<target host="www.nonprod-test3-www.anz.co.nz" />
@@ -113,28 +119,22 @@
 	<target host="www.nonprod-www.anz.co.nz" />
 	<target host="oatapps.anz.co.nz" />
 	<target host="onlinestore.anz.co.nz" />
-	<target host="onlinestore-oat.anz.co.nz" />
 	<target host="www.privatebank.anz.co.nz" />
 	<target host="propertyunlocked.anz.co.nz" />
 	<target host="propertyunlockeduat.anz.co.nz" />
-	<target host="accountant.requestfinancials.anz.co.nz" />
-	<target host="customer.requestfinancials.anz.co.nz" />
 	<target host="rural-manager.anz.co.nz" />
 	<target host="rural-manageruat.anz.co.nz" />
 	<target host="search.anz.co.nz" />
 	<target host="secure.anz.co.nz" />
 	<target host="secureoat.anz.co.nz" />
 	<target host="secureoatb.anz.co.nz" />
-	<target host="secureoatc.anz.co.nz" />
-	<target host="securesit1.anz.co.nz" />
 	<target host="staging-www.anz.co.nz" />
 	<target host="www.staging-www.anz.co.nz" />
 	<target host="tools.anz.co.nz" />
-	<target host="tools-oat.anz.co.nz" />
 	<target host="yoursay.anz.co.nz" />
 	<target host="www.yoursay.anz.co.nz" />
 
-  	<securecookie host="^(www\.)?anz\.co\.nz$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/ANZ.com.au.xml b/src/chrome/content/rules/ANZ.com.au.xml
new file mode 100644
index 000000000000..8a9742b66fa1
--- /dev/null
+++ b/src/chrome/content/rules/ANZ.com.au.xml
@@ -0,0 +1,47 @@
+<!--
+	For other ANZ coverage, see ANZ.com.xml
+
+
+	Non-functional subdomains:
+
+		- appointments	(m)
+		- www.borrowingpower	(r)
+		- buyready	(r)
+		- www.cxdesign	(s)
+		- invest	(t)
+		- www.nonprod-staging-www	(HTTP 503 error)
+		- unsubscribe	(t)
+		- www.unsubscribe	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ANZ.com.au">
+
+	<target host="anz.com.au" />
+	<target host="www.anz.com.au" />
+	<target host="www.internalpilot.anz.com.au" />
+	<target host="www.nonprod-dev1-www.anz.com.au" />
+	<target host="www.nonprod-dev2-www.anz.com.au" />
+	<target host="www.nonprod-sandpit-www.anz.com.au" />
+	<target host="www.nonprod-test1-www.anz.com.au" />
+	<target host="www.nonprod-test2-www.anz.com.au" />
+	<target host="www.nonprod-test3-www.anz.com.au" />
+	<target host="www.nonprod-test4-www.anz.com.au" />
+	<target host="www.nonprod-training-www.anz.com.au" />
+	<target host="www.nonprod-www.anz.com.au" />
+	<target host="propertyprofilereport.anz.com.au" />
+	<target host="www.propertyprofilereport.anz.com.au" />
+	<target host="staging-www.anz.com.au" />
+	<target host="www.staging-www.anz.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ANZ.com.xml b/src/chrome/content/rules/ANZ.com.xml
index d87acd091b24..ad4891717d8f 100644
--- a/src/chrome/content/rules/ANZ.com.xml
+++ b/src/chrome/content/rules/ANZ.com.xml
@@ -1,6 +1,7 @@
 <!--
 
-	Other related ruleset:
+	Other related rulesets:
+		- ANZ.com.au.xml
 		- ANZ.co.nz.xml
 
 
@@ -21,17 +22,25 @@
 		- qa.root.ocsp.anzpki	(t)
 		- www.anzprimehub	(t)
 		- anzsmartchoicesuperupdates	(m)
+		- www.anztransactive	(m)
 		- www.anzwealthinsights	(r)
 		- www.apexinsights	(r)
+		- api1	(t)
+		- api2	(t)
 		- apib	(t)
 		- apib2	(t)
 		- apibstage1	(t)
 		- apibstage2	(t)
 		- applepay	(m)
+		- apply1	(i)
+		- apply2	(i)
 		- applyonline	(s)
+		- appnz001aklp002	(r)
 		- apps	(e)
 		- av	(r)
 		- banking2poc	(e)
+		- banking3		(i)
+		- banking4		(i)
 		- betradeready	(m)
 		- www.betterinternetbanking	(t)
 		- betterways	(r)
@@ -98,7 +107,10 @@
 		- www.nonprod-web.nonprod-sit1.enotify	(r)
 		- expertise	(r)
 		- extmailinboundedge	(t)
+		- www.fastpaydev	(m)
+		- dev.fastpayportal		(m)
 		- demo1.fxonline	(t)
+		- demo2.fxonline	(HTTP 403 error)
 		- fxonline1	(s)
 		- fxonline2	(s)
 		- girebatescalculator	(t)
@@ -113,9 +125,11 @@
 		- homeloanequity	(m)
 		- ib4bdemo	(t)
 		- www.ib4bdemo	(t)
+		- id	(r)
 		- www.indepth	(r)
 		- indigenousculturalawareness	(r)
 		- info	(m)
+		- www.institutional	(m)
 		- institutionaldigital	(t)
 		- www.institutionaldigital	(t)
 		- insurance-declaration	(t)
@@ -131,14 +145,16 @@
 		- www.locate	(m)
 		- lowrateplatinumupgrade	(t)
 		- www.lowrateplatinumupgrade	(t)
+		- lyncdiscover	(m)
 		- marketrankings	(r)
 		- marketrates	(r)
+		- seg.mdm		(SSL connection error)
 		- magr.mdmqa	(s)
 		- awcm.mdmqa2	(t)
 		- pav.mdmqa2	(r)
 		- seg.mdmqa2	(t)
 		- www.media	(m)
-		- www.merchantstatements	(r)
+		- meet		(t)
 		- www.moneytransfer	(r)
 		- movingtoaustralia	(r)
 		- myplan	(t)
@@ -150,6 +166,7 @@
 		- nonprod-inwardunauthb2bqa	(t)
 		- www.nz	(m)
 		- www.online	(r)
+		- lifeclaims.online		(e)
 		- corporateportal1.online	(r)
 		- corporateportal2.online	(r)
 		- ematchingau1.online	(s)
@@ -160,8 +177,10 @@
 		- ematchingnz1.online	(s)
 		- ematchingnz2.online	(s)
 		- www.fileactive.online	(m)
+		- lqmtransactive.online		(SSL connection error)
 		- transact.online	(e)
 		- tsc.online	(t)
+		- tscid.online	(t)
 		- online-declaration-asa	(t)
 		- www.online-declaration-asa	(t)
 		- online-declaration-integra	(t)
@@ -176,6 +195,7 @@
 		- www.primehub	(t)
 		- priorityinsights	(t)
 		- www.priorityinsights	(t)
+		- (www.)private		(SSL error)
 		- aemauthor1.aws.privdmz	(r)
 		- promo	(r)
 		- propertytracker	(m)
@@ -186,14 +206,19 @@
 		- rewardsamexaccept	(t)
 		- www.rewardsamexaccept	(t)
 		- secure	(s)
+		- msl.secure1	(t)
+		- msl.secure2	(t)
 		- sellready	(m)
 		- www.sellready	(m)
 		- stage.sellready	(r)
 		- services1	(e)
 		- sg	(e)
 		- sgib	(t)
+		- www.shareholder	(m)
+		- taxtools.shareinvesting	(i)
 		- smallbusiness	(r)
 		- www.social	(e)
+		- spendinsights		(r)
 		- sponsorship	(t)
 		- www.sponsorship	(m)
 		- supercalculator	(t)
@@ -208,11 +233,13 @@
 		- www.transactivetrade	(r)
 		- travelcard	(r)
 		- tw	(m)
+		- twcardsonline	(t)
 		- twmail1	(r)
 		- updatemydetails	(t)
 		- www.updatemydetails	(t)
 		- video	(r)
 		- vis	(e)
+		- wac01		(t)
 		- warrants	(t)
 		- auth.wealth	(t)
 		- www.test1.wealth	(t)
@@ -222,11 +249,15 @@
 		- wealthhealthcheck	(t)
 		- www.wealthhealthcheck	(t)
 		- webconf	(r)
+		- webext01	(t)
+		- webext02	(t)
+		- webscheduler	(t)
 		- www.women	(r)
 		- www.yourgift	(r)
 
 	e: expired certificate
 	h: http redirect
+	i: invalid certificate chain
 	m: certificate mismatch
 	r: connection refused
 	s: self-signed certificate
@@ -237,24 +268,14 @@
 
 	<target host="anz.com" />
 	<target host="www.anz.com" />
-	<target host="access.anz.com" />
 	<target host="ebanking.americansamoa.anz.com" />
 	<target host="anzappinsights.anz.com" />
 	<target host="www.anzappinsights.anz.com" />
 	<target host="anzprimehub.anz.com" />
-	<target host="www.anztransactive.anz.com" />
-	<target host="gcp.anztransactive.anz.com" />
-	<target host="api1.anz.com" />
-	<target host="api2.anz.com" />
 	<target host="apib1.anz.com" />
-	<target host="apply1.anz.com" />
-	<target host="apply2.anz.com" />
-	<target host="appnz001aklp002.anz.com" />
 	<target host="appnz001aklp003.anz.com" />
 	<target host="appnz002aklp002.anz.com" />
 	<target host="appnz002aklp003.anz.com" />
-	<target host="banking3.anz.com" />
-	<target host="banking4.anz.com" />
 	<target host="bladepay.anz.com" />
 	<target host="bluenotes.anz.com" />
 	<target host="www.bluenotes.anz.com" />
@@ -264,7 +285,6 @@
 	<target host="www.cashactive.anz.com" />
 	<target host="fusionmatch.cashactive.anz.com" />
 	<target host="celebratewomeninit.anz.com" />
-	<target host="collect.anz.com" />
 	<target host="config.anz.com" />
 	<target host="coveredonline.anz.com" />
 	<target host="www.coveredonline.anz.com" />
@@ -277,18 +297,13 @@
 	<target host="www.fastpay.anz.com" />
 	<target host="dev.fastpay.anz.com" />
 	<target host="fastpaydev.anz.com" />
-	<target host="www.fastpaydev.anz.com" />
 	<target host="fastpayportal.anz.com" />
-	<target host="dev.fastpayportal.anz.com" />
 	<target host="www.fileactive.anz.com" />
 	<target host="forms.anz.com" />
-	<target host="demo2.fxonline.anz.com" />
 	<target host="gamesavematch.anz.com" />
 	<target host="www.gamesavematch.anz.com" />
 	<target host="globalinsights.anz.com" />
 	<target host="www.globalinsights.anz.com" />
-	<target host="gomoneyapi.anz.com" />
-	<target host="gomoneymobile.anz.com" />
 	<target host="secure.grow.anz.com" />
 	<target host="growinsights.anz.com" />
 	<target host="www.growinsights.anz.com" />
@@ -298,26 +313,18 @@
 	<target host="health.anz.com" />
 	<target host="www.health.anz.com" />
 	<target host="homeloanapply.anz.com" />
-	<target host="id.anz.com" />
 	<target host="infos.anz.com" />
-	<target host="insites.anz.com" />
 	<target host="institutional.anz.com" />
-	<target host="www.institutional.anz.com" />
 	<target host="onepath.investorinsights.anz.com" />
 	<target host="www.onepath.investorinsights.anz.com" />
 	<target host="jmbl.anz.com" />
-	<target host="lyncdiscover.anz.com" />
 	<target host="magr.mdm.anz.com" />
-	<target host="seg.mdm.anz.com" />
 	<target host="tunnelr.mdmqa2.anz.com" />
-	<target host="meet.anz.com" />
-	<target host="merchandise.anz.com" />
 	<target host="mfa-access.anz.com" />
 	<target host="mobilelending.anz.com" />
 	<target host="www.mobilelending.anz.com" />
 	<target host="mobilepayments.anz.com" />
 	<target host="www.mobilepayments.anz.com" />
-	<target host="mpay.anz.com" />
 	<target host="mstcl3.anz.com" />
 	<target host="au.corp.mydesk.anz.com" />
 	<target host="nz.corp.mydesk.anz.com" />
@@ -327,7 +334,6 @@
 	<target host="myportfoliosim.anz.com" />
 	<target host="newperspectives.anz.com" />
 	<target host="www.newperspectives.anz.com" />
-	<target host="secure.next.anz.com" />
 	<target host="anztransactive.online.anz.com" />
 	<target host="anzweblink.online.anz.com" />
 	<target host="caasutila.online.anz.com" />
@@ -337,9 +343,7 @@
 	<target host="fileactive.online.anz.com" />
 	<target host="gcptransactive.online.anz.com" />
 	<target host="imgbg5.online.anz.com" />
-	<target host="lifeclaims.online.anz.com" />
 	<target host="logon.online.anz.com" />
-	<target host="lqmtransactive.online.anz.com" />
 	<target host="markets.online.anz.com" />
 	<target host="olb.online.anz.com" />
 	<target host="pcm.online.anz.com" />
@@ -351,29 +355,21 @@
 	<target host="transtasmanadmin.online.anz.com" />
 	<target host="transtasmaniphone.online.anz.com" />
 	<target host="transtasmaniphone2.online.anz.com" />
-	<target host="tscid.online.anz.com" />
 	<target host="tscportal.online.anz.com" />
 	<target host="tscportalid.online.anz.com" />
 	<target host="onlineapps.anz.com" />
 	<target host="www.pcmapp.anz.com" />
-	<target host="private.anz.com" />
-	<target host="www.private.anz.com" />
 	<target host="propertyprofilereport.anz.com" />
 	<target host="www.propertyprofilereport.anz.com" />
 	<target host="recovery.anz.com" />
 	<target host="www.recovery.anz.com" />
-	<target host="msl.secure1.anz.com" />
-	<target host="msl.secure2.anz.com" />
 	<target host="selfmanagedsuper.anz.com" />
 	<target host="www.selfmanagedsuper.anz.com" />
 	<target host="sfe.anz.com" />
 	<target host="shareholder.anz.com" />
-	<target host="www.shareholder.anz.com" />
 	<target host="shareinvesting.anz.com" />
 	<target host="sstats.shareinvesting.anz.com" />
-	<target host="taxtools.shareinvesting.anz.com" />
 	<target host="smartchoice.anz.com" />
-	<target host="spendinsights.anz.com" />
 	<target host="superinsights.anz.com" />
 	<target host="www.superinsights.anz.com" />
 	<target host="admin.superregional.anz.com" />
@@ -383,20 +379,14 @@
 	<target host="www.asamember.superrenovation.anz.com" />
 	<target host="tennisgrants.anz.com" />
 	<target host="www.tennisgrants.anz.com" />
-	<target host="tesla.anz.com" />
-	<target host="www.tesla.anz.com" />
 	<target host="www.theedge.anz.com" />
-	<target host="twcardsonline.anz.com" />
 	<target host="twib.anz.com" />
 	<target host="verify.anz.com" />
-	<target host="wac01.anz.com" />
 	<target host="waf1x.anz.com" />
 	<target host="wealth.anz.com" />
 	<target host="www.wealth.anz.com" />
 	<target host="webauthecc.anz.com" />
-	<target host="webext01.anz.com" />
-	<target host="webext02.anz.com" />
-	<target host="webscheduler.anz.com" />
+		<test url="http://webauthecc.anz.com/OracleHTTPServer12c_files/footer.gif" />
 	<target host="wrap.anz.com" />
 	<target host="apply.wrap.anz.com" />
 	<target host="yourgift.anz.com" />
@@ -404,7 +394,7 @@
 	<target host="yourworld.anz.com" />
 	<target host="www.yourworld.anz.com" />
 
-  	<securecookie host="^www\.anz\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/AOE.com.xml b/src/chrome/content/rules/AOE.com.xml
index 40330abfeb81..06ff40fa07da 100644
--- a/src/chrome/content/rules/AOE.com.xml
+++ b/src/chrome/content/rules/AOE.com.xml
@@ -1,39 +1,10 @@
-<!--
-	CDN buckets:
-
-		- d1bxvq8g6qmzaf.cloudfront.net
-
-			- cdn1.aoe.com
-
-		- dgpnghoac0a43.cloudfront.net
-
-			-  cdn2.aoe.com
-
-
-	Some (most?) pages redirect to http.
-
-
-	Mixed content:
-
-		- Images from cdn1 *
-		- Images from cdn2 *
-
-	* Secured by us
-
--->
 <ruleset name="AOE.com (partial)">
 
 	<target host="aoe.com" />
-	<target host="*.aoe.com" />
-
-
-	<rule from="^http://(www\.)?aoe\.com/(?=$|\?|en/*(?:$|\?)|en/press/press-contact\.html|fileadmin/|typo3conf/|typo3temp/|uploads/)"
-		to="https://$1aoe.com/" />
-
-	<rule from="^http://cdn1\.aoe\.com/"
-		to="https://d1bxvq8g6qmzaf.cloudfront.net/" />
+	<target host="www.aoe.com" />
+	<target host="cdn1.aoe.com" />
+	<target host="cdn2.aoe.com" />
 
-	<rule from="^http://cdn2\.aoe\.com/"
-		to="https://dgpnghoac0a43.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AOK.de.xml b/src/chrome/content/rules/AOK.de.xml
index 3caa416f009a..dea5416056ec 100644
--- a/src/chrome/content/rules/AOK.de.xml
+++ b/src/chrome/content/rules/AOK.de.xml
@@ -27,7 +27,7 @@ Fetch error: http://www.familie.san.aok.de/ => https://familie.san.aok.de/: (7,
 Fetch error: http://familie.san.aok.de/ => https://familie.san.aok.de/: (7, 'Failed to connect to familie.san.aok.de port 443: Connection refused')
 
 -->
-<ruleset name="AOK.de" default_off='failed ruleset test'>
+<ruleset name="AOK.de" default_off="failed ruleset test">
 <target host="www.aok.de" />
 <target host="aok.de" />
 <target host="www.familie.aok.de" />
diff --git a/src/chrome/content/rules/AOL-Advertising.xml b/src/chrome/content/rules/AOL-Advertising.xml
index e76f45a3e3f4..a0c12c0322ac 100644
--- a/src/chrome/content/rules/AOL-Advertising.xml
+++ b/src/chrome/content/rules/AOL-Advertising.xml
@@ -14,7 +14,7 @@ Fetch error: http://px.at.atwola.com/ => https://px.at.atwola.com/: (6, 'Could n
 		- an.tacoda.net.edgesuite.net
 
 -->
-<ruleset name="Atwola.com" default_off='failed ruleset test'>
+<ruleset name="Atwola.com" default_off="failed ruleset test">
 
 	<target host="ar.atwola.com" />
 	<target host="tacoda.at.atwola.com" />
diff --git a/src/chrome/content/rules/AOL-mismatches.xml b/src/chrome/content/rules/AOL-mismatches.xml
index 41a0ffe83d65..02684029af22 100644
--- a/src/chrome/content/rules/AOL-mismatches.xml
+++ b/src/chrome/content/rules/AOL-mismatches.xml
@@ -6,41 +6,15 @@
 
 -->
 <ruleset name="AOL (mismatches)" default_off="mismatched">
-
-	<!--	Akamai	-->
-	<!--	cert: misc.blogsmith.aol.com	-->
-	<!--	Cert: misc.blogsmith.aol.com	-->
-	<target host="blogsmithmedia.com" />
-	<target host="www.blogsmithmedia.com" />
 	<!--
 		Moved to Akamai and broke.
 	<target host="mydaily.co.uk" />
 	<target host="www.mydaily.co.uk" /-->
 	<target host="an.tacoda.net" />
 
-
-	<!--securecookie host="^(.*\.)?mydaily\.co\.uk$" name=".*" /-->
-
-
-	<!--	- !www doesn't work.
-		- Images throw "Service Unavailable".
-	
-		Two examples of working paths:
-
-			- blogsmithmedia.com/corp.aol.com/media/jquery-fancybox_1-3-1.css
-			- blogsmithmedia.com/corp.aol.com/media/screen.css?v=1
-										-->
-	<rule from="^http://(?:www\.)?blogsmithmedia\.com/corp\.aol\.com/media/([\w\-\.]+)\.css(\?v=\d)?$"
-		to="https://www.blogsmithmedia.com/corp.aol.com/media/$1.css$2" />
-
-	<rule from="^http://(?:www\.)?blogsmithmedia\.com/translogic\.aolautos\.com/media/"
-		to="https://translogic.aolautos.com/media/" />
-
 	<!--	Moved to Akamai and broke: "An error occurred"
 	<rule from="^http://(?:www\.)?mydaily\.co\.uk/"
 		to="https://www.mydaily.co.uk/" /-->
 
-	<rule from="^http://an\.tacoda\.net/"
-		to="https://an.tacoda.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AOL.co.uk.xml b/src/chrome/content/rules/AOL.co.uk.xml
index 6d5ffe8e6cd4..72b211311c22 100644
--- a/src/chrome/content/rules/AOL.co.uk.xml
+++ b/src/chrome/content/rules/AOL.co.uk.xml
@@ -62,7 +62,7 @@ Fetch error: http://rs.aol.co.uk/ => https://rs.aol.co.uk/: (60, 'SSL certificat
 	* Secured by us
 
 -->
-<ruleset name="AOL.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="AOL.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AOL.xml b/src/chrome/content/rules/AOL.xml
index 0620b1e54870..739e8f0a35bf 100644
--- a/src/chrome/content/rules/AOL.xml
+++ b/src/chrome/content/rules/AOL.xml
@@ -1,4 +1,23 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://cdn.komentary.aol.com/confab/1/styles/confab.css => https://cdn.komentary.aol.com/confab/1/styles/confab.css: (6, 'Could not resolve host: cdn.komentary.aol.com')
+Fetch error: http://account.aol.com/ => https://account.aol.com/: (6, 'Could not resolve host: account.aol.com')
+Fetch error: http://captcha.aol.com/ => https://captcha.aol.com/: (6, 'Could not resolve host: captcha.aol.com')
+Fetch error: http://idgfm.corp.aol.com/ => https://idgfm.corp.aol.com/: (6, 'Could not resolve host: idgfm.corp.aol.com')
+Fetch error: http://i.aol.com/ => https://i.aol.com/: (6, 'Could not resolve host: i.aol.com')
+Fetch error: http://cdn.komentary.aol.com/ => https://cdn.komentary.aol.com/: (6, 'Could not resolve host: cdn.komentary.aol.com')
+Fetch error: http://account.login.aol.com/ => https://account.login.aol.com/: (6, 'Could not resolve host: account.login.aol.com')
+Fetch error: http://api.mail.aol.com/ => https://api.mail.aol.com/: (6, 'Could not resolve host: api.mail.aol.com')
+Fetch error: http://cdn.mail.aol.com/ => https://cdn.mail.aol.com/: (6, 'Could not resolve host: cdn.mail.aol.com')
+Fetch error: http://new.aol.com/ => https://new.aol.com/: (6, 'Could not resolve host: new.aol.com')
+Fetch error: http://openid.aol.com/ => https://openid.aol.com/: (6, 'Could not resolve host: openid.aol.com')
+Fetch error: http://api.oscar.aol.com/ => https://api.oscar.aol.com/: (6, 'Could not resolve host: api.oscar.aol.com')
+Fetch error: http://s2c.aol.com/ => https://s2c.aol.com/: (6, 'Could not resolve host: s2c.aol.com')
+Fetch error: http://dashboard.voice.aol.com/ => https://dashboard.voice.aol.com/: (6, 'Could not resolve host: dashboard.voice.aol.com')
+Fetch error: http://expapi.oscar.aol.com/ => https://api.oscar.aol.com/: (6, 'Could not resolve host: api.oscar.aol.com')
+
 
 	For problematic coverage, see AOL-mismatches.xml.
 
@@ -11,12 +30,9 @@
 		- Adtech.de.xml
 		- Adtechus.com.xml
 		- Advertising.com.xml
-		- AIM.com.xml
 		- AOL.co.uk.xml
 		- AOL-Advertising.xml
-		- AOL_CDN.com.xml
 		- AOL_On_Network.com.xml
-		- AOL_Platforms.com.xml
 		- Auto_Blog.com.xml
 		- blogsmithmedia.com.xml
 		- CrunchBoard.com.xml
@@ -160,26 +176,26 @@
 				-->
 	<target host="aol.com" />
 	<target host="www.aol.com" />
-	<target host="account.aol.com" />
+	<!-- target host="account.aol.com" /-->
 	<target host="adinfo.aol.com" />
 	<target host="bill.aol.com" />
 	<target host="build.aol.com" />
-	<target host="captcha.aol.com" />
+	<!-- target host="captcha.aol.com" /-->
 	<target host="ui.comet.aol.com" />
 	<target host="contactus.aol.com" />
-	<target host="idgfm.corp.aol.com" />
+	<!-- target host="idgfm.corp.aol.com" /-->
 	<target host="discover.aol.com" />
 	<target host="feedback.aol.com" />
-	<target host="i.aol.com" />
+	<!-- target host="i.aol.com" /-->
 	<target host="help.aol.com" />
-	<target host="cdn.komentary.aol.com" />
+	<!-- target host="cdn.komentary.aol.com" /-->
 	<target host="mail.latino.aol.com" />
-	<target host="account.login.aol.com" />
+	<!-- target host="account.login.aol.com" /-->
 
 	<target host="mail.aol.com" />
-	<target host="api.mail.aol.com" />
+	<!-- target host="api.mail.aol.com" /-->
 	<target host="beta.mail.aol.com" />
-	<target host="cdn.mail.aol.com" />
+	<!-- target host="cdn.mail.aol.com" /-->
 	<target host="rpc.mail.aol.com" />
 	<target host="rpc1.mail.aol.com" />
 	<target host="webmail1.mail.aol.com" />
@@ -187,22 +203,20 @@
 	<target host="membernotifications.aol.com" />
 	<target host="myaccount.aol.com" />
 	<target host="mybenefits.aol.com" />
-	<target host="new.aol.com" />
-	<target host="openid.aol.com" />
-	<target host="api.oscar.aol.com" />
+	<!-- target host="new.aol.com" /-->
+	<!-- target host="openid.aol.com" /-->
+	<!-- target host="api.oscar.aol.com" /-->
 	<target host="portfolios.aol.com" />
 	<target host="postmaster.aol.com" />
-	<target host="s2c.aol.com" />
+	<!-- target host="s2c.aol.com" /-->
 	<target host="my.screenname.aol.com" />
 	<target host="search.aol.com" />
 	<target host="shop.aol.com" />
-	<target host="dashboard.voice.aol.com" />
-
-		<test url="http://cdn.komentary.aol.com/confab/1/styles/confab.css" />
+	<!-- target host="dashboard.voice.aol.com" /-->
 
 	<!--	Complications:
 				-->
-	<target host="expapi.oscar.aol.com" />
+	<!-- target host="expapi.oscar.aol.com" /-->
 	<target host="webmail.aol.com" />
 
 		<!--	Added by AOL, required for http logout.
@@ -236,10 +250,6 @@
 	<securecookie host="^\." name="^(?:_ga|optimizely)" />
 	<securecookie host="(^|\.)(bill|build|discover|i|myaccount|mybenefits|new|portfolios|postmaster|dashboard\.voice)\.aol\.com$" name=".+" />
 
-
-	<rule from="^http://expapi\.oscar\.aol\.com/"
-		to="https://api.oscar.aol.com/" />
-
 	<rule from="^http://webmail\.aol\.com/"
 		to="https://mail.aol.com/" />
 
diff --git a/src/chrome/content/rules/AOL_CDN.com.xml b/src/chrome/content/rules/AOL_CDN.com.xml
deleted file mode 100644
index a70d8f7eff72..000000000000
--- a/src/chrome/content/rules/AOL_CDN.com.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	For problematic coverage, see AOL_CDN.com-problematic.xml.
-
-	For other AOL coverage, see AOL.xml.
-
-
-	CDN buckets:
-
-		- www.aol.com.edgesuite.net
-
-			- portal.aolcdn.com
-
-		- myfeeds.aolcdn.com.edgesuite.net
-		- o.aolcdn-ds.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- euportal.aolcdn.com		(503, Akamai)
-		- myfeeds.aolcdn.com		(ditto)
-
-
-	Problematic hosts in *aolcdn.com:
-
-		- portal *
-
-	* Mismatched
-
--->
-<ruleset name="AOL CDN.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="o.aolcdn.com" />
-	<target host="s.aolcdn.com" />
-	<target host="sns-static.aolcdn.com" />
-
-		<test url="http://s.aolcdn.com/dims5/amp:7b867aa6bbd857f5c1eb4cc905d9013b488d93e5/t:30,30/q:80/?url=http%3A%2F%2Fwww.blogcdn.com%2Fwww.engadget.com%2Fmedia%2F2016%2F02%2Feng-icon-white-160x160.png" />
-		<test url="http://sns-static.aolcdn.com/sns.v16r7/images/lp-aol-head-lg.png" /><!--	6664 -->
-
-	<!--	Complications:
-				-->
-	<target host="o3.aolcdn.com" />
-
-
-	<rule from="^http://o3\.aolcdn\.com/"
-		to="https://s.aolcdn.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AOL_On_Network.com.xml b/src/chrome/content/rules/AOL_On_Network.com.xml
index 175785bdd705..d35b503ef5f8 100644
--- a/src/chrome/content/rules/AOL_On_Network.com.xml
+++ b/src/chrome/content/rules/AOL_On_Network.com.xml
@@ -32,7 +32,7 @@ Fetch error: http://support.aolonnetwork.com/ => https://support.aolonnetwork.co
 		- console.aolonnetwork.com
 
 -->
-<ruleset name="AOL On Network.com (partial)" default_off='failed ruleset test'>
+<ruleset name="AOL On Network.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AOL_Platforms.com.xml b/src/chrome/content/rules/AOL_Platforms.com.xml
deleted file mode 100644
index 3de627446daa..000000000000
--- a/src/chrome/content/rules/AOL_Platforms.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other AOL coverage, see AOL.xml.
-
-
-	^aolplatforms.com: Refused
-
--->
-<ruleset name="AOL Platforms.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.aolplatforms.com" />
-
-	<!--	Complications:
-				-->
-	<target host="aolplatforms.com" />
-
-
-	<rule from="^http://aolplatforms\.com/"
-		to="https://www.aolplatforms.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AOMedia.org.xml b/src/chrome/content/rules/AOMedia.org.xml
new file mode 100644
index 000000000000..e9dec1c79c7f
--- /dev/null
+++ b/src/chrome/content/rules/AOMedia.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AOMedia.org">
+	<target host="aomedia.org" />
+	<target host="www.aomedia.org" />
+	<target host="build.aomedia.org" />
+	<target host="groups.aomedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AP.org.xml b/src/chrome/content/rules/AP.org.xml
new file mode 100644
index 000000000000..124ee57b9b02
--- /dev/null
+++ b/src/chrome/content/rules/AP.org.xml
@@ -0,0 +1,51 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- aphelp.ap.org
+		- apimages.ap.org
+		- discover.ap.org
+		- geomancer.ap.org
+		- hosted2admin.ap.org
+		- markets.ap.org
+		- roam.ap.org
+		- www.roam.ap.org
+		- sbmaster.ap.org
+		- webmail.ap.org
+
+		SSL connect error:
+		- feeds.ap.org
+
+		SSL peer certificate was not OK:
+		- aptndirect.ap.org
+		- customersupport.ap.org
+		- stream.labs.ap.org
+		- www.summergames.ap.org
+		- surveys.ap.org
+		- video.ap.org
+-->
+<ruleset name="AP.org">
+	<target host="ap.org" />
+	<target host="www.ap.org" />
+	<target host="bigstory.ap.org" />
+	<target host="binaryapi.ap.org" />
+	<target host="blog.ap.org" />
+	<target host="careers.ap.org" />
+	<target host="collegebasketball.ap.org" />
+	<target host="www.collegebasketball.ap.org" />
+	<target host="collegefootball.ap.org" />
+	<target host="www.collegefootball.ap.org" />
+	<target host="developer.ap.org" />
+	<target host="elections.ap.org" />
+	<target host="hosted.ap.org" />
+	<target host="inside.ap.org" />
+	<target host="insights.ap.org" />
+	<target host="pro32.ap.org" />
+	<target host="racing.ap.org" />
+	<target host="www.racing.ap.org" />
+	<target host="store.ap.org" />
+	<target host="sunshine.ap.org" />
+	<target host="wfm.ap.org" />
+	<target host="wintergames.ap.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/API_Analytics.com.xml b/src/chrome/content/rules/API_Analytics.com.xml
deleted file mode 100644
index a4c390aaae06..000000000000
--- a/src/chrome/content/rules/API_Analytics.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Mashape coverage, see Mashape.com.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .apianalytics.com
-
--->
-<ruleset name="API Analytics.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="apianalytics.com" />
-	<target host="www.apianalytics.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.apianalytics\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.apianalytics\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/APM.com.xml b/src/chrome/content/rules/APM.com.xml
index 0016fa2aa5db..b91da56916a9 100644
--- a/src/chrome/content/rules/APM.com.xml
+++ b/src/chrome/content/rules/APM.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://myapm.apm.com/ => https://myapm.apm.com/: (60, 'SSL certific
 		- www
 
 -->
-<ruleset name="APM.com" default_off='failed ruleset test'>
+<ruleset name="APM.com" default_off="failed ruleset test">
 
 	<target host="apm.com" />
 	<target host="myapm.apm.com" />
diff --git a/src/chrome/content/rules/APNews.com.xml b/src/chrome/content/rules/APNews.com.xml
index 567fb55c1bda..909f9f0f78bc 100644
--- a/src/chrome/content/rules/APNews.com.xml
+++ b/src/chrome/content/rules/APNews.com.xml
@@ -14,7 +14,7 @@
 	<target host="apnews.com" />
 	<target host="www.apnews.com" />
 	<target host="blog.apnews.com" />
-	
+
 	<securecookie host="^(www\.)?apnews\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/APO_Box.com.xml b/src/chrome/content/rules/APO_Box.com.xml
index f6e521dcbd78..01e66c0fa42c 100644
--- a/src/chrome/content/rules/APO_Box.com.xml
+++ b/src/chrome/content/rules/APO_Box.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="APO Box.com">
 
 	<target host="apobox.com" />
-	<target host="*.apobox.com" />
+	<target host="www.apobox.com" />
+	<target host="support.apobox.com" />
 
 
 	<!--	Server doesn't set Secure for:
diff --git a/src/chrome/content/rules/ARDMediathek.de.xml b/src/chrome/content/rules/ARDMediathek.de.xml
new file mode 100644
index 000000000000..7b19a8cd5725
--- /dev/null
+++ b/src/chrome/content/rules/ARDMediathek.de.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		cai.ardmediathek.de
+		hbbtv.ardmediathek.de
+		m.ardmediathek.de
+		programm.ardmediathek.de
+
+	Timeout:
+		audiothek-origin-tua.ardmediathek.de
+		cai-tua.ardmediathek.de
+		exp.ardmediathek.de
+		exp-origin.ardmediathek.de
+		exp-tua.ardmediathek.de
+		www.m.ardmediathek.de
+		www-origin-personal-tua.ardmediathek.de
+-->
+<ruleset name="ARDMediathek.de">
+
+	<target host="ardmediathek.de" />
+	<target host="www.ardmediathek.de" />
+	<target host="appdata.ardmediathek.de" />
+	<target host="appdata-staging.ardmediathek.de" />
+	<target host="appdata-tua.ardmediathek.de" />
+	<target host="audiothek.ardmediathek.de" />
+	<target host="audiothek-tua.ardmediathek.de" />
+	<target host="img.ardmediathek.de" />
+	<target host="img-staging.ardmediathek.de" />
+	<target host="img-tua.ardmediathek.de" />
+	<target host="www-staging.ardmediathek.de" />
+	<target host="www-tua.ardmediathek.de" />
+
+	<!-- Invalid certificate on https://ardmediathek.de/,
+	http://ardmediathek.de/ redirects to http://www.ardmediathek.de/ -->
+	<rule from="^http://ardmediathek\.de/"
+		to="https://www.ardmediathek.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ARICR.org.xml b/src/chrome/content/rules/ARICR.org.xml
new file mode 100644
index 000000000000..693dadf7679a
--- /dev/null
+++ b/src/chrome/content/rules/ARICR.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ARICR.org">
+	<target host="aricr.org" />
+	<target host="www.aricr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ARIN.net.xml b/src/chrome/content/rules/ARIN.net.xml
index 0010a4f9f563..5934255c677c 100644
--- a/src/chrome/content/rules/ARIN.net.xml
+++ b/src/chrome/content/rules/ARIN.net.xml
@@ -29,7 +29,7 @@ Fetch error: http://updown-pilot.arin.net/ => https://updown-pilot.arin.net/: (6
 		- www
 
 -->
-<ruleset name="ARIN.net (partial)" default_off='failed ruleset test'>
+<ruleset name="ARIN.net (partial)" default_off="failed ruleset test">
 
 	<target host="arin.net" />
 	<target host="updown-pilot.arin.net" />
@@ -42,4 +42,4 @@ Fetch error: http://updown-pilot.arin.net/ => https://updown-pilot.arin.net/: (6
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ARIVA.DE.xml b/src/chrome/content/rules/ARIVA.DE.xml
new file mode 100644
index 000000000000..d1156e80a907
--- /dev/null
+++ b/src/chrome/content/rules/ARIVA.DE.xml
@@ -0,0 +1,65 @@
+<!--
+	Invalid certificate:
+		ac2010.ariva.de
+		acmobil.ariva.de
+		ag.ariva.de
+		six-structured-products.ariva.de
+		stwdepot.ariva.de
+
+	Non-2xx HTTP code:
+		files.ariva.de
+
+	Timeout:
+		product-read.easygov.ariva.de
+		product-write.easygov.ariva.de
+		ens[1-2].ariva.de
+		ns[1-2]?.ariva.de
+		push-portal.ariva.de
+-->
+<ruleset name="ARIVA.DE">
+
+	<target host="ariva.de" />
+	<target host="www.ariva.de" />
+	<target host="aaa.ariva.de" />
+	<target host="aktiencheck.ariva.de" />
+	<target host="anleihencheck.ariva.de" />
+	<target host="ars.ariva.de" />
+	<target host="bd2011.ariva.de" />
+	<target host="bfrank.ariva.de" />
+	<target host="bo.ariva.de" />
+	<target host="boersede.ariva.de" />
+	<target host="bondboard.ariva.de" />
+	<target host="data.ariva.de" />
+	<target host="donnerstag.ariva.de" />
+	<target host="www.easygov.ariva.de" />
+	<target host="api.easygov.ariva.de" />
+	<target host="services.easygov.ariva.de" />
+	<target host="www.test.easygov.ariva.de" />
+	<target host="fc2011.ariva.de" />
+	<target host="finanzen.ariva.de" />
+	<target host="finneu.ariva.de" />
+	<target host="ftp.ariva.de" />
+	<target host="futureforum.ariva.de" />
+	<target host="irpaket.ariva.de" />
+	<target host="m.ariva.de" />
+	<target host="newratings.ariva.de" />
+	<target host="notifications.ariva.de" />
+	<target host="onvista.ariva.de" />
+	<target host="optionsscheinecheck.ariva.de" />
+	<target host="pda.ariva.de" />
+	<target host="projekt.ariva.de" />
+	<target host="push.ariva.de" />
+	<target host="rohstoffecheck.ariva.de" />
+	<target host="sbroker.ariva.de" />
+	<target host="stockworld.ariva.de" />
+	<target host="streaming.ariva.de" />
+	<target host="ttz.ariva.de" />
+	<target host="webmail.ariva.de" />
+	<target host="za.ariva.de" />
+	<target host="zc.ariva.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ARM.com-problematic.xml b/src/chrome/content/rules/ARM.com-problematic.xml
deleted file mode 100644
index a606fae0edd2..000000000000
--- a/src/chrome/content/rules/ARM.com-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see ARM.xml.
-
--->
-<ruleset name="ARM.com (problematic)" default_off="expired, mismatched, self-signed">
-
-	<target host="ir.arm.com" />
-	<target host="malideveloper.arm.com" />
-
-
-	<!--	Server doesn't set Secure for:
-						-->
-	<securecookie host="^(?:i|malidevelope)r\.arm\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ARM.com.xml b/src/chrome/content/rules/ARM.com.xml
new file mode 100644
index 000000000000..371168934f88
--- /dev/null
+++ b/src/chrome/content/rules/ARM.com.xml
@@ -0,0 +1,56 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- designstart.arm.com
+		- infocenter.arm.com
+
+		SSL peer certificate was not OK:
+		- dr.community.arm.com
+		- forums.arm.com
+		- info.arm.com
+		- ir.arm.com
+		- license.arm.com
+		- malideveloper.arm.com
+		- mobile.arm.com
+
+		Incomplete certificate chain error:
+		- collaborate.code.arm.com
+		- static.docs.arm.com
+		- login.arm.com
+
+		5xx server error:
+		- www.qa.arm.com
+-->
+<ruleset name="ARM.com">
+	<target host="arm.com" />
+	<target host="www.arm.com" />
+
+	<target host="my.account.arm.com" />
+
+	<target host="sslvpn1.cambridge.arm.com" />
+	<target host="cmsis.arm.com" />
+	<target host="community.arm.com" />
+	<target host="qa.community.arm.com" />
+	<target host="www.community.arm.com" />
+
+	<target host="developer.arm.com" />
+	<target host="store.developer.arm.com" />
+	<target host="support.developer.arm.com" />
+	<target host="training.developer.arm.com" />
+	<target host="ds.arm.com" />
+
+	<target host="learn.arm.com" />
+
+	<target host="oils.arm.com" />
+	<target host="orgchart.arm.com" />
+
+	<target host="pages.arm.com" />
+
+	<target host="silver.arm.com" />
+
+	<target host="schedule.techcon.arm.com" />
+
+	<target host="usagereport.arm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ARM.xml b/src/chrome/content/rules/ARM.xml
deleted file mode 100644
index d3ffb96f1b3d..000000000000
--- a/src/chrome/content/rules/ARM.xml
+++ /dev/null
@@ -1,88 +0,0 @@
-<!--
-	For problematic rule, see ARM.com-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.) ¹
-		- forums ¹
-		- infocenter ²
-		- mobile ¹
-
-	¹ $ redirects to products...-standard.php, other paths 404; mismatched, CN: cmsis.arm.com
-	² Dropped
-
-
-	Problematic subdomains:
-
-		- ir ¹
-		- maildeveloper ²
-
-	¹ Works, akamai
-	² Works; expired 2013-10-18, self-signed, CN: localhost.localdomain
-
-
-	Observed cookie domains:
-
-		- cmsis ¹
-		- community ¹
-		- apps.community ¹
-		- community-uat ¹
-		- apps.community-uat ¹
-		- forums ²
-		- infocenter ²
-		- ir ³
-		- login ¹
-		- malideveloper ³
-		- mobile ²
-		- www ²
-
-	¹ Secured by us
-	² Not secured by us <= no tls support
-	³ Secured in ARM.com-problematic.xml
-
-
-	These altnames don't exist:
-
-		- dr.community.arm.com
-
-
-	Mixed content:
-
-		- css, on:
-
-			- ir from www ¹
-			- ir from phx.corporate-ir.net ¹
-			- malideveloper from $self ²
-
-		- Images, on:
-
-			- community from $self ¹
-			- apps.community from community ¹
-			- community-uat from $self ¹
-			- apps.community-uat from community-uat ¹
-			- ir from www ¹
-			- ir from media.corporate-ir.net ¹
-			- malideveloper from $self ²
-
-	¹ Secured by us
-	² Secured in ARM.com-problematic.xml
-
--->
-<ruleset name="ARM (partial)">
-
-	<target host="*.arm.com" />
-
-
-	<!--	Server doesn't set Secure for:
-						-->
-	<securecookie host="^(?:cmsis|(?:apps\.)?community(?:-uat)?|login)\.arm\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?arm\.com/(?=css/|images/)"
-		to="https://cmsis.arm.com/" />
-
-	<rule from="^http://(cmsis|(?:apps\.)?community(?:-uat)?|login|silver)\.arm\.com/"
-		to="https://$1.arm.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ARMservers.com.xml b/src/chrome/content/rules/ARMservers.com.xml
deleted file mode 100644
index 683c92911fd7..000000000000
--- a/src/chrome/content/rules/ARMservers.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ARM servers">
-
-	<target host="armservers.com" />
-	<target host="www.armservers.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ARPNetworks.com.xml b/src/chrome/content/rules/ARPNetworks.com.xml
index 6ff42bc00eb2..ecf8995b7457 100644
--- a/src/chrome/content/rules/ARPNetworks.com.xml
+++ b/src/chrome/content/rules/ARPNetworks.com.xml
@@ -5,10 +5,12 @@
 <ruleset name="ARPNetworks.com (partial)">
 
 	<target host="arpnetworks.com" />
-	<target host="*.arpnetworks.com" />
+	<target host="portal.arpnetworks.com" />
+	<target host="www.arpnetworks.com" />
+	<target host="support.arpnetworks.com" />
 
 
-	<securecookie host="^(?:.*\.)?arpnetworks\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(portal\.|www\.)?arpnetworks\.com/"
diff --git a/src/chrome/content/rules/AS200651.net.xml b/src/chrome/content/rules/AS200651.net.xml
new file mode 100644
index 000000000000..ff94e2e16494
--- /dev/null
+++ b/src/chrome/content/rules/AS200651.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Mismatched:
+		- ftp
+		- whm
+-->
+<ruleset name="as200651.net">
+	<target host="as200651.net" />
+	<target host="www.as200651.net" />
+	<target host="cpanel.as200651.net" />
+	<target host="fi.as200651.net" />
+	<target host="www.fi.as200651.net" />
+	<target host="cpanel.fi.as200651.net" />
+	<target host="mail.fi.as200651.net" />
+	<target host="webdisk.fi.as200651.net" />
+	<target host="webmail.fi.as200651.net" />
+	<target host="is.as200651.net" />
+	<target host="www.is.as200651.net" />
+	<target host="cpanel.is.as200651.net" />
+	<target host="mail.is.as200651.net" />
+	<target host="webdisk.is.as200651.net" />
+	<target host="webmail.is.as200651.net" />
+	<target host="mail.as200651.net" />
+	<target host="ro.as200651.net" />
+	<target host="www.ro.as200651.net" />
+	<target host="cpanel.ro.as200651.net" />
+	<target host="mail.ro.as200651.net" />
+	<target host="webdisk.ro.as200651.net" />
+	<target host="webmail.ro.as200651.net" />
+	<target host="webdisk.as200651.net" />
+	<target host="webmail.as200651.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ASADA.xml b/src/chrome/content/rules/ASADA.xml
index d3450d1e856e..1c625d72e705 100644
--- a/src/chrome/content/rules/ASADA.xml
+++ b/src/chrome/content/rules/ASADA.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Sports Anti-Doping Authority">
 	<target host="asada.gov.au" />
-	<target host="*.asada.gov.au" />
+	<target host="www.asada.gov.au" />
 
 	<rule from="^http://(?:www\.)?asada\.gov\.au/"
 		to="https://www.asada.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ASDA.xml b/src/chrome/content/rules/ASDA.xml
index 4d531d2ee6f6..ca73bd774aae 100644
--- a/src/chrome/content/rules/ASDA.xml
+++ b/src/chrome/content/rules/ASDA.xml
@@ -88,7 +88,7 @@ Fetch error: http://omniture.groceries.asda.com/ => https://groceries.asda.com.d
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ASDA.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ASDA.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ASIC.xml b/src/chrome/content/rules/ASIC.xml
index e7bbe57158f2..fe299f2a8b59 100644
--- a/src/chrome/content/rules/ASIC.xml
+++ b/src/chrome/content/rules/ASIC.xml
@@ -1,10 +1,12 @@
 <ruleset name="ASIC">
 	<target host="asic.gov.au" />
-	<target host="*.asic.gov.au" />
+	<target host="www.asic.gov.au" />
+	<target host="insolvencynotices.asic.gov.au" />
+	<target host="www.insolvencynotices.asic.gov.au" />
 
 	<rule from="^http://(?:www\.)?asic\.gov\.au/"
 		to="https://www.asic.gov.au/" />
 
 	<rule from="^http://(?:www\.)?insolvencynotices\.asic\.gov\.au/"
 		to="https://insolvencynotices.asic.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ASP.NET.xml b/src/chrome/content/rules/ASP.NET.xml
deleted file mode 100644
index 4e3a0a6b135a..000000000000
--- a/src/chrome/content/rules/ASP.NET.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	Nonfunctional hosts in *asp.net:
-
-		- (www.)? *
-		- weblogs *
-
-	* Redirects to http
-
-
-	Problematic hosts in *asp.net:
-
-		- i[123] *
-
-	* Akamai
-
--->
-<ruleset name="ASP.NET (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="login.asp.net" />
-	<target host="www.asp.net" />
-	<target host="asp.net" />
-	<target host="get.asp.net" />
-	<target host="docs.asp.net" />
-	<target host="hosting.asp.net" />
-	<target host="weblogs.asp.net" />
-	<target host="forums.asp.net" />
-	<target host="live.asp.net" />
-	<target host="samples.asp.net" />
-	<target host="quickstarts.asp.net" />
-	<target host="ajax.asp.net" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ATG_Web_Commerce.xml b/src/chrome/content/rules/ATG_Web_Commerce.xml
deleted file mode 100644
index 33785eda8b9d..000000000000
--- a/src/chrome/content/rules/ATG_Web_Commerce.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Oracle coverage, see Oracle.xml.
-
--->
-<ruleset name="ATG Web Commerce">
-
-	<target host="*.instantservice.com" />
-
-
-	<securecookie host="^[gr]s\.instantservice\.com$" name=".+" />
-
-
-	<rule from="^http://(g|r)s\.instantservice\.com/"
-		to="https://$1s.instantservice.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ATNAME.xml b/src/chrome/content/rules/ATNAME.xml
index 911b89d66ad6..d80fdf6158dc 100644
--- a/src/chrome/content/rules/ATNAME.xml
+++ b/src/chrome/content/rules/ATNAME.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?atname\.ru/"
 		to="https://atname.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATV.hu.xml b/src/chrome/content/rules/ATV.hu.xml
index 24c69c72a0d9..8b3c127c4237 100644
--- a/src/chrome/content/rules/ATV.hu.xml
+++ b/src/chrome/content/rules/ATV.hu.xml
@@ -8,7 +8,7 @@ Fetch error: http://static.atv.hu/ => https://static.atv.hu/: (6, 'Could not res
 	 - www.atv.hu cert mismatch
 	 - atv.hu cert mismatch
 -->
-<ruleset name="ATV.hu (partial)" default_off='failed ruleset test'>
+<ruleset name="ATV.hu (partial)" default_off="failed ruleset test">
 	<target host="static.atv.hu" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/AT_Internet_Solutions.xml b/src/chrome/content/rules/AT_Internet_Solutions.xml
index 443a3af45731..60022d59104f 100644
--- a/src/chrome/content/rules/AT_Internet_Solutions.xml
+++ b/src/chrome/content/rules/AT_Internet_Solutions.xml
@@ -7,7 +7,7 @@
 		- ^
 		- helpcenter.atinternet-solutions.com
 		- ulsecure.atinternet-solutions.com
-	
+
 
 	Connection refused:
 		- appschina.atinternet-solutions.com
@@ -22,7 +22,7 @@
 		- nx-prodfix-005-internal.atinternet-solutions.com
 		- nx005.atinternet-solutions.com
 		- nx005-internal.atinternet-solutions.com
-		- nxpreprod005.atinternet-solutions.com 
+		- nxpreprod005.atinternet-solutions.com
 
 	Timeout:
 		- apipreprod-020.atinternet-solutions.com
@@ -108,4 +108,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATandT.xml b/src/chrome/content/rules/ATandT.xml
index 21766f684284..bb476a5ed9fa 100644
--- a/src/chrome/content/rules/ATandT.xml
+++ b/src/chrome/content/rules/ATandT.xml
@@ -1,86 +1,63 @@
 <!--
 	Other AT&T rulesets:
-
 		- BellSouth.xml
 		- Sslcert35.com.xml
 
-
 	CDN buckets:
-
 		- cng.i.lithium.com
 
+	Connection refused:
+		- blogs.att.net
+		- preview.att.net
+		- repair.att.com
+		- www.research.att.com
 
-	Nonfunctional domains:
-
-		- att.com subdomains:
-
-			- repair		(times out)
-			- (www.)research	(prints "this is a test")
-			- savings
-			- att.uc		(http & https data differ)
-
-		- blogs.att.net *
-		- preview.att.net *
-		- (www.)attpublicpolicy.com	(shows RHEL default page, CN: localhost.localdomain)
-
-	* Times out
-
-
-	Problematic domains:
-
-		- att.com subdomains:
-
-			- (www.)business	(reset)
-			- uc			(works; mismatched, CN: *.sslcert35.com)
-
-
-	Fully covered domains:
-
-		- att.com subdomains:
-
-			- (www.)
-			- connect
-			- www.corp
-			- cprodmasx
-			- developer
-			- www.e-access
-			- forums
-			- localization
-			- networkingexchangeblog
-			- rewardcenter
-			- smb
-			- trial.uc
-			- ufix
-			- uversecentral[3]
-			- webhosting
-			- www.wireless
-
-		- [013].ecom.attccc.com
-
+	Invalid certificate:
+		- uc.att.com, equivalent to www.uc.att.com
 -->
-<ruleset name="AT&amp;T (partial)">
 
+<ruleset name="AT&amp;T (partial)">
+	<!-- att.com -->
 	<target host="att.com" />
-	<target host="*.att.com" />
-	<target host="*.ecom.attccc.com" />
-
+	<target host="www.att.com" />
+	<target host="about.att.com" />
+	<target host="business.att.com" />
+	<target host="www.business.att.com" />
+	<target host="www.corp.att.com" />
+	<target host="cprodmasx.att.com" />
+	<target host="developer.att.com" />
+	<target host="www.e-access.att.com" />
+	<target host="forums.att.com" />
+	<target host="localization.att.com" />
+	<target host="networkingexchangeblog.att.com" />
+	<target host="rewardcenter.att.com" />
+	<target host="smb.att.com" />
+	<target host="uc.att.com" />
+	<target host="www.uc.att.com" />
+	<target host="ufix.att.com" />
+	<target host="uversecentral.att.com" />
+	<target host="uversecentral1.att.com" />
+	<target host="uversecentral2.att.com" />
+	<target host="uversecentral3.att.com" />
+	<target host="webhosting.att.com" />
+	<target host="wireless.att.com" />
+	<target host="www.wireless.att.com" />
+
+	<!-- attccc.com -->
+	<target host="0.ecom.attccc.com" />
+	<target host="1.ecom.attccc.com" />
+	<target host="2.ecom.attccc.com" />
+	<target host="3.ecom.attccc.com" />
+
+	<!-- attpublicpolicy.com -->
+	<target host="attpublicpolicy.com" />
+	<target host="www.attpublicpolicy.com" />
 
 	<securecookie host="^.*\.att\.com$" name=".+" />
 
 
-	<rule from="^http://((?:connect|www\.corp|cprodmasx|developer|www\.e-access|forums|localization|networkingexchangeblog|rewardcenter|smb|trial\.uc|ufix|uversecentral\d|webhosting|www\.wireless|www)\.)?att\.com/"
-		to="https://$1att.com/" />
-
-	<rule from="^http://(?:www\.)?business\.att\.com/(?:enterprise/)?(?:\?.*)?$"
-		to="https://www.att.com/gen/landing-pages?pid=9214" />
-
-	<!--	https://wireless redirects to login, while
-		http://wireless redirects like so.
-							-->
-	<rule from="^http://wireless\.att\.com/($|\?)"
-		to="https://www.att.com/shop/wireless/$1" />
-
-	<rule from="^http://(\d)\.ecom\.attccc\.com/"
-		to="https://$1.ecom.attccc.com/" />
+	<rule from="^http://uc\.att\.com/"
+		to="https://www.uc.att.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ATbar.xml b/src/chrome/content/rules/ATbar.xml
index 6be6115abe70..51ca62f66252 100644
--- a/src/chrome/content/rules/ATbar.xml
+++ b/src/chrome/content/rules/ATbar.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ATech.io.xml b/src/chrome/content/rules/ATech.io.xml
index 46bf104d75d2..9f29f133e3f2 100644
--- a/src/chrome/content/rules/ATech.io.xml
+++ b/src/chrome/content/rules/ATech.io.xml
@@ -14,7 +14,7 @@ Fetch error: http://cacti.atech.io/ => https://cacti.atech.io/: (7, 'Failed to c
 		- cacti.atech.io
 
 -->
-<ruleset name="aTech.io" default_off='failed ruleset test'>
+<ruleset name="aTech.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ATrpms.net.xml b/src/chrome/content/rules/ATrpms.net.xml
index 1c3c3dfdb60c..c6bd2b7c73b9 100644
--- a/src/chrome/content/rules/ATrpms.net.xml
+++ b/src/chrome/content/rules/ATrpms.net.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?atrpms\.net/"
 		to="https://atrpms.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AVHT.org.xml b/src/chrome/content/rules/AVHT.org.xml
new file mode 100644
index 000000000000..ad292896c51d
--- /dev/null
+++ b/src/chrome/content/rules/AVHT.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AVHT.org">
+
+	<target host="avht.org" />
+	<target host="www.avht.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AVON.cz.xml b/src/chrome/content/rules/AVON.cz.xml
index 7248005852d8..c749753d5a7f 100644
--- a/src/chrome/content/rules/AVON.cz.xml
+++ b/src/chrome/content/rules/AVON.cz.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://avon.cz/ => https://avon.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'avon.cz'")
 
 -->
-<ruleset name="AVON.cz" default_off='failed ruleset test'>
+<ruleset name="AVON.cz" default_off="failed ruleset test">
     <target host="avon.cz" />
     <target host="www.avon.cz" />
 
diff --git a/src/chrome/content/rules/AWcloud.net.xml b/src/chrome/content/rules/AWcloud.net.xml
deleted file mode 100644
index 630ce2aa0bcc..000000000000
--- a/src/chrome/content/rules/AWcloud.net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(data differ; expired 2012-12-04, mismatched, CN: givemesomesugar.inkstonehq.com)
-
--->
-<ruleset name="AWcloud.net">
-
-	<target host="projecta.awcloud.net" />
-	<target host="stats.awcloud.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AWeber-Communications.xml b/src/chrome/content/rules/AWeber-Communications.xml
deleted file mode 100644
index e117fa020ceb..000000000000
--- a/src/chrome/content/rules/AWeber-Communications.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="AWeber Communications (partial)">
-	<target host="forms.aweber.com" />
-	<target host="help.aweber.com" />
-	<target host="labs.aweber.com" />
-
-	<securecookie host="^(?:forms|help|labs)\.aweber\.com$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/AWeber-static.com.xml b/src/chrome/content/rules/AWeber-static.com.xml
new file mode 100644
index 000000000000..43eb18005f54
--- /dev/null
+++ b/src/chrome/content/rules/AWeber-static.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other AWeber.com related rulesets, see AWeber.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.aweber-static.com
+		- awas2.aweber-static.com
+		- blog-can.aweber-static.com
+		- blog-cdn.aweber-static.com
+		- hostedimages.aweber-static.com
+		- hostmaster.aweber-static.com
+-->
+<ruleset name="AWeber-static.com (partial)">
+	<target host="aweber-static.com" />
+	<target host="assets.aweber-static.com" />
+	<target host="cdn1.aweber-static.com" />
+	<target host="cdn2.aweber-static.com" />
+	<target host="cdn3.aweber-static.com" />
+	<target host="cdn4.aweber-static.com" />
+	<target host="cdn5.aweber-static.com" />
+	<target host="hostedimages-cdn.aweber-static.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AWeber.com.xml b/src/chrome/content/rules/AWeber.com.xml
new file mode 100644
index 000000000000..a187687b922b
--- /dev/null
+++ b/src/chrome/content/rules/AWeber.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Other AWeber.com related rulesets:
+	+ AWeber-static.com.xml
+-->
+<ruleset name="AWeber.com">
+	<target host="aweber.com" />
+	<target host="www.aweber.com" />
+	<target host="aikidoroll.aweber.com" />
+	<target host="api.aweber.com" />
+	<target host="archive.aweber.com" />
+	<target host="analytics.aweber.com" />
+	<target host="blog.aweber.com" />
+	<target host="clicks.aweber.com" />
+	<target host="emailmasterminds.aweber.com" />
+	<target host="engineering.aweber.com" />
+	<target host="erickgamio.aweber.com" />
+	<target host="forms.aweber.com" />
+	<target host="help.aweber.com" />
+	<target host="labs.aweber.com" />
+	<target host="mindlessmarketing.aweber.com" />
+	<target host="nieuwsbriefsysteem.aweber.com" />
+	<target host="orms.aweber.com" />
+	<target host="services.aweber.com" />
+	<target host="status.aweber.com" />
+	<target host="stephenesketzis.aweber.com" />
+	<target host="webhooks.aweber.com" />
+	<target host="webmazter.aweber.com" />
+	<target host="wu.aweber.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AWeber.xml b/src/chrome/content/rules/AWeber.xml
deleted file mode 100644
index 8478203e9735..000000000000
--- a/src/chrome/content/rules/AWeber.xml
+++ /dev/null
@@ -1,103 +0,0 @@
-<!--
-
-	CDN buckets:
-
-		- hostedimages.aweber-static.com.s3.amazonaws.com
-
-		- blogcontent.awebercommunicat.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- blog-cdn.aweber-static.com
-
-	aweber.zendesk.com
-
-
-	Nonfunctional domains:
-
-		- missioncontrol.aweber.com ¹
-		- blog-cdn.aweber-static.com ²
-
-	¹ Refused
-	² 404, NetDNA
-
-
-	Problematic domains:
-
-		- status.aweber.com *
-
-	* StatusPage.io
-
-
-	Fully covered domains:
-
-		- aweber.com subdomains:
-
-			- analytics
-			- blog
-			- engineering
-			- forms
-			- help
-			- hosted	(→ s3.amazonaws.com)
-			- labs
-			- status	(→ aweber.statuspage.io)
-
-		- cdn[1-5].aweber-static.com
-
-
-	Mixed content:
-
-		- Images on blog.aweber.com from $self *
-
-	* Secured by us
-
--->
-<ruleset name="AWeber (partial)">
-
-	<target host="aweber.com" />
-	<target host="*.aweber.com" />
-		<!--
-			Some paths 302 to http.
-
-			These do:
-
-				- $
-				- affiliates.htm
-				- antispam.htm
-				- blog/
-				- email-marketing-features.htm
-				- pricing.htm
-				- privacy.htm
-
-			These don't:
-
-				- assets/
-				- contact-us.htm
-				- favicon.ico
-				- images/
-				- img/
-				- login.htm
-				- order.htm
-				- signup.htm
-
-		<exclusion pattern="^http://(?:www\.)?aweber\.com/(?:(?:(?:affiliates|antispam|email-marketing-features|priving|privacy)\.htm)?(?:$|\?))" /-->
-		<exclusion pattern="^http://(?:www\.)?aweber\.com/(?!assets/|banners/|blog(?:$|[?/])|(?:(?:contact-us|login|order|signup)\.htm)(?:$|\?)|favicon\.ico|images/|img/)" />
-	<target host="*.aweber-static.com" />
-
-
-	<securecookie host="^(?:\.?forms|help|labs)\.aweber\.com$" name=".+" />
-	<securecookie host=".*\.aweber-static\.com$" name=".+" />
-
-
-	<rule from="^http://status\.aweber\.com/"
-		to="https://aweber.statuspage.io/" />
-
-	<rule from="^http://((?:analytics|blog|engineering|forms|help|labs|www)\.)?aweber\.com/"
-		to="https://$1aweber.com/" />
-
-	<rule from="^http://cdn([1-5])\.aweber-static\.com/"
-		to="https://cdn$1.weber-static.com/" />
-
-	<rule from="^http://hostedimages\.aweber-static\.com/"
-		to="https://s3.amazonaws.com/hostedimages.aweber-static.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/A_1000_Words.com.xml b/src/chrome/content/rules/A_1000_Words.com.xml
index c64bf0bd04a0..0490eb9e8771 100644
--- a/src/chrome/content/rules/A_1000_Words.com.xml
+++ b/src/chrome/content/rules/A_1000_Words.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="A 1000 Words.com">
 
 	<target host="a1000words.com" />
-	<target host="*.a1000words.com" />
+	<target host="www.a1000words.com" />
 
 
 	<securecookie host="^\.a1000words\.com$" name=".+" />
diff --git a/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml b/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml
index fddaa17a1db5..db50637f447e 100644
--- a/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml
+++ b/src/chrome/content/rules/A_Plus_Flint_River_Ranch.xml
@@ -8,7 +8,7 @@ Fetch error: http://aplus-flint-river-ranch.com/ => https://aplus-flint-river-ra
 		- cats		(mismatched, CN: www.aplus-flint-river-ranch.com)
 
 -->
-<ruleset name="A+ Flint River Ranch" default_off='failed ruleset test'>
+<ruleset name="A+ Flint River Ranch" default_off="failed ruleset test">
 
 	<target host="aplus-flint-river-ranch.com" />
 	<target host="*.aplus-flint-river-ranch.com" />
diff --git a/src/chrome/content/rules/Aalto.fi.xml b/src/chrome/content/rules/Aalto.fi.xml
index 5d592af57897..3079280ca18c 100644
--- a/src/chrome/content/rules/Aalto.fi.xml
+++ b/src/chrome/content/rules/Aalto.fi.xml
@@ -58,7 +58,7 @@ Fetch error: http://artcoordination.aalto.fi/fi/midcom-serveattachmentguid-1e4ef
 		- wwwcms.aalto.fi
 
 -->
-<ruleset name="Aalto.fi (partial)" default_off='failed ruleset test'>
+<ruleset name="Aalto.fi (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Aan.sh.xml b/src/chrome/content/rules/Aan.sh.xml
index 8abe6fa3f966..820fa6fd6e59 100644
--- a/src/chrome/content/rules/Aan.sh.xml
+++ b/src/chrome/content/rules/Aan.sh.xml
@@ -5,7 +5,7 @@ Fetch error: http://aan.sh/ => https://aan.sh/: (7, 'Failed to connect to aan.sh
 Fetch error: http://www.aan.sh/ => https://www.aan.sh/: (7, 'Failed to connect to www.aan.sh port 443: Connection refused')
 
 -->
-<ruleset name="aan.sh" default_off='failed ruleset test'>
+<ruleset name="aan.sh" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Aaron_Brothers.xml b/src/chrome/content/rules/Aaron_Brothers.xml
deleted file mode 100644
index 56d1af295657..000000000000
--- a/src/chrome/content/rules/Aaron_Brothers.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Aaron Brothers">
-
-	<target host="aaronbrotherscircular.com" />
-	<target host="www.aaronbrotherscircular.com" />
-
-
-	<securecookie host="^(?:w*\.)?aaronbrotherscircular.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Aart_de_Vos.xml b/src/chrome/content/rules/Aart_de_Vos.xml
index 91a13e18f553..dc531fc231df 100644
--- a/src/chrome/content/rules/Aart_de_Vos.xml
+++ b/src/chrome/content/rules/Aart_de_Vos.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?aartdevos\.dk/(_css/|file/|_grafix/|konto(?:$|\?|/))"
 		to="https://$1aartdevos.dk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aastatus.net.xml b/src/chrome/content/rules/Aastatus.net.xml
index 3b94914fdebb..77f13140b139 100644
--- a/src/chrome/content/rules/Aastatus.net.xml
+++ b/src/chrome/content/rules/Aastatus.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.aastatus.net/ => https://www.aastatus.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.aastatus.net'")
 
 -->
-<ruleset name="Aastatus.net" default_off='failed ruleset test'>
+<ruleset name="Aastatus.net" default_off="failed ruleset test">
 	<target host="aastatus.net" />
 	<target host="www.aastatus.net" />
 
diff --git a/src/chrome/content/rules/Aaulan.dk.xml b/src/chrome/content/rules/Aaulan.dk.xml
index 59cfc8c8a525..2de79afa8acf 100644
--- a/src/chrome/content/rules/Aaulan.dk.xml
+++ b/src/chrome/content/rules/Aaulan.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://aaulan.dk/ => https://aaulan.dk/: (60, 'SSL certificate prob
 Fetch error: http://www.aaulan.dk/ => https://www.aaulan.dk/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Aaulan.dk" default_off='failed ruleset test'>
+<ruleset name="Aaulan.dk" default_off="failed ruleset test">
 
 	<target host="aaulan.dk" />
 	<target host="www.aaulan.dk" />
diff --git a/src/chrome/content/rules/Abbo-Shop.xml b/src/chrome/content/rules/Abbo-Shop.xml
index 8fbe86392055..6d8d2a42c721 100644
--- a/src/chrome/content/rules/Abbo-Shop.xml
+++ b/src/chrome/content/rules/Abbo-Shop.xml
@@ -1,8 +1,8 @@
-<ruleset name="Abbo-shop.ch" default_off='redirect to http'>
+<ruleset name="Abbo-shop.ch" default_off="redirect to http">
 	<target host="abbo-shop.ch" />
 	<target host="www.abbo-shop.ch" />
 
-	<securecookie host="^(?:.*\.)?abbo-shop\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Abbott-Laboratories.xml b/src/chrome/content/rules/Abbott-Laboratories.xml
deleted file mode 100644
index 23326278e364..000000000000
--- a/src/chrome/content/rules/Abbott-Laboratories.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://abbott.com/ => https://abbott.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://abbott.com/ => https://abbott.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
--->
-<ruleset name="Abbott Laboratories" default_off='failed ruleset test'>
-
-	<target host="abbott.com" />
-	<target host="www.abbott.com" />
-
-
-	<securecookie host="^(?:www\.)?abbott\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abdullah-ocalan.com.xml b/src/chrome/content/rules/Abdullah-ocalan.com.xml
index 9a7caa9afac2..5372de4ca429 100644
--- a/src/chrome/content/rules/Abdullah-ocalan.com.xml
+++ b/src/chrome/content/rules/Abdullah-ocalan.com.xml
@@ -1,6 +1,8 @@
-<ruleset name="Abdullah-ocalan.com"  platform="mixedcontent">
+<ruleset name="Abdullah-ocalan.com" >
 	<target host="abdullah-ocalan.com" />
 	<target host="www.abdullah-ocalan.com" />
 
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Abendblatt.de.xml b/src/chrome/content/rules/Abendblatt.de.xml
new file mode 100644
index 000000000000..fda906bc67ab
--- /dev/null
+++ b/src/chrome/content/rules/Abendblatt.de.xml
@@ -0,0 +1,118 @@
+<!--
+	Connection closed:
+		kundenservice.abendblatt.de
+		nl.abendblatt.de
+		wetter.abendblatt.de
+
+	Invalid certificate:
+		motoso.abendblatt.de
+		personalmarkt.abendblatt.de
+		sonderthemen.region.abendblatt.de
+
+	SSL: no alternative certificate subject name matches target host name:
+		abgeordnetenwatch.abendblatt.de
+		*.apps.abendblatt.de
+		css.abendblatt.de
+		hotels.abendblatt.de
+		www.m.abendblatt.de
+		www.mediahafen.abendblatt.de
+		medikamentenpreise.abendblatt.de
+		parship.abendblatt.de
+		spiele.abendblatt.de
+		www.spiele.abendblatt.de
+		stayfriends.abendblatt.de
+		treueprogramm.abendblatt.de
+		images.treueprogramm.abendblatt.de
+		www.veranstaltungen.abendblatt.de
+		vertrieb.abendblatt.de
+		images.vertrieb.abendblatt.de
+
+	Timeout:
+		www.abo.abendblatt.de
+		aboservice.abendblatt.de
+		aboservice1.abendblatt.de
+		anzeigen.abendblatt.de
+		www.anzeigen.abendblatt.de
+		(cue|dev[1-5]).aws.abendblatt.de
+		empfehlungen.abendblatt.de
+		www.empfehlungen.abendblatt.de
+		foto.abendblatt.de
+		funke-cms.abendblatt.de
+		mobilejoker.abendblatt.de
+		stepstone.abendblatt.de
+		trauer.abendblatt.de
+		www.trauer.abendblatt.de
+		virtualnights.abendblatt.de
+
+	Too many redirects while fetching:
+		interaktiv.abendblatt.de
+-->
+<ruleset name="Abendblatt.de">
+
+	<target host="abendblatt.de" />
+	<target host="www.abendblatt.de" />
+	<target host="abo.abendblatt.de" />
+	<target host="aboshop.abendblatt.de" />
+	<target host="anzeigen-neu.abendblatt.de" />
+	<target host="anzeigen-test.abendblatt.de" />
+	<target host="auf-reisen.abendblatt.de" />
+	<target host="auto.abendblatt.de" />
+	<target host="autodiscover.abendblatt.de" />
+	<target host="automarkt.abendblatt.de" />
+	<target host="uat.aws.abendblatt.de" />
+	<target host="becker-heller.abendblatt.de" />
+	<target host="blog.abendblatt.de" />
+	<target host="branchenbuch.abendblatt.de" />
+	<target host="china-trifft-hamburg.abendblatt.de" />
+	<target host="edu.abendblatt.de" />
+	<target host="emag.abendblatt.de" />
+	<target host="energie.abendblatt.de" />
+	<target host="epaper.abendblatt.de" />
+	<target host="facebook-blog.abendblatt.de" />
+	<target host="fbia.abendblatt.de" />
+	<target host="festival-blog.abendblatt.de" />
+	<target host="hochzeit.abendblatt.de" />
+	<target host="hsv-blog.abendblatt.de" />
+	<target host="img.abendblatt.de" />
+	<target host="immonet.abendblatt.de" />
+	<target host="job.abendblatt.de" />
+	<target host="kino.abendblatt.de" />
+	<target host="leserreisen.abendblatt.de" />
+	<target host="liveticker.abendblatt.de" />
+	<target host="m.abendblatt.de" />
+	<target host="magazinwelten.abendblatt.de" />
+	<target host="mediahafen.abendblatt.de" />
+	<target host="medizin.abendblatt.de" />
+	<target host="mein-quartier.abendblatt.de" />
+	<target host="mobil.abendblatt.de" />
+	<target host="niemalszweiteliga.abendblatt.de" />
+	<target host="raetsel.abendblatt.de" />
+	<target host="reader.abendblatt.de" />
+	<target host="rettet-den-hsv.abendblatt.de" />
+	<target host="server.abendblatt.de" />
+	<target host="shop.abendblatt.de" />
+	<target host="sonderthemen.abendblatt.de" />
+	<target host="sso.abendblatt.de" />
+	<target host="st-pauli-blog.abendblatt.de" />
+	<target host="stadtteilreporter-eimsbuettel.abendblatt.de" />
+	<target host="stadtteilreporter-eppendorf.abendblatt.de" />
+	<target host="stadtteilreporter-grindel.abendblatt.de" />
+	<target host="stadtteilreporter-ottensen.abendblatt.de" />
+	<target host="stadtteilreporter-schanzenviertel.abendblatt.de" />
+	<target host="stadtteilreporter-st-pauli.abendblatt.de" />
+	<target host="stadtteilreporter-winterhude.abendblatt.de" />
+	<target host="staticak-apps.abendblatt.de" />
+	<target host="straubhaar-blog.abendblatt.de" />
+	<target host="suche.abendblatt.de" />
+	<target host="telekommunikation.abendblatt.de" />
+	<target host="themenwelten.abendblatt.de" />
+	<target host="tv.abendblatt.de" />
+	<target host="vesseltracker.abendblatt.de" />
+	<target host="wissenschafts-blog.abendblatt.de" />
+	<target host="www2.abendblatt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AbenteuerLand.at.xml b/src/chrome/content/rules/AbenteuerLand.at.xml
deleted file mode 100644
index 23f02597436f..000000000000
--- a/src/chrome/content/rules/AbenteuerLand.at.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	(www.)?: loops
-
--->
-<ruleset name="AbenteuerLand.at (partial)">
-
-	<target host="psara.abenteuerland.at" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abercrombie.xml b/src/chrome/content/rules/Abercrombie.xml
new file mode 100644
index 000000000000..da02ae8d2122
--- /dev/null
+++ b/src/chrome/content/rules/Abercrombie.xml
@@ -0,0 +1,71 @@
+<!--
+	Invalid certificate:
+		- corporate.abercrombie.com
+		- m.sg.abercrombie.com
+		- www.uk.abercrombie.com
+-->
+
+<ruleset name="Abercrombie">
+	<!-- abercrombie.ca -->
+	<target host="abercrombie.ca" />
+	<target host="www.abercrombie.ca" />
+	<target host="fr-ca.abercrombie.ca" />
+	<target host="m.abercrombie.ca" />
+	<target host="cert.m.abercrombie.ca" />
+	<target host="cert-fr-ca.m.abercrombie.ca" />
+
+	<!-- abercrombie.cn -->
+	<target host="abercrombie.cn" />
+	<target host="m.abercrombie.cn" />
+
+	<!-- abercrombie.com -->
+	<target host="abercrombie.com" />
+	<target host="www.abercrombie.com" />
+	<target host="careers.abercrombie.com" />
+	<target host="cn-hk.abercrombie.com" />
+	<target host="m.cn-hk.abercrombie.com" />
+	<target host="de-eu.abercrombie.com" />
+	<target host="m.de-eu.abercrombie.com" />
+	<target host="e.abercrombie.com" />
+	<target host="es.abercrombie.com" />
+	<target host="m.es.abercrombie.com" />
+	<target host="es-eu.abercrombie.com" />
+	<target host="m.es-eu.abercrombie.com" />
+	<target host="eu.abercrombie.com" />
+	<target host="m.eu.abercrombie.com" />
+	<target host="fr-eu.abercrombie.com" />
+	<target host="m.fr-eu.abercrombie.com" />
+	<target host="hk.abercrombie.com" />
+	<target host="m.hk.abercrombie.com" />
+	<target host="it-eu.abercrombie.com" />
+	<target host="m.it-eu.abercrombie.com" />
+	<target host="ja-jp.abercrombie.com" />
+	<target host="m.ja-jp.abercrombie.com" />
+	<target host="jp.abercrombie.com" />
+	<target host="m.jp.abercrombie.com" />
+	<target host="m.abercrombie.com" />
+	<target host="cert.m.abercrombie.com" />
+	<target host="nl-eu.abercrombie.com" />
+	<target host="m.nl-eu.abercrombie.com" />
+	<target host="sg.abercrombie.com" />
+
+	<!-- abercrombie.com.hk -->
+	<target host="abercrombie.com.hk" />
+
+	<!-- abercrombie.co.jp -->
+	<target host="abercrombie.co.jp" />
+
+	<!-- abercrombie.sg -->
+	<target host="abercrombie.sg" />
+
+	<!-- abercrombie.com.tw -->
+	<target host="abercrombie.com.tw" />
+
+	<!-- abercrombie.co.uk -->
+	<target host="abercrombie.co.uk" />
+	<target host="www.abercrombie.co.uk" />
+	<target host="m.abercrombie.co.uk" />
+	<target host="cert.m.abercrombie.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aberystwyth-University.xml b/src/chrome/content/rules/Aberystwyth-University.xml
index 799f78f8e267..3b7655256b07 100644
--- a/src/chrome/content/rules/Aberystwyth-University.xml
+++ b/src/chrome/content/rules/Aberystwyth-University.xml
@@ -1,55 +1,45 @@
 <!--
 	Non-functional hosts
 		Couldn't connect to server:
-			 - www.catering.aber.ac.uk
-			 - cms.aber.ac.uk
-			 - jump.aber.ac.uk
-			 - meq.aber.ac.uk
-			 - nexus.aber.ac.uk
-			 - sams.aber.ac.uk
+		- users.aber.ac.uk
 
 		Timeout was reached:
-			 - arun.aber.ac.uk
-			 - qmpsum.aber.ac.uk
-
-		SSL connect error:
-			 - www.bis.aber.ac.uk
-			 - users.aber.ac.uk
+		- abw.aber.ac.uk
+		- www.catering.aber.ac.uk
+		- cms.aber.ac.uk
+		- meq.aber.ac.uk
+		- qmpsum.aber.ac.uk
+		- sams.aber.ac.uk
 
 		SSL peer certificate was not OK:
-			 - aber.ac.uk
-			 - aspire.aber.ac.uk
-			 - www.inf.aber.ac.uk
-			 - webmail.aber.ac.uk
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - cadair.aber.ac.uk
+		- aspire.aber.ac.uk
+		- www.inf.aber.ac.uk
+		- webmail.aber.ac.uk
 
-		Secure connection redirects to plaintext:
-			 - shop.aber.ac.uk
-
-		Mixed content blocking (MCB) tiggered:
-			 - wordpress.aber.ac.uk
+		Mixed content blocking (MCB) triggered:
+		- cadair.aber.ac.uk
+		- wordpress.aber.ac.uk
 -->
-<ruleset name="Aberystwyth University (partial)" default_off='failed ruleset test'>
+<ruleset name="Aberystwyth University (partial)">
 	<target host="aber.ac.uk" />
 	<target host="www.aber.ac.uk" />
-	<target host="abw.aber.ac.uk" />
 	<target host="accommodation.aber.ac.uk" />
 	<target host="ap.aber.ac.uk" />
+	<target host="www.bis.aber.ac.uk" />
 	<target host="blackboard.aber.ac.uk" />
 	<target host="careers.aber.ac.uk" />
-	<target host="connect.aber.ac.uk" />
 	<target host="courses.aber.ac.uk" />
 	<target host="cyrsiau.aber.ac.uk" />
 	<target host="jobs.aber.ac.uk" />
+	<target host="jump.aber.ac.uk" />
 	<target host="myaccount.aber.ac.uk" />
+	<target host="nexus.aber.ac.uk" />
 	<target host="outlook.aber.ac.uk" />
 	<target host="primo.aber.ac.uk" />
 	<target host="share.aber.ac.uk" />
 	<target host="sharepoint.aber.ac.uk" />
 	<target host="shibboleth.aber.ac.uk" />
-	<target host="staffrecord.aber.ac.uk" />
+	<target host="shop.aber.ac.uk" />
 	<target host="studentrecord.aber.ac.uk" />
 	<target host="voyager.aber.ac.uk" />
 
@@ -58,9 +48,6 @@
 	<securecookie host="^jobs\.aber\.ac\.uk$" name=".+" />
 	<securecookie host="^myaccount\.aber\.ac\.uk$" name=".+" />
 
-	<rule from="^http://aber\.ac\.uk/" 
-			to="https://www.aber.ac.uk/" />
-
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Abftracker.com.xml b/src/chrome/content/rules/Abftracker.com.xml
deleted file mode 100644
index 8cc868f63e66..000000000000
--- a/src/chrome/content/rules/Abftracker.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="abftracker.com">
-
-	<target host="affiliate.abftracker.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abila.com.xml b/src/chrome/content/rules/Abila.com.xml
deleted file mode 100644
index e3f5072c08ff..000000000000
--- a/src/chrome/content/rules/Abila.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://abila.com/ => https://abila.com/: Too many redirects while fetching 'https://abila.com/'
-Fetch error: http://www.abila.com/ => https://www.abila.com/: Too many redirects while fetching 'https://www.abila.com/'
-
-	Mixed content:
-
-		- css, on:
-
-			- www from $self ˢ
-			- www from fonts.googleapis.com ˢ
-
-		- Images, on:
-
-			- www from $self ˢ
-			- www from pbs.twimg.com ˢ
-
-	ˢ Secured by us
-
--->
-<ruleset name="Abila.com" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="abila.com" />
-	<target host="www.abila.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AbleGamers.xml b/src/chrome/content/rules/AbleGamers.xml
index 6b1c62f0b323..464b44862dde 100644
--- a/src/chrome/content/rules/AbleGamers.xml
+++ b/src/chrome/content/rules/AbleGamers.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/About-Ads.xml b/src/chrome/content/rules/About-Ads.xml
index 9c7c82664f41..902bbd009933 100644
--- a/src/chrome/content/rules/About-Ads.xml
+++ b/src/chrome/content/rules/About-Ads.xml
@@ -9,7 +9,7 @@ Fetch error: http://staging.aboutads.info/ => https://staging.aboutads.info/: To
 	Mixed JS:
 		- www.aboutads.info/choices/
 -->
-<ruleset name="About Ads (partial)" default_off='failed ruleset test'>
+<ruleset name="About Ads (partial)" default_off="failed ruleset test">
 	<target host="aboutads.info" />
 	<target host="www.aboutads.info" />
 		<exclusion pattern="^http://(www\.)?aboutads\.info/choices/" />
diff --git a/src/chrome/content/rules/AboutMe.xml b/src/chrome/content/rules/AboutMe.xml
index f288dd455f62..0b2988db1893 100644
--- a/src/chrome/content/rules/AboutMe.xml
+++ b/src/chrome/content/rules/AboutMe.xml
@@ -8,7 +8,7 @@
 	<target host="www.about.me" />
 
 
-	<securecookie host="^(?:.*\.)?about.me$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/AboutUs-problematic.xml b/src/chrome/content/rules/AboutUs-problematic.xml
deleted file mode 100644
index 2e9c94c6cfa4..000000000000
--- a/src/chrome/content/rules/AboutUs-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see AboutUs.xml
-
--->
-<ruleset name="AboutUs (problematic)" default_off="expired">
-
-	<target host="aboutus.org" />
-	<target host="www.aboutus.org" />
-
-
-	<!--	All pages, even login and signup pages,
-		redirect to http.	-->
-	<rule from="^http://(www\.)?aboutus\.org/(favicon\.ico|Special/)"
-		to="https://$1aboutus.org/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AboutUs.xml b/src/chrome/content/rules/AboutUs.xml
index f0330357bb5e..372ed71a5363 100644
--- a/src/chrome/content/rules/AboutUs.xml
+++ b/src/chrome/content/rules/AboutUs.xml
@@ -1,34 +1,14 @@
 <!--
-	For problematic rules, see AboutUs-problematic.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/au-site-images/"
-			Equivalent to d3v8bt6u4b7hzw.cloudfront.net
-		- s3.amazonaws.com/au-site-logos/
-		- s3.amazonaws.com/au-site-portraits/
-			Equivalent to d1wyc67tysray3.cloudfront.net
-		- s3.amazonaws.com/au-site-thumb-images
-			Equivalent to d2a3uviy5jmupq.cloudfront.net
-
-
-	Nonfunctional:
-
-		- (www.)aboutus.com	(ssl_error_rx_record_too_long)
-
-
-	Problematic domains:
-
-		- (www.)aboutus.org	(expired 2013-03-06)
-
+	aboutus.com has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
 -->
-<ruleset name="AboutUs (partial)" platform="mixedcontent">
-
-	<target host="static.aboutus.org" />
+<ruleset name="AboutUs">
+	<target host="aboutus.org" />
+	<target host="www.aboutus.org" />
 
+	<target host="aboutus.com" />
+	<target host="www.aboutus.com" />
 
-	<rule from="^http://static\.aboutus\.org/"
-		to="https://s3.amazonaws.com/au-site-static-assets/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/About_the_Data.com.xml b/src/chrome/content/rules/About_the_Data.com.xml
index deb4e41f4b17..62584df2c4f0 100644
--- a/src/chrome/content/rules/About_the_Data.com.xml
+++ b/src/chrome/content/rules/About_the_Data.com.xml
@@ -1,9 +1,4 @@
 <!--
-	Other Acxiom coverage:
-
-		- acxiom.com.xml
-		- Acxiom-online.com.xml
-
 -->
 <ruleset name="About the Data.com">
 
diff --git a/src/chrome/content/rules/Above.com.xml b/src/chrome/content/rules/Above.com.xml
index 025be1b24742..354a771ec68e 100644
--- a/src/chrome/content/rules/Above.com.xml
+++ b/src/chrome/content/rules/Above.com.xml
@@ -28,4 +28,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Absolute.xml b/src/chrome/content/rules/Absolute.xml
deleted file mode 100644
index 8d95a1fa08f8..000000000000
--- a/src/chrome/content/rules/Absolute.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://forums.absolute.com/ => https://forums.absolute.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
--->
-<ruleset name="Absolute Software" default_off='failed ruleset test'>
-
-	<target host="absolute.com" />
-	<target host="www.absolute.com" />
-	<target host="forums.absolute.com" />
-	<target host="my.absolute.com" />
-	
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Abuse.ch.xml b/src/chrome/content/rules/Abuse.ch.xml
deleted file mode 100644
index 8be728043325..000000000000
--- a/src/chrome/content/rules/Abuse.ch.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="abuse.ch">
-	<target host="abuse.ch" />
-	<target host="www.abuse.ch" />
-	<target host="feodotracker.abuse.ch" />
-	<target host="mail.abuse.ch" />
-	<target host="palevotracker.abuse.ch" />
-	<target host="ransomwaretracker.abuse.ch" />
-	<target host="sandnet.abuse.ch" />
-	<target host="sinkdb.abuse.ch" />
-	<target host="spyeyetracker.abuse.ch" />
-	<target host="sslbl.abuse.ch" />
-	<target host="zeustracker.abuse.ch" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/AbuseIPDB.com.xml b/src/chrome/content/rules/AbuseIPDB.com.xml
index 9afb214beada..bfcd782a5949 100644
--- a/src/chrome/content/rules/AbuseIPDB.com.xml
+++ b/src/chrome/content/rules/AbuseIPDB.com.xml
@@ -2,8 +2,6 @@
 	<target host="abuseipdb.com" />
 	<target host="www.abuseipdb.com" />
 
-	<test url="http://abuseipdb.com/" />
-	<test url="http://www.abuseipdb.com/" />
 	<test url="http://abuseipdb.com/check/208.180.231.139" />
 	<test url="http://www.abuseipdb.com/whois/69.50.232.54" />
 
diff --git a/src/chrome/content/rules/Abusix.com.xml b/src/chrome/content/rules/Abusix.com.xml
index a82478109e15..60cbc4866d73 100644
--- a/src/chrome/content/rules/Abusix.com.xml
+++ b/src/chrome/content/rules/Abusix.com.xml
@@ -12,7 +12,7 @@
 		- feed03 ᵐ
 		- feed04 ᵐ
 		- feed05 ᵐ
-		- globalreport 
+		- globalreport
 		- inject-feeds ᵐ
 		- leakdb ᵐ
 		- shot01 ᵐ
diff --git a/src/chrome/content/rules/Abysmal.nl.xml b/src/chrome/content/rules/Abysmal.nl.xml
index aef9c68b5a1f..62465e5e0e58 100644
--- a/src/chrome/content/rules/Abysmal.nl.xml
+++ b/src/chrome/content/rules/Abysmal.nl.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.abysmal.nl/ => https://www.abysmal.nl/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
 
 -->
-<ruleset name="abysmal.nl" default_off='failed ruleset test'>
+<ruleset name="abysmal.nl" default_off="failed ruleset test">
 
 	<target host="abysmal.nl" />
 	<target host="www.abysmal.nl" />
@@ -15,4 +15,4 @@ Fetch error: http://www.abysmal.nl/ => https://www.abysmal.nl/: (35, 'error:1407
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Academia-Press.xml b/src/chrome/content/rules/Academia-Press.xml
deleted file mode 100644
index 013f20daf94e..000000000000
--- a/src/chrome/content/rules/Academia-Press.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Academia Press" default_off="expired, self-signed">
-
-	<!--	Cert: plesk	-->
-	<target host="academiapress.be" />
-	<target host="www.academiapress.be" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.www.academiapress.be" />
-
-
-	<securecookie host="^(?:.*\.)?academiapress\.be$" name=".+" />
-
-
-	<!--	!www doesn't work over https.	-->
-	<rule from="^http://(?:www\.)?academiapress\.be/"
-		to="https://www.academiapress.be/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Academia.edu.xml b/src/chrome/content/rules/Academia.edu.xml
index c8fb5f4d2b71..37c13aac554f 100644
--- a/src/chrome/content/rules/Academia.edu.xml
+++ b/src/chrome/content/rules/Academia.edu.xml
@@ -26,13 +26,13 @@
 <ruleset name="Academia.edu (partial)">
 	<target host="academia.edu" />
 	<target host="*.academia.edu"/>
-	
+
 	<test url="http://princeton.academia.edu/" />
 	<test url="http://columbia.academia.edu/" />
 	<test url="http://oxford.academia.edu/" />
 	<test url="http://mail.academia.edu/" />
 	<test url="http://support.academia.edu/" />
-	
+
 	<exclusion pattern="^http://support\.academia\.edu/"/>
 	<exclusion pattern="^http://mail\.academia\.edu/"/>
 
diff --git a/src/chrome/content/rules/AcademiaPress.be.xml b/src/chrome/content/rules/AcademiaPress.be.xml
new file mode 100644
index 000000000000..9bd0c85ba466
--- /dev/null
+++ b/src/chrome/content/rules/AcademiaPress.be.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Mismatched:
+		- files.academiapress.be
+
+		Incomplete certificate chain:
+		- academiapress.be
+		- www.academiapress.be
+-->
+<ruleset name="AcademiaPress.be (partial)" default_off="cert-chain">
+	<target host="academiapress.be" />
+	<target host="www.academiapress.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Accelerate.lgbt.xml b/src/chrome/content/rules/Accelerate.lgbt.xml
new file mode 100644
index 000000000000..7ac1f58cad3d
--- /dev/null
+++ b/src/chrome/content/rules/Accelerate.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Accelerate.lgbt">
+	<target host="accelerate.lgbt" />
+	<target host="www.accelerate.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Accellion.xml b/src/chrome/content/rules/Accellion.xml
index 9477a3ba03bf..d0f38cd4a9be 100644
--- a/src/chrome/content/rules/Accellion.xml
+++ b/src/chrome/content/rules/Accellion.xml
@@ -1,12 +1,20 @@
-<ruleset name="Accellion" platform="mixedcontent">
-
+<ruleset name="Accellion (partial)">
 	<target host="accellion.com" />
 	<target host="www.accellion.com" />
-	<!--	* for cross-domain cookie	-->
-	
+	<target host="kiteworks.accellion.com" />
+	<target host="kiteworks-eu.accellion.com" />
+	<target host="kiteworks-hc2.accellion.com" />
+	<target host="kiteworks-h1.accellion.com" />
+	<target host="kiteworks-sg.accellion.com" />
+	<target host="kiteworks-usw.accellion.com" />
+	<target host="info.accellion.com" />
+	<target host="www.info.accellion.com" />
+	<target host="community.accellion.com" />
+	<target host="support.accellion.com" />
+	<target host="signature.accellion.com" />
+	<target host="webmail.accellion.com" />
 
-	<securecookie host="^(?:.*\.)accellion\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Accenture.com.xml b/src/chrome/content/rules/Accenture.com.xml
deleted file mode 100644
index 70b18d14a9d7..000000000000
--- a/src/chrome/content/rules/Accenture.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Accenture">
-	<!-- www.accenture.com redirect is broken-->
-<target host="beacon4.abba.accenture.com" />
-
-<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Acceptiva.com.xml b/src/chrome/content/rules/Acceptiva.com.xml
index c376a8752b9f..96ee52cefaec 100644
--- a/src/chrome/content/rules/Acceptiva.com.xml
+++ b/src/chrome/content/rules/Acceptiva.com.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AccessGuardian.com.xml b/src/chrome/content/rules/AccessGuardian.com.xml
index f799e41495c1..1a0e29ea383a 100644
--- a/src/chrome/content/rules/AccessGuardian.com.xml
+++ b/src/chrome/content/rules/AccessGuardian.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://accessguardian.com/ => https://accessguardian.com/: (60, 'SS
 Fetch error: http://www.accessguardian.com/ => https://www.accessguardian.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="AccessGuardian.com" default_off='failed ruleset test'>
+<ruleset name="AccessGuardian.com" default_off="failed ruleset test">
 
 	<target host="accessguardian.com" />
 	<target host="www.accessguardian.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.accessguardian.com/ => https://www.accessguardian.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AccessPrivacy.ca.xml b/src/chrome/content/rules/AccessPrivacy.ca.xml
index 055f830e0d19..afeec9a9206a 100644
--- a/src/chrome/content/rules/AccessPrivacy.ca.xml
+++ b/src/chrome/content/rules/AccessPrivacy.ca.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.accessprivacy.ca/ => https://www.accessprivacy.ca/: (7,
 	* Secured by us
 
 -->
-<ruleset name="AccessPrivacy.ca" default_off='failed ruleset test'>
+<ruleset name="AccessPrivacy.ca" default_off="failed ruleset test">
 
 	<target host="accessprivacy.ca" />
 	<target host="www.accessprivacy.ca" />
diff --git a/src/chrome/content/rules/Access_Office_Products.xml b/src/chrome/content/rules/Access_Office_Products.xml
index c04bafe7e0fb..a93d1f8764af 100644
--- a/src/chrome/content/rules/Access_Office_Products.xml
+++ b/src/chrome/content/rules/Access_Office_Products.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.accessofficeproducts.com/ => https://www.accessofficepro
 Disabled by https-everywhere-checker because:
 Fetch error: http://accessofficeproducts.com/ => https://accessofficeproducts.com/: (51, "SSL: no alternative certificate subject name matches target host name 'accessofficeproducts.com'")
 -->
-<ruleset name="Access Office Products" default_off='failed ruleset test'>
+<ruleset name="Access Office Products" default_off="failed ruleset test">
 
 	<target host="accessofficeproducts.com" />
 	<target host="www.accessofficeproducts.com" />
@@ -18,4 +18,4 @@ Fetch error: http://accessofficeproducts.com/ => https://accessofficeproducts.co
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accessible-Information-Management.xml b/src/chrome/content/rules/Accessible-Information-Management.xml
index 567937c8dcea..eb8d7a7757d7 100644
--- a/src/chrome/content/rules/Accessible-Information-Management.xml
+++ b/src/chrome/content/rules/Accessible-Information-Management.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://gunadiframework.com/ => https://gunadiframework.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gunadiframework.com'")
 
 -->
-<ruleset name="Accessible Information Management (gunadiframework.com)" default_off='failed ruleset test'>
+<ruleset name="Accessible Information Management (gunadiframework.com)" default_off="failed ruleset test">
 	<target host="gunadiframework.com" />
 	<target host="*.gunadiframework.com" />
 
diff --git a/src/chrome/content/rules/Accessorize.xml b/src/chrome/content/rules/Accessorize.xml
index 7a31aa88c0d6..07fa31358141 100644
--- a/src/chrome/content/rules/Accessorize.xml
+++ b/src/chrome/content/rules/Accessorize.xml
@@ -6,4 +6,4 @@
 	<rule from="^http://uk\.accessorize\.com/(medias/|monsoon/|registerSession\.gif)"
 		to="https://uk.accessorize.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accesstrade.net.xml b/src/chrome/content/rules/Accesstrade.net.xml
index 9a10d7039e80..4d588eeee07f 100644
--- a/src/chrome/content/rules/Accesstrade.net.xml
+++ b/src/chrome/content/rules/Accesstrade.net.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accordance_Bible.com.xml b/src/chrome/content/rules/Accordance_Bible.com.xml
index 9984d1345f1d..9ef0d4d36c32 100644
--- a/src/chrome/content/rules/Accordance_Bible.com.xml
+++ b/src/chrome/content/rules/Accordance_Bible.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Accordance Bible.com (partial)">
 
 	<target host="accordancebible.com" />
-	<target host="*.accordancebible.com" />
+	<target host="www.accordancebible.com" />
 
 
 	<!--	__utm\w+: google urchin
diff --git a/src/chrome/content/rules/AccountSupport.com.xml b/src/chrome/content/rules/AccountSupport.com.xml
index 05890ec2d30d..dcde9bc41a19 100644
--- a/src/chrome/content/rules/AccountSupport.com.xml
+++ b/src/chrome/content/rules/AccountSupport.com.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Account_Chooser.xml b/src/chrome/content/rules/Account_Chooser.xml
index 250b561bed7e..fe33f0f2af73 100644
--- a/src/chrome/content/rules/Account_Chooser.xml
+++ b/src/chrome/content/rules/Account_Chooser.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Account_Online.com.xml b/src/chrome/content/rules/Account_Online.com.xml
index a3ab9facb518..1f8b1f4f5c92 100644
--- a/src/chrome/content/rules/Account_Online.com.xml
+++ b/src/chrome/content/rules/Account_Online.com.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?accountonline\.com/"
 		to="https://www.accountonline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Accountservergroup.com.xml b/src/chrome/content/rules/Accountservergroup.com.xml
index e13b1de836eb..2c406d29aa29 100644
--- a/src/chrome/content/rules/Accountservergroup.com.xml
+++ b/src/chrome/content/rules/Accountservergroup.com.xml
@@ -6,4 +6,4 @@
 	<rule from="^http://(?!www\.)([\w-]+)\.accountservergroup\.com/"
 		to="https://$1accountservergroup.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AccuWeather.xml b/src/chrome/content/rules/AccuWeather.xml
index 2592fc0483ce..5005e66fff11 100644
--- a/src/chrome/content/rules/AccuWeather.xml
+++ b/src/chrome/content/rules/AccuWeather.xml
@@ -26,7 +26,7 @@ Non-2xx HTTP code: http://wwwl.accuweather.com/ (200) => https://wwwl.accuweathe
 		- enterprisesolutions.accuweather.com	(works; self-signed, CN: Parallels Panel)
 
 -->
-<ruleset name="AccuWeather (partial)" default_off='failed ruleset test'>
+<ruleset name="AccuWeather (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Accuvant.com.xml b/src/chrome/content/rules/Accuvant.com.xml
index 48287f5a8369..2dc0ffe85993 100644
--- a/src/chrome/content/rules/Accuvant.com.xml
+++ b/src/chrome/content/rules/Accuvant.com.xml
@@ -28,22 +28,21 @@ Fetch error: http://accuvant.com/ => https://accuvant.com/: (60, 'SSL certificat
 	* Secured by us
 
 -->
-<ruleset name="Accuvant.com" default_off='failed ruleset test'>
+<ruleset name="Accuvant.com" default_off="failed ruleset test">
 
 	<target host="accuvant.com" />
-	<target host="*.accuvant.com" />
+	<target host="www.accuvant.com" />
+	<target host="blog.accuvant.com" />
+	<target host="files.accuvant.com" />
 
 
 	<securecookie host="^(?:www)?\.accuvant\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?accuvant\.com/"
-		to="https://$1accuvant.com/" />
 
-	<rule from="^http://blog\.accuvant\.com/"
-		to="https://blog.accuvant.com/" />
 
 	<rule from="^http://files\.accuvant\.com/"
 		to="https://accuvantstorage.blob.core.windows.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ace-analyzer.com.xml b/src/chrome/content/rules/Ace-analyzer.com.xml
deleted file mode 100644
index e3c652490c8e..000000000000
--- a/src/chrome/content/rules/Ace-analyzer.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- Web bugs, from:
-
-			- $self *
-			- www.access-kaiseki-tools.com *
-
-	* Secured by us
-
--->
-<ruleset name="ace-analyzer.com">
-
-	<target host="ace-analyzer.com" />
-	<target host="www.ace-analyzer.com" />
-
-
-	<securecookie host="^(?:www\.)?ace-analyzer\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ace-book.net.xml b/src/chrome/content/rules/Ace-book.net.xml
new file mode 100644
index 000000000000..c9710e2f8e45
--- /dev/null
+++ b/src/chrome/content/rules/Ace-book.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- autodiscover
+
+	Redirects to NXDOMAIN:
+		- mail (redirects to www.mail)
+-->
+<ruleset name="Ace-book.net">
+	<target host="ace-book.net" />
+	<target host="www.ace-book.net" />
+	<target host="cpanel.ace-book.net" />
+	<target host="webdisk.ace-book.net" />
+	<target host="webmail.ace-book.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acenet.xml b/src/chrome/content/rules/Acenet.xml
index 2ec33485a484..f1a2fdac6e1e 100644
--- a/src/chrome/content/rules/Acenet.xml
+++ b/src/chrome/content/rules/Acenet.xml
@@ -9,10 +9,8 @@
 	<target host="acenet-inc.net"/>
 	<target host="*.acenet-inc.net"/>
 	<!--	for cross-domain cookie	-->
-
-	<securecookie host="^(?:.*\.)?ace-host\.net$" name=".+" />
 	<!--	no cookies needed for excluded pages	-->
-	<securecookie host="^(?:.*\.)?acenet-inc\.net$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(\w+\.)?ace-host\.net/"
 		to="https://$1ace-host.net/"/>
diff --git a/src/chrome/content/rules/Acer.com.xml b/src/chrome/content/rules/Acer.com.xml
new file mode 100644
index 000000000000..246b2a8a0da3
--- /dev/null
+++ b/src/chrome/content/rules/Acer.com.xml
@@ -0,0 +1,20 @@
+<!--
+    Acer Care Center Updater
+    mitigates https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf
+	Nonfunctional hosts in *.acer.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Acer.com">
+  <target host="global-download.acer.com"/>
+    <test url="http://global-download.acer.com/GDFiles/BIOS/BIOS/BIOS_Acer_1.17_A_A.zip?acerid=636451121852159624" />
+  <target host="ws.gtm.acer.com"/>
+    <test url="http://ws.gtm.acer.com/ServerInfo/EN/ALU_APP/ALU_APP_10M1_EN.xml" />
+  <target host="wstw.gtm.acer.com"/>
+    <test url="http://wstw.gtm.acer.com/ServerInfo/EN/ALU_APP/ALU_APP_10M1_EN.xml" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acessoseguro.net.xml b/src/chrome/content/rules/Acessoseguro.net.xml
index 3398fa15b23c..07c48354c49b 100644
--- a/src/chrome/content/rules/Acessoseguro.net.xml
+++ b/src/chrome/content/rules/Acessoseguro.net.xml
@@ -3,10 +3,10 @@
 	<target host="*.acessoseguro.net" />
 
 
-	<securecookie host=".+\.acessoseguro\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.acessoseguro\.net/"
 		to="https://$1.acessoseguro.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Acoustics.org.xml b/src/chrome/content/rules/Acoustics.org.xml
index f25e2ce81048..2f9af077e828 100644
--- a/src/chrome/content/rules/Acoustics.org.xml
+++ b/src/chrome/content/rules/Acoustics.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://acoustics.org/ => https://acoustics.org/: (60, 'SSL certific
 Fetch error: http://www.acoustics.org/ => https://www.acoustics.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Acoustics.org" default_off='failed ruleset test'>
+<ruleset name="Acoustics.org" default_off="failed ruleset test">
 
 	<target host="acoustics.org" />
 	<target host="www.acoustics.org" />
@@ -13,4 +13,4 @@ Fetch error: http://www.acoustics.org/ => https://www.acoustics.org/: (60, 'SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Acquia.xml b/src/chrome/content/rules/Acquia.xml
index d07ee161ea4a..20de2c9376cd 100644
--- a/src/chrome/content/rules/Acquia.xml
+++ b/src/chrome/content/rules/Acquia.xml
@@ -9,7 +9,7 @@
 		- notifications ᵐ
 		- usability ᵐ
 		- u ᵐ
-	
+
 	ᵐ Mismatched
 
 -->
diff --git a/src/chrome/content/rules/Acrobat.com.xml b/src/chrome/content/rules/Acrobat.com.xml
index 04d0a56a7f7e..3bd4770b165a 100644
--- a/src/chrome/content/rules/Acrobat.com.xml
+++ b/src/chrome/content/rules/Acrobat.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://admin.na5.acrobat.com/ => https://admin.na5.acrobat.com/: (2
 		- ak-www.stage.acrobat.com
 
 -->
-<ruleset name="Acrobat.com" default_off='failed ruleset test'>
+<ruleset name="Acrobat.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Acronis.com.xml b/src/chrome/content/rules/Acronis.com.xml
deleted file mode 100644
index 86671336dc90..000000000000
--- a/src/chrome/content/rules/Acronis.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	^: mismatched
-
--->
-<ruleset name="Acronis.com (partial)">
-
-	<target host="acronis.com" />
-	<target host="*.acronis.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.acronis\.com/en-us/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.acronis\.com/(?!modules/|sites/|(?:\w\w-\w\w/)?(?:my|support)(?:$|[?/]))" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.forum\.acronis\.com$" name="^SESS[0-9a-f]{32}$" /-->
-	<!--securecookie host="^www\.acronis\.com$" name="^minisite$" /-->
-
-	<securecookie host="^\.forum\.acronis\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?acronis\.com/"
-		to="https://www.acronis.com/" />
-
-	<rule from="^http://(forum|i4|kb)\.acronis\.com/"
-		to="https://$1.acronis.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AcrylicDepot.com.xml b/src/chrome/content/rules/AcrylicDepot.com.xml
new file mode 100644
index 000000000000..aa0bc6f62785
--- /dev/null
+++ b/src/chrome/content/rules/AcrylicDepot.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="AcrylicDepot.com">
+	<target host="acrylicdepot.com" />
+	<target host="www.acrylicdepot.com" />
+	<target host="mail.acrylicdepot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Act-On-Software.xml b/src/chrome/content/rules/Act-On-Software.xml
index 339d7dd40421..bffcb2062cd8 100644
--- a/src/chrome/content/rules/Act-On-Software.xml
+++ b/src/chrome/content/rules/Act-On-Software.xml
@@ -21,11 +21,11 @@
 
 			- ACTON		(www)
 			- wpNNNN	(*)
-				- Set by 
+				- Set by
 				actonsoftware.com/acton/attachment/NNNN/
 				e.g. acton/attachment/1205/f-0005/0/-/-/-/-/file.pdf
 					-->
-	<securecookie host="^(?:.*\.)?actonsoftware\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(ci\d*\.|mktg\.|www\.)?actonsoftware\.com/"
diff --git a/src/chrome/content/rules/Act-On.com.xml b/src/chrome/content/rules/Act-On.com.xml
new file mode 100644
index 000000000000..316a6dab7dc3
--- /dev/null
+++ b/src/chrome/content/rules/Act-On.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Act-On Software rulesets:
+		- Act-On-Software.xml
+
+	Mismatched:
+		- video
+-->
+<ruleset name="Act-On.com (partial)">
+	<target host="act-on.com" />
+	<target host="www.act-on.com" />
+	<target host="blog.act-on.com" />
+	<target host="developer.act-on.com" />
+	<target host="interactive.act-on.com" />
+	<target host="mktg.act-on.com" />
+	<target host="success.act-on.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://blog\.act-on\.com/" to="https://www.act-on.com/blog/" />
+	<rule from="^http://interactive\.act-on\.com/" to="https://www.act-on.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ActBlue.com.xml b/src/chrome/content/rules/ActBlue.com.xml
new file mode 100644
index 000000000000..0b9446c2861e
--- /dev/null
+++ b/src/chrome/content/rules/ActBlue.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ActBlue.com">
+
+	<target host="actblue.com" />
+	<target host="www.actblue.com" />
+	<target host="blog.actblue.com" />
+	<target host="secure.actblue.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ActBlue.xml b/src/chrome/content/rules/ActBlue.xml
deleted file mode 100644
index 19c71ac83e85..000000000000
--- a/src/chrome/content/rules/ActBlue.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/i.actblue.com/
-
-
-	Nonfunctional subdomains:
-
-		- blog	(hosted at blogdotactbluedotcom.wordpress.com)
-
--->
-<ruleset name="ActBlue (partial)">
-
-	<target host="actblue.com" />
-	<target host="*.actblue.com" />
-
-
-	<securecookie host="^\.actblue\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.actblue\.com/"
-		to="https://secure.actblue.com/" />
-
-	<!--	Server actually redirects from (www.) to secure.
-							-->
-	<rule from="^http://(?:www|m)\.actblue\.com/"
-		to="https://secure.actblue.com/" />
-
-	<rule from="^http://i\.actblue\.com/"
-		to="https://s3.amazonaws.com/i.actblue.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Actel.com.xml b/src/chrome/content/rules/Actel.com.xml
deleted file mode 100644
index 882a059027be..000000000000
--- a/src/chrome/content/rules/Actel.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Actel.com">
-
-	<!--	Direct rewrites:
-				-->
-  <target host="actel.com" />
-  <target host="www.actel.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Actionable_Intelligence.xml b/src/chrome/content/rules/Actionable_Intelligence.xml
index 70b9538d7e01..d242c7bc6520 100644
--- a/src/chrome/content/rules/Actionable_Intelligence.xml
+++ b/src/chrome/content/rules/Actionable_Intelligence.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Activatejavascript.xml b/src/chrome/content/rules/Activatejavascript.xml
index a453fd7ddf83..c6155cec7682 100644
--- a/src/chrome/content/rules/Activatejavascript.xml
+++ b/src/chrome/content/rules/Activatejavascript.xml
@@ -7,7 +7,7 @@
 	<target host="activatejavascript.org"/>
 	<target host="www.activatejavascript.org"/>
 
-	<securecookie host="^(?:.*\.)?activatejavascript\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?activatejavascript\.org/"
 		to="https://activatejavascript.org/"/>
diff --git a/src/chrome/content/rules/Active-Events.xml b/src/chrome/content/rules/Active-Events.xml
index 29ddffa86999..6e5f2c231547 100644
--- a/src/chrome/content/rules/Active-Events.xml
+++ b/src/chrome/content/rules/Active-Events.xml
@@ -8,10 +8,7 @@
 		<!--
 			Cert: affiliate.activenetwork.com
 					-->
-		<exclusion pattern="^http://www\." />
-
-
-	<securecookie host="^.+\.activenetwork\.com$" name=".+" />
+		<exclusion pattern="^http://www\.activeevents\.com/" />
 
 
 	<rule from="^http://([\w\-]+)\.activeevents\.com/"
diff --git a/src/chrome/content/rules/Active-srv02.de.xml b/src/chrome/content/rules/Active-srv02.de.xml
index 23742ff663ac..f3758990d989 100644
--- a/src/chrome/content/rules/Active-srv02.de.xml
+++ b/src/chrome/content/rules/Active-srv02.de.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Active.com.xml b/src/chrome/content/rules/Active.com.xml
index d4bb84132700..5a40bf7e127b 100644
--- a/src/chrome/content/rules/Active.com.xml
+++ b/src/chrome/content/rules/Active.com.xml
@@ -47,7 +47,17 @@
 <ruleset name="Active.com (partial)">
 
 	<target host="active.com" />
-	<target host="*.active.com" />
+	<target host="assets-results2.active.com" />
+	<target host="community.active.com" />
+	<target host="m.active.com" />
+	<target host="mobile.active.com" />
+	<target host="myevents.active.com" />
+	<target host="results.active.com" />
+	<target host="rolassets.active.com" />
+	<target host="sites.active.com" />
+	<target host="sso.active.com" />
+	<target host="www.active.com" />
+	<target host="schwaggle.active.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/ActiveState-Software.xml b/src/chrome/content/rules/ActiveState-Software.xml
index ff407b2a333f..f9c7dfab442a 100644
--- a/src/chrome/content/rules/ActiveState-Software.xml
+++ b/src/chrome/content/rules/ActiveState-Software.xml
@@ -26,13 +26,16 @@
 <ruleset name="ActiveState Software (partial)">
 
 	<target host="activestate.com" />
-	<target host="*.activestate.com" />
+	<target host="account.activestate.com" />
+	<target host="code.activestate.com" />
+	<target host="store.activestate.com" />
+	<target host="templates.activestate.com" />
+	<target host="www.activestate.com" />
 
 
 	<securecookie host=".*\.activestate\.com$" name=".+" />
 
 
-	<rule from="^http://((?:account|code|store|templates|www)\.)?activestate\.com/"
-		to="https://$1activestate.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Active_Network.com.xml b/src/chrome/content/rules/Active_Network.com.xml
index 611b339c9d27..7ba366800975 100644
--- a/src/chrome/content/rules/Active_Network.com.xml
+++ b/src/chrome/content/rules/Active_Network.com.xml
@@ -39,7 +39,7 @@
 		<!--
 			In sum:
 				-->
-		<exclusion pattern="http://(?:www\.)?activenetwork\.com/+(?![Aa]ssets/(?!.+\.css(?:$|\?))|asset\d+\.aspx|favicon\.ico|sites/)" /> 
+		<exclusion pattern="http://(?:www\.)?activenetwork\.com/+(?![Aa]ssets/(?!.+\.css(?:$|\?))|asset\d+\.aspx|favicon\.ico|sites/)" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Active_static.net.xml b/src/chrome/content/rules/Active_static.net.xml
index f1377ddd89c2..5099738e25b7 100644
--- a/src/chrome/content/rules/Active_static.net.xml
+++ b/src/chrome/content/rules/Active_static.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.activestatic.net/ => https://www.activestatic.net/: (56,
 	For other Active Network coverage, see Active_Network.com.xml.
 
 -->
-<ruleset name="Active static.net" default_off='failed ruleset test'>
+<ruleset name="Active static.net" default_off="failed ruleset test">
 
 	<target host="activestatic.net" />
 	<target host="www.activestatic.net" />
diff --git a/src/chrome/content/rules/Actix.rs.xml b/src/chrome/content/rules/Actix.rs.xml
new file mode 100644
index 000000000000..7cd85ecbb21a
--- /dev/null
+++ b/src/chrome/content/rules/Actix.rs.xml
@@ -0,0 +1,10 @@
+<!--
+	www doesn't exist.
+-->
+<ruleset name="Actix.rs">
+	<target host="actix.rs" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Acunetix.com.xml b/src/chrome/content/rules/Acunetix.com.xml
deleted file mode 100644
index c953afbf236b..000000000000
--- a/src/chrome/content/rules/Acunetix.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Fully covered hosts:
-
-		- (www.)?
-		- ovs
-
-
-	Insecure cookies are set for these hosts:
-
-		- acunetix.com
-
--->
-<ruleset name="Acunetix.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="acunetix.com" />
-	<target host="ovs.acunetix.com" />
-	<target host="www.acunetix.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^acunetix\.com$" name="^(PHPSESSID|location)$" /-->
-
-	<securecookie host="^acunetix\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ad-Juster.xml b/src/chrome/content/rules/Ad-Juster.xml
index 4a7a86da1fa5..ec6fdc1d720a 100644
--- a/src/chrome/content/rules/Ad-Juster.xml
+++ b/src/chrome/content/rules/Ad-Juster.xml
@@ -1,7 +1,8 @@
 <ruleset name="Ad-Juster (partial)">
 
 	<target host="ad-juster.com" />
-	<target host="*.ad-juster.com" />
+	<target host="tagscan.ad-juster.com" />
+	<target host="www.ad-juster.com" />
 
 
 	<securecookie host="^tagscan\.ad-juster\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Ad4Game.xml b/src/chrome/content/rules/Ad4Game.xml
index d1e329d32092..42dce51db9ec 100644
--- a/src/chrome/content/rules/Ad4Game.xml
+++ b/src/chrome/content/rules/Ad4Game.xml
@@ -3,11 +3,11 @@
 -->
 <ruleset name="Ad4Game (partial)">
 
-	<target host="*.ad4game.com"/>
+	<target host="ads.ad4game.com" />
+	<target host="traffic.ad4game.com" />
 
 	<securecookie host="\.?ads\.ad4game\.com$" name=".+" />
 
-	<rule from="^http://(ads|traffic)\.ad4game\.com/"
-		to="https://$1.ad4game.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ad6media.xml b/src/chrome/content/rules/Ad6media.xml
index b0dba4b46f3c..4f03b4d47b63 100644
--- a/src/chrome/content/rules/Ad6media.xml
+++ b/src/chrome/content/rules/Ad6media.xml
@@ -21,4 +21,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdAlliance.io.xml b/src/chrome/content/rules/AdAlliance.io.xml
new file mode 100644
index 000000000000..29362840df0f
--- /dev/null
+++ b/src/chrome/content/rules/AdAlliance.io.xml
@@ -0,0 +1,42 @@
+<!--
+	Cert expired:
+		- adalliance.io
+		- www.adalliance.io
+		- ftp.adalliance.io
+		- irc.adalliance.io
+		- lightning.adalliance.io
+		- susi.adalliance.io
+		- wiki.adalliance.io
+
+	TLS Error:
+		- mms1.adalliance.io
+-->
+<ruleset name="AdAlliance.io (partial)">
+
+	<target host="aqt.adalliance.io"/>
+	<target host="box.adalliance.io"/>
+	<target host="data.adalliance.io"/>
+	<target host="data1.adalliance.io"/>
+	<target host="datahub.adalliance.io"/>
+	<target host="dmpstorage.adalliance.io"/>
+	<target host="engagement.adalliance.io"/>
+	<target host="hello.adalliance.io"/>
+	<target host="help.adalliance.io"/>
+	<target host="mms.adalliance.io"/>
+	<target host="native.adalliance.io"/>
+	<target host="optout.adalliance.io"/>
+	<target host="proxy.adalliance.io"/>
+	<target host="rota.adalliance.io"/>
+	<target host="ssl.adalliance.io"/>
+	<target host="survey.adalliance.io"/>
+	<target host="tracking.adalliance.io"/>
+	<target host="video.adalliance.io"/>
+	<target host="weather.adalliance.io"/>
+	<target host="wom.adalliance.io"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AdAstraArms.com.xml b/src/chrome/content/rules/AdAstraArms.com.xml
new file mode 100644
index 000000000000..2efbc4cbfc5c
--- /dev/null
+++ b/src/chrome/content/rules/AdAstraArms.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		- ftp
+-->
+<ruleset name="AdAstraArms.com">
+	<target host="adastraarms.com" />
+	<target host="www.adastraarms.com" />
+	<target host="autodiscover.adastraarms.com" />
+	<target host="cpanel.adastraarms.com" />
+	<target host="mail.adastraarms.com" />
+	<target host="webdisk.adastraarms.com" />
+	<target host="webmail.adastraarms.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AdBit.co.xml b/src/chrome/content/rules/AdBit.co.xml
index 61bf2ed9420b..249841f7e4af 100644
--- a/src/chrome/content/rules/AdBit.co.xml
+++ b/src/chrome/content/rules/AdBit.co.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.adbit.co/ => https://www.adbit.co/: (35, 'error:14077438
 		- .adbit.co
 
 -->
-<ruleset name="AdBit.co" default_off='failed ruleset test'>
+<ruleset name="AdBit.co" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AdBlock.xml b/src/chrome/content/rules/AdBlock.xml
index 3c88a1532c20..4512ae67c147 100644
--- a/src/chrome/content/rules/AdBlock.xml
+++ b/src/chrome/content/rules/AdBlock.xml
@@ -24,6 +24,6 @@
 	<target host="help.getadblock.com" />
 	<target host="ping.getadblock.com" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AdButler.xml b/src/chrome/content/rules/AdButler.xml
index c50843a43200..a526d4b40786 100644
--- a/src/chrome/content/rules/AdButler.xml
+++ b/src/chrome/content/rules/AdButler.xml
@@ -10,7 +10,7 @@
 <ruleset name="AdBulter">
 
 	<target host="adbutler.com" />
-	<target host="*.adbutler.com" />
+	<target host="www.adbutler.com" />
 	<target host="servedbyadbutler.com" />
 	<target host="www.servedbyadbutler.com" />
 
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:www\.)?servedbyadbutler\.com/"
 		to="https://servedbyadbutler.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdExcite.xml b/src/chrome/content/rules/AdExcite.xml
deleted file mode 100644
index da9a1bc9c8b7..000000000000
--- a/src/chrome/content/rules/AdExcite.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://cdn.adexcite.com/ (200) => https://adexcite.s3.amazonaws.com/ (404)
-
-	CDN buckets:
-
-		- adexcite.s3.amazonaws.com
-			- equivalent to d6ccerq7yhhu9.cloudfront.net
-		- c405038.r38.cf1.rackcdn.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-		- admin
-
--->
-<ruleset name="AdExcite (partial)" default_off='failed ruleset test'>
-
-	<target host="cdn.adexcite.com" />
-
-
-	<rule from="^http://cdn\.adexcite\.com/"
-		to="https://adexcite.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdExtent.com-problematic.xml b/src/chrome/content/rules/AdExtent.com-problematic.xml
deleted file mode 100644
index 509e193bd1a9..000000000000
--- a/src/chrome/content/rules/AdExtent.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see AdExtent.com.xml.
-
--->
-<ruleset name="AdExtent.com (problematic)" default_off="mismatched">
-
-	<target host="appv2.adextent.com" />
-		<!--
-			Handled in AdExtent.com.xml:
-							-->
-		<!--exclusion pattern="^http://appv2\.adextent\.com/(favicon\.ico|Frontend/bootstrap/|Frontend/scripts/|Frontend/theme/)" /-->
-
-
-	<rule from="^http://appv2\.adextent\.com/(?!favicon\.ico|Frontend/(?:bootstrap|scripts|theme)/)"
-		to="https://appv2.adextent.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdExtent.com.xml b/src/chrome/content/rules/AdExtent.com.xml
deleted file mode 100644
index a595d1bc222b..000000000000
--- a/src/chrome/content/rules/AdExtent.com.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	For problematic rules, see AdExtent.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- appv2.adextent.com.s3.amazonaws.com
-
-		- d2dxlvlyoblbme.cloudfront.net
-
-			- dynads
-
-		- adextent.freshdesk.com
-
-			- support
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
-
-	Problematic subdomains:
-
-		- appv2		(amazonws)
-		- dynads	(cloudfront)
-		- support	(freshdesk)
-
-
-	Partially covered subdomains:
-
-		- appv2		(→ s3.amazonaws.com, avoiding user-visible paths)
-
-
-	Fully covered subdomains:
-
-		- dynads	(→ d2dxlvlyoblbme.cloudfront.net)
-		- ssl
-		- support	(→ adextent.freshdesk.com)
-
--->
-<ruleset name="AdExtent.com (partial)">
-
-	<target host="*.adextent.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://appv2\.adextent\.com/(?!favicon\.ico|Frontend/bootstrap/|Frontend/scripts/|Frontend/theme/)" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.appv2\.adextent\.com$" name=".+" />
-
-
-	<rule from="^http://appv2\.adextent\.com/(?=favicon\.ico|Frontend/(?:bootstrap|scripts|theme)/)"
-		to="https://s3.amazonaws.com/appv2.adextent.com/" />
-
-	<rule from="^http://dynads\.adextent\.com/"
-		to="https://d2dxlvlyoblbme.cloudfront.net/" />
-
-	<rule from="^http://ssl\.adextent\.com/"
-		to="https://ssl.adextent.com/" />
-
-	<rule from="^http://support\.adextent\.com/"
-		to="https://adextent.freshdesk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdJug.com.xml b/src/chrome/content/rules/AdJug.com.xml
index 93636f016650..51bb403ee722 100644
--- a/src/chrome/content/rules/AdJug.com.xml
+++ b/src/chrome/content/rules/AdJug.com.xml
@@ -38,7 +38,7 @@ Fetch error: http://adjug.com/ => https://www.adjug.com/: (51, "SSL: no alternat
 		- .adjug.com
 
 -->
-<ruleset name="AdJug.com (partial)" default_off='failed ruleset test'>
+<ruleset name="AdJug.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AdMaster.com.cn.xml b/src/chrome/content/rules/AdMaster.com.cn.xml
index dfd91ff59c4d..9afed6cadf82 100644
--- a/src/chrome/content/rules/AdMaster.com.cn.xml
+++ b/src/chrome/content/rules/AdMaster.com.cn.xml
@@ -45,7 +45,7 @@ Fetch error: http://e.admaster.com.cn/ => https://e.admaster.com.cn/: (6, 'Could
 	² Unsecurable <= 404
 
 -->
-<ruleset name="AdMaster.com.cn (partial)" default_off='failed ruleset test'>
+<ruleset name="AdMaster.com.cn (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AdReactor.xml b/src/chrome/content/rules/AdReactor.xml
index 03946c86a1cc..3af548a8db56 100644
--- a/src/chrome/content/rules/AdReactor.xml
+++ b/src/chrome/content/rules/AdReactor.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdRiver.xml b/src/chrome/content/rules/AdRiver.xml
index cf2f68abc191..a8494955e79f 100644
--- a/src/chrome/content/rules/AdRiver.xml
+++ b/src/chrome/content/rules/AdRiver.xml
@@ -35,7 +35,7 @@ Fetch error: http://masterh3.adriver.ru/ => https://masterh3.adriver.ru/: (28, '
 	* Secured by us
 
 -->
-<ruleset name="AdRiver.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="AdRiver.ru (partial)" default_off="failed ruleset test">
 
 	<target host="adriver.ru" />
 	<target host="ad.adriver.ru" />
@@ -58,10 +58,10 @@ Fetch error: http://masterh3.adriver.ru/ => https://masterh3.adriver.ru/: (28, '
 			<test url="http://content.adriver.ru/?" />
 			<test url="http://content.adriver.ru//" />
 			<test url="http://content.adriver.ru//?" />
-		
+
 	<!-- Flash-based players fails load ads if detect redirects. It can issue lower video quality on videohostings like on rutube.ru -->
 	<exclusion pattern="^http://ad\.adriver\.ru/crossdomain.xml" />
-	
+
 		<test url="http://ad.adriver.ru/crossdomain.xml" />
 
 
diff --git a/src/chrome/content/rules/AdRoll-problematic.xml b/src/chrome/content/rules/AdRoll-problematic.xml
deleted file mode 100644
index 2213f49e7bb0..000000000000
--- a/src/chrome/content/rules/AdRoll-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see AdRoll.xml.
-
--->
-<ruleset name="AdRoll (problematic)" default_off="mismatched">
-
-	<target host="feedback.adroll.com" />
-
-
-	<rule from="^http://feedback\.adroll\.com/(?!s/)"
-		to="https://feedback.adroll.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AdRoll.xml b/src/chrome/content/rules/AdRoll.xml
index 304749f34913..d2a405a3bb36 100644
--- a/src/chrome/content/rules/AdRoll.xml
+++ b/src/chrome/content/rules/AdRoll.xml
@@ -1,106 +1,26 @@
 <!--
-	For problematic rules, see AdRoll-problematic.xml
+	Refused:
+		- ^
 
+	Timeout:
+		- support
 
-	CDN buckets:
-
-		- adroll-2081128421.us-west-1.elb.amazonaws.com
-
-		- wildcard.adroll.com.edgekey.net
-
-			- s.adroll.com
-
-		- a.adroll.com.edgesuite.net
-
-		- adroll.userecho.com
-
-			- feedback.adroll.com
-
-		- adroll.wpengine.com		(redirects to blog.adroll)
-
-			- blog.adroll.com
-
-
-	Nonfunctional subdomains:
-
-		- blog *
-		- support *
-
-	* Redirects to http, mismatched, CN: *.wpengine.com)
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- a		(akamai)
-		- feedback	(works, mismatched, CN: userecho.com)
-
-	¹ Refused
-
-
-	Fully covered hosts in *adroll.com:
-
-		- (www.)?	(^ → www)
-		- a		(→ s)
-		- d
-		- s
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .adroll.com
-		- feedback.adroll.com
-
-
-	s.adroll.com sets __ar_v4 and _te_ wildcard cookies
-	on whichever domain it is loaded from.
-
+	Mismatched:
+		- a
 -->
 <ruleset name="AdRoll (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="d.adroll.com" />
-	<target host="s.adroll.com" />
-	<target host="www.adroll.com" />
-
-	<!--	Complications:
-				-->
 	<target host="adroll.com" />
-	<target host="a.adroll.com" />
+	<target host="www.adroll.com" />
+	<target host="blog.adroll.com" />
+	<target host="d.adroll.com" />
 	<target host="feedback.adroll.com" />
+	<target host="help.adroll.com" />
+	<target host="s.adroll.com" />
+	<target host="support.adroll.com" />
 
-		<exclusion pattern="^http://feedback\.adroll\.com/(?!s/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://feedback.adroll.com/topic/683270-visbility-of-segments-across-advertiser-profiles/" />
-			<test url="http://feedback.adroll.com/users/360899-egg-to-apples/topic/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://feedback.adroll.com/s/assets2.0/css/font-awesome.min.css" />
-			<test url="http://feedback.adroll.com/s/assets2.0/css/plugins/lightbox/img/close.png" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.adroll\.com$" name="^__adroll$" /-->
-	<!--securecookie host="^feedback\.adroll\.com$" name="^uesessionid$" /-->
-
-	<securecookie host="^\.adroll\.com$" name="^__adroll$" />
-
-
-	<rule from="^http://adroll\.com/"
-		to="https://www.adroll.com/" />
-
-	<rule from="^http://a\.adroll\.com/"
-		to="https://s.adroll.com/" />
-
-	<rule from="^http://feedback\.adroll\.com/"
-		to="https://userecho.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://adroll\.com/" to="https://www.adroll.com/" />
+	<rule from="^http://support\.adroll\.com/" to="https://help.adroll.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AdSafe.xml b/src/chrome/content/rules/AdSafe.xml
index 3c3ca983bd78..5f6615119361 100644
--- a/src/chrome/content/rules/AdSafe.xml
+++ b/src/chrome/content/rules/AdSafe.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.adsafecontrol.com/ => https://www.adsafecontrol.com/: (6
 	* Shows default page
 
 -->
-<ruleset name="AdSafe control.com" default_off='failed ruleset test'>
+<ruleset name="AdSafe control.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AdSonar.com.xml b/src/chrome/content/rules/AdSonar.com.xml
index 7a218bbbfafe..340db42a9b1d 100644
--- a/src/chrome/content/rules/AdSonar.com.xml
+++ b/src/chrome/content/rules/AdSonar.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://js.adsonar.com/ => https://secure-js.adsonar.com/: (6, 'Coul
 		- .adsonar.com
 
 -->
-<ruleset name="AdSonar.com" default_off='failed ruleset test'>
+<ruleset name="AdSonar.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AdSpirit.xml b/src/chrome/content/rules/AdSpirit.xml
index 0376c15e3ee0..0fc912afffa3 100644
--- a/src/chrome/content/rules/AdSpirit.xml
+++ b/src/chrome/content/rules/AdSpirit.xml
@@ -8,7 +8,7 @@ Fetch error: http://cdn6.adspirit.de/banner/1x1.gif => https://cdn6.adspirit.de/
 	www.adspirit.de: Shows default page
 
 -->
-<ruleset name="AdSpirit.de (partial)" default_off='failed ruleset test'>
+<ruleset name="AdSpirit.de (partial)" default_off="failed ruleset test">
 
 	<target host="*.adspirit.de" />
 
diff --git a/src/chrome/content/rules/AdXpansion.com.xml b/src/chrome/content/rules/AdXpansion.com.xml
deleted file mode 100644
index 9dc1f2c62942..000000000000
--- a/src/chrome/content/rules/AdXpansion.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- help		(dropped)
-		- marketing	(shows www; mismatched, CN: www.adxpansion.com)
-
--->
-<ruleset name="AdXpansion.com (partial)">
-
-	<target host="adxpansion.com" />
-	<target host="www.adxpansion.com" />
-
-
-	<securecookie host="^(?:w*\.)?adxpansion\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ada.lt.xml b/src/chrome/content/rules/Ada.lt.xml
index d2b9faa2a09c..8a8fde71195c 100644
--- a/src/chrome/content/rules/Ada.lt.xml
+++ b/src/chrome/content/rules/Ada.lt.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdaCore.xml b/src/chrome/content/rules/AdaCore.xml
index c73074b3f6d5..6f6872000ffc 100644
--- a/src/chrome/content/rules/AdaCore.xml
+++ b/src/chrome/content/rules/AdaCore.xml
@@ -1,20 +1,9 @@
-<ruleset name="AdaCore" platform="mixedcontent">
-
+<ruleset name="AdaCore (partial)">
 	<target host="adacore.com" />
 	<target host="www.adacore.com" />
 	<target host="libre.adacore.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^www\.adacore\.com$" name=".+" />
-
-
-	<!--	Matches:
-
-			- libre
-			- www
-      Other subdomains may not work:
-      https://trac.torproject.org/projects/tor/ticket/7219
-				-->
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Adallom.com.xml b/src/chrome/content/rules/Adallom.com.xml
deleted file mode 100644
index 5a79a52f03f5..000000000000
--- a/src/chrome/content/rules/Adallom.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- learn *
-
-	* Marketo
-
--->
-<ruleset name="Adallom.com (partial)">
-
-	<target host="adallom.com" />
-	<target host="*.adallom.com" />
-
-
-	<rule from="^http://(console\.|www\.)?adallom\.com/"
-		to="https://$1adallom.com/" />
-
-	<rule from="^http://learn\.adallom\.com/(?=css/|images/|js/|rs/)"
-		to="https://na-ab01.marketo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adam-Barth.xml b/src/chrome/content/rules/Adam-Barth.xml
new file mode 100644
index 000000000000..771fe0bce9db
--- /dev/null
+++ b/src/chrome/content/rules/Adam-Barth.xml
@@ -0,0 +1,7 @@
+<ruleset name="Adam Barth">
+	<target host="adambarth.com"/>
+	<target host="www.adambarth.com"/>
+	
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adap.TV.xml b/src/chrome/content/rules/Adap.TV.xml
index 7f4640041d2a..6883a9e781b0 100644
--- a/src/chrome/content/rules/Adap.TV.xml
+++ b/src/chrome/content/rules/Adap.TV.xml
@@ -33,7 +33,7 @@ Fetch error: http://www.adap.tv/ => https://adap.tv/: (7, 'Failed to connect to
 		- sync
 
 -->
-<ruleset name="Adap.TV (partial)" default_off='failed ruleset test'>
+<ruleset name="Adap.TV (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Adaptec.com.xml b/src/chrome/content/rules/Adaptec.com.xml
index 2b1c40cf0368..be63b4b6bfb0 100644
--- a/src/chrome/content/rules/Adaptec.com.xml
+++ b/src/chrome/content/rules/Adaptec.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://www.adaptec.com/ => https://www.adaptec.com/: (60, 'SSL cert
 	** Secured by us
 
 -->
-<ruleset name="Adaptec.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Adaptec.com (partial)" default_off="failed ruleset test">
 
 	<target host="adaptec.com" />
 	<target host="www.adaptec.com" />
diff --git a/src/chrome/content/rules/Adapteva.com.xml b/src/chrome/content/rules/Adapteva.com.xml
index e71375e8c7d9..db5fa193ef43 100644
--- a/src/chrome/content/rules/Adapteva.com.xml
+++ b/src/chrome/content/rules/Adapteva.com.xml
@@ -20,7 +20,7 @@ Non-2xx HTTP code: http://shop.adapteva.com/ (200) => https://adapteva.myshopify
 		- (www.)	(http reply)
 
 -->
-<ruleset name="Adapteva.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Adapteva.com (partial)" default_off="failed ruleset test">
 
 	<target host="shop.adapteva.com" />
 
@@ -28,4 +28,4 @@ Non-2xx HTTP code: http://shop.adapteva.com/ (200) => https://adapteva.myshopify
 	<rule from="^http://shop\.adapteva\.com/"
 		to="https://adapteva.myshopify.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adaptive_Computing.xml b/src/chrome/content/rules/Adaptive_Computing.xml
index 545a66af6eb0..5ca61de18444 100644
--- a/src/chrome/content/rules/Adaptive_Computing.xml
+++ b/src/chrome/content/rules/Adaptive_Computing.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://adaptivecomputing.com/ => https://adaptivecomputing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'adaptivecomputing.com'")
 
 -->
-<ruleset name="Adaptive Computing (partial)" default_off='failed ruleset test'>
+<ruleset name="Adaptive Computing (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AdblockPlus.xml b/src/chrome/content/rules/AdblockPlus.xml
index 9329b5a4ec94..95fa5dbaeb53 100644
--- a/src/chrome/content/rules/AdblockPlus.xml
+++ b/src/chrome/content/rules/AdblockPlus.xml
@@ -22,7 +22,7 @@
 	<target host="www.adblockplus.org" />
 
 
-	<securecookie host="^(?:.*\.)?adblockplus\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Adbooth.net.xml b/src/chrome/content/rules/Adbooth.net.xml
index 89334c06fafd..52552796a526 100644
--- a/src/chrome/content/rules/Adbooth.net.xml
+++ b/src/chrome/content/rules/Adbooth.net.xml
@@ -34,11 +34,13 @@
 -->
 <ruleset name="Adbooth.net">
 
-	<target host="*.adbooth.net" />
+	<target host="cdn.adbooth.net" />
+	<target host="help.adbooth.net" />
+	<target host="yieldmanager.adbooth.net" />
 
 
 	<rule from="^http://cdn\.adbooth\.net/"
-		to="https://s3.amazonaws.com/cdn.adbooth.net/" />
+		to="https://cdn.adbooth.net/" />
 
 	<rule from="^http://help\.adbooth\.net/track\.gif"
 		to="https://cdn.uservoice.com/track.gif" />
@@ -46,4 +48,4 @@
 	<rule from="^http://yieldmanager\.adbooth\.net/"
 		to="https://ad.yieldmanager.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adbrite.xml b/src/chrome/content/rules/Adbrite.xml
index 5968cb048a17..4a94f2e0502c 100644
--- a/src/chrome/content/rules/Adbrite.xml
+++ b/src/chrome/content/rules/Adbrite.xml
@@ -21,7 +21,7 @@ Fetch error: http://files.adbrite.com/ => https://www.adbrite.com/: (6, 'Could n
 		- press		(times out)
 
 -->
-<ruleset name="AdBrite.com (partial)" default_off='failed ruleset test'>
+<ruleset name="AdBrite.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Adbusters.org.xml b/src/chrome/content/rules/Adbusters.org.xml
index d281720e042c..40d6bf8d1868 100644
--- a/src/chrome/content/rules/Adbusters.org.xml
+++ b/src/chrome/content/rules/Adbusters.org.xml
@@ -1,6 +1,22 @@
+<!--
+	Invalid certificate:
+		campaigns.adbusters.org
+		featured.adbusters.org
+		kickitover.adbusters.org
+
+	521 error (sometimes):
+		adbusters.org
+
+-->
 <ruleset name="Adbusters.org">
-  <target host="adbusters.org" />
-  <target host="www.adbusters.org" />
 
-  <rule from="^http://(?:www\.)?adbusters\.org/" to="https://www.adbusters.org/" />
+	<target host="adbusters.org" />
+	<target host="www.adbusters.org" />
+	<target host="subscribe.adbusters.org" />
+
+	<rule from="^http://adbusters\.org/"
+		to="https://www.adbusters.org/" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Adbuyer.com.xml b/src/chrome/content/rules/Adbuyer.com.xml
index 6c31793ca145..114c008d637b 100644
--- a/src/chrome/content/rules/Adbuyer.com.xml
+++ b/src/chrome/content/rules/Adbuyer.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://adbuyer.com/ => https://app.mbuy.com/: (7, 'Failed to connec
 		- pixel
 
 -->
-<ruleset name="adbuyer.com" default_off='failed ruleset test'>
+<ruleset name="adbuyer.com" default_off="failed ruleset test">
 
 	<target host="adbuyer.com" />
 	<target host="*.adbuyer.com" />
@@ -30,4 +30,4 @@ Fetch error: http://adbuyer.com/ => https://app.mbuy.com/: (7, 'Failed to connec
 	<rule from="^http://(gbid|pixel)\.adbuyer\.com/"
 		to="https://$1.adbuyer.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Add2Net.xml b/src/chrome/content/rules/Add2Net.xml
index 10c557441582..ef58c038d0cb 100644
--- a/src/chrome/content/rules/Add2Net.xml
+++ b/src/chrome/content/rules/Add2Net.xml
@@ -20,7 +20,7 @@ Fetch error: http://lunarpages.co.uk/ => https://lunarpages.co.uk/: (51, "SSL: n
 Fetch error: http://www.lunarpages.co.uk/ => https://www.lunarpages.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lunarpages.co.uk'")
 Fetch error: http://tremendesk.com/ => https://tremendesk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Add2Net (partial)" default_off='failed ruleset test'>
+<ruleset name="Add2Net (partial)" default_off="failed ruleset test">
 
 	<target host="lpdedicated.com"/>
 	<target host="www.lpdedicated.com"/>
@@ -29,13 +29,16 @@ Fetch error: http://tremendesk.com/ => https://tremendesk.com/: (60, 'SSL certif
 	<target host="lunarmods.com"/>
 	<target host="www.lunarmods.com"/>
 	<target host="lunarpages.com"/>
-	<target host="*.lunarpages.com"/>
+	<target host="www.lunarpages.com" />
+	<target host="account.lunarpages.com" />
+	<target host="secure.lunarpages.com" />
+	<target host="support.lunarpages.com" />
 	<target host="lunarpages.com.mx"/>
 	<target host="www.lunarpages.com.mx"/>
 	<target host="lunarpages.co.uk"/>
 	<target host="www.lunarpages.co.uk"/>
 	<target host="tremendesk.com"/>
-	<target host="*.tremendesk.com"/>
+	<target host="www.tremendesk.com" />
 
 
 	<securecookie host="^www\.lunarmods\.com$" name=".+" />
@@ -43,8 +46,6 @@ Fetch error: http://tremendesk.com/ => https://tremendesk.com/: (60, 'SSL certif
 	<securecookie host="^(?:www)?\.tremendesk\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?lpdedicated\.com/"
-		to="https://$1lpdedicated.com/"/>
 
 	<rule from="^http://(?:www\.)?lplogin\.com/"
 		to="https://account.lunarpages.com/"/>
@@ -52,13 +53,8 @@ Fetch error: http://tremendesk.com/ => https://tremendesk.com/: (60, 'SSL certif
 	<rule from="^http://(www\.)?lunar(mod|page)s\.com/"
 		to="https://$1lunarpages.com/"/>
 
-	<rule from="^http://(account|secure|support)\.lunarpages\.com/"
-		to="https://$1.lunarpages.com/"/>
 
-	<rule from="^http://(www\.)?lunarpages\.co(m\.mx|\.uk)/"
-		to="https://$1lunarpages.co$2/"/>
 
-	<rule from="^http://(www\.)?tremendesk\.com/"
-		to="https://$1tremendesk.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AddBooks.se.xml b/src/chrome/content/rules/AddBooks.se.xml
index e4d809dd1790..ea854f18f989 100644
--- a/src/chrome/content/rules/AddBooks.se.xml
+++ b/src/chrome/content/rules/AddBooks.se.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.addbooks.se/ => https://www.addbooks.se/: (7, 'Failed to
 Fetch error: http://addbooks.se/ => https://addbooks.se/: (7, 'Failed to connect to addbooks.se port 443: Connection timed out')
 
 -->
-<ruleset name="AddBooks.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="AddBooks.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.addbooks.se" />
   <target host="addbooks.se" />
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/AddThis.xml b/src/chrome/content/rules/AddThis.xml
index ed2dbf4adb11..dd6824d7e14a 100644
--- a/src/chrome/content/rules/AddThis.xml
+++ b/src/chrome/content/rules/AddThis.xml
@@ -1,148 +1,49 @@
 <!--
 	For other Oracle coverage, see Oracle.xml.
 
-
 	CDN buckets:
-
 		- wildcard.addthis.com.edgekey.net
 
-
-	Nonfunctional domains:
-
-		- s4.addthis.com	(shows empty tree, mismatched, CN: xiaomufwq.com)
-
-
-	Problematic domains:
-
-		- go.addthis.com 	(invalid cert; mismatched)
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
+	Insecure cookies are set for these domains and hosts, see https://owasp.org/index.php/SecureFlag:
 		- .addthis.com
 		- www.addthis.com
 
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Image on www from blog.addthiscdn.com ˢ
-		- Bug on www from cf.addthis.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	Invalid certificate:
+		- go.addthis.com
 
+	Timed out:
+		- s4.addthis.com
 -->
-<ruleset name="AddThis.com (partial)">
 
+<ruleset name="AddThis.com (partial)">
 	<target host="addthis.com" />
+	<target host="www.addthis.com" />
 	<target host="api.addthis.com" />
 	<target host="api-public.addthis.com" />
 	<target host="cache.addthis.com" />
 	<target host="cf.addthis.com" />
+		<test url="http://cf.addthis.com/red/p.png" />
 	<target host="ct0.addthis.com" />
 	<target host="ct1.addthis.com" />
+		<test url="http://ct1.addthis.com/static/r07/widget/css/widget007.old.css" />
 	<target host="ct3.addthis.com" />
-	<target host="ct4.addthis.com" />
 	<target host="ct5.addthis.com" />
 	<target host="dashcache.addthis.com" />
+		<test url="http://dashcache.addthis.com/images/logo-reversed-lg.png" />
 	<target host="m.addthis.com" />
 	<target host="s3.addthis.com" />
 	<target host="s5.addthis.com" />
 	<target host="s7.addthis.com" />
 	<target host="s9.addthis.com" />
 	<target host="secure.addthis.com" />
-	<target host="status.addthis.com" />
 	<target host="su.addthis.com" />
 	<target host="support.addthis.com" />
-	<target host="www.addthis.com" />
-
-		<!--	Redirects to http:
-						-->
-
-		<!--exclusion pattern="^http://(?:www\.)?addthis\.com/(?:browser-extensions$|careers$|contact$|forgot-password$|plugins$|privacy/privacy-policy$|security/hall-of-fame$|social-buttons$|support$)" /-->
 
-		<exclusion pattern="^http://(?:www\.)?addthis\.com/(?!/*(?:$|\?|bookmark\.php|(?:academy|blog|dashboard|get|landing|login|plans|press|register|services|sitebar-editor|website-tools|wordpress)(?:$|[?/])|download/|images/|\w+/sharing-buttons(?:$|\?)|style/))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.addthis.com/about" />
-			<test url="http://www.addthis.com/audiences" />
-			<test url="http://www.addthis.com/browser-extensions" />
-			<test url="http://www.addthis.com/browser-extensions/bookmarklets" />
-			<test url="http://www.addthis.com/browser-extensions/safari" />
-			<test url="http://www.addthis.com/careers" />
-			<test url="http://www.addthis.com/contact" />
-			<test url="http://www.addthis.com/custom-audiences" />
-			<test url="http://www.addthis.com/data-solutions" />
-			<test url="http://www.addthis.com/forgot-password" />
-			<test url="http://www.addthis.com/international" />
-			<test url="http://www.addthis.com/mobile" />
-			<test url="http://www.addthis.com/personalize" />
-			<test url="http://www.addthis.com/platform" />
-			<test url="http://www.addthis.com/plugins" />
-			<test url="http://www.addthis.com/privacy" />
-			<test url="http://www.addthis.com/privacy/opt-out" />
-			<test url="http://www.addthis.com/privacy/partners" />
-			<test url="http://www.addthis.com/privacy/pixel-partners" />
-			<test url="http://www.addthis.com/privacy/privacy-policy" />
-			<test url="http://www.addthis.com/security/hall-of-fame" />
-			<test url="http://www.addthis.com/social-buttons" />
-			<test url="http://www.addthis.com/social-buttons/facebook-like-button" />
-			<test url="http://www.addthis.com/social-buttons/foursquare" />
-			<test url="http://www.addthis.com/social-buttons/reddit" />
-			<test url="http://www.addthis.com/social-buttons/sharing-tools" />
-			<test url="http://www.addthis.com/social-buttons/slack-button" />
-			<test url="http://www.addthis.com/standard-audiences" />
-			<test url="http://www.addthis.com/support" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.addthis.com/academy/" />
-			<test url="http://www.addthis.com/academy/category/addthis-account/" />
-			<test url="http://www.addthis.com/blog" />
-			<test url="http://www.addthis.com/blog/2015/04/14/minneapolis-running-using-custom-messages-to-better-engage-their-visitors/" />
-			<test url="http://www.addthis.com/blogger/sharing-buttons" />
-			<test url="http://www.addthis.com/dashboard" />
-			<test url="http://www.addthis.com/get/follow" />
-			<test url="http://www.addthis.com/joomla/sharing-buttons" />
-			<test url="http://www.addthis.com/landing?to=drupal" />
-			<test url="http://www.addthis.com/login" />
-			<test url="http://www.addthis.com/magento/sharing-buttons" />
-			<test url="http://www.addthis.com/plans" />
-			<test url="http://www.addthis.com/press" />
-			<test url="http://www.addthis.com/press/addthis-expands-relationship-with-oracle-data-cloud-to-provide-global-reach" />
-			<test url="http://www.addthis.com/register" />
-			<test url="http://www.addthis.com/services" />
-			<test url="http://www.addthis.com/shopify/sharing-buttons" />
-			<test url="http://www.addthis.com/sidebar-editor" /><!--	mixed bug & sets insecure cookie -->
-			<test url="http://www.addthis.com/style/images/common/icon-facebook.png" />
-			<test url="http://www.addthis.com/website-tools" />
-			<test url="http://www.addthis.com/wordpress" />
-			<test url="http://www.addthis.com/wordpress/share-buttons" />
-
-		<test url="http://cf.addthis.com/red/p.png?gen=&amp;rb=&amp;pco=&amp;ev=&amp;pxid=" />
-		<test url="http://ct1.addthis.com/static/r07/widget/css/widget007.old.css" />
-		<test url="http://dashcache.addthis.com/images/logo-reversed-lg.png" />
-
-		<!--	Mixed image:
-					-->
-		<!--test url="http://www.addthis.com/blog/" /-->
-
-
-	<!--	Not secured by server:
-					-->
+	<!-- Not secured by server -->
 	<!--securecookie host="^\.addthis.com$" name="^km_ai$" /-->
-	<!--securecookie host="^www\.addthis\.com$" name="^(?:ana_svc|bb2_screener|siteaud)$" /-->
-
-	<securecookie host="^\." name="^(?:__atuvc|__cfduid|di|uid|xtc)$" />
+	<!--securecookie host="^www\.addthis\.com$" name="^(ana_svc|bb2_screener|siteaud)$" /-->
+	<securecookie host="^\." name="^(__atuvc|__cfduid|di|uid|xtc)$" />
 	<securecookie host="^[^.w]" name=".+" />
 
-
-	<rule from="^http://(ct\d)\.addthis\.com/"
-		to="https://$1.addthis.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Addictech.xml b/src/chrome/content/rules/Addictech.xml
index 985281314bb9..67028c8534df 100644
--- a/src/chrome/content/rules/Addictech.xml
+++ b/src/chrome/content/rules/Addictech.xml
@@ -12,7 +12,7 @@ Fetch error: http://addictech.com/ => https://www.addictech.com/: Too many redir
 Fetch error: http://www.addictech.com/ => https://www.addictech.com/: Too many redirects while fetching 'https://www.addictech.com/'
 
 -->
-<ruleset name="Addictech" default_off='failed ruleset test'>
+<ruleset name="Addictech" default_off="failed ruleset test">
   <target host="addictech.com" />
   <target host="www.addictech.com" />
   <target host="assets.musicwindow.com" />
diff --git a/src/chrome/content/rules/Addiction_Help.xml b/src/chrome/content/rules/Addiction_Help.xml
deleted file mode 100644
index d9a892c0ced5..000000000000
--- a/src/chrome/content/rules/Addiction_Help.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	^addictionhelpchat.com: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.addictionhelpchat.com
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Addiction Help.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.addictionhelpchat.com" />
-
-	<!--	Complications:
-				-->
-	<target host="addictionhelpchat.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.addictionhelpchat\.com$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^www\.addictionhelpchat\.com$" name=".+" />
-
-
-	<rule from="^http://addictionhelpchat\.com/"
-		to="https://www.addictionhelpchat.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Addison.com.hk.xml b/src/chrome/content/rules/Addison.com.hk.xml
index eaef1f403b0a..62f539ea5d31 100644
--- a/src/chrome/content/rules/Addison.com.hk.xml
+++ b/src/chrome/content/rules/Addison.com.hk.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(www\.)?addison\.com\.hk/(?=(?:contact_us|what_we_do)(?:$|[?/])|favicon\.ico|images/|libraries/|media/|templates/|wp-content/|wp-includes/)"
 		to="https://$1addison.com.hk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Addison_Lee.xml b/src/chrome/content/rules/Addison_Lee.xml
index 0d06186aa923..3247931c3464 100644
--- a/src/chrome/content/rules/Addison_Lee.xml
+++ b/src/chrome/content/rules/Addison_Lee.xml
@@ -8,7 +8,7 @@ Fetch error: http://addisonlee.com/ => https://www.addisonlee.com/: Too many red
     <target host="addisonlee.com" />
     <target host="*.addisonlee.com" />
 
-    <securecookie host="^(?:.*\.)?addisonlee\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://addisonlee\.com/"
         to="https://www.addisonlee.com/"/>
diff --git a/src/chrome/content/rules/Adecco_Way_to_Work.xml b/src/chrome/content/rules/Adecco_Way_to_Work.xml
index c2355d5a67f1..ac26b427ff3f 100644
--- a/src/chrome/content/rules/Adecco_Way_to_Work.xml
+++ b/src/chrome/content/rules/Adecco_Way_to_Work.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adelaide.edu.au.xml b/src/chrome/content/rules/Adelaide.edu.au.xml
index 3f535bc6d8ab..f6fa37c480a0 100644
--- a/src/chrome/content/rules/Adelaide.edu.au.xml
+++ b/src/chrome/content/rules/Adelaide.edu.au.xml
@@ -61,7 +61,20 @@
 <ruleset name="Adelaide.edu.au (partial)">
 
 	<target host="adelaide.edu.au" />
-	<target host="*.adelaide.edu.au" />
+	<target host="apps.adelaide.edu.au" />
+	<target host="auth.adelaide.edu.au" />
+	<target host="cas-prd.auth.adelaide.edu.au" />
+	<target host="blogs.adelaide.edu.au" />
+	<target host="global.adelaide.edu.au" />
+	<target host="international.adelaide.edu.au" />
+	<target host="login.adelaide.edu.au" />
+	<target host="m.adelaide.edu.au" />
+	<target host="myuni.adelaide.edu.au" />
+	<target host="orbit.adelaide.edu.au" />
+	<target host="password.adelaide.edu.au" />
+	<target host="shop.adelaide.edu.au" />
+	<target host="unified.adelaide.edu.au" />
+	<target host="www.adelaide.edu.au" />
 		<!--exclusion pattern="http://(www\.)?alumni\.adelaide\.edu\.au/" /-->
 
 
@@ -81,7 +94,6 @@
 	<securecookie host="^(?:apps|blogs|myuni|orbit|shop)\.adelaide\.edu\.au$" name=".+" />
 
 
-	<rule from="^http://((?:apps|auth|cas-prd\.auth|blogs|global|international|login|m|myuni|orbit|password|shop|unified|www)\.)?adelaide\.edu\.au/"
-		to="https://$1adelaide.edu.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adestra.xml b/src/chrome/content/rules/Adestra.xml
index b122dfd4589f..a15672e8c1ce 100644
--- a/src/chrome/content/rules/Adestra.xml
+++ b/src/chrome/content/rules/Adestra.xml
@@ -13,6 +13,6 @@
 	<rule from="^http:" to="https:" />
 
 	<!--	Included on 3rd-party websites.	-->
-	
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adidas.ca.xml b/src/chrome/content/rules/Adidas.ca.xml
new file mode 100644
index 000000000000..d6453c5936b9
--- /dev/null
+++ b/src/chrome/content/rules/Adidas.ca.xml
@@ -0,0 +1,30 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://adidas.ca/ => https://adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.adidas.ca/ => https://www.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.miteam.fr.adidas.ca/ => https://www.miteam.fr.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://m.adidas.ca/ => https://m.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.miteam.adidas.ca/ => https://www.miteam.adidas.ca/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://shop.miteam.adidas.ca/ => https://shop.miteam.adidas.ca/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
+	Active mixed content:
+		- discover.adidas.ca
+-->
+
+<ruleset name="Adidas.ca">
+	<!-- target host="adidas.ca" /-->
+	<!-- target host="www.adidas.ca" /-->
+	<target host="cfg.adidas.ca" />
+	<!-- <target host="cp.adidas.ca" />
+
+    Fails because website identity is cp.reebok.ca
+		<test url="http://cp.adidas.ca/idp/startSSO.ping?PartnerSpId=sp:demandware" />
+		<test url="http://cp.adidas.ca/web/rbkeCom/en_CA/loadsignin" /> -->
+	<!-- target host="www.miteam.fr.adidas.ca" /-->
+	<!-- target host="m.adidas.ca" /-->
+	<!-- target host="www.miteam.adidas.ca" /-->
+	<!-- target host="shop.miteam.adidas.ca" /-->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adify.xml b/src/chrome/content/rules/Adify.xml
deleted file mode 100644
index f213eedc7c29..000000000000
--- a/src/chrome/content/rules/Adify.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Adify">
-
-	<target host="ad.afy11.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adigital.xml b/src/chrome/content/rules/Adigital.xml
deleted file mode 100644
index dea7df7d907d..000000000000
--- a/src/chrome/content/rules/Adigital.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Cert only matches www
-	- Some (most?) pages redirect to http
-
--->
-<ruleset name="adigital (partial)">
-
-	<target host="adigital.org" />
-	<target host="www.adigital.org" />
-
-
-	<rule from="^http://(?:www\.)?adigital\.org/(misc/|registrate/?(?:$|\?)|sites/|user(?:$|\?|/))"
-		to="https://www.adigital.org/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adility.xml b/src/chrome/content/rules/Adility.xml
index 67ddf4055cbd..40791d17a9e7 100644
--- a/src/chrome/content/rules/Adility.xml
+++ b/src/chrome/content/rules/Adility.xml
@@ -5,7 +5,7 @@
 	<target host="adstax-match.adrtx.net" />
 	<target host="api.adrtx.net" />
 	<target host="cdn.adrtx.net" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Adingo.jp.xml b/src/chrome/content/rules/Adingo.jp.xml
index 3215070795e5..e93cfd003ebd 100644
--- a/src/chrome/content/rules/Adingo.jp.xml
+++ b/src/chrome/content/rules/Adingo.jp.xml
@@ -65,6 +65,6 @@
 	<securecookie host="contract\.adingo\.jp" name=".+" />
 	<securecookie host="payment\.adingo\.jp" name=".+" />
 	<securecookie host="product\.adingo\.jp" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adition.com.xml b/src/chrome/content/rules/Adition.com.xml
index 3d53af19aa70..42ec73fdd760 100644
--- a/src/chrome/content/rules/Adition.com.xml
+++ b/src/chrome/content/rules/Adition.com.xml
@@ -21,7 +21,7 @@
 		<test url="http://en.adition.com/" />
 		<test url="http://imagesrv.adition.com/js/adition.js" />
 		<test url="http://www.adition.com/" />
-	
+
 
 	<!--	Not secured by server:
 					-->
diff --git a/src/chrome/content/rules/Adjust-net.jp.xml b/src/chrome/content/rules/Adjust-net.jp.xml
index be954687fd6a..356059fdcddd 100644
--- a/src/chrome/content/rules/Adjust-net.jp.xml
+++ b/src/chrome/content/rules/Adjust-net.jp.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adk2.xml b/src/chrome/content/rules/Adk2.xml
index 73d62b51d56e..39f07a335ba6 100644
--- a/src/chrome/content/rules/Adk2.xml
+++ b/src/chrome/content/rules/Adk2.xml
@@ -21,21 +21,22 @@ Fetch error: http://adk2.com/ => https://adk2.com/: (60, 'SSL certificate proble
 		- cpmrocket
 
 -->
-<ruleset name="adk2 (partial)" default_off='failed ruleset test'>
+<ruleset name="adk2 (partial)" default_off="failed ruleset test">
 
 	<target host="adk2.com" />
-	<target host="*.adk2.com" />
+	<target host="ads.adk2.com" />
+	<target host="adstract.adk2.com" />
+	<target host="cpmrocket.adk2.com" />
+	<target host="cdn.adk2.com" />
 
 
 	<securecookie host="^\.?ads\.adk2\.com$" name=".+" />
 
 
-	<rule from="^http://((?:ads|adstract|cpmrocket)\.)?adk2\.com/"
-		to="https://$1adk2.com/" />
+	<rule from="^http:" to="https:" />
 
 	<!--	Included on 3rd-party websites.
 						-->
-	<rule from="^http://cdn\.adk2\.com/"
-		to="https://d38cp5x90nxyo0.cloudfront.net/" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adknowledge.xml b/src/chrome/content/rules/Adknowledge.xml
deleted file mode 100644
index 9be2220727b4..000000000000
--- a/src/chrome/content/rules/Adknowledge.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Other Adknowledge rulesets:
-
-		- Cubics.xml
-
-
-	Nonfunctional domains:
-
-		- (www.)adknowledge.com		(redirects to http, valid cert)
-		- docs.adknowledge.com		(no https)
-
--->
-<ruleset name="Adknowledge (partial)">
-
-	<target host="advertiser.adknowledge.com" />
-	<target host="bidsystem.com" />
-	<target host="*.bidsystem.com" />
-
-
-	<securecookie host="^advertiser\.adknowledge\.com$" name=".+" />
-	<securecookie host="^(?:www\.)?bidsystem\.com$" name=".+" />
-
-
-	<rule from="^http://advertiser\.adknowledge\.com/"
-		to="https://advertiser.adknowledge.com/" />
-
-	<rule from="^http://(tracker\.|www\.)?bidsystem\.com/"
-		to="https://$1bidsystem.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adkontekst.pl-problematic.xml b/src/chrome/content/rules/Adkontekst.pl-problematic.xml
index be8f2346bd44..8afc6c47a2cf 100644
--- a/src/chrome/content/rules/Adkontekst.pl-problematic.xml
+++ b/src/chrome/content/rules/Adkontekst.pl-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?adkontekst\.pl/"
 		to="https://www.adkontekst.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adkontekst.pl.xml b/src/chrome/content/rules/Adkontekst.pl.xml
index d0350a9df57e..318e2fa31449 100644
--- a/src/chrome/content/rules/Adkontekst.pl.xml
+++ b/src/chrome/content/rules/Adkontekst.pl.xml
@@ -15,13 +15,14 @@
 -->
 <ruleset name="Adkontekst.pl (partial)">
 
-	<target host="*.adkontekst.pl" />
+	<target host="adsearch.adkontekst.pl" />
+	<target host="www.adsearch.adkontekst.pl" />
+	<target host="wydawcy.panel.adkontekst.pl" />
 
 
 	<securecookie host="^wydawcy\.panel\.adkontekst\.pl$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?adsearch|wydawcy\.panel)\.adkontekst\.pl/"
-		to="https://$1.adkontekst.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adlegend.com.xml b/src/chrome/content/rules/Adlegend.com.xml
deleted file mode 100644
index d482ed40f637..000000000000
--- a/src/chrome/content/rules/Adlegend.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	(www.)?adlegend.com: Refused
-
-
-	Fully covered hosts in *adlegend.com:
-
-		- ad
-
-
-	These altnames don't exist:
-
-		- www.ad.adlegend.com
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .adlegend.com
-		- ad.adlegend.com
-
--->
-<ruleset name="Adlegend.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ad.adlegend.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.adlegend\.com$" name="^PrefID$" /-->
-	<!--securecookie host="^ad\.adlegend\.com$" name="^XGIR$" /-->
-
-	<securecookie host="^(?:ad)?\.adlegend\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adlibris.xml b/src/chrome/content/rules/Adlibris.xml
index db702e9ecba5..2b19535d6273 100644
--- a/src/chrome/content/rules/Adlibris.xml
+++ b/src/chrome/content/rules/Adlibris.xml
@@ -1,19 +1,19 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.capris.no/ => https://www.capris.no/: (51, "SSL: no alternative certificate subject name matches target host name 'www.capris.no'")
-Fetch error: http://capris.no/ => https://www.capris.no/: (51, "SSL: no alternative certificate subject name matches target host name 'www.capris.no'")
+	Expired:
+		- capris.no
 
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.capris.no/ => https://www.capris.no/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://capris.no/ => https://www.capris.no/: (60, 'SSL certificate problem: certificate has expired')
+	Mismatched:
+		- www.capris.no
 -->
-<ruleset name="Adlibris/Capris" platform="mixedcontent" default_off='failed ruleset test'>
-  <target host="www.adlibris.com" />
-  <target host="adlibris.com" />
-  <target host="www.capris.no" />
-  <target host="capris.no" />
+<ruleset name="Adlibris">
+	<target host="adlibris.com" />
+	<target host="www.adlibris.com" />
+
+	<target host="capris.no" />
+	<target host="www.capris.no" />
+
+	<securecookie host=".+" name=".+" />
 
-  <rule from="^http://(?:www\.)?(adlibris\.com|capris\.no)/"
-          to="https://www.$1/"/>
+	<rule from="^http://(www\.)?capris\.no/" to="https://www.adlibris.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adlink.net.xml b/src/chrome/content/rules/Adlink.net.xml
index 377948a93bba..d1815a714d57 100644
--- a/src/chrome/content/rules/Adlink.net.xml
+++ b/src/chrome/content/rules/Adlink.net.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://js.adlink.net/ => https://js.adlink.net/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="adlink.net" default_off='failed ruleset test'>
+<ruleset name="adlink.net" default_off="failed ruleset test">
 
 	<target host="js.adlink.net" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Admatic.xml b/src/chrome/content/rules/Admatic.xml
index f64e8fade0f1..0aeb33cee2c9 100644
--- a/src/chrome/content/rules/Admatic.xml
+++ b/src/chrome/content/rules/Admatic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Admeta-Aktiebolag.xml b/src/chrome/content/rules/Admeta-Aktiebolag.xml
deleted file mode 100644
index add0d8fc3194..000000000000
--- a/src/chrome/content/rules/Admeta-Aktiebolag.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	orig-10001.admeta.cotcdn.net
-
-
-	Insecure cookies are set for these domains:
-
-		- .atemda.com
-
--->
-<ruleset name="Admeta Aktiebolag (partial)">
-
-	<target host="atemda.com"/>
-	<target host="www.atemda.com"/>
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://atemda.com/RetargetTracking.ashx?tpt=&amp;aId=&amp;set=&amp;tag=&amp;cb=" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.atemda\.com$" name="^(?:RT1|fid|vi)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Admiringlight.com.xml b/src/chrome/content/rules/Admiringlight.com.xml
new file mode 100644
index 000000000000..95bc1bf54f26
--- /dev/null
+++ b/src/chrome/content/rules/Admiringlight.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Admiringlight.com">
+	<target host="admiringlight.com" />
+	<target host="www.admiringlight.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Admized.xml b/src/chrome/content/rules/Admized.xml
deleted file mode 100644
index b57305cfc4b2..000000000000
--- a/src/chrome/content/rules/Admized.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Admized">
-<target host="ads.admized.com" />
-
-<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Adnxs.com.xml b/src/chrome/content/rules/Adnxs.com.xml
index 304eadc75140..ea7ce78279e5 100644
--- a/src/chrome/content/rules/Adnxs.com.xml
+++ b/src/chrome/content/rules/Adnxs.com.xml
@@ -1,58 +1,31 @@
 <!--
-	For other AppNexus coverage, see AppNexus.xml.
-
-
-	Problematic hosts in *adnxs.com:
-
-		- cdn ᴬ
-
-	ᴬ Akamai / mismatched
-
-
-	^adnxs.com doesn't exist.
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
+	For other AppNexus coverage, see AppNexus.xml
 
+	Insecure cookies are set for these domains and hosts (see https://owasp.org/index.php/SecureFlag):
 		- .adnxs.com
 		- www.adnxs.com
 
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
+	Invalid certificate:
+		- www.adnxs.com
 -->
-<ruleset name="Adnxs.com">
 
-	<target host="*.adnxs.com" />
-
-		<exclusion pattern="^http://(?!cdn\.oas-c18\.adnxs\.com/)(?:[^./]+\.){2,}adnxs\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.adnxs.com/" />
-			<test url="http://exists.not.adnxs.com/" />
-			<test url="http://really.not.adnxs.com/" />
-
-		<test url="http://cdn.adnxs.com/" />
-		<test url="http://ib.adnxs.com/seg?add=&amp;t=" />
-		<test url="http://cdn.oas-c18.adnxs.com/" />
-		<test url="http://secure.adnxs.com/" />
-		<test url="http://secure.adnxs.com/bounce?" />
-		<!--test url="http://secure.adnxs.com/pxj?bidder=&amp;seg=&amp;action=&amp;redir=" /-->
-		<test url="http://www.adnxs.com/" />
-
-
-	<!--	Not secured by server:
-					-->
+<ruleset name="Adnxs.com">
+	<target host="cdn.adnxs.com" />
+	<target host="ib.adnxs.com" />
+		<test url="http://ib.adnxs.com/bounce" />
+		<test url="http://ib.adnxs.com/click" />
+		<test url="http://ib.adnxs.com/seg" />
+	<target host="oas-c18.adnxs.com" />
+	<target host="cdn.oas-c18.adnxs.com" />
+	<target host="secure.adnxs.com" />
+		<test url="http://secure.adnxs.com/bounce" />
+		<test url="http://secure.adnxs.com/click" />
+		<test url="http://secure.adnxs.com/pxj" />
+
+	<!-- Not secured by server -->
 	<!--securecookie host="^\.adnxs\.com$" name="^(anj|sess|uuid2)$" /-->
 	<!--securecookie host="^www\.adnxs\.com$" name="^([A-Z]+$|BIGipServer)" /-->
-
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://cdn\.adnxs\.com/"
-		to="https://secure.adnxs.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adobe-Digital-Marketing.xml b/src/chrome/content/rules/Adobe-Digital-Marketing.xml
index 7fb1cb7578ec..d70e6009560d 100644
--- a/src/chrome/content/rules/Adobe-Digital-Marketing.xml
+++ b/src/chrome/content/rules/Adobe-Digital-Marketing.xml
@@ -16,7 +16,7 @@
 	<!--securecookie host="^(www\.)?worldsecuresystems\.com$" name="^ASP\.NET_SessionId$" /-->
 	<!--securecookie host="^\.worldsecuresystems\.com$" name="^(ANONID-3|ANONID_FS-3|VISID-3)$" /-->
 
-	<securecookie host="^(?:.*\.)?worldsecuresystems\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Adobe-mismatches.xml b/src/chrome/content/rules/Adobe-mismatches.xml
deleted file mode 100644
index 9baf37ce1fb7..000000000000
--- a/src/chrome/content/rules/Adobe-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Adobe.xml.
-
--->
-<ruleset name="Adobe.com (mismatched)" default_off="mismatched">
-
-	<target host="airdownload.adobe.com" />
-	<target host="gaming.adobe.com" />
-	<target host="html.adobe.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adobe.xml b/src/chrome/content/rules/Adobe.xml
index c57d872511d0..da5652c11f21 100644
--- a/src/chrome/content/rules/Adobe.xml
+++ b/src/chrome/content/rules/Adobe.xml
@@ -1,6 +1,11 @@
+
 <!--
-	For problematic rules, see Adobe-mismatches.xml.
+The following targets have been disabled at 2020-09-25 16:20:22:
 
+Time: 2020-09-25 16:20:22
+ Fetch error: http://edexchange.adobe.com/pages/home => https://edex.adobe.com/: (6, 'Could not resolve host: edexchange.adobe.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://edexchange.adobe.com/ => https://edex.adobe.com/: (6, 'Could not resolve host: edexchange.adobe.com')
 
 	Other Adobe rulesets:
 
@@ -9,11 +14,9 @@
 		- Adobe_Connect.xml
 		- Adobe-Digital-Marketing.xml
 		- Adobe_Exchange.com.xml
-		- Adobe_forms_central.com.xml
 		- Adobe_login.com.xml
 		- Adobetag.com.xml
 		- Acrobat_Users.com.xml
-		- Hitbox.com.xml
 		- Macromedia.com.xml
 		- Offermatica.com.xml
 		- Scene7.xml
@@ -23,8 +26,6 @@
 
 	CDN buckets:
 
-		- s3.amazonaws.com/images.groups.adobe.com/
-
 		- thumbnails-tv.adobe.com.edgekey.net
 		- wwwimages2.adobe.com.edgekey.net
 
@@ -53,7 +54,6 @@
 
 	Problematic subdomains:
 
-		- airdownload ²
 		- demand.assets (mismatched)
 		- community	(Dropped)
 		- cookbooks	(404)
@@ -62,19 +62,16 @@
 		- cem.events	(Shows discoverwem.adobe.com)
 		- forums *
 		- gaming ¹
-		- get2 ⁴
 		- groups **
 		- images.groups ***
 		- html ¹
 		- kb2 ¹
 		- labs ¹
 		- max (redirect to http)
-		- ns ¹
 		- stats ⁶
 		- techlive	(404)
 		- thumbnails.tv ²
 		- webplatform	(Github)
-		- wwwimages ²
 
 	¹ Works, mismatched, CN: www.adobe.com
 	* Blocks Tor users
@@ -89,7 +86,6 @@
 
 		- community ¹
 		- fpdownload ³
-		- ns		(→ www)
 
 	¹ /+[^?] 404s
 	³ crossdomain.xml excluded
@@ -120,9 +116,7 @@
 		- cem.events	(→ www.adobe.com)
 		- forums
 		- get
-		- get2		(→ get)
 		- get3
-		- images.groups	(→ s3.amazonaws.com)
 		- helpx
 		- images-tv
 		- kuler
@@ -136,8 +130,6 @@
 		- tv
 		- thumbnails.tv *
 		- verify
-		- wwwimages *
-		- wwwimages2
 
 	* → akamai
 
@@ -167,7 +159,6 @@
 
 			- blogs from $self *
 			- blogs from dev.w3.org
-			- edex from ex-cms.s3.amazonaws.com *
 			- groups from $self
 			- groups from images.groups *
 			- tv from thumbnails.tv *
@@ -190,6 +181,7 @@
 <ruleset name="Adobe.com">
 
 	<target host="adobe.com" />
+	<target host="airdownload.adobe.com" />
 	<target host="entitlement.auth.adobe.com" />
 	<target host="sp.auth.adobe.com" />
 	<target host="blogs.adobe.com" />
@@ -197,12 +189,16 @@
 	<target host="communities.adobe.com" />
 	<target host="creative.adobe.com" />
 	<target host="*.creative.adobe.com" />
+	<test url="http://ap.creative.adobe.com/" />
+	<test url="http://eu.creative.adobe.com/" />
+	<test url="http://us.creative.adobe.com/" />
 	<target host="download.adobe.com" />
 	<target host="www.echosign.adobe.com" />
 	<target host="edex.adobe.com" />
 	<target host="forums.adobe.com" />
 	<target host="fpdownload.adobe.com" />
 	<target host="get.adobe.com" />
+	<target host="get2.adobe.com" />
 	<target host="get3.adobe.com" />
 	<target host="helpx.adobe.com" />
 	<target host="images-tv.adobe.com" />
@@ -215,17 +211,15 @@
 	<target host="tv.adobe.com" />
 	<target host="verify.adobe.com" />
 	<target host="www.adobe.com" />
+	<target host="wwwimages.adobe.com" />
 	<target host="wwwimages2.adobe.com" />
 
 	<!--	Complications:
 				-->
 	<target host="community.adobe.com" />
 	<target host="cookbooks.adobe.com" />
-	<target host="edexchange.adobe.com" />
+	<!-- target host="edexchange.adobe.com" /-->
 	<target host="cem.events.adobe.com" />
-	<target host="get2.adobe.com" />
-	<target host="images.groups.adobe.com" />
-	<target host="ns.adobe.com" />
 	<target host="stats.adobe.com" />
 	<target host="techlive.adobe.com" />
 
@@ -248,26 +242,6 @@
 			<test url="http://fpdownload.adobe.com/crossdomain.xml" />
 			<test url="http://fpdownload.adobe.com/pub/swz/crossdomain.xml" />
 
-		<!--
-			These stylesheets reference resources relative to root:
-										-->
-		<!--exclusion pattern="^http://wwwimages\.adobe.com/www\.adobe\.com/css/labs_import\.css" /-->
-		<!--
-			While these do not:
-						-->
-		<!--exclusion pattern="^http://wwwimages\.adobe.com/www\.adobe\.com/css/(?!assistive|features_test|handheld|print)\.css" /-->
-
-		<exclusion pattern="^http://ns\.adobe\.com/(?!$|xap/)" />
-
-			<test url="http://ns.adobe.com//" />
-			<test url="http://ns.adobe.com/?foo" />
-			<test url="http://ns.adobe.com/foo" />
-
-			<!--	-ve:
-					-->
-			<test url="http://ns.adobe.com/xap/" />
-
-
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^\.adobe\.com$" name="^(ITEMSINCART|TID|UID)$" /-->
@@ -297,14 +271,6 @@
 		<test url="http://cookbooks.adobe.com/livecycle" />
 		<test url="http://cookbooks.adobe.com/post_AIR_Encrypted_SQLite_Database-16250.html" />
 
-	<!--	Redirect drops forward slash,
-		path, and args:
-				-->
-	<rule from="^http://edexchange\.adobe\.com/.*"
-		to="https://edex.adobe.com/" />
-
-		<test url="http://edexchange.adobe.com/pages/home" />
-
 	<!--	Redirect drops forward slash
 		and path, but not args:
 					-->
@@ -314,18 +280,6 @@
 		<test url="http://cem.events.adobe.com/?" />
 		<test url="http://cem.events.adobe.com//" />
 
-	<rule from="^http://get2\.adobe\.com/"
-		to="https://get.adobe.com/" />
-
-	<rule from="^http://images\.groups\.adobe\.com/"
-		to="https://s3.amazonaws.com/images.groups.adobe.com/" />
-
-	<rule from="^http://ns\.adobe\.com/$"
-		to="https://www.adobe.com/" />
-
-	<rule from="^http://ns\.adobe\.com/xap/"
-		to="https://www.adobe.com/products/xmp/" />
-
 	<rule from="^http://stats\.adobe\.com/"
 		to="https://mxmacromedia.d1.sc.omtrdc.net/" />
 
@@ -337,13 +291,6 @@
 		<test url="http://techlive.adobe.com/?foo" />
 		<test url="http://techlive.adobe.com/foo" />
 
-	<!--	First, rewrite css to www:
-						-->
-	<rule from="^http://wwwimages\.adobe\.com/www\.adobe\.com/css/"
-		to="https://www.adobe.com/css/" />
-
-		<test url="http://wwwimages.adobe.com/www.adobe.com/css/labs_import.css" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Adobe_Connect.xml b/src/chrome/content/rules/Adobe_Connect.xml
index 481de2ff8d6d..8afd17c66962 100644
--- a/src/chrome/content/rules/Adobe_Connect.xml
+++ b/src/chrome/content/rules/Adobe_Connect.xml
@@ -20,7 +20,7 @@ Fetch error: http://adobeconnect.com/ => https://adobeconnect.com/: (28, 'Connec
 		- na\d+cps
 
 -->
-<ruleset name="Adobe Connect.com" default_off='failed ruleset test'>
+<ruleset name="Adobe Connect.com" default_off="failed ruleset test">
 
 	<target host="adobeconnect.com" />
 	<target host="*.adobeconnect.com" />
diff --git a/src/chrome/content/rules/Adobe_forms_central.com.xml b/src/chrome/content/rules/Adobe_forms_central.com.xml
deleted file mode 100644
index 319b925aab08..000000000000
--- a/src/chrome/content/rules/Adobe_forms_central.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.adobeformscentral.com/ => https://www.adobeformscentral.com/: (6, 'Could not resolve host: www.adobeformscentral.com')
-
-	For other Adobe coverage, see Adobe.xml.
-
--->
-<ruleset name="Adobe forms central.com" default_off='failed ruleset test'>
-
-	<target host="adobeformscentral.com" />
-	<target host="www.adobeformscentral.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adobetag.com.xml b/src/chrome/content/rules/Adobetag.com.xml
index 914a897b4ec8..bb0abcb694d6 100644
--- a/src/chrome/content/rules/Adobetag.com.xml
+++ b/src/chrome/content/rules/Adobetag.com.xml
@@ -31,4 +31,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adometry.xml b/src/chrome/content/rules/Adometry.xml
deleted file mode 100644
index 697de136b1d0..000000000000
--- a/src/chrome/content/rules/Adometry.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Other Adometry rulesets:
-
-		- Dmtry.com.xml
-
-
-	Nonfunctional hosts in *adometry.com:
-
-		- (www.)? *
-		- veracity
-
-	* Dropped
-
--->
-<ruleset name="Adometry.com (partial)">
-
-	<target host="attribute.adometry.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdoredTV.com.xml b/src/chrome/content/rules/AdoredTV.com.xml
new file mode 100644
index 000000000000..a829d406b468
--- /dev/null
+++ b/src/chrome/content/rules/AdoredTV.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AdoredTV.com">
+	<target host="adoredtv.com" />
+	<target host="www.adoredtv.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adoyacademy.se.xml b/src/chrome/content/rules/Adoyacademy.se.xml
deleted file mode 100644
index 119e5eea1232..000000000000
--- a/src/chrome/content/rules/Adoyacademy.se.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Adoyacademy.se">
-  <target host="www.adoyacademy.se" />
-  <target host="adoyacademy.se" />
-  <rule from="^http://www\.adoyacademy\.se/" to="https://adoyacademy.se/"/>
-  <rule from="^http://adoyacademy\.se/" to="https://adoyacademy.se/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/Adpay.com.xml b/src/chrome/content/rules/Adpay.com.xml
index a8d4a8880e4e..36dbd2bd577b 100644
--- a/src/chrome/content/rules/Adpay.com.xml
+++ b/src/chrome/content/rules/Adpay.com.xml
@@ -12,16 +12,14 @@
 -->
 <ruleset name="Adpay.com (partial)">
 
-	<target host="*.adpay.com" />
+	<target host="secure.adpay.com" />
+	<target host="staging.adpay.com" />
 		<!--exclusion pattern="^http://secure\.adpay\.com/(default\.aspx|/searchresults\.aspx)" /-->
 		<exclusion pattern="^http://secure\.adpay\.com/(?!ajaxpro/|[bB]randing/|favicon\.ico|[iI]mages/|Includes/|RadControls/|WebResource\.axd)" />
 		<exclusion pattern="^http://staging\.adpay\.com//searchresults\.aspx" />
 
 
-	<securecookie host="^\.adpay\.com$" name="^adpay$" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://s(ecure|taging)\.adpay\.com/"
-		to="https://s$1.adpay.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adperium.com.xml b/src/chrome/content/rules/Adperium.com.xml
index a739c720a076..6d66e3f7135f 100644
--- a/src/chrome/content/rules/Adperium.com.xml
+++ b/src/chrome/content/rules/Adperium.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://appnexus.adperium.com/ => https://appnexus.adperium.com/: (6, 'Could not resolve host: appnexus.adperium.com')
 
 -->
-<ruleset name="Adperium.com" default_off='failed ruleset test'>
+<ruleset name="Adperium.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Adscale.xml b/src/chrome/content/rules/Adscale.xml
index dd957366981f..ec1f8dc91b1a 100644
--- a/src/chrome/content/rules/Adscale.xml
+++ b/src/chrome/content/rules/Adscale.xml
@@ -21,10 +21,13 @@ Fetch error: http://adscale.de/ => https://www.adscale.de/: (60, 'SSL certificat
 		- rh
 
 -->
-<ruleset name="adscale" default_off='failed ruleset test'>
+<ruleset name="adscale" default_off="failed ruleset test">
 
 	<target host="adscale.de" />
-	<target host="*.adscale.de" />
+	<target host="www.adscale.de" />
+	<target host="ih.adscale.de" />
+	<target host="js.adscale.de" />
+	<target host="rh.adscale.de" />
 
 
 	<!--securecookie host="^\.adscale\.de$" name="^uu$" /-->
@@ -36,7 +39,6 @@ Fetch error: http://adscale.de/ => https://www.adscale.de/: (60, 'SSL certificat
 
 	<!--	Included on 3rd-party websites:
 						-->
-	<rule from="^http://(ih|js|rh)\.adscale\.de/"
-		to="https://$1.adscale.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adscend-Media.xml b/src/chrome/content/rules/Adscend-Media.xml
index 7a2cd30fd643..e0d23776a714 100644
--- a/src/chrome/content/rules/Adscend-Media.xml
+++ b/src/chrome/content/rules/Adscend-Media.xml
@@ -1,12 +1,11 @@
-<ruleset name="Adscend Media" platform="mixedcontent">
-
+<!--
+	adscendmedia.com has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+-->
+<ruleset name="Adscend Media">
 	<target host="adscendmedia.com" />
 	<target host="www.adscendmedia.com" />
 
-
-	<securecookie host="^adscendmedia\.com$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Adseekmedia.xml b/src/chrome/content/rules/Adseekmedia.xml
deleted file mode 100644
index ab70ab2eb1f8..000000000000
--- a/src/chrome/content/rules/Adseekmedia.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Adseekmedia.com">
-<target host="delivery.adseekmedia.com" />
-<rule from="^http:" to="https:" />
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.91 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adserver01.de.xml b/src/chrome/content/rules/Adserver01.de.xml
index 79a6da6ac119..0744fd78532c 100644
--- a/src/chrome/content/rules/Adserver01.de.xml
+++ b/src/chrome/content/rules/Adserver01.de.xml
@@ -1,12 +1,11 @@
 <ruleset name="adserver01.de">
 
-	<target host="*.adserver01.de" />
+	<target host="ad2.adserver01.de" />
 
 
 	<securecookie host="^ad2\.adserver01\.de$" name=".+" />
 
 
-	<rule from="^http://(ad|r)2\.adserver01\.de/"
-		to="https://$12.adserver01.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adsimilis.xml b/src/chrome/content/rules/Adsimilis.xml
deleted file mode 100644
index 63f95ca3872c..000000000000
--- a/src/chrome/content/rules/Adsimilis.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://adsimilis.com/ => https://adsimilis.com/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.adsimilis.com/ => https://www.adsimilis.com/: (60, 'SSL certificate problem: certificate has expired')
-
--->
-<ruleset name="Adsimilis" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="adsimilis.com" />
-	<target host="www.adsimilis.com" />
-
-
-	<securecookie host="^(?:.*\.)?adsimilis\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adspdbl.com.xml b/src/chrome/content/rules/Adspdbl.com.xml
index 5b35b381bbc4..f5cde3f06f21 100644
--- a/src/chrome/content/rules/Adspdbl.com.xml
+++ b/src/chrome/content/rules/Adspdbl.com.xml
@@ -17,7 +17,6 @@
 	<target host="files.adspdbl.com" />
 
 
-	<rule from="^http://files\.adspdbl\.com/"
-		to="https://d3ijm230svej28.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Adsrvmedia.com.xml b/src/chrome/content/rules/Adsrvmedia.com.xml
index 5286c60a5bc5..19f4aaf615bd 100644
--- a/src/chrome/content/rules/Adsrvmedia.com.xml
+++ b/src/chrome/content/rules/Adsrvmedia.com.xml
@@ -18,7 +18,8 @@
 -->
 <ruleset name="adsrvmedia.com">
 
-	<target host="*.adsrvmedia.com" />
+	<target host="ads.adsrvmedia.com" />
+	<target host="cdn.adsrvmedia.com" />
 
 
 	<rule from="^http://ads\.adsrvmedia\.com/"
@@ -27,4 +28,4 @@
 	<rule from="^http://cdn\.adsrvmedia\.com/"
 		to="https://d3vg9hiogk70qz.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adsrvr.org.xml b/src/chrome/content/rules/Adsrvr.org.xml
index 13a17edab86f..9db8704f7f00 100644
--- a/src/chrome/content/rules/Adsrvr.org.xml
+++ b/src/chrome/content/rules/Adsrvr.org.xml
@@ -7,7 +7,7 @@
 		- .adsrvr.org
 
 	ᶜ See https://owasp.org/index.php/SecureFlag
-	
+
 	Cert mismatch:
 		- euw.fb
 		- sin.fb
diff --git a/src/chrome/content/rules/Adsurve.com.xml b/src/chrome/content/rules/Adsurve.com.xml
deleted file mode 100644
index ea16cbccd881..000000000000
--- a/src/chrome/content/rules/Adsurve.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www01		(refused)
-
--->
-<ruleset name="Adsurve.com (partial)">
-
-	<target host="adsurve.com" />
-	<target host="www.adsurve.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adtarget.me.xml b/src/chrome/content/rules/Adtarget.me.xml
index 999bc394b0ef..235e839d2f97 100644
--- a/src/chrome/content/rules/Adtarget.me.xml
+++ b/src/chrome/content/rules/Adtarget.me.xml
@@ -15,7 +15,8 @@
 -->
 <ruleset name="adtarget.me">
 
-	<target host="*.adtarget.me" />
+	<target host="static.trackers.adtarget.me" />
+	<target host="static-trackers.adtarget.me" />
 
 
 	<rule from="^http://static[.-]trackers\.adtarget\.me/"
diff --git a/src/chrome/content/rules/Adtech.de.xml b/src/chrome/content/rules/Adtech.de.xml
index b638dd7d61e5..ccc5be03180e 100644
--- a/src/chrome/content/rules/Adtech.de.xml
+++ b/src/chrome/content/rules/Adtech.de.xml
@@ -1,73 +1,33 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://adserver-sb-fra.adtech.de/ => https://adserver-sb-fra.adtech.de/: (51, "SSL: no alternative certificate subject name matches target host name 'adserver-sb-fra.adtech.de'")
-
 	For other AOL coverage, see AOL.xml.
 
-
 	Banner network.
 
-
 	CDN buckets:
-
 		- aka-cdn-ns.adtech.de.edgesuite.net
 
-
-	Problematic domains:
-
-		- aka-cdn-ns.adtech.de		(works, akamai)
-		- ad.dc2.adtech.de		(works; mismatched, CN: *.adtech.de)
-
-
-	Fully covered subdomains:
-
-		- adserver
-		- adserverams
-		- adserver-sb-fra
-		- aka-cdn
-		- aka-cdn-ns	(→ aka-cdn)
-		- ad.dc2	(→ adserver)
-		- secserv
-		- ums
-
+	Invalid certificate:
+		- ad.dc2.adtech.de, equivalent to adserver.adtech.de
 
 	Insecure cookies are set for these domains:
-
 		- .adtech.de
-
 -->
-<ruleset name="Adtech.de (partial)" default_off='failed ruleset test'>
 
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Adtech.de (partial)">
 	<target host="adserver.adtech.de" />
 	<target host="adserverams.adtech.de" />
-	<target host="adserver-sb-fra.adtech.de" />
 	<target host="aka-cdn.adtech.de" />
-	<target host="secserv.adtech.de" />
-	<target host="ums.adtech.de" />
-
-	<!--	Complications:
-				-->
 	<target host="aka-cdn-ns.adtech.de" />
 	<target host="ad.dc2.adtech.de" />
+	<target host="secserv.adtech.de" />
+	<target host="ums.adtech.de" />
 
-
-	<!--	Not secured by server:
-					-->
+	<!-- Not secured by server -->
 	<!--securecookie host="^\.adtech\.de" name="^CfP$" /-->
-
 	<securecookie host="^\.adtech\.de" name=".+" />
 
-
-	<rule from="^http://aka-cdn-ns\.adtech\.de/"
-		to="https://aka-cdn.adtech.de/" />
-
 	<rule from="^http://ad\.dc2\.adtech\.de/"
 		to="https://adserver.adtech.de/" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Adtechus.com.xml b/src/chrome/content/rules/Adtechus.com.xml
index bf5f5362e38a..d318acc62427 100644
--- a/src/chrome/content/rules/Adtechus.com.xml
+++ b/src/chrome/content/rules/Adtechus.com.xml
@@ -49,7 +49,7 @@
 
 
 	<!--securecookie host="^\.adtechus\.com$" name="^(CfP|JEB2)" /-->
-	<securecookie host=".*\.adtechus\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://aka-cdn-ns\.adtechus\.com/"
diff --git a/src/chrome/content/rules/Adtraxx.de.xml b/src/chrome/content/rules/Adtraxx.de.xml
deleted file mode 100644
index e71c9716bc39..000000000000
--- a/src/chrome/content/rules/Adtraxx.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="adtraxx.de">
-
-	<target host="*.adtraxx.de" />
-
-
-	<securecookie host="^\.adtraxx\.de$" name=".+" />
-
-
-	<rule from="^http://view\.adtraxx\.de/"
-		to="https://view.adtraxx.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Adult-Ad-World.xml b/src/chrome/content/rules/Adult-Ad-World.xml
deleted file mode 100644
index 1738093d92a2..000000000000
--- a/src/chrome/content/rules/Adult-Ad-World.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cluster
-
--->
-<ruleset name="Adult Ad World (partial)">
-
-	<target host="*.adultadworld.com" />
-
-
-	<!--	- newt2 cert: hippo
-		- newt7: Akamai
-			-->
-	<rule from="^http://(?:newt[27]|hippo)\.adultadworld\.com/"
-		to="https://hippo.adultadworld.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdultShopping.com.xml b/src/chrome/content/rules/AdultShopping.com.xml
index 84a51028d025..075bdc16a374 100644
--- a/src/chrome/content/rules/AdultShopping.com.xml
+++ b/src/chrome/content/rules/AdultShopping.com.xml
@@ -1,80 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: https://store.adultshopping.com/ => https://checkout.adultshopping.com/: (51, "SSL: no alternative certificate subject name matches target host name 'checkout.adultshopping.com'")
-Fetch error: http://admin.adultshopping.com/ => https://admin.adultshopping.com/: (51, "SSL: no alternative certificate subject name matches target host name 'admin.adultshopping.com'")
-Fetch error: http://checkout.adultshopping.com/ => https://checkout.adultshopping.com/: (51, "SSL: no alternative certificate subject name matches target host name 'checkout.adultshopping.com'")
-Fetch error: http://affiliates.adultshopping.com/ => https://affiliates.adultshopping.com/: (51, "SSL: no alternative certificate subject name matches target host name 'affiliates.adultshopping.com'")
-Fetch error: http://secure.adultshopping.com/ => https://secure.adultshopping.com/: (51, "SSL: no alternative certificate subject name matches target host name 'secure.adultshopping.com'")
-Fetch error: http://store.adultshopping.com/ => https://checkout.adultshopping.com/: (51, "SSL: no alternative certificate subject name matches target host name 'checkout.adultshopping.com'")
-
-	For other CNV.com coverage, see cnv.com.xml.
-
-
-	Problematic hosts in *adultshopping.com:
-
-		- store ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
 		- admin.adultshopping.com
 		- affiliates.adultshopping.com
 		- checkout.adultshopping.com
 		- secure.adultshopping.com
-		- www.adultshopping.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com ˢ
-
-		- Images, on:
-
-			- admin, affiliates, checkout, secure from cnvassets.s3.amazonaws.com ˢ
-			- admin, affiliates, checkout, secure from d1o1wlqwda3y1b.cloudfront.net ˢ
-			- admin, affiliates, checkout, secure from d235bdyk0zpoq6.cloudfront.net ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+		- store.adultshopping.com
 -->
-<ruleset name="AdultShopping.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="AdultShopping.com (partial)">
 	<target host="adultshopping.com" />
-	<target host="admin.adultshopping.com" />
-	<target host="checkout.adultshopping.com" />
-	<target host="affiliates.adultshopping.com" />
-	<target host="secure.adultshopping.com" />
 	<target host="www.adultshopping.com" />
 
-	<!--	Complications:
-				-->
-	<target host="store.adultshopping.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:admin|affiliates|checkout|secure|www)\.adultshopping\.com$" name="^laravel_session$" /-->
-
-	<securecookie host="^\." name="^(?:optimizely|_gat?$|_gat_)" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	s? for protocol-relative redirects
-		from affiliates & secure:
-						-->
-	<rule from="^https?://store\.adultshopping\.com/"
-		to="https://checkout.adultshopping.com/" />
-
-		<test url="https://store.adultshopping.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AdultSwim.com.xml b/src/chrome/content/rules/AdultSwim.com.xml
new file mode 100644
index 000000000000..bfd793e8fd7c
--- /dev/null
+++ b/src/chrome/content/rules/AdultSwim.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mismatched:
+		- stats
+-->
+<ruleset name="AdultSwim.com">
+	<target host="adultswim.com" />
+	<target host="www.adultswim.com" />
+	<target host="as-embed-player.adultswim.com" />
+	<target host="bea4.adultswim.com" />
+	<target host="static.cdn.adultswim.com" />
+	<target host="dev.adultswim.com" />
+	<target host="games.adultswim.com" />
+	<target host="i.adultswim.com" />
+	<target host="press.adultswim.com" />
+	<target host="audience.qa.adultswim.com" />
+	<target host="signin.adultswim.com" />
+	<target host="staging.adultswim.com" />
+	<target host="sw1mpr355adm1n.adultswim.com" />
+	<target host="twitch.adultswim.com" />
+	<target host="api.twitch.adultswim.com" />
+	<target host="cdn.twitch.adultswim.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Advance_Digital.xml b/src/chrome/content/rules/Advance_Digital.xml
deleted file mode 100644
index d2bcec506d38..000000000000
--- a/src/chrome/content/rules/Advance_Digital.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-
--->
-<ruleset name="Advance Digital (partial)">
-
-	<target host="blog.advance.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Advantage-Business-Media.xml b/src/chrome/content/rules/Advantage-Business-Media.xml
deleted file mode 100644
index a04585026f44..000000000000
--- a/src/chrome/content/rules/Advantage-Business-Media.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Advantage Business Media">
-
-	<target host="advantagemedia.com" />
-	<target host="www.advantagemedia.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Advantage.xml b/src/chrome/content/rules/Advantage.xml
index 7221c0659ee7..2a93df353216 100644
--- a/src/chrome/content/rules/Advantage.xml
+++ b/src/chrome/content/rules/Advantage.xml
@@ -14,24 +14,22 @@ Fetch error: http://discountclick.com/ => https://www.advantageseoservices.com/:
 		- (www.)discontclick.com	(cert mismatch)
 
 -->
-<ruleset name="Advantage" default_off='failed ruleset test'>
+<ruleset name="Advantage" default_off="failed ruleset test">
 
 	<target host="advantageseoservices.com" />
 	<target host="www.advantageseoservices.com" />
 	<target host="discountclick.com" />
-	<target host="*.discountclick.com" />
+	<target host="www.discountclick.com" />
+	<target host="click.discountclick.com" />
 
 
 	<securecookie host="^click\.discountclick\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?advantageseoservices\.com/"
-		to="https://$1advantageseoservices.com/" />
 
 	<rule from="^http://(?:www\.)?discountclick\.com/"
 		to="https://www.advantageseoservices.com/" />
 
-	<rule from="^http://click\.discountclick\.com/"
-		to="https://click.discountclick.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Advel.xml b/src/chrome/content/rules/Advel.xml
index 8de956c7ac72..2984c17f36e3 100644
--- a/src/chrome/content/rules/Advel.xml
+++ b/src/chrome/content/rules/Advel.xml
@@ -1,9 +1,9 @@
 <ruleset name="Advel" default_off="self-signed">
 
 	<target host="advel.cz"/>
-	<target host="*.advel.cz"/>
+	<target host="www.advel.cz" />
 
-	<securecookie host="^(?:.*\.)?advel\.cz$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?advel\.cz/"
 		to="https://www.advel.cz/"/>
diff --git a/src/chrome/content/rules/Advent.com.xml b/src/chrome/content/rules/Advent.com.xml
index 8b4886c84bda..3d4ef8e22143 100644
--- a/src/chrome/content/rules/Advent.com.xml
+++ b/src/chrome/content/rules/Advent.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://start.advent.com/ => https://start.advent.com/: (6, 'Could n
 		- www.advent.com
 
 -->
-<ruleset name="Advent.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Advent.com (partial)" default_off="failed ruleset test">
 
 	<target host="advent.com" />
 	<target host="engage.advent.com" />
diff --git a/src/chrome/content/rules/AdventOfCode.com.xml b/src/chrome/content/rules/AdventOfCode.com.xml
index a58096b2c7cd..e14b1a7fbf76 100644
--- a/src/chrome/content/rules/AdventOfCode.com.xml
+++ b/src/chrome/content/rules/AdventOfCode.com.xml
@@ -4,5 +4,5 @@
 	<target host="www.adventofcode.com" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Advert_Stream.xml b/src/chrome/content/rules/Advert_Stream.xml
deleted file mode 100644
index fe0a5f5975b3..000000000000
--- a/src/chrome/content/rules/Advert_Stream.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- ad
-		- adaccess
-		- d
-
--->
-<ruleset name="Advert Stream (partial)">
-
-	<target host="*.advertstream.com" />
-
-
-	<securecookie host="^\.adaccess\.advertstream\.com$" name=".+" />
-
-
-	<rule from="^http://(a?d|adaccess)\.advertstream\.com/"
-		to="https://$1.advertstream.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Advertise.com.xml b/src/chrome/content/rules/Advertise.com.xml
index f8f6c33b81b0..2b713f21eff6 100644
--- a/src/chrome/content/rules/Advertise.com.xml
+++ b/src/chrome/content/rules/Advertise.com.xml
@@ -7,7 +7,8 @@
 -->
 <ruleset name="Advertise.com (partial)">
 
-	<target host="*.advertise.com" />
+	<target host="ad.advertise.com" />
+	<target host="admin.advertise.com" />
 
 
 	<securecookie host="^admin\.advertise\.com$" name=".+" />
@@ -16,7 +17,6 @@
 	<rule from="^http://ad\.advertise\.com/"
 		to="https://ad.rmxads.com/" />
 
-	<rule from="^http://admin\.advertise\.com/"
-		to="https://admin.advertise.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Advertisers-OpenX.com.xml b/src/chrome/content/rules/Advertisers-OpenX.com.xml
index ef907f7d7776..0b63c95498d3 100644
--- a/src/chrome/content/rules/Advertisers-OpenX.com.xml
+++ b/src/chrome/content/rules/Advertisers-OpenX.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://d3.advertisers-openx.com/ => https://d3.advertisers-openx.co
 	Web bugs.
 
 -->
-<ruleset name="advertisers-OpenX.com" default_off='failed ruleset test'>
+<ruleset name="advertisers-OpenX.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Advertising.com.xml b/src/chrome/content/rules/Advertising.com.xml
index a67a3a6389db..437a2074dd10 100644
--- a/src/chrome/content/rules/Advertising.com.xml
+++ b/src/chrome/content/rules/Advertising.com.xml
@@ -1,80 +1,215 @@
 <!--
 	For problematic rules, see Advertising.com-mismatches.xml.
-
-
 	For other AOL coverage, see AOL.xml.
 
-
-	Problematic subdomains:
-
-		- ace-tag *
-		- cte.ace.beta		(mismatched, CN: servedby.advertising.com)
-		- leadback *
-
-	* Cert only matches secure.foo
-
-
-	Fully covered subdomains:
-
-		- *.ace	(→ secure):
-
-			- beta
-			- cs
-			- cte
-			- p
-			- r1
-			- r1-ads
-			- r2
-			- secure
-			- sr-r3
-
-		- ace-tag		(→ secure.ace-tag)
-		- secure.ace-tag
-		- sync.adaptv
-		- leadback		(→ secure.leadback)
-		- secure.leadback
-		- servedby
-		- uac		(→ secure.uac)
-		- secure.uac
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .advertising.com
-		- .adaptv.advertising.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
+		Cert expired:
+			- jp.advertising.com
+
+		Cert mismatch:
+			- cmap.adt.ace.advertising.com
+			- cmap.am.ace.advertising.com
+			- cmap.an.ace.advertising.com
+			- extmap.an.ace.advertising.com
+			- cmap.at.ace.advertising.com
+			- r1.beta.ace.advertising.com
+			- an-imp.bid.ace.advertising.com
+			- imp.bid.ace.advertising.com
+			- cmap.dc.ace.advertising.com
+			- cmap.fb.ace.advertising.com
+			- cmap.ox.ace.advertising.com
+			- cmap.pub.ace.advertising.com
+			- cmap.rm.ace.advertising.com
+			- cmap.rub.ace.advertising.com
+			- extmap.rub.ace.advertising.com
+			- cmap.uac.ace.advertising.com
+			- ace-lb.advertising.com
+			- ace2.advertising.com
+			- adlearnop.advertising.com
+			- jp.adlearnop.advertising.com
+			- uk.adlearnop.advertising.com
+			- ags.beta.advertising.com
+			- dbs.advertising.com
+			- help.advertising.com
+			- helpcenter.advertising.com
+			- stage-secure.leadback.advertising.com
+			- sr.mads.advertising.com
+			- one.advertising.com
+			- oneapi-qa.advertising.com
+			- servedby1.advertising.com
+			- servedby2.advertising.com
+			- servedby3.advertising.com
+
+	Connection refused:
+			- advertising.com
+			- www.advertising.com
+			- beta.mobile.ace.advertising.com
+			- ads.mtc.ace.advertising.com
+			- ads.ntc.ace.advertising.com
+			- optout.adaptv.advertising.com
+			- adportal.advertising.com
+			- blog.advertising.com
+			- clients.advertising.com
+			- secure-leadback.asda.db.advertising.com
+			- secure-leadback.buycom.db.advertising.com
+			- secure-leadback.callme.db.advertising.com
+			- dbs.charter2.db.advertising.com
+			- leadback.daysinn.db.advertising.com
+			- secure-leadback.drugstore.db.advertising.com
+			- leadback.firstchoice.db.advertising.com
+			- secure-leadback.fossil.db.advertising.com
+			- dbs.hotelsjp.db.advertising.com
+			- leadback.hotelsjp.db.advertising.com
+			- leadback.hotwire.db.advertising.com
+			- dbs.ihg.db.advertising.com
+			- leadback.ihg.db.advertising.com
+			- secure-leadback.ihg.db.advertising.com
+			- leadback.ihg2.db.advertising.com
+			- leadback.jetsetter.db.advertising.com
+			- dbs.nestle2.db.advertising.com
+			- dbs.nestle3.db.advertising.com
+			- secure-leadback.pccity.db.advertising.com
+			- leadback.petmeds.db.advertising.com
+			- secure-leadback.petmeds.db.advertising.com
+			- secure-leadback.rumbo.db.advertising.com
+			- secure-leadback.stubhub.db.advertising.com
+			- leadback.ticketsnow.db.advertising.com
+			- secure-leadback.ticketsnow.db.advertising.com
+			- leadback.tmobile.db.advertising.com
+			- leadback.tradera.db.advertising.com
+			- secure-leadback.tradera.db.advertising.com
+			- dbs.transunionbt.db.advertising.com
+			- dbs.transuniongeo.db.advertising.com
+			- leadback.tui.db.advertising.com
+			- leadback.wellpack.db.advertising.com
+			- dbs.zipcar.db.advertising.com
+			- de.advertising.com
+			- www.de.advertising.com
+			- es.advertising.com
+			- email.advertising.com
+			- fr.advertising.com
+			- fi.advertising.com
+			- ftp.advertising.com
+			- inventory.advertising.com
+			- jobs.advertising.com
+			- mads.advertising.com
+			- admarvel.mads.advertising.com
+			- nexage.mads.advertising.com
+			- smaato.mads.advertising.com
+			- madseu.advertising.com
+			- msg.advertising.com
+			- nl.advertising.com
+			- no.advertising.com
+			- optout.advertising.com
+			- se.advertising.com
+			- storm.advertising.com
+			- software.advertising.com
+			- uk.advertising.com
+			- web.advertising.com
+			- wireless.advertising.com
+
+		Timeout:
+			- barracuda.advertising.com
+			- creative.advertising.com
+			- demo.advertising.com
+			- ns2.advertising.com
+
+		TLS errors:
+			dialup.advertising.com
+			mail.advertising.com
+			mailhost.advertising.com
+			meeting.advertising.com
+			owa.advertising.com
+			testvpn.advertising.com
+			vpn.advertising.com
+			vpn-backup.advertising.com
+			vpn2.advertising.com
+			webvpn.advertising.com
 
 -->
 <ruleset name="Advertising.com (partial)">
 
-	<!--	Direct rewrites:
-					-->
+	<target host="ace.advertising.com" />
+	<target host="adservingbase.ace.advertising.com" />
+	<target host="bannerfarm.ace.advertising.com" />
+	<target host="secure.bannerfarm.ace.advertising.com" />
+	<target host="conversion.ace.advertising.com" />
+	<target host="beta2.ace.advertising.com" />
+	<target host="cmap.ace.advertising.com" />
+	<target host="cs.ace.advertising.com" />
+	<target host="fb-clk.ace.advertising.com" />
+	<target host="p.ace.advertising.com" />
+	<target host="pxl.ace.advertising.com" />
+	<target host="adt.pxl.ace.advertising.com" />
+	<target host="an.pxl.ace.advertising.com" />
+	<target host="brx.pxl.ace.advertising.com" />
+	<target host="bsw.pxl.ace.advertising.com" />
+	<target host="cas.pxl.ace.advertising.com" />
+	<target host="dc.pxl.ace.advertising.com" />
+	<target host="li.pxl.ace.advertising.com" />
+	<target host="mobile.ace.advertising.com" />
+	<target host="mmex.pxl.ace.advertising.com" />
+	<target host="moat.pxl.ace.advertising.com" />
+	<target host="ox.pxl.ace.advertising.com" />
+	<target host="pub.pxl.ace.advertising.com" />
+	<target host="rm.pxl.ace.advertising.com" />
+	<target host="rmx.pxl.ace.advertising.com" />
+	<target host="rub.pxl.ace.advertising.com" />
+	<target host="triplelift.pxl.ace.advertising.com" />
+	<target host="r1.ace.advertising.com" />
+	<target host="sr-r3.ace.advertising.com" />
+	<target host="r1-ads.ace.advertising.com" />
+	<target host="r2.ace.advertising.com" />
+	<target host="secure.ace.advertising.com" />
+	<target host="secure.ace-lb.advertising.com" />
+	<target host="ace-tag.advertising.com" />
 	<target host="secure.ace-tag.advertising.com" />
+	<target host="ads.adaptv.advertising.com" />
+	<target host="ads-ap.adaptv.advertising.com" />
+	<target host="ads-eu.adaptv.advertising.com" />
+	<target host="ads-direct-wc.adaptv.advertising.com" />
+	<target host="ads-ec.adaptv.advertising.com" />
+	<target host="ads-test.adaptv.advertising.com" />
+	<target host="cdn.adaptv.advertising.com" />
+	<target host="conversions.adaptv.advertising.com" />
+	<target host="log.adaptv.advertising.com" />
+	<target host="ads-wc.adaptv.advertising.com" />
+	<target host="log-wc-b.adaptv.advertising.com" />
+	<target host="optout3.adaptv.advertising.com" />
+	<target host="segments.adaptv.advertising.com" />
 	<target host="sync.adaptv.advertising.com" />
+	<target host="video.adaptv.advertising.com" />
+	<target host="video-stage.adaptv.advertising.com" />
+	<target host="post.update.wtag.adaptv.advertising.com" />
+	<target host="s.update.wtag.adaptv.advertising.com" />
+	<target host="adserver.adtech.advertising.com" />
+	<target host="adserver-eu.adtech.advertising.com" />
+	<target host="adserver-us.adtech.advertising.com" />
+	<target host="hb-us.adtech.advertising.com" />
+	<target host="adserver-as.adtech.advertising.com" />
+	<target host="hb-as.adtech.advertising.com" />
+	<target host="eu.content.cmp.advertising.com" />
+	<target host="eu.event.cmp.advertising.com" />
+	<target host="us.content.cmp.advertising.com" />
+	<target host="us.event.cmp.advertising.com" />
+	<target host="services.cmp.advertising.com" />
+	<target host="dtm.advertising.com" />
+	<target host="getcoding.advertising.com" />
+	<target host="ingest.advertising.com" />
+	<target host="leadback.advertising.com" />
 	<target host="secure.leadback.advertising.com" />
-	<target host="secure.uac.advertising.com" />
+	<target host="mobileapi.advertising.com" />
+	<target host="tearsheet.onevideo.advertising.com" />
+	<target host="optout3.advertising.com" />
+	<target host="pixel.advertising.com" />
+	<target host="edge2.pixel.advertising.com" />
 	<target host="servedby.advertising.com" />
-
-	<!--	Special cases:
-				-->
-	<target host="ace.advertising.com" />
-	<target host="*.ace.advertising.com" />
-	<target host="ace-tag.advertising.com" />
-	<target host="leadback.advertising.com" />
+	<target host="smrtpxl.advertising.com" />
 	<target host="uac.advertising.com" />
+	<target host="secure.uac.advertising.com" />
+	<target host="origin.uac.advertising.com" />
+	<target host="vlibs.advertising.com" />
 
-		<test url="http://r1.ace.advertising.com/" />
-		<test url="http://r1-ads.ace.advertising.com/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.advertising\.com$" name="^^(ACID|ASCID|C2|GUID|LB)$" /-->
-	<!--securecookie host="^\.adaptv\.advertising\.com$" name="^rtbData0$" /-->
-
-	<securecookie host="^\.(?:adaptv\.)?advertising\.com$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:[\w-]+\.)?ace\.advertising\.com/"
 		to="https://secure.ace.advertising.com/" />
diff --git a/src/chrome/content/rules/Adverts.ie.xml b/src/chrome/content/rules/Adverts.ie.xml
index 391be57d3609..5bec2e2f5bd8 100644
--- a/src/chrome/content/rules/Adverts.ie.xml
+++ b/src/chrome/content/rules/Adverts.ie.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(c\d\.|www\.)?adverts\.ie/"
 		to="https://$1adverts.ie/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Advg.jp.xml b/src/chrome/content/rules/Advg.jp.xml
index ee96ed6738f7..0ff409cd1a0c 100644
--- a/src/chrome/content/rules/Advg.jp.xml
+++ b/src/chrome/content/rules/Advg.jp.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Adview.pl.xml b/src/chrome/content/rules/Adview.pl.xml
index cc4272be12af..660d5c914d17 100644
--- a/src/chrome/content/rules/Adview.pl.xml
+++ b/src/chrome/content/rules/Adview.pl.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.adview.pl/ => https://adview.pl/: (60, 'SSL certificate
 		- .adview.pl
 
 -->
-<ruleset name="adview.pl" default_off='failed ruleset test'>
+<ruleset name="adview.pl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Adviva.net.xml b/src/chrome/content/rules/Adviva.net.xml
deleted file mode 100644
index 1d8ab0b928ce..000000000000
--- a/src/chrome/content/rules/Adviva.net.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Specific Media coverage, see Specific-Media.xml.
-
-
-	Problematic hosts in *adviva.net
-
-		- smdd *
-
-	* Mismatched
-
-
-	(www.)?adviva.net doesn't exist.
-
--->
-<ruleset name="Adviva.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secure.adviva.net" />
-
-	<!--	Complications:
-				-->
-	<target host="smdd.adviva.net" />
-
-
-	<rule from="^http://smdd\.adviva\.net/"
-		to="https://secure.adviva.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AdvocateAndDemocrat.com.xml b/src/chrome/content/rules/AdvocateAndDemocrat.com.xml
new file mode 100644
index 000000000000..30b5bc1c6e5b
--- /dev/null
+++ b/src/chrome/content/rules/AdvocateAndDemocrat.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="AdvocateAndDemocrat.com">
+	<target host="advocateanddemocrat.com" />
+	<target host="www.advocateanddemocrat.com" />
+	<target host="m.advocateanddemocrat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Advocates_for_Youth.xml b/src/chrome/content/rules/Advocates_for_Youth.xml
index 439493f63f50..3d701b2342f4 100644
--- a/src/chrome/content/rules/Advocates_for_Youth.xml
+++ b/src/chrome/content/rules/Advocates_for_Youth.xml
@@ -11,13 +11,13 @@
 -->
 <ruleset name="Advocates for Youth (partial)">
 
-	<target host="*.advocatesforyouth.org" />
+	<target host="secure.advocatesforyouth.org" />
+	<target host="shop.advocatesforyouth.org" />
 
 
 	<securecookie host="^\.?s(?:ecure|hop)\.advocatesforyouth\.org$" name=".+" />
 
 
-	<rule from="^http://s(ecure|hop)\.advocatesforyouth\.org/"
-		to="https://s$1.advocatesforyouth.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Advolution.de.xml b/src/chrome/content/rules/Advolution.de.xml
index dba1eb1d64fa..c38fbc1de739 100644
--- a/src/chrome/content/rules/Advolution.de.xml
+++ b/src/chrome/content/rules/Advolution.de.xml
@@ -1,12 +1,9 @@
 <ruleset name="advolution.de">
 
-	<target host="*.advolution.de" />
+	<target host="asn.advolution.de" />
 
 
-	<securecookie host="^\.advolution\.de$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://asn\.advolution\.de/"
-		to="https://asn.advolution.de/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AdyAdvantage.com.xml b/src/chrome/content/rules/AdyAdvantage.com.xml
new file mode 100644
index 000000000000..52129882ef84
--- /dev/null
+++ b/src/chrome/content/rules/AdyAdvantage.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AdyAdvantage.com">
+	<target host="adyadvantage.com" />
+	<target host="www.adyadvantage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ady_Advantage.com-falsemixed.xml b/src/chrome/content/rules/Ady_Advantage.com-falsemixed.xml
deleted file mode 100644
index 9437f7cd0f4e..000000000000
--- a/src/chrome/content/rules/Ady_Advantage.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Ady_Advantage.xml
-
--->
-<ruleset name="Ady Advantage.com (false MCB)" platform="mixedcontent">
-
-	<target host="adyadvantage.com" />
-	<target host="www.adyadvantage.com" />
-
-
-	<!--	Server doesn't set Secure for:
-						-->
-	<securecookie host="^(?:w*\.)?adyadvantage\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ady_Advantage.com.xml b/src/chrome/content/rules/Ady_Advantage.com.xml
deleted file mode 100644
index ce135dba7d5d..000000000000
--- a/src/chrome/content/rules/Ady_Advantage.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Ady_Advantage.com-falsemixed.xml.
-
--->
-<ruleset name="Ady Advantage.com (partial)">
-
-	<target host="adyadvantage.com" />
-	<target host="www.adyadvantage.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?adyadvantage.com/+($|\?)" /-->
-		<!--exclusion pattern="^http://(www\.)?adyadvantage.com/+(favicon\.ico|sites/|wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://(www\.)?adyadvantage\.com/(?=favicon\.ico|sites/|wp-content/|wp-includes/)/"
-		to="https://$1adyadvantage.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Adyen.com.xml b/src/chrome/content/rules/Adyen.com.xml
new file mode 100644
index 000000000000..b40eae7232db
--- /dev/null
+++ b/src/chrome/content/rules/Adyen.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional subdomains:
+		- $host		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Adyen">
+
+	<target host="adyen.com" />
+	<target host="www.adyen.com" />
+	<target host="ca-live.adyen.com" />
+	<target host="ca-test.adyen.com" />
+	<target host="checkoutshopper-test.adyen.com" />
+	<target host="demos.adyen.com" />
+	<target host="docs.adyen.com" />
+	<target host="live.adyen.com" />
+	<target host="mattermost.adyen.com" />
+	<target host="pal-live.adyen.com" />
+	<target host="pal-test.adyen.com" />
+	<target host="support.adyen.com" />
+	<target host="test.adyen.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://adyen\.com/"
+		to="https://www.adyen.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Adzerk.net.xml b/src/chrome/content/rules/Adzerk.net.xml
index 69b92f187ccb..c7c3c20e23aa 100644
--- a/src/chrome/content/rules/Adzerk.net.xml
+++ b/src/chrome/content/rules/Adzerk.net.xml
@@ -31,7 +31,7 @@ Fetch error: http://secure.adzerk.net/ => https://secure.adzerk.net/: (51, "SSL:
 		- .adzerk.net
 
 -->
-<ruleset name="Adzerk.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Adzerk.net (partial)" default_off="failed ruleset test">
 
 	<target host="engine.adzerk.net" />
 	<target host="secure.adzerk.net" />
diff --git a/src/chrome/content/rules/Adzip.co.xml b/src/chrome/content/rules/Adzip.co.xml
index 80f481fa1763..99275da119eb 100644
--- a/src/chrome/content/rules/Adzip.co.xml
+++ b/src/chrome/content/rules/Adzip.co.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aea.se.xml b/src/chrome/content/rules/Aea.se.xml
index 8eca222a74bd..22055f6433ea 100644
--- a/src/chrome/content/rules/Aea.se.xml
+++ b/src/chrome/content/rules/Aea.se.xml
@@ -1,6 +1,9 @@
-<ruleset name="Aea.se" platform="mixedcontent">
-  <target host="www.aea.se" />
-  <target host="aea.se" />
-  <rule from="^http:" to="https:" />
-</ruleset>
+<ruleset name="Aea.se">
+	<target host="aea.se" />
+	<target host="www.aea.se" />
+	<target host="aeaintrade.aea.se" />
+	<target host="aeauttrade.aea.se" />
+	<target host="formularforbund.aea.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aereo.com-problematic.xml b/src/chrome/content/rules/Aereo.com-problematic.xml
index 039db40f0dfd..348c2934f05c 100644
--- a/src/chrome/content/rules/Aereo.com-problematic.xml
+++ b/src/chrome/content/rules/Aereo.com-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aereo.com.xml b/src/chrome/content/rules/Aereo.com.xml
index 8eb8239a9e30..c7b9a7ea9376 100644
--- a/src/chrome/content/rules/Aereo.com.xml
+++ b/src/chrome/content/rules/Aereo.com.xml
@@ -27,10 +27,11 @@ Fetch error: http://aereo.com/ => https://aereo.com/: (6, 'Could not resolve hos
 		- blog		(works; expired 2013-04-08; mismatched, CN: *.bamboom.com)
 
 -->
-<ruleset name="Aereo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Aereo.com (partial)" default_off="failed ruleset test">
 
 	<target host="aereo.com" />
-	<target host="*.aereo.com" />
+	<target host="www.aereo.com" />
+	<target host="support.aereo.com" />
 
 
 	<securecookie host="^\.aereo\.com$" name=".+" />
@@ -42,4 +43,4 @@ Fetch error: http://aereo.com/ => https://aereo.com/: (6, 'Could not resolve hos
 	<rule from="^http://support\.aereo\.com/favicon\.ico"
 		to="https://d3jyn100am7dxp.cloudfront.net/favicon.ico" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aeriagames.xml b/src/chrome/content/rules/Aeriagames.xml
index 64bd2e13e3c9..c6b659c61b25 100644
--- a/src/chrome/content/rules/Aeriagames.xml
+++ b/src/chrome/content/rules/Aeriagames.xml
@@ -1,37 +1,16 @@
 <!--
-	CDN buckets:
-
-		- wildcard.aeriastatic.com.edgekey.net
-
-			- c.aeriastatic.com
-
-		- static.aeriagames.com.edgesuite.net
-
-			- s.aeriastatic.com
-
-
-	Problematic domains:
-
-		- s.aeriastatic.com	(works, akamai)
+	CDN buckets
 
+		Updated CDN
+			- cms-content.s.aeriastatic.co
 -->
 <ruleset name="Aeriagames">
-<target host="www.aeriagames.com" />
-<target host="aeriagames.com" />
-	<target host="*.aeriastatic.com" />
-
-<rule from="^http://(?:www\.)?aeriagames\.com/" to="https://www.aeriagames.com/"/>
-
-	<rule from="^http://c\.aeriastatic\.com/"
-		to="https://c.aeriastatic.com/" />
-
-	<!--	We must rewrite from https://s to c due to protocol-relative
-		links on www.aeriagames.com:
-
-			- https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001650.html
-			- https://bugzilla.mozilla.org/show_bug.cgi?id=879072#c1
-							-->
-	<rule from="^https?://s\.aeriastatic\.com/"
-		to="https://c.aeriastatic.com/" />
-
+	<target host="www.aeriagames.com" />
+	<target host="aeriagames.com" />
+	<target host="c.aeriastatic.com" />
+		<test url="http://c.aeriastatic.com/modules/js/AG/version1/assets/signupVerifier.css" />
+	<target host="cms-content.s.aeriastatic.com" />
+		<test url="http://cms-content.s.aeriastatic.com/82de179009b2505fcc419f60f4d98ab7/files/aurakingdom/image/F/Featured_Shinobi.jpg" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AeroFS.xml b/src/chrome/content/rules/AeroFS.xml
index e1d43464e20e..d21d9aa81eff 100644
--- a/src/chrome/content/rules/AeroFS.xml
+++ b/src/chrome/content/rules/AeroFS.xml
@@ -19,7 +19,7 @@ Fetch error: http://my.aerofs.com/ => https://my.aerofs.com/: (6, 'Could not res
 		- support
 
 -->
-<ruleset name="AeroFS.com" default_off='failed ruleset test'>
+<ruleset name="AeroFS.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Aeroports_de_Montreal.xml b/src/chrome/content/rules/Aeroports_de_Montreal.xml
index 0489908a43bd..2853d7f13962 100644
--- a/src/chrome/content/rules/Aeroports_de_Montreal.xml
+++ b/src/chrome/content/rules/Aeroports_de_Montreal.xml
@@ -1,17 +1,26 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://admtl.com/ => https://www.admtl.com/: (60, 'SSL certificate problem: certificate has expired')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://admtl.com/ => https://www.admtl.com/: (60, 'SSL certificate problem: certificate has expired')
+	SSL error:
+		admnet.admtl.com
+	Unable to get local issuer certificate:
+		developpementdurable.admtl.com
+		eservice.admtl.com
+		office365.admtl.com
+		sustainability.admtl.com
 -->
-<ruleset name="Aéroports de Montréal" default_off='failed ruleset test'>
+<ruleset name="Aéroports de Montréal" >
     <target host="admtl.com" />
-    <target host="*.admtl.com" />
+	<target host="www.admtl.com" />
+	<target host="autodiscover.admtl.com" />
+	<target host="bap.admtl.com" />
+	<target host="cdn.admtl.com" />
+	<target host="extranet.admtl.com" />
+	<target host="mail.admtl.com" />
+	<target host="mgmt.admtl.com" />
+	<target host="sftp.admtl.com" />
+	<target host="stationnement.admtl.com" />
+	<target host="yulsatisfaction.admtl.com" />
+
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^http://admtl\.com/"
-        to="https://www.admtl.com/"/>
-    <rule from="^http://([^/:@]+)?\.admtl\.com/"
-        to="https://$1.admtl.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Aeryon_Labs.xml b/src/chrome/content/rules/Aeryon_Labs.xml
index 5da41b0c1baf..f6f76a1bb172 100644
--- a/src/chrome/content/rules/Aeryon_Labs.xml
+++ b/src/chrome/content/rules/Aeryon_Labs.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AetherFlyff.com.xml b/src/chrome/content/rules/AetherFlyff.com.xml
index 599e02308748..dc48c306c40b 100644
--- a/src/chrome/content/rules/AetherFlyff.com.xml
+++ b/src/chrome/content/rules/AetherFlyff.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://basilisk.aetherflyff.com/ => https://basilisk.aetherflyff.co
 Fetch error: http://www.aetherflyff.com/ => https://www.aetherflyff.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Aether Flyff.com" default_off='failed ruleset test'>
+<ruleset name="Aether Flyff.com" default_off="failed ruleset test">
 
 	<target host="aetherflyff.com" />
 	<target host="basilisk.aetherflyff.com" />
diff --git a/src/chrome/content/rules/AffUtd.com.xml b/src/chrome/content/rules/AffUtd.com.xml
index c26dc9c20d2e..a86bcebbcec9 100644
--- a/src/chrome/content/rules/AffUtd.com.xml
+++ b/src/chrome/content/rules/AffUtd.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.affutd.com/ => https://www.affutd.com/: (60, 'SSL certif
 	For other William Hill coverage, see William-Hill.xml.
 
 -->
-<ruleset name="AffUtd.com" default_off='failed ruleset test'>
+<ruleset name="AffUtd.com" default_off="failed ruleset test">
 
 	<target host="affutd.com" />
 	<target host="www.affutd.com" />
@@ -26,4 +26,4 @@ Fetch error: http://www.affutd.com/ => https://www.affutd.com/: (60, 'SSL certif
 	<rule from="^http://(?:www\.)?affutd\.com/"
 		to="https://www.affutd.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Affili.net.xml b/src/chrome/content/rules/Affili.net.xml
index 0184b85bf2d9..959b1ed8ba3a 100644
--- a/src/chrome/content/rules/Affili.net.xml
+++ b/src/chrome/content/rules/Affili.net.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://(?:www\.)?affili\.de/"
 		to="https://www.affili.net/de/"/>
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Afiestas.org.xml b/src/chrome/content/rules/Afiestas.org.xml
index d9f87acf1c47..78b027e9adb2 100644
--- a/src/chrome/content/rules/Afiestas.org.xml
+++ b/src/chrome/content/rules/Afiestas.org.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.afiestas.org/ => https://www.afiestas.org/: (51, "SSL: n
 	* Secured by us
 
 -->
-<ruleset name="Afiestas.org" default_off='failed ruleset test'>
+<ruleset name="Afiestas.org" default_off="failed ruleset test">
 
 	<target host="afiestas.org" />
 	<target host="www.afiestas.org" />
diff --git a/src/chrome/content/rules/Afilias.xml b/src/chrome/content/rules/Afilias.xml
index dd38688c3e94..98f2daf97011 100644
--- a/src/chrome/content/rules/Afilias.xml
+++ b/src/chrome/content/rules/Afilias.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/African-Network-Information-Center.xml b/src/chrome/content/rules/African-Network-Information-Center.xml
index 414cdf0627a7..0ecb53440062 100644
--- a/src/chrome/content/rules/African-Network-Information-Center.xml
+++ b/src/chrome/content/rules/African-Network-Information-Center.xml
@@ -1,14 +1,10 @@
-<ruleset name="African Network Information Center" platform="mixedcontent">
-
+<ruleset name="African Network Information Center">
 	<target host="afrinic.net" />
-	<target host="*.afrinic.net" />
-	<!--	* for cross-domain cookie.	-->
-
-
-	<securecookie host="^(?:.*\.)?afrinic\.net$" name=".+" />
-
+	<target host="www.afrinic.net" />
+	<target host="meeting.afrinic.net" />
+	<target host="my.afrinic.net" />
 
-	<rule from="^http://((?:meeting|my|www2?)\.)?afrinic\.net/"
-		to="https://$1afrinic.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/African_Grey_Parrot_Centre.xml b/src/chrome/content/rules/African_Grey_Parrot_Centre.xml
index 5a19ce2c7a2b..8d66ca630d65 100644
--- a/src/chrome/content/rules/African_Grey_Parrot_Centre.xml
+++ b/src/chrome/content/rules/African_Grey_Parrot_Centre.xml
@@ -5,7 +5,7 @@ Fetch error: http://africangreyparrotcentre.co.uk/ => https://africangreyparrotc
 Fetch error: http://www.africangreyparrotcentre.co.uk/ => https://www.africangreyparrotcentre.co.uk/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="African Grey Parrot Centre" default_off='failed ruleset test'>
+<ruleset name="African Grey Parrot Centre" default_off="failed ruleset test">
 
 	<target host="africangreyparrotcentre.co.uk" />
 	<target host="www.africangreyparrotcentre.co.uk" />
@@ -16,4 +16,4 @@ Fetch error: http://www.africangreyparrotcentre.co.uk/ => https://www.africangre
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aftenbladet.no.xml b/src/chrome/content/rules/Aftenbladet.no.xml
new file mode 100644
index 000000000000..a164f7587fa4
--- /dev/null
+++ b/src/chrome/content/rules/Aftenbladet.no.xml
@@ -0,0 +1,95 @@
+<!--
+	Cert expired:
+		- lisa1.aftenbladet.no
+		- mm1.aftenbladet.no
+		- mm2.aftenbladet.no
+		- multimedia1.aftenbladet.no
+		- sommer.aftenbladet.no
+
+	Cert mismatch:
+		- arkiv.aftenbladet.no
+		- bil.aftenbladet.no
+		- m.atorget.aftenbladet.no
+		- fotball.aftenbladet.no
+		- godetilbud.aftenbladet.no
+		- widget.godetilbud.aftenbladet.no
+		- quiz.i.aftenbladet.no
+		- helios.aftenbladet.no
+		- konkurranse.aftenbladet.no
+		- iphone.aftenbladet.no
+		- kundesenter.aftenbladet.no
+		- kundeservice.aftenbladet.no
+		- leserpanel.aftenbladet.no
+		- livestudio.aftenbladet.no
+		- marked.aftenbladet.no
+		- mat.aftenbladet.no
+		- mediahash3.aftenbladet.no
+		- mobile.aftenbladet.no
+		- mobilehelios.aftenbladet.no
+		- respons.aftenbladet.no
+		- reise.aftenbladet.no
+		- skatt.aftenbladet.no
+		- vip.aftenbladet.no
+		- web3.aftenbladet.no
+		- wap.aftenbladet.no
+
+	Redirect to plain:
+		- live.aftenbladet.no
+
+	Self-signed cert:
+		- 2017.aftenbladet.no
+
+	Timeout:
+		- adportal.aftenbladet.no
+		- annonse1.aftenbladet.no
+		- adventskalender.aftenbladet.no
+		- blogg.aftenbladet.no
+		- ftp.aftenbladet.no
+
+	Redirects to an non existing host:
+		- m.aftenbladet.no  has a permanent redirect to www.m.aftenbladet.no , which does not resolve
+-->
+<ruleset name="AftenBladet.no">
+
+	<target host="aftenbladet.no" />
+	<target host="www.aftenbladet.no" />
+
+	<target host="a.aftenbladet.no" />
+	<target host="annonse.aftenbladet.no" />
+	<target host="atorget.aftenbladet.no" />
+	<target host="cache1.aftenbladet.no" />
+	<target host="cache2.aftenbladet.no" />
+	<target host="cache3.aftenbladet.no" />
+	<target host="cache4.aftenbladet.no" />
+	<target host="cis.aftenbladet.no" />
+	<target host="detskjer.aftenbladet.no" />
+	<target host="www.detskjer.aftenbladet.no" />
+	<target host="api.detskjer.aftenbladet.no" />
+	<target host="red.detskjer.aftenbladet.no" />
+	<target host="dinmat.aftenbladet.no" />
+	<target host="fast.aftenbladet.no" />
+	<target host="go.aftenbladet.no" />
+	<target host="hvaskjer.aftenbladet.no" />
+	<target host="www.hvaskjer.aftenbladet.no" />
+	<target host="api.hvaskjer.aftenbladet.no" />
+	<target host="red.hvaskjer.aftenbladet.no" />
+	<target host="static.hvaskjer.aftenbladet.no" />
+	<target host="i.aftenbladet.no" />
+	<target host="mm.i.aftenbladet.no" />
+	<target host="kraft.aftenbladet.no" />
+	<target host="kundeportal.aftenbladet.no" />
+	<target host="kundeweb.aftenbladet.no" />
+	<target host="kundewebtest.aftenbladet.no" />
+	<target host="lisa.aftenbladet.no" />
+	<target host="lisacache.aftenbladet.no" />
+	<target host="mm.aftenbladet.no" />
+	<target host="multimedia.aftenbladet.no" />
+	<target host="salg.aftenbladet.no" />
+	<target host="test.salg.aftenbladet.no" />
+	<target host="sport.aftenbladet.no" />
+	<target host="stream.aftenbladet.no" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aftenposten.no-falsemixed.xml b/src/chrome/content/rules/Aftenposten.no-falsemixed.xml
deleted file mode 100644
index fee082feb8e3..000000000000
--- a/src/chrome/content/rules/Aftenposten.no-falsemixed.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Aftenposten.xml.
-
--->
-<ruleset name="Aftenposten.no (false MCB)" platform="mixedcontent">
-
-        <target host="aftenposten.no" />
-        <target host="www.aftenposten.no" />
-
-
-	<rule from="^http://(?:www\.)?aftenposten\.no/(?=nyheter(?:$|[?/]))"
-		to="https://www.aftenposten.no/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Aftenposten.xml b/src/chrome/content/rules/Aftenposten.xml
index d9ade956cfd3..4c75de46f2f9 100644
--- a/src/chrome/content/rules/Aftenposten.xml
+++ b/src/chrome/content/rules/Aftenposten.xml
@@ -1,123 +1,28 @@
 <!--
-	For rules causing false/broken MCB, see Aftenposten.no-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- bedrift ¹
-		- papp2 ²
-		- sport ¹
-
-	¹ Dropped
-	² Revoked
-
-
-	Problematic subdomains:
-
-		- (www.)? ¹
-		- atorget ²
-		- bedriftfiles ³
-		- bil ²
-		- godetilbud ²
-		- kundeservice ⁴
-		- leserpanel ⁵
-		- ocacache ²
-		- reise ²
-		- rubrikkcache ²
-
-		- ap.mnocdn.no ²
-
-	¹ Mixed css
-	² Mismatched, CN: www.aftenposten.no
-	³ Self-signed; mismatched, CN: hotelladmin.aftenposten.no
-	⁴ Revoked
-	⁵ Mismatched, CN: hotellweb1.schibsted-it.no
-
-
-	Partially covered subdomains:
-
-		- (www.)?		(^ → www)
-		- kundeservice		(→ a)
-
-
-	Fully covered subdomains:
-
-		- a
-		- kundesenter
-		- kundeweb
-		- onlinesos
-
-
-	Insecure cookies are set for these domains:
-
-		- kundesenter.aftenposten.no
-		- www.aftenposten.no
-
-
-	Mixed content:
-
-		- css on www from $self ¹
-
-		- Images, on:
-
-			- leserpanel from $self ²
-			- www from $self ¹
-			- www from www.bt.no ¹
-			- www from ap.mnocdn.no ¹
-
-		- favicon on www from $self ¹
-
-		- Bugs on www from ocacache.medianorge.no ³
-
-	¹ Secured by us
-	² Not secured by us <= mismatched
-	³ Unsecurable
-
+	Mismatched:
+		- leserpanel
+		- sport
 -->
 <ruleset name="Aftenposten (partial)">
-
-        <target host="aftenposten.no" />
-        <target host="*.aftenposten.no" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.aftenposten\.no/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www\.aftenposten\.no/(?!nyheter($|[?/]))" /-->
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://www\.aftenposten\.no/+(?!.+\.(?:css|gif|jpg|png)(?:$|\?)|\?service=css|favicon\.ico|skins/)" />
-	<target host="ap.mnocdn.no" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^kundesenter\.aftenposten\.no$" name="^_wp_session$" /-->
-	<!--securecookie host="^www\.aftenposten\.no$" name="^(VPW_Quota_\d+|VPW_QuotaInfo_\d+)$" /-->
-
-	<!--securecookie host="^\.aftenposten\.no$" name="^environment$" /-->
-	<securecookie host="^(?:a|kundesenter|kundeweb|onlinesos)\.aftenposten\.no$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aftenposten\.no/"
-		to="https://www.aftenposten.no/" />
-
-	<rule from="^http://kundeservice\.aftenposten\.no/(?=$|\?.*)"
-		to="https://a.aftenposten.no/kundeservice/" />
-
-	<rule from="^http://(a|kundesenter|kundeweb|onlinesos)\.aftenposten\.no/"
-		to="https://$1.aftenposten.no/" />
-
-	<!--	The following rule will generate SSL warnings by default
-		because the cert is only valid for www.aftenposten.no.
-									-->
-	<!--rule from="^http://(lisacache|media|oslopuls)\.aftenposten\.no/"
-		to="https://$1.aftenposten.no/" /-->
-
-	<rule from="^http://ap\.mnocdn\.no/"
-		to="https://www.aftenposten.no/" />
-
+	<target host="aftenposten.no" />
+	<target host="www.aftenposten.no" />
+	<target host="bedrift.aftenposten.no" />
+	<target host="bil.aftenposten.no" />
+	<target host="kundesenter.aftenposten.no" />
+	<target host="kundeportal.aftenposten.no" />
+	<target host="kundeweb.aftenposten.no" />
+	<target host="lisacache.aftenposten.no" />
+	<target host="media.aftenposten.no" />
+	<target host="onlinesos.aftenposten.no" />
+	<target host="oslopuls.aftenposten.no" />
+	<target host="reise.aftenposten.no" />
+	<target host="rubrikkcache.aftenposten.no" />
+	<target host="sport.aftenposten.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://sport\.aftenposten\.no/.*" to="https://www.aftenposten.no/100Sport/" />
+	<test url="http://sport.aftenposten.no/index.html" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Afterdawn.com.xml b/src/chrome/content/rules/Afterdawn.com.xml
new file mode 100644
index 000000000000..d3080c2c1b62
--- /dev/null
+++ b/src/chrome/content/rules/Afterdawn.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.afterdawn.com:
+
+		- feeds (n)
+		- fin.lw (m)
+
+	h: http redirect
+	m: certificate mismatch
+	n: no peer certificate
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Afterdawn.com">
+	<target host="afterdawn.com" />
+	<target host="www.afterdawn.com" />
+	<target host="es.afterdawn.com" />
+	<target host="fin.afterdawn.com" />
+	<target host="forums.afterdawn.com" />
+	<target host="keskustelu.afterdawn.com" />
+	<target host="login.afterdawn.com" />
+	<target host="m.afterdawn.com" />
+	<target host="nl.afterdawn.com" />
+	<target host="no.afterdawn.com" />
+	<target host="rss.afterdawn.com" />
+	<target host="sv.afterdawn.com" />
+
+	<rule from="^http://afterdawn\.com/" to="https://www.afterdawn.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afterpay.co.nz.xml b/src/chrome/content/rules/Afterpay.co.nz.xml
new file mode 100644
index 000000000000..92a38fa1bd1b
--- /dev/null
+++ b/src/chrome/content/rules/Afterpay.co.nz.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Afterpay coverage, see Afterpay.com.xml
+-->
+<ruleset name="Afterpay.co.nz">
+
+	<target host="afterpay.co.nz" />
+	<target host="www.afterpay.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afterpay.com.au.xml b/src/chrome/content/rules/Afterpay.com.au.xml
new file mode 100644
index 000000000000..8ae9dfead234
--- /dev/null
+++ b/src/chrome/content/rules/Afterpay.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Afterpay coverage, see Afterpay.com.xml
+-->
+<ruleset name="Afterpay.com.au">
+
+	<target host="afterpay.com.au" />
+	<target host="www.afterpay.com.au" />
+	<target host="docs.afterpay.com.au" />
+	<target host="shop.afterpay.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Afton_Trial_Run.xml b/src/chrome/content/rules/Afton_Trial_Run.xml
index 2f55ae5d34a2..3759c1aca8e9 100644
--- a/src/chrome/content/rules/Afton_Trial_Run.xml
+++ b/src/chrome/content/rules/Afton_Trial_Run.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aftonbladet.xml b/src/chrome/content/rules/Aftonbladet.xml
index ad9e5822c6e5..f8e087d298a6 100644
--- a/src/chrome/content/rules/Aftonbladet.xml
+++ b/src/chrome/content/rules/Aftonbladet.xml
@@ -1,89 +1,51 @@
 <!--
-
 	Other Aftonbladet rulesets:
 
 		- Aftonbladet-CDN.se.xml
 
-
 	Problematic domains:
 
-		- aftonbladet.se		(cert only matches www)
-		- hemma.aftonbladet.se ¹
 		- metrics.aftonbladet.se ¹
 
 	¹ Mismatched
 
 
-	Partially covered domains:
-
-		- bloggar.aftonbladet.se *
-
-	* Some paths redirect to http
-
-
 	Fully covered domains:
 
 		- aftonbladet.se subdomains:
 
 			- (www.)?	(^ → www)
-			- ads
 			- metrics	(→ smetrics.aftonbladet.se)
 			- smetrics
 
-
 	Insecure cookies are set for these hosts:
 
 		- ads.aftonbladet.se
 
 -->
+
 <ruleset name="Aftonbladet.se (partial)">
 
-	<!--	Direct rewrites:
-				-->
+	<!--	Direct rewrites: -->
+
+	<target host="aftonbladet.se" />
+	<target host="www.aftonbladet.se" />
 	<target host="bloggar.aftonbladet.se" />
-	<target host="ads.aftonbladet.se" />
 	<target host="login.aftonbladet.se" />
 	<target host="smetrics.aftonbladet.se" />
-	<target host="www.aftonbladet.se" />
-
-	<!--	Special cases:
-				-->
-	<target host="aftonbladet.se" />
-	<target host="metrics.aftonbladet.se" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://bloggar\.aftonbladet\.se/($|\w+/files/)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://bloggar\.aftonbladet\.se/+(?!wp-content/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://bloggar.aftonbladet.se/aosbloggen" />
-			<test url="http://bloggar.aftonbladet.se/granskning" />
-			<test url="http://bloggar.aftonbladet.se/letsdance" />
+	<target host="granskning.aftonbladet.se" />
+	<target host="hemma.aftonbladet.se" />
+	<target host="myhome.aftonbladet.se" />
 
-			<!--	-ve:
-					-->
-			<test url="http://bloggar.aftonbladet.se/wp-content/themes/ab_startpage/css/style.css" />
+	<!--	Special cases: -->
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^ads\.aftonbladet\.se$" name="^(eas_geo|eas_uid)$" /-->
+	<target host="metrics.aftonbladet.se" />
 
 	<securecookie host="^(?:ads|\.smetrics)\.aftonbladet\.se$" name=".+" />
 
-
-	<rule from="^http://aftonbladet\.se/"
-		to="https://www.aftonbladet.se/" />
-
 	<rule from="^http://metrics\.aftonbladet\.se/"
 		to="https://smetrics.aftonbladet.se/" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Afx.ms.xml b/src/chrome/content/rules/Afx.ms.xml
index bb451b67e995..70567b73952c 100644
--- a/src/chrome/content/rules/Afx.ms.xml
+++ b/src/chrome/content/rules/Afx.ms.xml
@@ -18,7 +18,7 @@ Fetch error: http://bay176.afx.ms/ => https://bay176.afx.ms/: (6, 'Could not res
 			- dub12[0-4]
 
 -->
-<ruleset name="afx.ms" default_off='failed ruleset test'>
+<ruleset name="afx.ms" default_off="failed ruleset test">
 
 	<target host="*.afx.ms" />
 
diff --git a/src/chrome/content/rules/Agari.xml b/src/chrome/content/rules/Agari.xml
index 11b55e8fdc25..595a69a75de4 100644
--- a/src/chrome/content/rules/Agari.xml
+++ b/src/chrome/content/rules/Agari.xml
@@ -9,7 +9,9 @@ Fetch error: http://agari.com/ => https://agari.com/: (51, "SSL: no alternative
 <ruleset name="Agari">
 
 	<target host="agari.com" />
-	<target host="*.agari.com" />
+	<target host="app.agari.com" />
+	<target host="www.agari.com" />
+	<target host="dev.agari.com" />
 
 
 	<securecookie host="^(?:w*\.)?agari\.com$" name=".+" />
@@ -21,4 +23,4 @@ Fetch error: http://agari.com/ => https://agari.com/: (51, "SSL: no alternative
 	<rule from="^http://dev\.agari\.com/wp-content/"
 		to="https://agari.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Agariomods.com.xml b/src/chrome/content/rules/Agariomods.com.xml
index 2b577edaaadb..61c2d24bed25 100644
--- a/src/chrome/content/rules/Agariomods.com.xml
+++ b/src/chrome/content/rules/Agariomods.com.xml
@@ -12,8 +12,8 @@
 
 	<target host="connect.agariomods.com" />
 	<target host="skins.agariomods.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>	
+</ruleset>
diff --git a/src/chrome/content/rules/Age_of_Mine.com.xml b/src/chrome/content/rules/Age_of_Mine.com.xml
index 5377d6022863..35675863aff4 100644
--- a/src/chrome/content/rules/Age_of_Mine.com.xml
+++ b/src/chrome/content/rules/Age_of_Mine.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://ageofmine.com/ => https://ageofmine.com/: (28, 'Operation ti
 Fetch error: http://www.ageofmine.com/ => https://www.ageofmine.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Age of Mine.com" default_off='failed ruleset test'>
+<ruleset name="Age of Mine.com" default_off="failed ruleset test">
 
 	<target host="ageofmine.com" />
 	<target host="www.ageofmine.com" />
diff --git a/src/chrome/content/rules/Agentbot.net.xml b/src/chrome/content/rules/Agentbot.net.xml
index 875ed735452e..9990239dcb3f 100644
--- a/src/chrome/content/rules/Agentbot.net.xml
+++ b/src/chrome/content/rules/Agentbot.net.xml
@@ -4,7 +4,7 @@
 
 	Cert mismatch:
 		- ^ & www
-		
+
 	Chain issues:
 		- activity.agentbot.net
 		- dev-activity.agentbot.net
diff --git a/src/chrome/content/rules/Aggregate_Knowledge.xml b/src/chrome/content/rules/Aggregate_Knowledge.xml
index de3e77980a4f..da849e397d43 100644
--- a/src/chrome/content/rules/Aggregate_Knowledge.xml
+++ b/src/chrome/content/rules/Aggregate_Knowledge.xml
@@ -43,7 +43,7 @@ Fetch error: http://www-stage.aggregateknowledge.com/ => https://www.aggregatekn
 		- .aggregateknowledge.com
 
 -->
-<ruleset name="Aggregate Knowledge.com" default_off='failed ruleset test'>
+<ruleset name="Aggregate Knowledge.com" default_off="failed ruleset test">
 
 	<target host="content.aggregateknowledge.com" />
 	<target host="dashboard.aggregateknowledge.com" />
diff --git a/src/chrome/content/rules/Agmk.net.xml b/src/chrome/content/rules/Agmk.net.xml
index 1b8c552ef104..a5c6ec2bda09 100644
--- a/src/chrome/content/rules/Agmk.net.xml
+++ b/src/chrome/content/rules/Agmk.net.xml
@@ -5,7 +5,7 @@
 	<target host="www.agmk.net" />
 
 
-	<securecookie host="^(?:.+\.)?agmk\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Agra-net.com.xml b/src/chrome/content/rules/Agra-net.com.xml
index c8c46619d84d..3d5e540231dd 100644
--- a/src/chrome/content/rules/Agra-net.com.xml
+++ b/src/chrome/content/rules/Agra-net.com.xml
@@ -34,7 +34,7 @@ Fetch error: http://store.agra-net.com/ => https://store.agra-net.com/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="agra-net.com (partial)" default_off='failed ruleset test'>
+<ruleset name="agra-net.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Agri_Supply.com.xml b/src/chrome/content/rules/Agri_Supply.com.xml
index 29f9dcda10a1..2e192d4aa95c 100644
--- a/src/chrome/content/rules/Agri_Supply.com.xml
+++ b/src/chrome/content/rules/Agri_Supply.com.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?agrisupply\.com/((?:editaccount|signin)\.aspx|favicon\.ico|images/|Java[sS]cript/|Styles/)"
 		to="https://www.agrisupply.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ahm.com.au.xml b/src/chrome/content/rules/Ahm.com.au.xml
index b31cc56cb49f..89a28b119520 100644
--- a/src/chrome/content/rules/Ahm.com.au.xml
+++ b/src/chrome/content/rules/Ahm.com.au.xml
@@ -1,7 +1,9 @@
 <ruleset name="ahm.com.au (partial)">
 
 	<target host="ahm.com.au" />
-	<target host="*.ahm.com.au" />
+	<target host="members.ahm.com.au" />
+	<target host="providers.ahm.com.au" />
+	<target host="www.ahm.com.au" />
 		<!--
 			Redirect to http:
 						-->
@@ -19,7 +21,6 @@
 	<securecookie host="^members\.ahm\.com\.au$" name=".+" />
 
 
-	<rule from="^http://((?:members|providers|www)\.)?ahm\.com\.au/"
-		to="https://$1ahm.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/AhnLab.com.xml b/src/chrome/content/rules/AhnLab.com.xml
new file mode 100644
index 000000000000..e56f5778b17a
--- /dev/null
+++ b/src/chrome/content/rules/AhnLab.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection refused:
+		- ^
+		- download
+-->
+<ruleset name="AhnLab.com">
+	<target host="ahnlab.com" />
+	<target host="www.ahnlab.com" />
+	<target host="global.ahnlab.com" />
+	<target host="image.ahnlab.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ahnlab\.com/" to="https://www.ahnlab.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ahnlab.com.xml b/src/chrome/content/rules/Ahnlab.com.xml
deleted file mode 100644
index 7425a2d3bf09..000000000000
--- a/src/chrome/content/rules/Ahnlab.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- av vendor -->
-<ruleset name="Ahnlab" platform="mixedcontent">
-	<target host="image.ahnlab.com" />
-	<target host="global.ahnlab.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/Aidsmap.com.xml b/src/chrome/content/rules/Aidsmap.com.xml
index 254c7337816c..da604b40392f 100644
--- a/src/chrome/content/rules/Aidsmap.com.xml
+++ b/src/chrome/content/rules/Aidsmap.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://aidsmap.com/ => https://www.aidsmap.com/: (35, 'Unknown SSL
 	* Secured by us
 
 -->
-<ruleset name="aidsmap.com" default_off='failed ruleset test'>
+<ruleset name="aidsmap.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Aim4Media.com.xml b/src/chrome/content/rules/Aim4Media.com.xml
index 2609b1db5b78..486bd32e7021 100644
--- a/src/chrome/content/rules/Aim4Media.com.xml
+++ b/src/chrome/content/rules/Aim4Media.com.xml
@@ -21,7 +21,7 @@ Non-2xx HTTP code: http://ad.aim4media.com/ (200) => https://ad.yieldmanager.com
 		- ad	(→ ad.yieldmanager.com)
 
 -->
-<ruleset name="Aim4Media.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Aim4Media.com (partial)" default_off="failed ruleset test">
 
 	<target host="ad.aim4media.com" />
 
@@ -29,4 +29,4 @@ Non-2xx HTTP code: http://ad.aim4media.com/ (200) => https://ad.yieldmanager.com
 	<rule from="^http://ad\.aim4media\.com/"
 		to="https://ad.yieldmanager.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Air-Canada-Pilots-Association.xml b/src/chrome/content/rules/Air-Canada-Pilots-Association.xml
index 7ecddf72df7f..b5b059396517 100644
--- a/src/chrome/content/rules/Air-Canada-Pilots-Association.xml
+++ b/src/chrome/content/rules/Air-Canada-Pilots-Association.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://secure.acpa.ca/ => https://secure.acpa.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.acpa.ca'")	secure.... homepage redirects to www
 	other pages redirect to http://secure...
 -->
-<ruleset name="Air Canada Pilot's Association (partial)" default_off='failed ruleset test'>
+<ruleset name="Air Canada Pilot's Association (partial)" default_off="failed ruleset test">
 
 	<target host="acpa.ca"/>
 	<target host="secure.acpa.ca"/>
diff --git a/src/chrome/content/rules/AirAsia.xml b/src/chrome/content/rules/AirAsia.xml
index 57d7d3b9c435..856919e9833b 100644
--- a/src/chrome/content/rules/AirAsia.xml
+++ b/src/chrome/content/rules/AirAsia.xml
@@ -47,6 +47,6 @@
 	<rule from="^http://airasia\.com/"
 			to="https://www.airasia.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AirMalta.com.xml b/src/chrome/content/rules/AirMalta.com.xml
new file mode 100644
index 000000000000..694d10608882
--- /dev/null
+++ b/src/chrome/content/rules/AirMalta.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AirMalta.com (partial)">
+	<target host="airmalta.com" />
+	<target host="www.airmalta.com" />
+
+	<!-- https://airmalta.com -> http://www.airmalta.com http redirect -->
+	<rule from="^http://airmalta\.com/" to="https://www.airmalta.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AirMap.xml b/src/chrome/content/rules/AirMap.xml
index 5b65c66e8f41..6f55a6ea0555 100644
--- a/src/chrome/content/rules/AirMap.xml
+++ b/src/chrome/content/rules/AirMap.xml
@@ -21,9 +21,9 @@
 	<target host="cdn.airmap.io" />
 	<target host="dashboard.airmap.io" />
 	<target host="sso.airmap.io" />
-	
+
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Airbnb.xml b/src/chrome/content/rules/Airbnb.xml
deleted file mode 100644
index 0d2d80e31adb..000000000000
--- a/src/chrome/content/rules/Airbnb.xml
+++ /dev/null
@@ -1,106 +0,0 @@
-<!--
-	airbnb.com is preloaded
-
-	Invalid certificate:
-		airbnb.co.ve
-		airbnb.lu
-
--->
-<ruleset name="Airbnb (partial)">
-
-	<target host="airbnb.at" />
-	<target host="www.airbnb.at" />
-	<target host="m.airbnb.at" />
-
-	<target host="airbnb.be" />
-	<target host="fr.airbnb.be" />
-	<target host="www.airbnb.be" />
-	<target host="m.airbnb.be" />
-
-	<target host="airbnb.ca" />
-	<target host="www.airbnb.ca" />
-	<target host="m.airbnb.ca" />
-
-	<target host="airbnb.co.kr" />
-	<target host="www.airbnb.co.kr" />
-	<target host="m.airbnb.co.kr" />
-
-	<target host="airbnb.co.nz" />
-	<target host="www.airbnb.co.nz" />
-	<target host="m.airbnb.co.nz" />
-
-	<target host="airbnb.co.uk" />
-	<target host="www.airbnb.co.uk" />
-	<target host="m.airbnb.co.uk" />
-
-	<target host="airbnb.co.ve" />
-	<target host="www.airbnb.co.ve" />
-	<target host="m.airbnb.co.ve" />
-
-	<target host="airbnb.com.au" />
-	<target host="www.airbnb.com.au" />
-	<target host="m.airbnb.com.au" />
-
-	<target host="airbnb.com.br" />
-	<target host="www.airbnb.com.br" />
-	<target host="m.airbnb.com.br" />
-
-	<target host="airbnb.de" />
-	<target host="www.airbnb.de" />
-	<target host="m.airbnb.de" />
-
-	<target host="airbnb.es" />
-	<target host="www.airbnb.es" />
-	<target host="m.airbnb.es" />
-
-	<target host="airbnb.fi" />
-	<target host="www.airbnb.fi" />
-	<target host="m.airbnb.fi" />
-
-	<target host="airbnb.fr" />
-	<target host="www.airbnb.fr" />
-	<target host="m.airbnb.fr" />
-	
-	<target host="airbnb.it" />
-	<target host="www.airbnb.it" />
-	<target host="m.airbnb.it" />
-
-	<target host="airbnb.jp" />
-	<target host="www.airbnb.jp" />
-	<target host="m.airbnb.jp" />
-
-	<target host="airbnb.lu" />
-	<target host="www.airbnb.lu" />
-	<target host="m.airbnb.lu" />
-
-	<target host="airbnb.mx" />
-	<target host="www.airbnb.mx" />
-	<target host="m.airbnb.mx" />
-
-	<target host="airbnb.no" />
-	<target host="www.airbnb.no" />
-	<target host="m.airbnb.no" />
-
-	<target host="airbnb.ru" />
-	<target host="www.airbnb.ru" />
-	<target host="m.airbnb.ru" />
-
-	<target host="airbnb.se" />
-	<target host="www.airbnb.se" />
-	<target host="m.airbnb.se" />
-
-	<target host="a0.muscache.com" />
-	<target host="a1.muscache.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://airbnb\.co\.ve/"
-		to="https://www.airbnb.co.ve/" />
-
-	<rule from="^http://airbnb\.lu/"
-		to="https://www.airbnb.lu/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AirportBanking.com.xml b/src/chrome/content/rules/AirportBanking.com.xml
new file mode 100644
index 000000000000..d44beaf6d458
--- /dev/null
+++ b/src/chrome/content/rules/AirportBanking.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="AirportBanking.com">
+	<target host="airportbanking.com" />
+	<target host="www.airportbanking.com" />
+	<target host="cpanel.airportbanking.com" />
+	<target host="mail.airportbanking.com" />
+	<target host="webdisk.airportbanking.com" />
+	<target host="webmail.airportbanking.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AirshipVentures.xml b/src/chrome/content/rules/AirshipVentures.xml
index 1212beb92121..e809b2642ab9 100644
--- a/src/chrome/content/rules/AirshipVentures.xml
+++ b/src/chrome/content/rules/AirshipVentures.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.airshipventures.com/ => https://www.airshipventures.com/: (35, 'Unknown SSL protocol error in connection to www.airshipventures.com:443 ')
 Fetch error: http://airshipventures.com/ => https://www.airshipventures.com/: (35, 'Unknown SSL protocol error in connection to www.airshipventures.com:443 ')
 -->
-<ruleset name="AirshipVentures" default_off='failed ruleset test'>
+<ruleset name="AirshipVentures" default_off="failed ruleset test">
   <target host="www.airshipventures.com" />
   <target host="airshipventures.com" />
 
diff --git a/src/chrome/content/rules/AirsoftGI.com.xml b/src/chrome/content/rules/AirsoftGI.com.xml
index c2d78c634a1f..c25e69f6a97f 100644
--- a/src/chrome/content/rules/AirsoftGI.com.xml
+++ b/src/chrome/content/rules/AirsoftGI.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://airsoftgi.com/ => https://airsoftgi.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="AirsoftGI.com" default_off='failed ruleset test'>
+<ruleset name="AirsoftGI.com" default_off="failed ruleset test">
 
 	<target host="airsoftgi.com" />
 	<target host="www.airsoftgi.com" />
@@ -15,4 +15,4 @@ Fetch error: http://airsoftgi.com/ => https://airsoftgi.com/: (60, 'SSL certific
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Airtricity.xml b/src/chrome/content/rules/Airtricity.xml
deleted file mode 100644
index 21476f802f4f..000000000000
--- a/src/chrome/content/rules/Airtricity.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Airtricity" platform="mixedcontent">
-  <target host="airtricity.com" />
-  <target host="*.airtricity.com" />
-
-  <rule from="^http://airtricity\.com/" to="https://www.airtricity.com/"/>
-  <rule from="^http://([^/:@\.]+)\.airtricity\.com/" to="https://$1.airtricity.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/AkademikerForsakring.se.xml b/src/chrome/content/rules/AkademikerForsakring.se.xml
index 86c59deba309..44c71a7899f7 100644
--- a/src/chrome/content/rules/AkademikerForsakring.se.xml
+++ b/src/chrome/content/rules/AkademikerForsakring.se.xml
@@ -1,12 +1,16 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://akademikerforsakring.se/ => https://www.akademikerforsakring.se/: (28, 'Connection timed out after 10001 milliseconds')
-Fetch error: http://www.akademikerforsakring.se/ => https://www.akademikerforsakring.se/: (28, 'Connection timed out after 10001 milliseconds')
+	ERR_SSL_UNRECOGNIZED_NAME_ALERT:
+ 		- akademikerforsakring.se
+ 		- xn-\-akademikerfrskring-xtb17a.se
+		- www.xn-\-akademikerfrskring-xtb17a.se
 -->
-<ruleset name="AkademikerFörsäkring.se">
+<ruleset name="AkademikerForsakring.se">
 	<target host="akademikerforsakring.se" />
 	<target host="www.akademikerforsakring.se" />
-	<target host="akademikerförsäkring.se" />
-	<target host="www.akademikerförsäkring.se" />
-	<rule from="^http://(?:www\.)?akademikerf[oö]rs[aä]kring\.se/" to="https://www.akademikerforsakring.se/"/>
+	<target host="xn--akademikerfrskring-xtb17a.se" />
+	<target host="www.xn--akademikerfrskring-xtb17a.se" />
+
+	<rule from="^http://(akademikerforsakring|(www\.)?xn--akademikerfrskring-xtb17a)\.se/" 
+		  to="https://www.akademikerforsakring.se/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AkademiskaHus.se.xml b/src/chrome/content/rules/AkademiskaHus.se.xml
index 7fb3b3a8ce50..b3f86bb825e9 100644
--- a/src/chrome/content/rules/AkademiskaHus.se.xml
+++ b/src/chrome/content/rules/AkademiskaHus.se.xml
@@ -1,18 +1,50 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
+	Invalid certificate:
+
+		- albanocam1.akademiskahus.se
+		- albanocam2.akademiskahus.se
+		- albanocam3.akademiskahus.se
+		- ul111.akahus.akademiskahus.se
+		- un180.akahus.akademiskahus.se
+		- un184.akahus.akademiskahus.se
+		- forettklokaresverige.akademiskahus.se
+		- gate.akademiskahus.se
+		- lyncdiscover.akademiskahus.se
+		- sip.akademiskahus.se
+		- admin.studbo.akademiskahus.se
+
+	Bad redirect:
+		- mobil.akademiskahus.se
+		- mobiltest.akademiskahus.se
+
+	HTTP only:
+		
+		- framtidsmodellen.akademiskahus.se
+		- arsredovisning.akademiskahus.se
 -->
-<ruleset name="AkademiskaHus.se (partial)">
-
-	<target host="*.akademiskahus.se" />
-
-
-	<securecookie host="^(?:portal|vpn)\.akademiskahus\.se$" name=".+" />
-
-
-	<rule from="^http://(portal|vpn)\.akademiskahus\.se/"
-		to="https://$1.akademiskahus.se/" />
-
-</ruleset>
\ No newline at end of file
+<ruleset name="AkademiskaHus.se">
+	<target host="akademiskahus.se"/>
+	<target host="www.akademiskahus.se"/>
+	<target host="aha.akademiskahus.se" />
+	<target host="ahaapi.akademiskahus.se" />
+	<target host="awl.akademiskahus.se" />
+	<target host="boka.akademiskahus.se" />
+	<target host="desktop.akademiskahus.se" />
+	<target host="navet.akademiskahus.se" />
+	<target host="portal.akademiskahus.se" />
+	<target host="ra.akademiskahus.se" />
+	<target host="rdweb.akademiskahus.se" />
+	<target host="vcfdmz02.akademiskahus.se" />
+	<target host="e03.video.akademiskahus.se" />
+	<target host="e03-1.video.akademiskahus.se" />
+	<target host="e03-2.video.akademiskahus.se" />
+	<target host="vmr.akademiskahus.se" />
+	<target host="e03.vmr.akademiskahus.se" />
+	<target host="e03-1.vmr.akademiskahus.se" />
+	<target host="e03-2.vmr.akademiskahus.se" />
+	<target host="www2.akademiskahus.se" />
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Akamai.com.xml b/src/chrome/content/rules/Akamai.com.xml
index b9a65e9a09e3..5c32e8a73c4f 100644
--- a/src/chrome/content/rules/Akamai.com.xml
+++ b/src/chrome/content/rules/Akamai.com.xml
@@ -39,7 +39,7 @@ Non-2xx HTTP code: http://community-uat.akamai.com/ (200) => https://community-u
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Akamai.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Akamai.com (partial)" default_off="failed ruleset test">
 
 	<target host="akamai.com" />
 	<target host="apps-community.akamai.com" />
diff --git a/src/chrome/content/rules/Akinator.com.xml b/src/chrome/content/rules/Akinator.com.xml
new file mode 100644
index 000000000000..8cc12b09da6e
--- /dev/null
+++ b/src/chrome/content/rules/Akinator.com.xml
@@ -0,0 +1,23 @@
+<ruleset name="Akinator.com">
+	<target host="akinator.com" />
+	<target host="www.akinator.com" />
+	<target host="ar.akinator.com" />
+	<target host="cgu.akinator.com" />
+	<target host="cn.akinator.com" />
+	<target host="de.akinator.com" />
+	<target host="en.akinator.com" />
+	<target host="es.akinator.com" />
+	<target host="films.akinator.com" />
+	<target host="fr.akinator.com" />
+	<target host="il.akinator.com" />
+	<target host="it.akinator.com" />
+	<target host="jp.akinator.com" />
+	<target host="kr.akinator.com" />
+	<target host="nl.akinator.com" />
+	<target host="pl.akinator.com" />
+	<target host="pt.akinator.com" />
+	<target host="ru.akinator.com" />
+	<target host="tr.akinator.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Akira.org.xml b/src/chrome/content/rules/Akira.org.xml
index 7eda290b0bbf..beccce20b3e9 100644
--- a/src/chrome/content/rules/Akira.org.xml
+++ b/src/chrome/content/rules/Akira.org.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AkolaProject.org.xml b/src/chrome/content/rules/AkolaProject.org.xml
new file mode 100644
index 000000000000..598490da46a0
--- /dev/null
+++ b/src/chrome/content/rules/AkolaProject.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="AkolaProject.org">
+	<target host="akolaproject.org" />
+	<target host="www.akolaproject.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Akola_Project.org.xml b/src/chrome/content/rules/Akola_Project.org.xml
deleted file mode 100644
index bad6e3cac49f..000000000000
--- a/src/chrome/content/rules/Akola_Project.org.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	www.akolaproject.org: Loops
-
-
-	Insecure cookies are set for these domains:
-
-		- .akolaproject.org
-
-
-	Mixed content:
-
-		- css from $self *
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Akola Project.org (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="akolaproject.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.akolaproject.org" />
-
-		<!--	Mixed css:
-					-->
-		<test url="http://akolaproject.org/shop/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.akolaproject\.org$" name="^(?:__cfduid|cf_clearance|frontend)$" /-->
-
-	<securecookie host="^\.akolaproject\.org$" name=".+" />
-
-
-	<rule from="^http://www\.akolaproject\.org/"
-		to="https://akolaproject.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml b/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml
index f88ac9358693..bafdae6b040a 100644
--- a/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml
+++ b/src/chrome/content/rules/Aktion-Deutschland-Hilft.de.xml
@@ -18,7 +18,8 @@
 <ruleset name="Aktion-Deutschland-Hilft.de (partial)">
 
 	<target host="aktion-deutschland-hilft.de" />
-	<target host="*.aktion-deutschland-hilft.de" />
+	<target host="www.aktion-deutschland-hilft.de" />
+	<target host="media.aktion-deutschland-hilft.de" />
 
 
 	<rule from="^http://(?:www\.)?aktion-deutschland-hilft\.de/(css/|favicon\.ico|fileadmin/|index\.php\?eID=adh_banner|typo3(?:conf|temp)/|uploads/)"
@@ -27,4 +28,4 @@
 	<rule from="^http://media\.aktion-deutschland-hilft\.de/"
 		to="https://d3c57cw0c70g44.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aktivix.org.xml b/src/chrome/content/rules/Aktivix.org.xml
index 447a9bb58f30..1e6691e18525 100644
--- a/src/chrome/content/rules/Aktivix.org.xml
+++ b/src/chrome/content/rules/Aktivix.org.xml
@@ -17,7 +17,7 @@ Fetch error: http://lists.aktivix.org/ => https://lists.aktivix.org/: (60, 'SSL
 		- owncloud.aktivix.org
 
 -->
-<ruleset name="Aktivix.org" default_off='failed ruleset test'>
+<ruleset name="Aktivix.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Al-Madina.com.xml b/src/chrome/content/rules/Al-Madina.com.xml
new file mode 100644
index 000000000000..af1d93dbd0de
--- /dev/null
+++ b/src/chrome/content/rules/Al-Madina.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- madina
+		- waseet
+-->
+<ruleset name="Al-Madina.com">
+	<target host="al-madina.com" />
+	<target host="www.al-madina.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-Sabeel.net.xml b/src/chrome/content/rules/Al-Sabeel.net.xml
new file mode 100644
index 000000000000..b511470fcbe2
--- /dev/null
+++ b/src/chrome/content/rules/Al-Sabeel.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Al-Sabeel.net">
+	<target host="al-sabeel.net" />
+	<target host="www.al-sabeel.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Al-akhbar.xml b/src/chrome/content/rules/Al-akhbar.xml
index d2e515b00f83..c01ccb8b97b4 100644
--- a/src/chrome/content/rules/Al-akhbar.xml
+++ b/src/chrome/content/rules/Al-akhbar.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlAdhan.com.xml b/src/chrome/content/rules/AlAdhan.com.xml
new file mode 100644
index 000000000000..5f96beb6e597
--- /dev/null
+++ b/src/chrome/content/rules/AlAdhan.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlAdhan.com">
+	<target host="aladhan.com" />
+	<target host="www.aladhan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlDiwan.net.xml b/src/chrome/content/rules/AlDiwan.net.xml
new file mode 100644
index 000000000000..65dce1f20310
--- /dev/null
+++ b/src/chrome/content/rules/AlDiwan.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlDiwan.net">
+	<target host="aldiwan.net" />
+	<target host="www.aldiwan.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlFaseeh.com.xml b/src/chrome/content/rules/AlFaseeh.com.xml
new file mode 100644
index 000000000000..2c7dc33e4e68
--- /dev/null
+++ b/src/chrome/content/rules/AlFaseeh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlFaseeh.com">
+	<target host="alfaseeh.com" />
+	<target host="www.alfaseeh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlFeker.net.xml b/src/chrome/content/rules/AlFeker.net.xml
new file mode 100644
index 000000000000..cf79081b2a4d
--- /dev/null
+++ b/src/chrome/content/rules/AlFeker.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlFeker.net">
+	<target host="alfeker.net" />
+	<target host="www.alfeker.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlMohawer.com.xml b/src/chrome/content/rules/AlMohawer.com.xml
new file mode 100644
index 000000000000..790e7e07fe72
--- /dev/null
+++ b/src/chrome/content/rules/AlMohawer.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="AlMohawer.com">
+	<target host="almohawer.com" />
+	<target host="www.almohawer.com" />
+	<target host="webmail.almohawer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlMostaneer.com.xml b/src/chrome/content/rules/AlMostaneer.com.xml
new file mode 100644
index 000000000000..2c0c75128951
--- /dev/null
+++ b/src/chrome/content/rules/AlMostaneer.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlMostaneer.com">
+	<target host="almostaneer.com" />
+	<target host="www.almostaneer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlNawawiForty.com.xml b/src/chrome/content/rules/AlNawawiForty.com.xml
new file mode 100644
index 000000000000..c823a98f7c14
--- /dev/null
+++ b/src/chrome/content/rules/AlNawawiForty.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlNawawiForty.com">
+	<target host="alnawawiforty.com" />
+	<target host="www.alnawawiforty.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlRadNet.com.xml b/src/chrome/content/rules/AlRadNet.com.xml
new file mode 100644
index 000000000000..b9bcd58142a7
--- /dev/null
+++ b/src/chrome/content/rules/AlRadNet.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlRadNet.com">
+	<target host="alradnet.com" />
+	<target host="www.alradnet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlRo7.net.xml b/src/chrome/content/rules/AlRo7.net.xml
new file mode 100644
index 000000000000..d2e7ca8be1fe
--- /dev/null
+++ b/src/chrome/content/rules/AlRo7.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		ww.w.alro7.net
+-->
+<ruleset name="AlRo7.net">
+	<target host="alro7.net" />
+	<target host="www.alro7.net" />
+	<target host="m.alro7.net" />
+	<target host="ww.alro7.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlTadabbur.com.xml b/src/chrome/content/rules/AlTadabbur.com.xml
new file mode 100644
index 000000000000..0bde512e4832
--- /dev/null
+++ b/src/chrome/content/rules/AlTadabbur.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="AlTadabbur.com">
+	<target host="altadabbur.com" />
+	<target host="www.altadabbur.com" />
+	<target host="m.altadabbur.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlTafsir.com.xml b/src/chrome/content/rules/AlTafsir.com.xml
new file mode 100644
index 000000000000..d2750d0ec9af
--- /dev/null
+++ b/src/chrome/content/rules/AlTafsir.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard DNS but without wildcard certificate
+
+	Unable to Connect:
+		main.altafsir.com
+	Invalid Certificate:
+		m.altafsir.com
+		mobile.altafsir.com
+-->
+<ruleset name="AlTafsir.com">
+	<target host="altafsir.com" />
+	<target host="www.altafsir.com" />
+
+	<securecookie host="^(www)\.altafsir\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alaalam.org.xml b/src/chrome/content/rules/Alaalam.org.xml
new file mode 100644
index 000000000000..439cefbfa32b
--- /dev/null
+++ b/src/chrome/content/rules/Alaalam.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Alaalam.org">
+	<target host="alaalam.org" />
+	<target host="www.alaalam.org" />
+	<target host="mail.alaalam.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alamy.xml b/src/chrome/content/rules/Alamy.xml
index 7f1facf2a53a..a290d54f6c44 100644
--- a/src/chrome/content/rules/Alamy.xml
+++ b/src/chrome/content/rules/Alamy.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlanWalker.com.xml b/src/chrome/content/rules/AlanWalker.com.xml
new file mode 100644
index 000000000000..0636587eabfb
--- /dev/null
+++ b/src/chrome/content/rules/AlanWalker.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AlanWalker.com">
+	<target host="alanwalker.com" />
+	<target host="www.alanwalker.com" />
+	<target host="mail.alanwalker.com" />
+	<target host="webdisk.alanwalker.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alaska.edu.xml b/src/chrome/content/rules/Alaska.edu.xml
new file mode 100644
index 000000000000..3e003ecab6d0
--- /dev/null
+++ b/src/chrome/content/rules/Alaska.edu.xml
@@ -0,0 +1,49 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- cirt.alaska.edu
+		- email.alaska.edu
+		- biotech.inbre.alaska.edu
+
+		SSL connect error:
+		- lists.alaska.edu
+		- techsupport.uaa.alaska.edu
+		- uaonline.alaska.edu
+		- www.uas.alaska.edu
+		- swf-1.vpn.alaska.edu
+		- uaf-1.vpn.alaska.edu
+		- webmail.alaska.edu
+
+		SSL peer certificate was not OK:
+		- greenandgold.uaa.alaska.edu
+		- lib.uaa.alaska.edu
+		- webaccess.uaa.alaska.edu
+		- webmail.uaa.alaska.edu
+
+		Mixed content blocking (MCB) triggered:
+		- fpgis.uaa.alaska.edu
+-->
+<ruleset name="Alaska.edu (partial)">
+	<target host="alaska.edu" />
+	<target host="www.alaska.edu" />
+	<target host="avo.alaska.edu" />
+	<target host="www.avo.alaska.edu" />
+	<target host="edit.alaska.edu" />
+	<target host="elmo.alaska.edu" />
+	<target host="service.alaska.edu" />
+	<target host="uaa.alaska.edu" />
+	<target host="classes.uaa.alaska.edu" />
+	<target host="coe.uaa.alaska.edu" />
+	<target host="hosting.uaa.alaska.edu" />
+	<target host="krua.uaa.alaska.edu" />
+	<target host="me.uaa.alaska.edu" />
+	<target host="moodle.uaa.alaska.edu" />
+	<target host="owa.uaa.alaska.edu" />
+	<target host="technology.uaa.alaska.edu" />
+	<target host="womens.uaa.alaska.edu" />
+	<target host="www.uaa.alaska.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlaskaAirlines.xml b/src/chrome/content/rules/AlaskaAirlines.xml
index 15a7fca3a90d..dbff470f12ba 100644
--- a/src/chrome/content/rules/AlaskaAirlines.xml
+++ b/src/chrome/content/rules/AlaskaAirlines.xml
@@ -1,9 +1,10 @@
-<ruleset name="Alaska Airlines" platform="mixedcontent">
-  <target host="alaskaair.com" />
-  <target host="*.alaskaair.com" />
+<ruleset name="Alaska Airlines (partial)">
+	<target host="alaskaair.com" />
+	<target host="www.alaskaair.com" />
+	<target host="careers.alaskaair.com" />
+	<target host="easybiz.alaskaair.com" />
 
-  <rule from="^http://alaskaair\.com/"
-          to="https://www.alaskaair.com/" />
-  <rule from="^http://(careers|easybiz|myeagle|webselfservice|www)\.alaskaair\.com/"
-          to="https://$1.alaskaair.com/" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Albennet.com.xml b/src/chrome/content/rules/Albennet.com.xml
index 0d7a854f6f25..bb0834b7ed27 100644
--- a/src/chrome/content/rules/Albennet.com.xml
+++ b/src/chrome/content/rules/Albennet.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://alb.albennet.com/ => https://alb.albennet.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Albennet Hosting Provider" default_off='failed ruleset test'>
+<ruleset name="Albennet Hosting Provider" default_off="failed ruleset test">
 	<target host="albennet.com" />
 	<target host="www.albennet.com" />
 	<target host="alb.albennet.com" />
diff --git a/src/chrome/content/rules/Albinoloverats.xml b/src/chrome/content/rules/Albinoloverats.xml
index 3126e0d6b4bd..ca071298fdbe 100644
--- a/src/chrome/content/rules/Albinoloverats.xml
+++ b/src/chrome/content/rules/Albinoloverats.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alcuda.xml b/src/chrome/content/rules/Alcuda.xml
index d38fa48a42c4..6cb2a7514e55 100644
--- a/src/chrome/content/rules/Alcuda.xml
+++ b/src/chrome/content/rules/Alcuda.xml
@@ -6,7 +6,7 @@ Fetch error: http://wl.easydategroup.com/ => http://wl.easydategroup.com/: (6, '
 Fetch error: http://cdn.wl.easydategroup.com/ => http://cdn.wl.easydategroup.com/: (6, 'Could not resolve host: cdn.wl.easydategroup.com')
 
 -->
-<ruleset name="Alcuda (partial)" default_off='failed ruleset test'>
+<ruleset name="Alcuda (partial)" default_off="failed ruleset test">
 
 	<target host="whitelabeldating.alcuda.com"/>
 	<target host="wl.easydategroup.com"/>
@@ -16,7 +16,8 @@ Fetch error: http://cdn.wl.easydategroup.com/ => http://cdn.wl.easydategroup.com
 	<target host="www.shagaholic.com"/>
 	<target host="upforit.com"/>
 	<target host="www.upforit.com"/>
-	<target host="*.upforitnetworks.com"/>
+	<target host="whitelabeldating.upforitnetworks.com" />
+	<target host="affiliates.upforitnetworks.com" />
 	<target host="xhamster.biz"/>
 	<target host="www.xhamster.biz"/>
 
diff --git a/src/chrome/content/rules/Alecomm.com.xml b/src/chrome/content/rules/Alecomm.com.xml
index 8f744103ab92..cb5f72f18c84 100644
--- a/src/chrome/content/rules/Alecomm.com.xml
+++ b/src/chrome/content/rules/Alecomm.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://alecomm.com/ => https://alecomm.com/: (51, "SSL: no alternat
 Fetch error: http://www.alecomm.com/ => https://www.alecomm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.alecomm.com'")
 
 -->
-<ruleset name="Alecomm.com" default_off='failed ruleset test'>
+<ruleset name="Alecomm.com" default_off="failed ruleset test">
 
 	<target host="alecomm.com" />
 	<target host="www.alecomm.com" />
diff --git a/src/chrome/content/rules/Alert_Investor_Relations.xml b/src/chrome/content/rules/Alert_Investor_Relations.xml
index 57d286602391..eccd7d47c4f3 100644
--- a/src/chrome/content/rules/Alert_Investor_Relations.xml
+++ b/src/chrome/content/rules/Alert_Investor_Relations.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://vp(\d+)\.alertir\.com/"
 		to="https://vp$1.alertir.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alfabank.ru.xml b/src/chrome/content/rules/Alfabank.ru.xml
index d88fa15fe769..4acb042f447c 100644
--- a/src/chrome/content/rules/Alfabank.ru.xml
+++ b/src/chrome/content/rules/Alfabank.ru.xml
@@ -24,7 +24,7 @@ alfabank.kz protocol error
 www.alfabank.kz protocol error
 alfaportal.kz mismatch
 www.alfaportal.kz mismatch -->
-<ruleset name="Alfabank.ru" default_off='failed ruleset test'>
+<ruleset name="Alfabank.ru" default_off="failed ruleset test">
 	<target host="alfabank.ru" />
 	<target host="www.alfabank.ru" />
 	<target host="anketa.alfabank.ru" />
@@ -49,12 +49,12 @@ www.alfaportal.kz mismatch -->
 	<target host="alfaportal.kz" />
 	<target host="www.alfaportal.kz" />
 	<target host="p2p.alfaportal.kz" />
-	
+
 	<rule from="^http://alfaportal\.ru/"
 		to="https://www.alfaportal.ru/" />
 
 	<test url="http://alfaportal.ru/" />
-	
+
 	<rule from="^http://(?:www\.)?alfaportal\.kz/"
 		to="https://p2p.alfaportal.kz/" />
 
diff --git a/src/chrome/content/rules/Alfresco.com.xml b/src/chrome/content/rules/Alfresco.com.xml
index 027b4e447409..82af7d04cfb6 100644
--- a/src/chrome/content/rules/Alfresco.com.xml
+++ b/src/chrome/content/rules/Alfresco.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://wiki.alfresco.com/ => https://wiki.alfresco.com/: (60, 'SSL
 	Wrong content:
 		- dev
 -->
-<ruleset name="Alfresco.com" default_off='failed ruleset test'>
+<ruleset name="Alfresco.com" default_off="failed ruleset test">
 	<target host="alfresco.com" />
 	<target host="www.alfresco.com" />
 	<target host="activiti.alfresco.com" />
diff --git a/src/chrome/content/rules/Algonquin-College.xml b/src/chrome/content/rules/Algonquin-College.xml
index f7b1bd69ad2b..826c255c904e 100644
--- a/src/chrome/content/rules/Algonquin-College.xml
+++ b/src/chrome/content/rules/Algonquin-College.xml
@@ -4,15 +4,15 @@
 	<securecookie host="^([\w.-]+)\.algonquincollege\.com$" name=".+" />
 
 	<test url="http://www.algonquincollege.com/" />
-	<test url="http://www.algonquincollege.com/studentfeedback/" />	
+	<test url="http://www.algonquincollege.com/studentfeedback/" />
 	<test url="http://www.algonquincollege.com/library/" />
 	<test url="http://liveac.algonquincollege.com/" />
 	<test url="http://m.algonquincollege.com/" />
-	<test url="http://myalgonquin2.algonquincollege.com/" />	
+	<test url="http://myalgonquin2.algonquincollege.com/" />
 
 	<rule from="^http://([\w.-]+)\.algonquincollege\.com/"
 		to="https://$1.algonquincollege.com/" />
 
 	<!-- Does not reply with any content to HTTPS. -->
-	<exclusion pattern="^http://myalgonquin2\.algonquincollege\.com/" />	
-</ruleset>
\ No newline at end of file
+	<exclusion pattern="^http://myalgonquin2\.algonquincollege\.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/AliCDN.com.xml b/src/chrome/content/rules/AliCDN.com.xml
index fcc18ad15477..543ab6b7bd3d 100644
--- a/src/chrome/content/rules/AliCDN.com.xml
+++ b/src/chrome/content/rules/AliCDN.com.xml
@@ -29,10 +29,10 @@
 
 	¹ Mismatched
 	² Akamai / mismatched
-	
+
 	Time out:
 		- im
-	
+
 	Check encoding error:
 		- static-src
 
@@ -99,7 +99,7 @@
 	<target host="u.alicdn.com" />
 	<target host="wwc.alicdn.com" />
 
-		<test url="http://alp.alicdn.com/1472160912042.png" />	
+		<test url="http://alp.alicdn.com/1472160912042.png" />
 		<test url="http://g.alicdn.com/ilw/lib/1.7.8/widget/wukong/highlight.css" />
 		<test url="http://gtms01.alicdn.com/tps/i1/T1JT1SFq8iXXaeHbsb-100-100.png" />
 		<test url="http://gtms02.alicdn.com/tps/i2/T1d25RFhxXXXcwAHbb-196-2.jpg" />
diff --git a/src/chrome/content/rules/AliExpress.com.xml b/src/chrome/content/rules/AliExpress.com.xml
index 9ea762a11afe..14cd496bd84d 100644
--- a/src/chrome/content/rules/AliExpress.com.xml
+++ b/src/chrome/content/rules/AliExpress.com.xml
@@ -8,44 +8,29 @@
 
 		- bbs.seller ¹
 		- escrow
+		- m.fulfillment ²
 
 	¹ Dropped
+	² Invalid certificate
 
 
 	Problematic hosts in *aliexpress.com:
 
+		- $self ˣ
+		- www ˣ
 		- activities ˣ
-		- gw.api ˣ
-		- brands ᵐ
-		- s.click ᵐ
-		- collections ˣ
 		- daxue ˣ
-		- es ᵐ ˣ
 		- fulfillment ˣ
-		- fuwu ˣ
-		- gaga ˣ
-		- group ˣ
-		- he ᵐ
-		- hz ˣ
-		- id ˣ
-		- ja ᵐ
-		- m ᵐ
-		- mai ˣ
 		- open ˣ
-		- page ˣ
-		- pt ᵐ
-		- ru ᵐ ˣ
-		- sale ᵐ ˣ
 		- seller ˣ
-		- superdeals ˣ
 
-	ᵐ Mismatched
-	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	ˣ Active mixed content, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 
 	Insecure cookies are set for these domains and hosts: ᶜ
 
 		- .aliexpress.com
+		- www.aliexpress.com
 		- best.aliexpress.com
 		- coupon.aliexpress.com
 		- group.aliexpress.com
@@ -53,7 +38,6 @@
 		- promotion.aliexpress.com
 		- shoppingcart.aliexpress.com
 		- university.aliexpress.com
-		- www.aliexpress.com
 		- (locale_vhost).aliexpress.com
 
 	ᶜ See https://owasp.org/index.php/SecureFlag
@@ -65,77 +49,118 @@
 
 		- css, on:
 
-			- activities, collections, daxue, es, fuwu, gaga, group, hz, id, it, mai, open, page, pl, superdeals, th from style.aliunicorn.com ˢ
+			- www from style.aliunicorn.com
+			- activities, daxue, open, th from style.aliunicorn.com ˢ
 			- fulfillment from style.alibaba.com ˢ
-			- gw.api from style.c.aliimg.com ˢ
-			- mai img.alibaba.com ˢ
+			- seller from style.alibaba.com
 			- sale from i0\d.i.aliimg.com ˢ
 
+		- js, on:
+
+			- seller from style.alibaba.com
+			- www, seller from style.aliexpress.com
+			- www, open from style.aliunicorn.com
+
 		- Images, on:
 
-			- activities, gw.api, ar, de, es, group, he, id, ja, ko, mai, nl, pl, pt, ru, tr, vi from img.alibaba.com ˢ
-			- activities, fulfillment, gaga, seller from i0\d.i.aliimg.com ˢ
+			- activities, open from img.alibaba.com ˢ
+			- activities, fulfillment, seller from i0\d.i.aliimg.com ˢ
 			- activities from style.aliunicorn.com ˢ
-			- ar, best, brands, de, coupon, group, hz, it, ja, ko, nl, page, pl, ru, sale, th, tr, vi from g0\d.a.alicdn.com ˢ
 			- fulfillment, hz from img.alibaba.com ˢ
+			- open from gtms01.alicdn.com
 			- university from gtms04.alicdn.com ˢ
 
-		- Bug on activities, collections, coupon, daxue, de, es, fr, fulfillment, fuwu, gaga, group, he, id, it, ja, ko, mai, nl, open, page, pl, pt, ru, seller, superdeals, th, tr, trade, university, vi from dmtracking2.alibaba.com ˢ
+		- Bug on activities, daxue, fulfillment, open, seller from dmtracking2.alibaba.com ˢ
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
 <ruleset name="AliExpress.com (partial)">
 
-	<target host="aliexpress.com" />
-	<target host="www.aliexpress.com" />
+	<!--target host="aliexpress.com" /-->
+	<!--target host="www.aliexpress.com" /-->
 	<!--target host="activities.aliexpress.com" /-->
 	<target host="us.ae.aliexpress.com" />
-	<!--target host="gw.api.aliexpress.com" /-->
 	<target host="ar.aliexpress.com" />
+	<target host="m.ar.aliexpress.com" />
 	<target host="best.aliexpress.com" />
-	<!--target host="collections.aliexpress.com" /-->
+	<target host="brands.aliexpress.com" />
+	<target host="s.click.aliexpress.com" />
+	<target host="collections.aliexpress.com" />
 	<target host="compare.aliexpress.com" />
 	<target host="coupon.aliexpress.com" />
 	<!--target host="daxue.aliexpress.com" /-->
 	<target host="de.aliexpress.com" />
+	<target host="m.de.aliexpress.com" />
+	<target host="es.aliexpress.com" />
+	<target host="m.es.aliexpress.com" />
+	<target host="flashdeals.aliexpress.com" />
 	<target host="fr.aliexpress.com" />
+	<target host="m.fr.aliexpress.com" />
 	<!--target host="fulfillment.aliexpress.com" /-->
-	<!--target host="fuwu.aliexpress.com" /-->
-	<!--target host="group.aliexpress.com" /-->
+	<target host="fuwu.aliexpress.com" />
+	<target host="gaga.aliexpress.com" />
+	<target host="group.aliexpress.com" />
+	<target host="he.aliexpress.com" />
 	<target host="help.aliexpress.com" />
 	<target host="home.aliexpress.com" />
-	<!--target host="id.aliexpress.com" /-->
+	<target host="hz.aliexpress.com" />
+	<target host="id.aliexpress.com" />
+	<target host="m.id.aliexpress.com" />
 	<target host="it.aliexpress.com" />
+	<target host="m.it.aliexpress.com" />
+	<target host="ja.aliexpress.com" />
+	<target host="m.ja.aliexpress.com" />
 	<target host="ko.aliexpress.com" />
+	<target host="m.ko.aliexpress.com" />
 	<target host="login.aliexpress.com" />
-	<!--target host="mai.aliexpress.com" /-->
+	<target host="m.aliexpress.com" />
+	<target host="mai.aliexpress.com" />
 	<target host="my.aliexpress.com" />
 	<target host="nl.aliexpress.com" />
+	<target host="m.nl.aliexpress.com" />
 	<!--target host="open.aliexpress.com" /-->
-	<!--target host="page.aliexpress.com" /-->
+	<target host="page.aliexpress.com" />
 	<target host="pl.aliexpress.com" />
 	<target host="promotion.aliexpress.com" />
+	<target host="pt.aliexpress.com" />
+	<target host="m.pt.aliexpress.com" />
 	<target host="report.aliexpress.com" />
+	<target host="sale.aliexpress.com" />
 	<!--target host="seller.aliexpress.com" /-->
+	<target host="marketplace.seller.aliexpress.com" />
 	<target host="shoppingcart.aliexpress.com" />
-	<!--target host="superdeals.aliexpress.com" /-->
+	<target host="superdeals.aliexpress.com" />
+	<target host="ru.aliexpress.com" />
+	<target host="m.ru.aliexpress.com" />
 	<target host="th.aliexpress.com" />
+	<target host="m.th.aliexpress.com" />
 	<target host="tr.aliexpress.com" />
+	<target host="m.tr.aliexpress.com" />
 	<target host="trade.aliexpress.com" />
 	<target host="u.aliexpress.com" />
 	<target host="university.aliexpress.com" />
 	<target host="vi.aliexpress.com" />
+	<target host="m.vi.aliexpress.com" />
 	<target host="track.aliexpress.com" />
 	<target host="lighthouse.aliexpress.com" />
 	<target host="message.aliexpress.com" />
 
 		<!--	Mixed css:
 					-->
-		<!--test url="http://gw.api.alibaba.com/dev/doc/intl/sys_description.htm?ns=aliexpress.open" /-->
+		<!--test url="http://aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://www.aliexpress.com/buyerprotection/overview.html" /-->
 		<!--test url="http://daxue.aliexpress.com/goodseller.php" /-->
+		<!--test url="http://open.aliexpress.com/shopmarket/index.htm" /-->
 		<!--test url="http://page.aliexpress.com/tips-for-new-users.htm" /-->
-		<!--test url="http://www.aliexpress.com/wholesale.html" /-->
+		<!--test url="http://seller.aliexpress.com/trad.html" /-->
+
+		<!--	Mixed js:
+					-->
+		<!--test url="http://aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://www.aliexpress.com/buyerprotection/overview.html" /-->
+		<!--test url="http://open.aliexpress.com/shopmarket/index.htm" /-->
+		<!--test url="http://seller.aliexpress.com/trad.html" /-->
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Alianza.xml b/src/chrome/content/rules/Alianza.xml
index 1f77a2e73bbd..2694c63038ca 100644
--- a/src/chrome/content/rules/Alianza.xml
+++ b/src/chrome/content/rules/Alianza.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alibaba.xml b/src/chrome/content/rules/Alibaba.xml
index 425e7b7f5a47..b2f12135f9ee 100644
--- a/src/chrome/content/rules/Alibaba.xml
+++ b/src/chrome/content/rules/Alibaba.xml
@@ -34,6 +34,10 @@
 			- style.alibaba.com
 
 
+	Invalid certificates:
+		- portal.manjushri.alibaba.com (expired)
+
+
 	Nonfunctional domains:
 
 		- (www.)alibaba.co.jp ¹
@@ -70,6 +74,7 @@
 
 	Problematic hosts in *alibaba.com:
 
+		- gw.api ˣ
 		- www.bd *
 		- img.china *
 		- www.[^.]+.en *
@@ -79,6 +84,7 @@
 
 	* Mismatched
 	² Akamai / mismatched
+	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 
 	Insecure cookies are set for these domains and hosts: ᶜ
@@ -93,7 +99,6 @@
 		- cluster.alibaba.com
 		- dai.alibaba.com
 		- data.alibaba.com
-		- ecredit.alibaba.com
 		- fuwu.alibaba.com
 		- globalexpo.alibaba.com
 		- hzmy.alibaba.com
@@ -127,12 +132,14 @@
 
 	Mixed content:
 
-		- css on india from style.aliunicorn.com ˢ
+		- css, on:
+			- gw.api from style.c.aliimg.com ˢ
+			- india from style.aliunicorn.com ˢ
 
 		- Images, on:
 
 			- chnwh.en, resources from g0\d.s.alicdn.com ˢ
-			- ggs from img.alibaba.com ˢ
+			- gw.api, ggs from img.alibaba.com ˢ
 			- potal.manjushri from $self ˢ
 			- potal.manjushri from crm-kms.alibaba-inc.com
 			- potal.manjushri, open, resources, security, seller from gtms0\d.alicdn.com ˢ
@@ -158,6 +165,7 @@
 		<test url="http://activities.alibaba.com/alibaba/wholesale_success.php" />
 	<target host="ads.alibaba.com" />
 	<target host="us.ae.alibaba.com" />
+	<!--target host="gw.api.alibaba.com" /-->
 	<target host="app.alibaba.com" />
 	<target host="arabic.alibaba.com" />
 	<target host="m.arabic.alibaba.com" />
@@ -176,7 +184,6 @@
 	<target host="data.alibaba.com" />
 	<target host="dutch.alibaba.com" />
 	<target host="m.dutch.alibaba.com" />
-	<target host="ecredit.alibaba.com" />
 	<target host="error.alibaba.com" />
 	<target host="escrow.alibaba.com" />
 	<target host="exporter.alibaba.com" />
@@ -209,7 +216,7 @@
 	<target host="login.alibaba.com" />
 	<target host="logistics.alibaba.com" />
 	<target host="m.alibaba.com" />
-	<target host="portal.manjushri.alibaba.com" />
+	<!--target host="portal.manjushri.alibaba.com" /-->
 	<target host="message.alibaba.com" />
 	<target host="mlma.alibaba.com" />
 	<target host="news.alibaba.com" />
@@ -254,6 +261,11 @@
 	<target host="www.alibaba.com" />
 	<target host="www2.alibaba.com" />
 
+		<!--	Mixed css:
+					-->
+		<!--test url="http://gw.api.alibaba.com/dev/doc/intl/sys_description.htm?ns=aliexpress.open" /-->
+
+
 	<!--	Complications:
 				-->
 	<target host="www.bd.alibaba.com" />
diff --git a/src/chrome/content/rules/AliceDSL.xml b/src/chrome/content/rules/AliceDSL.xml
index a68a9429ac81..40da09b5cc2d 100644
--- a/src/chrome/content/rules/AliceDSL.xml
+++ b/src/chrome/content/rules/AliceDSL.xml
@@ -10,11 +10,11 @@ Fetch error: http://alice.de/ => https://www.alice-dsl.de/: (7, 'Failed to conne
 Fetch error: http://alice-dsl.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
 Fetch error: http://www.alice-dsl.de/ => https://www.alice-dsl.de/: (7, 'Failed to connect to www.alice-dsl.de port 443: No route to host')
 -->
-<ruleset name="AliceDSL" default_off='failed ruleset test'>
+<ruleset name="AliceDSL" default_off="failed ruleset test">
   <target host="alice.de"/>
-  <target host="*.alice.de"/>
+  <target host="www.alice.de" />
   <target host="alice-dsl.de"/>
-  <target host="*.alice-dsl.de"/>
+  <target host="www.alice-dsl.de" />
 
   <securecookie host="^(?:.*\.)?alice-dsl\.de$" name=".+" />
 
diff --git a/src/chrome/content/rules/Alien.net.au.xml b/src/chrome/content/rules/Alien.net.au.xml
index 0cf53e089fe9..58106913b7c5 100644
--- a/src/chrome/content/rules/Alien.net.au.xml
+++ b/src/chrome/content/rules/Alien.net.au.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://alien.net.au/ => https://alien.net.au/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Alien.net.au" default_off='failed ruleset test'>
+<ruleset name="Alien.net.au" default_off="failed ruleset test">
 
 	<target host="alien.net.au" />
 	<target host="www.alien.net.au" />
diff --git a/src/chrome/content/rules/AlienVault.xml b/src/chrome/content/rules/AlienVault.xml
index 7e3f083eff45..b88087028d5e 100644
--- a/src/chrome/content/rules/AlienVault.xml
+++ b/src/chrome/content/rules/AlienVault.xml
@@ -8,7 +8,11 @@
 <ruleset name="AlienVault (partial)">
 
 	<target host="alienvault.com" />
-	<target host="*.alienvault.com" />
+	<target host="www.alienvault.com" />
+	<target host="cloud.alienvault.com" />
+	<target host="communities.alienvault.com" />
+	<target host="resources.alienvault.com" />
+	<target host="forums.alienvault.com" />
 
 
 	<securecookie host="^.*\.alienvault\.com$" name=".+" />
@@ -19,12 +23,11 @@
 	<rule from="^http://(?:www\.)?alienvault\.com/"
 		to="https://www.alienvault.com/" />
 
-	<rule from="^http://(cloud|communities|resources)\.alienvault\.com/"
-		to="https://$1.alienvault.com/" />
 
 	<!--	Doesn't redirect back, w00p.
 						-->
 	<rule from="^http://forums\.alienvault\.com/"
 		to="https://alienvault.vanillaforums.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AliorBank.pl.xml b/src/chrome/content/rules/AliorBank.pl.xml
new file mode 100644
index 000000000000..57ea761623e4
--- /dev/null
+++ b/src/chrome/content/rules/AliorBank.pl.xml
@@ -0,0 +1,161 @@
+<!--
+	Self-signed:
+		- gateway.api
+
+	Connection reset:
+		- static.kantor
+
+	Mismatched:
+		- www.trader
+
+	Refused:
+		- cii
+		- akcept.kantor.de
+		- akcept.m.kantor.de
+		- test.m.kantor.de
+		- www.test.m.kantor.de
+		- akcept.static.kantor.de
+		- test.static.kantor.de
+		- test.kantor.de
+		- www.test.kantor.de
+		- facebook
+		- formularze
+		- www.fuzja
+		- identyfikacja
+		- www.kz
+		- m
+		- malware
+		- mfp
+		- test.mfp
+		- www.test.mfp
+		- najlepszy
+		- native
+		- native1
+		- online
+		- akcept.online
+		- test.online
+		- oszczednosci
+		- fuzja.aliorbank.pl
+		- pomoc-dla-haiti
+		- portale
+		- pozytywy
+		- private-banking
+		- privatebanking
+		- przywileje
+		- sowa
+		- www.sowa
+		- test.das.tmro
+
+	Timeout:
+		- production.developer
+		- emu
+		- ethereum
+		- www.ethereum
+		- fuzja
+		- guestaccess01
+		- guestaccess02
+		- ns1
+		- ns2
+		- online-fuzja
+		- partnerzy
+		- www.schumacher
+		- services
+		- f.video-oddzial
+		- vpn
+		- vpnmobile
+		- wah
+
+	Incomplete certificate chain:
+		- gateway.developer
+		- oauthdemo.developer
+		- gielda
+		- konto-internetowe
+		- link4
+		- pzu
+-->
+<ruleset name="AliorBank.pl">
+	<target host="aliorbank.pl" />
+	<target host="www.aliorbank.pl" />
+	<target host="4x4.aliorbank.pl" />
+	<target host="accelerator.aliorbank.pl" />
+	<target host="analityka.aliorbank.pl" />
+	<target host="ares.aliorbank.pl" />
+	<target host="auth.aliorbank.pl" />
+	<target host="autoryzacja.aliorbank.pl" />
+	<target host="wnioski.bm.aliorbank.pl" />
+	<target host="broker.aliorbank.pl" />
+	<target host="chatbot.aliorbank.pl" />
+	<target host="developer.aliorbank.pl" />
+	<target host="www.developer.aliorbank.pl" />
+	<target host="dokumenty.aliorbank.pl" />
+	<target host="demo.efx.aliorbank.pl" />
+	<target host="et.aliorbank.pl" />
+	<target host="feniks.aliorbank.pl" />
+	<target host="firma.aliorbank.pl" />
+	<target host="gotowka.aliorbank.pl" />
+	<target host="innowacje.aliorbank.pl" />
+	<target host="internetnowa.aliorbank.pl" />
+	<target host="inwestycje.aliorbank.pl" />
+	<target host="www.inwestycje.aliorbank.pl" />
+	<target host="kalkulator-kredytowy.aliorbank.pl" />
+	<target host="m.kantor.aliorbank.pl" />
+	<target host="kantor-online.aliorbank.pl" />
+	<target host="kantor-online2.aliorbank.pl" />
+	<target host="karta-paliwowa.aliorbank.pl" />
+	<target host="kiosk.aliorbank.pl" />
+	<target host="komunikat.aliorbank.pl" />
+	<target host="konsolidacja.aliorbank.pl" />
+	<target host="www.konsolidacja.aliorbank.pl" />
+	<target host="konto.aliorbank.pl" />
+	<target host="konto-dla-firm.aliorbank.pl" />
+	<target host="konto-firmowe.aliorbank.pl" />
+	<target host="konto-mocno-oszczednosciowe.aliorbank.pl" />
+	<target host="www.konto-mocno-oszczednosciowe.aliorbank.pl" />
+	<target host="kredyt.aliorbank.pl" />
+	<target host="kredyt-biznesowy.aliorbank.pl" />
+	<target host="kredyt-dla-firm.aliorbank.pl" />
+	<target host="kredyt-firmowy.aliorbank.pl" />
+	<target host="kredyt-kalkulator.aliorbank.pl" />
+	<target host="kredyt-konsolidacyjny.aliorbank.pl" />
+	<target host="www.kredyt-konsolidacyjny.aliorbank.pl" />
+	<target host="kredyt-na-firme.aliorbank.pl" />
+	<target host="raty.mobile.aliorbank.pl" />
+	<target host="nol.aliorbank.pl" />
+	<target host="nolweb.aliorbank.pl" />
+	<target host="nowy-sezon.aliorbank.pl" />
+	<target host="www.nowy-sezon.aliorbank.pl" />
+	<target host="ofertydlalink4.aliorbank.pl" />
+	<target host="ofertydlapzu.aliorbank.pl" />
+	<target host="partner.aliorbank.pl" />
+	<target host="phishingstop.aliorbank.pl" />
+	<target host="pozyczka.aliorbank.pl" />
+	<target host="pozyczka-bank.aliorbank.pl" />
+	<target host="pozyczka-online.aliorbank.pl" />
+	<target host="pozyczka-przez-internet.aliorbank.pl" />
+	<target host="rachunek-firmowy.aliorbank.pl" />
+	<target host="raty.aliorbank.pl" />
+	<target host="rynek.aliorbank.pl" />
+	<target host="www.rynek.aliorbank.pl" />
+	<target host="system.aliorbank.pl" />
+	<target host="systemkantor.aliorbank.pl" />
+	<target host="www.systemkantor.aliorbank.pl" />
+	<target host="static.systemkantor.aliorbank.pl" />
+	<target host="tpp.aliorbank.pl" />
+	<target host="trader.aliorbank.pl" />
+	<target host="video-oddzial.aliorbank.pl" />
+	<target host="w.video-oddzial.aliorbank.pl" />
+	<target host="witamy.aliorbank.pl" />
+	<target host="wniosekonline.aliorbank.pl" />
+	<target host="www.wniosekonline.aliorbank.pl" />
+	<target host="wnioski.aliorbank.pl" />
+	<target host="wygraj-bilet.aliorbank.pl" />
+	<target host="wygraj-bon.aliorbank.pl" />
+	<target host="wygrajbilet.aliorbank.pl" />
+	<target host="www.wygrajbilet.aliorbank.pl" />
+	<target host="www.wygrajbon.aliorbank.pl" />
+	<target host="wynagrodzenie.aliorbank.pl" />
+	<target host="zafirmowani.aliorbank.pl" />
+	<target host="www.zafirmowani.aliorbank.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alipay.com.xml b/src/chrome/content/rules/Alipay.com.xml
index 786472178c1d..979e930055c0 100644
--- a/src/chrome/content/rules/Alipay.com.xml
+++ b/src/chrome/content/rules/Alipay.com.xml
@@ -72,7 +72,7 @@
 	<target host="us.ynuf.alipay.com" />
 	<target host="zhaocaibao.alipay.com" />
 	<target host="zht.alipay.com" />
-	
+
 	<!-- *alipayobjects.com -->
 	<target host="a.alipayobjects.com" />
 	<target host="as.alipayobjects.com" />
@@ -87,9 +87,9 @@
 
 	<securecookie host="^(?!fun\.)." name=".+" />
 
-	<rule from="^http://alipay\.com/" 
+	<rule from="^http://alipay\.com/"
 			to="https://www.alipay.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Alivenotdead.com.xml b/src/chrome/content/rules/Alivenotdead.com.xml
deleted file mode 100644
index 8e937788db2b..000000000000
--- a/src/chrome/content/rules/Alivenotdead.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		^		(mismatched, CN: mysql.in.alivenotdead.com)
-		mysql.in	(expired 2008-12-06, self-signed)
-
--->
-<ruleset name="alivenotdead.com">
-
-	<target host="alivenotdead.com" />
-	<target host="*.alivenotdead.com" />
-
-
-	<securecookie host="^(?:www)?\.alivenotdead\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?alivenotdead\.com/"
-		to="https://www.alivenotdead.com/" />
-
-	<rule from="^http://s3\.alivenotdead\.com/"
-		to="https://s3.alivenotdead.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Alkalm.net.xml b/src/chrome/content/rules/Alkalm.net.xml
new file mode 100644
index 000000000000..72a0bb92d79f
--- /dev/null
+++ b/src/chrome/content/rules/Alkalm.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Alkalm.net">
+	<target host="alkalm.net" />
+	<target host="www.alkalm.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alkasir.com.xml b/src/chrome/content/rules/Alkasir.com.xml
deleted file mode 100644
index 41dfc050ea68..000000000000
--- a/src/chrome/content/rules/Alkasir.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .alkasir.com
-
--->
-<ruleset name="alkasir.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="alkasir.com" />
-	<target host="www.alkasir.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.alkasir\.com$" name="^SESS[\da-f]{32}$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/All-Above-Offers.xml b/src/chrome/content/rules/All-Above-Offers.xml
deleted file mode 100644
index 746e1f12a499..000000000000
--- a/src/chrome/content/rules/All-Above-Offers.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="All Above Offers" platform="mixedcontent">
-
-	<target host="abovealloffers.com" />
-	<target host="www.abovealloffers.com" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AllCoin.com.xml b/src/chrome/content/rules/AllCoin.com.xml
deleted file mode 100644
index 72c9a4f5a835..000000000000
--- a/src/chrome/content/rules/AllCoin.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .allcoin.com
-		- www.allcoin.com
-
--->
-<ruleset name="AllCoin.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="allcoin.com" />
-	<target host="www.allcoin.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.allcoin\.com$" name="^(?:incap_ses_\d+_\d+|ref|visid_incap_\d+)$" /-->
-	<!--securecookie host="^www\.allcoin\.com$" name="^(?:___utm[abm]\w+|PHPSESSID)$" /-->
-
-	<securecookie host="^(?:www)?\.allcoin\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AllJoyn.org.xml b/src/chrome/content/rules/AllJoyn.org.xml
deleted file mode 100644
index 86733a04f216..000000000000
--- a/src/chrome/content/rules/AllJoyn.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!--
-	 For other Qualcomm coverage, see Qualcomm.xml.
--->
-<ruleset name="AllJoyn.org">
-	<target host="alljoyn.org" />
-	<target host="www.alljoyn.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/AllMyChanges.com.xml b/src/chrome/content/rules/AllMyChanges.com.xml
index 2cd1e05ca833..21100ffd993f 100644
--- a/src/chrome/content/rules/AllMyChanges.com.xml
+++ b/src/chrome/content/rules/AllMyChanges.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.allmychanges.com/ => https://www.allmychanges.com/: (51,
 		- allmychanges.com
 
 -->
-<ruleset name="AllMyChanges.com" default_off='failed ruleset test'>
+<ruleset name="AllMyChanges.com" default_off="failed ruleset test">
 
 	<target host="allmychanges.com" />
 	<target host="www.allmychanges.com" />
diff --git a/src/chrome/content/rules/AllPlayers.com.xml b/src/chrome/content/rules/AllPlayers.com.xml
deleted file mode 100644
index 5c9d039552b5..000000000000
--- a/src/chrome/content/rules/AllPlayers.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2xe74i6zxd0fz.cloudfront.net
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- f
-		- m
-		- platform
-		- store
-		- usarugbystats
-
-
-	Observed cookie domains:
-
-		- .
-		- .f
-		- .m
-		- .platform
-		- store
-		- usarugbystats
-		- www
-
--->
-<ruleset name="AllPlayers.com">
-
-	<target host="allplayers.com" />
-	<target host="*.allplayers.com" />
-
-
-	<securecookie host=".*\.allplayers\.com$" name=".+" />
-
-
-	<rule from="^http://((?:f|m|platform|store|usarugbystats|www)\.)?allplayers\.com/"
-		to="https://$1allplayers.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AllSeen_Alliance.org.xml b/src/chrome/content/rules/AllSeen_Alliance.org.xml
deleted file mode 100644
index 89ae54e106a8..000000000000
--- a/src/chrome/content/rules/AllSeen_Alliance.org.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Linux Foundation coverage, see LinuxFoundation.xml.
-
--->
-<ruleset name="AllSeen Alliance.org">
-
-	<target host="allseenalliance.org" />
-	<target host="*.allseenalliance.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^ask\.allseenalliance\.org$" name="^sessionid$" /-->
-	<!--securecookie host="^jira\.allseenalliance\.org$" name="^(JSESSIONID|atlassian\.xsrf\.token)$" /-->
-	<!--securecookie host="^wiki\.allseenalliance\.org$" name="^DokuWiki$" /-->
-
-	<securecookie host="^(?:ask|jira|wiki)\.allseenalliance\.org$" name=".+" />
-
-
-	<rule from="^http://((?:ask|git|jira|lists|wiki|www)\.)?allseenalliance\.org/"
-		to="https://$1allseenalliance.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AllShare_Play.xml b/src/chrome/content/rules/AllShare_Play.xml
index 1679a0ba72d3..193c1acc5ffc 100644
--- a/src/chrome/content/rules/AllShare_Play.xml
+++ b/src/chrome/content/rules/AllShare_Play.xml
@@ -10,12 +10,12 @@ Fetch error: http://www.allshareplay.com/ => https://www.allshareplay.com/: (6,
 Fetch error: http://fwk.allshareplay.com/ => https://fwk.allshareplay.com/: (6, 'Could not resolve host: fwk.allshareplay.com')
 
 	For other Samsung coverage, see Samsung.com.xml.
-	
+
 	Mismatch:
 		sw.*
 -->
 
-<ruleset name="AllShare_Play" default_off='failed ruleset test'>
+<ruleset name="AllShare_Play" default_off="failed ruleset test">
 
 	<target host="allshareplay.com" />
 	<target host="www.allshareplay.com" />
@@ -25,14 +25,14 @@ Fetch error: http://fwk.allshareplay.com/ => https://fwk.allshareplay.com/: (6,
 	<!--	403 in https://m.allshareplay.com/$	-->
 	<exclusion pattern="^http://m\.allshareplay\.com/$" />
 		<test url="http://m.allshareplay.com/" />
-	
+
 	<!--	403 in https://allshareplay.com/$	-->
 	<rule from="^http://allshareplay\.com/$"
 		to="https://link.samsung.com/" />
 		<test url="http://allshareplay.com/" />
-		
+
 	<rule from="^http:" to="https:" />
 		<test url="http://www.allshareplay.com/pc/common/css/camera.css" />
 		<test url="http://m.allshareplay.com/pc/error/underconstruction.html" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/AllUnmanaged.com.xml b/src/chrome/content/rules/AllUnmanaged.com.xml
deleted file mode 100644
index a901d29e86cd..000000000000
--- a/src/chrome/content/rules/AllUnmanaged.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Rose Web Services coverage, see RoseHosting.com.xml.
-
--->
-<ruleset name="AllUnmanaged.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="allunmanaged.com" />
-	<target host="www.allunmanaged.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AllYouCanArcade.com.xml b/src/chrome/content/rules/AllYouCanArcade.com.xml
new file mode 100644
index 000000000000..4b4c24163c68
--- /dev/null
+++ b/src/chrome/content/rules/AllYouCanArcade.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="AllYouCanArcade.com">
+
+	<target host="allyoucanarcade.com" />
+	<target host="www.allyoucanarcade.com" />
+	<target host="blog.allyoucanarcade.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/All_American_Trains.xml b/src/chrome/content/rules/All_American_Trains.xml
index 6419977a9fba..2179f7a92418 100644
--- a/src/chrome/content/rules/All_American_Trains.xml
+++ b/src/chrome/content/rules/All_American_Trains.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/All_Day_Calm.xml b/src/chrome/content/rules/All_Day_Calm.xml
index 34296d2837e0..17d0694564c7 100644
--- a/src/chrome/content/rules/All_Day_Calm.xml
+++ b/src/chrome/content/rules/All_Day_Calm.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/All_Star_Tire.xml b/src/chrome/content/rules/All_Star_Tire.xml
index 1d6af8a7d0b0..33d5f1aa6efd 100644
--- a/src/chrome/content/rules/All_Star_Tire.xml
+++ b/src/chrome/content/rules/All_Star_Tire.xml
@@ -4,9 +4,9 @@
 	<target host="www.allstartire.com" />
 
 
-	<securecookie host="^(?:.*\.)?allstartire\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/All_You_Can_Arcade.com.xml b/src/chrome/content/rules/All_You_Can_Arcade.com.xml
deleted file mode 100644
index 46e6f35628a4..000000000000
--- a/src/chrome/content/rules/All_You_Can_Arcade.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- blog	(mismatched, CN: *.bluehost.com)
-
--->
-<ruleset name="All You Can Arcade.com (partial)">
-
-	<target host="allyoucanarcade.com" />
-	<target host="*.allyoucanarcade.com" />
-
-
-	<securecookie host="^www\.allyoucanarcade\.com$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?allyoucanarcade\.com/"
-		to="https://www.allyoucanarcade.com/" />
-
-	<rule from="^http://blog\.allyoucanarcade\.com/wp-content/"
-		to="https://secure.bluehost.com/~findmymi/allyoucanarcadeblog/wp-content/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Allegro.pl.xml b/src/chrome/content/rules/Allegro.pl.xml
new file mode 100644
index 000000000000..e81b36ab94f3
--- /dev/null
+++ b/src/chrome/content/rules/Allegro.pl.xml
@@ -0,0 +1,19 @@
+<ruleset name="Allegro.pl">
+	<target host="allegro.pl" />
+	<target host="www.allegro.pl" />
+	<target host="ads.allegro.pl" />
+	<target host="archiwum.allegro.pl" />
+	<target host="charytatywni.allegro.pl" />
+	<target host="dlakupujacych.allegro.pl" />
+	<target host="kupony.allegro.pl" />
+	<target host="magazyn.allegro.pl" />
+	<target host="ms.allegro.pl" />
+	<target host="na.allegro.pl" />
+	<target host="podarujmisia.allegro.pl" />
+	<target host="polandrock.allegro.pl" />
+	<target host="reklama.allegro.pl" />
+	<target host="ssl.allegro.pl" />
+	<target host="wystawna.allegro.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Allegro.xml b/src/chrome/content/rules/Allegro.xml
deleted file mode 100644
index fc4bec30e895..000000000000
--- a/src/chrome/content/rules/Allegro.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- NOTE: A user reports that this rule doesn't work and breaks the
-     site. -->
-
-<ruleset name="Allegro" default_off="reported broken">
-  <target host="www.allegro.pl" />
-  <target host="allegro.pl" />
-
-  <rule from="^http://(?:www\.)?allegro\.pl/" to="https://ssl.allegro.pl/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Allegrolokalnie.pl.xml b/src/chrome/content/rules/Allegrolokalnie.pl.xml
new file mode 100644
index 000000000000..3d11e088ead2
--- /dev/null
+++ b/src/chrome/content/rules/Allegrolokalnie.pl.xml
@@ -0,0 +1,6 @@
+<ruleset name="AllegroLokalnie.pl">
+	<target host="allegrolokalnie.pl" />
+	<target host="www.allegrolokalnie.pl" />
+	<target host="zobacz.allegrolokalnie.pl" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AllemandFacile.com.xml b/src/chrome/content/rules/AllemandFacile.com.xml
new file mode 100644
index 000000000000..3ddc1d4ba0f4
--- /dev/null
+++ b/src/chrome/content/rules/AllemandFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="AllemandFacile.com">
+	<target host="allemandfacile.com" />
+	<target host="www.allemandfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AllianceBernstein.xml b/src/chrome/content/rules/AllianceBernstein.xml
index 766b02454801..fd833ee4a394 100644
--- a/src/chrome/content/rules/AllianceBernstein.xml
+++ b/src/chrome/content/rules/AllianceBernstein.xml
@@ -1,7 +1,6 @@
 <!--
 	Other AllianceBernstein rulesets:
 
-		- CollegeBoundfund.xml
 
 
 	Nonfunctional domains:
@@ -20,7 +19,6 @@
 	<securecookie host="^(?:www\.)?alliancebernstein\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(alliance)?bernstein\.com/"
-		to="https://$1$2bernstein.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml b/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml
index 802311a5d4a3..8c4ad6bf66f0 100644
--- a/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml
+++ b/src/chrome/content/rules/Allianz_fur_Cyber-Sicherheit.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:www\.)?(allianz-?fuer-?cybersicherheit\.(?:de|org)|cybersicherheits-allianz\.de)/"
 		to="https://www.$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlliedMods.xml b/src/chrome/content/rules/AlliedMods.xml
index 849f30196fef..c346c9e65c0b 100644
--- a/src/chrome/content/rules/AlliedMods.xml
+++ b/src/chrome/content/rules/AlliedMods.xml
@@ -2,7 +2,7 @@
 	<target host="alliedmods.net" />
 	<target host="*.alliedmods.net" />
 
-	<securecookie host="^(?:.*\.)?alliedmods\.net$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://([^/@:\.]+)\.alliedmods\.net/"
 		to="https://$1.alliedmods.net/" />
diff --git a/src/chrome/content/rules/Allied_Media.org.xml b/src/chrome/content/rules/Allied_Media.org.xml
index cb8bec4eb6de..0fda6116a85e 100644
--- a/src/chrome/content/rules/Allied_Media.org.xml
+++ b/src/chrome/content/rules/Allied_Media.org.xml
@@ -22,7 +22,10 @@ Fetch error: http://alliedmedia.org/ => https://alliedmedia.org/: (60, 'SSL cert
 <ruleset name="Allied Media.org">
 
 	<target host="alliedmedia.org" />
-	<target host="*.alliedmedia.org" />
+	<!--target host="amc.alliedmedia.org" /-->
+	<target host="store.alliedmedia.org" />
+	<!--target host="talk.alliedmedia.org" /-->
+	<target host="www.alliedmedia.org" />
 
 
 	<!--	Not secured by server:
@@ -33,7 +36,6 @@ Fetch error: http://alliedmedia.org/ => https://alliedmedia.org/: (60, 'SSL cert
 	<securecookie host="^\.(?:store|talk)\.alliedmedia\.org$" name=".+" />
 
 
-	<rule from="^http://((?:amc|store|talk|www)\.)?alliedmedia\.org/"
-		to="https://$1alliedmedia.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Allmyvideos.net.xml b/src/chrome/content/rules/Allmyvideos.net.xml
index 7ff122908264..fb8e5d937412 100644
--- a/src/chrome/content/rules/Allmyvideos.net.xml
+++ b/src/chrome/content/rules/Allmyvideos.net.xml
@@ -26,7 +26,7 @@ Fetch error: http://www.allmyvideos.net/ => https://www.allmyvideos.net/: (60, '
 	* Unsecurable
 
 -->
-<ruleset name="allmyvideos.net (partial)" default_off='failed ruleset test'>
+<ruleset name="allmyvideos.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Allo-Grenouille.fr.xml b/src/chrome/content/rules/Allo-Grenouille.fr.xml
deleted file mode 100644
index 421b06cf1397..000000000000
--- a/src/chrome/content/rules/Allo-Grenouille.fr.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Allo'Grenouille">
-
-	<target host="allo-grenouille.fr" />
-	<target host="www.allo-grenouille.fr" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Alloscomp.com.xml b/src/chrome/content/rules/Alloscomp.com.xml
index ca94a9ea8150..bae6d3fe9301 100644
--- a/src/chrome/content/rules/Alloscomp.com.xml
+++ b/src/chrome/content/rules/Alloscomp.com.xml
@@ -13,6 +13,6 @@
 	<rule from="^http://www\.alloscomp\.com/"
 			to="https://alloscomp.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Alloy_Digital.xml b/src/chrome/content/rules/Alloy_Digital.xml
index 1a9ccca765a8..cd29b05b85fa 100644
--- a/src/chrome/content/rules/Alloy_Digital.xml
+++ b/src/chrome/content/rules/Alloy_Digital.xml
@@ -56,7 +56,7 @@ Fetch error: http://cdn.thegrindstone.com/ => https://d176o63igdzvgd.cloudfront.
 		- (www.)thegrindstone.com	(ditto)
 
 -->
-<ruleset name="Alloy Digital (partial)" default_off='failed ruleset test'>
+<ruleset name="Alloy Digital (partial)" default_off="failed ruleset test">
 
 	<target host="cdn.b5media.com" />
 	<target host="cdn.blisstree.com" />
diff --git a/src/chrome/content/rules/Allpoetry.xml b/src/chrome/content/rules/Allpoetry.xml
index ace8d38835a7..e2365c5f8a8b 100644
--- a/src/chrome/content/rules/Allpoetry.xml
+++ b/src/chrome/content/rules/Allpoetry.xml
@@ -11,7 +11,8 @@
 <ruleset name="Allpoetry" default_off="breaks login">
 
 	<target host="allpoetry.com" />
-	<target host="*.allpoetry.com" />
+	<target host="a.allpoetry.com" />
+	<target host="www.allpoetry.com" />
 
 
 	<securecookie host="^\.?allpoetry\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Alltop.com.xml b/src/chrome/content/rules/Alltop.com.xml
index 71c914d19d26..4e7a0795b8fb 100644
--- a/src/chrome/content/rules/Alltop.com.xml
+++ b/src/chrome/content/rules/Alltop.com.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: *.alltop.com has a wildcard DNS record and 
+	Remark: *.alltop.com has a wildcard DNS record and
 		a wildcard certificate.
 -->
 <ruleset name="AllTop.com">
diff --git a/src/chrome/content/rules/Alluremedia.com.xml b/src/chrome/content/rules/Alluremedia.com.xml
new file mode 100644
index 000000000000..5550b054d859
--- /dev/null
+++ b/src/chrome/content/rules/Alluremedia.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Alluremedia.com">
+	<target host="alluremedia.com" />
+	<target host="www.alluremedia.com" />
+	<target host="carmen-saison2.alluremedia.com" />
+	<target host="grace.alluremedia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alluremedia.xml b/src/chrome/content/rules/Alluremedia.xml
deleted file mode 100644
index 0ae96dc834f6..000000000000
--- a/src/chrome/content/rules/Alluremedia.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wac.4AFA.edgecastcdn.net/...
-			- edge.alluremedia.com.au
-
-
-	Nonfunctional domains:
-
-		- (www.)alluremedia.com		(reset)
-		- gizmodo.com.au ¹
-		- www.gizmodo.com.au ²
-		- kotaku.com.au ¹
-		- www.kotaku.com.au ²
-		- lifehacker.com.au ¹
-		- www.lifehacker.com.au ²
-
-	¹ 403
-	² Redirects to http
-
-
-	Problematic domains:
-
-		- (www.)alluremedia.com.au	($ redirects to www, wp-content/ works; mismatched, CN: secure.alluremedia.com.au)
-		- edge.alluremedia.com.au	(cert: gp1.wac.edgecastcdn.net; 404)
-
--->
-<ruleset name="Alluremedia (partial)">
-
-	<target host="*.alluremedia.com.au" />
-
-
-	<rule from="^http://edge\.alluremedia\.com\.au/(assets/img|m)/"
-		to="https://i0.wp.com/edge.alluremedia.com.au/$1/" />
-
-	<rule from="^http://(?:edge|secure)\.alluremedia\.com/"
-		to="https://secure.alluremedia.com.au/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ally_Financial-problematic.xml b/src/chrome/content/rules/Ally_Financial-problematic.xml
index 44f485e62932..09145d05960e 100644
--- a/src/chrome/content/rules/Ally_Financial-problematic.xml
+++ b/src/chrome/content/rules/Ally_Financial-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ally_Financial.xml b/src/chrome/content/rules/Ally_Financial.xml
index d5f74ba59749..a2b4583967db 100644
--- a/src/chrome/content/rules/Ally_Financial.xml
+++ b/src/chrome/content/rules/Ally_Financial.xml
@@ -39,10 +39,16 @@ Fetch error: http://www.smartauction.biz/ => https://www.smartauction.biz/: (60,
 		- www.smartauction.biz
 
 -->
-<ruleset name="Ally Financial (partial)" default_off='failed ruleset test'>
+<ruleset name="Ally Financial (partial)" default_off="failed ruleset test">
 
 	<target host="ally.com" />
-	<target host="*.ally.com" />
+	<target host="billpay.ally.com" />
+	<target host="chat.ally.com" />
+	<target host="m.ally.com" />
+	<target host="online-application.ally.com" />
+	<target host="secure.ally.com" />
+	<target host="survey.ally.com" />
+	<target host="www.ally.com" />
 	<target host="allybank.com" />
 	<target host="www.allybank.com" />
 	<target host="www.smartauction.biz" />
@@ -51,13 +57,10 @@ Fetch error: http://www.smartauction.biz/ => https://www.smartauction.biz/: (60,
 	<securecookie host=".*\.ally\.com$" name=".+" />
 
 
-	<rule from="^http://((?:billpay|chat|m|online-application|secure|survey|www)\.)?ally\.com/"
-		to="https://$1ally.com/" />
 
 	<rule from="^http://(?:www\.)?allybank\.com/"
 		to="https://www.ally.com/" />
 
-	<rule from="^http://www\.smartauction\.biz/"
-		to="https://www.smartauction.biz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Alonetone.xml b/src/chrome/content/rules/Alonetone.xml
deleted file mode 100644
index 93380b81420e..000000000000
--- a/src/chrome/content/rules/Alonetone.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
--->
-<ruleset name="alonetone (partial)">
-
-	<target host="stash.alonetone.com" />
-
-
-	<rule from="^http://stash\.alonetone\.com/"
-		to="https://s3.amazonaws.com/stash.alonetone.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AlphaSSL.xml b/src/chrome/content/rules/AlphaSSL.xml
index addb81cc6f5f..3ee86fc959d0 100644
--- a/src/chrome/content/rules/AlphaSSL.xml
+++ b/src/chrome/content/rules/AlphaSSL.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlpineLinux.org.xml b/src/chrome/content/rules/AlpineLinux.org.xml
new file mode 100644
index 000000000000..6efe18dcc27a
--- /dev/null
+++ b/src/chrome/content/rules/AlpineLinux.org.xml
@@ -0,0 +1,75 @@
+<!--
+	Nonfunctional hosts in *.alpinelinux.org:
+
+		- dl-1.alpinelinux.org (e)
+		- dl-2.alpinelinux.org (r)
+		- dl-3.alpinelinux.org (m)
+		- dl-6.alpinelinux.org (t)
+		- dl-7.alpinelinux.org (r)
+		- dl-8.alpinelinux.org (t)
+		- dl-cdn.alpinelinux.org (m)
+		- docs.alpinelinux.org (m) (multiple certificates provided)
+		- infra.alpinelinux.org (m)
+		- mail.alpinelinux.org (m)
+		- mail.alpinelinux.org (m)
+		- no.alpinelinux.org (s)
+		- ns1.alpinelinux.org (m)
+		- ns2.alpinelinux.org (e)
+
+	e: certificate expired
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Insecure cookies are set for these hosts:
+
+		- bugs.alpinelinux.org
+-->
+<ruleset name="Alpinelinux.org">
+
+	<target host="alpinelinux.org" />
+	<target host="www.alpinelinux.org" />
+	<target host="api.alpinelinux.org" />
+	<target host="boot.alpinelinux.org" />
+	<target host="bugs.alpinelinux.org" />
+	<target host="build.alpinelinux.org" />
+	<target host="cz.alpinelinux.org" />
+	<target host="dev.alpinelinux.org" />
+	<target host="distfiles.alpinelinux.org" />
+	<target host="dl-4.alpinelinux.org" />
+	<target host="dl-5.alpinelinux.org" />
+	<target host="dl.alpinelinux.org" />
+	<target host="beta.docs.alpinelinux.org" />
+	<target host="git.alpinelinux.org" />
+	<target host="gitlab.alpinelinux.org" />
+	<target host="gitlabtest.alpinelinux.org" />
+	<target host="lists.alpinelinux.org" />
+	<target host="mirrors.alpinelinux.org" />
+	<target host="msg.alpinelinux.org" />
+	<target host="nl.alpinelinux.org" />
+	<target host="nl3.alpinelinux.org" />
+	<target host="nld3.alpinelinux.org" />
+	<target host="patchwork.alpinelinux.org" />
+	<target host="phabtest.alpinelinux.org" />
+	<target host="pkgs.alpinelinux.org" />
+	<target host="pkt1-lxc2.alpinelinux.org" />
+	<target host="redmine.alpinelinux.org" />
+	<target host="uk.alpinelinux.org" />
+	<target host="wiki.alpinelinux.org" />
+	<target host="wwwtest.alpinelinux.org" />
+	<target host="zabbix.alpinelinux.org" />
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^bugs\.alpinelinux\.org$" name="^_redmine_session" /-->
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Alpine_Linux.org.xml b/src/chrome/content/rules/Alpine_Linux.org.xml
deleted file mode 100644
index 1bc612db3dc9..000000000000
--- a/src/chrome/content/rules/Alpine_Linux.org.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-	Nonfunctional hosts in *alpinelinux.org:
-
-		- git ²
-		- mail ²
-		- dl-cdn mismatch
-		- distfiles timed out
-		- dev timed out
-		- build timed out
-
-	² Dropped
-
-
-	Problematic hosts in *alpinelinux.org:
-
-		- forum *
-
-	* Mixed css
-
-
-	Insecure cookies are set for these hosts:
-
-		- bugs.alpinelinux.org
-
-
-	Mixed content:
-
-		- css, on:
-		
-			- forum from $self *
-			- forum from fonts.googleapis.com *
-
-		- Images on forum from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Alpine Linux.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="alpinelinux.org" />
-	<target host="bugs.alpinelinux.org" />
-	<target host="www.alpinelinux.org" />
-	<target host="wiki.alpinelinux.org" />
-	<target host="forum.alpinelinux.org" />
-	<target host="pkgs.alpinelinux.org" />
-	<target host="patchwork.alpinelinux.org" />
-	<target host="lists.alpinelinux.org" />
-	<target host="nl.alpinelinux.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bugs\.alpinelinux\.org$" name="^_redmine_session" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AlreadyHosting.com.xml b/src/chrome/content/rules/AlreadyHosting.com.xml
deleted file mode 100644
index 53cde3c5f3df..000000000000
--- a/src/chrome/content/rules/AlreadyHosting.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="AlreadyHosting.com (partial)">
-
-	<target host="bestwebhostinggeek.com" />
-	<target host="www.bestwebhostinggeek.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Alta_Ski_Area.xml b/src/chrome/content/rules/Alta_Ski_Area.xml
index 8c55c4159912..47b62b6a5800 100644
--- a/src/chrome/content/rules/Alta_Ski_Area.xml
+++ b/src/chrome/content/rules/Alta_Ski_Area.xml
@@ -5,7 +5,8 @@
 <ruleset name="Alta Ski Area">
 
 	<target host="alta.com" />
-	<target host="*.alta.com" />
+	<target host="www.alta.com" />
+	<target host="shop.alta.com" />
 
 
 	<securecookie host="^shop\.alta\.com$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?alta\.com/"
 		to="https://www.alta.com/" />
 
-	<rule from="^http://shop\.alta\.com/"
-		to="https://shop.alta.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Alteeve.ca.xml b/src/chrome/content/rules/Alteeve.ca.xml
index eb35077727c0..85b03c80aa80 100644
--- a/src/chrome/content/rules/Alteeve.ca.xml
+++ b/src/chrome/content/rules/Alteeve.ca.xml
@@ -1,16 +1,13 @@
 <!--
-	www.alteeve.ca doesn't exist.
-
+	Connection refused:
+		- plan.alteeve.ca
 -->
-<ruleset name="Alteeve.ca">
 
+<ruleset name="Alteeve.ca">
 	<target host="alteeve.ca" />
-
+	<target host="www.alteeve.ca" />
 
 	<securecookie host="^\w" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AlterNet.xml b/src/chrome/content/rules/AlterNet.xml
index 3fd2e07525b4..84211c400a64 100644
--- a/src/chrome/content/rules/AlterNet.xml
+++ b/src/chrome/content/rules/AlterNet.xml
@@ -6,7 +6,7 @@
 		files.alternet.org
 			<test url="http://files.alternet.org/css/slimbox2.css" />
 			<test url="https://files.alternet.org/css/slimbox2.css" />
-			(but website sometimes links to https even though it is 
+			(but website sometimes links to https even though it is
 			 broken.)
 
 -->
diff --git a/src/chrome/content/rules/Altera.com.xml b/src/chrome/content/rules/Altera.com.xml
index 93ce705a8d89..b5b2dd1f2d99 100644
--- a/src/chrome/content/rules/Altera.com.xml
+++ b/src/chrome/content/rules/Altera.com.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:www\.)?altera\.com/(?=common/|favicon\.ico|js\.lib/|myaltera(?:$|[?/]))"
 		to="https://www.altera.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AlternC.xml b/src/chrome/content/rules/AlternC.xml
index 6b59638a5cbe..a175519cdfbc 100644
--- a/src/chrome/content/rules/AlternC.xml
+++ b/src/chrome/content/rules/AlternC.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.alternc.org/ => https://www.alternc.org/: (51, "SSL: no
 		- mail.demo	(redirects to demo)
 
 -->
-<ruleset name="AlternC (partial)" default_off='failed ruleset test'>
+<ruleset name="AlternC (partial)" default_off="failed ruleset test">
 
 	<target host="alternc.org" />
 	<target host="demo.alternc.org" />
@@ -21,4 +21,4 @@ Fetch error: http://www.alternc.org/ => https://www.alternc.org/: (51, "SSL: no
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alternate.xml b/src/chrome/content/rules/Alternate.xml
index 6ad5acad8767..f7c5e734db9c 100644
--- a/src/chrome/content/rules/Alternate.xml
+++ b/src/chrome/content/rules/Alternate.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://alternate-b2b.nl/ => https://alternate-b2b.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'alternate-b2b.nl'")
 
 -->
-<ruleset name="Alternate" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Alternate" platform="mixedcontent" default_off="failed ruleset test">
   <target host="*.alternate.be"/>
   <target host="alternate.be"/>
   <target host="*.alternate.nl"/>
diff --git a/src/chrome/content/rules/Altex.ro.xml b/src/chrome/content/rules/Altex.ro.xml
index 46b9bc00cd10..67d134f2417d 100644
--- a/src/chrome/content/rules/Altex.ro.xml
+++ b/src/chrome/content/rules/Altex.ro.xml
@@ -27,14 +27,14 @@ Fetch error: http://cdn.altex.ro/ => https://d2qpxedcu5ji30.cloudfront.net/: (28
 		- css on www from cdn.altex.ro *
 
 		- Images, on:
-		
+
 			- www from admin.altex.ro
 			- www from cdn.altex.ro *
 
 	* Secured by us
 
 -->
-<ruleset name="Altex.ro (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Altex.ro (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -55,10 +55,6 @@ Fetch error: http://cdn.altex.ro/ => https://d2qpxedcu5ji30.cloudfront.net/: (28
 	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://cdn\.altex\.ro/"
-		to="https://d2qpxedcu5ji30.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Altimate_Wellness.xml b/src/chrome/content/rules/Altimate_Wellness.xml
deleted file mode 100644
index 58c6deceae99..000000000000
--- a/src/chrome/content/rules/Altimate_Wellness.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Altimate Wellness (partial)">
-
-	<target host="altimatewellness.com" />
-	<target host="www.altimatewellness.com" />
-
-
-	<rule from="^http://(www\.)?altimatewellness\.com/wp-(admin(?:/|\.php)|content/|includes/)"
-		to="https://$1altimatewellness.com/wp-$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Alukah.net.xml b/src/chrome/content/rules/Alukah.net.xml
new file mode 100644
index 000000000000..c73a54768dd7
--- /dev/null
+++ b/src/chrome/content/rules/Alukah.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		en.alukah.net
+		majles.alukah.net
+	Refused:
+		fatawa.alukah.net
+		radio.alukah.net
+-->
+<ruleset name="Alukah.net" >
+	<target host="alukah.net" />
+	<target host="www.alukah.net" />
+	<target host="api.alukah.net" />
+
+	<securecookie host="^(www|api)\.alukah\.net$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AlumFX.com.xml b/src/chrome/content/rules/AlumFX.com.xml
index c2471499a39a..b9f387ef5022 100644
--- a/src/chrome/content/rules/AlumFX.com.xml
+++ b/src/chrome/content/rules/AlumFX.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?alumfx\.com/images/"
 		to="https://$1alumfx.com/images/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alumniconnections.com.xml b/src/chrome/content/rules/Alumniconnections.com.xml
index a009642addaf..298ef27607e0 100644
--- a/src/chrome/content/rules/Alumniconnections.com.xml
+++ b/src/chrome/content/rules/Alumniconnections.com.xml
@@ -6,16 +6,16 @@ Fetch error: http://alumniconnections.com/ => https://alumniconnections.com/: (2
 	For other iModules coverage, see IModules.xml.
 
 -->
-<ruleset name="alumniconnections.com" default_off='failed ruleset test'>
+<ruleset name="alumniconnections.com" default_off="failed ruleset test">
 
 	<target host="alumniconnections.com" />
-	<target host="*.alumniconnections.com" />
+	<target host="secure.www.alumniconnections.com" />
+	<target host="www.alumniconnections.com" />
 
 
 	<securecookie host="^secure\.www\.alumniconnections\.com$" name=".+" />
 
 
-	<rule from="^http://(secure\.www\.|www\.)?alumniconnections\.com/"
-		to="https://$1alumniconnections.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Alzheimers_Association.xml b/src/chrome/content/rules/Alzheimers_Association.xml
index d9715a97cf44..610b46b226f8 100644
--- a/src/chrome/content/rules/Alzheimers_Association.xml
+++ b/src/chrome/content/rules/Alzheimers_Association.xml
@@ -26,7 +26,9 @@
 <ruleset name="Alzheimer's Association (partial)">
 
 	<target host="alz.org" />
-	<target host="*.alz.org" />
+	<target host="sdc.alz.org" />
+	<target host="shop.alz.org" />
+	<target host="www.alz.org" />
 		<!--exclusion pattern="^http://act\.alz\.org/+(PageServer;|TR/Walk/General\?)" /-->
 		<exclusion pattern="^http://act\.alz\.org/+(?!$|\?|\w+/images/|css/|favicon\.ico|images/)" />
 
@@ -43,7 +45,6 @@
 	<securecookie host="^(?:sdc\.|www\.)?alz\.org$" name=".+" />
 
 
-	<rule from="^http://((?:sdc|shop|www)\.)?alz\.org/"
-		to="https://$1alz.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Alzheimers_Society.xml b/src/chrome/content/rules/Alzheimers_Society.xml
index c34e6275b427..9b1d6368d7a1 100644
--- a/src/chrome/content/rules/Alzheimers_Society.xml
+++ b/src/chrome/content/rules/Alzheimers_Society.xml
@@ -13,7 +13,8 @@ Fetch error: http://alzheimers.org.uk/ => https://www.alzheimers.org.uk/: (60, '
 <ruleset name="Alzheimer's Society (partial)">
 
 	<target host="alzheimers.org.uk" />
-	<target host="*.alzheimers.org.uk" />
+	<target host="www.alzheimers.org.uk" />
+	<target host="shop.alzheimers.org.uk" />
 
 
 	<securecookie host="^(?:www)?\.alzheimers\.org\.uk$" name=".+" />
@@ -25,4 +26,4 @@ Fetch error: http://alzheimers.org.uk/ => https://www.alzheimers.org.uk/: (60, '
 	<rule from="^http://shop\.alzheimers\.org\.uk/(checkout(?:$|\?|/)|_css/|images/|_img/|_js/)"
 		to="https://shop.alzheimers.org.uk/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AmEx_Travel.com.xml b/src/chrome/content/rules/AmEx_Travel.com.xml
deleted file mode 100644
index 47c016f34371..000000000000
--- a/src/chrome/content/rules/AmEx_Travel.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other American Express coverage, see AmericanExpress.xml.
-
-
-	Fully covered hosts in *amextravel.com:
-
-		- faq
-
-
-	Insecure cookies are set for these hosts:
-
-		- faq.amextravel.com
-
--->
-<ruleset name="AmEx Travel.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="faq.amextravel.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^faq\.amextravel\.com$" name="^cp_session$" /-->
-
-	<securecookie host="^faq\.amextravel\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AmExserve-static.com.xml b/src/chrome/content/rules/AmExserve-static.com.xml
deleted file mode 100644
index bf155552c691..000000000000
--- a/src/chrome/content/rules/AmExserve-static.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other American Express coverage, see AmericanExpress.xml.
-
-
-	Fully covered subdomains:
-
-		- cdnsecureservep1
-
--->
-<ruleset name="AmExserve-static.com">
-
-	<target host="cdnsecureservep1.amexserve-static.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AmamiyaSora.jp.xml b/src/chrome/content/rules/AmamiyaSora.jp.xml
new file mode 100644
index 000000000000..53cf18a4c833
--- /dev/null
+++ b/src/chrome/content/rules/AmamiyaSora.jp.xml
@@ -0,0 +1,6 @@
+<ruleset name="AmamiyaSora.jp">
+	<target host="amamiyasora.jp" />
+	<target host="www.amamiyasora.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amazingweb.xml b/src/chrome/content/rules/Amazingweb.xml
index cbc6ca75d183..21d95feeb956 100644
--- a/src/chrome/content/rules/Amazingweb.xml
+++ b/src/chrome/content/rules/Amazingweb.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amazon-Adsystem.com.xml b/src/chrome/content/rules/Amazon-Adsystem.com.xml
index 593c23039293..af4b57af2f8f 100644
--- a/src/chrome/content/rules/Amazon-Adsystem.com.xml
+++ b/src/chrome/content/rules/Amazon-Adsystem.com.xml
@@ -33,16 +33,26 @@
 				-->
 	<target host="aax.amazon-adsystem.com" />
 	<target host="aax-eu.amazon-adsystem.com" />
+	<target host="aax-fe.amazon-adsystem.com" />
+	<target host="aax-fe-pek.amazon-adsystem.com" />
+	<target host="aax-fe-sin.amazon-adsystem.com" />
 	<target host="aax-us-east.amazon-adsystem.com" />
 	<target host="c.amazon-adsystem.com" />
+	<target host="fls-eu.amazon-adsystem.com" />
+	<target host="fls-fe.amazon-adsystem.com" />
 	<target host="fls-na.amazon-adsystem.com" />
 	<target host="ir-de.amazon-adsystem.com" />
+	<target host="ir-jp.amazon-adsystem.com" />
 	<target host="ir-na.amazon-adsystem.com" />
+	<target host="rcm-eu.amazon-adsystem.com" />
+	<target host="rcm-fe.amazon-adsystem.com" />
 	<target host="rcm-na.amazon-adsystem.com" />
 	<target host="s.amazon-adsystem.com" />
 	<target host="wms-eu.amazon-adsystem.com" />
+	<target host="wms-fe.amazon-adsystem.com" />
 	<target host="wms-na.amazon-adsystem.com" />
 	<target host="ws-eu.amazon-adsystem.com" />
+	<target host="ws-fe.amazon-adsystem.com" />
 	<target host="ws-na.amazon-adsystem.com" />
 
 	<!--	Complications:
diff --git a/src/chrome/content/rules/Amazon.xml b/src/chrome/content/rules/Amazon.xml
index 421226dcb454..f44786bb19f0 100644
--- a/src/chrome/content/rules/Amazon.xml
+++ b/src/chrome/content/rules/Amazon.xml
@@ -1,7 +1,13 @@
+
 <!--
-	Other Amazon rulesets:
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-		- 6PM.com.xml
+Fetch error: http://kindlescout.amazon.com/ => https://kindlescout.amazon.com/: (28, 'Resolving timed out after 20530 milliseconds')
+Fetch error: http://storywriter.amazon.com/ => https://storywriter.amazon.com/: (7, 'Failed to connect to storywriter.amazon.com port 443: Connection refused')
+Fetch error: http://vendorexpress.amazon.com/ => https://vendorexpress.amazon.com/: (28, 'Resolving timed out after 20528 milliseconds')
+Fetch error: http://widgets.amazon.com/ => https://widgets.amazon.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
+	Other Amazon rulesets:
 		- AWS_Trust.com.xml
 		- AbeBooks.co.uk.xml
 		- AbeBooks.xml
@@ -22,13 +28,10 @@
 		- BeautyBar.com.xml
 		- ComiXology.com.xml
 		- CreateSpace.xml
-		- Images-CreateSpace.com.xml
 		- Images-Amazon.com.xml
-		- Junglee.com.xml
 		- MTurk.com.xml
 		- Soap.com.xml
 		- SSL-Images-Amazon.com.xml
-		- TenMarks.com.xml
 		- amazon.ca.xml
 		- amazon.cn.xml
 		- amazon.co.jp.xml
@@ -45,7 +48,6 @@
 		- casa.com.xml
 		- diapers.com.xml
 		- eastdane.com.xml
-		- q-assets.com.xml
 		- quidsi.com.xml
 		- shopbop.com.xml
 		- wag.com.xml
@@ -58,18 +60,8 @@
 	Amazon appears to operate in 7 countries, and does not hold the domains
 	for some others, like .se or .be.  In other cases there is an http-only site
 	that redirects to one of these 7 countries.
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .amazon.com
-		- www.amazon.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
 -->
 <ruleset name="Amazon.com">
-
 	<target host="amazon.com" />
 	<target host="advertising.amazon.com" />
 	<target host="affiliate-program.amazon.com" />
@@ -80,7 +72,6 @@
 	<target host="status.aws.amazon.com" />
 	<target host="aws-portal.amazon.com" />
 	<target host="catalyst.amazon.com" />
-	<target host="coursematerials.amazon.com" />
 	<target host="developer.amazon.com" />
 	<target host="fls-eu.amazon.com" />
 	<target host="fls-na.amazon.com" />
@@ -88,41 +79,34 @@
 	<target host="images.amazon.com" />
 	<target host="images-jp.amazon.com" />
 	<target host="kdp.amazon.com" />
-	<target host="kindlescout.amazon.com" />
+	<!-- target host="kindlescout.amazon.com" /-->
 	<target host="local.amazon.com" />
 	<target host="payments.amazon.com" />
 	<target host="rcm.amazon.com" />
 	<target host="sellercentral.amazon.com" />
 	<target host="services.amazon.com" />
 	<target host="smile.amazon.com" />
-	<target host="storywriter.amazon.com" />
+	<!-- target host="storywriter.amazon.com" /-->
 	<target host="studios.amazon.com" />
 	<target host="uedata.amazon.com" />
-	<target host="vendorexpress.amazon.com" />
+	<!-- target host="vendorexpress.amazon.com" /-->
 	<target host="videodirect.amazon.com" />
 	<target host="webservices.amazon.com" />
 		<test url="http://webservices.amazon.com/scratchpad/index.html" />
 	<target host="whispercast.amazon.com" />
-	<target host="widgets.amazon.com" />
+	<!-- target host="widgets.amazon.com" /-->
 	<target host="ws.amazon.com" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.amazon\.com$" name="^(?:kdp-lc-main|session-id|session-id-time|session-token|skin|ubid-main|x-wl-uid)$" /-->
-
-	<securecookie host=".+" name="^(?:aps-trtmnt$|s_v)" />
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://g-images\.amazon\.com/"
 		to="https://d1ge0kk1l5kms0.cloudfront.net/" />
-
 		<test url="http://g-images.amazon.com/images/G/01/dvd/sony/casinoroyale/CR13lrg._VNONE_FOUND_.jpg" />
 
 	<rule from="^http://images(-jp)?\.amazon\.com/"
 		to="https://images-na.ssl-images-amazon.com/" />
-
 		<test url="http://images.amazon.com/images/P/B000067Q2B.01._SCLZZZZZZZ_.jpg" />
+		<test url="http://images-jp.amazon.com/images/P/B000067Q2B.01._SCLZZZZZZZ_.jpg" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/AmazonAWS.com.xml b/src/chrome/content/rules/AmazonAWS.com.xml
index 4c99904199fc..00b8a2e63ffd 100644
--- a/src/chrome/content/rules/AmazonAWS.com.xml
+++ b/src/chrome/content/rules/AmazonAWS.com.xml
@@ -4,196 +4,25 @@
 	Nonfunctional domains:
 
 		- cloudfront-labs.amazonaws.com		(refused)
-
+    - any s3.amazonaws.com (V1) will be nonfunctional after Sept 30, 2020
 
 	Problematic domains:
 
 		- (.+.)s3-website-eu-west-1.amazonaws.com
 		- (.+.)s3-website-us-east-1.amazonaws.com
-
-
 -->
 <ruleset name="AmazonWebServices">
 
-	<target host="*.amazonaws.com" />
-		<!--
-			Bloody forced redirection:
-
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001100.html
- 			https://trac.torproject.org/projects/tor/ticket/4199
-											-->
-		<exclusion pattern="^http://(?:static\.via\.me|img\.wired\.co\.uk|s3\.sandbaguk\.com|spiegeltv-ivms2-restapi|www\.mercyships\.org|www-prod-storage\.cloud\.caltech\.edu)\.s3\.amazonaws\.com/" />
-		<!--
-			Breaks soundsjustlike.com audio:
-							-->
-		<exclusion pattern="^http://badracket-website\.s3\.amazonaws\.com/swf/soundmanager\d_flash\d\.swf" />
-		<!--
-			Breaks premiumbeat.com preview player
-							-->
-		<exclusion pattern="^http://s3\.amazonaws\.com/pb_(sfx_)?previews/" />
-
-		<!--
-			https://trac.torproject.org/projects/tor/ticket/7857
-
-			Breaks images:
-					-->
-		<exclusion pattern="^http://em\.css\.s3\.amazonaws\.com/style\.css" />
-		<exclusion pattern="^http://s3\.lbrcdn\.net\.s3-external-3\.amazonaws\.com/" />
-		<!--
-			This one looks slightly different:
-
-				https://trac.torproject.org/projects/tor/ticket/7608
-											 -->
-		<exclusion pattern="^http://charts-datawrapper\.s3\.amazonaws\.com/" />
-		<!--
-			Breaks forecast.io radar images
-							-->
-		<exclusion pattern="^http://darkskysatellite(?:maps)?\.s3\.amazonaws\.com/" />
-		<!--
-			Breaks wishtv.com and videos on many websites:
-
-				https://github.com/EFForg/https-everywhere/issues/4510
-				https://github.com/EFForg/https-everywhere/issues/14655
-
-				tests:
-					http://thefreethoughtproject.com/red-light-robin-hood-hero-risks-years-jail-free-citizens-unlawful-red-light-cameras/
-					http://www.wsbtv.com/news/local/north-fulton-county/1-dead-in-attempted-robbery-at-buckhead-jewelry-store/389269261
-					http://sacramento.cbslocal.com/2016/07/06/california-gun-law-changes-have-advocates-up-in-arms/
-		-->
-		<exclusion pattern="^http://anvato-api-config\.s3\.amazonaws.com/" />
-			<test url="http://anvato-api-config.s3.amazonaws.com/anvacks/anvato_mcp_lin_web_prod_4c36fbfd4d8d8ecae6488656e21ac6d1ac972749.json" />
-		<!--
-			Breaks download button on brackets.io
-		-->
-		<exclusion pattern="^http://s3.amazonaws.com/files.brackets.io/.+\.json" />
-			<test url="http://s3.amazonaws.com/files.brackets.io/updates/stable/en.json" />
-			<test url="http://s3.amazonaws.com/files.brackets.io/updates/stable/en.json?_=1519135293080" />
-
-		<!-- CORS issues break social buttons on pages such as
-			http://informationisbeautiful.net/visualizations/snake-oil-scientific-evidence-for-nutritional-supplements-vizsweet/
-			See https://github.com/EFForg/https-everywhere/issues/14731
-		-->
-		<exclusion pattern="^http://s3\.amazonaws\.com/infobeautiful4/assets/" />
-			<test url="http://s3.amazonaws.com/infobeautiful4/assets/font/icons.ttf?50196724" />
-			<test url="http://s3.amazonaws.com/infobeautiful4/assets/font/icons.woff?50196724" />
-
-	<!--	Forced redirects:
-					-->
-	<rule from="^http://static\.newsblur\.com\.s3\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/static.newsblur.com/" />
-	<test url="http://static.newsblur.com.s3.amazonaws.com/blog/Campeche%20Steps%20resized.jpeg" />
-
-	<rule from="^http://dis(\.resized)?\.images\.s3\.amazonaws\.com/"
-		to="https://s3-eu-west-1.amazonaws.com/dis$1.images/" />
-	<test url="http://dis.images.s3.amazonaws.com/" />
-	<test url="http://dis.resized.images.s3.amazonaws.com/" />
-
-	<rule from="^http://cms\.kiva\.org\.s3\.amazonaws\.com/"
-		to="https://s3-us-west-1.amazonaws.com/cms.kiva.org/" />
-
-	<rule from="^http://s3(?:-website)?(-ap-(?:nor|sou)theast-1|-eu-central-\d|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/"
-		to="https://s3$1.amazonaws.com/" />
-
-		<!--test url="http://s3.amazonaws.com/s3.thesyriacampaign.org/images/quote-close.png" /-->
-		<test url="http://s3.amazonaws.com/assets.offerpop.com/jive/images/offerpop_logo.png" />
-		<!--test url="http://s3-eu-west-1.amazonaws.com/nusdigital/image/images/19253/original/footer-shape.png" /-->
-		<!--test url="http://s3-us-west-2.amazonaws.com/formget/images/login-logo.png" /-->
-
-	<!--	Test failures were misinterpreted. .+-website-.+ no longer works, rest (seemingly) works.
-														-->
-	<!--rule from="^http://([\w-]+)\.s3(?:-website)?(-ap-(?:nor|sou)theast-1|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/" -->
-	<rule from="^http://([\w-]+)\.s3(-ap-(?:nor|sou)theast-1|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/"
-		to="https://$1.s3$2.amazonaws.com/" />
-
-		<test url="http://estevaomonteiro.s3.amazonaws.com/" />
-		<!--test url="http://network-pages.s3.amazonaws.com/oxfamgb/signuptofundraise.png" /-->
-		<test url="http://afod.s3-ap-northeast-1.amazonaws.com/" />
-		<test url="http://rangde-org-gen.s3-ap-southeast-1.amazonaws.com/" />
-		<test url="http://edynaukraina.s3-eu-west-1.amazonaws.com/" />
-		<test url="http://smalltell.s3-us-west-1.amazonaws.com/" />
-		<!--test url="http://lawfare.s3-us-west-2.amazonaws.com/staging/styles/thumbnail/s3/pictures/picture-87-1431626511.jpg" /-->
-		<test url="http://tastylounge-prod.s3-external-1.amazonaws.com/" />
-		<test url="http://gestaoja.s3-sa-east-1.amazonaws.com/" />
-		<test url="http://static-course-assets.s3.amazonaws.com/ITE50ENU/common-ext/styles/images/landing.png" />
-		<!--test url="http://swyokohama.s3-website-ap-northeast-1.amazonaws.com/" /-->
-		<!--test url="http://keithsbucket.s3-website-ap-southeast-1.amazonaws.com/" /-->
-		<!--test url="http://grime.s3-website-eu-west-1.amazonaws.com/" /-->
-		<!--test url="http://estevaomonteiro.s3-website-us-west-1.amazonaws.com/" /-->
-		<!--test url="http://estevaomonteiro.s3-website-sa-east-1.amazonaws.com/" /-->
-
-	<!--rule from="^http://([\w-]+)\.([^@:/]+)\.s3(?:-website)?(-ap-(?:nor|sou)theast-1|-(?:eu|us)-west-\d|-external-\d|-sa-east-1)?\.amazonaws\.com/"
-		to="https://s3$3.amazonaws.com/$1.$2/" />
-		<test url="http://www.thisisreallaw.com.s3-external-1.amazonaws.com/" />
-		<test url="http://paniko.cl.s3-sa-east-1.amazonaws.com/" />
-		<test url="http://goldendiskawards.jp.s3-website-ap-northeast-1.amazonaws.com/" />
-		<test url="http://vidvatta.com.s3-website-ap-southeast-1.amazonaws.com/" />
-		<test url="http://digitalcolourist.com.s3-website-eu-west-1.amazonaws.com/" />
-		<test url="http://www.teejayvanslyke.com.s3-website-us-west-1.amazonaws.com/" />
-		<test url="http://www.thisisreallaw.com.s3-website-external-1.amazonaws.com/" />
-		<test url="http://www.thisisreallaw.com.s3-website-sa-east-1.amazonaws.com/" />
-		<test url="http://www.ultiarchive.com.s3-website-sa-east-1.amazonaws.com/" />
-		<test url="http://www.ultiarchive.com.s3-website-us-west-1.amazonaws.com/" />
-		<test url="http://www.thisisreallaw.com.s3-website-us-east-1.amazonaws.com/" />
-		<test url="http://www.bleedingedgebiotech.com.s3-website-us-east-1.amazonaws.com/" />
-		<test url="http://robertbruce.s3-website-us-east-1.amazonaws.com/" />
-		<test url="http://stinkdigital.s3-website-us-east-1.amazonaws.com/" /-->
-
-	<!--rule from="^http://([\w-]+)\.s3-website-us-east-1\.amazonaws\.com/"
-		to="https://$1.s3.amazonaws.com/" /-->
-
-	<!--rule from="^http://([\w-]+)\.([^@:/]+)\.s3-website-us-east-1\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/$1.$2/" /-->
-		<!--test url="http://www.ultiarchive.com.s3-website-us-east-1.amazonaws.com/" /-->
-
-	<rule from="^http://([\w.-]+)\.s3-us-west-2\.amazonaws\.com/"
-		to="https://s3-us-west-2.amazonaws.com/$1/" />
-
-		<test url="http://blc.avatars.bucket.s3-us-west-2.amazonaws.com/3/9/8/0/4f40612e0eca17a852ff621ee5c2f729" />
-		<test url="http://blc.avatars.bucket.s3-us-west-2.amazonaws.com//3/9/8/0/4f40612e0eca17a852ff621ee5c2f729" />
-
-	<rule from="^http://s3-website-us-east-1\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/" />
-
-		<!--
-			Exclusions for Amazon's Zeitgeist MP3 Player:
-
-				https://trac.torproject.org/projects/tor/ticket/7000
-
-		note that the second exclusion can't be scoped to
-		the ssl-images-amazon domain, though it could have
-		copied the crazy pattern from the rule above.
-									-->
-		<exclusion pattern="^http://amazon-zg\.s3\.amazonaws\.com/" />
-
-
-	<test url="http://cms.kiva.org.s3.amazonaws.com/" />
-	<test url="http://s3.amazonaws.com/" />
-	<test url="http://s3-ap-northeast-1.amazonaws.com/" />
-	<test url="http://s3-ap-southeast-1.amazonaws.com/" />
-	<test url="http://s3-eu-west-1.amazonaws.com/" />
-	<test url="http://s3-us-west-1.amazonaws.com/" />
-	<test url="http://s3-external-1.amazonaws.com/" />
-	<test url="http://s3-sa-east-1.amazonaws.com/" />
-	<test url="http://s3-website-ap-northeast-1.amazonaws.com/" />
-	<test url="http://s3-website-ap-southeast-1.amazonaws.com/" />
-	<test url="http://s3-website-eu-west-1.amazonaws.com/" />
-	<test url="http://s3-website-us-west-1.amazonaws.com/" />
-	<test url="http://s3-website-sa-east-1.amazonaws.com/" />
-	<test url="http://s3-website-us-east-1.amazonaws.com/" />
-	<test url="http://static.via.me.s3.amazonaws.com/" />
-	<test url="http://img.wired.co.uk.s3.amazonaws.com/" />
-	<test url="http://s3.sandbaguk.com.s3.amazonaws.com/" />
-	<test url="http://spiegeltv-ivms2-restapi.s3.amazonaws.com/" />
-	<test url="http://www.mercyships.org.s3.amazonaws.com/" />
-	<test url="http://www-prod-storage.cloud.caltech.edu.s3.amazonaws.com/" />
-	<test url="http://badracket-website.s3.amazonaws.com/swf/soundmanager1_flash1.swf" />
-	<test url="http://em.css.s3.amazonaws.com/style.css" />
-	<test url="http://s3.lbrcdn.net.s3-external-3.amazonaws.com/" />
-	<test url="http://charts-datawrapper.s3.amazonaws.com/" />
-	<test url="http://darkskysatellite.s3.amazonaws.com/" />
-	<test url="http://darkskysatellitemaps.s3.amazonaws.com/" />
-	<test url="http://amazon-zg.s3.amazonaws.com/" />
-	<test url="http://s3.amazonaws.com/pb_previews/" />
-	<test url="http://s3.amazonaws.com/pb_sfx_previews/" />
+  <target host="*.s3.amazonaws.com" />
+    <test url="http://book.s3.amazonaws.com/" />
+    <test url="http://visualise.s3.amazonaws.com/" />
+    <test url="http://jamcfiles.s3.amazonaws.com/" />
+    <test url="http://siterepository.s3.amazonaws.com/" />
+    <test url="http://dealerinspire-brochure.s3.amazonaws.com/" />
+    <test url="http://webjam-upload.s3.amazonaws.com/" />
+    <test url="http://rstudio-pubs-static.s3.amazonaws.com/" />
+    <test url="http://homeq-media.s3.amazonaws.com/" />
+
+  	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Amazon_blogs.com.xml b/src/chrome/content/rules/Amazon_blogs.com.xml
index 8b31d82e8764..80eb8c263540 100644
--- a/src/chrome/content/rules/Amazon_blogs.com.xml
+++ b/src/chrome/content/rules/Amazon_blogs.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://cdn.amazonblogs.com/ => https://cdn.amazonblogs.com/: (6, 'C
 	For other Amazon coverage, see Amazon.xml.
 
 -->
-<ruleset name="Amazon blogs.com" default_off='failed ruleset test'>
+<ruleset name="Amazon blogs.com" default_off="failed ruleset test">
 
 	<target host="cdn.amazonblogs.com" />
 
diff --git a/src/chrome/content/rules/Amber_Swann_Publishing.xml b/src/chrome/content/rules/Amber_Swann_Publishing.xml
index cc5e6cae47fb..23d2f294dd77 100644
--- a/src/chrome/content/rules/Amber_Swann_Publishing.xml
+++ b/src/chrome/content/rules/Amber_Swann_Publishing.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?amberswann\.com/(components/|favicon\.ico|images/|libraries/|media/|modules/|plugins/|templates/)"
 		to="https://$1amberswann.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amblin.io.xml b/src/chrome/content/rules/Amblin.io.xml
deleted file mode 100644
index 56828152ba01..000000000000
--- a/src/chrome/content/rules/Amblin.io.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	www differs from ^.
-
--->
-<ruleset name="amblin.io (partial)">
-
-	<target host="amblin.io" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^amblin\.io$" name="^known$" /-->
-
-	<securecookie host="^amblin\.io$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ambotis.ru.xml b/src/chrome/content/rules/Ambotis.ru.xml
new file mode 100644
index 000000000000..c6d60d748a0b
--- /dev/null
+++ b/src/chrome/content/rules/Ambotis.ru.xml
@@ -0,0 +1,24 @@
+<!--
+Nonfunctional hosts in *.ambotis.ru:
+	online2.ambotis.ru (m)
+	www.online2.ambotis.ru (m)
+	search.ambotis.ru (m)
+	sportweeks.ambotis.ru (m)
+	tours.ambotis.ru (d)
+	www.tours.ambotis.ru (d)
+
+h: http redirect
+m: certificate mismatch
+r: connection refused
+s: self-signed certificate
+t: timeout on https
+d: temporarily or permanently taken down
+-->
+<ruleset name="Ambotis.ru">
+	<target host="ambotis.ru" />
+	<target host="www.ambotis.ru" />
+	<target host="online.ambotis.ru" />
+	<target host="www.online.ambotis.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amd.co.at.xml b/src/chrome/content/rules/Amd.co.at.xml
index 49d752ea6ed7..aece83e43a0d 100644
--- a/src/chrome/content/rules/Amd.co.at.xml
+++ b/src/chrome/content/rules/Amd.co.at.xml
@@ -23,7 +23,9 @@
 <ruleset name="amd.co.at (partial)">
 
 	<target host="amd.co.at" />
-	<target host="*.amd.co.at" />
+	<target host="diebold.amd.co.at" />
+	<target host="mail.amd.co.at" />
+	<target host="www.amd.co.at" />
 		<!--
 			^ differs:
 					-->
diff --git a/src/chrome/content/rules/Amd.com.xml b/src/chrome/content/rules/Amd.com.xml
index 4f2a5a41eb41..ac9e36d10c28 100644
--- a/src/chrome/content/rules/Amd.com.xml
+++ b/src/chrome/content/rules/Amd.com.xml
@@ -1,4 +1,16 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://amd.com/en/graphics/radeon-rx-graphics => https://www.amd.com/en/graphics/radeon-rx-graphics: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://amd.com/ => https://www.amd.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
+Fetch error: http://www.amd.com/ => https://www.amd.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://atlsso.amd.com/ => https://atlsso.amd.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://nda.amd.com/ => https://nda.amd.com/: (6, 'Could not resolve host: nda.amd.com')
+Fetch error: http://sso.amd.com/ => https://sso.amd.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://support.amd.com/ => https://support.amd.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://wwwd.amd.com/ => https://wwwd.amd.com/: (6, 'Could not resolve host: wwwd.amd.com')
+
 	HTTP redirect:
 		developer.amd.com (static files work)
 
@@ -27,20 +39,15 @@
 
 -->
 <ruleset name="Amd.com">
-	<target host="amd.com" />
-	<target host="www.amd.com" />
-		<!-- 30X with plain HTTP, 404 with HTTPS -->
-		<exclusion pattern="http://(www\.)?amd.com/featuredetails" />
-		<test url="http://amd.com/featuredetails" />
-		<test url="http://www.amd.com/featuredetails" />
-	<target host="atlsso.amd.com" />
+	<!-- target host="amd.com" /-->
+	<!-- target host="www.amd.com" /-->
+	<!-- target host="atlsso.amd.com" /-->
 	<target host="community.amd.com" />
 	<target host="federation.amd.com" />
-	<target host="nda.amd.com" />
-	<target host="sso.amd.com" />
-	<target host="support.amd.com" />
-	<target host="wwwd.amd.com" />
+	<!-- target host="nda.amd.com" /-->
+	<!-- target host="sso.amd.com" /-->
+	<!-- target host="support.amd.com" /-->
+	<!-- target host="wwwd.amd.com" /-->
 
-	<rule from="^http://amd\.com/" to="https://www.amd.com/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AmeriMark.com.xml b/src/chrome/content/rules/AmeriMark.com.xml
new file mode 100644
index 000000000000..c5456889a8bd
--- /dev/null
+++ b/src/chrome/content/rules/AmeriMark.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- search.amerimark.com, equivalent to amerimark.com
+-->
+
+<ruleset name="AmeriMark.com">
+	<target host="amerimark.com" />
+	<target host="www.amerimark.com" />
+	<target host="m.amerimark.com" />
+	<target host="search.amerimark.com" />
+	<target host="origin-www.amerimark.com" />
+
+	<rule from="^http://search\.amerimark\.com/"
+		  to="https://amerimark.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml b/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml
index f8e8e6963041..1f2d2fafc8f8 100644
--- a/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml
+++ b/src/chrome/content/rules/American-Association-of-Neurological-Surgeons.xml
@@ -13,13 +13,13 @@ Fetch error: http://aans.org/ => https://aans.org/: (60, 'SSL certificate proble
 		- www.aansneurosurgeon.org
 
 -->
-<ruleset name="American Association of Neurological Surgeons" default_off='failed ruleset test'>
+<ruleset name="American Association of Neurological Surgeons" default_off="failed ruleset test">
 
 	<target host="aans.org" />
 	<target host="*.aans.org" />
 
 
-	<securecookie host="^(?:.*\.)?aans\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/American-Chemical-Society.xml b/src/chrome/content/rules/American-Chemical-Society.xml
index 60aea5e6a143..9c35abf164b9 100644
--- a/src/chrome/content/rules/American-Chemical-Society.xml
+++ b/src/chrome/content/rules/American-Chemical-Society.xml
@@ -89,7 +89,7 @@ Fetch error: http://www.profed.acs.org/ => https://www.profed.acs.org/: (51, "SS
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ACS.org (partial)" default_off='failed ruleset test'>
+<ruleset name="ACS.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/American-Epilepsy-Society.xml b/src/chrome/content/rules/American-Epilepsy-Society.xml
index 22fa49614cd2..f558455d4528 100644
--- a/src/chrome/content/rules/American-Epilepsy-Society.xml
+++ b/src/chrome/content/rules/American-Epilepsy-Society.xml
@@ -1,5 +1,5 @@
 <!--
-	American Epilepsy Society 
+	American Epilepsy Society
 
 
 	Nonfunctional hosts in *aesnet.org:
diff --git a/src/chrome/content/rules/American-University.xml b/src/chrome/content/rules/American-University.xml
index 784842655c19..06b1c2f6cf6f 100644
--- a/src/chrome/content/rules/American-University.xml
+++ b/src/chrome/content/rules/American-University.xml
@@ -1,40 +1,64 @@
 <!--
-	lgimages.s3.amazonaws.com/data/imagemanager/17756/
+	Non-functional hosts
+		Timeout was reached:
+		- alumniassociation.american.edu
 
+		SSL peer certificate was not OK:
+		- accelerator.american.edu
+		- www.admissions.american.edu
+		- incircle.alumni.american.edu
+		- auapps.american.edu
+		- fs2.american.edu
+		- www.my.american.edu
+		- nw08.american.edu
+		- niwaplibrary.wcl.american.edu
 
-	Nonfunctional domains:
-
-		- bender.library		(ssl_error_rx_record_too_long)
-		- subjectguides.library		(cert: libguides.com; displays
-						another domain's data)
-
+		Incomplete certificate chain error:
+		- auaccess.american.edu
+		- dra.american.edu
+		- gurukul.american.edu
+		- answers.library.american.edu
+		- blogs.library.american.edu
+		- subjectguides.library.american.edu
+		- www1.american.edu
 -->
 <ruleset name="American University (partial)">
-
 	<target host="american.edu" />
-	<target host="*.american.edu" />
-
-
-	<!--	Doesn't work over https.
-		Redirects like so.
-					-->
-	<rule from="^http://library\.american\.edu/"
-		to="https://www.american.edu/library/" />
-
-	<!--	Observed subdomains:
-
-			- $
-			- my
-			- myau
-			- wcl
-			- leagle.wcl
-			- library.wcl
-			- my.wcl
-			- proxy.wcl
-			- www.wcl
-			- www
-				-->
-	<rule from="^http://([\w\.]+\.)?american\.edu/"
-		to="https://$1american.edu/" />
+	<target host="www.american.edu" />
+	<target host="applynowsoc.american.edu" />
+	<target host="auabroad.american.edu" />
+	<target host="au.blogs.american.edu" />
+	<target host="socdeansintern.blogs.american.edu" />
+	<target host="careers.american.edu" />
+	<target host="eaglefinances.american.edu" />
+		<test url="http://eaglefinances.american.edu/Student/Account/Login?ReturnUrl=%2fStudent" />
+	<target host="edspace.american.edu" />
+	<target host="goed.american.edu" />
+	<target host="ironline.american.edu" />
+	<target host="my.american.edu" />
+	<target host="myau.american.edu" />
+	<target host="teams.myau.american.edu" />
+	<target host="offcampus.american.edu" />
+	<target host="programs.online.american.edu" />
+	<target host="onlinebusiness.american.edu" />
+	<target host="soeonline.american.edu" />
+	<target host="status.american.edu" />
+	<target host="subversion.american.edu" />
+	<target host="w.american.edu" />
+		<test url="http://w.american.edu/cas/economics/gaussres/GAUSSIDX.HTM" />
+		<test url="http://w.american.edu/cas/sampta/papers/a1-nguyen.pdf" />
+		<test url="http://w.american.edu/carmel/study-abroad.shtml" />
+	<target host="wcl.american.edu" />
+	<target host="www.wcl.american.edu" />
+	<target host="digitalcommons.wcl.american.edu" />
+	<target host="leagle.wcl.american.edu" />
+	<target host="my.wcl.american.edu" />
+	<target host="news.wcl.american.edu" />
+	<target host="pathways.wcl.american.edu" />
+	<target host="proxy.wcl.american.edu" />
+	<target host="login.proxy.wcl.american.edu" />
+	<target host="tenley.wcl.american.edu" />
+	<target host="viewbook.wcl.american.edu" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AmericanDreamCoalition.org.xml b/src/chrome/content/rules/AmericanDreamCoalition.org.xml
new file mode 100644
index 000000000000..3f8c03b20820
--- /dev/null
+++ b/src/chrome/content/rules/AmericanDreamCoalition.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Related rulesets:
+-->
+<ruleset name="AmericanDreamCoalition.org">
+	<target host="americandreamcoalition.org" />
+	<target host="www.americandreamcoalition.org" />
+	<target host="mail.americandreamcoalition.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AmericanExpress.xml b/src/chrome/content/rules/AmericanExpress.xml
index 30e54755ceab..a364ee38fde3 100644
--- a/src/chrome/content/rules/AmericanExpress.xml
+++ b/src/chrome/content/rules/AmericanExpress.xml
@@ -1,11 +1,18 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://search.americanexpress.com/ => https://search.americanexpress.com/: (6, 'Could not resolve host: search.americanexpress.com')
+Fetch error: http://sync.americanexpress.com/ => https://sync.americanexpress.com/: (6, 'Could not resolve host: sync.americanexpress.com')
+Fetch error: http://www209.americanexpress.com/ => https://www209.americanexpress.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://www262.americanexpress.com/ => https://www262.americanexpress.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://www295.americanexpress.com/ => https://www295.americanexpress.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www304.americanexpress.com/ => https://www304.americanexpress.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
 	Other American Express rulesets:
 
 		- AeXp-static.com.xml
-		- AmEx_Travel.com.xml
-		- AmExserve-static.com.xml
 		- Bluebird.com.xml
-		- Corporate_Card_Application.com.xml
 		- Membership_Rewards.com.xml
 		- Serve.com.xml
 
@@ -79,15 +86,15 @@
 	<target host="personalsavings.americanexpress.com" />
 	<target host="www.personalsavings.americanexpress.com" />
 	<target host="rewards.americanexpress.com" />
-	<target host="search.americanexpress.com" />
+	<!-- target host="search.americanexpress.com" /-->
 	<target host="sso.americanexpress.com" />
-	<target host="sync.americanexpress.com" />
+	<!-- target host="sync.americanexpress.com" /-->
 	<target host="travel.americanexpress.com" />
 	<target host="travelinsiders.americanexpress.com" />
-	<target host="www209.americanexpress.com" />
-	<target host="www262.americanexpress.com" />
-	<target host="www295.americanexpress.com" />
-	<target host="www304.americanexpress.com" />
+	<!-- target host="www209.americanexpress.com" /-->
+	<!-- target host="www262.americanexpress.com" /-->
+	<!-- target host="www295.americanexpress.com" /-->
+	<!-- target host="www304.americanexpress.com" /-->
 	<target host="www347.americanexpress.com" />
 
 	<!--	Complications:
diff --git a/src/chrome/content/rules/AmericanScientist.org.xml b/src/chrome/content/rules/AmericanScientist.org.xml
new file mode 100644
index 000000000000..eac8a2f5fe20
--- /dev/null
+++ b/src/chrome/content/rules/AmericanScientist.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		estlive.americanscientist.org
+
+-->
+<ruleset name="AmericanScientist.org">
+
+	<target host="americanscientist.org" />
+	<target host="www.americanscientist.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Academy_of_Neurology.xml b/src/chrome/content/rules/American_Academy_of_Neurology.xml
index ad82357b50e3..441e4d1f0c85 100644
--- a/src/chrome/content/rules/American_Academy_of_Neurology.xml
+++ b/src/chrome/content/rules/American_Academy_of_Neurology.xml
@@ -10,7 +10,8 @@
 <ruleset name="American Academy of Neurology (partial)">
 
 	<target host="aan.com" />
-	<target host="*.aan.com" />
+	<target host="www.aan.com" />
+	<target host="patients.aan.com" />
 
 
 	<securecookie host="^patients\.aan\.com$" name=".+" />
diff --git a/src/chrome/content/rules/American_Airlines.xml b/src/chrome/content/rules/American_Airlines.xml
new file mode 100644
index 000000000000..1f1cd6ec799c
--- /dev/null
+++ b/src/chrome/content/rules/American_Airlines.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- metrics.aa.com
+-->
+<ruleset name="American Airlines (partial)">
+
+	<target host="aa.com" />
+	<target host="www.aa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml b/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml
index b46e9f582d67..ac6cced5dee7 100644
--- a/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml
+++ b/src/chrome/content/rules/American_Center_for_Law_and_Justice.xml
@@ -30,7 +30,10 @@
 <ruleset name="American Center for Law and Justice (partial)">
 
 	<target host="aclj.org" />
-	<target host="*.aclj.org" />
+	<target host="www.aclj.org" />
+	<target host="action.aclj.org" />
+	<target host="images.aclj.org" />
+	<target host="media.aclj.org" />
 
 
 	<securecookie host="^aclj\.org$" name=".+" />
@@ -49,4 +52,4 @@
 	<rule from="^http://media\.aclj\.org/"
 		to="https://c391070.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_College_of_Radiology.xml b/src/chrome/content/rules/American_College_of_Radiology.xml
index 9b9d92fb7f1a..e89500dde543 100644
--- a/src/chrome/content/rules/American_College_of_Radiology.xml
+++ b/src/chrome/content/rules/American_College_of_Radiology.xml
@@ -18,7 +18,9 @@
 <ruleset name="American College of Radiology (partial)">
 
 	<target host="acr.org" />
-	<target host="*.acr.org" />
+	<target host="www.acr.org" />
+	<target host="login.acr.org" />
+	<target host="shop.acr.org" />
 
 
 	<securecookie host="^(?:login|shop)\.acr\.org$" name=".+" />
diff --git a/src/chrome/content/rules/American_Freedom.com.xml b/src/chrome/content/rules/American_Freedom.com.xml
index b5b4e296ec31..0741d469897a 100644
--- a/src/chrome/content/rules/American_Freedom.com.xml
+++ b/src/chrome/content/rules/American_Freedom.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.americanfreedom.com/ => https://www.americanfreedom.com/
 	Center for American Freedom
 
 -->
-<ruleset name="American Freedom.com" default_off='failed ruleset test'>
+<ruleset name="American Freedom.com" default_off="failed ruleset test">
 
 	<target host="americanfreedom.com" />
 	<target host="www.americanfreedom.com" />
@@ -21,4 +21,4 @@ Fetch error: http://www.americanfreedom.com/ => https://www.americanfreedom.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/American_Scientist.org.xml b/src/chrome/content/rules/American_Scientist.org.xml
deleted file mode 100644
index f6ed23eba410..000000000000
--- a/src/chrome/content/rules/American_Scientist.org.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	Problematic domains:
-
-		- americanscientist.org *
-		- amsciadmin.eresources.com *
-
-	* Mismatched, CN: www.americanscientist.org
-
-
-	Mixed content:
-
-		- Images from amsciadmin.eresources.com ¹
-
-		- Ads, from:
-
-			- americanscientist.advertserve.com ¹
-			- pagead2.googlesyndication.com ¹
-
-	¹ Secured by us
-
--->
-<ruleset name="American Scientist.org">
-
-	<target host="amsciadmin.eresources.com" />
-	<target host="americanscientist.org" />
-	<target host="www.americanscientist.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.americanscientist\.org$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^www\.americanscientist\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?americanscientist\.org/"
-		to="https://www.americanscientist.org/" />
-
-	<rule from="^http://amsciadmin\.eresources\.com/Libraries/"
-		to="https://www.americanscientist.org/Libraries/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/American_Society_of_Media_Photographers.xml b/src/chrome/content/rules/American_Society_of_Media_Photographers.xml
index a3f4066d3ee3..1e663d5d3672 100644
--- a/src/chrome/content/rules/American_Society_of_Media_Photographers.xml
+++ b/src/chrome/content/rules/American_Society_of_Media_Photographers.xml
@@ -4,16 +4,17 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.admin.asmp.org/ => https://www.admin.asmp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.admin.asmp.org'")
 
 -->
-<ruleset name="American Society of Media Photographers" default_off='failed ruleset test'>
+<ruleset name="American Society of Media Photographers" default_off="failed ruleset test">
 
 	<target host="asmp.org" />
-	<target host="*.asmp.org" />
+	<target host="admin.asmp.org" />
+	<target host="www.asmp.org" />
+	<target host="www.admin.asmp.org" />
 
 
 	<securecookie host="^.*\.asmp\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(admin\.)?asmp\.org/"
-		to="https://$1$2asmp.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AmericanaExchange.xml b/src/chrome/content/rules/AmericanaExchange.xml
index c4376c015ca4..38d7ec1dfaf6 100644
--- a/src/chrome/content/rules/AmericanaExchange.xml
+++ b/src/chrome/content/rules/AmericanaExchange.xml
@@ -8,9 +8,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://americanaexchange.com/ => https://www.americanaexchange.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanaexchange.com'")
 Fetch error: http://www.americanaexchange.com/ => https://www.americanaexchange.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.americanaexchange.com'")
 -->
-<ruleset name="Americana Exchange" default_off='failed ruleset test'>
+<ruleset name="Americana Exchange" default_off="failed ruleset test">
   <target host="americanaexchange.com" />
   <target host="www.americanaexchange.com" />
 
   <rule from="^http://(?:www\.)?americanaexchange\.com/" to="https://www.americanaexchange.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Americans_United.xml b/src/chrome/content/rules/Americans_United.xml
index d5a8a31e645d..1f1fa8469cc1 100644
--- a/src/chrome/content/rules/Americans_United.xml
+++ b/src/chrome/content/rules/Americans_United.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Amiami.jp.xml b/src/chrome/content/rules/Amiami.jp.xml
index f9aa176f6e1a..0d0a47f766bc 100644
--- a/src/chrome/content/rules/Amiami.jp.xml
+++ b/src/chrome/content/rules/Amiami.jp.xml
@@ -3,7 +3,7 @@
 		Invalid Certificate:
 			- media.amiami.jp
 			- news.amiami.jp
-		
+
 		Timeout:
 			- www.amiami.jp
 			- product.amiami.jp
@@ -12,11 +12,11 @@
 <ruleset name="Amiami.jp (partial)">
 	<target host="img.amiami.jp" />
 	<test url="http://img.amiami.jp/images/product/review/164/FIGURE-026139_02.jpg" />
-	
+
 	<target host="secure.amiami.jp" />
 	<test url="http://secure.amiami.jp/top/cloud/asp/index.asp" />
-	
+
 	<securecookie host="^secure\.amiami\.jp$" name=".+" />
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Amigaroms.com.xml b/src/chrome/content/rules/Amigaroms.com.xml
new file mode 100644
index 000000000000..ceed92b0a1d5
--- /dev/null
+++ b/src/chrome/content/rules/Amigaroms.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+	- autoconfig.amigaroms.com
+	- ftp.amigaroms.com
+
+	Non-functional:
+	- autodiscover.amigaroms.com
+-->
+<ruleset name="Amigaroms.com">
+    <target host="amigaroms.com" />
+    <target host="www.amigaroms.com" />
+    <target host="cpanel.amigaroms.com" />
+    <target host="es.amigaroms.com" />
+    <target host="mail.amigaroms.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Amnesty-International.xml b/src/chrome/content/rules/Amnesty-International.xml
index 6ca33f2077e3..9d3c2c872599 100644
--- a/src/chrome/content/rules/Amnesty-International.xml
+++ b/src/chrome/content/rules/Amnesty-International.xml
@@ -12,7 +12,6 @@ Fetch error: http://livewire.amnesty.org/ => https://livewire.amnesty.org/: (6,
 		- Amnesty.fi.xml
 		- Amnesty.fr.xml
 		- Amnesty.gr.xml
-		- Amnesty.ie.xml
 		- Amnesty.it.xml
 		- Amnesty.or.jp.xml
 		- Amnesty.org.nz.xml
@@ -48,7 +47,7 @@ Fetch error: http://livewire.amnesty.org/ => https://livewire.amnesty.org/: (6,
 		- .www.amnesty.org
 
 -->
-<ruleset name="Amnesty.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Amnesty.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Amnesty.fr.xml b/src/chrome/content/rules/Amnesty.fr.xml
index 98c2716c7f80..668233ca513e 100644
--- a/src/chrome/content/rules/Amnesty.fr.xml
+++ b/src/chrome/content/rules/Amnesty.fr.xml
@@ -63,7 +63,7 @@
 
 	<rule from="^http://marathon\.amnesty\.fr/"
 		to="https://www.amnesty.fr/personnes" />
-	
+
 	<rule from="^http://(m|siteslocaux)\.amnesty\.fr/"
 		to="https://www.amnesty.fr/" />
 
diff --git a/src/chrome/content/rules/Amnesty.ie.xml b/src/chrome/content/rules/Amnesty.ie.xml
deleted file mode 100644
index 9684d884d41c..000000000000
--- a/src/chrome/content/rules/Amnesty.ie.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other Amnesty International coverage, see Amnesty-International.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .amnesty.ie
-
--->
-<ruleset name="Amnesty.ie">
-
-	<target host="amnesty.ie" />
-	<target host="www.amnesty.ie" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.amnesty\.ie$" name="^SESS[\da-f]{32}$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Amnesty.org.nz.xml b/src/chrome/content/rules/Amnesty.org.nz.xml
index 98f3f8a60b52..0bfd92a3135d 100644
--- a/src/chrome/content/rules/Amnesty.org.nz.xml
+++ b/src/chrome/content/rules/Amnesty.org.nz.xml
@@ -9,7 +9,7 @@ Fetch error: http://supporterservices.amnesty.org.nz/ => https://supporterservic
 	^amnesty.org.nz: Mismatched
 
 -->
-<ruleset name="Amnesty.org.nz" default_off='failed ruleset test'>
+<ruleset name="Amnesty.org.nz" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Amoena.xml b/src/chrome/content/rules/Amoena.xml
index 027d3f19d162..faae90f41507 100644
--- a/src/chrome/content/rules/Amoena.xml
+++ b/src/chrome/content/rules/Amoena.xml
@@ -9,7 +9,7 @@ Fetch error: http://amoena.us/ => https://www.amoena.us/: (60, 'SSL certificate
 Fetch error: http://www.amoena.us/ => https://www.amoena.us/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Amoena" default_off='failed ruleset test'>
+<ruleset name="Amoena" default_off="failed ruleset test">
 
 	<target host="amoena.com"/>
 	<target host="www.amoena.com"/>
diff --git a/src/chrome/content/rules/Anadolu.edu.tr.xml b/src/chrome/content/rules/Anadolu.edu.tr.xml
index 6c15b274c6e9..83490d7c6764 100644
--- a/src/chrome/content/rules/Anadolu.edu.tr.xml
+++ b/src/chrome/content/rules/Anadolu.edu.tr.xml
@@ -103,7 +103,7 @@ Fetch error: http://ogrenci.anadolu.edu.tr/ => https://ogrenci.anadolu.edu.tr/:
 		* www.yillik.eogrenme.anadolu.edu.tr
 		* yemekhane.anadolu.edu.tr
 -->
-<ruleset name="Anadolu University" default_off='failed ruleset test'>
+<ruleset name="Anadolu University" default_off="failed ruleset test">
 
 	<target host="anadolu.edu.tr" />
 
diff --git a/src/chrome/content/rules/Analyst_One.com.xml b/src/chrome/content/rules/Analyst_One.com.xml
index 261d946e450d..57b326891877 100644
--- a/src/chrome/content/rules/Analyst_One.com.xml
+++ b/src/chrome/content/rules/Analyst_One.com.xml
@@ -20,7 +20,7 @@
 <ruleset name="Analyst One.com (false MCB)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="analystone.com" />
-	<target host="*.analystone.com" />
+	<target host="www.analystone.com" />
 
 
 	<securecookie host="^\.analystone\.com$" name=".+" />
diff --git a/src/chrome/content/rules/AnandTech.com.xml b/src/chrome/content/rules/AnandTech.com.xml
index 5359c9a0da43..1fb6b84cbcac 100644
--- a/src/chrome/content/rules/AnandTech.com.xml
+++ b/src/chrome/content/rules/AnandTech.com.xml
@@ -2,7 +2,10 @@
 	<target host="anandtech.com" />
 	<target host="www.anandtech.com" />
 	<target host="forums.anandtech.com" />
+	<target host="images.anandtech.com" />
+		<test url="http://images.anandtech.com/graphs/graph12678/97779.png" />
 	<target host="redirect.anandtech.com" />
+	<target host="staging.anandtech.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/AnarchistNews.xml b/src/chrome/content/rules/AnarchistNews.xml
deleted file mode 100644
index 9b26185db760..000000000000
--- a/src/chrome/content/rules/AnarchistNews.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="AnarchistNews.org">
-	<target host="anarchistnews.org" />
-	<target host="www.anarchistnews.org" />
-	<target host="podcast.anarchistnews.org" />
-	<!-- action.anarchistnews.org ==> Mismatched -->
-		 
-	<securecookie host="^(www\.)?anarchistnews.org$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Anarplex.net.xml b/src/chrome/content/rules/Anarplex.net.xml
index a99344423c0a..a73840117628 100644
--- a/src/chrome/content/rules/Anarplex.net.xml
+++ b/src/chrome/content/rules/Anarplex.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.anarplex.net/ => https://www.anarplex.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.anarplex.net'")
 
 -->
-<ruleset name="Anarplex.net" default_off='failed ruleset test'>
+<ruleset name="Anarplex.net" default_off="failed ruleset test">
 
 	<target host="anarplex.net" />
 	<target host="www.anarplex.net" />
diff --git a/src/chrome/content/rules/Anaxago.com.xml b/src/chrome/content/rules/Anaxago.com.xml
index cb0ac50d547c..66597066d3a4 100644
--- a/src/chrome/content/rules/Anaxago.com.xml
+++ b/src/chrome/content/rules/Anaxago.com.xml
@@ -1,9 +1,9 @@
-<ruleset name="anaxago.com">
-	<target host="anaxago.com" />
-	<target host="www.anaxago.com" />
-	<target host="immobilier.anaxago.com" />
-	<target host="pages.anaxago.com" />
-		<test url="http://pages.anaxago.com/robots.txt" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
+<ruleset name="anaxago.com">
+	<target host="anaxago.com" />
+	<target host="www.anaxago.com" />
+	<target host="immobilier.anaxago.com" />
+	<target host="pages.anaxago.com" />
+		<test url="http://pages.anaxago.com/robots.txt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ancestry.xml b/src/chrome/content/rules/Ancestry.xml
index 9ad6b8c44a19..3ece664ed963 100644
--- a/src/chrome/content/rules/Ancestry.xml
+++ b/src/chrome/content/rules/Ancestry.xml
@@ -32,7 +32,7 @@ Fetch error: http://help.ancestry.com/ => https://help.ancestry.com/: (60, 'SSL
 		- c.mfccreative.com		(causes CORS issues)
 
 -->
-<ruleset name="Ancestry.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ancestry.com (partial)" default_off="failed ruleset test">
 
 	<target host="secure.ancestry.co.uk" />
 
diff --git a/src/chrome/content/rules/Andor.com.xml b/src/chrome/content/rules/Andor.com.xml
index fc70573b4786..c3c48f542dec 100644
--- a/src/chrome/content/rules/Andor.com.xml
+++ b/src/chrome/content/rules/Andor.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://andor.com/ => https://andor.com/: (51, "SSL: no alternative
 	* Secured by us
 
 -->
-<ruleset name="Andor.com" default_off='failed ruleset test'>
+<ruleset name="Andor.com" default_off="failed ruleset test">
 
 	<target host="andor.com" />
 	<target host="www.andor.com" />
diff --git a/src/chrome/content/rules/Android.xml b/src/chrome/content/rules/Android.xml
index e529e464c404..50ab3683302e 100644
--- a/src/chrome/content/rules/Android.xml
+++ b/src/chrome/content/rules/Android.xml
@@ -1,33 +1,24 @@
 <!--
 	For other Google coverage, see GoogleServices.xml.
 
-
-	Fully covered subdomains:
-
-		- (www.)
-		- developer
-		- market
-		- source
-
 -->
 <ruleset name="Android.com">
 
 	<target host="android.com" />
-	<target host="*.android.com" />
-
-	<test url="http://developer.android.com/" />
-	<test url="http://market.android.com/" />
-	<test url="http://source.android.com/" />
-	<test url="http://tools.android.com/" />
+	<target host="www.android.com" />
+	<target host="developer.android.com" />
+	<target host="market.android.com" />
+	<target host="messages.android.com" />
+	<target host="partner.android.com" />
+	<target host="source.android.com" />
+	<target host="tools.android.com" />
 
-
-	<securecookie host=".+\.android\.com$" name=".+" />
-
-
-	<rule from="^http://((?:developer|market|source)\.)?android\.com/"
-		to="https://$1android.com/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://tools\.android\.com/"
 		to="https://sites.google.com/a/android.com/tools/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Androidfilehost.com.xml b/src/chrome/content/rules/Androidfilehost.com.xml
index b824a10a1a9b..3127462c9211 100644
--- a/src/chrome/content/rules/Androidfilehost.com.xml
+++ b/src/chrome/content/rules/Androidfilehost.com.xml
@@ -25,4 +25,4 @@
 		to="https:" />
 
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Androidpit.xml b/src/chrome/content/rules/Androidpit.xml
index 13f26d4d95c7..9933e7954b0e 100644
--- a/src/chrome/content/rules/Androidpit.xml
+++ b/src/chrome/content/rules/Androidpit.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.fs02.androidpit.info/ => https://www.fs02.androidpit.inf
 	    - androidpit.de
 	        - jobs    -> wrong domain
 -->
-<ruleset name="Androidpit" default_off='failed ruleset test'>
+<ruleset name="Androidpit" default_off="failed ruleset test">
     <target host="androidpit.de" />
     <target host="www.androidpit.de" />
     <target host="fs01.androidpit.info" />
diff --git a/src/chrome/content/rules/Andy_Tyson.com.xml b/src/chrome/content/rules/Andy_Tyson.com.xml
index b5b579d9f728..4b1eab07f804 100644
--- a/src/chrome/content/rules/Andy_Tyson.com.xml
+++ b/src/chrome/content/rules/Andy_Tyson.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://andytyson.com/ => https://andytyson.com/: (28, 'Connection t
 Fetch error: http://www.andytyson.com/ => https://www.andytyson.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Andy Tyson.com" default_off='failed ruleset test'>
+<ruleset name="Andy Tyson.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Andyet.com.xml b/src/chrome/content/rules/Andyet.com.xml
index 8efb702a721f..3a5c7a5fe29f 100644
--- a/src/chrome/content/rules/Andyet.com.xml
+++ b/src/chrome/content/rules/Andyet.com.xml
@@ -29,7 +29,9 @@
 <ruleset name="andyet.com (partial)">
 
 	<target host="andyet.com" />
-	<target host="*.andyet.com" />
+	<target host="blog.andyet.com" />
+	<target host="labs.andyet.com" />
+	<target host="www.andyet.com" />
 
 
 	<rule from="^http://(?:(blog\.|labs\.)|www\.)?andyet\.com/"
diff --git a/src/chrome/content/rules/AnglaisFacile.com.xml b/src/chrome/content/rules/AnglaisFacile.com.xml
new file mode 100644
index 000000000000..fa3a60c507f8
--- /dev/null
+++ b/src/chrome/content/rules/AnglaisFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="AnglaisFacile.com">
+	<target host="anglaisfacile.com" />
+	<target host="www.anglaisfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anglomedia.net.xml b/src/chrome/content/rules/Anglomedia.net.xml
index f0fdc816ebe3..35db8d97f31e 100644
--- a/src/chrome/content/rules/Anglomedia.net.xml
+++ b/src/chrome/content/rules/Anglomedia.net.xml
@@ -18,7 +18,8 @@
 <ruleset name="anglomedia.net">
 
 	<target host="anglomedia.net" />
-	<target host="*.anglomedia.net" />
+	<target host="www.anglomedia.net" />
+	<target host="cdn.anglomedia.net" />
 
 
 	<securecookie host="^www\.anglomedia\.net$" name=".+" />
@@ -30,4 +31,4 @@
 	<rule from="^http://cdn\.anglomedia\.net/"
 		to="https://3024-iamnoonesolution.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Angus.gov.uk.xml b/src/chrome/content/rules/Angus.gov.uk.xml
index 5b42da6c2c9b..ce331aaced45 100644
--- a/src/chrome/content/rules/Angus.gov.uk.xml
+++ b/src/chrome/content/rules/Angus.gov.uk.xml
@@ -7,7 +7,7 @@
 	Nonfunctional hosts in *angus.gov.uk:
 
 		- www.fosteringandadoption *
-		
+
 	* 200 blank page
 
 
diff --git a/src/chrome/content/rules/AniRena.xml b/src/chrome/content/rules/AniRena.xml
index 818e70211c69..936f0af96c15 100644
--- a/src/chrome/content/rules/AniRena.xml
+++ b/src/chrome/content/rules/AniRena.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Anidex.moe.xml b/src/chrome/content/rules/Anidex.moe.xml
deleted file mode 100644
index 7beefa6b2b8f..000000000000
--- a/src/chrome/content/rules/Anidex.moe.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	Mismatch:
-		- forums.anidex.moe
-		- music.anidex.moe
-		- xdcc.anidex.moe
--->
-<ruleset name="Anidex.moe">
-	<target host="anidex.moe" />
-	<target host="www.anidex.moe" />
-
-	<rule from="^http://(www\.)?anidex\.moe/" to="https://anidex.moe/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Animeanime.jp.xml b/src/chrome/content/rules/Animeanime.jp.xml
new file mode 100644
index 000000000000..838bea458d07
--- /dev/null
+++ b/src/chrome/content/rules/Animeanime.jp.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- ftp.animeanime.jp
+		- mail.animeanime.jp
+		- wp.animeanime.jp
+
+		Status code mismatch:
+		- cms.animeanime.jp
+
+		4xx client error:
+		- feed.animeanime.jp
+-->
+<ruleset name="Animeanime.jp">
+	<target host="animeanime.jp" />
+	<target host="www.animeanime.jp" />
+	<target host="cdn.animeanime.jp" />
+	<target host="img.animeanime.jp" />
+	<target host="s.animeanime.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Animenfo.com.xml b/src/chrome/content/rules/Animenfo.com.xml
deleted file mode 100644
index 5ad8852c7fc0..000000000000
--- a/src/chrome/content/rules/Animenfo.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Animenfo.com" platform="mixedcontent">
-  <target host="animenfo.com" />
-  <target host="www.animenfo.com" />
-
-  <rule from="^http:" to="https:" />
-  <securecookie host="\.animenfo\.com$" name="PHPSESSID" />
-  <securecookie host="\.animenfo\.com$" name="anforadio_(?:user|hash)" />
-</ruleset>
diff --git a/src/chrome/content/rules/Aniview.com.xml b/src/chrome/content/rules/Aniview.com.xml
new file mode 100644
index 000000000000..fbeefbb988f2
--- /dev/null
+++ b/src/chrome/content/rules/Aniview.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Cert mismatch:
+		- d41751.aniview.com
+		- data1.aniview.com/
+		- data2.aniview.com
+
+	TLS error:
+		- aniview.com
+-->
+
+<ruleset name="Aniview.com">
+
+	<target host="aniview.com" />
+	<target host="www.aniview.com" />
+
+	<target host="add1.aniview.com" />
+	<target host="cdn1.aniview.com" />
+	<target host="cdn2.aniview.com" />
+	<target host="data.aniview.com" />
+	<target host="data3.aniview.com" />
+	<target host="go.aniview.com" />
+	<target host="go1.aniview.com" />
+	<target host="gov.aniview.com" />
+	<target host="hwdata1.aniview.com" />
+	<target host="hwdata2.aniview.com" />
+	<target host="manage.aniview.com" />
+	<target host="outstreamedia.aniview.com" />
+	<target host="play.aniview.com" />
+	<target host="play1.aniview.com" />
+	<target host="player.aniview.com" />
+	<target host="player1.aniview.com" />
+	<target host="s2s.aniview.com" />
+	<target host="track.aniview.com" />
+	<target host="track1.aniview.com" />
+	<target host="urlhandler.aniview.com" />
+	<target host="wl.aniview.com" />
+	<target host="wlplay.aniview.com" />
+	<target host="vtrack.aniview.com" />
+	<target host="wlplayer.aniview.com" />
+
+	<rule from="^http://aniview\.com/"
+		to="https://www.aniview.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ann_Summers.xml b/src/chrome/content/rules/Ann_Summers.xml
index 0990ac93668e..fd0cf260c717 100644
--- a/src/chrome/content/rules/Ann_Summers.xml
+++ b/src/chrome/content/rules/Ann_Summers.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.annsummers.com/webapp/wcs/stores/servlet/OrderItemDispla
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Ann Summers.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ann Summers.com (partial)" default_off="failed ruleset test">
 
 	<target host="annsummers.com" />
 	<target host="www.annsummers.com" />
diff --git a/src/chrome/content/rules/AnnualCreditReport.com.xml b/src/chrome/content/rules/AnnualCreditReport.com.xml
index f37319d888fe..89b216f27660 100644
--- a/src/chrome/content/rules/AnnualCreditReport.com.xml
+++ b/src/chrome/content/rules/AnnualCreditReport.com.xml
@@ -8,7 +8,7 @@
 					-->
 	<!--securecookie host="^\.www\.annualcreditreport\.com$" name="^app-type$" /-->
 
-	<securecookie host="^(?:.*\.)?annualcreditreport\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?annualcreditreport\.com/"
diff --git a/src/chrome/content/rules/Anon-IB.com.xml b/src/chrome/content/rules/Anon-IB.com.xml
index 49a9caae9e45..72e758982c6d 100644
--- a/src/chrome/content/rules/Anon-IB.com.xml
+++ b/src/chrome/content/rules/Anon-IB.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.anon-ib.com/ => https://www.anon-ib.com/: (7, 'Failed to
 	* Secured by us
 
 -->
-<ruleset name="Anon-IB.com" default_off='failed ruleset test'>
+<ruleset name="Anon-IB.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Anon.click.xml b/src/chrome/content/rules/Anon.click.xml
deleted file mode 100644
index 3e38c0661e9c..000000000000
--- a/src/chrome/content/rules/Anon.click.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="anon.click">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="anon.click" />
-	<target host="www.anon.click" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AnonFiles.com.xml b/src/chrome/content/rules/AnonFiles.com.xml
index 00d6b6909143..2287284cfdbc 100644
--- a/src/chrome/content/rules/AnonFiles.com.xml
+++ b/src/chrome/content/rules/AnonFiles.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://cdn.anonfiles.com/ => https://cdn.anonfiles.com/: (7, 'Faile
 Fetch error: http://www.anonfiles.com/ => https://www.anonfiles.com/: (7, 'Failed to connect to www.anonfiles.com port 443: Connection refused')
 
 -->
-<ruleset name="AnonFiles.com" default_off='failed ruleset test'>
+<ruleset name="AnonFiles.com" default_off="failed ruleset test">
 
 	<target host="anonfiles.com" />
 	<target host="cdn.anonfiles.com" />
diff --git a/src/chrome/content/rules/Anonabox.com.xml b/src/chrome/content/rules/Anonabox.com.xml
index 17d310f8cd3e..70c1b9cec79d 100644
--- a/src/chrome/content/rules/Anonabox.com.xml
+++ b/src/chrome/content/rules/Anonabox.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://anonabox.com/ => https://anonabox.com/: (51, "SSL: no altern
 	* Secured by us
 
 -->
-<ruleset name="Anonabox.com" default_off='failed ruleset test'>
+<ruleset name="Anonabox.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AnonySurfer.com.xml b/src/chrome/content/rules/AnonySurfer.com.xml
index 34dbfe80b88a..d7fd8c4220e9 100644
--- a/src/chrome/content/rules/AnonySurfer.com.xml
+++ b/src/chrome/content/rules/AnonySurfer.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://anonysurfer.com/ => https://anonysurfer.com/: (28, 'Connecti
 Fetch error: http://www.anonysurfer.com/ => https://www.anonysurfer.com/: (28, 'Connection timed out after 20008 milliseconds')
 
 -->
-<ruleset name="AnonySurfer.com" default_off='failed ruleset test'>
+<ruleset name="AnonySurfer.com" default_off="failed ruleset test">
 
 	<target host="anonysurfer.com" />
 	<target host="www.anonysurfer.com" />
diff --git a/src/chrome/content/rules/Anonymix.io.xml b/src/chrome/content/rules/Anonymix.io.xml
new file mode 100644
index 000000000000..13b9463306d9
--- /dev/null
+++ b/src/chrome/content/rules/Anonymix.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Anonymix.io">
+	<target host="anonymix.io" />
+	<target host="www.anonymix.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Anonymizer.xml b/src/chrome/content/rules/Anonymizer.xml
index 36d723ea3d0b..b10c09fd3fff 100644
--- a/src/chrome/content/rules/Anonymizer.xml
+++ b/src/chrome/content/rules/Anonymizer.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AnonymoX.xml b/src/chrome/content/rules/AnonymoX.xml
index 28daf1358892..256ee683ee74 100644
--- a/src/chrome/content/rules/AnonymoX.xml
+++ b/src/chrome/content/rules/AnonymoX.xml
@@ -4,9 +4,9 @@
 	<target host="www.anonymox.net" />
 
 
-	<securecookie host="^(?:.*\.)?anonymox\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ansible_works.com.xml b/src/chrome/content/rules/Ansible_works.com.xml
index 3a2eb1bc6f25..ed96914dbfc0 100644
--- a/src/chrome/content/rules/Ansible_works.com.xml
+++ b/src/chrome/content/rules/Ansible_works.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.ansibleworks.com/ => https://www.ansibleworks.com/: (28,
 		- www.galaxy.ansibleworks.com
 
 -->
-<ruleset name="Ansible works.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ansible works.com (partial)" default_off="failed ruleset test">
 
 	<target host="ansibleworks.com" />
 	<target host="galaxy.ansibleworks.com" />
diff --git a/src/chrome/content/rules/AntennaPod.org.xml b/src/chrome/content/rules/AntennaPod.org.xml
new file mode 100644
index 000000000000..b2946d2b85d6
--- /dev/null
+++ b/src/chrome/content/rules/AntennaPod.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="AntennaPod.org">
+	<target host="antennapod.org" />
+	<target host="www.antennapod.org" />
+
+	<rule from="^http://www\.antennapod\.org/" to="https://antennapod.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antergos.com.xml b/src/chrome/content/rules/Antergos.com.xml
deleted file mode 100644
index 75086ceb0bd0..000000000000
--- a/src/chrome/content/rules/Antergos.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Nonfunctional hosts in *antergos.com:
-
-		- build *
-
-	* 404
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .antergos.com
-		- .forum.antergos.com
-		- www.antergos.com
-
--->
-<ruleset name="Antergos.com (partial)">
-
-	<target host="antergos.com" />
-	<target host="forum.antergos.com" />
-	<target host="www.antergos.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.antergos\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^\.forum\.antergos\.com$" name="^express\.sid$" /-->
-	<!--securecookie host="^www\.antergos\.com$" name="^PHPSESSID(?:_expiration)?$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Antevenio.xml b/src/chrome/content/rules/Antevenio.xml
index b7f1b69b4086..17967c42fdeb 100644
--- a/src/chrome/content/rules/Antevenio.xml
+++ b/src/chrome/content/rules/Antevenio.xml
@@ -10,7 +10,7 @@ Fetch error: http://reachandrich.antevenio.com/ => https://reachandrich.anteveni
 		- (www.)	(times out)
 
 -->
-<ruleset name="Antevenio (partial)" default_off='failed ruleset test'>
+<ruleset name="Antevenio (partial)" default_off="failed ruleset test">
 
 	<target host="reachandrich.antevenio.com" />
 
@@ -20,4 +20,4 @@ Fetch error: http://reachandrich.antevenio.com/ => https://reachandrich.anteveni
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Anti-Phishing_Working_Group.xml b/src/chrome/content/rules/Anti-Phishing_Working_Group.xml
index c77f9a76d81c..b4f966153fcc 100644
--- a/src/chrome/content/rules/Anti-Phishing_Working_Group.xml
+++ b/src/chrome/content/rules/Anti-Phishing_Working_Group.xml
@@ -38,7 +38,11 @@
 	<target host="antiphishing.org" />
 	<target host="www.antiphishing.org" />
 	<target host="apwg.org" />
-	<target host="*.apwg.org" />
+	<target host="docs.apwg.org" />
+	<target host="education.apwg.org" />
+	<target host="info.apwg.org" />
+	<target host="members.apwg.org" />
+	<target host="www.apwg.org" />
 
 
 	<securecookie host="^(?:.+\.)?apwg\.org$" name=".+" />
@@ -47,7 +51,6 @@
 	<rule from="^http://(www\.)?antiphishing\.org/"
 		to="https://$1apwg.org/" />
 
-	<rule from="^http://((?:docs|education|info|members|www)\.)?apwg\.org/"
-		to="https://$1apwg.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AntiPornGroup.com.xml b/src/chrome/content/rules/AntiPornGroup.com.xml
new file mode 100644
index 000000000000..3183cf5ed2de
--- /dev/null
+++ b/src/chrome/content/rules/AntiPornGroup.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AntiPornGroup.com">
+	<target host="antiporngroup.com" />
+	<target host="www.antiporngroup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AntiqueAppliances.com.xml b/src/chrome/content/rules/AntiqueAppliances.com.xml
new file mode 100644
index 000000000000..b68e9887f85a
--- /dev/null
+++ b/src/chrome/content/rules/AntiqueAppliances.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- autodiscover.antiqueappliances.com
+-->
+
+<ruleset name="AntiqueAppliances.com">
+	<target host="antiqueappliances.com" />
+	<target host="www.antiqueappliances.com" />
+	<target host="store.antiqueappliances.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AntiqueMotorcycle.org.xml b/src/chrome/content/rules/AntiqueMotorcycle.org.xml
new file mode 100644
index 000000000000..d2cf1717e2ca
--- /dev/null
+++ b/src/chrome/content/rules/AntiqueMotorcycle.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="AntiqueMotorcycle.org">
+	<target host="antiquemotorcycle.org" />
+	<target host="www.antiquemotorcycle.org" />
+	<target host="merchandise.antiquemotorcycle.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Antispam.de.xml b/src/chrome/content/rules/Antispam.de.xml
index 1c7940a0378a..083f9c593301 100644
--- a/src/chrome/content/rules/Antispam.de.xml
+++ b/src/chrome/content/rules/Antispam.de.xml
@@ -1,8 +1,8 @@
 <ruleset name="AntiSpam e.V." platform="mixedcontent">
 
 	<target host="antispam-ev.de" />
-	<target host="www.antispam-ev.de" />  
-  
+	<target host="www.antispam-ev.de" />
+
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/AnubisNetworks.com.xml b/src/chrome/content/rules/AnubisNetworks.com.xml
index 147131f5428d..02eca874e1d3 100644
--- a/src/chrome/content/rules/AnubisNetworks.com.xml
+++ b/src/chrome/content/rules/AnubisNetworks.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://support.anubisnetworks.com/ => https://support.anubisnetwork
 	² Akamai/mismatched
 
 -->
-<ruleset name="AnubisNetworks.com (partial)" default_off='failed ruleset test'>
+<ruleset name="AnubisNetworks.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Anybalance.com.xml b/src/chrome/content/rules/Anybalance.com.xml
index 9c2687facea6..13d531c1de66 100644
--- a/src/chrome/content/rules/Anybalance.com.xml
+++ b/src/chrome/content/rules/Anybalance.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://anybalance.com/ => https://anybalance.com/: (6, 'Could not r
 Fetch error: http://www.anybalance.com/ => https://www.anybalance.com/: (6, 'Could not resolve host: www.anybalance.com')
 
 -->
-<ruleset name="Anybalance.com" default_off='failed ruleset test'>
+<ruleset name="Anybalance.com" default_off="failed ruleset test">
 	<target host="anybalance.com" />
 	<target host="www.anybalance.com" />
 	<target host="support.anybalance.ru" />
diff --git a/src/chrome/content/rules/Anybots.com.xml b/src/chrome/content/rules/Anybots.com.xml
deleted file mode 100644
index 7507d481ee41..000000000000
--- a/src/chrome/content/rules/Anybots.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- favicon from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Anybots.com">
-
-	<target host="anybots.com" />
-	<target host="www.anybots.com" />
-
-
-	<securecookie host="^(?:w*\.)?anybots\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Anyfi.net.xml b/src/chrome/content/rules/Anyfi.net.xml
index d57ddb388626..a754615da935 100644
--- a/src/chrome/content/rules/Anyfi.net.xml
+++ b/src/chrome/content/rules/Anyfi.net.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://anyfi.net/ => https://anyfi.net/: Cycle detected - URL already encountered: https://anyfi.net/
 Fetch error: http://www.anyfi.net/ => https://anyfi.net/: Cycle detected - URL already encountered: https://anyfi.net/
 -->
-<ruleset name="Anyfi.net" default_off='failed ruleset test'>
+<ruleset name="Anyfi.net" default_off="failed ruleset test">
 
 	<target host="anyfi.net" />
 	<target host="www.anyfi.net" />
diff --git a/src/chrome/content/rules/Anyoption.com.xml b/src/chrome/content/rules/Anyoption.com.xml
deleted file mode 100644
index 3bd5805864e0..000000000000
--- a/src/chrome/content/rules/Anyoption.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Other anyoption rulesets:
-
-		- 168qiquan.com.xml
-
-
-	CDN buckets:
-
-		- ls.anyoption.com.srip.net
-
-
-	Nonfunctional subdomains:
-
-		- affiliates	(reset)
-
-
-	Problematic subdomains:
-
-		- ^	(dropped)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="anyoption.com (partial)">
-
-	<target host="anyoption.com" />
-	<target host="*.anyoption.com" />
-
-
-	<rule from="^http://(?:www\.)?anyoption\.com/(?=bridge/|css/|favicon\.ico|images/|javax\.faces\.resource/|jsp?/|thickbox/)"
-		to="https://www.anyoption.com/" />
-
-	<rule from="^http://(image|l)s\.anyoption\.com/"
-		to="https://$1s.anyoption.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Anyproz.xml b/src/chrome/content/rules/Anyproz.xml
index e9e80a1c86a3..9943abbfd250 100644
--- a/src/chrome/content/rules/Anyproz.xml
+++ b/src/chrome/content/rules/Anyproz.xml
@@ -5,7 +5,7 @@ Fetch error: http://anonyproz.com/ => https://anonyproz.com/: (7, 'Failed to con
 Fetch error: http://www.anonyproz.com/ => https://www.anonyproz.com/: (7, 'Failed to connect to www.anonyproz.com port 443: Connection refused')
 
 -->
-<ruleset name="Anyproz" default_off='failed ruleset test'>
+<ruleset name="Anyproz" default_off="failed ruleset test">
 
 	<target host="anonyproz.com" />
 	<target host="www.anonyproz.com" />
diff --git a/src/chrome/content/rules/AoSABook.org.xml b/src/chrome/content/rules/AoSABook.org.xml
new file mode 100644
index 000000000000..015e522f3591
--- /dev/null
+++ b/src/chrome/content/rules/AoSABook.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Nonfunctional hosts in *.aosabook.org:
+		- webmail
+-->
+<ruleset name="AoSABook.org">
+	<target host="aosabook.org" />
+	<target host="www.aosabook.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Apa.at.xml b/src/chrome/content/rules/Apa.at.xml
index 8935f656d38b..3a02e3c82565 100644
--- a/src/chrome/content/rules/Apa.at.xml
+++ b/src/chrome/content/rules/Apa.at.xml
@@ -48,7 +48,7 @@
 	Self-signed cert:
 		- offline.apa.at
 		- apapwd.tst01.apa.at
-		
+
 	Timeout:
 		- apasffr02.sf.apa.at
 		- vrm.sf.apa.at
diff --git a/src/chrome/content/rules/Apache.org-falsemixed.xml b/src/chrome/content/rules/Apache.org-falsemixed.xml
index 99473ea1c00a..fe1f8028b36d 100644
--- a/src/chrome/content/rules/Apache.org-falsemixed.xml
+++ b/src/chrome/content/rules/Apache.org-falsemixed.xml
@@ -6,16 +6,11 @@
 
 	<target host="activemq.apache.org" />
 	<target host="aries.apache.org" />
-	<target host="attic.apache.org" />
 	<target host="geronimo.apache.org" />
-	<target host="helix.apache.org" />
-	<target host="jackrabbit.apache.org" />
-	<target host="lucy.apache.org" />
 	<target host="oodt.apache.org" />
 	<target host="santuario.apache.org" />
 	<target host="tuscany.apache.org" />
 
-
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Apache.xml b/src/chrome/content/rules/Apache.xml
index 4ef0d5795c38..0b2dcbface6c 100644
--- a/src/chrome/content/rules/Apache.xml
+++ b/src/chrome/content/rules/Apache.xml
@@ -23,8 +23,6 @@
 		- activemq ˣ
 		- aries ˣ
 		- geronimo ˣ
-		- helix ˣ
-		- lucy ˣ
 		- mail-archives (incomplete cert chain)
 		- santuario ˣ
 		- tuscany ˣ
@@ -39,8 +37,6 @@
 		- activemq ˣ
 		- aries ˣ
 		- geronimo ˣ
-		- helix ˣ
-		- lucy ˣ
 		- santuario ˣ
 		- tuscany ˣ
 
@@ -59,12 +55,12 @@
 			- airavata
 			- allura
 			- ambari
-			- analysis
 			- ant
 			- any23
 			- apr
 			- archiva
 			- archive
+			- attic
 			- avro
 			- axis
 			- bigtop
@@ -113,6 +109,7 @@
 			- hama
 			- hbase
 			- hc
+			- helix
 			- hive
 			- httpd
 			- incubator
@@ -120,6 +117,7 @@
 			- tez.incubator
 			- isis
 			- issues
+			- jackrabbit
 			- jakarta
 			- james
 			- jclouds
@@ -136,6 +134,7 @@
 			- logging
 			- lucene
 			- lucenenet
+			- lucy
 			- mahout
 			- manifoldcf
 			- marmotta
@@ -229,8 +228,6 @@
 			- aries from $self ¹
 			- creadur, drill, kafka, marmotta, synapse, trafficserver, www from fonts.googleapis.com ¹
 			- geronimo from $self ¹
-			- helix from netdna.bootstrapcdn.com ¹
-			- lucy from $self ¹
 			- santuario from cxf ¹
 			- sis and xmlgraphics from www ¹
 			- tuscany from $self ¹
@@ -250,7 +247,6 @@
 			- geronimo from $self ¹
 			- karaf from $self ¹
 			- knox from $self ¹
-			- lucy from $self ¹
 			- mahout from $self ¹
 			- openoffice from www.openoffice.org ¹
 			- santuario from activemq ¹
@@ -302,21 +298,18 @@
 		<!--exclusion pattern="^http://activemq\.apache\.org/+(?!favicon\.ico|style/)" /-->
 		<!--exclusion pattern="^http://aries\.apache\.org/+(?!favicon\.ico|images/|resources/)" /-->
 		<!--exclusion pattern="^http://geronimo\.apache\.org/+(?!favicon\.ico|images/|style/)" /-->
-		<!--exclusion pattern="^http://(helix|lucy)\.apache\.org/+(?!css/|favicon\.ico|images/)" /-->
 		<!--exclusion pattern="^http://santuario\.apache\.org/+(?!favicon\.ico)" /-->
 		<!--exclusion pattern="^http://tuscany\.apache\.org/+(?!favicon\.ico|images/|stylesheets/)" /-->
 		<!--
 			In sum:
 				-->
-		<exclusion pattern="^http://(?:activemq|aries|geronimo|helix|lucy|santuario|tuscany)\.apache\.org/(?!/*(?:css/|favicon\.ico|images/|style/|stylesheets/))" />
+		<exclusion pattern="^http://(?:activemq|aries|geronimo|santuario|tuscany)\.apache\.org/(?!/*(?:css/|favicon\.ico|images/|style/|stylesheets/))" />
 
 			<!--	+ve:
 					-->
 			<test url="http://activemq.apache.org/cms/" />
 			<test url="http://aries.apache.org/development/ReleaseProcessRequirements.html" />
 			<test url="http://geronimo.apache.org/events.html" />
-			<test url="http://helix.apache.org/Architecture.html" />
-			<test url="http://lucy.apache.org/docs/" />
 			<test url="http://santuario.apache.org/faq.html" />
 			<test url="http://tuscany.apache.org/getting-involved.html" />
 
@@ -325,10 +318,9 @@
 			<test url="http://activemq.apache.org/favicon.ico" />
 			<test url="http://aries.apache.org/favicon.ico" />
 			<test url="http://geronimo.apache.org/favicon.ico" />
-			<test url="http://helix.apache.org/favicon.ico" />
-			<test url="http://lucy.apache.org/favicon.ico" />
 			<test url="http://santuario.apache.org/favicon.ico" />
 			<test url="http://tuscany.apache.org/favicon.ico" />
+			<test url="http://tuscany.apache.org/home.html" />
 
 		<test url="http://accumulo.apache.org/" />
 		<test url="http://abdera.apache.org/" />
@@ -337,7 +329,6 @@
 		<test url="http://airavata.apache.org/" />
 		<test url="http://allura.apache.org/" />
 		<test url="http://ambari.apache.org/" />
-		<test url="http://analysis.apache.org/" />
 		<test url="http://ant.apache.org/" />
 		<test url="http://any23.apache.org/" />
 		<test url="http://apr.apache.org/" />
@@ -506,7 +497,7 @@
 
 	<!--	Not secured by server:
 					-->
-	<!--securecookie host="^(analysis|builds|cwiki|jspwiki-wiki)\.apache\.org$" name="^JSESSIONID$" /-->
+	<!--securecookie host="^(builds|cwiki|jspwiki-wiki)\.apache\.org$" name="^JSESSIONID$" /-->
 
 	<securecookie host="^(?:.+\.)?apache\.org$" name=".+" />
 
diff --git a/src/chrome/content/rules/Apester.com.xml b/src/chrome/content/rules/Apester.com.xml
new file mode 100644
index 000000000000..d49f83310fc0
--- /dev/null
+++ b/src/chrome/content/rules/Apester.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Invalid certificate:
+		- fangpuddle-fly.demo
+		- editor
+		- lp
+		- meta-templator.stg
+
+	Timeout:
+		- blog
+-->
+<ruleset name="Apester.com">
+
+	<target host="apester.com" />
+	<target host="www.apester.com" />
+	<target host="app.apester.com" />
+	<target host="backoffice.apester.com" />
+	<target host="campaign.apester.com" />
+	<target host="campaign-api.apester.com" />
+	<target host="console.apester.com" />
+	<target host="content.apester.com" />
+	<target host="create.apester.com" />
+	<target host="discover.apester.com" />
+	<target host="discover-api.apester.com" />
+	<target host="display.apester.com" />
+	<target host="display-origin.apester.com" />
+	<target host="events.apester.com" />
+	<target host="faststrip.apester.com" />
+	<target host="flags.apester.com" />
+	<target host="gcp-analytics.apester.com" />
+	<target host="geoip.apester.com" />
+	<target host="handbook.apester.com" />
+	<target host="help.apester.com" />
+	<target host="images.apester.com" />
+	<target host="img.apester.com" />
+	<target host="interaction.apester.com" />
+	<target host="leads.apester.com" />
+	<target host="media.apester.com" />
+	<target host="payments.apester.com" />
+	<target host="plans.apester.com" />
+	<target host="pulse.apester.com" />
+	<target host="recommendation.apester.com" />
+	<target host="renderer.apester.com" />
+	<target host="static.apester.com" />
+	<target host="stats.apester.com" />
+	<target host="discover.stg.apester.com" />
+	<target host="static.stg.apester.com" />
+	<target host="story.apester.com" />
+	<target host="users.apester.com" />
+	<target host="vremini.apester.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Aphyr.com.xml b/src/chrome/content/rules/Aphyr.com.xml
index 695edf707dcf..5fa4094536be 100644
--- a/src/chrome/content/rules/Aphyr.com.xml
+++ b/src/chrome/content/rules/Aphyr.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.aphyr.com/ => https://www.aphyr.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.aphyr.com'")
 
 -->
-<ruleset name="Aphyr.com" default_off='failed ruleset test'>
+<ruleset name="Aphyr.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Apica.xml b/src/chrome/content/rules/Apica.xml
index d8fc31aad8b4..159d61d07308 100644
--- a/src/chrome/content/rules/Apica.xml
+++ b/src/chrome/content/rules/Apica.xml
@@ -5,7 +5,8 @@
 <ruleset name="Apica">
 
 	<target host="apicasystem.com" />
-	<target host="*.apicasystem.com" />
+	<target host="www.apicasystem.com" />
+	<target host="webtracker.apicasystem.com" />
 
 
 	<securecookie host="^.+\.apicasystem\.com$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?apicasystem\.com/"
 		to="https://www.apicasystem.com/" />
 
-	<rule from="^http://webtracker\.apicasystem\.com/"
-		to="https://webtracker.apicasystem.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Apigee.xml b/src/chrome/content/rules/Apigee.xml
index 36c66d020984..2f758949c84c 100644
--- a/src/chrome/content/rules/Apigee.xml
+++ b/src/chrome/content/rules/Apigee.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Apkmirror.com.xml b/src/chrome/content/rules/Apkmirror.com.xml
index 2b8391090307..28f86fa12a1f 100644
--- a/src/chrome/content/rules/Apkmirror.com.xml
+++ b/src/chrome/content/rules/Apkmirror.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://apkmirror.com/ => https://apkmirror.com/: Too many redirects
 
 
 -->
-<ruleset name="Apkmirror.com" default_off='failed ruleset test'>
+<ruleset name="Apkmirror.com" default_off="failed ruleset test">
     <target host="apkmirror.com" />
     <target host="www.apkmirror.com" />
 
diff --git a/src/chrome/content/rules/Apna_India.xml b/src/chrome/content/rules/Apna_India.xml
index c0427165dead..d3d57c8356b8 100644
--- a/src/chrome/content/rules/Apna_India.xml
+++ b/src/chrome/content/rules/Apna_India.xml
@@ -5,7 +5,7 @@ Fetch error: http://media.apnaindia.com/ => https://media.apnaindia.com/: (6, 'C
 Fetch error: http://yellowpages.apnaindia.com/ => https://yellowpages.apnaindia.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Apna India" default_off='failed ruleset test'>
+<ruleset name="Apna India" default_off="failed ruleset test">
 
 	<target host="apnaindia.com" />
 	<target host="media.apnaindia.com" />
@@ -18,4 +18,4 @@ Fetch error: http://yellowpages.apnaindia.com/ => https://yellowpages.apnaindia.
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Apoteket.se.xml b/src/chrome/content/rules/Apoteket.se.xml
index 012cf1418de0..6ab789419d63 100644
--- a/src/chrome/content/rules/Apoteket.se.xml
+++ b/src/chrome/content/rules/Apoteket.se.xml
@@ -1,8 +1,13 @@
-<!-- pharmacy. medical info should be private -->
 <ruleset name="Apoteket.se">
 	<target host="apoteket.se" />
 	<target host="www.apoteket.se" />
-	<rule from="^http://apoteket\.se/" to="https://www.apoteket.se/"/>
-	<rule from="^http://www\.apoteket\.se/" to="https://www.apoteket.se/"/>
-</ruleset>
+	<target host="apoteksombud.apoteket.se" />
+	<target host="id.apoteket.se" />
+	<target host="idx.apoteket.se" />
+	<target host="officewebapps-test.apoteket.se" />
+	<target host="samarbetsytor.apoteket.se" />
+	<target host="testid.apoteket.se" />
+	<target host="webbabest.apoteket.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AppDynamics.xml b/src/chrome/content/rules/AppDynamics.xml
index 3a970037ba2b..dc40414529cf 100644
--- a/src/chrome/content/rules/AppDynamics.xml
+++ b/src/chrome/content/rules/AppDynamics.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AppGratis.xml b/src/chrome/content/rules/AppGratis.xml
index 3ec98bf1546a..839954ceafcb 100644
--- a/src/chrome/content/rules/AppGratis.xml
+++ b/src/chrome/content/rules/AppGratis.xml
@@ -5,7 +5,7 @@ Fetch error: http://appgratis.com/ => https://appgratis.com/: (7, 'Failed to con
 Fetch error: http://www.appgratis.com/ => https://www.appgratis.com/: (7, 'Failed to connect to www.appgratis.com port 443: Connection refused')
 
 -->
-<ruleset name="AppGratis" default_off='failed ruleset test'>
+<ruleset name="AppGratis" default_off="failed ruleset test">
 
 	<target host="appgratis.com" />
 	<target host="www.appgratis.com" />
@@ -13,4 +13,4 @@ Fetch error: http://www.appgratis.com/ => https://www.appgratis.com/: (7, 'Faile
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AppNexus.xml b/src/chrome/content/rules/AppNexus.xml
index 0707e9ac90d6..fe25f07a7795 100644
--- a/src/chrome/content/rules/AppNexus.xml
+++ b/src/chrome/content/rules/AppNexus.xml
@@ -35,7 +35,7 @@ Fetch error: http://ux-eco.corp.appnexus.com/ => https://ux-eco.corp.appnexus.co
 		- Bug on www from instansive.com
 
 -->
-<ruleset name="AppNexus.com (partial)" default_off='failed ruleset test'>
+<ruleset name="AppNexus.com (partial)" default_off="failed ruleset test">
 
 	<target host="appnexus.com" />
 	<target host="careers.appnexus.com" />
diff --git a/src/chrome/content/rules/AppVault.xml b/src/chrome/content/rules/AppVault.xml
index 3d17037f86cd..fbe5f7795f67 100644
--- a/src/chrome/content/rules/AppVault.xml
+++ b/src/chrome/content/rules/AppVault.xml
@@ -14,7 +14,7 @@
 	<target host="appvault.com" />
 	<target host="www.appvault.com" />
 	<target host="skilldrum.com" />
-	<target host="*.skilldrum.com" />
+	<target host="www.skilldrum.com" />
 
 
 	<securecookie host="^(?:www)?\.skilldrum\.com$" name=".+" />
@@ -23,7 +23,6 @@
 	<rule from="^http://(?:www\.)?appvault\.com/"
 		to="https://appvault.com/" />
 
-	<rule from="^http://(www\.)?skilldrum\.com/"
-		to="https://$1skilldrum.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Appcelerator.xml b/src/chrome/content/rules/Appcelerator.xml
index f730ef2db072..0dfee058a341 100644
--- a/src/chrome/content/rules/Appcelerator.xml
+++ b/src/chrome/content/rules/Appcelerator.xml
@@ -59,7 +59,7 @@ Fetch error: http://thinkmobile.appcelerator.com/ => https://thinkmobile.appcele
 	* Secured by us
 
 -->
-<ruleset name="Appcelerator.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Appcelerator.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Appie_Hein.com.xml b/src/chrome/content/rules/Appie_Hein.com.xml
index 94716f5375c9..66bc7f77ce9e 100644
--- a/src/chrome/content/rules/Appie_Hein.com.xml
+++ b/src/chrome/content/rules/Appie_Hein.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.appiehein.com/ => https://www.appiehein.com/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="Appie Hein.com" default_off='failed ruleset test'>
+<ruleset name="Appie Hein.com" default_off="failed ruleset test">
 
 	<target host="appiehein.com" />
 	<target host="www.appiehein.com" />
diff --git a/src/chrome/content/rules/Appinn.xml b/src/chrome/content/rules/Appinn.xml
deleted file mode 100644
index f75ec423d100..000000000000
--- a/src/chrome/content/rules/Appinn.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<!--
-	Strange cert error: https://github.com/EFForg/https-everywhere/pull/6994
-
-	Different HTTP/HTTPS content:
-		*.appinn.me	( https will redirect to meta.appinn.com )
-
-	Invalid certificate:
-		d.cdn.appinn.com
-		edit.appinn.com
-		g.appinn.com
-		g1.appinn.com
-		i.appinn.com
-		img1.appinn.com
-		love.appinn.com
-
-	MCB:	Test in /wp-login.php
-		appinn.com
-		www.appinn.com
-		cn.appinn.com
-		img3.appinn.com
-
-	Timeout:
-		m.appinn.com
-
-	Refused:
-		img.appinn.com
--->
-
-<ruleset name="Appinn (partial)">
-
-	<!--	Complications:	-->
-	<target host="img.appinn.com" />
-	<exclusion pattern="^http://img\.appinn\.com/(wp-login\.php)?$" />
-		<test url="http://img.appinn.com/wp-login.php" />
-	<rule from="^http://img\.appinn\.com/wp-(admin|includes)/" to="https://d.appinn.com/wp-$1/" />
-		<test url="http://img.appinn.com/wp-admin/css/wp-admin.min.css" />
-		<test url="http://img.appinn.com/wp-includes/css/buttons.min.css" />
-
-	<target host="img3.appinn.com" />
-	<exclusion pattern="^http://img3\.appinn\.com/(wp-login\.php)?$" />
-		<test url="http://img3.appinn.com/wp-login.php" />
-	<rule from="^http://img3\.appinn\.com/d/" to="https://d.appinn.com/" />
-		<test url="http://img3.appinn.com/d/wp-content/uploads/2016/10/logo150.png" />
-	<rule from="^http://img3\.appinn\.com/(images/|(static/)?wp-content/)" to="https://img3.appinn.com/$1" />
-		<test url="http://img3.appinn.com/images/201612/yomail.jpg" />
-		<test url="http://img3.appinn.com/static/wp-content/plugins/open-social/images/os.js" />
-		<test url="http://img3.appinn.com/wp-content/themes/appinn_wp/images/sprites1.png" />
-
-	<!--	Directly:	-->
-	<target host="d.appinn.com" />
-	<target host="faxian.appinn.com" />
-	<target host="meta.appinn.com" />
-
-	<target host="appinn.me" />
-	<target host="www.appinn.me" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Apple.com.xml b/src/chrome/content/rules/Apple.com.xml
index b95b13a97065..a4ed3ecb4602 100644
--- a/src/chrome/content/rules/Apple.com.xml
+++ b/src/chrome/content/rules/Apple.com.xml
@@ -5,7 +5,6 @@
 		- Apple_CDN_buckets.xml
 		- Appsto.re.xml
 		- CDN-Apple.com.xml
-		- iCloud.com.xml
 		- iTunes.com.xml
 		- iWork.com.xml
 		- ME.com.xml
@@ -32,12 +31,18 @@
 		- a\d+.phobos.apple.com.edgesuite.net
 
 	Nonfunctional hosts in *apple.com:
+		- daw  (timeout)
+		- onetoone  (timeout)
 		- deimos3	(403/404, akamai)
 		- init.ess	(503, akamai)
+		- genius-upload.itunes.apple.com (403/404)
 		- userprofile.itunes *
 		- rss.lists	(shows lists; mismatched, CN: lists.apple.com)
 		- rss.itunes (redirects to HTTP for Travis)
 		- mynews *
+		- reseller (timeout)
+		- ssl (timeout)
+		- supportprofile (timeout)
 		- uptodate  (timeout)
 	* Refused
 
@@ -54,14 +59,17 @@
 		- signin.info *
 		- www.info *
 		- www0.info *
+		- c.itunes ³
 		- dzc.itunes		(data differ)
 		- ping.itunes *
-		- prod.lists ³
-		- www.lists		(mismatched, CN: lists.apple.com)
+		- lists (cert-chain)
+		- prod.lists (cert-chain)
+		- www.lists (cert-chain)
 		- mypage        (incomplete cert chain)
 		- a1.phobos *
 		- a1721.phobos *
 		- a1980.phobos *
+		- reportingitsc2 (cert-chain)
 		- service.ess		(self-signed cert in chain)
 		- service[12].ess	(self-signed cert in chain)
 		- static-mynews *
@@ -69,7 +77,7 @@
 		- support		(Blocks Tor users)
 		- wsidecar	( The certificate expired on 2017/03/10 23:59 )
 	* Akamai
-	³ Mismatched, CN: lists.apple.com
+	³ Mismatched
 
 	At least some pages redirect to http:
 		- www
@@ -108,17 +116,12 @@
 	<target host="beta.apple.com" />
 	<target host="bugreport.apple.com" />
 	<target host="buyiphone.apple.com" />
-	<target host="buyiphone1.apple.com" />
-	<target host="buyiphone2.apple.com" />
-	<target host="buyiphone3.apple.com" />
-	<target host="buyiphone4.apple.com" />
 	<target host="certifications.apple.com" />
 	<target host="checkcoverage.apple.com" />
 	<target host="checkrepair.apple.com" />
 	<target host="concierge.apple.com" />
 	<target host="configuration.apple.com" />
 	<target host="consultants.apple.com" />
-	<target host="daw.apple.com" />
 	<target host="developer.apple.com" />
 	<target host="devforums.apple.com" />
 	<target host="discussions.apple.com" />
@@ -142,7 +145,6 @@
 	<target host="banners.itunes.apple.com" />
 	<target host="bookkeeper.itunes.apple.com" />
 	<target host="buy.itunes.apple.com" />
-	<target host="c.itunes.apple.com" />
 	<target host="client-api.itunes.apple.com" />
 	<target host="collection.itunes.apple.com" />
 	<target host="du.itunes.apple.com" />
@@ -151,7 +153,6 @@
 	<target host="genius.itunes.apple.com" />
 	<target host="genius-2.itunes.apple.com" />
 	<target host="genius-download-2.itunes.apple.com" />
-	<target host="genius-upload.itunes.apple.com" />
 	<target host="geo.itunes.apple.com" />
 	<target host="homesharing.itunes.apple.com" />
 	<target host="init.itunes.apple.com" />
@@ -195,25 +196,17 @@
 	<target host="itunesconnect.apple.com" />
 	<target host="jobs.apple.com" />
 	<target host="jointventure.apple.com" />
-	<target host="lists.apple.com" />
 	<target host="locate.apple.com" />
 	<target host="mfi.apple.com" />
-	<target host="nc-buyiphone.apple.com" />
 	<target host="nc-unbrick1.apple.com" />
-	<target host="nwk-buyiphone.apple.com" />
 	<target host="nwk-unbrick1.apple.com" />
 	<target host="nwk-unbrick2.apple.com" />
-	<target host="onetoone.apple.com" />
 	<target host="opensource.apple.com" />
 	<target host="www.opensource.apple.com" />
 	<target host="portal.apple.com" />
 	<target host="remoteadvisor.apple.com" />
-	<target host="reportingitc.apple.com" />
-	<target host="reportingitc2.apple.com" />
-	<target host="reseller.apple.com" />
 	<target host="securemetrics.apple.com" />
 	<target host="selfsolve.apple.com" />
-	<target host="ssl.apple.com" />
 	<target host="store.apple.com" />
 	<target host="banners.store.apple.com" />
 	<target host="secure.store.apple.com" />
@@ -221,7 +214,6 @@
 	<target host="secure2.store.apple.com" />
 	<target host="support.apple.com" />
 	<target host="km.support.apple.com" />
-	<target host="supportprofile.apple.com" />
 	<target host="swdlp.apple.com" />
 	<target host="trailers.apple.com" />
 	<target host="wdg2.apple.com" />
@@ -231,28 +223,17 @@
 
 
 	<!--	Complications:	-->
-	<target host="devimages.apple.com" />
-	<rule from="^http://devimages\.apple\.com/"
-			to="https://devimages.apple.com.edgekey.net/" />
-
-	<target host="prod.lists.apple.com" />
-	<target host="www.lists.apple.com" />
-	<rule from="^http://(prod|www)\.lists\.apple\.com/"
-			to="https://lists.apple.com/" />
-
 	<target host="metrics.apple.com" />
 	<rule from="^http://metrics\.apple\.com/"
 			to="https://securemetrics.apple.com/" />
 
-	<target host="storeimages.apple.com" />
-	<rule from="^http://storeimages\.apple\.com/"
-			to="https://storeimages.apple.com.edgekey.net/" />
 
 	<target host="*.phobos.apple.com" />
 	<rule from="^http://a\d+\.phobos\.apple\.com/"
 			to="https://s1.mzstatic.com/" />
 		<test url="http://a1.phobos.apple.com/us/r30/CobaltPublic/v4/37/72/a2/3772a292-10d0-b32a-6928-464f7c3ee867/206-3521510896464870564-1128711b_1.pdf" />
 		<test url="http://a1980.phobos.apple.com/us/r30/CobaltPublic/v4/37/72/a2/3772a292-10d0-b32a-6928-464f7c3ee867/206-3521510896464870564-1128711b_1.pdf" />
+		<test url="http://a758.phobos.apple.com/us/r30/CobaltPublic3/v4/16/02/46/160246b7-53d4-f37e-5997-b38d97371d68/313-7457261601664988450-Vie___Saint_Andr__n96.pdf" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Apple_Parts_Store.xml b/src/chrome/content/rules/Apple_Parts_Store.xml
index 2d1e91ce5fe0..94131f1d5cec 100644
--- a/src/chrome/content/rules/Apple_Parts_Store.xml
+++ b/src/chrome/content/rules/Apple_Parts_Store.xml
@@ -12,12 +12,12 @@ Fetch error: http://re-pear.com/ => https://www.re-pear.com/: (51, "SSL: no alte
 		- re-pear.com			(mismatched, CN: www.applepartsstore.com)
 
 -->
-<ruleset name="Apple Parts Store (partial)" default_off='failed ruleset test'>
+<ruleset name="Apple Parts Store (partial)" default_off="failed ruleset test">
 
 	<target host="applepartsstore.com" />
-	<target host="*.applepartsstore.com" />
+	<target host="www.applepartsstore.com" />
 	<target host="re-pear.com" />
-	<target host="*.re-pear.com" />
+	<target host="www.re-pear.com" />
 
 
 	<securecookie host="^\.(?:www\.)?applepartsstore\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Applebees.xml b/src/chrome/content/rules/Applebees.xml
index 1ff60919a850..fbcd687b6ee3 100644
--- a/src/chrome/content/rules/Applebees.xml
+++ b/src/chrome/content/rules/Applebees.xml
@@ -4,4 +4,4 @@
   <target host="www.applebees.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.com.hk.xml b/src/chrome/content/rules/Appledaily.com.hk.xml
new file mode 100644
index 000000000000..dec72cc6dccb
--- /dev/null
+++ b/src/chrome/content/rules/Appledaily.com.hk.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- appledaily.com.hk
+-->
+<ruleset name="Appledaily.com.hk">
+	<target host="64.appledaily.com.hk" />
+	<target host="mlprd.api.appledaily.com.hk" />
+	<target host="as.appledaily.com.hk" />
+	<target host="auth.appledaily.com.hk" />
+	<target host="charity.appledaily.com.hk" />
+	<target host="goodest-api.appledaily.com.hk" />
+	<target host="goodest-cms.appledaily.com.hk" />
+	<target host="luckydraw-100k.appledaily.com.hk" />
+	<target host="mldev-api.appledaily.com.hk" />
+	<target host="mlprd-api.appledaily.com.hk" />
+	<target host="mluat-api.appledaily.com.hk" />
+	<target host="news.appledaily.com.hk" />
+	<target host="racing.appledaily.com.hk" />
+	<target host="statefarm.appledaily.com.hk" />
+	<target host="travelseed-cms.appledaily.com.hk" />
+	<target host="uat-racing.appledaily.com.hk" />
+	<target host="mlprd.ugcapi.appledaily.com.hk" />
+	<target host="vdo.appledaily.com.hk" />
+	<target host="video.appledaily.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.com.tw.xml b/src/chrome/content/rules/Appledaily.com.tw.xml
new file mode 100644
index 000000000000..ceab129c6f0f
--- /dev/null
+++ b/src/chrome/content/rules/Appledaily.com.tw.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- appledaily.com.tw
+-->
+<ruleset name="Appledaily.com.tw">
+	<target host="www.appledaily.com.tw" />
+	<target host="applehouse.appledaily.com.tw" />
+	<target host="applepie-api.appledaily.com.tw" />
+	<target host="applevr.appledaily.com.tw" />
+	<target host="auth.appledaily.com.tw" />
+	<target host="dev-pay.appledaily.com.tw" />
+	<target host="dgadobe.appledaily.com.tw" />
+	<target host="ent.appledaily.com.tw" />
+	<target host="fashion.appledaily.com.tw" />
+	<target host="home.appledaily.com.tw" />
+	<target host="img.appledaily.com.tw" />
+	<target host="infographic.appledaily.com.tw" />
+	<target host="inv.appledaily.com.tw" />
+	<target host="m.appledaily.com.tw" />
+	<target host="pay.appledaily.com.tw" />
+	<target host="rtnaudio.appledaily.com.tw" />
+	<target host="rtnvideo1.appledaily.com.tw" />
+	<target host="search.appledaily.com.tw" />
+	<target host="theme.appledaily.com.tw" />
+	<target host="ticket.appledaily.com.tw" />
+	<target host="video.appledaily.com.tw" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.com.xml b/src/chrome/content/rules/Appledaily.com.xml
new file mode 100644
index 000000000000..d6d45219b59a
--- /dev/null
+++ b/src/chrome/content/rules/Appledaily.com.xml
@@ -0,0 +1,90 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- 71.appledaily.com
+		- www.appledaily.com
+-->
+<ruleset name="Appledaily.com">
+	<target host="appledaily.com" />
+	<target host="20.appledaily.com" />
+	<target host="64.appledaily.com" />
+	<target host="add.appledaily.com" />
+	<target host="arc-static.appledaily.com" />
+	<target host="as.appledaily.com" />
+	<target host="auth.appledaily.com" />
+	<target host="breastcancer.appledaily.com" />
+	<target host="cmpg.appledaily.com" />
+	<target host="cms-privilegehk.appledaily.com" />
+	<target host="corporationplan.appledaily.com" />
+	<target host="dce2019.appledaily.com" />
+	<target host="dev-arc-static.appledaily.com" />
+	<target host="dev-cmpg.appledaily.com" />
+	<target host="dev-evt.appledaily.com" />
+	<target host="dev-policy.appledaily.com" />
+	<target host="dev-vtrk.appledaily.com" />
+	<target host="hk.entertainment.appledaily.com" />
+	<target host="qa-tw.entertainment.appledaily.com" />
+	<target host="tw.entertainment.appledaily.com" />
+	<target host="uat-tw.entertainment.appledaily.com" />
+	<target host="events.appledaily.com" />
+	<target host="evt.appledaily.com" />
+	<target host="dev-tw.feature.appledaily.com" />
+	<target host="hk.feature.appledaily.com" />
+	<target host="qa-hk.feature.appledaily.com" />
+	<target host="tw.feature.appledaily.com" />
+	<target host="uat-hk.feature.appledaily.com" />
+	<target host="uat-tw.feature.appledaily.com" />
+	<target host="hk.finance.appledaily.com" />
+	<target host="qa-tw.finance.appledaily.com" />
+	<target host="tw.finance.appledaily.com" />
+	<target host="uat-tw.finance.appledaily.com" />
+	<target host="fruitgym.appledaily.com" />
+	<target host="gift.appledaily.com" />
+	<target host="green.appledaily.com" />
+	<target host="hk.appledaily.com" />
+	<target host="imp.appledaily.com" />
+	<target host="tw.inv.appledaily.com" />
+	<target host="hk.lifestyle.appledaily.com" />
+	<target host="qa-tw.lifestyle.appledaily.com" />
+	<target host="tw.lifestyle.appledaily.com" />
+	<target host="uat-tw.lifestyle.appledaily.com" />
+	<target host="luckydraw-100k.appledaily.com" />
+	<target host="myqrcode.appledaily.com" />
+	<target host="news.appledaily.com" />
+	<target host="hk.news.appledaily.com" />
+	<target host="qa-tw.news.appledaily.com" />
+	<target host="tw.news.appledaily.com" />
+	<target host="uat-tw.news.appledaily.com" />
+	<target host="policy.appledaily.com" />
+	<target host="privilegehk.appledaily.com" />
+	<target host="privilegehk-static.appledaily.com" />
+	<target host="privilegetw.appledaily.com" />
+	<target host="privilegetw-static.appledaily.com" />
+	<target host="qa-policy.appledaily.com" />
+	<target host="quote.appledaily.com" />
+	<target host="realtime.appledaily.com" />
+	<target host="reporter.appledaily.com" />
+	<target host="hk.sports.appledaily.com" />
+	<target host="qa-tw.sports.appledaily.com" />
+	<target host="tw.sports.appledaily.com" />
+	<target host="uat-tw.sports.appledaily.com" />
+	<target host="student.appledaily.com" />
+	<target host="tw.ticket.appledaily.com" />
+	<target host="tw.appledaily.com" />
+	<target host="tw-survey.appledaily.com" />
+	<target host="uat-arc-static.appledaily.com" />
+	<target host="uat-auth.appledaily.com" />
+	<target host="uat-corporationplan.appledaily.com" />
+	<target host="uat-fruitgym.appledaily.com" />
+	<target host="uat-policy.appledaily.com" />
+	<target host="uat-student.appledaily.com" />
+	<target host="hk.video.appledaily.com" />
+	<target host="tw.video.appledaily.com" />
+	<target host="vtrk.appledaily.com" />
+	<target host="worldcup2014.appledaily.com" />
+	<target host="xinjiangcamps.appledaily.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Appledaily.xml b/src/chrome/content/rules/Appledaily.xml
deleted file mode 100644
index 35785ed50528..000000000000
--- a/src/chrome/content/rules/Appledaily.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	Nonfunctional hosts in *.appledaily.com, *.appledaily.com.hk and *.appledaily.com.tw:
-
-	certificate mismatch:
-		- appledaily.com
-		- www.appledaily.com
-		- 64.appledaily.com
-		- 71.appledaily.com
-		- appledaily.com.tw
-		- appledaily.com.hk
-
--->
-<ruleset name="Appledaily (partial)">
-
-	<target host="hk.appledaily.com" />
-	<target host="tw.appledaily.com" />
-
-	<target host="hk.entertainment.appledaily.com" />
-	<target host="tw.entertainment.appledaily.com" />
-
-	<target host="hk.finance.appledaily.com" />
-	<target host="tw.finance.appledaily.com" />
-
-	<target host="hk.lifestyle.appledaily.com"/>
-	<target host="tw.lifestyle.appledaily.com" />
-
-	<target host="hk.news.appledaily.com" />
-	<target host="tw.news.appledaily.com" />
-
-	<target host="hk.sports.appledaily.com" />
-	<target host="tw.sports.appledaily.com" />
-
-	<target host="hk.video.appledaily.com" />
-	<target host="tw.video.appledaily.com" />
-
-	<target host="img.appledaily.com.tw" />
-	<target host="rtnvideo1.appledaily.com.tw" />
-
-	<target host="static.appledaily.hk" />
-	<target host="staticlayout.appledaily.hk" />
-	<target host="video.appledaily.com.hk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/AppliedPrivacy.net.xml b/src/chrome/content/rules/AppliedPrivacy.net.xml
new file mode 100644
index 000000000000..9a1cb71a8c86
--- /dev/null
+++ b/src/chrome/content/rules/AppliedPrivacy.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-2xx HTTP code:
+		- mta-sts.appliedprivacy.net
+
+	Timeout:
+		- dot1.appliedprivacy.net
+		- dot2.appliedprivacy.net
+-->
+<ruleset name="AppliedPrivacy.net">
+
+	<target host="appliedprivacy.net" />
+	<target host="www.appliedprivacy.net" />
+	<target host="doh.appliedprivacy.net" />
+	<target host="donate.appliedprivacy.net" />
+	<target host="m.appliedprivacy.net" />
+	<target host="spenden.appliedprivacy.net" />
+	<target host="status.appliedprivacy.net" />
+	<target host="t.appliedprivacy.net" />
+	<target host="w.appliedprivacy.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Apply2Jobs.com.xml b/src/chrome/content/rules/Apply2Jobs.com.xml
index 66887e1a9893..baa4b660120b 100644
--- a/src/chrome/content/rules/Apply2Jobs.com.xml
+++ b/src/chrome/content/rules/Apply2Jobs.com.xml
@@ -14,13 +14,13 @@
 <ruleset name="Apply2Jobs.com">
 
 	<target host="apply2jobs.com" />
-	<target host="*.apply2jobs.com" />
+	<target host="www.apply2jobs.com" />
+	<target host="www.llcampus.apply2jobs.com" />
 
 
 	<rule from="^http://(?:www\.)?apply2jobs\.com/"
 		to="https://www.apply2jobs.com/" />
 
-	<rule from="^http://www\.llcampus\.apply2jobs\.com/"
-		to="https://www.llcampus.apply2jobs.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ApplyYourself.xml b/src/chrome/content/rules/ApplyYourself.xml
index 84d3e1ee108f..d63f8421e242 100644
--- a/src/chrome/content/rules/ApplyYourself.xml
+++ b/src/chrome/content/rules/ApplyYourself.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appolicious.com.xml b/src/chrome/content/rules/Appolicious.com.xml
index bcf686b1eb1a..f4e75cb40df1 100644
--- a/src/chrome/content/rules/Appolicious.com.xml
+++ b/src/chrome/content/rules/Appolicious.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Nonfunctional hosts in *.appolicious.com:
-	
+
 	Server not found:
 	    developer.appolicious.com
 	    login.appolicious.com
diff --git a/src/chrome/content/rules/Appsec_USA.xml b/src/chrome/content/rules/Appsec_USA.xml
index 487d96b6d042..8ad871d57412 100644
--- a/src/chrome/content/rules/Appsec_USA.xml
+++ b/src/chrome/content/rules/Appsec_USA.xml
@@ -11,7 +11,9 @@
 <ruleset name="Appsec USA (partial)" default_off="mismatched, self-signed">
 
 	<target host="appsecusa.org" />
-	<target host="*.appsecusa.org" />
+	<target host="videos.2012.appsecusa.org" />
+	<target host="next-year.appsecusa.org" />
+	<target host="www.appsecusa.org" />
 
 
 	<securecookie host="^(?:\.2012\.)?appsecusa\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Appseccalifornia.org.xml b/src/chrome/content/rules/Appseccalifornia.org.xml
index b63ddce3b0c7..3505e2d48b54 100644
--- a/src/chrome/content/rules/Appseccalifornia.org.xml
+++ b/src/chrome/content/rules/Appseccalifornia.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://2016.appseccalifornia.org/ => https://2016.appseccalifornia.
 	www.appseccalifornia.org: Mismatched
 
 -->
-<ruleset name="AppSec California.org" default_off='failed ruleset test'>
+<ruleset name="AppSec California.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Appsecute.xml b/src/chrome/content/rules/Appsecute.xml
index c6f90b276b67..78ed3ce9cbfb 100644
--- a/src/chrome/content/rules/Appsecute.xml
+++ b/src/chrome/content/rules/Appsecute.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.appsecute.com/ => https://www.appsecute.com/: (51, "SSL:
 Disabled by https-everywhere-checker because:
 Fetch error: http://appsecute.com/ => https://appsecute.com/: (6, 'Could not resolve host: appsecute.com')
 -->
-<ruleset name="Appsecute" default_off='failed ruleset test'>
+<ruleset name="Appsecute" default_off="failed ruleset test">
 
 	<target host="appsecute.com" />
 	<target host="www.appsecute.com" />
@@ -18,4 +18,4 @@ Fetch error: http://appsecute.com/ => https://appsecute.com/: (6, 'Could not res
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Appsites.com.xml b/src/chrome/content/rules/Appsites.com.xml
deleted file mode 100644
index c6d269d417c2..000000000000
--- a/src/chrome/content/rules/Appsites.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- https://s3.amazonaws.com/as-production-assets/
-
-
-	www: refused
-
--->
-<ruleset name="Appsites.com">
-
-	<target host="appsites.com" />
-	<target host="www.appsites.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^appsites\.com$" name="^AWSELB$" /-->
-
-	<securecookie host="^appsites\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?appsites\.com/"
-		to="https://appsites.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Apress.com.xml b/src/chrome/content/rules/Apress.com.xml
index c6ee4068d4c7..82131de5555f 100644
--- a/src/chrome/content/rules/Apress.com.xml
+++ b/src/chrome/content/rules/Apress.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://apress.com/ => https://apress.com/: (51, "SSL: no alternativ
 		- Images from springeruploads.com
 
 -->
-<ruleset name="Apress.com" default_off='failed ruleset test'>
+<ruleset name="Apress.com" default_off="failed ruleset test">
   <target host="apress.com" />
   <target host="www.apress.com" />
 
diff --git a/src/chrome/content/rules/Aqicn.org.xml b/src/chrome/content/rules/Aqicn.org.xml
new file mode 100644
index 000000000000..7b7c96f1f400
--- /dev/null
+++ b/src/chrome/content/rules/Aqicn.org.xml
@@ -0,0 +1,53 @@
+<!--
+	Other related ruleset:
+		- Waqi.info.xml
+
+	Mismatched:
+		- www
+		- api
+		- feedback
+		- geo
+		- ios
+		- jp2
+		- jp3
+		- mail
+		- mapi
+		- mapi3
+		- mapidroid
+		- scs
+		- sg1
+		- static
+		- sw3
+		- waqi
+		- wgt
+		- winwgt
+
+	Connection refused:
+		- d
+		- ftp
+		- stat
+		- sw2
+
+	Expired:
+		- jp1
+		- tiles
+		- widget
+
+	Connection error:
+		- sg
+-->
+<ruleset name="Aqicn.org">
+	<target host="aqicn.org" />
+	<target host="www.aqicn.org" />
+	<target host="feed.aqicn.org" />
+	<target host="res.aqicn.org" />
+	<target host="sensor.aqicn.org" />
+	<target host="tiles.aqicn.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.aqicn\.org/"
+		to="https://aqicn.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AquaGear.xml b/src/chrome/content/rules/AquaGear.xml
index 6d93c00bc74b..b1cb11727531 100644
--- a/src/chrome/content/rules/AquaGear.xml
+++ b/src/chrome/content/rules/AquaGear.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://img1.aquagear.com/ (200) => https://img1.aquagear.com/ (403)
 
 -->
-<ruleset name="AquaGear" default_off='failed ruleset test'>
+<ruleset name="AquaGear" default_off="failed ruleset test">
 	<target host=     "aquagear.com" />
 	<target host= "www.aquagear.com" />
 	<target host="img1.aquagear.com" />
diff --git a/src/chrome/content/rules/Aquafina.com.xml b/src/chrome/content/rules/Aquafina.com.xml
new file mode 100644
index 000000000000..3cf55acabe99
--- /dev/null
+++ b/src/chrome/content/rules/Aquafina.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- policy.aquafina.com
+-->
+
+<ruleset name="Aquafina.com">
+	<target host="aquafina.com" />
+	<target host="www.aquafina.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aquapel.ca.xml b/src/chrome/content/rules/Aquapel.ca.xml
new file mode 100644
index 000000000000..98d2fc44e013
--- /dev/null
+++ b/src/chrome/content/rules/Aquapel.ca.xml
@@ -0,0 +1,11 @@
+<ruleset name="Aquapel.ca">
+	<target host="aquapel.ca" />
+	<target host="www.aquapel.ca" />
+	<target host="cpanel.aquapel.ca" />
+	<target host="ipv6.aquapel.ca" />
+	<target host="mail.aquapel.ca" />
+	<target host="webdisk.aquapel.ca" />
+	<target host="webmail.aquapel.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aquent.xml b/src/chrome/content/rules/Aquent.xml
index e4af3128df30..8fe1201e0480 100644
--- a/src/chrome/content/rules/Aquent.xml
+++ b/src/chrome/content/rules/Aquent.xml
@@ -2,7 +2,7 @@
 
 	<target host="aquent.com"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.aquent.com"/>
+	<target host="www.aquent.com" />
 	<target host="aquent.us"/>
 	<target host="www.aquent.us"/>
 
diff --git a/src/chrome/content/rules/AquilaClothing.co.uk.xml b/src/chrome/content/rules/AquilaClothing.co.uk.xml
index 7a4b2c86158f..2d2950aeff1a 100644
--- a/src/chrome/content/rules/AquilaClothing.co.uk.xml
+++ b/src/chrome/content/rules/AquilaClothing.co.uk.xml
@@ -5,7 +5,7 @@ Fetch error: http://aquilaclothing.co.uk/ => https://aquilaclothing.co.uk/: (51,
 Fetch error: http://www.aquilaclothing.co.uk/ => https://www.aquilaclothing.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.aquilaclothing.co.uk'")
 
 -->
-<ruleset name="AquilaClothing.co.uk" default_off='failed ruleset test'>
+<ruleset name="AquilaClothing.co.uk" default_off="failed ruleset test">
   <target host="aquilaclothing.co.uk" />
   <target host="www.aquilaclothing.co.uk" />
 
diff --git a/src/chrome/content/rules/Aquiss.xml b/src/chrome/content/rules/Aquiss.xml
index 4502e1b6d64f..6fd7ca2bd6e8 100644
--- a/src/chrome/content/rules/Aquiss.xml
+++ b/src/chrome/content/rules/Aquiss.xml
@@ -17,13 +17,13 @@
 -->
 <ruleset name="Aquiss (partial)">
 
-	<target host="*.aquiss.net"/>
+	<target host="ebilling.aquiss.net" />
+	<target host="secure.aquiss.net" />
 		<exclusion pattern="^http://ebilling\.aquiss\.net/(?!css/|templates/)" />
 
 
 	<securecookie host="^secure\.aquiss\.net$" name=".+" />
 
-	<rule from="^http://(ebilling|secure)\.aquiss\.net/"
-		to="https://$1.aquiss.net/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ArXiv2Bibtex.org.xml b/src/chrome/content/rules/ArXiv2Bibtex.org.xml
new file mode 100644
index 000000000000..af9c00c305b3
--- /dev/null
+++ b/src/chrome/content/rules/ArXiv2Bibtex.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ArXiv2Bibtex.org">
+	<target host="arxiv2bibtex.org" />
+	<target host="www.arxiv2bibtex.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arachnys.xml b/src/chrome/content/rules/Arachnys.xml
index c5ee7af0e4d4..0b4af44ba339 100644
--- a/src/chrome/content/rules/Arachnys.xml
+++ b/src/chrome/content/rules/Arachnys.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aral_Balkan.com.xml b/src/chrome/content/rules/Aral_Balkan.com.xml
index 6bf6c6c5f082..b112eadbfc3a 100644
--- a/src/chrome/content/rules/Aral_Balkan.com.xml
+++ b/src/chrome/content/rules/Aral_Balkan.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://aralbalkan.com/ => https://aralbalkan.com/: (60, 'SSL certif
 Fetch error: http://www.aralbalkan.com/ => https://www.aralbalkan.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Aral Balkan.com" default_off='failed ruleset test'>
+<ruleset name="Aral Balkan.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Arbor-Netscout.xml b/src/chrome/content/rules/Arbor-Netscout.xml
new file mode 100644
index 000000000000..6c1cc51b444b
--- /dev/null
+++ b/src/chrome/content/rules/Arbor-Netscout.xml
@@ -0,0 +1,89 @@
+
+<!--
+	Problematic domains:
+
+		- (www.)?arbor.net ¹
+		- atlas.arbornetworks.com ¹
+		- ddos.arbornetworks.com ²
+		- partner.arbornetworks.com
+
+	¹ Redirect differs
+	² Shows www
+
+
+	These altnames don't exist:
+
+		- www.atlas.arbor.net
+		- www.partner.arbornetworks.com
+
+
+	Insecure cookies are set for these hosts:
+
+		- www.arbornetworks.com
+
+
+	Mixed content:
+
+		- Bug on blog from assets.cookieconsent.silktide.com ˢ
+
+	ˢ Secured by us
+
+-->
+<ruleset name="Arbor Networks">
+
+	<target host="atlas.arbor.net" />
+
+	<target host="arbornetworks.com" />
+	<target host="asert.arbornetworks.com" />
+	<target host="blog.arbornetworks.com" />
+	<target host="pages.arbornetworks.com" />
+	<target host="partner.arbornetworks.com" />
+	<target host="partnercenter.arbornetworks.com" />
+	<target host="www.arbornetworks.com" />
+
+	<!--	Complications:
+				-->
+	<target host="arbor.net" />
+	<target host="www.arbor.net" />
+
+	<target host="atlas.arbornetworks.com" />
+	<target host="ddos.arbornetworks.com" />
+
+	<target host="netscout.com" />
+	<target host="www.netscout.com" />
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^www\.arbornetworks\.com$" name="^[\da-f]{32}$" /-->
+
+	<securecookie host="^\." name="^_gat?$" />
+	<securecookie host="^\w" name=".+" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://atlas\.arbornetworks\.com/+"
+		to="https://atlas.arbor.net/" />
+
+		<test url="http://atlas.arbornetworks.com/home.htm" />
+
+	<rule from="^http://blog\.arbornetworks\.com/"
+                to="https://www.arbornetworks.com/blog/insight/" />
+
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://ddos\.arbornetworks\.com/+"
+		to="https://www.arbornetworks.com/asert/" />
+
+		<test url="http://ddos.arbornetworks.com/home.htm" />
+	
+		<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://partner\.arbornetworks\.com/+"
+		to="https://partnercenter.arbornetworks.com/" />
+	
+		<test url="http://partner.arbornetworks.com/et.cfm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Arbor-Networks.xml b/src/chrome/content/rules/Arbor-Networks.xml
deleted file mode 100644
index 03cfac0c816c..000000000000
--- a/src/chrome/content/rules/Arbor-Networks.xml
+++ /dev/null
@@ -1,85 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://partner.arbornetworks.com/ => https://partner.arbornetworks.com/: (28, 'Connection timed out after 20000 milliseconds')
-
-	Problematic domains:
-
-		- (www.)?arbor.net ¹
-		- atlas.arbornetworks.com ¹
-		- ddos.arbornetworks.com ²
-
-	¹ Redirect differs
-	² Shows www
-
-
-	These altnames don't exist:
-
-		- www.atlas.arbor.net
-		- www.partner.arbornetworks.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.arbornetworks.com
-
-
-	Mixed content:
-
-		- Bug on blog from assets.cookieconsent.silktide.com ˢ
-
-	ˢ Secured by us
-
--->
-<ruleset name="Arbor Networks" default_off='failed ruleset test'>
-
-	<target host="atlas.arbor.net" />
-
-	<target host="arbornetworks.com" />
-	<target host="asert.arbornetworks.com" />
-	<target host="blog.arbornetworks.com" />
-	<target host="partner.arbornetworks.com" />
-	<target host="www.arbornetworks.com" />
-
-	<!--	Complications:
-				-->
-	<target host="arbor.net" />
-	<target host="www.arbor.net" />
-
-	<target host="atlas.arbornetworks.com" />
-	<target host="ddos.arbornetworks.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.arbornetworks\.com$" name="^[\da-f]{32}$" /-->
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	301s as so
-					-->
-	<rule from="^http://(?:www\.)?arbor\.net/+"
-		to="https://www.arbornetworks.com/" />
-
-		<test url="http://www.arbor.net/home.htm" />
-
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://atlas\.arbornetworks\.com/+"
-		to="https://atlas.arbor.net/" />
-
-		<test url="http://atlas.arbornetworks.com/home.htm" />
-
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://ddos\.arbornetworks\.com/+"
-		to="https://www.arbornetworks.com/asert/" />
-
-		<test url="http://ddos.arbornetworks.com/home.htm" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArcGIS.xml b/src/chrome/content/rules/ArcGIS.xml
index 40349178efef..697a9af1a586 100644
--- a/src/chrome/content/rules/ArcGIS.xml
+++ b/src/chrome/content/rules/ArcGIS.xml
@@ -192,12 +192,12 @@
 	<target host="workforce.arcgis.com" />
 
 		<test url="http://js.arcgis.com/3.13/dijit/themes/claro/claro.css" />
-		
+
 		<test url="http://acogis.maps.arcgis.com/" />
 		<test url="http://brooklynpark.maps.arcgis.com/" />
 		<test url="http://lra-cha.maps.arcgis.com/" />
 		<test url="http://rws.maps.arcgis.com/" />
-		
+
 		<test url="http://aampo-mpo.opendata.arcgis.com/" />
 		<test url="http://data-npdc.opendata.arcgis.com/" />
 		<test url="http://parcels-lunacountynm.opendata.arcgis.com/" />
diff --git a/src/chrome/content/rules/ArcGIS_online.com.xml b/src/chrome/content/rules/ArcGIS_online.com.xml
index 452be96525de..6c84c1a40f02 100644
--- a/src/chrome/content/rules/ArcGIS_online.com.xml
+++ b/src/chrome/content/rules/ArcGIS_online.com.xml
@@ -10,7 +10,7 @@
 	- seattle-imagery1.arcgisonline.com
 	- seattle-imagery2.arcgisonline.com
 	- seattle-imagery5.arcgisonline.com
-	
+
 	Cert mismatch:
 		- arcgisonline.com
 		- qaext.arcgisonline.com
@@ -38,7 +38,7 @@
 		- mesa1-services.arcgisonline.com
 		- mesa2-services.arcgisonline.com
 		- mobilesampleserver.arcgisonline.com
-		- premiumtasks.arcgisonline.com		
+		- premiumtasks.arcgisonline.com
 		- sampleserver1a.arcgisonline.com
 		- sampleserver1b.arcgisonline.com
 		- sampleserver1c.arcgisonline.com
diff --git a/src/chrome/content/rules/ArchBang.org.xml b/src/chrome/content/rules/ArchBang.org.xml
index 28e6d56caedf..0867a90b3847 100644
--- a/src/chrome/content/rules/ArchBang.org.xml
+++ b/src/chrome/content/rules/ArchBang.org.xml
@@ -5,7 +5,9 @@
 <ruleset name="ArchBang.org" default_off="mismatched">
 
 	<target host="archbang.org" />
-	<target host="*.archbang.org" />
+	<target host="bbs.archbang.org" />
+	<target host="wiki.archbang.org" />
+	<target host="www.archbang.org" />
 
 
 	<!--	Secured by server:
diff --git a/src/chrome/content/rules/Archi-Strasbourg.xml b/src/chrome/content/rules/Archi-Strasbourg.xml
index 88881b4104dd..fb7a237bf37a 100644
--- a/src/chrome/content/rules/Archi-Strasbourg.xml
+++ b/src/chrome/content/rules/Archi-Strasbourg.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://archi-strasbourg.org/ => https://archi-strasbourg.org/: Cycle detected - URL already encountered: https://archi-strasbourg.org/
 Fetch error: http://www.archi-strasbourg.org/ => https://archi-strasbourg.org/: Cycle detected - URL already encountered: https://archi-strasbourg.org/
 -->
-<ruleset name="Archi-Strasbourg" default_off='failed ruleset test'>
+<ruleset name="Archi-Strasbourg" default_off="failed ruleset test">
   <target host="archi-strasbourg.org"/>
   <target host="www.archi-strasbourg.org"/>
 
diff --git a/src/chrome/content/rules/Architects_Journal.xml b/src/chrome/content/rules/Architects_Journal.xml
index f4c182fa4f36..9457230ff947 100644
--- a/src/chrome/content/rules/Architects_Journal.xml
+++ b/src/chrome/content/rules/Architects_Journal.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?(?:architectsjournal|theaj)\.co\.uk/"
 		to="https://www.architectsjournal.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Archive.is.xml b/src/chrome/content/rules/Archive.is.xml
index 49559d942c57..0164e2e4d9ea 100644
--- a/src/chrome/content/rules/Archive.is.xml
+++ b/src/chrome/content/rules/Archive.is.xml
@@ -1,26 +1,22 @@
-<!--
-	Problematic domains:
-		- (www.)archive.is ¹
-		- blog.archive.is ²
-
-	¹ By webmaster request, we avoid redirecting anything to https://archive.is/ but ensure that the relevant connections are still upgraded by using archive.fo instead.
-	² Mismatch
--->
-<ruleset name="Archive.is (partial)">
+<ruleset name="Archive.is">
 
 	<target host="archive.today" />
-	<target host="blog.archive.today" />
 	<target host="www.archive.today" />
+	<target host="blog.archive.today" />
 	<target host="archive.fo" />
 	<target host="www.archive.fo" />
 	<target host="archive.is" />
 	<target host="www.archive.is" />
+	<target host="blog.archive.is" />
 	<target host="archive.li" />
-	<target host="blog.archive.li" />
 	<target host="www.archive.li" />
-
-	<rule from="^http://(www\.)?archive\.is/"
-		to="https://$1archive.fo/" />
+	<target host="blog.archive.li" />
+	<target host="archive.ph" />
+	<target host="www.archive.ph" />
+	<target host="blog.archive.ph" />
+	<target host="archive.vn" />
+	<target host="www.archive.vn" />
+	<target host="blog.archive.vn" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/ArchiveTeam.org.xml b/src/chrome/content/rules/ArchiveTeam.org.xml
new file mode 100644
index 000000000000..af07d07549fc
--- /dev/null
+++ b/src/chrome/content/rules/ArchiveTeam.org.xml
@@ -0,0 +1,17 @@
+<!--
+    Refused:
+        - digitize
+        - fileformats
+        - justsolve
+        - iabak
+        - iabackup
+-->
+<ruleset name="ArchiveTeam.org">
+	<target host="archiveteam.org" />
+	<target host="www.archiveteam.org" />
+	<target host="internetarchive.archiveteam.org" />
+	<target host="tracker.archiveteam.org" />
+	<target host="warriorhq.archiveteam.org" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Archives-ouvertes.fr.xml b/src/chrome/content/rules/Archives-ouvertes.fr.xml
index a8ca0eb3dc51..788e0dcb41c7 100644
--- a/src/chrome/content/rules/Archives-ouvertes.fr.xml
+++ b/src/chrome/content/rules/Archives-ouvertes.fr.xml
@@ -15,7 +15,7 @@
 		<test url="http://pastel.archives-ouvertes.fr/" />
 		<test url="http://tel.archives-ouvertes.fr/" />
 		<test url="http://telearn.archives-ouvertes.fr/" />
-	
+
 		<!-- Per-institution subdomains -->
 		<test url="http://hal-ens.archives-ouvertes.fr/" />
 		<test url="http://hal-pasteur.archives-ouvertes.fr/" />
diff --git a/src/chrome/content/rules/Archomedia.xml b/src/chrome/content/rules/Archomedia.xml
index eb6df3686c75..bbc6bbcfa095 100644
--- a/src/chrome/content/rules/Archomedia.xml
+++ b/src/chrome/content/rules/Archomedia.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?archomedia\.com/"
 		to="https://archomedia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ArcorCentralLogin.xml b/src/chrome/content/rules/ArcorCentralLogin.xml
deleted file mode 100644
index bd1bdf29900a..000000000000
--- a/src/chrome/content/rules/ArcorCentralLogin.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ArcorCentralLogin">
-  <target host="www.arcor.de" />
-  <target host="arcor.de" />
-  <securecookie host="^(?:.*\.)?arcor\.de$" name=".+" />
-  <rule from="^http://(?:www\.)?arcor\.de/login/login\.jsp" to="https://www.arcor.de/login/login.jsp"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Ardour.xml b/src/chrome/content/rules/Ardour.xml
index ba78e387a93b..3d8c1d8bc3e4 100644
--- a/src/chrome/content/rules/Ardour.xml
+++ b/src/chrome/content/rules/Ardour.xml
@@ -15,13 +15,14 @@
 <ruleset name="Ardour (partial)">
 
 	<target host="ardour.org" />
-	<target host="*.ardour.org" />
+	<target host="community.ardour.org" />
+	<target host="www.ardour.org" />
+	<target host="www.community.ardour.org" />
 
 
 	<securecookie host="^\.community\.ardour\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(community\.)?ardour\.org/"
-		to="https://$1$2ardour.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arduino.cc.xml b/src/chrome/content/rules/Arduino.cc.xml
index 2ded1b7e0ee0..04b838c8d70f 100644
--- a/src/chrome/content/rules/Arduino.cc.xml
+++ b/src/chrome/content/rules/Arduino.cc.xml
@@ -2,13 +2,13 @@
 	Nonfunctional subdomains:
         - www.id (wrong cert)
         - casajasmina.arduino.cc (refused)
-    
+
     Latest test: 11.11.2017
 -->
 <ruleset name="Arduino.cc (partial)">
 	<target host="arduino.cc" />
 	<target host="www.arduino.cc" />
-	
+
 	<!--<target host="auth.arduino.cc" />--><!-- breaks test script -->
 	<target host="blog.arduino.cc" />
 	<target host="cdn.arduino.cc" />
diff --git a/src/chrome/content/rules/AreWeFluentYet.com.xml b/src/chrome/content/rules/AreWeFluentYet.com.xml
new file mode 100644
index 000000000000..6e2582d8e5b0
--- /dev/null
+++ b/src/chrome/content/rules/AreWeFluentYet.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="AreWeFluentYet.com">
+	<target host="arewefluentyet.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AreWeLearningYet.com.xml b/src/chrome/content/rules/AreWeLearningYet.com.xml
new file mode 100644
index 000000000000..3f953934d6a9
--- /dev/null
+++ b/src/chrome/content/rules/AreWeLearningYet.com.xml
@@ -0,0 +1,9 @@
+<!--
+	Nonfunctional hosts in *.arewelearningyet.com:
+		- arewelearningyet.com:
+-->
+<ruleset name="AreWeLearningYet.com">
+	<target host="www.arewelearningyet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AreWeWebYet.org.xml b/src/chrome/content/rules/AreWeWebYet.org.xml
new file mode 100644
index 000000000000..acfcc5c1d295
--- /dev/null
+++ b/src/chrome/content/rules/AreWeWebYet.org.xml
@@ -0,0 +1,9 @@
+ <!--
+	Nonfunctional hosts in *.arewewebyet.org:
+		- arewewebyet.org:
+-->
+<ruleset name="AreWeWebYet.org">
+	<target host="www.arewewebyet.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Are_We_Slim_Yet.com.xml b/src/chrome/content/rules/Are_We_Slim_Yet.com.xml
deleted file mode 100644
index e571b86c6fb3..000000000000
--- a/src/chrome/content/rules/Are_We_Slim_Yet.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Mozilla coverage, see Mozilla.xml.
-
--->
-<ruleset name="Are We Slim Yet.com">
-
-	<target host="areweslimyet.com" />
-	<target host="www.areweslimyet.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArenaofValor.com.xml b/src/chrome/content/rules/ArenaofValor.com.xml
new file mode 100644
index 000000000000..268f423cdabd
--- /dev/null
+++ b/src/chrome/content/rules/ArenaofValor.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ArenaofValor.com">
+
+	<target host="www.arenaofvalor.com" />
+	<target host="forum.arenaofvalor.com" />
+	<target host="ue.arenaofvalor.com" />
+		<test url="http://ue.arenaofvalor.com/mur/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Argonne-National-Laboratory.xml b/src/chrome/content/rules/Argonne-National-Laboratory.xml
index 3f002a283e46..d1fb50e87ac9 100644
--- a/src/chrome/content/rules/Argonne-National-Laboratory.xml
+++ b/src/chrome/content/rules/Argonne-National-Laboratory.xml
@@ -13,7 +13,14 @@
 -->
 <ruleset name="Argonne National Laboratory (partial)">
 
-	<target host="*.anl.gov" />
+	<target host="cels.anl.gov" />
+	<target host="evs.anl.gov" />
+	<target host="mcs.anl.gov" />
+	<target host="www.cels.anl.gov" />
+	<target host="www.evs.anl.gov" />
+	<target host="www.mcs.anl.gov" />
+	<target host="aps.anl.gov" />
+	<target host="www.aps.anl.gov" />
 
 
 	<!--	- cels: Cert only matches www.cels
diff --git a/src/chrome/content/rules/Argos.xml b/src/chrome/content/rules/Argos.xml
index 4bd4822fd77d..8c893658e7b8 100644
--- a/src/chrome/content/rules/Argos.xml
+++ b/src/chrome/content/rules/Argos.xml
@@ -30,7 +30,7 @@ Fetch error: http://www.wearechoosy.com/ => https://www.wearechoosy.com/: (60, '
 		- (www.)?argos-spain.co.uk	(→ www.argosonline.es)
 
 -->
-<ruleset name="Argos (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Argos (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="argos.co.uk" />
 	<target host="*.argos.co.uk" />
diff --git a/src/chrome/content/rules/Argus.ch.xml b/src/chrome/content/rules/Argus.ch.xml
deleted file mode 100644
index 164f743306f4..000000000000
--- a/src/chrome/content/rules/Argus.ch.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional hosts in *argus.ch:
-
-		- mobile *
-
-	* Handshake fails
-
-
-	Insecure cookies are set for these hosts:
-
-		- avenue.argus.ch
-
--->
-<ruleset name="Argus.ch (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="argus.ch" />
-	<target host="avenue.argus.ch" />
-	<target host="www.argus.ch" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^avenue\.argus\.ch$" name="^(\.ASPXAUTH|ASP\.NET_SessionId|Login)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Argus_Leader.xml b/src/chrome/content/rules/Argus_Leader.xml
index 34757ef7b1b5..762def4bb052 100644
--- a/src/chrome/content/rules/Argus_Leader.xml
+++ b/src/chrome/content/rules/Argus_Leader.xml
@@ -1,25 +1,34 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://argusleader.com/ => http://argusleader.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.argusleader.com'")
-	For other Gannett Company coverage, see Gannet-Company.xml.
+	For other Gannett Company coverage, see Gannett-Company.xml.
 
+	Note: *.argusleader.com has a wildcard DNS record.
 
-	Problematic subdomains:
+	Non-functional hosts
+		Timeout was reached:
+		- classifieds.argusleader.com
 
-		- ^
-		- cmsimg	(503, akamai)
+		SSL peer certificate was not OK:
+		- cmsimg.argusleader.com
 
--->
-<ruleset name="The Argus Leader">
+		Mixed content blocking (MCB) triggered:
+		- realestate.argusleader.com
 
+-->
+<ruleset name="ArgusLeader.com (partial)">
 	<target host="argusleader.com" />
-	<target host="*.argusleader.com" />
-
-
-	<securecookie host="^www\.argusleader\.com$" name=".+" />
-
-
-	<rule from="^http://(?:cmsimg\.|www\.)argusleader\.com/"
-		to="https://www.argusleader.com/" />
-
+	<target host="www.argusleader.com" />
+	<target host="amp.argusleader.com" />
+	<target host="data.argusleader.com" />
+	<target host="eu.argusleader.com" />
+	<target host="jobs.argusleader.com" />
+	<target host="static.argusleader.com" />
+		<test url="http://static.argusleader.com/terms/" />
+		<test url="http://static.argusleader.com/community/" />
+	<target host="user.argusleader.com" />
+		<test url="http://user.argusleader.com/user/enewspaper" />
+	<target host="ux.argusleader.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ariejan.net.xml b/src/chrome/content/rules/Ariejan.net.xml
index ebf4f1cd8720..a60146f89914 100644
--- a/src/chrome/content/rules/Ariejan.net.xml
+++ b/src/chrome/content/rules/Ariejan.net.xml
@@ -1,7 +1,8 @@
 <ruleset name="Ariejan.net">
 
 	<target host="ariejan.net"/>
-	<target host="*.ariejan.net"/>
+	<target host="spock.ariejan.net" />
+	<target host="www.ariejan.net" />
 
 	<!--	cert doesn't match www		-->
 	<rule from="^http://(?:(spock\.)|www\.)?ariejan\.net/"
diff --git a/src/chrome/content/rules/Arisebitcoin.com.xml b/src/chrome/content/rules/Arisebitcoin.com.xml
deleted file mode 100644
index 132c79772668..000000000000
--- a/src/chrome/content/rules/Arisebitcoin.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Arisebitcoin.com">
-
-	<target host="arisebitcoin.com" />
-	<target host="www.arisebitcoin.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Arizona-State-University.xml b/src/chrome/content/rules/Arizona-State-University.xml
index 4b15905c3e4f..4dd12471e347 100644
--- a/src/chrome/content/rules/Arizona-State-University.xml
+++ b/src/chrome/content/rules/Arizona-State-University.xml
@@ -228,7 +228,7 @@ Fetch error: http://www.geodacenter.org/ => https://www.geodacenter.org/: (28, '
 		- libguides		(→ libguides.com, $ redirects to http)
 
 -->
-<ruleset name="Arizona State University (partial)" default_off='failed ruleset test'>
+<ruleset name="Arizona State University (partial)" default_off="failed ruleset test">
 
 	<target host="asu.edu" />
 	<target host="*.asu.edu" />
diff --git a/src/chrome/content/rules/Arkena.com.xml b/src/chrome/content/rules/Arkena.com.xml
deleted file mode 100644
index 95b85fdb19b2..000000000000
--- a/src/chrome/content/rules/Arkena.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	^arkena.com: Redirect loop
-	www.arkena.com: Expired, mismatched
-
--->
-<ruleset name="Arkena.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cdn.arkena.com" />
-	<target host="backoffice.cdn.arkena.com" />
-	<target host="login.arkena.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Armorgames.com.xml b/src/chrome/content/rules/Armorgames.com.xml
new file mode 100644
index 000000000000..31c29f0cf79f
--- /dev/null
+++ b/src/chrome/content/rules/Armorgames.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Armorgames.com">
+	<target host="armorgames.com" />
+	<target host="www.armorgames.com" />
+	<target host="cache.armorgames.com" />
+	<target host="developers.armorgames.com" />
+	<target host="employment.armorgames.com" />
+	<target host="mobile.armorgames.com" />
+	<target host="origin.armorgames.com" />
+	<target host="presskits.armorgames.com" />
+	<target host="stage.armorgames.com" />
+	<target host="store.armorgames.com" />
+	<target host="support.armorgames.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArmoryBids.com.xml b/src/chrome/content/rules/ArmoryBids.com.xml
index abe5c3315f84..d48934c5499f 100644
--- a/src/chrome/content/rules/ArmoryBids.com.xml
+++ b/src/chrome/content/rules/ArmoryBids.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://armorybids.com/ => https://armorybids.com/: (28, 'Connection
 Fetch error: http://www.armorybids.com/ => https://www.armorybids.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="ArmoryBids.com" default_off='failed ruleset test'>
+<ruleset name="ArmoryBids.com" default_off="failed ruleset test">
 
 	<target host="armorybids.com" />
 	<target host="www.armorybids.com" />
diff --git a/src/chrome/content/rules/Armscontrolcenter.org.xml b/src/chrome/content/rules/Armscontrolcenter.org.xml
new file mode 100644
index 000000000000..e5bdd7f303b6
--- /dev/null
+++ b/src/chrome/content/rules/Armscontrolcenter.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Armscontrolcenter.org">
+	<target host="armscontrolcenter.org" />
+	<target host="www.armscontrolcenter.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arozus.xml b/src/chrome/content/rules/Arozus.xml
index 167b74462a05..9a93b06f1d5f 100644
--- a/src/chrome/content/rules/Arozus.xml
+++ b/src/chrome/content/rules/Arozus.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Arpxs.com.xml b/src/chrome/content/rules/Arpxs.com.xml
index 5eb8c2199a66..80cd7ad62433 100644
--- a/src/chrome/content/rules/Arpxs.com.xml
+++ b/src/chrome/content/rules/Arpxs.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.arpxs.com/ => https://www.arpxs.com/: (51, "SSL: no alte
 		- www.arpxs.com
 
 -->
-<ruleset name="arpxs.com" default_off='failed ruleset test'>
+<ruleset name="arpxs.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Arquetype.org.xml b/src/chrome/content/rules/Arquetype.org.xml
index 91ef0e599252..7c1f010168e4 100644
--- a/src/chrome/content/rules/Arquetype.org.xml
+++ b/src/chrome/content/rules/Arquetype.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://arquetype.org/ => https://arquetype.org/: (60, 'SSL certific
 Fetch error: http://www.arquetype.org/ => https://www.arquetype.org/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="arquetype.org" default_off='failed ruleset test'>
+<ruleset name="arquetype.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Array.is.xml b/src/chrome/content/rules/Array.is.xml
deleted file mode 100644
index 464b33a52718..000000000000
--- a/src/chrome/content/rules/Array.is.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- themes *
-		- www *
-
-	* Works, cert only matches ^array.is
-
-
-	Mixed content:
-
-		- Images on themes from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="Array.is (partial)">
-
-	<target host="array.is" />
-	<target host="www.array.is" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^array\.is$" name="^edd_wp_session$" /-->
-
-	<securecookie host="^array\.is$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?array\.is/"
-		to="https://array.is/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ars-Technica.xml b/src/chrome/content/rules/Ars-Technica.xml
deleted file mode 100644
index 6c0caa9d7deb..000000000000
--- a/src/chrome/content/rules/Ars-Technica.xml
+++ /dev/null
@@ -1,108 +0,0 @@
-<!--
-
-	For other Condé Nast coverage, see Conde-Nast.xml.
-
-	CDN buckets:
-
-		- condenast.112.2o7.net
-
-			- stats2.arstechnica.com
-
-		- arstechnica.cachefly.net
-
-		- arstechnicarp.cachefly.net
-
-			- media.arstechnica.com
-			- origin.arstechnica.com
-			- cdn.arstechnica.net
-			- static.arstechnica.net
-
-
-	Nonfunctional arstechnica.com subdomains:
-
-		- archive *
-		- live		(refused)
-		- origin.cdn *
-
-	* Times out
-
-
-	Problematic domains:
-
-		- ars.to			(times out)
-
-		- arstechnica.com subdomains:
-
-			- episteme	(works; mismatched, CN: arstechnica.com)
-			- feeds ᶠ
-			- media ᵐ
-			- origin ᵐ
-			- stats2 ᵐ
-
-		- static.arstechnica.net ᵐ
-
-	ᶠ Feedburner / handshake fails
-	ᵐ Mismatched
-
-
-	These altnames don't exist:
-
-		- write.arstechnica.com
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- arstechnica.com
-		- .arstechnica.com
-		- cms.arstechnica.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Bug on ^ from b.scorecardresearch.com *
-
-	* Secured by us
-
--->
-<ruleset name="Ars Technica (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="arstechnica.com" />
-	<target host="www.arstechnica.com" />
-	<target host="cdn.arstechnica.net" />
-	<target host="cms.arstechnica.com" />
-	<target host="hq.arstechnica.com" />
-	<target host="sstats.arstechnica.com"/>
-	<target host="video.arstechnica.com"/>
-	<target host="cdn.accelerator.arsdev.net"/>
-	<target host="arstechnica.co.uk"/>	
-
-	<!--	Complications:
-				-->
-	<target host="ars.to" />
-	<target host="feeds.arstechnica.com" />
-	<target host="media.arstechnica.com" />
-	<target host="origin.arstechnica.com" />
-	<target host="stats2.arstechnica.com" />
-	<target host="static.arstechnica.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://ars\.to/"
-		to="https://bit.ly/" />
-
-	<rule from="^http://feeds\.arstechnica\.com/"
-		to="https://feeds.feedburner.com/" />
-
-	<rule from="^http://stats2\.arstechnica\.com/"
-		to="https://condenast.112.2o7.net/" />
-
-	<rule from="^http://((media|origin)\.arstechnica\.com|static\.arstechnica\.net)/"
-		to="https://cdn.arstechnica.net/" />
-
-	<rule from="^http:"	to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArsTechnica.co.uk.xml b/src/chrome/content/rules/ArsTechnica.co.uk.xml
new file mode 100644
index 000000000000..17ca26df542c
--- /dev/null
+++ b/src/chrome/content/rules/ArsTechnica.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+-->
+<ruleset name="ArsTechnica.co.uk (partial)">
+	<target host="arstechnica.co.uk" />
+	<target host="www.arstechnica.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArsTechnica.com.xml b/src/chrome/content/rules/ArsTechnica.com.xml
new file mode 100644
index 000000000000..a72caf50bdf8
--- /dev/null
+++ b/src/chrome/content/rules/ArsTechnica.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- irc.arstechnica.com
+		- irc-nyc.arstechnica.com
+		- irc-sfo.arstechnica.com
+		- staging.arstechnica.com
+
+		Timeout was reached:
+		- origin.cdn.arstechnica.com
+		- live.arstechnica.com
+		- uk.live.arstechnica.com
+		- util.arstechnica.com
+
+		SSL connect error:
+		- feeds.arstechnica.com
+
+		SSL peer certificate was not OK:
+		- www.coins.arstechnica.com
+		- www.irc.arstechnica.com
+
+		Mixed content blocking (MCB) triggered:
+		- archive.arstechnica.com
+-->
+<ruleset name="ArsTechnica.com (partial)">
+	<target host="arstechnica.com" />
+	<target host="www.arstechnica.com" />
+	<target host="apps.arstechnica.com" />
+	<target host="cardboard.arstechnica.com" />
+	<target host="civis.arstechnica.com" />
+	<target host="cms.arstechnica.com" />
+	<target host="coins.arstechnica.com" />
+	<target host="dev.arstechnica.com" />
+	<target host="episteme.arstechnica.com" />
+	<target host="hq.arstechnica.com" />
+	<target host="jobs.arstechnica.com" />
+	<target host="link.arstechnica.com" />
+	<target host="m.arstechnica.com" />
+	<target host="media.arstechnica.com" />
+	<target host="origin.arstechnica.com" />
+	<target host="sstats.arstechnica.com" />
+	<target host="static.arstechnica.com" />
+		<test url="http://static.arstechnica.com/staff-directory/" />
+		<test url="http://static.arstechnica.com/store/" />
+	<target host="stats.arstechnica.com" />
+	<target host="stats2.arstechnica.com" />
+	<target host="store.arstechnica.com" />
+	<target host="video.arstechnica.com" />
+		<test url="http://video.arstechnica.com/genres/technology" />
+		<test url="http://video.arstechnica.com/watch/a-celebration-of-cassini/" />
+	<target host="write.arstechnica.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArsTechnica.net.xml b/src/chrome/content/rules/ArsTechnica.net.xml
new file mode 100644
index 000000000000..534e88851bbc
--- /dev/null
+++ b/src/chrome/content/rules/ArsTechnica.net.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Condé Nast coverage, see Conde-Nast.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- static.arstechnica.net
+-->
+<ruleset name="ArsTechnica.net (partial)">
+	<target host="cdn.arstechnica.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Art-Practical.xml b/src/chrome/content/rules/Art-Practical.xml
index b1be04756d7a..2e67f621baad 100644
--- a/src/chrome/content/rules/Art-Practical.xml
+++ b/src/chrome/content/rules/Art-Practical.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://artpractical.com/ (200) => https://artpractical.com/ (404)
 Non-2xx HTTP code: http://www.artpractical.com/ (200) => https://artpractical.com/ (404)
 -->
-<ruleset name="Art Practical" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Art Practical" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="artpractical.com" />
 	<target host="www.artpractical.com" />
diff --git a/src/chrome/content/rules/Art.com.xml b/src/chrome/content/rules/Art.com.xml
index 25f62ff0cc3a..0729abdf7b8c 100644
--- a/src/chrome/content/rules/Art.com.xml
+++ b/src/chrome/content/rules/Art.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://art.com/ => https://art.com/: (28, 'Connection timed out aft
 		- Ads on eu from cache1.artprintimages.com
 
 -->
-<ruleset name="Art.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Art.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Art2pO.com.xml b/src/chrome/content/rules/Art2pO.com.xml
deleted file mode 100644
index b24e633f3e8b..000000000000
--- a/src/chrome/content/rules/Art2pO.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-
-		- Images, on (www.) from:
-
-			- (www.) *
-			- www.google.com *
-
--->
-<ruleset name="Art2pO.com">
-
-	<target host="art2po.com" />
-	<target host="www.art2po.com" />
-
-
-	<securecookie host="^(?:w*\.)?art2po\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ArtChristina.xml b/src/chrome/content/rules/ArtChristina.xml
index 01b1af1fd359..64374c8bab9a 100644
--- a/src/chrome/content/rules/ArtChristina.xml
+++ b/src/chrome/content/rules/ArtChristina.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?artchristina\.com/"
 		to="https://artchristina.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ArtOfProblemSolving.com.xml b/src/chrome/content/rules/ArtOfProblemSolving.com.xml
new file mode 100644
index 000000000000..6b86a84a7bf5
--- /dev/null
+++ b/src/chrome/content/rules/ArtOfProblemSolving.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="ArtOfProblemSolving.com">
+	<target host="artofproblemsolving.com" />
+	<target host="www.artofproblemsolving.com" />
+	<target host="data.artofproblemsolving.com" />
+	<target host="latex.artofproblemsolving.com" />
+	<target host="services.artofproblemsolving.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ArtSkills.xml b/src/chrome/content/rules/ArtSkills.xml
index ad06bbe293b9..9edc1f563479 100644
--- a/src/chrome/content/rules/ArtSkills.xml
+++ b/src/chrome/content/rules/ArtSkills.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Art_Schools.com.xml b/src/chrome/content/rules/Art_Schools.com.xml
deleted file mode 100644
index 37668fc0b735..000000000000
--- a/src/chrome/content/rules/Art_Schools.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Monster coverage, see Monster.xml.	
-
-
-	(www.)?artschools.com: Plaintext reply
-
--->
-<ruleset name="Art Schools.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="edu.artschools.com" />
-
-		<test url="http://edu.artschools.com/cpc/3282" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Artday.xml b/src/chrome/content/rules/Artday.xml
index 767c07c626b6..eb23b557f4aa 100644
--- a/src/chrome/content/rules/Artday.xml
+++ b/src/chrome/content/rules/Artday.xml
@@ -8,10 +8,11 @@ Fetch error: http://artday.co.kr/ => https://auction.artday.co.kr/: (51, "SSL: n
 		- (www.)	(expired 2013-04-06)
 
 -->
-<ruleset name="Artday" default_off='failed ruleset test'>
+<ruleset name="Artday" default_off="failed ruleset test">
 
 	<target host="artday.co.kr" />
-	<target host="*.artday.co.kr" />
+	<target host="auction.artday.co.kr" />
+	<target host="www.artday.co.kr" />
 
 
 	<securecookie host="^auction\.artday\.co\.kr$" name=".+" />
@@ -22,4 +23,4 @@ Fetch error: http://artday.co.kr/ => https://auction.artday.co.kr/: (51, "SSL: n
 	<rule from="^http://(?:auction\.|www\.)?artday\.co\.kr/"
 		to="https://auction.artday.co.kr/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Artemis.net.xml b/src/chrome/content/rules/Artemis.net.xml
index af0729c5e3ae..a968b8766660 100644
--- a/src/chrome/content/rules/Artemis.net.xml
+++ b/src/chrome/content/rules/Artemis.net.xml
@@ -5,18 +5,17 @@ Fetch error: http://artemis.net/ => https://artemis.net/: (60, 'SSL certificate
 Fetch error: http://artemisinternet.com/ => https://artemisinternet.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Artemis.net" default_off='failed ruleset test'>
+<ruleset name="Artemis.net" default_off="failed ruleset test">
 
 	<target host="artemis.net" />
-	<target host="*.artemis.net" />
 	<target host="artemisinternet.com" />
-	<target host="*.artemisinternet.com" />
+	<target host="www.artemis.net" />
+	<target host="www.artemisinternet.com" />
 
 
 	<securecookie host="^\.artemis(?:\.net|internet\.com)$" name=".+" />
 
 
-	<rule from="^http://(www\.)?artemis(\.net|internet\.com)/"
-		to="https://$1artemis$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Artfiles_New_Media.xml b/src/chrome/content/rules/Artfiles_New_Media.xml
index aecaefc8fdfd..f6eb946257c6 100644
--- a/src/chrome/content/rules/Artfiles_New_Media.xml
+++ b/src/chrome/content/rules/Artfiles_New_Media.xml
@@ -25,7 +25,11 @@
 <ruleset name="Artfiles New Media (partial)">
 
 	<target host="artfiles.de" />
-	<target host="*.artfiles.de" />
+	<target host="dcp.c.artfiles.de" />
+	<target host="documents.artfiles.de" />
+	<target host="www.artfiles.de" />
+	<target host="webmail.artfiles.de" />
+	<target host="www.webmail.artfiles.de" />
 
 
 	<!--	Not secured by server:
@@ -37,10 +41,9 @@
 	<securecookie host="^(?:webmail|www)?\.artfiles\.de$" name=".+" />
 
 
-	<rule from="^http://((?:dcp\.c|documents|www)\.)?artfiles\.de/"
-		to="https://$1artfiles.de/" />
 
 	<rule from="^http://(?:www\.)?webmail\.artfiles\.de/"
 		to="https://webmail.artfiles.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Arun.gov.uk.xml b/src/chrome/content/rules/Arun.gov.uk.xml
new file mode 100644
index 000000000000..930264a81f72
--- /dev/null
+++ b/src/chrome/content/rules/Arun.gov.uk.xml
@@ -0,0 +1,65 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://eastergate.arun.gov.uk/ => https://eastergate.arun.gov.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'eastergate.arun.gov.uk'")
+Fetch error: http://hamnet.arun.gov.uk/ => https://hamnet.arun.gov.uk/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+
+	Reset:
+		- aldingbourne
+		- burpham
+		- clapham
+		- claphamandpatching
+		- eastpreston
+		- findon
+		- ford
+		- kingston
+		- mailtest
+		- patching
+
+	Timeout:
+		- hamnet
+
+	Mismatched:
+		- eh
+		- eastergate
+		- ferring
+		- walberton
+
+	Self-signed:
+		- accesscc
+		- daccess
+-->
+<ruleset name="Arun.gov.uk">
+	<target host="arun.gov.uk" />
+	<target host="www.arun.gov.uk" />
+	<target host="www1.arun.gov.uk" />
+	<target host="aldingbourne.arun.gov.uk" />
+	<target host="burpham.arun.gov.uk" />
+	<target host="barnham.arun.gov.uk" />
+	<target host="clapham.arun.gov.uk" />
+	<target host="democracy.arun.gov.uk" />
+	<!-- target host="eastergate.arun.gov.uk" /-->
+	<target host="eastpreston.arun.gov.uk" />
+	<target host="ferring.arun.gov.uk" />
+	<target host="findon.arun.gov.uk" />
+	<target host="ford.arun.gov.uk" />
+	<!-- target host="hamnet.arun.gov.uk" /-->
+	<target host="kingston.arun.gov.uk" />
+	<target host="patching.arun.gov.uk" />
+	<target host="sts.arun.gov.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://aldingbourne\.arun\.gov\.uk/" to="https://aldingbourne-pc.gov.uk/" />
+	<rule from="^http://burpham\.arun\.gov\.uk/" to="https://burphamandwepham.org.uk/" />
+	<rule from="^http://clapham\.arun\.gov\.uk/" to="https://clapham.claphamandpatching-pc.gov.uk/" />
+	<rule from="^http://eastpreston\.arun\.gov\.uk/" to="https://eastpreston-pc.gov.uk/" />
+	<rule from="^http://ferring\.arun\.gov\.uk/" to="https://www.ferringparishcouncil.org.uk/" />
+	<rule from="^http://findon\.arun\.gov\.uk/" to="https://findonparishcouncil.gov.uk/" />
+	<rule from="^http://ford\.arun\.gov\.uk/" to="https://fordwestsussex-pc.gov.uk/" />
+	<rule from="^http://kingston\.arun\.gov\.uk/" to="https://kingston-wsx-pc.gov.uk/" />
+	<rule from="^http://patching\.arun\.gov\.uk/" to="https://patching.claphamandpatching-pc.gov.uk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Arvixe.xml b/src/chrome/content/rules/Arvixe.xml
index 0b73bb383fa5..ecc88514923e 100644
--- a/src/chrome/content/rules/Arvixe.xml
+++ b/src/chrome/content/rules/Arvixe.xml
@@ -27,16 +27,19 @@
 <ruleset name="Arvixe.com">
 
 	<target host="arvixe.com" />
-	<target host="*.arvixe.com" />
+	<target host="mail.arvixe.com" />
+	<target host="affiliates.arvixe.com" />
+	<target host="postoffice.arvixe.com" />
+	<target host="support.arvixe.com" />
+	<target host="www.arvixe.com" />
 
 
-	<securecookie host="^(?:.*\.)?arvixe\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://mail\.arvixe\.com/"
 		to="https://postoffice.arvixe.com/" />
 
-	<rule from="^http://((?:affiliates|postoffice|support|www)\.)?arvixe\.com/"
-		to="https://$1arvixe.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AsSeenOnTV.com.xml b/src/chrome/content/rules/AsSeenOnTV.com.xml
deleted file mode 100644
index 759d6abc29d8..000000000000
--- a/src/chrome/content/rules/AsSeenOnTV.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	^: refused
-
--->
-<ruleset name="AsSeenOnTV.com (partial)">
-
-	<target host="asseenontv.com" />
-	<target host="www.asseenontv.com" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="http://www\.asseenontv\.com/($|register\.php|orderlookup\.php)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="http://www\.asseenontv\.com/+(?!account\.php|asseenontv/|cart\.php|default/|favicon\.ico|img/)" />
-
-
-	<rule from="^http://(?:www\.)?asseenontv\.com/"
-		to="https://www.asseenontv.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Asahi_Shimbun.xml b/src/chrome/content/rules/Asahi_Shimbun.xml
index 14ecdc199fe1..36e9405eea6b 100644
--- a/src/chrome/content/rules/Asahi_Shimbun.xml
+++ b/src/chrome/content/rules/Asahi_Shimbun.xml
@@ -19,14 +19,13 @@
 -->
 <ruleset name="Asahi Shimbun (partial)">
 
-	<target host="*.asahi.com" />
+	<target host="digital.asahi.com" />
 		<exclusion pattern="^http://digital\.asahi\.com/(?!css/|img/|login)" />
 
 
 	<securecookie host="^ajw\.asahi\.com$" name=".+" />
 
 
-	<rule from="^http://(ajw|digital)\.asahi\.com/"
-		to="https://$1.asahi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asana.xml b/src/chrome/content/rules/Asana.xml
deleted file mode 100644
index 57d33c729ccf..000000000000
--- a/src/chrome/content/rules/Asana.xml
+++ /dev/null
@@ -1,413 +0,0 @@
-<!--
-www.app.asana.com ¹
-1vhah7szsqcnazbw.app.asana.com ¹
-4jjxqskapcy4tamk.app.asana.com ¹
-8zx6go4a65i7xlca.app.asana.com ¹
-bcyokm7nlc0p8mkf.app.asana.com ¹
-bpzqecn8h2qsxu1k.app.asana.com ¹
-clzl5aotqixkgadd.app.asana.com ¹
-dx9rbivhduprfpjm.app.asana.com ¹
-eisy1ny4svksdjpn.app.asana.com ¹
-flheys6nsunkj7ra.app.asana.com ¹
-hjlui5ifwnihpyf4.app.asana.com ¹
-lxpvxiicmf8aakmi.app.asana.com ¹
-mcdkqgeww6dnmkar.app.asana.com ¹
-mopn5ftfdbwukhiw.app.asana.com ¹
-njpfdt23xh2apb4e.app.asana.com ¹
-oumewj30yhpenkd6.app.asana.com ¹
-qyawua2zwwz9cjio.app.asana.com ¹
-r8eeddaskxnz1grm.app.asana.com ¹
-rel6lkcajyqvawhf.app.asana.com ¹
-vh3frinkmkk3rfxa.app.asana.com ¹
-w5q6whjv3ptdtbod.app.asana.com ¹
-webui_13671531.app.asana.com ¹
-webui_15664199.app.asana.com ¹
-webui_24371569.app.asana.com ¹
-webui_28042939.app.asana.com ¹
-webui_30099619.app.asana.com ¹
-webui_31859095.app.asana.com ¹
-webui_35393328.app.asana.com ¹
-webui_38023791.app.asana.com ¹
-webui_50663734.app.asana.com ¹
-webui_62818201.app.asana.com ¹
-webui_66275025.app.asana.com ¹
-webui_66620184.app.asana.com ¹
-webui_68808897.app.asana.com ¹
-webui_73953839.app.asana.com ¹
-webui_78228133.app.asana.com ¹
-webui_80326832.app.asana.com ¹
-webui_81854599.app.asana.com ¹
-webui_85382113.app.asana.com ¹
-webui_94617712.app.asana.com ¹
-webui_96300127.app.asana.com ¹
-webui_99578060.app.asana.com ¹
-webui_99707968.app.asana.com ¹
-xkfafkanigjolyw7.app.asana.com ¹
-xlzlxjncq7r7bdp6.app.asana.com ¹
-xtf7eyik3jokf02n.app.asana.com ¹
-code.asana.com non-2xx http code
-www.diapers.comapp.asana.com ¹
-data.flurry.comapp.asana.com ¹
-www.community.asana.com ¹
-connect.asana.com ⁷
-www.doimporter.asana.com ¹
-isatap.ad.jhu.eduapp.asana.com ¹
-esgwineb1.win.ad.jhu.eduapp.asana.com ¹
-jhcpaltns.jhu.eduapp.asana.com ¹
-o4.mail.invites.asana.com ³
-www.m.asana.com ¹
-www.mail.asana.com ¹
-o1.mail.asana.com ³
-o2.mail.asana.com ³
-o5.mail.asana.com ³
-o6.mail.asana.com ³
-pmbounces.asana.com ²
-www.sivanaspirit.asana.com ¹
-staging.asana.com ³
-o4.welcome.asana.com ³
-pixel.asana.com different content
-
-
-¹ mismatch
-² refused
-³ timed out
-⁷ protocol error
--->
-<ruleset name="asana.com">
-	<target host="asana.com" />
-	<target host="www.asana.com" />
-	<target host="1310app.asana.com" />
-	<target host="8atzywvvgloeqjvr.asana.com" />
-	<target host="9lugfi7k6kbugpdx.asana.com" />
-	<target host="a1310pp.asana.com" />
-	<target host="aap.asana.com" />
-	<target host="api.asana.com" />
-	<target host="app.asana.com" />
-	<target host="r24616611.sync.app.asana.com" />
-	<target host="r24616612.sync.app.asana.com" />
-	<target host="r24616616.sync.app.asana.com" />
-	<target host="r24616617.sync.app.asana.com" />
-	<target host="r24616619.sync.app.asana.com" />
-	<target host="r24616624.sync.app.asana.com" />
-	<target host="r24616625.sync.app.asana.com" />
-	<target host="r24616626.sync.app.asana.com" />
-	<target host="r24616628.sync.app.asana.com" />
-	<target host="r24616630.sync.app.asana.com" />
-	<target host="r24616631.sync.app.asana.com" />
-	<target host="r24616632.sync.app.asana.com" />
-	<target host="r24616634.sync.app.asana.com" />
-	<target host="r24616637.sync.app.asana.com" />
-	<target host="r24616638.sync.app.asana.com" />
-	<target host="r24616639.sync.app.asana.com" />
-	<target host="r24616642.sync.app.asana.com" />
-	<target host="r24616653.sync.app.asana.com" />
-	<target host="r24616654.sync.app.asana.com" />
-	<target host="r24616657.sync.app.asana.com" />
-	<target host="r24616660.sync.app.asana.com" />
-	<target host="r24616664.sync.app.asana.com" />
-	<target host="r24616665.sync.app.asana.com" />
-	<target host="r24616666.sync.app.asana.com" />
-	<target host="r24616667.sync.app.asana.com" />
-	<target host="r24616680.sync.app.asana.com" />
-	<target host="r24616686.sync.app.asana.com" />
-	<target host="r24616692.sync.app.asana.com" />
-	<target host="r24616694.sync.app.asana.com" />
-	<target host="r24616707.sync.app.asana.com" />
-	<target host="r24616718.sync.app.asana.com" />
-	<target host="r24616719.sync.app.asana.com" />
-	<target host="r24616732.sync.app.asana.com" />
-	<target host="r24616740.sync.app.asana.com" />
-	<target host="r24616955.sync.app.asana.com" />
-	<target host="r24616968.sync.app.asana.com" />
-	<target host="r24616974.sync.app.asana.com" />
-	<target host="r24616981.sync.app.asana.com" />
-	<target host="r24616985.sync.app.asana.com" />
-	<target host="r24616994.sync.app.asana.com" />
-	<target host="r24617001.sync.app.asana.com" />
-	<target host="r24617005.sync.app.asana.com" />
-	<target host="r24617021.sync.app.asana.com" />
-	<target host="r24617069.sync.app.asana.com" />
-	<target host="r24617304.sync.app.asana.com" />
-	<target host="r24617348.sync.app.asana.com" />
-	<target host="r24617433.sync.app.asana.com" />
-	<target host="r24617434.sync.app.asana.com" />
-	<target host="r24617645.sync.app.asana.com" />
-	<target host="r24617675.sync.app.asana.com" />
-	<target host="r24617683.sync.app.asana.com" />
-	<target host="r24617712.sync.app.asana.com" />
-	<target host="r24617756.sync.app.asana.com" />
-	<target host="r24617757.sync.app.asana.com" />
-	<target host="r24617758.sync.app.asana.com" />
-	<target host="r24617780.sync.app.asana.com" />
-	<target host="r24617801.sync.app.asana.com" />
-	<target host="r24617803.sync.app.asana.com" />
-	<target host="r24617810.sync.app.asana.com" />
-	<target host="r24617819.sync.app.asana.com" />
-	<target host="r24617821.sync.app.asana.com" />
-	<target host="r24617834.sync.app.asana.com" />
-	<target host="r24617847.sync.app.asana.com" />
-	<target host="r24617856.sync.app.asana.com" />
-	<target host="r24617859.sync.app.asana.com" />
-	<target host="r24617864.sync.app.asana.com" />
-	<target host="r24617865.sync.app.asana.com" />
-	<target host="r24617868.sync.app.asana.com" />
-	<target host="r24617869.sync.app.asana.com" />
-	<target host="r24617873.sync.app.asana.com" />
-	<target host="r24617875.sync.app.asana.com" />
-	<target host="r24617876.sync.app.asana.com" />
-	<target host="r24617880.sync.app.asana.com" />
-	<target host="r24617882.sync.app.asana.com" />
-	<target host="r24617883.sync.app.asana.com" />
-	<target host="r24617887.sync.app.asana.com" />
-	<target host="r24617888.sync.app.asana.com" />
-	<target host="r24617902.sync.app.asana.com" />
-	<target host="r24617903.sync.app.asana.com" />
-	<target host="r24617905.sync.app.asana.com" />
-	<target host="r24617924.sync.app.asana.com" />
-	<target host="r24617935.sync.app.asana.com" />
-	<target host="r24617940.sync.app.asana.com" />
-	<target host="r24617941.sync.app.asana.com" />
-	<target host="r24617953.sync.app.asana.com" />
-	<target host="r24617959.sync.app.asana.com" />
-	<target host="r24617991.sync.app.asana.com" />
-	<target host="r24617999.sync.app.asana.com" />
-	<target host="r24618009.sync.app.asana.com" />
-	<target host="r24618024.sync.app.asana.com" />
-	<target host="r24618025.sync.app.asana.com" />
-	<target host="r24618066.sync.app.asana.com" />
-	<target host="r24618071.sync.app.asana.com" />
-	<target host="r24618074.sync.app.asana.com" />
-	<target host="r24618077.sync.app.asana.com" />
-	<target host="r24618079.sync.app.asana.com" />
-	<target host="r24624950.sync.app.asana.com" />
-	<target host="r24624961.sync.app.asana.com" />
-	<target host="r24624967.sync.app.asana.com" />
-	<target host="r24624994.sync.app.asana.com" />
-	<target host="r24625011.sync.app.asana.com" />
-	<target host="r24625012.sync.app.asana.com" />
-	<target host="r24625028.sync.app.asana.com" />
-	<target host="r24625069.sync.app.asana.com" />
-	<target host="r24625075.sync.app.asana.com" />
-	<target host="r24625115.sync.app.asana.com" />
-	<target host="r24625134.sync.app.asana.com" />
-	<target host="r24625176.sync.app.asana.com" />
-	<target host="r24625213.sync.app.asana.com" />
-	<target host="r24625245.sync.app.asana.com" />
-	<target host="r24625267.sync.app.asana.com" />
-	<target host="r24625271.sync.app.asana.com" />
-	<target host="r24625277.sync.app.asana.com" />
-	<target host="r24625282.sync.app.asana.com" />
-	<target host="r24625284.sync.app.asana.com" />
-	<target host="r24625295.sync.app.asana.com" />
-	<target host="r24625308.sync.app.asana.com" />
-	<target host="r24625312.sync.app.asana.com" />
-	<target host="r24625313.sync.app.asana.com" />
-	<target host="r24625314.sync.app.asana.com" />
-	<target host="r24625315.sync.app.asana.com" />
-	<target host="r24625316.sync.app.asana.com" />
-	<target host="r24625320.sync.app.asana.com" />
-	<target host="r24625322.sync.app.asana.com" />
-	<target host="r24625326.sync.app.asana.com" />
-	<target host="r24625327.sync.app.asana.com" />
-	<target host="r24625338.sync.app.asana.com" />
-	<target host="r24625341.sync.app.asana.com" />
-	<target host="r24625342.sync.app.asana.com" />
-	<target host="r24625344.sync.app.asana.com" />
-	<target host="r24625345.sync.app.asana.com" />
-	<target host="r24625365.sync.app.asana.com" />
-	<target host="r24625414.sync.app.asana.com" />
-	<target host="r24625435.sync.app.asana.com" />
-	<target host="r24625444.sync.app.asana.com" />
-	<target host="r24625683.sync.app.asana.com" />
-	<target host="r24625719.sync.app.asana.com" />
-	<target host="r24625740.sync.app.asana.com" />
-	<target host="r24625779.sync.app.asana.com" />
-	<target host="r24626069.sync.app.asana.com" />
-	<target host="r24626285.sync.app.asana.com" />
-	<target host="r24626297.sync.app.asana.com" />
-	<target host="r24626382.sync.app.asana.com" />
-	<target host="r24626396.sync.app.asana.com" />
-	<target host="r24626398.sync.app.asana.com" />
-	<target host="r24626437.sync.app.asana.com" />
-	<target host="r24626444.sync.app.asana.com" />
-	<target host="r24626457.sync.app.asana.com" />
-	<target host="r24626476.sync.app.asana.com" />
-	<target host="r24626486.sync.app.asana.com" />
-	<target host="r24626502.sync.app.asana.com" />
-	<target host="r24626503.sync.app.asana.com" />
-	<target host="r24626504.sync.app.asana.com" />
-	<target host="r24626507.sync.app.asana.com" />
-	<target host="r24626521.sync.app.asana.com" />
-	<target host="r24626522.sync.app.asana.com" />
-	<target host="r24626524.sync.app.asana.com" />
-	<target host="r24626534.sync.app.asana.com" />
-	<target host="r24626553.sync.app.asana.com" />
-	<target host="r24626556.sync.app.asana.com" />
-	<target host="r24626558.sync.app.asana.com" />
-	<target host="r24626559.sync.app.asana.com" />
-	<target host="r24626561.sync.app.asana.com" />
-	<target host="r24626566.sync.app.asana.com" />
-	<target host="r24626570.sync.app.asana.com" />
-	<target host="r24626571.sync.app.asana.com" />
-	<target host="r24626574.sync.app.asana.com" />
-	<target host="r24626576.sync.app.asana.com" />
-	<target host="r24626594.sync.app.asana.com" />
-	<target host="r24626598.sync.app.asana.com" />
-	<target host="r24626644.sync.app.asana.com" />
-	<target host="r24626646.sync.app.asana.com" />
-	<target host="r24626647.sync.app.asana.com" />
-	<target host="r24626657.sync.app.asana.com" />
-	<target host="r24626672.sync.app.asana.com" />
-	<target host="r24626681.sync.app.asana.com" />
-	<target host="r24626759.sync.app.asana.com" />
-	<target host="r24627451.sync.app.asana.com" />
-	<target host="r24627513.sync.app.asana.com" />
-	<target host="r24627548.sync.app.asana.com" />
-	<target host="r24627555.sync.app.asana.com" />
-	<target host="r24627720.sync.app.asana.com" />
-	<target host="r24627813.sync.app.asana.com" />
-	<target host="r24627926.sync.app.asana.com" />
-	<target host="r24628002.sync.app.asana.com" />
-	<target host="r24628105.sync.app.asana.com" />
-	<target host="r24628109.sync.app.asana.com" />
-	<target host="r24628110.sync.app.asana.com" />
-	<target host="r24628217.sync.app.asana.com" />
-	<target host="r24629636.sync.app.asana.com" />
-	<target host="r24819976.sync.app.asana.com" />
-	<target host="r24820143.sync.app.asana.com" />
-	<target host="r24820144.sync.app.asana.com" />
-	<target host="r24820145.sync.app.asana.com" />
-	<target host="r24820146.sync.app.asana.com" />
-	<target host="r24820147.sync.app.asana.com" />
-	<target host="r24820148.sync.app.asana.com" />
-	<target host="r24820149.sync.app.asana.com" />
-	<target host="r24820151.sync.app.asana.com" />
-	<target host="r24820152.sync.app.asana.com" />
-	<target host="r24820153.sync.app.asana.com" />
-	<target host="r24820154.sync.app.asana.com" />
-	<target host="r24820162.sync.app.asana.com" />
-	<target host="r24820163.sync.app.asana.com" />
-	<target host="r24820164.sync.app.asana.com" />
-	<target host="r24820165.sync.app.asana.com" />
-	<target host="r24820166.sync.app.asana.com" />
-	<target host="r24820167.sync.app.asana.com" />
-	<target host="r24820168.sync.app.asana.com" />
-	<target host="r24820169.sync.app.asana.com" />
-	<target host="r24820171.sync.app.asana.com" />
-	<target host="r24820172.sync.app.asana.com" />
-	<target host="r24820173.sync.app.asana.com" />
-	<target host="r24820174.sync.app.asana.com" />
-	<target host="r24820175.sync.app.asana.com" />
-	<target host="r24820179.sync.app.asana.com" />
-	<target host="r24820181.sync.app.asana.com" />
-	<target host="r24820182.sync.app.asana.com" />
-	<target host="r24820183.sync.app.asana.com" />
-	<target host="r24820184.sync.app.asana.com" />
-	<target host="r24820185.sync.app.asana.com" />
-	<target host="r24820186.sync.app.asana.com" />
-	<target host="r24820188.sync.app.asana.com" />
-	<target host="r24820189.sync.app.asana.com" />
-	<target host="r24820190.sync.app.asana.com" />
-	<target host="r24820191.sync.app.asana.com" />
-	<target host="r24820192.sync.app.asana.com" />
-	<target host="r24820193.sync.app.asana.com" />
-	<target host="r24820194.sync.app.asana.com" />
-	<target host="r24820195.sync.app.asana.com" />
-	<target host="r24820196.sync.app.asana.com" />
-	<target host="r24820197.sync.app.asana.com" />
-	<target host="r24820199.sync.app.asana.com" />
-	<target host="r24820200.sync.app.asana.com" />
-	<target host="r24820201.sync.app.asana.com" />
-	<target host="r24820210.sync.app.asana.com" />
-	<target host="r24820211.sync.app.asana.com" />
-	<target host="r24820212.sync.app.asana.com" />
-	<target host="r24820213.sync.app.asana.com" />
-	<target host="r24820214.sync.app.asana.com" />
-	<target host="r24820215.sync.app.asana.com" />
-	<target host="r24820216.sync.app.asana.com" />
-	<target host="r24820217.sync.app.asana.com" />
-	<target host="r24820218.sync.app.asana.com" />
-	<target host="r24820219.sync.app.asana.com" />
-	<target host="r24820220.sync.app.asana.com" />
-	<target host="r24820221.sync.app.asana.com" />
-	<target host="r24820222.sync.app.asana.com" />
-	<target host="r24820223.sync.app.asana.com" />
-	<target host="r24820224.sync.app.asana.com" />
-	<target host="r24820226.sync.app.asana.com" />
-	<target host="r24820227.sync.app.asana.com" />
-	<target host="r24820235.sync.app.asana.com" />
-	<target host="r24820236.sync.app.asana.com" />
-	<target host="r24820237.sync.app.asana.com" />
-	<target host="r24820238.sync.app.asana.com" />
-	<target host="r24820239.sync.app.asana.com" />
-	<target host="r24820240.sync.app.asana.com" />
-	<target host="r24820241.sync.app.asana.com" />
-	<target host="r24820242.sync.app.asana.com" />
-	<target host="r24820243.sync.app.asana.com" />
-	<target host="r24820244.sync.app.asana.com" />
-	<target host="r24820245.sync.app.asana.com" />
-	<target host="r24820771.sync.app.asana.com" />
-	<target host="r24820974.sync.app.asana.com" />
-	<target host="r24820997.sync.app.asana.com" />
-	<target host="r24821496.sync.app.asana.com" />
-	<target host="r24822697.sync.app.asana.com" />
-	<target host="r24822922.sync.app.asana.com" />
-	<target host="r24822923.sync.app.asana.com" />
-	<target host="r24822924.sync.app.asana.com" />
-	<target host="r24822925.sync.app.asana.com" />
-	<target host="r24822928.sync.app.asana.com" />
-	<target host="r24822929.sync.app.asana.com" />
-	<target host="r24822986.sync.app.asana.com" />
-	<target host="r24823014.sync.app.asana.com" />
-	<target host="r24823020.sync.app.asana.com" />
-	<target host="r24823041.sync.app.asana.com" />
-	<target host="r24823064.sync.app.asana.com" />
-	<target host="r24823103.sync.app.asana.com" />
-	<target host="r24823111.sync.app.asana.com" />
-	<target host="r24823116.sync.app.asana.com" />
-	<target host="r24823147.sync.app.asana.com" />
-	<target host="r24823195.sync.app.asana.com" />
-	<target host="r24823442.sync.app.asana.com" />
-	<target host="r24823511.sync.app.asana.com" />
-	<target host="r24823618.sync.app.asana.com" />
-	<target host="r24823682.sync.app.asana.com" />
-	<target host="apps.asana.com" />
-	<target host="awww.asana.com" />
-	<target host="beta.asana.com" />
-	<target host="blog.asana.com" />
-	<target host="byfqm3ezheocc4b7.asana.com" />
-	<target host="community.asana.com" />
-	<target host="connectivity-test.asana.com" />
-	<target host="dev.asana.com" />
-	<target host="developer.asana.com" />
-	<target host="developers.asana.com" />
-	<target host="dmwfpwvxivcxrkhc.asana.com" />
-	<target host="doimporter.asana.com" />
-	<target host="eng.asana.com" />
-	<target host="fastly.asana.com" />
-	<target host="feedback.asana.com" />
-	<target host="help.asana.com" />
-	<target host="hvnoqwaladcajhra.asana.com" />
-	<target host="localhost.asana.com" />
-	<target host="loudrumor.asana.com" />
-	<target host="m.asana.com" />
-	<target host="pp.asana.com" />
-	<target host="qn8bt0jrfql6c7fd.asana.com" />
-	<target host="remind.asana.com" />
-	<target host="shop.asana.com" />
-	<target host="signalhillstrat.asana.com" />
-	<target host="svqxerfeho0n1yor.asana.com" />
-	<target host="trust.asana.com" />
-	<target host="volute.asana.com" />
-	<target host="wavelength.asana.com" />
-	<target host="webui_47142330.asana.com" />
-	<target host="webui_55571204.asana.com" />
-	<target host="webui_6310997.asana.com" />
-	<target host="webui_63465578.asana.com" />
-	<target host="webui_73994258.asana.com" />
-	<target host="webui_89858412.asana.com" />
-	<target host="xecura.asana.com" />
-	<target host="xgo5z39munkomzhe.asana.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml b/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml
index b566f98d3e06..c0ee57d6bcd6 100644
--- a/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml
+++ b/src/chrome/content/rules/AsbestosSafetyandEradicationAgency.xml
@@ -1,7 +1,7 @@
 <ruleset name="Asbestos Safety and Eradication Agency">
 	<target host="asbestossafety.gov.au" />
-	<target host="*.asbestossafety.gov.au" />
+	<target host="www.asbestossafety.gov.au" />
 
 	<rule from="^http://(?:www\.)?asbestossafety\.gov\.au/"
 		to="https://asbestossafety.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asbury_Park_Press.xml b/src/chrome/content/rules/Asbury_Park_Press.xml
index 488b54b7c24f..f7810f173e6b 100644
--- a/src/chrome/content/rules/Asbury_Park_Press.xml
+++ b/src/chrome/content/rules/Asbury_Park_Press.xml
@@ -16,7 +16,8 @@
 <ruleset name="Asbury Park Press (partial)">
 
 	<target host="app.com" />
-	<target host="*.app.com" />
+	<target host="cmsimg.app.com" />
+	<target host="www.app.com" />
 
 
 	<securecookie host="^www\.app\.com$" name=".+" />
diff --git a/src/chrome/content/rules/AscenderFonts.com.xml b/src/chrome/content/rules/AscenderFonts.com.xml
deleted file mode 100644
index 8f73dca7f09f..000000000000
--- a/src/chrome/content/rules/AscenderFonts.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Monotype Imaging coverage, see Monotype-Imaging.xml.
-
--->
-<ruleset name="AscenderFonts.com">
-
-	<target host="ascenderfonts.com" />
-	<target host="www.ascenderfonts.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Asciinema.org.xml b/src/chrome/content/rules/Asciinema.org.xml
index 0dfa90379a9d..8963103c2c8c 100644
--- a/src/chrome/content/rules/Asciinema.org.xml
+++ b/src/chrome/content/rules/Asciinema.org.xml
@@ -1,26 +1,12 @@
-
-<!--
-	Invalid certificate:
-		www.asciinema.org
-		blog.asciinema.org
-
--->
-<ruleset name="Asciinema.org (partial)">
+<ruleset name="Asciinema.org">
 
 	<target host="asciinema.org" />
 	<target host="www.asciinema.org" />
 	<target host="blog.asciinema.org" />
+	<target host="discourse.asciinema.org" />
 	<target host="staging.asciinema.org" />
 
-	<!--	Some of, but not all, secured by server:
-							-->
-	<securecookie host="^asciinema\.org$" name=".+" />
-
-	<rule from="^http://blog\.asciinema\.org/"
-		to="https://asciinema-blog.herokuapp.com/" />
-
-	<rule from="^http://www\.asciinema\.org/"
-		to="https://asciinema.org/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Asecus.xml b/src/chrome/content/rules/Asecus.xml
deleted file mode 100644
index 3a8bf86a27ce..000000000000
--- a/src/chrome/content/rules/Asecus.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Asecus">
-	<target host="www.asecus.ch" />
-
-	<securecookie host="^asecus\.ch$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Asfar.org.uk.xml b/src/chrome/content/rules/Asfar.org.uk.xml
new file mode 100644
index 000000000000..2c68e672cfc6
--- /dev/null
+++ b/src/chrome/content/rules/Asfar.org.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Asfar">
+	<target host="asfar.org.uk" />
+	<target host="www.asfar.org.uk" />
+	<target host="resolve.asfar.org.uk" />
+	<target host="mesap.asfar.org.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ashampoo.com.xml b/src/chrome/content/rules/Ashampoo.com.xml
index 52224695bebb..12220fee99ee 100644
--- a/src/chrome/content/rules/Ashampoo.com.xml
+++ b/src/chrome/content/rules/Ashampoo.com.xml
@@ -41,7 +41,7 @@ Fetch error: http://vpn.ashampoo.com/ => https://vpn.ashampoo.com/: (60, 'SSL ce
 		- awstats.ashampoo.com
 
 -->
-<ruleset name="Ashampoo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ashampoo.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -68,7 +68,7 @@ Fetch error: http://vpn.ashampoo.com/ => https://vpn.ashampoo.com/: (60, 'SSL ce
 	<!--securecookie host="^owa\.ashampoo\.com$" name="^(?:cadata|sessionid)$" /-->
 	<!--securecookie host="^\.shop\.ashampoo\.com$" name="^(?:purl-\d+|cbsession[12])$" /-->
 
-	<securecookie host="^(?:.+\.)?ashampoo\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Asheville_Citizen-Times.xml b/src/chrome/content/rules/Asheville_Citizen-Times.xml
index 260b499cb7dd..8f0bdf0016dd 100644
--- a/src/chrome/content/rules/Asheville_Citizen-Times.xml
+++ b/src/chrome/content/rules/Asheville_Citizen-Times.xml
@@ -11,7 +11,8 @@
 <ruleset name="Asheville Citizen-Times">
 
 	<target host="citizen-times.com" />
-	<target host="*.citizen-times.com" />
+	<target host="cmsimg.citizen-times.com" />
+	<target host="www.citizen-times.com" />
 
 
 	<securecookie host="^www\.citizen-times\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Ashland_Fiber.net.xml b/src/chrome/content/rules/Ashland_Fiber.net.xml
index 1507f79c5ce5..a81b5d57e2dd 100644
--- a/src/chrome/content/rules/Ashland_Fiber.net.xml
+++ b/src/chrome/content/rules/Ashland_Fiber.net.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ashlands.net.xml b/src/chrome/content/rules/Ashlands.net.xml
new file mode 100644
index 000000000000..ff48105866b5
--- /dev/null
+++ b/src/chrome/content/rules/Ashlands.net.xml
@@ -0,0 +1,12 @@
+<!--
+	For other MonkeysAudio.com related rulesets, see MonkeysAudio.com.xml
+-->
+<ruleset name="Ashlands.net">
+	<target host="ashlands.net"/>
+	<target host="www.ashlands.net"/>
+	<target host="audio.ashlands.net"/>
+	<target host="www.audio.ashlands.net" />
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ashley_Madison.com-falsemixed.xml b/src/chrome/content/rules/Ashley_Madison.com-falsemixed.xml
deleted file mode 100644
index a21665406acd..000000000000
--- a/src/chrome/content/rules/Ashley_Madison.com-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing broken MCB, see Ashleymadison.com.xml.
-
--->
-<ruleset name="Ashley Madison.com (false MCB)" platform="mixedcontent">
-
-	<target host="blog.ashleymadison.com" />
-	<target host="blogbr.ashleymadison.com" />
-	<target host="blogit.ashleymadison.com" />
-	<target host="blogjp.ashleymadison.com" />
-	<target host="blogsp.ashleymadison.com" />
-	<target host="blogtw.ashleymadison.com" />
-
-
-	<securecookie host="^blog(?:\w\w)?\.ashleymadison\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ashleymadison.com.xml b/src/chrome/content/rules/Ashleymadison.com.xml
deleted file mode 100644
index f7f5cc883699..000000000000
--- a/src/chrome/content/rules/Ashleymadison.com.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<!--
-	For rules causing broken MCB, see Ashley_Madison.com-falsemixed.xml.
-
-
-	Nonfunctional hosts in *ashleymadison.com:
-
-		- affair ¹
-		- amblog ²
-		- media ³
-		- news ³
-
-	¹ Shows default page
-	² Redirects to http
-	³ WP Engine
-
-
-	Problematic hosts in *ashleymadison.com:
-
-		- blog *
-		- blogbr *
-		- blogit *
-		- blogjp *
-		- blogsp *
-		- blogtw *
-
-	* Mixed css
-
-
-	Fully covered hosts in *ashleymadison.com:
-
-		- (www.)?
-		- affiliate
-		- static
-		- static-cdn
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .affiliate.ashleymadison.com
-		- blog.ashleymadison.com
-		- blogbr.ashleymadison.com
-		- blogit.ashleymadison.com
-		- blogjp.ashleymadison.com
-		- blogsp.ashleymadison.com
-		- blogtw.ashleymadison.com
-		- www.ashleymadison.com
-
-
-	Mixed content:
-
-		- css on blog, blogbr, blogit, blogjp, blogsp, blogtw from amblog.ashleymadison.com *
-
-		- Images, on:
-
-			- blog, blogbr, blogit, blogjp, blogsp, blogtw from amblog.ashleymadison.com *
-			- blog, blogbr, blogit, blogjp, blogsp, blogtw from www.ashleymadison.com *
-
-	* Secured by us
-
--->
-<ruleset name="Ashley Madison.com (partial)">
-
-	<target host="ashleymadison.com" />
-	<target host="affiliate.ashleymadison.com" />
-	<target host="amblog.ashleymadison.com" />
-	<!--target host="blog.ashleymadison.com" /-->
-	<!--target host="blogbr.ashleymadison.com" /-->
-	<!--target host="blogit.ashleymadison.com" /-->
-	<!--target host="blogjp.ashleymadison.com" /-->
-	<!--target host="blogsp.ashleymadison.com" /-->
-	<!--target host="blogtw.ashleymadison.com" /-->
-	<target host="static.ashleymadison.com" />
-	<target host="static-cdn.ashleymadison.com" />
-	<target host="www.ashleymadison.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://amblog\.ashleymadison\.com/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://amblog\.ashleymadison\.com/+(?!wp-content/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://amblog.ashleymadison.com/about-us/" />
-			<test url="http://amblog.ashleymadison.com/category/news/" />
-			<test url="http://amblog.ashleymadison.com/tag/relationship/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://amblog.ashleymadison.com/wp-content/themes/hades/images/icon_twitter.png" />
-
-
-	<!--securecookie host="^\.affiliate\.ashleymadison\.com$" name="^amvid$" /-->
-	<!--securecookie host="^(blog|blogbr|blogit|blogjp|blogsp|blogtw|www)\.ashleymadison\.com$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^www\.ashleymadison\.com$" name="^(amaffiliate|amaffiliate_settime|amkeywords|amreferer|amsource|amsubsource|amvid|amuserid|country|indexURL|lang|referer|site)$" /-->
-
-	<securecookie host="^(?:\.affiliate|www)?\.ashleymadison\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml b/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml
index b34f4a671426..07d985905f5b 100644
--- a/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml
+++ b/src/chrome/content/rules/Asia-Pacific-Network-Information-Centre.xml
@@ -1,16 +1,23 @@
 <!--
-
-	Nonfunctional subdomains:
-
-		- wq	(times out)
-
+	Incomplete certificate chain:
+		- labs
+		- stats.labs
 -->
-<ruleset name="Asia-Pacific Network Information Centre (partial)">
+<ruleset name="Asia Pacific Network Information Centre (partial)">
 
 	<target host="apnic.net" />
 	<target host="www.apnic.net" />
+	<target host="academy.apnic.net" />
+	<target host="blog.apnic.net" />
 	<target host="conference.apnic.net" />
+	<target host="directory.apnic.net" />
+	<target host="ftp.apnic.net" />
+	<target host="my.apnic.net" />
+	<target host="netox.apnic.net" />
+	<target host="stats.apnic.net" />
 	<target host="submit.apnic.net" />
+	<target host="training.apnic.net" />
+	<target host="wq.apnic.net" />
 	<target host="myapnic.net" />
 	<target host="www.myapnic.net" />
 
diff --git a/src/chrome/content/rules/Asianfanfics.xml b/src/chrome/content/rules/Asianfanfics.xml
index baa21b9abdf6..168ccb046a27 100644
--- a/src/chrome/content/rules/Asianfanfics.xml
+++ b/src/chrome/content/rules/Asianfanfics.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AskAMathematician.com.xml b/src/chrome/content/rules/AskAMathematician.com.xml
new file mode 100644
index 000000000000..8aeb6675a2e3
--- /dev/null
+++ b/src/chrome/content/rules/AskAMathematician.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="AskAMathematician.com">
+	<target host="askamathematician.com" />
+	<target host="www.askamathematician.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Asknet.xml b/src/chrome/content/rules/Asknet.xml
index 8026c7914c43..ff2803a54417 100644
--- a/src/chrome/content/rules/Asknet.xml
+++ b/src/chrome/content/rules/Asknet.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asnetworks.com.xml b/src/chrome/content/rules/Asnetworks.com.xml
index dbe835824328..d8978019bc66 100644
--- a/src/chrome/content/rules/Asnetworks.com.xml
+++ b/src/chrome/content/rules/Asnetworks.com.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Aspen.com.xml b/src/chrome/content/rules/Aspen.com.xml
index 289edf686db0..2532f62e44d7 100644
--- a/src/chrome/content/rules/Aspen.com.xml
+++ b/src/chrome/content/rules/Aspen.com.xml
@@ -17,7 +17,7 @@
 <ruleset name="Aspen.com (partial)">
 
 	<target host="aspen.com" />
-	<target host="*.aspen.com" />
+	<target host="www.aspen.com" />
 		<!--
 			Avoid user-visible paths:
 							-->
@@ -32,4 +32,4 @@
 	<rule from="^http://(?:www\.)?aspen\.com/"
 		to="https://secure.bluehost.com/~aspenco3/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asrock.com.xml b/src/chrome/content/rules/Asrock.com.xml
new file mode 100644
index 000000000000..c35bb6ed1c65
--- /dev/null
+++ b/src/chrome/content/rules/Asrock.com.xml
@@ -0,0 +1,22 @@
+<!--
+        Nonfunctional hosts in *.asrock.com:
+			- europe.asrock.com (t)
+			- forum.asrock.com (r)
+			- oc.asrock.com (m)
+			- tw.asrock.com (r)
+
+        h: http redirect
+        m: certificate mismatch
+        r: connection refused
+        s: self-signed certificate
+        t: timeout on https
+-->
+<ruleset name="Asrock.com">
+	<target host="asrock.com" />
+	<target host="www.asrock.com" />
+	<target host="download.asrock.com" />
+	<target host="event.asrock.com" />
+		<test url="http://event.asrock.com/Inquiry/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Assakina.com.xml b/src/chrome/content/rules/Assakina.com.xml
index 9753e2c7a1fd..03b9a19cea84 100644
--- a/src/chrome/content/rules/Assakina.com.xml
+++ b/src/chrome/content/rules/Assakina.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Different HTTP/HTTPS content:
 		ru.assakina.com
-		tr.assakina.com 
+		tr.assakina.com
 -->
 <ruleset name="Assakina.com">
 	<target host="assakina.com" />
diff --git a/src/chrome/content/rules/Assayassured.co.uk.xml b/src/chrome/content/rules/Assayassured.co.uk.xml
index 8dcb85884857..349ba68cd7bc 100644
--- a/src/chrome/content/rules/Assayassured.co.uk.xml
+++ b/src/chrome/content/rules/Assayassured.co.uk.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(www\.)?assayassured\.co\.uk/(?!$|\?|index\.php|site/*(?:$|[?/]))"
 		to="https://$1assayassured.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Asseenonresponsetv.com.xml b/src/chrome/content/rules/Asseenonresponsetv.com.xml
index 19896bab65e0..91340f2fcc55 100644
--- a/src/chrome/content/rules/Asseenonresponsetv.com.xml
+++ b/src/chrome/content/rules/Asseenonresponsetv.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://asseenonresponsetv.com/ => https://asseenonresponsetv.com/: (60, 'SSL certificate problem: self signed certificate')
 Fetch error: http://www.asseenonresponsetv.com/ => https://www.asseenonresponsetv.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="asseenonresponsetv.com" default_off='failed ruleset test'>
+<ruleset name="asseenonresponsetv.com" default_off="failed ruleset test">
 
 	<target host="asseenonresponsetv.com" />
 	<target host="www.asseenonresponsetv.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.asseenonresponsetv.com/ => https://www.asseenonresponset
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Assembla-mismatches.xml b/src/chrome/content/rules/Assembla-mismatches.xml
index 20e05107abd4..3cad6154ceb9 100644
--- a/src/chrome/content/rules/Assembla-mismatches.xml
+++ b/src/chrome/content/rules/Assembla-mismatches.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Assembla.xml b/src/chrome/content/rules/Assembla.xml
index 5b52bfd02e6c..7cc616c5e30f 100644
--- a/src/chrome/content/rules/Assembla.xml
+++ b/src/chrome/content/rules/Assembla.xml
@@ -36,7 +36,7 @@
 	<target host="*.assembla.com" />
 
 
-	<securecookie host="^(?:.*\.)?assembla\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://((?:assets\d|nooku|(?:scala-ide-)?portfolio|svn2|trac2?|www)\.)?assembla\.com/"
diff --git a/src/chrome/content/rules/Assembly.com.xml b/src/chrome/content/rules/Assembly.com.xml
index 8767b81baed0..c7730c66ceac 100644
--- a/src/chrome/content/rules/Assembly.com.xml
+++ b/src/chrome/content/rules/Assembly.com.xml
@@ -11,7 +11,8 @@
 <ruleset name="Assembly.com (partial)">
 
 	<target host="assembly.com" />
-	<target host="*.assembly.com" />
+	<target host="treasure.assembly.com" />
+	<target host="www.assembly.com" />
 
 
 	<rule from="^http://(?:(treasure\.)|www\.)?assembly\.com/"
diff --git a/src/chrome/content/rules/Asset_Insight.xml b/src/chrome/content/rules/Asset_Insight.xml
deleted file mode 100644
index 91adc15a7490..000000000000
--- a/src/chrome/content/rules/Asset_Insight.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Asset Insight">
-
-	<target host="assetinsightinc.com" />
-	<target host="www.assetinsightinc.com" />
-
-
-	<securecookie host="^\.assetinsightinc.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Associated_Press.xml b/src/chrome/content/rules/Associated_Press.xml
deleted file mode 100644
index b14a881fba04..000000000000
--- a/src/chrome/content/rules/Associated_Press.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	apne.ws is handled in Bit.ly_vanity_domains.xml.
-
-
-	CDN buckets:
-
-		- ap.org.edgesuite.net
-
-			- hosted
-
-		- bigstory.ap.org.edgesuite.net
-
-		- www.ap.org.edgesuite.net
-
-		 - corpcommap.wordpress.com
-
-			- blog
-
-
-	Nonfunctional subdomains:
-
-		- ^ *
-		- aphelp *
-		- bigstory	(redirects to http, akamai)
-		- customersupport *
-		- hosted **
-		- www **
-
-	* Dropped
-	** 504, akamai
-
-
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
--->
-<ruleset name="Associated Press (partial)">
-
-	<target host="binaryapi.ap.org" />
-
-
-	<rule from="^http://binaryapi\.ap\.org/"
-		to="https://d3obzbnzikmki9.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Associatedcontent.com.xml b/src/chrome/content/rules/Associatedcontent.com.xml
index 0761449dbf7d..3483bb1cee84 100644
--- a/src/chrome/content/rules/Associatedcontent.com.xml
+++ b/src/chrome/content/rules/Associatedcontent.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://associatedcontent.com/ => https://www.associatedcontent.com/
 
 Disabled by https-everywhere-checker because:
 Fetch error: http://associatedcontent.com/ => https://www.associatedcontent.com/: (28, 'Connection timed out after 10000 milliseconds') uses data from i.acdn.us that doesnt allow https. -->
-<ruleset name="associatedcontent.com" default_off='failed ruleset test'>
+<ruleset name="associatedcontent.com" default_off="failed ruleset test">
 	<target host="associatedcontent.com" />
 	<rule from="^http://associatedcontent\.com/" to="https://www.associatedcontent.com/"/>
 	<rule from="^http://www\.associatedcontent\.com/" to="https://www.associatedcontent.com/"/>
diff --git a/src/chrome/content/rules/Association-for-Progressive-Communications.xml b/src/chrome/content/rules/Association-for-Progressive-Communications.xml
index 6163207f3912..093d909c938a 100644
--- a/src/chrome/content/rules/Association-for-Progressive-Communications.xml
+++ b/src/chrome/content/rules/Association-for-Progressive-Communications.xml
@@ -37,7 +37,7 @@ Fetch error: http://lists.apc.org/ => https://lists.apc.org/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="APC.org (partial)" default_off='failed ruleset test'>
+<ruleset name="APC.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Association_for_Learning_Technology.xml b/src/chrome/content/rules/Association_for_Learning_Technology.xml
index 63c8b9677ee9..259f4383f41a 100644
--- a/src/chrome/content/rules/Association_for_Learning_Technology.xml
+++ b/src/chrome/content/rules/Association_for_Learning_Technology.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(www\.)?alt\.ac\.uk/((?:civicrm|user)(?:$|\?|/)|modules/|sites/|themes/)"
 		to="https://$1alt.ac.uk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Association_of_National_Advertisers.xml b/src/chrome/content/rules/Association_of_National_Advertisers.xml
index 574acd6169d0..55a5f59aec0c 100644
--- a/src/chrome/content/rules/Association_of_National_Advertisers.xml
+++ b/src/chrome/content/rules/Association_of_National_Advertisers.xml
@@ -1,7 +1,7 @@
 <ruleset name="Association of National Advertisers">
 
 	<target host="ana.net" />
-	<target host="*.ana.net" />
+	<target host="www.ana.net" />
 
 
 	<securecookie host="^\.ana\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Asterisk.xml b/src/chrome/content/rules/Asterisk.xml
index 674af4ee8c0a..8aeed593f280 100644
--- a/src/chrome/content/rules/Asterisk.xml
+++ b/src/chrome/content/rules/Asterisk.xml
@@ -1,61 +1,45 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://asterisk.org/ => https://asterisk.org/: (51, "SSL: no alternative certificate subject name matches target host name 'asterisk.org'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://asterisk.org/ => https://asterisk.org/: (51, "SSL: no alternative certificate subject name matches target host name 'asterisk.org'")
 	For other Digium coverage, see Digium.xml.
 
-
-	Nonfunctional subdomains:
-
-		- downloads ¹
-		- doxygen ²
-		- forge ³
-		- forums ²
-		- packages ¹
-		- www ⁴
-
-	¹ Shows another domain
-	² Redirects to login.diguim.com
-	³ 403, CN: *.digium.com
-	⁴ Redirects to http, valid cert
-
-
-	Fully covered subdomains:
-
-		- ^
-		- ari
-		- bamboo
-		- issues
-		- profiles
-		- reviewboard
-		- signup
-		- wiki
-
-
-	Mixed content:
-
-		- favicon on signup from www *
-
-	* Unsecurable <= redirects to http
-
+	Invalid certificate:
+		- answers.asterisk.org
+		- forge.asterisk.org
+		- git.asterisk.org
+		- svn.asterisk.org
 -->
-<ruleset name="Asterisk.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Asterisk.org">
 
 	<target host="asterisk.org" />
-	<target host="*.asterisk.org" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.asterisk\.org/($|sites/asterisk/(files|themes)/)" /-->
-
-
-	<securecookie host="^wiki\.asterisk\.org$" name=".+" />
-
-
-	<rule from="^http://((?:ari|bamboo|issues|profiles|reviewboard|signup|wiki)\.)?asterisk\.org/"
-		to="https://$1asterisk.org/" />
+	<target host="www.asterisk.org" />
+	<target host="ari.asterisk.org" />
+	<target host="asterisknow.asterisk.org" />
+	<target host="bamboo.asterisk.org" />
+	<target host="blog.asterisk.org" />
+	<target host="blogs.asterisk.org" />
+	<target host="code.asterisk.org" />
+	<target host="community.asterisk.org" />
+	<target host="crowd.asterisk.org" />
+	<target host="downloads.asterisk.org" />
+	<target host="doxygen.asterisk.org" />
+	<target host="forum.asterisk.org" />
+	<target host="forums.asterisk.org" />
+	<target host="gerrit.asterisk.org" />
+	<target host="issues.asterisk.org" />
+	<target host="jenkins.asterisk.org" />
+	<target host="jenkins2.asterisk.org" />
+	<target host="login.asterisk.org" />
+	<target host="myth.asterisk.org" />
+	<target host="openid.asterisk.org" />
+	<target host="packages.asterisk.org" />
+	<target host="profiles.asterisk.org" />
+	<target host="reviewboard.asterisk.org" />
+	<target host="shooty.asterisk.org" />
+	<target host="signup.asterisk.org" />
+	<target host="stats.asterisk.org" />
+	<target host="wiki.asterisk.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Asterisk_Exchange.xml b/src/chrome/content/rules/Asterisk_Exchange.xml
index c60957f43c8a..2b23f46a4ccb 100644
--- a/src/chrome/content/rules/Asterisk_Exchange.xml
+++ b/src/chrome/content/rules/Asterisk_Exchange.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(www\.)?asteriskexchange\.com/(images|stylesheets|system)/"
 		to="https://$1asteriskexchange.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Astra.io.xml b/src/chrome/content/rules/Astra.io.xml
index e958b1979107..a92f89f290dc 100644
--- a/src/chrome/content/rules/Astra.io.xml
+++ b/src/chrome/content/rules/Astra.io.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.astra.io/ => https://astra.io/: (28, 'Connection timed o
 	www: cert only matches ^astra.io
 
 -->
-<ruleset name="Astra.io" default_off='failed ruleset test'>
+<ruleset name="Astra.io" default_off="failed ruleset test">
 
 	<target host="astra.io" />
 	<target host="www.astra.io" />
diff --git a/src/chrome/content/rules/Astrocentro.com.xml b/src/chrome/content/rules/Astrocentro.com.xml
deleted file mode 100644
index 0a26998b895e..000000000000
--- a/src/chrome/content/rules/Astrocentro.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Wengo coverage, see Wg_cdn.net.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- img.tienda *
-
-	* Dropped
-
--->
-<ruleset name="Astrocentro.com (partial)">
-
-	<target host="tienda.astrocentro.com" />
-		<!--exclusion pattern="^http://(img\.tienda|www)\.astrocentro\.com/" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Aswirlgirl.com.xml b/src/chrome/content/rules/Aswirlgirl.com.xml
index 5a29093b47ff..3defd68fe0a7 100644
--- a/src/chrome/content/rules/Aswirlgirl.com.xml
+++ b/src/chrome/content/rules/Aswirlgirl.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://aswirlgirl.com/ => http://aswirlgirl.com/: (6, 'Could not re
 Fetch error: http://www.aswirlgirl.com/ => http://www.aswirlgirl.com/: (6, 'Could not resolve host: www.aswirlgirl.com')
 
 -->
-<ruleset name="aswirlgirl.com (partial)" default_off='failed ruleset test'>
+<ruleset name="aswirlgirl.com (partial)" default_off="failed ruleset test">
 
 	<target host="aswirlgirl.com" />
 	<target host="www.aswirlgirl.com" />
diff --git a/src/chrome/content/rules/AtariAge.xml b/src/chrome/content/rules/AtariAge.xml
index 60068d3d072a..cdac056d5633 100644
--- a/src/chrome/content/rules/AtariAge.xml
+++ b/src/chrome/content/rules/AtariAge.xml
@@ -1,9 +1,9 @@
 <ruleset name="AtariAge">
 
 	<target host="atariage.com"/>
-	<target host="*.atariage.com"/>
+	<target host="www.atariage.com" />
 
-	<securecookie host="^(?:.*\.)?atariage\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?atariage\.com/"
 		to="https://atariage.com/"/>
diff --git a/src/chrome/content/rules/Atb-online.ru.xml b/src/chrome/content/rules/Atb-online.ru.xml
deleted file mode 100644
index 054cabd199f1..000000000000
--- a/src/chrome/content/rules/Atb-online.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Atb-online.ru">
-	<target host="atb-online.ru" />
-	<target host="www.atb-online.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Atgsvcs.com.xml b/src/chrome/content/rules/Atgsvcs.com.xml
index e188ba716e26..fd0f48e5a7fa 100644
--- a/src/chrome/content/rules/Atgsvcs.com.xml
+++ b/src/chrome/content/rules/Atgsvcs.com.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Atipso.com.xml b/src/chrome/content/rules/Atipso.com.xml
index 6e18593f2e5b..19820a123a00 100644
--- a/src/chrome/content/rules/Atipso.com.xml
+++ b/src/chrome/content/rules/Atipso.com.xml
@@ -15,13 +15,15 @@ Fetch error: http://atipso.com/ => https://atipso.com/: (60, 'SSL certificate pr
 <ruleset name="atipso.com">
 
 	<target host="atipso.com" />
-	<target host="*.atipso.com" />
+	<target host="app.atipso.com" />
+	<target host="piwik.atipso.com" />
+	<target host="static.atipso.com" />
+	<target host="www.atipso.com" />
 
 
 	<securecookie host="^\.app\.atipso\.com$" name=".+" />
 
 
-	<rule from="^http://((?:app|piwik|static|www)\.)?atipso\.com/"
-		to="https://$1atipso.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Atlantic-Media.xml b/src/chrome/content/rules/Atlantic-Media.xml
index e821c64008ee..e5a9c42f1d86 100644
--- a/src/chrome/content/rules/Atlantic-Media.xml
+++ b/src/chrome/content/rules/Atlantic-Media.xml
@@ -42,12 +42,14 @@ Fetch error: http://admin.theatlanticwire.com/ => https://admin.theatlanticwire.
 	¹ Refused
 
 -->
-<ruleset name="Atlantic Media (partial)" default_off='failed ruleset test'>
+<ruleset name="Atlantic Media (partial)" default_off="failed ruleset test">
 
 	<target host="govexec.com" />
-	<target host="*.govexec.com" />
+	<target host="cdn.govexec.com" />
+	<target host="www.govexec.com" />
 	<target host="secure.nationaljournal.com" />
-	<target host="*.theatlanticcities.com" />
+	<target host="admin.theatlanticcities.com" />
+	<target host="cdn.theatlanticcities.com" />
 	<target host="admin.theatlanticwire.com" />
 
 
@@ -62,13 +64,10 @@ Fetch error: http://admin.theatlanticwire.com/ => https://admin.theatlanticwire.
 	<rule from="^http://(?:cdn\.|www\.)?govexec\.com/"
 		to="https://www.govexec.com/" />
 
-	<rule from="^http://secure\.nationaljournal\.com/"
-		to="https://secure.nationaljournal.com/" />
 
-	<rule from="^http://admin\.theatlantic(cities|wire)\.com/"
-		to="https://admin.theatlantic$1.com/" />
 
 	<rule from="^http://cdn\.theatlanticcities\.com/"
 		to="https://admin.theatlanticcities.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Atlantic.net.xml b/src/chrome/content/rules/Atlantic.net.xml
index c3b13f3344db..71f77f519431 100644
--- a/src/chrome/content/rules/Atlantic.net.xml
+++ b/src/chrome/content/rules/Atlantic.net.xml
@@ -26,7 +26,7 @@
 					-->
 	<!--securecookie host="^cloud\.atlantic\.net$" name="^(PHPSESSID|Referrer_URL)$" /-->
 
-	<securecookie host="^(?:.*\.)?atlantic\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([^/:@]+\.)?atlantic\.net/"
diff --git a/src/chrome/content/rules/Atlantis.sk.xml b/src/chrome/content/rules/Atlantis.sk.xml
index bdfc614d72d7..22333530290b 100644
--- a/src/chrome/content/rules/Atlantis.sk.xml
+++ b/src/chrome/content/rules/Atlantis.sk.xml
@@ -9,9 +9,9 @@
 	<target host="www.atlantis.sk" />
 
 
-	<securecookie host="^(?:.+\.)?atlantis\.sk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Atmail.xml b/src/chrome/content/rules/Atmail.xml
index cbe949335214..06c968fade88 100644
--- a/src/chrome/content/rules/Atmail.xml
+++ b/src/chrome/content/rules/Atmail.xml
@@ -3,7 +3,7 @@
 	<target host="atmail.com" />
 	<target host="www.atmail.com" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 
 
 	<securecookie host="^\.atmail\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Atomic_Object.com.xml b/src/chrome/content/rules/Atomic_Object.com.xml
index 2b4fd692f2e2..d5f0e363a229 100644
--- a/src/chrome/content/rules/Atomic_Object.com.xml
+++ b/src/chrome/content/rules/Atomic_Object.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://craft-staging.atomicobject.com/ => https://craft-staging.ato
 		- www.atomicobject.com
 
 -->
-<ruleset name="Atomic Object.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Atomic Object.com (partial)" default_off="failed ruleset test">
 
 	<target host="atomicobject.com" />
 	<target host="craft-staging.atomicobject.com" />
diff --git a/src/chrome/content/rules/Atomz.xml b/src/chrome/content/rules/Atomz.xml
index 9148c84c7643..5d9e98e538b9 100644
--- a/src/chrome/content/rules/Atomz.xml
+++ b/src/chrome/content/rules/Atomz.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.atomz.com/ => https://www.atomz.com/: (6, 'Could not res
 Disabled by https-everywhere-checker because:
 Fetch error: http://atomz.com/ => https://atomz.com/: (56, 'Recv failure: Connection reset by peer')
 -->
-<ruleset name="Atomz" default_off='failed ruleset test'>
+<ruleset name="Atomz" default_off="failed ruleset test">
 
 	<target host="atomz.com" />
 	<target host="center.atomz.com" />
@@ -17,4 +17,4 @@ Fetch error: http://atomz.com/ => https://atomz.com/: (56, 'Recv failure: Connec
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Atos.net.xml b/src/chrome/content/rules/Atos.net.xml
index 2ff911a63dd9..1a1aced4f4c3 100644
--- a/src/chrome/content/rules/Atos.net.xml
+++ b/src/chrome/content/rules/Atos.net.xml
@@ -51,13 +51,53 @@
 <ruleset name="Atos.net">
 
 	<target host="atos.net" />
-	<target host="*.atos.net" />
+	<target host="ae.atos.net" />
+	<target host="ap.atos.net" />
+	<target host="ar.atos.net" />
+	<target host="at.atos.net" />
+	<target host="au.atos.net" />
+	<target host="ascentlookout.atos.net" />
+	<target host="be.atos.net" />
+	<target host="bg.atos.net" />
+	<target host="br.atos.net" />
+	<target host="ch.atos.net" />
+	<target host="cn.atos.net" />
+	<target host="cz.atos.net" />
+	<target host="cms.atos.net" />
+	<target host="de.atos.net" />
+	<target host="dk.atos.net" />
+	<target host="eg.atos.net" />
+	<target host="es.atos.net" />
+	<target host="fi.atos.net" />
+	<target host="fr.atos.net" />
+	<target host="hr.atos.net" />
+	<target host="in.atos.net" />
+	<target host="it.atos.net" />
+	<target host="jp.atos.net" />
+	<target host="mx.atos.net" />
+	<target host="na.atos.net" />
+	<target host="nl.atos.net" />
+	<target host="nz.atos.net" />
+	<target host="ph.atos.net" />
+	<target host="pl.atos.net" />
+	<target host="pt.atos.net" />
+	<target host="prd.atos.net" />
+	<target host="ro.atos.net" />
+	<target host="rs.atos.net" />
+	<target host="ru.atos.net" />
+	<target host="se.atos.net" />
+	<target host="sk.atos.net" />
+	<target host="th.atos.net" />
+	<target host="tr.atos.net" />
+	<target host="tw.atos.net" />
+	<target host="uk.atos.net" />
+	<target host="www.atos.net" />
+	<target host="za.atos.net" />
 
 
 	<securecookie host="^(?:\w+\.)?atos\.net$" name=".+" />
 
 
-	<rule from="^http://((?:a[eprtu]|ascentlookout|b[egr]|c[hnz]|cms|de|dk|eg|es|fi|fr|hr|in|it|jp|mx|n[alz]|p[hlt]|prd|r[osu]|se|sk|t[hrw]|uk|www|za)\.)?atos\.net/"
-		to="https://$1atos.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Atrativa.com.br.xml b/src/chrome/content/rules/Atrativa.com.br.xml
index 65f1471cf0a3..91d49abfd57a 100644
--- a/src/chrome/content/rules/Atrativa.com.br.xml
+++ b/src/chrome/content/rules/Atrativa.com.br.xml
@@ -14,7 +14,8 @@
 <ruleset name="Atrativa.com.br (partial)">
 
 	<target host="atrativa.com.br" />
-	<target host="*.atrativa.com.br" />
+	<target host="secure.atrativa.com.br" />
+	<target host="www.atrativa.com.br" />
 		<!--
 			At least some in css/.* and js/.* is not equivalent:
 										-->
diff --git a/src/chrome/content/rules/Atstuff.xml b/src/chrome/content/rules/Atstuff.xml
index 03fc752f14ec..8e1587876454 100644
--- a/src/chrome/content/rules/Atstuff.xml
+++ b/src/chrome/content/rules/Atstuff.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Attachmate-Group.xml b/src/chrome/content/rules/Attachmate-Group.xml
index a810ead96715..0b7ecbf1ca6c 100644
--- a/src/chrome/content/rules/Attachmate-Group.xml
+++ b/src/chrome/content/rules/Attachmate-Group.xml
@@ -25,7 +25,7 @@ Fetch error: http://login.attachmategroup.com/ => https://login.attachmategroup.
 		- login.attachmategroup.com
 
 -->
-<ruleset name="Attachmate Group.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Attachmate Group.com (partial)" default_off="failed ruleset test">
 
 	<target host="esp.attachmategroup.com" />
 	<target host="login.attachmategroup.com" />
diff --git a/src/chrome/content/rules/Attachmate.xml b/src/chrome/content/rules/Attachmate.xml
index 5ec19e1ce0f8..8b3cba99abdb 100644
--- a/src/chrome/content/rules/Attachmate.xml
+++ b/src/chrome/content/rules/Attachmate.xml
@@ -12,7 +12,7 @@ Fetch error: http://download.attachmate.com/ => https://download.attachmate.com/
 		- support	(no https)
 
 -->
-<ruleset name="Attachmate.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Attachmate.com (partial)" default_off="failed ruleset test">
 
 	<target host="download.attachmate.com" />
 	<target host="mysupport.attachmate.com" />
diff --git a/src/chrome/content/rules/AtticTV.com.xml b/src/chrome/content/rules/AtticTV.com.xml
index f7e75c088339..b5a8cc2a36b7 100644
--- a/src/chrome/content/rules/AtticTV.com.xml
+++ b/src/chrome/content/rules/AtticTV.com.xml
@@ -5,7 +5,6 @@ Fetch error: http://attictv.com/ => https://attictv.com/: (6, 'Could not resolve
 
 	Other AtticTV rulesets:
 
-		- Kpopstage.co.xml
 
 
 	Insecure cookies are set for these domains:
@@ -20,7 +19,7 @@ Fetch error: http://attictv.com/ => https://attictv.com/: (6, 'Could not resolve
 	* Secured by us
 
 -->
-<ruleset name="AtticTV.com" default_off='failed ruleset test'>
+<ruleset name="AtticTV.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Attorney-GeneralsDepartment.xml b/src/chrome/content/rules/Attorney-GeneralsDepartment.xml
index 4dcec3c73367..612eb607331a 100644
--- a/src/chrome/content/rules/Attorney-GeneralsDepartment.xml
+++ b/src/chrome/content/rules/Attorney-GeneralsDepartment.xml
@@ -1,7 +1,7 @@
 <ruleset name="Attorney-General's Department">
 	<target host="ag.gov.au" />
-	<target host="*.ag.gov.au" />
+	<target host="www.ag.gov.au" />
 
 	<rule from="^http://(?:www\.)?ag\.gov\.au/"
 		to="https://www.ag.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AttorneySteveLee.com.xml b/src/chrome/content/rules/AttorneySteveLee.com.xml
new file mode 100644
index 000000000000..62054057e9fe
--- /dev/null
+++ b/src/chrome/content/rules/AttorneySteveLee.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="AttorneySteveLee.com">
+	<target host="attorneystevelee.com" />
+	<target host="www.attorneystevelee.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Attracta.xml b/src/chrome/content/rules/Attracta.xml
index 3ad4bf703916..deca3d32a15e 100644
--- a/src/chrome/content/rules/Attracta.xml
+++ b/src/chrome/content/rules/Attracta.xml
@@ -16,7 +16,7 @@
 	<target host="*.attracta.com" />
 
 
-	<securecookie host="^(?:.*\.)?attracta\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?attracta\.com/"
diff --git a/src/chrome/content/rules/Attraqt.com.xml b/src/chrome/content/rules/Attraqt.com.xml
index cdc09756cf83..04bbfd67ee8f 100644
--- a/src/chrome/content/rules/Attraqt.com.xml
+++ b/src/chrome/content/rules/Attraqt.com.xml
@@ -13,7 +13,7 @@
 		- repos.attraqt.com
 	TLS error:
 		- tab.attraqt.com
-	
+
 -->
 <ruleset name="Attraqt (partial)">
 	<target host="www.attraqt.com" />
diff --git a/src/chrome/content/rules/Attyyar.net.xml b/src/chrome/content/rules/Attyyar.net.xml
deleted file mode 100644
index e80416bef7ec..000000000000
--- a/src/chrome/content/rules/Attyyar.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Attyyar.net">
-	<target host="attyyar.net" />
-	<target host="www.attyyar.net" />
-	<target host="m.attyyar.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Atypon.xml b/src/chrome/content/rules/Atypon.xml
index 0b98a3660aee..0aeef440af08 100644
--- a/src/chrome/content/rules/Atypon.xml
+++ b/src/chrome/content/rules/Atypon.xml
@@ -3,9 +3,9 @@
 	<target host="atypon.com" />
 	<target host="www.atypon.com" />
 	<!--	* for cross-domain cookie	-->
-	
 
-	<securecookie host="^(?:.*\.)?atypon\.com$" name=".+" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Au.dk.xml b/src/chrome/content/rules/Au.dk.xml
new file mode 100644
index 000000000000..6aae6f3a67e5
--- /dev/null
+++ b/src/chrome/content/rules/Au.dk.xml
@@ -0,0 +1,875 @@
+<!--
+	Invalid certificate:
+		www.addition.au.dk
+		www.akhphd.au.dk
+		www.alumni.au.dk
+		www.anis.au.dk
+		www.arctic.au.dk
+		www.ase.au.dk
+		www.auhe.au.dk
+		www.badm.au.dk
+		www.balticgas.au.dk
+		www.bb.au.dk
+		lyncdiscover.bcom.au.dk
+		www.cah.au.dk
+		www.cdna.au.dk
+		www.cfem.au.dk
+		www.cfin.au.dk
+		www.chem.au.dk
+		www.cju.au.dk
+		www.clin.au.dk
+		www.conamore.au.dk
+		www.creates.au.dk
+		www.crf.au.dk
+		www.auinstallation28.cs.au.dk
+		faccesurplus.auinstallation35.cs.au.dk
+		grilldyr.cs.au.dk
+		grillhost.cs.au.dk
+		www.cse.au.dk
+		www.css.au.dk
+		lyncdiscover.dac.au.dk
+		www.dagmar.au.dk
+		cgi-www.daimi.au.dk
+		www.darwin.au.dk
+		www.dce.au.dk
+		www.dcl.au.dk
+		www.depons.au.dk
+		www.dna18.au.dk
+		www.dramaturgi.au.dk
+		web.lmdg.econ.au.dk
+		www.econ.au.dk
+		www.ecosense.au.dk
+		www.edu.au.dk
+		www.eksamen.au.dk
+		www.eng.au.dk
+		www.engelsk.au.dk
+		www.femtolab.au.dk
+		www.fetotox.au.dk
+		www.folkesundhed.au.dk
+		folkeuniversitetet.au.dk
+		www.funktionellelidelser.au.dk
+		www.geomaps.au.dk
+		www.gerda.au.dk
+		www.hermes.au.dk
+		www.hgg.au.dk
+		hi.au.dk
+		www.hi.au.dk
+		www.hih.au.dk
+		www.hum.au.dk
+		www.ias.au.dk
+		www.icon.au.dk
+		www.imv.au.dk
+		www.inano.au.dk
+		www.inanoschool.au.dk
+		www.international.au.dk
+		www.into-cps.au.dk
+		www.ipsych.au.dk
+		www.ivs.au.dk
+		www.lacua.au.dk
+		www.law.au.dk
+		www.madalgo.au.dk
+		www.mangrove.au.dk
+		www.masters.au.dk
+		www.mbg.au.dk
+		www.medarbejdere.au.dk
+		www.medialab.au.dk
+		www.memory.au.dk
+		www.mgmt.au.dk
+		www.mr.au.dk
+		www.ncrr.au.dk
+		www.nera2012.au.dk
+		www.neurocampus.au.dk
+		www.nmr.au.dk
+		www.nnpe.au.dk
+		www.nordisk.au.dk
+		www.nsae.au.dk
+		www.odont.au.dk
+		www.odontologi.au.dk
+		lyncdiscover.orion.au.dk
+		www.pet.au.dk
+		www.ph.au.dk
+		www.phys.au.dk
+		astro.phys.au.dk
+		kern.phys.au.dk
+		song.phys.au.dk
+		demo.ss1n1.phys.au.dk
+		www.progeuro.au.dk
+		www.ps.au.dk
+		www.psy.au.dk
+		www.pumpkin.au.dk
+		www.qgm.au.dk
+		www.religiousroots.au.dk
+		www.rr2017.au.dk
+		www.ruml.au.dk
+		www.sac.au.dk
+		www.sagaconference.au.dk
+		www.sam.au.dk
+		www.sanord.au.dk
+		www.scitech.au.dk
+		www.slk.au.dk
+		www.socialsciences.au.dk
+		prodekanus.studorg.au.dk
+		www.techne.au.dk
+		www.tgf.au.dk
+		www.ulandslaere.au.dk
+		www.unike.au.dk
+		www.verso.au.dk
+		www.wia.au.dk
+
+	Missing certificate chain:
+		applemdm.auit.au.dk
+		vipomat.hum.au.dk
+		maillist.au.dk
+		vc.au.dk
+
+	Connection refused:
+		odk.agro.au.dk
+		www.ambitprocesses.au.dk
+		arkit.au.dk
+		bioxray.au.dk
+		www.bioxray.au.dk
+		brand.au.dk
+		kis.cc.au.dk
+		bionmr.chem.au.dk
+		www.bionmr.chem.au.dk
+		bionmr1.chem.au.dk
+		old.chem.au.dk
+		www.old.chem.au.dk
+		www.cki.au.dk
+		legolab.cs.au.dk
+		sutherland.cs.au.dk
+		www.ctqm.au.dk
+		bircwww.daimi.au.dk
+		legolab.daimi.au.dk
+		www.legolab.daimi.au.dk
+		www.daimi.au.dk
+		wima2.daimi.au.dk
+		danbif.au.dk
+		galleri.au.dk
+		idraet.au.dk
+		www.idraet.au.dk
+		imf.au.dk
+		www.imf.au.dk
+		data.imf.au.dk
+		home.imf.au.dk
+		innox-db.au.dk
+		www.intermedia.au.dk
+		it.au.dk
+		moma.ki.au.dk
+		home.math.au.dk
+		mfsr.au.dk
+		mpclounge.au.dk
+		natphd.au.dk
+		www.natphd.au.dk
+		tsm.nfit.au.dk
+		kasoc.phys.au.dk
+		valgdata.ps.au.dk
+		media.qgm.au.dk
+		spsp2015.au.dk
+
+	Other HTTPS errors:
+		mit.biology.au.dk
+		wiki.eng.au.dk
+		www.isa.au.dk
+
+	Mixed content:
+		addition.au.dk
+		aestheticpolitics.au.dk
+		aestheticsreloaded.au.dk
+		agro.au.dk
+		aias.au.dk
+		aie.au.dk
+		ak.au.dk
+		akutforskning.au.dk
+		anis.au.dk
+		anthropocene.au.dk
+		antikmuseet.au.dk
+		arctic.au.dk
+		arts.au.dk
+		asca.au.dk
+		ase.au.dk
+		audiovisuality.au.dk
+		auff.au.dk
+		balticgas.au.dk
+		barneticentrum.au.dk
+		bbsupport.au.dk
+		bias.au.dk
+		bilingualism.au.dk
+		bioculture.au.dk
+		biodesign.au.dk
+		biomed.au.dk
+		bion.au.dk
+		bios.au.dk
+		biostat.au.dk
+		www.biostat.au.dk
+		birc.au.dk
+		blogs.au.dk
+		bss.au.dk
+		btech.au.dk
+		c3net.au.dk
+		cah.au.dk
+		canadianstudies.au.dk
+		cap.au.dk
+		cardnetwork.au.dk
+		careercentre.au.dk
+		cas.au.dk
+		casa.au.dk
+		cavi.au.dk
+		auinstallation30.cs.au.dk
+		auinstallation31.cs.au.dk
+		auinstallation32.cs.au.dk
+		auinstallation33.cs.au.dk
+		auinstallation34.cs.au.dk
+		auinstallation35.cs.au.dk
+		auinstallation36.cs.au.dk
+		auinstallation40.cs.au.dk
+		auinstallation42.cs.au.dk
+		auinstallation43.cs.au.dk
+		auinstallation44.cs.au.dk
+		ddlab.projects.cavi.au.dk
+		organicity.projects.cavi.au.dk
+		cbio.au.dk
+		cbn.au.dk
+		cc.au.dk
+		cctd.au.dk
+		cdna.au.dk
+		ceh.au.dk
+		cei.au.dk
+		census.au.dk
+		cesau.au.dk
+		cesu.au.dk
+		cfb.au.dk
+		cfi.au.dk
+		cfin.au.dk
+		chem.au.dk
+		childresearch.au.dk
+		cirrau.au.dk
+		cisa.au.dk
+		cisca.au.dk
+		climate-kic.au.dk
+		clin.au.dk
+		conferences.au.dk
+		contemporaneity.au.dk
+		cs.au.dk
+		aucommon.cs.au.dk
+		csac.au.dk
+		css.au.dk
+		ctn.au.dk
+		dagmar.au.dk
+		dandrite.au.dk
+		darc.au.dk
+		dca.au.dk
+		dcl.au.dk
+		dedx.au.dk
+		deleuranlab.au.dk
+		dent.au.dk
+		derma.au.dk
+		designmanual.au.dk
+		dlrc.au.dk
+		dls.au.dk
+		dna18.au.dk
+		dream.au.dk
+		dyrefaciliteter.au.dk
+		ebooks.au.dk
+		econ.au.dk
+		edu.au.dk
+		eduroam.au.dk
+		energy.au.dk
+		eng.au.dk
+		futurecropping-ssl.eng.au.dk
+		opentele.eng.au.dk
+		envs.au.dk
+		epicenter.au.dk
+		eship.au.dk
+		eurowheat.au.dk
+		facs.au.dk
+		fallingwallslab.au.dk
+		feap.au.dk
+		fetotox.au.dk
+		fictionality.au.dk
+		food.au.dk
+		food4being.au.dk
+		foodplatform.au.dk
+		forensic.au.dk
+		genome.au.dk
+		geo.au.dk
+		globalaesthetics.au.dk
+		gnosis.au.dk
+		goodsociety.au.dk
+		grundtvigcenteret.au.dk
+		hci.au.dk
+		hcs.au.dk
+		health.au.dk
+		phd.health.au.dk
+		hermes.au.dk
+		hgg.au.dk
+		hollsberglab.au.dk
+		humanfutures.au.dk
+		ias.au.dk
+		iclimate.au.dk
+		icon.au.dk
+		icsru.au.dk
+		ida.au.dk
+		idnc.au.dk
+		idrres.au.dk
+		ifood.au.dk
+		imat.au.dk
+		inano.au.dk
+		ingenioer.au.dk
+		innox.au.dk
+		interactingminds.au.dk
+		interfacekultur.au.dk
+		interpret.au.dk
+		ipsych.au.dk
+		iseq.au.dk
+		jobsys.au.dk
+		jysk.au.dk
+		kandidat.au.dk
+		kea.au.dk
+		koll.au.dk
+		lacua.au.dk
+		law.au.dk
+		library.au.dk
+		loegstrup.au.dk
+		math.au.dk
+		mbg.au.dk
+		agro.medarbejdere.au.dk
+		ase.medarbejdere.au.dk
+		biomed.medarbejdere.au.dk
+		btech.medarbejdere.au.dk
+		cas.medarbejdere.au.dk
+		cc.medarbejdere.au.dk
+		chem.medarbejdere.au.dk
+		clin.medarbejdere.au.dk
+		dca.medarbejdere.au.dk
+		econ.medarbejdere.au.dk
+		edu.medarbejdere.au.dk
+		eng.medarbejdere.au.dk
+		food.medarbejdere.au.dk
+		geo.medarbejdere.au.dk
+		health.medarbejdere.au.dk
+		inano.medarbejdere.au.dk
+		law.medarbejdere.au.dk
+		math.medarbejdere.au.dk
+		mbg.medarbejdere.au.dk
+		ph.medarbejdere.au.dk
+		phys.medarbejdere.au.dk
+		ps.medarbejdere.au.dk
+		psy.medarbejdere.au.dk
+		qgm.medarbejdere.au.dk
+		scitech.medarbejdere.au.dk
+		tdm.medarbejdere.au.dk
+		membranes.au.dk
+		memorianovelada.au.dk
+		memory.au.dk
+		mentalnet.au.dk
+		meprica.au.dk
+		metodeguiden.au.dk
+		mgmt.au.dk
+		mind.au.dk
+		mindfulness.au.dk
+		mindhood.au.dk
+		motion.au.dk
+		mr.au.dk
+		museologi.au.dk
+		musicinthebrain.au.dk
+		nck.au.dk
+		ncs.au.dk
+		nera2012.au.dk
+		neurocampus.au.dk
+		neurodin.au.dk
+		newsroom.au.dk
+		nordisknet.au.dk
+		nsae.au.dk
+		nt.au.dk
+		nuas15.au.dk
+		nuaskom.au.dk
+		nyegaardlab.au.dk
+		offentlighed.au.dk
+		omnibus.au.dk
+		ph.au.dk
+		phd.au.dk
+		phys.au.dk
+		pimas.au.dk
+		pit.au.dk
+		pnes.au.dk
+		posthuman.au.dk
+		prme-leaders20.au.dk
+		progeuro.au.dk
+		projekter.au.dk
+		promemo.au.dk
+		ps.au.dk
+		psy.au.dk
+		psys.au.dk
+		qgm.au.dk
+		radisurf.au.dk
+		rcc.au.dk
+		readingslavery.au.dk
+		redcap.au.dk
+		redoxlab.au.dk
+		religiousroots.au.dk
+		relnorm.au.dk
+		researchmanager.au.dk
+		ruml.au.dk
+		runsafe.au.dk
+		sa3-paludan.au.dk
+		sac.au.dk
+		sagaconference.au.dk
+		samtalegrammatik.au.dk
+		samtidsreligion.au.dk
+		sanord.au.dk
+		schoolofperfusion.au.dk
+		scitech.au.dk
+		sexualitystudies.au.dk
+		shs.au.dk
+		sins.au.dk
+		smartcities.au.dk
+		smk.au.dk
+		sociologikongres.au.dk
+		song.au.dk
+		soundacts.au.dk
+		spin-in.au.dk
+		sportmigration.au.dk
+		cs.staff.au.dk
+		mgmt.staff.au.dk
+		stll.au.dk
+		sts.au.dk
+		studypedia.au.dk
+		sufism.au.dk
+		susa.au.dk
+		tdm.au.dk
+		techne.au.dk
+		thiele.au.dk
+		tnu.au.dk
+		trykkeri.au.dk
+		undervisermetro.au.dk
+		unike.au.dk
+		upnet.au.dk
+		urbnet.au.dk
+		usesofthepast.au.dk
+		verso.au.dk
+		vikingoldnorse.au.dk
+		watec.au.dk
+		wia.au.dk
+
+	Different content on HTTPS:
+		mangrove.au.dk
+		cloud.phys.au.dk
+
+	Invalid redirect:
+		neptun.phys.au.dk
+		neptun-in-spe.phys.au.dk
+
+	Redirect to HTTP:
+		alumne.au.dk
+		asem.au.dk
+		badm.au.dk
+		besenbacher.au.dk
+		bibliotek.au.dk
+		cafe.au.dk
+		carb.au.dk
+		careerevents.au.dk
+		media.cavi.au.dk
+		digitalexperience.projects.cavi.au.dk
+		ccc.au.dk
+		cfem.au.dk
+		cem.chem.au.dk
+		cmc.chem.au.dk
+		cir.au.dk
+		cocoa.au.dk
+		conamore.au.dk
+		cpl.au.dk
+		creates.au.dk
+		crf.au.dk
+		www.cs.au.dk
+		auinstallation28.cs.au.dk
+		soil.auinstallation31.cs.au.dk
+		cns.auinstallation34.cs.au.dk
+		cio.cs.au.dk
+		ctic.au.dk
+		cul.au.dk
+		darwin.au.dk
+		dce.au.dk
+		dce-conference.au.dk
+		doping.au.dk
+		ecamp11.au.dk
+		nenet.econ.au.dk
+		ecora.au.dk
+		ecosense.au.dk
+		epdic14.au.dk
+		executive.au.dk
+		femtolab.au.dk
+		forens.au.dk
+		forskningsskib.au.dk
+		gensap.au.dk
+		geomicrobiology.au.dk
+		gerda.au.dk
+		go4baltic.au.dk
+		grads.au.dk
+		graduatestudies.au.dk
+		herbarium.au.dk
+		td.hih.au.dk
+		icoa.au.dk
+		icpms.au.dk
+		inanoschool.au.dk
+		into-cps.au.dk
+		isms.au.dk
+		ivs.au.dk
+		katrinebjerg.au.dk
+		konferencer.au.dk
+		bartholin.library.au.dk
+		fuglesang.library.au.dk
+		herning.library.au.dk
+		linor.au.dk
+		madalgo.au.dk
+		mapp.au.dk
+		marslab.au.dk
+		masters.au.dk
+		auhe.medarbejdere.au.dk
+		badm.medarbejdere.au.dk
+		cs.medarbejdere.au.dk
+		cudim.medarbejdere.au.dk
+		dac.medarbejdere.au.dk
+		forens.medarbejdere.au.dk
+		inanoschool.medarbejdere.au.dk
+		odont.medarbejdere.au.dk
+		skt.medarbejdere.au.dk
+		medu.au.dk
+		mfps-2016.au.dk
+		monitech.au.dk
+		mrnp.au.dk
+		nanomed.au.dk
+		ncrr.au.dk
+		nenet.au.dk
+		news.au.dk
+		nmr.au.dk
+		nnpe.au.dk
+		odont.au.dk
+		odontologi.au.dk
+		orgnano.au.dk
+		palms2015.au.dk
+		perfusionistskolen.au.dk
+		person.au.dk
+		oro.phys.au.dk
+		pumpkin.au.dk
+		qleap.au.dk
+		retsmedicin.au.dk
+		samfundsvidenskab.au.dk
+		semiotics.au.dk
+		skt.au.dk
+		badm.staff.au.dk
+		inano.staff.au.dk
+		students.au.dk
+		oecon.studerende.au.dk
+		studieguide.au.dk
+		studiemetro.au.dk
+		talent.au.dk
+		tgf.au.dk
+		tilvalg.au.dk
+		tribct2014.au.dk
+		tto.au.dk
+		unity.au.dk
+		voltres.au.dk
+		webshop.au.dk
+		wifi.au.dk
+		yourniversity.au.dk
+
+	Not user facing:
+		lyncdiscover.agro.au.dk
+		lyncdiscover.aias.au.dk
+		lyncdiscover.anis.au.dk
+		lyncdiscover.ase.au.dk
+		lyncdiscover.biomed.au.dk
+		lyncdiscover.bios.au.dk
+		lyncdiscover.birc.au.dk
+		lyncdiscover.btech.au.dk
+		lyncdiscover.cas.au.dk
+		lyncdiscover.cavi.au.dk
+		lyncdiscover.cc.au.dk
+		lyncdiscover.cfin.au.dk
+		lyncdiscover.chem.au.dk
+		lyncdiscover.clin.au.dk
+		lyncdiscover.cs.au.dk
+		lyncdiscover.css.au.dk
+		lyncdiscover.dandrite.au.dk
+		lyncdiscover.dca.au.dk
+		lyncdiscover.dce.au.dk
+		lyncdiscover.dent.au.dk
+		lyncdiscover.econ.au.dk
+		lyncdiscover.edu.au.dk
+		lyncdiscover.eng.au.dk
+		lyncdiscover.envs.au.dk
+		lyncdiscover.food.au.dk
+		lyncdiscover.forens.au.dk
+		lyncdiscover.geo.au.dk
+		lyncdiscover.icoa.au.dk
+		lyncdiscover.inano.au.dk
+		lyncdiscover.innox.au.dk
+		lyncdiscover.koll.au.dk
+		lyncdiscover.law.au.dk
+		lyncdiscover.au.dk
+		lyncdiscover.madalgo.au.dk
+		lyncdiscover.math.au.dk
+		lyncdiscover.mbg.au.dk
+		lyncdiscover.mgmt.au.dk
+		lyncdiscover.oncology.au.dk
+		lyncdiscover.ph.au.dk
+		lyncdiscover.phys.au.dk
+		lyncdiscover.ps.au.dk
+		lyncdiscover.psy.au.dk
+		lyncdiscover.qgm.au.dk
+		lyncdiscover.sm.au.dk
+		lyncdiscover.stll.au.dk
+		lyncdiscover.tdm.au.dk
+		lyncdiscover.uni.au.dk
+-->
+
+<ruleset name="au.dk">
+	<target host="au.dk" />
+	<target host="www.au.dk" />
+	<target host="www.acl.au.dk" />
+	<target host="adgangskontrol.au.dk" />
+	<target host="web01.agro.au.dk" />
+	<target host="web01t.agro.au.dk" />
+	<target host="web02.agro.au.dk" />
+	<target host="web04.agro.au.dk" />
+	<target host="web05.agro.au.dk" />
+	<target host="agrsci.au.dk" />
+	<target host="booking-katrinebjerg.ase.au.dk" />
+	<target host="booking-navitas.ase.au.dk" />
+	<target host="stockmanager.ase.au.dk" />
+	<target host="arts.augo.au.dk" />
+	<target host="bss.augo.au.dk" />
+	<target host="infrastruktur-services.auit.au.dk" />
+	<target host="bachelor.au.dk" />
+	<target host="aestetik.bibliotek.au.dk" />
+	<target host="moesgaard.bibliotek.au.dk" />
+	<target host="archive.bilingualism.au.dk" />
+	<target host="kl01.bios.au.dk" />
+	<target host="kw01.bios.au.dk" />
+	<target host="kw02.bios.au.dk" />
+	<target host="kw03.bios.au.dk" />
+	<target host="kw04.bios.au.dk" />
+	<target host="sciurus.bios.au.dk" />
+	<target host="shiny.bios.au.dk" />
+	<target host="xylaria.bios.au.dk" />
+	<target host="services.birc.au.dk" />
+	<target host="blackboard.au.dk" />
+	<target host="www.blackboard.au.dk" />
+	<target host="cbd.btech.au.dk" />
+	<target host="projects.cavi.au.dk" />
+	<target host="designspace.projects.cavi.au.dk" />
+	<target host="design-space.projects.cavi.au.dk" />
+	<target host="designspaceanalysistool.projects.cavi.au.dk" />
+	<target host="design-space-analysis-tool.projects.cavi.au.dk" />
+	<target host="designspaceschema.projects.cavi.au.dk" />
+	<target host="dsanalysistool.projects.cavi.au.dk" />
+	<target host="ds-analysis-tool.projects.cavi.au.dk" />
+	<target host="libraries.projects.cavi.au.dk" />
+	<target host="login.projects.cavi.au.dk" />
+	<target host="mysql.projects.cavi.au.dk" />
+	<target host="tm-resource.projects.cavi.au.dk" />
+	<target host="digitalliteracy.cc.au.dk" />
+	<target host="illuminate.cc.au.dk" />
+	<target host="cmc-old.chem.au.dk" />
+	<target host="kiros.chem.au.dk" />
+	<target host="www.kiros.chem.au.dk" />
+	<target host="vdr.chem.au.dk" />
+	<target host="trialpartner.clin.au.dk" />
+	<target host="cpw.au.dk" />
+	<target host="43aui02.cs.au.dk" />
+	<target host="43aui03.cs.au.dk" />
+	<target host="43aui04.cs.au.dk" />
+	<target host="43aui05.cs.au.dk" />
+	<target host="43aui06.cs.au.dk" />
+	<target host="43aui07.cs.au.dk" />
+	<target host="43aui08.cs.au.dk" />
+	<target host="adasb.cs.au.dk" />
+	<target host="agrsci.cs.au.dk" />
+	<target host="aucms.cs.au.dk" />
+	<target host="test.aucommon.cs.au.dk" />
+	<target host="aucommon-opgr.cs.au.dk" />
+	<target host="auinstallation01.cs.au.dk" />
+	<target host="auinstallation02.cs.au.dk" />
+	<target host="auinstallation03.cs.au.dk" />
+	<target host="auinstallation04.cs.au.dk" />
+	<target host="auinstallation05.cs.au.dk" />
+	<target host="auinstallation06.cs.au.dk" />
+	<target host="auinstallation07.cs.au.dk" />
+	<target host="auinstallation08.cs.au.dk" />
+	<target host="auinstallation09.cs.au.dk" />
+	<target host="auinstallation10.cs.au.dk" />
+	<target host="auinstallation10i.cs.au.dk" />
+	<target host="auinstallation11.cs.au.dk" />
+	<target host="auinstallation12.cs.au.dk" />
+	<target host="auinstallation13.cs.au.dk" />
+	<target host="auinstallation14.cs.au.dk" />
+	<target host="auinstallation14test.cs.au.dk" />
+	<target host="auinstallation15.cs.au.dk" />
+	<target host="auinstallation16.cs.au.dk" />
+	<target host="auinstallation17.cs.au.dk" />
+	<target host="auinstallation18.cs.au.dk" />
+	<target host="auinstallation18test.cs.au.dk" />
+	<target host="auinstallation19.cs.au.dk" />
+	<target host="auinstallation20.cs.au.dk" />
+	<target host="auinstallation21.cs.au.dk" />
+	<target host="auinstallation22.cs.au.dk" />
+	<target host="auinstallation23.cs.au.dk" />
+	<target host="auinstallation24.cs.au.dk" />
+	<target host="auinstallation25.cs.au.dk" />
+	<target host="auinstallation26.cs.au.dk" />
+	<target host="auinstallation27.cs.au.dk" />
+	<target host="auinstallation28.cs.au.dk" />
+	<target host="auinstallation36test.cs.au.dk" />
+	<target host="auinstallation37.cs.au.dk" />
+	<target host="auinstallation38.cs.au.dk" />
+	<target host="auinstallation39.cs.au.dk" />
+	<target host="auinstallation41.cs.au.dk" />
+	<target host="auinstallation45.cs.au.dk" />
+	<target host="auinstallation46.cs.au.dk" />
+	<target host="auinstallation47.cs.au.dk" />
+	<target host="auinstallationd.cs.au.dk" />
+	<target host="auinstallationpers.cs.au.dk" />
+	<target host="auit-test.cs.au.dk" />
+	<target host="aukurser.cs.au.dk" />
+	<target host="aumodel.cs.au.dk" />
+	<target host="aunewsconfig.cs.au.dk" />
+	<target host="autest2.cs.au.dk" />
+	<target host="autest453.cs.au.dk" />
+	<target host="cct.cs.au.dk" />
+	<target host="cctt.cs.au.dk" />
+	<target host="challenge.cs.au.dk" />
+	<target host="daimi.cs.au.dk" />
+	<target host="damrte.cs.au.dk" />
+	<target host="directmail.cs.au.dk" />
+	<target host="djf.cs.au.dk" />
+	<target host="djftest.cs.au.dk" />
+	<target host="dovs.cs.au.dk" />
+	<target host="dummy1.cs.au.dk" />
+	<target host="dummy2.cs.au.dk" />
+	<target host="i13test.cs.au.dk" />
+	<target host="i26test.cs.au.dk" />
+	<target host="i32test.cs.au.dk" />
+	<target host="newsdevprod.cs.au.dk" />
+	<target host="newsroomkursus.cs.au.dk" />
+	<target host="newstest.cs.au.dk" />
+	<target host="aucommon.nfitdev.cs.au.dk" />
+	<target host="aumodel.nfitdev.cs.au.dk" />
+	<target host="nystudieguide.cs.au.dk" />
+	<target host="old.cs.au.dk" />
+	<target host="omnibustest.cs.au.dk" />
+	<target host="phdassociation.cs.au.dk" />
+	<target host="smatest.cs.au.dk" />
+	<target host="au.test.cs.au.dk" />
+	<target host="testbrugerinterface.cs.au.dk" />
+	<target host="tinyop.cs.au.dk" />
+	<target host="tnystudieguide.cs.au.dk" />
+	<target host="tradostest.cs.au.dk" />
+	<target host="typo3-opgr.cs.au.dk" />
+	<target host="utf8test.cs.au.dk" />
+	<target host="webtest.cs.au.dk" />
+	<target host="cse.au.dk" />
+	<target host="dial.au.dk" />
+	<target host="dime.au.dk" />
+	<target host="driftstatus.au.dk" />
+	<target host="www.driftstatus.au.dk" />
+	<target host="eksamen.au.dk" />
+	<target host="fieldbabel.eng.au.dk" />
+	<target host="harvestlog.eng.au.dk" />
+	<target host="tiipwilab.eng.au.dk" />
+	<target host="vision.eng.au.dk" />
+	<target host="engelsk.au.dk" />
+	<target host="admin.evacuate.au.dk" />
+	<target host="old.geomicrobiology.au.dk" />
+	<target host="gitlab.au.dk" />
+	<target host="service.health.au.dk" />
+	<target host="hires.au.dk" />
+	<target host="ifi.au.dk" />
+	<target host="imv.au.dk" />
+	<target host="pov.imv.au.dk" />
+	<target host="vdr.inano.au.dk" />
+	<target host="international.au.dk" />
+	<target host="italiensk.au.dk" />
+	<target host="itbib.au.dk" />
+	<target host="jobbank.au.dk" />
+	<target host="konvloop.au.dk" />
+	<target host="ws.konvloop.au.dk" />
+	<target host="kursuskatalog.au.dk" />
+	<target host="labbook.au.dk" />
+	<target host="bssdb.library.au.dk" />
+	<target host="litteraturhistorie.au.dk" />
+	<target host="lotus.au.dk" />
+	<target host="ludomani.au.dk" />
+	<target host="data.math.au.dk" />
+	<target host="medarbejdere.au.dk" />
+	<target host="bss.medarbejdere.au.dk" />
+	<target host="mindlab.au.dk" />
+	<target host="www.mindlab.au.dk" />
+	<target host="mit.au.dk" />
+	<target host="mitstudie.au.dk" />
+	<target host="mrbooking.au.dk" />
+	<target host="nfit.au.dk" />
+	<target host="cmsphpmyadmin.nfit.au.dk" />
+	<target host="ipure.nfit.au.dk" />
+	<target host="pureredirect.nfit.au.dk" />
+	<target host="ssl.nfit.au.dk" />
+	<target host="svn.nfit.au.dk" />
+	<target host="testpureredirect.nfit.au.dk" />
+	<target host="ofn.au.dk" />
+	<target host="open-tdm.au.dk" />
+	<target host="orbitlab.au.dk" />
+	<target host="build.orbitlab.au.dk" />
+	<target host="identity.orbitlab.au.dk" />
+	<target host="overture.au.dk" />
+	<target host="build.overture.au.dk" />
+	<target host="pages-tdm.au.dk" />
+	<target host="amp.phys.au.dk" />
+	<target host="astroparticle.phys.au.dk" />
+	<target host="dars.phys.au.dk" />
+	<target host="soda.phys.au.dk" />
+	<target host="pinkode.au.dk" />
+	<target host="post.au.dk" />
+	<target host="projects.au.dk" />
+	<target host="pure.au.dk" />
+	<target host="remote.au.dk" />
+	<target host="resourcebooker.au.dk" />
+	<target host="www.resourcebooker.au.dk" />
+	<target host="schedule.au.dk" />
+	<target host="www.schedule.au.dk" />
+	<target host="contract2018.scitech.au.dk" />
+	<target host="kontrakt.scitech.au.dk" />
+	<target host="secureaware.au.dk" />
+	<target host="secureresearchmanager.au.dk" />
+	<target host="serviceinfo.au.dk" />
+	<target host="www.serviceinfo.au.dk" />
+	<target host="sider2013.au.dk" />
+	<target host="slk.au.dk" />
+	<target host="software.au.dk" />
+	<target host="st-bygningsservice.au.dk" />
+	<target host="studentervaeksthus.au.dk" />
+	<target host="studerende.au.dk" />
+	<target host="arts.studyabroad.au.dk" />
+	<target host="health.studyabroad.au.dk" />
+	<target host="support.au.dk" />
+	<target host="support-agent.au.dk" />
+	<target host="surveyinfo.au.dk" />
+	<target host="tand.au.dk" />
+	<target host="www.tand.au.dk" />
+	<target host="teo.au.dk" />
+	<target host="treat.au.dk" />
+	<target host="www.treat.au.dk" />
+	<target host="typo3.au.dk" />
+	<target host="pexipservers.video.au.dk" />
+	<target host="vmeet.au.dk" />
+	<target host="pexipservers.vmeet.au.dk" />
+	<target host="pxextdmz01.vmeet.au.dk" />
+	<target host="pxextdmz02.vmeet.au.dk" />
+	<target host="webmail.au.dk" />
+	<target host="dna-robotics.wiki.au.dk" />
+
+	<!-- CDN -->
+	<target host="www.aucdn.dk" />
+		<test url="http://www.aucdn.dk/2016/assets/img/logos.svg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Audemars_Piguet.com.xml b/src/chrome/content/rules/Audemars_Piguet.com.xml
index 666e1f1adbc2..d5ccc4e0ea69 100644
--- a/src/chrome/content/rules/Audemars_Piguet.com.xml
+++ b/src/chrome/content/rules/Audemars_Piguet.com.xml
@@ -14,7 +14,7 @@
 <ruleset name="Audemars Piguet.com">
 
 	<target host="audemarspiguet.com" />
-	<target host="*.audemarspiguet.com" />
+	<target host="www.audemarspiguet.com" />
 
 
 	<securecookie host="^\.audemarspiguet\.com$" name=".+" />
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?audemarspiguet\.com/"
 		to="https://www.audemarspiguet.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Audible.de.xml b/src/chrome/content/rules/Audible.de.xml
index 28becf5bc50f..727b62d3cdf6 100644
--- a/src/chrome/content/rules/Audible.de.xml
+++ b/src/chrome/content/rules/Audible.de.xml
@@ -4,9 +4,9 @@ Fetch error: http://audible.de/ => https://www.audible.de/: Cycle detected - URL
 -->
 <ruleset name="Audible.de" platform="mixedcontent">
   <target host="audible.de"/>
-  <target host="*.audible.de"/>
+  <target host="www.audible.de" />
 
-  <securecookie host="^(?:.*\.)?audible\.de$" name=".+" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?audible\.de/" to="https://www.audible.de/"/>
   <rule from="^http://audible\.de/" to="https://www.audible.de/"/>
diff --git a/src/chrome/content/rules/Audicon.net.xml b/src/chrome/content/rules/Audicon.net.xml
index b39898842fbc..acf6350f3e00 100644
--- a/src/chrome/content/rules/Audicon.net.xml
+++ b/src/chrome/content/rules/Audicon.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://audicon.net/ => https://audicon.net/: (60, 'SSL certificate
 Fetch error: http://www.audicon.net/ => https://www.audicon.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Audicon.net" default_off='failed ruleset test'>
+<ruleset name="Audicon.net" default_off="failed ruleset test">
   <target host="audicon.net" />
   <target host="www.audicon.net" />
 
diff --git a/src/chrome/content/rules/Audience-Ad-Network.xml b/src/chrome/content/rules/Audience-Ad-Network.xml
index 0c3f021d5532..c12f922c5e5b 100644
--- a/src/chrome/content/rules/Audience-Ad-Network.xml
+++ b/src/chrome/content/rules/Audience-Ad-Network.xml
@@ -6,7 +6,7 @@ Fetch error: http://manage.audienceadnetwork.com/ => https://manage.audienceadne
 Disabled by https-everywhere-checker because:
 Fetch error: http://manage.audienceadnetwork.com/ => https://manage.audienceadnetwork.com/: (28, 'Resolving timed out after 10520 milliseconds')
 -->
-<ruleset name="Audience Ad Network (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Audience Ad Network (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="manage.audienceadnetwork.com"/>
 	<target host="*.qwobl.net"/>
diff --git a/src/chrome/content/rules/AudienceScience.xml b/src/chrome/content/rules/AudienceScience.xml
index 35e4639ef970..b7d3d4791d23 100644
--- a/src/chrome/content/rules/AudienceScience.xml
+++ b/src/chrome/content/rules/AudienceScience.xml
@@ -2,13 +2,13 @@
 	Other AudienceScience rulesets:
 
 		- Audience_Targeting.xml
-		- RevSci.net.xml
 
 
 	Nonfunctional subdomains:
 
 		- (www.) ¹
 		- login ²
+    - gateway
 
 	¹ Shows default page
 	² Reset
@@ -35,27 +35,13 @@
 -->
 <ruleset name="AudienceScience">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="gateway.audiencescience.com" />
-
-	<!--	Complications:
-				-->
+	<!--	Complications -->
 	<target host="ad.targetingmarketplace.com" />
 
-
-	<!--	Not secured by server:
-					-->
+	<!--	Not secured by server: -->
 	<securecookie host="^demand\.audiencescience\.com$" name="^hsPagesViewedThisSession$" />
-	<securecookie host="^gateway\.audiencescience\.com$" name="^JSESSIONID$" />
-
-	<securecookie host="^gateway\.audiencescience\.com$" name=".+" />
-
 
 	<rule from="^http://ad\.targetingmarketplace\.com/"
 		to="https://ad.yieldmanager.com/" />
 
-	<rule from="^http:"
-		to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Audience_Amplify.com.xml b/src/chrome/content/rules/Audience_Amplify.com.xml
deleted file mode 100644
index 0f2d64c66b1f..000000000000
--- a/src/chrome/content/rules/Audience_Amplify.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(404; mismatched, CN: *.websitewelcome.com)
-		- blog		(tumblr)
-
-
-	Problematic subdomains:
-
-		- ads		(mismatched, CN: *.adnxs.com)
-		- console	(works; mismatched, CN: console.appnexus.com)
-
--->
-<ruleset name="Audience Amplify.com (partial)">
-
-	<target host="ads.audienceamplify.com" />
-
-
-	<rule from="^http://ads\.audienceamplify\.com/"
-		to="https://ib.adnxs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Audiko.net.xml b/src/chrome/content/rules/Audiko.net.xml
new file mode 100644
index 000000000000..a14de8891dd6
--- /dev/null
+++ b/src/chrome/content/rules/Audiko.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts:
+		Certifcate mismatched:
+		- s4.audiko.net
+		- s5.audiko.net
+		- www.audiko.net
+-->
+<ruleset name="Audiko.net">
+
+	<target host="audiko.net" />
+	<target host="www.audiko.net" />
+	<target host="css.cdn.audiko.net" />
+	<target host="jpg.st.audiko.net" />
+
+	<rule from="^http://www\.audiko\.net/"
+		to="https://audiko.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Audiko.xml b/src/chrome/content/rules/Audiko.xml
deleted file mode 100644
index f6cab4e01ef2..000000000000
--- a/src/chrome/content/rules/Audiko.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://audiko.net/ => https://audiko.net/: Too many redirects while fetching 'https://audiko.net/'
-Fetch error: http://jpg.st.audiko.net/ => https://s4.audiko.net/: (51, "SSL: no alternative certificate subject name matches target host name 's4.audiko.net'")
-
--->
-<ruleset name="Audiko" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="audiko.net" />
-	<target host="*.audiko.net" />
-
-
-	<rule from="^http://(s[45]\.|www\.)?audiko\.net/"
-		to="https://$1audiko.net/" />
-
-	<rule from="^http://css\.cdn\.audiko\.net/"
-		to="https://d21bsjqmai8lm5.cloudfront.net/" />
-
-	<rule from="^http://jpg\.st\.audiko\.net/"
-		to="https://s4.audiko.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/AudioBooks.com.xml b/src/chrome/content/rules/AudioBooks.com.xml
new file mode 100644
index 000000000000..c67ce833bc4c
--- /dev/null
+++ b/src/chrome/content/rules/AudioBooks.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="AudioBooks.com">
+	<target host="audiobooks.com" />
+	<target host="www.audiobooks.com" />
+	<target host="affiliates.audiobooks.com" />
+	<target host="api.audiobooks.com" />
+	<target host="au.audiobooks.com" />
+	<target host="blog.audiobooks.com" />
+	<target host="ca.audiobooks.com" />
+	<target host="covers.audiobooks.com" />
+		<test url="http://covers.audiobooks.com/images/covers/full/9781529010756.jpg" />
+	<target host="images.audiobooks.com" />
+		<test url="http://images.audiobooks.com/cds/home-press-logos/forbes-white.png" />
+	<target host="m.audiobooks.com" />
+	<target host="uk.audiobooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AudioGO.xml b/src/chrome/content/rules/AudioGO.xml
index 58171793fd63..e6948037f8c8 100644
--- a/src/chrome/content/rules/AudioGO.xml
+++ b/src/chrome/content/rules/AudioGO.xml
@@ -8,10 +8,10 @@ Fetch error: http://audiogo.com/ => https://www.audiogo.com/: (7, 'Failed to con
 	!www: times out
 
 -->
-<ruleset name="AudioGO" default_off='failed ruleset test'>
+<ruleset name="AudioGO" default_off="failed ruleset test">
 
 	<target host="audiogo.com" />
-	<target host="*.audiogo.com" />
+	<target host="www.audiogo.com" />
 
 
 	<securecookie host="^\.?www\.audiogo\.com$" name=".+" />
@@ -20,4 +20,4 @@ Fetch error: http://audiogo.com/ => https://www.audiogo.com/: (7, 'Failed to con
 	<rule from="^http://(?:www\.)?audiogo\.com/"
 		to="https://www.audiogo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Audioboo.fm.xml b/src/chrome/content/rules/Audioboo.fm.xml
index 89e63c68fcd1..816e19c9a41f 100644
--- a/src/chrome/content/rules/Audioboo.fm.xml
+++ b/src/chrome/content/rules/Audioboo.fm.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://www.audioboo.fm/ (200) => https://www.audioboo.fm/ (50
 	support: zendesk
 
 -->
-<ruleset name="Audioboo.fm (partial)" default_off='failed ruleset test'>
+<ruleset name="Audioboo.fm (partial)" default_off="failed ruleset test">
 
 	<target host="audioboo.fm" />
 	<target host="www.audioboo.fm" />
diff --git a/src/chrome/content/rules/Audioz.download.xml b/src/chrome/content/rules/Audioz.download.xml
new file mode 100644
index 000000000000..e8be1627f9f6
--- /dev/null
+++ b/src/chrome/content/rules/Audioz.download.xml
@@ -0,0 +1,6 @@
+<ruleset name="Audioz.download">
+	<target host="audioz.download" />
+	<target host="www.audioz.download" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AuditShark.com.xml b/src/chrome/content/rules/AuditShark.com.xml
deleted file mode 100644
index 46555295cc53..000000000000
--- a/src/chrome/content/rules/AuditShark.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	^auditshark.com: 404
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.auditshark.com
-
--->
-<ruleset name="AuditShark.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.auditshark.com" />
-
-	<!--	Complications:
-				-->
-	<target host="auditshark.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.auditshark\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^www\.auditshark\.com$" name=".+" />
-
-
-	<rule from="^http://auditshark\.com/"
-		to="https://www.auditshark.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Audubon.org.xml b/src/chrome/content/rules/Audubon.org.xml
index fa6207c12715..a5bf35870586 100644
--- a/src/chrome/content/rules/Audubon.org.xml
+++ b/src/chrome/content/rules/Audubon.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://audubon.org/ => https://www.audubon.org/: Too many redirects
 	^audubon.org: Mismatched
 
 -->
-<ruleset name="Audubon.org" default_off='failed ruleset test'>
+<ruleset name="Audubon.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/August.com.xml b/src/chrome/content/rules/August.com.xml
new file mode 100644
index 000000000000..f4f8b47ae608
--- /dev/null
+++ b/src/chrome/content/rules/August.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- blog.august.com
+-->
+
+<ruleset name="August.com">
+	<target host="august.com" />
+	<target host="www.august.com" />
+	<target host="partners.august.com" />
+	<target host="store.august.com" />
+	<target host="support.august.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Aulani.jobs.xml b/src/chrome/content/rules/Aulani.jobs.xml
deleted file mode 100644
index eddb76f44cad..000000000000
--- a/src/chrome/content/rules/Aulani.jobs.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Disney coverage, see Disney_International.com.xml.
-
-
-	www: cert only matches ^aulani.jobs.
-
--->
-<ruleset name="Aulani.jobs">
-
-	<target host="aulani.jobs" />
-	<target host="www.aulani.jobs" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^aulani\.jobs$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^aulani\.jobs$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aulani\.jobs/"
-		to="https://aulani.jobs/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Aurous.me.xml b/src/chrome/content/rules/Aurous.me.xml
index 913b56cd268d..5c97c42e7e98 100644
--- a/src/chrome/content/rules/Aurous.me.xml
+++ b/src/chrome/content/rules/Aurous.me.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.aurous.me/ => https://www.aurous.me/: (60, 'SSL certific
 	* Tumblr
 
 -->
-<ruleset name="Aurous.me (partial)" default_off='failed ruleset test'>
+<ruleset name="Aurous.me (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AusPost.com.au.xml b/src/chrome/content/rules/AusPost.com.au.xml
index daee049514a9..c92e997ade17 100644
--- a/src/chrome/content/rules/AusPost.com.au.xml
+++ b/src/chrome/content/rules/AusPost.com.au.xml
@@ -116,7 +116,7 @@
 		- o	(hostname mismatch, CN: *.d2.sc.omtrdc.net)
 		- soap.online	(invalid certificate chain)
 		- platinum	(hostname mismatch, CN: *.startrack.com.au)
-		- poslite	³		
+		- poslite	³
 		- preview	(hostname mismatch, CN: auspost.com.au)
 		- promotion	⁴
 		- pstamps	¹
diff --git a/src/chrome/content/rules/Austiners.com.xml b/src/chrome/content/rules/Austiners.com.xml
index 94fefd581055..04e80e664edd 100644
--- a/src/chrome/content/rules/Austiners.com.xml
+++ b/src/chrome/content/rules/Austiners.com.xml
@@ -11,7 +11,7 @@
 <ruleset name="Austiners.com (false MCB)" platform="mixedcontent">
 
 	<target host="austiners.com" />
-	<target host="*.austiners.com" />
+	<target host="www.austiners.com" />
 
 
 	<securecookie host="^(?:www)?\.austiners\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Austrade.xml b/src/chrome/content/rules/Austrade.xml
index 221957431cc3..7a23dd7f65c8 100644
--- a/src/chrome/content/rules/Austrade.xml
+++ b/src/chrome/content/rules/Austrade.xml
@@ -1,7 +1,7 @@
 <ruleset name="Austrade">
 	<target host="austrade.gov.au" />
-	<target host="*.austrade.gov.au" />
+	<target host="www.austrade.gov.au" />
 
 	<rule from="^http://(?:www\.)?austrade\.gov\.au/"
 		to="https://www.austrade.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Australia.gov.au.xml b/src/chrome/content/rules/Australia.gov.au.xml
new file mode 100644
index 000000000000..049c0ebf869d
--- /dev/null
+++ b/src/chrome/content/rules/Australia.gov.au.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- test.australia.gov.au
+-->
+
+<ruleset name="Australia.gov.au">
+	<target host="australia.gov.au" />
+	<target host="www.australia.gov.au" />
+	<target host="media.australia.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianAntarcticDataCentre.xml b/src/chrome/content/rules/AustralianAntarcticDataCentre.xml
deleted file mode 100644
index 3b8800d951ea..000000000000
--- a/src/chrome/content/rules/AustralianAntarcticDataCentre.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Australian Antarctic Data Centre">
-	<target host="data.aad.gov.au" />
-	<target host="*.data.aad.gov.au" />
-
-	<rule from="^http://(?:www\.)?data\.aad\.gov\.au/"
-		to="https://data.aad.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AustralianBusinessRegister.xml b/src/chrome/content/rules/AustralianBusinessRegister.xml
index fd3c6e53c760..966ccc85c409 100644
--- a/src/chrome/content/rules/AustralianBusinessRegister.xml
+++ b/src/chrome/content/rules/AustralianBusinessRegister.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Business Register">
 	<target host="abr.gov.au" />
-	<target host="*.abr.gov.au" />
+	<target host="www.abr.gov.au" />
 
 	<rule from="^http://(?:www\.)?abr\.gov\.au/"
 		to="https://abr.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianClinicalTrials.xml b/src/chrome/content/rules/AustralianClinicalTrials.xml
deleted file mode 100644
index cb493d826ace..000000000000
--- a/src/chrome/content/rules/AustralianClinicalTrials.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Australian Clinical Trials">
-	<target host="australianclinicaltrials.gov.au" />
-	<target host="*.australianclinicaltrials.gov.au" />
-
-	<rule from="^http://(?:www\.)?australianclinicaltrials\.gov\.au/"
-		to="https://www.australianclinicaltrials.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml b/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml
index dd1dff812036..28d4d0680667 100644
--- a/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml
+++ b/src/chrome/content/rules/AustralianCompetitionandConsumerCommission.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Competition and Consumer Commission">
 	<target host="accc.gov.au" />
-	<target host="*.accc.gov.au" />
+	<target host="www.accc.gov.au" />
 
 	<rule from="^http://(?:www\.)?accc\.gov\.au/"
 		to="https://www.accc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianCrimeCommission.xml b/src/chrome/content/rules/AustralianCrimeCommission.xml
index a543ad0d176d..bc34242e2c89 100644
--- a/src/chrome/content/rules/AustralianCrimeCommission.xml
+++ b/src/chrome/content/rules/AustralianCrimeCommission.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://crimecommission.gov.au/ => https://www.crimecommission.gov.au/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Australian Crime Commission" default_off='failed ruleset test'>
+<ruleset name="Australian Crime Commission" default_off="failed ruleset test">
 	<target host="crimecommission.gov.au" />
-	<target host="*.crimecommission.gov.au" />
+	<target host="www.crimecommission.gov.au" />
 
 	<rule from="^http://(?:www\.)?crimecommission\.gov\.au/"
 		to="https://www.crimecommission.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianDataArchive.xml b/src/chrome/content/rules/AustralianDataArchive.xml
index e7fa005ecf19..3f43302d2d4e 100644
--- a/src/chrome/content/rules/AustralianDataArchive.xml
+++ b/src/chrome/content/rules/AustralianDataArchive.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ada.edu.au/ => https://www.ada.edu.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Australian Data Archive" default_off='failed ruleset test'>
+<ruleset name="Australian Data Archive" default_off="failed ruleset test">
 	<target host="ada.edu.au" />
-	<target host="*.ada.edu.au" />
+	<target host="www.ada.edu.au" />
 
 	<rule from="^http://(?:www\.)?ada\.edu\.au/"
 		to="https://www.ada.edu.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml b/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml
index 9b48596a8059..3a6dce2317b5 100644
--- a/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml
+++ b/src/chrome/content/rules/AustralianEarlyDevelopmentCensus.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Early Development Census">
 	<target host="aedc.gov.au" />
-	<target host="*.aedc.gov.au" />
+	<target host="www.aedc.gov.au" />
 
 	<rule from="^http://(?:www\.)?aedc\.gov\.au/"
 		to="https://www.aedc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianEmergencyManagement.xml b/src/chrome/content/rules/AustralianEmergencyManagement.xml
index 6ab02da4bf4f..be1929048bbe 100644
--- a/src/chrome/content/rules/AustralianEmergencyManagement.xml
+++ b/src/chrome/content/rules/AustralianEmergencyManagement.xml
@@ -5,15 +5,15 @@ Fetch error: http://em.gov.au/ => https://www.em.gov.au/: (6, 'Could not resolve
 Fetch error: http://emknowledge.gov.au/ => https://www.emknowledge.gov.au/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Australian Emergency Management" default_off='failed ruleset test'>
+<ruleset name="Australian Emergency Management" default_off="failed ruleset test">
 	<target host="em.gov.au" />
-	<target host="*.em.gov.au" />
+	<target host="www.em.gov.au" />
 	<target host="emknowledge.gov.au" />
-	<target host="*.emknowledge.gov.au" />
+	<target host="www.emknowledge.gov.au" />
 
 	<rule from="^http://(?:www\.)?em\.gov\.au/"
 		to="https://www.em.gov.au/" />
 
 	<rule from="^http://(?:www\.)?emknowledge\.gov\.au/"
 		to="https://www.emknowledge.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianEnergyRegulator.xml b/src/chrome/content/rules/AustralianEnergyRegulator.xml
index b2b69dc68357..01fef7193478 100644
--- a/src/chrome/content/rules/AustralianEnergyRegulator.xml
+++ b/src/chrome/content/rules/AustralianEnergyRegulator.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Energy Regulator">
 	<target host="aer.gov.au" />
-	<target host="*.aer.gov.au" />
+	<target host="www.aer.gov.au" />
 
 	<rule from="^http://(?:www\.)?aer\.gov\.au/"
 		to="https://www.aer.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianExportAwards.xml b/src/chrome/content/rules/AustralianExportAwards.xml
index 234780c38988..74b237ad513f 100644
--- a/src/chrome/content/rules/AustralianExportAwards.xml
+++ b/src/chrome/content/rules/AustralianExportAwards.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Export Awards">
 	<target host="exportawards.gov.au" />
-	<target host="*.exportawards.gov.au" />
+	<target host="www.exportawards.gov.au" />
 
 	<rule from="^http://(?:www\.)?exportawards\.gov\.au/"
 		to="https://www.exportawards.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml b/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml
index aa2ba26d5225..7c0bb0bec9be 100644
--- a/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml
+++ b/src/chrome/content/rules/AustralianFinancialSecurityAuthority.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Financial Security Authority">
 	<target host="afsa.gov.au" />
-	<target host="*.afsa.gov.au" />
+	<target host="www.afsa.gov.au" />
 
 	<rule from="^http://(?:www\.)?afsa\.gov\.au/"
 		to="https://www.afsa.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianGovernmentBoards.xml b/src/chrome/content/rules/AustralianGovernmentBoards.xml
deleted file mode 100644
index ffa1342bd60a..000000000000
--- a/src/chrome/content/rules/AustralianGovernmentBoards.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Australian Government Boards">
-	<target host="ausgovboards.gov.au" />
-	<target host="*.ausgovboards.gov.au" />
-
-	<rule from="^http://(?:www\.)?ausgovboards\.gov\.au/"
-		to="https://www.ausgovboards.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml b/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml
index fd936cd08ebf..aaef95c946c7 100644
--- a/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml
+++ b/src/chrome/content/rules/AustralianHealthPractitionerRegulationAgency.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Health Practitioner Regulation Agency">
 	<target host="ahpra.gov.au" />
-	<target host="*.ahpra.gov.au" />
+	<target host="www.ahpra.gov.au" />
 
 	<rule from="^http://(?:www\.)?ahpra\.gov\.au/"
 		to="https://www.ahpra.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianHumanRightsCommission.xml b/src/chrome/content/rules/AustralianHumanRightsCommission.xml
index 0cd2d4c66fad..c62ad65e3571 100644
--- a/src/chrome/content/rules/AustralianHumanRightsCommission.xml
+++ b/src/chrome/content/rules/AustralianHumanRightsCommission.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Human Rights Commission">
 	<target host="humanrights.gov.au" />
-	<target host="*.humanrights.gov.au" />
+	<target host="www.humanrights.gov.au" />
 
 	<rule from="^http://(?:www\.)?humanrights\.gov\.au/"
 		to="https://www.humanrights.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianLawReformCommission.xml b/src/chrome/content/rules/AustralianLawReformCommission.xml
index f637d43cc97e..7a4c14cb0fed 100644
--- a/src/chrome/content/rules/AustralianLawReformCommission.xml
+++ b/src/chrome/content/rules/AustralianLawReformCommission.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Law Reform Commission">
 	<target host="alrc.gov.au" />
-	<target host="*.alrc.gov.au" />
+	<target host="www.alrc.gov.au" />
 
 	<rule from="^http://(?:www\.)?alrc\.gov\.au/"
 		to="https://www.alrc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml b/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml
index 12020d1f234a..729e5506c4ab 100644
--- a/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml
+++ b/src/chrome/content/rules/AustralianMaritimeSafetyAuthority.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Maritime Safety Authority">
 	<target host="amsa.gov.au" />
-	<target host="*.amsa.gov.au" />
+	<target host="www.amsa.gov.au" />
 
 	<rule from="^http://(?:www\.)?amsa\.gov\.au/"
 		to="https://www.amsa.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianPassportOffice.xml b/src/chrome/content/rules/AustralianPassportOffice.xml
index 422e41915eac..f59ffc8b34f6 100644
--- a/src/chrome/content/rules/AustralianPassportOffice.xml
+++ b/src/chrome/content/rules/AustralianPassportOffice.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Passport Office">
 	<target host="passports.gov.au" />
-	<target host="*.passports.gov.au" />
+	<target host="www.passports.gov.au" />
 
 	<rule from="^http://(?:www\.)?passports\.gov\.au/"
 		to="https://www.passports.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml b/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml
index b09de81c4536..b445a7dfa21b 100644
--- a/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml
+++ b/src/chrome/content/rules/AustralianPlantsBotanyandHorticulture.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Plants, Botany and Horticulture">
 	<target host="anbg.gov.au" />
-	<target host="*.anbg.gov.au" />
+	<target host="www.anbg.gov.au" />
 
 	<rule from="^http://(?:www\.)?anbg\.gov\.au/"
 		to="https://www.anbg.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml b/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml
index b614f398f555..0fb2791cc2ba 100644
--- a/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml
+++ b/src/chrome/content/rules/AustralianStrategicPolicyInstitute.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Strategic Policy Institute">
 	<target host="aspi.org.au" />
-	<target host="*.aspi.org.au" />
+	<target host="www.aspi.org.au" />
 
 	<rule from="^http://(?:www\.)?aspi\.org\.au/"
 		to="https://www.aspi.org.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianTaxationOffice.xml b/src/chrome/content/rules/AustralianTaxationOffice.xml
index 5fd8123f6039..d44689601825 100644
--- a/src/chrome/content/rules/AustralianTaxationOffice.xml
+++ b/src/chrome/content/rules/AustralianTaxationOffice.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Taxation Office">
 	<target host="ato.gov.au" />
-	<target host="*.ato.gov.au" />
+	<target host="www.ato.gov.au" />
 
 	<rule from="^http://(?:www\.)?ato\.gov\.au/"
 		to="https://www.ato.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianTransportSafetyBureau.xml b/src/chrome/content/rules/AustralianTransportSafetyBureau.xml
index 80ea89331971..1482f7ca80b5 100644
--- a/src/chrome/content/rules/AustralianTransportSafetyBureau.xml
+++ b/src/chrome/content/rules/AustralianTransportSafetyBureau.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian Transport Safety Bureau">
 	<target host="atsb.gov.au" />
-	<target host="*.atsb.gov.au" />
+	<target host="www.atsb.gov.au" />
 
 	<rule from="^http://(?:www\.)?atsb\.gov\.au/"
 		to="https://www.atsb.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustralianWarMemorial.xml b/src/chrome/content/rules/AustralianWarMemorial.xml
index f6990a552373..4ac8f296a517 100644
--- a/src/chrome/content/rules/AustralianWarMemorial.xml
+++ b/src/chrome/content/rules/AustralianWarMemorial.xml
@@ -1,7 +1,7 @@
 <ruleset name="Australian War Memorial">
 	<target host="awm.gov.au" />
-	<target host="*.awm.gov.au" />
+	<target host="www.awm.gov.au" />
 
 	<rule from="^http://(?:www\.)?awm\.gov\.au/"
 		to="https://www.awm.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/AustrianAirlines.xml b/src/chrome/content/rules/AustrianAirlines.xml
index b70daaa56c8f..3ece0489150a 100644
--- a/src/chrome/content/rules/AustrianAirlines.xml
+++ b/src/chrome/content/rules/AustrianAirlines.xml
@@ -3,4 +3,4 @@
   <target host="www.austrian.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Authbox.io.xml b/src/chrome/content/rules/Authbox.io.xml
index 430443652f6a..e7a13bff87ce 100644
--- a/src/chrome/content/rules/Authbox.io.xml
+++ b/src/chrome/content/rules/Authbox.io.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.authbox.io/ => https://www.authbox.io/: (51, "SSL: no al
 	* Secured by us
 
 -->
-<ruleset name="authbox.io" default_off='failed ruleset test'>
+<ruleset name="authbox.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Authorize.com.xml b/src/chrome/content/rules/Authorize.com.xml
new file mode 100644
index 000000000000..032289f48bcd
--- /dev/null
+++ b/src/chrome/content/rules/Authorize.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- authorize.com
+		- www.authorize.com
+-->
+<ruleset name="Authorize.com" default_off="cert-invalid">
+	<target host="authorize.com" />
+	<target host="www.authorize.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Authorize.net.xml b/src/chrome/content/rules/Authorize.net.xml
index f246b2b0183b..a2392bd45850 100644
--- a/src/chrome/content/rules/Authorize.net.xml
+++ b/src/chrome/content/rules/Authorize.net.xml
@@ -1,48 +1,44 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://fuzeqna.com/ => https://www.fuzeqna.com/: (6, 'Could not resolve host: fuzeqna.com')
-	Nonfunctional domains:
-
-		- welcome.authorize.net		(no https)
-
-
-	Problematic domains:
-
-		- authorize.net		(works, cert only matches www)
+	Non-functional hosts
+		Timeout was reached:
+		- authorize.net
 
+		Certificate mismatched:
+		- payment.authorize.net
 -->
-<ruleset name="Authorize.Net">
-
+<ruleset name="Authorize.net">
 	<target host="authorize.net" />
-	<target host="*.authorize.net" />
-	<target host="authorizenet.com" />
-	<target host="www.authorizenet.com" />
-	<!--	The fuzeqna.com domain is included to avoid possible
-		issues with mixed content. Also, from what one remembers,
-		using the Authorize.Net site may involve accessing the
-		fuzeqna.com/www.fuzeqna.com domains.
-							-->
-	<target host="fuzeqna.com" />
-	<target host="www.fuzeqna.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.authorize\.net$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:.*\.)?authorize\.net$" name=".+" />
-
+	<target host="www.authorize.net" />
+	<target host="account.authorize.net" />
+	<target host="api.authorize.net" />
+	<test url="http://api.authorize.net/soap/v1/service.asmx" />
+	<target host="api2.authorize.net" />
+	<test url="http://api2.authorize.net/soap/v1/service.asmx" />
+	<target host="captcha.authorize.net" />
+	<target host="content.authorize.net" />
+	<target host="developer.authorize.net" />
+	<target host="community.developer.authorize.net" />
+	<target host="ems.authorize.net" />
+	<target host="login.authorize.net" />
+	<target host="partner.authorize.net" />
+	<target host="sandbox.authorize.net" />
+	<target host="secure.authorize.net" />
+	<target host="simplecheckout.authorize.net" />
+	<target host="aircharge.vpos.authorize.net" />
+	<target host="anet.vpos.authorize.net" />
+	<target host="bbt.vpos.authorize.net" />
+	<target host="chargeeasy.vpos.authorize.net" />
+	<target host="cirfin.vpos.authorize.net" />
+	<target host="cocard.vpos.authorize.net" />
+	<target host="pivotalpayments.vpos.authorize.net" />
+	<target host="quickcommerce.vpos.authorize.net" />
+	<target host="totalpayment.vpos.authorize.net" />
+	<target host="tsys.vpos.authorize.net" />
+	<target host="ucsd.vpos.authorize.net" />
+	<target host="vpos2.authorize.net" />
 
 	<rule from="^http://authorize\.net/"
 		to="https://www.authorize.net/" />
 
-	<rule from="^http://(account|captcha|content|(?:community\.)?developer|ems|simplecheckout|support|verify|www)\.authorize\.net/"
-		to="https://$1.authorize.net/" />
-
-	<rule from="^http://(?:www\.)?authorizenet\.com/"
-		to="https://www.authorize.net/" />
-	
-	<rule from="^http://(?:www\.)?fuzeqna\.com/"
-		to="https://www.fuzeqna.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml b/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml
index 467edc622522..4c285248db56 100644
--- a/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml
+++ b/src/chrome/content/rules/Autistic_Self-Advocacy_Network.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Auto.ro.xml b/src/chrome/content/rules/Auto.ro.xml
index 44f98c095f11..b6bbaf86f01c 100644
--- a/src/chrome/content/rules/Auto.ro.xml
+++ b/src/chrome/content/rules/Auto.ro.xml
@@ -57,7 +57,7 @@
 	³ Not secured by us <= mismatched
 
 -->
-<ruleset name="Auto.ro (partial)" default_off="missing certificate chain">
+<ruleset name="Auto.ro (partial)" default_off="cert-chain">
 
 	<target host="auto.ro" />
 	<target host="www.auto.ro" />
diff --git a/src/chrome/content/rules/AutoBuzz.my.xml b/src/chrome/content/rules/AutoBuzz.my.xml
new file mode 100644
index 000000000000..711544fb107e
--- /dev/null
+++ b/src/chrome/content/rules/AutoBuzz.my.xml
@@ -0,0 +1,14 @@
+<!--
+	Active mixed content:
+		- autobuzz.my
+
+	Invalid certificate:
+		- dev.autobuzz.my
+-->
+
+<ruleset name="AutoBuzz.my" platform="mixedcontent">
+	<target host="autobuzz.my" />
+	<target host="www.autobuzz.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/AutoHits.vn.xml b/src/chrome/content/rules/AutoHits.vn.xml
index f278feaf826a..40c69208ee47 100644
--- a/src/chrome/content/rules/AutoHits.vn.xml
+++ b/src/chrome/content/rules/AutoHits.vn.xml
@@ -11,7 +11,7 @@
 <ruleset name="AutoHits.vn" default_off="expired, mismatched, self-signed">
 
 	<target host="autohits.vn" />
-	<target host="*.autohits.vn" />
+	<target host="www.autohits.vn" />
 
 
 	<securecookie host="^\.autohits\.vn$" name=".+" />
diff --git a/src/chrome/content/rules/AutoIt-CDN.com.xml b/src/chrome/content/rules/AutoIt-CDN.com.xml
index 27e4df87692c..2c68f717dce5 100644
--- a/src/chrome/content/rules/AutoIt-CDN.com.xml
+++ b/src/chrome/content/rules/AutoIt-CDN.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://static1.autoit-cdn.com/ => https://static1.autoit-cdn.com/:
 	For other AutoIt coverage, see AutoIt_script.com.xml.
 
 -->
-<ruleset name="AutoIt CDN.com" default_off='failed ruleset test'>
+<ruleset name="AutoIt CDN.com" default_off="failed ruleset test">
 
 	<target host="static1.autoit-cdn.com" />
 
diff --git a/src/chrome/content/rules/AutoTrader.com.xml b/src/chrome/content/rules/AutoTrader.com.xml
index 620dcc1f23d5..76e7786a6d69 100644
--- a/src/chrome/content/rules/AutoTrader.com.xml
+++ b/src/chrome/content/rules/AutoTrader.com.xml
@@ -5,26 +5,17 @@ Fetch error: http://autotraderstatic.com/ => https://www.autotraderstatic.com/:
 <ruleset name="AutoTrader.com (partial)">
 
 	<target host="autotrader.com" />
-	<target host="*.autotrader.com" />
-	<target host="autotraderstatic.com" />
+	<target host="ads.autotrader.com" />
+	<target host="www.autotrader.com" />
+	<!-- <target host="autotraderstatic.com" /> -->
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.autotraderstatic.com" />
-
+	<target host="www.autotraderstatic.com" />
 
 	<securecookie host="^\.autotraderstatic\.com$" name=".+" />
 
-
 	<rule from="^http://(ads\.)?autotrader\.com/"
 		to="https://$1autotrader.com/" />
 
-	<!--	Homepage redirects to http.	-->
-	<rule from="^http://www\.autotrader\.com/(no_cache/)"
-		to="https://www.autotrader.com/$1" />
-
-	<!--	- !www doesn't work over https
-		- !www redirects to www over http
-			-->
-	<rule from="^http://(?:www\.)?autotraderstatic\.com/"
-		to="https://www.autotraderstatic.com/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Auto_Ad_Manager.com.xml b/src/chrome/content/rules/Auto_Ad_Manager.com.xml
index 2bf67d911470..4ea7cf7a0681 100644
--- a/src/chrome/content/rules/Auto_Ad_Manager.com.xml
+++ b/src/chrome/content/rules/Auto_Ad_Manager.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Auto_Blog.com.xml b/src/chrome/content/rules/Auto_Blog.com.xml
index 7a364c12c4fd..3a981c340ab2 100644
--- a/src/chrome/content/rules/Auto_Blog.com.xml
+++ b/src/chrome/content/rules/Auto_Blog.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://autoblog.com/ => https://www.autoblog.com/: Too many redirec
 			- www.blogsmithmedia.com
 
 -->
-<ruleset name="Auto Blog.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Auto Blog.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Auto_Rims_and_Accessories.xml b/src/chrome/content/rules/Auto_Rims_and_Accessories.xml
deleted file mode 100644
index 69c53e8dabd0..000000000000
--- a/src/chrome/content/rules/Auto_Rims_and_Accessories.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://autorimsandaccessories.com/ => https://autorimsandaccessories.com/: (60, 'SSL certificate problem: self signed certificate')
--->
-<ruleset name="Auto Rims &amp; Accessories">
-
-	<target host="autorimsandaccessories.com" />
-	<target host="www.autorimsandaccessories.com" />
-
-
-	<securecookie host="^(?:.*\.)?autorimsandaccessories\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/AutomaticChickenCoopDoor.com.xml b/src/chrome/content/rules/AutomaticChickenCoopDoor.com.xml
new file mode 100644
index 000000000000..c603bf53fc60
--- /dev/null
+++ b/src/chrome/content/rules/AutomaticChickenCoopDoor.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="AutomaticChickenCoopDoor.com">
+	<target host="automaticchickencoopdoor.com" />
+	<target host="www.automaticchickencoopdoor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Automatic_Data_Processing.xml b/src/chrome/content/rules/Automatic_Data_Processing.xml
index dc303a27c38f..f0f8a0ac883b 100644
--- a/src/chrome/content/rules/Automatic_Data_Processing.xml
+++ b/src/chrome/content/rules/Automatic_Data_Processing.xml
@@ -1,3 +1,4 @@
+
 <!--
 Disabled by https-everywhere-checker because:
 Fetch error: http://adp.com/ => https://www.adp.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
@@ -5,10 +6,8 @@ Fetch error: http://adp.com/ => https://www.adp.com/: (28, 'Operation timed out
 
 		- ADP_Retirement_Services.xml
 		- ADP_Screening_and_Selection_Services.xml
-		- ADP_VirtualEdge.xml
 		- Apply2Jobs.com.xml
 		- ELabor.xml
-		- Employease.xml
 
 
 	Problematic subdomains:
@@ -79,35 +78,19 @@ Fetch error: http://adp.com/ => https://www.adp.com/: (28, 'Operation timed out
 
 	<target host="adp.com" />
 	<target host="*.adp.com" />
-	<target host="adpe.csod.com" />
-
-
-	<securecookie host=".*\.adp\.com$" name=".+" />
-	<securecookie host="^adpe\.csod\.com$" name=".+" />
-
+    <test url="http://ipay.adp.com/" />
+    <test url="http://adpvantage.adp.com/" />
+    <test url="http://virtualaccess.adp.com/" />
 
 	<rule from="^http://(?:www\.)?(edu\.|flexdirect\.)?adp\.com/"
 		to="https://www.$1adp.com/" />
 
-	<rule from="^http://([ac]gateway|clientcenter|(?:checkprint|yearend)\.pss|downtime2|eetime1|ewallet|glinterface|payexag|resource-secure|runpayroll|www\.tlm|totalsource)\.adp\.com/"
-		to="https://$1.adp.com/" />
-
-	<rule from="^http://(www\.)?(adpvantage|documax|etime|ezlm|ipay(?:admin)?|ireports|netsecure|paystatements|payex|portal|quickview|reporting|select|support|timesaver)\.adp\.com/"
-		to="https://$1$2.adp.com/" />
-
-	<rule from="^http://(?:www\.)?(adp4me|easynet|smallbusiness)\.adp\.com/"
-		to="https://$1.adp.com/" />
-
 	<rule from="^http://(?:www\.)?dataaccessregistration\.adp\.com/(?:.*)"
 		to="https://runpayroll.adp.com/default.aspx?action=newclient&amp;RAP=1" />
 
-	<rule from="^http://(?:www\.)?ilearn\.adp\.com/\?*$"
-		to="https://adpe.csod.com/" />
-
 	<rule from="^http://(?:www\.)?virtualedge\.adp\.com/(?:.*)"
 		to="https://www.adp.com/solutions/employer-services/pre-employment-services.aspx" />
 
-	<rule from="^http://adpe\.csod\.com/"
-		to="https://adpe.csod.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Automotivelocksmiths.com.xml b/src/chrome/content/rules/Automotivelocksmiths.com.xml
new file mode 100644
index 000000000000..775d59086140
--- /dev/null
+++ b/src/chrome/content/rules/Automotivelocksmiths.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Automotivelocksmiths.com" platform="mixedcontent">
+	<target host="automotivelocksmiths.com" />
+	<target host="www.automotivelocksmiths.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Automx.org.xml b/src/chrome/content/rules/Automx.org.xml
index 8baa0c07f01b..e6dbafd7c00c 100644
--- a/src/chrome/content/rules/Automx.org.xml
+++ b/src/chrome/content/rules/Automx.org.xml
@@ -17,7 +17,7 @@
 		- mail.automx.org
 
 -->
-<ruleset name="automx.org (partial)" default_off="missing certificate chain">
+<ruleset name="automx.org (partial)" default_off="cert-chain">
 
 	<target host="automx.org" />
 	<target host="www.automx.org" />
diff --git a/src/chrome/content/rules/Autopilot_HQ.com.xml b/src/chrome/content/rules/Autopilot_HQ.com.xml
index 8f3f5a92cd70..dd716c55af4e 100644
--- a/src/chrome/content/rules/Autopilot_HQ.com.xml
+++ b/src/chrome/content/rules/Autopilot_HQ.com.xml
@@ -22,7 +22,7 @@
 	Mixed content:
 
 		- css on developers from $self ᵐ
-		- Images on developers from $self ᵐ 
+		- Images on developers from $self ᵐ
 
 	ᵐ Not secured by us <= mismatched
 
diff --git a/src/chrome/content/rules/AvaHost.xml b/src/chrome/content/rules/AvaHost.xml
index 5cd6a9d2622a..2baf205e3d3e 100644
--- a/src/chrome/content/rules/AvaHost.xml
+++ b/src/chrome/content/rules/AvaHost.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.secure.avahost.net/ => https://www.secure.avahost.net/:
 		- (www.)	(shows an old revision; mismatched, CN: www.avadomains.com)
 
 -->
-<ruleset name="AvaHost (partial)" default_off='failed ruleset test'>
+<ruleset name="AvaHost (partial)" default_off="failed ruleset test">
 
 	<target host="secure.avahost.net" />
 	<target host="www.secure.avahost.net" />
diff --git a/src/chrome/content/rules/Avahi.org.xml b/src/chrome/content/rules/Avahi.org.xml
new file mode 100644
index 000000000000..62d24f66e946
--- /dev/null
+++ b/src/chrome/content/rules/Avahi.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Avahi.org">
+	<target host="avahi.org" />
+	<target host="www.avahi.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avangard.ru.xml b/src/chrome/content/rules/Avangard.ru.xml
index 79936269def6..e94aaeb216ae 100644
--- a/src/chrome/content/rules/Avangard.ru.xml
+++ b/src/chrome/content/rules/Avangard.ru.xml
@@ -4,7 +4,7 @@ corporate. timed out-->
 <ruleset name="Avangard.ru">
 	<target host="avangard.ru" />
 	<target host="www.avangard.ru" />
-	
+
 	<rule from="^http://avangard\.ru/"
 		to="https://www.avangard.ru/" />
 
diff --git a/src/chrome/content/rules/Avangate.xml b/src/chrome/content/rules/Avangate.xml
index 8382509edc74..d12e71bc8864 100644
--- a/src/chrome/content/rules/Avangate.xml
+++ b/src/chrome/content/rules/Avangate.xml
@@ -5,7 +5,12 @@
 <ruleset name="Avangate (partial)">
 
 	<target host="avangate.com" />
-	<target host="*.avangate.com" />
+	<target host="www.avangate.com" />
+	<target host="cdn.avangate.com" />
+	<target host="arms.avangate.com" />
+	<target host="download.avangate.com" />
+	<target host="download2.avangate.com" />
+	<target host="secure.avangate.com" />
 	<target host="edge.avangate.net" />
 
 
diff --git a/src/chrome/content/rules/Avanis.fr.xml b/src/chrome/content/rules/Avanis.fr.xml
deleted file mode 100644
index 549b2c2dba5d..000000000000
--- a/src/chrome/content/rules/Avanis.fr.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .avanis.fr
-
--->
-<ruleset name="Avanis.fr">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="lequipe.avanis.fr" />
-
-		<test url="http://lequipe.avanis.fr/_art/sprite-lequipe.png" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.avanis\.fr$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.avanis\.fr$" name="^(?:__cfduid|cf_clearance)$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Avantar.com.xml b/src/chrome/content/rules/Avantar.com.xml
index 4a8d990576b3..85cfdb2ff2ae 100644
--- a/src/chrome/content/rules/Avantar.com.xml
+++ b/src/chrome/content/rules/Avantar.com.xml
@@ -2,7 +2,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Avantar.com" default_off="missing certificate chain">
+<ruleset name="Avantar.com" default_off="cert-chain">
 
 	<target host="avantar.com" />
 	<target host="www.avantar.com" />
diff --git a/src/chrome/content/rules/Avast.com.xml b/src/chrome/content/rules/Avast.com.xml
index fa6201027482..fdba321d76de 100644
--- a/src/chrome/content/rules/Avast.com.xml
+++ b/src/chrome/content/rules/Avast.com.xml
@@ -54,6 +54,6 @@
 
 	<securecookie host="^\." name="^s_vi$" />
 	<securecookie host="^\w" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Avaya.xml b/src/chrome/content/rules/Avaya.xml
index 30506ae23ef1..d92beec7172f 100644
--- a/src/chrome/content/rules/Avaya.xml
+++ b/src/chrome/content/rules/Avaya.xml
@@ -1,7 +1,12 @@
 <ruleset name="Avaya (partial)">
 
 	<target host="avaya.com" />
-	<target host="*.avaya.com" />
+	<target host="www.avaya.com" />
+	<target host="downloads.avaya.com" />
+	<target host="grt.avaya.com" />
+	<target host="sso.avaya.com" />
+	<target host="support.avaya.com" />
+	<target host="supportbetasite-stg.avaya.com" />
 
 
 	<securecookie host="^.+\.avaya\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Avectra.com.xml b/src/chrome/content/rules/Avectra.com.xml
deleted file mode 100644
index 10a38b3e2b5f..000000000000
--- a/src/chrome/content/rules/Avectra.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-		- fundraising *
-		- support	(interrupted)
-
-	* Refused
-
-
-	Mixed content:
-
-		- Images on www2 from www2 *
-
-	* Secured by us
-
--->
-<ruleset name="Avectra.com (partial)">
-
-	<target host="*.avectra.com" />
-
-
-	<securecookie host="^www2\.avectra\.com$" name=".+" />
-
-
-	<rule from="^http://success\.avectra\.com/(?=css/|images/|js/|rs/)"
-		to="https://na-abk.marketo.com/" />
-
-	<rule from="^http://www2\.avectra\.com/"
-		to="https://www2.avectra.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Avenatti.com.xml b/src/chrome/content/rules/Avenatti.com.xml
new file mode 100644
index 000000000000..65c0443a5e24
--- /dev/null
+++ b/src/chrome/content/rules/Avenatti.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Avenatti.com">
+	<target host="avenatti.com" />
+	<target host="www.avenatti.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avidemux.org.xml b/src/chrome/content/rules/Avidemux.org.xml
new file mode 100644
index 000000000000..e560d791960c
--- /dev/null
+++ b/src/chrome/content/rules/Avidemux.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Active mixed content:
+		- avidemux.org
+
+	Invalid certificate:
+		- bugs.avidemux.org
+		- smtp.avidemux.org
+-->
+
+<ruleset name="Avidemux.org">
+	<target host="avidemux.org" />
+	<target host="www.avidemux.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avinc.com.xml b/src/chrome/content/rules/Avinc.com.xml
index 3d44a7d726d5..bb2a6e55ebbd 100644
--- a/src/chrome/content/rules/Avinc.com.xml
+++ b/src/chrome/content/rules/Avinc.com.xml
@@ -28,7 +28,9 @@
 <ruleset name="Avinc.com">
 
 	<target host="avinc.com" />
-	<target host="*.avinc.com" />
+	<target host="avportal.avinc.com" />
+	<target host="www.avinc.com" />
+	<target host="investor.avinc.com" />
 
 
 	<securecookie host="^(?:\.avportal|www)?\.avinc\.com$" name=".+" />
@@ -40,4 +42,4 @@
 	<rule from="^http://investor\.avinc\.com/common/"
 		to="https://investor.shareholder.com/common/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Avios.com.xml b/src/chrome/content/rules/Avios.com.xml
new file mode 100644
index 000000000000..f992a6552330
--- /dev/null
+++ b/src/chrome/content/rules/Avios.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional subdomains:
+		- www.aviosandaway	(t)
+		- avioslocal	(e)
+		- aws	(t)
+		- dropple	(t)
+		- content.email	(m)
+		- links.emails	(m)
+		- m	(t)
+		- magic	(m)
+		- partnermanager	(r)
+		- partnermanageruat	(e)
+		- share	(t)
+		- shoppingtest	(m)
+		- survey	(i)
+		- www.survey	(t)
+		- wfm	(invalid redirect)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avios">
+
+	<target host="avios.com" />
+	<target host="www.avios.com" />
+	<target host="adfs.avios.com" />
+	<target host="aglctx.avios.com" />
+	<target host="api.avios.com" />
+	<target host="cardregistration.avios.com" />
+	<target host="chat.avios.com" />
+	<target host="collectonhotelscarsandmore.avios.com" />
+	<target host="creative.avios.com" />
+	<target host="developer.avios.com" />
+	<target host="hotelscarsandmore.avios.com" />
+	<target host="jobs.avios.com" />
+	<target host="mobile.avios.com" />
+	<target host="more-for-africa.avios.com" />
+	<target host="mumsnet.avios.com" />
+	<target host="partnerservices.avios.com" />
+	<target host="pay.avios.com" />
+	<target host="shopping.avios.com" />
+	<target host="testpay.avios.com" />
+	<target host="wine.avios.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avira.xml b/src/chrome/content/rules/Avira.xml
index 1be1504c7caa..6c60d9c7c131 100644
--- a/src/chrome/content/rules/Avira.xml
+++ b/src/chrome/content/rules/Avira.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.myaccount.avira.com/ => https://myaccount.avira.com/: (6
 		- www.avira.com
 
 -->
-<ruleset name="Avira.com" default_off='failed ruleset test'>
+<ruleset name="Avira.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Avis-Japan.com.xml b/src/chrome/content/rules/Avis-Japan.com.xml
new file mode 100644
index 000000000000..21ea07d9f108
--- /dev/null
+++ b/src/chrome/content/rules/Avis-Japan.com.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- (www.)blog.staff		(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis-Japan.com">
+
+	<target host="avis-japan.com" />
+	<target host="www.avis-japan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis-japan\.com/"
+		to="https://www.avis-japan.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis-Tahiti.com.xml b/src/chrome/content/rules/Avis-Tahiti.com.xml
new file mode 100644
index 000000000000..074b455e4d9d
--- /dev/null
+++ b/src/chrome/content/rules/Avis-Tahiti.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(HTTP 404 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis-Tahiti.com">
+
+	<target host="avis-tahiti.com" />
+	<target host="www.avis-tahiti.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis-tahiti\.com/"
+		to="https://www.avis-tahiti.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis-Taiwan.com.xml b/src/chrome/content/rules/Avis-Taiwan.com.xml
new file mode 100644
index 000000000000..914b7f5a677b
--- /dev/null
+++ b/src/chrome/content/rules/Avis-Taiwan.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- partner	(t)
+		- sys		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis-Taiwan.com">
+
+	<target host="avis-taiwan.com" />
+	<target host="www.avis-taiwan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis-sxm.com.xml b/src/chrome/content/rules/Avis-sxm.com.xml
new file mode 100644
index 000000000000..a8354563b6e2
--- /dev/null
+++ b/src/chrome/content/rules/Avis-sxm.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis-sxm.com">
+
+	<target host="avis-sxm.com" />
+	<target host="www.avis-sxm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.at.xml b/src/chrome/content/rules/Avis.at.xml
new file mode 100644
index 000000000000..840ce8b9b35d
--- /dev/null
+++ b/src/chrome/content/rules/Avis.at.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.at">
+
+	<target host="avis.at" />
+	<target host="www.avis.at" />
+	<target host="mirror.avis.at" />
+	<target host="secure.avis.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.at/"
+		to="https://www.avis.at/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.be.xml b/src/chrome/content/rules/Avis.be.xml
new file mode 100644
index 000000000000..9b7c0aebecbf
--- /dev/null
+++ b/src/chrome/content/rules/Avis.be.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.be">
+
+	<target host="avis.be" />
+	<target host="www.avis.be" />
+	<target host="mirror.avis.be" />
+	<target host="secure.avis.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.be/"
+		to="https://www.avis.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ca.xml b/src/chrome/content/rules/Avis.ca.xml
new file mode 100644
index 000000000000..0c5b96cc0b81
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ca.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- locations		(e)
+		- qa		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.ca">
+
+	<target host="avis.ca" />
+	<target host="www.avis.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ch.xml b/src/chrome/content/rules/Avis.ch.xml
new file mode 100644
index 000000000000..508f2ce03707
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ch.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.ch">
+
+	<target host="avis.ch" />
+	<target host="www.avis.ch" />
+	<target host="secure.avis.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.ch/"
+		to="https://www.avis.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.cl.xml b/src/chrome/content/rules/Avis.cl.xml
new file mode 100644
index 000000000000..3e49399b99fb
--- /dev/null
+++ b/src/chrome/content/rules/Avis.cl.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- consultas		(r)
+		- locations		(e)
+		- mail		(i)
+		- pehuen	(i)
+		- webmail	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.cl">
+
+	<target host="avis.cl" />
+	<target host="www.avis.cl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.il.xml b/src/chrome/content/rules/Avis.co.il.xml
new file mode 100644
index 000000000000..7be09fce7f20
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.il.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- book	(i)
+		- carsale	(t)
+		- lead	(t)
+		- order	(t)
+		- outgoing	(h)
+		- rent	(h)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.il">
+
+	<target host="avis.co.il" />
+	<target host="www.avis.co.il" />
+	<target host="agent.avis.co.il" />
+		<test url="http://agent.avis.co.il/favicon.ico" />
+	<target host="api.avis.co.il" />
+	<target host="dev.avis.co.il" />
+	<target host="incoming.avis.co.il" />
+	<target host="leasing.avis.co.il" />
+	<target host="m.avis.co.il" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Redirects to http -->
+	<exclusion pattern="^http://agent.avis.co.il/$" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.nz.xml b/src/chrome/content/rules/Avis.co.nz.xml
new file mode 100644
index 000000000000..98046691f32d
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.nz.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- locations		(e)
+		- qa		(HTTP 503 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.nz">
+
+	<target host="avis.co.nz" />
+	<target host="www.avis.co.nz" />
+	<target host="pages.e.avis.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.co\.nz/"
+		to="https://www.avis.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.uk.xml b/src/chrome/content/rules/Avis.co.uk.xml
new file mode 100644
index 000000000000..a3b39ae12100
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.uk.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- lufthansa		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.uk">
+
+	<target host="avis.co.uk" />
+	<target host="www.avis.co.uk" />
+	<target host="blog.avis.co.uk" />
+	<target host="mirror.avis.co.uk" />
+	<target host="reporting.avis.co.uk" />
+	<target host="secure.avis.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.co\.uk/"
+		to="https://www.avis.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.co.za.xml b/src/chrome/content/rules/Avis.co.za.xml
new file mode 100644
index 000000000000..7176222d3456
--- /dev/null
+++ b/src/chrome/content/rules/Avis.co.za.xml
@@ -0,0 +1,45 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- edmscc	(t)
+		- flysaa	(m)
+		- mm		(t)
+		- online	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.co.za">
+
+	<target host="avis.co.za" />
+	<target host="www.avis.co.za" />
+	<target host="alc.avis.co.za" />
+	<target host="alcluxury.avis.co.za" />
+	<target host="book.avis.co.za" />
+	<target host="edms.avis.co.za" />
+	<target host="inbound.avis.co.za" />
+	<target host="mirror.avis.co.za" />
+	<target host="momentum.avis.co.za" />
+	<target host="reporting.avis.co.za" />
+	<target host="secure.avis.co.za" />
+	<target host="secure-mirror.avis.co.za" />
+	<target host="sitecoreforms.avis.co.za" />
+	<target host="sitecoreinv.avis.co.za" />
+	<target host="t.avis.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.co\.za/"
+		to="https://www.avis.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ar.xml b/src/chrome/content/rules/Avis.com.ar.xml
new file mode 100644
index 000000000000..b304e9a7afba
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ar.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- budget		(t)
+		- desa		(t)
+		- mail		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.ar">
+
+	<target host="avis.com.ar" />
+	<target host="www.avis.com.ar" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.au.xml b/src/chrome/content/rules/Avis.com.au.xml
new file mode 100644
index 000000000000..1200a1f13821
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.au.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- locations		(m)
+		- qa			(HTTP 503 error)
+		- qa[1-3]		(HTTP 503 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.au">
+
+	<target host="avis.com.au" />
+	<target host="www.avis.com.au" />
+	<target host="pages.e.avis.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.au/"
+		to="https://www.avis.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.co.xml b/src/chrome/content/rules/Avis.com.co.xml
new file mode 100644
index 000000000000..63368b91f641
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.co.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- www		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.co">
+
+	<target host="avis.com.co" />
+	<target host="www.avis.com.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.avis\.com\.co/"
+		to="https://avis.com.co/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.do.xml b/src/chrome/content/rules/Avis.com.do.xml
new file mode 100644
index 000000000000..444f11877a3f
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.do.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.do">
+
+	<target host="avis.com.do" />
+	<target host="www.avis.com.do" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ec.xml b/src/chrome/content/rules/Avis.com.ec.xml
new file mode 100644
index 000000000000..f2ad477bd6b3
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ec.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- www		(m)
+		- apps		(m)
+		- portalflota		(m)
+		- test		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.ec">
+
+	<target host="avis.com.ec" />
+	<target host="www.avis.com.ec" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.avis\.com\.ec/"
+		to="https://avis.com.ec/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.hk.xml b/src/chrome/content/rules/Avis.com.hk.xml
new file mode 100644
index 000000000000..695eeea935c8
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.hk">
+
+	<target host="avis.com.hk" />
+	<target host="www.avis.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.hr.xml b/src/chrome/content/rules/Avis.com.hr.xml
new file mode 100644
index 000000000000..a1d993d3ff4a
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.hr.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.hr">
+
+	<target host="avis.com.hr" />
+	<target host="www.avis.com.hr" />
+	<target host="redesign.avis.com.hr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.jm.xml b/src/chrome/content/rules/Avis.com.jm.xml
new file mode 100644
index 000000000000..083192681bba
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.jm.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- mail		(m)
+		- mail2		(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.jm">
+
+	<target host="avis.com.jm" />
+	<target host="www.avis.com.jm" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.lb.xml b/src/chrome/content/rules/Avis.com.lb.xml
new file mode 100644
index 000000000000..7f1f49b8dc65
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.lb.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.lb">
+
+	<target host="avis.com.lb" />
+	<target host="www.avis.com.lb" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.lb/"
+		to="https://www.avis.com.lb/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.pa.xml b/src/chrome/content/rules/Avis.com.pa.xml
new file mode 100644
index 000000000000..6939be0b148b
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.pa.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- mail		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.pa">
+
+	<target host="avis.com.pa" />
+	<target host="www.avis.com.pa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ph.xml b/src/chrome/content/rules/Avis.com.ph.xml
new file mode 100644
index 000000000000..ceb2cc893755
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ph.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.com.ph">
+
+	<target host="avis.com.ph" />
+	<target host="www.avis.com.ph" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.pt.xml b/src/chrome/content/rules/Avis.com.pt.xml
new file mode 100644
index 000000000000..4a8edb590bdb
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.pt.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.pt">
+
+	<target host="avis.com.pt" />
+	<target host="www.avis.com.pt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.pt/"
+		to="https://www.avis.com.pt/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.sa.xml b/src/chrome/content/rules/Avis.com.sa.xml
new file mode 100644
index 000000000000..00815ad2a694
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.sa.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.sa">
+
+	<target host="avis.com.sa" />
+	<target host="www.avis.com.sa" />
+	<target host="secure.avis.com.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.sa/"
+		to="https://www.avis.com.sa/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.sg.xml b/src/chrome/content/rules/Avis.com.sg.xml
new file mode 100644
index 000000000000..7d740302f30b
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.sg.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- m		(t)
+		- mail		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.sg">
+
+	<target host="avis.com.sg" />
+	<target host="www.avis.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.tr.xml b/src/chrome/content/rules/Avis.com.tr.xml
new file mode 100644
index 000000000000..8eeeb9dd233a
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.tr.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- www.m		(m)
+		- www.mobile	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.tr">
+
+	<target host="avis.com.tr" />
+	<target host="www.avis.com.tr" />
+	<target host="beta.avis.com.tr" />
+	<target host="kiosk.avis.com.tr" />
+	<target host="m.avis.com.tr" />
+	<target host="mobile.avis.com.tr" />
+	<target host="soforlukiralama.avis.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.ua.xml b/src/chrome/content/rules/Avis.com.ua.xml
new file mode 100644
index 000000000000..a37bfa60a7cc
--- /dev/null
+++ b/src/chrome/content/rules/Avis.com.ua.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.com.ua">
+
+	<target host="avis.com.ua" />
+	<target host="www.avis.com.ua" />
+	<target host="secure.avis.com.ua" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.com\.ua/"
+		to="https://www.avis.com.ua/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.com.xml b/src/chrome/content/rules/Avis.com.xml
index 7b78496e0319..0454e445a305 100644
--- a/src/chrome/content/rules/Avis.com.xml
+++ b/src/chrome/content/rules/Avis.com.xml
@@ -1,25 +1,92 @@
+
 <!--
-	Other Avis rulesets:
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-		- Avisservices.com.xml
+Fetch error: http://drive.avis.com/ => https://drive.avis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'drive.avis.com'")
 
+	Other related rulesets:
+		- Avis-Japan.com.xml
+		- Avis-sxm.com.xml
+		- Avis-Tahiti.com.xml
+		- Avis-Taiwan.com.xml
+		- Avis.at.xml
+		- Avis.be.xml
+		- Avis.ca.xml
+		- Avis.ch.xml
+		- Avis.cl.xml
+		- Avis.co.il.xml
+		- Avis.co.nz.xml
+		- Avis.co.uk.xml
+		- Avis.co.za.xml
+		- Avis.com.ar.xml
+		- Avis.com.au.xml
+		- Avis.com.co.xml
+		- Avis.com.do.xml
+		- Avis.com.ec.xml
+		- Avis.com.hk.xml
+		- Avis.com.hr.xml
+		- Avis.com.jm.xml
+		- Avis.com.lb.xml
+		- Avis.com.pa.xml
+		- Avis.com.ph.xml
+		- Avis.com.pt.xml
+		- Avis.com.sa.xml
+		- Avis.com.sg.xml
+		- Avis.com.tr.xml
+		- Avis.com.ua.xml
+		- Avis.de.xml
+		- Avis.dk.xml
+		- Avis.es.xml
+		- Avis.fi.xml
+		- Avis.fr.xml
+		- Avis.ie.xml
+		- Avis.ma.xml
+		- Avis.nl.xml
+		- Avis.no.xml
+		- Avis.pl.xml
+		- Avis.se.xml
+		- Avis.tc.xml
+		- Avisautonoleggio.it.xml
+		- Avissuriname.com.xml
 
-	Observed cookie subdomains:
 
-		- .
-		- www
-		- .www
+	Non-functional subdomains:
+		- afo	(m)
+		- atlanta	(m)
+		- dallas	(m)
+		- detroit	(m)
+		- ft-lauderdale	(m)
+		- houston	(m)
+		- locations	(m)
+		- miami	(m)
+		- mobile	(m)
+		- www.mobile	(m)
+		- new-york	(m)
+		- philadelphia	(m)
+		- phoenix	(m)
+		- redirect	(m)
+		- san-francisco	(m)
 
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Avis.com">
 
 	<target host="avis.com" />
 	<target host="www.avis.com" />
+	<!-- target host="drive.avis.com" /-->
+	<target host="click.e.avis.com" />
+	<target host="uat.avis.com" />
+	<target host="wizardgui.avis.com" />
+	<target host="wizardgui-x.avis.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host=".*\.avis\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.de.xml b/src/chrome/content/rules/Avis.de.xml
new file mode 100644
index 000000000000..1d5502e467bc
--- /dev/null
+++ b/src/chrome/content/rules/Avis.de.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- lufthansapartnerplus		(i)
+		- www.miles-and-more		(i)
+		- (www.)touristikpartner		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.de">
+
+	<target host="avis.de" />
+	<target host="www.avis.de" />
+	<target host="blog.avis.de" />
+	<target host="mirror.avis.de" />
+	<target host="secure.avis.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.de/"
+		to="https://www.avis.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.dk.xml b/src/chrome/content/rules/Avis.dk.xml
new file mode 100644
index 000000000000..e07b3aa07514
--- /dev/null
+++ b/src/chrome/content/rules/Avis.dk.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.dk">
+
+	<target host="avis.dk" />
+	<target host="www.avis.dk" />
+	<target host="secure.avis.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.dk/"
+		to="https://www.avis.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.es.xml b/src/chrome/content/rules/Avis.es.xml
new file mode 100644
index 000000000000..8714e85ab3de
--- /dev/null
+++ b/src/chrome/content/rules/Avis.es.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- mirror	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.es">
+
+	<target host="avis.es" />
+	<target host="www.avis.es" />
+	<target host="reporting.avis.es" />
+	<target host="secure.avis.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.es/"
+		to="https://www.avis.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.fi.xml b/src/chrome/content/rules/Avis.fi.xml
new file mode 100644
index 000000000000..bd619082e070
--- /dev/null
+++ b/src/chrome/content/rules/Avis.fi.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.fi">
+
+	<target host="avis.fi" />
+	<target host="www.avis.fi" />
+	<target host="secure.avis.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.fi/"
+		to="https://www.avis.fi/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.fr.xml b/src/chrome/content/rules/Avis.fr.xml
new file mode 100644
index 000000000000..89cc0f7fcfb6
--- /dev/null
+++ b/src/chrome/content/rules/Avis.fr.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- pubs		(m)
+		- secure	(HTTP 403 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.fr">
+
+	<target host="avis.fr" />
+	<target host="www.avis.fr" />
+	<target host="mirror.avis.fr" />
+	<target host="reporting.avis.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.fr/"
+		to="https://www.avis.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ie.xml b/src/chrome/content/rules/Avis.ie.xml
new file mode 100644
index 000000000000..9539c40dcd93
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ie.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avis.ie">
+
+	<target host="avis.ie" />
+	<target host="www.avis.ie" />
+	<target host="reporting.avis.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.ma.xml b/src/chrome/content/rules/Avis.ma.xml
new file mode 100644
index 000000000000..a886f67d54a2
--- /dev/null
+++ b/src/chrome/content/rules/Avis.ma.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.ma">
+
+	<target host="avis.ma" />
+	<target host="www.avis.ma" />
+	<target host="secure.avis.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.ma/"
+		to="https://www.avis.ma/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.nl.xml b/src/chrome/content/rules/Avis.nl.xml
new file mode 100644
index 000000000000..0d544a5ba471
--- /dev/null
+++ b/src/chrome/content/rules/Avis.nl.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.nl">
+
+	<target host="avis.nl" />
+	<target host="www.avis.nl" />
+	<target host="mirror.avis.nl" />
+	<target host="secure.avis.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.nl/"
+		to="https://www.avis.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.no.xml b/src/chrome/content/rules/Avis.no.xml
new file mode 100644
index 000000000000..4cb72488de98
--- /dev/null
+++ b/src/chrome/content/rules/Avis.no.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m			(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.no">
+
+	<target host="avis.no" />
+	<target host="www.avis.no" />
+	<target host="secure.avis.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.no/"
+		to="https://www.avis.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.pl.xml b/src/chrome/content/rules/Avis.pl.xml
new file mode 100644
index 000000000000..b84895c8789c
--- /dev/null
+++ b/src/chrome/content/rules/Avis.pl.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m			(t)
+		- www.miles-and-more		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.pl">
+
+	<target host="avis.pl" />
+	<target host="www.avis.pl" />
+	<target host="secure.avis.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.pl/"
+		to="https://www.avis.pl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.se.xml b/src/chrome/content/rules/Avis.se.xml
new file mode 100644
index 000000000000..6b579c03a4d3
--- /dev/null
+++ b/src/chrome/content/rules/Avis.se.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- m		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avis.se">
+
+	<target host="avis.se" />
+	<target host="www.avis.se" />
+	<target host="secure.avis.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avis\.se/"
+		to="https://www.avis.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avis.tc.xml b/src/chrome/content/rules/Avis.tc.xml
new file mode 100644
index 000000000000..f03b79d6d66b
--- /dev/null
+++ b/src/chrome/content/rules/Avis.tc.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+	Host has wildcard DNS.
+-->
+<ruleset name="Avis.tc">
+
+	<target host="avis.tc" />
+	<target host="www.avis.tc" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avisautonoleggio.it.xml b/src/chrome/content/rules/Avisautonoleggio.it.xml
new file mode 100644
index 000000000000..1286f1602759
--- /dev/null
+++ b/src/chrome/content/rules/Avisautonoleggio.it.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- reporting		(HTTP 404 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Avisautonoleggio.it">
+
+	<target host="avisautonoleggio.it" />
+	<target host="www.avisautonoleggio.it" />
+	<target host="secure.avisautonoleggio.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://avisautonoleggio\.it/"
+		to="https://www.avisautonoleggio.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avisservices.com.xml b/src/chrome/content/rules/Avisservices.com.xml
deleted file mode 100644
index fba745b9d2ba..000000000000
--- a/src/chrome/content/rules/Avisservices.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Avis coverage, see Avis.com.xml.
-
--->
-<ruleset name="Avisservices.com">
-
-	<target host="*.avisservices.com" />
-
-
-	<securecookie host="^(?:\.?snap)?\.avisservices\.com$" name=".+" />
-
-
-	<rule from="^http://snap\.avisservices\.com/"
-		to="https://snap.avisservices.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Avissuriname.com.xml b/src/chrome/content/rules/Avissuriname.com.xml
new file mode 100644
index 000000000000..dd39b84a9f3d
--- /dev/null
+++ b/src/chrome/content/rules/Avissuriname.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Avis related rulesets, see Avis.com.xml
+-->
+<ruleset name="Avissuriname.com">
+
+	<target host="avissuriname.com" />
+	<target host="www.avissuriname.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Avonmaquiagem.com.br.xml b/src/chrome/content/rules/Avonmaquiagem.com.br.xml
index fd07e4f772d6..67f92980e11a 100644
--- a/src/chrome/content/rules/Avonmaquiagem.com.br.xml
+++ b/src/chrome/content/rules/Avonmaquiagem.com.br.xml
@@ -6,7 +6,7 @@ Fetch error: http://static5.avonmaquiagem.com.br/ => https://static5.avonmaquiag
 Fetch error: http://www.avonmaquiagem.com.br/ => https://www.avonmaquiagem.com.br/: (28, 'Connection timed out after 20005 milliseconds')
 
 -->
-<ruleset name="avonmaquiagem.com.br" default_off='failed ruleset test'>
+<ruleset name="avonmaquiagem.com.br" default_off="failed ruleset test">
 
 	<target host="avonmaquiagem.com.br" />
 	<target host="static5.avonmaquiagem.com.br" />
@@ -18,4 +18,4 @@ Fetch error: http://www.avonmaquiagem.com.br/ => https://www.avonmaquiagem.com.b
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Awe.sm.xml b/src/chrome/content/rules/Awe.sm.xml
index dee8318eaa94..6d1b6334b6a8 100644
--- a/src/chrome/content/rules/Awe.sm.xml
+++ b/src/chrome/content/rules/Awe.sm.xml
@@ -34,7 +34,7 @@ Fetch error: http://widgets.awe.sm/ => https://totally.awe.sm/: (28, 'Connection
 		- .awe.sm
 
 -->
-<ruleset name="awe.sm (partial)" default_off='failed ruleset test'>
+<ruleset name="awe.sm (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/AwesomeStuffToBuy.com.xml b/src/chrome/content/rules/AwesomeStuffToBuy.com.xml
new file mode 100644
index 000000000000..373e8f617993
--- /dev/null
+++ b/src/chrome/content/rules/AwesomeStuffToBuy.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="AwesomeStuffToBuy.com">
+	<target host="awesomestufftobuy.com" />
+	<target host="www.awesomestufftobuy.com" />
+	<target host="assets.awesomestufftobuy.com" />
+	<target host="nitro.awesomestufftobuy.com" />
+	<target host="nitro1.awesomestufftobuy.com" />
+	<target host="nitro2.awesomestufftobuy.com" />
+	<target host="quick.awesomestufftobuy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Awio-Web-Services-mismatches.xml b/src/chrome/content/rules/Awio-Web-Services-mismatches.xml
index 5805599854ce..4b24b26087d8 100644
--- a/src/chrome/content/rules/Awio-Web-Services-mismatches.xml
+++ b/src/chrome/content/rules/Awio-Web-Services-mismatches.xml
@@ -4,7 +4,7 @@
 	<target host="dialshield.com"/>
 	<target host="www.dialshield.com"/>
 
-	<securecookie host="^(?:.*\.)?dialshield\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?dialshield\.com/"
 		to="https://www.dialshield.com/"/>
diff --git a/src/chrome/content/rules/Awio-Web-Services.xml b/src/chrome/content/rules/Awio-Web-Services.xml
index e2964d9280fe..20ff96b3ca6c 100644
--- a/src/chrome/content/rules/Awio-Web-Services.xml
+++ b/src/chrome/content/rules/Awio-Web-Services.xml
@@ -14,24 +14,21 @@ Fetch error: http://app.dialshield.com/ => https://app.dialshield.com/: (51, "SS
 		- Improvely.com.xml
 
 -->
-<ruleset name="Awio Web Services (partial)" default_off='failed ruleset test'>
+<ruleset name="Awio Web Services (partial)" default_off="failed ruleset test">
 
 	<target host="app.dialshield.com"/>
 	<target host="visitorboost.com"/>
-	<target host="*.visitorboost.com"/>
+	<target host="www.visitorboost.com" />
 	<target host="w3roi.com"/>
-	<target host="*.w3roi.com"/>
+	<target host="www.w3roi.com" />
 
 	<securecookie host="^app\.dialshield\.com$" name=".+" />
 	<securecookie host="^(?:.*\.)?(?:visitorboost|w3roi)\.com$" name=".+" />
 
-	<rule from="^http://app\.dialshield\.com/"
-		to="https://app.dialshield.com/"/>
 
 	<rule from="^http://(?:www\.)?visitorboost\.com/"
 		to="https://www.visitorboost.com/"/>
 
-	<rule from="^http://(www\.)?w3roi\.com/"
-		to="https://$1w3roi.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AwkwardZombie.com.xml b/src/chrome/content/rules/AwkwardZombie.com.xml
new file mode 100644
index 000000000000..d9fe0312c68b
--- /dev/null
+++ b/src/chrome/content/rules/AwkwardZombie.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- ftp
+
+	Redirects to NXDOMAIN:
+		- mail
+-->
+<ruleset name="AwkwardZombie.com">
+	<target host="awkwardzombie.com" />
+	<target host="www.awkwardzombie.com" />
+	<target host="cpanel.awkwardzombie.com" />
+	<target host="webdisk.awkwardzombie.com" />
+	<target host="webmail.awkwardzombie.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Axamba.xml b/src/chrome/content/rules/Axamba.xml
index f79e84b61681..1d5f53955da4 100644
--- a/src/chrome/content/rules/Axamba.xml
+++ b/src/chrome/content/rules/Axamba.xml
@@ -6,7 +6,7 @@ Fetch error: http://my.webtapestry.net/ => https://my.webtapestry.net/: (28, 'Co
 Disabled by https-everywhere-checker because:
 Fetch error: http://my.webtapestry.net/ => https://my.webtapestry.net/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Axamba (partial)" default_off='failed ruleset test'>
+<ruleset name="Axamba (partial)" default_off="failed ruleset test">
 
 	<target host="my.webtapestry.net"/>
 
diff --git a/src/chrome/content/rules/Axboe.xml b/src/chrome/content/rules/Axboe.xml
index 74bb61df6e83..db1a932a719d 100644
--- a/src/chrome/content/rules/Axboe.xml
+++ b/src/chrome/content/rules/Axboe.xml
@@ -10,7 +10,7 @@ Fetch error: http://webmail.axboe.dk/ => https://webmail.axboe.dk/: (60, 'SSL ce
 		(www.)	(cert valid for !www; shows webmail)
 
 -->
-<ruleset name="Axboe (partial)" default_off='failed ruleset test'>
+<ruleset name="Axboe (partial)" default_off="failed ruleset test">
 
 	<target host="webmail.axboe.dk" />
 
diff --git a/src/chrome/content/rules/Axel_Simon.net.xml b/src/chrome/content/rules/Axel_Simon.net.xml
deleted file mode 100644
index 6a44aaf6251f..000000000000
--- a/src/chrome/content/rules/Axel_Simon.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Non-functional hosts
-		Timeout was reached:
-			 - www.axelsimon.net
-
-		SSL peer certificate was not OK:
-			 - test.axelsimon.net
-			 - xmpp.axelsimon.net
--->
-<ruleset name="Axel Simon.net">
-	<target host="axelsimon.net" />
-	<target host="www.axelsimon.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://(www\.)?axelsimon\.net/" 
-			to="https://axelsimon.net/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Axelname.ru.xml b/src/chrome/content/rules/Axelname.ru.xml
deleted file mode 100644
index 6bfa08899d5a..000000000000
--- a/src/chrome/content/rules/Axelname.ru.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://crm.axelname.ru/ => https://crm.axelname.ru/: (60, 'SSL certificate problem: certificate has expired')
-
-dns1.axelname.ru ²
-dns2.axelname.ru ²
-expired1.axelname.ru ²
-expired2.axelname.ru ²
-forward.axelname.ru ²
-hosting.axelname.ru ⁵
-im1.axelname.ru ¹
-mx.axelname.ru ³
-ns1.axelname.ru ²
-ns2.axelname.ru ³
-ns3.axelname.ru ³
-ns5.axelname.ru ³
-p-td.axelname.ru ³
-p3.axelname.ru ³
-pages.axelname.ru ³
-stat.axelname.ru ³
-vizitca1.axelname.ru ²
-vizitca2.axelname.ru ²
-whois.axelname.ru ³
-
-
-¹ mismatch
-² refused
-³ timed out
-⁵ expired
--->
-<ruleset name="axelname.ru" default_off='failed ruleset test'>
-	<target host="axelname.ru" />
-	<target host="www.axelname.ru" />
-	<target host="api.axelname.ru" />
-	<target host="crm.axelname.ru" />
-	<target host="hosting2.axelname.ru" />
-	<target host="my.axelname.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Axeso5.com-falsemixed.xml b/src/chrome/content/rules/Axeso5.com-falsemixed.xml
deleted file mode 100644
index 6ad8f618b40f..000000000000
--- a/src/chrome/content/rules/Axeso5.com-falsemixed.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For rules not causing broken MCB, see Axeso5.com.xml.
-
-
-	Fully covered subdomains:
-
-		- (www.)?	(^ → www)
-
--->
-<ruleset name="Axeso5.com (false MCB)" platform="mixedcontent">
-
-	<target host="axeso5.com" />
-	<target host="www.axeso5.com" />
-
-
-	<securecookie host="^www\.axeso5\.com$" name=".+" />
-
-
-	<rule from="^http://axeso5\.com/"
-		to="https://www.axeso5.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Axeso5.com.xml b/src/chrome/content/rules/Axeso5.com.xml
index 40b42a7018cb..6df71c1ac54a 100644
--- a/src/chrome/content/rules/Axeso5.com.xml
+++ b/src/chrome/content/rules/Axeso5.com.xml
@@ -1,94 +1,40 @@
 <!--
-	For rules causing broken MCB, see Axeso5.com-falsemixed.xml.
+	Non-functional hosts
+		Couldn't connect to server:
+		- tkts.axeso5.com
 
-	Other Axeso5 rulesets:
+		Incomplete certificate chain error:
+		- cdn.axeso5.com
+		- imagenes.axeso5.com
 
-		- MiniMundos_online.com.xml
+		4xx client error:
+		- mbws.axeso5.com
+		- res.axeso5.com
 
-
-	Nonfunctional subdomains:
-
-		- aceonline ¹
-		- audition ¹
-		- axesofest ¹
-		- brickforce ¹
-		- cdn ²
-		- dirtybomb ¹
-		- foro ³
-		- imagenes ³
-		- karos-rosh ¹
-		- minimundos ⁴
-		- operation7 ¹
-		- runescape ¹
-		- suddenattack ¹
-		- tkts ³
-		- wia ¹
-		- zmr ¹
-
-	¹ 404
-	² 400
-	³ Refused
-	⁴ Redirects to http
-
-
-	^: 404
-
-
-	Fully covered subdomains:
-
-		- billing
-		- mbws
-		- oauth2
-		- res
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .axeso5.com
-		- billing.axeso5.com
+		5xx server error:
 		- oauth2.axeso5.com
-		- www.axeso5.com
-
-
-	Mixed content:
-
-		- css, on:
-
-			- www from mbws.axeso5.com *
-			- www from res.axeso5.com *
-			- www from fonts.googleapis.com *
-
-		- Images, on:
-
-			- www from $self *
-			- www from cdn.axeso5.com *
-			- www from imagenes.axeso5.com *
-
-	* Secured by us
 
+		Mixed content blocking (MCB) triggered:
+		- audition.axeso5.com
+		- foro.axeso5.com
+		- runescape.axeso5.com
 -->
 <ruleset name="Axeso5.com (partial)">
-
-	<!--target host="axeso5.com" /-->
+	<target host="axeso5.com" />
+	<target host="www.axeso5.com" />
+	<target host="aceonline.axeso5.com" />
+	<target host="axesofest.axeso5.com" />
 	<target host="billing.axeso5.com" />
-	<target host="mbws.axeso5.com" />
-	<target host="oauth2.axeso5.com" />
-	<target host="res.axeso5.com" />
-	<!--target host="www.axeso5.com" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.axeso5\.com$" name="^\.ASPXCOU_AXESO5$" /-->
-	<!--securecookie host="^(billing|oauth2|www)\.axeso5\.com$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^(?:billing|oauth2)\.axeso5\.com$" name=".+" />
-
-
-	<!--rule from="^http://axeso5\.com/"
-		to="https://www.axeso5.com/" /-->
-
-	<rule from="^http:"
-		to="https:" />
-
+	<target host="brickforce.axeso5.com" />
+	<target host="dirtybomb.axeso5.com" />
+	<target host="karos-rosh.axeso5.com" />
+	<target host="minimundos.axeso5.com" />
+	<target host="operation7.axeso5.com" />
+	<target host="suddenattack.axeso5.com" />
+	<target host="wia.axeso5.com" />
+	<target host="zmr.axeso5.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/AxisBank.co.in.xml b/src/chrome/content/rules/AxisBank.co.in.xml
new file mode 100644
index 000000000000..82207855f389
--- /dev/null
+++ b/src/chrome/content/rules/AxisBank.co.in.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Axis Bank related rulesets, see AxisBank.com.xml
+
+	Non-functional hosts
+		SSL error:
+		- scfconnect.axisbank.co.in
+-->
+<ruleset name="AxisBank.co.in (partial)">
+
+	<target host="allpay.axisbank.co.in" />
+	<target host="application.axisbank.co.in" />
+	<target host="corporate.axisbank.co.in" />
+	<target host="cms.axisbank.co.in" />
+	<target host="digital.axisbank.co.in" />
+	<target host="easypay.axisbank.co.in" />
+	<target host="edgerewards.axisbank.co.in" />
+	<target host="payhub.axisbank.co.in" />
+	<target host="retail.axisbank.co.in" />
+	<target host="transit.axisbank.co.in" />
+	<target host="www.axisbank.co.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/AxisBank.com.xml b/src/chrome/content/rules/AxisBank.com.xml
new file mode 100644
index 000000000000..65fe4528a914
--- /dev/null
+++ b/src/chrome/content/rules/AxisBank.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Axis Bank related rulesets:
+	+ AxisBank.co.in.xml
+
+	Non-functional hosts:
+		Expired:
+		- myconnect.axisbank.com
+
+		Weak Encryption:
+		- sftp.axisbank.com
+-->
+<ruleset name="AxisBank.com (partial)">
+
+	<target host="axisbank.com" />
+	<target host="www.axisbank.com" />
+	<target host="branch.axisbank.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Axis_Bank.xml b/src/chrome/content/rules/Axis_Bank.xml
deleted file mode 100644
index b4311d228ac2..000000000000
--- a/src/chrome/content/rules/Axis_Bank.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.axisbank.co.in/ => https://www.axisbank.co.in/: (28, 'Connection timed out after 10000 milliseconds')
-	Nonfunctional domains:
-
-		- home.axisdirect.co.in		(times out)
-		- hindi.axisbank.com		(shows aps; mismatched, CN: aps.axisbank.com)
-
-
-	Problematic domains:
-
-		- axisbank.com		(cert only matches www)
-
-
-	^axisbank.co.in doesn't exist
-
--->
-<ruleset name="Axis Bank (partial)">
-
-	<target host="www.axisbank.co.in" />
-	<target host="axisbank.com" />
-	<target host="*.axisbank.com" />
-
-
-	<securecookie host="^.+\.axisbank\.co(?:\.in|m)$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?axisbank\.co(\.in|m)/"
-		to="https://www.axisbank.co$1/" />
-
-	<rule from="^http://aps\.axisbank\.com/"
-		to="https://aps.axisbank.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Axosoft.com.xml b/src/chrome/content/rules/Axosoft.com.xml
index e54a5ccf4984..67327acdad16 100644
--- a/src/chrome/content/rules/Axosoft.com.xml
+++ b/src/chrome/content/rules/Axosoft.com.xml
@@ -5,12 +5,12 @@ Fetch error: http://iloyal.axosoft.com/ => https://iloyal.axosoft.com/: (6, 'Cou
 
 	Other Axosoft rulesets:
 		- Pure_Chat.com.xml
-	
+
 	Mismatched:
 		- promos.axosoft.com
 		- blog.axosoft.com
 -->
-<ruleset name="Axosoft.com" default_off='failed ruleset test'>
+<ruleset name="Axosoft.com" default_off="failed ruleset test">
 	<target host="axosoft.com" />
 	<target host="www.axosoft.com" />
 	<target host="store.axosoft.com" />
diff --git a/src/chrome/content/rules/Azahera.net.xml b/src/chrome/content/rules/Azahera.net.xml
new file mode 100644
index 000000000000..49941d84fb78
--- /dev/null
+++ b/src/chrome/content/rules/Azahera.net.xml
@@ -0,0 +1,9 @@
+<ruleset name="Azahera.net">
+	<target host="azahera.net" />
+	<target host="www.azahera.net" />
+	<target host="mail.azahera.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Azcentral.com.xml b/src/chrome/content/rules/Azcentral.com.xml
index 7cb26e4d7290..44a8c30cc144 100644
--- a/src/chrome/content/rules/Azcentral.com.xml
+++ b/src/chrome/content/rules/Azcentral.com.xml
@@ -28,10 +28,12 @@ Fetch error: http://azcentral.com/ => https://azcentral.com/: (51, "SSL: no alte
 		- l		(→ ^)
 
 -->
-<ruleset name="azcentral.com (partial)" default_off='failed ruleset test'>
+<ruleset name="azcentral.com (partial)" default_off="failed ruleset test">
 
 	<target host="azcentral.com" />
-	<target host="*.azcentral.com" />
+	<target host="i.azcentral.com" />
+	<target host="l.azcentral.com" />
+	<target host="www.azcentral.com" />
 
 
 	<securecookie host="^\.azcentral\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Azet.sk.xml b/src/chrome/content/rules/Azet.sk.xml
index e206455740e7..c98a2f260332 100644
--- a/src/chrome/content/rules/Azet.sk.xml
+++ b/src/chrome/content/rules/Azet.sk.xml
@@ -1,6 +1,5 @@
 <!--
 	Refused:
-	- sport.aktuality.sk
 	- kalendar.azet.sk
 	- adam.azet.sk
 	- horoskopy.azet.sk
@@ -8,9 +7,10 @@
 	- meteo.azet.sk
 	- minihry.azet.sk
 	- referaty.aktuality.sk
-	- sport.aktuality.sk
 	- zivot.azet.sk
 	- zoznamka.azet.sk
+	- badman.azet.sk
+	- lesk.azet.sk
 
 	Mismatch:
 	- mobilmania.azet.sk
@@ -23,6 +23,7 @@
 	Redirect:
 	- www.azet.sk
 	- casprezeny.azet.sk
+	- mdiva.aktuality.sk
 
 	404:
 	- pomoc.azet.sk
@@ -49,7 +50,6 @@
 	<target host="aktualne-temy.aktuality.sk" />
 	<target host="autobild.cas.sk" />
 	<target host="autor.aktuality.sk" />
-	<target host="badman.azet.sk" />
 	<target host="casprezeny.azet.sk" />
 	<target host="cestovanie.aktuality.sk" />
 	<target host="cestovanie.azet.sk" />
@@ -66,27 +66,34 @@
 	<target host="firmavpn.azet.sk" />
 	<target host="fotoalbumy.azet.sk" />
 	<target host="horoskopy.aktuality.sk" />
+	<target host="kalendar.aktuality.sk" />
 	<target host="koktejl.aktuality.sk" />
+	<target host="komunalne-volby.aktuality.sk" />
+	<target host="konto.aktuality.sk" />
 	<target host="komentare.aktuality.sk" />
 	<target host="krimi.aktuality.sk" />
 	<target host="kultura.aktuality.sk" />
-	<target host="lesk.azet.sk" />
+	<target host="kurzy.aktuality.sk" />
+	<target host="lifestyle.aktuality.sk" />
 	<target host="link.azet.sk" />
 	<target host="mail.azet.sk" />
 	<target host="m.azet.sk" />
-	<target host="mdiva.aktuality.sk" />
 	<target host="mpokec.azet.sk" />
 	<target host="ncms.azet.sk" />
+	<target host="noizz.aktuality.sk" />
+	<target host="obchod.aktuality.sk" />
 	<target host="osobnost.aktuality.sk" />
 	<target host="osobnosti.aktuality.sk" />
 	<target host="pocasie.aktuality.sk" />
 	<target host="pokec.azet.sk" />
 	<target host="prihlasenie.azet.sk" />
+	<target host="recepty.aktuality.sk" />
 	<target host="regiony.aktuality.sk" />
 	<target host="registracia.azet.sk" />
 	<target host="rs.azet.sk" />
 	<target host="slovnik.azet.sk" />
 	<target host="spravy.aktuality.sk" />
+	<target host="sport.aktuality.sk" />
 	<target host="tech.aktuality.sk" />
 	<target host="tema.aktuality.sk" />
 	<target host="tivi.cas.sk" />
diff --git a/src/chrome/content/rules/B-static.net.xml b/src/chrome/content/rules/B-static.net.xml
new file mode 100644
index 000000000000..fca4ab35eb3a
--- /dev/null
+++ b/src/chrome/content/rules/B-static.net.xml
@@ -0,0 +1,14 @@
+<!--
+	No working URL known:
+		www.b-static.net
+
+-->
+<ruleset name="B-static.net">
+
+	<target host="b-static.net" />
+	<target host="avatar.b-static.net" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/B2bmediaportal.com.xml b/src/chrome/content/rules/B2bmediaportal.com.xml
index 86e331890b51..0339e5d69aac 100644
--- a/src/chrome/content/rules/B2bmediaportal.com.xml
+++ b/src/chrome/content/rules/B2bmediaportal.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/B7oth.com.xml b/src/chrome/content/rules/B7oth.com.xml
deleted file mode 100644
index 69b53141d529..000000000000
--- a/src/chrome/content/rules/B7oth.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="B7oth.com" platform="mixedcontent">
-	<target host="b7oth.com" />
-	<target host="www.b7oth.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BA.xml b/src/chrome/content/rules/BA.xml
deleted file mode 100644
index 9318463e151e..000000000000
--- a/src/chrome/content/rules/BA.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://responsibleflying.ba.com/ => https://responsibleflying.ba.com/: (51, "SSL: no alternative certificate subject name matches target host name 'responsibleflying.ba.com'")
-
-	Mismatch:
-		- careers.britishairways.com
-		- mediacentre.britishairways.com
-		- (www.)behindthedesign.ba.com
-		- careers.ba.com
-		- pictureyourholiday.ba.com
-		- press.ba.com
-		- (www.)terminal5.ba.com
-
-	Refused:
-		- businesslife.ba.com
-		- highlife.ba.com
-		- londonaustin.ba.com
-		- theclub.ba.com
-
-	Timeout:
-		- onlinestandards.ba.com
-		- ournewplanes.ba.com
-		- taxi.ba.com
--->
-<ruleset name="British Airways" default_off='failed ruleset test'>
-	<target host="britishairways.com"/>
-	<target host="www.britishairways.com"/>
-	<target host="baggageclaim.britishairways.com"/>
-	<target host="disruptionclaim.britishairways.com"/>
-	<target host="onbusiness.britishairways.com"/>
-
-	<target host="ba.com"/>
-	<target host="www.ba.com"/>
-	<target host="developer.ba.com"/>
-	<target host="hotline.ba.com"/>
-	<target host="idtravel.ba.com"/>
-	<target host="responsibleflying.ba.com"/>
-	<target host="stafftravel.ba.com"/>
-	<target host="www.shopping.ba.com"/>
-
-	<securecookie host="^(?:.*\.)?britishairways.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BAG-Jugendschutz.de.xml b/src/chrome/content/rules/BAG-Jugendschutz.de.xml
new file mode 100644
index 000000000000..2bc52d046475
--- /dev/null
+++ b/src/chrome/content/rules/BAG-Jugendschutz.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		newsletter.bag-jugendschutz.de
+-->
+<ruleset name="BAG-Jugendschutz.de">
+
+	<target host="bag-jugendschutz.de" />
+	<target host="www.bag-jugendschutz.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BAGKJS.de.xml b/src/chrome/content/rules/BAGKJS.de.xml
new file mode 100644
index 000000000000..2f60cdcfb247
--- /dev/null
+++ b/src/chrome/content/rules/BAGKJS.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		collab.bagkjs.de
+		news.bagkjs.de
+		statistik.bagkjs.de
+-->
+<ruleset name="BAGKJS.de">
+
+	<target host="bagkjs.de" />
+	<target host="www.bagkjs.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BALPA.org.xml b/src/chrome/content/rules/BALPA.org.xml
new file mode 100644
index 000000000000..88097d0d968b
--- /dev/null
+++ b/src/chrome/content/rules/BALPA.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Different content HTTP/HTTPS:
+		balpa.org
+		wakeup.balpa.org
+
+	Invalid certificate:
+		newsletter.balpa.org
+
+-->
+<ruleset name="BALPA.org">
+
+	<target host="balpa.org" />
+	<target host="www.balpa.org" />
+	<target host="blog.balpa.org" />
+	<target host="forum.balpa.org" />
+	<target host="mail.balpa.org" />
+	<target host="passwordreset.balpa.org" />
+	<target host="testwebsite.balpa.org" />
+	<target host="webmail.balpa.org" />
+
+	<rule from="^http://balpa\.org/"
+		to="https://www.balpa.org/"/>
+
+    <rule from="^http:"
+        to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BAM.de.xml b/src/chrome/content/rules/BAM.de.xml
new file mode 100644
index 000000000000..c0a2604a2677
--- /dev/null
+++ b/src/chrome/content/rules/BAM.de.xml
@@ -0,0 +1,91 @@
+<!--
+	Content mismatch:
+		agw2.bam.de
+
+	Invalid certificate:
+		www.accta2013.bam.de
+		www.accta2016.bam.de
+		www.afr.bam.de
+		www.ake.bam.de
+		www.akkreditierungsbeirat.bam.de
+		www.amf.bam.de
+		www.artist.bam.de
+		www.atr.bam.de
+		www.betoscan.bam.de
+		www.biocides.bam.de
+		www.biozide.bam.de
+		www.ceqat-dghs.bam.de
+		www.chef.bam.de
+		www.ct.bam.de
+		www.dir.bam.de
+		www.drg.bam.de
+		www.ecasia03.bam.de
+		www.ermp-surfchem.bam.de
+		www.ermp-waterframeworkdirective.bam.de
+		www.evpg.bam.de
+		www.frpm05.bam.de
+		www.frpm2015.bam.de
+		www.h2sense.bam.de
+		www.icatt.bam.de
+		www.kb.bam.de
+		www.mod.bam.de
+		www.mosytraf.bam.de
+		www.nano-refmat.bam.de
+		www.ndte-training.bam.de
+		www.pcp.bam.de
+		www.perebar.bam.de
+		www.profile.bam.de
+		www.ps.bam.de
+		publica.bam.de
+		www.recarc.bam.de
+		www.recdemo.bam.de
+		www.resolved.bam.de
+		www.rm-certificates.bam.de
+		www.spin.bam.de
+		www.susan.bam.de
+		www.technart2011.bam.de
+		www.tmf-workshop.bam.de
+		www.tts.bam.de
+
+	Timeout:
+		dnssrv1.bam.de
+		ftp.bam.de
+		mdm.bam.de
+
+	Unable to get local issuer certificate:
+		www.ak-gkm.bam.de
+		cvpn.bam.d
+		redaktion-stage.bam.de
+		wmrif.bam.de
+		www.wmrif.bam.de
+-->
+<ruleset name="BAM.de">
+
+	<target host="www.bam.de" />
+	<target host="agw1.bam.de" />
+	<target host="agw3.bam.de" />
+	<target host="agw4.bam.de" />
+	<target host="www.akb.bam.de" />
+	<target host="autodiscover.bam.de" />
+	<target host="www.comar.bam.de" />
+	<target host="dgg.bam.de" />
+	<target host="www.dgg.bam.de" />
+	<target host="www.ebpg.bam.de" />
+	<target host="www.eptis.bam.de" />
+	<target host="exchange.bam.de" />
+	<target host="www.fraktographie.bam.de" />
+	<target host="git.bam.de" />
+	<target host="netzwerke.bam.de" />
+	<target host="redaktion.netzwerke.bam.de" />
+	<target host="www.nike.bam.de" />
+	<target host="redaktion.bam.de" />
+	<target host="rrr.bam.de" />
+	<target host="silverback.bam.de" />
+	<target host="www.suffos.bam.de" />
+	<target host="www.tes.bam.de" />
+	<target host="webshop.bam.de" />
+	<target host="www.webshop.bam.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BASt.de.xml b/src/chrome/content/rules/BASt.de.xml
new file mode 100644
index 000000000000..57cc26ba916e
--- /dev/null
+++ b/src/chrome/content/rules/BASt.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Content mismatch:
+		rws.bast.de
+		svz-online.bast.de
+
+	Invalid certificate:
+		itzeb.bast.de
+
+	Refused:
+		deufrako.bast.de
+		ripcord.bast.de
+		verdi.bast.de
+		visustrplanung.bast.de
+
+	Unable to get local issuer certificate:
+		bisstra-upload.bast.de
+		dbstreum.bast.de
+-->
+<ruleset name="BASt.de">
+
+	<target host="www.bast.de" />
+	<target host="bisstraerf.bast.de" />
+	<target host="esret.bast.de" />
+	<target host="login.bast.de" />
+	<target host="makau.bast.de" />
+	<target host="owa.bast.de" />
+	<target host="ssi.bast.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BATS_Exchange.xml b/src/chrome/content/rules/BATS_Exchange.xml
index b134998e4318..27602522e593 100644
--- a/src/chrome/content/rules/BATS_Exchange.xml
+++ b/src/chrome/content/rules/BATS_Exchange.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BAW.de.xml b/src/chrome/content/rules/BAW.de.xml
new file mode 100644
index 000000000000..420b697b305a
--- /dev/null
+++ b/src/chrome/content/rules/BAW.de.xml
@@ -0,0 +1,51 @@
+<!--
+	Invalid certificate:
+		www.hamburg.baw.de
+		columba.ilmenau.baw.de
+		kfki-neu.baw.de
+		pianc.vzb.baw.de
+
+	Refused:
+		bildarchiv.baw.de
+		comrisk.hosted-by-kfki.baw.de
+		kodiba.hosted-by-kfki.baw.de
+		mdi-de.hosted-by-kfki.baw.de
+		morwin.hosted-by-kfki.baw.de
+		nokis.hosted-by-kfki.baw.de
+		wimo.hosted-by-kfki.baw.de
+		icce2008.baw.de
+		iche2014.baw.de
+		www.iche2014.baw.de
+		www.mashcon2016.baw.de
+		mdi-de.baw.de
+		mdi-dienste.baw.de
+		medienarchiv.baw.de
+		scour-and-erosion.baw.de
+		ufersicherung.baw.de
+		wiki.baw.de
+
+	Timeout:
+		blog.baw.de
+		ftp.hamburg.baw.de
+		idp.baw.de
+		wsvmap-extern.ilmenau.baw.de
+
+	Unable to get local issuer certificate:
+		wm.baw.de
+-->
+<ruleset name="BAW.de">
+
+	<target host="www.baw.de" />
+	<target host="henry.baw.de" />
+	<target host="izw.baw.de" />
+	<target host="mc.baw.de" />
+	<target host="mc-test.baw.de" />
+	<target host="ox.baw.de" />
+	<target host="ox3.baw.de" />
+	<target host="oxt.baw.de" />
+	<target host="vzb.baw.de" />
+	<target host="webmail.baw.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BBC-mismatches.xml b/src/chrome/content/rules/BBC-mismatches.xml
deleted file mode 100644
index 010f07d06e4a..000000000000
--- a/src/chrome/content/rules/BBC-mismatches.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For rules that are on by default, see BBC.xml.
-
--->
-<ruleset name="BBC.co.uk (self-signed)" default_off="mismatched, self-signed">
-
-	<target host="electradl.iplayer.bbc.co.uk" />
-	<!--target host="www.bbc.net.uk" />
-		<exclusion pattern="^http://(?:www\.)?bbc\.net\.uk/(?:media|nol|shared|static)/" /-->
-
-
-	<!--	Cert mismatch.
-
-		Some pages look different.
-
-	<rule from="^http://(?:www\.)?bbc\.(?:co|net)\.uk/"
-		to="https://www.bbc.net.uk/" /-->
-
-	<!--	Akamai.
-				-->
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BBC.co.uk.xml b/src/chrome/content/rules/BBC.co.uk.xml
new file mode 100644
index 000000000000..4dd798d0876c
--- /dev/null
+++ b/src/chrome/content/rules/BBC.co.uk.xml
@@ -0,0 +1,42 @@
+<!--
+	Other BBC rulesets:
+		- BBC.com.xml
+		- BBC_Children_In_Need.xml
+		- bbci.co.uk.xml
+		- bbcimg.co.uk.xml
+
+	Mismatched:
+		- cdnedge
+		- ftp.kw
+
+	SSL error:
+		- confluence.dev
+		- newsbeta
+		- newsforums
+		- newsvote
+
+	Mixed content:
+		- playlists
+		- downloads
+-->
+<ruleset name="BBC.co.uk (partial)">
+	<target host="bbc.co.uk" />
+	<target host="www.bbc.co.uk" />
+	<target host="ssc.api.bbc.co.uk" />
+	<target host="careershub.bbc.co.uk" />
+	<target host="careerssearch.bbc.co.uk" />
+	<target host="iplayerhelp.external.bbc.co.uk" />
+	<target host="www.live.bbc.co.uk" />
+	<target host="open.live.bbc.co.uk" />
+	<target host="m.bbc.co.uk" />
+	<target host="newsimg.bbc.co.uk" />
+	<target host="polling.bbc.co.uk" />
+	<target host="sa.bbc.co.uk" />
+	<target host="ssl.bbc.co.uk" />
+	<target host="static.bbc.co.uk" />
+	<target host="stats.bbc.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BBC.com-falsemixed.xml b/src/chrome/content/rules/BBC.com-falsemixed.xml
deleted file mode 100644
index b5e42ac81f9c..000000000000
--- a/src/chrome/content/rules/BBC.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see BBC.com.xml.
-
--->
-<ruleset name="BBC.com (false MCB)" platform="mixedcontent">
-
-	<target host="bbc.com" />
-	<target host="www.bbc.com" />
-		<!--
-			Started redirecting to http:
-							-->
-		<exclusion pattern="^http://www\.bbc\.com/(?:$|\?|favicon\.ico|news/[\w-]+-\d+(?:$|\?))" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BBC.com.xml b/src/chrome/content/rules/BBC.com.xml
index 4283d01ce89f..e43d47971ce5 100644
--- a/src/chrome/content/rules/BBC.com.xml
+++ b/src/chrome/content/rules/BBC.com.xml
@@ -1,44 +1,47 @@
 <!--
-	For rules causing false/broken MCB, see BBC.com-falsemixed.xml.
-
-	For other BBC coverage, see BBC.xml.
-
-
-		- bbc.112.2o7.net
-
-			- sa
-
-
-	Problematic subdomains:
-
-		- sa	(mismatched, CN: *.112.2o7.net)
-
-
-	Mixed content:
-
-		- css on www from static.bbc.co.uk *
-		- Images from ichef.bbci.co.uk *
-		- favicon on www from www.bbc.co.uk *
-		- Web bugs on www from stats.bbc.co.uk *
-
-	* Secured by us in BBC.xml
-
+	Non-functional hosts
+		Timeout was reached:
+		- help.store.bbc.com
+
+		SSL peer certificate was not OK:
+		- pages.email.bbc.com
+		- pages.emails.bbc.com
+		- pages.storeuk.bbc.com
+
+		Incomplete certificate chain error:
+		- dialin.bbc.com
+		- meet.bbc.com
+		- r1.bbc.com
+		- webmail.bbc.com
+
+		Redirect to HTTP:
+		- www.bbc.com
+			- /culture/
+			- /travel/
 -->
 <ruleset name="BBC.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
+	<target host="bbc.com" />
+	<target host="www.bbc.com" />
+	<!-- See #19012 -->
+	<exclusion pattern="^http://www\.bbc\.com/culture/" />
+		<test url="http://www.bbc.com/culture/story/20200227-japans-unexpected-relationship-with-reggae" />
+		<test url="http://www.bbc.com/culture/story/20200301-nine-tv-shows-to-watch-in-march" />
+		<test url="http://www.bbc.com/culture/story/20200309-the-soft-power-roots-of-k-pop" />
+	<exclusion pattern="^http://www\.bbc\.com/travel/" />
+		<test url="http://www.bbc.com/travel/" />
+		<test url="http://www.bbc.com/travel/story/20200308-japans-ancient-way-to-save-the-planet" />
+		<test url="http://www.bbc.com/travel/story/20200309-ogopogo-the-monster-lurking-in-okanagan-lake" />
+	<target host="information-syndication.api.bbc.com" />
+	<target host="ssc.api.bbc.com" />
+	<target host="beta.bbc.com" />
+	<target host="developer.bbc.com" />
+	<target host="emp.bbc.com" />
+	<target host="player.bbc.com" />
 	<target host="ssl.bbc.com" />
+	<target host="shop.bbc.com" />
+	<target host="ca.shop.bbc.com" />
+	<target host="store.bbc.com" />
+	<target host="www.test.bbc.com" />
 
-	<!--	Complications:
-				-->
-	<target host="sa.bbc.com" />
-
-
-	<rule from="^http://sa\.bbc\.com/"
-		to="https://bbc.112.2o7.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BBC.xml b/src/chrome/content/rules/BBC.xml
deleted file mode 100644
index 3d7fe6dbeeec..000000000000
--- a/src/chrome/content/rules/BBC.xml
+++ /dev/null
@@ -1,173 +0,0 @@
-<!--
-	For rules covering resources which do not secure
-	mixed content, see bbc.co.uk-resources.xml.
-
-	For problematic rules, see BBC-mismatches.xml.
-
-
-	Other BBC rulesets:
-
-		- BBC.com.xml
-		- BBC_Children_In_Need.xml
-		- bbci.co.uk.xml
-		- bbcimg.co.uk.xml
-
-
-	CDN buckets:
-
-		- cdnedge.bbc.co.uk.edgesuite.net
-		- electradl.iplayer.bbc.co.uk.edgesuite.net
-		- news.bbc.co.uk.edgesuite.net
-			- newsimg.bbc.co.uk
-			- feeds.bbci.co.uk
-			- news.bbcimg.co.uk
-			- tile[1-4].bbcimg.co.uk
-		- emp.bbci.co.uk.edgesuite.net
-		- ichef.bbci.co.uk.edgesuite.net
-		- node1.bbcimg.co.uk.edgesuite.net
-		- bbcmedia.fcod.llnwd.net
-
-
-
-	Nonfunctional domains:
-
-		- bbc.co.uk subdomains:
-
-			- cdnedge *
-			- confluence.dev	(handshake error)
-			- ftp.kw	(401, self-signed)
-			- m ʰ
-			- news ʳ
-			- newsbeta	(no https)
-			- newsforums
-			- newsvote
-			- playlists **
-			- r **
-			- careers (certificate has expired)
-
-		- (www.)bbcamerica.com	(reset)
-
-	* 503, akamai
-	ʰ Redirects to http
-	** Refused
-	ʳ Refused
-
-
-	Problematic hosts in *bbc.co.uk:
-
-		- careerssearch ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .bbc.co.uk
-		- careershub.bbc.co.uk
-		- iplayerhelp.external.bbc.co.uk
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on careerssearch from $self
-		- Images on careerssearch from $self
-		- favicon on careerssearch from $self
-
--->
-<ruleset name="BBC.co.uk (partial)">
-
-	<target host="bbc.co.uk" />
-	<target host="ssc.api.bbc.co.uk" />
-	<target host="careershub.bbc.co.uk" />
-	<!--target host="downloads.bbc.co.uk" /-->
-	<target host="iplayerhelp.external.bbc.co.uk" />
-	<!--target host="open.live.bbc.co.uk" /-->
-	<!--target host="www.live.bbc.co.uk" /-->
-	<!--target host="newsimg.bbc.co.uk" /-->
-	<!--target host="polling.bbc.co.uk" /-->
-	<target host="sa.bbc.co.uk" />
-	<target host="ssl.bbc.co.uk" />
-	<!--target host="static.bbc.co.uk" /-->
-	<target host="stats.bbc.co.uk" />
-	<target host="www.bbc.co.uk" />
-
-		<!--
-		<test url="http://downloads.bbc.co.uk/errors/btm.gif" />
-		<test url="http://newsimg.bbc.co.uk/shared/img/v4/skip_to_top_arrow.gif" />
-		<test url="http://sa.bbc.co.uk/bbc/bbc/s?name=&amp;ns_m2=&amp;ns_setsiteck=&amp;ml_name=&amp;ml_version=&amp;blq_js_enabled=&amp;blq_s=&amp;blq_r=&amp;blq_v=&amp;blq_e=&amp;app_name=&amp;app_version=&amp;app_edition=&amp;is_app=&amp;page_type=&amp;pal_route=&amp;app_type=&amp;language=&amp;pal_webapp=&amp;prod_name=" />
-		-->
-		<test url="http://ssl.bbc.co.uk/musicautoclearindies" />
-		<!--
-		<test url="http://static.bbc.co.uk/id/0.34.96/img/bbcid_orb_signin_light.png" />
-		-->
-		<test url="http://stats.bbc.co.uk/o.gif" />
-
-		<!--	Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.bbc\.co\.uk/(?:arts$|blogs/tv/$|contact$|faqs$|faqs/assets/|id/status\?|iplayer$|news/(?:\d+$|contact-us/editorial$|privacy/$|science_and_environment$|uk-\d+$|weather$))" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://(?:www\.)?bbc\.co\.uk/(?!/*(?:$|\?|favicon\.ico|travel(?:$|[?/])))" /-->
-		<!--
-			Reduce non-Tor distinguishability:
-							-->
-		<exclusion pattern="^http://(?:www\.)?bbc\.co\.uk/(?!/*(?:$|\?|travel(?:$|[?/])))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.bbc.co.uk/arts" />
-			<test url="http://www.bbc.co.uk/blogs/internet/entries/f6f50d1f-a879-4999-bc6d-6634a71e2e60" />
-			<test url="http://www.bbc.co.uk/blogs/tv/" />
-			<test url="http://www.bbc.co.uk/contact" />
-			<test url="http://www.bbc.co.uk/faqs" />
-			<test url="http://www.bbc.co.uk/faqs/assets/faqs-site/resources/icon-search-black.png" />
-			<test url="http://www.bbc.co.uk/id/status" />
-			<test url="http://www.bbc.co.uk/iplayer" />
-			<test url="http://www.bbc.co.uk/news/20039682" />
-			<test url="http://www.bbc.co.uk/news/contact-us/editorial" />
-			<test url="http://www.bbc.co.uk/news/science_and_environment" />
-			<test url="http://www.bbc.co.uk/news/uk-politics-eu-referendum-36304729" />
-			<test url="http://www.bbc.co.uk/privacy/" />
-			<test url="http://www.bbc.co.uk/weather" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.bbc.co.uk/?" />
-			<!--
-			<test url="http://www.bbc.co.uk/favicon.ico" />
-			-->
-
-		<!--	Avoid potential XHR or flash policy problems:
-									-->
-		<!--exclusion pattern="^http://(?!(?!(?:careers|careershub|iplayerhelp\.external|id|sa|ssl|www)\.bbc\.co\.uk/).+\.(?:bmp|css|gifv?|ico|jpe?g|pdf|png|svg|tiff?|ttf|woff)(?:$|\?))" /-->
-
-			<!--	+ve:
-					-->
-			<!--
-			<test url="http://open.live.bbc.co.uk/crossdomain.xml" />
-			<test url="http://open.live.bbc.co.uk/weather/feeds/en/2650225/3dayforecast.rss" />
-			<test url="http://polling.bbc.co.uk/appconfig/iplayerradio/tablet/android/2.0.0/info.html" />
-			<test url="http://www.live.bbc.co.uk/crossdomain.xml" />	secure="false"
-			-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.bbc\.co\.uk$" name="^(?:BBC-UID|BGUID|IDENTITY_SESSION|locserv|s1)$" /-->
-	<!--securecookie host="^careershub\.bbc\.co\.uk$" name="^X-Mapping-" /-->
-	<!--securecookie host="^iplayerhelp\.external\.bbc\.co\.uk$" name="^identitytoken$" /-->
-
-	<!--	BGUID: Tracking cookie set by stats
-		a1: Tracking cookie set by sa
-						-->
-	<securecookie host="^\." name="^(?:BGUID|s1)$" />
-	<securecookie host="^[^.w]" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BBacon.org.xml b/src/chrome/content/rules/BBacon.org.xml
new file mode 100644
index 000000000000..d06ac5637e64
--- /dev/null
+++ b/src/chrome/content/rules/BBacon.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Active mixed content:
+		- bbacon.org, e.g. http://bbacon.org/An-Introductory-Guide-to-the-IMSLP
+		- www.bbacon.org, e.g. http://www.bbacon.org/An-Introductory-Guide-to-the-IMSLP
+-->
+
+<ruleset name="BBacon.org" platform="mixedcontent">
+	<target host="bbacon.org" />
+		<test url="http://bbacon.org/About" />
+	<target host="www.bbacon.org" />
+		<test url="http://www.bbacon.org/About" />
+
+	<!-- Root path redirects to HTTP -->
+	<exclusion pattern="^http://(www\.)?bbacon\.org/$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BCGolf.com-mismatches.xml b/src/chrome/content/rules/BCGolf.com-mismatches.xml
index 46f3e2f352f0..6cf169b2ce6e 100644
--- a/src/chrome/content/rules/BCGolf.com-mismatches.xml
+++ b/src/chrome/content/rules/BCGolf.com-mismatches.xml
@@ -5,7 +5,7 @@
 		<!--	handled in main ruleset		-->
 		<exclusion pattern="^http://www\."/>
 
-	<securecookie host="^.*\.golf2go\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://([\w\-]+)\.golf2go\.net/"
 		to="https://$1.golf2go.net/"/>
diff --git a/src/chrome/content/rules/BCGolf.com.xml b/src/chrome/content/rules/BCGolf.com.xml
deleted file mode 100644
index 2d90b9e579f5..000000000000
--- a/src/chrome/content/rules/BCGolf.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="BCGolf.com">
-
-	<target host="bcgolf.com"/>
-	<target host="www.bcgolf.com"/>
-	<target host="golf2go.net"/>
-	<target host="www.golf2go.net"/>
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BECU.xml b/src/chrome/content/rules/BECU.xml
index 60b8e5b1e81d..14bfd3d98750 100644
--- a/src/chrome/content/rules/BECU.xml
+++ b/src/chrome/content/rules/BECU.xml
@@ -10,7 +10,7 @@ Fetch error: http://accessassistant.becu.org/ => https://accessassistant.becu.or
 	Mismatched:
 		- locatorsearch
 -->
-<ruleset name="Becu.org" default_off='failed ruleset test'>
+<ruleset name="Becu.org" default_off="failed ruleset test">
 	<target host="becu.org" />
 	<target host="www.becu.org" />
 	<target host="onlinebanking.becu.org" />
diff --git a/src/chrome/content/rules/BEL.fi.xml b/src/chrome/content/rules/BEL.fi.xml
index 55f982fb61b9..0d0e58ef77cd 100644
--- a/src/chrome/content/rules/BEL.fi.xml
+++ b/src/chrome/content/rules/BEL.fi.xml
@@ -14,7 +14,7 @@ Fetch error: http://bacchus.bel.fi/ => https://bacchus.bel.fi/: (7, 'Failed to c
 		Invalid certificates:
 			 - asp.bel.fi
 -->
-<ruleset name="BEL Solutions Oy" default_off='failed ruleset test'>
+<ruleset name="BEL Solutions Oy" default_off="failed ruleset test">
 	<target host="bel.fi" />
 	<target host="www.bel.fi" />
 	<target host="bacchus.bel.fi" />
diff --git a/src/chrome/content/rules/BEM.info.xml b/src/chrome/content/rules/BEM.info.xml
index d30687fe00fb..6270529e398a 100644
--- a/src/chrome/content/rules/BEM.info.xml
+++ b/src/chrome/content/rules/BEM.info.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.bem.info/ => https://www.bem.info/: (60, 'SSL certificat
 		- ru
 
 -->
-<ruleset name="BEM.info" default_off='failed ruleset test'>
+<ruleset name="BEM.info" default_off="failed ruleset test">
 
 	<target host="bem.info" />
 	<target host="ru.bem.info" />
diff --git a/src/chrome/content/rules/BEV.bund.de.xml b/src/chrome/content/rules/BEV.bund.de.xml
new file mode 100644
index 000000000000..67b082839834
--- /dev/null
+++ b/src/chrome/content/rules/BEV.bund.de.xml
@@ -0,0 +1,15 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BEV.bund.de">
+
+	<target host="www.bev.bund.de" />
+	<target host="auth.bev.bund.de" />
+	<target host="nsc.bev.bund.de" />
+	<target host="owa.bev.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BE_One_Spark.com.xml b/src/chrome/content/rules/BE_One_Spark.com.xml
deleted file mode 100644
index 551194320e18..000000000000
--- a/src/chrome/content/rules/BE_One_Spark.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="BE One Spark.com (partial)">
-
-	<target host="beonespark.com" />
-	<target host="www.beonespark.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.beonespark\.com/(berlin|jacksonville)/($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www\.beonespark\.com/(?!assets/|berlin/(sign-in|users/password)/*($|\?))" /-->
-
-
-	<rule from="^http://(www\.)?beonespark\.com/(?=assets/|berlin/(?:sign-in|users/password)/*(?:$|\?))"
-		to="https://$1beonespark.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BGPView.io.xml b/src/chrome/content/rules/BGPView.io.xml
new file mode 100644
index 000000000000..e9523ac129e0
--- /dev/null
+++ b/src/chrome/content/rules/BGPView.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="BGPView.io">
+	<target host="bgpview.io" />
+	<target host="www.bgpview.io" />
+	<target host="api.bgpview.io" />
+	<target host="es.bgpview.io" />
+	<target host="whois.bgpview.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BGPmon.net.xml b/src/chrome/content/rules/BGPmon.net.xml
index d6bf914cb4eb..0f907c11f87d 100644
--- a/src/chrome/content/rules/BGPmon.net.xml
+++ b/src/chrome/content/rules/BGPmon.net.xml
@@ -10,9 +10,11 @@
 -->
 <ruleset name="BGPmon.net">
 	<target host="bgpmon.net" />
-	<target host="*.bgpmon.net" />
+	<target host="portal.bgpmon.net" />
+	<target host="www.bgpmon.net" />
 	<target host="bgpmon.com" />
-	<target host="*.bgpmon.com" />
+	<target host="portal.bgpmon.com" />
+	<target host="www.bgpmon.com" />
 
 	<!-- Not secured by server: -->
 	<securecookie host="^portal\.bgpmon\.net$" name=".+" />
@@ -20,8 +22,7 @@
     <rule from="^http://bgpmon\.(?:com|net)/"
         to="https://www.bgpmon.net/" />
 
-	<rule from="^http://(portal|www)?\.bgpmon\.net/"
-		to="https://$1.bgpmon.net/" />
-	<rule from="^http://(portal|www)?\.bgpmon\.com/"
-		to="https://$1.bgpmon.net/" />
+	<rule from="^http://(portal\.|www\.)?bgpmon\.com/"
+		to="https://$1bgpmon.net/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BGR.com.xml b/src/chrome/content/rules/BGR.com.xml
index 789515e081ac..8f18b235d500 100644
--- a/src/chrome/content/rules/BGR.com.xml
+++ b/src/chrome/content/rules/BGR.com.xml
@@ -1,32 +1,56 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.bgr.com/ => https://www.bgr.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bgr.com'")
-
-	Problematic hosts in *bgr.com:
-
-		- cdn *
-
-	* Wordpress/mismatched
-
+	Connection closed:
+		- mail.bgr.com
+
+	Invalid certificate:
+		- cdn.bgr.com, equivalent to boygeniusreport.files.wordpress.com
+		- c2.bgr.com, equivalent to boygeniusreport.files.wordpress.com
+		- de.bgr.com, equivalent to bgr.com
+		- www.de.bgr.com, equivalent to bgr.com
+		- m.de.bgr.com, equivalent to bgr.com
+		- image.email.bgr.com
+		- horizon.bgr.com
+		- link.bgr.com
+		- m.bgr.com, equivalent to bgr.com
+		- www.m.bgr.com, equivalent to bgr.com
+		- qa.bgr.com
+		- *.qa.bgr.com
+		- static.bgr.com
+		- store.bgr.com
+		- video-cdn.bgr.com, equivalent to content.jwplatform.com
 -->
-<ruleset name="BGR.com" default_off='failed ruleset test'>
 
-	<!--	Direct rewrites:
-				-->
+<ruleset name="BGR.com">
 	<target host="bgr.com" />
-	<target host="store.bgr.com" />
 	<target host="www.bgr.com" />
-
-	<!--	Complications:
-				-->
+	<target host="academy.bgr.com" />
+	<target host="c2.bgr.com" />
 	<target host="cdn.bgr.com" />
+	<target host="de.bgr.com" />
+	<target host="www.de.bgr.com" />
+	<target host="m.de.bgr.com" />
+	<target host="click.email.bgr.com" />
+	<target host="pages.email.bgr.com" />
+	<target host="view.email.bgr.com" />
+	<target host="m.bgr.com" />
+	<target host="www.m.bgr.com" />
+	<target host="mail.bgr.com" />
+	<target host="video-cdn.bgr.com" />
+
+	<rule from="^http://(c2|cdn)\.bgr\.com/"
+		to="https://boygeniusreport.files.wordpress.com/" />
+		<test url="http://c2.bgr.com/2012/08/samsung-internal-memo-jkshin.pdf" />
+		<test url="http://cdn.bgr.com/2012/08/samsung-internal-memo-jkshin.pdf" />
 
+	<rule from="^http://(de|www\.de|m\.de|m|www\.m)\.bgr\.com/"
+		to="https://bgr.com/" />
 
-	<rule from="^http://cdn\.bgr\.com/"
-		to="https://boygeniusreport.files.wordpress.com/" />
+	<rule from="^http://mail\.bgr\.com/$"
+		to="https://mail.google.com/a/bgr.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http://video-cdn\.bgr\.com/"
+		to="https://content.jwplatform.com/" />
+		<test url="http://video-cdn.bgr.com/libraries/1fryQI3F.js" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BGR.de.xml b/src/chrome/content/rules/BGR.de.xml
new file mode 100644
index 000000000000..3e6d8c43cb9f
--- /dev/null
+++ b/src/chrome/content/rules/BGR.de.xml
@@ -0,0 +1,49 @@
+<!--
+	Invalid certificate:
+		rdg.bgr.de
+		eida.szgrf.bgr.de
+
+	Refused:
+		bzax04.bgr.de
+		crl.bgr.de
+		mdm04.bgr.de
+		opac.bgr.de
+		uranus.bgr.de
+
+	Timeout:
+		ftp.hannover.bgr.de
+		mail.hannover.bgr.de
+		sdac.bgr.de
+		www.seisonline.bgr.de
+		mags.szgrf.bgr.de
+-->
+<ruleset name="BGR.de">
+
+	<target host="www.bgr.de" />
+	<target host="ausschreibungen.bgr.de" />
+	<target host="boreholemap.bgr.de" />
+	<target host="rosys.dera.bgr.de" />
+	<target host="download.bgr.de" />
+	<target host="eida.bgr.de" />
+	<target host="fisbo.bgr.de" />
+	<target host="fisbopw.bgr.de" />
+	<target host="fishy.bgr.de" />
+	<target host="geoviewer.bgr.de" />
+	<target host="gzhgw.bgr.de" />
+	<target host="hydroscripts.bgr.de" />
+	<target host="www.kernwaffenteststopp.bgr.de" />
+	<target host="litholex.bgr.de" />
+	<target host="mdm.bgr.de" />
+	<target host="mdm01.bgr.de" />
+	<target host="produktcenter.bgr.de" />
+	<target host="rohstoffportal-sgd.bgr.de" />
+	<target host="www.seismologie.bgr.de" />
+	<target host="services.bgr.de" />
+	<target host="servicestest.bgr.de" />
+	<target host="www.szgrf.bgr.de" />
+	<target host="teambeam.bgr.de" />
+	<target host="zsn.bgr.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BGamed.de.xml b/src/chrome/content/rules/BGamed.de.xml
index 45a2030cf5e4..757afc378e07 100644
--- a/src/chrome/content/rules/BGamed.de.xml
+++ b/src/chrome/content/rules/BGamed.de.xml
@@ -31,4 +31,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BHosted.nl.xml b/src/chrome/content/rules/BHosted.nl.xml
deleted file mode 100644
index e8873a7b5084..000000000000
--- a/src/chrome/content/rules/BHosted.nl.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- status	(refused)
-
-
-	Problematic subdomains:
-
-		- ^	(shows klant)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- admin
-		- klant
-		- webmail
-
--->
-<ruleset name="bHosted.nl (partial)">
-
-	<target host="bhosted.nl" />
-	<target host="*.bhosted.nl" />
-
-
-	<securecookie host="^webmail\.bhosted\.nl$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bhosted\.nl/(css/|favicon\.ico|images/|js/|webmail(?:$|\?|/))"
-		to="https://www.bhosted.nl/$1" />
-
-	<rule from="^http://(admin|klant|webmail)\.bhosted\.nl/"
-		to="https://$1.bhosted.nl/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BHosting.ru.xml b/src/chrome/content/rules/BHosting.ru.xml
index adce66231989..bd89e807a2f0 100644
--- a/src/chrome/content/rules/BHosting.ru.xml
+++ b/src/chrome/content/rules/BHosting.ru.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?bhosting\.ru/"
 		to="https://www.bhosting.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BIBB.de.xml b/src/chrome/content/rules/BIBB.de.xml
new file mode 100644
index 000000000000..610f3fe84a6a
--- /dev/null
+++ b/src/chrome/content/rules/BIBB.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Federal Institute for Vocational Education and Training
+
+	Invalid certificate:
+		europass.bibb.de (common name: Let's Encrypt Authority X3)
+		exanda.bibb.de (common name: GeoTrust SSL CA - G3)
+		good-practice.bibb.de (common name: GeoTrust SSL CA - G3)
+		ldbb.bibb.de (common name: GeoTrust SSL CA - G3)
+		www.ldbb.bibb.de (common name: GeoTrust SSL CA - G3)
+		na.bibb.de (common name: GeoTrust SHA256 SSL CA)
+		www.na.bibb.de (common name: GeoTrust SHA256 SSL CA)
+
+	Non-2xx HTTP code:
+		bbne.bibb.de
+		eldoc.bibb.de
+		fdz.bibb.de
+		indikatorik.bibb.de
+-->
+<ruleset name="BIBB.de">
+
+	<target host="bibb.de" />
+	<target host="www.bibb.de" />
+	<target host="anerkennungsbefragung.bibb.de" />
+	<target host="ausbildungplus.bibb.de" />
+	<target host="aweb-intern.bibb.de" />
+	<target host="cloud.bibb.de" />
+	<target host="datenreport.bibb.de" />
+	<target host="expertenmonitor.bibb.de" />
+	<target host="foraus.bibb.de" />
+	<target host="kongress2018.bibb.de" />
+	<target host="login.bibb.de" />
+	<target host="metadaten.bibb.de" />
+	<target host="naa309.bibb.de" />
+	<target host="preview.nl.bibb.de" />
+	<target host="opac.bibb.de" />
+	<target host="prueferportal.bibb.de" />
+	<target host="stats.bibb.de" />
+	<target host="umfrage.bibb.de" />
+	<target host="wbmonitor.bibb.de" />
+	<target host="workspace.bibb.de" />
+	<target host="www2.bibb.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BIGO.xml b/src/chrome/content/rules/BIGO.xml
index e0ab742a58c0..131d44ae7772 100644
--- a/src/chrome/content/rules/BIGO.xml
+++ b/src/chrome/content/rules/BIGO.xml
@@ -3,6 +3,5 @@
 
 <rule from="^http:" to="https:" />
 
-<test url="http://www.bigo.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BIKT.xml b/src/chrome/content/rules/BIKT.xml
index 767e2af346df..d2b012d72c80 100644
--- a/src/chrome/content/rules/BIKT.xml
+++ b/src/chrome/content/rules/BIKT.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?bikt\.de/"
 		to="https://bikt.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BIO-International-Convention.xml b/src/chrome/content/rules/BIO-International-Convention.xml
index 797473da1183..c9161b68a769 100644
--- a/src/chrome/content/rules/BIO-International-Convention.xml
+++ b/src/chrome/content/rules/BIO-International-Convention.xml
@@ -37,7 +37,7 @@ Fetch error: http://bio.org/ => https://bio.org/: (51, "SSL: no alternative cert
 	* Secured by us
 
 -->
-<ruleset name="BIO.org (partial)" default_off='failed ruleset test'>
+<ruleset name="BIO.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BKA.de.xml b/src/chrome/content/rules/BKA.de.xml
new file mode 100644
index 000000000000..b4756a5adbee
--- /dev/null
+++ b/src/chrome/content/rules/BKA.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Timeout:
+		- iuk.bka.de
+		- tesit.bka.de
+-->
+<ruleset name="BKA.de">
+
+	<target host="bka.de" />
+	<target host="www.bka.de" />
+	<target host="bewerberportal.bka.de" />
+	<target host="bewerbung.bka.de" />
+	<target host="bewerbung-prep.bka.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BKGE.de.xml b/src/chrome/content/rules/BKGE.de.xml
new file mode 100644
index 000000000000..45f43dec68a6
--- /dev/null
+++ b/src/chrome/content/rules/BKGE.de.xml
@@ -0,0 +1,14 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="BKGE.de">
+	<!-- Federal Institute for Culture and History of the Germans in Eastern Europe -->
+
+	<target host="bkge.de" />
+	<target host="www.bkge.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BLOX.xml b/src/chrome/content/rules/BLOX.xml
index d72aeaa4426b..5d9c40708aca 100644
--- a/src/chrome/content/rules/BLOX.xml
+++ b/src/chrome/content/rules/BLOX.xml
@@ -6,4 +6,4 @@
 	<rule from="^http://([\w\-]+)\.bloxcms\.com/"
 		to="https://$1.bloxcms.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BMAS.de.xml b/src/chrome/content/rules/BMAS.de.xml
new file mode 100644
index 000000000000..7eba2e0490d2
--- /dev/null
+++ b/src/chrome/content/rules/BMAS.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		- www.ausstellung.bmas.de
+		- budget.bmas.de
+		- m.budget.bmas.de
+		- mobil.budget.bmas.de
+		- csr-konferenz.bmas.de
+		- www.csr-konferenz.bmas.de
+		- gesetze.bmas.de
+
+	Refused:
+		- adressen.bmas.de
+		- www.adressen.bmas.de
+		- bildungspaket.bmas.de
+		- www.bildungspaket.bmas.de
+
+	Timeout:
+		- anmeldung.bmas.de
+		- www.anmeldung.bmas.de
+-->
+<ruleset name="BMAS.de">
+	<!-- Federal Ministry of Labour and Social Affairs -->
+
+	<target host="bmas.de" />
+	<target host="www.bmas.de" />
+	<target host="www.budget.bmas.de" />
+	<target host="doku.bmas.de" />
+	<target host="reg.bmas.de" />
+	<target host="streaming.bmas.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMC.com.xml b/src/chrome/content/rules/BMC.com.xml
index 36ab335cafdf..5e4e952716c4 100644
--- a/src/chrome/content/rules/BMC.com.xml
+++ b/src/chrome/content/rules/BMC.com.xml
@@ -24,7 +24,11 @@
 <ruleset name="BMC.com (partial)">
 
 	<target host="bmc.com" />
-	<target host="*.bmc.com" />
+	<target host="www.bmc.com" />
+	<target host="media.cms.bmc.com" />
+	<target host="communities.bmc.com" />
+	<target host="docs.bmc.com" />
+	<target host="webapps.bmc.com" />
 		<!--exclusion pattern="^http://go\.bmc\.com/" /-->
 		<!--
 			Redirect to http:
diff --git a/src/chrome/content/rules/BMDW.org.xml b/src/chrome/content/rules/BMDW.org.xml
deleted file mode 100644
index 948f1e1a3d95..000000000000
--- a/src/chrome/content/rules/BMDW.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Bone Marrow Donors Worldwide
-
-
-	Insecure cookies are set for these hosts:
-
-		- bmdw.org
-		- www.bmdw.org
-
--->
-<ruleset name="BMDW.org">
-
-	<target host="bmdw.org" />
-	<target host="www.bmdw.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?bmdw\.org$" name="^fe_typo_user$" /-->
-
-	<securecookie host="^(?:www\.)?bmdw\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BME.hu.xml b/src/chrome/content/rules/BME.hu.xml
deleted file mode 100644
index b76b3955637e..000000000000
--- a/src/chrome/content/rules/BME.hu.xml
+++ /dev/null
@@ -1,154 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://epitesz.bme.hu/ => https://epitesz.bme.hu/: (7, 'Failed to connect to epitesz.bme.hu port 443: Connection refused')
-Fetch error: http://core.epitesz.bme.hu/ => https://core.epitesz.bme.hu/: (7, 'Failed to connect to core.epitesz.bme.hu port 443: Connection refused')
-Fetch error: http://vir.sch.bme.hu/ => https://vir.sch.bme.hu/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://bss.sch.bme.hu/ => https://bss.sch.bme.hu/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://printer.sch.bme.hu/ => https://printer.sch.bme.hu/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://home.sch.bme.hu/ => https://home.sch.bme.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://uszoda.sch.bme.hu/ => https://uszoda.sch.bme.hu/: (51, "SSL: no alternative certificate subject name matches target host name 'uszoda.sch.bme.hu'")
-Fetch error: http://wjsz.bme.hu/ => https://wjsz.bme.hu/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://cubesat.bme.hu/ => https://cubesat.bme.hu/: (60, 'SSL certificate problem: certificate has expired')
-
-	This file contains a ruleset for the websites of 
-	Budapest University of Technology and science.
-
-	This is not an official list, and probably not comprehensive!
-
-	This is a university domain with many different	sites and 
-	maintainter teams. Lots of the sites are sending incomplete 
-	certificate chains. But, all the sites are using the same
-	intermediate certificate, so the misconfigured sites are
-	"just works" because the browser has the missing certs cached.
-
-	By default, we should not enable SSL on sites with incomplete cert chains.
-	But because in this case, those sites usually work, we include a second
-	ruleset (see BME.hu_incomplete.xml) with the misconfigured sites.
-	The users can turn that on if they want.
-
-	Feel free to add or move sites to the correct list, 
-	but do not include them in both.
-
-	This is the list for sites with valid ssl cert chains.
- -->
-<ruleset name="BME" default_off='failed ruleset test'>
-	<!-- BME.hu EV -->
-	<target host="bme.hu" />
-	<target host="www.bme.hu" />
-	<target host="net.bme.hu" />
-	<target host="www.net.bme.hu" />
-	<target host="login.bme.hu" />
-	<target host="www.login.bme.hu" />
-	<!-- Neptun + KTH -->
-	<target host="kth.bme.hu" />
-	<target host="www.kth.bme.hu" />
-	<target host="frame.neptun.bme.hu" />
-	<target host="neptun.bme.hu" />
-	<target host="www.neptun.bme.hu" />
-	<!-- Epitesz kar -->
-	<target host="epitesz.bme.hu" />
-	<target host="www.epitesz.bme.hu" />
-	<target host="caadence.bme.hu" />
-	<target host="www.caadence.bme.hu" />
-	<target host="core.epitesz.bme.hu" />
-	<!-- Villamosmernoki kar -->
-	<target host="www.vik.bme.hu" />
-	<target host="vik.bme.hu" /> <!-- !!! -->
-	<target host="admin.vik.bme.hu" />
-	<target host="portal.vik.bme.hu" />
-	<!-- Schonherz -->
-	<target host="kszk.sch.bme.hu" />
-	<target host="vir.sch.bme.hu" />
-	<target host="bss.sch.bme.hu" />
-	<target host="lists.sch.bme.hu" />
-	<target host="kepzes.sch.bme.hu" />
-	<target host="printer.sch.bme.hu" />
-	<target host="vik.wiki" />
-	<target host="wiki.sch.bme.hu" />
-	<target host="home.sch.bme.hu" />
-	<!-- <target host="spot.sch.bme.hu" /> -->
-	<target host="uszoda.sch.bme.hu" />
-	<!-- Epitomernoki -->
-	<!-- <target host="epito.bme.hu" /> -->
-	<target host="www.epito.bme.hu" />
-	<!-- Filozofia -->
-	<target host="filozofia.bme.hu" />
-	<target host="www.filozofia.bme.hu" />
-	<!-- Tartoszerkezetek -->
-	<!-- <target host="me.bme.hu" /> -->
-	<target host="www.me.bme.hu" />
-	<!-- Kozlekkar -->
-	<target host="kozlekedes.bme.hu" />
-	<target host="www.kozlekedes.bme.hu" />
-	<!-- Gyartastudomany -->
-	<target host="manuf.bme.hu" />
-	<target host="www.manuf.bme.hu" />
-	<!-- Tavkozles es Mediainformatika -->
-	<target host="tmit.bme.hu" /> <!-- !!! -->
-	<target host="www.tmit.bme.hu" />
-	<!-- Vegyes es Biomernoki -->
-	<target host="ch.bme.hu" />
-	<target host="www.ch.bme.hu" />
-	<!-- Wigner Jeno szakkolegium -->
-	<target host="wjsz.bme.hu" />
-	<!-- Simonyi Karoly szakkolegium -->
-	<!-- expired
-	<target host="simonyi.bme.hu" />
-	<target host="www.simonyi.bme.hu" />
-	-->
-	<!-- Automatizalasi tanszek -->
-	<target host="aut.bme.hu" />
-	<target host="www.aut.bme.hu" />
-	<!-- Logisztika tanszek -->
-	<target host="logisztika.bme.hu" />
-	<target host="www.logisztika.bme.hu" />
-	<!-- Halozati rendszerek tanszek -->
-	<!-- <target host="hit.bme.hu" /> -->
-	<target host="www.hit.bme.hu" />
-	<!-- Bercsenyi kollegium -->
-	<target host="bercsenyi.bme.hu" />
-	<target host="www.bercsenyi.bme.hu" /> <!-- !!! -->
-	<target host="depo.bercsenyi.bme.hu" />
-	<!-- Atomfizika tanszek -->
-	<!-- <target host="fat.bme.hu" /> -->
-	<target host="www.fat.bme.hu" />
-	<!-- Épületgépészeti tanszék -->	
-	<target host="epget.bme.hu" />
-	<target host="www.epget.bme.hu" />
-	<!-- Karman Todor kollegium -->
-	<target host="ktk.bme.hu" />
-	<target host="ghk.ktk.bme.hu" /> <!-- !!! -->
-	<target host="support.ktk.bme.hu" />
-	<target host="webmail.ktk.bme.hu" />
-	<target host="lists.ktk.bme.hu" />
-	<target host="kolireg.ktk.bme.hu" />
-	<!-- ?? -->
-	<target host="www.kontrolling.bme.hu" />
-	<target host="kontrolling.bme.hu" />
-	<target host="mad.eik.bme.hu" />
-	<target host="cubesat.bme.hu" />
-	<target host="decor.eik.bme.hu" />
-	<target host="felveteli.mesterek.bme.hu" />
-	<target host="pp.bme.hu" />
-	<target host="pp.omikk.bme.hu" />
-	<target host="esn.bme.hu" />
-	<target host="www.esn.bme.hu" />
-
-	<!-- Probably, there are many more sites in the bme.hu domain -->
-	
-	<!-- Workaround https://tmit.bme.hu cert error -->
-	<rule from="^https?://tmit\.bme\.hu/"
-	      to="https://www.tmit.bme.hu/"/>
-
-	<!-- Hop directly to https NEPTUN -->
-	<rule from="^http://(www\.)?neptun\.bme\.hu/"
-	      to="https://www.kth.bme.hu/neptun/"/>
-
-	<!-- Redirect vik.wiki alias to wiki.sch.bme.hu which has a cert -->
-	<rule from="^http://vik\.wiki/"
-		  to="https://wiki.sch.bme.hu/" />
-
-	<rule from="^http:"
-	      to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BME.hu_incomplete.xml b/src/chrome/content/rules/BME.hu_incomplete.xml
deleted file mode 100644
index ffba1d993f6d..000000000000
--- a/src/chrome/content/rules/BME.hu_incomplete.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	This file contains a ruleset for the websites of 
-	Budapest University of Technology and science.
-
-	This is NOT a standalone ruleset.
-
-	Please see BME.hu.xml before editing this file!
-
- -->
-<ruleset name="BME (incomplete)" default_off="missing certificate chain">
-<!-- This ruleset is only for misconfigured sites. See BME.xml -->
-
-	<!-- Merestechnika -->
-	<target host="www.mit.bme.hu" />
-	<target host="mit.bme.hu" /> <!-- !!! -->
-	<target host="inf.mit.bme.hu" />
-	<target host="svn.inf.mit.bme.hu" />
-	<target host="git.inf.mit.bme.hu" />
-	<target host="trac.inf.mit.bme.hu" />
-	<!-- Tetenyi uti kollegium -->
-	<target host="teteny.bme.hu" />
-	<target host="www.teteny.bme.hu" />
-	<target host="uszoda.teteny.bme.hu" />
-	<target host="tir.teteny.bme.hu" />
-	<target host="ihfs.teteny.bme.hu" />
-	<!-- Szamitastudomany tanszek -->
-	<target host="cs.bme.hu" />
-	<target host="www.cs.bme.hu" />
-
-	<!-- Workaround https://mit.bme.hu cert error -->
-	<rule from="^https?://mit\.bme\.hu/"
-	      to="https://www.mit.bme.hu/"/>
-
-	<rule from="^http:"
-	      to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BMFSFJ.de.xml b/src/chrome/content/rules/BMFSFJ.de.xml
new file mode 100644
index 000000000000..7b6821af518b
--- /dev/null
+++ b/src/chrome/content/rules/BMFSFJ.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		- daten.bmfsfj.de
+		- www.daten.bmfsfj.de
+-->
+<ruleset name="BMFSFJ.de">
+	<!-- Federal Ministry for Family Affairs, Senior Citizens, Women and Youth -->
+
+	<target host="bmfsfj.de" />
+	<target host="www.bmfsfj.de" />
+	<target host="studio-stage.bmfsfj.de" />
+	<target host="preview.studio-stage.bmfsfj.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bmfsfj.de/,
+	http://bmfsfj.de/ redirects to https://www.bmfsfj.de/ -->
+	<rule from="^http://bmfsfj\.de/"
+		to="https://www.bmfsfj.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMU.de.xml b/src/chrome/content/rules/BMU.de.xml
new file mode 100644
index 000000000000..b963dfe41770
--- /dev/null
+++ b/src/chrome/content/rules/BMU.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		- mobil.bmu.de
+		- secure.mobil.bmu.de
+
+	Timeout:
+		- kronos.bmu.de
+-->
+<ruleset name="BMU.de">
+	<!-- Federal Ministry for the Environment, Nature Conservation and Nuclear Safety -->
+
+	<target host="bmu.de" />
+	<target host="www.bmu.de" />
+	<target host="m.bmu.de" />
+	<target host="secure.m.bmu.de" />
+	<target host="nl.bmu.de" />
+	<target host="owa.bmu.de" />
+	<target host="secure.bmu.de" />
+	<target host="vpc.bmu.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMWi.de.xml b/src/chrome/content/rules/BMWi.de.xml
new file mode 100644
index 000000000000..077ba79fef27
--- /dev/null
+++ b/src/chrome/content/rules/BMWi.de.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		- exportinitiative.bmwi.de
+		- lexikon.bmwi.de
+
+	Refused:
+		- preview6gsb.bmwi.de
+
+	Timeout:
+		- db.bmwi.de
+		- www.exportinitiative.bmwi.de
+		- forum.bmwi.de
+		- m.bmwi.de
+		- preview6-digital.bmwi.de
+		- redaktion.bmwi.de
+
+	Unable to get local issuer certificate:
+		- adfs.exportinitiative.bmwi.de
+		- db-energie.exportinitiative.bmwi.de
+		- energie.exportinitiative.bmwi.de
+-->
+<ruleset name="BMWi.de">
+	<!-- Federal Ministry for Economic Affairs and Energy -->
+
+	<target host="bmwi.de" />
+	<target host="www.bmwi.de" />
+	<target host="info.bmwi.de" />
+	<target host="karten.bmwi.de" />
+	<target host="www.karten.bmwi.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bmwi.de/,
+	http://bmwi.de/ redirects to https://www.bmwi.de/ -->
+	<rule from="^http://bmwi\.de/"
+		to="https://www.bmwi.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BMZ.de.xml b/src/chrome/content/rules/BMZ.de.xml
new file mode 100644
index 000000000000..286da2935230
--- /dev/null
+++ b/src/chrome/content/rules/BMZ.de.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		- www.health.bmz.de
+
+	Non-2xx HTTP code:
+		- stream.bmz.de
+-->
+<ruleset name="BMZ.de">
+	<!-- Federal Ministry for Economic Cooperation and Development -->
+
+	<target host="bmz.de" />
+	<target host="www.bmz.de" />
+	<target host="cms.bmz.de" />
+	<target host="facebook.bmz.de" />
+	<target host="googleplus.bmz.de" />
+	<target host="grde.bmz.de" />
+	<target host="health.bmz.de" />
+	<target host="piwik.bmz.de" />
+	<target host="stage.bmz.de" />
+	<target host="statistik.bmz.de" />
+	<target host="teamwork.bmz.de" />
+	<target host="twitter.bmz.de" />
+	<target host="youtube.bmz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BM_Pharmacy.xml b/src/chrome/content/rules/BM_Pharmacy.xml
deleted file mode 100644
index bccc90f74299..000000000000
--- a/src/chrome/content/rules/BM_Pharmacy.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="BM Pharmacy">
-
-	<target host="bmpharmacy.com" />
-	<target host="www.bmpharmacy.com" />
-
-
-	<securecookie host="^\.bmpharmacy\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BNN.de.xml b/src/chrome/content/rules/BNN.de.xml
new file mode 100644
index 000000000000..a8bd9f58a263
--- /dev/null
+++ b/src/chrome/content/rules/BNN.de.xml
@@ -0,0 +1,54 @@
+<!--
+	Invalid certificate:
+		test.dev.bnn.de
+		www.test.dev.bnn.de
+		tracker.dev.bnn.de
+		www.tracker.dev.bnn.de
+		iapp.bnn.de
+		upload.bnn.de
+
+	Timeout:
+		eigentuemertelefon.bnn.de
+		www.eigentuemertelefon.bnn.de
+		iapp-sso.bnn.de
+		immo.bnn.de
+		www.immo.bnn.de
+		kleinanzeigen.bnn.de
+		mail01.bnn.de
+		mail02.bnn.de
+
+	Unable to get local issuer certificate:
+		dev.bnn.de
+-->
+<ruleset name="BNN.de">
+
+	<target host="bnn.de" />
+	<target host="www.bnn.de" />
+	<target host="appapi.bnn.de" />
+	<target host="appapi-elb.bnn.de" />
+	<target host="appapi-qa.bnn.de" />
+	<target host="appapi-qa-elb.bnn.de" />
+	<target host="ebook.bnn.de" />
+	<target host="fahrradtouren.bnn.de" />
+	<target host="jobs.bnn.de" />
+	<target host="selbsteingabe.jobs.bnn.de" />
+	<target host="kino.bnn.de" />
+	<target host="leserreisen.bnn.de" />
+	<target host="magazine.bnn.de" />
+	<target host="pageflow.bnn.de" />
+	<target host="printportal.bnn.de" />
+	<target host="qa.bnn.de" />
+	<target host="service.bnn.de" />
+	<target host="stage.service.bnn.de" />
+	<target host="sandbox.service.bnn.de" />
+	<target host="tickets.bnn.de" />
+	<target host="trauer.bnn.de" />
+	<target host="veranstaltungen.bnn.de" />
+	<target host="web.bnn.de" />
+	<target host="zurueckgespult.bnn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BOALT.xml b/src/chrome/content/rules/BOALT.xml
index d44b8e1c3229..405104a67010 100644
--- a/src/chrome/content/rules/BOALT.xml
+++ b/src/chrome/content/rules/BOALT.xml
@@ -7,17 +7,16 @@
 <ruleset name="BOALT">
 
 	<target host="boalt.com" />
-	<target host="*.boalt.com" />
+	<target host="www.boalt.com" />
 	<target host="adamboalt.wpengine.netdna-cdn.com" />
 
 
 	<securecookie host="^\.boalt\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?boalt\.com/"
-		to="https://$1boalt.com/" />
 
 	<rule from="^http://adamboalt\.wpengine\.netdna-cdn\.com/"
 		to="https://boalt.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BR.xml b/src/chrome/content/rules/BR.xml
index 8dec414b0ef5..55250ca304ad 100644
--- a/src/chrome/content/rules/BR.xml
+++ b/src/chrome/content/rules/BR.xml
@@ -1,9 +1,30 @@
+<!--
+	No valid Cert for:
+	bayern3-liveblog.br.de
+	liveblog.br.de
+-->
+
 <ruleset name="Bayrischer Rundfunk">
 
 	<target host="br.de"/>
+	<target host="www.br.de"/>
+	<target host="blog.br.de"/>
 	<target host="cdn-storage.br.de" />
+	<target host="franken-tatort.br.de"/>
+	<target host="frequenzsuche.br.de"/>
+	<target host="jazzwoche-burghausen.br.de"/>
+	<target host="jobs.br.de"/>
+	<target host="mannfrau.br.de"/>
+	<target host="medienundschule.br.de"/>
+	<target host="schnee-von-morgen.br.de"/>
+	<target host="schulkonzert.br.de"/>
 	<target host="story.br.de"/>
-	<target host="www.br.de"/>
+	<target host="tippspiel.br.de"/>
+	<target host="web.br.de"/>
+	<target host="wettermelder.br.de"/>
+	<target host="zuendfunk-netzteil.br.de"/>
+
+	<target host="brreisen.de"/>
 	<target host="www.brreisen.de"/>
 	<target host="br-ticket.de" />
 	<target host="www.br-ticket.de" />
@@ -12,13 +33,7 @@
 
 	<rule from="^http://(www\.)?shop\.br-ticket\.de/"
 		to="https://br-ticket.muenchenticket.net/" />
-	
-	
-	
-	
-	
-	
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/BRChan.xml b/src/chrome/content/rules/BRChan.xml
index 68558eefcf0a..f11a7a49580e 100644
--- a/src/chrome/content/rules/BRChan.xml
+++ b/src/chrome/content/rules/BRChan.xml
@@ -1,7 +1,7 @@
-<ruleset name="BRChan">
-	<target host="brchan.org" />
-	<target host="www.brchan.org" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
+<ruleset name="BRChan">
+	<target host="brchan.org" />
+	<target host="www.brchan.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BSD.lv.xml b/src/chrome/content/rules/BSD.lv.xml
new file mode 100644
index 000000000000..92897f4c0dcf
--- /dev/null
+++ b/src/chrome/content/rules/BSD.lv.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+		- mail.mandoc.bsd.lv
+		- mail.mdocml.bsd.lv
+		- schwarze.bsd.lv
+-->
+<ruleset name="BSD.lv">
+	<target host="bsd.lv" />
+	<target host="www.bsd.lv" />
+	<target host="cvsweb.bsd.lv" />
+	<target host="kristaps.bsd.lv" />
+	<target host="man.bsd.lv" />
+	<target host="mandoc.bsd.lv" />
+	<target host="manpages.bsd.lv" />
+	<target host="mdocml.bsd.lv" />
+	<target host="multiplicity.bsd.lv" />
+	<target host="vmrc.bsd.lv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BSD_Consulting.co.jp.xml b/src/chrome/content/rules/BSD_Consulting.co.jp.xml
index e566f7df510b..dacfe2e9f0b1 100644
--- a/src/chrome/content/rules/BSD_Consulting.co.jp.xml
+++ b/src/chrome/content/rules/BSD_Consulting.co.jp.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.bsdconsulting.co.jp/ => https://www.bsdconsulting.co.jp/
 	^bsdconsulting.co.jp doesn't exist.
 
 -->
-<ruleset name="BSD Consulting.co.jp" default_off='failed ruleset test'>
+<ruleset name="BSD Consulting.co.jp" default_off="failed ruleset test">
 
 	<target host="www.bsdconsulting.co.jp" />
 
diff --git a/src/chrome/content/rules/BSH.de.xml b/src/chrome/content/rules/BSH.de.xml
new file mode 100644
index 000000000000..efef9a2a61e6
--- /dev/null
+++ b/src/chrome/content/rules/BSH.de.xml
@@ -0,0 +1,24 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Unable to get local issuer certificate:
+		gdiwiki.bsh.de
+-->
+<ruleset name="Bundesamt für Seeschifffahrt und Hydrographie (Partial)">
+	<!-- Federal Maritime and Hydrographic Agency of Germany -->
+
+	<target host="www.bsh.de" />
+	<target host="anker.bsh.de" />
+	<target host="data.bsh.de" />
+	<target host="opendata.bsh.de" />
+	<target host="seadata.bsh.de" />
+	<target host="serviceportal.bsh.de" />
+	<target host="verzeichnis.bsh.de" />
+	<target host="vpn.bsh.de" />
+	<target host="www2.bsh.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/BSWA.xml b/src/chrome/content/rules/BSWA.xml
deleted file mode 100644
index 5de49a3d58f7..000000000000
--- a/src/chrome/content/rules/BSWA.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Buddhist Society of Western Australia" platform="mixedcontent">
-    <target host="dhammaloka.org.au" />
-    <target host="www.dhammaloka.org.au" />
-
-    <securecookie host="^(?:www)?(?:\.)?dhammaloka\.org\.au$" name=".+" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BSidesSLC.org.xml b/src/chrome/content/rules/BSidesSLC.org.xml
index 601444195f3d..b04a8c899c4f 100644
--- a/src/chrome/content/rules/BSidesSLC.org.xml
+++ b/src/chrome/content/rules/BSidesSLC.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.bsidesslc.org/ => https://www.bsidesslc.org/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="BSidesSLC.org" default_off='failed ruleset test'>
+<ruleset name="BSidesSLC.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BT.xml b/src/chrome/content/rules/BT.xml
index b6b413f22b80..4221d0d43668 100644
--- a/src/chrome/content/rules/BT.xml
+++ b/src/chrome/content/rules/BT.xml
@@ -87,7 +87,7 @@ Fetch error: http://www.redcare.bt.com/ => https://www.redcare.com/: (7, 'Failed
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="BT.com (partial)" default_off='failed ruleset test'>
+<ruleset name="BT.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BTC100.com.xml b/src/chrome/content/rules/BTC100.com.xml
index b2376df499dd..505742cae28c 100644
--- a/src/chrome/content/rules/BTC100.com.xml
+++ b/src/chrome/content/rules/BTC100.com.xml
@@ -2,7 +2,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="BTC100.com" default_off="missing certificate chain">
+<ruleset name="BTC100.com" default_off="cert-chain">
 
 	<target host="btc100.com" />
 	<target host="www.btc100.com" />
diff --git a/src/chrome/content/rules/BTCChina.com.xml b/src/chrome/content/rules/BTCChina.com.xml
deleted file mode 100644
index 3bd710fd3fa3..000000000000
--- a/src/chrome/content/rules/BTCChina.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For its new domain, see Btcc.com.xml
-
-	Mismatch
-		- cn.btcchina.com
-		- forwards.btcchina.com
-		- sandbox.btcchina.com
-
-	Expired
-		- oidc.btcchina.com
--->
-<ruleset name="BTCChina.com">
-	<target host="btcchina.com" />
-	<target host="www.btcchina.com" />
-	<target host="api.btcchina.com" />
-	<target host="exchange.btcchina.com" />
-	<target host="f.btcchina.com" />
-	<target host="forever.btcchina.com" />
-	<target host="m.btcchina.com" />
-	<target host="mobile.btcchina.com" />
-	<target host="p.btcchina.com" />
-	<target host="pay.btcchina.com" />
-	<target host="vip.btcchina.com" />
-	<target host="wallet.btcchina.com" />
-
-	<target host="com.btcchinacdn.com" />
-
-	<rule from="^http:"	to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BTCGreece.com.xml b/src/chrome/content/rules/BTCGreece.com.xml
index b9e5c0878d1a..4c31f0f6a476 100644
--- a/src/chrome/content/rules/BTCGreece.com.xml
+++ b/src/chrome/content/rules/BTCGreece.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.btcgreece.com/ => https://www.btcgreece.com/: (35, 'erro
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="BTCGreece.com" default_off='failed ruleset test'>
+<ruleset name="BTCGreece.com" default_off="failed ruleset test">
 
 	<target host="btcgreece.com" />
 	<target host="www.btcgreece.com" />
diff --git a/src/chrome/content/rules/BTCJam.com.xml b/src/chrome/content/rules/BTCJam.com.xml
index b5ece67779c6..283e9e2e36ad 100644
--- a/src/chrome/content/rules/BTCJam.com.xml
+++ b/src/chrome/content/rules/BTCJam.com.xml
@@ -1,42 +1,15 @@
 <!--
-	Nonfunctional hosts in *btcjam.com:
-
-		- help *
-
-	* Desk.com
-
-
-	Problematic hosts in *btcjam.com:
-
-		- blog *
-
-	* Mismatched
-
-
-	Fully covered hosts in *btcjam.com:
+btcjam is now closed however they are sitll running one sub domain - blog.btcjam.com
 
-		- (www.)?
-
-
-	Insecure cookies are set for these hosts:
+	Nonfunctional hosts in *btcjam.com:
 
-		- btcjam.com
+	Does not resolve
+        www.blog.btcjam.com
+		btcjam.com
 
 -->
-<ruleset name="BTCJam.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="btcjam.com" />
-	<target host="www.btcjam.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^btcjam\.com$" name="^(_session_id|XSRF-TOKEN|locale)$" /-->
-
-	<securecookie host="^btcjam\.com$" name=".+" />
-
+<ruleset name="BTCJam.com">
+	<target host="blog.btcjam.com" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/BTCKan.com.xml b/src/chrome/content/rules/BTCKan.com.xml
index 98d3472b65f7..f78c07d01b59 100644
--- a/src/chrome/content/rules/BTCKan.com.xml
+++ b/src/chrome/content/rules/BTCKan.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://btckan.com/ => https://btckan.com/: (51, "SSL: no alternativ
 Fetch error: http://www.btckan.com/ => https://www.btckan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.btckan.com'")
 
 -->
-<ruleset name="BTCKan.com" default_off='failed ruleset test'>
+<ruleset name="BTCKan.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BTCZone.xml b/src/chrome/content/rules/BTCZone.xml
deleted file mode 100644
index 79230a54b6f5..000000000000
--- a/src/chrome/content/rules/BTCZone.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://btczone.com/ => https://btczone.com/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://www.btczone.com/ => https://www.btczone.com/: (28, 'Connection timed out after 10000 milliseconds')
-
--->
-<ruleset name="BTCZone">
-
-	<target host="btczone.com" />
-	<target host="www.btczone.com" />
-
-
-	<securecookie host="^(?:www\.)?btczone\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BTC_Gear.com.xml b/src/chrome/content/rules/BTC_Gear.com.xml
index 48182cc70f55..cbd23ae20bc3 100644
--- a/src/chrome/content/rules/BTC_Gear.com.xml
+++ b/src/chrome/content/rules/BTC_Gear.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://btcgear.com/ => https://btcgear.com/: (60, 'SSL certificate
 	* Secured by us
 
 -->
-<ruleset name="BTC Gear.com" default_off='failed ruleset test'>
+<ruleset name="BTC Gear.com" default_off="failed ruleset test">
 
 	<target host="btcgear.com" />
 	<target host="www.btcgear.com" />
diff --git a/src/chrome/content/rules/BTC_Media.org.xml b/src/chrome/content/rules/BTC_Media.org.xml
index 69c63982ed2f..700428b81f4c 100644
--- a/src/chrome/content/rules/BTC_Media.org.xml
+++ b/src/chrome/content/rules/BTC_Media.org.xml
@@ -1,7 +1,6 @@
 <!--
 	Other BTC Media rulesets:
 
-		- YBitcoin.com.xml
 		- YBitcoin_Magazine.com.xml
 
 
diff --git a/src/chrome/content/rules/BTDigg.xml b/src/chrome/content/rules/BTDigg.xml
index 76f5885ff6ba..e1ce5017071a 100644
--- a/src/chrome/content/rules/BTDigg.xml
+++ b/src/chrome/content/rules/BTDigg.xml
@@ -2,7 +2,7 @@
 
 	<target host="btdigg.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.btdigg.org" />
+	<target host="www.btdigg.org" />
 
 
 	<securecookie host="^\.?btdigg\.org$" name=".+" />
diff --git a/src/chrome/content/rules/BTGuard.com.xml b/src/chrome/content/rules/BTGuard.com.xml
index f96e67c6f780..ba8d8d97a234 100644
--- a/src/chrome/content/rules/BTGuard.com.xml
+++ b/src/chrome/content/rules/BTGuard.com.xml
@@ -1,9 +1,11 @@
 <ruleset name="BTGuard.com">
 
 	<target host="btguard.com" />
-	<target host="*.btguard.com"/>
+	<target host="affiliate.btguard.com" />
+	<target host="www.btguard.com" />
+	<target host="www.affiliate.btguard.com" />
 
-	<securecookie host="^(?:.*\.)?btguard\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?(affiliate\.)?btguard\.com/"
 		to="https://$1btguard.com/"/>
diff --git a/src/chrome/content/rules/BTToronto.ca.xml b/src/chrome/content/rules/BTToronto.ca.xml
new file mode 100644
index 000000000000..7a670dd3831e
--- /dev/null
+++ b/src/chrome/content/rules/BTToronto.ca.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		- live.bttoronto.ca
+
+	Timed out:
+		- bttoronto.ca, equivalent to www.bttoronto.ca
+		- blogs.bttoronto.ca
+-->
+
+<ruleset name="BTToronto.ca">
+	<target host="bttoronto.ca" />
+	<target host="www.bttoronto.ca" />
+
+	<rule from="^http://bttoronto\.ca/"
+		  to="https://www.bttoronto.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BT_Wi-fi.xml b/src/chrome/content/rules/BT_Wi-fi.xml
index a31bbc2806b2..4628bd7abdc2 100644
--- a/src/chrome/content/rules/BT_Wi-fi.xml
+++ b/src/chrome/content/rules/BT_Wi-fi.xml
@@ -1,32 +1,17 @@
 <!--
-	For other BT Group coverage, see BT-Group.xml.
-
-
-	Fully covered domains:
-
-		- (www.)btwifi.co.uk
-		- (www.)btwifi.com
-		- my.btwifi.com
-
+	For other BT Group coverage, see BT-Group.xml
 -->
-<ruleset name="BT Wi-fi">
+<ruleset name="BT Wi-Fi (partial)">
+	<!-- *.btwifi.com -->
+	<target host="btwifi.com" />
+	<target host="my.btwifi.com" />
+	<target host="www.btwifi.com" />
 
+	<!-- *.btwifi.co.uk -->
 	<target host="btwifi.co.uk" />
 	<target host="www.btwifi.co.uk" />
-	<target host="btwifi.com" />
-	<target host="*.btwifi.com" />
-
-
-	<!--	Observed cookie domains:
-
-			- (www.)btwifi.co.uk
-			- (www.)btwifi.com
-			- my.btwifi.com
-					-->
-	<securecookie host="^(?:.+\.)?btwifi\.co(?:\.uk|m)$" name=".+" />
-
 
-	<rule from="^http://(my\.|www\.)?btwifi\.co(\.uk|m)/"
-		to="https://$1btwifi.co$2/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BTunnel.xml b/src/chrome/content/rules/BTunnel.xml
index 5f3e945dd5ef..d51f36d1cd3d 100644
--- a/src/chrome/content/rules/BTunnel.xml
+++ b/src/chrome/content/rules/BTunnel.xml
@@ -5,11 +5,11 @@ Fetch error: http://btunnel.com/ => https://btunnel.com/: (51, "SSL: no alternat
 Fetch error: http://www.btunnel.com/ => https://btunnel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'btunnel.com'")
 
 -->
-<ruleset name="BTunnel" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="BTunnel" platform="mixedcontent" default_off="failed ruleset test">
   <target host="btunnel.com" />
   <target host="www.btunnel.com" />
 
-  <securecookie host="^(?:.+\.)?btunnel\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?btunnel\.com/" to="https://btunnel.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/BU.edu.xml b/src/chrome/content/rules/BU.edu.xml
index 4fb1e473e5b3..9e5460d1a755 100644
--- a/src/chrome/content/rules/BU.edu.xml
+++ b/src/chrome/content/rules/BU.edu.xml
@@ -18,10 +18,16 @@
 		sphweb.bumc.bu.edu (revoked)
 		bumc.bu.edu
 		g2pc1.bu.edu
+		onlinemsw.bu.edu
+
+	Broken cert chain:
+		medlib.bu.edu
 
 	Time out:
 		mark.bu.edu
 
+	Securing the cookies on this domain can cause issues with proxy access to academic publications (#17838).
+
 -->
 <ruleset name="Boston University (partial)">
 
@@ -34,13 +40,7 @@
 	<target host="cs-people.bu.edu" />
 	<target host="financialplanningonline.bu.edu" />
 	<target host="genealogyonline.bu.edu" />
-	<target host="joule.bu.edu" />
-		<test url="http://joule.bu.edu/~hazen/" />
-		<!-- Exclude implicit test url -->
-		<exclusion pattern="^http://joule\.bu\.edu/$" />
-	<target host="medlib.bu.edu" />
 	<target host="onlineprofundraising.bu.edu" />
-	<target host="onlinemsw.bu.edu" />
 	<target host="paralegalonline.bu.edu" />
 	<target host="physics.bu.edu" />
 	<target host="professional.bu.edu" />
@@ -48,8 +48,6 @@
 	<target host="search.bu.edu" />
 	<target host="tandem.bu.edu" />
 
-	<securecookie host="^(www)?\.bu\.edu$" name=".+" />
-
 	<rule from="^http://(bumc\.)?bu\.edu/"
 		to="https://www.$1bu.edu/" />
 
diff --git a/src/chrome/content/rules/BUNTE.de.xml b/src/chrome/content/rules/BUNTE.de.xml
new file mode 100644
index 000000000000..9fb55ac5d417
--- /dev/null
+++ b/src/chrome/content/rules/BUNTE.de.xml
@@ -0,0 +1,41 @@
+<!--
+	SSL: no alternative certificate subject name matches target host name:
+		- buzz.bunte.de
+		- go.bunte.de
+		- *.go.bunte.de
+		- goto.bunte.de
+
+	Timeout:
+		- autodiscover.bunte.de
+		- viplounge.bunte.de
+		- wohnideen.bunte.de
+-->
+<ruleset name="BUNTE.de">
+
+	<target host="bunte.de" />
+	<target host="www.bunte.de" />
+	<target host="cdn-video.bunte.de" />
+	<target host="develop.bunte.de" />
+	<target host="edit.bunte.de" />
+	<target host="fbia.bunte.de" />
+	<target host="inside-api.bunte.de" />
+	<target host="inside-api-develop.bunte.de" />
+	<target host="link.bunte.de" />
+	<target host="login.bunte.de" />
+	<target host="m.bunte.de" />
+	<target host="mobil.bunte.de" />
+	<target host="preview.bunte.de" />
+	<target host="promo.bunte.de" />
+	<target host="static.bunte.de" />
+	<target host="static-assets.bunte.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Timeout on https://bunte.de/,
+	http://bunte.de/ redirects to https://www.bunte.de/.-->
+	<rule from="^http://bunte\.de/"
+		to="https://www.bunte.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BVG.de.xml b/src/chrome/content/rules/BVG.de.xml
index 283b9d440f91..1e4f42a59c02 100644
--- a/src/chrome/content/rules/BVG.de.xml
+++ b/src/chrome/content/rules/BVG.de.xml
@@ -9,7 +9,7 @@ Fetch error: http://track.bvg.de/ => https://track.bvg.de/: (60, 'SSL certificat
 		- owa.bvg.de (not working)
 		- unternehmen.prelive.bvg.de (cert mismatch)
 -->
-<ruleset name="BVG.de" default_off='failed ruleset test'>
+<ruleset name="BVG.de" default_off="failed ruleset test">
 	<target host="bvg.de" />
 	<target host="ap2.bvg.de" />
 	<target host="bewerbungen.bvg.de" />
diff --git a/src/chrome/content/rules/BVI_Photo_Video.com.xml b/src/chrome/content/rules/BVI_Photo_Video.com.xml
deleted file mode 100644
index aebead1e0c86..000000000000
--- a/src/chrome/content/rules/BVI_Photo_Video.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="BVI Photo Video.com">
-
-	<target host="bviphotovideo.com" />
-	<target host="www.bviphotovideo.com" />
-
-
-	<securecookie host="^(?:www)\.bviphotovideo\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BX.in.th.xml b/src/chrome/content/rules/BX.in.th.xml
deleted file mode 100644
index 6fe180799718..000000000000
--- a/src/chrome/content/rules/BX.in.th.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- bx.in.th
-
--->
-<ruleset name="BX.in.th">
-
-	<target host="bx.in.th" />
-	<target host="www.bx.in.th" />
-
-		<test url="http://bx.in.th/ref/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bx\.in\.th$" name="^referral$" /-->
-
-	<securecookie host="^bx\.in\.th$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BZ-Berlin.de.xml b/src/chrome/content/rules/BZ-Berlin.de.xml
new file mode 100644
index 000000000000..b3977294059f
--- /dev/null
+++ b/src/chrome/content/rules/BZ-Berlin.de.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		nachtleben.bz-berlin.de
+		ww251.bz-berlin.de
+
+	Non-2xx HTTP code:
+		aboservice.bz-berlin.de
+
+	Refused:
+		branchenbuch.bz-berlin.de
+
+	Timeout:
+		blogs.bz-berlin.de
+		fileserver.bz-berlin.de
+		immonet.bz-berlin.de
+		ors.bz-berlin.de
+		preview.bz-berlin.de
+
+	Unable to get local issuer certificate:
+		service.bz-berlin.de
+-->
+<ruleset name="BZ-Berlin.de">
+
+	<target host="bz-berlin.de" />
+	<target host="www.bz-berlin.de" />
+	<target host="www.aboservice.bz-berlin.de" />
+	<target host="aboservice1.bz-berlin.de" />
+	<target host="event.bz-berlin.de" />
+	<target host="ivw-amp.bz-berlin.de" />
+	<target host="www.sonderthemen.bz-berlin.de" />
+	<target host="static.bz-berlin.de" />
+	<target host="willy.bz-berlin.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/B_E_Smith.xml b/src/chrome/content/rules/B_E_Smith.xml
index 00e4b211b821..d44cbcad48aa 100644
--- a/src/chrome/content/rules/B_E_Smith.xml
+++ b/src/chrome/content/rules/B_E_Smith.xml
@@ -9,16 +9,19 @@ Fetch error: http://besmith.com/ => https://besmith.com/: (51, "SSL: no alternat
 <ruleset name="B. E. Smith">
 
 	<target host="besmith.com" />
-	<target host="*.besmith.com" />
+	<target host="ex1.besmith.com" />
+	<target host="mail.besmith.com" />
+	<target host="thebridge.besmith.com" />
+	<target host="www.besmith.com" />
+	<target host="autodiscover.besmith.com" />
 
 
 	<securecookie host=".+\.besmith\.com$" name=".+" />
 
 
-	<rule from="^http://((?:ex1|mail|thebridge|www)\.)?besmith\.com/"
-		to="https://$1besmith.com/" />
 
 	<rule from="^http://autodiscover\.besmith\.com/"
 		to="https://autodiscover-s.outlook.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BabyDiscuss.com.xml b/src/chrome/content/rules/BabyDiscuss.com.xml
new file mode 100644
index 000000000000..32324ea17ccd
--- /dev/null
+++ b/src/chrome/content/rules/BabyDiscuss.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="BabyDiscuss.com">
+	<target host="babydiscuss.com" />
+	<target host="www.babydiscuss.com" />
+	<target host="demo2020.babydiscuss.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BabyMed.com.xml b/src/chrome/content/rules/BabyMed.com.xml
index 2992eda07e1c..0fc8fd74f9c6 100644
--- a/src/chrome/content/rules/BabyMed.com.xml
+++ b/src/chrome/content/rules/BabyMed.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?babymed\.com/(favicon\.ico|sites/|themes/|user(?:$|\?/))"
 		to="https://www.babymed.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Backcountry.com.xml b/src/chrome/content/rules/Backcountry.com.xml
index c1b4b8443785..cbb98722788a 100644
--- a/src/chrome/content/rules/Backcountry.com.xml
+++ b/src/chrome/content/rules/Backcountry.com.xml
@@ -12,7 +12,12 @@
 <ruleset name="Backcountry.com (partial)">
 
 	<target host="backcountry.com" />
-	<target host="*.backcountry.com" />
+	<target host="www.backcountry.com" />
+	<target host="api.backcountry.com" />
+	<target host="beta.backcountry.com" />
+	<target host="m.backcountry.com" />
+	<target host="content.backcountry.com" />
+	<target host="promoimages.backcountry.com" />
 
 
 	<securecookie host="^m\.backcountry\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Backloggery.com.xml b/src/chrome/content/rules/Backloggery.com.xml
index e320c2f38a49..5733417218c5 100644
--- a/src/chrome/content/rules/Backloggery.com.xml
+++ b/src/chrome/content/rules/Backloggery.com.xml
@@ -2,6 +2,6 @@
 	<target host="backloggery.com" />
 	<target host="www.backloggery.com" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Backupify.xml b/src/chrome/content/rules/Backupify.xml
index 5ce659b9453c..56ad1b99d241 100644
--- a/src/chrome/content/rules/Backupify.xml
+++ b/src/chrome/content/rules/Backupify.xml
@@ -2,7 +2,7 @@
   <target host="backupify.com" />
   <target host="www.backupify.com" />
 
-  <securecookie host="^(?:.*\.)?backupify\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BadgeKit.org.xml b/src/chrome/content/rules/BadgeKit.org.xml
index cd86e2e42e66..efa0ad0f4504 100644
--- a/src/chrome/content/rules/BadgeKit.org.xml
+++ b/src/chrome/content/rules/BadgeKit.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://api.badgekit.org/ => https://api.badgekit.org/: (6, 'Could n
 		- badgekit.org
 
 -->
-<ruleset name="BadgeKit.org" default_off='failed ruleset test'>
+<ruleset name="BadgeKit.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Badgeville.com-problematic.xml b/src/chrome/content/rules/Badgeville.com-problematic.xml
index 872794e1d0b5..db0830936ff2 100644
--- a/src/chrome/content/rules/Badgeville.com-problematic.xml
+++ b/src/chrome/content/rules/Badgeville.com-problematic.xml
@@ -5,7 +5,8 @@
 <ruleset name="Badgeville.com (problematic)" default_off="expired, self-signed">
 
 	<target host="badgeville.com" />
-	<target host="*.badgeville.com" />
+	<target host="community.badgeville.com" />
+	<target host="www.badgeville.com" />
 
 
 	<securecookie host="^\.?badgeville\.com$" name=".+" />
@@ -14,4 +15,4 @@
 	<rule from="^http://(?:(community\.)|www\.)?badgeville\.com/"
 		to="https://$1badgeville.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Badgeville.com.xml b/src/chrome/content/rules/Badgeville.com.xml
deleted file mode 100644
index df866bf76984..000000000000
--- a/src/chrome/content/rules/Badgeville.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For problematic rules, see Badgeville.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/badgeville-production-styles/
-
-		- badgeville.wpengine.com
-
-			- blog
-
-
-	Nonfunctional subdomains:
-
-		- blog	(redirects to http, wpengine)
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; expired 2010-09-02, self-signed, CN: *.acquia-sties.com)
-		- community	(works, expired 2013-07-21)
-
-
-	Fully covered subdomains:
-
-		- users.admin
-		- api.v2
-
--->
-<ruleset name="Badgeville.com (partial)">
-
-	<target host="users.admin.badgeville.com" />
-	<target host="api.v2.badgeville.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bagatoo.se.xml b/src/chrome/content/rules/Bagatoo.se.xml
index 47d3572e6bce..01cb8fcde661 100644
--- a/src/chrome/content/rules/Bagatoo.se.xml
+++ b/src/chrome/content/rules/Bagatoo.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.bagatoo.se/ => https://www.bagatoo.se/: Cycle detected - URL already encountered: https://bagatoo.se/
 Fetch error: http://bagatoo.se/ => https://bagatoo.se/: Cycle detected - URL already encountered: https://bagatoo.se/
 -->
-<ruleset name="Bagatoo.se" default_off='failed ruleset test'>
+<ruleset name="Bagatoo.se" default_off="failed ruleset test">
   <target host="www.bagatoo.se" />
   <target host="bagatoo.se" />
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Bagnet.org.xml b/src/chrome/content/rules/Bagnet.org.xml
index a52286c78873..25dbd83dfbfd 100644
--- a/src/chrome/content/rules/Bagnet.org.xml
+++ b/src/chrome/content/rules/Bagnet.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://bagnet.org/ => https://bagnet.org/: (7, 'Failed to connect t
 	* Shows www
 
 -->
-<ruleset name="Bagnet.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Bagnet.org (partial)" default_off="failed ruleset test">
 
 	<target host="bagnet.org" />
 	<target host="www.bagnet.org" />
diff --git a/src/chrome/content/rules/Bahiaoui.net.xml b/src/chrome/content/rules/Bahiaoui.net.xml
new file mode 100644
index 000000000000..3f462e285d7f
--- /dev/null
+++ b/src/chrome/content/rules/Bahiaoui.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bahiaoui.net">
+	<target host="bahiaoui.net" />
+	<target host="www.bahiaoui.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bahn.de.xml b/src/chrome/content/rules/Bahn.de.xml
index 67a037dc85b4..e705dbafbb14 100644
--- a/src/chrome/content/rules/Bahn.de.xml
+++ b/src/chrome/content/rules/Bahn.de.xml
@@ -16,9 +16,9 @@
 	<target host="www.bahnshop.de" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http://bahn\.de/"
 		  to="https://www.bahn.de/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bahnhof.se.xml b/src/chrome/content/rules/Bahnhof.se.xml
new file mode 100644
index 000000000000..d762a5e6c983
--- /dev/null
+++ b/src/chrome/content/rules/Bahnhof.se.xml
@@ -0,0 +1,25 @@
+<!--
+	Nonfunctional hosts in *.bahnhof.se:
+		- tptest.bahnhof.se (t)
+		- user.bahnhof.se (e)
+		- web1.bahnhof.se (e)
+		- web2.bahnhof.se (e)
+
+	Customercontrolled subdomains:
+		- *.cust.bahnhof.se
+		- *.priv.bahnhof.se
+		- *.user.bahnhof.se
+
+	e: expired certificate
+	t: timeout on https
+-->
+<ruleset name="Bahnhof.se">
+	<target host="bahnhof.se" />
+	<target host="www.bahnhof.se" />
+	<target host="dhcp.bahnhof.se" />
+	<target host="ecs.bahnhof.se" />
+	<target host="epost.bahnhof.se" />
+	<target host="privat.bahnhof.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Baidu.xml b/src/chrome/content/rules/Baidu.xml
index fd50fcd99fe7..d0900b9850d7 100644
--- a/src/chrome/content/rules/Baidu.xml
+++ b/src/chrome/content/rules/Baidu.xml
@@ -4,184 +4,126 @@
 		- bcebos.com.xml
 		- Bdimg.com.xml
 		- bdstatic.com.xml
-		- duapp.com.xml
 		- Hao123.com.xml
 
-	Nonfunctional hosts in *baidu.com:
-		- adm *
-		- antivirus ᵃ
-		- forum.antivirus ᵃ
-		- apistore *
-		- bbs.apistore *
-		- appsearchcdn *
-		- xuxuhong.baijia *
-		- zhengshangcanyue.baijia *
-		- ticket.bce *
-		- dl.browser *
-		- dl2.browser *
-		- en.browser ᶠ
-		- cleaner ᵃ
-		- dida *
-		- duokoo *
-		- e *
-		- echarts *
-		- eiv *
-		- fanyi *
-		- finance *
-		- gate		405
-		- global *
-		- help *
-		- hi *
-		- tb.himg *
-		- [a-h].hiphotos *
-		- home *
-		- index *
-		- is *
-		- italk *
-		- iwan
-		- jingyan *
-		- jp *
-		- lbsyun *
-		- bbs.lbsyun *
-		- libs *
-		- licai *
-		- r.m *
-		- map *
-		- mo *
-		- mp3 *
-		- music *
-		- news *
-		- shehui.news *
-		- op *
-		- ours *
-		- pcappstore *
-		- pos *
-		- cm.pos *
-		- wn.pos *
-		- qianbao *
-		- qingting ᶠ
-		- r *
-		- research ᵇ
-		- rj *
-		- share *
-		- bdimg.share *
-		- shouji *
-		- m.site ᶠ
-		- siteapp *
-		- m.siteapp *
-		- sparksecurity ᶠ
-		- su **
-		- t[012] *
-		- talent *
-		- static.tieba *
-		- top *
-		- tousu *
-		- translate *
-		- trends *
-		- tvg		(Shows default page)
-		- tvgame	(Shows tvg)
-		- usa ᵇ
-		- utility *
-		- wanba *
-		- wangmeng *
-		- wapmap *
-		- wubi *
-		- xteam *
-		- xueshu	(405)
-		- yingxiao *
-		- static.youhua **
-		- yunjiasu *
-		- yuqing *
-	ᵃ Shows another domain
-	ᵇ Shows default page
-	* Times out
-	ᶠ Handshake fails
-	** Internal error
+	500:
+		adscdn.baidu.com
+		pay.baidu.com
 
-	Problematic hosts:
-		- bdl ²
-		- bs ᵉ
-		- hm ¹
-		- financestatic ²
-		- ir ²
-		- msh ²
-		- musicdata ²
-		- pcfaster ᵉ ¹ ᵘ
-		- trends ᵉ
-		- list.video ²
-		- www.video ²
-		- zoo ²
-	* Dropped
-	ᵉ Expired
-	¹ Insecure renegotiation
-	² Mismatched
-	³ Server sends no certificate chain, see https://whatsmychaincert.com
-	ᵘ Untrusted root
+	Equal to https hosts:
+		financestatic.baidu.com	=>	8.baidu.com
+		tb.himg.baidu.com		=>	himg.baidu.com
+		*.hiphotos.baidu.com	=>	hiphotos.baidu.com
+		static.tieba.baidu.com	=>	tieba.baidu.com
 
-	Some pages redirect to http
-		- v *
-		- (www.)?video *
-		- list.video *
+		dq.tieba.com			=>	tieba.baidu.com
 
-	Insecure cookies are set for these domains and hosts: ᶜ
-		- baidu.com
-		- .baidu.com
-		- 8.baidu.com
-		- cas.baidu.com
-		- ce.baidu.com
-		- .m.baidu.com
-		- m1.baidu.com
-		- m5.baidu.com
-		- m7.baidu.com
-		- open2.baidu.com
-		- openapi.baidu.com
-		- pda.baidu.com
-		- www.baidu.com
-		- .www.baidu.com
-		- .yun.baidu.com
-		- zhanzhang.baidu.com
-		- zhitongche.baidu.com
-		- zoo.baidu.com
-	ᶜ See https://owasp.org/index.php/SecureFlag
+	Handshake fails:
+		en.browser.baidu.com
+		m.site.baidu.com
+		sparksecurity.baidu.com
+		baishi.baidu.com
 
-	MCB:
-		adscdn.baidu.com
-		baishi.baidu.com	( break username and so on on the right-top of page. )
-		downpack.baidu.com	http://downpack.baidu.com/doctorthumb_AndroidPhone_1012469d.apk
+	MCB：
+		share.baidu.com
+		shouji.baidu.com
+		top.baidu.com
 
 	Redirect to http:
-		pay.baidu.com
-		tieba.baidu.com	( some pages. )
-		v,video	( part of them, like v.baidu.com/$ )
-		zns.baidu.com	https://znsv.baidu.com/customer_search/api/js?sid=8725453834531596266
+		ir.baidu.com
+		musicdata.baidu.com
+		research.baidu.com
+		tieba.baidu.com			some pages
+		usa.baidu.com
+		v.baidu.com				https on v.baidu.com/$ but redirect to http on other pages
+		www.video.baidu.com
+		list.video.baidu.com
+
+	Shows another domain:
+		downpack.baidu.com		http://downpack.baidu.com/doctorthumb_AndroidPhone_1012469d.apk
+
+	Timeout:
+		adm.baidu.com
+		apistore.baidu.com
+		bbs.apistore.baidu.com
+		appsearchcdn.baidu.com
+		xuxuhong.baijia.baidu.com
+		zhengshangcanyue.baijia.baidu.com
+		ticket.bce.baidu.com
+		bdl.baidu.com
+		datax.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/577122408#L678
+		dl.browser.baidu.com
+		dl2.browser.baidu.com
+		dida.baidu.com
+		duokoo.baidu.com
+		e.baidu.com
+		echarts.baidu.com
+		eiv.baidu.com
+		finance.baidu.com
+		global.baidu.com
+		italk.baidu.com
+		jp.baidu.com
+		lbsyun.baidu.com
+		bbs.lbsyun.baidu.com
+		libs.baidu.com
+		licai.baidu.com
+		r.m.baidu.com
+		mo.baidu.com
+		mp3.baidu.com
+		music.baidu.com
+		shehui.news.baidu.com
+		op.baidu.com
+		ours.baidu.com
+		pcappstore.baidu.com
+		pos.baidu.com
+		cm.pos.baidu.com
+		wn.pos.baidu.com
+		qianbao.baidu.com
+		r.baidu.com
+		rj.baidu.com
+		bdimg.share.baidu.com
+		siteapp.baidu.com
+		m.siteapp.baidu.com
+		t[012].baidu.com
+		talent.baidu.com
+		utility.baidu.com
+		wanba.baidu.com
+		wangmeng.baidu.com
+		wapmap.baidu.com
+		wubi.baidu.com
+		xteam.baidu.com
+		yunjiasu.baidu.com
+		yuqing.baidu.com
 
 	Timeout on Tor and travis:
-		8.baidu.com
-		haoma.baidu.com
+		bce.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L429
+		cloud.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/443982887#L662
+		flight.baidu.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L430
+		mbd.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L432
+		c.pcs.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/446459580#L707
 		shoujiweishi.baidu.com
-		ss0.baidu.com
+		ss0.baidu.com			https://travis-ci.org/github/EFForg/https-everywhere/jobs/685629313#L430
+		translate.baidu.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/681011123#L434
 -->
 <ruleset name="Baidu (partial)">
 	<!--	Direct rewrites:	-->
 	<target host="baidu.com" />
 	<target host="www.baidu.com" />
-	<target host="1.baidu.com" />
-	<!--target host="8.baidu.com" /-->
+	<target host="8.baidu.com" />
 	<target host="baifubao.baidu.com" />
 	<target host="baike.baidu.com" />
-	<!--target host="baishi.baidu.com" /-->
-	<target host="bce.baidu.com" />
+	<!-- <target host="baishi.baidu.com" /> -->
 	<target host="login.bce.baidu.com" />
-	<!--target host="bs.baidu.com" /-->
 	<target host="cas.baidu.com" />
 	<target host="ce.baidu.com" />
-	<target host="cloud.baidu.com" />
 	<target host="cpro.baidu.com" />
-	<target host="datax.baidu.com" />
 	<target host="developer.baidu.com" />
 	<target host="downapp.baidu.com" />
-	<target host="flight.baidu.com" />
+	<target host="eclick.baidu.com" />
+		<test url="http://eclick.baidu.com/rs.jpg" />
+	<target host="fanyi.baidu.com" />
 	<target host="gaokao.baidu.com" />
+	<target host="gate.baidu.com" />
 	<target host="gsp0.baidu.com" />
 	<target host="gsp1.baidu.com" />
 	<target host="gsp2.baidu.com" />
@@ -191,12 +133,20 @@
 	<target host="gss1.baidu.com" />
 	<target host="gss2.baidu.com" />
 	<target host="gss3.baidu.com" />
-	<!--target host="haoma.baidu.com" /-->
+	<target host="haoma.baidu.com" />
+	<target host="help.baidu.com" />
+	<target host="hi.baidu.com" />
+	<target host="himg.baidu.com" />
+	<target host="hiphotos.baidu.com" />
 	<target host="hm.baidu.com" />
 		<test url="http://hm.baidu.com/h.js" />
+	<target host="home.baidu.com" />
 	<target host="image.baidu.com" />
 	<target host="imgsrc.baidu.com" />
 		<test url="http://imgsrc.baidu.com/forum/pic/item/dcee74d9f2d3572c4d7770b68d13632763d0c387.jpg" />
+	<target host="index.baidu.com" />
+	<target host="indexrcv.baidu.com" />
+	<target host="jingyan.baidu.com" />
 	<target host="m.baidu.com" />
 	<target host="m1.baidu.com" />
 	<target host="m2.baidu.com" />
@@ -211,38 +161,40 @@
 	<target host="m11.baidu.com" />
 	<target host="m12.baidu.com" />
 	<target host="m13.baidu.com" />
+	<target host="map.baidu.com" />
 	<target host="api.map.baidu.com" />
 	<target host="muzhi.baidu.com" />
+	<target host="news.baidu.com" />
 	<target host="open2.baidu.com" />
-	<target host="openapi.baidu.com" />
 	<target host="pan.baidu.com" />
 	<target host="passport.baidu.com" />
 	<target host="pcs.baidu.com" />
-	<target host="c.pcs.baidu.com" />
 	<target host="d.pcs.baidu.com" />
 	<target host="pda.baidu.com" />
 	<target host="qianbao.baidu.com" />
-	<!--target host="shoujiweishi.baidu.com" /-->
+	<target host="qingting.baidu.com" />
 	<target host="sp0.baidu.com" />
+	<target host="ss0.baidu.com" />
+		<test url="http://ss0.baidu.com/6ONWsjip0QIZ8tyhnq/it/u=741647934,3418479157&amp;fm=173" />
 	<target host="su.baidu.com" />
-	<!--target host="v.baidu.com" /-->
-	<!--target host="video.baidu.com" /-->
+	<target host="tbmsg.baidu.com" />
+	<target host="tousu.baidu.com" />
+	<target host="trends.baidu.com" />
 	<target host="wallet.baidu.com" />
 	<target host="wap.baidu.com" />
 	<target host="wapbaike.baidu.com" />
 	<target host="wapp.baidu.com" />
 	<target host="wenku.baidu.com" />
+	<target host="xueshu.baidu.com" />
+	<target host="yingxiao.baidu.com"/>
 	<target host="youke.baidu.com"/>
 	<target host="yun.baidu.com"/>
 	<target host="zhanzhang.baidu.com" />
 	<target host="zhitongche.baidu.com" />
+	<target host="ziyuan.baidu.com" />
 
 	<!--	Complications:	-->
 
-	<target host="bdl.baidu.com" />
-	<rule from="^http://bdl\.baidu\.com/"
-		to="https://bdltest.duapp.com/" />
-
 	<target host="financestatic.baidu.com" />
 	<rule from="^http://financestatic\.baidu\.com/"
 		to="https://8.baidu.com/" />
@@ -254,8 +206,10 @@
 		<test url="http://gimg.baidu.com/img/gs.gif" />
 		<test url="http://img.baidu.com/hunter/alog/alog.min.js" />
 
-	<target host="hiphotos.baidu.com" />
-		<test url="http://hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+	<target host="tb.himg.baidu.com" />
+	<rule from="^http://tb\.himg\.baidu\.com/"
+		to="https://himg.baidu.com/" />
+		<test url="http://tb.himg.baidu.com/sys/portrait/item/1a1a48725fe88ba5e58db3e88ba5e7a6bbd4a2" />
 
 	<target host="*.hiphotos.baidu.com" />
 	<rule from="^http://\S+\.hiphotos\.baidu\.com/"
@@ -263,21 +217,66 @@
 		<test url="http://a.hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
 		<test url="http://h.hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
 		<test url="http://123.h.hiphotos.baidu.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
-	
+
+	<target host="openapi.baidu.com" />
+	<rule from="^http://openapi\.baidu\.com/"
+		to="https://developer.baidu.com/" />
+
+	<!--	Tieba mirrors and imgs	-->
 	<target host="tieba.baidu.com" />
-		<exclusion pattern="^http://tieba\.baidu\.com/(?!mo/|mo_wowap_pb/)" />
+		<test url="http://tieba.baidu.com/f/index" />
 		<test url="http://tieba.baidu.com/mo/" />
 		<test url="http://tieba.baidu.com/mo_wowap_pb/" />
 		<test url="http://tieba.baidu.com/acer" />
+		<test url="http://tieba.baidu.com/firefox" />
 		<test url="http://tieba.baidu.com/skype" />
-		<test url="http://tieba.baidu.com/kb/" />
-		<test url="http://tieba.baidu.com/zjstv/" />
+		<test url="http://tieba.baidu.com/f/search/res?qw=firefox" />
+	<rule from="^http://tieba\.baidu\.com/f/index/"
+		to="https://jump2.bdimg.com/f/index/" />
+		<test url="http://tieba.baidu.com/f/index/" />
+		<test url="http://tieba.baidu.com/f/index/forumclass" />
+	<rule from="^http://tieba\.baidu\.com/hottopic"
+		to="https://jump2.bdimg.com/hottopic" />
+		<test url="http://tieba.baidu.com/hottopic" />
+		<test url="http://tieba.baidu.com/hottopic/" />
+		<test url="http://tieba.baidu.com/hottopic/browse/hottopic" />
+		<test url="http://tieba.baidu.com/hottopic/browse/hottopic?topic_id=277661&amp;topic_name=%E9%97%B7%E6%AD%BB%E8%80%81%E4%BA%BA%E4%BF%9D%E5%A7%86%E8%A2%AB%E5%88%91%E6%8B%98" />
+
+	<target host="c.tieba.baidu.com" />
+	<rule from="^http://c\.tieba\.baidu\.com/"
+		to="https://tieba.baidu.com/" />
+		<test url="http://c.tieba.baidu.com/p/6234958717" />
+
+	<target host="dq.tieba.com" />
+	<rule from="^http://dq\.tieba\.com/"
+		to="https://tieba.baidu.com/" />
+
+	<target host="m.tiebaimg.com" />
+	<exclusion pattern="^http://m\.tiebaimg\.com/(?!timg\?(\S+)?src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2F\w+)" />
+		<test url="http://m.tiebaimg.com/timg" />
+		<test url="http://m.tiebaimg.com/timg?wapp" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80&amp;size=b150_150" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80&amp;size=b150_150&amp;subsize=20480" />
+	<rule from="^http://m\.tiebaimg\.com/timg\?(\S+)?src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2F(\w+)"
+		to="https://imgsrc.baidu.com/forum/pic/item/$2" />
+		<test url="http://m.tiebaimg.com/timg?src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2Fcdbf6c81800a19d86b057b6638fa828ba61e464b.jpg" />
+		<test url="http://m.tiebaimg.com/timg?quality=80&amp;size=b150_150&amp;subsize=20480&amp;cut_x=0&amp;cut_w=0&amp;cut_y=0&amp;cut_h=0&amp;sec=1369815402&amp;srctrace&amp;di=41deebab9305fb8fdfbe3879f0fe1a82&amp;wh_rate=null&amp;src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2Fcdbf6c81800a19d86b057b6638fa828ba61e464b.jpg" />
+		<test url="http://m.tiebaimg.com/timg?wapp&amp;quality=80&amp;size=b150_150&amp;subsize=20480&amp;cut_x=0&amp;cut_w=0&amp;cut_y=0&amp;cut_h=0&amp;sec=1369815402&amp;srctrace&amp;di=41deebab9305fb8fdfbe3879f0fe1a82&amp;wh_rate=null&amp;src=http%3A%2F%2Fimgsrc.baidu.com%2Fforum%2Fpic%2Fitem%2Fcdbf6c81800a19d86b057b6638fa828ba61e464b.jpg" />
+
+	<target host="static.tieba.baidu.com" />
+	<rule from="^http://static\.tieba\.baidu\.com/"
+		to="https://tieba.baidu.com/" />
+		<test url="http://static.tieba.baidu.com/tb/editor/images/client/image_emoticon25.png" />
 
+	<!--	MCB:	-->
 	<target host="zhidao.baidu.com" />
-		<!--	MCB:	-->
+		<exclusion pattern="^http://zhidao\.baidu\.com/api/proxy" />
 		<exclusion pattern="^http://zhidao\.baidu\.com/s/" />
 		<exclusion pattern="^http://zhidao\.baidu\.com/zhima/" />
 		<exclusion pattern="^http://zhidao\.baidu\.com/zt/" />
+		<test url="http://zhidao.baidu.com/api/proxy" />
+		<test url="http://zhidao.baidu.com/api/proxy?url=/s/zhidaodata1.html" />
 		<test url="http://zhidao.baidu.com/s/8year/#home" />
 		<test url="http://zhidao.baidu.com/s/activity/index.html" />
 		<test url="http://zhidao.baidu.com/s/gglft/" />
diff --git a/src/chrome/content/rules/Balboa.io.xml b/src/chrome/content/rules/Balboa.io.xml
deleted file mode 100644
index aed7ec2adbe7..000000000000
--- a/src/chrome/content/rules/Balboa.io.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Balboa.io">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="balboa.io" />
-	<target host="app.balboa.io" />
-	<target host="blog.balboa.io" />
-	<target host="static.balboa.io" />
-	<target host="www.balboa.io" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Baldershage.se.xml b/src/chrome/content/rules/Baldershage.se.xml
index 6d6ef74eb7f4..fbeec94c6c3f 100644
--- a/src/chrome/content/rules/Baldershage.se.xml
+++ b/src/chrome/content/rules/Baldershage.se.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://baldershage.se/ (200) => https://baldershage.se/ (404)
 
 -->
-<ruleset name="Baldershage.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Baldershage.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.baldershage.se" />
   <target host="baldershage.se" />
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Balkan_Leaks.xml b/src/chrome/content/rules/Balkan_Leaks.xml
index ba3b4c2c53ed..22641a042587 100644
--- a/src/chrome/content/rules/Balkan_Leaks.xml
+++ b/src/chrome/content/rules/Balkan_Leaks.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://balkanleaks.eu/ => https://balkanleaks.eu/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.balkanleaks.eu/ => https://www.balkanleaks.eu/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Balkan Leaks" default_off='failed ruleset test'>
+<ruleset name="Balkan Leaks" default_off="failed ruleset test">
 
 	<target host="balkanleaks.eu" />
 	<target host="www.balkanleaks.eu" />
@@ -18,4 +18,4 @@ Fetch error: http://www.balkanleaks.eu/ => https://www.balkanleaks.eu/: (60, 'SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ballot_Measure_Domains.xml b/src/chrome/content/rules/Ballot_Measure_Domains.xml
index 731700872af9..771ac1f395d3 100644
--- a/src/chrome/content/rules/Ballot_Measure_Domains.xml
+++ b/src/chrome/content/rules/Ballot_Measure_Domains.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ballotmeasuredomains.com/ => https://ballotmeasuredomains.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.ballotmeasuredomains.com/ => https://www.ballotmeasuredomains.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Ballot Measure Domains" default_off='failed ruleset test'>
+<ruleset name="Ballot Measure Domains" default_off="failed ruleset test">
 
 	<target host="ballotmeasuredomains.com" />
 	<target host="www.ballotmeasuredomains.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.ballotmeasuredomains.com/ => https://www.ballotmeasuredo
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ballou.xml b/src/chrome/content/rules/Ballou.xml
index f6496b4a6393..c90c652c6eeb 100644
--- a/src/chrome/content/rules/Ballou.xml
+++ b/src/chrome/content/rules/Ballou.xml
@@ -32,16 +32,23 @@
 <ruleset name="Ballou (partial)">
 
 	<target host="ballou.se" />
-	<target host="*.ballou.se" />
+	<target host="autodiscover.ballou.se" />
+	<target host="mail.ballou.se" />
+	<target host="mailadministration.ballou.se" />
+	<target host="minasidor.ballou.se" />
+	<target host="websally.ballou.se" />
+	<target host="wiki.ballou.se" />
+	<target host="www.ballou.se" />
+	<target host="registrar.ballou.se" />
+	<target host="support.ballou.se" />
 
 
 	<securecookie host="^(?:mail|mailadministration|minasidor|www)\.ballou\.se$" name=".+" />
 
 
-	<rule from="^http://((?:autodiscover|mail|mailadministration|minasidor|websally|wiki|www)\.)?ballou\.se/"
-		to="https://$1ballou.se/" />
 
 	<rule from="^http://(?:registrar|support)\.ballou\.se/"
 		to="https://minasidor.ballou.se/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Banca-Intesa-Beograd.xml b/src/chrome/content/rules/Banca-Intesa-Beograd.xml
new file mode 100644
index 000000000000..a85a38261dcd
--- /dev/null
+++ b/src/chrome/content/rules/Banca-Intesa-Beograd.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		bancaintesa.rs
+		meet.bancaintesa.rs
+
+	Redirect to HTTP:
+		www.bancaintesa.rs
+-->
+<ruleset name="Banca Intesa Beograd">
+
+	<target host="online.bancaintesa.rs" />
+	<target host="secure.bancaintesa.rs" />
+	<target host="with.bancaintesa.rs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bandcamp.xml b/src/chrome/content/rules/Bandcamp.xml
index 3f0d4172b67d..862f031afe0b 100644
--- a/src/chrome/content/rules/Bandcamp.xml
+++ b/src/chrome/content/rules/Bandcamp.xml
@@ -32,4 +32,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset> 
+</ruleset>
diff --git a/src/chrome/content/rules/Bandinelli.net.xml b/src/chrome/content/rules/Bandinelli.net.xml
index 6e91f2cb6cc0..a2d0c963da6e 100644
--- a/src/chrome/content/rules/Bandinelli.net.xml
+++ b/src/chrome/content/rules/Bandinelli.net.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.bandinelli.net/ => https://www.bandinelli.net/: (51, "SS
 	* Secured by us
 
 -->
-<ruleset name="Bandinelli.net" default_off='failed ruleset test'>
+<ruleset name="Bandinelli.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bandisoft.xml b/src/chrome/content/rules/Bandisoft.xml
index 38cfdd91c563..685303b4fb7b 100644
--- a/src/chrome/content/rules/Bandisoft.xml
+++ b/src/chrome/content/rules/Bandisoft.xml
@@ -7,7 +7,7 @@ Fetch error: http://bandisoft-dl.bandicam.cn/ => https://bandisoft-dl.bandicam.c
 	- blog.
 -->
 
-<ruleset name="Bandisoft" default_off='failed ruleset test'>
+<ruleset name="Bandisoft" default_off="failed ruleset test">
 
 	<target host="bandisoft.com" />
 	<target host="dl.bandisoft.com" />
@@ -15,10 +15,10 @@ Fetch error: http://bandisoft-dl.bandicam.cn/ => https://bandisoft-dl.bandicam.c
 	<target host="ssl.bandisoft.com" />
 	<target host="static.bandisoft.com" />
 	<target host="www.bandisoft.com" />
-	
+
 	<target host="bandicam.cn" />
 	<target host="bandisoft-dl.bandicam.cn" />
-	
+
 	<securecookie host="^\w" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Banggood.com.xml b/src/chrome/content/rules/Banggood.com.xml
new file mode 100644
index 000000000000..ec6abe9ebe2e
--- /dev/null
+++ b/src/chrome/content/rules/Banggood.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Non-functional subdomains:
+
+		- banggood.com
+			- contest	(t)
+			- enews		(SSL connection error)
+			- info		(m)
+			- mailserver	(r)
+			- news	(m)
+			- survey	(m)
+
+		- banggood.cn	(r)
+			- mail		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Banggood.com">
+
+	<target host="banggood.com" />
+	<target host="www.banggood.com" />
+	<target host="api.banggood.com" />
+	<target host="ar.banggood.com" />
+	<target host="blog.banggood.com" />
+	<target host="ccnew.banggood.com" />
+	<target host="checkout.banggood.com" />
+	<target host="deals.banggood.com" />
+	<target host="dealsbeta.banggood.com" />
+	<target host="eu.banggood.com" />
+	<target host="files.banggood.com" />
+	<target host="forum.banggood.com" />
+	<target host="help.banggood.com" />
+	<target host="www.help.banggood.com" />
+	<target host="img.banggood.com" />
+	<target host="imgmgr.banggood.com" />
+	<target host="m.banggood.com" />
+	<target host="mbeta.banggood.com" />
+	<target host="mpre.banggood.com" />
+	<target host="myos.banggood.com" />
+	<target host="new.banggood.com" />
+	<target host="newbg.banggood.com" />
+	<target host="newbg2.banggood.com" />
+	<target host="os.banggood.com" />
+	<target host="pwa.banggood.com" />
+	<target host="rec.banggood.com" />
+	<target host="social.banggood.com" />
+	<target host="us.banggood.com" />
+
+	<target host="img.staticbg.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bangor-University.xml b/src/chrome/content/rules/Bangor-University.xml
index 85bfc6d25ad9..3669157bff32 100644
--- a/src/chrome/content/rules/Bangor-University.xml
+++ b/src/chrome/content/rules/Bangor-University.xml
@@ -21,6 +21,13 @@
 			- repository
 			- studyskills		(cert: www.bangor.ac.uk; shows www's data)
 
+    Connection Refused
+      - bangorportal.bangor
+      - forum
+      - inside
+      - intranet
+      - webmail
+
 		- (www.)edeandravenscroft.co.uk	(ssl_error_rx_record_too_long)
 		- (www.)www.pontio.co.uk	(cert: www.bangor.ac.uk; shows that domain's data)
 
@@ -32,21 +39,19 @@
 <ruleset name="Bangor University (partial)">
 
 	<target host="bangor.ac.uk" />
-	<target host="*.bangor.ac.uk" />
-
-
-		<!--	Don't handle ^www cookies, just in case they're used on unsecureable pages.
-				All webmail cookies appear to be cross-domain.	-->
-		<securecookie host="^[^w]\w+\.bangor\.ac\.uk$" name=".+" />
+	<target host="www.bangor.ac.uk" />
+	<target host="blackboard.bangor.ac.uk" />
 
+  <!--	Don't handle ^www cookies, just in case they're used on unsecureable pages.
+      All webmail cookies appear to be cross-domain.	-->
+  <securecookie host="^[^w]\w+\.bangor\.ac\.uk$" name=".+" />
 
 	<!--	- NB: Data differ between http & https
 		- Cert only matches www
 				-->
-	<rule from="^http://(?:www\.)?bangor\.ac\.uk/itservices/user($|/)"
-		to="https://www.bangor.ac.uk/itservices/user$1" />
-
-	<rule from="^http://(bangorportal|blackboard|forum|inside|intranet|webmail)\.bangor\.ac\.uk/"
-		to="https://$1.bangor.ac.uk/" />
+	<rule from="^http://(?:www\.)?bangor\.ac\.uk/"
+		to="https://www.bangor.ac.uk/" />
+    <test url="http://www.bangor.ac.uk/international/about.php.en" />
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BangorDailyNews.com.xml b/src/chrome/content/rules/BangorDailyNews.com.xml
new file mode 100644
index 000000000000..96ff6aa7f047
--- /dev/null
+++ b/src/chrome/content/rules/BangorDailyNews.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure connection failed:
+		jobs.bangordailynews.com
+
+-->
+<ruleset name="BangorDailyNews.com">
+
+	<target host="bangordailynews.com" />
+	<target host="www.bangordailynews.com" />
+	<target host="chrisbusby.bangordailynews.com" />
+	<target host="classifieds.bangordailynews.com" />
+	<target host="static.bangordailynews.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bangor_Daily_News.xml b/src/chrome/content/rules/Bangor_Daily_News.xml
deleted file mode 100644
index 17082bdb81f4..000000000000
--- a/src/chrome/content/rules/Bangor_Daily_News.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- static	(404, CN: gp1.wac.edgecastcdn.net)
-
-
-	NB: Some blogs' homepages, which have unique subdomains, 404 when fetched via https.
-
--->
-<ruleset name="Bangor Daily News (partial)">
-
-	<target host="bangordailynews.com" />
-	<target host="*.bangordailynews.com" />
-	<target host="bdnpull.bangorpublishing.netdna-cdn.com" />
-
-
-	<rule from="^http://(chrisbusby\.|www\.)?bangordailynews\.com/"
-		to="https://$1bangordailynews.com/" />
-
-	<rule from="^http://(?:static\.bangordailynews|bdnpull\.bangorpublishing\.netdna-cdn)\.com/"
-		to="https://bangordailynews.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bank_of_America.com.xml b/src/chrome/content/rules/Bank_of_America.com.xml
index 994b18b3b67f..914681f038f9 100644
--- a/src/chrome/content/rules/Bank_of_America.com.xml
+++ b/src/chrome/content/rules/Bank_of_America.com.xml
@@ -27,7 +27,7 @@
 		Secure connection redirects to plaintext:
 			 - about.bankofamerica.com
 			 - promo.bankofamerica.com
-		
+
 		Mixed content blocking (MCB) tiggered:
 			 - homeloanhelp.bankofamerica.com
 -->
diff --git a/src/chrome/content/rules/Bank_of_Taipei.com.tw.xml b/src/chrome/content/rules/Bank_of_Taipei.com.tw.xml
deleted file mode 100644
index f62d633d46f1..000000000000
--- a/src/chrome/content/rules/Bank_of_Taipei.com.tw.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	These altnames don't exist:
-
-		- bankoftaipei.com.tw
-
--->
-<ruleset name="Bank of Taipei.com.tw">
-
-	<target host="ebank.bankoftaipei.com.tw" />
-	<target host="www.bankoftaipei.com.tw" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^ebank\.bankoftaipei\.com\.tw$" name="^ASPSESSIONID\w{7}$" /-->
-
-	<securecookie host="^ebank\.bankoftaipei\.com\.tw$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Banki.ru.xml b/src/chrome/content/rules/Banki.ru.xml
index f6f9c623edd3..bd2a624d4cd3 100644
--- a/src/chrome/content/rules/Banki.ru.xml
+++ b/src/chrome/content/rules/Banki.ru.xml
@@ -9,6 +9,6 @@
 	<target host="terminal.banki.ru" />
 	<target host="card2card.banki.ru" />
 	<target host="static1.banki.ru" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Banking.co.at.xml b/src/chrome/content/rules/Banking.co.at.xml
index b63d1a428766..2afc4a94e0f4 100644
--- a/src/chrome/content/rules/Banking.co.at.xml
+++ b/src/chrome/content/rules/Banking.co.at.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://banking.co.at/ => https://banking.co.at/: (6, 'Could not resolve host: banking.co.at')
 
 -->
-<ruleset name="Banking.co.at" default_off='failed ruleset test'>
+<ruleset name="Banking.co.at" default_off="failed ruleset test">
 	<target host="banking.co.at" />
 	<target host="www.banking.co.at" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Bankinter.com.xml b/src/chrome/content/rules/Bankinter.com.xml
index 9db20e9c5315..232fe9039c40 100644
--- a/src/chrome/content/rules/Bankinter.com.xml
+++ b/src/chrome/content/rules/Bankinter.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.gneis.bankinter.com/ => https://www.gneis.bankinter.com/
 		* validator.bankinter.com
 		* www.masterclassoceanosazules.bankinter.com
 -->
-<ruleset name="Bankinter.com" default_off='failed ruleset test'>
+<ruleset name="Bankinter.com" default_off="failed ruleset test">
 
 	<target host="bancaonline.bankinter.com" />
 	<target host="blog.bankinter.com" />
diff --git a/src/chrome/content/rules/Bankrate.com.xml b/src/chrome/content/rules/Bankrate.com.xml
index 68df8ebc30c5..fc76ebec1bff 100644
--- a/src/chrome/content/rules/Bankrate.com.xml
+++ b/src/chrome/content/rules/Bankrate.com.xml
@@ -8,12 +8,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bankrate.com/ => https://origin.bankrate.com/: Cycle detected - URL already encountered: https://origin.bankrate.com/
 Fetch error: http://www.bankrate.com/ => https://origin.bankrate.com/: Cycle detected - URL already encountered: https://origin.bankrate.com/
 -->
-<ruleset name="bankrate.com" default_off='failed ruleset test'>
+<ruleset name="bankrate.com" default_off="failed ruleset test">
 
 	<target host="bankrate.com"/>
 	<target host="www.bankrate.com"/>
 
-	<securecookie host="^(?:.*\.)?bankrate\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?bankrate\.com/"
 		to="https://origin.bankrate.com/"/>
diff --git a/src/chrome/content/rules/Bankuralsib.ru.xml b/src/chrome/content/rules/Bankuralsib.ru.xml
deleted file mode 100644
index c1b53a08ec62..000000000000
--- a/src/chrome/content/rules/Bankuralsib.ru.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Non-functional hosts
-		Incomplete certificate chain error:
-		- bankuralsib.ru
-		- m.bankuralsib.ru
-		- www.bankuralsib.ru
--->
-<ruleset name="Bankuralsib.ru">
-	<target host="card2card.bankuralsib.ru" />
-	<target host="i.bankuralsib.ru" />
-	<target host="oplata.bankuralsib.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BannerSnack.com.xml b/src/chrome/content/rules/BannerSnack.com.xml
index 4e46d03d7a17..6d6738b83d49 100644
--- a/src/chrome/content/rules/BannerSnack.com.xml
+++ b/src/chrome/content/rules/BannerSnack.com.xml
@@ -1,39 +1,16 @@
 <!--
 	For other SnackTools coverage, see SnackTools.com.xml.
 
-
-	CDN buckets:
-
-		- files.bannersnack.com.s3.amazonaws.com
-
-			- files
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- Ad on www from www.googleadservices.com *
-
-	* Secured by us
+	Non-functional hosts:
+		Mismatched:
+		- files.bannersnack.com
 
 -->
 <ruleset name="BannerSnack.com">
-
 	<target host="bannersnack.com" />
-	<target host="*.bannersnack.com" />
-
-
-	<securecookie host="^(?:www\.)?bannersnack\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?bannersnack\.com/"
-		to="https://$1bannersnack.com/" />
+	<target host="www.bannersnack.com" />
 
-	<rule from="^http://files\.bannersnack\.com/"
-		to="https://s3.amazonaws.com/files.bannersnack.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Banque_CIC.xml b/src/chrome/content/rules/Banque_CIC.xml
index 58ca7983e121..94954d0bdbfe 100644
--- a/src/chrome/content/rules/Banque_CIC.xml
+++ b/src/chrome/content/rules/Banque_CIC.xml
@@ -2,7 +2,7 @@
     <target host="cic.fr" />
     <target host="*.cic.fr" />
 
-    <securecookie host="^(?:.*\.)?cic\.fr$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://cic\.fr/"
         to="https://www.cic.fr/"/>
diff --git a/src/chrome/content/rules/Banque_CIC_Suisse.xml b/src/chrome/content/rules/Banque_CIC_Suisse.xml
index f61d75132532..184729d33b3b 100644
--- a/src/chrome/content/rules/Banque_CIC_Suisse.xml
+++ b/src/chrome/content/rules/Banque_CIC_Suisse.xml
@@ -3,7 +3,7 @@
 	<target host="ebanking.cic.ch" />
 	<target host="www.cic.ch" />
 
-	<securecookie host="^(?:.*\.)?cic\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml b/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml
index e7a11bcfb99e..316a6f7355b5 100644
--- a/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml
+++ b/src/chrome/content/rules/Banque_Cantonale_du_Valais.xml
@@ -1,17 +1,35 @@
+<!--
+	Mismatching certificate:
+		- wkb.ch
+		- mybcvs.ch
+		- www.mybcvs.ch
+
+	Handshake failure:
+		- mobileapp.bcvs.ch
+-->
 <ruleset name="Banque Cantonale du Valais">
-    <target host="bcvs.ch" />
-    <target host="*.bcvs.ch" />
-    <target host="mybcvs.ch" />
-    <target host="*.mybcvs.ch" />
+	<target host="bcvs.ch" />
+	<target host="www.bcvs.ch" />
+	<target host="art.bcvs.ch" />
+	<target host="e-banking-a.bcvs.ch" />
+	<target host="e-banking.bcvs.ch" />
+	<target host="mobile.bcvs.ch" />
+	<target host="www.art.bcvs.ch" />
+
+	<target host="mybcvs.ch" />
+	<target host="www.mybcvs.ch" />
+
+	<target host="wkb.ch" />
+	<target host="www.wkb.ch" />
+	<target host="mobile.wkb.ch" />
 
-    <securecookie host="^(?:.*\.)?bcvs\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^http://bcvs\.ch/"
-        to="https://www.bcvs.ch/"/>
-    <rule from="^http://([^/:@]+)?\.bcvs\.ch/"
-        to="https://$1.bcvs.ch/" />
-    <rule from="^http://mybcvs\.ch/"
-        to="https://www.mybcvs.ch/"/>
-    <rule from="^http://([^/:@]+)?\.mybcvs\.ch/"
-        to="https://$1.mybcvs.ch/" />
+	<!-- All sites redirect to the same page -->
+	<rule from="^http://(www\.)?mybcvs\.ch/.*"
+		to="https://www.bcvs.ch/fr/clientele-privee/concours.html"/>
+	<rule from="^http://wkb\.ch/"
+		to="https://www.wkb.ch/"/>
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Banu.com.xml b/src/chrome/content/rules/Banu.com.xml
index db6442d41674..a5bac6d35b91 100644
--- a/src/chrome/content/rules/Banu.com.xml
+++ b/src/chrome/content/rules/Banu.com.xml
@@ -29,13 +29,17 @@ Fetch error: http://banu.com/ => https://banu.com/: (28, 'Connection timed out a
 <ruleset name="Banu.com">
 
 	<target host="banu.com" />
-	<target host="*.banu.com" />
+	<target host="bugzilla.banu.com" />
+	<target host="git.banu.com" />
+	<target host="mail.banu.com" />
+	<target host="staff.banu.com" />
+	<target host="wiki.banu.com" />
+	<target host="www.banu.com" />
 
 
-	<securecookie host="^(?:.*\.)?banu\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:bugzilla|git|mail|staff|wiki|www)\.)?banu\.com/"
-		to="https://$1banu.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barclays.co.uk.xml b/src/chrome/content/rules/Barclays.co.uk.xml
new file mode 100644
index 000000000000..57b08001092a
--- /dev/null
+++ b/src/chrome/content/rules/Barclays.co.uk.xml
@@ -0,0 +1,28 @@
+<!--
+	Other Barclays rulesets:
+		- Barcleycard.co.uk.xml
+		- Barclays_Corporate.com.xml
+
+
+	Preloaded:
+		bank.barclays.co.uk
+
+	Broken cert chain:
+		jobs.barclays.co.uk
+		www.jobs.barclays.co.uk
+
+-->
+<ruleset name="Barclays.co.uk">
+
+	<target host="barclays.co.uk" />
+	<target host="www.barclays.co.uk" />
+	<target host="ask.barclays.co.uk" />
+	<target host="personalisedcard.barclays.co.uk" />
+	<target host="smetrics.barclays.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Barclays.xml b/src/chrome/content/rules/Barclays.xml
deleted file mode 100644
index a6e624ab81ea..000000000000
--- a/src/chrome/content/rules/Barclays.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.jobs.barclays.co.uk/ => https://www.jobs.barclays.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jobs.barclays.co.uk'")
-Fetch error: http://jobs.barclays.co.uk/ => https://www.jobs.barclays.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jobs.barclays.co.uk'")
-
-	Other Barclays rulesets:
-
-		- Barcleycard.co.uk.xml
-		- Barclays_Corporate.com.xml
-
-
-	Problematic hosts in *barclays.co.uk:
-
-		- ^ *
-		- jobs *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .barclays.co.uk
-		- bank.barclays.co.uk
-		- www.jobs.barclays.co.uk
-
-
-	Mixed content:
-
-		- Images on www.jobs from $self *
-
-		- Ads/bugs, on:
-
-			- www.jobs from ib.adnxs.com *
-			- www.jobs from bs.serving-sys.com *
-
-	* Secured by us
-
--->
-<ruleset name="Barclays.co.uk" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-  <target host="barclays.co.uk" />
-  <target host="ask.barclays.co.uk" />
-	<target host="bank.barclays.co.uk" />
-	<target host="www.jobs.barclays.co.uk" />
-	<target host="smetrics.barclays.co.uk" />
-  <target host="www.barclays.co.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="jobs.barclays.co.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.barclays\.co\.uk$" name="^s_vi$" /-->
-	<!--securecookie host="^bank\.barclays\.co\.uk$" name="^(?:BIGipServer\w+|rolb-live_\w+|tabIndex)$" /-->
-	<!--securecookie host="^www\.jobs\.barclays\.co\.uk$" name="^(?:guid|wplinkedin)$" /-->
-
-	<securecookie host="^\.barclays\.co\.uk$" name="^s_vi$" />
-	<securecookie host="^(?:.+\.)?barclays\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(jobs\.)?barclays\.co\.uk/"
-		to="https://www.$1barclays.co.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Barclays_Corporate.com.xml b/src/chrome/content/rules/Barclays_Corporate.com.xml
index dd5331a110b2..c9fe2507f277 100644
--- a/src/chrome/content/rules/Barclays_Corporate.com.xml
+++ b/src/chrome/content/rules/Barclays_Corporate.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://barclayscorporate.com/ => https://www.barclayscorporate.com/
 	^barclayscorporate.com: Mismatched
 
 -->
-<ruleset name="Barclays Corporate.com" default_off='failed ruleset test'>
+<ruleset name="Barclays Corporate.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bardwil_Home.xml b/src/chrome/content/rules/Bardwil_Home.xml
index e32cc541530f..823682dfa93b 100644
--- a/src/chrome/content/rules/Bardwil_Home.xml
+++ b/src/chrome/content/rules/Bardwil_Home.xml
@@ -13,4 +13,4 @@ Fetch error: http://bardwilhome.com/ => http://bardwilhome.com/: Redirect for 'h
 	<rule from="^http://(?:www\.)?bardwilhome\.com/(cdn-cgi/ping|Controller/User_Session/CallTryCookie|css/|photos/|Public/|store_image/|Styles/)"
 		to="https://www.bardwilhome.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BareMetal.xml b/src/chrome/content/rules/BareMetal.xml
index daaad5d39282..62f6015ad4d4 100644
--- a/src/chrome/content/rules/BareMetal.xml
+++ b/src/chrome/content/rules/BareMetal.xml
@@ -7,13 +7,13 @@
 <ruleset name="BareMetal" platform="mixedcontent">
 
 	<target host="baremetal.com" />
-	<target host="*.baremetal.com" />
+	<target host="www.baremetal.com" />
+	<target host="swww.baremetal.com" />
 
 
 	<securecookie host="^swww\.baremetal\.com$" name=".+" />
 
 
-	<rule from="^http://(proxy\.|s?www\.)?baremetal\.com/"
-		to="https://$1baremetal.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bareos.xml b/src/chrome/content/rules/Bareos.xml
index a6da4469fbba..860751ca7d75 100644
--- a/src/chrome/content/rules/Bareos.xml
+++ b/src/chrome/content/rules/Bareos.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barfi.ch.xml b/src/chrome/content/rules/Barfi.ch.xml
deleted file mode 100644
index f4d9df135174..000000000000
--- a/src/chrome/content/rules/Barfi.ch.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	Invalid certificate:
-		- files.barfi.ch
--->
-<ruleset name="Barfi.ch">
-	<target host="barfi.ch" />
-	<target host="www.barfi.ch" />
-	<target host="app.barfi.ch" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BarkerJr.net.xml b/src/chrome/content/rules/BarkerJr.net.xml
index 7e5afee95d3b..6c821a722b8f 100644
--- a/src/chrome/content/rules/BarkerJr.net.xml
+++ b/src/chrome/content/rules/BarkerJr.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.barkerjr.net/ => https://www.barkerjr.net/: (51, "SSL: n
 	^barkerjr.net doesn't exist.
 
 -->
-<ruleset name="BarkerJr.net" default_off='failed ruleset test'>
+<ruleset name="BarkerJr.net" default_off="failed ruleset test">
 
 	<target host="www.barkerjr.net" />
 
diff --git a/src/chrome/content/rules/Barnard_College.xml b/src/chrome/content/rules/Barnard_College.xml
index 6b4222a56a1b..e4b60229897c 100644
--- a/src/chrome/content/rules/Barnard_College.xml
+++ b/src/chrome/content/rules/Barnard_College.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barnebys.com.xml b/src/chrome/content/rules/Barnebys.com.xml
index 0dc18495bcdc..639cd4ec5683 100644
--- a/src/chrome/content/rules/Barnebys.com.xml
+++ b/src/chrome/content/rules/Barnebys.com.xml
@@ -29,10 +29,6 @@
 	<target host="widget.barnebys.com" />
 
 
-	<rule from="^http://widget\.barnebys\.com/"
-		to="https://d3dvc13yhtcxbb.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Barnes-Jewish_Hospital.xml b/src/chrome/content/rules/Barnes-Jewish_Hospital.xml
index 2f5af3078bdc..703a50375aab 100644
--- a/src/chrome/content/rules/Barnes-Jewish_Hospital.xml
+++ b/src/chrome/content/rules/Barnes-Jewish_Hospital.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.barnesjewish.org/ => http://www.barnesjewish.org/: (60,
 	Some pages redirect to http
 
 -->
-<ruleset name="Barnes-Jewish Hospital (partial)" default_off='failed ruleset test'>
+<ruleset name="Barnes-Jewish Hospital (partial)" default_off="failed ruleset test">
 
 	<target host="barnesjewish.org" />
 	<target host="www.barnesjewish.org" />
@@ -22,4 +22,4 @@ Fetch error: http://www.barnesjewish.org/ => http://www.barnesjewish.org/: (60,
 	<rule from="^http://(?:www\.)?barnesjewish\.org/(BJHControls/|favicon\.ico|images/|MediaGallery/|skins/|styles/|[uU]pload/)"
 		to="https://www.barnesjewish.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Barnskospecialisten.se.xml b/src/chrome/content/rules/Barnskospecialisten.se.xml
index b97d32ff8a2a..0f2e10206440 100644
--- a/src/chrome/content/rules/Barnskospecialisten.se.xml
+++ b/src/chrome/content/rules/Barnskospecialisten.se.xml
@@ -1,6 +1,8 @@
-<ruleset name="Barnskospecialisten.se" platform="mixedcontent">
-  <target host="www.barnskospecialisten.se" />
-  <target host="barnskospecialisten.se" />
-  <rule from="^http:" to="https:" />
-</ruleset>
+<ruleset name="Barnskospecialisten.se" >
+	<target host="barnskospecialisten.se" />
+	<target host="www.barnskospecialisten.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bart.gov.xml b/src/chrome/content/rules/Bart.gov.xml
index 860bcc94e82d..44ee0adb265e 100644
--- a/src/chrome/content/rules/Bart.gov.xml
+++ b/src/chrome/content/rules/Bart.gov.xml
@@ -10,7 +10,7 @@ Fetch error: http://ws8.bart.gov/ => https://ws8.bart.gov/: (35, 'Unknown SSL pr
 	- ws15.bart.gov		(incomplete certificate chain)
 
 -->
-<ruleset name="Bart.gov" default_off='failed ruleset test'>
+<ruleset name="Bart.gov" default_off="failed ruleset test">
 
 	<target host="bart.gov" />
 	<target host="www.bart.gov" />
diff --git a/src/chrome/content/rules/Barter.vg.xml b/src/chrome/content/rules/Barter.vg.xml
deleted file mode 100644
index a3b291d7262f..000000000000
--- a/src/chrome/content/rules/Barter.vg.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Barter.vg">
-	<target host="barter.vg" />
-	<target host="www.barter.vg" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bash.im.xml b/src/chrome/content/rules/Bash.im.xml
new file mode 100644
index 000000000000..5f5057be0c64
--- /dev/null
+++ b/src/chrome/content/rules/Bash.im.xml
@@ -0,0 +1,12 @@
+<!--
+	Does not connect over HTTPS:
+		lol.bash.im
+-->
+<ruleset name="Bash.im">
+	<target host="bash.im" />
+	<target host="www.bash.im" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bashy.io.xml b/src/chrome/content/rules/Bashy.io.xml
new file mode 100644
index 000000000000..bece358e6aeb
--- /dev/null
+++ b/src/chrome/content/rules/Bashy.io.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.bashy.io:
+		- bashy.io
+		- clippy
+		- dokku
+-->
+<ruleset name="Bashy.io">
+	<target host="bashy.io" />
+	<target host="www.bashy.io" />
+	<target host="canvas.bashy.io" />
+	<target host="ghost.bashy.io" />
+	<target host="launchpage.bashy.io" />
+
+	<rule from="^http://bashy\.io/" to="https://www.bashy.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bathnes.gov.uk.xml b/src/chrome/content/rules/Bathnes.gov.uk.xml
index f99c28f2d983..3249601d1884 100644
--- a/src/chrome/content/rules/Bathnes.gov.uk.xml
+++ b/src/chrome/content/rules/Bathnes.gov.uk.xml
@@ -23,7 +23,7 @@ Fetch error: http://capita.bathnes.gov.uk/ => https://capita.bathnes.gov.uk/: (2
 
 		- ess ᶜ
 		- mss ᶜ
-	
+
 	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 
 
@@ -48,7 +48,7 @@ Fetch error: http://capita.bathnes.gov.uk/ => https://capita.bathnes.gov.uk/: (2
 		- secure.bathnes.gov.uk
 
 -->
-<ruleset name="Bathnes.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bathnes.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="bathnes.gov.uk" />
 	<target host="art.bathnes.gov.uk" />
diff --git a/src/chrome/content/rules/Batman_Arkham_Knight.com.xml b/src/chrome/content/rules/Batman_Arkham_Knight.com.xml
deleted file mode 100644
index bfd051db2bac..000000000000
--- a/src/chrome/content/rules/Batman_Arkham_Knight.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	^batmanarkhamknight.com: Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Mixed content:
-
-		- Bug from b.scorecardresearch.com *
-
-	* Secured by us
-
--->
-<ruleset name="Batman Arkham Knight.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.batmanarkhamknight.com" />
-
-	<!--	Complications:
-				-->
-	<target host="batmanarkhamknight.com" />
-
-
-	<rule from="^http://batmanarkhamknight\.com/"
-		to="https://www.batmanarkhamknight.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Batmanarkhamorigins.com.xml b/src/chrome/content/rules/Batmanarkhamorigins.com.xml
index e08b1ea30550..f1a2e2ccfc6c 100644
--- a/src/chrome/content/rules/Batmanarkhamorigins.com.xml
+++ b/src/chrome/content/rules/Batmanarkhamorigins.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://batmanarkhamorigins.com/ => https://www.batmanarkhamorigins.
 Fetch error: http://www.batmanarkhamorigins.com/ => https://www.batmanarkhamorigins.com/: (7, 'Failed to connect to www.batmanarkhamorigins.com port 443: Connection timed out')
 
 -->
-<ruleset name="Batmanarkhamorigins.com" default_off='failed ruleset test'>
+<ruleset name="Batmanarkhamorigins.com" default_off="failed ruleset test">
   <target host="batmanarkhamorigins.com" />
   <target host="www.batmanarkhamorigins.com" />
 
diff --git a/src/chrome/content/rules/Battelle.xml b/src/chrome/content/rules/Battelle.xml
index 4c1e739ce55f..cab7d92b5931 100644
--- a/src/chrome/content/rules/Battelle.xml
+++ b/src/chrome/content/rules/Battelle.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?battelle\.org/(careers/(?:benefits|current-openings|our-culture)(?:$|\?)|docs/|doing-business-with-us/commercial-clients(?:$|\?)|favicon\.ico|feeds/|images/|Sitefinity/|Telerik\.Web\.UI\.WebResource\.axd)"
 		to="https://$1battelle.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Battle.net.xml b/src/chrome/content/rules/Battle.net.xml
index 3887420710f5..94dd383e5439 100644
--- a/src/chrome/content/rules/Battle.net.xml
+++ b/src/chrome/content/rules/Battle.net.xml
@@ -32,17 +32,23 @@
 <ruleset name="Battle.net (partial)">
 
 	<target host="battle.net" />
-	<target host="*.battle.net" />
+	<target host="eu.battle.net" />
+	<target host="forums.battle.net" />
+	<target host="kr.battle.net" />
+	<target host="sea.battle.net" />
+	<target host="tw.battle.net" />
+	<target host="us.battle.net" />
+	<target host="www.battle.net" />
+	<target host="us.media3.battle.net" />
 		<exclusion pattern="^http://(?:(?:eu|kr|sea|tw|us|www)\.)?battle\.net/(?!(?:account|d3|login)(?:$|\?|/)|favicon\.ico|static(?:-render)?/|.+/static/)" />
 
 
 	<securecookie host="^forums\.battle\.net$" name=".+" />
 
 
-	<rule from="^http://((?:eu|forums|kr|sea|tw|us|www)\.)?battle\.net/"
-		to="https://$1battle.net/" />
 
 	<rule from="^http://us\.media3\.battle\.net/"
 		to="https://bnetcmsus-a.akamaihd.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Battle_Creek_Enquirer.xml b/src/chrome/content/rules/Battle_Creek_Enquirer.xml
index 49e68ef900e5..f2dc1483b1a1 100644
--- a/src/chrome/content/rules/Battle_Creek_Enquirer.xml
+++ b/src/chrome/content/rules/Battle_Creek_Enquirer.xml
@@ -11,7 +11,8 @@
 <ruleset name="Battle Creek Enquirer">
 
 	<target host="battlecreekenquirer.com" />
-	<target host="*.battlecreekenquirer.com" />
+	<target host="cmsimg.battlecreekenquirer.com" />
+	<target host="www.battlecreekenquirer.com" />
 
 
 	<securecookie host="^www\.battlecreekenquirer\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Bauhaus-University_Weimar.xml b/src/chrome/content/rules/Bauhaus-University_Weimar.xml
index a3bcd1933c26..2086bed02b0e 100644
--- a/src/chrome/content/rules/Bauhaus-University_Weimar.xml
+++ b/src/chrome/content/rules/Bauhaus-University_Weimar.xml
@@ -9,13 +9,13 @@
 -->
 <ruleset name="Bauhaus-University Weimar (partial)">
 
-	<target host="*.uni-weimar.de" />
+	<target host="webmail.uni-weimar.de" />
+	<target host="www.uni-weimar.de" />
 
 
-	<securecookie host="^.+\.uni-weimar\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://w(ebmail|ww)\.uni-weimar\.de/"
-		to="https://w$1.uni-weimar.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Baxter_Bulletin.xml b/src/chrome/content/rules/Baxter_Bulletin.xml
index 77d37b13cdf2..4df02e1268ca 100644
--- a/src/chrome/content/rules/Baxter_Bulletin.xml
+++ b/src/chrome/content/rules/Baxter_Bulletin.xml
@@ -11,7 +11,8 @@
 <ruleset name="The Baxter Bulletin">
 
 	<target host="baxterbulletin.com" />
-	<target host="*.baxterbulletin.com" />
+	<target host="cmsimg.baxterbulletin.com" />
+	<target host="www.baxterbulletin.com" />
 
 
 	<securecookie host="^www\.baxterbulletin\.com$" name=".+" />
diff --git a/src/chrome/content/rules/BayFiles.xml b/src/chrome/content/rules/BayFiles.xml
index 67c23658a8fa..76a3eb40ceb8 100644
--- a/src/chrome/content/rules/BayFiles.xml
+++ b/src/chrome/content/rules/BayFiles.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.bayfiles.com/ => https://bayfiles.net/: (28, 'Resolving
 Fetch error: http://bayfiles.net/ => https://bayfiles.net/: (28, 'Resolving timed out after 10519 milliseconds')
 Fetch error: http://www.bayfiles.net/ => https://www.bayfiles.net/: (28, 'Resolving timed out after 10518 milliseconds')
 -->
-<ruleset name="BayFiles" default_off='failed ruleset test'>
+<ruleset name="BayFiles" default_off="failed ruleset test">
 
 	<target host="bayfiles.com" />
 	<target host="www.bayfiles.com" />
diff --git a/src/chrome/content/rules/BayLeaks.com.xml b/src/chrome/content/rules/BayLeaks.com.xml
index ee23fb961973..359699fc42df 100644
--- a/src/chrome/content/rules/BayLeaks.com.xml
+++ b/src/chrome/content/rules/BayLeaks.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://bayleaks.com/ => https://bayleaks.com/: (7, 'Failed to conne
 Fetch error: http://www.bayleaks.com/ => https://www.bayleaks.com/: (7, 'Failed to connect to www.bayleaks.com port 443: Connection refused')
 
 -->
-<ruleset name="BayLeaks.com" default_off='failed ruleset test'>
+<ruleset name="BayLeaks.com" default_off="failed ruleset test">
 
 	<target host="bayleaks.com" />
 	<target host="www.bayleaks.com" />
diff --git a/src/chrome/content/rules/BayLibre.com.xml b/src/chrome/content/rules/BayLibre.com.xml
index f663ac5daa50..2e319d073463 100644
--- a/src/chrome/content/rules/BayLibre.com.xml
+++ b/src/chrome/content/rules/BayLibre.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.baylibre.com/ => https://www.baylibre.com/: (51, "SSL: n
 	* Secured by us
 
 -->
-<ruleset name="BayLibre.com" default_off='failed ruleset test'>
+<ruleset name="BayLibre.com" default_off="failed ruleset test">
 
 	<target host="baylibre.com" />
 	<target host="www.baylibre.com" />
diff --git a/src/chrome/content/rules/Bay_Area_Amusements.xml b/src/chrome/content/rules/Bay_Area_Amusements.xml
index 564ed48965fc..421835b5fa07 100644
--- a/src/chrome/content/rules/Bay_Area_Amusements.xml
+++ b/src/chrome/content/rules/Bay_Area_Amusements.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bay_Citizen.org.xml b/src/chrome/content/rules/Bay_Citizen.org.xml
index 63f079beb1b6..81df65ff5900 100644
--- a/src/chrome/content/rules/Bay_Citizen.org.xml
+++ b/src/chrome/content/rules/Bay_Citizen.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.baycitizen.org/ => https://www.baycitizen.org/: (60, 'SS
 	^: dropped
 
 -->
-<ruleset name="Bay Citizen.org" default_off='failed ruleset test'>
+<ruleset name="Bay Citizen.org" default_off="failed ruleset test">
 
 	<target host="baycitizen.org" />
 	<target host="www.baycitizen.org" />
diff --git a/src/chrome/content/rules/Baylor.edu.xml b/src/chrome/content/rules/Baylor.edu.xml
index fcbffe394796..d018a88d9bf3 100644
--- a/src/chrome/content/rules/Baylor.edu.xml
+++ b/src/chrome/content/rules/Baylor.edu.xml
@@ -23,7 +23,9 @@
 <ruleset name="Baylor.edu (partial)">
 
 	<target host="baylor.edu" />
-	<target host="*.baylor.edu" />
+	<target host="www.baylor.edu" />
+	<target host="m.baylor.edu" />
+	<target host="www1.baylor.edu" />
 
 
 	<!--	Not secured by server:
@@ -37,7 +39,6 @@
 	<rule from="^http://(?:www\.)?baylor\.edu/"
 		to="https://www.baylor.edu/" />
 
-	<rule from="^http://(m|www1)\.baylor\.edu/"
-		to="https://$1.baylor.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bayyinah.com.xml b/src/chrome/content/rules/Bayyinah.com.xml
new file mode 100644
index 000000000000..d6924994e36e
--- /dev/null
+++ b/src/chrome/content/rules/Bayyinah.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Bayyinah.com">
+	<target host="bayyinah.com" />
+	<target host="www.bayyinah.com" />
+	<target host="arabic.bayyinah.com" />
+	<target host="blog.bayyinah.com" />
+	<target host="dream.bayyinah.com" />
+	<target host="events.bayyinah.com" />
+	<target host="id.bayyinah.com" />
+	<target host="live.bayyinah.com" />
+	<target host="oldsite.bayyinah.com" />
+	<target host="podcast.bayyinah.com" />
+	<target host="quran.bayyinah.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bazaarvoice.xml b/src/chrome/content/rules/Bazaarvoice.xml
index efd508a358d2..fea1339bf7e5 100644
--- a/src/chrome/content/rules/Bazaarvoice.xml
+++ b/src/chrome/content/rules/Bazaarvoice.xml
@@ -48,7 +48,7 @@ Non-2xx HTTP code: http://resources.bazaarvoice.com/rs/bazaarvoice/images/logo_b
 		- login.bazaarvoice.com
 
 -->
-<ruleset name="Bazaarvoice.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bazaarvoice.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Baztab.net.xml b/src/chrome/content/rules/Baztab.net.xml
index c7bdbfd4d14a..57b7435d312c 100644
--- a/src/chrome/content/rules/Baztab.net.xml
+++ b/src/chrome/content/rules/Baztab.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.baztab.net/ => https://www.baztab.net/: (28, 'Connection
 Disabled by https-everywhere-checker because:
 Fetch error: http://baztab.net/ => https://baztab.net/: (6, 'Could not resolve host: baztab.net')
 -->
-<ruleset name="baztab.net" default_off='failed ruleset test'>
+<ruleset name="baztab.net" default_off="failed ruleset test">
 
 	<target host="baztab.net" />
 	<target host="www.baztab.net" />
@@ -18,4 +18,4 @@ Fetch error: http://baztab.net/ => https://baztab.net/: (6, 'Could not resolve h
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BazzApp.xml b/src/chrome/content/rules/BazzApp.xml
deleted file mode 100644
index a4180d252782..000000000000
--- a/src/chrome/content/rules/BazzApp.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://bazzapp.com/ => http://bazzapp.com/: (6, 'Could not resolve host: bazzapp.com')
-Fetch error: http://www.bazzapp.com/ => http://www.bazzapp.com/: (28, 'Connection timed out after 10001 milliseconds')
-	www CN: homolog
-
--->
-<ruleset name="BazzApp">
-
-	<target host="bazzapp.com" />
-	<target host="www.bazzapp.com" />
-
-
-	<securecookie host="^bazzapp\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?bazapp\.com/"
-		to="https://bazapp.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bbelements.com.xml b/src/chrome/content/rules/Bbelements.com.xml
index 5a7463fb6962..e4f617c6d363 100644
--- a/src/chrome/content/rules/Bbelements.com.xml
+++ b/src/chrome/content/rules/Bbelements.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://go.pol.bbelements.com/ => https://go.pol.bbelements.com/: (6
 		- . . .
 
 -->
-<ruleset name="bbelements.com (partial)" default_off='failed ruleset test'>
+<ruleset name="bbelements.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bbva.es.xml b/src/chrome/content/rules/Bbva.es.xml
index 9ee4a77b678b..b9628cac0d00 100644
--- a/src/chrome/content/rules/Bbva.es.xml
+++ b/src/chrome/content/rules/Bbva.es.xml
@@ -1,7 +1,7 @@
 <!--
 	Website of the Spanish bank BBVA (bbva.es).
 	See <https://en.wikipedia.org/wiki/Banco_Bilbao_Vizcaya_Argentaria>.
-	
+
 	There are many domain names related to bbva.es which have not been studied yet.
 	Some of them are:
 		* bancaresponsable.com
@@ -18,7 +18,7 @@
 		* fundacionmicrofinanzasbbva.org
 		* ligabbva.com
 		* rutaquetzalbbva.com
-	
+
 	Subdomains of bbva.es that do not support HTTPS or use an invalid certificate:
 		* blog.bbva.es
 		* info.bbva.es
diff --git a/src/chrome/content/rules/BdAdam.com.xml b/src/chrome/content/rules/BdAdam.com.xml
new file mode 100644
index 000000000000..d8d95800cc63
--- /dev/null
+++ b/src/chrome/content/rules/BdAdam.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS:
+		- bdadam.com
+-->
+
+<ruleset name="BdAdam.com">
+	<target host="bdadam.com" />
+	<target host="www.bdadam.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bdimg.com.xml b/src/chrome/content/rules/Bdimg.com.xml
index 7d2216dfb712..85f45b300c59 100644
--- a/src/chrome/content/rules/Bdimg.com.xml
+++ b/src/chrome/content/rules/Bdimg.com.xml
@@ -1,16 +1,12 @@
 <!--
 	For other Baidu coverage, see Baidu.xml.
 
-	405:
-		iknow.bdimg.com	( https://iknow.bdimg.com/static/common/widget/lib/swfupload/swfupload_b24a26d.js )
-
 	Mismatched:
 		*.hiphotos.bdimg.com
-		cdn.iknow.bdimg.com	( http://cdn.iknow.bdimg.com/static/common/widget/lib/swfupload/swfupload_b24a26d.js )
+		cdn.iknow.bdimg.com	( https://cdn.iknow.bdimg.com/static/common/widget/lib/swfupload/swfupload_b24a26d.js )
 		static.muzhi.bdimg.com
 		newpc2.nuomi.bdimg.com
 		s0.nuomi.bdimg.com
-		sjws.bdimg.com
 
 	SSL_ERROR_NO_CYPHER_OVERLAP:
 		- iknow0[1-5].bosstatic.bdimg.com	( http://iknow01.bosstatic.bdimg.com/tuiguangwei/jingyan270170.jpeg )
@@ -26,6 +22,9 @@
 		<test url="http://himg.bdimg.com/sys/portrait/item/e999e992b1c2b7e58588e7949f7b16.jpg" />
 	<target host="hiphotos.bdimg.com" />
 		<test url="http://hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+	<target host="iknow.bdimg.com" />
+	<target host="jump2.bdimg.com" />
+	<target host="sjws.bdimg.com" />
 	<target host="su.bdimg.com" />
 	<target host="wkstatic.bdimg.com" />
 
@@ -34,6 +33,21 @@
 		to="https://hiphotos.bdimg.com/" />
 		<test url="http://a.hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
 		<test url="http://123.abc.hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+		<test url="http://23456789.abcdefg.hiphotos.bdimg.com/album/pic/item/b3fb43166d224f4a42c293870bf790529922d1cf.jpg" />
+
+	<target host="cdn.iknow.bdimg.com" />
+	<rule from="^http://cdn\.iknow\.bdimg\.com/"
+		to="https://iknow.bdimg.com/" />
+		<test url="http://cdn.iknow.bdimg.com/static/common/widget/lib/swfupload/swfupload_b24a26d.js" />
+
+	<!-- 404
+ 		 jump and jump2 equal to tieba.baidu.com
+ 		 Redirect them while tieba.baidu.com been fixed in Baidu.xml
+		 -->
+	<target host="jump.bdimg.com" />
+	<rule from="^http://jump\.bdimg\.com/"
+		to="https://jump2.bdimg.com/" />
+		<test url="http://jump.bdimg.com/p/3584519008" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BeNaughty.com.xml b/src/chrome/content/rules/BeNaughty.com.xml
index be595263b9a3..340e5a6bc049 100644
--- a/src/chrome/content/rules/BeNaughty.com.xml
+++ b/src/chrome/content/rules/BeNaughty.com.xml
@@ -17,17 +17,18 @@
 <ruleset name="BeNaughty.com (partial)">
 
 	<target host="benaughty.com"/>
-	<target host="*.benaughty.com"/>
+	<target host="www.benaughty.com" />
+	<target host="cdn.benaughty.com" />
+	<target host="ed.benaughty.com" />
 		<exclusion pattern="^http://ed\.benaughty\.com/(?!ext\.php)" />
 
 
-	<securecookie host="^(?:.*\.)?benaughty\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?benaughty\.com/"
 		to="https://www.benaughty.com/"/>
 
-	<rule from="^http://(cdn|ed)\.benaughty\.com/"
-		to="https://$1.benaughty.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BeSTGRID.org.xml b/src/chrome/content/rules/BeSTGRID.org.xml
deleted file mode 100644
index eb980b5f5cc6..000000000000
--- a/src/chrome/content/rules/BeSTGRID.org.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	(www.)?bestgrid.org: Mismatched
-
-
-	These altnames don't exist:
-
-		- www.technical.bestgrid.org
-
--->
-<ruleset name="BeSTGRID.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="technical.bestgrid.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Be_Diff.com.br.xml b/src/chrome/content/rules/Be_Diff.com.br.xml
index 95bff8c9560b..a5e7ad6ea25e 100644
--- a/src/chrome/content/rules/Be_Diff.com.br.xml
+++ b/src/chrome/content/rules/Be_Diff.com.br.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bediff.com.br/ => https://bediff.com.br/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Be Diff.com.br" default_off='failed ruleset test'>
+<ruleset name="Be Diff.com.br" default_off="failed ruleset test">
 
 	<target host="bediff.com.br" />
 	<target host="www.bediff.com.br" />
diff --git a/src/chrome/content/rules/Be_Mobile.ua.xml b/src/chrome/content/rules/Be_Mobile.ua.xml
index 550726c2f1be..a5fd47f3c218 100644
--- a/src/chrome/content/rules/Be_Mobile.ua.xml
+++ b/src/chrome/content/rules/Be_Mobile.ua.xml
@@ -18,7 +18,7 @@
 	² Unsecurable <= refused
 
 -->
-<ruleset name="Be Mobile.ua" default_off="missing certificate chain">
+<ruleset name="Be Mobile.ua" default_off="cert-chain">
 
 	<target host="bemobile.ua" />
 	<target host="juke.mmi.bemobile.ua" />
@@ -29,7 +29,7 @@
 					-->
 	<!--securecookie host="^bemobile\.ua$" name="^(?:[\da-f]{32}|jfcookie|jfcookie\[lang\]|lang)$" /-->
 
-	<securecookie host="^bemobile\.ua$" name="" />
+	<securecookie host="^bemobile\.ua$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Beacon_Initiative.xml b/src/chrome/content/rules/Beacon_Initiative.xml
index 1127f8fa6e45..6e1ebe80b5ac 100644
--- a/src/chrome/content/rules/Beacon_Initiative.xml
+++ b/src/chrome/content/rules/Beacon_Initiative.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://beaconinitiative.com/ => https://beaconinitiative.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Beacon Initiative" default_off='failed ruleset test'>
+<ruleset name="Beacon Initiative" default_off="failed ruleset test">
 
 	<target host="beaconinitiative.com" />
 	<target host="www.beaconinitiative.com" />
@@ -22,4 +22,4 @@ Fetch error: http://beaconinitiative.com/ => https://beaconinitiative.com/: (28,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beagle_Street.xml b/src/chrome/content/rules/Beagle_Street.xml
index 21298a4cbbc5..aafe17d7706c 100644
--- a/src/chrome/content/rules/Beagle_Street.xml
+++ b/src/chrome/content/rules/Beagle_Street.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BeamYourScreen.xml b/src/chrome/content/rules/BeamYourScreen.xml
index 159e581790ce..549bb206faa5 100644
--- a/src/chrome/content/rules/BeamYourScreen.xml
+++ b/src/chrome/content/rules/BeamYourScreen.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.beamyourscreen.de/ => https://www.beamyourscreen.de/: (6
 Disabled by https-everywhere-checker because:
 Fetch error: http://beamyourscreen.de/ => https://beamyourscreen.de/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="BeamYourScreen" default_off='failed ruleset test'>
+<ruleset name="BeamYourScreen" default_off="failed ruleset test">
 
 	<target host="beamyourscreen.de" />
 	<target host="admin.beamyourscreen.de" />
@@ -17,4 +17,4 @@ Fetch error: http://beamyourscreen.de/ => https://beamyourscreen.de/: (60, 'SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beanstock_Media.xml b/src/chrome/content/rules/Beanstock_Media.xml
deleted file mode 100644
index 51f3109edbbe..000000000000
--- a/src/chrome/content/rules/Beanstock_Media.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)beanstockmedia.com	(http reply)
-
-
-	Problematic domains:
-
-		- tag.beanstock.co	(mismatched, CN: *.adnxs.com)
-		- ui.beanstock.co	(works; mismatched, CN: console.appnexus.com)
-
--->
-<ruleset name="Beanstock Media (partial)">
-
-	<target host="tag.beanstock.co" />
-
-
-	<rule from="^http://tag\.beanstock\.co/"
-		to="https://ib.adnxs.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bear.im.xml b/src/chrome/content/rules/Bear.im.xml
index f3ad70e6f753..b2774407b8ed 100644
--- a/src/chrome/content/rules/Bear.im.xml
+++ b/src/chrome/content/rules/Bear.im.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.bear.im/ => https://www.bear.im/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bear.im'")
 
 -->
-<ruleset name="bear.im" default_off='failed ruleset test'>
+<ruleset name="bear.im" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Beardoholic.com.xml b/src/chrome/content/rules/Beardoholic.com.xml
new file mode 100644
index 000000000000..7b2b13d1e40a
--- /dev/null
+++ b/src/chrome/content/rules/Beardoholic.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Beardoholic.com">
+	<target host="beardoholic.com" />
+	<target host="www.beardoholic.com" />
+	<target host="shop.beardoholic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beatport.com.xml b/src/chrome/content/rules/Beatport.com.xml
new file mode 100644
index 000000000000..261682620471
--- /dev/null
+++ b/src/chrome/content/rules/Beatport.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts:
+		Redirect to HTTP:
+		- classic.beatport.com
+		- sounds.beatport.com
+-->
+<ruleset name="Beatport.com">
+
+	<target host="beatport.com" />
+	<target host="www.beatport.com" />
+	<target host="accounts.beatport.com" />
+	<target host="baseware.beatport.com" />
+	<target host="dj.beatport.com" />
+	<target host="embed.beatport.com" />
+	<target host="geo-media.beatport.com" />
+	<test url="http://geo-media.beatport.com/image/2d4b4b06-d0a6-4d8d-b7d1-b68ed3bb6708.jpg" />
+	<target host="geo-pro.beatport.com" />
+	<test url="http://geo-pro.beatport.com/static/a48a3070545f4f6a5a266ab4624bdf348adc3401/images/apple-touch-icon-57x57.png" />
+	<target host="mixes.beatport.com" />
+	<target host="news.beatport.com" />
+	<target host="play.beatport.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Beatport.xml b/src/chrome/content/rules/Beatport.xml
deleted file mode 100644
index 24fd2e358ef8..000000000000
--- a/src/chrome/content/rules/Beatport.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dj	(redirects to http)
-
-
-	Problematic subdomains:
-
-		- embed		(redirects to http)
-
-
-	Partially covered subdomains:
-
-		- embed		(→ www)
-
-
-	Fully covered domains:
-
-		- beatport.com subdomains:
-
-			- (www.)
-			- accounts
-			- baseware
-			- geo-media
-			- mixes
-			- news
-			- play
-			- sounds
-
-		- static.bpddn.com
-
--->
-<ruleset name="Beatport (buggy)" default_off="JS redirection loop">
-
-	<target host="beatport.com" />
-	<target host="*.beatport.com" />
-	<target host="static.bpddn.com" />
-
-
-	<securecookie host="^(?:baseware)?\.beatport\.com$" name=".+" />
-
-
-	<rule from="^http://((?:accounts|baseware|geo-media|mixes|news|play|sounds|www)\.)?beatport\.com/"
-		to="https://$1beatport.com/" />
-
-	<rule from="^http://embed\.beatport\.com/(?:$|\?)"
-		to="https://www.beatport.com/" />
-
-	<rule from="^http://static\.bpddn\.com/"
-		to="https://static.bpddn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Beatsmedia.xml b/src/chrome/content/rules/Beatsmedia.xml
index ac8498ed0282..329c40c1ffd8 100644
--- a/src/chrome/content/rules/Beatsmedia.xml
+++ b/src/chrome/content/rules/Beatsmedia.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://beatsmedia.com/ => https://beatsmedia.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 Fetch error: http://www.beatsmedia.com/ => https://www.beatsmedia.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="Beatsmedia" default_off='failed ruleset test'>
+<ruleset name="Beatsmedia" default_off="failed ruleset test">
 
 	<target host="beatsmedia.com"/>
 	<target host="www.beatsmedia.com"/>
diff --git a/src/chrome/content/rules/BeautifulDecay.com.xml b/src/chrome/content/rules/BeautifulDecay.com.xml
index 7ad09f7586f7..b15551033e1e 100644
--- a/src/chrome/content/rules/BeautifulDecay.com.xml
+++ b/src/chrome/content/rules/BeautifulDecay.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://www.beautifuldecay.com/ => https://www.beautifuldecay.com/:
 	* Secured by us
 
 -->
-<ruleset name="BeautifulDecay.com (partial)" default_off='failed ruleset test'>
+<ruleset name="BeautifulDecay.com (partial)" default_off="failed ruleset test">
 
 	<target host="beautifuldecay.com" />
 	<target host="www.beautifuldecay.com" />
diff --git a/src/chrome/content/rules/Beaverbrooks.co.uk.xml b/src/chrome/content/rules/Beaverbrooks.co.uk.xml
index 0ffad8b56e83..eee5b8af8fcd 100644
--- a/src/chrome/content/rules/Beaverbrooks.co.uk.xml
+++ b/src/chrome/content/rules/Beaverbrooks.co.uk.xml
@@ -39,7 +39,8 @@
 <ruleset name="Beaverbrooks.co.uk (partial)">
 
 	<target host="beaverbrooks.co.uk" />
-	<target host="*.beaverbrooks.co.uk" />
+	<target host="www.beaverbrooks.co.uk" />
+	<target host="content.beaverbrooks.co.uk" />
 		<!--
 			Redirects to http:
 						-->
@@ -58,4 +59,4 @@
 	<rule from="^http://content\.beaverbrooks\.co\.uk/"
 		to="https://content.beaverbrooks.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bebo.com.xml b/src/chrome/content/rules/Bebo.com.xml
deleted file mode 100644
index 7b6f83a1aca0..000000000000
--- a/src/chrome/content/rules/Bebo.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bebo.com">
-  <target host="bebo.com" />
-  <target host="www.bebo.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Beck_PC.ch.xml b/src/chrome/content/rules/Beck_PC.ch.xml
index e3e9217f5cdd..75780e1d8fd1 100644
--- a/src/chrome/content/rules/Beck_PC.ch.xml
+++ b/src/chrome/content/rules/Beck_PC.ch.xml
@@ -12,7 +12,7 @@
 		- .pcp.ch
 
 -->
-<ruleset name="Beck PC.ch" default_off="missing certificate chain">
+<ruleset name="Beck PC.ch" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BedfordshirePolice.xml b/src/chrome/content/rules/BedfordshirePolice.xml
new file mode 100644
index 000000000000..03df4f67e3fc
--- /dev/null
+++ b/src/chrome/content/rules/BedfordshirePolice.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bedfordshire Police">
+	<target host="bedfordshire.police.uk" />
+	<target host="www.bedfordshire.police.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beeg.com.xml b/src/chrome/content/rules/Beeg.com.xml
index f255651f762c..a585125301d4 100644
--- a/src/chrome/content/rules/Beeg.com.xml
+++ b/src/chrome/content/rules/Beeg.com.xml
@@ -30,4 +30,4 @@
 	<target host="webmasters.beeg.com"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beeimg.com.xml b/src/chrome/content/rules/Beeimg.com.xml
new file mode 100644
index 000000000000..14744273885b
--- /dev/null
+++ b/src/chrome/content/rules/Beeimg.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Beeimg.com">
+	<target host="beeimg.com" />
+	<target host="www.beeimg.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BeenVerified.xml b/src/chrome/content/rules/BeenVerified.xml
index d81c499e9c52..fe0aaab60233 100644
--- a/src/chrome/content/rules/BeenVerified.xml
+++ b/src/chrome/content/rules/BeenVerified.xml
@@ -22,7 +22,12 @@
 <ruleset name="BeenVerified (partial)">
 
 	<target host="beenverified.com" />
-	<target host="*.beenverified.com" />
+	<target host="api.beenverified.com" />
+	<target host="sor.api.beenverified.com" />
+	<target host="www.sor.api.beenverified.com" />
+	<target host="m.beenverified.com" />
+	<target host="www.beenverified.com" />
+	<target host="support.beenverified.com" />
 		<exclusion pattern="^http://(?:www\.)?beenverified\.com/(?!(?:\?.*)?$|sitemap\.html)" />
 
 
diff --git a/src/chrome/content/rules/Beender.co.xml b/src/chrome/content/rules/Beender.co.xml
deleted file mode 100644
index eb7b11f71d77..000000000000
--- a/src/chrome/content/rules/Beender.co.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://beender.co/ => https://beender.co/: (28, 'Connection timed out after 20001 milliseconds')
-
-	www: 404
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="beender.co" default_off='failed ruleset test'>
-
-	<target host="beender.co" />
-	<target host="*.beender.co" />
-
-
-	<!--	Server doesn't secure:
-					-->
-	<securecookie host="^\.?beender\.co$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?beender\.co/"
-		to="https://beender.co/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Beetailer.com.xml b/src/chrome/content/rules/Beetailer.com.xml
index 75c5dfcfee39..da91d95b17f4 100644
--- a/src/chrome/content/rules/Beetailer.com.xml
+++ b/src/chrome/content/rules/Beetailer.com.xml
@@ -27,16 +27,16 @@
 <ruleset name="Beetailer.com">
 
 	<target host="beetailer.com" />
-	<target host="*.beetailer.com" />
+	<target host="www.beetailer.com" />
+	<target host="support.beetailer.com" />
 
 
 	<securecookie host="^www\.beetailer\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?beetailer\.com/"
-		to="https://$1beetailer.com/" />
 
 	<rule from="^http://support\.beetailer\.com/"
 		to="https://beetailer.tenderapp.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Beginner_Triathlete.xml b/src/chrome/content/rules/Beginner_Triathlete.xml
index e4c9a9483950..123f27a0f9e1 100644
--- a/src/chrome/content/rules/Beginner_Triathlete.xml
+++ b/src/chrome/content/rules/Beginner_Triathlete.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.beginnertriathlete.com/ => https://www.beginnertriathlet
 		- ox	(shows www; mismatched, CN: ox.beginnertriathlete.com)
 
 -->
-<ruleset name="Beginner Triathlete (partial)" default_off='failed ruleset test'>
+<ruleset name="Beginner Triathlete (partial)" default_off="failed ruleset test">
 
 	<target host="beginnertriathlete.com" />
 	<target host="www.beginnertriathlete.com" />
@@ -23,4 +23,4 @@ Fetch error: http://www.beginnertriathlete.com/ => https://www.beginnertriathlet
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Begun.xml b/src/chrome/content/rules/Begun.xml
index 73ec74f5e3ef..6b032a5aae06 100644
--- a/src/chrome/content/rules/Begun.xml
+++ b/src/chrome/content/rules/Begun.xml
@@ -7,7 +7,7 @@
 		- my2
 		- smart
 
-		- 
+		-
 	Insecure cookies are set for these domains and hosts:
 
 		- .begun.ru
diff --git a/src/chrome/content/rules/Behance.xml b/src/chrome/content/rules/Behance.xml
index 0407e36af328..783a70149053 100644
--- a/src/chrome/content/rules/Behance.xml
+++ b/src/chrome/content/rules/Behance.xml
@@ -10,7 +10,9 @@
 <ruleset name="Behance (partial)">
 
 	<target host="behance.net" />
-	<target host="*.behance.net" />
+	<target host="www.behance.net" />
+	<target host="a2.behance.net" />
+	<target host="help.behance.net" />
 
 
 	<!--	Secured by server:
@@ -28,7 +30,6 @@
 	<rule from="^http://(?:www\.)?behance\.net/"
 		to="https://www.behance.net/" />
 
-	<rule from="^http://(a2|help)\.behance\.net/"
-		to="https://$1.behance.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Behr.xml b/src/chrome/content/rules/Behr.xml
index 1fa9dac83e14..9004b8836e43 100644
--- a/src/chrome/content/rules/Behr.xml
+++ b/src/chrome/content/rules/Behr.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.behr.com/ => https://www.behr.com/: Too many redirects w
 Disabled by https-everywhere-checker because:
 Fetch error: http://behr.com/ => https://behr.com/: Cycle detected - URL already encountered: https://www.behr.com/
 -->
-<ruleset name="Behr" default_off='failed ruleset test'>
+<ruleset name="Behr" default_off="failed ruleset test">
 
 	<target host="behr.com" />
 	<target host="m.behr.com" />
@@ -17,4 +17,4 @@ Fetch error: http://behr.com/ => https://behr.com/: Cycle detected - URL already
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beleza_na_Web.xml b/src/chrome/content/rules/Beleza_na_Web.xml
index ed2791d8c7fc..92f78d8150c2 100644
--- a/src/chrome/content/rules/Beleza_na_Web.xml
+++ b/src/chrome/content/rules/Beleza_na_Web.xml
@@ -24,7 +24,7 @@ Fetch error: http://belezanaweb.net.br/ => http://belezanaweb.net.br/: (28, 'Con
 		- static[123]	(→ d33827d8ipi614.cloudfront.net)
 
 -->
-<ruleset name="Beleza na Web (partial)" default_off='failed ruleset test'>
+<ruleset name="Beleza na Web (partial)" default_off="failed ruleset test">
 
 	<target host="belezanaweb.net.br" />
 	<target host="*.belezanaweb.net.br" />
@@ -41,4 +41,4 @@ Fetch error: http://belezanaweb.net.br/ => http://belezanaweb.net.br/: (28, 'Con
 	<rule from="^http://static\d?\.belezanaweb\.net\.br/"
 		to="https://d33827d8ipi614.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Belkin.xml b/src/chrome/content/rules/Belkin.xml
index 5cab829f6d3b..c96e25c0c7b6 100644
--- a/src/chrome/content/rules/Belkin.xml
+++ b/src/chrome/content/rules/Belkin.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?belkin\.com/(favicon\.ico|images/|\w\w/login(?:$|\?|/)|medias/|resources/|_ui/|\w\w/_ui/)"
 		to="https://www.belkin.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BellSouth.xml b/src/chrome/content/rules/BellSouth.xml
index 7c23f6ed60a6..83555f14993c 100644
--- a/src/chrome/content/rules/BellSouth.xml
+++ b/src/chrome/content/rules/BellSouth.xml
@@ -13,10 +13,11 @@ Fetch error: http://bellsouth.com/ => https://www.bellsouth.com/: (35, 'Unknown
 		- $	(cert only matches www)
 
 -->
-<ruleset name="BellSouth (partial)" default_off='failed ruleset test'>
+<ruleset name="BellSouth (partial)" default_off="failed ruleset test">
 
 	<target host="bellsouth.com" />
-	<target host="*.bellsouth.com" />
+	<target host="www.bellsouth.com" />
+	<target host="smallbusiness.bellsouth.com" />
 
 
 	<securecookie host="^smallbusiness\.bellsouth\.com$" name=".+" />
@@ -25,7 +26,6 @@ Fetch error: http://bellsouth.com/ => https://www.bellsouth.com/: (35, 'Unknown
 	<rule from="^http://(?:www\.)?bellsouth\.com/"
 		to="https://www.bellsouth.com/" />
 
-	<rule from="^http://smallbusiness\.bellsouth\.com/"
-		to="https://smallbusiness.bellsouth.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bellazon.com.xml b/src/chrome/content/rules/Bellazon.com.xml
new file mode 100644
index 000000000000..84073043243e
--- /dev/null
+++ b/src/chrome/content/rules/Bellazon.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bellazon.com">
+	<target host="bellazon.com" />
+	<target host="www.bellazon.com" />
+	<target host="dev.bellazon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bellingham_School_District.xml b/src/chrome/content/rules/Bellingham_School_District.xml
index 4076758cb475..a05a7338f053 100644
--- a/src/chrome/content/rules/Bellingham_School_District.xml
+++ b/src/chrome/content/rules/Bellingham_School_District.xml
@@ -11,10 +11,9 @@
 <ruleset name="Bellingham School District (partial)">
 
 	<target host="bellinghamschools.org" />
-	<target host="*.bellinghamschools.org" />
+	<target host="sehome.bellinghamschools.org" />
+	<target host="www.bellinghamschools.org" />
 
+  <rule from="^http:" to="https:" />
 
-	<rule from="^http://(sehome\.|www\.)?bellinghamschools\.org/(misc|sites)/"
-		to="https://$1bellinghamschools.org/$2/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Belpino.se.xml b/src/chrome/content/rules/Belpino.se.xml
index 40496d3a05c2..d327a58002f7 100644
--- a/src/chrome/content/rules/Belpino.se.xml
+++ b/src/chrome/content/rules/Belpino.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.belpino.se/ => https://www.belpino.se/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://belpino.se/ => https://belpino.se/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Belpino.se" default_off='failed ruleset test'>
+<ruleset name="Belpino.se" default_off="failed ruleset test">
   <target host="www.belpino.se" />
   <target host="belpino.se" />
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Beltelecom.by.xml b/src/chrome/content/rules/Beltelecom.by.xml
deleted file mode 100644
index cd135181e149..000000000000
--- a/src/chrome/content/rules/Beltelecom.by.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--(www.)? refused
-get. refused
-historycenter. refused
-166. refused
-sms. timed outa
-gh1.dc. timed out
-ciscowifi. timed out
-minsk.historycenter. refused-->
-<ruleset name="Beltelecom.by (partial)">
-	<target host="issa.beltelecom.by" />
-	<target host="interopros.beltelecom.by" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BendigoBank.xml b/src/chrome/content/rules/BendigoBank.xml
index 506df7fc09da..22e5612aaae3 100644
--- a/src/chrome/content/rules/BendigoBank.xml
+++ b/src/chrome/content/rules/BendigoBank.xml
@@ -1,9 +1,11 @@
 <ruleset name="Bendigo Bank">
   <target host="bendigobank.com.au" />
-  <target host="*.bendigobank.com.au" />
+  <target host="edroom.bendigobank.com.au" />
+  <target host="m.bendigobank.com.au" />
+  <target host="shop.bendigobank.com.au" />
+  <target host="www.bendigobank.com.au" />
 
   <rule from="^http://bendigobank\.com\.au/"
           to="https://www.bendigobank.com.au/" />
-  <rule from="^http://(edroom|m|shop|www)\.bendigobank\.com\.au/"
-          to="https://$1.bendigobank.com.au/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Benefit.nl.xml b/src/chrome/content/rules/Benefit.nl.xml
deleted file mode 100644
index b8dcdbf6a643..000000000000
--- a/src/chrome/content/rules/Benefit.nl.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.benefit.nl
-
--->
-<ruleset name="Benefit.nl">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="benefit.nl" />
-	<target host="www.benefit.nl" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.benefit\.nl$" name="^sid$" /-->
-
-	<securecookie host="^www\.benefit\.nl$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Benefitsweb.com.xml b/src/chrome/content/rules/Benefitsweb.com.xml
index 898ea4c86191..73f219507472 100644
--- a/src/chrome/content/rules/Benefitsweb.com.xml
+++ b/src/chrome/content/rules/Benefitsweb.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="benefitsweb.com" platform="mixedcontent">
 
 	<target host="benefitsweb.com" />
-	<target host="*.benefitsweb.com" />
+	<target host="www.benefitsweb.com" />
 
 
 	<securecookie host="^(?:www)?\.benefitsweb\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?benefitsweb\.com/"
 		to="https://www.benefitsweb.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Benetech.xml b/src/chrome/content/rules/Benetech.xml
index 193ad7b5e048..47caa49bb050 100644
--- a/src/chrome/content/rules/Benetech.xml
+++ b/src/chrome/content/rules/Benetech.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bennetts.xml b/src/chrome/content/rules/Bennetts.xml
index 3287cd3969d2..dff421e9471d 100644
--- a/src/chrome/content/rules/Bennetts.xml
+++ b/src/chrome/content/rules/Bennetts.xml
@@ -8,7 +8,9 @@ Fetch error: http://bennetts.co.uk/ => http://bennetts.co.uk/: Redirect for 'htt
 <ruleset name="Bennetts (partial)">
 
 	<target host="bennetts.co.uk" />
-	<target host="*.bennetts.co.uk" />
+	<target host="www.bennetts.co.uk" />
+	<target host="classifieds.bennetts.co.uk" />
+	<target host="quotes.bennetts.co.uk" />
 
 
 	<securecookie host="^\.?quotes\.bennets\.co\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/Bentley_University.xml b/src/chrome/content/rules/Bentley_University.xml
deleted file mode 100644
index 750280c83777..000000000000
--- a/src/chrome/content/rules/Bentley_University.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Bentley University (partial)">
-
-	<target host="bentley.edu" />
-	<target host="*.bentley.edu" />
-		<exclusion pattern="^http://(?:www\.)?bentley\.edu/(?!favicon\.ico|files/|sites/)" />
-
-
-	<securecookie host="^\.secureforms\.bentley\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:secureforms|www)\.)?bentley\.edu/"
-		to="https://$1bentley.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bepo.fr.xml b/src/chrome/content/rules/Bepo.fr.xml
new file mode 100644
index 000000000000..67e684149450
--- /dev/null
+++ b/src/chrome/content/rules/Bepo.fr.xml
@@ -0,0 +1,15 @@
+<!--
+	Refused:
+		- dactylotest
+
+	Self-signed:
+		- www.dactylotest
+-->
+<ruleset name="Bepo.fr">
+	<target host="bepo.fr" />
+	<target host="www.bepo.fr" />
+	<target host="forum.bepo.fr" />
+	<target host="www.forum.bepo.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Berkshire-Hathaway.xml b/src/chrome/content/rules/Berkshire-Hathaway.xml
index 820df0a4405a..1b481905b1a9 100644
--- a/src/chrome/content/rules/Berkshire-Hathaway.xml
+++ b/src/chrome/content/rules/Berkshire-Hathaway.xml
@@ -5,12 +5,12 @@
 
 	<target host="businesswire.com"/>
 	<target host="*.businesswire.com"/>
-	
+
 	<test url="http://connect.businesswire.com/" />
 	<test url="http://secure.businesswire.com/" />
 	<test url="http://mms.businesswire.com/" />
-	
-	
+
+
 	<test url="http://www.businesswire.com/css/style.css" />
 	<test url="http://www.businesswire.com/images/bwlogo_extreme.png" />
 	<test url="http://www.businesswire.com/images/home/feature_smp_01.jpg" />
diff --git a/src/chrome/content/rules/BerliOS.de.xml b/src/chrome/content/rules/BerliOS.de.xml
deleted file mode 100644
index 93fa998a181f..000000000000
--- a/src/chrome/content/rules/BerliOS.de.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="BerliOS" default_off="mismatched">
-
-	<target host="www.berlios.de" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Berlin-Airport.de.xml b/src/chrome/content/rules/Berlin-Airport.de.xml
index 4217f7c4c25f..603087b8f476 100644
--- a/src/chrome/content/rules/Berlin-Airport.de.xml
+++ b/src/chrome/content/rules/Berlin-Airport.de.xml
@@ -6,7 +6,7 @@ Fetch error: http://berlin-airport.de/ => https://www.berlin-airport.de/: Too ma
 Disabled by https-everywhere-checker because:
 Fetch error: http://berlin-airport.de/ => https://www.berlin-airport.de/: Redirect for 'http://www.berlin-airport.de/' missing Location
 -->
-<ruleset name="Berlin Airport" default_off='failed ruleset test'>
+<ruleset name="Berlin Airport" default_off="failed ruleset test">
     <target host="berlin-airport.de" />
     <target host="*.berlin-airport.de" />
 
diff --git a/src/chrome/content/rules/Berliner-Zeitung.de.xml b/src/chrome/content/rules/Berliner-Zeitung.de.xml
new file mode 100644
index 000000000000..59f939d1a6fb
--- /dev/null
+++ b/src/chrome/content/rules/Berliner-Zeitung.de.xml
@@ -0,0 +1,65 @@
+<!--
+	Invalid certificate:
+		030.berliner-zeitung.de
+		abinizoellner.berliner-zeitung.de
+		boerse.berliner-zeitung.de
+		farmerama.berliner-zeitung.de
+		ipadapp.berliner-zeitung.de
+		maltewelding.berliner-zeitung.de
+		mannekenpis.berliner-zeitung.de
+		mauerfall.berliner-zeitung.de
+		pobplog.berliner-zeitung.de
+		stg.service.berliner-zeitung.de
+		tippspiel.berliner-zeitung.de
+		video.berliner-zeitung.de
+		wm-tippspiel.berliner-zeitung.de
+		www3.berliner-zeitung.de
+
+	Refused:
+		shop.berliner-zeitung.de
+		m.shop.berliner-zeitung.de
+		sporttabellen.berliner-zeitung.de
+
+	Timeout:
+		abo.berliner-zeitung.de
+		abo-shop.berliner-zeitung.de
+		ac.berliner-zeitung.de
+		app.berliner-zeitung.de
+		bar.berliner-zeitung.de
+		golf.berliner-zeitung.de
+		mp.berliner-zeitung.de
+		tvprogramm.berliner-zeitung.de
+-->
+<ruleset name="Berliner-Zeitung.de">
+
+	<target host="berliner-zeitung.de" />
+	<target host="www.berliner-zeitung.de" />
+	<target host="aboshop.berliner-zeitung.de" />
+	<target host="test.aboshop.berliner-zeitung.de" />
+	<target host="amp.berliner-zeitung.de" />
+	<target host="archiv.berliner-zeitung.de" />
+	<target host="biallo.berliner-zeitung.de" />
+	<target host="consent.berliner-zeitung.de" />
+	<target host="epages.berliner-zeitung.de" />
+	<target host="fbia.berliner-zeitung.de" />
+	<target host="gruss-vom-bosporus.berliner-zeitung.de" />
+	<target host="horoskope.berliner-zeitung.de" />
+	<target host="leogutsch.berliner-zeitung.de" />
+	<target host="leserreisen.berliner-zeitung.de" />
+	<target host="login.berliner-zeitung.de" />
+	<target host="lp.berliner-zeitung.de" />
+	<target host="mms.berliner-zeitung.de" />
+	<target host="mobil.berliner-zeitung.de" />
+	<target host="mobil-archiv.berliner-zeitung.de" />
+	<target host="service.berliner-zeitung.de" />
+	<target host="static.berliner-zeitung.de" />
+	<target host="story.berliner-zeitung.de" />
+	<target host="track.berliner-zeitung.de" />
+	<target host="wahlomat.berliner-zeitung.de" />
+	<target host="wetter.berliner-zeitung.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bernal_Bucks.xml b/src/chrome/content/rules/Bernal_Bucks.xml
index 927073997ce9..5f5de36af62a 100644
--- a/src/chrome/content/rules/Bernal_Bucks.xml
+++ b/src/chrome/content/rules/Bernal_Bucks.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bernard_Hodes_Group.xml b/src/chrome/content/rules/Bernard_Hodes_Group.xml
index f4cb33dafacc..e0cd0428f86e 100644
--- a/src/chrome/content/rules/Bernard_Hodes_Group.xml
+++ b/src/chrome/content/rules/Bernard_Hodes_Group.xml
@@ -10,7 +10,7 @@ Fetch error: http://jobmatcher.hodesiq.com/ => https://jobmatcher.hodesiq.com/:
 		- (www.)hodes.co.uk	(times out)
 
 -->
-<ruleset name="Bernard Hodes Group (partial)" default_off='failed ruleset test'>
+<ruleset name="Bernard Hodes Group (partial)" default_off="failed ruleset test">
 
 	<target host="*.sc.hodesdigital.com" />
 	<target host="jobmatcher.hodesiq.com" />
@@ -25,4 +25,4 @@ Fetch error: http://jobmatcher.hodesiq.com/ => https://jobmatcher.hodesiq.com/:
 	<rule from="^http://jobmatcher\.hodesiq\.com/"
 		to="https://jobmatcher.hodesiq.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Best-Buy.xml b/src/chrome/content/rules/Best-Buy.xml
index 9ffeaec925d8..bbd9ad2e1f42 100644
--- a/src/chrome/content/rules/Best-Buy.xml
+++ b/src/chrome/content/rules/Best-Buy.xml
@@ -14,7 +14,9 @@
 <ruleset name="Best Buy (partial)">
 
 	<target host="bestbuy.ugc.bazaarvoice.com" />
-	<target host="*.bestbuy.com" />
+	<target host="www-ssl.bestbuy.com" />
+	<target host="images.bestbuy.com" />
+	<target host="images-ssl.bestbuy.com" />
 		<!--
 			Avoid user-visible paths:
 							-->
@@ -24,15 +26,12 @@
 	<securecookie host="^www-ssl\.bestbuy\.com$" name=".+" />
 
 
-	<rule from="^http://bestbuy\.ugc\.bazaarvoice\.com/"
-		to="https://bestbuy.ugc.bazaarvoice.com/" />
 
-	<rule from="^http://www-ssl\.bestbuy\.com/"
-		to="https://www-ssl.bestbuy.com/" />
 
 	<!--	images: Akamai
 				-->
 	<rule from="^http://images(?:-ssl)?\.bestbuy\.com/"
 		to="https://images-ssl.bestbuy.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BestOfferBuy.com.xml b/src/chrome/content/rules/BestOfferBuy.com.xml
index 312085a31cec..d9591d70383c 100644
--- a/src/chrome/content/rules/BestOfferBuy.com.xml
+++ b/src/chrome/content/rules/BestOfferBuy.com.xml
@@ -8,10 +8,10 @@ Fetch error: http://bestofferbuy.com/ => https://www.bestofferbuy.com/: (60, 'SS
 	^: cert only matches www
 
 -->
-<ruleset name="BestOfferBuy.com" default_off='failed ruleset test'>
+<ruleset name="BestOfferBuy.com" default_off="failed ruleset test">
 
 	<target host="bestofferbuy.com" />
-	<target host="*.bestofferbuy.com" />
+	<target host="www.bestofferbuy.com" />
 
 
 	<securecookie host="^\.(?:www\.)?bestofferbuy\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Bestcovery.com.xml b/src/chrome/content/rules/Bestcovery.com.xml
index 86429e59259d..1cbea82868ba 100644
--- a/src/chrome/content/rules/Bestcovery.com.xml
+++ b/src/chrome/content/rules/Bestcovery.com.xml
@@ -34,7 +34,14 @@
 <ruleset name="Bestcovery.com (partial)">
 
 	<target host="bestcovery.com" />
-	<target host="*.bestcovery.com" />
+	<target host="www.bestcovery.com" />
+	<target host="cdn.bestcovery.com" />
+	<target host="cdn1.bestcovery.com" />
+	<target host="cdn2.bestcovery.com" />
+	<target host="cdn3.bestcovery.com" />
+	<target host="cdn4.bestcovery.com" />
+	<target host="cdn5.bestcovery.com" />
+	<target host="cdn6.bestcovery.com" />
 
 
 	<!--	Tracking cookies:
@@ -48,4 +55,4 @@
 	<rule from="^http://cdn[1-6]?\.bestcovery\.com/"
 		to="https://d20no9q7bar3sq.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bet555.xml b/src/chrome/content/rules/Bet555.xml
deleted file mode 100644
index 5e79190875b1..000000000000
--- a/src/chrome/content/rules/Bet555.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Bet555">
-
-	<target host="bet555.eu" />
-	<target host="www.bet555.eu" />
-
-
-	<securecookie host="^(?:w*\.)?bet555\.eu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BetCoin.tm.xml b/src/chrome/content/rules/BetCoin.tm.xml
index 9ed5df87d806..a07e744b265c 100644
--- a/src/chrome/content/rules/BetCoin.tm.xml
+++ b/src/chrome/content/rules/BetCoin.tm.xml
@@ -10,7 +10,7 @@ Fetch error: http://luck.betcoin.tm/ => https://luck.betcoin.tm/: (6, 'Could not
 		- www.betcoin.tm
 
 -->
-<ruleset name="BetCoin.tm" default_off='failed ruleset test'>
+<ruleset name="BetCoin.tm" default_off="failed ruleset test">
 
 	<target host="betcoin.tm" />
 	<target host="luck.betcoin.tm" />
diff --git a/src/chrome/content/rules/Beta-and-Cie.xml b/src/chrome/content/rules/Beta-and-Cie.xml
index 9280add583f8..f33e76113cbd 100644
--- a/src/chrome/content/rules/Beta-and-Cie.xml
+++ b/src/chrome/content/rules/Beta-and-Cie.xml
@@ -19,7 +19,7 @@ Fetch error: http://cdn.betacie.net/ => https://cdn.betacie.net/: (51, "SSL: no
 		cdn.betacie.com		(cert: betaci.net)
 		img.tweetimg.se		(CDNetworks)
 -->
-<ruleset name="Beta &amp; Cie (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Beta &amp; Cie (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="cdn.betacie.com"/>
 	<target host="cdn.betacie.net"/>
diff --git a/src/chrome/content/rules/Betanews.xml b/src/chrome/content/rules/Betanews.xml
deleted file mode 100644
index 37316dfdb7d4..000000000000
--- a/src/chrome/content/rules/Betanews.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Betanews (partial)">
-	<target host="store.fileforum.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bethsoft.com.xml b/src/chrome/content/rules/Bethsoft.com.xml
index 2246b8124152..6e236423d315 100644
--- a/src/chrome/content/rules/Bethsoft.com.xml
+++ b/src/chrome/content/rules/Bethsoft.com.xml
@@ -15,7 +15,7 @@
 			- forums from static.zenimax.com *
 
 
-	* Secured by us 
+	* Secured by us
 
 	Mixed content (secured in Bethsoft.com-falsemixed.xml):
 		adam.bethsoft.com
@@ -66,7 +66,7 @@
 	<target host="playtest.bethsoft.com" />
 	<target host="press.bethsoft.com" />
 	<target host="store.bethsoft.com" />
-		
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/BetterCGI.com.xml b/src/chrome/content/rules/BetterCGI.com.xml
deleted file mode 100644
index 52b0305c5c0f..000000000000
--- a/src/chrome/content/rules/BetterCGI.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="BetterCGI.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bettercgi.com" />
-	<target host="www.bettercgi.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BetterFap.com.xml b/src/chrome/content/rules/BetterFap.com.xml
index d3c67f820d28..5437885e63a4 100644
--- a/src/chrome/content/rules/BetterFap.com.xml
+++ b/src/chrome/content/rules/BetterFap.com.xml
@@ -13,4 +13,4 @@
 		<test url="http://thumb.betterfap.com/BF%20Rank.png"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Better_Sales.se.xml b/src/chrome/content/rules/Better_Sales.se.xml
index 16bf8c5007df..d5886925f570 100644
--- a/src/chrome/content/rules/Better_Sales.se.xml
+++ b/src/chrome/content/rules/Better_Sales.se.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?bettersales\.se/"
 		to="https://bettersales.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bettershopping.eu.xml b/src/chrome/content/rules/Bettershopping.eu.xml
deleted file mode 100644
index 3420031d5684..000000000000
--- a/src/chrome/content/rules/Bettershopping.eu.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bettershopping.eu">
-  <target host="bettershopping.eu" />
-  <target host="www.bettershopping.eu" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Betts.xml b/src/chrome/content/rules/Betts.xml
index 119d463f9cae..81b2f4dbaf8c 100644
--- a/src/chrome/content/rules/Betts.xml
+++ b/src/chrome/content/rules/Betts.xml
@@ -5,10 +5,10 @@ Fetch error: http://betts.com.au/ => https://betts.com.au/: (51, "SSL: no altern
 Fetch error: http://www.betts.com.au/ => https://www.betts.com.au/: Too many redirects while fetching 'https://www.betts.com.au/'
 
 -->
-<ruleset name="Betts" default_off='failed ruleset test'>
+<ruleset name="Betts" default_off="failed ruleset test">
 	<target host="betts.com.au" />
 	<target host="www.betts.com.au" />
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Beuc.net.xml b/src/chrome/content/rules/Beuc.net.xml
new file mode 100644
index 000000000000..e032046751ca
--- /dev/null
+++ b/src/chrome/content/rules/Beuc.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="Beuc.net">
+	<target host="beuc.net" />
+	<target host="www.beuc.net" />
+	<target host="android-rebuilds.beuc.net" />
+	<target host="blog.beuc.net" />
+	<target host="dink-translation.beuc.net" />
+	<target host="renpy.beuc.net" />
+	<target host="sdl.beuc.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bezeq_International.xml b/src/chrome/content/rules/Bezeq_International.xml
index d0d2d62deeee..0e16cc2ff1dd 100644
--- a/src/chrome/content/rules/Bezeq_International.xml
+++ b/src/chrome/content/rules/Bezeq_International.xml
@@ -28,7 +28,7 @@ Fetch error: http://newchat.bezeqint.net/ => https://newchat.bezeqint.net/: (6,
 		- www.bezeqint.net
 
 -->
-<ruleset name="BezeqInt.net (partial)" default_off='failed ruleset test'>
+<ruleset name="BezeqInt.net (partial)" default_off="failed ruleset test">
 
 	<target host="bezeqint.net" />
 	<target host="bcontrol.bezeqint.net" />
diff --git a/src/chrome/content/rules/Bezos_Expeditions.xml b/src/chrome/content/rules/Bezos_Expeditions.xml
index a16cd35bf19a..36e8653e1070 100644
--- a/src/chrome/content/rules/Bezos_Expeditions.xml
+++ b/src/chrome/content/rules/Bezos_Expeditions.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.bezosexpeditions.com/ => https://www.bezosexpeditions.co
 	!www doesn't work.
 
 -->
-<ruleset name="Bezos Expeditions" default_off='failed ruleset test'>
+<ruleset name="Bezos Expeditions" default_off="failed ruleset test">
 
 	<target host="bezosexpeditions.com" />
 	<target host="www.bezosexpeditions.com" />
diff --git a/src/chrome/content/rules/BfArM.de.xml b/src/chrome/content/rules/BfArM.de.xml
new file mode 100644
index 000000000000..523bdc31f52c
--- /dev/null
+++ b/src/chrome/content/rules/BfArM.de.xml
@@ -0,0 +1,31 @@
+<!--
+	Federal Institute for Drugs and Medical Devices
+
+	Refused:
+		bfarm-connect2.bfarm.de
+
+	Timeout:
+		nebenwirkung.bfarm.de
+		shuttle.bfarm.de
+		smail.bfarm.de
+
+	Unable to get local issuer certificate:
+		bfarm-connect.bfarm.de
+-->
+<ruleset name="BfArM.de">
+
+	<target host="www.bfarm.de" />
+	<target host="awbdb.bfarm.de" />
+	<target host="customer-survey.bfarm.de" />
+	<target host="mail.bfarm.de" />
+	<target host="paracelsus.bfarm.de" />
+	<target host="extranet.public.bfarm.de" />
+	<target host="webapps.public.bfarm.de" />
+	<target host="servicedesk.bfarm.de" />
+	<target host="www2.bfarm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BfDI.bund.de.xml b/src/chrome/content/rules/BfDI.bund.de.xml
new file mode 100644
index 000000000000..deb4d88c8376
--- /dev/null
+++ b/src/chrome/content/rules/BfDI.bund.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Timeout:
+		info
+		service
+-->
+<ruleset name="BfDI.bund.de">
+	<!-- Federal Commissioner for Data Protection and Freedom of Information -->
+
+	<target host="bfdi.bund.de" />
+	<target host="www.bfdi.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BfR.bund.de.xml b/src/chrome/content/rules/BfR.bund.de.xml
new file mode 100644
index 000000000000..044f1e3d5b18
--- /dev/null
+++ b/src/chrome/content/rules/BfR.bund.de.xml
@@ -0,0 +1,41 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+
+	Invalid certificate:
+		- evaluation.bfr.bund.de
+		- mobil.bfr.bund.de
+		- www.mobil.bfr.bund.de
+
+	Refused:
+		- shiny.bfr.bund.de
+
+	Timeout:
+		- ns.bfr.bund.de
+
+	Unable to get local issuer certificate:
+		- webservice.bfr.bund.de
+-->
+<ruleset name="BfR.bund.de">
+
+	<target host="bfr.bund.de" />
+	<target host="www.bfr.bund.de" />
+	<target host="app-vergiftungen.bfr.bund.de" />
+	<target host="apps.bfr.bund.de" />
+	<target host="datasync.bfr.bund.de" />
+	<target host="download.bfr.bund.de" />
+	<target host="foodrisklabs.bfr.bund.de" />
+	<target host="liquidtabs.bfr.bund.de" />
+	<target host="silebat.bfr.bund.de" />
+	<target host="softlabs.bfr.bund.de" />
+	<target host="webmail.bfr.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bfr.bund.de/,
+	http://bfr.bund.de/ redirects to http://www.bfr.bund.de/ -->
+	<rule from="^http://bfr\.bund\.de/"
+		to="https://www.bfr.bund.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bgm.tv.xml b/src/chrome/content/rules/Bgm.tv.xml
index 33b567f3ff18..d8fbef93bdfb 100644
--- a/src/chrome/content/rules/Bgm.tv.xml
+++ b/src/chrome/content/rules/Bgm.tv.xml
@@ -1,9 +1,18 @@
+<!--
+	Mismatch:
+		doujin.chii.in
+		doujin.bangumi.tv
+-->
 <ruleset name="Bgm.tv">
+	<target host="bangumi.tv" />
+	<target host="www.bangumi.tv" />
 	<target host="bgm.tv" />
 	<target host="www.bgm.tv" />
 	<target host="doujin.bgm.tv" />
 	<target host="lain.bgm.tv" />
 	<target host="navi.bgm.tv" />
+	<target host="chii.in" />
+	<target host="www.chii.in" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Bhiab.se.xml b/src/chrome/content/rules/Bhiab.se.xml
deleted file mode 100644
index 0bb997c9db93..000000000000
--- a/src/chrome/content/rules/Bhiab.se.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bhiab.se">
-  <target host="www.bhiab.se" />
-  <target host="bhiab.se" />
-  <rule from="^http:" to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/BiB.bund.de.xml b/src/chrome/content/rules/BiB.bund.de.xml
new file mode 100644
index 000000000000..c423e07fb595
--- /dev/null
+++ b/src/chrome/content/rules/BiB.bund.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BiB.bund.de">
+	<!-- Federal Institute for Population Research -->
+
+	<target host="bib.bund.de" />
+	<target host="www.bib.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Biapy.fr.xml b/src/chrome/content/rules/Biapy.fr.xml
index 2d7ffc46e806..6f5221dcb2aa 100644
--- a/src/chrome/content/rules/Biapy.fr.xml
+++ b/src/chrome/content/rules/Biapy.fr.xml
@@ -23,7 +23,7 @@ Fetch error: http://biapy.fr/ => https://biapy.fr/: (51, "SSL: no alternative ce
 	* Secured by us
 
 -->
-<ruleset name="Biapy.fr" default_off='failed ruleset test'>
+<ruleset name="Biapy.fr" default_off="failed ruleset test">
 
 	<target host="biapy.fr" />
 	<target host="piwik.biapy.fr" />
diff --git a/src/chrome/content/rules/Bibbitec.xml b/src/chrome/content/rules/Bibbitec.xml
index a4e218c417bf..51d5339982a3 100644
--- a/src/chrome/content/rules/Bibbitec.xml
+++ b/src/chrome/content/rules/Bibbitec.xml
@@ -5,7 +5,7 @@ Fetch error: http://bibbitec.com/ => https://bibbitec.com/: (28, 'Connection tim
 Fetch error: http://www.bibbitec.com/ => https://www.bibbitec.com/: (28, 'Connection timed out after 20008 milliseconds')
 
 -->
-<ruleset name="bibbitec" default_off='failed ruleset test'>
+<ruleset name="bibbitec" default_off="failed ruleset test">
 
 	<target host="bibbitec.com" />
 	<target host="www.bibbitec.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.bibbitec.com/ => https://www.bibbitec.com/: (28, 'Connec
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bible.com.xml b/src/chrome/content/rules/Bible.com.xml
new file mode 100644
index 000000000000..e1dd6575262d
--- /dev/null
+++ b/src/chrome/content/rules/Bible.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- share.bible.com
+
+		SSL peer certificate was not OK:
+		- free.bible.com
+-->
+<ruleset name="Bible.com">
+	<target host="bible.com" />
+	<target host="www.bible.com" />
+	<target host="app.bible.com" />
+	<target host="events.bible.com" />
+	<target host="nodejs.bible.com" />
+	<test url="http://nodejs.bible.com/assets/style.main.4e4c1183999a10efd085c69bc1cf27d0.css" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BibleSociety.co.za.xml b/src/chrome/content/rules/BibleSociety.co.za.xml
new file mode 100644
index 000000000000..25276761b305
--- /dev/null
+++ b/src/chrome/content/rules/BibleSociety.co.za.xml
@@ -0,0 +1,6 @@
+<ruleset name="BibleSociety.co.za" platform="mixedcontent">
+	<target host="biblesociety.co.za" />
+	<target host="www.biblesociety.co.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BidBubble.com.xml b/src/chrome/content/rules/BidBubble.com.xml
index 9503fead44f3..5faa856fc4f9 100644
--- a/src/chrome/content/rules/BidBubble.com.xml
+++ b/src/chrome/content/rules/BidBubble.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://bidbubble.com/ => https://bidbubble.com/: (51, "SSL: no alte
 	* Secured by us
 
 -->
-<ruleset name="BidBubble.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="BidBubble.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="bidbubble.com" />
 	<target host="nz.bidbubble.com" />
diff --git a/src/chrome/content/rules/Biddeal.xml b/src/chrome/content/rules/Biddeal.xml
index 0292a12f9eef..1fa27895b08a 100644
--- a/src/chrome/content/rules/Biddeal.xml
+++ b/src/chrome/content/rules/Biddeal.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.biddeal.com/ => https://www.biddeal.com/: (60, 'SSL cert
 	^biddeal.com redirects to notset.com over http
 
 -->
-<ruleset name="Biddeal" default_off='failed ruleset test'>
+<ruleset name="Biddeal" default_off="failed ruleset test">
 
 	<target host="www.biddeal.com" />
 
@@ -16,4 +16,4 @@ Fetch error: http://www.biddeal.com/ => https://www.biddeal.com/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bidtellect.com.xml b/src/chrome/content/rules/Bidtellect.com.xml
index bff4c36b7124..0f2bfef1570a 100644
--- a/src/chrome/content/rules/Bidtellect.com.xml
+++ b/src/chrome/content/rules/Bidtellect.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://bidtellect.com/ => https://bidtellect.com/: (7, 'Failed to c
 	ˢ Secured by us
 
 -->
-<ruleset name="Bidtellect.com" default_off='failed ruleset test'>
+<ruleset name="Bidtellect.com" default_off="failed ruleset test">
 
 	<target host="bidtellect.com" />
 	<target host="dsp.bidtellect.com" />
diff --git a/src/chrome/content/rules/Big-Cartel.xml b/src/chrome/content/rules/Big-Cartel.xml
deleted file mode 100644
index c6ca64b0e7a1..000000000000
--- a/src/chrome/content/rules/Big-Cartel.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	CDN buckets:
-		- d3m7eij7f8iwln.cloudfront.net
-			- cache[01].bigcartel.com
-
-
-	Nonfunctional subdomains:
-		- shop			(redirects to http)
-		- status		(hostname mismatch, CN: *.statuspage.io, statuspage.io)
-		- personal stores	(redirects to http, e.g. joancornella, kycvintage)
-
-	Fully covered subdomains:
-		- www
-		- blog
-		- help
-		- my
-		- cache[01]
-
--->
-<ruleset name="Big Cartel (partial)">
-	<target host=       "bigcartel.com" />
-	<target host=   "www.bigcartel.com" />
-	<target host=  "blog.bigcartel.com" />
-	<target host=  "help.bigcartel.com" />
-	<target host=    "my.bigcartel.com" />
-	<target host="cache0.bigcartel.com" />
-	<target host="cache1.bigcartel.com" />
-
-	<rule from="^http://cache[01]\.bigcartel\.com/"
-		to="https://d3m7eij7f8iwln.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Big-Change.xml b/src/chrome/content/rules/Big-Change.xml
index b505d4268526..c12aaf230b52 100644
--- a/src/chrome/content/rules/Big-Change.xml
+++ b/src/chrome/content/rules/Big-Change.xml
@@ -3,7 +3,7 @@
 	<target host="bigchangeuk.co.uk" />
 	<target host="www.bigchangeuk.co.uk" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 
 
 	<securecookie host="^\.bigchangeuk\.co\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/BigCartel.com.xml b/src/chrome/content/rules/BigCartel.com.xml
new file mode 100644
index 000000000000..b017f64dfd67
--- /dev/null
+++ b/src/chrome/content/rules/BigCartel.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="BigCartel.com">
+
+	<target host="bigcartel.com" />
+	<target host="*.bigcartel.com" />
+	
+		<test url="http://www.bigcartel.com/" />
+		<test url="http://blog.bigcartel.com/" />
+		<test url="http://status.bigcartel.com/" />
+	
+		<exclusion pattern="^http://shop\.bigcartel\.com/" />
+			<test url="http://shop.bigcartel.com/" />
+	
+		<!-- Each user gets its own subdomain -->
+		<test url="http://josearoda.bigcartel.com/" />
+		<test url="http://marcmartin.bigcartel.com/" />
+		<test url="http://palaeoiris.bigcartel.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BigHugeLabs.xml b/src/chrome/content/rules/BigHugeLabs.xml
index 7dad49cd1a0e..4dc9a38d6488 100644
--- a/src/chrome/content/rules/BigHugeLabs.xml
+++ b/src/chrome/content/rules/BigHugeLabs.xml
@@ -5,7 +5,7 @@
 <ruleset name="BigHugeLabs">
 
 	<target host="bighugelabs.com" />
-	<target host="*.bighugelabs.com" />
+	<target host="www.bighugelabs.com" />
 
 
 	<securecookie host="^\.bighugelabs\.com$" name=".+" />
diff --git a/src/chrome/content/rules/BigV.io.xml b/src/chrome/content/rules/BigV.io.xml
index 5881b0fc762c..23957a698444 100644
--- a/src/chrome/content/rules/BigV.io.xml
+++ b/src/chrome/content/rules/BigV.io.xml
@@ -6,7 +6,7 @@ Fetch error: http://manager.bigv.io/ => https://manager.bigv.io/: (7, 'Failed to
 	For other Bytemark Hosting coverage, see Bytemark.co.uk.xml.
 
 -->
-<ruleset name="BigV.io" default_off='failed ruleset test'>
+<ruleset name="BigV.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Big_Brother_Watch.xml b/src/chrome/content/rules/Big_Brother_Watch.xml
index 8d674f0c7bb2..3d3e6abdac7a 100644
--- a/src/chrome/content/rules/Big_Brother_Watch.xml
+++ b/src/chrome/content/rules/Big_Brother_Watch.xml
@@ -12,7 +12,7 @@
 <ruleset name="Big Brother Watch.org.uk">
 
 	<target host="bigbrotherwatch.org.uk" />
-	<target host="*.bigbrotherwatch.org.uk" />
+	<target host="www.bigbrotherwatch.org.uk" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Biggest_Loser_Club.com.xml b/src/chrome/content/rules/Biggest_Loser_Club.com.xml
index 3695767d48aa..0ec06dc5d92d 100644
--- a/src/chrome/content/rules/Biggest_Loser_Club.com.xml
+++ b/src/chrome/content/rules/Biggest_Loser_Club.com.xml
@@ -6,10 +6,10 @@ Fetch error: http://biggestloserclub.com/ => https://www.biggestloserclub.com/:
 	^: refused
 
 -->
-<ruleset name="Biggest Loser Club.com" default_off='failed ruleset test'>
+<ruleset name="Biggest Loser Club.com" default_off="failed ruleset test">
 
 	<target host="biggestloserclub.com" />
-	<target host="*.biggestloserclub.com" />
+	<target host="www.biggestloserclub.com" />
 
 
 	<securecookie host="^[.w]*\.biggestloserclub\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Bigjocker.com.xml b/src/chrome/content/rules/Bigjocker.com.xml
index 9efeaed5e6d1..715a2bed9ff9 100644
--- a/src/chrome/content/rules/Bigjocker.com.xml
+++ b/src/chrome/content/rules/Bigjocker.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://bigjocker.com/ => https://bigjocker.com/: (35, 'error:140770
 Fetch error: http://www.bigjocker.com/ => https://www.bigjocker.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 
 -->
-<ruleset name="bigjocker.com" default_off='failed ruleset test'>
+<ruleset name="bigjocker.com" default_off="failed ruleset test">
 
 	<target host="bigjocker.com" />
 	<target host="www.bigjocker.com" />
diff --git a/src/chrome/content/rules/Bigmir.net-falsemixed.xml b/src/chrome/content/rules/Bigmir.net-falsemixed.xml
index cbff8e65f734..306449b5b62e 100644
--- a/src/chrome/content/rules/Bigmir.net-falsemixed.xml
+++ b/src/chrome/content/rules/Bigmir.net-falsemixed.xml
@@ -22,13 +22,23 @@
 -->
 <ruleset name="bigmir.net (false MCB)" platform="mixedcontent">
 
-	<target host="*.bigmir.net" />
-
-
-	<securecookie host="^\.bigmir\.net$" name=".+" />
-
-
-	<rule from="^http://(antivirus|auto|cards|dnevnik|games|goroskop|info|mail|map|perevod|photo|search|sport|top)\.bigmir\.net/"
-		to="https://$1.bigmir.net/" />
+	<!--target host="antivirus.bigmir.net" /-->
+	<target host="auto.bigmir.net" />
+	<!--target host="cards.bigmir.net" /-->
+	<!--target host="dnevnik.bigmir.net" /-->
+	<!--target host="games.bigmir.net" /-->
+	<!--target host="goroskop.bigmir.net" /-->
+	<!--target host="info.bigmir.net" /-->
+	<target host="mail.bigmir.net" />
+	<!--target host="map.bigmir.net" /-->
+	<!--target host="perevod.bigmir.net" /-->
+	<!--target host="photo.bigmir.net" /-->
+	<!--target host="search.bigmir.net" /-->
+	<target host="sport.bigmir.net" />
+	<!--target host="top.bigmir.net" /-->
+
+
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bigmirnet.xml b/src/chrome/content/rules/Bigmirnet.xml
index 2929e459dc76..b48b34056a53 100644
--- a/src/chrome/content/rules/Bigmirnet.xml
+++ b/src/chrome/content/rules/Bigmirnet.xml
@@ -109,7 +109,7 @@ Fetch error: http://s.bigmir.net/ => https://s.bigmir.net/: (7, 'Failed to conne
 	⁵ Unsecurable <= reset
 
 -->
-<ruleset name="bigmir.net (partial)" default_off='failed ruleset test'>
+<ruleset name="bigmir.net (partial)" default_off="failed ruleset test">
 
 	<target host="i.bigmir.net" />
 	<target host="id.bigmir.net" />
diff --git a/src/chrome/content/rules/Bigstock.xml b/src/chrome/content/rules/Bigstock.xml
index a452615061f6..21b9a0e2400f 100644
--- a/src/chrome/content/rules/Bigstock.xml
+++ b/src/chrome/content/rules/Bigstock.xml
@@ -21,7 +21,7 @@
 		static6.bigstockphoto.com
 			<test url="http://static6.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
 		static7.bigstockphoto.com
-			<test url="http://static7.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />	
+			<test url="http://static7.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
 		static8.bigstockphoto.com
 			<test url="http://static8.bigstockphoto.com/thumbs/7/6/1/large1500/16724738.jpg" />
 		static9.bigstockphoto.com
diff --git a/src/chrome/content/rules/Biicode.com.xml b/src/chrome/content/rules/Biicode.com.xml
index e6bebb3e5f49..9be480f5df34 100644
--- a/src/chrome/content/rules/Biicode.com.xml
+++ b/src/chrome/content/rules/Biicode.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.biicode.com/ => https://www.biicode.com/: (28, 'Connecti
 	^: Refused
 
 -->
-<ruleset name="Biicode.com" default_off='failed ruleset test'>
+<ruleset name="Biicode.com" default_off="failed ruleset test">
 
 	<target host="biicode.com" />
 	<target host="www.biicode.com" />
diff --git a/src/chrome/content/rules/Bikeji.com.xml b/src/chrome/content/rules/Bikeji.com.xml
index 8d4e13eb2ef6..0a6dd5888c84 100644
--- a/src/chrome/content/rules/Bikeji.com.xml
+++ b/src/chrome/content/rules/Bikeji.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://bikeji.com/ => https://bikeji.com/: (7, 'Failed to connect t
 Fetch error: http://www.bikeji.com/ => https://www.bikeji.com/: (7, 'Failed to connect to www.bikeji.com port 443: Connection refused')
 
 -->
-<ruleset name="bikeji.com" default_off='failed ruleset test'>
+<ruleset name="bikeji.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BilBasen.dk.xml b/src/chrome/content/rules/BilBasen.dk.xml
new file mode 100644
index 000000000000..fc6797075152
--- /dev/null
+++ b/src/chrome/content/rules/BilBasen.dk.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional subdomains:
+
+		- admin	(m)
+		- auktion	(t)
+		- blog	(h)
+		- forhandlere	(t)
+		- mail	(m)
+		- mktg	(m)
+		- support	(i)
+		- vpn	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	Host has wildcard DNS.
+-->
+<ruleset name="BilBasen">
+
+	<target host="bilbasen.dk" />
+	<target host="www.bilbasen.dk" />
+	<target host="api.bilbasen.dk" />
+	<target host="banner.bilbasen.dk" />
+	<target host="billeder.bilbasen.dk" />
+	<target host="gw.bilbasen.dk" />
+	<target host="resources.bilbasen.dk" />
+	<target host="static.bilbasen.dk" />
+	<target host="umbracoadmin.bilbasen.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bild.de.xml b/src/chrome/content/rules/Bild.de.xml
index ab8291313f16..b7bda52e1627 100644
--- a/src/chrome/content/rules/Bild.de.xml
+++ b/src/chrome/content/rules/Bild.de.xml
@@ -69,6 +69,6 @@
 		to="https://www.fagms.net/" />
 
 	<rule from="^http:" to="https:"/>
-		
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bilio.com.xml b/src/chrome/content/rules/Bilio.com.xml
index fd733381a6cf..50ba4e76e01a 100644
--- a/src/chrome/content/rules/Bilio.com.xml
+++ b/src/chrome/content/rules/Bilio.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://bilio.com/ => https://www.bilio.com/: (60, 'SSL certificate
 	* Mismatched
 
 -->
-<ruleset name="Bilio.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bilio.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bill.ovh.xml b/src/chrome/content/rules/Bill.ovh.xml
deleted file mode 100644
index 0b34d759ac9a..000000000000
--- a/src/chrome/content/rules/Bill.ovh.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Bill.ovh">
-	<target host="bill.ovh" />
-	<target host="www.bill.ovh" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BillDesk.com.xml b/src/chrome/content/rules/BillDesk.com.xml
index a27d865f35fa..22ffe96d6325 100644
--- a/src/chrome/content/rules/BillDesk.com.xml
+++ b/src/chrome/content/rules/BillDesk.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Problematic hosts:
 
-		- connect.billdesk.com ¹ 
+		- connect.billdesk.com ¹
 		- m.billdesk.com ²
 		- services.billdesk.com ²
 
diff --git a/src/chrome/content/rules/BillPay.de.xml b/src/chrome/content/rules/BillPay.de.xml
index 4e8ae9f752f2..4e63982f7e56 100644
--- a/src/chrome/content/rules/BillPay.de.xml
+++ b/src/chrome/content/rules/BillPay.de.xml
@@ -8,7 +8,7 @@ Fetch error: http://logon.billpay.de/ => https://logon.billpay.de/: (51, "SSL: n
 		- login.billpay.de
 
 -->
-<ruleset name="BillPay.de" default_off='failed ruleset test'>
+<ruleset name="BillPay.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bill_Maher.com.xml b/src/chrome/content/rules/Bill_Maher.com.xml
index b0a141447571..e5487a76b01d 100644
--- a/src/chrome/content/rules/Bill_Maher.com.xml
+++ b/src/chrome/content/rules/Bill_Maher.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://billmaher.com/ => https://billmaher.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.billmaher.com/ => https://www.billmaher.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Bill Maher.com" default_off='failed ruleset test'>
+<ruleset name="Bill Maher.com" default_off="failed ruleset test">
 
 	<target host="billmaher.com" />
 	<target host="www.billmaher.com" />
diff --git a/src/chrome/content/rules/Billboard.com.xml b/src/chrome/content/rules/Billboard.com.xml
index a8070adec7de..f9ad19da02bd 100644
--- a/src/chrome/content/rules/Billboard.com.xml
+++ b/src/chrome/content/rules/Billboard.com.xml
@@ -10,7 +10,7 @@
 		mobileapi.billboard.com
 		pro.billboard.com
 		qa.billboard.com
-	
+
 	Invalid certificate:
 		features.billboard.com
 		link.billboard.com
@@ -19,10 +19,10 @@
 
 	Time out:
 		m.billboard.com
-	
+
 	Refused:
 		mobile.billboard.com
-	
+
 	Different content http/https:
 		realtime.billboard.com
 
diff --git a/src/chrome/content/rules/BilletNet.dk.xml b/src/chrome/content/rules/BilletNet.dk.xml
deleted file mode 100644
index d9cd0a86e98a..000000000000
--- a/src/chrome/content/rules/BilletNet.dk.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Related ruleset: Ticketmaster.xml
-
-	Refused:
-		billetnet.dk
-
-	Invalid certificate:
-		ams3pxy.billetnet.dk
-		kundeanmeldelser.billetnet.dk
-		lca4pxy.billetnet.dk
-		wmr.billetnet.dk
-
--->
-<ruleset name="BilletNet.dk">
-
-	<target host="billetnet.dk" />
-	<target host="www.billetnet.dk" />
-
-	<rule from="^http://billetnet\.dk/"
-		to="https://www.billetnet.dk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Billetten.dk.xml b/src/chrome/content/rules/Billetten.dk.xml
index 269e052a05dd..e1cabc84e461 100644
--- a/src/chrome/content/rules/Billetten.dk.xml
+++ b/src/chrome/content/rules/Billetten.dk.xml
@@ -3,6 +3,6 @@
 	<target host="www.billetten.dk" />
 
 	<securecookie host="^www\.billetten\.dk" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Billiger.de.xml b/src/chrome/content/rules/Billiger.de.xml
index a16fff5eb79d..68cd498dc1e6 100644
--- a/src/chrome/content/rules/Billiger.de.xml
+++ b/src/chrome/content/rules/Billiger.de.xml
@@ -10,7 +10,8 @@
 <ruleset name="billiger.de (partial)">
 
 	<target host="billiger.de" />
-	<target host="*.billiger.de" />
+	<target host="www.billiger.de" />
+	<target host="api-img.billiger.de" />
 
 
 	<!--	Tracking cookies:
@@ -23,4 +24,4 @@
 		to="https://$1billiger.de/$2" />
 
 	<rule from="^http://api-img\.billiger\.de/" to="https://api-img.billiger.de/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BillingsBridge.com.xml b/src/chrome/content/rules/BillingsBridge.com.xml
new file mode 100644
index 000000000000..7445fd5b7d94
--- /dev/null
+++ b/src/chrome/content/rules/BillingsBridge.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="BillingsBridge.com">
+	<target host="billingsbridge.com" />
+	<target host="www.billingsbridge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BillionDigital.com.xml b/src/chrome/content/rules/BillionDigital.com.xml
index d724070d8962..ead32a838f16 100644
--- a/src/chrome/content/rules/BillionDigital.com.xml
+++ b/src/chrome/content/rules/BillionDigital.com.xml
@@ -39,7 +39,7 @@ Fetch error: http://anwers.billiondigital.com/ => https://anwers.billiondigital.
 	* Secured by us
 
 -->
-<ruleset name="BillionDigital.com (partial)" default_off='failed ruleset test'>
+<ruleset name="BillionDigital.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Billiongraves.com.xml b/src/chrome/content/rules/Billiongraves.com.xml
index 63ccf624eaff..dc270578f085 100644
--- a/src/chrome/content/rules/Billiongraves.com.xml
+++ b/src/chrome/content/rules/Billiongraves.com.xml
@@ -18,7 +18,6 @@
 	<target host="*.billiongraves.com" />
 	<!-- <target host="store.billiongraves.com" /> -->
 
-	<test url="http://billiongraves.com/" />
 	<test url="http://www.billiongraves.com/" />
 	<test url="http://ca.billiongraves.com/" />
 	<test url="http://de.billiongraves.com/" />
diff --git a/src/chrome/content/rules/Billund.dk.xml b/src/chrome/content/rules/Billund.dk.xml
index 74f2b30ee37e..bf30e1b7b23f 100644
--- a/src/chrome/content/rules/Billund.dk.xml
+++ b/src/chrome/content/rules/Billund.dk.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.billund.dk/ => https://www.billund.dk/: Too many redirec
 
 -->
 
-<ruleset name="Billund.dk" default_off='failed ruleset test'>
+<ruleset name="Billund.dk" default_off="failed ruleset test">
 
 	<target host="billund.dk" />
 	<target host="www.billund.dk" />
diff --git a/src/chrome/content/rules/Bin-Store.com.xml b/src/chrome/content/rules/Bin-Store.com.xml
index 77bc43b2edc4..1e8b6b63949d 100644
--- a/src/chrome/content/rules/Bin-Store.com.xml
+++ b/src/chrome/content/rules/Bin-Store.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Bin-Store.com">
 
 	<target host="bin-store.com" />
-	<target host="*.bin-store.com" />
+	<target host="secure.bin-store.com" />
+	<target host="www.bin-store.com" />
 
 
 	<securecookie host="^\.bin-store\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(secure\.)?bin-store\.com/"
-		to="https://$1$2bin-store.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BinBayyah.net.xml b/src/chrome/content/rules/BinBayyah.net.xml
new file mode 100644
index 000000000000..a22481f46643
--- /dev/null
+++ b/src/chrome/content/rules/BinBayyah.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatch:
+		autoconfig.binbayyah.net
+		autodiscover.binbayyah.net
+		cpanel.binbayyah.net
+		ftp.binbayyah.net
+		imap.binbayyah.net
+		mail.binbayyah.net
+		pop.binbayyah.net
+		smtp.binbayyah.net
+		webdisk.binbayyah.net
+		webmail.binbayyah.net
+		whm.binbayyah.net
+-->
+<ruleset name="BinBayyah.net" platform="mixedcontent">
+	<target host="binbayyah.net" />
+	<target host="www.binbayyah.net" />
+	<target host="mail.binbayyah.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BinSearch.xml b/src/chrome/content/rules/BinSearch.xml
index c676647a68b2..faebb1f13b9f 100644
--- a/src/chrome/content/rules/BinSearch.xml
+++ b/src/chrome/content/rules/BinSearch.xml
@@ -15,7 +15,7 @@
 	<rule from="^http://binsearch\.net/"
 		to="https://www.binsearch.info/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BinaryTurf.xml b/src/chrome/content/rules/BinaryTurf.xml
index 5545beac7cc8..53983aaf3f4e 100644
--- a/src/chrome/content/rules/BinaryTurf.xml
+++ b/src/chrome/content/rules/BinaryTurf.xml
@@ -12,7 +12,7 @@
 					-->
 	<!--securecookie host="^www\.binaryturf\.com$" name="^(?:PHPSESSID|bb2_screener_)$" /-->
 
-  <securecookie host="^(?:.+\.)?binaryturf\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/BioMedCentral.com.xml b/src/chrome/content/rules/BioMedCentral.com.xml
index 472a631d9164..db711003f364 100644
--- a/src/chrome/content/rules/BioMedCentral.com.xml
+++ b/src/chrome/content/rules/BioMedCentral.com.xml
@@ -361,7 +361,7 @@
 	<target host="womensmidlifehealthjournal.biomedcentral.com" />
 	<target host="zoologicalletters.biomedcentral.com" />
 
-	<securecookie host="^(?:.*\.)?biomedcentral\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://biomedcentral\.com/"
 		to="https://www.biomedcentral.com/" />
diff --git a/src/chrome/content/rules/BioOne.org.xml b/src/chrome/content/rules/BioOne.org.xml
new file mode 100644
index 000000000000..54127ae6302f
--- /dev/null
+++ b/src/chrome/content/rules/BioOne.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		about.bioone.org
+		careercenter.bioone.org
+		complete.bioone.org
+		el.bioone.org
+
+	Some pages redirect to HTTP:
+		bioone.org
+		www.bioone.org
+
+	Time out:
+		maint.bioone.org
+
+-->
+<ruleset name="BioOne.org (partial)">
+
+	<target host="bioone.org" />
+	<target host="www.bioone.org" />
+
+	<!-- Exclude implicit test urls -->
+	<exclusion pattern="^http://(www\.)?bioone\.org/$" />
+
+	<rule from="^http://(www\.)?bioone\.org/(templates|na101)/"
+		to="https://$1bioone.org/$2/" />
+
+		<test url="http://bioone.org/templates/jsp/style.css" />
+		<test url="http://www.bioone.org/templates/jsp/style.css" />
+		<test url="http://www.bioone.org/templates/jsp/_style2/_AP/_bioone/apple-touch-icon.png" />
+		<test url="http://www.bioone.org/templates/jsp/_style2/_AP/_bioone/images/bioOne_logo.gif" />
+		<test url="http://www.bioone.org/templates/jsp/_style2/_AP/_bioone/images/button_minus_green.gif" />
+		<test url="http://www.bioone.org/na101/home/literatum/publisher/bioone/journals/content/tauk/2018/00048038-135.2/00048038-135.2/20180115-01/00048038-135.2.cover.jpg" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BioWare.xml b/src/chrome/content/rules/BioWare.xml
index 62154dd2e0f4..851b20d84a81 100644
--- a/src/chrome/content/rules/BioWare.xml
+++ b/src/chrome/content/rules/BioWare.xml
@@ -1,48 +1,21 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://biowarestore.com/ => https://biowarestore.com/: (7, 'Failed to connect to biowarestore.com port 443: Connection timed out')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://biowarestore.com/ => https://biowarestore.com/: (7, 'Failed to connect to biowarestore.com port 443: Connection refused')
 	For other Electronic Arts coverage, see Electronic-Arts.xml.
 
-
 	CDN buckets:
-
 		- ea-039.vo.llnwd.net
 			- na.llnet.bioware.cdn.ea.com
 			- ea-039.hs doesn't exist
 
-
-	Nonfunctional domains:
-
-		- na.llnet.bioware.cdn.ea.com	(cert: *.hs.llnwd.net; 400)
-
+	Connection refused:
+		- na.llnet.bioware.cdn.ea.com
 -->
-<ruleset name="BioWare (partial)" default_off='failed ruleset test'>
 
-	<target host="na.llnet.bioware.cdn.ea.com" />
+<ruleset name="BioWare (partial)">
 	<target host="social.bioware.com" />
 	<target host="biowarestore.com" />
-	<target host="*.biowarestore.com" />
-
+	<target host="www.biowarestore.com" />
 
 	<securecookie host="^\.biowarestore\.com$" name=".+" />
 
-
-
-	<rule from="^http://na\.llnet\.bioware\.cdn\.ea\.com/u/f/eagames/bioware/social/"
-		to="https://social.bioware.com/" />
-
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://social\.bioware\.com/(images/|packer\.php|templates/)"
-		to="https://social.bioware.com/$1" />
-
-	<!--	Cert only matches ^biowarestore.com.
-							-->
-	<rule from="^http://(?:www\.)?biowarestore\.com/"
-		to="https://biowarestore.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BioXFEL.org.xml b/src/chrome/content/rules/BioXFEL.org.xml
deleted file mode 100644
index e05297db728a..000000000000
--- a/src/chrome/content/rules/BioXFEL.org.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other University at Buffalo coverage, see University_at_Buffalo.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- bioxfel.org
-		- www.bioxfel.org
-
--->
-<ruleset name="BioXFEL.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bioxfel.org" />
-	<target host="www.bioxfel.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?bioxfel\.org$" name="^[\da-f]{32}$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Biocubafarma.cu.xml b/src/chrome/content/rules/Biocubafarma.cu.xml
new file mode 100644
index 000000000000..de11abe32f62
--- /dev/null
+++ b/src/chrome/content/rules/Biocubafarma.cu.xml
@@ -0,0 +1,28 @@
+<!--
+	^ does not exist.
+
+	Refused:
+		- atlantis.oc
+
+	Timeout:
+		- ba
+		- mba
+
+	Mismatched:
+		- comas
+		- directorio
+		- ocs
+		- www.cdc
+-->
+<ruleset name="Biocubafarma.cu" default_off="cert-chain">
+	<target host="www.biocubafarma.cu" />
+	<target host="www.8marzo.biocubafarma.cu" />
+	<target host="capital.biocubafarma.cu" />
+	<target host="combiomed.biocubafarma.cu" />
+	<target host="pci.biocubafarma.cu" />
+	<target host="www.sigestic.biocubafarma.cu" />
+	<target host="vc.biocubafarma.cu" />
+	<target host="webmail.biocubafarma.cu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Biofitt.com.xml b/src/chrome/content/rules/Biofitt.com.xml
index 0bd94db63c5a..1c9b860029e8 100644
--- a/src/chrome/content/rules/Biofitt.com.xml
+++ b/src/chrome/content/rules/Biofitt.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Biologo.ru.xml b/src/chrome/content/rules/Biologo.ru.xml
new file mode 100644
index 000000000000..4f196d02d838
--- /dev/null
+++ b/src/chrome/content/rules/Biologo.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="Biologo.ru">
+	<target host="biologo.ru" />
+	<target host="www.biologo.ru" />
+
+	<rule from="^http://www\.biologo\.ru/" to="https://biologo.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bip.IO.xml b/src/chrome/content/rules/Bip.IO.xml
deleted file mode 100644
index 943876795606..000000000000
--- a/src/chrome/content/rules/Bip.IO.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Bip.IO">
-
-	<target host="bip.io" />
-	<target host="www.bip.io" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?bip\.io$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?bip\.io$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Biqle.ru.xml b/src/chrome/content/rules/Biqle.ru.xml
deleted file mode 100644
index 0954b89930c8..000000000000
--- a/src/chrome/content/rules/Biqle.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="biqle.ru">
-	<target host="biqle.ru"/>
-	<target host="www.biqle.ru"/>
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Bircko.com.xml b/src/chrome/content/rules/Bircko.com.xml
index 2354924d1ce0..624052de544b 100644
--- a/src/chrome/content/rules/Bircko.com.xml
+++ b/src/chrome/content/rules/Bircko.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BirdLife.org.xml b/src/chrome/content/rules/BirdLife.org.xml
index 5f82076296bc..a354c9ef0033 100644
--- a/src/chrome/content/rules/BirdLife.org.xml
+++ b/src/chrome/content/rules/BirdLife.org.xml
@@ -1,6 +1,6 @@
 <!--
 	For rules that are off by default, see BirdLife.org-problematic.xml
-	
+
 	Invalid certificate:
 		www.climatechange.birdlife.org
 		www.datazone.birdlife.org
@@ -17,12 +17,12 @@
 
 	Time out:
 		cloud1.birdlife.org
-	
+
 	Redirect to broken target:
 		datazone.birdlife.org
 		migratorysoaringbirds.birdlife.org
 		seabirds.birdlife.org
-	
+
 	Mixed content:
 		globally-threatened-bird-forums.birdlife.org
 		sociable-lapwing.birdlife.org
diff --git a/src/chrome/content/rules/Birdtree.org.xml b/src/chrome/content/rules/Birdtree.org.xml
new file mode 100644
index 000000000000..1510742b7d30
--- /dev/null
+++ b/src/chrome/content/rules/Birdtree.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Birdtree.org">
+
+	<target host="birdtree.org" />
+	<target host="www.birdtree.org" />
+	<target host="blog.birdtree.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bison-Fute.gouv.fr.xml b/src/chrome/content/rules/Bison-Fute.gouv.fr.xml
new file mode 100644
index 000000000000..aff271c5c56e
--- /dev/null
+++ b/src/chrome/content/rules/Bison-Fute.gouv.fr.xml
@@ -0,0 +1,19 @@
+<!--
+	Mixed content:
+		m.bison-fute.gouv.fr
+
+	Connection reset:
+		tipi.bison-fute.gouv.fr
+
+-->
+<ruleset name="Bison Futé">
+
+	<target host="www.bison-fute.gouv.fr" /><!-- MCB from ad domain -->
+	<target host="www1.bison-fute.gouv.fr" />
+	<target host="www2.bison-fute.gouv.fr" />
+	<target host="www3.bison-fute.gouv.fr" />
+	<target host="www4.bison-fute.gouv.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BitCalm.com.xml b/src/chrome/content/rules/BitCalm.com.xml
index a1b524390a61..fe85ff0b297f 100644
--- a/src/chrome/content/rules/BitCalm.com.xml
+++ b/src/chrome/content/rules/BitCalm.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.bitcalm.com/ => https://www.bitcalm.com/: (6, 'Could not
 		- bitcalm.com
 
 -->
-<ruleset name="BitCalm.com" default_off='failed ruleset test'>
+<ruleset name="BitCalm.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BitFlyer.jp.xml b/src/chrome/content/rules/BitFlyer.jp.xml
index 82d79b822920..03f284643032 100644
--- a/src/chrome/content/rules/BitFlyer.jp.xml
+++ b/src/chrome/content/rules/BitFlyer.jp.xml
@@ -42,7 +42,7 @@
 	<!--securecookie host="^\.fundflyer\.bitflyer\.jp$" name="^ARRAffinity$" /-->
 	<!--securecookie host="^lightning\.bitflyer\.jp$" name="^___utm[abv]\w+$" /-->
 
-	<securecookie host="^(?:.*\.)?bitflyer\.jp$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/BitGravity.xml b/src/chrome/content/rules/BitGravity.xml
index c29fadc44abc..7c0818234189 100644
--- a/src/chrome/content/rules/BitGravity.xml
+++ b/src/chrome/content/rules/BitGravity.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BitHubLab.org.xml b/src/chrome/content/rules/BitHubLab.org.xml
new file mode 100644
index 000000000000..f3e7a4ee389c
--- /dev/null
+++ b/src/chrome/content/rules/BitHubLab.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="BitHubLab.org">
+	<target host="bithublab.org" />
+	<target host="www.bithublab.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitInstant.xml b/src/chrome/content/rules/BitInstant.xml
index 61388104b016..e40cb78a4d72 100644
--- a/src/chrome/content/rules/BitInstant.xml
+++ b/src/chrome/content/rules/BitInstant.xml
@@ -11,7 +11,7 @@ Fetch error: http://bitinstant.com/ => https://bitinstant.com/: (6, 'Could not r
 		- blog		(some [most?] pages redirect to http)
 
 -->
-<ruleset name="BitInstant (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="BitInstant (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="bitinstant.com" />
 	<target host="www.bitinstant.com" />
diff --git a/src/chrome/content/rules/BitKeeper.org.xml b/src/chrome/content/rules/BitKeeper.org.xml
new file mode 100644
index 000000000000..c78a08e7106d
--- /dev/null
+++ b/src/chrome/content/rules/BitKeeper.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="BitKeeper.org">
+	<target host="bitkeeper.org" />
+	<target host="www.bitkeeper.org" />
+	<target host="users.bitkeeper.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitMarket.pl.xml b/src/chrome/content/rules/BitMarket.pl.xml
deleted file mode 100644
index 7bbced346e41..000000000000
--- a/src/chrome/content/rules/BitMarket.pl.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- .bitmarket.pl
-
--->
-<ruleset name="BitMarket.pl">
-
-	<target host="bitmarket.pl" />
-	<target host="www.bitmarket.pl" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.bitmarket\.pl$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.bitmarket\.pl$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitMissile.xml b/src/chrome/content/rules/BitMissile.xml
index 66a8d1d0f5ef..5476c2f99f64 100644
--- a/src/chrome/content/rules/BitMissile.xml
+++ b/src/chrome/content/rules/BitMissile.xml
@@ -10,7 +10,7 @@ Fetch error: http://live.bitmissile.com/ => https://live.bitmissile.com/: (6, 'C
 	For problematic rules, see BitMissile-mismatches.xml.
 
 -->
-<ruleset name="BitMissile (partial)" default_off='failed ruleset test'>
+<ruleset name="BitMissile (partial)" default_off="failed ruleset test">
 
 	<target host="bitmissile.com" />
 	<target host="live.bitmissile.com" />
diff --git a/src/chrome/content/rules/BitNZ.com.xml b/src/chrome/content/rules/BitNZ.com.xml
index c415a2fca7ea..6c4a46d7cdb4 100644
--- a/src/chrome/content/rules/BitNZ.com.xml
+++ b/src/chrome/content/rules/BitNZ.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.bitnz.com/ => https://www.bitnz.com/: (28, 'Connection t
 		- www.bitnz.com
 
 -->
-<ruleset name="bitNZ.com" default_off='failed ruleset test'>
+<ruleset name="bitNZ.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BitQuick.xml b/src/chrome/content/rules/BitQuick.xml
index 7b640d33490d..aa385cdfddfd 100644
--- a/src/chrome/content/rules/BitQuick.xml
+++ b/src/chrome/content/rules/BitQuick.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.bitquick.tw/ => https://www.bitquick.tw/: (6, 'Could not
 		- www.bitquick.co
 
 -->
-<ruleset name="BitQuick" default_off='failed ruleset test'>
+<ruleset name="BitQuick" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BitRock-mismatches.xml b/src/chrome/content/rules/BitRock-mismatches.xml
index 73e6fb335e02..9bd00128ced7 100644
--- a/src/chrome/content/rules/BitRock-mismatches.xml
+++ b/src/chrome/content/rules/BitRock-mismatches.xml
@@ -1,7 +1,8 @@
 <ruleset name="BitRock (mismatches)" default_off="expired, mismatch, self-signed">
 
 	<target host="bitnami.org"/>
-	<target host="*.bitnami.org"/>
+	<target host="www.bitnami.org" />
+	<target host="helpdesk.bitnami.org" />
 
 	<rule from="^http://(?:www\.)?bitnami\.org/(favicon\.ico|images/|stylesheets/)"
 		to="https://bitnami.org/$1"/>
diff --git a/src/chrome/content/rules/BitRock.xml b/src/chrome/content/rules/BitRock.xml
index fdfbdbe2081d..766585176f87 100644
--- a/src/chrome/content/rules/BitRock.xml
+++ b/src/chrome/content/rules/BitRock.xml
@@ -6,17 +6,17 @@ Fetch error: http://bitnamihosting.com/ => https://bitnamihosting.com/: (51, "SS
 Disabled by https-everywhere-checker because:
 Fetch error: http://bitnamihosting.com/ => https://bitnamihosting.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bitnamihosting.com'")
 -->
-<ruleset name="BitRock (partial)" default_off='failed ruleset test'>
+<ruleset name="BitRock (partial)" default_off="failed ruleset test">
 
 	<target host="bitnamihosting.com"/>
-	<target host="*.bitnamihosting.com"/>
+	<target host="www.bitnamihosting.com" />
+	<target host="app.bitnamihosting.com" />
 
 	<securecookie host="^(?:app\.)?bitnamihosting\.com$" name=".+" />
 
 	<rule from="^http://www\.bitnamihosting\.com/"
 		to="https://app.bitnamihosting.com/"/>
 
-	<rule from="^http://(app\.)?bitnamihosting\.com/"
-		to="https://$1bitnamihosting.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BitVC.com.xml b/src/chrome/content/rules/BitVC.com.xml
index 73f4996520e7..f4302e66d237 100644
--- a/src/chrome/content/rules/BitVC.com.xml
+++ b/src/chrome/content/rules/BitVC.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://bitvc.com/ => https://bitvc.com/: (7, 'Failed to connect to
 		- .www.bitvc.com
 
 -->
-<ruleset name="BitVC.com" default_off='failed ruleset test'>
+<ruleset name="BitVC.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BitYes.com.xml b/src/chrome/content/rules/BitYes.com.xml
index cc408ebc0ea8..cdcf1996eb10 100644
--- a/src/chrome/content/rules/BitYes.com.xml
+++ b/src/chrome/content/rules/BitYes.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.bityes.com/ => https://www.bityes.com/: (60, 'SSL certif
 		- .bityes.com
 
 -->
-<ruleset name="BitYes.com" default_off='failed ruleset test'>
+<ruleset name="BitYes.com" default_off="failed ruleset test">
 
 	<target host="bityes.com" />
 	<target host="static.bityes.com" />
diff --git a/src/chrome/content/rules/Bitbucket-mismatches.xml b/src/chrome/content/rules/Bitbucket-mismatches.xml
deleted file mode 100644
index 8b8e360dbfb1..000000000000
--- a/src/chrome/content/rules/Bitbucket-mismatches.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see Bitbucket.xml.
-
--->
-<ruleset name="Bitbucket (mismatches)" default_off="mismatched">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="portix.bitbucket.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitbucket.xml b/src/chrome/content/rules/Bitbucket.xml
deleted file mode 100644
index 2cc8a4c86b92..000000000000
--- a/src/chrome/content/rules/Bitbucket.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For problematic rules, see Bitbucket-mismatches.xml.
-
-	For other Atlassian coverage, see Atlassian.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/bitbucket-assetroot/
-		- dwz7u9t8u8usb.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- portix	(works; mismatched, CN: bitbucket.org)
--->
-<ruleset name="Bitbucket (partial)">
-
-	<!--	Direct rewrites:
-				-->
-
-	<target host="blog.bitbucket.org" />
-	<target host="status.bitbucket.org" />
-	<target host="www.bitbucket.org" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitch_Magazine.org.xml b/src/chrome/content/rules/Bitch_Magazine.org.xml
index 1b427ea582f4..6a549cd4514d 100644
--- a/src/chrome/content/rules/Bitch_Magazine.org.xml
+++ b/src/chrome/content/rules/Bitch_Magazine.org.xml
@@ -29,7 +29,7 @@ Fetch error: http://www.bitchmagazine.org/ => https://bitchmagazine.org/: (51, "
 	² Unsecurable <= 522
 
 -->
-<ruleset name="Bitch Magazine.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Bitch Magazine.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bitcoin-Contact.org.xml b/src/chrome/content/rules/Bitcoin-Contact.org.xml
index 02bce55ae1d0..698e7eb87d59 100644
--- a/src/chrome/content/rules/Bitcoin-Contact.org.xml
+++ b/src/chrome/content/rules/Bitcoin-Contact.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://mail.bitcoin-contact.org/ => https://mail.bitcoin-contact.or
 	Mixed Content Blocking (MCB) tiggered:
 		- bitcoin-contact.org
 -->
-<ruleset name="Bitcoin-Contact.org" default_off='failed ruleset test'>
+<ruleset name="Bitcoin-Contact.org" default_off="failed ruleset test">
 	<target host="bitcoin-contact.org" />
 	<target host="www.bitcoin-contact.org" />
 	<target host="mail.bitcoin-contact.org" />
diff --git a/src/chrome/content/rules/Bitcoin-VPS.xml b/src/chrome/content/rules/Bitcoin-VPS.xml
deleted file mode 100644
index 9aea597511a5..000000000000
--- a/src/chrome/content/rules/Bitcoin-VPS.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Bitcoin VPS
-
--->
-<ruleset name="BitVPS.com">
-
-	<target host="bitvps.com" />
-	<target host="www.bitvps.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin-Wiki.xml b/src/chrome/content/rules/Bitcoin-Wiki.xml
index 0014ca218204..1ca523c430a2 100644
--- a/src/chrome/content/rules/Bitcoin-Wiki.xml
+++ b/src/chrome/content/rules/Bitcoin-Wiki.xml
@@ -28,7 +28,7 @@ Fetch error: http://www.bitcoin.in/ => https://www.bitcoin.in/: (28, 'Connection
 			- en
 
 -->
-<ruleset name="Bitcoin Wiki" default_off='failed ruleset test'>
+<ruleset name="Bitcoin Wiki" default_off="failed ruleset test">
 
 	<target host="bitcoin.at" />
 	<target host="www.bitcoin.at" />
diff --git a/src/chrome/content/rules/Bitcoin-laundry.com.xml b/src/chrome/content/rules/Bitcoin-laundry.com.xml
new file mode 100644
index 000000000000..0bafe950fcba
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoin-laundry.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bitcoin-laundry.com">
+	<target host="bitcoin-laundry.com" />
+	<target host="www.bitcoin-laundry.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin.Co.th.xml b/src/chrome/content/rules/Bitcoin.Co.th.xml
deleted file mode 100644
index 91f310b088ed..000000000000
--- a/src/chrome/content/rules/Bitcoin.Co.th.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- support *
-
-	* Plaintext reply
-
--->
-<ruleset name="Bitcoin.Co.th (partial)">
-
-	<target host="bitcoin.co.th" />
-	<target host="www.bitcoin.co.th" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bitcoin\.co\.th$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^bitcoin\.co\.th$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin.pl.xml b/src/chrome/content/rules/Bitcoin.pl.xml
index 178339ff7cac..508a8f797590 100644
--- a/src/chrome/content/rules/Bitcoin.pl.xml
+++ b/src/chrome/content/rules/Bitcoin.pl.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.bitcoin.pl/ => https://www.bitcoin.pl/: (60, 'SSL certif
 		- .forum.bitcoin.pl
 
 -->
-<ruleset name="Bitcoin.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="Bitcoin.pl (partial)" default_off="failed ruleset test">
 
 	<target host="bitcoin.pl" />
 	<target host="forum.bitcoin.pl" />
diff --git a/src/chrome/content/rules/BitcoinPool.xml b/src/chrome/content/rules/BitcoinPool.xml
index 79031ce013da..ef9517ff3c48 100644
--- a/src/chrome/content/rules/BitcoinPool.xml
+++ b/src/chrome/content/rules/BitcoinPool.xml
@@ -10,7 +10,7 @@
 	<target host="www.bitcoinpool.com" />
 
 
-	<securecookie host="^(?:.*\.)?bitcoinpool\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?bitcoinpool\.com/"
diff --git a/src/chrome/content/rules/BitcoinWisdom.com.xml b/src/chrome/content/rules/BitcoinWisdom.com.xml
deleted file mode 100644
index 70f2892f09a6..000000000000
--- a/src/chrome/content/rules/BitcoinWisdom.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="BitcoinWisdom.com">
-
-	<target host="bitcoinwisdom.com" />
-	<target host="www.bitcoinwisdom.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bitcoinwisdom\.com$" name="^devid$" /-->
-
-	<securecookie host="^(?:\.|www\.)?bitcoinwisdom\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BitcoinXT.software.xml b/src/chrome/content/rules/BitcoinXT.software.xml
deleted file mode 100644
index d398bdb48be0..000000000000
--- a/src/chrome/content/rules/BitcoinXT.software.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	These altnames don't exist:
-
-		- www.bitcoinxt.software
-
--->
-<ruleset name="BitcoinXT.software">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bitcoinxt.software" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Foundation.org.xml b/src/chrome/content/rules/Bitcoin_Foundation.org.xml
deleted file mode 100644
index 4ca532d52abb..000000000000
--- a/src/chrome/content/rules/Bitcoin_Foundation.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Bitcoin Foundation.org" >
-	<target host="bitcoinfoundation.org" />
-	<target host="www.bitcoinfoundation.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bitcoin_Plus.xml b/src/chrome/content/rules/Bitcoin_Plus.xml
index 4217714f229b..80530b644c18 100644
--- a/src/chrome/content/rules/Bitcoin_Plus.xml
+++ b/src/chrome/content/rules/Bitcoin_Plus.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?bitcoinplus\.com/"
 		to="https://bitcoinplus.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bitcoinmixer.org.xml b/src/chrome/content/rules/Bitcoinmixer.org.xml
new file mode 100644
index 000000000000..1fe7096eeb9a
--- /dev/null
+++ b/src/chrome/content/rules/Bitcoinmixer.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bitcoinmixer.org">
+	<target host="bitcoinmixer.org" />
+	<target host="www.bitcoinmixer.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BitcointoYou.com.xml b/src/chrome/content/rules/BitcointoYou.com.xml
index 2fc96378959a..e5002c9de766 100644
--- a/src/chrome/content/rules/BitcointoYou.com.xml
+++ b/src/chrome/content/rules/BitcointoYou.com.xml
@@ -19,7 +19,7 @@
 	<!--securecookie host="^\.bitcointoyou\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 	<!--securecookie host="^broker\.bitcointoyou\.com$" name="^__RequestVerificationToken$" /-->
 
-	<securecookie host="^(?:broker)?\.bitcointoyou\.com$" name="" />
+	<securecookie host="^(?:broker)?\.bitcointoyou\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Bitcurex.com.xml b/src/chrome/content/rules/Bitcurex.com.xml
index fde58d85d35c..7468d7ab92c1 100644
--- a/src/chrome/content/rules/Bitcurex.com.xml
+++ b/src/chrome/content/rules/Bitcurex.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.bitcurex.com/ => https://www.bitcurex.com/: (28, 'Operat
 		- pln
 
 -->
-<ruleset name="Bitcurex.com" default_off='failed ruleset test'>
+<ruleset name="Bitcurex.com" default_off="failed ruleset test">
 
 	<target host="bitcurex.com" />
 	<target host="eur.bitcurex.com" />
diff --git a/src/chrome/content/rules/Bitdeli.com.xml b/src/chrome/content/rules/Bitdeli.com.xml
index 9bbff56da9b9..f819289f7429 100644
--- a/src/chrome/content/rules/Bitdeli.com.xml
+++ b/src/chrome/content/rules/Bitdeli.com.xml
@@ -4,16 +4,14 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bitdeli.com/ => https://bitdeli.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Bitdeli.com" default_off='failed ruleset test'>
+<ruleset name="Bitdeli.com" default_off="failed ruleset test">
 
 	<target host="bitdeli.com" />
-	<target host="*.bitdeli.com" />
 
 
 	<securecookie host="^\.bitdeli\.com$" name=".+" />
 
 
-	<rule from="^http://bitdeli\.com/"
-		to="https://bitdeli.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bite.lt.xml b/src/chrome/content/rules/Bite.lt.xml
index 53c9a153f4b5..b4bf910e6dbd 100644
--- a/src/chrome/content/rules/Bite.lt.xml
+++ b/src/chrome/content/rules/Bite.lt.xml
@@ -4,7 +4,7 @@
 		- sms.bite.lt *
 		- soap.bite.lt **
 		- wap.bite.lt **
-	
+
 	* mismatched cert
 	** connection times out/is refused/fails on HTTPS
 -->
@@ -14,7 +14,7 @@
 	<target host="shop.bite.lt" />
 	<target host="bicademy.bite.lt" />
 	<target host="cs.bite.lt" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Biteasy.com.xml b/src/chrome/content/rules/Biteasy.com.xml
deleted file mode 100644
index b36cd0f3ea8c..000000000000
--- a/src/chrome/content/rules/Biteasy.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .biteasy.com
-
--->
-<ruleset name="Biteasy.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="biteasy.com" />
-	<target host="www.biteasy.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.biteasy\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.biteasy\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitfun.co.xml b/src/chrome/content/rules/Bitfun.co.xml
new file mode 100644
index 000000000000..6e460b78dc7b
--- /dev/null
+++ b/src/chrome/content/rules/Bitfun.co.xml
@@ -0,0 +1,5 @@
+<ruleset name="Bit Fun">
+	<target host="bitfun.co" />
+	<target host="www.bitfun.co" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bitinvest.com.br.xml b/src/chrome/content/rules/Bitinvest.com.br.xml
index b5e04c3dac8d..02d8585514a7 100644
--- a/src/chrome/content/rules/Bitinvest.com.br.xml
+++ b/src/chrome/content/rules/Bitinvest.com.br.xml
@@ -20,7 +20,7 @@ Fetch error: http://developers.bitinvest.com.br/ => https://developers.bitinvest
 		- www.bitinvest.com.br
 
 -->
-<ruleset name="Bitinvest.com.br (partial)" default_off='failed ruleset test'>
+<ruleset name="Bitinvest.com.br (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bitlove.xml b/src/chrome/content/rules/Bitlove.xml
deleted file mode 100644
index e1aac9e740b1..000000000000
--- a/src/chrome/content/rules/Bitlove.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Bitlove">
-
-	<target host="bitlove.org" />
-	<target host="*.bitlove.org" />
-
-
-	<rule from="^http://(?:t\.|(www\.))?bitlove\.org/"
-		to="https://$1bitlove.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitly.xml b/src/chrome/content/rules/Bitly.xml
index c00b06f72731..7cd903a6e927 100644
--- a/src/chrome/content/rules/Bitly.xml
+++ b/src/chrome/content/rules/Bitly.xml
@@ -6,21 +6,22 @@
 		- Bitly_branded_short_domains.xml
 
 
-	Insecure cookies are set for these domains:
-
-		- .bit.ly
+	Non-functional hosts:
+		Certificate misatched:
+		- pix.bit.ly
+		- www.bit.ly
 
 -->
 <ruleset name="bit.ly">
 	<target host="bit.ly" />
-	<target host="pix.bit.ly" />
 	<target host="www.bit.ly" />
-
-	<!--	Not secured by server: -->
-	<!--securecookie host="^\.bit\.ly$" name="^_bit$" /-->
+	<test url="http://www.bit.ly/GVBQJS" />
 
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.bit\.ly/"
+		to="https://bit.ly/" />
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bitly_branded_short_domains.xml b/src/chrome/content/rules/Bitly_branded_short_domains.xml
index fc1b92e94d44..93fd0c95e97d 100644
--- a/src/chrome/content/rules/Bitly_branded_short_domains.xml
+++ b/src/chrome/content/rules/Bitly_branded_short_domains.xml
@@ -94,7 +94,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="1.tn.gov" />
 	<target host="1.tohost.co" />
 	<target host="1.topsetups.com" />
-	<target host="1.usa.gov" />
 	<target host="1.vapel1fe.com" />
 	<target host="1.zasaratov.com" />
 	<target host="1.zdraveinfo.sk" />
@@ -2272,7 +2271,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="ash.sh" />
 	<target host="ashcatalog.com" />
 	<target host="ashdirect.com" />
-	<target host="ashenm.ml" />
 	<target host="ashle.yt" />
 	<target host="ashley.date" />
 	<target host="ashleycraig.com" />
@@ -2827,7 +2825,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="b.ptrlvn.us" />
 	<target host="b.pvbands.net" />
 	<target host="b.qooah.com" />
-	<target host="b.qr.ae" />
 	<target host="b.raft.org.au" />
 	<target host="b.redipepi.com" />
 	<target host="b.remarkabl.org" />
@@ -7500,7 +7497,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="dl.tvho.me" />
 	<target host="dl.vnhut.com" />
 	<target host="dl.wootylab.com" />
-	<target host="dl.wpcanban.com" />
 	<target host="dl.yala.fm" />
 	<target host="dl.yennhi.net" />
 	<target host="dlab.us" />
@@ -10516,7 +10512,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="get.3df.cash" />
 	<target host="get.6.0shot.com" />
 	<target host="get.abews.id" />
-	<target host="get.active" />
 	<target host="get.bekind.gift" />
 	<target host="get.breobox.com" />
 	<target host="get.charades.eu" />
@@ -10861,7 +10856,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.1lambda.com" />
 	<target host="go.211.tw" />
 	<target host="go.2600.pro" />
-	<target host="go.350.org" />
 	<target host="go.3clogic.com" />
 	<target host="go.3km.vn" />
 	<target host="go.3rbnew.com" />
@@ -10944,7 +10938,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.artywah.info" />
 	<target host="go.ashanty.id" />
 	<target host="go.asianart.org" />
-	<target host="go.atallo.com" />
 	<target host="go.athomdev.com" />
 	<target host="go.ato.org" />
 	<target host="go.atrial.co" />
@@ -10968,7 +10961,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.bcoach.info" />
 	<target host="go.beardben.com" />
 	<target host="go.beckatl.com" />
-	<target host="go.beeming.net" />
 	<target host="go.befreely.io" />
 	<target host="go.bego.site" />
 	<target host="go.bekti.net" />
@@ -11116,7 +11108,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.dalsimer.com" />
 	<target host="go.danclegg.net" />
 	<target host="go.dangbau.com" />
-	<target host="go.danieln.tech" />
 	<target host="go.darkdl.com" />
 	<target host="go.dave.tw" />
 	<target host="go.daveadev.com" />
@@ -11149,7 +11140,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.djnds.de" />
 	<target host="go.dlm.im" />
 	<target host="go.dmann.me" />
-	<target host="go.dmfj.io" />
 	<target host="go.dmuth.org" />
 	<target host="go.dmv.network" />
 	<target host="go.dobt.co" />
@@ -11268,7 +11258,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.flachdcd.com" />
 	<target host="go.flag.co.uk" />
 	<target host="go.flameman.pl" />
-	<target host="go.flaviu.co.uk" />
 	<target host="go.flenz.ovh" />
 	<target host="go.flip.me" />
 	<target host="go.fliq.me" />
@@ -11640,7 +11629,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.mfeiz.com" />
 	<target host="go.mgpf.it" />
 	<target host="go.mi-na.de" />
-	<target host="go.mimumimu.net" />
 	<target host="go.mindsize.me" />
 	<target host="go.minigrid.com" />
 	<target host="go.mintvine.com" />
@@ -11904,7 +11892,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.saksh.am" />
 	<target host="go.samanage.com" />
 	<target host="go.samraj.info" />
-	<target host="go.sanchezt.fr" />
 	<target host="go.saraygio.com" />
 	<target host="go.satn.am" />
 	<target host="go.sav2880.net" />
@@ -12093,7 +12080,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="go.tony.io" />
 	<target host="go.tonywinn.me" />
 	<target host="go.topbrands.ru" />
-	<target host="go.toph.co" />
 	<target host="go.topic.com" />
 	<target host="go.topista.com" />
 	<target host="go.tp-deals.de" />
@@ -13737,7 +13723,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="hydro.quebec" />
 	<target host="hydrthys.tk" />
 	<target host="hye.tech" />
-	<target host="hyec.jp" />
 	<target host="hyer.co" />
 	<target host="hyli.co.vu" />
 	<target host="hyp-r.co" />
@@ -15717,7 +15702,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="julievor.is" />
 	<target host="jump.aesrv.net" />
 	<target host="jump.co.vu" />
-	<target host="jump.mahler.io" />
 	<target host="jump.ovh" />
 	<target host="jumpxl.nl" />
 	<target host="junaplay.ml" />
@@ -16536,7 +16520,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="l.agoama.tw" />
 	<target host="l.aidp.us" />
 	<target host="l.aimpa.com.br" />
-	<target host="l.airtable.com" />
 	<target host="l.aitor.is" />
 	<target host="l.aj-v.de" />
 	<target host="l.akiffatmi.com" />
@@ -16547,7 +16530,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="l.alsen-team.pl" />
 	<target host="l.alvarosc.com" />
 	<target host="l.alvinhkh.com" />
-	<target host="l.ambassify.com" />
 	<target host="l.an0.co.uk" />
 	<target host="l.anand.io" />
 	<target host="l.andresen.xyz" />
@@ -16571,7 +16553,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="l.bagthis.ch" />
 	<target host="l.bagun.eu" />
 	<target host="l.baig.io" />
-	<target host="l.baravalle.com" />
 	<target host="l.basicpower.fr" />
 	<target host="l.bass.com.mx" />
 	<target host="l.bbhhuddle.org" />
@@ -16646,7 +16627,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="l.cpresence.com" />
 	<target host="l.cpt.ph" />
 	<target host="l.cpx.se" />
-	<target host="l.csfcloud.com" />
 	<target host="l.csommer.de" />
 	<target host="l.cuauhtli.info" />
 	<target host="l.cvbell.com" />
@@ -17824,7 +17804,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="link.dvj.me.uk" />
 	<target host="link.e-f.co" />
 	<target host="link.e-ola.net" />
-	<target host="link.ebisi.be" />
 	<target host="link.ec2.com.br" />
 	<target host="link.egton.net" />
 	<target host="link.ehuna.org" />
@@ -18117,7 +18096,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="links.hadley.nz" />
 	<target host="links.iaswc.org" />
 	<target host="links.jai.im" />
-	<target host="links.javi.pro" />
 	<target host="links.karlog.in" />
 	<target host="links.kls.org" />
 	<target host="links.limbo.bg" />
@@ -18362,7 +18340,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="lnk.demb.com" />
 	<target host="lnk.dumfing.me" />
 	<target host="lnk.dyo.io" />
-	<target host="lnk.e-beyond.de" />
 	<target host="lnk.eberapp.com" />
 	<target host="lnk.fais.co" />
 	<target host="lnk.farley.pro" />
@@ -19470,7 +19447,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="medcan.net" />
 	<target host="media.bolero.be" />
 	<target host="media.don.is" />
-	<target host="media.kbc.be" />
 	<target host="mediac.at" />
 	<target host="mediagig.site" />
 	<target host="mediagrati.ae" />
@@ -21059,7 +21035,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="nct.vc" />
 	<target host="ncut.co" />
 	<target host="ncwb.be" />
-	<target host="nd.fyi" />
 	<target host="nd.gt" />
 	<target host="ndc.click" />
 	<target host="ndc.fyi" />
@@ -21956,7 +21931,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="odellwiki.ca" />
 	<target host="odenvalt.de" />
 	<target host="odeon.tk" />
-	<target host="odkaz.youber.cz" />
 	<target host="odmtips.com" />
 	<target host="odonto.co" />
 	<target host="odusplus.com" />
@@ -22437,7 +22411,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="on.langlers.com" />
 	<target host="on.laor.asia" />
 	<target host="on.lapakko.com" />
-	<target host="on.lappari.com" />
 	<target host="on.lauffer.co" />
 	<target host="on.leonovel.pro" />
 	<target host="on.lexysyn.com" />
@@ -22636,10 +22609,8 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="on.tempty.hu" />
 	<target host="on.tenerant.com" />
 	<target host="on.tgthss.com" />
-	<target host="on.thaserv.de" />
 	<target host="on.thec-l.com" />
 	<target host="on.thedailyshow.com" />
-	<target host="on.thegrio.com" />
 	<target host="on.thehatch.es" />
 	<target host="on.thestar.com" />
 	<target host="on.thimble.io" />
@@ -22680,7 +22651,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="on.vh1.com" />
 	<target host="on.vhpost.tv" />
 	<target host="on.victime.club" />
-	<target host="on.viewing.nyc" />
 	<target host="on.vision.org" />
 	<target host="on.vitn.de" />
 	<target host="on.voce.tv" />
@@ -24751,7 +24721,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="r.khanhhoa79.vn" />
 	<target host="r.khimoc.com" />
 	<target host="r.kiloforce.com" />
-	<target host="r.kmdev.me" />
 	<target host="r.knr.paris" />
 	<target host="r.kosokubus.com" />
 	<target host="r.kourant.com" />
@@ -26260,7 +26229,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.dog2puppy.tk" />
 	<target host="s.dohkeblog.com" />
 	<target host="s.dokuha.jp" />
-	<target host="s.dosei.net" />
 	<target host="s.dosp.org" />
 	<target host="s.dot-jp.or.jp" />
 	<target host="s.dq.gg" />
@@ -26390,7 +26358,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.i879.jp" />
 	<target host="s.iahi.or.id" />
 	<target host="s.iammike.co" />
-	<target host="s.ianmooreis.me" />
 	<target host="s.ibd.org.au" />
 	<target host="s.ibron.co" />
 	<target host="s.ic-2000.com" />
@@ -26458,7 +26425,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.joonh.com" />
 	<target host="s.joosh.eu" />
 	<target host="s.joureikun.jp" />
-	<target host="s.jpbe.de" />
 	<target host="s.jpnkn.tk" />
 	<target host="s.jsktv.biz" />
 	<target host="s.juggle.rocks" />
@@ -26508,7 +26474,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.kyon.info" />
 	<target host="s.kyueens.com" />
 	<target host="s.kzmhr.com" />
-	<target host="s.lain.li" />
 	<target host="s.lair.io" />
 	<target host="s.lamattina.me" />
 	<target host="s.laniw.win" />
@@ -26662,7 +26627,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.palupedia.id" />
 	<target host="s.panc.ro" />
 	<target host="s.parks.today" />
-	<target host="s.paulmarc.org" />
 	<target host="s.paulto.info" />
 	<target host="s.pawlik.in" />
 	<target host="s.pbdeg.com" />
@@ -26723,7 +26687,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.reshet.tv" />
 	<target host="s.rezdy.net" />
 	<target host="s.rezigiusz.pl" />
-	<target host="s.richie.fi" />
 	<target host="s.risley.co" />
 	<target host="s.riyuk.de" />
 	<target host="s.rnrmedia.nl" />
@@ -26731,11 +26694,9 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="s.robiesite.com" />
 	<target host="s.rocko.me" />
 	<target host="s.roli.me" />
-	<target host="s.rphl.net" />
 	<target host="s.rpts.edu" />
 	<target host="s.rsreview.com" />
 	<target host="s.rsty.de" />
-	<target host="s.rswebsols.com" />
 	<target host="s.rudol.eu" />
 	<target host="s.ruge.at" />
 	<target host="s.rwh.im" />
@@ -27695,7 +27656,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="sh.jpcdi.com" />
 	<target host="sh.kang2oon.com" />
 	<target host="sh.mi.it" />
-	<target host="sh.osmdroid.net" />
 	<target host="sh.plesnik.de" />
 	<target host="sh.prosser.ch" />
 	<target host="sh.rezero.moe" />
@@ -28453,7 +28413,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="smshct.co" />
 	<target host="smshct.com" />
 	<target host="smsi.me" />
-	<target host="smsk.io" />
 	<target host="smsng.news" />
 	<target host="smsng.us" />
 	<target host="smtbk.co" />
@@ -29651,7 +29610,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="t.adapt.dk" />
 	<target host="t.ajeya.me" />
 	<target host="t.aking.ca" />
-	<target host="t.amerion.nl" />
 	<target host="t.anbell.co.uk" />
 	<target host="t.appbb.co" />
 	<target host="t.aquaevent.ru" />
@@ -34157,7 +34115,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="x.bakunet.me" />
 	<target host="x.baronkutz.com" />
 	<target host="x.bwine.nl" />
-	<target host="x.calu.me" />
 	<target host="x.carib.pro" />
 	<target host="x.caritas.ch" />
 	<target host="x.chmuul.net" />
@@ -34224,7 +34181,6 @@ This file generated by Bitly on Fri, 10 Nov 2017 17:24:38 UTC
 	<target host="x.mat.cc" />
 	<target host="x.mategelei.com" />
 	<target host="x.matt.ph" />
-	<target host="x.mikaelf.com" />
 	<target host="x.mishja.net" />
 	<target host="x.mufasa.space" />
 	<target host="x.ngjuliann.com" />
diff --git a/src/chrome/content/rules/Bitmain.com.xml b/src/chrome/content/rules/Bitmain.com.xml
index 8b9c978cd3c0..e76e4dd6a761 100644
--- a/src/chrome/content/rules/Bitmain.com.xml
+++ b/src/chrome/content/rules/Bitmain.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://support.bitmain.com/ => https://support.bitmain.com/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="Bitmain.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bitmain.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bitmain_Tech.com.xml b/src/chrome/content/rules/Bitmain_Tech.com.xml
deleted file mode 100644
index 54350af9239e..000000000000
--- a/src/chrome/content/rules/Bitmain_Tech.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Other Bitmain Tech rulesets:
-
-		- Antpool.com.xml
-		- Bitmain.com.xml
-		- Hashnest.com.xml
-
--->
-<ruleset name="Bitmain Tech.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bitmaintech.com" />
-	<target host="www.bitmaintech.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bitmask.net.xml b/src/chrome/content/rules/Bitmask.net.xml
index 1121525a369b..78941f8cf638 100644
--- a/src/chrome/content/rules/Bitmask.net.xml
+++ b/src/chrome/content/rules/Bitmask.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://api.demo.bitmask.net/ => https://api.demo.bitmask.net/: (51,
     - unstable.bitmask.net
 
 -->
-<ruleset name="Bitmask.net" default_off='failed ruleset test'>
+<ruleset name="Bitmask.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites: -->
 	<target host="bitmask.net" />
diff --git a/src/chrome/content/rules/Bitmazk.com.xml b/src/chrome/content/rules/Bitmazk.com.xml
index 39185d6cd7f9..2c248befb944 100644
--- a/src/chrome/content/rules/Bitmazk.com.xml
+++ b/src/chrome/content/rules/Bitmazk.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.bitmazk.com/ => https://www.bitmazk.com/: (60, 'SSL cert
 		- bitmazk.com
 
 -->
-<ruleset name="Bitmazk.com" default_off='failed ruleset test'>
+<ruleset name="Bitmazk.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bitso.com.xml b/src/chrome/content/rules/Bitso.com.xml
deleted file mode 100644
index 700eeb4f74f3..000000000000
--- a/src/chrome/content/rules/Bitso.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://about.bitso.com/ => https://about.bitso.com/: (6, 'Could not resolve host: about.bitso.com')
-
-	Insecure cookies are set for these domains:
-
-		- .bitso.com
-
-
-	Mixed content:
-
-		- css on about from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Bitso.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bitso.com" />
-	<target host="about.bitso.com" />
-	<target host="www.bitso.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.bitso\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.bitso\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bittiraha.fi.xml b/src/chrome/content/rules/Bittiraha.fi.xml
deleted file mode 100644
index bc1ef5a9e707..000000000000
--- a/src/chrome/content/rules/Bittiraha.fi.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Bittiraha.fi">
-
-	<target host="bittiraha.fi" />
-	<target host="forum.bittiraha.fi" />
-	<target host="www.bittiraha.fi" />
-
-
-	<securecookie host="^\.bittiraha\.fi$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bittorrent.org.xml b/src/chrome/content/rules/Bittorrent.org.xml
index e350307f0643..13145517680f 100644
--- a/src/chrome/content/rules/Bittorrent.org.xml
+++ b/src/chrome/content/rules/Bittorrent.org.xml
@@ -1,8 +1,13 @@
-<ruleset name="BitTorrent.org" default_off="expired, mismatched">
-
+<!--
+	Time out:
+		ens-05.bittorrent.org
+		ens-06.bittorrent.org
+		staging.bittorrent.org
+-->
+<ruleset name="bittorrent.org">
 	<target host="bittorrent.org" />
 	<target host="www.bittorrent.org" />
 
-	<rule from="^http:" to="https:"/>
-
+	<rule from="^http://bittorrent\.org/" to="https://www.bittorrent.org/" /> <!-- Redirect cause of bittorrent.org invalid certificate-->
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bivol.xml b/src/chrome/content/rules/Bivol.xml
index 09d62751076b..66e5dadd822a 100644
--- a/src/chrome/content/rules/Bivol.xml
+++ b/src/chrome/content/rules/Bivol.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bizrate.com.xml b/src/chrome/content/rules/Bizrate.com.xml
index da2265554d8c..db40f8fb3277 100644
--- a/src/chrome/content/rules/Bizrate.com.xml
+++ b/src/chrome/content/rules/Bizrate.com.xml
@@ -41,7 +41,7 @@ Fetch error: http://adverising.bizrate.com/ => https://adverising.bizrate.com/:
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Bizrate.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bizrate.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bizshark.xml b/src/chrome/content/rules/Bizshark.xml
index 2dce79096b6e..e277290d1557 100644
--- a/src/chrome/content/rules/Bizshark.xml
+++ b/src/chrome/content/rules/Bizshark.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BlackDiamondEquipment.com.xml b/src/chrome/content/rules/BlackDiamondEquipment.com.xml
new file mode 100644
index 000000000000..ac7cf5f1a2af
--- /dev/null
+++ b/src/chrome/content/rules/BlackDiamondEquipment.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Bad request:
+		- blackdiamondequipment.com, equivalent to www.blackdiamondequipment.com
+
+	Connection refused:
+		- careers.blackdiamondequipment.com
+
+	Invalid cert:
+		- catalog.blackdiamondequipment.com
+		- cdn.blackdiamondequipment.com, equivalent to deghetmoql414.cloudfront.net
+		- enews.blackdiamondequipment.com
+		- journal.blackdiamondequipment.com
+		- marketing.blackdiamondequipment.com
+		- media.blackdiamondequipment.com
+		- reviews.blackdiamondequipment.com
+		- ugc.blackdiamondequipment.com
+
+	SSL protocol error:
+		- shop.blackdiamondequipment.com
+
+	Timed out:
+		- uac.blackdiamondequipment.com
+-->
+
+<ruleset name="BlackDiamondEquipment.com">
+	<target host="blackdiamondequipment.com" />
+	<target host="www.blackdiamondequipment.com" />
+	<target host="cdn.blackdiamondequipment.com" />
+	<target host="dealer.blackdiamondequipment.com" />
+	<target host="eu.blackdiamondequipment.com" />
+	<target host="jetforce.blackdiamondequipment.com" />
+	<target host="jp.blackdiamondequipment.com" />
+	<target host="nadevelopment.blackdiamondequipment.com" />
+
+	<rule from="^http://blackdiamondequipment\.com/"
+		to="https://www.blackdiamondequipment.com/" />
+
+	<rule from="^http://cdn\.blackdiamondequipment\.com/"
+		to="https://deghetmoql414.cloudfront.net/" />
+		<test url="http://cdn.blackdiamondequipment.com/marketing/mugs _application_2017.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlackMesh.com.xml b/src/chrome/content/rules/BlackMesh.com.xml
index dad273505f8b..7bd92c2b5f12 100644
--- a/src/chrome/content/rules/BlackMesh.com.xml
+++ b/src/chrome/content/rules/BlackMesh.com.xml
@@ -13,7 +13,11 @@ Fetch error: http://blackmesh.com/ => https://www.blackmesh.com/: Cycle detected
 <ruleset name="BlackMesh.com">
 
 	<target host="blackmesh.com" />
-	<target host="*.blackmesh.com" />
+	<target host="www.blackmesh.com" />
+	<target host="mail.blackmesh.com" />
+	<target host="autodiscover.blackmesh.com" />
+	<target host="portal.blackmesh.com" />
+	<target host="webmail.blackmesh.com" />
 
 
 	<securecookie host="^(?:mail|portal|webmail|www)\.blackmesh\.com$" name=".+" />
@@ -31,7 +35,6 @@ Fetch error: http://blackmesh.com/ => https://www.blackmesh.com/: Cycle detected
 	<rule from="^http://mail\.blackmesh\.com/"
 		to="https://mail.blackmesh.com/zimbra/" />
 
-	<rule from="^http://(autodiscover|portal|webmail)\.blackmesh\.com/"
-		to="https://$1.blackmesh.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlackPearl_PDM.com.xml b/src/chrome/content/rules/BlackPearl_PDM.com.xml
index d3ae2900049d..2770c479d183 100644
--- a/src/chrome/content/rules/BlackPearl_PDM.com.xml
+++ b/src/chrome/content/rules/BlackPearl_PDM.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://blackpearlpdm.com/ => https://blackpearlpdm.com/: (28, 'Conn
 Fetch error: http://www.blackpearlpdm.com/ => https://www.blackpearlpdm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.blackpearlpdm.com'")
 
 -->
-<ruleset name="BlackPearl PDM.com" default_off='failed ruleset test'>
+<ruleset name="BlackPearl PDM.com" default_off="failed ruleset test">
 
 	<target host="blackpearlpdm.com" />
 	<target host="www.blackpearlpdm.com" />
diff --git a/src/chrome/content/rules/BlackTonic.com.xml b/src/chrome/content/rules/BlackTonic.com.xml
index cf8a21421cdb..3e514861764d 100644
--- a/src/chrome/content/rules/BlackTonic.com.xml
+++ b/src/chrome/content/rules/BlackTonic.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?blacktonic\.com/si(gnup(?:$|\?|/)|tes/)"
 		to="https://$1blacktonic.com/si$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BlackVPN.xml b/src/chrome/content/rules/BlackVPN.xml
index 0762523a7888..6996f826d9cd 100644
--- a/src/chrome/content/rules/BlackVPN.xml
+++ b/src/chrome/content/rules/BlackVPN.xml
@@ -9,7 +9,8 @@
 <ruleset name="blackVPN">
 
 	<target host="blackvpn.com" />
-	<target host="*.blackvpn.com" />
+	<target host="www.blackvpn.com" />
+	<target host="news.blackvpn.com" />
 
 
 	<securecookie host="^\.blackvpn\.com$" name=".+" />
diff --git a/src/chrome/content/rules/BlackZNC.net.xml b/src/chrome/content/rules/BlackZNC.net.xml
deleted file mode 100644
index 2d60b4d7cc15..000000000000
--- a/src/chrome/content/rules/BlackZNC.net.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Tumblr
-
-
-	Insecure cookies are set for these domains:
-
-		- .blackznc.net
-
--->
-<ruleset name="BlackZNC.net (partial)">
-
-	<target host="blackznc.net" />
-	<target host="www.blackznc.net" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.blackznc\.net$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.blackznc\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Black_Duck_Software.com.xml b/src/chrome/content/rules/Black_Duck_Software.com.xml
index 6add39a855fb..5042051d7a4d 100644
--- a/src/chrome/content/rules/Black_Duck_Software.com.xml
+++ b/src/chrome/content/rules/Black_Duck_Software.com.xml
@@ -28,7 +28,10 @@
 <ruleset name="Black Duck Software.com (partial)">
 
 	<target host="blackducksoftware.com" />
-	<target host="*.blackducksoftware.com" />
+	<target host="www.blackducksoftware.com" />
+	<target host="dev.blackducksoftware.com" />
+	<target host="osdelivers.blackducksoftware.com" />
+	<target host="stg.blackducksoftware.com" />
 		<!--
 			Avoid broken MCB:
 						-->
@@ -38,8 +41,7 @@
 	<rule from="^http://(?:www\.)?blackducksoftware\.com/"
 		to="https://www.blackducksoftware.com/" />
 
-	<rule from="^http://(dev|osdelivers|stg)\.blackducksoftware\.com/"
-		to="https://$1.blackducksoftware.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Black_Lotus.xml b/src/chrome/content/rules/Black_Lotus.xml
index 48fbaecaa523..6bda209dad67 100644
--- a/src/chrome/content/rules/Black_Lotus.xml
+++ b/src/chrome/content/rules/Black_Lotus.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.blacklotus.net/ => https://www.blacklotus.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.blacklotus.net'")
 
 -->
-<ruleset name="Black Lotus" default_off='failed ruleset test'>
+<ruleset name="Black Lotus" default_off="failed ruleset test">
 
 	<target host="blacklotus.net" />
 	<target host="www.blacklotus.net" />
@@ -12,4 +12,4 @@ Fetch error: http://www.blacklotus.net/ => https://www.blacklotus.net/: (51, "SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blackberry.xml b/src/chrome/content/rules/Blackberry.xml
index 389ce08ec7b1..efc3f7c39a65 100644
--- a/src/chrome/content/rules/Blackberry.xml
+++ b/src/chrome/content/rules/Blackberry.xml
@@ -62,7 +62,7 @@ Fetch error: http://developerforums.blackberry.com/ => https://supportforums.bla
 	* Secured by us
 
 -->
-<ruleset name="Blackberry.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Blackberry.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Blackboard.xml b/src/chrome/content/rules/Blackboard.xml
index b5a99f143af6..23e1fc4589d2 100644
--- a/src/chrome/content/rules/Blackboard.xml
+++ b/src/chrome/content/rules/Blackboard.xml
@@ -1,12 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://en-us.help.blackboard.com/ => https://en-us.help.blackboard.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	Other Blackboard rulesets:
 
-		- SafeAssign.xml
 
 
 	Nonfunctional hosts in *blackboard.com:
 
 		- blog *
+    - caltech-sp *
 
 	* Shows default MediaTemple page
 
@@ -16,17 +21,12 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="blackboard.com" />
-	<target host="en-us.help.blackboard.com" />
+	<!-- target host="en-us.help.blackboard.com" /-->
 	<target host="safeassign.blackboard.com" />
 	<target host="www.blackboard.com" />
 
-	<!--	(accounts:)	-->
-	<target host="caltech-sp.blackboard.com" />
-
-
 	<securecookie host=".+" name=".+" />
 
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Blackfire.io.xml b/src/chrome/content/rules/Blackfire.io.xml
deleted file mode 100644
index 340414362763..000000000000
--- a/src/chrome/content/rules/Blackfire.io.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-    Nonfunctional subdomains:
-	    - blog
-
-    More SensioLabs rulesets:
-	    - Symfony.com.xml
-	    - Sensiolabs.com.xml
--->
-<ruleset name="Blackfire.io">
-    <target host="blackfire.io" />
-    <target host="www.blackfire.io" />
-
-    <securecookie host="^(www\.)?blackfire\.io" name=".+" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Blackfoot.co.uk.xml b/src/chrome/content/rules/Blackfoot.co.uk.xml
index b941f6aca160..57a4e5857e1b 100644
--- a/src/chrome/content/rules/Blackfoot.co.uk.xml
+++ b/src/chrome/content/rules/Blackfoot.co.uk.xml
@@ -6,7 +6,6 @@ Fetch error: http://www.blackfoot.co.uk/ => https://www.blackfoot.co.uk/: (60, '
 
 	Other Blackfoot Hosting rulesets:
 
-		- Secureuk.net.xml
 
 
 	Mixed content:
@@ -18,7 +17,7 @@ Fetch error: http://www.blackfoot.co.uk/ => https://www.blackfoot.co.uk/: (60, '
 	* Secured by us
 
 -->
-<ruleset name="Blackfoot.co.uk" default_off='failed ruleset test'>
+<ruleset name="Blackfoot.co.uk" default_off="failed ruleset test">
 
 	<target host="blackfoot.co.uk" />
 	<target host="www.blackfoot.co.uk" />
diff --git a/src/chrome/content/rules/Blacknight-Internet-Solutions.xml b/src/chrome/content/rules/Blacknight-Internet-Solutions.xml
index 3dde00808879..5f73c7d30f7e 100644
--- a/src/chrome/content/rules/Blacknight-Internet-Solutions.xml
+++ b/src/chrome/content/rules/Blacknight-Internet-Solutions.xml
@@ -18,13 +18,15 @@
 <ruleset name="Blacknight Internet Solutions (partial)">
 
 	<target host="blacknight.com" />
-	<target host="*.blacknight.com" />
+	<target host="altmail.blacknight.com" />
+	<target host="cp.blacknight.com" />
+	<target host="wiki.blacknight.com" />
+	<target host="www.blacknight.com" />
 
 
 	<securecookie host="^.*\.blacknight\.com$" name=".+" />
 
 
-	<rule from="^http://((?:altmail|cp|wiki|www)\.)?blacknight\.com/"
-		to="https://$1blacknight.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BlamBot.com.xml b/src/chrome/content/rules/BlamBot.com.xml
new file mode 100644
index 000000000000..03661dae382a
--- /dev/null
+++ b/src/chrome/content/rules/BlamBot.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- webmail
+		- www.webmail
+-->
+<ruleset name="BlamBot.com">
+	<target host="blambot.com" />
+	<target host="www.blambot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blau.de.xml b/src/chrome/content/rules/Blau.de.xml
index 7995042786fc..5f56623f8a3d 100644
--- a/src/chrome/content/rules/Blau.de.xml
+++ b/src/chrome/content/rules/Blau.de.xml
@@ -16,7 +16,7 @@
 	<target host="*.blau.de" />
 
 
-	<securecookie host="^(?:.+\.)?blau\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([^/:@]+\.)?blau\.de/"
diff --git a/src/chrome/content/rules/BlazeKing.com.xml b/src/chrome/content/rules/BlazeKing.com.xml
new file mode 100644
index 000000000000..7cc1cda693a3
--- /dev/null
+++ b/src/chrome/content/rules/BlazeKing.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- blazeking.com, equivalent to www.blazeking.com
+-->
+
+<ruleset name="BlazeKing.com">
+	<target host="blazeking.com" />
+	<target host="www.blazeking.com" />
+
+	<rule from="^http://blazeking\.com/"
+		to="https://www.blazeking.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blazing-Thyme.xml b/src/chrome/content/rules/Blazing-Thyme.xml
index af0c238b7e7b..fdb40ef5e240 100644
--- a/src/chrome/content/rules/Blazing-Thyme.xml
+++ b/src/chrome/content/rules/Blazing-Thyme.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.blazingthyme.com/ => https://www.blazingthyme.com/: (28,
 	shop.blazingthyme.com is handled in Nexternal-clients.xml.
 
 -->
-<ruleset name="Blazing Thyme" default_off='failed ruleset test'>
+<ruleset name="Blazing Thyme" default_off="failed ruleset test">
 
 	<target host="blazingthyme.com" />
 	<target host="www.blazingthyme.com" />
diff --git a/src/chrome/content/rules/Blazonco.com.xml b/src/chrome/content/rules/Blazonco.com.xml
index 759a818f6c27..0b38a88e72bb 100644
--- a/src/chrome/content/rules/Blazonco.com.xml
+++ b/src/chrome/content/rules/Blazonco.com.xml
@@ -14,10 +14,10 @@
 	<target host="*.blazonco.com" />
 
 
-	<securecookie host="^(?:.*\.)?blazonco\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?blazonco\.com/"
 		to="https://$1blazonco.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blekko.xml b/src/chrome/content/rules/Blekko.xml
deleted file mode 100644
index 4b1689bdb7dd..000000000000
--- a/src/chrome/content/rules/Blekko.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Blekko">
-
-	<target host="blekko.com" />
-	<target host="www.blekko.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blic.rs.xml b/src/chrome/content/rules/Blic.rs.xml
new file mode 100644
index 000000000000..1799e621ae7b
--- /dev/null
+++ b/src/chrome/content/rules/Blic.rs.xml
@@ -0,0 +1,18 @@
+<!--
+	404:
+		m.blic.rs
+	Invalid certificate:
+		s.blic.rs
+-->
+<ruleset name="Blic.rs">
+	<target host="blic.rs" />
+	<target host="www.blic.rs" />
+	<target host="api.blic.rs" />
+	<target host="gameplanet.blic.rs" />
+	<target host="sport.blic.rs" />
+	<target host="sso.blic.rs" />
+	<target host="zena.blic.rs" />
+	<target host="recepti.zena.blic.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blinkeye.ch.xml b/src/chrome/content/rules/Blinkeye.ch.xml
index de46131a52b7..c7f17794f8ef 100644
--- a/src/chrome/content/rules/Blinkeye.ch.xml
+++ b/src/chrome/content/rules/Blinkeye.ch.xml
@@ -1,9 +1,9 @@
 <ruleset name="blinkeye.ch" default_off="self-signed">
 
 	<target host="blinkeye.ch"/>
-	<target host="*.blinkeye.ch"/>
+	<target host="www.blinkeye.ch" />
 
-	<securecookie host="^(?:.*\.)?blinkeye\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?blinkeye\.ch/"
 		to="https://blinkeye.ch/dokuwiki/doku.php"/>
diff --git a/src/chrome/content/rules/Blip.xml b/src/chrome/content/rules/Blip.xml
deleted file mode 100644
index f5b8f40caebc..000000000000
--- a/src/chrome/content/rules/Blip.xml
+++ /dev/null
@@ -1,83 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://a.blip.tv/images/blank.gif => https://as.blip.tv/images/blank.gif: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://a.blip.tv/skin/smooth/images/icon-search.png => https://as.blip.tv/skin/smooth/images/icon-search.png: (7, 'Failed to connect to as.blip.tv port 443: Network is unreachable')
-Fetch error: http://0.i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&w=270&h=152&fmt=jpg => https://i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&w=270&h=152&fmt=jpg: (7, 'Failed to connect to i.blip.tv port 443: Network is unreachable')
-Fetch error: https://0.i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&w=270&h=152&fmt=jpg => https://i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&w=270&h=152&fmt=jpg: (7, 'Failed to connect to i.blip.tv port 443: Network is unreachable')
-Fetch error: http://i.blip.tv/ => https://i.blip.tv/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://as.blip.tv/ => https://as.blip.tv/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://press.blip.tv/ => https://press.blip.tv/: (7, 'Failed to connect to press.blip.tv port 443: Network is unreachable')
-Fetch error: http://theblog.blip.tv/ => https://theblog.blip.tv/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://a.blip.tv/ => https://as.blip.tv/: (7, 'Failed to connect to as.blip.tv port 443: Network is unreachable')
-
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Tumblr
-
-
-	Problematic subdomains:
-
-		- a	(times out)
-		- \d.i *
-
-	* Dropped
-
-
-	Mixed content:
-
-		- css on ^ from a.blip.tv *
-		- Images on ^ from a.blip.tv *
-
-		- Bugs, on:
-
-			- ^ from pixel.quantserve.com *
-			- ^ from b.scorecardresearch.com *
-
-	* Secured by us
-
--->
-<ruleset name="Blip.tv (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
-
-<!--	Direct rewrites:
-			-->
-  <target host="blip.tv" />
-	<target host="i.blip.tv" />
-	<target host="as.blip.tv" />
-	<target host="press.blip.tv" />
-	<target host="theblog.blip.tv" />
-  <target host="www.blip.tv" />
-
-<!--	Complications:
-			-->
-  <target host="a.blip.tv" />
-	<target host="*.i.blip.tv" />
-
-		<test url="http://a.blip.tv/images/blank.gif" />
-		<test url="http://a.blip.tv/skin/smooth/images/icon-search.png" />
-
-		<test url="http://0.i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&amp;w=270&amp;h=152&amp;fmt=jpg" />
-		<test url="https://0.i.blip.tv/g?src=Therockoffice-TheRockOfficePresentsBluesTraveler559-428.jpg&amp;w=270&amp;h=152&amp;fmt=jpg" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.blip\.tv$" name="^__qca$" /-->
-
-  <securecookie host="^(?:.*\.)?blip\.tv$" name=".+" />
-
-
-	<rule from="^http://a\.blip\.tv/"
-		to="https://as.blip.tv/" />
-
-	<!--	s? for protocol-relative links:
-						-->
-	<rule from="^https?://\d\.i\.blip\.tv/"
-		to="https://i.blip.tv/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BlockExplorer.nu.xml b/src/chrome/content/rules/BlockExplorer.nu.xml
index a2744a303d1d..49d45b5cbd06 100644
--- a/src/chrome/content/rules/BlockExplorer.nu.xml
+++ b/src/chrome/content/rules/BlockExplorer.nu.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.blockexplorer.nu/ => https://www.blockexplorer.nu/: (7,
 		- .blockexplorer.nu
 
 -->
-<ruleset name="BlockExplorer.nu" default_off='failed ruleset test'>
+<ruleset name="BlockExplorer.nu" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Blocket.se.xml b/src/chrome/content/rules/Blocket.se.xml
index 9a57fab7e825..adcccb1be143 100644
--- a/src/chrome/content/rules/Blocket.se.xml
+++ b/src/chrome/content/rules/Blocket.se.xml
@@ -2,7 +2,6 @@
 	Other Blocket rulesets:
 
 		- Blocket.com.xml
-		- Blockets_Annonswebb.se.xml
 
 
 	^blocket.se:	Mismatched
diff --git a/src/chrome/content/rules/Blockets_Annonswebb.se.xml b/src/chrome/content/rules/Blockets_Annonswebb.se.xml
deleted file mode 100644
index b0872ad49fbd..000000000000
--- a/src/chrome/content/rules/Blockets_Annonswebb.se.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Blocket coverage, see Blocket.se.xml.
-
--->
-<ruleset name="Blockets Annonswebb.se">
-
-	<target host="blocketsannonswebb.se" />
-	<target host="www.blocketsannonswebb.se" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blockr.io.xml b/src/chrome/content/rules/Blockr.io.xml
deleted file mode 100644
index 18a8ad985c8a..000000000000
--- a/src/chrome/content/rules/Blockr.io.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .blockr.io
-
--->
-<ruleset name="Blockr.io">
-  <target host="blockr.io" />
-  <target host="*.blockr.io" />
-
-		<test url="http://btc.blockr.io/" />
-		<test url="http://www.blockr.io/" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.blockr\.io$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.blockr\.io$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blog.ir.xml b/src/chrome/content/rules/Blog.ir.xml
new file mode 100644
index 000000000000..432cbde07919
--- /dev/null
+++ b/src/chrome/content/rules/Blog.ir.xml
@@ -0,0 +1,15 @@
+<!--
+	Wildcard certificate and DNS:
+		- blog.ir
+-->
+
+<ruleset name="Blog.ir">
+	<target host="blog.ir" />
+	<target host="*.blog.ir" />
+		<test url="http://drhatami.blog.ir/" />
+		<test url="http://pajhoohe.blog.ir/" />
+		<test url="http://zakros.blog.ir/" />
+
+	<rule from="^http://([\w-]+\.)?blog\.ir/"
+		to="https://$1blog.ir/" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlogCatalog.xml b/src/chrome/content/rules/BlogCatalog.xml
index da3c2958d459..cbe5aba34462 100644
--- a/src/chrome/content/rules/BlogCatalog.xml
+++ b/src/chrome/content/rules/BlogCatalog.xml
@@ -9,18 +9,18 @@ Fetch error: http://blogcatalog.com/ => https://blogcatalog.com/: Cycle detected
 <ruleset name="BlogCatalog">
 
 	<target host="blogcatalog.com" />
-	<target host="*.blogcatalog.com" />
+	<target host="www.blogcatalog.com" />
+	<target host="stats.blogcatalog.com" />
 
 
 	<securecookie host="^(?:www\.)?blogcatalog\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?blogcatalog\.com/"
-		to="https://$1blogcatalog.com/" />
 
 	<!--	Cert doesn't match.
 					-->
 	<rule from="^http://stats\.blogcatalog\.com/"
 		to="https://win.staticstuff.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BlogGeek.me.xml b/src/chrome/content/rules/BlogGeek.me.xml
index 43c2a2e6675b..d35dcd134060 100644
--- a/src/chrome/content/rules/BlogGeek.me.xml
+++ b/src/chrome/content/rules/BlogGeek.me.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.bloggeek.me/ => https://www.bloggeek.me/: Too many redir
 		- .bloggeek.me
 
 -->
-<ruleset name="BlogGeek.me" default_off='failed ruleset test'>
+<ruleset name="BlogGeek.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BloggingTheology.com.xml b/src/chrome/content/rules/BloggingTheology.com.xml
new file mode 100644
index 000000000000..e491a9931138
--- /dev/null
+++ b/src/chrome/content/rules/BloggingTheology.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="BloggingTheology.com">
+	<target host="bloggingtheology.com" />
+	<target host="www.bloggingtheology.com" />
+
+	<target host="bloggingtheology2.com" />
+	<target host="www.bloggingtheology2.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blogmint.com.xml b/src/chrome/content/rules/Blogmint.com.xml
deleted file mode 100644
index f00aaf81d5c9..000000000000
--- a/src/chrome/content/rules/Blogmint.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Blogmint.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="blogmint.com" />
-	<target host="www.blogmint.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Blogo.xml b/src/chrome/content/rules/Blogo.xml
index b2ebe0480784..5205e2d6e4d1 100644
--- a/src/chrome/content/rules/Blogo.xml
+++ b/src/chrome/content/rules/Blogo.xml
@@ -1,49 +1,14 @@
 <!--
-	CDN buckets:
+	Non-functional hosts:
+		Timeout:
+		- s.blogo.it
 
-		- d2ofxhm151efeq.cloudfront.net
-
-			- static-q
-
-		- d2vgi5skuln6ia.cloudfront.net
-
-			- static
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- s *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- static-a	(dropped)
-
-
-	Fully covered subdomains:
-
-		- static	(→ d2vgi5skuln6ia.cloudfront.net)
-		- static-a	(→ d2vgi5skuln6ia.cloudfront.net)
-		- static-q	(→ d2ofxhm151efeq.cloudfront.net)
+		Certificate mismatched:
+		- static-a.blogo.it
 
 -->
 <ruleset name="blogo (partial)">
+	<target host="static-q.blogo.it" />
 
-	<target host="*.blogo.it" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^(?:www)?\.blogo\.it$" name="^__utm\w$" />
-
-
-	<rule from="^http://static(?:-a)?\.blogo\.it/"
-		to="https://d2vgi5skuln6ia.cloudfront.net/" />
-
-	<rule from="^http://static-q\.blogo\.it/"
-		to="https://d2ofxhm151efeq.cloudfront.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Blogto.com.xml b/src/chrome/content/rules/Blogto.com.xml
new file mode 100644
index 000000000000..60ffc27d42ae
--- /dev/null
+++ b/src/chrome/content/rules/Blogto.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Blogto.com">
+	<target host="blogto.com" />
+	<target host="www.blogto.com" />
+	<target host="api.blogto.com" />
+	<target host="media.blogto.com" />
+	<target host="patios.blogto.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Blogtrottr.com.xml b/src/chrome/content/rules/Blogtrottr.com.xml
index 0930af15a08d..3e155627af26 100644
--- a/src/chrome/content/rules/Blogtrottr.com.xml
+++ b/src/chrome/content/rules/Blogtrottr.com.xml
@@ -1,13 +1,30 @@
 <!--
-	Connection closed:
-	- blog.blogtrottr.com
+	Invalid certificate:
+	- li.blogtrottr.com, equivalent to p.liadm.com
+
+	Incomplete certificate chain:
+	- prtg.blogtrottr.com
 -->
 
 <ruleset name="Blogtrottr.com">
 	<target host="blogtrottr.com" />
 	<target host="www.blogtrottr.com" />
+	<target host="api.blogtrottr.com" />
+	<target host="api-test.blogtrottr.com" />
+	<target host="beta.blogtrottr.com" />
+	<target host="blog.blogtrottr.com" />
+	<target host="lb.blogtrottr.com" />
+	<target host="li.blogtrottr.com" />
+	<target host="preview.blogtrottr.com" />
+	<target host="staging.blogtrottr.com" />
 	<target host="static.blogtrottr.com" />
+	<target host="static-test.blogtrottr.com" />
 	<target host="support.blogtrottr.com" />
+	<target host="web-test.blogtrottr.com" />
+
+	<rule from="^http://li\.blogtrottr\.com/"
+		to="https://p.liadm.com/" />
+		<test url="http://li.blogtrottr.com/click" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bloo.ie.xml b/src/chrome/content/rules/Bloo.ie.xml
index 5e44ba455b17..be19a08ee096 100644
--- a/src/chrome/content/rules/Bloo.ie.xml
+++ b/src/chrome/content/rules/Bloo.ie.xml
@@ -11,10 +11,12 @@ Fetch error: http://bloo.ie/ => https://bloo.ie/: (6, 'Could not resolve host: b
 		- .bloo.ie
 
 -->
-<ruleset name="Bloo.ie" default_off='failed ruleset test'>
+<ruleset name="Bloo.ie" default_off="failed ruleset test">
 
 	<target host="bloo.ie" />
-	<target host="*.bloo.ie" />
+	<target host="auth.bloo.ie" />
+	<target host="client.bloo.ie" />
+	<target host="www.bloo.ie" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/BloodWatch.org.xml b/src/chrome/content/rules/BloodWatch.org.xml
new file mode 100644
index 000000000000..50796c7e24ce
--- /dev/null
+++ b/src/chrome/content/rules/BloodWatch.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="BloodWatch.org">
+	<target host="bloodwatch.org" />
+	<target host="www.bloodwatch.org" />
+	<target host="autodiscover.bloodwatch.org" />
+	<target host="cpanel.bloodwatch.org" />
+	<target host="mail.bloodwatch.org" />
+	<target host="webdisk.bloodwatch.org" />
+	<target host="webmail.bloodwatch.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bloodhound_Gang.com.xml b/src/chrome/content/rules/Bloodhound_Gang.com.xml
index 9620cf8036c6..4e6922e494b8 100644
--- a/src/chrome/content/rules/Bloodhound_Gang.com.xml
+++ b/src/chrome/content/rules/Bloodhound_Gang.com.xml
@@ -8,10 +8,12 @@ Fetch error: http://bloodhoundgang.com/ => https://www.bloodhoundgang.com/: (51,
 		- ^	(expired 2009-12-11)
 
 -->
-<ruleset name="Bloodhound Gang.com" default_off='failed ruleset test'>
+<ruleset name="Bloodhound Gang.com" default_off="failed ruleset test">
 
 	<target host="bloodhoundgang.com" />
-	<target host="*.bloodhoundgang.com" />
+	<target host="www.bloodhoundgang.com" />
+	<target host="stufftobuy.bloodhoundgang.com" />
+	<target host="www.stufftobuy.bloodhoundgang.com" />
 
 
 	<securecookie host="^\.(?:stufftobuy\.)?bloodhoundgang\.com$" name=".+" />
@@ -20,7 +22,6 @@ Fetch error: http://bloodhoundgang.com/ => https://www.bloodhoundgang.com/: (51,
 	<rule from="^http://(?:www\.)?bloodhoundgang\.com/"
 		to="https://www.bloodhoundgang.com/" />
 
-	<rule from="^http://(www\.)?stufftobuy\.bloodhoundgang\.com/"
-		to="https://$1stufftobuy.bloodhoundgang.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bloomberg.com-problematic.xml b/src/chrome/content/rules/Bloomberg.com-problematic.xml
deleted file mode 100644
index a79fb324d726..000000000000
--- a/src/chrome/content/rules/Bloomberg.com-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Bloomberg.xml.
-
--->
-<ruleset name="Bloomberg.com (problematic)" default_off="mismatched">
-
-	<target host="cdn.videos.bloomberg.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bloomberg.net.xml b/src/chrome/content/rules/Bloomberg.net.xml
index bd1e05672e39..cbb013d42764 100644
--- a/src/chrome/content/rules/Bloomberg.net.xml
+++ b/src/chrome/content/rules/Bloomberg.net.xml
@@ -17,7 +17,7 @@ Fetch error: http://nybba2csg.bloomberg.net/ => https://nybba2csg.bloomberg.net/
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Bloomberg.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Bloomberg.net (partial)" default_off="failed ruleset test">
 
 	<target host="bba.bloomberg.net" />
 	<target host="njbba2csg.bloomberg.net" />
diff --git a/src/chrome/content/rules/Bloomberg.xml b/src/chrome/content/rules/Bloomberg.xml
index e024e46e11d0..89d96b878b43 100644
--- a/src/chrome/content/rules/Bloomberg.xml
+++ b/src/chrome/content/rules/Bloomberg.xml
@@ -1,127 +1,49 @@
 <!--
-	For problematic rules, see Bloomberg.com-problematic.xml.
-
-
-	Other Bloomberg rulesets:
-
-		- bbthat.com.xml
-		- Bloomberg.net.xml
-		- Bloomberg_Sports.com.xml
-		- BusinessWeek.com.xml
-		- Bwbx.io.xml
-		- Gotraffic.net.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/bloomberg.com/
-		- cdn.video.http.2.bloomberg.com.edgesuite.net
-		- www.bloomberg.com.edgesuite.net
-		- static.btrd.net.edgesuite.net
-
-
-	Problematic hosts in *bloomberg.com:
-
-		- jobs *
-		- origin-www ˣ
-		- cdn.videos	(akamai pointing to cloudfront)
-		- www ˣ
-
-	* Jobs2Web / mismatched
-	ˣ Mixed iframe, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
-
-	Nonfunctional domains:
-
-		- bloomberg.com subdomains:
-
-			- about *
-			- quote *
-			- washpost	(refused)
-
-		- static.btrd.net		(shows bx.businessweek.com, akamai)
-
-	* Dropped
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .bloomberg.com
-		- login.bloomberg.com
-		- m.bloomberg.com
-		- origin-www.bloomberg.com
-		- www.bloomberg.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- iframe on origin-www, www from www.bloomberg.com
-		- Images on origin-www, www from assets.bwbx.io ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+	Other Bloomberg related rulesets:
+		+ bbthat.com.xml
+		+ Bloomberg.net.xml
+		+ Bloomberg_Sports.com.xml
+		+ Bwbx.io.xml
+		+ Gotraffic.net.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- about.bloomberg.com
+
+		SSL connect error:
+		- jpmobile.bloomberg.com
+
+		SSL peer certificate was not OK:
+		- b.bloomberg.com
+		- cdn.videos.bloomberg.com
 -->
 <ruleset name="Bloomberg.com (partial)">
-
 	<target host="bloomberg.com" />
+	<target host="www.bloomberg.com" />
+	<target host="api.bloomberg.com" />
+	<test url="http://api.bloomberg.com/syndication/newsml/v12/news/P6XMSU6KLVRB" />
+	<target host="assist.bloomberg.com" />
+	<target host="bba.bloomberg.com" />
+	<target host="blinks.bloomberg.com" />
+	<target host="bsym.bloomberg.com" />
 	<target host="careers.bloomberg.com" />
+	<target host="cdn-mobapi.bloomberg.com" />
+	<target host="chartmaker.bloomberg.com" />
+	<target host="console.bloomberg.com" />
+	<target host="go.bloomberg.com" />
+	<target host="jobs.bloomberg.com" />
+	<target host="lei.bloomberg.com" />
 	<target host="login.bloomberg.com" />
+	<test url="http://www.bloomberg.com/account/signin" />
+	<target host="m.bloomberg.com" />
+	<target host="mediasource.bloomberg.com" />
 	<target host="nav.bloomberg.com" />
-	<target host="origin-www.bloomberg.com" />
+	<test url="http://nav.bloomberg.com/public/images/ad_choices-62a535e263.png" />
+	<target host="personalization.bloomberg.com" />
 	<target host="service.bloomberg.com" />
-	<target host="www.bloomberg.com" />
-
-		<!--	504:
-						-->
-		<!--exclusion pattern="^http://www\.bloomberg\.com/(?:company$|notices/(?:help|privacy)/$|professional/bcom-demo/$)" /-->
-		<!--
-			Mixed iframe:
-						-->
-		<!--exclusion pattern="^http://origin-www\.bloomberg\.com/$" /-->
-		<!--exclusion pattern="^http://www\.bloomberg\.com/europe$" /-->
-		<!--
-			Exceptions:
-						-->
-		<exclusion pattern="^http://(?:origin-www\.|www\.)?bloomberg\.com/(?!/*(?:news|view)/articles/\d{4}-\d\d-\d\d/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.bloomberg.com/company/" />
-			<test url="http://www.bloomberg.com/europe" />
-			<test url="http://www.bloomberg.com/markets/components/data-drawer?linksType=nav" /><!--	said mixed iframe -->
-			<test url="http://www.bloomberg.com/notices/help/" />
-			<test url="http://www.bloomberg.com/notices/privacy/" />
-			<test url="http://www.bloomberg.com/professional/bcom-demo/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://bloomberg.com/view/articles/2016-06-10/economics-struggles-to-cope-with-reality" />
-			<test url="http://origin-www.bloomberg.com/news/articles/2016-06-15/opec-turmoil-could-turn-iea-s-balanced-market-into-shortfall" /><!--	mixed image -->
-			<test url="http://www.bloomberg.com/news/articles/2016-06-14/sweden-lashes-out-at-opportunist-cameron-as-brexit-risks-rise" /><!--	mixed image -->
-
-		<!--	$ 404s, so:
-					-->
-		<test url="http://nav.bloomberg.com/public/images/ad_choices-62a535e263.png" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.bloomberg\.com$" name="^force_re_auth$" /-->
-	<!--securecookie host="^careers\.bloomberg\.com$" name="^(l|SRV)$" /-->
-	<!--securecookie host="^jobs\.bloomberg\.com$" name="^(JSESSIONID|PERSIST)$" /-->
-	<!--securecookie host="^login\.bloomberg\.com$" name="^(?:_registration_session|SRV2?)$" /-->
-	<!--securecookie host="^m\.bloomberg\.com$" name="^SRV$" /-->
-	<!--securecookie host="^origin-www\.bloomberg\.com$" name="^(?:__uzm[abcd]|SRV)$" /-->
-	<!--securecookie host="^service\.bloomberg\.com$" name="^(SRV|locale|session)$" /-->
-	<!--securecookie host="^www\.bloomberg\.com$" name="^(?:__uzm[abcd]|ak_co|ak_rg)$" /-->
-
-	<securecookie host="^\." name="^optimizely" />
-	<securecookie host="^(?:careers|service)\.bloomberg\.com$" name=".+" />
-
+	<target host="tracking.bloomberg.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bloomberg_Sports.com.xml b/src/chrome/content/rules/Bloomberg_Sports.com.xml
index a064c124bc45..0852b7ecfed6 100644
--- a/src/chrome/content/rules/Bloomberg_Sports.com.xml
+++ b/src/chrome/content/rules/Bloomberg_Sports.com.xml
@@ -9,10 +9,10 @@ Fetch error: http://bloombergsports.com/ => https://www.bloombergsports.com/: (7
 	^: self-signed
 
 -->
-<ruleset name="Bloomberg Sports.com" default_off='failed ruleset test'>
+<ruleset name="Bloomberg Sports.com" default_off="failed ruleset test">
 
 	<target host="bloombergsports.com" />
-	<target host="*.bloombergsports.com" />
+	<target host="www.bloombergsports.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Blot.im.xml b/src/chrome/content/rules/Blot.im.xml
index 3df44e3aa26a..c4619fbea9ca 100644
--- a/src/chrome/content/rules/Blot.im.xml
+++ b/src/chrome/content/rules/Blot.im.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.blot.im/ => https://www.blot.im/: (51, "SSL: no alternative certificate subject name matches target host name 'www.blot.im'")
 
 -->
-<ruleset name="Blot.im" default_off='failed ruleset test'>
+<ruleset name="Blot.im" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Blue-Movie.xml b/src/chrome/content/rules/Blue-Movie.xml
index f87a8e6193f7..fceb671de9a0 100644
--- a/src/chrome/content/rules/Blue-Movie.xml
+++ b/src/chrome/content/rules/Blue-Movie.xml
@@ -12,7 +12,7 @@ Fetch error: http://bluemovie.eu/ => https://www.bluemovie.eu/: (60, 'SSL certif
 	^bluemovie.eu: Cert only matches www
 
 -->
-<ruleset name="Blue Movie (partial)" default_off='failed ruleset test'>
+<ruleset name="Blue Movie (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BlueCava.com.xml b/src/chrome/content/rules/BlueCava.com.xml
new file mode 100644
index 000000000000..e6f2cc504fe0
--- /dev/null
+++ b/src/chrome/content/rules/BlueCava.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		Expired:
+		- preferences.bluecava.com
+-->
+<ruleset name="BlueCava.com">
+	<target host="bluecava.com" />
+	<target host="www.bluecava.com" />
+	<target host="clients.bluecava.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BlueCava.xml b/src/chrome/content/rules/BlueCava.xml
deleted file mode 100644
index 166f84b4a703..000000000000
--- a/src/chrome/content/rules/BlueCava.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://bcpd.x7y24z365.com/ => https://bcpd.x7y24z365.com/: (28, 'Connection timed out after 20000 milliseconds')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://bcpd.x7y24z365.com/ => https://bcpd.x7y24z365.com/: (60, 'SSL certificate problem: certificate has expired')
-	Problematic subdomains:
-
-		- preferences	(seems identical to bcpd; mismatched, CN: bcpd.x7y24z365.com)
-		- status	(works; mismatched, CN: bcpd.x7y24z365.com)
-
-
-	Fully covered domains:
-
-		- bluecava.com subdomains:
-
-			- (www.)
-			- clients	(web bugs)
-			- vpn.corp
-			- ds
-			- insight
-			- lookup
-			- platform
-			- preferences	(→ bcpd.x7y24z365.com)
-			- transfer
-
-		- bcpd.x7y24z365.com
-
--->
-<ruleset name="BlueCava (partial)" default_off='failed ruleset test'>
-
-	<target host="bluecava.com" />
-	<target host="*.bluecava.com" />
-	<target host="bcpd.x7y24z365.com" />
-
-
-	<!--	Tracking cookies set by clients:
-							-->
-	<securecookie host="^\.bluecava\.com$" name="^(?:d|e|g|machine|s)$" />
-	<securecookie host="^(?:vpn\.corp|transfer)\.bluecava\.com$" name=".+" />
-
-
-	<rule from="^http://((?:clients|vpn\.corp|ds|insight|lookup|platform|transfer|www)\.)?bluecava\.com/"
-		to="https://$1bluecava.com/" />
-
-	<rule from="^http://(?:preferences\.bluecava|bcpd\.x7y24z365)\.com/"
-		to="https://bcpd.x7y24z365.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BlueCoat.xml b/src/chrome/content/rules/BlueCoat.xml
index 88c893a9364c..ea8a9b9ae327 100644
--- a/src/chrome/content/rules/BlueCoat.xml
+++ b/src/chrome/content/rules/BlueCoat.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bluecoat.com/ => https://bluecoat.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="BlueCoat.com" default_off='failed ruleset test'>
+<ruleset name="BlueCoat.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BlueKrypt.be.xml b/src/chrome/content/rules/BlueKrypt.be.xml
new file mode 100644
index 000000000000..9b7098ebf81d
--- /dev/null
+++ b/src/chrome/content/rules/BlueKrypt.be.xml
@@ -0,0 +1,12 @@
+<ruleset name="BlueKrypt.be">
+
+	<target host="bluekrypt.be" />
+	<target host="www.bluekrypt.be" />
+
+
+	<!--	Redirects like so:
+					-->
+	<rule from="^http://(?:www\.)?bluekrypt\.be/[^?]*"
+		to="https://www.bluekrypt.com/fr/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BlueKrypt.com.xml b/src/chrome/content/rules/BlueKrypt.com.xml
deleted file mode 100644
index b22fafc69c46..000000000000
--- a/src/chrome/content/rules/BlueKrypt.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="BlueKrypt.com">
-
-	<target host="bluekrypt.be" />
-	<target host="www.bluekrypt.be" />
-	<target host="bluekrypt.com" />
-	<target host="www.bluekrypt.com" />
-
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://(?:www\.)?bluekrypt\.be/[^?]*"
-		to="https://www.bluekrypt.com/fr/" />
-
-	<rule from="^http://(www\.)?bluekrypt\.com/"
-		to="https://$1bluekrypt.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BluePoint.com.ph.xml b/src/chrome/content/rules/BluePoint.com.ph.xml
deleted file mode 100644
index d4c2568147be..000000000000
--- a/src/chrome/content/rules/BluePoint.com.ph.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - bluepoint.com.ph
-			 - www.bluepoint.com.ph
-			 - linuxday.bluepoint.com.ph
-			 - sfd.bluepoint.com.ph
--->
-<ruleset name="BluePoint.com.ph (partial)">
-	<target host="mail.bluepoint.com.ph" />
-
-	<securecookie host="^mail\.bluepoint\.com\.ph$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BlueSnap.com.xml b/src/chrome/content/rules/BlueSnap.com.xml
index c729bac8e7ed..2aeb49c0556a 100644
--- a/src/chrome/content/rules/BlueSnap.com.xml
+++ b/src/chrome/content/rules/BlueSnap.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other BlueSnap rulesets:
 
-		- Plimus.com.xml
 
 
 	Nonfunctional subdomains:
diff --git a/src/chrome/content/rules/Blue_Jeans.com.xml b/src/chrome/content/rules/Blue_Jeans.com.xml
index f830dcf9b2f3..fd8f3a496a9e 100644
--- a/src/chrome/content/rules/Blue_Jeans.com.xml
+++ b/src/chrome/content/rules/Blue_Jeans.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://community.bluejeans.com/ => https://community.bluejeans.com/
 		- .bluejeans.com
 
 -->
-<ruleset name="Blue Jeans.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Blue Jeans.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Blue_Man_Ticketing.xml b/src/chrome/content/rules/Blue_Man_Ticketing.xml
deleted file mode 100644
index 692b500e3c81..000000000000
--- a/src/chrome/content/rules/Blue_Man_Ticketing.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: mismatched
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Blue Man Ticketing (partial)">
-
-	<target host="bluemanticketing.com" />
-	<target host="www.bluemanticketing.com" />
-
-
-	<rule from="^http://(?:www\.)?bluemanticketing\.com/(buy/|get-show-dates/|myticketbooth/themes/)"
-		to="https://www.bluemanticketing.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bluechip.xml b/src/chrome/content/rules/Bluechip.xml
index 2ffeac368350..8d373a80f659 100644
--- a/src/chrome/content/rules/Bluechip.xml
+++ b/src/chrome/content/rules/Bluechip.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.bluechip.hu/ => https://www.bluechip.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Bluechip (mixedcontent)" default_off='failed ruleset test'>
+<ruleset name="Bluechip (mixedcontent)" default_off="failed ruleset test">
 	<!-- Cert: www.bluechip.hu -->
 	<target host="www.bluechip.hu" />
 
diff --git a/src/chrome/content/rules/Bluefly.xml b/src/chrome/content/rules/Bluefly.xml
deleted file mode 100644
index 6b0dbd12a55b..000000000000
--- a/src/chrome/content/rules/Bluefly.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- cdn.media	(404)
-
--->
-<ruleset name="Bluefly (partial)">
-
-	<target host="*.bluefly.com" />
-
-
-	<rule from="^http://(?:cdn\.)?media\.bluefly\.com/"
-		to="https://media.bluefly.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bluehost.xml b/src/chrome/content/rules/Bluehost.xml
index 7f5c7336b766..a9ffc8dcbf32 100644
--- a/src/chrome/content/rules/Bluehost.xml
+++ b/src/chrome/content/rules/Bluehost.xml
@@ -48,7 +48,7 @@
 
 	<rule from="^http://(www|box\d+|br|helpdesk|cloud|login|my|secure|tutorials)\.bluehost\.com/"
 		to="https://$1.bluehost.com/" />
-		
+
 	<rule from="^http://bluehost\.com/"
 		to="https://bluehost.com/" />
 
diff --git a/src/chrome/content/rules/Bluehosting.pl.xml b/src/chrome/content/rules/Bluehosting.pl.xml
index ee153569fd6b..1e16c52787fe 100644
--- a/src/chrome/content/rules/Bluehosting.pl.xml
+++ b/src/chrome/content/rules/Bluehosting.pl.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://([\w-]+\.)?bho\.pl/"
 		to="https://$1bho.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bluerazor.com.xml b/src/chrome/content/rules/Bluerazor.com.xml
new file mode 100644
index 000000000000..bd2aff26b1a3
--- /dev/null
+++ b/src/chrome/content/rules/Bluerazor.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Expired certificate:
+		- help.bluerazor.com
+-->
+
+<ruleset name="Bluerazor.com">
+	<target host="bluerazor.com" />
+	<target host="www.bluerazor.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bluetooth.org.xml b/src/chrome/content/rules/Bluetooth.org.xml
deleted file mode 100644
index cf35bf35ba8c..000000000000
--- a/src/chrome/content/rules/Bluetooth.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Plaintext reply
-
-
-	Fully covered hosts in *bluetooth.org:
-
-		- (www.)?
-		- developer
-
--->
-<ruleset name="Bluetooth.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bluetooth.org" />
-	<target host="developer.bluetooth.org" />
-	<target host="www.bluetooth.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bluewin-HostCenter.xml b/src/chrome/content/rules/Bluewin-HostCenter.xml
index 6d444cd0f629..b353c0c919c9 100644
--- a/src/chrome/content/rules/Bluewin-HostCenter.xml
+++ b/src/chrome/content/rules/Bluewin-HostCenter.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.hostcenter.com/ => https://www.hostcenter.com/: (60, 'SS
 	For other Swisscom coverage, see Swisscom.ch.xml.
 
 -->
-<ruleset name="HostCenter.com" default_off='failed ruleset test'>
+<ruleset name="HostCenter.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bluewin.ch.xml b/src/chrome/content/rules/Bluewin.ch.xml
index 073e9ae60a4e..389aac5be0b1 100644
--- a/src/chrome/content/rules/Bluewin.ch.xml
+++ b/src/chrome/content/rules/Bluewin.ch.xml
@@ -31,7 +31,7 @@ Fetch error: http://xtrazone.sso.bluewin.ch/ => https://xtrazone.sso.bluewin.ch/
 			- rich
 
 -->
-<ruleset name="Bluewin.ch (partial)" default_off='failed ruleset test'>
+<ruleset name="Bluewin.ch (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Blumenthals.xml b/src/chrome/content/rules/Blumenthals.xml
index 3a395003dc1f..7aeee3c6fc7e 100644
--- a/src/chrome/content/rules/Blumenthals.xml
+++ b/src/chrome/content/rules/Blumenthals.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Blutmagie.de.xml b/src/chrome/content/rules/Blutmagie.de.xml
index 9c30cdf46b58..4386dc9318a4 100644
--- a/src/chrome/content/rules/Blutmagie.de.xml
+++ b/src/chrome/content/rules/Blutmagie.de.xml
@@ -32,4 +32,4 @@
 	<rule from="^http://torstatus\.blutmagie\.de/"
 		to="https://torstatus.blutmagie.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bmmetrix.com.xml b/src/chrome/content/rules/Bmmetrix.com.xml
index 96835a1ed8c6..99af0437230a 100644
--- a/src/chrome/content/rules/Bmmetrix.com.xml
+++ b/src/chrome/content/rules/Bmmetrix.com.xml
@@ -30,16 +30,17 @@
 <ruleset name="Bmmetrix.com (partial)">
 
 	<target host="bmmetrix.com" />
-	<target host="*.bmmetrix.com" />
+	<target host="ie-stat.bmmetrix.com" />
+	<target host="t.bmmetrix.com" />
+	<target host="www.bmmetrix.com" />
 
 
 	<securecookie host=".+\.bmmetrix\.com$" name=".+" />
 
 
-	<rule from="^http://(ie-stat|t)\.bmmetrix\.com/"
-		to="https://$1.bmmetrix.com/" />
 
 	<rule from="^http://(?:www\.)?bmmetrix\.com/"
 		to="https://www.bmmetrix.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bnc4free.com-falsemixed.xml b/src/chrome/content/rules/Bnc4free.com-falsemixed.xml
index 75dc4f1a2fa0..9ae1604b1a26 100644
--- a/src/chrome/content/rules/Bnc4free.com-falsemixed.xml
+++ b/src/chrome/content/rules/Bnc4free.com-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://wiki.bnc4free.com/ => https://wiki.bnc4free.com/: (28, 'Conn
 	For rules not causing false/broken MCB, see Bnc4free.com.xml.
 
 -->
-<ruleset name="bnc4free.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="bnc4free.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bnc4free.com.xml b/src/chrome/content/rules/Bnc4free.com.xml
index 9134795df713..e099b88c5e77 100644
--- a/src/chrome/content/rules/Bnc4free.com.xml
+++ b/src/chrome/content/rules/Bnc4free.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.bnc4free.com/ => https://www.bnc4free.com/: (35, 'error:
 	* Secured by us
 
 -->
-<ruleset name="bnc4free.com (partial)" default_off='failed ruleset test'>
+<ruleset name="bnc4free.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bnotk.de.xml b/src/chrome/content/rules/Bnotk.de.xml
new file mode 100644
index 000000000000..dce03bf7acb5
--- /dev/null
+++ b/src/chrome/content/rules/Bnotk.de.xml
@@ -0,0 +1,86 @@
+<!--
+	Invalid certificate:
+		- bnotk.de
+		- www.bea.bnotk.de
+		- ben-onlinehilfe.bnotk.de
+		- ben-onlinehilfe-beteiligter.bnotk.de
+		- bensbk-onlinehilfe.bnotk.de
+		- bensbk-onlinehilfe-beteiligter.bnotk.de
+		- fax.bnotk.de
+		- sbk-onlinehilfe.bnotk.de
+		- sbk-onlinehilfe-beteiligter.bnotk.de
+		- zertifikatetest.bnotk.de
+		- zs.bnotk.de
+
+	Non-2xx HTTP code:
+		- nvdemo.bnotk.de
+
+	Refused:
+		- dnotitest.bnotk.de
+		- ena.bnotk.de
+		- enatest.bnotk.de
+		- intern.bnotk.de
+		- portal.bnotk.de
+		- um.bnotk.de
+		- wcms.bnotk.de
+		- webservice.bnotk.de
+		- xkrdemo.bnotk.de
+
+	Timeout:
+		- www.artifactorytest.bnotk.de
+		- eisothuo.bnotk.de
+		- groupware.bnotk.de
+		- groupwaretest.bnotk.de
+		- smtp-bulk.bnotk.de
+		- vpn.bnotk.de
+		- vpn-itp.bnotk.de
+		- web-04.bnotk.de
+		- zm-mb3.bnotk.de
+		- zm-prx1.bnotk.de
+		- zm-prx2.bnotk.de
+		- ratest.za.bnotk.de
+		- tesstest.za.bnotk.de
+-->
+<ruleset name="Bnotk.de">
+	<!-- German Civil Law Notaries -->
+
+	<target host="www.bnotk.de" />
+	<target host="anwenderinfo.bnotk.de" />
+	<target host="bea.bnotk.de" />
+	<target host="beatest.bnotk.de" />
+	<target host="ben.bnotk.de" />
+	<target host="cdn.bnotk.de" />
+	<target host="cert.bnotk.de" />
+	<target host="egvp.bnotk.de" />
+	<target host="eidtest.bnotk.de" />
+	<target host="epnetztest.bnotk.de" />
+	<target host="esb.bnotk.de" />
+	<target host="esbtest.bnotk.de" />
+	<target host="mail.bnotk.de" />
+	<target host="mailing.bnotk.de" />
+	<target host="mailnetztest.bnotk.de" />
+	<target host="nctest.bnotk.de" />
+	<target host="notarmail.bnotk.de" />
+	<target host="ocsp.bnotk.de" />
+	<target host="onlinehilfe.bnotk.de" />
+	<target host="progov-osci.bnotk.de" />
+	<target host="sbk.bnotk.de" />
+	<target host="sdv.bnotk.de" />
+	<target host="secure.bnotk.de" />
+	<target host="servicedesk.bnotk.de" />
+	<target host="statistics.bnotk.de" />
+	<target host="umfrage.bnotk.de" />
+	<target host="urkundenarchiv.bnotk.de" />
+	<target host="vas.bnotk.de" />
+	<target host="wartungsarbeiten.bnotk.de" />
+	<target host="wcms-preview.bnotk.de" />
+	<target host="webmail.bnotk.de" />
+	<target host="webservicetest.bnotk.de" />
+	<target host="zertifizierungsstelle.bnotk.de" />
+	<target host="ocsp.zs.bnotk.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/BoCA.gov.tw.xml b/src/chrome/content/rules/BoCA.gov.tw.xml
index f8beb5799076..00b5a782c6a2 100644
--- a/src/chrome/content/rules/BoCA.gov.tw.xml
+++ b/src/chrome/content/rules/BoCA.gov.tw.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.boca.gov.tw/ => https://www.boca.gov.tw/: (60, 'SSL cert
 	^: Mismatched
 
 -->
-<ruleset name="BoCA.gov.tw" default_off='failed ruleset test'>
+<ruleset name="BoCA.gov.tw" default_off="failed ruleset test">
 
 	<target host="boca.gov.tw" />
 	<target host="www.boca.gov.tw" />
diff --git a/src/chrome/content/rules/Boards.ie.xml b/src/chrome/content/rules/Boards.ie.xml
deleted file mode 100644
index 84539d079998..000000000000
--- a/src/chrome/content/rules/Boards.ie.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Problematic domains:
-
-		- b-static.net	(mismatched, CN: *.boards.ie)
-
-
-	Fully covered domains:
-
-		- b-static subdomains:
-
-			- ^		(→ c0)
-			- avatar
-			- c0
-
--->
-<ruleset name="Boards.ie (broken)" default_off="reported broken">
-
-	<target host="boards.ie" />
-	<target host="*.boards.ie" />
-	<target host="b-static.net" />
-	<target host="*.b-static.net" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?boards\.ie/"
-		to="https://$1boards.ie/" />
-
-	<rule from="^http://b-static\.net/"
-		to="https://c0.b-static.net/" />
-
-	<rule from="^http://(avatar|c0)\.b-static\.net/"
-		to="https://$1.b-static.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boathouse_Crew_Shop.xml b/src/chrome/content/rules/Boathouse_Crew_Shop.xml
index 35300acfe9c5..2e66c63ea8ce 100644
--- a/src/chrome/content/rules/Boathouse_Crew_Shop.xml
+++ b/src/chrome/content/rules/Boathouse_Crew_Shop.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.boathousecrewshop.com/ => https://www.boathousecrewshop.
 	Mixed images from photobucket
 
 -->
-<ruleset name="Boathouse Crew Shop" default_off='failed ruleset test'>
+<ruleset name="Boathouse Crew Shop" default_off="failed ruleset test">
 
 	<target host="boathousecrewshop.com" />
 	<target host="www.boathousecrewshop.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.boathousecrewshop.com/ => https://www.boathousecrewshop.
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Boba_Family.xml b/src/chrome/content/rules/Boba_Family.xml
index e84670487587..b0ffced0e93d 100644
--- a/src/chrome/content/rules/Boba_Family.xml
+++ b/src/chrome/content/rules/Boba_Family.xml
@@ -8,16 +8,16 @@ Fetch error: http://www.bobafamily.com/ => https://www.bobafamily.com/: (28, 'Co
 Disabled by https-everywhere-checker because:
 Fetch error: http://bobafamily.com/ => https://bobafamily.com/: (51, "SSL: no alternative certificate subject name matches target host name 'bobafamily.com'")
 -->
-<ruleset name="Boba Family" default_off='failed ruleset test'>
+<ruleset name="Boba Family" default_off="failed ruleset test">
 
 	<target host="bobafamily.com" />
 	<target host="store.bobafamily.com" />
 	<target host="www.bobafamily.com" />
 
 
-	<securecookie host="^(?:.*\.)?bobafamily\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bobcares.com.xml b/src/chrome/content/rules/Bobcares.com.xml
index 879b822b9d47..d88c1b0d42d0 100644
--- a/src/chrome/content/rules/Bobcares.com.xml
+++ b/src/chrome/content/rules/Bobcares.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://portal.bobcares.com/ => https://portal.bobcares.com/: (6, 'C
 	ˢ Secured by us
 
 -->
-<ruleset name="Bobcares.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bobcares.com (partial)" default_off="failed ruleset test">
 
 	<target host="bobcares.com" />
 	<target host="installations.bobcares.com" />
diff --git a/src/chrome/content/rules/Bodum.xml b/src/chrome/content/rules/Bodum.xml
index 3f2378c5d646..175f2d1d0cd0 100644
--- a/src/chrome/content/rules/Bodum.xml
+++ b/src/chrome/content/rules/Bodum.xml
@@ -2,7 +2,7 @@
   <target host="bodum.com" />
   <target host="www.bodum.com" />
 
-  <securecookie host="^(?:.+\.)?bodum\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/BodyBuilding.com.xml b/src/chrome/content/rules/BodyBuilding.com.xml
deleted file mode 100644
index ab03f8fe6061..000000000000
--- a/src/chrome/content/rules/BodyBuilding.com.xml
+++ /dev/null
@@ -1,73 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1qro4ibhgqt8c.cloudfront.net 
-			- imagecdn.bodybuilding.com
-
-	bodybuilding.com.112.2o7.net
-
-
-	Nonfunctional domains:
-
-		- bodyspace.bodybuilding.com *
-		- forum.bodybuilding.com
-		- my.bodybuilding.com		(times out)
-
-	* Redirects to http
-
-
-	Partially covered bodybuilding.com subdomains:
-
-		- (www.) *
-		- r[eosu] *
-		- s[abcegikmnortvz] *
-		- t[chjltwz] *
-		- u[ayz] *
-		- v[cgnu] *
-		- ws *
-		- ye *
-		- z[aw] *
-
-	*  Some (most?) pages redirect to http
-
-
-	Fully covered domains:
-
-		- common.bbcomcdn.com
-		- store.bbcomcdn.com
-
-		- bodybuilding.com subdomains:
-
-			- ad
-			- assets
-			- imagecdn	(→ d1qro4ibhgqt8c.cloudfront.net)
-			- n		(→ bodybuilding-com.112.2o7.net)
-			- s
-
--->
-<ruleset name="BodyBuilding.com (partial)">
-
-	<target host="*.bbcomcdn.com" />
-	<target host="*.bodybuilding.com" />
-		<exclusion pattern="^http://my\.bodybuilding\.com/" />
-
-
-	<securecookie host="^ad\.bodybuilding\.com$" name=".+" />
-
-
-	<rule from="^http://(common|store)\.bbcomcdn\.com/"
-		to="https://$1.bbcomcdn.com/" />
-
-	<rule from="^http://(\w{2}\.|www\.)?bodybuilding\.com/store/(account/|commerce/cart\.jsp|orderstatus\.htm)"
-		to="https://$1bodybuilding.com/store/$2" />
-
-	<rule from="^http://(ad|assets|s)\.bodybuilding\.com/"
-		to="https://$1.bodybuilding.com/" />
-
-	<rule from="^http://imagecdn\.bodybuilding\.com/"
-		to="https://d1qro4ibhgqt8c.cloudfront.net/" />
-
-	<rule from="^http://n\.bodybuilding\.com/"
-		to="https://bodybuilding-com.112.2o7.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boell.de.xml b/src/chrome/content/rules/Boell.de.xml
index 77bf5af7feec..7e1935a51ae8 100644
--- a/src/chrome/content/rules/Boell.de.xml
+++ b/src/chrome/content/rules/Boell.de.xml
@@ -32,7 +32,7 @@ themen.boell.de different content
 ³ timed out
 ⁴ self signed
 -->
-<ruleset name="boell.de" default_off='failed ruleset test'>
+<ruleset name="boell.de" default_off="failed ruleset test">
 	<target host="www.boell.de" />
 	<target host="bewerbung.boell.de" />
 	<target host="calendar.boell.de" />
diff --git a/src/chrome/content/rules/Boing-Boing.xml b/src/chrome/content/rules/Boing-Boing.xml
deleted file mode 100644
index 69bc2745e50b..000000000000
--- a/src/chrome/content/rules/Boing-Boing.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-<!--
-	CDN buckets:
-
-		- boingboing.cachefly.net
-		- boingboing.global.ssl.fastly.net
-		- scdn-discourse.r.worldssl.net/user_avatar/bbs.boingboing.net/
-
-
-	Nonfunctional subdomains:
-
-		- dev *
-		- www.shop *
-		- submit *
-		- wow ²
-
-	* Refused
-	² Redirects to http
-
-
-	Problematic hosts in *boingboing.net:
-
-		- origin ¹
-		- www ²
-
-	¹ Untrusted root
-	² Refused
-
-
-	Mixed content:
-
-		- css on ^ from fonts.googleapis.com ¹
-
-		- Images, on:
-
-			- ^ from $self ¹
-			- media from media.boingboing.net ¹
-
-		- Bugs, on:
-
-			- ^ from pubads.g.doubleclick.net ²
-			- ^ from b.scorecardresearch.com ¹
-
-	¹ Secured by us
-	² Ruleset disabled by default
-
--->
-<ruleset name="Boing Boing.net (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="boingboing.net" />
-	<target host="bbs.boingboing.net" />
-	<target host="media.boingboing.net" />
-	<target host="shop.boingboing.net" />
-	<target host="store.boingboing.net" />
-
-	<!--	Complications:
-				-->
-	<target host="www.boingboing.net" />
-
-		<test url="http://boingboing.net/about" />
-		<test url="http://www.boingboing.net/contact" />
-		<test url="http://boingboing.net/s/" />
-
-
-	<securecookie host="^\." name="^__qca$" />
-	<securecookie host="^(?:\.shop\.)?boingboing\.net$" name=".+" />
-
-
-	<rule from="^http://www\.boingboing\.net/"
-		to="https://boingboing.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boingo.xml b/src/chrome/content/rules/Boingo.xml
index 778c5e063950..5cd0a4d2867a 100644
--- a/src/chrome/content/rules/Boingo.xml
+++ b/src/chrome/content/rules/Boingo.xml
@@ -7,7 +7,7 @@ Fetch error: http://boingohotspot.net/ => http://boingohotspot.net/: (28, 'Conne
 Disabled by https-everywhere-checker because:
 Fetch error: http://boingo.com/ => https://www.boingo.com/: (7, 'Failed to connect to www.boingo.com port 443: Connection timed out')
 -->
-<ruleset name="Boingo" default_off='failed ruleset test'>
+<ruleset name="Boingo" default_off="failed ruleset test">
     <target host="boingo.com" />
     <target host="*.boingo.com" />
     <target host="boingohotspot.net" />
diff --git a/src/chrome/content/rules/Boiron.ca.xml b/src/chrome/content/rules/Boiron.ca.xml
new file mode 100644
index 000000000000..ef7aa524bf53
--- /dev/null
+++ b/src/chrome/content/rules/Boiron.ca.xml
@@ -0,0 +1,7 @@
+<ruleset name="Boiron.ca">
+	<target host="boiron.ca" />
+	<target host="www.boiron.ca" />
+	<target host="shop.boiron.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bokborgen.se.xml b/src/chrome/content/rules/Bokborgen.se.xml
index 50e226164924..3fcb4a29990c 100644
--- a/src/chrome/content/rules/Bokborgen.se.xml
+++ b/src/chrome/content/rules/Bokborgen.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.bokborgen.se/ => https://bokborgen.se/: (51, "SSL: no alternative certificate subject name matches target host name 'bokborgen.se'")
 Fetch error: http://bokborgen.se/ => https://bokborgen.se/: (51, "SSL: no alternative certificate subject name matches target host name 'bokborgen.se'")
 -->
-<ruleset name="Bokborgen.se" default_off='failed ruleset test'>
+<ruleset name="Bokborgen.se" default_off="failed ruleset test">
   <target host="www.bokborgen.se" />
   <target host="bokborgen.se" />
   <rule from="^http://www\.bokborgen\.se/" to="https://bokborgen.se/"/>
diff --git a/src/chrome/content/rules/Bokelskere.no.xml b/src/chrome/content/rules/Bokelskere.no.xml
new file mode 100644
index 000000000000..0da59c9759f9
--- /dev/null
+++ b/src/chrome/content/rules/Bokelskere.no.xml
@@ -0,0 +1,6 @@
+<ruleset name="Bokelskere.no">
+	<target host="bokelskere.no" />
+	<target host="www.bokelskere.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bokelskere.xml b/src/chrome/content/rules/Bokelskere.xml
deleted file mode 100644
index 807f4d6d163c..000000000000
--- a/src/chrome/content/rules/Bokelskere.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Bokelskere" platform="mixedcontent">
-  <target host="bokelskere.no" />
-  <target host="www.bokelskere.no" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BolehVPN.net.xml b/src/chrome/content/rules/BolehVPN.net.xml
index 047468f0b985..3982f5e38e45 100644
--- a/src/chrome/content/rules/BolehVPN.net.xml
+++ b/src/chrome/content/rules/BolehVPN.net.xml
@@ -18,7 +18,7 @@ Fetch error: http://portal.bolehvpn.net/ => https://portal.bolehvpn.net/: (7, 'F
 		- www.bolehvpn.net
 
 -->
-<ruleset name="BolehVPN.net" default_off='failed ruleset test'>
+<ruleset name="BolehVPN.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Boligportal.dk-mixedcontent.xml b/src/chrome/content/rules/Boligportal.dk-mixedcontent.xml
deleted file mode 100644
index 50b233de929d..000000000000
--- a/src/chrome/content/rules/Boligportal.dk-mixedcontent.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Main Boligportal related ruleset is
-	in Boligportal.dk.xml
--->
-<ruleset name="Boligportal.dk (false MCB)" platform="mixedcontent">
-
-	<target host="boligportal.dk" />
-	<target host="www.boligportal.dk" />
-
-	<securecookie host="(www)?\.boligportal\.dk" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boligportal.dk.xml b/src/chrome/content/rules/Boligportal.dk.xml
index 34252c701e2e..4bae2351c183 100644
--- a/src/chrome/content/rules/Boligportal.dk.xml
+++ b/src/chrome/content/rules/Boligportal.dk.xml
@@ -5,14 +5,14 @@
 
 	¹: Bad cert
 
-	Mixed content issues on pages that load JS via
-	Leaflet (such as individual apartment info
-	pages). These are dealt with in the ruleset in
-	Boligportal.dk-mixedcontent.xml.
-
 -->
 <ruleset name="Boligportal.dk (static)">
 
+	<target host="boligportal.dk" />
+	<target host="www.boligportal.dk" />
+
+	<securecookie host="(www)?\.boligportal\.dk" name=".+" />
+
 	<target host="static1.boligportal.dk" />
 	<target host="static2.boligportal.dk" />
 	<target host="static3.boligportal.dk" />
diff --git a/src/chrome/content/rules/Bolos_Computer_Museum.xml b/src/chrome/content/rules/Bolos_Computer_Museum.xml
index 9493f8ae72f9..6bec6c199890 100644
--- a/src/chrome/content/rules/Bolos_Computer_Museum.xml
+++ b/src/chrome/content/rules/Bolos_Computer_Museum.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bonadza.com.xml b/src/chrome/content/rules/Bonadza.com.xml
deleted file mode 100644
index 77465851b621..000000000000
--- a/src/chrome/content/rules/Bonadza.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- bonadza.com
-		- www.bonadza.com
-
--->
-<ruleset name="Bonadza.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bonadza.com" />
-	<target host="notif.bonadza.com" />
-	<target host="www.bonadza.com" />
-
-		<test url="http://notif.bonadza.com/c/?c=" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<test url="http://bonadza.com/login.php" />
-		<test url="http://www.bonadza.com/login.php" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?bonadza\.com$" name="^Bonadza_Session$" /-->
-
-	<securecookie host="^(?:www\.)?bonadza\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bonneville_Power_Administration.xml b/src/chrome/content/rules/Bonneville_Power_Administration.xml
deleted file mode 100644
index 8a6258415e2f..000000000000
--- a/src/chrome/content/rules/Bonneville_Power_Administration.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)transmission
-
-
-	Problematic subdomains:
-
-		- www.careers *
-		- www.efw *
-		- www.jobs *
-
-	Cert only matches *.bpa
-
--->
-<ruleset name="Bonneville Power Administration (partial)">
-
-	<target host="bpa.gov" />
-	<target host="*.bpa.gov" />
-
-
-	<securecookie host="^.*\.bpa\.gov$" name=".+" />
-
-
-	<rule from="^http://(customerportal\.|www\.)?bpa\.gov/"
-		to="https://$1bpa.gov/" />
-
-	<rule from="^http://(?:www\.)?(careers|efw|jobs)\.bpa\.gov/"
-		to="https://$1.bpa.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BookerAndDax.com.xml b/src/chrome/content/rules/BookerAndDax.com.xml
new file mode 100644
index 000000000000..6a2f72755dae
--- /dev/null
+++ b/src/chrome/content/rules/BookerAndDax.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="BookerAndDax.com">
+	<target host="bookeranddax.com" />
+	<target host="www.bookeranddax.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bookie.io.xml b/src/chrome/content/rules/Bookie.io.xml
index b461982bddda..c35577ade54e 100644
--- a/src/chrome/content/rules/Bookie.io.xml
+++ b/src/chrome/content/rules/Bookie.io.xml
@@ -6,7 +6,7 @@ Fetch error: http://bookie.io/ => https://bookie.io/: (28, 'Connection timed out
 	www.bookie.io doesn't exist.
 
 -->
-<ruleset name="Bookie.io" default_off='failed ruleset test'>
+<ruleset name="Bookie.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Booklog.jp.xml b/src/chrome/content/rules/Booklog.jp.xml
index dfafed92d23c..42178938218b 100644
--- a/src/chrome/content/rules/Booklog.jp.xml
+++ b/src/chrome/content/rules/Booklog.jp.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://booklog.jp/ => https://www.booklog.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.booklog.jp'")
 Fetch error: http://www.booklog.jp/ => https://www.booklog.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'www.booklog.jp'")
 -->
-<ruleset name="Booklog.jp" default_off='failed ruleset test'>
+<ruleset name="Booklog.jp" default_off="failed ruleset test">
   <target host="booklog.jp" />
   <target host="www.booklog.jp" />
 
diff --git a/src/chrome/content/rules/Booklooker.de.xml b/src/chrome/content/rules/Booklooker.de.xml
index d099131bd574..e55cf210b7b6 100644
--- a/src/chrome/content/rules/Booklooker.de.xml
+++ b/src/chrome/content/rules/Booklooker.de.xml
@@ -1,9 +1,20 @@
-<ruleset name="booklooker.de">
-  <target host="booklooker.de" />
-  <target host="*.booklooker.de" />
+<!--
+	Remark: dev, falco, images2 and stats have different
+		behavior over HTTP (refused) and HTTPS (403).
 
-  <securecookie host="^(?:www\.)?(?:images\.|secure\.)?booklooker\.de$" name=".+" />
+	Non-functional hosts
+		Different content:
+		- bjoerk.booklooker.de
+-->
+<ruleset name="booklooker.de">
+	<target host="booklooker.de" />
+	<target host="www.booklooker.de" />
+	<target host="api.booklooker.de" />
+	<target host="bms.booklooker.de" />
+	<target host="download.booklooker.de" />
+	<target host="images.booklooker.de" />
+	<test url="http://images.booklooker.de/m/9783833310539/Jenny-Colgan+Die-kleine-B%C3%A4ckerei-am-Strandweg.jpg" />
+	<target host="secure.booklooker.de" />
 
-  <rule from="^http://(?:www\.)?(?:secure\.)?booklooker\.de/" to="https://secure.booklooker.de/" />
-  <rule from="^http://(?:www\.)?images\.booklooker\.de/" to="https://images.booklooker.de/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bookworm.xml b/src/chrome/content/rules/Bookworm.xml
deleted file mode 100644
index 0716099a5795..000000000000
--- a/src/chrome/content/rules/Bookworm.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- Partial -->
-<ruleset name="Bookworm">
-  <target host="bookworm.oreilly.com" />
-
-  <securecookie host="^bookworm\.oreilly\.com$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boomerang.com.xml b/src/chrome/content/rules/Boomerang.com.xml
new file mode 100644
index 000000000000..880fb0f7e3af
--- /dev/null
+++ b/src/chrome/content/rules/Boomerang.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Boomerang.com">
+	<target host="boomerang.com" />
+	<target host="www.boomerang.com" />
+	<target host="link.boomerang.com" />
+	<target host="staging.boomerang.com" />
+	<target host="watch.boomerang.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boomerang.xml b/src/chrome/content/rules/Boomerang.xml
deleted file mode 100644
index 6844092b2f15..000000000000
--- a/src/chrome/content/rules/Boomerang.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://imagestore2.boomerang.com/ => https://imagestore2.boomerang.com/: (6, 'Could not resolve host: imagestore2.boomerang.com')
-
-	Nonfunctional subdomains:
-
-		- blogs
-		- home		(valid cert; prints "systems are undergoing maintenance at this time")
-		- loyalty
-		- ss (refused)
-
--->
-<ruleset name="Boomerang (partial)" default_off='failed ruleset test'>
-	<target host="boomerang.com" />
-	<target host="www.boomerang.com" />
-	<target host="imagestore2.boomerang.com" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/BoordatWork.com.xml b/src/chrome/content/rules/BoordatWork.com.xml
index 039a24b8751b..49fbce4371e7 100644
--- a/src/chrome/content/rules/BoordatWork.com.xml
+++ b/src/chrome/content/rules/BoordatWork.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="BoordatWork.com" default_off="self-signed">
 
 	<target host="booredatwork.com" />
-	<target host="*.booredatwork.com" />
+	<target host="cdn.booredatwork.com" />
+	<target host="www.booredatwork.com" />
 
 
 	<securecookie host="^\.?booredatwork\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Boost.org.xml b/src/chrome/content/rules/Boost.org.xml
new file mode 100644
index 000000000000..aa67e78050ec
--- /dev/null
+++ b/src/chrome/content/rules/Boost.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- ci.boost.org
+
+		Mixed content blocking (MCB) triggered:
+		- boostcon.boost.org
+-->
+<ruleset name="Boost.org">
+	<target host="boost.org" />
+	<target host="www.boost.org" />
+	<target host="beta.boost.org" />
+	<target host="lists.boost.org" />
+	<target host="live.boost.org" />
+	<target host="svn.boost.org" />
+	<target host="wiki.boost.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Boost.xml b/src/chrome/content/rules/Boost.xml
deleted file mode 100644
index 232701940001..000000000000
--- a/src/chrome/content/rules/Boost.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http)
-
--->
-<ruleset name="Boost.org (partial)">
-
-	<target host="lists.boost.org" />
-	<target host="svn.boost.org" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Boost_by_Benz.com.xml b/src/chrome/content/rules/Boost_by_Benz.com.xml
index 748fe9fe7cb8..18f2e62c36fd 100644
--- a/src/chrome/content/rules/Boost_by_Benz.com.xml
+++ b/src/chrome/content/rules/Boost_by_Benz.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.boostbybenz.com/ => https://www.boostbybenz.com/: (60, '
 		- stage.boostbybenz.com
 
 -->
-<ruleset name="Boost by Benz.com" default_off='failed ruleset test'>
+<ruleset name="Boost by Benz.com" default_off="failed ruleset test">
 
 	<target host="boostbybenz.com" />
 	<target host="www.boostbybenz.com" />
diff --git a/src/chrome/content/rules/BootCDN.xml b/src/chrome/content/rules/BootCDN.xml
index ee6c550f1d80..1d902dc8a43f 100644
--- a/src/chrome/content/rules/BootCDN.xml
+++ b/src/chrome/content/rules/BootCDN.xml
@@ -19,7 +19,7 @@
 			w3schools.bootcss.com
 			wenda.bootcss.com
 			www.bootcss.com
-		  
+
 		*bootcss.com
 			blog.bootcss.cn
 			www.bootcss.cn
@@ -29,7 +29,7 @@
 
 	<target host="cdn.bootcss.com" />
 		<test url="http://cdn.bootcss.com/bootstrap/3.3.6/css/bootstrap-theme.css" />
-	
+
 	<!--	MCB	-->
 	<exclusion pattern="^http://cdn.bootcss.com/bootstrap-tokenfield/0.11.8/package/index.html" />
 		<test url="http://cdn.bootcss.com/bootstrap-tokenfield/0.11.8/package/index.html#examples" />
diff --git a/src/chrome/content/rules/Boots.com.xml b/src/chrome/content/rules/Boots.com.xml
index 76317898d4e4..a97e108c2dee 100644
--- a/src/chrome/content/rules/Boots.com.xml
+++ b/src/chrome/content/rules/Boots.com.xml
@@ -50,9 +50,13 @@
 <ruleset name="Boots.com (partial)">
 
 	<target host="boots.com" />
-	<target host="*.boots.com" />
+	<target host="www.boots.com" />
+	<target host="www.international.boots.com" />
+	<target host="th.boots.com" />
+	<target host="www.th.boots.com" />
 	<target host="shopbootsusa.com" />
-	<target host="*.shopbootsusa.com" />
+	<target host="www.shopbootsusa.com" />
+	<target host="images.shopbootsusa.com" />
 
 
 	<securecookie host="^(?:.*\.)?boots\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Boots.no.xml b/src/chrome/content/rules/Boots.no.xml
index 1a4925b997da..65da5bec0a85 100644
--- a/src/chrome/content/rules/Boots.no.xml
+++ b/src/chrome/content/rules/Boots.no.xml
@@ -10,7 +10,7 @@
 <ruleset name="Boots.no">
 
 	<target host="boots.no" />
-	<target host="*.boots.no" />
+	<target host="www.boots.no" />
 
 
 	<securecookie host=".*\.boots\.no$" name=".+" />
diff --git a/src/chrome/content/rules/Boots_Thai.com.xml b/src/chrome/content/rules/Boots_Thai.com.xml
index d5e519cadd53..b18238a1e192 100644
--- a/src/chrome/content/rules/Boots_Thai.com.xml
+++ b/src/chrome/content/rules/Boots_Thai.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.bootsthai.com/ => https://www.bootsthai.com/: (60, 'SSL
 	^bootsthai.com times out over both http and https.
 
 -->
-<ruleset name="Boots Thai.com" default_off='failed ruleset test'>
+<ruleset name="Boots Thai.com" default_off="failed ruleset test">
 
 	<target host="www.bootsthai.com" />
 
diff --git a/src/chrome/content/rules/Boounce.xml b/src/chrome/content/rules/Boounce.xml
index 638737b6f240..30e575be4c5b 100644
--- a/src/chrome/content/rules/Boounce.xml
+++ b/src/chrome/content/rules/Boounce.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.boounce.com/ => https://www.boounce.com/: (7, 'Failed to
 Automatically by https-everywhere-checker because:
 Fetch error: http://boounce.com/ => https://boounce.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Boounce" default_off='failed ruleset test'>
+<ruleset name="Boounce" default_off="failed ruleset test">
 
 	<target host="boounce.com" />
 	<target host="forums.boounce.com" />
@@ -20,4 +20,4 @@ Fetch error: http://boounce.com/ => https://boounce.com/: (60, 'SSL certificate
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Booz_Allen.com.xml b/src/chrome/content/rules/Booz_Allen.com.xml
index 08a97cb59ba0..8ddaddb7b4fd 100644
--- a/src/chrome/content/rules/Booz_Allen.com.xml
+++ b/src/chrome/content/rules/Booz_Allen.com.xml
@@ -23,7 +23,8 @@
 <ruleset name="Booz Allen.com (partial)">
 
 	<target host="boozallen.com" />
-	<target host="*.boozallen.com" />
+	<target host="mena.boozallen.com" />
+	<target host="www.boozallen.com" />
 
 
 	<!--	Not secured by server:
@@ -33,7 +34,6 @@
 	<securecookie host="^cybertab\.boozallen\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cybertab|mena|www)\.)?boozallen\.com/"
-		to="https://$1boozallen.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bored_to_Death.xml b/src/chrome/content/rules/Bored_to_Death.xml
deleted file mode 100644
index ea22e0f91cb2..000000000000
--- a/src/chrome/content/rules/Bored_to_Death.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Bored to Death">
-
-	<target host="boredtodeath.me" />
-	<target host="www.boredtodeath.me" />
-
-
-	<securecookie host="^(?:w*\.)?boredtodeath\.me$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Born_This_Way_Foundation.xml b/src/chrome/content/rules/Born_This_Way_Foundation.xml
index 198932b9af2c..399411e7d8c2 100644
--- a/src/chrome/content/rules/Born_This_Way_Foundation.xml
+++ b/src/chrome/content/rules/Born_This_Way_Foundation.xml
@@ -1,33 +1,21 @@
 <!--
-	CDN buckets:
-
-		- dnwssx4l7gl7s.cloudfront.net/bway/default/
-
-
-	Problematic subdomains:
-
-		- (www.) *
-		- action *
-
-	* Redirects to http; mismatched, CN: secure.bornthiswayfoundation.org
-
-
-	At least some pages redirect back from secure.
+	Non-functional hosts:
+		Mismatched:
+		- www.bornthisway.foundation
 
 -->
 <ruleset name="Born This Way Foundation (partial)">
 
-	<target host="bornthiswayfoundation.org" />
-	<target host="*.bornthiswayfoundation.org" />
-
-
-	<securecookie host="^\.?secure\.bornthiswayfoundation\.org$" name=".+" />
-
+	<target host="bornthisway.foundation" />
+	<target host="www.bornthisway.foundation" />
+	<target host="secure.bornthisway.foundation" />
+	<target host="shop.bornthisway.foundation" />
 
-	<rule from="^http://(?:action\.|www\.)?bornthiswayfoundation\.org/page/-/img/"
-		to="https://dnwssx4l7gl7s.cloudfront.net/bway/default/page/-/img/" />
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http://www\.bornthisway\.foundation/"
+		  	to="https://bornthisway.foundation/" />
 
-	<rule from="^http://secure\.bornthiswayfoundation\.org/"
-		to="https://secure.bornthiswayfoundation.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BosslandGmbH.xml b/src/chrome/content/rules/BosslandGmbH.xml
index 3a49e2867c4a..d795e721b63b 100644
--- a/src/chrome/content/rules/BosslandGmbH.xml
+++ b/src/chrome/content/rules/BosslandGmbH.xml
@@ -17,4 +17,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BotBot.me.xml b/src/chrome/content/rules/BotBot.me.xml
index da4863a648d1..39853c457bfe 100644
--- a/src/chrome/content/rules/BotBot.me.xml
+++ b/src/chrome/content/rules/BotBot.me.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.botbot.me/ => https://www.botbot.me/: (51, "SSL: no alte
 		- botbot.me
 
 -->
-<ruleset name="BotBot.me" default_off='failed ruleset test'>
+<ruleset name="BotBot.me" default_off="failed ruleset test">
 	<target host="botbot.me" />
 	<target host="www.botbot.me" />
 
diff --git a/src/chrome/content/rules/Boum.org.xml b/src/chrome/content/rules/Boum.org.xml
index 3f8ee88a1f54..f5c016ff469c 100644
--- a/src/chrome/content/rules/Boum.org.xml
+++ b/src/chrome/content/rules/Boum.org.xml
@@ -50,13 +50,13 @@
 	<target host="webmail.boum.org" />
 	<target host="wiki.boum.org" />
 
-	<rule from="^http://frangipane\.boum\.org/" 
+	<rule from="^http://frangipane\.boum\.org/"
 		to="https://nantes.indymedia.org/" />
 
 	<rule from="^http://(mail|ns2?|panoptique)\.boum\.org/"
 		to="https://boum.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Bounce.io.xml b/src/chrome/content/rules/Bounce.io.xml
index 3ef1092679c0..f693fe5a1212 100644
--- a/src/chrome/content/rules/Bounce.io.xml
+++ b/src/chrome/content/rules/Bounce.io.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bounce.io/ => https://bounce.io/: (7, 'Failed to connect to bounce.io port 443: Connection refused')
 
 -->
-<ruleset name="Bounce.io" default_off='failed ruleset test'>
+<ruleset name="Bounce.io" default_off="failed ruleset test">
 	<target host="bounce.io" />
-	<target host="*.bounce.io" />
+	<target host="www.bounce.io" />
 
 	<rule from="^http://(?:www\.)?bounce\.io/"
 		to="https://bounce.io/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bourgeois.me.xml b/src/chrome/content/rules/Bourgeois.me.xml
index 0c73a1984364..330b22a712e6 100644
--- a/src/chrome/content/rules/Bourgeois.me.xml
+++ b/src/chrome/content/rules/Bourgeois.me.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bourgeois.me/ => https://bourgeois.me/: (51, "SSL: no alternative certificate subject name matches target host name 'bourgeois.me'")
 
 -->
-<ruleset name="Bourgeois.me" default_off='failed ruleset test'>
+<ruleset name="Bourgeois.me" default_off="failed ruleset test">
 
 	<target host="bourgeois.me" />
 	<target host="www.bourgeois.me" />
diff --git a/src/chrome/content/rules/Bournemouth.gov.uk.xml b/src/chrome/content/rules/Bournemouth.gov.uk.xml
index 6d729796c07d..cf3ec34c845b 100644
--- a/src/chrome/content/rules/Bournemouth.gov.uk.xml
+++ b/src/chrome/content/rules/Bournemouth.gov.uk.xml
@@ -44,7 +44,7 @@ Fetch error: http://bournemouth.gov.uk/ => https://www.bournemouth.gov.uk/: (28,
 	ˢ Secured by us
 
 -->
-<ruleset name="Bournemouth.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bournemouth.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BoxOffice.xml b/src/chrome/content/rules/BoxOffice.xml
index 95a048d5157c..c5f630f6b0d9 100644
--- a/src/chrome/content/rules/BoxOffice.xml
+++ b/src/chrome/content/rules/BoxOffice.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BoxeeTV.xml b/src/chrome/content/rules/BoxeeTV.xml
index f25c664b3004..7cb0b7b3a288 100644
--- a/src/chrome/content/rules/BoxeeTV.xml
+++ b/src/chrome/content/rules/BoxeeTV.xml
@@ -11,10 +11,13 @@ Fetch error: http://boxee.tv/ => https://boxee.tv/: (7, 'Failed to connect to ww
 		- my	(refused)
 
 -->
-<ruleset name="Boxee.tv (partial)" default_off='failed ruleset test'>
+<ruleset name="Boxee.tv (partial)" default_off="failed ruleset test">
 
 	<target host="boxee.tv" />
-	<target host="*.boxee.tv" />
+	<target host="account.boxee.tv" />
+	<target host="app.boxee.tv" />
+	<target host="assets.boxee.tv" />
+	<target host="www.boxee.tv" />
 
 
 	<!--	Don't secure wildcard cookies, wrt:
@@ -24,7 +27,6 @@ Fetch error: http://boxee.tv/ => https://boxee.tv/: (7, 'Failed to connect to ww
 	<securecookie host="^(?:\w+\.)?boxee\.tv$" name=".+" />
 
 
-	<rule from="^http://((?:account|app|assets|www)\.)?boxee\.tv/"
-		to="https://$1boxee.tv/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Boxpn.com.xml b/src/chrome/content/rules/Boxpn.com.xml
index 4bcc1dcb7b84..fe3aabc3bf9d 100644
--- a/src/chrome/content/rules/Boxpn.com.xml
+++ b/src/chrome/content/rules/Boxpn.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.boxpn.com/ => https://www.boxpn.com/: (51, "SSL: no alte
 		- Image from internetdefenseleague.org
 
 -->
-<ruleset name="Boxpn.com" default_off='failed ruleset test'>
+<ruleset name="Boxpn.com" default_off="failed ruleset test">
 
 	<target host="boxpn.com" />
 	<target host="www.boxpn.com" />
diff --git a/src/chrome/content/rules/Boxwood_Technology.xml b/src/chrome/content/rules/Boxwood_Technology.xml
index 43562cf6e6d6..2517e0621d8a 100644
--- a/src/chrome/content/rules/Boxwood_Technology.xml
+++ b/src/chrome/content/rules/Boxwood_Technology.xml
@@ -7,16 +7,16 @@ Fetch error: http://www.boxwoodtech.com/ => https://www.boxwoodtech.com/: (28, '
 Disabled by https-everywhere-checker because:
 Fetch error: http://boxwoodtech.com/ => https://boxwoodtech.com/: Cycle detected - URL already encountered: https://www.boxwoodtech.com/
 -->
-<ruleset name="Boxwood Technology" default_off='failed ruleset test'>
+<ruleset name="Boxwood Technology" default_off="failed ruleset test">
 
 	<target host="boxwoodtech.com" />
 	<target host="secure.boxwoodtech.com" />
 	<target host="www.boxwoodtech.com" />
 
 
-	<securecookie host="^(?:.+\.)?boxwoodtech\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BradleyF.id.au.xml b/src/chrome/content/rules/BradleyF.id.au.xml
deleted file mode 100644
index 52726c94579d..000000000000
--- a/src/chrome/content/rules/BradleyF.id.au.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	These altnames don't exist:
-
-		- www.bradleyf.id.au
-
--->
-<ruleset name="BradleyF.id.au">
-
-	<target host="bradleyf.id.au" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Braincert.org.xml b/src/chrome/content/rules/Braincert.org.xml
index 5cd3eea8640a..03d6f8f97da9 100644
--- a/src/chrome/content/rules/Braincert.org.xml
+++ b/src/chrome/content/rules/Braincert.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://braincert.org/ => https://braincert.org/: (51, "SSL: no alternative certificate subject name matches target host name 'braincert.org'")
 
 -->
-<ruleset name="braincert.org" default_off='failed ruleset test'>
+<ruleset name="braincert.org" default_off="failed ruleset test">
 
 	<target host="braincert.org" />
 	<target host="www.braincert.org" />
@@ -15,4 +15,4 @@ Fetch error: http://braincert.org/ => https://braincert.org/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brainshark.xml b/src/chrome/content/rules/Brainshark.xml
index 0f34fe5e3be1..692916e0e229 100644
--- a/src/chrome/content/rules/Brainshark.xml
+++ b/src/chrome/content/rules/Brainshark.xml
@@ -11,7 +11,7 @@
 	<target host="brainshark.com"/>
 	<target host="www.brainshark.com"/>
 
-	<securecookie host="^(?:.*\.)?brainshark\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://presentation\.brainshark\.com/company/contact_us\.(?:aspx|php)(?:$|\?.*)"
 		to="https://www.brainshark.com/contact-us" />
diff --git a/src/chrome/content/rules/Brainsonic.xml b/src/chrome/content/rules/Brainsonic.xml
index 111dba8067ab..61d2a973d32e 100644
--- a/src/chrome/content/rules/Brainsonic.xml
+++ b/src/chrome/content/rules/Brainsonic.xml
@@ -19,7 +19,10 @@
 <ruleset name="Brainsonic (partial)">
 
 	<target host="brainsonic.com" />
-	<target host="*.brainsonic.com" />
+	<target host="www.brainsonic.com" />
+	<target host="live2.brainsonic.com" />
+	<target host="live-secure.brainsonic.com" />
+	<target host="francetv.motscroises.pad.brainsonic.com" />
 
 
 	<rule from="^http://(?:www\.)?brainsonic\.com/wp-content/"
@@ -28,4 +31,4 @@
 	<rule from="^http://(live2|live-secure|francetv\.motscroises\.pad)\.brainsonic\.com/"
 		to="https://$1.brainsonic.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brak.de.xml b/src/chrome/content/rules/Brak.de.xml
new file mode 100644
index 000000000000..431aa1b9c1d0
--- /dev/null
+++ b/src/chrome/content/rules/Brak.de.xml
@@ -0,0 +1,21 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Brak.de">
+
+	<target host="brak.de" />
+	<target host="www.brak.de" />
+	<target host="bea.brak.de" />
+	<target host="bilder.brak.de" />
+	<target host="mail.brak.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Content mismatch on https://brak.de/,
+	http://brak.de/ redirects to http://www.brak.de/ -->
+	<rule from="^http://brak\.de/"
+		to="https://www.brak.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Branch.xml b/src/chrome/content/rules/Branch.xml
index d90e0d961ed9..398c77a3ddab 100644
--- a/src/chrome/content/rules/Branch.xml
+++ b/src/chrome/content/rules/Branch.xml
@@ -17,10 +17,12 @@ Fetch error: http://branch.com/ => https://secure.branch.com/: (6, 'Could not re
 		- www		(mismatched, CN: *.herokuapp.com)
 
 -->
-<ruleset name="Branch" default_off='failed ruleset test'>
+<ruleset name="Branch" default_off="failed ruleset test">
 
 	<target host="branch.com" />
-	<target host="*.branch.com" />
+	<target host="secure.branch.com" />
+	<target host="www.branch.com" />
+	<target host="static.branch.com" />
 
 
 	<securecookie host="^\.branch\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Brand-server.com.xml b/src/chrome/content/rules/Brand-server.com.xml
deleted file mode 100644
index c26ff8f35be3..000000000000
--- a/src/chrome/content/rules/Brand-server.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- t.brand-server.com
-
-
-	Web bugs.
-
--->
-<ruleset name="brand-server.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="t.brand-server.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^t\.brand-server\.com$" name="^(tuuid|us)$" /-->
-
-	<securecookie host="^t\.brand-server\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Brand_Embassy.xml b/src/chrome/content/rules/Brand_Embassy.xml
index 736c611d8a6b..ed8d0cc28cd6 100644
--- a/src/chrome/content/rules/Brand_Embassy.xml
+++ b/src/chrome/content/rules/Brand_Embassy.xml
@@ -7,13 +7,12 @@
 -->
 <ruleset name="Brand Embassy (partial)">
 
-	<target host="*.brandembassy.com" />
+	<target host="engager.brandembassy.com" />
 
 
 	<securecookie host="^(?:engager|ui)\.brandembassy\.com$" name=".+" />
 
 
-	<rule from="^http://(engager|ui)\.brandembassy\.com/"
-		to="https://$1.brandembassy.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brand_New_Booty.xml b/src/chrome/content/rules/Brand_New_Booty.xml
deleted file mode 100644
index c14e38931140..000000000000
--- a/src/chrome/content/rules/Brand_New_Booty.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Brand New Booty">
-
-	<target host="brandnewbooty.com" />
-	<target host="www.brandnewbooty.com" />
-
-
-	<securecookie host="^(?:www)?\.brandnewbooty\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brandfolder.com.xml b/src/chrome/content/rules/Brandfolder.com.xml
deleted file mode 100644
index 7bdbf7de02c9..000000000000
--- a/src/chrome/content/rules/Brandfolder.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- brandfolder.com
-
--->
-<ruleset name="Brandfolder.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="brandfolder.com" />
-	<target host="assets.brandfolder.com" />
-	<target host="static.brandfolder.com" />
-	<target host="www.brandfolder.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^brandfolder\.com$" name="^rack\.session$" /-->
-
-	<securecookie host="^brandfolder\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Brandify.xml b/src/chrome/content/rules/Brandify.xml
index 435331c36a2f..cc1f20c17488 100644
--- a/src/chrome/content/rules/Brandify.xml
+++ b/src/chrome/content/rules/Brandify.xml
@@ -10,11 +10,11 @@ Fetch error: http://secure.brandify.com.au/ => https://secure.brandify.com.au/:
 		- (www.)	(shows secure; mismatched, CN: secure.brandify.com.au)
 
 -->
-<ruleset name="Brandify (partial)" default_off='failed ruleset test'>
+<ruleset name="Brandify (partial)" default_off="failed ruleset test">
 
 	<target host="secure.brandify.com.au" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Branson_Zipline.xml b/src/chrome/content/rules/Branson_Zipline.xml
deleted file mode 100644
index e74b61b05f20..000000000000
--- a/src/chrome/content/rules/Branson_Zipline.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Problematic domains:
-
-		- css.bzimages.com *
-		- img.bzimages.com *
-
-	* Works, mismatched, CN: secure.vacationsmadeeasy.com
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Branson Zipline (partial)">
-
-	<target host="bransonzipline.com" />
-	<target host="*.bransonzipline.com" />
-		<exclusion pattern="^http://(?:www\.)?bransonzipline\.com/(?!public/)" />
-	<target host="img.bzimages.com" />
-
-
-	<securecookie host="^secure\.bransonzipline\.com$" name=".+" />
-
-
-	<rule from="^http://(secure\.|www\.)?bransonzipline\.com/"
-		to="https://$1bransonzipline.com/" />
-
-	<rule from="^http://(?:css|img)\.bzimages\.com/"
-		to="https://www.bransonzipline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Brasil_24-7.xml b/src/chrome/content/rules/Brasil_24-7.xml
index cb13ac5d66f1..6542fa49e187 100644
--- a/src/chrome/content/rules/Brasil_24-7.xml
+++ b/src/chrome/content/rules/Brasil_24-7.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brave-Media.xml b/src/chrome/content/rules/Brave-Media.xml
index 6903623bf423..52826d03657c 100644
--- a/src/chrome/content/rules/Brave-Media.xml
+++ b/src/chrome/content/rules/Brave-Media.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfunctional: 
+	Nonfunctional:
 
 		- printingchoice.com
 			- (printingchoice.)bravemedia.org/~bravemed/printingchoice/ redirects to printingchoice.com
@@ -9,7 +9,10 @@
 
 	<!--	Cert: *.hostmonster.com	-->
 	<target host="bravemedia.org" />
-	<target host="*.bravemedia.org" />
+	<target host="www.bravemedia.org" />
+	<target host="dinosr.bravemedia.org" />
+	<target host="keanu.bravemedia.org" />
+	<target host="scordit.bravemedia.org" />
 	<target host="dino.sr" />
 	<target host="www.dino.sr" />
 	<target host="kea.nu" />
diff --git a/src/chrome/content/rules/Braveinfo.net.xml b/src/chrome/content/rules/Braveinfo.net.xml
deleted file mode 100644
index e1c5fdd3238c..000000000000
--- a/src/chrome/content/rules/Braveinfo.net.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Braveinfo.net">
-	<target host="braveinfo.net" />
-	<target host="www.braveinfo.net" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Bravenet_Media.xml b/src/chrome/content/rules/Bravenet_Media.xml
index b59f078471e5..91b53cb2f65f 100644
--- a/src/chrome/content/rules/Bravenet_Media.xml
+++ b/src/chrome/content/rules/Bravenet_Media.xml
@@ -21,7 +21,7 @@ Fetch error: http://redvase.bravenet.com/ => https://redvase.bravenet.com/: (60,
 		- www.bravenetmedia.com
 
 -->
-<ruleset name="Bravenet Media (partial)" default_off='failed ruleset test'>
+<ruleset name="Bravenet Media (partial)" default_off="failed ruleset test">
 
 	<target host="redvase.bravenet.com" />
 
@@ -31,4 +31,4 @@ Fetch error: http://redvase.bravenet.com/ => https://redvase.bravenet.com/: (60,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BreNet.xml b/src/chrome/content/rules/BreNet.xml
index cef72cb82e3c..d759d4b08ba8 100644
--- a/src/chrome/content/rules/BreNet.xml
+++ b/src/chrome/content/rules/BreNet.xml
@@ -12,17 +12,16 @@ Fetch error: http://brenet.de/ => https://brenet.de/: (60, 'SSL certificate prob
 <ruleset name="BreNet (partial)">
 
 	<target host="brenet.de" />
-	<target host="*.brenet.de" />
+	<target host="www.brenet.de" />
 	<!--	* for cross-domain cookies.  This won't break
 		webmail if it's used over http, and in the case
 		that https is used and that ruleset is off, it'll
 		encrypt cookies anyway, which would be a good thing.	-->
 
 
-	<securecookie host="^(?:.*\.)?brenet\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?brenet\.de(:8443)?/"
-		to="https://$1brenet.de$2/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Break.com.xml b/src/chrome/content/rules/Break.com.xml
deleted file mode 100644
index debc43a54cd9..000000000000
--- a/src/chrome/content/rules/Break.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="break.com">
-
-	<target host="media1.break.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Breakfast-Quay.xml b/src/chrome/content/rules/Breakfast-Quay.xml
index b94cdb75b465..4c456f740242 100644
--- a/src/chrome/content/rules/Breakfast-Quay.xml
+++ b/src/chrome/content/rules/Breakfast-Quay.xml
@@ -6,7 +6,7 @@ Fetch error: http://code.breakfastquay.com/ => https://code.breakfastquay.com/:
 Disabled by https-everywhere-checker because:
 Fetch error: http://code.breakfastquay.com/ => https://code.breakfastquay.com/: (7, 'Failed to connect to code.breakfastquay.com port 443: Connection refused')
 -->
-<ruleset name="Breakfast Quay (partial)" default_off='failed ruleset test'>
+<ruleset name="Breakfast Quay (partial)" default_off="failed ruleset test">
 
 	<target host="code.breakfastquay.com"/>
 
diff --git a/src/chrome/content/rules/BreakoutBand.com.xml b/src/chrome/content/rules/BreakoutBand.com.xml
index 45bd94b8e513..b9348f7e89a3 100644
--- a/src/chrome/content/rules/BreakoutBand.com.xml
+++ b/src/chrome/content/rules/BreakoutBand.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://breakoutband.com/ => https://breakoutband.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.breakoutband.com/ => https://www.breakoutband.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="BreakoutBand.com" default_off='failed ruleset test'>
+<ruleset name="BreakoutBand.com" default_off="failed ruleset test">
 
 	<target host="breakoutband.com" />
 	<target host="www.breakoutband.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.breakoutband.com/ => https://www.breakoutband.com/: (28,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Breathe.com.xml b/src/chrome/content/rules/Breathe.com.xml
new file mode 100644
index 000000000000..4af2d490c7a0
--- /dev/null
+++ b/src/chrome/content/rules/Breathe.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure connection failed:
+		breathe.com
+		www.breathe.com
+		users.breathe.com
+
+-->
+<ruleset name="Breathe.com (partial)">
+
+	<target host="webmail.breathe.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bremer-Bank.xml b/src/chrome/content/rules/Bremer-Bank.xml
index 0e90418dbe86..ab4efc51ed03 100644
--- a/src/chrome/content/rules/Bremer-Bank.xml
+++ b/src/chrome/content/rules/Bremer-Bank.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://rdc.bremer.com/ => https://rdc.bremer.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Bremer Bank" default_off='failed ruleset test'>
+<ruleset name="Bremer Bank" default_off="failed ruleset test">
 	<target host="bremer.com" />
 	<target host="careers.bremer.com" />
 	<target host="rdc.bremer.com" />
diff --git a/src/chrome/content/rules/Brennan_Novak.com.xml b/src/chrome/content/rules/Brennan_Novak.com.xml
deleted file mode 100644
index 9ebd04e29eee..000000000000
--- a/src/chrome/content/rules/Brennan_Novak.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid Certificate
-		www.brennannovak.com
--->
-<ruleset name="Brennan Novak.com" >
-	<target host="brennannovak.com" />
-	<target host="www.brennannovak.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.brennannovak\.com/" to="https://brennannovak.com/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Brent.gov.uk.xml b/src/chrome/content/rules/Brent.gov.uk.xml
index af6a6f2f528b..8201a7e5b342 100644
--- a/src/chrome/content/rules/Brent.gov.uk.xml
+++ b/src/chrome/content/rules/Brent.gov.uk.xml
@@ -10,7 +10,7 @@
 		- server2 ᵃ
 
 	ᵃ Shows another domain
-	ᵈ Dropped	
+	ᵈ Dropped
 
 
 	Problematic hosts in *brent.gov.uk:
diff --git a/src/chrome/content/rules/Bridges-Foundation.org.xml b/src/chrome/content/rules/Bridges-Foundation.org.xml
new file mode 100644
index 000000000000..ae42a7bfb7fa
--- /dev/null
+++ b/src/chrome/content/rules/Bridges-Foundation.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bridges-Foundation.org">
+	<target host="bridges-foundation.org" />
+	<target host="www.bridges-foundation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bridgew.edu.xml b/src/chrome/content/rules/Bridgew.edu.xml
new file mode 100644
index 000000000000..0574af58acf3
--- /dev/null
+++ b/src/chrome/content/rules/Bridgew.edu.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- bsuweather.bridgew.edu
+		- cas-dev.bridgew.edu
+		- ems.bridgew.edu
+		- infobear.bridgew.edu
+		- maxwell.bridgew.edu
+		- mobile.bridgew.edu
+		- my.bridgew.edu
+		- parking.bridgew.edu
+		- reslife.bridgew.edu
+		- search.bridgew.edu
+		- services.bridgew.edu
+		- webhost.bridgew.edu
+		- webwork.bridgew.edu
+		- beis2-prd.bridgew.edu:4443
+		- dgw1-prd.bridgew.edu:6789
+
+		Incomplete certificate chain error:
+		- catalog.bridgew.edu
+-->
+<ruleset name="Bridgew.edu">
+	<target host="bridgew.edu" />
+	<target host="www.bridgew.edu" />
+	<target host="alumni.bridgew.edu" />
+	<target host="arts.bridgew.edu" />
+	<target host="bridgew-stg.bridgew.edu" />
+	<target host="cc2bsu.bridgew.edu" />
+	<target host="handbook.bridgew.edu" />
+	<target host="in.bridgew.edu" />
+	<target host="jobs.bridgew.edu" />
+	<target host="library.bridgew.edu" />
+	<target host="microsites.bridgew.edu" />
+	<target host="mybsu.bridgew.edu" />
+	<target host="opportunities.bridgew.edu" />
+	<target host="remote.bridgew.edu" />
+	<target host="strategy.bridgew.edu" />
+	<target host="vc.bridgew.edu" />
+	<target host="youdecide.bridgew.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bridgeways.com.xml b/src/chrome/content/rules/Bridgeways.com.xml
index 5a91dbedb67e..45849b05e456 100644
--- a/src/chrome/content/rules/Bridgeways.com.xml
+++ b/src/chrome/content/rules/Bridgeways.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bridgeways.com/ => https://bridgeways.com/: (7, 'Failed to connect to bridgeways.com port 443: Connection timed out')
 
 -->
-<ruleset name="Bridgeways.com" default_off='failed ruleset test'>
+<ruleset name="Bridgeways.com" default_off="failed ruleset test">
 
 	<target host="bridgeways.com" />
 	<target host="www.bridgeways.com" />
diff --git a/src/chrome/content/rules/BrieHost.com.xml b/src/chrome/content/rules/BrieHost.com.xml
deleted file mode 100644
index 0bb021801fbb..000000000000
--- a/src/chrome/content/rules/BrieHost.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="BrieHost.com">
-
-	<target host="briehost.com" />
-	<target host="www.briehost.com" />
-
-
-	<securecookie host="^\.briehost\.com$" name="^__cfduid$" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BrightRoll.xml b/src/chrome/content/rules/BrightRoll.xml
deleted file mode 100644
index 1597ecdf0495..000000000000
--- a/src/chrome/content/rules/BrightRoll.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	For other Yahoo coverage, see Yahoo.xml
-
-
-	CDN buckets:
-
-		- d1ibts9hn2apvm.cloudfront.net
-
-			- cache.btrll.com
-
-
-	Problematic domains:
-
-		- www3.brightroll.com		(works, mismatched, CN: *.pardot.com)
-
-
-	Nonfunctional domains:
-
-		- (www.)brightroll.com
-
-
-	Insecure cookies are set for these domains:
-
-		- .btrll.com
-
--->
-<ruleset name="Btrll.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cache.btrll.com" />
-	<target host="pix.btrll.com" />
-	<target host="segs.btrll.com" />
-	<target host="ssegs.btrll.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.btrll\.com$" name="^BR_APS$" /-->
-
-	<securecookie host="^\.btrll\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BrightTALK.com.xml b/src/chrome/content/rules/BrightTALK.com.xml
index 57336ca21320..5584b9739f79 100644
--- a/src/chrome/content/rules/BrightTALK.com.xml
+++ b/src/chrome/content/rules/BrightTALK.com.xml
@@ -1,15 +1,5 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://go.brighttalk.com/css/mktLPSupport.css (200) => https://na-sji.marketo.com/css/mktLPSupport.css (403)
-Non-2xx HTTP code: http://go.brighttalk.com/rs/brighttalk/images/MME_logo_white.png (200) => https://na-sji.marketo.com/rs/brighttalk/images/MME_logo_white.png (403)
-Non-2xx HTTP code: http://go.brighttalk.com/?f (200) => https://app-sji.marketo.com/ (403)
-Non-2xx HTTP code: http://go.brighttalk.com/?o (200) => https://app-sji.marketo.com/ (403)
-Non-2xx HTTP code: http://go.brighttalk.com/?b (200) => https://app-sji.marketo.com/ (403)
-Non-2xx HTTP code: http://go.brighttalk.com/?a (200) => https://app-sji.marketo.com/ (403)
-Non-2xx HTTP code: http://go.brighttalk.com/?r (200) => https://app-sji.marketo.com/ (403)
-Non-2xx HTTP code: http://go.brighttalk.com/ (200) => https://app-sji.marketo.com/ (403)
-
 	Nonfunctional hosts:
 
 		go *
@@ -35,58 +25,21 @@ Non-2xx HTTP code: http://go.brighttalk.com/ (200) => https://app-sji.marketo.co
 		- blog.brighttalk.com
 
 -->
-<ruleset name="BrightTALK.com (partial)" default_off='failed ruleset test'>
+<ruleset name="BrightTALK.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="brighttalk.com" />
 	<!--target host="blog.brighttalk.com" /-->
+	<target host="business.brighttalk.com" />
 	<target host="support.brighttalk.com" />
 	<target host="www.brighttalk.com" />
 
-	<!--	Complications:
-				-->
-	<target host="go.brighttalk.com" />
-
-		<exclusion pattern="^http://go\.brighttalk\.com/+(?!$|\?|css/|images/|rs/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://go.brighttalk.com/ANNUITAS_B2B_Enterprise_Demand-Generation_Download.html" />
-			<test url="http://go.brighttalk.com/MME15.html" />
-			<test url="http://go.brighttalk.com/Top5-ITGRC-2013.html" />
-			<test url="http://go.brighttalk.com/Top5-Marketing-2013.html" />
-			<test url="http://go.brighttalk.com/ethernet-is-the-right-fit-for-the-Software-Defined-Data-Center.html" />
-			<test url="http://go.brighttalk.com/legendary-marketing-guide.html" />
-			<test url="http://go.brighttalk.com/oes.html" />
-
-			<!--	-ve:
-					-->
-			<test url="http://go.brighttalk.com/css/mktLPSupport.css" />
-			<test url="http://go.brighttalk.com/rs/brighttalk/images/MME_logo_white.png" />
-
-
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^blog\.brighttalk\.com$" name="^(JSESSIONID|ss_sd)$" /-->
 
 
-	<!--	Redirect drops forward slash and args:
-							-->
-	<rule from="^http://go\.brighttalk\.com/+(?:\?.*)?$"
-		to="https://app-sji.marketo.com/" />
-
-			<test url="http://go.brighttalk.com/?f" />
-			<test url="http://go.brighttalk.com/?o" />
-			<test url="http://go.brighttalk.com//?o" />
-			<test url="http://go.brighttalk.com/?b" />
-			<test url="http://go.brighttalk.com/?a" />
-			<test url="http://go.brighttalk.com/?r" />
-
-	<rule from="^http://go\.brighttalk\.com/"
-		to="https://na-sji.marketo.com/" />
-
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/BrightTag-problematic.xml b/src/chrome/content/rules/BrightTag-problematic.xml
index f33b8b8b068d..d1b6063a2c5b 100644
--- a/src/chrome/content/rules/BrightTag-problematic.xml
+++ b/src/chrome/content/rules/BrightTag-problematic.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?(?:the)?brighttag\.com/"
 		to="https://www.brighttag.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BrightTag.xml b/src/chrome/content/rules/BrightTag.xml
index fa46b31461c1..062d69a51438 100644
--- a/src/chrome/content/rules/BrightTag.xml
+++ b/src/chrome/content/rules/BrightTag.xml
@@ -5,7 +5,6 @@
 	Other BrightTag rulesets:
 
 		- BTstatic.com.xml
-		- SiteTagger.co.uk.xml
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/Bright_Hub.com.xml b/src/chrome/content/rules/Bright_Hub.com.xml
index 66209875a326..75807a4e0660 100644
--- a/src/chrome/content/rules/Bright_Hub.com.xml
+++ b/src/chrome/content/rules/Bright_Hub.com.xml
@@ -34,7 +34,7 @@ Fetch error: http://s.brighthub.com/ => https://s.brighthub.com/: (51, "SSL: no
 	* Works, akamai
 
 -->
-<ruleset name="Bright Hub.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bright Hub.com (partial)" default_off="failed ruleset test">
 
 	<target host="ss.brighthub.com" />
 	<target host="s.brighthub.com" />
diff --git a/src/chrome/content/rules/Bright_Kids_NYC.xml b/src/chrome/content/rules/Bright_Kids_NYC.xml
index 84041795e2c3..a941d57e499d 100644
--- a/src/chrome/content/rules/Bright_Kids_NYC.xml
+++ b/src/chrome/content/rules/Bright_Kids_NYC.xml
@@ -8,10 +8,10 @@ Fetch error: http://brightkidsnyc.com/ => https://www.brightkidsnyc.com/: (7, 'F
 		- ^	(expired 2012-04-18)
 
 -->
-<ruleset name="Bright Kids NYC" default_off='failed ruleset test'>
+<ruleset name="Bright Kids NYC" default_off="failed ruleset test">
 
 	<target host="brightkidsnyc.com" />
-	<target host="*.brightkidsnyc.com" />
+	<target host="www.brightkidsnyc.com" />
 
 
 	<securecookie host="^(?:www)?\.brightkidsnyc.com$" name=".+" />
diff --git a/src/chrome/content/rules/Brighton.xml b/src/chrome/content/rules/Brighton.xml
index 9d8a28477746..6c0f6907c76c 100644
--- a/src/chrome/content/rules/Brighton.xml
+++ b/src/chrome/content/rules/Brighton.xml
@@ -7,7 +7,7 @@
 	<target host="brighton.com" />
 	<target host="www.brighton.com" />
 	<target host="brightoncollectibles.com" />
-	<target host="*.brightoncollectibles.com" />
+	<target host="www.brightoncollectibles.com" />
 
 
 	<securecookie host="\.brightoncollectibles\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(www\.)?brightoncollectibles\.com/"
 		to="https://$1brightoncollectibles.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bring_the_Gig.xml b/src/chrome/content/rules/Bring_the_Gig.xml
index a2a39a1b654c..1fda8fcad4c3 100644
--- a/src/chrome/content/rules/Bring_the_Gig.xml
+++ b/src/chrome/content/rules/Bring_the_Gig.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brinkster.com.xml b/src/chrome/content/rules/Brinkster.com.xml
index 18cf85c4bb65..ece5514e42ee 100644
--- a/src/chrome/content/rules/Brinkster.com.xml
+++ b/src/chrome/content/rules/Brinkster.com.xml
@@ -10,13 +10,15 @@
 <ruleset name="Brinkster.com">
 
 	<target host="brinkster.com" />
-	<target host="*.brinkster.com" />
+	<target host="help.brinkster.com" />
+	<target host="secure.brinkster.com" />
+	<target host="webmail.brinkster.com" />
+	<target host="www.brinkster.com" />
 
 
 	<securecookie host="^(?:webmail)?\.brinkster\.com$" name=".+" />
 
 
-	<rule from="^http://((?:help|secure|webmail|www)\.)?brinkster\.com/"
-		to="https://$1brinkster.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Britannica.com.xml b/src/chrome/content/rules/Britannica.com.xml
index 98d1b4204293..40f0bfa3d098 100644
--- a/src/chrome/content/rules/Britannica.com.xml
+++ b/src/chrome/content/rules/Britannica.com.xml
@@ -41,7 +41,9 @@
 <ruleset name="Britannica.com (partial)">
 
 	<target host="britannica.com" />
-	<target host="*.britannica.com" />
+	<target host="www.britannica.com" />
+	<target host="safe.britannica.com" />
+	<target host="safe1.britannica.com" />
 
 
 	<!--securecookie host="^\.britannica\.com$" name="^bcomID$" /-->
@@ -51,7 +53,6 @@
 	<rule from="^http://(?:www\.)?britannica\.com/"
 		to="https://www.britannica.com/" />
 
-	<rule from="^http://safe(1)?\.britannica\.com/"
-		to="https://safe$1.britannica.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Britcoin.co.uk.xml b/src/chrome/content/rules/Britcoin.co.uk.xml
index 61b96d9383d0..281c1deecca5 100644
--- a/src/chrome/content/rules/Britcoin.co.uk.xml
+++ b/src/chrome/content/rules/Britcoin.co.uk.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://britcoin.co.uk/ => https://www.britcoin.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.britcoin.co.uk'")
 Fetch error: http://www.britcoin.co.uk/ => https://www.britcoin.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.britcoin.co.uk'")
 -->
-<ruleset name="Britcoin.co.uk" default_off='failed ruleset test'>
+<ruleset name="Britcoin.co.uk" default_off="failed ruleset test">
   <target host="britcoin.co.uk" />
   <target host="www.britcoin.co.uk" />
 
diff --git a/src/chrome/content/rules/BriteObjects.xml b/src/chrome/content/rules/BriteObjects.xml
index 80753507c5c3..bc6562ff399c 100644
--- a/src/chrome/content/rules/BriteObjects.xml
+++ b/src/chrome/content/rules/BriteObjects.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?briteobjects\.com/"
 		to="https://www.briteobjects.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/British-Airways.xml b/src/chrome/content/rules/British-Airways.xml
new file mode 100644
index 000000000000..4d80e816977f
--- /dev/null
+++ b/src/chrome/content/rules/British-Airways.xml
@@ -0,0 +1,75 @@
+<!--
+	britishairways.com:
+		Mismatch:
+			- mediacentre.britishairways.com
+
+
+	ba.com:
+		Mismatch:
+			- behindthedesign.ba.com
+			- www.behindthedesign.ba.com
+			- businesslife.ba.com
+			- highlife.ba.com
+			- pictureyourholiday.ba.com
+			- press.ba.com
+			- responsibleflying.ba.com
+			- shopping.ba.com, equivalent to www.shopping.ba.com
+			- terminal5.ba.com
+			- www.terminal5.ba.com
+
+		Refused:
+			- londonaustin.ba.com
+			- theclub.ba.com
+
+		Timed out:
+			- www.holidays.ba.com
+			- onlinestandards.ba.com
+			- ournewplanes.ba.com
+			- taxi.ba.com
+
+
+	batraveltrade.com:
+		Mismatch:
+			- batraveltrade.com, equivalent to www.batraveltrade.com
+-->
+
+<ruleset name="British Airways">
+	<!-- britishairways.com -->
+	<target host="britishairways.com" />
+	<target host="www.britishairways.com" />
+	<target host="baggageclaim.britishairways.com" />
+	<target host="disruptionclaim.britishairways.com" />
+	<target host="onbusiness.britishairways.com" />
+	<target host="origin-www.britishairways.com" />
+	<target host="wap.britishairways.com" />
+
+	<securecookie host="^(?:.*\.)?britishairways.com$" name=".+" />
+
+
+	<!-- ba.com -->
+	<target host="ba.com" />
+	<target host="www.ba.com" />
+	<target host="careers.ba.com" />
+	<target host="developer.ba.com" />
+	<target host="hotline.ba.com" />
+	<target host="idtravel.ba.com" />
+	<target host="jobs.ba.com" />
+	<target host="www.shopping.ba.com" />
+	<target host="shopping.ba.com" />
+	<target host="stafftravel.ba.com" />
+
+	<rule from="^http://shopping\.ba\.com/"
+		  to="https://www.shopping.ba.com/" />
+
+
+	<!-- batraveltrade.com -->
+	<target host="batraveltrade.com" />
+	<target host="www.batraveltrade.com" />
+	<target host="softdollar.batraveltrade.com" />
+
+	<rule from="^http://batraveltrade\.com/"
+		  to="https://www.batraveltrade.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/British_Airline_Pilots_Association.xml b/src/chrome/content/rules/British_Airline_Pilots_Association.xml
deleted file mode 100644
index 702009cb81ad..000000000000
--- a/src/chrome/content/rules/British_Airline_Pilots_Association.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="British Airline Pilots Association">
-    <target host="balpa.org" />
-    <target host="*.balpa.org" />
-
-    <rule from="^http://balpa\.org/"
-        to="https://www.balpa.org/"/>
-    <rule from="^http://([^/:@]+)?\.balpa\.org/"
-        to="https://$1.balpa.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/British_National_Formulary.xml b/src/chrome/content/rules/British_National_Formulary.xml
index f846d958796a..152982b6fd45 100644
--- a/src/chrome/content/rules/British_National_Formulary.xml
+++ b/src/chrome/content/rules/British_National_Formulary.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?bnf\.org/bnf/((?:account|login|password|request_registration)\.htm|images/|style/|theme/)"
 		to="https://www.bnf.org/bnf/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/British_Red_Cross.xml b/src/chrome/content/rules/British_Red_Cross.xml
index 47a8090eacbe..cc19ff1c27cc 100644
--- a/src/chrome/content/rules/British_Red_Cross.xml
+++ b/src/chrome/content/rules/British_Red_Cross.xml
@@ -28,7 +28,12 @@
 <ruleset name="British Red Cross (partial)">
 
 	<target host="redcross.org.uk" />
-	<target host="*.redcross.org.uk" />
+	<target host="www.redcross.org.uk" />
+	<target host="giftshop.redcross.org.uk" />
+	<target host="www.giftshop.redcross.org.uk" />
+	<target host="everydayfirstaid.redcross.org.uk" />
+	<target host="www.everydayfirstaid.redcross.org.uk" />
+	<target host="m.redcross.org.uk" />
 		<exclusion pattern="^http://(?:m\.|www\.)?redcross\.org\.uk/(?!(?:[\w/-]+/)?~/media/|css/|images/)" />
 
 
@@ -41,7 +46,6 @@
 	<rule from="^http://(?:www\.)?giftshop\.redcross\.org\.uk/"
 		to="https://giftshop.redcross.org.uk/" />
 
-	<rule from="^http://((?:www\.)?everydayfirstaid|m)\.redcross\.org\.uk/"
-		to="https://$1.redcross.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Britishindiancurries.com.xml b/src/chrome/content/rules/Britishindiancurries.com.xml
deleted file mode 100644
index 7d41104726df..000000000000
--- a/src/chrome/content/rules/Britishindiancurries.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Britishindiancurries.com">
-	<target host="britishindiancurries.com" />
-	<target host="www.britishindiancurries.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Britishindiancurries.de.xml b/src/chrome/content/rules/Britishindiancurries.de.xml
deleted file mode 100644
index f867e770462d..000000000000
--- a/src/chrome/content/rules/Britishindiancurries.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Britishindiancurries.de">
-	<target host="britishindiancurries.de" />
-	<target host="www.britishindiancurries.de" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Brixwork.com.xml b/src/chrome/content/rules/Brixwork.com.xml
index 6680ea03b567..8f75080ba5ff 100644
--- a/src/chrome/content/rules/Brixwork.com.xml
+++ b/src/chrome/content/rules/Brixwork.com.xml
@@ -32,4 +32,4 @@ Fetch error: http://www.brixwork.com/ => https://www.brixwork.com/: Cycle detect
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Broad-Institute.xml b/src/chrome/content/rules/Broad-Institute.xml
index c8a3e480fd6e..f188fbe70755 100644
--- a/src/chrome/content/rules/Broad-Institute.xml
+++ b/src/chrome/content/rules/Broad-Institute.xml
@@ -2,7 +2,7 @@
 
 	<target host="broadinstitute.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.broadinstitute.org" />
+	<target host="www.broadinstitute.org" />
 
 
 	<securecookie host="(?:www)?\.broadinstitute\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Broadband-Forum.org.xml b/src/chrome/content/rules/Broadband-Forum.org.xml
index af3515c30794..1a28b4da80bb 100644
--- a/src/chrome/content/rules/Broadband-Forum.org.xml
+++ b/src/chrome/content/rules/Broadband-Forum.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://broadband-forum.org/ => https://broadband-forum.org/: (51, "SSL: no alternative certificate subject name matches target host name 'broadband-forum.org'")
 
 -->
-<ruleset name="Broadband-Forum.org" default_off='failed ruleset test'>
+<ruleset name="Broadband-Forum.org" default_off="failed ruleset test">
 
 	<target host="broadband-forum.org" />
 	<target host="www.broadband-forum.org" />
diff --git a/src/chrome/content/rules/Broadband_Convergent.xml b/src/chrome/content/rules/Broadband_Convergent.xml
index ba155a7d294f..1ede5484572a 100644
--- a/src/chrome/content/rules/Broadband_Convergent.xml
+++ b/src/chrome/content/rules/Broadband_Convergent.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Broadband_Map.gov.xml b/src/chrome/content/rules/Broadband_Map.gov.xml
deleted file mode 100644
index 3c4e38d036cb..000000000000
--- a/src/chrome/content/rules/Broadband_Map.gov.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-
-
-	Mixed content:
-
-		- Images from www.broadbandmap.gov *
-
-	* Secured by us
-
--->
-<ruleset name="Broadband Map.gov">
-
-	<target host="broadbandmap.gov" />
-	<target host="www.broadbandmap.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Broadbandchoices.co.uk.xml b/src/chrome/content/rules/Broadbandchoices.co.uk.xml
deleted file mode 100644
index 0bd9b027d9ab..000000000000
--- a/src/chrome/content/rules/Broadbandchoices.co.uk.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(dropped)
-
-
-	CN: *.cloudfront.net
-
--->
-<ruleset name="broadbandchoices.co.uk" default_off="mismatched">
-
-	<target host="broadbandchoices.co.uk" />
-	<target host="www.broadbandchoices.co.uk" />
-
-
-	<rule from="^http://(?:www\.)?broadbandchoices\.co\.uk/"
-		to="https://www.broadbandchoices.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BroadcastJobs.co.uk.xml b/src/chrome/content/rules/BroadcastJobs.co.uk.xml
index 6e7ae71fd4f9..8f416a4cdb6c 100644
--- a/src/chrome/content/rules/BroadcastJobs.co.uk.xml
+++ b/src/chrome/content/rules/BroadcastJobs.co.uk.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Broadcasthe.net.xml b/src/chrome/content/rules/Broadcasthe.net.xml
index cce686ad2d7e..71d1d85f43cf 100644
--- a/src/chrome/content/rules/Broadcasthe.net.xml
+++ b/src/chrome/content/rules/Broadcasthe.net.xml
@@ -1,23 +1,12 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://btnapps.net/ => https://btnapps.net/: (7, 'Failed to connect to btnapps.net port 443: Connection refused')
-Fetch error: http://www.btnapps.net/ => https://www.btnapps.net/: (7, 'Failed to connect to www.btnapps.net port 443: Connection refused')
-Fetch error: http://api.btnapps.net/ => https://api.btnapps.net/: (7, 'Failed to connect to api.btnapps.net port 443: Connection refused')
-
--->
-<ruleset name="BroadcasTheNet" default_off='failed ruleset test'>
+<ruleset name="BroadcasTheNet">
 	<target host="broadcasthe.net" />
-		<target host="www.broadcasthe.net" />
-		<target host="cdn.broadcasthe.net" />
-		<target host="cdn2.broadcasthe.net" />
-		<target host="piwik.broadcasthe.net" />
-		<target host="static.broadcasthe.net" />
-	<target host="btnapps.net" />
-		<target host="www.btnapps.net" />
-		<target host="api.btnapps.net" />
+	<target host="www.broadcasthe.net" />
+	<target host="cdn.broadcasthe.net" />
+	<target host="cdn2.broadcasthe.net" />
+	<target host="piwik.broadcasthe.net" />
+	<target host="static.broadcasthe.net" />
 
-	<securecookie host="^(?:.*\.)?broadcastthe\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 			to="https:" />
diff --git a/src/chrome/content/rules/Broadcom.xml b/src/chrome/content/rules/Broadcom.xml
index be81ead0acc2..21b191f4d79c 100644
--- a/src/chrome/content/rules/Broadcom.xml
+++ b/src/chrome/content/rules/Broadcom.xml
@@ -36,7 +36,7 @@ Fetch error: http://jobs.broadcom.com/ => https://jobs.broadcom.com/: (28, 'Conn
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Broadcom.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Broadcom.com (partial)" default_off="failed ruleset test">
 
 	<target host="broadcom.com" />
 	<target host="community.broadcom.com" />
diff --git a/src/chrome/content/rules/Broadcom_Foundation.org.xml b/src/chrome/content/rules/Broadcom_Foundation.org.xml
index c63e72303640..a318fbcbe57f 100644
--- a/src/chrome/content/rules/Broadcom_Foundation.org.xml
+++ b/src/chrome/content/rules/Broadcom_Foundation.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.broadcomfoundation.org/ => https://www.broadcomfoundatio
 	* Secured by us
 
 -->
-<ruleset name="Broadcom Foundation.org" default_off='failed ruleset test'>
+<ruleset name="Broadcom Foundation.org" default_off="failed ruleset test">
 
 	<target host="broadcomfoundation.org" />
 	<target host="www.broadcomfoundation.org" />
diff --git a/src/chrome/content/rules/Brockman.xml b/src/chrome/content/rules/Brockman.xml
index ca0d118146ac..d86d484a27b1 100644
--- a/src/chrome/content/rules/Brockman.xml
+++ b/src/chrome/content/rules/Brockman.xml
@@ -11,4 +11,4 @@
 	<rule from="^http:" to="https:" />
 
 </ruleset>
-	
\ No newline at end of file
+
diff --git a/src/chrome/content/rules/Bromley.gov.uk.xml b/src/chrome/content/rules/Bromley.gov.uk.xml
index ccdff4eaad70..97c0fe18a234 100644
--- a/src/chrome/content/rules/Bromley.gov.uk.xml
+++ b/src/chrome/content/rules/Bromley.gov.uk.xml
@@ -10,7 +10,8 @@
 <ruleset name="Bromley.gov.uk">
 
 	<target host="bromley.gov.uk" />
-	<target host="*.bromley.gov.uk" />
+	<target host="www.bromley.gov.uk" />
+	<target host="fix.bromley.gov.uk" />
 
 
 	<securecookie host="^\.?www\.bromley\.gov\.uk$" name=".+" />
@@ -19,7 +20,6 @@
 	<rule from="^http://(?:www\.)?bromley\.gov\.uk/"
 		to="https://www.bromley.gov.uk/" />
 
-	<rule from="^http://fix\.bromley\.gov\.uk/"
-		to="https://fix.bromley.gov.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bronto_Software.xml b/src/chrome/content/rules/Bronto_Software.xml
index 7d5febd75b48..5eea94b0e242 100644
--- a/src/chrome/content/rules/Bronto_Software.xml
+++ b/src/chrome/content/rules/Bronto_Software.xml
@@ -60,4 +60,4 @@
 	<rule from="^http://hosting\.fyleio\.com/"
 		to="https://hosting.fyleio.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bronxzoo.com.xml b/src/chrome/content/rules/Bronxzoo.com.xml
new file mode 100644
index 000000000000..de53f05903b4
--- /dev/null
+++ b/src/chrome/content/rules/Bronxzoo.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid Server Name:
+		www.bronxzoo.com
+		pages.bronxzoo.com
+	Redirect off-site:
+		apps.bronxzoo.com
+
+-->
+
+<ruleset name="Bronxzoo.com">
+	<target host="bronxzoo.com" />
+	<target host="app.bronxzoo.com" />
+
+	<securecookie host="(app\.)?bronxzoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brookings_Institution.xml b/src/chrome/content/rules/Brookings_Institution.xml
index a86346cdcb39..050c6e9113f4 100644
--- a/src/chrome/content/rules/Brookings_Institution.xml
+++ b/src/chrome/content/rules/Brookings_Institution.xml
@@ -19,4 +19,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"	to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Brookline_College.edu.xml b/src/chrome/content/rules/Brookline_College.edu.xml
index ceb52b7d0d74..235b867ba652 100644
--- a/src/chrome/content/rules/Brookline_College.edu.xml
+++ b/src/chrome/content/rules/Brookline_College.edu.xml
@@ -12,10 +12,14 @@ Non-2xx HTTP code: http://brooklinecollege.edu/ (200) => https://brooklinecolleg
 	* Secured by us
 
 -->
-<ruleset name="Brookline College.edu" default_off='failed ruleset test'>
+<ruleset name="Brookline College.edu" default_off="failed ruleset test">
 
 	<target host="brooklinecollege.edu" />
-	<target host="*.brooklinecollege.edu" />
+	<target host="apply.brooklinecollege.edu" />
+	<target host="fa.brooklinecollege.edu" />
+	<target host="fbapp.brooklinecollege.edu" />
+	<target host="mysite.brooklinecollege.edu" />
+	<target host="www.brooklinecollege.edu" />
 
 
 	<!--	Not secured by server:
@@ -23,7 +27,6 @@ Non-2xx HTTP code: http://brooklinecollege.edu/ (200) => https://brooklinecolleg
 	<securecookie host="^\.?brooklinecollege\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:apply|fa|fbapp|mysite|www)\.)?brooklinecollege\.edu/"
-		to="https://$1brooklinecollege.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/BrooksBrothers.com.xml b/src/chrome/content/rules/BrooksBrothers.com.xml
new file mode 100644
index 000000000000..1f78b2e4441f
--- /dev/null
+++ b/src/chrome/content/rules/BrooksBrothers.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		- brooksbrothers.com, equivalent to www.brooksbrothers.com
+		- membership.brooksbrothers.com
+-->
+
+<ruleset name="BrooksBrothers.com">
+	<target host="brooksbrothers.com" />
+	<target host="www.brooksbrothers.com" />
+	<target host="pages.emails.brooksbrothers.com" />
+	<target host="magazine.brooksbrothers.com" />
+	<target host="origin-www2.brooksbrothers.com" />
+	<target host="stories.brooksbrothers.com" />
+	<target host="vpn.brooksbrothers.com" />
+
+	<rule from="^http://brooksbrothers\.com/"
+		to="https://www.brooksbrothers.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Brookside_Capital.xml b/src/chrome/content/rules/Brookside_Capital.xml
index 0a0366961dc6..fb4575e5324f 100644
--- a/src/chrome/content/rules/Brookside_Capital.xml
+++ b/src/chrome/content/rules/Brookside_Capital.xml
@@ -6,15 +6,15 @@ Fetch error: http://brooksidefund.com/ => https://brooksidefund.com/: (51, "SSL:
 Disabled by https-everywhere-checker because:
 Fetch error: http://brooksidefund.com/ => https://brooksidefund.com/: (51, "SSL: no alternative certificate subject name matches target host name 'brooksidefund.com'")
 -->
-<ruleset name="Brookside Capital" default_off='failed ruleset test'>
+<ruleset name="Brookside Capital" default_off="failed ruleset test">
 
 	<target host="brooksidefund.com" />
 	<target host="www.brooksidefund.com" />
 
 
-	<securecookie host="^(?:.*\.)?brooksidefund\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BroomeCC.xml b/src/chrome/content/rules/BroomeCC.xml
index 8f93e9270848..526887bc4a7c 100644
--- a/src/chrome/content/rules/BroomeCC.xml
+++ b/src/chrome/content/rules/BroomeCC.xml
@@ -41,7 +41,7 @@ Fetch error: http://bccserve.sunybroome.edu/ => https://bccserve.sunybroome.edu/
 	¹ Secured by us
 
 -->
-<ruleset name="Suny Broome.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Suny Broome.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Brown-Paper-Tickets.xml b/src/chrome/content/rules/Brown-Paper-Tickets.xml
index 6f0a66cb4106..8b717d9ba611 100644
--- a/src/chrome/content/rules/Brown-Paper-Tickets.xml
+++ b/src/chrome/content/rules/Brown-Paper-Tickets.xml
@@ -15,7 +15,7 @@ Fetch error: http://brownpapertickets.com/ => https://www.brownpapertickets.com/
 		<!--	!work	-->
 		<exclusion pattern="^http://community\."/>
 
-  <!-- JS redirection loop :( 
+  <!-- JS redirection loop :(
        https://trac.torproject.org/projects/tor/ticket/6573 -->
   <exclusion pattern="^http://(?:www\.)?brownpapertickets\.com/event/" />
 
diff --git a/src/chrome/content/rules/BrowseAloud.com.xml b/src/chrome/content/rules/BrowseAloud.com.xml
index 4038a270b0f8..59ffba778978 100644
--- a/src/chrome/content/rules/BrowseAloud.com.xml
+++ b/src/chrome/content/rules/BrowseAloud.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://browsealoud.com/ => https://browsealoud.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="BrowseAloud.com" default_off='failed ruleset test'>
+<ruleset name="BrowseAloud.com" default_off="failed ruleset test">
 
 	<target host="browsealoud.com" />
 	<target host="www.browsealoud.com" />
diff --git a/src/chrome/content/rules/BrowserLeaks.xml b/src/chrome/content/rules/BrowserLeaks.xml
deleted file mode 100644
index b9b0abbc194d..000000000000
--- a/src/chrome/content/rules/BrowserLeaks.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="BrowserLeaks.com">
-
-	<target host="browserleaks.com" />
-	<target host="www.browserleaks.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BrowserShots.xml b/src/chrome/content/rules/BrowserShots.xml
index a3d155b58aaa..0810431b50dd 100644
--- a/src/chrome/content/rules/BrowserShots.xml
+++ b/src/chrome/content/rules/BrowserShots.xml
@@ -8,11 +8,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://browsershots.org/ => https://browsershots.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.browsershots.org/ => https://browsershots.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="BrowserShots" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="BrowserShots" platform="mixedcontent" default_off="failed ruleset test">
   <target host="browsershots.org"/>
   <target host="www.browsershots.org"/>
 
-  <securecookie host="^(?:.+\.)?browsershots\.org$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?browsershots\.org/" to="https://browsershots.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Browser_Hacker.com.xml b/src/chrome/content/rules/Browser_Hacker.com.xml
index d4cc029a9df2..c15fdec063ee 100644
--- a/src/chrome/content/rules/Browser_Hacker.com.xml
+++ b/src/chrome/content/rules/Browser_Hacker.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.browserhacker.com/ => https://browserhacker.com/: (6, 'C
 	www.browserhacker.com: Refused
 
 -->
-<ruleset name="Browser Hacker.com" default_off='failed ruleset test'>
+<ruleset name="Browser Hacker.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Browserprint.info.xml b/src/chrome/content/rules/Browserprint.info.xml
index 29eafe1dc572..3f4d1f0158d4 100644
--- a/src/chrome/content/rules/Browserprint.info.xml
+++ b/src/chrome/content/rules/Browserprint.info.xml
@@ -39,7 +39,7 @@
 	<target host="hsts29.browserprint.info" />
 	<target host="hsts30.browserprint.info" />
 	<target host="hsts31.browserprint.info" />
-	<target host="hsts32.browserprint.info" /> 
+	<target host="hsts32.browserprint.info" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Browsersafetymark.io.xml b/src/chrome/content/rules/Browsersafetymark.io.xml
index 6e0d52762c82..65d0f8466b9a 100644
--- a/src/chrome/content/rules/Browsersafetymark.io.xml
+++ b/src/chrome/content/rules/Browsersafetymark.io.xml
@@ -6,7 +6,7 @@ Fetch error: http://fpd3a.browsersafetymark.io/ => https://fpd3a.browsersafetyma
 Fetch error: http://fp3a.websafetymark.io/ => https://fp3a.websafetymark.io/: (6, 'Could not resolve host: fp3a.websafetymark.io')
 Fetch error: http://fpd3a.websafetymark.io/ => https://fpd3a.websafetymark.io/: (6, 'Could not resolve host: fpd3a.websafetymark.io')
  This is for a site testing for installation of HTTPS Everywhere -->
-<ruleset name="Browsersafetymark.io" default_off='failed ruleset test'>
+<ruleset name="Browsersafetymark.io" default_off="failed ruleset test">
 	<target host="fp3a.browsersafetymark.io" />
 	<target host="fpd3a.browsersafetymark.io" />
 	<target host="fp3a.websafetymark.io" />
diff --git a/src/chrome/content/rules/BtcTrade.com.xml b/src/chrome/content/rules/BtcTrade.com.xml
deleted file mode 100644
index e3ac4fe3c067..000000000000
--- a/src/chrome/content/rules/BtcTrade.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.btctrade.com
-
--->
-<ruleset name="BtcTrade.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="btctrade.com" />
-	<target host="www.btctrade.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.btctrade\.com$" name="^(PHPSESSID|USER_PW|lang)$" /-->
-
-	<securecookie host="^www\.btctrade\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bter.com.xml b/src/chrome/content/rules/Bter.com.xml
deleted file mode 100644
index 34750b1bc7e9..000000000000
--- a/src/chrome/content/rules/Bter.com.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dn-bterimg.qbox.me
-
-
-	Nonfunctional subdomains:
-
-		- support *
-
-	* Zendesk
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- bter.com
-		- .bter.com
-
-
-	Mixed content:
-
-		- Bug on ^ from c.statcounter.com *
-
-	* Secured by us
-
--->
-<ruleset name="Bter.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bter.com" />
-	<target host="cn.bter.com" />
-	<target host="www.bter.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bter\.com$" name="^(lasturl|ref_uid)$" /-->
-	<!--securecookie host="^\.bter\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.?bter\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/BuKoF.de.xml b/src/chrome/content/rules/BuKoF.de.xml
new file mode 100644
index 000000000000..c57c90375b96
--- /dev/null
+++ b/src/chrome/content/rules/BuKoF.de.xml
@@ -0,0 +1,13 @@
+<!--
+	This ruleset contains a wildcard DNS record.
+-->
+<ruleset name="BuKoF.de">
+
+	<target host="bukof.de" />
+	<target host="www.bukof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bucket_Explorer.com.xml b/src/chrome/content/rules/Bucket_Explorer.com.xml
deleted file mode 100644
index b84ac2c0294f..000000000000
--- a/src/chrome/content/rules/Bucket_Explorer.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For other Chambal coverage, see Chambal.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/coppermine.bucketexplorer.com/
-		- d1davc07w1ubq9.cloudfront.net | s3.amazonaws.com/images.bucketexplorer.com/
-		- s3.amazonaws.com/www.bucketexplorer.com/
-
-
-	Nonfunctional subdomains:
-
-		- ^ *
-		- gallery *
-		- support *
-		- www		(interrupted)
-
-	* http reply
-
-
-	Problematic subdomains:
-
-		- coppermine	(shows accounts; mismatched, CN: accounts.chambal.com)
-
--->
-<ruleset name="Bucket Explorer.com (partial)">
-
-	<target host="bucketexplorer.com" />
-	<target host="*.bucketexplorer.com" />
-
-
-	<rule from="^http://(?:www\.)?bucketexplorer\.com/favicon\.ico"
-		to="https://d1davc07w1ubq9.cloudfront.net/favicon.ico" />
-
-	<rule from="^http://coppermine\.bucketexplorer\.com/"
-		to="https://s3.amazonaws.com/coppermine.bucketexplorer.com/" />
-
-	<rule from="^http://images\.bucketexplorer\.com/"
-		to="https://d1davc07w1ubq9.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Bucknell_University.xml b/src/chrome/content/rules/Bucknell_University.xml
index b5f833d3c8e8..6884c2f5f8a7 100644
--- a/src/chrome/content/rules/Bucknell_University.xml
+++ b/src/chrome/content/rules/Bucknell_University.xml
@@ -1,4 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://b-link.bucknell.edu/ => https://b-link.bucknell.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.b-link.bucknell.edu/ => https://www.b-link.bucknell.edu/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.bannerssb.bucknell.edu/ => https://www.bannerssb.bucknell.edu/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://filelocker.bucknell.edu/ => https://filelocker.bucknell.edu/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+Fetch error: http://portal.bucknell.edu/ => https://portal.bucknell.edu/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Non-functional hosts
 		Couldn't connect to server:
 			 - coursecatalog.bucknell.edu
@@ -14,15 +23,18 @@
 
 		Mixed content blocking (MCB) tiggered:
 			 - lit.blogs.bucknell.edu
+
+    Expired certificate:
+        - b-link.bucknell.edu
 -->
 <ruleset name="Bucknell University (partial)">
 	<target host="bucknell.edu" />
 	<target host="www.bucknell.edu" />
 	<target host="admissions.bucknell.edu" />
 	<target host="ask.bucknell.edu" />
-	<target host="b-link.bucknell.edu" />
-	<target host="www.b-link.bucknell.edu" />
-	<target host="www.bannerssb.bucknell.edu" />
+	<!-- target host="b-link.bucknell.edu" /-->
+	<!-- target host="www.b-link.bucknell.edu" /-->
+	<!-- target host="www.bannerssb.bucknell.edu" /-->
 	<target host="bsg.blogs.bucknell.edu" />
 	<target host="buaa.blogs.bucknell.edu" />
 	<target host="careerinsider.blogs.bucknell.edu" />
@@ -52,19 +64,16 @@
 	<target host="www.departments.bucknell.edu" />
 	<target host="www.eg.bucknell.edu" />
 	<target host="events.bucknell.edu" />
-	<target host="filelocker.bucknell.edu" />
+	<!-- target host="filelocker.bucknell.edu" /-->
 	<target host="getinvolved.bucknell.edu" />
 	<target host="m.bucknell.edu" />
 	<target host="my.bucknell.edu" />
-	<target host="portal.bucknell.edu" />
+	<!-- target host="portal.bucknell.edu" /-->
 	<target host="pr.bucknell.edu" />
 	<target host="secure.bucknell.edu" />
 		<test url="http://secure.bucknell.edu/uaccounts/" />
 	<target host="starrez.bucknell.edu" />
 
-	<rule from="^http://www\.b-link\.bucknell\.edu/"
-			to="https://b-link.bucknell.edu/" />
-
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml b/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml
index 2786818e3689..2644b6bd87cd 100644
--- a/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml
+++ b/src/chrome/content/rules/Bucyrus_Telegraph_Forum.xml
@@ -11,7 +11,8 @@
 <ruleset name="Bucyrus Telegraph Forum">
 
 	<target host="bucyrustelegraphforum.com" />
-	<target host="*.bucyrustelegraphforum.com" />
+	<target host="cmsimg.bucyrustelegraphforum.com" />
+	<target host="www.bucyrustelegraphforum.com" />
 
 
 	<securecookie host="^www\.bucyrustelegraphforum\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Budget-Belize.com.xml b/src/chrome/content/rules/Budget-Belize.com.xml
new file mode 100644
index 000000000000..b092f2635387
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Belize.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- www	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget-Belize.com">
+
+	<target host="budget-belize.com" />
+	<target host="www.budget-belize.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.budget-belize\.com/"
+		to="https://budget-belize.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Jamaica.com.xml b/src/chrome/content/rules/Budget-Jamaica.com.xml
new file mode 100644
index 000000000000..ba66f4147a5d
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Jamaica.com.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- mail		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget Jamaica.com">
+
+	<target host="budgetjamaica.com" />
+	<target host="www.budgetjamaica.com" />
+	<target host="test.budgetjamaica.com" />
+	<target host="www.test.budgetjamaica.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Martinique.com.xml b/src/chrome/content/rules/Budget-Martinique.com.xml
new file mode 100644
index 000000000000..3dca00bda958
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Martinique.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget-Martinique.com">
+
+	<target host="budget-martinique.com" />
+	<target host="www.budget-martinique.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Panama.com.xml b/src/chrome/content/rules/Budget-Panama.com.xml
new file mode 100644
index 000000000000..8fd15fd1969d
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Panama.com.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget Panama.com">
+
+	<target host="budgetpanama.com" />
+	<target host="www.budgetpanama.com" />
+	<target host="mail.budgetpanama.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget-Peru.com.xml b/src/chrome/content/rules/Budget-Peru.com.xml
new file mode 100644
index 000000000000..3f9f80837e5d
--- /dev/null
+++ b/src/chrome/content/rules/Budget-Peru.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- locations		(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget Peru.com">
+
+	<target host="budgetperu.com" />
+	<target host="www.budgetperu.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ba.xml b/src/chrome/content/rules/Budget.ba.xml
new file mode 100644
index 000000000000..6f227df14f2c
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ba.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.ba">
+
+	<target host="budget.ba" />
+	<target host="www.budget.ba" />
+	<target host="autodiscover.budget.ba" />
+	<target host="cpanel.budget.ba" />
+	<target host="mail.budget.ba" />
+	<target host="webdisk.budget.ba" />
+	<target host="webmail.budget.ba" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ca.xml b/src/chrome/content/rules/Budget.ca.xml
new file mode 100644
index 000000000000..7ec74e56e09a
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ca.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- qa	(t)
+    - qa[1-3]   (HTTP 503 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ca">
+
+	<target host="budget.ca" />
+	<target host="www.budget.ca" />
+	<target host="truck.budget.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.cr.xml b/src/chrome/content/rules/Budget.co.cr.xml
new file mode 100644
index 000000000000..3141869ce20a
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.cr.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+	Non-functional subdomains:
+		- qa	(t)
+		- qa1/2/3	(HTTP 503 error)
+		- reserve	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.cr">
+
+	<target host="budget.co.cr" />
+	<target host="www.budget.co.cr" />
+	<target host="webmail.budget.co.cr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.nz.xml b/src/chrome/content/rules/Budget.co.nz.xml
new file mode 100644
index 000000000000..dabbaabd4fb4
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.nz.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.nz">
+
+	<target host="budget.co.nz" />
+	<target host="www.budget.co.nz" />
+	<target host="click.e.budget.co.nz" />
+	<target host="image.e.budget.co.nz" />
+	<target host="pages.e.budget.co.nz" />
+	<target host="view.e.budget.co.nz" />
+	<target host="mobile.budget.co.nz" />
+	<target host="qa1.budget.co.nz" />
+	<target host="qa1truck.budget.co.nz" />
+	<target host="qa2.budget.co.nz" />
+	<target host="qa3.budget.co.nz" />
+	<target host="truck.budget.co.nz" />
+	<target host="truckmobile.budget.co.nz" />
+	<target host="uat1.budget.co.nz" />
+	<target host="uat1truck.budget.co.nz" />
+	<target host="wholesale.budget.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.co\.nz/"
+		to="https://www.budget.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.uk.xml b/src/chrome/content/rules/Budget.co.uk.xml
new file mode 100644
index 000000000000..187fc0d49867
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.uk.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+		- pse		(t)
+		- pvt		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.uk">
+
+	<target host="budget.co.uk" />
+	<target host="www.budget.co.uk" />
+	<target host="mirror.budget.co.uk" />
+	<target host="secure.budget.co.uk" />
+	<target host="secure-mirror.budget.co.uk" />
+	<target host="secureanalytics.budget.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.co\.uk/"
+		to="https://www.budget.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.co.za.xml b/src/chrome/content/rules/Budget.co.za.xml
new file mode 100644
index 000000000000..dfb87ab1eb8c
--- /dev/null
+++ b/src/chrome/content/rules/Budget.co.za.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- mirror	(r)
+		- origin	(t)
+		- origin-mirror		(t)
+		- secure	(r)
+		- secure-mirror		(r)
+		- www2		(ssl connection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.co.za">
+
+	<target host="budget.co.za" />
+	<target host="www.budget.co.za" />
+	<target host="book.budget.co.za" />
+	<target host="edms.budget.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.co\.za/"
+		to="https://www.budget.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.ar.xml b/src/chrome/content/rules/Budget.com.ar.xml
new file mode 100644
index 000000000000..0c543d7e4dbe
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.ar.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- locations		(e)
+		- mail			(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.ar">
+
+	<target host="budget.com.ar" />
+	<target host="www.budget.com.ar" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.au.xml b/src/chrome/content/rules/Budget.com.au.xml
new file mode 100644
index 000000000000..65b4a655ee4c
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.au.xml
@@ -0,0 +1,42 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- awards	(t)
+		- forms		(m)
+		- qa3		(HTTP 503 error)
+		- ex.sa		(r)
+		- sharepoint	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.au">
+
+	<target host="budget.com.au" />
+	<target host="www.budget.com.au" />
+	<target host="blog.budget.com.au" />
+	<target host="click.e.budget.com.au" />
+	<target host="image.e.budget.com.au" />
+	<target host="pages.e.budget.com.au" />
+	<target host="view.e.budget.com.au" />
+	<target host="mobile.budget.com.au" />
+	<target host="qa1.budget.com.au" />
+	<target host="qa2.budget.com.au" />
+	<target host="uat1.budget.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.com\.au/"
+		to="https://www.budget.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.do.xml b/src/chrome/content/rules/Budget.com.do.xml
new file mode 100644
index 000000000000..f0692f5cec13
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.do.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.do">
+
+	<target host="budget.com.do" />
+	<target host="www.budget.com.do" />
+	<target host="mail.mail.budget.com.do" />
+	<target host="www.mail.mail.budget.com.do" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.fj.xml b/src/chrome/content/rules/Budget.com.fj.xml
new file mode 100644
index 000000000000..f01f1784f897
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.fj.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.fj">
+
+	<target host="www.budget.com.fj" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.gt.xml b/src/chrome/content/rules/Budget.com.gt.xml
new file mode 100644
index 000000000000..c628cd5d63e8
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.gt.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.gt">
+
+	<target host="budget.com.gt" />
+	<target host="www.budget.com.gt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.mx.xml b/src/chrome/content/rules/Budget.com.mx.xml
new file mode 100644
index 000000000000..1bf8a86b65cd
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.mx.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- admin		(ssl connection error)
+		- dev		(ssl connection error)
+		- en		(s)
+		- location		(e)
+		- webmail		(ssl connection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.mx">
+
+	<target host="budget.com.mx" />
+	<target host="www.budget.com.mx" />
+	<target host="livehelp.budget.com.mx" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.pt.xml b/src/chrome/content/rules/Budget.com.pt.xml
new file mode 100644
index 000000000000..12119a6af9a4
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.pt.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.pt">
+
+	<target host="budget.com.pt" />
+	<target host="www.budget.com.pt" />
+	<target host="secure.budget.com.pt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.com\.pt/"
+		to="https://www.budget.com.pt/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.sv.xml b/src/chrome/content/rules/Budget.com.sv.xml
new file mode 100644
index 000000000000..2aab9b8b4ea3
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.sv.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+-->
+<ruleset name="Budget.com.sv">
+
+	<target host="budget.com.sv" />
+	<target host="www.budget.com.sv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.tr.xml b/src/chrome/content/rules/Budget.com.tr.xml
new file mode 100644
index 000000000000..cfd8a637f915
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.tr.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- hungarytest		(m)
+		- origin		(t)
+		- secure		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com.tr">
+
+	<target host="budget.com.tr" />
+	<target host="www.budget.com.tr" />
+	<target host="soforlukiralama.budget.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.com.xml b/src/chrome/content/rules/Budget.com.xml
new file mode 100644
index 000000000000..a62039ce27e7
--- /dev/null
+++ b/src/chrome/content/rules/Budget.com.xml
@@ -0,0 +1,108 @@
+
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://uat-api1.budget.com/ => https://uat-api1.budget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://qaimg1.budget.com/ => https://qaimg1.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'qaimg1.budget.com'")
+Fetch error: http://uat1.budget.com/ => https://uat1.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uat1.budget.com'")
+Fetch error: http://uat2.budget.com/ => https://uat2.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uat2.budget.com'")
+Fetch error: http://uat3.budget.com/ => https://uat3.budget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'uat3.budget.com'")
+
+	Other related rulesets:
+		- Budget.ba.xml
+		- Budget.ca.xml
+		- Budget.co.cr.xml
+		- Budget.co.nz.xml
+		- Budget.co.uk.xml
+		- Budget.co.za.xml
+		- Budget.com.ar.xml
+		- Budget.com.au.xml
+		- Budget.com.do.xml
+		- Budget.com.fj.xml
+		- Budget.com.gt.xml
+		- Budget.com.mx.xml
+		- Budget.com.pt.xml
+		- Budget.com.sv.xml
+		- Budget.com.tr.xml
+		- Budget.de.xml
+		- Budget.dk.xml
+		- Budget.ee.xml
+		- Budget.es.xml
+		- Budget.fr.xml
+		- Budget.ie.xml
+		- Budget.lu.xml
+		- Budget.lv.xml
+		- Budget.ma.xml
+		- Budget.nl.xml
+		- Budget.no.xml
+		- Budget.se.xml
+		- Budgetautonoleggio.it.xml
+		- Budget-Belize.com.xml
+		- Budget-Jamaica.com.xml
+		- Budget-Martinique.com.xml
+		- Budget-Panama.com.xml
+		- Budget-Peru.com.xml
+
+
+	Non-functional subdomains:
+		- bc	(m)
+		- www.bc	(m)
+		- chat	(t)
+		- image.e	(m)
+		- pub.e	(m)
+		- img2	(m)
+		- locations	(h)
+		- miami	(m)
+		- qabudgettest	(m)
+		- qaimg2	(m)
+		- seattle	(m)
+		- securemail	(e)
+		- voltage-pp-0000	(e)
+		- votc	(t)
+		- webwiz5	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.com">
+
+	<target host="budget.com" />
+	<target host="www.budget.com" />
+	<target host="api1.budget.com" />
+	<target host="beta.budget.com" />
+	<target host="click.e.budget.com" />
+	<target host="pages.e.budget.com" />
+	<target host="view.e.budget.com" />
+	<target host="img1.budget.com" />
+	<target host="m.budget.com" />
+	<target host="qa.budget.com" />
+	<target host="qa-api1.budget.com" />
+	<target host="qa1.budget.com" />
+	<target host="qa2.budget.com" />
+	<target host="qa3.budget.com" />
+	<!-- target host="qaimg1.budget.com" /-->
+	<target host="qarewards.budget.com" />
+	<target host="uat.budget.com" />
+	<!-- target host="uat-api1.budget.com" /-->
+	<!-- target host="uat1.budget.com" /-->
+	<!-- target host="uat2.budget.com" /-->
+	<!-- target host="uat3.budget.com" /-->
+	<target host="wizardgui.budget.com" />
+	<target host="wizardgui-x.budget.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.de.xml b/src/chrome/content/rules/Budget.de.xml
new file mode 100644
index 000000000000..e5907220ab4a
--- /dev/null
+++ b/src/chrome/content/rules/Budget.de.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.de">
+
+	<target host="budget.de" />
+	<target host="www.budget.de" />
+	<target host="mirror.budget.de" />
+	<target host="secure.budget.de" />
+	<target host="secure-mirror.budget.de" />
+	<target host="secureanalytics.budget.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.de/"
+		to="https://www.budget.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.dk.xml b/src/chrome/content/rules/Budget.dk.xml
new file mode 100644
index 000000000000..c4b83f87ee2d
--- /dev/null
+++ b/src/chrome/content/rules/Budget.dk.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.dk">
+
+	<target host="budget.dk" />
+	<target host="www.budget.dk" />
+	<target host="mirror.budget.dk" />
+	<target host="secure.budget.dk" />
+	<target host="secure-mirror.budget.dk" />
+	<target host="secureanalytics.budget.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.dk/"
+		to="https://www.budget.dk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ee.xml b/src/chrome/content/rules/Budget.ee.xml
new file mode 100644
index 000000000000..3d16d7135576
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ee.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ee">
+
+	<target host="budget.ee" />
+	<target host="www.budget.ee" />
+	<target host="secure.budget.ee" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.ee/"
+		to="https://www.budget.ee/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.es.xml b/src/chrome/content/rules/Budget.es.xml
new file mode 100644
index 000000000000..b6780410dd66
--- /dev/null
+++ b/src/chrome/content/rules/Budget.es.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.es">
+
+	<target host="budget.es" />
+	<target host="www.budget.es" />
+	<target host="mirror.budget.es" />
+	<target host="secure.budget.es" />
+	<target host="secure-mirror.budget.es" />
+	<target host="secureanalytics.budget.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.es/"
+		to="https://www.budget.es/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.fr.xml b/src/chrome/content/rules/Budget.fr.xml
new file mode 100644
index 000000000000..913b26604694
--- /dev/null
+++ b/src/chrome/content/rules/Budget.fr.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.fr">
+
+	<target host="budget.fr" />
+	<target host="www.budget.fr" />
+	<target host="mirror.budget.fr" />
+	<target host="secure.budget.fr" />
+	<target host="secure-mirror.budget.fr" />
+	<target host="secureanalytics.budget.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.fr/"
+		to="https://www.budget.fr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ie.xml b/src/chrome/content/rules/Budget.ie.xml
new file mode 100644
index 000000000000..b65aaa5d5b59
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ie.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ie">
+
+	<target host="budget.ie" />
+	<target host="www.budget.ie" />
+	<target host="cdn.budget.ie" />
+	<target host="testing.budget.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.ie/"
+		to="https://www.budget.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.lu.xml b/src/chrome/content/rules/Budget.lu.xml
new file mode 100644
index 000000000000..5f1c27399a32
--- /dev/null
+++ b/src/chrome/content/rules/Budget.lu.xml
@@ -0,0 +1,30 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(r)
+		- www		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.lu">
+
+	<target host="budget.lu" />
+	<target host="www.budget.lu" />
+	<target host="secure.budget.lu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?budget\.lu/"
+		to="https://secure.budget.lu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.lv.xml b/src/chrome/content/rules/Budget.lv.xml
new file mode 100644
index 000000000000..b8d5387f3f15
--- /dev/null
+++ b/src/chrome/content/rules/Budget.lv.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.lv">
+
+	<target host="budget.lv" />
+	<target host="www.budget.lv" />
+	<target host="secure.budget.lv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.lv/"
+		to="https://www.budget.lv/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.ma.xml b/src/chrome/content/rules/Budget.ma.xml
new file mode 100644
index 000000000000..5a9afa97629d
--- /dev/null
+++ b/src/chrome/content/rules/Budget.ma.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.ma">
+
+	<target host="budget.ma" />
+	<target host="www.budget.ma" />
+	<target host="secure.budget.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.ma/"
+		to="https://www.budget.ma/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.nl.xml b/src/chrome/content/rules/Budget.nl.xml
new file mode 100644
index 000000000000..81c3f25596c7
--- /dev/null
+++ b/src/chrome/content/rules/Budget.nl.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.nl">
+
+	<target host="budget.nl" />
+	<target host="www.budget.nl" />
+	<target host="secure.budget.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.nl/"
+		to="https://www.budget.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.no.xml b/src/chrome/content/rules/Budget.no.xml
new file mode 100644
index 000000000000..5dff156c23d7
--- /dev/null
+++ b/src/chrome/content/rules/Budget.no.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.no">
+
+	<target host="budget.no" />
+	<target host="www.budget.no" />
+	<target host="mirror.budget.no" />
+	<target host="secure.budget.no" />
+	<target host="secure-mirror.budget.no" />
+	<target host="secureanalytics.budget.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.no/"
+		to="https://www.budget.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budget.se.xml b/src/chrome/content/rules/Budget.se.xml
new file mode 100644
index 000000000000..96caaaac0586
--- /dev/null
+++ b/src/chrome/content/rules/Budget.se.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budget.se">
+
+	<target host="budget.se" />
+	<target host="www.budget.se" />
+	<target host="mirror.budget.se" />
+	<target host="secure.budget.se" />
+	<target host="secure-mirror.budget.se" />
+	<target host="secureanalytics.budget.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budget\.se/"
+		to="https://www.budget.se/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budgetautonoleggio.it.xml b/src/chrome/content/rules/Budgetautonoleggio.it.xml
new file mode 100644
index 000000000000..82d0504509b6
--- /dev/null
+++ b/src/chrome/content/rules/Budgetautonoleggio.it.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Budget coverage, see Budget.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- origin	(t)
+		- origin-mirror		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Budgetautonoleggio.it">
+
+	<target host="budgetautonoleggio.it" />
+	<target host="www.budgetautonoleggio.it" />
+	<target host="mirror.budgetautonoleggio.it" />
+	<target host="secure.budgetautonoleggio.it" />
+	<target host="secure-mirror.budgetautonoleggio.it" />
+	<target host="secureanalytics.budgetautonoleggio.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://budgetautonoleggio\.it/"
+		to="https://www.budgetautonoleggio.it/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Budgetkredit.ch.xml b/src/chrome/content/rules/Budgetkredit.ch.xml
index eff82b024944..a20f18491cd0 100644
--- a/src/chrome/content/rules/Budgetkredit.ch.xml
+++ b/src/chrome/content/rules/Budgetkredit.ch.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?budgetkredit\.ch/(core/|css/|de/kredit/kreditantrag/antrag\.php|pix/)"
 		to="https://$1budgetkredit.ch/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buds_Gun_Shop.xml b/src/chrome/content/rules/Buds_Gun_Shop.xml
index c83601b353af..601c8932670f 100644
--- a/src/chrome/content/rules/Buds_Gun_Shop.xml
+++ b/src/chrome/content/rules/Buds_Gun_Shop.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bues.ch.xml b/src/chrome/content/rules/Bues.ch.xml
new file mode 100644
index 000000000000..d5a1699703fa
--- /dev/null
+++ b/src/chrome/content/rules/Bues.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Bues.ch">
+	<target host="bues.ch" />
+	<target host="www.bues.ch" />
+	<target host="dual.bues.ch" />
+	<target host="git.bues.ch" />
+	<target host="six.bues.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Buffer.xml b/src/chrome/content/rules/Buffer.xml
index 50b9b71240a5..0259fd1f8d8d 100644
--- a/src/chrome/content/rules/Buffer.xml
+++ b/src/chrome/content/rules/Buffer.xml
@@ -34,7 +34,7 @@ Fetch error: http://static.bufferapp.com/ => https://static.bufferapp.com/: (60,
 	* Secured by us
 
 -->
-<ruleset name="Buffer app.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Buffer app.com (partial)" default_off="failed ruleset test">
 
 	<target host="bufferapp.com" />
 	<target host="api.bufferapp.com" />
diff --git a/src/chrome/content/rules/BugMeNot.com.xml b/src/chrome/content/rules/BugMeNot.com.xml
index 71d285036e38..f272eb3af87f 100644
--- a/src/chrome/content/rules/BugMeNot.com.xml
+++ b/src/chrome/content/rules/BugMeNot.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://bugmenot.com/ => https://bugmenot.com/: Cycle detected - URL
 	* Secured by us
 
 -->
-<ruleset name="BugMeNot.com" default_off='failed ruleset test'>
+<ruleset name="BugMeNot.com" default_off="failed ruleset test">
 
 	<target host="bugmenot.com" />
 	<target host="www.bugmenot.com" />
diff --git a/src/chrome/content/rules/Bukalapak.com.xml b/src/chrome/content/rules/Bukalapak.com.xml
new file mode 100644
index 000000000000..0a2db4683370
--- /dev/null
+++ b/src/chrome/content/rules/Bukalapak.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Bukalapak.com">
+	<target host="bukalapak.com" />
+	<target host="www.bukalapak.com" />
+	<target host="agen.bukalapak.com" />
+	<target host="careers.bukalapak.com" />
+	<target host="komunitas.bukalapak.com" />
+	<target host="panduan.bukalapak.com" />
+	<target host="penggerak.bukalapak.com" />
+	<target host="s0.bukalapak.com" />
+	<target host="s1.bukalapak.com" />
+	<target host="s2.bukalapak.com" />
+	<target host="s3.bukalapak.com" />
+	<target host="s4.bukalapak.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bulbman.xml b/src/chrome/content/rules/Bulbman.xml
index ebbf454a7674..8e804f2b9763 100644
--- a/src/chrome/content/rules/Bulbman.xml
+++ b/src/chrome/content/rules/Bulbman.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bulbman.com/ => https://www.bulbman.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bulbman.com'")
 Fetch error: http://www.bulbman.com/ => https://www.bulbman.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bulbman.com'")
 -->
-<ruleset name="BulbMan" default_off='failed ruleset test'>
+<ruleset name="BulbMan" default_off="failed ruleset test">
   <target host="bulbman.com" />
   <target host="www.bulbman.com" />
 
diff --git a/src/chrome/content/rules/BulkSMS.xml b/src/chrome/content/rules/BulkSMS.xml
deleted file mode 100644
index edc58edf6176..000000000000
--- a/src/chrome/content/rules/BulkSMS.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="BulkSMS">
-  <target host="bulksms.co.uk" />
-  <target host="www.bulksms.co.uk" />
-
-  <securecookie host="^(?:.+\.)?bulksms\.co\.uk$" name=".+" />
-
-  <rule from="^http://(?:www\.)?bulksms\.co\.uk/" to="https://www.bulksms.co.uk/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/BulletProof_Meteor.com.xml b/src/chrome/content/rules/BulletProof_Meteor.com.xml
index a5b7cef202c9..6e250da9f462 100644
--- a/src/chrome/content/rules/BulletProof_Meteor.com.xml
+++ b/src/chrome/content/rules/BulletProof_Meteor.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bulletproofmeteor.com/ => https://bulletproofmeteor.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="BulletProof Meteor.com" default_off='failed ruleset test'>
+<ruleset name="BulletProof Meteor.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bulletin_Messenger.net.xml b/src/chrome/content/rules/Bulletin_Messenger.net.xml
index 9df2a95961f6..1a2cd37a1321 100644
--- a/src/chrome/content/rules/Bulletin_Messenger.net.xml
+++ b/src/chrome/content/rules/Bulletin_Messenger.net.xml
@@ -17,7 +17,8 @@
 <ruleset name="Bulletin Messenger.net">
 
 	<target host="bulletinmessenger.net" />
-	<target host="*.bulletinmessenger.net" />
+	<target host="www.bulletinmessenger.net" />
+	<target host="m.bulletinmessenger.net" />
 
 
 	<securecookie host="^m\.bulletinmessenger\.net$" name=".+" />
@@ -27,7 +28,6 @@
 		to="https://www.bulletinmessenger.net/" />
 
 
-	<rule from="^http://m\.bulletinmessenger\.net/"
-		to="https://m.bulletinmessenger.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Bum.org.xml b/src/chrome/content/rules/Bum.org.xml
new file mode 100644
index 000000000000..e70075f6d724
--- /dev/null
+++ b/src/chrome/content/rules/Bum.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Bum.org">
+	<target host="bum.org" />
+	<target host="www.bum.org" />
+	<target host="ski.bum.org" />
+	<target host="wordsearch.bum.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Bunchball.com.xml b/src/chrome/content/rules/Bunchball.com.xml
index f36e40b86f72..0c6aefc7099b 100644
--- a/src/chrome/content/rules/Bunchball.com.xml
+++ b/src/chrome/content/rules/Bunchball.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://go.bunchball.com/ => https://www.bunchball.com/: (51, "SSL:
 		- (www.)?
 
 -->
-<ruleset name="Bunchball.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bunchball.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bunchball.xml b/src/chrome/content/rules/Bunchball.xml
index 70daaffc94d5..020cb068ab5f 100644
--- a/src/chrome/content/rules/Bunchball.xml
+++ b/src/chrome/content/rules/Bunchball.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.bunchball.net/ => https://www.bunchball.net/: (51, "SSL:
 		- assets
 
 -->
-<ruleset name="Bunchball.net" default_off='failed ruleset test'>
+<ruleset name="Bunchball.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/BundanonTrust.xml b/src/chrome/content/rules/BundanonTrust.xml
index 16802703367f..fef34efa7170 100644
--- a/src/chrome/content/rules/BundanonTrust.xml
+++ b/src/chrome/content/rules/BundanonTrust.xml
@@ -10,10 +10,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bundanon.com.au/ => https://www.bundanon.com.au/: (52, 'Empty reply from server')
 
 -->
-<ruleset name="Bundanon Trust" default_off='failed ruleset test'>
+<ruleset name="Bundanon Trust" default_off="failed ruleset test">
 	<target host="bundanon.com.au" />
-	<target host="*.bundanon.com.au" />
+	<target host="www.bundanon.com.au" />
 
 	<rule from="^http://(?:www\.)?bundanon\.com\.au/"
 		to="https://www.bundanon.com.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesarbeitsgericht.de.xml b/src/chrome/content/rules/Bundesarbeitsgericht.de.xml
new file mode 100644
index 000000000000..20a65e45f353
--- /dev/null
+++ b/src/chrome/content/rules/Bundesarbeitsgericht.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Unable to get local issuer certificate:
+		www.bundesarbeitsgericht.de
+-->
+<ruleset name="Bundesarbeitsgericht.de">
+
+	<target host="juris.bundesarbeitsgericht.de" />
+	<target host="opac.bundesarbeitsgericht.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesarchiv.de.xml b/src/chrome/content/rules/Bundesarchiv.de.xml
new file mode 100644
index 000000000000..a3768b8571c7
--- /dev/null
+++ b/src/chrome/content/rules/Bundesarchiv.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.argus.bundesarchiv.de
+		www.bibliothek.bundesarchiv.de
+		argus.bstu.bundesarchiv.de
+		www.argus.bstu.bundesarchiv.de
+		filmothek.bundesarchiv.de
+		www.pflichtregistrierung-film.bundesarchiv.de
+-->
+<ruleset name="Bundesarchiv.de">
+
+	<target host="bundesarchiv.de" />
+	<target host="www.bundesarchiv.de" />
+	<target host="apps.bundesarchiv.de" />
+	<target host="www.bild.bundesarchiv.de" />
+	<target host="ersterweltkrieg.bundesarchiv.de" />
+	<target host="www.ersterweltkrieg.bundesarchiv.de" />
+	<target host="www.filmothek.bundesarchiv.de" />
+	<target host="invenio.bundesarchiv.de" />
+	<target host="open-data.bundesarchiv.de" />
+	<target host="wiedervereinigung.bundesarchiv.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesbank.de.xml b/src/chrome/content/rules/Bundesbank.de.xml
new file mode 100644
index 000000000000..76ace03b8b0b
--- /dev/null
+++ b/src/chrome/content/rules/Bundesbank.de.xml
@@ -0,0 +1,54 @@
+<!--
+	Invalid certificate:
+		(www.)?glaeubiger-id
+		www.immobilien
+		onlinebanking
+		(www.)?target2
+
+	Timeout:
+		ebics-t1
+		extranet-t
+		newsletter
+		s504pmgwz1
+		s999mgwxx001a
+		s999mgwxx001p
+		s999mgwxx002a
+		s999mgwxx002p
+		smv
+		u999mgwxx001a
+		u999mgwxx001p
+		u999mgwxx002a
+		u999mgwxx002p
+
+	Unable to get local issuer certificate:
+		www.e-campus
+		www.onlinebanking
+-->
+<ruleset name="Bundesbank.de">
+
+	<target host="bundesbank.de" />
+	<target host="www.bundesbank.de" />
+	<target host="access-portal.bundesbank.de" />
+	<target host="access-portal-a.bundesbank.de" />
+	<target host="ap.bundesbank.de" />
+	<target host="ap-a.bundesbank.de" />
+	<target host="bargeldschulung.bundesbank.de" />
+	<target host="cic.bundesbank.de" />
+	<target host="www.cic.bundesbank.de" />
+	<target host="ebics.bundesbank.de" />
+	<target host="ebics-t.bundesbank.de" />
+	<target host="extranet.bundesbank.de" />
+	<target host="mittagsroulette.bundesbank.de" />
+	<target host="offline.bundesbank.de" />
+	<target host="www.publikationen.bundesbank.de" />
+	<target host="pwself.bundesbank.de" />
+	<target host="pwself-a.bundesbank.de" />
+	<target host="video.bundesbank.de" />
+	<target host="join.video.bundesbank.de" />
+	<target host="video-test.bundesbank.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesdruckerei.de.xml b/src/chrome/content/rules/Bundesdruckerei.de.xml
new file mode 100644
index 000000000000..0be449dd881b
--- /dev/null
+++ b/src/chrome/content/rules/Bundesdruckerei.de.xml
@@ -0,0 +1,37 @@
+<!--
+	Connection reset:
+		helpdesk.bundesdruckerei.de
+
+	Empty response:
+		mis.bundesdruckerei.de
+
+	Requires client certificate:
+		ems.bundesdruckerei.de
+		service.bundesdruckerei.de
+
+	Timeout:
+		aknsecgw.bundesdruckerei.de
+		eidservices.bundesdruckerei.de
+		mfk.bundesdruckerei.de
+		udp-test.bundesdruckerei.de
+-->
+<ruleset name="Bundesdruckerei.de">
+
+	<target host="bundesdruckerei.de" />
+	<target host="www.bundesdruckerei.de" />
+	<target host="bdrive.bundesdruckerei.de" />
+	<target host="conference.bundesdruckerei.de" />
+	<target host="interaktiv.bundesdruckerei.de" />
+	<target host="knock.bundesdruckerei.de" />
+	<target host="mic.bundesdruckerei.de" />
+	<target host="obp.bundesdruckerei.de" />
+	<target host="obp-test.bundesdruckerei.de" />
+	<target host="sign-me-dss.bundesdruckerei.de" />
+	<target host="support.bundesdruckerei.de" />
+	<target host="udp.bundesdruckerei.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesfinanzhof.de.xml b/src/chrome/content/rules/Bundesfinanzhof.de.xml
new file mode 100644
index 000000000000..9eadf3d96a13
--- /dev/null
+++ b/src/chrome/content/rules/Bundesfinanzhof.de.xml
@@ -0,0 +1,17 @@
+<!-- Federal Fiscal Court -->
+<ruleset name="Bundesfinanzhof.de">
+
+	<target host="bundesfinanzhof.de" />
+	<target host="www.bundesfinanzhof.de" />
+	<target host="juris.bundesfinanzhof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bundesfinanzhof.de/,
+	http://bundesfinanzhof.de/ redirects to https://www.bundesfinanzhof.de/ -->
+	<rule from="^http://bundesfinanzhof\.de/"
+		to="https://www.bundesfinanzhof.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesfinanzministerium.de.xml b/src/chrome/content/rules/Bundesfinanzministerium.de.xml
new file mode 100644
index 000000000000..76c095b9e1fb
--- /dev/null
+++ b/src/chrome/content/rules/Bundesfinanzministerium.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		- m.bundesfinanzministerium.de
+		- news.bundesfinanzministerium.de
+		- www.news.bundesfinanzministerium.de
+-->
+<ruleset name="Bundesfinanzministerium.de">
+	<!-- Federal Ministry of Finance -->
+
+	<target host="bundesfinanzministerium.de" />
+	<target host="www.bundesfinanzministerium.de" />
+	<target host="anmeldung.bundesfinanzministerium.de" />
+	<target host="registration.bundesfinanzministerium.de" />
+	<target host="streaming.bundesfinanzministerium.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesgerichtshof.de.xml b/src/chrome/content/rules/Bundesgerichtshof.de.xml
new file mode 100644
index 000000000000..a15999165b2b
--- /dev/null
+++ b/src/chrome/content/rules/Bundesgerichtshof.de.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		gesmat.bundesgerichtshof.de
+		www.gesmat.bundesgerichtshof.de
+-->
+<ruleset name="Bundesgerichtshof.de">
+	<!-- Federal Court of Justice -->
+
+	<target host="bundesgerichtshof.de" />
+	<target host="www.bundesgerichtshof.de" />
+	<target host="juris.bundesgerichtshof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesgesundheitsministerium.de.xml b/src/chrome/content/rules/Bundesgesundheitsministerium.de.xml
new file mode 100644
index 000000000000..52c94e007e7a
--- /dev/null
+++ b/src/chrome/content/rules/Bundesgesundheitsministerium.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		- mobile.bundesgesundheitsministerium.de
+		- pflegeleistungshelfer.bundesgesundheitsministerium.de
+		- tablet.bundesgesundheitsministerium.de
+
+	Refused:
+		- e-learning-pflege.bundesgesundheitsministerium.de
+		- informationsservice-pflege.bundesgesundheitsministerium.de
+-->
+<ruleset name="Bundesgesundheitsministerium.de">
+	<!-- Federal Ministry of Health -->
+
+	<target host="bundesgesundheitsministerium.de" />
+	<target host="www.bundesgesundheitsministerium.de" />
+	<target host="stage.bundesgesundheitsministerium.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesimmobilien.de.xml b/src/chrome/content/rules/Bundesimmobilien.de.xml
new file mode 100644
index 000000000000..6dacedacdd57
--- /dev/null
+++ b/src/chrome/content/rules/Bundesimmobilien.de.xml
@@ -0,0 +1,54 @@
+<!--
+	Timeout:
+		alfred.bundesimmobilien.de
+-->
+<ruleset name="Bundesimmobilien.de">
+
+	<target host="bundesimmobilien.de" />
+	<target host="www.bundesimmobilien.de" />
+	<target host="airpark-giebelstadt.bundesimmobilien.de" />
+	<target host="britenabzug.bundesimmobilien.de" />
+	<target host="datenraum.bundesimmobilien.de" />
+	<target host="erneuerbare-energien.bundesimmobilien.de" />
+	<target host="expo-real.bundesimmobilien.de" />
+	<target host="faszination-bunker.bundesimmobilien.de" />
+	<target host="hammonds.bundesimmobilien.de" />
+	<target host="herrichtungskosten.bundesimmobilien.de" />
+	<target host="konversion-aschaffenburg.bundesimmobilien.de" />
+	<target host="konversion-babenhausen.bundesimmobilien.de" />
+	<target host="konversion-darmstadt.bundesimmobilien.de" />
+	<target host="konversion-gatow.bundesimmobilien.de" />
+	<target host="konversion-hanau.bundesimmobilien.de" />
+	<target host="konversion-kampfmittel.bundesimmobilien.de" />
+	<target host="konversion-kitzingen.bundesimmobilien.de" />
+	<target host="konversion-koblenz.bundesimmobilien.de" />
+	<target host="konversion-muenster.bundesimmobilien.de" />
+	<target host="konversion-oldenburg.bundesimmobilien.de" />
+	<target host="konversion-osnabrueck.bundesimmobilien.de" />
+	<target host="konversion-preview.bundesimmobilien.de" />
+	<target host="konversion-trollenhagen.bundesimmobilien.de" />
+	<target host="kronprinzenpalais.bundesimmobilien.de" />
+	<target host="login.bundesimmobilien.de" />
+	<target host="lohheide.bundesimmobilien.de" />
+	<target host="medien.bundesimmobilien.de" />
+	<target host="meinbima.bundesimmobilien.de" />
+	<target host="meine-bima.bundesimmobilien.de" />
+	<target host="meinebima.bundesimmobilien.de" />
+	<target host="milacrm.bundesimmobilien.de" />
+	<target host="missione.bundesimmobilien.de" />
+	<target host="missione-campaign.bundesimmobilien.de" />
+	<target host="notunterbringung.bundesimmobilien.de" />
+	<target host="osterheide.bundesimmobilien.de" />
+	<target host="paragraph.bundesimmobilien.de" />
+	<target host="rhein-neckar.bundesimmobilien.de" />
+	<target host="schweinfurt.bundesimmobilien.de" />
+	<target host="verkaufsprojekte.bundesimmobilien.de" />
+
+	<!-- Timeout on https://bundesimmobilien.de/,
+	http://bundesimmobilien.de/ redirects to http://www.bundesimmobilien.de/ -->
+	<rule from="^http://bundesimmobilien\.de/"
+		to="https://www.bundesimmobilien.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundeskartellamt.de.xml b/src/chrome/content/rules/Bundeskartellamt.de.xml
new file mode 100644
index 000000000000..51e675fd0d1c
--- /dev/null
+++ b/src/chrome/content/rules/Bundeskartellamt.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Bundeskartellamt.de">
+	<!-- Federal Cartel Office -->
+
+	<target host="bundeskartellamt.de" />
+	<target host="www.bundeskartellamt.de" />
+	<target host="registrierung.bundeskartellamt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://bundeskartellamt.de/,
+	http://bundeskartellamt.de/ redirects to https://www.bundeskartellamt.de/ -->
+	<rule from="^http://bundeskartellamt\.de/"
+		to="https://www.bundeskartellamt.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundespatentgericht.de.xml b/src/chrome/content/rules/Bundespatentgericht.de.xml
new file mode 100644
index 000000000000..0f6b391d14ba
--- /dev/null
+++ b/src/chrome/content/rules/Bundespatentgericht.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Bundespatentgericht.de">
+	<!-- Federal Patent Court -->
+
+	<target host="www.bundespatentgericht.de" />
+	<target host="juris.bundespatentgericht.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundespraesident.de.xml b/src/chrome/content/rules/Bundespraesident.de.xml
new file mode 100644
index 000000000000..b6d6e1398d0c
--- /dev/null
+++ b/src/chrome/content/rules/Bundespraesident.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="Bundespraesident.de">
+	<!-- Federal President -->
+
+	<target host="bundespraesident.de" />
+	<target host="www.bundespraesident.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesrechnungshof.de.xml b/src/chrome/content/rules/Bundesrechnungshof.de.xml
new file mode 100644
index 000000000000..751532bb72d7
--- /dev/null
+++ b/src/chrome/content/rules/Bundesrechnungshof.de.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Bundesrechnungshof.de">
+
+	<target host="bundesrechnungshof.de" />
+	<target host="www.bundesrechnungshof.de" />
+	<target host="staging.bundesrechnungshof.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml b/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml
index 21daecdbfc7b..285531be87ba 100644
--- a/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml
+++ b/src/chrome/content/rules/Bundesverband_IT-Mittelstand.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?bitmi\.de/"
 		to="https://bitmi.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml b/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml
index f0265866ac2e..3b5ab12aeced 100644
--- a/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml
+++ b/src/chrome/content/rules/BureauofInfrastructureTransportandRegionalEconomics.xml
@@ -1,7 +1,7 @@
 <ruleset name="Bureau of Infrastructure, Transport and Regional Economics">
 	<target host="bitre.gov.au" />
-	<target host="*.bitre.gov.au" />
+	<target host="www.bitre.gov.au" />
 
 	<rule from="^http://(?:www\.)?bitre\.gov\.au/"
 		to="https://www.bitre.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Burlington_Free_Press.xml b/src/chrome/content/rules/Burlington_Free_Press.xml
index 8d117a6f8c0b..8527d2686733 100644
--- a/src/chrome/content/rules/Burlington_Free_Press.xml
+++ b/src/chrome/content/rules/Burlington_Free_Press.xml
@@ -11,7 +11,8 @@
 <ruleset name="Burlington Free Press">
 
 	<target host="burlingtonfreepress.com" />
-	<target host="*.burlingtonfreepress.com" />
+	<target host="cmsimg.burlingtonfreepress.com" />
+	<target host="www.burlingtonfreepress.com" />
 
 
 	<securecookie host="^www\.burlingtonfreepress\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Burnley.gov.uk.xml b/src/chrome/content/rules/Burnley.gov.uk.xml
index 7c95d31b8760..73afc9cbd839 100644
--- a/src/chrome/content/rules/Burnley.gov.uk.xml
+++ b/src/chrome/content/rules/Burnley.gov.uk.xml
@@ -23,7 +23,7 @@
 		- css on (www.)? from www.burnley.gov.uk ˢ
 
 		- Images, on:
-		
+
 			- (www.)? from l.yimg.com ˢ
 			- (www.)? from www.burnley.gov.uk ˢ
 
diff --git a/src/chrome/content/rules/BurstNET.xml b/src/chrome/content/rules/BurstNET.xml
index 853638bcb040..a21b3a1b207d 100644
--- a/src/chrome/content/rules/BurstNET.xml
+++ b/src/chrome/content/rules/BurstNET.xml
@@ -19,7 +19,7 @@ Fetch error: http://burstnet.eu/ => https://burstnet.eu/: (28, 'Connection timed
 		- forums.burst.net	(times out)
 
 -->
-<ruleset name="BurstNET (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="BurstNET (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="burst.net" />
 	<target host="service.burst.net" />
@@ -35,4 +35,4 @@ Fetch error: http://burstnet.eu/ => https://burstnet.eu/: (28, 'Connection timed
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Burst_Media.xml b/src/chrome/content/rules/Burst_Media.xml
index 6f5de65a3940..60036aa8f2e8 100644
--- a/src/chrome/content/rules/Burst_Media.xml
+++ b/src/chrome/content/rules/Burst_Media.xml
@@ -12,12 +12,12 @@ Fetch error: http://www.burstmedia.co.uk/ => https://www.burstmedia.co.uk/: (7,
 	!www: cert only matches www
 
 -->
-<ruleset name="Burst Media" default_off='failed ruleset test'>
+<ruleset name="Burst Media" default_off="failed ruleset test">
 
 	<target host="burstmedia.co.uk" />
 	<target host="www.burstmedia.co.uk" />
 	<target host="burstmedia.com" />
-	<target host="*.burstmedia.com" />
+	<target host="www.burstmedia.com" />
 
 
 	<securecookie host="^(?:www)?\.burstmedia\.co(?:\.uk|m)$" name=".+" />
diff --git a/src/chrome/content/rules/Burstnet.com.xml b/src/chrome/content/rules/Burstnet.com.xml
index 74ee0d232043..d892552d087c 100644
--- a/src/chrome/content/rules/Burstnet.com.xml
+++ b/src/chrome/content/rules/Burstnet.com.xml
@@ -7,15 +7,12 @@
 -->
 <ruleset name="Burstnet">
 
-	<target host="*.burstnet.com" />
+	<target host="www.burstnet.com" />
 
 
 	<!--	Tracking cookies:
 					-->
-	<securecookie host="^\.burstnet\.com$" name="^BI\d+$" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.burstnet\.com/"
-		to="https://www.burstnet.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Burt.xml b/src/chrome/content/rules/Burt.xml
deleted file mode 100644
index 790315c409be..000000000000
--- a/src/chrome/content/rules/Burt.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Burt coverage, see Burt_hub.com.xml.
-
-
-	CDN buckets:
-
-		- burt-assets.s3.amazonaws.com
-
-
-	Nonfunctional domains:
-
-		- blog.burt.com		(hosted on Tumblr)
-
--->
-<ruleset name="Burt (partial)">
-
-	<target host="measure.richmetrics.com" />
-
-
-	<rule from="^http://measure\.richmetrics\.com/"
-		to="https://d3q6px0y2suh5n.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Burt_hub.com.xml b/src/chrome/content/rules/Burt_hub.com.xml
index 53461105cd64..117162309e85 100644
--- a/src/chrome/content/rules/Burt_hub.com.xml
+++ b/src/chrome/content/rules/Burt_hub.com.xml
@@ -8,7 +8,6 @@ Fetch error: http://help.burthub.com/ => https://help.burthub.com/: Too many red
 
 	Other Burt rulesets:
 
-		- Burt.xml
 		- Burt.io.xml
 
 
@@ -29,7 +28,7 @@ Fetch error: http://help.burthub.com/ => https://help.burthub.com/: Too many red
 	* Secured by us
 
 -->
-<ruleset name="Burt hub.com" default_off='failed ruleset test'>
+<ruleset name="Burt hub.com" default_off="failed ruleset test">
 
 	<target host="burthub.com" />
 	<target host="help.burthub.com" />
diff --git a/src/chrome/content/rules/BusinessAU.xml b/src/chrome/content/rules/BusinessAU.xml
deleted file mode 100644
index 945727aebb3b..000000000000
--- a/src/chrome/content/rules/BusinessAU.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="BusinessAU">
-	<target host="business.gov.au" />
-	<target host="*.business.gov.au" />
-
-	<rule from="^http://(?:www\.)?abr\.business\.gov\.au/"
-		to="https://abr.business.gov.au/" />
-
-	<rule from="^http://(?:www\.)?ablis\.business\.gov\.au/"
-		to="https://ablis.business.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/BusinessWeek.com.xml b/src/chrome/content/rules/BusinessWeek.com.xml
deleted file mode 100644
index e8f3d05076f0..000000000000
--- a/src/chrome/content/rules/BusinessWeek.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For other Bloomberg coverage, see Bloomberg.xml.
-
-
-	CDN buckets:
-
-		- images.businessweek.com.edgesuite.net
-		- res.businessweek.com.edgesuite.net
-
-		- cache.daylife.com/...
-
-			- dlimages.businessweek.com
-
-
-	Nonfunctional domains:
-
-		- businessweek.com subdomains:
-
-			- dlimages		(403; mismatched, CN: ssl2.cdngc.net)
-			- images		(shows bx.businessweek.com, akamai)
-			- investing		(refused)
-			- origin-images *
-			- origin-res *
-			- res			(redirects to origin-res, akamai)
-
-	* Shows bx.businessweek.com; mismatched, CN: bx.businessweek.com
-
--->
-<ruleset name="BusinessWeek.com (partial)">
-
-	<target host="bx.businessweek.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Business_2_Community.xml b/src/chrome/content/rules/Business_2_Community.xml
index b3484d6c6e8d..7a83717f88fd 100644
--- a/src/chrome/content/rules/Business_2_Community.xml
+++ b/src/chrome/content/rules/Business_2_Community.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://cdn\d?\.business2community\.com/"
 		to="https://a413375ddb981b128589-d09eee90a0d59eeeae019b649aa3ca91.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Business_Catalyst.com-problematic.xml b/src/chrome/content/rules/Business_Catalyst.com-problematic.xml
index 283eb5328f08..1c2d9f559afc 100644
--- a/src/chrome/content/rules/Business_Catalyst.com-problematic.xml
+++ b/src/chrome/content/rules/Business_Catalyst.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Business Catalyst.com (mismatched)" default_off="mismatched">
 
 	<target host="businesscatalyst.com" />
-	<target host="*.businesscatalyst.com" />
+	<target host="www.businesscatalyst.com" />
 
 
 	<securecookie host="^\.?businesscatalyst\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Business_Link.gov.uk.xml b/src/chrome/content/rules/Business_Link.gov.uk.xml
index ac962d295b42..2015fa7021bf 100644
--- a/src/chrome/content/rules/Business_Link.gov.uk.xml
+++ b/src/chrome/content/rules/Business_Link.gov.uk.xml
@@ -17,6 +17,6 @@
 	<rule from="^http://businesslink\.gov\.uk/"
 			to="https://www.businesslink.gov.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Butterfly_Labs.com.xml b/src/chrome/content/rules/Butterfly_Labs.com.xml
deleted file mode 100644
index 12e0f137e406..000000000000
--- a/src/chrome/content/rules/Butterfly_Labs.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(503)
-
-
-	Mixed content:
-
-		- Images on products from www
-
--->
-<ruleset name="Butterfly Labs.com (partial)">
-
-	<target host="*.butterflylabs.com" />
-
-
-	<securecookie host="^(?:forum|product)s\.butterflylabs\.com$" name=".+" />
-
-
-	<rule from="^http://(forum|product)s\.butterflylabs\.com/"
-		to="https://$1s.butterflylabs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ButtonNoses.com.xml b/src/chrome/content/rules/ButtonNoses.com.xml
new file mode 100644
index 000000000000..f7938d96b242
--- /dev/null
+++ b/src/chrome/content/rules/ButtonNoses.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ButtonNoses.com">
+	<target host="buttonnoses.com" />
+	<target host="www.buttonnoses.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BuyBoard.xml b/src/chrome/content/rules/BuyBoard.xml
index 20cb2b31f743..fa2ae7233ed7 100644
--- a/src/chrome/content/rules/BuyBoard.xml
+++ b/src/chrome/content/rules/BuyBoard.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://buyboard.com/ => https://buyboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'buyboard.com'")
 
 -->
-<ruleset name="BuyBoard (partial)" default_off='failed ruleset test'>
+<ruleset name="BuyBoard (partial)" default_off="failed ruleset test">
 
 	<target host="buyboard.com"/>
 	<target host="*.buyboard.com"/>
diff --git a/src/chrome/content/rules/BuyMeACoffee.com.xml b/src/chrome/content/rules/BuyMeACoffee.com.xml
new file mode 100644
index 000000000000..f52c8f76e53e
--- /dev/null
+++ b/src/chrome/content/rules/BuyMeACoffee.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Buy Me A Coffee.com">
+	<target host="buymeacoffee.com" />
+	<target host="www.buymeacoffee.com" />
+	<target host="blog.buymeacoffee.com" />
+
+	<target host="buymeacoff.ee" />
+	<target host="www.buymeacoff.ee" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/BuySellAds.xml b/src/chrome/content/rules/BuySellAds.xml
index 7546f86bdf24..bebc5a58518a 100644
--- a/src/chrome/content/rules/BuySellAds.xml
+++ b/src/chrome/content/rules/BuySellAds.xml
@@ -12,7 +12,8 @@
 <ruleset name="BuySellAds (partial)">
 
 	<target host="buysellads.com" />
-	<target host="*.buysellads.com" />
+	<target host="www.buysellads.com" />
+	<target host="s3.buysellads.com" />
 
 
 	<!--	At least some pages redirect to http.
diff --git a/src/chrome/content/rules/Buy_Veteran.xml b/src/chrome/content/rules/Buy_Veteran.xml
index 3fd968ba30ad..687ecc58757e 100644
--- a/src/chrome/content/rules/Buy_Veteran.xml
+++ b/src/chrome/content/rules/Buy_Veteran.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?buyveteran\.com/([aA]bout\.aspx|[aA]pp_[tT]hemes/|BuyVeteran\.ico|[gG]ift|[iI]mages/|Join_Step1\.aspx|[pP]artner|[pP]ress|[sS]tore|[tT]estimonials\.aspx)"
 		to="https://$1buyveteran.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/BuzzFeed.xml b/src/chrome/content/rules/BuzzFeed.xml
index ecd0b734385f..a815ff5faa71 100644
--- a/src/chrome/content/rules/BuzzFeed.xml
+++ b/src/chrome/content/rules/BuzzFeed.xml
@@ -24,7 +24,7 @@
 	<target host="buzzfed.com" />
 	<target host="s3-ak.buzzfed.com" />
 
-	<rule from="^http://buzzfed\.com/" 
+	<rule from="^http://buzzfed\.com/"
 			to="https://www.buzzfeed.com/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Buzzdock.xml b/src/chrome/content/rules/Buzzdock.xml
deleted file mode 100644
index 541a953783c5..000000000000
--- a/src/chrome/content/rules/Buzzdock.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-		- download	(record_too_long)
-		- search *
-
-	* 404
-
-
-	Problematic subdomains:
-
-		^	(404)
-
--->
-<ruleset name="Buzzdock (partial)">
-
-	<target host="buzzdock.com" />
-	<target host="*.buzzdock.com" />
-
-
-	<rule from="^http://(?:www\.)?buzzdock\.com/"
-		to="https://www.buzzdock.com/" />
-
-	<rule from="^http://edge\.buzzdock\.com/"
-		to="https://edge.buzzdock.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Buzzdoes.com.xml b/src/chrome/content/rules/Buzzdoes.com.xml
index 77432afb0eb9..32cc8133e893 100644
--- a/src/chrome/content/rules/Buzzdoes.com.xml
+++ b/src/chrome/content/rules/Buzzdoes.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://buzzdoes.com/ => https://buzzdoes.com/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://www.buzzdoes.com/ => https://www.buzzdoes.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="buzzdoes.com" default_off='failed ruleset test'>
+<ruleset name="buzzdoes.com" default_off="failed ruleset test">
 
 	<target host="buzzdoes.com" />
 	<target host="www.buzzdoes.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.buzzdoes.com/ => https://www.buzzdoes.com/: (28, 'Connec
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Buzzhosting.org.xml b/src/chrome/content/rules/Buzzhosting.org.xml
deleted file mode 100644
index 4322b43720d4..000000000000
--- a/src/chrome/content/rules/Buzzhosting.org.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://buzzhosting.org/ => https://www.buzzhosting.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.buzzhosting.org'")
-Fetch error: http://www.buzzhosting.org/ => https://www.buzzhosting.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.buzzhosting.org'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://buzzhosting.org/ => https://www.buzzhosting.org/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://www.buzzhosting.org/ => https://www.buzzhosting.org/: (28, 'Connection timed out after 10000 milliseconds')
-	Problematic subdomains:
-
-		- ^	(refused)
-
--->
-<ruleset name="Buzzhosting.org" default_off='failed ruleset test'>
-
-	<target host="buzzhosting.org" />
-	<target host="www.buzzhosting.org" />
-
-
-	<rule from="^http://(?:www\.)?buzzhosting\.org/"
-		to="https://www.buzzhosting.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Buzzurl.xml b/src/chrome/content/rules/Buzzurl.xml
index 938cf0df6ee7..5dadee748733 100644
--- a/src/chrome/content/rules/Buzzurl.xml
+++ b/src/chrome/content/rules/Buzzurl.xml
@@ -22,10 +22,11 @@ Fetch error: http://buzzurl.jp.eimg.jp/ => https://buzzurl.jp/: (28, 'Connection
 		- buzzurl.jp.eimg.jp	(cert: jpssl.cdngc.net; 403)
 
 -->
-<ruleset name="Buzzurl" default_off='failed ruleset test'>
+<ruleset name="Buzzurl" default_off="failed ruleset test">
 
 	<target host="buzzurl.jp" />
-	<target host="*.buzzurl.jp" />
+	<target host="api.buzzurl.jp" />
+	<target host="cdn.buzzurl.jp" />
 	<target host="buzzurl.jp.eimg.jp" />
 
 
diff --git a/src/chrome/content/rules/ByCraft.cz.xml b/src/chrome/content/rules/ByCraft.cz.xml
deleted file mode 100644
index 411becbefbae..000000000000
--- a/src/chrome/content/rules/ByCraft.cz.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ByCraft.cz">
-    <target host="bycraft.cz" />
-    <target host="www.bycraft.cz" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/By_David_Wittig.com.xml b/src/chrome/content/rules/By_David_Wittig.com.xml
deleted file mode 100644
index ccadcd688e26..000000000000
--- a/src/chrome/content/rules/By_David_Wittig.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="by David Wittig.com">
-
-	<target host="bydavidwittig.com" />
-	<target host="www.bydavidwittig.com" />
-
-
-	<securecookie host="^\.?bydavidwittig\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Byond.com.xml b/src/chrome/content/rules/Byond.com.xml
deleted file mode 100644
index 1290cc414256..000000000000
--- a/src/chrome/content/rules/Byond.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!-- 
-	notes: 
-		http byond.com redirects to www.byond.com
-		https byond.com 404's.
-		https www.byond.com redirects to secure.byond.co
-		http(s) www.secure.byond.com and secure.www.byond.com 404s
-		http secure.byond.com redirects to https
-		/play/ subfolder breaks because of ajax and js that have to load from http (all links to this directory already downgrade)
-		Most links specify http in the url.
--->
-<ruleset name="byond.com">
-	<target host="byond.com" />
-	<target host="www.byond.com" />
-	<target host="secure.byond.com" />
-	
-	<exclusion pattern="^http://(www\.)?byond\.com/play/" />
-		<test url="http://byond.com/play/" />
-		<test url="http://www.byond.com/play/" />
-	
-	<rule from="^http://byond\.com/" to="https://www.byond.com/" />
-	
-	<rule from="^http:" to="https:" />
-	
-</ruleset>
diff --git a/src/chrome/content/rules/Byte.nl.xml b/src/chrome/content/rules/Byte.nl.xml
deleted file mode 100644
index f0b5811ac28f..000000000000
--- a/src/chrome/content/rules/Byte.nl.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	Other Byte rulesets:
-
-		- Bytenoc.nl.xml
-
-
-	Nonfunctional hosts in *byte.nl:
-
-		- www.service *
-
-	* 403
-
-
-	These altnames don't exist:
-
-		- www.shoplift.byte.nl
-
-
-	Insecure cookies are set for these hosts:
-
-		- service.byte.nl
-
--->
-<ruleset name="Byte.nl">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="byte.nl" />
-	<target host="shoplift.byte.nl" />
-	<target host="service.byte.nl" />
-	<target host="webmail.byte.nl" />
-	<target host="www.webmail.byte.nl" />
-	<target host="www.byte.nl" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^service\.byte\.nl$" name="^Byte::AuthCookieHandler2_Service$" /-->
-
-	<securecookie host="^service\.byte\.nl$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Bytemark.co.uk.xml b/src/chrome/content/rules/Bytemark.co.uk.xml
index 6439a4fce563..aaca5111d37f 100644
--- a/src/chrome/content/rules/Bytemark.co.uk.xml
+++ b/src/chrome/content/rules/Bytemark.co.uk.xml
@@ -21,7 +21,7 @@ Fetch error: http://status.bytemark.co.uk/ => https://status.bytemark.co.uk/: (6
 		- status.bytemark.co.uk
 
 -->
-<ruleset name="Bytemark.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bytemark.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Bytenoc.nl.xml b/src/chrome/content/rules/Bytenoc.nl.xml
deleted file mode 100644
index a7ec817a93bc..000000000000
--- a/src/chrome/content/rules/Bytenoc.nl.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Byte coverage, see Byte.nl.xml.
-
--->
-<ruleset name="Bytenoc.nl">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="bytenoc.nl" />
-	<target host="www.bytenoc.nl" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/C-Base.org.xml b/src/chrome/content/rules/C-Base.org.xml
index 501fee44cc16..69f41c205fab 100644
--- a/src/chrome/content/rules/C-Base.org.xml
+++ b/src/chrome/content/rules/C-Base.org.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: *.crew.c-base.org has a wildcard DNS record and 62 of its 
+	Remark: *.crew.c-base.org has a wildcard DNS record and 62 of its
 		sub-domains with incomplete certificate chain error are omitted.
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/C-CEX.com.xml b/src/chrome/content/rules/C-CEX.com.xml
deleted file mode 100644
index cdb196946a1a..000000000000
--- a/src/chrome/content/rules/C-CEX.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- c-cex.com
-		- .c-cex.com
-		- www.c-cex.com
-
--->
-<ruleset name="C-CEX.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="c-cex.com" />
-	<target host="www.c-cex.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?c-cex\.com$" name="^(lpm|p|rf)$" /-->
-	<!--securecookie host="^\.c-cex\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?c-cex\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/C-and-a.com.xml b/src/chrome/content/rules/C-and-a.com.xml
index c89bc5296131..96838ba83ed9 100644
--- a/src/chrome/content/rules/C-and-a.com.xml
+++ b/src/chrome/content/rules/C-and-a.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="c-and-a.com">
 
 	<target host="c-and-a.com" />
-	<target host="*.c-and-a.com" />	
+	<target host="www.c-and-a.com" />
+	<target host="postview.c-and-a.com" />
 
 
 	<securecookie host="^(?:www)?\.c-and-a\.com$" name=".+" />
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?c-and-a\.com/"
 		to="https://www.c-and-a.com/" />
 
-	<rule from="^http://postview\.c-and-a\.com/"
-		to="https://postview.c-and-a.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/C3noc.net.xml b/src/chrome/content/rules/C3noc.net.xml
index 81d7425b684c..f38658efb4b8 100644
--- a/src/chrome/content/rules/C3noc.net.xml
+++ b/src/chrome/content/rules/C3noc.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://vpn.c3noc.net/ => https://vpn.c3noc.net/: (7, 'Failed to con
 Fetch error: http://www.c3noc.net/ => https://www.c3noc.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.c3noc.net'")
 
 -->
-<ruleset name="c3noc.net" default_off='failed ruleset test'>
+<ruleset name="c3noc.net" default_off="failed ruleset test">
 
 	<target host="c3noc.net" />
 	<target host="vpn.c3noc.net" />
diff --git a/src/chrome/content/rules/C3tag.com.xml b/src/chrome/content/rules/C3tag.com.xml
index e65ead701b1b..5afc01f63fca 100644
--- a/src/chrome/content/rules/C3tag.com.xml
+++ b/src/chrome/content/rules/C3tag.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/C4tw.net.xml b/src/chrome/content/rules/C4tw.net.xml
index f68f1acf32e9..fea286c84602 100644
--- a/src/chrome/content/rules/C4tw.net.xml
+++ b/src/chrome/content/rules/C4tw.net.xml
@@ -28,7 +28,7 @@ Fetch error: http://c4tw.net/ => https://c4tw.net/: (7, 'Failed to connect to c4
 	www doesn't exist.
 
 -->
-<ruleset name="c4tw.net (partial)" default_off='failed ruleset test'>
+<ruleset name="c4tw.net (partial)" default_off="failed ruleset test">
 
 	<target host="c4tw.net" />
 	<target host="s0.c4tw.net" />
diff --git a/src/chrome/content/rules/CA-PCA.fr.xml b/src/chrome/content/rules/CA-PCA.fr.xml
index def55e72b9ea..e95a6d0a4cb9 100644
--- a/src/chrome/content/rules/CA-PCA.fr.xml
+++ b/src/chrome/content/rules/CA-PCA.fr.xml
@@ -11,7 +11,7 @@
 	<target host="entreprises.ca-pca.fr" />
 	<target host="m.ca-pca.fr" />
 
-	<rule from="^http://ca-pca\.fr/" 
+	<rule from="^http://ca-pca\.fr/"
 		to="https://www.ca-pca.fr/" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/CA-State-Board-of-Equalization.xml b/src/chrome/content/rules/CA-State-Board-of-Equalization.xml
index bf90193b5ec6..b0447ecd7416 100644
--- a/src/chrome/content/rules/CA-State-Board-of-Equalization.xml
+++ b/src/chrome/content/rules/CA-State-Board-of-Equalization.xml
@@ -1,15 +1,11 @@
+<!--
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- boe.ca.gov
+		- www.boe.ca.gov
+-->
 <ruleset name="California State Board of Equalization">
-	<target host="boe.ca.gov" />
 	<target host="efile.boe.ca.gov" />
-	<target host="www.boe.ca.gov" />
 
-	<securecookie host="^(?:efile|www)\.boe\.ca\.gov$" name=".+" />
-
-	<test url="https://boe.ca.gov/" />
-	<test url="http://efile.boe.ca.gov/ereg/" />
-
-	<rule from="^(?:http://(?:www\.)?|https://)boe\.ca\.gov/"
-			to="https://www.boe.ca.gov/" />
-	<rule from="^http://efile\.boe\.ca\.gov/"
-			to="https://efile.boe.ca.gov/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CA-Technologies.xml b/src/chrome/content/rules/CA-Technologies.xml
deleted file mode 100644
index 087021add5ab..000000000000
--- a/src/chrome/content/rules/CA-Technologies.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="CA Technologies">
-	<target host="cloudmonitor.nimsoft.com" />
-
-    <rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CA-mpr.jp.xml b/src/chrome/content/rules/CA-mpr.jp.xml
deleted file mode 100644
index 542dc5ef16b8..000000000000
--- a/src/chrome/content/rules/CA-mpr.jp.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	(www.) do not exist.
-
-	Web bugs.
-
--->
-<ruleset name="CA-mpr.jp">
-
-	<target host="ot.ca-mpr.jp" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CA.com.xml b/src/chrome/content/rules/CA.com.xml
index 3d507c0cdb17..e68cdb1891ac 100644
--- a/src/chrome/content/rules/CA.com.xml
+++ b/src/chrome/content/rules/CA.com.xml
@@ -55,7 +55,7 @@ Non-2xx HTTP code: http://trials.ca.com/us/~/media/trials/images/icons/google-pl
 	* Secured by us
 
 -->
-<ruleset name="CA.com (partial)" default_off='failed ruleset test'>
+<ruleset name="CA.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CAD-Comic.com.xml b/src/chrome/content/rules/CAD-Comic.com.xml
new file mode 100644
index 000000000000..0b7a262fd374
--- /dev/null
+++ b/src/chrome/content/rules/CAD-Comic.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="CAD-Comic.com">
+	<target host="cad-comic.com" />
+	<target host="www.cad-comic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CAGW.org.xml b/src/chrome/content/rules/CAGW.org.xml
deleted file mode 100644
index 7e469095b0e5..000000000000
--- a/src/chrome/content/rules/CAGW.org.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Citizens Against Government Waste
-
-
-	CDN buckets:
-
-		- www.2dialog.com/cagw/
-		- 0f3ed393c370316a3f10-bf2b63c262e77e03f36b541d4da198e8.ssl.cf1.rackcdn.com
-		- a50f19c3bf49f970db88-f99b1d095421892aad896d7efcceed2f.ssl.cf1.rackcdn.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="CAGW.org (partial)">
-
-	<target host="*.cagw.org" />
-
-
-	<securecookie host="^\.?secure\.cagw\.org$" name=".+" />
-
-
-	<rule from="^http://secure\.cagw\.org/"
-		to="https://secure.cagw.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CAREpackage.xml b/src/chrome/content/rules/CAREpackage.xml
index 0075fcc9197b..9266787ef623 100644
--- a/src/chrome/content/rules/CAREpackage.xml
+++ b/src/chrome/content/rules/CAREpackage.xml
@@ -8,7 +8,7 @@
 <ruleset name="CAREpackage (partial)">
 
 	<!--target host="carepackage.org" /-->
-	<target host="*.carepackage.org" />
+	<target host="stage.carepackage.org" />
 
 
 	<!--rule from="^http://(?:www\.)?carepackage\.org/(careajax|sites)/"
diff --git a/src/chrome/content/rules/CARI.net.xml b/src/chrome/content/rules/CARI.net.xml
index d1ac16269de0..a78e0e29ede5 100644
--- a/src/chrome/content/rules/CARI.net.xml
+++ b/src/chrome/content/rules/CARI.net.xml
@@ -6,14 +6,14 @@ Fetch error: http://chat.cari.net/ => https://chat.cari.net/: (60, 'SSL certific
 	For problematic rules, see CARI.net-self-signed.xml.
 
 -->
-<ruleset name="CARI.net (partial)" default_off='failed ruleset test'>
+<ruleset name="CARI.net (partial)" default_off="failed ruleset test">
 
 	<target host="cari.net" />
 	<target host="chat.cari.net" />
 	<target host="www.cari.net" />
 
 
-	<securecookie host="^(?:.*\.)?cari\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/CAcert.xml b/src/chrome/content/rules/CAcert.xml
index 80ac6210d04c..e285b31b1471 100644
--- a/src/chrome/content/rules/CAcert.xml
+++ b/src/chrome/content/rules/CAcert.xml
@@ -14,7 +14,7 @@ Fetch error: http://cacert.com/ => https://cacert.com/: (60, 'SSL certificate pr
 Fetch error: http://www.cacert.com/ => https://www.cacert.com/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
 
 -->
-<ruleset name="CACert.org (CAcert)" default_off='failed ruleset test'>
+<ruleset name="CACert.org (CAcert)" default_off="failed ruleset test">
 	<target host=             "cacert.org" />
 	<target host=        "blog.cacert.org" />
 	<target host=        "bugs.cacert.org" />
diff --git a/src/chrome/content/rules/CBC_Blueprint.xml b/src/chrome/content/rules/CBC_Blueprint.xml
index c9ce8d2ac5d7..ec7ca4f8b2b7 100644
--- a/src/chrome/content/rules/CBC_Blueprint.xml
+++ b/src/chrome/content/rules/CBC_Blueprint.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?cbcblueprint\.com/"
 		to="https://www.cbcblueprint.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CBS-Sports-Network.xml b/src/chrome/content/rules/CBS-Sports-Network.xml
index 715b80a90c76..76eb453b122c 100644
--- a/src/chrome/content/rules/CBS-Sports-Network.xml
+++ b/src/chrome/content/rules/CBS-Sports-Network.xml
@@ -1,24 +1,16 @@
 <!--
 	For other CBS coverage, see CBS.xml.
 
-
-	CN: *.cstv.com
-
+	Non-functional hosts:
+		SSL error:
+		- dev.cbssportsnetwork.com
 -->
-<ruleset name="CBS Sports Network " default_off="mismatched">
-
-	<!--	Akamai	-->
+<ruleset name="CBS Sports Network">
 	<target host="cbssportsnetwork.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.cbssportsnetwork.com" />
-
-
-	<securecookie host="^.*\.cbssportsnetwork\.com$" name=".+" />
-
+	<target host="www.cbssportsnetwork.com" />
+	<target host="affiliates.cbssportsnetwork.com" />
 
-	<!--	!www 301s to www.
-					-->
-	<rule from="^http://(?:www\.)?cbssportsnetwork\.com/"
-		to="https://www.cbssportsnetwork.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CBS.xml b/src/chrome/content/rules/CBS.xml
index b2bec01e1f9a..2c7d66721edd 100644
--- a/src/chrome/content/rules/CBS.xml
+++ b/src/chrome/content/rules/CBS.xml
@@ -1,165 +1,40 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://om.cnet.com.au/ => https://zdau-cnet.122.2o7.net/: None
-Fetch error: http://dw.com.com/ => https://dw.com.com/: (28, 'Connection timed out after 10001 milliseconds')
 	Other CBS rulesets:
-
 		- CBS-Sports-Network.xml
+		- CBSInteractive.com.au.xml
+		- CBSInteractive.com.xml
+		- CBSIstatic.net.xml
+		- CBSNews.com.xml
+		- CBSStatic.com.xml
 		- CBS_Store.xml
+		- CBSimg.net.xml
+		- CBSi.com.au.xml
+		- CNETFrance.fr.xml
 		- CNET_content.com.xml
-		- GameSpot.xml
+		- GameSpot.com.xml
 		- Giant_Bomb.com.xml
 		- Last.fm.xml
-		- TechRepublic.xml
+		- TechRepublic.com.xml
 		- ZDNet.xml
 
-
-	om.cnet.com.au/b/ss/zdau-cnet/
-
-
-	CDN buckets:
-
-		- ad.cnet-basic-performance.akadns.net
-
-			- mads.cbs.com
-
-		- wwwimage.cbs.com.edgesuite.net
-
-			- wwwimage.cbsstatic.com
-
-		- www.cbsnews.com.edgesuite.net
-
-		- wwwimage.cbsnews.com.edgesuite.net
-
-			- a1030.g.akamai.net/=/1030/1957/7d/wwwimages.cbsnews.com/	(works!)
-
-		- download-hl.cnet.com.edgesuite.net
-
-			- donwload.cnet.com
-
-		- graphics.fansonly.com.edgesuite.net
-
-			- grfx.cstv.com
-
-		- i.b2b.com.com.edgesuite.net
-
-			- b2b.cbsimg.net
-
-		- i.com.com.edgesuite.net	(maps directly ... but 404s over https.)
-
-			- i.i.cbsi.com
-			- asset\d+.cbsistatic.com
-			- a868.g.akamai.net
-
-				- a248.e.akamai.net/cnwk.1d/
-				- a248.e.akamai.net/=/868/1957/7d/img.com.com/
-
-	cnwk.1d/i/
-	/=/5048/1957/7d/img.com.com/i/
-
-
-	Nonfunctional domains:
-
-		- mads.cbs.com *
-		- (www.)cbs.dk			(redirects to http, valid cert)
-		- adlog.com.com *
-		- cdn.cbsi.com.au **
-		- b2b.cbsimg.net ****
-		- cn.cbsimg.net **
-		- (www.)cbsinteractive.com
-		- (www.)cbsinteractive.com.au
-		- www.cbsinteractive.co.uk ***
-		- cbsnews.com ***
-		- www.cbsnews.com **
-		- bwp.cbsnews.com
-		- mads.cbsnews.com
-		- crave.cnet.co.uk ***
-		- (bwp|www).cnet.com
-		- download.cnet.com **
-		- news.cnet.com
-		- cnettv.cnet.com *
-		- forums.cnetfrance.fr ***
-		- adlog.com.com *
-		- assets.com.com		(doesn't work over https, redirects to i.i.com.com)
-		- ads.com.com ***		(data on www.cnet.com)
-		- i.i.com.com **
-		- origin.i.com.com
-		- image.com.com ****
-		- img.com.com
-		- grfx.cstv.com ****
-		- (www.)findarticles.com
-		- bwp.news.com *
-		- graphics.ocsn.com ****
-		- (www.)zol.com.cn
-		- img2.zol.com.cn
-
-	* Refused
-	** 503, akamai
-	*** Times out
-	**** 504, akamai
-
-	asset\d		≍	i.i.com.com
-
-
-	Problematic domains:
-
-		- wwwimage.cbs.com *
-		- www.cbsstatic.com		(mismatched, CN: *.cbs.com)
-		- wwwimage.cbsstatic.com *
-
-	* 504, akamai
-
-
-	Partially covered domains:
-
-		- (www.)cbs.com		(some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- fileupload.intl.cbs.com
-		- wwwimage.cbs.com		(→ www.cbs.com)
-		- www.cbsstatic.com		(→ www.cbs.com)
-		- wwwimage.cbsstatic.com	(→ www.cbs.com)
-
+	Non-functional hosts
+		Timeout was reached:
+		- mads.cbs.com
+
+		SSL peer certificate was not OK:
+		- cbsnews.cbs.com
+		- ecomedia.cbs.com
+		- investors.cbs.com
+		- multimedia.cbs.com
+		- promonet.cbs.com
+		- syndication.cbs.com
+		- wwwimage.cbs.com
 -->
-<ruleset name="CBS (partial)">
-
+<ruleset name="CBS.com (partial)">
 	<target host="cbs.com" />
-	<target host="*.cbs.com" />
-		<exclusion pattern="^http://(?:www\.)?cbs\.com/(?!assets/|base/files/|Common/|favicon\.ico|thumbnails/|user(?:$|\?|/))" />
-	<target host="*.cbsnews.com" />
-	<target host="*.cbsstatic.com" />
-	<target host="om.cnet.com.au" />
-	<target host="dw.com.com" />
-
-
-	<!--	Fails to redirect over https:
-						-->
-	<rule from="^http://(www\.)?cbs\.com/user/?(?:\?.*)?$"
-		to="https://$1cbs.com/user/settings/" />
-
-	<rule from="^http://(fileupload\.intl\.|www\.)?cbs\.com/"
-		to="https://$1cbs.com/" />
-
-	<rule from="^http://wwwimage\.cbs\.com/"
-		to="https://www.cbs.com/" />
-
-	<rule from="^http://markets\.cbsnews\.com/$"
-		to="https://markets.financialcontent.com/cbsnews" />
-
-	<rule from="^http://markets\.cbsnews\.com/"
-		to="https://markets.financialcontent.com/" />
-
-	<rule from="^http://www(?:image)?\.cbsstatic\.com/"
-		to="https://www.cbs.com/" />
-
-	<rule from="^http://om\.cnet\.com\.au/"
-		to="https://zdau-cnet.122.2o7.net/" />
-
-	<!--	Tracking beacon:
-				-->
-	<rule from="^http://dw\.com\.com/"
-		to="https://dw.com.com/" />
+	<target host="www.cbs.com" />
+	<target host="audienceservices.cbs.com" />
+	<target host="wap.cbs.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CBSInteractive.com.au.xml b/src/chrome/content/rules/CBSInteractive.com.au.xml
new file mode 100644
index 000000000000..1695d7934d62
--- /dev/null
+++ b/src/chrome/content/rules/CBSInteractive.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- cbsinteractive.com.au
+-->
+<ruleset name="CBSInteractive.com.au (partial)">
+	<target host="cbsinteractive.com.au" />
+	<target host="www.cbsinteractive.com.au" />
+
+	<rule from="^http://(www\.)?cbsinteractive\.com\.au/"
+		to="https://www.cbsinteractive.com.au/" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSInteractive.com.xml b/src/chrome/content/rules/CBSInteractive.com.xml
new file mode 100644
index 000000000000..88578b70df06
--- /dev/null
+++ b/src/chrome/content/rules/CBSInteractive.com.xml
@@ -0,0 +1,12 @@
+<!--
+     For other CBS coverage, see CBS.xml.
+-->
+<ruleset name="CBSInteractive.com (partial)">
+	<target host="cbsinteractive.com" />
+	<target host="www.cbsinteractive.com" />
+	<target host="asia.cbsinteractive.com" />
+	<target host="connect.cbsinteractive.com" />
+	<target host="vidtech.cbsinteractive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSNews.com.xml b/src/chrome/content/rules/CBSNews.com.xml
new file mode 100644
index 000000000000..63ff075f774e
--- /dev/null
+++ b/src/chrome/content/rules/CBSNews.com.xml
@@ -0,0 +1,140 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Cert expired:
+		- gigya-auth.cbsnews.com
+		- push.cbsnews.com
+
+	Cert mismatch:
+		- www.48hours.cbsnews.com
+		- beta.cbsnews.com
+		- cbsn.cbsnews.com
+		- www.cbsn.cbsnews.com
+		- feeds.cbsn.cbsnews.com
+		- images.cbsn.cbsnews.com
+		- download.cbsnews.com
+		- dw.cbsnews.com
+		- www.election.cbsnews.com
+		- fonts.cbsnews.com
+		- hls.cbsnews.com
+		- images-cbsn.cbsnews.com
+		- beta.img.cbsnews.com
+		- ipad-streaming.cbsnews.com
+		- li.cbsnews.com
+		- live.cbsnews.com
+		- media.cbsnews.com
+		- mi.cbsnews.com
+		- newsletters.cbsnews.com
+		- posidn-api.cbsnews.com
+		- www.showbuzz.cbsnews.com
+		- wwwimage.showbuzz.cbsnews.com
+		- socialize.cbsnews.com
+		- trail.cbsnews.com
+		- vokevr.cbsnews.com
+		- beta.www.cbsnews.com
+		- wwwimage.cbsnews.com
+
+	Chain issues:
+		- filedrop.cbsnews.com
+
+	Connection refused:
+		- aw.cbsnews.com
+		- cgi.cbsnews.com
+		- gateway.cbsnews.com
+		- race08.cbsnews.com
+
+	Timeout:
+	- adimg.cbsnews.com
+	- api.cbsnews.com
+	- archive.cbsnews.com
+	- archives.cbsnews.com
+	- autodiscover.cbsnews.com
+	- ct.cbsnews.com
+	- ctm.cbsnews.com
+	- dev.cbsnews.com
+	- features.cbsnews.com
+	- fusion.cbsnews.com
+	- games.cbsnews.com
+	- go.cbsnews.com
+	- img.cbsnews.com
+	- reports.madison.cbsnews.com
+	- mads.cbsnews.com
+	- mail.cbsnews.com
+	- mail1.cbsnews.com
+	- mail2.cbsnews.com
+	- monarch.cbsnews.com
+	- nls.cbsnews.com
+	- ocp.cbsnews.com
+	- origin2.cbsnews.com
+	- owa.cbsnews.com
+	- preview.cbsnews.com
+	- sharepoint.cbsnews.com
+	- smtp1.cbsnews.com
+	- smtp2.cbsnews.com
+	- smtp3.cbsnews.com
+	- stage.cbsnews.com
+	- tools.cbsnews.com
+	- webcast.cbsnews.com
+
+	TLS error:
+		- feeds.cbsnews.com
+		- hotsheet.cbsnews.com
+		- portal.cbsnews.com
+		- webmail.cbsnews.com
+-->
+<ruleset name="CBSNews">
+
+	<target host="cbsnews.com"/>
+	<target host="www.cbsnews.com"/>
+
+	<target host="60minutes.cbsnews.com"/>
+	<target host="alerts.cbsnews.com"/>
+	<target host="android.cbsnews.com"/>
+	<target host="audio.cbsnews.com"/>
+	<target host="blackberry.cbsnews.com"/>
+	<target host="cdn.cbsnews.com"/>
+	<target host="cdn-origin.cbsnews.com"/>
+	<target host="cms.cbsnews.com"/>
+	<target host="docs.cbsnews.com"/>
+	<target host="election.cbsnews.com"/>
+	<target host="enpsmobile.cbsnews.com"/>
+	<target host="evening.cbsnews.com"/>
+	<target host="failover.cbsnews.com"/>
+	<target host="feeds-cbsn.cbsnews.com"/>
+	<target host="iphone.cbsnews.com"/>
+	<target host="labs.cbsnews.com"/>
+	<target host="m.cbsnews.com"/>
+	<target host="markets.cbsnews.com"/>
+	<target host="marketwatch.cbsnews.com"/>
+	<target host="mobile.cbsnews.com"/>
+	<target host="mobile-feeds.cbsnews.com"/>
+	<target host="moneywatch.cbsnews.com"/>
+	<target host="mvideo.cbsnews.com"/>
+	<target host="oaktree.cbsnews.com"/>
+	<target host="oaktree2.cbsnews.com"/>
+	<target host="ott.cbsnews.com"/>
+	<target host="podcast.cbsnews.com"/>
+	<target host="podcasts.cbsnews.com"/>
+	<target host="politics.cbsnews.com"/>
+	<target host="radio.cbsnews.com"/>
+	<target host="search.cbsnews.com"/>
+	<target host="secure.cbsnews.com"/>
+	<target host="secure-fly.cbsnews.com"/>
+	<target host="secure-img.cbsnews.com"/>
+	<target host="showbuzz.cbsnews.com"/>
+	<target host="standards.cbsnews.com"/>
+	<target host="storm.cbsnews.com"/>
+	<target host="sunday.cbsnews.com"/>
+	<target host="track.cbsnews.com"/>
+	<target host="urs.cbsnews.com"/>
+	<target host="video.cbsnews.com"/>
+	<target host="wallstrip.cbsnews.com"/>
+	<target host="wap.cbsnews.com"/>
+	<target host="widgets-cbsn.cbsnews.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CBSNews.xml b/src/chrome/content/rules/CBSNews.xml
deleted file mode 100644
index f7a0bfb5c7e7..000000000000
--- a/src/chrome/content/rules/CBSNews.xml
+++ /dev/null
@@ -1,138 +0,0 @@
-<!--
-	Cert expired:
-		- gigya-auth.cbsnews.com
-		- push.cbsnews.com
-
-	Cert mismatch:
-		- www.48hours.cbsnews.com
-		- beta.cbsnews.com
-		- cbsn.cbsnews.com
-		- www.cbsn.cbsnews.com
-		- feeds.cbsn.cbsnews.com
-		- images.cbsn.cbsnews.com
-		- download.cbsnews.com
-		- dw.cbsnews.com
-		- www.election.cbsnews.com
-		- fonts.cbsnews.com
-		- hls.cbsnews.com
-		- images-cbsn.cbsnews.com
-		- beta.img.cbsnews.com
-		- ipad-streaming.cbsnews.com
-		- li.cbsnews.com
-		- live.cbsnews.com
-		- media.cbsnews.com
-		- mi.cbsnews.com
-		- newsletters.cbsnews.com
-		- posidn-api.cbsnews.com
-		- www.showbuzz.cbsnews.com
-		- wwwimage.showbuzz.cbsnews.com
-		- socialize.cbsnews.com
-		- trail.cbsnews.com
-		- vokevr.cbsnews.com
-		- beta.www.cbsnews.com
-		- wwwimage.cbsnews.com
-
-	Chain issues:
-		- filedrop.cbsnews.com
-
-	Connection refused:
-		- aw.cbsnews.com
-		- cgi.cbsnews.com
-		- gateway.cbsnews.com
-		- race08.cbsnews.com
-
-	Timeout:
-	- adimg.cbsnews.com
-	- api.cbsnews.com
-	- archive.cbsnews.com
-	- archives.cbsnews.com
-	- autodiscover.cbsnews.com
-	- ct.cbsnews.com
-	- ctm.cbsnews.com
-	- dev.cbsnews.com
-	- features.cbsnews.com
-	- fusion.cbsnews.com
-	- games.cbsnews.com
-	- go.cbsnews.com
-	- img.cbsnews.com
-	- reports.madison.cbsnews.com
-	- mads.cbsnews.com
-	- mail.cbsnews.com
-	- mail1.cbsnews.com
-	- mail2.cbsnews.com
-	- monarch.cbsnews.com
-	- nls.cbsnews.com
-	- ocp.cbsnews.com
-	- origin2.cbsnews.com
-	- owa.cbsnews.com
-	- preview.cbsnews.com
-	- sharepoint.cbsnews.com
-	- smtp1.cbsnews.com
-	- smtp2.cbsnews.com
-	- smtp3.cbsnews.com
-	- stage.cbsnews.com
-	- tools.cbsnews.com
-	- webcast.cbsnews.com
-
-	TLS error:
-		- feeds.cbsnews.com
-		- hotsheet.cbsnews.com
-		- portal.cbsnews.com
-		- webmail.cbsnews.com
--->
-<ruleset name="CBSNews">
-
-	<target host="cbsnews.com"/>
-	<target host="www.cbsnews.com"/>
-
-	<target host="60minutes.cbsnews.com"/>
-	<target host="alerts.cbsnews.com"/>
-	<target host="android.cbsnews.com"/>
-	<target host="audio.cbsnews.com"/>
-	<target host="blackberry.cbsnews.com"/>
-	<target host="cdn.cbsnews.com"/>
-	<target host="cdn-origin.cbsnews.com"/>
-	<target host="cms.cbsnews.com"/>
-	<target host="docs.cbsnews.com"/>
-	<target host="election.cbsnews.com"/>
-	<target host="enpsmobile.cbsnews.com"/>
-	<target host="evening.cbsnews.com"/>
-	<target host="failover.cbsnews.com"/>
-	<target host="feeds-cbsn.cbsnews.com"/>
-	<target host="iphone.cbsnews.com"/>
-	<target host="labs.cbsnews.com"/>
-	<target host="m.cbsnews.com"/>
-	<target host="markets.cbsnews.com"/>
-	<target host="marketwatch.cbsnews.com"/>
-	<target host="mobile.cbsnews.com"/>
-	<target host="mobile-feeds.cbsnews.com"/>
-	<target host="moneywatch.cbsnews.com"/>
-	<target host="mvideo.cbsnews.com"/>
-	<target host="oaktree.cbsnews.com"/>
-	<target host="oaktree2.cbsnews.com"/>
-	<target host="ott.cbsnews.com"/>
-	<target host="podcast.cbsnews.com"/>
-	<target host="podcasts.cbsnews.com"/>
-	<target host="politics.cbsnews.com"/>
-	<target host="radio.cbsnews.com"/>
-	<target host="search.cbsnews.com"/>
-	<target host="secure.cbsnews.com"/>
-	<target host="secure-fly.cbsnews.com"/>
-	<target host="secure-img.cbsnews.com"/>
-	<target host="showbuzz.cbsnews.com"/>
-	<target host="standards.cbsnews.com"/>
-	<target host="storm.cbsnews.com"/>
-	<target host="sunday.cbsnews.com"/>
-	<target host="track.cbsnews.com"/>
-	<target host="urs.cbsnews.com"/>
-	<target host="video.cbsnews.com"/>
-	<target host="wallstrip.cbsnews.com"/>
-	<target host="wap.cbsnews.com"/>
-	<target host="widgets-cbsn.cbsnews.com"/>
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CBSStatic.com.xml b/src/chrome/content/rules/CBSStatic.com.xml
new file mode 100644
index 000000000000..24f0d4c7ef5f
--- /dev/null
+++ b/src/chrome/content/rules/CBSStatic.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- wwwimage.cbsstatic.com
+		- wwwimage1.cbsstatic.com
+		- wwwimage2.cbsstatic.com
+		- wwwimage3.cbsstatic.com
+		- wwwimage4.cbsstatic.com
+		- wwwimage5.cbsstatic.com
+
+		5xx status code:
+		- www.cbsstatic.com
+-->
+<ruleset name="CBSStatic.com">
+	<target host="wwwimage-secure.cbsstatic.com" />
+	<target host="wwwimage-secure1.cbsstatic.com" />
+	<target host="wwwimage-secure2.cbsstatic.com" />
+	<target host="wwwimage-secure3.cbsstatic.com" />
+	<target host="wwwimage-secure4.cbsstatic.com" />
+	<target host="wwwimage-secure5.cbsstatic.com" />
+	<target host="wwwimage.cbsstatic.com" />
+	<target host="wwwimage1.cbsstatic.com" />
+	<target host="wwwimage2.cbsstatic.com" />
+	<target host="wwwimage3.cbsstatic.com" />
+	<target host="wwwimage4.cbsstatic.com" />
+	<target host="wwwimage5.cbsstatic.com" />
+
+	<test url="http://wwwimage.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+	<test url="http://wwwimage1.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage1.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage1.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+	<test url="http://wwwimage2.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage2.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage2.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+	<test url="http://wwwimage3.cbsstatic.com/assets/build/css/homepage-c9f128868b.min.css" />
+	<test url="http://wwwimage3.cbsstatic.com/assets/build/js/other/cbs/ads/cbs-0008ca0787.ads.min.js" />
+	<test url="http://wwwimage3.cbsstatic.com/thumbnails/photos/w170/show_asset/84/18/91/show_asset_6774b6ad-d585-4204-80ae-febf04b02d9d.jpg" />
+
+	<rule from="^http://wwwimage(\d?)\.cbsstatic\.com/"
+		to="https://wwwimage-secure$1.cbsstatic.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBS_Local.xml b/src/chrome/content/rules/CBS_Local.xml
index 6ce9e5814fc8..77078c99266a 100644
--- a/src/chrome/content/rules/CBS_Local.xml
+++ b/src/chrome/content/rules/CBS_Local.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CBS_Store.xml b/src/chrome/content/rules/CBS_Store.xml
index 128fe098cf98..47682e35419d 100644
--- a/src/chrome/content/rules/CBS_Store.xml
+++ b/src/chrome/content/rules/CBS_Store.xml
@@ -1,30 +1,20 @@
 <!--
 	For other CBS coverage, see CBS.xml.
 
-
-	CDN buckets:
-
-		- cbs.deliveryagent.com
-
-			- www.cbsstore.com
-
-
-	Problematic subdomains:
-
-		- ^	(works; self-signed, CN: secure.cbsstore.com)
-		- www	(works, akamai)
-
+	Non-functional hosts:
+		SSL error:
+		- cbsstore.com
 -->
 <ruleset name="CBS Store">
-
 	<target host="cbsstore.com" />
-	<target host="*.cbsstore.com" />
-
+	<target host="www.cbsstore.com" />
+	<target host="secure.cbsstore.com" />
 
 	<securecookie host="^\.cbsstore\.com$" name=".+" />
 
+	<rule from="^http://cbsstore\.com/"
+		to="https://www.cbsstore.com/" />
 
-	<rule from="^http://(?:secure\.|www\.)?cbsstore\.com/"
-		to="https://secure.cbsstore.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSi.com.au.xml b/src/chrome/content/rules/CBSi.com.au.xml
new file mode 100644
index 000000000000..50131f982dfb
--- /dev/null
+++ b/src/chrome/content/rules/CBSi.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cdn.cbsi.com.au
+
+		Incomplete certificate chain error:
+		- cbsi.com.au
+		- www.cbsi.com.au
+-->
+<ruleset name="CBSi.com.au" default_off="cert-invalid">
+	<target host="cbsi.com.au" />
+	<target host="www.cbsi.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CBSimg.net.xml b/src/chrome/content/rules/CBSimg.net.xml
new file mode 100644
index 000000000000..cf02e018f2dc
--- /dev/null
+++ b/src/chrome/content/rules/CBSimg.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- b2b.cbsimg.net
+		- cn.cbsimg.net
+		- dl.cbsimg.net
+		- n.cbsimg.net
+		- t.cbsimg.net
+-->
+<ruleset name="CBSimg.net">
+	<target host="sports.cbsimg.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CC.com.xml b/src/chrome/content/rules/CC.com.xml
index 96209cd59fb5..dfd61d4cd092 100644
--- a/src/chrome/content/rules/CC.com.xml
+++ b/src/chrome/content/rules/CC.com.xml
@@ -1,38 +1,27 @@
-<!--	
-	Nonfunctional subdomains:
-
-		- ^ ¹
-		- jokes ²
-		- tosh ²
-		- thedailyshow ²
-		- www ²
-
-	¹ Refused
-	² 503, Akamai
-
-
-	Fully covered subdomains:
-
-		- direct
+<!--
+	Nonfunctional hosts in *.cc.com:
+	- cc.com (t)
+	- www.cc.com (h)
+	- ccdirect.cc.com (t)
+	- www.ccdirect.cc.com (t)
+	- jokes.cc.com (m)
+	- pitches.cc.com (t)
+	- thedailyshow.cc.com (t)
+	- tosh.cc.com (t)
 
 	Mixed content:
-
-		- Bug on direct from mtv.112.2o7.net *
-
-	* Secured by us
-
+	- wiki.southpark.cc.com
+	- forums.southpark.cc.com
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="CC.com (partial)">
+	<target host="southpark.cc.com" />
+	<target host="press.cc.com" />
 
-	<target host="*.cc.com" />
-
-
-	<!--	2o7.net tracker:
-					-->
-	<securecookie host="^\.cc\.com$" name="^s_vi$" />
-
-
-	<rule from="^http://direct\.cc\.com/"
-		to="https://direct.cc.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CCAvenue.xml b/src/chrome/content/rules/CCAvenue.xml
index 93a84605d2ed..1c03fb989ab6 100644
--- a/src/chrome/content/rules/CCAvenue.xml
+++ b/src/chrome/content/rules/CCAvenue.xml
@@ -7,7 +7,9 @@
 <ruleset name="CCAvenue">
 
 	<target host="ccavenue.com" />
-	<target host="*.ccavenue.com" />
+	<target host="www.ccavenue.com" />
+	<target host="mars.ccavenue.com" />
+	<target host="world.ccavenue.com" />
 
 
 	<securecookie host="^.+\.ccavenue\.com$" name=".+" />
@@ -16,7 +18,6 @@
 	<rule from="^http://(?:www\.)?ccavenue\.com/"
 		to="https://www.ccavenue.com/" />
 
-	<rule from="^http://(mars|world)\.ccavenue\.com/"
-		to="https://$1.ccavenue.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CCC-Mannheim.de.xml b/src/chrome/content/rules/CCC-Mannheim.de.xml
index 0ef28f4e85cf..df79bcdbc7b3 100644
--- a/src/chrome/content/rules/CCC-Mannheim.de.xml
+++ b/src/chrome/content/rules/CCC-Mannheim.de.xml
@@ -5,7 +5,7 @@ Fetch error: http://ccc-mannheim.de/ => https://ccc-mannheim.de/: (60, 'SSL cert
 Fetch error: http://www.ccc-mannheim.de/ => https://www.ccc-mannheim.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="CCC-Mannheim.de" default_off='failed ruleset test'>
+<ruleset name="CCC-Mannheim.de" default_off="failed ruleset test">
 
 	<target host="ccc-mannheim.de" />
 	<target host="www.ccc-mannheim.de" />
diff --git a/src/chrome/content/rules/CCH.xml b/src/chrome/content/rules/CCH.xml
index 132f67adb1d8..d645cbeec84b 100644
--- a/src/chrome/content/rules/CCH.xml
+++ b/src/chrome/content/rules/CCH.xml
@@ -14,16 +14,20 @@
 <ruleset name="CCH">
 
 	<target host="cch.com" />
-	<target host="*.cch.com" />
+	<target host="www.cch.com" />
+	<target host="support.cch.com" />
+	<target host="www.support.cch.com" />
 	<target host="cchgroup.com" />
-	<target host="*.cchgroup.com" />
+	<target host="www.cchgroup.com" />
+	<target host="tax.cchgroup.com" />
+	<target host="www.tax.cchgroup.com" />
+	<target host="prosystemfxsupport.tax.cchgroup.com" />
+	<target host="stage.prosystemfxsupport.tax.cchgroup.com" />
 
 
 	<securecookie host=".*\.cch(?:group)?\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cch\.com/"
-		to="https://$1cch.com/" />
 
 	<rule from="^http://(?:www\.)?support\.cch\.com/"
 		to="https://support.cch.com/" />
@@ -34,7 +38,6 @@
 	<rule from="^http://(?:www\.)?tax\.cchgroup\.com/"
 		to="https://tax.cchgroup.com/" />
 
-	<rule from="^http://(stage\.)?prosystemfxsupport\.tax\.cchgroup\.com/"
-		to="https://$1prosystemfxsupport.tax.cchgroup.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CCS.xml b/src/chrome/content/rules/CCS.xml
index bd66eff8834a..4ea156425079 100644
--- a/src/chrome/content/rules/CCS.xml
+++ b/src/chrome/content/rules/CCS.xml
@@ -29,7 +29,7 @@ Fetch error: http://m.ccs.com/ => https://m.ccs.com/: (6, 'Could not resolve hos
 		- .shop.ccs.com
 
 -->
-<ruleset name="CCS.com (partial)" default_off='failed ruleset test'>
+<ruleset name="CCS.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CCleaner.com.xml b/src/chrome/content/rules/CCleaner.com.xml
new file mode 100644
index 000000000000..395ee2f8ec60
--- /dev/null
+++ b/src/chrome/content/rules/CCleaner.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Certificate:
+		forum.ccleaner.com
+		support.ccleaner.com
+		web1.web.ccleaner.com
+-->
+<ruleset name="CCleaner.com">
+	<target host="ccleaner.com" />
+	<target host="www.ccleaner.com" />
+	<target host="download.ccleaner.com" />
+	<target host="s1.ccleaner.com" />
+	<target host="secure.ccleaner.com" />
+	<target host="web.ccleaner.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDG_Commerce.com.xml b/src/chrome/content/rules/CDG_Commerce.com.xml
index 44e712d585a0..8ec818d0638a 100644
--- a/src/chrome/content/rules/CDG_Commerce.com.xml
+++ b/src/chrome/content/rules/CDG_Commerce.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.cdgcommerce.com/ => https://www.cdgcommerce.com/: Too ma
 		- www.cdgcommerce.com
 
 -->
-<ruleset name="CDG Commerce.com" default_off='failed ruleset test'>
+<ruleset name="CDG Commerce.com" default_off="failed ruleset test">
 
 	<target host="cdgcommerce.com" />
 	<target host="myapp.cdgcommerce.com" />
diff --git a/src/chrome/content/rules/CDIC-SADC.xml b/src/chrome/content/rules/CDIC-SADC.xml
new file mode 100644
index 000000000000..9abea24610b5
--- /dev/null
+++ b/src/chrome/content/rules/CDIC-SADC.xml
@@ -0,0 +1,11 @@
+<!--
+	Chain issue, missing intermediate:
+		- sfp.cdic.ca
+-->
+
+<ruleset name="CDIC-SADC">
+	<target host="www.cdic.ca" />
+	<target host="www.sadc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDJapan.xml b/src/chrome/content/rules/CDJapan.xml
new file mode 100644
index 000000000000..84aa64c0324d
--- /dev/null
+++ b/src/chrome/content/rules/CDJapan.xml
@@ -0,0 +1,13 @@
+<ruleset name="CDJapan">
+	<target host="cdjapan.co.jp" />
+	<target host="www.cdjapan.co.jp" />
+	<target host="ebbwv.cdjapan.co.jp" />
+	<target host="prebbwv.cdjapan.co.jp" />
+	<target host="prepaidsim.cdjapan.co.jp" />
+	<target host="rental.cdjapan.co.jp" />
+	<target host="st.cdjapan.co.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CDN-Redfin.com.xml b/src/chrome/content/rules/CDN-Redfin.com.xml
index 286353f30631..a63dfb7e6b9e 100644
--- a/src/chrome/content/rules/CDN-Redfin.com.xml
+++ b/src/chrome/content/rules/CDN-Redfin.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://ssl.cdn-redfin.com/ => https://ssl.cdn-redfin.com/: Too many
 	For other Redfin coverage, see Redfin.com.xml.
 
 -->
-<ruleset name="CDN-Redfin.com" default_off='failed ruleset test'>
+<ruleset name="CDN-Redfin.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CDN77.com-problematic.xml b/src/chrome/content/rules/CDN77.com-problematic.xml
index 977c70028447..5911243153e4 100644
--- a/src/chrome/content/rules/CDN77.com-problematic.xml
+++ b/src/chrome/content/rules/CDN77.com-problematic.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://([\w\-])\.r\.cdn77\.net/"
 		to="https://$1.r.cdn77.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CDN77.com.xml b/src/chrome/content/rules/CDN77.com.xml
index 0f9c969ff967..502862993bbe 100644
--- a/src/chrome/content/rules/CDN77.com.xml
+++ b/src/chrome/content/rules/CDN77.com.xml
@@ -28,4 +28,4 @@
 	<rule from="^http://([\w-]+)\.r\.worldssl\.net/"
 		to="https://$1.r.worldssl.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CDN_Instagram.com.xml b/src/chrome/content/rules/CDN_Instagram.com.xml
index 61cab12fd7bc..60caf822b68f 100644
--- a/src/chrome/content/rules/CDN_Instagram.com.xml
+++ b/src/chrome/content/rules/CDN_Instagram.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Instagram coverage, see Instagram.xml.
+	For other Instagram coverage, see Instagr.am.xml.
 
 -->
 <ruleset name="CDN Instagram.com">
@@ -7,6 +7,7 @@
 	<target host="scontent.cdninstagram.com" />
 	<target host="scontent-a.cdninstagram.com" />
 	<target host="scontent-b.cdninstagram.com" />
+	<target host="scontent-frt3-2.cdninstagram.com" />
 	<target host="scontent-frx5-1.cdninstagram.com" />
 
 	<rule from="^http:"	to="https:" />
diff --git a/src/chrome/content/rules/CDON.COM.xml b/src/chrome/content/rules/CDON.COM.xml
index 78507104e1ba..9f0592921660 100644
--- a/src/chrome/content/rules/CDON.COM.xml
+++ b/src/chrome/content/rules/CDON.COM.xml
@@ -1,5 +1,5 @@
 <!--
-	cdon.se subdomains are handled in cdon.se.xml 
+	cdon.se subdomains are handled in cdon.se.xml
 
 -->
 <ruleset name="CDON.COM" platform="mixedcontent">
diff --git a/src/chrome/content/rules/CDTFA.ca.gov.xml b/src/chrome/content/rules/CDTFA.ca.gov.xml
new file mode 100644
index 000000000000..fa04da8ef7f9
--- /dev/null
+++ b/src/chrome/content/rules/CDTFA.ca.gov.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- autodiscover.cdtfa.ca.gov
+		- campaign.cdtfa.ca.gov
+		- testcampaign.cdtfa.ca.gov
+
+	Mismatched:
+		- mail.cdtfa.ca.gov
+		- maps.cdtfa.ca.gov
+		- temp.cdtfa.ca.gov
+-->
+<ruleset name="CDTFA.ca.gov">
+	<target host="cdtfa.ca.gov" />
+	<target host="www.cdtfa.ca.gov" />
+	<target host="fs.cdtfa.ca.gov" />
+	<target host="gis.cdtfa.ca.gov" />
+	<target host="www.gis.cdtfa.ca.gov" />
+	<target host="onlineservices.cdtfa.ca.gov" />
+	<target host="services.gis.cdtfa.ca.gov" />
+	<target host="prodsimservices.cdtfa.ca.gov" />
+	<target host="services.cdtfa.ca.gov" />
+	<target host="testservices2.cdtfa.ca.gov" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CD_Universe.xml b/src/chrome/content/rules/CD_Universe.xml
index d9d58496f4ea..5332ea605ec7 100644
--- a/src/chrome/content/rules/CD_Universe.xml
+++ b/src/chrome/content/rules/CD_Universe.xml
@@ -26,7 +26,8 @@
 <ruleset name="CD Universe (partial)">
 
 	<target host="cduniverse.com" />
-	<target host="*.cduniverse.com" />
+	<target host="g.cduniverse.com" />
+	<target host="www.cduniverse.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -37,7 +38,8 @@
 					-->
 		<exclusion pattern="^http://www\.cduniverse\.com/(?!checkout/(?:account|allorderdisp|changepassword|orderstatus)\.asp|favicon\.ico|FooterIFrame\.asp|footer/footermusic\.html|help/contact\.asp|(?:\w+/)?images/|login\.asp|partner/(?:menu|partner)form\.asp|stylesheet\.css|wishlist\.asp)" />
 		<!--exclusion pattern="^http://g\.cduniverse\.com/(?!images/)" /-->
-	<target host="*.cduniverse.ws" />
+	<target host="c3.cduniverse.ws" />
+	<target host="i.cduniverse.ws" />
 
 
 	<!--	Not secured by server:
@@ -50,13 +52,10 @@
 	<securecookie host="^g\.cduniverse\.com$" name=".+" />
 
 
-	<rule from="^http://(g\.|www\.)?cduniverse\.com/"
-		to="https://$1cduniverse.com/" />
 
-	<rule from="^http://c3\.cduniverse\.ws/"
-		to="https://c3.cduniverse.ws/" />
 
 	<rule from="^http://i\.cduniverse\.ws/"
 		to="https://www.cduniverse.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CERIT-SC.cz.xml b/src/chrome/content/rules/CERIT-SC.cz.xml
index 80e57ae188d6..2b50eddedbcf 100644
--- a/src/chrome/content/rules/CERIT-SC.cz.xml
+++ b/src/chrome/content/rules/CERIT-SC.cz.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.cerit-sc.cz/ => https://www.cerit-sc.cz/: (35, 'Unknown
 	For other Masaryk University coverage, see Muni.cz.xml.
 
 -->
-<ruleset name="CERIT-SC.cz" default_off='failed ruleset test'>
+<ruleset name="CERIT-SC.cz" default_off="failed ruleset test">
 
 	<target host="cerit-sc.cz" />
 	<target host="docs.cerit-sc.cz" />
diff --git a/src/chrome/content/rules/CERIT.cz.xml b/src/chrome/content/rules/CERIT.cz.xml
index b67d6df9f103..e318d3bf53b7 100644
--- a/src/chrome/content/rules/CERIT.cz.xml
+++ b/src/chrome/content/rules/CERIT.cz.xml
@@ -14,7 +14,7 @@ Fetch error: http://prototyp.cerit.cz/ => https://prototyp.cerit.cz/: (51, "SSL:
 		- www.cerit.cz
 
 -->
-<ruleset name="CERIT.cz" default_off='failed ruleset test'>
+<ruleset name="CERIT.cz" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CERT-Bund.xml b/src/chrome/content/rules/CERT-Bund.xml
index 3c9688056b9a..064927e344b9 100644
--- a/src/chrome/content/rules/CERT-Bund.xml
+++ b/src/chrome/content/rules/CERT-Bund.xml
@@ -2,7 +2,7 @@
     <target host="cert-bund.de" />
     <target host="*.cert-bund.de" />
 
-    <securecookie host="^(?:.*\.)?cert-bund\.de$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://cert-bund\.de/"
         to="https://www.cert-bund.de/" />
diff --git a/src/chrome/content/rules/CERT-Polska.xml b/src/chrome/content/rules/CERT-Polska.xml
index 53955452f404..08d5affd843b 100644
--- a/src/chrome/content/rules/CERT-Polska.xml
+++ b/src/chrome/content/rules/CERT-Polska.xml
@@ -30,10 +30,10 @@
 	<target host="cert.pl" />
 	<target host="www.cert.pl" />
 	<!--	*s for cross-domain cookies.	-->
-	
 
 
-	<securecookie host="^(?:.*\.)?cert\.pl$" name=".+" />
+
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/CERT-UK.xml b/src/chrome/content/rules/CERT-UK.xml
deleted file mode 100644
index cba3ac4f672c..000000000000
--- a/src/chrome/content/rules/CERT-UK.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cert.gov.uk/ => https://www.cert.gov.uk/: (6, 'Could not resolve host: cert.gov.uk')
--->
-<ruleset name="CERT-UK">
-    <target host="cert.gov.uk" />
-    <target host="*.cert.gov.uk" />
-
-    <securecookie host="^(?:.*\.)?cert\.gov\.uk$" name=".+" />
-
-    <rule from="^http://cert\.gov\.uk/"
-        to="https://www.cert.gov.uk/" />
-    <rule from="^http://([^/:@]+)?\.cert\.gov\.uk/"
-        to="https://$1.cert.gov.uk/" />
-</ruleset>
diff --git a/src/chrome/content/rules/CERT-Verbund.xml b/src/chrome/content/rules/CERT-Verbund.xml
index 119f431260ec..b183e1beb61c 100644
--- a/src/chrome/content/rules/CERT-Verbund.xml
+++ b/src/chrome/content/rules/CERT-Verbund.xml
@@ -8,7 +8,7 @@
 
 		<test url="http://www.cert-verbund.de/" />
 
-    <securecookie host="^(?:.*\.)?cert-verbund\.de$" name=".+" />
+    <securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/CERT.at.xml b/src/chrome/content/rules/CERT.at.xml
index 9c2c8960f123..867d20a3b3a7 100644
--- a/src/chrome/content/rules/CERT.at.xml
+++ b/src/chrome/content/rules/CERT.at.xml
@@ -2,7 +2,7 @@
     <target host="cert.at" />
     <target host="*.cert.at" />
 
-    <securecookie host="^(?:.*\.)?cert\.at$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://cert\.at/"
         to="https://www.cert.at/" />
diff --git a/src/chrome/content/rules/CERT.xml b/src/chrome/content/rules/CERT.xml
index 4a494e5d7c1b..a28078c5b365 100644
--- a/src/chrome/content/rules/CERT.xml
+++ b/src/chrome/content/rules/CERT.xml
@@ -8,7 +8,7 @@
 	<target host="www.cert.org" />
 
 
-	<securecookie host="^(?:.+\.)?cert\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/CESG.xml b/src/chrome/content/rules/CESG.xml
deleted file mode 100644
index 5b9646cb9956..000000000000
--- a/src/chrome/content/rules/CESG.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-     For other UK Government coverage, see GOV.UK.xml.
-
-	^cesg.gov.uk doesn't exist.
-
--->
-<ruleset name="CESG.gov.uk">
-    <target host="www.cesg.gov.uk" />
-
-    <rule from="^http:"
-        to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CETIC.be.xml b/src/chrome/content/rules/CETIC.be.xml
index 2da5486bc2b6..8dda7eec1739 100644
--- a/src/chrome/content/rules/CETIC.be.xml
+++ b/src/chrome/content/rules/CETIC.be.xml
@@ -44,13 +44,18 @@
 <ruleset name="CETIC.be (partial)">
 
 	<target host="cetic.be" />
-	<target host="*.cetic.be" />
+	<target host="www.cetic.be" />
+	<target host="cronos.cetic.be" />
+	<target host="forge.cetic.be" />
+	<target host="git.forge.cetic.be" />
+	<target host="svn.forge.cetic.be" />
+	<target host="smtp.cetic.be" />
+	<target host="webmail.cetic.be" />
 
 
 	<rule from="^http://(?:www\.)?cetic\.be/"
 		to="https://www.cetic.be/" />
 
-	<rule from="^http://(cronos|forge|(?:git|svn)\.forge|smtp|webmail)\.cetic\.be/"
-		to="https://$1.cetic.be/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CEntrance.xml b/src/chrome/content/rules/CEntrance.xml
index d316346cee47..cf0f747a97f5 100644
--- a/src/chrome/content/rules/CEntrance.xml
+++ b/src/chrome/content/rules/CEntrance.xml
@@ -36,10 +36,10 @@
 			- store/cart.php?target=profile
 			- store/images/
 			- store/skins/
-								
+
 	<rule from="^http://(www\.)?centrance\.com/($|\?|(?:about|artists|css|i|icons|js|licensing|products|reviews)(?:$|\?|/)|store/(?:$|cart\.php\?target=cart&amp;action=(?:add|delete)|images/|skins/))"
 		to="https://$1centrance.com/$2" /-->
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CEtrk.com.xml b/src/chrome/content/rules/CEtrk.com.xml
deleted file mode 100644
index 3b0be18647c2..000000000000
--- a/src/chrome/content/rules/CEtrk.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For other Crazy Egg coverage, see Crazy-Egg.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/new.cetrk.com/
-
-
-	Nonfunctional hosts in *cetrk.com:
-
-		- (www.)? *
-
-	* Refused
-
-
-	Problematic hosts in *cetrk.com:
-
-		- trk *
-
-	* AmazonAWS
-
-
-	Fully covered hosts in *cetrk.com:
-
-		- trk	(→ s3.amazonaws.com)
-
--->
-<ruleset name="CEtrk.com (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="trk.cetrk.com" />
-
-
-	<rule from="^http://trk\.cetrk\.com/"
-		to="https://s3.amazonaws.com/trk.cetrk.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CFINotebook.net.xml b/src/chrome/content/rules/CFINotebook.net.xml
new file mode 100644
index 000000000000..19ae3a67c1e2
--- /dev/null
+++ b/src/chrome/content/rules/CFINotebook.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="CFINotebook.net">
+	<target host="cfinotebook.net" />
+	<target host="www.cfinotebook.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CFWGroup.ca.xml b/src/chrome/content/rules/CFWGroup.ca.xml
new file mode 100644
index 000000000000..8e2119009047
--- /dev/null
+++ b/src/chrome/content/rules/CFWGroup.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="CFWGroup.ca">
+	<target host="cfwgroup.ca" />
+	<target host="www.cfwgroup.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CHIP.de.xml b/src/chrome/content/rules/CHIP.de.xml
new file mode 100644
index 000000000000..87615ab0cde0
--- /dev/null
+++ b/src/chrome/content/rules/CHIP.de.xml
@@ -0,0 +1,117 @@
+<!--
+	Connection closed:
+		data.chip.de
+
+	Invalid certificate:
+		amazon.chip.de
+		apps.chip.de
+		dl.cdn.chip.de
+		*.damoh.chip.de
+		fsm.chip.de
+		ipe.chip.de
+		omniture.chip.de
+		video.chip.de
+		visual-story.chip.de
+
+	Mismatch:
+		rest.generator.chip.de
+
+	Refused:
+		pub.chip.de
+		rss.chip.de
+
+	Timeout:
+		adx.chip.de
+		*.int.chip.de
+		secure.chip.de
+		services.chip.de
+		shopstatic.chip.de
+
+	Too many redirects:
+		branded-story.chip.de
+		m.chip.de
+		shop.chip.de
+		x.chip.de
+-->
+<ruleset name="CHIP.de">
+
+	<target host="chip.de" />
+	<target host="www.chip.de" />
+		<exclusion pattern="^http://www\.chip\.de/404"/>
+		<test url="http://www.chip.de/404" />
+	<target host="acer-aspire-5-testblog.chip.de" />
+	<target host="acer-switch-alpha-12-testblog.chip.de" />
+	<target host="ad-js.chip.de" />
+	<target host="adtm.chip.de" />
+	<target host="amp-analytics.chip.de" />
+	<target host="angebot.chip.de" />
+	<target host="appsbackend.chip.de" />
+	<target host="asus-t300-chi-testblog.chip.de" />
+	<target host="autoren-stg.chip.de" />
+	<target host="behave.chip.de" />
+	<target host="beste-apps.chip.de" />
+	<target host="blog.chip.de" />
+	<target host="branded-stories.chip.de" />
+	<target host="business.chip.de" />
+	<target host="content.chip.de" />
+	<target host="ssl.1.damoh.chip.de" />
+	<target host="ssl.2.damoh.chip.de" />
+	<target host="ssl.3.damoh.chip.de" />
+	<target host="dealfinder.chip.de" />
+	<target host="deals.chip.de" />
+	<target host="digito.chip.de" />
+	<target host="downloaderapi.chip.de" />
+	<target host="dvd.chip.de" />
+	<target host="efahrer.chip.de" />
+	<target host="efahrer-images.chip.de" />
+	<target host="filestorage.chip.de" />
+	<target host="forum.chip.de" />
+	<target host="fotowelt.chip.de" />
+	<target host="free2play.chip.de" />
+	<target host="fsm1.chip.de" />
+	<target host="gopro-max-testblog.chip.de" />
+	<target host="gutscheine.chip.de" />
+	<target host="huawei-p9-testblog.chip.de" />
+	<target host="imgs.chip.de" />
+	<target host="info.chip.de" />
+	<target host="jobs.chip.de" />
+	<target host="kiosk.chip.de" />
+	<target host="kuendigen.chip.de" />
+	<target host="kzsicw.chip.de" />
+	<target host="lumeo.chip.de" />
+	<target host="mms.chip.de" />
+	<target host="newsletter.chip.de" />
+	<target host="pn.chip.de" />
+	<target host="praxistipps.chip.de" />
+	<target host="praxistipps-images.chip.de" />
+	<target host="r.chip.de" />
+	<target host="rt.chip.de" />
+	<target host="search.chip.de" />
+	<target host="sentry.chip.de" />
+	<target host="service.chip.de" />
+	<target host="shoppingadvisor.chip.de" />
+	<target host="shoppingadvisor-stg.chip.de" />
+	<target host="shoppingadvisor-thumbor.chip.de" />
+	<target host="somniture.chip.de" />
+	<target host="sparalarm.chip.de" />
+	<target host="speedtest.chip.de" />
+	<target host="suche.chip.de" />
+	<target host="tarife.chip.de" />
+	<target host="testcenter.chip.de" />
+	<target host="tl01.chip.de" />
+	<target host="tl02.chip.de" />
+	<target host="tl03.chip.de" />
+	<target host="tl04.chip.de" />
+	<target host="toplists-img.chip.de" />
+	<target host="videoembed.chip.de" />
+	<target host="videoplayer.chip.de" />
+	<target host="videoplayer-staging.chip.de" />
+	<target host="videos.chip.de" />
+	<target host="vorwerk-kobold-vr200-testblog.chip.de" />
+	<target host="zuhause.chip.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CIMB-Cambodia.xml b/src/chrome/content/rules/CIMB-Cambodia.xml
index 27df51233446..8368ea43a064 100644
--- a/src/chrome/content/rules/CIMB-Cambodia.xml
+++ b/src/chrome/content/rules/CIMB-Cambodia.xml
@@ -15,7 +15,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CIMB-Indonesia.xml b/src/chrome/content/rules/CIMB-Indonesia.xml
index 56be440c9ee5..15eb665204fc 100644
--- a/src/chrome/content/rules/CIMB-Indonesia.xml
+++ b/src/chrome/content/rules/CIMB-Indonesia.xml
@@ -36,7 +36,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CIMB-Principal.com.my.xml b/src/chrome/content/rules/CIMB-Principal.com.my.xml
deleted file mode 100644
index fc71e0b000b2..000000000000
--- a/src/chrome/content/rules/CIMB-Principal.com.my.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other CIMB coverage, see CIMB.com.xml
-
-
-	Non-functional subdomains:
-
-		- www.cimb-principal.com.my	(r)
-		- mobile	(m)
-		
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="CIMB Principal">
-
-	<target host="cimb-principal.com.my" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CIMB-Singapore.xml b/src/chrome/content/rules/CIMB-Singapore.xml
index bac63fa63ccf..d8c81e7f1089 100644
--- a/src/chrome/content/rules/CIMB-Singapore.xml
+++ b/src/chrome/content/rules/CIMB-Singapore.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://id.itradecimb.com.sg/ => https://id.itradecimb.com.sg/: (6, 'Could not resolve host: id.itradecimb.com.sg')
+
 	For other CIMB coverage, see CIMB.com.xml
 
 
@@ -18,21 +23,21 @@
 
 	<target host="cimbbank.com.sg" />
 	<target host="www.cimbbank.com.sg" />
-	<target host="secure.eforms.cimbbank.com.sg" />
-		<!-- main page is not functional -->
-		<exclusion pattern="^http://secure\.eforms\.cimbbank\.com\.sg/$" />
-		<test url="http://secure.eforms.cimbbank.com.sg/common/js/plugins/modal/dialog/close.gif" />
+	<!-- <target host="secure.eforms.cimbbank.com.sg" /> -->
+		<!-- main page is not functional/ Neither are test URLs, removing -->
+		<!-- <exclusion pattern="^http://secure\.eforms\.cimbbank\.com\.sg/$" />
+		<test url="http://secure.eforms.cimbbank.com.sg/common/js/plugins/modal/dialog/close.gif" /> -->
 
 	<target host="cimbclicks.com.sg" />
 	<target host="www.cimbclicks.com.sg" />
 
 	<target host="www.bizchannel.cimb.com.sg" />
 	<target host="www.itradecimb.com.sg" />
-	<target host="id.itradecimb.com.sg" />
+	<!-- target host="id.itradecimb.com.sg" /-->
 	<target host="th.itradecimb.com.sg" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CIMB-Thailand.xml b/src/chrome/content/rules/CIMB-Thailand.xml
index c8d22a50feb1..f2b16ba9e7bf 100644
--- a/src/chrome/content/rules/CIMB-Thailand.xml
+++ b/src/chrome/content/rules/CIMB-Thailand.xml
@@ -31,7 +31,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CIMB.com.xml b/src/chrome/content/rules/CIMB.com.xml
index dcc12307d684..4b4c2f578078 100644
--- a/src/chrome/content/rules/CIMB.com.xml
+++ b/src/chrome/content/rules/CIMB.com.xml
@@ -1,12 +1,37 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ecard.cimb.com/ => https://ecard.cimb.com/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cimb.com/ => https://cimb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cimb.com'")
+Fetch error: http://biz123.cimb.com/ => https://biz123.cimb.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://brokingrfs.cimb.com/ => https://brokingrfs.cimb.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cimbaseanscholarship.cimb.com/ => https://cimbaseanscholarship.cimb.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cimbequityresearch.cimb.com/ => https://cimbequityresearch.cimb.com/: (7, 'Failed to connect to cimbequityresearch.cimb.com port 443: Connection refused')
+Fetch error: http://cimbnet.cimb.com/ => https://cimbnet.cimb.com/: (7, 'Failed to connect to cimbnet.cimb.com port 443: Connection refused')
+Fetch error: http://cimbnet1.cimb.com/ => https://cimbnet1.cimb.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://cmt-vpn.cimb.com/ => https://cmt-vpn.cimb.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://eprocure.cimb.com/ => https://eprocure.cimb.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://fxmargintrading.cimb.com/ => https://fxmargintrading.cimb.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://irecruitment.cimb.com/ => https://irecruitment.cimb.com/: (6, 'Could not resolve host: irecruitment.cimb.com')
+Fetch error: http://research.cimb.com/ => https://research.cimb.com/: (51, "SSL: no alternative certificate subject name matches target host name 'research.cimb.com'")
+Fetch error: http://sgcfd.cimb.com/ => https://sgcfd.cimb.com/: (6, 'Could not resolve host: sgcfd.cimb.com')
+Fetch error: http://travelercb.cimb.com/ => https://travelercb.cimb.com/: (7, 'Failed to connect to travelercb.cimb.com port 443: Connection timed out')
+Fetch error: http://travelerib.cimb.com/ => https://travelerib.cimb.com/: (7, 'Failed to connect to travelerib.cimb.com port 443: Connection refused')
+Fetch error: http://watchlist.cimb.com/ => https://watchlist.cimb.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	Other related rulesets:
 
 		- CIMBBank.com.my.xml
 		- CIMBClicks.com.my.xml
 		- CIMBIslamic.com.xml
 		- CIMBPreferred.com.xml
-		- CIMB-Principal.com.my.xml
-		- CIMBSecurities.com.xml
 		- CIMB-Cambodia.xml
 		- CIMB-Indonesia.xml
 		- CIMB-Singapore.xml
@@ -107,33 +132,33 @@
 -->
 <ruleset name="CIMB.com">
 
-	<target host="cimb.com" />
+	<!-- target host="cimb.com" /-->
 	<target host="www.cimb.com" />
-	<target host="biz123.cimb.com" />
-	<target host="brokingrfs.cimb.com" />
+	<!-- target host="biz123.cimb.com" /-->
+	<!-- target host="brokingrfs.cimb.com" /-->
 	<target host="cimb-securee-pay.cimb.com" />
-	<target host="cimbaseanscholarship.cimb.com" />
+	<!-- target host="cimbaseanscholarship.cimb.com" /-->
 	<target host="cimbdebit-securee-pay.cimb.com" />
-	<target host="cimbequityresearch.cimb.com" />
+	<!-- target host="cimbequityresearch.cimb.com" /-->
 	<target host="cimbislamic-securee-pay.cimb.com" />
-	<target host="cimbnet.cimb.com" />
-	<target host="cimbnet1.cimb.com" />
-	<target host="cmt-vpn.cimb.com" />
+	<!-- target host="cimbnet.cimb.com" /-->
+	<!-- target host="cimbnet1.cimb.com" /-->
+	<!-- target host="cmt-vpn.cimb.com" /-->
 	<target host="controlroom.cimb.com" />
 	<target host="ebms.cimb.com" />
-	<target host="ecard.cimb.com" />
+	<!-- target host="ecard.cimb.com" /-->
 	<target host="elearning.cimb.com" />
-	<target host="eprocure.cimb.com" />
-	<target host="fxmargintrading.cimb.com" />
+	<!-- target host="eprocure.cimb.com" /-->
+	<!-- target host="fxmargintrading.cimb.com" /-->
 	<target host="hris.cimb.com" />
-	<target host="irecruitment.cimb.com" />
+	<!-- target host="irecruitment.cimb.com" /-->
 	<target host="rcs.cimb.com" />
-	<target host="research.cimb.com" />
-	<target host="sgcfd.cimb.com" />
+	<!-- target host="research.cimb.com" /-->
+	<!-- target host="sgcfd.cimb.com" /-->
 	<target host="stats.cimb.com" />
-	<target host="travelercb.cimb.com" />
-	<target host="travelerib.cimb.com" />
-	<target host="watchlist.cimb.com" />
+	<!-- target host="travelercb.cimb.com" /-->
+	<!-- target host="travelerib.cimb.com" /-->
+	<!-- target host="watchlist.cimb.com" /-->
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/CIMBClicks.com.my.xml b/src/chrome/content/rules/CIMBClicks.com.my.xml
index e06719c0ce2c..4d67999b9540 100644
--- a/src/chrome/content/rules/CIMBClicks.com.my.xml
+++ b/src/chrome/content/rules/CIMBClicks.com.my.xml
@@ -4,6 +4,7 @@
 
 	Non-functional subdomains:
 
+		- $host	(m)
 		- fb	(r)
 		- ns2	(r)
 		- ns3	(s)
@@ -33,6 +34,10 @@
 
 	<securecookie host=".+" name=".+" />
 
+	<!-- cert only matches www -->
+	<rule from="^http://cimbclicks\.com\.my/"
+		to="https://www.cimbclicks.com.my/" />
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CIMBIslamic.com.xml b/src/chrome/content/rules/CIMBIslamic.com.xml
index c02346469c82..cff7e12ba8ba 100644
--- a/src/chrome/content/rules/CIMBIslamic.com.xml
+++ b/src/chrome/content/rules/CIMBIslamic.com.xml
@@ -6,7 +6,7 @@
 
 		- cb	(m)
 		- www.wip	(m)
-		
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/CIMBSecurities.com.xml b/src/chrome/content/rules/CIMBSecurities.com.xml
deleted file mode 100644
index f93bb2dad412..000000000000
--- a/src/chrome/content/rules/CIMBSecurities.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other CIMB coverage, see CIMB.com.xml
-
-
-	Non-functional subdomains:
-
-		- www.cimbsecurities.com	(m)
-		- dns2	(r)
-		- ep	(m)
-		- listmail	(r)
-		- research	(m)
-		
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="CIMB Securities">
-
-	<target host="cfdrms.cimbsecurities.com" />
-	<target host="fx.cimbsecurities.com" />
-	<target host="tips.cimbsecurities.com" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CIO.com.xml b/src/chrome/content/rules/CIO.com.xml
index 11540a0aa8ea..8c46c7fd2aa1 100644
--- a/src/chrome/content/rules/CIO.com.xml
+++ b/src/chrome/content/rules/CIO.com.xml
@@ -34,7 +34,8 @@
 -->
 <ruleset name="CIO.com (partial)">
 
-	<target host="*.cio.com" />
+	<target host="council.cio.com" />
+	<target host="itjobs.cio.com" />
 
 
 	<rule from="^http://council\.cio\.com/"
diff --git a/src/chrome/content/rules/CIRT.net.xml b/src/chrome/content/rules/CIRT.net.xml
index 175a1bbf82bb..f777fd58a9a8 100644
--- a/src/chrome/content/rules/CIRT.net.xml
+++ b/src/chrome/content/rules/CIRT.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.cirt.net/ => https://www.cirt.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cirt.net'")
 
 -->
-<ruleset name="CIRT.net" default_off='failed ruleset test'>
+<ruleset name="CIRT.net" default_off="failed ruleset test">
 
 	<target host="cirt.net" />
 	<target host="www.cirt.net" />
diff --git a/src/chrome/content/rules/CIR_Online.org.xml b/src/chrome/content/rules/CIR_Online.org.xml
index e12ab8bb3741..9f1bc8c204e9 100644
--- a/src/chrome/content/rules/CIR_Online.org.xml
+++ b/src/chrome/content/rules/CIR_Online.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://beta.cironline.org/ => https://beta.cironline.org/: (28, 'Co
 Fetch error: http://www.cironline.org/ => https://www.cironline.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="CIR Online.org (partial)" default_off='failed ruleset test'>
+<ruleset name="CIR Online.org (partial)" default_off="failed ruleset test">
 
 	<target host="cironline.org" />
 	<target host="beta.cironline.org" />
@@ -18,7 +18,7 @@ Fetch error: http://www.cironline.org/ => https://www.cironline.org/: (60, 'SSL
 			Exceptions:
 					-->
 		<exclusion pattern="^http://cironline\.org/+(?!sites/)" />
-	
+
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/CISOfy.com.xml b/src/chrome/content/rules/CISOfy.com.xml
deleted file mode 100644
index 9e9299111d14..000000000000
--- a/src/chrome/content/rules/CISOfy.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	www.cisofy.com: 400
-
--->
-<ruleset name="CISOfy.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cisofy.com" />
-	<target host="portal.cisofy.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.cisofy.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-	<securecookie host="^\." name="^_gat?$" />
-
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://www\.cisofy\.com/.*"
-		to="https://cisofy.com/" />
-
-		<test url="http://www.cisofy.com/home.htm" />
-
-	<rule from="^http:"
-		to="https:" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/CJ2.nl.xml b/src/chrome/content/rules/CJ2.nl.xml
index 6e8aa227764f..c28f8f585a1d 100644
--- a/src/chrome/content/rules/CJ2.nl.xml
+++ b/src/chrome/content/rules/CJ2.nl.xml
@@ -14,7 +14,7 @@ Fetch error: http://admin.cj2.nl/ => https://admin.cj2.nl/: (28, 'Connection tim
 		- www.cj2.nl
 
 -->
-<ruleset name="CJ2.nl" default_off='failed ruleset test'>
+<ruleset name="CJ2.nl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CKSource.com.xml b/src/chrome/content/rules/CKSource.com.xml
index 1e0dd092c171..7a6b777f43ce 100644
--- a/src/chrome/content/rules/CKSource.com.xml
+++ b/src/chrome/content/rules/CKSource.com.xml
@@ -53,10 +53,6 @@
 	<target host="c.cksource.com" />
 	<target host="www.cksource.com" />
 
-
-	<rule from="^http://c\.cksource\.com/"
-		to="https://d2xc7e2akbvihw.cloudfront.net/" />
-
 	<rule from="^http://www\.cksource\.com/"
 		to="https://cksource.com/" />
 
diff --git a/src/chrome/content/rules/CLIC-study.xml b/src/chrome/content/rules/CLIC-study.xml
index b1e7a9d2c5a2..8c8a78a5b181 100644
--- a/src/chrome/content/rules/CLIC-study.xml
+++ b/src/chrome/content/rules/CLIC-study.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?clic-study\.org/"
 		to="https://clic-study.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CLP.com.hk.xml b/src/chrome/content/rules/CLP.com.hk.xml
index 97d2554230b7..9703b426565f 100644
--- a/src/chrome/content/rules/CLP.com.hk.xml
+++ b/src/chrome/content/rules/CLP.com.hk.xml
@@ -62,9 +62,9 @@
 
 	<securecookie host="^(www\.)?clp\.com\.hk$" name=".+" />
 
-	<rule from="^http://clp\.com\.hk/" 
+	<rule from="^http://clp\.com\.hk/"
 			to="https://www.clp.com.hk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CLTglobal.com.xml b/src/chrome/content/rules/CLTglobal.com.xml
index 14823fe1459c..24245a5a0e28 100644
--- a/src/chrome/content/rules/CLTglobal.com.xml
+++ b/src/chrome/content/rules/CLTglobal.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://cltglobal.com/ => https://cltglobal.com/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="CLTglobal.com" default_off='failed ruleset test'>
+<ruleset name="CLTglobal.com" default_off="failed ruleset test">
 
 	<target host="cltglobal.com" />
 	<target host="www.cltglobal.com" />
diff --git a/src/chrome/content/rules/CMAS_Center.org.xml b/src/chrome/content/rules/CMAS_Center.org.xml
index 2319c4be5f79..6fe889abd753 100644
--- a/src/chrome/content/rules/CMAS_Center.org.xml
+++ b/src/chrome/content/rules/CMAS_Center.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cmascenter.org/ => https://cmascenter.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="CMAS Center.org" default_off='failed ruleset test'>
+<ruleset name="CMAS Center.org" default_off="failed ruleset test">
 
 	<target host="cmascenter.org" />
 	<target host="www.cmascenter.org" />
diff --git a/src/chrome/content/rules/CMBChina.com.xml b/src/chrome/content/rules/CMBChina.com.xml
index e0ebf0d85790..3babf7e97276 100644
--- a/src/chrome/content/rules/CMBChina.com.xml
+++ b/src/chrome/content/rules/CMBChina.com.xml
@@ -1,4 +1,19 @@
+
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://www.cmbchina.com/assetdisposal/ => https://www.cmbchina.com/assetdisposal/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to www.cmbchina.com:443 ')
+Fetch error: http://ccclub.cmbchina.com/cash/Index.aspx => https://ccclub.cmbchina.com/cash/Index.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/cash/Index.aspx'
+Fetch error: http://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx => https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx'
+
+-->
+
 <!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://ccclub.cmbchina.com/cash/Index.aspx => https://ccclub.cmbchina.com/cash/Index.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/cash/Index.aspx'
+Fetch error: http://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx => https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx: Too many redirects while fetching 'https://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx'
+
 	404:
 		95555.cmbchina.com
 		branch.cmbchina.com
@@ -18,18 +33,17 @@
 		jf.cmbchina.com
 		ssl.jf.cmbchina.com	( Incomplete cert chain and MCB. )
 		mall.cmbchina.com
-		images.cmbchina.com
 		live.cmbchina.com	( equal to forum.cmbchina.com )
 		szdl.cmbchina.com	https://szdl.cmbchina.com/download/CmbSafeBase.exe
 
-	MCB:
-		www.cmbchina.com/(cmbinfo/)?$	(branch.* and vip.*)
-		hk.cmbchina.com	( No function issue. )
+	MC:
 		market.cmbchina.com/ccard/business/
-		sg.cmbchina.com	( No function issue. )
 		trip.cmbchina.com
 		market.trip.cmbchina.com	( https://market.trip.cmbchina.com/ads/20120323/ )
 
+	MCB:
+		www.cmbchina.com/(cmbinfo/)?$	(branch.* and vip.*)
+
 	Redirect to http:
 		cc.cmbchina.com
 		ccclub.cmbchina.com/fincreditweb/cccar/
@@ -48,8 +62,7 @@
 	<!--	Directly:	-->
 	<target host="acs.cmbchina.com" />
 		<test url="http://acs.cmbchina.com/MasterCard/PAMsg.aspx" />
-	<target host="app.cmbchina.com" />
-		<test url="http://app.cmbchina.com/webprotect/download.htm" />
+	<!-- <target host="app.cmbchina.com" /> -->
 	<target host="b2b.cmbchina.com" />
 		<test url="http://b2b.cmbchina.com/CmbBank_B2B/UI/Home.aspx" />
 	<target host="e.cmbchina.com" />
@@ -57,6 +70,7 @@
 	<target host="fi.cmbchina.com" />
 	<target host="file.cmbchina.com" />
 	<target host="hk.cmbchina.com" />
+	<target host="images.cmbchina.com" />
 	<target host="link.cmbchina.com" />
 		<test url="http://link.cmbchina.com/cmbcareer2015/" />
 	<target host="london.cmbchina.com" />
@@ -68,8 +82,7 @@
 		<test url="http://netpay.cmbchina.com/netpayment/images/NetPayApplyCard.htm" />
 	<target host="ny.cmbchina.com" />
 	<target host="ebank.nj1.cmbchina.com" />
-	<target host="office.cmbchina.com" />
-		<test url="http://office.cmbchina.com/OAMS/Portal/Help/UpdateAlert.htm" />
+	<target host="oa.cmbchina.com" />
 	<target host="sdc.cmbchina.com" />
 	<target host="sg.cmbchina.com" />
 	<target host="site.cmbchina.com" />
@@ -80,33 +93,17 @@
 	<target host="user.cmbchina.com" />
 	<target host="xiaozhao.wx.cmbchina.com" />
 	<target host="xyk.cmbchina.com" />
-	<target host="xykstatic.cmbchina.com" />
 
 	<!--	Complications:	-->
-	<target host="www.cmbchina.com" />
-	<exclusion pattern="^http://www\.cmbchina\.com/(cmbinfo/)?$" />
-		<test url="http://www.cmbchina.com/cmbinfo/" />
-
-		<test url="http://www.cmbchina.com/assetdisposal/" />
-		<test url="http://www.cmbchina.com/corporate" />
-		<test url="http://www.cmbchina.com/personal/" />
-
-	<target host="ccclub.cmbchina.com" />
-	<exclusion pattern="^http://ccclub\.cmbchina\.com/$" />
-	<exclusion pattern="^http://ccclub\.cmbchina\.com/fincreditweb/cccar/" />
-		<test url="http://ccclub.cmbchina.com/fincreditweb/cccar/default.aspx" />
+	<!-- target host="www.cmbchina.com" /-->
 
-		<test url="http://ccclub.cmbchina.com/cash/Index.aspx" />
-		<test url="http://ccclub.cmbchina.com/ccproduct/fushu.aspx" />
-		<test url="http://ccclub.cmbchina.com/fincreditweb/" />
-		<test url="http://ccclub.cmbchina.com/fincreditweb/Apply/Query.aspx" />
+	<!-- target host="ccclub.cmbchina.com" /-->
 
 	<target host="forum.cmbchina.com" />
 	<exclusion pattern="^http://forum\.cmbchina\.com/\S+\.aspx" />
 		<test url="http://forum.cmbchina.com/CmbMobileCredictApply/Default.aspx" />
 		<test url="http://forum.cmbchina.com/cmu/viewforum.aspx?forumid=50" />
 
-		<test url="http://forum.cmbchina.com/cmbwebshare/Scripts/CmbWebShare.js" />
 		<test url="http://forum.cmbchina.com/CMU/images/tp0000.gif" />
 		<test url="http://forum.cmbchina.com/cmu/images/announce.gif" />
 		<test url="http://forum.cmbchina.com/cmu/scripts/default.js" />
diff --git a/src/chrome/content/rules/CMP.xml b/src/chrome/content/rules/CMP.xml
index 5c9499d18e06..5bc935c38593 100644
--- a/src/chrome/content/rules/CMP.xml
+++ b/src/chrome/content/rules/CMP.xml
@@ -13,7 +13,7 @@ Non-2xx HTTP code: http://cookies.cmpnet.com/ (200) => https://i.cmpnet.com/ (40
 	* Mismatched
 
 -->
-<ruleset name="CMPnet.com" default_off='failed ruleset test'>
+<ruleset name="CMPnet.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CMPXCHG8B.xml b/src/chrome/content/rules/CMPXCHG8B.xml
deleted file mode 100644
index 9fc1d3b1a9d0..000000000000
--- a/src/chrome/content/rules/CMPXCHG8B.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="CMPXCHG8B.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="lock.cmpxchg8b.com"/>
-
-	<!--	Complications:
-				-->
-	<target host="cmpxchg8b.com"/>
-	<target host="www.cmpxchg8b.com"/>
-
-
-	<rule from="^http://(?:www\.)?cmpxchg8b\.com/"
-		to="https://lock.cmpxchg8b.com/"/>
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/CMSWire.xml b/src/chrome/content/rules/CMSWire.xml
index a2a529540551..9bbc9b250737 100644
--- a/src/chrome/content/rules/CMSWire.xml
+++ b/src/chrome/content/rules/CMSWire.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.cmswire.com/ => https://www.cmswire.com/: Too many redir
 Fetch error: http://cmswire.com/ => https://www.cmswire.com/: Too many redirects while fetching 'https://www.cmswire.com/'
 
 -->
-<ruleset name="CMSWire" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CMSWire" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.cmswire.com"/>
   <target host="cmswire.com"/>
   <rule from="^http://(?:www\.)?cmswire\.com/" to="https://www.cmswire.com/"/>
diff --git a/src/chrome/content/rules/CM_Dev.com.xml b/src/chrome/content/rules/CM_Dev.com.xml
index c17f8363c30e..f1c443a8db6c 100644
--- a/src/chrome/content/rules/CM_Dev.com.xml
+++ b/src/chrome/content/rules/CM_Dev.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://cmdev.com/ => https://cmdev.com/: (60, 'SSL certificate prob
 Fetch error: http://www.cmdev.com/ => https://www.cmdev.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="CM Dev.com" default_off='failed ruleset test'>
+<ruleset name="CM Dev.com" default_off="failed ruleset test">
 
 	<target host="cmdev.com" />
 	<target host="www.cmdev.com" />
diff --git a/src/chrome/content/rules/CNDP.fr.xml b/src/chrome/content/rules/CNDP.fr.xml
deleted file mode 100644
index 1eb2036904b6..000000000000
--- a/src/chrome/content/rules/CNDP.fr.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- cas.edutheque
-
--->
-<ruleset name="CNDP.fr (partial)">
-
-	<target host="cas.edutheque.cndp.fr" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CNES.fr.xml b/src/chrome/content/rules/CNES.fr.xml
index 43df695dd1c3..357d05b123fe 100644
--- a/src/chrome/content/rules/CNES.fr.xml
+++ b/src/chrome/content/rules/CNES.fr.xml
@@ -5,14 +5,14 @@
 	Nonfunctional hosts in *cnes.fr:
 
 		- videotheque *
-		
+
 	* Shows another domain
 
 
 	Problematic hosts in *cnes.fr:
 
 		- cosparhq *
-		
+
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 
diff --git a/src/chrome/content/rules/CNET.com.au.xml b/src/chrome/content/rules/CNET.com.au.xml
new file mode 100644
index 000000000000..2f805e550c94
--- /dev/null
+++ b/src/chrome/content/rules/CNET.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.cnet.com.au
+		- m.cnet.com.au
+		- om.cnet.com.au
+
+		Incomplete certificate chain error:
+		- cnet.com.au
+-->
+<ruleset name="CNET.com.au" default_off="cert-invalid">
+	<target host="cnet.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNET.com.xml b/src/chrome/content/rules/CNET.com.xml
new file mode 100644
index 000000000000..cc35a3a7126f
--- /dev/null
+++ b/src/chrome/content/rules/CNET.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- blogs.cnet.com
+		- export.cnet.com
+
+		Timeout was reached:
+		- ces.cnet.com
+		- china.cnet.com
+		- cnettv.cnet.com
+		- crave.cnet.com
+		- forums.cnet.com
+		- news.cnet.com
+		- reviews.cnet.com
+		- shopper.cnet.com
+
+		SSL peer certificate was not OK:
+		- descargar.cnet.com
+		- live.cnet.com
+		- paidcontent.cnet.com
+		- telecharger.cnet.com
+
+		Different content:
+		- asia.cnet.com
+
+-->
+<ruleset name="CNET.com">
+	<target host="cnet.com" />
+	<target host="download.beta.cnet.com" />
+	<target host="download.cnet.com" />
+	<target host="downloadsearch.cnet.com" />
+	<target host="es.downloadsearch.cnet.com" />
+	<target host="uk.downloadsearch.cnet.com" />
+	<target host="feed.cnet.com" />
+	<target host="japan.cnet.com" />
+	<target host="s.japan.cnet.com" />
+	<target host="leadgen-cbslnk.cnet.com" />
+	<target host="me.cnet.com" />
+	<target host="podcast-files.cnet.com" />
+	<target host="secure-download.cnet.com" />
+	<target host="download.stage.cnet.com" />
+	<target host="studio61.cnet.com" />
+	<target host="subscribe.cnet.com" />
+	<target host="upload.cnet.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNETFrance.fr.xml b/src/chrome/content/rules/CNETFrance.fr.xml
new file mode 100644
index 000000000000..160cdf213f7c
--- /dev/null
+++ b/src/chrome/content/rules/CNETFrance.fr.xml
@@ -0,0 +1,9 @@
+<!--
+     For other CBS coverage, see CBS.xml.
+-->
+<ruleset name="CNET France.fr (partial)">
+	<target host="www.cnetfrance.fr" />
+	<target host="forums.cnetfrance.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CNN.com.xml b/src/chrome/content/rules/CNN.com.xml
index 57e0582289d5..7b7834153bbf 100644
--- a/src/chrome/content/rules/CNN.com.xml
+++ b/src/chrome/content/rules/CNN.com.xml
@@ -1,61 +1,43 @@
 <!--
-	CNN.com related ruleset:
+	CNN.com related rulesets:
 		- CNN.net.xml
 		- CNN.io.xml
 
-	Non-functional hosts
-		Couldn't connect to server:
-			 - money.cnn.com
-			 - cgi.money.cnn.com
-			 - jobsearch.money.cnn.com
-			 - portfolio.money.cnn.com
-			 - www.money.cnn.com
-			 - searchapp.cnn.com
-			 - transcripts.cnn.com
-			 - tours.cnn.com
-			 - weather.cnn.com
 
-		SSL connect error:
-			 - commercial.cnn.com
-			 - rss.cnn.com
+	Connection closed:
+		 - rss.cnn.com
 
-		SSL peer certificate was not OK:
-			 - debates.cnn.com
-			 - finance.fortune.cnn.com
-			 - management.fortune.cnn.com
-			 - tech.fortune.cnn.com
-			 - lending.cnn.com
-			 - mexico.cnn.com
-			 - realestate.money.cnn.com
-			 - podcast.cnn.com
-			 - smartlink.cnn.com
+	Connection reset:
+		- smartlink.cnn.com
 
-		Incomplete certificate chain error:
-			 - collection.cnn.com
-			 - static.collection.cnn.com
+	Invalid certificate:
+		 - debates.cnn.com
+		 - finance.fortune.cnn.com
+		 - management.fortune.cnn.com
+		 - tech.fortune.cnn.com
+		 - lending.cnn.com
+		 - mexico.cnn.com, equivalent to cnnespanol.cnn.com
+		 - realestate.money.cnn.com, equivalent to cnnmoney.trulia.com
 
-		Secure connection redirects to plaintext:
-			 - cnnpressroom.blogs.cnn.com
-			 - thecnnfreedomproject.blogs.cnn.com
-			 - buzz.money.cnn.com
+	Redirects to HTTP:
+		 - cnnpressroom.blogs.cnn.com
+		 - thecnnfreedomproject.blogs.cnn.com
+		 - buzz.money.cnn.com
 
-		Mixed content blocking (MCB) tiggered:
-			 - go.cnn.com
-			 - markets.money.cnn.com
-			 	+ http://money.cnn.com/data/world_markets/americas/?iid=H_MKT_QL
-			 - www.preview.cnn.com
-
-		CORS Blocking:
-			 - edition.i.cdn.cnn.com on money.cnn.com
+	Timed out:
+		 - transcripts.cnn.com
+		 - cgi.money.cnn.com
 -->
+
 <ruleset name="CNN.com (partial)">
 	<target host="cnn.com" />
 	<target host="www.cnn.com" />
 	<target host="amp.cnn.com" />
 	<target host="arabic.cnn.com" />
-	<target host="cnnespanol.cnn.com" />
-	<target host="edition.cnn.com" />
-	<target host="www.edition.cnn.com" />
+	<target host="cdn.cnn.com" />
+		<test url="http://cdn.cnn.com/cnn/.e/img/3.0/weather/weatherIcon_01.png" />
+		<test url="http://cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_arabic.png" />
+		<test url="http://cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_nav_bottom.png" />
 	<target host="i.cdn.cnn.com" />
 		<test url="http://i.cdn.cnn.com/cnn/.e/img/3.0/weather/weatherIcon_01.png" />
 		<test url="http://i.cdn.cnn.com/cnn/.e1mo/img/4.0/logos/logo_cnn_arabic.png" />
@@ -64,8 +46,34 @@
 		<test url="http://i2.cdn.cnn.com/cnnnext/dam/assets/170313100039-04-climate-change-impact-small-11.jpg" />
 		<test url="http://i2.cdn.cnn.com/cnnnext/dam/assets/170409024444-uss-carl-vinson-large-tease.jpg" />
 		<test url="http://i2.cdn.cnn.com/cnnnext/dam/assets/170423103501-france-election-security-eiffel-overlay-tease.jpg" />
+	<target host="cnnespanol.cnn.com" />
+	<target host="collection.cnn.com" />
+	<target host="commercial.cnn.com" />
+	<target host="edition.cnn.com" />
+	<target host="www.edition.cnn.com" />
+	<target host="go.cnn.com" />
+	<target host="mexico.cnn.com" />
+	<target host="money.cnn.com" />
+	<target host="www.money.cnn.com" />
+	<target host="jobsearch.money.cnn.com" />
+	<target host="markets.money.cnn.com" />
+	<target host="portfolio.money.cnn.com" />
+	<target host="realestate.money.cnn.com" />
+	<target host="podcast.cnn.com" />
+	<target host="www.preview.cnn.com" />
+	<target host="searchapp.cnn.com" />
+	<target host="tours.cnn.com" />
 	<target host="travel.cnn.com" />
 	<target host="us.cnn.com" />
+	<target host="weather.cnn.com" />
+
+	<!-- Strip path and query -->
+	<rule from="^http://mexico\.cnn\.com/(.*)"
+		to="https://cnnespanol.cnn.com/?redirect=cnnmexico" />
+		<test url="http://mexico.cnn.com/this-gets-stripped" />
+
+	<rule from="^http://realestate\.money\.cnn\.com/"
+		to="https://cnnmoney.trulia.com/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CNNIC.net.cn.xml b/src/chrome/content/rules/CNNIC.net.cn.xml
new file mode 100644
index 000000000000..fed35d2f7565
--- /dev/null
+++ b/src/chrome/content/rules/CNNIC.net.cn.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		- whois.cnnic.net.cn, equivalent to whois.cnnic.cn
+
+	Timed out:
+		- ipwhois.cnnic.net.cn
+-->
+
+<ruleset name="CNNIC.net.cn">
+	<target host="cnnic.net.cn" />
+	<target host="www.cnnic.net.cn" />
+	<target host="whois.cnnic.net.cn" />
+
+	<!-- Plain redirect, strip path and query -->
+	<rule from="^http://whois\.cnnic\.net\.cn/.*"
+		to="https://whois.cnnic.cn/" />
+		<test url="http://whois.cnnic.net.cn/HelpServlet" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/COZmedics.com.au.xml b/src/chrome/content/rules/COZmedics.com.au.xml
index 3cc75e759ee3..682fcb05dd8f 100644
--- a/src/chrome/content/rules/COZmedics.com.au.xml
+++ b/src/chrome/content/rules/COZmedics.com.au.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cozmedics.com.au/ => https://cozmedics.com.au/: (7, 'Failed to connect to cozmedics.com.au port 443: Connection refused')
 Fetch error: http://www.cozmedics.com.au/ => https://www.cozmedics.com.au/: Cycle detected - URL already encountered: https://www.cozmedics.com.au/
 -->
-<ruleset name="COZmedics.com.au" default_off='failed ruleset test'>
+<ruleset name="COZmedics.com.au" default_off="failed ruleset test">
 
 	<target host="cozmedics.com.au" />
 	<target host="www.cozmedics.com.au" />
diff --git a/src/chrome/content/rules/CPAN.org.xml b/src/chrome/content/rules/CPAN.org.xml
new file mode 100644
index 000000000000..b15c180911d3
--- /dev/null
+++ b/src/chrome/content/rules/CPAN.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- bugs
+		- ftp
+		- mirror
+		- mirrors
+-->
+<ruleset name="CPAN.org">
+	<target host="cpan.org" />
+	<target host="www.cpan.org" />
+	<target host="backpan.cpan.org" />
+	<target host="kobesearch.cpan.org" />
+	<target host="lists.cpan.org" />
+	<target host="pause.cpan.org" />
+	<target host="perldoc.cpan.org" />
+	<target host="ratings.cpan.org" />
+	<target host="rt.cpan.org" />
+	<target host="search.cpan.org" />
+	<target host="testers.cpan.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CPM_Rocket.com.xml b/src/chrome/content/rules/CPM_Rocket.com.xml
index 31bb797a6b90..a84ed3b7a4c5 100644
--- a/src/chrome/content/rules/CPM_Rocket.com.xml
+++ b/src/chrome/content/rules/CPM_Rocket.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://adk2cdn.cpmrocket.com/ => https://d38cp5x90nxyo0.cloudfront.
 		- (www.)	(dropped)
 
 -->
-<ruleset name="CPM Rocket.com (partial)" default_off='failed ruleset test'>
+<ruleset name="CPM Rocket.com (partial)" default_off="failed ruleset test">
 
 	<target host="adk2cdn.cpmrocket.com" />
 
diff --git a/src/chrome/content/rules/CPSC.xml b/src/chrome/content/rules/CPSC.xml
deleted file mode 100644
index aa60f75c2d6c..000000000000
--- a/src/chrome/content/rules/CPSC.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cs	(shows www; mismatched, CN: www.cpsc.gov)
-
--->
-<ruleset name="CPSC.gov" platform="mixedcontent">
-
-	<target host="cpsc.gov" />
-	<target host="*.cpsc.gov" />
-
-
-	<securecookie host="^\.cpsc\.gov$" name="^ZNPCQ003-\d{8}$" />
-	<securecookie host="^www\.cpsc\.gov$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?cpsc\.gov/"
-		to="https://www.cpsc.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CPanel.com.xml b/src/chrome/content/rules/CPanel.com.xml
index 710efa6f3f26..c4323defd8bd 100644
--- a/src/chrome/content/rules/CPanel.com.xml
+++ b/src/chrome/content/rules/CPanel.com.xml
@@ -2,7 +2,7 @@
 	Nonfunctional hosts in *cpanel.com:
 
 		- conference15 *
-		
+
 	* Shows default page
 
 
diff --git a/src/chrome/content/rules/CPanel.guru.xml b/src/chrome/content/rules/CPanel.guru.xml
index f54c1810d957..9bd2525c766b 100644
--- a/src/chrome/content/rules/CPanel.guru.xml
+++ b/src/chrome/content/rules/CPanel.guru.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.cpanel.guru/ => https://www.cpanel.guru/: (60, 'SSL cert
 Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://cpanel.guru/ (200) => https://cpanel.guru/ (401)
 -->
-<ruleset name="cPanel.guru" default_off='failed ruleset test'>
+<ruleset name="cPanel.guru" default_off="failed ruleset test">
 
 	<target host="cpanel.guru" />
 	<target host="www.cpanel.guru" />
diff --git a/src/chrome/content/rules/CPanel.xml b/src/chrome/content/rules/CPanel.xml
index 9db45a2ea4c8..cee3ce1409fd 100644
--- a/src/chrome/content/rules/CPanel.xml
+++ b/src/chrome/content/rules/CPanel.xml
@@ -43,7 +43,7 @@ Fetch error: http://podcast.cpanel.net/ => https://podcast.cpanel.net/: (6, 'Cou
 	* Secured by us
 
 -->
-<ruleset name="cPanel.net (partial)" default_off='failed ruleset test'>
+<ruleset name="cPanel.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CPlusPlus.com.xml b/src/chrome/content/rules/CPlusPlus.com.xml
new file mode 100644
index 000000000000..155ae21e6d82
--- /dev/null
+++ b/src/chrome/content/rules/CPlusPlus.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CPlusPlus.com">
+	<target host="cplusplus.com" />
+	<target host="www.cplusplus.com" />
+	<target host="related.cplusplus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CQ_Roll_Call.xml b/src/chrome/content/rules/CQ_Roll_Call.xml
index a27fb5c59af7..2fc04f1495de 100644
--- a/src/chrome/content/rules/CQ_Roll_Call.xml
+++ b/src/chrome/content/rules/CQ_Roll_Call.xml
@@ -5,10 +5,10 @@
 
 	Expired hosts in *cqrollcall.com:
 
-		- ae 
+		- ae
 		- connectivity
 		- insightnews
-	
+
 	Mismatched hosts in *cqrollcall.com:
 
 		- info
diff --git a/src/chrome/content/rules/CREW.xml b/src/chrome/content/rules/CREW.xml
index 863f3f79fdc5..65879020972c 100644
--- a/src/chrome/content/rules/CREW.xml
+++ b/src/chrome/content/rules/CREW.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.secure.citizensforethics.org/ => https://www.secure.citi
 		- (www.)	(shows secure; mismatched, CN: secure.citizensforethics.org)
 
 -->
-<ruleset name="CREW (partial)" default_off='failed ruleset test'>
+<ruleset name="CREW (partial)" default_off="failed ruleset test">
 
 	<target host="secure.citizensforethics.org" />
 	<target host="www.secure.citizensforethics.org" />
@@ -19,4 +19,4 @@ Fetch error: http://www.secure.citizensforethics.org/ => https://www.secure.citi
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CRN.xml b/src/chrome/content/rules/CRN.xml
index d35b17cbae7f..9967504a1a2f 100644
--- a/src/chrome/content/rules/CRN.xml
+++ b/src/chrome/content/rules/CRN.xml
@@ -10,10 +10,12 @@ Fetch error: http://crn.verticalsearchworks.com/ => https://ad-secure.firstlight
 	For other UBM coverage, see UBM-mismatches.xml.
 
 -->
-<ruleset name="CRN" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CRN" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="crn.com" />
-	<target host="*.crn.com" />
+	<target host="i.crn.com" />
+	<target host="signin.crn.com" />
+	<target host="www.crn.com" />
 	<!--
 		Should be in a vert... ruleset
 						-->
@@ -28,10 +30,9 @@ Fetch error: http://crn.verticalsearchworks.com/ => https://ad-secure.firstlight
 	<securecookie host="^.*\.crn\.com$" name=".+" />
 
 
-	<rule from="^http://(i\.|signin\.|www\.)?crn\.com/"
-		to="https://$1crn.com/" />
 
 	<rule from="^http://crn\.verticalsearchworks\.com/"
 		to="https://ad-secure.firstlightera.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CS-Cart.xml b/src/chrome/content/rules/CS-Cart.xml
index f6757ad786c5..8ace56b79c06 100644
--- a/src/chrome/content/rules/CS-Cart.xml
+++ b/src/chrome/content/rules/CS-Cart.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CSBA_Academy.com.xml b/src/chrome/content/rules/CSBA_Academy.com.xml
index d260b0229954..803ef3a2e61d 100644
--- a/src/chrome/content/rules/CSBA_Academy.com.xml
+++ b/src/chrome/content/rules/CSBA_Academy.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.csbaacademy.com/ => http://www.csbaacademy.com/: (6, 'Co
 	* Unsecurable
 
 -->
-<ruleset name="CSBA Academy.com (partial)" default_off='failed ruleset test'>
+<ruleset name="CSBA Academy.com (partial)" default_off="failed ruleset test">
 
 	<target host="csbaacademy.com" />
 	<target host="www.csbaacademy.com" />
diff --git a/src/chrome/content/rules/CSC.com.xml b/src/chrome/content/rules/CSC.com.xml
new file mode 100644
index 000000000000..6f32d7e7e8e7
--- /dev/null
+++ b/src/chrome/content/rules/CSC.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="CSC.com">
+	<target host="csc.com" />
+	<target host="www.csc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CSC.xml b/src/chrome/content/rules/CSC.xml
deleted file mode 100644
index b8e8b0a8a300..000000000000
--- a/src/chrome/content/rules/CSC.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/assets[1-4].csc.com/
-		- s3.amazonaws.com/assetsdev[1-4].csc.com/
-
-		- d22z1n4koknpni.cloudfront.net
-
-			- assetsdev2
-
-		- d2vblp5odpf1nm.cloudfront.net
-
-			- assetsdev3
-
-		- dkoz0rlg89gph.cloudfront.net
-
-			- assetsdev4
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.csc.com)
-		- assetsdev1	(AmazonWS)
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="CSC (partial)">
-
-	<target host="csc.com" />
-	<target host="*.csc.com" />
-		<exclusion pattern="^http://(?:staging\.|www\.)?csc\.com/(?!favicon\.ico|images/|stylesheets/)" />
-
-
-	<rule from="^http://(?:www\.)?csc\.com/"
-		to="https://www.csc.com/" />
-
-	<rule from="^http://(assets[1-4]|qa|staging)\.csc\.com/"
-		to="https://$1.csc.com/" />
-
-	<rule from="^http://assetsdev1\.csc\.com/"
-		to="https://s3.amazonaws.com/assetsdev1.csc.com/" />
-
-	<rule from="^http://assetsdev2\.csc\.com/"
-		to="https://d22z1n4koknpni.cloudfront.net/" />
-
-	<rule from="^http://assetsdev3\.csc\.com/"
-		to="https://d2vblp5odpf1nm.cloudfront.net/" />
-
-	<rule from="^http://assetsdev4\.csc\.com/"
-		to="https://dkoz0rlg89gph.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CSCtrustedsecure.com.xml b/src/chrome/content/rules/CSCtrustedsecure.com.xml
deleted file mode 100644
index 8a17108f67df..000000000000
--- a/src/chrome/content/rules/CSCtrustedsecure.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Corporation Services Company coverage, see Corporation_Service_Company.xml.
-
--->
-<ruleset name="CSCtrustedsecure.com">
-
-	<target host="csctrustedsecure.com" />
-	<target host="www.csctrustedsecure.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CSDb.dk.xml b/src/chrome/content/rules/CSDb.dk.xml
index 6fe5f8471003..ab3614d083e8 100644
--- a/src/chrome/content/rules/CSDb.dk.xml
+++ b/src/chrome/content/rules/CSDb.dk.xml
@@ -12,7 +12,7 @@
 <ruleset name="CSDb.dk" default_off="expired, self-signed">
 
 	<target host="csdb.dk" />
-	<target host="*.csdb.dk" />
+	<target host="www.csdb.dk" />
 
 
 	<securecookie host="^\.?csdb\.dk$" name=".+" />
diff --git a/src/chrome/content/rules/CSGOItems.pro.xml b/src/chrome/content/rules/CSGOItems.pro.xml
deleted file mode 100644
index 2c1259e45bc1..000000000000
--- a/src/chrome/content/rules/CSGOItems.pro.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="CSGOItems.pro">
-	<target host="csgoitems.pro" />
-	<target host="www.csgoitems.pro" />
-	<target host="assets.csgoitems.pro" />
-	<target host="shop.csgoitems.pro" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CSGOStash.com.xml b/src/chrome/content/rules/CSGOStash.com.xml
deleted file mode 100644
index e6fb6e67fd25..000000000000
--- a/src/chrome/content/rules/CSGOStash.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="CSGOStash.com">
-	<target host="csgostash.com" />
-	<target host="www.csgostash.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CSIAC.org.xml b/src/chrome/content/rules/CSIAC.org.xml
index 53cf8da08518..427d78e504d4 100644
--- a/src/chrome/content/rules/CSIAC.org.xml
+++ b/src/chrome/content/rules/CSIAC.org.xml
@@ -15,7 +15,7 @@ Fetch error: http://store.csiac.org/ => https://store.csiac.org/: (51, "SSL: no
 		- .csiac.org
 
 -->
-<ruleset name="CSIAC.org" default_off='failed ruleset test'>
+<ruleset name="CSIAC.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CSIS.dk.xml b/src/chrome/content/rules/CSIS.dk.xml
deleted file mode 100644
index 2e6d6dd109e5..000000000000
--- a/src/chrome/content/rules/CSIS.dk.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="CSIS.dk">
-
-	<target host="csis.dk" />
-	<target host="tdg.csis.dk" />
-	<target host="www.csis.dk" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/CSIS.org.xml b/src/chrome/content/rules/CSIS.org.xml
index 56c01379c53d..e01bd31da838 100644
--- a/src/chrome/content/rules/CSIS.org.xml
+++ b/src/chrome/content/rules/CSIS.org.xml
@@ -8,7 +8,8 @@
 <ruleset name="CSIS.org">
 
 	<target host="csis.org" />
-	<target host="*.csis.org" />
+	<target host="my.csis.org" />
+	<target host="www.csis.org" />
 
 
 	<rule from="^http://(?:(my\.)|www\.)?csis\.org/"
diff --git a/src/chrome/content/rules/CSP_Forum.eu.xml b/src/chrome/content/rules/CSP_Forum.eu.xml
index 8778c360162f..39883cd6e567 100644
--- a/src/chrome/content/rules/CSP_Forum.eu.xml
+++ b/src/chrome/content/rules/CSP_Forum.eu.xml
@@ -6,10 +6,10 @@ Fetch error: http://cspforum.eu/ => https://www.cspforum.eu/: (60, 'SSL certific
 	^: plaintext reply
 
 -->
-<ruleset name="CSP Forum.eu" default_off='failed ruleset test'>
+<ruleset name="CSP Forum.eu" default_off="failed ruleset test">
 
 	<target host="cspforum.eu" />
-	<target host="*.cspforum.eu" />
+	<target host="www.cspforum.eu" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/CSS-Tricks.com.xml b/src/chrome/content/rules/CSS-Tricks.com.xml
deleted file mode 100644
index bc444e8f57bc..000000000000
--- a/src/chrome/content/rules/CSS-Tricks.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- css-tricks.com
-		- .css-tricks.com
-		- www.css-tricks.com
-
--->
-<ruleset name="CSS-Tricks.com">
-
-	<target host="css-tricks.com" />
-	<target host="cdn.css-tricks.com" />
-	<target host="www.css-tricks.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?css-tricks\.com$" name="^__utm[a-zA-Z]+$" /-->
-	<!--securecookie host="^\.css-tricks\.com$" name="(incap_ses_\d+|visid_incap)_\d+$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CSdata1.com.xml b/src/chrome/content/rules/CSdata1.com.xml
deleted file mode 100644
index 46def7930925..000000000000
--- a/src/chrome/content/rules/CSdata1.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Web bugs.
-
-	For other eBay coverage, see EBay.xml.
-
--->
-<ruleset name="CSdata1.com">
-
-	<target host="dsa.csdata1.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CT.gov.xml b/src/chrome/content/rules/CT.gov.xml
index 8731c469e20e..6fb57c32ddb6 100644
--- a/src/chrome/content/rules/CT.gov.xml
+++ b/src/chrome/content/rules/CT.gov.xml
@@ -56,7 +56,7 @@ Non-2xx HTTP code: http://www.ct.gov/ (200) => https://www.ct.egov.com/ (404)
 	ˢ Secured by us
 
 -->
-<ruleset name="CT.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="CT.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CTEP-EBP.com.xml b/src/chrome/content/rules/CTEP-EBP.com.xml
deleted file mode 100644
index 00d1c86fd18d..000000000000
--- a/src/chrome/content/rules/CTEP-EBP.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	www.ctep-ebp.com: Mismatched
-
-	
-	STS header includes includeSubdomains
-
--->
-<ruleset name="CTEP-EBP.com">
-
-	<target host="ctep-ebp.com" />
-	<target host="*.ctep-ebp.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://www\.ctep-ebp\.com/"
-		to="https://ctep-ebp.com/" />
-
-		<test url="http://www.ctep-ebp.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CTERA-Networks.xml b/src/chrome/content/rules/CTERA-Networks.xml
index 616b8fefd795..4d2d055c48cd 100644
--- a/src/chrome/content/rules/CTERA-Networks.xml
+++ b/src/chrome/content/rules/CTERA-Networks.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ctera.com/ => https://ctera.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ctera.com'")
 Fetch error: http://www.ctera.com/ => https://www.ctera.com/: Cycle detected - URL already encountered: https://www.ctera.com/
 -->
-<ruleset name="CTERA Networks" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CTERA Networks" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ctera.com"/>
 	<target host="www.ctera.com"/>
diff --git a/src/chrome/content/rules/CTFtime.com.xml b/src/chrome/content/rules/CTFtime.com.xml
index a699b6c7e8cd..6c747fa8ca76 100644
--- a/src/chrome/content/rules/CTFtime.com.xml
+++ b/src/chrome/content/rules/CTFtime.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.ctftime.org/ => https://www.ctftime.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ctftime.org'")
 
 -->
-<ruleset name="CTFtime.org" default_off='failed ruleset test'>
+<ruleset name="CTFtime.org" default_off="failed ruleset test">
 
 	<target host="ctftime.org" />
 	<target host="www.ctftime.org" />
diff --git a/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml b/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml
index d648607a4b7e..14fd5e5b3d78 100644
--- a/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml
+++ b/src/chrome/content/rules/CTS_Wholesale_Sunglasses.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CUFP.org.xml b/src/chrome/content/rules/CUFP.org.xml
index 4a4537845e26..8e2ad00ab401 100644
--- a/src/chrome/content/rules/CUFP.org.xml
+++ b/src/chrome/content/rules/CUFP.org.xml
@@ -5,7 +5,7 @@
 <ruleset name="CUFP.org" default_off="mismatched">
 
 	<target host="cufp.org" />
-	<target host="*.cufp.org" />
+	<target host="www.cufp.org" />
 
 
 	<securecookie host="^\.cufp\.org$" name=".+" />
diff --git a/src/chrome/content/rules/CUHK.xml b/src/chrome/content/rules/CUHK.xml
index de21bcb7a6ec..be04462cc49f 100644
--- a/src/chrome/content/rules/CUHK.xml
+++ b/src/chrome/content/rules/CUHK.xml
@@ -1,17 +1,11 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.ee.cuhk.edu.hk/ => https://www.ee.cuhk.edu.hk/: (7, 'Failed to connect to www.ee.cuhk.edu.hk port 443: No route to host')
-Fetch error: http://home.ie.cuhk.edu.hk/ => https://home.ie.cuhk.edu.hk/: (51, "SSL: no alternative certificate subject name matches target host name 'home.ie.cuhk.edu.hk'")
-Fetch error: http://iest2.ie.cuhk.edu.hk/ => https://iest2.ie.cuhk.edu.hk/: (51, "SSL: no alternative certificate subject name matches target host name 'iest2.ie.cuhk.edu.hk'")
-Fetch error: http://personal.ie.cuhk.edu.hk/ => https://personal.ie.cuhk.edu.hk/: (51, "SSL: no alternative certificate subject name matches target host name 'personal.ie.cuhk.edu.hk'")
-Fetch error: http://webmail.ie.cuhk.edu.hk/ => https://webmail.ie.cuhk.edu.hk/: (51, "SSL: no alternative certificate subject name matches target host name 'webmail.ie.cuhk.edu.hk'")
 
 	Problematic domains:
-	
+
 		- www.50.cuhk.edu.hk¹
-		- humanum.arts.cuhk.edu.hk¹
-		- www.arts.cuhk.edu.hk¹
+		- www.adm.cuhk.edu.hk¹
+		- nweb.adm.cuhk.edu.hk⁶
 		- alumni.baf.cuhk.edu.hk¹
 		- alumnidb.baf.cuhk.edu.hk¹
 		- embachinese.baf.cuhk.edu.hk¹
@@ -33,7 +27,9 @@ Fetch error: http://webmail.ie.cuhk.edu.hk/ => https://webmail.ie.cuhk.edu.hk/:
 		- www.crec.cuhk.edu.hk¹
 		- msc.cse.cuhk.edu.hk¹
 		- www.cse.cuhk.edu.hk¹
+		- cusis.cuhk.edu.hk¹
 		- www.cwchu.cuhk.edu.hk¹
+		- www.ee.cuhk.edu.hk¹
 		- calendar.ee.cuhk.edu.hk¹
 		- dept.ee.cuhk.edu.hk¹
 		- ivp.ee.cuhk.edu.hk¹
@@ -54,6 +50,7 @@ Fetch error: http://webmail.ie.cuhk.edu.hk/ => https://webmail.ie.cuhk.edu.hk/:
 		- course.ie.cuhk.edu.hk¹
 		- cscit.ie.cuhk.edu.hk⁴
 		- hii.ie.cuhk.edu.hk⁴
+		- iest2.ie.cuhk.edu.hk¹
 		- isc14.ie.cuhk.edu.hk⁴
 		- jianwei.ie.cuhk.edu.hk⁴
 		- mmlab.ie.cuhk.edu.hk⁴
@@ -62,21 +59,28 @@ Fetch error: http://webmail.ie.cuhk.edu.hk/ => https://webmail.ie.cuhk.edu.hk/:
 		- s25.ierg4210.ie.cuhk.edu.hk¹
 		- snsapi.ie.cuhk.edu.hk¹
 		- ssl.ie.cuhk.edu.hk⁴
+		- webmail.ie.cuhk.edu.hk¹
 		- wireless.ie.cuhk.edu.hk⁴
 		- www.igef.cuhk.edu.hk¹
+		- ilcnte.ilc.cuhk.edu.hk¹
 		- www.itcsc.cuhk.edu.hk¹
 		- itunes.cuhk.edu.hk¹
+		- cai.itsc.cuhk.edu.hk¹
 		- epss.itsc.cuhk.edu.hk¹
 		- helpdesk.itsc.cuhk.edu.hk¹
 		- hkhiso.itsc.cuhk.edu.hk¹
 		- servicedesk.itsc.cuhk.edu.hk¹
+		- webconf2.itsc.cuhk.edu.hk⁵
 		- wms.itsc.cuhk.edu.hk¹
 		- www.itsc.cuhk.edu.hk¹
 		- www.lasec.cuhk.edu.hk¹
 		- dspace.lib.cuhk.edu.hk¹
 		- easysearch.lib.cuhk.edu.hk³
+		- iii.lib.cuhk.edu.hk⁵
 		- libanswers.lib.cuhk.edu.hk¹
 		- libguides.lib.cuhk.edu.hk¹
+		- my.lib.cuhk.edu.hk⁵
+		- library.cuhk.edu.hk¹
 		- logitsco.cuhk.edu.hk¹
 		- www.logitsco.cuhk.edu.hk¹
 		- epymt.math.cuhk.edu.hk¹
@@ -85,17 +89,21 @@ Fetch error: http://webmail.ie.cuhk.edu.hk/ => https://webmail.ie.cuhk.edu.hk/:
 		- cns.mect.cuhk.edu.hk¹
 		- wellness.mect.cuhk.edu.hk¹
 		- www.mect.cuhk.edu.hk¹
+		- internet.mfpo.cuhk.edu.hk⁶
 		- www.morningside.cuhk.edu.hk¹
 		- www.na.cuhk.edu.hk¹
+		- www.oafa.cuhk.edu.hk (connection refused)
 		- www.oal.cuhk.edu.hk¹
-		- pdc.obg.cuhk.edu.hk¹
 		- www.obg.cuhk.edu.hk³
+		- department.obg.cuhk.edu.hk¹
+		- pdc.obg.cuhk.edu.hk¹
 		- cpdc.osa.cuhk.edu.hk¹
 		- sams.osa.cuhk.edu.hk¹
 		- www.osa.cuhk.edu.hk¹
 		- www.osp.cuhk.edu.hk¹
 		- ug.pharmacy.cuhk.edu.hk¹
 		- www.pharmacy.cuhk.edu.hk⁵
+		- portal.cuhk.edu.hk¹
 		- www.provost.cuhk.edu.hk¹
 		- biomedsci.sbs.cuhk.edu.hk¹
 		- www.scs.cuhk.edu.hk²
@@ -111,102 +119,87 @@ Fetch error: http://webmail.ie.cuhk.edu.hk/ => https://webmail.ie.cuhk.edu.hk/:
 		- www.uc.cuhk.edu.hk¹
 		- www.udean.cuhk.edu.hk¹
 		- www.urbanstudies.cuhk.edu.hk¹
+		- www.vco.cuhk.edu.hk¹
 		- www.ws.cuhk.edu.hk¹
 		- www.wys.cuhk.edu.hk¹
 		- www3.cuhk.edu.hk¹
 		- www4.cuhk.edu.hk¹
 		- www5.cuhk.edu.hk¹
-	
+		- www6.cuhk.edu.hk¹
+
 	¹: Invalid cert
 	²: Mixed content
 	³: Redirects to HTTP
 	⁴: Different content in HTTP and HTTPS
 	⁵: Timeout
-	
+	⁶: Travis problem - unable to get local issuer certificate
+
 -->
-<ruleset name="The Chinese University of Hong Kong" default_off='failed ruleset test'>
+<ruleset name="The Chinese University of Hong Kong">
 
 	<target host="www.cuhk.edu.hk" />
-	<target host="www6.cuhk.edu.hk" />
 
-	<target host="www.adm.cuhk.edu.hk" />
 	<target host="www.aic.cuhk.edu.hk" />
+	<target host="www.arts.cuhk.edu.hk" />
+	<target host="humanum.arts.cuhk.edu.hk" />
 	<target host="www.cintec.cuhk.edu.hk" />
 	<target host="www.cpr.cuhk.edu.hk" />
-	<target host="cusis.cuhk.edu.hk" />
 	<target host="veriguide1.cse.cuhk.edu.hk" />
 	<target host="veriguide4.cse.cuhk.edu.hk" />
 	<target host="elearn.cuhk.edu.hk" />
-	<target host="www.ee.cuhk.edu.hk" />
 	<target host="info5.erg.cuhk.edu.hk" />
 	<target host="star.erg.cuhk.edu.hk" />
 	<target host="www.erg.cuhk.edu.hk" />
 	<target host="www2.erg.cuhk.edu.hk" />
+	<target host="www.fed.cuhk.edu.hk" />
 	<target host="www.gradsch.cuhk.edu.hk" />
 	<target host="ewebmail.ie.cuhk.edu.hk" />
 	<target host="home.ie.cuhk.edu.hk" />
-	<target host="iest2.ie.cuhk.edu.hk" />
 	<target host="personal.ie.cuhk.edu.hk" />
 	<target host="staff.ie.cuhk.edu.hk" />
-	<target host="webmail.ie.cuhk.edu.hk" />
 	<target host="www.ie.cuhk.edu.hk" />
-	<target host="ilcnte.ilc.cuhk.edu.hk" />
 	<target host="www.ilc.cuhk.edu.hk" />
 	<target host="www.iso.cuhk.edu.hk" />
 	<target host="apps.itsc.cuhk.edu.hk" />
-	<target host="cai.itsc.cuhk.edu.hk" />
 	<target host="campusapps.itsc.cuhk.edu.hk" />
 	<target host="cloud.itsc.cuhk.edu.hk" />
 	<target host="cumassmail.itsc.cuhk.edu.hk" />
 	<target host="gradsrv.itsc.cuhk.edu.hk" />
 	<target host="oiss.itsc.cuhk.edu.hk" />
-	<target host="training.itsc.cuhk.edu.hk" />
 	<target host="webapp.itsc.cuhk.edu.hk" />
-	<target host="webconf2.itsc.cuhk.edu.hk" />
 	<target host="wifipartners.itsc.cuhk.edu.hk" />
 	<target host="alumni.law.cuhk.edu.hk" />
 	<target host="webapp1.law.cuhk.edu.hk" />
-	<target host="iii.lib.cuhk.edu.hk" />
 	<target host="illiad.lib.cuhk.edu.hk" />
-	<target host="my.lib.cuhk.edu.hk" />
 	<target host="rbs.lib.cuhk.edu.hk" />
-	<target host="library.cuhk.edu.hk" />
 	<target host="www.lihs.cuhk.edu.hk" />
 	<target host="hlma.math.cuhk.edu.hk" />
 	<target host="www.math.cuhk.edu.hk" />
 	<target host="pcp.med.cuhk.edu.hk" />
 	<target host="webapps.med.cuhk.edu.hk" />
 	<target host="cog.mect.cuhk.edu.hk" />
-	<target host="internet.mfpo.cuhk.edu.hk" />
-	<target host="www.oafa.cuhk.edu.hk" />
-	<target host="department.obg.cuhk.edu.hk" />
 	<target host="www.oia.cuhk.edu.hk" />
 	<target host="onepass.cuhk.edu.hk" />
 	<target host="www.orkts.cuhk.edu.hk" />
-	<target host="osantd.osa.cuhk.edu.hk" />
 	<target host="www2.osa.cuhk.edu.hk" />
-	<target host="adm.osp.cuhk.edu.hk" />
 	<target host="www.per.cuhk.edu.hk" />
 	<target host="www2.per.cuhk.edu.hk" />
-	<target host="portal.cuhk.edu.hk" />
 	<target host="eshop.rct.cuhk.edu.hk" />
 	<target host="rgsntl.rgs.cuhk.edu.hk" />
 	<target host="webmail.se.cuhk.edu.hk" />
-	<target host="www.sitc.cuhk.edu.hk" />
 	<target host="sts.cuhk.edu.hk" />
 	<target host="www.surgery.cuhk.edu.hk" />
 	<target host="timetable4.cuhk.edu.hk" />
-	<target host="www.vco.cuhk.edu.hk" />
 
 	<!-- to prevent redirect loop on main pages -->
 		<exclusion pattern="^http://www\.cuhk\.edu\.hk/(chinese|english)/(?!css/|fonts/|images|js/)" />
-		
+
 		<test url="http://www.cuhk.edu.hk/english/index.html" />
 		<test url="http://www.cuhk.edu.hk/chinese/teaching/senate-committee.html" />
 		<test url="http://www.cuhk.edu.hk/chinese/index.html" />
 		<test url="http://www.cuhk.edu.hk/english/research/excellence/information-technology.html" />
 		<test url="http://www.cuhk.edu.hk/chinese/university/press-release-events.html" />
 		<test url="http://www.cuhk.edu.hk/chinese/faculties/business-administration.html" />
-		
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CVIMellesGriot.com.xml b/src/chrome/content/rules/CVIMellesGriot.com.xml
index e0b3e1d9cf05..6ecc64ff553e 100644
--- a/src/chrome/content/rules/CVIMellesGriot.com.xml
+++ b/src/chrome/content/rules/CVIMellesGriot.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.cvimellesgriot.com/ => https://www.cvimellesgriot.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://cvimellesgriot.com/ => https://www.cvimellesgriot.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="CVI Melles Griot" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CVI Melles Griot" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.cvimellesgriot.com" />
   <target host="cvimellesgriot.com" />
 
diff --git a/src/chrome/content/rules/CWSPOD_Music.xml b/src/chrome/content/rules/CWSPOD_Music.xml
index 2238b4f65cc7..cb958ad2dac4 100644
--- a/src/chrome/content/rules/CWSPOD_Music.xml
+++ b/src/chrome/content/rules/CWSPOD_Music.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://www.cwspodmusic.com/ (200) => https://www.cwspodmusic.
 Disabled by https-everywhere-checker because:
 Fetch error: http://cwspodmusic.com/ => https://cwspodmusic.com/: Cycle detected - URL already encountered: http://cwspodmusic.com/
 -->
-<ruleset name="CWSPOD Music (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CWSPOD Music (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="cwspodmusic.com" />
 	<target host="www.cwspodmusic.com" />
@@ -18,4 +18,4 @@ Fetch error: http://cwspodmusic.com/ => https://cwspodmusic.com/: Cycle detected
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CXense.com.xml b/src/chrome/content/rules/CXense.com.xml
index 6cf4db7c8d96..e4a93b3b0f5b 100644
--- a/src/chrome/content/rules/CXense.com.xml
+++ b/src/chrome/content/rules/CXense.com.xml
@@ -2,7 +2,6 @@
 	Other Cxense rulesets:
 
 		- Emediate.dk.xml
-		- Emediate.eu.xml
 		- Emediate.se.xml
 
 
diff --git a/src/chrome/content/rules/Cabal_WS.xml b/src/chrome/content/rules/Cabal_WS.xml
index 2cb89bec45fc..b80511473dfa 100644
--- a/src/chrome/content/rules/Cabal_WS.xml
+++ b/src/chrome/content/rules/Cabal_WS.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?cabal\.ws/(addons|img|slider)/"
 		to="https://$1cabal.ws/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cabinet_Office.xml b/src/chrome/content/rules/Cabinet_Office.xml
index de703c9ca42c..14af1ee5f442 100644
--- a/src/chrome/content/rules/Cabinet_Office.xml
+++ b/src/chrome/content/rules/Cabinet_Office.xml
@@ -49,7 +49,7 @@ Fetch error: http://umbr3.cabinetoffice.gov.uk/ => https://umbr3.cabinetoffice.g
 		- umbr3.cabinetoffice.gov.uk
 
 -->
-<ruleset name="Cabinet Office.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Cabinet Office.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cable6.net.xml b/src/chrome/content/rules/Cable6.net.xml
index c43a2432f441..0b4ff59bb89d 100644
--- a/src/chrome/content/rules/Cable6.net.xml
+++ b/src/chrome/content/rules/Cable6.net.xml
@@ -12,7 +12,7 @@
 		- Bug from piwik.cable6.net
 
 -->
-<ruleset name="cable6.net" default_off="missing certificate chain">
+<ruleset name="cable6.net" default_off="cert-chain">
 
 	<target host="cable6.net" />
 	<target host="piwik.cable6.net" />
diff --git a/src/chrome/content/rules/CableForum.co.uk.xml b/src/chrome/content/rules/CableForum.co.uk.xml
deleted file mode 100644
index b7316aa3cac8..000000000000
--- a/src/chrome/content/rules/CableForum.co.uk.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional hosts in *.cableforum.co.uk:
-
-	h: http redirect
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
-
-        m: m.cableforum.co.uk
--->
-<ruleset name="Cable Forum">
-	<target host="cableforum.co.uk" />
-	<target host="www.cableforum.co.uk" />
-                <test url="http://www.cableforum.co.uk/board/" />
-                <test url="http://www.cableforum.co.uk/board/archive/index.php" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cables.com.xml b/src/chrome/content/rules/Cables.com.xml
index 575be739e78d..e6d9f20da75f 100644
--- a/src/chrome/content/rules/Cables.com.xml
+++ b/src/chrome/content/rules/Cables.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="Cables.com">
 
 	<target host="cables.com" />
-	<target host="*.cables.com" />
+	<target host="www.cables.com" />
 
 
 	<securecookie host="^(?:www)?\.cables\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Cablesurf.de.xml b/src/chrome/content/rules/Cablesurf.de.xml
deleted file mode 100644
index 77dc719ca9f2..000000000000
--- a/src/chrome/content/rules/Cablesurf.de.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-    Problematic subdomains:
-        - www2    -> no chain cert
--->
-<ruleset name="Cablesurf.de">
-    <target host="cablesurf.de" />
-    <target host="www.cablesurf.de" />
-    <!-- <target host="www2.cablesurf.de" /> -->
-    <target host="mail.cablesurf.de" />
-
-    <securecookie host="^(www\.|www2\.|mail\.)?cablesurf\.de$" name=".+" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CaceTech.xml b/src/chrome/content/rules/CaceTech.xml
deleted file mode 100644
index 14693724c7c3..000000000000
--- a/src/chrome/content/rules/CaceTech.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Riverbed coverage, see Riverbed.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .cacetech.com
-
--->
-<ruleset name="CaceTech.com">
-  <target host="www.cacetech.com" />
-  <target host="cacetech.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.cacetech\.com$" name="^(cookie_test|osCsid)$" /-->
-
-	<securecookie host="^\.cacetech\.com$" name=".+" />
-
-
-  <rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/CacheBrowser.info.xml b/src/chrome/content/rules/CacheBrowser.info.xml
deleted file mode 100644
index e02b2a371b20..000000000000
--- a/src/chrome/content/rules/CacheBrowser.info.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="CacheBrowser.info">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cachebrowser.info" />
-	<target host="www.cachebrowser.info" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cactus_Complete_Commerce.xml b/src/chrome/content/rules/Cactus_Complete_Commerce.xml
index 274d334d7e4a..91956692ad77 100644
--- a/src/chrome/content/rules/Cactus_Complete_Commerce.xml
+++ b/src/chrome/content/rules/Cactus_Complete_Commerce.xml
@@ -11,7 +11,7 @@ Fetch error: http://app.cactuscompletecommerce.com/ => https://app.cactuscomplet
 		- (www.)	(replies with http)
 
 -->
-<ruleset name="Cactus Complete Commerce (partial)" default_off='failed ruleset test'>
+<ruleset name="Cactus Complete Commerce (partial)" default_off="failed ruleset test">
 
 	<target host="app.cactuscompletecommerce.com" />
 
@@ -21,4 +21,4 @@ Fetch error: http://app.cactuscompletecommerce.com/ => https://app.cactuscomplet
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CadSoft.xml b/src/chrome/content/rules/CadSoft.xml
deleted file mode 100644
index 72846c435f65..000000000000
--- a/src/chrome/content/rules/CadSoft.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="CadSoft">
-
-	<target host="cadsoft.de" />
-	<target host="www.cadsoft.de" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.www.cadsoft.de" />
-
-
-	<securecookie host="^\.?www\.cadsoft\.de$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http://(?:www\.)?cadsoft\.de/"
-		to="https://www.cadsoft.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cadence.gq.xml b/src/chrome/content/rules/Cadence.gq.xml
new file mode 100644
index 000000000000..ba292b48e16f
--- /dev/null
+++ b/src/chrome/content/rules/Cadence.gq.xml
@@ -0,0 +1,17 @@
+<!--
+	Related ruleset:
+		Cadence.moe.xml
+
+	Mismatch:
+		www.cadence.gq
+-->
+<ruleset name="Cadence.gq">
+	<target host="cadence.gq" />
+	<target host="www.cadence.gq" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cadence\.gq/" to="https://cadence.gq/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cadence.moe.xml b/src/chrome/content/rules/Cadence.moe.xml
new file mode 100644
index 000000000000..e71e6ed1d501
--- /dev/null
+++ b/src/chrome/content/rules/Cadence.moe.xml
@@ -0,0 +1,17 @@
+<!--
+	Related ruleset:
+		Cadence.gq.xml
+
+	Mismatch:
+		www.cadence.moe
+-->
+<ruleset name="Cadence.moe">
+	<target host="cadence.moe" />
+	<target host="www.cadence.moe" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.cadence\.moe/" to="https://cadence.moe/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CafePharma.com.xml b/src/chrome/content/rules/CafePharma.com.xml
new file mode 100644
index 000000000000..c073f578a2a5
--- /dev/null
+++ b/src/chrome/content/rules/CafePharma.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- cafepharma.com
+-->
+<ruleset name="CafePharma.com">
+	<target host="cafepharma.com" />
+	<target host="www.cafepharma.com" />
+
+	<rule from="^http://cafepharma\.com/" to="https://www.cafepharma.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CafePlus.com.tr.xml b/src/chrome/content/rules/CafePlus.com.tr.xml
new file mode 100644
index 000000000000..d5e0507058a1
--- /dev/null
+++ b/src/chrome/content/rules/CafePlus.com.tr.xml
@@ -0,0 +1,9 @@
+<ruleset name="CafePlus.com.tr">
+	<target host="cafeplus.com.tr" />
+	<target host="www.cafeplus.com.tr" />
+	<target host="search.cafeplus.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CafePress.xml b/src/chrome/content/rules/CafePress.xml
deleted file mode 100644
index cba8b17015ea..000000000000
--- a/src/chrome/content/rules/CafePress.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://server.iad.liveperson.net/ => http://server.iad.liveperson.net/: (35, 'Unknown SSL protocol error in connection to solutions.liveperson.com:443 ')
-	!functional:
-		- blog.cafepress.com		(timeout)
-		- images7?.cafepress.com	(reset; redirects to i2.cpcache.com)
-		- i[12].cpcache.com		(503, akamai; !at i[12].cafepress.com, content.cafepress.com, www.cafepress.com)
--->
-<ruleset name="CafePress (partial)" default_off='failed ruleset test'>
-
-	<target host="cafepress.com"/>
-	<target host="*.cafepress.com"/>
-	<target host="cafepress.co.uk"/>
-	<target host="*.cafepress.co.uk"/>
-	<target host="*.cpcache.com"/>
-	<target host="server.iad.liveperson.net"/>
-
-	<rule from="^http://(?:www\.)?cafepress\.co(m|\.uk)/content/"
-		to="https://www.cafepress.co$1/content/"/>
-
-	<rule from="^http://(content|members)\.cafepress\.co(m|\.uk)/"
-		to="https://$1.cafepress.co$2/"/>
-
-	<rule from="^http://shop\.cafepress\.com/$"
-		to="https://shop.cafepress.com/"/>
-
-	<!--	cert !match help	-->
-	<rule from="^http://help\.cafepress\.com/hc/"
-		to="https://server.iad.liveperson.net/hc/"/>
-
-	<!--	Akamai bucket.  Finding it would ideal.	-->
-	<rule from="^http://content\d?\.cpcache\.com/"
-		to="https://content.cafepress.com/"/>
-
-	<!--	rewriting help to liveperson breaks links under "design your own"
-		in the footer.  Fix this by rewriting back.	-->
-	<rule from="^https://server\.iad\.liveperson\.net/make/"
-		to="https://www.cafepress.com/make/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cafegate.com.xml b/src/chrome/content/rules/Cafegate.com.xml
index d0eff2ad14d7..df5b22e5e30b 100644
--- a/src/chrome/content/rules/Cafegate.com.xml
+++ b/src/chrome/content/rules/Cafegate.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.cafegate.com/ => https://www.cafegate.com/: (60, 'SSL ce
 Disabled by https-everywhere-checker because:
 Fetch error: http://cafegate.com/ => https://cafegate.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="cafegate.com" default_off='failed ruleset test'>
+<ruleset name="cafegate.com" default_off="failed ruleset test">
 
 	<target host="cafegate.com" />
 	<target host="www.cafegate.com" />
@@ -18,4 +18,4 @@ Fetch error: http://cafegate.com/ => https://cafegate.com/: (60, 'SSL certificat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cafemakers.xml b/src/chrome/content/rules/Cafemakers.xml
index ebb06d7fdb05..ae4ed89828bf 100644
--- a/src/chrome/content/rules/Cafemakers.xml
+++ b/src/chrome/content/rules/Cafemakers.xml
@@ -5,7 +5,7 @@ Fetch error: http://cafemakers.com/ => https://cafemakers.com/: (35, 'Unknown SS
 Fetch error: http://www.cafemakers.com/ => https://www.cafemakers.com/: (35, 'Unknown SSL protocol error in connection to www.cafemakers.com:443 ')
 
 -->
-<ruleset name="Cafemakers" default_off='failed ruleset test'>
+<ruleset name="Cafemakers" default_off="failed ruleset test">
 
 	<target host="cafemakers.com" />
 	<target host="www.cafemakers.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.cafemakers.com/ => https://www.cafemakers.com/: (35, 'Un
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Caimao.com.xml b/src/chrome/content/rules/Caimao.com.xml
deleted file mode 100644
index c79291b8fa5c..000000000000
--- a/src/chrome/content/rules/Caimao.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="caimao.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="caimao.com" />
-	<target host="www.caimao.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CainTV.xml b/src/chrome/content/rules/CainTV.xml
index a8c28df84f12..420ca8d1752a 100644
--- a/src/chrome/content/rules/CainTV.xml
+++ b/src/chrome/content/rules/CainTV.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://static\d?\.caintvnetwork\.com/"
 		to="https://d19kb9pin9tdml.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cal.net.xml b/src/chrome/content/rules/Cal.net.xml
deleted file mode 100644
index 6219fcc419a1..000000000000
--- a/src/chrome/content/rules/Cal.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	www: cert only matches ^cal.net
-
--->
-<ruleset name="Cal.net">
-
-	<target host="cal.net" />
-	<target host="www.cal.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CalChamber.com.xml b/src/chrome/content/rules/CalChamber.com.xml
index be14a5fa7b1b..aea463025197 100644
--- a/src/chrome/content/rules/CalChamber.com.xml
+++ b/src/chrome/content/rules/CalChamber.com.xml
@@ -3,14 +3,14 @@
         email.calchamber.com
         links.email.calchamber.com
         www.store.calchamber.com
-  	
+
   	No working URL known:
   		images.calchamber.com
-  		
+
     Time out:
         chat.calchamber.com
-  
---> 
+
+-->
 
 <ruleset name="CalChamber.com">
 
diff --git a/src/chrome/content/rules/Calacademy.org.xml b/src/chrome/content/rules/Calacademy.org.xml
index 663d6512a57e..f41bb5e33004 100644
--- a/src/chrome/content/rules/Calacademy.org.xml
+++ b/src/chrome/content/rules/Calacademy.org.xml
@@ -48,7 +48,7 @@ Fetch error: http://sso.calacademy.org/ => https://sso.calacademy.org/: (35, 'Un
 	s: self-signed certificate
 	t: timeout on https
 -->
-<ruleset name="Calacademy.org" default_off='failed ruleset test'>
+<ruleset name="Calacademy.org" default_off="failed ruleset test">
 	<target host="apps.calacademy.org" />
 	<target host="archivesadmin.calacademy.org" />
 	<target host="jira.calacademy.org" />
diff --git a/src/chrome/content/rules/Calazan.com.xml b/src/chrome/content/rules/Calazan.com.xml
index 17a00c8fedaa..0c2585fb10da 100644
--- a/src/chrome/content/rules/Calazan.com.xml
+++ b/src/chrome/content/rules/Calazan.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://calazan.com/ => https://calazan.com/: (51, "SSL: no alternative certificate subject name matches target host name 'calazan.com'")
 
 -->
-<ruleset name="Calazan.com" default_off='failed ruleset test'>
+<ruleset name="Calazan.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Calderdale.gov.uk.xml b/src/chrome/content/rules/Calderdale.gov.uk.xml
index 2cd55aa7ab2c..4b6deaf2727f 100644
--- a/src/chrome/content/rules/Calderdale.gov.uk.xml
+++ b/src/chrome/content/rules/Calderdale.gov.uk.xml
@@ -38,7 +38,7 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- (www.)? from www.calderdale.gov.uk ˢ
 			- (www.)? from cdnjs.cloudflare.com ˢ
 
diff --git a/src/chrome/content/rules/Calend.ru.xml b/src/chrome/content/rules/Calend.ru.xml
new file mode 100644
index 000000000000..13c0efbc05d9
--- /dev/null
+++ b/src/chrome/content/rules/Calend.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	Calend.ru has a wildcard DNS record. Only domains that have valid certificates are included here.
+-->
+<ruleset name="Calend.ru">
+	<target host="calend.ru" />
+	<target host="www.calend.ru" />
+	<target host="amp.calend.ru" />
+	<target host="beta.calend.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CalendarWiz.xml b/src/chrome/content/rules/CalendarWiz.xml
index bfb49f0c154e..a863151c8331 100644
--- a/src/chrome/content/rules/CalendarWiz.xml
+++ b/src/chrome/content/rules/CalendarWiz.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Calendario.cc.xml b/src/chrome/content/rules/Calendario.cc.xml
deleted file mode 100644
index ffa86965fc4f..000000000000
--- a/src/chrome/content/rules/Calendario.cc.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Calendario.cc">
-
-	<target host="calendario.cc" />
-	<target host="www.calendario.cc" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Calendars.com.xml b/src/chrome/content/rules/Calendars.com.xml
index 25b5b73a0e89..28b9474c9bdc 100644
--- a/src/chrome/content/rules/Calendars.com.xml
+++ b/src/chrome/content/rules/Calendars.com.xml
@@ -7,12 +7,12 @@
 <ruleset name="Calendars.com">
  <target host="calendars.com" />
  <target host="www.calendars.com" />
- 
+
  <test url="http://www.calendars.com/Baby-Animals/cat00172/" />
     <test url="http://www.calendars.com/Bears/cat00173/" />
     <test url="http://www.calendars.com/Big-Cats/cat00174/" />
     <test url="http://www.calendars.com/Jigsaw-Puzzles/" />
- 
+
  <exclusion pattern="^http://(www\.)?calendars\.com/(?!(css/|img/|js/|user/|dbs/))" />
  <test url="http://calendars.com/dbs/" />
     <test url="http://www.calendars.com/dbs/" />
@@ -20,9 +20,9 @@
     <test url="http://www.calendars.com/dbs/Bears/cat00173/" />
     <test url="http://www.calendars.com/dbs/Big-Cats/cat00174/" />
     <test url="http://www.calendars.com/dbs/Jigsaw-Puzzles/" />
- 
- <exclusion pattern="^http://(www\.)?calendars\.com/dbs/(?!(css/|img/|js/|user/))" /> 
- 
+
+ <exclusion pattern="^http://(www\.)?calendars\.com/dbs/(?!(css/|img/|js/|user/))" />
+
  <test url="http://www.calendars.com/css/common.css" />
     <test url="http://www.calendars.com/img/common/calendarsLogo.gif" />
     <test url="http://www.calendars.com/user/login.jsp" />
@@ -33,5 +33,5 @@
  <test url="http://www.calendars.com/dbs/js/jquery.timer.js" />
  <rule from="^http://(www\.)?calendars\.com/(css/|img/|js/|user/|dbs)"
   to="https://$1calendars.com/$2" />
-  
+
 </ruleset>
diff --git a/src/chrome/content/rules/Calguns_Foundation.org.xml b/src/chrome/content/rules/Calguns_Foundation.org.xml
index 26ee7e4a81ea..2fcda55bc3ec 100644
--- a/src/chrome/content/rules/Calguns_Foundation.org.xml
+++ b/src/chrome/content/rules/Calguns_Foundation.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://calgunsfoundation.org/ => https://calgunsfoundation.org/: (6
 Fetch error: http://store.calgunsfoundation.org/ => https://store.calgunsfoundation.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Calguns Foundation.org" default_off='failed ruleset test'>
+<ruleset name="Calguns Foundation.org" default_off="failed ruleset test">
 
 	<target host="calgunsfoundation.org" />
 	<target host="store.calgunsfoundation.org" />
@@ -17,4 +17,4 @@ Fetch error: http://store.calgunsfoundation.org/ => https://store.calgunsfoundat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California-Department-of-Motor-Vehicles.xml b/src/chrome/content/rules/California-Department-of-Motor-Vehicles.xml
deleted file mode 100644
index c9f9c0da4f47..000000000000
--- a/src/chrome/content/rules/California-Department-of-Motor-Vehicles.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="California Department of Motor Vehicles">
-
-	<target host="dmv.ca.gov" />
-	<target host="www.dmv.ca.gov" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/California-Franchise-Tax-Board.xml b/src/chrome/content/rules/California-Franchise-Tax-Board.xml
index 5e8849a2bd97..e17144319e7a 100644
--- a/src/chrome/content/rules/California-Franchise-Tax-Board.xml
+++ b/src/chrome/content/rules/California-Franchise-Tax-Board.xml
@@ -6,10 +6,8 @@
 
 	<securecookie host="^(?:(?:stats|webapp|www)\.)?ftb\.ca\.gov$" name=".+" />
 
-	<test url="http://ftb.ca.gov/" />
-	<test url="http://www.ftb.ca.gov/" />
 	<test url="http://stats.ftb.ca.gov/dcsk16hof000004bfefbkcw6o_1f9b/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=10.4.1&amp;dcssip=www.ftb.ca.gov" />
 	<test url="http://webapp.ftb.ca.gov/MyFTBAccess/iUserName.aspx" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California-STD-HIV-Training.xml b/src/chrome/content/rules/California-STD-HIV-Training.xml
deleted file mode 100644
index eebf6e6b1bd1..000000000000
--- a/src/chrome/content/rules/California-STD-HIV-Training.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://stdhivtraining.org/ => https://www.stdhivtraining.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.stdhivtraining.org'")
-Fetch error: http://www.stdhivtraining.org/ => https://www.stdhivtraining.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.stdhivtraining.org'")
-
--->
-<ruleset name="California STD/HIV Prevention Training Center (partial)" default_off='failed ruleset test'>
-	<target host="stdhivtraining.org" />
-	<target host="www.stdhivtraining.org" />
-
-	<!-- Note that https://stdhivtraining.org/ appears to lead to
-	a different site from https://www.stdhivtraining.org/ as of
-	June 16, 2011! (At the same time, both http://stdhivtraining.org/
-	and http://www.stdhivtraining.org/ do appear to lead to the
-	same site.) -->
-	<rule from="^((http://(?:www\.)?)|https://)stdhivtraining\.org/" to="https://www.stdhivtraining.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/California-State-University.xml b/src/chrome/content/rules/California-State-University.xml
index 2d53c9247778..d9cae69d594b 100644
--- a/src/chrome/content/rules/California-State-University.xml
+++ b/src/chrome/content/rules/California-State-University.xml
@@ -1,12 +1,48 @@
-<ruleset name="California State University (partial)">
+<!--
+        Non-functional hosts
+                Couldn't connect to server:
+                - www.foundation.csulb.edu
+                - maestro.csulb.edu
+                - specialevents.csulb.edu
+
+                Timeout was reached:
+                - www.cla.csulb.edu
+                - folding.cnsm.csulb.edu
+                - housing.csulb.edu
+                - www.housing.csulb.edu
+                - reserves.library.csulb.edu
+                - pncportal.shs.csulb.edu
+                - activitylog.upd.csulb.edu
 
-	<target host="csulb.edu"/>
-	<target host="*.csulb.edu"/>
+                SSL peer certificate was not OK:
+                - beachmail.csulb.edu
+                - www.careers.csulb.edu
+                - chemistry.csulb.edu
+                - daily49er.csulb.edu
+                - passport.csulb.edu
 
-	<securecookie host="^(?:.*\.)?csulb\.edu$" name=".+" />
+                Peer certificate cannot be authenticated with given CA certificates:
+                - art.csulb.edu
+                - chaat.cla.csulb.edu
 
-	<!--	cert !valid for !www nor www2	-->
-	<rule from="^http://(?:www2?\.)?csulb\.edu/"
-		to="https://www.csulb.edu/"/>
+                Mixed content blocking (MCB) triggered:
+                - careers.csulb.edu
+                - web.csulb.edu
+-->
+<ruleset name="California State University (partial)">
+        <target host="csulb.edu" />
+        <target host="www.csulb.edu" />
+        <target host="beachid.csulb.edu" />
+        <target host="www.ccpe.csulb.edu" />
+        <target host="global.ccpe.csulb.edu" />
+        <target host="www.ced.csulb.edu" />
+        <target host="daf.csulb.edu" />
+        <target host="giveto.csulb.edu" />
+        <target host="apply.housing.csulb.edu" />
+        <target host="illiad.library.csulb.edu" />
+        <target host="mail.csulb.edu" />
+        <target host="parking.csulb.edu" />
+        <target host="voicemail.csulb.edu" />
 
+        <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/California_Department_of_Justice.xml b/src/chrome/content/rules/California_Department_of_Justice.xml
index 5dc44a05718f..60f23583efa4 100644
--- a/src/chrome/content/rules/California_Department_of_Justice.xml
+++ b/src/chrome/content/rules/California_Department_of_Justice.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California_Legislative_Information.xml b/src/chrome/content/rules/California_Legislative_Information.xml
index e24363761eff..09ec42093e5c 100644
--- a/src/chrome/content/rules/California_Legislative_Information.xml
+++ b/src/chrome/content/rules/California_Legislative_Information.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/California_Polytechnic_State_University.xml b/src/chrome/content/rules/California_Polytechnic_State_University.xml
index 2b9a4696ecb7..54616006acaa 100644
--- a/src/chrome/content/rules/California_Polytechnic_State_University.xml
+++ b/src/chrome/content/rules/California_Polytechnic_State_University.xml
@@ -120,7 +120,7 @@ Fetch error: http://xerxes.calpoly.edu/ => https://xerxes.calpoly.edu/: (6, 'Cou
 			- servicedesk from www.calpoly.edu
 
 -->
-<ruleset name="Cal Poly.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Cal Poly.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/California_Polytechnic_State_University_Ponoma.xml b/src/chrome/content/rules/California_Polytechnic_State_University_Ponoma.xml
deleted file mode 100644
index da6da63e2ffd..000000000000
--- a/src/chrome/content/rules/California_Polytechnic_State_University_Ponoma.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www.dsa	(cert only matches ^dsa)
-
-
-	Fully covered subdomains:
-
-		- autodiscover
-		- bbcollab
-		- blackboard
-		- broncodirect.cms
-		- (www.)dsa		(www → ^)
-		- exchange
-		- housing
-		- ehelp.wiki
-		- www
-
-
-	^csupomona.edu doesn't exist
-
--->
-<ruleset name="California Polytechnic State University, Ponoma (partial)">
-
-	<target host="*.csupomona.edu" />
-
-
-	<securecookie host="^(?:bbcollab|blackboard|broncodirect\.cms|dsa|housing|ehelp\.wiki)\.csupomona\.edu$" name=".+" />
-	<!--securecookie host="^\.cms\.csupomona\.edu$" name=".+" /-->
-
-
-	<rule from="^http://(autodiscover|bbcollab|blackboard|broncodirect\.cms|ehousing|exchange|ehelp\.wiki|www)\.csupomona\.edu/"
-		to="https://$1.csupomona.edu/" />
-
-	<rule from="^http://(?:www\.)?dsa\.csupomona\.edu/"
-		to="https://dsa.csupomona.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/California_United_Bank.xml b/src/chrome/content/rules/California_United_Bank.xml
index 25ff0c61ea75..63903a6a3793 100644
--- a/src/chrome/content/rules/California_United_Bank.xml
+++ b/src/chrome/content/rules/California_United_Bank.xml
@@ -8,26 +8,25 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://pcboc.com/ => https://pcboc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pcboc.com'")
 	Problematic domains:
 
-		- www.pcboc.com		(mismatched, CN: 
+		- www.pcboc.com		(mismatched, CN:
 
 -->
-<ruleset name="California United Bank" default_off='failed ruleset test'>
+<ruleset name="California United Bank" default_off="failed ruleset test">
 
 	<target host="californiaunitedbank.com" />
-	<target host="*.californiaunitedbank.com" />
+	<target host="www.californiaunitedbank.com" />
 	<target host="cunb.com" />
-	<target host="*.cunb.com" />
+	<target host="www.cunb.com" />
 	<target host="pcboc.com" />
-	<target host="*.pcboc.com" />
+	<target host="www.pcboc.com" />
 
 
 	<securecookie host="^(?:w*\.)?(?:californiaunitedbank|cunb|pcboc)\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?c(aliforniaunitedbank|unb)\.com/"
-		to="https://$1c$2.com/" />
 
 	<rule from="^http://(?:www\.)?pcboc\.com/"
 		to="https://pcboc.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Caltech.edu.xml b/src/chrome/content/rules/Caltech.edu.xml
new file mode 100644
index 000000000000..72c0b28b5c27
--- /dev/null
+++ b/src/chrome/content/rules/Caltech.edu.xml
@@ -0,0 +1,149 @@
+<!--
+	For problematic rules, see Caltech-mismatches.xml.
+
+
+	CDN buckets:
+
+		- s3.amazonaws.com/cit/
+		- s3.amazonaws.com/imss-test/
+		- s3.amazonaws.com/imss-test-storage.ads.caltech.edu/
+		- s3-us-west-1.amazonaws.com/imss-website-storage.cloud.caltech.edu/
+		- s3.amazonaws.com/www-prod-storage.cloud.caltech.edu/
+		- caltech-imss-website-v3-storage.s3.amazonaws.com
+
+
+	Nonfunctional subdomains:
+
+		- www.cacr *
+		- forms ⁷
+		- www.gg ¹
+		- web.gps ⁷
+		- (www.)herschel ¹
+
+		- (www.)ipac ²
+		- conference.ipac ²
+		- nedbatch.ipac ¹
+		- neocam.ipac		(rx_record_too_long)
+
+		- kiss
+		- www.ligo
+		- nexsci ²
+		- www.nustar		(CN: bragi, 403)
+		- sherpa ¹
+		- (www.)spitzer		(self-signed; shows RHEL test page)
+		- wise.ssl ⁶
+		- workshop ⁷
+
+	* Redirects to http/404
+	¹ Refused
+	² Plaintext reply
+	⁶ Shows ds9.ssl
+	⁷ Dropped
+
+
+	Problematic subdomains:
+
+		- www.access ᵐ
+		- blackboard ⁴
+		- cliara	(self-signed)
+		- course        (cert-chain)
+		- dabney	(ditto)
+		- (www.)galex ³
+		- courses.hss	(self-signed)
+		- irsecure ᵐ
+		- moodle        (cert-chain)
+		- ds9.ssl ³
+
+	⁴ 404, preemptable redirect
+	¹ Shows web; mismatched, CN: web.caltech.edu
+	³ Expired, self-signed
+	ᵐ Mismatched
+
+
+	These altnames don't exist:
+
+		- www.web.caltech.edu
+
+
+	Insecure cookies are set for these hosts: ᶜ
+
+		- mail.alumni.caltech.edu
+		- courses.caltech.edu
+		- m.gps.caltech.edu
+		- www.gps.caltech.edu
+		- koa.ipac.caltech.edu
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+
+	Mixed content:
+
+		- Images, on:
+
+			- odb.acs, www.cco, web from www.its.caltech.edu ˢ
+			- (www.)?imss from caltech-imss-website-v3-storage.s3.amazonaws.com ˢ
+			- www.its.caltech.edu from $self ˢ
+
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+
+-->
+<ruleset name="Caltech.edu (partial)">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="caltech.edu" />
+	<target host="access.caltech.edu" />
+	<target host="odb.acs.caltech.edu" />
+	<target host="admissions.caltech.edu" />
+	<target host="www.admissions.caltech.edu" />
+	<target host="mail.alumni.caltech.edu" />
+	<target host="benefits.caltech.edu" />
+	<target host="www.benefits.caltech.edu" />
+	<target host="www.cco.caltech.edu" />
+	<target host="gps.caltech.edu" />
+	<target host="www.gps.caltech.edu" />
+	<target host="help.caltech.edu" />
+	<target host="hr.caltech.edu" />
+	<target host="www.hr.caltech.edu" />
+	<target host="imss.caltech.edu" />
+	<target host="www.imss.caltech.edu" />
+
+	<target host="irsa.ipac.caltech.edu" />
+	<target host="koa.ipac.caltech.edu" />
+	<target host="ned.ipac.caltech.edu" />
+
+	<target host="www.its.caltech.edu" />
+	<target host="webmail.caltech.edu" />
+	<target host="www.caltech.edu" />
+
+	<!--	Complications:
+				-->
+	<target host="www.access.caltech.edu" />
+	<target host="blackboard.caltech.edu" />
+	<target host="irsecure.caltech.edu" />
+
+	<securecookie host=".\.caltech\.edu$" name=".+" />
+
+	<!--	Ditto.
+			-->
+	<rule from="^http://www\.access\.caltech\.edu/"
+		to="https://access.caltech.edu/" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://blackboard\.caltech\.edu/.*"
+		to="https://caltech-sp.blackboard.com/eaccounts" />
+
+		<test url="http://blackboard.caltech.edu/home.htm" />
+
+	<!--	Redirect drops all:
+					-->
+	<rule from="^http://irsecure\.caltech\.edu/.*"
+		to="https://securelb.imodules.com/s/1709/devassoc/index.aspx?sid=1709&amp;gid=3&amp;pgid=498" />
+
+		<test url="http://irsecure.caltech.edu/home.htm" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Caltech.xml b/src/chrome/content/rules/Caltech.xml
deleted file mode 100644
index b161369ca0de..000000000000
--- a/src/chrome/content/rules/Caltech.xml
+++ /dev/null
@@ -1,192 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://imss-website-storage.cloud.caltech.edu.s3-us-west-1.amazonaws.com/Training%20Guides/Cognos_GA_Query_Studio.pdf => https://imss-website-storage.cloud.caltech.edu.s3-us-west-1.amazonaws.com/Training%20Guides/Cognos_GA_Query_Studio.pdf: (51, "SSL: no alternative certificate subject name matches target host name 'imss-website-storage.cloud.caltech.edu.s3-us-west-1.amazonaws.com'")
-Fetch error: http://caltech-sp.caltech.edu/ => https://caltech-sp.caltech.edu/: (6, 'Could not resolve host: caltech-sp.caltech.edu')
-Fetch error: http://web.caltech.edu/ => https://web.caltech.edu/: (6, 'Could not resolve host: web.caltech.edu')
-
-	For problematic rules, see Caltech-mismatches.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/cit/
-		- s3.amazonaws.com/imss-test/
-		- s3.amazonaws.com/imss-test-storage.ads.caltech.edu/
-		- s3-us-west-1.amazonaws.com/imss-website-storage.cloud.caltech.edu/
-		- s3.amazonaws.com/www-prod-storage.cloud.caltech.edu/
-		- caltech-imss-website-v3-storage.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- www.cacr *
-		- forms ⁷
-		- www.gg ¹
-		- web.gps ⁷
-		- (www.)herschel ¹
-
-		- (www.)ipac ²
-		- conference.ipac ²
-		- nedbatch.ipac ¹
-		- neocam.ipac		(rx_record_too_long)
-
-		- kiss
-		- www.ligo
-		- nexsci ²
-		- www.nustar		(CN: bragi, 403)
-		- sherpa ¹
-		- (www.)spitzer		(self-signed; shows RHEL test page)
-		- wise.ssl ⁶
-		- workshop ⁷
-
-	* Redirects to http/404
-	¹ Refused
-	² Plaintext reply
-	⁶ Shows ds9.ssl
-	⁷ Dropped
-
-
-	Problematic subdomains:
-
-		- www.access ᵐ
-		- blackboard ⁴
-		- cliara	(self-signed)
-		- dabney	(ditto)
-		- (www.)galex ³
-		- courses.hss	(self-signed)
-		- irsecure ᵐ
-		- moodle ᵐ
-		- ds9.ssl ³
-
-	⁴ 404, preemptable redirect
-	¹ Shows web; mismatched, CN: web.caltech.edu
-	³ Expired, self-signed
-	ᵐ Mismatched
-
-
-	These altnames don't exist:
-
-		- www.web.caltech.edu
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- mail.alumni.caltech.edu
-		- courses.caltech.edu
-		- m.gps.caltech.edu
-		- www.gps.caltech.edu
-		- koa.ipac.caltech.edu
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- odb.acs, www.cco, web from www.its.caltech.edu ˢ
-			- (www.)?imss from caltech-imss-website-v3-storage.s3.amazonaws.com ˢ
-			- www.its.caltech.edu from $self ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Caltech.edu (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="caltech-imss-website-v3-storage.s3.amazonaws.com" />
-
-	<target host="caltech.edu" />
-	<target host="access.caltech.edu" />
-	<target host="odb.acs.caltech.edu" />
-	<target host="mail.alumni.caltech.edu" />
-	<target host="benefits.caltech.edu" />
-	<target host="www.benefits.caltech.edu" />
-	<target host="caltech-sp.caltech.edu" />
-	<target host="www.cco.caltech.edu" />
-	<target host="courses.caltech.edu" />
-	<target host="gps.caltech.edu" />
-	<target host="www.gps.caltech.edu" />
-	<target host="help.caltech.edu" />
-	<target host="hr.caltech.edu" />
-	<target host="www.hr.caltech.edu" />
-	<target host="imss.caltech.edu" />
-	<target host="www.imss.caltech.edu" />
-
-	<target host="irsa.ipac.caltech.edu" />
-	<target host="koa.ipac.caltech.edu" />
-	<target host="ned.ipac.caltech.edu" />
-
-	<target host="www.its.caltech.edu" />
-	<target host="web.caltech.edu" />
-	<target host="webmail.caltech.edu" />
-	<target host="www.caltech.edu" />
-
-	<!--target host="solutions.sciquest.com" /> safe? -->
-
-	<!--	Complications:
-				-->
-	<target host="imss-test-storage.ads.caltech.edu.s3.amazonaws.com" />
-	<target host="www-prod-storage.cloud.caltech.edu.s3.amazonaws.com" />
-
-	<target host="www.access.caltech.edu" />
-	<target host="blackboard.caltech.edu" />
-	<target host="imss-website-storage.cloud.caltech.edu" />
-	<target host="irsecure.caltech.edu" />
-	<target host="moodle.caltech.edu" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^mail\.alumni\.caltech\.edu$" name="^SQMSESSID$" /-->
-	<!--securecookie host="^caltech-sp\.caltech\.edu$" name="^Scaltech-sp\.blackboard\.comeaccounts/$" /-->
-	<!--securecookie host="^(?:m|www)\.gps\.caltech\.edu$" name="^AWSELB$" /-->
-	<!--securecookie host="^help\.caltech\.edu$" name="^(?:whd(?:auth|user)_helpdesk|woinst|wosid)$" /-->
-	<!--securecookie host="^(?:www\.)?(?:benefits|hr)\.caltech\.edu$" name="^_\w+_session$" /-->
-	<!--securecookie host="^koa\.ipac\.caltech\.edu$" name="^KOA80$" /-->
-	<!--securecookie host="^www\.caltech\.edu$" name="^AWSELB$" /-->
-
-	<securecookie host=".\.caltech\.edu$" name=".+" />
-
-
-	<!--	Handily, this bucket forces redirect from s3.amazonaws.com/foo to foo.s3.amazonaws.com.
-										-->
-	<rule from="^https?://imss-test-storage\.ads\.caltech\.edu\.s3\.amazonaws.com/"
-		to="https://s3-us-west-1.amazonaws.com/imss-test-storage.ads.caltech.edu/" />
-
-		<test url="http://imss-website-storage.cloud.caltech.edu.s3-us-west-1.amazonaws.com/Training%20Guides/Cognos_GA_Query_Studio.pdf" />
-
-	<!--	Ditto.
-			-->
-	<rule from="^https?://www-prod-storage\.cloud\.caltech\.edu\.s3\.amazonaws\.com/"
-		to="https://s3-us-west-1.amazonaws.com/www-prod-storage.cloud.caltech.edu/" />
-
-	<rule from="^http://www\.access\.caltech\.edu/"
-		to="https://access.caltech.edu/" />
-
-	<!--	Redirect drops all:
-					-->
-	<rule from="^http://blackboard\.caltech\.edu/.*"
-		to="https://caltech-sp.blackboard.com/eaccounts" />
-
-		<test url="http://blackboard.caltech.edu/home.htm" />
-
-	<rule from="^http://imss-website-storage\.cloud\.caltech\.edu/"
-		to="https://s3-us-west-1.amazonaws.com/imss-website-storage.cloud.caltech.edu/" />
-
-	<!--	Redirect drops all:
-					-->
-	<rule from="^http://irsecure\.caltech\.edu/.*"
-		to="https://securelb.imodules.com/s/1709/devassoc/index.aspx?sid=1709&amp;gid=3&amp;pgid=498" />
-
-		<test url="http://irsecure.caltech.edu/home.htm" />
-
-	<rule from="^http://moodle\.caltech\.edu/"
-		to="https://courses.caltech.edu/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Calvin_College.xml b/src/chrome/content/rules/Calvin_College.xml
index da67ee9ebd29..fdd09c10c424 100644
--- a/src/chrome/content/rules/Calvin_College.xml
+++ b/src/chrome/content/rules/Calvin_College.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cambridge-Journals.xml b/src/chrome/content/rules/Cambridge-Journals.xml
deleted file mode 100644
index 4ce0d627cdf6..000000000000
--- a/src/chrome/content/rules/Cambridge-Journals.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Cambridge-University-Press.xml.
-
--->
-<ruleset name="Cambridge Journals" platform="mixedcontent">
-
-	<target host="journals.cambridge.org"/>
-
-	<securecookie host="^journals\.cambridge\.org$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cambridge-University-Press.xml b/src/chrome/content/rules/Cambridge-University-Press.xml
index d767e08b2e25..637e28ef76d3 100644
--- a/src/chrome/content/rules/Cambridge-University-Press.xml
+++ b/src/chrome/content/rules/Cambridge-University-Press.xml
@@ -1,101 +1,33 @@
 <!--
 	Cambridge University Press
 
-	Other Cambridge University Press rulesets:
+	Non-functional hosts
+		Couldn't connect to server:
+		- mobile.journals.cambridge.org
 
-		- Cambridge-Journals.xml
+		Timeout was reached:
+		- cambridge.org
 
+		SSL peer certificate was not OK:
+		- athens.cambridge.org
 
-	Nonfunctional subdomains:
-
-		- athens ¹
-		- dictionary-api ²
-
-	¹ Reset
-	² Shows default Media Temple page
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- dictionaryblog ²
-		- ebooks ³
-		- education ⁴
-		- journals ³
-		- mobile.journals ⁵
-
-	¹ Cert only matches *.cambridge.org
-	² WordPress
-	³ Mixed css
-	⁴ Mismatched, CN: *.azurewebsites.net
-	⁵ Mismatched, CN: journals.cambridge.org
-
-
-	Partially covered subdomains:
-
-		- (www.)? ¹	(^ → www)
-		- ebooks ²
-		- journals ²
-
-	¹ Some pages redirect to http
-	² Avoiding broken MCB
-
-
-	Fully covered subdomains:
-
-		- assets
-		- dictionary
-		- shibboleth
-
-
-	dictionaryblog.cambridge.org is handled in WordPress-blogs.xml.
-
-
-	Mixed content:
-
-		- css on:
-
-			- ebooks, education, journals from www ¹
-			- ebooks from fonts.googleapis.com ¹
-
-		- Images, on:
-
-			- ebooks from $self ¹
-			- education from pbs.twimg.com ¹
-			- shibboleth from www ²
-
-	¹ Secured by us
-	² Unsecurable <= redirects to http
-
+		Redirect to HTTP:
+		- education.cambridge.org
 -->
-<ruleset name="Cambridge.org (partial)">
-
+<ruleset name="Cambridge University Press (partial)">
 	<target host="cambridge.org" />
-	<target host="*.cambridge.org" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://ebooks\.cambridge\.org/(?!.+\.(?:css|ico|jpg|png)(?:$|\?))" />
-		<exclusion pattern="^http://journals\.cambridge\.org/+(?!css/|favicon\.ico|images/)" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.cambridge\.org/($|assets/|favicon\.ico)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www\.cambridge\.org/(?!files/|generated_files/|other_files/|login($|[?/])|packages/)" /-->
-
-
-	<securecookie host="^(?:assets|dictionary)\.cambridge\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?cambridge\.org/(?=files/|(?:generated|other)_files/|login(?:$|[?/])|packages/)"
+	<target host="www.cambridge.org" />
+	<target host="assets.cambridge.org" />
+	<target host="dictionary.cambridge.org" />
+	<target host="dictionary-api.cambridge.org" />
+	<target host="dictionaryblog.cambridge.org" />
+	<target host="ebooks.cambridge.org" />
+	<target host="journals.cambridge.org" />
+	<target host="shibboleth.cambridge.org" />
+	<target host="stahlonline.cambridge.org" />
+
+	<rule from="^http://cambridge\.org/"
 		to="https://www.cambridge.org/" />
 
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://(assets|dictionary|ebooks|journals|shibboleth)\.cambridge\.org/"
-		to="https://$1.cambridge.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cambridgeincolour.com.xml b/src/chrome/content/rules/Cambridgeincolour.com.xml
new file mode 100644
index 000000000000..046ce63bc2f5
--- /dev/null
+++ b/src/chrome/content/rules/Cambridgeincolour.com.xml
@@ -0,0 +1,10 @@
+<!--
+	backup.cambridgeincolour.com (mismatch)
+-->
+<ruleset name="Cambridgeincolour.com">
+	<target host="cambridgeincolour.com" />
+	<target host="www.cambridgeincolour.com" />
+	<target host="cdn.cambridgeincolour.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Camden.gov.uk.xml b/src/chrome/content/rules/Camden.gov.uk.xml
index 73a866421f6a..1f9204be4c21 100644
--- a/src/chrome/content/rules/Camden.gov.uk.xml
+++ b/src/chrome/content/rules/Camden.gov.uk.xml
@@ -64,7 +64,7 @@
 			- www3 from $self ˢ
 
 		- Images, on:
-		
+
 			- news from ^camden.gov.uk ˢ
 			- www3 from $self ˢ
 
diff --git a/src/chrome/content/rules/CamelCamelCamel.com.xml b/src/chrome/content/rules/CamelCamelCamel.com.xml
new file mode 100644
index 000000000000..fa58d3a13151
--- /dev/null
+++ b/src/chrome/content/rules/CamelCamelCamel.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Expired:
+		- camel
+
+	Connection timed out
+		- s3.camel
+		- charts-dev
+		- charts-dev2
+		- secondary
+
+	Connection refused:
+		- squirt
+
+	Mismatched:
+		- asia-s3
+		- cf
+		- i
+		- s3
+		- terminus
+		- uk-s3
+-->
+<ruleset name="CamelCamelCamel.com">
+	<target host="camelcamelcamel.com" />
+	<target host="www.camelcamelcamel.com" />
+	<target host="au.camelcamelcamel.com" />
+	<target host="blog.camelcamelcamel.com" />
+	<target host="ca.camelcamelcamel.com" />
+	<target host="charts.camelcamelcamel.com" />
+	<target host="cn.camelcamelcamel.com" />
+	<target host="de.camelcamelcamel.com" />
+	<target host="es.camelcamelcamel.com" />
+	<target host="fr.camelcamelcamel.com" />
+	<target host="it.camelcamelcamel.com" />
+	<target host="jp.camelcamelcamel.com" />
+	<target host="secure.camelcamelcamel.com" />
+	<target host="uk.camelcamelcamel.com" />
+	<target host="us.camelcamelcamel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CamelHost.net.xml b/src/chrome/content/rules/CamelHost.net.xml
index eedbb462fd62..c655cd9b774d 100644
--- a/src/chrome/content/rules/CamelHost.net.xml
+++ b/src/chrome/content/rules/CamelHost.net.xml
@@ -8,11 +8,11 @@ Fetch error: http://billing.camelhost.net/ => https://billing.camelhost.net/: (5
 		- (www.)	(refused)
 
 -->
-<ruleset name="CamelHost.net (partial)" default_off='failed ruleset test'>
+<ruleset name="CamelHost.net (partial)" default_off="failed ruleset test">
 
 	<target host="billing.camelhost.net" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Camelcamelcamel.xml b/src/chrome/content/rules/Camelcamelcamel.xml
deleted file mode 100644
index 69bbba9b00eb..000000000000
--- a/src/chrome/content/rules/Camelcamelcamel.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://s3.camelcamelcamel.com/ (200) => https://s3.amazonaws.com/s3.camelcamelcamel.com/ (403)
-
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://s3.camelcamelcamel.com/ (200) => https://s3.amazonaws.com/s3.camelcamelcamel.com/ (403)
-	!functional:
-		- (www.)camelbuy.com		(timeout)
-		- (www.)camelcamelcamel.com	(ditto)
-		- blog.camelcamelcamel.com
-		- charts.camelcamelcamel.com	(timeout)
-		- (www.)camelcamper.com		(ditto)
-		- (www.)camelegg.com		(ditto)
-		- (www.)camelsounds.com		(ditto)
-		- (www.)cosmicshovel.com	(cert: gooroon.com; "MOD_PYTHON ERROR")
-		- forum.cosmicshovel.com	(cert: Pablo Picaso)
--->
-<ruleset name="camelcamelcamel (partial)" default_off='failed ruleset test'>
-
-	<target host="s3.antimac.org"/>
-	<target host="s3.camelcamelcamel.com"/>
-
-	<rule from="^http://s3\.(antimac\.org|camelcamelcamel\.com)/"
-		to="https://s3.amazonaws.com/s3.$1/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cameralabs.com.xml b/src/chrome/content/rules/Cameralabs.com.xml
new file mode 100644
index 000000000000..597c575edd38
--- /dev/null
+++ b/src/chrome/content/rules/Cameralabs.com.xml
@@ -0,0 +1,9 @@
+<!--
+	Mismatch: forum.cameralabs.com
+-->
+<ruleset name="Cameralabs.com">
+	<target host="cameralabs.com" />
+	<target host="www.cameralabs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Camp_Staff_USA.xml b/src/chrome/content/rules/Camp_Staff_USA.xml
index 58392ac2babf..e86851af9fea 100644
--- a/src/chrome/content/rules/Camp_Staff_USA.xml
+++ b/src/chrome/content/rules/Camp_Staff_USA.xml
@@ -7,9 +7,9 @@
 <ruleset name="Camp Staff USA">
 
 	<target host="campstaffusa.com" />
-	<target host="*.campstaffusa.com" />
+	<target host="www.campstaffusa.com" />
 	<target host="jorsika.com" />
-	<target host="*.jorsika.com" />
+	<target host="www.jorsika.com" />
 
 
 	<securecookie host="^\.campstaffusa\.com$" name=".+" />
@@ -19,7 +19,6 @@
 	<rule from="^http://(?:www\.)?campstaffusa\.com/"
 		to="https://campstaffusa.com/" />
 
-	<rule from="^http://(www\.)?jorsika\.com/"
-		to="https://$1jorsika.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Campaigner.xml b/src/chrome/content/rules/Campaigner.xml
index a6cfc41a74e1..2899ee446ba0 100644
--- a/src/chrome/content/rules/Campaigner.xml
+++ b/src/chrome/content/rules/Campaigner.xml
@@ -41,7 +41,9 @@
 <ruleset name="Campaigner (partial)">
 
 	<target host="campaigner.com" />
-	<target host="*.campaigner.com" />
+	<target host="www.campaigner.com" />
+	<target host="media.campaigner.com" />
+	<target host="secure.campaigner.com" />
 
 
 	<securecookie host=".*\.campaigner\.com$" name=".+" />
@@ -50,7 +52,6 @@
 	<rule from="^http://(?:www\.)?campaigner\.com/"
 		to="https://www.campaigner.com/" />
 
-	<rule from="^http://(media|secure)\.campaigner\.com/"
-		to="https://$1.campaigner.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CampaignerCRM.com.xml b/src/chrome/content/rules/CampaignerCRM.com.xml
index 920542eaf2d8..24b78e0b5d0a 100644
--- a/src/chrome/content/rules/CampaignerCRM.com.xml
+++ b/src/chrome/content/rules/CampaignerCRM.com.xml
@@ -31,10 +31,12 @@ Fetch error: http://campaignercrm.com/ => https://www.campaignercrm.com/: (60, '
 	² Unsecurable
 
 -->
-<ruleset name="CampaignerCRM.com" default_off='failed ruleset test'>
+<ruleset name="CampaignerCRM.com" default_off="failed ruleset test">
 
 	<target host="campaignercrm.com" />
-	<target host="*.campaignercrm.com" />
+	<target host="www.campaignercrm.com" />
+	<target host="go.campaignercrm.com" />
+	<target host="home.campaignercrm.com" />
 
 
 	<securecookie host="^\.campaignercrm\.com$" name=".+" />
@@ -43,7 +45,6 @@ Fetch error: http://campaignercrm.com/ => https://www.campaignercrm.com/: (60, '
 	<rule from="^http://(?:www\.)?campaignercrm\.com/"
 		to="https://www.campaignercrm.com/" />
 
-	<rule from="^http://(go|home)\.campaignercrm\.com/"
-		to="https://$1.campaignercrm.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Campina.xml b/src/chrome/content/rules/Campina.xml
index 463ac51526e6..f1f229669bdd 100644
--- a/src/chrome/content/rules/Campina.xml
+++ b/src/chrome/content/rules/Campina.xml
@@ -33,7 +33,7 @@ Fetch error: http://www.mycampina.com/ => https://www.mycampina.com/: (51, "SSL:
 	* Handshake fails
 
 -->
-<ruleset name="Campina (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Campina (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="campinaopschool.nl"/>
 	<target host="www.campinaopschool.nl"/>
diff --git a/src/chrome/content/rules/Campus_Pack.xml b/src/chrome/content/rules/Campus_Pack.xml
index 207b23f70297..05b1d545cd96 100644
--- a/src/chrome/content/rules/Campus_Pack.xml
+++ b/src/chrome/content/rules/Campus_Pack.xml
@@ -16,7 +16,7 @@ Fetch error: http://campuspack.eu/ => https://campuspack.eu/: (51, "SSL: no alte
 		- .+.campuspack.net		(at least some pages redirect to http)
 
 -->
-<ruleset name="Campus Pack (partial)" default_off='failed ruleset test'>
+<ruleset name="Campus Pack (partial)" default_off="failed ruleset test">
 
 	<target host="campuspack.eu" />
 	<target host="*.campuspack.eu" />
@@ -37,4 +37,4 @@ Fetch error: http://campuspack.eu/ => https://campuspack.eu/: (51, "SSL: no alte
 	<rule from="^http://([\w\-]+)\.campuspack\.net/(Domain/|static)/"
 		to="https://$1.campuspack.net/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CanLII.xml b/src/chrome/content/rules/CanLII.xml
index 80129a4d5ae1..0b59f6f049d3 100644
--- a/src/chrome/content/rules/CanLII.xml
+++ b/src/chrome/content/rules/CanLII.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CanSecWest.xml b/src/chrome/content/rules/CanSecWest.xml
index ad4d7ac9ea84..13c4f4745860 100644
--- a/src/chrome/content/rules/CanSecWest.xml
+++ b/src/chrome/content/rules/CanSecWest.xml
@@ -1,7 +1,7 @@
 <ruleset name="CanSecWest">
 
 	<target host="cansecwest.com" />
-	<target host="*.cansecwest.com" />
+	<target host="www.cansecwest.com" />
 
 
 	<securecookie host="^\.cansecwest\.com$" name=".+" />
diff --git a/src/chrome/content/rules/CanadaHelps.xml b/src/chrome/content/rules/CanadaHelps.xml
index 1313ae93c809..adf512df658d 100644
--- a/src/chrome/content/rules/CanadaHelps.xml
+++ b/src/chrome/content/rules/CanadaHelps.xml
@@ -32,4 +32,4 @@ Fetch error: http://www.canadahelps.org/ => https://www.canadahelps.org/: Cycle
 	<rule from="^http://(?:www\.)?canadahelps\.org/"
 		to="https://www.canadahelps.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian-Lung-Assoc.xml b/src/chrome/content/rules/Canadian-Lung-Assoc.xml
index 73c633d32046..e010ec8c5662 100644
--- a/src/chrome/content/rules/Canadian-Lung-Assoc.xml
+++ b/src/chrome/content/rules/Canadian-Lung-Assoc.xml
@@ -3,4 +3,4 @@
 	<target host="www.lung.ca" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian-Web-Hosting.xml b/src/chrome/content/rules/Canadian-Web-Hosting.xml
index 480b26594d25..098171697ca0 100644
--- a/src/chrome/content/rules/Canadian-Web-Hosting.xml
+++ b/src/chrome/content/rules/Canadian-Web-Hosting.xml
@@ -26,7 +26,7 @@
 	<!--securecookie host="^(www\.)?canadianwebhosting\.com$" name="^(ASP\.NET_SessionId|Referer)$" /-->
 
 
-	<securecookie host="^(?:.*\.)?canadianwebhosting\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Canadian_Broadcasting_Corporation-mixedcontent.xml b/src/chrome/content/rules/Canadian_Broadcasting_Corporation-mixedcontent.xml
deleted file mode 100644
index 3117deb0a3f8..000000000000
--- a/src/chrome/content/rules/Canadian_Broadcasting_Corporation-mixedcontent.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://music.cbc.ca/ => https://music.cbc.ca/: (7, 'Failed to connect to music.cbc.ca port 443: Connection refused')
-
-	See Canadian_Broadcasting_Corporation.xml for rules without mixed content.
-
--->
-<ruleset name="Canadian Broadcasting Corporation (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="music.cbc.ca" />
-		<!--
-			Exclude paths covered in the main ruleset:
-									-->
-		<exclusion pattern="^http://music\.cbc\.ca/(?:config/|images/|(?:.+/)?(?:j|service)s/|lib/|modules/|(?:Web|Script)Resource\.axd/|stats/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Canadian_Broadcasting_Corporation.xml b/src/chrome/content/rules/Canadian_Broadcasting_Corporation.xml
deleted file mode 100644
index 1f89817569df..000000000000
--- a/src/chrome/content/rules/Canadian_Broadcasting_Corporation.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	See Canadian_Broadcasting_Corporation-mixedcontent.xml for rules with mixed content.
-
-
-	CDN buckets:
-
-		- podcast.cbc.ca.edgesuite.net
-
-		- www.cbc.ca.edgesuite.net
-
-			- static.music.cbc.ca
-
-
-	Problematic subdomains:
-
-		-		(works, redirects to https://www)
-		- static.music *
-		- podcast *
-		- www *
-
-	* Works, akamai
-
-
-	Mixed css & js on music from static.music & www => separate mixedcontent ruleset.
-
--->
-<ruleset name="Canadian Broadcasting Corporation (partial)">
-
-	<target host="music.cbc.ca" />
-	<target host="sso.cbc.ca" />
-		<!--
-			We only want to secure non-page data here:
-									-->
-		<exclusion pattern="^http://music\.cbc\.ca/(?!config/|images/|(?:.+/)?(?:j|service)s/|lib/|modules/|(?:Web|Script)Resource\.axd/|stats/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml b/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml
index e3ac2b0c0350..9dd977225e8c 100644
--- a/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml
+++ b/src/chrome/content/rules/Canadian_Institute_of_Chartered_Accountants.xml
@@ -10,7 +10,7 @@ Fetch error: http://secure.cica.ca/ => https://secure.cica.ca/: (60, 'SSL certif
 		- (www.)	(redirects to secure; mismatched, CN: secure.cica.ca)
 
 -->
-<ruleset name="Canadian Institute of Chartered Accountants (partial)" default_off='failed ruleset test'>
+<ruleset name="Canadian Institute of Chartered Accountants (partial)" default_off="failed ruleset test">
 
 	<target host="secure.cica.ca" />
 
@@ -20,4 +20,4 @@ Fetch error: http://secure.cica.ca/ => https://secure.cica.ca/: (60, 'SSL certif
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian_Light_Source.xml b/src/chrome/content/rules/Canadian_Light_Source.xml
index fb85fe56c2c0..650dff77035f 100644
--- a/src/chrome/content/rules/Canadian_Light_Source.xml
+++ b/src/chrome/content/rules/Canadian_Light_Source.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Canadian_Security_Intelligence_Service.xml b/src/chrome/content/rules/Canadian_Security_Intelligence_Service.xml
deleted file mode 100644
index 2b8cffea0bbd..000000000000
--- a/src/chrome/content/rules/Canadian_Security_Intelligence_Service.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<ruleset name="Canadian Security Intelligence Service">
-    <target host="csis.gc.ca" />
-    <target host="*.csis.gc.ca" />
-    <target host="scrs.gc.ca" />
-    <target host="*.scrs.gc.ca" />
-    <target host="csis-scrs.gc.ca" />
-    <target host="*.csis-scrs.gc.ca" />
-
-    <rule from="^http://csis\.gc\.ca/"
-        to="https://www.csis.gc.ca/" />
-    <rule from="^http://([^/:@]+)?\.csis\.gc\.ca/"
-        to="https://$1.csis.gc.ca/" />
-
-    <!--
-         2013-10-13: As of the time of writing, this domain has an invalid SSL
-         cert, send users to the English domain-name (has exact same content).
-    -->
-    <rule from="^http://scrs\.gc\.ca/"
-        to="https://www.csis.gc.ca/" />
-    <rule from="^http://([^/:@]+)?\.scrs\.gc\.ca/"
-        to="https://$1.csis.gc.ca/" />
-
-    <!-- Same as above -->
-    <rule from="^http://csis-scrs\.gc\.ca/"
-        to="https://www.csis.gc.ca/" />
-    <rule from="^http://([^/:@]+)?\.csis-scrs\.gc\.ca/"
-        to="https://$1.csis.gc.ca/" />
-</ruleset>
diff --git a/src/chrome/content/rules/CanalDigital.xml b/src/chrome/content/rules/CanalDigital.xml
index a09e6b8b2e6c..7fa0d78c8b8f 100644
--- a/src/chrome/content/rules/CanalDigital.xml
+++ b/src/chrome/content/rules/CanalDigital.xml
@@ -11,7 +11,7 @@ Fetch error: http://foreninger.canaldigital.dk/ => https://foreninger.canaldigit
 Fetch error: http://iptv.canaldigital.dk/ => https://iptv.canaldigital.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://kabel.canaldigital.se/ => https://kabel.canaldigital.se/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="CanalDigital" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CanalDigital" platform="mixedcontent" default_off="failed ruleset test">
 	<!--
 	- some mixed content from ads
 	-->
diff --git a/src/chrome/content/rules/Canary_Watch.org.xml b/src/chrome/content/rules/Canary_Watch.org.xml
index 7789f51c6c94..562d2e4eabcb 100644
--- a/src/chrome/content/rules/Canary_Watch.org.xml
+++ b/src/chrome/content/rules/Canary_Watch.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://canarywatch.org/ => https://canarywatch.org/: (7, 'Failed to
 Fetch error: http://www.canarywatch.org/ => https://www.canarywatch.org/: (7, 'Failed to connect to www.canarywatch.org port 443: No route to host')
 
 -->
-<ruleset name="Canary Watch.org" default_off='failed ruleset test'>
+<ruleset name="Canary Watch.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Canli_Alem.xml b/src/chrome/content/rules/Canli_Alem.xml
index be26b9f11a17..07b492287ff6 100644
--- a/src/chrome/content/rules/Canli_Alem.xml
+++ b/src/chrome/content/rules/Canli_Alem.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CannabisLegality.com.xml b/src/chrome/content/rules/CannabisLegality.com.xml
new file mode 100644
index 000000000000..7f75ebd820e3
--- /dev/null
+++ b/src/chrome/content/rules/CannabisLegality.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="CannabisLegality.com">
+	<target host="cannabislegality.com" />
+	<target host="www.cannabislegality.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Canon.xml b/src/chrome/content/rules/Canon.xml
index de9731dc2bf3..7cf9bd9a03a3 100644
--- a/src/chrome/content/rules/Canon.xml
+++ b/src/chrome/content/rules/Canon.xml
@@ -33,7 +33,7 @@ Fetch error: http://newsletter.canon-europe.com/ => https://newsletter.canon-eur
 	ˢ Secured by us
 
 -->
-<ruleset name="Canon (partial)" default_off='failed ruleset test'>
+<ruleset name="Canon (partial)" default_off="failed ruleset test">
 
 	<!-- Domains checked on September 11th 2014 -->
 
diff --git a/src/chrome/content/rules/Canonical.xml b/src/chrome/content/rules/Canonical.xml
index 7e4a1394f886..734d1d3eaa49 100644
--- a/src/chrome/content/rules/Canonical.xml
+++ b/src/chrome/content/rules/Canonical.xml
@@ -17,7 +17,7 @@
 <ruleset name="Canonical.com" >
 	<target host="canonical.com" />
 	<target host="www.canonical.com" />
-	<target host="blog.bazaar.canonical.com" />
+	<target host="bazaar.canonical.com" />
 	<target host="certification.canonical.com" />
 	<target host="design.canonical.com" />
 	<target host="forms.canonical.com" />
@@ -25,7 +25,6 @@
 	<target host="landscape.canonical.com" />
 	<target host="partners.canonical.com" />
 	<target host="people.canonical.com" />
-	<target host="shop.canonical.com" />
 	<target host="support.canonical.com" />
 
 	<securecookie host=".+" name=".+" />
diff --git a/src/chrome/content/rules/Canonwatch.com.xml b/src/chrome/content/rules/Canonwatch.com.xml
new file mode 100644
index 000000000000..a37b52e397bc
--- /dev/null
+++ b/src/chrome/content/rules/Canonwatch.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Canonwatch.com">
+	<target host="canonwatch.com" />
+	<target host="www.canonwatch.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CanvasHolidays.co.uk.xml b/src/chrome/content/rules/CanvasHolidays.co.uk.xml
index 796398bd17ed..b193314cb192 100644
--- a/src/chrome/content/rules/CanvasHolidays.co.uk.xml
+++ b/src/chrome/content/rules/CanvasHolidays.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
diff --git a/src/chrome/content/rules/Canvas_n_decor.com.xml b/src/chrome/content/rules/Canvas_n_decor.com.xml
index 2117c176eb4f..39f84716eb30 100644
--- a/src/chrome/content/rules/Canvas_n_decor.com.xml
+++ b/src/chrome/content/rules/Canvas_n_decor.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Capetown.gov.za.xml b/src/chrome/content/rules/Capetown.gov.za.xml
new file mode 100644
index 000000000000..b79cd1cbb2f2
--- /dev/null
+++ b/src/chrome/content/rules/Capetown.gov.za.xml
@@ -0,0 +1,85 @@
+<ruleset name="Capetown.gov.za">
+	<target host="www.capetown.gov.za" />
+
+	<target host="capetown2040.capetown.gov.za" />
+	<target host="capetownstadium.capetown.gov.za" />
+	<target host="capetownstadiumedc.capetown.gov.za" />
+	<target host="careers.capetown.gov.za" />
+	<target host="careersedc.capetown.gov.za" />
+	<target host="cdcextweb01.capetown.gov.za" />
+	<target host="citydocsexternal.capetown.gov.za" />
+	<target host="citydocsexternaledc.capetown.gov.za" />
+	<target host="citymaps.capetown.gov.za" />
+	<target host="cityteams.capetown.gov.za" />
+	<target host="citytelecomstoc.capetown.gov.za" />
+	<target host="collaborate.capetown.gov.za" />
+	<target host="ctcs.capetown.gov.za" />
+	<target host="ctcscdc.capetown.gov.za" />
+	<target host="ctcsqa.capetown.gov.za" />
+	<target host="edcextweb01.capetown.gov.za" />
+	<target host="egev.capetown.gov.za" />
+	<target host="emap.capetown.gov.za" />
+	<target host="emap1.capetown.gov.za" />
+	<target host="emapqa.capetown.gov.za" />
+	<target host="eservices.capetown.gov.za" />
+	<target host="eservices1.capetown.gov.za" />
+	<target host="eservices1edc.capetown.gov.za" />
+	<target host="eservicesedc.capetown.gov.za" />
+	<target host="fines.capetown.gov.za" />
+	<target host="ftptst.capetown.gov.za" />
+	<target host="integrationhub.capetown.gov.za" />
+	<target host="integrationhubedc.capetown.gov.za" />
+	<target host="lyncdiscover.capetown.gov.za" />
+	<target host="lyncweb01.capetown.gov.za" />
+	<target host="map1.capetown.gov.za" />
+	<target host="mapsearch.capetown.gov.za" />
+	<target host="mapsedc.capetown.gov.za" />
+	<target host="mdm.capetown.gov.za" />
+	<target host="mobimail.capetown.gov.za" />
+	<target host="mportaledc.capetown.gov.za" />
+	<target host="pki.capetown.gov.za" />
+	<target host="planning.capetown.gov.za" />
+	<target host="prehmis-qa.capetown.gov.za" />
+	<target host="qacareers.capetown.gov.za" />
+	<target host="qacareersedc.capetown.gov.za" />
+	<target host="qaeservices.capetown.gov.za" />
+	<target host="qaeservices1.capetown.gov.za" />
+	<target host="qaeservices1edc.capetown.gov.za" />
+	<target host="qaeservicesedc.capetown.gov.za" />
+	<target host="qaintegrationhub.capetown.gov.za" />
+	<target host="qaintegrationhubedc.capetown.gov.za" />
+	<target host="resource.capetown.gov.za" />
+	<target host="resourceqa.capetown.gov.za" />
+	<target host="rtms.capetown.gov.za" />
+	<target host="signin.capetown.gov.za" />
+	<target host="signin1.capetown.gov.za" />
+	<target host="smartcape.capetown.gov.za" />
+	<target host="tct.capetown.gov.za" />
+	<target host="tctedc.capetown.gov.za" />
+	<target host="transport.capetown.gov.za" />
+	<target host="transportedc.capetown.gov.za" />
+	<target host="vendors.capetown.gov.za" />
+	<target host="vendorsedc.capetown.gov.za" />
+	<target host="web1.capetown.gov.za" />
+	<target host="web1cdc.capetown.gov.za" />
+	<target host="web1edc.capetown.gov.za" />
+	<target host="web1tst.capetown.gov.za" />
+	<target host="web2.capetown.gov.za" />
+	<target host="webmail.capetown.gov.za" />
+	<target host="webmailtst.capetown.gov.za" />
+	<target host="webtst.capetown.gov.za" />
+	<target host="ws1edc.capetown.gov.za" />
+	<target host="ws2edc.capetown.gov.za" />
+	<target host="wwwcdc.capetown.gov.za" />
+	<target host="wwwedc.capetown.gov.za" />
+	<target host="wwwqa.capetown.gov.za" />
+	<target host="wwwqa2013.capetown.gov.za" />
+	<target host="wwwqacdc.capetown.gov.za" />
+	<target host="wwwqaedc.capetown.gov.za" />
+	<target host="wwwtst.capetown.gov.za" />
+	<target host="xsp.capetown.gov.za" />
+	<target host="xsp1.capetown.gov.za" />
+	<target host="xtrack.capetown.gov.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CapitalOne360.com.xml b/src/chrome/content/rules/CapitalOne360.com.xml
index bee572a96bbb..9fd4cbc15b59 100644
--- a/src/chrome/content/rules/CapitalOne360.com.xml
+++ b/src/chrome/content/rules/CapitalOne360.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://secure.capitalone360.com/ => https://secure.capitalone360.com/: (28, 'Operation timed out after 30000 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Capitalone360.com" default_off='failed ruleset test'>
+<ruleset name="Capitalone360.com" default_off="failed ruleset test">
   <target host="capitalone360.com" />
 
   <target host="helpcenter.capitalone360.com" />
diff --git a/src/chrome/content/rules/Capitol_Machine.com.xml b/src/chrome/content/rules/Capitol_Machine.com.xml
deleted file mode 100644
index e312eb149b4e..000000000000
--- a/src/chrome/content/rules/Capitol_Machine.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Capitol Machine.com">
-
-	<target host="capitolmachine.com" />
-	<target host="www.capitolmachine.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Capstone-engine.org.xml b/src/chrome/content/rules/Capstone-engine.org.xml
new file mode 100644
index 000000000000..69ac41f1dbfe
--- /dev/null
+++ b/src/chrome/content/rules/Capstone-engine.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- capstone-engine.org
+-->
+<ruleset name="Capstone-engine.org">
+	<target host="capstone-engine.org" />
+	<target host="www.capstone-engine.org" />
+
+	<rule from="^http://capstone-engine\.org/" to="https://www.capstone-engine.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Captura-Group.xml b/src/chrome/content/rules/Captura-Group.xml
deleted file mode 100644
index 609ec8f99e70..000000000000
--- a/src/chrome/content/rules/Captura-Group.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--	!functional:
-		- (app|blog).measuredvoice.com
--->
-<ruleset name="Captura Group (partial)" platform="mixedcontent">
-
-	<target host="measuredvoice.com"/>
-	<target host="www.measuredvoice.com"/>
-
-	<securecookie host="^(?:www\.)?measuredvoice\.com$" name=".+" />
-
-	<!--	also hosted on www, but be kind and point to CDN	-->
-	<rule from="^http://cdn\.measuredvoice\.com/"
-		to="https://s3.amazonaws.com/cdn.measuredvoice.com/"/>
-
-	<rule from="^http://(www\.)?measuredvoice\.com/(favicon\.ico|img/|wp-content/)"
-		to="https://$1measuredvoice.com/$2"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/CarAdvice.xml b/src/chrome/content/rules/CarAdvice.xml
index 42c79355f125..f893658e96b6 100644
--- a/src/chrome/content/rules/CarAdvice.xml
+++ b/src/chrome/content/rules/CarAdvice.xml
@@ -6,10 +6,11 @@ Fetch error: http://caradvice.com.au/ => https://caradvice.com.au/: (7, 'Failed
 Automatically by https-everywhere-checker because:
 Fetch error: http://caradvice.com.au/ => https://caradvice.com.au/: (7, 'Failed to connect to caradvice.com.au port 443: Connection refused')
 -->
-<ruleset name="CarAdvice" default_off='failed ruleset test'>
+<ruleset name="CarAdvice" default_off="failed ruleset test">
 
 	<target host="caradvice.com.au" />
-	<target host="*.caradvice.com.au" />
+	<target host="cdn.caradvice.com.au" />
+	<target host="www.caradvice.com.au" />
 
 
 	<rule from="^http://(?:cdn\.|(www\.))?caradvice\.com\.au/"
diff --git a/src/chrome/content/rules/CarKeySolutions.ca.xml b/src/chrome/content/rules/CarKeySolutions.ca.xml
new file mode 100644
index 000000000000..e60c4b8cd1a7
--- /dev/null
+++ b/src/chrome/content/rules/CarKeySolutions.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="CarKeySolutions.ca">
+	<target host="carkeysolutions.ca" />
+	<target host="www.carkeysolutions.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CarProMods.com.xml b/src/chrome/content/rules/CarProMods.com.xml
index 9906e8c4bf1c..6016cab7f512 100644
--- a/src/chrome/content/rules/CarProMods.com.xml
+++ b/src/chrome/content/rules/CarProMods.com.xml
@@ -1,7 +1,7 @@
 <ruleset name="CarProMods.com">
 
 	<target host="carpromods.com" />
-	<target host="*.carpromods.com" />
+	<target host="www.carpromods.com" />
 
 
 	<securecookie host="^(?:www)?\.carpromods\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Carbonfund.org.xml b/src/chrome/content/rules/Carbonfund.org.xml
index 25bc3276f739..85d7b4bdba7d 100644
--- a/src/chrome/content/rules/Carbonfund.org.xml
+++ b/src/chrome/content/rules/Carbonfund.org.xml
@@ -21,4 +21,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carbonwind.net.xml b/src/chrome/content/rules/Carbonwind.net.xml
index 38e384f11430..c0d41222458a 100644
--- a/src/chrome/content/rules/Carbonwind.net.xml
+++ b/src/chrome/content/rules/Carbonwind.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://carbonwind.net/ => https://carbonwind.net/: (35, 'Unknown SS
 Fetch error: http://www.carbonwind.net/ => https://www.carbonwind.net/: (35, 'Unknown SSL protocol error in connection to www.carbonwind.net:443 ')
 
 -->
-<ruleset name="Carbonwind.net" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Carbonwind.net" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="carbonwind.net" />
 	<target host="www.carbonwind.net" />
diff --git a/src/chrome/content/rules/Cardiff-University.xml b/src/chrome/content/rules/Cardiff-University.xml
index 42d5e20e3cf5..78786cc9bcdb 100644
--- a/src/chrome/content/rules/Cardiff-University.xml
+++ b/src/chrome/content/rules/Cardiff-University.xml
@@ -1,4 +1,7 @@
 <!--
+  Redirect
+    - cardiffnetwork.cf.ac.uk -> cs.cf.ac.uk
+
 	Non-functional hosts in *.cf.ac.uk
 		Couldn't connect to server:
 			 - cs.cf.ac.uk
@@ -9,13 +12,15 @@
 			 - www.engineering.cf.ac.uk
 			 - www.mec.cf.ac.uk
 
+  Timeout
+    - webmail.cf.ac.uk
+
 		SSL connect error:
 			 - claws.cf.ac.uk
 
 		SSL peer certificate was not OK:
 			 - cf.ac.uk
 			 - www.cf.ac.uk
-			 - cardiffnetwork.cf.ac.uk
 			 - cymraeg.cs.cf.ac.uk
 			 - dogfennaeth.cs.cf.ac.uk
 
@@ -24,14 +29,17 @@
 
  		Secure connection redirects to plaintext:
 			 - www.law.cf.ac.uk
- 
+
 	Non-functional hosts in *.cardiff.ac.uk
 		Couldn't connect to server:
 			 - jobs.cardiff.ac.uk
 			 - library.cardiff.ac.uk
+       - cardiffnetwork.cf.ac.uk
 
 		SSL connect error:
 			 - events.cardiff.ac.uk
+       - cs.cf.ac.uk
+       - engin.cf.ac.uk
 
 		SSL peer certificate was not OK:
 			 - courses.cardiff.ac.uk
@@ -50,14 +58,6 @@
 	<rule from="^http://www\.astro\.cardiff\.ac\.uk/"
 			to="https://www.astro.cf.ac.uk/" />
 
-	<!-- cf.ac.uk (complications) -->
-	<target host="cardiffnetwork.cf.ac.uk" />
-	<target host="cs.cf.ac.uk" />
-	<target host="engin.cf.ac.uk" />
-	
-	<rule from="^http://(cardiffnetwork|cs|engin)\.cf\.ac\.uk/" 
-			to="https://www.$1.cf.ac.uk/" />
-
 	<!-- cardiff.ac.uk -->
 	<target host="cardiff.ac.uk" />
 	<target host="www.cardiff.ac.uk" />
@@ -66,15 +66,12 @@
 
 	<!-- cf.ac.uk -->
 	<target host="www.astro.cf.ac.uk" />
-	<target host="www.cardiffnetwork.cf.ac.uk" />
 	<target host="docs.cs.cf.ac.uk" />
-	<target host="webmail.cs.cf.ac.uk" />
 	<target host="www.cs.cf.ac.uk" />
-	<target host="www.engin.cf.ac.uk" />
 	<target host="learningcentral.cf.ac.uk" />
 	<target host="static.cf.ac.uk" />
 		<test url="http://static.cf.ac.uk/cfui/1.8.2/img/logo.png" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Care-Net.org.xml b/src/chrome/content/rules/Care-Net.org.xml
new file mode 100644
index 000000000000..50892e7f1b4a
--- /dev/null
+++ b/src/chrome/content/rules/Care-Net.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- care-net.org
+-->
+<ruleset name="Care Net">
+	<target host="care-net.org" />
+	<target host="www.care-net.org" />
+	<target host="donate.care-net.org" />
+
+	<rule from="^http://care-net\.org/"
+		to="https://www.care-net.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Care-Net.xml b/src/chrome/content/rules/Care-Net.xml
deleted file mode 100644
index 63c0f231d45b..000000000000
--- a/src/chrome/content/rules/Care-Net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-	store		(expired certificate; automatically
-			redirects HTTP to HTTPS)
--->
-<ruleset name="Care Net">
-	<target host="care-net.org" />
-	<target host="www.care-net.org" />
-
-	<securecookie host="^www\.care-net\.org$" name=".+" />
-
-	<rule from="^(?:http://(?:www\.)?|https://)care-net\.org/"
-		to="https://www.care-net.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Care2.com.xml b/src/chrome/content/rules/Care2.com.xml
index bf6849529d69..c68a5ceb2fa3 100644
--- a/src/chrome/content/rules/Care2.com.xml
+++ b/src/chrome/content/rules/Care2.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://care2.com/ => https://www.care2.com/: (60, 'SSL certificate
 		- volunteer	(→ www)
 
 -->
-<ruleset name="Care2.com" default_off='failed ruleset test'>
+<ruleset name="Care2.com" default_off="failed ruleset test">
 
 	<target host="care2.com" />
 	<target host="*.care2.com" />
@@ -56,4 +56,4 @@ Fetch error: http://care2.com/ => https://www.care2.com/: (60, 'SSL certificate
 	<rule from="^http://volunteer\.care2\.com/[^\?]*(\?.*)?"
 		to="https://www.care2.com/volunteer$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carecareers.com.au.xml b/src/chrome/content/rules/Carecareers.com.au.xml
index d655fd0792e0..bc57cd794bb6 100644
--- a/src/chrome/content/rules/Carecareers.com.au.xml
+++ b/src/chrome/content/rules/Carecareers.com.au.xml
@@ -20,7 +20,7 @@ Fetch error: http://jobs.carecareers.com.au/ => https://jobs.carecareers.com.au/
 	* Secured by us, doesn't trip MCB anyway
 
 -->
-<ruleset name="Carecareers.com.au (partial)" default_off='failed ruleset test'>
+<ruleset name="Carecareers.com.au (partial)" default_off="failed ruleset test">
 
 	<target host="jobs.carecareers.com.au" />
 
@@ -30,4 +30,4 @@ Fetch error: http://jobs.carecareers.com.au/ => https://jobs.carecareers.com.au/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CareerBuilder.xml b/src/chrome/content/rules/CareerBuilder.xml
index 2045560dabb1..8aa677162c9b 100644
--- a/src/chrome/content/rules/CareerBuilder.xml
+++ b/src/chrome/content/rules/CareerBuilder.xml
@@ -54,7 +54,7 @@ Fetch error: http://aol.careerbuilder.com/ => https://aol.careerbuilder.com/: (6
 		- Bug on www from centro.pixel.ad
 
 -->
-<ruleset name="CareerBuilder.com (partial)" default_off='failed ruleset test'>
+<ruleset name="CareerBuilder.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CareerDean.com.xml b/src/chrome/content/rules/CareerDean.com.xml
index f0c26b4e746e..db95105897bd 100644
--- a/src/chrome/content/rules/CareerDean.com.xml
+++ b/src/chrome/content/rules/CareerDean.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://careerdean.com/ => https://careerdean.com/: (28, 'Connection
 Fetch error: http://www.careerdean.com/ => https://www.careerdean.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="CareerDean.com" default_off='failed ruleset test'>
+<ruleset name="CareerDean.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CareerPerfect.xml b/src/chrome/content/rules/CareerPerfect.xml
deleted file mode 100644
index 41eeb7529250..000000000000
--- a/src/chrome/content/rules/CareerPerfect.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="CareerPerfect">
-
-	<target host="careerperfect.com" />
-	<target host="*.careerperfect.com" />
-
-
-	<securecookie host="^\.careerperfect\.com$" name=".+" />
-
-
-	<!--	(www.) doesn't work over https.	-->
-	<rule from="^http://(?:secure\.|www\.)?careerperfect\.com/"
-		to="https://secure.careerperfect.com/" />
-
-	<rule from="^http://monsterres\.careerperfect\.com/(brands|content/(\d{4}\w?|images|trk-v1))/"
-		to="https://secure.careerperfect.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Careers.fi.xml b/src/chrome/content/rules/Careers.fi.xml
deleted file mode 100644
index 5f1dff7bcac5..000000000000
--- a/src/chrome/content/rules/Careers.fi.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Careers.fi">
-  <target host="careers.fi"/>
-  <target host="www.careers.fi"/>
-  <rule from="^http:" to="https:" />
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
diff --git a/src/chrome/content/rules/Carestream.com.xml b/src/chrome/content/rules/Carestream.com.xml
index 2155834e5407..85a0bbd6ed67 100644
--- a/src/chrome/content/rules/Carestream.com.xml
+++ b/src/chrome/content/rules/Carestream.com.xml
@@ -10,7 +10,7 @@
 <ruleset name="Carestream.com">
 
 	<target host="carestream.com" />
-	<target host="*.carestream.com" />
+	<target host="www.carestream.com" />
 
 
 	<securecookie host="^(?:www)?\.carestream\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?carestream\.com/"
 		to="https://www.carestream.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cargo.xml b/src/chrome/content/rules/Cargo.xml
index b500c0d27f62..1997c05ab3a9 100644
--- a/src/chrome/content/rules/Cargo.xml
+++ b/src/chrome/content/rules/Cargo.xml
@@ -140,7 +140,39 @@
 <ruleset name="Cargo (partial)">
 
 	<target host="cargocollective.com" />
-	<target host="*.cargocollective.com" />
+	<target host="www.cargocollective.com" />
+	<target host="media.cargocollective.com" />
+	<target host="payload.cargocollective.com" />
+	<target host="payload50.cargocollective.com" />
+	<target host="payload54.cargocollective.com" />
+	<target host="payload56.cargocollective.com" />
+	<target host="payload57.cargocollective.com" />
+	<target host="payload93.cargocollective.com" />
+	<target host="payload100.cargocollective.com" />
+	<target host="payload120.cargocollective.com" />
+	<target host="payload141.cargocollective.com" />
+	<target host="payload162.cargocollective.com" />
+	<target host="payload169.cargocollective.com" />
+	<target host="payload174.cargocollective.com" />
+	<target host="payload180.cargocollective.com" />
+	<target host="payload203.cargocollective.com" />
+	<target host="payload200.cargocollective.com" />
+	<target host="payload215.cargocollective.com" />
+	<target host="payload216.cargocollective.com" />
+	<target host="payload246.cargocollective.com" />
+	<target host="payload250.cargocollective.com" />
+	<target host="payload258.cargocollective.com" />
+	<target host="payload263.cargocollective.com" />
+	<target host="payload271.cargocollective.com" />
+	<target host="payload277.cargocollective.com" />
+	<target host="payload280.cargocollective.com" />
+	<target host="payload282.cargocollective.com" />
+	<target host="payload287.cargocollective.com" />
+	<target host="payload288.cargocollective.com" />
+	<target host="payload291.cargocollective.com" />
+	<target host="payload294.cargocollective.com" />
+	<target host="payload295.cargocollective.com" />
+	<target host="payload296.cargocollective.com" />
 		<!--
 			Avoid false/broken MCB:
 						-->
diff --git a/src/chrome/content/rules/Carl_Zeiss.xml b/src/chrome/content/rules/Carl_Zeiss.xml
index 9b31d9a9dc68..53c6fba3ef6a 100644
--- a/src/chrome/content/rules/Carl_Zeiss.xml
+++ b/src/chrome/content/rules/Carl_Zeiss.xml
@@ -24,7 +24,7 @@
 	<target host="*.zeiss.com" />
 
 
-	<securecookie host=".+\.zeiss\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://applications\.zeiss\.com/\??$"
diff --git a/src/chrome/content/rules/Carleton.ca.xml b/src/chrome/content/rules/Carleton.ca.xml
index 93c1cbd5589c..76076d38b195 100644
--- a/src/chrome/content/rules/Carleton.ca.xml
+++ b/src/chrome/content/rules/Carleton.ca.xml
@@ -87,7 +87,29 @@
 <ruleset name="Carleton.ca (partial)">
 
 	<target host="carleton.ca" />
-	<target host="*.carleton.ca" />
+	<target host="ccsl.carleton.ca" />
+	<target host="library.carleton.ca" />
+	<target host="www.ccsl.carleton.ca" />
+	<target host="www.library.carleton.ca" />
+	<target host="admissions.carleton.ca" />
+	<target host="alumni.carleton.ca" />
+	<target host="apply.carleton.ca" />
+	<target host="events.carleton.ca" />
+	<target host="forms.carleton.ca" />
+	<target host="giving.carleton.ca" />
+	<target host="goravens.carleton.ca" />
+	<target host="graduate.carleton.ca" />
+	<target host="gsapplications.carleton.ca" />
+	<target host="newsroom.carleton.ca" />
+	<target host="researchworks.carleton.ca" />
+	<target host="science.carleton.ca" />
+	<target host="scs.carleton.ca" />
+	<target host="www.scs.carleton.ca" />
+	<target host="sprott.carleton.ca" />
+	<target host="students.carleton.ca" />
+	<target host="www.carleton.ca" />
+	<target host="www1.carleton.ca" />
+	<target host="www2.carleton.ca" />
 		<!--
 			Avoid false/broken MCB:
 						-->
@@ -108,7 +130,6 @@
 	<rule from="^http://(?:www\.)?(ccsl|library)\.carleton\.ca/"
 		to="https://$1.carleton.ca/" />
 
-	<rule from="^http://((?:admissions|alumni|apply|events|forms|giving|goravens|graduate|gsapplications|newsroom|researchworks|science|(?:www\.)?scs|sprott|students|www[12]?)\.)?carleton\.ca/"
-		to="https://$1carleton.ca/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Carleton_College.xml b/src/chrome/content/rules/Carleton_College.xml
index 67977b5a3623..924b38a8018c 100644
--- a/src/chrome/content/rules/Carleton_College.xml
+++ b/src/chrome/content/rules/Carleton_College.xml
@@ -7,7 +7,9 @@
 <ruleset name="Carleton College">
 
 	<target host="carleton.edu" />
-	<target host="*.carleton.edu" />
+	<target host="webapps.acs.carleton.edu" />
+	<target host="apps.carleton.edu" />
+	<target host="www.carleton.edu" />
 
 
 	<securecookie host="^apps\.carleton\.edu$" name=".+" />
@@ -16,7 +18,6 @@
 	<rule from="^http://carleton\.edu/"
 		to="https://www.carleton.edu/" />
 
-	<rule from="^http://(webapps\.acs|apps|www)\.carleton\.edu/"
-		to="https://$1.carleton.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Carnegie-Institution-for-Science.xml b/src/chrome/content/rules/Carnegie-Institution-for-Science.xml
index 976432434fbe..6c04c4aacd6a 100644
--- a/src/chrome/content/rules/Carnegie-Institution-for-Science.xml
+++ b/src/chrome/content/rules/Carnegie-Institution-for-Science.xml
@@ -27,7 +27,7 @@ Fetch error: http://vpn.carnegiescience.edu/ => https://vpn.carnegiescience.edu/
 	* Secured by us
 
 -->
-<ruleset name="Carnegie Institution for Science (partial)" default_off='failed ruleset test'>
+<ruleset name="Carnegie Institution for Science (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml b/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml
index f02917abc16b..bdc54a24d98f 100644
--- a/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml
+++ b/src/chrome/content/rules/Carnegie-Mellon-University-mismatches.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Carnegie-Mellon-University.xml b/src/chrome/content/rules/Carnegie-Mellon-University.xml
index 99e6194eff3b..a70643b2d189 100644
--- a/src/chrome/content/rules/Carnegie-Mellon-University.xml
+++ b/src/chrome/content/rules/Carnegie-Mellon-University.xml
@@ -126,7 +126,105 @@
 <ruleset name="Carnegie Mellon University (partial)">
 
 	<target host="cmu.edu" />
-	<target host="*.cmu.edu" />
+	<target host="www.cmu.edu" />
+	<target host="andrew.cmu.edu" />
+	<target host="directory.andrew.cmu.edu" />
+	<target host="webiso.andrew.cmu.edu" />
+	<target host="cylab.cmu.edu" />
+	<target host="ece.cmu.edu" />
+	<target host="sparrow.ece.cmu.edu" />
+	<target host="users.ece.cmu.edu" />
+	<target host="cs.cmu.edu" />
+	<target host="calendar.cs.cmu.edu" />
+	<target host="ccc12.cs.cmu.edu" />
+	<target host="csadmins.cs.cmu.edu" />
+	<target host="cleese.cs.cmu.edu" />
+	<target host="www-dev.csd.cs.cmu.edu" />
+	<target host="cups.cs.cmu.edu" />
+	<target host="fac.cs.cmu.edu" />
+	<target host="heinz.cs.cmu.edu" />
+	<target host="link.cs.cmu.edu" />
+	<target host="lti.cs.cmu.edu" />
+	<target host="ath-live.mts.cs.cmu.edu" />
+	<target host="news.cs.cmu.edu" />
+	<target host="olympus.cs.cmu.edu" />
+	<target host="dev.olympus.cs.cmu.edu" />
+	<target host="wonderwoman.olympus.cs.cmu.edu" />
+	<target host="origami.qolt.cs.cmu.edu" />
+	<target host="sites.cs.cmu.edu" />
+	<target host="antman.srv.cs.cmu.edu" />
+	<target host="gambit.srv.cs.cmu.edu" />
+	<target host="innovation.srv.cs.cmu.edu" />
+	<target host="mailman.srv.cs.cmu.edu" />
+	<target host="webbuild-web1.srv.cs.cmu.edu" />
+	<target host="trust.cs.cmu.edu" />
+	<target host="ptest1-userpool.web.cs.cmu.edu" />
+	<target host="ptest2-userpool.web.cs.cmu.edu" />
+	<target host="ptest3-userpool.web.cs.cmu.edu" />
+	<target host="ptest4-userpool.web.cs.cmu.edu" />
+	<target host="webbuild.web.cs.cmu.edu" />
+	<target host="webapps.cs.cmu.edu" />
+	<target host="wiki.cs.cmu.edu" />
+	<target host="women.cs.cmu.edu" />
+	<target host="www-2.cs.cmu.edu" />
+	<target host="www-dev.cs.cmu.edu" />
+	<target host="xia.cs.cmu.edu" />
+	<target host="lunchdelivery.hcii.cmu.edu" />
+	<target host="libwebspace.library.cmu.edu" />
+	<target host="my.cmu.edu" />
+	<target host="ri.cmu.edu" />
+	<target host="sei.cmu.edu" />
+	<target host="resources.sei.cmu.edu" />
+	<target host="www.sei.cmu.edu" />
+	<target host="studentaffairs.cmu.edu" />
+	<target host="www.andrew.cmu.edu" />
+	<target host="www.directory.andrew.cmu.edu" />
+	<target host="www.webiso.andrew.cmu.edu" />
+	<target host="www.cylab.cmu.edu" />
+	<target host="www.ece.cmu.edu" />
+	<target host="www.sparrow.ece.cmu.edu" />
+	<target host="www.users.ece.cmu.edu" />
+	<target host="www.cs.cmu.edu" />
+	<target host="www.calendar.cs.cmu.edu" />
+	<target host="www.ccc12.cs.cmu.edu" />
+	<target host="www.csadmins.cs.cmu.edu" />
+	<target host="www.cleese.cs.cmu.edu" />
+	<target host="www.www-dev.csd.cs.cmu.edu" />
+	<target host="www.cups.cs.cmu.edu" />
+	<target host="www.fac.cs.cmu.edu" />
+	<target host="www.heinz.cs.cmu.edu" />
+	<target host="www.link.cs.cmu.edu" />
+	<target host="www.lti.cs.cmu.edu" />
+	<target host="www.ath-live.mts.cs.cmu.edu" />
+	<target host="www.news.cs.cmu.edu" />
+	<target host="www.olympus.cs.cmu.edu" />
+	<target host="www.dev.olympus.cs.cmu.edu" />
+	<target host="www.wonderwoman.olympus.cs.cmu.edu" />
+	<target host="www.origami.qolt.cs.cmu.edu" />
+	<target host="www.sites.cs.cmu.edu" />
+	<target host="www.antman.srv.cs.cmu.edu" />
+	<target host="www.gambit.srv.cs.cmu.edu" />
+	<target host="www.innovation.srv.cs.cmu.edu" />
+	<target host="www.mailman.srv.cs.cmu.edu" />
+	<target host="www.webbuild-web1.srv.cs.cmu.edu" />
+	<target host="www.trust.cs.cmu.edu" />
+	<target host="www.webbuild.web.cs.cmu.edu" />
+	<target host="www.webapps.cs.cmu.edu" />
+	<target host="www.wiki.cs.cmu.edu" />
+	<target host="www.women.cs.cmu.edu" />
+	<target host="www.www-2.cs.cmu.edu" />
+	<target host="www.www-dev.cs.cmu.edu" />
+	<target host="www.xia.cs.cmu.edu" />
+	<target host="www.lunchdelivery.hcii.cmu.edu" />
+	<target host="www.libwebspace.library.cmu.edu" />
+	<target host="www.my.cmu.edu" />
+	<target host="www.ri.cmu.edu" />
+	<target host="www.resources.sei.cmu.edu" />
+	<target host="www.www.sei.cmu.edu" />
+	<target host="www.studentaffairs.cmu.edu" />
+	<target host="webuild-web2.srv.cs.cmu.edu" />
+	<target host="etc.cmu.edu" />
+	<target host="www.etc.cmu.edu" />
 		<!--exclusion pattern="^http://(?:www\.)?heinz\.cmu\.edu/(?!~\w+/|image\.aspx|images/|js/|res/|social\.html)" /-->
 		<exclusion pattern="^http://(?:www\.)?heinz\.cmu\.edu/(?!image).+\.aspx(?:$|\?)" />
 
@@ -134,12 +232,7 @@
 	<securecookie host="^.*\.cmu\.edu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?cmu\.edu/"
-		to="https://$1cmu.edu/" />
 
-	<rule 
-from="^http://(www\.)?((?:directory\.|webiso\.)?andrew|cylab|ece|(?:sparrow|users)\.ece|(?:(?:calendar|ccc12|csadmins|cleese|www-dev\.csd|cups|fac|heinz|link|lti|ath-live\.mts|news|(?:dev\.|wonderwoman\.)?olympus|origami\.qolt|sites|(?:antman|gambit|innovation|mailman|webbuild-web1)\.srv|trust|(?:ptest[1-4]-userpool|webbuild)\.web|webapps|wiki|women|www-2|www-dev|xia)\.)?cs|lunchdelivery\.hcii|libwebspace\.library|my|ri|(?:resources\.|www\.)?sei|studentaffairs)\.cmu\.edu/"
-		to="https://$1$2.cmu.edu/" />
 
 	<!--	Appears identical.
 					-->
@@ -151,4 +244,5 @@ from="^http://(www\.)?((?:directory\.|webiso\.)?andrew|cylab|ece|(?:sparrow|user
 	<rule from="^http://(?:www\.)?etc\.cmu\.edu/"
 		to="https://www.etc.cmu.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Carphone_Warehouse.com.xml b/src/chrome/content/rules/Carphone_Warehouse.com.xml
index a3b880e3f6a1..0be0bb21a56d 100644
--- a/src/chrome/content/rules/Carphone_Warehouse.com.xml
+++ b/src/chrome/content/rules/Carphone_Warehouse.com.xml
@@ -1,12 +1,13 @@
 <!--
 	Other Carphone Warehouse rulesets:
 
-		- Phone_House.com.xml
 
 
 	Nonfunctional hosts in *carphonewarehouse.com:
 
 		- images *
+    - m.carphonewarehouse.com
+    - selfhelp.carphonewarehouse.com
 
 	* 403
 
@@ -38,8 +39,6 @@
 				-->
 	<target host="carphonewarehouse.com" />
 	<target host="business.carphonewarehouse.com" />
-	<target host="m.carphonewarehouse.com" />
-	<target host="selfhelp.carphonewarehouse.com" />
 	<target host="www.carphonewarehouse.com" />
 
 	<!--	Complications:
@@ -66,27 +65,6 @@
 			<test url="http://carphonewarehouse.com/cpwtrade.css" />
 			<test url="http://www.carphonewarehouse.com/favicon.ico" />
 
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://m\.carphonewarehouse\.com/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://m\.carphonewarehouse\.com/+(?!img/|mt/a/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://m.carphonewarehouse.com/mt/www.carphonewarehouse.com" />
-			<test url="http://m.carphonewarehouse.com/mt/www.carphonewarehouse.com/mobiles/mobile-phones/SAMSUNG_GAL_TAB_A_9POINT7_4G" />
-			<test url="http://m.carphonewarehouse.com/mt/www.carphonewarehouse.com/phones/lg-nexus-5x-32gb" />
-			<test url="http://m.carphonewarehouse.com/mt/www.carphonewarehouse.com/phones/microsoft-lumia-950" />
-
-			<!--	-ve:
-					-->
-			<test url="http://m.carphonewarehouse.com/img/c/gw_1320/ttl_29d/pt/4url_un.uc.carphonewarehouse/ucontrol44027522501445156695523a8afed50c4f2cfc57466.png" />
-			<test url="http://m.carphonewarehouse.com/mt/a/carphonewarehouse.com/l1355756571000/images/spacer.gif" />
-			<test url="http://m.carphonewarehouse.com/mt/a/carphonewarehouse.com/l1392887540000/images/new_header/mini_logo.png" />
-
 
 	<!--	Not secured by server:
 					-->
diff --git a/src/chrome/content/rules/Cars.com.xml b/src/chrome/content/rules/Cars.com.xml
index 69e36d8ffc5b..54934cb6fd38 100644
--- a/src/chrome/content/rules/Cars.com.xml
+++ b/src/chrome/content/rules/Cars.com.xml
@@ -2,7 +2,6 @@
 	Other Cars.com rulesets:
 
 		- Cstatic-graphics.com.xml
-		- Cstatic-images.com.xml
 
 
 	Insecure cookies are set for these domains and hosts:
diff --git a/src/chrome/content/rules/Carters_OshLosh.Ca.xml b/src/chrome/content/rules/Carters_OshLosh.Ca.xml
index 04758488c4c0..67193b93c594 100644
--- a/src/chrome/content/rules/Carters_OshLosh.Ca.xml
+++ b/src/chrome/content/rules/Carters_OshLosh.Ca.xml
@@ -29,7 +29,7 @@ Fetch error: http://cartersoshkosh.ca/ => https://www.cartersoshkosh.ca/: Too ma
 		- www.cartersoshkosh.ca
 
 -->
-<ruleset name="Carters OshLosh.Ca" default_off='failed ruleset test'>
+<ruleset name="Carters OshLosh.Ca" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Casascius.xml b/src/chrome/content/rules/Casascius.xml
deleted file mode 100644
index a02ed6b6a5f4..000000000000
--- a/src/chrome/content/rules/Casascius.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Casascius">
-
-	<target host="casascius.com" />
-	<target host="www.casascius.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Case_Western_Reserve_University.xml b/src/chrome/content/rules/Case_Western_Reserve_University.xml
deleted file mode 100644
index a84c7efcdd83..000000000000
--- a/src/chrome/content/rules/Case_Western_Reserve_University.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Case Western Reserve University (partial)">
-
-	<target host="tiswww.case.edu" />
-	<target host="tiswww.cwru.edu" />
-	<target host="cnswww.cns.cwru.edu" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Caseking.de.xml b/src/chrome/content/rules/Caseking.de.xml
index 7495568232b5..88fe760cf301 100644
--- a/src/chrome/content/rules/Caseking.de.xml
+++ b/src/chrome/content/rules/Caseking.de.xml
@@ -5,7 +5,7 @@
 <ruleset name="Caseking.de">
 
 	<target host="caseking.de" />
-	<target host="*.caseking.de" />
+	<target host="www.caseking.de" />
 
 
 	<securecookie host="^(?:www)?\.caseking\.de$" name=".+" />
diff --git a/src/chrome/content/rules/Cases_Ladder.xml b/src/chrome/content/rules/Cases_Ladder.xml
index 883725e86383..4fa7f93ddd5a 100644
--- a/src/chrome/content/rules/Cases_Ladder.xml
+++ b/src/chrome/content/rules/Cases_Ladder.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://((?:cdn-img|cgi\d?|img|plus\d|users|www)\.)?igl\.net/"
 		to="https://$1igl.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CashTravel.info.xml b/src/chrome/content/rules/CashTravel.info.xml
new file mode 100644
index 000000000000..432779cf66bf
--- /dev/null
+++ b/src/chrome/content/rules/CashTravel.info.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- cpanel.cashtravel.info
+		- dc-0d8baf09d865.cashtravel.info
+		- ns1.cashtravel.info
+		- ns2.cashtravel.info
+		- webdisk.cashtravel.info
+		- webmail.cashtravel.info
+		- whm.cashtravel.info
+-->
+<ruleset name="CashTravel.info">
+	<target host="cashtravel.info" />
+	<target host="www.cashtravel.info" />
+	<target host="mail.cashtravel.info" />
+	<target host="server.cashtravel.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cash_for_Contracts.xml b/src/chrome/content/rules/Cash_for_Contracts.xml
index 1b8e1bf01fd8..aefab97d38e1 100644
--- a/src/chrome/content/rules/Cash_for_Contracts.xml
+++ b/src/chrome/content/rules/Cash_for_Contracts.xml
@@ -8,7 +8,8 @@
 <ruleset name="Cash for Contracts" default_off="expired">
 
 	<target host="cashforcontracts.com" />
-	<target host="*.cashforcontracts.com" />
+	<target host="secure.cashforcontracts.com" />
+	<target host="www.cashforcontracts.com" />
 
 
 	<securecookie host="^secure\.cashforcontracts\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Cashback.co.uk.xml b/src/chrome/content/rules/Cashback.co.uk.xml
index 04dfa6a697fd..6c4fbc2b4833 100644
--- a/src/chrome/content/rules/Cashback.co.uk.xml
+++ b/src/chrome/content/rules/Cashback.co.uk.xml
@@ -1,16 +1,12 @@
-<ruleset name="Cashback.co.uk (partial)" default_off="loops">
-
-	<target host="cashback.co.uk"/>
-	<target host="*.cashback.co.uk"/>
-		<!--	homepage redirects to http	-->
-		<exclusion pattern="http://www\.cashback\.co\.uk/$"/>
-
-	<rule from="^http://(secure\.|www\.)?cashback\.co\.uk/"
-		to="https://$1cashback.co.uk/"/>
-
-	<!--	stop site from sending us to a blank page.
-		site will redirect to http for us.	-->
-	<rule from="^https://secure\.cashback\.co\.uk/$"
-		to="https://www.cashback.co.uk/"/>
-
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.cashback.co.uk
+-->
+<ruleset name="Cashback.co.uk (partial)">
+	<target host="cashback.co.uk" />
+	<target host="www.cashback.co.uk" />
+
+	<rule from="^http://(www\.)?cashback\.co\.uk/"
+		  	to="https://cashback.co.uk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/CasinoAffiliatePrograms.xml b/src/chrome/content/rules/CasinoAffiliatePrograms.xml
index 11df9d3c9847..7685aa9f9e3f 100644
--- a/src/chrome/content/rules/CasinoAffiliatePrograms.xml
+++ b/src/chrome/content/rules/CasinoAffiliatePrograms.xml
@@ -8,7 +8,7 @@ Automatically by https-everywhere-checker because:
 Fetch error: http://casinoaffiliateprograms.com/ => https://casinoaffiliateprograms.com/: Cycle detected - URL already encountered: https://casinoaffiliateprograms.com/
 Fetch error: http://www.casinoaffiliateprograms.com/ => https://casinoaffiliateprograms.com/: Cycle detected - URL already encountered: https://casinoaffiliateprograms.com/
 -->
-<ruleset name="CasinoAffiliatePrograms.com" default_off='failed ruleset test'>
+<ruleset name="CasinoAffiliatePrograms.com" default_off="failed ruleset test">
 
 	<target host="casinoaffiliateprograms.com"/>
 	<target host="www.casinoaffiliateprograms.com"/>
diff --git a/src/chrome/content/rules/CasinoEstrella.com.xml b/src/chrome/content/rules/CasinoEstrella.com.xml
index f9911a91d544..858d3a841ae1 100644
--- a/src/chrome/content/rules/CasinoEstrella.com.xml
+++ b/src/chrome/content/rules/CasinoEstrella.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Casper_og_Frank.dk.xml b/src/chrome/content/rules/Casper_og_Frank.dk.xml
deleted file mode 100644
index 7e1e94955a75..000000000000
--- a/src/chrome/content/rules/Casper_og_Frank.dk.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-
-	Mixed content:
-
-		- Video from player.vimeo.com *
-
-		- css from $self *
-
-		- favicon from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Casper og Frank.de (false MCB)" platform="mixedcontent">
-
-	<target host="casperogfrank.dk" />
-	<target host="www.casperogfrank.dk" />
-
-
-	<securecookie host="^\.casperogfrank\.dk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CassinoEstrela.xml b/src/chrome/content/rules/CassinoEstrela.xml
index ee99e200d6ed..afdbad983b50 100644
--- a/src/chrome/content/rules/CassinoEstrela.xml
+++ b/src/chrome/content/rules/CassinoEstrela.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.cassinoestrela.com/ => https://www.cassinoestrela.com/:
 Disabled by https-everywhere-checker because:
 Fetch error: http://cassinoestrela.com/ => https://cassinoestrela.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="CassinoEstrela" default_off='failed ruleset test'>
+<ruleset name="CassinoEstrela" default_off="failed ruleset test">
 
 	<target host="cassinoestrela.com" />
 	<target host="www.cassinoestrela.com" />
@@ -18,4 +18,4 @@ Fetch error: http://cassinoestrela.com/ => https://cassinoestrela.com/: (35, 'er
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Castel-Bayart.xml b/src/chrome/content/rules/Castel-Bayart.xml
deleted file mode 100644
index 8cd61fe2f9cd..000000000000
--- a/src/chrome/content/rules/Castel-Bayart.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: cert only matches www
-
--->
-<ruleset name="Castel-Bayart">
-
-	<target host="castel-bayart.com" />
-	<target host="*.castel-bayart.com" />
-
-
-	<securecookie host="^w*\.castel-bayart\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?castel-bayart\.com/"
-		to="https://www.castel-bayart.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Casual-Effects.com.xml b/src/chrome/content/rules/Casual-Effects.com.xml
new file mode 100644
index 000000000000..c9f2b035a045
--- /dev/null
+++ b/src/chrome/content/rules/Casual-Effects.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Casual-Effects.com">
+	<target host="casual-effects.com" />
+	<target host="www.casual-effects.com" />
+	<target host="cgpp-net.casual-effects.com" />
+	<target host="www.cgpp-net.casual-effects.com" />
+	<target host="codeheartjs.casual-effects.com" />
+	<target host="endlyss.casual-effects.com" />
+	<target host="graphicscodex.casual-effects.com" />
+	<target host="rocketgolfing.casual-effects.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/CatN.com.xml b/src/chrome/content/rules/CatN.com.xml
index 39cf587c70fb..54a85c88e2f0 100644
--- a/src/chrome/content/rules/CatN.com.xml
+++ b/src/chrome/content/rules/CatN.com.xml
@@ -1,7 +1,7 @@
 <ruleset name="CatN.com">
 
 	<target host="catn.com" />
-	<target host="*.catn.com" />
+	<target host="www.catn.com" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +11,6 @@
 	<securecookie host="^cp\.c4\.catn\.com$" name=".+" />
 
 
-	<rule from="^http://(cp\.c4\.|www\.)?catn\.com/"
-		to="https://$1catn.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Catalog-of-Domestic-Federal-Assistance.xml b/src/chrome/content/rules/Catalog-of-Domestic-Federal-Assistance.xml
deleted file mode 100644
index 16fcdc19983b..000000000000
--- a/src/chrome/content/rules/Catalog-of-Domestic-Federal-Assistance.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-
--->
-<ruleset name="Catalog of Domestic Federal Assistance">
-
-	<target host="cfda.gov" />
-	<!--	*s for cross-domain cookies.	-->
-	<target host="*.cfda.gov" />
-
-
-	<securecookie host="^.*\.cfda\.gov$" name=".+" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?cfda\.gov/"
-		to="https://www.cfda.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Catalyst_Host.com.xml b/src/chrome/content/rules/Catalyst_Host.com.xml
index 99551bd9d094..5a76d79a378e 100644
--- a/src/chrome/content/rules/Catalyst_Host.com.xml
+++ b/src/chrome/content/rules/Catalyst_Host.com.xml
@@ -14,7 +14,9 @@
 <ruleset name="Catalyst Host.com">
 
 	<target host="catalysthost.com" />
-	<target host="*.catalysthost.com" />
+	<target host="cp.catalysthost.com" />
+	<target host="portal.catalysthost.com" />
+	<target host="www.catalysthost.com" />
 
 
 	<securecookie host="^(?:cp|portal)?\.catalysthost\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Catalyst_Technology_Group.xml b/src/chrome/content/rules/Catalyst_Technology_Group.xml
index ec950db9e149..d1bea0b4d8c6 100644
--- a/src/chrome/content/rules/Catalyst_Technology_Group.xml
+++ b/src/chrome/content/rules/Catalyst_Technology_Group.xml
@@ -8,16 +8,16 @@ Fetch error: http://www.catalysttg.com/ => https://www.catalysttg.com/: (51, "SS
 Disabled by https-everywhere-checker because:
 Fetch error: http://catalysttg.com/ => https://catalysttg.com/: (51, "SSL: no alternative certificate subject name matches target host name 'catalysttg.com'")
 -->
-<ruleset name="Catalyst Technology Group" default_off='failed ruleset test'>
+<ruleset name="Catalyst Technology Group" default_off="failed ruleset test">
 
 	<target host="catalysttg.com" />
 	<target host="forums.catalysttg.com" />
 	<target host="www.catalysttg.com" />
 
 
-	<securecookie host="^(?:.+\.)?catalysttg\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Catbox.moe.xml b/src/chrome/content/rules/Catbox.moe.xml
deleted file mode 100644
index 8a07bbc594d2..000000000000
--- a/src/chrome/content/rules/Catbox.moe.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Invalid Certificate:
-		www.catbox.moe
-		blog.catbox.moe
-		nofun.catbox.moe
--->
-<ruleset name="Catbox.moe">
-	<target host="catbox.moe" />
-	<target host="www.catbox.moe" />
-	<target host="files.catbox.moe" />
-	<target host="qt.catbox.moe" />
-
-	<rule from="^http://www\.catbox\.moe/" to="https://catbox.moe/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Catch.com.au.xml b/src/chrome/content/rules/Catch.com.au.xml
index dc430ed12dd4..a34b3843c5bd 100644
--- a/src/chrome/content/rules/Catch.com.au.xml
+++ b/src/chrome/content/rules/Catch.com.au.xml
@@ -1,6 +1,10 @@
 <!--
+	Other related ruleset:
+		- CatchConnect.com.au.xml
+
+
 	Non-functional subdomains:
-	
+
 		- catch.com.au
 			- accounts3	(m)
 			- link	(m)
@@ -14,7 +18,7 @@
 			- image	(m)
 			- link	(m)
 			- rdir	(m)
-			
+
 	m: certificate mismatch
 	t: timeout on https
 -->
@@ -38,7 +42,7 @@
 	<target host="static.catchoftheday.com.au" />
 	<target host="static-cf.catchoftheday.com.au" />
 	<target host="win.catchoftheday.com.au" />
-	
+
   	<securecookie host="^www\.catch\.com\.au$" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Catch22.net.xml b/src/chrome/content/rules/Catch22.net.xml
new file mode 100644
index 000000000000..29e5ccea6334
--- /dev/null
+++ b/src/chrome/content/rules/Catch22.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Timeout:
+		- catch22.net (fixed by this ruleset)
+-->
+<ruleset name="Catch22.net">
+	<target host="catch22.net" />
+	<target host="www.catch22.net" />
+
+	<rule from="^http://catch22\.net/" to="https://www.catch22.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CatchConnect.com.au.xml b/src/chrome/content/rules/CatchConnect.com.au.xml
new file mode 100644
index 000000000000..4c8b8b187122
--- /dev/null
+++ b/src/chrome/content/rules/CatchConnect.com.au.xml
@@ -0,0 +1,15 @@
+<!--
+	For other related ruleset, see Catch.com.au.xml
+-->
+<ruleset name="Catch Connect">
+
+	<target host="catchconnect.com.au" />
+	<target host="www.catchconnect.com.au" />
+	<target host="api.catchconnect.com.au" />
+	<target host="content.catchconnect.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Caters_News_Agency.xml b/src/chrome/content/rules/Caters_News_Agency.xml
index c28a9cad846b..2481c8e819bf 100644
--- a/src/chrome/content/rules/Caters_News_Agency.xml
+++ b/src/chrome/content/rules/Caters_News_Agency.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CathayPacific.com.xml b/src/chrome/content/rules/CathayPacific.com.xml
new file mode 100644
index 000000000000..0762ffc1b1a0
--- /dev/null
+++ b/src/chrome/content/rules/CathayPacific.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- cms-author-t2.ncs1.ct1.cathaypacific.com
+
+		Timeout was reached:
+		- cathaypacific.com
+		- lifewelltravelled.cathaypacific.com
+		- meet.cathaypacific.com
+		- spiritofhk.cathaypacific.com
+
+		SSL connect error:
+		- uscots.cathaypacific.com
+
+		SSL peer certificate was not OK:
+		- a35k.cathaypacific.com
+		- discovery.cathaypacific.com
+		- marcopolo.cathaypacific.com
+		- links.services.cathaypacific.com
+
+		Failure when receiving data from the peer:
+		- betaremote.cathaypacific.com
+		- mail.cathaypacific.com
+
+		Incomplete certificate chain error:
+		- workwelldone.cathaypacific.com
+
+		4xx client error:
+		- book.cathaypacific.com
+
+		Mixed content blocking (MCB) triggered:
+		- hongkong.cathaypacific.com
+-->
+<ruleset name="CathayPacific.com">
+	<target host="cathaypacific.com" />
+	<target host="www.cathaypacific.com" />
+	<target host="api.cathaypacific.com" />
+	<target host="assets.cathaypacific.com" />
+		<test url="http://assets.cathaypacific.com/applications/vtsurvey/assets/1443148968956_tc.pdf" />
+	<target host="brushwingers.cathaypacific.com" />
+	<target host="businessplus.cathaypacific.com" />
+	<target host="careers.cathaypacific.com" />
+	<target host="cateringplanner.cathaypacific.com" />
+	<target host="en.cathaylab.cathaypacific.com" />
+	<target host="zh.cathaylab.cathaypacific.com" />
+	<target host="cdn.cathaypacific.com" />
+	<target host="cxwork.cathaypacific.com" />
+	<target host="downloads.cathaypacific.com" />
+		<test url="http://downloads.cathaypacific.com/cx/investor/ir2005.pdf" />
+		<test url="http://downloads.cathaypacific.com/cx/traffic/cxtraffic_zh_052003.pdf" />
+	<target host="hackathon.cathaypacific.com" />
+	<target host="holidays.cathaypacific.com" />
+	<target host="icanfly.cathaypacific.com" />
+	<target host="ilearn.cathaypacific.com" />
+	<target host="infosecurity.cathaypacific.com" />
+	<target host="news.cathaypacific.com" />
+	<target host="payment.cathaypacific.com" />
+	<target host="stafftravel.cathaypacific.com" />
+	<target host="sustainability.cathaypacific.com" />
+	<target host="tpms.cathaypacific.com" />
+	<target host="training.cathaypacific.com" />
+	<target host="us.cathaypacific.com" />
+	<target host="upgrade.cathaypacific.com" />
+		<test url="http://upgrade.cathaypacific.com/offer/CathayPacific?lang=zh_HK" />
+
+	<rule from="^http://cathaypacific\.com/"
+		to="https://www.cathaypacific.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CathayPacificCargo.com.xml b/src/chrome/content/rules/CathayPacificCargo.com.xml
new file mode 100644
index 000000000000..3e9c08096e34
--- /dev/null
+++ b/src/chrome/content/rules/CathayPacificCargo.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- cathaypacificcargo.com
+-->
+<ruleset name="CathayPacificCargo.com">
+	<target host="cathaypacificcargo.com" />
+	<target host="www.cathaypacificcargo.com" />
+		<test url="http://www.cathaypacificcargo.com/Portals/0/Images/News/seattle.jpg" />
+
+	<rule from="^http://cathaypacificcargo\.com/"
+		to="https://www.cathaypacificcargo.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cathay_Pacific.xml b/src/chrome/content/rules/Cathay_Pacific.xml
deleted file mode 100644
index be39695ea7d2..000000000000
--- a/src/chrome/content/rules/Cathay_Pacific.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://book.cathaypacfic.com/ => https://book.cathaypacfic.com/: (7, 'Failed to connect to book.cathaypacfic.com port 443: Connection refused')
-Fetch error: http://cathaypacificcargo.com/ => https://www.cathaypacficcargo.com/: (6, 'Could not resolve host: www.cathaypacficcargo.com')
-Fetch error: http://cathaypacifichost.com/ => https://www.cathaypacifichost.com/: (7, 'Failed to connect to cathaypacific.com port 443: No route to host')
-Fetch error: http://www.cathaypacifichost.com/ => https://www.cathaypacifichost.com/: (28, 'Connection timed out after 20001 milliseconds')
- Domains not available:
-	
-	downloads.cathaypacific.com		(secured domain unreachable)
-	hksevens.cathaypacific.com		(invalid security cert)
-	icanfly.cathaypacific.com		(error code: ssl_error_rx_record_too_long)
-	ilearn.ete.cathaypacific.com		(self-signed cert)
-	learning.cathaypacific.com		(secured domain unreachable)
-	neweconomyclass.cathaypacific.com	(invalid security cert)
-	products.cathaypacific.com		(invalid security cert)
-	uscots.cathaypacific.com		(secured domain unreachable)
-	
--->
-
-<ruleset name="Cathay Pacific" default_off='failed ruleset test'>
-
-	<target host="cathaypacific.com" />
-	<target host="www.cathaypacific.com" />
-	<target host="book.cathaypacfic.com" />
-	<target host="cdn.cathaypacific.com" />
-	<target host="holidays.cathaypacific.com" />
-	<target host="iconnect.cathaypacific.com" />
-	<target host="ilearn.cathaypacific.com" />
-	<target host="lifewelltravelled.cathaypacific.com" />
-	<target host="remote.cathaypacific.com" />
-	<target host="taipo-01-hkg-remote.cathaypacific.com" />
-	<target host="cheklapkok-01-hkg-remote.cathaypacific.com" />
-	
-	<target host="cathaypacificcargo.com" />
-	<target host="www.cathaypacificcargo.com" />
-	
-	<target host="cathaypacific-campaign.com" />
-	<target host="www.cathaypacific-campaign.com" />
-	
-	<target host="cathaypacifichost.com" />
-	<target host="www.cathaypacifichost.com" />
-	
-	<target host="cxholidays.com" />
-	<target host="www.cxholidays.com" />
-	
-	<!-- rules below prevent timeouts for URLs without www. prefix -->
-	
-	<rule from="^http://cathaypacific\.com/" to="https://www.cathaypacific.com/" />
-	
-	<rule from="^http://cathaypacificcargo\.com/" to="https://www.cathaypacficcargo.com/" />
-	
-	<rule from="^http://cathaypacifichost\.com/" to="https://www.cathaypacifichost.com/" />
-	
-	<rule from="^http://cxholidays\.com/" to="https://www.cxholidays.com/" />
-	
-	<!-- rules above prevent timeouts for URLs without www. prefix -->
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Catlin_Sea_Survey.xml b/src/chrome/content/rules/Catlin_Sea_Survey.xml
index eecf9642a37c..5d392a8d4dce 100644
--- a/src/chrome/content/rules/Catlin_Sea_Survey.xml
+++ b/src/chrome/content/rules/Catlin_Sea_Survey.xml
@@ -19,7 +19,7 @@ Fetch error: http://catlinseaviewsurvey.com/ => https://www.catlinseaviewsurvey.
 		- www.catlinseaviewsurvey.com
 
 -->
-<ruleset name="Catlin Sea Survey.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Catlin Sea Survey.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cato-Institute.xml b/src/chrome/content/rules/Cato-Institute.xml
index c61a0f267a44..24c6b1f09223 100644
--- a/src/chrome/content/rules/Cato-Institute.xml
+++ b/src/chrome/content/rules/Cato-Institute.xml
@@ -22,7 +22,7 @@ Fetch error: http://secure.cato.org/ => https://secure.cato.org/: (51, "SSL: no
 	^: cert only matches www
 
 -->
-<ruleset name="Cato Institute (partial)" default_off='failed ruleset test'>
+<ruleset name="Cato Institute (partial)" default_off="failed ruleset test">
 
 	<target host="secure.cato.org" />
 
diff --git a/src/chrome/content/rules/Catraca_Livre.com.br.xml b/src/chrome/content/rules/Catraca_Livre.com.br.xml
index e096f0dbfb49..f692fb600504 100644
--- a/src/chrome/content/rules/Catraca_Livre.com.br.xml
+++ b/src/chrome/content/rules/Catraca_Livre.com.br.xml
@@ -15,7 +15,7 @@ Fetch error: http://fazedores.catracalivre.com.br/ => https://fazedores.catracal
 	* Secured by us
 
 -->
-<ruleset name="Catraca Livre.com.br" default_off='failed ruleset test'>
+<ruleset name="Catraca Livre.com.br" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Causes.xml b/src/chrome/content/rules/Causes.xml
index 4a12c6401ea5..9ed53543b730 100644
--- a/src/chrome/content/rules/Causes.xml
+++ b/src/chrome/content/rules/Causes.xml
@@ -6,7 +6,7 @@ Fetch error: http://causes.presscdn.com/ => https://exchange.causes.com/: (6, 'C
 Disabled by https-everywhere-checker because:
 Fetch error: http://causes.presscdn.com/ => https://exchange.causes.com/: (51, "SSL: no alternative certificate subject name matches target host name 'exchange.causes.com'")	s3.amazonaws.com/causes-prod/
 -->
-<ruleset name="Causes (partial)" default_off='failed ruleset test'>
+<ruleset name="Causes (partial)" default_off="failed ruleset test">
 
 	<target host="causes.com"/>
 	<target host="*.causes.com"/>
diff --git a/src/chrome/content/rules/Cavatoyota.com.xml b/src/chrome/content/rules/Cavatoyota.com.xml
new file mode 100644
index 000000000000..65303591efdf
--- /dev/null
+++ b/src/chrome/content/rules/Cavatoyota.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cavatoyota.com">
+	<target host="cavatoyota.com" />
+	<target host="www.cavatoyota.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cavemancirus.com.xml b/src/chrome/content/rules/Cavemancirus.com.xml
new file mode 100644
index 000000000000..8a6af8569d98
--- /dev/null
+++ b/src/chrome/content/rules/Cavemancirus.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Mismatched:
+	- webmail.cavemancircus.com
+	- pop.cavemancircus.com
+	- origin.cavemancircus.com
+	- ftp.cavemancircus.com
+	- imap.cavemancircus.com
+
+	Mixed content:
+	- cdn.cavemancircus.com
+
+	Connection Refused:
+	- smtp.cavemancircus.com
+
+	Timeout:
+	- mail.cavemancircus.com
+-->
+<ruleset name="Cavemancircus.com">
+	<target host="cavemancircus.com" />
+	<target host="www.cavemancircus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cavirtex.com.xml b/src/chrome/content/rules/Cavirtex.com.xml
index 59227c99a9b8..25b679ad6263 100644
--- a/src/chrome/content/rules/Cavirtex.com.xml
+++ b/src/chrome/content/rules/Cavirtex.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.cavirtex.com/ => https://www.cavirtex.com/: (7, 'Failed
 	* Shows default page
 
 -->
-<ruleset name="Cavirtex.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cavirtex.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cchtml.com.xml b/src/chrome/content/rules/Cchtml.com.xml
index 4ef5d90a1ad2..119823e4f1b6 100644
--- a/src/chrome/content/rules/Cchtml.com.xml
+++ b/src/chrome/content/rules/Cchtml.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="cchtml.com" default_off="self-signed">
 
 	<target host="cchtml.com" />
-	<target host="*.cchtml.com" />
+	<target host="www.cchtml.com" />
+	<target host="mail.cchtml.com" />
 
 
 	<securecookie host="^mail\.cchtml\.com$" name=".+" />
@@ -12,7 +13,6 @@
 	<rule from="^http://(?:www\.)?cchtml\.com/"
 		to="https://cchtml.com/" />
 
-	<rule from="^http://mail\.cchtml\.com/"
-		to="https://mail.cchtml.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cdig.me.xml b/src/chrome/content/rules/Cdig.me.xml
deleted file mode 100644
index 6c4939fc3802..000000000000
--- a/src/chrome/content/rules/Cdig.me.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Wildcard Corp coverage, see Wildcard_Corp.com.xml.
-
-
-	Mixed content:
-
-		- Image on (www.) from www.google.com *
-
-	* Secured by us
-
--->
-<ruleset name="cdig.me">
-
-	<target host="cdig.me" />
-	<target host="www.cdig.me" />
-
-
-	<securecookie host="^(?:w*\.)?cdig\.me$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cdn-net.com.xml b/src/chrome/content/rules/Cdn-net.com.xml
index 8cfa9fe59370..f75b7ec5611b 100644
--- a/src/chrome/content/rules/Cdn-net.com.xml
+++ b/src/chrome/content/rules/Cdn-net.com.xml
@@ -5,8 +5,8 @@
 <ruleset name="cdn-net.com">
 	<target host="www.cdn-net.com" />
 	<test url="http://www.cdn-net.com/cc.js" />
-	
+
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cdnads.com.xml b/src/chrome/content/rules/Cdnads.com.xml
index bcf699259b53..5a004c7d4ab2 100644
--- a/src/chrome/content/rules/Cdnads.com.xml
+++ b/src/chrome/content/rules/Cdnads.com.xml
@@ -8,18 +8,9 @@
 -->
 <ruleset name="cdnads.com">
 
-	<!--	Direct rewrites:
-				-->
+	<!--	Direct rewrites: -->
 	<target host="padsdel2.cdnads.com" />
 
-	<!--	Complications:
-				-->
-	<target host="padsdel.cdnads.com" />
-
-
-	<rule from="^http://padsdel\.cdnads\.com/"
-		to="https://padsdel2.cdnads.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Cdncomputer.com.xml b/src/chrome/content/rules/Cdncomputer.com.xml
index ffb526af422f..75e5869e2295 100644
--- a/src/chrome/content/rules/Cdncomputer.com.xml
+++ b/src/chrome/content/rules/Cdncomputer.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://cdn.cdncomputer.com/ => https://d1eiwcwqdd4h4w.cloudfront.ne
 	(www.) does not exist.
 
 -->
-<ruleset name="cdncomputer.com" default_off='failed ruleset test'>
+<ruleset name="cdncomputer.com" default_off="failed ruleset test">
 
 	<target host="cdn.cdncomputer.com" />
 
@@ -24,4 +24,4 @@ Fetch error: http://cdn.cdncomputer.com/ => https://d1eiwcwqdd4h4w.cloudfront.ne
 	<rule from="^http://cdn\.cdncomputer\.com/"
 		to="https://d1eiwcwqdd4h4w.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CeeJay.net.xml b/src/chrome/content/rules/CeeJay.net.xml
deleted file mode 100644
index 7505acbb4b22..000000000000
--- a/src/chrome/content/rules/CeeJay.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	(www.): dropped
-
--->
-<ruleset name="CeeJay.net (partial)">
-
-	<target host="*.ceejay.net" />
-
-
-	<securecookie host="^(?:crashplan|support)\.ceejay\.net$" name=".+" />
-
-
-	<rule from="^http://(crashplan|support)\.ceejay\.net(:4285)?/"
-		to="https://$1.ceejay.net$2/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cefbuilds.com.xml b/src/chrome/content/rules/Cefbuilds.com.xml
deleted file mode 100644
index 41efb1b98d5c..000000000000
--- a/src/chrome/content/rules/Cefbuilds.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Cefbuilds.com">
-	<target host="cefbuilds.com" />
-	<target host="www.cefbuilds.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cellarmasters.com.au.xml b/src/chrome/content/rules/Cellarmasters.com.au.xml
index 98f0cc1bac06..cd90269b4660 100644
--- a/src/chrome/content/rules/Cellarmasters.com.au.xml
+++ b/src/chrome/content/rules/Cellarmasters.com.au.xml
@@ -3,7 +3,7 @@
 
 
 	Nonfunctional subdomains:
-	
+
 		- dev		(SSL handshake failed)
 		- email		(connection refused)
 		- emm		(timeout)
diff --git a/src/chrome/content/rules/Cengage.xml b/src/chrome/content/rules/Cengage.xml
index f450e4910d57..72160fc50318 100644
--- a/src/chrome/content/rules/Cengage.xml
+++ b/src/chrome/content/rules/Cengage.xml
@@ -8,18 +8,21 @@ Fetch error: http://cengagebrain.co.uk/ => https://cengagebrain.co.uk/: Cycle de
 Fetch error: http://multivu.com/ => https://www.multivu.com/: Redirect for 'http://multivu.com/' missing Location	!functional:
 		- gdc.gale.com
 -->
-<ruleset name="Cengage (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Cengage (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="serviceplus.cengage.com"/>
 	<target host="cengagebrain.com"/>
-	<target host="*.cengagebrain.com"/>
+	<target host="assets.cengagebrain.com" />
+	<target host="www.cengagebrain.com" />
 	<target host="cengagebrain.co.uk"/>
-	<target host="*.cengagebrain.co.uk"/>
+	<target host="www.cengagebrain.co.uk" />
 	<target host="ed2go.com"/>
-	<target host="*.ed2go.com"/>
-	<target host="*.hbrstatic.com"/>
+	<target host="www.ed2go.com" />
+	<target host="hbb.hbrstatic.com" />
+	<target host="hbr.hbrstatic.com" />
 	<target host="highbeam.com"/>
-	<target host="*.highbeam.com"/>
+	<target host="www.highbeam.com" />
+	<target host="business.highbeam.com" />
 	<target host="multivu.com"/>
 	<target host="www.multivu.com"/>
 	<target host="ordercourses.com"/>
diff --git a/src/chrome/content/rules/Censorship.govt.nz.xml b/src/chrome/content/rules/Censorship.govt.nz.xml
index 77a97027aa05..3b11557e2d68 100644
--- a/src/chrome/content/rules/Censorship.govt.nz.xml
+++ b/src/chrome/content/rules/Censorship.govt.nz.xml
@@ -8,7 +8,7 @@ Automatically by https-everywhere-checker because:
 Fetch error: http://censorship.govt.nz/ => https://www.censorship.govt.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.censorship.govt.nz'")
 Fetch error: http://www.censorship.govt.nz/ => https://www.censorship.govt.nz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.censorship.govt.nz'")
 -->
-<ruleset name="Censorship.govt.nz" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Censorship.govt.nz" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="censorship.govt.nz" />
 	<target host="www.censorship.govt.nz" />
 	<rule from="^http://www\.censorship\.govt\.nz/" to="https://www.censorship.govt.nz/"/>
diff --git a/src/chrome/content/rules/CentOS.org.xml b/src/chrome/content/rules/CentOS.org.xml
index b3147576007d..3ef8a7afb6f1 100644
--- a/src/chrome/content/rules/CentOS.org.xml
+++ b/src/chrome/content/rules/CentOS.org.xml
@@ -1,52 +1,46 @@
 <!--
-	Nonfunctional hosts in *centos.org:
-
-		- lists			(refused)
-		- mirror-status		(403; md5 signed, expired 2007-04-05)
-		- seven	³
-		- vault ¹
-
-	¹ Refused
-	³ Redirects to git.centos.org
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .fr.centos.org
-		- git.centos.org
-
-
-	Mixed content:
-
-		- Images on wiki from $self *
-		- Bugs on wiki from creativecommons.org *
-
-	* Secured by us
-
+	Content mismatch:
+		- projects
+
+	Timeout:
+		- debuginfo
+		- mirror
+		- mirrorlist
+		- packet0[1-4]
+		- torrent
+		- vault
 -->
 <ruleset name="CentOS.org (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="centos.org" />
+	<target host="www.centos.org" />
+	<target host="accounts.centos.org" />
+	<target host="apps.centos.org" />
+	<target host="blog.centos.org" />
+	<target host="blogs.centos.org" />
 	<target host="bugs.centos.org" />
 	<target host="cbs.centos.org" />
+	<target host="ci.centos.org" />
+	<target host="cloud.centos.org" />
+	<target host="docs.centos.org" />
+	<target host="feeds.centos.org" />
+	<target host="forums.centos.org" />
 	<target host="fr.centos.org" />
 	<target host="git.centos.org" />
-	<target host="projects.centos.org" />
+	<target host="id.centos.org" />
+	<target host="lists.centos.org" />
+	<target host="mirror-status.centos.org" />
+	<target host="paste.centos.org" />
+	<target host="pastebin.centos.org" />
+	<target host="people.centos.org" />
+	<target host="planet.centos.org" />
+	<target host="registry.centos.org" />
+	<target host="seven.centos.org" />
+	<target host="status.centos.org" />
 	<target host="wiki.centos.org" />
-	<target host="www.centos.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.fr\.centos\.org$" name="^phpbb3_\w+_(k|sid|u)$" /-->
-	<!--securecookie host="^git\.centos\.org$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^\w" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Center-for-Responsive-Politics.xml b/src/chrome/content/rules/Center-for-Responsive-Politics.xml
deleted file mode 100644
index 2fb73f1a6359..000000000000
--- a/src/chrome/content/rules/Center-for-Responsive-Politics.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Center for Responsive Politics (partial)">
-
-	<target host="opensecrets.org"/>
-	<target host="*.opensecrets.org"/>
-
-	<securecookie host="^(?:.*\.)?opensecrets\.org$" name=".+" />
-
-	<rule from="^http://(?:www\.)?opensecrets\.org/"
-		to="https://www.opensecrets.org/"/>
-
-	<rule from="^http://(asset|image)s\.opensecrets\.org/"
-		to="https://s3.amazonaws.com/$1s.opensecrets.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml b/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml
index 2a4efb74d37e..a424691ae4ba 100644
--- a/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml
+++ b/src/chrome/content/rules/Center_for_Early_Childhood_Professional_Development.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Center_for_Individual_Freedom.xml b/src/chrome/content/rules/Center_for_Individual_Freedom.xml
index 7cda08fe7f73..c912574bb1f1 100644
--- a/src/chrome/content/rules/Center_for_Individual_Freedom.xml
+++ b/src/chrome/content/rules/Center_for_Individual_Freedom.xml
@@ -8,7 +8,7 @@ Non-2xx HTTP code: http://vs.cfif.org/ (200) => https://vs.cfif.org/ (403)
 		- mailserver	(data differs)
 
 -->
-<ruleset name="Center for Individual Freedom (partial)" default_off='failed ruleset test'>
+<ruleset name="Center for Individual Freedom (partial)" default_off="failed ruleset test">
 
 	<target host="cfif.org" />
 	<target host="vs.cfif.org" />
@@ -20,4 +20,4 @@ Non-2xx HTTP code: http://vs.cfif.org/ (200) => https://vs.cfif.org/ (403)
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml b/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml
index d93a8a199482..ab285a775a74 100644
--- a/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml
+++ b/src/chrome/content/rules/Center_for_Land_Use_Interpretation.xml
@@ -5,7 +5,7 @@
 <ruleset name="The Center for Land Use Interpretation" default_off="mismatched">
 
 	<target host="culi.org" />
-	<target host="*.culi.org" />
+	<target host="www.culi.org" />
 
 
 	<securecookie host="^\.clui\.org$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?culi\.org/"
 		to="https://culi.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CentraFoods.com.xml b/src/chrome/content/rules/CentraFoods.com.xml
new file mode 100644
index 000000000000..b40cdb53a325
--- /dev/null
+++ b/src/chrome/content/rules/CentraFoods.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection refused:
+		- centrafoods.com, equivalent to www.centrafoods.com
+-->
+
+<ruleset name="CentraFoods.com">
+	<target host="centrafoods.com" />
+	<target host="www.centrafoods.com" />
+
+	<rule from="^http://centrafoods\.com/"
+		to="https://www.centrafoods.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centralfield.com.xml b/src/chrome/content/rules/Centralfield.com.xml
index cb4879064159..8d64ca6cf514 100644
--- a/src/chrome/content/rules/Centralfield.com.xml
+++ b/src/chrome/content/rules/Centralfield.com.xml
@@ -5,6 +5,9 @@
 			- mail.centralfield.com
 			- mbox.centralfield.com
 			- shop.centralfield.com
+
+		Different content:
+			- centralfield.com
 -->
 <ruleset name="Centralfield.com">
 	<target host="centralfield.com" />
@@ -12,5 +15,8 @@
 
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://centralfield\.com/"
+			to="https://www.centralfield.com/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Centralparkzoo.com.xml b/src/chrome/content/rules/Centralparkzoo.com.xml
new file mode 100644
index 000000000000..4cf7cca68791
--- /dev/null
+++ b/src/chrome/content/rules/Centralparkzoo.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Server Name:
+		www.centralparkzoo.com
+		chicks.centralparkzoo.com
+		pages.centralparkzoo.com
+-->
+
+<ruleset name="Centralparkzoo.com">
+	<target host="centralparkzoo.com" />
+
+	<securecookie host="centralparkzoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Centralreg.ru.xml b/src/chrome/content/rules/Centralreg.ru.xml
deleted file mode 100644
index c3548c99a8c0..000000000000
--- a/src/chrome/content/rules/Centralreg.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Centralreg.ru">
-	<target host="centralreg.ru" />
-	<target host="www.centralreg.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml b/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml
index 7357dd8c1d8f..d6d57c5b728e 100644
--- a/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml
+++ b/src/chrome/content/rules/Centre_for_the_Protection_of_National_Infrastructure.xml
@@ -6,7 +6,7 @@ Fetch error: http://cpni.gov.uk/ => https://www.cpni.gov.uk/: (6, 'Could not res
     <target host="cpni.gov.uk" />
     <target host="*.cpni.gov.uk" />
 
-    <securecookie host="^(?:.*\.)?cpni\.gov\.uk$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://cpni\.gov\.uk/"
         to="https://www.cpni.gov.uk/" />
diff --git a/src/chrome/content/rules/Centreon.com.xml b/src/chrome/content/rules/Centreon.com.xml
index 604745072fdf..493c4142ba64 100644
--- a/src/chrome/content/rules/Centreon.com.xml
+++ b/src/chrome/content/rules/Centreon.com.xml
@@ -36,7 +36,7 @@ Fetch error: http://login.centreon.com/ => https://login.centreon.com/: (6, 'Cou
 	* Secured by us
 
 -->
-<ruleset name="Centreon.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Centreon.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -61,7 +61,7 @@ Fetch error: http://login.centreon.com/ => https://login.centreon.com/: (6, 'Cou
 	<!--securecookie host="^blog\.centreon\.com$" name="^_icl_current_language$" /-->
 	<!--securecookie host="^forum\.centreon\.com$" name="^(?:AWSELB|vb\d+(?:lastactivity|lastvisit|sessionhash))$" /-->
 
-	<securecookie host="^(?:.+\.)?centreon\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Ceonex.xml b/src/chrome/content/rules/Ceonex.xml
index eab4f0b24a80..382ed5dcc49f 100644
--- a/src/chrome/content/rules/Ceonex.xml
+++ b/src/chrome/content/rules/Ceonex.xml
@@ -1,7 +1,8 @@
 <ruleset name="Ceonex" default_off="expired, self-signed">
 
 	<target host="ceonex.com" />
-	<target host="*.ceonex.com" />
+	<target host="www.ceonex.com" />
+	<target host="info.ceonex.com" />
 
 
 	<!--	Cert only matches ^ceonex.com.
diff --git a/src/chrome/content/rules/Cephalofair.com.xml b/src/chrome/content/rules/Cephalofair.com.xml
new file mode 100644
index 000000000000..8ced5e1baba7
--- /dev/null
+++ b/src/chrome/content/rules/Cephalofair.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+		- calendar
+		- docs
+		- start
+
+	Mismatched:
+		- ftp
+		- ssh
+-->
+<ruleset name="Cephalofair.com">
+	<target host="cephalofair.com" />
+	<target host="www.cephalofair.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CertifiedAccessories.com.xml b/src/chrome/content/rules/CertifiedAccessories.com.xml
new file mode 100644
index 000000000000..a88a4441dd34
--- /dev/null
+++ b/src/chrome/content/rules/CertifiedAccessories.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- certifiedaccessories.com
+		- www.certifiedaccessories.com
+-->
+
+<ruleset name="CertifiedAccessories.com" platform="mixedcontent">
+	<target host="certifiedaccessories.com" />
+	<target host="www.certifiedaccessories.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Certified_Secure.com.xml b/src/chrome/content/rules/Certified_Secure.com.xml
index 88251819d3b8..335dc713060b 100644
--- a/src/chrome/content/rules/Certified_Secure.com.xml
+++ b/src/chrome/content/rules/Certified_Secure.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Certified Secure.com">
 
 	<target host="certifiedsecure.com" />
-	<target host="*.certifiedsecure.com" />
+	<target host="www.certifiedsecure.com" />
 
 
 	<securecookie host="^\.www\.certifiedsecure\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Certona.xml b/src/chrome/content/rules/Certona.xml
index 847d22087752..f2d059897c0d 100644
--- a/src/chrome/content/rules/Certona.xml
+++ b/src/chrome/content/rules/Certona.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CeskaPosta.cz.xml b/src/chrome/content/rules/CeskaPosta.cz.xml
index 58b69a7752ee..baaa9380cbb6 100644
--- a/src/chrome/content/rules/CeskaPosta.cz.xml
+++ b/src/chrome/content/rules/CeskaPosta.cz.xml
@@ -4,7 +4,6 @@
     <target host="postaonline.cz" />
     <target host="www.postaonline.cz" />
 
-    <test url="http://postaonline.cz/" />
 
     <rule from="^http://postaonline\.cz/"
             to="https://www.postaonline.cz/" />
diff --git a/src/chrome/content/rules/Cgtk.co.uk.xml b/src/chrome/content/rules/Cgtk.co.uk.xml
new file mode 100644
index 000000000000..bae9f9ff9ff8
--- /dev/null
+++ b/src/chrome/content/rules/Cgtk.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	All other cgtk.co.uk hosts implement automatic
+	forwarding to https.
+-->
+<ruleset name="Cgtk.co.uk">
+	<target host="www.cgtk.co.uk" />
+	<target host="gpx.cgtk.co.uk" />
+	<target host="gpx2.cgtk.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chain.com.xml b/src/chrome/content/rules/Chain.com.xml
index 5b639c80b5d5..763a6e0c069f 100644
--- a/src/chrome/content/rules/Chain.com.xml
+++ b/src/chrome/content/rules/Chain.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://api.chain.com/ => https://api.chain.com/: (6, 'Could not res
 		- api
 
 -->
-<ruleset name="Chain.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Chain.com (partial)" default_off="failed ruleset test">
 
 	<target host="chain.com" />
 	<target host="api.chain.com" />
diff --git a/src/chrome/content/rules/Chainlove.com.xml b/src/chrome/content/rules/Chainlove.com.xml
index 98a3a9600763..313a15927745 100644
--- a/src/chrome/content/rules/Chainlove.com.xml
+++ b/src/chrome/content/rules/Chainlove.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://images.chainlove.com/ => https://www.chainlove.com/: (6, 'Co
 	* Akamai
 
 -->
-<ruleset name="Chainlove.com" default_off='failed ruleset test'>
+<ruleset name="Chainlove.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Chaiscript.com.xml b/src/chrome/content/rules/Chaiscript.com.xml
new file mode 100644
index 000000000000..05059ac3ac0e
--- /dev/null
+++ b/src/chrome/content/rules/Chaiscript.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Chaiscript.com">
+    <target host="chaiscript.com" />
+    <target host="www.chaiscript.com" />
+
+    <securecookie host=".+" name=".+" />
+
+	<!--	Mismatched:	-->
+    <rule from="^http://www\.chaiscript\.com/" to="https://chaiscript.com/" />
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChakraOS.org.xml b/src/chrome/content/rules/ChakraOS.org.xml
index af95831f0940..af46bee906ed 100644
--- a/src/chrome/content/rules/ChakraOS.org.xml
+++ b/src/chrome/content/rules/ChakraOS.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.chakraos.org/ => https://www.chakraos.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chakraos.org'")
 
 -->
-<ruleset name="ChakraOS.org" default_off='failed ruleset test'>
+<ruleset name="ChakraOS.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Challenge.gov.xml b/src/chrome/content/rules/Challenge.gov.xml
index 08786470614e..3b83385bf0f5 100644
--- a/src/chrome/content/rules/Challenge.gov.xml
+++ b/src/chrome/content/rules/Challenge.gov.xml
@@ -13,7 +13,7 @@ Fetch error: http://staging-api.challenge.gov/ => https://staging-api.challenge.
 		- www.challenge.gov
 
 -->
-<ruleset name="Challenge.gov" default_off='failed ruleset test'>
+<ruleset name="Challenge.gov" default_off="failed ruleset test">
 
 	<target host="challenge.gov" />
 	<target host="api.challenge.gov" />
diff --git a/src/chrome/content/rules/ChallengePost.xml b/src/chrome/content/rules/ChallengePost.xml
index b244781b932c..8c3e486f75ea 100644
--- a/src/chrome/content/rules/ChallengePost.xml
+++ b/src/chrome/content/rules/ChallengePost.xml
@@ -31,7 +31,7 @@ Fetch error: http://challengepost.com/ => https://challengepost.com/: Cycle dete
 		- (www.)assetspost.com		(at least some pages redirect to http)
 
 -->
-<ruleset name="ChallengePost (partial)" default_off='failed ruleset test'>
+<ruleset name="ChallengePost (partial)" default_off="failed ruleset test">
 
 	<target host="challengepost.com" />
 	<target host="*.challengepost.com" />
diff --git a/src/chrome/content/rules/Chalmers.se.xml b/src/chrome/content/rules/Chalmers.se.xml
index ec4834ff64a0..fd83200003d6 100644
--- a/src/chrome/content/rules/Chalmers.se.xml
+++ b/src/chrome/content/rules/Chalmers.se.xml
@@ -1,13 +1,22 @@
+<!--
+	No working URL known:
+		www.admin.chalmers.se (401)
+-->
+
 <ruleset name="Chalmers">
 
 	<target host="chalmers.se" />
-	<target host="*.chalmers.se" />
-
+	<target host="admin.chalmers.se" />
+	<target host="doctoral.portal.chalmers.se" />
+	<target host="idp.chalmers.se" />
+	<target host="student.portal.chalmers.se" />
+	<target host="studentportal.chalmers.se" />
+	<target host="www.chalmers.se" />
+	<target host="www.cse.chalmers.se" />
 
 	<securecookie host="^(?:www\.)?chalmers\.se$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(admin\.)?chalmers\.se/"
-		to="https://$1$2chalmers.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chambal.xml b/src/chrome/content/rules/Chambal.xml
deleted file mode 100644
index 7c080e0605b4..000000000000
--- a/src/chrome/content/rules/Chambal.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	Other Chambal rulesets:
-
-		- Bucket_Explorer.com.xml
-		- Minalyzer.com.xml
-		- SunoSanuo.com.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/images.chambal.com/ | d1tk5j9aunjut2.cloudfront.net
-
-			- images.chambal.com
-
-
-	Nonfunctional domains:
-
-		- chambal.com ¹
-		- www.chambal.com ²
-		- ls.chambal.net	(shows accounts; mismatched, CN: accounts.chambal.com)
-
-	¹ Interrupted
-	² Shows Windows status
-
--->
-<ruleset name="Chambal (partial)">
-
-	<target host="*.chambal.com" />
-
-
-	<securecookie host="^accounts\.chambal\.com$" name=".+" />
-
-
-	<rule from="^http://accounts\.chambal\.com/"
-		to="https://accounts.chambal.com/" />
-
-	<rule from="^http://images\.chambal\.com/"
-		to="https://d1tk5j9aunjut2.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chameleon.ad.xml b/src/chrome/content/rules/Chameleon.ad.xml
index 71a34e798eb1..82409957f04a 100644
--- a/src/chrome/content/rules/Chameleon.ad.xml
+++ b/src/chrome/content/rules/Chameleon.ad.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	cert mismatch:
 		- *.gsn.chameleon.ad
 		- *.static.chameleon.ad
diff --git a/src/chrome/content/rules/ChampionCasino.net.xml b/src/chrome/content/rules/ChampionCasino.net.xml
index bc82ac0a31d5..9229681d1683 100644
--- a/src/chrome/content/rules/ChampionCasino.net.xml
+++ b/src/chrome/content/rules/ChampionCasino.net.xml
@@ -1,22 +1,8 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- api *
-		- dlc
-
-	* 400
-
--->
 <ruleset name="ChampionCasino.net (partial)">
+	<target host="championcasino.net" />
+	<target host="www.championcasino.net" />
 
-	<target host="*.championcasino.net" />
-
-
-	<securecookie host="^.+\.championcasino\.net$" name=".+" />
-
-
-	<rule from="^http://(cdn1|pay|sec)\.championcasino\.net/"
-		to="https://$1.championcasino.net/" />
+	<securecookie host=".+" name=".+" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Champs_Sports.xml b/src/chrome/content/rules/Champs_Sports.xml
index 3606bb96be4b..33733661dcbb 100644
--- a/src/chrome/content/rules/Champs_Sports.xml
+++ b/src/chrome/content/rules/Champs_Sports.xml
@@ -22,7 +22,11 @@
 <ruleset name="Champs Sports (partial)">
 
 	<target host="champssports.com" />
-	<target host="*.champssports.com" />
+	<target host="www.champssports.com" />
+	<target host="ebm.e.champssports.com" />
+	<target host="f.e.champssports.com" />
+	<target host="images.champssports.com" />
+	<target host="m.champssports.com" />
 
 
 	<securecookie host="^.*\.champssports\.com$" name=".+" />
@@ -37,7 +41,6 @@
 	<rule from="^http://f\.e\.champssports\.com/"
 		to="https://f.chtah.com/" />
 
-	<rule from="^http://(images|m)\.champssports\.com/"
-		to="https://$1.champssports.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Change.org.xml b/src/chrome/content/rules/Change.org.xml
index 89638b45c105..333bcbffdb94 100644
--- a/src/chrome/content/rules/Change.org.xml
+++ b/src/chrome/content/rules/Change.org.xml
@@ -14,7 +14,8 @@
 <ruleset name="Change.org (partial)">
 
 	<target host="change.org" />
-	<target host="*.change.org" />
+	<target host="www.change.org" />
+	<target host="helpdesk.change.org" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/ChangeAView.com.xml b/src/chrome/content/rules/ChangeAView.com.xml
new file mode 100644
index 000000000000..be5b1434febc
--- /dev/null
+++ b/src/chrome/content/rules/ChangeAView.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="ChangeAView.com">
+	<target host="changeaview.com" />
+	<target host="www.changeaview.com" />
+	<target host="api.changeaview.com" />
+	<target host="secure.changeaview.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChangeAView.org.xml b/src/chrome/content/rules/ChangeAView.org.xml
new file mode 100644
index 000000000000..f9ba9000ef3a
--- /dev/null
+++ b/src/chrome/content/rules/ChangeAView.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ChangeAView.org">
+	<target host="changeaview.org" />
+	<target host="www.changeaview.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Changing-Cities.org.xml b/src/chrome/content/rules/Changing-Cities.org.xml
new file mode 100644
index 000000000000..dd2ce1bb5e8c
--- /dev/null
+++ b/src/chrome/content/rules/Changing-Cities.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Changing-Cities.org">
+
+	<target host="changing-cities.org" />
+	<target host="www.changing-cities.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chango.xml b/src/chrome/content/rules/Chango.xml
index ddde73607932..e76d6971afb1 100644
--- a/src/chrome/content/rules/Chango.xml
+++ b/src/chrome/content/rules/Chango.xml
@@ -26,7 +26,7 @@ Fetch error: http://chango.com/ => https://www.chango.com/: (51, "SSL: no altern
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Chango" default_off='failed ruleset test'>
+<ruleset name="Chango" default_off="failed ruleset test">
 
 	<!--	Direct rewrotes:
 				-->
diff --git a/src/chrome/content/rules/ChannelIntelligence.com.xml b/src/chrome/content/rules/ChannelIntelligence.com.xml
deleted file mode 100644
index 22baf07b1b7b..000000000000
--- a/src/chrome/content/rules/ChannelIntelligence.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
-
-	CDN buckets:
-
-		- cts-secure.channelintelligence.com.edgekey.net
-
-		- akamai.ci.edgesuite.net
-
-			- cts
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(wpengine)
-
-
-	Problematic subdomains:
-
-		- cts	(akamai)
-
--->
-<ruleset name="ChannelIntelligence.com (partial)">
-
-	<target host="*.channelintelligence.com" />
-
-
-	<rule from="^http://cts(?:-secure)?\.channelintelligence\.com/"
-		to="https://cts-secure.channelintelligence.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Channel_4-falsemixed.xml b/src/chrome/content/rules/Channel_4-falsemixed.xml
index f2c61c66bf8d..53d9029457fe 100644
--- a/src/chrome/content/rules/Channel_4-falsemixed.xml
+++ b/src/chrome/content/rules/Channel_4-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://mailing.channel4.com/ => https://mailing.channel4.com/: (51,
 	For rules not causing false/broken MCB, see Channel_4.xml.
 
 -->
-<ruleset name="Channel 4.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Channel 4.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="mailing.channel4.com" />
 
diff --git a/src/chrome/content/rules/Channelme.tv.xml b/src/chrome/content/rules/Channelme.tv.xml
index d72391fd4ee1..126b69890f2f 100644
--- a/src/chrome/content/rules/Channelme.tv.xml
+++ b/src/chrome/content/rules/Channelme.tv.xml
@@ -6,10 +6,11 @@
 -->
 <ruleset name="channelme.tv">
 
-	<target host="*.channelme.tv" />
+	<target host="media.channelme.tv" />
+	<target host="cdn-media.channelme.tv" />
 
 
 	<rule from="^http://(?:cdn-)?media\.channelme\.tv/"
 		to="https://media.channelme.tv/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Channelx.biz.xml b/src/chrome/content/rules/Channelx.biz.xml
deleted file mode 100644
index 0f6199dcf3f6..000000000000
--- a/src/chrome/content/rules/Channelx.biz.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Channelx.biz">
-
-	<target host="channelx.biz" />
-	<target host="www.channelx.biz" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chaos-Reigns.xml b/src/chrome/content/rules/Chaos-Reigns.xml
index b1c33e7e9de1..9c024e2b9306 100644
--- a/src/chrome/content/rules/Chaos-Reigns.xml
+++ b/src/chrome/content/rules/Chaos-Reigns.xml
@@ -12,10 +12,11 @@
 <ruleset name="Chaos Reigns" default_off="expired, self-signed">
 
 	<target host="chaosreigns.com" />
-	<target host="*.chaosreigns.com" />
+	<target host="panic.chaosreigns.com" />
+	<target host="www.chaosreigns.com" />
 
 
-	<securecookie host="^(?:.*\.)?chaosreigns\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:panic\.|www\.)?chaosreigns\.com/"
diff --git a/src/chrome/content/rules/Chapter1.io.xml b/src/chrome/content/rules/Chapter1.io.xml
new file mode 100644
index 000000000000..28fcbd590165
--- /dev/null
+++ b/src/chrome/content/rules/Chapter1.io.xml
@@ -0,0 +1,5 @@
+<ruleset name="Chapter1.io">
+	<target host="chapter1.io" />
+	<target host="www.chapter1.io" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CharityWeb.xml b/src/chrome/content/rules/CharityWeb.xml
index 08e3dbfc8b31..14bd7d8c8781 100644
--- a/src/chrome/content/rules/CharityWeb.xml
+++ b/src/chrome/content/rules/CharityWeb.xml
@@ -7,14 +7,11 @@
 <ruleset name="CharityWeb (partial)">
 
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.charityweb.net" />
+	<target host="ssl.charityweb.net" />
 
 
 	<!--	Seems to be used only on ssl.	-->
-	<securecookie host="^\.charityweb\.net$" name="^/globalcompactfoundation/.*$" />
 
-
-	<rule from="^http://ssl\.charityweb\.net/"
-		to="https://ssl.charityweb.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Charlie.bz.xml b/src/chrome/content/rules/Charlie.bz.xml
index 65574cc50ea8..b17d824194c4 100644
--- a/src/chrome/content/rules/Charlie.bz.xml
+++ b/src/chrome/content/rules/Charlie.bz.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.charlie.bz/ => https://www.charlie.bz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.charlie.bz'")
 
 -->
-<ruleset name="charlie.bz" default_off='failed ruleset test'>
+<ruleset name="charlie.bz" default_off="failed ruleset test">
 
 	<target host="charlie.bz" />
 	<target host="www.charlie.bz" />
diff --git a/src/chrome/content/rules/Charter-Business.com.xml b/src/chrome/content/rules/Charter-Business.com.xml
index 0f8499997bb3..7182a6e1e8e5 100644
--- a/src/chrome/content/rules/Charter-Business.com.xml
+++ b/src/chrome/content/rules/Charter-Business.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://connect.charter-business.com/ => https://connect.charter-bus
 	* Secured by us
 
 -->
-<ruleset name="Charter-Business.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Charter-Business.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Charter.com.xml b/src/chrome/content/rules/Charter.com.xml
index a4b7e9e5863c..bdb7d03e5c56 100644
--- a/src/chrome/content/rules/Charter.com.xml
+++ b/src/chrome/content/rules/Charter.com.xml
@@ -12,7 +12,6 @@ Fetch error: http://myaccount.charter.com/ => https://www.myaccount.charter.com/
 		- Charter-Business.com.xml
 		- Charter_our_Community.com.xml
 		- CharterBusiness.com.xml
-		- Spectrum.com.xml
 		- SpectrumBusiness.net.xml
 		- Spectrum_Business_Insights.com.xml
 
@@ -59,7 +58,7 @@ Fetch error: http://myaccount.charter.com/ => https://www.myaccount.charter.com/
 	* Secured by us
 
 -->
-<ruleset name="Charter.com" default_off='failed ruleset test'>
+<ruleset name="Charter.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CharterBusiness.com.xml b/src/chrome/content/rules/CharterBusiness.com.xml
index 70298f790ce6..5b024029dd3a 100644
--- a/src/chrome/content/rules/CharterBusiness.com.xml
+++ b/src/chrome/content/rules/CharterBusiness.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://media.charterbusiness.com/ => https://media.charterbusiness.
 		- www2.charterbusiness.com
 
 -->
-<ruleset name="CharterBusiness.com" default_off='failed ruleset test'>
+<ruleset name="CharterBusiness.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Charter_our_Community.com.xml b/src/chrome/content/rules/Charter_our_Community.com.xml
index 895846283246..83e8aefb63a8 100644
--- a/src/chrome/content/rules/Charter_our_Community.com.xml
+++ b/src/chrome/content/rules/Charter_our_Community.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.charterourcommunity.com/ => https://www.charterourcommun
 		- www.charterourcommunity.com
 
 -->
-<ruleset name="Charter our Community.com" default_off='failed ruleset test'>
+<ruleset name="Charter our Community.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Chase.com.xml b/src/chrome/content/rules/Chase.com.xml
index 984d00b82b33..37e862a18d15 100644
--- a/src/chrome/content/rules/Chase.com.xml
+++ b/src/chrome/content/rules/Chase.com.xml
@@ -26,6 +26,6 @@
 	<target host="ultimaterewards.chase.com" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Chat-Place.xml b/src/chrome/content/rules/Chat-Place.xml
index 95f99b406a31..5d6646aef420 100644
--- a/src/chrome/content/rules/Chat-Place.xml
+++ b/src/chrome/content/rules/Chat-Place.xml
@@ -3,7 +3,7 @@
 	<target host="chat-place.org"/>
 	<target host="www.chat-place.org"/>
 
-	<securecookie host="^(?:.*\.)?chat-place\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?chat-place\.org/"
 		to="https://chat-place.org/"/>
diff --git a/src/chrome/content/rules/Chatango.com.xml b/src/chrome/content/rules/Chatango.com.xml
index 973312a1f891..d3fbd3a9bce0 100644
--- a/src/chrome/content/rules/Chatango.com.xml
+++ b/src/chrome/content/rules/Chatango.com.xml
@@ -1,31 +1,39 @@
 <!--
-	Ads.
-
-
 	Fully covered domains:
 
 		- chatango.com
-		- (www.)secure.chatango.com
-
-		- [\w-]+.chatango.com:
+		- www.chatango.com
+		- secure.chatango.com
+		- st.chatango.com
+		- ust.chatango.com
 
-			- st
-			- www
-			- [\w-]+ *
-
-	* Per-client domains
+	Per-client domains at [\w-]+.chatango.com
 
+	chatango.com has both a wildcard DNS record and a wildcard certificate,
+	enumerating all subdomains is impossible
 -->
 <ruleset name="Chatango.com">
 
 	<target host="chatango.com" />
 	<target host="*.chatango.com" />
 
+	<test url="http://www.chatango.com/" />
+	<test url="http://secure.chatango.com/" />
+	<test url="http://chatango.chatango.com/" />
+	<test url="http://st.chatango.com/" />
+	<test url="http://test.chatango.com/" />
+	<test url="http://ust.chatango.com/" />
 
 	<securecookie host="^\.chatango\.com$" name=".+" />
 
+	<!-- https://github.com/EFForg/https-everywhere/issues/9685 -->
+	<exclusion pattern="^http://([\w-]+\.)?chatango\.com/fullpix$" />
+	<test url="http://chatango.com/fullpix" />
+	<test url="http://www.chatango.com/fullpix" />
+	<test url="http://secure.chatango.com/fullpix" />
+	<test url="http://chatango.chatango.com/fullpix" />
+
 
-	<rule from="^http://([\w-]+\.|(?:www\.)?secure\.)?chatango\.com/"
-		to="https://$1chatango.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chatelaine.com.xml b/src/chrome/content/rules/Chatelaine.com.xml
new file mode 100644
index 000000000000..84d0b39b0105
--- /dev/null
+++ b/src/chrome/content/rules/Chatelaine.com.xml
@@ -0,0 +1,50 @@
+<!--
+	Active mixed content:
+		- www.chatelaine.com
+
+	Connection refused:
+		- autodiscover.chatelaine.com
+		- site.en.chatelaine.com
+		- site.fr.chatelaine.com
+		- spotlight.chatelaine.com
+		- target.chatelaine.com
+
+	Invalid certificate:
+		- 50e.chatelaine.com
+		- clientsolutions.chatelaine.com
+		- clientsolutions-fr.chatelaine.com
+		- contests.chatelaine.com
+		- courriel.chatelaine.com
+		- ebm.courriel.chatelaine.com
+		- email.chatelaine.com
+		- galeriesphotos.chatelaine.com
+
+	Timed out:
+		- chatelaine.com, equivalent to www.chatelaine.com
+		- blogues.chatelaine.com
+		- community.chatelaine.com
+		- concours.chatelaine.com
+		- contest.chatelaine.com
+		- donnezausuivant.chatelaine.com
+		- blog.en.chatelaine.com
+		- food.chatelaine.com
+		- dev.food.chatelaine.com
+		- recettes.fr.chatelaine.com
+		- outils.chatelaine.com
+		- recettes.chatelaine.com
+		- recipes.chatelaine.com
+		- site.chatelaine.com
+		- widgets.chatelaine.com
+-->
+
+<ruleset name="Chatelaine.com">
+	<target host="en.chatelaine.com" />
+	<target host="fr.chatelaine.com" />
+	<target host="partners.chatelaine.com" />
+	<target host="secure.chatelaine.com" />
+	<target host="siteprotege.chatelaine.com" />
+	<target host="staging-fr.chatelaine.com" />
+	<target host="staging-www.chatelaine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chatter.xml b/src/chrome/content/rules/Chatter.xml
index d0b58dd0a4e6..03b9954dc1e1 100644
--- a/src/chrome/content/rules/Chatter.xml
+++ b/src/chrome/content/rules/Chatter.xml
@@ -10,7 +10,8 @@
 <ruleset name="Chatter">
 
 	<target host="chatter.com" />
-	<target host="*.chatter.com" />
+	<target host="www.chatter.com" />
+	<target host="community.chatter.com" />
 
 
 	<securecookie host="^.+\.chatter\.com$" name=".+" />
@@ -19,7 +20,6 @@
 	<rule from="^http://(?:www\.)?chatter\.com/"
 		to="https://www.chatter.com/" />
 
-	<rule from="^http://community\.chatter\.com/"
-		to="https://community.chatter.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Chaturbate.com.xml b/src/chrome/content/rules/Chaturbate.com.xml
deleted file mode 100644
index 945527d539a1..000000000000
--- a/src/chrome/content/rules/Chaturbate.com.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cbphotovideo.s3.amazonaws.com
-
-
-	Problematic hosts in *chaturbate.com:
-
-		- ads *
-		- serve.ads *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- chaturbate.com
-		- \w\w.chaturbate.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Chaturbate.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="chaturbate.com" />
-	<target host="ar.chaturbate.com" />
-	<target host="blog.chaturbate.com" />
-	<target host="de.chaturbate.com" />
-	<target host="ei.chaturbate.com" />
-	<target host="en.chaturbate.com" />
-	<target host="es.chaturbate.com" />
-	<target host="fr.chaturbate.com" />
-	<target host="hi.chaturbate.com" />
-	<target host="it.chaturbate.com" />
-	<target host="jp.chaturbate.com" />
-	<target host="ko.chaturbate.com" />
-	<target host="nl.chaturbate.com" />
-	<target host="pt.chaturbate.com" />
-	<target host="public.chaturbate.com" />
-	<target host="ru.chaturbate.com" />
-	<target host="tr.chaturbate.com" />
-	<target host="www.chaturbate.com" />
-	<target host="zh.chaturbate.com" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://chaturbate.com/affiliates/in/eSm5/A527e/?track=embed&amp;bgcolor=" /-->
-
-		<test url="http://public.chaturbate.com/uploads/whitelabels/logos/2016/03/06/11/09/23ed12a1bb004c419ba1fffe47004cc43207a924_200x60.jpg" />
-
-	<!--	Complications:
-				-->
-	<target host="ads.chaturbate.com" />
-	<target host="serve.ads.chaturbate.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^chaturbate\.com$" name="(?:fromaffiliate|noads|us_\w+|u_\w+)$" /-->
-	<!--securecookie host="^(\w\w\.)?chaturbate\.com$" name="affkey$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://ads\.chaturbate\.com/"
-		to="https://exoticads.com/" />
-
-	<rule from="^http://serve\.ads\.chaturbate\.com/"
-		to="https://adserver.exoticads.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cheap-Ass-Gamer.xml b/src/chrome/content/rules/Cheap-Ass-Gamer.xml
index f449de7bd27a..bb908fbb349d 100644
--- a/src/chrome/content/rules/Cheap-Ass-Gamer.xml
+++ b/src/chrome/content/rules/Cheap-Ass-Gamer.xml
@@ -6,4 +6,4 @@
 	<securecookie host="(\.|^)cheapassgamer\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CheapCheapLah.com.xml b/src/chrome/content/rules/CheapCheapLah.com.xml
index 5bf6c1ffb003..9cd000bdb5f2 100644
--- a/src/chrome/content/rules/CheapCheapLah.com.xml
+++ b/src/chrome/content/rules/CheapCheapLah.com.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cheap_Airport_Parking.xml b/src/chrome/content/rules/Cheap_Airport_Parking.xml
index 88c44d7962e7..dc7b11ff651f 100644
--- a/src/chrome/content/rules/Cheap_Airport_Parking.xml
+++ b/src/chrome/content/rules/Cheap_Airport_Parking.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.cheapairportparkingbirmingham.com/ => https://www.cheapa
 Disabled by https-everywhere-checker because:
 Fetch error: http://cheapairportparkingbirmingham.com/ => https://cheapairportparkingbirmingham.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Cheap Airport Parking" default_off='failed ruleset test'>
+<ruleset name="Cheap Airport Parking" default_off="failed ruleset test">
 
 	<target host="cheapairportparkingbirmingham.com" />
 	<target host="www.cheapairportparkingbirmingham.com" />
@@ -18,4 +18,4 @@ Fetch error: http://cheapairportparkingbirmingham.com/ => https://cheapairportpa
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cheapass_Fiction.com.xml b/src/chrome/content/rules/Cheapass_Fiction.com.xml
deleted file mode 100644
index f22e4b61c646..000000000000
--- a/src/chrome/content/rules/Cheapass_Fiction.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: dropped
-
--->
-<ruleset name="Cheapass Fiction.com">
-
-	<target host="cheapassfiction.com" />
-	<target host="www.cheapassfiction.com" />
-
-
-	<rule from="^http://(?:www\.)?cheapassfiction\.com/"
-		to="https://cheapassfiction.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cheapshark.com.xml b/src/chrome/content/rules/Cheapshark.com.xml
new file mode 100644
index 000000000000..0a88a1a54d47
--- /dev/null
+++ b/src/chrome/content/rules/Cheapshark.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Nonfunctional hosts in *.cheapshark.com:
+
+	m: certificate mismatch
+        track.cheapshark.com
+        tracking.cheapshark.com
+
+-->
+<ruleset name="Cheapshark.com">
+
+	<target host="www.cheapshark.com" />
+	<target host="cheapshark.com" />
+	<target host="webmail.cheapshark.com" />
+	<target host="ww1.cheapshark.com" />
+	<target host="img.cheapshark.com" />
+    <target host="actual.cheapshark.com" />
+    <target host="cache.cheapshark.com" />
+    <target host="direct-1734952280174226.cheapshark.com" />
+    <target host="direct.cheapshark.com" />
+    <target host="mailer.cheapshark.com" />
+    <target host="maintenance.cheapshark.com" />
+    <target host="pong.cheapshark.com" />
+    <target host="status.cheapshark.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cheatbook.de.xml b/src/chrome/content/rules/Cheatbook.de.xml
deleted file mode 100644
index c9227f41dac1..000000000000
--- a/src/chrome/content/rules/Cheatbook.de.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	Invalid certificate:
-	- blog.cheatbook.de
--->
-
-<ruleset name="Cheatbook.de" platform="mixedcontent">
-	<target host="cheatbook.de" />
-	<target host="www.cheatbook.de" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Check24.de.xml b/src/chrome/content/rules/Check24.de.xml
index b91582526f00..0dea492b7565 100644
--- a/src/chrome/content/rules/Check24.de.xml
+++ b/src/chrome/content/rules/Check24.de.xml
@@ -4,4 +4,4 @@
 
   <rule from="^http://check24\.de/" to="https://check24.de/"/>
   <rule from="^http://([^/:@]*)\.check24\.de/" to="https://$1.check24.de/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CheckM8.com.xml b/src/chrome/content/rules/CheckM8.com.xml
new file mode 100644
index 000000000000..80ce7ac07027
--- /dev/null
+++ b/src/chrome/content/rules/CheckM8.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		checkm8.com
+		www.checkm8.com
+		support.checkm8.com
+-->
+<ruleset name="CheckM8 (partial)">
+
+	<!-- Each customer gets its own subdomain -->
+	<target host="*.checkm8.com" />
+		<test url="http://advantage1.checkm8.com/AdminServer/swf/admin-release.swf?version=4.3.0.49" />
+		<test url="http://makostatic.checkm8.com/data/1535741/250x250.swf" />
+		<test url="http://sage.checkm8.com/adam/noscript" />
+
+		<exclusion pattern="^http://(support|www)\.checkm8\.com/" />
+			<test url="http://www.checkm8.com/" />
+			<test url="http://support.checkm8.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CheckM8.xml b/src/chrome/content/rules/CheckM8.xml
deleted file mode 100644
index a4f29850f4d4..000000000000
--- a/src/chrome/content/rules/CheckM8.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="CheckM8 (partial)">
-
-	<target host="*.checkm8.com" />
-		<!--	news & www time out.	-->
-		<exclusion pattern="^http://(?:support|www)\." />
-
-	<!--	Clients have unique subdomains, e.g.
-		sage.checkm8.com/adam/noscript
-			Observed at
-		bos.sagepub.com/content/68/3/13		-->
-	<rule from="^http://(\w+)\.checkm8\.com/"
-		to="https://$1.checkm8.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Check_Point-problematic.xml b/src/chrome/content/rules/Check_Point-problematic.xml
deleted file mode 100644
index e3c802fac557..000000000000
--- a/src/chrome/content/rules/Check_Point-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Check_Point.xml.
-
--->
-<ruleset name="Check Point.com (problematic)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="forums.checkpoint.com" />
-	<target host="search.us.checkpoint.com" />
-
-
-	<securecookie host="^(?:forums|search\.us)\.checkpoint\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Check_Point.xml b/src/chrome/content/rules/Check_Point.xml
deleted file mode 100644
index 5d8d02683437..000000000000
--- a/src/chrome/content/rules/Check_Point.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://dl3.checkpoint.com/ => https://dl3.checkpoint.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dl3.checkpoint.com'")
-
-	For problematic rules, see Check_Point-problematic.xml.
-
-
-	Nonfunctional hosts in *checkpoint.com:
-
-		- rus *
-		- strong01
-		- track
-		- partners.us
-
-	* Refused
-
-
-	Problematic hosts in *checkpoint.com:
-
-		- ^ ¹
-		- blog ²
-		- forums ³
-		- media ¹
-		- supportcontent ¹
-		- search.us ²
-		- threatemulation ³
-
-	¹ Mismatched
-	² Mixed css
-	³ Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these domains:
-
-		- appwiki.checkpoint.com
-		- careers.checkpoint.com
-		- downloads.checkpoint.com
-		- forums.checkpoint.com
-		- supportcenter.checkpoint.com
-		- threatemulation.checkpoint.com
-		- threatwiki.checkpoint.com
-		- search.us.checkpoint.com
-		- usercenter.checkpoint.com
-
-
-	Mixed content:
-
-		- css, on:
-
-			- search.us from download.zonealarm.com ¹
-			- www from cdnjs.cloudflare.com *
-
-		- Images, on:
-
-			- store, www from sc1 *
-			- search.us from download.zonealarm.com ¹
-			- www from cdnjs.cloudflare.com *
-
-	¹ Not secured by us <= mismatched
-	* Secured by us
-
--->
-<ruleset name="Check Point.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="appwiki.checkpoint.com" />
-	<target host="blog.checkpoint.com" />
-	<target host="careers.checkpoint.com" />
-	<target host="dl3.checkpoint.com" />
-	<target host="downloads.checkpoint.com" />
-	<!--target host="forums.checkpoint.com" /-->
-	<target host="sc1.checkpoint.com" />
-	<target host="store.checkpoint.com" />
-	<target host="supportcenter.checkpoint.com" />
-	<!--target host="threatemulation.checkpoint.com" /-->
-	<target host="threatwiki.checkpoint.com" />
-	<!--target host="search.us.checkpoint.com" /-->
-	<target host="usercenter.checkpoint.com" />
-	<target host="www.checkpoint.com" />
-
-	<!--	Complications:
-				-->
-	<target host="checkpoint.com" />
-
-		<!--	Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://blog\.checkpoint\.com/+(?!wp-content/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://blog.checkpoint.com/2015/03/24/cuckoodroid-fighting-tide-android-malware/" />
-			<test url="http://blog.checkpoint.com/feed/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://blog.checkpoint.com/wp-content/themes/cp-corporate-blog/css/base.css" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^careers\.checkpoint\.com$" name="^CATS$" /-->
-	<!--securecookie host="^(appwiki|downloads|forums|supportcenter|threatemulation|threatwiki|search\.us)\.checkpoint\.com$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^(forums|supportcenter|usercenter)\.checkpoint\.com$" name="^saplb_\*$" /-->
-	<!--securecookie host="^usercenter\.checkpoint\.com$" name="^servicerequestcreatecookie$" /-->
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host=".+\.checkpoint\.com$" name=".+" />
-
-
-	<rule from="^http://checkpoint\.com/"
-		to="https://www.checkpoint.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Checkdomain.xml b/src/chrome/content/rules/Checkdomain.xml
deleted file mode 100644
index f68a68831a33..000000000000
--- a/src/chrome/content/rules/Checkdomain.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Checkdomain.de">
-
-	<target host="checkdomain.de" />
-	<target host="www.checkdomain.de" />
-
-
-	<securecookie host="^\.www\.checkdomain\.de$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Checkmarx.com-problematic.xml b/src/chrome/content/rules/Checkmarx.com-problematic.xml
index ec219b544a67..179ab90957cf 100644
--- a/src/chrome/content/rules/Checkmarx.com-problematic.xml
+++ b/src/chrome/content/rules/Checkmarx.com-problematic.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Checkmarx.com (problematic)" default_off="mismatched">
 
-	<target host="*.checkmarx.com" />
+	<target host="lp.checkmarx.com" />
 
 
-	<securecookie host="^\.checkmarx\.com$" name="^ubvt$" />
 
-
-	<rule from="^http://lp\.checkmarx\.com/"
-		to="https://lp.checkmarx.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Checkmyping.com.xml b/src/chrome/content/rules/Checkmyping.com.xml
index 18f48bce2aaa..79bd43275435 100644
--- a/src/chrome/content/rules/Checkmyping.com.xml
+++ b/src/chrome/content/rules/Checkmyping.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://checkmyping.com/ => https://checkmyping.com/: (60, 'SSL cert
 Fetch error: http://www.checkmyping.com/ => https://www.checkmyping.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="checkmyping.com" default_off='failed ruleset test'>
+<ruleset name="checkmyping.com" default_off="failed ruleset test">
 
 	<target host="checkmyping.com" />
 	<target host="www.checkmyping.com" />
diff --git a/src/chrome/content/rules/Checktls.com.xml b/src/chrome/content/rules/Checktls.com.xml
index e1efa42df4d9..8ab5cc6ac16c 100644
--- a/src/chrome/content/rules/Checktls.com.xml
+++ b/src/chrome/content/rules/Checktls.com.xml
@@ -3,4 +3,4 @@
 <target host="checktls.com"/>
 <rule from="^http:" to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/CheetahMail.xml b/src/chrome/content/rules/CheetahMail.xml
index a89a8241ed11..8c7fd1790125 100644
--- a/src/chrome/content/rules/CheetahMail.xml
+++ b/src/chrome/content/rules/CheetahMail.xml
@@ -10,7 +10,8 @@
 <ruleset name="CheetahMail">
 
 	<target host="cheetahmail.com" />
-	<target host="*.cheetahmail.com" />
+	<target host="www.cheetahmail.com" />
+	<target host="ebm.cheetahmail.com" />
 	<target host="chtah.com" />
 	<target host="f.chtah.com" />
 
@@ -18,10 +19,7 @@
 	<rule from="^http://(?:www\.)?cheetahmail\.com/"
 		to="https://www.experian.com/cheetahmail/" />
 
-	<rule from="^http://ebm\.cheetahmail\.com/"
-		to="https://ebm.cheetahmail.com/" />
 
-	<rule from="^http://(f\.)?chtah\.com/"
-		to="https://$1chtah.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cheezburger.xml b/src/chrome/content/rules/Cheezburger.xml
index 043b69ce8378..7df1807113fb 100644
--- a/src/chrome/content/rules/Cheezburger.xml
+++ b/src/chrome/content/rules/Cheezburger.xml
@@ -1,67 +1,51 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://support.cheezburger.com/ (200) => https://cheezburger.support.com/ (404)
-
 	CDN buckets:
-
 		- wac.1ddb.edgecastcdn.net/??1DDB/
-
 			- images.cheezburger.com (mismatched, CN: *.chzbgr.com)
-
 		- cheezburger.freshdesk.com
 
-	As of 2016-04-05, known unprotected subdomains are:
-
-		- advertising	(unbounce.com certificate)
-		- blog		(not listening on https)
-		- corp		(not listening on https)
-		- feedback	(uservoice.com certificate)
-		- jobs		(theresumator.com certificate)
-		- sites		(unbounce.com certificate)
-		- support	(freshdesk.com certificate)
+	Invalid certificate:
+		- advertising.cheezburger.com
+		- blog.cheezburger.com
+		- corp.cheezburger.com
+		- feedback.cheezburger.com
+		- sites.cheezburger.com
+		- support.cheezburger.com, equivalent to cheezburger.freshdesk.com
 
 	However, there are tens (hundreds?) of subdomains supporting https with
 	a wildcard certificate, so it's not worth whitelisting them one by one.
 
 	Other related unprotected hosts:
-
 		- knowyourmeme.com
 
-
 	Problematic domains:
-
 		- images.cheezburger.com	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
-		- support.cheezburger.com	(freshdesk)
 
+	There are some inconsistent redirects between cheezburger.com and www.cheezburger.com,
+ 	so don't try to enforce either hostname.
 -->
-<ruleset name="Cheezburger" platform="mixedcontent" default_off='failed ruleset test'>
 
+<ruleset name="Cheezburger" platform="mixedcontent">
+	<!-- cheezburger.com -->
 	<target host="cheezburger.com" />
 	<target host="www.cheezburger.com" />
 	<target host="images.cheezburger.com" />
+	<target host="jobs.cheezburger.com" />
 	<target host="support.cheezburger.com" />
+
+	<!-- chzbgr.com -->
 	<target host="i.chzbgr.com" />
 	<target host="s.chzbgr.com" />
 	<target host="t.chzbgr.com" />
 
 	<securecookie host="^www\.cheezburger\.com$" name=".+" />
 
-	<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2013-August/001665.html
-							-->
+	<!-- https://lists.eff.org/pipermail/https-everywhere-rules/2013-August/001665.html -->
 	<rule from="^http://images\.cheezburger\.com/"
 		to="https://i.chzbgr.com/" />
 
 	<rule from="^http://support\.cheezburger\.com/"
-		to="https://cheezburger.support.com/" />
-
-	<!--	There are some inconsistent redirects between cheezburger.com and
-		www.cheezburger.com. So don't try to enforce either hostname.
-									-->
-	<rule from="^http://([\w-]+\.)?cheezburger\.com/"
-		to="https://$1cheezburger.com/" />
-
-	<rule from="^http://(i|s|t)\.chzbgr\.com/"
-		to="https://$1.chzbgr.com/" />
+		to="https://cheezburger.freshdesk.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Chef.io.xml b/src/chrome/content/rules/Chef.io.xml
index 81df55a38587..76a4ba4ab7b9 100644
--- a/src/chrome/content/rules/Chef.io.xml
+++ b/src/chrome/content/rules/Chef.io.xml
@@ -20,11 +20,11 @@ Fetch error: http://happylaptop.chef.io/ => https://happylaptop.chef.io/: (6, 'C
 	Problematic hosts in *chef.io:
 
 		- friends *
-		
+
 	* Mismatched
 
 -->
-<ruleset name="Chef.io (partial)" default_off='failed ruleset test'>
+<ruleset name="Chef.io (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Chefkoch.de.xml b/src/chrome/content/rules/Chefkoch.de.xml
index b17096aa330c..fa991053e60b 100644
--- a/src/chrome/content/rules/Chefkoch.de.xml
+++ b/src/chrome/content/rules/Chefkoch.de.xml
@@ -1,36 +1,27 @@
 <!--
-		404:
-			css.chefkoch.de
-			js.chefkoch.de
-			static.chefkoch.de
+	Invalid certificate:
+		chefkoch-blog.de
+		www.chefkoch-blog.de
+
 -->
 <ruleset name="Chefkoch (partial)">
 
-	<target host="chefkoch.de" />
-	<target host="www.chefkoch.de" />
-	<target host="api.chefkoch.de" />
-	<target host="cdn.chefkoch.de" />
-	<target host="emskr.chefkoch.de" />
-	<target host="img.chefkoch.de" />
-	
-	<target host="css.chefkoch-cdn.de" />		
+
+	<target host="css.chefkoch-cdn.de" />
 	<target host="img.chefkoch-cdn.de" />
 	<target host="js.chefkoch-cdn.de" />
 	<target host="static.chefkoch-cdn.de" />
 
-	<target host="chefkoch-blog.de" />
-	<target host="www.chefkoch-blog.de" />
-	
 	<exclusion pattern="^http://css\.chefkoch-cdn\.de/$" />
 				<test url="http://css.chefkoch-cdn.de/css/ck.de/snippet-newsletter-form.css" />
 
 	<exclusion pattern="^http://js\.chefkoch-cdn\.de/$" />
 				<test url="http://js.chefkoch-cdn.de/js/webtrekk-pi-source.js" />
-	
+
 	<exclusion pattern="^http://static\.chefkoch-cdn\.de/$" />
 				<test url="http://static.chefkoch-cdn.de/ck.de/faded-end.min.js" />
-	
+
 	<rule from="^http:"
 			to="https:" />
-			
+
 </ruleset>
diff --git a/src/chrome/content/rules/Chefmansousvide.com.xml b/src/chrome/content/rules/Chefmansousvide.com.xml
new file mode 100644
index 000000000000..93fc07d379ff
--- /dev/null
+++ b/src/chrome/content/rules/Chefmansousvide.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Chefmansousvide.com">
+	<target host="chefmansousvide.com" />
+	<target host="www.chefmansousvide.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ChemSpider.com.xml b/src/chrome/content/rules/ChemSpider.com.xml
new file mode 100644
index 000000000000..c410f09cc3a3
--- /dev/null
+++ b/src/chrome/content/rules/ChemSpider.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="ChemSpider.com">
+	<target host="chemspider.com" />
+	<target host="www.chemspider.com" />
+	<target host="chemsynthesis.chemspider.com" />
+	<target host="cssp.chemspider.com" />
+	<target host="cvsp.chemspider.com" />
+	<target host="onschallenge.chemspider.com" />
+	<target host="parts.chemspider.com" />
+	<target host="pharmasea.chemspider.com" />
+	<target host="rdf.chemspider.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chemical_Abstracts_Service.xml b/src/chrome/content/rules/Chemical_Abstracts_Service.xml
index 4eb661dac568..7ce8608bb661 100644
--- a/src/chrome/content/rules/Chemical_Abstracts_Service.xml
+++ b/src/chrome/content/rules/Chemical_Abstracts_Service.xml
@@ -23,7 +23,11 @@
 <ruleset name="Chemical Abstracts Service (partial)" platform="mixedcontent">
 
 	<target host="cas.org" />
-	<target host="*.cas.org" />
+	<target host="my.cas.org" />
+	<target host="scifinder.cas.org" />
+	<target host="stneasy.cas.org" />
+	<target host="stneasy-japan.cas.org" />
+	<target host="www.cas.org" />
 		<!--exclusion pattern="^http://sitesearch\.cas\.org/" /-->
 
 
@@ -33,7 +37,6 @@
 	<rule from="^http://cas\.org/"
 		to="https://www.cas.org/" />
 
-	<rule from="^http://(my|scifinder|stneasy(?:-japan)?|www)\.cas\.org/"
-		to="https://$1.cas.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ChemistWarehouse.xml b/src/chrome/content/rules/ChemistWarehouse.xml
index 84760f2ccf6b..234dad0e66a6 100644
--- a/src/chrome/content/rules/ChemistWarehouse.xml
+++ b/src/chrome/content/rules/ChemistWarehouse.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cherenkov_Telescope_Array.xml b/src/chrome/content/rules/Cherenkov_Telescope_Array.xml
index a7784611f6f0..d0e66d284e96 100644
--- a/src/chrome/content/rules/Cherenkov_Telescope_Array.xml
+++ b/src/chrome/content/rules/Cherenkov_Telescope_Array.xml
@@ -5,13 +5,11 @@
 <ruleset name="Cherenkov Telescope Array">
 
 	<target host="www.cta-observatory.org" />
-	<target host="*.www.cta-observatory.org" />
 
 
 	<securecookie host="^\.www\.cta-observatory\.org$" name=".+" />
 
 
-	<rule from="^http://www\.cta-observatory\.org/"
-		to="https://www.cta-observatory.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cherwell.gov.uk.xml b/src/chrome/content/rules/Cherwell.gov.uk.xml
index b6097f40a9d4..a956e8f256ef 100644
--- a/src/chrome/content/rules/Cherwell.gov.uk.xml
+++ b/src/chrome/content/rules/Cherwell.gov.uk.xml
@@ -1,91 +1,25 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://consult.cherwell.gov.uk/ (200) => https://cherwell-consult.objective.co.uk/ (500)
-
-	Cherwell District Council
-
-	For rules covering resources which do not secure
-	mixed content, see cherwell.gov.uk-resources.xml.
-
 	For other UK government coverage, see GOV.UK.xml.
 
+	Cherwell District Council
 
-	Nonfunctional hosts in *cherwell.gov.uk:
-
-		- modgov ᵈ
-		- npa ᵈ
-		- www.publicaccess ᵈ
-		- your ᵈ
-
-	ᵈ Dropped
-
-
-	Problematic hosts in *cherwell.gov.uk:
-
-		- consult ᵐ
-
-	ᵐ Mismatched
-
-
-	www.cherwell.gov.uk: Pages redirect to http
+	Non-functional hosts
+		Timeout was reached:
+		- npa.cherwell.gov.uk
+		- your.cherwell.gov.uk
 
-	^cherwell.gov.uk does not exist.
+		SSL peer certificate was not OK:
+		- consult.cherwell.gov.uk
 
+		Different content:
+		- modgov.cherwell.gov.uk
+		- revenuesbenefits.cherwell.gov.uk
 -->
-<ruleset name="Cherwell.gov.uk (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="icm.cherwell.gov.uk" />
+<ruleset name="Cherwell.gov.uk">
+	<target host="cherwell.gov.uk" />
 	<target host="www.cherwell.gov.uk" />
+	<target host="portal.cherwell.gov.uk" />
+	<target host="www.publicaccess.cherwell.gov.uk" />
 
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="http://www\.cherwell\.gov\.uk/index\.cfm" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="http://www\.cherwell\.gov\.uk/(?!/*(?:css/|images/|media\.cfm|media/))" /-->
-		<!--
-			Reduce non-Tor distinguishability:
-								-->
-		<exclusion pattern="http://www\.cherwell\.gov\.uk/(?!/*media\.cfm)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.cherwell.gov.uk/index.cfm" />
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=10715" />
-			<!--
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=4" />
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=8063" />
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=8932" />
-			-->
-
-			<!--	-ve:
-					-->
-			<!--
-
-			<test url="http://www.cherwell.gov.uk/css/layout0/cherwelldc/smartfaqquestion.css" />
-			<test url="http://www.cherwell.gov.uk/images/cherwelldc/common/corners.gif" />
-			-->
-			<test url="http://www.cherwell.gov.uk/media.cfm?mediaid=14310" />
-			<!--
-			<test url="http://www.cherwell.gov.uk/media/homeicon1/t/b/street_light.png" />
-			-->
-
-	<!--	Complications:
-				-->
-	<target host="consult.cherwell.gov.uk" />
-
-
-	<securecookie host="^(?!www\.)\w" name=".+" />
-
-
-	<rule from="^http://consult\.cherwell\.gov\.uk/"
-		to="https://cherwell-consult.objective.co.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cheshire.gov.uk-falsemixed.xml b/src/chrome/content/rules/Cheshire.gov.uk-falsemixed.xml
deleted file mode 100644
index ef017bd010c7..000000000000
--- a/src/chrome/content/rules/Cheshire.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Cheshire.gov.uk.xml.
-
--->
-<ruleset name="Cheshire.gov.uk (false MCB)" platform="mixedcontent">
-
-	<target host="maps.cheshire.gov.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cheshire_East.gov.uk.xml b/src/chrome/content/rules/Cheshire_East.gov.uk.xml
index 1d1b9f0060f6..e032690c344e 100644
--- a/src/chrome/content/rules/Cheshire_East.gov.uk.xml
+++ b/src/chrome/content/rules/Cheshire_East.gov.uk.xml
@@ -43,12 +43,12 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- apps from $self ˢ
 			- moderngov, online from www.cheshireeast.gov.uk ᵈ
 
 		- Images, on:
-		
+
 			- apps from $self ˢ
 			- moderngov from www.cheshireeast.gov.uk ᵈ
 
diff --git a/src/chrome/content/rules/Cheznous.com.xml b/src/chrome/content/rules/Cheznous.com.xml
index 59de8e6b899e..97933fb9941b 100644
--- a/src/chrome/content/rules/Cheznous.com.xml
+++ b/src/chrome/content/rules/Cheznous.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
@@ -13,6 +13,6 @@
 	<rule from="^http://cheznous\.com/"
 		to="https://www.cheznous.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml b/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml
index cfc371a70ec7..312acd00680b 100644
--- a/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml
+++ b/src/chrome/content/rules/Chicken_Soup_for_the_Soul.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://chickensoup.com/ => https://chickensoup.com/: Too many redirects while fetching 'https://chickensoup.com/'
 
 -->
-<ruleset name="Chicken Soup for the Soul" default_off='failed ruleset test'>
+<ruleset name="Chicken Soup for the Soul" default_off="failed ruleset test">
 
 	<target host="chickensoup.com" />
 	<target host="www.chickensoup.com" />
@@ -22,4 +22,4 @@ Fetch error: http://chickensoup.com/ => https://chickensoup.com/: Too many redir
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Childrens_Mutual.xml b/src/chrome/content/rules/Childrens_Mutual.xml
deleted file mode 100644
index 2be21fb115b2..000000000000
--- a/src/chrome/content/rules/Childrens_Mutual.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Foresters coverage, see Foresters.xml
-
-
-	Nonfunctional subdomains:
-
-		- www	(shows RHEL test page, CN: localhost.localdomain)
-
--->
-<ruleset name="The Children's Mutual (partial)">
-
-	<target host="ctf.thechildrensmutual.co.uk" />
-
-
-	<securecookie host="^ctf\.thechildrensmutual\.co\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ChiliProject.org.xml b/src/chrome/content/rules/ChiliProject.org.xml
index 0f642888c5d0..19a82d1103b9 100644
--- a/src/chrome/content/rules/ChiliProject.org.xml
+++ b/src/chrome/content/rules/ChiliProject.org.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chillicothe_Gazette.xml b/src/chrome/content/rules/Chillicothe_Gazette.xml
index f6f38eec540b..46c6407d0d75 100644
--- a/src/chrome/content/rules/Chillicothe_Gazette.xml
+++ b/src/chrome/content/rules/Chillicothe_Gazette.xml
@@ -11,7 +11,8 @@
 <ruleset name="Chillicothe Gazette">
 
 	<target host="chillicothegazette.com" />
-	<target host="*.chillicothegazette.com" />
+	<target host="cmsimg.chillicothegazette.com" />
+	<target host="www.chillicothegazette.com" />
 
 
 	<securecookie host="^www\.chillicothegazette\.com$" name=".+" />
diff --git a/src/chrome/content/rules/ChinaPaymentServices.com.xml b/src/chrome/content/rules/ChinaPaymentServices.com.xml
deleted file mode 100644
index 8ef6ea66276a..000000000000
--- a/src/chrome/content/rules/ChinaPaymentServices.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="ChinaPaymentServices.com">
-
-	<!--Mismatch:-->
-	<target host="chinapaymentservices.com" />
-	<rule from="^http://chinapaymentservices\.com/"
-		to="https://www.chinapaymentservices.com/" />
-
-	<!--Directly:-->
-	<target host="www.chinapaymentservices.com" />
-	<target host="sales.chinapaymentservices.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Chip-Chap.xml b/src/chrome/content/rules/Chip-Chap.xml
deleted file mode 100644
index 886987868bcb..000000000000
--- a/src/chrome/content/rules/Chip-Chap.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Chip Chap">
-
-	<target host="chip-chap.com" />
-	<target host="www.chip-chap.com" />
-	<target host="web.chip-chap.com" />
-
-    <rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ChipLand.hu.xml b/src/chrome/content/rules/ChipLand.hu.xml
index 67b92f48c275..86a3327be6d8 100644
--- a/src/chrome/content/rules/ChipLand.hu.xml
+++ b/src/chrome/content/rules/ChipLand.hu.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.chipland.hu/ => https://www.chipland.hu/: (51, "SSL: no
 Disabled by https-everywhere-checker because:
 Fetch error: http://www.chipland.hu/ => https://www.chipland.hu/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="ChipLand.hu" default_off='failed ruleset test'>
+<ruleset name="ChipLand.hu" default_off="failed ruleset test">
 	<target host="www.chipland.hu" />
 
 	<securecookie host="^www\.chipland\.hu$" name=".+" />
diff --git a/src/chrome/content/rules/Chipmixer.com.xml b/src/chrome/content/rules/Chipmixer.com.xml
new file mode 100644
index 000000000000..c26163b32a04
--- /dev/null
+++ b/src/chrome/content/rules/Chipmixer.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Chipmixer.com">
+	<target host="chipmixer.com" />
+	<target host="www.chipmixer.com" />
+
+	<!-- Although the guidelines advise against snapping redirects,
+    https://www.chipmixer.com/ served a cert for the wrong domain
+    as of the time this rule was written -->
+	<rule from="^http://www\.chipmixer\.com/" to="https://chipmixer.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chipworks.xml b/src/chrome/content/rules/Chipworks.xml
index 8d1fa39f76fb..93bc95223132 100644
--- a/src/chrome/content/rules/Chipworks.xml
+++ b/src/chrome/content/rules/Chipworks.xml
@@ -8,7 +8,7 @@ Fetch error: http://chipworks.com/ => https://chipworks.com/: (60, 'SSL certific
 	chipworks.secure.force.com
 
 -->
-<ruleset name="Chipworks" default_off='failed ruleset test'>
+<ruleset name="Chipworks" default_off="failed ruleset test">
 
 	<target host="chipworks.com" />
 	<target host="drm.chipworks.com" />
@@ -20,4 +20,4 @@ Fetch error: http://chipworks.com/ => https://chipworks.com/: (60, 'SSL certific
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Chistes_Cortos_Buenos.com.xml b/src/chrome/content/rules/Chistes_Cortos_Buenos.com.xml
deleted file mode 100644
index 6ab66c9a22c6..000000000000
--- a/src/chrome/content/rules/Chistes_Cortos_Buenos.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
-
-	CDN buckets:
-
-		- d3ju1pxrijkg8e.cloudfront.net
-
-			- css
-
-		- dvlos4rx2v54l.cloudfront.net
-
-			- images
-
--->
-<ruleset name="Chistes Cortos Buenos.com (partial)">
-
-	<target host="*.chistescortosbuenos.com" />
-
-
-	<rule from="^http://css\.chistescortosbuenos\.com/"
-		to="https://d3ju1pxrijkg8e.cloudfront.net/" />
-
-	<rule from="^http://images\.chistescortosbuenos\.com/"
-		to="https://dvlos4rx2v54l.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chitika.net.xml b/src/chrome/content/rules/Chitika.net.xml
deleted file mode 100644
index 0dc699fefb17..000000000000
--- a/src/chrome/content/rules/Chitika.net.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://chitika.net/ => https://chitika.com/: (28, 'Connection timed out after 10001 milliseconds')
-	For other Chitika coverage, see Chitika.xml.
-
-
-	CDN buckets:
-
-		- scripts.chitika.net.edgesuite.net
-
--->
-<ruleset name="Chitika.net (partial)">
-
-	<target host="chitika.net" />
-	<target host="*.chitika.net" />
-
-
-	<!--	Cert only matches *.com
-					-->
-	<rule from="^http://(www\.)?chitika\.net/"
-		to="https://$1chitika.com/" />
-
-	<rule from="^http://(images|scripts)\.chitika\.net/"
-		to="https://$1.chitika.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chitika.xml b/src/chrome/content/rules/Chitika.xml
index ade01b5429e4..82e1ba8a64dd 100644
--- a/src/chrome/content/rules/Chitika.xml
+++ b/src/chrome/content/rules/Chitika.xml
@@ -1,7 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://affiliate.chitika.com/ => https://affiliate.chitika.com/: (7, 'Failed to connect to affiliate.chitika.com port 443: No route to host')
+Fetch error: http://blog.chitika.com/ => https://blog.chitika.com/: (35, 'error:1408F10B:SSL routines:ssl3_get_record:wrong version number')
+Fetch error: http://publishers.chitika.com/ => https://publishers.chitika.com/: (6, 'Could not resolve host: publishers.chitika.com')
+
 	Other Chitika rulesets:
 
-		- Chitika.net.xml
 
 
 	CDN buckets:
@@ -22,16 +28,15 @@
 <ruleset name="Chitika (partial)">
 
 	<target host="chitika.com" />
-	<target host="*.chitika.com" />
-
+	<target host="www.chitika.com" />
+	<!-- target host="affiliate.chitika.com" /-->
+	<!-- target host="blog.chitika.com" /-->
+	<!-- target host="publishers.chitika.com" /-->
 
-	<securecookie host="^(?:.*\.)?chitika\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(www\.)?chitika\.com/"
-		to="https://$1chitika.com/" />
 
-	<rule from="^http://(affiliate|blog|publishers)\.chitika\.com/"
-		to="https://$1.chitika.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Chloe.re.xml b/src/chrome/content/rules/Chloe.re.xml
deleted file mode 100644
index d4c39767e05b..000000000000
--- a/src/chrome/content/rules/Chloe.re.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .chloe.re
-
--->
-<ruleset name="Chloe.re">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="chloe.re" />
-	<target host="www.chloe.re" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.chloe\.re$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.chloe\.re$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ChoiceStream.com.xml b/src/chrome/content/rules/ChoiceStream.com.xml
deleted file mode 100644
index ef0615fb63b5..000000000000
--- a/src/chrome/content/rules/ChoiceStream.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	(www.)?choicestream.com: Redirects to http
-
-
-	Insecure cookies are set for these domains:
-
-		- .choicestream.com
-
--->
-<ruleset name="ChoiceStream.com (partial)">
-
-	<target host="api.choicestream.com" />
-
-		<!--	Set cookies without Secure:
-							-->
-		<test url="http://api.choicestream.com/instr/crunch/apnxs/uid?uid=0&amp;ak=&amp;_=" />
-		<test url="http://api.choicestream.com/instr/crunch/cs/seg?segs=csr:" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.choicestream\.com$" name="^(?:__cs_apnxs_uid2|__cs_lpsppc|__cs_pcs|__qca|CSAnywhere)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Choon.net.xml b/src/chrome/content/rules/Choon.net.xml
index e7068c521b4f..a801a5295938 100644
--- a/src/chrome/content/rules/Choon.net.xml
+++ b/src/chrome/content/rules/Choon.net.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.choon.net/ => https://www.choon.net/: (60, 'SSL certific
 	* Refused
 
 -->
-<ruleset name="Choon.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Choon.net (partial)" default_off="failed ruleset test">
 
 	<target host="choon.net" />
 	<target host="www.choon.net" />
diff --git a/src/chrome/content/rules/Chooseblocks.com.xml b/src/chrome/content/rules/Chooseblocks.com.xml
index 20f6e5cc4cfa..58cc137a88d8 100644
--- a/src/chrome/content/rules/Chooseblocks.com.xml
+++ b/src/chrome/content/rules/Chooseblocks.com.xml
@@ -4,7 +4,7 @@ Cloudflare SSL
 <ruleset name="chooseblocks.com">
 	<target host="www.chooseblocks.com" />
 	<target host="chooseblocks.com" />
-	
+
 	<securecookie host="^(www\.)?chooseblocks\.com$" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Chorizo.ca.xml b/src/chrome/content/rules/Chorizo.ca.xml
new file mode 100644
index 000000000000..061705fa1d2c
--- /dev/null
+++ b/src/chrome/content/rules/Chorizo.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Chorizo.ca">
+	<target host="chorizo.ca" />
+	<target host="www.chorizo.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Choualbox.com.xml b/src/chrome/content/rules/Choualbox.com.xml
new file mode 100644
index 000000000000..4c57c29140cf
--- /dev/null
+++ b/src/chrome/content/rules/Choualbox.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Choualbox.com">
+	<target host="choualbox.com" />
+	<target host="www.choualbox.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chris.lu.xml b/src/chrome/content/rules/Chris.lu.xml
index dbe2a22fa8b3..229bc1db4edd 100644
--- a/src/chrome/content/rules/Chris.lu.xml
+++ b/src/chrome/content/rules/Chris.lu.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.chris.lu/ => https://www.chris.lu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.chris.lu'")
 
 -->
-<ruleset name="Chris.lu" default_off='failed ruleset test'>
+<ruleset name="Chris.lu" default_off="failed ruleset test">
 
 	<target host="chris.lu" />
 	<target host="www.chris.lu" />
diff --git a/src/chrome/content/rules/Chrisanthemums.xml b/src/chrome/content/rules/Chrisanthemums.xml
index 214e3a436c62..c9e71e4d562d 100644
--- a/src/chrome/content/rules/Chrisanthemums.xml
+++ b/src/chrome/content/rules/Chrisanthemums.xml
@@ -5,7 +5,7 @@
 <ruleset name="Chrisanthemums">
 
 	<target host="chrisanthemums.com" />
-	<target host="*.chrisanthemums.com" />
+	<target host="www.chrisanthemums.com" />
 
 
 	<securecookie host="^(?:www)?\.chrisanthemums\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Chrismatic.io.xml b/src/chrome/content/rules/Chrismatic.io.xml
index b389230f5221..1e66ddf11c6f 100644
--- a/src/chrome/content/rules/Chrismatic.io.xml
+++ b/src/chrome/content/rules/Chrismatic.io.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.chrismatic.io/ => https://www.chrismatic.io/: (6, 'Could not resolve host: www.chrismatic.io')
 
 -->
-<ruleset name="chrismatic.io" default_off='failed ruleset test'>
+<ruleset name="chrismatic.io" default_off="failed ruleset test">
 
 	<target host="chrismatic.io" />
 	<target host="www.chrismatic.io" />
diff --git a/src/chrome/content/rules/Christianbook.com.xml b/src/chrome/content/rules/Christianbook.com.xml
index 2ab20a0e5fe3..cd4e5f516045 100644
--- a/src/chrome/content/rules/Christianbook.com.xml
+++ b/src/chrome/content/rules/Christianbook.com.xml
@@ -34,7 +34,7 @@
 	<!--securecookie host="^(?:g|www)\.christianbook\.com$" name="^cbd_affinity$" /-->
 	<!--securecookie host="^\.www\.christianbook\.com$" name="^cbd_(?:csl|ticket)$" /-->
 
-	<securecookie host=".*\.christianbook\.com$" name="" />
+	<securecookie host=".*\.christianbook\.com$" name=".+" />
 
 
 	<rule from="^http://christianbook\.com/"
diff --git a/src/chrome/content/rules/Chrome.com.xml b/src/chrome/content/rules/Chrome.com.xml
index dfecdcf214f3..0b535b6bc22d 100644
--- a/src/chrome/content/rules/Chrome.com.xml
+++ b/src/chrome/content/rules/Chrome.com.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ChromeStatus.com.xml b/src/chrome/content/rules/ChromeStatus.com.xml
new file mode 100644
index 000000000000..6ca712fa4221
--- /dev/null
+++ b/src/chrome/content/rules/ChromeStatus.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For more Google related rules, see GoogleServices.xml
+
+	Secure connection failed:
+		chromestatus.com
+
+-->
+<ruleset name="ChromeStatus.com">
+
+	<target host="chromestatus.com" />
+	<target host="www.chromestatus.com" />
+
+	<rule from="^http://(www\.)?chromestatus\.com/"
+		to="https://www.chromestatus.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Chrome_Data.xml b/src/chrome/content/rules/Chrome_Data.xml
index 2affb04b63df..30a5b447dea9 100644
--- a/src/chrome/content/rules/Chrome_Data.xml
+++ b/src/chrome/content/rules/Chrome_Data.xml
@@ -2,17 +2,18 @@
 
 	<target host="login.carbook.com" />
 	<target host="chromedata.com" />
-	<target host="*.chromedata.com" />
+	<target host="autodiscover.chromedata.com" />
+	<target host="mail.chromedata.com" />
+	<target host="mopar.chromedata.com" />
+	<target host="webmail.chromedata.com" />
+	<target host="www.chromedata.com" />
 
 
 	<securecookie host="^login\.carbook\.com$" name=".+" />
 	<securecookie host="^.+\.chromedata\.com$" name=".+" />
 
 
-	<rule from="^http://login\.carbook\.com/"
-		to="https://login.carbook.com/" />
 
-	<rule from="^http://((?:autodiscover|mail|mopar|webmail|www)\.)?chromedata\.com/"
-		to="https://$1chromedata.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Chrome_Status.com.xml b/src/chrome/content/rules/Chrome_Status.com.xml
deleted file mode 100644
index c8b73a051d91..000000000000
--- a/src/chrome/content/rules/Chrome_Status.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
-
-	^: reset
-
--->
-<ruleset name="Chrome Status.com">
-
-	<target host="chromestatus.com" />
-	<target host="www.chromestatus.com" />
-
-
-	<rule from="^http://(?:www\.)?chromestatus\.com/"
-		to="https://www.chromestatus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Chromium.org.xml b/src/chrome/content/rules/Chromium.org.xml
index 4bd6381f2fa1..68293bfc4363 100644
--- a/src/chrome/content/rules/Chromium.org.xml
+++ b/src/chrome/content/rules/Chromium.org.xml
@@ -1,6 +1,6 @@
 <!--
 	For other Google coverage, see GoogleServices.xml.
-	
+
 	Preloaded:
 		- build
 		- bugs
diff --git a/src/chrome/content/rules/ChroniX_Radio.com.xml b/src/chrome/content/rules/ChroniX_Radio.com.xml
index 9b59336cebf5..c026fef61dc4 100644
--- a/src/chrome/content/rules/ChroniX_Radio.com.xml
+++ b/src/chrome/content/rules/ChroniX_Radio.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://chronixradio.com/ => https://chronixradio.com/: (7, 'Failed
 	** Unsecurable
 
 -->
-<ruleset name="ChroniX Radio.com" default_off='failed ruleset test'>
+<ruleset name="ChroniX Radio.com" default_off="failed ruleset test">
 
 	<target host="chronixradio.com" />
 	<target host="www.chronixradio.com" />
diff --git a/src/chrome/content/rules/Chronicle-Store.com.xml b/src/chrome/content/rules/Chronicle-Store.com.xml
index 1ebdac00d011..11c9a17272a2 100644
--- a/src/chrome/content/rules/Chronicle-Store.com.xml
+++ b/src/chrome/content/rules/Chronicle-Store.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.chronicle-store.com/ => https://www.chronicle-store.com/
 	For other Chronicle of Higher Education coverage, see Chronicle.xml.
 
 -->
-<ruleset name="Chronicle-Store.com" default_off='failed ruleset test'>
+<ruleset name="Chronicle-Store.com" default_off="failed ruleset test">
 
 	<target host="chronicle-store.com" />
 	<target host="www.chronicle-store.com" />
diff --git a/src/chrome/content/rules/Chronicle.xml b/src/chrome/content/rules/Chronicle.xml
index a8efd41429ef..f0c43ea34581 100644
--- a/src/chrome/content/rules/Chronicle.xml
+++ b/src/chrome/content/rules/Chronicle.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.chronicle.com/ => https://chronicle.com/: Too many redir
 	² Rule disabled by default
 
 -->
-<ruleset name="Chronicle.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Chronicle.com (partial)" default_off="failed ruleset test">
 
 	<target host="chronicle.com" />
 	<target host="www.chronicle.com" />
diff --git a/src/chrome/content/rules/Cht.sh.xml b/src/chrome/content/rules/Cht.sh.xml
new file mode 100644
index 000000000000..180a16d48879
--- /dev/null
+++ b/src/chrome/content/rules/Cht.sh.xml
@@ -0,0 +1,10 @@
+<ruleset name="Cht.sh">
+	<target host="cht.sh" />
+	<target host="*.cht.sh" />
+		<test url="http://valid.cht.sh/curl" />
+		<test url="http://example.cht.sh/wget" />
+		<test url="http://test.cht.sh/rpm" />
+		<test url="http://cht.sh/apt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Church_Hill_Classics.xml b/src/chrome/content/rules/Church_Hill_Classics.xml
index 71f1aed4a8cd..9e75deda2fea 100644
--- a/src/chrome/content/rules/Church_Hill_Classics.xml
+++ b/src/chrome/content/rules/Church_Hill_Classics.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?diplomaframe\.com/(DesktopModules/|home/login|images/|js/|Portals/|Resources/|(?:Script|Web)Resource\.axd)"
 		to="https://$1diplomaframe.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ciety.com.xml b/src/chrome/content/rules/Ciety.com.xml
index 80acbf264317..90f3763781d6 100644
--- a/src/chrome/content/rules/Ciety.com.xml
+++ b/src/chrome/content/rules/Ciety.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://ciety.com/ => https://ciety.com/: (60, 'SSL certificate prob
 	www doesn't exist.
 
 -->
-<ruleset name="Ciety.com" default_off='failed ruleset test'>
+<ruleset name="Ciety.com" default_off="failed ruleset test">
 
 	<target host="ciety.com" />
 
diff --git a/src/chrome/content/rules/Cihar.com.xml b/src/chrome/content/rules/Cihar.com.xml
deleted file mode 100644
index 6afaf66e10f4..000000000000
--- a/src/chrome/content/rules/Cihar.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-		- photos *
-		- pma *
-
-	* 404, valid cert
-
--->
-<ruleset name="Cihar.com (partial)">
-
-	<target host="blog.cihar.com" />
-	<target host="stats.cihar.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cilk_Plus.org.xml b/src/chrome/content/rules/Cilk_Plus.org.xml
index 72442a70214e..eb0eb90c7b3e 100644
--- a/src/chrome/content/rules/Cilk_Plus.org.xml
+++ b/src/chrome/content/rules/Cilk_Plus.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://cilkplus.org/ => https://cilkplus.org/: (7, 'Failed to conne
 	For other Intel coverage, see Intel.xml.
 
 -->
-<ruleset name="Cilk Plus.org" default_off='failed ruleset test'>
+<ruleset name="Cilk Plus.org" default_off="failed ruleset test">
 
 	<target host="cilkplus.org" />
 	<target host="www.cilkplus.org" />
diff --git a/src/chrome/content/rules/CinCHouse.com.xml b/src/chrome/content/rules/CinCHouse.com.xml
index ff95ee779c24..640633008dcf 100644
--- a/src/chrome/content/rules/CinCHouse.com.xml
+++ b/src/chrome/content/rules/CinCHouse.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?cinchouse\.com/"
 		to="https://cinchouse.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cinapalace.com.xml b/src/chrome/content/rules/Cinapalace.com.xml
deleted file mode 100644
index ec64daa32d05..000000000000
--- a/src/chrome/content/rules/Cinapalace.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gs1.wac.edgecastcdn.net/8051D5/
-
--->
-<ruleset name="cinapalace.com">
-
-	<target host="cinapalace.com" />
-	<target host="www.cinapalace.com" />
-
-
-	<securecookie host="^(?:www\.)?cinapalace\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Cincinnati.com.xml b/src/chrome/content/rules/Cincinnati.com.xml
index 846cb66a9e44..46873dd18848 100644
--- a/src/chrome/content/rules/Cincinnati.com.xml
+++ b/src/chrome/content/rules/Cincinnati.com.xml
@@ -114,7 +114,7 @@ Fetch error: http://cincinnati.com/ => https://cincinnati.com/: (51, "SSL: no al
 	³ Unsecurable
 
 -->
-<ruleset name="Cincinnati.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cincinnati.com (partial)" default_off="failed ruleset test">
 
 	<target host="cincinnati.com" />
 	<target host="*.cincinnati.com" />
diff --git a/src/chrome/content/rules/Cinder.xml b/src/chrome/content/rules/Cinder.xml
index 8c1632a1a26b..847b23173056 100644
--- a/src/chrome/content/rules/Cinder.xml
+++ b/src/chrome/content/rules/Cinder.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CineStar.xml b/src/chrome/content/rules/CineStar.xml
index 2b24c9044995..fedaf529006e 100644
--- a/src/chrome/content/rules/CineStar.xml
+++ b/src/chrome/content/rules/CineStar.xml
@@ -9,7 +9,7 @@ Fetch error: http://cinestar.de/ => https://cinestar.de/: Too many redirects whi
 		- .shop.cinestar.de
 
 -->
-<ruleset name="CineStar.de (partial)" default_off='failed ruleset test'>
+<ruleset name="CineStar.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cineble.com.xml b/src/chrome/content/rules/Cineble.com.xml
index 5ffc968bef39..fd46fa0fdcc8 100644
--- a/src/chrome/content/rules/Cineble.com.xml
+++ b/src/chrome/content/rules/Cineble.com.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CinemaNow.xml b/src/chrome/content/rules/CinemaNow.xml
index 1fc463381117..b2c9d96b1b17 100644
--- a/src/chrome/content/rules/CinemaNow.xml
+++ b/src/chrome/content/rules/CinemaNow.xml
@@ -5,7 +5,8 @@
 <ruleset name="CinemaNow (partial)">
 
 	<target host="cinemanow.com" />
-	<target host="*.cinemanow.com" />
+	<target host="www.cinemanow.com" />
+	<target host="cache.cinemanow.com" />
 
 
 	<securecookie host="^www\.cinemanow\.com$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?cinemanow\.com/"
 		to="https://www.cinemanow.com/" />
 
-	<rule from="^http://cache\.cinemanow\.com/"
-		to="https://cache.cinemanow.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cinfu.com.xml b/src/chrome/content/rules/Cinfu.com.xml
index f61bb16ff151..4b2ed7be048a 100644
--- a/src/chrome/content/rules/Cinfu.com.xml
+++ b/src/chrome/content/rules/Cinfu.com.xml
@@ -14,7 +14,7 @@ Non-2xx HTTP code: http://cinfu.com/ (200) => https://cinfu.com/ (404)
 		- www	(redirects to http)
 
 -->
-<ruleset name="Cinfu.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cinfu.com (partial)" default_off="failed ruleset test">
 
 	<target host="cinfu.com" />
 	<target host="panel.cinfu.com" />
diff --git a/src/chrome/content/rules/Cint.com.xml b/src/chrome/content/rules/Cint.com.xml
deleted file mode 100644
index 07643f66887e..000000000000
--- a/src/chrome/content/rules/Cint.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-
-	Problematic subdomains:
-
-		- webmail	(invalid cert; mismatch)
-
--->
-<ruleset name="Cint.com">
-
-	<!-- target host="*.cds.cint.com" -->
-	<target host="cint.com" />
-	<target host="collector.cint.com" />
-	<target host="panel.cint.com" />
-	<target host="www.cint.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CipherLaw.xml b/src/chrome/content/rules/CipherLaw.xml
deleted file mode 100644
index 2a84bc37ad96..000000000000
--- a/src/chrome/content/rules/CipherLaw.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="CipherLaw">
-
-	<target host="cipherlawgroup.com" />
-	<target host="www.cipherlawgroup.com" />
-
-
-	<securecookie host="^(?:www\.)?cipherlawgroup\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CipherShed.org.xml b/src/chrome/content/rules/CipherShed.org.xml
deleted file mode 100644
index aca7ebd3d585..000000000000
--- a/src/chrome/content/rules/CipherShed.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Fully covered hosts in *ciphershed.org:
-
-		- (www.)?
-		- forum
-		- lists
-		- wiki
-
--->
-<ruleset name="CipherShed.org">
-
-	<target host="ciphershed.org" />
-	<target host="forum.ciphershed.org" />
-	<target host="lists.ciphershed.org" />
-	<target host="wiki.ciphershed.org" />
-	<target host="www.ciphershed.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cir.ca.xml b/src/chrome/content/rules/Cir.ca.xml
index 4b087265f51c..73d12e18146f 100644
--- a/src/chrome/content/rules/Cir.ca.xml
+++ b/src/chrome/content/rules/Cir.ca.xml
@@ -35,7 +35,7 @@ Fetch error: http://www.cir.ca/ => https://circanews.com/: (51, "SSL: no alterna
 	* Secured by us
 
 -->
-<ruleset name="Cir.ca" default_off='failed ruleset test'>
+<ruleset name="Cir.ca" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Circa_News.com.xml b/src/chrome/content/rules/Circa_News.com.xml
index 193c68455de9..41d1e6fc4d92 100644
--- a/src/chrome/content/rules/Circa_News.com.xml
+++ b/src/chrome/content/rules/Circa_News.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.circanews.com/ => https://www.circanews.com/: (51, "SSL:
 		- www.circanews.com
 
 -->
-<ruleset name="Circa News.com" default_off='failed ruleset test'>
+<ruleset name="Circa News.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Circl.lu.xml b/src/chrome/content/rules/Circl.lu.xml
new file mode 100644
index 000000000000..23a834371222
--- /dev/null
+++ b/src/chrome/content/rules/Circl.lu.xml
@@ -0,0 +1,20 @@
+<!--
+	Time out:
+		- map.circl.lu
+
+	Different content http/https:
+		- services.circl.lu
+-->
+<ruleset name="Circl.lu">
+	<target host="circl.lu" />
+	<target host="www.circl.lu" />
+	<target host="bgpranking.circl.lu" />
+	<target host="ctf.circl.lu" />
+	<target host="cve.circl.lu" />
+	<target host="lookyloo.circl.lu" />
+	<target host="misppriv.circl.lu" />
+	<target host="pgp.circl.lu" />
+	<target host="search.circl.lu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Circle_of_Moms.xml b/src/chrome/content/rules/Circle_of_Moms.xml
index 5ee1c0813676..8e9d13bcb36d 100644
--- a/src/chrome/content/rules/Circle_of_Moms.xml
+++ b/src/chrome/content/rules/Circle_of_Moms.xml
@@ -20,7 +20,9 @@ Fetch error: http://circleofmoms.com/ => https://www.circleofmoms.com/: Cycle de
 <ruleset name="Circle of Moms">
 
 	<target host="circleofmoms.com" />
-	<target host="*.circleofmoms.com" />
+	<target host="www.circleofmoms.com" />
+	<target host="imagelib4.circleofmoms.com" />
+	<target host="images3.circleofmoms.com" />
 
 
 	<securecookie host="^www\.circleofmoms\.com$" name=".+" />
@@ -29,10 +31,7 @@ Fetch error: http://circleofmoms.com/ => https://www.circleofmoms.com/: Cycle de
 	<rule from="^http://(?:www\.)?circleofmoms\.com/"
 		to="https://www.circleofmoms.com/" />
 
-	<rule from="^http://imagelib4\.circleofmoms\.com/"
-		to="https://dx7naiqi3v8zr.cloudfront.net/" />
 
-	<rule from="^http://images3\.circleofmoms\.com/"
-		to="https://d2sshc984jwlg9.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Circular_Hub.xml b/src/chrome/content/rules/Circular_Hub.xml
index 8fb564cd243a..d771ff2d09d5 100644
--- a/src/chrome/content/rules/Circular_Hub.xml
+++ b/src/chrome/content/rules/Circular_Hub.xml
@@ -1,40 +1,16 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://circularhub.com/ => https://www.circularhub.com/: 'NoneType' object has no attribute 'xpath'
-	For other Wishabi coverage, see Wishabi.xml.
-
-
-	Problematic subdomains:
-
-		- ^		(whos flyertown; mismatched, CN: www.flyertown.ca)
-		- api *
-		- editorials *
-
-	* Mismatched, CN: editorials.merchants.wishabi.ca
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- api *
-		- editorials *
-
-	* → editorials.merchants.wishabi.ca
-
+	Non-functional hosts
+		SSL connect error:
+		- api.circularhub.com
+		- editorials.circularhub.com
 -->
 <ruleset name="Circular Hub">
 
 	<target host="circularhub.com" />
-	<target host="*.circularhub.com" />
-
-
-	<securecookie host="^www\.circularhub\.com$" name=".+" />
-
+	<target host="www.circularhub.com" />
 
-	<rule from="^http://(?:www\.)?circularhub\.com/"
-		to="https://www.circularhub.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:api|editorials)\.circularhub\.com/"
-		to="https://editorials.merchants.wishabi.ca/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cirrus-CI.com.xml b/src/chrome/content/rules/Cirrus-CI.com.xml
new file mode 100644
index 000000000000..e4dfef248e21
--- /dev/null
+++ b/src/chrome/content/rules/Cirrus-CI.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cirrus-CI.com">
+	<target host="cirrus-ci.com" />
+	<target host="api.cirrus-ci.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cisco.mobi.xml b/src/chrome/content/rules/Cisco.mobi.xml
index a1793fd49f76..ea171b0fe66e 100644
--- a/src/chrome/content/rules/Cisco.mobi.xml
+++ b/src/chrome/content/rules/Cisco.mobi.xml
@@ -25,7 +25,7 @@ Fetch error: http://cln.cisco.mobi/ => https://cln.cisco.mobi/: (28, 'Connection
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cisco.mobi (partial)" default_off='failed ruleset test'>
+<ruleset name="Cisco.mobi (partial)" default_off="failed ruleset test">
 
 	<target host="cln.cisco.mobi" />
 
diff --git a/src/chrome/content/rules/Cisco.xml b/src/chrome/content/rules/Cisco.xml
index a784a24bd9ac..66fa5bbe94eb 100644
--- a/src/chrome/content/rules/Cisco.xml
+++ b/src/chrome/content/rules/Cisco.xml
@@ -1,9 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://csc-test1.cisco.com/ => https://csc-test1.cisco.com/: (35, 'error:14094410:SSL routines:ssl3_read_bytes:sslv3 alert handshake failure')
+
 
 	Other Cisco rulesets:
 
 		- Cisco.mobi.xml
-		- Cisco_Connect_Cloud.com.xml
 		- Cisco_Learning_System.com.xml
 		- Cisco_Live.com.xml
 		- Sourcefire.com.xml
@@ -25,6 +29,10 @@
 		- investor ʳ
 		- mkto ᴹ
 		- newsroom ᵈ
+		- solutionpartnerdashboard (refused)
+		- www1 (timeout)
+		- www2 (timeout)
+		- www3 (timeout)
 
 	ᴹ Marketo / shows another domain
 	⁴ 404
@@ -34,11 +42,10 @@
 
 	Problematic hosts in *cisco.com:
 
+		- cisco-images (mismatched)
 		- csc-test2 ᵉ ᵐ ᵘ
 		- csc-test[3-5] ᵐ
 		- eir-stage ˢ
-		- home ᵈ
-		- homesupport ᵈ
 		- solucionespyme ᵐ
 		- sso-marketplace ᵉ
 		- video ᵐ ˣ
@@ -50,15 +57,6 @@
 	ᵘ Untrusted root
 	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
-
-	Partially covered hosts in *cisco.com:
-
-		- csr *
-		- www
-
-	* Some pages redirect to http
-
-
 	These altnames don't exist:
 
 		- cloudsso3.cisco.com
@@ -94,28 +92,24 @@
 	ᵐ Not secured by us <= mismatched
 
 -->
-<ruleset name="Cisco.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cisco.com (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="cisco.com" />
 	<target host="apps.cisco.com" />
 	<target host="blogs.cisco.com" />
-	<target host="cisco-images.cisco.com" />
 	<target host="cloudsso.cisco.com" />
 	<target host="cloudsso1.cisco.com" />
 	<target host="cloudsso2.cisco.com" />
 	<target host="communities.cisco.com" />
-	<target host="csc-test1.cisco.com" />
+	<target host="csr.cisco.com" />
+	<!-- target host="csc-test1.cisco.com" /-->
 	<target host="developer.cisco.com" />
-	<target host="eir.cisco.com" />
 	<target host="jobs.cisco.com" />
 	<target host="learningnetwork.cisco.com" />
 	<target host="learningnetworkstore.cisco.com" />
 	<target host="marketplace.cisco.com" />
 	<target host="software.cisco.com" />
 	<target host="solutionpartner.cisco.com" />
-	<target host="solutionpartnerdashboard.cisco.com" />
 	<!--target host="sso-marketplace.cisco.com" /-->
 	<target host="sso-prod0.cisco.com" />
 	<target host="sso-prod1.cisco.com" />
@@ -128,76 +122,9 @@
 	<target host="tools2.cisco.com" />
 	<target host="tools3.cisco.com" />
 	<target host="www.cisco.com" />
-	<target host="www1.cisco.com" />
-	<target host="www2.cisco.com" />
-	<target host="www3.cisco.com" />
-
-	<!--	Complications:
-				-->
-	<target host="home.cisco.com" />
-	<target host="homesupport.cisco.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://csr\.cisco\.com/(?:casestudy|pages)/" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://csr\.cisco\.com/(?!/*(?:$|\?|cdnorigin/|content/|favicon\.ico))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://csr.cisco.com/casestudy/be-the-bridge" />
-			<test url="http://csr.cisco.com/casestudy/flow" />
-			<test url="http://csr.cisco.com/casestudy/inveneo" />
-			<test url="http://csr.cisco.com/casestudy/veterans" />
-			<test url="http://csr.cisco.com/pages/education" />
-			<test url="http://csr.cisco.com/pages/environment" />
-			<test url="http://csr.cisco.com/pages/measure-impact" />
-			<test url="http://csr.cisco.com/pages/resources" />
-
-			<!--	-ve:
-					-->
-			<test url="http://csr.cisco.com/cdnorigin/content/images/layout/intwhitebg1025.png" />
-			<test url="http://csr.cisco.com/cdnorigin/content/scripts/Libs/fancybox/source/helpers/jquery.fancybox-thumbs.css" />
-			<test url="http://csr.cisco.com/cdnorigin/content/styles/idangerous.swiper.css" />
-			<test url="http://csr.cisco.com/cdnorigin/content/themes/base/jquery.ui.dialog.css" />
-			<test url="http://csr.cisco.com/cdnorigin/media/images/original/icon-pdf.png" />
-			<test url="http://csr.cisco.com/content/Scripts/Libs/fancybox/source/jquery.fancybox.css" />
-			<test url="http://csr.cisco.com/favicon.ico" />
-
-		<exclusion pattern="^http://www\.cisco\.com/cgi-bin/login" />
-
-			<test url="http://www.cisco.com/cgi-bin/login" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://tools.cisco.com/RPF/register/register.do?exit_url=" /-->
-
-		<!--	Formerly didn't work:
-						-->
-		<test url="http://www.cisco.com/go/smallbizsupport" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.cisco\.com$" name="^(?:CP_GUTC|ObSSOCookie|TOOLS-Loc)$" /-->
-	<!--securecookie host="^blogs\.cisco\.com$" name="^wpmp_switcher$" /-->
-	<!--securecookie host="^communities\.cisco\.com$" name="^(BIGipServerm\w+-\d+-pool|JSESSIONID|jive\.security\.context)$" /-->
-	<!--securecookie host="^jobs\.cisco\.com$" name="^(?:JSESSIONID|PERSIST)$" /-->
-	<!--securecookie host="^learningnetwork\.cisco\.com$" name="^(?:BIGipServer|jive\.(?:login\.ts|security\.context)$)" /-->
-	<!--securecookie host="^learningnetworkstore\.cisco\.com$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^sso\.cisco\.com$" name="^ObFormLoginCookie$" /-->
-	<!--securecookie host="^sso-marketplace\.cisco\.com$" name="^PF$" /-->
-	<!--securecookie host="^(?:learningnetworkstore|tools|www)\.cisco\.com$" name="^JSESSIONID$" /-->
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://home(?:support)?\.cisco\.com/+"
-		to="https://support.linksys.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cisco_Connect_Cloud.com.xml b/src/chrome/content/rules/Cisco_Connect_Cloud.com.xml
deleted file mode 100644
index 284ef4bbcafc..000000000000
--- a/src/chrome/content/rules/Cisco_Connect_Cloud.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Cisco coverage, see Cisco.xml.
-
--->
-<ruleset name="Cisco Connect Cloud.com">
-
-	<target host="ciscoconnectcloud.com" />
-	<target host="www.ciscoconnectcloud.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Citadium.com.xml b/src/chrome/content/rules/Citadium.com.xml
index ba648c6af91a..d4357e5bff17 100644
--- a/src/chrome/content/rules/Citadium.com.xml
+++ b/src/chrome/content/rules/Citadium.com.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://www\.citadium\.com/(?=elmt/|favicon\.ico|js/|login(?:$|[?/])|medias/|spinner\.gif|_ui/)"
 		to="https://www.citadium.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Citi_Alumni_Network.xml b/src/chrome/content/rules/Citi_Alumni_Network.xml
index 68432dd678c3..2d0d3966b18b 100644
--- a/src/chrome/content/rules/Citi_Alumni_Network.xml
+++ b/src/chrome/content/rules/Citi_Alumni_Network.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?citialumninetwork\.com/"
 		to="https://www.citialumninetwork.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Citibank.xml b/src/chrome/content/rules/Citibank.xml
index fd4a4c22a206..0cfe8adbd197 100644
--- a/src/chrome/content/rules/Citibank.xml
+++ b/src/chrome/content/rules/Citibank.xml
@@ -11,7 +11,7 @@ Fetch error: http://content22.online.citibank.com/ => https://content22.online.c
 		- .citibank.com
 
 -->
-<ruleset name="Citibank.com" default_off='failed ruleset test'>
+<ruleset name="Citibank.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CitizenPost.fr.xml b/src/chrome/content/rules/CitizenPost.fr.xml
index d99440e6c78f..9b2cca72cc0b 100644
--- a/src/chrome/content/rules/CitizenPost.fr.xml
+++ b/src/chrome/content/rules/CitizenPost.fr.xml
@@ -3,7 +3,7 @@
 	<target host="citizenpost.fr" />
 	<target host="www.citizenpost.fr" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CitizensForEthics.org.xml b/src/chrome/content/rules/CitizensForEthics.org.xml
new file mode 100644
index 000000000000..e5bf9f76e205
--- /dev/null
+++ b/src/chrome/content/rules/CitizensForEthics.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		secure.citizensforethics.org
+-->
+<ruleset name="CitizensForEthics.org">
+	<target host="citizensforethics.org" />
+	<target host="www.citizensforethics.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Citrix.xml b/src/chrome/content/rules/Citrix.xml
index 48494ccaf940..af503f29bbb0 100644
--- a/src/chrome/content/rules/Citrix.xml
+++ b/src/chrome/content/rules/Citrix.xml
@@ -11,7 +11,6 @@ Fetch error: http://tarpon.citrix.com/ => https://tarpon.citrix.com/: (6, 'Could
 	Other Citrix rulesets:
 
 		- Citrix_Online.com.xml
-		- Citrix_Online_CDN.com.xml
 		- GoToAssist.com.xml
 		- GoToMeeting.com.xml
 		- GoToTraining.com.xml
@@ -72,7 +71,7 @@ Fetch error: http://tarpon.citrix.com/ => https://tarpon.citrix.com/: (6, 'Could
 	* Secured by us
 
 -->
-<ruleset name="Citrix.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Citrix.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Citrix_Online_CDN.com.xml b/src/chrome/content/rules/Citrix_Online_CDN.com.xml
deleted file mode 100644
index 8b47e1ecdad4..000000000000
--- a/src/chrome/content/rules/Citrix_Online_CDN.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Citrix coverage, see Citrix.xml.
-
--->
-<ruleset name="Citrix Online CDN.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="citrixonlinecdn.com" />
-	<target host="www.citrixonlinecdn.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/City-Link.xml b/src/chrome/content/rules/City-Link.xml
index d660eea7c79f..3a0ea246ba38 100644
--- a/src/chrome/content/rules/City-Link.xml
+++ b/src/chrome/content/rules/City-Link.xml
@@ -12,7 +12,7 @@ Fetch error: http://city-link.co.uk/ => https://www.city-link.co.uk/: (28, 'Conn
 Fetch error: http://www.city-link.co.uk/ => https://www.city-link.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
 
 -->
-<ruleset name="City Link" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="City Link" platform="mixedcontent" default_off="failed ruleset test">
 
   <target host="city-link.co.uk" />
   <target host="www.city-link.co.uk" />
diff --git a/src/chrome/content/rules/City-Mail.xml b/src/chrome/content/rules/City-Mail.xml
deleted file mode 100644
index 7be549f25e79..000000000000
--- a/src/chrome/content/rules/City-Mail.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Wizard Internet Services coverage, see Wizard-Internet-Services.xml.
-
--->
-<ruleset name="City Mail">
-
-	<target host="cityemail.com" />
-	<target host="www.cityemail.com" />
-
-
-	<securecookie host="^(?:www\.)?cityemail\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?citymail\.com/"
-		to="https://$1citymail.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/City-of-Chicago.xml b/src/chrome/content/rules/City-of-Chicago.xml
index 9c9cca0fb2ba..1311af2b6e92 100644
--- a/src/chrome/content/rules/City-of-Chicago.xml
+++ b/src/chrome/content/rules/City-of-Chicago.xml
@@ -13,7 +13,9 @@
 <ruleset name="City of Chicago" platform="mixedcontent">
 
 	<target host="cityofchicago.org" />
-	<target host="*.cityofchicago.org" />
+	<target host="mayor.cityofchicago.org" />
+	<target host="data.cityofchicago.org" />
+	<target host="www.cityofchicago.org" />
 	<!--target host="explorechicago.org" /-->
 	<!--target host="*.explorechicago.org" /-->
 
@@ -37,10 +39,9 @@
 	<rule from="^http://mayor\.cityofchicago\.org/"
 		to="https://www.cityofchicago.org/content/city/en/depts/mayor.html" />
 
-	<rule from="^http://(data|www)\.cityofchicago\.org/"
-		to="https://$1.cityofchicago.org/" />
 
 	<!--rule from="^http://www\.explorechicago\.com/"
 		to="https://www.explorechicago.com/" /-->
-	
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CityEmail.com.xml b/src/chrome/content/rules/CityEmail.com.xml
new file mode 100644
index 000000000000..e7c8c32b3de6
--- /dev/null
+++ b/src/chrome/content/rules/CityEmail.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Wizard Internet Services coverage, see Wizard-Internet-Services.xml.
+
+-->
+<ruleset name="CityEmail.com">
+
+	<target host="cityemail.com" />
+	<target host="www.cityemail.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CityNews.ca.xml b/src/chrome/content/rules/CityNews.ca.xml
new file mode 100644
index 000000000000..e929dbef2195
--- /dev/null
+++ b/src/chrome/content/rules/CityNews.ca.xml
@@ -0,0 +1,41 @@
+<!--
+	Connection refused:
+		- autodiscover.citynews.ca
+
+	Invalid certificate:
+		- email.citynews.ca
+		- b.email.citynews.ca
+		- live.citynews.ca
+		- m.citynews.ca
+		- preprod-www.citynews.ca
+
+	Timed out:
+		- citynews.ca, equivalent to www.citynews.ca
+		- agmail2.citynews.ca
+		- contests.citynews.ca
+		- site.citynews.ca
+-->
+
+<ruleset name="CityNews.ca">
+	<target host="citynews.ca" />
+	<target host="www.citynews.ca" />
+	<target host="edmonton.citynews.ca" />
+	<target host="int-edmonton.citynews.ca" />
+	<target host="int-montreal.citynews.ca" />
+	<target host="int-toronto.citynews.ca" />
+	<target host="int-winnipeg.citynews.ca" />
+	<target host="int-www.citynews.ca" />
+	<target host="montreal.citynews.ca" />
+	<target host="staging-edmonton.citynews.ca" />
+	<target host="staging-montreal.citynews.ca" />
+	<target host="staging-toronto.citynews.ca" />
+	<target host="staging-winnipeg.citynews.ca" />
+	<target host="staging-www.citynews.ca" />
+	<target host="toronto.citynews.ca" />
+	<target host="winnipeg.citynews.ca" />
+
+	<rule from="^http://citynews\.ca/"
+		to="https://www.citynews.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/City_University_London.xml b/src/chrome/content/rules/City_University_London.xml
index cd6f790cdf0a..c77aec418f5b 100644
--- a/src/chrome/content/rules/City_University_London.xml
+++ b/src/chrome/content/rules/City_University_London.xml
@@ -11,10 +11,13 @@ Fetch error: http://www.soi.city.ac.uk/ => https://www.soi.city.ac.uk/: (28, 'Co
 		- soi
 
 -->
-<ruleset name="City University London" default_off='failed ruleset test'>
+<ruleset name="City University London" default_off="failed ruleset test">
 
 	<target host="city.ac.uk" />
-	<target host="*.city.ac.uk" />
+	<target host="soi.city.ac.uk" />
+	<target host="www.city.ac.uk" />
+	<target host="www.soi.city.ac.uk" />
+	<target host="s1.city.ac.uk" />
 
 
 	<securecookie host="^\.www\.city\.ac\.uk$" name=".+" />
@@ -23,7 +26,6 @@ Fetch error: http://www.soi.city.ac.uk/ => https://www.soi.city.ac.uk/: (28, 'Co
 	<rule from="^http://(?:www\.)?(soi\.)?city\.ac\.uk/"
 		to="https://www.$1city.ac.uk/" />
 
-	<rule from="^http://s1\.city\.ac\.uk/"
-		to="https://s1.city.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/City_University_of_New_York-problematic.xml b/src/chrome/content/rules/City_University_of_New_York-problematic.xml
index 1abed081828c..a1d1545a2bba 100644
--- a/src/chrome/content/rules/City_University_of_New_York-problematic.xml
+++ b/src/chrome/content/rules/City_University_of_New_York-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?law\.cuny\.edu/"
 		to="https://www.law.cuny.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/City_University_of_New_York.xml b/src/chrome/content/rules/City_University_of_New_York.xml
index b9771d187aba..548a08ba7c1a 100644
--- a/src/chrome/content/rules/City_University_of_New_York.xml
+++ b/src/chrome/content/rules/City_University_of_New_York.xml
@@ -40,4 +40,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/City_of_Mountain_View.xml b/src/chrome/content/rules/City_of_Mountain_View.xml
index 285698518d57..4bb15ac4b3a9 100644
--- a/src/chrome/content/rules/City_of_Mountain_View.xml
+++ b/src/chrome/content/rules/City_of_Mountain_View.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.mountainview.gov/ => https://www.mountainview.gov/: (28,
 	Cert only matches www
 
 -->
-<ruleset name="City of Mountain View (partial)" default_off='failed ruleset test'>
+<ruleset name="City of Mountain View (partial)" default_off="failed ruleset test">
 
 	<target host="mountainview.gov" />
 	<target host="www.mountainview.gov" />
diff --git a/src/chrome/content/rules/City_of_Seattle.xml b/src/chrome/content/rules/City_of_Seattle.xml
index 60a28402f69c..a36aeaa6f1a8 100644
--- a/src/chrome/content/rules/City_of_Seattle.xml
+++ b/src/chrome/content/rules/City_of_Seattle.xml
@@ -34,7 +34,14 @@ Non-2xx HTTP code: http://seattle.gov/ (200) => https://www.seattle.gov/ (303)
 <ruleset name="City of Seattle (partial)" platform="mixedcontent">
 
 	<target host="seattle.gov" />
-	<target host="*.seattle.gov" />
+	<target host="www.seattle.gov" />
+	<target host="citylink.seattle.gov" />
+	<target host="data.seattle.gov" />
+	<target host="my.seattle.gov" />
+	<target host="wald1.seattle.gov" />
+	<target host="web1.seattle.gov" />
+	<target host="web5.seattle.gov" />
+	<target host="web6.seattle.gov" />
 
 
 	<securecookie host="^.+\.seattle\.gov$" name=".+" />
@@ -46,10 +53,9 @@ Non-2xx HTTP code: http://seattle.gov/ (200) => https://www.seattle.gov/ (303)
 	<rule from="^http://citylink\.seattle\.gov/"
 		to="https://www.seattle.gov/citylink/" />
 
-	<rule from="^http://(data|my|wald1|web1)\.seattle\.gov/"
-		to="https://$1.seattle.gov/" />
 
 	<rule from="^http://web[56]\.seattle\.gov/"
 		to="https://web6.seattle.gov/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cityam.com.xml b/src/chrome/content/rules/Cityam.com.xml
new file mode 100644
index 000000000000..1869a9c8872b
--- /dev/null
+++ b/src/chrome/content/rules/Cityam.com.xml
@@ -0,0 +1,41 @@
+<!--
+	Self-signed:
+		- ^
+
+	Cert mismatch:
+		- dev5
+		- email
+		- ci
+		- li
+		- local
+		- www.m
+		- click.mail
+		- image.mail
+		- pages.mail
+		- view.mail
+		- newsletter
+		- punter
+
+	Incomplete certificate chain:
+		- digital
+		- helpdesk
+		- intranet
+		- subscriber
+		- wiki
+
+	Cityam.com has a wildcard DNS record, so enumerating all subdomains is impossible.
+-->
+<ruleset name="Cityam.com (partial)">
+	<target host="cityam.com" />
+	<target host="www.cityam.com" />
+	<target host="dev.cityam.com" />
+	<target host="api.cityam.com" />
+	<target host="dev2.cityam.com" />
+	<target host="dev3.cityam.com" />
+	<target host="dev4.cityam.com" />
+	<target host="uat.cityam.com" />
+
+	<rule from="^http://cityam\.com/" to="https://www.cityam.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Citymapper.xml b/src/chrome/content/rules/Citymapper.xml
index a1d8d771d8b2..4950c3970055 100644
--- a/src/chrome/content/rules/Citymapper.xml
+++ b/src/chrome/content/rules/Citymapper.xml
@@ -13,6 +13,6 @@
 
   	<securecookie host="^.*\.citymapper\.com$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CityofPortland.xml b/src/chrome/content/rules/CityofPortland.xml
index eafa64367d13..7381c96004c5 100644
--- a/src/chrome/content/rules/CityofPortland.xml
+++ b/src/chrome/content/rules/CityofPortland.xml
@@ -11,4 +11,4 @@
 		to="https://www.portlandonline.com/" />
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Citypaketet.xml b/src/chrome/content/rules/Citypaketet.xml
deleted file mode 100644
index cebe5d789f7a..000000000000
--- a/src/chrome/content/rules/Citypaketet.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(www cert: www.vp-spm.com; 404)
-
--->
-<ruleset name="Citypaketet (partial)">
-
-	<target host="sifomedia.citypaketet.se" />
-
-
-	<securecookie host="^ssl\.sifomedia\.se$" name=".+" />
-
-
-	<rule from="^http://sifomedia\.citypaketet\.se/"
-		to="https://ssl.sifomedia.se/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Citywerkz.com.xml b/src/chrome/content/rules/Citywerkz.com.xml
index 057aec05c5f6..2641d2bd3b9b 100644
--- a/src/chrome/content/rules/Citywerkz.com.xml
+++ b/src/chrome/content/rules/Citywerkz.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.citywerkz.com/ => https://www.citywerkz.com/: (60, 'SSL
 Disabled by https-everywhere-checker because:
 Fetch error: http://citywerkz.com/ => https://citywerkz.com/: (51, "SSL: no alternative certificate subject name matches target host name 'citywerkz.com'")
 -->
-<ruleset name="Citywerkz.com" default_off='failed ruleset test'>
+<ruleset name="Citywerkz.com" default_off="failed ruleset test">
 
 	<target host="citywerkz.com" />
 	<target host="www.citywerkz.com" />
diff --git a/src/chrome/content/rules/CiviCRM.xml b/src/chrome/content/rules/CiviCRM.xml
index b99687d8c8e2..cad390a5a1c0 100644
--- a/src/chrome/content/rules/CiviCRM.xml
+++ b/src/chrome/content/rules/CiviCRM.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CivicScience.xml b/src/chrome/content/rules/CivicScience.xml
index 6082b44a70a3..f6b58e724202 100644
--- a/src/chrome/content/rules/CivicScience.xml
+++ b/src/chrome/content/rules/CivicScience.xml
@@ -19,7 +19,9 @@
 <ruleset name="CivicScience (partial)">
 
 	<target host="civicscience.com" />
-	<target host="*.civicscience.com" />
+	<target host="beta.civicscience.com" />
+	<target host="www.civicscience.com" />
+	<target host="blog.civicscience.com" />
 
 
 	<rule from="^http://(beta\.|www\.)?civicscience\.com/"
@@ -28,4 +30,4 @@
 	<rule from="^http://blog\.civicscience\.com/(display/|favicon\.ico|layout/|storage/|universal/)"
 		to="https://civicscience.squarespace.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cl.ly.xml b/src/chrome/content/rules/Cl.ly.xml
index 7337b60419ed..a3f093e72874 100644
--- a/src/chrome/content/rules/Cl.ly.xml
+++ b/src/chrome/content/rules/Cl.ly.xml
@@ -1,48 +1,17 @@
 <!--
-	For other Linerunner coverage, see Linerunner.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/f.cl.ly/
-		- d9yac136u048z.cloudfront.net
-
-
-	List of related domains:
-
-		- cl.ly
+	Non-functional hosts
+		SSL peer certificate was not OK:
 		- f.cl.ly
-		- my.cl.ly
-		- api.cld.me
-		- my.cld.me
-		- assets.my.cld.me
 
+		Different content:
+		- api.cl.ly
 -->
-<ruleset name="Cl.ly (partial)">
-
+<ruleset name="cl.ly">
 	<target host="cl.ly" />
-	<target host="*.cl.ly" />
-	<target host="*.cld.me" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^my\.cl\.ly$" name="^_engine_session$" /-->
-	<!--securecookie host="^my\.cld\.me$" name="^_engine_session$" /-->
-
-	<securecookie host="^my\.cl(?:\.ly|d\.me)$" name=".+" />
-
-
-	<rule from="^http://((?:api|my|www)\.)?cl\.ly/"
-		to="https://$1cl.ly/" />
-
-	<rule from="^http://f\.cl\.ly/"
-		to="https://s3.amazonaws.com/f.cl.ly/" />
-
-	<rule from="^http://(api|my)\.cld\.me/"
-		to="https://$1.cld.me/" />
+	<target host="my.cl.ly" />
+	<target host="www.cl.ly" />
 
-	<rule from="^http://assets\.my\.cld\.me/"
-		to="https://d9yac136u048z.cloudfront.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Claim_Forms_Plus.xml b/src/chrome/content/rules/Claim_Forms_Plus.xml
index fd2944845a1b..08a2fbf7481b 100644
--- a/src/chrome/content/rules/Claim_Forms_Plus.xml
+++ b/src/chrome/content/rules/Claim_Forms_Plus.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Claranet.xml b/src/chrome/content/rules/Claranet.xml
index 3511cb887f75..77b786cb8e54 100644
--- a/src/chrome/content/rules/Claranet.xml
+++ b/src/chrome/content/rules/Claranet.xml
@@ -9,12 +9,18 @@ Fetch error: http://pop.claranet.de/ => https://pop.claranet.de/: (6, 'Could not
 Fetch error: http://webmail.claranet.pt/ => https://webmail.claranet.pt/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://secure.claranetsoho.co.uk/ => https://secure.claranetsoho.co.uk/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Claranet (partial)" default_off='failed ruleset test'>
-
-	<target host="*.clara.net"/>
+<ruleset name="Claranet (partial)" default_off="failed ruleset test">
+
+	<target host="corporate.clara.net" />
+	<target host="customer.clara.net" />
+	<target host="webmail.clara.net" />
+	<target host="webmail.bln.de.clara.net" />
+	<target host="nswebmail.uk.clara.net" />
+	<target host="portal.uk.clara.net" />
 	<target host="admin.clarahost.co.uk"/>
 	<target host="pop.claranet.de"/>
-	<target host="*.claranet.nl"/>
+	<target host="webmail.claranet.nl" />
+	<target host="servicecenter.claranet.nl" />
 	<target host="webmail.claranet.pt"/>
 	<target host="secure.claranetsoho.co.uk"/>
 
@@ -25,22 +31,11 @@ Fetch error: http://secure.claranetsoho.co.uk/ => https://secure.claranetsoho.co
 	<securecookie host="^webmail\.claranet\.pt$" name=".+" />
 	<securecookie host="^secure\.claranetsoho\.co\.uk$" name=".+" />
 
-	<rule from="^http://(corporate|customer|webmail(\.bln\.de)?|(nswebmail|portal)\.uk)\.clara\.net/"
-		to="https://$1.clara.net/"/>
 
-	<rule from="^http://admin\.clarahost\.co\.uk/"
-		to="https://admin.clarahost.co.uk/"/>
 
-	<rule from="^http://pop\.claranet\.de/"
-		to="https://pop.claranet.de/"/>
 
-	<rule from="^http://webmail\.claranet\.(nl|pt)/"
-		to="https://webmail.claranet.$1/"/>
 
-	<rule from="^http://servicecenter\.claranet\.nl/"
-		to="https://servicecenter.claranet.nl/"/>
 
-	<rule from="^http://secure\.claranetsoho\.co\.uk/"
-		to="https://secure.claranetsoho.co.uk/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Clarion-Ledger.xml b/src/chrome/content/rules/Clarion-Ledger.xml
index 885106277d13..ea896c75e542 100644
--- a/src/chrome/content/rules/Clarion-Ledger.xml
+++ b/src/chrome/content/rules/Clarion-Ledger.xml
@@ -16,7 +16,8 @@
 <ruleset name="Clarion-Ledger">
 
 	<target host="clarionledger.com" />
-	<target host="*.clarionledger.com" />
+	<target host="cmsimg.clarionledger.com" />
+	<target host="www.clarionledger.com" />
 
 
 	<securecookie host="^www\.clarionledger\.com$" name=".+" />
diff --git a/src/chrome/content/rules/ClarityRay.xml b/src/chrome/content/rules/ClarityRay.xml
deleted file mode 100644
index 9457a8ec84bc..000000000000
--- a/src/chrome/content/rules/ClarityRay.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c15037188.r88.cf2.rackcdn.com
-
-
-	Nonfunctional domains:
-
-		- wredint.com
-
--->
-<ruleset name="ClarityRay (partial)">
-
-	<target host="clarityray.com" />
-	<target host="www.clarityray.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Clarkvision.com.xml b/src/chrome/content/rules/Clarkvision.com.xml
new file mode 100644
index 000000000000..4654f2555384
--- /dev/null
+++ b/src/chrome/content/rules/Clarkvision.com.xml
@@ -0,0 +1,13 @@
+<!--
+	certificate mismatch:
+		www.clarkvision.com
+-->
+<ruleset name="Clarkvision.com">
+	<target host="clarkvision.com" />
+	<target host="www.clarkvision.com" />
+
+	<rule from="^http://www\.clarkvision\.com/"
+		to="https://clarkvision.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Classpath.org.xml b/src/chrome/content/rules/Classpath.org.xml
new file mode 100644
index 000000000000..24317e2c9a43
--- /dev/null
+++ b/src/chrome/content/rules/Classpath.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatching certificate:
+		- classpath.org
+		- www.classpath.org
+		- builder.classpath.org
+
+	Refused:
+		- developer.classpath.org
+-->
+<ruleset name="Classpath.org (Partial)">
+	<target host="icedtea.classpath.org" />
+	<target host="planet.classpath.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cld.me.xml b/src/chrome/content/rules/Cld.me.xml
new file mode 100644
index 000000000000..23a650aba819
--- /dev/null
+++ b/src/chrome/content/rules/Cld.me.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cld.me
+		- www.cld.me
+		- assets.my.cld.me
+		- proxy.cld.me
+-->
+<ruleset name="Cld.me (partial)">
+	<target host="api.cld.me" />
+	<target host="my.cld.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cldlr.com.xml b/src/chrome/content/rules/Cldlr.com.xml
deleted file mode 100644
index c6f85c10046b..000000000000
--- a/src/chrome/content/rules/Cldlr.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .cldlr.com
-		- c.cldlr.com
-
--->
-<ruleset name="cldlr.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="c.cldlr.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.cldlr\.com$" name="^\.sess$" /-->
-	<!--securecookie host="^c\.cldlr\.com$" name="^x\d+$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Clean-Energy-Experts.xml b/src/chrome/content/rules/Clean-Energy-Experts.xml
index de226062f842..0c806849c532 100644
--- a/src/chrome/content/rules/Clean-Energy-Experts.xml
+++ b/src/chrome/content/rules/Clean-Energy-Experts.xml
@@ -5,7 +5,7 @@
 	<target host="www.cleanenergyexperts.com" />
 
 
-	<securecookie host="^(?:.*\.)?cleanenergyexperts\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/CleanEnergyFinanceCorporation.xml b/src/chrome/content/rules/CleanEnergyFinanceCorporation.xml
deleted file mode 100644
index 1352520585f0..000000000000
--- a/src/chrome/content/rules/CleanEnergyFinanceCorporation.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Clean Energy Finance Corporation">
-	<target host="cleanenergyfinancecorp.com.au" />
-	<target host="*.cleanenergyfinancecorp.com.au" />
-
-	<rule from="^http://(?:www\.)?cleanenergyfinancecorp\.com\.au/"
-		to="https://www.cleanenergyfinancecorp.com.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CleanPrint.net.xml b/src/chrome/content/rules/CleanPrint.net.xml
index 81c334182817..44310713b9a3 100644
--- a/src/chrome/content/rules/CleanPrint.net.xml
+++ b/src/chrome/content/rules/CleanPrint.net.xml
@@ -26,7 +26,7 @@ Fetch error: http://cleanprint.net/ => https://cleanprint.net/: (51, "SSL: no al
 		- cache-02	(→ www)
 
 -->
-<ruleset name="CleanPrint.net" default_off='failed ruleset test'>
+<ruleset name="CleanPrint.net" default_off="failed ruleset test">
 
 	<target host="cleanprint.net" />
 	<target host="www.cleanprint.net" />
@@ -35,4 +35,4 @@ Fetch error: http://cleanprint.net/ => https://cleanprint.net/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clear-Code.com.xml b/src/chrome/content/rules/Clear-Code.com.xml
index 48fddb4faefa..cba409f20878 100644
--- a/src/chrome/content/rules/Clear-Code.com.xml
+++ b/src/chrome/content/rules/Clear-Code.com.xml
@@ -23,6 +23,6 @@
 	<rule from="^http://clear-code\.com/"
 			to="https://www.clear-code.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Clear_Linux.org.xml b/src/chrome/content/rules/Clear_Linux.org.xml
deleted file mode 100644
index e82450add48f..000000000000
--- a/src/chrome/content/rules/Clear_Linux.org.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
-
-	Fully covered hosts in *clearlinux.org:
-
-		- (www.)?
-		- debuginfo
-		- download
-		- lists
-		- packs
-		- pkgs
-		- update
-		- version
-
-
-	These altnames don't exist:
-
-		- www.lists.clearlinux.org
-
--->
-<ruleset name="Clear Linux.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="clearlinux.org" />
-	<target host="debuginfo.clearlinux.org" />
-	<target host="download.clearlinux.org" />
-	<target host="lists.clearlinux.org" />
-	<target host="packs.clearlinux.org" />
-	<target host="pkgs.clearlinux.org" />
-	<target host="update.clearlinux.org" />
-	<target host="version.clearlinux.org" />
-	<target host="www.clearlinux.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CleverCoin.com.xml b/src/chrome/content/rules/CleverCoin.com.xml
deleted file mode 100644
index aa33fe391384..000000000000
--- a/src/chrome/content/rules/CleverCoin.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- clevercoin.com
-		- .clevercoin.com
-		- www.clevercoin.com
-
--->
-<ruleset name="CleverCoin.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="clevercoin.com" />
-	<target host="www.clevercoin.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?clevercoin\.com$" name="^laravel_session$" /-->
-	<!--securecookie host="^\.clevercoin\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?clevercoin\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CleverPush.com.xml b/src/chrome/content/rules/CleverPush.com.xml
new file mode 100644
index 000000000000..8aecbdeb83e4
--- /dev/null
+++ b/src/chrome/content/rules/CleverPush.com.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="CleverPush.com">
+
+	<target host="cleverpush.com" />
+	<target host="*.cleverpush.com" />
+		<!-- All subdomains and especially the customers subdomains have valid SSL certificates. -->
+		<test url="http://www.cleverpush.com/" />
+		<test url="http://abendblatt.cleverpush.com/" />
+		<test url="http://api.cleverpush.com/" />
+		<test url="http://demo.cleverpush.com/" />
+		<test url="http://developers.cleverpush.com/" />
+		<test url="http://static.cleverpush.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cleverbridge.xml b/src/chrome/content/rules/Cleverbridge.xml
index 9306f73b4f6b..7c6a8bdee9b4 100644
--- a/src/chrome/content/rules/Cleverbridge.xml
+++ b/src/chrome/content/rules/Cleverbridge.xml
@@ -18,7 +18,7 @@ Fetch error: http://message.cleverbridge.com/ => https://message.cleverbridge.co
 	* Mismatched
 
 -->
-<ruleset name="cleverbridge (partial)" default_off='failed ruleset test'>
+<ruleset name="cleverbridge (partial)" default_off="failed ruleset test">
 
 	<target host="cleverbridge.com"/>
 	<target host="*.cleverbridge.com"/>
diff --git a/src/chrome/content/rules/Click-Sec.com.xml b/src/chrome/content/rules/Click-Sec.com.xml
index 713fec90da4b..64126ac0f82c 100644
--- a/src/chrome/content/rules/Click-Sec.com.xml
+++ b/src/chrome/content/rules/Click-Sec.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://click-sec.com/ => https://click-sec.com/: (6, 'Could not res
 		- www.click-sec.com
 
 -->
-<ruleset name="Click-Sec.com" default_off='failed ruleset test'>
+<ruleset name="Click-Sec.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Click4Wheels.cn.xml b/src/chrome/content/rules/Click4Wheels.cn.xml
new file mode 100644
index 000000000000..fe0ced30189a
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.cn.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.cn">
+
+	<target host="click4wheels.cn" />
+	<target host="www.click4wheels.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.cn/"
+		to="https://www.click4wheels.cn/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.co.kr.xml b/src/chrome/content/rules/Click4Wheels.co.kr.xml
new file mode 100644
index 000000000000..4e531226ebe0
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.co.kr.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.co.kr">
+
+	<target host="click4wheels.co.kr" />
+	<target host="www.click4wheels.co.kr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.co\.kr/"
+		to="https://www.click4wheels.co.kr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.com.xml b/src/chrome/content/rules/Click4Wheels.com.xml
new file mode 100644
index 000000000000..01618c1d6e66
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.com">
+
+	<target host="click4wheels.com" />
+	<target host="www.click4wheels.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.com/"
+		to="https://www.click4wheels.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Click4Wheels.jp.xml b/src/chrome/content/rules/Click4Wheels.jp.xml
new file mode 100644
index 000000000000..65ccc0ba3835
--- /dev/null
+++ b/src/chrome/content/rules/Click4Wheels.jp.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(invalid certificate chain)
+
+-->
+<ruleset name="Click4Wheels.jp">
+
+	<target host="click4wheels.jp" />
+	<target host="www.click4wheels.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://click4wheels\.jp/"
+		to="https://www.click4wheels.jp/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClickEquations.net.xml b/src/chrome/content/rules/ClickEquations.net.xml
index 81ec4e235bf9..9d69d75b348a 100644
--- a/src/chrome/content/rules/ClickEquations.net.xml
+++ b/src/chrome/content/rules/ClickEquations.net.xml
@@ -16,16 +16,17 @@ Fetch error: http://clickequations.net/ => https://clickequations.net/: (7, 'Fai
 	whichever domain it is loaded from.
 
 -->
-<ruleset name="ClickEquations.net" default_off='failed ruleset test'>
+<ruleset name="ClickEquations.net" default_off="failed ruleset test">
 
 	<target host="clickequations.net" />
-	<target host="*.clickequations.net" />
+	<target host="beacon.clickequations.net" />
+	<target host="js.clickequations.net" />
+	<target host="www.clickequations.net" />
 
 
 	<securecookie host="^(?:w*\.)?clickequations\.net$" name=".+" />
 
 
-	<rule from="^http://((?:beacon|js|www)\.)?clickequations\.net/"
-		to="https://$1clickequations.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClickMotive.xml b/src/chrome/content/rules/ClickMotive.xml
index a8118b870143..d2820a65692b 100644
--- a/src/chrome/content/rules/ClickMotive.xml
+++ b/src/chrome/content/rules/ClickMotive.xml
@@ -13,7 +13,7 @@ Fetch error: http://origin-assets.clickmotive.com/ => https://origin-assets.clic
 	* Akamai
 
 -->
-<ruleset name="ClickMotive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ClickMotive.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ClickTale.xml b/src/chrome/content/rules/ClickTale.xml
index 5c15c50b7d7f..727bd64c3f1b 100644
--- a/src/chrome/content/rules/ClickTale.xml
+++ b/src/chrome/content/rules/ClickTale.xml
@@ -2,46 +2,53 @@
 	CDN buckets:
 
 		- clicktalecdn.sslcs.cdngc.net
-		- clicktale.pantherssl.com
-
 
 	Problematic domains:
 
 		- clicktale.com		(interrupted)
 		- cdn.clicktale.net	(403, mismatched, CN: ssl2.cdngc.net)
 		- s.clicktale.net	(403; mismatched, CN: ssl2.cdngc.net)
+    - www07.clicktale.net (unable to get local issuer certificate)
+
+  Connection Refused/Unresolved Hosts
+    - s.clicktale.net
+    - clicktale.pantherssl.com
 
 -->
 <ruleset name="ClickTale">
 
 	<target host="clicktale.com" />
-	<target host="*.clicktale.com" />
-	<target host="*.clicktale.net" />
-
+	<target host="www.clicktale.com" />
+	<target host="login.app.clicktale.com" />
+	<target host="subs.app.clicktale.com" />
+	<target host="blog.clicktale.com" />
+	<target host="cdn.clicktale.net" />
 
 	<securecookie host=".*\.clicktale\.(?:com|net)$" name=".+" />
 
-
 	<rule from="^http://(?:www\.)?clicktale\.com/"
 		to="https://www.clicktale.com/" />
 
-	<rule from="^http://((?:login|subs)\.app|blog)\.clicktale\.com/"
-		to="https://$1.clicktale.com/" />
-
 	<!--	- s:
 
 			- Tracking scripts included on 3rd-party websites
 			- Cert: ssl2.cdngc.net
 			- 403s
 		 	- Scripts 404 when rewritten to ^clicktale.net
-							-->
+
+       - Times out
 	<rule from="^http://s\.clicktale\.net/"
 		to="https://clicktale.pantherssl.com/" />
+  -->
 
-	<rule from="^http://cdn\.clicktale\.net/"
-		to="https://clicktalecdn.sslcs.cdngc.net/" />
 
-	<rule from="^http://www(07)?\.clicktale\.net/"
-		to="https://www$1.clicktale.net/" />
+	<!--
+    404:
+    <rule from="^http://cdn\.clicktale\.net/"
+
+    unresolved:
+		to="https://clicktalecdn.sslcs.cdngc.net/" />
+  -->
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Click_and_Pledge.com.xml b/src/chrome/content/rules/Click_and_Pledge.com.xml
index 4d760185235f..7ad490380987 100644
--- a/src/chrome/content/rules/Click_and_Pledge.com.xml
+++ b/src/chrome/content/rules/Click_and_Pledge.com.xml
@@ -39,7 +39,7 @@
 	<!--securecookie host="^forums\.clickandpledge\.com$" name="^(?:AWSELB|vb\d+(?:lastactivity|lastvisit|sessionhash))$" /-->
 	<!--securecookie host="^portal\.clickandpledge\.com$" name="^(__AntiXsrfToken|__cnpportal)$" /-->
 
-	<securecookie host="^(?:.+\.)?clickandpledge\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Clickfun_Casino.xml b/src/chrome/content/rules/Clickfun_Casino.xml
index 4f096a338f62..aa52c8f179b0 100644
--- a/src/chrome/content/rules/Clickfun_Casino.xml
+++ b/src/chrome/content/rules/Clickfun_Casino.xml
@@ -4,18 +4,19 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://clickfuncasino.com/ => https://clickfuncasino.com/: (51, "SSL: no alternative certificate subject name matches target host name 'clickfuncasino.com'")
 
 -->
-<ruleset name="Clickfun Casino" default_off='failed ruleset test'>
+<ruleset name="Clickfun Casino" default_off="failed ruleset test">
 
 	<target host="clickfun.com" />
-	<target host="*.clickfun.com" />
 	<target host="clickfuncasino.com" />
-	<target host="*.clickfuncasino.com" />
+	<target host="cdn77.clickfun.com" />
+	<target host="cdn77.clickfuncasino.com" />
+	<target host="www.clickfun.com" />
+	<target host="www.clickfuncasino.com" />
 
 
-	<securecookie host="^(?:.*\.)?clickfun(?:casino)?\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(cdn77\.|www\.)?clickfun(casino)?\.com/"
-		to="https://$1clickfun$2.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clickmatic.pl.xml b/src/chrome/content/rules/Clickmatic.pl.xml
index acbfc3d2fbd2..73defb25445f 100644
--- a/src/chrome/content/rules/Clickmatic.pl.xml
+++ b/src/chrome/content/rules/Clickmatic.pl.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	Cert mismatch:
 		- ada.clickmatic.pl
 		- beta.clickmatic.pl
@@ -6,7 +6,7 @@
 		- poczta.clickmatic.pl
 
 	Login required:
-		- dmp.clickmatic.pl 
+		- dmp.clickmatic.pl
 -->
 <ruleset name="Clickmatic.pl (partial)" >
 
diff --git a/src/chrome/content/rules/Clicksor.com.xml b/src/chrome/content/rules/Clicksor.com.xml
deleted file mode 100644
index a0aa116b3121..000000000000
--- a/src/chrome/content/rules/Clicksor.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)clicksor.com	(404; expired 2012-10-06, CN: new-host)
-
-
-	Problematic domains:
-
-		- pub.clicksor.net	(dropped)
-
-
-	Fully covered domains:
-
-		- clicksor.com subdomains:
-
-			- admin
-			- ads
-			- serw
-			- signup
-
-		- clicksor.net subdomains:
-
-			- pub	(→ ads.clicksor.com)
-
--->
-<ruleset name="Clicksor.com (partial)">
-
-	<target host="*.clicksor.com" />
-
-
-	<securecookie host="^\.clicksor\.com$" name=".+" />
-
-
-	<rule from="^http://(admin|ads|serw|signup)\.clicksor\.com/"
-		to="https://$1.clicksor.com/" />
-
-	<rule from="^http://pub\.clicksor\.net/"
-		to="https://ads.clicksor.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Clicktools.xml b/src/chrome/content/rules/Clicktools.xml
index ce984027ae5b..f8b99c217e91 100644
--- a/src/chrome/content/rules/Clicktools.xml
+++ b/src/chrome/content/rules/Clicktools.xml
@@ -22,7 +22,7 @@
 					-->
 	<!--securecookie host="^(?:app|survey|www)\.clicktools\.com$" name="^BIGipServer" /-->
 
-	<securecookie host="^(?:.+\.)?clicktools\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Clicky.com.xml b/src/chrome/content/rules/Clicky.com.xml
new file mode 100644
index 000000000000..99b57f7b58b5
--- /dev/null
+++ b/src/chrome/content/rules/Clicky.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Other clicky rulesets:
+		- StaticStuff.net.xml
+		- GetClicky.com.xml
+
+	Wildcard DNS and certificate
+
+-->
+<ruleset name="Clicky.com">
+
+	<target host="clicky.com" />
+	<target host="*.clicky.com" />
+		<test url="http://www.clicky.com/" />
+		<test url="http://api.clicky.com/" />
+		<test url="http://widgets.clicky.com/" />
+
+	<rule from="^http://([\w-]+\.)?clicky\.com/" 
+		  to="https://$1clicky.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Client.foldingathome.org.xml b/src/chrome/content/rules/Client.foldingathome.org.xml
new file mode 100644
index 000000000000..295b755a734e
--- /dev/null
+++ b/src/chrome/content/rules/Client.foldingathome.org.xml
@@ -0,0 +1,33 @@
+<!--
+	Timeout:
+		- db2
+
+	Mismatched:
+		- mail
+		- web
+
+	Self-signed:
+		- assign6
+
+	Redirects to HTTP:
+		- nacl
+-->
+<ruleset name="FoldingAtHome.org">
+	<target host="foldingathome.org" />
+	<target host="www.foldingathome.org" />
+	<target host="api.foldingathome.org" />
+	<target host="apps.foldingathome.org" />
+	<target host="assign1.foldingathome.org" />
+	<target host="assign2.foldingathome.org" />
+	<target host="assign3.foldingathome.org" />
+	<target host="assign4.foldingathome.org" />
+	<target host="assign5.foldingathome.org" />
+	<target host="client.foldingathome.org" />
+	<target host="console.foldingathome.org" />
+	<target host="cores.foldingathome.org" />
+	<target host="download.foldingathome.org" />
+	<target host="fah-web.foldingathome.org" />
+	<target host="stats.foldingathome.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Climate-Central.xml b/src/chrome/content/rules/Climate-Central.xml
index 4563a748aedb..0fa18e96f20a 100644
--- a/src/chrome/content/rules/Climate-Central.xml
+++ b/src/chrome/content/rules/Climate-Central.xml
@@ -1,7 +1,7 @@
 <!--
 	climatecentral47041.thankyou4caring.org
 -->
-<ruleset name="Climate Central" default_off='http redirect'>
+<ruleset name="Climate Central" default_off="http redirect">
 	<target host="climatecentral.org" />
 	<target host="www.climatecentral.org" />
 
diff --git a/src/chrome/content/rules/Clinkle.com.xml b/src/chrome/content/rules/Clinkle.com.xml
index 3400c2080fdf..719053847ddd 100644
--- a/src/chrome/content/rules/Clinkle.com.xml
+++ b/src/chrome/content/rules/Clinkle.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://clinkle.com/ => https://clinkle.com/: (60, 'SSL certificate
 Fetch error: http://www.clinkle.com/ => https://www.clinkle.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Clinkle.com" default_off='failed ruleset test'>
+<ruleset name="Clinkle.com" default_off="failed ruleset test">
 
 	<target host="clinkle.com" />
 	<target host="www.clinkle.com" />
@@ -13,4 +13,4 @@ Fetch error: http://www.clinkle.com/ => https://www.clinkle.com/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Clockworkmod.com.xml b/src/chrome/content/rules/Clockworkmod.com.xml
index 8570b679d687..3824514b7953 100644
--- a/src/chrome/content/rules/Clockworkmod.com.xml
+++ b/src/chrome/content/rules/Clockworkmod.com.xml
@@ -27,4 +27,4 @@
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Clothing_at_Tesco.com.xml b/src/chrome/content/rules/Clothing_at_Tesco.com.xml
index ef24b6bf213d..58a27e52a30f 100644
--- a/src/chrome/content/rules/Clothing_at_Tesco.com.xml
+++ b/src/chrome/content/rules/Clothing_at_Tesco.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.clothingattesco.com/ => https://www.clothingattesco.com/
 	* Secured by us
 
 -->
-<ruleset name="Clothing at Tesco.com" default_off='failed ruleset test'>
+<ruleset name="Clothing at Tesco.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ClouDNS.net.xml b/src/chrome/content/rules/ClouDNS.net.xml
deleted file mode 100644
index e2df7d006f62..000000000000
--- a/src/chrome/content/rules/ClouDNS.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	^: Cert only matches www
-
-
-	Insecure cookies are set for these domains:
-
-		- www.cloudns.net
-
--->
-<ruleset name="ClouDNS.net">
-
-	<target host="cloudns.net" />
-	<target host="www.cloudns.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.cloudns\.net$" name="^(lang|session_id)$" /-->
-
-	<securecookie host="^www\.cloudns\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cloud-Privacy.xml b/src/chrome/content/rules/Cloud-Privacy.xml
deleted file mode 100644
index 85b6daaacae7..000000000000
--- a/src/chrome/content/rules/Cloud-Privacy.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
--->
-<ruleset name="Cloud Privacy (partial)">
-
-	<target host="files.cloudprivacy.net" />
-
-
-	<rule from="^http://files\.cloudprivacy\.net/"
-		to="https://s3.amazonaws.com/files.cloudprivacy.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cloud9.xml b/src/chrome/content/rules/Cloud9.xml
index 8a9d518220ee..60bbb7b38fda 100644
--- a/src/chrome/content/rules/Cloud9.xml
+++ b/src/chrome/content/rules/Cloud9.xml
@@ -11,8 +11,8 @@ Fetch error: http://cdn.c9.io/ => https://cdn.c9.io/: Too many redirects while f
 		- docs.c9.io
 
 -->
-<ruleset name="C9.io" default_off='failed ruleset test'>
-    <target host="c9.io" />
+<ruleset name="C9.io" default_off="failed ruleset test">
+  <target host="c9.io" />
 	<target host="docs.c9.io" />
 	<target host="www.c9.io" />
 	<target host="get.c9.io" />
diff --git a/src/chrome/content/rules/CloudAtCost.com.xml b/src/chrome/content/rules/CloudAtCost.com.xml
index 555f3ccef112..5d8575bdfa11 100644
--- a/src/chrome/content/rules/CloudAtCost.com.xml
+++ b/src/chrome/content/rules/CloudAtCost.com.xml
@@ -15,14 +15,9 @@
 
     <exclusion pattern="^http://panel\.cloudatcost\.com:[0-9]+/" />
 
-        <test url="http://panel.cloudatcost.com/" />
         <test url="http://panel.cloudatcost.com:12345/" />
         <test url="http://panel.cloudatcost.com:59848/console.html" />
 
     <rule from="^http:" to="https:" />
 
-        <test url="http://panel.cloudatcost.com/" />
-        <test url="http://members.cloudatcost.com/" />
-        <test url="http://panel.cloudatcost.com/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/CloudControl.com.xml b/src/chrome/content/rules/CloudControl.com.xml
index 03fdb7b3b4e4..80acd9fe890e 100644
--- a/src/chrome/content/rules/CloudControl.com.xml
+++ b/src/chrome/content/rules/CloudControl.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://cloudcontrol.com/ => https://www.cloudcontrol.com/: (35, 'Un
 	* Secured by us, changes alignment slightly
 
 -->
-<ruleset name="cloudControl.com (partial)" default_off='failed ruleset test'>
+<ruleset name="cloudControl.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CloudCracker.xml b/src/chrome/content/rules/CloudCracker.xml
index 4413dd91d43d..1a72b5aa5a8d 100644
--- a/src/chrome/content/rules/CloudCracker.xml
+++ b/src/chrome/content/rules/CloudCracker.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.wpacracker.com/ => https://cloudcracker.com/: (7, 'Faile
 	(www.)?wpacracker.com: Expired
 
 -->
-<ruleset name="CloudCracker" default_off='failed ruleset test'>
+<ruleset name="CloudCracker" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CloudFlare.xml b/src/chrome/content/rules/CloudFlare.xml
deleted file mode 100644
index 952c86944807..000000000000
--- a/src/chrome/content/rules/CloudFlare.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-
-	Other CloudFlare rulesets:
-
-		- CloudFlare_Challenge.com.xml
-		- Cloudflarestatus.com.xml
-
-
-	Nonfunctional subdomains:
-
-		- developers (redirects to appdev)
-		- appdev	(domain doesn't exist)
-		- js
-
-
-	CloudFlare sets insecure __cfduid and cf_clearance
-	wildcard cookies for every client domain.
-
--->
-<ruleset name="CloudFlare.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cloudflare.com" />
-	<target host="ajax.cloudflare.com" />
-	<target host="ar.cloudflare.com" />
-	<target host="blog.cloudflare.com" />
-	<target host="cdnjs.cloudflare.com" />
-	<target host="cdn-static.cloudflare.com" />
-	<target host="cn.cloudflare.com" />
-	<target host="de.cloudflare.com" />
-	<target host="es.cloudflare.com" />
-	<target host="fr.cloudflare.com" />
-	<target host="hu.cloudflare.com" />
-	<target host="id.cloudflare.com" />
-	<target host="it.cloudflare.com" />
-	<target host="jp.cloudflare.com" />
-	<target host="nl.cloudflare.com" />
-	<target host="no.cloudflare.com" />
-	<target host="pl.cloudflare.com" />
-	<target host="pt.cloudflare.com" />
-	<target host="pt-br.cloudflare.com" />
-	<target host="ru.cloudflare.com" />
-	<target host="support.cloudflare.com" />
-	<target host="sv.cloudflare.com" />
-	<target host="tr.cloudflare.com" />
-	<target host="www.cloudflare.com" />
-	<target host="zh.cloudflare.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CloudFlare_Challenge.com.xml b/src/chrome/content/rules/CloudFlare_Challenge.com.xml
deleted file mode 100644
index dc0c6ff18a01..000000000000
--- a/src/chrome/content/rules/CloudFlare_Challenge.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other CloudFlare coverage, see CloudFlare.xml.
-
--->
-<ruleset name="CloudFlare Challenge.com" default_off="expired">
-
-	<target host="cloudflarechallenge.com" />
-	<target host="www.cloudflarechallenge.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CloudLinux.com-falsemixed.xml b/src/chrome/content/rules/CloudLinux.com-falsemixed.xml
deleted file mode 100644
index 76467e0490f5..000000000000
--- a/src/chrome/content/rules/CloudLinux.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see CloudLinux.com.xml.
-
--->
-<ruleset name="CloudLinux.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="kb.cloudlinux.com" />
-
-
-	<securecookie host="^\.cloudlinux\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CloudMagic.xml b/src/chrome/content/rules/CloudMagic.xml
index 1aff1cd1778d..6797260cdba4 100644
--- a/src/chrome/content/rules/CloudMagic.xml
+++ b/src/chrome/content/rules/CloudMagic.xml
@@ -16,5 +16,5 @@
 
 	<rule from="^http:"
 		to="https:" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/CloudSigma.xml b/src/chrome/content/rules/CloudSigma.xml
index 08f0aa1b95af..fd633881280d 100644
--- a/src/chrome/content/rules/CloudSigma.xml
+++ b/src/chrome/content/rules/CloudSigma.xml
@@ -4,19 +4,22 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cloudsigma.com/ => https://cloudsigma.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="CloudSigma" default_off='failed ruleset test'>
+<ruleset name="CloudSigma" default_off="failed ruleset test">
 
 	<target host="cloudsigma.com" />
-	<target host="*.cloudsigma.com" />
+	<target host="autodetect.cloudsigma.com" />
+	<target host="www.cloudsigma.com" />
+	<target host="zrh.cloudsigma.com" />
+	<target host="gui.zrh.cloudsigma.com" />
+	<target host="status.cloudsigma.com" />
 
 
-	<securecookie host="^(?:.*\.)?cloudsigma\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://((?:autodetect|www|zrh|gui\.zrh)\.)?cloudsigma\.com/"
-		to="https://$1cloudsigma.com/" />
 
 	<rule from="^http://status\.cloudsigma\.com/"
 		to="https://cloudsigma.statuspage.io/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CloudSwitch.xml b/src/chrome/content/rules/CloudSwitch.xml
index 75b472999b6b..3dc4b643860f 100644
--- a/src/chrome/content/rules/CloudSwitch.xml
+++ b/src/chrome/content/rules/CloudSwitch.xml
@@ -6,12 +6,12 @@ Fetch error: http://cloudswitch.com/ => https://cloudswitch.com/: (60, 'SSL cert
 Disabled by https-everywhere-checker because:
 Fetch error: http://cloudswitch.com/ => https://cloudswitch.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cloudswitch.com'")	Bucket at d1jyhm1p20pq9z.cloudfront.net
 -->
-<ruleset name="CloudSwitch" default_off='failed ruleset test'>
+<ruleset name="CloudSwitch" default_off="failed ruleset test">
 
 	<target host="cloudswitch.com"/>
 	<target host="*.cloudswitch.com"/>
 
-	<securecookie host=".*cloudswitch\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?cloudswitch\.com/"
 		to="https://$1cloudswitch.com/"/>
diff --git a/src/chrome/content/rules/Cloud_Foundry.org.xml b/src/chrome/content/rules/Cloud_Foundry.org.xml
index 9e511aea2154..19d5363acd84 100644
--- a/src/chrome/content/rules/Cloud_Foundry.org.xml
+++ b/src/chrome/content/rules/Cloud_Foundry.org.xml
@@ -18,7 +18,7 @@ Fetch error: http://blog.cloudfoundry.org/wp-content/themes/custom-org14/images/
 		- blog		(→ i0.wp.com)
 
 -->
-<ruleset name="Cloud Foundry.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Cloud Foundry.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cloud_Foundry.xml b/src/chrome/content/rules/Cloud_Foundry.xml
index 52dc48914e46..6bd29e3c094d 100644
--- a/src/chrome/content/rules/Cloud_Foundry.xml
+++ b/src/chrome/content/rules/Cloud_Foundry.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.cloudfoundry.com/ => https://www.cloudfoundry.com/: (28,
 			- docs
 
 		- i[012].wp.com/blog.cloudfoundry.com/
-	
+
 
 	Nonfunctional subdomains:
 
@@ -38,7 +38,7 @@ Fetch error: http://www.cloudfoundry.com/ => https://www.cloudfoundry.com/: (28,
 		- blog		(→ blog.pivotal.io)
 
 -->
-<ruleset name="Cloud Foundry.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cloud Foundry.com (partial)" default_off="failed ruleset test">
 
 	<target host="cloudfoundry.com" />
 	<target host="core.cloudfoundry.com" />
diff --git a/src/chrome/content/rules/Cloud_Proven.net.xml b/src/chrome/content/rules/Cloud_Proven.net.xml
index 3395e3f5926a..d10115b4e931 100644
--- a/src/chrome/content/rules/Cloud_Proven.net.xml
+++ b/src/chrome/content/rules/Cloud_Proven.net.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cloudproven.net/ => https://cloudproven.net/: Too many redirects while fetching 'https://cloudproven.net/'
 
 -->
-<ruleset name="Cloud Proven.net" default_off='failed ruleset test'>
+<ruleset name="Cloud Proven.net" default_off="failed ruleset test">
 
 	<target host="cloudproven.net" />
 	<target host="www.cloudproven.net" />
diff --git a/src/chrome/content/rules/Cloudera.com.xml b/src/chrome/content/rules/Cloudera.com.xml
index 9e50ad29bf62..4cc9b6067e0c 100644
--- a/src/chrome/content/rules/Cloudera.com.xml
+++ b/src/chrome/content/rules/Cloudera.com.xml
@@ -1,98 +1,24 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ccp.cloudera.com/ => https://ccp.cloudera.com/: (6, 'Could not resolve host: www.ccp.cloudera.com')
-
-	CDN buckets:
-
-		- s3.amazonaws.com/files.cloudera.com.s3.amazonaws.com
-
-		- elqcdn.eloqua.com
-
-			- images.go
-
-
-	Nonfunctional subdomains:
-
-		- blog ¹
-		- vision ²
-
-	¹ 404
-	² Refused
-
-
-	Problematic subdomains:
-
-		- files ²
-		- go ³
-		- images.go ⁴
-
-	² AmazonAWS
-	³ Works; mismatched, CN: secure.eloqua.com
-	⁴ Works, Akamai
-
-
-	Fully covered subdomains:
+	Non-functional hosts
+		Timeout was reached:
+		- go.cloudera.com
 
-		- (www.)
-		- ccp
-		- community
-		- files		(→ s3.amazonaws.com)
-		- images.go	(→ secure.eloqua.com)
-		- university
-
-
-	Mixed content:
-
-		- css, on:
-
-			- blog from $self *
-			- go from files *
-			- go from www *
-
-		- Images, on:
-
-			- community from $self *
-			- community from www *
-			- go from files *
-			- www from ^ *
-
-		- favicon on go from files
-
-	* Secured by us
+		SSL connect error:
+		- ccp.cloudera.com
 
+		SSL peer certificate was not OK:
+		- files.cloudera.com
+		- images.go.cloudera.com
 -->
-<ruleset name="Cloudera.com" default_off='failed ruleset test'>
-
+<ruleset name="Cloudera.com">
 	<target host="cloudera.com" />
-	<target host="*.cloudera.com" />
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(ccp\.|www\.)?cloudera\.com$" name="^BIGipServercq-http$" /-->
-	<!--securecookie host="^\.cloudera\.com$" name="^VISITORID$" /-->
-	<!--securecookie host="^community\.cloudera\.com$" name="^LithiumVisitor$" /-->
-	<!--securecookie host="^\.go\.cloudera\.com$" name="^ELOQUA$" /-->
-	<!--securecookie host="^university\.cloudera\.com$" name="^SE$" /-->
-	<!--securecookie host="^www\.cloudera\.com$" name="^(JSESSIONID|renderid)$" /-->
-
-	<securecookie host="^(?:\.|ccp\.|university\.|www\.)?cloudera\.com$" name=".+" />
-
-
-	<rule from="^http://((?:ccp|community|university|www)\.)?cloudera\.com/"
-		to="https://$1cloudera.com/" />
-
-	<rule from="^http://files\.cloudera\.com/"
-		to="https://s3.amazonaws.com/files.cloudera.com/" />
-
-	<rule from="^http://images\.go\.cloudera\.com/"
-		to="https://secure.eloqua.com/" />
+	<target host="blog.cloudera.com" />
+	<target host="community.cloudera.com" />
+	<target host="university.cloudera.com" />
+	<target host="vision.cloudera.com" />
+	<target host="www.cloudera.com" />
 
-	<test url="http://ccp.cloudera.com/" />
-	<test url="http://community.cloudera.com/" />
-	<test url="http://files.cloudera.com/" />
-	<test url="http://images.go.cloudera.com/" />
-	<test url="http://university.cloudera.com/" />
-	<test url="http://www.cloudera.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cloudflare-ipfs.com.xml b/src/chrome/content/rules/Cloudflare-ipfs.com.xml
new file mode 100644
index 000000000000..b90527b4c233
--- /dev/null
+++ b/src/chrome/content/rules/Cloudflare-ipfs.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="cloudflare-ipfs.com">
+	<target host="cloudflare-ipfs.com" />
+	<target host="www.cloudflare-ipfs.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://cloudflare-ipfs.com/ipfs/QmXnnyufdzAWL5CqZ2RnSNgPbvCc1ALT73s6epPrRnZ1Xy" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudflare.com.xml b/src/chrome/content/rules/Cloudflare.com.xml
new file mode 100644
index 000000000000..dd3154994a91
--- /dev/null
+++ b/src/chrome/content/rules/Cloudflare.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Other Cloudflare rulesets:
+		- 1.0.0.1.xml
+		- 1.1.1.1.xml
+		- CloudflareStatus.com.xml
+
+	CloudFlare sets insecure __cfduid and cf_clearance wildcard cookies for every client domain
+-->
+
+<ruleset name="Cloudflare.com">
+	<target host="cloudflare.com" />
+	<target host="ajax.cloudflare.com" />
+	<target host="ar.cloudflare.com" />
+	<target host="blog.cloudflare.com" />
+	<target host="cdnjs.cloudflare.com" />
+	<target host="cdn-static.cloudflare.com" />
+	<target host="cn.cloudflare.com" />
+	<target host="de.cloudflare.com" />
+	<target host="developers.cloudflare.com" />
+	<target host="es.cloudflare.com" />
+	<target host="fr.cloudflare.com" />
+	<target host="hu.cloudflare.com" />
+	<target host="id.cloudflare.com" />
+	<target host="it.cloudflare.com" />
+	<target host="jp.cloudflare.com" />
+	<target host="js.cloudflare.com" />
+	<target host="nl.cloudflare.com" />
+	<target host="no.cloudflare.com" />
+	<target host="pl.cloudflare.com" />
+	<target host="pt.cloudflare.com" />
+	<target host="pt-br.cloudflare.com" />
+	<target host="ru.cloudflare.com" />
+	<target host="support.cloudflare.com" />
+	<target host="sv.cloudflare.com" />
+	<target host="tr.cloudflare.com" />
+	<target host="www.cloudflare.com" />
+	<target host="zh.cloudflare.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CloudflareStatus.com.xml b/src/chrome/content/rules/CloudflareStatus.com.xml
new file mode 100644
index 000000000000..1fd5c067b82f
--- /dev/null
+++ b/src/chrome/content/rules/CloudflareStatus.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+
+	Timed out:
+		- cloudflarestatus.com, equivalent to www.cloudflarestatus.com
+-->
+
+<ruleset name="CloudflareStatus.com">
+	<target host="cloudflarestatus.com" />
+	<target host="www.cloudflarestatus.com" />
+
+	<rule from="^http://cloudflarestatus\.com/"
+		to="https://www.cloudflarestatus.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudflarestatus.com.xml b/src/chrome/content/rules/Cloudflarestatus.com.xml
deleted file mode 100644
index c91723d045c9..000000000000
--- a/src/chrome/content/rules/Cloudflarestatus.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-        For other CloudFlare coverage, see CloudFlare.xml.
-
--->
-<!--^ timed out-->
-<ruleset name="Cloudflarestatus.com">
-	<target host="cloudflarestatus.com" />
-	<target host="www.cloudflarestatus.com" />
-	
-	<rule from="^http://cloudflarestatus\.com/"
-		to="https://www.cloudflarestatus.com/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Cloudfront.xml b/src/chrome/content/rules/Cloudfront.xml
index f49f3299a505..9886a8f80fd7 100644
--- a/src/chrome/content/rules/Cloudfront.xml
+++ b/src/chrome/content/rules/Cloudfront.xml
@@ -8,6 +8,10 @@
 	<test url="http://d1ej19d7kwigfi.cloudfront.net/" />
 	<test url="http://d1h9a8s8eodvjz.cloudfront.net/" />
 
+	<!-- from NYDailyNews.xml, used on classifieds.nydailynews.com -->
+	<test url="http://dmpwow64jb5ov.cloudfront.net/resource/stylesheet/6d3a9c8bc9ebafc0bba40e52c5b86008/fef8e26fba7270d13c02bac0af00ec9d.css" />
+	<test url="http://dmpwow64jb5ov.cloudfront.net/resource/javascript/6d3a9c8bc9ebafc0bba40e52c5b86008/0b13a3fc2c3955f1d27992bc6458d8a0.js" />
+
 		<!--test url="http://d1o1wlqwda3y1b.cloudfront.net/A-NAL/CNVNAL-35096_31457369972thmb.jpg" /-->
 		<!--test url="http://d1uc3ft0n4nkav.cloudfront.net/images/gradient_bg.png" /-->
 		<!--test url="http://d235bdyk0zpoq6.cloudfront.net/assets/vibratissimo.jpg" /-->
diff --git a/src/chrome/content/rules/Cloudhexa_Network.xml b/src/chrome/content/rules/Cloudhexa_Network.xml
deleted file mode 100644
index dfa71620d962..000000000000
--- a/src/chrome/content/rules/Cloudhexa_Network.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	^cloudhexa.com times out over http
-
--->
-<ruleset name="Cloudhexa Network">
-
-	<target host="*.cloudhexa.com" />
-
-
-	<securecookie host="^\.(?:www\.)?cloudhexa\.com$" name=".+" />
-
-
-	<rule from="^http://www\.cloudhexa\.com/"
-		to="https://www.cloudhexa.com/" />
-
-	<rule from="^http://support\.cloudhexa\.com/"
-		to="https://cloudhexa.zendesk.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cloudmining.guru.xml b/src/chrome/content/rules/Cloudmining.guru.xml
deleted file mode 100644
index 37d1713d9c89..000000000000
--- a/src/chrome/content/rules/Cloudmining.guru.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Cloudmining.guru">
-
-	<target host="cloudmining.guru" />
-	<target host="www.cloudmining.guru" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cloudmutt.com.xml b/src/chrome/content/rules/Cloudmutt.com.xml
new file mode 100644
index 000000000000..e2448c5b2513
--- /dev/null
+++ b/src/chrome/content/rules/Cloudmutt.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cloudmutt.com">
+	<target host="cloudmutt.com" />
+	<target host="www.cloudmutt.com" />
+	<target host="lists.cloudmutt.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudscaling.com.xml b/src/chrome/content/rules/Cloudscaling.com.xml
index 309d1b1f459a..4a826175ad0a 100644
--- a/src/chrome/content/rules/Cloudscaling.com.xml
+++ b/src/chrome/content/rules/Cloudscaling.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://cloudscaling.com/ => https://cloudscaling.com/: (60, 'SSL ce
 		- engineering
 
 -->
-<ruleset name="Cloudscaling.com" default_off='failed ruleset test'>
+<ruleset name="Cloudscaling.com" default_off="failed ruleset test">
 
 	<target host="cloudscaling.com" />
 	<target host="engineering.cloudscaling.com" />
@@ -24,4 +24,4 @@ Fetch error: http://cloudscaling.com/ => https://cloudscaling.com/: (60, 'SSL ce
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cloudwear.com.xml b/src/chrome/content/rules/Cloudwear.com.xml
index 4b8e9bcfbab2..03c7eff2b539 100644
--- a/src/chrome/content/rules/Cloudwear.com.xml
+++ b/src/chrome/content/rules/Cloudwear.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://cloudwear.com/ => https://cloudwear.com/: (28, 'Connection t
 Fetch error: http://www.cloudwear.com/ => https://www.cloudwear.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Cloudwear.com" default_off='failed ruleset test'>
+<ruleset name="Cloudwear.com" default_off="failed ruleset test">
 
 	<target host="cloudwear.com" />
 	<target host="www.cloudwear.com" />
diff --git a/src/chrome/content/rules/Clubic.com.xml b/src/chrome/content/rules/Clubic.com.xml
new file mode 100644
index 000000000000..1766a9912cbe
--- /dev/null
+++ b/src/chrome/content/rules/Clubic.com.xml
@@ -0,0 +1,35 @@
+
+<!--
+	Mismatched:
+		- blog
+		- bo-shopper
+		- bons-plans
+		- cashback
+		- emploi-informatique
+		- pro
+
+	Timeout:
+		- gitlab
+		- img
+
+	Expired:
+		- prodf
+-->
+<ruleset name="Clubic.com">
+	<target host="clubic.com" />
+	<target host="www.clubic.com" />
+	<target host="bo.clubic.com" />
+	<target host="prod.bo.clubic.com" />
+	<target host="castor.clubic.com" />
+	<target host="prod.castor.clubic.com" />
+	<target host="faye.cube.clubic.com" />
+	<target host="preprod.front01.clubic.com" />
+	<target host="gems.clubic.com" />
+	<target host="pic.clubic.com" />
+	<target host="prod.pic.clubic.com" />
+	<target host="pic-fresh.clubic.com" />
+	<target host="usine.clubic.com" />
+	<target host="preprod.usine.clubic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ClusterHQ.com.xml b/src/chrome/content/rules/ClusterHQ.com.xml
index 0acf1bb58d1b..e406ebcdb465 100644
--- a/src/chrome/content/rules/ClusterHQ.com.xml
+++ b/src/chrome/content/rules/ClusterHQ.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://docs.clusterhq.com/ => https://docs.clusterhq.com/: (6, 'Cou
 	* Secured by us
 
 -->
-<ruleset name="ClusterHQ.com" default_off='failed ruleset test'>
+<ruleset name="ClusterHQ.com" default_off="failed ruleset test">
 
 	<target host="clusterhq.com" />
 	<target host="docs.clusterhq.com" />
diff --git a/src/chrome/content/rules/Clusters.de.xml b/src/chrome/content/rules/Clusters.de.xml
index 09d6577b8403..45ea14aaaa56 100644
--- a/src/chrome/content/rules/Clusters.de.xml
+++ b/src/chrome/content/rules/Clusters.de.xml
@@ -1,7 +1,9 @@
 <ruleset name="Clusters.de">
 
 	<target host="clusters.de" />
-	<target host="*.clusters.de" />
+	<target host="customer.clusters.de" />
+	<target host="domain.clusters.de" />
+	<target host="www.clusters.de" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^(?:customer|domain)\.clusters\.de$" name=".+" />
 
 
-	<rule from="^http://((?:customer|domain|www)\.)?clusters\.de/"
-		to="https://$1clusters.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CmCDN.net.xml b/src/chrome/content/rules/CmCDN.net.xml
index a5e59ef2c16c..7fd85f434035 100644
--- a/src/chrome/content/rules/CmCDN.net.xml
+++ b/src/chrome/content/rules/CmCDN.net.xml
@@ -24,7 +24,7 @@ Fetch error: http://s.cmcdn.net/ => https://d1gyuuidj3lauh.cloudfront.net/: (6,
 		- s
 
 -->
-<ruleset name="CaCDN.net" default_off='failed ruleset test'>
+<ruleset name="CaCDN.net" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
@@ -33,7 +33,7 @@ Fetch error: http://s.cmcdn.net/ => https://d1gyuuidj3lauh.cloudfront.net/: (6,
 
 
 	<rule from="^http://media\.cmcdn\.net/"
-		to="https://d2tbi97h020xxe.cloudfront.net/" />
+		to="https://media.cmcdn.net/" />
 
 	<rule from="^http://s\.cmcdn\.net/"
 		to="https://d1gyuuidj3lauh.cloudfront.net/" />
diff --git a/src/chrome/content/rules/Cmtt.ru.xml b/src/chrome/content/rules/Cmtt.ru.xml
deleted file mode 100644
index 50dd6a3f41f0..000000000000
--- a/src/chrome/content/rules/Cmtt.ru.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="cmtt.ru">
-
-	<target host="*.siliconrus.cmtt.ru" />
-
-		<test url="http://static41.siliconrus.cmtt.ru/user-userpic/a4/2b/2c/8b0b7f559677c1.jpg" />
-		<test url="http://static46.siliconrus.cmtt.ru/user-userpic/90/9b/22/b72841e00fdd04.jpg" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cnchost.com.xml b/src/chrome/content/rules/Cnchost.com.xml
index 195a165f56fd..edc645527ab2 100644
--- a/src/chrome/content/rules/Cnchost.com.xml
+++ b/src/chrome/content/rules/Cnchost.com.xml
@@ -22,7 +22,7 @@ Non-2xx HTTP code: http://secure.cnchost.com/ (200) => https://secure.cnchost.co
 		- secure
 
 -->
-<ruleset name="cnchost.com (partial)" default_off='failed ruleset test'>
+<ruleset name="cnchost.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Co-operative-bank.xml b/src/chrome/content/rules/Co-operative-bank.xml
index 513c8fd30e90..c6977686f08d 100644
--- a/src/chrome/content/rules/Co-operative-bank.xml
+++ b/src/chrome/content/rules/Co-operative-bank.xml
@@ -1,7 +1,8 @@
 <ruleset name="co-operative bank">
 
 	<target host="co-operativebank.co.uk" />
-	<target host="*.co-operativebank.co.uk" />
+	<target host="www.co-operativebank.co.uk" />
+	<target host="personal.co-operativebank.co.uk" />
 
 
 	<securecookie host="^.*\.co-operativebank\.co\.uk$" name=".+" />
@@ -11,7 +12,6 @@
 	<rule from="^http://(?:www\.)?co-operativebank\.co\.uk/"
 		to="https://www.co-operativebank.co.uk/" />
 
-	<rule from="^http://personal\.co-operativebank\.co\.uk/"
-		to="https://personal.co-operativebank.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Co3_Sys.com.xml b/src/chrome/content/rules/Co3_Sys.com.xml
deleted file mode 100644
index b422bba6df3a..000000000000
--- a/src/chrome/content/rules/Co3_Sys.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	^: mismatched, CN: *.devcloud.acquia-sites.com
-	data-security: mismatched, CN: *.unbounce.com
-
--->
-<ruleset name="Co3 Sys.com">
-
-	<target host="co3sys.com" />
-	<target host="*.co3sys.com" />
-
-
-	<securecookie host="^app\.co3sys\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?co3sys\.com/"
-		to="https://www.co3sys.com/" />
-
-	<rule from="^http://app\.co3sys\.com/"
-		to="https://app.co3sys.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CoGen-Media.xml b/src/chrome/content/rules/CoGen-Media.xml
index a493e72be64b..7089db721077 100644
--- a/src/chrome/content/rules/CoGen-Media.xml
+++ b/src/chrome/content/rules/CoGen-Media.xml
@@ -38,7 +38,7 @@
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cogen Media (partial)" default_off="missing certificate chain">
+<ruleset name="Cogen Media (partial)" default_off="cert-chain">
 
 	<target host="degica.com" />
 	<target host="comipo.degica.com" />
diff --git a/src/chrome/content/rules/CoNetrix.xml b/src/chrome/content/rules/CoNetrix.xml
index 37331f11e244..ac54bd5b8b95 100644
--- a/src/chrome/content/rules/CoNetrix.xml
+++ b/src/chrome/content/rules/CoNetrix.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coalition-S.org.xml b/src/chrome/content/rules/Coalition-S.org.xml
new file mode 100644
index 000000000000..6aae3eb55bdb
--- /dev/null
+++ b/src/chrome/content/rules/Coalition-S.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Coalition-S.org">
+
+	<target host="coalition-s.org" />
+	<target host="www.coalition-s.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Coast-Capital-Savings.xml b/src/chrome/content/rules/Coast-Capital-Savings.xml
index 56bb433da846..ca50c882b5bf 100644
--- a/src/chrome/content/rules/Coast-Capital-Savings.xml
+++ b/src/chrome/content/rules/Coast-Capital-Savings.xml
@@ -10,7 +10,7 @@ Fetch error: http://vote.coastcapitalsavings.com/ => https://vote.coastcapitalsa
 		- www.copsforcancer.coastcapitalsavings.com
 -->
 
-<ruleset name="Coast Capital Savings" default_off='failed ruleset test'>
+<ruleset name="Coast Capital Savings" default_off="failed ruleset test">
 	<target host="coastcapitalsavings.com" />
 	<target host="www.coastcapitalsavings.com" />
 	<target host="agency.coastcapitalsavings.com" />
diff --git a/src/chrome/content/rules/Coast-Digital.xml b/src/chrome/content/rules/Coast-Digital.xml
index 95848cecad89..c0ac9f1f7d87 100644
--- a/src/chrome/content/rules/Coast-Digital.xml
+++ b/src/chrome/content/rules/Coast-Digital.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://coastdigital.co.uk/ => https://coastdigital.co.uk/: (60, 'SSL certificate problem: self signed certificate')
 Fetch error: http://www.coastdigital.co.uk/ => https://coastdigital.co.uk/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Coast Digital" default_off='failed ruleset test'>
+<ruleset name="Coast Digital" default_off="failed ruleset test">
 
 	<target host="coastdigital.co.uk"/>
 	<target host="www.coastdigital.co.uk"/>
diff --git a/src/chrome/content/rules/Coastal_Micro_Supply.xml b/src/chrome/content/rules/Coastal_Micro_Supply.xml
index 927062badb7f..8cd9274eefb6 100644
--- a/src/chrome/content/rules/Coastal_Micro_Supply.xml
+++ b/src/chrome/content/rules/Coastal_Micro_Supply.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.coastalmicrosupply.com/ => https://www.coastalmicrosuppl
 	Some (most)? pages redirect to http.
 
 -->
-<ruleset name="Coastal Micro Supply (partial)" default_off='failed ruleset test'>
+<ruleset name="Coastal Micro Supply (partial)" default_off="failed ruleset test">
 
 	<target host="coastalmicrosupply.com" />
 	<target host="www.coastalmicrosupply.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.coastalmicrosupply.com/ => https://www.coastalmicrosuppl
 	<rule from="^http://(www\.)?coastalmicrosupply\.com/($|catalog\.html|images/|index\.php\?target=auth|skins/)"
 		to="https://$1coastalmicrosupply.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoasterForce.com.xml b/src/chrome/content/rules/CoasterForce.com.xml
new file mode 100644
index 000000000000..e394efcccb2c
--- /dev/null
+++ b/src/chrome/content/rules/CoasterForce.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="CoasterForce.com">
+
+	<target host="coasterforce.com" />
+	<target host="www.coasterforce.com" />
+	<target host="cpanel.coasterforce.com" />
+	<target host="forums.coasterforce.com" />
+	<target host="www.forums.coasterforce.com" />
+	<target host="mail.coasterforce.com" />
+	<target host="webdisk.coasterforce.com" />
+	<target host="webmail.coasterforce.com" />
+	<target host="whm.coasterforce.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Cobalt_Mania.com.xml b/src/chrome/content/rules/Cobalt_Mania.com.xml
index e3a9c73e1208..969f0a998ad5 100644
--- a/src/chrome/content/rules/Cobalt_Mania.com.xml
+++ b/src/chrome/content/rules/Cobalt_Mania.com.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cobaltmania.com/ => https://www.cobaltmania.com/: (7, 'Failed to connect to www.cobaltmania.com port 443: Connection refused')
 
 -->
-<ruleset name="Cobalt Mania.com" default_off='failed ruleset test'>
+<ruleset name="Cobalt Mania.com" default_off="failed ruleset test">
 
 	<target host="cobaltmania.com" />
-	<target host="*.cobaltmania.com" />
+	<target host="www.cobaltmania.com" />
 
 
 	<securecookie host="^(?:www)?\.cobaltmania.com$" name=".+" />
diff --git a/src/chrome/content/rules/Coccoc.com.xml b/src/chrome/content/rules/Coccoc.com.xml
index a953523368b7..d73bbea27152 100644
--- a/src/chrome/content/rules/Coccoc.com.xml
+++ b/src/chrome/content/rules/Coccoc.com.xml
@@ -3,7 +3,6 @@
 	<target host="www.coccoc.com" />
 	<target host="poipic.coccoc.com" />
 
-  <test url="http://coccoc.com/search" />
   <test url="http://coccoc.com/search" />
   <test url="http://coccoc.com/search#query=atm+ho%C3%A0n+ki%E1%BA%BFm" />
 
diff --git a/src/chrome/content/rules/Cock.li.xml b/src/chrome/content/rules/Cock.li.xml
new file mode 100644
index 000000000000..c29d93a2feae
--- /dev/null
+++ b/src/chrome/content/rules/Cock.li.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- munin
+		- mx2
+		- ns2
+		- xmpp
+-->
+<ruleset name="Cock.li">
+	<target host="cock.li" />
+	<target host="www.cock.li" />
+	<target host="admin.cock.li" />
+	<target host="autoconfig.cock.li" />
+	<target host="box.cock.li" />
+	<target host="www.box.cock.li" />
+	<target host="git.cock.li" />
+	<target host="lists.cock.li" />
+	<target host="mail.cock.li" />
+	<target host="mx1.cock.li" />
+	<target host="status.cock.li" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cockbox.org.xml b/src/chrome/content/rules/Cockbox.org.xml
new file mode 100644
index 000000000000..ad5812986e07
--- /dev/null
+++ b/src/chrome/content/rules/Cockbox.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Cockbox.org">
+	<target host="cockbox.org" />
+	<target host="www.cockbox.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CodeWeavers.xml b/src/chrome/content/rules/CodeWeavers.xml
index 706ad6a339e6..415b707450a0 100644
--- a/src/chrome/content/rules/CodeWeavers.xml
+++ b/src/chrome/content/rules/CodeWeavers.xml
@@ -6,7 +6,7 @@
 
   	<securecookie host="^www\.codeweavers\.com$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Code_for_America.org.xml b/src/chrome/content/rules/Code_for_America.org.xml
index 816ad3a36d92..5ff587aacae6 100644
--- a/src/chrome/content/rules/Code_for_America.org.xml
+++ b/src/chrome/content/rules/Code_for_America.org.xml
@@ -23,7 +23,7 @@ Fetch error: http://people.codeforamerica.org/ => https://people.codeforamerica.
 	ˢ Secured by us
 
 -->
-<ruleset name="Code for America.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Code for America.org (partial)" default_off="failed ruleset test">
 
 	<target host="codeforamerica.org" />
 	<target host="jekit.codeforamerica.org" />
diff --git a/src/chrome/content/rules/Codebase_HQ.com.xml b/src/chrome/content/rules/Codebase_HQ.com.xml
index 81bcf92ef00a..433189fa5b11 100644
--- a/src/chrome/content/rules/Codebase_HQ.com.xml
+++ b/src/chrome/content/rules/Codebase_HQ.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://codebasehq.com/ => https://codebasehq.com/: (7, 'Failed to c
 		- www.codebasehq.com
 
 -->
-<ruleset name="Codebase HQ.com" default_off='failed ruleset test'>
+<ruleset name="Codebase HQ.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Codeblocks.org.xml b/src/chrome/content/rules/Codeblocks.org.xml
new file mode 100644
index 000000000000..d98e4966ff1f
--- /dev/null
+++ b/src/chrome/content/rules/Codeblocks.org.xml
@@ -0,0 +1,22 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Different content:
+		forums.codeblocks.org
+		wiki.codeblocks.org
+
+	Invalid certificate:
+		www.codeblocks.org
+
+	Timeout:
+		staging.codeblocks.org
+-->
+<ruleset name="Codeblocks.org (partial)">
+
+	<target host="codeblocks.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CodecGuide.com.xml b/src/chrome/content/rules/CodecGuide.com.xml
new file mode 100644
index 000000000000..c2a74e961413
--- /dev/null
+++ b/src/chrome/content/rules/CodecGuide.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- files2.codecguide.com
+-->
+<ruleset name="CodecGuide.com">
+	<target host="codecguide.com" />
+	<target host="www.codecguide.com" />
+	<target host="data.codecguide.com" />
+	<target host="files.codecguide.com" />
+	<target host="files3.codecguide.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codecombat.com.xml b/src/chrome/content/rules/Codecombat.com.xml
index b0aba90dcb5e..03699d1c8bad 100644
--- a/src/chrome/content/rules/Codecombat.com.xml
+++ b/src/chrome/content/rules/Codecombat.com.xml
@@ -9,11 +9,11 @@
 	<!-- refused
 	files.codecombat.com
 	-->
-	
+
 	<!--self-signed
 	direct.codecombat.com
 	-->
-	
+
 	<!--mixed content
 	blog.codecombat.com
 	-->
diff --git a/src/chrome/content/rules/Codecoon.com.xml b/src/chrome/content/rules/Codecoon.com.xml
index 16e65b7ac270..c4b31a84a2fa 100644
--- a/src/chrome/content/rules/Codecoon.com.xml
+++ b/src/chrome/content/rules/Codecoon.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.codecoon.com/ => https://www.codecoon.com/: (51, "SSL: n
 	* Secured by us
 
 -->
-<ruleset name="Codecoon.com" default_off='failed ruleset test'>
+<ruleset name="Codecoon.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Codeforces.com.xml b/src/chrome/content/rules/Codeforces.com.xml
new file mode 100644
index 000000000000..ee61d3843830
--- /dev/null
+++ b/src/chrome/content/rules/Codeforces.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.codeforces.com (as of 2019-01-02):
+		# m1.codeforces.com (m)
+		# m3.codeforces.com (r)
+
+	m: certificate mismatch
+	r: connection refused
+-->
+<ruleset name="Codeforces.com">
+	<target host="codeforces.com" />
+		<test url="http://codeforces.com/enter" />
+	<target host="www.codeforces.com" />
+		<test url="http://www.codeforces.com/enter" />
+	<target host="m2.codeforces.com" />
+		<test url="http://m2.codeforces.com/enter" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codehaus.org.xml b/src/chrome/content/rules/Codehaus.org.xml
index ed2aa3d6104f..a03beccf68e9 100644
--- a/src/chrome/content/rules/Codehaus.org.xml
+++ b/src/chrome/content/rules/Codehaus.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://jira.codehaus.org/ => https://jira.codehaus.org/: (28, 'Conn
 		- Image on jira from www.codehaus.org
 
 -->
-<ruleset name="Codehaus.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Codehaus.org (partial)" default_off="failed ruleset test">
 
 	<target host="docs.codehaus.org" />
 	<target host="jira.codehaus.org" />
diff --git a/src/chrome/content/rules/Coderbits.com.xml b/src/chrome/content/rules/Coderbits.com.xml
index e4cf70edbbf0..dce70e459922 100644
--- a/src/chrome/content/rules/Coderbits.com.xml
+++ b/src/chrome/content/rules/Coderbits.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.coderbits.com/ => https://www.coderbits.com/: (28, 'Conn
 		- (www.)?
 
 -->
-<ruleset name="coderbits.com (partial)" default_off='failed ruleset test'>
+<ruleset name="coderbits.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Coderouge.co.xml b/src/chrome/content/rules/Coderouge.co.xml
index 7f96a6e80d90..337efa6036ae 100644
--- a/src/chrome/content/rules/Coderouge.co.xml
+++ b/src/chrome/content/rules/Coderouge.co.xml
@@ -5,7 +5,7 @@ Fetch error: http://cdn.coderouge.co/ => https://cdn.coderouge.co/: (6, 'Could n
 Fetch error: http://git.coderouge.co/ => https://git.coderouge.co/: (6, 'Could not resolve host: git.coderouge.co')
 
 -->
-<ruleset name="Coderouge.co" default_off='failed ruleset test'>
+<ruleset name="Coderouge.co" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Coderwall.xml b/src/chrome/content/rules/Coderwall.xml
index e50b22d4c892..5d47273ab2ae 100644
--- a/src/chrome/content/rules/Coderwall.xml
+++ b/src/chrome/content/rules/Coderwall.xml
@@ -26,7 +26,7 @@ Fetch error: http://www.coderwall.com/ => https://www.coderwall.com/: (7, 'Faile
 		- cdn		(→ d2h0j0bhq7ad3b.cloudfront.net)
 
 -->
-<ruleset name="Coderwall.com" default_off='failed ruleset test'>
+<ruleset name="Coderwall.com" default_off="failed ruleset test">
 
 	<target host="coderwall.com" />
 	<target host="api.coderwall.com" />
diff --git a/src/chrome/content/rules/Codex_NS.io.xml b/src/chrome/content/rules/Codex_NS.io.xml
index b2fda35e1d64..5d1d6db97e5e 100644
--- a/src/chrome/content/rules/Codex_NS.io.xml
+++ b/src/chrome/content/rules/Codex_NS.io.xml
@@ -11,7 +11,7 @@ Fetch error: http://rc.codexns.io/ => https://rc.codexns.io/: (60, 'SSL certific
 		- dev.codexns.io
 
 -->
-<ruleset name="Codex NS.io (partial)" default_off='failed ruleset test'>
+<ruleset name="Codex NS.io (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CodiMD.org.xml b/src/chrome/content/rules/CodiMD.org.xml
new file mode 100644
index 000000000000..05a8055f713b
--- /dev/null
+++ b/src/chrome/content/rules/CodiMD.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="CodiMD.org">
+	<target host="codimd.org" />
+	<target host="www.codimd.org" />
+	<target host="community.codimd.org" />
+	<target host="demo.codimd.org" />
+	<target host="git.codimd.org" />
+	<target host="social.codimd.org" />
+	<target host="translate.codimd.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Codinghorror.com.xml b/src/chrome/content/rules/Codinghorror.com.xml
index e7dce456e5c9..05f3262f4047 100644
--- a/src/chrome/content/rules/Codinghorror.com.xml
+++ b/src/chrome/content/rules/Codinghorror.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://codinghorror.com/ => https://codinghorror.com/: (51, "SSL: no alternative certificate subject name matches target host name 'codinghorror.com'")
 
 -->
-<ruleset name="Coding Horror" default_off='failed ruleset test'>
+<ruleset name="Coding Horror" default_off="failed ruleset test">
   <target host="codinghorror.com" />
   <target host="blog.codinghorror.com" />
   <target host="www.codinghorror.com" />
diff --git a/src/chrome/content/rules/Cognesia.net.xml b/src/chrome/content/rules/Cognesia.net.xml
index b7d697c4a261..774231911092 100644
--- a/src/chrome/content/rules/Cognesia.net.xml
+++ b/src/chrome/content/rules/Cognesia.net.xml
@@ -9,13 +9,12 @@
 -->
 <ruleset name="Cognesia.net">
 
-	<target host="*.cognesia.net" />
+	<target host="www.cognesia.net" />
 
 
 	<securecookie host="^(?:resources|www)\.cognesia\.net$" name=".+" />
 
 
-	<rule from="^http://www\.cognesia\.net/"
-		to="https://www.cognesia.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CohnReznick.com.xml b/src/chrome/content/rules/CohnReznick.com.xml
index 149d5b720db9..047c8962be84 100644
--- a/src/chrome/content/rules/CohnReznick.com.xml
+++ b/src/chrome/content/rules/CohnReznick.com.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoinPayments.com.xml b/src/chrome/content/rules/CoinPayments.com.xml
new file mode 100644
index 000000000000..cf3be4309c58
--- /dev/null
+++ b/src/chrome/content/rules/CoinPayments.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CoinPayments.com">
+	<target host="coinpayments.com" />
+	<target host="www.coinpayments.com" />
+
+	<rule from="^http://www\.coinpayments\.com/" to="https://coinpayments.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoinPayments.net.xml b/src/chrome/content/rules/CoinPayments.net.xml
index 43d23ecbc9f2..23215fea3edc 100644
--- a/src/chrome/content/rules/CoinPayments.net.xml
+++ b/src/chrome/content/rules/CoinPayments.net.xml
@@ -1,18 +1,28 @@
+
 <!--
-	For related hidden service ruleset, see coinpaymtstgtibr.onion.xml
+	For related onion service ruleset, see coinpaymtstgtibr.onion.xml
+
+	Timeout:
+		- mail
+		- mail2
+		- mailsf
+		- mta.mailsf
+		- webmail
 
+	Mismatched:
+		- pages.mailsf
+		- ns1
 -->
 <ruleset name="CoinPayments.net">
-
 	<target host="coinpayments.net" />
 	<target host="www.coinpayments.net" />
-	<target host="beta4474.coinpayments.net" />
 	<target host="bitcoin.coinpayments.net" />
+	<target host="blog.coinpayments.net" />
 	<target host="explorer.coinpayments.net" />
-
-	<target host="coinpayments.com" />
-	<target host="www.coinpayments.com" />
+	<target host="irx.coinpayments.net" />
+	<target host="signup.coinpayments.net" />
+	<target host="stats.coinpayments.net" />
+	<target host="userfiles.coinpayments.net" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/CoinURL.com.xml b/src/chrome/content/rules/CoinURL.com.xml
deleted file mode 100644
index ab7a4000bf7c..000000000000
--- a/src/chrome/content/rules/CoinURL.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^coinurl.com)
-
--->
-<ruleset name="CoinURL.com">
-
-	<target host="coinurl.com" />
-	<target host="www.coinurl.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^coinurl\.com$" name="^PHPSESSID$" /-->
-	<securecookie host="^coinurl\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CoinWorker.xml b/src/chrome/content/rules/CoinWorker.xml
deleted file mode 100644
index 324377644ca0..000000000000
--- a/src/chrome/content/rules/CoinWorker.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="CoinWorker.com">
-
-	<target host="coinworker.com" />
-	<target host="www.coinworker.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Coinerra.com.xml b/src/chrome/content/rules/Coinerra.com.xml
deleted file mode 100644
index 85574a999dfa..000000000000
--- a/src/chrome/content/rules/Coinerra.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Coinerra.com">
-	<target host="coinerra.com" />
-	<target host="www.coinerra.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Coinkite.com.xml b/src/chrome/content/rules/Coinkite.com.xml
index 433579e0a4d3..87a510ac4b57 100644
--- a/src/chrome/content/rules/Coinkite.com.xml
+++ b/src/chrome/content/rules/Coinkite.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://docs.coinkite.com/ => https://docs.coinkite.com/: (6, 'Could
 		- .coinkite.com
 
 -->
-<ruleset name="Coinkite.com" default_off='failed ruleset test'>
+<ruleset name="Coinkite.com" default_off="failed ruleset test">
 
 	<target host="coinkite.com" />
 	<target host="docs.coinkite.com" />
diff --git a/src/chrome/content/rules/Coinpay.in.th.xml b/src/chrome/content/rules/Coinpay.in.th.xml
deleted file mode 100644
index 65ae47d8c79e..000000000000
--- a/src/chrome/content/rules/Coinpay.in.th.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Coinpay.in.th">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="coinpay.in.th" />
-	<target host="www.coinpay.in.th" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Coinsecure.in.xml b/src/chrome/content/rules/Coinsecure.in.xml
deleted file mode 100644
index 681dbf68195b..000000000000
--- a/src/chrome/content/rules/Coinsecure.in.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- coinsecure.in
-
--->
-<ruleset name="Coinsecure.in">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="coinsecure.in" />
-	<target host="www.coinsecure.in" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^coinsecure\.in$" name="^PLAY_SESSION$" /-->
-
-	<securecookie host="^coinsecure\.in$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Coinsh.red.xml b/src/chrome/content/rules/Coinsh.red.xml
new file mode 100644
index 000000000000..e4893614d6c4
--- /dev/null
+++ b/src/chrome/content/rules/Coinsh.red.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid Certificate:
+		www.coinsh.red
+-->
+<ruleset name="Coinsh.red">
+	<target host="coinsh.red" />
+	<target host="www.coinsh.red" />
+	<target host="beta.coinsh.red" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.coinsh\.red/" to="https://coinsh.red/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cointelegraph.com.xml b/src/chrome/content/rules/Cointelegraph.com.xml
new file mode 100644
index 000000000000..a0ad3e24d2e4
--- /dev/null
+++ b/src/chrome/content/rules/Cointelegraph.com.xml
@@ -0,0 +1,44 @@
+<ruleset name="Cointelegraph">
+	<target host="cointelegraph.com" />
+	<target host="www.cointelegraph.com" />
+	<target host="alerts.cointelegraph.com" />
+	<target host="api.cointelegraph.com" />
+	<target host="buy.cointelegraph.com" />
+	<target host="coinmarketcap.cointelegraph.com" />
+	<target host="dapphub.cointelegraph.com" />
+	<target host="dapplist.cointelegraph.com" />
+	<target host="events.cointelegraph.com" />
+	<target host="exchange.cointelegraph.com" />
+	<target host="games.cointelegraph.com" />
+	<target host="gp.cointelegraph.com" />
+	<target host="hacks.magazine.cointelegraph.com" />
+	<target host="heatmap.cointelegraph.com" />
+	<target host="hodlers-june-2019.cointelegraph.com" />
+	<target host="hodlers-monthly.cointelegraph.com" />
+	<target host="ico.cointelegraph.com" />
+	<target host="images.cointelegraph.com" />
+	<target host="jobs.cointelegraph.com" />
+	<target host="jobs.jp.cointelegraph.com" />
+	<target host="magazine.cointelegraph.com" />
+	<target host="newswidget.cointelegraph.com" />
+	<target host="pricewidgets.cointelegraph.com" />
+	<target host="quotes.cointelegraph.com" />
+	<target host="s3.cointelegraph.com" />
+	<target host="store.cointelegraph.com" />
+	<target host="ticker.cointelegraph.com" />
+	<target host="top.cointelegraph.com" />
+	<target host="ar.cointelegraph.com" />
+	<target host="br.cointelegraph.com" />
+	<target host="cn.cointelegraph.com" />
+	<target host="de.cointelegraph.com" />
+	<target host="es.cointelegraph.com" />
+	<target host="fi.cointelegraph.com" />
+	<target host="hk.cointelegraph.com" />
+	<target host="it.cointelegraph.com" />
+	<target host="jp.cointelegraph.com" />
+	<target host="kr.cointelegraph.com" />
+	<target host="rs.cointelegraph.com" />
+	<target host="tr.cointelegraph.com" />
+  
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coles.com.au.xml b/src/chrome/content/rules/Coles.com.au.xml
new file mode 100644
index 000000000000..0c500145845e
--- /dev/null
+++ b/src/chrome/content/rules/Coles.com.au.xml
@@ -0,0 +1,172 @@
+<!--
+	Other related rulesets:
+		- ColesExpress.com.au.xml
+		- FirstChoiceLiquor.com.au.xml
+		- Kmart.com.au.xml
+		- KTAS.com.au.xml
+		- Liquorland.com.au.xml
+		- Mycoles.com.au.xml
+		- Officeworks.com.au.xml
+		- Target.com.au.xml
+		- VintageCellars.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- as3gca	(i)
+		- test.account	(m)
+		- test.api	(t)
+		- test.app	(m)
+		- baby-toddler-club	(m)
+		- test.baby-toddler-club	(t)
+		- next.test.baby-toddler-club	(t)
+		- mail2.broadcast	(t)
+		- mail3.broadcast	(t)
+		- mail4.broadcast	(t)
+		- mail5.broadcast	(t)
+		- mail6.broadcast	(t)
+		- www.careers	(m)
+		- catalog	(t)
+		- cguest1	(t)
+		- cguest2	(t)
+		- test.dcinduction	(m)
+		- docusign.esb	(t)
+		- esbnp	(i)
+		- docusign.esbnp	(t)
+		- docusign.esbsvt	(t)
+		- www.flsupplier	(m)
+		- test.forms	(m)
+		- guestnet	(i)
+		- messagelabs.ic1	(t)
+		- test.locator	(t)
+		- login	(r)
+		- o1.mails4s	(t)
+		- meat	(m)
+		- meeting	(t)
+		- meetingplace	(t)
+		- meetingwc	(t)
+		- test.member	(t)
+		- millg	(t)
+		- moviedeal	(m)
+		- msds	(t)
+		- o365	(t)
+		- test.onedirection	(t)
+		- wip-test.onedirection	(t)
+		- origin-shop	(m)
+		- paymentstest	(t)
+		- peps-api	(t)
+		- peps-api-preprod	(t)
+		- peps-api-test	(t)
+		- pos	(m)
+		- www.pos	(m)
+		- produce	(m)
+		- qr	(m)
+		- test.qr	(m)
+		- rapgw	(t)
+		- rapgw1	(t)
+		- rapgw2	(t)
+		- recipes	(m)
+		- www.recipes	(m)
+		- test.recipes	(i)
+		- next.test.recipes	(i)
+		- un.recipes	(t)
+		- test.un.recipes	(t)
+		- redirect	(m)
+		- redirect-wip	(m)
+		- savi	(i)
+		- savistg	(t)
+		- scguest	(t)
+		- seafood	(m)
+		- search	(t)
+		- mobile.secure	(t)
+		- service-status	(m)
+		- www.shop	(i)
+		- shopprod	(m)
+		- shorturl	(t)
+		- sip	(t)
+		- sites	(t)
+		- skystone01	(t)
+		- sl	(t)
+		- social	(HTTP 301 error)
+		- redeem.sportsforschools	(t)
+		- shop.sportsforschools	(r)
+		- st-colessmkt-01	(t)
+		- st-colessmkt-01-ilom	(t)
+		- st-colessmkt-02	(t)
+		- st-colessmkt-02-ilom	(t)
+		- stgcasemanagement	(t)
+		- supplierportal	(m)
+		- www9.supplierportal	(t)
+		- supplierportalprod	(m)
+		- sustainability2010	(m)
+		- sustainabilityreport	(t)
+		- team	(t)
+		- teamtickets	(e)
+		- www.teamtickets	(e)
+		- test	(t)
+		- test0	(t)
+		- ticfreight	(s)
+		- tpmtraining	(t)
+		- vc	(t)
+		- vcse.vc	(t)
+		- video	(t)
+		- webconf	(t)
+		- webmail	(i)
+		- webmail2	(s)
+		- webmailt	(m)
+		- wguest	(t)
+		- xmpp	(t)
+		- yournewcoles	(t)
+		- zitrnvvcse01	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Coles">
+
+	<target host="coles.com.au" />
+	<target host="www.coles.com.au" />
+	<target host="access.coles.com.au" />
+	<target host="access3.coles.com.au" />
+	<target host="api.coles.com.au" />
+	<target host="app.coles.com.au" />
+	<target host="as3g.coles.com.au" />
+	<target host="claimsvouchers.coles.com.au" />
+	<target host="connectme.coles.com.au" />
+	<target host="dcinduction.coles.com.au" />
+	<target host="esb.coles.com.au" />
+	<target host="esbsvt.coles.com.au" />
+	<target host="financialservices.coles.com.au" />
+	<target host="forms.coles.com.au" />
+	<target host="ftdirect.coles.com.au" />
+	<target host="general-insurance.coles.com.au" />
+	<target host="meetme.coles.com.au" />
+	<target host="payments.coles.com.au" />
+	<target host="recipeimages.coles.com.au" />
+	<target host="rroavpn.coles.com.au" />
+	<target host="secure.coles.com.au" />
+	<target host="www.secure.coles.com.au" />
+	<target host="uat.secure.coles.com.au" />
+	<target host="uat1.secure.coles.com.au" />
+	<target host="uat2.secure.coles.com.au" />
+	<target host="shop.coles.com.au" />
+	<target host="shopload.coles.com.au" />
+	<target host="shopmaint.coles.com.au" />
+	<target host="specials.coles.com.au" />
+	<target host="stg.coles.com.au" />
+	<target host="stgw.coles.com.au" />
+	<target host="stgwipsecure.coles.com.au" />
+	<target host="www.supplierportal.coles.com.au" />
+	<target host="testconnectme.coles.com.au" />
+	<target host="vintagecellarshamster.coles.com.au" />
+	<target host="webservices.coles.com.au" />
+	<target host="webservicesdev.coles.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ColesExpress.com.au.xml b/src/chrome/content/rules/ColesExpress.com.au.xml
new file mode 100644
index 000000000000..8a5751f4ed4d
--- /dev/null
+++ b/src/chrome/content/rules/ColesExpress.com.au.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- access	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Coles Express">
+
+	<target host="colesexpress.com.au" />
+	<target host="www.colesexpress.com.au" />
+	<target host="mobileapp.colesexpress.com.au" />
+
+	<rule from="^http://colesexpress\.com\.au/"
+		to="https://www.colesexpress.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Coletivos.org.xml b/src/chrome/content/rules/Coletivos.org.xml
new file mode 100644
index 000000000000..435a1db045d6
--- /dev/null
+++ b/src/chrome/content/rules/Coletivos.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.coletivos.org
+		discourse.coletivos.org
+-->
+<ruleset name="Coletivos.org">
+	<target host="coletivos.org" />
+	<target host="pad.coletivos.org" />
+	<target host="social.coletivos.org" />
+	<target host="webmail.coletivos.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CollabNet.xml b/src/chrome/content/rules/CollabNet.xml
index 34e9db7ae052..7150325fa31a 100644
--- a/src/chrome/content/rules/CollabNet.xml
+++ b/src/chrome/content/rules/CollabNet.xml
@@ -38,7 +38,13 @@
 <ruleset name="CollabNet">
 
 	<target host="collab.net" />
-	<target host="*.collab.net" />
+	<target host="blog.collab.net" />
+	<target host="git.help.collab.net" />
+	<target host="forums.open.collab.net" />
+	<target host="www.collab.net" />
+	<target host="open.collab.net" />
+	<target host="www.open.collab.net" />
+	<target host="visit.collab.net" />
 
 
 	<securecookie host="^\.collab\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Collabnix.com.xml b/src/chrome/content/rules/Collabnix.com.xml
new file mode 100644
index 000000000000..923beae69d81
--- /dev/null
+++ b/src/chrome/content/rules/Collabnix.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Collabnix.com">
+	<target host="collabnix.com" />
+	<target host="www.collabnix.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Collateral_Murder.xml b/src/chrome/content/rules/Collateral_Murder.xml
index b502baae3381..eb033f725e56 100644
--- a/src/chrome/content/rules/Collateral_Murder.xml
+++ b/src/chrome/content/rules/Collateral_Murder.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CollegeBoundfund.xml b/src/chrome/content/rules/CollegeBoundfund.xml
deleted file mode 100644
index 018c13ffc71a..000000000000
--- a/src/chrome/content/rules/CollegeBoundfund.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other AllianceBernstein coverage, see AllianceBernstein.xml.
-
-
-	Nonfunctional subdomains:
-
-		- ri	(400; mismatched, CN: corporate.collegeboundfund.com)
-
--->
-<ruleset name="CollegeBoundfund (partial)">
-
-	<target host="collegeboundfund.com" />
-	<target host="*.collegeboundfund.com" />
-
-
-	<securecookie host="^(?:.+\.)?collegeboundfund\.com$" name=".+" />
-
-
-	<rule from="^http://(corporate\.|www\.)?collegeboundfund\.com/"
-		to="https://$1collegeboundfund.com/" />
-
-	<rule from="^http://ri\.collegeboundfund\.com/(\?.*)?$"
-		to="https://www.collegeboundfund.com/ri/home.aspx$1" />
-
-	<rule from="^http://ri\.collegeboundfund\.com/CmsObjectRICBF/"
-		to="https://corporate.collegeboundfund.com/CmsObjectRICBF/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CollegiateLink.xml b/src/chrome/content/rules/CollegiateLink.xml
index 1aff7dec7987..d2dbe858bff5 100644
--- a/src/chrome/content/rules/CollegiateLink.xml
+++ b/src/chrome/content/rules/CollegiateLink.xml
@@ -9,7 +9,7 @@ Fetch error: http://ufl.collegiatelink.net/ => https://ufl.collegiatelink.net/:
 	^collegiatelink.net does not exist.
 
 -->
-<ruleset name="CollegiateLink.net" default_off='failed ruleset test'>
+<ruleset name="CollegiateLink.net" default_off="failed ruleset test">
 
 	<target host="*.collegiatelink.net" />
 
diff --git a/src/chrome/content/rules/CollegiatePeaksBank.com.xml b/src/chrome/content/rules/CollegiatePeaksBank.com.xml
index 5ee55d6190c6..23369370aedc 100644
--- a/src/chrome/content/rules/CollegiatePeaksBank.com.xml
+++ b/src/chrome/content/rules/CollegiatePeaksBank.com.xml
@@ -3,19 +3,16 @@
 		mobile.collegiatepeaksbank.com
 		cpbonlinebanking.com
 
+  Host unresolved:
+    cpbonlinebanking.com
 -->
 <ruleset name="Collegiate Peaks Bank">
 
 	<target host="collegiatepeaksbank.com" />
 	<target host="www.collegiatepeaksbank.com" />
-	<target host="cpbonlinebanking.com" />
-	<target host="www.cpbonlinebanking.com" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://cpbonlinebanking\.com/"
-		to="https://www.cpbonlinebanking.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Collyers.xml b/src/chrome/content/rules/Collyers.xml
index a5cf18c44c1a..28e007512cbd 100644
--- a/src/chrome/content/rules/Collyers.xml
+++ b/src/chrome/content/rules/Collyers.xml
@@ -4,17 +4,17 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mail.collyers.ac.uk/ => https://mail.collyers.ac.uk/: (6, 'Could not resolve host: mail.collyers.ac.uk')
 
 -->
-<ruleset name="College of Richard Collyer" default_off='failed ruleset test'>
-        <!-- not collyers.ac.uk / www.collyers.ac.uk - misconfigured despite on certificate -->
-        <target host="moodle.collyers.ac.uk" /> <!-- VLE -->
-        <target host="home.collyers.ac.uk" /> <!-- Home Access Plus -->
-        <target host="mail.collyers.ac.uk" /> <!-- Mail server -->
-        <target host="myprogress.collyers.ac.uk" /> <!-- Myprogress tracking system -->
-        <target host="media.collyers.ac.uk" /> <!-- planet estream -->
-    
-        <test url="http://myprogress.collyers.ac.uk/" />
-        <test url="http://media.collyers.ac.uk/" />
-        <test url="http://home.collyers.ac.uk/HAP/login.aspx" />
-
-        <rule from="^http:" to="https:" />
-</ruleset>
+<ruleset name="College of Richard Collyer" default_off="failed ruleset test">
+        <!-- not collyers.ac.uk / www.collyers.ac.uk - misconfigured despite on certificate -->
+        <target host="moodle.collyers.ac.uk" /> <!-- VLE -->
+        <target host="home.collyers.ac.uk" /> <!-- Home Access Plus -->
+        <target host="mail.collyers.ac.uk" /> <!-- Mail server -->
+        <target host="myprogress.collyers.ac.uk" /> <!-- Myprogress tracking system -->
+        <target host="media.collyers.ac.uk" /> <!-- planet estream -->
+
+        <test url="http://myprogress.collyers.ac.uk/" />
+        <test url="http://media.collyers.ac.uk/" />
+        <test url="http://home.collyers.ac.uk/HAP/login.aspx" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colocation_America.com.xml b/src/chrome/content/rules/Colocation_America.com.xml
index 1596aad2261c..9be5aa92c963 100644
--- a/src/chrome/content/rules/Colocation_America.com.xml
+++ b/src/chrome/content/rules/Colocation_America.com.xml
@@ -20,13 +20,6 @@
 	<target host="colocationamerica.com" />
 	<target host="www.colocationamerica.com" />
 
-	<!--	Complications:
-				-->
-	<target host="cdn.colocationamerica.com" />
-	<target host="cdn2.colocationamerica.com" />
-	<target host="cdn3.colocationamerica.com" />
-	<target host="cdn4.colocationamerica.com" />
-
 		<!--	Redirects to http:
 						-->
 		<!--exclusion pattern="^http://www\.colocationamerica\.com/$" /-->
@@ -54,9 +47,6 @@
 	<securecookie host="^colocationamerica\.com$" name=".+" />
 
 
-	<rule from="^http://cdn\d?\.colocationamerica\.com/"
-		to="https://www.colocationamerica.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Color-Of-Change.xml b/src/chrome/content/rules/Color-Of-Change.xml
index 0cd3c4f8e30b..42475963d461 100644
--- a/src/chrome/content/rules/Color-Of-Change.xml
+++ b/src/chrome/content/rules/Color-Of-Change.xml
@@ -12,4 +12,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado-Attorney-General.xml b/src/chrome/content/rules/Colorado-Attorney-General.xml
index efd6599da1f7..1283cd4a8fdb 100644
--- a/src/chrome/content/rules/Colorado-Attorney-General.xml
+++ b/src/chrome/content/rules/Colorado-Attorney-General.xml
@@ -5,9 +5,9 @@ Fetch error: http://coloradoattorneygeneral.gov/ => https://www.coloradoattorney
 Fetch error: http://www.coloradoattorneygeneral.gov/ => https://www.coloradoattorneygeneral.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'www.coloradoattorneygeneral.gov'")
 
 -->
-<ruleset name="Colorado State Attorney General" default_off='failed ruleset test'>
+<ruleset name="Colorado State Attorney General" default_off="failed ruleset test">
 	<target host="coloradoattorneygeneral.gov" />
 	<target host="www.coloradoattorneygeneral.gov" />
 
 	<rule from="^http://(?:www\.)?coloradoattorneygeneral\.gov/" to="https://www.coloradoattorneygeneral.gov/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado-No-Call-List.xml b/src/chrome/content/rules/Colorado-No-Call-List.xml
index a7750cdc4d33..801f512d1149 100644
--- a/src/chrome/content/rules/Colorado-No-Call-List.xml
+++ b/src/chrome/content/rules/Colorado-No-Call-List.xml
@@ -3,4 +3,4 @@
 	<target host="www.coloradonocall.com" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colorado_Captures.xml b/src/chrome/content/rules/Colorado_Captures.xml
index d69917a9cc2d..c02641b95b60 100644
--- a/src/chrome/content/rules/Colorado_Captures.xml
+++ b/src/chrome/content/rules/Colorado_Captures.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coloradoan.xml b/src/chrome/content/rules/Coloradoan.xml
index 8410edc3a1ed..131b038570bd 100644
--- a/src/chrome/content/rules/Coloradoan.xml
+++ b/src/chrome/content/rules/Coloradoan.xml
@@ -26,10 +26,11 @@
 <ruleset name="The Coloradoan">
 
 	<target host="coloradoan.com" />
-	<target host="*.coloradoan.com" />
+	<target host="cmsimg.coloradoan.com" />
+	<target host="www.coloradoan.com" />
 
 
 	<rule from="^http://(?:cmsimg\.|www\.)?coloradoan\.com/"
 		to="https://www.coloradoan.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Colordiff.org.xml b/src/chrome/content/rules/Colordiff.org.xml
new file mode 100644
index 000000000000..a4386135f522
--- /dev/null
+++ b/src/chrome/content/rules/Colordiff.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.colordiff.org:
+		- colordiff.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Colordiff.org">
+	<target host="colordiff.org" />
+	<target host="www.colordiff.org" />
+
+	<rule from="^http://colordiff\.org/" to="https://www.colordiff.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Colors-il.com.xml b/src/chrome/content/rules/Colors-il.com.xml
index 4cfb128b3582..c97edcbb4c32 100644
--- a/src/chrome/content/rules/Colors-il.com.xml
+++ b/src/chrome/content/rules/Colors-il.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.colors-il.com/ => https://www.colors-il.com/: (51, "SSL:
 Disabled by https-everywhere-checker because:
 Fetch error: http://colors-il.com/ => https://colors-il.com/: (51, "SSL: no alternative certificate subject name matches target host name 'colors-il.com'")
 -->
-<ruleset name="colors-il.com" default_off='failed ruleset test'>
+<ruleset name="colors-il.com" default_off="failed ruleset test">
 
 	<target host="colors-il.com" />
 	<target host="www.colors-il.com" />
@@ -18,4 +18,4 @@ Fetch error: http://colors-il.com/ => https://colors-il.com/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Columbia_University-problematic.xml b/src/chrome/content/rules/Columbia_University-problematic.xml
index eb51379d2199..53cbfedd380e 100644
--- a/src/chrome/content/rules/Columbia_University-problematic.xml
+++ b/src/chrome/content/rules/Columbia_University-problematic.xml
@@ -13,7 +13,7 @@
 	<target host="cdrs.columbia.edu" />
 	<target host="www.cdrs.columbia.edu" />
 	<target host="bulletin.engineering.columbia.edu" />
-	<target host="*.hr.columbia.edu" />
+	<target host="managers.hr.columbia.edu" />
 	<target host="twiki.nevis.columbia.edu" />
 	<target host="www.nevis.columbia.edu" />
 	<target host="scholcomm.columbia.edu" />
@@ -21,13 +21,12 @@
 	<target host="www.stv.columbia.edu" />
 
 
-	<securecookie host="^.+\.columbia\.edu$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?(cdrs|stv)\.columbia\.edu/"
 		to="https://www.$1.columbia.edu/" />
 
-	<rule from="^http://(support\.academiccommons|bulletin\.engineering|managers\.hr|(?:twiki|www)\.nevis|scholcomm)\.columbia\.edu/"
-		to="https://$1.columbia.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Columbia_University.xml b/src/chrome/content/rules/Columbia_University.xml
index ed88f6b8ed6a..7944cf358642 100644
--- a/src/chrome/content/rules/Columbia_University.xml
+++ b/src/chrome/content/rules/Columbia_University.xml
@@ -4,7 +4,7 @@
 
 	cu.custhelp.com
 	columbia.studioabroad.com
-	academiccommons.uservoice.com 
+	academiccommons.uservoice.com
 
 
 	Nonfunctional subdomains:
@@ -51,7 +51,7 @@
 		- (www.)learn ⁶
 		- (www.)mailmain ⁷
 		- (www.)neighbors *
-		- (www.)pathology ***	
+		- (www.)pathology ***
 		- (www.)publichealth
 		- (www.)sas ⁹
 		- search
diff --git a/src/chrome/content/rules/ComCav.com.xml b/src/chrome/content/rules/ComCav.com.xml
index 3c53a3e06d0a..7d28970bc744 100644
--- a/src/chrome/content/rules/ComCav.com.xml
+++ b/src/chrome/content/rules/ComCav.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://comcav.com/ => https://comcav.com/: (51, "SSL: no alternativ
 Disabled by https-everywhere-checker because:
 Fetch error: http://comcav.com/ => https://comcav.com/: (6, 'Could not resolve host: comcav.com')
 -->
-<ruleset name="ComCav.com" default_off='failed ruleset test'>
+<ruleset name="ComCav.com" default_off="failed ruleset test">
 
 	<target host="comcav.com" />
 	<target host="www.comcav.com" />
@@ -17,4 +17,4 @@ Fetch error: http://comcav.com/ => https://comcav.com/: (6, 'Could not resolve h
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ComSignTrust.com.xml b/src/chrome/content/rules/ComSignTrust.com.xml
deleted file mode 100644
index 0e768a62295b..000000000000
--- a/src/chrome/content/rules/ComSignTrust.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .comsigntrust.com
-		- blog.comsigntrust.com
-		- www.comsigntrust.com
-
--->
-<ruleset name="ComSignTrust.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="comsigntrust.com" />
-	<target host="blog.comsigntrust.com" />
-	<target host="www.comsigntrust.com" />
-
-		<test url="http://www.comsigntrust.com/support/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.comsigntrust\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
-	<!--securecookie host="^blog\.comsigntrust\.com$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^www\.comsigntrust\.com$" name="^(?:___utm[abv]\w+|PHPSESSID)$" /-->
-
-	<securecookie host="^(?:blog|www)?\.comsigntrust\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ComSuper.xml b/src/chrome/content/rules/ComSuper.xml
deleted file mode 100644
index 3f5f2db360c8..000000000000
--- a/src/chrome/content/rules/ComSuper.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ComSuper">
-	<target host="comsuper.gov.au" />
-	<target host="*.comsuper.gov.au" />
-
-	<rule from="^http://(?:www\.)?comsuper\.gov\.au/"
-		to="https://www.comsuper.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Comcast.net.xml b/src/chrome/content/rules/Comcast.net.xml
index 38bb95d72493..bbf43a90ce1e 100644
--- a/src/chrome/content/rules/Comcast.net.xml
+++ b/src/chrome/content/rules/Comcast.net.xml
@@ -49,7 +49,7 @@ Fetch error: http://voice.connect.comcast.net/ => https://voice.connect.comcast.
 		- Images on login from por-img.cimcontent.net
 
 -->
-<ruleset name="Comcast.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Comcast.net (partial)" default_off="failed ruleset test">
 
 	<target host="businessclass.comcast.net" />
 	<target host="calendar.comcast.net" />
diff --git a/src/chrome/content/rules/Comcast.xml b/src/chrome/content/rules/Comcast.xml
index 0da8c78c5c60..17a7e4d3875e 100644
--- a/src/chrome/content/rules/Comcast.xml
+++ b/src/chrome/content/rules/Comcast.xml
@@ -68,7 +68,7 @@ Non-2xx HTTP code: http://www.comcast.com/ (200) => https://www.comcast.com/ (40
 	ᵐ Not secured by us <= mismatched
 
 -->
-<ruleset name="Comcast.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Comcast.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Comcate.xml b/src/chrome/content/rules/Comcate.xml
deleted file mode 100644
index 01ee65fd75b7..000000000000
--- a/src/chrome/content/rules/Comcate.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Comcate (partial)">
-	<target host="clients.comcate.com" />
-
-	<securecookie host="^clients\.comcate\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Comegacity.com.xml b/src/chrome/content/rules/Comegacity.com.xml
new file mode 100644
index 000000000000..cdecab7da50b
--- /dev/null
+++ b/src/chrome/content/rules/Comegacity.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Comegacity.com">
+	<target host="comegacity.com" />
+	<target host="www.comegacity.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ComiXology.com.xml b/src/chrome/content/rules/ComiXology.com.xml
index 4c013ff0572b..7560050fd2ba 100644
--- a/src/chrome/content/rules/ComiXology.com.xml
+++ b/src/chrome/content/rules/ComiXology.com.xml
@@ -1,95 +1,51 @@
 <!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	CDN buckets:
-
-		- cdn.comixology.com.cdngc.net
-		- iphone.comixology.com.cdngc.net
-		- comixologyssl.sslcs.cdngc.net
-		- dcomixologyssl.sslcs.cdngc.net
-
-		- comixology.desk.com
-
-			- support
-
-
-	Nonfunctional subdomains:
-
-		- blog		(prints "blog0"; expired 2012-06-05, self-signed, CN: ip-10-86-101-22)
-		- cdn		(403; mismatched, CN: ssl2.cdngc.net)
-		- iphone	(403; mismatched, CN: support4.cdnetworks.net)
-		- support	(desk.com)
-
-
-	Problematic subdomains:
-
-		- ^ *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- (www.)?	(^ → www)
-		- pulllist
-		- retailers
-		- store-images
-		- submit
-		- www-images
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .comixology.com
-		- www.comixology.com
-
-
-	Mixed images on pulllist from cdn
-	Mixed image on retailers from cdn
-	Mixed images on submit from iphone
-
+	HTTPS != HTTP:
+		idw-secure.comixology.com
+
+	Invalid certificate:
+		dev.api.comixology.com
+		refer.comixology.com
+		www.retailers.comixology.com
+
+	Time out:
+		blog.comixology.com
+		popshop.comixology.com
+		promo.comixology.com
+		pullist.comixology.com
+		transformers.comixology.com
 -->
-<ruleset name="comiXology.com (partial)">
-
+<ruleset name="Comixology.com">
+	<target host="comixology.com" />
+	<target host="www.comixology.com" />
+	<target host="ap.comixology.com" />
+	<target host="api.comixology.com" />
+	<target host="app.comixology.com" />
+	<target host="auth.comixology.com" />
+	<target host="bookmarks.comixology.com" />
+	<target host="cmx-bookmarks.comixology.com" />
+	<target host="cmx-secure.comixology.com" />
+	<target host="comics.comixology.com" />
+	<target host="dc-bookmarks.comixology.com" />
+	<target host="dc-secure.comixology.com" />
+	<target host="e.comixology.com" />
+	<target host="gestalt-api.comixology.com" />
+	<target host="identity-api.comixology.com" />
+	<target host="idw.comixology.com" />
+	<target host="images.comixology.com" />
+	<target host="image-secure.comixology.com" />
+	<target host="m.comixology.com" />
+	<target host="marvel-bookmarks.comixology.com" />
+	<target host="marvel-secure.comixology.com" />
+	<target host="payments.comixology.com" />
 	<target host="pulllist.comixology.com" />
+	<target host="redeem.comixology.com" />
 	<target host="retailers.comixology.com" />
+	<target host="secure.comixology.com" />
 	<target host="store-images.comixology.com" />
 	<target host="submit.comixology.com" />
-	<target host="www.comixology.com" />
-	<target host="www-images.comixology.com" />
-
-	<!--	Complications:
-				-->
-	<target host="comixology.com" />
 	<target host="support.comixology.com" />
+	<target host="uncached-digital.comixology.com" />
+	<target host="www-images.comixology.com" />
 
-		<exclusion pattern="^http://support\.comixology\.com/(?!favicon\.ico)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://support.comixology.com/customer/portal/emails/new" />
-
-			<!--	-ve:
-					-->
-			<test url="http://support.comixology.com/favicon.ico" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.comixology\.com$" name="^CMXSESSIONID$" /-->
-	<!--securecookie host="^www\.comixology\.com$" name="^newUserBanner$" /-->
-
-	<securecookie host="^(?:pulllist|retailers|store-images|submit|www)\.comixology\.com$" name=".+" />
-
-
-	<rule from="^http://comixology\.com/"
-		to="https://www.comixology.com/" />
-
-	<rule from="^http://support\.comixology\.com/"
-		to="https://d3jyn100am7dxp.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Comic-Con-Intl.xml b/src/chrome/content/rules/Comic-Con-Intl.xml
index 25f030e7ba35..0ee51800f839 100644
--- a/src/chrome/content/rules/Comic-Con-Intl.xml
+++ b/src/chrome/content/rules/Comic-Con-Intl.xml
@@ -1,18 +1,16 @@
 <ruleset name="Comic-Con International">
-	<target host="comic-con.net" />
-	<target host="www.comic-con.net" />
 	<target host="comic-con.org" />
-	<target host="secure.comic-con.org" />
-	<target host="secure2.comic-con.org" />
 	<target host="www.comic-con.org" />
+	<target host="exclusives.comic-con.org" />
+	<target host="portals.comic-con.org" />
+	<target host="shop.comic-con.org" />
 
-	<securecookie host="^secure2?.comic-con.org$" name=".+" />
-
-	<!-- Accessing http://comic-con.org/rss/ may produce an error if the following rule does
-	not include redirection of the https://comic-con.org/ (note the https) URL -->
-	<rule from="^https?://comic-con\.org/" to="https://secure.comic-con.org/" />
-
-	<rule from="^http://(?:www\.)?comic-con\.(?:net|org)/" to="https://secure.comic-con.org/" />
+	<!--
+		In case there are still links out there that have these targets,
+		they can redirect properly
+	-->
+	<target host="secure.comic-con.org" />
+	<target host="secure2.comic-con.org" />
 
-	<rule from="^http://(secure2?)\.comic-con\.(net|org)/" to="https://$1.comic-con.org/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ComicFury.xml b/src/chrome/content/rules/ComicFury.xml
index 70b8689af348..944287de283f 100644
--- a/src/chrome/content/rules/ComicFury.xml
+++ b/src/chrome/content/rules/ComicFury.xml
@@ -1,26 +1,26 @@
 <!--
 	ComicFury Webcomic Hosting (comicfury.com)
-	
+
 	Other known HTTPS hosts associated with comicfury.com:
-	
+
 		- everythingfury.com (redirects to http://comicfury.com/)
 		- www.everythingfury.com (redirects to http://comicfury.com/)
-	
+
 	Other known non-HTTPS hosts associated with comicfury.com:
-	
+
 		- *.thecomicseries.com
 		- *.the-comic.org
 		- *.thecomicstrip.org
 		- *.webcomic.ws
 		- *.cfw.me
-	
+
 -->
 <ruleset name="ComicFury">
 	<target host="comicfury.com" />
 	<target host="www.comicfury.com" />
 	<target host="everythingfury.com" />
 	<target host="www.everythingfury.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Comiket.co.jp.xml b/src/chrome/content/rules/Comiket.co.jp.xml
new file mode 100644
index 000000000000..c1d3ca596e95
--- /dev/null
+++ b/src/chrome/content/rules/Comiket.co.jp.xml
@@ -0,0 +1,8 @@
+<ruleset name="Comiket.co.jp">
+	<target host="comiket.co.jp" />
+	<target host="www.comiket.co.jp" />
+	<target host="ssl.comiket.co.jp" />
+	<target host="www2.comiket.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Comkort.com.xml b/src/chrome/content/rules/Comkort.com.xml
index b9478b52e689..25fbb92945bf 100644
--- a/src/chrome/content/rules/Comkort.com.xml
+++ b/src/chrome/content/rules/Comkort.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.comkort.com/ => https://www.comkort.com/: (6, 'Could not
 		- .comkort.com
 
 -->
-<ruleset name="Comkort.com" default_off='failed ruleset test'>
+<ruleset name="Comkort.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Comm100.cn.xml b/src/chrome/content/rules/Comm100.cn.xml
deleted file mode 100644
index 02d755b718db..000000000000
--- a/src/chrome/content/rules/Comm100.cn.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="com100.cn">
-
-	<target host="chatserver.comm100.cn" />
-	<target host="hosted.comm100.cn" />
-
-
-	<securecookie host="^chatserver\.comm100\.cn$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CommScope.com.xml b/src/chrome/content/rules/CommScope.com.xml
index bf75526e9fd2..562dd5506627 100644
--- a/src/chrome/content/rules/CommScope.com.xml
+++ b/src/chrome/content/rules/CommScope.com.xml
@@ -19,7 +19,7 @@
 		<!--exclusion pattern="^http://(www\.)?commscope.com/+(?!favicon\.ico|theme/|uploadedImages/|WorkArea/images/|WorkArea/FrameworkUI/)" /-->
 
 
-	<rule from="^http://(www\.)?commscope\.com/(?=favicon\.ico|theme/|uploadedImages/|WorkArea/(?:images|FrameworkUI)/)" 
+	<rule from="^http://(www\.)?commscope\.com/(?=favicon\.ico|theme/|uploadedImages/|WorkArea/(?:images|FrameworkUI)/)"
 		to="https://$1commscope.com/" />
 
 	<rule from="^http://info\.commscope\.com/+(?:\?.*)?$"
diff --git a/src/chrome/content/rules/Command_Five.xml b/src/chrome/content/rules/Command_Five.xml
deleted file mode 100644
index c1c71638a199..000000000000
--- a/src/chrome/content/rules/Command_Five.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Command Five">
-
-	<target host="commandfive.com" />
-	<target host="www.commandfive.com" />
-
-
-	<securecookie host="^(?:www\.)?commandfive\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Commando_Boxing.com.xml b/src/chrome/content/rules/Commando_Boxing.com.xml
index fb5e01e26d7b..509e896e884d 100644
--- a/src/chrome/content/rules/Commando_Boxing.com.xml
+++ b/src/chrome/content/rules/Commando_Boxing.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.commandoboxing.com/ => https://www.commandoboxing.com/: (6, 'Could not resolve host: www.commandoboxing.com')
 
 -->
-<ruleset name="Commando Boxing.com" default_off='failed ruleset test'>
+<ruleset name="Commando Boxing.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Commbank.com.au.xml b/src/chrome/content/rules/Commbank.com.au.xml
index cea54951df4b..f5ee61855f35 100644
--- a/src/chrome/content/rules/Commbank.com.au.xml
+++ b/src/chrome/content/rules/Commbank.com.au.xml
@@ -147,7 +147,7 @@
 	r: connection refused
 	s: self-signed certificate
 	t: timeout on https
-	
+
 -->
 <ruleset name="Commonwealth Bank of Australia">
 
@@ -240,7 +240,7 @@
 	<target host="www3.commbank.com.au" />
 
   	<securecookie host="^www\.commbank\.com\.au$" name=".+" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Commercial-Radio-Hong-Kong.xml b/src/chrome/content/rules/Commercial-Radio-Hong-Kong.xml
new file mode 100644
index 000000000000..50aa40c4aa39
--- /dev/null
+++ b/src/chrome/content/rules/Commercial-Radio-Hong-Kong.xml
@@ -0,0 +1,17 @@
+<!--
+	Refused:
+		archive.881903.com
+-->
+<ruleset name="Commercial Radio Hong Kong">
+	<target host="881903.com" />
+	<target host="*.881903.com" />
+		<test url="http://api.881903.com/liveBanner/livejson.json" />
+		<test url="http://crtv.881903.com/crtv/index.php" />
+		<test url="http://event.881903.com/hktbaudioplayer/player_token.php?ch=hd881" />
+		<test url="http://www-hk.881903.com/" />
+
+		<exclusion pattern="^http://archive.881903.com/" />
+			<test url="http://archive.881903.com/soundColumn/A000685-20190628-007.m4a" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Commindo-media.xml b/src/chrome/content/rules/Commindo-media.xml
deleted file mode 100644
index 747b4c58e534..000000000000
--- a/src/chrome/content/rules/Commindo-media.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)commindo-media.de	(works, CN: *.prossl.de)
-
--->
-<ruleset name="commindo media (partial)">
-
-	<target host="auslieferung.commindo-media-ressourcen.de" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Commodity_Futures_Trading_Commission.xml b/src/chrome/content/rules/Commodity_Futures_Trading_Commission.xml
deleted file mode 100644
index ba9006dc724f..000000000000
--- a/src/chrome/content/rules/Commodity_Futures_Trading_Commission.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cftc.gov/ => http://cftc.gov/: (28, 'Connection timed out after 20001 milliseconds')
-
-
-
-	Problematic subdomains:
-
-		- ^		(mismatched)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Commodity Futures Trading Commission (partial)" default_off='failed ruleset test'>
-
-	<target host="cftc.gov" />
-	<target host="*.cftc.gov" />
-
-
-	<securecookie host="^services\.cftc\.gov$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?cftc\.gov/ucm/"
-		to="https://www.cftc.gov/ucm/" />
-
-	<rule from="^http://services\.cftc\.gov/"
-		to="https://services.cftc.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Common-App.xml b/src/chrome/content/rules/Common-App.xml
deleted file mode 100644
index 70df19bc1e43..000000000000
--- a/src/chrome/content/rules/Common-App.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Common Application">
-
-	<target host="commonapp.org" />
-	<target host="apply.commonapp.org" />
-	<target host="appsupport.commonapp.org" />
-	<target host="www.commonapp.org" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CommonCrawl.xml b/src/chrome/content/rules/CommonCrawl.xml
index d0b49db5bca1..84f7dd767aac 100644
--- a/src/chrome/content/rules/CommonCrawl.xml
+++ b/src/chrome/content/rules/CommonCrawl.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Common_Criteria_Portal.xml b/src/chrome/content/rules/Common_Criteria_Portal.xml
index e867a20b98f5..8ef7ac2d55ea 100644
--- a/src/chrome/content/rules/Common_Criteria_Portal.xml
+++ b/src/chrome/content/rules/Common_Criteria_Portal.xml
@@ -8,7 +8,7 @@
 
 		<test url="http://www.commoncriteriaportal.org/" />
 
-    <securecookie host=".*\.commoncriteriaportal\.org$" name=".+" />
+    <securecookie host=".+" name=".+" />
 
     <rule from="^http:"
         to="https:" />
diff --git a/src/chrome/content/rules/CommonwealthCourtsPortal.xml b/src/chrome/content/rules/CommonwealthCourtsPortal.xml
index a3c207e373da..345db6763489 100644
--- a/src/chrome/content/rules/CommonwealthCourtsPortal.xml
+++ b/src/chrome/content/rules/CommonwealthCourtsPortal.xml
@@ -1,7 +1,7 @@
 <ruleset name="Commonwealth Courts Portal">
 	<target host="comcourts.gov.au" />
-	<target host="*.comcourts.gov.au" />
+	<target host="www.comcourts.gov.au" />
 
 	<rule from="^http://(?:www\.)?comcourts\.gov\.au/"
 		to="https://www.comcourts.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthGITC.xml b/src/chrome/content/rules/CommonwealthGITC.xml
index cf62b48c63ad..d97cb3879be6 100644
--- a/src/chrome/content/rules/CommonwealthGITC.xml
+++ b/src/chrome/content/rules/CommonwealthGITC.xml
@@ -6,10 +6,10 @@ Fetch error: http://gitc.finance.gov.au/ => https://www.gitc.finance.gov.au/: (2
 Automatically by https-everywhere-checker because:
 Fetch error: http://gitc.finance.gov.au/ => https://www.gitc.finance.gov.au/: (6, 'Could not resolve host: gitc.finance.gov.au')
 -->
-<ruleset name="Commonwealth GITC" default_off='failed ruleset test'>
+<ruleset name="Commonwealth GITC" default_off="failed ruleset test">
 	<target host="gitc.finance.gov.au" />
-	<target host="*.gitc.finance.gov.au" />
+	<target host="www.gitc.finance.gov.au" />
 
 	<rule from="^http://(?:www\.)?gitc\.finance\.gov\.au/"
 		to="https://www.gitc.finance.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthGrantsCommission.xml b/src/chrome/content/rules/CommonwealthGrantsCommission.xml
index 3a5c05ce4a42..ba389ae12f74 100644
--- a/src/chrome/content/rules/CommonwealthGrantsCommission.xml
+++ b/src/chrome/content/rules/CommonwealthGrantsCommission.xml
@@ -1,7 +1,7 @@
 <ruleset name="Commonwealth Grants Commission">
 	<target host="cgc.gov.au" />
-	<target host="*.cgc.gov.au" />
+	<target host="www.cgc.gov.au" />
 
 	<rule from="^http://(?:www\.)?cgc\.gov\.au/"
 		to="https://www.cgc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml b/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml
index 8abf04ba42ca..3e07bc4c29a1 100644
--- a/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml
+++ b/src/chrome/content/rules/CommonwealthSuperannuationCorporation.xml
@@ -1,7 +1,7 @@
 <ruleset name="Commonwealth Superannuation Corporation">
 	<target host="csc.gov.au" />
-	<target host="*.csc.gov.au" />
+	<target host="www.csc.gov.au" />
 
 	<rule from="^http://(?:www\.)?csc\.gov\.au/"
 		to="https://www.csc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Commotionwireless.net.xml b/src/chrome/content/rules/Commotionwireless.net.xml
index 320192cfb191..961e01622007 100644
--- a/src/chrome/content/rules/Commotionwireless.net.xml
+++ b/src/chrome/content/rules/Commotionwireless.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://wiki.commotionwireless.net/ => https://wiki.commotionwireles
 	Mismatch:
 		- code
 -->
-<ruleset name="Commotionwireless.net" default_off='failed ruleset test'>
+<ruleset name="Commotionwireless.net" default_off="failed ruleset test">
 
 	<target host="commotionwireless.net" />
 	<target host="www.commotionwireless.net" />
diff --git a/src/chrome/content/rules/CommuniGate.xml b/src/chrome/content/rules/CommuniGate.xml
index d4eb09f280fd..eecff69c9b8d 100644
--- a/src/chrome/content/rules/CommuniGate.xml
+++ b/src/chrome/content/rules/CommuniGate.xml
@@ -1,6 +1,6 @@
 <ruleset name="CommuniGate">
   <target host="communigate.com" />
-  <target host="*.communigate.com" />
+  <target host="www.communigate.com" />
 
   <rule from="^http://(?:www\.)?communigate\.com/" to="https://www.communigate.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/CommuniGator.co.uk.xml b/src/chrome/content/rules/CommuniGator.co.uk.xml
index 397c0c715e77..fd4d61b264ed 100644
--- a/src/chrome/content/rules/CommuniGator.co.uk.xml
+++ b/src/chrome/content/rules/CommuniGator.co.uk.xml
@@ -16,13 +16,13 @@
 <ruleset name="CommuniGator.co.uk">
 
 	<target host="communigator.co.uk" />
-	<target host="*.communigator.co.uk" />
+	<target host="www.communigator.co.uk" />
+	<target host="guru.communigator.co.uk" />
 
 
 	<rule from="^http://(?:www\.)?communigator\.co\.uk/"
 		to="https://www.communigator.co.uk/" />
 
-	<rule from="^http://guru\.communigator\.co\.uk/"
-		to="https://guru.communigator.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Communicate_Live.xml b/src/chrome/content/rules/Communicate_Live.xml
index a5e9decf16ba..ce934f722212 100644
--- a/src/chrome/content/rules/Communicate_Live.xml
+++ b/src/chrome/content/rules/Communicate_Live.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Community.wbgames.com.xml b/src/chrome/content/rules/Community.wbgames.com.xml
index 2d091d6f8906..36937a09ea55 100644
--- a/src/chrome/content/rules/Community.wbgames.com.xml
+++ b/src/chrome/content/rules/Community.wbgames.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://wbplay.wbgames.com/ => https://wbplay.wbgames.com/: (60, 'SS
 		- community.wbgames.com
 
 -->
-<ruleset name="WB Games.com (partial)" default_off='failed ruleset test'>
+<ruleset name="WB Games.com (partial)" default_off="failed ruleset test">
 	<target host="community.wbgames.com" />
 	<target host="wbplay.wbgames.com" />
 
diff --git a/src/chrome/content/rules/Community_Matters.xml b/src/chrome/content/rules/Community_Matters.xml
index eb143e08ca6b..0277d8147906 100644
--- a/src/chrome/content/rules/Community_Matters.xml
+++ b/src/chrome/content/rules/Community_Matters.xml
@@ -13,7 +13,7 @@ Fetch error: http://trac.hohndel.org/ => https://trac.hohndel.org/: (51, "SSL: n
 	* Shows subsurface
 
 -->
-<ruleset name="Community Matters (partial)" default_off='failed ruleset test'>
+<ruleset name="Community Matters (partial)" default_off="failed ruleset test">
 
 	<target host="hohndel.org" />
 	<target host="subsurface.hohndel.org" />
@@ -25,4 +25,4 @@ Fetch error: http://trac.hohndel.org/ => https://trac.hohndel.org/: (51, "SSL: n
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Comodo.xml b/src/chrome/content/rules/Comodo.xml
index aafbd2006bb8..fbe07039ec06 100644
--- a/src/chrome/content/rules/Comodo.xml
+++ b/src/chrome/content/rules/Comodo.xml
@@ -59,7 +59,30 @@
 <ruleset name="Comodo">
 
 	<target host="comodo.com"/>
-	<target host="*.comodo.com"/>
+	<target host="accounts.comodo.com" />
+	<target host="antivirus.comodo.com" />
+	<target host="directory.comodo.com" />
+	<target host="download.comodo.com" />
+	<target host="downloads.comodo.com" />
+	<target host="enterprise.comodo.com" />
+	<target host="forums.comodo.com" />
+	<target host="friends.comodo.com" />
+	<target host="help.comodo.com" />
+	<target host="icedragon.comodo.com" />
+	<target host="m.comodo.com" />
+	<target host="marketingdb.comodo.com" />
+	<target host="pctuneup.comodo.com" />
+	<target host="penetration-testing.comodo.com" />
+	<target host="personalfirewall.comodo.com" />
+	<target host="secure.comodo.com" />
+	<target host="ssl.comodo.com" />
+	<target host="www.ssl.comodo.com" />
+	<target host="support.comodo.com" />
+	<target host="trustlogo.comodo.com" />
+	<target host="trustlogostats.comodo.com" />
+	<target host="www.comodo.com" />
+	<target host="www.download.comodo.com" />
+	<target host="siteinspector.comodo.com" />
 	<target host="comodo.net"/>
 	<target host="www.comodo.net"/>
 	<target host="secure.comodo.net"/>
@@ -72,14 +95,10 @@
 	<securecookie host="^[\w-]+\.comodo\.com$" name=".+" />
 
 
-	<rule from="^http://((?:accounts|antivirus|directory|downloads?|enterprise|forums|friends|help|icedragon|m|marketingdb|pctuneup|penetration-testing|personalfirewall|secure|ssl|www\.ssl|support|trustlogo|trustlogostats|www)\.)?comodo\.com/"
-		to="https://$1comodo.com/" />
 
 	<rule from="^http://www\.download\.comodo\.com/"
 		to="https://download.comodo.com/" />
 
-	<rule from="^http://secure\.comodo\.net/"
-		to="https://secure.comodo.net/" />
 
 	<!--	Check Web-Inspector-App.xml
 		https://trac.torproject.org/projects/tor/ticket/8133	-->
@@ -87,11 +106,10 @@
 		to="https://app.webinspector.com/" />
 
 	<!-- Comodo's SSL image from lower right corner -->
-	<rule from="^http://(?:www\.)trustlogo\.com/(trustlogo/|images/cornertrust\.gif$)"
-		to="https://secure.comodo.com/$1" />
 
 	<!-- Redirect to avoid SSL stripping -->
 	<rule from="^http://(?:www\.)?comodo(?:group\.com|\.net)/"
 		to="https://www.comodo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CompEx.xml b/src/chrome/content/rules/CompEx.xml
index 56f857267326..5421bdca58e0 100644
--- a/src/chrome/content/rules/CompEx.xml
+++ b/src/chrome/content/rules/CompEx.xml
@@ -1,9 +1,9 @@
 <ruleset name="CompEx (partial)" default_off="expired">
 
 	<target host="themoneyreferral.com"/>
-	<target host="*.themoneyreferral.com"/>
+	<target host="www.themoneyreferral.com" />
 	<target host="videogateway.tv"/>
-	<target host="*.videogateway.tv"/>
+	<target host="www.videogateway.tv" />
 
 	<securecookie host="^(?:.*\.)themoneyreferral\.com$" name=".+" />
 	<securecookie host="^(?:.*\.)videogateway\.tv$" name=".+" />
diff --git a/src/chrome/content/rules/CompaniesInTheUK.xml b/src/chrome/content/rules/CompaniesInTheUK.xml
index e10f3cd4e532..ecbe0f43db51 100644
--- a/src/chrome/content/rules/CompaniesInTheUK.xml
+++ b/src/chrome/content/rules/CompaniesInTheUK.xml
@@ -2,7 +2,7 @@
   <target host="companiesintheuk.co.uk" />
   <target host="www.companiesintheuk.co.uk" />
 
-  <securecookie host="^(?:.+\.)?companiesintheuk\.co\.uk$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Company-target.com.xml b/src/chrome/content/rules/Company-target.com.xml
deleted file mode 100644
index a1476b43a438..000000000000
--- a/src/chrome/content/rules/Company-target.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .company-target.com
-
--->
-<ruleset name="company-target.com">
-
-	<target host="a.company-target.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.company-target\.com$" name="^tuuid$" /-->
-
-	<securecookie host="^\.company-target\.com$" name="" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Compaq.com.xml b/src/chrome/content/rules/Compaq.com.xml
deleted file mode 100644
index e49b6374260c..000000000000
--- a/src/chrome/content/rules/Compaq.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Hewlett Packard coverage, see Hewlett-Packard.xml.
-
--->
-<ruleset name="Compaq.com">
-
-	<target host="compaq.com" />
-	<target host="www.compaq.com" />
-
-
-	<rule from="^http://(?:www\.)?compaq\.com/"
-		to="https://www.compaq.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CompareTheMarket.xml b/src/chrome/content/rules/CompareTheMarket.xml
index d001f8c7c038..214b9d9412c6 100644
--- a/src/chrome/content/rules/CompareTheMarket.xml
+++ b/src/chrome/content/rules/CompareTheMarket.xml
@@ -41,7 +41,7 @@ Fetch error: http://contact.comparethemarket.com/ => https://contact.comparethem
 		- www.comparethemarket.com
 
 -->
-<ruleset name="Compare The Market.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Compare The Market.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Comparis.xml b/src/chrome/content/rules/Comparis.xml
index dabe1a950133..cfbec9125013 100644
--- a/src/chrome/content/rules/Comparis.xml
+++ b/src/chrome/content/rules/Comparis.xml
@@ -1,7 +1,7 @@
 <ruleset name="Comparis.ch">
         <target host="comparis.ch" />
         <target host="*.comparis.ch" />
-        <securecookie host="^(?:.*\.)?comparis\.ch$" name=".+" />
+        <securecookie host=".+" name=".+"/>
 
         <rule from="^http://comparis\.ch/"
             to="https://www.comparis.ch/" />
diff --git a/src/chrome/content/rules/CompassIslam.com.xml b/src/chrome/content/rules/CompassIslam.com.xml
deleted file mode 100644
index aa14273bf26e..000000000000
--- a/src/chrome/content/rules/CompassIslam.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="CompassIslam.com">
-	<target host="compassislam.com" />
-	<target host="www.compassislam.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Compasscard.ca.xml b/src/chrome/content/rules/Compasscard.ca.xml
deleted file mode 100644
index b388deafb0f5..000000000000
--- a/src/chrome/content/rules/Compasscard.ca.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="TransLink Compass Card">
-
-	<target host="compasscard.ca" />
-	<target host="*.compasscard.ca" />
-
-	<test url="http://www.compasscard.ca/" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Compendium.com.xml b/src/chrome/content/rules/Compendium.com.xml
index b2b0bdaf1dfe..1348998a3eb0 100644
--- a/src/chrome/content/rules/Compendium.com.xml
+++ b/src/chrome/content/rules/Compendium.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.compendium.com/ => https://www.oracle.com/us/corporate/a
 		- imagefilter.app.compendium.com
 
 -->
-<ruleset name="Compendium.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Compendium.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Compendium.xml b/src/chrome/content/rules/Compendium.xml
deleted file mode 100644
index 70706e614092..000000000000
--- a/src/chrome/content/rules/Compendium.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Oracle coverage, see Oracle.xml.
-
-
-	^compendiumblog.com: Dropped over http & https
-
--->
-<ruleset name="Compendium Blog.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="*.compendiumblog.com" />
-
-	<!--	Complications:
-				-->
-
-		<test url="http://www.compendiumblog.com/" />
-
-
-	<rule from="^http://(?:cdn|global)\.content\.compendiumblog\.com/"
-		to="https://s3.amazonaws.com/global.content.compendiumblog.com/" />
-
-	<!--	www & unique subdomains for blogs.	-->
-	<rule from="^http://(\w+)\.compendiumblog\.com/"
-		to="https://$1.compendiumblog.com/" />
-
-		<test url="http://www.compendiumblog.com/recover" />
-
-	<rule from="^http://cdn2\.content\.compendiumblog\.com/"
-		to="https://cdn2.content.compendiumblog.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Compete.xml b/src/chrome/content/rules/Compete.xml
index 9a3b06ab3c22..48c8e206be6f 100644
--- a/src/chrome/content/rules/Compete.xml
+++ b/src/chrome/content/rules/Compete.xml
@@ -23,7 +23,7 @@ Fetch error: http://c.compete.com/ => https://c.compete.com/: (6, 'Could not res
 		- srp
 
 -->
-<ruleset name="Compete (partial)" default_off='failed ruleset test'>
+<ruleset name="Compete (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml b/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml
index 35ad0e759ed4..f4892140b3fe 100644
--- a/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml
+++ b/src/chrome/content/rules/Competitive_Enterprise_Institute-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?cei\.org/"
 		to="https://cei.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Competitive_Enterprise_Institute.xml b/src/chrome/content/rules/Competitive_Enterprise_Institute.xml
index 24972d0df302..a7058e435a7a 100644
--- a/src/chrome/content/rules/Competitive_Enterprise_Institute.xml
+++ b/src/chrome/content/rules/Competitive_Enterprise_Institute.xml
@@ -13,7 +13,7 @@ Fetch error: http://shop.cei.org/ => https://shop.cei.org/: (60, 'SSL certificat
 		- (www.)	(expired 2011-06-12, CN: plesk)
 
 -->
-<ruleset name="Competitive Enterprise Institute (partial)" default_off='failed ruleset test'>
+<ruleset name="Competitive Enterprise Institute (partial)" default_off="failed ruleset test">
 
 	<target host="shop.cei.org" />
 
@@ -23,4 +23,4 @@ Fetch error: http://shop.cei.org/ => https://shop.cei.org/: (60, 'SSL certificat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Compiz-themes.org.xml b/src/chrome/content/rules/Compiz-themes.org.xml
deleted file mode 100644
index f4f216ed130e..000000000000
--- a/src/chrome/content/rules/Compiz-themes.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other openDesktop rules, see openDesktop.org.xml
-
--->
-<ruleset name="Compiz-themes.org">
-
-	<target host="compiz-themes.org" />
-	<target host="www.compiz-themes.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Compiz.xml b/src/chrome/content/rules/Compiz.xml
index 771fa5e25981..80c2b5b171cb 100644
--- a/src/chrome/content/rules/Compiz.xml
+++ b/src/chrome/content/rules/Compiz.xml
@@ -1,9 +1,23 @@
 <ruleset name="Compiz" default_off="Certificate mismatch">
 
 	<target host="compiz.org" />
-	<target host="*.compiz.org" />
+	<target host="www.compiz.org" />
+	<target host="cgit.compiz.org" />
+	<target host="forum.compiz.org" />
+	<target host="gitweb.compiz.org" />
+	<target host="lists.compiz.org" />
+	<target host="planet.compiz.org" />
+	<target host="releases.compiz.org" />
+	<target host="wiki.compiz.org" />
 	<target host="compiz-fusion.org" />
-	<target host="*.compiz-fusion.org" />
+	<target host="www.compiz-fusion.org" />
+	<target host="cgit.compiz-fusion.org" />
+	<target host="forum.compiz-fusion.org" />
+	<target host="gitweb.compiz-fusion.org" />
+	<target host="lists.compiz-fusion.org" />
+	<target host="planet.compiz-fusion.org" />
+	<target host="releases.compiz-fusion.org" />
+	<target host="wiki.compiz-fusion.org" />
 
 	<rule from="^http://(?:www\.)?compiz(?:-fusion)?\.org/"
 		to="https://www.compiz.org/" />
diff --git a/src/chrome/content/rules/CompletelyPrivateFiles.com.xml b/src/chrome/content/rules/CompletelyPrivateFiles.com.xml
index 793cf4289e53..1b6a59c2fdeb 100644
--- a/src/chrome/content/rules/CompletelyPrivateFiles.com.xml
+++ b/src/chrome/content/rules/CompletelyPrivateFiles.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://completelyprivatefiles.com/ => https://completelyprivatefiles.com/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
 Fetch error: http://www.completelyprivatefiles.com/ => https://www.completelyprivatefiles.com/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
 -->
-<ruleset name="CompletelyPrivateFiles.com" default_off='failed ruleset test'>
+<ruleset name="CompletelyPrivateFiles.com" default_off="failed ruleset test">
 
 	<target host="completelyprivatefiles.com" />
 	<target host="www.completelyprivatefiles.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.completelyprivatefiles.com/ => https://www.completelypri
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ComplianceSigns.com.xml b/src/chrome/content/rules/ComplianceSigns.com.xml
index 2c51336f04c2..8454b8327b2f 100644
--- a/src/chrome/content/rules/ComplianceSigns.com.xml
+++ b/src/chrome/content/rules/ComplianceSigns.com.xml
@@ -36,7 +36,8 @@
 <ruleset name="ComplianceSigns.com">
 
 	<target host="compliancesigns.com" />
-	<target host="*.compliancesigns.com" />
+	<target host="cdn.compliancesigns.com" />
+	<target host="www.compliancesigns.com" />
 
 
 	<!--	name="^rv[1-5]$"
@@ -47,4 +48,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?compliancesigns\.com/"
 		to="https://www.compliancesigns.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CompraNoExterior.com.br.xml b/src/chrome/content/rules/CompraNoExterior.com.br.xml
deleted file mode 100644
index b2d3d5e22b71..000000000000
--- a/src/chrome/content/rules/CompraNoExterior.com.br.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1h9c8t56th1se.cloudfront.net
-
-			- cdn
-			- cdn1
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
--->
-<ruleset name="CompraNoExterior.com.br (partial)">
-
-	<target host="*.compranoexterior.com.br" />
-
-
-	<rule from="^http://cdn1?\.compranoexterior\.com\.br/"
-		to="https://d1h9c8t56th1se.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Comprehensive-C-Archive-Network.xml b/src/chrome/content/rules/Comprehensive-C-Archive-Network.xml
deleted file mode 100644
index 0a84139edbeb..000000000000
--- a/src/chrome/content/rules/Comprehensive-C-Archive-Network.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - mx.ccodearchive.net
-			 - ns.ccodearchive.net
--->
-<ruleset name="Comprehensive C Archive Network">
-	<target host="ccodearchive.net" />
-	<target host="www.ccodearchive.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Computec-Academy.de.xml b/src/chrome/content/rules/Computec-Academy.de.xml
index 0696388d6db3..3c60ac354ac6 100644
--- a/src/chrome/content/rules/Computec-Academy.de.xml
+++ b/src/chrome/content/rules/Computec-Academy.de.xml
@@ -8,7 +8,7 @@
 	² Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Computec-Academy.de (partial)" default_off="missing certificate chain">
+<ruleset name="Computec-Academy.de (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ComputerCraft.ru.xml b/src/chrome/content/rules/ComputerCraft.ru.xml
new file mode 100644
index 000000000000..9ce070d77ffe
--- /dev/null
+++ b/src/chrome/content/rules/ComputerCraft.ru.xml
@@ -0,0 +1,20 @@
+<!--
+	Refused:
+		- server0.computercraft.ru
+
+	Mismatched:
+		- bridge.computercraft.ru
+		- lk.computercraft.ru
+		- mail.computercraft.ru
+		- old.computercraft.ru
+		- opencomputers-3d.computercraft.ru
+		- shop.computercraft.ru
+		- stem.computercraft.ru
+-->
+<ruleset name="ComputerCraft.ru">
+	<target host="computercraft.ru" />
+	<target host="www.computercraft.ru" />
+	<target host="server1.computercraft.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ComputerWorld.xml b/src/chrome/content/rules/ComputerWorld.xml
index 7915f8028c80..7aea1c16cdd2 100644
--- a/src/chrome/content/rules/ComputerWorld.xml
+++ b/src/chrome/content/rules/ComputerWorld.xml
@@ -56,7 +56,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://events\.computerworld\.com/" 
+	<rule from="^http://events\.computerworld\.com/"
 			to="https://eiseverywhere.com/ehome/Computerworld/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Computer_Fulfillment.xml b/src/chrome/content/rules/Computer_Fulfillment.xml
index 324d0c747000..d430cbb5e4e4 100644
--- a/src/chrome/content/rules/Computer_Fulfillment.xml
+++ b/src/chrome/content/rules/Computer_Fulfillment.xml
@@ -11,7 +11,7 @@ Fetch error: http://computerfulfillment.com/ => https://www.computerfulfillment.
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Computer Fulfillment" default_off='failed ruleset test'>
+<ruleset name="Computer Fulfillment" default_off="failed ruleset test">
 
 	<target host="computerfulfillment.com" />
 	<target host="www.computerfulfillment.com" />
@@ -20,4 +20,4 @@ Fetch error: http://computerfulfillment.com/ => https://www.computerfulfillment.
 	<rule from="^http://(?:www\.)?computerfulfillment\.com/"
 		to="https://www.computerfulfillment.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Compuware_Gomez.xml b/src/chrome/content/rules/Compuware_Gomez.xml
index e2f5f35c8e14..67ebfe63a095 100644
--- a/src/chrome/content/rules/Compuware_Gomez.xml
+++ b/src/chrome/content/rules/Compuware_Gomez.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.gomez.com/ => https://www.gomez.com/: (28, 'Connection t
 		- ^gomez.com	(expired, self-signed)
 
 -->
-<ruleset name="Compuware Gomez" default_off='failed ruleset test'>
+<ruleset name="Compuware Gomez" default_off="failed ruleset test">
 
 	<target host="*.r.axf8.net" />
 	<target host="gomez.com" />
diff --git a/src/chrome/content/rules/Con-tech.de.xml b/src/chrome/content/rules/Con-tech.de.xml
index f6b98d9b8963..0ac68a23dea9 100644
--- a/src/chrome/content/rules/Con-tech.de.xml
+++ b/src/chrome/content/rules/Con-tech.de.xml
@@ -15,7 +15,7 @@ Fetch error: http://ct-cds.con-tech.de/ => https://ct-cds.con-tech.de/: (7, 'Fai
 		- stat02	(works; expired 2012-03-01, self-signed, CN: Parallels Panel)
 
 -->
-<ruleset name="con-tech.de (partial)" default_off='failed ruleset test'>
+<ruleset name="con-tech.de (partial)" default_off="failed ruleset test">
 
 	<target host="ct-cds.con-tech.de" />
 
@@ -25,4 +25,4 @@ Fetch error: http://ct-cds.con-tech.de/ => https://ct-cds.con-tech.de/: (7, 'Fai
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ConSecur.xml b/src/chrome/content/rules/ConSecur.xml
index 7e71508aacd0..1b118d4d2490 100644
--- a/src/chrome/content/rules/ConSecur.xml
+++ b/src/chrome/content/rules/ConSecur.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Concrete5.xml b/src/chrome/content/rules/Concrete5.xml
index 4bca3f99bac4..ab78d56ebeb0 100644
--- a/src/chrome/content/rules/Concrete5.xml
+++ b/src/chrome/content/rules/Concrete5.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ConcreteConstruction.net.xml b/src/chrome/content/rules/ConcreteConstruction.net.xml
new file mode 100644
index 000000000000..2ecb8c7bd325
--- /dev/null
+++ b/src/chrome/content/rules/ConcreteConstruction.net.xml
@@ -0,0 +1,14 @@
+<!--
+	TLS protocol error:
+		- concreteconstruction.net, equivalent to www.concreteconstruction.net
+-->
+
+<ruleset name="ConcreteConstruction.net">
+	<target host="concreteconstruction.net" />
+	<target host="www.concreteconstruction.net" />
+
+	<rule from="^http://concreteconstruction\.net/"
+		to="https://www.concreteconstruction.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Concur.com.xml b/src/chrome/content/rules/Concur.com.xml
index 9be3c81ee9ea..04eacb1d18f2 100644
--- a/src/chrome/content/rules/Concur.com.xml
+++ b/src/chrome/content/rules/Concur.com.xml
@@ -13,7 +13,10 @@
 <ruleset name="Concur.com">
 
 	<target host="concur.com" />
-	<target host="*.concur.com" />
+	<target host="assets.concur.com" />
+	<target host="developer.concur.com" />
+	<target host="fusion.concur.com" />
+	<target host="www.concur.com" />
 
 
 	<!--	Not secured by server:
@@ -25,7 +28,6 @@
 	<securecookie host="^(?:\.?developer\.)?concur\.com$" name=".+" />
 
 
-	<rule from="^http://((?:assets|developer|fusion|www)\.)?concur\.com/"
-		to="https://$1concur.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conde-Nast-mismatches.xml b/src/chrome/content/rules/Conde-Nast-mismatches.xml
index 30df8b61df99..711298c29a96 100644
--- a/src/chrome/content/rules/Conde-Nast-mismatches.xml
+++ b/src/chrome/content/rules/Conde-Nast-mismatches.xml
@@ -4,7 +4,6 @@
 -->
 <ruleset name="Condé Nast (mismatches)" default_off="expired, mismatch, self-signed">
 
-	<target host="jobs.arstechnica.com" />
 	<target host="thumbnailer.thestudio.condenast.com" />
 	<!--
 		Expired.
@@ -14,18 +13,12 @@
 	<target host="blog.details.com" />
 	<target host="golfdigestschool.com" />
 	<target host="www.golfdigestschool.com" />
-	<target host="vanityfair.com" />
-	<target host="www.vanityfair.com" />
 	<target host="vf.com" />
 	<target host="www.vf.com" />
 
 
 	<securecookie host="^designcentersearch\.com$" name=".+" />
 
-
-	<rule from="^http://jobs\.arstechnica\.com/"
-		to="https://jobs.arstechnica.com/" />
-
 	<!--	Akamai.
 				-->
 	<rule from="^http://thumbnailer\.thestudio\.condenast\.com/"
@@ -40,14 +33,6 @@
 	<rule from="^http://(?:www\.)?golfdigestschool\.com/"
 		to="https://www.golfdigestschool.com/" />
 
-	<!--	Condé Nast cert matches www.vanityfair.com
-		and stag.vanityfair.com, so presumably
-		support is forthcoming.
-							-->
-	<rule from="^http://(?:www\.)?v(?:anityfair|f)\.com/"
-		to="https://www.vanityfair.com/" />
-
-	<rule from="^http://stag\.vanityfair\.com/"
-		to="https://stag.vanityfair.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conde-Nast.xml b/src/chrome/content/rules/Conde-Nast.xml
index 6f32153fa3bd..f102612d09dd 100644
--- a/src/chrome/content/rules/Conde-Nast.xml
+++ b/src/chrome/content/rules/Conde-Nast.xml
@@ -1,24 +1,19 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.condenast.com/ => https://www.condenast.com/: Too many redirects while fetching 'https://www.condenast.com/'
-Fetch error: http://condenast.com/ => https://www.condenast.com/: Too many redirects while fetching 'https://www.condenast.com/'
-
 	For problematic rules, see Conde-Nast-mismatches.xml.
 
 
 	Other Condé Nast rulesets:
 
-		- Ars-Technica.xml
-		- Conde_Nast.co.uk.xml
+		- ArsTechnica.co.uk.xml
+		- ArsTechnica.com.xml
+		- ArsTechnica.net.xml
 		- Conde_Nast_Digital.com.xml
 		- Conde_Nast_Traveler.xml
 		- Conde_Nast_store.com.xml
 		- Condenet.com.xml
 		- Details.xml
-		- Golf_Digest.xml
 		- GQ.xml
-		- GQ-magazine.co.uk.xml
+		- Golf_Digest.xml
 		- Style.com.xml
 		- The-New-Yorker.xml
 		- Vanity-Fair.xml
@@ -49,22 +44,14 @@ Fetch error: http://condenast.com/ => https://www.condenast.com/: Too many redir
 		- www.webmonkey.com			(Akamai; 503)
 
 -->
-<ruleset name="Conde Nast.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="fonts.condenast.com" />
-	<target host="www.condenast.com" />
+<ruleset name="Conde Nast.com (partial)">
 
-	<!--	Complications:
-				-->
 	<target host="condenast.com" />
+	<target host="www.condenast.com" />
+	<target host="fonts.condenast.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://condenast\.com/"
-		to="https://www.condenast.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast.co.uk.xml b/src/chrome/content/rules/Conde_Nast.co.uk.xml
deleted file mode 100644
index 2c039465d217..000000000000
--- a/src/chrome/content/rules/Conde_Nast.co.uk.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For other Condé Nast coverage, see Conde-Nast.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/img.condenast.co.uk/	| dvcpqzrjfwvhx.cloudfront.net	
-			- aws permanently redirects.
-
-		- dg9g3lm9lsog5.cloudfront.net
-
-			- cnda.condenast.co.uk
-
-		- dvcpqzrjfwvhx.cloudfront.net
-
-			- cdni.condenast.co.uk
-
-
-	Problematic subdomains:
-
-		- cdni.condenast.co.uk		(mismatched, 403 when rewritten to dvcpqzrjfwvhx.cloudfront.net)
-		- cnda.condenast.co.uk		(mismatched, CN: *.cloudfront.net)
-
--->
-<ruleset name="Conde Nast.co.uk (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="cdni.condenast.co.uk" />
-	<target host="cnda.condenast.co.uk" />
-
-
-	<rule from="^http://cdni\.condenast\.co\.uk/"
-		to="https://s3-eu-west-1.amazonaws.com/img.condenast.co.uk/" />
-
-	<rule from="^http://cnda\.condenast\.co\.uk/"
-		to="https://dg9g3lm9lsog5.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml b/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml
index 9cf6b8f400f5..5e363b14b8e1 100644
--- a/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml
+++ b/src/chrome/content/rules/Conde_Nast_Traveler-problematic.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://stag\.cntraveler\.com/"
 		to="https://stag.cntraveler.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast_Traveler.xml b/src/chrome/content/rules/Conde_Nast_Traveler.xml
index 1c07a0156a83..782df38563b7 100644
--- a/src/chrome/content/rules/Conde_Nast_Traveler.xml
+++ b/src/chrome/content/rules/Conde_Nast_Traveler.xml
@@ -29,7 +29,8 @@
 -->
 <ruleset name="Condé Nast Traveler (partial)">
 
-	<target host="*.cntraveler.com" />
+	<target host="secure.cntraveler.com" />
+	<target host="stats2.cntraveler.com" />
 
 
 	<!--	Omniture tracking cookies:
@@ -37,10 +38,9 @@
 	<securecookie host="^\.cntraveler\.com$" name="^s_\w+$" />
 
 
-	<rule from="^http://secure\.cntraveler\.com/"
-		to="https://secure.cntraveler.com/" />
 
 	<rule from="^http://stats2\.cntraveler\.com/"
 		to="https://condenast.112.2o7.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Conde_Nast_store.com.xml b/src/chrome/content/rules/Conde_Nast_store.com.xml
index 77df94ab069f..89493d1a5572 100644
--- a/src/chrome/content/rules/Conde_Nast_store.com.xml
+++ b/src/chrome/content/rules/Conde_Nast_store.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://condenaststore.com/ => https://www.condenaststore.com/: (51,
 	* Secured by us
 
 -->
-<ruleset name="Conde Nast store.com" default_off='failed ruleset test'>
+<ruleset name="Conde Nast store.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Condenet.com.xml b/src/chrome/content/rules/Condenet.com.xml
index f04503378b81..ac351acc8fa1 100644
--- a/src/chrome/content/rules/Condenet.com.xml
+++ b/src/chrome/content/rules/Condenet.com.xml
@@ -12,7 +12,7 @@
 		- Bug on subscribe from condenast.112.2o7.net *
 
 	* Secured by us
-		- 
+		-
 -->
 <ruleset name="Condenet.com (partial)">
 
diff --git a/src/chrome/content/rules/Condominiums_for_Everyone.xml b/src/chrome/content/rules/Condominiums_for_Everyone.xml
index e36dafe8cd0f..370593e2d049 100644
--- a/src/chrome/content/rules/Condominiums_for_Everyone.xml
+++ b/src/chrome/content/rules/Condominiums_for_Everyone.xml
@@ -8,10 +8,10 @@ Fetch error: http://condosforeveryone.com/ => https://www.condosforeveryone.com/
 	!www times out.
 
 -->
-<ruleset name="Condominiums for Everyone" default_off='failed ruleset test'>
+<ruleset name="Condominiums for Everyone" default_off="failed ruleset test">
 
 	<target host="condosforeveryone.com" />
-	<target host="*.condosforeveryone.com" />
+	<target host="www.condosforeveryone.com" />
 
 
 	<securecookie host="^\.condosforeveryone\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Conduit-data.com.xml b/src/chrome/content/rules/Conduit-data.com.xml
index dd3818adc995..00aaa0080b07 100644
--- a/src/chrome/content/rules/Conduit-data.com.xml
+++ b/src/chrome/content/rules/Conduit-data.com.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://([\w-]+)\.conduit-data\.com/"
 		to="https://$1.conduit-data.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Conduit.xml b/src/chrome/content/rules/Conduit.xml
index 1c7e2aaebfd3..d1ba48ddc939 100644
--- a/src/chrome/content/rules/Conduit.xml
+++ b/src/chrome/content/rules/Conduit.xml
@@ -45,10 +45,18 @@ Fetch error: http://conduit.com/ => https://conduit.com/: (60, 'SSL certificate
 	² Secured by us
 
 -->
-<ruleset name="Conduit (partial)" default_off='failed ruleset test'>
+<ruleset name="Conduit (partial)" default_off="failed ruleset test">
 
 	<target host="conduit.com" />
-	<target host="*.conduit.com" />
+	<target host="api.conduit.com" />
+	<target host="accounts.conduit.com" />
+	<target host="my.conduit.com" />
+	<target host="sso.conduit.com" />
+	<target host="storage.conduit.com" />
+	<target host="toolbar.conduit.com" />
+	<target host="www.conduit.com" />
+	<target host="mobilecp.conduit.com" />
+	<target host="mobilesupport.conduit.com" />
 
 
 	<securecookie host="^.*\.conduit\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Confederation_of_Danish_Industry.xml b/src/chrome/content/rules/Confederation_of_Danish_Industry.xml
index 02809b420a32..27113940ee4d 100644
--- a/src/chrome/content/rules/Confederation_of_Danish_Industry.xml
+++ b/src/chrome/content/rules/Confederation_of_Danish_Industry.xml
@@ -8,7 +8,7 @@ Non-2xx HTTP code: http://itek.di.dk/ (200) => https://itek.di.dk/ (503)
 		- (www.)	($ & sitecollectionimages/ 404)
 
 -->
-<ruleset name="Confederation of Danish Industry (partial)" default_off='failed ruleset test'>
+<ruleset name="Confederation of Danish Industry (partial)" default_off="failed ruleset test">
 
 	<target host="di.dk" />
 	<target host="itek.di.dk" />
@@ -21,4 +21,4 @@ Non-2xx HTTP code: http://itek.di.dk/ (200) => https://itek.di.dk/ (503)
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Confirmit.xml b/src/chrome/content/rules/Confirmit.xml
index f17e77e078ac..aecfaf63e30a 100644
--- a/src/chrome/content/rules/Confirmit.xml
+++ b/src/chrome/content/rules/Confirmit.xml
@@ -18,13 +18,22 @@
 <ruleset name="Confirmit">
 
 	<target host="confirmit.com" />
-	<target host="*.confirmit.com" />
+	<target host="author.confirmit.com" />
+	<target host="euro.confirmit.com" />
+	<target host="us.confirmit.com" />
+	<target host="cdn.euro.confirmit.com" />
+	<target host="cdn.us.confirmit.com" />
+	<target host="author.euro.confirmit.com" />
+	<target host="reportal.euro.confirmit.com" />
+	<target host="extranet.confirmit.com" />
+	<target host="reportal.us.confirmit.com" />
+	<target host="www.confirmit.com" />
+	<target host="www10.confirmit.com" />
 
 
-	<securecookie host="^(?:.*\.)?confirmit\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:author|(?:cdn\.)?(?:euro|us)|(?:author|reportal)\.euro|extranet|reportal\.us|www|www10)\.)?confirmit\.com/"
-		to="https://$1confirmit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Conformal-Systems.xml b/src/chrome/content/rules/Conformal-Systems.xml
index c4229dcaa442..d5e88137fd48 100644
--- a/src/chrome/content/rules/Conformal-Systems.xml
+++ b/src/chrome/content/rules/Conformal-Systems.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.conformal.com/ => https://www.conformal.com/: (6, 'Could
 		- opensource
 
 -->
-<ruleset name="Conformal.com" default_off='failed ruleset test'>
+<ruleset name="Conformal.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -27,7 +27,7 @@ Fetch error: http://www.conformal.com/ => https://www.conformal.com/: (6, 'Could
 	<target host="www.conformal.com" />
 
 
-	<securecookie host="^(?:.*\.)?conformal\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Congstar.xml b/src/chrome/content/rules/Congstar.xml
index f0af0c7aa13c..c2c90254dd69 100644
--- a/src/chrome/content/rules/Congstar.xml
+++ b/src/chrome/content/rules/Congstar.xml
@@ -1,8 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mgm.congstar.de/ => https://mgm.congstar.de/: (51, "SSL: no alternative certificate subject name matches target host name 'mgm.congstar.de'")
-
 	Other congstar rulesets:
 
 		- Congstar-media.de.xml
@@ -26,15 +22,30 @@ Fetch error: http://mgm.congstar.de/ => https://mgm.congstar.de/: (51, "SSL: no
 
 	* Secured by us
 
+	No alternative certificate subject name matches target host name:
+		- adventskalender.congstar.de
+		- handyhilfe.congstar.de
+
 -->
-<ruleset name="congstar" default_off='failed ruleset test'>
+<ruleset name="congstar (partial)">
 
 	<target host="congstar.de" />
+	<target host="www.congstar.de" />
+	<target host="app.congstar.de" />
+	<target host="aufladefinder.congstar.de" />
+	<target host="banner.congstar.de" />
+	<target host="callback.congstar.de" />
+	<target host="chat.congstar.de" />
+	<target host="cms.congstar.de" />
 	<target host="freundewerben.congstar.de" />
+	<target host="gadgets.congstar.de" />
 	<target host="gewinnspiel.congstar.de" />
-	<target host="mgm.congstar.de" />
+	<target host="gluecksrad.congstar.de" />
+	<target host="jamobil.congstar.de" />
+	<target host="m.congstar.de" />
+	<target host="personalverkauf.congstar.de" />
 	<target host="prepaid.congstar.de" />
-	<target host="www.congstar.de" />
+	<target host="vertriebsportal.congstar.de" />
 
 
 	<!--	Not secured by server:
@@ -54,7 +65,6 @@ Fetch error: http://mgm.congstar.de/ => https://mgm.congstar.de/: (51, "SSL: no
 	<securecookie host="^freundewerben\.congstar\.de$" name=".+" />
 
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ConnMan.xml b/src/chrome/content/rules/ConnMan.xml
index e5ae008e645e..dc81cb8f783b 100644
--- a/src/chrome/content/rules/ConnMan.xml
+++ b/src/chrome/content/rules/ConnMan.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.connman.net/ => https://www.connman.net/: (7, 'Failed to
 Disabled by https-everywhere-checker because:
 Fetch error: http://connman.net/ => https://connman.net/: (7, 'Failed to connect to connman.net port 443: Connection refused')
 -->
-<ruleset name="ConnMan" default_off='failed ruleset test'>
+<ruleset name="ConnMan" default_off="failed ruleset test">
 
 	<target host="connman.net" />
 	<target host="www.connman.net" />
diff --git a/src/chrome/content/rules/ConnectMyPhone.com.xml b/src/chrome/content/rules/ConnectMyPhone.com.xml
index c2b1dc5f8723..85e91f955878 100644
--- a/src/chrome/content/rules/ConnectMyPhone.com.xml
+++ b/src/chrome/content/rules/ConnectMyPhone.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?connectmyphone\.com/"
 		to="https://connectmyphone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Connectify.me.xml b/src/chrome/content/rules/Connectify.me.xml
new file mode 100644
index 000000000000..a55a3acc6576
--- /dev/null
+++ b/src/chrome/content/rules/Connectify.me.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- cloud.connectify.me
+-->
+
+<ruleset name="Connectify.me">
+	<target host="connectify.me" />
+	<target host="www.connectify.me" />
+	<target host="appscreens.connectify.me" />
+	<target host="d1.connectify.me" />
+	<target host="d3.connectify.me" />
+	<target host="downloads.connectify.me" />
+	<target host="downloads2.connectify.me" />
+	<target host="downloads3.connectify.me" />
+	<target host="support.connectify.me" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Connexity.net.xml b/src/chrome/content/rules/Connexity.net.xml
index c6d6a5eeb1dc..7f4d88f8d538 100644
--- a/src/chrome/content/rules/Connexity.net.xml
+++ b/src/chrome/content/rules/Connexity.net.xml
@@ -1,38 +1,39 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://connexity.net/ => https://connexity.net/: (52, 'Empty reply from server')
-
-	Nonfunctional subdomains:
-
-		- www	(reset; mismatched, CN: pro.connexity.net)
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .connexity.net
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
+	Empty reply:
+		- connexity.net
+		- cse.connexity.net
+		- pxl.connexity.net
+
+	Cert mismatch:
+		- www.connexity.net
+		- cse.prod.connexity.net
+		- link.connexity.net
+		- s.connexity.net
+		- t.connexity.net
+		- u.connexity.net
+
+	Cert expired:
+		- pm-rtb-fkb.connexity.net
+
+	Timeout:
+		- ax-rtb-fkb.connexity.net
+		- cm-rtb-fkb.connexity.net
+		- ox-rtb-fkb.connexity.net
+		- pp-rtb-fkb.connexity.net
+		- rtb.connexity.net
+		- yax-rtb-fkb.connexity.net
 -->
-<ruleset name="Connexity.net" default_off='failed ruleset test'>
+<ruleset name="Connexity.net (partial)" >
 
-	<target host="connexity.net" />
+	<target host="api.connexity.net" />
+	<target host="cpa.connexity.net" />
+	<target host="dude.connexity.net" />
+	<target host="mxl.connexity.net" />
 	<target host="rd.connexity.net" />
+	<target host="rd2.connexity.net" />
+	<target host="up.connexity.net" />
 
-		<!--	Sets cookies without Secure:
-							-->
-		<test url="http://rd.connexity.net/rd2?mid=&amp;catId=&amp;prodId=&amp;tokenId=&amp;lg=&amp;bAmt=&amp;ppr=&amp;oid=&amp;atom=&amp;bidType=&amp;bId=&amp;mpid=&amp;countryCode=US&amp;t=&amp;br=&amp;rf=&amp;vsc=&amp;rdrSerial=" />
-
-
-	<!--	Not secured by server, set by rd:
-							-->
-	<!--securecookie host="^\.connexity\.net$" name="^(?:COu|br|rf)$" /-->
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\." name="^(?:COu|br|refresh|rf|sync)$" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/ConnochaetOS.org.xml b/src/chrome/content/rules/ConnochaetOS.org.xml
deleted file mode 100644
index 2d77d183ae0d..000000000000
--- a/src/chrome/content/rules/ConnochaetOS.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="ConnochaetOS.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="connochaetos.org" />
-	<target host="www.connochaetos.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Conrad_Electronic.xml b/src/chrome/content/rules/Conrad_Electronic.xml
index 24ebf9b807ac..eb4d0e8c3a5a 100644
--- a/src/chrome/content/rules/Conrad_Electronic.xml
+++ b/src/chrome/content/rules/Conrad_Electronic.xml
@@ -9,7 +9,7 @@
 		conrad.sk (mismatch)
 		www.conrad.sk (mismatch)
 		velkoobchod.conrad.sk (mismatch)
-		
+
 	Redirect to HTTP:
 		www.conrad.be
 		conrad.com
@@ -32,7 +32,7 @@
 		conrad.it
 		conrad.nl (redirect rule as workaround)
 		conrad-electronic.co.uk
-	
+
 	Status code mismatch:
 		api.conrad.com
 
@@ -78,18 +78,18 @@
 	<target host="conrad.si" />
 	<target host="www.conrad.si" />
 	<target host="m.conrad.si" />
-	
+
 	<!-- status code mismatch - fails test, would work fine otherwise
 	target even uses HSTS -->
 	<!--<target host="api.conrad.com" />-->
-	
+
 	<target host="asset.conrad.com" />
 	<target host="media.conrad.com" />
-	
+
 	<!-- rules disabled, certificate expired-->
 	<!-- <target host="produktinfo.conrad.com" />-->
 	<!-- <target host="www.produktinfo.conrad.com" />-->
-	
+
 	<securecookie host=".+" name=".+" />
 
     <!-- www.produktinfo.conrad.com is an alias for produktinfo.conrad.com and
@@ -101,28 +101,28 @@
 	<!-- fix sites which refuse connection without www subdomain-->
 	<rule from="^http://conrad\.at/"
 		to="https://www.conrad.at/" />
-	
+
 	<rule from="^http://conrad\.ch/"
-		to="https://www.conrad.ch/" />	
-		
+		to="https://www.conrad.ch/" />
+
 	<rule from="^http://biz-conrad\.ch/"
 		to="https://www.biz-conrad.ch/" />
 
 	<rule from="^http://conrad\.biz/"
 		to="https://www.conrad.biz/" />
-	
+
 	<rule from="^http://conrad\.de/"
 		to="https://www.conrad.de/" />
 
 	<rule from="^http://conrad\.hu/"
 		to="https://www.conrad.hu/" />
-	
+
 	<rule from="^http://conrad\.nl/"
 		to="https://www.conrad.nl/" />
-	
+
 	<!-- no redirects to www subdomain for broken m subdomains, the redirects seen
 	without HTTPS might be (or become) User-Agent or viewport dependent -->
-			
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Consensus911.org.xml b/src/chrome/content/rules/Consensus911.org.xml
new file mode 100644
index 000000000000..a95cc82027aa
--- /dev/null
+++ b/src/chrome/content/rules/Consensus911.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Consensus911.org">
+	<target host="consensus911.org" />
+	<target host="www.consensus911.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Constant-Contact.xml b/src/chrome/content/rules/Constant-Contact.xml
index d3fa849a6c7a..bbb54e5f0ba2 100644
--- a/src/chrome/content/rules/Constant-Contact.xml
+++ b/src/chrome/content/rules/Constant-Contact.xml
@@ -77,7 +77,7 @@ Fetch error: http://news.constantcontact.com/sites/constantcontact.newshq.busine
 		- Images on about from static.ctctcdn.com
 
 -->
-<ruleset name="Constant Contact.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Constant Contact.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Consumentenbond.nl.xml b/src/chrome/content/rules/Consumentenbond.nl.xml
index a4951fcd542a..fc4a9393e647 100644
--- a/src/chrome/content/rules/Consumentenbond.nl.xml
+++ b/src/chrome/content/rules/Consumentenbond.nl.xml
@@ -4,7 +4,6 @@
 
   <rule from="^http:" to="https:" />
 
-  <test url="http://www.consumentenbond.nl/" />
   <test url="http://www.consumentenbond.nl/juridisch-advies/" />
   <test url="http://www.consumentenbond.nl/test/geld-verzekering/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Consumer.org.hk.xml b/src/chrome/content/rules/Consumer.org.hk.xml
index b03136918906..20b5d86dcd45 100644
--- a/src/chrome/content/rules/Consumer.org.hk.xml
+++ b/src/chrome/content/rules/Consumer.org.hk.xml
@@ -30,7 +30,7 @@ Fetch error: http://www4.consumer.org.hk/ => https://www4.consumer.org.hk/: (28,
 		Different content:
 			 - shopsmart.consumer.org.hk
 -->
-<ruleset name="Consumer Council (partial)" default_off='failed ruleset test'>
+<ruleset name="Consumer Council (partial)" default_off="failed ruleset test">
 	<target host="consumer.org.hk" />
 	<target host="www.consumer.org.hk" />
 	<target host="anywhere.consumer.org.hk" />
diff --git a/src/chrome/content/rules/ConsumerReports.xml b/src/chrome/content/rules/ConsumerReports.xml
index 2d0ddd6ebfd1..b6c227975d82 100644
--- a/src/chrome/content/rules/ConsumerReports.xml
+++ b/src/chrome/content/rules/ConsumerReports.xml
@@ -1,80 +1,20 @@
-<!--
-	For rules causing false/broken MCB, see Consumer_Reports.com-falsemixed.xml.
-
-	consumerreports.custhelp.com is handled in RightNow-clients.xml.
-
-
-	CDN buckets:
-
-		- dffe75s34hxl9.cloudfront.net
-			- static[1-4].consumerreportscdn.org
-
-		- news-consumerreports-org-1342602336.us-east-1.elb.amazonaws.com
-			- news.consumerreports.org
-
-
-	Nonfunctional domains:
-
-		- news.consumerreports.org
-
-
-	Problematic domains:
-
-		- (www.)consumerreports.org *
-		- web.consumerreports.org *
-
-	* Mixed css
-
-
-	Insecure cookies are set for these domains:
-
-		- .
-		- ec
-
-
-	Mixed content:
-
-		- css on web and www from static[1-4].consumerreportscdn.org *
-
-	* Secured by us
-
--->
-<ruleset name="Consumer Reports (partial)">
-
+<ruleset name="Consumer Reports">
+	<!-- consumerreports.org -->
 	<target host="consumerreports.org" />
+	<target host="www.consumerreports.org" />
+	<target host="custhelp.consumerreports.org" />
 	<target host="ec.consumerreports.org" />
+	<target host="news.consumerreports.org" />
 	<target host="web.consumerreports.org" />
-	<target host="www.consumerreports.org" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://(?:web\.|www\.)?consumerreports\.org/+(?!etc/|favicon\.ico)" />
-	<target host="*.consumerreportscdn.org" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.consumerreports\.org$" name="^(userKeycodes|userReferrer)$" /-->
-	<!--securecookie host="^ec\.consumerreports\.org$" name="^(JSESSIONID|pwipersist)$" /-->
+	<!-- consumerreportscdn.org -->
+	<target host="static1.consumerreportscdn.org" />
+	<target host="static2.consumerreportscdn.org" />
+	<target host="static3.consumerreportscdn.org" />
+	<target host="static4.consumerreportscdn.org" />
+	<target host="static5.consumerreportscdn.org" />
 
 	<securecookie host="^ec\.consumerreports\.org$" name=".+" />
 
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http://(?:www\.)?consumerreports\.org/"
-		to="https://www.consumerreports.org/" />
-
-	<!--	Many (all?) paths 301 back.
-
-	<rule from="^http://custhelp\.consumerreports\.org/"
-		to="https://consumerreports.custhelp.com/" /-->
-
-	<rule from="^http://(ec|web)\.consumerreports\.org/"
-		to="https://$1.consumerreports.org/" />
-
-	<rule from="^http://static[1-4]\.consumerreportscdn\.org/"
-		to="https://dffe75s34hxl9.cloudfront.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Consumer_Finance.gov.xml b/src/chrome/content/rules/Consumer_Finance.gov.xml
index 81512adbb73d..29c74b04575d 100644
--- a/src/chrome/content/rules/Consumer_Finance.gov.xml
+++ b/src/chrome/content/rules/Consumer_Finance.gov.xml
@@ -13,7 +13,7 @@
 
 	ʳ Refused
 
-	
+
 	^consumerfinance.gov Refused
 	www.consumerfinance.gov: Akamai
 
diff --git a/src/chrome/content/rules/Consumer_Reports.com-falsemixed.xml b/src/chrome/content/rules/Consumer_Reports.com-falsemixed.xml
deleted file mode 100644
index dc94642028df..000000000000
--- a/src/chrome/content/rules/Consumer_Reports.com-falsemixed.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see ConsumerReports.xml.
-
--->
-<ruleset name="Consumer Reports.com (false MCB)" platform="mixedcontent">
-
-	<target host="consumerreports.org" />
-	<target host="*.consumerreports.org" />
-
-
-	<securecookie host=".*\.consumerreports\.org$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http://(?:www\.)?consumerreports\.org/"
-		to="https://www.consumerreports.org/" />
-
-	<rule from="^http://web\.consumerreports\.org/"
-		to="https://web.consumerreports.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Consumers_Union.org.xml b/src/chrome/content/rules/Consumers_Union.org.xml
index 4e7edfbd634f..c6c300b41575 100644
--- a/src/chrome/content/rules/Consumers_Union.org.xml
+++ b/src/chrome/content/rules/Consumers_Union.org.xml
@@ -11,7 +11,8 @@
 <ruleset name="Consumers Union.org">
 
 	<target host="consumersunion.org" />
-	<target host="*.consumersunion.org" />
+	<target host="secure.consumersunion.org" />
+	<target host="www.consumersunion.org" />
 
 
 	<rule from="^http://(?:(secure\.)|www\.)?consumersunion\.org/"
diff --git a/src/chrome/content/rules/Contact_Privacy.xml b/src/chrome/content/rules/Contact_Privacy.xml
index ea68c26c9c2e..e2f01ba1165d 100644
--- a/src/chrome/content/rules/Contact_Privacy.xml
+++ b/src/chrome/content/rules/Contact_Privacy.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Contactual.xml b/src/chrome/content/rules/Contactual.xml
deleted file mode 100644
index f7bdfa371dec..000000000000
--- a/src/chrome/content/rules/Contactual.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Contactual (partial)">
-
-	<target host="mycontactual.com" />
-	<target host="*.mycontactual.com" />
-
-
-	<securecookie host="^na\d\.mycontactual\.com$" name=".+" />
-	<securecookie host="^\.?mycontactual\.com$" name="^WPJ_CM$" />
-
-
-	<rule from="^http://(na\d\.|www\.)?mycontactual\.com/"
-		to="https://$1mycontactual.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Content.ad.xml b/src/chrome/content/rules/Content.ad.xml
index 613b46ddc792..5c4478d360fb 100644
--- a/src/chrome/content/rules/Content.ad.xml
+++ b/src/chrome/content/rules/Content.ad.xml
@@ -17,7 +17,8 @@
 <ruleset name="Content.ad (partial)">
 
 	<target host="content.ad" />
-	<target host="*.content.ad" />
+	<target host="www.content.ad" />
+	<target host="api.content.ad" />
 
 
 	<securecookie host="^(?:api|www)\.content\.ad$" name=".+" />
@@ -26,7 +27,6 @@
 	<rule from="^http://(?:www\.)?content\.ad/"
 		to="https://www.content.ad/" />
 
-	<rule from="^http://api\.content\.ad/"
-		to="https://api.content.ad/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Continent-8-Technologies.xml b/src/chrome/content/rules/Continent-8-Technologies.xml
deleted file mode 100644
index 915279e279a5..000000000000
--- a/src/chrome/content/rules/Continent-8-Technologies.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Continent 8 Technologies (partial)">
-
-	<target host="ecess1.cdn.continent8.com"/>
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Continental.xml b/src/chrome/content/rules/Continental.xml
index e523bbca04d3..89cbf6cca4aa 100644
--- a/src/chrome/content/rules/Continental.xml
+++ b/src/chrome/content/rules/Continental.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.covacations.com/ => https://www.covacations.com/: (6, 'C
 Fetch error: http://covacations.com/ => https://www.covacations.com/: (6, 'Could not resolve host: covacations.com')
 Fetch error: http://checkin.continental.com/ => https://checkin.continental.com/: (7, 'Failed to connect to checkin.continental.com port 80: Connection refused')
 -->
-<ruleset name="Continental" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Continental" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.continental.com" />
   <target host="continental.com" />
   <target host="www.covacations.com" />
diff --git a/src/chrome/content/rules/Contributoria.com.xml b/src/chrome/content/rules/Contributoria.com.xml
index 1cbbbf1c0d32..1efaadfbaec0 100644
--- a/src/chrome/content/rules/Contributoria.com.xml
+++ b/src/chrome/content/rules/Contributoria.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.contributoria.com/ => https://www.contributoria.com/: (5
 		- .contributoria.com
 
 -->
-<ruleset name="Contributoria.com" default_off='failed ruleset test'>
+<ruleset name="Contributoria.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ControlScan.com.xml b/src/chrome/content/rules/ControlScan.com.xml
index 6f4753f2f257..894bfa7aaad2 100644
--- a/src/chrome/content/rules/ControlScan.com.xml
+++ b/src/chrome/content/rules/ControlScan.com.xml
@@ -15,7 +15,10 @@ Fetch error: http://controlscan.com/ => https://controlscan.com/: (51, "SSL: no
 <ruleset name="ControlScan.com">
 
 	<target host="controlscan.com" />
-	<target host="*.controlscan.com" />
+	<target host="www.controlscan.com" />
+	<target host="payments.controlscan.com" />
+	<target host="portal.controlscan.com" />
+	<target host="smartscan.controlscan.com" />
 
 
 	<!--	Not secured by server:
@@ -29,7 +32,6 @@ Fetch error: http://controlscan.com/ => https://controlscan.com/: (51, "SSL: no
 	<rule from="^http://(?:www\.)?controlscan\.com/"
 		to="https://controlscan.com/" />
 
-	<rule from="^http://(payments|portal|smartscan)\.controlscan\.com/"
-		to="https://$1.controlscan.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Controller_Plus.xml b/src/chrome/content/rules/Controller_Plus.xml
index a047d430a9c6..f9c8da0bfe33 100644
--- a/src/chrome/content/rules/Controller_Plus.xml
+++ b/src/chrome/content/rules/Controller_Plus.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Controllerpro.com.xml b/src/chrome/content/rules/Controllerpro.com.xml
deleted file mode 100644
index 4ecf45043066..000000000000
--- a/src/chrome/content/rules/Controllerpro.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Controllerpro">
-
-	<target host="controllerpro.com" />
-	<target host="www.controllerpro.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Convar.xml b/src/chrome/content/rules/Convar.xml
index ec1972dec38b..d97abb6994fa 100644
--- a/src/chrome/content/rules/Convar.xml
+++ b/src/chrome/content/rules/Convar.xml
@@ -6,7 +6,7 @@ Fetch error: http://tuvdotcom.com/ => https://www.tuvdotcom.com/: (7, 'Failed to
 Fetch error: http://www.tuvdotcom.com/ => https://www.tuvdotcom.com/: (7, 'Failed to connect to www.tuvdotcom.com port 443: Connection refused')
 
 -->
-<ruleset name="CONVAR (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CONVAR (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="convar.com"/>
 	<target host="*.convar.com"/>
diff --git a/src/chrome/content/rules/Conversejs.org.xml b/src/chrome/content/rules/Conversejs.org.xml
index 3bd5d178a3da..0764531c19fc 100644
--- a/src/chrome/content/rules/Conversejs.org.xml
+++ b/src/chrome/content/rules/Conversejs.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.conversejs.org/ => https://www.conversejs.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.conversejs.org'")
 
 -->
-<ruleset name="Conversejs.org" default_off='failed ruleset test'>
+<ruleset name="Conversejs.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Convert-JPG-to-PDF.net.xml b/src/chrome/content/rules/Convert-JPG-to-PDF.net.xml
new file mode 100644
index 000000000000..5bc3e77fc139
--- /dev/null
+++ b/src/chrome/content/rules/Convert-JPG-to-PDF.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Convert-JPG-to-PDF.net">
+
+	<target host="convert-jpg-to-pdf.net" />
+	<target host="www.convert-jpg-to-pdf.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Convio.xml b/src/chrome/content/rules/Convio.xml
index 47539495879f..707651fe689b 100644
--- a/src/chrome/content/rules/Convio.xml
+++ b/src/chrome/content/rules/Convio.xml
@@ -16,18 +16,18 @@ Fetch error: http://secure.commonground.convio.com/ => https://secure.commongrou
 	Nonfunctional hosts in *convio.net:
 
 		- service *
-		
+
 	* 503
 
 
 	Problematic domains:
 
 		- resources.convio.com *
-		
+
 	* Redirects to www.blackbaud.com; mismatched, CN: *.marketo.com
 
 -->
-<ruleset name="Convio" default_off='failed ruleset test'>
+<ruleset name="Convio" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cookie_Reports.com.xml b/src/chrome/content/rules/Cookie_Reports.com.xml
index 1200a076a4ae..e644d1ef41d9 100644
--- a/src/chrome/content/rules/Cookie_Reports.com.xml
+++ b/src/chrome/content/rules/Cookie_Reports.com.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cooking_Schools.com.xml b/src/chrome/content/rules/Cooking_Schools.com.xml
deleted file mode 100644
index 35ffb00c1e6c..000000000000
--- a/src/chrome/content/rules/Cooking_Schools.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Monster coverage, see Monster.xml.
-
-	
-	(www.)?cookingschools.com: Plaintext reply
-
--->
-<ruleset name="Cooking Schools.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="edu.cookingschools.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CoolBackgrounds.io.xml b/src/chrome/content/rules/CoolBackgrounds.io.xml
new file mode 100644
index 000000000000..ba03232b39bb
--- /dev/null
+++ b/src/chrome/content/rules/CoolBackgrounds.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="CoolBackgrounds.io">
+	<target host="coolbackgrounds.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CoolCart.Net.xml b/src/chrome/content/rules/CoolCart.Net.xml
deleted file mode 100644
index 466b33b472e8..000000000000
--- a/src/chrome/content/rules/CoolCart.Net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="CoolCart.Net">
-	<target host="coolcart.net" />
-	<target host="www.coolcart.net" />
-
-	<!-- As of June 2, 2013, setting secure cookies for all
-	cookies under the www.coolcart.net domain (by setting
-	the securecookie name param to ".+") causes problems
-	with tracking shopping cart contents. -->
-	<securecookie host="^www\.coolcart\.net$"
-			name="^ASP\.NET_SessionId$" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/CoolMiniOrNot.com.xml b/src/chrome/content/rules/CoolMiniOrNot.com.xml
deleted file mode 100644
index f3e944268942..000000000000
--- a/src/chrome/content/rules/CoolMiniOrNot.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images on www from www *
-
-		- Ads on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="CoolMiniOrNot.com">
-
-	<target host="coolminiornot.com" />
-	<target host="www.coolminiornot.com" />
-
-
-	<securecookie host="^(?:www)?\.coolminiornot\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CoolWebScripts.com.xml b/src/chrome/content/rules/CoolWebScripts.com.xml
index 28309b31eebb..7ee3292baa68 100644
--- a/src/chrome/content/rules/CoolWebScripts.com.xml
+++ b/src/chrome/content/rules/CoolWebScripts.com.xml
@@ -18,7 +18,7 @@
 					-->
 	<!--securecookie host="^(?:www\.)?coolwebscripts\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:www\.)?coolwebscripts\.com$" name="" />
+	<securecookie host="^(?:www\.)?coolwebscripts\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Cool_Destinations.net.xml b/src/chrome/content/rules/Cool_Destinations.net.xml
index fd9f0c3e85ff..ef016727fb2f 100644
--- a/src/chrome/content/rules/Cool_Destinations.net.xml
+++ b/src/chrome/content/rules/Cool_Destinations.net.xml
@@ -13,7 +13,7 @@ Fetch error: http://cdn.cooldestinations.net/ => https://cdn.cooldestinations.ne
 		- www.cooldestinations.net
 
 -->
-<ruleset name="Cool Destinations.net" default_off='failed ruleset test'>
+<ruleset name="Cool Destinations.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cool_Key_West.xml b/src/chrome/content/rules/Cool_Key_West.xml
index 1a082da4c973..31add8a19df2 100644
--- a/src/chrome/content/rules/Cool_Key_West.xml
+++ b/src/chrome/content/rules/Cool_Key_West.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cooliris.com.xml b/src/chrome/content/rules/Cooliris.com.xml
deleted file mode 100644
index a1e3d7817c95..000000000000
--- a/src/chrome/content/rules/Cooliris.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid certificate:
-		blog.cooliris.com
-
--->
-<ruleset name="Cooliris">
-
-	<target host="cooliris.com" />
-	<target host="www.cooliris.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cooperating-Objects.eu.xml b/src/chrome/content/rules/Cooperating-Objects.eu.xml
deleted file mode 100644
index 3e3a2911eeda..000000000000
--- a/src/chrome/content/rules/Cooperating-Objects.eu.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	^cooperating-objects.eu shows a parking page.
-
--->
-<ruleset name="Cooperating-Objects.eu">
-
-	<target host="www.cooperating-objects.eu" />
-
-
-	<securecookie host="^www\.cooperating-objects\.eu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cope-IT.xml b/src/chrome/content/rules/Cope-IT.xml
index 6c7ce7729dbe..d07061291e2d 100644
--- a/src/chrome/content/rules/Cope-IT.xml
+++ b/src/chrome/content/rules/Cope-IT.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Copenhagenmarathon.dk-falsemixed.xml b/src/chrome/content/rules/Copenhagenmarathon.dk-falsemixed.xml
deleted file mode 100644
index 3816feeba659..000000000000
--- a/src/chrome/content/rules/Copenhagenmarathon.dk-falsemixed.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	See also Copenhagenmarathon.dk.xml
-
--->
-<ruleset name="Copenhagenmarathon.dk" platform="mixedcontent">
-
-	<target host="map.copenhagenmarathon.dk" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Copenhagenmarathon.dk.xml b/src/chrome/content/rules/Copenhagenmarathon.dk.xml
index eee37b22fabb..a45b73f0bebc 100644
--- a/src/chrome/content/rules/Copenhagenmarathon.dk.xml
+++ b/src/chrome/content/rules/Copenhagenmarathon.dk.xml
@@ -1,12 +1,10 @@
-<!--
-	Mixed content from $self (secured in Copenhagenmarathon.dk-falsemixed.xml):
-		map.copenhagenmaraton.dk
-
--->
 <ruleset name="Copenhagenmarathon.dk">
 
 	<target host="copenhagenmarathon.dk" />
 	<target host="www.copenhagenmarathon.dk" />
+	<target host="2018.copenhagenmarathon.dk" />
+	<target host="map.copenhagenmarathon.dk" />
+	<target host="resultater.copenhagenmarathon.dk" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Copernic.com.xml b/src/chrome/content/rules/Copernic.com.xml
index 89e7f28608a7..7e426aa14906 100644
--- a/src/chrome/content/rules/Copernic.com.xml
+++ b/src/chrome/content/rules/Copernic.com.xml
@@ -27,7 +27,10 @@
 <ruleset name="Copernic.com (partial)">
 
 	<target host="copernic.com" />
-	<target host="*.copernic.com" />
+	<target host="www.copernic.com" />
+	<target host="go.copernic.com" />
+	<target host="images.copernic.com" />
+	<target host="mail.copernic.com" />
 
 
 	<securecookie host="^(?:go|www)\.copernic\.com$" name=".+" />
@@ -36,8 +39,6 @@
 	<rule from="^http://(?:www\.)?copernic\.com/"
 		to="https://www.copernic.com/" />
 
-	<rule from="^http://go\.copernic\.com/"
-		to="https://go.copernic.com/" />
 
 	<rule from="^http://images\.copernic\.com/"
 		to="https://www.copernic.com/images/" />
@@ -45,4 +46,5 @@
 	<rule from="^http://mail\.copernic\.com/"
 		to="https://webmail.harriscomputer.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Copernico.net.xml b/src/chrome/content/rules/Copernico.net.xml
index e7f1b6ebe200..395ce6a7a067 100644
--- a/src/chrome/content/rules/Copernico.net.xml
+++ b/src/chrome/content/rules/Copernico.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://pims.copernico.net/ => https://pims.copernico.net/: (6, 'Could not resolve host: pims.copernico.net')
 
 -->
-<ruleset name="Copernico.net" default_off='failed ruleset test'>
+<ruleset name="Copernico.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Copiny.xml b/src/chrome/content/rules/Copiny.xml
index 9aa2b7103ed3..3f1d7df9f745 100644
--- a/src/chrome/content/rules/Copiny.xml
+++ b/src/chrome/content/rules/Copiny.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Copy.com.xml b/src/chrome/content/rules/Copy.com.xml
index 76b1bc48073e..43979a3ae630 100644
--- a/src/chrome/content/rules/Copy.com.xml
+++ b/src/chrome/content/rules/Copy.com.xml
@@ -20,16 +20,18 @@
 <ruleset name="Copy.com (partial)">
 
 	<target host="copy.com" />
-	<target host="*.copy.com" />
+	<target host="apiweb.copy.com" />
+	<target host="next.copy.com" />
+	<target host="www.copy.com" />
+	<target host="support.copy.com" />
 
 
 	<securecookie host="^(?:next|www)?\.copy\.com$" name=".+" />
 
 
-	<rule from="^http://((?:apiweb|next|www)\.)?copy\.com/"
-		to="https://$1copy.com/" />
 
 	<rule from="^http://support\.copy\.com/"
 		to="https://copy.zendesk.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Copyright_Clearance_Center.xml b/src/chrome/content/rules/Copyright_Clearance_Center.xml
index 382a7f9e15e1..588e59caafdf 100644
--- a/src/chrome/content/rules/Copyright_Clearance_Center.xml
+++ b/src/chrome/content/rules/Copyright_Clearance_Center.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corbin_Fisher.xml b/src/chrome/content/rules/Corbin_Fisher.xml
index 5911f84cb2f5..f21e745f310c 100644
--- a/src/chrome/content/rules/Corbin_Fisher.xml
+++ b/src/chrome/content/rules/Corbin_Fisher.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CoreCode.xml b/src/chrome/content/rules/CoreCode.xml
index 72ec0d6abe6b..b9cfe97064dd 100644
--- a/src/chrome/content/rules/CoreCode.xml
+++ b/src/chrome/content/rules/CoreCode.xml
@@ -2,13 +2,13 @@
 
 	<!--	Cert:  *.netstorage.at	-->
 	<target host="corecode.at" />
-	<target host="*.corecode.at" />
+	<target host="www.corecode.at" />
+	<target host="corebreach.corecode.at" />
 
 
 	<rule from="^http://(?:www\.)?corecode\.at/"
 		to="https://corecode.at/" />
 
-	<rule from="^http://corebreach\.corecode\.at/"
-		to="https://corebreach.corecode.at/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CoreCommerce.xml b/src/chrome/content/rules/CoreCommerce.xml
index 0becbc131818..40f5fa3f5b77 100644
--- a/src/chrome/content/rules/CoreCommerce.xml
+++ b/src/chrome/content/rules/CoreCommerce.xml
@@ -8,13 +8,14 @@
 <ruleset name="CoreCommerce">
 
 	<target host="corecommerce.com" />
-	<target host="*.corecommerce.com" />
+	<target host="www.corecommerce.com" />
+	<target host="www15.corecommerce.com" />
+	<target host="www16.corecommerce.com" />
 
 
 	<securecookie host="^(?:www\.)?corecommerce\.com$" name=".+" />
 
 
-	<rule from="^http://(www(?:1[56])?\.)?corecommerce\.com/"
-		to="https://$1corecommerce.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/CoreInfrastructure.org.xml b/src/chrome/content/rules/CoreInfrastructure.org.xml
new file mode 100644
index 000000000000..36a8767b3ec6
--- /dev/null
+++ b/src/chrome/content/rules/CoreInfrastructure.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Unable to get local issuer certificate:
+		applications.coreinfrastructure.org
+-->
+<ruleset name="CoreInfrastructure.org">
+
+	<target host="coreinfrastructure.org" />
+	<target host="www.coreinfrastructure.org" />
+	<target host="bestpractices.coreinfrastructure.org" />
+	<target host="master.bestpractices.coreinfrastructure.org" />
+	<target host="staging.bestpractices.coreinfrastructure.org" />
+	<target host="devstats.coreinfrastructure.org" />
+	<target host="lists.coreinfrastructure.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CoreMetrics.xml b/src/chrome/content/rules/CoreMetrics.xml
index c3179015102c..3edf724d4b38 100644
--- a/src/chrome/content/rules/CoreMetrics.xml
+++ b/src/chrome/content/rules/CoreMetrics.xml
@@ -26,7 +26,7 @@ Fetch error: http://stats.surfaid.ihost.com/ => https://stats.surfaid.ihost.com/
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="CoreMetrics (partial)" default_off='failed ruleset test'>
+<ruleset name="CoreMetrics (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CoreMotives.com.xml b/src/chrome/content/rules/CoreMotives.com.xml
deleted file mode 100644
index 542a88fdcc02..000000000000
--- a/src/chrome/content/rules/CoreMotives.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Ads.
-
-	For other Silverpop coverage, see Silverpop.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(shows www.silverpop.com; mismatched, CN: www.silverpop.com)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(.+ isn't identical to redirect target, doesn't redirect)
-
-
-	Fully covered subdomains:
-
-		- databroker
-
--->
-<ruleset name="CoreMotives.com">
-
-	<target host="coremotives.com" />
-	<target host="*.coremotives.com" />
-
-
-	<rule from="^http://(?:www\.)?coremotives\.com/$"
-		to="https://www.silverpop.com/marketing-products/coremotives/" />
-
-	<rule from="^http://databroker\.coremotives\.com/"
-		to="https://databroker.coremotives.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CoreSite.com.xml b/src/chrome/content/rules/CoreSite.com.xml
deleted file mode 100644
index f6ab1e6f0af2..000000000000
--- a/src/chrome/content/rules/CoreSite.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="CoreSite.com (partial)">
-
-	<target host="mycoresite.coresite.com" />
-
-
-	<securecookie host="^mycoresite\.coresite\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Coreboot.xml b/src/chrome/content/rules/Coreboot.xml
index 80f01d3fadcc..afce2a2dde23 100644
--- a/src/chrome/content/rules/Coreboot.xml
+++ b/src/chrome/content/rules/Coreboot.xml
@@ -1,41 +1,32 @@
 <!--
-	Problematic hosts in *coreboot.org:
-
-		- ^ *
-		- patchwork *
-
-	* Mismatched
-
-
-	Mixed content:
-
-		- Images on blogs from $self *
-
-	* Secured by us
+	Invalid certificate:
+		- lava.coreboot.org
 
+	Refused:
+		- testlab.coreboot.org
+		- tracker.coreboot.org
 -->
-<ruleset name="coreboot.org (partial)">
+<ruleset name="coreboot.org">
 
-	<!--	Direct rewrites:
-				-->
+	<target host="coreboot.org" />
+	<target host="www.coreboot.org" />
+	<target host="acc2017.coreboot.org" />
+	<target host="blog.coreboot.org" />
 	<target host="blogs.coreboot.org" />
+	<target host="chat.coreboot.org" />
+	<target host="code.coreboot.org" />
+	<target host="doc.coreboot.org" />
+	<target host="ecc2017.coreboot.org" />
+	<target host="git.coreboot.org" />
+	<target host="mail.coreboot.org" />
+	<target host="patchwork.coreboot.org" />
+	<target host="photos.coreboot.org" />
 	<target host="qa.coreboot.org" />
 	<target host="review.coreboot.org" />
-	<target host="tracker.coreboot.org" />
-	<target host="www.coreboot.org" />
-
-	<!--	Complications:
-				-->
-	<target host="coreboot.org" />
-
+	<target host="ticket.coreboot.org" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://coreboot\.org/"
-		to="https://www.coreboot.org/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Coreix.xml b/src/chrome/content/rules/Coreix.xml
index f7d7af70d2fd..2df0e91edd40 100644
--- a/src/chrome/content/rules/Coreix.xml
+++ b/src/chrome/content/rules/Coreix.xml
@@ -22,4 +22,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cornell.xml b/src/chrome/content/rules/Cornell.xml
index ee57ea650572..4d17fe651371 100644
--- a/src/chrome/content/rules/Cornell.xml
+++ b/src/chrome/content/rules/Cornell.xml
@@ -158,7 +158,7 @@ Fetch error: http://news.cornell.edu/ => https://www.news.cornell.edu/: Too many
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cornell.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Cornell.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Corpimages.de.xml b/src/chrome/content/rules/Corpimages.de.xml
index 8f03f16f6afc..9d4c670a1ec0 100644
--- a/src/chrome/content/rules/Corpimages.de.xml
+++ b/src/chrome/content/rules/Corpimages.de.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Corporate-ir.net.xml b/src/chrome/content/rules/Corporate-ir.net.xml
index 951e936fff18..d1778d886691 100644
--- a/src/chrome/content/rules/Corporate-ir.net.xml
+++ b/src/chrome/content/rules/Corporate-ir.net.xml
@@ -32,7 +32,9 @@
 -->
 <ruleset name="corporate-ir.net (partial)">
 
-	<target host="*.corporate-ir.net" />
+	<target host="phx.corporate-ir.net" />
+	<target host="origin-phoenix.corporate-ir.net" />
+	<target host="origin-www.corporate-ir.net" />
 		<!--
 			Avoid any user-visible paths:
 							-->
diff --git a/src/chrome/content/rules/Corporate_Card_Application.com.xml b/src/chrome/content/rules/Corporate_Card_Application.com.xml
deleted file mode 100644
index 236f65cdf28c..000000000000
--- a/src/chrome/content/rules/Corporate_Card_Application.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other American Express coverage, see AmericanExpress.xml.
-
-
-	^: cert only matches www
-
--->
-<ruleset name="Corporate Card Application.com">
-
-	<target host="corporatecardapplication.com" />
-	<target host="www.corporatecardapplication.com" />
-
-
-	<rule from="^http://(?:www\.)?corporatecardapplication\.com/"
-		to="https://www.corporatecardapplication.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Corporation_Service_Company.xml b/src/chrome/content/rules/Corporation_Service_Company.xml
index 6c5cd4023dbb..c64945c6c077 100644
--- a/src/chrome/content/rules/Corporation_Service_Company.xml
+++ b/src/chrome/content/rules/Corporation_Service_Company.xml
@@ -1,7 +1,10 @@
 <!--
+The following targets have been disabled at 2020-10-14 21:27:05:
+
+Fetch error: http://bl.cscglobal.com/ => https://bl.cscglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
 	Other Corporation Service Company rulesets:
 
-		- CSCtrustedsecure.com.xml
 
 
 	Problematic domains:
@@ -16,6 +19,10 @@
 	<target host="www.corporatedomains.com" />
 	<target host="cscglobal.com" />
 	<target host="*.cscglobal.com" />
+    <test url="http://api.cscglobal.com/" />
+    <test url="http://sales.cscglobal.com/" />
+    <test url="http://my.cscglobal.com/" />
+
 	<target host="cscprotectsbrands.com" />
 	<target host="www.cscprotectsbrands.com" />
 
@@ -26,10 +33,10 @@
 	<rule from="^http://(?:www\.)?corporatedomains\.com/[^\?]*(\?.*)?"
 		to="https://www.cscglobal.com/global/web/csc/corporate-identity-protection.html$1" />
 
-	<rule from="^http://(my\.|www\.)?cscglobal\.com/"
-		to="https://$1cscglobal.com/" />
 
 	<rule from="^http://(?:www\.)?cscprotectsbrands\.com/.*"
 		to="https://www.cscglobal.com/global/web/csc/domains-and-trademarks.html" />
 
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Correctiv-Upload.org.xml b/src/chrome/content/rules/Correctiv-Upload.org.xml
index da94c92829df..03a894db50c3 100644
--- a/src/chrome/content/rules/Correctiv-Upload.org.xml
+++ b/src/chrome/content/rules/Correctiv-Upload.org.xml
@@ -1,7 +1,4 @@
 <!--
-	For other Correctiv coverage, see Correctiv.org.xml.
-
-
 	Insecure cookies are set for these hosts:
 
 		- correctiv-upload.org
diff --git a/src/chrome/content/rules/Correctiv.org.xml b/src/chrome/content/rules/Correctiv.org.xml
deleted file mode 100644
index c37dc6313263..000000000000
--- a/src/chrome/content/rules/Correctiv.org.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-	Other Correctiv rulesets:
-
-		- Correctiv-Upload.org.xml
-
-
-	Problematic hosts in *correctiv.org:
-
-		- www.crowdfunding *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- correctiv.org
-		- .correctiv.org
-
--->
-<ruleset name="Correctiv.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="correctiv.org" />
-	<target host="crowdfunding.correctiv.org" />
-	<target host="mh17.correctiv.org" />
-	<target host="spenden.correctiv.org" />
-	<target host="tracking.correctiv.org" />
-	<target host="www.correctiv.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.crowdfunding.correctiv.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^correctiv\.org$" name="^(?:csrftoken|sessionid)$" /-->
-	<!--securecookie host="^\.correctiv\.org$" name="^(?:PHPSESSID|cfce|lang)$" /-->
-
-	<securecookie host="^\.?correctiv\.org$" name=".+" />
-
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://www\.crowdfunding\.correctiv\.org/+"
-		to="https://correctiv.org/" />
-
-		<test url="http://www.crowdfunding.correctiv.org//" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Corrent.org.xml b/src/chrome/content/rules/Corrent.org.xml
index 9a640098c8e7..e078b9facecf 100644
--- a/src/chrome/content/rules/Corrent.org.xml
+++ b/src/chrome/content/rules/Corrent.org.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.corrent.org/ => https://www.corrent.org/: (28, 'Connecti
 		- .corrent.org
 
 -->
-<ruleset name="Corrent.org" default_off='failed ruleset test'>
+<ruleset name="Corrent.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cosmo.org.xml b/src/chrome/content/rules/Cosmo.org.xml
index 274a2551380b..ab4d0d487216 100644
--- a/src/chrome/content/rules/Cosmo.org.xml
+++ b/src/chrome/content/rules/Cosmo.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.cosmo.org/ => https://www.cosmo.org/: (60, 'SSL certific
 		- ^	(works, cert only matches www)
 
 -->
-<ruleset name="Cosmo.org" default_off='failed ruleset test'>
+<ruleset name="Cosmo.org" default_off="failed ruleset test">
 
 	<target host="cosmo.org" />
 	<target host="www.cosmo.org" />
@@ -24,4 +24,4 @@ Fetch error: http://www.cosmo.org/ => https://www.cosmo.org/: (60, 'SSL certific
 	<rule from="^http://(?:www\.)?cosmo\.org/"
 		to="https://www.cosmo.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cosmopolitan.xml b/src/chrome/content/rules/Cosmopolitan.xml
index 3c66203d070f..fb64f6707ce8 100644
--- a/src/chrome/content/rules/Cosmopolitan.xml
+++ b/src/chrome/content/rules/Cosmopolitan.xml
@@ -2,7 +2,6 @@
 	Other Hearst Corporation rulesets:
 
 		- Delish.xml
-		- Hearst-Corporation.xml
 
 
 	Nonfunctional hosts in *cosmopolitan.com:
diff --git a/src/chrome/content/rules/Cotera.xml b/src/chrome/content/rules/Cotera.xml
index fb74dec417e4..21fb235ee147 100644
--- a/src/chrome/content/rules/Cotera.xml
+++ b/src/chrome/content/rules/Cotera.xml
@@ -1,7 +1,10 @@
 <ruleset name="Cotera (partial)">
 
 	<target host="cortera.com" />
-	<target host="*.cortera.com" />
+	<target host="www.cortera.com" />
+	<target host="blog.cortera.com" />
+	<target host="dev-blog.cortera.com" />
+	<target host="start.cortera.com" />
 
 
 	<rule from="^http://(www\.)?cortera\.com/(css|img|video|wordpress)/"
diff --git a/src/chrome/content/rules/Cottages.com.xml b/src/chrome/content/rules/Cottages.com.xml
index b0809cfeda95..bae0c529d146 100644
--- a/src/chrome/content/rules/Cottages.com.xml
+++ b/src/chrome/content/rules/Cottages.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
diff --git a/src/chrome/content/rules/Cottages4you.co.uk.xml b/src/chrome/content/rules/Cottages4you.co.uk.xml
index 51fa3873c698..b5f00cfd73e5 100644
--- a/src/chrome/content/rules/Cottages4you.co.uk.xml
+++ b/src/chrome/content/rules/Cottages4you.co.uk.xml
@@ -1,17 +1,17 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
 		- cottages4you.co.uk
+    - blog.cottages4you.co.uk
+
+  Host Redirects to cottages.com
 -->
 <ruleset name="Cottages4you.co.uk (partial)">
-	<target host="cottages4you.co.uk" />
 	<target host="www.cottages4you.co.uk" />
-	<target host="blog.cottages4you.co.uk" />
 
-	<rule from="^http://cottages4you\.co\.uk/"
-			to="https://www.cottages4you.co.uk/" />
+	<rule from="^http://www\.cottages4you\.co\.uk/"
+			to="https://www.cottages.com/" />
 
-	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cottagesdirect.co.uk.xml b/src/chrome/content/rules/Cottagesdirect.co.uk.xml
index 3e29dac8e59e..24bc6909e1d9 100644
--- a/src/chrome/content/rules/Cottagesdirect.co.uk.xml
+++ b/src/chrome/content/rules/Cottagesdirect.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/CouchPota.to.xml b/src/chrome/content/rules/CouchPota.to.xml
index 35e5bc9b0a4a..e5c8cf3dbf08 100644
--- a/src/chrome/content/rules/CouchPota.to.xml
+++ b/src/chrome/content/rules/CouchPota.to.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.couchpota.to/ => https://www.couchpota.to/: (51, "SSL: n
 	* Secured by us
 
 -->
-<ruleset name="CouchPota.to" default_off='failed ruleset test'>
+<ruleset name="CouchPota.to" default_off="failed ruleset test">
 
 	<target host="couchpota.to" />
 	<target host="www.couchpota.to" />
diff --git a/src/chrome/content/rules/Couchbase.xml b/src/chrome/content/rules/Couchbase.xml
index 66776a839d09..fbcc385725c6 100644
--- a/src/chrome/content/rules/Couchbase.xml
+++ b/src/chrome/content/rules/Couchbase.xml
@@ -39,6 +39,6 @@ Fetch error: http://couchbase.com/ => https://couchbase.com/: Cycle detected - U
 		to="https://na-a.marketo.com/" />
 
 	<rule from="^http://packages\.couchbase\.com/"
-		to="https://s3.amazonaws.com/packages.couchbase.com/" />
+		to="https://packages.couchbase.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Council_of_Europe.xml b/src/chrome/content/rules/Council_of_Europe.xml
index 80b4ea4db823..1925a6d5dccd 100644
--- a/src/chrome/content/rules/Council_of_Europe.xml
+++ b/src/chrome/content/rules/Council_of_Europe.xml
@@ -25,7 +25,9 @@
 <ruleset name="Council of Europe (partial)">
 
 	<target host="coe.int" />
-	<target host="*.coe.int" />
+	<target host="www.coe.int" />
+	<target host="hub.coe.int" />
+	<target host="piwik.coe.int" />
 
 
 	<securecookie host="^(?:hub|piwik|www)\.coe\.int$" name=".+" />
@@ -34,7 +36,6 @@
 	<rule from="^http://(?:www\.)?coe\.int/"
 		to="https://www.coe.int/" />
 
-	<rule from="^http://(hub|piwik)\.coe\.int/"
-		to="https://$1.coe.int/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Council_on_Foreign_Relations.xml b/src/chrome/content/rules/Council_on_Foreign_Relations.xml
index e28eaae928e5..bc7454323557 100644
--- a/src/chrome/content/rules/Council_on_Foreign_Relations.xml
+++ b/src/chrome/content/rules/Council_on_Foreign_Relations.xml
@@ -28,7 +28,10 @@
 <ruleset name="Council on Foreign Relations (partial)">
 
 	<target host="cfr.org" />
-	<target host="*.cfr.org" />
+	<target host="www.cfr.org" />
+	<target host="i.cfr.org" />
+	<target host="blogs.cfr.org" />
+	<target host="secure.www.cfr.org" />
 		<exclusion pattern="^http://(?:www\.)?cfr\.org/(?!content/.+\.(?:gif|jpg|png)$|css/|i/|login\.html)" />
 
 
diff --git a/src/chrome/content/rules/CouncilofAustralianGovernments.xml b/src/chrome/content/rules/CouncilofAustralianGovernments.xml
index 750fab14394f..a4c1144b7caf 100644
--- a/src/chrome/content/rules/CouncilofAustralianGovernments.xml
+++ b/src/chrome/content/rules/CouncilofAustralianGovernments.xml
@@ -1,7 +1,7 @@
 <ruleset name="Council of Australian Governments">
 	<target host="coag.gov.au" />
-	<target host="*.coag.gov.au" />
+	<target host="www.coag.gov.au" />
 
 	<rule from="^http://(?:www\.)?coag\.gov\.au/"
 		to="https://www.coag.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Countdown.co.nz.xml b/src/chrome/content/rules/Countdown.co.nz.xml
index c4d2fb330993..31a329b7ce2c 100644
--- a/src/chrome/content/rules/Countdown.co.nz.xml
+++ b/src/chrome/content/rules/Countdown.co.nz.xml
@@ -3,7 +3,7 @@
 
 
 	Nonfunctional subdomains:
-	
+
 		- catalogues	(mismatch hostname, CN: *..dynamiccatalogue.com.au)
 		- now		(SSL handshake failed)
 		- shopmail	(expired cert)
diff --git a/src/chrome/content/rules/CounterMail.com.xml b/src/chrome/content/rules/CounterMail.com.xml
new file mode 100644
index 000000000000..b40a664b8137
--- /dev/null
+++ b/src/chrome/content/rules/CounterMail.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="CounterMail.com">
+	<target host="countermail.com" />
+	<target host="www.countermail.com" />
+	<target host="db2.countermail.com" />
+	<target host="imap2.countermail.com" />
+	<target host="login1.countermail.com" />
+	<target host="support2.countermail.com" />
+	<target host="w.countermail.com" />
+	<target host="webmail.countermail.com" />
+	<target host="ww.countermail.com" />
+	<target host="wwww.countermail.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Countquest.se.xml b/src/chrome/content/rules/Countquest.se.xml
index 30e66b8a4a5f..7be6ba78917c 100644
--- a/src/chrome/content/rules/Countquest.se.xml
+++ b/src/chrome/content/rules/Countquest.se.xml
@@ -3,7 +3,7 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://sdc.countquest.se/ => https://sdc.countquest.se/: (28, 'Connection timed out after 20006 milliseconds')
  Another tracking firm -->
-<ruleset name="Countquest.se" default_off='failed ruleset test'>
+<ruleset name="Countquest.se" default_off="failed ruleset test">
 	<target host="sdc.countquest.se" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/County_Star.xml b/src/chrome/content/rules/County_Star.xml
deleted file mode 100644
index a734d24fa437..000000000000
--- a/src/chrome/content/rules/County_Star.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other News-Gazette coverage, see News-Gazette.xml
-
-
-	- !www: mismatched, CN: digital.news-gazette.com
-	- Some pages redirect to http
-
--->
-<ruleset name="The County Star (partial)">
-
-	<target host="county-star.com" />
-	<target host="www.county-star.com" />
-
-
-	<rule from="^http://(?:www\.)?county-star\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.county-star.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Couponese.com.xml b/src/chrome/content/rules/Couponese.com.xml
index d5cb296d33d5..cb87e6c4ec16 100644
--- a/src/chrome/content/rules/Couponese.com.xml
+++ b/src/chrome/content/rules/Couponese.com.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Coupons-Inc.xml b/src/chrome/content/rules/Coupons-Inc.xml
index 25e7f9532fae..a05c9688212c 100644
--- a/src/chrome/content/rules/Coupons-Inc.xml
+++ b/src/chrome/content/rules/Coupons-Inc.xml
@@ -1,19 +1,15 @@
 <ruleset name="Coupons, Inc (partial)">
 
+	<!-- *.coupons.com -->
 	<target host="coupons.com"/>
-	<target host="*.coupons.com"/>
-	<target host="cdn.cpnscdn.com"/>
-
-	<rule from="^http://coupouns\.com/"
-		to="https://www.coupouns.com/"/>
+	<target host="www.coupons.com"/>
+	<target host="brandcaster.coupons.com"/>
+	<target host="insight.coupons.com" />
+		<test url="http://insight.coupons.com/COS20/PrintEngine.asmx" />
 
-	<rule from="^http://www\.coupons\.com/couponweb/"
-		to="https://www.coupons.com/couponweb/"/>
-
-	<rule from="^http://(access|brandcaster|downloads1|insight)\.coupons\.com/"
-		to="https://$1.coupons.com/"/>
+	<!-- *.cpnscdn.com -->
+	<target host="cdn.cpnscdn.com"/>
 
-	<rule from="^http://cdn\.cpnscdn\.com/"
-		to="https://cdn.cpnscdn.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Courier-Post.xml b/src/chrome/content/rules/Courier-Post.xml
index fb2875172a51..4a085493f9f6 100644
--- a/src/chrome/content/rules/Courier-Post.xml
+++ b/src/chrome/content/rules/Courier-Post.xml
@@ -47,7 +47,7 @@ Fetch error: http://localsearch.courierpostonline.com/sf_frameworks/gdev/css/scr
 	* Secured by us
 
 -->
-<ruleset name="Courier Post Online.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Courier Post Online.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cours_Crypto.org.xml b/src/chrome/content/rules/Cours_Crypto.org.xml
index 9ed07c19cbdf..cfcf8215267e 100644
--- a/src/chrome/content/rules/Cours_Crypto.org.xml
+++ b/src/chrome/content/rules/Cours_Crypto.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://courscrypto.org/ => https://courscrypto.org/: (60, 'SSL cert
 Fetch error: http://www.courscrypto.org/ => https://www.courscrypto.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Cours Crypto.org" default_off='failed ruleset test'>
+<ruleset name="Cours Crypto.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CourseFinder.io.xml b/src/chrome/content/rules/CourseFinder.io.xml
index dfa44caa880b..73818d0c6845 100644
--- a/src/chrome/content/rules/CourseFinder.io.xml
+++ b/src/chrome/content/rules/CourseFinder.io.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.coursefinder.io/ => https://www.coursefinder.io/: (6, 'C
 	ˢ Secured by us
 
 -->
-<ruleset name="CourseFinder.io" default_off='failed ruleset test'>
+<ruleset name="CourseFinder.io" default_off="failed ruleset test">
 
 	<target host="coursefinder.io" />
 	<target host="www.coursefinder.io" />
diff --git a/src/chrome/content/rules/Covad.com.xml b/src/chrome/content/rules/Covad.com.xml
index 11faeacde63a..9053946bfa45 100644
--- a/src/chrome/content/rules/Covad.com.xml
+++ b/src/chrome/content/rules/Covad.com.xml
@@ -34,7 +34,7 @@ Fetch error: http://my.covad.com/ => https://my.covad.com/: (60, 'SSL certificat
 	² Not secured by us <= expired & self-signed
 
 -->
-<ruleset name="Covad.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Covad.com (partial)" default_off="failed ruleset test">
 
 	<target host="dashboard.covad.com" />
 	<target host="my.covad.com" />
diff --git a/src/chrome/content/rules/CoverStand.com.xml b/src/chrome/content/rules/CoverStand.com.xml
index 7e552e4c9a22..5ab70369f499 100644
--- a/src/chrome/content/rules/CoverStand.com.xml
+++ b/src/chrome/content/rules/CoverStand.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://coverstand.com/ => https://coverstand.com/: (7, 'Failed to c
 Fetch error: http://www.coverstand.com/ => https://www.coverstand.com/: (7, 'Failed to connect to www.coverstand.com port 443: Connection refused')
 
 -->
-<ruleset name="CoverStand.com" default_off='failed ruleset test'>
+<ruleset name="CoverStand.com" default_off="failed ruleset test">
 
 	<target host="coverstand.com" />
 	<target host="cdn.coverstand.com" />
diff --git a/src/chrome/content/rules/Coverity.com.xml b/src/chrome/content/rules/Coverity.com.xml
index c52d78bc46cf..2fb039ddaa39 100644
--- a/src/chrome/content/rules/Coverity.com.xml
+++ b/src/chrome/content/rules/Coverity.com.xml
@@ -54,7 +54,7 @@ Fetch error: http://trial.coverity.com/ => https://trial.coverity.com/: (28, 'Co
 	* Secured by us
 
 -->
-<ruleset name="Coverity.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Coverity.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Covisint.xml b/src/chrome/content/rules/Covisint.xml
index 4f236da90109..c95a687bfc37 100644
--- a/src/chrome/content/rules/Covisint.xml
+++ b/src/chrome/content/rules/Covisint.xml
@@ -7,17 +7,18 @@ Non-2xx HTTP code: http://covisint.com/ (200) => https://covisint.com/ (500)
 <ruleset name="Covisint">
 
 	<target host="covisint.com" />
-	<target host="*.covisint.com" />
+	<target host="portal.covisint.com" />
+	<target host="www.covisint.com" />
+	<target host="support.covisint.com" />
 
 
-	<securecookie host="^(?:.*\.)?covisint\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(portal\.|www\.)?covisint\.com/"
-		to="https://$1covisint.com/" />
 
 	<!--	reset, redirects like so over http.	-->
 	<rule from="^http://support\.covisint\.com/"
 		to="https://portal.covisint.com/web/support/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml b/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml
index 38790757a640..78fed6f6e165 100644
--- a/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml
+++ b/src/chrome/content/rules/Cox-Digital-Solutions-problematic.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cox-Digital-Solutions.xml b/src/chrome/content/rules/Cox-Digital-Solutions.xml
index 032690fb4da0..a014fe57e066 100644
--- a/src/chrome/content/rules/Cox-Digital-Solutions.xml
+++ b/src/chrome/content/rules/Cox-Digital-Solutions.xml
@@ -8,12 +8,14 @@ Fetch error: http://coxds.com/ => https://www.coxdigitalsolutions.com/: (28, 'Co
 	For problematic rules, see Cox-Digital-Solutions-problematic.xml.
 
 -->
-<ruleset name="Cox Digital Solutions (partial)" default_off='failed ruleset test'>
+<ruleset name="Cox Digital Solutions (partial)" default_off="failed ruleset test">
 
 	<target host="coxdigitalsolutions.com" />
 	<target host="www.coxdigitalsolutions.com" />
 	<target host="coxds.com" />
-	<target host="*.coxds.com" />
+	<target host="www.coxds.com" />
+	<target host="go.coxds.com" />
+	<target host="images.coxds.com" />
 
 
 	<securecookie host="^.+\.coxds\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Cox_Communications.xml b/src/chrome/content/rules/Cox_Communications.xml
index d0fb5d2681a9..1d6ad4d9716d 100644
--- a/src/chrome/content/rules/Cox_Communications.xml
+++ b/src/chrome/content/rules/Cox_Communications.xml
@@ -45,11 +45,19 @@ Fetch error: http://cox.com/ => https://ww2.cox.com/: Cycle detected - URL alrea
 <ruleset name="Cox Communications (partial)">
 
 	<target host="cox.com" />
-	<target host="*.cox.com" />
+	<target host="ww2.cox.com" />
+	<target host="www.cox.com" />
+	<target host="framework.cox.com" />
+	<target host="images.cox.com" />
+	<target host="intercept.cox.com" />
+	<target host="store.cox.com" />
 		<exclusion pattern="^http://(?:intercept|ww2)\.cox\.com/.+\.cox(?:$|\?)" />
-	<target host="*.cox.net" />
+	<target host="idm.east.cox.net" />
+	<target host="framework.cox.net" />
 	<target host="coxbusiness.com" />
-	<target host="*.coxbusiness.com" />
+	<target host="www.coxbusiness.com" />
+	<target host="framework.coxbusiness.com" />
+	<target host="myaccount.coxbusiness.com" />
 
 
 	<securecookie host="^\.?store\.cox\.com$" name=".+" />
@@ -61,16 +69,11 @@ Fetch error: http://cox.com/ => https://ww2.cox.com/: Cycle detected - URL alrea
 	<rule from="^http://(?:ww[2w]\.)?cox\.com/"
 		to="https://ww2.cox.com/" />
 
-	<rule from="^http://(framework|images|intercept|store)\.cox\.com/"
-		to="https://$1.cox.com/" />
 
-	<rule from="^http://(idm\.east|framework)\.cox\.net/"
-		to="https://$1.cox.net/" />
 
 	<rule from="^http://(?:www\.)?coxbusiness\.com/"
 		to="https://ww2.cox.com/business" />
 
-	<rule from="^http://(framework|myaccount)\.coxbusiness\.com/"
-		to="https://$1.coxbusiness.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cp.fonality.com.xml b/src/chrome/content/rules/Cp.fonality.com.xml
index 828b28c1ebd8..e135a97e096e 100644
--- a/src/chrome/content/rules/Cp.fonality.com.xml
+++ b/src/chrome/content/rules/Cp.fonality.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.cp.fonality.com/ => https://www.cp.fonality.com/: (6, 'Could not resolve host: www.cp.fonality.com')
 
 -->
-<ruleset name="Cp.fonality.com" default_off='failed ruleset test'>
+<ruleset name="Cp.fonality.com" default_off="failed ruleset test">
   <target host="cp.fonality.com" />
   <target host="www.cp.fonality.com" />
 
diff --git a/src/chrome/content/rules/Cpunks.org.xml b/src/chrome/content/rules/Cpunks.org.xml
index 72dd702db7d6..02a4e894d596 100644
--- a/src/chrome/content/rules/Cpunks.org.xml
+++ b/src/chrome/content/rules/Cpunks.org.xml
@@ -1,17 +1,9 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cpunks.org/ => https://cpunks.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.cpunks.org/ => https://www.cpunks.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
--->
-<ruleset name="Cpunks.org" default_off='failed ruleset test'>
-
+<ruleset name="Cpunks.org" >
 	<target host="cpunks.org" />
 	<target host="www.cpunks.org" />
+	<target host="lists.cpunks.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CrackSAT.net.xml b/src/chrome/content/rules/CrackSAT.net.xml
new file mode 100644
index 000000000000..50d36cc8ef1e
--- /dev/null
+++ b/src/chrome/content/rules/CrackSAT.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="CrackSAT.net">
+	<target host="cracksat.net" />
+	<target host="www.cracksat.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cracked.com.xml b/src/chrome/content/rules/Cracked.com.xml
new file mode 100644
index 000000000000..2ebdacd550b5
--- /dev/null
+++ b/src/chrome/content/rules/Cracked.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+-->
+<ruleset name="Cracked.com (partial)">
+	<target host="cracked.com" />
+	<target host="www.cracked.com" />
+	<target host="admin.cracked.com" />
+	<target host="ajax.cracked.com" />
+	<target host="secure.cracked.com" />
+	<target host="shop.cracked.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CrackedCDN.com.xml b/src/chrome/content/rules/CrackedCDN.com.xml
new file mode 100644
index 000000000000..b7913e776ce1
--- /dev/null
+++ b/src/chrome/content/rules/CrackedCDN.com.xml
@@ -0,0 +1,11 @@
+<!--
+     For other Demand Media coverage, see Demand-Media.xml.
+-->
+<ruleset name="CrackedCDN.com (partial)">
+	<target host="ui.crackedcdn.com" />
+	<target host="s3.crackedcdn.com" />
+		<test url="http://s3.crackedcdn.com/phpimages/article/0/4/0/725040_v2.jpg" />
+		<test url="http://s3.crackedcdn.com/phpimages/article/3/9/3/724393_v1.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crackedconsole.com.xml b/src/chrome/content/rules/Crackedconsole.com.xml
index 8a0411cb2e27..4de954c67175 100644
--- a/src/chrome/content/rules/Crackedconsole.com.xml
+++ b/src/chrome/content/rules/Crackedconsole.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://crackedconsole.com/ => https://crackedconsole.com/: (60, 'SS
 Fetch error: http://www.crackedconsole.com/ => https://www.crackedconsole.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="crackedconsole.com" default_off='failed ruleset test'>
+<ruleset name="crackedconsole.com" default_off="failed ruleset test">
 
 	<target host="crackedconsole.com" />
 	<target host="www.crackedconsole.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.crackedconsole.com/ => https://www.crackedconsole.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CraftBanter.xml b/src/chrome/content/rules/CraftBanter.xml
index d8d85b788500..846aa9626fda 100644
--- a/src/chrome/content/rules/CraftBanter.xml
+++ b/src/chrome/content/rules/CraftBanter.xml
@@ -5,7 +5,7 @@
 <ruleset name="CraftBanter">
 
 	<target host="craftbanter.com" />
-	<target host="*.craftbanter.com" />
+	<target host="www.craftbanter.com" />
 
 
 	<securecookie host="^\.?craftbanter\.com$" name=".+" />
diff --git a/src/chrome/content/rules/CraftStats.com.xml b/src/chrome/content/rules/CraftStats.com.xml
index 6c3b5ae52825..44c21a2262da 100644
--- a/src/chrome/content/rules/CraftStats.com.xml
+++ b/src/chrome/content/rules/CraftStats.com.xml
@@ -11,10 +11,10 @@ Fetch error: http://craftstats.com/ => https://www.craftstats.com/: (7, 'Failed
 
 
 -->
-<ruleset name="CraftStats.com" default_off='failed ruleset test'>
+<ruleset name="CraftStats.com" default_off="failed ruleset test">
 
 	<target host="craftstats.com" />
-	<target host="*.craftstats.com" />
+	<target host="www.craftstats.com" />
 
 
 	<securecookie host="^(?:www)?\.craftstats\.com$" name=".+" />
@@ -23,4 +23,4 @@ Fetch error: http://craftstats.com/ => https://www.craftstats.com/: (7, 'Failed
 	<rule from="^http://(?:www\.)?craftstats\.com/"
 		to="https://www.craftstats.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crain-Communications.xml b/src/chrome/content/rules/Crain-Communications.xml
index 0d924bad02e8..55f66a96b91d 100644
--- a/src/chrome/content/rules/Crain-Communications.xml
+++ b/src/chrome/content/rules/Crain-Communications.xml
@@ -25,14 +25,17 @@ Fetch error: http://www.creativity-online.com/ => https://creativity-online.com/
 		- (www.)idea2009.org		(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Crain Communications (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Crain Communications (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="adage.com" />
-	<target host="*.adage.com" />
+	<target host="www.adage.com" />
+	<target host="amiga.adage.com" />
+	<target host="www.amiga.adage.com" />
+	<target host="gaia.adage.com" />
 	<target host="sec.crain.com" />
 	<target host="crainsnewyork.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.crainsnewyork.com" />
+	<target host="www.crainsnewyork.com" />
 	<target host="creativity-online.com" />
 	<target host="www.creativity-online.com" />
 
diff --git a/src/chrome/content/rules/Crakpass.xml b/src/chrome/content/rules/Crakpass.xml
index 02ef30027663..958b5129acae 100644
--- a/src/chrome/content/rules/Crakpass.xml
+++ b/src/chrome/content/rules/Crakpass.xml
@@ -25,4 +25,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Craphound.xml b/src/chrome/content/rules/Craphound.xml
deleted file mode 100644
index 92af06fbf763..000000000000
--- a/src/chrome/content/rules/Craphound.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Craphound">
-
-	<target host="craphound.com" />
-	<target host="www.craphound.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Crash-Space.xml b/src/chrome/content/rules/Crash-Space.xml
index 9ab9d62bf51c..a6e66bb4a73f 100644
--- a/src/chrome/content/rules/Crash-Space.xml
+++ b/src/chrome/content/rules/Crash-Space.xml
@@ -1,7 +1,8 @@
 <ruleset name="Crash Space">
 
 	<target host="crashspace.org" />
-	<target host="*.crashspace.org" />
+	<target host="blog.crashspace.org" />
+	<target host="www.crashspace.org" />
 
 
 	<!--	- (www.) times out over https
diff --git a/src/chrome/content/rules/CrashPlan.xml b/src/chrome/content/rules/CrashPlan.xml
index 40880ce14663..799ee9ddb0e2 100644
--- a/src/chrome/content/rules/CrashPlan.xml
+++ b/src/chrome/content/rules/CrashPlan.xml
@@ -11,9 +11,9 @@
 	<target host="www.crashplan.com" />
 
 
-	<securecookie host="^(?:.+\.)?crashplan\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crazy-Egg.xml b/src/chrome/content/rules/Crazy-Egg.xml
index ce6bf4a290be..f41c4d4178e6 100644
--- a/src/chrome/content/rules/Crazy-Egg.xml
+++ b/src/chrome/content/rules/Crazy-Egg.xml
@@ -1,9 +1,4 @@
 <!--
-	Other Crazy Egg rulesets:
-
-		- CEtrk.com.xml
-
-
 	CDN buckets:
 
 		- ceblog.s3.amazonaws.com
diff --git a/src/chrome/content/rules/CrazyHD.com.xml b/src/chrome/content/rules/CrazyHD.com.xml
new file mode 100644
index 000000000000..56f02787e8cd
--- /dev/null
+++ b/src/chrome/content/rules/CrazyHD.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="CrazyHD.com">
+	<target host="crazyhd.com" />
+	<target host="www.crazyhd.com" />
+	<target host="siena.crazyhd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crazzed.com.xml b/src/chrome/content/rules/Crazzed.com.xml
index ca975da627d1..ed53fc99745d 100644
--- a/src/chrome/content/rules/Crazzed.com.xml
+++ b/src/chrome/content/rules/Crazzed.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.crazzed.com/ => https://www.crazzed.com/: (7, 'Failed to
 Disabled by https-everywhere-checker because:
 Fetch error: http://crazzed.com/ => https://crazzed.com/: Cycle detected - URL already encountered: http://crazzed.com/
 -->
-<ruleset name="Crazzed.com" default_off='failed ruleset test'>
+<ruleset name="Crazzed.com" default_off="failed ruleset test">
 
 	<target host="crazzed.com" />
 	<target host="www.crazzed.com" />
diff --git a/src/chrome/content/rules/Creare.co.uk.xml b/src/chrome/content/rules/Creare.co.uk.xml
index b630f8e44d1c..f5407b6d6f09 100644
--- a/src/chrome/content/rules/Creare.co.uk.xml
+++ b/src/chrome/content/rules/Creare.co.uk.xml
@@ -23,7 +23,7 @@ Fetch error: http://creare.co.uk/ => https://creare.co.uk/: (60, 'SSL certificat
 		- .creare.co.uk
 
 -->
-<ruleset name="Creare.co.uk" default_off='failed ruleset test'>
+<ruleset name="Creare.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Creatavist.com.xml b/src/chrome/content/rules/Creatavist.com.xml
deleted file mode 100644
index 815962bce5f7..000000000000
--- a/src/chrome/content/rules/Creatavist.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Tumblr
-
-
-	Fully covered subdomains:
-
-		- (www.)?
-		- tcsm
-
--->
-<ruleset name="Creatavist.com (partial)">
-
-	<target host="creatavist.com" />
-	<target host="tcsm.creatavist.com" />
-	<target host="www.creatavist.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CreateSpace.xml b/src/chrome/content/rules/CreateSpace.xml
index d6b7d2aa0cf2..89cdc64eb1b7 100644
--- a/src/chrome/content/rules/CreateSpace.xml
+++ b/src/chrome/content/rules/CreateSpace.xml
@@ -18,7 +18,7 @@ Fetch error: http://createspace.com/ => https://createspace.com/: (7, 'Failed to
 		- www.createspace.com
 
 -->
-<ruleset name="CreateSpace.com" default_off='failed ruleset test'>
+<ruleset name="CreateSpace.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Creative-serving.com.xml b/src/chrome/content/rules/Creative-serving.com.xml
index b402af3c3b88..997c6d9a2b6a 100644
--- a/src/chrome/content/rules/Creative-serving.com.xml
+++ b/src/chrome/content/rules/Creative-serving.com.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CreativeCow.net.xml b/src/chrome/content/rules/CreativeCow.net.xml
index 17095c016a15..c056ce060912 100644
--- a/src/chrome/content/rules/CreativeCow.net.xml
+++ b/src/chrome/content/rules/CreativeCow.net.xml
@@ -5,21 +5,21 @@ Fetch error: http://creativecow.net/ => https://creativecow.net/: (51, "SSL: no
 Fetch error: http://creativecow.com/ => https://creativecow.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creativecow.com'")
 
 -->
-<ruleset name="Creative COW" default_off='failed ruleset test'>
+<ruleset name="Creative COW" default_off="failed ruleset test">
     <target host="creativecow.net" />
     <target host="*.creativecow.net" />
     <target host="creativecow.com" />
     <target host="*.creativecow.com" />
-    
+
     <test url="http://forums.creativecow.net/" />
     <test url="http://forums.creativecow.com/" />
     <test url="http://library.creativecow.net/" />
     <test url="http://library.creativecow.com/" />
     <test url="http://events.creativecow.net/" />
     <test url="http://events.creativecow.com/" />
-    
+
     <securecookie host="^(?:www)?(?:\.)?creativecow\.(?:net|com)$" name=".+" />
-    
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CreativePartnershipsAustralia.xml b/src/chrome/content/rules/CreativePartnershipsAustralia.xml
index b4403c8e036a..7c985e23c598 100644
--- a/src/chrome/content/rules/CreativePartnershipsAustralia.xml
+++ b/src/chrome/content/rules/CreativePartnershipsAustralia.xml
@@ -1,7 +1,7 @@
 <ruleset name="Creative Partnerships Australia">
 	<target host="creativepartnershipsaustralia.org.au" />
-	<target host="*.creativepartnershipsaustralia.org.au" />
+	<target host="www.creativepartnershipsaustralia.org.au" />
 
 	<rule from="^http://(?:www\.)?creativepartnershipsaustralia\.org\.au/"
 		to="https://www.creativepartnershipsaustralia.org.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CreativeSyndicator.xml b/src/chrome/content/rules/CreativeSyndicator.xml
index c3f15c3c1035..25be73da5fbc 100644
--- a/src/chrome/content/rules/CreativeSyndicator.xml
+++ b/src/chrome/content/rules/CreativeSyndicator.xml
@@ -6,7 +6,7 @@ Fetch error: http://ads-creativesyndicator.com/ => https://ads-creativesyndicato
 Disabled by https-everywhere-checker because:
 Fetch error: http://ads-creativesyndicator.com/ => https://ads-creativesyndicator.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="CreativeSyndicator" default_off='failed ruleset test'>
+<ruleset name="CreativeSyndicator" default_off="failed ruleset test">
 
 	<target host="ads-creativesyndicator.com" />
 	<target host="delivery.ads-creativesyndicator.com" />
@@ -18,4 +18,4 @@ Fetch error: http://ads-creativesyndicator.com/ => https://ads-creativesyndicato
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Creative_Little_Readers.com-falsemixed.xml b/src/chrome/content/rules/Creative_Little_Readers.com-falsemixed.xml
deleted file mode 100644
index 93ada7c9c0fd..000000000000
--- a/src/chrome/content/rules/Creative_Little_Readers.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Creative_Little_Readers.com.xml.
-
--->
-<ruleset name="Creative Little Readers.com (false MCB)" platform="mixedcontent">
-
-	<target host="*.creativelittlereaders.com" />
-
-
-	<!--	Server doesn't set Secure for:
-						-->
-	<securecookie host="^(?:www)?\.creativelittlereaders\.com$" name=".+" />
-
-
-	<rule from="^http://www\.creativelittlereaders\.com/"
-		to="https://www.creativelittlereaders.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Creative_Little_Readers.com.xml b/src/chrome/content/rules/Creative_Little_Readers.com.xml
deleted file mode 100644
index cc955a4b305e..000000000000
--- a/src/chrome/content/rules/Creative_Little_Readers.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://creativelittlereaders.com/ => https://creativelittlereaders.com/: (51, "SSL: no alternative certificate subject name matches target host name 'creativelittlereaders.com'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://creativelittlereaders.com/ => https://creativelittlereaders.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-	For rules causing false/broken MCB, see Creative_Little_Readers.com-falsemixed.xml.
-
-
-	Mixed content:
-
-		- js from $self *
-
-		- css, from:
-
-			- $self *
-			- fonts.googlapis.com *
-
-		- Images *
-
-	* Secured by us
-
--->
-<ruleset name="Creative Little Readers.com (partial)" default_off='failed ruleset test'>
-
-        <!--	https://c... redirects to http://w..., so we can avoid a
-		duplicate target warning by blanket-rewriting !www here.
-								-->
-	<target host="creativelittlereaders.com" />
-	<target host="www.creativelittlereaders.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://www\.creativelittlereaders\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/CredAbility.com.xml b/src/chrome/content/rules/CredAbility.com.xml
index b818af41c945..c125c81f846f 100644
--- a/src/chrome/content/rules/CredAbility.com.xml
+++ b/src/chrome/content/rules/CredAbility.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://intake.credability.org/ => https://intake.credability.org/: Too many redirects while fetching 'https://intake.credability.org/'
 
 -->
-<ruleset name="CredAbility.com" default_off='failed ruleset test'>
+<ruleset name="CredAbility.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CreditDisputeProgram.com.xml b/src/chrome/content/rules/CreditDisputeProgram.com.xml
deleted file mode 100644
index 1d185374ece5..000000000000
--- a/src/chrome/content/rules/CreditDisputeProgram.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://creditdisputeprogram.com/ => https://creditdisputeprogram.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-
--->
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://creditdisputeprogram.com/ => https://creditdisputeprogram.com/: Too many redirects while fetching 'https://creditdisputeprogram.com/'
-
--->
-<ruleset name="CreditDisputeProgram.com" default_off='failed ruleset test'>
-
-	<target host="creditdisputeprogram.com" />
-	<target host="www.creditdisputeprogram.com" />
-
-
-	<securecookie host="^(?:[w.]*\.)?creditdisputeprogram\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Credit_Repair_Trust.com.xml b/src/chrome/content/rules/Credit_Repair_Trust.com.xml
deleted file mode 100644
index 9a48ac0f7042..000000000000
--- a/src/chrome/content/rules/Credit_Repair_Trust.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://creditrepairtrust.com/ => https://creditrepairtrust.com/: (6, 'Could not resolve host: creditrepairtrust.com')
-Fetch error: http://www.creditrepairtrust.com/ => https://www.creditrepairtrust.com/: (6, 'Could not resolve host: www.creditrepairtrust.com')
-
--->
-<ruleset name="Credit Repair Trust.com" default_off='failed ruleset test'>
-
-	<target host="creditrepairtrust.com" />
-	<target host="www.creditrepairtrust.com" />
-
-
-	<securecookie host="^(?:[w.]*\.)?creditrepairtrust\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Credit_Report_Nation.xml b/src/chrome/content/rules/Credit_Report_Nation.xml
index 32e9bd54c9e3..75cf36ec1489 100644
--- a/src/chrome/content/rules/Credit_Report_Nation.xml
+++ b/src/chrome/content/rules/Credit_Report_Nation.xml
@@ -5,15 +5,15 @@ Fetch error: http://creditreportnation.com/ => https://creditreportnation.com/:
 Fetch error: http://www.creditreportnation.com/ => https://www.creditreportnation.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Credit Report Nation" default_off='failed ruleset test'>
+<ruleset name="Credit Report Nation" default_off="failed ruleset test">
 
 	<target host="creditreportnation.com" />
 	<target host="www.creditreportnation.com" />
 
 
-	<securecookie host="^(?:.*\.)?creditreportnation\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crikey.xml b/src/chrome/content/rules/Crikey.xml
index f67384ce542f..15e366496bc3 100644
--- a/src/chrome/content/rules/Crikey.xml
+++ b/src/chrome/content/rules/Crikey.xml
@@ -14,7 +14,7 @@ Fetch error: http://crikey.com.au/ => https://crikey.com.au/: Too many redirects
 		- offers	(works; mismatched, CN: *.unbounce.com)
 
 -->
-<ruleset name="Crikey (partial)" default_off='failed ruleset test'>
+<ruleset name="Crikey (partial)" default_off="failed ruleset test">
 
 	<target host="crikey.com.au" />
 	<target host="media.crikey.com.au" />
@@ -26,4 +26,4 @@ Fetch error: http://crikey.com.au/ => https://crikey.com.au/: Too many redirects
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crimtan.xml b/src/chrome/content/rules/Crimtan.xml
deleted file mode 100644
index 36d766b24bb8..000000000000
--- a/src/chrome/content/rules/Crimtan.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)crimtan.com
-		- ag.ctpsnet.com
-
--->
-<ruleset name="Crimtan (partial)">
-
-	<target host="*.ctpsnet.com" />
-
-
-	<securecookie host="^\.ctnsnet\.com$" name=".+" />
-
-
-	<rule from="^http://(cdn|i)\.ctpsnet\.com/"
-		to="https://$1.ctpsnet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Criosweb.xml b/src/chrome/content/rules/Criosweb.xml
index 8a5e054f7531..0075045da21e 100644
--- a/src/chrome/content/rules/Criosweb.xml
+++ b/src/chrome/content/rules/Criosweb.xml
@@ -6,7 +6,6 @@
 
 	<rule from="^http://infoeuri\.criosweb\.ro/$"
 		to="https://infoeuri.criosweb.ro/" />
-		<test url="http://infoeuri.criosweb.ro/" />
 
 	<rule from="^http://infoeuri\.criosweb\.ro/(aplicatie|css|fonts|img|js|povestea\.php)/"
 		to="https://infoeuri.criosweb.ro/$1/" />
@@ -30,7 +29,6 @@
 
 	<rule from="^http://luci\.criosweb\.ro/(blog/)?wp-(content|includes)/"
 		to="https://luci.criosweb.ro/$1wp-$2/" />
-		<test url="http://luci.criosweb.ro/" />
 		<test url="http://luci.criosweb.ro/blog/wp-content/themes/twentyfifteen/genericons/genericons.css" />
 		<test url="http://luci.criosweb.ro/blog/wp-includes/js/jquery/jquery-migrate.min.js" />
 		<test url="http://luci.criosweb.ro/wp-content/uploads/2015/11/board-config.png" />
@@ -42,7 +40,5 @@
 	<target host="www.criosweb.ro" />
 
 	<rule from="^http://(www\.)?criosweb\.ro/" to="https://$1criosweb.ro/" />
-		<test url="http://criosweb.ro/" />
-		<test url="http://www.criosweb.ro/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Crisco.com.xml b/src/chrome/content/rules/Crisco.com.xml
new file mode 100644
index 000000000000..9df7f5ca6a35
--- /dev/null
+++ b/src/chrome/content/rules/Crisco.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional subdomains:
+		- $host		(r)
+		- es	(t)
+		- m.es	(t)
+		- m		(t)
+		- prod.pmc	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Crisco">
+
+	<target host="crisco.com" />
+	<target host="www.crisco.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://crisco\.com/"
+		to="https://www.crisco.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crisis.org.uk.xml b/src/chrome/content/rules/Crisis.org.uk.xml
deleted file mode 100644
index ee8fd890c87f..000000000000
--- a/src/chrome/content/rules/Crisis.org.uk.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	(www.)?crisis.org.uk: 401
-
-
-	Insecure cookies are set for these hosts:
-
-		- community.crisis.org.uk
-
--->
-<ruleset name="Crisis.org.uk (partial)">
-
-	<target host="community.crisis.org.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^community\.crisis\.org\.uk$" name="^(?:ASP\.NET_SessionId$|NSC_)" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Criteo.com.xml b/src/chrome/content/rules/Criteo.com.xml
index 71266138d95d..5c54f8dc1530 100644
--- a/src/chrome/content/rules/Criteo.com.xml
+++ b/src/chrome/content/rules/Criteo.com.xml
@@ -1,7 +1,4 @@
 <!--
-	Cert expired:
-		- pixel.criteo.com
-
 	Cert mismatch:
 		- widget.cn.criteo.com
 		- rakuten.dis.criteo.com
@@ -15,25 +12,20 @@
 		- more.criteo.com
 		- rightmedia.criteo.com
 		- staging.criteo.com
+		- translation.criteo.com
 		- fb.rtb.sv.us.criteo.com
-
+		- www2.criteo.com
 
 	Connection refused:
 		- o.staging.criteo.com
 		- p-front2.triskel.criteo.com
 
 	Invalid cert:
-
 		- *.widget.criteo.com
-		- images.criteo.net
-		- images.eu.criteo.net
-		- peering.criteo.net
-		- pixel.criteo.net
 		- par.service.criteo.net
 
 	Self-signed cert:
 		- amsterdam.criteo.com
-		- newyork.criteo.com
 		- p-back1.triskel.criteo.com
 
 	Timeout:
@@ -59,7 +51,6 @@
 		- ns1.criteo.com
 		- ns13.criteo.com
 		- ns17.criteo.com
-		- ns4.criteo.com
 		- ns6.criteo.com
 		- ns8.criteo.com
 		- office-fr.criteo.com
@@ -71,54 +62,45 @@
 		- p-back2.triskel.criteo.com
 		- p-front1.triskel.criteo.com
 		- p-hyp1.triskel.criteo.com
-		- cas.ny.us.criteo.com
-		- ck.ny.us.criteo.com
-		- dis.ny.us.criteo.com
-		- info.ny.us.criteo.com
-		- rtax.ny.us.criteo.com
-		- rtb.ny.us.criteo.com
-		- rtb-ssl.ny.us.criteo.com
-		- widget.ny.us.criteo.com
 		- rtb-ssl.sv.us.criteo.com
-		- usersync.criteo.com
-		- pix.ny.us.criteo.net
-		- static.ny.us.criteo.net
-		
-		
+
 	TLS errors:
 		- marketplace.criteo.com
 -->
 
 <ruleset name="Criteo.com (partial)">
-
+	<!-- criteo.com -->
 	<target host="criteo.com" />
 	<target host="www.criteo.com" />
-
 	<target host="accelerate.criteo.com" />
 	<target host="account.criteo.com" />
 	<target host="advertising.criteo.com" />
+	<target host="ads.as.criteo.com" />
+	<target host="cas.as.criteo.com" />
 	<target host="dis.as.criteo.com" />
 	<target host="cas.hk.as.criteo.com" />
 	<target host="cat.hk.as.criteo.com" />
 	<target host="dis.hk.as.criteo.com" />
 	<target host="info.as.criteo.com" />
+	<target host="cas.jp.as.criteo.com" />
 	<target host="cat.jp.as.criteo.com" />
 	<target host="ck.jp.as.criteo.com" />
 	<target host="dis.jp.as.criteo.com" />
 	<target host="info.jp.as.criteo.com" />
+	<target host="rdi.jp.as.criteo.com" />
 	<target host="rtax.jp.as.criteo.com" />
 	<target host="widget.jp.as.criteo.com" />
 	<target host="widget.as.criteo.com" />
 	<target host="bidder.criteo.com" />
 	<target host="blog.criteo.com" />
 	<target host="blog-fr.criteo.com" />
-	<target host="brand.criteo.com" />
 	<target host="cas.criteo.com" />
 	<target host="cat.criteo.com" />
+	<target host="codeofduty.criteo.com" />
 	<target host="demo.criteo.com" />
 	<target host="dev.criteo.com" />
-	<target host="o.dev.criteo.com" />
 	<target host="dis.criteo.com" />
+	<target host="dynamic.criteo.com" />
 	<target host="ebs.criteo.com" />
 	<target host="emailprivacy.criteo.com" />
 	<target host="cas.eu.criteo.com" />
@@ -127,14 +109,17 @@
 	<target host="cat.fr.eu.criteo.com" />
 	<target host="ck.fr.eu.criteo.com" />
 	<target host="widget.fr.eu.criteo.com" />
+	<target host="ads.eu.criteo.com" />
 	<target host="info.eu.criteo.com" />
 	<target host="cas.nl.eu.criteo.com" />
 	<target host="cat.nl.eu.criteo.com" />
 	<target host="ck.nl.eu.criteo.com" />
 	<target host="widget.nl.eu.criteo.com" />
+	<target host="rdi.eu.criteo.com" />
 	<target host="rtax.eu.criteo.com" />
 	<target host="widget.eu.criteo.com" />
 	<target host="extranet.criteo.com" />
+	<target host="gem.criteo.com" />
 	<target host="gum.criteo.com" />
 	<target host="info.criteo.com" />
 	<target host="integrate.criteo.com" />
@@ -144,6 +129,8 @@
 	<target host="ld2.criteo.com" />
 	<target host="maintenance.criteo.com" />
 	<target host="marketing.criteo.com" />
+	<target host="mug.criteo.com" />
+	<target host="news.criteo.com" />
 	<target host="org-ld2.criteo.com" />
 	<target host="premium.criteo.com" />
 	<target host="preview.criteo.com" />
@@ -156,8 +143,14 @@
 	<target host="static.criteo.com" />
 	<target host="staticdemo.criteo.com" />
 	<target host="support.criteo.com" />
+	<target host="test.criteo.com" />
+	<target host="post.update.criteo.com" />
+	<target host="s.update.criteo.com" />
+	<target host="ads.us.criteo.com" />
+	<target host="cas.us.criteo.com" />
 	<target host="dis.us.criteo.com" />
 	<target host="info.us.criteo.com" />
+	<target host="rdi.us.criteo.com" />
 	<target host="cas.sv.us.criteo.com" />
 	<target host="cat.sv.us.criteo.com" />
 	<target host="ck.sv.us.criteo.com" />
@@ -165,18 +158,28 @@
 	<target host="rtax.sv.us.criteo.com" />
 	<target host="widget.sv.us.criteo.com" />
 	<target host="widget.us.criteo.com" />
+	<target host="cas.va.us.criteo.com" />
+	<target host="cat.va.us.criteo.com" />
+	<target host="dis.va.us.criteo.com" />
 	<target host="widget.criteo.com" />
 
+	<!-- criteo.net -->
+	<target host="pix.jp.as.criteo.net" />
+	<target host="static.jp.as.criteo.net" />
+	<target host="vix.as.criteo.net" />
 	<target host="pix.fr.eu.criteo.net" />
 	<target host="pix.nl.eu.criteo.net" />
-	<target host="pix.sv.us.criteo.net" />
-	<target host="static.criteo.net" />
+	<target host="pix.eu.criteo.net" />
 	<target host="static.eu.criteo.net" />
-	<target host="static.jp.as.criteo.net" />
+	<target host="peering.criteo.net" />
+	<target host="static.criteo.net" />
+	<target host="pix.us.criteo.net" />
+	<target host="pix4.us.criteo.net" />
+	<target host="pix.sv.us.criteo.net" />
 	<target host="static.sv.us.criteo.net" />
 
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Critical-Mass.xml b/src/chrome/content/rules/Critical-Mass.xml
deleted file mode 100644
index 9a17092eddb8..000000000000
--- a/src/chrome/content/rules/Critical-Mass.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Critical Mass (partial)">
-
-	<target host="cm1.criticalmass.com" />
-
-
-	<securecookie host="^cm1\.criticalmass\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Crittercism.com.xml b/src/chrome/content/rules/Crittercism.com.xml
index cc8508d98aea..3e5e01cf08ea 100644
--- a/src/chrome/content/rules/Crittercism.com.xml
+++ b/src/chrome/content/rules/Crittercism.com.xml
@@ -6,13 +6,13 @@
 -->
 <ruleset name="Crittercism.com (partial)">
 
-	<target host="*.crittercism.com" />
+	<target host="api.crittercism.com" />
+	<target host="app.crittercism.com" />
 
 
 	<securecookie host="^ap[ip]\.crittercism\.com" name=".+" />
 
 
-	<rule from="^http://ap(i|p)\.crittercism\.com/"
-		to="https://ap$1.crittercism.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Criu.org.xml b/src/chrome/content/rules/Criu.org.xml
new file mode 100644
index 000000000000..e3f969590fbf
--- /dev/null
+++ b/src/chrome/content/rules/Criu.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Criu.org">
+	<target host="criu.org" />
+	<target host="www.criu.org" />
+	<target host="patchwork.criu.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crocs.xml b/src/chrome/content/rules/Crocs.xml
index 63c29a48a602..155fa4fa14f0 100644
--- a/src/chrome/content/rules/Crocs.xml
+++ b/src/chrome/content/rules/Crocs.xml
@@ -31,7 +31,7 @@ Fetch error: http://espanol.crocs.com/ => https://espanol.crocs.com/: (51, "SSL:
 		- images
 
 -->
-<ruleset name="Crocs" default_off='failed ruleset test'>
+<ruleset name="Crocs" default_off="failed ruleset test">
 
 	<target host="crocs.com" />
 	<target host="www.crocs.com" />
diff --git a/src/chrome/content/rules/CrooksAndLiars.com.xml b/src/chrome/content/rules/CrooksAndLiars.com.xml
new file mode 100644
index 000000000000..33f941f55ba4
--- /dev/null
+++ b/src/chrome/content/rules/CrooksAndLiars.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid Certificate:
+		mediacdn.crooksandliars.com
+-->
+<ruleset name="CrooksAndLiars.com">
+	<target host="crooksandliars.com" />
+	<target host="www.crooksandliars.com" />
+	<target host="blueamerica.crooksandliars.com" />
+	<target host="embed.crooksandliars.com" />
+		<test url="http://embed.crooksandliars.com/embed/b2h4nEd1" />
+	<target host="murraywaas.crooksandliars.com" />
+	<target host="overthecliff.crooksandliars.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml b/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml
index 5f7183674140..4a90f91e86c9 100644
--- a/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml
+++ b/src/chrome/content/rules/Cross-Pixel-Media-problematic.xml
@@ -12,4 +12,4 @@
 						-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cross-Pixel-Media.xml b/src/chrome/content/rules/Cross-Pixel-Media.xml
index b7f7402562b8..2453593ce460 100644
--- a/src/chrome/content/rules/Cross-Pixel-Media.xml
+++ b/src/chrome/content/rules/Cross-Pixel-Media.xml
@@ -21,7 +21,8 @@
 <ruleset name="Cross Pixel Media (partial)">
 
 
-	<target host="*.crsspxl.com" />
+	<target host="elmo.crsspxl.com" />
+	<target host="tag.crsspxl.com" />
 
 
 	<securecookie host="^(?:tag)?\.crsspxl\.com$" name=".+" />
@@ -32,7 +33,6 @@
 	<rule from="^http://elmo\.crsspxl\.com/"
 		to="https://d2kdqv2bboglbi.cloudfront.net/" />
 
-	<rule from="^http://tag\.crsspxl\.com/"
-		to="https://tag.crsspxl.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CrossRef.org.xml b/src/chrome/content/rules/CrossRef.org.xml
index 93d09ac3f4ce..a703b2873be0 100644
--- a/src/chrome/content/rules/CrossRef.org.xml
+++ b/src/chrome/content/rules/CrossRef.org.xml
@@ -66,16 +66,16 @@
 	<target host="test.crossref.org" />
 	<target host="testweb.crossref.org" />
 	<target host="wwwold.crossref.org" />
-	
+
 	<rule from="^http://(det\.labs|eventdata)\.crossref\.org/"
 		to="https://www.crossref.org/services/event-data/" />
-	
+
 	<rule from="^http://labs\.crossref\.org/"
 		to="https://www.crossref.org/labs/" />
-	
+
 	<rule from="^http://nlabs\.labs\.crossref\.org/"
 		to="https://www.crossref.org/" />
-	
+
 		<test url="http://nlabs.labs.crossref.org/about/" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Crossdresser-Forum.de.xml b/src/chrome/content/rules/Crossdresser-Forum.de.xml
index 1428edbf9f87..3034ecf9fb16 100644
--- a/src/chrome/content/rules/Crossdresser-Forum.de.xml
+++ b/src/chrome/content/rules/Crossdresser-Forum.de.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:"/>
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crossrider.xml b/src/chrome/content/rules/Crossrider.xml
index 6dc056be8981..d1d6b00a616f 100644
--- a/src/chrome/content/rules/Crossrider.xml
+++ b/src/chrome/content/rules/Crossrider.xml
@@ -13,10 +13,10 @@ Fetch error: http://crossrider.com/ => https://crossrider.com/: (7, 'Failed to c
 		- www	(400)
 
 -->
-<ruleset name="Crossrider (partial)" default_off='failed ruleset test'>
+<ruleset name="Crossrider (partial)" default_off="failed ruleset test">
 
 	<target host="crossrider.com" />
-	<target host="*.crossrider.com" />
+	<target host="www.crossrider.com" />
 
 
 	<securecookie host="^\.?crossrider\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Crowd-Factory.xml b/src/chrome/content/rules/Crowd-Factory.xml
index 86f7fee83709..c9584c83c2fe 100644
--- a/src/chrome/content/rules/Crowd-Factory.xml
+++ b/src/chrome/content/rules/Crowd-Factory.xml
@@ -20,10 +20,12 @@ Fetch error: http://www.socialcampaign.com/ => https://www.socialcampaign.com/:
 	pages.crowdfactory.com cert: *.marketo.com
 
 -->
-<ruleset name="Crowd Factory" default_off='failed ruleset test'>
+<ruleset name="Crowd Factory" default_off="failed ruleset test">
 
 	<target host="crowdfactory.com" />
-	<target host="*.crowdfactory.com" />
+	<target host="www.crowdfactory.com" />
+	<target host="b2c-wsinsight.crowdfactory.com" />
+	<target host="blog.crowdfactory.com" />
 	<target host="socialcampaign.com" />
 	<target host="www.socialcampaign.com" />
 
@@ -36,10 +38,7 @@ Fetch error: http://www.socialcampaign.com/ => https://www.socialcampaign.com/:
 	<rule from="^http://(?:www\.)?crowdfactory\.com/"
 		to="https://www.crowdfactory.com/" />
 
-	<rule from="^http://b(2c-wsinsight|log)\.crowdfactory\.com/"
-		to="https://b$1.crowdfactory.com/" />
 
-	<rule from="^http://(www\.)?socialcampaign\.com/"
-		to="https://$1socialcampaign.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crowd-Science.xml b/src/chrome/content/rules/Crowd-Science.xml
index 9f3a338333ae..86199be276d0 100644
--- a/src/chrome/content/rules/Crowd-Science.xml
+++ b/src/chrome/content/rules/Crowd-Science.xml
@@ -40,7 +40,11 @@
 -->
 <ruleset name="Crowd Science (partial)">
 
-	<target host="*.crowdscience.com" />
+	<target host="app.crowdscience.com" />
+	<target host="aws-app.crowdscience.com" />
+	<target host="static.crowdscience.com" />
+	<target host="secure-static.crowdscience.com" />
+	<target host="support.crowdscience.com" />
 		<exclusion pattern="http://static\.crowndscience\.com/blog/" />
 
 
diff --git a/src/chrome/content/rules/CrowdCulture.se.xml b/src/chrome/content/rules/CrowdCulture.se.xml
index 80830f128b89..3aca904d1b2e 100644
--- a/src/chrome/content/rules/CrowdCulture.se.xml
+++ b/src/chrome/content/rules/CrowdCulture.se.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/CrowdJustice.com.xml b/src/chrome/content/rules/CrowdJustice.com.xml
new file mode 100644
index 000000000000..34bf1d0e429c
--- /dev/null
+++ b/src/chrome/content/rules/CrowdJustice.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid Certificate:
+		r.mail.crowdjustice.com
+-->
+<ruleset name="CrowdJustice.com">
+	<target host="crowdjustice.com" />
+	<target host="www.crowdjustice.com" />
+	<target host="blog.crowdjustice.com" />
+	<target host="help.crowdjustice.com" />
+	<target host="static.crowdjustice.com" />
+		<test url="http://static.crowdjustice.com/user_content/1904549+To+David+Davis+22+03+2018_Redacted.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CrowdTangle.xml b/src/chrome/content/rules/CrowdTangle.xml
index 97235e286d4f..1dbbaa459f9f 100644
--- a/src/chrome/content/rules/CrowdTangle.xml
+++ b/src/chrome/content/rules/CrowdTangle.xml
@@ -1,19 +1,18 @@
 <!--
-	Problematic subdomains:
-
-		- ^	(pages and custom/ redirect to http, other paths work; mismatched, CN: onepagerapp.com)
-
+	Connection timed out:
+		- crowdtangle.com, equivalent to www.crowdtangle.com
 -->
-<ruleset name="CrowdTangle (partial)">
 
+<ruleset name="CrowdTangle">
 	<target host="crowdtangle.com" />
-	<target host="*.crowdtangle.com" />
-
-
-	<rule from="^http://(?:www\.)?crowdtangle\.com/(asset|upload)s/"
-		to="https://onepagerapp.com/$1s/" />
+	<target host="www.crowdtangle.com" />
+	<target host="apps.crowdtangle.com" />
+	<target host="blog.crowdtangle.com" />
+	<target host="help.crowdtangle.com" />
+	<target host="updater.crowdtangle.com" />
 
-	<rule from="^http://prod\.crowdtangle\.com/"
-		to="https://prod.crowdtangle.com/" />
+	<rule from="^http://crowdtangle\.com/"
+		  to="https://www.crowdtangle.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crowdin.com.xml b/src/chrome/content/rules/Crowdin.com.xml
index 433ffe8c7ece..2c6331bdb014 100644
--- a/src/chrome/content/rules/Crowdin.com.xml
+++ b/src/chrome/content/rules/Crowdin.com.xml
@@ -1,20 +1,35 @@
 <!--
-	Other Crowdin rulesets:
-		- Crowdin.net.xml
+	403 status code:
+		- cdn.crowdin.com
+		- cname.crowdin.com
+
+	426 status code:
+		- ws-lb.crowdin.com
+
+	Timeout was reached:
+		- test.crowdin.com
+		- admin.test.crowdin.com
 -->
 <ruleset name="Crowdin.com">
 	<target host="crowdin.com" />
 	<target host="www.crowdin.com" />
+	<target host="api.crowdin.com" />
+		<test url="http://api.crowdin.com/api/supported-languages" />
 	<target host="blog.crowdin.com" />
 	<target host="demo.crowdin.com" />
+	<target host="downloads.crowdin.com" />
+		<test url="http://downloads.crowdin.com/docs/android-crowdsourcing.pdf" />
 	<target host="support.crowdin.com" />
+	<target host="translate.crowdin.com" />
 
 	<target host="ar.crowdin.com" />
+	<target host="be.crowdin.com" />
 	<target host="br.crowdin.com" />
 	<target host="cs.crowdin.com" />
 	<target host="de.crowdin.com" />
 	<target host="es.crowdin.com" />
 	<target host="fr.crowdin.com" />
+	<target host="hu.crowdin.com" />
 	<target host="it.crowdin.com" />
 	<target host="ja.crowdin.com" />
 	<target host="pl.crowdin.com" />
@@ -23,7 +38,10 @@
 	<target host="sk.crowdin.com" />
 	<target host="uk.crowdin.com" />
 
+	<target host="crowdin.net" />
+	<target host="www.crowdin.net" />
+
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"	to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Crowdin.net.xml b/src/chrome/content/rules/Crowdin.net.xml
deleted file mode 100644
index 4fac32923216..000000000000
--- a/src/chrome/content/rules/Crowdin.net.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For other Crowdin coverage, see Crowdin.com.xml.
-
-
-	www: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- crowdin.net
-
--->
-<ruleset name="Crowdin.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="crowdin.net" />
-
-	<!--	Complications:
-				-->
-	<target host="www.crowdin.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^crowdin\.net$" name="^cid$" /-->
-
-	<securecookie host="^crowdin\.net$" name=".+" />
-
-
-	<rule from="^http://www\.crowdin\.net/"
-		to="https://crowdin.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cru.fr.xml b/src/chrome/content/rules/Cru.fr.xml
index 6e6f75e53e4c..d1d7166c1e52 100644
--- a/src/chrome/content/rules/Cru.fr.xml
+++ b/src/chrome/content/rules/Cru.fr.xml
@@ -15,7 +15,7 @@ Non-2xx HTTP code: http://git.cru.fr/ (200) => https://git.renater.fr/ (403)
 	^cru.fr does not exist
 
 -->
-<ruleset name="cru.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="cru.fr (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cru.org.xml b/src/chrome/content/rules/Cru.org.xml
index 3645dbfe2f42..1a4c190f50ba 100644
--- a/src/chrome/content/rules/Cru.org.xml
+++ b/src/chrome/content/rules/Cru.org.xml
@@ -12,17 +12,12 @@ Fetch error: http://cru.org/ => https://cru.org/: (51, "SSL: no alternative cert
 
 	<target host="cru.org" />
 	<target host="*.cru.org" />
-
+		<test url="http://sites.cru.org/" />
+		<test url="http://stage.cru.org/" />
+		<test url="http://jobs.cru.org/" />
 
 	<securecookie host="^(?:www\.)?cru\.org$" name=".+" />
 
-
-	<rule from="^http://(www\.)?cru\.org/"
-		to="https://$1cru.org/" />
-
-	<!--	Protocol-relative links from www:
-						-->
-	<rule from="^https?://static\.cru\.org/"
-		to="https://d2kuvqjqp132ic.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CruisersForum.com.xml b/src/chrome/content/rules/CruisersForum.com.xml
index c06cb63895a1..892278a34ee9 100644
--- a/src/chrome/content/rules/CruisersForum.com.xml
+++ b/src/chrome/content/rules/CruisersForum.com.xml
@@ -21,7 +21,8 @@
 <ruleset name="CruisersForum.com">
 
 	<target host="cruisersforum.com" />
-	<target host="*.cruisersforum.com" />
+	<target host="cdn.cruisersforum.com" />
+	<target host="www.cruisersforum.com" />
 
 
 	<securecookie host="^(?:www)?\.cruisersforum\.com$" name=".+" />
@@ -30,4 +31,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?cruisersforum\.com/"
 		to="https://www.cruisersforum.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crunchyroll.com.xml b/src/chrome/content/rules/Crunchyroll.com.xml
new file mode 100644
index 000000000000..38b477f3a9fb
--- /dev/null
+++ b/src/chrome/content/rules/Crunchyroll.com.xml
@@ -0,0 +1,48 @@
+<ruleset name="Crunchyroll.com">
+	<target host="crunchyroll.com" />
+	<target host="www.crunchyroll.com" />
+	<target host="accounts.crunchyroll.com" />
+	<target host="img1.ak.crunchyroll.com" />
+	<target host="static.ak.crunchyroll.com" />
+	<target host="api.crunchyroll.com" />
+	<target host="api-manga.crunchyroll.com" />
+	<target host="app.crunchyroll.com" />
+	<target host="bento.crunchyroll.com" />
+	<target host="beta.crunchyroll.com" />
+	<target host="beta-api.crunchyroll.com" />
+	<target host="beta-stage.crunchyroll.com" />
+	<target host="beta-stage-api.crunchyroll.com" />
+	<target host="cms.crunchyroll.com" />
+	<target host="cms-manga.crunchyroll.com" />
+	<target host="cms-stage.crunchyroll.com" />
+	<target host="eec.crunchyroll.com" />
+	<target host="faspex.crunchyroll.com" />
+	<target host="help.crunchyroll.com" />
+	<target host="links.mail.crunchyroll.com" />
+	<target host="overloaded.crunchyroll.com" />
+	<target host="partnerfeed.crunchyroll.com" />
+	<target host="pl.crunchyroll.com" />
+	<target host="www.rules.crunchyroll.com" />
+	<target host="sa.crunchyroll.com" />
+	<target host="secure.crunchyroll.com" />
+	<target host="shop.crunchyroll.com" />
+	<target host="sso.crunchyroll.com" />
+	<target host="stage.crunchyroll.com" />
+	<target host="stage-accounts.crunchyroll.com" />
+	<target host="stage-admin.crunchyroll.com" />
+	<target host="stage-api.crunchyroll.com" />
+	<target host="stage-api-manga.crunchyroll.com" />
+	<target host="stage-cms-manga.crunchyroll.com" />
+	<target host="stage-eec.crunchyroll.com" />
+	<target host="stage-secure.crunchyroll.com" />
+	<target host="stage-sso.crunchyroll.com" />
+	<target host="stage-support.crunchyroll.com" />
+	<target host="staging-store.crunchyroll.com" />
+	<target host="static.crunchyroll.com" />
+	<target host="store.crunchyroll.com" />
+	<target host="support.crunchyroll.com" />
+	<target host="tienda.crunchyroll.com" />
+	<target host="upload.crunchyroll.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Crux.nu.xml b/src/chrome/content/rules/Crux.nu.xml
index b76d22fb1102..027824f5cc1a 100644
--- a/src/chrome/content/rules/Crux.nu.xml
+++ b/src/chrome/content/rules/Crux.nu.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.crux.nu/ => https://www.crux.nu/: (60, 'SSL certificate
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Crux.nu" default_off='failed ruleset test'>
+<ruleset name="Crux.nu" default_off="failed ruleset test">
 
 	<target host="crux.nu" />
 	<target host="lists.crux.nu" />
diff --git a/src/chrome/content/rules/Cryptalloy.de-problematic.xml b/src/chrome/content/rules/Cryptalloy.de-problematic.xml
index 6f2c1d25a965..a7a80b270fbc 100644
--- a/src/chrome/content/rules/Cryptalloy.de-problematic.xml
+++ b/src/chrome/content/rules/Cryptalloy.de-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Cryptalloy.de (problematic)" default_off="self-signed">
 
 	<target host="cryptalloy.de" />
-	<target host="*.cryptalloy.de" />
+	<target host="www.cryptalloy.de" />
 
 
 	<securecookie host="^\.www\.cryptalloy\.de$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?cryptalloy\.de/"
 		to="https://www.cryptalloy.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptalloy.de.xml b/src/chrome/content/rules/Cryptalloy.de.xml
index cf60fa012d7f..21591cd1cd96 100644
--- a/src/chrome/content/rules/Cryptalloy.de.xml
+++ b/src/chrome/content/rules/Cryptalloy.de.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?shop\.cryptalloy\.de/"
 		to="https://www.shop.cryptalloy.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cryptanalysis.xml b/src/chrome/content/rules/Cryptanalysis.xml
index 1177758e9c8c..e0e4777e18ec 100644
--- a/src/chrome/content/rules/Cryptanalysis.xml
+++ b/src/chrome/content/rules/Cryptanalysis.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.cryptanalysis.eu/ => https://www.cryptanalysis.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cryptanalysis.eu'")
 
 -->
-<ruleset name="Cryptanalysis.eu" default_off='failed ruleset test'>
+<ruleset name="Cryptanalysis.eu" default_off="failed ruleset test">
 
 	<target host="cryptanalysis.eu"/>
 	<target host="www.cryptanalysis.eu"/>
diff --git a/src/chrome/content/rules/Cryptbin.com.xml b/src/chrome/content/rules/Cryptbin.com.xml
index bd023bea5860..61c5ff600219 100644
--- a/src/chrome/content/rules/Cryptbin.com.xml
+++ b/src/chrome/content/rules/Cryptbin.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.cryptbin.com/ => https://www.cryptbin.com/: (60, 'SSL ce
 		- cryptbin.com
 
 -->
-<ruleset name="Cryptbin.com" default_off='failed ruleset test'>
+<ruleset name="Cryptbin.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CryptedMemo.com.xml b/src/chrome/content/rules/CryptedMemo.com.xml
index a2b4ad845808..b7e4c0d31f1b 100644
--- a/src/chrome/content/rules/CryptedMemo.com.xml
+++ b/src/chrome/content/rules/CryptedMemo.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://cryptedmemo.com/ => https://cryptedmemo.com/: (60, 'SSL cert
 	www doesn't exist.
 
 -->
-<ruleset name="CryptedMemo.com" default_off='failed ruleset test'>
+<ruleset name="CryptedMemo.com" default_off="failed ruleset test">
 
 	<target host="cryptedmemo.com" />
 
diff --git a/src/chrome/content/rules/Crypto.cat.xml b/src/chrome/content/rules/Crypto.cat.xml
index 1d2a646cf1b0..b7b1c1db213c 100644
--- a/src/chrome/content/rules/Crypto.cat.xml
+++ b/src/chrome/content/rules/Crypto.cat.xml
@@ -4,7 +4,6 @@
 		- lists
 -->
 <ruleset name="Crypto.cat">
-	<target host="crypto.cat" />
 	<target host="www.crypto.cat" />
 
 	<securecookie host="^crypto\.cat$" name=".+" />
diff --git a/src/chrome/content/rules/CryptoLUX.org.xml b/src/chrome/content/rules/CryptoLUX.org.xml
index 1bb18aaf5a78..63d55fb230d0 100644
--- a/src/chrome/content/rules/CryptoLUX.org.xml
+++ b/src/chrome/content/rules/CryptoLUX.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cryptolux.org/ => https://cryptolux.org/: (51, "SSL: no alternative certificate subject name matches target host name 'cryptolux.org'")
 
 -->
-<ruleset name="CryptoLUX.org" default_off='failed ruleset test'>
+<ruleset name="CryptoLUX.org" default_off="failed ruleset test">
 
 	<target host="cryptolux.org" />
 	<target host="www.cryptolux.org" />
diff --git a/src/chrome/content/rules/CryptoNetwork.com.xml b/src/chrome/content/rules/CryptoNetwork.com.xml
index 2233c48a0e04..5857ee96aa1a 100644
--- a/src/chrome/content/rules/CryptoNetwork.com.xml
+++ b/src/chrome/content/rules/CryptoNetwork.com.xml
@@ -3,7 +3,7 @@
 	www.cryptonetwork.com: Mismatched
 
 -->
-<ruleset name="CryptoNetwork.com" default_off="missing certificate chain">
+<ruleset name="CryptoNetwork.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/CryptoSeal.com.xml b/src/chrome/content/rules/CryptoSeal.com.xml
index 380702d9eb30..d517761b5203 100644
--- a/src/chrome/content/rules/CryptoSeal.com.xml
+++ b/src/chrome/content/rules/CryptoSeal.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.cryptoseal.com/ => https://www.cryptoseal.com/: (28, 'Op
 		- connect
 
 -->
-<ruleset name="CryptoSeal.com" default_off='failed ruleset test'>
+<ruleset name="CryptoSeal.com" default_off="failed ruleset test">
 
 	<target host="cryptoseal.com" />
 	<target host="connect.cryptoseal.com" />
diff --git a/src/chrome/content/rules/CryptoVPN.com.xml b/src/chrome/content/rules/CryptoVPN.com.xml
deleted file mode 100644
index 0051e279e6fe..000000000000
--- a/src/chrome/content/rules/CryptoVPN.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="CryptoVPN.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cryptovpn.com" />
-	<target host="my.cryptovpn.com" />
-	<target host="www.cryptovpn.com" />
-
-
-	<securecookie host="^(?:my)?\.cryptovpn\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Crypto_Design.org.xml b/src/chrome/content/rules/Crypto_Design.org.xml
deleted file mode 100644
index bb6213e672f8..000000000000
--- a/src/chrome/content/rules/Crypto_Design.org.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Fully covered hosts in *cryptodesign.org:
-
-		- (www.)?
-
--->
-<ruleset name="Crypto Design.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cryptodesign.org" />
-	<target host="www.cryptodesign.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Crypto_Santa.xyz.xml b/src/chrome/content/rules/Crypto_Santa.xyz.xml
index 9d5b5c9071d6..b6811d8eb709 100644
--- a/src/chrome/content/rules/Crypto_Santa.xyz.xml
+++ b/src/chrome/content/rules/Crypto_Santa.xyz.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.cryptosanta.xyz/ => https://www.cryptosanta.xyz/: (28, '
 		- .cryptosanta.xyz
 
 -->
-<ruleset name="Crypto Santa.xyz" default_off='failed ruleset test'>
+<ruleset name="Crypto Santa.xyz" default_off="failed ruleset test">
 
 	<target host="cryptosanta.xyz" />
 	<target host="www.cryptosanta.xyz" />
diff --git a/src/chrome/content/rules/Cryptohaze.xml b/src/chrome/content/rules/Cryptohaze.xml
index d91ee3975242..72a6105fdfd0 100644
--- a/src/chrome/content/rules/Cryptohaze.xml
+++ b/src/chrome/content/rules/Cryptohaze.xml
@@ -18,7 +18,7 @@
 	<target host="www.cryptohaze.com" />
 
 
-	<securecookie host="^(?:.+\.)?cryptohaze\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Cryptoins.com.xml b/src/chrome/content/rules/Cryptoins.com.xml
deleted file mode 100644
index 984c8ae07d97..000000000000
--- a/src/chrome/content/rules/Cryptoins.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- cryptoins.com
-		- .cryptoins.com
-
--->
-<ruleset name="Cryptoins.com">
-
-	<target host="cryptoins.com" />
-	<target host="www.cryptoins.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^cryptoins\.com$" name="^[\da-f]+" /-->
-	<!--securecookie host="^\.cryptoins\.com$" name="^(__cfduid|[\da-f]{32}|cf_clearance)$" /-->
-
-	<securecookie host="^\.?cryptoins\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cryptome.xml b/src/chrome/content/rules/Cryptome.xml
index 68f4c9bb80a3..152773c65eed 100644
--- a/src/chrome/content/rules/Cryptome.xml
+++ b/src/chrome/content/rules/Cryptome.xml
@@ -1,20 +1,13 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.cryptome.org/ => https://www.cryptome.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
+	SSL error:
+		cryptome.info
+		www.cryptome.info
 -->
-<ruleset name="Cryptome.org" default_off='failed ruleset test'>
-
-  <target host="cryptome.org" />
-  <target host="www.cryptome.org" />
-
-  <target host="cryptome.info" />
-  <target host="www.cryptome.info" />
-
-  <rule from="^http://(www\.)?cryptome\.info/"
-          to="https://cryptome.org/"/>
+<ruleset name="Cryptome.org" >
+	<target host="cryptome.org" />
+	<target host="www.cryptome.org" />
 
-  <rule from="^http:" to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cryptonit.net.xml b/src/chrome/content/rules/Cryptonit.net.xml
deleted file mode 100644
index 1624d1f1a04a..000000000000
--- a/src/chrome/content/rules/Cryptonit.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Cryptonit.net">
-
-	<target host="cryptonit.net" />
-	<target host="www.cryptonit.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?cryptonit\.net$" name="^referral_data$" /-->
-
-	<securecookie host="^(?:\.|www\.)?cryptonit\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cryptopals.com.xml b/src/chrome/content/rules/Cryptopals.com.xml
index a697b37f5408..cd5fab544219 100644
--- a/src/chrome/content/rules/Cryptopals.com.xml
+++ b/src/chrome/content/rules/Cryptopals.com.xml
@@ -7,9 +7,9 @@
 	<target host="cryptopals.com" />
 	<target host="www.cryptopals.com" />
 
-	<rule from="^http://www\.cryptopals\.com/" 
+	<rule from="^http://www\.cryptopals\.com/"
 			to="https://cryptopals.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cryptoparty.xml b/src/chrome/content/rules/Cryptoparty.xml
index 93e6f1487c87..8ce9445a48d1 100644
--- a/src/chrome/content/rules/Cryptoparty.xml
+++ b/src/chrome/content/rules/Cryptoparty.xml
@@ -1,25 +1,16 @@
+<!--
+  Refused:
+    cryptoparty.org
+-->
+
 <ruleset name="Cryptoparty">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="cryptoparty.in" />
 	<target host="www.cryptoparty.in" />
-	<target host="cryptoparty.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.cryptoparty.org" />
-
 
 	<securecookie host="^www\.cryptoparty\.in$" name=".+" />
-	<securecookie host="^cryptoparty\.org$" name=".+" />
-
-
-	<!--	- www doesn't work over https
-		- www 301s to !www over http
-						-->
-	<rule from="^http://www\.cryptoparty\.org/"
-		to="https://cryptoparty.org/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Cryptostocks.com.xml b/src/chrome/content/rules/Cryptostocks.com.xml
index 184a4628b1c5..3fde9b68cd40 100644
--- a/src/chrome/content/rules/Cryptostocks.com.xml
+++ b/src/chrome/content/rules/Cryptostocks.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.cryptostocks.com/ => https://www.cryptostocks.com/: Too
 		- .cryptostocks.com
 
 -->
-<ruleset name="Cryptostocks.com" default_off='failed ruleset test'>
+<ruleset name="Cryptostocks.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cryptsy.com.xml b/src/chrome/content/rules/Cryptsy.com.xml
index aa85c25b8c82..280601381ca6 100644
--- a/src/chrome/content/rules/Cryptsy.com.xml
+++ b/src/chrome/content/rules/Cryptsy.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.cryptsy.com/ => https://www.cryptsy.com/: (28, 'Connecti
 		- www.cryptsy.com
 
 -->
-<ruleset name="Cryptsy.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cryptsy.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Crystal_Delights.com.xml b/src/chrome/content/rules/Crystal_Delights.com.xml
index 8512c0451d33..fd5d02bcfd20 100644
--- a/src/chrome/content/rules/Crystal_Delights.com.xml
+++ b/src/chrome/content/rules/Crystal_Delights.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crystal_Singing_Bowls.xml b/src/chrome/content/rules/Crystal_Singing_Bowls.xml
index 32597b4fc964..e41c2054da38 100644
--- a/src/chrome/content/rules/Crystal_Singing_Bowls.xml
+++ b/src/chrome/content/rules/Crystal_Singing_Bowls.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Crytography.com.xml b/src/chrome/content/rules/Crytography.com.xml
index f09f00ad2dfe..874c37f5fd34 100644
--- a/src/chrome/content/rules/Crytography.com.xml
+++ b/src/chrome/content/rules/Crytography.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.cryptography.com/ => https://www.cryptography.com/: (28,
 	*  Secured by us
 
 -->
-<ruleset name="Crytography.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Crytography.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Csair.com.xml b/src/chrome/content/rules/Csair.com.xml
new file mode 100644
index 000000000000..b3171c688c8f
--- /dev/null
+++ b/src/chrome/content/rules/Csair.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Csair.com">
+	<target host="csair.com" />
+	<target host="www.csair.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Csob.sk.xml b/src/chrome/content/rules/Csob.sk.xml
index 5933a465d919..3996bd3c2219 100644
--- a/src/chrome/content/rules/Csob.sk.xml
+++ b/src/chrome/content/rules/Csob.sk.xml
@@ -1,26 +1,8 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://secure.csob.sk/ => https://secure.csob.sk/: (6, 'Could not resolve host: secure.csob.sk')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://csob.sk/ => https://www.csob.sk/: Redirect for 'https://www.csob.sk/' missing Location
-Fetch error: http://www.csob.sk/ => https://www.csob.sk/: Redirect for 'https://www.csob.sk/' missing Location
-Fetch error: http://ib24.csob.sk/ => https://ib24.csob.sk/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://bb24.csob.sk/ => https://bb24.csob.sk/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://secure.csob.sk/ => https://secure.csob.sk/: Redirect for 'https://secure.csob.sk/' missing Location
--->
-<ruleset name="Csob.sk" default_off='failed ruleset test'>
+<ruleset name="Csob.sk">
   <target host="csob.sk" />
   <target host="www.csob.sk" />
   <target host="ib24.csob.sk" />
   <target host="bb24.csob.sk" />
-  <target host="secure.csob.sk" />
-
-  <rule from="^http://(?:www\.)?csob\.sk/" to="https://www.csob.sk/" />
-
-  <rule from="^http://ib24\.csob\.sk/" to="https://ib24.csob.sk/" />
-  <rule from="^http://bb24\.csob\.sk/" to="https://bb24.csob.sk/" />
 
-  <rule from="^http://secure\.csob\.sk/" to="https://secure.csob.sk/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/CspBuilder.info.xml b/src/chrome/content/rules/CspBuilder.info.xml
index d3b1d348c5b6..ee613c2529fb 100644
--- a/src/chrome/content/rules/CspBuilder.info.xml
+++ b/src/chrome/content/rules/CspBuilder.info.xml
@@ -5,7 +5,7 @@ Fetch error: http://cspbuilder.info/ => https://cspbuilder.info/: (28, 'Connecti
 Fetch error: http://www.cspbuilder.info/ => https://www.cspbuilder.info/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="CspBuilder.info" default_off='failed ruleset test'>
+<ruleset name="CspBuilder.info" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Css3test.com.xml b/src/chrome/content/rules/Css3test.com.xml
new file mode 100644
index 000000000000..3472ce8341ff
--- /dev/null
+++ b/src/chrome/content/rules/Css3test.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		- www.css3test.com
+-->
+<ruleset name="Css3test.com">
+	<target host="css3test.com" />
+	<target host="www.css3test.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.css3test\.com/" to="https://css3test.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cstatic-images.com.xml b/src/chrome/content/rules/Cstatic-images.com.xml
deleted file mode 100644
index e1cf5b851c12..000000000000
--- a/src/chrome/content/rules/Cstatic-images.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Cars.com coverage, see Cars.com.xml.
-
-
-	^cstatic-images.com doesn't exist.
-
--->
-<ruleset name="Cstatic-images.com">
-
-	<target host="www.cstatic-images.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cstatic.net.xml b/src/chrome/content/rules/Cstatic.net.xml
index 9984ad2234f4..f61cdc841718 100644
--- a/src/chrome/content/rules/Cstatic.net.xml
+++ b/src/chrome/content/rules/Cstatic.net.xml
@@ -14,7 +14,7 @@ Fetch error: http://cdn.cstatic.net/ => https://dzbb4sjawljdv.cloudfront.net/: (
 	^cstatic.net: Refused
 
 -->
-<ruleset name="Cstatic.net" default_off='failed ruleset test'>
+<ruleset name="Cstatic.net" default_off="failed ruleset test">
 
 	<target host="cdn.cstatic.net" />
 
diff --git a/src/chrome/content/rules/Ctrl_Alt_Del.xml b/src/chrome/content/rules/Ctrl_Alt_Del.xml
deleted file mode 100644
index 68e013ba51ba..000000000000
--- a/src/chrome/content/rules/Ctrl_Alt_Del.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/cdn.cad-comic.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(prints "The page you are looking for is temporarily unavailable.", CN: ne-r004-060cl)
-
--->
-<ruleset name="Ctrl+Alt+Del">
-
-	<target host="*.cad-comic.com" />
-		<!--
-			Points to s3.../$ for images:
-							-->
-		<exclusion pattern="^http://v\.cdn\.cad-comic\.com/css-\d+\.css" />
-
-
-	<rule from="^http://(?:v\.)?cdn\.cad-comic\.com/"
-		to="https://s3.amazonaws.com/cdn.cad-comic.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CtsCDN.com.xml b/src/chrome/content/rules/CtsCDN.com.xml
deleted file mode 100644
index 8357ed84c2e6..000000000000
--- a/src/chrome/content/rules/CtsCDN.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="CtsCDN.com (partial)">
-
-	<target host="jscsecmat.ctscdn.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ctt.org.xml b/src/chrome/content/rules/Ctt.org.xml
index 52adc770f322..89393130dfe6 100644
--- a/src/chrome/content/rules/Ctt.org.xml
+++ b/src/chrome/content/rules/Ctt.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.ctt.org/ => https://www.ctt.org/: (28, 'Connection timed
 	^: cert only matches www
 
 -->
-<ruleset name="ctt.org" default_off='failed ruleset test'>
+<ruleset name="ctt.org" default_off="failed ruleset test">
 
 	<target host="ctt.org" />
 	<target host="www.ctt.org" />
diff --git a/src/chrome/content/rules/Cubana.cu.xml b/src/chrome/content/rules/Cubana.cu.xml
new file mode 100644
index 000000000000..5cebbf51cbb1
--- /dev/null
+++ b/src/chrome/content/rules/Cubana.cu.xml
@@ -0,0 +1,12 @@
+<!--
+	Expired:
+		- desarrollo
+-->
+<ruleset name="Cubana.cu">
+	<target host="cubana.cu" />
+	<target host="www.cubana.cu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cubics.xml b/src/chrome/content/rules/Cubics.xml
index c923f6b41a52..5044ab06307c 100644
--- a/src/chrome/content/rules/Cubics.xml
+++ b/src/chrome/content/rules/Cubics.xml
@@ -15,23 +15,21 @@ Fetch error: http://cubics.com/ => https://cubplat.bidsystem.com/signup/: (60, '
 		- (www.)cubics.com	(mismatched, CN: *.bidsystem.com)
 
 -->
-<ruleset name="Cubics" default_off='failed ruleset test'>
+<ruleset name="Cubics" default_off="failed ruleset test">
 
 	<target host="cubplat.bidsystem.com" />
 	<target host="cubics.com" />
-	<target host="*.cubics.com" />
+	<target host="www.cubics.com" />
+	<target host="icons.cubics.com" />
 
 
 	<securecookie host="^cubplat\.bidsystem\.com$" name=".+" />
 
 
-	<rule from="^http://cubplat\.bidsystem\.com/"
-		to="https://cubplat.bidsystem.com/" />
 
 	<rule from="^http://(?:www\.)?cubics\.com/"
 		to="https://cubplat.bidsystem.com/signup/" />
 
-	<rule from="^http://icons\.cubics\.com/"
-		to="https://icons.cubics.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cubify.com.xml b/src/chrome/content/rules/Cubify.com.xml
new file mode 100644
index 000000000000..952df83d0b54
--- /dev/null
+++ b/src/chrome/content/rules/Cubify.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Cubify.com">
+
+	<target host="cubify.com" />
+	<target host="www.cubify.com" />
+	<target host="admin.cubify.com" />
+	<target host="bo.cubify.com" />
+	<target host="file.cubify.com" />
+	<target host="prod.cubify.com" />
+	<target host="staging.cubify.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Cubify.xml b/src/chrome/content/rules/Cubify.xml
deleted file mode 100644
index db1aa1689ee3..000000000000
--- a/src/chrome/content/rules/Cubify.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	cubify.blob.core.windows.net
-
--->
-<ruleset name="Cubify" default_off="JS redirect to http">
-
-	<target host="cubify.com" />
-	<target host="www.cubify.com" />
-
-
-	<securecookie host="^cubify\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cucumber.io.xml b/src/chrome/content/rules/Cucumber.io.xml
new file mode 100644
index 000000000000..15b54cd1697a
--- /dev/null
+++ b/src/chrome/content/rules/Cucumber.io.xml
@@ -0,0 +1,26 @@
+<!--
+  h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+  Host Unresolved:
+   - shouty.cucumber.io
+   - clinic
+
+  Outdated SSL version
+    - handbook (m)
+ -->
+
+<ruleset name="Cucumber.io">
+
+	<target host="cucumber.io" />
+	<target host="aruba.cucumber.io" />
+	<target host="cukenfest.cucumber.io" />
+	<target host="docs.cucumber.io" />
+	<target host="thoughts.cucumber.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/CufonFonts.com.xml b/src/chrome/content/rules/CufonFonts.com.xml
new file mode 100644
index 000000000000..cde81b75d3bc
--- /dev/null
+++ b/src/chrome/content/rules/CufonFonts.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="CufonFonts.com">
+	<target host="cufonfonts.com" />
+	<target host="www.cufonfonts.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cupid.xml b/src/chrome/content/rules/Cupid.xml
index a1cddc987503..a327bf1bf968 100644
--- a/src/chrome/content/rules/Cupid.xml
+++ b/src/chrome/content/rules/Cupid.xml
@@ -44,7 +44,9 @@
 <ruleset name="Cupid (partial)">
 
 	<target host="cupid.com"/>
-	<target host="*.cupid.com"/>
+	<target host="cdn.cupid.com" />
+	<target host="ed.cupid.com" />
+	<target host="www.cupid.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Cupid_plc.com.xml b/src/chrome/content/rules/Cupid_plc.com.xml
deleted file mode 100644
index 1a94641e7a7f..000000000000
--- a/src/chrome/content/rules/Cupid_plc.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Other Cupid plc rulesets:
-
-		- BeCoquin.com.xml
-		- BeNaughty.com.xml
-		- Cupid.xml
-		- Cupid_plc_CDN.xml
-
-
-	Fully covered subdomains:
-
-		- aff
-		- affiliates
-		- stat.ed
-		- stat
-		- stat.to
-		- cdn.stat.to
-		- whitelabeldating
-
--->
-<ruleset name="Cupid plc.com (partial)">
-
-	<target host="*.cupidplc.com" />
-
-
-	<securecookie host="^(?:aff|stat\.to|whitelabeldating)\.cupidplc\.com$" name=".+" />
-
-
-	<rule from="^http://(aff|affiliates|stat\.ed|stat|(?:cdn\.)?stat\.to|whitelabeldating)\.cupidplc\.com/"
-		to="https://$1.cupidplc.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cupid_plc_CDN.xml b/src/chrome/content/rules/Cupid_plc_CDN.xml
index e4487a56f20e..38b52d041c5a 100644
--- a/src/chrome/content/rules/Cupid_plc_CDN.xml
+++ b/src/chrome/content/rules/Cupid_plc_CDN.xml
@@ -44,7 +44,7 @@ Fetch error: http://cdn.statimgs2.com/ => https://cdn.static2img.com/: (51, "SSL
 	Used on multiple Cupid plc sites.
 
 -->
-<ruleset name="Cupid plc CDN" default_off='failed ruleset test'>
+<ruleset name="Cupid plc CDN" default_off="failed ruleset test">
 
 	<target host="cdn.cdtoimge.com" />
 	<target host="cdn.imgstat.com" />
diff --git a/src/chrome/content/rules/Curbed.cc.xml b/src/chrome/content/rules/Curbed.cc.xml
index 217f308c24e1..810d03e51da7 100644
--- a/src/chrome/content/rules/Curbed.cc.xml
+++ b/src/chrome/content/rules/Curbed.cc.xml
@@ -6,7 +6,7 @@ Fetch error: http://f.curbed.cc/ => https://f.curbed.cc/: (28, 'Connection timed
 	For other Vox Media coverage, see Vox.com.xml.
 
 -->
-<ruleset name="Curbed.cc" default_off='failed ruleset test'>
+<ruleset name="Curbed.cc" default_off="failed ruleset test">
 
 	<target host="f.curbed.cc" />
 
diff --git a/src/chrome/content/rules/CureSec.com.xml b/src/chrome/content/rules/CureSec.com.xml
index da907ee11830..37a5087f4bd1 100644
--- a/src/chrome/content/rules/CureSec.com.xml
+++ b/src/chrome/content/rules/CureSec.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://curesec.com/ => https://curesec.com/: (60, 'SSL certificate
 	* Mismatched
 
 -->
-<ruleset name="CureSec.com (partial)" default_off='failed ruleset test'>
+<ruleset name="CureSec.com (partial)" default_off="failed ruleset test">
 
 	<target host="curesec.com" />
 	<target host="www.curesec.com" />
diff --git a/src/chrome/content/rules/CurrencyFair.com.xml b/src/chrome/content/rules/CurrencyFair.com.xml
new file mode 100644
index 000000000000..95f3c44d5c43
--- /dev/null
+++ b/src/chrome/content/rules/CurrencyFair.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- b10	(t)
+		- b2	(t)
+		- b4	(t)
+		- b5	(t)
+		- b6	(t)
+		- brand.internal	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="CurrencyFair.com">
+
+	<target host="currencyfair.com" />
+	<target host="www.currencyfair.com" />
+	<target host="api.currencyfair.com" />
+	<target host="app.currencyfair.com" />
+	<target host="assets.currencyfair.com" />
+	<target host="b1.currencyfair.com" />
+	<target host="cfex01.currencyfair.com" />
+	<target host="mail.currencyfair.com" />
+	<target host="rate-alert.currencyfair.com" />
+	<target host="tech.currencyfair.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Currys.co.uk.xml b/src/chrome/content/rules/Currys.co.uk.xml
deleted file mode 100644
index 5f73f97cbc93..000000000000
--- a/src/chrome/content/rules/Currys.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Currys.co.uk (partial)">
-
-	<target host="secure.currys.co.uk" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Curso_de_Italiano.xml b/src/chrome/content/rules/Curso_de_Italiano.xml
index ad87f1b1a2b8..b7fa155fa451 100644
--- a/src/chrome/content/rules/Curso_de_Italiano.xml
+++ b/src/chrome/content/rules/Curso_de_Italiano.xml
@@ -1,7 +1,7 @@
 <ruleset name="Curso de Italiano">
 
 	<target host="marconisida.com" />
-	<target host="*.marconisida.com" />
+	<target host="www.marconisida.com" />
 
 
 	<securecookie host="^\.marconisida\.com$" name=".+" />
diff --git a/src/chrome/content/rules/CustomWheelConnection.com.xml b/src/chrome/content/rules/CustomWheelConnection.com.xml
index 4ab02f73e63d..d7b4f0c64a52 100644
--- a/src/chrome/content/rules/CustomWheelConnection.com.xml
+++ b/src/chrome/content/rules/CustomWheelConnection.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?customwheelconnection\.com/(favicon\.ico|Portals/|scripts/|[sS]how(?:Category|Product)Image\.aspx)"
 		to="https://$1customwheelconnection.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Customer-Lobby.xml b/src/chrome/content/rules/Customer-Lobby.xml
index 707202c2b98f..bf01e6494e94 100644
--- a/src/chrome/content/rules/Customer-Lobby.xml
+++ b/src/chrome/content/rules/Customer-Lobby.xml
@@ -6,9 +6,9 @@
 	<target host="customerlobby.com" />
 	<target host="www.customerlobby.com" />
 	<!--	* for cross-domain cookie	-->
-	
 
-	<securecookie host="^(?:.*\.)?customerlobby\.com$" name=".+" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Customer.io.xml b/src/chrome/content/rules/Customer.io.xml
index f77e44604aaf..7f4b3bb5359b 100644
--- a/src/chrome/content/rules/Customer.io.xml
+++ b/src/chrome/content/rules/Customer.io.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Customersaas.com.xml b/src/chrome/content/rules/Customersaas.com.xml
index 44b80e8d0496..b8bb88286fb4 100644
--- a/src/chrome/content/rules/Customersaas.com.xml
+++ b/src/chrome/content/rules/Customersaas.com.xml
@@ -14,13 +14,10 @@
 -->
 <ruleset name="customersaas.com">
 
-	<target host="*.customersaas.com" />
+	<target host="imageservice.customersaas.com" />
+	<target host="static1.customersaas.com" />
 
 
-	<rule from="^http://imageservice\.customersaas\.com/"
-		to="https://d35v9wsdymy32b.cloudfront.net/" />
-
-	<rule from="^http://static1\.customersaas\.com/"
-		to="https://d1wawgqwk8hdm1.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Customersvc.com.xml b/src/chrome/content/rules/Customersvc.com.xml
deleted file mode 100644
index c90fb59771e4..000000000000
--- a/src/chrome/content/rules/Customersvc.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Time Inc coverage, see Time_Inc.xml.
-
-
-	(www.) doesn't exist.
-
-
-	These altnames don't exist:
-
-		- www.chat1.customersvc.com
-
--->
-<ruleset name="customersvc.com">
-
-	<target host="chat1.customersvc.com" />
-	<target host="secure.customersvc.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^secure\.customersvc\.com$" name="^BIGipServersecure_http$" /-->
-
-	<securecookie host="^secure\.customersvc\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Custy.com.xml b/src/chrome/content/rules/Custy.com.xml
new file mode 100644
index 000000000000..918d7d4e7b32
--- /dev/null
+++ b/src/chrome/content/rules/Custy.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Chain issue, missing intermediate:
+		- www.custy.com
+
+	Invalid certificate:
+		- custy.com, equivalent to www.custy.com
+-->
+
+<ruleset name="Custy.com">
+	<target host="mailex.custy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/CuteDigi.xml b/src/chrome/content/rules/CuteDigi.xml
index 207c0d04f4c2..3d5c5f2de77a 100644
--- a/src/chrome/content/rules/CuteDigi.xml
+++ b/src/chrome/content/rules/CuteDigi.xml
@@ -5,7 +5,7 @@ Fetch error: http://cutedigi.com/ => https://cutedigi.com/: (60, 'SSL certificat
 Fetch error: http://www.cutedigi.com/ => https://www.cutedigi.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="CuteDigi" default_off='failed ruleset test'>
+<ruleset name="CuteDigi" default_off="failed ruleset test">
 
 	<target host="cutedigi.com" />
 	<target host="www.cutedigi.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.cutedigi.com/ => https://www.cutedigi.com/: (60, 'SSL ce
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cuusoo.xml b/src/chrome/content/rules/Cuusoo.xml
index 51f817d0fefe..8f03b5afd55d 100644
--- a/src/chrome/content/rules/Cuusoo.xml
+++ b/src/chrome/content/rules/Cuusoo.xml
@@ -19,7 +19,7 @@ Non-2xx HTTP code: http://www.cuusoo.com/ (200) => https://www.cuusoo.com/ (404)
 		-      lego.cuusoo.com  (expired; empty page, but https working)
 
 -->
-<ruleset name="Cuusoo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Cuusoo.com (partial)" default_off="failed ruleset test">
 	<target host=     "cuusoo.com" />
 	<!--target host="lego.cuusoo.com" /-->
 	<target host= "www.cuusoo.com" />
diff --git a/src/chrome/content/rules/Cvent.com.xml b/src/chrome/content/rules/Cvent.com.xml
index c38994261679..9187ef261455 100644
--- a/src/chrome/content/rules/Cvent.com.xml
+++ b/src/chrome/content/rules/Cvent.com.xml
@@ -21,7 +21,7 @@
 	<target host="shworldwide.cvent.com" />
 	<target host="ssc.cvent.com" />
 	<target host="guest.cvent.com" />
-	
+
 	<!-- Fix #4520 -->
 	<exclusion pattern="^http://www\.cvent\.com/events/.*/(?!registration-)" />
 
diff --git a/src/chrome/content/rules/Cxcloud.com.xml b/src/chrome/content/rules/Cxcloud.com.xml
index c433beb32114..f90e6b78c6b8 100644
--- a/src/chrome/content/rules/Cxcloud.com.xml
+++ b/src/chrome/content/rules/Cxcloud.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.cxcloud.com/ => https://www.cxcloud.com/: (56, 'Recv fai
 	For other Checkmarx coverage, see Checkmarx.com.xml.
 
 -->
-<ruleset name="Cxcloud.com" default_off='failed ruleset test'>
+<ruleset name="Cxcloud.com" default_off="failed ruleset test">
 
 	<target host="cxcloud.com" />
 	<target host="www.cxcloud.com" />
diff --git a/src/chrome/content/rules/Cxt.ms.xml b/src/chrome/content/rules/Cxt.ms.xml
deleted file mode 100644
index 9e72e1cd24d7..000000000000
--- a/src/chrome/content/rules/Cxt.ms.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3j09g9h9lgmkt.cloudfront.net
-
-			- s
-
--->
-<ruleset name="Cxt.ms">
-
-	<target host="*.cxt.ms" />
-
-
-	<rule from="^http://s\.cxt\.ms/"
-		to="https://d3j09g9h9lgmkt.cloudfront.net/" />
-
-	<rule from="^http://t\.cxt\.ms/"
-		to="https://t.cxt.ms/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/CyberAces.xml b/src/chrome/content/rules/CyberAces.xml
index c87fa41fe4f7..037d4b29ac66 100644
--- a/src/chrome/content/rules/CyberAces.xml
+++ b/src/chrome/content/rules/CyberAces.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://online.cyberaces.org/ => https://www.online.cyberaces.org/: (6, 'Could not resolve host: www.online.cyberaces.org')
 Fetch error: http://www.online.cyberaces.org/ => https://www.online.cyberaces.org/: (6, 'Could not resolve host: www.online.cyberaces.org')
 -->
-<ruleset name="CyberAces (partial)" default_off='failed ruleset test'>
+<ruleset name="CyberAces (partial)" default_off="failed ruleset test">
   <target host="online.cyberaces.org" />
   <target host="cyberaces.org" />
   <target host="www.online.cyberaces.org" />
diff --git a/src/chrome/content/rules/CyberGhost.xml b/src/chrome/content/rules/CyberGhost.xml
index 2c7803d4c0a9..9f59bea6af07 100644
--- a/src/chrome/content/rules/CyberGhost.xml
+++ b/src/chrome/content/rules/CyberGhost.xml
@@ -6,7 +6,7 @@
 	<!--	encountered:
 			- cyberghostvpn.com
 			- blog.cyberghostvpn.com	-->
-	<securecookie host="^(?:.*\.)?cyberghostvpn\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	known matches:
 			- blog
diff --git a/src/chrome/content/rules/CyberPhoto-AB.xml b/src/chrome/content/rules/CyberPhoto-AB.xml
index 35be24d61069..850df99bcbc1 100644
--- a/src/chrome/content/rules/CyberPhoto-AB.xml
+++ b/src/chrome/content/rules/CyberPhoto-AB.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cyberphoto.fi/ => https://www.cyberphoto.fi/: (6, 'Could not resolve host: www.cyberphoto.fi')
 
 -->
-<ruleset name="CyberPhoto AB" default_off='failed ruleset test'>
+<ruleset name="CyberPhoto AB" default_off="failed ruleset test">
 	<target host="cyberphoto.fi"/>
-	<target host="*.cyberphoto.fi"/>
+	<target host="www.cyberphoto.fi" />
 	<target host="cyberphoto.se"/>
-	<target host="*.cyberphoto.se"/>
+	<target host="www.cyberphoto.se" />
 
 	<securecookie host="^(?:www)?\.cyberphoto\.(?:fi|se)$" name="^(?:PHPSESSID|kundvagn)$" />
 
diff --git a/src/chrome/content/rules/Cybercon.xml b/src/chrome/content/rules/Cybercon.xml
index 52ce046ad91b..6e0084d838f5 100644
--- a/src/chrome/content/rules/Cybercon.xml
+++ b/src/chrome/content/rules/Cybercon.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cyberleninka.ru.xml b/src/chrome/content/rules/Cyberleninka.ru.xml
index a8b9ce8adcf3..8d505ab35a62 100644
--- a/src/chrome/content/rules/Cyberleninka.ru.xml
+++ b/src/chrome/content/rules/Cyberleninka.ru.xml
@@ -5,6 +5,6 @@
 
 	<rule from="^http://www\.cyberleninka\.ru/"
 		to="https://cyberleninka.ru/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Cyberplat.ru.xml b/src/chrome/content/rules/Cyberplat.ru.xml
index 0d7c10170cc7..b9c9fcc22d00 100644
--- a/src/chrome/content/rules/Cyberplat.ru.xml
+++ b/src/chrome/content/rules/Cyberplat.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://info.cyberplat.ru/ => https://info.cyberplat.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 kz. mismatch
 card. mixed content-->
-<ruleset name="Cyberplat.ru" default_off='failed ruleset test'>
+<ruleset name="Cyberplat.ru" default_off="failed ruleset test">
 	<target host="cyberplat.ru" />
 	<target host="www.cyberplat.ru" />
 	<target host="info.cyberplat.ru" />
diff --git a/src/chrome/content/rules/Cyberstreetwise.xml b/src/chrome/content/rules/Cyberstreetwise.xml
index fd714f23f28c..a2b840bf7780 100644
--- a/src/chrome/content/rules/Cyberstreetwise.xml
+++ b/src/chrome/content/rules/Cyberstreetwise.xml
@@ -6,7 +6,7 @@
     <target host="cyberstreetwise.com" />
     <target host="*.cyberstreetwise.com" />
 
-    <securecookie host="^(?:.*\.)?cyberstreetwise\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://cyberstreetwise\.com/"
         to="https://www.cyberstreetwise.com/" />
diff --git a/src/chrome/content/rules/Cyberus-Technology.de.xml b/src/chrome/content/rules/Cyberus-Technology.de.xml
new file mode 100644
index 000000000000..ad30afc3671a
--- /dev/null
+++ b/src/chrome/content/rules/Cyberus-Technology.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Cyberus-Technology.de">
+	<target host="cyberus-technology.de" />
+	<target host="www.cyberus-technology.de" />
+	<target host="blog.cyberus-technology.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cygwin.com.xml b/src/chrome/content/rules/Cygwin.com.xml
index dc0fc26a2c8f..1c57d813edd0 100644
--- a/src/chrome/content/rules/Cygwin.com.xml
+++ b/src/chrome/content/rules/Cygwin.com.xml
@@ -1,21 +1,17 @@
 <!--
 	For other Red Hat coverage, see Red_Hat.xml.
-
-
-	x: mismatched
-
 -->
 <ruleset name="Cygwin.com (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="cygwin.com" />
 	<target host="www.cygwin.com" />
-
-		<!--exclusion pattern="^http://x\.cygwin\.com/" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
+	<target host="ftp.cygwin.com" />
+	<target host="x.cygwin.com" />
+	<target host="xfree.cygwin.com" />
+	<target host="www.xfree.cygwin.com" />
+	<target host="xfree86.cygwin.com" />
+	<target host="www.xfree86.cygwin.com" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Cykloserver.cz.xml b/src/chrome/content/rules/Cykloserver.cz.xml
new file mode 100644
index 000000000000..592761183b7d
--- /dev/null
+++ b/src/chrome/content/rules/Cykloserver.cz.xml
@@ -0,0 +1,13 @@
+<!--
+	certificate mismatch:
+		cykloserver.cz
+-->
+<ruleset name="Cykloserver.cz">
+	<target host="cykloserver.cz" />
+	<target host="www.cykloserver.cz" />
+
+	<rule from="^http://cykloserver\.cz/"
+		to="https://www.cykloserver.cz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Cyngn.com.xml b/src/chrome/content/rules/Cyngn.com.xml
index f5fca925c029..f9a821708fc8 100644
--- a/src/chrome/content/rules/Cyngn.com.xml
+++ b/src/chrome/content/rules/Cyngn.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://builds.cyngn.com/ => https://d199yez36w5w8l.cloudfront.net/:
 		- builds	(→ d199yez36w5w8l.cloudfront.net)
 
 -->
-<ruleset name="Cyngn.com" default_off='failed ruleset test'>
+<ruleset name="Cyngn.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Cyphar.com.xml b/src/chrome/content/rules/Cyphar.com.xml
deleted file mode 100644
index bc97570639b4..000000000000
--- a/src/chrome/content/rules/Cyphar.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .cyphar.com
-
--->
-<ruleset name="Cyphar.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cyphar.com" />
-	<target host="www.cyphar.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.cyphar\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.cyphar\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Cyphertite.com.xml b/src/chrome/content/rules/Cyphertite.com.xml
index 594fab680294..3fd210089743 100644
--- a/src/chrome/content/rules/Cyphertite.com.xml
+++ b/src/chrome/content/rules/Cyphertite.com.xml
@@ -14,14 +14,14 @@ Fetch error: http://www.cyphertite.com/ => https://www.cyphertite.com/: (6, 'Cou
 		- blog
 
 -->
-<ruleset name="Cyphertite.com" default_off='failed ruleset test'>
+<ruleset name="Cyphertite.com" default_off="failed ruleset test">
 
 	<target host="cyphertite.com" />
 	<target host="blog.cyphertite.com" />
 	<target host="www.cyphertite.com" />
 
 
-	<securecookie host="^(?:.*\.)?cyphertite\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Cyprus_Satellite.xml b/src/chrome/content/rules/Cyprus_Satellite.xml
index d69a8c3b65f4..d124d1be4ca9 100644
--- a/src/chrome/content/rules/Cyprus_Satellite.xml
+++ b/src/chrome/content/rules/Cyprus_Satellite.xml
@@ -10,7 +10,7 @@ Fetch error: http://forums.satellitecyprus.com/ => https://forums.satellitecypru
 		- (www.)	(shows default H-Sphere page; mismatched, CN: *.hostica.com)
 
 -->
-<ruleset name="Cyprus Satellite (partial)" default_off='failed ruleset test'>
+<ruleset name="Cyprus Satellite (partial)" default_off="failed ruleset test">
 
 	<target host="forums.satellitecyprus.com" />
 
@@ -20,4 +20,4 @@ Fetch error: http://forums.satellitecyprus.com/ => https://forums.satellitecypru
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Cyscon.net.xml b/src/chrome/content/rules/Cyscon.net.xml
index 7f12d80eabd4..b849c7077233 100644
--- a/src/chrome/content/rules/Cyscon.net.xml
+++ b/src/chrome/content/rules/Cyscon.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://stats.cyscon.net/ => https://stats.cyscon.net/: (6, 'Could n
 	(www.): dropped
 
 -->
-<ruleset name="cyscon.net (partial)" default_off='failed ruleset test'>
+<ruleset name="cyscon.net (partial)" default_off="failed ruleset test">
 
 	<target host="stats.cyscon.net" />
 
diff --git a/src/chrome/content/rules/Cysec_Labs.com.xml b/src/chrome/content/rules/Cysec_Labs.com.xml
index 66bf2062d1d9..08a9511ed620 100644
--- a/src/chrome/content/rules/Cysec_Labs.com.xml
+++ b/src/chrome/content/rules/Cysec_Labs.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://cyseclabs.com/ => https://cyseclabs.com/: (60, 'SSL certific
 Fetch error: http://www.cyseclabs.com/ => https://www.cyseclabs.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Cysec Labs.com" default_off='failed ruleset test'>
+<ruleset name="Cysec Labs.com" default_off="failed ruleset test">
 
 	<target host="cyseclabs.com" />
 	<target host="www.cyseclabs.com" />
diff --git a/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml b/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml
index 5ac0abad1066..2a6738c9956b 100644
--- a/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml
+++ b/src/chrome/content/rules/Czech-Technical-University-in-Prague.xml
@@ -5,7 +5,11 @@ Fetch error: http://cvut.cz/ => https://www.cvut.cz/: (60, 'SSL certificate prob
 <ruleset name="Czech Technical University in Prague" platform="mixedcontent">
 
 	<target host="cvut.cz" />
-	<target host="*.cvut.cz" />
+	<target host="www.cvut.cz" />
+	<target host="akce.cvut.cz" />
+	<target host="helpdesk.cvut.cz" />
+	<target host="jira.cvut.cz" />
+	<target host="usermap.cvut.cz" />
 
 
 	<!--	Observed cookie domains:
@@ -23,7 +27,6 @@ Fetch error: http://cvut.cz/ => https://www.cvut.cz/: (60, 'SSL certificate prob
 	<rule from="^http://(?:www\.)?cvut\.cz/"
 		to="https://www.cvut.cz/" />
 
-	<rule from="^http://(akce|helpdesk|jira|usermap)\.cvut\.cz/"
-		to="https://$1.cvut.cz/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/D.me.xml b/src/chrome/content/rules/D.me.xml
index 67195ebecb6c..01ea055aede6 100644
--- a/src/chrome/content/rules/D.me.xml
+++ b/src/chrome/content/rules/D.me.xml
@@ -16,7 +16,7 @@ Fetch error: http://d.me/ => https://delicious.com/: (6, 'Could not resolve host
 		- d.me		(→ delicious.com)
 
 -->
-<ruleset name="D.me" default_off='failed ruleset test'>
+<ruleset name="D.me" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/D2jsp.org.xml b/src/chrome/content/rules/D2jsp.org.xml
index 8b3e2dceb315..a868fdfb1941 100644
--- a/src/chrome/content/rules/D2jsp.org.xml
+++ b/src/chrome/content/rules/D2jsp.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://d2jsp.com/ => https://d2jsp.com/: Too many redirects while f
 Fetch error: http://www.d2jsp.com/ => https://www.d2jsp.com/: Too many redirects while fetching 'https://www.d2jsp.com/'
 
 -->
-<ruleset name="D2jsp.org" default_off='failed ruleset test'>
+<ruleset name="D2jsp.org" default_off="failed ruleset test">
 	<target host="d2jsp.org" />
 	<target host="www.d2jsp.org" />
 	<target host="d2jsp.com" />
diff --git a/src/chrome/content/rules/D3.ru.xml b/src/chrome/content/rules/D3.ru.xml
index ae920ef1ac2b..f1769e727e47 100644
--- a/src/chrome/content/rules/D3.ru.xml
+++ b/src/chrome/content/rules/D3.ru.xml
@@ -1,7 +1,6 @@
 <!--
 	Other d3 rulesets:
 
-		- Std3.ru.xml
 
 
 	Observed working hosts in *d3.ru:
diff --git a/src/chrome/content/rules/D4design_Studios.com.xml b/src/chrome/content/rules/D4design_Studios.com.xml
index 0b3bd449033e..a0ddc7669c59 100644
--- a/src/chrome/content/rules/D4design_Studios.com.xml
+++ b/src/chrome/content/rules/D4design_Studios.com.xml
@@ -14,7 +14,7 @@
 <ruleset name="D4design Studios.com (false MCB)" platform="mixedcontent">
 
 	<target host="d4designstudios.com" />
-	<target host="*.d4designstudios.com" />
+	<target host="www.d4designstudios.com" />
 
 
 	<securecookie host="^(?:www)?\.d4designstudios\.com$" name=".+" />
diff --git a/src/chrome/content/rules/DAConsortium.xml b/src/chrome/content/rules/DAConsortium.xml
index 6b852060ad69..152781e22455 100644
--- a/src/chrome/content/rules/DAConsortium.xml
+++ b/src/chrome/content/rules/DAConsortium.xml
@@ -24,4 +24,4 @@
 					-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DANTE.net.xml b/src/chrome/content/rules/DANTE.net.xml
deleted file mode 100644
index abff230ce7e1..000000000000
--- a/src/chrome/content/rules/DANTE.net.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	Other DANTE rulesets:
-
-		- GEANT.net.xml
-
-
-	Fully covered subdomains:
-
-		- weblogin
-
-
-	Partially covered subdomains:
-
-		- news *
-		- www *
-
-	* Some paths redirect to weblogin2.geant.net
-
--->
-<ruleset name="DANTE.net (partial)">
-
-	<target host="news.dante.net" />
-	<target host="weblogin.dante.net" />
-	<target host="www.dante.net" />
-		<!--
-			These paths redirect to weblogin2.geant.net:
-									-->
-		<!--exclusion pattern="^http://news\.dante\.net/+($|\?)" /-->
-		<!--exclusion pattern="^http://www\.dante\.net/+Documents/" /-->
-		<!--
-			400:
-				-->
-		<!--exclusion pattern="^http://news\.dante\.net/_vti_bin/" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://news\.dante\.net/+(?!_layouts/|SiteCollectionImages/)" />
-		<exclusion pattern="^http://www\.dante\.net/+(?!_catalogs/|_layouts/|_login/|_trust/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DATACM.com.xml b/src/chrome/content/rules/DATACM.com.xml
new file mode 100644
index 000000000000..f6d4932223e8
--- /dev/null
+++ b/src/chrome/content/rules/DATACM.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Connection refused:
+		- datacm.com, equivalent to www.datacm.com
+
+	Connection reset:
+		- www2.datacm.com
+
+	Wrong server:
+		- dol.datacm.com
+-->
+
+<ruleset name="DATACM.com">
+	<target host="datacm.com" />
+	<target host="www.datacm.com" />
+	<target host="secure10.datacm.com" />
+	<target host="transfer.datacm.com" />
+
+	<rule from="^http://datacm\.com/"
+		to="https://www.datacm.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DBA.dk.xml b/src/chrome/content/rules/DBA.dk.xml
new file mode 100644
index 000000000000..e30268eca9a5
--- /dev/null
+++ b/src/chrome/content/rules/DBA.dk.xml
@@ -0,0 +1,42 @@
+<!--
+	Non-functional subdomains:
+
+		- admanageradmin	(t)
+		- autodiscover	(r)
+		- support	(i)
+		- tsgw	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard DNS
+-->
+<ruleset name="DBA.dk">
+
+	<target host="dba.dk" />
+	<target host="www.dba.dk" />
+	<target host="admanager.dba.dk" />
+	<target host="api.dba.dk" />
+	<target host="blog.dba.dk" />
+	<target host="casapi.dba.dk" />
+	<target host="guide.dba.dk" />
+	<target host="gw.dba.dk" />
+	<target host="info.dba.dk" />
+	<target host="kampagne.dba.dk" />
+	<target host="listingconsole-backend.dba.dk" />
+	<target host="login.dba.dk" />
+	<target host="m.dba.dk" />
+	<target host="search.dba.dk" />
+	<target host="sikkerhed.dba.dk" />
+	<target host="umbracoadmin.dba.dk" />
+	<target host="umbracoadmin-guide.dba.dk" />
+	<target host="umbracoadmin-sikkerhed.dba.dk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DBS.xml b/src/chrome/content/rules/DBS.xml
index 7ff4c26d17f9..071831e1088e 100644
--- a/src/chrome/content/rules/DBS.xml
+++ b/src/chrome/content/rules/DBS.xml
@@ -1,35 +1,35 @@
 <ruleset name="DBS">
-	
+
 <!-- Global -->
 	<target host="www.dbs.com" />
 	<target host="dbs.com" />
 	<target host="rewards.dbs.com" />
 	<target host="careers.dbs.com" />
-	
+
 <!-- China -->
 	<target host="www.dbs.com.cn" />
 	<target host="dbs.com.cn" />
-	
+
 <!-- Hong Kong -->
 	<target host="www.dbs.com.hk" />
 	<target host="dbs.com.hk" />
 	<target host="cards.dbs.com.hk" />
-	
+
 <!-- Singapore -->
 	<target host="www.dbs.com.sg" />
 	<target host="dbs.com.sg" />
 	<target host="internet-banking.dbs.com.sg" />
-	
+
 <!-- Taiwan -->
 	<target host="www.dbs.com.tw" />
 	<target host="dbs.com.tw" />
 	<target host="internet-banking.dbs.com.tw" />
-	
-	
+
+
 	<rule from="^http://(?:www\.)?dbs\.([^/:@]+)/"
 	to="https://www.dbs.$1/" />
-	
+
 	<rule from="^http:"
 	to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/DBforums.xml b/src/chrome/content/rules/DBforums.xml
index 81b8d602d8a4..4f89fa66b763 100644
--- a/src/chrome/content/rules/DBforums.xml
+++ b/src/chrome/content/rules/DBforums.xml
@@ -18,7 +18,7 @@
 	* Secured by us
 
 -->
-<ruleset name="dBforums.com" default_off="missing certificate chain" platform="mixedcontent">
+<ruleset name="dBforums.com" default_off="cert-chain" platform="mixedcontent">
 
 	<target host="dbforums.com" />
 	<target host="www.dbforums.com" />
diff --git a/src/chrome/content/rules/DCBoEE.org.xml b/src/chrome/content/rules/DCBoEE.org.xml
deleted file mode 100644
index e5a5723caefd..000000000000
--- a/src/chrome/content/rules/DCBoEE.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="DCBoEE.org">
-
-	<target host="dcboee.org" />
-	<target host="www.dcboee.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DC_Comics.com.xml b/src/chrome/content/rules/DC_Comics.com.xml
index b0f3d34e2c97..fb789797ace4 100644
--- a/src/chrome/content/rules/DC_Comics.com.xml
+++ b/src/chrome/content/rules/DC_Comics.com.xml
@@ -1,16 +1,36 @@
 <!--
-	- Expired 2010-09-02
-	- CN: *.acquia-sites.com
-	- ^dccomics.com: dropped
+	Non-functional hosts
+		Couldn't connect to server:
+		- media.dccomics.com
 
--->
-<ruleset name="DC Comics.com" default_off="expired, mismatched, self-signed">
+		Timeout was reached:
+		- assets.dccomics.com
 
+		SSL peer certificate was not OK:
+		- dccomics.com
+		- batmanvsuperman.dccomics.com
+		- dcu.blog.dccomics.com
+		- mad.blog.dccomics.com
+		- vertigo.blog.dccomics.com
+		- wildstorm.blog.dccomics.com
+		- zuda.blog.dccomics.com
+		- dcublog.dccomics.com
+		- experienceatlantis.dccomics.com
+		- jointheleague.dccomics.com
+		- beta.jointheleague.dccomics.com
+		- dev.jointheleague.dccomics.com
+		- promo.dccomics.com
+		- read.dccomics.com
+		- www.read.dccomics.com
+-->
+<ruleset name="DC Comics.com">
 	<target host="dccomics.com" />
 	<target host="www.dccomics.com" />
+	<target host="dcpowervisa.dccomics.com" />
+	<target host="subscriptions.dccomics.com" />
 
-
-	<rule from="^http://(?:www\.)?dccomics\.com/"
+	<rule from="^http://dccomics\.com/"
 		to="https://www.dccomics.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DC_Power.eu.xml b/src/chrome/content/rules/DC_Power.eu.xml
deleted file mode 100644
index ef70ab061d2d..000000000000
--- a/src/chrome/content/rules/DC_Power.eu.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="DC Power.eu">
-
-	<target host="dcpower.eu" />
-	<target host="files.dcpower.eu" />
-	<target host="www.dcpower.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DC_Vote.org.xml b/src/chrome/content/rules/DC_Vote.org.xml
index ca953d3e3cd6..7937308909fb 100644
--- a/src/chrome/content/rules/DC_Vote.org.xml
+++ b/src/chrome/content/rules/DC_Vote.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.dcvote.org/ => https://www.dcvote.org/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="DC Vote.org" default_off='failed ruleset test'>
+<ruleset name="DC Vote.org" default_off="failed ruleset test">
 
 	<target host="dcvote.org" />
 	<target host="www.dcvote.org" />
diff --git a/src/chrome/content/rules/DD4.com.xml b/src/chrome/content/rules/DD4.com.xml
new file mode 100644
index 000000000000..839b10df2b1c
--- /dev/null
+++ b/src/chrome/content/rules/DD4.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional subdomains:
+		- member	(e)
+		- payment	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="DD4.com">
+
+	<target host="dd4.com" />
+	<target host="www.dd4.com" />
+	<target host="image.dd4.com" />
+	<target host="mer.dd4.com" />
+	<target host="old.dd4.com" />
+	<target host="seller.dd4.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DDS2DDS.com.xml b/src/chrome/content/rules/DDS2DDS.com.xml
index a82886f722d5..61c3d27b86e0 100644
--- a/src/chrome/content/rules/DDS2DDS.com.xml
+++ b/src/chrome/content/rules/DDS2DDS.com.xml
@@ -7,12 +7,12 @@ Fetch error: http://www.dds2dds.com/ => https://www.dds2dds.com/: (28, 'Connecti
 Disabled by https-everywhere-checker because:
 Fetch error: http://kaizencrossfit.com/ => https://kaizencrossfit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'kaizencrossfit.com'")
 -->
-<ruleset name="DDS2DDS.com" default_off='failed ruleset test'>
+<ruleset name="DDS2DDS.com" default_off="failed ruleset test">
 
 	<target host="dds2dds.com" />
 	<target host="www.dds2dds.com" />
 	<target host="kaizencrossfit.com" />
-	<target host="*.kaizencrossfit.com" />
+	<target host="www.kaizencrossfit.com" />
 
 
 	<!--	Server doesn't set Secure for:
@@ -20,7 +20,6 @@ Fetch error: http://kaizencrossfit.com/ => https://kaizencrossfit.com/: (51, "SS
 	<securecookie host="^(?:w*\.)?(?:dds2dds|kaizencrossfit)\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(dds2dds|kaizencrossfit)\.com/"
-		to="https://$1$2.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DDoSBreak.com.xml b/src/chrome/content/rules/DDoSBreak.com.xml
index 9890a4572731..2784cf7d33ee 100644
--- a/src/chrome/content/rules/DDoSBreak.com.xml
+++ b/src/chrome/content/rules/DDoSBreak.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://ddosbreak.com/ => https://ddosbreak.com/: (28, 'Operation ti
 Fetch error: http://www.ddosbreak.com/ => https://www.ddosbreak.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="DDoSBreak.com" default_off='failed ruleset test'>
+<ruleset name="DDoSBreak.com" default_off="failed ruleset test">
 
 	<target host="ddosbreak.com" />
 	<target host="www.ddosbreak.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.ddosbreak.com/ => https://www.ddosbreak.com/: (28, 'Oper
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DEEWR.xml b/src/chrome/content/rules/DEEWR.xml
index b0eb4befadc1..e74bdabffbe8 100644
--- a/src/chrome/content/rules/DEEWR.xml
+++ b/src/chrome/content/rules/DEEWR.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://prisms.deewr.gov.au/ => https://prisms.deewr.gov.au/: (51, "SSL: no alternative certificate subject name matches target host name 'prisms.deewr.gov.au'")
 
 -->
-<ruleset name="DEEWR" default_off='failed ruleset test'>
+<ruleset name="DEEWR" default_off="failed ruleset test">
 	<target host="prisms.deewr.gov.au" />
-	<target host="*.prisms.deewr.gov.au" />
+	<target host="www.prisms.deewr.gov.au" />
 
 	<rule from="^http://(?:www\.)?prisms\.deewr\.gov\.au/"
 		to="https://prisms.deewr.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DEF_CON_Groups.org.xml b/src/chrome/content/rules/DEF_CON_Groups.org.xml
deleted file mode 100644
index d8a970f99d11..000000000000
--- a/src/chrome/content/rules/DEF_CON_Groups.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	includeSubDomains is sent in STS header.
-
--->
-<ruleset name="DEF CON Groups.org">
-	<target host="defcongroups.org" />
-	<target host="*.defcongroups.org" />
-		<test url="http://www.defcongroups.org/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/DENX.de.xml b/src/chrome/content/rules/DENX.de.xml
index 2080b5ebfbe1..6adc4d66ab57 100644
--- a/src/chrome/content/rules/DENX.de.xml
+++ b/src/chrome/content/rules/DENX.de.xml
@@ -1,13 +1,34 @@
-<ruleset name="DENX.de" platform="mixedcontent">
+<!--
+	Different HTTP/HTTPS content:
+		- ftp.denx.de
+		- ns.denx.de
+		- theia.denx.de
 
-	<target host="denx.de" />
-	<target host="www.denx.de" />
+	Invalid certificate:
+		- ns2.denx.de
+		- phoibe.denx.de
 
+	Login required:
+		- gitlab.denx.de
+		- owncloud.denx.de
 
-	<securecookie host="^www\.denx\.de$" name=".+" />
+	MCB:
+		- theia.denx.de
 
+	Passive mixed content:
+		- denx.de
+		- www.denx.de
+		- theia.denx.de
 
-	<rule from="^http:"
-		to="https:" />
+	Service unavailable:
+		- jabber.denx.de
+-->
+<ruleset name="DENX.de">
+	<target host="denx.de" />
+	<target host="www.denx.de" />
+	<target host="git.denx.de" />
+	<target host="lists.denx.de" />
+	<target host="themis.denx.de" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DFTBA_Records.xml b/src/chrome/content/rules/DFTBA_Records.xml
index f601aa3d6737..2a482fa5a5e1 100644
--- a/src/chrome/content/rules/DFTBA_Records.xml
+++ b/src/chrome/content/rules/DFTBA_Records.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DGEX.com.xml b/src/chrome/content/rules/DGEX.com.xml
index a0edc2c5f1e0..8c2eb635ebef 100644
--- a/src/chrome/content/rules/DGEX.com.xml
+++ b/src/chrome/content/rules/DGEX.com.xml
@@ -4,12 +4,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dgex.com/ => https://dgex.com/: (28, 'Operation timed out after 30007 milliseconds with 0 bytes received')
 Fetch error: http://www.dgex.com/ => https://www.dgex.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- .dgex.com
 
 -->
-<ruleset name="DGEX.com" default_off='failed ruleset test'>
+<ruleset name="DGEX.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DIYbanter.xml b/src/chrome/content/rules/DIYbanter.xml
index e276a84d9597..b4b82679eb82 100644
--- a/src/chrome/content/rules/DIYbanter.xml
+++ b/src/chrome/content/rules/DIYbanter.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DJI.xml b/src/chrome/content/rules/DJI.xml
index 6682c867d0d0..f7af8ec3fdc3 100644
--- a/src/chrome/content/rules/DJI.xml
+++ b/src/chrome/content/rules/DJI.xml
@@ -49,7 +49,7 @@ Fetch error: http://www-dji-china.dji.com/ => https://www-dji-china.dji.com/: (2
 		wiki.dji.com
 
 -->
-<ruleset name="DJI" default_off='failed ruleset test'>
+<ruleset name="DJI" default_off="failed ruleset test">
 	<target host="dji.com" />
 	<target host="www.dji.com" />
 	<target host="account.dji.com" />
diff --git a/src/chrome/content/rules/DJKit.xml b/src/chrome/content/rules/DJKit.xml
index 2cd794dd7286..9c6fd5da3ae5 100644
--- a/src/chrome/content/rules/DJKit.xml
+++ b/src/chrome/content/rules/DJKit.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DKiT.ie.xml b/src/chrome/content/rules/DKiT.ie.xml
index a8cc92b857ed..3ce626857717 100644
--- a/src/chrome/content/rules/DKiT.ie.xml
+++ b/src/chrome/content/rules/DKiT.ie.xml
@@ -55,7 +55,7 @@ Fetch error: http://passwordreset.dkit.ie/ => https://passwordreset.dkit.ie/: (6
 	* Secured by us
 
 -->
-<ruleset name="DKiT.ie (partial)" default_off='failed ruleset test'>
+<ruleset name="DKiT.ie (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DLsite.com.xml b/src/chrome/content/rules/DLsite.com.xml
new file mode 100644
index 000000000000..5a15fd314bee
--- /dev/null
+++ b/src/chrome/content/rules/DLsite.com.xml
@@ -0,0 +1,74 @@
+<!--
+	Related rules:
+	- blogimg.jp.xml
+	- DLsite.jp.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- circle.upload001.dlsite.com
+		- circle.upload002.dlsite.com
+		- admin.dlsite.com
+		- github.dlsite.com
+		- announce.dlsite.com
+		- dille.dlsite.com
+		- elle.dlsite.com
+		- ch.stg.dlsite.com
+		- trial.gaku.dlsite.com
+
+		Timeout was reached:
+		- maid.dlsite.com
+		- support.dlsite.com
+		- trial.origin.dlsite.com
+
+		SSL connect error:
+		- ch-info.dlsite.com
+		- eng-info.dlsite.com
+		- girls-info.dlsite.com
+		- home-info.dlsite.com
+		- staffblog.dlsite.com
+		- blog.it.dlsite.com
+		- b.dlsite.net
+
+		NXDOMAIN:
+		- www.fujita.dlsite.com
+
+		Mixed content:
+		- it.dlsite.com
+
+		SSL Connection Refused:
+		- adv.dlsite.com
+		- trinity.dlsite.com
+
+		https://trial.dlsite.com will redir to http://trial.origin.dlsite.com/error404.html,
+		but the actual trial links work, for example https://trial.dlsite.com/doujin/RJ119000/RJ118525_trial.zip
+-->
+<ruleset name="DLsite.com">
+	<target host="dlsite.com" />
+	<target host="www.dlsite.com" />
+	<target host="blog.dlsite.com" />
+	<target host="books.dlsite.com" />
+	<target host="ch.dlsite.com" />
+	<target host="ci-en.dlsite.com" />
+	<target host="click.mg.dlsite.com" />
+	<target host="comic.dlsite.com" />
+	<target host="dealer.dlsite.com" />
+	<target host="download.dlsite.com" />
+	<target host="eng.dlsite.com" />
+	<target host="home.dlsite.com" />
+	<target host="login.dlsite.com" />
+	<target host="maniax.dlsite.com" />
+	<target host="media.dlsite.com" />
+	<target host="play.dl.dlsite.com" />
+	<target host="play.dlsite.com" />
+	<target host="pro2.dlsite.com" />
+	<target host="pro.dlsite.com" />
+	<target host="ssl.dlsite.com" />
+	<target host="ssldownload.dlsite.com" />
+	<target host="trial.dlsite.com" />
+	<target host="view.mg.dlsite.com" />
+	<target host="www.origin.dlsite.com" />
+
+	<test url="http://dealer.dlsite.com/login" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DLsite.jp.xml b/src/chrome/content/rules/DLsite.jp.xml
new file mode 100644
index 000000000000..e6ecdafcdfbe
--- /dev/null
+++ b/src/chrome/content/rules/DLsite.jp.xml
@@ -0,0 +1,10 @@
+<!--
+	Related rules:
+	- DLsite.com.xml
+-->
+
+<ruleset name="dlsite.jp">
+	<target host="img.dlsite.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DMCA_Services.xml b/src/chrome/content/rules/DMCA_Services.xml
index 64566b17f7a9..792dfa4089c2 100644
--- a/src/chrome/content/rules/DMCA_Services.xml
+++ b/src/chrome/content/rules/DMCA_Services.xml
@@ -24,7 +24,8 @@
 <ruleset name="DMCA.com">
 
 	<target host="dmca.com" />
-	<target host="*.dmca.com" />
+	<target host="www.dmca.com" />
+	<target host="images.dmca.com" />
 
 
 	<securecookie host="^www\.dmca\.com$" name=".+" />
@@ -33,7 +34,6 @@
 	<rule from="^http://(?:www\.)?dmca\.com/"
 		to="https://www.dmca.com/" />
 
-	<rule from="^http://images\.dmca\.com/"
-		to="https://images.dmca.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DMLP.org.xml b/src/chrome/content/rules/DMLP.org.xml
index c679b8194a6e..59a6579ab861 100644
--- a/src/chrome/content/rules/DMLP.org.xml
+++ b/src/chrome/content/rules/DMLP.org.xml
@@ -1,36 +1,23 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://citmedialaw.org/ => https://www.citmedialaw.org/: Too many redirects while fetching 'https://www.citmedialaw.org/'
-Fetch error: http://www.citmedialaw.org/ => https://www.citmedialaw.org/: Too many redirects while fetching 'https://www.citmedialaw.org/'
-Fetch error: http://dmlp.org/ => https://www.dmlp.org/: Too many redirects while fetching 'https://www.dmlp.org/'
-Fetch error: http://www.dmlp.org/ => https://www.dmlp.org/: Too many redirects while fetching 'https://www.dmlp.org/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://citmedialaw.org/ => https://www.citmedialaw.org/: Cycle detected - URL already encountered: https://www.dmlp.org/
-Fetch error: http://www.citmedialaw.org/ => https://www.citmedialaw.org/: Cycle detected - URL already encountered: https://www.dmlp.org/
-Fetch error: http://dmlp.org/ => https://www.dmlp.org/: Cycle detected - URL already encountered: https://www.dmlp.org/
-Fetch error: http://www.dmlp.org/ => https://www.dmlp.org/: Cycle detected - URL already encountered: https://www.dmlp.org/
 	Problematic subdomains:
 
-		- ^	(mismatched, CN: adam.law.harvard.edu)
+		- ^	(mismatched, CN: www.)
 
 
 	Some pages redirect to http.
 
 -->
-<ruleset name="DMLP.org (partial)" default_off='failed ruleset test'>
+<ruleset name="DMLP.org (partial)">
 
 	<target host="citmedialaw.org" />
 	<target host="www.citmedialaw.org" />
 	<target host="dmlp.org" />
 	<target host="www.dmlp.org" />
 
+	<test url="http://dmlp.org/favicon.ico" />
+	<test url="http://www.dmlp.org/favicon.ico" />
 
-	<rule from="^http://(?:www\.)?citmedialaw\.org/"
-		to="https://www.citmedialaw.org/" />
-
-	<rule from="^http://(?:www\.)?dmlp\.org/(?!favicon\.ico|files/|misc/|modules/|sites/)"
-		to="https://www.dmlp.org/" />
+	<rule from="^http://(?:www\.)?([^/]+)/"
+		to="https://www.$1/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DMS-Sweden.com.xml b/src/chrome/content/rules/DMS-Sweden.com.xml
deleted file mode 100644
index 8fc89b240d0f..000000000000
--- a/src/chrome/content/rules/DMS-Sweden.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	^: cert only matches www
-
-
-	Mixed content:
-
-		- Web bugs from www.teamviewer.com *
-
-	* Secured by us
-
--->
-<ruleset name="DMS-Sweden.com">
-
-	<target host="dms-sweden.com" />
-	<target host="www.dms-sweden.com" />
-
-
-	<rule from="^http://(?:www\.)?dms-sweden\.com/"
-		to="https://www.dms-sweden.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DMU.xml b/src/chrome/content/rules/DMU.xml
index f3077aac93fb..aeddaa34d3f5 100644
--- a/src/chrome/content/rules/DMU.xml
+++ b/src/chrome/content/rules/DMU.xml
@@ -22,7 +22,13 @@
 <ruleset name="DMU.ac.uk (partial)">
 
 	<target host="dmu.ac.uk" />
-	<target host="*.dmu.ac.uk" />
+	<target host="chooseyourhallroom.dmu.ac.uk" />
+	<target host="idpedir.dmu.ac.uk" />
+	<target host="www.library.dmu.ac.uk" />
+	<target host="password.dmu.ac.uk" />
+	<target host="vle.dmu.ac.uk" />
+	<target host="webmail.dmu.ac.uk" />
+	<target host="www.dmu.ac.uk" />
 
 
 	<!--	Not secured by server:
@@ -32,7 +38,6 @@
 	<securecookie host="^(?:(?:chooseyourhallroom|idpedir|www\.library|password|vle|webmail|www)\.)?dmu\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:chooseyourhallroom|idpedir|www\.library|password|vle|webmail|www)\.)?dmu\.ac\.uk/"
-		to="https://$1dmu.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DM_tracker.com.xml b/src/chrome/content/rules/DM_tracker.com.xml
deleted file mode 100644
index 685b5cad0201..000000000000
--- a/src/chrome/content/rules/DM_tracker.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Demand Media coverage, see Demand-Media.xml.
-
--->
-<ruleset name="DM tracker.com">
-
-	<target host="*.dmtracker.com" />
-
-
-	<securecookie host="^.*\.dmtracker\.com$" name=".+" />
-
-
-	<rule from="^http://(extended|vs)\.dmtracker\.com/"
-		to="https://$1.dmtracker.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DN.com.xml b/src/chrome/content/rules/DN.com.xml
deleted file mode 100644
index 776d4d9506a5..000000000000
--- a/src/chrome/content/rules/DN.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.dn.com
-
--->
-<ruleset name="DN.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="dn.com" />
-	<target host="www.dn.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.dn\.com$" name="^(?:PHPSESSID|language)$" /-->
-
-	<securecookie host="^www\.dn\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DN.dk.xml b/src/chrome/content/rules/DN.dk.xml
index 29f86c116fbb..b11b51aa4f41 100644
--- a/src/chrome/content/rules/DN.dk.xml
+++ b/src/chrome/content/rules/DN.dk.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.dn.dk/ => https://www.dn.dk/: (7, 'Failed to connect to
 
 	¹: Refused
 -->
-<ruleset name="DN.dk (partial)" default_off='failed ruleset test'>
+<ruleset name="DN.dk (partial)" default_off="failed ruleset test">
 	<target host="dn.dk" />
 	<target host="www.dn.dk" />
 
diff --git a/src/chrome/content/rules/DNA_Serum.xml b/src/chrome/content/rules/DNA_Serum.xml
index 5fb33f60a1e7..90c05b38e0ea 100644
--- a/src/chrome/content/rules/DNA_Serum.xml
+++ b/src/chrome/content/rules/DNA_Serum.xml
@@ -14,7 +14,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dnaserum.com/ => https://dnaserum.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="DNA Serum" default_off='failed ruleset test'>
+<ruleset name="DNA Serum" default_off="failed ruleset test">
 
 	<target host="dnaserum.com" />
 	<target host="shop.dnaserum.com" />
@@ -29,4 +29,4 @@ Fetch error: http://dnaserum.com/ => https://dnaserum.com/: (60, 'SSL certificat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DNS-shop.ru.xml b/src/chrome/content/rules/DNS-shop.ru.xml
new file mode 100644
index 000000000000..1efeb2ee3eed
--- /dev/null
+++ b/src/chrome/content/rules/DNS-shop.ru.xml
@@ -0,0 +1,44 @@
+<ruleset name="DNS-shop.ru">
+	<target host="dns-shop.ru" />
+	<target host="www.dns-shop.ru" />
+	<target host="0-mx.dns-shop.ru" />
+	<target host="accounts.dns-shop.ru" />
+	<target host="an.dns-shop.ru" />
+	<target host="as.dns-shop.ru" />
+	<target host="autodiscover.dns-shop.ru" />
+	<target host="b2b.dns-shop.ru" />
+	<target host="blagoveshensk.dns-shop.ru" />
+	<target host="c.dns-shop.ru" />
+	<target host="club.dns-shop.ru" />
+	<target host="data-import.dns-shop.ru" />
+	<target host="dev-media2.dns-shop.ru" />
+	<target host="ecosystem.dns-shop.ru" />
+	<target host="links.email.dns-shop.ru" />
+	<target host="export.dns-shop.ru" />
+	<target host="git.dns-shop.ru" />
+	<target host="imap.dns-shop.ru" />
+	<target host="mail.dns-shop.ru" />
+	<target host="media2.dns-shop.ru" />
+	<target host="mm-chat.dns-shop.ru" />
+	<target host="mx.dns-shop.ru" />
+	<target host="mx2.dns-shop.ru" />
+	<target host="ns2.dns-shop.ru" />
+	<target host="pda.dns-shop.ru" />
+	<target host="pop.dns-shop.ru" />
+	<target host="profile.dns-shop.ru" />
+	<target host="purchase.dns-shop.ru" />
+	<target host="redirect.dns-shop.ru" />
+	<target host="rocket-chat.dns-shop.ru" />
+	<target host="root.dns-shop.ru" />
+	<target host="s.dns-shop.ru" />
+	<target host="service.dns-shop.ru" />
+	<target host="smtp.dns-shop.ru" />
+	<target host="space.dns-shop.ru" />
+	<target host="supplier.dns-shop.ru" />
+	<target host="vl-proxy.dns-shop.ru" />
+	<target host="vladivostok.dns-shop.ru" />
+	<target host="webapi.dns-shop.ru" />
+	<target host="yuzhno-sakhalinsk.dns-shop.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DNSCurve.xml b/src/chrome/content/rules/DNSCurve.xml
index c453138586c6..ada5e0335947 100644
--- a/src/chrome/content/rules/DNSCurve.xml
+++ b/src/chrome/content/rules/DNSCurve.xml
@@ -8,4 +8,4 @@
 
     <rule from="^http:"
             to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DNSdynamic.xml b/src/chrome/content/rules/DNSdynamic.xml
deleted file mode 100644
index 433e46e22b34..000000000000
--- a/src/chrome/content/rules/DNSdynamic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- myip		(mismatch, works)
-
--->
-<ruleset name="DNSdynamic">
-
-	<target host="dnsdynamic.org" />
-	<target host="www.dnsdynamic.org" />
-
-
-	<securecookie host="^(?:www\.)?dnsdynamic\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DNSstuff.com.xml b/src/chrome/content/rules/DNSstuff.com.xml
index d990aef13278..4a808243da40 100644
--- a/src/chrome/content/rules/DNSstuff.com.xml
+++ b/src/chrome/content/rules/DNSstuff.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.dnsstuff.com/member/register/ => https://www.dnsstuff.co
 Fetch error: http://www.dnsstuff.com/templates/system/css/general.css => https://www.dnsstuff.com/templates/system/css/general.css: Too many redirects while fetching 'https://www.dnsstuff.com/templates/system/css/general.css'
 
 -->
-<ruleset name="DNSstuff.com (partial)" default_off='failed ruleset test'>
+<ruleset name="DNSstuff.com (partial)" default_off="failed ruleset test">
 
 	<target host="dnsstuff.com" />
 	<target host="www.dnsstuff.com" />
diff --git a/src/chrome/content/rules/DNTX.com.xml b/src/chrome/content/rules/DNTX.com.xml
index 8008facbc9a7..c14a6976c9b5 100644
--- a/src/chrome/content/rules/DNTX.com.xml
+++ b/src/chrome/content/rules/DNTX.com.xml
@@ -1,9 +1,7 @@
 <!--
+  Redirects to tonic.com
 	Other DNTX rulesets:
 
-		- DNTrck.com.xml
-
-
 	^: dropped
 
 -->
@@ -15,13 +13,6 @@
 
 	<securecookie host="^www\.dntx\.com$" name=".+" />
 
-
-	<!--	Server drops args but not paths:
-						-->
-	<rule from="^http://dntx\.com/([^?]*).*"
-		to="https://www.dntx.com/$1" />
-
-	<rule from="^http://www\.dntx\.com/"
-		to="https://www.dntx.com/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DNTrck.com.xml b/src/chrome/content/rules/DNTrck.com.xml
deleted file mode 100644
index 1430f67e98c2..000000000000
--- a/src/chrome/content/rules/DNTrck.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other DNTX coverage, see DNTX.com.xml.
-
-
-	Web bugs.
-
-
-	^dntrck.com doesn't exist.
-
--->
-<ruleset name="DNTrck.com">
-
-	<target host="p1.dntrck.com" />
-	<target host="www.dntrck.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DNV.com.xml b/src/chrome/content/rules/DNV.com.xml
deleted file mode 100644
index 4c56babb9eaa..000000000000
--- a/src/chrome/content/rules/DNV.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	(www.) refused
-
--->
-<ruleset name="DNV.com (partial)">
-
-	<target host="exchange.dnv.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^exchange\.dnv\.com$" name="^(ASP\.NET_SessionId|TS[0-9a-f]{8})$" /-->
-
-	<securecookie host="^exchange\.dnv\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DOCLIX.xml b/src/chrome/content/rules/DOCLIX.xml
deleted file mode 100644
index 268a32afc778..000000000000
--- a/src/chrome/content/rules/DOCLIX.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)adside.com
-		- (www.)doclix.com
-
--->
-<ruleset name="DOCLIX (partial)">
-
-	<target host="*.doclix.com" />
-
-
-	<!--	- Cert doesn't match ads
-		- Ads included on 3rd-party websites
-							-->
-	<rule from="^http://(?:ads|track)\.doclix\.com/"
-		to="https://track.doclix.com/" />
-
-	<rule from="^http://(advertis|publish)er\.doclix\.com/"
-		to="https://$1er.doclix.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DOI.org.xml b/src/chrome/content/rules/DOI.org.xml
deleted file mode 100644
index fef6a09ef8d1..000000000000
--- a/src/chrome/content/rules/DOI.org.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Refused:
-		admin.doi.org
-		notfound.doi.org
-	
-	Bad certificate:
-		www.dx.doi.org
-
-	Timeout:
-		meta.doi.org
-		test.doi.org
--->
-
-<ruleset name="DOI.org">
-
-	<target host="doi.org" />
-	<target host="www.doi.org" />
-	<target host="dx.doi.org" />
-
-	<securecookie host="(.+\.)?doi\.org$" name=".+" />
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DONGEnergy.xml b/src/chrome/content/rules/DONGEnergy.xml
index a689a5db5177..16236fe55370 100644
--- a/src/chrome/content/rules/DONGEnergy.xml
+++ b/src/chrome/content/rules/DONGEnergy.xml
@@ -37,7 +37,7 @@ Fetch error: http://ditgadelys.dongenergy.dk/ => https://ditgadelys.dongenergy.d
 	⁴: Refused
 
 -->
-<ruleset name="DONG Energy" default_off='failed ruleset test'>
+<ruleset name="DONG Energy" default_off="failed ruleset test">
 
 	<target host="tendering.dongenergy.com" />
 
diff --git a/src/chrome/content/rules/DPB.sk.xml b/src/chrome/content/rules/DPB.sk.xml
new file mode 100644
index 000000000000..f9421204f8db
--- /dev/null
+++ b/src/chrome/content/rules/DPB.sk.xml
@@ -0,0 +1,7 @@
+<ruleset name="DPB.sk">
+	<target host="dpb.sk" />
+	<target host="www.dpb.sk" />
+	<target host="ecard.dpb.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DPMC.xml b/src/chrome/content/rules/DPMC.xml
index e75823470515..0f3d42a94566 100644
--- a/src/chrome/content/rules/DPMC.xml
+++ b/src/chrome/content/rules/DPMC.xml
@@ -19,7 +19,7 @@
 					-->
 	<!--securecookie host="^\.dpmc\.gov\.au$" name="^citrix_ns_id.*" /-->
 
-	<securecookie host="^\.dpmc\.gov\.au$" name="" />
+	<securecookie host="^\.dpmc\.gov\.au$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/DR.com.tr.xml b/src/chrome/content/rules/DR.com.tr.xml
index b40f1d14daae..7c73d1904267 100644
--- a/src/chrome/content/rules/DR.com.tr.xml
+++ b/src/chrome/content/rules/DR.com.tr.xml
@@ -12,11 +12,11 @@ Fetch error: http://www.dr.com.tr/ => https://www.dr.com.tr/: Too many redirects
 Fetch error: http://dr.com.tr/ => https://www.dr.com.tr/: Too many redirects while fetching 'https://www.dr.com.tr/'
 
 -->
-<ruleset name="DR.com.tr" default_off='failed ruleset test'>
+<ruleset name="DR.com.tr" default_off="failed ruleset test">
   <target host="www.dr.com.tr" />
   <target host="dr.com.tr" />
 
-  <securecookie host="^(?:.*\.)?dr\.com\.tr$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?dr\.com\.tr/" to="https://www.dr.com.tr/" />
 </ruleset>
diff --git a/src/chrome/content/rules/DR.dk.xml b/src/chrome/content/rules/DR.dk.xml
index cf496bd9e7e8..69e9a629a7c1 100644
--- a/src/chrome/content/rules/DR.dk.xml
+++ b/src/chrome/content/rules/DR.dk.xml
@@ -22,7 +22,5 @@
 
 	<rule from="^http:" to="https:" />
 
-	<test url="http://www.dr.dk/" />
-	<test url="http://asset.dr.dk/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DSF.my.xml b/src/chrome/content/rules/DSF.my.xml
new file mode 100644
index 000000000000..a8e6bd22594b
--- /dev/null
+++ b/src/chrome/content/rules/DSF.my.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.dsf.my
+-->
+
+<ruleset name="DSF.my" platform="mixedcontent">
+	<target host="dsf.my" />
+	<target host="www.dsf.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DSLReports.xml b/src/chrome/content/rules/DSLReports.xml
index e721e1379e5d..76105aeed5ff 100644
--- a/src/chrome/content/rules/DSLReports.xml
+++ b/src/chrome/content/rules/DSLReports.xml
@@ -3,13 +3,13 @@
 -->
 <ruleset name="DSLReports">
 
-	<target host="dslreports.com" />
-	<target host="www.dslreports.com" />
-	<target host="i.dslr.net" />
 	<target host="broadbandreports.com" />
 	<target host="www.broadbandreports.com" />
+	<target host="i.dslr.net" />
 	<target host="dslreports.ca" />
 	<target host="www.dslreports.ca" />
+	<target host="dslreports.com" />
+	<target host="www.dslreports.com" />
 
 	<!-- https://github.com/EFForg/https-everywhere/issues/6978 -->
 	<exclusion pattern="^http://www\.dslreports\.com/speedtest" />
@@ -20,6 +20,8 @@
 	<!-- JS redirect, see https://github.com/EFForg/https-everywhere/issues/8488 -->
 	<exclusion pattern="^http://www\.dslreports\.com/tools/puma6$" />
 		<test url="http://www.dslreports.com/tools/puma6" />
+	<exclusion pattern="^http://www\.dslreports\.com/front/puma6.html$" />
+		<test url="http://www.dslreports.com/front/puma6.html" />
 
 	<securecookie host="^.*\.dslreports\.com$" name=".+" />
 
@@ -29,7 +31,6 @@
 	<rule from="^http://(www\.)?dslreports\.ca/"
 		to="https://www.dslreports.com/" />
 
-		<test url="http://www.dslreports.com/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/DSNR-Media-Group.xml b/src/chrome/content/rules/DSNR-Media-Group.xml
index 4acec2a8463c..e0a35e207cd7 100644
--- a/src/chrome/content/rules/DSNR-Media-Group.xml
+++ b/src/chrome/content/rules/DSNR-Media-Group.xml
@@ -12,7 +12,7 @@ Fetch error: http://ad.z5x.net/ => https://ad.rmxads.net/: (28, 'Resolving timed
 		- (www.)z5x.net		(times out)
 
 -->
-<ruleset name="DSNR Media Group (partial)" default_off='failed ruleset test'>
+<ruleset name="DSNR Media Group (partial)" default_off="failed ruleset test">
 
 	<target host="ad.z5x.net" />
 
diff --git a/src/chrome/content/rules/DShield.org.xml b/src/chrome/content/rules/DShield.org.xml
deleted file mode 100644
index b206f7c9c944..000000000000
--- a/src/chrome/content/rules/DShield.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other SANS Institute coverage, see SANS.org.xml.
-
--->
-<ruleset name="DShield.org">
-
-	<target host="dshield.org" />
-	<target host="www.dshield.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DTInt.com.xml b/src/chrome/content/rules/DTInt.com.xml
index 384db4c0c464..066e72fc2578 100644
--- a/src/chrome/content/rules/DTInt.com.xml
+++ b/src/chrome/content/rules/DTInt.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://customersonly.dtint.com/ => https://customersonly.dtint.com/
 		- customersonly.dtint.com
 
 -->
-<ruleset name="DTInt.com (partial)" default_off='failed ruleset test'>
+<ruleset name="DTInt.com (partial)" default_off="failed ruleset test">
 
 	<target host="customersonly.dtint.com" />
 
diff --git a/src/chrome/content/rules/DUG.net.pl.xml b/src/chrome/content/rules/DUG.net.pl.xml
deleted file mode 100644
index 4cc60fe63807..000000000000
--- a/src/chrome/content/rules/DUG.net.pl.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	www.dug.net.pl: mismatched
-
--->
-<ruleset name="DUG.net.pl">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="dug.net.pl" />
-	<target host="forum.dug.net.pl" />
-
-	<!--	Complications:
-				-->
-	<target host="www.dug.net.pl" />
-
-
-	<rule from="^http://www\.dug\.net\.pl/"
-		to="https://dug.net.pl/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DW-World.de.xml b/src/chrome/content/rules/DW-World.de.xml
new file mode 100644
index 000000000000..a1ece54b3931
--- /dev/null
+++ b/src/chrome/content/rules/DW-World.de.xml
@@ -0,0 +1,16 @@
+<!--
+	For other DW.com rulesets, see DW.com.xml
+-->
+<ruleset name="DW-World.de (partial)">
+
+	<target host="dw-world.de" />
+	<target host="www.dw-world.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://(www.)?dw-world.de/,
+		http://(www.)?dw-world.de/ redirect to https://www.dw.com/.-->
+	<rule from="^http://(www\.)?dw-world\.de/"
+			to="https://www.dw.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DW.com.xml b/src/chrome/content/rules/DW.com.xml
new file mode 100644
index 000000000000..8d30baeed1ed
--- /dev/null
+++ b/src/chrome/content/rules/DW.com.xml
@@ -0,0 +1,81 @@
+<!--
+	See also:
+		- DW.de.xml
+		- DW-World.de.xml
+
+	Invalid certificate:
+		- buwa.dw.com
+		- nl.dw.com
+		- (*.)?nl-am.dw.com
+		- (*.)?nl-ar.dw.com
+		- (*.)?nl-bg.dw.com
+		- (*.)?nl-bn.dw.com
+		- (*.)?nl-bs.dw.com
+		- (*.)?nl-de.dw.com
+		- (*.)?nl-el.dw.com
+		- (*.)?nl-en.dw.com
+		- (*.)?nl-es.dw.com
+		- (*.)?nl-pt.dw.com
+		- (*.)?nl-ru.dw.com
+		- (*.)?nl-uk.dw.com
+		- (*.)?nl-zh.dw.com
+		- pageflow-image.dw.com
+		- radio-download.dw.com
+		- tv-download.dw.com
+
+	Timeout:
+		- deutschkurse.dw.com
+		- kickoff.dw.com
+		- mdm.dw.com
+
+	Unable to get local issuer certificate:
+		- b2bmftftp.dw.com
+-->
+<ruleset name="DW.com">
+	<target host="dw.com" />
+	<target host="www.dw.com" />
+	<target host="akademie.dw.com" />
+	<target host="akademie-anmeldung.dw.com" />
+	<target host="amp.dw.com" />
+	<target host="api.dw.com" />
+	<target host="audiodepot.dw.com" />
+	<target host="b2b.dw.com" />
+	<target host="blogs.dw.com" />
+	<target host="charts.dw.com" />
+	<target host="commons.dw.com" />
+	<target host="connect.dw.com" />
+	<target host="expedition-heimat.dw.com" />
+	<target host="fussball.dw.com" />
+	<target host="git.dw.com" />
+	<target host="harry.dw.com" />
+	<target host="jira.dw.com" />
+	<target host="learngerman.dw.com" />
+	<target host="lingofox.dw.com" />
+	<target host="m.dw.com" />
+	<target host="mediacenter.dw.com" />
+	<target host="meetings.dw.com" />
+	<target host="mft.dw.com" />
+	<target host="mobile.dw.com" />
+	<target host="multimedia.dw.com" />
+	<target host="om.dw.com" />
+	<target host="p.dw.com" />
+	<target host="partner.dw.com" />
+	<target host="player.dw.com" />
+	<target host="recruiting.dw.com" />
+	<target host="rss.dw.com" />
+	<target host="sandbox.dw.com" />
+	<target host="social.dw.com" />
+	<target host="specials.dw.com" />
+	<target host="training.dw.com" />
+	<target host="vdt.dw.com" />
+	<target host="visualdata.dw.com" />
+	<target host="visualstories.dw.com" />
+	<target host="web-mail.dw.com" />
+	<target host="webdocs.dw.com" />
+	<target host="webmo.dw.com" />
+	<target host="www9.dw.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DW.de.xml b/src/chrome/content/rules/DW.de.xml
index c4f870ed3fda..200156b1fd59 100644
--- a/src/chrome/content/rules/DW.de.xml
+++ b/src/chrome/content/rules/DW.de.xml
@@ -1,34 +1,19 @@
 <!--
-	CDN buckets:
-
-		- mediacenter.dw.de.edgesuite.net
-
-			- a38.g.akamai.net
-
-		- www.dw.de.edgesuite.net
-
-			- a1697.g.akamai.net
-
-
-	Nonfunctional subdomains:
-
-		- www7.dw-world.de *
-
-		- dw.de subdomains:
-
-			- ^ *
-			- mediacenter **
-			- www **
-
-	* http reply
-	** 503, akamai
-
+	For other DW.com rulesets, see DW.com.xml
 -->
 <ruleset name="DW.de (partial)">
 
+	<target host="dw.de" />
+	<target host="www.dw.de" />
 	<target host="social.dw.de" />
 
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://(www.)?dw.de/,
+		http://(www.)?dw.de/ redirect to https://www.dw.com/.-->
+	<rule from="^http://(www\.)?dw\.de/"
+			to="https://www.dw.com/" />
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DWheeler.xml b/src/chrome/content/rules/DWheeler.xml
index be3e2cfe0a1e..625f3cd28269 100644
--- a/src/chrome/content/rules/DWheeler.xml
+++ b/src/chrome/content/rules/DWheeler.xml
@@ -4,6 +4,6 @@
 	<target host="www.dwheeler.com"/>
 
 	<rule from="^http://(?:www\.)?dwheeler\.com/"
-		to="https://www.dwheeler.com/"/>
+		to="https://dwheeler.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/DWin1.com.xml b/src/chrome/content/rules/DWin1.com.xml
index 155b65f2351f..8559d4a7d2ff 100644
--- a/src/chrome/content/rules/DWin1.com.xml
+++ b/src/chrome/content/rules/DWin1.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/D_Franke.us.xml b/src/chrome/content/rules/D_Franke.us.xml
deleted file mode 100644
index 89eacb3b01ea..000000000000
--- a/src/chrome/content/rules/D_Franke.us.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="D Franke.us">
-
-	<target host="dfranke.us" />
-	<target host="www.dfranke.us" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Da.gd.xml b/src/chrome/content/rules/Da.gd.xml
index 33646679eb8a..997b177ab488 100644
--- a/src/chrome/content/rules/Da.gd.xml
+++ b/src/chrome/content/rules/Da.gd.xml
@@ -1,11 +1,4 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://6.da.gd/ => https://6.da.gd/: (7, '')
-Fetch error: http://ipv6.da.gd/ => https://ipv6.da.gd/: (7, '')
-
--->
-<ruleset name="Da.gd" default_off='failed ruleset test'>
+<ruleset name="Da.gd">
 	<target host="da.gd" />
 	<target host="www.da.gd" />
 	<target host="4.da.gd" />
diff --git a/src/chrome/content/rules/DaWanda.xml b/src/chrome/content/rules/DaWanda.xml
index ea5c521b2a2f..1d4d032ecb7f 100644
--- a/src/chrome/content/rules/DaWanda.xml
+++ b/src/chrome/content/rules/DaWanda.xml
@@ -42,15 +42,23 @@
 -->
 <ruleset name="DaWanda (partial)">
 
-	<target host="*.dawanda.com" />
+	<target host="assets.dawanda.com" />
+	<target host="de.dawanda.com" />
+	<target host="en.dawanda.com" />
+	<target host="es.dawanda.com" />
+	<target host="fr.dawanda.com" />
+	<target host="it.dawanda.com" />
+	<target host="nl.dawanda.com" />
+	<target host="pl.dawanda.com" />
+	<target host="img.dawanda.com" />
 		<exclusion pattern="^http://(?:de|en|es|fr|it|nl|pl)\.dawanda.com/(?!(?:account/login|cms/c/\w\w/seller-portal)(?:$|\?|/)|cms/(?:image|javascript|stylesheet)s/|_pi_/|uo/|trck/|widget/)" />
-	<target host="*.dawandastatic.com" />
+	<target host="s31.dawandastatic.com" />
+	<target host="s32.dawandastatic.com" />
 
 
-	<rule from="^http://(assets|de|en|es|fr|it|nl|pl)\.dawanda\.com/"
-		to="https://$1.dawanda.com/" />
 
 	<rule from="^http://(?:img\.dawanda|s3[12]\.dawandastatic)\.com/"
 		to="https://dawandaimages.s3.amazonaws.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DaemonPage.com.xml b/src/chrome/content/rules/DaemonPage.com.xml
new file mode 100644
index 000000000000..f688e082126e
--- /dev/null
+++ b/src/chrome/content/rules/DaemonPage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mimatched:
+		- www.daemonpage.com
+		- autodiscover.daemonpage.com
+		- ftp.daemonpage.com
+		- mail.daemonpage.com
+		- webmail.daemonpage.com
+-->
+<ruleset name="DaemonPage.com">
+	<target host="daemonpage.com" />
+	<target host="www.daemonpage.com" />
+
+	<rule from="^http://www\.daemonpage\.com/" to="https://daemonpage.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dafdirect.org.xml b/src/chrome/content/rules/Dafdirect.org.xml
index 9d49f8700cb7..9a0f679d0155 100644
--- a/src/chrome/content/rules/Dafdirect.org.xml
+++ b/src/chrome/content/rules/Dafdirect.org.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://www.dafdirect.org/ (200) => https://www.dafdirect.org/
 	^: cert only matches www
 
 -->
-<ruleset name="dafdirect.org" default_off='failed ruleset test'>
+<ruleset name="dafdirect.org" default_off="failed ruleset test">
 
 	<target host="dafdirect.org" />
 	<target host="www.dafdirect.org" />
diff --git a/src/chrome/content/rules/Dafont.com.xml b/src/chrome/content/rules/Dafont.com.xml
deleted file mode 100644
index be3c5f42472a..000000000000
--- a/src/chrome/content/rules/Dafont.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Redirect to http:
-		^(www.)?dafont.com
-
-	Failed:
-		dl.dafont.com
-		img.dafont.com
-
-	Mismatch:
-		co.dafont.com
-		es.dafont.com
-		fr.dafont.com
-		m.dafont.com
-		www1.dafont.com
--->
-<ruleset name="Dafont.com (partial)">
-	<target host="dafont.com" />
-	<target host="www.dafont.com" />
-
-		<test url="http://dafont.com/img/dafont.png" />
-		<test url="http://dafont.com/img/nof.png" />
-		<test url="http://dafont.com/img/top.gif" />
-		<test url="http://www.dafont.com/img/dafont.png" />
-		<test url="http://www.dafont.com/img/nof.png" />
-		<test url="http://www.dafont.com/img/top.gif" />
-
-	<exclusion pattern="^http://(www\.)?dafont\.com/$" />
-
-	<rule from="^http://(www\.)?dafont\.com/img/" to="https://$1dafont.com/img/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Daft.ie.xml b/src/chrome/content/rules/Daft.ie.xml
index c68a1c1af339..3639becc7501 100644
--- a/src/chrome/content/rules/Daft.ie.xml
+++ b/src/chrome/content/rules/Daft.ie.xml
@@ -8,7 +8,7 @@
 	<target host="www.daft.ie" />
 	<target host="api.daft.ie" />
 	<target host="touch.daft.ie" />
-	
+
 	<securecookie host="^(www\.)?daft\.ie$" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Daft_Media.xml b/src/chrome/content/rules/Daft_Media.xml
index fb6963b37c60..7eaaec7d55ee 100644
--- a/src/chrome/content/rules/Daft_Media.xml
+++ b/src/chrome/content/rules/Daft_Media.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dagbladet.no-falsemixed.xml b/src/chrome/content/rules/Dagbladet.no-falsemixed.xml
index e8271951f26e..507bd3faab23 100644
--- a/src/chrome/content/rules/Dagbladet.no-falsemixed.xml
+++ b/src/chrome/content/rules/Dagbladet.no-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://livebeta.dagbladet.no/ => https://livebeta.dagbladet.no/: (6
 	For rules not causing false/broken MCB, see Dagbladet.no.xml.
 
 -->
-<ruleset name="Dagbladet.no (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Dagbladet.no (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="dagbladet.no" />
 	<target host="apps.dagbladet.no" />
diff --git a/src/chrome/content/rules/Dagbladet.no.xml b/src/chrome/content/rules/Dagbladet.no.xml
index 62151ff6d37e..3050a4aac786 100644
--- a/src/chrome/content/rules/Dagbladet.no.xml
+++ b/src/chrome/content/rules/Dagbladet.no.xml
@@ -63,7 +63,7 @@ Fetch error: http://konto.dagbladet.no/ => https://konto.dagbladet.no/: (6, 'Cou
 	² Unsecurable <= refused
 
 -->
-<ruleset name="Dagbladet.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Dagbladet.no (partial)" default_off="failed ruleset test">
 
 	<!--target host="dagbladet.no" /-->
 	<!--target host="apps.dagbladet.no" /-->
diff --git a/src/chrome/content/rules/Daily-Herald.xml b/src/chrome/content/rules/Daily-Herald.xml
index 83f6dd49bcf8..3783f73c6249 100644
--- a/src/chrome/content/rules/Daily-Herald.xml
+++ b/src/chrome/content/rules/Daily-Herald.xml
@@ -8,10 +8,13 @@ Fetch error: http://dailyherald.com/ => https://dailyherald.com/: (7, 'Failed to
 		- blogs		(times out)
 
 -->
-<ruleset name="Daily Herald" default_off='failed ruleset test'>
+<ruleset name="Daily Herald" default_off="failed ruleset test">
 
 	<target host="dailyherald.com" />
-	<target host="*.dailyherald.com" />
+	<target host="classifieds.dailyherald.com" />
+	<target host="prev.dailyherald.com" />
+	<target host="www.dailyherald.com" />
+	<target host="homes.dailyherald.com" />
 
 
 	<securecookie host="^.*\.dailyherald\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Daily-Star.xml b/src/chrome/content/rules/Daily-Star.xml
index 1890a861f12f..37d5deee4894 100644
--- a/src/chrome/content/rules/Daily-Star.xml
+++ b/src/chrome/content/rules/Daily-Star.xml
@@ -41,7 +41,7 @@ Fetch error: http://cdn.images.dailystar-uk.co.uk/ => https://d1gdw8d643djmp.clo
 	³ Cloudfront
 
 -->
-<ruleset name="Daily Star (partial)" default_off='failed ruleset test'>
+<ruleset name="Daily Star (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DailyCaller.com.xml b/src/chrome/content/rules/DailyCaller.com.xml
new file mode 100644
index 000000000000..cecab011c933
--- /dev/null
+++ b/src/chrome/content/rules/DailyCaller.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- jobs.dailycaller.com
+		- rambo.dailycaller.com
+-->
+
+<ruleset name="DailyCaller.com">
+	<target host="dailycaller.com" />
+	<target host="www.dailycaller.com" />
+	<target host="amp.dailycaller.com" />
+	<target host="cdn.dailycaller.com" />
+	<target host="cdn01.dailycaller.com" />
+	<target host="shop.dailycaller.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DailyDot.xml b/src/chrome/content/rules/DailyDot.xml
index 94f60b5acbd0..926abf660cfe 100644
--- a/src/chrome/content/rules/DailyDot.xml
+++ b/src/chrome/content/rules/DailyDot.xml
@@ -41,25 +41,15 @@
 <ruleset name="DailyDot.com (partial)" platform="mixedcontent">
 
 	<target host="dailydot.com" />
-	<target host="cdn0.dailydot.com" />
 	<target host="www.dailydot.com" />
 
-
 	<!--	Not secured by server:
 					-->
 	<securecookie host="^\.dailydot\.com$" name="^__qca$" />
 
-
 	<rule from="^http://dailydot\.com/"
 		to="https://www.dailydot.com/" />
 
-	<!--	s? for protocol-relative urls...:
-						-->
-	<rule from="^https?://cdn0\.dailydot\.com/"
-		to="https://dailydot.s3.amazonaws.com/" />
-
-		<test url="https://cdn0.dailydot.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/DailyHiit.com.xml b/src/chrome/content/rules/DailyHiit.com.xml
index 079478720760..0e4fde850198 100644
--- a/src/chrome/content/rules/DailyHiit.com.xml
+++ b/src/chrome/content/rules/DailyHiit.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DailyHive.com.xml b/src/chrome/content/rules/DailyHive.com.xml
new file mode 100644
index 000000000000..a161debbc881
--- /dev/null
+++ b/src/chrome/content/rules/DailyHive.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection refused:
+		- advertise.dailyhive.com
+		- wp.sandbox.dailyhive.com
+		- sandbox.sfo1.dailyhive.com
+-->
+
+<ruleset name="DailyHive.com">
+	<target host="dailyhive.com" />
+	<target host="www.dailyhive.com" />
+	<target host="images.dailyhive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DailyMail.co.uk.xml b/src/chrome/content/rules/DailyMail.co.uk.xml
new file mode 100644
index 000000000000..5542daa5bfd3
--- /dev/null
+++ b/src/chrome/content/rules/DailyMail.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="DailyMail.co.uk (partial)">
+	<target host="dailymail.co.uk" />
+	<target host="www.dailymail.co.uk" />
+	<target host="crta.dailymail.co.uk" />
+	<target host="fff.dailymail.co.uk" />
+	<target host="gs.dailymail.co.uk" />
+	<target host="i.dailymail.co.uk" />
+	<target host="jobs.dailymail.co.uk" />
+	<target host="scripts.dailymail.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Daily_Fantasy_Radio.xml b/src/chrome/content/rules/Daily_Fantasy_Radio.xml
index 33887e39ce82..46cc00c8bc29 100644
--- a/src/chrome/content/rules/Daily_Fantasy_Radio.xml
+++ b/src/chrome/content/rules/Daily_Fantasy_Radio.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dailyfantasyradio.com/ => https://dailyfantasyradio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'dailyfantasyradio.com'")
 Fetch error: http://www.dailyfantasyradio.com/ => https://www.dailyfantasyradio.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dailyfantasyradio.com'")
 -->
-<ruleset name="Daily Fantasy Radio" default_off='failed ruleset test'>
+<ruleset name="Daily Fantasy Radio" default_off="failed ruleset test">
 
 	<target host="dailyfantasyradio.com" />
 	<target host="www.dailyfantasyradio.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.dailyfantasyradio.com/ => https://www.dailyfantasyradio.
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Daily_Mail-problematic.xml b/src/chrome/content/rules/Daily_Mail-problematic.xml
deleted file mode 100644
index 069343905f2d..000000000000
--- a/src/chrome/content/rules/Daily_Mail-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Daily-Mail.xml.
-
--->
-<ruleset name="Daily Mail (problematic)" default_off="mismatched">
-
-	<target host="jobs.dailymail.co.uk" />
-
-
-	<rule from="^http://jobs\.dailymail\.co\.uk/(cs|image)s/"
-		to="https://jobs.dailymail.co.uk/$1s/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml b/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml
index d14ab50e5d88..1e6a14d271e4 100644
--- a/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml
+++ b/src/chrome/content/rules/Daily_Mail_and_General_Trust.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?dmgt\.co\.uk/"
 		to="https://dmgt.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dailymotion.xml b/src/chrome/content/rules/Dailymotion.xml
index 616800362c12..cf6b7c5e6edd 100644
--- a/src/chrome/content/rules/Dailymotion.xml
+++ b/src/chrome/content/rules/Dailymotion.xml
@@ -1,68 +1,42 @@
 <!--
 	Nonfunctional domains:
-
+		- advertising.dailymotion.com
 		- blog.dailymotion.com
-		- press.dailymotion.com		(shows steaw.com, CN: www.steaw.com)
-		- proxy-46.dailymotion.com
 		- publicite.dailymotion.com
-		- publisher.dailymotion.com	(reset)
-		- vid.ak.dmcdn.net		(403, Akamai)
-		- vid2.ak.dmcdn.net		(504, akamai)
-
-
-	Problematic domains:
-
-		- ak2.static.dailymotion.com	(mismatched, CN: *.dmcdn.net)
-		- support.dmcloud.net		(mismatched, CN: *.zendesk.com)
-
 
 	Partially covered domains:
-
 		- (www.)dailymotion.com
-
 			- cdn/manifest/video/\w+.mnft 403s
 			- crossdomain.xml breaks videos
-
 -->
-<ruleset name="Dailymotion (default off)" default_off="breaks some embedded videos">
 
+<ruleset name="Dailymotion">
 	<target host="dailymotion.com" />
-	<!--
-		* for cross-domain cookie.
-					-->
+	<!-- * for cross-domain cookies -->
 	<target host="*.dailymotion.com" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001241.html
-													-->
-		<exclusion pattern="^http://(?:www\.)?dailymotion\.com/(?:cdn/[\w-]+/video/|crossdomain\.xml$)" />
-	<target host="*.dmcdn.net" />
-	<target host="dmcloud.net" />
-	<target host="*.dmcloud.net" />
+		<!-- https://mail1.eff.org/pipermail/https-everywhere-rules/2012-July/001241.html -->
+		<exclusion pattern="^http://(www\.)?dailymotion\.com/crossdomain\.xml$" />
+			<test url="http://dailymotion.com/crossdomain.xml" />
+			<test url="http://www.dailymotion.com/crossdomain.xml" />
 
+	<target host="*.dmcdn.net" />
 
-	<!--	Testing wrt embedded breakage.
+	<!-- Testing wrt embedded breakage -->
+	<!-- securecookie host="^.*\.dailymotion\.com$" name=".+" /-->
 
-		securecookie host="^.*\.dailymotion\.com$" name=".+" /-->
-	<!--
-		Omniture tracking cookies:
-						-->
+	<!-- Omniture tracking cookies -->
 	<securecookie host="^\.dailymotion\.com$" name="^s_\w+$" />
 	<securecookie host="^www\.dailymotion\.com$" name=".+" />
 
-
-	<rule from="^http://(erroracct\.|www\.)?dailymotion\.com/"
+	<rule from="^http://(www\.|faq\.|press\.)?dailymotion\.com/"
 		to="https://$1dailymotion.com/" />
+		<test url="http://www.dailymotion.com/" />
+		<test url="http://faq.dailymotion.com/" />
+		<test url="http://press.dailymotion.com/" />
 
-	<rule from="^http://(s\d|static(?:\d|s\d-ssl))\.dmcdn\.net/"
+	<rule from="^http://(s\d(-ssl)?|static\d)\.dmcdn\.net/"
 		to="https://$1.dmcdn.net/" />
-
-	<rule from="^http://ak2\.static\.dailymotion\.com/"
-		to="https://static1-ssl.dmcdn.net/" />
-
-	<rule from="^http://(s\.|www\.)?dmcloud\.net/"
-		to="https://$1dmcloud.net/" />
-
-	<rule from="^http://support\.dmcloud\.net/"
-		to="https://dmcloud.zendesk.com/" />
-
+		<test url="http://s1.dmcdn.net/" />
+		<test url="http://s1-ssl.dmcdn.net/" />
+		<test url="http://static1.dmcdn.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dailynous.com.xml b/src/chrome/content/rules/Dailynous.com.xml
new file mode 100644
index 000000000000..72545ad4b752
--- /dev/null
+++ b/src/chrome/content/rules/Dailynous.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dailynous.com">
+	<target host="dailynous.com" />
+	<target host="www.dailynous.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>  
diff --git a/src/chrome/content/rules/Daisy.net.au.xml b/src/chrome/content/rules/Daisy.net.au.xml
new file mode 100644
index 000000000000..abdf3b86fcd6
--- /dev/null
+++ b/src/chrome/content/rules/Daisy.net.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="Daisy.net.au">
+	<target host="daisy.net.au" />
+	<target host="www.daisy.net.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DalailCentre.com.xml b/src/chrome/content/rules/DalailCentre.com.xml
new file mode 100644
index 000000000000..e6276191fa0b
--- /dev/null
+++ b/src/chrome/content/rules/DalailCentre.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DalailCentre.com">
+	<target host="dalailcentre.com" />
+	<target host="www.dalailcentre.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Damballa.com.xml b/src/chrome/content/rules/Damballa.com.xml
index e3bdda55551f..92242dde4d4e 100644
--- a/src/chrome/content/rules/Damballa.com.xml
+++ b/src/chrome/content/rules/Damballa.com.xml
@@ -11,12 +11,12 @@ Fetch error: http://www.damballa.com/ => https://www.damballa.com/: (60, 'SSL ce
 	* Mismatched
 
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- .damballa.com
 
 -->
-<ruleset name="Damballa.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Damballa.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DanFleisch.com.xml b/src/chrome/content/rules/DanFleisch.com.xml
new file mode 100644
index 000000000000..30029f97abd1
--- /dev/null
+++ b/src/chrome/content/rules/DanFleisch.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="DanFleisch.com">
+	<target host="danfleisch.com" />
+	<target host="www.danfleisch.com" />
+	<target host="www4.danfleisch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DanceSafe.org.xml b/src/chrome/content/rules/DanceSafe.org.xml
deleted file mode 100644
index fe80da243034..000000000000
--- a/src/chrome/content/rules/DanceSafe.org.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="DanceSafe.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="dancesafe.org" />
-	<target host="www.dancesafe.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dancing_Astronaut.xml b/src/chrome/content/rules/Dancing_Astronaut.xml
index e3eaf8d19078..bf2b9857c80f 100644
--- a/src/chrome/content/rules/Dancing_Astronaut.xml
+++ b/src/chrome/content/rules/Dancing_Astronaut.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DandB.com.xml b/src/chrome/content/rules/DandB.com.xml
index 648d687b0b79..125d43d87f5f 100644
--- a/src/chrome/content/rules/DandB.com.xml
+++ b/src/chrome/content/rules/DandB.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://careers.dandb.com/ => https://careers.dandb.com/: (28, 'Conn
 	Mixed content:
 
 		- Images, on:
-		
+
 			- blog from $self *
 			- blog from assets.dandb.com *
 			- careers from $self *
@@ -15,7 +15,7 @@ Fetch error: http://careers.dandb.com/ => https://careers.dandb.com/: (28, 'Conn
 	* Secured by us
 
 -->
-<ruleset name="DandB.com" default_off='failed ruleset test'>
+<ruleset name="DandB.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DandB.xml b/src/chrome/content/rules/DandB.xml
index 4dffe31e838e..05ae507af046 100644
--- a/src/chrome/content/rules/DandB.xml
+++ b/src/chrome/content/rules/DandB.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?dnb\.com/(auth/|product/(?:contract\.htm|support-files/))"
 		to="https://$1dnb.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dangpu.com.xml b/src/chrome/content/rules/Dangpu.com.xml
index 85f33f7b291d..e239c5e03be0 100644
--- a/src/chrome/content/rules/Dangpu.com.xml
+++ b/src/chrome/content/rules/Dangpu.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.dangpu.com/ => https://www.dangpu.com/: (6, 'Could not r
 		- .dangpu.com
 
 -->
-<ruleset name="dangpu.com" default_off='failed ruleset test'>
+<ruleset name="dangpu.com" default_off="failed ruleset test">
 
 	<target host="dangpu.com" />
 	<target host="static.dangpu.com" />
diff --git a/src/chrome/content/rules/Danhlode.com.xml b/src/chrome/content/rules/Danhlode.com.xml
index c20298d8348d..5ed09d7c37e5 100644
--- a/src/chrome/content/rules/Danhlode.com.xml
+++ b/src/chrome/content/rules/Danhlode.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DaniWeb.com.xml b/src/chrome/content/rules/DaniWeb.com.xml
deleted file mode 100644
index 128011b0a3a9..000000000000
--- a/src/chrome/content/rules/DaniWeb.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)?
-		- static
-
-
-	These altnames don't exist:
-
-		- www.static.daniweb.com
-
-
-	Insecure cookies are set for these domains:
-
-		- .www.daniweb.com
-
--->
-<ruleset name="DaniWeb.com">
-
-	<target host="daniweb.com" />
-	<target host="static.daniweb.com" />
-	<target host="www.daniweb.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.www\.daniweb\.com$" name="^(csrf_cookie|dani_session|geolocation|referer)$" /-->
-
-	<securecookie host="^\.www\.daniweb\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Daniel_Miessler.com.xml b/src/chrome/content/rules/Daniel_Miessler.com.xml
deleted file mode 100644
index e22187317638..000000000000
--- a/src/chrome/content/rules/Daniel_Miessler.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Daniel Miessler.com">
-
-	<target host="danielmiessler.com" />
-	<target host="www.danielmiessler.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DanskeBank.xml b/src/chrome/content/rules/DanskeBank.xml
index 8bef5102f115..40b640a6dfda 100644
--- a/src/chrome/content/rules/DanskeBank.xml
+++ b/src/chrome/content/rules/DanskeBank.xml
@@ -13,7 +13,7 @@ Other Danske Bank rulesets:
 -->
 
 <ruleset name="Danske Bank">
-  <!-- Main domains --> 
+  <!-- Main domains -->
   <target host="danskebank.dk" />
   <target host="www.danskebank.dk" />
 
@@ -31,7 +31,7 @@ Other Danske Bank rulesets:
   <target host="online.danskebank.dk" />
   <target host="www-2.danskebank.dk" />
   <target host="www.cem.danskebank.dk" />
-  
+
   <rule from="^http:"
           to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Danze.com.xml b/src/chrome/content/rules/Danze.com.xml
new file mode 100644
index 000000000000..c4a8349bd7c2
--- /dev/null
+++ b/src/chrome/content/rules/Danze.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Connection reset:
+		- danze.com
+		- www.danze.com
+
+	Invalid certificate:
+		- foodiecaliente.danze.com
+		- inspiration.danze.com
+		- literature.danze.com
+		- productxref.danze.com
+
+	Timed out:
+		- cp.danze.com
+-->
+
+<ruleset name="Danze.com">
+	<target host="support.danze.com" />
+	<target host="showtimereg.danze.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dap.com.xml b/src/chrome/content/rules/Dap.com.xml
new file mode 100644
index 000000000000..040026aaff73
--- /dev/null
+++ b/src/chrome/content/rules/Dap.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Active mixed content:
+		- dap.com
+		- www.dap.com
+		- alexspackling.dap.com
+
+	Connection reset:
+		- blog.dap.com
+		- canada.dap.com
+
+	Invalid certificate:
+		- dynaflexultra.dap.com
+		- platinumpatch.dap.com
+		- sealnpeel.dap.com
+		- simpleseal.dap.com
+-->
+
+<ruleset name="Dap.com">
+	<target host="3point0.dap.com" />
+	<target host="alex.dap.com" />
+	<target host="dynagrip.dap.com" />
+	<target host="kwiksealultra.dap.com" />
+	<target host="plasticwood.dap.com" />
+	<target host="rapidfusewood.dap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DarAnNor.com.xml b/src/chrome/content/rules/DarAnNor.com.xml
new file mode 100644
index 000000000000..fb9e87448431
--- /dev/null
+++ b/src/chrome/content/rules/DarAnNor.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DarAnNor.com">
+	<target host="darannor.com" />
+	<target host="www.darannor.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Darjeelin.fr.xml b/src/chrome/content/rules/Darjeelin.fr.xml
index 103d4975c9e6..493bae2d5957 100644
--- a/src/chrome/content/rules/Darjeelin.fr.xml
+++ b/src/chrome/content/rules/Darjeelin.fr.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.darjeelin.fr/ => https://www.darjeelin.fr/: (35, 'error:
 		- .darjeelin.fr
 
 -->
-<ruleset name="Darjeelin.fr" default_off='failed ruleset test'>
+<ruleset name="Darjeelin.fr" default_off="failed ruleset test">
 
 	<target host="darjeelin.fr" />
 	<target host="a.darjeelin.fr" />
diff --git a/src/chrome/content/rules/DarkSky.net.xml b/src/chrome/content/rules/DarkSky.net.xml
new file mode 100644
index 000000000000..b0d3b3bcacc5
--- /dev/null
+++ b/src/chrome/content/rules/DarkSky.net.xml
@@ -0,0 +1,32 @@
+<ruleset name="DarkSky.net">
+
+	<target host="darksky.net" />
+	<target host="www.darksky.net" />
+	<target host="api.darksky.net" />
+	<target host="blog.darksky.net" />
+	<target host="data.darksky.net" />
+	<target host="enterprise-data.darksky.net" />
+	<target host="maps.darksky.net" />
+	<target host="maps-android.darksky.net" />
+	<target host="maps-ios.darksky.net" />
+	<target host="maps-ios-multi.darksky.net" />
+	<target host="maps-raw.darksky.net" />
+	<target host="maps0.darksky.net" />
+	<target host="maps1.darksky.net" />
+	<target host="maps2.darksky.net" />
+	<target host="maps3.darksky.net" />
+	<target host="maps4.darksky.net" />
+	<target host="maps5.darksky.net" />
+	<target host="maps6.darksky.net" />
+	<target host="maps7.darksky.net" />
+	<target host="maps8.darksky.net" />
+	<target host="notifications.darksky.net" />
+	<target host="reporter.darksky.net" />
+	<target host="staging.darksky.net" />
+	<target host="status.darksky.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dark_Reading.com.xml b/src/chrome/content/rules/Dark_Reading.com.xml
index 54167e0a95c4..b0871000e81d 100644
--- a/src/chrome/content/rules/Dark_Reading.com.xml
+++ b/src/chrome/content/rules/Dark_Reading.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://events.darkreading.com/ => https://events.darkreading.com/:
 			 - events.darkreading.com
 			 - w1.darkreading.com
 -->
-<ruleset name="Dark Reading.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Dark Reading.com" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="darkreading.com" />
 	<target host="www.darkreading.com" />
 	<target host="events.darkreading.com" />
diff --git a/src/chrome/content/rules/Darkmail.info.xml b/src/chrome/content/rules/Darkmail.info.xml
index b210a27cf02c..e8b7e093f9d9 100644
--- a/src/chrome/content/rules/Darkmail.info.xml
+++ b/src/chrome/content/rules/Darkmail.info.xml
@@ -3,4 +3,4 @@
 <target host="darkmail.info"/>
 <rule from="^http:" to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml b/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml
index 768352c8ebad..e91e21df3d1e 100644
--- a/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml
+++ b/src/chrome/content/rules/Darmstadt_University_of_Applied_Sciences.xml
@@ -40,4 +40,4 @@
 	<rule from="^http://mail\.h-da\.de/(?:\?.*)?$"
 		to="https://webmail.h-da.de/owa" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DartSearch.net.xml b/src/chrome/content/rules/DartSearch.net.xml
new file mode 100644
index 000000000000..a9e4f7534375
--- /dev/null
+++ b/src/chrome/content/rules/DartSearch.net.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Mismatched:
+		- cs.dartsearch.net
+		- cs.eu.dartsearch.net
+		- cs.uk.dartsearch.net
+-->
+<ruleset name="DartSearch.net">
+	<target host="clickserve.dartsearch.net" />
+	<target host="clickserve.eu.dartsearch.net" />
+	<target host="clickserve.uk.dartsearch.net" />
+	<target host="clickserve.us2.dartsearch.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DarwinProject.ac.uk.xml b/src/chrome/content/rules/DarwinProject.ac.uk.xml
new file mode 100644
index 000000000000..963fb6bd402b
--- /dev/null
+++ b/src/chrome/content/rules/DarwinProject.ac.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="DarwinProject.ac.uk">
+
+	<target host="darwinproject.ac.uk" />
+	<target host="www.darwinproject.ac.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Darwinsys.com.xml b/src/chrome/content/rules/Darwinsys.com.xml
new file mode 100644
index 000000000000..3aaabaa946cb
--- /dev/null
+++ b/src/chrome/content/rules/Darwinsys.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Darwinsys.com" default_off="cert-chain">
+	<target host="darwinsys.com" />
+	<target host="www.darwinsys.com" />
+	<target host="cjp.darwinsys.com" />
+	<target host="javacook.darwinsys.com" />
+	<target host="lhbooks.darwinsys.com" />
+	<target host="pageunit.darwinsys.com" />
+	<target host="theories.darwinsys.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DasErste.de.xml b/src/chrome/content/rules/DasErste.de.xml
new file mode 100644
index 000000000000..b84d0c1356ff
--- /dev/null
+++ b/src/chrome/content/rules/DasErste.de.xml
@@ -0,0 +1,92 @@
+<!--
+	Invalid certificate:
+		ctv-videos.daserste.de
+		(www.)?dailys.daserste.de
+		event-live-hds.daserste.de
+		hbbtv-videos.daserste.de
+		hds.daserste.de
+		hds-geo.daserste.de
+		hls.daserste.de
+		hls-geo.daserste.de
+		live-ut-lh.daserste.de
+		(www.)?mediathek.daserste.de
+		mvideos.daserste.de
+		mvideos-geo.daserste.de
+		pd-videos.daserste.de
+		smoothstreaming-vod.daserste.de
+		sonntagskrimis.daserste.de
+		sslcerttest.daserste.de
+		universal-vod.daserste.de
+
+	Refused:
+		www.m.daserste.de
+		mediathek-origin.daserste.de
+		progpix.daserste.de
+
+	Timeout:
+		deo-vpn.daserste.de
+		download.daserste.de
+		echovoting2010.daserste.de
+		event-live.daserste.de
+		hbbtv.daserste.de
+		hbbtv-babylon.daserste.de
+		hbbtv-tatort.daserste.de
+		lamp-c.daserste.de
+		lamp-dev-c.daserste.de
+		legespiel-dev.daserste.de
+		live-lh.daserste.de
+		m.daserste.de
+		m-service.daserste.de
+		mediathek-tua.daserste.de
+		mx[1-3].daserste.de
+		onlinequiz.daserste.de
+		programm-origin.daserste.de
+		static.daserste.de
+-->
+
+<ruleset name="DasErste.de">
+
+	<target host="daserste.de" />
+	<target host="www.daserste.de" />
+	<target host="alias.daserste.de" />
+	<target host="bauhaus.daserste.de" />
+	<target host="blogs.daserste.de" />
+	<target host="connect.daserste.de" />
+	<target host="forum.daserste.de" />
+	<target host="iosvtt.daserste.de" />
+	<target host="jumpmarks-live.daserste.de" />
+	<target host="katharinaluther.daserste.de" />
+	<target host="legespiel.daserste.de" />
+	<target host="legespiel-mdr.daserste.de" />
+	<target host="live.daserste.de" />
+	<target host="livestreamplanung.daserste.de" />
+	<target host="login.daserste.de" />
+	<target host="mail.daserste.de" />
+	<target host="mcdn.daserste.de" />
+	<target host="mcdn-live-l3.daserste.de" />
+	<target host="mcdn-live-l3-bak.daserste.de" />
+	<target host="mcdn-live-l3-dir.daserste.de" />
+	<target host="mcdn-test.daserste.de" />
+	<target host="multicdn31-bak-br.daserste.de" />
+	<target host="multicdnlv31-br.daserste.de" />
+	<target host="presse.daserste.de" />
+	<target host="previewthumbnails.daserste.de" />
+	<target host="programm.daserste.de" />
+	<target host="quizapp.daserste.de" />
+	<target host="quoten.daserste.de" />
+	<target host="reportage.daserste.de" />
+	<target host="services.daserste.de" />
+	<target host="share.daserste.de" />
+	<target host="tatas.daserste.de" />
+	<target host="test.daserste.de" />
+	<target host="themenwoche.daserste.de" />
+	<target host="tua.daserste.de" />
+	<target host="vpn.daserste.de" />
+	<target host="vpnclient.daserste.de" />
+	<target host="wetterbilder.daserste.de" />
+	<target host="wir5sind1.daserste.de" />
+	<target host="www5.daserste.de" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Das_Parlament.xml b/src/chrome/content/rules/Das_Parlament.xml
index 4e4ab3be19aa..d54c46a403ac 100644
--- a/src/chrome/content/rules/Das_Parlament.xml
+++ b/src/chrome/content/rules/Das_Parlament.xml
@@ -11,11 +11,11 @@ Fetch error: http://www.das-parlament.de/ => https://www.das-parlament.de/: (28,
 	^das-parlament.de doesn't exist.
 
 -->
-<ruleset name="Das Parlament (partial)" default_off='failed ruleset test'>
+<ruleset name="Das Parlament (partial)" default_off="failed ruleset test">
 
 	<target host="www.das-parlament.de" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dasezna.lgbt.xml b/src/chrome/content/rules/Dasezna.lgbt.xml
new file mode 100644
index 000000000000..f72425026b78
--- /dev/null
+++ b/src/chrome/content/rules/Dasezna.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dasezna.lgbt">
+	<target host="dasezna.lgbt" />
+	<target host="www.dasezna.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dash-Player.com.xml b/src/chrome/content/rules/Dash-Player.com.xml
index 69f7c9e0f56e..4d0029713620 100644
--- a/src/chrome/content/rules/Dash-Player.com.xml
+++ b/src/chrome/content/rules/Dash-Player.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.dash-player.com/ => https://www.dash-player.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="bitmovin GmbH" default_off='failed ruleset test'>
+<ruleset name="bitmovin GmbH" default_off="failed ruleset test">
 
 	<target host="www.dash-player.com"/>
 
diff --git a/src/chrome/content/rules/Dask.org.xml b/src/chrome/content/rules/Dask.org.xml
new file mode 100644
index 000000000000..2829ad1de88e
--- /dev/null
+++ b/src/chrome/content/rules/Dask.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="Dask.org">
+
+	<target host="dask.org" />
+	<target host="www.dask.org" />
+
+	<target host="blog.dask.org" />
+	<target host="distributed.dask.org" />
+	<target host="docs.dask.org" />
+	<target host="examples.dask.org" />
+	<target host="image.dask.org" />
+	<target host="jobqueue.dask.org" />
+	<target host="kubernetes.dask.org" />
+	<target host="ml.dask.org" />
+	<target host="stories.dask.org" />
+	<target host="yarn.dask.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dassault_Falcon.xml b/src/chrome/content/rules/Dassault_Falcon.xml
index 6bea3c5e810b..e2d1c6fe3792 100644
--- a/src/chrome/content/rules/Dassault_Falcon.xml
+++ b/src/chrome/content/rules/Dassault_Falcon.xml
@@ -10,9 +10,20 @@
 <ruleset name="Dassault Falcon">
 
 	<target host="dassaultfalcon.com" />
-	<target host="*.dassaultfalcon.com" />
+	<target host="customer.dassaultfalcon.com" />
+	<target host="insight.dassaultfalcon.com" />
+	<target host="sqr.dassaultfalcon.com" />
+	<target host="wtsdc.dassaultfalcon.com" />
+	<target host="www.dassaultfalcon.com" />
 	<target host="falconjet.com" />
-	<target host="*.falconjet.com" />
+	<target host="www.falconjet.com" />
+	<target host="aht.falconjet.com" />
+	<target host="cats.falconjet.com" />
+	<target host="devworks.falconjet.com" />
+	<target host="qlik.falconjet.com" />
+	<target host="spares.falconjet.com" />
+	<target host="thebridge.falconjet.com" />
+	<target host="thin.falconjet.com" />
 
 
 	<securecookie host="^.+\.(?:dassaultfalcon|falconjet)\.com$" name=".+" />
@@ -21,10 +32,7 @@
 	<rule from="^http://(?:dassaultfalcon|(?:www\.)?falconjet)\.com/"
 		to="https://www.dassaultfalcon.com/" />
 
-	<rule from="^http://(customer|insight|sqr|wtsdc|www)\.dassaultfalcon\.com/"
-		to="https://$1.dassaultfalcon.com/" />
 
-	<rule from="^http://(aht|cats|devworks|qlik|spares|thebridge|thin)\.falconjet\.com/"
-		to="https://$1.falconjet.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dassault_Systemes.xml b/src/chrome/content/rules/Dassault_Systemes.xml
index b5be60767cda..f6aa33c7729b 100644
--- a/src/chrome/content/rules/Dassault_Systemes.xml
+++ b/src/chrome/content/rules/Dassault_Systemes.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://a\d\.media\.3ds\.com/"
 		to="https://www.3ds.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dastelefonbuch.de.xml b/src/chrome/content/rules/Dastelefonbuch.de.xml
deleted file mode 100644
index 984c12146597..000000000000
--- a/src/chrome/content/rules/Dastelefonbuch.de.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Dastelefonbuch.de">
-<target host="www2.dastelefonbuch.de"/>
-<target host="mein2.dastelefonbuch.de" />
-
-<rule from="^http:" to="https:" />
-
-
-</ruleset>
- 
diff --git a/src/chrome/content/rules/Data-Protection-Commissioner.xml b/src/chrome/content/rules/Data-Protection-Commissioner.xml
index 0db4538b230b..763b1afcae50 100644
--- a/src/chrome/content/rules/Data-Protection-Commissioner.xml
+++ b/src/chrome/content/rules/Data-Protection-Commissioner.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Data.com.xml b/src/chrome/content/rules/Data.com.xml
index 868388e3faa9..c31feb7996d0 100644
--- a/src/chrome/content/rules/Data.com.xml
+++ b/src/chrome/content/rules/Data.com.xml
@@ -15,7 +15,11 @@
 <ruleset name="Data.com">
 
 	<target host="data.com" />
-	<target host="*.data.com" />
+	<target host="www.data.com" />
+	<target host="connect.data.com" />
+	<target host="jigsaw.data.com" />
+	<target host="www.jigsaw.data.com" />
+	<target host="static.data.com" />
 
 
 	<securecookie host="^.+\.data\.com$" name=".+" />
@@ -24,7 +28,6 @@
 	<rule from="^http://(?:www\.)?data\.com/"
 		to="https://www.data.com/" />
 
-	<rule from="^http://(connect|(?:www\.)?jigsaw|static)\.data\.com/"
-		to="https://$1.data.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Data.fm.xml b/src/chrome/content/rules/Data.fm.xml
index 84933f86a9aa..4770359cf392 100644
--- a/src/chrome/content/rules/Data.fm.xml
+++ b/src/chrome/content/rules/Data.fm.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://data.fm/ => https://data.fm/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="data.fm" default_off='failed ruleset test'>
+<ruleset name="data.fm" default_off="failed ruleset test">
 
 	<target host="data.fm"/>
 	<target host="*.data.fm"/>
diff --git a/src/chrome/content/rules/DataCamp.com.xml b/src/chrome/content/rules/DataCamp.com.xml
index e8cc493b83b6..9ca9f9a6b8c3 100644
--- a/src/chrome/content/rules/DataCamp.com.xml
+++ b/src/chrome/content/rules/DataCamp.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="DataCamp.com">
 
 	<target host="datacamp.com" />
-	<target host="*.datacamp.com" />
+	<target host="www.datacamp.com" />
+	<target host="api.datacamp.com" />
 
 
 	<!--	Not secured by server:
@@ -18,7 +19,6 @@
 	<rule from="^http://(?:www\.)?datacamp\.com/"
 		to="https://www.datacamp.com/" />
 
-	<rule from="^http://api\.datacamp\.com/"
-		to="https://api.datacamp.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DataCell.xml b/src/chrome/content/rules/DataCell.xml
index eca65649c081..2b91554cee0f 100644
--- a/src/chrome/content/rules/DataCell.xml
+++ b/src/chrome/content/rules/DataCell.xml
@@ -14,7 +14,8 @@ Fetch error: http://www.datacell.is/ => https://www.datacell.com/: (60, 'SSL cer
 <ruleset name="DataCell" platform="mixedcontent">
 
 	<target host="datacell.com" />
-	<target host="*.datacell.com" />
+	<target host="www.datacell.com" />
+	<target host="paygate.datacell.com" />
 	<target host="datacell.is" />
 	<target host="www.datacell.is" />
 
@@ -25,7 +26,6 @@ Fetch error: http://www.datacell.is/ => https://www.datacell.com/: (60, 'SSL cer
 	<rule from="^http://(?:www\.)?datacell\.(?:com|is)/"
 		to="https://www.datacell.com/" />
 
-	<rule from="^http://paygate\.datacell\.com/"
-		to="https://paygate.datacell.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DataCenterKnowledge.com.xml b/src/chrome/content/rules/DataCenterKnowledge.com.xml
index a7dde9c2887b..0a2d2f96cca6 100644
--- a/src/chrome/content/rules/DataCenterKnowledge.com.xml
+++ b/src/chrome/content/rules/DataCenterKnowledge.com.xml
@@ -11,10 +11,11 @@ Fetch error: http://datacenterknowledge.com/ => https://datacenterknowledge.com/
 	jobs.datacenterknowledge.com lacks ssl. :(
 	openx.datacenterknowledge.com lacks ssl. :(
 -->
-<ruleset name="DataCenterKnowledge.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="DataCenterKnowledge.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="datacenterknowledge.com" />
-	<target host="*.datacenterknowledge.com" />
+	<target host="www.datacenterknowledge.com" />
+	<target host="jobs.datacenterknowledge.com" />
 		<!--	rewriting / and paths under /a/ to datacenterknowledge.jobamatic.com
 			redirects to https://www.jobamatic.com/jbb-static/home		-->
 		<exclusion pattern="^http://jobs\.datacenterknowledge\.com/(?:$|a/)" />
diff --git a/src/chrome/content/rules/DataMineLab.com.xml b/src/chrome/content/rules/DataMineLab.com.xml
index b0e3317cecfe..7370b7ec0d12 100644
--- a/src/chrome/content/rules/DataMineLab.com.xml
+++ b/src/chrome/content/rules/DataMineLab.com.xml
@@ -1,15 +1,19 @@
-<ruleset name="DataMineLab.com (partial)">
+<!--
+	Invalid certificate:
+		dataminelab.com
 
-	<target host="dataminelab.com" />
-	<target host="*.dataminelab.com" />
+-->
+<ruleset name="DataMineLab.com">
 
+	<target host="dataminelab.com" />
+	<target host="www.dataminelab.com" />
 
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.dataminelab\.com$" name="^__utm\w+$" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.dataminelab\.com/"
+		to="https://dataminelab.com/" />
 
-	<rule from="^http://(?:www\.)?dataminelab\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://secure.bluehost.com/~datamine/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DataSavesLives.eu.xml b/src/chrome/content/rules/DataSavesLives.eu.xml
index 5b726d5b1996..19293a65dfc2 100644
--- a/src/chrome/content/rules/DataSavesLives.eu.xml
+++ b/src/chrome/content/rules/DataSavesLives.eu.xml
@@ -5,7 +5,7 @@ Fetch error: http://datasaveslives.eu/ => https://datasaveslives.eu/: (51, "SSL:
 Fetch error: http://www.datasaveslives.eu/ => https://www.datasaveslives.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.datasaveslives.eu'")
 
 -->
-<ruleset name="DataSavesLives.eu" default_off='failed ruleset test'>
+<ruleset name="DataSavesLives.eu" default_off="failed ruleset test">
 
 	<target host="datasaveslives.eu" />
 	<target host="www.datasaveslives.eu" />
diff --git a/src/chrome/content/rules/Data_Conservancy.org.xml b/src/chrome/content/rules/Data_Conservancy.org.xml
index 8dd6c46d883e..4c4b338c37d5 100644
--- a/src/chrome/content/rules/Data_Conservancy.org.xml
+++ b/src/chrome/content/rules/Data_Conservancy.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://dataconservancy.org/ => https://dataconservancy.org/: (35, '
 Fetch error: http://www.dataconservancy.org/ => https://www.dataconservancy.org/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
 
 -->
-<ruleset name="Data Conservancy.org" default_off='failed ruleset test'>
+<ruleset name="Data Conservancy.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Data_Informed.xml b/src/chrome/content/rules/Data_Informed.xml
index e6a5262f093e..f721ddf91349 100644
--- a/src/chrome/content/rules/Data_Informed.xml
+++ b/src/chrome/content/rules/Data_Informed.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?data-informed\.com/"
 		to="https://data-informed.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Databits.net.xml b/src/chrome/content/rules/Databits.net.xml
index a8c814da15ff..0cd1c9c7a160 100644
--- a/src/chrome/content/rules/Databits.net.xml
+++ b/src/chrome/content/rules/Databits.net.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://databits.net/ => https://databits.net/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.databits.net/ => https://www.databits.net/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="databits.net" default_off='failed ruleset test'>
+<ruleset name="databits.net" default_off="failed ruleset test">
 
 	<target host="databits.net" />
 	<target host="www.databits.net" />
diff --git a/src/chrome/content/rules/Databricks.com.xml b/src/chrome/content/rules/Databricks.com.xml
deleted file mode 100644
index 986d511adb0d..000000000000
--- a/src/chrome/content/rules/Databricks.com.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<!--
-	CDN buckets:
-
-		- databricks-prod-storage-oregon.s3.amazonaws.com
-
-
-	Nonfunctional hosts in *databricks.com:
-
-		- feedback ³
-		- help ʰ
-
-	³ 403
-	ʰ Zendesk/redirects to http
-
-
-	Problematic hosts in *databricks.com:
-
-		- go ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- accounts.cloud.databricks.com
-		- forums.databricks.com
-
--->
-<ruleset name="Databricks.com (partial)">
-
-	<target host="databricks.com" />
-
-	<target host="accounts.cloud.databricks.com" />
-	<target host="databricks-prod-cloudfront.cloud.databricks.com" />
-	<target host="docs.cloud.databricks.com" />
-
-	<target host="forums.databricks.com" />
-	<target host="sparkhub.databricks.com" />
-	<target host="www.databricks.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^accounts\.cloud\.databricks\.com$" name="^AWSELB$" /-->
-	<!--securecookie host="^forums\.databricks\.com$" name="^TH_CSRF$" /-->
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Datacard.com.xml b/src/chrome/content/rules/Datacard.com.xml
index aa13db445673..6c7899a1875f 100644
--- a/src/chrome/content/rules/Datacard.com.xml
+++ b/src/chrome/content/rules/Datacard.com.xml
@@ -5,31 +5,18 @@
 		- Entrust.com.xml
 
 
-	^: cert only matches www
-
-
-	These altnames don't exist:
-
-		- www.careers.datacard.com
+	Non-functional hosts:
+		Timeout:
+		- careers.datacard.com
 
 -->
 <ruleset name="Datacard.com">
 
 	<target host="datacard.com" />
-	<target host="*.datacard.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.datacard\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^www\.datacard\.com$" name="" />
-
+	<target host="www.datacard.com" />
 
-	<rule from="^http://(?:www\.)?datacard\.com/"
-		to="https://www.datacard.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://careers\.datacard\.com/"
-		to="https://careers.datacard.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DatacentrumGids.nl.xml b/src/chrome/content/rules/DatacentrumGids.nl.xml
deleted file mode 100644
index d124d47ad38c..000000000000
--- a/src/chrome/content/rules/DatacentrumGids.nl.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-
-	For other xCAT coverage, XCAT.nl.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.datacentrumgids.nl
-
--->
-<ruleset name="DatacentrumGids.nl">
-
-	<target host="datacentrumgids.nl" />
-	<target host="www.datacentrumgids.nl" />
-
-
-	<!-- Not secured by server:
-					-->
-	<!--securecookie host="^www\.datacentrumgids\.nl$" name="^laravel_session$" /-->
-
-	<securecookie host="^(?:www)?\.datacentrumgids\.nl$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Datalogix.com.xml b/src/chrome/content/rules/Datalogix.com.xml
index 5423fb3e787c..60af0c74d0f3 100644
--- a/src/chrome/content/rules/Datalogix.com.xml
+++ b/src/chrome/content/rules/Datalogix.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.datalogix.com/ => http://www.datalogix.com/: Too many re
 	Some pages redirect to http.
 
 -->
-<ruleset name="Datalogix.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Datalogix.com (partial)" default_off="failed ruleset test">
 
 	<target host="datalogix.com" />
 	<target host="www.datalogix.com" />
@@ -26,4 +26,4 @@ Fetch error: http://www.datalogix.com/ => http://www.datalogix.com/: Too many re
 	<rule from="^http://(?:www\.)?datalogix\.com/(favicon\.ico|wp-content/|wp-includes/)"
 		to="https://www.datalogix.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Datamappi.fi.xml b/src/chrome/content/rules/Datamappi.fi.xml
index 7ddddff2703f..a1356a322a5d 100644
--- a/src/chrome/content/rules/Datamappi.fi.xml
+++ b/src/chrome/content/rules/Datamappi.fi.xml
@@ -14,10 +14,11 @@ Fetch error: http://datamappi.fi/ => https://www.datamappi.fi/: (7, 'Failed to c
 		- owa
 
 -->
-<ruleset name="Datamappi.fi" default_off='failed ruleset test'>
+<ruleset name="Datamappi.fi" default_off="failed ruleset test">
 
 	<target host="datamappi.fi" />
-	<target host="*.datamappi.fi" />
+	<target host="www.datamappi.fi" />
+	<target host="oma.datamappi.fi" />
 
 
 	<securecookie host="^(?:oma|www)\.datamappi\.fi$" name=".+" />
@@ -26,7 +27,6 @@ Fetch error: http://datamappi.fi/ => https://www.datamappi.fi/: (7, 'Failed to c
 	<rule from="^http://(?:www\.)?datamappi\.fi/"
 		to="https://www.datamappi.fi/" />
 
-	<rule from="^http://oma\.datamappi\.fi/"
-		to="https://oma.datamappi.fi/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Datamind.ru.xml b/src/chrome/content/rules/Datamind.ru.xml
index 1c02a18297e0..16e557cb2156 100644
--- a/src/chrome/content/rules/Datamind.ru.xml
+++ b/src/chrome/content/rules/Datamind.ru.xml
@@ -1,12 +1,9 @@
 <ruleset name="datamind.ru">
 
-	<target host="*.pool.datamind.ru" />
+	<target host="sync.pool.datamind.ru" />
 
 
-	<securecookie host="^\.pool\.datamind\.ru$" name=".+" />
 
-
-	<rule from="^http://sync\.pool\.datamind\.ru/"
-		to="https://sync.pool.datamind.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Datared.dk.xml b/src/chrome/content/rules/Datared.dk.xml
index d2531d6e59d9..3f2384aeb980 100644
--- a/src/chrome/content/rules/Datared.dk.xml
+++ b/src/chrome/content/rules/Datared.dk.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.datared.dk/ => https://datared.dk/: (60, 'SSL certificat
 
 	¹: Bad CN in cert
 -->
-<ruleset name="Datared.dk" default_off='failed ruleset test'>
+<ruleset name="Datared.dk" default_off="failed ruleset test">
 
 	<target host="datared.dk" />
 	<target host="www.datared.dk" />
diff --git a/src/chrome/content/rules/Datemas.de.xml b/src/chrome/content/rules/Datemas.de.xml
deleted file mode 100644
index 7a84393d5597..000000000000
--- a/src/chrome/content/rules/Datemas.de.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to web)
-
--->
-<ruleset name="Datemas.de (partial)">
-
-	<target host="web.datemas.de" />
-
-
-	<securecookie host="^web\.datemas\.de$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Daum_Communications.xml b/src/chrome/content/rules/Daum_Communications.xml
deleted file mode 100644
index 96f3777e8f1b..000000000000
--- a/src/chrome/content/rules/Daum_Communications.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Daum Communications
-
-	Other Daum Communications rulesets:
-
-		- DaumCDN.net.xml
-
-
-	Nonfunctional hosts in *daum.net:
-
-		- (www.)?
-		- editor
-
--->
-<ruleset name="Duam.net (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="track.tiara.daum.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/David_Gold.xml b/src/chrome/content/rules/David_Gold.xml
index d80f582be7eb..07f6e1f1cfd7 100644
--- a/src/chrome/content/rules/David_Gold.xml
+++ b/src/chrome/content/rules/David_Gold.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?davidgold\.co\.uk/"
 		to="https://www.davidgold.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/David_Lazar.org.xml b/src/chrome/content/rules/David_Lazar.org.xml
index 9082abf4d079..0b5acf812579 100644
--- a/src/chrome/content/rules/David_Lazar.org.xml
+++ b/src/chrome/content/rules/David_Lazar.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.davidlazar.org/ => https://www.davidlazar.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.davidlazar.org'")
 
 -->
-<ruleset name="David Lazar.org" default_off='failed ruleset test'>
+<ruleset name="David Lazar.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/David_Sopas.com.xml b/src/chrome/content/rules/David_Sopas.com.xml
deleted file mode 100644
index c4f524b589db..000000000000
--- a/src/chrome/content/rules/David_Sopas.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- favicon from $self *
-
-	* Secured by us
-
--->
-<ruleset name="David Sopas.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="davidsopas.com" />
-	<target host="www.davidsopas.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Davinci_Vaporizor.xml b/src/chrome/content/rules/Davinci_Vaporizor.xml
index b391d5eb75bc..2fb7c3911bf1 100644
--- a/src/chrome/content/rules/Davinci_Vaporizor.xml
+++ b/src/chrome/content/rules/Davinci_Vaporizor.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DavisSystem.xml b/src/chrome/content/rules/DavisSystem.xml
index 3dad78a8c188..f77618109326 100644
--- a/src/chrome/content/rules/DavisSystem.xml
+++ b/src/chrome/content/rules/DavisSystem.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Davis_Instruments.xml b/src/chrome/content/rules/Davis_Instruments.xml
index f7657fe1e296..88db09af5a83 100644
--- a/src/chrome/content/rules/Davis_Instruments.xml
+++ b/src/chrome/content/rules/Davis_Instruments.xml
@@ -1,7 +1,8 @@
 <ruleset name="Davis Instruments (partial)">
 
 	<target host="davis.com" />
-	<target host="*.davis.com" />
+	<target host="www.davis.com" />
+	<target host="static.davis.com" />
 
 
 	<!--	At least some pages redirect to http.
diff --git a/src/chrome/content/rules/Dditscdn.com.xml b/src/chrome/content/rules/Dditscdn.com.xml
index a3f527e6f6b0..80b48a0b57aa 100644
--- a/src/chrome/content/rules/Dditscdn.com.xml
+++ b/src/chrome/content/rules/Dditscdn.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://resourcex4.dditscdn.com/ => https://resourcex4.dditscdn.com/
 
 
 -->
-<ruleset name="dditscdn.com" default_off='failed ruleset test'>
+<ruleset name="dditscdn.com" default_off="failed ruleset test">
 
 	<!--target host="flash.dditscdn.com" /-->
 	<target host="gallery.dditscdn.com" />
diff --git a/src/chrome/content/rules/De-Captcher.com.xml b/src/chrome/content/rules/De-Captcher.com.xml
index e264bd0a0f49..c8bc43329e61 100644
--- a/src/chrome/content/rules/De-Captcher.com.xml
+++ b/src/chrome/content/rules/De-Captcher.com.xml
@@ -20,7 +20,7 @@
 
 	<!--	Not secured by server:
 					-->
-	<!--securecookie host="^de-captcher\.com$" name="^JSPSESSID$" /--> 
+	<!--securecookie host="^de-captcher\.com$" name="^JSPSESSID$" /-->
 
 	<securecookie host="^de-captcher\.com$" name=".+" />
 
diff --git a/src/chrome/content/rules/De-Centralize.com.xml b/src/chrome/content/rules/De-Centralize.com.xml
deleted file mode 100644
index 0b7dbe2fb167..000000000000
--- a/src/chrome/content/rules/De-Centralize.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Mixed content:
-		mail.de-centralize.com
-
--->
-<ruleset name="De-Centralize.com">
-
-	<target host="de-centralize.com" />
-	<target host="www.de-centralize.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/De17a.com.xml b/src/chrome/content/rules/De17a.com.xml
index d468276553fe..d9168e963142 100644
--- a/src/chrome/content/rules/De17a.com.xml
+++ b/src/chrome/content/rules/De17a.com.xml
@@ -7,13 +7,11 @@
 <ruleset name="De17a.com">
 
 	<target host="de17a.com" />
-	<target host="*.de17a.com" />
 
 
 	<securecookie host="^\.de17a\.com$" name=".+" />
 
 
-	<rule from="^http://de17a\.com/"
-		to="https://de17a.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DeNA.com.xml b/src/chrome/content/rules/DeNA.com.xml
new file mode 100644
index 000000000000..fc909466f9ac
--- /dev/null
+++ b/src/chrome/content/rules/DeNA.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- swet.dena.com
+
+	Timed out:
+		- design.dena.com
+		- games.dena.com
+-->
+
+<ruleset name="DeNA.com">
+	<target host="dena.com" />
+	<target host="www.dena.com" />
+	<target host="fullswing.dena.com" />
+	<target host="genom.dena.com" />
+	<target host="healthcare.dena.com" />
+	<target host="techcon.dena.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/De_Bekijkerie.nl.xml b/src/chrome/content/rules/De_Bekijkerie.nl.xml
deleted file mode 100644
index 6addc79866a5..000000000000
--- a/src/chrome/content/rules/De_Bekijkerie.nl.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	^: cert only maches www
-
--->
-<ruleset name="De Bekijkerie.nl">
-
-	<target host="debekijkerie.nl" />
-	<target host="www.debekijkerie.nl" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/De_Correspondent.nl.xml b/src/chrome/content/rules/De_Correspondent.nl.xml
index b7fd521a029a..9e3c2f700a8a 100644
--- a/src/chrome/content/rules/De_Correspondent.nl.xml
+++ b/src/chrome/content/rules/De_Correspondent.nl.xml
@@ -1,7 +1,9 @@
 <ruleset name="De Correspondent.nl">
 
 	<target host="decorrespondent.nl" />
-	<target host="*.decorrespondent.nl" />
+	<target host="dynamic.decorrespondent.nl" />
+	<target host="static.decorrespondent.nl" />
+	<target host="www.decorrespondent.nl" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^decorrespondent\.nl$" name=".+" />
 
 
-	<rule from="^http://((?:dynamic|static|www)\.)?decorrespondent\.nl/"
-		to="https://$1decorrespondent.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/De_Silva.biz.xml b/src/chrome/content/rules/De_Silva.biz.xml
index 0c95b466087c..cb3e99f2f974 100644
--- a/src/chrome/content/rules/De_Silva.biz.xml
+++ b/src/chrome/content/rules/De_Silva.biz.xml
@@ -7,7 +7,7 @@
 	* See https://whatsmychaincert.com
 
 -->
-<ruleset name="de Silva.biz" default_off="missing certificate chain">
+<ruleset name="de Silva.biz" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Deadspin.com.xml b/src/chrome/content/rules/Deadspin.com.xml
deleted file mode 100644
index b2e13918bf0c..000000000000
--- a/src/chrome/content/rules/Deadspin.com.xml
+++ /dev/null
@@ -1,71 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	Problematic hosts in *deadspin.com:
-
-		- cache ᵐ
-
-	ᵐ Mismatched, CN: *.a.ssl.fastly.net
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- deadspin.com
-		- (column_name).deadspin.com
-		- www.deadspin.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Bugs on ^, (column_name) from b.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Deadspin.com">
-
-	<target host="deadspin.com" />
-	<target host="*.deadspin.com" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}deadspin\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.deadspin.com/" />
-			<test url="http://exists.not.deadspin.com/" />
-
-		<!--	Direct rewrites:
-					-->
-		<test url="http://adequateman.deadspin.com/" />
-		<test url="http://fittish.deadspin.com/" />
-		<test url="http://foodspin.deadspin.com/" />
-		<test url="http://rabbithole.deadspin.com/" />
-		<test url="http://regressing.deadspin.com/" />
-		<test url="http://screamer.deadspin.com/" />
-		<test url="http://screengrabber.deadspin.com/" />
-		<test url="http://theconcourse.deadspin.com/" />
-		<test url="http://thestacks.deadspin.com/" />
-		<test url="http://www.deadspin.com/" />
-
-		<!--	Complications:
-					-->
-		<test url="http://cache.deadspin.com/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?deadspin\.com$" name="^geocc$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://cache\.deadspin\.com/"
-		to="https://cache.gawkerassets.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DealExtreme.xml b/src/chrome/content/rules/DealExtreme.xml
index ec06a9672a19..03711068421f 100644
--- a/src/chrome/content/rules/DealExtreme.xml
+++ b/src/chrome/content/rules/DealExtreme.xml
@@ -8,22 +8,27 @@ Fetch error: http://dx.com/ => https://dx.com/: (28, 'Operation timed out after
 <ruleset name="Deal Extreme" platform="mixedcontent">
 
 	<target host="dealextreme.com" />
-	<target host="*.dealextreme.com" />
+	<target host="club.dealextreme.com" />
+	<target host="e.dealextreme.com" />
+	<target host="m.dealextreme.com" />
+	<target host="www.dealextreme.com" />
 	<target host="dx.com" />
-	<target host="*.dx.com" />
+	<target host="cart.dx.com" />
+	<target host="club.dx.com" />
+	<target host="cs.dx.com" />
+	<target host="deals.dx.com" />
+	<target host="e.dx.com" />
+	<target host="passport.dx.com" />
+	<target host="s.dx.com" />
+	<target host="www.dx.com" />
 	<target host="img.dxcdn.com" />
 
 
 	<securecookie host="^.*\.d(?:ealextreme|x)\.com$" name=".+" />
 
 
-	<rule from="^http://((?:club|e|m|www)\.)?dealextreme\.com/"
-		to="https://$1dealextreme.com/" />
 
-	<rule from="^http://((?:cart|club|cs|deals|e|passport|s|www)\.)?dx\.com/"
-		to="https://$1dx.com/" />
 
-	<rule from="^http://img\.dxcdn\.com/"
-		to="https://img.dxcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DealTime.xml b/src/chrome/content/rules/DealTime.xml
deleted file mode 100644
index e84e7d5efcd2..000000000000
--- a/src/chrome/content/rules/DealTime.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="DealTime (partial)">
-
-	<target host="sc.dealtime.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DealerFire.xml b/src/chrome/content/rules/DealerFire.xml
deleted file mode 100644
index 49b0ec4b8b61..000000000000
--- a/src/chrome/content/rules/DealerFire.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows default Plesk page)
-
--->
-<ruleset name="DealerFire (partial)">
-
-	<target host="cdn.dealerfire.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DealerRater.com.xml b/src/chrome/content/rules/DealerRater.com.xml
index 1131ba584227..d0e5b38232bf 100644
--- a/src/chrome/content/rules/DealerRater.com.xml
+++ b/src/chrome/content/rules/DealerRater.com.xml
@@ -1,36 +1,15 @@
 <!--
-	CDN buckets:
-
-		- d17jk93jbxi6p4.cloudfront.net
-
-			- cdn-user
-
-		- d3go5n7g2hd1g0.cloudfront.net
-
-			- cdn-static
-
-
-	Some pages redirect to http.
-
+	Non-functional hosts:
+		Server misconfig:
+		- cdn-static.dealerrater.com (https ver 301 redirect to self)
 -->
-<ruleset name="DealerRater.com (partial)">
+<ruleset name="DealerRater.com">
 
 	<target host="dealerrater.com" />
 	<target host="www.dealerrater.com" />
-		<!--
-			$ redirects to http:
-						-->
-		<exclusion pattern="^http://(?:www\.)?dealerrater\.com/+(?:$|\?)" />
-		<!--exclusion pattern="^http://(www\.)?dealerrater\.com/(?!(dealer|login|password)\.aspx|favicon\.ico|os/icon/)" /-->
-
-
-	<rule from="^http://(www\.)?dealerrater\.com/"
-		to="https://$1dealerrater.com/" />
-
-	<rule from="^http://cdn-static\.dealerrater\.com/"
-		to="https://d3go5n7g2hd1g0.cloudfront.net/" />
+	<!-- target host="cdn-static.dealerrater.com" / -->
+	<target host="cdn-user.dealerrater.com" />
 
-	<rule from="^http://cdn-user\.dealerrater\.com/"
-		to="https://d17jk93jbxi6p4.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DealerTrend.com.xml b/src/chrome/content/rules/DealerTrend.com.xml
index bef61725b032..2d4aca1f2a99 100644
--- a/src/chrome/content/rules/DealerTrend.com.xml
+++ b/src/chrome/content/rules/DealerTrend.com.xml
@@ -1,24 +1,24 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/images.dealertrend.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(wpengine)
-		- assets0 *
-		- manager *
-
-	* Dropped
-
--->
-<ruleset name="DealerTrend.com (partial)">
-
-	<target host="images.dealertrend.com" />
-
-
-	<rule from="^http://images\.dealertrend\.com/"
-		to="https://s3.amazonaws.com/images.dealertrend.com/" />
-
+<ruleset name="DealerTrend.com">
+	<target host="dealertrend.com" />
+	<target host="www.dealertrend.com" />
+	<target host="api.dealertrend.com" />
+	<target host="auto-matic-marketing.dealertrend.com" />
+	<target host="carproof.dealertrend.com" />
+	<target host="cas.dealertrend.com" />
+	<target host="cfimages.dealertrend.com" />
+	<target host="fb.dealertrend.com" />
+	<target host="ftp.dealertrend.com" />
+	<target host="manager.dealertrend.com" />
+	<target host="pea.dealertrend.com" />
+	<target host="tea-can.dealertrend.com" />
+	<target host="tea-watcher.dealertrend.com" />
+	<target host="turn.dealertrend.com" />
+	<target host="vms-assets.dealertrend.com" />
+	<target host="vms-exports.dealertrend.com" />
+	<target host="vms-heroku-api1.dealertrend.com" />
+	<target host="vms-heroku-assets1.dealertrend.com" />
+	<target host="vms-heroku-prod1.dealertrend.com" />
+	<target host="vms-staging.dealertrend.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dealfish.co.th.xml b/src/chrome/content/rules/Dealfish.co.th.xml
index acd4603e94f5..da9ebadbadde 100644
--- a/src/chrome/content/rules/Dealfish.co.th.xml
+++ b/src/chrome/content/rules/Dealfish.co.th.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dealfish.co.th/ => https://www.dealfish.co.th/: (7, 'Failed to connect to www.dealfish.co.th port 443: Connection refused')
 Fetch error: http://www.dealfish.co.th/ => https://www.dealfish.co.th/: (7, 'Failed to connect to www.dealfish.co.th port 443: Connection refused')
 -->
-<ruleset name="Dealfish.co.th" default_off='failed ruleset test'>
+<ruleset name="Dealfish.co.th" default_off="failed ruleset test">
   <target host="dealfish.co.th" />
   <target host="www.dealfish.co.th" />
 
diff --git a/src/chrome/content/rules/Dean-Evans-and-Associates.xml b/src/chrome/content/rules/Dean-Evans-and-Associates.xml
index 9d61cca61000..cfaf6adb5e69 100644
--- a/src/chrome/content/rules/Dean-Evans-and-Associates.xml
+++ b/src/chrome/content/rules/Dean-Evans-and-Associates.xml
@@ -24,7 +24,7 @@ Non-2xx HTTP code: http://pages.dea.com/rs/deanevansassoc/images/DEA-2001-LP-TY-
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="DEA.com (partial)" default_off='failed ruleset test'>
+<ruleset name="DEA.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DeathGenerator.com.xml b/src/chrome/content/rules/DeathGenerator.com.xml
new file mode 100644
index 000000000000..fa8b9e506726
--- /dev/null
+++ b/src/chrome/content/rules/DeathGenerator.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="DeathGenerator.com">
+	<target host="deathgenerator.com" />
+	<target host="www.deathgenerator.com" />
+
+	<rule from="^http://www\.deathgenerator\.com/" to="https://deathgenerator.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Debian.net.xml b/src/chrome/content/rules/Debian.net.xml
index ed2fa93cfd2f..7f883f7b37a5 100644
--- a/src/chrome/content/rules/Debian.net.xml
+++ b/src/chrome/content/rules/Debian.net.xml
@@ -1,39 +1,25 @@
 <!--
 	For other Debian coverage, see Debian.xml.
 
+	Mismatched:
+		- debian.net
+		- www.debian.net
 
-	Nonfunctional hosts in *debian.net:
+	Expired:
+		- changelogs.debian.net
 
-		- buildd-clang ¹
-		- changelogs ²
-		- debile ¹
-		- forums ¹
-		- live ¹
-		- meetbot ¹
-		- mozilla ¹
-		- video ³
-
-	¹ Refused
-	² Shows andrew.net.au
-	³ 401
-
-
-	Problematic hosts in *debian.net:
-
-		- meetings-archive ᵐ
-
-	ᵐ Mismatched
-
-
-	These altnames don't exist:
-
-		- www.france.debian.net
+	Timeout:
+		- debile.debian.net
+		- forums.debian.net
 
+	Refused:
+		- meetbot.debian.net
 -->
 <ruleset name="Debian.net (partial)">
 
-	<!--	Direct rewrites:
-				-->
+	<target host="debian.net" />
+	<target host="www.debian.net" />
+	<target host="alioth-lists.debian.net" />
 	<target host="archive.debian.net" />
 	<target host="aurel32.debian.net" />
 	<target host="ben.debian.net" />
@@ -50,27 +36,22 @@
 	<target host="dochelp.debian.net" />
 	<target host="france.debian.net" />
 	<target host="jenkins.debian.net" />
+	<target host="meetings-archive.debian.net" />
 	<target host="mentors.debian.net" />
 	<target host="mozilla.debian.net" />
 	<target host="news.debian.net" />
 	<target host="paste.debian.net" />
-	<target host="pet.debian.net" />
-	<target host="pet-devel.debian.net" />
 	<target host="portfolio.debian.net" />
 	<target host="reproducible.debian.net" />
 	<target host="screenshots.debian.net" />
 	<target host="sources.debian.net" />
 	<target host="sreview.debian.net" />
 	<target host="timeline.debian.net" />
+	<target host="video.debian.net" />
 	<target host="wnpp-by-tags.debian.net" />
 
-	<!--	Complications:
-				-->
-	<target host="meetings-archive.debian.net" />
-
-
-	<rule from="^http://meetings-archive\.debian\.net/"
-		to="https://ftp.acc.umu.se/" />
+	<rule from="^http://(www\.)?debian\.net/"
+		to="https://www.debian.org/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Debian.org-problematic.xml b/src/chrome/content/rules/Debian.org-problematic.xml
deleted file mode 100644
index f21700b6a0e6..000000000000
--- a/src/chrome/content/rules/Debian.org-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Debian.org.xml
-
--->
-<ruleset name="Debian.org (problematic)" default_off="mismatched, self-signed">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="metadata.ftp-master.debian.org" />
-	<target host="ftp-master.metadata.debian.org" />
-	<target host="puppet-dashboard.debian.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Debian.xml b/src/chrome/content/rules/Debian.xml
index 04fb4869b097..e54b7f3ff75c 100644
--- a/src/chrome/content/rules/Debian.xml
+++ b/src/chrome/content/rules/Debian.xml
@@ -1,7 +1,4 @@
 <!--
-	For problematic rules, see Debian.org-problematic.xml.
-
-
 	Other Debian rulesets:
 
 		- DebConf.org.xml
@@ -9,71 +6,32 @@
 		- Deb.li.xml
 
 
-	Nonfunctional domains:
-
-		- in *debian.org:
-
-			- arch ¹
-			- ca ³
-			- popcon ⁶
-			- puppet-dashboard ⁶
-			- security ⁶
-			- sip-ws ⁸
-			- snapshot ⁶
-			- ftp.us ⁶
-
-	¹ Differs from http
-	² Shows www
-	³ Shows db; mismatched, CN: db.debian.org
-	⁶ Refused
-	⁷ Shows ftp-master; mismatched, CN: ftp-master.debian.org
-	⁸ Reset
-	⁹ Dropped
-
+	Nonfunctional domains in *.debian.org:
 
-	Problematic hosts in *debian.org:
+			- puppet-dashboard (r)
+			- security (r)
+			- sip-ws (r)
+			- ftp.us (m)
+			- ftp-master.metadata (m)
 
-		- metadata.ftp-master ¹
-		- ftp-master.metadata ¹
-		- planet ²
-
-	¹ Fastly
-	² MaxCDN
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 
 
 	Partially covered hosts in *debian.org:
 
-		- security *	(→ www)
+		- security *	(www)
 
 	* At least some paths 404
-
-
-	altnames that don't exist:
-
-		- www.bugs.debian.org
-		- www.buildd.debian.org
-		- www.db.debian.org
-		- www.ftp-master.debian.org
-		- www.lists.debian.org
-		- www.nagios.debian.org
-		- www.nm.debian.org
-		- www.packages.debian.org
-		- scm.debian.org
-		- www.security-tracker.debian.org
-		- www.udd.debian.org
-		- www.wiki.debian.org
-
 -->
-<ruleset name="Debian.org (partial)">
+<ruleset name="Debian.org">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="debian.org" />
-	<target host="alioth.debian.org" />
-	<target host="*.alioth.debian.org" />
-		<test url="http://aptitude.alioth.debian.org/" />
-		<test url="http://pkg-haskell.alioth.debian.org/" />
-		<test url="http://python-modules.alioth.debian.org/" />
 	<target host="anonscm.debian.org" />
 	<target host="appstream.debian.org" />
 	<target host="apt.buildd.debian.org" />
@@ -83,15 +41,12 @@
 	<target host="bugs.debian.org" />
 	<target host="bugs-master.debian.org" />
 	<target host="buildd.debian.org" />
-	<target host="bzr.debian.org" />
 	<target host="cdimage.debian.org" />
 	<target host="cdimage-search.debian.org" />
 	<target host="cgi.debian.org" />
 	<target host="cloud.debian.org" />
 	<target host="contributors.debian.org" />
-	<target host="cvs.debian.org" />
 	<target host="d-i.debian.org" />
-	<target host="darcs.debian.org" />
 	<target host="db.debian.org" />
 	<target host="deb.debian.org" />
 	<target host="debtags.debian.org" />
@@ -100,10 +55,10 @@
 	<target host="dsa.debian.org" />
 	<target host="ftp-master.debian.org" />
 	<target host="api.ftp-master.debian.org" />
+	<target host="metadata.ftp-master.debian.org" />
 	<target host="get.debian.org" />
 	<target host="git.debian.org" />
 	<target host="gobby.debian.org" />
-	<target host="hg.debian.org" />
 	<target host="i18n.debian.org" />
 	<target host="incoming.debian.org" />
 	<target host="jenkins.debian.org" />
@@ -113,6 +68,7 @@
 	<target host="lists.debian.org" />
 	<target host="manpages.debian.org" />
 	<target host="dyn.manpages.debian.org" />
+	<target host="ftp-master.metadata.debian.org" />
 	<target host="micronews.debian.org" />
 	<target host="mirror-master.debian.org" />
 	<target host="munin.debian.org" />
@@ -122,7 +78,9 @@
 	<target host="packages.debian.org" />
 	<target host="people.debian.org" />
 	<target host="piuparts.debian.org" />
+	<target host="planet.debian.org" />
 	<target host="planet-search.debian.org" />
+	<target host="popcon.debian.org" />
 	<target host="incoming.ports.debian.org" />
 	<target host="www.ports.debian.org" />
 	<target host="qa.debian.org" />
@@ -130,13 +88,14 @@
 	<target host="release.debian.org" />
 	<target host="rt.debian.org" />
 	<target host="rtc.debian.org" />
+	<target host="salsa.debian.org" />
 	<target host="search.debian.org" />
 	<target host="security-master.debian.org" />
 	<target host="security-team.debian.org" />
 	<target host="security-tracker.debian.org" />
 	<!--target host="sip-ws.debian.org" /-->
+	<target host="snapshot.debian.org" />
 	<target host="sso.debian.org" />
-	<target host="svn.debian.org" />
 	<target host="syncproxy2.eu.debian.org" />
 	<target host="syncproxy3.eu.debian.org" />
 	<target host="syncproxy2.wna.debian.org" />
@@ -177,6 +136,8 @@
 
 	<rule from="^http://security\.debian\.org/+"
 		to="https://www.debian.org/security/" />
+	<rule from="^http://ftp-master\.metadata\.debian\.org/"
+		to="https://metadata.ftp-master.debian.org/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Debuggable.xml b/src/chrome/content/rules/Debuggable.xml
index 94b665e3a96e..9a085bd037ec 100644
--- a/src/chrome/content/rules/Debuggable.xml
+++ b/src/chrome/content/rules/Debuggable.xml
@@ -5,7 +5,9 @@
 <ruleset name="Debuggable (partial)">
 
 	<target host="transloadit.com"/>
-	<target host="*.transloadit.com"/>
+	<target host="www.transloadit.com" />
+	<target host="www-eleni.transloadit.com" />
+	<target host="www-eric.transloadit.com" />
 
 	<rule from="^http://www(-eleni|-eric)?\.transloadit\.com/"
 		to="https://www$1.transloadit.com/"/>
diff --git a/src/chrome/content/rules/Debuggex.com.xml b/src/chrome/content/rules/Debuggex.com.xml
index 5eee9763503e..fb6c0fd5d7e9 100644
--- a/src/chrome/content/rules/Debuggex.com.xml
+++ b/src/chrome/content/rules/Debuggex.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://debuggex.com/ => https://debuggex.com/: (60, 'SSL certificat
 Fetch error: http://www.debuggex.com/ => https://www.debuggex.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Debuggex.com" default_off='failed ruleset test'>
+<ruleset name="Debuggex.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Decdna.net.xml b/src/chrome/content/rules/Decdna.net.xml
index 70fde316bc7a..9fb5f5127a60 100644
--- a/src/chrome/content/rules/Decdna.net.xml
+++ b/src/chrome/content/rules/Decdna.net.xml
@@ -5,9 +5,9 @@ Fetch error: http://na.decdna.net/ => https://na.decdna.net/: (6, 'Could not res
 Fetch error: http://eu.link.decdna.net/ => https://eu.link.decdna.net/: (6, 'Could not resolve host: eu.link.decdna.net')
 
 -->
-<ruleset name="Decdna.net" default_off='failed ruleset test'>
+<ruleset name="Decdna.net" default_off="failed ruleset test">
 	<target host="na.decdna.net" />
 	<target host="eu.link.decdna.net" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Decipher_Inc.com.xml b/src/chrome/content/rules/Decipher_Inc.com.xml
index 2519c3404b03..894e8e044360 100644
--- a/src/chrome/content/rules/Decipher_Inc.com.xml
+++ b/src/chrome/content/rules/Decipher_Inc.com.xml
@@ -14,16 +14,17 @@
 <ruleset name="Decipher Inc.com">
 
 	<target host="decipherinc.com" />
-	<target host="*.decipherinc.com" />
+	<target host="www.decipherinc.com" />
+	<target host="static.decipherinc.com" />
+	<target host="v2.decipherinc.com" />
 
 
 	<securecookie host="^v2\.decipherinc\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?decipherinc\.com/"
-		to="https://$1decipherinc.com/" />
 
 	<rule from="^http://(?:static|v2)\.decipherinc\.com/"
 		to="https://v2.decipherinc.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DecisionBriefs.xml b/src/chrome/content/rules/DecisionBriefs.xml
index fb67ad86c2a0..ee7884c6d559 100644
--- a/src/chrome/content/rules/DecisionBriefs.xml
+++ b/src/chrome/content/rules/DecisionBriefs.xml
@@ -1,13 +1,14 @@
 <ruleset name="DecisionBriefs">
 
 	<target host="decisionbriefs.com" />
-	<target host="*.decisionbriefs.com" />
+	<target host="core.decisionbriefs.com" />
+	<target host="partners.decisionbriefs.com" />
+	<target host="www.decisionbriefs.com" />
 
 
-	<securecookie host="^(?:.+\.)?decisionbriefs\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:core|partners|www)\.)?decisionbriefs\.com/"
-		to="https://$1decisionbriefs.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml b/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml
index 303cb06d3b13..d3b295726f16 100644
--- a/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml
+++ b/src/chrome/content/rules/Declaration-of-Russian-Hosting-Providers.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hostdeclaration.ru/ => https://hostdeclaration.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'hostdeclaration.ru'")
 Fetch error: http://www.hostdeclaration.ru/ => https://hostdeclaration.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'hostdeclaration.ru'")
 -->
-<ruleset name="Declaration of Russian Hosting Providers" default_off='failed ruleset test'>
+<ruleset name="Declaration of Russian Hosting Providers" default_off="failed ruleset test">
 
 	<!--	Cert: *.sweb.ru	-->
 	<target host="hostdeclaration.ru" />
diff --git a/src/chrome/content/rules/DecorAdventures.com.xml b/src/chrome/content/rules/DecorAdventures.com.xml
new file mode 100644
index 000000000000..7f7392086186
--- /dev/null
+++ b/src/chrome/content/rules/DecorAdventures.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="DecorAdventures.com">
+	<target host="decoradventures.com" />
+	<target host="www.decoradventures.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml b/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml
index a04f478ee246..9a6d414165df 100644
--- a/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml
+++ b/src/chrome/content/rules/Decrypt_CryptoLocker.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://decryptcryptolocker.com/ => https://decryptcryptolocker.com/
 Fetch error: http://www.decryptcryptolocker.com/ => https://www.decryptcryptolocker.com/: (6, 'Could not resolve host: www.decryptcryptolocker.com')
 
 -->
-<ruleset name="Decrypt CryptoLocker.com" default_off='failed ruleset test'>
+<ruleset name="Decrypt CryptoLocker.com" default_off="failed ruleset test">
 
 	<target host="decryptcryptolocker.com" />
 	<target host="www.decryptcryptolocker.com" />
diff --git a/src/chrome/content/rules/Dedicated_Gaming.xml b/src/chrome/content/rules/Dedicated_Gaming.xml
index 1896f19d10e4..5977cec4fc33 100644
--- a/src/chrome/content/rules/Dedicated_Gaming.xml
+++ b/src/chrome/content/rules/Dedicated_Gaming.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dedikuoti.lt.xml b/src/chrome/content/rules/Dedikuoti.lt.xml
index 81b4948f3dab..5faf94b82400 100644
--- a/src/chrome/content/rules/Dedikuoti.lt.xml
+++ b/src/chrome/content/rules/Dedikuoti.lt.xml
@@ -1,7 +1,7 @@
 <ruleset name="Dedikuoti.lt">
 	<target host="dedikuoti.lt" />
 	<target host="www.dedikuoti.lt" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Deekayen.net.xml b/src/chrome/content/rules/Deekayen.net.xml
index a408ba7258ad..1ae6fe0dd2ad 100644
--- a/src/chrome/content/rules/Deekayen.net.xml
+++ b/src/chrome/content/rules/Deekayen.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.deekayen.net/ => https://www.deekayen.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.deekayen.net'")
 
 -->
-<ruleset name="deekayen.net" default_off='failed ruleset test'>
+<ruleset name="deekayen.net" default_off="failed ruleset test">
 
 	<target host="deekayen.net" />
 	<target host="www.deekayen.net" />
diff --git a/src/chrome/content/rules/DeepDyve.xml b/src/chrome/content/rules/DeepDyve.xml
index 64c95ac0f19b..2acfd269dfc7 100644
--- a/src/chrome/content/rules/DeepDyve.xml
+++ b/src/chrome/content/rules/DeepDyve.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DeepField-Networks.xml b/src/chrome/content/rules/DeepField-Networks.xml
index 290dd7b5e452..9a2581cb5fa8 100644
--- a/src/chrome/content/rules/DeepField-Networks.xml
+++ b/src/chrome/content/rules/DeepField-Networks.xml
@@ -1,7 +1,8 @@
 <ruleset name="DeepField Networks" default_off="mismatched">
 
 	<target host="deepfield.net" />
-	<target host="*.deepfield.net" />
+	<target host="www.deepfield.net" />
+	<target host="blog.deepfield.net" />
 
 	<!--	- Cert: ghs-ssl.googlehosted.com
 		- !www times out
diff --git a/src/chrome/content/rules/Defer_Panic.com.xml b/src/chrome/content/rules/Defer_Panic.com.xml
deleted file mode 100644
index a2972e55e79f..000000000000
--- a/src/chrome/content/rules/Defer_Panic.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www doesn't exist.
-
--->
-<ruleset name="Defer Panic.com">
-
-	<target host="deferpanic.com" />
-	<target host="api.deferpanic.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dein.dk.xml b/src/chrome/content/rules/Dein.dk.xml
index 9b7f5478b127..2cfb78c70ff9 100644
--- a/src/chrome/content/rules/Dein.dk.xml
+++ b/src/chrome/content/rules/Dein.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://dein.dk/ => https://dein.dk/: (35, 'Unknown SSL protocol err
 Fetch error: http://www.dein.dk/ => https://www.dein.dk/: (35, 'Unknown SSL protocol error in connection to www.dein.dk:443 ')
 
 -->
-<ruleset name="Dein.dk" default_off='failed ruleset test'>
+<ruleset name="Dein.dk" default_off="failed ruleset test">
 
 	<target host="dein.dk" />
 	<target host="www.dein.dk" />
diff --git a/src/chrome/content/rules/Deis.com.xml b/src/chrome/content/rules/Deis.com.xml
deleted file mode 100644
index e2c35ac0e265..000000000000
--- a/src/chrome/content/rules/Deis.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Deis.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="deis.com" />
-	<target host="www.deis.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Delaware_Online.xml b/src/chrome/content/rules/Delaware_Online.xml
index 44bee0f27af5..3d86bc8403e9 100644
--- a/src/chrome/content/rules/Delaware_Online.xml
+++ b/src/chrome/content/rules/Delaware_Online.xml
@@ -26,7 +26,7 @@
 <ruleset name="Delaware Online (partial)">
 
 	<target host="delawareonline.com" />
-	<target host="*.delawareonline.com" />
+	<target host="www.delawareonline.com" />
 
 
 	<securecookie host="^www\.delawareonline\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Delfogo_Rx.xml b/src/chrome/content/rules/Delfogo_Rx.xml
deleted file mode 100644
index 6a8c9d615346..000000000000
--- a/src/chrome/content/rules/Delfogo_Rx.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Cert only matches ^delfogo.com
-
--->
-<ruleset name="Delfogo Rx">
-
-	<target host="delfogo.com" />
-	<target host="www.delfogo.com" />
-
-
-	<securecookie host="^delfogo\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Delish.xml b/src/chrome/content/rules/Delish.xml
index 7623a6bc79e2..2478f3750cac 100644
--- a/src/chrome/content/rules/Delish.xml
+++ b/src/chrome/content/rules/Delish.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Hearst Corporation rulesets:
 
-		- Hearst-Corporation.xml
 
 -->
 <ruleset name="Delish (partial)" default_off="mismatched">
diff --git a/src/chrome/content/rules/Deliveras.gr.xml b/src/chrome/content/rules/Deliveras.gr.xml
index 636d16fd8a34..1a0b63a5ad21 100644
--- a/src/chrome/content/rules/Deliveras.gr.xml
+++ b/src/chrome/content/rules/Deliveras.gr.xml
@@ -18,7 +18,7 @@
 	* Ruleset disabled by default
 
 -->
-<ruleset name="Deliveras.gr" default_off="missing certificate chain">
+<ruleset name="Deliveras.gr" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Delivery.com.xml b/src/chrome/content/rules/Delivery.com.xml
index bd278420d7f2..b391d0d7efa5 100644
--- a/src/chrome/content/rules/Delivery.com.xml
+++ b/src/chrome/content/rules/Delivery.com.xml
@@ -17,7 +17,7 @@
 					-->
 	<!--securecookie host="^www\.delivery\.com$" name="^SEVERID$" /-->
 
-	<securecookie host="^www\.delivery\.com$" name="" />
+	<securecookie host="^www\.delivery\.com$" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Dell.com-falsemixed.xml b/src/chrome/content/rules/Dell.com-falsemixed.xml
deleted file mode 100644
index 4a750122dfb1..000000000000
--- a/src/chrome/content/rules/Dell.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Dell.xml.
-
--->
-<ruleset name="Dell.com (false MCB)" platform="mixedcontent">
-
-	<target host="dell.com" />
-	<target host="www.dell.com" />
-		<!--
-			Handled in Dell.xml:
-						-->
-		<!--exclusion pattern="^http://(www\.)?dell\.com/+(content/|favicon\.ico)" /-->
-
-
-	<rule from="^http://(?:www\.)?dell\.com/(?!content/|favicon\.ico)"
-		to="https://www.dell.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dell.xml b/src/chrome/content/rules/Dell.xml
index 583f87cd517a..3d3a18a1c396 100644
--- a/src/chrome/content/rules/Dell.xml
+++ b/src/chrome/content/rules/Dell.xml
@@ -1,113 +1,51 @@
-<!--
-	Other Dell rulesets:
-
-		- Idea_Storm.com.xml
-
-
-	CDN buckets:
-
-		- ccdn-global.dell.com.edgesuite.net
-
-			- i
-
-
-	Nonfunctional hosts in *dell.com:
-
-		- advisors ⁸
-		- www1.ap ¹
-		- accessories.euro ³
-		- events ²
-		- ftp ²
-		- www1.jp ¹
-		- linux ⁴
-		- lt ²
-		- mobility ⁵
-		- opensource ⁶
-		- software ⁷
-		- solutions ⁵
-
-	¹ 504, Akamai
-	² Dropped
-	³ 503, Akamai
-	⁴ Plaintext reply
-	⁵ Refused
-	⁶ Maps to another domain
-	⁷ Redirects to http
-	⁸ Unknown SSL protocol error
-
-
-	Problematic hosts in *dell.com:
-
-		- ^ ¹
-		- accessories-cdn ²
-		- (.*\.)?community ³
-		- content ³
-		- dealsdev ²
-		- i ²
-		- www1.la ²
-		- www1-cdn.la ²
-		- powermore ³
-		- accessories.us ³
-		- www-cdn ²
-
-	¹ Server sends no certificate chain, see https://whatsmychaincert.com
-	² Akamai/mismatched
-	³ Mismatched
 
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://channels.ap.dell.com/ => https://channels.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://channelslb.ap.dell.com/ => https://channelslb.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://channelspro.ap.dell.com/ => https://channelspro.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://chat1.ap.dell.com/ => https://chat1.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://chatpro.ap.dell.com/ => https://chatpro.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://dellchat.ap.dell.com/ => https://dellchat.ap.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://b2bservices.dell.com/ => https://b2bservices.dell.com/: (7, 'Failed to connect to b2bservices.dell.com port 443: Connection refused')
+Fetch error: http://signin.dell.com/ => https://signin.dell.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to signin.dell.com:443 ')
+Non-2xx HTTP code: http://topics-cdn.dell.com/ (200) => https://topics-cdn.dell.com/ (403)
+Fetch error: http://channels.us.dell.com/ => https://channels.us.dell.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-	These altnames don't exist:
-
-		- eagleeye.dell.com
-		- Identity.dell.com
-		- mobility.dell.com
-		- pilot.dell.com
-		- Payment.dell.com
-		- Prtools.dell.com
-		- sales.dell.com
-		- tools.dell.com
-		- wip.dell.com
-
-
-	Mixed content:
-
-		- css, on:
-		
-			- www from www-cdn1.dell.com *
+-->
 
-		- Images, on:
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
-			- accessories, deals, downloads, partnerdirect, channels.us, www from i.dell.com *
-			- www from si.cdn.dell.com *
-			- www from www-cdn1.dell.com *
+Fetch error: http://financing.dell.com/ => https://financing.dell.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to financing.dell.com:443 ')
+Fetch error: http://sso.dell.com/ => https://sso.dell.com/: (6, 'Could not resolve host: sso.dell.com')
 
-	* Secured by us
+	Other Dell rulesets:
 -->
-
 <ruleset name="Dell.com (partial)">
 	<target host="dell.com" />
 	<target host="www.dell.com" />
 	<target host="accessories.dell.com" />
-	<target host="afcs.dell.com" />
-	<target host="channels.ap.dell.com" />
-	<target host="channelslb.ap.dell.com" />
-	<target host="channelspro.ap.dell.com" />
-	<target host="chat1.ap.dell.com" />
-	<target host="chatpro.ap.dell.com" />
+	<!-- target host="channels.ap.dell.com" /-->
+	<!-- target host="channelslb.ap.dell.com" /-->
+	<!-- target host="channelspro.ap.dell.com" /-->
+	<!-- target host="chat1.ap.dell.com" /-->
+	<!-- target host="chatpro.ap.dell.com" /-->
 	<target host="cs.ap.dell.com" />
-	<target host="dellchat.ap.dell.com" />
-	<target host="b2bservices.dell.com" />
+	<!-- target host="dellchat.ap.dell.com" /-->
+	<!-- target host="b2bservices.dell.com" /-->
 	<target host="ec2.cdn.dell.com" />
 	<target host="si.cdn.dell.com" />
 	<target host="snp.cdn.dell.com" />
 	<target host="deals.dell.com" />
 	<target host="dellupdater.dell.com" />
 	<target host="downloads.dell.com" />
-	<target host="dpacksupport.dell.com" />
 	<target host="ecomm.dell.com" />
 	<target host="ecomm2.dell.com" />
 	<target host="support.euro.dell.com" />
 	<target host="fcs.dell.com" />
-	<target host="financing.dell.com" />
+	<!-- target host="financing.dell.com" /-->
 	<target host="i.dell.com" />
 	<target host="img.dell.com" />
 	<target host="jpstore.dell.com" />
@@ -116,46 +54,17 @@
 	<target host="partnerdirect.dell.com" />
 	<target host="paymentsportal.dell.com" />
 	<target host="premier.dell.com" />
-	<target host="signin.dell.com" />
-	<target host="support.software.dell.com" />
-	<target host="sso.dell.com" />
+	<!-- target host="signin.dell.com" /-->
+	<!-- target host="sso.dell.com" /-->
 	<target host="support.dell.com" />
 	<target host="supportapj.dell.com" />
-	<target host="channels.us.dell.com" />
+	<!-- target host="topics-cdn.dell.com" /-->
+	<!-- target host="channels.us.dell.com" /-->
 	<target host="lists.us.dell.com" />
 	<target host="pbar.us.dell.com" />
-	<target host="www-cdn.dell.com" />
-	<target host="www1-cdn.dell.com" />
+
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www-cdn\.)?dell\.com/" to="https://www.dell.com/" />
-	<rule from="^http://i\.dell\.com/" to="https://si.cdn.dell.com/" />
 	<rule from="^http:" to="https:" />
-
-	<test url="http://fcs.dell.com/fcs/fcs/UIFramework/3.2.108.2/res/Image?path=sharedcontrols%2Fcontainers%2Fvalidation_messaging_left.png" />
-
-	<!-- Avoid false/broken MCB: -->
-	<exclusion pattern="^http://(?:www\.)?dell\.com/+(?!content/|favicon\.ico)" />
-	<test url="http://www.dell.com/learn/campaigns/dell-coupon-codes-us-smb?s=" />
-	<test url="http://www.dell.com/printers" />
-	<test url="http://www.dell.com/sitemap" />
-	<test url="http://www.dell.com/content/segmenter.aspx?c=us&amp;l=en&amp;s=&amp;cs=" />
-	<test url="http://www.dell.com/favicon.ico" />
-
-	<exclusion pattern="^http://partnerdirect\.dell\.com/(?!sites/channel/(?:Documents/|Style\ Library/|\w\w_\w\w/pages/loginpage\.aspx))" />
-	<test url="http://partnerdirect.dell.com/sites/channel/en_an/Authorize-Distributors/Pages/MyNewsandEvents.aspx" />
-	<test url="http://partnerdirect.dell.com/sites/channel/en_gy/Pages/adefault.aspx" />
-	<test url="http://partnerdirect.dell.com/sites/channel/en_la/Pages/MoreInfo.aspx" />
-	<test url="http://partnerdirect.dell.com/sites/channel/Documents/Rugged_FAQ.docx" />
-	<test url="http://www1-cdn.dell.com/css/images/icons/icons-sprite-24.png" />
-
-	<!-- Causes CORS issues, https://github.com/EFForg/https-everywhere/issues/6737 -->
-	<exclusion pattern="^http://afcs\.dell\.com/support/article/static/" />
-	<test url="http://afcs.dell.com/support/article/static/resources/icon-small.woff" />
-
-	<!-- Causes CORS issues, https://github.com/EFForg/https-everywhere/issues/9246 -->
-	<exclusion pattern="^http://afcs\.dell\.com/bundles/" />
-	<test url="http://afcs.dell.com/bundles/proactive-chat-css-3-5-0-175?v=EXATybnwj3UO_Xj3MW5KLQ1BlpjGLLtSgFkNm9xdtT41&amp;afcs=1" />
-	<test url="http://afcs.dell.com/bundles/corebundle-4-8-0-79?v=YtWgQZ93mJFVqwlaEN-93ZC3a99QoragFLnJd0Gjh3U1&amp;afcs=1" />
 </ruleset>
diff --git a/src/chrome/content/rules/DellCDN.com.xml b/src/chrome/content/rules/DellCDN.com.xml
new file mode 100644
index 000000000000..c78227b8be69
--- /dev/null
+++ b/src/chrome/content/rules/DellCDN.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="DellCDN.com">
+	<target host="www.dellcdn.com" />
+	<target host="afcs.dellcdn.com" />
+		<test url="http://afcs.dellcdn.com/csb/" />
+	<target host="fcs.dellcdn.com" />
+		<test url="http://fcs.dellcdn.com/fonts/" />
+	<target host="i.dellcdn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deluge-torrent.org.xml b/src/chrome/content/rules/Deluge-torrent.org.xml
new file mode 100644
index 000000000000..5cefc9fd30a5
--- /dev/null
+++ b/src/chrome/content/rules/Deluge-torrent.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatch:
+		- download.deluge-torrent.org
+		- svn.deluge-torrent.org
+-->
+<ruleset name="Deluge-torrent.org">
+
+	<target host="deluge-torrent.org"/>
+	<target host="www.deluge-torrent.org"/>
+	<target host="dev.deluge-torrent.org"/>
+	<target host="forum.deluge-torrent.org"/>
+	<target host="git.deluge-torrent.org"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deluge.xml b/src/chrome/content/rules/Deluge.xml
deleted file mode 100644
index bfb60d453ad5..000000000000
--- a/src/chrome/content/rules/Deluge.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Deluge-torrent.org" default_off="refused">
-
-	<target host="deluge-torrent.org"/>
-	<target host="dev.deluge-torrent.org"/>
-	<target host="forum.deluge-torrent.org"/>
-	<target host="www.deluge-torrent.org"/>
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.deluge-torrent\.org/"
-		to="https://deluge-torrent.org/"/>
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Demand-Base.xml b/src/chrome/content/rules/Demand-Base.xml
index 16718ddb8a56..fca0bf3a64f3 100644
--- a/src/chrome/content/rules/Demand-Base.xml
+++ b/src/chrome/content/rules/Demand-Base.xml
@@ -37,7 +37,7 @@ Fetch error: http://leads.demandbase.com/ => https://leads.demandbase.com/: (6,
 	* Secured by us
 
 -->
-<ruleset name="Demandbase.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Demandbase.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -60,7 +60,7 @@ Fetch error: http://leads.demandbase.com/ => https://leads.demandbase.com/: (6,
 	<!--securecookie host="^auth\.demandbase\.com$" name="^AWSELB$" /-->
 	<!--securecookie host="^www\.demandbase\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.*\.)?demandbase\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Redirect keeps forward
diff --git a/src/chrome/content/rules/Demand-Media-mismatches.xml b/src/chrome/content/rules/Demand-Media-mismatches.xml
deleted file mode 100644
index 8cca5254b760..000000000000
--- a/src/chrome/content/rules/Demand-Media-mismatches.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-	For rules that are on by default, see Demand-Media.xml.
-
--->
-<ruleset name="Demand Media (mismatches)" default_off="mismatched">
-
-	<target host="blogburst.com" />
-	<target host="www.blogburst.com" />
-	<!--	Akamai
-				-->
-	<target host="i.crackedcdn.com" />
-	<!--
-		Moved to EdgeCast, so no longer works :(
-
-	<target host="cracked.com" />
-	<target host="*.cracked.com" /		-->
-	<!--
-		Akamai
-				-->
-	<target host="ir.demandmedia.com" />
-	<target host="photos2.demandmedia.com" />
-	<target host="create.demandstudios.com" />
-	<!--
-		Cert: greencar.com
-					-->
-	<target host="blog.golflink.com" />
-	<!--
-		Akamai
-				-->
-	<target host="trails.com" />
-	<target host="*.trails.com" />
-	<target host="typef.com" />
-	<target host="*.typef.com" />
-
-
-	<securecookie host="^blog\.golflink\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?(?:trails|typef)\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?blogburst\.com/"
-		to="https://blogburst.com/" />
-
-	<rule from="^http://i\.crackedcdn\.com/"
-		to="https://i.crackedcdn.com/" />
-
-	<!--	Moved to EdgeCast and so broke
-
-	<rule from="^http://(?:www\.)?cracked\.com/"
-		to="https://www.cracked.com/" /		-->
-
-	<rule from="^http://ir\.demandmedia\.com/"
-		to="https://ir.demandmedia.com/" />
-
-	<rule from="^http://create\.demandstudios\.com/"
-		to="https://create.demandstudios.com/" />
-
-	<rule from="^http://blog\.golflink\.com/"
-		to="https://blog.golflink.com/" />
-
-	<rule from="^http://(?:(?:cdn-)?www\.)?t(rails|ypef)\.com/"
-		to="https://www.t$1.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Demand-Media.xml b/src/chrome/content/rules/Demand-Media.xml
index 3c5fa1e094e4..493e82beb33d 100644
--- a/src/chrome/content/rules/Demand-Media.xml
+++ b/src/chrome/content/rules/Demand-Media.xml
@@ -1,66 +1,31 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://cdn-www.demandstudios.com/ (200) => https://cdn-www.demandstudios.com/ (503)
-Fetch error: http://www.demandstudios.com/ => https://www.demandstudios.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
-
-	For problematic rules, see Demand-Media-mismatches.xml.
-
-
 	Other Demand Media rulesets:
-
-		- DM_tracker.com.xml
-		- Enom.xml
-		- ENomCentral.xml
-		- GolfLink.com.xml
-		- Registryrocket.com.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/uploadedimages.demandmedia/
-
-		- wac.5008.edgecastcdn.net/??5008/
-
-			- www.cracked.com
-
-		- i.crackedcdn.com.edgesuite.net
-
-
-	Problematic domains:
-
-		- (www.)blogburst.com		(works; mismatched, CN: www.demandstudios.com)
-		- cracked.com			(works, expired 2012-09-02)
-		- create.demandstudios.com	(works; mismatched, CN: *.sqsp.com)
-		- photos2.demandstudios.com	(works, akamai)
-
-
-	Nonfunctional domains:
-
-		- www.cracked.com		(400; mismatched, CN: gp1.wac.edgecastcdn.net)
+		+ Cracked.com.xml
+		+ CrackedCDN.com.xml
+		+ DemandStudios.com.xml
+		+ ENomCentral.xml
+		+ Enom.xml
+		+ GolfLink.com.xml
+		+ GolfLink.net.xml
+		+ Registryrocket.com.xml
+		+ Trails.com.xml
+		+ glimg.net.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
 		- demandmedia.com
-		- cdn-www.demandmedia.com	(503, akamai)
+		- cdn-www.demandmedia.com
+		- ir.demandmedia.com
 		- new.demandmedia.com
-		- www.demandmedia.com		(503, akamai)
-
+		- photos.demandmedia.com
+		- photos1.demandmedia.com
+		- photos2.demandmedia.com
+		- rma.demandmedia.com
 -->
-<ruleset name="Demand Media (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="rma.demandmedia.com" />
-
-	<target host="demandstudios.com" />
-	<target host="cdn-staging.demandstudios.com" />
-	<target host="cdn-www.demandstudios.com" />
-	<target host="www.demandstudios.com" />
-
+<ruleset name="Demand Media (partial)">
+	<target host="www.demandmedia.com" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Demand-driver.com.xml b/src/chrome/content/rules/Demand-driver.com.xml
deleted file mode 100644
index 4fc8b6d7fd8e..000000000000
--- a/src/chrome/content/rules/Demand-driver.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other IdeoClick coverage, see IdeoClick.com.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- demand-driver.com
-		- www.demand-driver.com
-
--->
-<ruleset name="demand-driver.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="demand-driver.com" />
-	<target host="www.demand-driver.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?demand-driver\.com$" name="__RequestVerificationToken$" /-->
-
-	<securecookie host="^(?:www\.)?demand-driver\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DemandStudios.com.xml b/src/chrome/content/rules/DemandStudios.com.xml
new file mode 100644
index 000000000000..afa48cdff586
--- /dev/null
+++ b/src/chrome/content/rules/DemandStudios.com.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- create.demandstudios.com
+
+		Timeout was reached:
+		- demandstudios.com
+		- www.demandstudios.com
+		- cdn-staging.demandstudios.com
+
+		SSL peer certificate was not OK:
+		- cdn-write.demandstudios.com
+		- new.demandmedia.com
+		- write.demandstudios.com
+-->
+<ruleset name="DemandStudios.com" default_off="timeout">
+	<target host="demandstudios.com" />
+	<target host="www.demandstudios.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Demandware.net.xml b/src/chrome/content/rules/Demandware.net.xml
deleted file mode 100644
index 9e362c36fad1..000000000000
--- a/src/chrome/content/rules/Demandware.net.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Demandware coverage, see Demandware.xml.
-
-
-	^demandware.net: Dropped over http & https
-
-
-	Problematic hosts in *demandware.net:
-
-		- www *
-
-	* Shows blank page
-
--->
-<ruleset name="Demandware.net (partial)">
-
-	<target host="*.demandware.net"/>
-
-
-	<rule from="^http://sits-pod(\d+)\.demandware\.net/"
-		to="https://sits-pod$1.demandware.net/"/>
-
-		<test url="http://sits-pod12.demandware.net/dw/image/v2/AAGQ_PRD/on/demandware.static/Sites-perryellis-Site/Sites-perryellis_master_catalog/default/v1428292657870/products/swatch/45sg7200_468_sw.jpg" />
-		<test url="http://sits-pod18.demandware.net/dw/image/v2/AAJI_PRD/on/demandware.static/-/Sites-londondrugs-master/default/dw9c5ba7b6/products/L8634370/large/L8634370.JPG?sw=145&amp;sh=145" />
-		<test url="http://sits-pod21.demandware.net/dw/image/v2/AABJ_PRD/on/demandware.static/Sites-SA-Site/Sites-SBS-SallyBeautySupply/default/v1428120763038/images/swatch/SBS_342531.png" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Demandware.xml b/src/chrome/content/rules/Demandware.xml
index fe744a0d3df8..242f30382f2a 100644
--- a/src/chrome/content/rules/Demandware.xml
+++ b/src/chrome/content/rules/Demandware.xml
@@ -1,13 +1,14 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://investors.demandware.com/client/24/247632/css/ccbnIR.css => https://phx.corporate-ir.net/client/24/247632/css/ccbnIR.css: (51, "SSL: no alternative certificate subject name matches target host name 'phx.corporate-ir.net'")
-Fetch error: http://investors.demandware.com/media_files/IROL/24/247632/2015/img/mastheads/bg-masthead-investor.jpg => https://phx.corporate-ir.net/media_files/IROL/24/247632/2015/img/mastheads/bg-masthead-investor.jpg: (51, "SSL: no alternative certificate subject name matches target host name 'phx.corporate-ir.net'")
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://blog.demandware.com/ => https://blog.demandware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'blog.demandware.com'")
+Fetch error: http://investors.demandware.com/ => https://investors.demandware.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://solutions.demandware.com/ => https://solutions.demandware.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 	Other Demandware rulesets:
 
 		- cquotient.com.xml
-		- Demandware.net.xml
 
 
 	bucket: demandware.edgesuite.net/aabl_prd/on/demandware.static/
@@ -15,19 +16,7 @@ Fetch error: http://investors.demandware.com/media_files/IROL/24/247632/2015/img
 
 	Nonfunctional hosts in *demandware.com:
 
-		- blog *
-		- labs *
-		- marketing ʳ
-
-	* 500
-	ʳ Refused
-
-
-	Problematic hosts in *demandware.com:
-
-		- investors ᴬ
-
-	ᴬ Akamai / mismatched
+		- calendar: Invalid certificate
 
 
 	Insecure cookies are set for these hosts: ᶜ
@@ -46,34 +35,18 @@ Fetch error: http://investors.demandware.com/media_files/IROL/24/247632/2015/img
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Demandware.com (partial)" default_off='failed ruleset test'>
-
-	<target host="demandware.com"/>
-	<!--target host="labs.demandware.com"/-->
-	<target host="www.demandware.com"/>
-	<target host="xchange.demandware.com"/>
-
-	<!--	Complications:
-				-->
-	<target host="investors.demandware.com" />
-
-		<!--	Avoid user-visible paths:
-						-->
-		<exclusion pattern="^http://investors\.demandware\.com/(?!/*(?:client|media_files)/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://investors.demandware.com/phoenix.zhtml?c=247632&amp;p=irol-EventDetails&amp;EventId=5188309" />
-			<test url="http://investors.demandware.com/phoenix.zhtml?c=247632&amp;p=irol-irhome" />
-			<test url="http://investors.demandware.com/phoenix.zhtml?c=247632&amp;p=irol-newsArticle&amp;ID=2031432" />
-
-			<!--	-ve:
-					-->
-			<test url="http://investors.demandware.com/client/24/247632/css/ccbnIR.css" />
-			<test url="http://investors.demandware.com/media_files/IROL/24/247632/2015/img/mastheads/bg-masthead-investor.jpg" />
+<ruleset name="Demandware.com (partial)">
 
+	<target host="demandware.com" />
+	<target host="www.demandware.com" />
 		<test url="http://www.demandware.com/contact" />
 		<test url="http://www.demandware.com/events" />
+	<target host="account.demandware.com" />
+	<!-- target host="blog.demandware.com" /-->
+	<target host="documentation.demandware.com" />
+	<!-- target host="investors.demandware.com" /-->
+	<!-- target host="solutions.demandware.com" /-->
+	<target host="xchange.demandware.com"/>
 
 
 	<!--	Not secured by server:
@@ -83,11 +56,6 @@ Fetch error: http://investors.demandware.com/media_files/IROL/24/247632/2015/img
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://investors\.demandware\.com/"
-		to="https://phx.corporate-ir.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Demdex.com.xml b/src/chrome/content/rules/Demdex.com.xml
deleted file mode 100644
index 16bcf76bf9eb..000000000000
--- a/src/chrome/content/rules/Demdex.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Adobe coverage, see Adobe.xml.
-
--->
-<ruleset name="Demdex.com (partial)">
-
-	<target host="bank.demdex.com" />
-
-
-	<securecookie host=".*\.demdex\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Demdex.net.xml b/src/chrome/content/rules/Demdex.net.xml
index e18cb48dfa2e..2f9821586fa3 100644
--- a/src/chrome/content/rules/Demdex.net.xml
+++ b/src/chrome/content/rules/Demdex.net.xml
@@ -33,7 +33,7 @@
 	<!--securecookie host="\.demdex\.net$" name="^demdex$" /-->
 	<!--securecookie host="\.dpm\.demdex\.net$" name="^(DexLifeCycle|dexoo|dpm)$" /-->
 
-	<securecookie host=".*\.demdex\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Demisto.com.xml b/src/chrome/content/rules/Demisto.com.xml
index d5d235195730..9c2b13b03dd7 100644
--- a/src/chrome/content/rules/Demisto.com.xml
+++ b/src/chrome/content/rules/Demisto.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://blog.demisto.com/ => https://blog.demisto.com/: (51, "SSL: n
 		- www.blog.demisto.com
 
 -->
-<ruleset name="Demisto.com" default_off='failed ruleset test'>
+<ruleset name="Demisto.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Democrat_and_Chronicle.xml b/src/chrome/content/rules/Democrat_and_Chronicle.xml
index 1b8c2e1d7f48..890df88ca889 100644
--- a/src/chrome/content/rules/Democrat_and_Chronicle.xml
+++ b/src/chrome/content/rules/Democrat_and_Chronicle.xml
@@ -11,9 +11,12 @@ Fetch error: http://democratandchronicle.com/ => https://www.democratandchronicl
 			- feeds		(redirects to ipad; mismatched, CN: roctoday.democratandchronicle.com)
 			- rocdocs	(no https)
 			- tablet	(403, akamai)
+      - localshopping (403)
 
 		- democratandchronicle.gannettonline.com
-
+    - meetthebabies.democratandchronicle.com (no alternative SSL cert)
+    - roctoday.democratandchronicle.com (host unresolved)
+    - findnsave.democratandchronicle.com (no alternative SSL cert)
 
 	Problematic subdomains:
 
@@ -21,8 +24,6 @@ Fetch error: http://democratandchronicle.com/ => https://www.democratandchronicl
 		- cmsimg		(503, akamai)
 		- findnsave		(pages redirect to http; mismatched, CN: *.findnsave.com)
 		- ipad			(works; mismatched, CN: roctoday.democratandchronicle.com)
-		- localshopping		(works; mismatched, CN: *.shoplocal.com)
-
 
 	Mixed images from:
 
@@ -32,12 +33,17 @@ Fetch error: http://democratandchronicle.com/ => https://www.democratandchronicl
 
 	No insecure css nor scripts.
 
+  Timeout
+    - classifieds
+
 -->
 <ruleset name="Democrat and Chronicle (partial)">
 
 	<target host="democratandchronicle.com" />
-	<target host="*.democratandchronicle.com" />
-
+	<target host="cmsimg.democratandchronicle.com" />
+	<target host="www.democratandchronicle.com" />
+	<target host="closings.democratandchronicle.com" />
+	<target host="offers.democratandchronicle.com" />
 
 	<!--	Cookie domains:
 
@@ -48,17 +54,9 @@ Fetch error: http://democratandchronicle.com/ => https://www.democratandchronicl
 						-->
 	<securecookie host=".*\.democratandchronicle\.com$" name=".+" />
 
-
 	<rule from="^http://(?:cmsimg\.|www\.)?democratandchronicle\.com/"
 		to="https://www.democratandchronicle.com/" />
 
-	<rule from="^http://(classifieds|closings|meetthebabies|offers|roctoday)\.democratandchronicle\.com/"
-		to="https://$1.democratandchronicle.com/" />
-
-	<rule from="^http://findnsave\.democratandchronicle\.com/static/"
-		to="https://democratchronicle.findnsave.com/static/" />
-
-	<rule from="^http://localshopping\.democratandchronicle\.com/Content/"
-		to="https://localshopping.shoplocal.com/Content/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Demonoid.xml b/src/chrome/content/rules/Demonoid.xml
deleted file mode 100644
index 481bb2080d48..000000000000
--- a/src/chrome/content/rules/Demonoid.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Non-functional hosts:
-		SSL errors:
-		- demonoid.ph
-		- www.demonoid.ph
--->
-<ruleset name="Demonoid">
-	<target host="demonoid.pw" />
-	<target host="www.demonoid.pw" />
-
-	<!-- Old Domain-->
-	<target host="demonoid.ph" />
-	<target host="www.demonoid.ph" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://(www\.)?demonoid\.ph/" 
-		  	to="https://$1demonoid.pw/" />
-	
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Demosisto.hk.xml b/src/chrome/content/rules/Demosisto.hk.xml
new file mode 100644
index 000000000000..7ccd0578a4ff
--- /dev/null
+++ b/src/chrome/content/rules/Demosisto.hk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Demosisto.hk">
+	<target host="demosisto.hk" />
+	<target host="www.demosisto.hk" />
+	<test url="http://www.demosisto.hk/assets/img/logo.2016041341.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Denfri.dk.xml b/src/chrome/content/rules/Denfri.dk.xml
index eae449736770..fcd56e7dc234 100644
--- a/src/chrome/content/rules/Denfri.dk.xml
+++ b/src/chrome/content/rules/Denfri.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://denfri.dk/ => https://denfri.dk/: (60, 'SSL certificate prob
 Fetch error: http://www.denfri.dk/ => https://www.denfri.dk/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Denfri.dk" default_off='failed ruleset test'>
+<ruleset name="Denfri.dk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Denh.am.xml b/src/chrome/content/rules/Denh.am.xml
deleted file mode 100644
index 555546d8f979..000000000000
--- a/src/chrome/content/rules/Denh.am.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Denh.am">
-
-	<target host="denh.am" />
-	<target host="*.denh.am" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?denh\.am/"
-		to="https://$1denh.am/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Denic.de.xml b/src/chrome/content/rules/Denic.de.xml
index e60ab2b4dd38..1fdbdea67a61 100644
--- a/src/chrome/content/rules/Denic.de.xml
+++ b/src/chrome/content/rules/Denic.de.xml
@@ -5,11 +5,11 @@ Fetch error: http://www.secure.denic.de/ => https://www.secure.denic.de/: (6, 'C
 
 	Announcement:
 		- https://denic.de/en/denic-in-dialogue/news/4079.html
-		
+
 	Nonfunctional subdomains:
 		- secure     -> DNS resolve error
 -->
-<ruleset name="Denic.de" default_off='failed ruleset test'>
+<ruleset name="Denic.de" default_off="failed ruleset test">
     <target host="denic.de" />
     <target host="www.denic.de" />
     <target host="www.secure.denic.de" />
diff --git a/src/chrome/content/rules/Denis_Matsuev.xml b/src/chrome/content/rules/Denis_Matsuev.xml
index bc976ad0032c..2569427a0359 100644
--- a/src/chrome/content/rules/Denis_Matsuev.xml
+++ b/src/chrome/content/rules/Denis_Matsuev.xml
@@ -5,7 +5,7 @@ Fetch error: http://matsuev.com/ => https://matsuev.com/: (60, 'SSL certificate
 Fetch error: http://www.matsuev.com/ => https://www.matsuev.com/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="Denis Matsuev" default_off='failed ruleset test'>
+<ruleset name="Denis Matsuev" default_off="failed ruleset test">
 
 	<target host="matsuev.com" />
 	<target host="www.matsuev.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.matsuev.com/ => https://www.matsuev.com/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DepFile.com.xml b/src/chrome/content/rules/DepFile.com.xml
deleted file mode 100644
index bb26ed1aa82a..000000000000
--- a/src/chrome/content/rules/DepFile.com.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	Problematic subdomains:
-
-	Invalid certificate:
-		cl (Invalid Certificate)
-		dl (Invalid Certificate)
-		il (Invalid Certificate)
-		secure (Invalid Certificate)
-		mail.depfile.com (Self-Signed)
-		qn.depfile.com (Self-Signed)
-		ul (cPanel Error Page + Self-Signed)
-		wl (Invalid Certificate)
-		wn (Invalid Certificate)
-		www.depfile.com (Certificate only valid for depfile.com.  Redirects.)
-		www.depfile.us (Invalid certificate)
-		www.dipfile.com (Invalid certificate)
-		xl (Invalid certificate)
-
-	404:
-		al (404)
-		el (404)
-		fl (404)
-		gl (404)
-		ol (404)
-		pl (404)
-		tl (404)
-		vl (404)
-		yl (404)
-
-	Other:
-		mn (Apache 2 Test Page, CentOS)
-		nn (Apache Directory Listing, Ubuntu)
-		openbtc (Apache 2 Test Page, CentOS + Self-Signed Certificate)
--->
-
-<ruleset name="DepFile.com">
-	<target host="depfile.com" />
-	<target host="dipfile.com" />
-	<target host="depfile.us" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofEducation.xml b/src/chrome/content/rules/DepartmentofEducation.xml
index b224b201d7c7..eda0e32c2ef6 100644
--- a/src/chrome/content/rules/DepartmentofEducation.xml
+++ b/src/chrome/content/rules/DepartmentofEducation.xml
@@ -1,7 +1,7 @@
 <ruleset name="Department of Education">
 	<target host="education.gov.au" />
-	<target host="*.education.gov.au" />
+	<target host="www.education.gov.au" />
 
 	<rule from="^http://(?:www\.)?education\.gov\.au/"
 		to="https://www.education.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofEmployment.xml b/src/chrome/content/rules/DepartmentofEmployment.xml
index bd4af13c589c..a9d0f224c6d4 100644
--- a/src/chrome/content/rules/DepartmentofEmployment.xml
+++ b/src/chrome/content/rules/DepartmentofEmployment.xml
@@ -4,4 +4,4 @@
 	<target host="ministers.employment.gov.au" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml b/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml
index 53322d7bb009..c642bebad117 100644
--- a/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml
+++ b/src/chrome/content/rules/DepartmentofForeignAffairsandTrade.xml
@@ -4,13 +4,15 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dfat.gov.au/ => https://www.dfat.gov.au/: Too many redirects while fetching 'https://www.dfat.gov.au/'
 
 -->
-<ruleset name="Department of Foreign Affairs and Trade" default_off='failed ruleset test'>
+<ruleset name="Department of Foreign Affairs and Trade" default_off="failed ruleset test">
 	<target host="dfat.gov.au" />
-	<target host="*.dfat.gov.au" />
+	<target host="www.dfat.gov.au" />
+	<target host="orao.dfat.gov.au" />
+	<target host="www.orao.dfat.gov.au" />
 
 	<rule from="^http://(?:www\.)?dfat\.gov\.au/"
 		to="https://www.dfat.gov.au/" />
 
 	<rule from="^http://(?:www\.)?orao\.dfat\.gov\.au/"
 		to="https://www.orao.dfat.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml b/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml
index 62a31ae94c6f..0ef278abc63b 100644
--- a/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml
+++ b/src/chrome/content/rules/DepartmentofInfrastructureandRegionalDevelopment.xml
@@ -1,7 +1,7 @@
 <ruleset name="Department of Infrastructure and Regional Development">
 	<target host="infrastructure.gov.au" />
-	<target host="*.infrastructure.gov.au" />
+	<target host="www.infrastructure.gov.au" />
 
 	<rule from="^http://(?:www\.)?infrastructure\.gov\.au/"
 		to="https://www.infrastructure.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dephormation.org.uk.xml b/src/chrome/content/rules/Dephormation.org.uk.xml
index dc1ff15b571f..db33a2f91c13 100644
--- a/src/chrome/content/rules/Dephormation.org.uk.xml
+++ b/src/chrome/content/rules/Dephormation.org.uk.xml
@@ -3,4 +3,4 @@
 	<target host="www.dephormation.org.uk" />
 
 	<rule from="^http://(?:www\.)?dephormation\.org\.uk/" to="https://www.dephormation.org.uk/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deposit-Files.xml b/src/chrome/content/rules/Deposit-Files.xml
index 69b4e357114f..323a4d2f2aac 100644
--- a/src/chrome/content/rules/Deposit-Files.xml
+++ b/src/chrome/content/rules/Deposit-Files.xml
@@ -24,7 +24,7 @@
 	<target host="depositfiles.com"/>
 	<target host="*.depositfiles.com"/>
 
-	<securecookie host="^(?:.*\.)?depositfiles\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(static\d+\.|www\.)?depositfiles\.com/"
 		to="https://$1depositfiles.com/"/>
diff --git a/src/chrome/content/rules/Deprexis.xml b/src/chrome/content/rules/Deprexis.xml
index 48dde2cd0d5c..58fd6201d606 100644
--- a/src/chrome/content/rules/Deprexis.xml
+++ b/src/chrome/content/rules/Deprexis.xml
@@ -10,7 +10,7 @@ Fetch error: http://deprexis.com/ => https://deprexis.com/: (51, "SSL: no altern
 		- (www.)deprexis.eu	(refused)
 
 -->
-<ruleset name="deprexis (partial)" default_off='failed ruleset test'>
+<ruleset name="deprexis (partial)" default_off="failed ruleset test">
 
 	<target host="deprexis.com" />
 	<target host="system3.deprexis.com" />
@@ -22,4 +22,4 @@ Fetch error: http://deprexis.com/ => https://deprexis.com/: (51, "SSL: no altern
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Der-preis-jaeger.de.xml b/src/chrome/content/rules/Der-preis-jaeger.de.xml
index 1f77b64e31ee..fb4cf4bb3038 100644
--- a/src/chrome/content/rules/Der-preis-jaeger.de.xml
+++ b/src/chrome/content/rules/Der-preis-jaeger.de.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.der-preis-jaeger.de/ => https://www.der-preis-jaeger.de/
 			- myclipster.com
 
 -->
-<ruleset name="der-preis-jaeger.de" default_off='failed ruleset test'>
+<ruleset name="der-preis-jaeger.de" default_off="failed ruleset test">
 
 	<target host="der-preis-jaeger.de" />
 	<target host="www.der-preis-jaeger.de" />
diff --git a/src/chrome/content/rules/Derpibooru.xml b/src/chrome/content/rules/Derpibooru.xml
index 5f37b7248906..6279bcb36269 100644
--- a/src/chrome/content/rules/Derpibooru.xml
+++ b/src/chrome/content/rules/Derpibooru.xml
@@ -4,11 +4,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://img5.derpicdn.net/img/view/2015/1/18/808969.png => https://img5.derpicdn.net/img/view/2015/1/18/808969.png: (6, 'Could not resolve host: img5.derpicdn.net')
 
 -->
-<ruleset name="Derpibooru" default_off='failed ruleset test'>
+<ruleset name="Derpibooru" default_off="failed ruleset test">
     <target host="derpiboo.ru" />
     <target host="www.derpiboo.ru" />
-    <target host="derpibooru.org" />
-    <target host="www.derpibooru.org" />
     <target host="derpicdn.net" />
     <target host="*.derpicdn.net" />
 
diff --git a/src/chrome/content/rules/Derpy.me.xml b/src/chrome/content/rules/Derpy.me.xml
index 0579ff321d3c..f539eb923544 100644
--- a/src/chrome/content/rules/Derpy.me.xml
+++ b/src/chrome/content/rules/Derpy.me.xml
@@ -15,7 +15,7 @@ Fetch error: http://piwik.derpy.me/ => https://piwik.derpy.me/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="derpy.me" default_off='failed ruleset test'>
+<ruleset name="derpy.me" default_off="failed ruleset test">
 
 	<target host="derpy.me" />
 	<target host="piwik.derpy.me" />
diff --git a/src/chrome/content/rules/Derwesten.de.xml b/src/chrome/content/rules/Derwesten.de.xml
index 7bf9c8b1198f..eee8c4461627 100644
--- a/src/chrome/content/rules/Derwesten.de.xml
+++ b/src/chrome/content/rules/Derwesten.de.xml
@@ -1,10 +1,12 @@
 <ruleset name="Derwesten.de">
-<target host="*.derwesten.de"/>
+<target host="www.derwesten.de" />
+<target host="files1.derwesten.de" />
+<target host="shop.derwesten.de" />
 <target host="derwesten.de"/>
 
 <!-- problems on: waz.immowelt.de  , no tls support-->
 
 <rule from="^http://(?:www\.)?derwesten\.de/" to="https://www.derwesten.de/"/>
-<rule from="^http://(files1|shop)\.derwesten\.de/" to="https://$1.derwesten.de/"/>
 
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Desert_News.xml b/src/chrome/content/rules/Desert_News.xml
deleted file mode 100644
index bb16c7b0ff11..000000000000
--- a/src/chrome/content/rules/Desert_News.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Desert News (partial)">
-
-	<target host="desertnews.com" />
-	<target host="static.desertnews.com" />
-	<target host="subscribe.desertnews.com" />
-	<target host="www.desertnews.com" />
-		<exclusion pattern="^http://(?:www\.)?desertnews\.com/(?!css/|favicon\.ico|images/|img/|js/|logo\.gif|media/|misc/)" />
-		<exclusion pattern="^http://subscribe\.desertnews\.com/(?!css/|favicon\.ico|images/|script/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DesignAddict.xml b/src/chrome/content/rules/DesignAddict.xml
index 992c476d91f4..fdc841862add 100644
--- a/src/chrome/content/rules/DesignAddict.xml
+++ b/src/chrome/content/rules/DesignAddict.xml
@@ -7,20 +7,19 @@ Fetch error: http://generationawake.eu/ => https://generationawake.eu/: (60, 'SS
 Disabled by https-everywhere-checker because:
 Fetch error: http://designaddict.com/ => https://designaddict.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="DesignAddict" default_off='failed ruleset test'>
+<ruleset name="DesignAddict" default_off="failed ruleset test">
 
 	<target host="designaddict.com" />
-	<target host="*.designaddict.com" />
 	<target host="generationawake.eu" />
-	<target host="*.generationawake.eu" />
+	<target host="www.designaddict.com" />
+	<target host="www.generationawake.eu" />
 
 
 	<!--	Not secured by server:
 					-->
-	<securecookie host="^(?:.*\.)?(?:designaddict\.com|generationawake\.eu)$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?(designaddict\.com|generationawake\.eu)/"
-		to="https://$1$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Designova.net.xml b/src/chrome/content/rules/Designova.net.xml
index b8d53eaa8305..4d3fb5732681 100644
--- a/src/chrome/content/rules/Designova.net.xml
+++ b/src/chrome/content/rules/Designova.net.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.designova.net/ => https://www.designova.net/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="Designova.net" default_off='failed ruleset test'>
+<ruleset name="Designova.net" default_off="failed ruleset test">
 
 	<target host="designova.net" />
 	<target host="www.designova.net" />
diff --git a/src/chrome/content/rules/Desire2learn.com.xml b/src/chrome/content/rules/Desire2learn.com.xml
index 939b1dd3139e..7e34eca23daf 100644
--- a/src/chrome/content/rules/Desire2learn.com.xml
+++ b/src/chrome/content/rules/Desire2learn.com.xml
@@ -29,13 +29,15 @@ Fetch error: http://desire2learn.com/ => https://desire2learn.com/: (60, 'SSL ce
 <ruleset name="Desire2learn.com">
 
 	<target host="desire2learn.com" />
-	<target host="*.desire2learn.com" />
+	<target host="community.desire2learn.com" />
+	<target host="lmscloud.edev.desire2learn.com" />
+	<target host="pt.valence.desire2learn.com" />
+	<target host="www.desire2learn.com" />
 
 
-	<securecookie host="^(?:.*\.)?desire2learn\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:community|lmscloud\.edev|pt\.valence|www)\.)?desire2learn\.com/"
-		to="https://$1desire2learn.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Desjardins.xml b/src/chrome/content/rules/Desjardins.xml
index 7ff38658e47a..e325088be102 100644
--- a/src/chrome/content/rules/Desjardins.xml
+++ b/src/chrome/content/rules/Desjardins.xml
@@ -2,7 +2,7 @@
 
 
 	blogues.desjardins.com does not work with https at this time
-  
+
 -->
 <ruleset name="Desjardins (partial)">
   <target host="desjardins.com" />
@@ -10,7 +10,7 @@
 	<target host="adpub.desjardins.com" />
   <target host="accesd.desjardins.com" />
   <target host="accesd.affaires.desjardins.com" />
-  
+
   <securecookie host="desjardins\.com$" name=".+" />
   <securecookie host="accesd\.desjardins\.com$" name=".+" />
   <securecookie host="accesd\.affaires\.desjardins\.com$" name=".+" />
@@ -18,7 +18,7 @@
   <!-- www is needed for https on the main site -->
   <rule from="^http://(?:www\.)?desjardins\.com/"
 	  to="https://www.desjardins.com/" />
-	 
+
   <!-- subdomains do not work with www -->
 	<rule from="^http:"
           to="https:" />
diff --git a/src/chrome/content/rules/Desk.com.xml b/src/chrome/content/rules/Desk.com.xml
index 7d2f1609e949..9950d60a233f 100644
--- a/src/chrome/content/rules/Desk.com.xml
+++ b/src/chrome/content/rules/Desk.com.xml
@@ -1,87 +1,634 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://assistly.com/ => https://assistly.com/: (51, "SSL: no alternative certificate subject name matches target host name 'assistly.com'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://assistly.com/ => https://assistly.com/: (51, "SSL: no alternative certificate subject name matches target host name 'assistly.com'")
-	For other Salesforce.com coverage, see Salesforce.xml.
-
-
-	CDN buckets:
-
-		- assistlycustomers.s3.amazonaws.com
-		- assistly-production.s3.amazonaws.com
-		- assistlywebsite.s3.amazonaws.com | dwan8j4vneaa7.cloudfront.net
-		- deskcontent.s3.amazonaws.com | d1epb5gzmg3005.cloudfront.net | d3jyn100am7dxp.cloudfront.net
-		- desk-customers.s3.amazonaws.com
-		- deskwww.s3.amazonaws.com | d3e6ejlgd1t9v1.cloudfront.net
-
-		- d218iqt4mo6adh.cloudfront.net
-
-			- assets.desk.com
-			- assets[0-3].desk.com
-			- assets0[1-4].desk.com
-
-		- d3j15y3zsn7b4t.cloudfront.net
-		- d3jyn100am7dxp.cloudfront.net
-
-
-	Problematic domains:
-
-		- desk.com subdomains:
-
-			- assets *
-			- assets[0-3] *
-			- assets0[1-4] *
-
-	* cloudfront
-
+	Wildcard DNS records, but no wildcard SSL certificate.
 
-	Fully covered domains:
-
-		- desk.com subdomains:
-
-			- assets *
-			- assets[0-3] *
-			- assets0[1-4] *
-
-	* → d218iqt4mo6adh.cloudfront.net
+	Invalid certificate:
+		2600hz.desk.com
+		50c362a6.desk.com
+		astraweb.50c362a6.desk.com
+		easynews.50c362a6.desk.com
+		halogen.50c362a6.desk.com
+		highwinds-media.50c362a6.desk.com
+		newsgroup-ninja.50c362a6.desk.com
+		newshosting.50c362a6.desk.com
+		usenetserver.50c362a6.desk.com
+		6aa9d15e7.desk.com
+		abizinabox1.desk.com
+		abode.desk.com
+		accufund-inc.accufund.desk.com
+		activeweb.desk.com
+		adonis-index.adonislifestyle.desk.com
+		aerospike.desk.com
+		the-alcohol-free-shop.alcoholfree.desk.com
+		alliant.desk.com
+		alliant2.desk.com
+		allpondsolutionshelp.desk.com
+		allpetsolutions.allpondsolutionshelp.desk.com
+		answeringservicecare.desk.com
+		support.anymeeting.desk.com
+		astronomerio.desk.com
+		apica.desk.com
+		appdynamic.desk.com
+		appearhere.desk.com
+		applegate.desk.com
+		at-t-rewards-application.aquto.desk.com
+		arccos-golf.arccosgolf.desk.com
+		caddie.arccosgolf.desk.com
+		driver.arccosgolf.desk.com
+		home.arccosgolf.desk.com
+		aritzia.desk.com
+		h9.asmallorange.desk.com
+		assets.desk.com
+		assets0.desk.com
+		assets01.desk.com
+		assets02.desk.com
+		assets03.desk.com
+		assets04.desk.com
+		assets1.desk.com
+		assets2.desk.com
+		assets3.desk.com
+		production.autoslash.desk.com
+		mozo.awana.desk.com
+		batchgeo.desk.com
+		barre3.desk.com
+		bayphotolab.desk.com
+		betterment.betterment.desk.com
+		bg-click4fashion.desk.com
+		bitgold.desk.com
+		english.bitgold.desk.com
+		bitium.desk.com
+		biznessapps.desk.com
+		bombbomb.desk.com
+		chirp.bookbub.desk.com
+		bookbub.bookbub.desk.com
+		bookbub-partners.bookbub.desk.com
+		bqool.desk.com
+		braintree.desk.com
+		contact.bridgepaynetwork.desk.com
+		is.bridgepaynetwork.desk.com
+		ta.bridgepaynetwork.desk.com
+		bromium.desk.com
+		brycer.desk.com
+		the-compliance-engine-brycer-support.brycer.desk.com
+		the-compliance-engine-ahj-support.brycer.desk.com
+		the-compliance-engine-itm-support.brycer.desk.com
+		burner.desk.com
+		burningman.desk.com
+		c6d19ed1.desk.com
+		highwinds-media.c6d19ed1.desk.com
+		callgroup.desk.com
+		campayn.desk.com
+		carnegiefoundation.desk.com
+		catchoom.desk.com
+		caviar.desk.com
+		dispatch-team.caviar.desk.com
+		restaurant-support.caviar.desk.com
+		ccb.desk.com
+		chaturbate.desk.com
+		exoticads.chaturbate.desk.com
+		chexology1.desk.com
+		citiprogram.desk.com
+		engagor-help.clarabridge.desk.com
+		home.clarabridge.desk.com
+		click4fashion.desk.com
+		clickipo.desk.com
+		cognifit.desk.com
+		prime.coinbase.desk.com
+		pro.coinbase.desk.com
+		colwiz.desk.com
+		comixology.desk.com
+		gm.connexionmedia.desk.com
+		wex.connexionmedia.desk.com
+		contaazul2.desk.com
+		contactually.desk.com
+		convirza.desk.com
+		copia.desk.com
+		help.corec.desk.com
+		info.corec.desk.com
+		iroha.corec.desk.com
+		covene.desk.com
+		crowdtap.desk.com
+		mobile.crowdtap.desk.com
+		crsadvtech.desk.com
+		crunch.desk.com
+		culturedcode.desk.com
+		curb.curb.desk.com
+		customdomain.desk.com
+		cydesign.desk.com
+		breadwinner-for-quickbooks-online.daddydonkeylabs.desk.com
+		davidkennethgroup.desk.com
+		123pet-cloud.daysmart.desk.com
+		definisec.desk.com
+		detectify.desk.com
+		dhsgroup.desk.com
+		help.digerati.desk.com
+		support.digerati.desk.com
+		digidotcash.desk.com
+		infinigold.digidotcash.desk.com
+		digitalsafe.desk.com
+		retailer.doba.desk.com
+		supplier.doba.desk.com
+		domainname.desk.com
+		doodle.desk.com
+		dorsavi.desk.com
+		dotsub.desk.com
+		dripdrop.desk.com
+		duecash.desk.com
+		help.dwolla.desk.com
+		support.dwolla.desk.com
+		ebiinc.desk.com
+		ebirdsupport.desk.com
+		ecwid.desk.com
+		educationcom.desk.com
+		rocky-mountain-college-of-art-design.efaeducation.desk.com
+		the-los-angeles-film-school.efaeducation.desk.com
+		the-king-s-college.efaeducation.desk.com
+		vts-support.ehealthafrica.desk.com
+		listing-booster.electrikeye.desk.com
+		avea-and-smart.elgato.desk.com
+		customerservice.elgato.desk.com
+		customer-service-eve.elgato.desk.com
+		emusic.emusic.desk.com
+		dock.elgato.desk.com
+		eve.elgato.desk.com
+		eve-home.elgato.desk.com
+		gaming.elgato.desk.com
+		help.elgato.desk.com
+		it.elgato.desk.com
+		video.elgato.desk.com
+		endeavor-services-group-premium.endeavorservice.desk.com
+		english.desk.com
+		entap.desk.com
+		eos.desk.com
+		epydoc.desk.com
+		eqiscapitalmanagement.desk.com
+		etermax.desk.com
+		development.etermax.desk.com
+		evite.evite.desk.com
+		eurodns.desk.com
+		belong.eve.desk.com
+		belong-adsl.eve.desk.com
+		belong-nbn.eve.desk.com
+		everfi.desk.com
+		ewing.desk.com
+		fatiguescience.desk.com
+		fibaro.desk.com
+		fieldnation.desk.com
+		finalcodeinc.desk.com
+		flashnotes.desk.com
+		flightnetwork.desk.com
+		foodee.desk.com
+		casserole.formstack.desk.com
+		internal.formstack.desk.com
+		sfappsuppot.formstack.desk.com
+		fractel.desk.com
+		frankbody.desk.com
+		funkwerkiotgmbh.desk.com
+		futuri.desk.com
+		geoarmsecurity.desk.com
+		globalgiving.desk.com
+		glooko.desk.com
+		glowbase.desk.com
+		gmoglobalsign.desk.com
+		gommehdnet.desk.com
+		goodbudget.desk.com
+		goodlord.desk.com
+		agent-v1-help-centre.goodlord.desk.com
+		guarantor-and-landlord-v1-helpcentre.goodlord.desk.com
+		tenant-v1-help-centre.goodlord.desk.com
+		goodreader.desk.com
+		gptw.desk.com
+		graze.desk.com
+		graze-com.graze.desk.com
+		graze-us.graze.desk.com
+		gulden.desk.com
+		semel-oy.halda.desk.com
+		handshake.desk.com
+		headspin.desk.com
+		learner-support.healthcourse.desk.com
+		healthdata.desk.com
+		healthunlocked.desk.com
+		hecmontreal.desk.com
+		futur-etudiant.hecmontreal.desk.com
+		hellowallet.desk.com
+		help.desk.com
+		helpling.desk.com
+		cleaners.helpling.desk.com
+		highwinds.desk.com
+		hiremojo.hiremojo.desk.com
+		honeybook.desk.com
+		hotro.desk.com
+		humblesoftware.desk.com
+		icouch.desk.com
+		ideascale.desk.com
+		idonate.desk.com
+		support.idonate.desk.com
+		idtech.desk.com
+		igobono.desk.com
+		ikegps.desk.com
+		imforza.desk.com
+		info.desk.com
+		infocyte.desk.com
+		intellimark.desk.com
+		support.intellimark.desk.com
+		interdin.desk.com
+		internationalmissionboard.desk.com
+		intradyn.desk.com
+		invixium.desk.com
+		callbridge.iotum.desk.com
+		callbridge-admin-support.iotum.desk.com
+		freeconferencebeta.iotum.desk.com
+		gather.iotum.desk.com
+		gather-admin-support.iotum.desk.com
+		ntwine-partner-support.iotum.desk.com
+		ntwine-conferencing.iotum.desk.com
+		ntwineconferencing.iotum.desk.com
+		partner-support.iotum.desk.com
+		partnername-admin-support.iotum.desk.com
+		partnername-conferencing.iotum.desk.com
+		talkshoe.iotum.desk.com
+		itbit.desk.com
+		iwave.desk.com
+		izotope.desk.com
+		spire.izotope.desk.com
+		jane.desk.com
+		jibeinc.desk.com
+		jmaclending.desk.com
+		jobtarget.desk.com
+		support.vrs.jordanlawrence.desk.com
+		keeeb.desk.com
+		keyshot.desk.com
+		kijk.kijk.desk.com
+		kijiji.desk.com
+		automobile-it.kijiji.desk.com
+		kijiji.kijiji.desk.com
+		kinivo.desk.com
+		bluerigger.kinivo.desk.com
+		kitcheck.desk.com
+		knowroaming.desk.com
+		kodmyranab.desk.com
+		kognito.desk.com
+		kpschoolofmedicine.desk.com
+		kw-commercial.kwri.desk.com
+		keller-williams-realty-international.kwri.desk.com
+		kwmcangel.kwri.desk.com
+		kwri-events.kwri.desk.com
+		learnupon.desk.com
+		learnzillion.desk.com
+		leeo.desk.com
+		life-church.lifechurch.desk.com
+		lifereimagined.desk.com
+		lingotek.desk.com
+		limespot.desk.com
+		logikcull.desk.com
+		deluxe-logo-creator.logomixinc.desk.com
+		earthlinkbrandbuilder.logomixinc.desk.com
+		freelogoservices.logomixinc.desk.com
+		incauthorityservices.logomixinc.desk.com
+		logomix.logomixinc.desk.com
+		mycorpbrandlauncher.logomixinc.desk.com
+		printingnow.logomixinc.desk.com
+		loremnotipsum.desk.com
+		luminoso.desk.com
+		magnushealth.desk.com
+		majorleaguegaming.desk.com
+		marick.desk.com
+		marinerslearningsystem.desk.com
+		marketwiredsupportportal.desk.com
+		admin-help.mastmobile.desk.com
+		user-help.mastmobile.desk.com
+		bigquery.matillion.desk.com
+		redshift.matillion.desk.com
+		snowflake.matillion.desk.com
+		mbieapi.desk.com
+		medeo.desk.com
+		mediasilo.desk.com
+		medicalgorithmics.desk.com
+		support-us.medicalgorithmics.desk.com
+		meetme.desk.com
+		memsource.desk.com
+		ironman-4x4.metaltech4x4.desk.com
+		mexinsurance.desk.com
+		guide.meyouhealth.desk.com
+		mindplay.desk.com
+		help.mindplay.desk.com
+		mine123.desk.com
+		mobify.desk.com
+		mobilecause.desk.com
+		modulus.desk.com
+		mogo.desk.com
+		mixbook.mosaic.desk.com
+		mtell-customer.mtell.desk.com
+		mtell-partners.mtell.desk.com
+		multivista.multivista.desk.com
+		ops-support.multivista.desk.com
+		my1login.desk.com
+		ipsy.myglam.desk.com
+		nascarheat1.desk.com
+		nationwideeviction.desk.com
+		netmail.desk.com
+		newpointe.desk.com
+		conference.nfcb.desk.com
+		mystation.nfcb.desk.com
+		solution.nfcb.desk.com
+		neocreative.neocreative.desk.com
+		myneucoin.neucoin.desk.com
+		newtonsoftware.desk.com
+		nlogic.desk.com
+		ngpvan.desk.com
+		help.ngpvan.desk.com
+		ngp.ngpvan.desk.com
+		staging.ngpvan.desk.com
+		nicequest.desk.com
+		nicequest-espana.nicequest.desk.com
+		nicequest-et.nicequest.desk.com
+		nicequest-nl.nicequest.desk.com
+		nicequest-us.nicequest.desk.com
+		npr.desk.com
+		anonymizer.ntrepidcorp.desk.com
+		ion.ntrepidcorp.desk.com
+		the-new-york-public-library.nypl.desk.com
+		observepoint1.desk.com
+		pears.oeie.desk.com
+		officedrop.desk.com
+		dc-resource-center.okl.desk.com
+		vendor-resource-center.okl.desk.com
+		onelegal.desk.com
+		onemob.desk.com
+		opternative.desk.com
+		otixo.desk.com
+		marketplace-help-next-gen.overdrive.desk.com
+		overdrive.overdrive.desk.com
+		overdrive-marketplace-help.overdrive.desk.com
+		sooner-card.ouit-sb.desk.com
+		outmatch.desk.com
+		outscale.desk.com
+		palasocial.palainteractive.desk.com
+		palbin.desk.com
+		pandora.desk.com
+		nextbigsound.pandora.desk.com
+		knowledge-base.panjiva.desk.com
+		panjiva-inc.panjiva.desk.com
+		thunder-support-center.paperg.desk.com
+		paracogas.desk.com
+		paywhirl-v1.paywhirl.desk.com
+		paywhirl-v2.paywhirl.desk.com
+		peatix.desk.com
+		pebble.desk.com
+		peddle.desk.com
+		perfectlyposh.desk.com
+		periscopeapp.desk.com
+		perkville.desk.com
+		phin.desk.com
+		piazza.desk.com
+		pixsystem.desk.com
+		plaid.desk.com
+		plasq.desk.com
+		germany.play-i.desk.com
+		korea.play-i.desk.com
+		playnery2.desk.com
+		edsupport.plhelp.desk.com
+		hcsupport.plhelp.desk.com
+		presencelearning-education.plhelp.desk.com
+		presencelearning-healthcare.plhelp.desk.com
+		support.plhelp.desk.com
+		pntrial.desk.com
+		globalcloudfleet.positioninguniversal.desk.com
+		axon-academy-external.praetoriangroup.desk.com
+		axon-university-internal.praetoriangroup.desk.com
+		btu-academy.praetoriangroup.desk.com
+		correctionsone.praetoriangroup.desk.com
+		ems1.praetoriangroup.desk.com
+		ems1academy.praetoriangroup.desk.com
+		firerescue1.praetoriangroup.desk.com
+		granttracker.praetoriangroup.desk.com
+		localgov-academy.praetoriangroup.desk.com
+		military1.praetoriangroup.desk.com
+		policeone.praetoriangroup.desk.com
+		ppe101.praetoriangroup.desk.com
+		safariland-academy.praetoriangroup.desk.com
+		prodigylearning.desk.com
+		echop44.project44.desk.com
+		propertyroomcom.desk.com
+		protectwise.desk.com
+		proxpn.desk.com
+		punchbowl.desk.com
+		party-city.punchbowl.desk.com
+		questys.desk.com
+		quinyx.desk.com
+		rallyme.desk.com
+		rdcaviation.desk.com
+		airport-charges.rdcaviation.desk.com
+		apex.rdcaviation.desk.com
+		realself.desk.com
+		apphelp.realself.desk.com
+		rebuy-de.rebuy.desk.com
+		rebuy-it.rebuy.desk.com
+		rebuy-nl.rebuy.desk.com
+		renmicro.desk.com
+		reportallusa.desk.com
+		tablemanager.restogroup.desk.com
+		diabetes-escape-plan.resultsink.desk.com
+		flofit.resultsink.desk.com
+		hot-at-home.resultsink.desk.com
+		keto-resource.resultsink.desk.com
+		rocketfrog.desk.com
+		rpm-for-residence.rpmlf.desk.com
+		rtda.desk.com
+		rugsusa.desk.com
+		safelylocked.desk.com
+		salesforcedemo.desk.com
+		samsungsta.desk.com
+		consumers.satco.desk.com
+		professionals.satco.desk.com
+		saxo.desk.com
+		saxo-bank.saxobank.desk.com
+		scheduleonce.desk.com
+		scoutalley.desk.com
+		seattlehomepro.desk.com
+		seeq.desk.com
+		sheamoisture.sheamoisture.desk.com
+		sheetmusicdirect.desk.com
+		shopkick-germany.shopkick.desk.com
+		shopmium.desk.com
+		be-shopmium.shopmium.desk.com
+		fr-shopmium.shopmium.desk.com
+		uk-activate.shopmium.desk.com
+		showpad.desk.com
+		simpplr.desk.com
+		singlecare-member.singlecare.desk.com
+		skytree.desk.com
+		smartdnsproxy.desk.com
+		smartschool.desk.com
+		smithmicro.desk.com
+		smxemail.desk.com
+		socialengine.desk.com
+		socom-nl.desk.com
+		spoon.desk.com
+		turbosupport.spoon.desk.com
+		team.sportngin.desk.com
+		home.sportngin.desk.com
+		organization.sportngin.desk.com
+		trackwrestling.sportngin.desk.com
+		springahead.desk.com
+		user-support.softonic.desk.com
+		solio.desk.com
+		songkick.desk.com
+		songkick.songkick.desk.com
+		sorensonmedia.desk.com
+		vendor-help.sourceday.desk.com
+		spoonsupport.spoon.desk.com
+		spacetimestudios.desk.com
+		specialtyansweringservice.desk.com
+		status2.desk.com
+		stedwards.desk.com
+		streema.desk.com
+		streetlife.desk.com
+		studyblue.desk.com
+		stuvia.desk.com
+		suitabletech.desk.com
+		sumall.desk.com
+		sumitomoelectric.desk.com
+		community.support.desk.com
+		business-online-payroll.surepayroll.desk.com
+		citibusiness-payroll-manager.surepayroll.desk.com
+		runpayroll.surepayroll.desk.com
+		suntrust-online-payroll.surepayroll.desk.com
+		agents-service-centre.suresave.desk.com
+		suresave-travel-insurance.suresave.desk.com
+		swiftnav.desk.com
+		help.swipeclock.desk.com
+		helphub.swipeclock.desk.com
+		hubbasicsupport.swipeclock.desk.com
+		hubsupport.swipeclock.desk.com
+		swipeclock.swipeclock.desk.com
+		timesimplicity-partner-support.swipeclock.desk.com
+		timeworks.swipeclock.desk.com
+		timeworks-partner-support.swipeclock.desk.com
+		timeworksplus-client-support.swipeclock.desk.com
+		timeworksplus-partner-support.swipeclock.desk.com
+		workforcehubsupport.swipeclock.desk.com
+		talkatone.desk.com
+		talonone.desk.com
+		hub-support.tasktop.desk.com
+		support.tasktop.desk.com
+		tapiture.desk.com
+		taskstream.desk.com
+		taskstreamhelp.desk.com
+		tri-counties-bank.tcbk.desk.com
+		welcome.tcbk.desk.com
+		ted.desk.com
+		teded.ted.desk.com
+		telerivet.desk.com
+		self-service.telesign.desk.com
+		theweatherchannel.desk.com
+		con-edison-smart-ac-program.thinkeco.desk.com
+		cool-control.thinkeco.desk.com
+		coolnyc-con-edison.thinkeco.desk.com
+		nyserda-power-perks.thinkeco.desk.com
+		pseg-li-super-saver-room-ac-program.thinkeco.desk.com
+		smart-savings-rewards.thinkeco.desk.com
+		thinkeco.thinkeco.desk.com
+		united-illuminating.thinkeco.desk.com
+		tint.desk.com
+		turnkey-corrections.threesquaremarket.desk.com
+		tiatrosresearch.desk.com
+		tiwc.desk.com
+		tmart.tmarthk.desk.com
+		speechpal.transcribeme.desk.com
+		support.transcribeme.desk.com
+		homeaway.travelmob.desk.com
+		travelmob.travelmob.desk.com
+		flyingeagles.travelup.desk.com
+		magicholidays.travelup.desk.com
+		travelup.travelup.desk.com
+		triumphlearning.desk.com
+		trusona.desk.com
+		tutorfair.desk.com
+		tv-squared.tvsquared.desk.com
+		typesafe.desk.com
+		ultra.desk.com
+		australia.ultra.desk.com
+		beijing.ultra.desk.com
+		brasil.ultra.desk.com
+		europe.ultra.desk.com
+		japan.ultra.desk.com
+		korea.ultra.desk.com
+		mexico.ultra.desk.com
+		miami.ultra.desk.com
+		passport.ultra.desk.com
+		shanghai.ultra.desk.com
+		southafrica.ultra.desk.com
+		taiwan.ultra.desk.com
+		singapore.ultra.desk.com
+		overplay.unblock.desk.com
+		unitec.desk.com
+		universityofyork1.desk.com
+		urbanairship.desk.com
+		comms.urbaninstitute.desk.com
+		it.urbaninstitute.desk.com
+		smb-success-center.usertesting.desk.com
+		usertesting-com.usertesting.desk.com
+		usetallie.desk.com
+		home.userzoom.desk.com
+		ubivox-technologies.uvxtech.desk.com
+		vacares.desk.com
+		validic-streaming.validic.desk.com
+		vaultrooms.desk.com
+		velma.desk.com
+		velocloud.desk.com
+		viber.desk.com
+		developers.viber.desk.com
+		developers-home.viber.desk.com
+		partners.viber.desk.com
+		videoblocks.videoblocks.desk.com
+		vigillo.desk.com
+		virtualmedschool.desk.com
+		virtuozzo.desk.com
+		vitta.desk.com
+		volotea.desk.com
+		wave.desk.com
+		wd.desk.com
+		webx2.desk.com
+		cisco-spark.webx2.desk.com
+		ctg-trials.webx2.desk.com
+		huron-and-cloud-extensions.webx2.desk.com
+		washjeff.desk.com
+		wickr.desk.com
+		messenger.wickr.desk.com
+		wildtree.desk.com
+		dorms-com-helpdesk.worldhostels.desk.com
+		world-nomads-service-centre.worldnomads.desk.com
+		wrstudios.desk.com
+		cloudattract.wrstudios.desk.com
+		cloudcma.wrstudios.desk.com
+		cloud-agent-suite.wrstudios.desk.com
+		xample.desk.com
+		xlstat.desk.com
+		youcanprint.desk.com
+		youeye.desk.com
+		youversion.desk.com
+		ys.desk.com
+		zenfolio.desk.com
+		zervant.desk.com
+		zipwhip.desk.com
+		verizon-paws.zipwhip.desk.com
+		zipwhip-support2.zipwhip.desk.com
 
+	Redirect to HTTP:
+		blog.desk.com
+		community.desk.com
+		get.desk.com
+		updates.desk.com
+		www1.desk.com
+		www2.desk.com
 -->
-<ruleset name="Desk.com" default_off='failed ruleset test'>
-
-	<target host="assistly.com" />
-	<target host="*.assistly.com" />
+<ruleset name="Desk.com">
 	<target host="desk.com" />
-	<target host="*.desk.com" />
-
-
-	<rule from="^http://(www\.)?assistly\.com/"
-		to="https://$1assistly.com/" />
-
-	<rule from="^http://assets\d\.assistly\.com/"
-		to="https://d1epb5gzmg3005.cloudfront.net/" />
-
-	<rule from="^http://webassets\.assistly\.com/"
-		to="https://dwan8j4vneaa7.cloudfront.net/" />
-
-	<rule from="^http://(?:www\.)?desk\.com/"
-		to="https://www.desk.com/" />
-
-	<rule from="^http://assets(?:[0-3]|0[1-4])?\.desk\.com/"
-		to="https://d218iqt4mo6adh.cloudfront.net/" />
-
-	<rule from="^http://webassets\.desk\.com/"
-		to="https://d3e6ejlgd1t9v1.cloudfront.net/" />
-
-	<!--	1st-party domains:
-
-			- dev
-			- reg
-			- support
-					-->
-	<rule from="^http://([\w-]+)\.desk\.com/"
-		to="https://$1.desk.com/" />
+	<target host="www.desk.com" />
+	<target host="cdn.desk.com" />
+	<target host="dev.desk.com" />
+	<target host="status.desk.com" />
+	<target host="webassets.desk.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Despora.de.xml b/src/chrome/content/rules/Despora.de.xml
deleted file mode 100644
index d058dbbc3729..000000000000
--- a/src/chrome/content/rules/Despora.de.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Despora.de">
-
-	<target host="despora.de" />
-	<target host="www.despora.de" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Destructoid.xml b/src/chrome/content/rules/Destructoid.xml
index 735f5f085248..5e9531ee8850 100644
--- a/src/chrome/content/rules/Destructoid.xml
+++ b/src/chrome/content/rules/Destructoid.xml
@@ -1,14 +1,12 @@
-<ruleset name="Destructoid">
+<ruleset name="Destructoid.com">
 	<target host="destructoid.com"/>
 	<target host="www.destructoid.com"/>
 	<target host="bulk2.destructoid.com"/>
 	<target host="cdn.destructoid.com"/>
-	<target host="store.destructoid.com"/>
-		<test url="http://www.destructoid.com/"/>
 		<test url="http://www.destructoid.com/blogs/"/>
 		<test url="http://www.destructoid.com/?t=japanator/"/>
-		<test url="http://store.destructoid.com/"/>
-		<test url="http://store.destructoid.com/deals/software/"/>
+
 	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Desura.xml b/src/chrome/content/rules/Desura.xml
deleted file mode 100644
index a298cb7b546e..000000000000
--- a/src/chrome/content/rules/Desura.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- media
-
--->
-<ruleset name="Desura (partial)">
-
-	<target host="*.desura.com" />
-
-
-	<rule from="^http://s(?:ecure|tatic)\.desura\.com/"
-		to="https://secure.desura.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Desy.de.xml b/src/chrome/content/rules/Desy.de.xml
index 49d87d8a5d48..034769cf176a 100644
--- a/src/chrome/content/rules/Desy.de.xml
+++ b/src/chrome/content/rules/Desy.de.xml
@@ -63,7 +63,7 @@ Fetch error: http://wof-piwik2.desy.de/ => https://wof-piwik2.desy.de/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="Desy.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Desy.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Details.com-falsemixed.xml b/src/chrome/content/rules/Details.com-falsemixed.xml
index 20234262e1e7..59df37df1595 100644
--- a/src/chrome/content/rules/Details.com-falsemixed.xml
+++ b/src/chrome/content/rules/Details.com-falsemixed.xml
@@ -8,7 +8,7 @@ Fetch error: http://wp-poc.details.com/ => https://wp-poc.details.com/: (6, 'Cou
 	For rules not causing false/broken MCB, see Details.com.xml.
 
 -->
-<ruleset name="Details.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Details.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="wp-poc.details.com" />
 
diff --git a/src/chrome/content/rules/Details.xml b/src/chrome/content/rules/Details.xml
index 07bb14d14100..c402bfae2a1a 100644
--- a/src/chrome/content/rules/Details.xml
+++ b/src/chrome/content/rules/Details.xml
@@ -44,7 +44,9 @@
 <ruleset name="Details (partial)">
 
 	<target host="details.com" />
-	<target host="*.details.com" />
+	<target host="secure.details.com" />
+	<target host="www.details.com" />
+	<target host="wp-poc.details.com" />
 		<exclusion pattern="^http://(?:www\.)?details\.com/(?!css/|images/|favicon\.ico$|sandbox/)" />
 
 
diff --git a/src/chrome/content/rules/Deutsche-BKK.xml b/src/chrome/content/rules/Deutsche-BKK.xml
deleted file mode 100644
index 5a9085272409..000000000000
--- a/src/chrome/content/rules/Deutsche-BKK.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Deutsche BKK">
-<target host="www.deutschebkk.de" />
-<target host="deutschebkk.de" />
-<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Deutsche-Finanzagentur.de.xml b/src/chrome/content/rules/Deutsche-Finanzagentur.de.xml
new file mode 100644
index 000000000000..224245230a14
--- /dev/null
+++ b/src/chrome/content/rules/Deutsche-Finanzagentur.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Timeout:
+		- bmail.deutsche-finanzagentur.de
+		- mail.deutsche-finanzagentur.de
+-->
+<ruleset name="Deutsche-Finanzagentur.de">
+
+	<target host="www.deutsche-finanzagentur.de" />
+	<target host="eas.deutsche-finanzagentur.de" />
+	<target host="mdm.deutsche-finanzagentur.de" />
+	<target host="prod.deutsche-finanzagentur.de" />
+	<target host="stage.deutsche-finanzagentur.de" />
+	<target host="wartung.deutsche-finanzagentur.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsche-Rohstoffagentur.de.xml b/src/chrome/content/rules/Deutsche-Rohstoffagentur.de.xml
new file mode 100644
index 000000000000..5998c3a69499
--- /dev/null
+++ b/src/chrome/content/rules/Deutsche-Rohstoffagentur.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		deutsche-rohstoffagentur.de
+-->
+<ruleset name="Deutsche-Rohstoffagentur.de">
+
+	<target host="deutsche-rohstoffagentur.de" />
+	<target host="www.deutsche-rohstoffagentur.de" />
+
+	<rule from="^http://deutsche-rohstoffagentur\.de/"
+		to="https://www.deutsche-rohstoffagentur.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsche_Boerse.xml b/src/chrome/content/rules/Deutsche_Boerse.xml
index 748281a4cb6e..5fb034cc421a 100644
--- a/src/chrome/content/rules/Deutsche_Boerse.xml
+++ b/src/chrome/content/rules/Deutsche_Boerse.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.deutsche-boerse.com/ => https://www.deutsche-boerse.com/
 
 -->
 
-<ruleset name="Deutsche Börse Group" default_off='failed ruleset test'>
+<ruleset name="Deutsche Börse Group" default_off="failed ruleset test">
     <target host="deutsche-boerse.com" />
     <target host="www.deutsche-boerse.com" />
 
diff --git a/src/chrome/content/rules/Deutsche_Telekom.xml b/src/chrome/content/rules/Deutsche_Telekom.xml
index dc575789d359..f615ad78dee9 100644
--- a/src/chrome/content/rules/Deutsche_Telekom.xml
+++ b/src/chrome/content/rules/Deutsche_Telekom.xml
@@ -11,7 +11,6 @@ Fetch error: http://videomeet.telekom.de/ => https://videomeet.telekom.de/: (6,
 	Other Deutsche Telekom rulesets:
 
 		- T-Mobile.xml
-		- T-Mobile.co.uk.xml
 		- T-Online.xml
 		- TMobile.com.xml
 		- TMobile.nl.xml
@@ -20,7 +19,6 @@ Fetch error: http://videomeet.telekom.de/ => https://videomeet.telekom.de/: (6,
 		- Telekom-Partnerwelt.de.xml
 		- Telekom-Profis.de.xml
 		- Telekom-dienste.de.xml
-		- Wtpx-Telekom.com.xml
 
 
 	Insecure cookies are set for these domains and hosts:
@@ -35,7 +33,7 @@ Fetch error: http://videomeet.telekom.de/ => https://videomeet.telekom.de/: (6,
 		- Bug on (www.)?forum from stats.t-online.de
 
 -->
-<ruleset name="Telekom.de" default_off='failed ruleset test'>
+<ruleset name="Telekom.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Deutscher_Bundestag.xml b/src/chrome/content/rules/Deutscher_Bundestag.xml
index 3ec48890992c..7090c3cdfb94 100644
--- a/src/chrome/content/rules/Deutscher_Bundestag.xml
+++ b/src/chrome/content/rules/Deutscher_Bundestag.xml
@@ -1,19 +1,28 @@
 <!--
-	Problematic subdomains:
-
-		- webarchiv	(works; mismatched, CN: blog.internetenquete.de)
-
+	Time-Out
+		bilderdienst.bundestag.de
+		pdok.bundestag.de
+		webarchiv.bundestag.de
 -->
 <ruleset name="Deutscher Bundestag (partial)">
 
 	<target host="bundestag.de" />
-	<target host="*.bundestag.de" />
-
+	<target host="www.bundestag.de" />
+	<target host="adler.bundestag.de" />
+	<target host="dip.bundestag.de" />
+	<target host="dipbt.bundestag.de" />
+	<target host="dip21.bundestag.de" />
+	<target host="epetitionen.bundestag.de" />
+	<target host="forum.bundestag.de" />
+	<target host="opac.bundestag.de" />
+	<target host="schule.bundestag.de" />
+	<target host="statistik.bundestag.de" />
+	<target host="suche.bundestag.de" />
+	<target host="visite.bundestag.de" />
+	<target host="webtv.bundestag.de" />
 
 	<securecookie host="^.+\.bundestag\.de$" name=".+" />
 
+	<rule from="^http:" to="https:"/>
 
-	<rule from="^http://((?:datenaustausch|forum|suche|www)\.)?bundestag\.de/"
-		to="https://$1bundestag.de/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Deutsches_Klimaportal.xml b/src/chrome/content/rules/Deutsches_Klimaportal.xml
new file mode 100644
index 000000000000..d3dd591388f0
--- /dev/null
+++ b/src/chrome/content/rules/Deutsches_Klimaportal.xml
@@ -0,0 +1,10 @@
+<!--
+	No DNS entry:
+		deutschesklimaportal.de
+-->
+
+<ruleset name="Deutsches Klimaportal">
+	<target host="www.deutschesklimaportal.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DeutschlandRadio.xml b/src/chrome/content/rules/DeutschlandRadio.xml
deleted file mode 100644
index 2070219db274..000000000000
--- a/src/chrome/content/rules/DeutschlandRadio.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--
-	4xx:
-		- uc-sip.deutschlandradio.de
-
-	Cert mismatch:
-		- 50jahre.deutschlandfunk.de
-		- blog.deutschlandfunk.de
-		- blogs.deutschlandfunk.de
-		- deutschlandfunknova.de
-
-	Chain incomplete:
-		- blogs.deutschlandradio.de
-
-	Connection refused:
-		- (www.)deutschlandfunkkultur.de
-		- m.deutschlandfunkkultur.de
-		- (www.)deutschlandfunk.de
-		- m.deutschlandfunk.de
-		- (www.)deutschlandradio.de
-		- 20jahre.deutschlandradio.de
-
-	Self-signed cert:
-		- europa.deutschlandfunk.de
-		- wahlblog.deutschlandfunk.de
-
-	Timeout:
-		- drc.deutschlandradio.de
-		- legacy.deutschlandradio.de
-		- mail.deutschlandradio.de
-		- mein.deutschlandradio.de
-
-	TLS errors:
-		- uc-av.deutschlandradio.de
-		- uc-webconf.deutschlandradio.de
-
-	Too many redirects:
-		- srv.deutschlandradio.de
-
--->
-<ruleset name="DeutschlandRadio (partial)">
-
-	<target host="breitband.deutschlandfunkkultur.de" />
-	<target host="www.breitband.deutschlandfunkkultur.de" />
-
-
-	<target host="www.deutschlandfunknova.de" />
-	<target host="static.deutschlandfunknova.de" />
-
-	<target host="autodiscover.deutschlandradio.de" />
-	<target host="berlinupload.deutschlandradio.de" />
-	<target host="bvpn.deutschlandradio.de" />
-	<target host="dataexchange.deutschlandradio.de" />
-	<target host="ftp.deutschlandradio.de" />
-	<target host="koelnupload.deutschlandradio.de" />
-	<target host="kurzstrecke.deutschlandradio.de" />
-	<target host="kvpn.deutschlandradio.de" />
-	<target host="lyncdiscover.deutschlandradio.de" />
-	<target host="mobile.deutschlandradio.de" />
-	<target host="portal03.deutschlandradio.de" />
-	<target host="uc-meeting.deutschlandradio.de" />
-	<target host="uc-proxy.deutschlandradio.de" />
-	<target host="uc-webapp.deutschlandradio.de" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Deutschlandfunk.de.xml b/src/chrome/content/rules/Deutschlandfunk.de.xml
new file mode 100644
index 000000000000..aa033bda91c7
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandfunk.de.xml
@@ -0,0 +1,32 @@
+<!--
+	For other Deutschlandradio related rulesets, see Deutschlandradio.de.xml.
+
+	Content mismatch:
+		- st0[1-2].sslstream.dlf.de
+
+	Invalid certificate:
+		- 50jahre.deutschlandfunk.de
+		- blog.deutschlandfunk.de
+		- blogs.deutschlandfunk.de
+		- europa.deutschlandfunk.de
+		- wahlblog.deutschlandfunk.de
+		- st0[1-4].dlf.de
+-->
+<ruleset name="Deutschlandfunk.de">
+
+	<target host="deutschlandfunk.de" />
+	<target host="www.deutschlandfunk.de" />
+	<target host="assets.deutschlandfunk.de" />
+	<target host="m.deutschlandfunk.de" />
+	<target host="assets.mig.deutschlandfunk.de" />
+	<target host="assets.stage.deutschlandfunk.de" />
+	<target host="assets.test.deutschlandfunk.de" />
+	
+	<target host="dlf.de" />
+	<target host="www.dlf.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandfunkkultur.de.xml b/src/chrome/content/rules/Deutschlandfunkkultur.de.xml
new file mode 100644
index 000000000000..7ab3342ca8fc
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandfunkkultur.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Deutschlandradio related rulesets, see Deutschlandfunkkultur.de.xml.
+
+	Invalid certificate:
+		www.breitband.deutschlandfunkkultur.de
+-->
+<ruleset name="Deutschlandfunkkultur.de">
+
+	<target host="deutschlandfunkkultur.de" />
+	<target host="www.deutschlandfunkkultur.de" />
+	<target host="breitband.deutschlandfunkkultur.de" />
+	<target host="m.deutschlandfunkkultur.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandfunknova.de.xml b/src/chrome/content/rules/Deutschlandfunknova.de.xml
new file mode 100644
index 000000000000..92bce48d613c
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandfunknova.de.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Deutschlandradio related rulesets, see Deutschlandfunkkultur.de.xml.
+-->
+<ruleset name="Deutschlandfunknova.de">
+
+	<target host="deutschlandfunknova.de" />
+	<target host="www.deutschlandfunknova.de" />
+	<target host="static.deutschlandfunknova.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Deutschlandradio.de.xml b/src/chrome/content/rules/Deutschlandradio.de.xml
new file mode 100644
index 000000000000..71c15eb1ba04
--- /dev/null
+++ b/src/chrome/content/rules/Deutschlandradio.de.xml
@@ -0,0 +1,47 @@
+<!--
+	Other Deutschlandradio.de rulesets:
+		- Deutschlandfunk.de.xml
+		- Deutschlandfunkkultur.de.xml
+		- Deutschlandfunknova.de.xml
+
+	Cert mismatch:
+		- 20jahre.deutschlandradio.de
+		- blogs.deutschlandradio.de.de
+
+	Timeout:
+		- legacy.deutschlandradio.de
+		- mail.deutschlandradio.de
+		- mein.deutschlandradio.de
+
+	TLS errors:
+		- uc-av.deutschlandradio.de
+		- uc-webconf.deutschlandradio.de
+
+	Unable to get local issuer certificate:
+		- berlinupload.deutschlandradio.de
+		- koelnupload.deutschlandradio.de
+		- portal03.deutschlandradio.de
+-->
+<ruleset name="Deutschlandradio.de">
+
+	<target host="deutschlandradio.de" />
+	<target host="www.deutschlandradio.de" />
+	<target host="autodiscover.deutschlandradio.de" />
+	<target host="bvpn.deutschlandradio.de" />
+	<target host="dataexchange.deutschlandradio.de" />
+	<target host="ftp.deutschlandradio.de" />
+	<target host="kurzstrecke.deutschlandradio.de" />
+	<target host="kvpn.deutschlandradio.de" />
+	<target host="lyncdiscover.deutschlandradio.de" />
+	<target host="mobile.deutschlandradio.de" />
+	<target host="srv.deutschlandradio.de" />
+	<target host="uc-meeting.deutschlandradio.de" />
+	<target host="uc-proxy.deutschlandradio.de" />
+	<target host="uc-sip.deutschlandradio.de" />
+	<target host="uc-webapp.deutschlandradio.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DevStructure.xml b/src/chrome/content/rules/DevStructure.xml
index 003122f67101..8d223f77532f 100644
--- a/src/chrome/content/rules/DevStructure.xml
+++ b/src/chrome/content/rules/DevStructure.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://devstructure.com/ => https://devstructure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'devstructure.com'")
 Fetch error: http://www.devstructure.com/ => https://devstructure.com/: (51, "SSL: no alternative certificate subject name matches target host name 'devstructure.com'")
 -->
-<ruleset name="Devstructure" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Devstructure" platform="mixedcontent" default_off="failed ruleset test">
   <target host="devstructure.com"/>
   <target host="www.devstructure.com"/>
   <rule from="^http://(?:www\.)?devstructure\.com/" to="https://devstructure.com/"/>
diff --git a/src/chrome/content/rules/DevZing.com.xml b/src/chrome/content/rules/DevZing.com.xml
index e7e24af899df..08ee82c58c72 100644
--- a/src/chrome/content/rules/DevZing.com.xml
+++ b/src/chrome/content/rules/DevZing.com.xml
@@ -22,4 +22,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Devast.io.xml b/src/chrome/content/rules/Devast.io.xml
new file mode 100644
index 000000000000..454fbc6eee0e
--- /dev/null
+++ b/src/chrome/content/rules/Devast.io.xml
@@ -0,0 +1,23 @@
+<!--
+	Timeout:
+		- 104-200-29-183
+		- 139-162-190-42
+		- 139-162-6-31
+		- 172-104-150-187
+		- 173-255-221-28
+		- 185-159-82-199
+		- 185-159-82-97
+		- 69-164-210-207
+
+	Mismatched:
+		- ftp
+		- mail
+		- pop3
+		- smtp
+-->
+<ruleset name="Devast.io">
+	<target host="devast.io" />
+	<target host="www.devast.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Deverge.com.xml b/src/chrome/content/rules/Deverge.com.xml
new file mode 100644
index 000000000000..5247ec5c780a
--- /dev/null
+++ b/src/chrome/content/rules/Deverge.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Deverge.com">
+	<target host="deverge.com" />
+	<target host="www.deverge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devmonk.com.xml b/src/chrome/content/rules/Devmonk.com.xml
deleted file mode 100644
index 348bbe342061..000000000000
--- a/src/chrome/content/rules/Devmonk.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	www.devmonk.com: Mismatched
-
--->
-<ruleset name="devmonk.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="devmonk.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.devmonk.com" />
-
-
-	<rule from="^http://www\.devmonk\.com/"
-		to="https://devmonk.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Devon.gov.uk.xml b/src/chrome/content/rules/Devon.gov.uk.xml
index bd3e0a818ab6..c12cd730200c 100644
--- a/src/chrome/content/rules/Devon.gov.uk.xml
+++ b/src/chrome/content/rules/Devon.gov.uk.xml
@@ -28,6 +28,6 @@
 	<rule from="^http://www\.devon\.gov\.uk/"
 			to="https://new.devon.gov.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DevonandCornwallPolice.xml b/src/chrome/content/rules/DevonandCornwallPolice.xml
index c43ae96b39f8..5c82a507a845 100644
--- a/src/chrome/content/rules/DevonandCornwallPolice.xml
+++ b/src/chrome/content/rules/DevonandCornwallPolice.xml
@@ -17,7 +17,7 @@ Fetch error: http://devon-cornwall.police.uk/ => https://devon-cornwall.police.u
 			- digitalmediablog.devon-cornwall.police.uk
 
 -->
-<ruleset name="Devon and Cornwall Police" default_off='failed ruleset test'>
+<ruleset name="Devon and Cornwall Police" default_off="failed ruleset test">
 	<target host="devon-cornwall.police.uk" />
 	<target host="www.devon-cornwall.police.uk" />
 	<target host="services.devon-cornwall.police.uk" />
diff --git a/src/chrome/content/rules/Devpen.io.xml b/src/chrome/content/rules/Devpen.io.xml
new file mode 100644
index 000000000000..a991acf78e14
--- /dev/null
+++ b/src/chrome/content/rules/Devpen.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Devpen.io">
+	<target host="devpen.io" />
+	<target host="www.devpen.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Devprom.ru.xml b/src/chrome/content/rules/Devprom.ru.xml
index 4c07fe3f440f..460c97b694bf 100644
--- a/src/chrome/content/rules/Devprom.ru.xml
+++ b/src/chrome/content/rules/Devprom.ru.xml
@@ -11,7 +11,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Devprom.ru (partial)" default_off="missing certificate chain">
+<ruleset name="Devprom.ru (partial)" default_off="cert-chain">
 
 	<target host="devprom.ru" />
 	<target host="www.devprom.ru" />
diff --git a/src/chrome/content/rules/Diakonie.de.xml b/src/chrome/content/rules/Diakonie.de.xml
new file mode 100644
index 000000000000..1b5397276773
--- /dev/null
+++ b/src/chrome/content/rules/Diakonie.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Secure connection failed:
+		www.info.diakonie.de
+-->
+<ruleset name="Diakonie.de">
+
+	<target host="diakonie.de" />
+	<target host="www.diakonie.de" />
+	<target host="bewerbung.diakonie.de" />
+	<target host="design.diakonie.de" />
+	<target host="hilfe.diakonie.de" />
+	<target host="info.diakonie.de" />
+	<target host="karriere.diakonie.de" />
+	<target host="missiononline.diakonie.de" />
+	<target host="praesident.diakonie.de" />
+	<target host="wolke.diakonie.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dianomi.com.xml b/src/chrome/content/rules/Dianomi.com.xml
new file mode 100644
index 000000000000..54155cdc5d73
--- /dev/null
+++ b/src/chrome/content/rules/Dianomi.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+		SSL peer certificate was not OK:
+		- www.forex.dianomi.com
+		- www.offers.dianomi.com
+		- www.retirement.dianomi.com
+		- www.smartlinks.dianomi.com
+		- www.trading.dianomi.com
+
+-->
+<ruleset name="Dianomi.com (partial)">
+
+	<target host="dianomi.com" />
+	<target host="www.dianomi.com" />
+	<target host="auoffers.dianomi.com" />
+	<target host="automotive.dianomi.com" />
+	<target host="goldinvesting.dianomi.com" />
+	<target host="my.dianomi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Dianomi.xml b/src/chrome/content/rules/Dianomi.xml
deleted file mode 100644
index 3dafb7d14562..000000000000
--- a/src/chrome/content/rules/Dianomi.xml
+++ /dev/null
@@ -1,65 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cdn.dianomi.com/ => https://d3von6il1wr7wo.cloudfront.net/: (6, 'Could not resolve host: d3von6il1wr7wo.cloudfront.net')
-
-	CDN buckets:
-
-		- d3von6il1wr7wo.cloudfront.net
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- www.smartlinks	(522)
-
-
-	Fully covered hosts in *dianomi.com:
-
-		- (www.)?
-		- automotive
-		- cdn		(→ d3von6il1wr7wo.cloudfront.net)
-		- my
-
-
-	Insecure cookies are set for these domains:
-
-		- .dianomi.com
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="dianomi.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="dianomi.com" />
-	<target host="automotive.dianomi.com" />
-	<target host="my.dianomi.com" />
-	<target host="www.dianomi.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cdn.dianomi.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.dianomi\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:.*\.)?dianomi\.com$" name=".+" />
-
-
-	<rule from="^http://cdn\.dianomi\.com/"
-		to="https://d3von6il1wr7wo.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Diasp.eu.xml b/src/chrome/content/rules/Diasp.eu.xml
index f8e352c9ebc2..94300c36e61e 100644
--- a/src/chrome/content/rules/Diasp.eu.xml
+++ b/src/chrome/content/rules/Diasp.eu.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.diasp.eu/ => https://www.diasp.eu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.diasp.eu'")
 
 -->
-<ruleset name="Diasp.eu" default_off='failed ruleset test'>
+<ruleset name="Diasp.eu" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Diaspora_Brazil.org.xml b/src/chrome/content/rules/Diaspora_Brazil.org.xml
index 9df01d7d6746..d2564a2bd7a9 100644
--- a/src/chrome/content/rules/Diaspora_Brazil.org.xml
+++ b/src/chrome/content/rules/Diaspora_Brazil.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.diasporabrazil.org/ => https://www.diasporabrazil.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.diasporabrazil.org'")
 
 -->
-<ruleset name="Diaspora Brazil.org" default_off='failed ruleset test'>
+<ruleset name="Diaspora Brazil.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dice-problematic.xml b/src/chrome/content/rules/Dice-problematic.xml
deleted file mode 100644
index 3235dab79b11..000000000000
--- a/src/chrome/content/rules/Dice-problematic.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Dice.xml.
-
--->
-<ruleset name="Dice.com (false MCB)" platform="mixedcontent">
-
-	<target host="dice.com" />
-	<target host="www.dice.com" />
-
-		<!--	Redirects to http:
-						-->
-		<exclusion pattern="http://www\.dice\.com/+(?:$|\?)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.dice.com/?" />
-			<test url="http://www.dice.com//" />
-			<test url="http://www.dice.com//?" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.dice.com/job/advancedSearch.html" />
-
-
-	<rule from="^http://(?:www\.)?dice\.com/"
-		to="https://www.dice.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dice.com.xml b/src/chrome/content/rules/Dice.com.xml
new file mode 100644
index 000000000000..d87918b34c36
--- /dev/null
+++ b/src/chrome/content/rules/Dice.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Other Dice Holdings rulesets:
+		+ EFinancialCareers.xml
+		+ EFinancialCareers.cn.xml
+		+ Slashdot_Media.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- images.dice.com
+		- marketing.dice.com
+		- news.dice.com
+
+		SSL peer certificate was not OK:
+		- media.dice.com
+-->
+<ruleset name="Dice.com (partial)">
+	<target host="dice.com" />
+	<target host="www.dice.com" />
+	<target host="assets.dice.com" />
+	<target host="employer.dice.com" />
+	<target host="get.dice.com" />
+	<target host="resources.dice.com" />
+	<target host="secure.dice.com" />
+	<target host="seeker.dice.com" />
+	<target host="techtalk.dice.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dice.xml b/src/chrome/content/rules/Dice.xml
deleted file mode 100644
index 6384a9fbc5d3..000000000000
--- a/src/chrome/content/rules/Dice.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Dice-problematic.xml.
-
-
-	Other Dice Holdings rulesets:
-
-		- EFinancialCareers.xml
-		- EFinancialCareers.cn.xml
-		- Slashdot_Media.xml
-
-
-	Nonfunctional hosts in *dice.com:
-
-		- marketing ¹
-		- media ²
-		- news ²
-		- resources ¹
-		- seeker ²
-		- techtalk ³
-
-	¹ Dropped
-	² Refused
-	³ Redirects to http
-
-
-	Problematic hosts in *dice.com:
-
-		- ^ ᵈ
-		- get ᵐ
-
-	ᵈ Dropped
-	ᵐ Mismatched
-
-
-	These altnames don't exist:
-
-		- www.secure.dice.com
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .dice.com
-		- get.dice.com
-		- www.dice.com
-
-
-	Mixed content:
-
-		- iframes on www from www.youtube.com *
-		- css on www from assets.dice.com *
-		- Images on www from assets.dice.com *
-
-		- Bugs, on:
-
-			- www from diceinc.112.2o7.net *
-			- www from fls.doubleclick.net
-			- www from pixel.quantserve.com *
-			- employer, www from ad.retargeter.com *
-
-	* Secured by us
-
--->
-<ruleset name="Dice.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="assets.dice.com" />
-	<target host="employer.dice.com" />
-	<target host="images.dice.com" />
-	<target host="secure.dice.com" />
-	<target host="www.dice.com" />
-
-	<!--	Complications:
-				-->
-	<target host="dice.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.dice\.com/$" /-->
-		<!--
-			Mixed css:
-					-->
-		<!--exclusion pattern="http://www\.dice\.com/job/advancedSearch\.html" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.dice\.com/(?!assets/|company/\w|content/|(?:dashboard|jobs)(?:$|[?/])|favicon\.ico)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.dice.com/adnetwork" />
-			<test url="http://www.dice.com/common/content/marketing/salesAndMarketing.jsp" />
-			<test url="http://www.dice.com/common/content/postJobs/index2.jsp" />
-			<test url="http://www.dice.com/common/seeker/docs/dice_jobs.jsp" />
-			<test url="http://www.dice.com/company/NETSO" />
-			<test url="http://www.dice.com/dice141" />
-			<test url="http://www.dice.com/job/advancedSearch.html" />
-			<test url="http://www.dice.com/social" />
-			<test url="http://www.dice.com/socialrecruiting" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.dice.com/company/10267824" />
-			<test url="http://www.dice.com/dashboard" />
-			<test url="http://www.dice.com/favicon.ico" />
-			<test url="http://www.dice.com/jobs" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.dice\.com$" name="^ubvt$" /-->
-	<!--securecookie host="^get\.dice\.com$" name="^(ubpv|ubvs)$" /-->
-	<!--securecookie host="^www\.dice\.com$" name="^(JSESSIONID|DQS)$" /-->
-
-	<securecookie host="^\." name="^(?:__qca$|s_v)" />
-
-
-	<rule from="^http://dice\.com/"
-		to="https://www.dice.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dict.cn.xml b/src/chrome/content/rules/Dict.cn.xml
new file mode 100644
index 000000000000..871464899840
--- /dev/null
+++ b/src/chrome/content/rules/Dict.cn.xml
@@ -0,0 +1,46 @@
+<!--
+	Nonfunctional hosts in *.dict.cn:
+
+	r: connection refused
+		apii.*
+		app.*
+		app2.*
+		apis.*
+		audio.*
+		bdc.*
+		cas.*
+		capi.*
+		cidian.*
+		class.*
+		dc.*
+		client.*
+		fy.*
+		fuzz.*
+		ids.*
+		name.*
+		pay.*
+		uc.*
+		uhai.*
+
+-->
+<ruleset name="Dict.cn">
+	<target host="dict.cn" />
+	<target host="www.dict.cn" />
+	<target host="about.dict.cn" />
+	<target host="abbr.dict.cn" />
+	<target host="account.dict.cn" />
+	<target host="bj.dict.cn" />
+	<target host="dl.dict.cn" />
+	<target host="fanyi.dict.cn" />
+	<target host="gdh.dict.cn" />
+	<target host="hr.dict.cn" />
+	<target host="hanyu.dict.cn" />
+	<target host="hci.dict.cn" />
+	<target host="memo.dict.cn" />
+	<target host="scb.dict.cn" />
+	<target host="sh.dict.cn" />
+	<target host="shh.dict.cn" />
+	<target host="us.dict.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dictionary.com.xml b/src/chrome/content/rules/Dictionary.com.xml
new file mode 100644
index 000000000000..b135493b1410
--- /dev/null
+++ b/src/chrome/content/rules/Dictionary.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Dictionary.com">
+	<target host="dictionary.com" />
+	<target host="www.dictionary.com" />
+	<target host="app.dictionary.com" />
+		<test url="http://app.dictionary.com/logout" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DidierStevens.xml b/src/chrome/content/rules/DidierStevens.xml
new file mode 100644
index 000000000000..a9899301438b
--- /dev/null
+++ b/src/chrome/content/rules/DidierStevens.xml
@@ -0,0 +1,14 @@
+<!--
+        Time out:
+			- workshop.didierstevens.com
+
+-->
+
+<ruleset name="DidierStevens.com">
+	<target host="didierstevens.com" />
+	<target host="www.didierstevens.com" />
+	<target host="blog.didierstevens.com" />
+	<target host="videos.didierstevens.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Die-Linke.lgbt.xml b/src/chrome/content/rules/Die-Linke.lgbt.xml
deleted file mode 100644
index d472a6b8f4fe..000000000000
--- a/src/chrome/content/rules/Die-Linke.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Die-Linke.lgbt">
-	<target host="die-linke.lgbt" />
-	<target host="www.die-linke.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/DieTrollDie.com.xml b/src/chrome/content/rules/DieTrollDie.com.xml
deleted file mode 100644
index 75a72d376f6e..000000000000
--- a/src/chrome/content/rules/DieTrollDie.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Invalid certificate:
- 		333.dietrolldie.com
-
--->
-<ruleset name="DieTrollDie">
-
-	<target host="dietrolldie.com" />
-	<target host="www.dietrolldie.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Diesel.rs.xml b/src/chrome/content/rules/Diesel.rs.xml
new file mode 100644
index 000000000000..482ef345b13d
--- /dev/null
+++ b/src/chrome/content/rules/Diesel.rs.xml
@@ -0,0 +1,7 @@
+<ruleset name="Diesel.rs">
+	<target host="diesel.rs" />
+	<target host="discourse.diesel.rs" />
+	<target host="docs.diesel.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DifferenceBetween.info.xml b/src/chrome/content/rules/DifferenceBetween.info.xml
new file mode 100644
index 000000000000..372ceeb9d9c4
--- /dev/null
+++ b/src/chrome/content/rules/DifferenceBetween.info.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.differencebetween.info
+-->
+
+<ruleset name="DifferenceBetween.info" platform="mixedcontent">
+	<target host="differencebetween.info" />
+	<target host="www.differencebetween.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Difference_Between.xml b/src/chrome/content/rules/Difference_Between.xml
index a09c5a255cfe..5b6c7cddc81e 100644
--- a/src/chrome/content/rules/Difference_Between.xml
+++ b/src/chrome/content/rules/Difference_Between.xml
@@ -6,7 +6,8 @@
 <ruleset name="Difference Between" default_off="self-signed">
 
 	<target host="differencebetween.net" />
-	<target host="*.differencebetween.net" />
+	<target host="cdn.differencebetween.net" />
+	<target host="www.differencebetween.net" />
 
 
 	<rule from="^http://(?:cdn\.|www\.)?differencebetween\.net/"
diff --git a/src/chrome/content/rules/Difi.no.xml b/src/chrome/content/rules/Difi.no.xml
index bed3f48a9da7..02f8ad868132 100644
--- a/src/chrome/content/rules/Difi.no.xml
+++ b/src/chrome/content/rules/Difi.no.xml
@@ -54,7 +54,7 @@ Fetch error: http://stat.difi.no/ => https://stat.difi.no/: (6, 'Could not resol
 
 -->
 <!-- Norwegian National Directorate for Management and IT-Communication -->
-<ruleset name="Difi.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Difi.no (partial)" default_off="failed ruleset test">
 
 	<target host="difi.no" />
 	<target host="begrep.difi.no" />
@@ -78,7 +78,7 @@ Fetch error: http://stat.difi.no/ => https://stat.difi.no/: (6, 'Could not resol
 	<target host="verkty.difi.no" />
 	<target host="walter.difi.no" />
 	<target host="www.difi.no" />
-	
+
 		<!--	includeSubdomains applies to one level only, so:
 									-->
 		<exclusion pattern="^http://(?:[^./]+\.){2,}brukerprofil\.difi\.no/" />
diff --git a/src/chrome/content/rules/DigCoin.com.xml b/src/chrome/content/rules/DigCoin.com.xml
index dd0c2a14c0e6..e83cdf19588a 100644
--- a/src/chrome/content/rules/DigCoin.com.xml
+++ b/src/chrome/content/rules/DigCoin.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.digcoin.com/ => https://www.digcoin.com/: (7, 'Failed to
 		- digcoin.com
 
 -->
-<ruleset name="DigCoin.com" default_off='failed ruleset test'>
+<ruleset name="DigCoin.com" default_off="failed ruleset test">
 
 	<target host="digcoin.com" />
 	<target host="www.digcoin.com" />
diff --git a/src/chrome/content/rules/Digg.xml b/src/chrome/content/rules/Digg.xml
index 4739302d9462..bbc7607c8cab 100644
--- a/src/chrome/content/rules/Digg.xml
+++ b/src/chrome/content/rules/Digg.xml
@@ -1,33 +1,20 @@
 <!--
 	CDN buckets:
-
 		- d1ld5yzzwsuv6i.cloudfront.net
-
 			- static.digg.com
 
-
-	Nonfunctional subdomains:
-
-		- blog		(shows secure.static.tumblr.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- static
-		- widgets
+	Invalid certificate:
+		- blog.digg.com
 
 -->
-<ruleset name="Digg (partial)">
 
+<ruleset name="Digg (partial)" default_off="legacy Symantec certificate">
 	<target host="digg.com" />
-	<target host="*.digg.com" />
-
+	<target host="www.digg.com" />
+	<target host="static.digg.com" />
+	<target host="widgets.digg.com" />
 
 	<securecookie host="^\.?digg\.com$" name=".+" />
 
-
-	<rule from="^http://((?:static|widgets|www)\.)?digg\.com/"
-		to="https://$1digg.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digi-Key.xml b/src/chrome/content/rules/Digi-Key.xml
index 4b5211d4dcfe..3e3f5f9e69c3 100644
--- a/src/chrome/content/rules/Digi-Key.xml
+++ b/src/chrome/content/rules/Digi-Key.xml
@@ -35,7 +35,7 @@ Fetch error: http://punchouttest.digikey.de/ => https://punchouttest.digikey.de/
 			- punchouttest
 
 -->
-<ruleset name="Digi-Key (partial)" default_off='failed ruleset test'>
+<ruleset name="Digi-Key (partial)" default_off="failed ruleset test">
 
 	<target host="digikey.com" />
 	<target host="www.digikey.com" />
@@ -61,7 +61,7 @@ Fetch error: http://punchouttest.digikey.de/ => https://punchouttest.digikey.de/
 			These paths redirect to http:
 
 				- scripts/dksearch/dksus.dll
-							
+
 		exclusion pattern="^http://(www\.)?digikey\.(com|de)/(product-(detail|search)|scripts/dksearch)" /-->
 
 
diff --git a/src/chrome/content/rules/Digi.hu.xml b/src/chrome/content/rules/Digi.hu.xml
index 05076751f054..840c9ba9e961 100644
--- a/src/chrome/content/rules/Digi.hu.xml
+++ b/src/chrome/content/rules/Digi.hu.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ox.digi.hu/ => https://ox.digi.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Digi.hu" default_off='failed ruleset test'>
+<ruleset name="Digi.hu" default_off="failed ruleset test">
 	<target host="ugyfelkapu.digi.hu" />
 	<target host="webmail.digi.hu" />
 	<target host="ox.digi.hu" />
diff --git a/src/chrome/content/rules/Digia.xml b/src/chrome/content/rules/Digia.xml
index a5f3807fd288..2a736bef127b 100644
--- a/src/chrome/content/rules/Digia.xml
+++ b/src/chrome/content/rules/Digia.xml
@@ -17,16 +17,17 @@ Fetch error: http://blog.qt.digia.com/ => https://blog.qt.digia.com/: (51, "SSL:
 		- vousikertomus2011	(ditto)
 
 -->
-<ruleset name="Digia (partial)" default_off='failed ruleset test'>
+<ruleset name="Digia (partial)" default_off="failed ruleset test">
 
 	<target host="digia.com" />
-	<target host="*.digia.com" />
+	<target host="blog.qt.digia.com" />
+	<target host="qt.digia.com" />
+	<target host="www.digia.com" />
 
 
-	<securecookie host="^(?:.+\.)?digia\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(blog\.qt\.|qt\.|www\.)?digia\.com/"
-		to="https://$1digia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Digilinux.ru.xml b/src/chrome/content/rules/Digilinux.ru.xml
index 508bfbda0498..726d541ca34f 100644
--- a/src/chrome/content/rules/Digilinux.ru.xml
+++ b/src/chrome/content/rules/Digilinux.ru.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?digilinux\.ru/"
 		to="https://digilinux.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Digint.ch.xml b/src/chrome/content/rules/Digint.ch.xml
new file mode 100644
index 000000000000..d8d342d43101
--- /dev/null
+++ b/src/chrome/content/rules/Digint.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Digint.ch">
+	<target host="digint.ch" />
+	<target host="www.digint.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digiology.org.xml b/src/chrome/content/rules/Digiology.org.xml
new file mode 100644
index 000000000000..adc039eae700
--- /dev/null
+++ b/src/chrome/content/rules/Digiology.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- www
+
+	Self-signed:
+		- ftp
+		- mail
+		- ns
+		- tech
+-->
+<ruleset name="Digiology.org">
+	<target host="digiology.org" />
+	<target host="www.digiology.org" />
+	<target host="courses.digiology.org" />
+	<target host="music.digiology.org" />
+	<target host="r.digiology.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.digiology\.org/" to="https://digiology.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digital-River.xml b/src/chrome/content/rules/Digital-River.xml
index 25e634fea5fe..b1f8d035fb9a 100644
--- a/src/chrome/content/rules/Digital-River.xml
+++ b/src/chrome/content/rules/Digital-River.xml
@@ -6,7 +6,6 @@
 		- Element_5.xml
 		- Esellerate.net.xml
 		- Find_My_Order.com.xml
-		- Marketstudio.net.xml
 		- MyCommerce.xml
 		- Netflame.cc.xml
 		- Share_it.com.xml
@@ -15,13 +14,12 @@
 	Nonfunctional hosts in *digitalriver.com:
 
 		- info *
+    - corporate
 
-	* invalid certificate
+	* invalid certificate\
 
 
 	Partially covered hosts in *digitalriver.com:
-
-		- corporate	(pages redirect to http)
 		- info		(→ na-sj03.marketo.com)
 
 
@@ -60,29 +58,14 @@
 	<!--	Direct rewrites:
 					-->
 	<target host="digitalriver.com" />
-	<target host="*.cfspx.digitalriver.com" />
-	<target host="corporate.digitalriver.com" />
 	<target host="developers.digitalriver.com" />
 	<target host="gc.digitalriver.com" />
-	<target host="*.img.digitalriver.com" />
 	<target host="store.digitalriver.com" />
 	<target host="www.digitalriver.com" />
 
-		<!--	Pages redirect to http:
-						-->
-		<exclusion pattern="^http://corporate\.digitalriver\.com/(?!DRHM/)" />
-
-		<test url="http://corporate.digitalriver.com/store/wdau/ContentTheme/pbPage.contactus" />
-
-		<test url="http://drh.img.digitalriver.com/DRHM/Storefront/Site/findmyor/cm/images/Redesign2013/main_logo.png" />
-
-
-	<!--	not secured by server:
-					-->
+	<!--	not secured by server: -->
 	<!--securecookie host="^gc\.digitalriver\.com$" name="^BIGipServerp(-\w+){5}$" /-->
-
-	<!--	Tracking cookie:
-				-->
+	<!--	Tracking cookie: -->
 	<securecookie host="^\.digitalriver\.com$" name="^utag_\w+$" />
 
 	<securecookie host="^(?:\.?developers|gc|store)\.digitalriver\.com$" name=".+" />
diff --git a/src/chrome/content/rules/DigitalForensicsMagazine.xml b/src/chrome/content/rules/DigitalForensicsMagazine.xml
index 190402d7cd26..8837e7efebfe 100644
--- a/src/chrome/content/rules/DigitalForensicsMagazine.xml
+++ b/src/chrome/content/rules/DigitalForensicsMagazine.xml
@@ -19,7 +19,7 @@
 	<!--securecookie host="^digitalforensicsmagazine\.com$" name="^wordpress_test_cookie" /-->
 	<!--securecookie host="^(www\.)?digitalforensicsmagazine\.com$" name="^([0-9a-f]{32}|PHPSESSID)$" /-->
 
-	<securecookie host="^(?:.+\.)?digitalforensicsmagazine\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/DigitalOcean.com.xml b/src/chrome/content/rules/DigitalOcean.com.xml
new file mode 100644
index 000000000000..f3f86e2fdc0b
--- /dev/null
+++ b/src/chrome/content/rules/DigitalOcean.com.xml
@@ -0,0 +1,69 @@
+<!--
+	CORS issue:
+		- stickerseh.digitalocean.com
+
+	Connection refused:
+		- mirrors.digitalocean.com
+		- *.mirrors.digitalocean.com
+		- sysadminday.digitalocean.com
+
+	Invalid certificate:
+		- email.news.digitalocean.com
+		- pages.news.digitalocean.com
+
+	Server error:
+		- valentines.digitalocean.com
+
+	Wrong server:
+		- devkids.digitalocean.com
+
+	Insecure cookies are set for these domains and hosts:
+		- .digitalocean.com
+		- status.digitalocean.com
+-->
+<ruleset name="DigitalOcean.com">
+
+	<!-- Direct rewrites -->
+	<target host="digitalocean.com" />
+	<target host="www.digitalocean.com" />
+	<target host="api.digitalocean.com" />
+	<target host="assets.digitalocean.com" />
+	<target host="blog.digitalocean.com" />
+	<target host="cloud.digitalocean.com" />
+	<target host="cloudsupport.digitalocean.com" />
+	<target host="developers.digitalocean.com" />
+	<target host="go.digitalocean.com" />
+	<target host="hacktoberfest.digitalocean.com" />
+	<target host="status.digitalocean.com" />
+	<target host="stickers.digitalocean.com" />
+	<target host="store.digitalocean.com" />
+	<target host="try.digitalocean.com" />
+		<test url="http://try.digitalocean.com/performance/" />
+	<target host="writers.digitalocean.com" />
+
+	<!-- do.co -->
+	<target host="do.co" />
+	<target host="m.do.co" />
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.digitalocean\.com$" name="^(__cfduid|cf_clearance)$" /-->
+	<!--securecookie host="^status\.digitalocean\.com$" name="^_status_session$" /-->
+	<!--securecookie host="^status\.digitalocean\.com$" name="^_status_session$" /-->
+
+	<securecookie host="^(?!\.cloud\.)." name=".+" />
+
+	<!--
+		https://github.com/EFForg/https-everywhere/issues/3697
+
+		Securing this cookie breaks user sessions. Presumably a script attempts to read
+		it and sets another when it can't and eventually requests become bigger than the
+		server is configured to accept.
+
+		[note to the uninitiated: "(?!" means "not followed by"]
+											-->
+	<securecookie host="^\.cloud\." name="^(?!(?:[A-Z][a-z]{2}\ ){2}\d\d\ \d{4}\ \d\d:\d\d:\d\d\ [A-Z]{3}[+-]\d{4}\ \([\w\ ]+\)$)." />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Digital_Dollhouse.com.xml b/src/chrome/content/rules/Digital_Dollhouse.com.xml
index d0eb9767dcdf..224c50d2a9e8 100644
--- a/src/chrome/content/rules/Digital_Dollhouse.com.xml
+++ b/src/chrome/content/rules/Digital_Dollhouse.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.digitaldollhouse.com/ => https://www.digitaldollhouse.co
 	* Secured by us
 
 -->
-<ruleset name="Digital Dollhouse.com" default_off='failed ruleset test'>
+<ruleset name="Digital Dollhouse.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Digital_Ocean.com.xml b/src/chrome/content/rules/Digital_Ocean.com.xml
deleted file mode 100644
index 2e47bda8c3ae..000000000000
--- a/src/chrome/content/rules/Digital_Ocean.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .digitalocean.com
-		- status.digitalocean.com
-
--->
-<ruleset name="Digital Ocean.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="digitalocean.com" />
-	<target host="api.digitalocean.com" />
-	<target host="cloud.digitalocean.com" />
-	<target host="developers.digitalocean.com" />
-	<target host="status.digitalocean.com" />
-	<target host="www.digitalocean.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.digitalocean\.com$" name="^(__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^status\.digitalocean\.com$" name="^_status_session$" /-->
-	<!--securecookie host="^status\.digitalocean\.com$" name="^_status_session$" /-->
-
-	<securecookie host="^(?!\.cloud\.)." name=".+" />
-	<!--
-		https://github.com/EFForg/https-everywhere/issues/3697
-
-		e.g. "Wed Dec 30 2015 13:56:15 GMT-0500 (Eastern Standard Time)"
-
-		Securing this cookie breaks user sessions. Presumably a script attempts to read
-		it and sets another when it can't and eventually requests become bigger than the
-		server is configured to accept.
-
-		[note to the uninitiated: "(?!" means "not followed by"]
-											-->
-	<securecookie host="^\.cloud\." name="^(?!(?:[A-Z][a-z]{2}\ ){2}\d\d\ \d{4}\ \d\d:\d\d:\d\d\ [A-Z]{3}[+-]\d{4}\ \([\w\ ]+\)$)." />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Digital_Shelf_Space.xml b/src/chrome/content/rules/Digital_Shelf_Space.xml
index cfddc04cc11b..c1b044cbc8db 100644
--- a/src/chrome/content/rules/Digital_Shelf_Space.xml
+++ b/src/chrome/content/rules/Digital_Shelf_Space.xml
@@ -11,7 +11,7 @@ Fetch error: http://cdn.mypypeline.com/ => https://cdn.mypypeline.com/: (6, 'Cou
 	* Times out
 
 -->
-<ruleset name="Digital Shelf Space (partial)" default_off='failed ruleset test'>
+<ruleset name="Digital Shelf Space (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Digital_Trends.com.xml b/src/chrome/content/rules/Digital_Trends.com.xml
deleted file mode 100644
index fa716f311db6..000000000000
--- a/src/chrome/content/rules/Digital_Trends.com.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- wpc.B1E0.edgecastcdn.net/??B1E0/
-
-			- cdn[2-6]
-			- icdn[1-9]
-
-
-	Nonfunctional subdomains:
-
-		- icdn[1-7] *
-		- cdn3 *
-
-	* 404, edgecast
-
-
-	^: Server sends no certificate chain, see https://whatsmychaincert.com
-	www: edgecast
-
-
-	Mixed content:
-
-		- css from cdn3 ¹
-		- css from www ²
-
-		- Images from icdn[2-7] ¹
-
-	¹ Unsecurable <= 404
-	² Secured by us
-
--->
-<ruleset name="Digital Trends.com (partial)" platform="mixedcontent" default_off="expired, missing certificate chain">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="digitaltrends.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.digitaltrends.com" />
-
-
-	<rule from="^http://(?:www\.)?digitaltrends\.com/"
-		to="https://digitaltrends.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Digital_WPC.com.xml b/src/chrome/content/rules/Digital_WPC.com.xml
index 03fb08e3e4b0..802147e78ee2 100644
--- a/src/chrome/content/rules/Digital_WPC.com.xml
+++ b/src/chrome/content/rules/Digital_WPC.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://connect.digitalwpc.com/ => https://connect.digitalwpc.com/:
 	* Secured by us
 
 -->
-<ruleset name="digital WPC.com (partial)" default_off='failed ruleset test'>
+<ruleset name="digital WPC.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Digitaltrends.com.xml b/src/chrome/content/rules/Digitaltrends.com.xml
new file mode 100644
index 000000000000..685cff64c52a
--- /dev/null
+++ b/src/chrome/content/rules/Digitaltrends.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Timeout:
+		- shop
+-->
+<ruleset name="Digitaltrends.com">
+	<target host="digitaltrends.com" />
+	<target host="www.digitaltrends.com" />
+	<target host="cdn.digitaltrends.com" />
+	<target host="cdn1.digitaltrends.com" />
+	<target host="cdn2.digitaltrends.com" />
+	<target host="cdn3.digitaltrends.com" />
+	<target host="cdn4.digitaltrends.com" />
+	<target host="cdn5.digitaltrends.com" />
+	<target host="cdn6.digitaltrends.com" />
+	<target host="cdn7.digitaltrends.com" />
+	<target host="cdn8.digitaltrends.com" />
+	<target host="cdn9.digitaltrends.com" />
+	<target host="es.digitaltrends.com" />
+	<target host="icdn.digitaltrends.com" />
+	<target host="icdn1.digitaltrends.com" />
+	<target host="icdn2.digitaltrends.com" />
+	<target host="icdn3.digitaltrends.com" />
+	<target host="icdn4.digitaltrends.com" />
+	<target host="icdn5.digitaltrends.com" />
+	<target host="icdn6.digitaltrends.com" />
+	<target host="icdn7.digitaltrends.com" />
+	<target host="icdn8.digitaltrends.com" />
+	<target host="icdn9.digitaltrends.com" />
+
+	<test url="http://icdn.digitaltrends.com/image/seti_signalstospace_mem5-600x250-c.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digitaria.xml b/src/chrome/content/rules/Digitaria.xml
index 797cfefb9ca5..bc22178ec0c5 100644
--- a/src/chrome/content/rules/Digitaria.xml
+++ b/src/chrome/content/rules/Digitaria.xml
@@ -13,17 +13,15 @@ Fetch error: http://redmine.digitaria.com/ => https://redmine.digitaria.com/: (7
 <ruleset name="Digitaria (partial)">
 
 	<target host="redmine.digitaria.com" />
-	<target host="*.insightmgr.com" />
+	<target host="digi.insightmgr.com" />
+	<target host="www.insightmgr.com" />
 
 
 	<securecookie host="^redmine\.digitaria\.com$" name=".+" />
 	<securecookie host="^.+\.insightmgr\.com$" name=".+" />
 
 
-	<rule from="^http://redmine\.digitaria\.com/"
-		to="https://redmine.digitaria.com/" />
 
-	<rule from="^http://(digi|www)\.insightmgr\.com/"
-		to="https://$1.insightmgr.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Digitec.ch.xml b/src/chrome/content/rules/Digitec.ch.xml
deleted file mode 100644
index 801989ae5517..000000000000
--- a/src/chrome/content/rules/Digitec.ch.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Digitecgalaxus coverage, see Digitecgalaxus.ch.xml.
-
-	Mismatch:
-		- offline.digitec.ch
- -->
-<ruleset name="Digitec.ch">
-	<target host="digitec.ch" />
-	<target host="www.digitec.ch" />
-	<target host="mediaserver.digitec.ch" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/Digitecgalaxus.ch.xml b/src/chrome/content/rules/Digitecgalaxus.ch.xml
deleted file mode 100644
index 003e40ad3893..000000000000
--- a/src/chrome/content/rules/Digitecgalaxus.ch.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Other Digitecgalaxus rulesets:
-		- Digitec.ch.xml
-		- Galaxus.ch.xml
--->
-<ruleset name="Digitecgalaxus.ch">
-	<target host="digitecgalaxus.ch" />
-	<target host="www.digitecgalaxus.ch" />
-	<target host="erp.digitecgalaxus.ch" />
-	<target host="static.digitecgalaxus.ch" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Digium.xml b/src/chrome/content/rules/Digium.xml
index 805d84de8065..7c26fa01bd90 100644
--- a/src/chrome/content/rules/Digium.xml
+++ b/src/chrome/content/rules/Digium.xml
@@ -30,7 +30,9 @@
 <ruleset name="Digium.com (partial)">
 
 	<target host="digium.com" />
-	<target host="*.digium.com" />
+	<target host="login.digium.com" />
+	<target host="store.digium.com" />
+	<target host="www.digium.com" />
 
 		<!--
 			Redirects to http.
@@ -45,7 +47,6 @@
 	<rule from="^http://digium\.com/"
 		to="https://www.digium.com/" />
 
-	<rule from="^http://(login|store|www)\.digium\.com/"
-		to="https://$1.digium.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Digiweb-self-signed.xml b/src/chrome/content/rules/Digiweb-self-signed.xml
index 39cf0d3a5f9c..44f56b451489 100644
--- a/src/chrome/content/rules/Digiweb-self-signed.xml
+++ b/src/chrome/content/rules/Digiweb-self-signed.xml
@@ -4,9 +4,6 @@
 -->
 <ruleset name="Digiweb (self-signed)" default_off="expired, self-signed">
 
-	<target host="80.93.17.6" />
-	<target host="80.93.17.242" />
-	<target host="80.93.18.36" />
 	<!--	self-signed	-->
 	<target host="uweb2.host.ie" />
 	<target host="uweb3.host.ie" />
@@ -20,15 +17,6 @@
 	<securecookie host="^novweb\.novara\.ie$" name=".+" />
 
 
-	<rule from="^http://80\.93\.17\.6/webshell4($|/)"
-		to="https://uweb2.host.ie/webshell4$1" />
-
-	<rule from="^http://80\.93\.17\.242/webshell4($|/)"
-		to="https://uweb3.host.ie/webshell4$1" />
-
-	<rule from="^http://80\.93\.18\.36/webshell4($|/)"
-		to="https://novweb.novara.ie/webshell4$1" />
-
 	<rule from="^http://uweb([23])\.host\.ie/"
 		to="https://uweb$1.host.ie/" />
 
diff --git a/src/chrome/content/rules/Digiweb.xml b/src/chrome/content/rules/Digiweb.xml
index 6bffa190fb91..2f658d7d919c 100644
--- a/src/chrome/content/rules/Digiweb.xml
+++ b/src/chrome/content/rules/Digiweb.xml
@@ -34,7 +34,7 @@ Fetch error: http://ncm.novarait.com/ => https://ncm.novarait.com/: (7, 'Failed
 		- (www.)whoislookup.ie		(cert: novweb.novara.ie, self-signed; shows that domain's data)
 
 -->
-<ruleset name="Digiweb (partial)" default_off='failed ruleset test'>
+<ruleset name="Digiweb (partial)" default_off="failed ruleset test">
 
 	<target host="manage.hosting.digiweb.ie" />
 	<target host="secureorders.digiweb.ie" />
diff --git a/src/chrome/content/rules/Diigo.xml b/src/chrome/content/rules/Diigo.xml
index 15f1bf428d07..c929060161de 100644
--- a/src/chrome/content/rules/Diigo.xml
+++ b/src/chrome/content/rules/Diigo.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DilbertFiles.org.xml b/src/chrome/content/rules/DilbertFiles.org.xml
index 22bb4c7bf675..a805c1f968b5 100644
--- a/src/chrome/content/rules/DilbertFiles.org.xml
+++ b/src/chrome/content/rules/DilbertFiles.org.xml
@@ -14,7 +14,7 @@ Fetch error: http://secure.dilbertfiles.com/ => https://secure.dilbertfiles.com/
 		- Image on secure from www
 
 -->
-<ruleset name="DilbertFiles.org (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="DilbertFiles.org (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="secure.dilbertfiles.com" />
 
@@ -24,4 +24,4 @@ Fetch error: http://secure.dilbertfiles.com/ => https://secure.dilbertfiles.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dilcdn.com.xml b/src/chrome/content/rules/Dilcdn.com.xml
index cccba2003236..36a4f6051b0a 100644
--- a/src/chrome/content/rules/Dilcdn.com.xml
+++ b/src/chrome/content/rules/Dilcdn.com.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dillinger.io.xml b/src/chrome/content/rules/Dillinger.io.xml
new file mode 100644
index 000000000000..6aae15d3fb5b
--- /dev/null
+++ b/src/chrome/content/rules/Dillinger.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dillinger.io">
+	<target host="dillinger.io" />
+	<target host="www.dillinger.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dinahosting.pt.xml b/src/chrome/content/rules/Dinahosting.pt.xml
index faeecbc895aa..d3f378649861 100644
--- a/src/chrome/content/rules/Dinahosting.pt.xml
+++ b/src/chrome/content/rules/Dinahosting.pt.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.dinahosting.pt/ => https://dinahosting.pt/: (51, "SSL: n
 		- .dinahosting.pt
 
 -->
-<ruleset name="dinahosting.pt" default_off='failed ruleset test'>
+<ruleset name="dinahosting.pt" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Direct-Marketing-Association.xml b/src/chrome/content/rules/Direct-Marketing-Association.xml
index fd63408a5441..90db3de74ff5 100644
--- a/src/chrome/content/rules/Direct-Marketing-Association.xml
+++ b/src/chrome/content/rules/Direct-Marketing-Association.xml
@@ -3,7 +3,7 @@
 	<target host="dma.org.uk" />
 	<target host="www.dma.org.uk" />
 
-	<securecookie host="^(?:.*\.)?dma\.org\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/DirectActionEverywhere.com.xml b/src/chrome/content/rules/DirectActionEverywhere.com.xml
index 0eabacd929e2..8a84f8fa590e 100644
--- a/src/chrome/content/rules/DirectActionEverywhere.com.xml
+++ b/src/chrome/content/rules/DirectActionEverywhere.com.xml
@@ -22,7 +22,7 @@
 	<rule from="^http://directactioneverywhere\.com/"
 		to="https://www.directactioneverywhere.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DirectAdvert.ru.xml b/src/chrome/content/rules/DirectAdvert.ru.xml
index d5a0b9abcebe..dbe10d495d40 100644
--- a/src/chrome/content/rules/DirectAdvert.ru.xml
+++ b/src/chrome/content/rules/DirectAdvert.ru.xml
@@ -26,7 +26,7 @@ Fetch error: http://directadvert.ru/ => https://directadvert.ru/: (51, "SSL: no
 	² Secured by us
 
 -->
-<ruleset name="DirectAdvert.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="DirectAdvert.ru (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Direct_Line.com.xml b/src/chrome/content/rules/Direct_Line.com.xml
index dc28b1042ed6..a92e1471112f 100644
--- a/src/chrome/content/rules/Direct_Line.com.xml
+++ b/src/chrome/content/rules/Direct_Line.com.xml
@@ -25,10 +25,13 @@ Fetch error: http://directline.com/ => https://uk3.directline.com/: (28, 'Resolv
 	² → directline.metafaq.com
 
 -->
-<ruleset name="Direct Line.com" default_off='failed ruleset test'>
+<ruleset name="Direct Line.com" default_off="failed ruleset test">
 
 	<target host="directline.com" />
-	<target host="*.directline.com" />
+	<target host="uk3.directline.com" />
+	<target host="www.directline.com" />
+	<target host="amendsonline.directline.com" />
+	<target host="faq.directline.com" />
 	<target host="directline.metafaq.com" />
 
 
@@ -41,10 +44,9 @@ Fetch error: http://directline.com/ => https://uk3.directline.com/: (28, 'Resolv
 	<rule from="^http://(?:uk3\.|www\.)?directline\.com/"
 		to="https://uk3.directline.com/" />
 
-	<rule from="^http://amendsonline\.directline\.com/"
-		to="https://amendsonline.directline.com/" />
 
 	<rule from="^http://(?:faq\.directline|directline\.metafaq)\.com/"
 		to="https://directline.metafaq.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Direct_Mail_Mac.com.xml b/src/chrome/content/rules/Direct_Mail_Mac.com.xml
index 0a28770ca58f..8e7da96244db 100644
--- a/src/chrome/content/rules/Direct_Mail_Mac.com.xml
+++ b/src/chrome/content/rules/Direct_Mail_Mac.com.xml
@@ -27,7 +27,6 @@
 		<test url="http://four.cdn.directmailmac.com/images/compose_icon@2x.png" />
 
 
-	<rule from="^http://four\.cdn\.directmailmac\.com/"
-		to="https://d39okwd0art5yj.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Directbox.xml b/src/chrome/content/rules/Directbox.xml
index aa4a16d83f1d..d47f3ba302d6 100644
--- a/src/chrome/content/rules/Directbox.xml
+++ b/src/chrome/content/rules/Directbox.xml
@@ -39,4 +39,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset> 
+</ruleset>
diff --git a/src/chrome/content/rules/Directgov-mismatches.xml b/src/chrome/content/rules/Directgov-mismatches.xml
index cf6c4be5257b..465901a30d3e 100644
--- a/src/chrome/content/rules/Directgov-mismatches.xml
+++ b/src/chrome/content/rules/Directgov-mismatches.xml
@@ -7,7 +7,7 @@
 	<!--	cert: Parallels Panel	-->
 	<target host="ico.jobs" />
 	<target host="www.ico.jobs" />
-	<target host="www.northdown.gov.uk" />	
+	<target host="www.northdown.gov.uk" />
 
 	<rule from="^http://epetitions\.direct\.gov\.uk/(images/|javascripts/|stylesheets/)"
 		to="https://epetitions.direct.gov.uk/$1" />
diff --git a/src/chrome/content/rules/Directgov.xml b/src/chrome/content/rules/Directgov.xml
index f2209e4a15c1..5d2647679d25 100644
--- a/src/chrome/content/rules/Directgov.xml
+++ b/src/chrome/content/rules/Directgov.xml
@@ -29,7 +29,7 @@ Fetch error: http://www.nationalcareersservice.direct.gov.uk/ => https://www.nat
 		- nationalcareersservice.direct.gov.uk
 
 -->
-<ruleset name="Direct.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Direct.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DirectoryOpus.xml b/src/chrome/content/rules/DirectoryOpus.xml
index 4447de8524e4..f11f74f4442b 100644
--- a/src/chrome/content/rules/DirectoryOpus.xml
+++ b/src/chrome/content/rules/DirectoryOpus.xml
@@ -1,7 +1,7 @@
 <ruleset name="Directory Opus">
         <target host="www.gpsoft.com.au" />
         <target host="resource.dopus.com" />
-		
+
 
         <rule from="^http:"
                 to="https:" />
diff --git a/src/chrome/content/rules/Directorystore.com.xml b/src/chrome/content/rules/Directorystore.com.xml
index 9981804e625b..d06a12a0cfd4 100644
--- a/src/chrome/content/rules/Directorystore.com.xml
+++ b/src/chrome/content/rules/Directorystore.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.directorystore.com/ => https://www.directorystore.com/:
 		- www.directorystore.com
 
 -->
-<ruleset name="Directorystore.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Directorystore.com (partial)" default_off="failed ruleset test">
 
         <target host="directorystore.com"/>
         <target host="www.directorystore.com"/>
diff --git a/src/chrome/content/rules/Dirty.ru.xml b/src/chrome/content/rules/Dirty.ru.xml
index a977b45ff9b3..ab9a05f2a7e9 100644
--- a/src/chrome/content/rules/Dirty.ru.xml
+++ b/src/chrome/content/rules/Dirty.ru.xml
@@ -6,7 +6,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="dirty.ru" default_off="missing certificate chain">
+<ruleset name="dirty.ru" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dirxion.xml b/src/chrome/content/rules/Dirxion.xml
index b46f11a24195..24fe7dc8dfa7 100644
--- a/src/chrome/content/rules/Dirxion.xml
+++ b/src/chrome/content/rules/Dirxion.xml
@@ -5,7 +5,8 @@
 <ruleset name="Dirxion">
 
 	<target host="dirxion.com" />
-	<target host="*.dirxion.com" />
+	<target host="www.dirxion.com" />
+	<target host="blogs.dirxion.com" />
 
 
 	<securecookie host="^.*\.dirxion\.com$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?dirxion\.com/"
 		to="https://www.dirxion.com/" />
 
-	<rule from="^http://blogs\.dirxion\.com/"
-		to="https://blogs.dirxion.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DisabledGo.com.xml b/src/chrome/content/rules/DisabledGo.com.xml
index 0118425b0bba..cf26096badfa 100644
--- a/src/chrome/content/rules/DisabledGo.com.xml
+++ b/src/chrome/content/rules/DisabledGo.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://disabledgo.com/ => https://disabledgo.com/: Cycle detected -
 	* Secured by us
 
 -->
-<ruleset name="DisabledGo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="DisabledGo.com (partial)" default_off="failed ruleset test">
 
 	<target host="disabledgo.com" />
 	<target host="www.disabledgo.com" />
diff --git a/src/chrome/content/rules/Disc-soft.com.xml b/src/chrome/content/rules/Disc-soft.com.xml
index 8112c6ef12e9..1a5685577b47 100644
--- a/src/chrome/content/rules/Disc-soft.com.xml
+++ b/src/chrome/content/rules/Disc-soft.com.xml
@@ -3,7 +3,7 @@
   <target host="disc-soft.com"/>
   <target host="www.disc-soft.com"/>
   <target host="img.disc-soft.com"/>
-  
+
   <rule from="^http://(secure|img)\.disc-soft\.com/" to="https://$1.disc-soft.com/"/>
   <rule from="^http://(?:www\.)?disc-soft\.com/" to="https://www.disc-soft.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/DiscountTheatre.xml b/src/chrome/content/rules/DiscountTheatre.xml
deleted file mode 100644
index ec21e2b8ea8a..000000000000
--- a/src/chrome/content/rules/DiscountTheatre.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="DiscountTheatre.com">
-
-	<target host="discounttheatre.com" />
-	<target host="www.discounttheatre.com" />
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://(?:www\.)?discounttheatre\.com/"
-		to="https://www.discounttheatre.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Discourse.org.xml b/src/chrome/content/rules/Discourse.org.xml
index 5491d2892fe2..f6b714342d52 100644
--- a/src/chrome/content/rules/Discourse.org.xml
+++ b/src/chrome/content/rules/Discourse.org.xml
@@ -12,9 +12,9 @@
 
 	¹ Redirects to http, valid cert
 	² Refused
-	
+
 	Cloudflare SSL:
-	
+
 		- $
 		- www
 		- blog
diff --git a/src/chrome/content/rules/Discover_Merchants.com.xml b/src/chrome/content/rules/Discover_Merchants.com.xml
index f5c871c2a115..a85261c16bc0 100644
--- a/src/chrome/content/rules/Discover_Merchants.com.xml
+++ b/src/chrome/content/rules/Discover_Merchants.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.discovermerchants.com/ => https://www.discovermerchants.
 	For other Discover coverage, see Discover.com.xml
 
 -->
-<ruleset name="Discover Merchants.com" default_off='failed ruleset test'>
+<ruleset name="Discover Merchants.com" default_off="failed ruleset test">
 
 	<target host="discovermerchants.com" />
 	<target host="www.discovermerchants.com" />
diff --git a/src/chrome/content/rules/Discover_Signage.com.xml b/src/chrome/content/rules/Discover_Signage.com.xml
index 4f1859d39e16..bdd35dcbaf3e 100644
--- a/src/chrome/content/rules/Discover_Signage.com.xml
+++ b/src/chrome/content/rules/Discover_Signage.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.discoversignage.com/ => https://www.discoversignage.com/
 	For other Discover coverage, see Discover.com.xml
 
 -->
-<ruleset name="Discover Signage.com" default_off='failed ruleset test'>
+<ruleset name="Discover Signage.com" default_off="failed ruleset test">
 
 	<target host="discoversignage.com" />
 	<target host="www.discoversignage.com" />
diff --git a/src/chrome/content/rules/Discovery-Communications.xml b/src/chrome/content/rules/Discovery-Communications.xml
index 2ff132e8779e..916a00a5f8b7 100644
--- a/src/chrome/content/rules/Discovery-Communications.xml
+++ b/src/chrome/content/rules/Discovery-Communications.xml
@@ -85,7 +85,7 @@ Fetch error: http://store.discovery.com/ => https://securestore.discovery.com/:
 	¹ Rule not enabled by default <= mismatched
 
 -->
-<ruleset name="Discovery.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Discovery.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Discovery.org.xml b/src/chrome/content/rules/Discovery.org.xml
index f36b2d6ff76c..a11f49cd9de8 100644
--- a/src/chrome/content/rules/Discovery.org.xml
+++ b/src/chrome/content/rules/Discovery.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://discovery.org/ => https://discovery.org/: Too many redirects
 	* Secured by us
 
 -->
-<ruleset name="Discovery.org" default_off='failed ruleset test'>
+<ruleset name="Discovery.org" default_off="failed ruleset test">
 
 	<target host="discovery.org" />
 	<target host="www.discovery.org" />
diff --git a/src/chrome/content/rules/DiskCryptor.net.xml b/src/chrome/content/rules/DiskCryptor.net.xml
deleted file mode 100644
index 3eb3380d85d5..000000000000
--- a/src/chrome/content/rules/DiskCryptor.net.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- diskcryptor.net
-		- www.diskcryptor.net
-
--->
-<ruleset name="DiskCryptor.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="diskcryptor.net" />
-	<target host="www.diskcryptor.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?diskcryptor\.net$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?diskcryptor\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Diskusjon.no.xml b/src/chrome/content/rules/Diskusjon.no.xml
new file mode 100644
index 000000000000..0cd4313020f7
--- /dev/null
+++ b/src/chrome/content/rules/Diskusjon.no.xml
@@ -0,0 +1,7 @@
+<ruleset name="Diskusjon.no">
+	<target host="diskusjon.no" />
+	<target host="www.diskusjon.no" />
+	<target host="wiki.diskusjon.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Diskusjon.xml b/src/chrome/content/rules/Diskusjon.xml
deleted file mode 100644
index 8a7643e90d33..000000000000
--- a/src/chrome/content/rules/Diskusjon.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Diskusjon" platform="mixedcontent">
-  <target host="diskusjon.no" />
-  <target host="www.diskusjon.no" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/Disney.co.jp.xml b/src/chrome/content/rules/Disney.co.jp.xml
index fb84b370d66e..8c05b76a8b2b 100644
--- a/src/chrome/content/rules/Disney.co.jp.xml
+++ b/src/chrome/content/rules/Disney.co.jp.xml
@@ -1,23 +1,56 @@
 <!--
 	For other Disney coverage, see Disney_International.com.xml.
 
-
-	CDN buckets:
-
-		- www.disney.co.jp.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(503, akamai)
-
+	Non-functional hosts
+		Incomplete certificate chain:
+		- disney.co.jp
+
+		SSL peer certificate was not OK:
+		- common-lib.disney.co.jp
+		- dp.dsp.disney.co.jp
+		- event3.dsp.disney.co.jp
+		- event5.dsp.disney.co.jp
+		- pass.dsp.disney.co.jp
+		- maintenance.disney.co.jp
+
+		Status code mismatch:
+		- event6-dsp.disney.co.jp
+
+		4xx client error:
+		- find.disney.co.jp
+		- secure.disney.co.jp
+
+		5xx server error:
+		- staging.sslib-admin.disney.co.jp
 -->
 <ruleset name="Disney.co.jp (partial)">
-
-	<target host="secure.disney.co.jp" />
-
+	<target host="disney.co.jp" />
+	<target host="www.disney.co.jp" />
+	<target host="cpn.disney.co.jp" />
+	<target host="dcpshowroom.disney.co.jp" />
+	<target host="deluxe.disney.co.jp" />
+	<target host="disneypass.disney.co.jp" />
+	<target host="dlife.disney.co.jp" />
+	<target host="vod.dlife.disney.co.jp" />
+	<target host="dlife-catchup.disney.co.jp" />
+	<target host="dlog.disney.co.jp" />
+	<target host="cp.dsp.disney.co.jp" />
+	<target host="dvcmember.disney.co.jp" />
+	<target host="dx-cmp.disney.co.jp" />
+	<target host="id.disney.co.jp" />
+	<target host="kids.disney.co.jp" />
+	<target host="marvel.disney.co.jp" />
+	<target host="oneidnx.disney.co.jp" />
+	<target host="origin.disney.co.jp" />
+	<target host="secured.disney.co.jp" />
+	<target host="sp-magazine.disney.co.jp" />
+	<target host="ssreg.disney.co.jp" />
+	<target host="starwars.disney.co.jp" />
+	<target host="store.disney.co.jp" />
+	<target host="theater.disney.co.jp" />
+
+	<rule from="^http://disney\.co\.jp/"
+		to="https://www.disney.co.jp/" />
 
 	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Disney_International.com.xml b/src/chrome/content/rules/Disney_International.com.xml
index 62c21bce2d06..09f44ce5fca3 100644
--- a/src/chrome/content/rules/Disney_International.com.xml
+++ b/src/chrome/content/rules/Disney_International.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Disney rulesets:
 
-		- Aulani.jobs.xml
 		- Dilcdn.com.xml
 		- Disney.co.jp.xml
 
diff --git a/src/chrome/content/rules/Dispenser.tf.xml b/src/chrome/content/rules/Dispenser.tf.xml
index 0155f74b5b0a..04a4765fc592 100644
--- a/src/chrome/content/rules/Dispenser.tf.xml
+++ b/src/chrome/content/rules/Dispenser.tf.xml
@@ -1,5 +1,5 @@
 <!--
-  Note: www.dispenser.tf serves a 400 on both HTTP and HTTPS.     
+  Note: www.dispenser.tf serves a 400 on both HTTP and HTTPS.
 -->
 <ruleset name="Dispenser.tf">
   <target host="dispenser.tf" />
diff --git a/src/chrome/content/rules/Displaymarketplace.com.xml b/src/chrome/content/rules/Displaymarketplace.com.xml
deleted file mode 100644
index 0c6246161258..000000000000
--- a/src/chrome/content/rules/Displaymarketplace.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other PulsePoint coverage, see PulsePoint.xml
-
-
-	CDN buckets:
-
-		- aperture.displaymarketplace.com.edgesuite.net
-		- edge.aperture.displaymarketplace.com.edgesuite.net
-
-
-	Problematic domains:
-
-		- aperture.displaymarketplace.com	(akamai)
-		- edge.aperture.displaymarketplace.com *
-
-	* Akamai
-
--->
-<ruleset name="displaymarketplace.com (partial)">
-
-	<target host="*.displaymarketplace.com" />
-
-
-	<rule from="^http://(?:edge\.|secure\.)?aperture\.displaymarketplace\.com/"
-		to="https://secure.aperture.displaymarketplace.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Distil.xml b/src/chrome/content/rules/Distil.xml
deleted file mode 100644
index 3dbf86b79cea..000000000000
--- a/src/chrome/content/rules/Distil.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Distil_Networks coverage, see Distil_Networks.com.xml.
-
--->
-<ruleset name="Distil.it">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="distil.it" />
-	<target host="portal.distil.it" />
-	<target host="www.distil.it" />
-
-
-	<securecookie host="^portal\.distil\.it$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Distil_Networks.com.xml b/src/chrome/content/rules/Distil_Networks.com.xml
index 0a3210b157ff..a8d9b7ce7455 100644
--- a/src/chrome/content/rules/Distil_Networks.com.xml
+++ b/src/chrome/content/rules/Distil_Networks.com.xml
@@ -5,13 +5,12 @@ Fetch error: http://support.distilnetworks.com/ => https://support.distilnetwork
 
 	Other Distil Networks rulesets:
 
-		- Distil.xml
 
 
 	(www.)?distilnetworks.com: Redirects to http
 
 -->
-<ruleset name="Distil Networks.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Distil Networks.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Distraction.gov.xml b/src/chrome/content/rules/Distraction.gov.xml
deleted file mode 100644
index 53409fbb7b93..000000000000
--- a/src/chrome/content/rules/Distraction.gov.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Distraction.gov">
-	<target host="distraction.gov" />
-	<target host="www.distraction.gov" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Distributed.net.xml b/src/chrome/content/rules/Distributed.net.xml
index e7a4df85b746..52ecf1291eec 100644
--- a/src/chrome/content/rules/Distributed.net.xml
+++ b/src/chrome/content/rules/Distributed.net.xml
@@ -11,11 +11,11 @@
 <ruleset name="distributed.net">
 	<target host="distributed.net" />
 	<target host="www.distributed.net" />
-	<target host="stats.distributed.net" />
 	<target host="blogs.distributed.net" />
 	<target host="bugs.distributed.net" />
 	<target host="cgi.distributed.net" />
 	<target host="faq.distributed.net" />
+	<target host="stats.distributed.net" />
 
 	<rule from="^http:"
 			to="https:" />
diff --git a/src/chrome/content/rules/Dittdistrikt.xml b/src/chrome/content/rules/Dittdistrikt.xml
index cd0c51f693e0..852aca9e970d 100644
--- a/src/chrome/content/rules/Dittdistrikt.xml
+++ b/src/chrome/content/rules/Dittdistrikt.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dittdistrikt.no/ => https://www.dittdistrikt.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.dittdistrikt.no/ => https://www.dittdistrikt.no/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Ditt Distrikt" default_off='failed ruleset test'>
+<ruleset name="Ditt Distrikt" default_off="failed ruleset test">
   <target host="dittdistrikt.no" />
   <target host="www.dittdistrikt.no" />
 
diff --git a/src/chrome/content/rules/Divide.xml b/src/chrome/content/rules/Divide.xml
index d0ca5dfec421..346ca626ba5d 100644
--- a/src/chrome/content/rules/Divide.xml
+++ b/src/chrome/content/rules/Divide.xml
@@ -21,7 +21,11 @@
 -->
 <ruleset name="Divide (partial)">
 
-	<target host="*.divide.com" />
+	<target host="api.divide.com" />
+	<target host="get.divide.com" />
+	<target host="my.divide.com" />
+	<target host="blog.divide.com" />
+	<target host="support.divide.com" />
 
 
 	<rule from="^http://(api|get|my)\.divide\.com/"
@@ -33,4 +37,4 @@
 	<rule from="^http://support\.divide\.com/(generated|system)/"
 		to="https://assets.zendesk.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Divipay.com.xml b/src/chrome/content/rules/Divipay.com.xml
new file mode 100644
index 000000000000..3ee2665afb87
--- /dev/null
+++ b/src/chrome/content/rules/Divipay.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional subdomains:
+		- vip	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Divipay">
+
+	<target host="divipay.com" />
+	<target host="www.divipay.com" />
+	<target host="api.divipay.com" />
+	<target host="dev.app-api.divipay.com" />
+	<target host="secure.divipay.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Divshot.xml b/src/chrome/content/rules/Divshot.xml
index 868469e0fcd9..6498e4ecfb65 100644
--- a/src/chrome/content/rules/Divshot.xml
+++ b/src/chrome/content/rules/Divshot.xml
@@ -9,16 +9,14 @@
 <ruleset name="Divshot">
 
 	<target host="divshot.com" />
-	<target host="*.divshot.com" />
+	<target host="app.divshot.com" />
+	<target host="www.divshot.com" />
+	<target host="a1.divshot.com" />
 
 
 	<securecookie host="^\.divshot\.com$" name=".+" />
 
 
-	<rule from="^http://(app\.|www\.)?divshot\.com/"
-		to="https://$1divshot.com/" />
-
-	<rule from="^http://a1\.divshot\.com/"
-		to="https://djyhxgczejc94.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Diwi.org.xml b/src/chrome/content/rules/Diwi.org.xml
index 42d12d2cb319..ce56dac600da 100644
--- a/src/chrome/content/rules/Diwi.org.xml
+++ b/src/chrome/content/rules/Diwi.org.xml
@@ -19,13 +19,16 @@
 -->
 <ruleset name="diwi.org (partial)" default_off="self-signed">
 
-	<target host="*.diwi.org" />
+	<target host="adn.diwi.org" />
+	<target host="fox.diwi.org" />
+	<target host="schmeuf.diwi.org" />
+	<target host="titus.diwi.org" />
+	<target host="zorglub.diwi.org" />
 
 
 	<securecookie host="^titus\.diwi\.org$" name=".+" />
 
 
-	<rule from="^http://(adn|fox|schmeuf|titus|zorglub)\.diwi\.org/"
-		to="https://$1.diwi.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dizaineriai.lt.xml b/src/chrome/content/rules/Dizaineriai.lt.xml
index f57194f821b4..d45f4848234b 100644
--- a/src/chrome/content/rules/Dizaineriai.lt.xml
+++ b/src/chrome/content/rules/Dizaineriai.lt.xml
@@ -1,7 +1,7 @@
 <ruleset name="Dizaineriai.lt">
 	<target host="dizaineriai.lt" />
 	<target host="www.dizaineriai.lt" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DjurRattsAlliansen.se.xml b/src/chrome/content/rules/DjurRattsAlliansen.se.xml
index 9f07b6bcd798..5acd46223783 100644
--- a/src/chrome/content/rules/DjurRattsAlliansen.se.xml
+++ b/src/chrome/content/rules/DjurRattsAlliansen.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.djurrattsalliansen.se/ => https://djurrattsalliansen.se/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://djurrattsalliansen.se/ => https://djurrattsalliansen.se/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="DjurRattsAlliansen.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="DjurRattsAlliansen.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.djurrattsalliansen.se" />
   <target host="djurrattsalliansen.se" />
   <rule from="^http://www\.djurrattsalliansen\.se/" to="https://djurrattsalliansen.se/"/>
diff --git a/src/chrome/content/rules/Dlisted.com.xml b/src/chrome/content/rules/Dlisted.com.xml
index 161765999e53..38f12d94b739 100644
--- a/src/chrome/content/rules/Dlisted.com.xml
+++ b/src/chrome/content/rules/Dlisted.com.xml
@@ -29,7 +29,8 @@
 <ruleset name="Dlisted.com" default_off="mismatched, self-signed">
 
 	<target host="dlisted.com" />
-	<target host="*.dlisted.com" />
+	<target host="i.dlisted.com" />
+	<target host="www.dlisted.com" />
 
 
 	<rule from="^http://(?:i\.|www\.)?dlisted\.com/"
diff --git a/src/chrome/content/rules/Dmg_media.xml b/src/chrome/content/rules/Dmg_media.xml
index 5165877ccb44..4b4fb37fe140 100644
--- a/src/chrome/content/rules/Dmg_media.xml
+++ b/src/chrome/content/rules/Dmg_media.xml
@@ -17,7 +17,7 @@
 -->
 <ruleset name="dmg media (partial)">
 
-	<target host="*.and.co.uk" />
+	<target host="wa.and.co.uk" />
 
 
 	<!--	Omniture cookie:
@@ -28,4 +28,4 @@
 	<rule from="^http://wa\.and\.co\.uk/"
 		to="https://and-co-uk.122.2o7.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dmm.co.jp.xml b/src/chrome/content/rules/Dmm.co.jp.xml
new file mode 100644
index 000000000000..943be360429c
--- /dev/null
+++ b/src/chrome/content/rules/Dmm.co.jp.xml
@@ -0,0 +1,13 @@
+<ruleset name="Dmm.co.jp">
+	<target host="dmm.co.jp" />
+	<target host="www.dmm.co.jp" />
+	<target host="avatar-contents.dmm.co.jp" />
+	<target host="display.dmm.co.jp" />
+	<target host="games.dmm.co.jp" />
+	<target host="pics.dmm.co.jp" />
+	<target host="p.dmm.co.jp" />
+
+	<rule from="^http://dmm\.co\.jp/"
+		to="https://www.dmm.co.jp/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dmm.com.xml b/src/chrome/content/rules/Dmm.com.xml
new file mode 100644
index 000000000000..b3005e5e3bc8
--- /dev/null
+++ b/src/chrome/content/rules/Dmm.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Dmm.com">
+	<target host="dmm.com" />
+	<target host="www.dmm.com" />
+	<target host="avatar-contents.dmm.com" />
+	<target host="img-freegames.dmm.com" />
+	<target host="p.dmm.com" />
+	<target host="pics.dmm.com" />
+	<target host="rcv.ixd.dmm.com" />
+	<target host="stat.i3.dmm.com" />
+	<target host="trac.i3.dmm.com" />
+
+	<rule from="^http://dmm\.com/"
+		to="https://www.dmm.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dmoz.org.xml b/src/chrome/content/rules/Dmoz.org.xml
index 14f3a6d8122c..18582bcd6dde 100644
--- a/src/chrome/content/rules/Dmoz.org.xml
+++ b/src/chrome/content/rules/Dmoz.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://dmoz.org/ => https://www.dmoz.org/: (28, 'Connection timed o
 Fetch error: http://www.dmoz.org/ => https://www.dmoz.org/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Dmoz.org" default_off='failed ruleset test'>
+<ruleset name="Dmoz.org" default_off="failed ruleset test">
   <target host="dmoz.org" />
   <target host="www.dmoz.org" />
 
diff --git a/src/chrome/content/rules/Dmri-library.com.xml b/src/chrome/content/rules/Dmri-library.com.xml
index 0a0ba48091f5..084668570acc 100644
--- a/src/chrome/content/rules/Dmri-library.com.xml
+++ b/src/chrome/content/rules/Dmri-library.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://c\d\.dmri-library\.com/"
 		to="https://dmri.cachefly.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dnsexit.xml b/src/chrome/content/rules/Dnsexit.xml
index 1057b5f144f4..4b56b4ca87c6 100644
--- a/src/chrome/content/rules/Dnsexit.xml
+++ b/src/chrome/content/rules/Dnsexit.xml
@@ -1,8 +1,8 @@
 <ruleset name="Dnsexit">
 	<target host="www.dnsexit.com" />
 	<target host="dnsexit.com" />
-	
-	<securecookie host="^(?:.*\.)?dnsexit\.com$" name=".+" />
-	
+
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dntly.com.xml b/src/chrome/content/rules/Dntly.com.xml
index 07f3c90934d6..fa5bbe6dbdeb 100644
--- a/src/chrome/content/rules/Dntly.com.xml
+++ b/src/chrome/content/rules/Dntly.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://dntly.com/ => https://dntly.com/: (28, 'Connection timed out
 	* Secured by us
 
 -->
-<ruleset name="Dntly.com" default_off='failed ruleset test'>
+<ruleset name="Dntly.com" default_off="failed ruleset test">
 
 	<target host="dntly.com" />
 	<target host="mygenerositywater.dntly.com" />
diff --git a/src/chrome/content/rules/DoNotCallRegister.xml b/src/chrome/content/rules/DoNotCallRegister.xml
index bea2247eeeea..74e3cda68571 100644
--- a/src/chrome/content/rules/DoNotCallRegister.xml
+++ b/src/chrome/content/rules/DoNotCallRegister.xml
@@ -1,7 +1,7 @@
 <ruleset name="Do Not Call Register">
 	<target host="donotcall.gov.au" />
-	<target host="*.donotcall.gov.au" />
+	<target host="www.donotcall.gov.au" />
 
 	<rule from="^http://(?:www\.)?donotcall\.gov\.au/"
 		to="https://www.donotcall.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Do_Not_Track-doc.com.xml b/src/chrome/content/rules/Do_Not_Track-doc.com.xml
deleted file mode 100644
index f137e28e7d93..000000000000
--- a/src/chrome/content/rules/Do_Not_Track-doc.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid Certificate:
-		www.donottrack-doc.com
--->
-<ruleset name="Do Not Track-doc.com" >
-	<target host="donottrack-doc.com" />
-	<target host="www.donottrack-doc.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.donottrack-doc\.com/" to="https://donottrack-doc.com/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Doarama.com.xml b/src/chrome/content/rules/Doarama.com.xml
new file mode 100644
index 000000000000..745c092779f5
--- /dev/null
+++ b/src/chrome/content/rules/Doarama.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Time out:
+		www.doarama.com
+
+	No working URL known:
+		media.doarama.com
+		tracks.doarama.com
+		v2.doarama.com
+
+-->
+<ruleset name="Doarama.com">
+
+	<target host="doarama.com" />
+	<target host="www.doarama.com" />
+	<target host="api.doarama.com" />
+	<target host="blog.doarama.com" />
+	<target host="cesium.doarama.com" />
+		<test url="http://cesium.doarama.com/d8ff5d7-51BB56/cesiumBundle.js" />
+	<target host="embed.doarama.com" />
+
+	<rule from="^http://www\.doarama\.com/"
+		to="https://doarama.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/DocSend.com.xml b/src/chrome/content/rules/DocSend.com.xml
deleted file mode 100644
index b9281b83fbc5..000000000000
--- a/src/chrome/content/rules/DocSend.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Fully covered hosts in *docsend.com:
-
-		- (www.)?
-		- blog
-
-
-	Insecure cookies are set for these hosts:
-
-		- blog.docsend.com
-
--->
-<ruleset name="DocSend.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="docsend.com" />
-	<target host="blog.docsend.com" />
-	<target host="www.docsend.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^blog\.docsend\.com$" name="^_silvrback_session$" /-->
-
-	<securecookie host="^blog\.docsend\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Docelu.pl-problematic.xml b/src/chrome/content/rules/Docelu.pl-problematic.xml
index bdf5952d1273..8400fd756da2 100644
--- a/src/chrome/content/rules/Docelu.pl-problematic.xml
+++ b/src/chrome/content/rules/Docelu.pl-problematic.xml
@@ -7,13 +7,14 @@
 -->
 <ruleset name="docelu.pl (problematic)" default_off="mismatched" platform="mixedcontent">
 
-	<target host="*.docelu.pl" />
+	<target host="imprezy.docelu.pl" />
+	<target host="rozklady.docelu.pl" />
+	<target host="zdjecia.docelu.pl" />
 
 
 	<securecookie host="^(?:imprezy|rozklady|zdjecia)?\.docelu\.pl$" name=".+" />
 
 
-	<rule from="^http://(imprezy|rozklady|zdjecia)\.docelu\.pl/"
-		to="https://$1.docelu.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Docelu.pl.xml b/src/chrome/content/rules/Docelu.pl.xml
index 6cf5c282b123..1de9630069cd 100644
--- a/src/chrome/content/rules/Docelu.pl.xml
+++ b/src/chrome/content/rules/Docelu.pl.xml
@@ -49,7 +49,7 @@ Fetch error: http://www.docelu.pl/ => https://docelu.pl/: (60, 'SSL certificate
 				- ^ *
 				- i.wp.pl *
 				- b.wpimg.com *
-			
+
 
 		- Images, on:
 
@@ -90,7 +90,7 @@ Fetch error: http://www.docelu.pl/ => https://docelu.pl/: (60, 'SSL certificate
 	mixedcontent due to css from ^docelu.pl, i.wp.pl, & b.wpimg.com.
 
 -->
-<ruleset name="docelu.pl (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="docelu.pl (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="docelu.pl" />
 	<target host="trasy.docelu.pl" />
@@ -100,10 +100,10 @@ Fetch error: http://www.docelu.pl/ => https://docelu.pl/: (60, 'SSL certificate
 	<!--	Can we secure any wildcard cookies here safely?
 								-->
 	<!--securecookie host="^\.docelu\.pl$" name="^(reksticket|WP-cookie-info|wpsticket)" /-->
-	<securecookie host="^(?:.+\.)?docelu\.pl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:(trasy\.)|www\.)?docelu\.pl/"
 		to="https://$1docelu.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Docstoc.xml b/src/chrome/content/rules/Docstoc.xml
deleted file mode 100644
index d283ac7adc8b..000000000000
--- a/src/chrome/content/rules/Docstoc.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--	s3.amazonaws.com/content1.docstoc.com/
-	s3.amazonaws.com/img.docstoc.com/
-
-	!functional:
-		- blog.docstream.com	(cert: *.gridserver.com; infinite redirection)
-		- platform.docstoc.com	(403)
--->
-<ruleset name="Docstoc (partial)">
-
-	<target host="docstoc.com"/>
-	<target host="*.docstoc.com"/>
-	<target host="*.docstoccdn.com"/>
-
-	<!--	!cdn cert:	EdgeCast	-->
-	<rule from="^http://(css|i|swf)\.docstoc(?:cdn)?\.com/"
-		to="https://$1.docstoccdn.com/"/>
-
-	<rule from="^http://img\.docstoc(?:cdn)?\.com/"
-		to="https://s3.amazonaws.com/img.docstoc.com/"/>
-
-	<!--	!www:	!found			-->
-	<rule from="^http://(?:www\.)?docstoc\.com/(account/|Captcha\.ashx|cart/|favicon\.ico|i/|pass(?:$|\?))"
-		to="https://www.docstoc.com/$1"/>
-
-	<rule from="^http://static2\.docstoccdn\.com/"
-		to="https://static2.docstoccdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Docstorepro.com.xml b/src/chrome/content/rules/Docstorepro.com.xml
index baba7d171632..bcf8e4a43b52 100644
--- a/src/chrome/content/rules/Docstorepro.com.xml
+++ b/src/chrome/content/rules/Docstorepro.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://docstorepro.com/ => https://docstorepro.com/: (60, 'SSL cert
 	For other NiKec Solutions coverage, see NiKec_Solutions.xml.
 
 -->
-<ruleset name="docstorepro.com" default_off='failed ruleset test'>
+<ruleset name="docstorepro.com" default_off="failed ruleset test">
 
 	<target host="docstorepro.com" />
 	<target host="www.docstorepro.com" />
@@ -17,4 +17,4 @@ Fetch error: http://docstorepro.com/ => https://docstorepro.com/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Doctor_Trusted.org.xml b/src/chrome/content/rules/Doctor_Trusted.org.xml
index 2df1fca8639e..f37d3a60f7f9 100644
--- a/src/chrome/content/rules/Doctor_Trusted.org.xml
+++ b/src/chrome/content/rules/Doctor_Trusted.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.doctortrusted.org/ => https://doctortrusted.org/: (28, '
 		- doctortrusted.org
 
 -->
-<ruleset name="Doctor Trusted.org" default_off='failed ruleset test'>
+<ruleset name="Doctor Trusted.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DocumentCloud.xml b/src/chrome/content/rules/DocumentCloud.xml
index c46124025218..118e947f3689 100644
--- a/src/chrome/content/rules/DocumentCloud.xml
+++ b/src/chrome/content/rules/DocumentCloud.xml
@@ -1,22 +1,24 @@
 <!--
-	Nonfunctional subdomains:
+	ERR_SSL_PROTOCOL_ERROR:
+		- cluster
 
-		- blog		(times out)
+	Mismatched:
+		- cpanel
+		- ftp
+		- s3
+		- whm
 
+	Connection timed out:
+		- testing
 -->
-<ruleset name="DocumentCloud (partial)">
-
+<ruleset name="DocumentCloud">
 	<target host="documentcloud.org" />
-	<target host="*.documentcloud.org" />
-
-
-	<securecookie host="^www\.documentcloud\.org$" name=".+" />
-
-
-	<rule from="^http://(www\.)?documentcloud\.org/"
-		to="https://$1documentcloud.org/" />
+	<target host="www.documentcloud.org" />
+	<target host="assets.documentcloud.org" />
+	<target host="assets2.documentcloud.org" />
+	<target host="blog.documentcloud.org" />
 
-	<rule from="^http://s3\.documentcloud\.org/"
-		to="https://s3.amazonaws.com/s3.documentcloud.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Document_Freedom_Day.xml b/src/chrome/content/rules/Document_Freedom_Day.xml
index b7a1e8a216a4..4d17422086c6 100644
--- a/src/chrome/content/rules/Document_Freedom_Day.xml
+++ b/src/chrome/content/rules/Document_Freedom_Day.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.documentfreedom.net/ => https://www.documentfreedom.net/
 	For other FSFE coverage, see FSFE.org.xml.
 
 -->
-<ruleset name="Document Freedom Day" default_off='failed ruleset test'>
+<ruleset name="Document Freedom Day" default_off="failed ruleset test">
 
 	<target host="documentfreedom.net" />
 	<target host="www.documentfreedom.net" />
@@ -22,4 +22,4 @@ Fetch error: http://www.documentfreedom.net/ => https://www.documentfreedom.net/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Docusign.com.xml b/src/chrome/content/rules/Docusign.com.xml
deleted file mode 100644
index d4e69385e24b..000000000000
--- a/src/chrome/content/rules/Docusign.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Docusign.com">
-  <target host="docusign.com" />
-  <target host="www.docusign.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Dodo.com.au.xml b/src/chrome/content/rules/Dodo.com.au.xml
index c67ec3b1f9c2..e8c51b93911f 100644
--- a/src/chrome/content/rules/Dodo.com.au.xml
+++ b/src/chrome/content/rules/Dodo.com.au.xml
@@ -26,7 +26,7 @@
 		- google	²
 		- home		(¹, CN: *.dodo.com)
 		- hosting	⁴
-		- landing	(¹, CN: try.unbounce.com)	
+		- landing	(¹, CN: try.unbounce.com)
 		- login		(¹, CN: *.dodo.com)
 		- m			(¹, CN: *.dodo.com)
 		- postoffice01.mail-hub		⁴
@@ -41,7 +41,7 @@
 		- dnscache42nx.nc.nsw		³
 		- dnscache52nx.nc.nsw		³
 		- dnscache62nx.nc.nsw		³
-		- offers		(¹, CN: try.unbounce.com)	
+		- offers		(¹, CN: try.unbounce.com)
 		- payments		(¹, CN: *.dodo.com)
 		- photos		(¹, CN: *.dodo.com)
 		- pop		³
diff --git a/src/chrome/content/rules/Dodo.com.xml b/src/chrome/content/rules/Dodo.com.xml
index 64d27a49d25f..8d20165a7ea5 100644
--- a/src/chrome/content/rules/Dodo.com.xml
+++ b/src/chrome/content/rules/Dodo.com.xml
@@ -75,4 +75,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dods_People.com.xml b/src/chrome/content/rules/Dods_People.com.xml
index f92d1e59aa66..393d5f68affa 100644
--- a/src/chrome/content/rules/Dods_People.com.xml
+++ b/src/chrome/content/rules/Dods_People.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Dods People.com (partial)">
 
 	<target host="dodspeople.com" />
-	<target host="*.dodspeople.com" />
+	<target host="photos.dodspeople.com" />
+	<target host="www.dodspeople.com" />
 
 
 	<rule from="^http://(?:photos\.|www\.)?dodspeople\.com/"
diff --git a/src/chrome/content/rules/DoesNotWork.eu.xml b/src/chrome/content/rules/DoesNotWork.eu.xml
index 812e56edc403..d83840c8a359 100644
--- a/src/chrome/content/rules/DoesNotWork.eu.xml
+++ b/src/chrome/content/rules/DoesNotWork.eu.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.doesnotwork.eu/ => https://www.doesnotwork.eu/: (7, '')
 
 	For other Nebezi.cz coverage, see Nebezi.cz.xml.
 -->
-<ruleset name="DoesNotWork.eu" default_off='failed ruleset test'>
+<ruleset name="DoesNotWork.eu" default_off="failed ruleset test">
 	<target host="doesnotwork.eu" />
 	<target host="ipv4.doesnotwork.eu" />
 	<target host="ipv6.doesnotwork.eu" />
diff --git a/src/chrome/content/rules/Dof.dk.xml b/src/chrome/content/rules/Dof.dk.xml
index b29ea6d2f623..b0b61ed0d983 100644
--- a/src/chrome/content/rules/Dof.dk.xml
+++ b/src/chrome/content/rules/Dof.dk.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.dof.dk/ => https://www.dof.dk/: (60, 'SSL certificate pr
 	¹: Refused
 	²: Bad cert (CN: *.your-server.de)
 -->
-<ruleset name="Dof.dk" default_off='failed ruleset test'>
+<ruleset name="Dof.dk" default_off="failed ruleset test">
 
 	<target host="dof.dk" />
 	<target host="www.dof.dk" />
diff --git a/src/chrome/content/rules/Dogpile.com.xml b/src/chrome/content/rules/Dogpile.com.xml
new file mode 100644
index 000000000000..c5fe7f75133b
--- /dev/null
+++ b/src/chrome/content/rules/Dogpile.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Timeout:
+		- dogpile.com
+-->
+<ruleset name="Dogpile.com (partial)">
+	<target host="dogpile.com" />
+	<target host="www.dogpile.com" />
+	<target host="info.dogpile.com" />
+	<target host="private.dogpile.com" />
+	<target host="results.dogpile.com" />
+
+	<rule from="^http://dogpile\.com/" to="https://www.dogpile.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DogsbodyTechnologyLtd.xml b/src/chrome/content/rules/DogsbodyTechnologyLtd.xml
new file mode 100644
index 000000000000..96cec46e3351
--- /dev/null
+++ b/src/chrome/content/rules/DogsbodyTechnologyLtd.xml
@@ -0,0 +1,30 @@
+<ruleset name="Dogsbody Technology Ltd">
+	<target host="dogsbody.com" />
+	<target host="www.dogsbody.com" />
+	<target host="analytics.dogsbody.com" />
+	<target host="email.dogsbody.com" />
+	<target host="mirrors.dogsbody.com" />
+	<target host="monitoring.dogsbody.com" />
+	<target host="mta-sts.dogsbody.com" />
+	<target host="portal.dogsbody.com" />
+	<target host="rkhmirror.dogsbody.com" />
+	<target host="rss.dogsbody.com" />
+	<target host="static.dogsbody.com" />
+	<target host="status.dogsbody.com" />
+	<target host="support.dogsbody.com" />
+	<target host="warboard.dogsbody.com" />
+	<target host="webmail.dogsbody.com" />
+	<target host="wiki.dogsbody.com" />
+
+	<target host="dogsbodytechnology.com" />
+	<target host="www.dogsbodytechnology.com" />
+	<target host="alerts.dogsbodytechnology.com" />
+	<target host="portal.dogsbodytechnology.com" />
+	<target host="status.dogsbodytechnology.com" />
+
+	<target host="dogsbodyhosting.net" />
+	<target host="www.dogsbodyhosting.net" />
+	<target host="status.dogsbodyhosting.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dogsbodytechnology.com.xml b/src/chrome/content/rules/Dogsbodytechnology.com.xml
deleted file mode 100644
index 2aa1a1e296ba..000000000000
--- a/src/chrome/content/rules/Dogsbodytechnology.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Dogsbodytechnology.com">
-	<target host="dogsbodytechnology.com" />
-        <target host="dogsbodyhosting.net" />
-	<target host="www.dogsbodytechnology.com" />
-        <target host="www.dogsbodyhosting.net" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Dogz_Online.xml b/src/chrome/content/rules/Dogz_Online.xml
index ed5ad7e5fd08..1ea7032f506a 100644
--- a/src/chrome/content/rules/Dogz_Online.xml
+++ b/src/chrome/content/rules/Dogz_Online.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Doi2bib.org.xml b/src/chrome/content/rules/Doi2bib.org.xml
new file mode 100644
index 000000000000..b71feb7e1083
--- /dev/null
+++ b/src/chrome/content/rules/Doi2bib.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Doi2bib.org">
+	<target host="doi2bib.org" />
+	<target host="www.doi2bib.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Doitgarden.ch.xml b/src/chrome/content/rules/Doitgarden.ch.xml
deleted file mode 100644
index d78beddc8e0c..000000000000
--- a/src/chrome/content/rules/Doitgarden.ch.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Migros coverage, see Migros.xml.
-
-	Nonfunctional hosts in doit-garden-migros.ch:
-		- doitgarden.ch (m,r)
-		- www.doitgarden.ch (r)
-
-		- doit-garden-migros.ch (m)
-			- www.doit-garden-migros.ch (m)
-			- nl.doit-garden-migros.ch (m)
-
-	m: mismatch
-	r: HTTP redirect
--->
-<ruleset name="Doitgarden.ch (partial)">
-	<target host="cdn1.doitgarden.ch" />
-	<target host="cdn2.doitgarden.ch" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Dolibarr.org.xml b/src/chrome/content/rules/Dolibarr.org.xml
new file mode 100644
index 000000000000..0514ba8cf29b
--- /dev/null
+++ b/src/chrome/content/rules/Dolibarr.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Connection reset:
+		- calendar
+		- mail
+		- ml
+
+	Mismatched:
+		- vmdev1
+
+	Expired:
+		- vmprod1
+
+	Self-signed:
+		- vmprod2
+		- vmprod3
+-->
+<ruleset name="Dolibarr.org">
+	<target host="dolibarr.org" />
+	<target host="www.dolibarr.org" />
+	<target host="admin.dolibarr.org" />
+	<target host="asso.dolibarr.org" />
+	<target host="demo.dolibarr.org" />
+	<target host="doxygen.dolibarr.org" />
+	<target host="nl.dolibarr.org" />
+	<target host="partners.dolibarr.org" />
+	<target host="saas.dolibarr.org" />
+	<target host="status.dolibarr.org" />
+	<target host="wiki.dolibarr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dolimg.com.xml b/src/chrome/content/rules/Dolimg.com.xml
index 6368e31bddb1..0180ef26abdd 100644
--- a/src/chrome/content/rules/Dolimg.com.xml
+++ b/src/chrome/content/rules/Dolimg.com.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://s\.dolimg\.com/"
 		to="https://s.dolimg.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar.co.uk.xml b/src/chrome/content/rules/Dollar.co.uk.xml
new file mode 100644
index 000000000000..b4f9c3f77f37
--- /dev/null
+++ b/src/chrome/content/rules/Dollar.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Dollar coverage, see Dollar.com.xml
+-->
+<ruleset name="Dollar.co.uk">
+
+	<target host="dollar.co.uk" />
+	<target host="www.dollar.co.uk" />
+	<target host="refresh.dollar.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar.com.xml b/src/chrome/content/rules/Dollar.com.xml
new file mode 100644
index 000000000000..c9ab5d5eb667
--- /dev/null
+++ b/src/chrome/content/rules/Dollar.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Other related rulesets:
+		- Dollar.co.uk.xml
+		- Dollar.de.xml
+		- DollarCanada.ca.xml
+
+
+	Non-functional subdomains:
+		- dblog		(t)
+		- click.emails		(m)
+		- pub.emails		(m)
+		- lac		(i)
+		- worldwide		(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Dollar.com">
+
+	<target host="dollar.com" />
+	<target host="www.dollar.com" />
+	<target host="cruisesinc.dollar.com" />
+	<target host="image.emails.dollar.com" />
+	<target host="htcstaging.dollar.com" />
+	<target host="m.dollar.com" />
+	<target host="media.dollar.com" />
+	<target host="mobile.dollar.com" />
+	<target host="mstaging.dollar.com" />
+	<target host="ota.dollar.com" />
+	<target host="pblog.dollar.com" />
+	<target host="prepay.dollar.com" />
+	<target host="register.dollar.com" />
+	<target host="sblog.dollar.com" />
+	<target host="stageimt.dollar.com" />
+	<target host="staging.dollar.com" />
+	<target host="stagingm.dollar.com" />
+	<target host="ww2.dollar.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar.de.xml b/src/chrome/content/rules/Dollar.de.xml
new file mode 100644
index 000000000000..c85322f86e79
--- /dev/null
+++ b/src/chrome/content/rules/Dollar.de.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Dollar coverage, see Dollar.com.xml
+-->
+<ruleset name="Dollar.de">
+
+	<target host="www.dollar.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DollarCanada.ca.xml b/src/chrome/content/rules/DollarCanada.ca.xml
new file mode 100644
index 000000000000..ae1195fcbc9c
--- /dev/null
+++ b/src/chrome/content/rules/DollarCanada.ca.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Dollar coverage, see Dollar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(self-signed cert)
+
+-->
+<ruleset name="Dollar Canada.ca">
+
+	<target host="dollarcanada.ca" />
+	<target host="www.dollarcanada.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://dollarcanada\.ca/"
+		to="https://www.dollarcanada.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dollar_a_Day.co.xml b/src/chrome/content/rules/Dollar_a_Day.co.xml
index 0d80e862ccc1..82035f352b3b 100644
--- a/src/chrome/content/rules/Dollar_a_Day.co.xml
+++ b/src/chrome/content/rules/Dollar_a_Day.co.xml
@@ -5,7 +5,7 @@ Fetch error: http://dollaraday.co/ => https://dollaraday.co/: (60, 'SSL certific
 Fetch error: http://www.dollaraday.co/ => https://www.dollaraday.co/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Dollar a Day.co" default_off='failed ruleset test'>
+<ruleset name="Dollar a Day.co" default_off="failed ruleset test">
 
 	<target host="dollaraday.co" />
 	<target host="www.dollaraday.co" />
diff --git a/src/chrome/content/rules/Dolphin-emu.org.xml b/src/chrome/content/rules/Dolphin-emu.org.xml
index e900c71aa74e..0081ecc72ae5 100644
--- a/src/chrome/content/rules/Dolphin-emu.org.xml
+++ b/src/chrome/content/rules/Dolphin-emu.org.xml
@@ -16,13 +16,15 @@
 <ruleset name="dolphin-emu.org">
 
 	<target host="dolphin-emu.org" />
-	<target host="*.dolphin-emu.org" />
+	<target host="dl.dolphin-emu.org" />
+	<target host="forums.dolphin-emu.org" />
+	<target host="wiki.dolphin-emu.org" />
+	<target host="www.dolphin-emu.org" />
 
 
 	<securecookie host=".+\.dolphin-emu\.org$" name=".+" />
 
 
-	<rule from="^http://((?:dl|forums|wiki|www)\.)?dolphin-emu\.org/"
-		to="https://$1dolphin-emu.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Domain.com.xml b/src/chrome/content/rules/Domain.com.xml
index 5f91f5c08d83..8c8a4137b58c 100644
--- a/src/chrome/content/rules/Domain.com.xml
+++ b/src/chrome/content/rules/Domain.com.xml
@@ -14,7 +14,9 @@
 <ruleset name="Domain.com">
 
 	<target host="domain.com" />
-	<target host="*.domain.com" />
+	<target host="www.domain.com" />
+	<target host="images.domain.com" />
+	<target host="secure.domain.com" />
 
 
 	<securecookie host="^\.domain\.com$" name=".+" />
@@ -22,14 +24,13 @@
 
 	<!--	!www redirects to www over http,
 		so copy that behavior:
-					-->		
+					-->
 	<rule from="^http://(?:www\.)?domain\.com/"
 		to="https://www.domain.com/" />
 
 	<rule from="^http://images\.domain\.com/"
 		to="https://secure.domain.com/images/" />
 
-	<rule from="^http://secure\.domain\.com/"
-		to="https://secure.domain.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Domain.de.xml b/src/chrome/content/rules/Domain.de.xml
deleted file mode 100644
index 814b4d40778b..000000000000
--- a/src/chrome/content/rules/Domain.de.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Domain.de">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="domain.de" />
-	<target host="www.domain.de" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DomainCoin.net.xml b/src/chrome/content/rules/DomainCoin.net.xml
deleted file mode 100644
index d73c3f82d2bb..000000000000
--- a/src/chrome/content/rules/DomainCoin.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="DomainCoin.net">
-
-	<target host="domaincoin.net" />
-	<target host="www.domaincoin.net" />
-
-
-	<securecookie host="^(?:www\.)?domaincoin\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DomainContext.com.xml b/src/chrome/content/rules/DomainContext.com.xml
index 7a4597c63971..3aaf6338cc43 100644
--- a/src/chrome/content/rules/DomainContext.com.xml
+++ b/src/chrome/content/rules/DomainContext.com.xml
@@ -1,7 +1,19 @@
+
+<!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Non-2xx HTTP code: http://www.domaincontext.com/ (200) => https://www.domaincontext.com/ (404)
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Non-2xx HTTP code: http://domaincontext.com/ (200) => https://domaincontext.com/ (404)
+Non-2xx HTTP code: http://ru.domaincontext.com/ (200) => https://ru.domaincontext.com/ (404)
+
 	Other DomainContext rulesets:
 
-		- Unitedplatform.com.xml
 
 
 	Insecure cookies are set for these domains:
@@ -9,10 +21,10 @@
 		- .domaincontext.com
 
 -->
-<ruleset name="DomainContext.com">
+<ruleset name="DomainContext.com" default_off="failed ruleset test">
 
-	<target host="domaincontext.com" />
-	<target host="ru.domaincontext.com" />
+	<!-- target host="domaincontext.com" /-->
+	<!-- target host="ru.domaincontext.com" /-->
 	<target host="www.domaincontext.com" />
 
 
diff --git a/src/chrome/content/rules/DomainSigma.com.xml b/src/chrome/content/rules/DomainSigma.com.xml
deleted file mode 100644
index 7abc8f212b24..000000000000
--- a/src/chrome/content/rules/DomainSigma.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://static.domainsigma.com/ => https://djtg44apx8dzy.cloudfront.net/: (6, 'Could not resolve host: djtg44apx8dzy.cloudfront.net')
-
-	CDN buckets:
-
-		- djtg44apx8dzy.cloudfront.net
-
-			- static
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="DomainSigma.com (partial)" default_off='failed ruleset test'>
-
-	<target host="static.domainsigma.com" />
-
-
-	<rule from="^http://static\.domainsigma\.com/"
-		to="https://djtg44apx8dzy.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/DomainSponsor.xml b/src/chrome/content/rules/DomainSponsor.xml
deleted file mode 100644
index 7728e90bc09d..000000000000
--- a/src/chrome/content/rules/DomainSponsor.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Oversee.net coverage, see Oversee.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)domainsponsor.com	(http reply)
-		- (www.)domainsponsor.org	(times out)
-
--->
-<ruleset name="DomainSponsor (partial)">
-
-	<target host="*.domainsponsor.com"/>
-
-
-	<securecookie host="^\.domainsponsor\.com$" name=".+" />
-
-
-	<rule from="^http://(pubman|spi)\.domainsponsor\.com/"
-		to="https://$1.domainsponsor.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/DomainTools.com-falsemixed.xml b/src/chrome/content/rules/DomainTools.com-falsemixed.xml
deleted file mode 100644
index 984ba90a624c..000000000000
--- a/src/chrome/content/rules/DomainTools.com-falsemixed.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see DomainTools.xml
-
--->
-<ruleset name="DomainTools.com (false MCB)" platform="mixedcontent">
-
-	<!--	Complications:
-				-->
-	<target host="support.domaintools.com" />
-
-
-	<rule from="^http://support\.domaintools\.com/"
-		to="https://domaintools.kayako.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DomainTools.xml b/src/chrome/content/rules/DomainTools.xml
index 156a0431c125..7df2c006d46b 100644
--- a/src/chrome/content/rules/DomainTools.xml
+++ b/src/chrome/content/rules/DomainTools.xml
@@ -31,7 +31,7 @@
 			- whois
 			- www
 			- yahoo
-		
+
 		- dt-static.com
 			- assets
 			- images
@@ -60,11 +60,11 @@
 	<target host="whitelabel.domaintools.com" />
 	<target host="whois.domaintools.com" />
 	<target host="yahoo.domaintools.com" />
-	
+
 	<target host="assets.dt-static.com" />
 	<target host="images.dt-static.com" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DomainWho.is.xml b/src/chrome/content/rules/DomainWho.is.xml
index 33b8a86642b5..00ac18e25235 100644
--- a/src/chrome/content/rules/DomainWho.is.xml
+++ b/src/chrome/content/rules/DomainWho.is.xml
@@ -7,7 +7,7 @@ Fetch error: http://styles.domainwho.is/ => https://styles.domainwho.is/: (6, 'C
 Fetch error: http://www.domainwho.is/ => https://www.domainwho.is/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="DomainWho.is" default_off='failed ruleset test'>
+<ruleset name="DomainWho.is" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Domainbox.com.xml b/src/chrome/content/rules/Domainbox.com.xml
deleted file mode 100644
index 4ca7c930f74b..000000000000
--- a/src/chrome/content/rules/Domainbox.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	- ^: cert only matches www
-	- Server is configured for rc4 only
-	- Some pages redirect to http
-
--->
-<ruleset name="Domainbox.com (partial)">
-
-	<target host="domainbox.com" />
-	<target host="www.domainbox.com" />
-
-
-	<rule from="^http://(?:www\.)?domainbox\.com/(?=favicon\.ico|func/|images/|inc/|sign-up(?:$|[?/]))"
-		to="https://www.domainbox.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Domains_By_Proxy.xml b/src/chrome/content/rules/Domains_By_Proxy.xml
index 0bba8d903283..5f66735ed8ad 100644
--- a/src/chrome/content/rules/Domains_By_Proxy.xml
+++ b/src/chrome/content/rules/Domains_By_Proxy.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domena.pl.xml b/src/chrome/content/rules/Domena.pl.xml
index 9083d303440b..abf7bd428bda 100644
--- a/src/chrome/content/rules/Domena.pl.xml
+++ b/src/chrome/content/rules/Domena.pl.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Domreg.lt.xml b/src/chrome/content/rules/Domreg.lt.xml
deleted file mode 100644
index 667bf7dfe7ab..000000000000
--- a/src/chrome/content/rules/Domreg.lt.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Domreg.lt">
-
-	<target host="domreg.lt" />
-	<target host="www.domreg.lt" />
-
-
-	<securecookie host="^www\.domreg\.lt$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Doncaster.gov.uk.xml b/src/chrome/content/rules/Doncaster.gov.uk.xml
index 6d5791dce94a..e869166ce740 100644
--- a/src/chrome/content/rules/Doncaster.gov.uk.xml
+++ b/src/chrome/content/rules/Doncaster.gov.uk.xml
@@ -40,7 +40,7 @@ Fetch error: http://doncaster.gov.uk/Eforms/BusGenEform/Boot/803 => https://donc
 		- www.doncaster.gov.uk
 
 -->
-<ruleset name="Doncaster.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Doncaster.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Doncaster_College.xml b/src/chrome/content/rules/Doncaster_College.xml
index b441bb305034..835c25c7ea3b 100644
--- a/src/chrome/content/rules/Doncaster_College.xml
+++ b/src/chrome/content/rules/Doncaster_College.xml
@@ -36,4 +36,4 @@
 	<rule from="^http://blackboard\.don\.ac\.uk/(?:\?.*)?$"
 		to="https://don.blackboard.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Doodle.xml b/src/chrome/content/rules/Doodle.xml
deleted file mode 100644
index 11eca1cf289a..000000000000
--- a/src/chrome/content/rules/Doodle.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Mismatch:
-		- translate.doodle.com
-		- uptime.doodle.com
-
-	Handshake failure:
-		- deployer.doodle.com
-
-	Wildcard DNS record and cert.
--->
-<ruleset name="Doodle">
-
-	<target host="doodle.com" />
-	<target host="www.doodle.com" />
-	<target host="blog.doodle.com" />
-		<target host="br.blog.doodle.com" />
-		<target host="de.blog.doodle.com" />
-		<target host="en.blog.doodle.com" />
-		<target host="fr.blog.doodle.com" />
-	<target host="cdn2.doodle.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Doorbell.io.xml b/src/chrome/content/rules/Doorbell.io.xml
index abe7a607d594..760db42de7e0 100644
--- a/src/chrome/content/rules/Doorbell.io.xml
+++ b/src/chrome/content/rules/Doorbell.io.xml
@@ -2,13 +2,13 @@
 Mismatch:
 	blog.	(Based on Tumblr)
 	status.
-	
+
 -->
 <ruleset name="doorbell.io">
-	
+
 	<target host="doorbell.io" />
 	<target host="embed.doorbell.io" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Doria.fi.xml b/src/chrome/content/rules/Doria.fi.xml
new file mode 100644
index 000000000000..dbc01b95782a
--- /dev/null
+++ b/src/chrome/content/rules/Doria.fi.xml
@@ -0,0 +1,13 @@
+<!--
+	Incomplete certificate chain:
+		- s1
+-->
+<ruleset name="Doria.fi">
+	<target host="doria.fi" />
+	<target host="www.doria.fi" />
+	<target host="input.doria.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dot429.xml b/src/chrome/content/rules/Dot429.xml
deleted file mode 100644
index 18114ef60746..000000000000
--- a/src/chrome/content/rules/Dot429.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1j2diro5xke84.cloudfront.net
-		- d2qmyvn67i80mw.cloudfront.net
-
--->
-<ruleset name="dot429 (partial)">
-
-	<target host="dot429.com" />
-	<target host="*.dot429.com" />
-
-
-	<!--	At least some pages 302 to http.
-							-->
-	<rule from="^http://(www\.)?dot429\.com/(blueprint|fonts|images|packages|stylesheets)/"
-		to="https://$1dot429.com/$2/" />
-
-	<rule from="^http://cdn[1-5]\.dot429\.com/"
-		to="https://d2qmyvn67i80mw.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dot5Hosting.xml b/src/chrome/content/rules/Dot5Hosting.xml
index 6130eac38410..d5e7ebe4f159 100644
--- a/src/chrome/content/rules/Dot5Hosting.xml
+++ b/src/chrome/content/rules/Dot5Hosting.xml
@@ -1,13 +1,14 @@
 <ruleset name="Dot5Hosting">
 
 	<target host="dot5hosting.com" />
-	<target host="*.dot5hosting.com" />
+	<target host="images.dot5hosting.com" />
+	<target host="secure.dot5hosting.com" />
+	<target host="www.dot5hosting.com" />
 
 
 	<securecookie host="^\.dot5hosting\.com$" name=".+" />
 
 
-	<rule from="^http://((?:images|secure|www)\.)?dot5hosting\.com/"
-		to="https://$1dot5hosting.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/DotCOM-host.xml b/src/chrome/content/rules/DotCOM-host.xml
index 2d90e3b40875..bfeb7acd4839 100644
--- a/src/chrome/content/rules/DotCOM-host.xml
+++ b/src/chrome/content/rules/DotCOM-host.xml
@@ -5,7 +5,7 @@
 	<!--	* for cross-domain cookie.	-->
 
 
-	<securecookie host="^(?:.*\.)?dotcomhost\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/DotCloud.com.xml b/src/chrome/content/rules/DotCloud.com.xml
index d0f74eeef0a3..a59a0b1ff1e7 100644
--- a/src/chrome/content/rules/DotCloud.com.xml
+++ b/src/chrome/content/rules/DotCloud.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://dotcloud.com/ => https://dotcloud.com/: (7, 'Failed to conne
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="dotCloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="dotCloud.com (partial)" default_off="failed ruleset test">
 
 	<target host="dotcloud.com" />
 	<target host="*.dotcloud.com" />
diff --git a/src/chrome/content/rules/DotMailer.xml b/src/chrome/content/rules/DotMailer.xml
index 20ff2ee1f535..30a810eb12cf 100644
--- a/src/chrome/content/rules/DotMailer.xml
+++ b/src/chrome/content/rules/DotMailer.xml
@@ -7,7 +7,9 @@
 <ruleset name="dotMailer (partial)">
 
 	<target host="dotmailer.com" />
-	<target host="*.dotmailer.com" />
+	<target host="www.dotmailer.com" />
+	<target host="my.dotmailer.com" />
+	<target host="support.dotmailer.com" />
 	<target host="dotmailer.co.uk" />
 	<target host="www.dotmailer.co.uk" />
 		<exclusion pattern="^http://(?:www\.)?dotmailer\.co(?:m|\.uk)/(?!favicon\.ico|images/|m/css|login\.aspx|professional_email_marketing_solutions/professional_trial_signup)" />
@@ -20,13 +22,8 @@
 	<rule from="^http://(?:www\.)?dotmailer\.com/"
 		to="https://www.dotmailer.com/" />
 
-	<rule from="^http://(my|support)\.dotmailer\.com/"
-		to="https://$1.dotmailer.com/" />
 
-	<rule from="^http://(www\.)?dotmailer\.co\.uk/"
-		to="https://$1dotmailer.co.uk/" />
 
-	<rule from="^http://t\.trackedlink\.net/"
-		to="https://t.trackedlink.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dota2lounge.com.xml b/src/chrome/content/rules/Dota2lounge.com.xml
index 3680c5b1954e..856fb7abc90b 100644
--- a/src/chrome/content/rules/Dota2lounge.com.xml
+++ b/src/chrome/content/rules/Dota2lounge.com.xml
@@ -1,15 +1,12 @@
 <!--
 	Doesn't exist:
 	www.dota2lounge.com
+
+  Host unresolved:
+    cdn.dota2lounge.com
 -->
 <ruleset name="Dota2lounge.com" platform="mixedcontent">
 	<target host="dota2lounge.com" />
-	<target host="cdn.dota2lounge.com" />
 
-	<test url="http://cdn.dota2lounge.com/" />
-	
-	<rule from="^http://cdn\.dota2lounge\.com/"
-		to="https://dota2lounge.com/" />
-	
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dota_2.com.xml b/src/chrome/content/rules/Dota_2.com.xml
index bbd0288a7754..1c5797ae66fb 100644
--- a/src/chrome/content/rules/Dota_2.com.xml
+++ b/src/chrome/content/rules/Dota_2.com.xml
@@ -69,7 +69,7 @@
 	<exclusion pattern="^http://(www\.)?dota2\.com/quiz" />
 	<exclusion pattern="^http://(www\.)?dota2\.com/store" />
 	<exclusion pattern="^http://(www\.)?dota2\.com/workshop" />
-	
+
 	<rule from="^http://dota2\.com/"
 		to="https://www.dota2.com/" />
 
diff --git a/src/chrome/content/rules/Dotcomsecurity.de.xml b/src/chrome/content/rules/Dotcomsecurity.de.xml
index bb6f45bb9b2e..bc5a1c2f0b5e 100644
--- a/src/chrome/content/rules/Dotcomsecurity.de.xml
+++ b/src/chrome/content/rules/Dotcomsecurity.de.xml
@@ -5,7 +5,7 @@ Fetch error: http://dotcomsecurity.de/ => https://dotcomsecurity.de/: (60, 'SSL
 Fetch error: http://www.dotcomsecurity.de/ => https://www.dotcomsecurity.de/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Dotcomsecurity.de" default_off='failed ruleset test'>
+<ruleset name="Dotcomsecurity.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dotwhat.net.xml b/src/chrome/content/rules/Dotwhat.net.xml
new file mode 100644
index 000000000000..7bd4f07ea5a3
--- /dev/null
+++ b/src/chrome/content/rules/Dotwhat.net.xml
@@ -0,0 +1,17 @@
+<!--
+    Non-functional hosts:
+
+    Invalid certificate:
+       - ftp.dotwhat.net
+
+-->
+<ruleset name="Dotwhat.net/">
+    <target host="dotwhat.net" />
+    <target host="www.dotwhat.net" />
+    <target host="webmail.dotwhat.net" />
+    <target host="cpanel.dotwhat.net" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Douban.com.xml b/src/chrome/content/rules/Douban.com.xml
index 25e0b1d33ebc..96d0008b58c9 100644
--- a/src/chrome/content/rules/Douban.com.xml
+++ b/src/chrome/content/rules/Douban.com.xml
@@ -1,29 +1,27 @@
 <!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - fm.douban.com
+	Empty reply from server:
+		blackpit.douban.com
+		blackpit.douban.com
+		labs.douban.com
 
-		Secure connection redirects to plaintext:
-			 - brand.douban.com
+	Redirec to http:
+		brand.douban.com
 -->
 <ruleset name="Douban.com (partial)">
 	<target host="douban.com" />
+	<target host="www.douban.com" />
 	<target host="accounts.douban.com" />
 	<target host="artist.douban.com" />
 	<target host="beijing.douban.com" />
-	<target host="blackpit.douban.com" />
 	<target host="blog.douban.com" />
 	<target host="book.douban.com" />
-	<target host="developers.douban.com" />
 	<target host="dongxi.douban.com" />
 	<target host="fm.douban.com" />
 	<target host="guangzhou.douban.com" />
 	<target host="help.douban.com" />
 	<target host="jobs.douban.com" />
-	<target host="labs.douban.com" />
 	<target host="m.douban.com" />
 	<target host="market.douban.com" />
-	<target host="moment.douban.com" />
 	<target host="movie.douban.com" />
 	<target host="music.douban.com" />
 	<target host="pypi.douban.com" />
@@ -31,14 +29,9 @@
 	<target host="shanghai.douban.com" />
 	<target host="site.douban.com" />
 	<target host="wap.douban.com" />
-	<target host="www.douban.com" />
 	<target host="ypy.douban.com" />
 
-	<securecookie host=".+" name="^__utm" />
-
-	<rule from="^http://fm\.douban\.com/"
-			to="https://douban.fm/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
-			to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/DoubleClick_by_Google.com.xml b/src/chrome/content/rules/DoubleClick_by_Google.com.xml
deleted file mode 100644
index 970c5d9208e6..000000000000
--- a/src/chrome/content/rules/DoubleClick_by_Google.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml
-
-
-	^doubleclickbygoogle.com: Handshake fails
-
--->
-<ruleset name="DoubleClick by Google.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.doubleclickbygoogle.com" />
-
-	<!--	Complications:
-				-->
-	<target host="doubleclickbygoogle.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://doubleclickbygoogle\.com/"
-		to="https://www.doubleclickbygoogle.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Doutula.com.xml b/src/chrome/content/rules/Doutula.com.xml
new file mode 100644
index 000000000000..2b1dce92ed47
--- /dev/null
+++ b/src/chrome/content/rules/Doutula.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Doutula.com">
+	<target host="doutula.com" />
+	<target host="www.doutula.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Douyu.xml b/src/chrome/content/rules/Douyu.xml
index c96504440389..b65c40950375 100644
--- a/src/chrome/content/rules/Douyu.xml
+++ b/src/chrome/content/rules/Douyu.xml
@@ -22,7 +22,7 @@
 	<target host="www.douyu.com" />
 	<target host="staticyb.douyu.com" />
 	<target host="yuba.douyu.com" />
-	
+
 	<target host="apic.douyucdn.cn" />
 	<target host="dot.douyucdn.cn" />
 	<target host="dotcounter.douyucdn.cn" />
diff --git a/src/chrome/content/rules/Dover.gov.uk.xml b/src/chrome/content/rules/Dover.gov.uk.xml
index b9e6b2cc10ad..e2ad133f92fd 100644
--- a/src/chrome/content/rules/Dover.gov.uk.xml
+++ b/src/chrome/content/rules/Dover.gov.uk.xml
@@ -54,7 +54,7 @@
 	<!--securecookie host="^(?:moderngov|secure)\.dover\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
 
 	<securecookie host="^\.forms\." name=".+" />
-	<securecookie host="^\w" name="" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Dovetail_Services-problematic.xml b/src/chrome/content/rules/Dovetail_Services-problematic.xml
index f29bd0aa681b..44862dc4c8c3 100644
--- a/src/chrome/content/rules/Dovetail_Services-problematic.xml
+++ b/src/chrome/content/rules/Dovetail_Services-problematic.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?dovetailservices\.com/"
 		to="https://www.dovetailservices.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dovetail_Services.xml b/src/chrome/content/rules/Dovetail_Services.xml
index da5939a839b7..c7ecd362d318 100644
--- a/src/chrome/content/rules/Dovetail_Services.xml
+++ b/src/chrome/content/rules/Dovetail_Services.xml
@@ -6,13 +6,13 @@ Fetch error: http://subscribeonline.co.uk/ => https://subscribeonline.co.uk/: (3
 	For problematic rules, see Dovetail_Services-problematic.xml.
 
 -->
-<ruleset name="Dovetail Services (partial)" default_off='failed ruleset test'>
+<ruleset name="Dovetail Services (partial)" default_off="failed ruleset test">
 
 	<target host="subscribeonline.co.uk" />
 	<target host="*.subscribeonline.co.uk" />
 
 
-	<securecookie host="^(?:.*\.)?subscribeonline\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Clients have unique subdomains.
@@ -20,4 +20,4 @@ Fetch error: http://subscribeonline.co.uk/ => https://subscribeonline.co.uk/: (3
 	<rule from="^http://(\w+\.)?subscribeonline\.co\.uk/"
 		to="https://$1subscribeonline.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DownForEveryoneOrJustMe.com.xml b/src/chrome/content/rules/DownForEveryoneOrJustMe.com.xml
new file mode 100644
index 000000000000..7db4f93f191d
--- /dev/null
+++ b/src/chrome/content/rules/DownForEveryoneOrJustMe.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional subdomains:
+
+		- www	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="DownForEveryoneOrJustMe.com">
+
+	<target host="downforeveryoneorjustme.com" />
+	<target host="www.downforeveryoneorjustme.com" />
+	<target host="staging.downforeveryoneorjustme.com" />
+
+	<rule from="^http://www\.downforeveryoneorjustme\.com/"
+		to="https://downforeveryoneorjustme.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Down_for_Everyone.com-falsemixed.xml b/src/chrome/content/rules/Down_for_Everyone.com-falsemixed.xml
deleted file mode 100644
index f41d4dd3cf38..000000000000
--- a/src/chrome/content/rules/Down_for_Everyone.com-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Down_for_Everyone.com.xml.
-
--->
-<ruleset name="Down for Everyone.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="downforeveryone.com" />
-
-
-	<securecookie host="^\.downforeveryone\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Down_for_Everyone.com.xml b/src/chrome/content/rules/Down_for_Everyone.com.xml
deleted file mode 100644
index 60f7e62614e7..000000000000
--- a/src/chrome/content/rules/Down_for_Everyone.com.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Down_for_Everyone.com-falsemixed.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .downforeveryone.com
-
-
-	Mixed content:
-
-		- css on ^ from $self *
-
-		- favicon, on:
-
-			- ^ from $self *
-			- https from www.downforeveryone.com *
-
-	* Secured by us
-
--->
-<ruleset name="Down for Everyone.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="downforeveryone.com" /-->
-	<target host="https.downforeveryone.com" />
-	<target host="www.downforeveryone.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.downforeveryone\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.downforeveryone\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Download-Islamic-Religion-PDF-Ebooks.com.xml b/src/chrome/content/rules/Download-Islamic-Religion-PDF-Ebooks.com.xml
new file mode 100644
index 000000000000..987a56664ef7
--- /dev/null
+++ b/src/chrome/content/rules/Download-Islamic-Religion-PDF-Ebooks.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Download-Islamic-Religion-PDF-Ebooks.com">
+	<target host="download-islamic-religion-pdf-ebooks.com" />
+	<target host="www.download-islamic-religion-pdf-ebooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DownloadVerse.com.xml b/src/chrome/content/rules/DownloadVerse.com.xml
index 9f24aebd1bfe..942ba99af845 100644
--- a/src/chrome/content/rules/DownloadVerse.com.xml
+++ b/src/chrome/content/rules/DownloadVerse.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Downloadbox.xml b/src/chrome/content/rules/Downloadbox.xml
index ea058b64a4ef..b3da50cf9aeb 100644
--- a/src/chrome/content/rules/Downloadbox.xml
+++ b/src/chrome/content/rules/Downloadbox.xml
@@ -5,7 +5,7 @@
 <ruleset name="Downloadbox" default_off="self-signed" platform="mixedcontent">
 
 	<target host="downloadbox.me" />
-	<target host="*.downloadbox.me" />
+	<target host="www.downloadbox.me" />
 
 
 	<securecookie host="^\.downloadbox\.me$" name=".+" />
diff --git a/src/chrome/content/rules/DownstreamToday.com.xml b/src/chrome/content/rules/DownstreamToday.com.xml
index f9c756d10038..b976ff2a6945 100644
--- a/src/chrome/content/rules/DownstreamToday.com.xml
+++ b/src/chrome/content/rules/DownstreamToday.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.downstreamtoday.com/ => https://www.downstreamtoday.com/
 	For other Bishop Interactive coverage, see Bishop_Interactive.xml.
 
 -->
-<ruleset name="DownstreamToday.com" default_off='failed ruleset test'>
+<ruleset name="DownstreamToday.com" default_off="failed ruleset test">
 
 	<target host="downstreamtoday.com" />
 	<target host="www.downstreamtoday.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.downstreamtoday.com/ => https://www.downstreamtoday.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Downtown_Host.xml b/src/chrome/content/rules/Downtown_Host.xml
index bc9a23aee5c0..0e434b1aa9cc 100644
--- a/src/chrome/content/rules/Downtown_Host.xml
+++ b/src/chrome/content/rules/Downtown_Host.xml
@@ -11,9 +11,9 @@
 	<target host="www.downtownhost.com" />
 
 
-	<securecookie host="^(?:.+\.)?downtownhost\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dpaydinlatma.com.xml b/src/chrome/content/rules/Dpaydinlatma.com.xml
new file mode 100644
index 000000000000..0c60c5f285f4
--- /dev/null
+++ b/src/chrome/content/rules/Dpaydinlatma.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dpaydinlatma.com">
+	<target host="dpaydinlatma.com" />
+	<target host="www.dpaydinlatma.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dpskolkata.com.xml b/src/chrome/content/rules/Dpskolkata.com.xml
deleted file mode 100644
index 4082cdd4657e..000000000000
--- a/src/chrome/content/rules/Dpskolkata.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Dpskolkata.com">
-	<target host="dpskolkata.com" />
-	<target host="www.dpskolkata.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Dr-Ghanim.com.xml b/src/chrome/content/rules/Dr-Ghanim.com.xml
new file mode 100644
index 000000000000..9152193722e8
--- /dev/null
+++ b/src/chrome/content/rules/Dr-Ghanim.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dr-Ghanim.com">
+	<target host="dr-ghanim.com" />
+	<target host="www.dr-ghanim.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DrAgnDroPbuilder.com.xml b/src/chrome/content/rules/DrAgnDroPbuilder.com.xml
deleted file mode 100644
index 4617bd8b72c0..000000000000
--- a/src/chrome/content/rules/DrAgnDroPbuilder.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="DrAgnDroPbuilder.com">
-
-	<target host="dragndropbuilder.com"/>
-	<target host="www.dragndropbuilder.com"/>
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DrJonathanBrown.com.xml b/src/chrome/content/rules/DrJonathanBrown.com.xml
new file mode 100644
index 000000000000..18b3360b99b8
--- /dev/null
+++ b/src/chrome/content/rules/DrJonathanBrown.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="DrJonathanBrown.com">
+	<target host="drjonathanbrown.com" />
+	<target host="www.drjonathanbrown.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dragonair.xml b/src/chrome/content/rules/Dragonair.xml
deleted file mode 100644
index fe8e22bbcf91..000000000000
--- a/src/chrome/content/rules/Dragonair.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Dragonair">
-
-	<target host="dragonair.com" />
-	<target host="www.dragonair.com" />
-	
-	<rule from="^http://(?:www\.)?dragonair\.com/" to="https://www.dragonair.com/" />
-
-</ruleset> 
diff --git a/src/chrome/content/rules/Draugiem.lv.xml b/src/chrome/content/rules/Draugiem.lv.xml
index f00a334d5762..fbc6ddae253e 100644
--- a/src/chrome/content/rules/Draugiem.lv.xml
+++ b/src/chrome/content/rules/Draugiem.lv.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.baratikor.com/ => https://www.baratikor.com/: (51, "SSL:
 	Everything but that which has been tested is excluded below.
 
 -->
-<ruleset name="Draugiem.lv (partial)" default_off='failed ruleset test'>
+<ruleset name="Draugiem.lv (partial)" default_off="failed ruleset test">
 
 	<target host="baratikor.com" />
 	<target host="www.baratikor.com" />
@@ -20,7 +20,11 @@ Fetch error: http://www.baratikor.com/ => https://www.baratikor.com/: (51, "SSL:
 	<target host="m.draugiem.lv" />
 		<exclusion pattern="^http://m\.draugiem\.lv/+(?!$|\?|favicon\.ico|v\d+/(?:cs|j)s/)" />
 	<target host="frype.com" />
-	<target host="*.frype.com" />
+	<target host="www.frype.com" />
+	<target host="i0.frype.com" />
+	<target host="i3.frype.com" />
+	<target host="i7.frype.com" />
+	<target host="i9.frype.com" />
 		<exclusion pattern="^http://(?:www\.)?frype\.com/+(?!$|\?|favicon\.ico|(?:forgot|help)(?:$|[?/]))" />
 	<target host="ifrype.com" />
 
@@ -31,16 +35,11 @@ Fetch error: http://www.baratikor.com/ => https://www.baratikor.com/: (51, "SSL:
 	<rule from="^http://(?:www\.)?draugiem\.lv/"
 		to="https://www.draugiem.lv/" />
 
-	<rule from="^http://m\.draugiem\.lv/"
-		to="https://m.draugiem.lv/" />
 
 	<rule from="^http://(?:www\.)?frype\.com/"
 		to="https://www.frype.com/" />
 
-	<rule from="^http://i([0379])\.frype\.com/"
-		to="https://i$1.frype.com/" />
 
-	<rule from="^http://ifrype\.com/"
-		to="https://ifrype.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Drawception.xml b/src/chrome/content/rules/Drawception.xml
index 1d3723db3a8a..6386842d3d69 100644
--- a/src/chrome/content/rules/Drawception.xml
+++ b/src/chrome/content/rules/Drawception.xml
@@ -2,8 +2,7 @@
   <target host="drawception.com" />
   <target host="www.drawception.com" />
 
-  <test url="http://drawception.com/" />
-  
+
   <rule from="^http:" to="https:" />
   <securecookie host="^\.?drawception\.com$" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/Drawing_by_Numbers.org.xml b/src/chrome/content/rules/Drawing_by_Numbers.org.xml
deleted file mode 100644
index 20d81c0dff13..000000000000
--- a/src/chrome/content/rules/Drawing_by_Numbers.org.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
-
-
-	Mixed content:
-
-		- Mixed images on ^ from i.creativecommons.org *
-
-	* Secured by us
-
--->
-<ruleset name="Drawing by Numbers.org">
-
-	<target host="drawingbynumbers.org" />
-	<target host="www.drawingbynumbers.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.drawingbynumbers\.org$" name="^SESS[0-9a-f]{32}$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Drawthelines.ca.xml b/src/chrome/content/rules/Drawthelines.ca.xml
new file mode 100644
index 000000000000..3fc0acfaa79d
--- /dev/null
+++ b/src/chrome/content/rules/Drawthelines.ca.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		- www.drawthelines.ca
+-->
+
+<ruleset name="Drawthelines.ca">
+	<target host="drawthelines.ca" />
+	<target host="www.drawthelines.ca" />
+
+	<rule from="^http://www\.drawthelines\.ca/"
+		  to="https://drawthelines.ca/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Drchrono.com.xml b/src/chrome/content/rules/Drchrono.com.xml
index 5d1b33314256..28e9fa93361d 100644
--- a/src/chrome/content/rules/Drchrono.com.xml
+++ b/src/chrome/content/rules/Drchrono.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://drchrono.com/ => https://drchrono.com/: Too many redirects w
 		- www.drchrono.com
 
 -->
-<ruleset name="Drchrono.com" default_off='failed ruleset test'>
+<ruleset name="Drchrono.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DreamHost.xml b/src/chrome/content/rules/DreamHost.xml
index 37ca1d2e84d7..aad42680f573 100644
--- a/src/chrome/content/rules/DreamHost.xml
+++ b/src/chrome/content/rules/DreamHost.xml
@@ -66,9 +66,8 @@
 
 	<rule from="^http://dreamhoststatus\.com/"
 		to="https://www.dreamhoststatus.com/" />
-		<test url="http://dreamhoststatus.com/" />
 
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DreamSpark.com.xml b/src/chrome/content/rules/DreamSpark.com.xml
index 0f66c910ee42..154cd6e55f62 100644
--- a/src/chrome/content/rules/DreamSpark.com.xml
+++ b/src/chrome/content/rules/DreamSpark.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://dreamspark.com/ => https://www.dreamspark.com/: (60, 'SSL ce
 	^dreamspark.com: Dropped
 
 -->
-<ruleset name="DreamSpark.com" default_off='failed ruleset test'>
+<ruleset name="DreamSpark.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dreamboxcart.com.xml b/src/chrome/content/rules/Dreamboxcart.com.xml
deleted file mode 100644
index f7c2f4ae7a31..000000000000
--- a/src/chrome/content/rules/Dreamboxcart.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	(www.)?dreamboxcart.com doesn't exist.
-
-
-	These altnames don't exist:
-
-		- www.pub.dreamboxcart.com
-
--->
-<ruleset name="dreamboxcart.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pub.dreamboxcart.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dreampass.jp.xml b/src/chrome/content/rules/Dreampass.jp.xml
index 882a67c938a2..5c4e69a21e98 100644
--- a/src/chrome/content/rules/Dreampass.jp.xml
+++ b/src/chrome/content/rules/Dreampass.jp.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dreamsolution.nl.xml b/src/chrome/content/rules/Dreamsolution.nl.xml
deleted file mode 100644
index 8071d918eac8..000000000000
--- a/src/chrome/content/rules/Dreamsolution.nl.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Dreamsolution.nl">
-
-	<target host="dreamsolution.nl" />
-	<target host="www.dreamsolution.nl" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dreamstime-problematic.xml b/src/chrome/content/rules/Dreamstime-problematic.xml
index 55ecb239d8c5..7ffa4f42c1e2 100644
--- a/src/chrome/content/rules/Dreamstime-problematic.xml
+++ b/src/chrome/content/rules/Dreamstime-problematic.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Dreamstime.xml b/src/chrome/content/rules/Dreamstime.xml
index 0269dc597131..02f886a7e041 100644
--- a/src/chrome/content/rules/Dreamstime.xml
+++ b/src/chrome/content/rules/Dreamstime.xml
@@ -12,7 +12,8 @@ Fetch error: http://dreamstime.com/ => https://dreamstime.com/: Cycle detected -
 <ruleset name="Dreamstime (partial)" platform="mixedcontent">
 
 	<target host="dreamstime.com" />
-	<target host="*.dreamstime.com" />
+	<target host="thumbs.dreamstime.com" />
+	<target host="www.dreamstime.com" />
 		<exclusion pattern="^http://thumbs\.dreamstime\.com/(?!site-img/)" />
 
 
diff --git a/src/chrome/content/rules/Drexel_University.xml b/src/chrome/content/rules/Drexel_University.xml
index 7011999e0c2b..4e0c7146a887 100644
--- a/src/chrome/content/rules/Drexel_University.xml
+++ b/src/chrome/content/rules/Drexel_University.xml
@@ -14,7 +14,7 @@ Fetch error: http://psal.cs.drexel.edu/ => https://psal.cs.drexel.edu/: (60, 'SS
 		- psal.cs
 
 -->
-<ruleset name="Drexel University (partial)" default_off='failed ruleset test'>
+<ruleset name="Drexel University (partial)" default_off="failed ruleset test">
 
 	<target host="cs.drexel.edu" />
 	<target host="psal.cs.drexel.edu" />
@@ -26,4 +26,4 @@ Fetch error: http://psal.cs.drexel.edu/ => https://psal.cs.drexel.edu/: (60, 'SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DriveStyle_Insure.xml b/src/chrome/content/rules/DriveStyle_Insure.xml
index 6a08ef420325..28c1c67ba54b 100644
--- a/src/chrome/content/rules/DriveStyle_Insure.xml
+++ b/src/chrome/content/rules/DriveStyle_Insure.xml
@@ -5,7 +5,7 @@ Fetch error: http://drivestyle.co.uk/ => https://drivestyle.co.uk/: (7, 'Failed
 Fetch error: http://www.drivestyle.co.uk/ => https://www.drivestyle.co.uk/: (7, 'Failed to connect to www.drivestyle.co.uk port 443: Connection refused')
 
 -->
-<ruleset name="DriveStyle Insure" default_off='failed ruleset test'>
+<ruleset name="DriveStyle Insure" default_off="failed ruleset test">
 
 	<target host="drivestyle.co.uk" />
 	<target host="www.drivestyle.co.uk" />
@@ -16,4 +16,4 @@ Fetch error: http://www.drivestyle.co.uk/ => https://www.drivestyle.co.uk/: (7,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Drivee.xml b/src/chrome/content/rules/Drivee.xml
index aeda784ecc5d..57a160f73e02 100644
--- a/src/chrome/content/rules/Drivee.xml
+++ b/src/chrome/content/rules/Drivee.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.drivee.ne.jp/ => https://www.drivee.jp/: Too many redire
 	* Mismatched, CN: secure.drivee.ne.jp
 
 -->
-<ruleset name="drivee (partial)" default_off='failed ruleset test'>
+<ruleset name="drivee (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dro-s.com.xml b/src/chrome/content/rules/Dro-s.com.xml
new file mode 100644
index 000000000000..6df1c6b224ba
--- /dev/null
+++ b/src/chrome/content/rules/Dro-s.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Dro-s.com">
+	<target host="dro-s.com" />
+	<target host="www.dro-s.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DropDav.xml b/src/chrome/content/rules/DropDav.xml
index 4c0ea434bc12..18a8bd055b03 100644
--- a/src/chrome/content/rules/DropDav.xml
+++ b/src/chrome/content/rules/DropDav.xml
@@ -11,13 +11,13 @@
   <target host="dropdav.com"/>
   <target host="dav.dropdav.com"/>
   <target host="www.dropdav.com"/>
-  
+
 
 	<!--	CloudFlare cookies:
 					-->
 	<!--securecookie host="^\.dropdav\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?dropdav\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Dropbox.xml b/src/chrome/content/rules/Dropbox.xml
index 503fd161f59d..03593b0e3765 100644
--- a/src/chrome/content/rules/Dropbox.xml
+++ b/src/chrome/content/rules/Dropbox.xml
@@ -44,9 +44,6 @@
 	<target host="www.getdropbox.com" />
 
 
-	<securecookie host="^(?:.*\.)?dropbox\.com$" name=".+" />
-
-
 	<rule from="^http://(www\.)?db\.tt/"
 		to="https://db.tt/" />
 
diff --git a/src/chrome/content/rules/DrugPolicy.org.xml b/src/chrome/content/rules/DrugPolicy.org.xml
index 3c5adf3f3046..f006772dc2e7 100644
--- a/src/chrome/content/rules/DrugPolicy.org.xml
+++ b/src/chrome/content/rules/DrugPolicy.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.drugpolicy.org/ => https://www.drugpolicy.org/: Too many
 Fetch error: http://drugpolicy.org/ => https://www.drugpolicy.org/: Too many redirects while fetching 'https://www.drugpolicy.org/'
 
 -->
-<ruleset name="drugpolicy.org" default_off='failed ruleset test'>
+<ruleset name="drugpolicy.org" default_off="failed ruleset test">
   <target host="www.drugpolicy.org" />
   <target host="drugpolicy.org" />
 
diff --git a/src/chrome/content/rules/Drug_Forum-problematic.xml b/src/chrome/content/rules/Drug_Forum-problematic.xml
index 552873dae6b0..35f6afc16008 100644
--- a/src/chrome/content/rules/Drug_Forum-problematic.xml
+++ b/src/chrome/content/rules/Drug_Forum-problematic.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://img(\d)\.drugsforum\.eu/"
 		to="https://img$1.drugsforum.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Drugstore.com.xml b/src/chrome/content/rules/Drugstore.com.xml
index fdf2f9fc1c0a..f17f5d0a13d7 100644
--- a/src/chrome/content/rules/Drugstore.com.xml
+++ b/src/chrome/content/rules/Drugstore.com.xml
@@ -1,8 +1,17 @@
 <ruleset name="drugstore.com (partial)">
 
 	<target host="drugstore.com" />
-	<target host="*.drugstore.com" />
-	<target host="*.ds-static.com" />
+	<target host="cfs.drugstore.com" />
+	<target host="dscmp1.drugstore.com" />
+	<target host="www.drugstore.com" />
+	<target host="pics.drugstore.com" />
+	<target host="pics1.drugstore.com" />
+	<target host="pics2.drugstore.com" />
+	<target host="pics3.drugstore.com" />
+	<target host="pics.ds-static.com" />
+	<target host="pics1.ds-static.com" />
+	<target host="pics2.ds-static.com" />
+	<target host="pics3.ds-static.com" />
 
 
 	<!--	At least some pages 302 to http.
diff --git a/src/chrome/content/rules/Drupal_Watchdog.com.xml b/src/chrome/content/rules/Drupal_Watchdog.com.xml
deleted file mode 100644
index 5fd9f44d9bb5..000000000000
--- a/src/chrome/content/rules/Drupal_Watchdog.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	www.drupalwatchdog.com: Mismatched
-
--->
-<ruleset name="Drupal Watchdog.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="drupalwatchdog.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.drupalwatchdog.com" />
-
-
-	<rule from="^http://www\.drupalwatchdog\.com/"
-		to="https://drupalwatchdog.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Drweb.com.xml b/src/chrome/content/rules/Drweb.com.xml
index 1e341fb3dcb9..91f24281b97f 100644
--- a/src/chrome/content/rules/Drweb.com.xml
+++ b/src/chrome/content/rules/Drweb.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://update.drweb.com/ => https://update.drweb.com/: (51, "SSL: n
 	⁴ Refused
 
 -->
-<ruleset name="Dr Web.com" default_off='failed ruleset test'>
+<ruleset name="Dr Web.com" default_off="failed ruleset test">
 
 	<target host="drweb.com" />
 	<target host="antifraud.drweb.com" />
diff --git a/src/chrome/content/rules/Dshop.se.xml b/src/chrome/content/rules/Dshop.se.xml
deleted file mode 100644
index b7cb9588d9a3..000000000000
--- a/src/chrome/content/rules/Dshop.se.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from www *
-
-	* Secured by us
-
--->
-<ruleset name="dshop.se">
-
-	<target host="dshop.se" />
-	<target host="www.dshop.se" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.dshop\.se$" name="^[\da-f]{32}" /-->
-
-	<securecookie host="^\.dshop\.se$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dsp.io.xml b/src/chrome/content/rules/Dsp.io.xml
deleted file mode 100644
index a313b40bc7f1..000000000000
--- a/src/chrome/content/rules/Dsp.io.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional hosts in *dsp.io:
-
-		- blog *
-
-	* Shows ^dsp.io
-
--->
-<ruleset name="dsp.io">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="dsp.io" />
-	<target host="euwest1-beta-pix.dsp.io" />
-	<target host="pix.dsp.io" />
-	<target host="www.dsp.io" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DualShockers.com.xml b/src/chrome/content/rules/DualShockers.com.xml
index b999aeb2a854..f1bbe6010468 100644
--- a/src/chrome/content/rules/DualShockers.com.xml
+++ b/src/chrome/content/rules/DualShockers.com.xml
@@ -17,10 +17,11 @@
 -->
 <ruleset name="DualShockers.com (partial)" default_off="mismatched">
 
-	<target host="*.dualshockers.com" />
+	<target host="cdn.dualshockers.com" />
+	<target host="cdn2.dualshockers.com" />
 
 
 	<rule from="^http://cdn2?\.dualshockers\.com/"
 		to="https://935956332.r.cdn77.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/DuckCorp.xml b/src/chrome/content/rules/DuckCorp.xml
deleted file mode 100644
index e12fd1d0f847..000000000000
--- a/src/chrome/content/rules/DuckCorp.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional mini-dweeb.org subdomains:
-
-		- dico			(shows a different domain's data)
-		- rcs-git-viewer	(ditto)
-		- www			(ditto)
-
--->
-<ruleset name="DuckCorp" default_off="self-signed">
-
-	<target host="mini-dweeb.org" />
-	<target host="*.mini-dweeb.org" />
-
-
-	<securecookie host=".*\.mini-dweeb\.org$" name=".+" />
-
-
-	<rule from="^http://(debian|lists|projects|rcs|rcs-git|users|webdesk|webmail(?:-rc|-sm)?|wiki)\.mini-dweeb\.org/"
-		to="https://$1.mini-dweeb.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/DuckDuckGo.xml b/src/chrome/content/rules/DuckDuckGo.xml
index 751da9ce14ad..433591cfcd05 100644
--- a/src/chrome/content/rules/DuckDuckGo.xml
+++ b/src/chrome/content/rules/DuckDuckGo.xml
@@ -1,13 +1,15 @@
 <!--
 	Other DuckDuckGo related rulesets:
-		+ 3g2upl4pq6kufc4m.onion.xml
 		+ duckduckhack.com.xml
+		+ donttrack.us.xml
+		+ SpreadPrivacy.com.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
 			 - blink.duckduckgo.com
 
 		Timeout was reached:
+			 - favicons.duckduckgo.com
 			 - flash.duckduckgo.com
 			 - im.duckduckgo.com
 			 - tmbg.duckduckgo.com
@@ -24,6 +26,7 @@
 
 		Couldn't resolve host:
 			 - va-l1.duckduckgo.com
+       - dukgo.com
 -->
 <ruleset name="DuckDuckGo">
 	<target host="duck.co" />
@@ -38,8 +41,7 @@
 	<target host="bttf.duckduckgo.com" />
 	<target host="chrome.duckduckgo.com" />
 	<target host="dub.duckduckgo.com" />
-	<target host="favicons.duckduckgo.com" />
-		<test url="http://favicons.duckduckgo.com/ip2/twitter.com.ico" />
+	<target host="external-content.duckduckgo.com" />
 	<target host="ff.duckduckgo.com" />
 	<target host="help.duckduckgo.com" />
 	<target host="i.duckduckgo.com" />
@@ -62,8 +64,6 @@
 	<target host="watrcoolr.duckduckgo.com" />
 	<target host="wiki.duckduckgo.com" />
 
-	<target host="dukgo.com" />
-
 	<target host="ddg.gg" />
 	<target host="www.ddg.gg" />
 
@@ -75,6 +75,6 @@
 	<rule from="^http://www\.ddg\.gg/"
 			to="https://ddg.gg/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml b/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml
index 59a4bfd2eaef..4d995f6e3d3c 100644
--- a/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml
+++ b/src/chrome/content/rules/Dudley.gov.uk-mixedcontent.xml
@@ -7,7 +7,7 @@ Fetch error: http://www2.dudley.gov.uk/ => https://www2.dudley.gov.uk/: (51, "SS
 	For rules not causing MCB, see Dudley.gov.uk.xml.
 
 -->
-<ruleset name="Dudley.gov.uk (MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Dudley.gov.uk (MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="moodle.dudley.gov.uk" />
 	<target host="online.dudley.gov.uk" />
diff --git a/src/chrome/content/rules/Dudley.gov.uk.xml b/src/chrome/content/rules/Dudley.gov.uk.xml
index e8e737f43aa4..5aac515fa20e 100644
--- a/src/chrome/content/rules/Dudley.gov.uk.xml
+++ b/src/chrome/content/rules/Dudley.gov.uk.xml
@@ -60,13 +60,13 @@
 	Mixed content:
 
 		- css, on:
-		
-			- moodle from $self 
+
+			- moodle from $self
 			- online from gismo.dudley.gov.uk
 			- www2 from www.dudley.gov.uk
 
 		- Images, on:
-		
+
 			- online, www2 from www.dudley.gov.uk
 			- moodle, www2 from $self
 
diff --git a/src/chrome/content/rules/Dueling_Aanalogs.com.xml b/src/chrome/content/rules/Dueling_Aanalogs.com.xml
index 52ee08d0f12c..d1df262973a9 100644
--- a/src/chrome/content/rules/Dueling_Aanalogs.com.xml
+++ b/src/chrome/content/rules/Dueling_Aanalogs.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://cdn\.duelinganalogs\.com/"
 		to="https://d2fnxgc3lifa5q.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Duke-Energy-Convention-Center.xml b/src/chrome/content/rules/Duke-Energy-Convention-Center.xml
index 548343469b16..0988fc5decc2 100644
--- a/src/chrome/content/rules/Duke-Energy-Convention-Center.xml
+++ b/src/chrome/content/rules/Duke-Energy-Convention-Center.xml
@@ -14,10 +14,11 @@ Fetch error: http://duke-energycenter.com/ => https://www.duke-energycenter.com/
 		- m	(interrupted)
 
 -->
-<ruleset name="Duke Energy Convention Center (partial)" default_off='failed ruleset test'>
+<ruleset name="Duke Energy Convention Center (partial)" default_off="failed ruleset test">
 
 	<target host="duke-energycenter.com" />
-	<target host="*.duke-energycenter.com" />
+	<target host="www.duke-energycenter.com" />
+	<target host="orders.duke-energycenter.com" />
 
 
 	<securecookie host="^www\.duke-energycenter\.com$" name=".+" />
@@ -29,7 +30,6 @@ Fetch error: http://duke-energycenter.com/ => https://www.duke-energycenter.com/
 	<rule from="^http://(?:www\.)?duke-energycenter\.com/"
 		to="https://www.duke-energycenter.com/" />
 
-	<rule from="^http://orders\.duke-energycenter\.com/"
-		to="https://orders.duke-energycenter.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Duke.edu.xml b/src/chrome/content/rules/Duke.edu.xml
index e560790321e7..ebde0704a4af 100644
--- a/src/chrome/content/rules/Duke.edu.xml
+++ b/src/chrome/content/rules/Duke.edu.xml
@@ -55,12 +55,12 @@
 		SSL peer certificate was not OK:
 			 - dukeexechealth.org
 			 - www.dukeexechealth.org
-	
+
 	Non-functional host in *.dukeexecutivehealth.org:
 		SSL peer certificate was not OK:
 			 - dukeexecutivehealth.org
 			 - www.dukeexecutivehealth.org
-		
+
 -->
 <ruleset name="Duke University (partial)">
 	<!-- *.duke.edu -->
diff --git a/src/chrome/content/rules/Dunkelangst.org.xml b/src/chrome/content/rules/Dunkelangst.org.xml
index d99f6b0eb6bf..cd668ea05f76 100644
--- a/src/chrome/content/rules/Dunkelangst.org.xml
+++ b/src/chrome/content/rules/Dunkelangst.org.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.dunkelangst.org/ => https://www.dunkelangst.org/: (60, '
 	* Secured by us
 
 -->
-<ruleset name="dunkelangst.org" default_off='failed ruleset test'>
+<ruleset name="dunkelangst.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Duo-Security.xml b/src/chrome/content/rules/Duo-Security.xml
index 68bc2a2d8bdd..d3fb657e5c5f 100644
--- a/src/chrome/content/rules/Duo-Security.xml
+++ b/src/chrome/content/rules/Duo-Security.xml
@@ -20,7 +20,13 @@
 <ruleset name="Duo Security.com (partial)">
 
 	<target host="duosecurity.com" />
-	<target host="*.duosecurity.com" />
+	<target host="admin.duosecurity.com" />
+	<target host="blog.duosecurity.com" />
+	<target host="dl.duosecurity.com" />
+	<target host="go.duosecurity.com" />
+	<target host="jobs.duosecurity.com" />
+	<target host="signup.duosecurity.com" />
+	<target host="www.duosecurity.com" />
 
 
 	<!--	Not secured by server:
@@ -31,7 +37,6 @@
 	<securecookie host="^(?:admin|go|signup)\.duosecurity\.com$" name=".+" />
 
 
-	<rule from="^http://((?:admin|blog|dl|go|jobs|signup|www)\.)?duosecurity\.com/"
-		to="https://$1duosecurity.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Duolingo.com.xml b/src/chrome/content/rules/Duolingo.com.xml
deleted file mode 100644
index f5b5601e6ad5..000000000000
--- a/src/chrome/content/rules/Duolingo.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Duolingo.com">
-
-	<target host="duolingo.com" />
-	<target host="www.duolingo.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.duolingo\.com$" name="^(duo_ab|wuuid)" /-->
-
-	<securecookie host="^\.duolingo\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Duolingo.xml b/src/chrome/content/rules/Duolingo.xml
new file mode 100644
index 000000000000..2eca1098c671
--- /dev/null
+++ b/src/chrome/content/rules/Duolingo.xml
@@ -0,0 +1,51 @@
+<!--
+	Mismatched:
+		^duolingo.cn		equal to www.duolingo.cn
+	Timeout:
+		sponsorships.duolingo.com
+-->
+<ruleset name="Duolingo.com">
+	<target host="duolingo.com" />
+	<target host="www.duolingo.com" />
+	<target host="api.duolingo.com" />
+	<target host="ar.duolingo.com" />
+	<target host="blast.duolingo.com" />
+	<target host="cs.duolingo.com" />
+	<target host="de.duolingo.com" />
+	<target host="el.duolingo.com" />
+	<target host="en.duolingo.com" />
+	<target host="englishtest.duolingo.com" />
+	<target host="es.duolingo.com" />
+	<target host="events.duolingo.com" />
+	<target host="forum.duolingo.com" />
+	<target host="fr.duolingo.com" />
+	<target host="gear.duolingo.com" />
+	<target host="hi.duolingo.com" />
+	<target host="hu.duolingo.com" />
+	<target host="id.duolingo.com" />
+	<target host="it.duolingo.com" />
+	<target host="ja.duolingo.com" />
+	<target host="ko.duolingo.com" />
+	<target host="pl.duolingo.com" />
+	<target host="pt.duolingo.com" />
+	<target host="ro.duolingo.com" />
+	<target host="ru.duolingo.com" />
+	<target host="schools.duolingo.com" />
+	<target host="support.duolingo.com" />
+	<target host="th.duolingo.com" />
+	<target host="tinycards.duolingo.com" />
+	<target host="tr.duolingo.com" />
+	<target host="uk.duolingo.com" />
+	<target host="vi.duolingo.com" />
+
+	<target host="duolingo.cn" />
+	<target host="www.duolingo.cn" />
+	<target host="api.duolingo.cn" />
+	<target host="englishtest.duolingo.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://duolingo\.cn/" to="https://www.duolingo.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Duply.net.xml b/src/chrome/content/rules/Duply.net.xml
new file mode 100644
index 000000000000..170796c4fd94
--- /dev/null
+++ b/src/chrome/content/rules/Duply.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Duply.net">
+	<target host="duply.net" />
+	<target host="www.duply.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Duracell_Cloud.com.xml b/src/chrome/content/rules/Duracell_Cloud.com.xml
deleted file mode 100644
index efee6f23a060..000000000000
--- a/src/chrome/content/rules/Duracell_Cloud.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://duracellcloud.com/ => https://duracellcloud.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-	Nonfunctional subdomains:
-
-		- demo *
-
-	* Shows default page
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- backup
-		- customer
-
-
-	Insecure cookies are set for these domains:
-
-		- ^
-		- customer
-		- www
-
--->
-<ruleset name="Duracell Cloud.com (partial)">
-
-	<target host="duracellcloud.com" />
-	<target host="*.duracellcloud.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?duracellcloud\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
-	<!--securecookie host="^customer\.duracellcloud\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:customer\.|www\.)?duracellcloud\.com$" name=".+" />
-
-
-	<rule from="^http://((?:backup|customer|www)\.)?duracellcloud\.com/"
-		to="https://$1duracellcloud.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dustinabbott.net.xml b/src/chrome/content/rules/Dustinabbott.net.xml
new file mode 100644
index 000000000000..21b3d8560ee6
--- /dev/null
+++ b/src/chrome/content/rules/Dustinabbott.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Dustinabbott.net">
+	<target host="dustinabbott.net" />
+	<target host="www.dustinabbott.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/DutyFreeIslandShop.com.xml b/src/chrome/content/rules/DutyFreeIslandShop.com.xml
new file mode 100644
index 000000000000..a2a15cfbc53c
--- /dev/null
+++ b/src/chrome/content/rules/DutyFreeIslandShop.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- cdn.dutyfreeislandshop.com
+-->
+
+<ruleset name="DutyFreeIslandShop.com">
+	<target host="dutyfreeislandshop.com" />
+	<target host="www.dutyfreeislandshop.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Dwolla.xml b/src/chrome/content/rules/Dwolla.xml
index 331671b4ef86..8375d4702efc 100644
--- a/src/chrome/content/rules/Dwolla.xml
+++ b/src/chrome/content/rules/Dwolla.xml
@@ -40,7 +40,7 @@ Fetch error: http://api-devint.dwolla.com/ => https://api-devint.dwolla.com/: (7
 	* Secured by us
 
 -->
-<ruleset name="Dwolla (partial)" default_off='failed ruleset test'>
+<ruleset name="Dwolla (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dxtorrent.com.xml b/src/chrome/content/rules/Dxtorrent.com.xml
deleted file mode 100644
index 4b89f8317bfa..000000000000
--- a/src/chrome/content/rules/Dxtorrent.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Dxtorrent.com">
-	<target host="dxtorrent.com" />
-	<target host="www.dxtorrent.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Dyankov.eu.xml b/src/chrome/content/rules/Dyankov.eu.xml
deleted file mode 100644
index c9a041c2a0ff..000000000000
--- a/src/chrome/content/rules/Dyankov.eu.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^dyankov.eu)
-
--->
-<ruleset name="Dyankov.eu">
-
-	<target host="dyankov.eu" />
-	<target host="www.dyankov.eu" />
-
-
-	<securecookie host="^dyankov\.eu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Dyn_Status.com.xml b/src/chrome/content/rules/Dyn_Status.com.xml
index 9dcdfaa5a26d..972d2a59776d 100644
--- a/src/chrome/content/rules/Dyn_Status.com.xml
+++ b/src/chrome/content/rules/Dyn_Status.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://internal.dynstatus.com/ => https://internal.dynstatus.com/:
 	For other Dyn coverage, see Dyn.xml.
 
 -->
-<ruleset name="Dyn Status.com" default_off='failed ruleset test'>
+<ruleset name="Dyn Status.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/DynaDot.xml b/src/chrome/content/rules/DynaDot.xml
index ae4abbeaac64..60b406f9218d 100644
--- a/src/chrome/content/rules/DynaDot.xml
+++ b/src/chrome/content/rules/DynaDot.xml
@@ -2,7 +2,7 @@
   <target host="dynadot.com" />
   <target host="www.dynadot.com" />
 
-  <securecookie host="^(?:.+\.)?dynadot\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dynamics.com.xml b/src/chrome/content/rules/Dynamics.com.xml
index 6d8aac0a88b0..057a2c981b0c 100644
--- a/src/chrome/content/rules/Dynamics.com.xml
+++ b/src/chrome/content/rules/Dynamics.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://dynamics.com/ => https://www.dynamics.com/: (28, 'Connection
 		- www.dynamics.com
 
 -->
-<ruleset name="Dynamics.com" default_off='failed ruleset test'>
+<ruleset name="Dynamics.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Dynamite-Data-mismatches.xml b/src/chrome/content/rules/Dynamite-Data-mismatches.xml
index eff924106442..65033c300e82 100644
--- a/src/chrome/content/rules/Dynamite-Data-mismatches.xml
+++ b/src/chrome/content/rules/Dynamite-Data-mismatches.xml
@@ -5,10 +5,10 @@
 <ruleset name="Dynamite Data (mismatches)" default_off="mismatched">
 
 	<target host="dynamitedeals.com" />
-	<target host="*.dynamitedeals.com" />
+	<target host="www.dynamitedeals.com" />
 
 
-	<securecookie host="^(?:.*\.)?dynamitedeals\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?dynamitedeals\.com/"
diff --git a/src/chrome/content/rules/Dynamite-Data.xml b/src/chrome/content/rules/Dynamite-Data.xml
deleted file mode 100644
index 2300b9c3e0ef..000000000000
--- a/src/chrome/content/rules/Dynamite-Data.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For problematic rules, see Dynamite-Data-mismatches.xml.
-
-
-	Problematic domains:
-
-		- (www.)dynamitedeals.com *
-
-	* Mismatched, CN: *.dynamitedata.com
-
-
-
-	Mixed content:
-
-		- Images from $self *
-
-		- Ad from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Dynamite Data (partial)">
-
-	<target host="dynamitedata.com" />
-	<target host="*.dynamitedata.com" />
-
-
-	<securecookie host="^(?:.*\.)?dynamitedata.com$" name=".+" />
-
-
-	<rule from="^http://((?:detonator|mkt|www)\.)?dynamitedata\.com/"
-		to="https://$1dynamitedata.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Dynatech.de.xml b/src/chrome/content/rules/Dynatech.de.xml
index 9e0e31aa9685..31527f1f3111 100644
--- a/src/chrome/content/rules/Dynatech.de.xml
+++ b/src/chrome/content/rules/Dynatech.de.xml
@@ -1,7 +1,7 @@
 <!--
     Nonfunctional subdomains:
 	    - $
-    
+
     More rulesets for sites by Mirco Neubert:
 	    - Dynavision.de
 	    - Scieneo.de
@@ -11,11 +11,11 @@
     <target host="www.dynatech.de" />
 
     <securecookie host="^www\.dynatech\.de" name=".+" />
-    
+
     <!-- Redirect broken domain -->
     <rule from="^http://dynatech\.de/"
             to="https://www.dynatech.de/" />
-	
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dyne.org.xml b/src/chrome/content/rules/Dyne.org.xml
index 55ca3d550348..ce98b6819de4 100644
--- a/src/chrome/content/rules/Dyne.org.xml
+++ b/src/chrome/content/rules/Dyne.org.xml
@@ -50,17 +50,21 @@ Fetch error: http://dyne.org/ => https://dyne.org/: (60, 'SSL certificate proble
 	⁵ Rule disabled by default <= CAcert
 
 -->
-<ruleset name="Dyne.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Dyne.org (partial)" default_off="failed ruleset test">
 
 	<target host="dyne.org" />
-	<target host="*.dyne.org" />
+	<target host="irc.dyne.org" />
+	<target host="lab.dyne.org" />
+	<target host="lists.dyne.org" />
+	<target host="mailinglists.dyne.org" />
+	<target host="www.dyne.org" />
+	<target host="new.dyne.org" />
 		<!--exclusion pattern="^http://(apt|pix)\.dyne\.org/" /-->
 
 
-	<rule from="^http://((?:irc|lab|lists|mailinglists|www)\.)?dyne\.org/"
-		to="https://$1dyne.org/" />
 
 	<rule from="^http://new\.dyne\.org/"
 		to="https://www.dyne.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Dyson.xml b/src/chrome/content/rules/Dyson.xml
index e22ec90d134e..59275aec40fc 100644
--- a/src/chrome/content/rules/Dyson.xml
+++ b/src/chrome/content/rules/Dyson.xml
@@ -8,7 +8,7 @@ Fetch error: http://content.dyson.co.uk/ => http://content.dyson.co.uk/: (28, 'C
 Disabled by https-everywhere-checker because:
 Fetch error: http://dyson.co.uk/ => https://www.dyson.co.uk/: (7, 'Failed to connect to dyson.co.uk port 80: No route to host')
 -->
-<ruleset name="Dyson (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Dyson (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="careers.dyson.com"/>
 	<target host="www.careers.dyson.com"/>
diff --git a/src/chrome/content/rules/E-Estonia.com.xml b/src/chrome/content/rules/E-Estonia.com.xml
deleted file mode 100644
index 4693e784d769..000000000000
--- a/src/chrome/content/rules/E-Estonia.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://e-estonia.com/ => https://e-estonia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.e-estonia.com/ => https://e-estonia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-	www: cert only matches ^e-estonia.com
-
--->
-<ruleset name="E-Estonia.com">
-
-	<target host="e-estonia.com" />
-	<target host="www.e-estonia.com" />
-
-
-	<rule from="^http://(?:www\.)?e-estonia\.com/"
-		to="https://e-estonia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/E-Generator.com.xml b/src/chrome/content/rules/E-Generator.com.xml
deleted file mode 100644
index fabf604ec1c5..000000000000
--- a/src/chrome/content/rules/E-Generator.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	(www.)?e-generator.com: Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- id.e-generator.com
-
--->
-<ruleset name="E-Generator.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="id.e-generator.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^id\.e-generator\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^id\.e-generator\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/E-Hentai-Forums.xml b/src/chrome/content/rules/E-Hentai-Forums.xml
deleted file mode 100644
index 1b6d69ea3fcd..000000000000
--- a/src/chrome/content/rules/E-Hentai-Forums.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="E-Hentai Forums">
-  <target host="forums.e-hentai.org" />
-  <target host="forum.e-hentai.org" />
-
-  <rule from="^http://forums?\.e-hentai\.org/"
-          to="https://forums.e-hentai.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/E-Hentai.org.xml b/src/chrome/content/rules/E-Hentai.org.xml
new file mode 100644
index 000000000000..2142b660714f
--- /dev/null
+++ b/src/chrome/content/rules/E-Hentai.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Cloudflare error:
+		- g
+
+	Timeout:
+		- monitor
+		- shingata
+		- test
+
+	Mismatched:
+		- wiki
+-->
+<ruleset name="E-Hentai.org">
+	<target host="e-hentai.org" />
+	<target host="www.e-hentai.org" />
+	<target host="api.e-hentai.org" />
+	<target host="forum.e-hentai.org" />
+	<target host="forums.e-hentai.org" />
+	<target host="forumtest.e-hentai.org" />
+	<target host="g.e-hentai.org" />
+	<target host="hv.e-hentai.org" />
+	<target host="lofi.e-hentai.org" />
+	<target host="r.e-hentai.org" />
+	<target host="repo.e-hentai.org" />
+	<target host="ul.e-hentai.org" />
+	<target host="ulv.e-hentai.org" />
+	<target host="upload.e-hentai.org" />
+	<target host="wiki.e-hentai.org" />
+	<target host="xml.e-hentai.org" />
+
+	<rule from="^http://g\.e-hentai\.org/" to="https://e-hentai.org/" />
+	<rule from="^http://wiki\.e-hentai\.org/" to="https://ehwiki.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/E-Plus-problematic.xml b/src/chrome/content/rules/E-Plus-problematic.xml
index 44b76dc53399..e1032b5983c0 100644
--- a/src/chrome/content/rules/E-Plus-problematic.xml
+++ b/src/chrome/content/rules/E-Plus-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-Plus.xml b/src/chrome/content/rules/E-Plus.xml
index d52aaf8bbbee..93c7cc933575 100644
--- a/src/chrome/content/rules/E-Plus.xml
+++ b/src/chrome/content/rules/E-Plus.xml
@@ -23,10 +23,17 @@ Fetch error: http://e-plus.de/ => https://www.e-plus.de/: (7, 'Failed to connect
 		- einstellungen		(works, mismatched, CN: *.customersaas.com)
 
 -->
-<ruleset name="E-Plus (partial)" default_off='failed ruleset test'>
+<ruleset name="E-Plus (partial)" default_off="failed ruleset test">
 
 	<target host="e-plus.de" />
-	<target host="*.e-plus.de" />
+	<target host="www.e-plus.de" />
+	<target host="ecc.e-plus.de" />
+	<target host="dialog.e-plus.de" />
+	<target host="metromobil.e-plus.de" />
+	<target host="mymtv.e-plus.de" />
+	<target host="norman.e-plus.de" />
+	<target host="prepaidkundenbetreuung.e-plus.de" />
+	<target host="vertragsverlaengerung.e-plus.de" />
 
 
 	<securecookie host="^.*\.e-plus\.de$" name=".+" />
@@ -35,7 +42,6 @@ Fetch error: http://e-plus.de/ => https://www.e-plus.de/: (7, 'Failed to connect
 	<rule from="^http://(?:www\.)?e-plus\.de/"
 		to="https://www.e-plus.de/" />
 
-	<rule from="^http://(ecc|dialog|metromobil|mymtv|norman|prepaidkundenbetreuung|vertragsverlaengerung)\.e-plus\.de/"
-		to="https://$1.e-plus.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/E-Sports_Entertainment.xml b/src/chrome/content/rules/E-Sports_Entertainment.xml
index 11ac23746729..cab78dc32251 100644
--- a/src/chrome/content/rules/E-Sports_Entertainment.xml
+++ b/src/chrome/content/rules/E-Sports_Entertainment.xml
@@ -11,7 +11,7 @@
 -->
 <ruleset name="E-Sports Entertainment" default_off="self-signed">
 
-	<target host="*.e-sea.net" />
+	<target host="play.e-sea.net" />
 	<target host="esportsea.com" />
 	<target host="www.esportsea.com" />
 
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:play\.e-sea\.net|(?:www\.)?esportsea\.com)/"
 		to="https://play.e-sea.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-boks.dk.xml b/src/chrome/content/rules/E-boks.dk.xml
index 21b55a098282..5ab26ad06877 100644
--- a/src/chrome/content/rules/E-boks.dk.xml
+++ b/src/chrome/content/rules/E-boks.dk.xml
@@ -5,7 +5,9 @@
 <ruleset name="E-boks.dk (partial)">
 
 	<target host="e-boks.dk" />
-	<target host="*.e-boks.dk" />
+	<target host="logon.e-boks.dk" />
+	<target host="minerhverv.e-boks.dk" />
+	<target host="www.e-boks.dk" />
 		<!--
 			https://github.com/EFForg/https-everywhere/issues/474
 
@@ -35,7 +37,6 @@
 	<securecookie host="^(?:logon|minerhverv)\.e-boks\.dk$" name=".+" />
 
 
-	<rule from="^http://((?:logon|minerhverv|www)\.)?e-boks\.dk/"
-		to="https://$1e-boks.dk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/E-gold.xml b/src/chrome/content/rules/E-gold.xml
index c528ad195134..efe9bad95a57 100644
--- a/src/chrome/content/rules/E-gold.xml
+++ b/src/chrome/content/rules/E-gold.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.e-gold.com/ => https://www.e-gold.com/: (7, 'Failed to c
 	mismatches:
 		- all accounts
 -->
-<ruleset name="e-gold (partial)" default_off='failed ruleset test'>
+<ruleset name="e-gold (partial)" default_off="failed ruleset test">
 
 	<target host="e-gold.com"/>
 	<target host="www.e-gold.com"/>
diff --git a/src/chrome/content/rules/E-junkie.xml b/src/chrome/content/rules/E-junkie.xml
index 6b0ac2c5c6a3..c11c2385c4ea 100644
--- a/src/chrome/content/rules/E-junkie.xml
+++ b/src/chrome/content/rules/E-junkie.xml
@@ -1,15 +1,18 @@
-<ruleset name="E-junkie (partial)">
+<!--
 
-	<target host="e-junkie.com" />
-	<target host="*.e-junkie.com" />
+	Nonfunctional subdomains:
 
+		static.e-junkie.com		timeout
 
-	<!--	Some (most?) pages 301 to http.
-							-->
-	<rule from="^http://(www\.)?ejunkie\.com/(bb/images/|ecom/|ej//?(?:(?:(?:admin|contact|register)\.php|shop)(?:$|\?|/)|css/|images/|media/)|gc/)"
-		to="https://$1ejunkie.com/$2" />
+-->
+<ruleset name="E-junkie (partial)">
+
+	<target host="e-junkie.com" />
+	<target host="www.e-junkie.com" />
+	<target host="ejunkie.com" />
+	<target host="www.ejunkie.com" />
 
-	<rule from="^http://static\.e-junkie\.com/"
-		to="https://static.e-junkie.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-magazin.se.xml b/src/chrome/content/rules/E-magazin.se.xml
index f7132e8bc39e..778ddffb3ed9 100644
--- a/src/chrome/content/rules/E-magazin.se.xml
+++ b/src/chrome/content/rules/E-magazin.se.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-mielenterveys.xml b/src/chrome/content/rules/E-mielenterveys.xml
index 262d7cef3d79..0bdd6d123783 100644
--- a/src/chrome/content/rules/E-mielenterveys.xml
+++ b/src/chrome/content/rules/E-mielenterveys.xml
@@ -5,7 +5,7 @@ Fetch error: http://e-mielenterveys.fi/ => https://www.e-mielenterveys.fi/: (60,
 Fetch error: http://www.e-mielenterveys.fi/ => https://www.e-mielenterveys.fi/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="E-mielenterveys" default_off='failed ruleset test'>
+<ruleset name="E-mielenterveys" default_off="failed ruleset test">
 	<target host="e-mielenterveys.fi"/>
 	<target host="www.e-mielenterveys.fi"/>
 
diff --git a/src/chrome/content/rules/E-onlinedata.com.xml b/src/chrome/content/rules/E-onlinedata.com.xml
deleted file mode 100644
index dfdb934c0bc7..000000000000
--- a/src/chrome/content/rules/E-onlinedata.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other PowerPay coverage, see PowerPay.biz.xml.
-
-
-	^: 404, mismatched
-
--->
-<ruleset name="e-onlinedata.com">
-
-	<target host="e-onlinedata.com" />
-	<target host="www.e-onlinedata.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.e-onlinedata\.com$" name="^(\.ASPXANONYMOUS|language)$" /-->
-
-	<securecookie host="^www\.e-onlinedata\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?e-onlinedata\.com/"
-		to="https://www.e-onlinedata.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/E-prawnik.pl.xml b/src/chrome/content/rules/E-prawnik.pl.xml
index 12761d6bef81..3dabaa9425b3 100644
--- a/src/chrome/content/rules/E-prawnik.pl.xml
+++ b/src/chrome/content/rules/E-prawnik.pl.xml
@@ -21,7 +21,9 @@
 <ruleset name="e-prawnik.pl (partial)">
 
 	<target host="e-prawnik.pl" />
-	<target host="*.e-prawnik.pl" />
+	<target host="www.e-prawnik.pl" />
+	<target host="static.e-prawnik.pl" />
+	<target host="static1.e-prawnik.pl" />
 		<!--
 			Many pages redirect to http:
 							-->
@@ -42,4 +44,4 @@
 	<rule from="^http://static1\.e-prawnik\.pl/"
 		to="https://static1.money.pl/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E-rewards.com.xml b/src/chrome/content/rules/E-rewards.com.xml
index e58e0177af21..a23cac2c2045 100644
--- a/src/chrome/content/rules/E-rewards.com.xml
+++ b/src/chrome/content/rules/E-rewards.com.xml
@@ -1,4 +1,7 @@
 <ruleset name="E-rewards.com">
-  <target host="www.e-rewards.com"/>
-  <rule from="^http://(?:www\.)?e-rewards\.com/" to="https://www.e-rewards.com/"/>
+	<target host="e-rewards.com"/>
+	<target host="www.e-rewards.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/E.ON_UK.xml b/src/chrome/content/rules/E.ON_UK.xml
index c6ec593cfc6c..f2f422ffb333 100644
--- a/src/chrome/content/rules/E.ON_UK.xml
+++ b/src/chrome/content/rules/E.ON_UK.xml
@@ -11,7 +11,7 @@ Fetch error: http://stats.eon-uk.com/ => https://stats.eon-uk.com/: (28, 'Operat
 	Some pages redirect to http.
 
 -->
-<ruleset name="E.ON UK (partial)" default_off='failed ruleset test'>
+<ruleset name="E.ON UK (partial)" default_off="failed ruleset test">
 
 	<target host="eon-uk.com" />
 	<target host="stats.eon-uk.com" />
@@ -24,4 +24,4 @@ Fetch error: http://stats.eon-uk.com/ => https://stats.eon-uk.com/: (28, 'Operat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/E2E-Networks.xml b/src/chrome/content/rules/E2E-Networks.xml
deleted file mode 100644
index 9e339446d1f4..000000000000
--- a/src/chrome/content/rules/E2E-Networks.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(cert: shopping.e2enetworks.com; 302s there)
-
--->
-<ruleset name="E2E Networks (partial)">
-
-	<target host="shopping.e2enetworks.com" />
-
-
-	<securecookie host="^shopping\.e2enetworks\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/E2ma.net.xml b/src/chrome/content/rules/E2ma.net.xml
deleted file mode 100644
index 296a5a532db9..000000000000
--- a/src/chrome/content/rules/E2ma.net.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	(www.): 404
-
--->
-<ruleset name="E2ma.net (partial)">
-
-	<target host="e2ma.net" />
-	<target host="*.e2ma.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^app\.e2ma\.net$" name="^server$" /-->
-
-	<securecookie host="^app\.e2ma\.net$" name=".+" />
-
-
-	<!--	Redirect keeps args:
-					-->
-	<rule from="^http://(?:www\.)?e2ma\.net/+(?=$|\?)"
-		to="https://app.e2ma.net/app" />
-
-	<rule from="^http://app\.e2ma\.net/"
-		to="https://app.e2ma.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EArcu.xml b/src/chrome/content/rules/EArcu.xml
index fd1a485a9bd8..f3c6f3a3faf3 100644
--- a/src/chrome/content/rules/EArcu.xml
+++ b/src/chrome/content/rules/EArcu.xml
@@ -6,16 +6,16 @@ Fetch error: http://earcu.com/ => https://earcu.com/: (28, 'Connection timed out
 Automatically by https-everywhere-checker because:
 Fetch error: http://earcu.com/ => https://earcu.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="eArcu" default_off='failed ruleset test'>
+<ruleset name="eArcu" default_off="failed ruleset test">
 
 	<target host="earcu.com" />
 	<target host="ea1.earcu.com" />
 	<target host="www.earcu.com" />
 
 
-	<securecookie host="^(?:.*\.)?earcu\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EBSCO-content.com.xml b/src/chrome/content/rules/EBSCO-content.com.xml
deleted file mode 100644
index 462452a367be..000000000000
--- a/src/chrome/content/rules/EBSCO-content.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="EBSCO-content.com">
-
-	<target host="global.ebsco-content.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EBlastEngine.com.xml b/src/chrome/content/rules/EBlastEngine.com.xml
index 74de97690798..199f1c55a2bf 100644
--- a/src/chrome/content/rules/EBlastEngine.com.xml
+++ b/src/chrome/content/rules/EBlastEngine.com.xml
@@ -39,7 +39,7 @@
 					-->
 	<!--securecookie host="^(affiliates|c)\.eblastengine\.com$" name="^BIGipServer[\w-]+$" /-->
 
-	<securecookie host="^.*\.eblastengine\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/EC21.xml b/src/chrome/content/rules/EC21.xml
index 5d1677c6c2f6..aa8f47dc7d0c 100644
--- a/src/chrome/content/rules/EC21.xml
+++ b/src/chrome/content/rules/EC21.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ECPIC.gov.xml b/src/chrome/content/rules/ECPIC.gov.xml
deleted file mode 100644
index ba200f8ea000..000000000000
--- a/src/chrome/content/rules/ECPIC.gov.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.ecpic.gov
-
--->
-<ruleset name="eCPIC.gov">
-
-	<target host="ecpic.gov" />
-	<target host="www.ecpic.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.ecpic\.gov$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ECSI.xml b/src/chrome/content/rules/ECSI.xml
index bd74277386c5..3368d93e095a 100644
--- a/src/chrome/content/rules/ECSI.xml
+++ b/src/chrome/content/rules/ECSI.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ecsi.com/ => https://www.ecsi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecsi.com'")
 Fetch error: http://www.ecsi.com/ => https://www.ecsi.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ecsi.com'")
 -->
-<ruleset name="ECSI" default_off='failed ruleset test'>
+<ruleset name="ECSI" default_off="failed ruleset test">
 
 	<target host="ecsi.com" />
 	<target host="www.ecsi.com" />
diff --git a/src/chrome/content/rules/ECTC-online.org.xml b/src/chrome/content/rules/ECTC-online.org.xml
new file mode 100644
index 000000000000..c3a7f0740f18
--- /dev/null
+++ b/src/chrome/content/rules/ECTC-online.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="ECTC-online.org">
+
+	<target host="ectc-online.org" />
+	<target host="www.ectc-online.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ECampus.no.xml b/src/chrome/content/rules/ECampus.no.xml
index b453c0cd690e..c0af9862cf4e 100644
--- a/src/chrome/content/rules/ECampus.no.xml
+++ b/src/chrome/content/rules/ECampus.no.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.ecampus.no/ => https://www.ecampus.no/: (6, 'Could not r
 		- www-ecampus.uninett.no
 
 -->
-<ruleset name="eCampus.no (partial)" default_off='failed ruleset test'>
+<ruleset name="eCampus.no (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ECigPros.xml b/src/chrome/content/rules/ECigPros.xml
index df4bef1ce40c..2160e137edc4 100644
--- a/src/chrome/content/rules/ECigPros.xml
+++ b/src/chrome/content/rules/ECigPros.xml
@@ -4,9 +4,9 @@
 	<target host="www.ecigpros.com" />
 
 
-	<securecookie host="^(?:.*\.)?ecigpros\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ECosCentric.com.xml b/src/chrome/content/rules/ECosCentric.com.xml
index f96fb01fa641..1ea6f9b330ec 100644
--- a/src/chrome/content/rules/ECosCentric.com.xml
+++ b/src/chrome/content/rules/ECosCentric.com.xml
@@ -12,7 +12,10 @@ Fetch error: http://ecoscentric.com/ => https://www.ecoscentric.com/: (60, 'SSL
 <ruleset name="eCosCentric.com">
 
 	<target host="ecoscentric.com" />
-	<target host="*.ecoscentric.com" />
+	<target host="www.ecoscentric.com" />
+	<target host="www2.ecoscentric.com" />
+	<target host="bugzilla.ecoscentric.com" />
+	<target host="lists.ecoscentric.com" />
 
 
 	<securecookie host="^\.bugzilla\.ecoscentric\.com$" name=".+" />
@@ -24,7 +27,6 @@ Fetch error: http://ecoscentric.com/ => https://www.ecoscentric.com/: (60, 'SSL
 	<rule from="^http://(?:www(2)?\.)?ecoscentric\.com/"
 		to="https://www$1.ecoscentric.com/" />
 
-	<rule from="^http://(bugzilla|lists)\.ecoscentric\.com/"
-		to="https://$1.ecoscentric.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ECustomerOpinions.com.xml b/src/chrome/content/rules/ECustomerOpinions.com.xml
index a8e0e9d4aeb9..69c4bd0f810d 100644
--- a/src/chrome/content/rules/ECustomerOpinions.com.xml
+++ b/src/chrome/content/rules/ECustomerOpinions.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.ecustomeropinions.com/ => https://www.ecustomeropinions.
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="eCustomerOpinions.com" default_off='failed ruleset test'>
+<ruleset name="eCustomerOpinions.com" default_off="failed ruleset test">
 
 	<target host="ecustomeropinions.com"/>
 	<target host="www.ecustomeropinions.com"/>
diff --git a/src/chrome/content/rules/EDF_Energy.xml b/src/chrome/content/rules/EDF_Energy.xml
index ee1c3a0b5875..e322e3df04df 100644
--- a/src/chrome/content/rules/EDF_Energy.xml
+++ b/src/chrome/content/rules/EDF_Energy.xml
@@ -7,7 +7,8 @@
 <ruleset name="EDF Energy">
 
 	<target host="edfenergy.com" />
-	<target host="*.edfenergy.com" />
+	<target host="www.edfenergy.com" />
+	<target host="my-account.edfenergy.com" />
 
 
 	<securecookie host="^my-account\.edfenergy\.com$" name=".+" />
@@ -16,7 +17,6 @@
 	<rule from="^http://(?:www\.)?edfenergy\.com/"
 		to="https://www.edfenergy.com/" />
 
-	<rule from="^http://my-account\.edfenergy\.com/"
-		to="https://my-account.edfenergy.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EDG.com.xml b/src/chrome/content/rules/EDG.com.xml
index e9900fdfabf8..a16bbb13e498 100644
--- a/src/chrome/content/rules/EDG.com.xml
+++ b/src/chrome/content/rules/EDG.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://edg.com/ => https://edg.com/: (60, 'SSL certificate problem:
 Fetch error: http://www.edg.com/ => https://www.edg.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="EDG.com" default_off='failed ruleset test'>
+<ruleset name="EDG.com" default_off="failed ruleset test">
 
 	<target host="edg.com" />
 	<target host="www.edg.com" />
diff --git a/src/chrome/content/rules/EDI-Health-Group-mismatches.xml b/src/chrome/content/rules/EDI-Health-Group-mismatches.xml
index c183b184add2..72a571fbc1ea 100644
--- a/src/chrome/content/rules/EDI-Health-Group-mismatches.xml
+++ b/src/chrome/content/rules/EDI-Health-Group-mismatches.xml
@@ -3,7 +3,7 @@
 	<target host="payconnect.net"/>
 	<target host="www.payconnect.net"/>
 
-	<securecookie host="^(?:.*\.)?payconnect\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?payconnect\.net/"
 		to="https://payconnect.net/"/>
diff --git a/src/chrome/content/rules/EDI-Health-Group.xml b/src/chrome/content/rules/EDI-Health-Group.xml
index 5e64a8ddb0bf..55753a824b00 100644
--- a/src/chrome/content/rules/EDI-Health-Group.xml
+++ b/src/chrome/content/rules/EDI-Health-Group.xml
@@ -3,7 +3,8 @@
 	<target host="claimconnect.net"/>
 	<target host="www.claimconnect.net"/>
 	<target host="dentalxchange.com"/>
-	<target host="*.dentalxchange.com"/>
+	<target host="www.dentalxchange.com" />
+	<target host="claimconnect.dentalxchange.com" />
 	<target host="edihealth.com"/>
 	<target host="www.edihealth.com"/>
 	<target host="edihealth.net"/>
@@ -21,13 +22,10 @@
 	<rule from="^http://(?:www\.)?(?:dentalxchange\.com|(?:edihealth|webclaim)\.net)/"
 		to="https://www.dentalxchange.com/"/>
 
-	<rule from="^http://claimconnect\.dentalxchange\.com/"
-		to="https://claimconnect.dentalxchange.com/"/>
 
 	<rule from="^http://(?:www\.)?edihealth\.com/"
 		to="https://www.dentalxchange.com/x/partners/webclaim.jsp"/>
 
-	<rule from="^http://secure\.payconnect\.net/"
-		to="https://secure.payconnect.net/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EDP.pt.xml b/src/chrome/content/rules/EDP.pt.xml
index c28d6618b73f..1a06e311fa8f 100644
--- a/src/chrome/content/rules/EDP.pt.xml
+++ b/src/chrome/content/rules/EDP.pt.xml
@@ -30,7 +30,7 @@ Fetch error: http://www.edpessoa.internet.edp.pt/ => https://www.edpessoa.intern
 	(www.)premioedpinovacao.edp.pt
 -->
 
-<ruleset name="Edp.pt" default_off='failed ruleset test'>
+<ruleset name="Edp.pt" default_off="failed ruleset test">
 	<target host="www.edp.pt" />
 	<target host="edp.pt" />
 	<target host="edplivebands.edp.pt" />
diff --git a/src/chrome/content/rules/EDRDG.org.xml b/src/chrome/content/rules/EDRDG.org.xml
new file mode 100644
index 000000000000..713f598fa383
--- /dev/null
+++ b/src/chrome/content/rules/EDRDG.org.xml
@@ -0,0 +1,13 @@
+<!--
+	edrdg.org has a wildcard DNS record, so enumerating all subdomains is impossible.
+	The certificate is only valid for www.edrdg.org, not edrdg.org or any other subdomains.
+-->
+<ruleset name="EDRDG.org">
+	<target host="edrdg.org" />
+	<target host="www.edrdg.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://edrdg\.org/" to="https://www.edrdg.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EDigitalResearch.xml b/src/chrome/content/rules/EDigitalResearch.xml
index df282b91c4d8..5315413ae1a4 100644
--- a/src/chrome/content/rules/EDigitalResearch.xml
+++ b/src/chrome/content/rules/EDigitalResearch.xml
@@ -8,7 +8,6 @@ Fetch error: http://www.edigitalresearch.com/ => https://www.edigitalresearch.co
 
 		- ECustomerOpinions.com.xml
 		- EDR_CDN.com.xml
-		- EDigitalSurvey.com.xml
 
 
 	Nonfunctional hosts in *edigitalresearch.com:
@@ -25,7 +24,7 @@ Fetch error: http://www.edigitalresearch.com/ => https://www.edigitalresearch.co
 	* Secured by us
 
 -->
-<ruleset name="eDigitalResearch.com (partial)" default_off='failed ruleset test'>
+<ruleset name="eDigitalResearch.com (partial)" default_off="failed ruleset test">
 
 	<target host="edigitalresearch.com"/>
 	<target host="www.edigitalresearch.com"/>
diff --git a/src/chrome/content/rules/EDirectDebit.xml b/src/chrome/content/rules/EDirectDebit.xml
index fb003e1a647e..0e932a0e1cf8 100644
--- a/src/chrome/content/rules/EDirectDebit.xml
+++ b/src/chrome/content/rules/EDirectDebit.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.edirectdebit.com/ => https://www.edirectdebit.com/: (28,
 	!www: cert only matches www
 
 -->
-<ruleset name="eDirectDebit (partial)" default_off='failed ruleset test'>
+<ruleset name="eDirectDebit (partial)" default_off="failed ruleset test">
 
 	<target host="edirectdebit.com" />
 	<target host="www.edirectdebit.com" />
diff --git a/src/chrome/content/rules/EET_Group.xml b/src/chrome/content/rules/EET_Group.xml
index 38eb79568609..97526b7c6bb9 100644
--- a/src/chrome/content/rules/EET_Group.xml
+++ b/src/chrome/content/rules/EET_Group.xml
@@ -6,21 +6,49 @@ Fetch error: http://eet.eu/ => https://eet.eu/: (28, 'Connection timed out after
 Disabled by https-everywhere-checker because:
 Fetch error: http://eet.eu/ => https://eet.eu/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="EET Group" default_off='failed ruleset test'>
+<ruleset name="EET Group" default_off="failed ruleset test">
 
 	<target host="eet.eu" />
-	<target host="*.eet.eu" />
-	<target host="*.eetgroup.com" />
-	<target host="*.eetnordic.com" />
+	<target host="s.eet.eu" />
+	<target host="www.eet.eu" />
+	<target host="at.eetgroup.com" />
+	<target host="be.eetgroup.com" />
+	<target host="ch.eetgroup.com" />
+	<target host="cz.eetgroup.com" />
+	<target host="de.eetgroup.com" />
+	<target host="dk.eetgroup.com" />
+	<target host="es.eetgroup.com" />
+	<target host="fi.eetgroup.com" />
+	<target host="fr.eetgroup.com" />
+	<target host="it.eetgroup.com" />
+	<target host="nl.eetgroup.com" />
+	<target host="no.eetgroup.com" />
+	<target host="pl.eetgroup.com" />
+	<target host="pt.eetgroup.com" />
+	<target host="se.eetgroup.com" />
+	<target host="uk.eetgroup.com" />
+	<target host="at.eetnordic.com" />
+	<target host="be.eetnordic.com" />
+	<target host="ch.eetnordic.com" />
+	<target host="cz.eetnordic.com" />
+	<target host="de.eetnordic.com" />
+	<target host="dk.eetnordic.com" />
+	<target host="es.eetnordic.com" />
+	<target host="fi.eetnordic.com" />
+	<target host="fr.eetnordic.com" />
+	<target host="it.eetnordic.com" />
+	<target host="nl.eetnordic.com" />
+	<target host="no.eetnordic.com" />
+	<target host="pl.eetnordic.com" />
+	<target host="pt.eetnordic.com" />
+	<target host="se.eetnordic.com" />
+	<target host="uk.eetnordic.com" />
 
 
 	<securecookie host="^.*\.eet(?:group|nordic)\.com$" name=".+" />
 
 
-	<rule from="^http://(s\.|www\.)?eet\.eu/"
-		to="https://$1eet.eu/" />
 
-	<rule from="^http://(at|be|ch|cz|de|dk|es|fi|fr|it|nl|no|pl|pt|se|uk)\.eet(group|nordic)\.com/"
-		to="https://$1.eet$2.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EE_Times-mixed.xml b/src/chrome/content/rules/EE_Times-mixed.xml
index 37761f38f78e..dfe76b2e468c 100644
--- a/src/chrome/content/rules/EE_Times-mixed.xml
+++ b/src/chrome/content/rules/EE_Times-mixed.xml
@@ -8,7 +8,7 @@ Fetch error: http://video.eetimes.com/ => https://video.eetimes.com/: (6, 'Could
 	For rules that do not cause mixed content, see EE_Times.xml.
 
 -->
-<ruleset name="EE Times (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="EE Times (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="video.eetimes.com" />
 
@@ -18,4 +18,4 @@ Fetch error: http://video.eetimes.com/ => https://video.eetimes.com/: (6, 'Could
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EE_Times.xml b/src/chrome/content/rules/EE_Times.xml
index 774632aa53f3..468ed5adaaaf 100644
--- a/src/chrome/content/rules/EE_Times.xml
+++ b/src/chrome/content/rules/EE_Times.xml
@@ -22,10 +22,14 @@ Fetch error: http://eetimes.com/ => https://eetimes.com/: (7, 'Failed to connect
 		- video		(mixed iframe from sso.techonline.com & video from brightcove.vo.llnwd.net)
 
 -->
-<ruleset name="EE Times (partial)" default_off='failed ruleset test'>
+<ruleset name="EE Times (partial)" default_off="failed ruleset test">
 
 	<target host="eetimes.com" />
-	<target host="*.eetimes.com" />
+	<target host="cdn.eetimes.com" />
+	<target host="confidential.eetimes.com" />
+	<target host="new.eetimes.com" />
+	<target host="www.eetimes.com" />
+	<target host="om.eetimes.com" />
 
 
 	<!--	Omniture cookies:
@@ -34,10 +38,9 @@ Fetch error: http://eetimes.com/ => https://eetimes.com/: (7, 'Failed to connect
 	<securecookie host="^www\.eetimes\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cdn|confidential|new|www)\.)?eetimes\.com/"
-		to="https://$1eetimes.com/" />
 
 	<rule from="^http://om\.eetimes\.com/"
 		to="https://eetimes-com.112.2o7.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EFAIL.de.xml b/src/chrome/content/rules/EFAIL.de.xml
new file mode 100644
index 000000000000..9e6cadafed98
--- /dev/null
+++ b/src/chrome/content/rules/EFAIL.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="EFAIL.de">
+	<target host="efail.de" />
+	<target host="www.efail.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EFF.xml b/src/chrome/content/rules/EFF.xml
index ae5b280738f1..058042668846 100644
--- a/src/chrome/content/rules/EFF.xml
+++ b/src/chrome/content/rules/EFF.xml
@@ -2,7 +2,6 @@
 	Other EFF rulesets:
 		- Freerangekitten.com.xml
 		- IFightSurveillance.org.xml
-		- ManilaPrinciples.org.xml
 		- Panopticlick.com.xml
 
 -->
diff --git a/src/chrome/content/rules/EFinancialCareers.xml b/src/chrome/content/rules/EFinancialCareers.xml
index 776cab007f07..0524d8ac4af4 100644
--- a/src/chrome/content/rules/EFinancialCareers.xml
+++ b/src/chrome/content/rules/EFinancialCareers.xml
@@ -41,7 +41,7 @@ Fetch error: http://news-cdn.efinancialcareers.com/ => https://d2p98mys7gexzy.cl
 		- www.efinancialcareers.com
 
 -->
-<ruleset name="eFinancialCareers.com (partial)" default_off='failed ruleset test'>
+<ruleset name="eFinancialCareers.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -84,10 +84,6 @@ Fetch error: http://news-cdn.efinancialcareers.com/ => https://d2p98mys7gexzy.cl
 	<securecookie host="^\." name="^__utm" />
 
 
-	<rule from="^http://news-cdn\.efinancialcareers\.com/"
-		to="https://d2p98mys7gexzy.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EFurnitureNY.xml b/src/chrome/content/rules/EFurnitureNY.xml
index 6f6e9279c08c..0c4c7f87f3af 100644
--- a/src/chrome/content/rules/EFurnitureNY.xml
+++ b/src/chrome/content/rules/EFurnitureNY.xml
@@ -4,9 +4,9 @@
 	<target host="www.efurnitureny.com" />
 
 
-	<securecookie host="^(?:.*\.)?efurnitureny\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EHWiki.org.xml b/src/chrome/content/rules/EHWiki.org.xml
new file mode 100644
index 000000000000..f1593602baae
--- /dev/null
+++ b/src/chrome/content/rules/EHWiki.org.xml
@@ -0,0 +1,14 @@
+<!--
+	For other E-Hentai.org coverage see E-Hentai.org.xml
+
+	Mismatched:
+		- test
+-->
+<ruleset name="EHWiki.org">
+	<target host="ehwiki.org" />
+	<target host="www.ehwiki.org" />
+	<target host="test.ehwiki.org" />
+
+	<rule from="^http://test\.ehwiki\.org/" to="https://ehwiki.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EIDQ.xml b/src/chrome/content/rules/EIDQ.xml
index 4075f5253890..b46c73a0767c 100644
--- a/src/chrome/content/rules/EIDQ.xml
+++ b/src/chrome/content/rules/EIDQ.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://eidq.org/ => https://eidq.org/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.eidq.org/ => https://www.eidq.org/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="EIDQ" default_off='failed ruleset test'>
+<ruleset name="EIDQ" default_off="failed ruleset test">
 
 	<target host="eidq.org" />
 	<target host="www.eidq.org" />
diff --git a/src/chrome/content/rules/EIS_Kent.co.uk.xml b/src/chrome/content/rules/EIS_Kent.co.uk.xml
index bb5eb22368f6..a64a0f1904a5 100644
--- a/src/chrome/content/rules/EIS_Kent.co.uk.xml
+++ b/src/chrome/content/rules/EIS_Kent.co.uk.xml
@@ -24,7 +24,7 @@ Fetch error: http://eiskent.co.uk/ => https://www.eiskent.co.uk/: (51, "SSL: no
 	ˢ Secured by us
 
 -->
-<ruleset name="EIS Kent.co.uk" default_off='failed ruleset test'>
+<ruleset name="EIS Kent.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/EKWB.com.xml b/src/chrome/content/rules/EKWB.com.xml
index 59da11e023ee..1d5d1fd907a5 100644
--- a/src/chrome/content/rules/EKWB.com.xml
+++ b/src/chrome/content/rules/EKWB.com.xml
@@ -3,6 +3,6 @@
 	<target host="www.ekwb.com" />
 
 	<securecookie host="^(?:www\.)?ekwb\.com" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ELENA-Verfahren.de.xml b/src/chrome/content/rules/ELENA-Verfahren.de.xml
index d14ed1f9f438..8398f83ffb6d 100644
--- a/src/chrome/content/rules/ELENA-Verfahren.de.xml
+++ b/src/chrome/content/rules/ELENA-Verfahren.de.xml
@@ -6,9 +6,9 @@ Fetch error: http://das-elena-verfahren.de/ => https://www.das-elena-verfahren.d
 Disabled by https-everywhere-checker because:
 Fetch error: http://das-elena-verfahren.de/ => https://www.das-elena-verfahren.de/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="ELENA" default_off='failed ruleset test'>
+<ruleset name="ELENA" default_off="failed ruleset test">
  <target host="das-elena-verfahren.de"/>
- <target host="*.das-elena-verfahren.de"/>
+ <target host="www.das-elena-verfahren.de" />
 
  <rule from="^http://(?:www\.)?das-elena-verfahren\.de/" to="https://www.das-elena-verfahren.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/ELO_edge.com.xml b/src/chrome/content/rules/ELO_edge.com.xml
index a2003dda9e28..09cfce5e5d8c 100644
--- a/src/chrome/content/rules/ELO_edge.com.xml
+++ b/src/chrome/content/rules/ELO_edge.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://eloedge.com/ => https://eloedge.com/: (51, "SSL: no alternat
 	* Secured by us
 
 -->
-<ruleset name="ELO edge.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="ELO edge.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="eloedge.com" />
 	<target host="www.eloedge.com" />
diff --git a/src/chrome/content/rules/ELTE.hu.xml b/src/chrome/content/rules/ELTE.hu.xml
index 97e286f60062..f0244f303961 100644
--- a/src/chrome/content/rules/ELTE.hu.xml
+++ b/src/chrome/content/rules/ELTE.hu.xml
@@ -51,14 +51,27 @@
 -->
 <ruleset name="ELTE.hu (partial)">
 
-	<target host="*.elte.hu" />
+	<target host="alumni.elte.hu" />
+	<target host="web.caesar.elte.hu" />
+	<target host="felveteli.elte.hu" />
+	<target host="iig.elte.hu" />
+	<target host="mars.elte.hu" />
+	<target host="minoseg.elte.hu" />
+	<target host="hallgato.neptun.elte.hu" />
+	<target host="pik.elte.hu" />
+	<target host="telefon.elte.hu" />
+	<target host="telefonkonyv.elte.hu" />
+	<target host="ugykezelo.elte.hu" />
+	<target host="webmail.elte.hu" />
+	<target host="www.elte.hu" />
+	<target host="caesar.elte.hu" />
+	<target host="www.caesar.elte.hu" />
+	<target host="webmail.caesar.elte.hu" />
 
 
 	<securecookie host="^(?:hallgato\.neptun|telefon|telefonkonyv|\.webmail)\.elte\.hu$" name=".+" />
 
 
-	<rule from="^http://(alumni|web\.caesar|felveteli|iig|mars|minoseg|hallgato\.neptun|pik|telefon|telefonkonyv|ugykezelo|webmail|www)\.elte\.hu/"
-		to="https://$1.elte.hu/" />
 
 	<rule from="^http://(?:www\.)?caesar\.elte\.hu/"
 		to="https://www.caesar.elte.hu/" />
@@ -68,4 +81,5 @@
 	<rule from="^http://webmail\.caesar\.elte\.hu/"
 		to="https://webmail.elte.hu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ELY-keskus.fi.xml b/src/chrome/content/rules/ELY-keskus.fi.xml
new file mode 100644
index 000000000000..2d252386f38c
--- /dev/null
+++ b/src/chrome/content/rules/ELY-keskus.fi.xml
@@ -0,0 +1,11 @@
+<ruleset name="ELY-keskus.fi">
+	<target host="ely-keskus.fi" />
+	<target host="www.ely-keskus.fi" />
+	<target host="janet.ely-keskus.fi" />
+	<target host="www.janet.ely-keskus.fi" />
+	<target host="testioag.ely-keskus.fi" />
+	<target host="turvaposti.ely-keskus.fi" />
+	<target host="turvaviesti.ely-keskus.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ELabor.xml b/src/chrome/content/rules/ELabor.xml
index 9f17bf9ac431..ddd0bda701af 100644
--- a/src/chrome/content/rules/ELabor.xml
+++ b/src/chrome/content/rules/ELabor.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ELatinos.com.xml b/src/chrome/content/rules/ELatinos.com.xml
index 992bf89ad0be..0458ce46ff6c 100644
--- a/src/chrome/content/rules/ELatinos.com.xml
+++ b/src/chrome/content/rules/ELatinos.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.elatinos.com/ => https://www.elatinos.com/: (6, 'Could n
 	* Secured by us
 
 -->
-<ruleset name="eLatinos.com" default_off='failed ruleset test'>
+<ruleset name="eLatinos.com" default_off="failed ruleset test">
 
 	<target host="elatinos.com" />
 	<target host="www.elatinos.com" />
diff --git a/src/chrome/content/rules/EMS.xml b/src/chrome/content/rules/EMS.xml
new file mode 100644
index 000000000000..7165b46e9f36
--- /dev/null
+++ b/src/chrome/content/rules/EMS.xml
@@ -0,0 +1,37 @@
+<!--
+For other Gruner+Jahr rules look at GuJ.de.xml
+
+	Invalid certificate:
+		- emsmobile.de
+		- www.emsmobile.de
+		- adquality.emsmobile.de
+		- adstxt.emsmobile.de
+		- aqt.emsmobile.de
+		- box.emsmobile.de
+		- ctrck.emsmobile.de
+		- data.emsmobile.de
+		- data1.emsmobile.de
+		- robot.emsmobile.de
+		- ssl.emsmobile.de
+		- stats.emsmobile.de
+		- tracker.emsmobile.de
+		- weather.emsmobile.de
+
+	Timeout:
+		- stage.static.emsservice.de
+-->
+<ruleset name="EMS Native Advertising">
+
+	<target host="adctrl.emsmobile.de" />
+	<target host="hello.emsmobile.de" />
+	<target host="native.emsservice.de" />
+	<target host="static.emsservice.de" />
+	<target host="dev-dss.static.emsservice.de" />
+	<target host="tracking.emsmobile.de" />
+	<target host="traffic.emsservice.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ENS.fr.xml b/src/chrome/content/rules/ENS.fr.xml
index 4a89bdc9def8..152480045412 100644
--- a/src/chrome/content/rules/ENS.fr.xml
+++ b/src/chrome/content/rules/ENS.fr.xml
@@ -127,7 +127,7 @@
 	<target host="www-mail.biologie.ens.fr" />
 	<target host="zebrain.biologie.ens.fr" />
 	<target host="www.zebrain.biologie.ens.fr" />
-	
+
 	<target host="challengedata.ens.fr" />
 	<target host="www.cof.ens.fr" />
 
@@ -143,11 +143,11 @@
 	<target host="www.eleves.ens.fr" />
 	<target host="hack.ens.fr" />
 	<target host="halley.ens.fr" />
-	
+
 		<!-- Used to access papers via google scholar. Causes SSL_ERROR_RX_RECORD_TOO_LONG -->
 		<exclusion pattern="^http://halley\.ens\.fr:4550/" />
 			<test url="http://halley.ens.fr:4550/robots.txt" />
-	
+
 	<target host="www.ibens.ens.fr" />
 	<target host="mail.jourdan.ens.fr" />
 	<target host="lists.ens.fr" />
diff --git a/src/chrome/content/rules/ENomCentral.xml b/src/chrome/content/rules/ENomCentral.xml
index 76d336bb8490..34e9346227cd 100644
--- a/src/chrome/content/rules/ENomCentral.xml
+++ b/src/chrome/content/rules/ENomCentral.xml
@@ -1,18 +1,11 @@
 <!--
 	For other Demand Media coverage, see Demand-Media.xml.
-
-
-	- !www: cert only matches www
-	- Some pages redirect to http
-
 -->
 <ruleset name="eNomCentral (partial)">
 
 	<target host="enomcentral.com" />
 	<target host="www.enomcentral.com" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(?:www\.)?enomcentral\.com/(captchautil/|css/|_?images/|js/|login\.aspx|myaccount(?:$|\?|/)|(?:Script|Web)Resource\.axd|verisign-seal\.htm)"
-		to="https://www.enomcentral.com/$1" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EOL.org.xml b/src/chrome/content/rules/EOL.org.xml
index c3d74c96e9b0..8c8774196ec7 100644
--- a/src/chrome/content/rules/EOL.org.xml
+++ b/src/chrome/content/rules/EOL.org.xml
@@ -1,7 +1,7 @@
 <!--
 	Invalid certificate:
 		blog.eol.org
-	
+
 	Refused:
 		cephbase.eol.org
 		discuss.eol.org
diff --git a/src/chrome/content/rules/EOS.org.xml b/src/chrome/content/rules/EOS.org.xml
new file mode 100644
index 000000000000..36374512c076
--- /dev/null
+++ b/src/chrome/content/rules/EOS.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="EOS.org">
+	<target host="eos.org" />
+	<target host="www.eos.org" />
+	<target host="static.eos.org" />
+		<test url="http://static.eos.org/80126A6/osm/2016/wp-content/uploads/sites/2/2015/10/OceanScience2016_FundingOpportunities.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EPAG.de.xml b/src/chrome/content/rules/EPAG.de.xml
new file mode 100644
index 000000000000..13af42200fbb
--- /dev/null
+++ b/src/chrome/content/rules/EPAG.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="EPAG.de">
+	<target host="epag.de" />
+	<target host="www.epag.de" />
+	<target host="api.epag.de" />
+	<target host="data-use.epag.de" />
+	<target host="staging2.epag.de" />
+	<target host="www.staging2.epag.de" />
+	<target host="support.epag.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EPB.xml b/src/chrome/content/rules/EPB.xml
index 5b80eaf71ed9..98dccd5a9257 100644
--- a/src/chrome/content/rules/EPB.xml
+++ b/src/chrome/content/rules/EPB.xml
@@ -1,18 +1,18 @@
 <ruleset name="EPB">
 
 	<target host="epb.net" />
-	<target host="*.epb.net" />
+	<target host="livehelp.epb.net" />
+	<target host="www.epb.net" />
 	<target host="epbfi.com" />
-	<target host="*.epbfi.com" />
+	<target host="mail.epbfi.com" />
+	<target host="livehelp.epbfi.com" />
+	<target host="phone.epbfi.com" />
+	<target host="www.epbfi.com" />
 
 
-	<securecookie host="^(?:.*\.)?epb(?:\.net|fi\.com)$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(livehelp\.|www\.)?epb\.net/"
-		to="https://$1epb.net/" />
-
-	<rule from="^http://((?:mail|livehelp|phone|www)\.)?epbfi\.com/"
-		to="https://$1epbfi.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EPEAT.xml b/src/chrome/content/rules/EPEAT.xml
deleted file mode 100644
index 20fcb59895bf..000000000000
--- a/src/chrome/content/rules/EPEAT.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="EPEAT (partial)">
-
-	<target host="ww2.epeat.net" />
-
-
-	<rule from="^http://ww2\.epeat\.com/"
-		to="https://ww2.epeat.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EPFL.xml b/src/chrome/content/rules/EPFL.xml
index c9159b29438b..fb9a39f3ff1d 100644
--- a/src/chrome/content/rules/EPFL.xml
+++ b/src/chrome/content/rules/EPFL.xml
@@ -51,13 +51,15 @@
 <ruleset name="EPFL (partial)">
 
 	<target host="epfl.ch" />
-	<target host="*.epfl.ch" />
+	<target host="inform.epfl.ch" />
+	<target host="jahia-prod.epfl.ch" />
+	<target host="winauth.epfl.ch" />
+	<target host="www.epfl.ch" />
 
 
 	<securecookie host="^(?:inform|jahia-prod)\.epfl\.ch$" name=".+" />
 
 
-	<rule from="^http://((?:inform|jahia-prod|winauth|www)\.)?epfl\.ch/"
-		to="https://$1epfl.ch/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EPrize.xml b/src/chrome/content/rules/EPrize.xml
index 5b818b7056f0..8a220c573732 100644
--- a/src/chrome/content/rules/EPrize.xml
+++ b/src/chrome/content/rules/EPrize.xml
@@ -21,10 +21,15 @@ Fetch error: http://www.eprize.net/ => https://www.eprize.com/: (51, "SSL: no al
 	* Cert only matches *.eprize.com
 
 -->
-<ruleset name="ePrize" default_off='failed ruleset test'>
+<ruleset name="ePrize" default_off="failed ruleset test">
 
 	<target host="eprize.com" />
-	<target host="*.eprize.com" />
+	<target host="www.eprize.com" />
+	<target host="results.eprize.com" />
+	<target host="rps01.eprize.com" />
+	<target host="socialize.eprize.com" />
+	<target host="winlist.eprize.com" />
+	<target host="winlists.eprize.com" />
 	<target host="eprize.net" />
 	<target host="www.eprize.net" />
 
@@ -35,7 +40,6 @@ Fetch error: http://www.eprize.net/ => https://www.eprize.com/: (51, "SSL: no al
 	<rule from="^http://(?:www\.)?eprize\.(?:com|net)/"
 		to="https://www.eprize.com/" />
 
-	<rule from="^http://(results|rps01|socialize|winlists?)\.eprize\.com/"
-		to="https://$1.eprize.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EQBank.ca.xml b/src/chrome/content/rules/EQBank.ca.xml
new file mode 100644
index 000000000000..999ac77c6b49
--- /dev/null
+++ b/src/chrome/content/rules/EQBank.ca.xml
@@ -0,0 +1,24 @@
+<!--
+	Chain issue, missing intermediate:
+		- mcc.eqbank.ca
+		- scc.eqbank.ca
+
+	Invalid certificate:
+		- www.edaa.eqbank.ca
+		- click.email.eqbank.ca
+		- image.email.eqbank.ca
+		- view.email.eqbank.ca
+-->
+
+<ruleset name="EQBank.ca">
+	<target host="eqbank.ca" />
+	<target host="www.eqbank.ca" />
+	<target host="alpha.eqbank.ca" />
+	<target host="beta.eqbank.ca" />
+	<target host="edaa.eqbank.ca" />
+	<target host="sec.eqbank.ca" />
+	<target host="staging.sec.eqbank.ca" />
+	<target host="staging.eqbank.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ERC.edu.xml b/src/chrome/content/rules/ERC.edu.xml
index d2f1d38a6a07..4a8332c9e18f 100644
--- a/src/chrome/content/rules/ERC.edu.xml
+++ b/src/chrome/content/rules/ERC.edu.xml
@@ -9,7 +9,7 @@ Fetch error: http://faq.erc.edu/ => https://faq.erc.edu/: (28, 'Connection timed
 		- courses.erc.edu
 
 -->
-<ruleset name="ERC.edu" default_off='failed ruleset test'>
+<ruleset name="ERC.edu" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ESB.ie.xml b/src/chrome/content/rules/ESB.ie.xml
index 2f79a2f656c8..d7717f0a30ee 100644
--- a/src/chrome/content/rules/ESB.ie.xml
+++ b/src/chrome/content/rules/ESB.ie.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.esbie.ie/ => https://www.esbie.ie/: (35, 'Unknown SSL pr
 Fetch error: http://esbie.ie/ => https://esbie.ie/: (35, 'Unknown SSL protocol error in connection to esbie.ie:443 ')
 
 -->
-<ruleset name="ESB.ie" default_off='failed ruleset test'>
+<ruleset name="ESB.ie" default_off="failed ruleset test">
   <target host="www.esb.ie" />
   <target host="esb.ie" />
   <target host="www.esbie.ie" />
diff --git a/src/chrome/content/rules/ESF-Works.com.xml b/src/chrome/content/rules/ESF-Works.com.xml
index 7141fa59b359..d57c040cbbfb 100644
--- a/src/chrome/content/rules/ESF-Works.com.xml
+++ b/src/chrome/content/rules/ESF-Works.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?esf-works\.com/"
 		to="https://esf-works.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESI.xml b/src/chrome/content/rules/ESI.xml
index 65d437388db4..ec5df4920e9e 100644
--- a/src/chrome/content/rules/ESI.xml
+++ b/src/chrome/content/rules/ESI.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="ESI">
 
-	<target host="*.esi.dz" />
+	<target host="www.esi.dz" />
 
 
 	<securecookie host="^(?:www)?\.esi\.dz$" name=".+" />
 
 
-	<rule from="^http://www\.esi\.dz/"
-		to="https://www.esi.dz/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESISS.xml b/src/chrome/content/rules/ESISS.xml
deleted file mode 100644
index 2c35a50b4f55..000000000000
--- a/src/chrome/content/rules/ESISS.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ESISS">
-  <target host="esiss.ac.uk" />
-  <target host="www.esiss.ac.uk" />
-
-  <securecookie host="^(?:.+\.)?esiss\.ac\.uk$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ESLint.org.xml b/src/chrome/content/rules/ESLint.org.xml
index db96c86887fb..e83d700cf822 100644
--- a/src/chrome/content/rules/ESLint.org.xml
+++ b/src/chrome/content/rules/ESLint.org.xml
@@ -1,4 +1,5 @@
 <ruleset name="ESLint.org">
+
 	<target host="eslint.org" />
 	<target host="www.eslint.org" />
 	<target host="cn.eslint.org" />
@@ -7,4 +8,5 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/ESRB.xml b/src/chrome/content/rules/ESRB.xml
index a971aec1c615..77e4a02b14bc 100644
--- a/src/chrome/content/rules/ESRB.xml
+++ b/src/chrome/content/rules/ESRB.xml
@@ -3,4 +3,4 @@
   <target host="esrb.org" />
 
   <rule from="^http://(?:www\.)?esrb\.org/" to="https://www.esrb.org/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ESTA_Visas.org.uk.xml b/src/chrome/content/rules/ESTA_Visas.org.uk.xml
index 94f2a4e09a47..4da9a5aef2a0 100644
--- a/src/chrome/content/rules/ESTA_Visas.org.uk.xml
+++ b/src/chrome/content/rules/ESTA_Visas.org.uk.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.estavisas.org.uk/ => https://www.estavisas.org.uk/: (51,
 		- www.estavisas.org.uk
 
 -->
-<ruleset name="ESTA Visas.org.uk" default_off='failed ruleset test'>
+<ruleset name="ESTA Visas.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ESTA_Visas.org.xml b/src/chrome/content/rules/ESTA_Visas.org.xml
index b5d0d3a51efe..59d98e74f336 100644
--- a/src/chrome/content/rules/ESTA_Visas.org.xml
+++ b/src/chrome/content/rules/ESTA_Visas.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.estavisas.org/ => https://www.estavisas.org/: (7, 'Faile
 		- www.estavisas.org
 
 -->
-<ruleset name="ESTA Visas.org" default_off='failed ruleset test'>
+<ruleset name="ESTA Visas.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ETH_Zurich.xml b/src/chrome/content/rules/ETH_Zurich.xml
index 7359fcb787e3..a296bea08c78 100644
--- a/src/chrome/content/rules/ETH_Zurich.xml
+++ b/src/chrome/content/rules/ETH_Zurich.xml
@@ -73,7 +73,7 @@ Fetch error: http://www1.ethz.ch/ => https://www1.ethz.ch/: (6, 'Could not resol
 		- www1.ethz.ch
 
 -->
-<ruleset name="ETHZ.ch (partial)" default_off='failed ruleset test'>
+<ruleset name="ETHZ.ch (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ETS.xml b/src/chrome/content/rules/ETS.xml
index 34e980fd3996..a8103d2e4e0d 100644
--- a/src/chrome/content/rules/ETS.xml
+++ b/src/chrome/content/rules/ETS.xml
@@ -1,7 +1,19 @@
 <ruleset name="ETS">
   <target host="ets.org" />
-  <target host="*.ets.org" />
+  <target host="www.ets.org" />
+  <target host="apstudio.ets.org" />
+  <target host="ept-elm.ets.org" />
+  <target host="gedcalifornia.ets.org" />
+  <target host="gresearch.ets.org" />
+  <target host="ibtsd3.ets.org" />
+  <target host="mygre.ets.org" />
+  <target host="onyx.ets.org" />
+  <target host="ppi.ets.org" />
+  <target host="srp.ets.org" />
+  <target host="title2.ets.org" />
+  <target host="toefl-registration.ets.org" />
+  <target host="toeflrts.ets.org" />
 
   <rule from="^http://(?:www\.)?ets\.org/" to="https://www.ets.org/"/>
-  <rule from="^http://(apstudio|ept-elm|gedcalifornia|gresearch|ibtsd3|mygre|onyx|ppi|srp|title2|toefl-registration|toeflrts)\.ets\.org/" to="https://$1.ets.org/"/>
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EToro.xml b/src/chrome/content/rules/EToro.xml
index e8c724996af8..1274478709ca 100644
--- a/src/chrome/content/rules/EToro.xml
+++ b/src/chrome/content/rules/EToro.xml
@@ -1,59 +1,47 @@
 <!--
-	For rules causing false/broken MCB, see etoro.com-falsemixed.xml.
+	Other eToro.com related rulesets:
+		+ etorostatic.com.xml
 
-	Other eToro rulesets:
+	Non-functional hosts
+		SSL connect error:
+		- etorologsapi.etoro.com
 
-		- copy.me.xml
-		- etorostatic.com.xml
+		SSL peer certificate was not OK:
+		- cdn.etoro.com
+		- partners-help.etoro.com
 
+		4xx client error:
+		- s3.etoro.com
 
-	Problematic hosts in *etoro.com:
-
-		- cdn ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .etoro.com
-		- .help.etoro.com
-		- refererfriends.etoro.com
-		- www.etoro.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on help from www.nanorep.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+		5xx server error:
+		- maintenance.etoro.com
 -->
-<ruleset name="eToro.com (partial)">
-
+<ruleset name="eToro.com">
 	<target host="etoro.com" />
+	<target host="accountstat.etoro.com" />
+	<target host="affiliates.etoro.com" />
+	<target host="api-portal.etoro.com" />
+	<target host="apptest.etoro.com" />
+	<target host="cashier.etoro.com" />
+	<target host="charts.etoro.com" />
+	<target host="content.etoro.com" />
+	<test url="http://content.etoro.com/lp/bitcoin/?gc=1" />
+	<target host="embed.etoro.com" />
 	<target host="etorologsapi.etoro.com" />
-	<!--target host="help.etoro.com" /-->
-	<target host="maintenance.etoro.com" />
+	<target host="go.etoro.com" />
+	<target host="help.etoro.com" />
+	<target host="kyc.etoro.com" />
+	<test url="http://kyc.etoro.com/api/v1/tnc/documents/84.pdf" />
 	<target host="openbook.etoro.com" />
+	<target host="partners.etoro.com" />
+	<target host="push-demo-lightstreamer.cloud.etoro.com" />
 	<target host="referfriends.etoro.com" />
-	<target host="s3.etoro.com" />
 	<target host="site.etoro.com" />
+	<target host="status.etoro.com" />
+	<target host="stocks.etoro.com" />
 	<target host="www.etoro.com" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.etoro\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
-	<!--securecookie host="^\.help\.etoro\.com$" name="^(?:REFERER|nrContext)$" /-->
-	<!--securecookie host="^(?:refererfriends|www)\.etoro\.com$" name="^(?:___utm[abm]\w+|PHPSESSID)$" /-->
-
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EUBA.sk.xml b/src/chrome/content/rules/EUBA.sk.xml
new file mode 100644
index 000000000000..9200a562d105
--- /dev/null
+++ b/src/chrome/content/rules/EUBA.sk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Euba.sk">
+	<target host="euba.sk" />
+	<target host="www.euba.sk" />
+	<target host="old.euba.sk" />
+	<target host="helpdesk.euba.sk" />
+	<target host="jedalen.euba.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EUKhost.xml b/src/chrome/content/rules/EUKhost.xml
index 2d813bb83210..61de8c8df3ad 100644
--- a/src/chrome/content/rules/EUKhost.xml
+++ b/src/chrome/content/rules/EUKhost.xml
@@ -35,4 +35,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EUKhosting.xml b/src/chrome/content/rules/EUKhosting.xml
index f15873b83e53..9ab6fb1df09f 100644
--- a/src/chrome/content/rules/EUKhosting.xml
+++ b/src/chrome/content/rules/EUKhosting.xml
@@ -15,10 +15,10 @@
 	<target host="*.eukhosting.net" />
 
 
-	<securecookie host=".+\.eukhosting.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?!www\.)([\w-]+)\.eukhosting\.net/"
 		to="https://$1.eukhosting.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EUSecWest.xml b/src/chrome/content/rules/EUSecWest.xml
deleted file mode 100644
index 7572bbf69e3a..000000000000
--- a/src/chrome/content/rules/EUSecWest.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="EUSecWest">
-
-	<target host="eusecwest.com" />
-	<target host="*.eusecwest.com" />
-
-
-	<securecookie host="^\.eusecwest\.com$" name=".+" />
-
-
-	<!--	Cert only matches ^eusecwest.com.
-							-->
-	<rule from="^http://(?:www\.)?eusecwest\.com/"
-		to="https://eusecwest.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EUserv.de.xml b/src/chrome/content/rules/EUserv.de.xml
index fcd123f02b74..e8c66b31f177 100644
--- a/src/chrome/content/rules/EUserv.de.xml
+++ b/src/chrome/content/rules/EUserv.de.xml
@@ -13,14 +13,16 @@
 <ruleset name="EUserv.de (partial)">
 
 	<target host="euserv.de" />
-	<target host="*.euserv.de" />
+	<target host="ssl.euserv.de" />
+	<target host="www.ssl.euserv.de" />
+	<target host="www.euserv.de" />
+	<target host="support.euserv.de" />
 		<exclusion pattern="^http://(?:www\.)?euserv\.de/+(?!favicon\.ico|pic/)" />
 
 
 	<rule from="^http://(?:(www\.)?ssl\.|www\.)?euserv\.de/"
 		to="https://$1ssl.euserv.de/" />
 
-	<rule from="^http://support\.euserv\.de/"
-		to="https://support.euserv.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EVEX.xml b/src/chrome/content/rules/EVEX.xml
new file mode 100644
index 000000000000..2e9fb839c1da
--- /dev/null
+++ b/src/chrome/content/rules/EVEX.xml
@@ -0,0 +1,32 @@
+<ruleset name="EVEX">
+	<!-- aeromageddon.com -->
+	<target host="aeromageddon.com" />
+	<target host="www.aeromageddon.com" />
+	<target host="cpanel.aeromageddon.com" />
+	<target host="mail.aeromageddon.com" />
+	<target host="webdisk.aeromageddon.com" />
+	<target host="webmail.aeromageddon.com" />
+
+	<!-- evex.ca -->
+	<target host="evex.ca" />
+	<target host="www.evex.ca" />
+	<target host="cpanel.evex.ca" />
+	<target host="mail.evex.ca" />
+	<target host="webdisk.evex.ca" />
+	<target host="webmail.evex.ca" />
+
+	<!-- ytest.net-->
+	<target host="ytest.net" />
+	<target host="www.ytest.net" />
+	<target host="aeromageddon.ytest.net" />
+	<target host="www.aeromageddon.ytest.net" />
+	<target host="cpanel.ytest.net" />
+	<target host="evex.ytest.net" />
+	<target host="www.evex.ytest.net" />
+	<target host="mail.ytest.net" />
+	<target host="webdisk.ytest.net" />
+	<target host="webmail.ytest.net" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EVE_Online.com.xml b/src/chrome/content/rules/EVE_Online.com.xml
deleted file mode 100644
index bcc4b6c5fa19..000000000000
--- a/src/chrome/content/rules/EVE_Online.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- content *
-
-	* 404, valid cert
-
-
-	Mixed content:
-
-		- Ad on community and www from web.ccpgamescdn.com
-
--->
-<ruleset name="EVE Online.com (partial)">
-
-	<target host="eveonline.com" />
-	<target host="*.eveonline.com" />
-		<!--exclusion pattern="^http://content\.eveonline\.com/" /-->
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^login\.eveonline\.com$" name="^C$" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^\.eveonline\.com$" name="^cultureinfo$" /-->
-	<!--securecookie host="^forums\.eveonline\.com$" name="^ASP.NET_SessionId$" /-->
-	<!--securecookie host="^secure\.eveonline\.com$" name="^(ASP\.NET_SessionId|aid|secure_cultureinfo)$" /-->
-	<!--securecookie host="^wiki\.eveonline\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:forums|secure|wiki)\.eveonline\.com$" name=".+" />
-
-
-	<rule from="^http://((?:community|forums|gate|image|login|secure|wiki|www)\.)?eveonline\.com/"
-		to="https://$1eveonline.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EVGA.com.xml b/src/chrome/content/rules/EVGA.com.xml
deleted file mode 100644
index 14cbddab9d48..000000000000
--- a/src/chrome/content/rules/EVGA.com.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--
-	Non-functional hosts
-		Timeout was reached:
-		- ar.evga.com
-		- authcl1.evga.com
-		- ftp.evga.com
-		- kr.evga.com
-		- maintenance.evga.com
-		- news.evga.com
-		- ru.evga.com
-		- ss.evga.com
-		- static1.evga.com
-		- voip.evga.com
-
-		SSL peer certificate was not OK:
-		- ads.evga.com
-		- origin-secure.evga.com
-		- origin-www.evga.com
-		- static.evga.com
-		- ts3.evga.com
-
-		Incomplete certificate chain error:
-		- autodiscover.evga.com
-		- mail.evga.com
-		- pcoip.evga.com
-		- sp.evga.com
-		- timeclock.evga.com
-
-		4xx client error:
-		- latam.evga.com
-		- origin-ads.evga.com
-		- origin-asia.evga.com
-		- origin-au.evga.com
-		- origin-br.evga.com
-		- origin-cn.evga.com
-		- origin-eu.evga.com
-		- origin-forums.evga.com
-		- origin-fr.evga.com
-		- origin-jp.evga.com
-		- origin-latam.evga.com
-		- origin-tw.evga.com
--->
-<ruleset name="EVGA.com (partial)">
-	<target host="evga.com" />
-	<target host="www.evga.com" />
-	<target host="asia.evga.com" />
-	<target host="au.evga.com" />
-	<target host="br.evga.com" />
-	<target host="cdn.evga.com" />
-	<target host="cn.evga.com" />
-	<target host="de.evga.com" />
-	<target host="egc-la.evga.com" />
-	<target host="eu.evga.com" />
-	<target host="forums.evga.com" />
-	<target host="fr.evga.com" />
-	<target host="images.evga.com" />
-	<target host="jp.evga.com" />
-	<target host="origin-private.evga.com" />
-	<target host="origin-privateeu.evga.com" />
-	<target host="private.evga.com" />
-	<target host="secure.evga.com" />
-	<target host="tw.evga.com" />
-
-	<securecookie host="^secure\.evga\.com$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml b/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml
index 05d21daaa19b..16149a534b41 100644
--- a/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml
+++ b/src/chrome/content/rules/EW-Scripps-Company-mismatches.xml
@@ -8,17 +8,16 @@ Some buckets:
 
 	<target host="m.andersonvalleypost.com"/>
 	<target host="media.andersonvalleypost.com"/>
-	<target host="*.commercialappeal.com"/>
+	<target host="blogs.commercialappeal.com" />
+	<target host="media.commercialappeal.com" />
+	<target host="web.commercialappeal.com" />
 	<target host="homes.redding.com"/>
 	<target host="web.redding.com"/>
 
-	<rule from="^http://m(edia)?\.andersonvalleypost\.com/"
-		to="https://m$1.andersonvalleypost.com/"/>
 
-	<rule from="^http://(blogs|media|web)\.commercialappeal\.com/"
-		to="https://$1.commercialappeal.com/"/>
 
 	<rule from="^http://(homes|web)\.redding\.com/"
 		to="https://$1web.redding.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/EW-Scripps-Company.xml b/src/chrome/content/rules/EW-Scripps-Company.xml
index 2f33da9c2f3a..74c2da464c28 100644
--- a/src/chrome/content/rules/EW-Scripps-Company.xml
+++ b/src/chrome/content/rules/EW-Scripps-Company.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.redding.com/ => https://www.redding.com/: (51, "SSL: no
 		- www.theindychannel.com	(prints "Down For Maintenance", akamai)
 
 -->
-<ruleset name="E. W. Scripps Company (partial)" default_off='failed ruleset test'>
+<ruleset name="E. W. Scripps Company (partial)" default_off="failed ruleset test">
 
 	<target host="andersonvalleypost.com"/>
 	<target host="login.andersonvalleypost.com"/>
diff --git a/src/chrome/content/rules/EWONTFIX.com.xml b/src/chrome/content/rules/EWONTFIX.com.xml
new file mode 100644
index 000000000000..6bfac83be336
--- /dev/null
+++ b/src/chrome/content/rules/EWONTFIX.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Nonfunctional hosts in *.ewontfix.com:
+		- mail
+-->
+<ruleset name="EWONTFIX.com">
+	<target host="ewontfix.com" />
+	<target host="www.ewontfix.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/EWebScapes.com.xml b/src/chrome/content/rules/EWebScapes.com.xml
index 96c76a7301b0..be0cd5b5946c 100644
--- a/src/chrome/content/rules/EWebScapes.com.xml
+++ b/src/chrome/content/rules/EWebScapes.com.xml
@@ -1,7 +1,6 @@
 <!--
 	For other WebDevStudios coverage, see WebDevStudios.xml.
 
-
 	(www.)?ewebscapes.com: Mismatched
 	clientarea.ewebscapes.com: Expired
 
@@ -11,14 +10,8 @@
 	<!--	Complications:
 				-->
 	<target host="ewebscapes.com" />
-	<target host="clientarea.ewebscapes.com" />
 	<target host="www.ewebscapes.com" />
 
-		<!--	/+(?!$|\?) 404s:
-					-->
-		<!--exclusion pattern="^http://clientarea\.ewebscapes\.com/+(?!$|\?)" /-->
-
-
 	<!--	Redirect keeps path and args,
 		but not forward slash:
 					-->
@@ -27,14 +20,4 @@
 
 		<test url="http://ewebscapes.com/?" />
 
-	<!--	Redirect keeps args but not forward slash:
-							-->
-	<rule from="^http://clientarea\.ewebscapes\.com/+(?=$|\?)"
-		to="https://webdevstudios.com/contact" />
-
-		<test url="http://clientarea.ewebscapes.com/?f" />
-		<test url="http://clientarea.ewebscapes.com/?o" />
-		<test url="http://clientarea.ewebscapes.com//?o" />
-		<test url="http://clientarea.ewebscapes.com/?b" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/EWellness_magazine.xml b/src/chrome/content/rules/EWellness_magazine.xml
index b55c7a0a00c3..2ff2fd59bb85 100644
--- a/src/chrome/content/rules/EWellness_magazine.xml
+++ b/src/chrome/content/rules/EWellness_magazine.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.ewellnessmag.com/ => https://www.ewellnessmag.com/: (51,
 		- cart
 
 -->
-<ruleset name="eWellness magazine (partial)" default_off='failed ruleset test'>
+<ruleset name="eWellness magazine (partial)" default_off="failed ruleset test">
 
 	<target host="ewellnessmag.com" />
 	<target host="www.ewellnessmag.com" />
diff --git a/src/chrome/content/rules/EXANTE.xml b/src/chrome/content/rules/EXANTE.xml
index 5af6475c3f0a..27ce876f7339 100644
--- a/src/chrome/content/rules/EXANTE.xml
+++ b/src/chrome/content/rules/EXANTE.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EXXile.net.xml b/src/chrome/content/rules/EXXile.net.xml
index 85826fd82729..2eb02eace4b1 100644
--- a/src/chrome/content/rules/EXXile.net.xml
+++ b/src/chrome/content/rules/EXXile.net.xml
@@ -5,7 +5,8 @@
 <ruleset name="eXXile.net" default_off="mismatched, self-signed">
 
 	<target host="exxile.net" />
-	<target host="*.exxile.net" />
+	<target host="firefox.exxile.net" />
+	<target host="www.exxile.net" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/EXelate.xml b/src/chrome/content/rules/EXelate.xml
index 297486ee3012..bd94e2493784 100644
--- a/src/chrome/content/rules/EXelate.xml
+++ b/src/chrome/content/rules/EXelate.xml
@@ -1,84 +1,75 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://loadxl.exelator.com/ => https://loadxl.exelator.com/: (6, 'Could not resolve host: loadxl.exelator.com')
-Fetch error: http://texi.exelate.com/ => https://texi.exelate.com/: (6, 'Could not resolve host: texi.exelate.com')
-
-	CDN buckets:
-
-		- load.s3.amazonaws.com
-
-
-	Cert also matches these domains:
-
-		- datalinxng.exelate.com ¹
-		- dlxapi.exelate.com		(refused)
-		- texiapi.exelate.com ¹
-		- loadxl.exelator.biz ¹
-		- insight.exelator.com ²
-		- www.load.exelator.com ²
-
-	¹ Dropped
-	² Doesn't exist
-
-
-	Nonfunctional domains:
-
-		- (www.)exelate.com
-		- datalinx.exelate.com ²
-		- exchange.exelate.com ²
-		- datalinxapi.exelator.net ¹
-
-	¹ http reply
-	² Refused
-
-
-	Problematic domains:
-
-		- ad.exelate.com	(mismatched, CN: ad.yieldmanager.com)
-		- loadan.exelator.com *
-		- www.exelator.com *
-
-	* Mismatched, CN: load.exelator.com
-
-
-	Observed cookie domains:
-
-		- texi.exelate.com
+	Cert expired:
+		- alpha.nmc.exelate.com
+		- externalgw.alpha.nmc.exelate.com
+		- appgw.alpha.nmc.exelate.com
+
+	Connection refused:
+		- 2013awards.exelate.com
+		- bdx2016.exelate.com
+		- bdx2017.exelate.com
+
+	TLS error:
+		- www.exelator.com
+		- action.exelator.com
+		- load.exelator.com
+		- loadan.exelator.com
+		- loadeu.exelator.com
+		- loadm.exelator.com
+		- loadpm.exelator.com
+		- loadr.exelator.com
+		- loadus.exelator.com
+		- mydmp.exelator.com
+		- optout.exelator.com
+		- static.exelator.com
+		- vdna.exelator.com
+		- smart.exelator.com
+		- sandbox.exelator.com
+		- exelate.com
+		- www.exelate.com
+		- partners.exelate.com
+
+	Timeout:
+		- exelator.com
+
+	Cert mismatch:
+		- load.amexp.exelator.com
+		- eu-west.load.exelator.com
+		- eu-static.load.exelator.com
+		- us-east.load.exelator.com
+		- us-central.load.exelator.com
+		- global.load.exelator.com
+		- us-west.load.exelator.com
+		- insight-s3.exelator.com
+		- loadus.tm.ssl.exelator.com
+		- west.us.tm.exelator.com
+		- load.njexp.exelator.com
+		- load.scexp.exelator.com
+		- smart.scexp.exelator.com
+		- load.txexp.exelator.com
+		- smart.txexp.exelator.com
+		- ad.exelate.com
+		- resources.exelate.com
 
 -->
-<ruleset name="eXelate" default_off='failed ruleset test'>
+<ruleset name="eXelate">
 
 	<!--	Direct rewrites:
 				-->
-	<target host="load.exelator.com" />
-	<target host="loadeu.exelator.com" />
-	<target host="loadm.exelator.com" />
-	<target host="loadr.exelator.com" />
-	<target host="loadus.exelator.com" />
-	<target host="loadxl.exelator.com" />
+	<target host="cdn.exelator.com" />
+	<target host="load77.exelator.com" />
 
-	<!--	Complications:
-				-->
+	<target host="alpha.cdn.exelate.com" />
 	<target host="ad.exelate.com" />
-	<target host="texi.exelate.com" />
-
-	<target host="loadan.exelator.com" />
-
-
-	<securecookie host="^texi\.exelate\.com$" name=".+" />
-	<securecookie host="^\.exelator\.com$" name=".+" />
+	<target host="nmc1.cdn.nmc.exelate.com" />
+	<target host="resources.cdn.nmc.exelate.com" />
+	<target host="nmc.exelate.com" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://ad\.exelate\.com/"
 		to="https://ad.yieldmanager.com/" />
 
-	<rule from="^http://texi\.exelate\.com/"
-		to="https://texi.exelate.com/" />
-
-	<rule from="^http://loadan\.exelator\.com/"
-		to="https://load.exelator.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/EXiled.xml b/src/chrome/content/rules/EXiled.xml
index 88734220e5d7..9332273686ec 100644
--- a/src/chrome/content/rules/EXiled.xml
+++ b/src/chrome/content/rules/EXiled.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?exiledonline\.com/(favicon\.ico|slider/|wp-content/)"
 		to="https://exiledonline.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EZGram.xml b/src/chrome/content/rules/EZGram.xml
deleted file mode 100644
index b1fae66aba7e..000000000000
--- a/src/chrome/content/rules/EZGram.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="EZGram">
-  <target host="ezgram.com" />
-  <target host="www.ezgram.com" />
-  <securecookie host="^(www)?\.ezgram\.com$" name=".+" />
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/EZOSHosting.xml b/src/chrome/content/rules/EZOSHosting.xml
index 447be5c17c44..6c8925ed67d0 100644
--- a/src/chrome/content/rules/EZOSHosting.xml
+++ b/src/chrome/content/rules/EZOSHosting.xml
@@ -35,7 +35,9 @@
 <ruleset name="EZOSHosting (false MCB)" platform="mixedcontent">
 
 	<target host="ezoshosting.com" />
-	<target host="*.ezoshosting.com" />
+	<target host="cdn.ezoshosting.com" />
+	<target host="support.ezoshosting.com" />
+	<target host="www.ezoshosting.com" />
 
 
 	<securecookie host="^.*\.ezoshosting\.com$" name=".+" />
diff --git a/src/chrome/content/rules/EZTV.xml b/src/chrome/content/rules/EZTV.xml
index f7d326ac07b5..4d2ec4115c09 100644
--- a/src/chrome/content/rules/EZTV.xml
+++ b/src/chrome/content/rules/EZTV.xml
@@ -8,7 +8,7 @@ Fetch error: http://ezrss.it/ => https://ezrss.it/: (28, 'Resolving timed out af
 Fetch error: http://www.ezrss.it/ => https://ezrss.it/: (28, 'Resolving timed out after 10519 milliseconds')
 Fetch error: http://eztv.it/ => https://eztv.it/: (6, 'Could not resolve host: eztv.it')
 -->
-<ruleset name="EZTV" default_off='failed ruleset test'>
+<ruleset name="EZTV" default_off="failed ruleset test">
 
 	<target host="ezimg.it" />
 	<target host="*.ezimg.it" />
diff --git a/src/chrome/content/rules/Eager.io.xml b/src/chrome/content/rules/Eager.io.xml
index 4fef06c921b6..927c882b344c 100644
--- a/src/chrome/content/rules/Eager.io.xml
+++ b/src/chrome/content/rules/Eager.io.xml
@@ -3,17 +3,24 @@
 
 		- store.eager.io
 
+  May 7, 2020: This service now exists with Cloudflare apps as of 2017
+
+  Refused:
+    - bus.*
+    - embedded.*
+    - dev.*
+    - status.*
 -->
 <ruleset name="eager.io">
 
 	<target host="eager.io" />
-	<target host="*.eager.io" />
-
-
-	<rule from="^http://((?:bus|embedded|dev|www)\.)?eager\.io/"
-		to="https://$1eager.io/" />
+	<target host="www.eager.io" />
 
-	<rule from="^http://status\.eager\.io/"
+	<!--
+    Removing since base url now redirects to a page signaling how service is inactive
+    <rule from="^http://status\.eager\.io/"
 		to="https://eager.statuspage.io/" />
+  -->
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Eagle_Rock_Reservation.xml b/src/chrome/content/rules/Eagle_Rock_Reservation.xml
index e6e72993977b..efd5a4dbd204 100644
--- a/src/chrome/content/rules/Eagle_Rock_Reservation.xml
+++ b/src/chrome/content/rules/Eagle_Rock_Reservation.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?eaglerockreservation\.org/"
 		to="https://eaglerockreservation.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EarthLink.xml b/src/chrome/content/rules/EarthLink.xml
index c79fcbc8bacb..fa2d88ea480b 100644
--- a/src/chrome/content/rules/EarthLink.xml
+++ b/src/chrome/content/rules/EarthLink.xml
@@ -1,18 +1,18 @@
 <!--
 	default_off (1): Breaks certain pop-up content, such as
-		the "Find Internet access numbers" option at 
+		the "Find Internet access numbers" option at
 
 		http://www.earthlink.net/membercenter/gethelp.faces
 
 
-	default_off (2): Another possible problem is the use of the "Call Me" 
-		function (next to the "Chat Now" function) at a page such as 
+	default_off (2): Another possible problem is the use of the "Call Me"
+		function (next to the "Chat Now" function) at a page such as
 
 		http://www.earthlink.net/software/staysafe.faces?tab=norton360
 
 		This function displays a popup with the two
 		options, "Live Sales Agent" and "Live Support Agent". Clicking
-		on one of these options produce another popup which might be 
+		on one of these options produce another popup which might be
 		broken with regard to not including all of its content.
 
 
diff --git a/src/chrome/content/rules/Earth_and_Space_Research.xml b/src/chrome/content/rules/Earth_and_Space_Research.xml
index 4f34f237ff54..1c0f2af86ce1 100644
--- a/src/chrome/content/rules/Earth_and_Space_Research.xml
+++ b/src/chrome/content/rules/Earth_and_Space_Research.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Easily.co.uk.xml b/src/chrome/content/rules/Easily.co.uk.xml
index 55f9b449117e..30772707d56d 100644
--- a/src/chrome/content/rules/Easily.co.uk.xml
+++ b/src/chrome/content/rules/Easily.co.uk.xml
@@ -13,7 +13,8 @@
 <ruleset name="Easily.co.uk (partial)">
 
 	<target host="easily.co.uk" />
-	<target host="*.easily.co.uk" />
+	<target host="webmail.easily.co.uk" />
+	<target host="www.easily.co.uk" />
 
 
 	<securecookie host="^easily\.co\.uk$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://(?:(webmail\.)|www\.)?easily\.co\.uk/"
 		to="https://$1easily.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml b/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml
index 9b327d365c1d..a978837ac72e 100644
--- a/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml
+++ b/src/chrome/content/rules/East-Northamptonshire.gov.uk.xml
@@ -29,7 +29,7 @@
 		- .www.east-northamptonshire.gov.uk
 
 -->
-<ruleset name="East-Northamptonshire.gov.uk (partial)" default_off="missing certificate chain">
+<ruleset name="East-Northamptonshire.gov.uk (partial)" default_off="cert-chain">
 
 	<target host="east-northamptonshire.gov.uk" />
 	<target host="www.east-northamptonshire.gov.uk" />
diff --git a/src/chrome/content/rules/East_Riding.gov.uk.xml b/src/chrome/content/rules/East_Riding.gov.uk.xml
index ec5d168335a9..d0e5cf4cd857 100644
--- a/src/chrome/content/rules/East_Riding.gov.uk.xml
+++ b/src/chrome/content/rules/East_Riding.gov.uk.xml
@@ -71,7 +71,7 @@ Non-2xx HTTP code: http://consult.eastriding.gov.uk/ (200) => https://eastriding
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="East Riding.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="East Riding.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Eastbay-problematic.xml b/src/chrome/content/rules/Eastbay-problematic.xml
index 453d9cb1e000..9367eb80294c 100644
--- a/src/chrome/content/rules/Eastbay-problematic.xml
+++ b/src/chrome/content/rules/Eastbay-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eastbay.xml b/src/chrome/content/rules/Eastbay.xml
index f8829f27af2a..dca7e9d312a6 100644
--- a/src/chrome/content/rules/Eastbay.xml
+++ b/src/chrome/content/rules/Eastbay.xml
@@ -35,7 +35,10 @@ Fetch error: http://eastbay.com/ => https://www.eastbay.com/: Cycle detected - U
 <ruleset name="Eastbay (partial)">
 
 	<target host="eastbay.com" />
-	<target host="*.eastbay.com" />
+	<target host="www.eastbay.com" />
+	<target host="images.eastbay.com" />
+	<target host="m.eastbay.com" />
+	<target host="teamsales.eastbay.com" />
 
 
 	<securecookie host="^.*\.eastbay\.com$" name=".+" />
@@ -44,7 +47,6 @@ Fetch error: http://eastbay.com/ => https://www.eastbay.com/: Cycle detected - U
 	<rule from="^http://(?:www\.)?eastbay\.com/"
 		to="https://www.eastbay.com/" />
 
-	<rule from="^http://(images|m|teamsales)\.eastbay\.com/"
-		to="https://$1.eastbay.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Eastbay_Team_Services.xml b/src/chrome/content/rules/Eastbay_Team_Services.xml
index d2d5911b8c34..36ca8a42d24b 100644
--- a/src/chrome/content/rules/Eastbay_Team_Services.xml
+++ b/src/chrome/content/rules/Eastbay_Team_Services.xml
@@ -14,16 +14,14 @@ Fetch error: http://eastbayteamservices.com/ => http://eastbayteamservices.com/:
 		- ^		(expired, cert only matches www)
 
 -->
-<ruleset name="Eastbay Team Services" default_off='failed ruleset test'>
+<ruleset name="Eastbay Team Services" default_off="failed ruleset test">
 
-	<target host="eastbayteamservices.com" />
 	<target host="www.eastbayteamservices.com" />
 
 
 	<securecookie host="^www\.eastbayteamservices\.com$" name=".+" />
 
 
-	<rule from="^http://www\.eastbayteamservices\.com/"
-		to="https://www.eastbayteamservices.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Eastday.com.xml b/src/chrome/content/rules/Eastday.com.xml
index 48a4a19cc300..52cdd1fac21a 100644
--- a/src/chrome/content/rules/Eastday.com.xml
+++ b/src/chrome/content/rules/Eastday.com.xml
@@ -1,35 +1,29 @@
 <!--
-	404:
-		tongji.eastday.com	( https://tongji.eastday.com/webdig.js?z=1 )
-		
+	503:
+		photo.eastday.com
+
 	Invalid certificate:
-		finance.eastday.com
-		history.eastday.com
-		sh.eastday.com
-		shurufa.eastday.com
-		shzw.eastday.com
-		xiangguan.eastday.com
+		jiaoben.eastday.com		https://jiaoben.eastday.com/cpro/ui/cm.js
+		tongji.eastday.com		https://tongji.eastday.com/webdig.js?z=1
+
+	different http/https content:
+		login.eastday.com
 
 	MCB:
 		^
+  		finance.eastday.com
 		flashmedia.eastday.com	( break videos in imedia.eastday.com )
+		history.eastday.com
 		imedia.eastday.com
 		mtianqi.eastday.com
 		paihang.eastday.com
 		pinglun.eastday.com
 		sh.eastday.com
+		shurufa.eastday.com
 		tianqi.eastday.com
-
-	Redirect to http:
-		enjoy.eastday.com
-		health.eastday.com
-		login.eastday.com
-		lyb.eastday.com	http://lyb.eastday.com/js/jquery.js
-		photo.eastday.com
 		tj.eastday.com
 		wap.eastday.com
 -->
-
 <ruleset name="Eastday.com (partial)">
 
 	<!--	MCB:	-->
@@ -57,7 +51,7 @@
 	<target host="ejnews.eastday.com" />
 		<exclusion pattern="^http://ejnews\.eastday\.com/$" />
 		<test url="http://ejnews.eastday.com/images/sh120113/zt.js" />
-		
+
 	<target host="imedia.eastday.com" />
 		<exclusion pattern="^http://imedia\.eastday\.com/(?!images/)" />
 		<test url="http://imedia.eastday.com/images/2015imedia/b1.gif" />
@@ -97,6 +91,8 @@
 	<!--	Directly:	-->
 	<target host="afpimages.eastday.com" />
 		<test url="http://afpimages.eastday.com/k.js" />
+	<target host="enjoy.eastday.com" />
+	<target host="health.eastday.com" />
 	<target host="imgmil.eastday.com" />
 		<test url="http://imgmil.eastday.com/pushimg/20161212/584e1199a779c.jpg" />
 	<target host="imgmini.eastday.com" />
@@ -112,13 +108,14 @@
 	<target host="08.imgmini.eastday.com" />
 	<target host="09.imgmini.eastday.com" />
 		<test url="http://05.imgmini.eastday.com/mobile/20160827/20160827120443_b10094c4f51439e37f60ce59e827439c_1_mwpm_03200403.png" />
-	<target host="jiaoben.eastday.com" />
-		<test url="http://jiaoben.eastday.com/cpro/ui/cm.js" />
+	<target host="lyb.eastday.com" />
+		<test url="http://lyb.eastday.com/js/jquery.js" />
 	<target host="mini.eastday.com" />
 		<test url="http://mini.eastday.com/a/161212080919764.html" />
 		<test url="http://mini.eastday.com/world.html" />
 	<target host="mv.eastday.com" />
 		<test url="http://mv.eastday.com/vzixun/20161217/20161217112605684656260_1_06400360.mp4" />
+	<target host="shzw.eastday.com" />
 	<target host="video.eastday.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/EasterSeals.org.xml b/src/chrome/content/rules/EasterSeals.org.xml
new file mode 100644
index 000000000000..56ae9f71d709
--- /dev/null
+++ b/src/chrome/content/rules/EasterSeals.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="EasterSeals.org">
+	<target host="easterseals.org" />
+	<target host="www.easterseals.org" />
+	<target host="education.easterseals.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eastern-Collegiate-Taekwondo-Conference.xml b/src/chrome/content/rules/Eastern-Collegiate-Taekwondo-Conference.xml
deleted file mode 100644
index b3bb685515ae..000000000000
--- a/src/chrome/content/rules/Eastern-Collegiate-Taekwondo-Conference.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Eastern Collegiate Taekwondo Conference" default_off="mismatched">
-
-	<!--	Cert: *.bluehost.com	-->
-	<target host="ectc-online.org" />
-	<target host="www.ectc-online.org" />
-
-
-	<!--	Transfers past a certain limit (21615 < lim < 178417) throw 200 "TOO FAT"
-	<rule from="^http://(?:www\.)?ectc-online\.org/"
-		to="https://secure.bluehost.com/~ectconli/" /-->
-
-	<rule from="^http://(?:www\.)?ectc-online\.org/"
-		to="https://ectc-online.org/~ectconli/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EasyChair.org.xml b/src/chrome/content/rules/EasyChair.org.xml
index bf44664d06ee..1796d95d2b6c 100644
--- a/src/chrome/content/rules/EasyChair.org.xml
+++ b/src/chrome/content/rules/EasyChair.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://easychair.org/ => https://easychair.org/: Too many redirects while fetching 'https://easychair.org/'
 
 -->
-<ruleset name="EasyChair.org (partial)" default_off='failed ruleset test'>
+<ruleset name="EasyChair.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/EasyDNS.xml b/src/chrome/content/rules/EasyDNS.xml
index 8e22e417d5c2..de76451ee8e1 100644
--- a/src/chrome/content/rules/EasyDNS.xml
+++ b/src/chrome/content/rules/EasyDNS.xml
@@ -72,7 +72,7 @@ Fetch error: http://nps.easydns.com/ => https://nps.easydns.com/: (28, 'Connecti
 			- signup.easydns.com from ws-na.amazon-adsystem.com
 
 -->
-<ruleset name="easyDNS (partial)" default_off='failed ruleset test'>
+<ruleset name="easyDNS (partial)" default_off="failed ruleset test">
 
 	<target host="easydns.net" />
 	<target host="*.easydns.net" />
diff --git a/src/chrome/content/rules/EasyJet.com.xml b/src/chrome/content/rules/EasyJet.com.xml
index 02c061a3334f..946cbf0915dc 100644
--- a/src/chrome/content/rules/EasyJet.com.xml
+++ b/src/chrome/content/rules/EasyJet.com.xml
@@ -50,10 +50,14 @@ Non-2xx HTTP code: http://easyjet.com/ (200) => http://easyjet.com/ (403)
 	* Rule disabled by default
 
 -->
-<ruleset name="easyJet.com (partial)" default_off='failed ruleset test'>
+<ruleset name="easyJet.com (partial)" default_off="failed ruleset test">
 
 	<target host="easyjet.com" />
-	<target host="*.easyjet.com" />
+	<target host="www.easyjet.com" />
+	<target host="onboarding.easyjet.com" />
+	<target host="js.sc.easyjet.com" />
+	<target host="media.sc.easyjet.com" />
+	<target host="stafftravel.easyjet.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/EasyNews.com.xml b/src/chrome/content/rules/EasyNews.com.xml
new file mode 100644
index 000000000000..3f0da2e311d8
--- /dev/null
+++ b/src/chrome/content/rules/EasyNews.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- mirrors.easynews.com
+
+		SSL peer certificate was not OK:
+		- files.easynews.com
+		- forteapn.easynews.com
+		- forteapn20.easynews.com
+		- forteapn60.easynews.com
+-->
+<ruleset name="EasyNews.com">
+	<target host="easynews.com" />
+	<target host="www.easynews.com" />
+	<target host="account.easynews.com" />
+	<target host="blog.easynews.com" />
+	<target host="help.easynews.com" />
+	<target host="members.easynews.com" />
+	<test url="http://members.easynews.com/login/" />
+	<target host="secure.members.easynews.com" />
+	<test url="http://secure.members.easynews.com/login/" />
+	<target host="members-dev.easynews.com" />
+	<test url="http://members-dev.easynews.com/login/" />
+	<target host="signup.easynews.com" />
+	<target host="signup2.easynews.com" />
+	<target host="www-dev.easynews.com" />
+	<target host="www2.easynews.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EasyNews.xml b/src/chrome/content/rules/EasyNews.xml
deleted file mode 100644
index 93c2cb5ad1ba..000000000000
--- a/src/chrome/content/rules/EasyNews.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="EasyNews">
-  <target host="www.easynews.com" />
-  <target host="easynews.com" />
-  <target host="members.easynews.com" />
-
-  <rule from="^http://(?:www\.)?easynews\.com/" to="https://easynews.com/"/>
-  <rule from="^http://members\.easynews\.com/" to="https://secure.members.easynews.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/EasyVoiceBiometrics.xml b/src/chrome/content/rules/EasyVoiceBiometrics.xml
index 2ce4fa7ff418..c53b53bfde80 100644
--- a/src/chrome/content/rules/EasyVoiceBiometrics.xml
+++ b/src/chrome/content/rules/EasyVoiceBiometrics.xml
@@ -1,10 +1,10 @@
 <ruleset name="EasyVoiceBiometrics" default_off="mismatched">
 
 	<target host="easyvoicebiometrics.com" />
-	<target host="*.easyvoicebiometrics.com" />
+	<target host="www.easyvoicebiometrics.com" />
 
 
-	<securecookie host="^(?:.*\.)?easyvoicebiometrics\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?easyvoicebiometrics\.com/"
diff --git a/src/chrome/content/rules/Easy_Hebergement.xml b/src/chrome/content/rules/Easy_Hebergement.xml
index bad7093ce82b..09f8f71d7f13 100644
--- a/src/chrome/content/rules/Easy_Hebergement.xml
+++ b/src/chrome/content/rules/Easy_Hebergement.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://support.easy-hebergement.fr/ => https://support.easy-hebergement.fr/: (6, 'Could not resolve host: support.easy-hebergement.fr')
 
 -->
-<ruleset name="Easy Hébergement" default_off='failed ruleset test'>
+<ruleset name="Easy Hébergement" default_off="failed ruleset test">
 
 	<target host="easy-hebergement.fr" />
 	<target host="clients.easy-hebergement.fr" />
@@ -20,4 +20,4 @@ Fetch error: http://support.easy-hebergement.fr/ => https://support.easy-heberge
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Easyspace.xml b/src/chrome/content/rules/Easyspace.xml
index 16b308e7f24d..b1335ea42a43 100644
--- a/src/chrome/content/rules/Easyspace.xml
+++ b/src/chrome/content/rules/Easyspace.xml
@@ -12,13 +12,12 @@
 -->
 <ruleset name="Easyspace (partial)">
 
-	<target host="*.easyspace.com" />
+	<target host="controlpanel.easyspace.com" />
 
 
-	<securecookie host="^.*\.easyspace\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://controlpanel\.easyspace\.com/"
-		to="https://controlpanel.easyspace.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Easywallet.org.xml b/src/chrome/content/rules/Easywallet.org.xml
index f851b8a4284f..beec998dbe73 100644
--- a/src/chrome/content/rules/Easywallet.org.xml
+++ b/src/chrome/content/rules/Easywallet.org.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EatbyDate.com.xml b/src/chrome/content/rules/EatbyDate.com.xml
new file mode 100644
index 000000000000..c4c638a17623
--- /dev/null
+++ b/src/chrome/content/rules/EatbyDate.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="EatByDate.com">
+	<target host="eatbydate.com" />
+	<target host="www.eatbydate.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ebis.ne.jp.xml b/src/chrome/content/rules/Ebis.ne.jp.xml
index 42f77f65cdcc..cad4ceda8a90 100644
--- a/src/chrome/content/rules/Ebis.ne.jp.xml
+++ b/src/chrome/content/rules/Ebis.ne.jp.xml
@@ -21,7 +21,7 @@
 
 	¹ Unsecurable <= shows another domain
 	² Unsecurable <= refused
-	
+
 -->
 <ruleset name="EBiS.ne.jp">
 
diff --git a/src/chrome/content/rules/Ebuyer.com.xml b/src/chrome/content/rules/Ebuyer.com.xml
index b0ab7adf3afe..6b9db4664594 100644
--- a/src/chrome/content/rules/Ebuyer.com.xml
+++ b/src/chrome/content/rules/Ebuyer.com.xml
@@ -29,7 +29,7 @@
 		- image
 		- forums
 		- orders
-		- static		
+		- static
 
 
 	These altnames don't exist:
@@ -53,7 +53,12 @@
 		duplicate target warning by blanket-rewriting !www here.
 					-->
 	<target host="ebuyer.com" />
-	<target host="*.ebuyer.com" />
+	<target host="accounts.ebuyer.com" />
+	<target host="image.ebuyer.com" />
+	<target host="orders.ebuyer.com" />
+	<target host="static.ebuyer.com" />
+	<target host="www.ebuyer.com" />
+	<target host="blog.ebuyer.com" />
 		<!--
 			Avoid false/broken MCB:
 						-->
diff --git a/src/chrome/content/rules/Ebuzzing.xml b/src/chrome/content/rules/Ebuzzing.xml
index 21e0e2c73ecc..9a885683fd1d 100644
--- a/src/chrome/content/rules/Ebuzzing.xml
+++ b/src/chrome/content/rules/Ebuzzing.xml
@@ -42,7 +42,7 @@ Fetch error: http://ebuzzing.de/ => https://social.ebuzzing.de/: (51, "SSL: no a
 		- www.ebuzzing.com	(prints domain name)
 
 -->
-<ruleset name="ebuzzing (partial)" default_off='failed ruleset test'>
+<ruleset name="ebuzzing (partial)" default_off="failed ruleset test">
 
 	<target host="ebuzzing.com" />
 	<target host="www.ebuzzing.com" />
diff --git a/src/chrome/content/rules/EchoDitto.com.xml b/src/chrome/content/rules/EchoDitto.com.xml
index 60f1fe18a2e1..9965895b8b75 100644
--- a/src/chrome/content/rules/EchoDitto.com.xml
+++ b/src/chrome/content/rules/EchoDitto.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://echoditto.com/ => https://echoditto.com/: (51, "SSL: no alte
 Disabled by https-everywhere-checker because:
 Fetch error: http://echoditto.com/ => https://echoditto.com/: (51, "SSL: no alternative certificate subject name matches target host name 'echoditto.com'")
 -->
-<ruleset name="EchoDitto.com" default_off='failed ruleset test'>
+<ruleset name="EchoDitto.com" default_off="failed ruleset test">
 
 	<target host="echoditto.com" />
 	<target host="www.echoditto.com" />
@@ -17,4 +17,4 @@ Fetch error: http://echoditto.com/ => https://echoditto.com/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Echoplex.us.xml b/src/chrome/content/rules/Echoplex.us.xml
index 855e36e26403..8326f9af644f 100644
--- a/src/chrome/content/rules/Echoplex.us.xml
+++ b/src/chrome/content/rules/Echoplex.us.xml
@@ -32,7 +32,7 @@ Fetch error: http://www.echoplex.us/ => https://echoplex.us/: (60, 'SSL certific
 		- chat
 
 -->
-<ruleset name="echoplex.us (partial)" default_off='failed ruleset test'>
+<ruleset name="echoplex.us (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Eclipse.xml b/src/chrome/content/rules/Eclipse.xml
index d2f4c685be98..f948f28732f8 100644
--- a/src/chrome/content/rules/Eclipse.xml
+++ b/src/chrome/content/rules/Eclipse.xml
@@ -1,26 +1,71 @@
 <!--
-	Nonfunctional domains:
+	Connection refused:
+		- hono.eclipse.org
+		- leshan.eclipse.org
+		- rtsc.eclipse.org
 
-		download.eclipse.org
+	SSL error:
+		- rdf4j.eclipse.org
 
+	Timed out:
+		- archive.eclipse.org
+		- dirigible.eclipse.org
+		- download.eclipse.org
+		- recommenders.eclipse.org
+		- vorto.eclipse.org
+
+	Wrong server:
+		- build.eclipse.org
 -->
-<ruleset name="Eclipse (partial)">
 
+<ruleset name="Eclipse.org">
 	<target host="eclipse.org" />
+	<target host="www.eclipse.org" />
+	<target host="accounts.eclipse.org" />
+	<target host="api.eclipse.org" />
+	<target host="archive-mirror.eclipse.org" />
+	<target host="babel.eclipse.org" />
+	<target host="blogs.eclipse.org" />
 	<target host="bugs.eclipse.org" />
+	<target host="che.eclipse.org" />
+	<target host="ci.eclipse.org" />
 	<target host="dev.eclipse.org" />
+	<target host="ditto.eclipse.org" />
+	<target host="events.eclipse.org" />
+	<target host="forums.eclipse.org" />
 	<target host="git.eclipse.org" />
-	<target host="www.eclipse.org" />
-	<target host="wiki.eclipse.org" />
+	<target host="help.eclipse.org" />
+	<target host="hudson.eclipse.org" />
+	<target host="iot.eclipse.org" />
+	<target host="kapua.eclipse.org" />
+	<target host="live.eclipse.org" />
+	<target host="lts.eclipse.org" />
 	<target host="marketplace.eclipse.org" />
-	<target host="eclipsecon.org" />
-
-	<test url="http://marketplace.eclipse.org/category/markets/tools" />
-	<test url="http://marketplace.eclipse.org/my_marketplace" />
-	<test url="http://marketplace.eclipse.org/add_content" />
+	<target host="mattermost.eclipse.org" />
+	<target host="mattermost-test.eclipse.org" />
+	<target host="openpass.eclipse.org" />
+	<target host="orion.eclipse.org" />
+	<target host="*.orion.eclipse.org" />
+		<test url="http://www.orion.eclipse.org/foo?bar" />
+		<test url="http://a.b.orion.eclipse.org/" />
+		<test url="http://test7.orion.eclipse.org/" />
+	<target host="packagedrone.eclipse.org" />
+	<target host="phoenix.eclipse.org" />
+	<target host="planet.eclipse.org" />
+	<target host="portal.eclipse.org" />
+	<target host="projects.eclipse.org" />
+	<target host="pulsar.eclipse.org" />
+	<target host="repo.eclipse.org" />
+	<target host="science.eclipse.org" />
+	<target host="status.eclipse.org" />
+	<target host="tuleap.eclipse.org" />
+	<target host="udc.eclipse.org" />
+	<target host="unide.eclipse.org" />
+	<target host="wiki.eclipse.org" />
+	<target host="wikitest.eclipse.org" />
 
-	<securecookie host="^bugs\.eclipse\.org$" name=".+" />
+	<rule from="^http://([\w.-]+)\.orion\.eclipse\.org/"
+		to="https://orion.eclipse.org/" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/EclipseCon.org.xml b/src/chrome/content/rules/EclipseCon.org.xml
new file mode 100644
index 000000000000..d90c56ef990e
--- /dev/null
+++ b/src/chrome/content/rules/EclipseCon.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="EclipseCon.org">
+	<target host="eclipsecon.org" />
+	<target host="www.eclipsecon.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ecm74.com.xml b/src/chrome/content/rules/Ecm74.com.xml
index f07ae539b0b8..380a07d8f05c 100644
--- a/src/chrome/content/rules/Ecm74.com.xml
+++ b/src/chrome/content/rules/Ecm74.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.ecm74.com/ => https://ecm74.com/: (35, 'Unknown SSL prot
 	www: cert only matches ^ecm74.com.
 
 -->
-<ruleset name="ecm74.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ecm74.com (partial)" default_off="failed ruleset test">
 
 	<target host="ecm74.com" />
 	<target host="www.ecm74.com" />
diff --git a/src/chrome/content/rules/Econoday.com.xml b/src/chrome/content/rules/Econoday.com.xml
new file mode 100644
index 000000000000..b103727547a7
--- /dev/null
+++ b/src/chrome/content/rules/Econoday.com.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Different content:
+		- broadcast.econoday.com
+		- investorjournals.econoday.com
+-->
+<ruleset name="Econoday.com">
+	<target host="econoday.com" />
+	<target host="www.econoday.com" />
+	<target host="abasic.econoday.com" />
+	<target host="anasdaq.econoday.com" />
+	<target host="aplus.econoday.com" />
+	<target host="apremium.econoday.com" />
+	<target host="b-us.econoday.com" />
+	<target host="barrons.econoday.com" />
+	<target host="basic.econoday.com" />
+	<target host="bloomberg.econoday.com" />
+	<target host="calendar.econoday.com" />
+	<target host="cityindex.econoday.com" />
+	<target host="cme-tr.econoday.com" />
+	<target host="fidelity.econoday.com" />
+	<target host="fidelity-fcm.econoday.com" />
+	<target host="fidelityfiplus.econoday.com" />
+	<target host="fidweek.econoday.com" />
+	<target host="fmmagazine.econoday.com" />
+	<target host="global.econoday.com" />
+	<target host="global-premium.econoday.com" />
+	<target host="globalbasic.econoday.com" />
+	<target host="ibd.econoday.com" />
+	<target host="idiventures.econoday.com" />
+	<target host="kbondpoint.econoday.com" />
+	<target host="mam.econoday.com" />
+	<target host="my.econoday.com" />
+	<target host="optionsclick.econoday.com" />
+	<target host="premium.econoday.com" />
+	<target host="quoddbasic.econoday.com" />
+	<target host="shop.econoday.com" />
+	<target host="store.econoday.com" />
+	<target host="us.econoday.com" />
+	<target host="wsj-global.econoday.com" />
+	<target host="wsj-us.econoday.com" />
+	<target host="www1.econoday.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Economic-Policy-Institute.xml b/src/chrome/content/rules/Economic-Policy-Institute.xml
index 32e3228488ab..07f05419c812 100644
--- a/src/chrome/content/rules/Economic-Policy-Institute.xml
+++ b/src/chrome/content/rules/Economic-Policy-Institute.xml
@@ -9,7 +9,9 @@
 -->
 <ruleset name="Economic Policy Institute (partial)">
 
-	<target host="*.epi.org" />
+	<target host="www.epi.org" />
+	<target host="my.epi.org" />
+	<target host="secure.epi.org" />
 	<!--	* for cross-domain cookie.	-->
 
 
diff --git a/src/chrome/content/rules/Economist.xml b/src/chrome/content/rules/Economist.xml
index 3693811881bb..9015d8ce8b3a 100644
--- a/src/chrome/content/rules/Economist.xml
+++ b/src/chrome/content/rules/Economist.xml
@@ -1,10 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.jobs.economist.com/ => https://www.jobs.economist.com/: (6, 'Could not resolve host: www.jobs.economist.com')
-Fetch error: http://libertymutual.economist.com/ => https://libertymutual.economist.com/: (6, 'Could not resolve host: libertymutual.economist.com')
-Fetch error: http://store.economist.com/ => https://store.economist.com/: (51, "SSL: no alternative certificate subject name matches target host name 'store.economist.com'")
-
 	Other Economist Group rulesets:
 
 		- Roll_Call.com.xml
@@ -14,12 +8,9 @@ Fetch error: http://store.economist.com/ => https://store.economist.com/: (51, "
 
 	Problematic hosts in *economist.com:
 
-		- ^ ¹
-		- stats ²
-
-	¹ Handshake fails
-	² Mismatched
-
+		- stats (mismatched)
+		- store (mismatched)
+		- success (expired)
 
 	These altnames don't exist:
 
@@ -28,18 +19,6 @@ Fetch error: http://store.economist.com/ => https://store.economist.com/: (51, "
 		- subscriptions.economist.com
 		- www.success.economist.com
 
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .economist.com
-		- .gmat.economist.com
-		- app.gmat.economist.com
-		- jobs.economist.com
-		- subscriptions.economist.com
-		- .subscriptions.economist.com
-		- www.economist.com
-
-
 	Mixed content:
 
 		- Bugs on execed from ads.whichmba.com *
@@ -47,76 +26,33 @@ Fetch error: http://store.economist.com/ => https://store.economist.com/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="Economist.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Economist.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
+	<target host="economist.com" />
+	<target host="www.economist.com" />
+	<target host="authenticate.economist.com" />
 	<target host="execed.economist.com" />
 	<target host="gmat.economist.com" />
 	<target host="app.gmat.economist.com" />
 	<target host="jobs.economist.com" />
-	<target host="www.jobs.economist.com" />
-	<target host="libertymutual.economist.com" />
 	<target host="media.economist.com" />
-	<target host="store.economist.com" />
+	<target host="shop.economist.com" />
 	<target host="www.store.economist.com" />
 	<target host="subscription.economist.com" />
 	<target host="subscriptions.economist.com" />
-	<target host="success.economist.com" />
-	<target host="www.economist.com" />
+	<target host="ukshop.economist.com" />
 
 	<!--	Complications:
 				-->
-	<target host="economist.com" />
 	<target host="stats.economist.com" />
+	<target host="store.economist.com" />
+
+	<securecookie host=".+" name=".+" />
 
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.economist\.com/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.economist\.com/+(?!(?:debate|user)(?:$|[?/])|favicon\.ico|sites/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.economist.com/blogs" />
-			<test url="http://www.economist.com/contact-info" />
-			<test url="http://www.economist.com/economics-a-to-z" />
-			<test url="http://www.economist.com/events-conferences" />
-			<test url="http://www.economist.com/multimedia" />
-			<test url="http://www.economist.com/topics" />
-			<test url="http://www.economist.com/whichmba" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.economist.com/debate" />
-			<test url="http://www.economist.com/favicon.ico" />
-			<test url="http://www.economist.com/sites/all/themes/econfinal/styles/ec-static.css" />
-			<test url="http://www.economist.com/user/login" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.economist\.com$" name="^__qca$" /-->
-	<!--securecookie host="^\.gmat\.economist\.com$" name="^(?:geoipcountry|is_authenticated)$" /-->
-	<!--securecookie host="^app\.gmat\.economist\.com$" name="^csrftoken$" /-->
-	<!--securecookie host="^jobs\.economist\.com$" name="^(?:AnonymousUserId|BrowserSession|FixedFacetDefaults)$" /-->
-	<!--securecookie host="^subscriptions\.economist\.com$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^\.subscriptions\.economist\.com$" name="^_tokamecom_$" /-->
-	<!--
-		(Incapsula cookies:)
-					-->
-	<!--securecookie host="^\.economist\.com$" name="^___utm\w+$" /-->
-	<!--securecookie host="^www\.economist\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
-
-	<securecookie host="^\.economist\.com$" name="^__(?:qca|_utm\w+)$" />
-	<securecookie host="^(?:(?:app)?\.gmat|jobs|\.?subscriptions)\.economist\.com$" name=".+" />
-	<securecookie host="^www\.economist\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
-
-
-	<rule from="^http://economist\.com/"
-		to="https://www.economist.com/" />
+	<rule from="^http://store\.economist\.com/"
+		to="https://shop.economist.com/" />
 
 	<rule from="^http://stats\.economist\.com/"
 		to="https://economist.122.2o7.net/" />
diff --git a/src/chrome/content/rules/Economist_Intelligence_Unit.xml b/src/chrome/content/rules/Economist_Intelligence_Unit.xml
index fbe7e8126fe8..e3b6ba5a9969 100644
--- a/src/chrome/content/rules/Economist_Intelligence_Unit.xml
+++ b/src/chrome/content/rules/Economist_Intelligence_Unit.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ecosia.org.xml b/src/chrome/content/rules/Ecosia.org.xml
index 656a8e6b1369..3d7f6c73dbc3 100644
--- a/src/chrome/content/rules/Ecosia.org.xml
+++ b/src/chrome/content/rules/Ecosia.org.xml
@@ -1,10 +1,27 @@
 <ruleset name="Ecosia">
-  <target host=    "ecosia.org" />
-  <target host="www.ecosia.org" />
-  <target host="info.ecosia.org" />
-
-  <securecookie host="^(www\.|info.)?ecosia\.org$" name=".+" />
-
-  <rule from="^http:"
+	<target host="ecosia.org" />
+	<target host="*.ecosia.org" />
+	<target host="ecosia.co" />
+	
+	<test url="http://analytics.ecosia.org/analytics.js"/>
+	<test url="http://blog.ecosia.org/content/images/2018/06/We-re-now-in-Peru-and-Madagascar-1.jpg"/>
+	<test url="http://blog.ecosia.org/ecosia-financial-reports-tree-planting-receipts/"/>
+	<test url="http://blog.ecosia.org/tag/where-does-ecosia-plant-trees/"/>
+	<test url="http://fr.blog.ecosia.org/1000-arbres-en-une-journee-ou-comment-deux-femmes-bousculent-les-regles-de-lagriculture/"/>
+	<test url="http://fr.blog.ecosia.org/content/images/2020/02/spain_country_ecosia-2.jpg"/>
+	<test url="http://de.blog.ecosia.org/bleibt-hambi-2020/"/>
+	<test url="http://de.blog.ecosia.org/content/images/2020/02/header.jpg"/>
+	<test url="http://cdn.ecosia.org/indexpage/aa50167238dc1cdde5ee.js"/>
+	<test url="http://cdn.ecosia.org/og/facebook.jpg"/>
+	<test url="http://cdn.ecosia.org/manifest.json"/>
+	<test url="http://design.ecosia.org/#/Brand/Design%20principles"/>
+	<test url="http://hotels.ecosia.org/Place/Myrtle_Beach.htm"/>
+	<test url="http://info.ecosia.org/assets/scripts/bundle-21187f8dc4.js"/>
+	<test url="http://info.ecosia.org/privacy"/>
+	<test url="http://ps.ecosia.org/FVh3ot2zPwDMi43LjI.js"/>
+	<test url="http://videos-cdn.ecosia.org/video-en-81a0480ed573f7d7d5d4e58559d30ded.webm"/>
+	<test url="http://www.ecosia.org/ecosia-news"/>
+	
+	<rule from="^http:"
           to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ecwid.com.xml b/src/chrome/content/rules/Ecwid.com.xml
new file mode 100644
index 000000000000..2754efd0960d
--- /dev/null
+++ b/src/chrome/content/rules/Ecwid.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Note: each customer of ecwid.com get its own subdomains,
+		at least some of them support HTTPS properly.
+
+	Non-functional hosts:
+		Incomplete certificate chain error:
+		- ideas.ecwid.com
+-->
+<ruleset name="Ecwid.com (partial)">
+
+	<target host="ecwid.com" />
+	<target host="www.ecwid.com" />
+	<target host="images-cdn.ecwid.com" />
+	<target host="kb.ecwid.com" />
+	<target host="my.ecwid.com" />
+	<target host="static.ecwid.com" />
+	<target host="support.ecwid.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ecwid.xml b/src/chrome/content/rules/Ecwid.xml
deleted file mode 100644
index 73acc10fd927..000000000000
--- a/src/chrome/content/rules/Ecwid.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dj925myfyz5v.cloudfront.net
-
-			- static.ecwid.com
-
-		- dpbfm6h358sh7.cloudfront.net
-
-			- images-cdn.ecwid.com
-
-		- ecwid.desk.com
-
-			- help.ecwid.com
-
-		- ecwid.pbworks.com
-
-			- kb.ecwid.com
-
-		- ecwid.uservoice.com
-
-			- ideas.ecwid.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http)
-		- help		(redirects to http; mismatched, CN: *.assistly.com)
-		- kb		(redirects to http; mismatched, CN: *.pbworks.com)
-
-
-	Problematic subdomains:
-
-		- ideas		(works; mismatched, CN: *.uservoice.com)
-
--->
-<ruleset name="Ecwid (partial)">
-
-	<target host="*.ecwid.com" />
-
-
-	<securecookie host="^my\.ecwid\.com$" name=".+" />
-
-
-	<rule from="^http://images-cdn\.ecwid\.com/"
-		to="https://dpbfm6h358sh7.cloudfront.net/" />
-
-	<rule from="^http://kb\.ecwid\.com/(f/|theme_image\.php)"
-		to="https://ecwid.pbworks.com/$1" />
-
-	<rule from="^http://my\.ecwid\.com/"
-		to="https://my.ecwid.com/" />
-
-	<rule from="^http://static\.ecwid\.com/"
-		to="https://dj925myfyz5v.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EdWeek.org.xml b/src/chrome/content/rules/EdWeek.org.xml
index c4ff16c9c096..4d432c97db41 100644
--- a/src/chrome/content/rules/EdWeek.org.xml
+++ b/src/chrome/content/rules/EdWeek.org.xml
@@ -13,7 +13,12 @@
 <ruleset name="EdWeek.org (partial)">
 
 	<target host="edweek.org" />
-	<target host="*.edweek.org" />
+	<target host="www.edweek.org" />
+	<target host="myaccount.edweek.org" />
+	<target host="pddirectory.edweek.org" />
+	<target host="secure.edweek.org" />
+	<target host="sm.edweek.org" />
+	<target host="m.edweek.org" />
 		<!--exclusion pattern="^http://(api|leaders)\.edweek\.org/" /-->
 		<!--
 			Redirect to http:
diff --git a/src/chrome/content/rules/Ed_Uncovered.com.xml b/src/chrome/content/rules/Ed_Uncovered.com.xml
index 2e5df615f8a3..1b5a191d62f0 100644
--- a/src/chrome/content/rules/Ed_Uncovered.com.xml
+++ b/src/chrome/content/rules/Ed_Uncovered.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.eduncovered.com/ => https://www.eduncovered.com/: Too ma
 		- .eduncovered.com
 
 -->
-<ruleset name="Ed Uncovered.com" default_off='failed ruleset test'>
+<ruleset name="Ed Uncovered.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Edarabia.com.xml b/src/chrome/content/rules/Edarabia.com.xml
index 77f434d6e45a..74594f4dcc63 100644
--- a/src/chrome/content/rules/Edarabia.com.xml
+++ b/src/chrome/content/rules/Edarabia.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.edarabia.com/ => https://www.edarabia.com/: Too many red
 		- ^	(http reply)
 
 -->
-<ruleset name="Edarabia.com" default_off='failed ruleset test'>
+<ruleset name="Edarabia.com" default_off="failed ruleset test">
 
 	<target host="edarabia.com" />
 	<target host="www.edarabia.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.edarabia.com/ => https://www.edarabia.com/: Too many red
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Edas.xml b/src/chrome/content/rules/Edas.xml
deleted file mode 100644
index a9746f77e254..000000000000
--- a/src/chrome/content/rules/Edas.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Edas.info">
-  <target host="edas.info" />
-  <target host="www.edas.info" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/EdenHost.com.xml b/src/chrome/content/rules/EdenHost.com.xml
index 9ef965f8a2fc..8524f0ad3784 100644
--- a/src/chrome/content/rules/EdenHost.com.xml
+++ b/src/chrome/content/rules/EdenHost.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ederdrom.de.xml b/src/chrome/content/rules/Ederdrom.de.xml
index 8eda7c47f7a1..81cd0ce0baf7 100644
--- a/src/chrome/content/rules/Ederdrom.de.xml
+++ b/src/chrome/content/rules/Ederdrom.de.xml
@@ -5,7 +5,7 @@ Fetch error: http://oc.ederdrom.de/ => https://oc.ederdrom.de/: (6, 'Could not r
 Fetch error: http://www.ederdrom.de/ => https://www.ederdrom.de/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="ederdrom.de" default_off='failed ruleset test'>
+<ruleset name="ederdrom.de" default_off="failed ruleset test">
 
 	<target host="ederdrom.de" />
 	<target host="oc.ederdrom.de" />
diff --git a/src/chrome/content/rules/EdgeCast-networks.xml b/src/chrome/content/rules/EdgeCast-networks.xml
index 95de1da7be5e..fc5e8e824c5a 100644
--- a/src/chrome/content/rules/EdgeCast-networks.xml
+++ b/src/chrome/content/rules/EdgeCast-networks.xml
@@ -3,11 +3,11 @@ Others: See Web.com.xml
 
 	Redirect to http:
 	status.edgecast.com
-	
+
 	Mismatch:
 	blog..edgecast.com
 	large..edgecast.com
-	
+
 	wac.*.edgecastcdn.net
 	wpc.*.edgecastcdn.net
 -->
@@ -20,10 +20,10 @@ Others: See Web.com.xml
 	<target host="translate.edgecast.com" />
 	<target host="wholesale.edgecast.com" />
 	<target host="www.edgecast.com" />
-	
+
 	<target host="edgecastcdn.net" />
 	<target host="ne.edgecastcdn.net" />
-	<target host="wac.edgecastcdn.net" />	
+	<target host="wac.edgecastcdn.net" />
 	<target host="gp1.wac.edgecastcdn.net" />
 	<target host="gs1.wac.edgecastcdn.net" />
 	<target host="ne.wac.edgecastcdn.net" />
diff --git a/src/chrome/content/rules/Edgerunner.com.xml b/src/chrome/content/rules/Edgerunner.com.xml
index 006fc8964ab9..c9b0fe31ce0f 100644
--- a/src/chrome/content/rules/Edgerunner.com.xml
+++ b/src/chrome/content/rules/Edgerunner.com.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Edinburgh.gov.uk.xml b/src/chrome/content/rules/Edinburgh.gov.uk.xml
index fc18740a8eea..11180222aa02 100644
--- a/src/chrome/content/rules/Edinburgh.gov.uk.xml
+++ b/src/chrome/content/rules/Edinburgh.gov.uk.xml
@@ -16,7 +16,7 @@
 	These altnames don't exist:
 
 		- www.consultationhub.edinburgh.gov.uk
-	
+
 
 	Insecure cookies are set for these domains and hosts:
 
diff --git a/src/chrome/content/rules/Editmysite.com.xml b/src/chrome/content/rules/Editmysite.com.xml
index 4f3e525b33fb..eeaa36b18a3d 100644
--- a/src/chrome/content/rules/Editmysite.com.xml
+++ b/src/chrome/content/rules/Editmysite.com.xml
@@ -35,7 +35,9 @@
 <ruleset name="editmysite.com (partial)">
 
 	<target host="editmysite.com" />
-	<target host="*.editmysite.com" />
+	<target host="www.editmysite.com" />
+	<target host="cdn1.editmysite.com" />
+	<target host="cdn2.editmysite.com" />
 		<!--
 			Avoid false/broken MCB:
 						-->
@@ -45,7 +47,6 @@
 	<rule from="^http://(?:www\.)?editmysite\.com/"
 		to="https://www.editmysite.com/" />
 
-	<rule from="^http://cdn(1|2)\.editmysite\.com/"
-		to="https://cdn$1.editmysite.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Editola.xml b/src/chrome/content/rules/Editola.xml
index c3009f24cda8..6a6e42f44ff1 100644
--- a/src/chrome/content/rules/Editola.xml
+++ b/src/chrome/content/rules/Editola.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.editola.com/ => https://www.editola.com/: (7, 'Failed to
 Disabled by https-everywhere-checker because:
 Fetch error: http://editola.com/ => https://editola.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Editola" default_off='failed ruleset test'>
+<ruleset name="Editola" default_off="failed ruleset test">
 
 	<target host="editola.com" />
 	<target host="www.editola.com" />
@@ -18,4 +18,4 @@ Fetch error: http://editola.com/ => https://editola.com/: (28, 'Connection timed
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EditorConfig.org.xml b/src/chrome/content/rules/EditorConfig.org.xml
new file mode 100644
index 000000000000..976d92b2f7e2
--- /dev/null
+++ b/src/chrome/content/rules/EditorConfig.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.editorconfig.org
+		- pydocs.editorconfig.org
+-->
+<ruleset name="EditorConfig.org">
+	<target host="editorconfig.org" />
+	<target host="www.editorconfig.org" />
+	<target host="docs.editorconfig.org" />
+	<target host="javadocs.editorconfig.org" />
+
+	<rule from="^http://www\.editorconfig\.org/"
+		to="https://editorconfig.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Edrive-hosting.xml b/src/chrome/content/rules/Edrive-hosting.xml
index 5559c82cb28e..f316eede801d 100644
--- a/src/chrome/content/rules/Edrive-hosting.xml
+++ b/src/chrome/content/rules/Edrive-hosting.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.edrive-hosting.cz/ => https://www.edrive-hosting.cz/: (6
 Disabled by https-everywhere-checker because:
 Fetch error: http://edrive-hosting.cz/ => https://edrive-hosting.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'edrive-hosting.cz'")
 -->
-<ruleset name="edrive hosting (partial)" default_off='failed ruleset test'>
+<ruleset name="edrive hosting (partial)" default_off="failed ruleset test">
 
 	<target host="edrive-hosting.cz"/>
 	<target host="www.edrive-hosting.cz"/>
diff --git a/src/chrome/content/rules/EduBlogs.org.xml b/src/chrome/content/rules/EduBlogs.org.xml
new file mode 100644
index 000000000000..1a581e02f3cd
--- /dev/null
+++ b/src/chrome/content/rules/EduBlogs.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Remark: *.edublogs.org has a wildcard DNS record and a wildcard certificate. 
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- files.campus.edublogs.org
+-->
+<ruleset name="Edublogs.org">
+	<target host="edublogs.org" />
+	<target host="www.edublogs.org" />
+	<target host="campus.edublogs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EduId.ch.xml b/src/chrome/content/rules/EduId.ch.xml
index e919faf13ada..16bdbe93c380 100644
--- a/src/chrome/content/rules/EduId.ch.xml
+++ b/src/chrome/content/rules/EduId.ch.xml
@@ -14,7 +14,7 @@
 	<securecookie host=".+" name=".+" />
 
 	<!--
-	test.login.eduid.ch redirects to test.eduid.ch but 
+	test.login.eduid.ch redirects to test.eduid.ch but
 	has no valid certificate.
 	-->
 	<rule from="^http://test\.login\.eduid\.ch/"
diff --git a/src/chrome/content/rules/Edublogs.xml b/src/chrome/content/rules/Edublogs.xml
deleted file mode 100644
index f1b4184ced4f..000000000000
--- a/src/chrome/content/rules/Edublogs.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/files.campus.edublogs.org
-
--->
-<ruleset name="Edublogs">
-
-	<target host="edublogs.org" />
-	<target host="*.edublogs.org" />
-
-
-	<securecookie host="^(?:.+\.)?edublogs\.org$" name=".+" />
-
-
-	<rule from="^http://files\.campus\.edublogs\.org/"
-		to="https://s3.amazonaws.com/files.campus.edublogs.org/" />
-
-	<!--	Unique subdomains per client.
-						-->
-	<rule from="^http://([\w-]+\.)?edublogs\.org/"
-		to="https://$1edublogs.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EducaCursos.xml b/src/chrome/content/rules/EducaCursos.xml
index c9e1d00f8fad..59b87bd3f503 100644
--- a/src/chrome/content/rules/EducaCursos.xml
+++ b/src/chrome/content/rules/EducaCursos.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EducateAutism.com.xml b/src/chrome/content/rules/EducateAutism.com.xml
new file mode 100644
index 000000000000..3bcc9eb8d423
--- /dev/null
+++ b/src/chrome/content/rules/EducateAutism.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="EducateAutism.com">
+	<target host="educateautism.com" />
+	<target host="www.educateautism.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Educate_the_world.com.au.xml b/src/chrome/content/rules/Educate_the_world.com.au.xml
index 14a6979a10b7..01f8d3106e14 100644
--- a/src/chrome/content/rules/Educate_the_world.com.au.xml
+++ b/src/chrome/content/rules/Educate_the_world.com.au.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.educatetheworld.com.au/ => https://www.educatetheworld.c
 	* Secured by us
 
 -->
-<ruleset name="educate the world.com.au" default_off='failed ruleset test'>
+<ruleset name="educate the world.com.au" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Education-Next.xml b/src/chrome/content/rules/Education-Next.xml
deleted file mode 100644
index ba784cdb8995..000000000000
--- a/src/chrome/content/rules/Education-Next.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<ruleset name="Education Next" default_off="mismatch, self-signed">
-
-	<!--	Cert: educationnext.hks.harvard.edu	-->
-	<target host="educationnext.org" />
-	<target host="www.educationnext.org" />
-	<target host="educationnext.hks.harvard.edu" />
-
-
-	<securecookie host="^educationnext\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?educationnext\.org/wp-content/"
-		to="https://educationnext.hks.harvard.edu/wp-content/" />
-
-	<!--	- Pages redirect back from educationnext.hks.harvard.edu
-		- files/... redirects to ...org/$
-					-->
-	<rule from="^http://(?:www\.)?educationnext\.org/"
-		to="https://educationnext.org/" />
-
-	<rule from="^http://educationnext\.hks\.harvard\.edu/"
-		to="https://educationnext.hks.harvard.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EducationNext.org.xml b/src/chrome/content/rules/EducationNext.org.xml
new file mode 100644
index 000000000000..507270667f85
--- /dev/null
+++ b/src/chrome/content/rules/EducationNext.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="EducationNext.org">
+
+	<target host="educationnext.org" />
+	<target host="www.educationnext.org" />
+
+	<securecookie host="^educationnext\.org$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Eduid.cz.xml b/src/chrome/content/rules/Eduid.cz.xml
index 22364051f5dc..5a4d318420d0 100644
--- a/src/chrome/content/rules/Eduid.cz.xml
+++ b/src/chrome/content/rules/Eduid.cz.xml
@@ -5,7 +5,7 @@ Fetch error: http://www2.eduid.cz/ => https://www2.eduid.cz/: (51, "SSL: no alte
 Fetch error: http://www3.eduid.cz/ => https://www3.eduid.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'www3.eduid.cz'")
 
 -->
-<ruleset name="eduid.cz" default_off='failed ruleset test'>
+<ruleset name="eduid.cz" default_off="failed ruleset test">
     <target host="eduid.cz" />
     <target host="www.eduid.cz" />
     <target host="www2.eduid.cz" />
diff --git a/src/chrome/content/rules/Eduroam.org.xml b/src/chrome/content/rules/Eduroam.org.xml
deleted file mode 100644
index be309020acc4..000000000000
--- a/src/chrome/content/rules/Eduroam.org.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For targets matching eduroam.de, see: eduroam.de.xml
-
-	Mismatched:
-		wiki.eduroam.org
-
--->
-<ruleset name="eduroam.org">
-
-	<target host="eduroam.org" />
-	<target host="www.eduroam.org" />
-	<target host="cat.eduroam.org" />
-	<target host="cat-ams.eduroam.org" />
-	<target host="cat-pilot.eduroam.org" />
-	<target host="cat-test.eduroam.org" />
-	<target host="lists.eduroam.org" />
-	<target host="monitor.eduroam.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Eduroam_ES.xml b/src/chrome/content/rules/Eduroam_ES.xml
index 21d70f1327f2..8855cf4900ec 100644
--- a/src/chrome/content/rules/Eduroam_ES.xml
+++ b/src/chrome/content/rules/Eduroam_ES.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eerdmans.com.xml b/src/chrome/content/rules/Eerdmans.com.xml
index 0453088a32ff..5241c14fbce0 100644
--- a/src/chrome/content/rules/Eerdmans.com.xml
+++ b/src/chrome/content/rules/Eerdmans.com.xml
@@ -12,7 +12,7 @@
 <ruleset name="Eerdmans.com">
 
 	<target host="eerdmans.com" />
-	<target host="*.eerdmans.com" />
+	<target host="www.eerdmans.com" />
 
 
 	<securecookie host="^\.eerdmans\.com$" name=".+" />
diff --git a/src/chrome/content/rules/EfficiOS.xml b/src/chrome/content/rules/EfficiOS.xml
index bc658e465ae1..a3a1d6607a6e 100644
--- a/src/chrome/content/rules/EfficiOS.xml
+++ b/src/chrome/content/rules/EfficiOS.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Effiliation.xml b/src/chrome/content/rules/Effiliation.xml
index dee1b1b9ffde..260e56567c60 100644
--- a/src/chrome/content/rules/Effiliation.xml
+++ b/src/chrome/content/rules/Effiliation.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Egg.xml b/src/chrome/content/rules/Egg.xml
index 4e2876e1e78b..0909ab6c28d8 100644
--- a/src/chrome/content/rules/Egg.xml
+++ b/src/chrome/content/rules/Egg.xml
@@ -1,7 +1,10 @@
 <ruleset name="Egg">
-  <target host="*.egg.com"/>
+  <target host="new.egg.com" />
+  <target host="www.egg.com" />
+  <target host="your.egg.com" />
+  <target host="phonehome.egg.com" />
   <target host="egg.com"/>
 
   <rule from="^http://(?:new\.|www\.)?egg\.com/" to="https://new.egg.com/"/>
-  <rule from="^http://(your|phonehome)\.egg\.com/" to="https://$1.egg.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Egnyte.xml b/src/chrome/content/rules/Egnyte.xml
index 39021110b2de..c13426d10ae4 100644
--- a/src/chrome/content/rules/Egnyte.xml
+++ b/src/chrome/content/rules/Egnyte.xml
@@ -3,7 +3,7 @@
 	<target host="egnyte.com"/>
 	<target host="*.egnyte.com"/>
 
-	<securecookie host="^(?:.*\.)?egnyte\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	encountered subdomains:
 			- blog
diff --git a/src/chrome/content/rules/Egotastic.xml b/src/chrome/content/rules/Egotastic.xml
index c9dd2e8e73a5..81f64ba379b9 100644
--- a/src/chrome/content/rules/Egotastic.xml
+++ b/src/chrome/content/rules/Egotastic.xml
@@ -5,13 +5,13 @@ Fetch error: http://egotasticallstars.com/ => https://egotasticallstars.com/: (5
 Fetch error: http://www.egotasticallstars.com/ => https://www.egotasticallstars.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.egotasticallstars.com'")
 
 -->
-<ruleset name="Egotastic" default_off='failed ruleset test'>
+<ruleset name="Egotastic" default_off="failed ruleset test">
 
 	<target host="egotastic.com" />
 	<target host="www.egotastic.com" />
 	<target host="egotasticallstars.com" />
 	<target host="www.egotasticallstars.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Ehospice.xml b/src/chrome/content/rules/Ehospice.xml
index 1c66b6c64f94..c1ff16b79cf3 100644
--- a/src/chrome/content/rules/Ehospice.xml
+++ b/src/chrome/content/rules/Ehospice.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ehrensenf.xml b/src/chrome/content/rules/Ehrensenf.xml
index 6e7f2cd75e19..d714f87239f5 100644
--- a/src/chrome/content/rules/Ehrensenf.xml
+++ b/src/chrome/content/rules/Ehrensenf.xml
@@ -2,7 +2,7 @@
   <target host="ehrensenf.de"/>
   <target host="www.ehrensenf.de"/>
 
-  <securecookie host="^(?:.*\.)?ehrensenf\.de$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?ehrensenf\.de/" to="https://www.ehrensenf.de/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Eid.lt.xml b/src/chrome/content/rules/Eid.lt.xml
index 13332e2f02d0..518da8218afd 100644
--- a/src/chrome/content/rules/Eid.lt.xml
+++ b/src/chrome/content/rules/Eid.lt.xml
@@ -10,11 +10,11 @@ Fetch error: http://stork.eid.lt/ => https://stork.eid.lt/: (28, 'Connection tim
 		- (www.)	(times out)
 
 -->
-<ruleset name="eid.lt (partial)" default_off='failed ruleset test'>
+<ruleset name="eid.lt (partial)" default_off="failed ruleset test">
 
 	<target host="stork.eid.lt" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eide-ITC.no.xml b/src/chrome/content/rules/Eide-ITC.no.xml
index 64e189583535..ce125b5d7be1 100644
--- a/src/chrome/content/rules/Eide-ITC.no.xml
+++ b/src/chrome/content/rules/Eide-ITC.no.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.eide-itc.no/ => https://eide-itc.no/: (51, "SSL: no alte
 	Eide ITC Consulting
 
 -->
-<ruleset name="Eide-ITC.no" default_off='failed ruleset test'>
+<ruleset name="Eide-ITC.no" default_off="failed ruleset test">
 
 	<target host="eide-itc.no" />
 	<target host="www.eide-itc.no" />
@@ -19,4 +19,4 @@ Fetch error: http://www.eide-itc.no/ => https://eide-itc.no/: (51, "SSL: no alte
 	<rule from="^http://(?:www\.)?eide-itc\.no/"
 		to="https://eide-itc.no/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eindbazen.net.xml b/src/chrome/content/rules/Eindbazen.net.xml
index 3a4c928cdeb8..4601ef43fc29 100644
--- a/src/chrome/content/rules/Eindbazen.net.xml
+++ b/src/chrome/content/rules/Eindbazen.net.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://ctf.eindbazen.net/ (200) => https://ctf.eindbazen.net/
 	www.eindbazen.net: Mismatched
 
 -->
-<ruleset name="Eindbazen.net" default_off='failed ruleset test'>
+<ruleset name="Eindbazen.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ejaaba.com.xml b/src/chrome/content/rules/Ejaaba.com.xml
new file mode 100644
index 000000000000..f96f264e2a5e
--- /dev/null
+++ b/src/chrome/content/rules/Ejaaba.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ejaaba.com">
+	<target host="ejaaba.com" />
+	<target host="www.ejaaba.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ekiga.xml b/src/chrome/content/rules/Ekiga.xml
deleted file mode 100644
index f3126e0ac72c..000000000000
--- a/src/chrome/content/rules/Ekiga.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Ekiga (partial)">
-
-	<target host="ekiga.net"/>
-	<target host="www.ekiga.net"/>
-	<target host="ekiga.org"/>
-	<target host="www.ekiga.org"/>
-
-	<rule from="^http://(?:www\.)?ekiga\.net/"
-		to="https://ekiga.net/"/>
-
-	<rule from="^http://(?:www\.)?ekiga\.org/sites/all/themes/ekiga_net/"
-		to="https://ekiga.net/"/>
-
-	<securecookie host="^(?:www\.)?ekiga\.net$" name=".+" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EkmPowershop.com.xml b/src/chrome/content/rules/EkmPowershop.com.xml
deleted file mode 100644
index dad25ffae11a..000000000000
--- a/src/chrome/content/rules/EkmPowershop.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	These altnames don't exist:
-
-		- www.help.ekmpowershop.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.ekmpowershop.com
-
--->
-<ruleset name="EkmPowershop.com">
-
-	<target host="ekmpowershop.com" />
-	<target host="help.ekmpowershop.com" />
-	<target host="www.ekmpowershop.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.ekmpowershop\.com$" name="^(?:EKMPOWERSHOP_Cookie|free-trial-version)$" /-->
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ekm_secure6.co.uk.xml b/src/chrome/content/rules/Ekm_secure6.co.uk.xml
deleted file mode 100644
index 55ebbdad5866..000000000000
--- a/src/chrome/content/rules/Ekm_secure6.co.uk.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Ekm secure6.co.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ekmsecure6.co.uk" />
-	<target host="www.ekmsecure6.co.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ekm_secure_22.co.uk.xml b/src/chrome/content/rules/Ekm_secure_22.co.uk.xml
deleted file mode 100644
index 4dbf89c3750a..000000000000
--- a/src/chrome/content/rules/Ekm_secure_22.co.uk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Ekm secure 22.co.uk">
-
-	<target host="ekmsecure22.co.uk" />
-	<target host="www.ekmsecure22.co.uk" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EksiSozluk.com.xml b/src/chrome/content/rules/EksiSozluk.com.xml
new file mode 100644
index 000000000000..931a3646ddcd
--- /dev/null
+++ b/src/chrome/content/rules/EksiSozluk.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="EksiSozluk.com">
+	<target host="eksisozluk.com" />
+	<target host="www.eksisozluk.com" />
+	<target host="m.eksisozluk.com" />
+	<target host="native.eksisozluk.com" />
+	<target host="seyler.eksisozluk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/El_pueblo.xml b/src/chrome/content/rules/El_pueblo.xml
index ff7b0599c5fc..c9e4d394c95f 100644
--- a/src/chrome/content/rules/El_pueblo.xml
+++ b/src/chrome/content/rules/El_pueblo.xml
@@ -11,7 +11,7 @@ Fetch error: http://elpueblo.com/ => https://elpueblo.com/: (7, 'Failed to conne
 		- wac.7ee8.edgecastcdn.net/807EE8/
 
 -->
-<ruleset name="El pueblo" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="El pueblo" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="elpueblo.com" />
 	<target host="www.elpueblo.com" />
@@ -22,4 +22,4 @@ Fetch error: http://elpueblo.com/ => https://elpueblo.com/: (7, 'Failed to conne
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elaf_Net_TV.xml b/src/chrome/content/rules/Elaf_Net_TV.xml
index 302ef88dda9f..38d85fcf1dd4 100644
--- a/src/chrome/content/rules/Elaf_Net_TV.xml
+++ b/src/chrome/content/rules/Elaf_Net_TV.xml
@@ -5,7 +5,7 @@ Fetch error: http://elafnettv.com/ => https://elafnettv.com/: Too many redirects
 Fetch error: http://www.elafnettv.com/ => https://www.elafnettv.com/: Too many redirects while fetching 'https://www.elafnettv.com/'
 
 -->
-<ruleset name="Elaf Net TV" default_off='failed ruleset test'>
+<ruleset name="Elaf Net TV" default_off="failed ruleset test">
 
 	<target host="elafnettv.com" />
 	<target host="www.elafnettv.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.elafnettv.com/ => https://www.elafnettv.com/: Too many r
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elal.co.il.xml b/src/chrome/content/rules/Elal.co.il.xml
new file mode 100644
index 000000000000..cacd1b5c1dfe
--- /dev/null
+++ b/src/chrome/content/rules/Elal.co.il.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.elal.co.il:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Elal.co.il">
+	<target host="www.elal.co.il" />
+	<target host="m.elal.co.il" />
+	<target host="www4.elal.co.il" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elal.com.xml b/src/chrome/content/rules/Elal.com.xml
new file mode 100644
index 000000000000..944472c2140b
--- /dev/null
+++ b/src/chrome/content/rules/Elal.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Nonfunctional hosts in *.elal.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Elal.com">
+	<target host="www.elal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elanex.biz.xml b/src/chrome/content/rules/Elanex.biz.xml
deleted file mode 100644
index 489265f2c3ab..000000000000
--- a/src/chrome/content/rules/Elanex.biz.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Elanex.biz">
-	<target host="www.elanex.biz" />
-	<target host="elanex.biz" />
-
-	<securecookie host="^www\.elanex\.biz$" name=".+" />
-	<securecookie host="^elanex\.biz$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ElasticTrace.com.xml b/src/chrome/content/rules/ElasticTrace.com.xml
deleted file mode 100644
index b335a8892f32..000000000000
--- a/src/chrome/content/rules/ElasticTrace.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="elasticTrace.com">
-
-	<target host="elastictrace.com" />
-	<target host="www.elastictrace.com" />
-
-
-	<securecookie host="^\.elastictrace\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ElberethZone.xml b/src/chrome/content/rules/ElberethZone.xml
new file mode 100644
index 000000000000..d926cda86d9d
--- /dev/null
+++ b/src/chrome/content/rules/ElberethZone.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatched:
+		- en.www.elberethzone.net
+		- barracuda.elberethzone.net
+		- fr2.download.elberethzone.net
+		- mirror.elberethzone.net
+		- ns-hk.elberethzone.net
+		- statsvn.elberethzone.net
+-->
+<ruleset name="ElberethZone">
+	<target host="elberethzone.net" />
+	<target host="www.elberethzone.net" />
+	<target host="download.elberethzone.net" />
+	<target host="download2.elberethzone.net" />
+	<target host="download3.elberethzone.net" />
+	<target host="forum.elberethzone.net" />
+	<target host="status.elberethzone.net" />
+	<target host="translation.elberethzone.net" />
+
+	<target host="elbereth.zone" />
+	<target host="www.elbereth.zone" />
+	<target host="dashninja.elbereth.zone" />
+	<target host="dav.elbereth.zone" />
+	<target host="status.elbereth.zone" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elcomsoft.xml b/src/chrome/content/rules/Elcomsoft.xml
index c1ecd74dbe8f..afac6ffc362c 100644
--- a/src/chrome/content/rules/Elcomsoft.xml
+++ b/src/chrome/content/rules/Elcomsoft.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elder_Scrolls_Online.com.xml b/src/chrome/content/rules/Elder_Scrolls_Online.com.xml
index 9d7801134fa0..e197540e350d 100644
--- a/src/chrome/content/rules/Elder_Scrolls_Online.com.xml
+++ b/src/chrome/content/rules/Elder_Scrolls_Online.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://elderscrollsonline.com/ => https://elderscrollsonline.com/:
 	* Secured by us
 
 -->
-<ruleset name="Elder Scrolls Online.com" default_off='failed ruleset test'>
+<ruleset name="Elder Scrolls Online.com" default_off="failed ruleset test">
 
 	<target host="elderscrollsonline.com" />
 	<target host="www.elderscrollsonline.com" />
@@ -43,5 +43,5 @@ Fetch error: http://elderscrollsonline.com/ => https://elderscrollsonline.com/:
 
 	<rule from="^http:"
 		to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Electric_Embers.xml b/src/chrome/content/rules/Electric_Embers.xml
index 4507f1cb9b9a..22ba66c7e6dc 100644
--- a/src/chrome/content/rules/Electric_Embers.xml
+++ b/src/chrome/content/rules/Electric_Embers.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Electric_Studio.xml b/src/chrome/content/rules/Electric_Studio.xml
index 145275366c2d..5edd46715aeb 100644
--- a/src/chrome/content/rules/Electric_Studio.xml
+++ b/src/chrome/content/rules/Electric_Studio.xml
@@ -18,7 +18,7 @@ Fetch error: http://clients.electricstudio.co.uk/ => https://clients.electricstu
 		- cdn		(404; mismatched, CN: *.netdna-ssl.com)
 
 -->
-<ruleset name="Electric Studio (partial)" default_off='failed ruleset test'>
+<ruleset name="Electric Studio (partial)" default_off="failed ruleset test">
 
 	<target host="clients.electricstudio.co.uk" />
 
diff --git a/src/chrome/content/rules/Electronic-Arts.xml b/src/chrome/content/rules/Electronic-Arts.xml
index 54a7f0b440a9..115058c5d1c5 100644
--- a/src/chrome/content/rules/Electronic-Arts.xml
+++ b/src/chrome/content/rules/Electronic-Arts.xml
@@ -1,76 +1,80 @@
 <!--
 	Other Electronic Arts rulesets:
-
 		- BioWare.xml
 		- EA_Sports.com.xml
 		- Origin.com.xml
 		- Sim_City.com.xml
 
-	!functional:
-		- eu.dragonage.com		(cert: socialsignup.ea.com; shows that domain)
-		- (prod.)crysis.ea.com		(timeout)
-		- cdn.prod.crysis.ea.com	(Akamai; "An error occurred")
-		- eapressbox.ea.com		(timeout)
-		- forum.ea.com			(timeout)
-		- cdn.forum.ea.com		(Akamai; "An error occurred"; same data on forum)
-		- gpl.ea.com			(timeout)
-		- (www.)info.ea.com
-		- investor.ea.com		(cert: *.shareholder.com; 403)
-		- preferences.ea.com		(times out)
-		- eamobile.com			(cert: synergy-stage.eamobile.com; shows that domain's data)
-		- insideea.com			(ssl_error_rx_record_too_long)
+	Connection reset:
+		- www.info.ea.com
+
+	Invalid certificate:
+		- cdn.prod.crysis.ea.com
+		- eu.dragonage.com
+		- cdn.forum.ea.com
+		- o.ea.com
+		- support.ea.com, equivalent to help.ea.com
+		- om.eamobile.com, equivalent to eamobile.122.2o7.net
+
+	Timed out:
+		- investor.ea.com
+		- resources.ea.com, equivalent to ssl.resources.ea.com
 -->
-<ruleset name="Electronic Arts (partial)" platform="mixedcontent">
 
+<ruleset name="Electronic Arts (partial)">
+	<!-- ea.com -->
 	<target host="ea.com"/>
-	<target host="*.ea.com"/>
+	<target host="www.ea.com" />
+	<target host="accounts.ea.com" />
+	<target host="activate.ea.com" />
+	<target host="answers.ea.com" />
+	<target host="click.e.ea.com" />
+	<target host="media.contentapi.ea.com" />
+		<test url="http://media.contentapi.ea.com/content/dam/able/manuals/ufc3xb1man.pdf" />
+	<target host="fonts.ea.com" />
+	<target host="forum.ea.com" />
+	<target host="forums.ea.com" />
+	<target host="gpl.ea.com" />
+	<target host="help.ea.com" />
+	<target host="info.ea.com" />
+	<target host="ir.ea.com" />
+	<target host="jobs.ea.com" />
+	<target host="www.jobs.ea.com" />
+	<target host="myaccount.ea.com" />
+	<target host="nds-network-nav.ea.com" />
+	<target host="news.ea.com" />
+	<target host="pl.ea.com" />
+		<test url="http://pl.ea.com/release/1.12.0/elements/ea-elements.html" />
+	<target host="profile.ea.com" />
+	<target host="resources.ea.com" />
+	<target host="signin.ea.com" />
+	<target host="ssl.resources.ea.com" />
+	<target host="starwars.ea.com" />
+	<target host="forums.galaxy-of-heroes.starwars.ea.com" />
+	<target host="support.ea.com" />
+	<target host="tos.ea.com" />
+	<target host="x.ea.com" />
+		<test url="http://x.ea.com/1" />
+
+	<!-- eamobile.com -->
 	<target host="om.eamobile.com"/>
 	<target host="synergy-stage.eamobile.com"/>
-	<target host="thesims3.com"/>
-	<target host="*.thesims3.com"/>
 
 
 	<!--	incomplete
 		.ea s_ : omniture cookies	-->
-	<securecookie host="^\.ea\.com$" name="^(?:CEM-session|s_.*)$"/>
-	<securecookie host="^(?:help|jobs|profile|ssl\.resources)\.ea\.com$" name=".+" />
-	<securecookie host="^(?:forum|\w\w|www)?\.thesims\.com$" name=".+" />
-
-
-	<!--	cert !match !www	-->
-	<rule from="^http://ea\.com/"
-		to="https://www.ea.com/"/>
+	<securecookie host="^\.ea\.com$" name="^(CEM-session|s_.*)$"/>
+	<securecookie host="^(help|jobs|profile|ssl\.resources)\.ea\.com$" name=".+" />
 
-	<rule from="^http://(?:(activate|ll\.assets|fonts|help|images|socialsignup|tos|www)|(?:www\.)?(jobs))\.ea\.com/"
-		to="https://$1$2.ea.com/"/>
 
-	<rule from="^http://(?:ssl\.)?resources\.ea\.com/"
+	<rule from="^http://resources\.ea\.com/"
 		to="https://ssl.resources.ea.com/"/>
 
-	<!--	cert !match support, redirects to help	-->
 	<rule from="^http://support\.ea\.com/"
 		to="https://help.ea.com/"/>
 
 	<rule from="^http://om\.eamobile\.com/"
-		to="https://eamwebproduction.122.2o7.net/"/>
-
-	<rule from="^http://synergy-stage\.eamobile\.com/"
-		to="https://synergy-stage.eamobile.com/"/>
-
-	<!--	llnw:	*.hs.llnwd.net
-		cert !match !www	-->
-	<rule from="^http://(?:llnw\.|www\.)?thesims3\.com/"
-		to="https://www.thesims3.com/"/>
-
-	<!--	\w\w:	country codes	-->
-	<rule from="^http://(forum|\w\w)\.thesims3\.com/"
-		to="https://$1.thesims3.com/"/>
-
-	<rule from="^http://(\w\w\.)?store\.thesims3\.com/(community|content/|css/|images/)"
-		to="https://$1store.thesims3.com/$2"/>
-
-	<!--	also on store, but cert valid & works	-->
-	<rule from="^http://llnw\.store\.thesims3\.com/"
-		to="https://llnw.store.thesims3.com/"/>
+		to="https://eamobile.122.2o7.net/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ElectronicInsanity.com.xml b/src/chrome/content/rules/ElectronicInsanity.com.xml
index 939b751bde6e..d4e1fc7242df 100644
--- a/src/chrome/content/rules/ElectronicInsanity.com.xml
+++ b/src/chrome/content/rules/ElectronicInsanity.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://electronicinsanity.com/ => https://www.electronicinsanity.co
 	* Shows api.vistumbler.net
 
 -->
-<ruleset name="ElectronicInsanity.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ElectronicInsanity.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Electrospaces.net.xml b/src/chrome/content/rules/Electrospaces.net.xml
new file mode 100644
index 000000000000..afc152c2254a
--- /dev/null
+++ b/src/chrome/content/rules/Electrospaces.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Electrospaces.net">
+	<target host="electrospaces.net" />
+	<target host="www.electrospaces.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Electrum.org.xml b/src/chrome/content/rules/Electrum.org.xml
deleted file mode 100644
index e8cd1a39a945..000000000000
--- a/src/chrome/content/rules/Electrum.org.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-docs.electrum.org ¹
-
-
-¹ mismatch
--->
-<ruleset name="electrum.org">
-	<target host="electrum.org" />
-	<target host="www.electrum.org" />
-	<target host="download.electrum.org" />
-	<target host="foundry.electrum.org" />
-	<target host="headers.electrum.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Elektronik-Kompendium.de.xml b/src/chrome/content/rules/Elektronik-Kompendium.de.xml
new file mode 100644
index 000000000000..cff90f2b3e59
--- /dev/null
+++ b/src/chrome/content/rules/Elektronik-Kompendium.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Connection closed:
+		www.dse-faq.elektronik-kompendium.de
+-->
+<ruleset name="Elektronik-Kompendium.de">
+
+	<target host="elektronik-kompendium.de" />
+	<target host="www.elektronik-kompendium.de" />
+	<target host="dse-faq.elektronik-kompendium.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Element14.com-Mixed.xml b/src/chrome/content/rules/Element14.com-Mixed.xml
deleted file mode 100644
index 5474047be47b..000000000000
--- a/src/chrome/content/rules/Element14.com-Mixed.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	For more Element14.com related ruleset, see Element14.com.xml
-
-	Non-functional hosts:
-		Mixed Content Blocking (MCB) tiggered:
-			 - au.element14.com
-			 - cn.element14.com
-			 - in.element14.com
-			 - hk.element14.com
-			 - kr.element14.com
-			 - my.element14.com
-			 - nz.element14.com
-			 - ph.element14.com
-			 - sg.element14.com
-			 - th.element14.com
-			 - tw.element14.com
-
-	Inconsistent behaviour on Travis WITH test URL(s)
-			 - au.element14.com, see 
-
-	Remark:
-		This file is listed in ruleset-whitelist.csv.
-
-		Reason: These URL(s) all require a test URL because their 
-			default responses are not consistent on Travis.
-
-		See 
-		 - https://github.com/EFForg/https-everywhere/pull/9411
-		 - https://github.com/EFForg/https-everywhere/pull/9603
-
--->
-<ruleset name="Element14.com (Mixed)" platform="mixedcontent">
-	<target host="au.element14.com" />
-	<target host="cn.element14.com" />
-	<target host="hk.element14.com" />
-	<target host="in.element14.com" />
-	<target host="kr.element14.com" />
-	<target host="my.element14.com" />
-	<target host="nz.element14.com" />
-	<target host="ph.element14.com" />
-	<target host="sg.element14.com" />
-	<target host="th.element14.com" />
-	<target host="tw.element14.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Element14.com.xml b/src/chrome/content/rules/Element14.com.xml
index 42b42a4e5e61..ba9838f537fb 100644
--- a/src/chrome/content/rules/Element14.com.xml
+++ b/src/chrome/content/rules/Element14.com.xml
@@ -1,6 +1,12 @@
+
 <!--
-	Element14.com related ruleset, 
-		- Element14.com-Mixed.xml
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://element14.com/ => https://element14.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.element14.com/ => https://www.element14.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://beta.element14.com/ => https://beta.element14.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Element14.com related ruleset,
 
 	Non-functional hosts
 		Timeout was reached:
@@ -32,11 +38,11 @@
 			 - See Element14.com-Mixed.xml
 -->
 <ruleset name="Element14.com">
-	<target host="element14.com" />
-	<target host="www.element14.com" />
+	<!-- target host="element14.com" /-->
+	<!-- target host="www.element14.com" /-->
 	<target host="api.element14.com" />
 		<test url="http://api.element14.com/pffind/services/SearchService?wsdl" />
-	<target host="beta.element14.com" />
+	<!-- target host="beta.element14.com" /-->
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ElephantLeague.org.xml b/src/chrome/content/rules/ElephantLeague.org.xml
new file mode 100644
index 000000000000..baec548b2157
--- /dev/null
+++ b/src/chrome/content/rules/ElephantLeague.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ElephantLeague.org">
+
+	<target host="elephantleague.org" />
+	<target host="www.elephantleague.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ElevenPaths.xml b/src/chrome/content/rules/ElevenPaths.xml
deleted file mode 100644
index 53f7df86057e..000000000000
--- a/src/chrome/content/rules/ElevenPaths.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ElevenPaths">
-	<target host="elevenpaths.com" />
-	<target host="*.elevenpaths.com" />
-
-	<rule from="^http://(?:www\.)?elevenpaths\.com/"
-		to="https://www.elevenpaths.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Elgas.com.au.xml b/src/chrome/content/rules/Elgas.com.au.xml
new file mode 100644
index 000000000000..0a0a6bdc03a8
--- /dev/null
+++ b/src/chrome/content/rules/Elgas.com.au.xml
@@ -0,0 +1,19 @@
+<!--
+	HTTP redirects to NXDOMAIN:
+		- secure.elgas.com.au
+
+	Invalid certificate:
+		- lng.elgas.com.au
+		- trade.elgas.com.au
+
+	Wrong server:
+		- testserver.elgas.com.au
+-->
+
+<ruleset name="Elgas.com.au">
+	<target host="elgas.com.au" />
+	<target host="www.elgas.com.au" />
+	<target host="emap.elgas.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elgiganten.xml b/src/chrome/content/rules/Elgiganten.xml
index 31379b34d17e..e9353a1725da 100644
--- a/src/chrome/content/rules/Elgiganten.xml
+++ b/src/chrome/content/rules/Elgiganten.xml
@@ -8,7 +8,7 @@
 		- presentjakten.elgiganten.se ¹
 		- pressroom.elgiganten.dk ¹
 		- tilbudsavis.elgiganten.dk ¹
-		
+
 	¹ Mismatched
 	² Timeout
 
diff --git a/src/chrome/content/rules/Elie_Bursztein.xml b/src/chrome/content/rules/Elie_Bursztein.xml
index 409670255231..12c92d209421 100644
--- a/src/chrome/content/rules/Elie_Bursztein.xml
+++ b/src/chrome/content/rules/Elie_Bursztein.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EliteKeyboards.com.xml b/src/chrome/content/rules/EliteKeyboards.com.xml
deleted file mode 100644
index 9b29954b5a90..000000000000
--- a/src/chrome/content/rules/EliteKeyboards.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="EliteKeyboards.com">
-
-	<target host="elitekeyboards.com" />
-	<target host="www.elitekeyboards.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Elite_Casting_Network.com.xml b/src/chrome/content/rules/Elite_Casting_Network.com.xml
index ffefecff9373..8586de08d95c 100644
--- a/src/chrome/content/rules/Elite_Casting_Network.com.xml
+++ b/src/chrome/content/rules/Elite_Casting_Network.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Elite Casting Network.com (partial)">
 
 	<target host="elitecastingnetwork.com" />
-	<target host="*.elitecastingnetwork.com" />
+	<target host="www.elitecastingnetwork.com" />
+	<target host="cdn.elitecastingnetwork.com" />
 
 
 	<rule from="^http://(www\.)?elitecastingnetwork\.com/(?=favicon\.ico|img/|min/)"
diff --git a/src/chrome/content/rules/Elixir-Lang.org.xml b/src/chrome/content/rules/Elixir-Lang.org.xml
new file mode 100644
index 000000000000..367ec3d71f31
--- /dev/null
+++ b/src/chrome/content/rules/Elixir-Lang.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Expired:
+		- www (fixed by this ruleset)
+-->
+<ruleset name="Elixir-Lang.org">
+	<target host="elixir-lang.org" />
+	<target host="www.elixir-lang.org" />
+
+	<rule from="^http://www\.elixir-lang\.org/" to="https://elixir-lang.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml b/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml
index edbb0c6b5345..37d14d245916 100644
--- a/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml
+++ b/src/chrome/content/rules/Elizabeth_Smart_Foundation.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?elizabethsmartfoundation\.org/wp-content/"
 		to="https://esf.websocially.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elliptic-Technologies.xml b/src/chrome/content/rules/Elliptic-Technologies.xml
index 62a5f6d2c28d..24847efd423a 100644
--- a/src/chrome/content/rules/Elliptic-Technologies.xml
+++ b/src/chrome/content/rules/Elliptic-Technologies.xml
@@ -5,7 +5,7 @@ Fetch error: http://elliptictech.com/ => https://elliptictech.com/: (51, "SSL: n
 Fetch error: http://www.elliptictech.com/ => https://www.elliptictech.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.elliptictech.com'")
 
 -->
-<ruleset name="Elliptic Technologies" default_off='failed ruleset test'>
+<ruleset name="Elliptic Technologies" default_off="failed ruleset test">
 
 	<target host="elliptictech.com" />
 	<target host="www.elliptictech.com" />
diff --git a/src/chrome/content/rules/Elmbridge.gov.uk-falsemixed.xml b/src/chrome/content/rules/Elmbridge.gov.uk-falsemixed.xml
deleted file mode 100644
index 821e961bdbfc..000000000000
--- a/src/chrome/content/rules/Elmbridge.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing MCB, see Elmbridge.gov.uk.xml.
-
--->
-<ruleset name="Elmbridge.gov.uk (MCB)" platform="mixedcontent">
-
-	<target host="mygov.elmbridge.gov.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Elo_Global_e-services.xml b/src/chrome/content/rules/Elo_Global_e-services.xml
index 814b304e69a8..73fe6532e999 100644
--- a/src/chrome/content/rules/Elo_Global_e-services.xml
+++ b/src/chrome/content/rules/Elo_Global_e-services.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://elotouchexpress.com/ => https://elotouchexpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.elotouchexpress.com/ => https://www.elotouchexpress.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Elo Global e-services" default_off='failed ruleset test'>
+<ruleset name="Elo Global e-services" default_off="failed ruleset test">
 
 	<target host="elotouchexpress.com" />
 	<target host="www.elotouchexpress.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.elotouchexpress.com/ => https://www.elotouchexpress.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eloqua-mismatches.xml b/src/chrome/content/rules/Eloqua-mismatches.xml
index b871dc084bbe..23b4e02ced68 100644
--- a/src/chrome/content/rules/Eloqua-mismatches.xml
+++ b/src/chrome/content/rules/Eloqua-mismatches.xml
@@ -16,9 +16,7 @@
 				-->
 	<target host="www.useitandsee.com" />
 
-
-	<securecookie host=".*\.eloqua\.com$" name=".+" />
-	<securecookie host="(?:.*\.)?useitandsee\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://www\.useitandsee\.com/"
diff --git a/src/chrome/content/rules/Eloqua.xml b/src/chrome/content/rules/Eloqua.xml
index 68697f6eee17..c1702584081f 100644
--- a/src/chrome/content/rules/Eloqua.xml
+++ b/src/chrome/content/rules/Eloqua.xml
@@ -85,7 +85,7 @@ Fetch error: http://cloudconnectors.eloqua.com/ => https://cloudconnectors.eloqu
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Eloqua.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Eloqua.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Eloquent_JavaScript.net.xml b/src/chrome/content/rules/Eloquent_JavaScript.net.xml
index b73ccff178d3..4c84237c2d3b 100644
--- a/src/chrome/content/rules/Eloquent_JavaScript.net.xml
+++ b/src/chrome/content/rules/Eloquent_JavaScript.net.xml
@@ -1,19 +1,13 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://eloquentjavascript.net/ => https://eloquentjavascript.net/: (51, "SSL: no alternative certificate subject name matches target host name 'eloquentjavascript.net'")
-Fetch error: http://www.eloquentjavascript.net/ => https://www.eloquentjavascript.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eloquentjavascript.net'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://eloquentjavascript.net/ => https://eloquentjavascript.net/: (51, "SSL: no alternative certificate subject name matches target host name 'eloquentjavascript.net'")
-Fetch error: http://www.eloquentjavascript.net/ => https://www.eloquentjavascript.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eloquentjavascript.net'")
+	Wildcard DNS:
+		https://www.eloquentjavascript.net/Eloquent_JavaScript.pdf
 -->
-<ruleset name="Eloquent JavaScript.net" default_off='failed ruleset test'>
-
+<ruleset name="Eloquent_JavaScript.net">
 	<target host="eloquentjavascript.net" />
 	<target host="www.eloquentjavascript.net" />
+	<target host="fr.eloquentjavascript.net" />
 
+	<rule from="^http://www\.eloquentjavascript\.net/" to="https://eloquentjavascript.net/" />
 
 	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Elsevier_Health.com.au.xml b/src/chrome/content/rules/Elsevier_Health.com.au.xml
index 95fc99530408..d726a4a3fe39 100644
--- a/src/chrome/content/rules/Elsevier_Health.com.au.xml
+++ b/src/chrome/content/rules/Elsevier_Health.com.au.xml
@@ -8,7 +8,7 @@
 	<target host="www.elsevierhealth.com.au" />
 
 
-	<securecookie host="(?:.*\.)?elsevierhealth\.com\.au$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?elsevierhealth\.com\.au/"
diff --git a/src/chrome/content/rules/Elsevier_Health.com.xml b/src/chrome/content/rules/Elsevier_Health.com.xml
index b30dce56ff23..bc3db9e7f5f6 100644
--- a/src/chrome/content/rules/Elsevier_Health.com.xml
+++ b/src/chrome/content/rules/Elsevier_Health.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.elsevierhealth.com/ => https://www.elsevierhealth.com/:
 	* Mismatched
 
 -->
-<ruleset name="Elsevier Health.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Elsevier Health.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -39,7 +39,7 @@ Fetch error: http://www.elsevierhealth.com/ => https://www.elsevierhealth.com/:
 		<!--exclusion pattern="^http://secure\.jbs\.elsevierhealth\.com/$" /-->
 
 
-	<securecookie host="(?:.*\.)?elsevierhealth\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Emailvision.xml b/src/chrome/content/rules/Emailvision.xml
index d69d9425439a..e304d4907e18 100644
--- a/src/chrome/content/rules/Emailvision.xml
+++ b/src/chrome/content/rules/Emailvision.xml
@@ -26,7 +26,7 @@ Fetch error: http://emailvision.com/ => https://emailvision.com/: (60, 'SSL cert
 	* Works, mismatched, CN: *.emv3.com
 
 -->
-<ruleset name="Emailvision (partial)" default_off='failed ruleset test'>
+<ruleset name="Emailvision (partial)" default_off="failed ruleset test">
 
 	<target host="emailvision.com" />
 	<target host="*.emailvision.com" />
diff --git a/src/chrome/content/rules/Emap_Awards.xml b/src/chrome/content/rules/Emap_Awards.xml
index 5d1112e73cb1..98c6bffea01f 100644
--- a/src/chrome/content/rules/Emap_Awards.xml
+++ b/src/chrome/content/rules/Emap_Awards.xml
@@ -5,7 +5,7 @@ Fetch error: http://emapawards.com/ => https://emapawards.com/: (28, 'Connection
 Fetch error: http://www.emapawards.com/ => https://www.emapawards.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Emap Awards" default_off='failed ruleset test'>
+<ruleset name="Emap Awards" default_off="failed ruleset test">
 
 	<target host="emapawards.com" />
 	<target host="www.emapawards.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.emapawards.com/ => https://www.emapawards.com/: (28, 'Co
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Embed.ly.xml b/src/chrome/content/rules/Embed.ly.xml
index 122ea162ffa2..a7b6c069a25d 100644
--- a/src/chrome/content/rules/Embed.ly.xml
+++ b/src/chrome/content/rules/Embed.ly.xml
@@ -35,7 +35,7 @@ Fetch error: http://t.embed.ly/ => https://t.embed.ly/: (28, 'Operation timed ou
 		- api.embed.ly
 
 -->
-<ruleset name="Embed.ly (partial)" default_off='failed ruleset test'>
+<ruleset name="Embed.ly (partial)" default_off="failed ruleset test">
 
 	<target host="api.embed.ly" />
 	<target host="api-cdn.embed.ly" />
diff --git a/src/chrome/content/rules/Embedded_ARM.com.xml b/src/chrome/content/rules/Embedded_ARM.com.xml
index e5371b11f6cc..380e336c45cc 100644
--- a/src/chrome/content/rules/Embedded_ARM.com.xml
+++ b/src/chrome/content/rules/Embedded_ARM.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://embeddedarm.com/ => https://embeddedarm.com/: (51, "SSL: no
 	ʳ Refused
 
 -->
-<ruleset name="Embedded ARM.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Embedded ARM.com (partial)" default_off="failed ruleset test">
 
 	<target host="embeddedarm.com" />
 	<target host="www.embeddedarm.com" />
diff --git a/src/chrome/content/rules/Embedresponsively.com.xml b/src/chrome/content/rules/Embedresponsively.com.xml
new file mode 100644
index 000000000000..4a944041159e
--- /dev/null
+++ b/src/chrome/content/rules/Embedresponsively.com.xml
@@ -0,0 +1,15 @@
+<!--
+    Non-functional hosts:
+
+       Invalid certificate:
+
+       - ftp.embedresponsively.com
+       - ssh.embedresponsively.com
+
+-->
+<ruleset name="Embedresponsively.com">
+   <target host="embedresponsively.com" />
+   <target host="www.embedresponsively.com" />
+
+   <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emberjs.com.xml b/src/chrome/content/rules/Emberjs.com.xml
new file mode 100644
index 000000000000..ae79d83a8fe7
--- /dev/null
+++ b/src/chrome/content/rules/Emberjs.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		docs.emberjs.com
+		docs.edge.emberjs.com
+
+	Timeout:
+		builds.emberjs.com
+-->
+<ruleset name="Emberjs.com">
+
+	<target host="emberjs.com" />
+	<target host="www.emberjs.com" />
+	<target host="api.emberjs.com" />
+	<target host="api-store.emberjs.com" />
+	<target host="blog.emberjs.com" />
+	<target host="cli.emberjs.com" />
+	<target host="deprecations.emberjs.com" />
+	<target host="discuss.emberjs.com" />
+	<target host="fastboot.emberjs.com" />
+	<target host="guides.emberjs.com" />
+	<target host="help-wanted.emberjs.com" />
+	<target host="jobs.emberjs.com" />
+	<target host="octane-guides-preview.emberjs.com" />
+	<target host="tutorials.emberjs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Emcraft.com.xml b/src/chrome/content/rules/Emcraft.com.xml
index d6df253277f9..ca85ec053001 100644
--- a/src/chrome/content/rules/Emcraft.com.xml
+++ b/src/chrome/content/rules/Emcraft.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://order.emcraft.com/ => https://order.emcraft.com/: (6, 'Could not resolve host: order.emcraft.com')
 
 -->
-<ruleset name="Emcraft.com" default_off='failed ruleset test'>
+<ruleset name="Emcraft.com" default_off="failed ruleset test">
 
 	<target host="emcraft.com" />
 	<target host="order.emcraft.com" />
diff --git a/src/chrome/content/rules/Emediate.eu.xml b/src/chrome/content/rules/Emediate.eu.xml
deleted file mode 100644
index 851c18ef8322..000000000000
--- a/src/chrome/content/rules/Emediate.eu.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Emediate.eu">
-
-	<target host="eas4.emediate.eu" />
-	<target host="eas8.emediate.eu" />
-
-
-	<securecookie host="^eas4\.emediate\.eu$" name=".+" />
-	<securecookie host="^eas8\.emediate\.eu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Emerald.xml b/src/chrome/content/rules/Emerald.xml
index 880e98785072..9b460e703e57 100644
--- a/src/chrome/content/rules/Emerald.xml
+++ b/src/chrome/content/rules/Emerald.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://emeraldinsight.com/ => https://emeraldinsight.com/: Cycle detected - URL already encountered: https://emeraldinsight.com/action/cookieAbsent
 Fetch error: http://www.emeraldinsight.com/ => https://www.emeraldinsight.com/: Cycle detected - URL already encountered: https://www.emeraldinsight.com/action/cookieAbsent
 -->
-<ruleset name="Emerald" default_off='failed ruleset test'>
+<ruleset name="Emerald" default_off="failed ruleset test">
 
 	<target host="emeraldinsight.com" />
 	<target host="www.emeraldinsight.com" />
diff --git a/src/chrome/content/rules/EmergeConference.ca.xml b/src/chrome/content/rules/EmergeConference.ca.xml
new file mode 100644
index 000000000000..5d9d6819dd2b
--- /dev/null
+++ b/src/chrome/content/rules/EmergeConference.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="EmergeConference.ca">
+	<target host="emergeconference.ca" />
+	<target host="www.emergeconference.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Employease.xml b/src/chrome/content/rules/Employease.xml
deleted file mode 100644
index 977372206ab1..000000000000
--- a/src/chrome/content/rules/Employease.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Automatic Data Processing coverage, see Automatic_Data_Processing.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Employease (partial)">
-
-	<target host="adp.eease.com" />
-	<target host="home.eease.com" />
-
-
-	<securecookie host="^(?:adp|home)\.eease\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Employeeexpress.gov.xml b/src/chrome/content/rules/Employeeexpress.gov.xml
deleted file mode 100644
index 73f01543008b..000000000000
--- a/src/chrome/content/rules/Employeeexpress.gov.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://employeeexpress.gov/ (200) => https://www.employeeexpress.gov/ (403)
-
--->
-<ruleset name="Employeeexpress.gov" default_off='failed ruleset test'>
-	<target host="employeeexpress.gov" />
-	<target host="www.employeeexpress.gov" />
-
-	<securecookie host="^(?:www\.)?employeeexpress\.gov$" name=".+" />
-
-	<rule from="^http://(?:www\.)?employeeexpress\.gov/" to="https://www.employeeexpress.gov/" />
-</ruleset>
diff --git a/src/chrome/content/rules/EmploymentLaw101.ca.xml b/src/chrome/content/rules/EmploymentLaw101.ca.xml
new file mode 100644
index 000000000000..1bf643392672
--- /dev/null
+++ b/src/chrome/content/rules/EmploymentLaw101.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="EmploymentLaw101.ca">
+	<target host="employmentlaw101.ca" />
+	<target host="www.employmentlaw101.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emptypage.jp.xml b/src/chrome/content/rules/Emptypage.jp.xml
new file mode 100644
index 000000000000..f7fdb889d546
--- /dev/null
+++ b/src/chrome/content/rules/Emptypage.jp.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+	- fuyugomori.emptypage.jp
+	- pearlyhailstone.emptypage.jp
+
+	Invalid certificate:
+		- tumblr.emptypage.jp
+-->
+
+<ruleset name="Emptypage.jp">
+	<target host="emptypage.jp" />
+	<target host="www.emptypage.jp" />
+	<target host="blog.emptypage.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emsisoft.com.xml b/src/chrome/content/rules/Emsisoft.com.xml
index e20af8fd8f09..f7bff14c9c82 100644
--- a/src/chrome/content/rules/Emsisoft.com.xml
+++ b/src/chrome/content/rules/Emsisoft.com.xml
@@ -15,7 +15,11 @@
 -->
 <ruleset name="Emsisoft (partial)">
 	<target host="emsisoft.com" />
-	<target host="*.emsisoft.com" />
+	<target host="blog.emsisoft.com" />
+	<target host="cc.emsisoft.com" />
+	<target host="changeblog.emsisoft.com" />
+	<target host="support.emsisoft.com" />
+	<target host="www.emsisoft.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -35,6 +39,6 @@
 	<securecookie host="^(?:support|www)\.emsisoft\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|cc|changeblog|support|www)\.)?emsisoft\.com/" to="https://$1emsisoft.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/EmuNewz-Network.xml b/src/chrome/content/rules/EmuNewz-Network.xml
deleted file mode 100644
index f9cfc545fd58..000000000000
--- a/src/chrome/content/rules/EmuNewz-Network.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<ruleset name="EmuNewz Network" default_off="mismatched">
-
-	<!--	Cert: www.codebackbone.com	-->
-	<target host="arcadeflex.com" />
-	<target host="www.arcadeflex.com" />
-	<target host="emunewz.net" />
-	<target host="www.emunewz.net" />
-	<!--	* for cross-domain cookies.	-->
-	<target host="*.www.emunews.net" />
-	<target host="jpcsp.org" />
-	<target host="www.jpcsp.org" />
-	<target host="pcsp-emu.com" />
-	<target host="www.pcsp-emu.com" />
-	<target host="pspudb.com" />
-	<!--	Ditto	-->
-	<target host="*.pspudb.com" />
-	<target host="yaupspe.com" />
-	<target host="www.yaupspe.com" />
-
-
-	<securecookie host="^.*\.emunews\.net$" name=".+" />
-	<securecookie host="^.*\.p(?:csp-emu|spudb)\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(arcadeflex|pcsp-emu|pspudb|yaupspe)\.com/"
-		to="https://$1.com/" />
-
-	<rule from="^http://(?:www\.)?emunewz\.net/"
-		to="https://emunewz.net/" />
-
-	<rule from="^http://(?:www\.)?jpcsp\.org/"
-		to="https://jpcsp.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EmuNewz.net.xml b/src/chrome/content/rules/EmuNewz.net.xml
new file mode 100644
index 000000000000..583925b6a3be
--- /dev/null
+++ b/src/chrome/content/rules/EmuNewz.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="EmuNewz.net">
+
+	<target host="emunewz.net" />
+	<target host="www.emunewz.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/EmulationStation.org.xml b/src/chrome/content/rules/EmulationStation.org.xml
new file mode 100644
index 000000000000..5ea869c7a96d
--- /dev/null
+++ b/src/chrome/content/rules/EmulationStation.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Problematic subdomains:
+		- www (mismatched, CN = emulationstation.org)
+-->
+
+<ruleset name="EmulationStation.org">
+	<target host="emulationstation.org" />
+	<target host="www.emulationstation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.emulationstation\.org/" to="https://emulationstation.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Emulex.xml b/src/chrome/content/rules/Emulex.xml
index f9a67a3b4366..e5107fd1dc6f 100644
--- a/src/chrome/content/rules/Emulex.xml
+++ b/src/chrome/content/rules/Emulex.xml
@@ -6,16 +6,16 @@ Fetch error: http://emulex.com/ => https://emulex.com/: (51, "SSL: no alternativ
 Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://emulex.com/ (200) => https://emulex.com/ (303)
 -->
-<ruleset name="Emulex" default_off='failed ruleset test'>
+<ruleset name="Emulex" default_off="failed ruleset test">
 
 	<target host="emulex.com" />
-	<target host="*.emulex.com" />
+	<target host="www.emulex.com" />
+	<target host="wwwqa.emulex.com" />
 
 
-	<securecookie host="^(?:.*\.)?emulex\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www(?:qa)?\.)?emulex\.com/"
-		to="https://$1emulex.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/En-Pro.com.xml b/src/chrome/content/rules/En-Pro.com.xml
new file mode 100644
index 000000000000..3f55049606cf
--- /dev/null
+++ b/src/chrome/content/rules/En-Pro.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Connection refused:
+		- autodiscover.en-pro.com
+-->
+
+<ruleset name="En-Pro.com">
+	<target host="en-pro.com" />
+	<target host="www.en-pro.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Enalean.com.xml b/src/chrome/content/rules/Enalean.com.xml
deleted file mode 100644
index 63bdaa4f7666..000000000000
--- a/src/chrome/content/rules/Enalean.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	These altnames don't exist:
-
-		- www.my.enalean.com
-
-
-	Insecure cookies are set for these domains:
-
-		- my.enalean.com
-
--->
-<ruleset name="Enalean.com">
-
-	<target host="enalean.com" />
-	<target host="my.enalean.com" />
-	<target host="www.enalean.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^my\.enalean\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^my\.enalean\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Encipher.It.xml b/src/chrome/content/rules/Encipher.It.xml
index e76558cd5970..d36105750cd0 100644
--- a/src/chrome/content/rules/Encipher.It.xml
+++ b/src/chrome/content/rules/Encipher.It.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.encipher.it/ => https://www.encipher.it/: (51, "SSL: no
 		- www.encipher.it
 
 -->
-<ruleset name="Encipher.It" default_off='failed ruleset test'>
+<ruleset name="Encipher.It" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Encosia.xml b/src/chrome/content/rules/Encosia.xml
index a0f89cceb317..defd93a8658a 100644
--- a/src/chrome/content/rules/Encosia.xml
+++ b/src/chrome/content/rules/Encosia.xml
@@ -7,11 +7,11 @@ Fetch error: http://www.encosia.com/ => https://www.encosia.com/: (35, 'error:14
 	Mismatch:
 		- i
 -->
-<ruleset name="Encosia" default_off='failed ruleset test'>
+<ruleset name="Encosia" default_off="failed ruleset test">
 	<target host="encosia.com" />
 	<target host="www.encosia.com" />
 
-	<securecookie host="^(?:.+\.)?encosia\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/EncryptEverything.ca.xml b/src/chrome/content/rules/EncryptEverything.ca.xml
new file mode 100644
index 000000000000..44fe034af111
--- /dev/null
+++ b/src/chrome/content/rules/EncryptEverything.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="EncryptEverything.ca">
+	<target host="encrypteverything.ca" />
+	<target host="www.encrypteverything.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Encrypt_Everything.ca.xml b/src/chrome/content/rules/Encrypt_Everything.ca.xml
deleted file mode 100644
index 0c542ae8ec7e..000000000000
--- a/src/chrome/content/rules/Encrypt_Everything.ca.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://encrypteverything.ca/ => https://encrypteverything.ca/: (7, 'Failed to connect to encrypteverything.ca port 443: Connection refused')
-Fetch error: http://www.encrypteverything.ca/ => https://www.encrypteverything.ca/: (7, 'Failed to connect to www.encrypteverything.ca port 443: Connection refused')
-
--->
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://encrypteverything.ca/ => https://encrypteverything.ca/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.encrypteverything.ca/ => https://www.encrypteverything.ca/: (60, 'SSL certificate problem: certificate has expired')
-
--->
-<ruleset name="Encrypt Everything.ca" default_off='failed ruleset test'>
-
-	<target host="encrypteverything.ca" />
-	<target host="www.encrypteverything.ca" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Encryptmas.org.xml b/src/chrome/content/rules/Encryptmas.org.xml
index b5850d15f3ed..1336fa1663c9 100644
--- a/src/chrome/content/rules/Encryptmas.org.xml
+++ b/src/chrome/content/rules/Encryptmas.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://encryptmas.org/ => https://encryptmas.org/: (60, 'SSL certif
 Fetch error: http://www.encryptmas.org/ => https://www.encryptmas.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Encryptmas.org" default_off='failed ruleset test'>
+<ruleset name="Encryptmas.org" default_off="failed ruleset test">
 
 	<target host="encryptmas.org" />
 	<target host="www.encryptmas.org" />
diff --git a/src/chrome/content/rules/Encryptr.org.xml b/src/chrome/content/rules/Encryptr.org.xml
index 5a233245ccef..2b7d0ae1890c 100644
--- a/src/chrome/content/rules/Encryptr.org.xml
+++ b/src/chrome/content/rules/Encryptr.org.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.encryptr.org/ => https://www.encryptr.org/: (7, 'Failed
 		- secure.encryptr.org
 
 -->
-<ruleset name="Encryptr.org" default_off='failed ruleset test'>
+<ruleset name="Encryptr.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Encyclopatia.ru.xml b/src/chrome/content/rules/Encyclopatia.ru.xml
new file mode 100644
index 000000000000..9c27f073efe0
--- /dev/null
+++ b/src/chrome/content/rules/Encyclopatia.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Encyclopatia.ru">
+	<target host="encyclopatia.ru" />
+	<target host="www.encyclopatia.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Encyclopedia_Dramatica.xml b/src/chrome/content/rules/Encyclopedia_Dramatica.xml
deleted file mode 100644
index b04f10062b7f..000000000000
--- a/src/chrome/content/rules/Encyclopedia_Dramatica.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Encyclopedia Dramatica.se">
-
-	<target host="encyclopediadramatica.se" />
-	<target host="images.encyclopediadramatica.se" />
-	<target host="static.encyclopediadramatica.se" />
-	<target host="www.encyclopediadramatica.se" />
-
-
-	<securecookie host="^\.?encyclopediadramatica\.se$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EndNote_Web.xml b/src/chrome/content/rules/EndNote_Web.xml
index 8685d1e4a2db..fca8196f2439 100644
--- a/src/chrome/content/rules/EndNote_Web.xml
+++ b/src/chrome/content/rules/EndNote_Web.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Endace.xml b/src/chrome/content/rules/Endace.xml
index 886b8aa5de9e..05626a8c1ed3 100644
--- a/src/chrome/content/rules/Endace.xml
+++ b/src/chrome/content/rules/Endace.xml
@@ -9,7 +9,8 @@ Fetch error: http://endace.com/ => https://www.endace.com/: (6, 'Could not resol
 <ruleset name="Endace">
 
 	<target host="endace.com" />
-	<target host="*.endace.com" />
+	<target host="www.endace.com" />
+	<target host="support.endace.com" />
 
 
 	<securecookie host="^.*\.endace\.com$" name=".+" />
@@ -21,7 +22,6 @@ Fetch error: http://endace.com/ => https://www.endace.com/: (6, 'Could not resol
 		to="https://www.endace.com/" />
 
 
-	<rule from="^http://support\.endace\.com/"
-		to="https://support.endace.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Endchan.xyz.xml b/src/chrome/content/rules/Endchan.xyz.xml
deleted file mode 100644
index fd1165cd9fbd..000000000000
--- a/src/chrome/content/rules/Endchan.xyz.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Endchan.xyz">
-	<target host="endchan.xyz" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Endrift.com.xml b/src/chrome/content/rules/Endrift.com.xml
index c22fff6b47cf..55ab84cdb80d 100644
--- a/src/chrome/content/rules/Endrift.com.xml
+++ b/src/chrome/content/rules/Endrift.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.endrift.com/ => https://www.endrift.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.endrift.com'")
 
 -->
-<ruleset name="Endrift.com" default_off='failed ruleset test'>
+<ruleset name="Endrift.com" default_off="failed ruleset test">
 
 	<target host="endrift.com" />
 	<target host="www.endrift.com" />
diff --git a/src/chrome/content/rules/Energetix.xml b/src/chrome/content/rules/Energetix.xml
index 1a83aa30fbe4..f00dc0f76fc9 100644
--- a/src/chrome/content/rules/Energetix.xml
+++ b/src/chrome/content/rules/Energetix.xml
@@ -8,7 +8,7 @@ Fetch error: http://files.goenergetix.com/ => https://files.goenergetix.com/: (6
 		- blog		(shows RHEL test page)
 
 -->
-<ruleset name="Energetix (partial)" default_off='failed ruleset test'>
+<ruleset name="Energetix (partial)" default_off="failed ruleset test">
 
 	<target host="goenergetix.com" />
 	<target host="files.goenergetix.com" />
@@ -20,4 +20,4 @@ Fetch error: http://files.goenergetix.com/ => https://files.goenergetix.com/: (6
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EnergiWatch.xml b/src/chrome/content/rules/EnergiWatch.xml
index 65576c7d27a6..19c0a9cd0a40 100644
--- a/src/chrome/content/rules/EnergiWatch.xml
+++ b/src/chrome/content/rules/EnergiWatch.xml
@@ -6,7 +6,7 @@
 
 	www: Mismatched
 
-	
+
 	Remark:
 		This page gets content from other *watch.dk-domains,
 		not all of which work flawlessly with HTTPS Everywhere
diff --git a/src/chrome/content/rules/Energy.gov.xml b/src/chrome/content/rules/Energy.gov.xml
index 42029f94ca7f..c4b90b675e3b 100644
--- a/src/chrome/content/rules/Energy.gov.xml
+++ b/src/chrome/content/rules/Energy.gov.xml
@@ -115,7 +115,7 @@ Fetch error: http://www3.energy.gov/ => https://www3.energy.gov/: (6, 'Could not
 	* See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Energy.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="Energy.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/EnergyMadeEasy.xml b/src/chrome/content/rules/EnergyMadeEasy.xml
index 5945dca6ff38..06a2a368f907 100644
--- a/src/chrome/content/rules/EnergyMadeEasy.xml
+++ b/src/chrome/content/rules/EnergyMadeEasy.xml
@@ -1,7 +1,7 @@
 <ruleset name="Energy Made Easy">
 	<target host="energymadeeasy.gov.au" />
-	<target host="*.energymadeeasy.gov.au" />
+	<target host="www.energymadeeasy.gov.au" />
 
 	<rule from="^http://(?:www\.)?energymadeeasy\.gov\.au/"
 		to="https://www.energymadeeasy.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Energy_Live_News.com.xml b/src/chrome/content/rules/Energy_Live_News.com.xml
index 15d0de6b3f27..934988565de6 100644
--- a/src/chrome/content/rules/Energy_Live_News.com.xml
+++ b/src/chrome/content/rules/Energy_Live_News.com.xml
@@ -17,7 +17,7 @@
 <ruleset name="Energy Live News.com" default_off="expired, self-signed">
 
 	<target host="energylivenews.com" />
-	<target host="*.energylivenews.com" />
+	<target host="www.energylivenews.com" />
 
 
 	<securecookie host="^\.energylivenews\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Engadget.com.xml b/src/chrome/content/rules/Engadget.com.xml
index 1081f1173d24..c6a174622817 100644
--- a/src/chrome/content/rules/Engadget.com.xml
+++ b/src/chrome/content/rules/Engadget.com.xml
@@ -2,51 +2,30 @@
 	For other AOL coverage, see AOL.xml.
 
 
-	CDN buckets:
-
-		- v4.engadget.com.aol.akadns.net
-
-			- alt.engadget.com
-			- hd.engadget.com
-			- mobile.engadget.com
-			- www.engadget.com
-
-
 	Nonfunctional hosts in *engadget.com:
 
-		- alt ¹
-		- de ¹
-		- hd ¹
-		- m ¹
-		- mobile ¹
+		- feeds ¹
 
 	¹ Refused
 
-
-	^engadget.com: Refused
-
 -->
-<ruleset name="Engadget.com (partial)">
+<ruleset name="Engadget.com">
 
 	<!--	Direct rewrites:
 				-->
-	<target host="www.engadget.com" />
-
-	<!--	Complications:
-				-->
 	<target host="engadget.com" />
+	<target host="www.engadget.com" />
+	<target host="chinese.engadget.com" />
+	<target host="cn.engadget.com" />
+	<target host="de.engadget.com" />
+	<target host="guce.engadget.com" />
+	<target host="japanese.engadget.com" />
+	<target host="live.engadget.com" />
 
 
 	<!--	Not secured by server:
 					-->
-	<!--securecookie host="^\.engadget\.com$" name="^gdgt_edition$" /-->
-
-	<securecookie host="^\." name="^gdgt_edition$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://engadget\.com/"
-		to="https://www.engadget.com/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/EngageSciences.xml b/src/chrome/content/rules/EngageSciences.xml
index 49cf30eff3ea..5a80bf295f76 100644
--- a/src/chrome/content/rules/EngageSciences.xml
+++ b/src/chrome/content/rules/EngageSciences.xml
@@ -11,7 +11,7 @@ Fetch error: http://engagesciences.com/ => https://engagesciences.com/: (7, 'Fai
 		- (www.)ngx.me		(shows another domain; mismatched, CN: *.engagesciences.com)
 
 -->
-<ruleset name="EngageSciences (partial)" default_off='failed ruleset test'>
+<ruleset name="EngageSciences (partial)" default_off="failed ruleset test">
 
 	<target host="engagesciences.com" />
 	<target host="app.engagesciences.com" />
@@ -23,4 +23,4 @@ Fetch error: http://engagesciences.com/ => https://engagesciences.com/: (7, 'Fai
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml b/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml
index 1acab86e6ae3..c0d7ae0c75db 100644
--- a/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml
+++ b/src/chrome/content/rules/Engaged_Doncaster.co.uk.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.doncaster.engagedoncaster.co.uk/ => https://www.doncaste
 	For other UK government coverage, see GOV.UK.xml.
 
 -->
-<ruleset name="Engaged Doncaster.co.uk" default_off='failed ruleset test'>
+<ruleset name="Engaged Doncaster.co.uk" default_off="failed ruleset test">
 
 	<target host="engagedoncaster.co.uk" />
 	<target host="commonroom.engagedoncaster.co.uk" />
diff --git a/src/chrome/content/rules/Engineering.com.xml b/src/chrome/content/rules/Engineering.com.xml
index f250e3e570ef..78c1bfbfb0cd 100644
--- a/src/chrome/content/rules/Engineering.com.xml
+++ b/src/chrome/content/rules/Engineering.com.xml
@@ -1,24 +1,11 @@
-<!--
-	CDN buckets:
-
-		- d2gm6q2bvqrwiz.cloudfront.net
-
-			- file2
-
-
-	Some pages redirect to http.
-
--->
 <ruleset name="Engineering.com (partial)">
 
 	<target host="engineering.com" />
-	<target host="*.engineering.com" />
-
-
-	<rule from="^http://(www\.)?engineering\.com/(?=[dD]esktop[mM]odules/|favicon\.ico|js/|Login\.aspx|Portals/|[rR]esources/|(?:Telerik\.Web\.UI\.)?WebResource\.axd)"
-		to="https://$1engineering.com/" />
+	<target host="www.engineering.com" />
+	<target host="file1.engineering.com" />
+	<test url="http://file1.engineering.com/scripts/jquery.hoverIntent.min.js" />
+	<target host="file2.engineering.com" />
 
-	<rule from="^http://file2\.engineering\.com/"
-		to="https://d2gm6q2bvqrwiz.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/English-Country-Cottages.co.uk.xml b/src/chrome/content/rules/English-Country-Cottages.co.uk.xml
index 0577b5756cab..0b25e4bb5554 100644
--- a/src/chrome/content/rules/English-Country-Cottages.co.uk.xml
+++ b/src/chrome/content/rules/English-Country-Cottages.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/English-Heritage_shop.org.uk.xml b/src/chrome/content/rules/English-Heritage_shop.org.uk.xml
index 21e98b2c7f6f..693cefaa4f68 100644
--- a/src/chrome/content/rules/English-Heritage_shop.org.uk.xml
+++ b/src/chrome/content/rules/English-Heritage_shop.org.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.english-heritageshop.org.uk/ => https://www.english-heri
 	CN: www.safepayments.com
 
 -->
-<ruleset name="English-Heritage shop.org.uk" default_off='failed ruleset test'>
+<ruleset name="English-Heritage shop.org.uk" default_off="failed ruleset test">
 
 	<target host="english-heritageshop.org.uk" />
 	<target host="www.english-heritageshop.org.uk" />
diff --git a/src/chrome/content/rules/EnglishPage.com.xml b/src/chrome/content/rules/EnglishPage.com.xml
new file mode 100644
index 000000000000..fe7f99f4adca
--- /dev/null
+++ b/src/chrome/content/rules/EnglishPage.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="EnglishPage.com">
+	<target host="englishpage.com" />
+	<target host="www.englishpage.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EnhancedSteam.com.xml b/src/chrome/content/rules/EnhancedSteam.com.xml
deleted file mode 100644
index c2333c2c79da..000000000000
--- a/src/chrome/content/rules/EnhancedSteam.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid certificate:
-		translation.enhancedsteam.com
--->
-<ruleset name="EnhancedSteam.com">
-	<target host="enhancedsteam.com" />
-	<target host="www.enhancedsteam.com" />
-	<target host="api.enhancedsteam.com" />
-	<target host="firefox.enhancedsteam.com" />
-
-	<securecookie host="^(www|api|firefox)\.enhancedsteam\.com$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Enigmabox.net.xml b/src/chrome/content/rules/Enigmabox.net.xml
deleted file mode 100644
index 584eb21d3327..000000000000
--- a/src/chrome/content/rules/Enigmabox.net.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Fully covered hosts in *enigmabox.net:
-
-		- (www.)?
-		- wiki
-
-
-	Insecure cookies are set for these hosts:
-
-		- wiki.enigmabox.net
-
--->
-<ruleset name="Enigmabox.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="enigmabox.net" />
-	<target host="wiki.enigmabox.net" />
-	<target host="www.enigmabox.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^wiki\.enigmabox\.net$" name="^(DW[\da-f]{32}|DokuWiki)$" /-->
-
-	<securecookie host="^wiki\.enigmabox\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Enjin.xml b/src/chrome/content/rules/Enjin.xml
index 329dbd266934..170bde252cd9 100644
--- a/src/chrome/content/rules/Enjin.xml
+++ b/src/chrome/content/rules/Enjin.xml
@@ -1,47 +1,38 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://dracokraft.enjin.com/ => https://dracokraft.enjin.com/: Too many redirects while fetching 'https://dracokraft.enjin.com/'
+	IMPORTANT INFORMATION:
 
-	CDN buckets:
-		- s3.amazonaws.com/files.enjin.com/
+	Sites, developed by the public, created on the Enjin Network have the ability to force
+	HTTP or HTTPS themselves. If they enable HTTPS, the site will automatically force a
+	HTTPS connection. You cannot add a rule to force HTTPS for sites that specifically
+	request to force the HTTP protocol, doing so will cause a redirect loop
+	(between the HTTP and HTTPS protocols) to occur.
 
-		- d2umfjgc9kwn9b.cloudfront.net
-			- assets-cloud.enjin.com
+	This functionality may be altered in the near future to ensure all sites use HTTPS and proxy
+	insecure material (such as scripts, stylesheets and images) through a HTTPS-enabled proxy.
 -->
-<ruleset name="Enjin" platform="mixedcontent" default_off='failed ruleset test'>
-	<target host="enjin.com" />
-	<target host="*.enjin.com" />
-	<target host="resources.guild-hosting.net" />
-	
-	<test url="http://www.enjin.com/" />
-	<test url="http://assets-cloud.enjin.com/" />
-	<test url="http://support.enjin.com/" />
-	<test url="http://files.enjin.com/" />
-	<test url="http://townywarriorsmc.enjin.com/" />
-	<test url="http://www.townywarriorsmc.enjin.com/" />
-	<test url="http://dracokraft.enjin.com/" />
-	<test url="http://www.dracokraft.enjin.com/" />
-
-	<!--	Guild subdomains set wildcard cookies. In
-		order to secure them, we'd have to target
-		each and every guild's subdomain...
-							-->
-	<securecookie host="^(?:.*\.)?enjin\.com$" name=".+" />
-
-	<rule from="^http://assets-cloud\.enjin\.com/"
-		to="https://d2umfjgc9kwn9b.cloudfront.net/" />
 
-	<rule from="^http://files\.enjin\.com/"
-		to="https://s3.amazonaws.com/files.enjin.com/" />
-
-	<!--	Guilds have unique subdomains.
-						-->
-	<rule from="^http://(www\.)?([\w-]+\.)?enjin\.com/"
-		to="https://$2enjin.com/" />
-
-	<!--	CN: *.enjin.com
-				-->
-	<rule from="^http://resources\.guild-hosting\.net/"
-		to="https://resources.enjin.com/" />
+<ruleset name="Enjin" platform="mixedcontent">
+	<!-- Enjin Network -->
+	<target host="enjin.com" />
+	<target host="www.enjin.com" />
+	<target host="support.enjin.com" />
+	<target host="id.enjin.com" />
+	<target host="api.enjin.com" />
+
+	<!-- CDN Rules -->
+	<target host="assets-cloud.enjin.com" />
+	<target host="files-cloud.enjin.com" />
+	<target host="images-cloud.enjin.com" />
+	<target host="assets.enjin.com" />
+	<target host="files.enjin.com" />
+	<target host="images.enjin.com" />
+
+	<test url="http://assets-cloud.enjin.com/ext/test.html" />
+	<test url="http://assets.enjin.com/ext/test.html" />
+	<test url="http://files-cloud.enjin.com/ext/test.html" />
+	<test url="http://files.enjin.com/ext/test.html" />
+	<test url="http://images-cloud.enjin.com/ext/test.html" />
+	<test url="http://images.enjin.com/ext/test.html" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Enlightened_Perl.org.xml b/src/chrome/content/rules/Enlightened_Perl.org.xml
deleted file mode 100644
index 22a20bbcd7dd..000000000000
--- a/src/chrome/content/rules/Enlightened_Perl.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	^: 401
-	www: DreamHost
-
--->
-<ruleset name="Enlightened Perl.org (partial)">
-
-	<target host="members.enlightenedperl.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Enlightenment.org.xml b/src/chrome/content/rules/Enlightenment.org.xml
new file mode 100644
index 000000000000..10b229bcbd6e
--- /dev/null
+++ b/src/chrome/content/rules/Enlightenment.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Content mismatch:
+		ci.enlightenment.org
+		e5.enlightenment.org
+		lists.enlightenment.org
+
+	Invalid certificate:
+		smtp.enlightenment.org
+
+	Timeout:
+		e5v1.enlightenment.org
+		e5v2.enlightenment.org
+-->
+<ruleset name="Enlightenment.org">
+
+	<target host="enlightenment.org" />
+	<target host="www.enlightenment.org" />
+	<target host="docs.enlightenment.org" />
+	<target host="download.enlightenment.org" />
+	<target host="git.enlightenment.org" />
+	<target host="phab.enlightenment.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Enom.xml b/src/chrome/content/rules/Enom.xml
index 92d4d6ac1c52..e12cc6f3af7b 100644
--- a/src/chrome/content/rules/Enom.xml
+++ b/src/chrome/content/rules/Enom.xml
@@ -1,64 +1,11 @@
 <!--
 	For other Demand Media coverage, see Demand-Media.xml.
-
-
-	Many pages redirect to http, though there may
-	be more than are handled here that don't.
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.enom.com
-
-
-	Mixed content:
-
-		- Image on www from $self *
-
-	* Secured by us
-
 -->
 <ruleset name="eNom.com (partial)">
 
 	<target host="enom.com" />
 	<target host="www.enom.com" />
 
-		<exclusion pattern="^http://www\.enom\.com/(?!login|signup/).*\.aspx(?:$|\?)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.enom.com/about-us.aspx" />
-			<test url="http://www.enom.com/affiliate.aspx" />
-			<test url="http://www.enom.com/default.aspx" />
-			<test url="http://www.enom.com/resellers/benefits-pricingplans.aspx" />
-			<test url="http://www.enom.com/services.aspx" />
-			<test url="http://www.enom.com/site-map.aspx" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.enom.com/_images/2015/enom.png" />
-			<test url="http://www.enom.com/captchautil/Captcha.aspx?annc=" />
-			<test url="http://www.enom.com/help" />
-			<test url="http://www.enom.com/login.aspx" />
-
-		<!--	500:
-				-->
-		<exclusion pattern="^http://(?:www\.)?enom\.com/kb(?:$|[?/])" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.enom.com/kb" />
-			<test url="http://www.enom.com/kb/Resources/Images/enom-logo-onblue_60x17.png" />
-			<test url="http://www.enom.com/kb/kb/kb_2000-phishing-alert.htm" />
-			<test url="http://www.enom.com/kb?" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.enom\.com$" name="^(?:ASP\.NET_SessionId|BIGipServer.*)$" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EnricoZini.org.xml b/src/chrome/content/rules/EnricoZini.org.xml
new file mode 100644
index 000000000000..08f31c14377f
--- /dev/null
+++ b/src/chrome/content/rules/EnricoZini.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Wrong server:
+		- cal.enricozini.org
+-->
+
+<ruleset name="EnricoZini.org">
+	<target host="enricozini.org" />
+	<target host="www.enricozini.org" />
+
+ 	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ensighten.com.xml b/src/chrome/content/rules/Ensighten.com.xml
new file mode 100644
index 000000000000..6e63df7bc6b4
--- /dev/null
+++ b/src/chrome/content/rules/Ensighten.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ui.ensighten.com
+
+-->
+<ruleset name="Ensighten.com">
+
+	<target host="ensighten.com" />
+	<target host="www.ensighten.com" />
+	<target host="manage.ensighten.com" />
+	<target host="nexus.ensighten.com" />
+		<test url="http://nexus.ensighten.com/mobile2/ios/html/sbs/sbstwgios/default/tag_container.html?cid=trending" />
+	<target host="success.ensighten.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ensighten.xml b/src/chrome/content/rules/Ensighten.xml
deleted file mode 100644
index 0b793c9e6cb3..000000000000
--- a/src/chrome/content/rules/Ensighten.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Ensighten">
-
-	<target host="ensighten.com" />
-	<target host="*.ensighten.com" />
-
-
-	<securecookie host="^ui\.ensighten\.com$" name=".+" />
-
-
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?ensighten\.com/"
-		to="https://www.ensighten.com/" />
-
-	<rule from="^http://(nexus|ui)\.ensighten\.com/"
-		to="https://$1.ensighten.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml b/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml
index 6773e2bc09eb..b0af3142d350 100644
--- a/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml
+++ b/src/chrome/content/rules/Enterprise_CIO_Forum.com.xml
@@ -6,7 +6,8 @@
 <ruleset name="Enterprise CIO Forum.com" default_off="expired, mismatched, self-signed">
 
 	<target host="enterprisecioforum.com" />
-	<target host="*.enterprisecioforum.com" />
+	<target host="cdn.enterprisecioforum.com" />
+	<target host="www.enterprisecioforum.com" />
 
 
 	<securecookie host="^www\.enterprisecioforum\.com$" name=".+" />
@@ -15,4 +16,4 @@
 	<rule from="^http://(?:cdn\.|www\.)?enterprisecioforum\.com/"
 		to="https://www.enterprisecioforum.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Entertainment-Consumers-Association-mismatches.xml b/src/chrome/content/rules/Entertainment-Consumers-Association-mismatches.xml
deleted file mode 100644
index c7bba34dbe88..000000000000
--- a/src/chrome/content/rules/Entertainment-Consumers-Association-mismatches.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Entertainment Consumer's Association (mismatches)" default_off="mismatched">
-
-	<!--	cert:	theeca.com	-->
-	<target host="ecaforums.com"/>
-	<target host="www.ecaforums.com"/>
-
-	<rule from="^http://(?:www\.)ecaforums\.com/((?:fil|modul|sit)e|newsletter)s/"
-		to="https://www.ecaforums.com/$1s/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Entertainment-Consumers-Association.xml b/src/chrome/content/rules/Entertainment-Consumers-Association.xml
deleted file mode 100644
index 893eb19c6539..000000000000
--- a/src/chrome/content/rules/Entertainment-Consumers-Association.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--	theecareportsdev2010.ecasitebuild.com
-
-	!functional:
-		- (www.)gameculture.com		(cert: www.theeca.com; 404)
-		- (www.)gamepolitics.com	(ditto)
-
-	See Entertainment-Consumers-Association-mismatches for problematic rules.
--->
-<ruleset name="Entertainment Consumer's Association (partial)" platform="mixedcontent">
-
-	<target host="theeca.com"/>
-	<target host="*.theeca.com"/>
-
-
-	<!--	Tracking cookies from ssl.google-analytics.com:
-								-->
-	<securecookie host="^\.theeca\.com$" name="__utm\w$" />
-
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)theeca\.com/(favicon\.ico|files/|misc/|modules/|newsletters/|sites/)"
-		to="https://www.theeca.com/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Entertainment.ie.xml b/src/chrome/content/rules/Entertainment.ie.xml
index 81c747e40299..58088e168957 100644
--- a/src/chrome/content/rules/Entertainment.ie.xml
+++ b/src/chrome/content/rules/Entertainment.ie.xml
@@ -11,10 +11,11 @@ Fetch error: http://entertainment.ie/ => https://entertainment.ie/: Cycle detect
 		- www		(500, valid cert)
 
 -->
-<ruleset name="entertainment.ie" default_off='failed ruleset test'>
+<ruleset name="entertainment.ie" default_off="failed ruleset test">
 
 	<target host="entertainment.ie" />
-	<target host="*.entertainment.ie" />
+	<target host="images.entertainment.ie" />
+	<target host="www.entertainment.ie" />
 
 
 	<securecookie host="^entertainment\.ie$" name=".+" />
@@ -23,4 +24,4 @@ Fetch error: http://entertainment.ie/ => https://entertainment.ie/: Cycle detect
 	<rule from="^http://(?:images\.|www\.)?entertainment\.ie/"
 		to="https://entertainment.ie/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Entertainment_Weekly.xml b/src/chrome/content/rules/Entertainment_Weekly.xml
index c852c8ce823a..55090ff5d01a 100644
--- a/src/chrome/content/rules/Entertainment_Weekly.xml
+++ b/src/chrome/content/rules/Entertainment_Weekly.xml
@@ -16,7 +16,9 @@
 <ruleset name="Entertainment Weekly (partial)" default_off="mismatched">
 
 	<target host="ew.com" />
-	<target host="*.ew.com" />
+	<target host="www.ew.com" />
+	<target host="popwatch.ew.com" />
+	<target host="tvrecaps.ew.com" />
 
 
 	<securecookie host="^\.ew\.com$" name=".+" />
@@ -25,7 +27,6 @@
 	<rule from="^http://(?:www\.)?ew\.com/"
 		to="https://www.ew.com/" />
 
-	<rule from="^http://(popwatch|tvrecaps)\.ew\.com/"
-		to="https://$1.ew.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Entrust.xml b/src/chrome/content/rules/Entrust.xml
index 351fb787d6cd..12082a0d4eb5 100644
--- a/src/chrome/content/rules/Entrust.xml
+++ b/src/chrome/content/rules/Entrust.xml
@@ -13,7 +13,7 @@ Fetch error: http://home.entrust.net/ => https://home.entrust.net/: (56, 'SSL re
 	* Dropped
 
 -->
-<ruleset name="Entrust.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Entrust.net (partial)" default_off="failed ruleset test">
 
 	<target host="entrust.net" />
 	<target host="buy.entrust.net" />
diff --git a/src/chrome/content/rules/Envirotrend-mismatches.xml b/src/chrome/content/rules/Envirotrend-mismatches.xml
index 3a0e690b99df..cf8b529f4938 100644
--- a/src/chrome/content/rules/Envirotrend-mismatches.xml
+++ b/src/chrome/content/rules/Envirotrend-mismatches.xml
@@ -1,7 +1,7 @@
 <ruleset name="Envirotrend (mismatches)" default_off="expired, mismatch">
 
 	<target host="envirostyles.ca"/>
-	<target host="*.envirostyles.ca"/>
+	<target host="www.envirostyles.ca" />
 	<target host="sakittome.com"/>
 	<target host="www.sakittome.com"/>
 	<target host="svc079.wic859dp.server-web.com"/>
@@ -12,8 +12,6 @@
 	<rule from="^http://(?:www\.)?sakittome\.com/"
 		to="https://sakittome.com/"/>
 
-	<rule from="^http://svc079\.wic859dp\.server-web\.com/"
-		to="https://svc079.wic859dp.server-web.com/"/>
 
 
 	<securecookie host="^\.envirostyles\.ca$" name=".+" />
@@ -21,4 +19,5 @@
 	<securecookie host="^svc079\.wic859dp\.server-web\.com$" name=".+" />
 
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Envirotrend.xml b/src/chrome/content/rules/Envirotrend.xml
index e8b3d3676c19..60ccd420e438 100644
--- a/src/chrome/content/rules/Envirotrend.xml
+++ b/src/chrome/content/rules/Envirotrend.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://envirotrend.com.au/ => https://envirotrend.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'envirotrend.com.au'")
 Fetch error: http://www.envirotrend.com.au/ => https://envirotrend.com.au/: (51, "SSL: no alternative certificate subject name matches target host name 'envirotrend.com.au'")
 -->
-<ruleset name="Envirotrend (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Envirotrend (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="envirotrend.com.au"/>
 	<target host="www.envirotrend.com.au"/>
diff --git a/src/chrome/content/rules/Envoy_Direct.com.xml b/src/chrome/content/rules/Envoy_Direct.com.xml
deleted file mode 100644
index a137a3f38d58..000000000000
--- a/src/chrome/content/rules/Envoy_Direct.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other Envoy Media Group coverage, see Envoy_Media_Group.com.xml.
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .envoydirect.com
-		- www.envoydirect.com
-
--->
-<ruleset name="Envoy Direct.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="envoydirect.com" />
-	<target host="www.envoydirect.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.envoydirect\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^www\.envoydirect\.com$" name="^(?:PHPSESSID|la_ht|p_ct)$" /-->
-
-	<securecookie host="^(?:www)?\.envoydirect\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Envoy_Media_Group.com.xml b/src/chrome/content/rules/Envoy_Media_Group.com.xml
index 184d091de894..a7d3a7e93ec8 100644
--- a/src/chrome/content/rules/Envoy_Media_Group.com.xml
+++ b/src/chrome/content/rules/Envoy_Media_Group.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Envoy Media Group rulesets:
 
-		- Envoy_Direct.com.xml
 		- Revstr.com.xml
 		- Sure-assist.com.xml
 
diff --git a/src/chrome/content/rules/EoPortal.org-problematic.xml b/src/chrome/content/rules/EoPortal.org-problematic.xml
index 376d08f66f93..db47af9612af 100644
--- a/src/chrome/content/rules/EoPortal.org-problematic.xml
+++ b/src/chrome/content/rules/EoPortal.org-problematic.xml
@@ -5,7 +5,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="eoPortal.org (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="eoPortal.org (missing certificate chain)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Epartnershub.com.xml b/src/chrome/content/rules/Epartnershub.com.xml
index 71fc4a6a3bf8..e493b9c4410f 100644
--- a/src/chrome/content/rules/Epartnershub.com.xml
+++ b/src/chrome/content/rules/Epartnershub.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(\w+)\.epartnershub\.com/(App_Themes/|Checkout/|CommonCss/|[lL]ogin\.aspx)"
 		to="https://$1.epartnershub.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Epaysol.com.xml b/src/chrome/content/rules/Epaysol.com.xml
deleted file mode 100644
index cee8bb90a457..000000000000
--- a/src/chrome/content/rules/Epaysol.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	(www.)?epaysol.com doesn't exist.
-
-
-	These altnames don't exist:
-
-		- www.xpress.epaysol.com
-
--->
-<ruleset name="Epaysol.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="xpress.epaysol.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ephotozine.com.xml b/src/chrome/content/rules/Ephotozine.com.xml
new file mode 100644
index 000000000000..0e9aa971d403
--- /dev/null
+++ b/src/chrome/content/rules/Ephotozine.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ephotozine.com">
+	<target host="ephotozine.com" />
+	<target host="www.ephotozine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Epic-Systems.xml b/src/chrome/content/rules/Epic-Systems.xml
index 05072ac544df..3438c713eda4 100644
--- a/src/chrome/content/rules/Epic-Systems.xml
+++ b/src/chrome/content/rules/Epic-Systems.xml
@@ -2,17 +2,17 @@
 
 	<target host="epic.com" />
 	<target host="*.epic.com" />
+		<test url="http://access.epic.com/" />
+		<test url="http://career.epic.com/" />
+		<test url="http://councils.epic.com/" />
+		<test url="http://eventregistration.epic.com/" />
+		<test url="http://sites.epic.com/" />
+		<test url="http://ugm.epic.com/" />
+		<test url="http://userweb.epic.com/" />
 
 	<securecookie host="^\w+\.epic\.com$" name=".+" />
 
-	<!--
-	     Prevent https://epic.com/ from redirecting to http://www.epic.com/
-	-->
-
-	<rule from="^https?://epic\.com/"
-		to="https://www.epic.com/" />
-
-	<rule from="^http://(access|careers|councils|eventregistration|sites|ugm|userweb|www)\.epic\.com/"
-		to="https://$1.epic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Epilepsy-Foundation-America.xml b/src/chrome/content/rules/Epilepsy-Foundation-America.xml
index 3c11e4cd002f..1169e08b6ae7 100644
--- a/src/chrome/content/rules/Epilepsy-Foundation-America.xml
+++ b/src/chrome/content/rules/Epilepsy-Foundation-America.xml
@@ -8,9 +8,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://epilepsyfoundation.org/ => https://www.epilepsyfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyfoundation.org'")
 Fetch error: http://www.epilepsyfoundation.org/ => https://www.epilepsyfoundation.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyfoundation.org'")
 -->
-<ruleset name="Epilepsy Foundation of America" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Epilepsy Foundation of America" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="epilepsyfoundation.org" />
 	<target host="www.epilepsyfoundation.org" />
 
 	<rule from="^http://(?:www\.)?epilepsyfoundation\.org/" to="https://www.epilepsyfoundation.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Epilepsy-Ontario.xml b/src/chrome/content/rules/Epilepsy-Ontario.xml
index aa64bca00c8c..2ee3a508647a 100644
--- a/src/chrome/content/rules/Epilepsy-Ontario.xml
+++ b/src/chrome/content/rules/Epilepsy-Ontario.xml
@@ -8,7 +8,7 @@ Automatically by https-everywhere-checker because:
 Fetch error: http://epilepsyontario.org/ => https://www.epilepsyontario.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyontario.org'")
 Fetch error: http://www.epilepsyontario.org/ => https://www.epilepsyontario.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.epilepsyontario.org'")
 -->
-<ruleset name="Epilepsy Ontario" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Epilepsy Ontario" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="epilepsyontario.org" />
 	<target host="www.epilepsyontario.org" />
 
diff --git a/src/chrome/content/rules/Epistemic.lgbt.xml b/src/chrome/content/rules/Epistemic.lgbt.xml
deleted file mode 100644
index 25edffc04388..000000000000
--- a/src/chrome/content/rules/Epistemic.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Epistemic.lgbt">
-	<target host="epistemic.lgbt" />
-	<target host="www.epistemic.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/EpochStats.com.xml b/src/chrome/content/rules/EpochStats.com.xml
index 632a9b6449cd..f2644045a798 100644
--- a/src/chrome/content/rules/EpochStats.com.xml
+++ b/src/chrome/content/rules/EpochStats.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.epochstats.com/ => https://www.epochstats.com/: (60, 'SS
 		- sales
 
 -->
-<ruleset name="EpochStats.com" default_off='failed ruleset test'>
+<ruleset name="EpochStats.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/EpochTimes.com.xml b/src/chrome/content/rules/EpochTimes.com.xml
new file mode 100644
index 000000000000..27b85038bfb5
--- /dev/null
+++ b/src/chrome/content/rules/EpochTimes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	For other Epoch Times related rulesets, see TheEpochTimes.com.xml.
+
+	Non-functional hosts
+		SSL connect error:
+		- epochtimes.com
+		- ad.epochtimes.com
+-->
+<ruleset name="EpochTimes.com (partial)">
+	<target host="epochtimes.com" />
+	<target host="www.epochtimes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://epochtimes\.com/"
+		to="https://www.epochtimes.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Epoch_Times.xml b/src/chrome/content/rules/Epoch_Times.xml
deleted file mode 100644
index b8a6538e1822..000000000000
--- a/src/chrome/content/rules/Epoch_Times.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- subscribe.theepochtimes.com	(times out)
-
-
-	Problematic domains:
-
-		- ad.epochtimes.com
-			- CN: yet8.acosm.com
-
-		- (www.)theepochtimes.com
-			- CN: Epoch Times
-			- At least some pages redirect to http
-
-
--->
-<ruleset name="Epoch Times (partial)" default_off="expired, mismatched, self-signed">
-
-	<target host="ad.epochtimes.com" />
-	<target host="theepochtimes.com" />
-	<target host="www.theepochtimes.com" />
-
-
-	<securecookie host="^ad\.epochtimes\.com$" name=".+" />
-
-
-	<rule from="^http://ad\.epochtimes\.com/"
-		to="https://ad.epochtimes.com/" />
-
-	<rule from="^http://(?:www\.)?theepochtimes\.com/n2/(images|wp-content)/"
-		to="https://www.theepochtimes.com/n2/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Epoxate.com.xml b/src/chrome/content/rules/Epoxate.com.xml
index 6e14371eb8d9..37a43994bdf8 100644
--- a/src/chrome/content/rules/Epoxate.com.xml
+++ b/src/chrome/content/rules/Epoxate.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://epoxate.com/ => https://epoxate.com/: (35, 'Unknown SSL protocol error in connection to epoxate.com:443 ')
 
 -->
-<ruleset name="Epoxate.com" default_off='failed ruleset test'>
+<ruleset name="Epoxate.com" default_off="failed ruleset test">
 	<target host="epoxate.com" />
 	<target host="www.epoxate.com" />
 
diff --git a/src/chrome/content/rules/Eprncdn.com.xml b/src/chrome/content/rules/Eprncdn.com.xml
deleted file mode 100644
index 264dcd8bcb68..000000000000
--- a/src/chrome/content/rules/Eprncdn.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	static1.ca: cert only matches static.ca
-
--->
-<ruleset name="eprncdn.com">
-
-	<target host="*.ca.eprncdn.com" />
-
-
-	<rule from="^http://static1?\.ca\.eprncdn\.com/"
-		to="https://static.ca.eprncdn.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Epson.xml b/src/chrome/content/rules/Epson.xml
index 31a4b134f1d3..4c0d85430a03 100644
--- a/src/chrome/content/rules/Epson.xml
+++ b/src/chrome/content/rules/Epson.xml
@@ -26,19 +26,23 @@ Fetch error: http://www.epson.com.mx/ => https://global.latin.epson.com/mx: Redi
 	* Secured by us
 
 -->
-<ruleset name="Epson.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Epson.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="epson.ca" />
 	<target host="www.epson.ca" />
 	<target host="epson.com" />
-	<target host="*.epson.com" />
+	<target host="www.epson.com" />
+	<target host="global.latin.epson.com" />
+	<target host="pos.epson.com" />
+	<target host="was.epson.com" />
 		<exclusion pattern="^http://(?:www\.)?epson\.com/cgi-bin/Store/consumer/(?!cross_sell\.jsp)"/>
 		<exclusion pattern="^http://(?:www\.)?epson\.com/cgi-bin/Store/jsp/Product/(?:Overview|Photos)\.do"/>
 		<!--	URLs such as http://www.epson.com/snowleopard	-->
 		<exclusion pattern="^http://(?:www\.)?epson\.com/(?:[a-zA-Z][a-zA-Z\d]+){1}$"/>
 	<target host="epson.com.mx" />
 	<target host="www.epson.com.mx" />
-	<target host="*.epson.jp" />
+	<target host="cform.epson.jp" />
+	<target host="shop.epson.jp" />
 
 
 	<securecookie host="^(?:.*\.)?epson\.c(?:a|om)$" name=".+" />
diff --git a/src/chrome/content/rules/Equifax.xml b/src/chrome/content/rules/Equifax.xml
index f781a1a0c0a4..968e148dbb82 100644
--- a/src/chrome/content/rules/Equifax.xml
+++ b/src/chrome/content/rules/Equifax.xml
@@ -3,10 +3,10 @@
 		Mismatch:
 			- inform.equifax.com
 			- app.inform.equifax.com
-			
+
 			- consumer.equifax.com
 			- www.consumer.equifax.com
-			
+
 			- emortgage.equifax.com
 			- eport.equifax.com
 
@@ -14,7 +14,7 @@
 			- help.equifax.com
 			- help-en.equifax.ca
 			- help-fr.equifax.ca
-		
+
 		Connection timeout:
 			- emscert.equifax.com
 -->
@@ -34,11 +34,11 @@
 	<target host="insight.equifax.com" />
 	<target host="investor.equifax.com" />
 	<target host="tcs.equifax.com" />
-	
+
 	<!-- Equifax breach domains -->
 	<target host="equifaxsecurity2017.com" />
 	<target host="www.equifaxsecurity2017.com" />
-	
+
 	<!-- Equifax Canada domains -->
 	<target host="equifax.ca" />
 	<target host="www.equifax.ca" />
diff --git a/src/chrome/content/rules/EquifaxBreachSettlement.com.xml b/src/chrome/content/rules/EquifaxBreachSettlement.com.xml
new file mode 100644
index 000000000000..6dc80b717cc9
--- /dev/null
+++ b/src/chrome/content/rules/EquifaxBreachSettlement.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Timeout:
+		email.equifaxbreachsettlement.com
+	Unable to Connect:
+		autodiscover.equifaxbreachsettlement.com
+-->
+<ruleset name="EquifaxBreachSettlement.com">
+	<target host="equifaxbreachsettlement.com" />
+	<target host="www.equifaxbreachsettlement.com" />
+	<target host="contactus.equifaxbreachsettlement.com" />
+	<target host="eligibility.equifaxbreachsettlement.com" />
+	<target host="secure.equifaxbreachsettlement.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Equinix.com.xml b/src/chrome/content/rules/Equinix.com.xml
index 65e743b8d1bd..0e696a741034 100644
--- a/src/chrome/content/rules/Equinix.com.xml
+++ b/src/chrome/content/rules/Equinix.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Non-functional subdomains:
-	
+
 		- access	(t)
 		- ap	(s)
 		- cas.ap	(t)
@@ -109,7 +109,7 @@
 		- blog.wip	(s)
 		- pilot.blog.wip	(s)
 		- vpn.wip	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	m: certificate mismatch
diff --git a/src/chrome/content/rules/Equip.org.xml b/src/chrome/content/rules/Equip.org.xml
index 2bcf899603ce..4d4d2b25aeab 100644
--- a/src/chrome/content/rules/Equip.org.xml
+++ b/src/chrome/content/rules/Equip.org.xml
@@ -1,7 +1,7 @@
 <ruleset name="Equip.org (partial)">
 
 	<target host="equip.org" />
-	<target host="*.equip.org" />
+	<target host="www.equip.org" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/ErgotechGroup.com.xml b/src/chrome/content/rules/ErgotechGroup.com.xml
new file mode 100644
index 000000000000..8467573cdf7b
--- /dev/null
+++ b/src/chrome/content/rules/ErgotechGroup.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Connection closed:
+		- blog.ergotechgroup.com
+		- webmail.ergotechgroup.com
+
+	Invalid certificate:
+		- autodiscover.ergotechgroup.com
+-->
+
+<ruleset name="ErgotechGroup.com">
+	<target host="ergotechgroup.com" />
+	<target host="www.ergotechgroup.com" />
+	<target host="cpanel.ergotechgroup.com" />
+	<target host="mail.ergotechgroup.com" />
+	<target host="shop.ergotechgroup.com" />
+	<target host="webdisk.ergotechgroup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ericsson.xml b/src/chrome/content/rules/Ericsson.xml
index 6f205067b266..4ea71cf265d5 100644
--- a/src/chrome/content/rules/Ericsson.xml
+++ b/src/chrome/content/rules/Ericsson.xml
@@ -11,11 +11,11 @@ Fetch error: http://webtrends-lb.ericsson.net/ => https://webtrends-lb.ericsson.
 		- www	(redirects to http, akamai)
 
 -->
-<ruleset name="Ericsson (partial)" default_off='failed ruleset test'>
+<ruleset name="Ericsson (partial)" default_off="failed ruleset test">
 
 	<target host="webtrends-lb.ericsson.net" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Erinn.org.xml b/src/chrome/content/rules/Erinn.org.xml
index fb6685f9343d..858811abd2c1 100644
--- a/src/chrome/content/rules/Erinn.org.xml
+++ b/src/chrome/content/rules/Erinn.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://erinn.org/ => https://erinn.org/: (7, 'Failed to connect to
 Fetch error: http://www.erinn.org/ => https://www.erinn.org/: (7, 'Failed to connect to www.erinn.org port 443: Connection refused')
 
 -->
-<ruleset name="erinn.org" default_off='failed ruleset test'>
+<ruleset name="erinn.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Erlang.org.xml b/src/chrome/content/rules/Erlang.org.xml
index 18a1d5ede727..0a9b5a904d85 100644
--- a/src/chrome/content/rules/Erlang.org.xml
+++ b/src/chrome/content/rules/Erlang.org.xml
@@ -1,22 +1,22 @@
 <!--
-	Time out:
-		erlang.org
-		hades.erlang.org
-		svn.erlang.org
-		www1.erlang.org
+	Timeout:
+		- rsync1.erlang.org
+		- svn.erlang.org
+		- svn1.erlang.org
+		- www1.erlang.org
 
+	Mismatched:
+		- hel.erlang.org
+		- rsync.erlang.org
+		- rsync2.erlang.org
 -->
-<ruleset name="Erlang" default_off="Missing certificate chain">
-
+<ruleset name="Erlang.org">
 	<target host="erlang.org" />
 	<target host="www.erlang.org" />
+	<target host="admin.erlang.org" />
+	<target host="blog.erlang.org" />
 	<target host="bugs.erlang.org" />
 	<target host="www2.erlang.org" />
 
-	<rule from="^http://erlang\.org/"
-		to="https://www.erlang.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ernst-and-Young.xml b/src/chrome/content/rules/Ernst-and-Young.xml
index dae2e9fdcfee..011397d7e8de 100644
--- a/src/chrome/content/rules/Ernst-and-Young.xml
+++ b/src/chrome/content/rules/Ernst-and-Young.xml
@@ -7,7 +7,10 @@
 <ruleset name="Ernst &amp; Young (partial)">
 
 	<target host="ey.com" />
-	<target host="*.ey.com" />
+	<target host="webforms.ey.com" />
+	<target host="www.ey.com" />
+	<target host="clientportal.ey.com" />
+	<target host="eyonline.ey.com" />
 
 
 	<!--	Note that if www were to become different
@@ -23,7 +26,6 @@
 	<rule from="^http://(?:webforms\.|www\.)?ey\.com/"
 		to="https://webforms.ey.com/" />
 
-	<rule from="^http://(clientportal|eyonline)\.ey\.com/"
-		to="https://$1.ey.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Eroshare.com.xml b/src/chrome/content/rules/Eroshare.com.xml
deleted file mode 100644
index 1ab4d214ca2c..000000000000
--- a/src/chrome/content/rules/Eroshare.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Eroshare.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="eroshare.com" />
-	<target host="i.eroshare.com" />
-	<target host="v.eroshare.com" />
-	<target host="www.eroshare.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Errorception.com.xml b/src/chrome/content/rules/Errorception.com.xml
index ab12f854d361..aec587a11c90 100644
--- a/src/chrome/content/rules/Errorception.com.xml
+++ b/src/chrome/content/rules/Errorception.com.xml
@@ -2,11 +2,11 @@
 
 	<target host="errorception.com" />
 	<target host="www.errorception.com" />
-		
+
 	<!--	refused
 	target host="blog.errorception.com" /
 					-->
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Es.gy.xml b/src/chrome/content/rules/Es.gy.xml
index 6426fb9b386c..0601cf3aba0a 100644
--- a/src/chrome/content/rules/Es.gy.xml
+++ b/src/chrome/content/rules/Es.gy.xml
@@ -9,7 +9,7 @@ Fetch error: http://bbs.es.gy/ => https://bbs.es.gy/: (51, "SSL: no alternative
 	(www.)?: Expired
 
 -->
-<ruleset name="es.gy (partial)" default_off='failed ruleset test'>
+<ruleset name="es.gy (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Escrow_Live.net.xml b/src/chrome/content/rules/Escrow_Live.net.xml
index 0ace4a6682a7..cfa3e4145e0c 100644
--- a/src/chrome/content/rules/Escrow_Live.net.xml
+++ b/src/chrome/content/rules/Escrow_Live.net.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.escrowlive.net/ => https://www.escrowlive.net/: (7, 'Fai
 	^: refused
 
 -->
-<ruleset name="Escrow Live.net" default_off='failed ruleset test'>
+<ruleset name="Escrow Live.net" default_off="failed ruleset test">
 
 	<target host="escrowlive.net" />
 	<target host="www.escrowlive.net" />
diff --git a/src/chrome/content/rules/Esdominios.com.xml b/src/chrome/content/rules/Esdominios.com.xml
deleted file mode 100644
index d5901e9b8913..000000000000
--- a/src/chrome/content/rules/Esdominios.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.esdominios.com
-
--->
-<ruleset name="Esdominios.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="esdominios.com" />
-	<target host="www.esdominios.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.esdominios\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Esellerate.net.xml b/src/chrome/content/rules/Esellerate.net.xml
index ed8b3a9d5991..a5e2abd43406 100644
--- a/src/chrome/content/rules/Esellerate.net.xml
+++ b/src/chrome/content/rules/Esellerate.net.xml
@@ -48,13 +48,7 @@
 	<target host="www.esellerate.net" />
 
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.esellerate\.net$" name="^eSellerate_SavedCart_STR\d+$" /-->
-	<!--securecookie host="^(affiliates|store[1256])\.esellerate\.net$" name="^ASP\.NET_SessionId$" /-->
-	<!--securecookie host="^shopper\.esellerate\.net$" name="^(ParaturePortalSessionID|cyracle\d+)$" /-->
-
-	<securecookie host="^(?:.*\.)?esellerate\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Esolangs.org.xml b/src/chrome/content/rules/Esolangs.org.xml
index 7af5cf472f53..e535418108e5 100644
--- a/src/chrome/content/rules/Esolangs.org.xml
+++ b/src/chrome/content/rules/Esolangs.org.xml
@@ -4,6 +4,6 @@
 
         <rule from="^http:"
                 to="https:" />
-                
+
         <securecookie host="^(?:www\.)?esolangs\.org$" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/Espacejeux.xml b/src/chrome/content/rules/Espacejeux.xml
index 4f4167b0810d..280d327e4a84 100644
--- a/src/chrome/content/rules/Espacejeux.xml
+++ b/src/chrome/content/rules/Espacejeux.xml
@@ -2,5 +2,5 @@
   <target host="www.espacejeux.com"/>
   <target host="espacejeux.com"/>
   <rule from="^http:" to="https:" />
-  <securecookie host="^(?:.*\.)?espacejeux\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 </ruleset>
diff --git a/src/chrome/content/rules/EspagnolFacile.com.xml b/src/chrome/content/rules/EspagnolFacile.com.xml
new file mode 100644
index 000000000000..cd3dab2cc798
--- /dev/null
+++ b/src/chrome/content/rules/EspagnolFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="EspagnolFacile.com">
+	<target host="espagnolfacile.com" />
+	<target host="www.espagnolfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EspressoBin.net.xml b/src/chrome/content/rules/EspressoBin.net.xml
new file mode 100644
index 000000000000..bff5b643eba5
--- /dev/null
+++ b/src/chrome/content/rules/EspressoBin.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- wiki.espressobin.net
+-->
+
+<ruleset name="EspressoBin.net">
+	<target host="espressobin.net" />
+	<target host="www.espressobin.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Esri.xml b/src/chrome/content/rules/Esri.xml
index 3174fa2db02e..fa86e0a9d1e7 100644
--- a/src/chrome/content/rules/Esri.xml
+++ b/src/chrome/content/rules/Esri.xml
@@ -52,7 +52,20 @@
 -->
 <ruleset name="Esri (partial)">
 
-	<target host="*.esri.com" />
+	<target host="autodiscover.esri.com" />
+	<target host="customers.esri.com" />
+	<target host="ecasapi.esri.com" />
+	<target host="esribc.esri.com" />
+	<target host="esriwd.esri.com" />
+	<target host="events.esri.com" />
+	<target host="legacy.esri.com" />
+	<target host="promos.esri.com" />
+	<target host="redowa.esri.com" />
+	<target host="rss.esri.com" />
+	<target host="service.esri.com" />
+	<target host="training.esri.com" />
+	<target host="uel.esri.com" />
+	<target host="webaccounts.esri.com" />
 	<target host="myesri.com" />
 	<target host="www.myesri.com" />
 
@@ -61,10 +74,9 @@
 	<securecookie host="^(?:customers|ecasapi|esribc|events|redowa|training)\.esri\.com$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|customers|ecasapi|esribc|esriwd|events|legacy|promos|redowa|rss|service|training|uel|webaccounts)\.esri\.com/"
-		to="https://$1.esri.com/" />
 
 	<rule from="^http://(?:www\.)?myesri\.com/"
 		to="https://myesri.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Estara.com.xml b/src/chrome/content/rules/Estara.com.xml
deleted file mode 100644
index e6608cc7660c..000000000000
--- a/src/chrome/content/rules/Estara.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other Oracle coverage, see Oracle.xml.
-
-
-	Fully covered hosts in *estara.com:
-
-		- as00
-		- webcare
-
-
-	as00 sets a fs_nocache_guid cookie on
-	whichever domain it is loaded from.
-
--->
-<ruleset name="estara.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="as00.estara.com" />
-	<target host="webcare.estara.com" />
-
-		<test url="http://as00.estara.com/webcare/public/linkimage.php" />
-
-
-	<securecookie host="^\.estara\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Estonian_Public_Broadcasting.xml b/src/chrome/content/rules/Estonian_Public_Broadcasting.xml
index 3c699ef03285..8167b853ed66 100644
--- a/src/chrome/content/rules/Estonian_Public_Broadcasting.xml
+++ b/src/chrome/content/rules/Estonian_Public_Broadcasting.xml
@@ -29,7 +29,7 @@ Fetch error: http://www.err.ee/ => https://www.err.ee/: Too many redirects while
 	*** No https
 
 -->
-<ruleset name="Estonian Public Broadcasting (partial)" default_off='failed ruleset test'>
+<ruleset name="Estonian Public Broadcasting (partial)" default_off="failed ruleset test">
 
 	<target host="err.ee" />
 	<target host="ext.err.ee" />
@@ -37,9 +37,9 @@ Fetch error: http://www.err.ee/ => https://www.err.ee/: Too many redirects while
 	<target host="www.err.ee" />
 
 
-	<securecookie host="^(?:.+\.)?err\.ee$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EtaLabs.net.xml b/src/chrome/content/rules/EtaLabs.net.xml
new file mode 100644
index 000000000000..6d9ba52d3968
--- /dev/null
+++ b/src/chrome/content/rules/EtaLabs.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- etalabs.net
+-->
+<ruleset name="EtaLabs.net">
+	<target host="etalabs.net" />
+	<target host="www.etalabs.net" />
+	<target host="git.etalabs.net" />
+
+	<rule from="^http://etalabs\.net/" to="https://www.etalabs.net/" />
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Etapestry.com.xml b/src/chrome/content/rules/Etapestry.com.xml
index b2b996ecbe22..554c95e7847f 100644
--- a/src/chrome/content/rules/Etapestry.com.xml
+++ b/src/chrome/content/rules/Etapestry.com.xml
@@ -11,7 +11,7 @@ Non-2xx HTTP code: http://www.etapestry.com/?f (200) => https://www.blackbaud.co
 		- (www.)	(mismatched, CN: *.blackbaud.com)
 
 -->
-<ruleset name="etapestry.com" default_off='failed ruleset test'>
+<ruleset name="etapestry.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Eth0.nl.xml b/src/chrome/content/rules/Eth0.nl.xml
index adca643e01ba..b3df5de07dd4 100644
--- a/src/chrome/content/rules/Eth0.nl.xml
+++ b/src/chrome/content/rules/Eth0.nl.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tickets.eth-0.nl/ => https://tickets.eth-0.nl/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="eth0.nl" default_off='failed ruleset test'>
+<ruleset name="eth0.nl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ethn.io.xml b/src/chrome/content/rules/Ethn.io.xml
index 0bdf2adc6437..d2a92188d957 100644
--- a/src/chrome/content/rules/Ethn.io.xml
+++ b/src/chrome/content/rules/Ethn.io.xml
@@ -7,7 +7,7 @@
 <ruleset name="Ethn.io">
 
 	<target host="ethn.io" />
-	<target host="*.ethn.io" />
+	<target host="www.ethn.io" />
 
 
 	<securecookie host="^\.ethn\.io$" name=".+" />
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?ethn\.io/"
 		to="https://ethn.io/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ethnologue.xml b/src/chrome/content/rules/Ethnologue.xml
index d70ac5c9a0f9..61975b0d4736 100644
--- a/src/chrome/content/rules/Ethnologue.xml
+++ b/src/chrome/content/rules/Ethnologue.xml
@@ -14,4 +14,4 @@
 					-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ethos_Custom_Brands.xml b/src/chrome/content/rules/Ethos_Custom_Brands.xml
index 72200ca0b00b..8c9e579fc3db 100644
--- a/src/chrome/content/rules/Ethos_Custom_Brands.xml
+++ b/src/chrome/content/rules/Ethos_Custom_Brands.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ethoscustombrands.com/ => https://ethoscustombrands.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Ethos Custom Brands" default_off='failed ruleset test'>
+<ruleset name="Ethos Custom Brands" default_off="failed ruleset test">
 
 	<target host="ethoscustombrands.com" />
 	<target host="www.ethoscustombrands.com" />
@@ -15,4 +15,4 @@ Fetch error: http://ethoscustombrands.com/ => https://ethoscustombrands.com/: (2
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Etiqa.com.my.xml b/src/chrome/content/rules/Etiqa.com.my.xml
index a2475fe3d4ec..06df24214f86 100644
--- a/src/chrome/content/rules/Etiqa.com.my.xml
+++ b/src/chrome/content/rules/Etiqa.com.my.xml
@@ -21,7 +21,7 @@
 		- pentaagent	(t)
 		- t	(empty reply)
 		- w	(HTTP 400 error)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Etnasoft.com.xml b/src/chrome/content/rules/Etnasoft.com.xml
index 7214af3db5b4..758a70645595 100644
--- a/src/chrome/content/rules/Etnasoft.com.xml
+++ b/src/chrome/content/rules/Etnasoft.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://old.etnasoft.com/ => https://old.etnasoft.com/: (6, 'Could n
 		* tasks.etnasoft.com
 		* webmail.etnasoft.com
 -->
-<ruleset name="etnasoft.com" default_off='failed ruleset test'>
+<ruleset name="etnasoft.com" default_off="failed ruleset test">
 
 	<target host="etnasoft.com" />
 
diff --git a/src/chrome/content/rules/Etracker.xml b/src/chrome/content/rules/Etracker.xml
index 1788c2c203be..7e0e0542bef4 100644
--- a/src/chrome/content/rules/Etracker.xml
+++ b/src/chrome/content/rules/Etracker.xml
@@ -37,7 +37,7 @@ Fetch error: http://owa.etracker.com/ => https://owa.etracker.com/: (6, 'Could n
 	on whichever domain it is loaded from.
 
 -->
-<ruleset name="etracker (partial)" default_off='failed ruleset test'>
+<ruleset name="etracker (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Etravelway.com.xml b/src/chrome/content/rules/Etravelway.com.xml
index 8e8a3e32460a..58159b7c107c 100644
--- a/src/chrome/content/rules/Etravelway.com.xml
+++ b/src/chrome/content/rules/Etravelway.com.xml
@@ -18,7 +18,7 @@
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="eTravelWay.com" default_off="missing certificate chain">
+<ruleset name="eTravelWay.com" default_off="cert-chain">
 
 	<target host="etravelway.com" />
 	<target host="www.etravelway.com" />
diff --git a/src/chrome/content/rules/Etre_Shop.com.xml b/src/chrome/content/rules/Etre_Shop.com.xml
index 10fddf5d5084..2d8c8e558ea1 100644
--- a/src/chrome/content/rules/Etre_Shop.com.xml
+++ b/src/chrome/content/rules/Etre_Shop.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://www.etreshop.com/ => https://www.etreshop.com/: (60, 'SSL ce
 	* Secured by us
 
 -->
-<ruleset name="Etre Shop.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Etre Shop.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="etreshop.com" />
 	<target host="www.etreshop.com" />
diff --git a/src/chrome/content/rules/Eucalyptus.com.xml b/src/chrome/content/rules/Eucalyptus.com.xml
index fb9aabc26686..b2f70b89fb9a 100644
--- a/src/chrome/content/rules/Eucalyptus.com.xml
+++ b/src/chrome/content/rules/Eucalyptus.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://eucalyptus.com/ => https://eucalyptus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'eucalyptus.com'")
 
 -->
-<ruleset name="Eucalyptus.com" default_off='failed ruleset test'>
+<ruleset name="Eucalyptus.com" default_off="failed ruleset test">
 
 	<target host="eucalyptus.com" />
 	<target host="www.eucalyptus.com" />
diff --git a/src/chrome/content/rules/Eurex_Repo.com.xml b/src/chrome/content/rules/Eurex_Repo.com.xml
index 1ca2f437c4d6..b7e0561ac187 100644
--- a/src/chrome/content/rules/Eurex_Repo.com.xml
+++ b/src/chrome/content/rules/Eurex_Repo.com.xml
@@ -13,7 +13,8 @@
 <ruleset name="Eurex Repo.com (partial)">
 
 	<target host="eurexrepo.com" />
-	<target host="*.eurexrepo.com" />
+	<target host="www.eurexrepo.com" />
+	<target host="member.eurexrepo.com" />
 		<!--
 			Redirects to http:
 						-->
@@ -27,7 +28,6 @@
 	<rule from="^http://(?:www\.)?eurexrepo\.com/"
 		to="https://www.eurexrepo.com/" />
 
-	<rule from="^http://member\.eurexrepo\.com/"
-		to="https://member.eurexrepo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Eurexchange.com.xml b/src/chrome/content/rules/Eurexchange.com.xml
index b6780e5f9832..65c8ab5dfa97 100644
--- a/src/chrome/content/rules/Eurexchange.com.xml
+++ b/src/chrome/content/rules/Eurexchange.com.xml
@@ -14,15 +14,12 @@
 
 	<target host="eurexchange.com" />
 	<target host="www.eurexchange.com" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.eurexchange\.com/(exchange-de/kontakte-de$|exchange-de/ressourcen/?$|exchange-de/ressourcen/newsletter$|exchange-en/$)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.eurexchange\.com/+(?!blob/|image/|(?:exchange-de/ressourcen/circulars|exchange-de/ressourcen/regelwerke|exchange-en/contacts)(?:$|[?/])|resources/)" />
+	<target host="member.eurexchange.com" />
 
+	<test url="http://www.eurexchange.com/exchange-de/kontakte-de" />
+	<test url="http://www.eurexchange.com/exchange-de/ressourcen/regelwerke" />
+	<test url="http://www.eurexchange.com/exchange-en/contacts" />
+	<test url="http://www.eurexchange.com/resources/" />
 
 	<rule from="^http://(?:www\.)?eurexchange\.com/"
 		to="https://www.eurexchange.com/" />
diff --git a/src/chrome/content/rules/EuroAds.se.xml b/src/chrome/content/rules/EuroAds.se.xml
deleted file mode 100644
index 300c0e3b92ab..000000000000
--- a/src/chrome/content/rules/EuroAds.se.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="EuroAds.se (partial)">
-
-	<target host="banner.euroads.se" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EuroFlorist.no.xml b/src/chrome/content/rules/EuroFlorist.no.xml
index 86a72d4ca161..6a1896612fc3 100644
--- a/src/chrome/content/rules/EuroFlorist.no.xml
+++ b/src/chrome/content/rules/EuroFlorist.no.xml
@@ -10,7 +10,8 @@
 <ruleset name="EuroFlorist.no (partial)">
 
 	<target host="euroflorist.no" />
-	<target host="*.euroflorist.no" />
+	<target host="www.euroflorist.no" />
+	<target host="bedrift.euroflorist.no" />
 		<!--exclusion pattern="^http://(www\.)?euroflorist\.no/($|\?|(En/Pages/Cart|Pages/Register)($|\?))" /-->
 		<exclusion pattern="^http://(?:bedrift\.|www\.)?euroflorist\.no/(?!Css/|Domains/|favicon\.ico|Images/|(?:En/)?Pages/CaptchaImage|Products/|(?:Script|Web)Resource\.axd|Scripts/)" />
 
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?euroflorist\.no/"
 		to="https://www.euroflorist.no/" />
 
-	<rule from="^http://bedrift\.euroflorist\.no/"
-		to="https://bedrift.euroflorist.no/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EuroPython.xml b/src/chrome/content/rules/EuroPython.xml
index dd0c0b56a9c4..eb2f1fb5ac74 100644
--- a/src/chrome/content/rules/EuroPython.xml
+++ b/src/chrome/content/rules/EuroPython.xml
@@ -17,7 +17,7 @@ Fetch error: http://ep2014.europython.eu/ => https://ep2014.europython.eu/: (60,
 		- ep2015.europython.eu
 
 -->
-<ruleset name="EuroPython.eu" default_off='failed ruleset test'>
+<ruleset name="EuroPython.eu" default_off="failed ruleset test">
 
 	<target host="europython.eu" />
 	<target host="ep2012.europython.eu" />
diff --git a/src/chrome/content/rules/Euroforum-problematic.xml b/src/chrome/content/rules/Euroforum-problematic.xml
index 12786794dbcf..845bfab95d23 100644
--- a/src/chrome/content/rules/Euroforum-problematic.xml
+++ b/src/chrome/content/rules/Euroforum-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?euroforum\.de/"
 		to="https://www.euroforum.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Euroforum.xml b/src/chrome/content/rules/Euroforum.xml
index 06b1706aadeb..54308e33a9b2 100644
--- a/src/chrome/content/rules/Euroforum.xml
+++ b/src/chrome/content/rules/Euroforum.xml
@@ -28,13 +28,13 @@
 
 	<target host="euroforum.com" />
 	<target host="www.euroforum.com" />
-	<target host="*.euroforum.de" />
+	<target host="static.euroforum.de" />
+	<target host="static2.euroforum.de" />
 
 
-	<rule from="^http://(www\.)?euroforum\.com/"
-		to="https://$1euroforum.com/" />
 
 	<rule from="^http://static2?\.euroforum\.de/"
 		to="https://d30az3luf8nwkb.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eurogap.cz.xml b/src/chrome/content/rules/Eurogap.cz.xml
index ed2aa87c4aca..e4baba71b639 100644
--- a/src/chrome/content/rules/Eurogap.cz.xml
+++ b/src/chrome/content/rules/Eurogap.cz.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Europa.eu.xml b/src/chrome/content/rules/Europa.eu.xml
index 14e8591bf62b..f2691efe5dbc 100644
--- a/src/chrome/content/rules/Europa.eu.xml
+++ b/src/chrome/content/rules/Europa.eu.xml
@@ -3,9 +3,7 @@
 
 	For rules causing false/broken MCB, see Europa.eu-falsemixed.xml.
 
-
 	Nonfunctional hosts in *europa.eu:
-
 		- ^ ¹
 		- curia ¹
 
@@ -14,9 +12,7 @@
 		- trade.ec ⁴
 
 		- archive.eiopa ʳ
-		- eur-lex ⁵
 		- m.europarl ᵈ
-		- www.europarl ᵈ
 		- eurovoc ¹
 		- www.iss ʳ
 		- (www.)ombudsman ᵈ
@@ -26,14 +22,11 @@
 
 	¹ 400
 	⁴ 403; mismatched, CN: europa.eu
-	⁵ Shows ^; mismatched, CN: europa.eu
 	ᵈ Dropped
 	ʰ Redirects to http
 	ʳ Refused
 
-
 	Problematic hosts in *europa.eu:
-
 		- video.consilium ᶜ ᵐ
 		- een.ec ˣ
 		- eeas ᵐ
@@ -45,9 +38,7 @@
 	ᵐ Mismatched
 	ˣ Mixed css
 
-
 	Partially covered hosts in *europa.eu:
-
 		- www.consilium ʰ
 		- cordis ʰ
 		- ec ²
@@ -55,9 +46,7 @@
 	ʰ Some pages redirect to http
 	² $ 400s
 
-
 	Insecure cookies are set for these domains and hosts:
-
 		- bookshop.europa.eu
 		- ec.europa.eu
 		- .een.ec.europa.eu
@@ -67,9 +56,7 @@
 		- oami.europa.eu
 		- publication.europa.eu
 
-
 	Mixed content:
-
 		- css on een.ec from $self ˢ
 
 		- Images, on:
@@ -84,12 +71,9 @@
 			- publications from $self ˢ
 
 	ˢ Secured by us
-
 -->
 <ruleset name="Europa.eu (partial)">
-
-	<!--	Direct rewrites:
-				-->
+	<!-- Direct rewrites: -->
 	<target host="bookshop.europa.eu" />
 	<target host="subscriptions-dsms.consilium.europa.eu" />
 	<target host="www.consilium.europa.eu" />
@@ -107,29 +91,26 @@
 	<target host="enisa.europa.eu" />
 	<target host="www.enisa.europa.eu" />
 	<target host="erc.europa.eu" />
+	<target host="eur-lex.europa.eu" />
+	<target host="www.europarl.europa.eu" />
 	<target host="www.europol.europa.eu" />
 	<target host="oami.europa.eu" />
 	<target host="open-data.europa.eu" />
 	<target host="publications.europa.eu" />
 
-	<!--	Complications:
-				-->
+	<!-- Complications: -->
 	<target host="www.ecb.eu" />
 
 	<target host="consilium.europa.eu" />
 	<target host="easa.europa.eu" />
 	<target host="www.tmview.europa.eu" />
 
-		<!--	Redirects to http:
-						-->
+		<!-- Redirects to http: -->
 		<!--exclusion pattern="^http://www\.consilium\.europa\.eu/(?:\w\w/$|\w\w/(?:contact|home)/$|en/splash/?requested=%2f)" /-->
-		<!--
-			Exceptions:
-					-->
+		<!-- Exceptions: -->
 		<exclusion pattern="http://www\.consilium\.europa\.eu/+(?!content/|favicon\.ico|images/|uedocs/|uploadedImages/)" />
 
-			<!--	+ve:
-					-->
+			<!-- +ve: -->
 			<test url="http://www.consilium.europa.eu/en/contact/" />
 			<test url="http://www.consilium.europa.eu/en/home/" />
 			<test url="http://www.consilium.europa.eu/es/home/" />
@@ -138,8 +119,7 @@
 			<test url="http://www.consilium.europa.eu/mt/" />
 			<test url="http://www.consilium.europa.eu/ro/" />
 
-			<!--	-ve:
-					-->
+			<!-- -ve: -->
 			<test url="http://www.consilium.europa.eu/content/css/ie-global.css" />
 			<test url="http://www.consilium.europa.eu/content/icons/customtile.png" />
 			<test url="http://www.consilium.europa.eu/content/images/logo.png" />
@@ -147,16 +127,12 @@
 			<test url="http://www.consilium.europa.eu/images/council-loading.gif" />
 			<test url="http://www.consilium.europa.eu/uploadedImages/Multimedia/Photos/Image-library/logos/20160101-NLpresidency-Home.png?n=6368&amp;targetTypeId=tablet" />
 
-		<!--	Redirects to http:
-						-->
+		<!-- Redirects to http: -->
 		<!--exclusion pattern="^http://cordis\.europa\.eu/+($|\?|erawatch/css/|erawatch/icons/|guidance/$|home_\w\w\.html|live-edit/css/|scienceweek/$)" /-->
-		<!--
-			Exceptions:
-					-->
+		<!-- Exceptions: -->
 		<exclusion pattern="^http://cordis\.europa\.eu/+(?!account/|common/arc/|css/|favicon\.ico|guidance/(?:cs|icon)s/|icons/|js/|scienceweek/+(?!$|\?)|wel/template-)" />
 
-			<!--	+ve:
-					-->
+			<!-- +ve: -->
 			<test url="http://cordis.europa.eu/archive/home_en.html" />
 			<test url="http://cordis.europa.eu/growth/" />
 			<test url="http://cordis.europa.eu/guidance/" />
@@ -173,8 +149,7 @@
 			<test url="http://cordis.europa.eu/scienceweek/" />
 			<test url="http://cordis.europa.eu/stuttgart/intro_en.html" />
 
-			<!--	-ve:
-					-->
+			<!-- -ve: -->
 			<test url="http://cordis.europa.eu/account/login_en" />
 			<test url="http://cordis.europa.eu/common/arc/css/cordis_archive.css" />
 			<test url="http://cordis.europa.eu/common/arc/icons/banner-archive_en.gif" />
@@ -190,20 +165,16 @@
 			<test url="http://cordis.europa.eu/scienceweek/icons/logob.gif" />
 			<test url="http://cordis.europa.eu/scienceweek/media_press.htm" />
 
-		<!--	Redirects to http:
-						-->
+		<!-- Redirects to http: -->
 		<!--exclusion pattern="^http://ec\.europa\.eu/index_en.htm /-->
-		<!--
-			404:
-					-->
+
+		<!-- 404: -->
 		<!--exclusion pattern="^http://ec\.europa\.eu/(?:ec_portal/(?:2016/images|stylesheets)/|growth/$|growth/contact/index_\w\w\.htm||index_\w\w\.htm|programmes/$|growth/tools-databases/newsroom/cf/_getimage\.cfm\?doc_id=)" /-->
-		<!--
-			Exceptions:
-					-->
+
+		<!-- Exceptions: -->
 		<exclusion pattern="^http://ec\.europa\.eu/(?!/*(?:(?:commission|eures|eusurvey|futurium|jrc|research)(?:$|[?/])|enterprise/images/|growth/(?:heroes/template|images|stylesheets)/|wel/))" />
 
-			<!--	+ve:
-					-->
+			<!-- +ve: -->
 			<test url="http://ec.europa.eu/anti_fraud/index_en.htm" />
 			<test url="http://ec.europa.eu/atoz_en.htm" />
 			<test url="http://ec.europa.eu/avservices/" />
@@ -219,8 +190,7 @@
 			<test url="http://ec.europa.eu/index_en.htm" />
 			<test url="http://ec.europa.eu/sitemap/index_en.htm" />
 
-			<!--	-ve:
-					-->
+			<!-- -ve: -->
 			<test url="http://ec.europa.eu/commission" />
 			<test url="http://ec.europa.eu/enterprise/images/2013/bk_news_active.png" />
 			<test url="http://ec.europa.eu/eures" />
@@ -238,9 +208,7 @@
 		<test url="http://oami.europa.eu/knowledge/" />
 		<test url="http://oami.europa.eu/ohimportal/en/" />
 
-
-	<!--	Not secured by server:
-					-->
+	<!-- Not secured by server: -->
 	<!--securecookie host="^bookshop\.europa\.eu$" name="^(?:pg|s)id$" /-->
 	<!--securecookie host="^ec\.europa\.eu$" name="^(?:EURES_LF_(?:MARKETPLACE|PLUGINS)_SESSIONID|JSESSIONID|JSESSIONIDEUSURVEY)$" /-->
 	<!--securecookie host="^\.(?:een\.ec|erc|europol)\.europa\.eu$" name="^SESS[\da-f]{32}$" /-->
@@ -253,22 +221,13 @@
 	<securecookie host="^(?:bookshop|www\.ecb|eiopa|oami|publications)\.europa\.eu$" name=".+" />
 	<securecookie host="^ec\.europa\.eu$" name="^JSESSIONIDEUSURVEY$" />
 
+	<rule from="^http://www\.ecb\.eu/" to="https://www.ecb.europa.eu/" />
 
-	<rule from="^http://www\.ecb\.eu/"
-		to="https://www.ecb.europa.eu/" />
-
-	<rule from="^http://(consilium|easa)\.europa\.eu/"
-		to="https://www.$1.europa.eu/" />
-
-	<!--	Redirect drops path, args,
-		and forward slash:
-					-->
-	<rule from="^http://www\.tmview\.europa\.eu/.*"
-		to="https://www.tmdn.org/tmview/" />
+	<rule from="^http://(consilium|easa)\.europa\.eu/" to="https://www.$1.europa.eu/" />
 
+	<!-- Redirect drops path, args and forward slash: -->
+	<rule from="^http://www\.tmview\.europa\.eu/.*" to="https://www.tmdn.org/tmview/" />
 		<test url="http://www.tmview.europa.eu/tmview/welcome.html" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Europcar-Group.com.xml b/src/chrome/content/rules/Europcar-Group.com.xml
new file mode 100644
index 000000000000..bd6cfc4a9bb6
--- /dev/null
+++ b/src/chrome/content/rules/Europcar-Group.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+-->
+<ruleset name="Europcar Group.com">
+
+	<target host="europcar-group.com" />
+	<target host="www.europcar-group.com" />
+	<target host="finance.europcar-group.com" />
+	<target host="investors.europcar-group.com" />
+
+	<target host="europcar-mobility-group.com" />
+	<target host="www.europcar-mobility-group.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.co.nz.xml b/src/chrome/content/rules/Europcar.co.nz.xml
new file mode 100644
index 000000000000..b098ace14995
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.co.nz.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(i)
+		- blog		(m)
+		- car-rental		(ssl connection error)
+		- movingsamsway		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.co.nz">
+
+	<target host="europcar.co.nz" />
+	<target host="www.europcar.co.nz" />
+	<target host="b2b.europcar.co.nz" />
+	<target host="faq.europcar.co.nz" />
+	<target host="faq-test.europcar.co.nz" />
+	<target host="m.europcar.co.nz" />
+	<target host="mobile.europcar.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://europcar\.co\.nz/"
+		to="https://www.europcar.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.com.au.xml b/src/chrome/content/rules/Europcar.com.au.xml
new file mode 100644
index 000000000000..0921463fbece
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.com.au.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog	(m)
+		- memberships	(t)
+		- movingsamsway	(m)
+		- roadtrip	(m)
+		- sslvpn	(t)
+		- webportal	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.com.au">
+
+	<target host="europcar.com.au" />
+	<target host="www.europcar.com.au" />
+	<target host="b2b.europcar.com.au" />
+	<target host="faq.europcar.com.au" />
+	<target host="faq-test.europcar.com.au" />
+	<target host="m.europcar.com.au" />
+	<target host="mobile.europcar.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.de.xml b/src/chrome/content/rules/Europcar.de.xml
new file mode 100644
index 000000000000..c97da523cc35
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.de.xml
@@ -0,0 +1,46 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog	(m)
+		- businessplus	(i)
+		- content	(i)
+		- faq-test	(m)
+		- m		(i)
+		- mfts	(e)
+		- mobile	(i)
+		- movingsamsway	(m)
+		- roadtrip	(m)
+		- your-selection	(i)
+		- www.your-selection	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.de">
+
+	<target host="europcar.de" />
+	<target host="www.europcar.de" />
+	<target host="faq.europcar.de" />
+	<target host="firstnews.europcar.de" />
+	<target host="germany.europcar.de" />
+	<target host="news.europcar.de" />
+	<target host="service.europcar.de" />
+	<target host="autoboerse.service.europcar.de" />
+	<target host="chauffeur.service.europcar.de" />
+	<target host="serviceuat.europcar.de" />
+	<target host="autoboerse.serviceuat.europcar.de" />
+	<target host="chauffeur.serviceuat.europcar.de" />
+	<target host="umzugsmaterial.europcar.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.es.xml b/src/chrome/content/rules/Europcar.es.xml
new file mode 100644
index 000000000000..ca81e97ee47f
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.es.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog		(m)
+		- movingsamsway		(m)
+		- roadtrip		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.es">
+
+	<target host="europcar.es" />
+	<target host="www.europcar.es" />
+	<target host="faq.europcar.es" />
+	<target host="faq-test.europcar.es" />
+	<target host="m.europcar.es" />
+	<target host="mobile.europcar.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.fr.xml b/src/chrome/content/rules/Europcar.fr.xml
new file mode 100644
index 000000000000..1c03e5b1e7b0
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.fr.xml
@@ -0,0 +1,38 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- blog	(m)
+		- calendrier-avent	(t)
+		- cartes	(i)
+		- ea	(t)
+		- faq-test	(i)
+		- movingsamsway	(m)
+		- roadtrip	(m)
+		- services	(i)
+		- student-box	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.fr">
+
+	<target host="europcar.fr" />
+	<target host="www.europcar.fr" />
+	<target host="autoliberte.europcar.fr" />
+	<target host="faq.europcar.fr" />
+	<target host="m.europcar.fr" />
+	<target host="mobile.europcar.fr" />
+	<target host="mobilite.europcar.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Europcar.it.xml b/src/chrome/content/rules/Europcar.it.xml
new file mode 100644
index 000000000000..e652e1c77d01
--- /dev/null
+++ b/src/chrome/content/rules/Europcar.it.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Europcar coverage, see Europcar.com.xml
+
+
+	Non-functional subdomains:
+		- areabusiness	(r)
+		- blog	(m)
+		- careers	(r)
+		- convenzionita		(r)
+		- enelmia	(r)
+		- europnews	(r)
+		- flotta	(r)
+		- franchisee		(r)
+		- images	(r)
+		- movingsamsway		(m)
+		- roadtrip	(m)
+		- afl.sw	(i)
+		- geco.sw	(t)
+		- nemo.sw	(t)
+		- urent.sw	(r)
+		- winity.sw	(m)
+		- xclienti.sw	(t)
+		- xlogin.sw	(t)
+		- telepass	(r)
+		- viaggiacongusto	(r)
+		- whyeuropcar	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Europcar.it">
+
+	<target host="europcar.it" />
+	<target host="www.europcar.it" />
+	<target host="consegna-auto-domicilio.europcar.it" />
+	<target host="faq.europcar.it" />
+	<target host="faq-test.europcar.it" />
+	<target host="m.europcar.it" />
+	<target host="mobile.europcar.it" />
+	<target host="selection.europcar.it" />
+	<target host="ecarweb.sw.europcar.it" />
+	<target host="gotit.sw.europcar.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EuropePMC.org.xml b/src/chrome/content/rules/EuropePMC.org.xml
new file mode 100644
index 000000000000..c89a551640b4
--- /dev/null
+++ b/src/chrome/content/rules/EuropePMC.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.europepmc.org
+		dev.europepmc.org
+		labs.europepmc.org
+
+	Secure connection failed:
+		blog.europepmc.org
+
+-->
+<ruleset name="EuropePMC.org">
+
+	<target host="europepmc.org" />
+	<target host="www.europepmc.org" />
+	<target host="beta.europepmc.org" />
+	<target host="plus.europepmc.org" />
+	<target host="test.europepmc.org" />
+
+	<rule from="^http://www\.europepmc\.org/"
+		to="https://europepmc.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Europe_Miniatures.xml b/src/chrome/content/rules/Europe_Miniatures.xml
deleted file mode 100644
index 4878f178ed96..000000000000
--- a/src/chrome/content/rules/Europe_Miniatures.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Expired 2009-06-05
-	- CN: plesk
-
--->
-<ruleset name="Europe Minatures" default_off="expired, self-signed">
-
-	<target host="europe-miniatures.com" />
-	<target host="www.europe-miniatures.com" />
-
-
-	<rule from="^http://(?:www\.)?europe-miniatures\.com/"
-		to="https://europe-miniatures.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/EuropeanSSL.xml b/src/chrome/content/rules/EuropeanSSL.xml
index 718a085d3095..2ebc3a113003 100644
--- a/src/chrome/content/rules/EuropeanSSL.xml
+++ b/src/chrome/content/rules/EuropeanSSL.xml
@@ -8,7 +8,9 @@
 <ruleset name="EuropeanSSL">
 
 	<target host="europeanssl.eu" />
-	<target host="*.europeanssl.eu" />
+	<target host="secure.europeanssl.eu" />
+	<target host="www.europeanssl.eu" />
+	<target host="www.secure.europeanssl.eu" />
 
 
 	<securecookie host="^secure\.europeanssl\.eu$" name=".+" />
@@ -17,4 +19,4 @@
 	<rule from="^http://(?:www\.)?(?:secure\.)?europeanssl\.eu/"
 		to="https://secure.europeanssl.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/European_Energy_Exchange.xml b/src/chrome/content/rules/European_Energy_Exchange.xml
index 881eadd86e96..d62dcb764aec 100644
--- a/src/chrome/content/rules/European_Energy_Exchange.xml
+++ b/src/chrome/content/rules/European_Energy_Exchange.xml
@@ -12,7 +12,8 @@
 <ruleset name="European Energy Exchange (partial)">
 
 	<target host="eex.com" />
-	<target host="*.eex.com" />
+	<target host="www.eex.com" />
+	<target host="cdn.eex.com" />
 
 
 	<securecookie host="^\.eex\.com$" name="^sakura_session$" />
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?eex\.com/"
 		to="https://www.eex.com/" />
 
-	<rule from="^http://cdn\.eex\.com/"
-		to="https://cdn.eex.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/European_Space_Agency.xml b/src/chrome/content/rules/European_Space_Agency.xml
index 8c3cdfa2e2ed..502ae1b163b8 100644
--- a/src/chrome/content/rules/European_Space_Agency.xml
+++ b/src/chrome/content/rules/European_Space_Agency.xml
@@ -19,7 +19,7 @@ Fetch error: http://esa.int/ => https://www.esa.int/: Too many redirects while f
 	Some pages redirect to http.
 
 -->
-<ruleset name="ESA.int (partial)" default_off='failed ruleset test'>
+<ruleset name="ESA.int (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Eurovision.de.xml b/src/chrome/content/rules/Eurovision.de.xml
index 763f53f57820..5c3b043299b2 100644
--- a/src/chrome/content/rules/Eurovision.de.xml
+++ b/src/chrome/content/rules/Eurovision.de.xml
@@ -1,7 +1,7 @@
 <!--
 	Mixed content:
 		- www.ndr.de *
-		
+
 	* secured by us
 -->
 <ruleset name="Eurovision.de">
diff --git a/src/chrome/content/rules/Eurowings.com.xml b/src/chrome/content/rules/Eurowings.com.xml
new file mode 100644
index 000000000000..2af9e6e084ec
--- /dev/null
+++ b/src/chrome/content/rules/Eurowings.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Eurowings.com (partial)">
+	<target host="eurowings.com" />
+	<target host="www.eurowings.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Eustace.io.xml b/src/chrome/content/rules/Eustace.io.xml
new file mode 100644
index 000000000000..2ec4b0334414
--- /dev/null
+++ b/src/chrome/content/rules/Eustace.io.xml
@@ -0,0 +1,12 @@
+<!--
+	Nonfunctional hosts in *.eustace.io:
+		- eustace.io
+		- www.eustace.io
+-->
+<ruleset name="Eustace.io">
+	<target host="blog.eustace.io" />
+	<target host="pendulum.eustace.io" />
+	<target host="poetry.eustace.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EvEGer.xml b/src/chrome/content/rules/EvEGer.xml
index 30e13c3ec589..11bd32a74386 100644
--- a/src/chrome/content/rules/EvEGer.xml
+++ b/src/chrome/content/rules/EvEGer.xml
@@ -1,6 +1,6 @@
 <ruleset name="Eveger">
   <target host="eveger.de" />
   <target host="www.eveger.de" />
- 
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Evanced.info.xml b/src/chrome/content/rules/Evanced.info.xml
index d5efbcbbe131..a490b918e358 100644
--- a/src/chrome/content/rules/Evanced.info.xml
+++ b/src/chrome/content/rules/Evanced.info.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://evanced.info/ => https://evanced.info/: (51, "SSL: no alternative certificate subject name matches target host name 'evanced.info'")
 
 -->
-<ruleset name="evanced.info" default_off='failed ruleset test'>
+<ruleset name="evanced.info" default_off="failed ruleset test">
 
 	<target host="evanced.info" />
 	<target host="ca.evanced.info" />
diff --git a/src/chrome/content/rules/Evaske.com.xml b/src/chrome/content/rules/Evaske.com.xml
index 890907ef5b91..a999eafb8572 100644
--- a/src/chrome/content/rules/Evaske.com.xml
+++ b/src/chrome/content/rules/Evaske.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://clients.evaske.com/ => https://clients.evaske.com/: Too many
 	Problematic:
 		- dev (Some sites serve wrong content)
 -->
-<ruleset name="Evaske.com" default_off='failed ruleset test'>
+<ruleset name="Evaske.com" default_off="failed ruleset test">
 
 	<target host="evaske.com" />
 	<target host="www.evaske.com" />
diff --git a/src/chrome/content/rules/Evenmere.org.xml b/src/chrome/content/rules/Evenmere.org.xml
index 5669a234bfbe..bbbedffddac8 100644
--- a/src/chrome/content/rules/Evenmere.org.xml
+++ b/src/chrome/content/rules/Evenmere.org.xml
@@ -20,7 +20,7 @@ Fetch error: http://blog.evenmere.org/ => https://blog.evenmere.org/: (6, 'Could
 		- https://panopticlick.eff.org
 
 -->
-<ruleset name="evenmere.org (partial)" default_off='failed ruleset test'>
+<ruleset name="evenmere.org (partial)" default_off="failed ruleset test">
 
 	<target host="blog.evenmere.org" />
 
diff --git a/src/chrome/content/rules/EventOverload.xml b/src/chrome/content/rules/EventOverload.xml
index 3ce594ebe38b..8e7cfe505ad3 100644
--- a/src/chrome/content/rules/EventOverload.xml
+++ b/src/chrome/content/rules/EventOverload.xml
@@ -6,7 +6,7 @@ Fetch error: http://eventoverload.com/ => https://eventoverload.com/: (51, "SSL:
 Disabled by https-everywhere-checker because:
 Fetch error: http://eventoverload.com/ => https://eventoverload.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="EventOverload" default_off='failed ruleset test'>
+<ruleset name="EventOverload" default_off="failed ruleset test">
 
 	<target host="eventoverload.com" />
 	<target host="static.eventoverload.com" />
@@ -18,4 +18,4 @@ Fetch error: http://eventoverload.com/ => https://eventoverload.com/: (60, 'SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Event_Booking_Online.com.xml b/src/chrome/content/rules/Event_Booking_Online.com.xml
deleted file mode 100644
index df4e7727b585..000000000000
--- a/src/chrome/content/rules/Event_Booking_Online.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	These altnames don't exist:
-
-		- www.eventbookingonline.com
-
--->
-<ruleset name="Event Booking Online.com">
-
-	<target host="eventbookingonline.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Eventpoint.com.xml b/src/chrome/content/rules/Eventpoint.com.xml
index ba70841484d4..1f1942196d17 100644
--- a/src/chrome/content/rules/Eventpoint.com.xml
+++ b/src/chrome/content/rules/Eventpoint.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://acs-stage.eventpoint.com/ => https://acs-stage.eventpoint.co
 		- acs-stage
 
 -->
-<ruleset name="Eventpoint.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Eventpoint.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Events.ch.xml b/src/chrome/content/rules/Events.ch.xml
index cd73625576f9..6aabc2c9b203 100644
--- a/src/chrome/content/rules/Events.ch.xml
+++ b/src/chrome/content/rules/Events.ch.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.events.ch/ => https://www.events.ch/: (60, 'SSL certific
 		- www.fmr.events.ch
 		- www.a.events.ch
 -->
-<ruleset name="Events.ch" default_off='failed ruleset test'>
+<ruleset name="Events.ch" default_off="failed ruleset test">
 	<target host="events.ch" />
 	<target host="www.events.ch" />
 	<target host="static.events.ch" />
diff --git a/src/chrome/content/rules/Evermeet.cx.xml b/src/chrome/content/rules/Evermeet.cx.xml
index 687bc236a597..34d5b23c51e3 100644
--- a/src/chrome/content/rules/Evermeet.cx.xml
+++ b/src/chrome/content/rules/Evermeet.cx.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.evermeet.cx/ => https://www.evermeet.cx/: (51, "SSL: no alternative certificate subject name matches target host name 'www.evermeet.cx'")
 
 -->
-<ruleset name="evermeet.cx" default_off='failed ruleset test'>
+<ruleset name="evermeet.cx" default_off="failed ruleset test">
 
 	<target host="evermeet.cx" />
 	<target host="www.evermeet.cx" />
diff --git a/src/chrome/content/rules/EverydayGiftCards.com.au.xml b/src/chrome/content/rules/EverydayGiftCards.com.au.xml
new file mode 100644
index 000000000000..deda7033fec6
--- /dev/null
+++ b/src/chrome/content/rules/EverydayGiftCards.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Woolworths coverage, see Woolworths.com.au.xml
+-->
+<ruleset name="EverydayGiftCards.com.au">
+
+	<target host="everydaygiftcards.com.au" />
+	<target host="www.everydaygiftcards.com.au" />
+	<target host="manage.everydaygiftcards.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Everyday_Health.xml b/src/chrome/content/rules/Everyday_Health.xml
index 2862a48615db..4dba57c36ad9 100644
--- a/src/chrome/content/rules/Everyday_Health.xml
+++ b/src/chrome/content/rules/Everyday_Health.xml
@@ -10,21 +10,18 @@ Fetch error: http://everydayhealth.com/ => https://everydayhealth.com/: Cycle de
 		- corporate.everydayhealth.com
 
 -->
-<ruleset name="Everyday Health (partial)" default_off='failed ruleset test'>
+<ruleset name="Everyday Health (partial)" default_off="failed ruleset test">
 
 	<target host="images.agoramedia.com" />
-	<target host="everydayhealth.com" />
-	<target host="*.everydayhealth.com" />
 	<target host="images.waterfrontmedia.com" />
+	<target host="everydayhealth.com" />
+	<target host="content.everydayhealth.com" />
+	<target host="www.everydayhealth.com" />
 
 
 	<securecookie host="^www\.everydayhealth\.com$" name=".+" />
 
 
-	<rule from="^http://images\.(agora|waterfront)media\.com/"
-		to="https://images.$1media.com/" />
-
-	<rule from="^http://(content\.|www\.)?everydayhealth\.com/"
-		to="https://$1everydayhealth.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Everyday_Hero.xml b/src/chrome/content/rules/Everyday_Hero.xml
index 9ec8c744c010..78338ca786e6 100644
--- a/src/chrome/content/rules/Everyday_Hero.xml
+++ b/src/chrome/content/rules/Everyday_Hero.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Everydayfeminism.com.xml b/src/chrome/content/rules/Everydayfeminism.com.xml
index 0342f6e8db63..4d7cd27d0ee1 100644
--- a/src/chrome/content/rules/Everydayfeminism.com.xml
+++ b/src/chrome/content/rules/Everydayfeminism.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://everydayfeminism.com/ => https://everydayfeminism.com/: Too
 Fetch error: http://www.everydayfeminism.com/ => https://www.everydayfeminism.com/: Too many redirects while fetching 'https://www.everydayfeminism.com/'
 
 -->
-<ruleset name="Everydayfeminism.com" default_off='failed ruleset test'>
+<ruleset name="Everydayfeminism.com" default_off="failed ruleset test">
 	<target host="everydayfeminism.com" />
 	<target host="www.everydayfeminism.com" />
 
diff --git a/src/chrome/content/rules/Everyone_is_Gay.com.xml b/src/chrome/content/rules/Everyone_is_Gay.com.xml
index 29cce7260837..7c357ddcb1a9 100644
--- a/src/chrome/content/rules/Everyone_is_Gay.com.xml
+++ b/src/chrome/content/rules/Everyone_is_Gay.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?everyoneisgay\.com/"
 		to="https://www.everyoneisgay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Everything_Everywhere.xml b/src/chrome/content/rules/Everything_Everywhere.xml
index c79657b85ed3..083b63891840 100644
--- a/src/chrome/content/rules/Everything_Everywhere.xml
+++ b/src/chrome/content/rules/Everything_Everywhere.xml
@@ -1,6 +1,5 @@
 <!--
 	CDN buckets:
-
 		- assets[67].ee.co.uk.s3-external-3.amazonaws.com
 		- business-orange-live-orangedigital.s3.amazonaws.com
 		- ee-cookies.s3.amazonaws.com
@@ -8,53 +7,32 @@
 		- ee-nav.s3.amazonaws.com
 		- ee-static.s3.amazonaws.com
 		- ee-tagging.s3.amazonaws.com
-
 		- edev.i.lithium.com
-
 			- community
-
 		- c1400017.r17.cf3.rackcdn.com
-
 			- assets10
-
 		- c1400021.r21.cf3.rackcdn.com
-
 			- assets12
-
 		- c1400022.r22.cf3.rackcdn.com
-
 			- assets11
-
 		- c1400023.r23.stream.cf3.rackcdn.com
-
 			- assets13
-
 		- c1400024.ssl.cf3.rackcdn.com
-
 			- assets14
 
-
 	Nonfunctional subdomains:
-
 		- help		(times out)
 
-
 	Problematic subdomains:
-
 		- jobs		(works, self-signed)
 
-
-
-	Partially covered subdomains:
-
-		- business	(some pages redirect to http)
-
+	Timeout:
+		- assets[1-5]
+		- explore
 
 	Fully covered subdomains:
-
 		- (www.)
 		- apply
-		- assets[1-5]
 		- assets[67]	(→ s3-eu-west-1.amazonaws.com)
 		- assets1[012]	(→ ssl.cf3.rackcdn.com)
 		- broadband
@@ -63,21 +41,26 @@
 		- my
 		- shop
 		- storefinder
-
 -->
-<ruleset name="Everything Everywhere (partial)">
-
+<ruleset name="Everything_Everywhere (partial)">
 	<target host="ee.co.uk" />
-	<target host="*.ee.co.uk" />
-		<exclusion pattern="^http://business\.ee\.co\.uk/(?!favicon\.ico|misc/|modules/|sites/)" />
-
-
-	<!--securecookie host="^\.ee\.co\.uk$" name=".+" /-->
-	<securecookie host="^(?:(?:apply|broadband|community|explore|my|shop|storefinder)\.)?ee\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://((?:apply|assets[1-5]|broadband|business|community|explore|my|shop|storefinder|www)\.)?ee\.co\.uk/"
-		to="https://$1ee.co.uk/" />
+	<target host="www.ee.co.uk" />
+	<target host="apply.ee.co.uk" />
+	<target host="broadband.ee.co.uk" />
+	<target host="business.ee.co.uk" />
+	<target host="community.ee.co.uk" />
+	<target host="myaccount.ee.co.uk" />
+	<target host="shop.ee.co.uk" />
+	<target host="storefinder.ee.co.uk" />
+	<target host="assets6.ee.co.uk" />
+	<target host="assets7.ee.co.uk" />
+	<target host="assets10.ee.co.uk" />
+	<target host="assets11.ee.co.uk" />
+	<target host="assets12.ee.co.uk" />
+	<target host="assets13.ee.co.uk" />
+	<target host="assets14.ee.co.uk" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://assets6\.ee\.co\.uk/"
 		to="https://s3-eu-west-1.amazonaws.com/assets6.ee.co.uk/" />
@@ -100,4 +83,5 @@
 	<rule from="^http://assets14\.ee\.co\.uk/"
 		to="https://c1400024.ssl.cf3.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Evidon.xml b/src/chrome/content/rules/Evidon.xml
index 86ed497143cc..5afbbf5d82c9 100644
--- a/src/chrome/content/rules/Evidon.xml
+++ b/src/chrome/content/rules/Evidon.xml
@@ -2,40 +2,55 @@
 	Other Evidon related rulesets:
 		+ Ghostery.com.xml
 
-
-	Non-functional hosts in *betteradvertising.com
-		SSL peer certificate was not OK:
-			 - cdn.betteradvertising.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - my.betteradvertising.com
-
-
-	Non-functional hosts in *betrad.com
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - betrad.com
-			 - www.betrad.com
-
-
-	Non-functional hosts in *evidon.com
-		SSL peer certificate was not OK:
-			 - cdn.evidon.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - blog.evidon.com
-			 - my.evidon.com
-
+	Self-signed cert:
+		- betteradvertising.com
+		- www.betteradvertising.com
+		- betrad.com
+		- www.betrad.com
+		- blog.evidon.com
+
+	Cert expired:
+		- my.betteradvertising.com
+		- ads.evidon.com
+		- my.evidon.com
+
+	Cert mismatch:
+		- cdn.betteradvertising.com
+		- cdn.evidon.com
+		- em.evidon.com
+
+	Connection refused:
+		- graphite.evidon.com
 -->
 <ruleset name="Evidon Inc (partial)">
+
 	<!-- *betrad.com -->
+
 	<target host="c.betrad.com" />
 	<target host="cdn.betrad.com" />
 	<target host="l.betrad.com" />
+	<target host="optout.betrad.com" />
 
 	<!-- *evidon.com -->
 	<target host="evidon.com" />
 	<target host="www.evidon.com" />
-	<target host="info.evidon.com" />
+
+	<target host="account.evidon.com"/>
+	<target host="c.evidon.com"/>
+	<target host="cop.evidon.com"/>
+	<target host="extension-cdn.evidon.com"/>
+	<target host="info.evidon.com"/>
+	<target host="insights.evidon.com"/>
+	<target host="l3.evidon.com"/>
+	<target host="marketing.evidon.com"/>
+	<target host="mcm.evidon.com"/>
+	<target host="optout.evidon.com"/>
+	<target host="owneriq.evidon.com"/>
+	<target host="privacy.evidon.com"/>
+	<target host="privacyapi.evidon.com"/>
+	<target host="publisher.evidon.com"/>
+	<target host="signon.evidon.com"/>
+	<target host="trackermap.evidon.com"/>
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ex_Libris.xml b/src/chrome/content/rules/Ex_Libris.xml
index bf0d85a6b495..85ec0d13e07e 100644
--- a/src/chrome/content/rules/Ex_Libris.xml
+++ b/src/chrome/content/rules/Ex_Libris.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:\w+sfx\.|sfx)hosted\.exlibrisgroup\.com/"
 		to="https://sfxhosted.exlibrisgroup.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exaccess.ru.xml b/src/chrome/content/rules/Exaccess.ru.xml
index 0ba5e5854153..be6335b6b875 100644
--- a/src/chrome/content/rules/Exaccess.ru.xml
+++ b/src/chrome/content/rules/Exaccess.ru.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ExactTarget.xml b/src/chrome/content/rules/ExactTarget.xml
index a7d69983f115..b6dd415dcc46 100644
--- a/src/chrome/content/rules/ExactTarget.xml
+++ b/src/chrome/content/rules/ExactTarget.xml
@@ -1,10 +1,29 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://3sixty.exacttarget.com/ => https://3sixty.exacttarget.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://imh.boa.exacttarget.com/ => https://imh.boa.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'imh.boa.exacttarget.com'")
+Fetch error: http://email.exacttarget.com/ => https://email.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'email.exacttarget.com'")
+Fetch error: http://nexus.exacttarget.com/ => https://nexus.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'nexus.exacttarget.com'")
+Fetch error: http://partners.exacttarget.com/ => https://partners.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'partners.exacttarget.com'")
+Fetch error: http://auth.poc.exacttarget.com/ => https://auth.poc.exacttarget.com/: (6, 'Could not resolve host: auth.poc.exacttarget.com')
+Fetch error: http://imh.poc.exacttarget.com/ => https://imh.poc.exacttarget.com/: (6, 'Could not resolve host: imh.poc.exacttarget.com')
+Fetch error: http://auth.s1.qa2.exacttarget.com/ => https://auth.s1.qa2.exacttarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://auth.s2.qa2.exacttarget.com/ => https://auth.s2.qa2.exacttarget.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://imh.s1.qa2.exacttarget.com/ => https://imh.s1.qa2.exacttarget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://imh.s2.qa2.exacttarget.com/ => https://imh.s2.qa2.exacttarget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://mc.s1.qa2.exacttarget.com/ => https://mc.s1.qa2.exacttarget.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://mc.s2.qa2.exacttarget.com/ => https://mc.s2.qa2.exacttarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://auth.s100.exacttarget.com/ => https://auth.s100.exacttarget.com/: (51, "SSL: no alternative certificate subject name matches target host name 'auth.s100.exacttarget.com'")
+Fetch error: http://auth.test.exacttarget.com/ => https://auth.test.exacttarget.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://members.test.exacttarget.com/ => https://members.test.exacttarget.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
+
 	See ExactTarget-mismatches.xml for problematic rules.
 
 	Other ExactTarget rulesets:
 
 		- Fuelcdn.com.xml
-		- IGoDigital.com.xml
 
 
 	CDN buckets:
@@ -158,24 +177,91 @@
 <ruleset name="ExactTarget (partial)">
 
 	<target host="exacttarget.com" />
-	<target host="*.exacttarget.com" />
+	<target host="www.exacttarget.com" />
+	<!-- target host="3sixty.exacttarget.com" /-->
+	<target host="auth.boa.exacttarget.com" />
+	<target host="click.boa.exacttarget.com" />
+	<!-- target host="imh.boa.exacttarget.com" /-->
+	<target host="mc.boa.exacttarget.com" />
+	<target host="brandcdn.exacttarget.com" />
+	<target host="click.exacttarget.com" />
+	<!-- target host="email.exacttarget.com" /-->
+	<target host="image.exacttarget.com" />
+	<target host="imh.exacttarget.com" />
+	<target host="mc.exacttarget.com" />
+	<target host="members.exacttarget.com" />
+	<!-- target host="nexus.exacttarget.com" /-->
+	<target host="pages.exacttarget.com" />
+	<!-- target host="partners.exacttarget.com" /-->
+	<!-- target host="auth.poc.exacttarget.com" /-->
+	<!-- target host="imh.poc.exacttarget.com" /-->
+	<target host="mc.poc.exacttarget.com" />
+	<target host="auth.s1.qa1.exacttarget.com" />
+	<!-- target host="auth.s1.qa2.exacttarget.com" /-->
+	<target host="auth.s1.qa3.exacttarget.com" />
+	<target host="auth.s2.qa1.exacttarget.com" />
+	<!-- target host="auth.s2.qa2.exacttarget.com" /-->
+	<target host="auth.s2.qa3.exacttarget.com" />
+	<target host="imh.s1.qa1.exacttarget.com" />
+	<!-- target host="imh.s1.qa2.exacttarget.com" /-->
+	<target host="imh.s1.qa3.exacttarget.com" />
+	<target host="imh.s2.qa1.exacttarget.com" />
+	<!-- target host="imh.s2.qa2.exacttarget.com" /-->
+	<target host="imh.s2.qa3.exacttarget.com" />
+	<target host="mc.s1.qa1.exacttarget.com" />
+	<!-- target host="mc.s1.qa2.exacttarget.com" /-->
+	<target host="mc.s1.qa3.exacttarget.com" />
+	<target host="mc.s2.qa1.exacttarget.com" />
+	<!-- target host="mc.s2.qa2.exacttarget.com" /-->
+	<target host="mc.s2.qa3.exacttarget.com" />
+	<target host="auth.s1.exacttarget.com" />
+	<target host="mc.s1.exacttarget.com" />
+	<!-- target host="auth.s100.exacttarget.com" /-->
+	<target host="mc.s100.exacttarget.com" />
+	<target host="auth.s4.exacttarget.com" />
+	<target host="click.s4.exacttarget.com" />
+	<target host="image.s4.exacttarget.com" />
+	<target host="imh.s4.exacttarget.com" />
+	<target host="mc.s4.exacttarget.com" />
+	<target host="members.s4.exacttarget.com" />
+	<target host="mc.s5.exacttarget.com" />
+	<target host="members.s5.exacttarget.com" />
+	<target host="auth.s6.exacttarget.com" />
+	<target host="click.s6.exacttarget.com" />
+	<target host="image.s6.exacttarget.com" />
+	<target host="imh.s6.exacttarget.com" />
+	<target host="mc.s6.exacttarget.com" />
+	<target host="members.s6.exacttarget.com" />
+	<target host="auth.s7.exacttarget.com" />
+	<target host="click.s7.exacttarget.com" />
+	<target host="image.s7.exacttarget.com" />
+	<target host="mc.s7.exacttarget.com" />
+	<target host="members.s7.exacttarget.com" />
+	<target host="auth.s8.exacttarget.com" />
+	<target host="click.s8.exacttarget.com" />
+	<target host="image.s8.exacttarget.com" />
+	<target host="mc.s8.exacttarget.com" />
+	<target host="members.s8.exacttarget.com" />
+	<!-- target host="auth.test.exacttarget.com" /-->
+	<target host="mc.test.exacttarget.com" />
+	<!-- target host="members.test.exacttarget.com" /-->
+	<target host="images.s4.exacttarget.com" />
 
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^3sixty\.exacttarget\.com$" name="^(\.ASPXANONYMOUS|language)$" /-->
 
-	<securecookie host="^(?:.*\.)?exacttarget\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Cert doesn't match !www.	-->
 	<rule from="^http://(?:www\.)?exacttarget\.com/"
 		to="https://www.exacttarget.com/" />
 
-	<rule from="^http://(3sixty|(?:auth|click|imh|mc)\.boa|brandcdn|click|email|image|imh|mc|members|nexus|pages|partners|(?:auth|imh|mc)\.poc|(?:auth|imh|mc)\.s[12]\.qa[123]|(?:auth|mc)\.s1|(?:auth|mc)\.s100|(?:auth|click|image|imh|mc|members)\.s4|(?:mc|members)\.s5|(?:auth|click|image|imh|mc|members)\.s6|(?:auth|click|image|mc|members)\.s7|(?:auth|click|image|mc|members)\.s8|(?:auth|mc|members)\.test)\.exacttarget\.com/"
-		to="https://$1.exacttarget.com/" />
 
 	<rule from="^http://images\.s4\.exacttarget\.com/"
 		to="https://image.s4.exacttarget.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Exactag.xml b/src/chrome/content/rules/Exactag.xml
index 778c09b853dc..4ce26b868263 100644
--- a/src/chrome/content/rules/Exactag.xml
+++ b/src/chrome/content/rules/Exactag.xml
@@ -1,25 +1,45 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://dr.exactag.com/ => https://dr.exactag.com/: Pycurl fetch failed for 'https://dr.exactag.com/'
-Fetch error: http://m.exactag.com/ => https://m.exactag.com/: Pycurl fetch failed for 'https://m.exactag.com/'
+	Cert expired:
+		- api.sandbox.exactag.com
+
+	Cert mismatch:
+		- support.exactag.com
 
-	www shows dr
+	Chain issues:
+		- developers.exactag.com
+		- feeds.exactag.com
+		- staging.exactag.com
 
+	Timeout:
+		- sftp.exactag.com
 -->
-<ruleset name="Exactag (partial)" default_off='failed ruleset test'>
+<ruleset name="Exactag (partial)">
 
 	<target host="exactag.com" />
+	<target host="www.exactag.com" />
+
+	<target host="attributionstest.exactag.com" />
+	<target host="c.exactag.com" />
+	<target host="cdn-gm.exactag.com" />
+	<target host="cdn-quisma.exactag.com" />
 	<target host="cdn.exactag.com" />
+	<target host="dashboards.exactag.com" />
+	<target host="demodashboards.exactag.com" />
 	<target host="dr.exactag.com" />
+	<target host="info.exactag.com" />
+	<target host="jobs.exactag.com" />
+	<target host="login.exactag.com" />
 	<target host="m.exactag.com" />
-	<target host="www.exactag.com" />
-		<exclusion pattern="^http://(?:www\.)?exactag\.com/(?!_extjs/|_jquery/|_js/|auth/)" />
-
-
-	<securecookie host="^(?:dr|m)\.exactag\.com$" name=".+" />
+	<target host="mblog.exactag.com" />
+	<target host="otto.exactag.com" />
+	<target host="ticket.exactag.com" />
+	<target host="tp-emea.exactag.com" />
+	<target host="tpemea.exactag.com" />
+	<target host="w.exactag.com" />
+	<target host="wiki.exactag.com" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Examiner.com.xml b/src/chrome/content/rules/Examiner.com.xml
index 8b382db54d3c..b43bd200c76b 100644
--- a/src/chrome/content/rules/Examiner.com.xml
+++ b/src/chrome/content/rules/Examiner.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://examiner.com/ => https://examiner.com/: (60, 'SSL certificat
 		- cdn.exm.nr	(works; mismatched, CN: gp1.wac.edgecastcdn.net)
 
 -->
-<ruleset name="examiner.com (partial)" default_off='failed ruleset test'>
+<ruleset name="examiner.com (partial)" default_off="failed ruleset test">
 
 	<target host="examiner.com" />
 	<target host="*.examiner.com" />
diff --git a/src/chrome/content/rules/Examp1e.net.xml b/src/chrome/content/rules/Examp1e.net.xml
index 9c269e5c9e05..2ed8d4da8cc7 100644
--- a/src/chrome/content/rules/Examp1e.net.xml
+++ b/src/chrome/content/rules/Examp1e.net.xml
@@ -8,7 +8,7 @@ Fetch error: http://examp1e.net/ => https://examp1e.net/: (60, 'SSL certificate
 		- www.examp1e.net
 
 -->
-<ruleset name="examp1e.net" default_off='failed ruleset test'>
+<ruleset name="examp1e.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Excaliburfilms.xml b/src/chrome/content/rules/Excaliburfilms.xml
index 58f18d5334dc..52013a20fce9 100644
--- a/src/chrome/content/rules/Excaliburfilms.xml
+++ b/src/chrome/content/rules/Excaliburfilms.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://images.excaliburfilms.com/ => https://images.excaliburfilms.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Excaliburfilms (partial)" default_off='failed ruleset test'>
+<ruleset name="Excaliburfilms (partial)" default_off="failed ruleset test">
 
 	<!-- target host="excaliburfilms.com" - no content -->
 	<target host="images.excaliburfilms.com" />
diff --git a/src/chrome/content/rules/Excelsior-USA.com.xml b/src/chrome/content/rules/Excelsior-USA.com.xml
deleted file mode 100644
index 238010c3458a..000000000000
--- a/src/chrome/content/rules/Excelsior-USA.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- installer *
-
-	* Redirects to www
-
--->
-<ruleset name="Excelsior-USA.com (partial)">
-
-	<target host="excelsior-usa.com" />
-	<target host="www.excelsior-usa.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.excelsior-usa\.com/($|favicon\.ico|fonts/opensans\.css|home\.css)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.excelsior-usa\.com/+(?!(?:blog|forum)(?:$|[?/])|images/|new\.css)" />
-
-
-	<securecookie host="^excelsior-usa\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Excitations.com.xml b/src/chrome/content/rules/Excitations.com.xml
index 0935272ed26a..49f74e4119e7 100644
--- a/src/chrome/content/rules/Excitations.com.xml
+++ b/src/chrome/content/rules/Excitations.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exclusive_X.xml b/src/chrome/content/rules/Exclusive_X.xml
index f6bda2eff071..dd4217f0f954 100644
--- a/src/chrome/content/rules/Exclusive_X.xml
+++ b/src/chrome/content/rules/Exclusive_X.xml
@@ -4,9 +4,9 @@
 	<target host="www.exclusivex.com" />
 
 
-	<securecookie host="^(?:.*\.)?exclusivex\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exede.xml b/src/chrome/content/rules/Exede.xml
deleted file mode 100644
index aca19a569913..000000000000
--- a/src/chrome/content/rules/Exede.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Exede (partial)">
-
-	<target host="order.exede.com" />
-
-
-	<securecookie host="^order\.exede\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Exeter_Friendly_Society.xml b/src/chrome/content/rules/Exeter_Friendly_Society.xml
index 1d6cb6c853e8..302125ebcbfb 100644
--- a/src/chrome/content/rules/Exeter_Friendly_Society.xml
+++ b/src/chrome/content/rules/Exeter_Friendly_Society.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.exeterfriendly.co.uk/ => https://www.exeterfamily.co.uk/
 	* Times out
 
 -->
-<ruleset name="Exeter Friendly Society" default_off='failed ruleset test'>
+<ruleset name="Exeter Friendly Society" default_off="failed ruleset test">
 
 	<target host="exeterfamily.co.uk" />
 	<target host="www.exeterfamily.co.uk" />
@@ -31,4 +31,4 @@ Fetch error: http://www.exeterfriendly.co.uk/ => https://www.exeterfamily.co.uk/
 	<rule from="^http://(?:www\.)?exeterfriendly\.co\.uk/(?:\?.*)?$"
 		to="https://www.exeterfamily.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exhale.xml b/src/chrome/content/rules/Exhale.xml
index 4ad10fe0b22b..2e8b84c04e69 100644
--- a/src/chrome/content/rules/Exhale.xml
+++ b/src/chrome/content/rules/Exhale.xml
@@ -2,18 +2,21 @@
 	Problematic domains:
 
 		- (www.)4exhale.org	(502; mismatched, CN: *.electricembers.net)
+		- mail.exhaleprovoice.org	(mismatched, CN: *.outlook.com)
 
 -->
 <ruleset name="Exhale">
 
+	<target host="4exhale.org" />
+	<target host="www.4exhale.org" />
 	<target host="exhaleprovoice.org" />
 	<target host="www.exhaleprovoice.org" />
-
+	<target host="layout.exhaleprovoice.org" />
 
 	<rule from="^http://(?:www\.)?4exhale\.org/"
 		to="https://exhaleprovoice.org/" />
 
-	<rule from="^http://(www\.)?exhaleprovoice\.org/"
-		to="https://$1exhaleprovoice.org/" />
+	<rule from="^http:"
+		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exim.org.xml b/src/chrome/content/rules/Exim.org.xml
index ab7397c80ba4..6adc8b9a8879 100644
--- a/src/chrome/content/rules/Exim.org.xml
+++ b/src/chrome/content/rules/Exim.org.xml
@@ -1,11 +1,26 @@
 <!--
-	(www.)?exim.org: Shows bugs.exim.org
+	Nonfunctional hosts in *.exim.org:
+		- docs.exim.org (m)
+		- www.pl.exim.org (m)
 
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="Exim.org (partial)">
+<ruleset name="Exim.org">
 
+	<target host="exim.org" />
+	<target host="www.exim.org" />
 	<target host="bugs.exim.org" />
+	<target host="buildfarm.exim.org" />
+	<target host="downloads.exim.org" />
+	<target host="ftp.exim.org" />
+	<target host="git.exim.org" />
 	<target host="lists.exim.org" />
+	<target host="vcs.exim.org" />
+	<target host="wiki.exim.org" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Exinda.xml b/src/chrome/content/rules/Exinda.xml
index c6e4664ef864..3e0d2670a8f1 100644
--- a/src/chrome/content/rules/Exinda.xml
+++ b/src/chrome/content/rules/Exinda.xml
@@ -7,7 +7,8 @@
 -->
 <ruleset name="Exinda (partial)">
 
-	<target host="*.exinda.com" />
+	<target host="go.exinda.com" />
+	<target host="support.exinda.com" />
 
 
 	<securecookie host="^support\.exinda\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Exitec.xml b/src/chrome/content/rules/Exitec.xml
deleted file mode 100644
index 91743026f87f..000000000000
--- a/src/chrome/content/rules/Exitec.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)exitec.de	(shows default CentOS page; mismatched, CN: www.bluemovie.net)
-
--->
-<ruleset name="Exitec (partial)">
-
-	<target host="traq.exitec.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Exmasters.com.xml b/src/chrome/content/rules/Exmasters.com.xml
index edae425b94ef..cc28ec54a743 100644
--- a/src/chrome/content/rules/Exmasters.com.xml
+++ b/src/chrome/content/rules/Exmasters.com.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Exmo.com.xml b/src/chrome/content/rules/Exmo.com.xml
index abf6b9373a37..e023dcda49ed 100644
--- a/src/chrome/content/rules/Exmo.com.xml
+++ b/src/chrome/content/rules/Exmo.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://merchant.exmo.com/ => https://merchant.exmo.com/: (6, 'Could
 		- www.exmo.com
 
 -->
-<ruleset name="Exmo.com" default_off='failed ruleset test'>
+<ruleset name="Exmo.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ExootLab.xml b/src/chrome/content/rules/ExootLab.xml
deleted file mode 100644
index 7cc30db90877..000000000000
--- a/src/chrome/content/rules/ExootLab.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="ExootLab">
-
-	<target host="exootlab.com" />
-	<target host="www.exootlab.com" />
-
-
-	<securecookie host="^www\.exootlab\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ExoticVM.com.xml b/src/chrome/content/rules/ExoticVM.com.xml
new file mode 100644
index 000000000000..9c14880b0188
--- /dev/null
+++ b/src/chrome/content/rules/ExoticVM.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ExoticVM.com">
+	<target host="exoticvm.com" />
+	<target host="www.exoticvm.com" />
+	<target host="mail.exoticvm.com" />
+	<target host="webmail.exoticvm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.at.xml b/src/chrome/content/rules/Expedia.at.xml
index 9fd11e75a24d..51a7cdacfa58 100644
--- a/src/chrome/content/rules/Expedia.at.xml
+++ b/src/chrome/content/rules/Expedia.at.xml
@@ -10,7 +10,7 @@
 		- inside	(t)
 		- support	(i)
 		- wwph		(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.be.xml b/src/chrome/content/rules/Expedia.be.xml
index 6b1271f7a663..be36622ad262 100644
--- a/src/chrome/content/rules/Expedia.be.xml
+++ b/src/chrome/content/rules/Expedia.be.xml
@@ -8,7 +8,7 @@
 		- eurostar	(t)
 		- support	(i)
 		- vakantiehuizen	(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.ca.xml b/src/chrome/content/rules/Expedia.ca.xml
index cad52f8fc7cc..044969d752a5 100644
--- a/src/chrome/content/rules/Expedia.ca.xml
+++ b/src/chrome/content/rules/Expedia.ca.xml
@@ -21,7 +21,7 @@
 		- support	(i)
 		- booking.vacations	(t)
 		- wwph	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.ch.xml b/src/chrome/content/rules/Expedia.ch.xml
index ea099e5f56c6..c140f8b5ed8f 100644
--- a/src/chrome/content/rules/Expedia.ch.xml
+++ b/src/chrome/content/rules/Expedia.ch.xml
@@ -5,7 +5,7 @@
 	Non-functional subdomains:
 		- ferienwohnung	(t)
 		- location-vacances	(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.cn.xml b/src/chrome/content/rules/Expedia.cn.xml
index 382eac4cb424..35778dc3f6e4 100644
--- a/src/chrome/content/rules/Expedia.cn.xml
+++ b/src/chrome/content/rules/Expedia.cn.xml
@@ -5,7 +5,7 @@
 	Non-functional subdomains:
 		- $self (t)
 
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.co.id.xml b/src/chrome/content/rules/Expedia.co.id.xml
index 62de44a8c15d..28c8d309b6da 100644
--- a/src/chrome/content/rules/Expedia.co.id.xml
+++ b/src/chrome/content/rules/Expedia.co.id.xml
@@ -6,7 +6,7 @@
 		- deals	(t)
 		- enfaq	(t)
 		- faq	(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.co.in.xml b/src/chrome/content/rules/Expedia.co.in.xml
index 0caa42647cec..6f07a4f75d8c 100644
--- a/src/chrome/content/rules/Expedia.co.in.xml
+++ b/src/chrome/content/rules/Expedia.co.in.xml
@@ -11,7 +11,7 @@
 		- holidayplanner	(m)
 		- press	(r)
 		- support	(i)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.co.jp.xml b/src/chrome/content/rules/Expedia.co.jp.xml
index f1e320755b4d..cd67c8dbc5da 100644
--- a/src/chrome/content/rules/Expedia.co.jp.xml
+++ b/src/chrome/content/rules/Expedia.co.jp.xml
@@ -15,7 +15,7 @@
 		- support	(i)
 		- tm	(t)
 		- tour	(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.co.kr.xml b/src/chrome/content/rules/Expedia.co.kr.xml
index 904b4ba08437..7abef76197f3 100644
--- a/src/chrome/content/rules/Expedia.co.kr.xml
+++ b/src/chrome/content/rules/Expedia.co.kr.xml
@@ -9,7 +9,7 @@
 		- faq		(t)
 		- support	(i)
 		- wwch		(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.co.nz.xml b/src/chrome/content/rules/Expedia.co.nz.xml
index acceeb09615f..3f03ee538d7f 100644
--- a/src/chrome/content/rules/Expedia.co.nz.xml
+++ b/src/chrome/content/rules/Expedia.co.nz.xml
@@ -29,4 +29,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Expedia.co.th.xml b/src/chrome/content/rules/Expedia.co.th.xml
index 21f2a4f29a40..b671afc88329 100644
--- a/src/chrome/content/rules/Expedia.co.th.xml
+++ b/src/chrome/content/rules/Expedia.co.th.xml
@@ -6,7 +6,7 @@
 		- deals	(t)
 		- enfaq	(r)
 		- faq	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.co.uk.xml b/src/chrome/content/rules/Expedia.co.uk.xml
index eafe8f7f5b55..01e41515c973 100644
--- a/src/chrome/content/rules/Expedia.co.uk.xml
+++ b/src/chrome/content/rules/Expedia.co.uk.xml
@@ -1,4 +1,4 @@
-<!--	
+<!--
 	For other Expedia coverage, see Expedia.com.xml
 
 
@@ -33,7 +33,7 @@
 		- thingstodo	(m)
 		- www.vangogh2015	(m)
 		- win	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.ar.xml b/src/chrome/content/rules/Expedia.com.ar.xml
index 6480c8b97533..18eaba1091ca 100644
--- a/src/chrome/content/rules/Expedia.com.ar.xml
+++ b/src/chrome/content/rules/Expedia.com.ar.xml
@@ -6,7 +6,7 @@
 		- $self		(t)
 		- m		(t)
 		- support	(i)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.au.xml b/src/chrome/content/rules/Expedia.com.au.xml
index 6c0eeb8f4cf7..69c4db2fdaaf 100644
--- a/src/chrome/content/rules/Expedia.com.au.xml
+++ b/src/chrome/content/rules/Expedia.com.au.xml
@@ -28,7 +28,7 @@
 		- travelwithmastercard	(i)
 		- www.vividsydney	(s)
 		- yahoo	(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.br.xml b/src/chrome/content/rules/Expedia.com.br.xml
index f53d0db89597..ef0862f7e044 100644
--- a/src/chrome/content/rules/Expedia.com.br.xml
+++ b/src/chrome/content/rules/Expedia.com.br.xml
@@ -5,7 +5,7 @@
 	Non-functional subdomains:
 		- aventuraamericana	(m)
 		- support	(i)(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.hk.xml b/src/chrome/content/rules/Expedia.com.hk.xml
index 1177abb14889..55a54d767d6d 100644
--- a/src/chrome/content/rules/Expedia.com.hk.xml
+++ b/src/chrome/content/rules/Expedia.com.hk.xml
@@ -7,7 +7,7 @@
 		- deals		(t)
 		- faq		(r)
 		- zhfaq		(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.my.xml b/src/chrome/content/rules/Expedia.com.my.xml
index 853981e9e2bc..cab5e53258c9 100644
--- a/src/chrome/content/rules/Expedia.com.my.xml
+++ b/src/chrome/content/rules/Expedia.com.my.xml
@@ -9,7 +9,7 @@
 		- faq		(r)
 		- press		(r)
 		- support	(i)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.ph.xml b/src/chrome/content/rules/Expedia.com.ph.xml
index 51eec9e3e7d8..e48d19fdb321 100644
--- a/src/chrome/content/rules/Expedia.com.ph.xml
+++ b/src/chrome/content/rules/Expedia.com.ph.xml
@@ -6,7 +6,7 @@
 		- backick	(t)
 		- deals		(t)
 		- faq		(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.sg.xml b/src/chrome/content/rules/Expedia.com.sg.xml
index 71ef227b3981..c398ae3c8132 100644
--- a/src/chrome/content/rules/Expedia.com.sg.xml
+++ b/src/chrome/content/rules/Expedia.com.sg.xml
@@ -10,7 +10,7 @@
 		- goldcoast	(m)
 		- press		(r)
 		- support	(i)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.tw.xml b/src/chrome/content/rules/Expedia.com.tw.xml
index bb368bf58b41..50124af17431 100644
--- a/src/chrome/content/rules/Expedia.com.tw.xml
+++ b/src/chrome/content/rules/Expedia.com.tw.xml
@@ -5,7 +5,7 @@
 	Non-functional subdomains:
 		- deals		(t)
 		- faq		(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Expedia.com.vn.xml b/src/chrome/content/rules/Expedia.com.vn.xml
index 092e80513cd9..e7da1b01684d 100644
--- a/src/chrome/content/rules/Expedia.com.vn.xml
+++ b/src/chrome/content/rules/Expedia.com.vn.xml
@@ -4,7 +4,7 @@
 
 	Non-functional subdomains:
 		- faq		(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Experian.xml b/src/chrome/content/rules/Experian.xml
index 03d94b2bc354..bd287fe020cd 100644
--- a/src/chrome/content/rules/Experian.xml
+++ b/src/chrome/content/rules/Experian.xml
@@ -6,27 +6,13 @@
 		- Chtah.net.xml
 		- Fagms.net.xml
 
-
-	Problematic domains:
-
-		- experian.com		(cert only matches www)
-
 -->
-<ruleset name="Experian">
+<ruleset name="Experian (partial)">
 
 	<target host="experian.com" />
 	<target host="www.experian.com" />
 	<target host="experian.experiandirect.com" />
-	<target host="*.experian.experiandirect.com" />
-
-
-	<securecookie host="^\.?experian\.experiandirect\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?experian\.com/"
-		to="https://www.experian.com/" />
 
-	<rule from="^http://experian\.experiandirect\.com/"
-		to="https://experian.experiandirect.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Explainxkcd.com.xml b/src/chrome/content/rules/Explainxkcd.com.xml
index 379b4f9257f4..8c4afa80af02 100644
--- a/src/chrome/content/rules/Explainxkcd.com.xml
+++ b/src/chrome/content/rules/Explainxkcd.com.xml
@@ -1,7 +1,7 @@
 <!--
     Notes:
       - Cloudflare SSL
-    
+
     Mixed content:
       - All sites
         - pictures by explainxkcd.com *
@@ -14,7 +14,7 @@
 <ruleset name="Explainxkcd.com" platform="mixedcontent">
     <target host="www.explainxkcd.com" />
     <target host="explainxkcd.com" />
-    
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ExploreB2B.com.xml b/src/chrome/content/rules/ExploreB2B.com.xml
index 90c7f86ee181..48b7ce344caf 100644
--- a/src/chrome/content/rules/ExploreB2B.com.xml
+++ b/src/chrome/content/rules/ExploreB2B.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.exploreb2b.com/ => https://www.exploreb2b.com/: (7, 'Fai
 Disabled by https-everywhere-checker because:
 Fetch error: http://exploreb2b.com/ => https://exploreb2b.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 -->
-<ruleset name="exploreB2B.com" default_off='failed ruleset test'>
+<ruleset name="exploreB2B.com" default_off="failed ruleset test">
 
 	<target host="exploreb2b.com" />
 	<target host="www.exploreb2b.com" />
diff --git a/src/chrome/content/rules/ExploreFlask.com.xml b/src/chrome/content/rules/ExploreFlask.com.xml
new file mode 100644
index 000000000000..a7fb87bc7eba
--- /dev/null
+++ b/src/chrome/content/rules/ExploreFlask.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Nonfunctional hosts in *.exploreflask.com:
+		- www
+-->
+<ruleset name="ExploreFlask.com">
+	<target host="exploreflask.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Explosm.net.xml b/src/chrome/content/rules/Explosm.net.xml
index 99b75e92c726..067c49009f44 100644
--- a/src/chrome/content/rules/Explosm.net.xml
+++ b/src/chrome/content/rules/Explosm.net.xml
@@ -24,19 +24,19 @@ Fetch error: http://explosm.net/ => https://explosm.net/: Cycle detected - URL a
 	a problem for mixed content blockers.
 
 -->
-<ruleset name="Explosm.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Explosm.net (partial)" default_off="failed ruleset test">
 
 	<target host="explosm.net" />
-	<target host="*.explosm.net" />
+	<target host="www.explosm.net" />
+	<target host="store.explosm.net" />
 
 
 	<securecookie host="^\.explosm\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?explosm\.net/"
-		to="https://$1explosm.net/" />
 
 	<rule from="^http://store\.explosm\.net/"
 		to="https://explosmstore.myshopify.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Expo2020.xml b/src/chrome/content/rules/Expo2020.xml
index 47a452067c1b..d71efa5423b2 100644
--- a/src/chrome/content/rules/Expo2020.xml
+++ b/src/chrome/content/rules/Expo2020.xml
@@ -13,7 +13,7 @@ Fetch error: http://grant.expo2020dubai.ae/ => https://grant.expo2020dubai.ae/:
 		- expo2020dubai.ae
 
 -->
-<ruleset name="Expo 2020 (partial)" default_off='failed ruleset test'>
+<ruleset name="Expo 2020 (partial)" default_off="failed ruleset test">
 	<target host="esource.expo2020dubai.ae" />
 	<target host="grant.expo2020dubai.ae" />
 
diff --git a/src/chrome/content/rules/Express.de.xml b/src/chrome/content/rules/Express.de.xml
new file mode 100644
index 000000000000..314d873ac8ab
--- /dev/null
+++ b/src/chrome/content/rules/Express.de.xml
@@ -0,0 +1,32 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	No alternative certificate subject name matches target host name:
+	- boerse.express.de
+	- formulare.express.de
+	- tvprogramm.express.de
+
+	Timeout:
+	- aboservice.express.de
+-->
+<ruleset name="Express.de (partial)">
+
+	<target host="express.de" />
+	<target host="www.express.de" />
+	<target host="amp.express.de" />
+	<target host="biallo.express.de" />
+	<target host="consent.express.de" />
+	<target host="epages.express.de" />
+	<target host="horoskope.express.de" />
+	<target host="leserreisen.express.de" />
+	<target host="mobil.express.de" />
+	<target host="shop.express.de" />
+	<target host="specials.express.de" />
+	<target host="static.express.de" />
+	<target host="termine.express.de" />
+	<target host="track.express.de" />
+	<target host="wetter.express.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Expresscoin.com.xml b/src/chrome/content/rules/Expresscoin.com.xml
index 7ebf545c52b7..8f6933107ca0 100644
--- a/src/chrome/content/rules/Expresscoin.com.xml
+++ b/src/chrome/content/rules/Expresscoin.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://accounts.expresscoin.com/ => https://accounts.expresscoin.co
 		- www.expresscoin.com
 
 -->
-<ruleset name="expresscoin.com (partial)" default_off='failed ruleset test'>
+<ruleset name="expresscoin.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Expressen.se.xml b/src/chrome/content/rules/Expressen.se.xml
new file mode 100644
index 000000000000..8f2a12ff0468
--- /dev/null
+++ b/src/chrome/content/rules/Expressen.se.xml
@@ -0,0 +1,26 @@
+<!-- 
+
+ 	Invalid certificate:
+
+		- goteborgsgirot.expressen.se (mismatch)
+-->
+
+<ruleset name="Expressen.se">
+
+	<target host="expressen.se" />
+	<target host="www.expressen.se" />
+
+	<target host="annons.expressen.se" />
+	<target host="bloggar.expressen.se" />
+	<target host="etidning.expressen.se" />
+	<target host="extra.expressen.se" />
+	<target host="kampanj.expressen.se" />
+	<target host="login.expressen.se" />
+	<target host="magasin.expressen.se" />
+	<target host="mittkok.expressen.se" />
+	<target host="rabattkoder.expressen.se" />
+	<target host="spel.expressen.se" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Extabit.xml b/src/chrome/content/rules/Extabit.xml
index c8b059c95954..378a2b740a94 100644
--- a/src/chrome/content/rules/Extabit.xml
+++ b/src/chrome/content/rules/Extabit.xml
@@ -16,7 +16,9 @@
 <ruleset name="Extabit (partial)" default_off="expired">
 
 	<target host="extabit.com" />
-	<target host="*.extabit.com" />
+	<target host="st.extabit.com" />
+	<target host="webmaster.extabit.com" />
+	<target host="www.extabit.com" />
 
 
 	<!--	info, extau, and vs are sent to guest\d\d
diff --git a/src/chrome/content/rules/Extension_Defender.com.xml b/src/chrome/content/rules/Extension_Defender.com.xml
index eb1ca13c8c81..d90befcdebe6 100644
--- a/src/chrome/content/rules/Extension_Defender.com.xml
+++ b/src/chrome/content/rules/Extension_Defender.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://extensiondefender.com/ => https://extensiondefender.com/: (7
 Fetch error: http://www.extensiondefender.com/ => https://www.extensiondefender.com/: (7, 'Failed to connect to www.extensiondefender.com port 443: Connection refused')
 
 -->
-<ruleset name="Extension Defender.com" default_off='failed ruleset test'>
+<ruleset name="Extension Defender.com" default_off="failed ruleset test">
 
 	<target host="extensiondefender.com" />
 	<target host="www.extensiondefender.com" />
diff --git a/src/chrome/content/rules/Extensis.com.xml b/src/chrome/content/rules/Extensis.com.xml
index b88c46947fbd..b6d365efec6f 100644
--- a/src/chrome/content/rules/Extensis.com.xml
+++ b/src/chrome/content/rules/Extensis.com.xml
@@ -36,7 +36,7 @@ Fetch error: http://www2.extensis.com/ => https://www2.extensis.com/: (51, "SSL:
 		- www.extensis.com
 
 -->
-<ruleset name="Extensis.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Extensis.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Extra_Lunch_Money.xml b/src/chrome/content/rules/Extra_Lunch_Money.xml
index f60c37447d74..c27769f3fbcf 100644
--- a/src/chrome/content/rules/Extra_Lunch_Money.xml
+++ b/src/chrome/content/rules/Extra_Lunch_Money.xml
@@ -12,16 +12,16 @@
 <ruleset name="Extra Lunch Money">
 
 	<target host="extralunchmoney.com" />
-	<target host="*.extralunchmoney.com" />
+	<target host="www.extralunchmoney.com" />
+	<target host="imageassets.extralunchmoney.com" />
 
 
 	<securecookie host="^\.?extralunchmoney\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?extralunchmoney\.com/"
-		to="https://$1extralunchmoney.com/" />
 
 	<rule from="^http://imageassets\.extralunchmoney\.com/"
 		to="https://1c2b4e3d78d00f8d775f-9944ec653f3e6c54804d49fe85e91fe7.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Extratorrent.com.xml b/src/chrome/content/rules/Extratorrent.com.xml
index 460444ca9f36..4c14f5a5f7e3 100644
--- a/src/chrome/content/rules/Extratorrent.com.xml
+++ b/src/chrome/content/rules/Extratorrent.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.extratorrentonline.com/ => https://www.extratorrentonlin
 
 static.etproxy.com different content
 -->
-<ruleset name="Extratorrent.com" default_off='failed ruleset test'>
+<ruleset name="Extratorrent.com" default_off="failed ruleset test">
 
 	<target host="extratorrent.com" />
 	<target host="www.extratorrent.com" />
diff --git a/src/chrome/content/rules/Extreme-Dm.com.xml b/src/chrome/content/rules/Extreme-Dm.com.xml
index c3c4d60f1bb2..39e36b4880f4 100644
--- a/src/chrome/content/rules/Extreme-Dm.com.xml
+++ b/src/chrome/content/rules/Extreme-Dm.com.xml
@@ -20,11 +20,13 @@
 -->
 <ruleset name="Extreme-Dm.com (partial)">
 
-	<target host="*.extreme-dm.com"/>
+	<target host="nht-2.extreme-dm.com" />
+	<target host="nht-3.extreme-dm.com" />
+	<target host="t0.extreme-dm.com" />
+	<target host="t1.extreme-dm.com" />
+	<target host="w1.extreme-dm.com" />
 
 
-	<rule from="^http://nht-(2|3)\.extreme-dm\.com/"
-		to="https://nht-$1.extreme-dm.com/" />
 
 	<rule from="^http://t[01]\.extreme-dm\.com/"
 		to="https://t1.extreme-dm.com/"/>
@@ -32,4 +34,5 @@
 	<rule from="^http://w1\.extreme-dm\.com/"
 		to="https://t1.extreme-dm.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Extreme-Light-Infrastructure.xml b/src/chrome/content/rules/Extreme-Light-Infrastructure.xml
deleted file mode 100644
index 46111b8a359a..000000000000
--- a/src/chrome/content/rules/Extreme-Light-Infrastructure.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	/ssl7.ovh.net/~extremel/
-
--->
-<ruleset name="Extreme Light Infrastructure">
-
-	<target host="extreme-light-infrastructure.eu" />
-	<target host="www.extreme-light-infrastructure.eu" />
-
-
-	<!--	Cert: ssl7.ovh.net
-					-->
-	<rule from="^http://(?:www\.)?extreme-light-infrastructure\.eu/"
-		to="https://ssl7.ovh.net/~extremel/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ExtremeTacticalDynamics.com.xml b/src/chrome/content/rules/ExtremeTacticalDynamics.com.xml
new file mode 100644
index 000000000000..35d7dfebc02b
--- /dev/null
+++ b/src/chrome/content/rules/ExtremeTacticalDynamics.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ExtremeTacticalDynamics.com">
+	<target host="extremetacticaldynamics.com" />
+	<target host="www.extremetacticaldynamics.com" />
+	<target host="images.extremetacticaldynamics.com" />
+	<target host="images2.extremetacticaldynamics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ExtremeTech.com.xml b/src/chrome/content/rules/ExtremeTech.com.xml
new file mode 100644
index 000000000000..371e1a42882f
--- /dev/null
+++ b/src/chrome/content/rules/ExtremeTech.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		- discuss.extremetech.com
+		- metrics.extremetech.com
+		- shop.extremetech.com
+
+	Timed out:
+		- extremetech.com, equivalent to www.extremetech.com
+		- mailing.enews.extremetech.com
+-->
+
+<ruleset name="ExtremeTech.com">
+	<target host="extremetech.com" />
+	<target host="www.extremetech.com" />
+	<target host="bbstatic.extremetech.com" />
+	<target host="*.g00.extremetech.com" />
+		<test url="http://c-7npsfqifvt34x24e3y4cletmoylvkx2edmpvegspoux2eofu.g00.extremetech.com/g00/3_c-7x78x78x78.fyusfnfufdi.dpn_/c-7NPSFQIFVT34x24iuuqtx3ax2fx2fe3y4cletmoylvk.dmpvegspou.ofux2f3909255_411.kqhx3fj21d.nbslx3djnbhf_$/$" />
+		<test url="http://c-7npsfqifvt34x24mx2ecfusbex2edpn.g00.extremetech.com/g00/3_c-7x78x78x78.fyusfnfufdi.dpn_/c-7NPSFQIFVT34x24iuuqtx3ax2fx2fm.cfusbe.dpnx2ftjufx2fw4x2f771x2f254x2f0x2f3x2f3x2f2x2f3159x3fj21d.nbslx3djnbhf_$/$" />
+		<test url="http://c-7npsfqifvt34x24tfdvsfqvcbetx2ehx2eepvcmfdmjdlx2eofu.g00.extremetech.com/g00/3_c-7x78x78x78.fyusfnfufdi.dpn_/c-7NPSFQIFVT34x24iuuqtx3ax2fx2ftfdvsfqvcbet.h.epvcmfdmjdl.ofux2fhqux2fqvcbet_jnqm_316.ktx3fj21d.nbslx3dtdsjqu_$/$" />
+	<target host="product.extremetech.com" />
+	<target host="product2.extremetech.com" />
+	<target host="product3.extremetech.com" />
+	<target host="product4.extremetech.com" />
+	<target host="static.extremetech.com" />
+
+	<securecookie host="^www\.extremetech\.com$" name=".+" />
+
+	<rule from="^http://extremetech\.com/"
+		  to="https://www.extremetech.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Extreme_Digital.xml b/src/chrome/content/rules/Extreme_Digital.xml
deleted file mode 100644
index 509bee00ebbe..000000000000
--- a/src/chrome/content/rules/Extreme_Digital.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-Automatically by https-everywhere-checker because:
-Fetch error: http://www.edigital.hu/ => https://www.edigital.hu/: (7, 'Failed to connect to www.edigital.hu port 443: Connection refused') Nonfunctional subdomains:
-	 - foto.edigital.hu
--->
-<ruleset name="Extreme Digital" platform="mixedcontent">
-	<target host="www.edigital.hu" />
-
-	<securecookie host="^www\.edigital\.hu$" name=".+" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Extreme_Tech.com.xml b/src/chrome/content/rules/Extreme_Tech.com.xml
deleted file mode 100644
index 238275bf9a44..000000000000
--- a/src/chrome/content/rules/Extreme_Tech.com.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-	For problematic rules, see Ziff-Davis-mismatches.xml.
-
-	For other Ziff Davis coverage, see Ziff-Davis.xml.
-
-
-	CDN buckets:
-
-		- extremetech.com.112.2o7.net
-
-			- metrics
-
-		- www.extremetech.com.edgesuite.net
-
-			- a574.g.akamai.net
-
-
-	Nonfunctional domains:
-
-		- discuss.extremetech.com
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- www ²
-
-	¹ Works; expired 2012-06-09, self-signed, cert only matches www
-	² Works, akamai
-
-
-	Partially covered subdomains:
-
-		- (www.)	(→ akamai, avoiding user-visible paths)
-
--->
-<ruleset name="Extreme Tech.com (partial)" default_off="broken">
-
-	<target host="metrics.extremetech.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://(?:www\.)?extremetech\.com/(?!cobrand-header/|wp-content/|wp-includes/)" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.extremetech\.com$" name="^(?:s_\w+|__utm)\w$" />
-	<securecookie host="^www\.extremetech\.com$" name="^_chartbeat2$" />
-
-
-	<rule from="^http://metrics\.extremetech\.com/"
-		to="https://extremetech-com.122.2o7.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/EyeReturn.com.xml b/src/chrome/content/rules/EyeReturn.com.xml
deleted file mode 100644
index 616a5ed704f2..000000000000
--- a/src/chrome/content/rules/EyeReturn.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other eyeReturn Marketing coverage, see EyeReturn_Marketing.com.xml
-
-
-	Problematic subdomains:
-
-		- (www.) *
-
-	* Refused, redirect destination cert mismatched
-
--->
-<ruleset name="eyeReturn.com (partial)">
-
-	<target host="reports.eyereturn.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^reports\.eyereturn\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EyeReturn_Marketing.com.xml b/src/chrome/content/rules/EyeReturn_Marketing.com.xml
index 485f21ab64e7..fd9053c0e43e 100644
--- a/src/chrome/content/rules/EyeReturn_Marketing.com.xml
+++ b/src/chrome/content/rules/EyeReturn_Marketing.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other eyeReturn Marketing rulesets:
 
-		- EyeReturn.com.xml
 
 
 	CDN buckets:
@@ -13,14 +12,7 @@
 
 	<target host="eyereturnmarketing.com" />
 	<target host="www.eyereturnmarketing.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?eyereturnmarketing\.com/+(?!wp-content/|wp-includes/)" />
-	<target host="emi.wpengine.com" />
 
-
-	<rule from="^http://(?:(?:www\.)?eyereturnmarketing|emi\.wpengine)\.com/"
-		to="https://emi.wpengine.com/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/EyeTech.xml b/src/chrome/content/rules/EyeTech.xml
index a1041f02a3e1..c297fd8eeeba 100644
--- a/src/chrome/content/rules/EyeTech.xml
+++ b/src/chrome/content/rules/EyeTech.xml
@@ -12,7 +12,7 @@ Fetch error: http://eyetechds.com/ => https://eyetechds.com/: (51, "SSL: no alte
 Fetch error: http://www.eyetechds.com/ => https://www.eyetechds.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.eyetechds.com'")
 
 -->
-<ruleset name="EyeTech" default_off='failed ruleset test'>
+<ruleset name="EyeTech" default_off="failed ruleset test">
 
 	<target host="eyetechds.com" />
 	<target host="www.eyetechds.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.eyetechds.com/ => https://www.eyetechds.com/: (51, "SSL:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Eyeviewads.com.xml b/src/chrome/content/rules/Eyeviewads.com.xml
index c9d2556416c6..1be7773b8dc4 100644
--- a/src/chrome/content/rules/Eyeviewads.com.xml
+++ b/src/chrome/content/rules/Eyeviewads.com.xml
@@ -5,7 +5,7 @@
 
 	Time out:
 		connectad.eyeviewads.com
-		videoiq-backoffice.eyeviewades.com		
+		videoiq-backoffice.eyeviewades.com
 
 -->
 <ruleset name="eyeviewads.com">
diff --git a/src/chrome/content/rules/Eyny.com.xml b/src/chrome/content/rules/Eyny.com.xml
new file mode 100644
index 000000000000..a31051620ffd
--- /dev/null
+++ b/src/chrome/content/rules/Eyny.com.xml
@@ -0,0 +1,26 @@
+<!--
+	This domain has wildcard certificate and DNS records.
+
+	Active mixed content:
+		- (*.)?eyny.com, from www.facebook.com
+			- https://eyny.com/thread-9439862-1-1.html
+			- https://eyny.com/thread-10612510-1-1.html
+
+	Bad redirect:
+		- eyny.com, equivalent to eyny.com/index.php
+		- www.eyny.com, equivalent to www.eyny.com/index.php
+-->
+
+<ruleset name="Eyny.com" platform="mixedcontent">
+	<target host="eyny.com" />
+	<target host="*.eyny.com" />
+		<test url="http://www.eyny.com/" />
+		<test url="http://blog.eyny.com/" />
+		<test url="http://bt.eyny.com/" />
+		<test url="http://video.eyny.com/" />
+
+	<rule from="^http://(www\.)?eyny\.com/$"
+		  to="https://$1eyny.com/index.php" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/EzAccessory.com.xml b/src/chrome/content/rules/EzAccessory.com.xml
index def7db50318b..25049ec5f6be 100644
--- a/src/chrome/content/rules/EzAccessory.com.xml
+++ b/src/chrome/content/rules/EzAccessory.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/EzDing.com.tw.xml b/src/chrome/content/rules/EzDing.com.tw.xml
index 43eb2149c8a8..2724b0f6580d 100644
--- a/src/chrome/content/rules/EzDing.com.tw.xml
+++ b/src/chrome/content/rules/EzDing.com.tw.xml
@@ -21,7 +21,7 @@ Fetch error: http://ezding.com.tw/ => https://ezding.com.tw/: (28, 'Connection t
 	* Unsecurable
 
 -->
-<ruleset name="ezDing.com.tw (partial)" default_off='failed ruleset test'>
+<ruleset name="ezDing.com.tw (partial)" default_off="failed ruleset test">
 
 	<target host="ezding.com.tw" />
 	<target host="www.ezding.com.tw" />
diff --git a/src/chrome/content/rules/Ezaxess.com.xml b/src/chrome/content/rules/Ezaxess.com.xml
deleted file mode 100644
index ea9ab1450155..000000000000
--- a/src/chrome/content/rules/Ezaxess.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- files.ezaxess.com.s3.amazonaws.com
-
-
-	(www.): Dreamhost
-
--->
-<ruleset name="ezaxess.com (partial)">
-
-	<target host="files.ezaxess.com" />
-		<!--
-			Images referenced relative to root:
-								-->
-		<!--exclusion pattern="^http://files\.ezaxess\.com/mobile/v2/(clients/sdsu/)?main\.css" /-->
-		<!--
-			More conservatively:
-						-->
-		<exclusion pattern="^http://files\.ezaxess\.com/.+\.css" />
-
-
-	<rule from="^http://files\.ezaxess\.com/"
-		to="https://s3.amazonaws.com/files.ezaxess.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/EzineArticles.xml b/src/chrome/content/rules/EzineArticles.xml
index 097950f83465..a30ae02123dc 100644
--- a/src/chrome/content/rules/EzineArticles.xml
+++ b/src/chrome/content/rules/EzineArticles.xml
@@ -11,7 +11,8 @@
 -->
 <ruleset name="EzineArticles (partial)">
   <target host="ezinearticles.com" />
-  <target host="*.ezinearticles.com" />
+  <target host="www.ezinearticles.com" />
+  <target host="img.ezinearticles.com" />
 		<!--
 			Many pages started redirecting to http:
 
@@ -22,10 +23,9 @@
 
   <rule from="^http://(?:www\.)?ezinearticles\.com/" to="https://ezinearticles.com/"/>
 
-	<rule from="^http://img\.ezinearticles\.com/"
-		to="https://img.ezinearticles.com/" />
 
   <!--
   <rule from="^http://(blog|shop|subscriptions)\.ezinearticles\.com/" to="https://$1.ezinearticles.com/"/>
   -->
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/F-Secure.xml b/src/chrome/content/rules/F-Secure.xml
index fc48e4883c37..fb4be2659bb1 100644
--- a/src/chrome/content/rules/F-Secure.xml
+++ b/src/chrome/content/rules/F-Secure.xml
@@ -80,7 +80,7 @@ Fetch error: http://trial.f-secure.com/ => https://trial.f-secure.com/: (6, 'Cou
 	² Unsecurable
 
 -->
-<ruleset name="F-Secure.com (partial)" default_off='failed ruleset test'>
+<ruleset name="F-Secure.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/F35.com.xml b/src/chrome/content/rules/F35.com.xml
deleted file mode 100644
index f0fe1ef30ed0..000000000000
--- a/src/chrome/content/rules/F35.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="F35.com">
-
-	<target host="f35.com" />
-	<target host="www.f35.com" />
-
-
-	<securecookie host="^www\.f35\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FAZ-mismatches.xml b/src/chrome/content/rules/FAZ-mismatches.xml
deleted file mode 100644
index 6073b91c9617..000000000000
--- a/src/chrome/content/rules/FAZ-mismatches.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	See also FAZ.xml
--->
-<ruleset name="FAZ (mismatches)" default_off="Certificate mismatch">
-
-	<target host="kulturkalender.faz.net"/>
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/FAZ.xml b/src/chrome/content/rules/FAZ.xml
index 3833ec8dcc99..502c6e4cdef0 100644
--- a/src/chrome/content/rules/FAZ.xml
+++ b/src/chrome/content/rules/FAZ.xml
@@ -1,76 +1,66 @@
 <!--
-	See also FAZ-mismatches.xml
-
-	Refused:
-		- dynamic.faz.net
-		- m.faz.net
+	Invalid certificate:
+		- faz-community.faz.net
 		- quelleinternet.faz.net
-		- tv.faz.net
-
-	Redirect:
-		- www.faz.net
-		- charts.faz.net
-		- event.faz.net
-		- fazarchiv.faz.net
-		- hochschulanzeiger.faz.net
-		- kfz-versicherung.faz.net
-		- software-portal.faz.net
-		- ts.faz.net
-		- verlag.faz.net
-
-	404 not found:
-		- www.fazschule.net
-
-	Mismatch, but redirect:
-		- www.fazjob.net
-		- m.fazjob.net
-		- rebrush-oas.fazjob.net
+		- berufundchance.fazjob.net
 
-	Mismatch:
-		- ^faz.net
-		- boersenlexikon.faz.net
-		- boersenspiel.faz.net
-		- faz-community.faz.net
-		- fazschule.net
-		- jobsuche-hochschulanzeiger.fazjob.net
+	Timeout:
+		- literaturkalender.faz.net
 		- kulturkalender.faz.net
-		- lebenswege.faz.net
-		- media[01]
-		- tarife.faz.net
-		- wetter.faz.net
 		- ^fazjob.net
 		- agbs.fazjob.net
-		- berufundchance.fazjob.net
 		- news.fazschule.net
-		- (www.)faz.de
+-->
+<ruleset name="FAZ (partial)">
 
-	Self-signed:
-		- 50plus.faz.net
-		- literaturkalender.faz.net
+	<target host="faz.net" />
+	<target host="www.faz.net" />
+	<target host="50plus.faz.net" />
+	<target host="abo.faz.net" />
+	<target host="blogs.faz.net" />
+	<target host="boersenlexikon.faz.net" />
+	<target host="boersenspiel.faz.net" />
+	<target host="dynamic.faz.net" />
+		<test url="http://dynamic.faz.net/red/2016/pendler/Pendler.pdf" />
+	<target host="event.faz.net" />
+	<target host="fazarchiv.faz.net" />
+	<target host="gets.faz.net" />
+	<target host="hochschulanzeiger.faz.net" />
+	<target host="immobilien.faz.net" />
+	<target host="immobilienmarkt.faz.net" />
+	<target host="kfz-versicherung.faz.net" />
+	<target host="lebenswege.faz.net" />
+	<target host="m.faz.net" />
+	<target host="media0.faz.net" />
+	<target host="media1.faz.net" />
+	<target host="media2.faz.net" />
+	<target host="media3.faz.net" />
+	<target host="media4.faz.net" />
+	<target host="media5.faz.net" />
+	<target host="media6.faz.net" />
+	<target host="media7.faz.net" />
+	<target host="media8.faz.net" />
+	<target host="media9.faz.net" />
+	<target host="rhein-main-veranstaltungen.faz.net" />
+	<target host="software-portal.faz.net" />
+	<target host="tarife.faz.net" />
+	<target host="ts.faz.net" />
+	<target host="tv.faz.net" />
+	<target host="verlag.faz.net" />
+	<target host="wetter.faz.net" />
 
-	Timeout:
-		- financeforum.fazjob.net
-		- immobilien.faz.net
+	<target host="faz.de" />
+	<target host="www.faz.de" />
 
-	Timeout at HTTP Port 80:
-		- filebox.faz.de
--->
-<ruleset name="FAZ (partial)" platform="mixedcontent">
-	<target host="abo.faz.net"/>
-	<target host="blogs.faz.net"/>
-	<target host="gets.faz.net"/>
-	<target host="www.fazjob.net"/>
-	<target host="m.fazjob.net"/>
-	<target host="rebrush-oas.fazjob.net"/>
-	<target host="jobsuche-hochschulanzeiger.fazjob.net"/>
+	<target host="www.fazjob.net" />
+	<target host="m.fazjob.net" />
+	<target host="rebrush-oas.fazjob.net" />
+	<target host="jobsuche-hochschulanzeiger.fazjob.net" />
 
-	<securecookie host="^(?:www\.)?fazjob\.net$" name=".+" />
+	<target host="fazschule.net" />
+	<target host="www.fazschule.net" />
 
-	<rule from="^http://www\.fazjob\.net/"
-		to="https://stellenmarkt.faz.net/" />
-
-	<rule from="^http://m\.fazjob\.net/"
-		to="https://stellenmarkt.faz.net/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://rebrush-oas\.fazjob\.net/"
 		to="https://stellenmarkt.faz.net/" />
@@ -78,6 +68,11 @@
 	<rule from="^http://jobsuche-hochschulanzeiger\.fazjob\.net/"
 		to="https://stellenmarkt.faz.net/" />
 
-	<rule from="^http:"
-		to="https:"/>
+	<!-- Invalid certificate on https://(www.)?faz.de/,
+		http://(www.)?faz.de/ redirects to https://www.faz.net/. -->
+	<rule from="^http://(www\.)?faz\.de/"
+			to="https://www.faz.net/" />
+
+	<rule from="^http:"	to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/FBINAA.org.xml b/src/chrome/content/rules/FBINAA.org.xml
new file mode 100644
index 000000000000..f3589de55ebc
--- /dev/null
+++ b/src/chrome/content/rules/FBINAA.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS records:
+		- *.fbinaa.org
+-->
+
+<ruleset name="FBINAA.org">
+	<target host="fbinaa.org" />
+	<target host="www.fbinaa.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FC2.com.xml b/src/chrome/content/rules/FC2.com.xml
index 9ecef54875f1..87242a2bf3ee 100644
--- a/src/chrome/content/rules/FC2.com.xml
+++ b/src/chrome/content/rules/FC2.com.xml
@@ -24,7 +24,11 @@
 -->
 <ruleset name="FC2.com (partial)">
 
-	<target host="*.fc2.com" />
+	<target host="blog.fc2.com" />
+	<target host="form1ssl.fc2.com" />
+	<target host="id.fc2.com" />
+	<target host="secure.id.fc2.com" />
+	<target host="rentalserver1.fc2.com" />
 
 
 	<!--securecookie host="^\.fc2\.com$" name="^(?:fgcv|incap_ses_\d+_\d+|visid_incap_\d+)$" /-->
@@ -32,7 +36,6 @@
 	<securecookie host="^(?:\.?blog|id|secure\.id|media3)\.fc2\.com$" name=".+" />
 
 
-	<rule from="^http://(blog|form1ssl|id|secure\.id|media3|rentalserver1)\.fc2\.com/"
-		to="https://$1.fc2.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FCA.org.uk.xml b/src/chrome/content/rules/FCA.org.uk.xml
index 2d40d81505c7..07061375ad04 100644
--- a/src/chrome/content/rules/FCA.org.uk.xml
+++ b/src/chrome/content/rules/FCA.org.uk.xml
@@ -1,26 +1,29 @@
-<!--
-	Other Financial Conduct Authority rulesets:
 
-		- The-FCA.org.uk.xml
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
+Fetch error: http://connect.fca.org.uk/ => https://connect.fca.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://handbook.fca.org.uk/ => https://handbook.fca.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'handbook.fca.org.uk'")
 
 	Nonfunctional hosts in *fca.org.uk:
 
 		- scamsmart *
-		
+
 	* Refused
 
+  SSL, no matching certs
+    - small-firms.fca.org.uk
+
 -->
 <ruleset name="FCA.org.uk (partial)">
 
 	<target host="fca.org.uk" />
-	<target host="connect.fca.org.uk" />
+	<!-- target host="connect.fca.org.uk" /-->
 	<target host="gabriel.fca.org.uk" />
-	<target host="handbook.fca.org.uk" />
+	<!-- target host="handbook.fca.org.uk" /-->
 	<target host="www.handbook.fca.org.uk" />
 	<target host="marketoversight.fca.org.uk" />
 	<target host="register.fca.org.uk" />
-	<target host="small-firms.fca.org.uk" />
 	<target host="www.fca.org.uk" />
 
 
diff --git a/src/chrome/content/rules/FCBarcelonaClan.com.xml b/src/chrome/content/rules/FCBarcelonaClan.com.xml
new file mode 100644
index 000000000000..4af995b9de6b
--- /dev/null
+++ b/src/chrome/content/rules/FCBarcelonaClan.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="FCBarcelonaClan.com">
+	<target host="fcbarcelonaclan.com" />
+	<target host="www.fcbarcelonaclan.com" />
+	<target host="forum.fcbarcelonaclan.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FCPA-Blog.xml b/src/chrome/content/rules/FCPA-Blog.xml
index 90c0701da42d..b1ba61eb294a 100644
--- a/src/chrome/content/rules/FCPA-Blog.xml
+++ b/src/chrome/content/rules/FCPA-Blog.xml
@@ -12,7 +12,7 @@ Fetch error: http://fcpablog.com/ => https://fcpablog.squarespace.com/: Too many
 Fetch error: http://www.fcpablog.com/ => https://fcpablog.squarespace.com/: Too many redirects while fetching 'https://fcpablog.squarespace.com/'
 
 -->
-<ruleset name="FCPA Blog (partial)" default_off='failed ruleset test'>
+<ruleset name="FCPA Blog (partial)" default_off="failed ruleset test">
 
 	<target host="fcpablog.com"/>
 	<target host="www.fcpablog.com"/>
diff --git a/src/chrome/content/rules/FF7.fr.xml b/src/chrome/content/rules/FF7.fr.xml
new file mode 100644
index 000000000000..e987f4ef6342
--- /dev/null
+++ b/src/chrome/content/rules/FF7.fr.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- _jabber._tcp
+		- _xmpp-client._tcp
+		- _xmpp-server._tcp
+		- _sip._udp
+		- imp
+		- jabber
+		- mail
+		- pop3
+		- sip
+		- smtp
+		- squirrel
+
+	Refused:
+		- audio
+-->
+<ruleset name="FF7.fr">
+	<target host="ff7.fr" />
+	<target host="www.ff7.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FFSG.org.xml b/src/chrome/content/rules/FFSG.org.xml
index 1c13b7931049..58f75eae8b82 100644
--- a/src/chrome/content/rules/FFSG.org.xml
+++ b/src/chrome/content/rules/FFSG.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.ffsg.org/ => https://www.ffsg.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ffsg.org'")
 
 -->
-<ruleset name="FFSG.org" default_off='failed ruleset test'>
+<ruleset name="FFSG.org" default_off="failed ruleset test">
 
 	<target host="ffsg.org" />
 	<target host="www.ffsg.org" />
diff --git a/src/chrome/content/rules/FHEM.de.xml b/src/chrome/content/rules/FHEM.de.xml
new file mode 100644
index 000000000000..e4f8e9da1893
--- /dev/null
+++ b/src/chrome/content/rules/FHEM.de.xml
@@ -0,0 +1,19 @@
+<ruleset name="FHEM.de">
+
+	<target host="fhem.de" />
+	<target host="www.fhem.de" />
+	<target host="cloud.fhem.de" />
+	<target host="commandref.fhem.de" />
+	<target host="conf.fhem.de" />
+	<target host="debian.fhem.de" />
+	<target host="fhem-test.fhem.de" />
+	<target host="forum.fhem.de" />
+	<target host="svn.fhem.de" />
+	<target host="verein.fhem.de" />
+	<target host="wiki.fhem.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FIGUE.com.xml b/src/chrome/content/rules/FIGUE.com.xml
index 8da7fe50edb6..4e8c23fef9a9 100644
--- a/src/chrome/content/rules/FIGUE.com.xml
+++ b/src/chrome/content/rules/FIGUE.com.xml
@@ -18,7 +18,8 @@
 <ruleset name="FIGUE.com (partial)">
 
 	<target host="figue.com" />
-	<target host="*.figue.com" />
+	<target host="cdn1.figue.com" />
+	<target host="www.figue.com" />
 		<!--exclusion pattern="^http://(?:www\.)?figue\.com/(?!(?:about|customer|looks|travel-blog)(?:$|[?/])|favicon\.ico|media/|skin/)" /-->
 		<exclusion pattern="^http://(?:www\.)?figue\.com/+(?:$|\?)" />
 
@@ -29,4 +30,4 @@
 	<rule from="^http://(?:cdn1\.|www\.)?figue\.com/"
 		to="https://www.figue.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FINANZEN.NET.xml b/src/chrome/content/rules/FINANZEN.NET.xml
new file mode 100644
index 000000000000..5e611a90950a
--- /dev/null
+++ b/src/chrome/content/rules/FINANZEN.NET.xml
@@ -0,0 +1,76 @@
+<!--
+	Connection closed:
+		- appcore-bo.finanzen.net
+		- appcore-ch.finanzen.net
+		- appcore-de.finanzen.net
+		- appcore-nl.finanzen.net
+		- appcore-us.finanzen.net
+		- payment.finanzen.net
+
+	Invalid certificate:
+		- anleihen.finanzen.net
+		- ftp2.finanzen.net
+		- g.finanzen.net
+		- hebelprodukte.finanzen.net
+		- mobiledesk.finanzen.net
+		- mobiledeskpro.finanzen.net
+		- mobiledesktrading.finanzen.net
+		- optionsscheine.finanzen.net
+		- ratgeberlink.finanzen.net
+		- realtime.finanzen.net
+		- tradingdesk-beta.finanzen.net
+		- vorsorge.finanzen.net
+		- welt-export.finanzen.net
+		- zertifikate.finanzen.net
+
+	Non-2xx HTTP code:
+		- traderfox.finanzen.net
+
+	Refused:
+		- dataexport.finanzen.net
+
+	Timeout:
+		- cache.finanzen.net
+		- krankenkassenvergleich.finanzen.net
+		- mx[1-4].messaging.finanzen.net
+-->
+<ruleset name="FINANZEN.NET">
+
+	<target host="finanzen.net" />
+	<target host="www.finanzen.net" />
+	<target host="analysen.finanzen.net" />
+	<target host="bankentest.finanzen.net" />
+	<target host="bild.finanzen.net" />
+	<target host="boersenblog.finanzen.net" />
+	<target host="c.finanzen.net" />
+	<target host="charts.finanzen.net" />
+	<target host="cma.finanzen.net" />
+	<target host="cmau8.finanzen.net" />
+	<target host="derivate.finanzen.net" />
+	<target host="findataproxy.finanzen.net" />
+	<target host="finweltproxy.finanzen.net" />
+	<target host="fondsdetail.finanzen.net" />
+	<target host="forum.finanzen.net" />
+	<target host="forum-media.finanzen.net" />
+	<target host="images.finanzen.net" />
+	<target host="m.finanzen.net" />
+	<target host="mdsngpush.finanzen.net" />
+	<target host="messaging.finanzen.net" />
+	<target host="my.finanzen.net" />
+	<target host="nl.finanzen.net" />
+	<target host="oppenheim.finanzen.net" />
+	<target host="scripts.finanzen.net" />
+	<target host="secure.finanzen.net" />
+	<target host="shchart.finanzen.net" />
+	<target host="styles.finanzen.net" />
+	<target host="tracking.finanzen.net" />
+	<target host="trading.finanzen.net" />
+	<target host="tradingdesk.finanzen.net" />
+	<target host="webexport.finanzen.net" />
+	<target host="zertifikat.finanzen.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FKFeV.de.xml b/src/chrome/content/rules/FKFeV.de.xml
new file mode 100644
index 000000000000..9f9461884f3d
--- /dev/null
+++ b/src/chrome/content/rules/FKFeV.de.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- new.fkfev.de
+-->
+<ruleset name="FKFeV.de">
+
+	<target host="fkfev.de" />
+	<target host="www.fkfev.de" />
+	<target host="chat.fkfev.de" />
+	<target host="slack.fkfev.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FLIF.info.xml b/src/chrome/content/rules/FLIF.info.xml
new file mode 100644
index 000000000000..23582be18493
--- /dev/null
+++ b/src/chrome/content/rules/FLIF.info.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.flif.info:
+		- www (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="FLIF.info">
+	<target host="flif.info" />
+	<target host="www.flif.info" />
+
+	<rule from="^http://www\.flif\.info/" to="https://flif.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FLOSS-Shop.de.xml b/src/chrome/content/rules/FLOSS-Shop.de.xml
index f587776330c3..beae6f2a200f 100644
--- a/src/chrome/content/rules/FLOSS-Shop.de.xml
+++ b/src/chrome/content/rules/FLOSS-Shop.de.xml
@@ -10,6 +10,6 @@
 	<rule from="^http://floss-shop\.de/"
 			to="https://www.floss-shop.de/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FLonline.eu.xml b/src/chrome/content/rules/FLonline.eu.xml
deleted file mode 100644
index 779d3465cf5c..000000000000
--- a/src/chrome/content/rules/FLonline.eu.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- winners.flonline.eu
-
--->
-<ruleset name="FLonline.eu">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="flonline.eu" />
-	<target host="winners.flonline.eu" />
-	<target host="www.flonline.eu" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^winners\.flonline\.eu$" name="^(?:MTB?|ST)$" /-->
-
-	<securecookie host="^winners\.flonline\.eu$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FMSA.de.xml b/src/chrome/content/rules/FMSA.de.xml
new file mode 100644
index 000000000000..8d381d0c7dd3
--- /dev/null
+++ b/src/chrome/content/rules/FMSA.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		prod.fmsa.de
+
+	Timeout:
+		abnahme-euba.fmsa.de
+		euba.fmsa.de
+		test-euba.fmsa.de
+-->
+<ruleset name="FMSA.de">
+	<!-- Federal Agency for Financial Market Stabilisation -->
+
+	<target host="fmsa.de" />
+	<target host="www.fmsa.de" />
+
+	<!-- Content mismatch on https://fmsa.de/,
+	http://fmsa.de/ redirects to http://www.fmsa.de/ -->
+	<rule from="^http://fmsa\.de/"
+		to="https://www.fmsa.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FMyLife.com.xml b/src/chrome/content/rules/FMyLife.com.xml
index e46978e8c9f7..16e9f8d39f53 100644
--- a/src/chrome/content/rules/FMyLife.com.xml
+++ b/src/chrome/content/rules/FMyLife.com.xml
@@ -1,30 +1,19 @@
 <!--
 	For other Beta & Cie coverage, see Beta-and-Cie.xml.
 
+	03.2018: all included subdomains fail.
 
-	CDN buckets:
+	HTTP 504:
+		cdn6.fmylife.com
+		cdn7.fmylife.com
+		media.fmylife.com
 
-		- betacie.cachefly.net
-
-			- cdn\d.fmylife.com
-
-		- fmylife-betaetcompagnie.netdna-ssl.com
-
-
-	Problematic subdomains:
-
-		- cdn[1-5]	(mismatched, CN: *.cachefly.net)
-		- media		(works; mismatched, CN: cdn.betacie.com)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- cdn[1-5]	(→ betacie.cachefly.net)
-		- media		(→ cdn.betacie.com)
+	HTTP 521:
+		fmylife.com
+		www.fmylife.com
 
 -->
-<ruleset name="FMyLife.com">
+<ruleset name="FMyLife.com" default_off="other">
 
 	<target host="fmylife.com" />
 	<target host="*.fmylife.com" />
@@ -42,4 +31,4 @@
 	<rule from="^http://media\.fmylife\.com/"
 		to="https://cdn.betacie.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FN_Mag.co-falsemixed.xml b/src/chrome/content/rules/FN_Mag.co-falsemixed.xml
index a2eb9ce157a5..62f3dc93e3ec 100644
--- a/src/chrome/content/rules/FN_Mag.co-falsemixed.xml
+++ b/src/chrome/content/rules/FN_Mag.co-falsemixed.xml
@@ -9,7 +9,7 @@ Fetch error: http://fnmag.co/ => https://fnmag.co/: (35, 'error:140770FC:SSL rou
 	For rules not causing false/broken mixed content, see FN_Mag.co.xml.
 
 -->
-<ruleset name="FN Mag.co (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FN Mag.co (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fnmag.co" />
 	<target host="www.fnmag.co" />
diff --git a/src/chrome/content/rules/FN_Mag.co.xml b/src/chrome/content/rules/FN_Mag.co.xml
deleted file mode 100644
index 089e232d847e..000000000000
--- a/src/chrome/content/rules/FN_Mag.co.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see FN_Mag.co-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- d3riqfjibuvp3c.cloudfront.net
-
-			- cdn
-			- cdn5
-
-
-	Mixed content:
-
-		- css, on ^ from:
-
-			- cdn *
-			- fonts.googleapis.com *
-
-		- Images, on ^ from:
-
-			- cdn5 *
-			- \d.gravatar.com *
-
-	* Secured by us
-
--->
-<ruleset name="FN Mag.co (partial)">
-
-	<target host="cdn.fnmag.co" />
-	<target host="cdn5.fnmag.co" />
-
-
-	<rule from="^http://cdn5?\.fnmag\.co/"
-		to="https://d3riqfjibuvp3c.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FOM_Networks.com.xml b/src/chrome/content/rules/FOM_Networks.com.xml
index 918281d1acb9..ecbaf5c460bf 100644
--- a/src/chrome/content/rules/FOM_Networks.com.xml
+++ b/src/chrome/content/rules/FOM_Networks.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?fomnetworks\.com/"
 		to="https://fomnetworks.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FOSSBazaar.org.xml b/src/chrome/content/rules/FOSSBazaar.org.xml
index cecf0ca71acd..0d5af7a9a16c 100644
--- a/src/chrome/content/rules/FOSSBazaar.org.xml
+++ b/src/chrome/content/rules/FOSSBazaar.org.xml
@@ -11,7 +11,7 @@
 		<test url="http://www.fossbazaar.org/" />
 
 
-	<securecookie host="^(?:.*\.)?fossbazaar\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?fossbazaar\.org/"
diff --git a/src/chrome/content/rules/FOX-Toolkit.xml b/src/chrome/content/rules/FOX-Toolkit.xml
deleted file mode 100644
index cc97a3b00db2..000000000000
--- a/src/chrome/content/rules/FOX-Toolkit.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="FOX Toolkit" default_off="self-signed">
-
-	<target host="fox-toolkit.net" />
-	<target host="*.fox-toolkit.net" />
-	<target host="fox-toolkit.org" />
-	<target host="*.fox-toolkit.org" />
-
-
-	<!--	.net just redirects to .org.	-->
-	<rule from="^http://www\.fox-toolkit\.(?:net|org)/"
-		to="https://fox-toolkit.org/" />
-
-	<rule from="^http://(blog|www)\.fox-toolkit\.(?:net|org)/"
-		to="https://$1.fox-toolkit.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FP_Complete.com.xml b/src/chrome/content/rules/FP_Complete.com.xml
index 69ab5ed12585..601cd7eb0e3b 100644
--- a/src/chrome/content/rules/FP_Complete.com.xml
+++ b/src/chrome/content/rules/FP_Complete.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://haskell.fpcomplete.com/ => https://haskell.fpcomplete.com/:
 		- www.fpcomplete.com
 
 -->
-<ruleset name="FP Complete.com" default_off='failed ruleset test'>
+<ruleset name="FP Complete.com" default_off="failed ruleset test">
 
 	<target host="fpcomplete.com" />
 	<target host="haskell.fpcomplete.com" />
diff --git a/src/chrome/content/rules/FR.de.xml b/src/chrome/content/rules/FR.de.xml
new file mode 100644
index 000000000000..a90c3836f974
--- /dev/null
+++ b/src/chrome/content/rules/FR.de.xml
@@ -0,0 +1,50 @@
+<!--
+	Invalid certificate:
+		abo-cms.fr.de
+		admin.fr.de
+		autodiscover.fr.de
+		admin.agenturen.fr.de
+		e-kiosk.fr.de
+		info.fr.de
+		lyncdiscover.fr.de
+		newsletter.fr.de
+		relaunch.fr.de
+		sip.fr.de
+		staging.fr.de
+
+	Timeout:
+		ipadapp.fr.de
+		json-mobil.fr.de
+		json-newsapp.fr.de
+		login.fr.de
+		meet.fr.de
+		static[1-3]?.fr.de
+-->
+<ruleset name="FR.de">
+
+	<target host="fr.de" />
+	<target host="www.fr.de" />
+	<target host="abo.fr.de" />
+	<target host="beta-meinabo.fr.de" />
+	<target host="dev-meinabo.fr.de" />
+	<target host="epaper.fr.de" />
+	<target host="epaper-ifr.fr.de" />
+	<target host="fr7.fr.de" />
+	<target host="www.fr7.fr.de" />
+	<target host="leserreisen.fr.de" />
+	<target host="leserservice.fr.de" />
+	<target host="m.fr.de" />
+	<target host="mail.fr.de" />
+	<target host="meinabo.fr.de" />
+	<target host="panthermedia.fr.de" />
+	<target host="partner.fr.de" />
+	<target host="themenwelten.fr.de" />
+	<target host="vwdweb2.fr.de" />
+	<target host="wiki.fr.de" />
+	<target host="zukunft.fr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FRA_LLC.com.xml b/src/chrome/content/rules/FRA_LLC.com.xml
deleted file mode 100644
index 2289256cd083..000000000000
--- a/src/chrome/content/rules/FRA_LLC.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- frallc.com
-		- www.frallc.com
-
-
-	Mixed content:
-
-		- Images from www.frallc.com *
-
-	* Secured by us
-
--->
-<ruleset name="FRA LLC.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="frallc.com" />
-	<target host="www.frallc.com" />
-
-		<!--	Mixed images:
-					-->
-		<test url="http://frallc.com/conference.aspx?ccode=B973" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?frallc\.com$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^(?:www\.)?frallc\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FREECULTR.xml b/src/chrome/content/rules/FREECULTR.xml
index 91367ba8afe2..7edfa26377ff 100644
--- a/src/chrome/content/rules/FREECULTR.xml
+++ b/src/chrome/content/rules/FREECULTR.xml
@@ -15,10 +15,11 @@ Fetch error: http://freecultr.com/ => https://www.freecultr.com/: (7, 'Failed to
 		- static
 
 -->
-<ruleset name="FREECULTR" default_off='failed ruleset test'>
+<ruleset name="FREECULTR" default_off="failed ruleset test">
 
 	<target host="freecultr.com" />
-	<target host="*.freecultr.com" />
+	<target host="static.freecultr.com" />
+	<target host="www.freecultr.com" />
 
 
 	<securecookie host="^\.freecultr\.com$" name=".+" />
diff --git a/src/chrome/content/rules/FRUCT.org.xml b/src/chrome/content/rules/FRUCT.org.xml
index aca31bdba840..6c8b9dc92772 100644
--- a/src/chrome/content/rules/FRUCT.org.xml
+++ b/src/chrome/content/rules/FRUCT.org.xml
@@ -6,7 +6,7 @@
 		- (www.)?md ¹
 		- (www.)?rusmart ¹
 		- vyatka.yar ¹
-		
+
 	¹ Shows another domain
 	² Refused
 
@@ -38,7 +38,7 @@
 		- css on social from $self
 
 		- Images, on:
-		
+
 			- (www.)?, (www.)?forum from ssl.gstatic.com *
 			- (www.)?forum from ^fruct.org *
 			- social from $self
diff --git a/src/chrome/content/rules/FSF.xml b/src/chrome/content/rules/FSF.xml
index a59f8fe52c99..a0fad3c6b320 100644
--- a/src/chrome/content/rules/FSF.xml
+++ b/src/chrome/content/rules/FSF.xml
@@ -8,101 +8,46 @@
 
 	Nonfunctional domains:
 
-		- amt.fsf.org ¹
-		- mirror.fsf.org ¹
-		- shop.fsf.org		(redirects to http):
-		- specialk.nongnu.org	(dropped)
-
-	¹ Dropped	
-
-
-	Fully covered domains:
-
-		- fsf.org subdomains:
-
-			- (www.)?
-			- cas
-			- crm
-			- directory
-			- donate		(→ my.fsf.org)
-			- emailselfdefense
-			- my
-			- patron		(→ www.fsf.org)
-			- piwik
-			- static
-			- status
-			- u
-
-		- bugs.gnewsense.org	(→ savannah.nongnu.org)
-
-		- in *nongnu.org:
-
-			- lists
-			- savannah
-
-
-	Mixed content:
-
-		- Image on directory from static *
-
-	* Secured by us
-
+		- specialk.nongnu.org (m)
+		- bugs.gnewsense.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Free Software Foundation">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="fsf.org" />
+	<target host="www.fsf.org" />
 	<target host="cas.fsf.org" />
 	<target host="crm.fsf.org" />
 	<target host="directory.fsf.org" />
+	<target host="donate.fsf.org" />
 	<target host="emailselfdefense.fsf.org" />
 	<target host="my.fsf.org" />
+	<target host="mirror.fsf.org" />
+	<target host="patron.fsf.org" />
 	<target host="piwik.fsf.org" />
 	<target host="shop.fsf.org" />
 	<target host="static.fsf.org" />
 	<target host="status.fsf.org" />
 	<target host="u.fsf.org" />
-	<target host="www.fsf.org" />
 
-        <target host="lists.nongnu.org" />
-        <target host="savannah.nongnu.org" />
+	<target host="nongnu.org" />
+	<target host="www.nongnu.org" />
+	<target host="lists.nongnu.org" />
+	<target host="savannah.nongnu.org" />
+	<target host="download.savannah.nongnu.org" />
 
 	<!--	Complications:
 				-->
-	<target host="donate.fsf.org" />
-	<target host="patron.fsf.org" />
-
 	<target host="bugs.gnewsense.org" />
 
 
-		<!--	These paths redirect to http:
-
-				- $
-				- cart/$
-				- category/\w+/$
-				- product/\w+/$
-
-			There may be more than are handled here that don't.
-						-->
-		<exclusion pattern="^http://shop\.fsf\.org/(?!faq/$|jf$|static/|termsofsale/$)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://shop.fsf.org/cart/" />
-			<test url="http://shop.fsf.org/category/gnu-gear/" />
-			<test url="http://shop.fsf.org/category/signed/" />
-			<test url="http://shop.fsf.org/product/Introduction_to_Command_Line/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://shop.fsf.org/faq/" />
-			<test url="http://shop.fsf.org/jf" />
-			<test url="http://shop.fsf.org/termsofsale/" />
-
-		<!--exclusion pattern="^http://specialk\.nongnu\.org/" /-->
-
-
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^my\.fsf\.org$" name="^_ZopeId$" /-->
@@ -114,19 +59,6 @@
 		-->
 	<securecookie host="^(?:\.crm|my|status)\.fsf\.org$" name=".+" />
 
-
-	<!--	- Shows www's data over https
-		- 301s like so over http
-						-->
-	<rule from="^http://donate\.fsf\.org/"
-		to="https://my.fsf.org/donate/" />
-
-	<!--	- Shows www data over https
-		- Redirects like so over http
-			-->
-	<rule from="^http://patron\.fsf\.org/"
-		to="https://www.fsf.org/patrons" />
-
 	<!--	Redirects like so.
 					-->
 	<rule from="^http://bugs\.gnewsense\.org/.*"
@@ -134,7 +66,6 @@
 
 		<test url="http://bugs.gnewsense.org//" />
 
-        <rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FSFE.org.xml b/src/chrome/content/rules/FSFE.org.xml
index d65bd1c8672a..c4e09a15d9ad 100644
--- a/src/chrome/content/rules/FSFE.org.xml
+++ b/src/chrome/content/rules/FSFE.org.xml
@@ -30,7 +30,7 @@ Fetch error: http://vote.fsfe.org/ => https://vote.fsfe.org/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="FSFE.org (partial)" default_off='failed ruleset test'>
+<ruleset name="FSFE.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FSFEurope.org.xml b/src/chrome/content/rules/FSFEurope.org.xml
index f5ff47415118..5b34efa0785e 100644
--- a/src/chrome/content/rules/FSFEurope.org.xml
+++ b/src/chrome/content/rules/FSFEurope.org.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.fsfeurope.org/ => https://www.fsfeurope.org/: (51, "SSL:
 	For other Free Software Foundation Europe coverage, see FSFE.org.xml.
 
 -->
-<ruleset name="FSFEurope.org (partial)" default_off='failed ruleset test'>
+<ruleset name="FSFEurope.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FSU.edu.xml b/src/chrome/content/rules/FSU.edu.xml
index 959e8f434ce0..ce6852694f96 100644
--- a/src/chrome/content/rules/FSU.edu.xml
+++ b/src/chrome/content/rules/FSU.edu.xml
@@ -73,7 +73,22 @@
 <ruleset name="FSU.edu (partial)">
 
 	<target host="fsu.edu" />
-	<target host="*.fsu.edu" />
+	<target host="admissions.fsu.edu" />
+	<target host="www.admissions.fsu.edu" />
+	<target host="campus.fsu.edu" />
+	<target host="cas.fsu.edu" />
+	<target host="service.cs.fsu.edu" />
+	<target host="system.cs.fsu.edu" />
+	<target host="webmail.cs.fsu.edu" />
+	<target host="www.cs.fsu.edu" />
+	<target host="financialaid.fsu.edu" />
+	<target host="foundation.fsu.edu" />
+	<target host="my.fsu.edu" />
+	<target host="www.my.fsu.edu" />
+	<target host="one.fsu.edu" />
+	<target host="registrar.fsu.edu" />
+	<target host="www.registrar.fsu.edu" />
+	<target host="www.fsu.edu" />
 
 
 	<!--	Not secured by server:
@@ -94,7 +109,6 @@
 	<securecookie host="^(?:(?:www\.)?admissions|campus|cas|w(?:ebmail|ww)\.cs|foundation|(?:www\.)?my|one|(?:apps|cfprd)\.oti|(?:www\.)?registrar)\.fsu\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:(?:www\.)?admissions|campus|cas|(?:service|system|webmail|www1?)\.cs|financialaid|foundation|(?:www\.)?my|one|(?:cfprd|apps)\.oti|(?:www\.)?registrar|www)\.)?fsu\.edu/"
-		to="https://$1fsu.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FSharp.org.xml b/src/chrome/content/rules/FSharp.org.xml
new file mode 100644
index 000000000000..38c4613a7275
--- /dev/null
+++ b/src/chrome/content/rules/FSharp.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		community.fsharp.org
+		foundation.fsharp.org
+-->
+<ruleset name="FSharp.org">
+
+	<target host="fsharp.org" />
+	<target host="www.fsharp.org" />
+	<target host="forums.fsharp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.fsharp.org/,
+	http://www.fsharp.org/ redirects to http://fsharp.org/. -->
+	<rule from="^http://www\.fsharp\.org/"
+		to="https://fsharp.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FTL_Game.com.xml b/src/chrome/content/rules/FTL_Game.com.xml
index 6b81910c41b0..409d39889208 100644
--- a/src/chrome/content/rules/FTL_Game.com.xml
+++ b/src/chrome/content/rules/FTL_Game.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://ftlgame.com/ => https://ftlgame.com/: (7, 'Failed to connect
 	* Secured by us
 
 -->
-<ruleset name="FTL Game.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FTL Game.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ftlgame.com" />
 	<target host="www.ftlgame.com" />
diff --git a/src/chrome/content/rules/FX_Prime.com.xml b/src/chrome/content/rules/FX_Prime.com.xml
index 99debfdce9ad..195f84ab5e94 100644
--- a/src/chrome/content/rules/FX_Prime.com.xml
+++ b/src/chrome/content/rules/FX_Prime.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://mirror.fxprime.com/ => https://mirror.fxprime.com/: (28, 'Co
 		- mirror
 
 -->
-<ruleset name="FX Prime.com" default_off='failed ruleset test'>
+<ruleset name="FX Prime.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FX_Systems.xml b/src/chrome/content/rules/FX_Systems.xml
index eae3af51ccff..85876225651e 100644
--- a/src/chrome/content/rules/FX_Systems.xml
+++ b/src/chrome/content/rules/FX_Systems.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.fxsystems.com/ => https://www.fxsystems.com/: (7, 'Faile
 Disabled by https-everywhere-checker because:
 Fetch error: http://fxsystems.com/ => https://fxsystems.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fxsystems.com'")
 -->
-<ruleset name="FX Systems" default_off='failed ruleset test'>
+<ruleset name="FX Systems" default_off="failed ruleset test">
 
 	<target host="fxsystems.com" />
 	<target host="www.fxsystems.com" />
@@ -18,4 +18,4 @@ Fetch error: http://fxsystems.com/ => https://fxsystems.com/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FabLab_Tacoma.xml b/src/chrome/content/rules/FabLab_Tacoma.xml
index 89dd26d9c26f..6ac372b63d84 100644
--- a/src/chrome/content/rules/FabLab_Tacoma.xml
+++ b/src/chrome/content/rules/FabLab_Tacoma.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fabricatorz.xml b/src/chrome/content/rules/Fabricatorz.xml
index e31692cc5453..57de986c9bc4 100644
--- a/src/chrome/content/rules/Fabricatorz.xml
+++ b/src/chrome/content/rules/Fabricatorz.xml
@@ -8,10 +8,11 @@ Fetch error: http://fabricatorz.com/ => https://fabricatorz.com/: (51, "SSL: no
 		- ^	(mismatched)
 
 -->
-<ruleset name="Fabricatorz" default_off='failed ruleset test'>
+<ruleset name="Fabricatorz" default_off="failed ruleset test">
 
 	<target host="fabricatorz.com" />
-	<target host="*.fabricatorz.com" />
+	<target host="private.fabricatorz.com" />
+	<target host="www.fabricatorz.com" />
 
 
 	<securecookie host="^fabricatorz\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Facebook.xml b/src/chrome/content/rules/Facebook.xml
index 24793601c7f3..36a86a53828e 100644
--- a/src/chrome/content/rules/Facebook.xml
+++ b/src/chrome/content/rules/Facebook.xml
@@ -6,7 +6,6 @@
 		- Fb.com.xml
 		- Messenger.com.xml
 		- PrivateCore.com.xml
-		- FacebookCoreWWWi.onion.xml
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/FacebookCoreWWWi.onion.xml b/src/chrome/content/rules/FacebookCoreWWWi.onion.xml
index 27e62a7d2f5c..e9b74393eeb5 100644
--- a/src/chrome/content/rules/FacebookCoreWWWi.onion.xml
+++ b/src/chrome/content/rules/FacebookCoreWWWi.onion.xml
@@ -1,10 +1,10 @@
 <!--
 	For other Facebook coverage, see Facebook.xml.
 
-	This ruleset covers Facebook hidden services on Tor.
+	This ruleset covers Facebook onion services on Tor.
 
 -->
-<ruleset name="Facebook Hidden Service">
+<ruleset name="Facebook Onion Service">
 
 	<target host="facebookcorewwwi.onion" />
 	<target host="*.facebookcorewwwi.onion" />
diff --git a/src/chrome/content/rules/Facebook_Studio.xml b/src/chrome/content/rules/Facebook_Studio.xml
index f7f27a2e0673..4d3d3458eab9 100644
--- a/src/chrome/content/rules/Facebook_Studio.xml
+++ b/src/chrome/content/rules/Facebook_Studio.xml
@@ -11,7 +11,7 @@ Fetch error: http://facebook-studio.com/ => https://www.facebook-studio.com/: (5
 	 ^facebook-studio.com: Cert only matches *.facebook-studio.com
 
 -->
-<ruleset name="Facebook-Studio.com" default_off='failed ruleset test'>
+<ruleset name="Facebook-Studio.com" default_off="failed ruleset test">
 
 	<target host="facebook-studio.com" />
 	<target host="*.facebook-studio.com" />
diff --git a/src/chrome/content/rules/Facebook_ccTLDs.xml b/src/chrome/content/rules/Facebook_ccTLDs.xml
index 821813ffa647..892e13b578aa 100644
--- a/src/chrome/content/rules/Facebook_ccTLDs.xml
+++ b/src/chrome/content/rules/Facebook_ccTLDs.xml
@@ -75,7 +75,7 @@
 		        -->
         <rule from="^http://(?:fr-fr\.|www\.)?facebook\.fr/"
                 to="https://fr-fr.facebook.com/"/>
-	
+
 	<!--	Ditto.
 			-->
 	<rule from="^http://(?:ja-jp\.|www\.)?facebook\.jp/"
diff --git a/src/chrome/content/rules/Facepunch.com.xml b/src/chrome/content/rules/Facepunch.com.xml
index a3bc6774e477..06eb961c7ec8 100644
--- a/src/chrome/content/rules/Facepunch.com.xml
+++ b/src/chrome/content/rules/Facepunch.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://wiki.facepunch.com/ => https://wiki.facepunch.com/: (28, 'Co
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Facepunch.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Facepunch.com (partial)" default_off="failed ruleset test">
 
 	<target host="facepunch.com" />
 	<target host="lab.facepunch.com" />
diff --git a/src/chrome/content/rules/Facetz.net.xml b/src/chrome/content/rules/Facetz.net.xml
deleted file mode 100644
index 7ec9ca9afab8..000000000000
--- a/src/chrome/content/rules/Facetz.net.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Web bugs.
-
-
-	Insecure cookies are set for these domains:
-
-		- .facetz.net
-
--->
-<ruleset name="facetz.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="front.facetz.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.facetz\.net$" name="^uuid$" /-->
-
-	<securecookie host="^\.facetz\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FactWire.org.xml b/src/chrome/content/rules/FactWire.org.xml
new file mode 100644
index 000000000000..bead08b9510d
--- /dev/null
+++ b/src/chrome/content/rules/FactWire.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- office.factwire.org
+		- www2.factwire.org
+-->
+<ruleset name="FactWire.org">
+	<target host="factwire.org" />
+	<target host="www.factwire.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Factiva.com.xml b/src/chrome/content/rules/Factiva.com.xml
new file mode 100644
index 000000000000..c9a1bba42b15
--- /dev/null
+++ b/src/chrome/content/rules/Factiva.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Connection reset:
+		- customer.kb.factiva.com
+
+	Invalid certificate:
+		- factiva.com, equivalent to www.factiva.com
+		- de.factiva.com, equivalent to www.factiva.com
+		- dfweb4.global.factiva.com
+
+	Expired:
+		logos.int.factiva.com
+-->
+<ruleset name="Factiva.com">
+	<target host="factiva.com" />
+	<target host="www.factiva.com" />
+	<target host="customer.factiva.com" />
+	<target host="de.factiva.com" />
+	<target host="developer.factiva.com" />
+	<target host="global.factiva.com" />
+	<target host="jp.factiva.com" />
+	<target host="viewer.factiva.com" />
+	<target host="widgets.factiva.com" />
+
+	<securecookie host="^.*\.factiva\.com$" name=".+" />
+
+	<rule from="^http://(de\.)?factiva\.com/"
+		to="https://www.factiva.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Factorable.net.xml b/src/chrome/content/rules/Factorable.net.xml
index 954307a9cfb3..28dc86ffa514 100644
--- a/src/chrome/content/rules/Factorable.net.xml
+++ b/src/chrome/content/rules/Factorable.net.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Factory_Expo_Home_Centers.xml b/src/chrome/content/rules/Factory_Expo_Home_Centers.xml
index d8f1a4663632..d8f29d2e7207 100644
--- a/src/chrome/content/rules/Factory_Expo_Home_Centers.xml
+++ b/src/chrome/content/rules/Factory_Expo_Home_Centers.xml
@@ -3,46 +3,42 @@
 
 		- Park_Models_Direct.xml
 
-
 	Nonfunctional domains:
+		SSL errors:
+		- prestigehomes.com
+		- www.prestigehomes.com
 
-		- (www.)prestigehomes.com	(502)
-
+		Mismatched:
+		- factorydirectcabins.com
+		- www.factorydirectcabins.com
 -->
 <ruleset name="Factory Expo Home Centers">
 
 	<target host="azchampion.com" />
-	<target host="*.azchampion.com" />
+	<target host="www.azchampion.com" />
 	<target host="cimacorp.net" />
 	<target host="www.cimacorp.net" />
 	<target host="expohomes.com" />
-	<target host="*.expohomes.com" />
+	<target host="www.expohomes.com" />
 	<target host="expomobilehomes.com" />
-	<target host="*.expomobilehomes.com" />
-	<target host="factorydirectcabins.com" />
-	<target host="*.factorydirectcabins.com" />
+	<target host="www.expomobilehomes.com" />
 	<target host="factoryexpo.net" />
-	<target host="*.factoryexpo.net" />
+	<target host="www.factoryexpo.net" />
 	<target host="factoryexpodirect.com" />
-	<target host="*.factoryexpodirect.com" />
+	<target host="www.factoryexpodirect.com" />
 	<target host="factoryexpohomes.com" />
-	<target host="*.factoryexpohomes.com" />
+	<target host="www.factoryexpohomes.com" />
 	<target host="factoryhomesale.com" />
 	<target host="www.factoryhomesale.com" />
 	<target host="factoryselecthomes.com" />
-	<target host="*.factoryselecthomes.com" />
+	<target host="www.factoryselecthomes.com" />
 	<target host="fbhexpo.com" />
-	<target host="*.fbhexpo.com" />
-
+	<target host="www.fbhexpo.com" />
 
-	<securecookie host="^(?:.*\.)?(?:azchampion|expo(?:mobile)?homes|factory(?:directcabins|expo(?:direct|expohomes|mobilehomes)|homesale|selecthomes)|fbhexpo)\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?(?:cimacorp|factoryexpo)\.net$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?(azchampion|expo(?:mobile)?homes|factory(?:directcabins|expo(?:direct|expohomes|mobilehomes)|homesale|selecthomes)|fbhexpo)\.com/"
-		to="https://$1$2.com/" />
 
-	<rule from="^http://(www\.)?(cimacorp|factoryexpo)\.net/"
-		to="https://$1$2.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fail2ban.org.xml b/src/chrome/content/rules/Fail2ban.org.xml
index 73c64973a6bc..fc1736d5d4af 100644
--- a/src/chrome/content/rules/Fail2ban.org.xml
+++ b/src/chrome/content/rules/Fail2ban.org.xml
@@ -1,4 +1,5 @@
 <ruleset name="Fail2ban.org">
+	<target host="fail2ban.org" />
 	<target host="www.fail2ban.org" />
 
 	<securecookie host=".+" name=".+" />
diff --git a/src/chrome/content/rules/Failure-Magazine.xml b/src/chrome/content/rules/Failure-Magazine.xml
index 703c276d9179..180efae4bd4e 100644
--- a/src/chrome/content/rules/Failure-Magazine.xml
+++ b/src/chrome/content/rules/Failure-Magazine.xml
@@ -3,9 +3,10 @@
 	<!--	all: cert: *.gridserver.com	-->
 	<target host="failuremag.com"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.failuremag.com"/>
+	<target host="origin.failuremag.com" />
+	<target host="www.failuremag.com" />
 
-	<securecookie host="^(?:.*\.)?failuremag\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:origin\.|www\.)?failuremag\.com/"
 		to="https://failuremag.com/"/>
diff --git a/src/chrome/content/rules/FairSSL.se.xml b/src/chrome/content/rules/FairSSL.se.xml
deleted file mode 100644
index a02577310e67..000000000000
--- a/src/chrome/content/rules/FairSSL.se.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	^fairssl.se: Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.fairssl.se
-
--->
-<ruleset name="FairSSL.se">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.fairssl.se" />
-
-	<!--	Complications:
-				-->
-	<target host="fairssl.se" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.fairssl\.se$" name="^(PHPSESSID|ci_session|user_data)$" /-->
-
-	<securecookie host="^www\.fairssl\.se$" name=".+" />
-
-
-	<rule from="^http://fairssl\.se/"
-		to="https://www.fairssl.se/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FairWorkCommission.xml b/src/chrome/content/rules/FairWorkCommission.xml
index a6c2cbcc3d1d..323456b50387 100644
--- a/src/chrome/content/rules/FairWorkCommission.xml
+++ b/src/chrome/content/rules/FairWorkCommission.xml
@@ -1,7 +1,7 @@
 <ruleset name="Fair Work Commission">
 	<target host="fwc.gov.au" />
-	<target host="*.fwc.gov.au" />
+	<target host="www.fwc.gov.au" />
 
 	<rule from="^http://(?:www\.)?fwc\.gov\.au/"
 		to="https://www.fwc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FairWorkOmbudsman.xml b/src/chrome/content/rules/FairWorkOmbudsman.xml
index 1b8ebd42fed8..896452500b63 100644
--- a/src/chrome/content/rules/FairWorkOmbudsman.xml
+++ b/src/chrome/content/rules/FairWorkOmbudsman.xml
@@ -1,7 +1,7 @@
 <ruleset name="Fair Work Ombudsman">
 	<target host="fairwork.gov.au" />
-	<target host="*.fairwork.gov.au" />
+	<target host="www.fairwork.gov.au" />
 
 	<rule from="^http://(?:www\.)?fairwork\.gov\.au/"
 		to="https://www.fairwork.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fairfax-Digital.xml b/src/chrome/content/rules/Fairfax-Digital.xml
index c0e89257af9c..2abceeb90c5d 100644
--- a/src/chrome/content/rules/Fairfax-Digital.xml
+++ b/src/chrome/content/rules/Fairfax-Digital.xml
@@ -50,7 +50,7 @@ Fetch error: http://ads.afraccess.com/ => https://ads.afraccess.com/: (28, 'Conn
 		- (www.)theage.com.au			(ditto)
 
 -->
-<ruleset name="Fairfax Digital (partial)" default_off='failed ruleset test'>
+<ruleset name="Fairfax Digital (partial)" default_off="failed ruleset test">
 
 	<target host="ads.afraccess.com" />
 	<target host="membercentre.fairfax.com.au" />
diff --git a/src/chrome/content/rules/Fairfax_Public_Access.xml b/src/chrome/content/rules/Fairfax_Public_Access.xml
index 98efea1b82d0..23e35c45f3fa 100644
--- a/src/chrome/content/rules/Fairfax_Public_Access.xml
+++ b/src/chrome/content/rules/Fairfax_Public_Access.xml
@@ -8,7 +8,7 @@
 <ruleset name="Fairfax Public Access">
 
 	<target host="fcac.org" />
-	<target host="*.fcac.org" />
+	<target host="www.fcac.org" />
 
 
 	<securecookie host="^\.fcac\.org$" name=".+" />
diff --git a/src/chrome/content/rules/FaithBooks.co.uk.xml b/src/chrome/content/rules/FaithBooks.co.uk.xml
new file mode 100644
index 000000000000..e0800f288db0
--- /dev/null
+++ b/src/chrome/content/rules/FaithBooks.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="FaithBooks.co.uk">
+	<target host="faithbooks.co.uk" />
+	<target host="www.faithbooks.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fakturownia.xml b/src/chrome/content/rules/Fakturownia.xml
index 8b31082b20a0..bea5cd3f838d 100644
--- a/src/chrome/content/rules/Fakturownia.xml
+++ b/src/chrome/content/rules/Fakturownia.xml
@@ -27,4 +27,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Falcon-UAV.com.xml b/src/chrome/content/rules/Falcon-UAV.com.xml
index 80a0a71fe919..80fd345abec8 100644
--- a/src/chrome/content/rules/Falcon-UAV.com.xml
+++ b/src/chrome/content/rules/Falcon-UAV.com.xml
@@ -1,7 +1,7 @@
 <!--
 	^: Refused
 	www CN: *.squarespace.com
-		
+
 -->
 <ruleset name="Falcon-UAV.com (partial)" default_off="mismatched">
 
diff --git a/src/chrome/content/rules/Familie-redlich.xml b/src/chrome/content/rules/Familie-redlich.xml
index ce64ca449cea..e36b17212a49 100644
--- a/src/chrome/content/rules/Familie-redlich.xml
+++ b/src/chrome/content/rules/Familie-redlich.xml
@@ -3,7 +3,9 @@
 	<!--	Cert: webserver.ispgateway.de
 						-->
 	<target host="familie-redlich.de" />
-	<target host="*.familie-redlich.de" />
+	<target host="systeme.familie-redlich.de" />
+	<target host="www.familie-redlich.de" />
+	<target host="www.systeme.familie-redlich.de" />
 
 
 	<securecookie host="^(?:systeme\.)?familie-redlich\.de$" name=".+" />
diff --git a/src/chrome/content/rules/Family-Christian-Stores.xml b/src/chrome/content/rules/Family-Christian-Stores.xml
index c2937d3dd2f3..66fb1a375d69 100644
--- a/src/chrome/content/rules/Family-Christian-Stores.xml
+++ b/src/chrome/content/rules/Family-Christian-Stores.xml
@@ -6,7 +6,7 @@ Fetch error: http://media.familychristian.com/ => https://media.familychristian.
 Fetch error: http://www.familychristian.com/ => https://www.familychristian.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Family Christian Stores" default_off='failed ruleset test'>
+<ruleset name="Family Christian Stores" default_off="failed ruleset test">
 
 	<target host="familychristian.com" />
 	<target host="media.familychristian.com" />
diff --git a/src/chrome/content/rules/FamilySearch.org.xml b/src/chrome/content/rules/FamilySearch.org.xml
index 5b3a9bb57cc3..fe54104f20f4 100644
--- a/src/chrome/content/rules/FamilySearch.org.xml
+++ b/src/chrome/content/rules/FamilySearch.org.xml
@@ -30,7 +30,7 @@ Fetch error: http://ident.familysearch.org/ => https://ident.familysearch.org/:
 		- indexing.familysearch.org
 
 -->
-<ruleset name="FamilySearch.org" default_off='failed ruleset test'>
+<ruleset name="FamilySearch.org" default_off="failed ruleset test">
 
 	<target host="familysearch.org" />
 	<target host="contact.familysearch.org" />
diff --git a/src/chrome/content/rules/FamousFolks.ca.xml b/src/chrome/content/rules/FamousFolks.ca.xml
new file mode 100644
index 000000000000..d4d7c633ba77
--- /dev/null
+++ b/src/chrome/content/rules/FamousFolks.ca.xml
@@ -0,0 +1,38 @@
+<!--
+	Active mixed content:
+		- cf.famousfolks.ca
+		- mccaincapitaldev.famousfolks.ca
+		- northstar.famousfolks.ca
+		- unclebens.famousfolks.ca
+	Invalid certificate:
+		- andovercapital.famousfolks.ca
+-->
+
+<ruleset name="FamousFolks.ca">
+	<target host="famousfolks.ca" />
+	<target host="www.famousfolks.ca" />
+	<target host="blueelephant.famousfolks.ca" />
+	<target host="blueelephant2.famousfolks.ca" />
+	<target host="edenpark.famousfolks.ca" />
+	<target host="flyjazz.famousfolks.ca" />
+	<target host="dev.flyjazz.famousfolks.ca" />
+	<target host="empericus.famousfolks.ca" />
+	<target host="flyjazzbeta.famousfolks.ca" />
+	<target host="flyjazzdev.famousfolks.ca" />
+	<target host="gardengangsters.famousfolks.ca" />
+	<target host="garrison.famousfolks.ca" />
+	<target host="host.famousfolks.ca" />
+	<target host="matchedashlofts.famousfolks.ca" />
+	<target host="mccaincapital.famousfolks.ca" />
+	<target host="mscience.famousfolks.ca" />
+	<target host="dev.mscience.famousfolks.ca" />
+	<target host="nutro.famousfolks.ca" />
+	<target host="scaffolding.famousfolks.ca" />
+	<target host="shecann.famousfolks.ca" />
+	<target host="dev.shecann.famousfolks.ca" />
+	<target host="skyhi.famousfolks.ca" />
+	<target host="ulnooweg.famousfolks.ca" />
+	<target host="yourrighttoknow.famousfolks.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fan.tv.xml b/src/chrome/content/rules/Fan.tv.xml
deleted file mode 100644
index 000a73bb8b4f..000000000000
--- a/src/chrome/content/rules/Fan.tv.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-		- blog.fan.tv
-
-		SSL peer certificate was not OK:
-		- fan.tv
--->
-<ruleset name="Fan.tv">
-	<target host="fan.tv" />
-	<target host="www.fan.tv" />
-	<target host="api.fan.tv" />
-	<target host="apidocs.fan.tv" />
-	<target host="developer.fan.tv" />
-	<target host="m.fan.tv" />
-	<target host="platform.fan.tv" />
-	<target host="support.fan.tv" />
-
-	<rule from="^http://fan\.tv/"
-			to="https://www.fan.tv/" />
-
-	<rule from="^http:" 
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Fanatics.xml b/src/chrome/content/rules/Fanatics.xml
index a3b1c838da65..b33faa449937 100644
--- a/src/chrome/content/rules/Fanatics.xml
+++ b/src/chrome/content/rules/Fanatics.xml
@@ -7,7 +7,8 @@
 <ruleset name="Fanatics (partial)">
 
 	<target host="fanatics.com" />
-	<target host="*.fanatics.com" />
+	<target host="www.fanatics.com" />
+	<target host="st.fanatics.com" />
 
 
 	<securecookie host="^st\.fanatics\.com$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://st\.fanatics\.com/"
 		to="https://st.fanatics.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fanboy.xml b/src/chrome/content/rules/Fanboy.xml
index 0a03e83afe3f..fa9c51700982 100644
--- a/src/chrome/content/rules/Fanboy.xml
+++ b/src/chrome/content/rules/Fanboy.xml
@@ -23,7 +23,7 @@ Fetch error: http://forums.fanboy.co.nz/ => https://forums.fanboy.co.nz/: (6, 'C
 		- .fanboy.co.nz
 
 -->
-<ruleset name="Fanboy.co.nz" default_off='failed ruleset test'>
+<ruleset name="Fanboy.co.nz" default_off="failed ruleset test">
 
 	<target host="fanboy.co.nz" />
 	<target host="forums.fanboy.co.nz" />
diff --git a/src/chrome/content/rules/Fandago.xml b/src/chrome/content/rules/Fandago.xml
index 532d16d24951..7636a3cabb72 100644
--- a/src/chrome/content/rules/Fandago.xml
+++ b/src/chrome/content/rules/Fandago.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://fandago.com/ => https://fandago.com/: Redirect for 'http://famdengo.com' missing Location
 Fetch error: http://www.fandago.com/ => https://www.fandago.com/: Redirect for 'http://famdengo.com' missing Location
 -->
-<ruleset name="Fandago" default_off='failed ruleset test'>
+<ruleset name="Fandago" default_off="failed ruleset test">
 
 	<target host="fandago.com" />
 	<target host="www.fandago.com" />
diff --git a/src/chrome/content/rules/Fandango.xml b/src/chrome/content/rules/Fandango.xml
index ca16295aca58..df6517881c23 100644
--- a/src/chrome/content/rules/Fandango.xml
+++ b/src/chrome/content/rules/Fandango.xml
@@ -9,7 +9,7 @@ Fetch error: http://statf.com/ => https://a248.e.akamai.net/f/248/9057/1d/conten
 	For other Comcast coverage, see Comcast.xml.
 
 -->
-<ruleset name="Fandango (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Fandango (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fandango.com"/>
 	<target host="content.fandango.com"/>
diff --git a/src/chrome/content/rules/Fanhattan.com.xml b/src/chrome/content/rules/Fanhattan.com.xml
deleted file mode 100644
index 4374470bfc3c..000000000000
--- a/src/chrome/content/rules/Fanhattan.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-		- cdn.fanhattan.com
-		- status.fanhattan.com
-
-		4xx client error:
-		- api.fanhattan.com
-		- api-android.fanhattan.com
-		- api-ipad.fanhattan.com
-		- api-iphone.fanhattan.com
-		- docs.fanhattan.com
-		- web.fanhattan.com
--->
-<ruleset name="Fanhattan.com">
-	<target host="fanhattan.com" />
-	<target host="www.fanhattan.com" />
-	<target host="fhadmin.fanhattan.com" />
-	<target host="fhalidator.fanhattan.com" />
-	<target host="help.fanhattan.com" />
-	<target host="http-redir.fanhattan.com" />
-	<target host="redirect.fanhattan.com" />
-	<target host="serv-validator-dev.fanhattan.com" />
-	<target host="serv-www-dev.fanhattan.com" />
-	<target host="serv-wwwm-dev.fanhattan.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Fanli.com.xml b/src/chrome/content/rules/Fanli.com.xml
index 4d38f4d57300..bc81b82cc47d 100644
--- a/src/chrome/content/rules/Fanli.com.xml
+++ b/src/chrome/content/rules/Fanli.com.xml
@@ -2,47 +2,32 @@
 	Other Fanli rulesets:
 		- 51fanli.net.xml
 
+	CI test error:
+		ubt[0-9].fanli.com
+
 	MCB:
-		- (www.)?
-		- 9
-		- f
-		- fun	( test: https://fun.fanli.com/topheader/www.51fanli.com )
-		- gongyi
-		- help
-		- huodong
-		- passport
-		- super
-		- taobao
-		- travel
-		- xiaozu
-		- zhide
+		gongyi.fanli.com
 -->
-
 <ruleset name="Fanli.com">
-
-	<target host="passport.fanli.com" />
-		<exclusion pattern="^http://passport\.fanli\.com/invite" />
-		<test url="http://passport.fanli.com/invite" />
-		<test url="http://passport.fanli.com/invite?ref=newindex" />
-
-		<test url="http://passport.fanli.com/invite/inviteInfo?p=1" />
-		<test url="http://passport.fanli.com/center/welcome" />
-
+	<target host="fanli.com" />
+	<target host="www.fanli.com" />
+	<target host="9.fanli.com" />
 	<target host="event.fanli.com" />
 		<test url="http://event.fanli.com/web/api/event/e/key/130809item3/action/click/" />
+	<target host="f.fanli.com" />
+	<target host="fun.fanli.com" />
+		<test url="http://fun.fanli.com/topheader/www.51fanli.com" />
 	<target host="haitao.fanli.com" />
+	<target host="help.fanli.com" />
+	<target host="huodong.fanli.com" />
+		<test url="http://huodong.fanli.com/webapp/smartphone" />
 	<target host="m.fanli.com" />
-	<target host="quan.fanli.com" />
-	<target host="ubt0.fanli.com" />
-	<target host="ubt1.fanli.com" />
-	<target host="ubt2.fanli.com" />
-	<target host="ubt3.fanli.com" />
-	<target host="ubt4.fanli.com" />
-	<target host="ubt5.fanli.com" />
-	<target host="ubt6.fanli.com" />
-	<target host="ubt7.fanli.com" />
-	<target host="ubt8.fanli.com" />
-	<target host="ubt9.fanli.com" />
+	<target host="passport.fanli.com" />
+	<target host="super.fanli.com" />
+	<target host="taobao.fanli.com" />
+	<target host="travel.fanli.com" />
+	<target host="xiaozu.fanli.com" />
+	<target host="zhide.fanli.com" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fanoe.dk.xml b/src/chrome/content/rules/Fanoe.dk.xml
index b95d31040eb2..f9e7012364dc 100644
--- a/src/chrome/content/rules/Fanoe.dk.xml
+++ b/src/chrome/content/rules/Fanoe.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://fanoe.dk/ => https://fanoe.dk/: (51, "SSL: no alternative ce
 Fetch error: http://www.fanoe.dk/ => https://www.fanoe.dk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fanoe.dk'")
 
 -->
-<ruleset name="Fanoe.dk" default_off='failed ruleset test'>
+<ruleset name="Fanoe.dk" default_off="failed ruleset test">
 
 	<target host="fanoe.dk" />
 	<target host="www.fanoe.dk" />
diff --git a/src/chrome/content/rules/Fantia.jp.xml b/src/chrome/content/rules/Fantia.jp.xml
new file mode 100644
index 000000000000..bca9933d0675
--- /dev/null
+++ b/src/chrome/content/rules/Fantia.jp.xml
@@ -0,0 +1,10 @@
+<ruleset name="Fantia.jp">
+	<target host="fantia.jp" />
+	<target host="www.fantia.jp" />
+	<target host="help.fantia.jp" />
+	<target host="spotlight.fantia.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fark.xml b/src/chrome/content/rules/Fark.xml
index a2d71f99a7e5..8b2fd04b7fa9 100644
--- a/src/chrome/content/rules/Fark.xml
+++ b/src/chrome/content/rules/Fark.xml
@@ -1,85 +1,29 @@
 <!--
-	Disabled per https://trac.torproject.org/projects/tor/ticket/15763
-	Some pages redirect to http
+	Invalid certificate:
+		go.fark.net
 
-
-	Nonfunctional hosts in *fark.com:
-
-		- beerspill ʳ
-
-	ʳ Refused
+	See https://trac.torproject.org/projects/tor/ticket/15763
 
 -->
-<ruleset name="Fark (partial)" default_off="testing">
+<ruleset name="Fark">
 
+	<!-- Fark.com -->
 	<target host="fark.com" />
+	<target host="www.fark.com" />
 	<target host="app.fark.com" />
+	<target host="beerspill.fark.com" />
 	<target host="beta.fark.com" />
-	<!--target host="m.beta.fark.com" /-->
-	<!--target host="deals.fark.com" /-->
-	<target host="gw.fark.com" />
+	<target host="m.beta.fark.com" />
 	<target host="m.fark.com" />
-	<target host="ssl.fark.com" />
 	<target host="total.fark.com" />
 	<target host="m.total.fark.com" />
-	<!--target host="totalbeta.fark.com" /-->
-	<!--target host="m.totalbeta.fark.com" /-->
-	<target host="www.fark.com" />
+	<target host="totalbeta.fark.com" />
+	<target host="m.totalbeta.fark.com" />
 
+	<!-- Fark.net -->
 	<target host="img.fark.net" />
-	<!--target host="imgbeta.fark.net" /-->
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.fark\.com/(?:$|blog$|comments$|comments/\d+/[\w-]+$|feedback$|quiz$|psbrowser$|users$)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://(?:www\.)?fark\.com/(?!/*(?:(?:barefarksignup|forgotpassword|ll|newuser|submit)(?:$|[?/])|css/|js/.+\.css(?:$|\?)))" /-->
-		<!--
-			Reduce non-Tor distinguishability:
-								-->
-		<exclusion pattern="^http://(?:www\.)?fark\.com/(?!/*(?:(?:barefarksignup|forgotpassword|newuser|submit)(?:$|[?/])))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.fark.com/blog" />
-			<test url="http://www.fark.com/comments" />
-			<test url="http://www.fark.com/comments/9169956/Dear-Work-Advice-Columnist-Im-a-man-whos-surrounded-by-female-co-workers-flaunting-their-cleavage-at-me-but-everybody-freaks-out-if-I-unbutton-more-than-top-button-of-my-shirt-Am-I-being-oppressed" />
-			<test url="http://www.fark.com/farkus/" />
-			<test url="http://www.fark.com/farq/" />
-			<test url="http://www.fark.com/feedback" />
-			<test url="http://www.fark.com/psbrowser" />
-			<test url="http://www.fark.com/quiz" />
-			<test url="http://www.fark.com/top/links/" />
-			<test url="http://www.fark.com/totalfarksample" />
-			<test url="http://www.fark.com/users" />
-			<test url="http://www.fark.com/video/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.fark.com/barefarksignup" />
-			<!--
-			<test url="http://www.fark.com/css/jquery-ui.min.css" />
-			-->
-			<test url="http://www.fark.com/forgotpassword" />
-			<!--
-			<test url="http://www.fark.com/js/joyride/joyride-2.1.css" />
-			<test url="http://www.fark.com/ll" />
-			-->
-			<test url="http://www.fark.com/newuser" />
-			<test url="http://www.fark.com/submit" />
-			<test url="http://www.fark.com/submit/" />
-
-		<!--
-		<test url="http://img.fark.net/imagesnoc/trans.gif?usertype=Lurker" />
-		-->
-
-
-	<securecookie host="^\." name="^_(?:_qca$|gat?$|gat_)" />
-	<securecookie host="^\w" name="^__utm" />
-	<securecookie host="^[^.f]" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Faround.net.xml b/src/chrome/content/rules/Faround.net.xml
index b0ae94e82049..ae67b3b41a6c 100644
--- a/src/chrome/content/rules/Faround.net.xml
+++ b/src/chrome/content/rules/Faround.net.xml
@@ -21,10 +21,10 @@ Non-2xx HTTP code: http://faround.net/ (200) => https://www.faround.net/ (403)
 	* Secured by us
 
 -->
-<ruleset name="Faround.net (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Faround.net (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="faround.net" />
-	<target host="*.faround.net" />
+	<target host="www.faround.net" />
 
 
 	<securecookie host="^(?:www)?\.faround\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Fashion_Dip.xml b/src/chrome/content/rules/Fashion_Dip.xml
deleted file mode 100644
index 4bbd997f3606..000000000000
--- a/src/chrome/content/rules/Fashion_Dip.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Fashion Dip">
-
-	<target host="fashiondip.com" />
-	<target host="www.fashiondip.com" />
-
-
-	<securecookie host="^(?:w*\.)?fashiondip\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fass.se.xml b/src/chrome/content/rules/Fass.se.xml
index 49cb53f41a4c..234c7f529cda 100644
--- a/src/chrome/content/rules/Fass.se.xml
+++ b/src/chrome/content/rules/Fass.se.xml
@@ -1,8 +1,19 @@
-<!-- medica info.. medical info should be private -->
+<!--
+	Problematic subdomains:
+
+		- dtd.fass.se (403)
+		- admin.fass.se ("not enough values to unpack")
+-->
 <ruleset name="Fass.se">
 	<target host="fass.se" />
 	<target host="www.fass.se" />
-	<rule from="^http://fass\.se/" to="https://www.fass.se/"/>
-	<rule from="^http://www\.fass\.se/" to="https://www.fass.se/"/>
+	<target host="akademi.fass.se" />
+	<target host="bok.fass.se" />
+	<target host="framtid.fass.se" />
+	<target host="m.fass.se" />
+	<target host="mobil.fass.se" />
+	<target host="webservice.fass.se" />
+	<target host="ws.fass.se" />
+	
+	<rule from="^http:" to="https:"/>
 </ruleset>
-
diff --git a/src/chrome/content/rules/Fast-Company.xml b/src/chrome/content/rules/Fast-Company.xml
index 6219e48d863d..716a11dcbf9f 100644
--- a/src/chrome/content/rules/Fast-Company.xml
+++ b/src/chrome/content/rules/Fast-Company.xml
@@ -1,8 +1,12 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://m.fastcompany.com/ => https://m.fastcompany.com/: (6, 'Could not resolve host: m.fastcompany.com')
+
 	Other Fast Company rulesets:
 
 		- Fast_Co_Design.com.xml
-		- Fast_Company.net.xml
 
 
 	Nonfunctional subdomains:
@@ -26,7 +30,7 @@
 
 	<!--	Direct rewrites:
 				-->
-	<target host="m.fastcompany.com" />
+	<!-- target host="m.fastcompany.com" /-->
 	<target host="magazine.fastcompany.com" />
 	<target host="www.fastcompany.com" />
 
diff --git a/src/chrome/content/rules/Fast-Web-Media.xml b/src/chrome/content/rules/Fast-Web-Media.xml
index 2246405607d8..85c0b452b10d 100644
--- a/src/chrome/content/rules/Fast-Web-Media.xml
+++ b/src/chrome/content/rules/Fast-Web-Media.xml
@@ -16,7 +16,7 @@ Fetch error: http://fwmapps.co.uk/ => https://fwmapps.co.uk/: (6, 'Could not res
 		- (www.)fastwebmedia.gr
 
 -->
-<ruleset name="Fast Web Media (partial)" default_off='failed ruleset test'>
+<ruleset name="Fast Web Media (partial)" default_off="failed ruleset test">
 
 	<target host="fastwebmedia.com" />
 	<target host="www.fastwebmedia.com" />
@@ -35,4 +35,4 @@ Fetch error: http://fwmapps.co.uk/ => https://fwmapps.co.uk/: (6, 'Could not res
 	<rule from="^http://([\w\-]+\.)?fwmapps\.co\.uk/"
 		to="https://$1fwmapps.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fast.com.xml b/src/chrome/content/rules/Fast.com.xml
new file mode 100644
index 000000000000..2cb97446b85b
--- /dev/null
+++ b/src/chrome/content/rules/Fast.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Fast.com">
+	<target host="fast.com" />
+	<target host="www.fast.com" />
+	<target host="api.fast.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FastSpring-mismatches.xml b/src/chrome/content/rules/FastSpring-mismatches.xml
deleted file mode 100644
index 2c934c5a094e..000000000000
--- a/src/chrome/content/rules/FastSpring-mismatches.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules that are on by default, see FastSpring.xml.
-
--->
-<ruleset name="FastSpring (mismatches)" default_off="mismatched">
-
-	<target host="fastspringblog.com" />
-	<target host="www.fastspringblog.com" />
-
-
-	<!--	Cert: *.gridserver.com	-->
-	<rule from="^http://(?:www\.)?fastspringblog\.com/"
-		to="https://fastspringblog.com/" />
-
-	<!--	- Cert: www.saasy.com
-		- !www 301s to www
-					-->
-	<rule from="^http://(?:www\.)?fastspringstore\.com/"
-		to="https://www.fastspringstore.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FastSpring.com.xml b/src/chrome/content/rules/FastSpring.com.xml
new file mode 100644
index 000000000000..b1728f528f09
--- /dev/null
+++ b/src/chrome/content/rules/FastSpring.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- jira.fastspring.com
+
+		Mismatched:
+		- resource.fastspring.com
+-->
+<ruleset name="FastSpring.com (partial)">
+	<target host="fastspring.com" />
+	<target host="www.fastspring.com" />
+	<target host="go.fastspring.com" />
+	<target host="info.fastspring.com" />
+	<target host="jitbit.fastspring.com" />
+	<target host="sites.fastspring.com" />
+	<target host="springboard.fastspring.com" />
+	<target host="status.fastspring.com" />
+	<target host="support.fastspring.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FastSpring.xml b/src/chrome/content/rules/FastSpring.xml
deleted file mode 100644
index ae252af5e6ee..000000000000
--- a/src/chrome/content/rules/FastSpring.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	For problematic rules, see FastSpring-mismatches.xml.
-
-
-	CDN buckets:
-
-		- dcnz2rrcot657.cloudfront.net
-		- dxezhqhj7t42i.cloudfront.net
-		- resource.fastspring.com.s3.amazonaws.com
-
-
-	(www.)?fastspring.com: Refused
-
-
-	Problematic hosts in *fastspring.com:
-
-		- info ᵐ	(Hubspot)
-		- resource ᵐ	(AmazonAWS)
-
-	ᵐ Mismatched
-
--->
-<ruleset name="FastSpring (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="sites.fastspring.com" />
-	<target host="springboard.fastspring.com" />
-
-	<!--	Complications:
-				-->
-	<target host="resource.fastspring.com" />
-
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://resource\.fastspring\.com/"
-		to="https://s3.amazonaws.com/resource.fastspring.com/" />
-
-		<test url="http://resource.fastspring.com/app/store/style/base.css" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fast_Company.net.xml b/src/chrome/content/rules/Fast_Company.net.xml
deleted file mode 100644
index 9d9dadbbfe23..000000000000
--- a/src/chrome/content/rules/Fast_Company.net.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Fast Company coverage, see Fast-Company.xml
-
-
-	CDN buckets:
-
-		- d1ajghcs7o3h5q.cloudfront.net
-
-			- [a-h].fastcompany.net
-
--->
-<ruleset name="Fast Company.net">
-
-	<!--	Direct rewrites:
-				-->	
-	<target host="a.fastcompany.net" />
-	<target host="b.fastcompany.net" />
-	<target host="c.fastcompany.net" />
-	<target host="d.fastcompany.net" />
-	<target host="e.fastcompany.net" />
-	<target host="f.fastcompany.net" />
-	<target host="g.fastcompany.net" />
-	<target host="h.fastcompany.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fast_and_the_Furious.xml b/src/chrome/content/rules/Fast_and_the_Furious.xml
index fa18e2436742..b929c478be38 100644
--- a/src/chrome/content/rules/Fast_and_the_Furious.xml
+++ b/src/chrome/content/rules/Fast_and_the_Furious.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?thefastandthefurious\.com/"
 		to="https://www.thefastandthefurious.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fasthosts.xml b/src/chrome/content/rules/Fasthosts.xml
index 992f87023db2..da0e625654c3 100644
--- a/src/chrome/content/rules/Fasthosts.xml
+++ b/src/chrome/content/rules/Fasthosts.xml
@@ -10,37 +10,49 @@
 
 	<target host="fasthosts.co.uk" />
 	<target host="*.fasthosts.co.uk" />
+		<test url="http://admin.fasthosts.co.uk/" />
+		<test url="http://login.fasthosts.co.uk/" />
+		<test url="http://order.fasthosts.co.uk/" />
 	<target host="*.prositehosting.co.uk" />
 	<target host="ukreg.com" />
 	<target host="www.ukreg.com" />
 
-
 	<securecookie host="^.*\.fasthosts\.co\.uk$" name=".+" />
 	<securecookie host="^www\.ukreg\.com$" name=".+" />
 
+	<!--
+		2018 Update:
+		JS no longer in use at this path
 
-	<!--	https://trac.torproject.org/projects/tor/ticket/11373
+		https://trac.torproject.org/projects/tor/ticket/11373
 
 		Tracking script that redirects pages to http.
 
 		favicon picked simply because it is
 		(or should be) innocuous:
-						-->
-	<rule from="^https://www\.fasthosts\.co\.uk/js/track\.js"
-		to="https://www.fasthosts.co.uk/favicon.ico" />
+
+		<rule from="^https://www\.fasthosts\.co\.uk/js/track\.js"
+			to="https://www.fasthosts.co.uk/favicon.ico" />
+	-->
 
 	<!--	Cert only matches www.	-->
 	<rule from="^http://(?:www\.)?fasthosts\.co\.uk/"
 		to="https://www.fasthosts.co.uk/" />
 
-	<rule from="^http://(admin|login|order)\.fasthosts\.co\.uk/"
-		to="https://$1.fasthosts.co.uk/" />
-
-	<rule from="^http://secure(\d|1[0-3-9]|2[0-4]|5[26])\.prositehosting\.co\.uk/"
+	<rule from="^http://secure(\d|1[013-9]|2[0-4]|5[26])\.prositehosting\.co\.uk/"
 		to="https://secure$1.prositehosting.co.uk/" />
+		<test url="http://secure32.prositehosting.co.uk/" />
+		<test url="http://secure4.prositehosting.co.uk/" />
+		<test url="http://secure3.prositehosting.co.uk/" />
+		<test url="http://secure5.prositehosting.co.uk/" />
+		<test url="http://secure6.prositehosting.co.uk/" />
+		<test url="http://secure41.prositehosting.co.uk/" />
+		<test url="http://secure33.prositehosting.co.uk/" />
 
 	<!--	Cert only matches www.	-->
 	<rule from="^http://(?:www\.)?ukreg\.com/"
 		to="https://www.ukreg.com/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fastly.net.xml b/src/chrome/content/rules/Fastly.net.xml
index 154a43ad3f5c..424ea23daa27 100644
--- a/src/chrome/content/rules/Fastly.net.xml
+++ b/src/chrome/content/rules/Fastly.net.xml
@@ -32,7 +32,7 @@
 		<test url="http://www.example.com.global.prod.fastly.net/" />
 		<test url="http://www.loveholidays.com.global.prod.fastly.net/" />
 		<test url="http://www.cosmopolitan.com.global.prod.fastly.net/" />
-		
+
 		<exclusion pattern="^http://purge\.fastly\.net/" />
 		<test url="http://purge.fastly.net/" />
 		<!-- Discourse forum software uses a font for its icons. When the HTTP URL
diff --git a/src/chrome/content/rules/Fastmail.xml b/src/chrome/content/rules/Fastmail.xml
index b0048b7a954a..68fb968519d5 100644
--- a/src/chrome/content/rules/Fastmail.xml
+++ b/src/chrome/content/rules/Fastmail.xml
@@ -1,38 +1,44 @@
 <!--
 	Other Fastmail rulesets:
 
-		- Messagingengine.com.xml
+		- Listbox.xml
+		- Pobox.xml
+		- topicbox.com.xml 
+		- user.fm.xml
 
+	HSTS:
+
+		- fastmail.com
 
 	Problematic subdomains:
 
 		- fbl	 					(mismatched, CN: *.returnpath.net, returnpath.net )
-		- status 					(mismatched, CN: *.messagingengine.com, messagingengine.com)
 		- user-customized subdomains of fastmail.fm	(connection refused, e.g. fhapgood, artwork, startupguide)
 
+	More domains:
+
+		- https://www.fastmail.com/about/ourdomains.html
+		- fastmailteam.com
+		- *.user.fm
 -->
 <ruleset name="Fastmail (partial)">
-
-	<target host="fastmail.com" />
-	<target host="beta.fastmail.com" />
-	<target host="blog.fastmail.com" />
-	<target host="classic.fastmail.com" />
-	<target host="qa.fastmail.com" />
-
 	<target host="fastmail.fm" />
+	<target host="www.fastmail.fm" />
 	<target host="beta.fastmail.fm" />
-	<target host="classic.fastmail.fm" />
 	<target host="qa.fastmail.fm" />
-	<target host="www.fastmail.fm" />
+	<target host="status.fastmail.fm" />
 
+	<target host="fastmail.blog" />
+	<target host="www.fastmail.blog" />
 
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^\.(beta|qa|www)\.fastmail\.(com|fm)$" name="^_s$" /-->
+	<target host="www.fastmailfbl.com" />
+	
+	<target host="fastmailstatus.com" />
+	<target host="www.fastmailstatus.com" />
 
-	<securecookie host="^.*\.fastmail\.com$" name=".+" />
+	<target host="www.fastmailusercontent.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<target host="jmap.io" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FatCow-Web-Hosting.xml b/src/chrome/content/rules/FatCow-Web-Hosting.xml
index df98f3304703..3221fe577fd9 100644
--- a/src/chrome/content/rules/FatCow-Web-Hosting.xml
+++ b/src/chrome/content/rules/FatCow-Web-Hosting.xml
@@ -3,7 +3,7 @@
 	<target host="fatcow.com"/>
 	<target host="*.fatcow.com"/>
 
-	<securecookie host="^(?:.*\.)?fatcow\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!-- sometimes appends :443	-->
 	<rule from="^http://(\w+\.)?fatcow\.com(:443)?/"
diff --git a/src/chrome/content/rules/FaviconKit.com.xml b/src/chrome/content/rules/FaviconKit.com.xml
new file mode 100644
index 000000000000..ec383dac59c4
--- /dev/null
+++ b/src/chrome/content/rules/FaviconKit.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="FaviconKit.com">
+	<target host="faviconkit.com" />
+	<target host="www.faviconkit.com" />
+	<target host="api.faviconkit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FaxCritics.xml b/src/chrome/content/rules/FaxCritics.xml
deleted file mode 100644
index ff3732b4f81c..000000000000
--- a/src/chrome/content/rules/FaxCritics.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="FaxCritics">
-
-	<target host="faxcritics.com" />
-	<target host="www.faxcritics.com" />
-
-
-	<securecookie host="^\.faxcritics.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fax_Robot.com.xml b/src/chrome/content/rules/Fax_Robot.com.xml
index 0e38234922b8..2787141a2c6f 100644
--- a/src/chrome/content/rules/Fax_Robot.com.xml
+++ b/src/chrome/content/rules/Fax_Robot.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.faxrobot.com/ => https://www.faxrobot.com/: (28, 'Operat
 		- .faxrobot.com
 
 -->
-<ruleset name="Fax Robot.com" default_off='failed ruleset test'>
+<ruleset name="Fax Robot.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Fazekas.xml b/src/chrome/content/rules/Fazekas.xml
index 31dcdfcf1976..c00fef9a1c5c 100644
--- a/src/chrome/content/rules/Fazekas.xml
+++ b/src/chrome/content/rules/Fazekas.xml
@@ -5,7 +5,7 @@ Fetch error: http://fazekas.hu/ => https://fazekas.hu/: Too many redirects while
 Fetch error: http://www.fazekas.hu/ => https://fazekas.hu/: Too many redirects while fetching 'https://fazekas.hu/'
 
 -->
-<ruleset name="Fazekas" default_off='failed ruleset test'>
+<ruleset name="Fazekas" default_off="failed ruleset test">
 	<target host="fazekas.hu" />
 	<target host="www.fazekas.hu" />
 	<target host="sas.fazekas.hu" />
diff --git a/src/chrome/content/rules/Fb.com.xml b/src/chrome/content/rules/Fb.com.xml
index 946b630e0dc0..fd76cd32d114 100644
--- a/src/chrome/content/rules/Fb.com.xml
+++ b/src/chrome/content/rules/Fb.com.xml
@@ -5,7 +5,7 @@
 	Nonfunctional hosts in *fb.com:
 
 		investor *
-		
+
 	* 504, valid cert
 
 -->
diff --git a/src/chrome/content/rules/Fbk.info.xml b/src/chrome/content/rules/Fbk.info.xml
index 3dc08b07f0ae..1f62ff20a383 100644
--- a/src/chrome/content/rules/Fbk.info.xml
+++ b/src/chrome/content/rules/Fbk.info.xml
@@ -25,6 +25,6 @@ www.fbk.info ⁴
 	<target host="yakunin.fbk.info" />
 
 	<rule from="^http://www\.fbk\.info/" to="https://fbk.info/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FeatherCoin.xml b/src/chrome/content/rules/FeatherCoin.xml
index f2431319b50c..3aeb2b624333 100644
--- a/src/chrome/content/rules/FeatherCoin.xml
+++ b/src/chrome/content/rules/FeatherCoin.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FedEx.com-problematic.xml b/src/chrome/content/rules/FedEx.com-problematic.xml
deleted file mode 100644
index 72bab2eaac30..000000000000
--- a/src/chrome/content/rules/FedEx.com-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see FedEx.com.xml.
-
--->
-<ruleset name="FedEx.com (problematic, false MCB)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="*.van.fedex.com" />
-
-
-	<securecookie host="^\.blog\.van\.fedex\.com$" name=".+" />
-
-
-	<rule from="^http://(blog|news)\.van\.fedex\.com/"
-		to="https://$1.van.fedex.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FedEx.com.xml b/src/chrome/content/rules/FedEx.com.xml
index 343e2568a94c..79d9afe2500a 100644
--- a/src/chrome/content/rules/FedEx.com.xml
+++ b/src/chrome/content/rules/FedEx.com.xml
@@ -1,64 +1,47 @@
 <!--
-	For problematic rules, see FedEx.com-problematic.xml.
-
-
-		- fedex.com.d2.sc.omtrdc.net 
-
-			- metrics
-
-
-	Problematic subdomains:
-
-		- metrics	(mismatched, CN: *.d2.sc.omtrdc.net)
-		- blog.van	(mismatched, CN: *.gridserver.com)
-		- news.van	(CN: Parallels Panel)
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- m *
-		- wwwtest *
-
-	* Some pages redirect to http, others 404
-
-
-	Mixed content:
-
-		- css, on:
-
-			- news.van from news.van *
-			- news.van from www *
-
-		- Images, on:
-
-			- news.van from images *
-			- news.van from news.van *
-
-	* Secured by us
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- fedex.com
+		- metrics.fedex.com
+		- www.ftn.fedex.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- access.van.fedex.com
+		- blog.van.fedex.com
+		- news.van.fedex.com
+
+		Different content:
+		- m.fedex.com
+
+		Mixed content blocking (MCB) triggered:
+		- crossborder.fedex.com
 -->
 <ruleset name="FedEx.com (partial)">
-
 	<target host="fedex.com" />
-	<target host="*.fedex.com" />
-		<exclusion pattern="^http://m\.fedex\.com/+(?!img/)" />
-		<exclusion pattern="^http://wwwtest\.fedex\.com/(?!css/|images/)" />
-
-
-	<securecookie host="^\.fedex\.com$" name="^s_\w+$" />
-
-
-	<!--	^ redirects to www over http
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?fedex\.com/(?=css/|images/|myprofile/)"
+	<target host="www.fedex.com" />
+	<target host="careers.fedex.com" />
+	<target host="customcritical.fedex.com" />
+	<target host="ftn.fedex.com" />
+	<target host="getrewards.fedex.com" />
+	<target host="groundwarehousejobs.fedex.com" />
+	<target host="images.fedex.com" />
+	<target host="local.fedex.com" />
+	<target host="psg.office.fedex.com" />
+	<target host="oo.blue.fedex.com" />
+	<target host="pilot.fedex.com" />
+	<target host="printonline.fedex.com" />
+	<target host="samedaycity.fedex.com" />
+	<target host="supplychain.fedex.com" />
+	<target host="wwwtest.fedex.com" />
+	
+	<exclusion pattern="^http://www\.fedex\.com/kr/" />
+
+	<test url="http://www.fedex.com/kr/docs/" />
+	<test url="http://www.fedex.com/kr/registration/" />
+	<test url="http://www.fedex.com/kr/tools/commercialinvoice.html" />
+
+	<rule from="^http://fedex\.com/"
 		to="https://www.fedex.com/" />
 
-	<rule from="^http://(images|m|wwwtest)\.fedex\.com/"
-		to="https://$1.fedex.com/" />
-
-	<rule from="^http://metrics\.fedex\.com/"
-		to="https://fedex-com.d2.sc.omtrdc.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Federal-Communications-Commission.xml b/src/chrome/content/rules/Federal-Communications-Commission.xml
index 82995a10a032..0d5949fcee67 100644
--- a/src/chrome/content/rules/Federal-Communications-Commission.xml
+++ b/src/chrome/content/rules/Federal-Communications-Commission.xml
@@ -17,6 +17,7 @@
 		- transition (404 on http://transition.fcc.gov/Daily_Releases/Daily_Digest/2015/dd2015.html)
 		- apps (404, expired)
 		- fjallfoss (404)
+    - stations (unresolved)
 
 	* Times out
 
@@ -34,7 +35,6 @@
 	<target host="data.fcc.gov" />
 	<target host="fjallfoss.fcc.gov" />
 	<target host="licensing.fcc.gov" />
-	<target host="stations.fcc.gov" />
 	<target host="transition.fcc.gov" />
 	<target host="www.fcc.gov" />
 
@@ -43,16 +43,10 @@
 	<target host="fcc.gov" />
 	<target host="hraunfoss.fcc.gov" />
 
-		<exclusion pattern="^http://hraunfoss\.fcc\.gov/(?!edocs_public/attachmatch/(?!$))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.txt" />
+		<!-- <exclusion pattern="^http://hraunfoss\.fcc\.gov/(?!edocs_public/attachmatch/(?!$))" />
+			<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DA-10-893A1.pdf" />
 			<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.pdf" />
+      <test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-13-64A1.pdf" /> -->
 
 		<!--	apps and fjalloss have been disabled in response to
 			https://github.com/EFForg/https-everywhere/issues/2874.
@@ -67,18 +61,12 @@
 	<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.txt" />
 	<test url="http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-235879A1.pdf" />
 
-			404:
-				-->
-		<!--exclusion pattern="^http://apps\.fcc\.gov/ecfs/$" /-->
-		<!--exclusion pattern="^http://fjallfoss\.fcc\.gov/ecfs2/$" /-->
 
-			<!--	+ve:
-					-->
-			<!--test url="http://apps.fcc.gov/ecfs/" /-->
-			<!--test url="http://fjallfoss.fcc.gov/ecfs2/" /-->
+			<test url="http://apps.fcc.gov/ecfs/" />
+			<test url="http://fjallfoss.fcc.gov/ecfs2/" />
+
+			This used to 404:
 
-		<!--	This used to 404:
-						-->
 		<test url="http://transition.fcc.gov/Daily_Releases/Daily_Digest/2015/dd2015.html" />
 
 
@@ -88,12 +76,11 @@
 	<rule from="^http://fcc\.gov/"
 		to="https://www.fcc.gov/" />
 
-	<!--	Redirects like so:
-					-->
+		Redirects like so:
 	<rule from="^http://hraunfoss\.fcc\.gov/edocs_public/attachmatch/"
 		to="https://apps.fcc.gov/edocs_public/attachmatch/" />
 
-	<!-- These rules need tests:
+	 These rules need tests:
 
 	<rule from="^http://publicsafety\.fcc\.gov/(?:\?.*)?$"
 		to="https://www.fcc.gov/pshs/" />
diff --git a/src/chrome/content/rules/Federal_Business_Opportunities.xml b/src/chrome/content/rules/Federal_Business_Opportunities.xml
deleted file mode 100644
index 5e8c25fcb527..000000000000
--- a/src/chrome/content/rules/Federal_Business_Opportunities.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-
-
-	Certs only match www.
-
-
-	Targets solely for wildcard cookies:
-
-		- *.www.fbo.gov
-
--->
-<ruleset name="Federal Business Opportunities">
-
-	<target host="fbo.gov" />
-	<target host="*.fbo.gov" />
-	<target host="fedbizopps.gov" />
-	<target host="www.fedbizopps.gov" />
-
-
-	<securecookie host="^(?:.*\.)?fbo\.gov$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?f(bo|edbizopps)\.gov/"
-		to="https://www.f$1.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Federated-Investors.xml b/src/chrome/content/rules/Federated-Investors.xml
index ce7f29fc6168..f615eac6bb11 100644
--- a/src/chrome/content/rules/Federated-Investors.xml
+++ b/src/chrome/content/rules/Federated-Investors.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.federatedinvestors.com/ => https://www.federatedinvestor
 Disabled by https-everywhere-checker because:
 Fetch error: http://federatedinvestors.com/ => https://federatedinvestors.com/: (51, "SSL: no alternative certificate subject name matches target host name 'federatedinvestors.com'")
 -->
-<ruleset name="Federated Investors (partial)" default_off='failed ruleset test'>
+<ruleset name="Federated Investors (partial)" default_off="failed ruleset test">
 
 	<target host="federatedinvestors.com" />
 	<target host="www.federatedinvestors.com" />
diff --git a/src/chrome/content/rules/Federated-Media-Publishing.xml b/src/chrome/content/rules/Federated-Media-Publishing.xml
index 3a01343e96a0..0eab2409af53 100644
--- a/src/chrome/content/rules/Federated-Media-Publishing.xml
+++ b/src/chrome/content/rules/Federated-Media-Publishing.xml
@@ -12,26 +12,27 @@ Fetch error: http://www.federatedmedia.net/ => https://www.federatedmedia.net/:
 		- cm.cdn.fm
 
 -->
-<ruleset name="Federated Media Publishing (partial)" default_off='failed ruleset test'>
+<ruleset name="Federated Media Publishing (partial)" default_off="failed ruleset test">
 
 	<target host="federatedmedia.net" />
 	<target host="www.federatedmedia.net" />
-	<target host="*.fmpub.net" />
+	<target host="keywords.fmpub.net" />
+	<target host="r1.fmpub.net" />
+	<target host="static.fmpub.net" />
+	<target host="tenzing.fmpub.net" />
+	<target host="static-cf.fmpub.net" />
 
 
 	<securecookie host="^.*\.fmpub\.net$" name=".+" />
 	<securecookie host="^www\.federatedmedia\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?federatedmedia\.net/"
-		to="https://$1federatedmedia.net/" />
 
 	<!--	Ads included on 3rd-party websites.	-->
-	<rule from="^http://(keywords|r1|static|tenzing)\.fmpub\.net/"
-		to="https://$1.fmpub.net/" />
 
 	<!--	Ditto.	-->
 	<rule from="^http://static-cf\.fmpub\.net/"
 		to="https://fmpub.cachefly.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Federation-of-American-Scientists.xml b/src/chrome/content/rules/Federation-of-American-Scientists.xml
index 06d5ce6a0b84..6186e0f3c990 100644
--- a/src/chrome/content/rules/Federation-of-American-Scientists.xml
+++ b/src/chrome/content/rules/Federation-of-American-Scientists.xml
@@ -11,7 +11,7 @@ Fetch error: http://members.fas.org/ => https://members.fas.org/: (6, 'Could not
 		- .fas.org
 
 -->
-<ruleset name="FAS.org" default_off='failed ruleset test'>
+<ruleset name="FAS.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Federation-of-Small-Businesses.xml b/src/chrome/content/rules/Federation-of-Small-Businesses.xml
index 0f05e2b0d2cb..b80e846770e6 100644
--- a/src/chrome/content/rules/Federation-of-Small-Businesses.xml
+++ b/src/chrome/content/rules/Federation-of-Small-Businesses.xml
@@ -11,7 +11,8 @@ Fetch error: http://fsb.org.uk/ => http://fsb.org.uk/: (28, 'Connection timed ou
 <ruleset name="Federation of Small Businesses (partial)">
 
 	<target host="fsb.org.uk" />
-	<target host="*.fsb.org.uk" />
+	<target host="www.fsb.org.uk" />
+	<target host="join.fsb.org.uk" />
 
 
 	<securecookie host="^join\.fsb\.org\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/Fedora_Project.org.xml b/src/chrome/content/rules/Fedora_Project.org.xml
deleted file mode 100644
index 6e24633f6075..000000000000
--- a/src/chrome/content/rules/Fedora_Project.org.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--
-	Other Fedora Project rulesets:
-		+ Fedorainfracloud.org.xml
-
-	Remark: Fedora maintains a list of sub-domains of some services on
-		https://github.com/fedora-infra/apps.fp.o/blob/develop/data/apps.yaml
-
-	Non-functional hosts:
-		HSTS preloaded:
-			- admin.fedoraproject.org
-			- apps.fedoraproject.org
-			- ask.fedoraproject.org
-			- badges.fedoraproject.org
-			- darkserver.fedoraproject.org
-			- geoip.fedoraproject.org
-			- keys.fedoraproject.org
-			- kojipkgs.fedoraproject.org
-			- lists.fedoraproject.org
-			- meetbot.fedoraproject.org
-			- paste.fedoraproject.org
-			- qa.fedoraproject.org
-			- src.fedoraproject.org
-			- taskotron.fedoraproject.org
-
-		Couldn't connect to server:
-			- publictest04.fedoraproject.org
-
-		SSL peer certificate was not OK:
-			- directory.fedoraproject.org
-			- arm.koji.fedoraproject.org
-			- ols.fedoraproject.org
-			- pki.fedoraproject.org
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			- pkgs.fedoraproject.org
-
-		Mixed content blocking (MCB) triggered:
-			- boot.fedoraproject.org
--->
-
-<ruleset name="Fedora Project.org (partial)">
-	<target host="fedoraproject.org" />
-	<target host="www.fedoraproject.org" />
-	<target host="alt.fedoraproject.org" />
-	<target host="archives.fedoraproject.org" />
-	<target host="cloud.fedoraproject.org" />
-	<target host="copr-be.cloud.fedoraproject.org" />
-	<target host="copr.fedoraproject.org" />
-	<target host="dl.fedoraproject.org" />
-	<target host="docs.fedoraproject.org" />
-	<target host="download.fedoraproject.org" />
-	<target host="get.fedoraproject.org" />
-	<target host="infrastructure.fedoraproject.org" />
-		<test url="http://infrastructure.fedoraproject.org/cgit/ansible.git" />
-	<target host="join.fedoraproject.org" />
-	<target host="koji.fedoraproject.org" />
-	<target host="mirrors.fedoraproject.org" />
-	<target host="pdc.fedoraproject.org" />
-	<target host="people.fedoraproject.org" />
-	<target host="planet.fedoraproject.org" />
-	<target host="retrace.fedoraproject.org" />
-	<target host="start.fedoraproject.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Fedorainfracloud.org.xml b/src/chrome/content/rules/Fedorainfracloud.org.xml
index 1a7fcc30cb8f..c5e805830d26 100644
--- a/src/chrome/content/rules/Fedorainfracloud.org.xml
+++ b/src/chrome/content/rules/Fedorainfracloud.org.xml
@@ -1,6 +1,4 @@
 <!--
-	For other Fedora coverage, see Fedora_Project.org.xml.
-
 	Nonfunctional hosts in *.fedorainfracloud.org:
 		- developer.fedorainfracloud.org (r)
 		- faitout.fedorainfracloud.org (t)
diff --git a/src/chrome/content/rules/FeeFighters.xml b/src/chrome/content/rules/FeeFighters.xml
index b16ee4ec2139..8e9083ef307d 100644
--- a/src/chrome/content/rules/FeeFighters.xml
+++ b/src/chrome/content/rules/FeeFighters.xml
@@ -8,11 +8,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://feefighters.com/ => https://feefighters.com/: (51, "SSL: no alternative certificate subject name matches target host name 'feefighters.com'")
 Fetch error: http://www.feefighters.com/ => https://feefighters.com/: (51, "SSL: no alternative certificate subject name matches target host name 'feefighters.com'")
 -->
-<ruleset name="FeeFighters" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FeeFighters" platform="mixedcontent" default_off="failed ruleset test">
   <target host="feefighters.com" />
   <target host="www.feefighters.com" />
 
-  <securecookie host="^(?:.+\.)?feefighters\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?feefighters\.com/" to="https://feefighters.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Feed2JS.org.xml b/src/chrome/content/rules/Feed2JS.org.xml
index 7cbd69c2dc7c..e9b2d7b9a5ac 100644
--- a/src/chrome/content/rules/Feed2JS.org.xml
+++ b/src/chrome/content/rules/Feed2JS.org.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FeedBlitz.xml b/src/chrome/content/rules/FeedBlitz.xml
index d2ce2e61a8e8..904ce9fbb220 100644
--- a/src/chrome/content/rules/FeedBlitz.xml
+++ b/src/chrome/content/rules/FeedBlitz.xml
@@ -1,8 +1,6 @@
 <!--
 	CDN buckets:
 
-		- s3.amazonaws.com/assets.feedblitz.com/
-		- s3.amazonaws.com/users.feedblitz.com/
 		- ne1.wpc.edgecastcdn.net/0002B4/
 
 		- cee47999521ce01e5baae088241054d9.edgesuite.net
@@ -35,9 +33,6 @@
 		- t		(→ ei.rlcdn.com)
 		- users *
 
-	* → s3.amazonaws.com
-
-
 	Mixed content:
 
 		- Images, on:
@@ -62,18 +57,19 @@
 <ruleset name="FeedBlitz">
 
 	<target host="feedblitz.com" />
-	<target host="*.feedblitz.com" />
+	<target host="archive.feedblitz.com" />
+	<target host="blog.feedblitz.com" />
+	<target host="feeds.feedblitz.com" />
+	<target host="p.feedblitz.com" />
+	<target host="www.feedblitz.com" />
+	<target host="assets.feedblitz.com" />
+	<target host="users.feedblitz.com" />
+	<target host="spnsrs.feedblitz.com" />
+	<target host="t.feedblitz.com" />
 
 
 	<securecookie host="^w*\.feedblitz\.com$" name=".+" />
 
-
-	<rule from="^http://((?:archive|blog|feeds|p|www)\.)?feedblitz\.com/"
-		to="https://$1feedblitz.com/" />
-
-	<rule from="^http://(asset|user)s\.feedblitz\.com/"
-		to="https://s3.amazonaws.com/$1s.feedblitz.com/" />
-
 	<!--	Redirects like so:
 					-->
 	<rule from="^http://spnsrs\.feedblitz\.com/"
@@ -82,4 +78,5 @@
 	<rule from="^http://t\.feedblitz\.com/"
 		to="https://ei.rlcdn.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FeedPress.me.xml b/src/chrome/content/rules/FeedPress.me.xml
index 488b6bfd8bcd..6eacd1780944 100644
--- a/src/chrome/content/rules/FeedPress.me.xml
+++ b/src/chrome/content/rules/FeedPress.me.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.feedpress.me/ => https://www.feedpress.me/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="FeedPress.me" default_off='failed ruleset test'>
+<ruleset name="FeedPress.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Feedjit.xml b/src/chrome/content/rules/Feedjit.xml
index 63364a5b9a68..a869e860e139 100644
--- a/src/chrome/content/rules/Feedjit.xml
+++ b/src/chrome/content/rules/Feedjit.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?feedjit\.com/(favicon\.ico|images/|plansPricing/|pro/|rush/|static/)"
 		to="https://$1feedjit.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Feedmyinbox.xml b/src/chrome/content/rules/Feedmyinbox.xml
index 32cff397ff3e..cd259f42fc09 100644
--- a/src/chrome/content/rules/Feedmyinbox.xml
+++ b/src/chrome/content/rules/Feedmyinbox.xml
@@ -5,11 +5,11 @@ Fetch error: http://www.feedmyinbox.com/ => https://www.feedmyinbox.com/: (28, '
 Fetch error: http://feedmyinbox.com/ => https://www.feedmyinbox.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="FeedMyInbox" default_off='failed ruleset test'>
+<ruleset name="FeedMyInbox" default_off="failed ruleset test">
   <target host="www.feedmyinbox.com" />
   <target host="feedmyinbox.com" />
 
-  <securecookie host="^(?:.*\.)?feedmyinbox\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?feedmyinbox\.com/" to="https://www.feedmyinbox.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Feedsportal.com.xml b/src/chrome/content/rules/Feedsportal.com.xml
index ad0713e6d0ae..d51d1bca0502 100644
--- a/src/chrome/content/rules/Feedsportal.com.xml
+++ b/src/chrome/content/rules/Feedsportal.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://stats.feedsportal.com/ => https://stats.feedsportal.com/: (2
 	www: refused
 
 -->
-<ruleset name="Feedsportal.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Feedsportal.com (partial)" default_off="failed ruleset test">
 
 	<target host="stats.feedsportal.com" />
 		<!--exclusion pattern="^http://(res3|www)\.feedsportal\.com/" /-->
diff --git a/src/chrome/content/rules/Fefe.xml b/src/chrome/content/rules/Fefe.xml
index df4323378c92..4bb576b970b8 100644
--- a/src/chrome/content/rules/Fefe.xml
+++ b/src/chrome/content/rules/Fefe.xml
@@ -4,7 +4,7 @@
 		- bulk *
 
 	* invalid certificate
-	
+
 	       - dl *
 
 
diff --git a/src/chrome/content/rules/Feide.xml b/src/chrome/content/rules/Feide.xml
index a45e1cf50773..c5fa9cb0b395 100644
--- a/src/chrome/content/rules/Feide.xml
+++ b/src/chrome/content/rules/Feide.xml
@@ -23,7 +23,7 @@ Fetch error: http://wiki.feide.no/ => https://wiki.feide.no/: (6, 'Could not res
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Feide.no" default_off='failed ruleset test'>
+<ruleset name="Feide.no" default_off="failed ruleset test">
 
 	<target host="feide.no" />
 	<target host="api.feide.no" />
diff --git a/src/chrome/content/rules/Feminism.lgbt.xml b/src/chrome/content/rules/Feminism.lgbt.xml
deleted file mode 100644
index df4f63c0f9df..000000000000
--- a/src/chrome/content/rules/Feminism.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Feminism.lgbt">
-	<target host="feminism.lgbt" />
-	<target host="www.feminism.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Fence_Center.com.xml b/src/chrome/content/rules/Fence_Center.com.xml
index c945e52906b6..63d4d8a1f010 100644
--- a/src/chrome/content/rules/Fence_Center.com.xml
+++ b/src/chrome/content/rules/Fence_Center.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.fencecenter.com/ => https://www.fencecenter.com/: (60, '
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Fence Center.com" default_off='failed ruleset test'>
+<ruleset name="Fence Center.com" default_off="failed ruleset test">
 
 	<target host="fencecenter.com" />
 	<target host="www.fencecenter.com" />
@@ -21,4 +21,4 @@ Fetch error: http://www.fencecenter.com/ => https://www.fencecenter.com/: (60, '
 	<rule from="^http://(?:www\.)?fencecenter\.com/"
 		to="https://www.fencecenter.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fender.com-problematic.xml b/src/chrome/content/rules/Fender.com-problematic.xml
index 3d16e39f019b..fe519bc3badb 100644
--- a/src/chrome/content/rules/Fender.com-problematic.xml
+++ b/src/chrome/content/rules/Fender.com-problematic.xml
@@ -5,13 +5,11 @@
 <ruleset name="Fender.com (problematic)" default_off="mismatched">
 
 	<target host="customcare.fender.com" />
-	<target host="*.customcare.fender.com" />
 
 
 	<securecookie host="^\.customcare\.fender\.com$" name=".+" />
 
 
-	<rule from="^http://customcare\.fender\.com/"
-		to="https://customcare.fender.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fender.com.xml b/src/chrome/content/rules/Fender.com.xml
index e30390810058..27cd16aabde7 100644
--- a/src/chrome/content/rules/Fender.com.xml
+++ b/src/chrome/content/rules/Fender.com.xml
@@ -16,7 +16,7 @@
 <ruleset name="Fender.com (partial)">
 
 	<target host="fender.com" />
-	<target host="*.fender.com" />
+	<target host="www.fender.com" />
 
 
 	<securecookie host="^(?:www)?\.fender\.com$" name=".+" />
@@ -25,4 +25,4 @@
 	<rule from="^http://(?:www\.)?fender\.com/"
 		to="https://www.fender.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fenland.gov.uk.xml b/src/chrome/content/rules/Fenland.gov.uk.xml
index b236b901f86b..3542cc59156c 100644
--- a/src/chrome/content/rules/Fenland.gov.uk.xml
+++ b/src/chrome/content/rules/Fenland.gov.uk.xml
@@ -30,12 +30,12 @@
 			<test url="http://www.fenland.gov.uk/article/10466/Consultations" />
 			<test url="http://www.fenland.gov.uk/article/10471/Apply-for-it" />
 			<test url="http://www.fenland.gov.uk/article/10584/The-2015-LGC-Winner" />
+			<test url="http://www.fenland.gov.uk/article/13048/Were-not-mucking-about---clean-up-after-your-dog-or-face-a-fine" />
 			<test url="http://www.fenland.gov.uk/article/1165/New-Vision-Fitness" />
 			<test url="http://www.fenland.gov.uk/article/2916/Jobs" />
 			<test url="http://www.fenland.gov.uk/article/2917/Planning-Register" />
 			<test url="http://www.fenland.gov.uk/article/2919/Council-Tax" />
 			<test url="http://www.fenland.gov.uk/article/5382/Connecting-Cambridgeshire" />
-			<test url="http://www.fenland.gov.uk/article/5382/Connecting-Cambridgeshire" />
 			<test url="http://www.fenland.gov.uk/article/5910/The-2014-MJ-Winner/" />
 			<test url="http://www.fenland.gov.uk/article/6273/Source-Cambridgeshire" />
 			<test url="http://www.fenland.gov.uk/article/9124/Golden-Age-Partners" />
diff --git a/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml b/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml
index 2900e0a38a36..32941fb84a77 100644
--- a/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml
+++ b/src/chrome/content/rules/Fermi_National_Accelerator_Laboratory.xml
@@ -65,7 +65,7 @@ Fetch error: http://astro.fnal.gov/ => https://astro.fnal.gov/: (28, 'Connection
 		www.fermilab.jobs
 
 -->
-<ruleset name="Fermi National Accelerator Laboratory" default_off='failed ruleset test'>
+<ruleset name="Fermi National Accelerator Laboratory" default_off="failed ruleset test">
 	<target host="fnal.gov" />
 	<target host="www.fnal.gov" />
 	<target host="annie.fnal.gov" />
diff --git a/src/chrome/content/rules/FernUni-Hagen.de.xml b/src/chrome/content/rules/FernUni-Hagen.de.xml
index 52bc7deee6cb..3bec2bca8e42 100644
--- a/src/chrome/content/rules/FernUni-Hagen.de.xml
+++ b/src/chrome/content/rules/FernUni-Hagen.de.xml
@@ -27,7 +27,14 @@
 <ruleset name="FernUni-Hagen.de">
 
 	<target host="fernuni-hagen.de" />
-	<target host="*.fernuni-hagen.de" />
+	<target host="www.fernuni-hagen.de" />
+	<target host="cl-www.fernuni-hagen.de" />
+	<target host="account.fernuni-hagen.de" />
+	<target host="blog.fernuni-hagen.de" />
+	<target host="moodle.fernuni-hagen.de" />
+	<target host="www.ub.fernuni-hagen.de" />
+	<target host="vu.fernuni-hagen.de" />
+	<target host="wiki.fernuni-hagen.de" />
 
 
 	<securecookie host="^(?:account|moodle|wiki)\.fernuni-hagen\.de$" name=".+" />
@@ -36,7 +43,6 @@
 	<rule from="^http://(?:(cl-)?www\.)?fernuni-hagen\.de/"
 		to="https://$1www.fernuni-hagen.de/" />
 
-	<rule from="^http://(account|blog|moodle|www\.ub|vu|wiki)\.fernuni-hagen\.de/"
-		to="https://$1.fernuni-hagen.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ferris_State_University-problematic.xml b/src/chrome/content/rules/Ferris_State_University-problematic.xml
index 5ab1deb5d421..e1f234883583 100644
--- a/src/chrome/content/rules/Ferris_State_University-problematic.xml
+++ b/src/chrome/content/rules/Ferris_State_University-problematic.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ferris_State_University.xml b/src/chrome/content/rules/Ferris_State_University.xml
index 5ee7fee73c8c..451cdf192742 100644
--- a/src/chrome/content/rules/Ferris_State_University.xml
+++ b/src/chrome/content/rules/Ferris_State_University.xml
@@ -27,14 +27,17 @@
 -->
 <ruleset name="Ferris State University (partial)">
 
-	<target host="*.ferris.edu" />
+	<target host="ebill.ferris.edu" />
+	<target host="fsuban2.ferris.edu" />
+	<target host="m.ferris.edu" />
+	<target host="mysfu.ferris.edu" />
+	<target host="passwordhelp.ferris.edu" />
 		<exclusion pattern="^http://myfsu.ferris.edu/cp/home/loginf" />
 
 
 	<securecookie host="^(?!myfsu)\.ferris\.edu$" name=".+" />
 
 
-	<rule from="^http://(ebill|fsuban2|m|mysfu|passwordhelp)\.ferris\.edu(:9000)?/"
-		to="https://$1.ferris.edu$2/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ferroh.com.xml b/src/chrome/content/rules/Ferroh.com.xml
deleted file mode 100644
index 64f268e63a97..000000000000
--- a/src/chrome/content/rules/Ferroh.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-
-	Problematic hosts in *ferroh.com:
-
-		- status (refused)
-
--->
-<ruleset name="Ferroh.com (partial)">
-
-	<target host="ferroh.com" />
-	<target host="www.ferroh.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FetShop.co.uk.xml b/src/chrome/content/rules/FetShop.co.uk.xml
index 22d6181dc15f..8d247ee264dd 100644
--- a/src/chrome/content/rules/FetShop.co.uk.xml
+++ b/src/chrome/content/rules/FetShop.co.uk.xml
@@ -23,7 +23,9 @@
 <ruleset name="FetShop.co.uk">
 
 	<target host="fetshop.co.uk" />
-	<target host="*.fetshop.co.uk" />
+	<target host="www.fetshop.co.uk" />
+	<target host="cdn.fetshop.co.uk" />
+	<target host="cdn-test.fetshop.co.uk" />
 
 
 	<securecookie host="^\.www\.fetshop\.co\.uk$" name=".+" />
@@ -38,4 +40,4 @@
 	<rule from="^http://cdn-test\.fetshop\.co\.uk/"
 		to="https://4001-test-iamnoonesolution.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fhserve.com.xml b/src/chrome/content/rules/Fhserve.com.xml
index b07ed613574e..662c31bb21bc 100644
--- a/src/chrome/content/rules/Fhserve.com.xml
+++ b/src/chrome/content/rules/Fhserve.com.xml
@@ -28,7 +28,7 @@
 		- (www.)?	(^ → www)
 
 -->
-<ruleset name="fhserve.com" default_off="missing certificate chain">
+<ruleset name="fhserve.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Fidelity.com.hk.xml b/src/chrome/content/rules/Fidelity.com.hk.xml
new file mode 100644
index 000000000000..43cba3c04e28
--- /dev/null
+++ b/src/chrome/content/rules/Fidelity.com.hk.xml
@@ -0,0 +1,74 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- author.pension.fidelity.com.hk
+		- author.pensionnp.fidelity.com.hk
+		- author.retirement.fidelity.com.hk
+		- author.retirementnp.fidelity.com.hk
+
+		Timeout was reached:
+		- eclub.fidelity.com.hk
+		- email.fidelity.com.hk
+		- investeeportal.fidelity.com.hk
+		- pension.fidelity.com.hk
+		- schemenp.fidelity.com.hk
+		- www99.webxpress.fidelity.com.hk
+		- www99.fidelity.com.hk
+
+		SSL connect error:
+		- api.fidelity.com.hk
+		- cat.api.fidelity.com.hk
+		- api-uat.fidelity.com.hk
+		- gateway-cat.fidelity.com.hk
+		- hkweb-uat.fidelity.com.hk
+		- m.fidelity.com.hk
+		- m-uat.fidelity.com.hk
+		- m11.fidelity.com.hk
+		- m22.fidelity.com.hk
+		- vpn-uat.fidelity.com.hk
+		- webxpress.fidelity.com.hk
+		- www.webxpress.fidelity.com.hk
+		- www11.webxpress.fidelity.com.hk
+
+		SSL peer certificate was not OK:
+		- retirementnp.fidelity.com.hk
+		- tpa.fidelity.com.hk
+		- cat.webxpress.fidelity.com.hk
+		- www22.webxpress.fidelity.com.hk
+
+		Incomplete certificate chain error:
+		- voip.fidelity.com.hk
+
+		4xx client error:
+		- pensionnp.fidelity.com.hk
+		- qdii11.fidelity.com.hk
+		- qdii22.fidelity.com.hk
+-->
+<ruleset name="Fidelity.com.hk">
+	<target host="fidelity.com.hk" />
+	<target host="www.fidelity.com.hk" />
+	<target host="cat.fidelity.com.hk" />
+	<target host="collaborate.fidelity.com.hk" />
+	<target host="gateway.fidelity.com.hk" />
+	<target host="cat.gateway.fidelity.com.hk" />
+	<target host="email.ws.m.fidelity.com.hk" />
+	<target host="page.ws.m.fidelity.com.hk" />
+	<target host="email.mpf.fidelity.com.hk" />
+	<target host="page.mpf.fidelity.com.hk" />
+	<target host="new.fidelity.com.hk" />
+	<target host="qdii.fidelity.com.hk" />
+	<target host="cat.qdii.fidelity.com.hk" />
+	<target host="retirement.fidelity.com.hk" />
+	<target host="secure.fidelity.com.hk" />
+	<target host="secure11.fidelity.com.hk" />
+	<target host="secure22.fidelity.com.hk" />
+	<target host="vpn.fidelity.com.hk" />
+	<target host="email.ws.fidelity.com.hk" />
+	<target host="page.ws.fidelity.com.hk" />
+	<target host="www11.fidelity.com.hk" />
+	<target host="www22.fidelity.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fidelity.com.xml b/src/chrome/content/rules/Fidelity.com.xml
index 70bd534cec06..d5c313de2478 100644
--- a/src/chrome/content/rules/Fidelity.com.xml
+++ b/src/chrome/content/rules/Fidelity.com.xml
@@ -59,7 +59,19 @@
 <ruleset name="Fidelity.com (partial)">
 
 	<target host="fidelity.com" />
-	<target host="*.fidelity.com" />
+	<target host="charitablegift.fidelity.com" />
+	<target host="eresearch.fidelity.com" />
+	<target host="fixedincome.fidelity.com" />
+	<target host="login.fidelity.com" />
+	<target host="membership.fidelity.com" />
+	<target host="moneymovement.fidelity.com" />
+	<target host="news.fidelity.com" />
+	<target host="oltx.fidelity.com" />
+	<target host="research2.fidelity.com" />
+	<target host="researchtools.fidelity.com" />
+	<target host="screener.fidelity.com" />
+	<target host="scs.fidelity.com" />
+	<target host="www.fidelity.com" />
 
 
 	<!--	Not secured by server:
@@ -72,7 +84,6 @@
 	<securecookie host="^(?:charitablegift|login)\.fidelity\.com$" name=".+" />
 
 
-	<rule from="^http://((?:charitablegift|eresearch|fixedincome|login|membership|moneymovement|news|oltx|research2|researchtools|screener|scs|www)\.)?fidelity\.com/"
-		to="https://$1fidelity.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FierceMarkets.xml b/src/chrome/content/rules/FierceMarkets.xml
index d25e81e1a957..a71dbe11443f 100644
--- a/src/chrome/content/rules/FierceMarkets.xml
+++ b/src/chrome/content/rules/FierceMarkets.xml
@@ -1,40 +1,21 @@
 <!--
 	Other FierceMarkets rulesets:
-
 		- FiercePharma.xml
 
-
-	CDN buckets:
-
-		- d2pkycnpovhofp.cloudfront.net
-			- assets.fiercemarkets.net
-
-
-	Problematic domains:
-
-		- assets.fiercemarkets.com	(mismatched, CN: www.fiercefinance.com)
-		- static.fiercemarkets.com	(shows secure, CN: secure.fiercemarkets.com)
-
-
-	Fully covered domains:
-
-		- assets.fiercemarkets.com	(→ www.fiercefinance.com)
+	Non-functional hosts:
+		Timeout:
+		- fiercemarkets.com
 		- secure.fiercemarkets.com
-		- static.fiercemarkets.com	(→ d2pkycnpovhofp.cloudfront.net)
-		- assets.fiercemarkets.net	(→ d2pkycnpovhofp.cloudfront.net)
-
-
+		- static.fiercemarkets.com
 -->
 <ruleset name="FierceMarkets (partial)">
 
-	<target host="*.fiercemarkets.com" />
+	<target host="www.fiercemarkets.com" />
+	<target host="assets.fiercemarkets.com" />
 	<target host="assets.fiercemarkets.net" />
+		<test url="http://assets.fiercemarkets.net/public/SNY38294_20150205_Results_en.pdf" />
+		<test url="http://assets.fiercemarkets.net/public/sanofiq3.pdf" />
 
-
-	<rule from="^http://secure\.fiercemarkets\.com/"
-		to="https://secure.fiercemarkets.com/" />
-
-	<rule from="^http://assets\.fiercemarkets\.com/"
-		to="https://www.fiercefinance.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fife_Direct.org.uk.xml b/src/chrome/content/rules/Fife_Direct.org.uk.xml
index cd36fb272ff0..5ce12c6fc258 100644
--- a/src/chrome/content/rules/Fife_Direct.org.uk.xml
+++ b/src/chrome/content/rules/Fife_Direct.org.uk.xml
@@ -24,7 +24,7 @@ Fetch error: http://m.fifedirect.org.uk/ => https://m.fifedirect.org.uk/: (6, 'C
 	⁴ Unsecurable <= 404
 
 -->
-<ruleset name="Fife Direct.org.uk" default_off='failed ruleset test'>
+<ruleset name="Fife Direct.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Fifi.Org.xml b/src/chrome/content/rules/Fifi.Org.xml
index 783798680b66..71818980d15f 100644
--- a/src/chrome/content/rules/Fifi.Org.xml
+++ b/src/chrome/content/rules/Fifi.Org.xml
@@ -6,13 +6,10 @@
 -->
 <ruleset name="Fifi.Org (partial)" default_off="self-signed">
 
-	<target host="*.fifi.org" />
+	<target host="secure.fifi.org" />
 
 
-	<securecookie host="^\.fifi\.org$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://secure\.fifi\.org/"
-		to="https://secure.fifi.org/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml b/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml
index d28396c8e1fc..b3668772731a 100644
--- a/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml
+++ b/src/chrome/content/rules/Fight-for-the-Future-mismatches.xml
@@ -5,7 +5,7 @@
 <ruleset name="Fight fot the Future (mismatches)" default_off="mismatch, self-signed">
 
 	<target host="americancensorship.org" />
-	<target host="*.americancensorship.org" />
+	<target host="www.americancensorship.org" />
 	<!--	cert:	*.heroku.com	-->
 	<target host="congresstmi.org" />
 	<target host="www.congresstmi.org" />
@@ -46,10 +46,9 @@
 	<rule from="^http://(?:www\.)?privacyisawesome\.com/"
 		to="https://www.privacyisawesome.com/" />
 
-	<rule from="^http://a\.fightforthefuture\.org/"
-		to="https://a.fightforthefuture.org/" />
 
 	<rule from="^http://(?:www\.)?sopastrike\.com/"
 		to="https://sopastrike.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fight-for-the-Future.xml b/src/chrome/content/rules/Fight-for-the-Future.xml
index e911f1fb5a1f..fad239547ec2 100644
--- a/src/chrome/content/rules/Fight-for-the-Future.xml
+++ b/src/chrome/content/rules/Fight-for-the-Future.xml
@@ -9,7 +9,6 @@
 		- Fax_Big_Brother.com.xml
 		- Free_Chelsea.com.xml
 		- Internet_Defense_League.xml
-		- InternetVotes.org.xml
 		- Reset_the_Net.org.xml
 		- You_Betrayed_us.org.xml
 
diff --git a/src/chrome/content/rules/File.io.xml b/src/chrome/content/rules/File.io.xml
new file mode 100644
index 000000000000..a03e0cc96360
--- /dev/null
+++ b/src/chrome/content/rules/File.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="File.io">
+	<target host="file.io" />
+	<target host="www.file.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FileCloud.io.xml b/src/chrome/content/rules/FileCloud.io.xml
deleted file mode 100644
index 033fe0e85aa4..000000000000
--- a/src/chrome/content/rules/FileCloud.io.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-		- s23.filecloud.io
-		- s24.filecloud.io
-		- s25.filecloud.io
-		- s26.filecloud.io
-		- s27.filecloud.io
--->
-<ruleset name="FileCloud.io">
-	<target host="filecloud.io" />
-	<target host="www.filecloud.io" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/FileFactory.xml b/src/chrome/content/rules/FileFactory.xml
index 5dc0b87c28f5..213e5121c52c 100644
--- a/src/chrome/content/rules/FileFactory.xml
+++ b/src/chrome/content/rules/FileFactory.xml
@@ -11,7 +11,7 @@ Fetch error: http://support.filefactory.com/ => https://support.filefactory.com/
 	* Mismatched
 
 -->
-<ruleset name="FileFactory.com (partial)" default_off='failed ruleset test'>
+<ruleset name="FileFactory.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FileHoot.com.xml b/src/chrome/content/rules/FileHoot.com.xml
index 50965dce7eee..58bfa4b5629f 100644
--- a/src/chrome/content/rules/FileHoot.com.xml
+++ b/src/chrome/content/rules/FileHoot.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.filehoot.com/ => https://www.filehoot.com/: (7, 'Failed
 	² Unsecurable <= connection refused
 
 -->
-<ruleset name="FileHoot.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FileHoot.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FileNuke.com.xml b/src/chrome/content/rules/FileNuke.com.xml
deleted file mode 100644
index 653ca92accdb..000000000000
--- a/src/chrome/content/rules/FileNuke.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .filenuke.com
-
--->
-<ruleset name="FileNuke.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="filenuke.com" />
-	<target host="www.filenuke.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.filenuke\.com$" name="^(?:__cfduid|cf_clearance|guest_hash)$" /-->
-
-	<securecookie host="^\.filenuke\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FileRio.in.xml b/src/chrome/content/rules/FileRio.in.xml
index 51212880537e..272ef217675e 100644
--- a/src/chrome/content/rules/FileRio.in.xml
+++ b/src/chrome/content/rules/FileRio.in.xml
@@ -19,10 +19,10 @@ Fetch error: http://filerio.in/ => https://filerio.in/: (60, 'SSL certificate pr
 	* Secured by us
 
 -->
-<ruleset name="FileRio.in (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FileRio.in (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="filerio.in" />
-	<target host="*.filerio.in" />
+	<target host="www.filerio.in" />
 
 
 	<securecookie host="^\.filerio\.in$" name=".+" />
diff --git a/src/chrome/content/rules/FileZilla.xml b/src/chrome/content/rules/FileZilla.xml
deleted file mode 100644
index e1656ee4125e..000000000000
--- a/src/chrome/content/rules/FileZilla.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="FileZilla-project.org">
-
-	<target host="filezilla-project.org" />
-	<target host="www.filezilla-project.org" />
-	<target host="download.filezilla-project.org" />
-	<target host="forum.filezilla-project.org" />
-	<target host="lib.filezilla-project.org" />
-	<target host="svn.filezilla-project.org" />
-	<target host="trac.filezilla-project.org" />
-	<target host="wiki.filezilla-project.org" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Filebyid.com.xml b/src/chrome/content/rules/Filebyid.com.xml
index 174464afefba..38961a7864d6 100644
--- a/src/chrome/content/rules/Filebyid.com.xml
+++ b/src/chrome/content/rules/Filebyid.com.xml
@@ -2,7 +2,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="filebyid.com" default_off="missing certificate chain">
+<ruleset name="filebyid.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Filehippo.com.xml b/src/chrome/content/rules/Filehippo.com.xml
deleted file mode 100644
index 648f0f4de2dc..000000000000
--- a/src/chrome/content/rules/Filehippo.com.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	Non-functional subdomains:
-
-		- www.filehippo.com	(m)
-		- appmanager	(t)
-		- cache	(m)
-		- cdn1	(m)
-		- download	(m)
-		- fs1	(t)
-		- fs10	(t)
-		- fs11	(t)
-		- fs12	(t)
-		- fs13	(t)
-		- fs14	(t)
-		- fs30	(t)
-		- fs31	(t)
-		- fs32	(t)
-		- fs33	(t)
-		- fs34	(t)
-		- fs35	(t)
-		- fs36	(t)
-		- fs37	(t)
-		- fs40	(t)
-		- fs41	(t)
-		- fs42	(t)
-		- loki	(t)
-		- admin.loki	(t)
-		- update	(t)
-		- www-web01	(t)
-		- www-web02	(t)	
-	
-	e: expired certificate
-	h: http redirect
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
-
--->
-<ruleset name="Filehippo">
-
-	<target host="filehippo.com" />
-	<target host="www.filehippo.com" />
-	<target host="dl1.filehippo.com" />
-	<target host="dl2.filehippo.com" />
-	<target host="news.filehippo.com" />
-
-  	<securecookie host="^filehippo\.com$" name=".+" />
-
-	<!-- certificate mismatch -->
-	<rule from="^http://www\.filehippo\.com/"
-		to="https://filehippo.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Filemobile.xml b/src/chrome/content/rules/Filemobile.xml
deleted file mode 100644
index 939cd3892f67..000000000000
--- a/src/chrome/content/rules/Filemobile.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	For problematic rules, see Filemobile-mismatches.xml.
-
-
-	Other Filemobile rulesets:
-
-		- Media_Factory.xml
-
-
-	CDN buckets:
-
-		- assets.filemobile.com.s3.amazonaws.com
-		- s3.amazonaws.com/storage.filemobile.com/
-		- d2ksawk1637r8x.cloudfront.net	← cimg.filemobile.com
-
-
-	Problematic hosts in *filemobile.com:
-
-		- bugreport ᵐ	(CN: *.mediafactory.fm)
-
-	ᵐ Mismatched
-
--->
-<ruleset name="Filemobile.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="filemobile.com" />
-	<target host="developer.filemobile.com" />
-	<target host="rstorage.filemobile.com" />
-	<target host="www.filemobile.com" />
-
-	<!--	Complications:
-				-->
-	<target host="assets.filemobile.com" />
-	<target host="cimg.filemobile.com" />
-	<target host="storage.filemobile.com" />
-
-
-	<securecookie host="^(?:.+\.)?filemobile\.com$" name=".+" />
-
-
-	<rule from="^http://(assets|storage)\.filemobile\.com/"
-		to="https://s3.amazonaws.com/$1.filemobile.com/" />
-
-	<rule from="^http://cimg\.filemobile\.com/"
-		to="https://d2ksawk1637r8x.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Film-Threat.xml b/src/chrome/content/rules/Film-Threat.xml
index 80f793df4dd3..1ab2cc52aa4e 100644
--- a/src/chrome/content/rules/Film-Threat.xml
+++ b/src/chrome/content/rules/Film-Threat.xml
@@ -6,15 +6,16 @@ Fetch error: http://filmthreat.com/ => https://filmthreat.com/: (7, 'Failed to c
 Disabled by https-everywhere-checker because:
 Fetch error: http://filmthreat.com/ => https://filmthreat.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Film Threat" default_off='failed ruleset test'>
+<ruleset name="Film Threat" default_off="failed ruleset test">
 
-	<target host="filmthreat.com"/>
-	<target host="*.filmthreat.com"/>
+	<target host="filmthreat.com" />
+	<target host="media.filmthreat.com" />
+	<target host="media2.filmthreat.com" />
+	<target host="www.filmthreat.com" />
 	<!--	for cross-domain cookie		-->
 
-	<securecookie host="^(?:.*\.)?filmthreat\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(media2?\.|www\.)?filmthreat\.com/"
-		to="https://$1filmthreat.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FilmTrack.xml b/src/chrome/content/rules/FilmTrack.xml
index 0c96f4ad36e0..9a03d11c6a06 100644
--- a/src/chrome/content/rules/FilmTrack.xml
+++ b/src/chrome/content/rules/FilmTrack.xml
@@ -9,7 +9,7 @@
 	<target host="*.filmtrackonline.com" />
 
 
-	<securecookie host="^.+\.filmtrackonline\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://([\w-]+)\.filmtrackonline\.com/"
@@ -18,4 +18,4 @@
 	<rule from="^http://([\w-]+)\.extranet2\.filmtrackonline\.com/"
 		to="https://$1.filmtrackonline.com/extranet/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Film_Linc.com-falsemixed.xml b/src/chrome/content/rules/Film_Linc.com-falsemixed.xml
index 7df0ff466cab..3a8f707fad3c 100644
--- a/src/chrome/content/rules/Film_Linc.com-falsemixed.xml
+++ b/src/chrome/content/rules/Film_Linc.com-falsemixed.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="Film Linc.com (false MCB)" platform="mixedcontent">
 
-	<target host="*.filmlinc.com" />
+	<target host="www.filmlinc.com" />
 
 
 	<securecookie host="^(?:www)?\.filmlinc\.com$" name=".+" />
 
 
-	<rule from="^http://www\.filmlinc\.com/"
-		to="https://www.filmlinc.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Film_Linc.com.xml b/src/chrome/content/rules/Film_Linc.com.xml
index ada4af10b0dd..e615b7234148 100644
--- a/src/chrome/content/rules/Film_Linc.com.xml
+++ b/src/chrome/content/rules/Film_Linc.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://filmlinc.com/ => https://filmlinc.com/: (51, "SSL: no altern
 	* Secured by us
 
 -->
-<ruleset name="Film Linc.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Film Linc.com (partial)" default_off="failed ruleset test">
 
 	<target host="filmlinc.com" />
 	<target host="secure.filmlinc.com" />
diff --git a/src/chrome/content/rules/Filmdates.co.uk.xml b/src/chrome/content/rules/Filmdates.co.uk.xml
index f33a20431bfa..053294820c5e 100644
--- a/src/chrome/content/rules/Filmdates.co.uk.xml
+++ b/src/chrome/content/rules/Filmdates.co.uk.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?filmdates\.co\.uk/(?=(?:content|reminders|widget(?!/details))(?:$|[?/])|css/|dummy\.html|favicon\.ico|headshots/|images/|js/|posters/|tools/)"
 		to="https://www.filmdates.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Filmlair.xml b/src/chrome/content/rules/Filmlair.xml
deleted file mode 100644
index 4ea55e821473..000000000000
--- a/src/chrome/content/rules/Filmlair.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gs1.wac.edgecastcdn.net/8051D5/
-
--->
-<ruleset name="Filmlair">
-
-	<target host="filmlair.com" />
-	<target host="www.filmlair.com" />
-
-
-	<securecookie host="^(?:www\.)?filmlair\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Filmlash.com.xml b/src/chrome/content/rules/Filmlash.com.xml
index 834a8de79709..722e226f7bc9 100644
--- a/src/chrome/content/rules/Filmlash.com.xml
+++ b/src/chrome/content/rules/Filmlash.com.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Filter.xml b/src/chrome/content/rules/Filter.xml
index 7325b4a9b135..408649cd0433 100644
--- a/src/chrome/content/rules/Filter.xml
+++ b/src/chrome/content/rules/Filter.xml
@@ -9,4 +9,4 @@
 	<rule from="^http://(www\.)?filterdigital\.com/(CaptchaType\.ashx|[cC]onnections/[bB]log/(?:editors/tiny_mce/|image\.axd|pics/|themes/)|[rR]es/(?:img/|screen\.css))"
 		to="https://$1filterdigital.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fimfiction.net.xml b/src/chrome/content/rules/Fimfiction.net.xml
deleted file mode 100644
index ec279e6167e7..000000000000
--- a/src/chrome/content/rules/Fimfiction.net.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Fully covered hosts in *fimfiction.net:
-
-		- (www.)?
-		- cdn-img
-		- static
-
-
-	Insecure cookies are set for these domains:
-
-		- .fimfiction.net
-
--->
-<ruleset name="Fimfiction.net">
-
-	<!--	Direct rewrites:
-				-->
-  <target host="fimfiction.net" />
-	<target host="cdn-img.fimfiction.net" />
-	<target host="static.fimfiction.net" />
-  <target host="www.fimfiction.net" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.fimfiction\.net$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.fimfiction\.net$" name=".+" />
-
-
-  <rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fimserve.com.xml b/src/chrome/content/rules/Fimserve.com.xml
index 7fa558cb8b73..eb6a944b0538 100644
--- a/src/chrome/content/rules/Fimserve.com.xml
+++ b/src/chrome/content/rules/Fimserve.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://trgc.opt.fimserve.com/ => https://trgc.opt.fimserve.com/: (6
 	For other Rubicon Project coverage, see Rubicon-Project.xml.
 
 -->
-<ruleset name="fimserve.com" default_off='failed ruleset test'>
+<ruleset name="fimserve.com" default_off="failed ruleset test">
 
 	<target host="*.opt.fimserve.com" />
 
diff --git a/src/chrome/content/rules/Final-Score.xml b/src/chrome/content/rules/Final-Score.xml
index 77c2188edfc8..119eb56da78d 100644
--- a/src/chrome/content/rules/Final-Score.xml
+++ b/src/chrome/content/rules/Final-Score.xml
@@ -17,7 +17,11 @@
 <ruleset name="Final-Score">
 
 	<target host="final-score.com" />
-	<target host="*.final-score.com" />
+	<target host="www.final-score.com" />
+	<target host="ebm.e.final-score.com" />
+	<target host="f.e.final-score.com" />
+	<target host="images.final-score.com" />
+	<target host="m.final-score.com" />
 
 
 	<securecookie host="^.*\.final-score\.com$" name=".+" />
@@ -32,7 +36,6 @@
 	<rule from="^http://f\.e\.final-score\.com/"
 		to="https://f.chtah.com/" />
 
-	<rule from="^http://(images|m)\.final-score\.com/"
-		to="https://$1.final-score.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Finalsite.xml b/src/chrome/content/rules/Finalsite.xml
index d5e12b8b8852..8b4b7384dce1 100644
--- a/src/chrome/content/rules/Finalsite.xml
+++ b/src/chrome/content/rules/Finalsite.xml
@@ -19,16 +19,21 @@ Fetch error: http://finalsite.com/ => https://finalsite.com/: (51, "SSL: no alte
 		- secureprivate
 
 -->
-<ruleset name="finalsite (partial)" default_off='failed ruleset test'>
+<ruleset name="finalsite (partial)" default_off="failed ruleset test">
 
 	<target host="finalsite.com" />
-	<target host="*.finalsite.com" />
+	<target host="demo.finalsite.com" />
+	<target host="securecss.finalsite.com" />
+	<target host="securedata.finalsite.com" />
+	<target host="secureimages.finalsite.com" />
+	<target host="securejs.finalsite.com" />
+	<target host="secureprivate.finalsite.com" />
+	<target host="www.finalsite.com" />
 
 
 	<securecookie host="^(?:www)?\.finalsite\.com$" name=".+" />
 
 
-	<rule from="^http://((?:demo|secure(?:css|data|images|js|private)|www)\.)?finalsite\.com/"
-		to="https://$1finalsite.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Finam.xml b/src/chrome/content/rules/Finam.xml
index 0ddb948c723f..c021d7af8ee3 100644
--- a/src/chrome/content/rules/Finam.xml
+++ b/src/chrome/content/rules/Finam.xml
@@ -6,7 +6,7 @@ Fetch error: http://fb.finam.ru/ => https://fb.finam.ru/: (28, 'Connection timed
 Disabled by https-everywhere-checker because:
 Fetch error: http://fb.finam.ru/ => https://fb.finam.ru/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Finam (partial)" default_off='failed ruleset test'>
+<ruleset name="Finam (partial)" default_off="failed ruleset test">
 
 	<target host="fb.finam.ru"/>
 
diff --git a/src/chrome/content/rules/FinancialHacks.ca.xml b/src/chrome/content/rules/FinancialHacks.ca.xml
new file mode 100644
index 000000000000..e3b5a9ef2c56
--- /dev/null
+++ b/src/chrome/content/rules/FinancialHacks.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="FinancialHacks.ca">
+	<target host="financialhacks.ca" />
+	<target host="www.financialhacks.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Financial_Times.xml b/src/chrome/content/rules/Financial_Times.xml
index 602358ab4b96..e187ec24e9e3 100644
--- a/src/chrome/content/rules/Financial_Times.xml
+++ b/src/chrome/content/rules/Financial_Times.xml
@@ -7,42 +7,21 @@
 		- discussions.ft.com
 		- funds.ft.com
 		- membership.ft.com
-		- nbe.ft.com
 
 		SSL connect error:
 		- ftcorporate.ft.com
 
 		SSL peer certificate was not OK:
-		- blogs.ft.com
-		- im.media.ft.com
-		- s1.media.ft.com
-		- s4.media.ft.com
-		- test.media.ft.com
-		- reg.test.media.ft.com
-		- s1.test.media.ft.com
-		- s2.test.media.ft.com
-		- s3.test.media.ft.com
-		- origami.ft.com
-		- rankings.ft.com
-		- search.ft.com
-		- static-render-p.ft.com
 		- webservices.ft.com
-		- navigation.webservices.ft.com
 
-		Status code mismatch:
-		- h2.ft.com
-
-		5xx server error:
-		- registration.ft.com
-
-		Secure connection redirects to plaintext:
+		Redirects to HTTP:
 		- announce.ft.com
 -->
 <ruleset name="Financial Times (partial)">
 	<target host="ft.com" />
-	<target host="www.ft.com" />
 	<target host="aboutus.ft.com" />
 	<target host="accounts.ft.com" />
+	<target host="blogs.ft.com" />
 	<target host="buildservice.ft.com" />
 	<target host="enterprise.ft.com" />
 	<target host="force.ft.com" />
@@ -52,23 +31,34 @@
 	<target host="live.ft.com" />
 	<target host="markets.ft.com" />
 	<target host="cdn.markets.ft.com" />
-	<target host="media.ft.com" />
 	<target host="myaccount.ft.com" />
+	<target host="media.ft.com" />
+	<target host="im.media.ft.com" />
+	<target host="s1.media.ft.com" />
+	<target host="s4.media.ft.com" />
+	<target host="nbe.ft.com" />
 	<target host="next.ft.com" />
 	<target host="next-geebee.ft.com" />
+	<target host="origami.ft.com" />
 	<target host="build.origami.ft.com" />
 	<target host="origami-build.ft.com" />
 	<target host="propertylistings.ft.com" />
+	<target host="rankings.ft.com" />
 	<target host="register.ft.com" />
+	<target host="registration.ft.com" />
 	<target host="s3o.ft.com" />
+	<target host="search.ft.com" />
 	<target host="spoor-api.ft.com" />
+	<target host="static-render-p.ft.com" />
 	<target host="stats.ft.com" />
 	<target host="sub.ft.com" />
 	<target host="subscribe.ft.com" />
 	<target host="the125.ft.com" />
-	<target host="track.ft.com" />
 	<target host="video.ft.com" />
 	<target host="image.webservices.ft.com" />
+	<target host="navigation.webservices.ft.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Financialtrans.com.xml b/src/chrome/content/rules/Financialtrans.com.xml
index 2b73d52f9833..389d77c10196 100644
--- a/src/chrome/content/rules/Financialtrans.com.xml
+++ b/src/chrome/content/rules/Financialtrans.com.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FinansWatch.xml b/src/chrome/content/rules/FinansWatch.xml
index c8856a2e28e0..52819166909e 100644
--- a/src/chrome/content/rules/FinansWatch.xml
+++ b/src/chrome/content/rules/FinansWatch.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.finanswatch.dk/ => https://www.finanswatch.dk/: (51, "SS
     http://finanswatch.dk/template/fwVer1-0/css/fw_global.css?rev=35794
   is essential for the layout but is served through http.
 -->
-<ruleset name="FinansWatch (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FinansWatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="finanswatch.dk" />
 	<target host="www.finanswatch.dk" />
 
diff --git a/src/chrome/content/rules/Finansportalen.no.xml b/src/chrome/content/rules/Finansportalen.no.xml
index cabda0e3fcbf..371fd20f755e 100644
--- a/src/chrome/content/rules/Finansportalen.no.xml
+++ b/src/chrome/content/rules/Finansportalen.no.xml
@@ -10,7 +10,7 @@ Fetch error: http://stat.finansportalen.no/ => https://stat.finansportalen.no/:
 		- www.finansportalen.no
 
 -->
-<ruleset name="Finansportalen.no" default_off='failed ruleset test'>
+<ruleset name="Finansportalen.no" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Finanssialan-Keskusliitto.xml b/src/chrome/content/rules/Finanssialan-Keskusliitto.xml
index a91ed72c7177..0552ad9f0d8b 100644
--- a/src/chrome/content/rules/Finanssialan-Keskusliitto.xml
+++ b/src/chrome/content/rules/Finanssialan-Keskusliitto.xml
@@ -5,7 +5,7 @@ Fetch error: http://fkl.fi/ => https://fkl.fi/: (7, 'Failed to connect to fkl.fi
 Fetch error: http://www.fkl.fi/ => https://www.fkl.fi/: (7, 'Failed to connect to www.fkl.fi port 443: Connection refused')
 
 -->
-<ruleset name="Finanssialan Keskusliitto" default_off='failed ruleset test'>
+<ruleset name="Finanssialan Keskusliitto" default_off="failed ruleset test">
 	<target host="fkl.fi"/>
 	<target host="www.fkl.fi"/>
 	<target host="extranet.fkl.fi"/>
diff --git a/src/chrome/content/rules/Finanstilsynet.dk.xml b/src/chrome/content/rules/Finanstilsynet.dk.xml
deleted file mode 100644
index e8a2fb0e436e..000000000000
--- a/src/chrome/content/rules/Finanstilsynet.dk.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.finanstilsynet.dk
-
--->
-<ruleset name="Finanstilsynet.dk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="finanstilsynet.dk" />
-	<target host="www.finanstilsynet.dk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.finanstilsynet\.dk$" name="^(ASP\.NET_SessionId|ftswebsitelocal#lang=\w\w)$" /-->
-
-	<securecookie host="^www\.finanstilsynet\.dk$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml b/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml
index 0bb13a0e4080..71e4f102d9f7 100644
--- a/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml
+++ b/src/chrome/content/rules/Finanzberatung_Max_Herbst.xml
@@ -12,7 +12,8 @@
 -->
 <ruleset name="Finanzberatung Max Herbst (partial)">
 
-	<target host="*.fmh.de" />
+	<target host="cdn3.fmh.de" />
+	<target host="rechner.fmh.de" />
 
 
 	<rule from="^http://(?:cdn3|rechner)\.fmh\.de/"
diff --git a/src/chrome/content/rules/Find-n-Save.xml b/src/chrome/content/rules/Find-n-Save.xml
index 639c8ed774d8..3940c5c8816a 100644
--- a/src/chrome/content/rules/Find-n-Save.xml
+++ b/src/chrome/content/rules/Find-n-Save.xml
@@ -40,7 +40,7 @@ Fetch error: http://cdn.findnsave.com/ => https://d3ne1tggqg4fzy.cloudfront.net/
 
 
 -->
-<ruleset name="Find n Save.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Find n Save.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Find.ly.xml b/src/chrome/content/rules/Find.ly.xml
deleted file mode 100644
index eec91a0c2457..000000000000
--- a/src/chrome/content/rules/Find.ly.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	(www.)?: 503, Akamai
-
--->
-<ruleset name="Find.ly (partial)">
-
-	<target host="connectssl.find.ly" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FindArticles.com.xml b/src/chrome/content/rules/FindArticles.com.xml
new file mode 100644
index 000000000000..8e64a95e07e1
--- /dev/null
+++ b/src/chrome/content/rules/FindArticles.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Non-functional hosts
+		Mixed content blocking (MCB) triggered:
+		- findarticles.com
+		- www.findarticles.com
+		- de.findarticles.com
+		- fr.findarticles.com
+-->
+<ruleset name="FindArticles.com" platform="mixedcontent">
+	<target host="findarticles.com" />
+	<target host="www.findarticles.com" />
+	<target host="de.findarticles.com" />
+	<target host="es.findarticles.com" />
+	<target host="fr.findarticles.com" />
+	<target host="mx.findarticles.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FindTheBest.xml b/src/chrome/content/rules/FindTheBest.xml
index c144a00630d4..205977e854c5 100644
--- a/src/chrome/content/rules/FindTheBest.xml
+++ b/src/chrome/content/rules/FindTheBest.xml
@@ -28,7 +28,7 @@ Fetch error: http://findthebest.com/ => https://findthebest.com/: (51, "SSL: no
 			- *		(per-client domains)
 
 -->
-<ruleset name="FindTheBest.com" default_off='failed ruleset test'>
+<ruleset name="FindTheBest.com" default_off="failed ruleset test">
 
 	<target host="findthebest.com" />
 	<target host="*.findthebest.com" />
diff --git a/src/chrome/content/rules/Find_a_Grave.xml b/src/chrome/content/rules/Find_a_Grave.xml
index dd2039a6fd1a..c64699c346b8 100644
--- a/src/chrome/content/rules/Find_a_Grave.xml
+++ b/src/chrome/content/rules/Find_a_Grave.xml
@@ -12,7 +12,8 @@
 <ruleset name="Find a Grave (partial)">
 
 	<target host="findagrave.com" />
-	<target host="*.findagrave.com" />
+	<target host="secure.findagrave.com" />
+	<target host="www.findagrave.com" />
 		<!--
 			Redirects back to www:
 						-->
@@ -22,4 +23,4 @@
 	<rule from="^http://(?:secure\.|www\.)?findagrave\.com/"
 		to="https://secure.findagrave.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Findgravy.com.xml b/src/chrome/content/rules/Findgravy.com.xml
index 314e568076f2..a6def9b61970 100644
--- a/src/chrome/content/rules/Findgravy.com.xml
+++ b/src/chrome/content/rules/Findgravy.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.findgravy.com/ => https://www.findgravy.com/: (51, "SSL:
 	* Not secured by us <= mismatched (forced endpoint)
 
 -->
-<ruleset name="find Gravy.com" default_off='failed ruleset test'>
+<ruleset name="find Gravy.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Findlawimages.com.xml b/src/chrome/content/rules/Findlawimages.com.xml
new file mode 100644
index 000000000000..4bb0c3b2abf1
--- /dev/null
+++ b/src/chrome/content/rules/Findlawimages.com.xml
@@ -0,0 +1,9 @@
+<!--
+        Refused:
+                findlawimages.com
+-->
+<ruleset name="Findlaw Images">
+	<target host="www.findlawimages.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fine_Art_America.xml b/src/chrome/content/rules/Fine_Art_America.xml
index 12080a6af946..5202dae43dba 100644
--- a/src/chrome/content/rules/Fine_Art_America.xml
+++ b/src/chrome/content/rules/Fine_Art_America.xml
@@ -55,10 +55,6 @@
 	<securecookie host="^\." name="^__utm" />
 	<securecookie host="^\w" name=".+" />
 
-
-	<rule from="^http://images\.fineartamerica\.com/"
-		to="https://s3.amazonaws.com/images.fineartamerica.com/" />
-
 	<rule from="^http://(?:imageslocal|render)\.fineartamerica\.com/"
 		to="https://fineartamerica.com/" />
 
diff --git a/src/chrome/content/rules/Fineproxy.org-problematic.xml b/src/chrome/content/rules/Fineproxy.org-problematic.xml
index 3ceb27761fc7..6e118ccc3fa3 100644
--- a/src/chrome/content/rules/Fineproxy.org-problematic.xml
+++ b/src/chrome/content/rules/Fineproxy.org-problematic.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fineproxy.org.xml b/src/chrome/content/rules/Fineproxy.org.xml
index b06944b834ca..720d8eed1e4b 100644
--- a/src/chrome/content/rules/Fineproxy.org.xml
+++ b/src/chrome/content/rules/Fineproxy.org.xml
@@ -39,7 +39,7 @@ Fetch error: http://forum.fineproxy.org/ => https://forum.fineproxy.org/: (6, 'C
 	* Secured by us
 
 -->
-<ruleset name="Fineproxy.org (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Fineproxy.org (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FinnChristiansen.de.xml b/src/chrome/content/rules/FinnChristiansen.de.xml
index 250b5fc8f32d..5bfdb6dc7eae 100644
--- a/src/chrome/content/rules/FinnChristiansen.de.xml
+++ b/src/chrome/content/rules/FinnChristiansen.de.xml
@@ -4,7 +4,7 @@
 		- css from $self
 
 -->
-<ruleset name="FinnChristiansen.de" default_off="untrusted root">
+<ruleset name="FinnChristiansen.de" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Finto.fi.xml b/src/chrome/content/rules/Finto.fi.xml
new file mode 100644
index 000000000000..e1ec37c588a8
--- /dev/null
+++ b/src/chrome/content/rules/Finto.fi.xml
@@ -0,0 +1,18 @@
+<!--
+	finto.fi has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+-->
+<ruleset name="Finto.fi">
+	<target host="finto.fi" />
+	<target host="www.finto.fi" />
+	<target host="analytics.finto.fi" />
+	<target host="api.finto.fi" />
+	<target host="ehdotus.dev.finto.fi" />
+	<target host="vocbench.dev.finto.fi" />
+	<target host="ehdotus.finto.fi" />
+	<target host="legacy.finto.fi" />
+	<target host="staging.finto.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.bank.xml b/src/chrome/content/rules/Fio.bank.xml
new file mode 100644
index 000000000000..a5fa73d407a0
--- /dev/null
+++ b/src/chrome/content/rules/Fio.bank.xml
@@ -0,0 +1,11 @@
+<!--
+	No route:
+		- ns1
+		- ns2
+-->
+<ruleset name="Fio.bank">
+	<target host="fio.bank" />
+	<target host="www.fio.bank" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.cz.xml b/src/chrome/content/rules/Fio.cz.xml
new file mode 100644
index 000000000000..c39fb0f5794a
--- /dev/null
+++ b/src/chrome/content/rules/Fio.cz.xml
@@ -0,0 +1,152 @@
+<!--
+	Incomplete certificate chain:
+		- jahodnik
+		- sb
+
+	Expired:
+		- ns12
+
+	Mismatched:
+		- acs-ds-mc
+		- acs-ds-visa
+		- acs-gw-cde1
+		- acs-gw-cde2
+		- akcie
+		- aron
+		- ftp
+		- wiki
+		- www-adm
+
+	Self-signed:
+		- podepisovac1
+		- podepisovac2
+		- testacs
+
+	Refused:
+		- boleslavgw
+		- bragw
+		- bratislavagw
+		- breclavgw
+		- brno2gw
+		- brnogw
+		- cisco-optika-vviss
+		- frydekgw
+		- fwd
+		- hgw
+		- hodoningw
+		- hradecgw
+		- hradistegw
+		- jecnagw
+		- jihlavagw
+		- kali
+		- kladnogw
+		- klatovygw
+		- kolingw
+		- kromerizgw
+		- liberecgw
+		- nachodgw
+		- ogw
+		- ologw
+		- olomoucgw
+		- opavagw
+		- ostravagw
+		- pankracgw
+		- pardubicegw
+		- prostejovgw
+		- radlickagw
+		- rybnagw
+		- strakonicegw
+		- sumperkgw
+		- svitavygw
+		- taborgw
+		- trebicgw
+		- trutnovgw
+		- ustinlgw
+		- ustinogw
+		- varygw
+		- wwwx
+		- zdargw
+		- zlingw
+
+	No route:
+		- cisco-csp
+		- cms-cde1
+		- cms-cde2
+		- dexter3
+		- dsbox1
+		- dsbox2
+		- estman1dev
+		- fiopr-gw1
+		- jahodnik1
+		- jahodnik2
+		- millenium1
+		- nat
+		- neconoveho
+		- ns
+		- ns1
+		- ns11
+		- ns2
+		- odette
+		- odile
+		- rezerva-jahodnik-plovouci
+		- rezerva1-jahodnik2
+		- rezerva2-jahodnik2
+		- rothbart
+		- router
+		- router1
+		- router2
+		- router3
+		- siegfried
+		- sofia
+		- ssb
+		- streamer2
+		- swan
+		- swan2
+		- swan2gw
+		- univnet1
+		- univnet2
+		- valkyra1
+		- valkyra1cdeweb-cde1
+		- valkyra2
+		- valkyra2cdeweb-cde2
+		- vpn1
+		- vpn2
+		- vpn3
+		- vviss
+		- vviss-ns
+		- vviss-smtp
+		- vviss-www
+		- xetra-cisco
+
+	Time out:
+		- aladin
+		- bgw
+		- budejovicegw
+		- cbgw
+		- ceskebubgw
+		- cisco-gts
+		- cisco-optika-millenium
+		- dmz1-millenium
+		- millenium
+		- millenium-gts
+		- millenium-www
+		- millennium
+		- podpis
+		- smtp-out
+		- smtp1
+		- smtp2
+		- streamer
+		- streamer1
+-->
+<ruleset name="Fio.cz">
+	<target host="fio.cz" />
+	<target host="www.fio.cz" />
+	<target host="acs.fio.cz" />
+	<target host="ib.fio.cz" />
+	<target host="m.fio.cz" />
+	<target host="www1.fio.cz" />
+	<target host="www2.fio.cz" />
+	<target host="www3.fio.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.hu.xml b/src/chrome/content/rules/Fio.hu.xml
new file mode 100644
index 000000000000..61dbe9788f54
--- /dev/null
+++ b/src/chrome/content/rules/Fio.hu.xml
@@ -0,0 +1,11 @@
+<!--
+	Time out:
+		- ^
+-->
+<ruleset name="Fio.hu">
+	<target host="fio.hu" />
+	<target host="www.fio.hu" />
+
+	<rule from="^http://fio\.hu/" to="https://www.fio.hu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.pl.xml b/src/chrome/content/rules/Fio.pl.xml
new file mode 100644
index 000000000000..3548b8af8241
--- /dev/null
+++ b/src/chrome/content/rules/Fio.pl.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www1
+
+	Time out:
+		- ^
+-->
+<ruleset name="Fio.pl">
+	<target host="fio.pl" />
+	<target host="www.fio.pl" />
+
+	<rule from="^http://fio\.pl/" to="https://www.fio.pl/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fio.sk.xml b/src/chrome/content/rules/Fio.sk.xml
new file mode 100644
index 000000000000..9f0589d5a20d
--- /dev/null
+++ b/src/chrome/content/rules/Fio.sk.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- ^
+		- www-adm
+-->
+<ruleset name="Fio.sk">
+	<target host="fio.sk" />
+	<target host="www.fio.sk" />
+	<target host="ib.fio.sk" />
+	<target host="m.fio.sk" />
+
+	<rule from="^http://fio\.sk/" to="https://www.fio.sk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FiqhAcademy.com.xml b/src/chrome/content/rules/FiqhAcademy.com.xml
deleted file mode 100644
index e20f64923156..000000000000
--- a/src/chrome/content/rules/FiqhAcademy.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="FiqhAcademy.com">
-	<target host="fiqhacademy.com" />
-	<target host="www.fiqhacademy.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/FireEye.xml b/src/chrome/content/rules/FireEye.xml
index 5b6cbbd6d1a3..d4d408280b74 100644
--- a/src/chrome/content/rules/FireEye.xml
+++ b/src/chrome/content/rules/FireEye.xml
@@ -1,66 +1,49 @@
 <!--
-	Nonfunctional subdomains:
-
-		- investors *
-
-	* shareholder
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- blog ²
-
-	¹ Refused
-	² "SSL Not Supported"
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- blog		(→ www)
-		- tfs
-		- www2
-
-
-	Mixed content:
-
-		- css on www from www ¹
-
-		- Images, on:
-
-			- www from www ²
-			- www2 from www2 ²
-
-		- Ads/bugs, on www from:
-
-			- s7.addthis.com ²
-			- ad.doubleclick.net ²
-			- t5.trackalyzer.com ²
-
-	¹ Secured by us, formatting for a social button
-	² Secured by us
-
+	Refused/Nonfunctional:
+		aiws.*
+		api.eu*
+		ati.*
+		autodiscover.*
+		avsuite-.*
+		bmw-.*
+		docs.*
+		drop.*
+		edulabs.
+		emea.*
+		engvpn.*
+		event-registration.*
+		faude-.*
+		hex.*
+		ir*.
+		jira.eng.*
+		learning.*
+		mirprd*.
+		selab.emea.*
+		user[0-9].*
+		validation.eng.*
+		vpn.selab.emea.*
+
+	Invalid Certificate:
+		arc.*
+
+	Redirects to Microsoft:
+		aware.fireeye.com
 -->
-<ruleset name="FireEye (partial)">
-
+<ruleset name="FireEye">
 	<target host="fireeye.com" />
-	<target host="*.fireeye.com" />
-		<!--exclusion pattern="^http://investors\.fireeye\.com/" /-->
-
-
-	<securecookie host="^(?:www)?\.fireeye\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fireeye\.com/"
-		to="https://www.fireeye.com/" />
-
-	<!--	Redirect drops path but not args:
-							-->
-	<rule from="^http://blog\.fireeye\.com/[^?]*"
-		to="https://www.fireeye.com/blog/" />
-
-	<rule from="^http://(csportal|tfs|www2)\.fireeye\.com/"
-		to="https://$1.fireeye.com/" />
-
-</ruleset>
+	<target host="ambassadors.fireeye.com" />
+	<target host="apps.fireeye.com" />
+	<target host="brand.fireeye.com" />
+	<target host="community.fireeye.com" />
+	<target host="connect.fireeye.com" />
+	<target host="console.eu.fireeye.com" />
+	<target host="content.fireeye.com" />
+	<target host="education.fireeye.com" />
+	<target host="etp.eu.fireeye.com" />
+	<target host="investors.fireeye.com" />
+	<target host="support.fireeye.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FireHost.xml b/src/chrome/content/rules/FireHost.xml
index ffbf63acebb0..839e2342c19c 100644
--- a/src/chrome/content/rules/FireHost.xml
+++ b/src/chrome/content/rules/FireHost.xml
@@ -5,13 +5,13 @@ Fetch error: http://firehost.com/ => http://firehost.com/: (60, 'SSL certificate
 	ne.wac.edgecastcdn.net/001415/assets/
 	ne.wac.edgecastcdn.net/801415/firehost.com/
 -->
-<ruleset name="FireHost (partial)" default_off='failed ruleset test'>
+<ruleset name="FireHost (partial)" default_off="failed ruleset test">
 
 	<target host="firehost.com"/>
 	<target host="*.firehost.com"/>
 		<exclusion pattern="^http://www\.firehost\.com/(?:company|compare|customers|details/[\w\-]+\w|secure-hosting(?:/[^/]?/)?|solutions)?$"/>
 
-	<securecookie host="^(?:.*\.)?firehost\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(www\.)?firehost\.com/(/_CaptchaImage\.axd|assets/|cart|company/contact|partners|protected/|secure-hosting/[\w\-]+/configure)"
 		to="https://$1firehost.com/$1"/>
diff --git a/src/chrome/content/rules/FireSmoke.ca.xml b/src/chrome/content/rules/FireSmoke.ca.xml
new file mode 100644
index 000000000000..b10987e0cc56
--- /dev/null
+++ b/src/chrome/content/rules/FireSmoke.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="FireSmoke.ca">
+	<target host="firesmoke.ca" />
+	<target host="www.firesmoke.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Firedoglake.xml b/src/chrome/content/rules/Firedoglake.xml
index c8cdcabf1db5..90623e612bc1 100644
--- a/src/chrome/content/rules/Firedoglake.xml
+++ b/src/chrome/content/rules/Firedoglake.xml
@@ -14,7 +14,7 @@ Fetch error: http://members.firedoglake.com/ => https://members.firedoglake.com/
 		- static1
 
 -->
-<ruleset name="Firedoglake (partial)" default_off='failed ruleset test'>
+<ruleset name="Firedoglake (partial)" default_off="failed ruleset test">
 
 	<target host="members.firedoglake.com" />
 
@@ -24,4 +24,4 @@ Fetch error: http://members.firedoglake.com/ => https://members.firedoglake.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Firefox.com.xml b/src/chrome/content/rules/Firefox.com.xml
index ab4ece3baff9..dea849b61639 100644
--- a/src/chrome/content/rules/Firefox.com.xml
+++ b/src/chrome/content/rules/Firefox.com.xml
@@ -1,30 +1,39 @@
 <!--
 	For other Mozilla coverage, see Mozilla.xml.
 
+	Mismatching certificate:
+		- detectportal.firefox.com
+
 	These altnames don't exist:
 		- scrypt.accounts.firefox.com
-
-	Insecure cookies are set for these hosts:
-		- marketplace.firefox.com
 -->
 <ruleset name="Firefox.com">
 	<target host="firefox.com" />
-	<target host="www.firefox.com" />
-	<target host="accounts.firefox.com" />
-	<target host="api.accounts.firefox.com" />
-	<target host="oauth.accounts.firefox.com" />
-	<target host="profile.accounts.firefox.com" />
-	<target host="verifier.accounts.firefox.com" />
-	<target host="design.firefox.com" />
-	<target host="hello.firefox.com" />
-	<target host="marketplace.firefox.com" />
-	<target host="screenshots.firefox.com" />
-	<target host="send.firefox.com" />
-	<target host="testpilot.firefox.com" />
+	<target host="*.firefox.com" />
+
+		<test url="http://www.firefox.com/" />
+		<test url="http://accounts.firefox.com/" />
+		<test url="http://api.accounts.firefox.com/" />
+		<test url="http://oauth.accounts.firefox.com/" />
+		<test url="http://profile.accounts.firefox.com/" />
+		<test url="http://verifier.accounts.firefox.com/" />
+		<test url="http://color.firefox.com/" />
+		<test url="http://design.firefox.com/" />
+		<test url="http://hello.firefox.com/" />
+		<test url="http://screenshots.firefox.com/" />
+		<test url="http://screenshotscdn.firefox.com/static/img/mozilla.svg" />
+		<test url="http://send.firefox.com/" />
+		<test url="http://testpilot.firefox.com/" />
+
+	<!-- Used to detect captive portals, requires plain HTTP -->
+	<exclusion pattern="http://detectportal\.firefox\.com/" />
+		<test url="http://detectportal.firefox.com/" />
 
 	<target host="firefoxusercontent.com" />
 	<target host="screenshots.firefoxusercontent.com" />
 		<test url="http://screenshots.firefoxusercontent.com/images/a4c03361-f597-4c4c-ba43-2dad0fe0584e.png" />
+	<target host="screenshotscdn.firefoxusercontent.com" />
+		<test url="http://screenshotscdn.firefoxusercontent.com/images/a4c03361-f597-4c4c-ba43-2dad0fe0584e.png" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/FirstChoiceLiquor.com.au.xml b/src/chrome/content/rules/FirstChoiceLiquor.com.au.xml
new file mode 100644
index 000000000000..711bbed5ec80
--- /dev/null
+++ b/src/chrome/content/rules/FirstChoiceLiquor.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- beta		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="First Choice Liquor">
+
+	<target host="firstchoiceliquor.com.au" />
+	<target host="www.firstchoiceliquor.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FirstTag.xml b/src/chrome/content/rules/FirstTag.xml
index 9b1f90f59897..2c6c44adb345 100644
--- a/src/chrome/content/rules/FirstTag.xml
+++ b/src/chrome/content/rules/FirstTag.xml
@@ -4,4 +4,4 @@
 
 <rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FirstVDS.ru.xml b/src/chrome/content/rules/FirstVDS.ru.xml
index 2e5e5a11538b..33c23c870a9e 100644
--- a/src/chrome/content/rules/FirstVDS.ru.xml
+++ b/src/chrome/content/rules/FirstVDS.ru.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.firstvds.ru/ => https://www.firstvds.ru/: (60, 'SSL cert
 	ᵈ Dropped
 
 -->
-<ruleset name="FirstVDS.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="FirstVDS.ru (partial)" default_off="failed ruleset test">
 
 	<target host="firstvds.ru" />
 	<target host="my.firstvds.ru" />
diff --git a/src/chrome/content/rules/First_Amendment_Coalition.xml b/src/chrome/content/rules/First_Amendment_Coalition.xml
index 0214a0b8992e..eee7e007e1fb 100644
--- a/src/chrome/content/rules/First_Amendment_Coalition.xml
+++ b/src/chrome/content/rules/First_Amendment_Coalition.xml
@@ -4,7 +4,7 @@
 		- www	(wpengine)
 
 -->
-<ruleset name="First Amendment Coalition" default_off='expired'>
+<ruleset name="First Amendment Coalition" default_off="expired">
 
 	<target host="firstamendmentcoalition.org" />
 	<target host="www.firstamendmentcoalition.org" />
diff --git a/src/chrome/content/rules/First_Class_Magazine.se.xml b/src/chrome/content/rules/First_Class_Magazine.se.xml
index b52fb8e6a3b8..ce29e93f1d40 100644
--- a/src/chrome/content/rules/First_Class_Magazine.se.xml
+++ b/src/chrome/content/rules/First_Class_Magazine.se.xml
@@ -15,15 +15,7 @@
 	<target host="media.firstclassmagazine.se" />
 	<target host="www.firstclassmagazine.se" />
 
-
 	<securecookie host="^\." name="^__cfduid$" />
 
-
-	<!--	s? for protocol-relative includes:
-							-->
-	<rule from="^https?://www\.firstclassmagazine\.se/"
-		to="https://firstclassmagazine.se/" />
-
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Firsts.com.xml b/src/chrome/content/rules/Firsts.com.xml
index 16a03b62d9f7..454ce3274557 100644
--- a/src/chrome/content/rules/Firsts.com.xml
+++ b/src/chrome/content/rules/Firsts.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.firsts.com/ => https://www.firsts.com/: (51, "SSL: no al
 	For other Vodafone Group coverage, see Vodafone.xml.
 
 -->
-<ruleset name="Firsts.com" default_off='failed ruleset test'>
+<ruleset name="Firsts.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FishNet_Security.com.xml b/src/chrome/content/rules/FishNet_Security.com.xml
index b493d486f068..7aaede8728f5 100644
--- a/src/chrome/content/rules/FishNet_Security.com.xml
+++ b/src/chrome/content/rules/FishNet_Security.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://fishnetsecurity.com/ => https://fishnetsecurity.com/: (60, '
 Fetch error: http://www.fishnetsecurity.com/ => https://www.fishnetsecurity.com/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="FishNet Security.com" default_off='failed ruleset test'>
+<ruleset name="FishNet Security.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FitBit.xml b/src/chrome/content/rules/FitBit.xml
index 9ae47f450552..c49f68d1c980 100644
--- a/src/chrome/content/rules/FitBit.xml
+++ b/src/chrome/content/rules/FitBit.xml
@@ -26,7 +26,7 @@ Fetch error: http://m.fitbit.com/ => https://m.fitbit.com/: (6, 'Could not resol
 		- lp.fitbit.com
 		- cache.fitbit.com (https://d6y8zfzc2qfsl.cloudfront.net/)
 -->
-<ruleset name="FitBit" default_off='failed ruleset test'>
+<ruleset name="FitBit" default_off="failed ruleset test">
 
 	<target host="fitbit.com" />
 	<target host="www.fitbit.com" />
diff --git a/src/chrome/content/rules/FitStudio.com.xml b/src/chrome/content/rules/FitStudio.com.xml
index e238900db56f..5fa797aa6950 100644
--- a/src/chrome/content/rules/FitStudio.com.xml
+++ b/src/chrome/content/rules/FitStudio.com.xml
@@ -42,10 +42,15 @@ Fetch error: http://fitstudio.com/ => https://fitstudio.com/: (56, 'SSL read: er
 	* Secured by us
 
 -->
-<ruleset name="FitStudio.com (partial)" default_off='failed ruleset test'>
+<ruleset name="FitStudio.com (partial)" default_off="failed ruleset test">
 
 	<target host="fitstudio.com" />
-	<target host="*.fitstudio.com" />
+	<target host="blog.fitstudio.com" />
+	<target host="gear.fitstudio.com" />
+	<target host="polls.fitstudio.com" />
+	<target host="sweeps.fitstudio.com" />
+	<target host="www.fitstudio.com" />
+	<target host="fitnessconnect.fitstudio.com" />
 		<!--
 			Redirects to http:
 						-->
diff --git a/src/chrome/content/rules/Fitgirl-repacks.site.xml b/src/chrome/content/rules/Fitgirl-repacks.site.xml
new file mode 100644
index 000000000000..4e1a517e6234
--- /dev/null
+++ b/src/chrome/content/rules/Fitgirl-repacks.site.xml
@@ -0,0 +1,6 @@
+<ruleset name="Fitgirl-repacks.site">
+	<target host="fitgirl-repacks.site" />
+	<target host="www.fitgirl-repacks.site" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fitness_Market.xml b/src/chrome/content/rules/Fitness_Market.xml
index 29f9009a73a0..4cab6288a524 100644
--- a/src/chrome/content/rules/Fitness_Market.xml
+++ b/src/chrome/content/rules/Fitness_Market.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?fitnessmarket\.com\.au/(favicon\.ico|shop/(?:(?:antibot_)?image\.php|cart\.php\?mode=checkout|images/|skin/|var/))"
 		to="https://$1fitnessmarket.com.au/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fiuza.me.xml b/src/chrome/content/rules/Fiuza.me.xml
index e168ad2f3c72..9d2094fd4e2d 100644
--- a/src/chrome/content/rules/Fiuza.me.xml
+++ b/src/chrome/content/rules/Fiuza.me.xml
@@ -6,11 +6,11 @@ Fetch error: http://fiuza.me/ => https://fiuza.me/: (7, 'Failed to connect to fi
 Disabled by https-everywhere-checker because:
 Fetch error: http://fiuza.me/ => https://fiuza.me/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="fiuza.me" default_off='failed ruleset test'>
+<ruleset name="fiuza.me" default_off="failed ruleset test">
 
 	<target host="fiuza.me" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FiveThirtyEight.com.xml b/src/chrome/content/rules/FiveThirtyEight.com.xml
deleted file mode 100644
index 781f59c2eb85..000000000000
--- a/src/chrome/content/rules/FiveThirtyEight.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="FiveThirtyEight.com">
-
-	<target host="fivethirtyeight.com" />
-		<!-- Redirect to http -->
-		<exclusion pattern="http://fivethirtyeight\.com/$" />
-		<test url="http://fivethirtyeight.com/politics/" />
-	<target host="www.fivethirtyeight.com" />
-	<target host="projects.fivethirtyeight.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FixUnix.xml b/src/chrome/content/rules/FixUnix.xml
index da7dc42a1d7b..d50f0b23317f 100644
--- a/src/chrome/content/rules/FixUnix.xml
+++ b/src/chrome/content/rules/FixUnix.xml
@@ -16,7 +16,7 @@ Fetch error: http://c.fixunix.com/ => https://d2yvm6gxdmpjqc.cloudfront.net/: (2
 	(www.)?fixunix.com: Plaintext reply
 
 -->
-<ruleset name="FixUnix.com (partial)" default_off='failed ruleset test'>
+<ruleset name="FixUnix.com (partial)" default_off="failed ruleset test">
 
 	<target host="c.fixunix.com" />
 
diff --git a/src/chrome/content/rules/Fix_Ubuntu.com.xml b/src/chrome/content/rules/Fix_Ubuntu.com.xml
deleted file mode 100644
index 92c8c0164864..000000000000
--- a/src/chrome/content/rules/Fix_Ubuntu.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Fix Ubuntu.com">
-
-	<target host="fixubuntu.com" />
-	<target host="www.fixubuntu.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fizy.com.xml b/src/chrome/content/rules/Fizy.com.xml
new file mode 100644
index 000000000000..96fb12e90cbb
--- /dev/null
+++ b/src/chrome/content/rules/Fizy.com.xml
@@ -0,0 +1,23 @@
+<!--
+	CDN buckets:
+		0.fizy-i.mncdn.com
+
+	Invalid certificate:
+		club.fizy.com
+		konser.fizy.com
+		music.fizy.com
+		ozel.fizy.com
+
+	Mixed content:
+		fizy.com/explore/ (Due to invalid mncdn.com certificate)
+ -->
+
+<ruleset name="fizy.com (partial)" platform="mixedcontent">
+	<target host="fizy.com" />
+
+	<securecookie host=".+" name="^_sid$" />
+	<securecookie host=".+" name="^_t$" />
+	<securecookie host=".+" name="^JSESSIONID$" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Flameeyes.xml b/src/chrome/content/rules/Flameeyes.xml
deleted file mode 100644
index 57e3d151290d..000000000000
--- a/src/chrome/content/rules/Flameeyes.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://earhart.flameeyes.eu/ => https://earhart.flameeyes.eu/: (6, 'Could not resolve host: earhart.flameeyes.eu')
-
-	Fully covered subdomains:
-
-		- (www.)
-		- assets
-		- blog
-		- earhart
-
--->
-<ruleset name="Flameeyes.eu" default_off='failed ruleset test'>
-
-	<target host="flameeyes.eu" />
-	<target host="assets.flameeyes.eu" />
-	<target host="blog.flameeyes.eu" />
-	<target host="earhart.flameeyes.eu" />
-	<target host="www.flameeyes.eu" />
-
-
-	<securecookie host="^blog\.flameeyes\.eu$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Flappening.watch.xml b/src/chrome/content/rules/Flappening.watch.xml
new file mode 100644
index 000000000000..0f168ce7bfe3
--- /dev/null
+++ b/src/chrome/content/rules/Flappening.watch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Flappening.watch">
+
+	<target host="flappening.watch" />
+	<target host="www.flappening.watch" />
+	<target host="cpanel.flappening.watch" />
+	<target host="mail.flappening.watch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flashtalking.xml b/src/chrome/content/rules/Flashtalking.xml
index e6c47e070636..114425e7a8b1 100644
--- a/src/chrome/content/rules/Flashtalking.xml
+++ b/src/chrome/content/rules/Flashtalking.xml
@@ -17,9 +17,10 @@
 <ruleset name="Flashtalking (partial)">
 
 	<target host="flashtalking.com" />
-	<target host="*.flashtalking.com" />
+	<target host="cdn.flashtalking.com" />
+	<target host="servedby.flashtalking.com" />
 	<target host="flashtalking.net" />
-	<target host="*.flashtalking.net" />
+	<target host="www.flashtalking.net" />
 
 
 	<!--	Not secured by server:
@@ -29,10 +30,6 @@
 	<securecookie host="^\.flashtalking\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cdn|servedby)\.)?flashtalking\.com/"
-		to="https://$1flashtalking.com/" />
-
-	<rule from="^http://(www\.)?flashtalking\.net/"
-		to="https://$1flashtalking.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Flaska.net.xml b/src/chrome/content/rules/Flaska.net.xml
index be0e4c89b1b9..6edbe9ff0da8 100644
--- a/src/chrome/content/rules/Flaska.net.xml
+++ b/src/chrome/content/rules/Flaska.net.xml
@@ -23,7 +23,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Flaska.net (partial)" default_off="missing certificate chain">
+<ruleset name="Flaska.net (partial)" default_off="cert-chain">
 
 	<target host="*.flaska.net" />
 		<!--exclusion pattern="^http://jkt\.flaska\.net/" /-->
diff --git a/src/chrome/content/rules/FlatKill.org.xml b/src/chrome/content/rules/FlatKill.org.xml
new file mode 100644
index 000000000000..e5bb278fc905
--- /dev/null
+++ b/src/chrome/content/rules/FlatKill.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="FlatKill.org">
+	<target host="flatkill.org" />
+	<target host="www.flatkill.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flattr.net.xml b/src/chrome/content/rules/Flattr.net.xml
index 435d3f762d34..949d84eaf3ed 100644
--- a/src/chrome/content/rules/Flattr.net.xml
+++ b/src/chrome/content/rules/Flattr.net.xml
@@ -24,7 +24,7 @@ Fetch error: http://static4.flattr.net/ => https://static4.flattr.net/: (51, "SS
 	¹ Mismatched
 
 -->
-<ruleset name="Flattr.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Flattr.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Flattr.xml b/src/chrome/content/rules/Flattr.xml
index a2b20d50293f..f8f669342e0c 100644
--- a/src/chrome/content/rules/Flattr.xml
+++ b/src/chrome/content/rules/Flattr.xml
@@ -31,7 +31,7 @@
 					-->
 	<!--securecookie host="^\.flattr\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.*\.)?flattr\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Flavors.me.xml b/src/chrome/content/rules/Flavors.me.xml
deleted file mode 100644
index 1d5e5f4a22a6..000000000000
--- a/src/chrome/content/rules/Flavors.me.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	Subdomains contain user pages that don't support HTTPS
--->
-<ruleset name="Flavors.me">
-
-        <target host="flavors.me" />
-
-        <rule from="^http:" to="https:" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Flibusta.is.xml b/src/chrome/content/rules/Flibusta.is.xml
deleted file mode 100644
index efcf8782084f..000000000000
--- a/src/chrome/content/rules/Flibusta.is.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!--cn. protocol error
-proxy. mismatch-->
-<ruleset name="Flibusta.is">
-	<target host="flibusta.is" />
-	<target host="www.flibusta.is" />
-	<target host="mobile.flibusta.is" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Flightglobal.xml b/src/chrome/content/rules/Flightglobal.xml
index 9835de22457d..118e78816aa4 100644
--- a/src/chrome/content/rules/Flightglobal.xml
+++ b/src/chrome/content/rules/Flightglobal.xml
@@ -5,7 +5,8 @@
 <ruleset name="Flightglobal (partial)" platform="mixedcontent">
 
 	<target host="flightglobal.com" />
-	<target host="*.flightglobal.com" />
+	<target host="www.flightglobal.com" />
+	<target host="pro.flightglobal.com" />
 	<target host="flightglobalshop.com" />
 	<target host="www.flightglobalshop.com" />
 
diff --git a/src/chrome/content/rules/Flinq.de.xml b/src/chrome/content/rules/Flinq.de.xml
deleted file mode 100644
index 0b803baa081a..000000000000
--- a/src/chrome/content/rules/Flinq.de.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	Non-functional hosts
-		Invalid certificate:
-			 - news.flinq.de
--->
-<ruleset name="Flinq.de">
-	<target host="flinq.de" />
-	<target host="www.flinq.de" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Flinto.com.xml b/src/chrome/content/rules/Flinto.com.xml
index fe0b2f1231ed..351b663f3d52 100644
--- a/src/chrome/content/rules/Flinto.com.xml
+++ b/src/chrome/content/rules/Flinto.com.xml
@@ -27,7 +27,8 @@
 <ruleset name="Flinto.com (partial)">
 
 	<target host="flinto.com" />
-	<target host="*.flinto.com" />
+	<target host="www.flinto.com" />
+	<target host="blog.flinto.com" />
 		<!--
 			Avoid user-visible paths:
 							-->
diff --git a/src/chrome/content/rules/Flite.xml b/src/chrome/content/rules/Flite.xml
deleted file mode 100644
index e833aae7c8e5..000000000000
--- a/src/chrome/content/rules/Flite.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	CDN buckets:
-
-		- awseb-flite-home-219083002.us-east-1.elb.amazonaws.com/...
-			- www.flite.com
-
-		- s3-website-us-east-1.amazonaws.com/...
-			- e.flite.com
-
-
-	Nonfunctional subdomains:
-
-		- ^
-		- e
-		- www
-
-
-	Partially covered domains:
-
-		- press		(CN: *.squarespace.com; at least some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- console
-		- p		(ads)
-		- r		(web bugs)
-		- s
-		- t
-
--->
-<ruleset name="Flite (partial)">
-
-	<target host="*.flite.com" />
-
-
-	<!--	Tracking cookie:
-					-->
-	<securecookie host="^\.flite\.com$" name="^__uuc2$" />
-	<securecookie host="^console\.flite\.com$" name=".+" />
-
-
-	<rule from="^http://(console|[prst])\.flite\.com/"
-		to="https://$1.flite.com/" />
-
-	<rule from="^http://press\.flite\.com/(display/|favicon\.ico|layout/|storage/|universal/)"
-		to="https://pressflite.squarespace.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Flix123.com.xml b/src/chrome/content/rules/Flix123.com.xml
deleted file mode 100644
index a504eee5fed8..000000000000
--- a/src/chrome/content/rules/Flix123.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="flix123.com">
-
-	<target host="flix123.com" />
-	<target host="www.flix123.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^flix123\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FlixBus.xml b/src/chrome/content/rules/FlixBus.xml
index 94f2ac5acb0d..905bbe2d94e4 100644
--- a/src/chrome/content/rules/FlixBus.xml
+++ b/src/chrome/content/rules/FlixBus.xml
@@ -32,6 +32,6 @@
 
   	<securecookie host="^.*\.flixbus\..*$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FlixDen.xml b/src/chrome/content/rules/FlixDen.xml
index ea461ef1ad99..0eb4e81109a0 100644
--- a/src/chrome/content/rules/FlixDen.xml
+++ b/src/chrome/content/rules/FlixDen.xml
@@ -5,7 +5,7 @@ Fetch error: http://flixden.com/ => https://flixden.com/: (51, "SSL: no alternat
 Fetch error: http://www.flixden.com/ => https://www.flixden.com/: (6, 'Could not resolve host: www.flixden.com')
 
 -->
-<ruleset name="FlixDen" default_off='failed ruleset test'>
+<ruleset name="FlixDen" default_off="failed ruleset test">
 
 	<target host="flixden.com" />
 	<target host="www.flixden.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.flixden.com/ => https://www.flixden.com/: (6, 'Could not
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flixster.xml b/src/chrome/content/rules/Flixster.xml
index 345250a4b66d..2334da3fbd2c 100644
--- a/src/chrome/content/rules/Flixster.xml
+++ b/src/chrome/content/rules/Flixster.xml
@@ -67,7 +67,7 @@ Fetch error: http://static.flixstercdn.com/ => https://static.flixstercdn.com/:
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Flixster (partial)" default_off='failed ruleset test'>
+<ruleset name="Flixster (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Floek.net.xml b/src/chrome/content/rules/Floek.net.xml
index 0934348ca9e1..e46ba57660b8 100644
--- a/src/chrome/content/rules/Floek.net.xml
+++ b/src/chrome/content/rules/Floek.net.xml
@@ -20,7 +20,8 @@ Fetch error: http://binefreund.de/ => https://www.floek.net/: (51, "SSL: no alte
 <ruleset name="Floek.net">
 
 	<target host="binefreund.de" />
-	<target host="*.binefreund.de" />
+	<target host="www.binefreund.de" />
+	<target host="schwimm.binefreund.de" />
 	<target host="floek.net" />
 	<target host="www.floek.net" />
 
@@ -31,7 +32,6 @@ Fetch error: http://binefreund.de/ => https://www.floek.net/: (51, "SSL: no alte
 	<rule from="^http://(?:www\.)?(?:binefreund\.de|floek\.net)/"
 		to="https://www.floek.net/" />
 
-	<rule from="^http://schwimm\.binefreund\.de/"
-		to="https://schwimm.binefreund.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Florida-Institute-of-Technology.xml b/src/chrome/content/rules/Florida-Institute-of-Technology.xml
index e160dcd3ffea..75763cef517d 100644
--- a/src/chrome/content/rules/Florida-Institute-of-Technology.xml
+++ b/src/chrome/content/rules/Florida-Institute-of-Technology.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://spam.fit.edu/ => https://spam.fit.edu/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://webmail.fit.edu/ => https://webmail.fit.edu/: (6, 'Could not resolve host: webmail.fit.edu')
 -->
-<ruleset name="Florida Institute of Technology (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Florida Institute of Technology (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fit.edu" />
 	<target host="alumni.fit.edu" />
diff --git a/src/chrome/content/rules/FloridaPolitics.com.xml b/src/chrome/content/rules/FloridaPolitics.com.xml
new file mode 100644
index 000000000000..5f2a421912da
--- /dev/null
+++ b/src/chrome/content/rules/FloridaPolitics.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FloridaPolitics.com">
+	<target host="floridapolitics.com" />
+	<target host="www.floridapolitics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Florida_Today.xml b/src/chrome/content/rules/Florida_Today.xml
index b541cb15837b..e66c98893b52 100644
--- a/src/chrome/content/rules/Florida_Today.xml
+++ b/src/chrome/content/rules/Florida_Today.xml
@@ -1,83 +1,46 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ads.flatdy.com/ => http://ads.flatdy.com/: (6, 'Could not resolve host: ads.flatdy.com')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://ads.flatdy.com/ => http://ads.flatdy.com/: (6, 'Could not resolve host: ads.flatdy.com')
-Fetch error: http://floridatoday.com/ => https://www.floridatoday.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.floridatoday.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
+	Non-functional hosts:
+		Timeout was reached:
+		- classifieds.floridatoday.com
+		- classifieds-prod.floridatoday.com
 
-	CDN buckets:
-
-		- san1.gmti.gannett.edgekey.net
-
-			- www.floridatoday.com
-
-		- img.gannett.edgesuite.net 
-			- cmsimg.floridatoday.com
-
-
-	Nonfunctional domains:
-
-		- classifieds.flatoday.com
-
-
-	Problematic domains:
-
-		- cmsimg.floridatoday.com		(Akamai; 503)
-		- deals.floridatoday.com		(CN: *.planetdiscover.com)
-		- origin-cmsimg.floridaytoday.com	(no https)
-		- search.floridatoday.com		(CN: *.planetdiscover.com)
-
+		SSL peer certificate was not OK:
+		- findnsave.floridatoday.com
 
-	Fully covered domains:
-
-		- ads.flatdy.net
-		- floridatoday.com
-		- cmsimg.floridatoday.com
-		- deals.floridatoday.com
-		- origin-cmsimg.floridatoday.com
-		- origin-www.floridatoday.com
-		- search.floridatoday.com
-		- www.floridatoday.com
+		Incomplete certificate chain error:
+		- local.floridatoday.com
 
+		Mixed content blocking (MCB) triggered:
+		- blogs.floridatoday.com
+		- events.floridatoday.com
+		- realestate.floridatoday.com
+		- solutions.floridatoday.com
 -->
-<ruleset name="Florida Today (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="ads.flatdy.com" />
+<ruleset name="Florida Today">
 	<target host="floridatoday.com" />
-	<target host="*.floridatoday.com" />
-
-
-	<!--	Observed cookie domains:
-
-			- ads.flatdy.com
-			- floridatoday.com
-			- .floridatoday.com
-			- www.floridatoday.com
-						-->
-	<securecookie host="^(?:.*\.)fl(?:atd|oridatoda)y\.com$" name=".+" />
-
-
-	<rule from="^http://ads\.flatdy\.net/"
-		to="https://ads.flatdy.net/" />
-
-	<rule from="^http://(?:(?:origin-)?cmsimg\.)?floridatoday\.com/"
-		to="https://www.floridatoday.com/" />
-
-	<!--	origin-www works with https.
-						-->
-	<rule from="^http://((?:origin-)?www)\.floridatoday\.com/"
-		to="https://$1.floridatoday.com/" />
-
-	<!--	Fails to redirect properly.
-						-->
-	<rule from="^http://deals\.floridatoday\.com/(?:$|\?)"
-		to="https://brevardco.planetdiscover.com/sp?aff=1180" />
-
-	<rule from="^http://(?:deals|search)\.floridatoday\.com/"
-		to="https://brevardco.planetdiscover.com/" />
-
+	<target host="www.floridatoday.com" />
+	<target host="account.floridatoday.com" />
+	<target host="amp.floridatoday.com" />
+	<target host="archive.floridatoday.com" />
+	<target host="cm.floridatoday.com" />
+	<target host="content-static.floridatoday.com" />
+	<target host="data.floridatoday.com" />
+	<target host="help.floridatoday.com" />
+	<target host="jobs.floridatoday.com" />
+	<target host="mocux.floridatoday.com" />
+	<target host="offers.floridatoday.com" />
+	<target host="phxux.floridatoday.com" />
+	<target host="profile.floridatoday.com" />
+	<target host="rssfeeds.floridatoday.com" />
+	<target host="static.floridatoday.com" />
+		<test url="http://static.floridatoday.com/privacy/" />
+	<target host="tickets.floridatoday.com" />
+	<target host="uw-media.floridatoday.com" />
+	<target host="ux.floridatoday.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FlowBTC.com.xml b/src/chrome/content/rules/FlowBTC.com.xml
deleted file mode 100644
index cb6b90eacc83..000000000000
--- a/src/chrome/content/rules/FlowBTC.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	(www.)?flowbtc.com: Mismatched
-
--->
-<ruleset name="FlowBTC.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="trader.flowbtc.com" />
-
-	<!--	Complications:
-				-->
-	<target host="flowbtc.com" />
-	<target host="www.flowbtc.com" />
-
-
-	<!--	Redirect drops path, args,
-		and forward slash:
-					-->
-	<rule from="^http://(?:www\.)?flowbtc\.com/.*"
-		to="https://trader.flowbtc.com/" />
-
-		<test url="http://flowbtc.com/index.asp" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Flowplayer.org.xml b/src/chrome/content/rules/Flowplayer.org.xml
index 692b19d9e58f..4e38d7d13286 100644
--- a/src/chrome/content/rules/Flowplayer.org.xml
+++ b/src/chrome/content/rules/Flowplayer.org.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flowtab.com.xml b/src/chrome/content/rules/Flowtab.com.xml
index ee6fb660357a..8e19e9edc012 100644
--- a/src/chrome/content/rules/Flowtab.com.xml
+++ b/src/chrome/content/rules/Flowtab.com.xml
@@ -12,20 +12,19 @@ Fetch error: http://flowtab.com/ => https://flowtab.com/: (60, 'SSL certificate
 			- cdn.flowtab.mobi
 
 -->
-<ruleset name="Flowtab.com" default_off='failed ruleset test'>
+<ruleset name="Flowtab.com" default_off="failed ruleset test">
 
 	<target host="flowtab.com" />
-	<target host="*.flowtab.com" />
+	<target host="www.flowtab.com" />
 	<target host="cdn.flowtab.mobi" />
 
 
 	<securecookie host="^(?:w*\.)?flowtab\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?flowtab\.com/"
-		to="https://$1flowtab.com/" />
 
 	<rule from="^http://cdn\.flowtab\.mobi/"
 		to="https://dxluo93d48m7d.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FluentInTurkish.com.xml b/src/chrome/content/rules/FluentInTurkish.com.xml
new file mode 100644
index 000000000000..dd3fa08aa5e4
--- /dev/null
+++ b/src/chrome/content/rules/FluentInTurkish.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FluentInTurkish.com">
+	<target host="fluentinturkish.com" />
+	<target host="www.fluentinturkish.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flurry-problematic.xml b/src/chrome/content/rules/Flurry-problematic.xml
index f26f7987c706..22f97633d414 100644
--- a/src/chrome/content/rules/Flurry-problematic.xml
+++ b/src/chrome/content/rules/Flurry-problematic.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flurry.xml b/src/chrome/content/rules/Flurry.xml
index eaa0a2f58f34..3db31551f5b2 100644
--- a/src/chrome/content/rules/Flurry.xml
+++ b/src/chrome/content/rules/Flurry.xml
@@ -24,4 +24,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FlutterToday.com.xml b/src/chrome/content/rules/FlutterToday.com.xml
deleted file mode 100644
index 9b166d3a0d4e..000000000000
--- a/src/chrome/content/rules/FlutterToday.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Some pages redirect to http.
-
-
-	Mixed content:
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="FlutterToday.com (partial)">
-
-	<target host="fluttertoday.com" />
-	<target host="www.fluttertoday.com" />
-
-
-	<rule from="^http://(www\.)?fluttertoday\.com/(?=deals/(?:account(?:$|[?/])|flavor/css/|wp-content/|wp-includes/)|favicon\.ico)"
-		to="https://$1fluttertoday.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fluxx.io.xml b/src/chrome/content/rules/Fluxx.io.xml
index 34e3ef3a8a2b..f25651f7ca19 100644
--- a/src/chrome/content/rules/Fluxx.io.xml
+++ b/src/chrome/content/rules/Fluxx.io.xml
@@ -9,8 +9,8 @@
 
 	Insecure cookies are set for these hosts:
 
-		- blog.fluxx.io 
-		- info.fluxx.io 
+		- blog.fluxx.io
+		- info.fluxx.io
 
 
 	Mixed content:
diff --git a/src/chrome/content/rules/FlyEdelweiss.com.xml b/src/chrome/content/rules/FlyEdelweiss.com.xml
new file mode 100644
index 000000000000..8148801c6d36
--- /dev/null
+++ b/src/chrome/content/rules/FlyEdelweiss.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="FlyEdelweiss.com (partial)">
+	<target host="flyedelweiss.com" />
+	<target host="www.flyedelweiss.com" />
+	<target host="booking.flyedelweiss.com" />
+
+	<!-- https://flyedelweiss.com: connection reset -->
+	<rule from="^http://flyedelweiss\.com/"
+		to="https://www.flyedelweiss.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flyasite.com.xml b/src/chrome/content/rules/Flyasite.com.xml
deleted file mode 100644
index 77e6fac1b4d3..000000000000
--- a/src/chrome/content/rules/Flyasite.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1gzjld104oq4p.cloudfront.net
-
-			- assets[01]
-
-
-	www: plaintext reply
-
-
-	Mixed content:
-
-		- css on ^ and appcat from assets[01] *
-
-	* Secured by us
-
--->
-<ruleset name="Flyasite.com (partial)">
-
-	<target host="*.flyasite.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(appcat\.)?flyasite\.com$" name="^_webkite_session$" /-->
-
-
-	<rule from="^http://assets[01]\.flyasite\.com/"
-		to="https://d1gzjld104oq4p.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Flyerify.com.xml b/src/chrome/content/rules/Flyerify.com.xml
new file mode 100644
index 000000000000..b1090842f0c4
--- /dev/null
+++ b/src/chrome/content/rules/Flyerify.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard certificate and DNS records:
+		- flyerify.com
+-->
+
+<ruleset name="Flyerify.com">
+	<target host="flyerify.com" />
+	<target host="*.flyerify.com" />
+		<test url="http://www.flyerify.com/" />
+		<test url="http://foodymart.flyerify.com/" />
+		<test url="http://fresonbros.flyerify.com/" />
+
+	<!-- flyerify.com -->
+	<!-- *.flyerify.com -->
+	<rule from="^http://([\w-]+\.)?flyerify\.com/"
+		to="https://$1flyerify.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlyersRights.com.xml b/src/chrome/content/rules/FlyersRights.com.xml
new file mode 100644
index 000000000000..b4d5e486f5a3
--- /dev/null
+++ b/src/chrome/content/rules/FlyersRights.com.xml
@@ -0,0 +1,33 @@
+<!--
+	For other Flyers Rights related rulesets, see FlyersRights.org.xml.
+
+	Non-functional hosts
+
+		Couldn't connect to server:
+		- smtp.flyersrights.com
+
+		Timeout was reached:
+		- imap.flyersrights.com
+		- pop.flyersrights.com
+		- mail.flyersrights.com
+
+		SSL connect error:
+		- anything.flyersrights.com
+
+		SSL peer certificate was not OK:
+		- flyersrights.com
+		- www.flyersrights.com
+		- ftp.flyersrights.com
+		- email.flyersrights.com
+		- mobilemail.flyersrights.com
+		- pda.flyersrights.com
+		- e.flyersrights.com
+		- webmail.flyersrights.com
+-->
+<ruleset name="FlyersRights.com">
+	<target host="flyersrights.com" />
+	<target host="www.flyersrights.com" />
+
+	<rule from="^http://(www\.)?flyersrights\.com/"
+			to="https://www.flyersrights.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/FlyersRights.org.xml b/src/chrome/content/rules/FlyersRights.org.xml
index 6304f6897335..bdf1694d0dad 100644
--- a/src/chrome/content/rules/FlyersRights.org.xml
+++ b/src/chrome/content/rules/FlyersRights.org.xml
@@ -1,27 +1,37 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://flyersrights.com/ => https://anything.flyersrights.com/: (51, "SSL: no alternative certificate subject name matches target host name 'anything.flyersrights.com'")
-Fetch error: http://flyersrights.org/ => https://anything.flyersrights.com/: (51, "SSL: no alternative certificate subject name matches target host name 'anything.flyersrights.com'")
-Fetch error: http://www.flyersrights.org/ => https://anything.flyersrights.com/: (51, "SSL: no alternative certificate subject name matches target host name 'anything.flyersrights.com'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://flyersrights.com/ => https://anything.flyersrights.com/: Cycle detected - URL already encountered: http://flyersrights.com/
-	Problematic domains:
-
-		- (www.)flyersrights.com	(times out)
-		- (www.)flyersrights.org	(CN: anything.flyersrights.com)
-
+	Other Flyers Rights related rulesets:
+		+ FlyersRights.com.xml
+
+	Non-functional hosts:
+		Couldn't connect to server:
+		- smtp.flyersrights.org
+
+		Timeout was reached:
+		- imap.flyersrights.org
+		- pop.flyersrights.org
+
+		SSL peer certificate was not OK:
+		- admin.flyersrights.org
+		- mail.flyersrights.org
+		- email.flyersrights.org
+		- ftp.flyersrights.org
+		- sucuriip.flyersrights.org
+		- e.flyersrights.org
+		- pda.flyersrights.org
+		- webmail.flyersrights.org
+		- mobilemail.flyersrights.org
+		- www.admin.flyersrights.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- new.flyersrights.org
 -->
-<ruleset name="FlyersRights.org" default_off='failed ruleset test'>
+<ruleset name="Flyers Rights.org">
 
-	<target host="flyersrights.com" />
-	<target host="*.flyersrights.com" />
 	<target host="flyersrights.org" />
 	<target host="www.flyersrights.org" />
+	
+	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://(?:anything\.|www\.)?flyersrights\.(?:com|org)/"
-		to="https://anything.flyersrights.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Flyertown.xml b/src/chrome/content/rules/Flyertown.xml
index 9ca7f8fe4d28..3576028518fe 100644
--- a/src/chrome/content/rules/Flyertown.xml
+++ b/src/chrome/content/rules/Flyertown.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flygo-Aviation.com.xml b/src/chrome/content/rules/Flygo-Aviation.com.xml
new file mode 100644
index 000000000000..2f548cc9d1b1
--- /dev/null
+++ b/src/chrome/content/rules/Flygo-Aviation.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Flygo-Aviation.com">
+	<target host="flygo-aviation.com" />
+	<target host="www.flygo-aviation.com" />
+	<target host="phpmyadmin.flygo-aviation.com" />
+	<target host="web.flygo-aviation.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Flying_Meat.xml b/src/chrome/content/rules/Flying_Meat.xml
index 9ba9ab04eccc..352d70aa0bce 100644
--- a/src/chrome/content/rules/Flying_Meat.xml
+++ b/src/chrome/content/rules/Flying_Meat.xml
@@ -17,10 +17,11 @@
 <ruleset name="Flying Meat (partial)">
 
 	<target host="flyingmeat.com" />
-	<target host="*.flyingmeat.com" />
+	<target host="secure.flyingmeat.com" />
+	<target host="www.flyingmeat.com" />
 
 
 	<rule from="^http://(?:secure\.|www\.)?flyingmeat\.com/"
 		to="https://secure.flyingmeat.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Flyspray.org.xml b/src/chrome/content/rules/Flyspray.org.xml
new file mode 100644
index 000000000000..2c9c8dd0c369
--- /dev/null
+++ b/src/chrome/content/rules/Flyspray.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.flyspray.org:
+		- flyspray.org (m)
+		- scm.flyspray.org (m)
+		- snaps.flyspray.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Flyspray.org">
+	<target host="flyspray.org" />
+	<target host="www.flyspray.org" />
+	<target host="bugs.flyspray.org" />
+
+	<rule from="^http://flyspray\.org/" to="https://www.flyspray.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fnac.pt.xml b/src/chrome/content/rules/Fnac.pt.xml
index e54bb2eba28f..d45dc24b8991 100644
--- a/src/chrome/content/rules/Fnac.pt.xml
+++ b/src/chrome/content/rules/Fnac.pt.xml
@@ -1,14 +1,14 @@
 <!--
 	Refused:
 	mc.fnac.pt
-	
+
 	Mismatch:
 	(www.fnac.pt)
 	expert.fnac.pt
 	www.foto.fnac.pt
 	foto.fnac.pt
 	multimedia.fnac.pt
-	
+
 	Timeout:
 	www.revistaestante.fnac.pt
 	bilheteira.fnac.pt
diff --git a/src/chrome/content/rules/Fnfismd.com.xml b/src/chrome/content/rules/Fnfismd.com.xml
deleted file mode 100644
index 70a3eb967022..000000000000
--- a/src/chrome/content/rules/Fnfismd.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	www: refused
-
-
-	^fnfismd.com doesn't exist.
-
--->
-<ruleset name="fnfismd.com (partial)">
-
-	<target host="carenet.fnfismd.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Focaljet.com.xml b/src/chrome/content/rules/Focaljet.com.xml
index 4447050a0963..fe2e55fb7dd6 100644
--- a/src/chrome/content/rules/Focaljet.com.xml
+++ b/src/chrome/content/rules/Focaljet.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.focaljet.com/ => https://www.focaljet.com/: (51, "SSL: n
 Disabled by https-everywhere-checker because:
 Fetch error: http://focaljet.com/ => https://focaljet.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="focaljet.com" default_off='failed ruleset test'>
+<ruleset name="focaljet.com" default_off="failed ruleset test">
 
 	<target host="focaljet.com" />
 	<target host="www.focaljet.com" />
@@ -18,4 +18,4 @@ Fetch error: http://focaljet.com/ => https://focaljet.com/: (60, 'SSL certificat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Focloir.ie.xml b/src/chrome/content/rules/Focloir.ie.xml
index 68972517b9c0..57ed0335edc6 100644
--- a/src/chrome/content/rules/Focloir.ie.xml
+++ b/src/chrome/content/rules/Focloir.ie.xml
@@ -10,4 +10,4 @@
 	<target host="www.focloir.ie"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Focus.de.xml b/src/chrome/content/rules/Focus.de.xml
index 7dfb18bd7f90..dd131b264a53 100644
--- a/src/chrome/content/rules/Focus.de.xml
+++ b/src/chrome/content/rules/Focus.de.xml
@@ -1,89 +1,32 @@
 <!--
+	Invalid certificate:
+		p4.focus.de
 
-	For domains causing false/broken MCB, see Focus.de-mixedcontent.xml.
-
-
-	CDN buckets:
-
-		- prog.focus.de.edgesuite.net
-
-			- p[45]
-
-		- focus-online.webshopapp.com
-
-			- pdf
-
-
-	Nonfunctional subdomains:
-
-		- festgeld ¹
-		- images.fragen ¹
-		- gutscheine ¹
-		- medipreis ²
-		- onlinespiele ¹
-		- stellenangebote ¹
-		- tagesgeld ¹
-		- unternehmen ¹
-
-	¹ Refused
-	² Redirects to www.medipreis.de
-
-
-	Problematic subdomains:
-
-		- bausparen ¹
-		- p4 ²
-		- p5 ²
-		- pdf ³
-		- strompreise ⁴
-		- wetter ⁵
-
-	¹ Mismatched, CN: rechner.fmh.de
-	² Akamai
-	³ Mismatched, CN: *.webshopapp.com
-	⁴ Mismatched, CN: partner.vxcp.de
-	⁵ Mismatched, CN: *.wetter.com
-
-
-	Mixed content:
-
-		- css on m from $self *
-
-		- Ad on wetter from partnervermittlung.elitepartner.de *
-
-	* Secured by us
-
+	Timeout:
+		onlinespiele.focus.de
 -->
-<ruleset name="Focus.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Focus.de (partial)">
 
 	<target host="focus.de" />
-	<target host="m.focus.de" />
 	<target host="www.focus.de" />
+	<target host="bausparen.focus.de" />
+	<target host="festgeld.focus.de" />
+	<target host="fragen.focus.de" />
+	<target host="gutscheine.focus.de" />
+	<target host="kleinanzeige.focus.de" />
+	<target host="m.focus.de" />
+	<target host="medipreis.focus.de" />
+	<target host="p5.focus.de" />
+	<target host="pdf.focus.de" />
 	<target host="static.focus.de" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://m\.focus\.de/+(?!favicon\.ico|resources/)" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.focus\.de/+($|\?|favicon\.ico)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.focus\.de/+(?!resources/)" />
-	<target host="*.tfag.de" />
+	<target host="stellenangebote.focus.de" />
+	<target host="strompreise.focus.de" />
+	<target host="tagesgeld.focus.de" />
+	<target host="unternehmen.focus.de" />
+	<target host="wetter.focus.de" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.pdf\.focus\.de$" name="^session_id$" /-->
-
-	<!--securecookie host="^(?:www)?\.focus\.de$" name=".+" /-->
-	
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
-		to="https:"/>
-		
+	<rule from="^http:"	to="https:"/>
+
 </ruleset>
diff --git a/src/chrome/content/rules/FodevareWatch.xml b/src/chrome/content/rules/FodevareWatch.xml
index 4999da72274e..8120b944324d 100644
--- a/src/chrome/content/rules/FodevareWatch.xml
+++ b/src/chrome/content/rules/FodevareWatch.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.fodevarewatch.dk/ => https://www.fodevarewatch.dk/: (51,
 	Not covered:
 		s7.addthis.com
 		adserver.adtech.de
-	
+
 	Remark:
 		This page gets content from other *watch.dk-domains,
 		not all of which work flawlessly with HTTPS Everywhere
@@ -14,7 +14,7 @@ Fetch error: http://www.fodevarewatch.dk/ => https://www.fodevarewatch.dk/: (51,
 
 -->
 
-<ruleset name="FodevareWatch" default_off='failed ruleset test'>
+<ruleset name="FodevareWatch" default_off="failed ruleset test">
 	<target host="fodevarewatch.dk" />
 	<target host="www.fodevarewatch.dk" />
 
diff --git a/src/chrome/content/rules/FogBugz.com.xml b/src/chrome/content/rules/FogBugz.com.xml
index 007177aa0c19..b0ff0dbe1115 100644
--- a/src/chrome/content/rules/FogBugz.com.xml
+++ b/src/chrome/content/rules/FogBugz.com.xml
@@ -35,4 +35,4 @@
 	<rule from="^http://d2l\.fogbugz\.com/"
 		to="https://d2l.fogbugz.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FogCreek.com.xml b/src/chrome/content/rules/FogCreek.com.xml
new file mode 100644
index 000000000000..9058dcf3cf52
--- /dev/null
+++ b/src/chrome/content/rules/FogCreek.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Mixed content:
+		help.fogcreek.com
+
+	Invalid certificate:
+		maintenance.fogcreek.com
+
+-->
+<ruleset name="FogCreek.com">
+
+	<target host="fogcreek.com" />
+	<target host="www.fogcreek.com" />
+	<target host="blog.fogcreek.com" />
+	<target host="discuss.fogcreek.com" />
+	<target host="secure.fogcreek.com" />
+	<target host="shop.fogcreek.com" />
+	<target host="status.fogcreek.com" />
+	<target host="redirect.fogcreek.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Fog_Creek.xml b/src/chrome/content/rules/Fog_Creek.xml
deleted file mode 100644
index 9cc12063d173..000000000000
--- a/src/chrome/content/rules/Fog_Creek.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Other Fog Creek rulesets:
-
-		- Fog_Creek.xml
-		- Trello.xml
-
-
-	Nonfunctional subdomains:
-
-		- blog	(dropped)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- secure
-
-
-	Mixed content:
-
-		- Image on www from www.adobe.com *
-
-	* Secured by us, doesn't trip MCB
-
--->
-<ruleset name="Fog Creek">
-
-	<target host="fogcreek.com" />
-	<target host="secure.fogcreek.com" />
-	<target host="www.fogcreek.com" />
-
-
-	<securecookie host="^(?:secure\.|\.)?fogcreek\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fokus.no.xml b/src/chrome/content/rules/Fokus.no.xml
index 82c88bc428ef..af512b3596e9 100644
--- a/src/chrome/content/rules/Fokus.no.xml
+++ b/src/chrome/content/rules/Fokus.no.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://fokus.no/ => https://www.fokus.no/: (7, 'Failed to connect to www.fokus.no port 443: Connection timed out')
 Fetch error: http://www.fokus.no/ => https://www.fokus.no/: (7, 'Failed to connect to www.fokus.no port 443: Connection timed out')
 -->
-<ruleset name="Fokus Bank" default_off='failed ruleset test'>
+<ruleset name="Fokus Bank" default_off="failed ruleset test">
   <target host="fokus.no" />
   <target host="www.fokus.no" />
 
diff --git a/src/chrome/content/rules/FoldingCoin.net.xml b/src/chrome/content/rules/FoldingCoin.net.xml
index fb52b2c20cd1..987b5bcc6830 100644
--- a/src/chrome/content/rules/FoldingCoin.net.xml
+++ b/src/chrome/content/rules/FoldingCoin.net.xml
@@ -1,32 +1,10 @@
-<!--
-	NB: Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.foldingcoin.net
-
-
-	Mixed content:
-
-		- iframe from www.youtube.com *
-		- css from $self *
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="FoldingCoin.net" default_off="missing certificate chain" platform="mixedcontent">
+<ruleset name="FoldingCoin.net" >
 
 	<target host="foldingcoin.net" />
 	<target host="www.foldingcoin.net" />
 
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.foldingcoin\.net$" name="wfvt_\d+" /-->
-
-	<securecookie host="^www\.foldingcoin\.net$" name="" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Folkestone.lgbt.xml b/src/chrome/content/rules/Folkestone.lgbt.xml
deleted file mode 100644
index 923cc4460aea..000000000000
--- a/src/chrome/content/rules/Folkestone.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Folkestone.lgbt">
-	<target host="folkestone.lgbt" />
-	<target host="www.folkestone.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Folksam.se.xml b/src/chrome/content/rules/Folksam.se.xml
index b01405b43b73..4ab3729bba16 100644
--- a/src/chrome/content/rules/Folksam.se.xml
+++ b/src/chrome/content/rules/Folksam.se.xml
@@ -1,8 +1,55 @@
-<!-- This is a swedish insurance company -->
-<ruleset name="Folksam.se" platform="mixedcontent">
+<!-- This is a swedish insurance company 
+
+	Problematic subdomains:
+	
+		- Certificate common name:
+		
+			- arbetsgivare.folksam.se
+			- www2.folksam.se
+			- bilhandlare.folksam.se
+			- sip.folksam.se
+			- vasaloppet.folksam.se
+			- jobba.folksam.se
+			- lyncdiscover.folksam.se
+			- fastigheter.folksam.se
+			- trafikbarometern.folksam.se
+			- sparbankensyd.folksam.se
+			- kanslobarometern.folksam.se
+			- omoss.folksam.se
+			
+		- Incomplete Certificate chain:
+		
+			- ravpn.folksam.se
+	
+		- Content mismatch:
+
+			- atcloudservices.folksam.se
+			- cloudservices.folksam.se
+
+		- Connection refused:
+
+			- sip.folksam.se
+			- dpoc.folksam.se
+-->
+<ruleset name="Folksam.se">
 	<target host="folksam.se" />
 	<target host="www.folksam.se" />
-	<rule from="^http://www\.folksam\.se/" to="https://www.folksam.se/"/>
-	<rule from="^http://folksam\.se/" to="https://www.folksam.se/"/>
+	<target host="access.folksam.se" />
+	<target host="blogg.folksam.se" />
+	<target host="digitalassistent.folksam.se" />
+	<target host="inlogg.folksam.se" />
+	<target host="ir.folksam.se" />
+	<target host="kartsok.folksam.se" />
+	<target host="media.folksam.se" />
+	<target host="mis.folksam.se" />
+	<target host="nyhetsrum.folksam.se" />
+	<target host="partners.folksam.se" />
+	<target host="rdw.folksam.se" />
+	<target host="secure.folksam.se" />
+	<target host="stat.folksam.se" />
+	<target host="smetrics.folksam.se" />
+	<target host="secure.stst.folksam.se" />
+	<target host="vdi.folksam.se" />
+	
+	<rule from="^http:" to="https:"/>
 </ruleset>
-
diff --git a/src/chrome/content/rules/Fontdeck.xml b/src/chrome/content/rules/Fontdeck.xml
index abb9eb23730c..465f310beeef 100644
--- a/src/chrome/content/rules/Fontdeck.xml
+++ b/src/chrome/content/rules/Fontdeck.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.fontdeck.com/ => https://fontdeck.com/: (28, 'Connection
 	www: cert only matches ^fontdeck.com
 
 -->
-<ruleset name="Fontdeck.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Fontdeck.com (partial)" default_off="failed ruleset test">
 
 	<target host="fontdeck.com" />
 	<target host="f.fontdeck.com" />
diff --git a/src/chrome/content/rules/Fonts.com.xml b/src/chrome/content/rules/Fonts.com.xml
index ccdb966231b5..0ee3646a6825 100644
--- a/src/chrome/content/rules/Fonts.com.xml
+++ b/src/chrome/content/rules/Fonts.com.xml
@@ -16,7 +16,7 @@
 	<target host="fonts.com" />
 	<target host="www.fonts.com" />
 	<target host="fast.fonts.com" />
-		<test url="http://fast.fonts.com/FontsCom/Live/static/2.15.134.0/img/apple-touch-icon-57x57.png" /> 
+		<test url="http://fast.fonts.com/FontsCom/Live/static/2.15.134.0/img/apple-touch-icon-57x57.png" />
 
 	<!--	Not secured by server:
 					-->
diff --git a/src/chrome/content/rules/FooFighters.xml b/src/chrome/content/rules/FooFighters.xml
index c785fcc03055..a933da4b5ca4 100644
--- a/src/chrome/content/rules/FooFighters.xml
+++ b/src/chrome/content/rules/FooFighters.xml
@@ -2,7 +2,7 @@
   <target host="foofighters.com" />
   <target host="www.foofighters.com" />
 
-  <securecookie host="^(?:.+\.)?foofighters\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Food-Allergy-Initiative.xml b/src/chrome/content/rules/Food-Allergy-Initiative.xml
index a56d3897e9a2..bb939f30a2f0 100644
--- a/src/chrome/content/rules/Food-Allergy-Initiative.xml
+++ b/src/chrome/content/rules/Food-Allergy-Initiative.xml
@@ -1,7 +1,7 @@
 <!--
 	See also: Foodallergy.org.xml
 -->
-<ruleset name="Food Allergy Initiative (mismatch)" default_off='mismatch'>
+<ruleset name="Food Allergy Initiative (mismatch)" default_off="mismatch">
 	<target host="faiusa.org" />
 	<target host="www.faiusa.org" />
 
diff --git a/src/chrome/content/rules/FoodAndWaterWatch.org.xml b/src/chrome/content/rules/FoodAndWaterWatch.org.xml
index 19d97f6de07c..f5e15f7cc91e 100644
--- a/src/chrome/content/rules/FoodAndWaterWatch.org.xml
+++ b/src/chrome/content/rules/FoodAndWaterWatch.org.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://edit.foodandwaterwatch.org/ (200) => https://edit.food
 		documents.foodandwaterwatch.org (502)
 
 -->
-<ruleset name="Food &amp; Water Watch" default_off='failed ruleset test'>
+<ruleset name="Food &amp; Water Watch" default_off="failed ruleset test">
 
 	<target host="foodandwaterwatch.org" />
 	<target host="www.foodandwaterwatch.org" />
diff --git a/src/chrome/content/rules/FoodRepublic.com.xml b/src/chrome/content/rules/FoodRepublic.com.xml
new file mode 100644
index 000000000000..064f692366aa
--- /dev/null
+++ b/src/chrome/content/rules/FoodRepublic.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FoodRepublic.com">
+	<target host="foodrepublic.com" />
+	<target host="www.foodrepublic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Food_Protection_Task_Force.com.xml b/src/chrome/content/rules/Food_Protection_Task_Force.com.xml
index 90467e90c602..2b634b01f2ba 100644
--- a/src/chrome/content/rules/Food_Protection_Task_Force.com.xml
+++ b/src/chrome/content/rules/Food_Protection_Task_Force.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?foodprotectiontaskforce\.com/(dfsr2/|member(?:$|[?/]))"
 		to="https://$1foodprotectiontaskforce.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Foodl.org.xml b/src/chrome/content/rules/Foodl.org.xml
index beb0d8af3127..4e9901b88984 100644
--- a/src/chrome/content/rules/Foodl.org.xml
+++ b/src/chrome/content/rules/Foodl.org.xml
@@ -17,7 +17,9 @@
 <ruleset name="Foodl.org">
 
 	<target host="foodl.org" />
-	<target host="*.foodl.org" />
+	<target host="www.foodl.org" />
+	<target host="beta.foodl.org" />
+	<target host="deploy.foodl.org" />
 
 
 	<securecookie host="^(?:beta\.|deploy\.)?foodl\.org$" name=".+" />
@@ -26,7 +28,6 @@
 	<rule from="^http://(?:www\.)?foodl\.org/"
 		to="https://foodl.org/" />
 
-	<rule from="^http://(beta|deploy)\.foodl\.org/"
-		to="https://$1.foodl.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foodler.com.xml b/src/chrome/content/rules/Foodler.com.xml
index e5f97ec0dde2..5edb3fea99de 100644
--- a/src/chrome/content/rules/Foodler.com.xml
+++ b/src/chrome/content/rules/Foodler.com.xml
@@ -3,4 +3,4 @@
     <target host="www.foodler.com" />
 
     <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fool-CDN.com.xml b/src/chrome/content/rules/Fool-CDN.com.xml
new file mode 100644
index 000000000000..bdc717fa884a
--- /dev/null
+++ b/src/chrome/content/rules/Fool-CDN.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="Fool CDN.com">
+
+	<target host="foolcdn.com" />
+	<target host="c.foolcdn.com" />
+	<target host="g.foolcdn.com" />
+	<target host="h.foolcdn.com" />
+	<target host="j.foolcdn.com" />
+	<target host="n.foolcdn.com" />
+	<target host="s.foolcdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fool.com-falsemixed.xml b/src/chrome/content/rules/Fool.com-falsemixed.xml
deleted file mode 100644
index 9a803739990d..000000000000
--- a/src/chrome/content/rules/Fool.com-falsemixed.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://wiki.fool.com/ => https://wiki.fool.com/: Too many redirects while fetching 'https://wiki.fool.com/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://wiki.fool.com/ => https://wiki.fool.com/: (60, 'SSL certificate problem: certificate has expired')
-	For rules not causing false/broken MCB, see Motley-Fool.xml.
-
--->
-<ruleset name="Fool.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="wiki.fool.com" />
-
-
-	<rule from="^http://wiki\.fool\.com/"
-		to="https://wiki.fool.com/" />
-
-	<!--	Redirect drops path but not args:
-						-->
-	<rule from="^http://(?:www\.)?marketfoolery\.com/[^?]*"
-		to="https://wiki.fool.com/MarketFoolery"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Foolz.us.xml b/src/chrome/content/rules/Foolz.us.xml
deleted file mode 100644
index 847960b4febd..000000000000
--- a/src/chrome/content/rules/Foolz.us.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!-- Problematic domains:
-
-		- archive.foolz.us (invalid cert)
-
--->
-<ruleset name="Foolz.us">
-
-	<target host="foolz.us" />
-	<target host="www.foolz.us" />
-	<target host="blog.foolz.us" />
-	<target host="urielmatt.foolz.us" />
-	<target host="woxxy.foolz.us"/>
-	
-	<rule from="^http:"	to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Foot_Locker_Canada.xml b/src/chrome/content/rules/Foot_Locker_Canada.xml
index 93a6aa01b0e4..3778645562eb 100644
--- a/src/chrome/content/rules/Foot_Locker_Canada.xml
+++ b/src/chrome/content/rules/Foot_Locker_Canada.xml
@@ -10,7 +10,7 @@
 <ruleset name="Foot Locker Canada">
 
 	<target host="footlocker.ca" />
-	<target host="*.footlocker.ca" />
+	<target host="www.footlocker.ca" />
 
 
 	<securecookie host="^.*\.footlocker\.ca$" name=".+" />
diff --git a/src/chrome/content/rules/Foot_Locker_Europe.xml b/src/chrome/content/rules/Foot_Locker_Europe.xml
deleted file mode 100644
index 3c33b3efbee0..000000000000
--- a/src/chrome/content/rules/Foot_Locker_Europe.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Foot Locker Europe
-
-	For other Foot Locker coverage, see Foot_Locker_Inc.xml.
-
-
-	Nonfunctional subdomains:
-
-		- images *
-
-	* Redirects to 404 page
-
-
-	Problematic subdomains:
-
-		- ^ *
-
-	* Mismatched
-
-
-	- At least some pages redirect to http
-	- Mixed data are only images and so shouldn't be a problem
-
--->
-<ruleset name="Foot Locker.Eu (partial)">
-
-	<target host="footlocker.eu" />
-	<target host="www.footlocker.eu" />
-
-
-	<rule from="^http://(?:www\.)?footlocker\.eu/(\w\w/\w\w)/(?=k/|s/|ShoppingCart\.aspx)"
-		to="https://www.footlocker.eu/$1/secure/" />
-
-	<rule from="^http://(?:www\.)?footlocker\.eu/(?=ns/|secure/|WebResource\.axd)"
-		to="https://www.footlocker.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Foot_Locker_Inc.xml b/src/chrome/content/rules/Foot_Locker_Inc.xml
index fbb3d856505d..1c45c490df49 100644
--- a/src/chrome/content/rules/Foot_Locker_Inc.xml
+++ b/src/chrome/content/rules/Foot_Locker_Inc.xml
@@ -9,7 +9,6 @@
 		- Footaction_USA.xml
 		- Foot_Locker.xml
 		- Foot_Locker_Canada.xml
-		- Foot_Locker_Europe.xml
 		- Kids_Foot_Locker.xml
 		- Lady_Foot_Locker.xml
 
diff --git a/src/chrome/content/rules/Footaction_USA.xml b/src/chrome/content/rules/Footaction_USA.xml
index 29dad234f8e8..2357fe38c2cb 100644
--- a/src/chrome/content/rules/Footaction_USA.xml
+++ b/src/chrome/content/rules/Footaction_USA.xml
@@ -18,7 +18,9 @@
 <ruleset name="Footaction USA">
 
 	<target host="footaction.com" />
-	<target host="*.footaction.com" />
+	<target host="www.footaction.com" />
+	<target host="images.footaction.com" />
+	<target host="m.footaction.com" />
 
 
 	<securecookie host="^.*\.footaction\.com$" name=".+" />
@@ -27,7 +29,6 @@
 	<rule from="^http://(?:www\.)?footaction\.com/"
 		to="https://www.footaction.com/" />
 
-	<rule from="^http://(images|m)\.footaction\.com/"
-		to="https://$1.footaction.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Football_Fanatics.xml b/src/chrome/content/rules/Football_Fanatics.xml
index bb782afeb3a4..63624cf8888a 100644
--- a/src/chrome/content/rules/Football_Fanatics.xml
+++ b/src/chrome/content/rules/Football_Fanatics.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(\w+)\.footballfanatics\.com/"
 		to="https://$1.footballfanatics.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Footholds.net.xml b/src/chrome/content/rules/Footholds.net.xml
index 17591585d366..f5d27b688c57 100644
--- a/src/chrome/content/rules/Footholds.net.xml
+++ b/src/chrome/content/rules/Footholds.net.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://([\w-]+)\.footholds\.net/"
 		to="https://$1.footholds.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FootprintCalculator.org.xml b/src/chrome/content/rules/FootprintCalculator.org.xml
new file mode 100644
index 000000000000..08fec7f43ead
--- /dev/null
+++ b/src/chrome/content/rules/FootprintCalculator.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Time out
+		footprintcalculator.org
+
+-->
+<ruleset name="FootprintCalculator.org">
+
+	<target host="footprintcalculator.org" />
+	<target host="www.footprintcalculator.org" />
+	<target host="geoip.footprintcalculator.org" />
+
+	<rule from="^http://footprintcalculator\.org/"
+		to="https://www.footprintcalculator.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ForAndBy.lgbt.xml b/src/chrome/content/rules/ForAndBy.lgbt.xml
deleted file mode 100644
index 8cc90bc3f0b9..000000000000
--- a/src/chrome/content/rules/ForAndBy.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ForAndBy.lgbt">
-	<target host="forandby.lgbt" />
-	<target host="www.forandby.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Forbrukerraadet.xml b/src/chrome/content/rules/Forbrukerraadet.xml
index 1bc27a57bcf3..caaebb5b4466 100644
--- a/src/chrome/content/rules/Forbrukerraadet.xml
+++ b/src/chrome/content/rules/Forbrukerraadet.xml
@@ -8,9 +8,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.forbrukerportalen.no/ => https://forbrukerportalen.no/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://forbrukerportalen.no/ => https://forbrukerportalen.no/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Forbrukerraadet" default_off='failed ruleset test'>
+<ruleset name="Forbrukerraadet" default_off="failed ruleset test">
   <target host="www.forbrukerportalen.no" />
   <target host="forbrukerportalen.no" />
 
   <rule from="^http://(?:www\.)?forbrukerportalen\.no/" to="https://forbrukerportalen.no/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ford.xml b/src/chrome/content/rules/Ford.xml
index fc24d6ab171c..5f1327f6ce32 100644
--- a/src/chrome/content/rules/Ford.xml
+++ b/src/chrome/content/rules/Ford.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fordela.com.xml b/src/chrome/content/rules/Fordela.com.xml
index a8839d188b96..c3e35f276e71 100644
--- a/src/chrome/content/rules/Fordela.com.xml
+++ b/src/chrome/content/rules/Fordela.com.xml
@@ -29,10 +29,12 @@ Fetch error: http://fordela.com/ => https://www.fordela.com/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="Fordela.com" default_off='failed ruleset test'>
+<ruleset name="Fordela.com" default_off="failed ruleset test">
 
 	<target host="fordela.com" />
-	<target host="*.fordela.com" />
+	<target host="www.fordela.com" />
+	<target host="goldmember.fordela.com" />
+	<target host="vms.fordela.com" />
 
 
 	<securecookie host=".*\.fordela\.com$" name=".+" />
@@ -41,7 +43,6 @@ Fetch error: http://fordela.com/ => https://www.fordela.com/: (60, 'SSL certific
 	<rule from="^http://(?:www\.)?fordela\.com/"
 		to="https://www.fordela.com/" />
 
-	<rule from="^http://(goldmember|vms)\.fordela\.com/"
-		to="https://$1.fordela.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ForeSee_Results.com.xml b/src/chrome/content/rules/ForeSee_Results.com.xml
index 98ba56958054..1d776e5843c0 100644
--- a/src/chrome/content/rules/ForeSee_Results.com.xml
+++ b/src/chrome/content/rules/ForeSee_Results.com.xml
@@ -21,7 +21,9 @@
 <ruleset name="ForeSee Results.com">
 
 	<target host="foreseeresults.com" />
-	<target host="*.foreseeresults.com" />
+	<target host="www.foreseeresults.com" />
+	<target host="events.foreseeresults.com" />
+	<target host="portal2.foreseeresults.com" />
 
 
 	<securecookie host="^(?:portal2)?\.foreseeresults\.com$" name=".+" />
@@ -30,7 +32,6 @@
 	<rule from="^http://(?:www\.)?foreseeresults\.com/"
 		to="https://www.foreseeresults.com/" />
 
-	<rule from="^http://(events|portal2)\.foreseeresults\.com/"
-		to="https://$1.foreseeresults.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forecast.io.xml b/src/chrome/content/rules/Forecast.io.xml
index 564c49cee553..7616da799848 100644
--- a/src/chrome/content/rules/Forecast.io.xml
+++ b/src/chrome/content/rules/Forecast.io.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.forecast.io/ => https://www.forecast.io/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="Forecast.io" default_off='failed ruleset test'>
+<ruleset name="Forecast.io" default_off="failed ruleset test">
 
 <!--	Direct rewrites:
 			-->
@@ -37,7 +37,7 @@ Fetch error: http://www.forecast.io/ => https://www.forecast.io/: (51, "SSL: no
 					-->
 	<!--securecookie host="^developer\.forecast\.io$" name="^_session_id$" /-->
 
-	<securecookie host="^developer\.forecast\.io$" name="" />
+	<securecookie host="^developer\.forecast\.io$" name=".+" />
 
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/ForeignPolicy.com.xml b/src/chrome/content/rules/ForeignPolicy.com.xml
index a78f36af8791..dc4539bcd0fa 100644
--- a/src/chrome/content/rules/ForeignPolicy.com.xml
+++ b/src/chrome/content/rules/ForeignPolicy.com.xml
@@ -61,7 +61,7 @@ Fetch error: http://turtlebay.foreignpolicy.com/ => https://turtlebay.foreignpol
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ForeignPolicy.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ForeignPolicy.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml b/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml
index 91fbaf8e11ba..4d8e9e78de7e 100644
--- a/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml
+++ b/src/chrome/content/rules/Foreningen_for_Dansk_Internethandel.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forensics.ca.xml b/src/chrome/content/rules/Forensics.ca.xml
new file mode 100644
index 000000000000..11d78239dd21
--- /dev/null
+++ b/src/chrome/content/rules/Forensics.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Forensics.ca">
+	<target host="forensics.ca" />
+	<target host="www.forensics.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foresight.org.xml b/src/chrome/content/rules/Foresight.org.xml
index bd57cd2bce1b..fb0e6de6ea47 100644
--- a/src/chrome/content/rules/Foresight.org.xml
+++ b/src/chrome/content/rules/Foresight.org.xml
@@ -5,7 +5,7 @@
 <ruleset name="Foresight.org">
 
 	<target host="foresight.org" />
-	<target host="*.foresight.org" />
+	<target host="www.foresight.org" />
 
 
 	<securecookie host="^\.foresight\.org$" name=".+" />
diff --git a/src/chrome/content/rules/ForestSangha.org.xml b/src/chrome/content/rules/ForestSangha.org.xml
index 6eb56ba6e61f..b5c19a93e461 100644
--- a/src/chrome/content/rules/ForestSangha.org.xml
+++ b/src/chrome/content/rules/ForestSangha.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.forestsangha.org/ => https://www.forestsangha.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.forestsangha.org'")
 
 -->
-<ruleset name="Forest Sangha" default_off='failed ruleset test'>
+<ruleset name="Forest Sangha" default_off="failed ruleset test">
         <target host="forestsangha.org" />
         <target host="www.forestsangha.org" />
         <target host="forestsangha-163c.kxcdn.com" />
diff --git a/src/chrome/content/rules/Foresters.com.xml b/src/chrome/content/rules/Foresters.com.xml
new file mode 100644
index 000000000000..f5b20e1abc34
--- /dev/null
+++ b/src/chrome/content/rules/Foresters.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.foresters.com:
+
+    sip.foresters.com (r)
+    adadfs.foresters.com (r)
+    dialin.foresters.com (r)
+    meet.foresters.com (r)
+    pc.foresters.com (r)
+
+-->
+<ruleset name="Foresters.com">
+	<target host="foresters.com" />
+  <target host="*.foresters.com" />
+    <test url="http://brand.foresters.com/" />
+    <test url="http://blog.foresters.com/" />
+    <test url="http://my.foresters.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foresters.xml b/src/chrome/content/rules/Foresters.xml
deleted file mode 100644
index aecc688ce670..000000000000
--- a/src/chrome/content/rules/Foresters.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<!--
-	Other Foresters rulesets
-		+ Childrens_Mutual.xml
-
-	Non-functional hosts in *foresters.biz
-		Timeout was reached:
-		- fasatweb.foresters.biz
-		- ftp.foresters.biz
-		- lmsezbiz.foresters.biz
-		- owaext.foresters.biz
-		- portal.foresters.biz
-		- pport.foresters.biz
-		- reports.foresters.biz
-
-		SSL peer certificate was not OK:
-		- foresters.biz
-		- www.foresters.biz
-
-		Incomplete certificate chain error:
-		- consoleweb.foresters.biz
-		- marketing.foresters.biz
-
-
-	Non-functional hosts in *foresters.com
-		Timeout was reached:
-		- bcummings.foresters.com
-		- bluesky.foresters.com
-		- blueskyportal.foresters.com
-		- cielbleu.foresters.com
-		- devwww.foresters.com
-		- eafor.foresters.com
-		- mta.email.foresters.com
-		- pages.email.foresters.com
-		- view.email.foresters.com
-		- fasatbsky.foresters.com
-		- financialliteracy.foresters.com
-		- forrdc.foresters.com
-		- gs1.foresters.com
-		- gs2.foresters.com
-		- im.foresters.com
-		- as.im.foresters.com
-		- download.im.foresters.com
-		- my.foresters.com
-		- myboardportal.foresters.com
-		- ocsrp.foresters.com
-		- portalreset.foresters.com
-		- secfrm.foresters.com
-		- sip.foresters.com
-		- sky.foresters.com
-		- term.foresters.com
-		- whatsinaname.foresters.com
-
-		SSL connect error:
-		- blog.foresters.com
-
-		SSL peer certificate was not OK:
-		- click.email.foresters.com
-		- image.email.foresters.com
-
-		Failure when receiving data from the peer:
-		- webconf.foresters.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-		- crystalsrv.foresters.com
-
-		Status code mismatch:
-		- autodiscover.foresters.com
-		- hybrid.foresters.com
-
-		Different content:
-		- report.foresters.com
--->
-<ruleset name="Foresters">
-	<!-- *foresters.biz -->
-	<target host="foresters.biz" />
-	<target host="www.foresters.biz" />
-	<target host="consoledownload.foresters.biz" />
-
-	<!-- *foresters.com -->
-	<target host="foresters.com" />
-	<target host="www.foresters.com" />
-	<target host="fsclickonce.foresters.com" />
-	<target host="sslvpn.foresters.com" />
-
-	<rule from="^http://(www\.)?foresters\.biz/"
-			to="https://www.foresters.com/" />
-
-	<rule from="^http:" 
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ForeverNew.xml b/src/chrome/content/rules/ForeverNew.xml
index 7ec4930489f6..2c0b7b735998 100644
--- a/src/chrome/content/rules/ForeverNew.xml
+++ b/src/chrome/content/rules/ForeverNew.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http://(www\.)?forevernew\.com\.au/"
 			to="https://www.forevernew.com.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forex-Metal.xml b/src/chrome/content/rules/Forex-Metal.xml
index 23ec52bd771b..864b500a3a9f 100644
--- a/src/chrome/content/rules/Forex-Metal.xml
+++ b/src/chrome/content/rules/Forex-Metal.xml
@@ -5,7 +5,7 @@ Fetch error: http://forex-metal.com/ => https://forex-metal.com/: (28, 'Connecti
 Fetch error: http://www.forex-metal.com/ => https://forex-metal.com/: (28, 'Connection timed out after 20008 milliseconds')
 
 -->
-<ruleset name="Forex-Metal" default_off='failed ruleset test'>
+<ruleset name="Forex-Metal" default_off="failed ruleset test">
 
 	<target host="forex-metal.com"/>
 	<target host="www.forex-metal.com"/>
diff --git a/src/chrome/content/rules/Forex.com.xml b/src/chrome/content/rules/Forex.com.xml
index fb06235877e4..29e632b3f701 100644
--- a/src/chrome/content/rules/Forex.com.xml
+++ b/src/chrome/content/rules/Forex.com.xml
@@ -27,10 +27,18 @@ Fetch error: http://forex.com/ => https://secure.forex.com/: Too many redirects
 		- jp	(403; mismatched, CN: ssl2.cdngc.net)
 
 -->
-<ruleset name="Forex.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Forex.com (partial)" default_off="failed ruleset test">
 
 	<target host="forex.com" />
-	<target host="*.forex.com" />
+	<target host="www.forex.com" />
+	<target host="apply.forex.com" />
+	<target host="assets.forex.com" />
+	<target host="myaccount.forex.com" />
+	<target host="practice.forex.com" />
+	<target host="practice15.forex.com" />
+	<target host="secure.forex.com" />
+	<target host="secure15.forex.com" />
+	<target host="previewtrade.forex.com" />
 
 
 	<securecookie host="^(?:myaccount|(?:practic|secur)e(?:15)?|previewtrade)\.forex\.com$" name=".+" />
@@ -39,7 +47,6 @@ Fetch error: http://forex.com/ => https://secure.forex.com/: Too many redirects
 	<rule from="^http://(?:www\.)?forex\.com/"
 		to="https://secure.forex.com/" />
 
-	<rule from="^http://(apply|assets|myaccount|(?:practic|secur)e(?:15)?|previewtrade)\.forex\.com/"
-		to="https://$1.forex.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ForexCT.xml b/src/chrome/content/rules/ForexCT.xml
index ca64fb483739..cd3f669c0e87 100644
--- a/src/chrome/content/rules/ForexCT.xml
+++ b/src/chrome/content/rules/ForexCT.xml
@@ -11,7 +11,8 @@
 <ruleset name="ForexCT (partial)">
 
 	<target host="forexct.com" />
-	<target host="*.forexct.com" />
+	<target host="cn.forexct.com" />
+	<target host="www.forexct.com" />
 		<exclusion pattern="^http://(?:cn\.|www\.)?forexct\.com/(?![iI]mages/|styles/)" />
 	<target host="forexctlogin.tradenetworks.com" />
 
@@ -22,10 +23,7 @@
 	<rule from="^http://forexct\.com/"
 		to="https://www.forexct.com/" />
 
-	<rule from="^http://(cn|www)\.forexct\.com/"
-		to="https://$1.forexct.com/" />
 
-	<rule from="^http://forexctlogin\.tradenetworks\.com/"
-		to="https://forexctlogin.tradenetworks.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ForgeFields.com-problematic.xml b/src/chrome/content/rules/ForgeFields.com-problematic.xml
index 7c9eeeba09b3..693b24adcd44 100644
--- a/src/chrome/content/rules/ForgeFields.com-problematic.xml
+++ b/src/chrome/content/rules/ForgeFields.com-problematic.xml
@@ -5,7 +5,6 @@
 <ruleset name="ForgeFields.com (mismatched)" default_off="mismatched">
 
 	<target host="shop.forgefields.com" />
-	<target host="*.shop.forgefields.com" />
 
 
 	<!--	Server doesn't set Secure for:
@@ -13,7 +12,6 @@
 	<securecookie host="^\.?shop\.forgefields\.com$" name=".+" />
 
 
-	<rule from="^http://shop\.forgefields\.com/"
-		to="https://shop.forgefields.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ForgeFields.com.xml b/src/chrome/content/rules/ForgeFields.com.xml
deleted file mode 100644
index 0a547efd29fb..000000000000
--- a/src/chrome/content/rules/ForgeFields.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For problematic rules, see ForgeFields.com-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- shop *
-
-	* Works; mismatched, CN: incapsula.com
-
-
-	Mixed content:
-
-		- Images, on shop from:
-
-			- www *
-			- i.imgur.com *
-
-	* Secured by us
-
--->
-<ruleset name="ForgeFields.com (partial)">
-
-	<target host="forgefields.com" />
-	<target host="www.forgefields.com" />
-
-
-	<!--	Server doesn't set Secure for:
-						-->
-	<securecookie host="^(?:www)?\.forgefields\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ForgottenLands.eu.xml b/src/chrome/content/rules/ForgottenLands.eu.xml
index ce5cc066acac..108cc503c6cf 100644
--- a/src/chrome/content/rules/ForgottenLands.eu.xml
+++ b/src/chrome/content/rules/ForgottenLands.eu.xml
@@ -13,7 +13,8 @@
 <ruleset name="ForgottenLands.eu">
 
 	<target host="forgottenlands.eu" />
-	<target host="*.forgottenlands.eu" />
+	<target host="www.forgottenlands.eu" />
+	<target host="vote.forgottenlands.eu" />
 
 
 	<securecookie host="^(?:vote)?\.forgottenlands\.eu$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?forgottenlands\.eu/"
 		to="https://www.forgottenlands.eu/" />
 
-	<rule from="^http://vote\.forgottenlands\.eu/"
-		to="https://vote.forgottenlands.eu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ForisWine.xml b/src/chrome/content/rules/ForisWine.xml
index b3ebc57b5471..7ee3ca0b8ce2 100644
--- a/src/chrome/content/rules/ForisWine.xml
+++ b/src/chrome/content/rules/ForisWine.xml
@@ -5,7 +5,7 @@ Fetch error: http://foriswine.com/ => https://www.foriswine.com/: (51, "SSL: no
 Fetch error: http://www.foriswine.com/ => https://www.foriswine.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.foriswine.com'")
 
 -->
-<ruleset name="Foris Wine" default_off='failed ruleset test'>
+<ruleset name="Foris Wine" default_off="failed ruleset test">
   <target host="foriswine.com" />
   <target host="www.foriswine.com" />
 
diff --git a/src/chrome/content/rules/FormAssembly.com.xml b/src/chrome/content/rules/FormAssembly.com.xml
index f764646e27e3..b1714f794ae2 100644
--- a/src/chrome/content/rules/FormAssembly.com.xml
+++ b/src/chrome/content/rules/FormAssembly.com.xml
@@ -10,7 +10,7 @@
 
 
 	Problematic subdomains:
-	
+
 		- (www.) *	(CN: secure.formassembly.com)
 
 	* Redirects to www3.formassembly.com
diff --git a/src/chrome/content/rules/FormatDynamics.com.xml b/src/chrome/content/rules/FormatDynamics.com.xml
index cb215b4a31a2..a7ead80cf7ed 100644
--- a/src/chrome/content/rules/FormatDynamics.com.xml
+++ b/src/chrome/content/rules/FormatDynamics.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.formatdynamics.com/ => https://www.formatdynamics.com/:
 		- new	(http reply)
 
 -->
-<ruleset name="FormatDynamics.com" default_off='failed ruleset test'>
+<ruleset name="FormatDynamics.com" default_off="failed ruleset test">
 
 	<target host="formatdynamics.com" />
 	<target host="www.formatdynamics.com" />
@@ -25,4 +25,4 @@ Fetch error: http://www.formatdynamics.com/ => https://www.formatdynamics.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fornex.com.xml b/src/chrome/content/rules/Fornex.com.xml
index 2c4e83fa9484..3cbaa46d563a 100644
--- a/src/chrome/content/rules/Fornex.com.xml
+++ b/src/chrome/content/rules/Fornex.com.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forsiden.xml b/src/chrome/content/rules/Forsiden.xml
index 12ff80517f0e..2b1f9384c1b6 100644
--- a/src/chrome/content/rules/Forsiden.xml
+++ b/src/chrome/content/rules/Forsiden.xml
@@ -13,10 +13,11 @@ Fetch error: http://fvn.no/ => https://www.fvn.no/: Cycle detected - URL already
 	* Works; mismatched, CN: www.aftenposten.no
 
 -->
-<ruleset name="Forsiden (partial)" default_off='failed ruleset test'>
+<ruleset name="Forsiden (partial)" default_off="failed ruleset test">
 
 	<target host="fvn.no" />
-	<target host="*.fvn.no" />
+	<target host="www.fvn.no" />
+	<target host="kundesenter.fvn.no" />
 
 
 	<securecookie host="^kundesenter\.fvn\.no$" name=".+" />
@@ -25,7 +26,6 @@ Fetch error: http://fvn.no/ => https://www.fvn.no/: Cycle detected - URL already
 	<rule from="^http://(?:www\.)?fvn\.no/"
 		to="https://www.fvn.no/" />
 
-	<rule from="^http://kundesenter\.fvn\.no/"
-		to="https://kundesenter.fvn.no/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Forthnet.gr.xml b/src/chrome/content/rules/Forthnet.gr.xml
index a84d1385001f..0263b535caf8 100644
--- a/src/chrome/content/rules/Forthnet.gr.xml
+++ b/src/chrome/content/rules/Forthnet.gr.xml
@@ -8,7 +8,7 @@ Fetch error: http://webmail.forthnet.gr/ => https://webmail.forthnet.gr/: (28, '
 Fetch error: http://services.forthnet.gr/ => https://services.forthnet.gr/: (56, 'Recv failure: Connection reset by peer') This ruleset is experimental. If you experience problems please
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
-<ruleset name="Forthnet" default_off='failed ruleset test'>
+<ruleset name="Forthnet" default_off="failed ruleset test">
   <target host="webmail.forthnet.gr" />
   <target host="services.forthnet.gr" />
 
diff --git a/src/chrome/content/rules/FortiGuard.com.xml b/src/chrome/content/rules/FortiGuard.com.xml
index b88aea7648e9..a0a265d74016 100644
--- a/src/chrome/content/rules/FortiGuard.com.xml
+++ b/src/chrome/content/rules/FortiGuard.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://api.fortiguard.com/ => https://api.fortiguard.com/: (7, 'Fai
 	Nonfunctional hosts in *fortiguard.com:
 
 		- threatmap *
-		
+
 	* Refused
 
 
@@ -29,7 +29,7 @@ Fetch error: http://api.fortiguard.com/ => https://api.fortiguard.com/: (7, 'Fai
 	* Secured by us
 
 -->
-<ruleset name="FortiGuard.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="FortiGuard.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fortiguard.com" />
 	<target host="api.fortiguard.com" />
diff --git a/src/chrome/content/rules/Fortinet.com.xml b/src/chrome/content/rules/Fortinet.com.xml
index bba0c433c293..b0dfb2f7164e 100644
--- a/src/chrome/content/rules/Fortinet.com.xml
+++ b/src/chrome/content/rules/Fortinet.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://partners.fortinet.com/ => https://partners.fortinet.com/: (6
 		- www.fortinet.com
 
 -->
-<ruleset name="Fortinet.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Fortinet.com (partial)" default_off="failed ruleset test">
 
 	<target host="fortinet.com" />
 	<target host="blog.fortinet.com" />
diff --git a/src/chrome/content/rules/Fortnite.com.xml b/src/chrome/content/rules/Fortnite.com.xml
index ce7614c25958..50225786126d 100644
--- a/src/chrome/content/rules/Fortnite.com.xml
+++ b/src/chrome/content/rules/Fortnite.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://alpha.fortnite.com/ => https://alpha.fortnite.com/: (6, 'Cou
 		- www.fortnite.com
 
 -->
-<ruleset name="Fortnite.com" default_off='failed ruleset test'>
+<ruleset name="Fortnite.com" default_off="failed ruleset test">
 
 	<target host="fortnite.com" />
 	<target host="alpha.fortnite.com" />
diff --git a/src/chrome/content/rules/Fortress_Linux.org.xml b/src/chrome/content/rules/Fortress_Linux.org.xml
deleted file mode 100644
index f6e32d9ddfff..000000000000
--- a/src/chrome/content/rules/Fortress_Linux.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Fortress Linux.org">
-
-	<target host="fortresslinux.org" />
-	<target host="www.fortresslinux.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fortum.xml b/src/chrome/content/rules/Fortum.xml
index f190b6127751..a36b93b0bd9f 100644
--- a/src/chrome/content/rules/Fortum.xml
+++ b/src/chrome/content/rules/Fortum.xml
@@ -6,7 +6,7 @@
 					-->
 	<!--securecookie host="^www\.fortum\.com$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^(?:.*\.)?fortum\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Fortumo.xml b/src/chrome/content/rules/Fortumo.xml
index c8aaa16b6f3b..207dc7c72997 100644
--- a/src/chrome/content/rules/Fortumo.xml
+++ b/src/chrome/content/rules/Fortumo.xml
@@ -7,7 +7,7 @@ Fetch error: http://developers.fortumo.com/ => https://developers.fortumo.com/:
 		- dyq29inb4n9ck.cloudfront.net
 -->
 
-<ruleset name="Fortumo" default_off='failed ruleset test'>
+<ruleset name="Fortumo" default_off="failed ruleset test">
 	<target host="fortumo.com" />
 	<target host="blog.fortumo.com" />
 	<target host="developers.fortumo.com" />
diff --git a/src/chrome/content/rules/ForumBlog.org.xml b/src/chrome/content/rules/ForumBlog.org.xml
index a250b45ac12e..f5a260712877 100644
--- a/src/chrome/content/rules/ForumBlog.org.xml
+++ b/src/chrome/content/rules/ForumBlog.org.xml
@@ -8,10 +8,10 @@ Non-2xx HTTP code: http://forumblog.org/ (200) => https://forumblog.org/ (525)
 		- www	(expired 2012-12-27, only matches ^forumblog.org, self-signed)
 
 -->
-<ruleset name="ForumBlog.org" default_off='failed ruleset test'>
+<ruleset name="ForumBlog.org" default_off="failed ruleset test">
 
 	<target host="forumblog.org" />
-	<target host="*.forumblog.org" />
+	<target host="www.forumblog.org" />
 
 
 	<securecookie host="^\.?forumblog\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Forumatic.xml b/src/chrome/content/rules/Forumatic.xml
index 23fd175a8fd7..7ec5ba8996bf 100644
--- a/src/chrome/content/rules/Forumatic.xml
+++ b/src/chrome/content/rules/Forumatic.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.forumatic.com/ => https://www.forumatic.com/: (35, 'erro
 		- support	(redirects to www; mismatched, CN: www.forumatic.com)
 
 -->
-<ruleset name="Forumatic (partial)" default_off='failed ruleset test'>
+<ruleset name="Forumatic (partial)" default_off="failed ruleset test">
 
 	<target host="forumatic.com" />
 	<target host="www.forumatic.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.forumatic.com/ => https://www.forumatic.com/: (35, 'erro
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Forums_fur_Naturfotografen.xml b/src/chrome/content/rules/Forums_fur_Naturfotografen.xml
index 7d1225b165d1..d9ab4d08ae3c 100644
--- a/src/chrome/content/rules/Forums_fur_Naturfotografen.xml
+++ b/src/chrome/content/rules/Forums_fur_Naturfotografen.xml
@@ -5,7 +5,7 @@
 <ruleset name="Forums für Naturfotografen">
 
 	<target host="naturfotografen-forum.de" />
-	<target host="*.naturfotografen-forum.de" />
+	<target host="www.naturfotografen-forum.de" />
 
 
 	<securecookie host="^\.?naturfotografen-forum\.de$" name=".+" />
diff --git a/src/chrome/content/rules/Fosscon.us.xml b/src/chrome/content/rules/Fosscon.us.xml
index 781d81350f8a..1a5988e8e9df 100644
--- a/src/chrome/content/rules/Fosscon.us.xml
+++ b/src/chrome/content/rules/Fosscon.us.xml
@@ -11,5 +11,5 @@
     <securecookie host=".+" name=".+" />
 
     <rule from="^http:" to="https:" />
-    
+
 </ruleset>
diff --git a/src/chrome/content/rules/Fotisl.com.xml b/src/chrome/content/rules/Fotisl.com.xml
deleted file mode 100644
index 80df88226fff..000000000000
--- a/src/chrome/content/rules/Fotisl.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Mixed content:
-
-		- iframe from www.youtube.com *
-		- Images from fotis.loukos.me
-
-	* Secured by us
-
--->
-<ruleset name="FotisL.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="fotisl.com" />
-	<target host="www.fotisl.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fotki.xml b/src/chrome/content/rules/Fotki.xml
index 0ed3503dcadf..3f5e57270ce6 100644
--- a/src/chrome/content/rules/Fotki.xml
+++ b/src/chrome/content/rules/Fotki.xml
@@ -11,7 +11,7 @@
 
 	<rule from="^http:"
 		to="https:" />
-		
+
 	<test url="http://www.fotki.com/" />
 	<test url="http://images.fotki.com/pixel.gif" />
 
diff --git a/src/chrome/content/rules/FotoForensics.com.xml b/src/chrome/content/rules/FotoForensics.com.xml
index 2b0f733c63ba..fcb285f17286 100644
--- a/src/chrome/content/rules/FotoForensics.com.xml
+++ b/src/chrome/content/rules/FotoForensics.com.xml
@@ -1,18 +1,28 @@
 <!--
-	Private subdomain:
-		axt.fotoforensics.com
-		ff2.fotoforensics.com
-		lab.fotoforensics.com
-		login.fotoforensics.com
-
+	Invalid certificate:
+		- fotoforensic.com, equivalent to fotoforensics.com
+		- www.fotoforensic.com, equivalent to www.fotoforensics.com
 -->
+
 <ruleset name="FotoForensics.com">
 
+	<target host="fotoforensic.com" />
+	<target host="www.fotoforensic.com" />
 	<target host="fotoforensics.com" />
 	<target host="www.fotoforensics.com" />
+	<target host="axt.fotoforensics.com" />
+	<target host="ff2.fotoforensics.com" />
 	<target host="ipv4.fotoforensics.com" />
+	<target host="ipv6.fotoforensics.com" />
+	<target host="lab.fotoforensics.com" />
+	<target host="login.fotoforensics.com" />
+
+	<rule from="^http://fotoforensic\.com/"
+		to="https://fotoforensics.com/" />
+
+	<rule from="^http://www\.fotoforensic\.com/"
+		to="https://www.fotoforensics.com/" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FotoPigeon.xml b/src/chrome/content/rules/FotoPigeon.xml
index 30d4f36f422f..fa98f43502d3 100644
--- a/src/chrome/content/rules/FotoPigeon.xml
+++ b/src/chrome/content/rules/FotoPigeon.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.fotopigeon.com/ => https://www.fotopigeon.com/: (28, 'Co
 		- www.fotopigeon.com
 
 -->
-<ruleset name="FotoPigeon.com" default_off='failed ruleset test'>
+<ruleset name="FotoPigeon.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/FoulaBook.com.xml b/src/chrome/content/rules/FoulaBook.com.xml
new file mode 100644
index 000000000000..6925ca9d88f3
--- /dev/null
+++ b/src/chrome/content/rules/FoulaBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FoulaBook.com">
+	<target host="foulabook.com" />
+	<target host="www.foulabook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Foundation-Source.xml b/src/chrome/content/rules/Foundation-Source.xml
index 2125a7c73793..f2a80c697213 100644
--- a/src/chrome/content/rules/Foundation-Source.xml
+++ b/src/chrome/content/rules/Foundation-Source.xml
@@ -1,13 +1,15 @@
 <ruleset name="Foundation Source">
 
 	<target host="foundationsource.com" />
-	<target host="*.foundationsource.com" />
+	<target host="access.foundationsource.com" />
+	<target host="fsol.foundationsource.com" />
+	<target host="online.foundationsource.com" />
+	<target host="www.foundationsource.com" />
 
 
-	<securecookie host="^(?:.*\.)?foundationsource\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:access|fsol|online|www)\.)?foundationsource\.com/"
-		to="https://$1foundationsource.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml b/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml
index 44af49db95a6..b3e2915b4fd7 100644
--- a/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml
+++ b/src/chrome/content/rules/Foundation_Beyond_Belief.org.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fourecks.de.xml b/src/chrome/content/rules/Fourecks.de.xml
index c0bf12353553..0e828f169cbc 100644
--- a/src/chrome/content/rules/Fourecks.de.xml
+++ b/src/chrome/content/rules/Fourecks.de.xml
@@ -25,7 +25,7 @@ Fetch error: http://www.fourecks.de/ => https://fourecks.de/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="fourecks.de" default_off='failed ruleset test'>
+<ruleset name="fourecks.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Foursquare.com.xml b/src/chrome/content/rules/Foursquare.com.xml
index 0f1aeff85026..dc8c24495b8d 100644
--- a/src/chrome/content/rules/Foursquare.com.xml
+++ b/src/chrome/content/rules/Foursquare.com.xml
@@ -63,7 +63,7 @@ Fetch error: http://translate.foursquare.com/ => https://translate.foursquare.co
 		- .foursquare.com
 
 -->
-<ruleset name="Foursquare.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Foursquare.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -91,7 +91,7 @@ Fetch error: http://translate.foursquare.com/ => https://translate.foursquare.co
 					-->
 	<!--securecookie host="^\.foursquare\.com$" name="^bbhive$" /-->
 
-	<securecookie host="^(?:.*\.)?foursquare\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Fout.jp.xml b/src/chrome/content/rules/Fout.jp.xml
index 1baec309cdd2..16a6eddd18b6 100644
--- a/src/chrome/content/rules/Fout.jp.xml
+++ b/src/chrome/content/rules/Fout.jp.xml
@@ -29,4 +29,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fox-News.xml b/src/chrome/content/rules/Fox-News.xml
new file mode 100644
index 000000000000..6757552ec4b2
--- /dev/null
+++ b/src/chrome/content/rules/Fox-News.xml
@@ -0,0 +1,54 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+	Active mixed content:
+		- foxnews.com
+		- www.foxnews.com
+
+	Connection closed:
+		- feeds.foxnews.com
+
+	Connection timed out:
+		- imag.foxnews.com
+		- live.foxnews.com
+		- affiliates.radio.foxnews.com
+		- foxnewsinsider.com
+		- www.foxnewsinsider.com
+
+	Invalid certificate:
+		- insider.foxnews.com
+		- beta.video.insider.foxnews.com
+		- latino.foxnews.com
+		- magazine.foxnews.com
+		- metrics.foxnews.com
+		- m.radio.foxnews.com
+-->
+
+<ruleset name="Fox News">
+	<!-- fbnstatic.com -->
+	<target host="www.fbnstatic.com" />
+	<target host="global.fncstatic.com" />
+
+	<!-- foxbusiness.com -->
+	<target host="foxbusiness.com" />
+	<target host="www.foxbusiness.com" />
+	<target host="video.foxbusiness.com" />
+	<target host="beta.video.foxbusiness.com" />
+
+	<!-- foxnews.com -->
+	<target host="a57.foxnews.com" />
+	<target host="ads.foxnews.com" />
+	<target host="help.foxnews.com" />
+	<target host="video.imag.foxnews.com" />
+	<target host="video.insider.foxnews.com" />
+	<target host="video.latino.foxnews.com" />
+	<target host="beta.video.latino.foxnews.com" />
+	<target host="nation.foxnews.com" />
+	<target host="radio.foxnews.com" />
+	<target host="video.foxnews.com" />
+
+	<!-- foxnewsinsider.com -->
+	<target host="facebook.foxnewsinsider.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fox_News.xml b/src/chrome/content/rules/Fox_News.xml
deleted file mode 100644
index 9fe365985294..000000000000
--- a/src/chrome/content/rules/Fox_News.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://foxnews.ramp.com/ => https://foxnews.ramp.com/: (6, 'Could not resolve host: foxnews.ramp.com')
-
-	For other News Corporation coverage, see News-Corporation.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)fbnstatic.com *
-		- (www.)foxbusiness.com *
-
-		- foxnews.com subdomains:
-
-			- (www.) *
-			- latino *
-			- magazine		(503, akamai)
-			- nation **
-			- radio **
-
-		- (www.)foxnewsinsider		(403; self-signed, CN: nmweb01)
-
-	* 404, akamai
-	** 403, akamai
-
-
-	Problematic domains:
-
-		- www.fbnstatic.com *
-		- ureport.foxnews.com		(works; mismatched, CN: *.filemobile.com)
-
-
-	Fully covered domains:
-
-		- global.fncstatic.com
-
--->
-<ruleset name="Fox News (partial)" default_off='failed ruleset test'>
-
-	<target host="www.fbnstatic.com" />
-	<target host="global.fncstatic.com" />
-		<!--
-			- css:	503
-			- js: 404
-					-->
-		<exclusion pattern="^http://(?:www\.fbn|global\.fnc)static\.com/static/(?:.+/)?(?:j|cs)s/" />
-	<target host="*.foxbusiness.com" />
-	<target host="*.foxnews.com" />
-	<target host="facebook.foxnewsinsider.com" />
-	<target host="foxnews.ramp.com" />
-
-
-	<rule from="^http://www\.fbnstatic\.com/"
-		to="https://a57.foxnews.com/$1static.com/" />
-
-	<rule from="^http://global\.fncstatic\.com/"
-		to="https://global.fncstatic.com/" />
-
-	<rule from="^http://(beta\.)?video\.foxbusiness\.com/"
-		to="https://$1video.foxbusiness.com/" />
-
-	<rule from="^http://(a57|ads|video\.(?:imag|insider|latino|ureport)|live|video|beta\.video(?:\.latino)?)\.foxnews\.com/"
-		to="https://$1.foxnews.com/" />
-
-	<rule from="^http://metrics\.foxnews\.com/"
-		to="https://foxnews.112.2o7.net/" />
-
-	<rule from="^http://uereport\.foxnews\.com/services/"
-		to="https://filemobile.com/services/" />
-
-	<rule from="^http://facebook\.foxnewsinsider\.com/"
-		to="https://facebook.foxnewsinsider.com/" />
-
-	<rule from="^http://foxnews\.ramp\.com/"
-		to="https://foxnews.ramp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FoxyCart.com.xml b/src/chrome/content/rules/FoxyCart.com.xml
index 2b497f8e8703..a36d5a37a4b7 100644
--- a/src/chrome/content/rules/FoxyCart.com.xml
+++ b/src/chrome/content/rules/FoxyCart.com.xml
@@ -41,14 +41,16 @@
 -->
 <ruleset name="FoxyCart.com (partial)">
 
-	<target host="foxycart.com" />
-	<target host="*.foxycart.com" />
+	<target host="admin.foxycart.com" />
+	<target host="cdn.foxycart.com" />
+	<target host="docs.foxycart.com" />
+	<target host="forum.foxycart.com" />
+	<target host="wiki.foxycart.com" />
 
 
 	<securecookie host="^(?:admin|docs|forum|wiki)\.foxycart\.com$" name=".+" />
 
 
-	<rule from="^http://(admin|cdn|docs|forum|wiki)\.foxycart\.com/"
-		to="https://$1.foxycart.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Foxydeal.de-falsemixed.xml b/src/chrome/content/rules/Foxydeal.de-falsemixed.xml
index 938889b26a0a..1b40e1632c23 100644
--- a/src/chrome/content/rules/Foxydeal.de-falsemixed.xml
+++ b/src/chrome/content/rules/Foxydeal.de-falsemixed.xml
@@ -7,7 +7,7 @@ Fetch error: http://foxydeal.com/ => https://foxydeal.de/: (28, 'Connection time
 	For rules not causing false/broken MCB, see Foxydeal.de.xml.
 
 -->
-<ruleset name="foxydeal.de (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="foxydeal.de (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="foxydeal.de" />
 	<target host="*.foxydeal.de" />
diff --git a/src/chrome/content/rules/Foxydeal.de.xml b/src/chrome/content/rules/Foxydeal.de.xml
index 8053c063cf13..5695e99485de 100644
--- a/src/chrome/content/rules/Foxydeal.de.xml
+++ b/src/chrome/content/rules/Foxydeal.de.xml
@@ -22,7 +22,7 @@ Fetch error: http://foxydeal.com/ => http://foxydeal.com/: (28, 'Connection time
 	* Secured by us
 
 -->
-<ruleset name="foxydeal.de (partial)" default_off='failed ruleset test'>
+<ruleset name="foxydeal.de (partial)" default_off="failed ruleset test">
 
 	<target host="foxydeal.de" />
 	<target host="www.foxydeal.de" />
diff --git a/src/chrome/content/rules/Fqtag.com.xml b/src/chrome/content/rules/Fqtag.com.xml
new file mode 100644
index 000000000000..32e9113220b3
--- /dev/null
+++ b/src/chrome/content/rules/Fqtag.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Fqtag.com">
+	<target host="fqtag.com" />
+	<target host="www.fqtag.com" />
+	<target host="c.fqtag.com" />
+	<target host="new.fqtag.com" />
+	<target host="s.fqtag.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FragDenStaat.de.xml b/src/chrome/content/rules/FragDenStaat.de.xml
deleted file mode 100644
index 11be6d10118b..000000000000
--- a/src/chrome/content/rules/FragDenStaat.de.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="FragDenStaat.de">
-  <target host="fragdenstaat.de" />
-  <target host="www.fragdenstaat.de" />
-
-  <securecookie host="^(?:www\.)?fragdenstaat\.de$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Frama.io.xml b/src/chrome/content/rules/Frama.io.xml
new file mode 100644
index 000000000000..7503a3cf39b9
--- /dev/null
+++ b/src/chrome/content/rules/Frama.io.xml
@@ -0,0 +1,16 @@
+<!--
+	No working URL known:
+		frama.io
+
+-->
+<ruleset name="Frama.io">
+
+	<!-- Each user gets their own subdomain -->
+	<target host="*.frama.io" />
+		<test url="http://dflinux.frama.io/thebeginnershandbook/lcdd01-debian/" />
+		<test url="http://mabu.frama.io/HeartTempo/" />
+		<test url="http://zeduckmaster.frama.io/2016/how-to-create-a-custom-rendering-in-a-qt5-widget/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Framasoft.xml b/src/chrome/content/rules/Framasoft.xml
index e15c7c43d0a9..b48712454818 100644
--- a/src/chrome/content/rules/Framasoft.xml
+++ b/src/chrome/content/rules/Framasoft.xml
@@ -1,39 +1,6 @@
 <ruleset name="Framasoft">
-        <target host="frama.link" />
-        <target host="framabee.org" />
-        <target host="www.framabee.org" />
-        <target host="framabin.org" />
         <target host="framadate.org" />
-        <target host="framakey.org" />
-        <target host="framapic.org" />
         <target host="framindmap.org" />
-        <target host="huit.re" />
-        <target host="tontonroger.org" />
-        <target host="www.tontonroger.org" />
-        <target host="contact.framasoft.org" />
-        <target host="trouvons.org" />
-        <target host="www.trouvons.org" />
-        <target host="framabag.org" />
-        <target host="framacalc.org" />
-        <target host="framanews.org" />
-        <target host="soutenir.framasoft.org" />
-        <target host="participer.framasoft.org" />                                                                                                                                              
-        <target host="framasphere.org" />                                                                                                                                                       
-        <target host="stats.framasoft.org" />                                                                                                                                                   
-        <target host="status.framasoft.org" />                                                                                                                                                  
-        <target host="framacolibri.org" />                                                                                                                                                      
-        <target host="git.framasoft.org" />                                                                                                                                                     
-        <target host="framapad.org" />                                                                                                                                                          
-        <target host="quotidien.framapad.org" />
-        <target host="hebdo.framapad.org" />
-        <target host="mensuel.framapad.org" />
-        <target host="bimestriel.framapad.org" />
-        <target host="semestriel.framapad.org" />
-        <target host="annuel.framapad.org" />
-        <target host="framalab.org" />
-        <target host="www.framalab.org" />
-        <target host="framavox.org" />
-        <target host="framateam.org" />
 
 		<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/FrancaisFacile.com.xml b/src/chrome/content/rules/FrancaisFacile.com.xml
new file mode 100644
index 000000000000..70700a7e744d
--- /dev/null
+++ b/src/chrome/content/rules/FrancaisFacile.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Related rulesets:
+		AllemandFacile.com.xml
+		AnglaisFacile.com.xml
+		EspagnolFacile.com.xml
+		Italien-Facile.com.xml
+		MathematiquesFaciles.com.xml
+		MesExercices.com.xml
+		MesOutils.com.xml
+		NLFacile.com.xml
+		ToLearnEnglish.com.xml
+		TousLesCours.com.xml
+-->
+<ruleset name="FrancaisFacile.com">
+	<target host="francaisfacile.com" />
+	<target host="www.francaisfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FranceTVInfo.fr.xml b/src/chrome/content/rules/FranceTVInfo.fr.xml
index d749afdf425a..6f2234395de1 100644
--- a/src/chrome/content/rules/FranceTVInfo.fr.xml
+++ b/src/chrome/content/rules/FranceTVInfo.fr.xml
@@ -4,7 +4,7 @@
 
 	Mixed content:
 		geopolis.francetvinfo.fr
-	
+
 	Different content HTTP/HTTPS:
 		m.geopolis.francetvinfo.fr
 
@@ -40,7 +40,7 @@
 	<rule from="^http://francetvinfo\.fr/"
 		to="https://www.francetvinfo.fr/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Franceserv.xml b/src/chrome/content/rules/Franceserv.xml
index 1201d0ccfe18..ba108cc785a4 100644
--- a/src/chrome/content/rules/Franceserv.xml
+++ b/src/chrome/content/rules/Franceserv.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frank_Timis.xml b/src/chrome/content/rules/Frank_Timis.xml
deleted file mode 100644
index 72f1c98984fb..000000000000
--- a/src/chrome/content/rules/Frank_Timis.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	!www works over neither http nor https
-
--->
-<ruleset name="Frank Timis">
-
-	<target host="*.franktimis.com" />
-
-
-	<securecookie host="^\.franktimis\.com$" name=".+" />
-
-
-	<rule from="^http://www\.franktimis\.com/"
-		to="https://www.franktimis.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Franken.de.xml b/src/chrome/content/rules/Franken.de.xml
index 94bd5770542a..8552c29a7781 100644
--- a/src/chrome/content/rules/Franken.de.xml
+++ b/src/chrome/content/rules/Franken.de.xml
@@ -8,7 +8,9 @@
 <ruleset name="Franken.de">
 
 	<target host="franken.de" />
-	<target host="*.franken.de" />
+	<target host="www.franken.de" />
+	<target host="cloud.franken.de" />
+	<target host="kerio.franken.de" />
 
 
 	<!--	Secured by server:
@@ -25,7 +27,6 @@
 	<rule from="^http://(?:www\.)?franken\.de/"
 		to="https://www.franken.de/" />
 
-	<rule from="^http://(cloud|kerio)\.franken\.de/"
-		to="https://$1.franken.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Frankfurtkanu.de.xml b/src/chrome/content/rules/Frankfurtkanu.de.xml
new file mode 100644
index 000000000000..2e906b7d5406
--- /dev/null
+++ b/src/chrome/content/rules/Frankfurtkanu.de.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.frankfurtkanu.de:
+	cms.frankfurtkanu.de
+	ebbok.frankfurtkanu.de
+	files.frankfurtkanu.de
+	mx0.frankfurtkanu.de
+	outrigger.frankfurtkanu.de
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Frankfurtkanu.de">
+	<target host="frankfurtkanu.de" />
+	<target host="www.frankfurtkanu.de" />
+	<target host="mmc.frankfurtkanu.de" />
+	<target host="www.mmc.frankfurtkanu.de" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml b/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml
index 8b9a91b32d73..63c4f9f817b8 100644
--- a/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml
+++ b/src/chrome/content/rules/Franklin_W_Olin_College_of_Engineering.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.olin.edu/ => https://www.olin.edu/: Cycle detected - URL
 		- ieee		(times out)
 
 -->
-<ruleset name="Franklin W. Olin College of Engineering" default_off='failed ruleset test'>
+<ruleset name="Franklin W. Olin College of Engineering" default_off="failed ruleset test">
 
 	<target host="olin.edu" />
 	<target host="www.olin.edu" />
@@ -20,4 +20,4 @@ Fetch error: http://www.olin.edu/ => https://www.olin.edu/: Cycle detected - URL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frascati_Producties.nl.xml b/src/chrome/content/rules/Frascati_Producties.nl.xml
index 1bcbfa234629..3ae2d97e391f 100644
--- a/src/chrome/content/rules/Frascati_Producties.nl.xml
+++ b/src/chrome/content/rules/Frascati_Producties.nl.xml
@@ -14,7 +14,7 @@
 
 
 	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name="" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http://frascatiproducties\.nl/"
diff --git a/src/chrome/content/rules/Frascati_Theater.nl.xml b/src/chrome/content/rules/Frascati_Theater.nl.xml
index 07f852c1cc52..cdb57dff254c 100644
--- a/src/chrome/content/rules/Frascati_Theater.nl.xml
+++ b/src/chrome/content/rules/Frascati_Theater.nl.xml
@@ -14,7 +14,7 @@
 
 
 	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name="" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http://frascatitheater\.nl/"
diff --git a/src/chrome/content/rules/Frauenpg.ch.xml b/src/chrome/content/rules/Frauenpg.ch.xml
new file mode 100644
index 000000000000..6de0f1cf3609
--- /dev/null
+++ b/src/chrome/content/rules/Frauenpg.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Frauenpg.ch">
+	<target host="frauenpg.ch" />
+	<target host="www.frauenpg.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Frdic.com.xml b/src/chrome/content/rules/Frdic.com.xml
new file mode 100644
index 000000000000..696210a77161
--- /dev/null
+++ b/src/chrome/content/rules/Frdic.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Nonfunctional hosts in *.frdic.com:
+
+	http redirect
+		bbs.frdic.com
+		cn4.frdic.com
+		cn1b.frdic.com
+		cn1-1.frdic.com
+		my.frdic.com
+
+	connection refused
+		beta.frdic.com
+		api.frdic.com
+		services.frdic.com
+
+	Invalid certificate
+		wiki.gateway.frdic.com
+-->
+<ruleset name="Frdic.com">
+	<target host="frdic.com" />
+	<target host="www.frdic.com" />
+	<target host="bbs.frdic.com" />
+	<target host="cn3b.frdic.com" />
+	<target host="eu.frdic.com" />
+	<target host="my.frdic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fred_and_Pickles.xml b/src/chrome/content/rules/Fred_and_Pickles.xml
index a7e288773ca5..34b82565af26 100644
--- a/src/chrome/content/rules/Fred_and_Pickles.xml
+++ b/src/chrome/content/rules/Fred_and_Pickles.xml
@@ -5,7 +5,7 @@ Fetch error: http://fredandpickles.co.uk/ => https://fredandpickles.co.uk/: (28,
 Fetch error: http://www.fredandpickles.co.uk/ => https://www.fredandpickles.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Fred and Pickles" default_off='failed ruleset test'>
+<ruleset name="Fred and Pickles" default_off="failed ruleset test">
 
 	<target host="fredandpickles.co.uk" />
 	<target host="www.fredandpickles.co.uk" />
@@ -16,4 +16,4 @@ Fetch error: http://www.fredandpickles.co.uk/ => https://www.fredandpickles.co.u
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fredericia.dk.xml b/src/chrome/content/rules/Fredericia.dk.xml
index 9c5fe316ad44..60fdf52bdac9 100644
--- a/src/chrome/content/rules/Fredericia.dk.xml
+++ b/src/chrome/content/rules/Fredericia.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://fredericia.dk/ => https://fredericia.dk/: (60, 'SSL certific
 Fetch error: http://www.fredericia.dk/ => https://www.fredericia.dk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Fredericia.dk" default_off='failed ruleset test'>
+<ruleset name="Fredericia.dk" default_off="failed ruleset test">
 
 	<target host="fredericia.dk" />
 	<target host="www.fredericia.dk" />
diff --git a/src/chrome/content/rules/Free-TV-Video-Online.me.xml b/src/chrome/content/rules/Free-TV-Video-Online.me.xml
index a847d1a591cb..dfe8cfecdb70 100644
--- a/src/chrome/content/rules/Free-TV-Video-Online.me.xml
+++ b/src/chrome/content/rules/Free-TV-Video-Online.me.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.free-tv-video-online.me/ => https://www.free-tv-video-on
 	* Secured by us
 
 -->
-<ruleset name="Free-TV-Video-Online.me" default_off='failed ruleset test'>
+<ruleset name="Free-TV-Video-Online.me" default_off="failed ruleset test">
 
 	<target host="free-tv-video-online.me" />
 	<target host="www.free-tv-video-online.me" />
diff --git a/src/chrome/content/rules/FreeBSD.org.xml b/src/chrome/content/rules/FreeBSD.org.xml
index 279da4ddf177..50674cb0f679 100644
--- a/src/chrome/content/rules/FreeBSD.org.xml
+++ b/src/chrome/content/rules/FreeBSD.org.xml
@@ -78,4 +78,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FreeBSoft.org.xml b/src/chrome/content/rules/FreeBSoft.org.xml
index 204d8bfe966a..6df3b39ac8c9 100644
--- a/src/chrome/content/rules/FreeBSoft.org.xml
+++ b/src/chrome/content/rules/FreeBSoft.org.xml
@@ -4,9 +4,7 @@
 		- www *
 		- beta **
 		- cvs **
-		- devel *
-		- git **
-		- live *
+		- lists
 
 	* Shows www.ktn.cz, valid cert
 	** 500, valid cert
@@ -23,8 +21,12 @@
 -->
 <ruleset name="FreeBSoft.org (partial)">
 
+	<target host="freebsoft.org" />
+	<target host="devel.freebsoft.org" />
+	<target host="git.freebsoft.org" />
 	<target host="its.freebsoft.org" />
-	<target host="lists.freebsoft.org" />
+	<target host="live.freebsoft.org" />
+	<target host="www.freebsoft.org" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/FreeDesktop.xml b/src/chrome/content/rules/FreeDesktop.xml
index e310337c8731..7a634ad137af 100644
--- a/src/chrome/content/rules/FreeDesktop.xml
+++ b/src/chrome/content/rules/FreeDesktop.xml
@@ -1,96 +1,55 @@
 <!--
-	Nonfunctional hosts in *freedesktop.org:
-
-		- planet *
-
-	* Shows www.freedesktop.org
-
-
-	Problematic hosts in *freedesktop.org:
-
-		- download ¹
-		- sitewranglers ¹
-		- xorg ¹
-
-	¹ Shows www.freedesktop.org, preemptable redirect
-
-
-	Mixed content:
-
-		- css on freetype from fonts.googleapis.com ˢ
-		- Bug on freetype from api.flattr.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+	Mismatched:
+		- download.freedesktop.org
+		- sitewranglers.freedesktop.org
+		- swfdec.freedesktop.org
+		- tango.freedesktop.org
 -->
 <ruleset name="freedesktop.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
 	<target host="freedesktop.org" />
+	<target host="www.freedesktop.org" />
 	<target host="apoc.freedesktop.org" />
 	<target host="bugs.freedesktop.org" />
 	<target host="bugzilla.freedesktop.org" />
 	<target host="cgit.freedesktop.org" />
-	<target host="dri.freedesktop.org" />
 	<target host="dbus.freedesktop.org" />
+	<target host="dri.freedesktop.org" />
 	<target host="fontconfig.freedesktop.org" />
 	<target host="freetype.freedesktop.org" />
+	<target host="gitlab.freedesktop.org" />
 	<target host="gstreamer.freedesktop.org" />
 	<target host="gypsy.freedesktop.org" />
+	<target host="hal.freedesktop.org" />
+	<target host="icon-theme.freedesktop.org" />
 	<target host="ldtp.freedesktop.org" />
 	<target host="libbsd.freedesktop.org" />
 	<target host="libdlo.freedesktop.org" />
 	<target host="liboil.freedesktop.org" />
 	<target host="libopenraw.freedesktop.org" />
+	<target host="libspectre.freedesktop.org" />
 	<target host="lists.freedesktop.org" />
+	<target host="mesa.freedesktop.org" />
 	<target host="nice.freedesktop.org" />
 	<target host="nouveau.freedesktop.org" />
 	<target host="patchwork.freedesktop.org" />
 	<target host="people.freedesktop.org" />
 	<target host="piglit.freedesktop.org" />
+	<target host="planet.freedesktop.org" />
 	<target host="pm-utils.freedesktop.org" />
 	<target host="poppler.freedesktop.org" />
 	<target host="portland.freedesktop.org" />
 	<target host="secure.freedesktop.org" />
 	<target host="specifications.freedesktop.org" />
 	<target host="standards.freedesktop.org" />
-	<target host="swfdec.freedesktop.org" />
 	<target host="telepathy.freedesktop.org" />
-	<target host="xcb.freedesktop.org" />
 	<target host="wayland.freedesktop.org" />
 	<target host="wiki.freedesktop.org" />
-	<target host="www.freedesktop.org" />
-
-	<!--	Complications:
-				-->
-	<target host="download.freedesktop.org" />
-	<target host="sitewranglers.freedesktop.org" />
+	<target host="xcb.freedesktop.org" />
 	<target host="xorg.freedesktop.org" />
 
-		<test url="http://people.freedesktop.org/~airlied/" />
-		<test url="http://xcb.freedesktop.org/dist" />
-
-
-	<securecookie host="^bug" name=".+" />
-
-
-	<!--	Redirects as so:
-				-->
-	<rule from="^http://(?:download|sitewranglers)\.freedesktop\.org/"
-		to="https://fontconfig.freedesktop.org/" />
-
-	<rule from="^http://xorg\.freedesktop\.org/wiki(?=$|\?)"
-		to="https://wiki.freedesktop.org/xorg" />
-
-		<test url="http://xorg.freedesktop.org/wiki" />
-
-	<rule from="^http://xorg\.freedesktop\.org/(?:wiki/)?"
-		to="https://wiki.freedesktop.org/xorg/" />
-
-		<test url="http://xorg.freedesktop.org/wiki/" />
+	<test url="http://people.freedesktop.org/~airlied/" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FreePDFHosting.com.xml b/src/chrome/content/rules/FreePDFHosting.com.xml
new file mode 100644
index 000000000000..c690f67dbbb5
--- /dev/null
+++ b/src/chrome/content/rules/FreePDFHosting.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="FreePDFHosting.com">
+	<target host="freepdfhosting.com" />
+	<target host="www.freepdfhosting.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreePress.net.xml b/src/chrome/content/rules/FreePress.net.xml
new file mode 100644
index 000000000000..eec0b63f6515
--- /dev/null
+++ b/src/chrome/content/rules/FreePress.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- agenda.freepress.net
+
+		SSL peer certificate was not OK:
+		- conference.freepress.net
+		- s3.freepress.net
+-->
+<ruleset name="Free Press.net">
+	<target host="freepress.net" />
+	<target host="www.freepress.net" />
+	<target host="act.freepress.net" />
+	<target host="act2.freepress.net" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeRADIUS.org.xml b/src/chrome/content/rules/FreeRADIUS.org.xml
new file mode 100644
index 000000000000..fb881907d3a4
--- /dev/null
+++ b/src/chrome/content/rules/FreeRADIUS.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid Certificate:
+		- bugs.freeradius.org
+		- ftp.freeradius.org
+		- git.freeradius.org
+		- lists.freeradius.org
+		- mail.freeradius.org
+		- ns2.freeradius.org
+		- power.freeradius.org
+		- luajit.wiki.freeradius.org
+-->
+
+<ruleset name="FreeRADIUS.org">
+	<target host="freeradius.org" />
+	<target host="www.freeradius.org" />
+	<target host="doc.freeradius.org" />
+	<target host="wiki.freeradius.org" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeRTOS.org.xml b/src/chrome/content/rules/FreeRTOS.org.xml
deleted file mode 100644
index 07a968cd33de..000000000000
--- a/src/chrome/content/rules/FreeRTOS.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	(www.)?: Refused
-
--->
-<ruleset name="FreeRTOS.org (partial)">
-
-	<target host="shop.freertos.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FreeSWITCH.org.xml b/src/chrome/content/rules/FreeSWITCH.org.xml
index a874c18900df..a49e1a480007 100644
--- a/src/chrome/content/rules/FreeSWITCH.org.xml
+++ b/src/chrome/content/rules/FreeSWITCH.org.xml
@@ -1,33 +1,18 @@
 <!--
-	Nonfunctional hosts in *freeswitch.org:
-
-		- lists *
-
-	* Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- wiki.freeswitch.org
-
-
-	Mixed content:
-
-		- Image on (www.)? from ^ *
-
-	* Secured by us
-
+	Expired:
+		- sidious.freeswitch.org
 -->
-<ruleset name="FreeSWITCH.org (partial)">
+<ruleset name="FreeSWITCH.org">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="freeswitch.org" />
+	<target host="www.freeswitch.org" />
 	<target host="confluence.freeswitch.org" />
 	<target host="docs.freeswitch.org" />
+	<target host="files.freeswitch.org" />
 	<target host="jira.freeswitch.org" />
+	<target host="lists.freeswitch.org" />
+	<target host="pastebin.freeswitch.org" />
 	<target host="wiki.freeswitch.org" />
-	<target host="www.freeswitch.org" />
 
 
 	<!--	Not secured by server:
@@ -37,7 +22,6 @@
 	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FreeScoreNation.com.xml b/src/chrome/content/rules/FreeScoreNation.com.xml
index ecea1ae3625a..61057f20d3c0 100644
--- a/src/chrome/content/rules/FreeScoreNation.com.xml
+++ b/src/chrome/content/rules/FreeScoreNation.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://freescorenation.com/ => https://freescorenation.com/: (28, '
 Fetch error: http://www.freescorenation.com/ => https://www.freescorenation.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="FreeScoreNation.com" default_off='failed ruleset test'>
+<ruleset name="FreeScoreNation.com" default_off="failed ruleset test">
 
 	<target host="freescorenation.com" />
 	<target host="www.freescorenation.com" />
diff --git a/src/chrome/content/rules/FreeThesaurus.com.xml b/src/chrome/content/rules/FreeThesaurus.com.xml
new file mode 100644
index 000000000000..69f79a5fc94c
--- /dev/null
+++ b/src/chrome/content/rules/FreeThesaurus.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other related rulesets, see TheFreeDictionary.com.xml
+
+	Wildcard DNS and cert. Host responds to any subdomain.
+-->
+<ruleset name="FreeThesaurus.com">
+	<target host="freethesaurus.com" />
+	<target host="*.freethesaurus.com" />
+
+		<test url="http://www.freethesaurus.com/" />
+		<test url="http://encyclopedia.freethesaurus.com/" />
+		<test url="http://pt.freethesaurus.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FreeWheel-problematic.xml b/src/chrome/content/rules/FreeWheel-problematic.xml
index e29c2847b94a..bd7e3b5d4e96 100644
--- a/src/chrome/content/rules/FreeWheel-problematic.xml
+++ b/src/chrome/content/rules/FreeWheel-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="FreeWheel (self-signed)" default_off="expired, self-signed">
 
 	<target host="freewheel.tv" />
-	<target host="*.freewheel.tv" />
+	<target host="www.freewheel.tv" />
 
 
 	<securecookie host="^\.?freewheel\.tv$" name=".+" />
diff --git a/src/chrome/content/rules/FreeWheel.xml b/src/chrome/content/rules/FreeWheel.xml
index ad14bd5b3c77..592b1654b087 100644
--- a/src/chrome/content/rules/FreeWheel.xml
+++ b/src/chrome/content/rules/FreeWheel.xml
@@ -18,10 +18,11 @@ Fetch error: http://mrm.freewheel.tv/ => https://mrm.freewhell.tv/: (6, 'Could n
 		- m1.fwmrm.net	(503, akamai)
 
 -->
-<ruleset name="FreeWheel (partial)" default_off='failed ruleset test'>
+<ruleset name="FreeWheel (partial)" default_off="failed ruleset test">
 
 	<target host="mrm.freewheel.tv" />
-	<target host="*.fwmrm.net" />
+	<target host="2912a.v.fwmrm.net" />
+	<target host="2df7d.v.fwmrm.net" />
 
 
 	<securecookie host="^.*\.fwmrm\.net$" name=".+" />
@@ -33,7 +34,6 @@ Fetch error: http://mrm.freewheel.tv/ => https://mrm.freewhell.tv/: (6, 'Could n
 
 	<!--	Included on 3rd-party websites.
 							-->
-	<rule from="^http://2(912a|df7d)\.v\.fwmrm\.net/"
-		to="https://2$1.v.fwmrm.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Free_Bible_Software.com.xml b/src/chrome/content/rules/Free_Bible_Software.com.xml
index 398f6c3eee76..1548eed788a1 100644
--- a/src/chrome/content/rules/Free_Bible_Software.com.xml
+++ b/src/chrome/content/rules/Free_Bible_Software.com.xml
@@ -9,7 +9,7 @@
 		- www.freebiblesoftware.com
 
 -->
-<ruleset name="Free Bible Software.com" default_off="missing certificate chain">
+<ruleset name="Free Bible Software.com" default_off="cert-chain">
 
 	<target host="freebiblesoftware.com" />
 	<target host="development.freebiblesoftware.com" />
diff --git a/src/chrome/content/rules/Free_Movement.org.uk.xml b/src/chrome/content/rules/Free_Movement.org.uk.xml
index c594a920a90a..c37f8ebbd69d 100644
--- a/src/chrome/content/rules/Free_Movement.org.uk.xml
+++ b/src/chrome/content/rules/Free_Movement.org.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://freemovement.org.uk/ => https://freemovement.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'freemovement.org.uk'")
 
 -->
-<ruleset name="Free Movement.org.uk" default_off='failed ruleset test'>
+<ruleset name="Free Movement.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Free_Porn_Gif.com-falsemixed.xml b/src/chrome/content/rules/Free_Porn_Gif.com-falsemixed.xml
deleted file mode 100644
index b0203265f68b..000000000000
--- a/src/chrome/content/rules/Free_Porn_Gif.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Free_Porn_Gif.com.xml.
-
--->
-<ruleset name="Free Porn Gif.com (false MCB)" platform="mixedcontent">
-
-	<target host="freeporngif.com" />
-	<target host="www.freeporngif.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Free_Porn_Gif.com.xml b/src/chrome/content/rules/Free_Porn_Gif.com.xml
deleted file mode 100644
index 13fe450e64d8..000000000000
--- a/src/chrome/content/rules/Free_Porn_Gif.com.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Free_Porn_Gif.com-falsemixed.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .freeporngif.com
-
-
-	Mixed content:
-
-		- css, from:
-
-			- ^ *
-			- fonts.googleapis.com *
-
-		- Images from i *
-
-		- Ads/bugs, from:
-
-			- widget.plugrush.com
-			- prstatics.com
-
-	* Secured by us
-
--->
-<ruleset name="Free Porn Gif.com (partial)">
-
-	<target host="freeporngif.com" />
-	<target host="i.freeporngif.com" />
-	<target host="www.freeporngif.com" />
-
-		<!--	Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?freeporngif\.com/+(?!css/|favicon\.ico)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://freeporngif.com/best/" />
-			<test url="http://freeporngif.com/hot/" />
-			<test url="http://freeporngif.com/random/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://freeporngif.com/css/styles.css" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.freeporngif\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\." name="^__cfduid$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Free_Press.xml b/src/chrome/content/rules/Free_Press.xml
deleted file mode 100644
index 3bec521416ad..000000000000
--- a/src/chrome/content/rules/Free_Press.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/s3.freepress.net/
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Web bugs, on www from:
-
-			- www.facebook.com *
-			- platform.tumblr.com *
-
-	* Secured by us
-
--->
-<ruleset name="Free Press.net">
-
-	<target host="freepress.net" />
-	<target host="act.freepress.net" />
-	<target host="analytics.freepress.net" />
-	<target host="s3.freepress.net" />
-	<target host="www.freepress.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^act\.freepress\.net$" name="^sid$" /-->
-
-	<securecookie host="^(?:act\.|analytics\.|www\.)?freepress\.net$" name=".+" />
-
-
-	<rule from="^http://s3\.freepress\.net/"
-		to="https://s3.amazonaws.com/s3.freepress.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Free_Rainbow_Tables.xml b/src/chrome/content/rules/Free_Rainbow_Tables.xml
index baf9ceb15bbd..d432247fc857 100644
--- a/src/chrome/content/rules/Free_Rainbow_Tables.xml
+++ b/src/chrome/content/rules/Free_Rainbow_Tables.xml
@@ -5,7 +5,7 @@ Fetch error: http://freerainbowtables.com/ => https://freerainbowtables.com/: (7
 Fetch error: http://www.freerainbowtables.com/ => https://www.freerainbowtables.com/: (7, 'Failed to connect to www.freerainbowtables.com port 443: Connection refused')
 
 -->
-<ruleset name="Free Rainbow Tables.com" default_off='failed ruleset test'>
+<ruleset name="Free Rainbow Tables.com" default_off="failed ruleset test">
 
 	<target host="freerainbowtables.com" />
 	<target host="www.freerainbowtables.com" />
diff --git a/src/chrome/content/rules/Free_State_Project.org.xml b/src/chrome/content/rules/Free_State_Project.org.xml
index 93847806d87a..b43575385b05 100644
--- a/src/chrome/content/rules/Free_State_Project.org.xml
+++ b/src/chrome/content/rules/Free_State_Project.org.xml
@@ -14,7 +14,7 @@ Fetch error: http://pledge.freestateproject.org/ => https://pledge.freestateproj
 		- pledge.freestateproject.org
 
 -->
-<ruleset name="Free State Project.org" default_off='failed ruleset test'>
+<ruleset name="Free State Project.org" default_off="failed ruleset test">
 
 	<target host="freestateproject.org" />
 	<target host="pledge.freestateproject.org" />
diff --git a/src/chrome/content/rules/Freebase.xml b/src/chrome/content/rules/Freebase.xml
index d0fff9c2f56a..57d689f2a107 100644
--- a/src/chrome/content/rules/Freebase.xml
+++ b/src/chrome/content/rules/Freebase.xml
@@ -21,7 +21,7 @@ Fetch error: http://freebase.com/ => https://www.freebase.com/: (60, 'SSL certif
 	^freebase.com: Handshake fails
 
 -->
-<ruleset name="Freebase.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Freebase.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Freebaselibs.com.xml b/src/chrome/content/rules/Freebaselibs.com.xml
index 5757a60fef7a..317f6c9c9d80 100644
--- a/src/chrome/content/rules/Freebaselibs.com.xml
+++ b/src/chrome/content/rules/Freebaselibs.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://freebaselibs.com/ => https://static.freebase.com/: (60, 'SSL
 	^freebaselibs.com: Handshake fails
 
 -->
-<ruleset name="Freebaselibs.com" default_off='failed ruleset test'>
+<ruleset name="Freebaselibs.com" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Freecause.xml b/src/chrome/content/rules/Freecause.xml
index c928647bf465..70f238dc3961 100644
--- a/src/chrome/content/rules/Freecause.xml
+++ b/src/chrome/content/rules/Freecause.xml
@@ -5,7 +5,7 @@ Fetch error: http://freecause.com/ => https://freecause.com/: (28, 'Connection t
 Fetch error: http://www.freecause.com/ => https://www.freecause.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Freecause.com" default_off='failed ruleset test'>
+<ruleset name="Freecause.com" default_off="failed ruleset test">
   <target host="freecause.com" />
   <target host="www.freecause.com" />
 
diff --git a/src/chrome/content/rules/Freed0m4All.net.xml b/src/chrome/content/rules/Freed0m4All.net.xml
index 332ebf5a5bfd..f42bfc5e5bdd 100644
--- a/src/chrome/content/rules/Freed0m4All.net.xml
+++ b/src/chrome/content/rules/Freed0m4All.net.xml
@@ -22,7 +22,7 @@
 		- .freed0m4all.net
 
 -->
-<ruleset name="Freed0m4All.net (partial)">
+<ruleset name="Freed0m4All.net (partial)" default_off="timeout">
 
 	<target host="freed0m4all.net" />
 	<target host="chat.freed0m4all.net" />
@@ -36,7 +36,7 @@
 					-->
 	<!--securecookie host="^\.freed0m4all\.net$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^\.freed0m4all\.net$" name="" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml b/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml
index d3c26196b794..77dfac1e3be1 100644
--- a/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml
+++ b/src/chrome/content/rules/Freedom-from-Religion-Foundation.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Freedom-to-Tinker.xml b/src/chrome/content/rules/Freedom-to-Tinker.xml
index b5c4bc6e297d..7263d389ca34 100644
--- a/src/chrome/content/rules/Freedom-to-Tinker.xml
+++ b/src/chrome/content/rules/Freedom-to-Tinker.xml
@@ -4,7 +4,7 @@
 	<target host="www.freedom-to-tinker.com" />
 
 
-	<securecookie host="^(?:.*\.)?freedom-to-tinker.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/FreedomDefined.org.xml b/src/chrome/content/rules/FreedomDefined.org.xml
index fb82122916f1..51d14064bf8f 100644
--- a/src/chrome/content/rules/FreedomDefined.org.xml
+++ b/src/chrome/content/rules/FreedomDefined.org.xml
@@ -1,14 +1,14 @@
 <!--
 	Definition of Free Cultural Works (freedomdefined.org)
-	
+
 	Known non-HTTPS host in *.freedomdefined.org:
-	
+
 		- www.freedomdefined.org (redirects to freedomdefined.org)
-	
+
 -->
 <ruleset name="FreedomDefined.org">
 	<target host="freedomdefined.org" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Freefilm.to.xml b/src/chrome/content/rules/Freefilm.to.xml
new file mode 100644
index 000000000000..c28d109db493
--- /dev/null
+++ b/src/chrome/content/rules/Freefilm.to.xml
@@ -0,0 +1,9 @@
+<!--
+    Movies server
+-->
+<ruleset name="Freefilm.to">
+	<target host="freefilm.to" />
+	<target host="www.freefilm.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freegeoip.net.xml b/src/chrome/content/rules/Freegeoip.net.xml
index 3256be89ccbe..844e9db12cf8 100644
--- a/src/chrome/content/rules/Freegeoip.net.xml
+++ b/src/chrome/content/rules/Freegeoip.net.xml
@@ -6,7 +6,7 @@
 	<target host="www.freegeoip.net" />
 
 
-	<securecookie host="^\.freegeoip\.net$" name="^(?:__cfuid|cf_clearance)$" />
+	<securecookie host="^\.freegeoip\.net$" name="^cf_clearance$" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Freelancer.xml b/src/chrome/content/rules/Freelancer.xml
index 4990189dac14..2b56d3eb9d0e 100644
--- a/src/chrome/content/rules/Freelancer.xml
+++ b/src/chrome/content/rules/Freelancer.xml
@@ -20,7 +20,7 @@
 	<target host="*.freelancer.co.uk" />
 
 
-	<securecookie host="^(?:.*\.)?freelancer\.co(?:m|\.uk)$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(cdn\d+\.|www\.)?freelancer\.co(m|\.uk)/"
diff --git a/src/chrome/content/rules/Freelancers_Union.org.xml b/src/chrome/content/rules/Freelancers_Union.org.xml
index 9c3e55971578..9b8bf95d0bc7 100644
--- a/src/chrome/content/rules/Freelancers_Union.org.xml
+++ b/src/chrome/content/rules/Freelancers_Union.org.xml
@@ -15,7 +15,7 @@ Fetch error: http://freelancersunion.org/ => https://freelancersunion.org/: (51,
 	* Secured by us
 
 -->
-<ruleset name="Freelancers Union.org" default_off='failed ruleset test'>
+<ruleset name="Freelancers Union.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Freelibrary.org.xml b/src/chrome/content/rules/Freelibrary.org.xml
new file mode 100644
index 000000000000..772d7ee955e3
--- /dev/null
+++ b/src/chrome/content/rules/Freelibrary.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Missing certificate chain:
+		- freelibrary.org
+		- www.freelibrary.org
+
+	Mismatched:
+		- find.freelibrary.org
+-->
+<ruleset name="Freelibrary.org">
+	<target host="libwww.freelibrary.org" />
+	<target host="know.freelibrary.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freenet.de.xml b/src/chrome/content/rules/Freenet.de.xml
index f2074907e947..6ebf86c48f40 100644
--- a/src/chrome/content/rules/Freenet.de.xml
+++ b/src/chrome/content/rules/Freenet.de.xml
@@ -89,7 +89,7 @@ Fetch error: http://www.mload.freenet.de/ => https://www.mload.freenet.de/: (35,
 		- .freenet.de
 
 -->
-<ruleset name="freenet.de (partial)" default_off='failed ruleset test'>
+<ruleset name="freenet.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Freenom.com.xml b/src/chrome/content/rules/Freenom.com.xml
new file mode 100644
index 000000000000..45b596ac7dde
--- /dev/null
+++ b/src/chrome/content/rules/Freenom.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Active mixed content:
+		- whois.freenom.com
+
+	Weak certificate:
+		- partners.freenom.com, equivalent to my.freenom.com
+-->
+
+<ruleset name="Freenom.com">
+	<target host="freenom.com" />
+	<target host="www.freenom.com" />
+	<target host="api.freenom.com" />
+	<target host="my.freenom.com" />
+	<target host="partners.freenom.com" />
+	<target host="register.freenom.com" />
+	<target host="resellers.freenom.com" />
+
+	<rule from="^http://partners\.freenom\.com/"
+		to="https://my.freenom.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freenom.world.xml b/src/chrome/content/rules/Freenom.world.xml
new file mode 100644
index 000000000000..3dbb9b40ca18
--- /dev/null
+++ b/src/chrome/content/rules/Freenom.world.xml
@@ -0,0 +1,6 @@
+<ruleset name="Freenom.world">
+	<target host="freenom.world" />
+	<target host="www.freenom.world" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freeones.xml b/src/chrome/content/rules/Freeones.xml
new file mode 100644
index 000000000000..6404b4dcd106
--- /dev/null
+++ b/src/chrome/content/rules/Freeones.xml
@@ -0,0 +1,192 @@
+<!--
+	Invalid certificate:
+		amateure.freeones.com
+		discounts.freeones.com
+		game.freeones.com
+		pov.freeones.com
+
+	No working URL known:
+		cdn.beta.freeones.com
+
+	Refused connection:
+		flv.freeones.com
+		miss.freeones.com
+		videostore.freeones.com
+
+	Secure connection failed:
+		livecams.freeones.com
+
+	Time out:
+		blog.freeones.com
+		flashvideos.freeones.com
+		flvlb.freeones.com
+		lcs.freeones.com
+		links.freeones.com
+		masterphp.freeones.com
+		oldvideos.freeones.com
+		store.freeones.com
+
+-->
+<ruleset name="Freeones">
+	<target host="freeones.com"/>
+	<target host="www.freeones.com"/>
+	<target host="ae.freeones.com"/>
+	<target host="au.freeones.com"/>
+	<target host="board.freeones.com"/>
+	<target host="cn.freeones.com"/>
+	<target host="commy.freeones.com"/>
+	<target host="coza.freeones.com"/>
+	<target host="de.freeones.com"/>
+	<target host="flv.freeones.com"/>
+	<target host="forum.freeones.com"/>
+	<target host="gh1.freeones.com"/>
+	<target host="gh1photos.freeones.com"/>
+	<target host="gh2.freeones.com"/>
+	<target host="gh2photos.freeones.com"/>
+	<target host="gh3.freeones.com"/>
+	<target host="gh3photos.freeones.com"/>
+	<target host="gh4.freeones.com"/>
+	<target host="gh4photos.freeones.com"/>
+	<target host="img.freeones.com"/>
+	<target host="jscss.freeones.com"/>
+		<test url="http://jscss.freeones.com/banners/comfr_reviews_right.js"/>
+	<target host="m.freeones.com"/>
+	<target host="my.freeones.com"/>
+	<target host="ph.freeones.com"/>
+	<target host="photos.freeones.com"/>
+	<target host="reviews.freeones.com"/>
+	<target host="rr-lb.freeones.com"/>
+	<target host="sg.freeones.com"/>
+	<target host="soa.freeones.com"/>
+	<target host="thumbnails.freeones.com"/>
+	<target host="us-rr-lb.freeones.com"/>
+	<target host="uslb.freeones.com"/>
+	<target host="videolb.freeones.com"/>
+		<test url="http://videolb.freeones.com/fo/001/kv/C7/kvC7gb9ecDCAQaEDoDMcd8/list.smil"/>
+	<target host="videos.freeones.com"/>
+	<target host="videosnew.freeones.com"/>
+	<target host="vn.freeones.com"/>
+
+	<target host="freeones.com.br"/>
+	<target host="www.freeones.com.br"/>
+	<target host="freeones.com.co"/>
+	<target host="www.freeones.com.co"/>
+	<target host="freeones.com.es"/>
+	<target host="www.freeones.com.es"/>
+	<target host="freeones.com.gt"/>
+	<target host="www.freeones.com.gt"/>
+	<target host="freeones.com.mx"/>
+	<target host="www.freeones.com.mx"/>
+	<target host="freeones.com.pe"/>
+	<target host="www.freeones.com.pe"/>
+	<target host="freeones.com.pr"/>
+	<target host="www.freeones.com.pr"/>
+	<target host="freeones.com.py"/>
+	<target host="www.freeones.com.py"/>
+	<target host="freeones.com.tr"/>
+	<target host="www.freeones.com.tr"/>
+	<target host="freeones.com.tw"/>
+	<target host="www.freeones.com.tw"/>
+	<target host="freeones.com.ua"/>
+	<target host="www.freeones.com.ua"/>
+	<target host="freeones.com.uy"/>
+	<target host="www.freeones.com.uy"/>
+	<target host="freeones.com.ve"/>
+	<target host="www.freeones.com.ve"/>
+
+	<target host="freeones.am"/>
+	<target host="www.freeones.am"/>
+	<target host="freeones.at"/>
+	<target host="www.freeones.at"/>
+	<target host="freeones.be"/>
+	<target host="www.freeones.be"/>
+	<target host="freeones.bz"/>
+	<target host="www.freeones.bz"/>
+	<target host="freeones.ca"/>
+	<target host="www.freeones.ca"/>
+	<target host="freeones.cc"/>
+	<target host="www.freeones.cc"/>
+	<target host="freeones.ch"/>
+	<target host="www.freeones.ch"/>
+	<target host="freeones.cl"/>
+	<target host="www.freeones.cl"/>
+	<target host="freeones.co.cr"/>
+	<target host="www.freeones.co.cr"/>
+	<target host="freeones.co.il"/>
+	<target host="www.freeones.co.il"/>
+	<target host="freeones.co.in"/>
+	<target host="www.freeones.co.in"/>
+	<target host="freeones.co.kr"/>
+	<target host="www.freeones.co.kr"/>
+	<target host="freeones.co.nz"/>
+	<target host="www.freeones.co.nz"/>
+	<target host="freeones.co.uk"/>
+	<target host="www.freeones.co.uk"/>
+	<target host="freeones.cz"/>
+	<target host="www.freeones.cz"/>
+	<target host="freeones.dk"/>
+	<target host="www.freeones.dk"/>
+	<target host="freeones.ec"/>
+	<target host="www.freeones.ec"/>
+	<target host="freeones.es"/>
+	<target host="www.freeones.es"/>
+	<target host="freeones.fi"/>
+	<target host="www.freeones.fi"/>
+	<target host="freeones.fr"/>
+	<target host="www.freeones.fr"/>
+	<target host="freeones.gr"/>
+	<target host="www.freeones.gr"/>
+	<target host="freeones.hk"/>
+	<target host="www.freeones.hk"/>
+	<target host="freeones.hu"/>
+	<target host="www.freeones.hu"/>
+	<target host="freeones.ie"/>
+	<target host="www.freeones.ie"/>
+	<target host="freeones.im"/>
+	<target host="www.freeones.im"/>
+	<target host="freeones.it"/>
+	<target host="www.freeones.it"/>
+	<target host="freeones.jp"/>
+	<target host="www.freeones.jp"/>
+	<target host="freeones.la"/>
+	<target host="www.freeones.la"/>
+	<target host="freeones.li"/>
+	<target host="www.freeones.li"/>
+	<target host="freeones.lu"/>
+	<target host="www.freeones.lu"/>
+	<target host="freeones.lv"/>
+	<target host="www.freeones.lv"/>
+	<target host="freeones.nl"/>
+	<target host="www.freeones.nl"/>
+	<target host="freeones.no"/>
+	<target host="www.freeones.no"/>
+	<target host="freeones.nu"/>
+	<target host="www.freeones.nu"/>
+	<target host="freeones.pl"/>
+	<target host="www.freeones.pl"/>
+	<target host="freeones.pt"/>
+	<target host="www.freeones.pt"/>
+	<target host="freeones.ru"/>
+	<target host="www.freeones.ru"/>
+	<target host="freeones.se"/>
+	<target host="www.freeones.se"/>
+	<target host="freeones.si"/>
+	<target host="www.freeones.si"/>
+	<target host="freeones.sk"/>
+	<target host="www.freeones.sk"/>
+	<target host="freeones.tk"/>
+	<target host="www.freeones.tk"/>
+	<target host="freeones.tm"/>
+	<target host="www.freeones.tm"/>
+	<target host="freeones.to"/>
+	<target host="www.freeones.to"/>
+	<target host="freeones.tv"/>
+	<target host="www.freeones.tv"/>
+	<target host="freeones.vg"/>
+	<target host="www.freeones.vg"/>
+	<target host="freeones.ws"/>
+	<target host="www.freeones.ws"/>
+
+	<rule from="^http://flv\.freeones\.com/" to="https://videos.freeones.com/"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Freepik.com.xml b/src/chrome/content/rules/Freepik.com.xml
deleted file mode 100644
index 13dc20dc6f07..000000000000
--- a/src/chrome/content/rules/Freepik.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional hosts in *freepik.com:
-
-		- cdn[1-4] ¹
-		- cdnss ¹
-		- fr ²
-		- ru ²
-		- support ³
-		- www ⁴
-
-	¹ 404
-	² Shows www.freepik.com
-	³ Zendesk
-	⁴ Redirects to http
-
-
-	Insecure cookies are set for these domains:
-
-		- .freepik.com
-
--->
-<ruleset name="Freepik.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="freepik.com" /-->
-	<target host="nstatic1.freepik.com" />
-	<target host="profile.freepik.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.freepik\.com$" name="^gr_session$" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freescale.com.xml b/src/chrome/content/rules/Freescale.com.xml
index cbdf3a94e9f2..c24755ec54b0 100644
--- a/src/chrome/content/rules/Freescale.com.xml
+++ b/src/chrome/content/rules/Freescale.com.xml
@@ -85,7 +85,7 @@ Fetch error: http://fdc.freescale.com/ => https://fdc.freescale.com/: (6, 'Could
 	* Secured by us
 
 -->
-<ruleset name="Freescale.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Freescale.com (partial)" default_off="failed ruleset test">
 
 	<target host="apps.community.freescale.com" />
 	<target host="apps.community-uat.freescale.com" />
diff --git a/src/chrome/content/rules/Freetorrent.fr.xml b/src/chrome/content/rules/Freetorrent.fr.xml
deleted file mode 100644
index 137b4488818a..000000000000
--- a/src/chrome/content/rules/Freetorrent.fr.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Invalid certificate:
-		forum.freetorrent.fr
-
--->
-<ruleset name="Freetorrent.fr">
-
-	<target host="freetorrent.fr" />
-	<target host="www.freetorrent.fr" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Freezone.co.uk.xml b/src/chrome/content/rules/Freezone.co.uk.xml
index 0fda55bded09..8084065bdb37 100644
--- a/src/chrome/content/rules/Freezone.co.uk.xml
+++ b/src/chrome/content/rules/Freezone.co.uk.xml
@@ -17,7 +17,7 @@ Fetch error: http://support.freezone.co.uk/ => https://support.freezone.co.uk/:
 		- .freezone.co.uk
 
 -->
-<ruleset name="Freezone.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Freezone.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Freifunk-Ansbach.de.xml b/src/chrome/content/rules/Freifunk-Ansbach.de.xml
index eeef76ffdebb..e273e08a1d24 100644
--- a/src/chrome/content/rules/Freifunk-Ansbach.de.xml
+++ b/src/chrome/content/rules/Freifunk-Ansbach.de.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.freifunk-ansbach.de/ => https://www.freifunk-ansbach.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freifunk-ansbach.de'")
 
 -->
-<ruleset name="Freifunk-Ansbach.de" default_off='failed ruleset test'>
+<ruleset name="Freifunk-Ansbach.de" default_off="failed ruleset test">
 
 	<target host="freifunk-ansbach.de" />
 	<target host="www.freifunk-ansbach.de" />
diff --git a/src/chrome/content/rules/Freifunk.xml b/src/chrome/content/rules/Freifunk.xml
index eca8015e7f9d..149469a8e2b8 100644
--- a/src/chrome/content/rules/Freifunk.xml
+++ b/src/chrome/content/rules/Freifunk.xml
@@ -2,6 +2,7 @@
 	Other rulesets for freifunk.net:
 		- Freifunk-Bremen.xml
 		- Freifunk-FFM.xml
+		- ortenau.freifunk.net.xml
 
 	Nonfunctional subdomains:
 
@@ -19,6 +20,7 @@
 		- mailinglisten ¹
 		- piwik ³
 		- twitter ¹
+		- umfragen ¹
 		- vimeo ¹
 		- youtube ¹
 
@@ -46,11 +48,10 @@
 	<target host="radio.freifunk.net"/>
 	<target host="rss.freifunk.net"/>
 	<target host="twitter.freifunk.net"/>
-	<target host="umfragen.freifunk.net"/>
 	<target host="vimeo.freifunk.net"/>
 	<target host="wiki.freifunk.net"/>
 	<target host="youtube.freifunk.net"/>
-	
+
         <securecookie host="^(bug|forum|blog\.guetersloh|pad)\.freifunk\.net$" name=".+" />
 
 	<test url="http://facebook.freifunk.net/foo" />
diff --git a/src/chrome/content/rules/Freight_Calculator_Australia.xml b/src/chrome/content/rules/Freight_Calculator_Australia.xml
deleted file mode 100644
index 4e0e37237e6d..000000000000
--- a/src/chrome/content/rules/Freight_Calculator_Australia.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Cert only matches ^freightcalculator.com.au
-
--->
-<ruleset name="Freight Calculator Australia" default_off="self-signed">
-
-	<target host="freightcalculator.com.au" />
-	<target host="www.freightcalculator.com.au" />
-
-
-	<rule from="^http://(?:www\.)?freightcalculator\.com\.au/"
-		to="https://freightcalculator.com.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Freitag.xml b/src/chrome/content/rules/Freitag.xml
index df90f31af507..6e45b1cada3d 100644
--- a/src/chrome/content/rules/Freitag.xml
+++ b/src/chrome/content/rules/Freitag.xml
@@ -4,8 +4,8 @@
     <target host="digital.freitag.de" />
     <target host="abo.freitag.de" />
 
-    <securecookie host="^(www\.|digital\.|abo\.)?freitag\.de" name=".+" />	
-	
+    <securecookie host="^(www\.|digital\.|abo\.)?freitag\.de" name=".+" />
+
     <rule from="^http:"
 	        to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/French-Country-Cottages.co.uk.xml b/src/chrome/content/rules/French-Country-Cottages.co.uk.xml
index 273a8d59ad9b..5bc4fe812916 100644
--- a/src/chrome/content/rules/French-Country-Cottages.co.uk.xml
+++ b/src/chrome/content/rules/French-Country-Cottages.co.uk.xml
@@ -10,9 +10,9 @@
 	<target host="french-country-cottages.co.uk" />
 	<target host="www.french-country-cottages.co.uk" />
 
-	<rule from="^http://french-country-cottages\.co\.uk/" 
+	<rule from="^http://french-country-cottages\.co\.uk/"
 			to="https://www.french-country-cottages.co.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml b/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml
index 21149ce1de58..04a8ec0f1744 100644
--- a/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml
+++ b/src/chrome/content/rules/French-National-Centre-for-Scientific-Research.xml
@@ -116,7 +116,7 @@ Fetch error: http://labintel.cnrs.fr/ => https://labintel.cnrs.fr/: (60, 'SSL ce
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="CNRS.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="CNRS.fr (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -147,6 +147,8 @@ Fetch error: http://labintel.cnrs.fr/ => https://labintel.cnrs.fr/: (60, 'SSL ce
 	<target host="emploi.cnrs.fr" />
 	<!--target host="lpmmc.grenoble.cnrs.fr" /-->
 	<target host="www.igh.cnrs.fr" />
+	<target host="ftp.igh.cnrs.fr" />
+
 	<target host="intranet.cnrs.fr" />
 	<target host="janus.cnrs.fr" />
 	<target host="labintel.cnrs.fr" />
diff --git a/src/chrome/content/rules/FrenchLeaks.fr.xml b/src/chrome/content/rules/FrenchLeaks.fr.xml
new file mode 100644
index 000000000000..b319d5897495
--- /dev/null
+++ b/src/chrome/content/rules/FrenchLeaks.fr.xml
@@ -0,0 +1,9 @@
+<ruleset name="FrenchLeaks.fr">
+
+	<target host="frenchleaks.fr" />
+	<target host="www.frenchleaks.fr" />
+	<target host="secure.frenchleaks.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/FreshBooks.xml b/src/chrome/content/rules/FreshBooks.xml
deleted file mode 100644
index 3cba4fcf3cd7..000000000000
--- a/src/chrome/content/rules/FreshBooks.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://fb-assets.com/ => https://fb-assets.com/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://www.fb-assets.com/ => https://www.fb-assets.com/: (28, 'Connection timed out after 10000 milliseconds')
-	Nonfunctional domains:
-
-		- community.freshbooks.com *
-		- developers.freshbooks.com *
-
-	* Redirects to http, valid cert
-
-
-	Partially covered domains:
-
-		- (www.)freshbooks.com	($ redirects to secure)
-
--->
-<ruleset name="FreshBooks (partial)">
-
-	<target host="fb-assets.com" />
-	<target host="www.fb-assets.com" />
-	<target host="freshbooks.com" />
-	<target host="*.freshbooks.com" />
-		<exclusion pattern="^http://(?:www\.)?freshbooks\.com/(?!cache/|images/|javascript/|styles/)" />
-		<exclusion pattern="^http://(?:community|developers)\." />
-
-
-	<securecookie host="^(?!www\.).+\.freshbooks\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?fb-assets\.com/"
-		to="https://$1fb-assets.com/" />
-
-	<rule from="^http://([\w-]+\.)?freshbooks\.com/"
-		to="https://$1freshbooks.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/FreshFromThePot.com.xml b/src/chrome/content/rules/FreshFromThePot.com.xml
new file mode 100644
index 000000000000..72be7c0e343d
--- /dev/null
+++ b/src/chrome/content/rules/FreshFromThePot.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FreshFromThePot.com">
+	<target host="freshfromthepot.com" />
+	<target host="www.freshfromthepot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freshdesk.com.xml b/src/chrome/content/rules/Freshdesk.com.xml
new file mode 100644
index 000000000000..841c276be0b6
--- /dev/null
+++ b/src/chrome/content/rules/Freshdesk.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Remark: *.freshdesk.com has a wildcard DNS record.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- static.freshdesk.com
+		- static1.freshdesk.com
+		- static2.freshdesk.com
+		- static3.freshdesk.com
+		- static4.freshdesk.com
+		- static5.freshdesk.com
+-->
+<ruleset name="Freshdesk.com">
+	<target host="freshdesk.com" />
+	<target host="www.freshdesk.com" />
+	<target host="assets.freshdesk.com" />
+	<target host="blog.freshdesk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Freshdesk.xml b/src/chrome/content/rules/Freshdesk.xml
deleted file mode 100644
index 033c81028dcd..000000000000
--- a/src/chrome/content/rules/Freshdesk.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets.freshdesk.com.s3.amazonaws.com
-	cdn.freshdesk.com.s3.amazonaws.com
-
-		- d3o14s01j0qbic.cloudfront.net
-
-			- static
-			- static[1-5]
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-		- blog		(shows default nginx_ssl page; mismatched, CN: freshdesk.com)
-
--->
-<ruleset name="Freshdesk (partial)">
-
-	<target host="*.freshdesk.com" />
-		<exclusion pattern="^http://(?:blog|www)\." />
-
-
-	<rule from="^http://assets\.freshdesk\.com/"
-		to="https://s3.amazonaws.com/assets.freshdesk.com/" />
-
-	<rule from="^http://cdn\.freshdesk\.com/"
-		to="https://s3.amazonaws.com/cdn.freshdesk.com/" />
-
-	<rule from="^http://static[1-5]?\.freshdesk\.com/"
-		to="https://d3o14s01j0qbic.cloudfront.net/" />
-
-	<!--	Per-client subdomains:
-					-->
-	<rule from="^http://([\w-]+)\.freshdesk\.com/"
-		to="https://$1.freshdesk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Freshmilk.de.xml b/src/chrome/content/rules/Freshmilk.de.xml
index d13500298907..53de75afe6dc 100644
--- a/src/chrome/content/rules/Freshmilk.de.xml
+++ b/src/chrome/content/rules/Freshmilk.de.xml
@@ -21,13 +21,13 @@
 <ruleset name="Freshmilk.de" default_off="self-signed">
 
 	<target host="freshmilk.de" />
-	<target host="*.freshmilk.de" />
+	<target host="www.freshmilk.de" />
+	<target host="nettv.freshmilk.de" />
 
 
 	<rule from="^http://(?:www\.)?freshmilk\.de/"
 		to="https://www.freshmilk.de/" />
 
-	<rule from="^http://nettv\.freshmilk\.de/"
-		to="https://nettv.freshmilk.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Freshmilk.tv.xml b/src/chrome/content/rules/Freshmilk.tv.xml
deleted file mode 100644
index 4c7efa69d6dd..000000000000
--- a/src/chrome/content/rules/Freshmilk.tv.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(404, valid cert)
-
--->
-<ruleset name="Freshmilk.tv (partial)">
-
-	<target host="freshmilk.tv" />
-	<target host="*.freshmilk.tv" />
-		<exclusion pattern="^http://(?:www\.)?freshmilk\.tv/+(?!media/|static/)" />
-
-
-	<rule from="^http://(?:hub\.|www\.)?freshmilk\.tv/"
-		to="https://hub.freshmilk.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Frictional-Games.xml b/src/chrome/content/rules/Frictional-Games.xml
index eea2ed6e2554..477c683f297c 100644
--- a/src/chrome/content/rules/Frictional-Games.xml
+++ b/src/chrome/content/rules/Frictional-Games.xml
@@ -4,7 +4,7 @@
 	<target host="shelf.frictionalgames.com" />
 	<target host="www.frictionalgames.com" />
 
-	<securecookie host="^(?:.*\.)?frictionalgames\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/FriendFinder.xml b/src/chrome/content/rules/FriendFinder.xml
index 2877fd5c6146..47efbdbbef14 100644
--- a/src/chrome/content/rules/FriendFinder.xml
+++ b/src/chrome/content/rules/FriendFinder.xml
@@ -49,7 +49,7 @@ Fetch error: http://media.friendfinder.com/ => https://media.friendfinder.com/:
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="FriendFinder.com" default_off='failed ruleset test'>
+<ruleset name="FriendFinder.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Friendster.xml b/src/chrome/content/rules/Friendster.xml
index ad0ee6d84139..35d4b4d5d783 100644
--- a/src/chrome/content/rules/Friendster.xml
+++ b/src/chrome/content/rules/Friendster.xml
@@ -26,7 +26,7 @@ Fetch error: http://assets0.frndcdn.net/ => https://d3outgkpos8q21.cloudfront.ne
 	Some pages redirect to http
 
 -->
-<ruleset name="Friendster (partial)" default_off='failed ruleset test'>
+<ruleset name="Friendster (partial)" default_off="failed ruleset test">
 
 	<target host="friendster.com" />
 	<target host="www.friendster.com" />
@@ -39,4 +39,4 @@ Fetch error: http://assets0.frndcdn.net/ => https://d3outgkpos8q21.cloudfront.ne
 	<rule from="^http://assets0\.frndcdn\.net/"
 		to="https://d3outgkpos8q21.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Friesland_Bank.nl.xml b/src/chrome/content/rules/Friesland_Bank.nl.xml
deleted file mode 100644
index d2f1b529f049..000000000000
--- a/src/chrome/content/rules/Friesland_Bank.nl.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	(www.): dropped
-
--->
-<ruleset name="Friesland Bank.nl (partial)">
-
-	<target host="*.frieslandbank.nl" />
-		<!--exclusion pattern="http://www\.frieslandbank\.nl" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^forms\.frieslandbank\.nl$" name="^(/Contact|ASP\.NET_SessionId)$" /-->
-	<!--securecookie host="^internetbankieren\.frieslandbank\.nl$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^(?:forms|internetbankieren)\.frieslandbank\.nl$" name=".+" />
-
-
-	<rule from="^http://(forms|internetbankieren)\.frieslandbank\.nl/"
-		to="https://$1.frieslandbank.nl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Frim.nl.xml b/src/chrome/content/rules/Frim.nl.xml
index a8ebc280db40..e9e2a96fd7d4 100644
--- a/src/chrome/content/rules/Frim.nl.xml
+++ b/src/chrome/content/rules/Frim.nl.xml
@@ -1,13 +1,14 @@
 <ruleset name="frim.nl" default_off="self-signed">
 
 	<target host="frim.nl"/>
-	<target host="*.frim.nl"/>
+	<target host="www.frim.nl" />
+	<target host="frim.frim.nl" />
+	<target host="gitx.frim.nl" />
 
 	<!--	cert doesn't match /frim.nl	-->
 	<rule from="^http://(?:www\.)?frim\.nl/"
 		to="https://www.frim.nl/"/>
 
-	<rule from="^http://(frim|gitx)\.frim\.nl/"
-		to="https://$1.frim.nl/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Frivillighetshuset.no.xml b/src/chrome/content/rules/Frivillighetshuset.no.xml
index 1d808962e1b0..29cbc134e32c 100644
--- a/src/chrome/content/rules/Frivillighetshuset.no.xml
+++ b/src/chrome/content/rules/Frivillighetshuset.no.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.frivillighetshuset.no/ => https://www.frivillighetshuset
 	* Secured by us
 
 -->
-<ruleset name="Frivillighetshuset.no" default_off='failed ruleset test'>
+<ruleset name="Frivillighetshuset.no" default_off="failed ruleset test">
 
 	<target host="frivillighetshuset.no" />
 	<target host="www.frivillighetshuset.no" />
diff --git a/src/chrome/content/rules/From-UA.com.xml b/src/chrome/content/rules/From-UA.com.xml
new file mode 100644
index 000000000000..e2338879058b
--- /dev/null
+++ b/src/chrome/content/rules/From-UA.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="From-UA.com" >
+	<target host="from-ua.com" />
+	<target host="www.from-ua.com" />
+	<target host="fb.from-ua.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/FrontEndChecklist.io.xml b/src/chrome/content/rules/FrontEndChecklist.io.xml
new file mode 100644
index 000000000000..6f8faa501961
--- /dev/null
+++ b/src/chrome/content/rules/FrontEndChecklist.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="FrontEndChecklist.io">
+	<target host="frontendchecklist.io" />
+	<target host="www.frontendchecklist.io" />
+	<target host="develop.frontendchecklist.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml b/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml
index c3724235ba27..026853d4dc88 100644
--- a/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml
+++ b/src/chrome/content/rules/Frontier-Network-and-Computing-Systems.xml
@@ -19,10 +19,10 @@ Fetch error: http://fcns.eu/ => https://fcns.eu/: (7, 'Failed to connect to fcns
 	² Secured by us
 
 -->
-<ruleset name="Frontier Network and Computing Systems" default_off='failed ruleset test'>
+<ruleset name="Frontier Network and Computing Systems" default_off="failed ruleset test">
 
 	<target host="fcns.eu"/>
-	<target host="*.fcns.eu"/>
+	<target host="www.fcns.eu" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Frontier.co.uk.xml b/src/chrome/content/rules/Frontier.co.uk.xml
index aadb76186848..f6d33620a0a8 100644
--- a/src/chrome/content/rules/Frontier.co.uk.xml
+++ b/src/chrome/content/rules/Frontier.co.uk.xml
@@ -19,13 +19,15 @@
 <ruleset name="Frontier.co.uk (partial)">
 
 	<target host="frontier.co.uk" />
-	<target host="*.frontier.co.uk" />
+	<target host="elite.frontier.co.uk" />
+	<target host="kinectimals.frontier.co.uk" />
+	<target host="lostwinds.frontier.co.uk" />
+	<target host="www.frontier.co.uk" />
 
 
 	<securecookie host="^(?:(?:elite|kinectimals|lostwinds|www)\.)?frontier\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:elite|kinectimals|lostwinds|www)\.)?frontier\.co\.uk/"
-		to="https://$1frontier.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frooition_Software.xml b/src/chrome/content/rules/Frooition_Software.xml
index d1ca80d8e0bc..34386cdf45fd 100644
--- a/src/chrome/content/rules/Frooition_Software.xml
+++ b/src/chrome/content/rules/Frooition_Software.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FrostWire.xml b/src/chrome/content/rules/FrostWire.xml
index 01556662e070..91f5a6353816 100644
--- a/src/chrome/content/rules/FrostWire.xml
+++ b/src/chrome/content/rules/FrostWire.xml
@@ -2,7 +2,6 @@
 
 	<target host="static.frostwire.com"/>
 
-	<rule from="^http://static\.frostwire\.com/"
-		to="https://s3.amazonaws.com/static.frostwire.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Frostmourne-WoW.eu.xml b/src/chrome/content/rules/Frostmourne-WoW.eu.xml
index f2e69e0210cb..de0675db53b4 100644
--- a/src/chrome/content/rules/Frostmourne-WoW.eu.xml
+++ b/src/chrome/content/rules/Frostmourne-WoW.eu.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FrozenCPU.com.xml b/src/chrome/content/rules/FrozenCPU.com.xml
index 2a7e2bb29e61..7313f690fed4 100644
--- a/src/chrome/content/rules/FrozenCPU.com.xml
+++ b/src/chrome/content/rules/FrozenCPU.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml b/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml
index 1875ab6cfb9c..897bd692fe2e 100644
--- a/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml
+++ b/src/chrome/content/rules/Frozen_Yoghurt_Franchise.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.frozen-yogurt-franchise.org/ => https://www.frozen-yogur
 Disabled by https-everywhere-checker because:
 Fetch error: http://frozen-yogurt-franchise.org/ => https://frozen-yogurt-franchise.org/: (51, "SSL: no alternative certificate subject name matches target host name 'frozen-yogurt-franchise.org'")
 -->
-<ruleset name="Frozen Yoghurt Franchise" default_off='failed ruleset test'>
+<ruleset name="Frozen Yoghurt Franchise" default_off="failed ruleset test">
 
 	<target host="frozen-yogurt-franchise.org" />
 	<target host="www.frozen-yogurt-franchise.org" />
@@ -18,4 +18,4 @@ Fetch error: http://frozen-yogurt-franchise.org/ => https://frozen-yogurt-franch
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Frugalware.org.xml b/src/chrome/content/rules/Frugalware.org.xml
index 0e0694ba7d35..3327b76790cf 100644
--- a/src/chrome/content/rules/Frugalware.org.xml
+++ b/src/chrome/content/rules/Frugalware.org.xml
@@ -7,6 +7,7 @@
 		packages.frugalware.org
 		planet.frugalware.org
 		wiki.frugalware.org
+    bugs.frugalware.org
 
 	Private subdomain:
 		webmail.frugalware.org
@@ -15,18 +16,16 @@
 		www\d.frugalware.org
 		rsync\d.frugalware.org
 
+  Unresolved host:
+    - planet.frugalware.org
+
 -->
 <ruleset name="Frugalware.org">
 
 	<target host="frugalware.org" />
 	<target host="www.frugalware.org" />
-	<target host="bugs.frugalware.org" />
 	<target host="lists.frugalware.org" />
 	<target host="packages.frugalware.org" />
-	<target host="planet.frugalware.org" />
-		<exclusion pattern="^http://planet\.frugalware\.org/.+" />
-			<test url="http://planet.frugalware.org/index.php?post_id=27" />
-			<test url="http://planet.frugalware.org/index.php?post_id=33" />
 
 	<securecookie host="^.+\.frugalware\.org$" name=".+" />
 
@@ -36,9 +35,6 @@
 	<rule from="^http://packages\.frugalware\.org/"
 		to="https://frugalware.org/packages/" />
 
-	<rule from="^http://planet\.frugalware\.org/$"
-		to="https://frugalware.org/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Frys.xml b/src/chrome/content/rules/Frys.xml
index f3cba6fe880d..ea237c4e4b87 100644
--- a/src/chrome/content/rules/Frys.xml
+++ b/src/chrome/content/rules/Frys.xml
@@ -4,10 +4,16 @@
 -->
 <ruleset name="Frys (partial)">
 
-	<target host="*.frys.com" />
+	<target host="images.frys.com" />
+	<target host="shop1.frys.com" />
+	<target host="shop2.frys.com" />
+	<target host="shop3.frys.com" />
+	<target host="shop4.frys.com" />
+	<target host="shop5.frys.com" />
+	<target host="shop6.frys.com" />
 
 
-	<securecookie host="^.*\.frys\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Guilty of giving ExtremeTech http
@@ -15,7 +21,6 @@
 	<rule from="^http://images\.frys\.com/"
 		to="https://frys.hs.llnwd.net/e1/" />
 
-	<rule from="^http://shop([1-6])\.frys\.com/"
-		to="https://shop$1.frys.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fshare.vn.xml b/src/chrome/content/rules/Fshare.vn.xml
index 0806bfcf4e8b..6837c3e7cec0 100644
--- a/src/chrome/content/rules/Fshare.vn.xml
+++ b/src/chrome/content/rules/Fshare.vn.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/FuckOffGoogle.de.xml b/src/chrome/content/rules/FuckOffGoogle.de.xml
new file mode 100644
index 000000000000..33ddda745fed
--- /dev/null
+++ b/src/chrome/content/rules/FuckOffGoogle.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="FuckOffGoogle.de">
+	<target host="fuckoffgoogle.de" />
+	<target host="www.fuckoffgoogle.de" />
+	<target host="lists.fuckoffgoogle.de" />
+		<test url="http://lists.fuckoffgoogle.de/cgi-bin/mailman/admin" />
+	<target host="wiki.fuckoffgoogle.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fuelcdn.com.xml b/src/chrome/content/rules/Fuelcdn.com.xml
index 4cdc8f193489..4f61f119ff6c 100644
--- a/src/chrome/content/rules/Fuelcdn.com.xml
+++ b/src/chrome/content/rules/Fuelcdn.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://editor.fuelcdn.com/ => https://editor.fuelcdn.com/: (51, "SS
 	For other ExactTarget coverage, see ExactTarget.xml.
 
 -->
-<ruleset name="fuelcdn.com" default_off='failed ruleset test'>
+<ruleset name="fuelcdn.com" default_off="failed ruleset test">
 
 	<target host="fuelcdn.com" />
 	<target host="editor.fuelcdn.com" />
diff --git a/src/chrome/content/rules/Fuerza_Popular.xml b/src/chrome/content/rules/Fuerza_Popular.xml
deleted file mode 100644
index a3f9f8a36eb4..000000000000
--- a/src/chrome/content/rules/Fuerza_Popular.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://fuerzapopularpe.keikoperu.com/ => http://fuerzapopularpe.keikoperu.com/: (6, 'Could not resolve host: fuerzapopularpe.keikoperu.com')
-Fetch error: http://fuerzapopular.pe/ => http://fuerzapopular.pe/: (6, 'Could not resolve host: fuerzapopular.pe')
-Fetch error: http://www.fuerzapopular.pe/ => http://www.fuerzapopular.pe/: (6, 'Could not resolve host: www.fuerzapopular.pe')
-
-	fuerzapopularpe.keikoperu.com
-
-
-	Nonfunctional domains:
-
-		- (www.)fuerzapopular.com	(no https)
-
--->
-<ruleset name="Fuerza Popular (partial)" default_off='failed ruleset test'>
-
-	<target host="fuerzapopularpe.keikoperu.com" />
-	<target host="fuerzapopular.pe" />
-	<target host="www.fuerzapopular.pe" />
-
-
-	<rule from="^http://(?:fuerzapopularpe\.keikoperu\.com|(?:www\.)?fuerzapopular\.pe)/(banner/|favicon\.ico|wp-content/)"
-		to="https://secure.bluehost.com/~keikoper/fuerzapopular.pe/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fujirumors.com.xml b/src/chrome/content/rules/Fujirumors.com.xml
new file mode 100644
index 000000000000..720c063bf24c
--- /dev/null
+++ b/src/chrome/content/rules/Fujirumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Fujirumors.com">
+	<target host="fujirumors.com" />
+	<target host="www.fujirumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Fujitsu.xml b/src/chrome/content/rules/Fujitsu.xml
index 6f93473b2aa2..57f91d2578c4 100644
--- a/src/chrome/content/rules/Fujitsu.xml
+++ b/src/chrome/content/rules/Fujitsu.xml
@@ -1,42 +1,32 @@
 <!--
-	Nonfunctional jp paths:
+	Fujitsu related rulesets:
+		+ fmworld.net.xml
+		+ fujitsu-webmart.com.xml
 
-		- _jptoppromotion/jad/banner.png
-
--->
-<ruleset name="Fujitsu (partial)" platform="mixedcontent">
-
-	<target host="fmworld.net" />
-	<target host="*.fmworld.net" />
-	<target host="jp.fujitsu.com" />
-	<target host="img.jp.fujitsu.com" />
-		<exclusion pattern="^http://(?:img\.)?jp\.fujitsu\.com/imgv4/jp/" />
-	<target host="fujitsu-webmart.com" />
-	<target host="www.fujitsu-webmart.com" />
-	<!--	* for cross-subdomain cookie.	-->
-	<target host="*.www.fujitsu-webmart.com" />
-
-
-	<securecookie host="^.*\.fmworld\.net$" name=".+" />
-	<securecookie host="^.*\.fujitsu-webmart\.com$" name=".+" />
+	Non-functional hosts in *.fujitsu.com:
+		SSL connect error:
+		- sports-topics.jp.fujitsu.com
 
+		SSL peer certificate was not OK:
+		- img.jp.fujitsu.com
 
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?fmworld\.net/"
-		to="https://www.fmworld.net/" />
+		Self-signed certificate chain error:
+		- www.fei.fujitsu.com
 
-	<rule from="^http://azby\.fmworld\.net/"
-		to="https://azby.fmworld.net/" />
-
-	<!--	img 404s	-->
-	<rule from="^http://img\.jp\.fujitsu\.com/"
-		to="https://jp.fujitsu.com/" />
-
-	<rule from="^http://jp\.fujitsu\.com/(cgi-bin|cssv4|imgv[34])/"
-		to="https://jp.fujitsu.com/$1/" />
-
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?fujitsu-webmart\.com/"
-		to="https://www.fujitsu-webmart.com/" />
+-->
+<ruleset name="Fujitsu (partial)">
+	<target host="fujitsu.com" />
+	<target host="www.fujitsu.com" />
+	<target host="tech.fjct.fujitsu.com" />
+	<target host="www.fom.fujitsu.com" />
+	<target host="blog.global.fujitsu.com" />
+	<target host="digitalworkplace.global.fujitsu.com" />
+	<target host="jp.fujitsu.com" />
+	<target host="cloud-direct.jp.fujitsu.com" />
+	<target host="journal.jp.fujitsu.com" />
+	<target host="seminar.jp.fujitsu.com" />
+	<target host="pr.fujitsu.com" />
+	<target host="scansnap.fujitsu.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Fukuchi.org.xml b/src/chrome/content/rules/Fukuchi.org.xml
index 05d6920d0df3..a37a3f01e7d5 100644
--- a/src/chrome/content/rules/Fukuchi.org.xml
+++ b/src/chrome/content/rules/Fukuchi.org.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?fukuchi\.org/"
 		to="https://fukuchi.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Fulcrum_Biometrics.xml b/src/chrome/content/rules/Fulcrum_Biometrics.xml
index 132042ab2f90..dc63680fa875 100644
--- a/src/chrome/content/rules/Fulcrum_Biometrics.xml
+++ b/src/chrome/content/rules/Fulcrum_Biometrics.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Full-Circle-Studies.xml b/src/chrome/content/rules/Full-Circle-Studies.xml
index 684b08f5728b..f18a35b03942 100644
--- a/src/chrome/content/rules/Full-Circle-Studies.xml
+++ b/src/chrome/content/rules/Full-Circle-Studies.xml
@@ -22,7 +22,7 @@
 					-->
 	<!--securecookie host="^(www\.)?fullcirclestudies\.com$" name="^CSCompanyWebSession$" /-->
 
-	<securecookie host="^(?:.*\.)?fullcirclestudies\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/FullSlate.xml b/src/chrome/content/rules/FullSlate.xml
index a10b5ffbd956..13eeaa03f2d6 100644
--- a/src/chrome/content/rules/FullSlate.xml
+++ b/src/chrome/content/rules/FullSlate.xml
@@ -2,7 +2,6 @@
 	<target host="fullslate.com" />
 	<target host="*.fullslate.com" />
 
-	<test url="http://fullslate.com/" />
 	<test url="http://www.fullslate.com/" />
 	<test url="http://app.fullslate.com/" />
 	<test url="http://dudamobile.fullslate.com/" />
diff --git a/src/chrome/content/rules/FullTraffic.xml b/src/chrome/content/rules/FullTraffic.xml
index 11471d3184fd..f3769a191141 100644
--- a/src/chrome/content/rules/FullTraffic.xml
+++ b/src/chrome/content/rules/FullTraffic.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Full_Signal.xml b/src/chrome/content/rules/Full_Signal.xml
index 5cd3f12ef96f..bcba7564f327 100644
--- a/src/chrome/content/rules/Full_Signal.xml
+++ b/src/chrome/content/rules/Full_Signal.xml
@@ -16,7 +16,6 @@
 	<target host="static.thefullsignal.com" />
 
 
-	<rule from="^http://static\.thefullsignal\.com/"
-		to="https://d1jy4z176wg3x.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Fullerton.edu.xml b/src/chrome/content/rules/Fullerton.edu.xml
index 84532d74be5c..75e3f5aa25f7 100644
--- a/src/chrome/content/rules/Fullerton.edu.xml
+++ b/src/chrome/content/rules/Fullerton.edu.xml
@@ -89,16 +89,36 @@ Fetch error: http://fullerton.edu/ => https://fullerton.edu/: (51, "SSL: no alte
 <ruleset name="Fullerton.edu (partial)">
 
 	<target host="fullerton.edu" />
-	<target host="*.fullerton.edu" />
+	<target host="business.fullerton.edu" />
+	<target host="www.business.fullerton.edu" />
+	<target host="calstate.fullerton.edu" />
+	<target host="csuftraining.fullerton.edu" />
+	<target host="diversity.fullerton.edu" />
+	<target host="ehis.fullerton.edu" />
+	<target host="ehs.fullerton.edu" />
+	<target host="exchange.fullerton.edu" />
+	<target host="finance.fullerton.edu" />
+	<target host="giving.fullerton.edu" />
+	<target host="hr.fullerton.edu" />
+	<target host="library.fullerton.edu" />
+	<target host="www.library.fullerton.edu" />
+	<target host="my.fullerton.edu" />
+	<target host="parking.fullerton.edu" />
+	<target host="police.fullerton.edu" />
+	<target host="pp.fullerton.edu" />
+	<target host="riskmanagement.fullerton.edu" />
+	<target host="training.fullerton.edu" />
+	<target host="vpait.fullerton.edu" />
+	<target host="www.fullerton.edu" />
+	<target host="rmehs.fullerton.edu" />
 
 
 	<securecookie host="^(?:(?:calstate|diversity|ehis|ehs|exchange|finance|hr|my|parking|police|riskmanagement|training|vpait|www)\.)?fullerton\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:(?:www\.)?business|calstate|csuftraining|diversity|ehis|ehs|exchange|finance|giving|hr|(?:www\.)?library|my|parking|police|pp|riskmanagement|training|vpait|www)\.)?fullerton\.edu/"
-		to="https://$1fullerton.edu/" />
 
 	<rule from="^http://rmehs\.fullerton\.edu/"
 		to="https://ehis.fullerton.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/FundRazr.com.xml b/src/chrome/content/rules/FundRazr.com.xml
index 7378d1f08443..ec5ff8251e02 100644
--- a/src/chrome/content/rules/FundRazr.com.xml
+++ b/src/chrome/content/rules/FundRazr.com.xml
@@ -23,7 +23,9 @@
 <ruleset name="FundRazr.com (partial)">
 
 	<target host="fundrazr.com" />
-	<target host="*.fundrazr.com" />
+	<target host="poweredby.fundrazr.com" />
+	<target host="www.fundrazr.com" />
+	<target host="support.fundrazr.com" />
 
 
 	<!--	Some, but not all, secured by server:
diff --git a/src/chrome/content/rules/Fundinfo.com-falsemixed.xml b/src/chrome/content/rules/Fundinfo.com-falsemixed.xml
deleted file mode 100644
index 8c28fb722659..000000000000
--- a/src/chrome/content/rules/Fundinfo.com-falsemixed.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Fundinfo.com.xml.
-
--->
-<ruleset name="fundinfo.com (false MCB)" platform="mixedcontent">
-
-	<target host="about.fundinfo.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fundinfo.com.xml b/src/chrome/content/rules/Fundinfo.com.xml
index a7611ca17a5d..c2f018068c95 100644
--- a/src/chrome/content/rules/Fundinfo.com.xml
+++ b/src/chrome/content/rules/Fundinfo.com.xml
@@ -1,59 +1,37 @@
 <!--
-	For rules causing false/broken MCB, see Fundinfo.com-falsemixed.xml.
+	Invalid certificate:
+		blob.fundinfo.com
 
+	No working URL known:
+		meet.fundinfo.com
+		ucweb.fundinfo.com
 
-	Nonfunctional subdomains:
+	Login required:
+		microsites.fundinfo.com
 
-		- tv *
-
-	* Shows www
-
-
-	Partially covered subdomains
-
-		- about *
-
-	* Avoiding broken MCB
-
-
-	Fully covered subdomains:
-
-		- (www.)?
-		- datahub
-		- media
-		- mobile
-		- paperboy
-
-
-	Mixed content:
-
-		- css, on:
-
-			- about from $self *
-			- about from fonts.googleapis.com *
-
-		- Images, on:
-
-			- about from $self *
-			- about from media *
-
-	* Secured by us
+	Different content HTTP/HTTPS:
+		tv.fundinfo.com
 
 -->
-<ruleset name="fundinfo.com (partial)">
+<ruleset name="fundinfo.com">
 
 	<target host="fundinfo.com" />
+	<target host="www.fundinfo.com" />
 	<target host="about.fundinfo.com" />
+	<target host="api.fundinfo.com" />
+	<target host="datafeed.fundinfo.com" />
 	<target host="datahub.fundinfo.com" />
+	<target host="digital.fundinfo.com" />
+	<target host="ftpwebclient.fundinfo.com" />
+	<target host="gateway.fundinfo.com" />
+	<target host="kiid.fundinfo.com" />
 	<target host="media.fundinfo.com" />
+		<test url="http://media.fundinfo.com/design/css/jquery-ui/jquery-ui-1.8.16.custom.css" />
 	<target host="mobile.fundinfo.com" />
 	<target host="paperboy.fundinfo.com" />
-	<target host="www.fundinfo.com" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://about\.fundinfo.com/+(?!wp-content/|wp-includes/)" />
-
+	<target host="trendscout.fundinfo.com" />
+	<target host="validate.fundinfo.com" />
+	<target host="web.fundinfo.com" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Funet.fi.xml b/src/chrome/content/rules/Funet.fi.xml
index 6f969c027354..aa36054b25ec 100644
--- a/src/chrome/content/rules/Funet.fi.xml
+++ b/src/chrome/content/rules/Funet.fi.xml
@@ -2,8 +2,13 @@
 
 	<!--	Direct rewrites:
 				-->
+	<target host="www.funet.fi" />
 	<target host="haka.funet.fi" />
 	<target host="haka-ds.funet.fi" />
+	<target host="nic.funet.fi" />
+	<target host="www.nic.funet.fi" />
+	<target host="ftp.funet.fi" />
+	<target host="www.ftp.funet.fi" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Funky_Android.com.xml b/src/chrome/content/rules/Funky_Android.com.xml
index c14317ed7859..d72b7d44b4be 100644
--- a/src/chrome/content/rules/Funky_Android.com.xml
+++ b/src/chrome/content/rules/Funky_Android.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.funkyandroid.com/ => https://funkyandroid.com/: (51, "SS
 	Cert only matches ^funkyandroid.com
 
 -->
-<ruleset name="Funky Android.com" default_off='failed ruleset test'>
+<ruleset name="Funky Android.com" default_off="failed ruleset test">
 
 	<target host="funkyandroid.com" />
 	<target host="www.funkyandroid.com" />
diff --git a/src/chrome/content/rules/Furaffinity.xml b/src/chrome/content/rules/Furaffinity.xml
index f92d7fde5754..8a4c368bf315 100644
--- a/src/chrome/content/rules/Furaffinity.xml
+++ b/src/chrome/content/rules/Furaffinity.xml
@@ -8,9 +8,13 @@
 -->
 <ruleset name="Furaffinity (partial)">
 
-	<target host="*.facdn.net" />
+	<target host="d.facdn.net" />
+	<target host="t.facdn.net" />
 	<target host="furaffinity.net" />
-	<target host="*.furaffinity.net" />
+	<target host="forums.furaffinity.net" />
+	<target host="ox.furaffinity.net" />
+	<target host="sfw.furaffinity.net" />
+	<target host="www.furaffinity.net" />
 
 
 	<!--	Not secured by server:
@@ -21,10 +25,6 @@
 	<securecookie host="^(?:forums|ox|sfw|www)?\.furaffinity\.net$" name=".+" />
 
 
-	<rule from="^http://(d|t)\.facdn\.net/"
-		to="https://$1.facdn.net/" />
-
-	<rule from="^http://((?:forums|ox|sfw|www)\.)?furaffinity\.net/"
-		to="https://$1furaffinity.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Furqan.co.xml b/src/chrome/content/rules/Furqan.co.xml
new file mode 100644
index 000000000000..957804de7c51
--- /dev/null
+++ b/src/chrome/content/rules/Furqan.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Furqan.co">
+	<target host="furqan.co" />
+	<target host="www.furqan.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Furry.ch.xml b/src/chrome/content/rules/Furry.ch.xml
new file mode 100644
index 000000000000..ea4c6ecb8344
--- /dev/null
+++ b/src/chrome/content/rules/Furry.ch.xml
@@ -0,0 +1,9 @@
+<ruleset name="Furry.ch">
+	<target host="furry.ch" />
+	<target host="www.furry.ch" />
+	<target host="glc.furry.ch" />
+
+    <securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Further.xml b/src/chrome/content/rules/Further.xml
index 6c6372e85136..105d846b96c3 100644
--- a/src/chrome/content/rules/Further.xml
+++ b/src/chrome/content/rules/Further.xml
@@ -7,7 +7,7 @@
 <ruleset name="Further">
 
 	<target host="further.co.uk" />
-	<target host="*.further.co.uk" />
+	<target host="www.further.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.further\.co\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/Fuscia.info.xml b/src/chrome/content/rules/Fuscia.info.xml
deleted file mode 100644
index 144fc66989aa..000000000000
--- a/src/chrome/content/rules/Fuscia.info.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^fuscia.info)
-
-
-	Mixed content:
-
-		- Images, on ^ from:
-
-			- ^ *
-			- fuscia.inrialpes.fr **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="fuscia.info">
-
-	<target host="fuscia.info" />
-	<target host="www.fuscia.info" />
-
-
-	<securecookie host="^fuscia\.info$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?fuscia\.info/"
-		to="https://fuscia.info/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Fusion-lifestyle.com.xml b/src/chrome/content/rules/Fusion-lifestyle.com.xml
index c185c98a5a91..970e9b395968 100644
--- a/src/chrome/content/rules/Fusion-lifestyle.com.xml
+++ b/src/chrome/content/rules/Fusion-lifestyle.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://fusion-lifestyle.com/ => https://www.fusion-lifestyle.com/:
 Fetch error: http://www.fusion-lifestyle.com/ => https://www.fusion-lifestyle.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Fusion-lifestyle.com" default_off='failed ruleset test'>
+<ruleset name="Fusion-lifestyle.com" default_off="failed ruleset test">
   <target host="fusion-lifestyle.com" />
   <target host="www.fusion-lifestyle.com" />
 
diff --git a/src/chrome/content/rules/FusionForge.xml b/src/chrome/content/rules/FusionForge.xml
index 7d7b73d6955d..fa7af5753a60 100644
--- a/src/chrome/content/rules/FusionForge.xml
+++ b/src/chrome/content/rules/FusionForge.xml
@@ -5,7 +5,7 @@
 	<target host="fusionforge.org"/>
 	<target host="www.fusionforge.org"/>
 
-	<securecookie host="^(?:.*\.)?fusionforge.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/FusionIO.xml b/src/chrome/content/rules/FusionIO.xml
index 88817d5b02b1..4d99096908d2 100644
--- a/src/chrome/content/rules/FusionIO.xml
+++ b/src/chrome/content/rules/FusionIO.xml
@@ -4,16 +4,19 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://fusionio.com/ => https://fusionio.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="FusionIO" default_off='failed ruleset test'>
+<ruleset name="FusionIO" default_off="failed ruleset test">
 
 	<target host="fusionio.com" />
-	<target host="*.fusionio.com" />
+	<target host="quote.fusionio.com" />
+	<target host="support.fusionio.com" />
+	<target host="mail.fusionio.com" />
+	<target host="webmail.fusionio.com" />
+	<target host="www.fusionio.com" />
 
 
-	<securecookie host="^(?:.*\.)?fusionio\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:quote|support|(?:web)?mail|www)\.)?fusionio\.com/"
-		to="https://$1fusionio.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/FusionNet.xml b/src/chrome/content/rules/FusionNet.xml
deleted file mode 100644
index 682ea2a888c8..000000000000
--- a/src/chrome/content/rules/FusionNet.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="FusionNet" platform="mixedcontent">
-  <target host="fusion-net.co.uk" />
-  <target host="www.fusion-net.co.uk" />
-
-  <securecookie host="^(?:.+\.)?fusion-net.co.uk$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Fuskator.com.xml b/src/chrome/content/rules/Fuskator.com.xml
index b17ebeaedf85..85651b74a759 100644
--- a/src/chrome/content/rules/Fuskator.com.xml
+++ b/src/chrome/content/rules/Fuskator.com.xml
@@ -20,4 +20,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Futura-Sciences.com.xml b/src/chrome/content/rules/Futura-Sciences.com.xml
new file mode 100644
index 000000000000..3c455785906e
--- /dev/null
+++ b/src/chrome/content/rules/Futura-Sciences.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid Certificate:
+		futura-sciences.com
+		astro2009.futura-sciences.com
+		emploi.futura-sciences.com
+-->
+<ruleset name="Futura-Sciences.com">
+	<target host="futura-sciences.com" />
+	<target host="www.futura-sciences.com" />
+	<target host="blogs.futura-sciences.com" />
+	<target host="forums.futura-sciences.com" />
+	<target host="fr.cdn.v5.futura-sciences.com" />
+		<test url="http://fr.cdn.v5.futura-sciences.com/builds/pdf/dossier/0-999/366-turbocodes.pdf" />
+
+	<rule from="^http://futura-sciences\.com/" to="https://www.futura-sciences.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Future-Publishing.xml b/src/chrome/content/rules/Future-Publishing.xml
deleted file mode 100644
index ae987002c395..000000000000
--- a/src/chrome/content/rules/Future-Publishing.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	For problematic rules, see Future-Publishing-mismatches.xml.
-
-
-	CDN buckets:
-
-		- cdn.futurepublishing.c.footprint.net
-
-			- cdn.medialib.computerandvideogames.com
-
-		- cdn.medialib.oxm.co.uk.c.footprint.net
-		- cdn.static.oxm.co.uk.c.footprint.net
-
-
-	Problematic domains:
-
-		- computerandvideogames.com *
-		- prg.computerandvideogames.com **
-		- cdn.static.computerandvideogames.com *
-		- prg.gamesradar.com **
-
-	* Times out
-	** Akamai
-
-
-	Nonfunctional domains:
-
-		- medialib.computerandvideogames.com		(data identical to cdn)
-		- cdn.medialib.computerandvideogames.com	(times out, data not on www.../(medialib|templates)/)
-		- medialib.oxm.co.uk *
-		- static.oxm.co.uk *
-
-	* Redirects to computerandvideogames.com; mismatched, CN: www.computerandvideogames.com
-
--->
-<ruleset name="Future Publishing (partial)">
-
-	<target host="computerandvideogames.com" />
-	<target host="*.computerandvideogames.com" />
-
-
-	<rule from="^http://(?:www\.)?computerandvideogames\.com/(reg|templates)/"
-		to="https://www.computerandvideogames.com/$1/" />
-
-	<rule from="^http://(?:cdn\.)?static\.computerandvideogames\.com/"
-		to="https://www.computerandvideogames.com/templates/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/FutureQuest.net.xml b/src/chrome/content/rules/FutureQuest.net.xml
index 7f6e81373509..b735e798a6aa 100644
--- a/src/chrome/content/rules/FutureQuest.net.xml
+++ b/src/chrome/content/rules/FutureQuest.net.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.service.futurequest.net/ => https://www.service.futurequ
 		- (www.)questadmin.net		(shows secure, mismatched)
 
 -->
-<ruleset name="FutureQuest (partial)" default_off='failed ruleset test'>
+<ruleset name="FutureQuest (partial)" default_off="failed ruleset test">
 
 	<target host="*.futurequest.net" />
 	<target host="questadmin.net" />
diff --git a/src/chrome/content/rules/Futurity.org.xml b/src/chrome/content/rules/Futurity.org.xml
index a99a14e0c528..60aba807580f 100644
--- a/src/chrome/content/rules/Futurity.org.xml
+++ b/src/chrome/content/rules/Futurity.org.xml
@@ -1,4 +1,4 @@
-<ruleset name="Futurity.org" default_off='http redirect'>
+<ruleset name="Futurity.org" default_off="http redirect">
 	<target host="futurity.org" />
 	<target host="www.futurity.org" />
 
diff --git a/src/chrome/content/rules/Fxguide.com.xml b/src/chrome/content/rules/Fxguide.com.xml
deleted file mode 100644
index 2f782c47b5be..000000000000
--- a/src/chrome/content/rules/Fxguide.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="fxguide.com (partial)">
-
-	<target host="fxguide.com" />
-	<target host="*.fxguide.com" />
-		<exclusion pattern="^http://(?:www\.)?fxguide\.com/(?!(?:articles|contact|faq|insider|podcasts|quicktakes)(?:$|\?|/)|favicon\.ico|forums/(?:clientscript/||css\.php|images/)|wp-admin/|wp-content/|wp-login\.php)" />
-
-
-	<rule from="^http://(?:www\.)?fxguide\.com/wp-admin/"
-		to="https://ipa.fxguide.com/wp-admin/" />
-
-	<rule from="^http://(ipa\.|www\.)?fxguide\.com/"
-		to="https://$1fxguide.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Fxphd.xml b/src/chrome/content/rules/Fxphd.xml
index 5272863c3d27..ec275220ee7c 100644
--- a/src/chrome/content/rules/Fxphd.xml
+++ b/src/chrome/content/rules/Fxphd.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/G-Data-Software.xml b/src/chrome/content/rules/G-Data-Software.xml
index 57950e765eac..46f55be167a4 100644
--- a/src/chrome/content/rules/G-Data-Software.xml
+++ b/src/chrome/content/rules/G-Data-Software.xml
@@ -67,7 +67,7 @@ Fetch error: http://www.gdata.co.mx/ => https://www.gdata.co.mx/: (6, 'Could not
 	Missing tw coverage => partial
 
 -->
-<ruleset name="G DATA Software (partial)" default_off='failed ruleset test'>
+<ruleset name="G DATA Software (partial)" default_off="failed ruleset test">
 	<target host="gdata.at" />
 	<target host="www.gdata.at" />
 	<target host="gdata.be" />
diff --git a/src/chrome/content/rules/G33kinfo.com-falsemixed.xml b/src/chrome/content/rules/G33kinfo.com-falsemixed.xml
deleted file mode 100644
index 3a08507e4a3e..000000000000
--- a/src/chrome/content/rules/G33kinfo.com-falsemixed.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see G33kinfo.com.xml.
-
-
-	NB: Tor users cannot view* this website due to CloudFlare settings.
-
-        See:
-
-                - https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
-                - https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
-                - https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
-
-        * without enabling javascript, for security and privacy implications see e.g.:
-
-                - https://www.mozilla.org/security/known-vulnerabilities/firefox.html
-                - https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
-                - https://panopticlick.eff.org
-
--->
-<ruleset name="g33kinfo.com (false MCB)" platform="mixedcontent">
-
-	<target host="g33kinfo.com" />
-	<target host="www.g33kinfo.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/G33kinfo.com.xml b/src/chrome/content/rules/G33kinfo.com.xml
index 300fb8194e87..05892e5e6697 100644
--- a/src/chrome/content/rules/G33kinfo.com.xml
+++ b/src/chrome/content/rules/G33kinfo.com.xml
@@ -1,50 +1,8 @@
-<!--
-	For rules causing false/broken MCB, see G33kinfo.com-falsemixed.xml.
-
-
-	NB: Tor users cannot view* this website due to CloudFlare settings.
-
-        See:
-
-                - https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
-                - https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
-                - https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
-
-        * without enabling javascript, for security and privacy implications see e.g.:
-
-                - https://www.mozilla.org/security/known-vulnerabilities/firefox.html
-                - https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
-                - https://panopticlick.eff.org
-
-
-	Mixed content:
-
-		- css from $self *
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="g33kinfo.com (partial)">
+<ruleset name="G33kinfo.com">
 
 	<target host="g33kinfo.com" />
 	<target host="www.g33kinfo.com" />
-
-		<!--	Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://g33kinfo\.com/+(?!favicon\.ico|info/wp-content/|info/wp-includes/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://g33kinfo.com/info/about" />
-			<test url="http://g33kinfo.com/info/archives/1713" />
-			<test url="http://g33kinfo.com/info/page/2" />
-			<test url="http://g33kinfo.com/info/vidchat" />
-
-			<!--	-ve:
-					-->
-			<test url="http://g33kinfo.com/favicon.ico" />
-
+	<target host="mail.g33kinfo.com" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/G5.gov.xml b/src/chrome/content/rules/G5.gov.xml
deleted file mode 100644
index 7ceb3de66a3b..000000000000
--- a/src/chrome/content/rules/G5.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="G5 - US Department of Education">
-	<target host="g5.gov" />
-	<target host="www.g5.gov" />
-
-	<securecookie host="(?:^|\.)g5\.gov$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/GAIA_Host_Collective.xml b/src/chrome/content/rules/GAIA_Host_Collective.xml
index a7d0a4c7ab1f..dcca48c4f88f 100644
--- a/src/chrome/content/rules/GAIA_Host_Collective.xml
+++ b/src/chrome/content/rules/GAIA_Host_Collective.xml
@@ -1,13 +1,14 @@
 <ruleset name="GAIA Host Collective">
 
 	<target host="gaiahost.coop" />
-	<target host="*.gaiahost.coop" />
+	<target host="securehost4.gaiahost.coop" />
+	<target host="securemail2.gaiahost.coop" />
+	<target host="www.gaiahost.coop" />
 
 
-	<securecookie host="^(?:.+\.)?gaiahost\.coop$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:securehost4|securemail2|www)\.)?gaiahost\.coop/"
-		to="https://$1gaiahost.coop/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GAcollege411.org.xml b/src/chrome/content/rules/GAcollege411.org.xml
index 61c9120f3ea4..58d21c25a9eb 100644
--- a/src/chrome/content/rules/GAcollege411.org.xml
+++ b/src/chrome/content/rules/GAcollege411.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.gacollege411.org/ => https://www.gacollege411.org/: (60,
 		- secure
 
 -->
-<ruleset name="GAcollege411.org" default_off='failed ruleset test'>
+<ruleset name="GAcollege411.org" default_off="failed ruleset test">
 
 	<target host="gacollege411.org" />
 	<target host="secure.gacollege411.org" />
diff --git a/src/chrome/content/rules/GBConsult.info.xml b/src/chrome/content/rules/GBConsult.info.xml
index 09ef0ab5f670..e62be7168f3f 100644
--- a/src/chrome/content/rules/GBConsult.info.xml
+++ b/src/chrome/content/rules/GBConsult.info.xml
@@ -9,17 +9,17 @@
 <ruleset name="GBConsult.info (partial)">
 	<!-- *bohoomil.com -->
 	<target host="bohoomil.com" />
-	
+
 	<!-- *gbconsult.info -->
 	<target host="gbconsult.info" />
 	<target host="www.gbconsult.info" />
 
-	<rule from="^http://bohoomil\.com/" 
+	<rule from="^http://bohoomil\.com/"
 		  	to="https://gbconsult.info/" />
-	
-	<rule from="^http://www\.gbconsult\.info/" 
+
+	<rule from="^http://www\.gbconsult\.info/"
 		  	to="https://gbconsult.info/" />
-	
+
 	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GCM_Asia.com.xml b/src/chrome/content/rules/GCM_Asia.com.xml
index 2f3d52195b5c..449dfb1afeb1 100644
--- a/src/chrome/content/rules/GCM_Asia.com.xml
+++ b/src/chrome/content/rules/GCM_Asia.com.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GCM_Computers.com.xml b/src/chrome/content/rules/GCM_Computers.com.xml
index b61adf493d0e..9b2ebe2efb6f 100644
--- a/src/chrome/content/rules/GCM_Computers.com.xml
+++ b/src/chrome/content/rules/GCM_Computers.com.xml
@@ -5,13 +5,14 @@
 <ruleset name="GCM Computers.com">
 
 	<target host="gcmcomputers.com" />
-	<target host="*.gcmcomputers.com" />
+	<target host="cp.gcmcomputers.com" />
+	<target host="webmail.gcmcomputers.com" />
+	<target host="www.gcmcomputers.com" />
 
 
 	<securecookie host="^(?:(?:cp|\.webmail|www)\.)?gcmcomputers\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cp|webmail|www)\.)?gcmcomputers\.com/"
-		to="https://$1gcmcomputers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GCN.lgbt.xml b/src/chrome/content/rules/GCN.lgbt.xml
deleted file mode 100644
index c26d05389362..000000000000
--- a/src/chrome/content/rules/GCN.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="GCN.lgbt">
-	<target host="gcn.lgbt" />
-	<target host="www.gcn.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/GCWStorage.xyz.xml b/src/chrome/content/rules/GCWStorage.xyz.xml
deleted file mode 100644
index ab879ffe2cd5..000000000000
--- a/src/chrome/content/rules/GCWStorage.xyz.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
--->
-
-<ruleset name="GCWStorage.xyz">
-	<target host="gcwstorage.xyz" />
-	<target host="www.gcwstorage.xyz" />
-	<target host="g01.gcwstorage.xyz" />
-	<target host="g11.gcwstorage.xyz" />
-	<target host="pid.gcwstorage.xyz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/GCaptain.com.xml b/src/chrome/content/rules/GCaptain.com.xml
index 4efcfebc9872..ce98b37d330a 100644
--- a/src/chrome/content/rules/GCaptain.com.xml
+++ b/src/chrome/content/rules/GCaptain.com.xml
@@ -28,7 +28,7 @@ Non-2xx HTTP code: http://cfs1.gcaptain.com/ (200) => https://d2m8pnbf2v4ae2.clo
 	* cloudfront
 
 -->
-<ruleset name="gCaptain.com (partial)" default_off='failed ruleset test'>
+<ruleset name="gCaptain.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -69,9 +69,6 @@ Non-2xx HTTP code: http://cfs1.gcaptain.com/ (200) => https://d2m8pnbf2v4ae2.clo
 	<rule from="^http://cf\.gcaptain\.com/"
 		to="https://d38ecmhxsvwui3.cloudfront.net/" />
 
-	<rule from="^http://cfs1\.gcaptain\.com/"
-		to="https://d2m8pnbf2v4ae2.cloudfront.net/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/GCemetery.co.xml b/src/chrome/content/rules/GCemetery.co.xml
new file mode 100644
index 000000000000..e9cebf282abf
--- /dev/null
+++ b/src/chrome/content/rules/GCemetery.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="GCemetery.co">
+	<target host="gcemetery.co" />
+	<target host="www.gcemetery.co" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GEANT.net.xml b/src/chrome/content/rules/GEANT.net.xml
index 99f168f08ee6..7fa572a408a5 100644
--- a/src/chrome/content/rules/GEANT.net.xml
+++ b/src/chrome/content/rules/GEANT.net.xml
@@ -34,7 +34,7 @@ Fetch error: http://weblogin2.geant.net/ => https://weblogin2.geant.net/: (28, '
 		- www
 
 -->
-<ruleset name="GEANT.net (partial)" default_off='failed ruleset test'>
+<ruleset name="GEANT.net (partial)" default_off="failed ruleset test">
 
 	<target host="geant3.archive.geant.net" />
 	<target host="crowd.geant.net" />
diff --git a/src/chrome/content/rules/GEANT.org.xml b/src/chrome/content/rules/GEANT.org.xml
index d7a9a5910560..92527d5d6b8e 100644
--- a/src/chrome/content/rules/GEANT.org.xml
+++ b/src/chrome/content/rules/GEANT.org.xml
@@ -62,7 +62,7 @@ Fetch error: http://test-login.geant.org/ => https://test-login.geant.org/: (6,
 		- uat-intranet.geant.org
 
 -->
-<ruleset name="GEANT.org (partial)" default_off='failed ruleset test'>
+<ruleset name="GEANT.org (partial)" default_off="failed ruleset test">
 
 	<target host="adfs.geant.org" />
 	<target host="login.geant.org" />
diff --git a/src/chrome/content/rules/GEBlogs.com.xml b/src/chrome/content/rules/GEBlogs.com.xml
new file mode 100644
index 000000000000..e75fbe1c4533
--- /dev/null
+++ b/src/chrome/content/rules/GEBlogs.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="GEBlogs.com (partial)">
+	<target host="geblogs.com" />
+	<target host="www.geblogs.com" />
+	<target host="brazil.geblogs.com" />
+	<target host="careers.geblogs.com" />
+	<target host="geforcee.geblogs.com" />
+	<target host="visualization.geblogs.com" />
+
+	<rule from="^http://geblogs\.com/" to="https://www.geblogs.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GEMoney.xml b/src/chrome/content/rules/GEMoney.xml
index 887718313f87..f96c28fd8455 100644
--- a/src/chrome/content/rules/GEMoney.xml
+++ b/src/chrome/content/rules/GEMoney.xml
@@ -5,7 +5,7 @@ Fetch error: http://apply.gemoney.com.au/ => https://apply.gemoney.com.au/: (35,
 Fetch error: http://28degrees-online.gemoney.com.au/ => https://28degrees-online.gemoney.com.au/: (35, 'Unknown SSL protocol error in connection to 28degrees-online.gemoney.com.au:443 ')
 
 -->
-<ruleset name="GE Money" default_off='failed ruleset test'>
+<ruleset name="GE Money" default_off="failed ruleset test">
 	<target host="gemoney.com.au" />
 	<target host="www.gemoney.com.au" />
 	<target host="apply.gemoney.com.au" />
@@ -13,4 +13,4 @@ Fetch error: http://28degrees-online.gemoney.com.au/ => https://28degrees-online
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GER-WLAN.de.xml b/src/chrome/content/rules/GER-WLAN.de.xml
new file mode 100644
index 000000000000..27c792b0c19e
--- /dev/null
+++ b/src/chrome/content/rules/GER-WLAN.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="GER-WLAN">
+
+	<target host="ger-wlan.de" />
+	<target host="www.ger-wlan.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GFI_Cloud.xml b/src/chrome/content/rules/GFI_Cloud.xml
index c856a43d5aff..24f5285c3d6b 100644
--- a/src/chrome/content/rules/GFI_Cloud.xml
+++ b/src/chrome/content/rules/GFI_Cloud.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.gficloud.com/ => https://www.gficloud.com/: (60, 'SSL ce
 	For other GFI Software Development coverage, see GFI_Software_Development.xml.
 
 -->
-<ruleset name="GFI Cloud" default_off='failed ruleset test'>
+<ruleset name="GFI Cloud" default_off="failed ruleset test">
 
 	<target host="gficloud.com" />
 	<target host="www.gficloud.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.gficloud.com/ => https://www.gficloud.com/: (60, 'SSL ce
 	<rule from="^http://((?:forgot|login|redirect|signup|www)\.)?gficloud\.com/"
 		to="https://$1gficloud.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GFM_Trader.com.xml b/src/chrome/content/rules/GFM_Trader.com.xml
deleted file mode 100644
index 130b32c8cdbd..000000000000
--- a/src/chrome/content/rules/GFM_Trader.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="GFM Trader.com">
-
-	<target host="gfmtrader.com" />
-	<target host="www.gfmtrader.com" />
-
-
-	<securecookie host="^(?:w*\.)?gfmtrader.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GHacks.net.xml b/src/chrome/content/rules/GHacks.net.xml
index fd86cffe346b..22f5f85a9e41 100644
--- a/src/chrome/content/rules/GHacks.net.xml
+++ b/src/chrome/content/rules/GHacks.net.xml
@@ -5,8 +5,8 @@
 		<exclusion pattern="^http://cdn\.ghacks\.net/$"/>
 		<test url="http://cdn.ghacks.net/wp-content/plugins/social-media-feather/synved-social/image/social/regular/96x96/rss.png"/>
 		<test url="http://cdn.ghacks.net/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1"/>
-	<target host="deals.ghacks.net"/>	
-	
+	<target host="deals.ghacks.net"/>
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(www\.|deals\.)?ghacks\.net/" to="https://$1ghacks.net/"/>
diff --git a/src/chrome/content/rules/GHash.IO.xml b/src/chrome/content/rules/GHash.IO.xml
index 69b597cb3ead..9544bb878203 100644
--- a/src/chrome/content/rules/GHash.IO.xml
+++ b/src/chrome/content/rules/GHash.IO.xml
@@ -6,7 +6,7 @@ Fetch error: http://ws.ghash.io/ => https://ws.ghash.io/: (6, 'Could not resolve
 Fetch error: http://www.ghash.io/ => https://www.ghash.io/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="GHash.IO" default_off='failed ruleset test'>
+<ruleset name="GHash.IO" default_off="failed ruleset test">
 
 	<target host="ghash.io" />
 	<target host="ws.ghash.io" />
diff --git a/src/chrome/content/rules/GIAC.org.xml b/src/chrome/content/rules/GIAC.org.xml
deleted file mode 100644
index 3c773b5d427e..000000000000
--- a/src/chrome/content/rules/GIAC.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other SANS Institute coverage, see SANS.org.xml.
-
-
-	STS header includes includeSubdomains
-
--->
-<ruleset name="GIAC.org">
-
-	<target host="giac.org" />
-	<target host="*.giac.org" />
-
-		<test url="http://www.giac.org/" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GIDNetwork.com.xml b/src/chrome/content/rules/GIDNetwork.com.xml
index 197ff02d2b3b..eb2dc4be7e6e 100644
--- a/src/chrome/content/rules/GIDNetwork.com.xml
+++ b/src/chrome/content/rules/GIDNetwork.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://samia.gidnetwork.com/ => https://samia.gidnetwork.com/: (60,
 		- .gidnetwork.com
 
 -->
-<ruleset name="GIDNetwork.com (partial)" default_off='failed ruleset test'>
+<ruleset name="GIDNetwork.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GISTI.org.xml b/src/chrome/content/rules/GISTI.org.xml
new file mode 100644
index 000000000000..5aefff862267
--- /dev/null
+++ b/src/chrome/content/rules/GISTI.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Different content http/https:
+		ocean.gisti.org
+
+-->
+<ruleset name="GISTI.org">
+
+	<target host="gisti.org" />
+	<target host="www.gisti.org" />
+	<target host="boutique.gisti.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GKG.xml b/src/chrome/content/rules/GKG.xml
index 18e84eb7535b..1dd001adc4f7 100644
--- a/src/chrome/content/rules/GKG.xml
+++ b/src/chrome/content/rules/GKG.xml
@@ -2,7 +2,7 @@
   <target host="gkg.net" />
   <target host="www.gkg.net" />
 
-  <securecookie host="^(?:.+\.)?gkg\.net$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GMO_Cloud.com.xml b/src/chrome/content/rules/GMO_Cloud.com.xml
index 1d86f367d37c..b37245628d68 100644
--- a/src/chrome/content/rules/GMO_Cloud.com.xml
+++ b/src/chrome/content/rules/GMO_Cloud.com.xml
@@ -65,7 +65,7 @@ Fetch error: http://contact.gmocloud.com/ => https://contact.gmocloud.com/: (60,
 	³ Unsecurable <= 404
 
 -->
-<ruleset name="GMO Cloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="GMO Cloud.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GMO_Internet.xml b/src/chrome/content/rules/GMO_Internet.xml
index 7a06fffcbab5..ee79c64018a2 100644
--- a/src/chrome/content/rules/GMO_Internet.xml
+++ b/src/chrome/content/rules/GMO_Internet.xml
@@ -25,7 +25,6 @@
 		- Rentalserver.jp.xml
 		- Rocketnet.jp.xml
 		- Tenten.vn.xml
-		- Win-is.com.xml
 		- Win-rd.jp.xml
 
 
@@ -33,9 +32,7 @@
 
 		- error
 		- cache.im	(reset)
-		- ir ²
 		- help.point *
-		- recruit ²
 
 	² Refused
 	* Dropped
@@ -48,13 +45,6 @@
 	* Refused
 
 
-	Partially covered subdomains:
-
-		- cloud *
-
-	* At least some pages redirect to http
-
-
 	Fully covered subdomains:
 
 		- cache.img
@@ -88,7 +78,9 @@
 	<target host="gmo.jp" />
 	<target host="cloud.gmo.jp" />
 	<target host="cache.img.gmo.jp" />
+	<target host="ir.gmo.jp" />
 	<target host="point.gmo.jp" />
+	<target host="recruit.gmo.jp" />
 	<target host="secure.gmo.jp" />
 	<target host="support.gmo.jp" />
 	<target host="www.gmo.jp" />
@@ -97,41 +89,7 @@
 				-->
 	<target host="img.gmo.jp" />
 
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="http://cloud\.gmo\.jp/+($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="http://cloud\.gmo\.jp/+(?!common/|favicon\.ico|(?:\w+/)?images/|\w+/style\.css|this\.css)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://cloud.gmo.jp/blog/" />
-			<test url="http://cloud.gmo.jp/case/" />
-			<test url="http://cloud.gmo.jp/contact/" />
-			<test url="http://cloud.gmo.jp/faq/" />
-			<test url="http://cloud.gmo.jp/feature/" />
-			<test url="http://cloud.gmo.jp/news/" />
-			<test url="http://cloud.gmo.jp/order/" />
-			<test url="http://cloud.gmo.jp/price/" />
-			<test url="http://cloud.gmo.jp/spec/" />
-			<test url="http://cloud.gmo.jp/trial_contact/" />
-			<test url="http://cloud.gmo.jp/ver2/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://cloud.gmo.jp/favicon.ico" />
-
-		<exclusion pattern="http://point\.gmo\.jp/$" />
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^point\.gmo\.jp$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^point\.gmo\.jp$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://img\.gmo\.jp/"
 		to="https://cache.img.gmo.jp/" />
diff --git a/src/chrome/content/rules/GMPG.org.xml b/src/chrome/content/rules/GMPG.org.xml
new file mode 100644
index 000000000000..6039b50b6dbe
--- /dev/null
+++ b/src/chrome/content/rules/GMPG.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="GMPG.org">
+
+	<target host="gmpg.org" />
+	<target host="www.gmpg.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GND-Tech.com-problematic.xml b/src/chrome/content/rules/GND-Tech.com-problematic.xml
index d7b968a180cb..ac79302f090e 100644
--- a/src/chrome/content/rules/GND-Tech.com-problematic.xml
+++ b/src/chrome/content/rules/GND-Tech.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="GND-Tech.com (problematic)" default_off="expired, self-signed" platform="mixedcontent">
 
 	<target host="gnd-tech.com" />
-	<target host="*.gnd-tech.com" />
+	<target host="www.gnd-tech.com" />
 
 
 	<securecookie host="^\.gnd-tech\.com$" name=".+" />
diff --git a/src/chrome/content/rules/GNOME-falsemixed.xml b/src/chrome/content/rules/GNOME-falsemixed.xml
index 22b2cd7d7f36..2b25fda12597 100644
--- a/src/chrome/content/rules/GNOME-falsemixed.xml
+++ b/src/chrome/content/rules/GNOME-falsemixed.xml
@@ -8,7 +8,7 @@ Fetch error: http://news.gnome.org/ => https://news.gnome.org/: Cycle detected -
 	For rules not causing false/broken MCB, see GNOME.xml.
 
 -->
-<ruleset name="GNOME (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="GNOME (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="blogs.gnome.org" />
 	<target host="news.gnome.org" />
@@ -16,4 +16,4 @@ Fetch error: http://news.gnome.org/ => https://news.gnome.org/: Cycle detected -
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GNOME.xml b/src/chrome/content/rules/GNOME.xml
index 2e4dead1fff4..a81b3e7bb2d4 100644
--- a/src/chrome/content/rules/GNOME.xml
+++ b/src/chrome/content/rules/GNOME.xml
@@ -17,8 +17,6 @@
 
 		- gnome.org subdomains:
 
-			- art		(prints "ok"; self-signed, CN: CentOS-63-64-minimal)
-			- ftp		(refused)
 			- jabber **
 			- webapps **
 			- webapps2 **
@@ -139,7 +137,7 @@
 		<!--
 			Causes false/broken MCB:
 							-->
-		<exclusion pattern="^http://(?:blog|new)s\.gnome\.org/" />
+		<exclusion pattern="^http://(blog|new)s\.gnome\.org/" />
 	<target host="gnomejournal.org" />
 	<target host="www.gnomejournal.org" />
 	<target host="gupnp.org" />
@@ -149,7 +147,7 @@
 	<securecookie host="^(?:.*\.)?gnome\.org$" name=".+" />
 
 
-	<rule from="^http://((?:admin|api|blogs|bugs|bugzilla|(?:\w+\.)?bugzilla-attachments|build|cloud|developer|download|etherpad|extensions|foundation|git|glade|help|l10n|library|live|mail|mango|meetbot|nagios|news|ostree|people|planet|progress|projects|rt|static|usability|vote|webstats|wiki|www)\.)?gnome\.org/"
+	<rule from="^http://((?:admin|api|art|blogs|bugs|bugzilla|(?:\w+\.)?bugzilla-attachments|build|cloud|developer|download|etherpad|extensions|foundation|ftp|git|glade|help|l10n|library|live|mail|mango|meetbot|nagios|news|ostree|people|planet|progress|projects|rt|static|usability|vote|webstats|wiki|www)\.)?gnome\.org/"
 		to="https://$1gnome.org/" />
 
 	<rule from="^http://ldap\.gnome\.org/"
@@ -158,10 +156,10 @@
 	<rule from="^http://src\.gnome\.org/"
 		to="https://git.gnome.org/browse/" />
 
-	<rule from="^http://(?:www\.)?gnomejournal\.org/"
+	<rule from="^http://(www\.)?gnomejournal\.org/"
 		to="https://www.gnome.org/" />
 
-	<rule from="^http://(?:www\.)?gupnp\.org/"
+	<rule from="^http://(www\.)?gupnp\.org/"
 		to="https://live.gnome.org/GUPnP/" />
 
 
diff --git a/src/chrome/content/rules/GNU.io.xml b/src/chrome/content/rules/GNU.io.xml
index 258647faeb6e..a18615332dbf 100644
--- a/src/chrome/content/rules/GNU.io.xml
+++ b/src/chrome/content/rules/GNU.io.xml
@@ -2,12 +2,12 @@
 <!--
 Disabled by https-everywhere-checker because:
 Fetch error: http://www.gnu.io/ => https://www.gnu.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gnu.io'")
- 
+
     Notes:
 	    - $, www
             - Cloudflare SSL
 -->
-<ruleset name="GNU.io" default_off='failed ruleset test'>
+<ruleset name="GNU.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GNUsocial.no.xml b/src/chrome/content/rules/GNUsocial.no.xml
index ba5a727bb750..c95d24f3f057 100644
--- a/src/chrome/content/rules/GNUsocial.no.xml
+++ b/src/chrome/content/rules/GNUsocial.no.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.gnusocial.no/ => https://www.gnusocial.no/: (51, "SSL: n
 		- www.gnusocial.no
 
 -->
-<ruleset name="GNUsocial.no" default_off='failed ruleset test'>
+<ruleset name="GNUsocial.no" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GO.com.xml b/src/chrome/content/rules/GO.com.xml
deleted file mode 100644
index 044ea0b3c321..000000000000
--- a/src/chrome/content/rules/GO.com.xml
+++ /dev/null
@@ -1,205 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/avatars.espn.go.com/
-
-		- a.espncdn.com.edgesuite.net
-
-		- adisneyparks.disney.go.com.edgesuite.net
-
-		- wdig-03.vo.llnwd.net
-
-			- .hs. does not exist
-			- aglobal.go.com
-
-		- wdig-24.vo.llnwd.net
-
-			- .hs. does not exist
-			- ahome.go.com
-
-
-	Nonfunctional domains:
-
-		- a.abc.com **
-
-		- go.com subdomains:
-
-			- (www.)
-
-			- abc subdomains:
-
-				- beta *
-				- media
-				- cdn.media **	(same data on media.abc.go.com)
-
-			- abclocal ***
-			- cdn.abclocal **	(same data on abclocal.go.com)
-
-			- disneydvd.disney ***
-
-			- espn subdomains:
-
-				- espndeportes ***
-				- espndeportes-assets **
-				- insider ***
-				- search ***
-				- soccernet ***
-				- soccernet-akamai **
-				- sports ***
-
-			- transfer ***
-
-	* Dropped
-	** 503, akamai
-	*** Refused
-
-
-	Problematic domains:
-
-		- a[12]?.espncdn.com *
-		- g.espncdn.com **
-
-		- aglobal.go.com ***
-		- ahome.go.com ***
-		- weblogger01.data			(works, expired 2013-04-11)
-		- adisneyparks.disney.go.com **
-		- corporate.disney.go.com		(works; expired 2013-06-26)
-		- scripts.parksmedia.disney.go.com **
-
-		- espn.go.com subdomains:
-
-			- assets *
-			- avatars **
-			- games-ak **
-
-	* 503, akamai
-	** Works, akamai
-	*** 400; mismatched, CN: *.hs.llnwd.net
-
-
-	Partially covered domains:
-
-		- a.espncdn.com		(→ akamai)
-		- a[12].espncdn.com	(→ akamai)
-		- games-ak.espn.go.com	(→ akamai)
-
-
-	Fully covered domains:
-
-		- g.espncdn.com		(→ akamai)
-
-		- go.com subdomains:
-
-			- abc
-			- aglobal	(→ global)
-			- ctologgerdev01.analytics
-
-			- disney subdomains:
-
-				- ^
-				- ahome		(→ home)
-				- analytics
-				- adisneyparks	(→ akamai)
-				- disneyparks
-				- disneyworld
-				- home
-				- mobile
-				- scripts.parksmedia	(→ akamai)
-				- quickquote
-
-			- espn subdomains:
-
-				- ^
-				- assets	(→ akamai)
-				- avatars	(→ akamai)
-				- broadband
-				- games
-				- proxy
-				- r
-				- s
-				- streak
-
-			- global
-			- globalregsession
-			- marvelstore
-			- register
-			- sw88
-			- tredir
-
-
-	Observed cookie domains:
-
-		- .
-
-		- disney subdomains:
-
-			- .
-			- disneyparks
-			- .disneyparks
-			- disneyworld
-			- .disneyworld
-			- quickquote
-
-		- espn subdomains:
-
-			- ^
-			- .
-			- .games
-			- proxy
-			- r
-			- s
-			- search
-			- streak
-
-
-	Mixed content:
-
-		- Images on disneyparks.disney from www.disney.co.jp *
-
-	* Unsecurable, doesn't trip MCB
-
-
-	Mixed content breaks videos for Chrome: https://www.eff.org/r.a8nc
-
--->
-<ruleset name="GO.com (partial)" platform="mixedcontent">
-
-	<target host="*.go.com" />
-	<target host="*.espncdn.com" />
-		<!--
-			404s when rewritten to akamai.
-
-			This excludes images only:
-							-->
-		<exclusion pattern="^http://a\d?\.espncdn\.com/(?:espn360|media/motion)/" />
-
-
-	<!--securecookie host="^\.go\.com$" name="^(contentLocale|ctoArPageName|DE2|dpsc|DS|fsr\.a|fsr\.paused|gi|SWID)$" /-->
-	<!--
-		Tracking cookies:
-					-->
-	<securecookie host="^\.go\.com$" name="^(?:mbox|s_pers|s_sess|s_vi)$" />
-	<!--securecookie host="^\.disney\.go\.com$" name="^wam_reg$" /-->
-	<securecookie host="^(?:(?:\.?disneyparks|\.?disneyworld|quickquote)\.disney|(?:(?:\.games|proxy|[rs]|streak)\.)?espn)\.go\.com$" name=".+" />
-	<!--securecookie host="^\.espn\.go\.com$" name="^(AcceptCookies|broadbandAccess|country|espncc|ESPN_WindowNameStorage|lang|langPref|_omnicwtest|pluginCheck|userAB)$" /-->
-
-
-	<rule from="^http://(abc|ctologgerdev01\.analytics|(?:(?:analytics|disneyparks|disneyworld|mobile|quickquote)\.)?disney|(?:(?:broadband|games|proxy|[rs]|streak)\.)?espn|globalregsession|marvelstore|register|sw88|tredir)\.go\.com/"
-		to="https://$1.go.com/" />
-
-	<rule from="^http://a?(home\.disney|global)\.go\.com/"
-		to="https://$1.go.com/" />
-
-	<!--	404s when rewritten to akamai.
-
-		NB: This rule must be above the one to akamai:
-								-->
-	<rule from="^http://games-ak\.espn\.go\.com/(banners|img)/"
-		to="https://games.espn.go.com/$1/" />
-
-	<!--	Ditto:
-				-->
-	<rule from="^http://g\.espncdn\.com/flb/static/"
-		to="https://games.espn.go.com/flb/static/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GOC.io.xml b/src/chrome/content/rules/GOC.io.xml
deleted file mode 100644
index 700f51870e33..000000000000
--- a/src/chrome/content/rules/GOC.io.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="GOC.io">
-
-	<target host="goc.io" />
-	<target host="www.goc.io" />
-
-
-	<securecookie host="^\.goc\.io$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GOV.UK.xml b/src/chrome/content/rules/GOV.UK.xml
index 2acbe9ad54f3..c87a8043bd7c 100644
--- a/src/chrome/content/rules/GOV.UK.xml
+++ b/src/chrome/content/rules/GOV.UK.xml
@@ -1,18 +1,15 @@
 <!--
 	For rules that are off by default, see Directgov-mismatches.xml.
 
-
 	Other UK government rulesets:
-
 		- Aberdeen_City.gov.uk.xml
 		- Aberdeenshire.gov.uk.xml
-		- actionfraud.police.uk.xml
 		- adur.gov.uk.xml
 		- adur-worthing.gov.uk.xml
 		- allerdale.gov.uk.xml
 		- ambervalley.gov.uk.xml
 		- Angus.gov.uk.xml
-		- arun.gov.uk.xml
+		- Arun.gov.uk.xml
 		- ashford.gov.uk.xml
 		- askthe.police.uk.xml
 		- Assembly.Wales.xml
@@ -90,7 +87,6 @@
 		- Cyberstreetwise.xml
 		- data.gov.uk.xml
 		- dataexchangewales.org.uk.xml
-		- dct.org.uk.xml
 		- decc.gov.uk.xml
 		- Defra.gov.uk.xml
 		- Derby.gov.uk.xml
@@ -114,7 +110,6 @@
 		- East_Riding.gov.uk.xml
 		- eaststaffsbc.gov.uk.xml
 		- eastsussex.gov.uk.xml
-		- eastsussex1space.co.uk.xml
 		- ecgd.gov.uk.xml
 		- Edinburgh.gov.uk.xml
 		- education.gov.uk.xml
@@ -153,7 +148,6 @@
 		- Herefordshire.gov.uk.xml
 		- Hertsdirect.org.xml
 		- highland.gov.uk.xml
-		- highways.gov.uk.xml
 		- Hillingdon.gov.uk.xml
 		- Hinckley-Bosworth.gov.uk.xml
 		- Hinckley_and_Bosworth_online.org.uk.xml
@@ -206,7 +200,6 @@
 		- mpfemployers.org.uk.xml
 		- mpfmembers.org.uk.xml
 		- mpfund.uk.xml
-		- My_Care_In_Birmingham.org.uk.xml
 		- Myjobscotland.gov.uk.xml
 		- N-Kesteven.gov.uk.xml
 		- N-Somerset.gov.uk.xml
@@ -220,7 +213,6 @@
 		- northumberland.gov.uk.xml
 		- northlincs.gov.uk.xml
 		- North-Herts.gov.uk.xml
-		- North_Norfolk.org.xml
 		- North_Warks.gov.uk.xml
 		- northyorks.gov.uk.xml
 		- nuneatonandbedworth.gov.uk.xml
@@ -271,7 +263,6 @@
 		- sns.gov.uk.xml
 		- Solihull.gov.uk.xml
 		- Somerset.gov.uk.xml
-		- Somerset.org.uk.xml
 		- southend-on-the-move.org.uk.xml
 		- South_Lanarkshire.gov.uk.xml
 		- south-wales.police.uk.xml
@@ -299,7 +290,6 @@
 		- tameside.gov.uk.xml
 		- tamworth.gov.uk.xml
 		- TMBC.gov.uk.xml
-		- Task_Force_on_Shale_Gas.uk.xml
 		- Taunton_Deane.gov.uk.xml
 		- telford.gov.uk.xml
 		- tellmescotland.gov.uk.xml
@@ -310,7 +300,6 @@
 		- Torbay.gov.uk.xml
 		- toughchoices.co.uk.xml
 		- Transport_for_London.xml
-		- tunbridgewells.gov.uk.xml
 		- UK-Department-for-Business-Innovation-and-Skills.xml
 		- UK_Intellectual_Property_Office.xml
 		- UKLocalGovernment.xml
@@ -350,9 +339,7 @@
 		- wyreforestdc.gov.uk.xml
 		- yourchoiceyourhome.org.uk.xml
 
-
-	Nonfunctional:
-
+Nonfunctional:
 		- (www.)?acoba.gov.uk ᵈ
 		- (www.)?acpo.police.uk **
 		- www.arundeltowncouncil.gov.uk *
@@ -365,30 +352,26 @@
 		- (www.)?communityforums.org.uk ᵈ
 		- (www.)?crawley.gov.uk ᵈ
 		- (www.)?derbyshirepartnership.gov.uk ᵈ
-		- (www.)electoralcommission.org.uk		(ditto)
+		- (www.)electoralcommission.org.uk (ditto)
 		- www.felphampc.gov.uk *
-		- www.fsa.gov.uk				(403, valid cert)
+		- www.fsa.gov.uk (403, valid cert)
 		- (www.)?gmp.police.uk ᵈ
 		- guide.hfea.gov.uk **
 		- www.hfea.gov.uk **
-
 		- (www.)?highpeak.gov.uk ᵈ
 		- faqs.highpeak.gov.uk **
 		- openaccess.highpeak.gov.uk **
 		- planning.highpeak.gov.uk **
 		- www2.highpeak.gov.uk **
-
 		- (www.)?humbersidefire.gov.uk ᵇ
 		- (www.)independentgroup.lga.gov.uk
 		- www.lothian-vjb.gov.uk **
-		- (www.)maib.co.uk				(cert: aib-cms.co.uk; shows that domain's data)
-
+		- (www.)maib.co.uk (cert: aib-cms.co.uk; shows that domain's data)
 		- maps.malvernhills.gov.uk ᵈ
 		- moderngov.malvernhills.gov.uk ᵈ
 		- www.malvernhills.gov.uk
 		- swict.malvernhills.gov.uk **
 		- www.malvernhills.gov.uk **
-
 		- (www.)?merseysidepensionfund.org.uk ᵇ
 		- (www.)?nationalcrimeagency.gov.uk **
 		- (www.)?newbury.gov.uk ᵈ
@@ -398,7 +381,6 @@
 		- www.nottinghamshire.gov.uk ʰ
 		- (www.)official-documents.gov.uk
 		- (www.)oft.gov.uk
-
 		- collectionsearch.pkc.gov.uk ᵈ
 		- eplanning.pkc.gov.uk **
 		- licensingregister.pkc.gov.uk ᵈ
@@ -406,7 +388,6 @@
 		- netloan.pkc.gov.uk ᵈ
 		- parkinggateway.pkc.gov.uk ᵈ
 		- www.pkc.gov.uk **
-
 		- (www.)?saa.gov.uk **
 		- planning.snowdonia-npa.gov.uk ᵈ
 		- (www.)?southwales-fire.gov.uk ³
@@ -414,14 +395,11 @@
 		- publicaccess.staffsmoorlands.gov.uk **
 		- (www.)?stalbanslsp.org.uk ᵃ
 		- statistics.gov.scot ⁴
-
 		- www.threerivers.gov.uk ²
 		- www2.threerivers.gov.uk ¹
 		- www3.threerivers.gov.uk ᵈ
-
 		- www.unisonpowys.org.uk ᵇ
 		- www.uttlesford.gov.uk ᵈ
-
 		- beta.worcester.gov.uk ʳ
 		- city.worcester.gov.uk ʳ
 		- councillor.worcester.gov.uk ʳ
@@ -430,7 +408,6 @@
 		- planning.worcester.gov.uk ᵈ
 		- selfserve.worcester.gov.uk ʳ
 		- www.worcester.gov.uk ʳ
-
 		- www.wyremarkets.co.uk ᵈ
 		- (www.)?yaptonpc.gov.uk ᵈ
 
@@ -446,9 +423,7 @@
 	** Refused
 	*** 200 "Under Construction"
 
-
 	Problematic domains:
-
 		- (www.)?dartmoor.gov.uk ᵐ
 		- (www.)?dh.gov.uk ᵐ
 		- (www.)?jobcentreplus.gov.uk ᵐ
@@ -462,14 +437,10 @@
 	ᵐ Mismatched
 	ˢ Self-signed
 	ʷ Configured for weak ciphers only
-
 -->
 <ruleset name="GOV.UK">
-
-	<target host="gov.uk" />
+  <target host="gov.uk" />
 	<target host="www.gov.uk" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GO_Transit.xml b/src/chrome/content/rules/GO_Transit.xml
index edea7fb2d41f..96bb6a14d778 100644
--- a/src/chrome/content/rules/GO_Transit.xml
+++ b/src/chrome/content/rules/GO_Transit.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(onthegoalerts|secure\d*)\.gotransit\.com/"
 		to="https://$1.gotransit.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GP.se.xml b/src/chrome/content/rules/GP.se.xml
index 769ef49d08d9..cb44629aa6d7 100644
--- a/src/chrome/content/rules/GP.se.xml
+++ b/src/chrome/content/rules/GP.se.xml
@@ -41,10 +41,12 @@ Fetch error: http://gp.se/ => https://gp.se/: (7, 'Failed to connect to gp.se po
 	² Unsecurable <= refused
 
 -->
-<ruleset name="GP.se (partial)" default_off='failed ruleset test'>
+<ruleset name="GP.se (partial)" default_off="failed ruleset test">
 
 	<target host="gp.se" />
-	<target host="*.gp.se" />
+	<target host="info.gp.se" />
+	<target host="www.gp.se" />
+	<target host="sifomedia.gp.se" />
 		<!--exclusion pattern="^http://blogg\.gp\.se/" /-->
 		<!--
 			Some (all?) resources are common across info and www:
diff --git a/src/chrome/content/rules/GPDN.de.xml b/src/chrome/content/rules/GPDN.de.xml
new file mode 100644
index 000000000000..dd7d57ea74cd
--- /dev/null
+++ b/src/chrome/content/rules/GPDN.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="GPDN.de">
+
+	<target host="gpdn.de" />
+	<target host="www.gpdn.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GPFI.xml b/src/chrome/content/rules/GPFI.xml
index 36cfc9aa65da..d209d649a5b6 100644
--- a/src/chrome/content/rules/GPFI.xml
+++ b/src/chrome/content/rules/GPFI.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://gpfi.org/ => https://gpfi.org/: (51, "SSL: no alternative certificate subject name matches target host name 'gpfi.org'")
 Fetch error: http://www.gpfi.org/ => https://www.gpfi.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gpfi.org'")
 -->
-<ruleset name="GPFI" default_off='failed ruleset test'>
+<ruleset name="GPFI" default_off="failed ruleset test">
 
 	<target host="gpfi.org" />
 	<target host="www.gpfi.org" />
@@ -15,4 +15,4 @@ Fetch error: http://www.gpfi.org/ => https://www.gpfi.org/: (51, "SSL: no altern
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GPLHost.xml b/src/chrome/content/rules/GPLHost.xml
deleted file mode 100644
index 2706e416fdda..000000000000
--- a/src/chrome/content/rules/GPLHost.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="GPLHost (partial)">
-	<target host="dtc.gplhost.com"/>
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/GPUL.org.xml b/src/chrome/content/rules/GPUL.org.xml
index 718873a285ef..419fcf484424 100644
--- a/src/chrome/content/rules/GPUL.org.xml
+++ b/src/chrome/content/rules/GPUL.org.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.gpul.org/ => https://gpul.org/: (35, 'error:140770FC:SSL
 	* Secured by us
 
 -->
-<ruleset name="GPUL.org (partial)" default_off='failed ruleset test'>
+<ruleset name="GPUL.org (partial)" default_off="failed ruleset test">
 
 	<target host="gpul.org" />
 	<target host="www.gpul.org" />
diff --git a/src/chrome/content/rules/GQ-magazine.co.uk.xml b/src/chrome/content/rules/GQ-magazine.co.uk.xml
deleted file mode 100644
index 7d037825de67..000000000000
--- a/src/chrome/content/rules/GQ-magazine.co.uk.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other Condé Nast coverage, see Conde-Nast.xml.
-
--->
-<ruleset name="GQ-magazine.co.uk (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="gq-magazine.co.uk" />
-	<target host="www.gq-magazine.co.uk" />
-
-		<!--	Avoid user-visible paths:
-							-->
-		<exclusion pattern="^http://(?:www\.)?gq-magazine\.co\.uk/(?!_/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.gq-magazine.co.uk/100-most-connected" />
-			<test url="http://www.gq-magazine.co.uk/entertainment" />
-			<test url="http://www.gq-magazine.co.uk/style" />
-
-			<!--	-ve:
-					-->
-			<test url="http://gq-magazine.co.uk/_/web-fonts.css" />
-			<test url="http://gq-magazine.co.uk/_/web-fonts.css?" />
-
-
-	<rule from="^http://(?:www\.)?gq-magazine\.co\.uk/_/"
-		to="https://d3u12z27ui3vom.cloudfront.net/Build-GQ-master/1220-22b97fd67340/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GRSecurity.net.xml b/src/chrome/content/rules/GRSecurity.net.xml
deleted file mode 100644
index 324c2d102783..000000000000
--- a/src/chrome/content/rules/GRSecurity.net.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Invalid certificate:
-		mail.grsecurity.net
-
-	No working URL known:
-		store.grsecurity.net
-
--->
-<ruleset name="GRSecurity.net">
-
-	<target host="grsecurity.net" />
-	<target host="www.grsecurity.net" />
-	<target host="cvsweb.grsecurity.net" />
-	<target host="forums.grsecurity.net" />
-	<target host="pax.grsecurity.net" />
-
-	<securecookie host=".+" name=".+" />
-	
-	<rule from="^http:" to="https:" />
-	
-</ruleset>
diff --git a/src/chrome/content/rules/GRSecurity.xml b/src/chrome/content/rules/GRSecurity.xml
new file mode 100644
index 000000000000..1a8c1168f59b
--- /dev/null
+++ b/src/chrome/content/rules/GRSecurity.xml
@@ -0,0 +1,37 @@
+<!--
+	Nonfunctional hosts in *.grsecurity.net:
+		- mail.grsecurity.net (m)
+		- store.grsecurity.net (e)
+    - cvsweb.grsecurity.org (m)
+
+	Nonfunctional hosts in *.grsecurity.org:
+		- cvsweb.grsecurity.org (m)
+		- forums.grsecurity.org (m)
+		- mail.grsecurity.org (m)
+		- pax.grsecurity.org (m)
+		- store.grsecurity.org (e)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GRSecurity">
+	<target host="grsecurity.org" />
+	<target host="www.grsecurity.org" />
+	<target host="forums.grsecurity.org" />
+	<target host="pax.grsecurity.org" />
+
+	<target host="grsecurity.net" />
+	<target host="www.grsecurity.net" />
+	<target host="forums.grsecurity.net" />
+	<target host="pax.grsecurity.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://forums\.grsecurity\.org/" to="https://forums.grsecurity.net/" />
+	<rule from="^http://pax\.grsecurity\.org/" to="https://pax.grsecurity.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GRUN_Software.xml b/src/chrome/content/rules/GRUN_Software.xml
index d84f81926bbf..19bb7839d752 100644
--- a/src/chrome/content/rules/GRUN_Software.xml
+++ b/src/chrome/content/rules/GRUN_Software.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GS-media.de.xml b/src/chrome/content/rules/GS-media.de.xml
deleted file mode 100644
index 9cfcc7f249eb..000000000000
--- a/src/chrome/content/rules/GS-media.de.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Ads.
-
-	For other GameSports coverage, see GameSports.net.xml.
-
-
-	^gs-media.de doesn't exist.
-
--->
-<ruleset name="GS-media.de">
-
-	<target host="*.gs-media.de" />
-
-
-	<securecookie host="^\.gs-media\.de" name=".+" />
-
-
-	<rule from="^http://(css|flags|netbar|themes|www)\.gs-media\.de/"
-		to="https://$1.gs-media.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GSA.gov.xml b/src/chrome/content/rules/GSA.gov.xml
index c195652a1763..ddcd64406ba8 100644
--- a/src/chrome/content/rules/GSA.gov.xml
+++ b/src/chrome/content/rules/GSA.gov.xml
@@ -7,12 +7,11 @@ Fetch error: http://fbopen.gsa.gov/ => https://fbopen.gsa.gov/: (6, 'Could not r
 
 
 -->
-<ruleset name="GSA.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="GSA.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="18f.gsa.gov" />
-	<target host="fbopen.gsa.gov" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/GSMArena.com.xml b/src/chrome/content/rules/GSMArena.com.xml
index 9a0852c5c51b..6053bbe4d377 100644
--- a/src/chrome/content/rules/GSMArena.com.xml
+++ b/src/chrome/content/rules/GSMArena.com.xml
@@ -44,4 +44,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GSU.edu.xml b/src/chrome/content/rules/GSU.edu.xml
index d7315bb70bc4..5698744ed4eb 100644
--- a/src/chrome/content/rules/GSU.edu.xml
+++ b/src/chrome/content/rules/GSU.edu.xml
@@ -118,7 +118,14 @@
 <ruleset name="GSU.edu (partial)">
 
 	<target host="gsu.edu" />
-	<target host="*.gsu.edu" />
+	<target host="www.gsu.edu" />
+	<target host="campusid.gsu.edu" />
+	<target host="inb.gosolar.gsu.edu" />
+	<target host="www.gosolar.gsu.edu" />
+	<target host="paws.gsu.edu" />
+	<target host="sendafile.gsu.edu" />
+	<target host="gsu.view.gsu.edu" />
+	<target host="webservices.gsu.edu" />
 		<!--
 			Avoid false/broken MCB:
 						-->
diff --git a/src/chrome/content/rules/GTCs-Online.xml b/src/chrome/content/rules/GTCs-Online.xml
deleted file mode 100644
index 8524c1132f85..000000000000
--- a/src/chrome/content/rules/GTCs-Online.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://peliaika.fi/ => http://peliaika.fi/: (6, 'Could not resolve host: peliaika.fi')
-
--->
-<ruleset name="GTC's Online" default_off='failed ruleset test'>
-	<target host="gtcsonline.mycashflow.fi"/>
-	<target host="*.gtcsonline.mycashflow.fi"/>
-	<target host="peliaika.fi"/>
-	<target host="www.peliaika.fi"/>
-
-	<securecookie host="^\.gtcsonline\.mycashflow\.fi$" name=".+" />
-
-	<rule from="^http://(?:www\.)peliaika\.fi/"
-		to="https://gtcsonline.mycashflow.fi/"/>
-
-	<rule from="^http://gtcsonline\.mycashflow\.fi/"
-		to="https://gtcsonline.mycashflow.fi/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/GTRK.TV.xml b/src/chrome/content/rules/GTRK.TV.xml
new file mode 100644
index 000000000000..5fc6e68686c0
--- /dev/null
+++ b/src/chrome/content/rules/GTRK.TV.xml
@@ -0,0 +1,9 @@
+<ruleset name="GTRK.TV" >
+	<target host="gtrk.tv" />
+	<target host="www.gtrk.tv" />
+	<target host="pano.gtrk.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GU.se.xml b/src/chrome/content/rules/GU.se.xml
index e292447e90a3..3255f934c0c1 100644
--- a/src/chrome/content/rules/GU.se.xml
+++ b/src/chrome/content/rules/GU.se.xml
@@ -16,7 +16,8 @@ lots of subdomains lack ssl, and the site does less intelligent rewriting. how t
 -->
 <ruleset name="GU.se">
 
-	<target host="*.gu.se" />
+	<target host="gupea.ub.gu.se" />
+	<target host="webresources.gu.se" />
 		<!--
 			Redirect to http:
 						-->
@@ -34,7 +35,6 @@ lots of subdomains lack ssl, and the site does less intelligent rewriting. how t
 	<securecookie host="^gupea\.ub\.gu\.se$" name=".+" />
 
 
-	<rule from="^http://(gupea\.ub|webresources)\.gu\.se/"
-		to="https://$1.gu.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GVNTube.com.xml b/src/chrome/content/rules/GVNTube.com.xml
index 9290d283d09a..730e857b2a1e 100644
--- a/src/chrome/content/rules/GVNTube.com.xml
+++ b/src/chrome/content/rules/GVNTube.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?gvntube\.com/(favicon\.ico|images/|javascripts/|login(?:$|\?|/)|media/|stylesheets/)"
 		to="https://gvntube.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml b/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml
index 014ef850b516..2491e44c1816 100644
--- a/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml
+++ b/src/chrome/content/rules/Gaatur_u_stig_slapen.nl.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://gaaturustigslapen.nl/ => https://gaaturustigslapen.nl/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.gaaturustigslapen.nl/ => https://www.gaaturustigslapen.nl/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Gaatur u stig slapen.nl" default_off='failed ruleset test'>
+<ruleset name="Gaatur u stig slapen.nl" default_off="failed ruleset test">
 
 	<target host="gaaturustigslapen.nl" />
 	<target host="www.gaaturustigslapen.nl" />
diff --git a/src/chrome/content/rules/Gab.com.xml b/src/chrome/content/rules/Gab.com.xml
new file mode 100644
index 000000000000..c7698ef413dc
--- /dev/null
+++ b/src/chrome/content/rules/Gab.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.blog.gab.com
+		- docker.develop.gab.com
+		- eng-001.develop.gab.com
+		- eng-002.develop.gab.com
+		- www.news.gab.com
+		- develop.pro.gab.com
+
+		5xx server error:
+		- api.gab.com
+		- demo-on.gab.com
+-->
+<ruleset name="Gab.com">
+	<target host="gab.com" />
+	<target host="www.gab.com" />
+	<target host="apps.gab.com" />
+	<target host="beam.gab.com" />
+	<target host="blog.gab.com" />
+	<target host="btcpay.gab.com" />
+	<target host="business.gab.com" />
+	<target host="chat.gab.com" />
+	<target host="code.gab.com" />
+	<target host="develop.gab.com" />
+	<target host="develop-chat.gab.com" />
+	<target host="dissenter-shop.gab.com" />
+	<target host="help.gab.com" />
+	<target host="news.gab.com" />
+	<target host="pro.gab.com" />
+	<target host="shop.gab.com" />
+	<target host="trends.gab.com" />
+	<target host="tweetbot.gab.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gaia-GIS.it.xml b/src/chrome/content/rules/Gaia-GIS.it.xml
index 0b66ad827909..4aaaf3512a52 100644
--- a/src/chrome/content/rules/Gaia-GIS.it.xml
+++ b/src/chrome/content/rules/Gaia-GIS.it.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://gaia-gis.it/ => https://gaia-gis.it/: (51, "SSL: no alternative certificate subject name matches target host name 'gaia-gis.it'")
 
 -->
-<ruleset name="Gaia-GIS.it" default_off='failed ruleset test'>
+<ruleset name="Gaia-GIS.it" default_off="failed ruleset test">
 
 	<target host="gaia-gis.it" />
 	<target host="www.gaia-gis.it" />
diff --git a/src/chrome/content/rules/GaiaOnline.xml b/src/chrome/content/rules/GaiaOnline.xml
index dcf089026c3f..0e27bb3ff36f 100644
--- a/src/chrome/content/rules/GaiaOnline.xml
+++ b/src/chrome/content/rules/GaiaOnline.xml
@@ -11,23 +11,20 @@
       <target host="gaiaonline.com" />
       <target host="*.gaiaonline.com" />
       <target host="*.gaiaonlinehelp.com" />
-      <target host="*.gaia.hs.llnwd.net" />
 
 <exclusion pattern="^http://a2\.cdn\.gaiaonline\.com/"/>
 
 <securecookie host="^.gaiaonline\.com$" name=".+" />
-      
+
       <rule from="^http://gaiaonline\.com/"
             to="https://www.gaiaonline.com/" />
       <rule from="^http://([^/:@\.]+)\.gaiaonline\.com/"
            to="https://$1.gaiaonline.com/" />
-      <rule from="^http://([^/:@\.]+)\.gaia\.hs\.llnwd\.net/"
-           to="https://$1.gaia.hs.llnwd.net/" />
       <rule from="^http://([^/:@\.]+)\.cdn\.gaiaonline\.com/"
             to="https://$1.cdn.gaiaonline.com/" />
       <rule from="^http://gaiaonlinehelp\.com/"
-            to="https://www.gaiaonlinehelp.com/" />      
+            to="https://www.gaiaonlinehelp.com/" />
       <rule from="^http://([^/:@\.]+)\.gaiaonlinehelp\.com/"
            to="https://$1.gaiaonlinehelp.com/" />
-      
+
 </ruleset>
diff --git a/src/chrome/content/rules/Galaxis.xml b/src/chrome/content/rules/Galaxis.xml
index 98722cab3040..582116e96369 100644
--- a/src/chrome/content/rules/Galaxis.xml
+++ b/src/chrome/content/rules/Galaxis.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Galaxus.ch.xml b/src/chrome/content/rules/Galaxus.ch.xml
deleted file mode 100644
index a6c1f658bc28..000000000000
--- a/src/chrome/content/rules/Galaxus.ch.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	For other Digitecgalaxus coverage, see Digitecgalaxus.ch.xml.
--->
-<ruleset name="Galaxus.ch">
-	<target host="galaxus.ch" />
-	<target host="www.galaxus.ch" />
-	<target host="galaxus.com" />
-	<target host="www.galaxus.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Galois.com.xml b/src/chrome/content/rules/Galois.com.xml
index ab0db33d64df..de81b06978ec 100644
--- a/src/chrome/content/rules/Galois.com.xml
+++ b/src/chrome/content/rules/Galois.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.galois.com/ => https://www.galois.com/: Too many redirec
 	* Secured by us
 
 -->
-<ruleset name="Galois.com" default_off='failed ruleset test'>
+<ruleset name="Galois.com" default_off="failed ruleset test">
 
 	<target host="galois.com" />
 	<target host="corp.galois.com" />
diff --git a/src/chrome/content/rules/GamCare.xml b/src/chrome/content/rules/GamCare.xml
index 0b9dd4e515cd..5618ed946f53 100644
--- a/src/chrome/content/rules/GamCare.xml
+++ b/src/chrome/content/rules/GamCare.xml
@@ -10,7 +10,8 @@
 <ruleset name="GamCare.org.uk (partial)" default_off="522">
 
 	<target host="gamcare.org.uk" />
-	<target host="*.gamcare.org.uk" />
+	<target host="secure.gamcare.org.uk" />
+	<target host="www.gamcare.org.uk" />
 
 
 	<!--	Homepage redirects to www.
diff --git a/src/chrome/content/rules/GambleID.xml b/src/chrome/content/rules/GambleID.xml
index 5360fb64e451..c4d34b4addbf 100644
--- a/src/chrome/content/rules/GambleID.xml
+++ b/src/chrome/content/rules/GambleID.xml
@@ -8,10 +8,14 @@ Fetch error: http://gambleid.com/ => https://www.gambleid.com/: (60, 'SSL certif
 		- ^	(no https)
 
 -->
-<ruleset name="GambleID" default_off='failed ruleset test'>
+<ruleset name="GambleID" default_off="failed ruleset test">
 
 	<target host="gambleid.com" />
-	<target host="*.gambleid.com" />
+	<target host="www.gambleid.com" />
+	<target host="admin.gambleid.com" />
+	<target host="developer.gambleid.com" />
+	<target host="enterprise.gambleid.com" />
+	<target host="myaccount.gambleid.com" />
 
 
 	<!--	Observed cookie subdomains:
@@ -28,7 +32,6 @@ Fetch error: http://gambleid.com/ => https://www.gambleid.com/: (60, 'SSL certif
 	<rule from="^http://(?:www\.)?gambleid\.com/"
 		to="https://www.gambleid.com/" />
 
-	<rule from="^http://(admin|developer|enterprise|myaccount)\.gambleid\.com/"
-		to="https://$1.gambleid.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml b/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml
index 3c4e9116ad4d..42a3bdc3d035 100644
--- a/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml
+++ b/src/chrome/content/rules/Gambling_Portal_Webmasters_Association.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Game-Link.xml b/src/chrome/content/rules/Game-Link.xml
index 68bfff971f11..22f345c38546 100644
--- a/src/chrome/content/rules/Game-Link.xml
+++ b/src/chrome/content/rules/Game-Link.xml
@@ -7,7 +7,8 @@
 <ruleset name="Game Link (partial)">
 
 	<target host="gamelink.com" />
-	<target host="*.gamelink.com" />
+	<target host="www.gamelink.com" />
+	<target host="gfx3.gamelink.com" />
 
 
 	<!--	- Cert only matches *.gamelink.com
diff --git a/src/chrome/content/rules/Game-Show-Network.xml b/src/chrome/content/rules/Game-Show-Network.xml
index fe99721f2f3c..fa06ce137f30 100644
--- a/src/chrome/content/rules/Game-Show-Network.xml
+++ b/src/chrome/content/rules/Game-Show-Network.xml
@@ -6,12 +6,15 @@ Fetch error: http://www.tv.gsn.com/ => https://www.tv.gsn.com/: (60, 'SSL certif
 Disabled by https-everywhere-checker because:
 Fetch error: http://www.tv.gsn.com/ => https://www.tv.gsn.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Game Show Network (partial)" default_off='failed ruleset test'>
+<ruleset name="Game Show Network (partial)" default_off="failed ruleset test">
 
 	<target host="gsn.com"/>
-	<target host="*.gsn.com"/>
+	<target host="tv.gsn.com" />
+	<target host="www.tv.gsn.com" />
+	<target host="www.gsn.com" />
 	<target host="worldwinner.com"/>
-	<target host="*.worldwinner.com"/>
+	<target host="www.worldwinner.com" />
+	<target host="cdn.worldwinner.com" />
 
 	<!--	forum cookies	-->
 	<securecookie host="^(?:www\.)?gsn\.com$" name="^bb_.*$"/>
diff --git a/src/chrome/content/rules/GameCopyWorld.com.xml b/src/chrome/content/rules/GameCopyWorld.com.xml
index 247aee18467c..6a35c87faa44 100644
--- a/src/chrome/content/rules/GameCopyWorld.com.xml
+++ b/src/chrome/content/rules/GameCopyWorld.com.xml
@@ -2,10 +2,8 @@
 	Other GameCopyWorld rulesets:
 		+ ConsoleBackup.com.xml
 		+ FileTarget.net.xml
-		+ GCWStorage.xyz.xml
 		+ GameCopyWorld.click.xml
 		+ GameCopyWorld.eu.xml
-		+ GetItHere.xyz.xml
 		+ WireTarget.com.xml
 
 	Expired:
diff --git a/src/chrome/content/rules/GameHouse.xml b/src/chrome/content/rules/GameHouse.xml
index a2b255b6b6c7..de0e86b8e4f1 100644
--- a/src/chrome/content/rules/GameHouse.xml
+++ b/src/chrome/content/rules/GameHouse.xml
@@ -12,10 +12,12 @@ Fetch error: http://ad.ghfusion.com/ => https://ad.ghfusion.com/: (6, 'Could not
 		- dlr6ze9oohko6.cloudfront.net
 
 -->
-<ruleset name="GameHouse" default_off='failed ruleset test'>
+<ruleset name="GameHouse" default_off="failed ruleset test">
 
 	<target host="gamehouse.com" />
-	<target host="*.gamehouse.com" />
+	<target host="www.gamehouse.com" />
+	<target host="media.gamehouse.com" />
+	<target host="support.gamehouse.com" />
 	<target host="ad.ghfusion.com" />
 
 
@@ -26,10 +28,7 @@ Fetch error: http://ad.ghfusion.com/ => https://ad.ghfusion.com/: (6, 'Could not
 	<rule from="^http://(?:www\.)?gamehouse\.com/"
 		to="https://www.gamehouse.com/" />
 
-	<rule from="^http://(media|support)\.gamehouse\.com/"
-		to="https://$1.gamehouse.com/" />
 
-	<rule from="^http://ad\.ghfusion\.com/"
-		to="https://ad.ghfusion.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GamePro.de.xml b/src/chrome/content/rules/GamePro.de.xml
new file mode 100644
index 000000000000..189db9703ec0
--- /dev/null
+++ b/src/chrome/content/rules/GamePro.de.xml
@@ -0,0 +1,26 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		- gamestar.dewww
+		- leseraktion
+		- w3
+		- www.wwww
+-->
+<ruleset name="GamePro.de">
+
+	<target host="gamepro.de" />
+	<target host="www.gamepro.de" />
+	<target host="ewww.gamepro.de" />
+	<target host="images.gamepro.de" />
+	<target host="m.gamepro.de" />
+	<target host="newsletter.gamepro.de" />
+	<target host="ssl.gamepro.de" />
+	<target host="ww.gamepro.de" />
+	<target host="wwww.gamepro.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GameSports.net-falsemixed.xml b/src/chrome/content/rules/GameSports.net-falsemixed.xml
deleted file mode 100644
index 23732b6e5507..000000000000
--- a/src/chrome/content/rules/GameSports.net-falsemixed.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://gamesports.net/ => https://broadcasting.gamesports.net/: (6, 'Could not resolve host: broadcasting.gamesports.net')
-Fetch error: http://broadcasting.gamesports.net/ => https://broadcasting.gamesports.net/: (6, 'Could not resolve host: broadcasting.gamesports.net')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://gamesports.net/ => https://broadcasting.gamesports.net/: (6, 'Could not resolve host: broadcasting.gamesports.net')
-Fetch error: http://broadcasting.gamesports.net/ => https://broadcasting.gamesports.net/: (6, 'Could not resolve host: broadcasting.gamesports.net')
-	For rules not causing false/broken MCB, see GameSports.net.xml.
-
--->
-<ruleset name="GameSports.net (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="gamesports.net" />
-	<target host="broadcasting.gamesports.net" />
-
-
-	<securecookie host="^broadcasting\.gamesports\.net$" name=".+" />
-
-
-	<rule from="^http://(?:broadcasting\.)?gamesports\.net/"
-		to="https://broadcasting.gamesports.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GameSports.net.xml b/src/chrome/content/rules/GameSports.net.xml
deleted file mode 100644
index 88f7efc82ab0..000000000000
--- a/src/chrome/content/rules/GameSports.net.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see GameSports.net-falsemixed.xml.
-
-	Other GameSports rulesets:
-
-		- GS-media.de.xml
-
-
-	Problematic subdomains:
-
-		- ^		(interrupted)
-
-		- cdn subdomains: *
-
-			- css
-			- netbar
-
-	* Depth mismatched
-
-
-	Partially covered subdomains:
-
-		- broadcasting	(avoiding false/broken MCB)
-
-
-	Fully covered subdomains:
-
-		- cdn subdomains:
-
-			- css		(→ css.gs-media.de)
-			- flags		(→ flags.gs-media.de)
-			- netbar	(→ netbar.gs-media.de)
-			- themes	(→ themes.gs-media.de)
-
-		- forum
-		- static
-		- www
-
-
-	Mixed content:
-
-		- css on broadcasting from static *
-
-		- Images, on:
-
-			- broadcasting from static *
-			- forum from broadcasting *
-			- forum from forum *
-
-		- Ads/web bugs, on:
-
-			- broadcasting from css.gs-media.de
-			- broadcasting from www4.smartadserver.com *
-			- forum from www4.smartadserver.com *
-
-	* Secured by us
-
--->
-<ruleset name="GameSports.net (partial)">
-
-	<target host="*.gamesports.net" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://broadcasting\.gamesports\.net/+(?!images/)" />
-
-
-	<securecookie host="^\.gamesports\.net$" name="^gs_\w+$" />
-
-
-	<rule from="^http://(broadcasting|forum|static|www)\.gamesports\.net/"
-		to="https://$1.gamesports.net/" />
-
-	<rule from="^http://(css|flags|netbar|themes)\.cdn\.gamesports\.net/"
-		to="https://$1.gs-media.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GameSpot.com-falsemixed.xml b/src/chrome/content/rules/GameSpot.com-falsemixed.xml
deleted file mode 100644
index 5904e59e5eb5..000000000000
--- a/src/chrome/content/rules/GameSpot.com-falsemixed.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see GameSpot.xml.
-
--->
-<ruleset name="GameSpot.com (false MCB)" platform="mixedcontent">
-
-	<target host="www.gamespot.com" />
-
-
-	<securecookie host="^www\.gamespot\.com" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GameSpot.com.xml b/src/chrome/content/rules/GameSpot.com.xml
new file mode 100644
index 000000000000..8954e3e8bb2a
--- /dev/null
+++ b/src/chrome/content/rules/GameSpot.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Mismatched:
+		- userimage
+-->
+<ruleset name="GameSpot.com (partial)">
+	<target host="gamespot.com" />
+	<target host="www.gamespot.com" />
+	<target host="auth.gamespot.com" />
+	<target host="static.gamespot.com" />
+	<target host="static1.gamespot.com" />
+	<target host="static2.gamespot.com" />
+	<target host="static3.gamespot.com" />
+	<target host="static4.gamespot.com" />
+	<target host="static5.gamespot.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameSpot.xml b/src/chrome/content/rules/GameSpot.xml
deleted file mode 100644
index ff2d60cc5ff3..000000000000
--- a/src/chrome/content/rules/GameSpot.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<!--
-
-	For rules causing false/broken MCB, see GameSpot.com-falsemixed.xml.
-
-	For other CBS coverage, see CBS.xml.
-
-
-	CDN buckets:
-
-		- static.gamespot.com.edgesuite.net
-
-			- a50.g.akamai.net
-
-
-	Nonfunctional domains:
-
-		- userimage.gamespot.com	(↓ ditto)
-		- im(age|g[12].gamespotcdn.net	(Akamai; "An error occurred"; all equivalent)
-
-
-	Problematic subdomains:
-
-		- static *
-		- static[1-4] *
-		- www ²
-
-	* Works, akamai
-	² Mixed css from static1
-
-
-	Fully covered subdomains:
-
-		- ^
-		- auth
-
-
-	Observed cookie domains:
-
-		- ^ ¹
-		- . ²
-		- auth ³
-		- www ¹
-
-	¹ Not secured by us <= no tls support
-	² Not secured by us <= accounting for possible use on unsecurable domains
-	³ Secured by us <= not secured by server
-
-
-	Mixed content:
-
-		- css on www from static1 *
-
-		- Images on www from static[1-5] *
-
-		- Web bugs, on:
-
-			- auth from dw.cbsi.com *
-			- www from tags.bkrtx.com *
-
-	* Secured by us
-
--->
-<ruleset name="GameSpot (partial)">
-
-	<target host="gamespot.com" />
-	<target host="auth.gamespot.com" />
-
-		<!--
-			References resources relative to root:
-								-->
-		<!--exclusion pattern="^http://static\.gamespot\.com/bundles/gamespotsite/css/gamespot_white-[0-9a-f]{32}\.css$" /-->
-		<!--exclusion pattern="^http://static\.gamespot\.com/.+\.css(?:$|\?)" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.gamespot\.com$" name="^(AD_SESSION|PHPSESSID|ads_firstpg)$" /-->
-	<!--securecookie host="^auth\.gamespot\.com$" name="^(device_view|fly_device|_promos_seen)$" /-->
-	<!--securecookie host="^us\.gamespot\.com$" name="^(ANON_REMEMBERME|fly_device|vguid|xcab|xcr)$" /-->
-	<!--securecookie host="^www\.gamespot\.com$" name="^(ANON_REMEMBERME|vguid|xcab|xcr|)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GameTechWiki.com.xml b/src/chrome/content/rules/GameTechWiki.com.xml
new file mode 100644
index 000000000000..33e823710726
--- /dev/null
+++ b/src/chrome/content/rules/GameTechWiki.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="GameTechWiki.com">
+	<target host="gametechwiki.com" />
+	<target host="www.gametechwiki.com" />
+	<target host="emulation.gametechwiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GameTree.xml b/src/chrome/content/rules/GameTree.xml
index 4dc97a1b9bc9..0fc00ca1dc34 100644
--- a/src/chrome/content/rules/GameTree.xml
+++ b/src/chrome/content/rules/GameTree.xml
@@ -8,12 +8,13 @@ Fetch error: http://gametreelinux.com/ => https://gametreedeveloper.com/: (60, '
 	(www.)gametreelinux.com: plaintext reply
 
 -->
-<ruleset name="GameTree" default_off='failed ruleset test'>
+<ruleset name="GameTree" default_off="failed ruleset test">
 
 	<target host="gametreedeveloper.com" />
 	<target host="www.gametreedeveloper.com" />
 	<target host="gametreelinux.com"/>
-	<target host="*.gametreelinux.com"/>
+	<target host="www.gametreelinux.com" />
+	<target host="cdn.gametreelinux.com" />
 
 
 	<securecookie host="^gametreedeveloper\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Gamedesire.net.xml b/src/chrome/content/rules/Gamedesire.net.xml
index bb3e377c80da..4fb7f21037f0 100644
--- a/src/chrome/content/rules/Gamedesire.net.xml
+++ b/src/chrome/content/rules/Gamedesire.net.xml
@@ -61,7 +61,28 @@
 -->
 <ruleset name="gamedesire.net (partial)">
 
-	<target host="*.gamedesire.net" />
+	<target host="photos-1.gamedesire.net" />
+	<target host="photos-2.gamedesire.net" />
+	<target host="photos-3.gamedesire.net" />
+	<target host="photos-4.gamedesire.net" />
+	<target host="photos-5.gamedesire.net" />
+	<target host="photos-6.gamedesire.net" />
+	<target host="photos-7.gamedesire.net" />
+	<target host="photos-8.gamedesire.net" />
+	<target host="photos-9.gamedesire.net" />
+	<target host="photos-10.gamedesire.net" />
+	<target host="photos-11.gamedesire.net" />
+	<target host="photos-12.gamedesire.net" />
+	<target host="photos-13.gamedesire.net" />
+	<target host="photos-15.gamedesire.net" />
+	<target host="photos-16.gamedesire.net" />
+	<target host="photos-17.gamedesire.net" />
+	<target host="photos-38.gamedesire.net" />
+	<target host="photos-42.gamedesire.net" />
+	<target host="photos-48.gamedesire.net" />
+	<target host="photos-50.gamedesire.net" />
+	<target host="photos-74.gamedesire.net" />
+	<target host="photos-76.gamedesire.net" />
 
 
 	<rule from="^http://photos-1\.gamedesire\.net/"
diff --git a/src/chrome/content/rules/Gamefactory.jp.xml b/src/chrome/content/rules/Gamefactory.jp.xml
index d271473fc362..db328dfc0125 100644
--- a/src/chrome/content/rules/Gamefactory.jp.xml
+++ b/src/chrome/content/rules/Gamefactory.jp.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Gamefactory.jp">
 
-	<target host="*.gamefactory.jp" />
+	<target host="www.gamefactory.jp" />
 
 
-	<securecookie host="^\.gamefactory\.jp$" name=".+" />
 
-
-	<rule from="^http://www\.gamefactory\.jp/"
-		to="https://www.gamefactory.jp/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gamegeek-denter.de.xml b/src/chrome/content/rules/Gamegeek-denter.de.xml
deleted file mode 100644
index 148c878164d5..000000000000
--- a/src/chrome/content/rules/Gamegeek-denter.de.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Gamegeek-denter">
-
-	<target host="gamegeek-denter.de" />
-	<target host="www.gamegeek-denter.de" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gameladen.xml b/src/chrome/content/rules/Gameladen.xml
index 1d1229696b96..17bc77bd7d81 100644
--- a/src/chrome/content/rules/Gameladen.xml
+++ b/src/chrome/content/rules/Gameladen.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gameoapp.com.xml b/src/chrome/content/rules/Gameoapp.com.xml
deleted file mode 100644
index a505525cc542..000000000000
--- a/src/chrome/content/rules/Gameoapp.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="gameoapp.com">
-
-	<target host="gameoapp.com" />
-	<target host="www.gameoapp.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gameological_Society.xml b/src/chrome/content/rules/Gameological_Society.xml
index b91401ff11ac..23391af32e04 100644
--- a/src/chrome/content/rules/Gameological_Society.xml
+++ b/src/chrome/content/rules/Gameological_Society.xml
@@ -14,11 +14,12 @@
 <ruleset name="The Gameological Society (partial)">
 
 	<target host="gameological.com" />
-	<target host="*.gameological.com" />
+	<target host="quickman.gameological.com" />
+	<target host="www.gameological.com" />
 		<exclusion pattern="^http://(?:www\.)?gameological\.com/(?!favicon\.ico)" />
 
 
 	<rule from="^http://(?:quickman\.|www\.)?gameological\.com/"
 		to="https://douky4lqbffj8.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gamer-network.net.xml b/src/chrome/content/rules/Gamer-network.net.xml
new file mode 100644
index 000000000000..a3d9e4d0d646
--- /dev/null
+++ b/src/chrome/content/rules/Gamer-network.net.xml
@@ -0,0 +1,44 @@
+<!--
+	Mismatched:
+		- staging.gamer-network.net
+		- www.beta-eurogamer-nl.beta.gamer-network.net
+		- www.preview-eurogamer-be.preview.gamer-network.net
+		- www.preview-eurogamer-de.preview.gamer-network.net
+		- www.preview-eurogamer-nl.preview.gamer-network.net
+		- www.preview-usgamer-net.preview.gamer-network.net
+		- preview.gamer-network.net
+		- cfa.gamer-network.net
+
+	Timeout:
+		- craig-mormont.dev.gamer-network.net
+		- dev.gamer-network.net
+		- izzy-rockpapershotgun-propjoe.dev.gamer-network.net
+		- www.mms-p2.gamer-network.net
+		- www.mms-test.dev.gamer-network.net
+
+	Expired:
+		- littleboy-eg*.gamer-network.net
+		- bigboy.gamer-network.net
+-->
+<ruleset name="Gamer-network.net">
+	<target host="gamer-network.net" />
+	<target host="www.gamer-network.net" />
+	<target host="beta-eurogamer-nl.beta.gamer-network.net" />
+	<target host="beta.gamer-network.net" />
+	<target host="www.beta.gamer-network.net" />
+	<target host="beta-rockpapershotgun-com.gamer-network.net" />
+	<target host="cdn.gamer-network.net" />
+	<target host="curatorgator.gamer-network.net" />
+	<target host="gpoll.gamer-network.net" />
+	<target host="gquiz.gamer-network.net" />
+	<target host="mms-p2.dev.gamer-network.net" />
+	<target host="mms-test.dev.gamer-network.net" />
+	<target host="mormont.gamer-network.net" />
+	<target host="preview-eurogamer-be.preview.gamer-network.net" />
+	<target host="preview-eurogamer-de.preview.gamer-network.net" />
+	<target host="preview-eurogamer-nl.preview.gamer-network.net" />
+	<target host="www.preview.gamer-network.net" />
+	<target host="preview-usgamer-net.preview.gamer-network.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GamerSky.com.xml b/src/chrome/content/rules/GamerSky.com.xml
new file mode 100644
index 000000000000..543f259901ce
--- /dev/null
+++ b/src/chrome/content/rules/GamerSky.com.xml
@@ -0,0 +1,157 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- soso.gamersky.com
+
+		Timeout was reached:
+		- abbs.gamersky.com
+		- ac1.gamersky.com
+		- ac2.gamersky.com
+		- ac3.gamersky.com
+		- ac4.gamersky.com
+		- bt1.gamersky.com
+		- bt2.gamersky.com
+		- bt5.gamersky.com
+		- d6.gamersky.com
+		- d8.gamersky.com
+		- ftp6.gamersky.com
+		- sy.ht.gamersky.com
+		- m.gamersky.com
+		- pay1.gamersky.com
+		- pop3.gamersky.com
+		- sy.gamersky.com
+
+		SSL connect error:
+		- gamersky.com
+		- ayuansjz.gamersky.com
+		- d3.gamersky.com
+		- ftp2.gamersky.com
+		- ftp2a.gamersky.com
+		- ftp2b.gamersky.com
+		- ftp3.gamersky.com
+		- ftp4.gamersky.com
+		- ftp7.gamersky.com
+		- ftp8.gamersky.com
+		- instrument.gamersky.com
+		- sheis.gamersky.com
+		- smtp.gamersky.com
+		- www3.gamersky.com
+
+		SSL peer certificate was not OK:
+		- yeyou.img.gamersky.com
+		- mail.gamersky.com
+
+		4xx client error:
+		- adb.gamersky.com
+		- adb2.gamersky.com
+		- adb3.gamersky.com
+		- am.gamersky.com
+		- am2.gamersky.com
+		- app.gamersky.com
+		- appapi2click.gamersky.com
+		- atest.gamersky.com
+		- ayeyou.gamersky.com
+		- ayuan.gamersky.com
+		- bbsimg.gamersky.com
+		- btfile.gamersky.com
+		- click.gamersky.com
+		- cms.gamersky.com
+		- d2.gamersky.com
+		- d4.gamersky.com
+		- db2.gamersky.com
+		- db3.gamersky.com
+		- db4.gamersky.com
+		- db5.gamersky.com
+		- db6.gamersky.com
+		- db7.gamersky.com
+		- dev.gamersky.com
+		- external.gamersky.com
+		- flash.gamersky.com
+		- image.gamersky.com
+		- img.gamersky.com
+		- img1.gamersky.com
+		- img2.gamersky.com
+		- img3.gamersky.com
+		- img4.gamersky.com
+		- img6.gamersky.com
+		- img7.gamersky.com
+		- imgf.gamersky.com
+		- imgf1.gamersky.com
+		- imggif.gamersky.com
+		- imgs.gamersky.com
+		- j.gamersky.com
+		- ja.gamersky.com
+		- ja1.gamersky.com
+		- ja2.gamersky.com
+		- mqttd.gamersky.com
+		- op.gamersky.com
+		- pad.gamersky.com
+		- steamapi.gamersky.com
+		- sx.gamersky.com
+		- t.gamersky.com
+		- tag.gamersky.com
+		- up.gamersky.com
+		- vote.gamersky.com
+		- zhidao.gamersky.com
+
+		Redirects to HTTP:
+		- bbs.gamersky.com
+
+		Mixed content blocking (MCB) triggered:
+		- cm.gamersky.com
+		- cm1.gamersky.com
+		- launch.gamersky.com
+		- launch1.gamersky.com
+		- pay.gamersky.com
+		- so.gamersky.com
+		- tech.gamersky.com
+-->
+<ruleset name="GamerSky.com">
+	<target host="gamersky.com" />
+	<target host="www.gamersky.com" />
+	<target host="a.gamersky.com" />
+	<target host="acg.gamersky.com" />
+	<target host="android.gamersky.com" />
+	<target host="appapi.gamersky.com" />
+	<target host="appapi2.gamersky.com" />
+	<target host="appapitest.gamersky.com" />
+	<target host="blizzcon.gamersky.com" />
+	<target host="bns.gamersky.com" />
+	<target host="chinajoy.gamersky.com" />
+	<target host="club.gamersky.com" />
+	<target host="codol.gamersky.com" />
+	<target host="csgo.gamersky.com" />
+	<target host="donghua.gamersky.com" />
+	<target host="down.gamersky.com" />
+	<target host="e3.gamersky.com" />
+	<target host="emu.gamersky.com" />
+	<target host="esports.gamersky.com" />
+	<target host="fahao.gamersky.com" />
+	<target host="gamescom.gamersky.com" />
+	<target host="h5.gamersky.com" />
+	<target host="i.gamersky.com" />
+	<target host="i1.gamersky.com" />
+	<target host="itest.gamersky.com" />
+	<target host="ku.gamersky.com" />
+	<target host="link.gamersky.com" />
+	<target host="live.gamersky.com" />
+	<target host="notify.gamersky.com" />
+	<target host="ol.gamersky.com" />
+	<target host="ow.gamersky.com" />
+	<target host="owesports.gamersky.com" />
+	<target host="pic.gamersky.com" />
+	<target host="shouyou.gamersky.com" />
+	<target host="tgs.gamersky.com" />
+	<target host="tv.gamersky.com" />
+	<target host="u.gamersky.com" />
+	<target host="v.gamersky.com" />
+	<target host="vr.gamersky.com" />
+	<target host="wap.gamersky.com" />
+	<target host="web.gamersky.com" />
+	<target host="wow.gamersky.com" />
+	<target host="wt.gamersky.com" />
+	<target host="yeyou.gamersky.com" />
+
+	<rule from="^http://gamersky\.com/" to="https://www.gamersky.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GamesOnly.xml b/src/chrome/content/rules/GamesOnly.xml
index f134451c7a16..49d4e516605e 100644
--- a/src/chrome/content/rules/GamesOnly.xml
+++ b/src/chrome/content/rules/GamesOnly.xml
@@ -3,4 +3,4 @@
     <target host="www.gamesonly.at" />
 
     <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gameselectors.com.xml b/src/chrome/content/rules/Gameselectors.com.xml
deleted file mode 100644
index 604679c71121..000000000000
--- a/src/chrome/content/rules/Gameselectors.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Gameselectors">
-
-	<target host="gameselectors.com" />
-	<target host="www.gameselectors.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gamestar_Mechanic.xml b/src/chrome/content/rules/Gamestar_Mechanic.xml
index 27ba443cffa9..439a974679a7 100644
--- a/src/chrome/content/rules/Gamestar_Mechanic.xml
+++ b/src/chrome/content/rules/Gamestar_Mechanic.xml
@@ -32,16 +32,33 @@
 <ruleset name="Gamestar Mechanic">
 
 	<target host="gamestarmechanic.com" />
-	<target host="*.gamestarmechanic.com" />
+	<target host="chalkable.gamestarmechanic.com" />
+	<target host="chalkable.stage.gamestarmechanic.com" />
+	<target host="edmodo.gamestarmechanic.com" />
+	<target host="edmodo.stage.gamestarmechanic.com" />
+	<target host="lti.gamestarmechanic.com" />
+	<target host="lti.stage.gamestarmechanic.com" />
+	<target host="schoology.gamestarmechanic.com" />
+	<target host="schoology.stage.gamestarmechanic.com" />
+	<target host="cq.gamestarmechanic.com" />
+	<target host="dev.gamestarmechanic.com" />
+	<target host="dyn.gamestarmechanic.com" />
+	<target host="ltps.gamestarmechanic.com" />
+	<target host="msu.gamestarmechanic.com" />
+	<target host="njbegich.gamestarmechanic.com" />
+	<target host="q2l.gamestarmechanic.com" />
+	<target host="ramapo.gamestarmechanic.com" />
+	<target host="stmarysschool.gamestarmechanic.com" />
+	<target host="www.gamestarmechanic.com" />
+	<target host="cdn.gamestarmechanic.com" />
 
 
 	<securecookie host=".*\.gamestarmechanic\.com$" name=".+" />
 
 
-	<rule from="^http://((?:(?:chalkable|edmodo|lti|schoology)?(?:\.stage)?|cq|dev|dyn|ltps|msu|njbegich|q2l|ramapo|stmarysschool|www)\.)?gamestarmechanic\.com/"
-		to="https://$1gamestarmechanic.com/" />
 
 	<rule from="^http://cdn\.gamestarmechanic\.com/"
 		to="https://d1uoa9d4t4btfa.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gameswelt.de.xml b/src/chrome/content/rules/Gameswelt.de.xml
index 20d796e729ce..aaaaf0a65e85 100644
--- a/src/chrome/content/rules/Gameswelt.de.xml
+++ b/src/chrome/content/rules/Gameswelt.de.xml
@@ -4,4 +4,4 @@
 <target host="static.gameswelt.net" />
 
 <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gamezebo.xml b/src/chrome/content/rules/Gamezebo.xml
index 637e6144d925..84d0a639f9fd 100644
--- a/src/chrome/content/rules/Gamezebo.xml
+++ b/src/chrome/content/rules/Gamezebo.xml
@@ -27,4 +27,4 @@ Fetch error: http://gamezebo.com/ => https://gamezebo.com/: (28, 'Connection tim
 	<rule from="^http://qa\.gamezebo\.com/gamezebov\d/"
 		to="https://www.gamezebo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gamigo.com.xml b/src/chrome/content/rules/Gamigo.com.xml
index bd2800ac52a3..f5d352622dea 100644
--- a/src/chrome/content/rules/Gamigo.com.xml
+++ b/src/chrome/content/rules/Gamigo.com.xml
@@ -32,7 +32,7 @@ Fetch error: http://support.gamigo.com/ => https://support.gamigo.com/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="gamigo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="gamigo.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Gaminator.xml b/src/chrome/content/rules/Gaminator.xml
deleted file mode 100644
index c4bfbb0fe5f3..000000000000
--- a/src/chrome/content/rules/Gaminator.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-
-	Problematic domains:
-
-		- (www.)gaminatorslots.com	(expired 2012-05-18)
-
--->
-<ruleset name="Gaminator">
-
-	<target host="gaminatorslots.com" />
-	<target host="www.gaminatorslots.com" />
-	<target host="slotsgaminator.com" />
-	<target host="*.slotsgaminator.com" />
-
-
-	<securecookie host="^w*\.slotsgaminator\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(?:gaminatorslots|slotsgaminator)\.com/"
-		to="https://$1slotsgaminator.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gamma-Group.xml b/src/chrome/content/rules/Gamma-Group.xml
deleted file mode 100644
index 95f29bee5257..000000000000
--- a/src/chrome/content/rules/Gamma-Group.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Gamma Group">
-
-	<target host="gammagroup.com" />
-	<target host="www.gammagroup.com" />
-
-
-	<!--	!www doesn't work over https.	-->
-	<rule from="^http://(?:www\.)?gammagroup\.com/"
-		to="https://www.gammagroup.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GammaE.com.xml b/src/chrome/content/rules/GammaE.com.xml
index 51e60e93b5da..896412e5a581 100644
--- a/src/chrome/content/rules/GammaE.com.xml
+++ b/src/chrome/content/rules/GammaE.com.xml
@@ -13,7 +13,8 @@
 <ruleset name="GammaE.com">
 
 	<target host="gammae.com" />
-	<target host="*.gammae.com" />
+	<target host="www.gammae.com" />
+	<target host="ad2.gammae.com" />
 
 
 	<securecookie host="^ad2\.gammae\.com$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?gammae\.com/"
 		to="https://www.gammae.com/" />
 
-	<rule from="^http://ad2\.gammae\.com/"
-		to="https://ad2.gammae.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gang_Land_News.xml b/src/chrome/content/rules/Gang_Land_News.xml
index eeb1f863e3e9..bf8a66b30dc6 100644
--- a/src/chrome/content/rules/Gang_Land_News.xml
+++ b/src/chrome/content/rules/Gang_Land_News.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ganjoor.net.xml b/src/chrome/content/rules/Ganjoor.net.xml
index ce5022e12566..8910c069cf61 100644
--- a/src/chrome/content/rules/Ganjoor.net.xml
+++ b/src/chrome/content/rules/Ganjoor.net.xml
@@ -12,4 +12,4 @@
 	<target host="i.ganjoor.net"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gannett-Company.xml b/src/chrome/content/rules/Gannett-Company.xml
index fed1b6bad96c..11045d12dcf5 100644
--- a/src/chrome/content/rules/Gannett-Company.xml
+++ b/src/chrome/content/rules/Gannett-Company.xml
@@ -16,7 +16,6 @@ Fetch error: http://deals.montomeryadvertiser.com/ => http://deals.montomeryadve
 		- Cincinnati.com.xml
 		- Coloradoan.xml
 		- GCIon.com.xml
-		- GannettLocal.xml
 		- Azcentral.com.xml
 		- Battle_Creek_Enquirer.xml
 		- Baxter_Bulletin.xml
@@ -56,7 +55,7 @@ Fetch error: http://deals.montomeryadvertiser.com/ => http://deals.montomeryadve
 
 		- bcdownload.gannett.edgesuite.net
 
-		- img.gannett.edgesuite.net 
+		- img.gannett.edgesuite.net
 			- cmsimg.floridatoday.com
 
 		- i.usatoday.net.edgesuite.net
@@ -111,7 +110,7 @@ Fetch error: http://deals.montomeryadvertiser.com/ => http://deals.montomeryadve
 		- classifieds.nncogannett.com
 
 -->
-<ruleset name="Gannett Company (partial)" default_off='failed ruleset test'>
+<ruleset name="Gannett Company (partial)" default_off="failed ruleset test">
 
 	<target host="*.dmslocal.com" />
 	<target host="*.gannett.com" />
diff --git a/src/chrome/content/rules/GannettLocal.xml b/src/chrome/content/rules/GannettLocal.xml
deleted file mode 100644
index dc226d00e4e6..000000000000
--- a/src/chrome/content/rules/GannettLocal.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Gannett Company coverage, see Gannett-Company.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
--->
-<ruleset name="GannettLocal (partial)">
-
-	<target host="*.gannettlocal.com" />
-
-
-	<securecookie host="^(?:support|wiki)\.gannettlocal\.com$" name=".+" />
-
-
-	<rule from="^http://(support|wiki)\.gannettlocal\.com/"
-		to="https://$1.gannettlocal.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Gannett_Ridge.xml b/src/chrome/content/rules/Gannett_Ridge.xml
index b9e2c6bc3e15..464874f36b63 100644
--- a/src/chrome/content/rules/Gannett_Ridge.xml
+++ b/src/chrome/content/rules/Gannett_Ridge.xml
@@ -11,7 +11,7 @@ Fetch error: http://gannettridge.com/ => https://gannettridge.com/: (51, "SSL: n
 Fetch error: http://www.gannettridge.com/ => https://www.gannettridge.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.gannettridge.com'")
 
 -->
-<ruleset name="Gannett Ridge" default_off='failed ruleset test'>
+<ruleset name="Gannett Ridge" default_off="failed ruleset test">
 
 	<target host="gannettridge.com" />
 	<target host="www.gannettridge.com" />
@@ -22,4 +22,4 @@ Fetch error: http://www.gannettridge.com/ => https://www.gannettridge.com/: (51,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ganz_eStore.com.xml b/src/chrome/content/rules/Ganz_eStore.com.xml
index d8e6d23688f3..43f8c4200caa 100644
--- a/src/chrome/content/rules/Ganz_eStore.com.xml
+++ b/src/chrome/content/rules/Ganz_eStore.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="Ganz eStore.com (partial)">
 
 	<target host="ganzestore.com" />
-	<target host="*.ganzestore.com" />
+	<target host="www.ganzestore.com" />
+	<target host="adimages.ganzestore.com" />
 
 
 	<securecookie host="^(?:www\.)?ganzestore\.com$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?ganzestore\.com/"
 		to="https://www.ganzestore.com/" />
 
-	<rule from="^http://adimages\.ganzestore\.com/"
-		to="https://adimages.ganzestore.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GarageGames.xml b/src/chrome/content/rules/GarageGames.xml
index ddd168d8d0af..0d82608da043 100644
--- a/src/chrome/content/rules/GarageGames.xml
+++ b/src/chrome/content/rules/GarageGames.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://service.garagegames.com/ => https://service.garagegames.com/: (6, 'Could not resolve host: service.garagegames.com')
 
 -->
-<ruleset name="GarageGames" default_off='failed ruleset test'>
+<ruleset name="GarageGames" default_off="failed ruleset test">
 
 	<target host="garagegames.com" />
 	<target host="service.garagegames.com" />
@@ -17,4 +17,4 @@ Fetch error: http://service.garagegames.com/ => https://service.garagegames.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml b/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml
index 3539b1b4ffb4..b65997ba2f79 100644
--- a/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml
+++ b/src/chrome/content/rules/Garcinia_Cambogia_VitalMend.com.xml
@@ -8,7 +8,7 @@
 <ruleset name="Garcinia Cambogia VitalMend.com (partial)">
 
 	<target host="garciniacambogiavitalmend.com" />
-	<target host="*.garciniacambogiavitalmend.com" />
+	<target host="www.garciniacambogiavitalmend.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Gardening-Know-How.com.xml b/src/chrome/content/rules/Gardening-Know-How.com.xml
new file mode 100644
index 000000000000..0bcfef01ca05
--- /dev/null
+++ b/src/chrome/content/rules/Gardening-Know-How.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Gardening Know How.com">
+
+	<target host="gardeningknowhow.com" />
+	<target host="www.gardeningknowhow.com" />
+	<target host="blog.gardeningknowhow.com" />
+	<target host="questions.gardeningknowhow.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Garfield.com.xml b/src/chrome/content/rules/Garfield.com.xml
index efa21c4c6f12..d1ccfe25a19d 100644
--- a/src/chrome/content/rules/Garfield.com.xml
+++ b/src/chrome/content/rules/Garfield.com.xml
@@ -5,4 +5,4 @@
 
   <rule from="^http://(?:www\.)?garfield\.com/" to="https://garfield.com/" />
   <rule from="^http://licensee\.garfield\.com/" to="https://licensee.garfield.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gasngrills.com.xml b/src/chrome/content/rules/Gasngrills.com.xml
index 23ca2ad7956e..bd5840e439be 100644
--- a/src/chrome/content/rules/Gasngrills.com.xml
+++ b/src/chrome/content/rules/Gasngrills.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?gasngrills\.com/(images/|index\.php\?(?:.+&amp;)?dispatch=(?:auth\.login_form|image\.captcha|profiles\.add)|skins/)"
 		to="https://$1gasngrills.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gateshead.gov.uk.xml b/src/chrome/content/rules/Gateshead.gov.uk.xml
index 1eae9b9f161e..0333da24e12a 100644
--- a/src/chrome/content/rules/Gateshead.gov.uk.xml
+++ b/src/chrome/content/rules/Gateshead.gov.uk.xml
@@ -42,7 +42,7 @@ Fetch error: http://www.gateshead.gov.uk/ => https://www.gateshead.gov.uk/: Too
 	ˢ Secured by us
 
 -->
-<ruleset name="Gateshead.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Gateshead.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="gateshead.gov.uk" />
 	<target host="consultation.gateshead.gov.uk" />
diff --git a/src/chrome/content/rules/Gavel_Buddy.com.xml b/src/chrome/content/rules/Gavel_Buddy.com.xml
index 399bdcad8da2..9ed8f80319d3 100644
--- a/src/chrome/content/rules/Gavel_Buddy.com.xml
+++ b/src/chrome/content/rules/Gavel_Buddy.com.xml
@@ -2,7 +2,6 @@
 	Other Gavel Buddy rulesets:
 
 		- BidItBob.com.xml
-		- Gavel_Buddy_Live.com.xml
 
 
 	Mixed content:
diff --git a/src/chrome/content/rules/Gavel_Buddy_Live.com.xml b/src/chrome/content/rules/Gavel_Buddy_Live.com.xml
deleted file mode 100644
index ad716a9e0136..000000000000
--- a/src/chrome/content/rules/Gavel_Buddy_Live.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Gavel Buddy coverage, see Gavel_Buddy.com.xml.
-
--->
-<ruleset name="Gavel Buddy Live.com">
-
-	<target host="gavelbuddylive.com" />
-	<target host="www.gavelbuddylive.com" />
-
-
-	<securecookie host="^(?:w*\.)?gavelbuddylive\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gavin_Hungry.io.xml b/src/chrome/content/rules/Gavin_Hungry.io.xml
deleted file mode 100644
index 73fd168f81af..000000000000
--- a/src/chrome/content/rules/Gavin_Hungry.io.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Gavin Hungry.io">
-
-	<target host="gavinhungry.io" />
-	<target host="www.gavinhungry.io" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gawker-labs.com.xml b/src/chrome/content/rules/Gawker-labs.com.xml
deleted file mode 100644
index 8044462c32fa..000000000000
--- a/src/chrome/content/rules/Gawker-labs.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	www.gawker-labs.com: Refused
-
--->
-<ruleset name="Gawker-labs.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="gawker-labs.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.gawker-labs.com" />
-
-
-	<rule from="^http://www\.gawker-labs\.com/"
-		to="https://gawker-labs.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gawker.xml b/src/chrome/content/rules/Gawker.xml
index 3039fb1d0f8d..457162bc8f0b 100644
--- a/src/chrome/content/rules/Gawker.xml
+++ b/src/chrome/content/rules/Gawker.xml
@@ -1,17 +1,7 @@
 <!--
 	Other Gawker rulesets:
-		- Deadspin.com.xml
-		- Gawker-labs.com.xml
-		- Gawkerassets.com.xml
-		- Gizmodo.com.xml
-		- Kinja.xml
 		- Kinja-img.com.xml
 		- Kinja-static.com.xml
-		- Io9.com.xml
-		- Jalopnik.com.xml
-		- Jezebel.com.xml
-		- Kotaku.com.xml
-		- Lifehacker.com.xml
 
 	CDN buckets:
 		- kinja.desk.com
@@ -51,6 +41,13 @@
 	Closed:
 		- feeds.gawker.com
 
+  No HTTPS
+    - api.gawker.com
+    - legal.gawker.com
+    - live.gawker.com
+    - login.gawker.com
+    - slow.gawker.com
+
 	Insecure cookies are set for these hosts: ᶜ
 		- gawker.com
 		- (column_name).gawker.com
@@ -62,23 +59,14 @@
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 -->
 <ruleset name="Gawker.com">
-	<!--	Direct rewrites:	-->
-	<target host="api.gawker.com" />
-	<target host="legal.gawker.com" />
-	<target host="live.gawker.com" />
-	<target host="login.gawker.com" />
-	<target host="slow.gawker.com" />
-
 	<!--	Complications:	-->
 	<target host="feeds.gawker.com" />
 
-
 	<!--	Not secured by server:	-->
 	<!--securecookie host="^(column_name\.|www\.)?gawker\.com$" name="^geocc$" /-->
 	<securecookie host=".+" name=".+" />
 
-
 	<rule from="^http://feeds\.gawker\.com/"
 		to="https://feeds.feedburner.com/" />
-	<rule from="^http:"	to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Gawkerassets.com.xml b/src/chrome/content/rules/Gawkerassets.com.xml
deleted file mode 100644
index b6214ffffd95..000000000000
--- a/src/chrome/content/rules/Gawkerassets.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CDN buckets:
-
-		- img.gawkerassets.com.s3.amazonaws.com
-
-		- a.prod.fastly.net
-
-			- cache.gawkerassets.com
-			- img.gawkerassets.com
-
-
-	Nonfunctional subdomains:
-
-		- ganja		(refused)
-
--->
-<ruleset name="Gawkerassets.com (partial)">
-
-	<target host="cache.gawkerassets.com" />
-	<target host="img.gawkerassets.com" />
-
-		<test url="http://cache.gawkerassets.com/assets/images/kotaku/2008/11/perk2.jpg" />
-		<test url="http://img.gawkerassets.com/img/18j5j0bknvga1jpg/original.jpg" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gay180.xml b/src/chrome/content/rules/Gay180.xml
deleted file mode 100644
index 96dd911203ec..000000000000
--- a/src/chrome/content/rules/Gay180.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Gay180">
-
-	<target host="gay180.com" />
-	<target host="join.gay180.com" />
-	<target host="www.gay180.com" />
-
-
-	<securecookie host="^\.gay180\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GayBoysTube.com.xml b/src/chrome/content/rules/GayBoysTube.com.xml
new file mode 100644
index 000000000000..ac8e64ffbdd2
--- /dev/null
+++ b/src/chrome/content/rules/GayBoysTube.com.xml
@@ -0,0 +1,14 @@
+<!--
+	GayBoysTube.com has a wildcard DNS record.
+-->
+
+<ruleset name="GayBoysTube.com">
+	<target host="gayboystube.com" />
+	<target host="www.gayboystube.com" />
+	<target host="cdn.gayboystube.com" />
+	<target host="media.gayboystube.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GayRomeo.com.xml b/src/chrome/content/rules/GayRomeo.com.xml
new file mode 100644
index 000000000000..0cdd70ed67f0
--- /dev/null
+++ b/src/chrome/content/rules/GayRomeo.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="GayRomeo.com">
+
+	<target host="www.gayromeo.com" />
+	<target host="gayromeo.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GaySaltLake.com.xml b/src/chrome/content/rules/GaySaltLake.com.xml
new file mode 100644
index 000000000000..603be4c7729c
--- /dev/null
+++ b/src/chrome/content/rules/GaySaltLake.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Fix mixed content issue from https://qpages.com/
+
+-->
+<ruleset name="GaySaltLake.com">
+
+	<target host="qpages.gaysaltlake.com" />
+		<test url="http://qpages.gaysaltlake.com/wp-content/themes/cityguide/design/img/ico/ico_facebook.png" />
+
+	<rule from="^http://qpages\.gaysaltlake\.com/"
+		to="https://qpages.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GaySexPositionsGuide.com.xml b/src/chrome/content/rules/GaySexPositionsGuide.com.xml
new file mode 100644
index 000000000000..f471cec2690d
--- /dev/null
+++ b/src/chrome/content/rules/GaySexPositionsGuide.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="GaySexPositionsGuide.com">
+	<target host="gaysexpositionsguide.com" />
+	<target host="www.gaysexpositionsguide.com" />
+	<target host="assets.gaysexpositionsguide.com" />
+	<target host="mail.gaysexpositionsguide.com" />
+	<target host="mail2.gaysexpositionsguide.com" />
+	<target host="tumblr.gaysexpositionsguide.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gayby.lgbt.xml b/src/chrome/content/rules/Gayby.lgbt.xml
deleted file mode 100644
index a0c12fb310e5..000000000000
--- a/src/chrome/content/rules/Gayby.lgbt.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Mismatched:
-		- ^ (www.gayby.lgbt, fixed by this ruleset)
--->
-
-<ruleset name="Gayby.lgbt">
-	<target host="gayby.lgbt" />
-	<target host="www.gayby.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://gayby\.lgbt/" to="https://www.gayby.lgbt/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gdl-hof.de.xml b/src/chrome/content/rules/Gdl-hof.de.xml
new file mode 100644
index 000000000000..2c0ed9c4e168
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-hof.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-hof.de">
+	<target host="gdl-hof.de" />
+	<target host="www.gdl-hof.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-kempten.de.xml b/src/chrome/content/rules/Gdl-kempten.de.xml
new file mode 100644
index 000000000000..4777f08b6518
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-kempten.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-kempten.de">
+	<target host="gdl-kempten.de" />
+	<target host="www.gdl-kempten.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-m.de.xml b/src/chrome/content/rules/Gdl-m.de.xml
new file mode 100644
index 000000000000..7003d18d3c9b
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-m.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-m.de">
+	<target host="gdl-m.de" />
+	<target host="www.gdl-m.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-nn.de.xml b/src/chrome/content/rules/Gdl-nn.de.xml
new file mode 100644
index 000000000000..476fa8b4012e
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-nn.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-nn.de">
+	<target host="gdl-nn.de" />
+	<target host="www.gdl-nn.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-og-gera.de.xml b/src/chrome/content/rules/Gdl-og-gera.de.xml
new file mode 100644
index 000000000000..ff2575617040
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-og-gera.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-og-gera.de">
+	<target host="gdl-og-gera.de" />
+	<target host="www.gdl-og-gera.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl-sbahn-berlin.de.xml b/src/chrome/content/rules/Gdl-sbahn-berlin.de.xml
new file mode 100644
index 000000000000..fc09d139722e
--- /dev/null
+++ b/src/chrome/content/rules/Gdl-sbahn-berlin.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdl-sbahn-berlin.de">
+	<target host="gdl-sbahn-berlin.de" />
+	<target host="www.gdl-sbahn-berlin.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdl.de.xml b/src/chrome/content/rules/Gdl.de.xml
new file mode 100644
index 000000000000..dec0846a54d3
--- /dev/null
+++ b/src/chrome/content/rules/Gdl.de.xml
@@ -0,0 +1,155 @@
+<!--
+	Other GDL rulesets:
+		- Gdlhamm.de.xml
+		- Gdl-hof.de.xml
+		- Gdl-kempten.de.xml
+		- Gdl-m.de.xml
+		- Gdl-nn.de.xml
+		- Gdl-og-gera.de.xml 
+		- Gdl-sbahn-berlin.de.xml
+
+	Server-side SSL Error:
+		- gdl-aachen.de
+		- gdl-friedrichshafen.de
+		- gdl.koeln (geoTLD)
+		- gdl-mühldorf.de (xn- -gdl-mhldorf-xhb.de)
+		- gdl-plochingen.de
+		- gdl-tuebingen.de
+
+	Mismatched:
+		- umfrage.gdl.de
+		- gdl-bremen.de
+		- gdl-garmisch.de
+		- gdl-heilbronn.de
+		- gdl-kassel.de
+		- gdl-kornwestheim.de
+		- gdl-regensburg.de
+		- gdl-ulm.de
+		- gdl-weiden-schwandorf.de
+		- gdl-wuerzburg.de
+
+	Mixed content:
+		- gdl-bayern.de
+		
+	Plaintext response on HTTPS:
+		- www.jugend.gdl.de
+
+ 	Other Connection Issue:
+		- gdl-og-dresden.de
+		- gdl-ludwigshafen.de
+		- gdl-nord.de
+		- gdl-worms.de
+-->
+<ruleset name="Gdl.de (partial)">
+	<target host="gdl.de" />
+	<target host="www.gdl.de" />
+	<target host="hgs.gdl.de" />
+	<target host="jugend.gdl.de" />
+	<target host="www.jugend.gdl.de" />
+	<target host="pub.gdl.de" />
+	<target host="uploads.gdl.de" />
+	
+	<target host="bezirk-bayern.gdl.de" />
+	<target host="og-augsburg.gdl.de" />
+	<target host="og-bamberg.gdl.de" />
+	<target host="og-donauwoerth.gdl.de" />
+	<target host="og-ingolstadt.gdl.de" />
+	<target host="og-landshut.gdl.de" />
+	<target host="og-muenchenhbf.gdl.de" />
+	<target host="og-steinhausen.gdl.de" />
+	<target host="og-nuernberg.gdl.de" />
+	<target host="og-regensburg.gdl.de" />
+
+	<target host="bezirk-htm.gdl.de" />
+	<target host="og-bebra.gdl.de" />
+	<target host="og-darmstadt.gdl.de" />
+	<target host="og-erfurt.gdl.de" />
+	<target host="og-frankfurtmain.gdl.de" />
+	<target host="og-friedberg.gdl.de" />
+	<target host="og-fulda.gdl.de" />
+	<target host="og-gera.gdl.de" />
+	<target host="og-giessen.gdl.de" />
+	<target host="og-hanau.gdl.de" />
+	<target host="og-kassel.gdl.de" />
+	<target host="og-koblenz.gdl.de" />
+	<target host="og-weimar.gdl.de" />
+	<target host="og-wiesbaden.gdl.de" />
+
+	<target host="bezirk-md.gdl.de" />
+	<target host="og-aue.gdl.de" />
+	<target host="og-chemnitz.gdl.de" />
+	<target host="og-engelsdorf.gdl.de" />
+	<target host="og-goerlitz.gdl.de" />
+	<target host="og-hoyerswerda.gdl.de" />
+	<target host="og-leipzig.gdl.de" />
+	<target host="og-magdeburg.gdl.de" />
+	<target host="og-reichenbach.gdl.de" />
+	<target host="og-roeblingen.gdl.de" />
+	<target host="og-stendal.gdl.de" />
+	<target host="og-zittau.gdl.de" />
+
+	<target host="bezirk-no.gdl.de" />
+	<target host="og-angermuende.gdl.de" />
+	<target host="og-berlinfw.gdl.de" />
+	<target host="og-cottbus.gdl.de" />
+	<target host="og-eberswalde.gdl.de" />
+	<target host="og-frankfurtoder.gdl.de" />
+	<target host="og-neubrandenburg.gdl.de" />
+	<target host="og-pankow.gdl.de" />
+	<target host="og-rostock.gdl.de" />
+	<target host="og-schoeneweide.gdl.de" />
+	<target host="og-seddin.gdl.de" />
+	<target host="og-wismar.gdl.de" />
+	<target host="og-wustermark.gdl.de" />
+
+	<target host="bezirk-nord.gdl.de" />
+	<target host="og-kaltenkirchen.gdl.de" />
+	<target host="og-braunschweig.gdl.de" />
+	<target host="og-bremerhaven.gdl.de" />
+	<target host="og-goslar.gdl.de" />
+	<target host="og-altona.gdl.de" />
+	<target host="og-hamburghbf.gdl.de" />
+	<target host="og-ohlsdorf.gdl.de" />
+	<target host="og-hannover.gdl.de" />
+	<target host="og-kiel.gdl.de" />
+	<target host="og-lehrte.gdl.de" />
+	<target host="og-maschen.gdl.de" />
+	<target host="og-oldenburg.gdl.de" />
+	<target host="og-ostfriesland.gdl.de" />
+	<target host="og-osnabrueck.gdl.de" />
+	<target host="og-seelze.gdl.de" />
+
+	<target host="bezirk-nrw.gdl.de" />
+	<target host="og-bestwig.gdl.de" />
+	<target host="og-duesseldorf.gdl.de" />
+	<target host="og-essen.gdl.de" />
+	<target host="og-gremberg.gdl.de" />
+	<target host="og-hagen.gdl.de" />
+	<target host="og-hamm.gdl.de" />
+	<target host="og-koeln.gdl.de" />
+	<target host="og-lippstadt.gdl.de" />
+	<target host="og-moenchengladbach.gdl.de" />
+	<target host="og-oberhausen.gdl.de" />
+	<target host="og-siegen.gdl.de" />
+	<target host="og-wuppertal.gdl.de" />
+
+	<target host="bezirk-sw.gdl.de" />
+	<target host="og-bodenseeneckar.gdl.de" />
+	<target host="og-freiburg.gdl.de" />
+	<target host="og-haltingen.gdl.de" />
+	<target host="og-heidelberg.gdl.de" />
+	<target host="og-heilbronn.gdl.de" />
+	<target host="og-karlsruhe.gdl.de" />
+	<target host="og-lauda.gdl.de" />
+	<target host="og-ludwigshafen.gdl.de" />
+	<target host="og-offenburg.gdl.de" />
+	<target host="og-saarbrueckenpv.gdl.de" />
+	<target host="og-stuttgart.gdl.de" />
+	<target host="og-tuebingen.gdl.de" />
+	<target host="og-villingen.gdl.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.jugend\.gdl\.de/" to="https://jugend.gdl.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gdlhamm.de.xml b/src/chrome/content/rules/Gdlhamm.de.xml
new file mode 100644
index 000000000000..be10341df702
--- /dev/null
+++ b/src/chrome/content/rules/Gdlhamm.de.xml
@@ -0,0 +1,11 @@
+<!--
+  For other GDL coverage, see Gdl.de.xml.
+-->
+<ruleset name="Gdlhamm.de">
+	<target host="gdlhamm.de" />
+	<target host="www.gdlhamm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GearBest.com.xml b/src/chrome/content/rules/GearBest.com.xml
new file mode 100644
index 000000000000..c95ab60f8542
--- /dev/null
+++ b/src/chrome/content/rules/GearBest.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional subdomains:
+		- e3ai		(m)
+		- edm		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GearBest.com">
+
+	<target host="gearbest.com" />
+	<target host="www.gearbest.com" />
+	<target host="affiliate.gearbest.com" />
+	<target host="br.gearbest.com" />
+	<target host="cart.gearbest.com" />
+	<target host="cashier.gearbest.com" />
+	<target host="checkout.gearbest.com" />
+	<target host="css.gearbest.com" />
+	<target host="de.gearbest.com" />
+	<target host="des.gearbest.com" />
+	<target host="es.gearbest.com" />
+	<target host="fr.gearbest.com" />
+	<target host="gloimg.gearbest.com" />
+	<target host="her.gearbest.com" />
+	<target host="it.gearbest.com" />
+	<target host="login.gearbest.com" />
+	<target host="m.gearbest.com" />
+	<target host="new.gearbest.com" />
+	<target host="order.gearbest.com" />
+	<target host="pt.gearbest.com" />
+	<target host="review.gearbest.com" />
+	<target host="ru.gearbest.com" />
+	<target host="security.gearbest.com" />
+	<target host="support.gearbest.com" />
+	<target host="annex.support.gearbest.com" />
+	<target host="tr.gearbest.com" />
+	<target host="uidesign.gearbest.com" />
+	<target host="uk.gearbest.com" />
+	<target host="us.gearbest.com" />
+	<target host="user.gearbest.com" />
+	<target host="vapor.gearbest.com" />
+
+	<target host="css.gbtcdn.com" />
+	<target host="des.gbtcdn.com" />
+	<target host="uidesign.gbtcdn.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GearSourceCDN.com.xml b/src/chrome/content/rules/GearSourceCDN.com.xml
deleted file mode 100644
index 2f40c1bebd49..000000000000
--- a/src/chrome/content/rules/GearSourceCDN.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .gearsourcecdn.com
-
--->
-<ruleset name="GearSourceCDN.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="gearsourcecdn.com" />
-	<target host="www.gearsourcecdn.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.gearsourcecdn\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.gearsourcecdn\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gearworks_Manufacturing.xml b/src/chrome/content/rules/Gearworks_Manufacturing.xml
index b17be07ded3a..d23f07c6c9c2 100644
--- a/src/chrome/content/rules/Gearworks_Manufacturing.xml
+++ b/src/chrome/content/rules/Gearworks_Manufacturing.xml
@@ -7,15 +7,15 @@ Fetch error: http://www.gearworkstire.com/ => https://www.gearworkstire.com/: (2
 Disabled by https-everywhere-checker because:
 Fetch error: http://gearworkstire.com/ => https://gearworkstire.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Gearworks Manufacturing" default_off='failed ruleset test'>
+<ruleset name="Gearworks Manufacturing" default_off="failed ruleset test">
 
 	<target host="gearworkstire.com" />
 	<target host="www.gearworkstire.com" />
 
 
-	<securecookie host="^(?:.*\.)?gearworkstire\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geek.net.xml b/src/chrome/content/rules/Geek.net.xml
deleted file mode 100644
index 2a9d1c2efbed..000000000000
--- a/src/chrome/content/rules/Geek.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other GameSpot coverage, see GameSpot.xml.
-
-
-	CDN buckets:
-
-		- d2hfi8wofzzjwf.cloudfront.net
-
-			- cdn.asset.geek.net
-
-
-	(www.)?geek.net: Dropped
-
--->
-<ruleset name="Geek.net (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="cdn.asset.geek.net" />
-
-
-	<rule from="^http://cdn\.asset\.geek\.net/"
-		to="https://d2hfi8wofzzjwf.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GeekGhost.net.xml b/src/chrome/content/rules/GeekGhost.net.xml
new file mode 100644
index 000000000000..83d8fa7a9c82
--- /dev/null
+++ b/src/chrome/content/rules/GeekGhost.net.xml
@@ -0,0 +1,19 @@
+<!--
+	SSL protocol error:
+		- www.account.geekghost.net
+		- www.support.geekghost.net
+
+	Mismatched:
+		- mail.geekghost.net
+		- ns1.geekghost.net
+-->
+<ruleset name="GeekGhost.net">
+	<target host="geekghost.net" />
+	<target host="www.geekghost.net" />
+	<target host="account.geekghost.net" />
+	<target host="cdn.geekghost.net" />
+	<target host="status.geekghost.net" />
+	<target host="support.geekghost.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GeekPark.xml b/src/chrome/content/rules/GeekPark.xml
index 3bc646bdb9ad..45e00a8e3399 100644
--- a/src/chrome/content/rules/GeekPark.xml
+++ b/src/chrome/content/rules/GeekPark.xml
@@ -1,12 +1,12 @@
 <!--
 	Warn：https://github.com/EFForg/https-everywhere/pull/5042#issuecomment-234782358
-	
+
 	Related:
 		Qbox.me.xml
 -->
 
 <ruleset name="GeekPark (partial)">
-	
+
 	<!--	clouddn and qiniudn only has http, but it equals to main hosts	-->
 	<target host="7mnpep.com2.z0.glb.clouddn.com" />
 	<target host="7mnpep.com2.z0.glb.qiniucdn.com" />
@@ -27,6 +27,6 @@
 
 	<rule from="^http://gpk-new\.qiniudn\.com/"
 		to="https://dn-geekpark-new.qbox.me/" />
-		<test url="http://gpk-new.qiniudn.com/assets/application-177c73324f0e5e9780d102790d44fbeb.js" />	
+		<test url="http://gpk-new.qiniudn.com/assets/application-177c73324f0e5e9780d102790d44fbeb.js" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GeekWire.com.xml b/src/chrome/content/rules/GeekWire.com.xml
new file mode 100644
index 000000000000..ce2e063bbfe2
--- /dev/null
+++ b/src/chrome/content/rules/GeekWire.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="GeekWire.com (partial)">
+
+	<target host="geekwire.com"/>
+	<target host="www.geekwire.com"/>
+	<target host="cdn.geekwire.com"/>
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GeekWire.xml b/src/chrome/content/rules/GeekWire.xml
deleted file mode 100644
index 8d765be91648..000000000000
--- a/src/chrome/content/rules/GeekWire.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cdn.geekwire.com/ => https://s3.amazonaws.com/geekwire/: Redirect for 'https://s3.amazonaws.com/geekwire/' missing location header
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://cdn.geekwire.com/ => https://s3.amazonaws.com/geekwire/: Redirect for 'https://s3.amazonaws.com/geekwire/' missing Location
--->
-<ruleset name="GeekWire (partial)" default_off='failed ruleset test'>
-
-	<target host="cdn.geekwire.com"/>
-
-	<rule from="^http://cdn\.geekwire\.com/"
-		to="https://s3.amazonaws.com/geekwire/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/GeekZu.xml b/src/chrome/content/rules/GeekZu.xml
index 780a8ffb5b94..c96c69b17b89 100644
--- a/src/chrome/content/rules/GeekZu.xml
+++ b/src/chrome/content/rules/GeekZu.xml
@@ -1,16 +1,16 @@
 <!--
 	No exist:
 		^(www.)?
-	
+
 	Mismatch:
 		fdn.
 -->
 <ruleset name="GeekZu">
-	
+
 	<target host="cdn.geekzu.org" />
 	<target host="fonts.geekzu.org" />
 	<target host="sdn.geekzu.org" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Geek_Squad.co.uk.xml b/src/chrome/content/rules/Geek_Squad.co.uk.xml
deleted file mode 100644
index 99a4e1deb8fa..000000000000
--- a/src/chrome/content/rules/Geek_Squad.co.uk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Geek Squad.co.uk">
-
-	<target host="geeksquad.co.uk" />
-	<target host="www.geeksquad.co.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Geek_Tech_Labs.com.xml b/src/chrome/content/rules/Geek_Tech_Labs.com.xml
index e47110e23665..5dd2490c3040 100644
--- a/src/chrome/content/rules/Geek_Tech_Labs.com.xml
+++ b/src/chrome/content/rules/Geek_Tech_Labs.com.xml
@@ -32,7 +32,7 @@ Fetch error: http://mysql.geektechlabs.com/ => https://mysql.geektechlabs.com/:
 	*** Rule not on by default, doesn't trip MCB
 
 -->
-<ruleset name="Geek Tech Labs.com" default_off='failed ruleset test'>
+<ruleset name="Geek Tech Labs.com" default_off="failed ruleset test">
 
 	<target host="geektechlabs.com" />
 	<target host="www.geektechlabs.com" />
diff --git a/src/chrome/content/rules/Geekbuying.com.xml b/src/chrome/content/rules/Geekbuying.com.xml
new file mode 100644
index 000000000000..bcf1a616e2b6
--- /dev/null
+++ b/src/chrome/content/rules/Geekbuying.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Non-functional subdomains:
+		- api	(d)
+		- blog	(d)
+		- blogimage	(d)
+		- promotion	(d)
+		- rc	(d)
+		- smartphone	(d)
+		- tvbox	(d)
+		- vr	(d)
+		- wholesale	(d)
+
+	d: redirection error
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Geekbuying.com">
+
+	<target host="geekbuying.com" />
+	<target host="www.geekbuying.com" />
+	<target host="ar.geekbuying.com" />
+	<target host="content1.geekbuying.com" />
+	<target host="content2.geekbuying.com" />
+	<target host="de.geekbuying.com" />
+	<target host="el.geekbuying.com" />
+	<target host="es.geekbuying.com" />
+	<target host="fr.geekbuying.com" />
+	<target host="hu.geekbuying.com" />
+	<target host="image1.geekbuying.com" />
+	<target host="image2.geekbuying.com" />
+	<target host="image3.geekbuying.com" />
+	<target host="image4.geekbuying.com" />
+	<target host="it.geekbuying.com" />
+	<target host="iw.geekbuying.com" />
+	<target host="ja.geekbuying.com" />
+	<target host="m.geekbuying.com" />
+	<target host="nl.geekbuying.com" />
+	<target host="pl.geekbuying.com" />
+	<target host="pt.geekbuying.com" />
+	<target host="ru.geekbuying.com" />
+	<target host="th.geekbuying.com" />
+	<target host="tr.geekbuying.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Geekheim.de.xml b/src/chrome/content/rules/Geekheim.de.xml
index b977e124d27b..663bf3a80aa6 100644
--- a/src/chrome/content/rules/Geekheim.de.xml
+++ b/src/chrome/content/rules/Geekheim.de.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geekify.xml b/src/chrome/content/rules/Geekify.xml
index fb88f5f4188f..9a82e8a3d720 100644
--- a/src/chrome/content/rules/Geekify.xml
+++ b/src/chrome/content/rules/Geekify.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.geekify.com.au/ => http://www.geekify.com.au/: (6, 'Coul
 	Some pages redirect to http.
 
 -->
-<ruleset name="Geekify (partial)" default_off='failed ruleset test'>
+<ruleset name="Geekify (partial)" default_off="failed ruleset test">
 
 	<target host="geekify.com.au" />
 	<target host="www.geekify.com.au" />
@@ -15,4 +15,4 @@ Fetch error: http://www.geekify.com.au/ => http://www.geekify.com.au/: (6, 'Coul
 	<rule from="^http://(www\.)?geekify\.com\.au/(data/|fpss/|images/|sites/|user(?:$|\?|/))"
 		to="https://$1geekify.com.au/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Geeksphone.com.xml b/src/chrome/content/rules/Geeksphone.com.xml
index 3519d1997b1e..a6a09a5d4b33 100644
--- a/src/chrome/content/rules/Geeksphone.com.xml
+++ b/src/chrome/content/rules/Geeksphone.com.xml
@@ -21,10 +21,13 @@ Fetch error: http://geeksphone.com/ => https://geeksphone.com/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="Geeksphone.com" default_off='failed ruleset test'>
+<ruleset name="Geeksphone.com" default_off="failed ruleset test">
 
 	<target host="geeksphone.com" />
-	<target host="*.geeksphone.com" />
+	<target host="forum.geeksphone.com" />
+	<target host="shop.geeksphone.com" />
+	<target host="www.geeksphone.com" />
+	<target host="downloads.geeksphone.com" />
 
 
 	<!--	Not secured by server:
@@ -36,10 +39,9 @@ Fetch error: http://geeksphone.com/ => https://geeksphone.com/: (60, 'SSL certif
 	<securecookie host="^(?:(?:forum|\.?shop|www)\.)?geeksphone\.com$" name=".+" />
 
 
-	<rule from="^http://((?:forum|shop|www)\.)?geeksphone\.com/"
-		to="https://$1geeksphone.com/" />
 
 	<rule from="^http://downloads\.geeksphone\.com/"
 		to="https://d337ou2hengace.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gegl.org.xml b/src/chrome/content/rules/Gegl.org.xml
new file mode 100644
index 000000000000..c69c932a228c
--- /dev/null
+++ b/src/chrome/content/rules/Gegl.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- ftp
+-->
+<ruleset name="Gegl.org" default_off="expired">
+	<target host="gegl.org" />
+	<target host="www.gegl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Geht.net.xml b/src/chrome/content/rules/Geht.net.xml
index 67860dc9fb09..55f7744525b9 100644
--- a/src/chrome/content/rules/Geht.net.xml
+++ b/src/chrome/content/rules/Geht.net.xml
@@ -13,7 +13,7 @@ Fetch error: http://hydra.geht.net/ => https://hydra.geht.net/: (7, 'Failed to c
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="geht.net (partial)" default_off='failed ruleset test'>
+<ruleset name="geht.net (partial)" default_off="failed ruleset test">
 
 	<target host="hydra.geht.net" />
 
diff --git a/src/chrome/content/rules/Gem.co.xml b/src/chrome/content/rules/Gem.co.xml
index 1d1c95e31098..4641a63e09be 100644
--- a/src/chrome/content/rules/Gem.co.xml
+++ b/src/chrome/content/rules/Gem.co.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.gem.co/ => https://www.gem.co/: (51, "SSL: no alternativ
 		- my
 
 -->
-<ruleset name="Gem.co (partial)" default_off='failed ruleset test'>
+<ruleset name="Gem.co (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GemCutter.org.xml b/src/chrome/content/rules/GemCutter.org.xml
index 802554f28ec4..a800fd3addd5 100644
--- a/src/chrome/content/rules/GemCutter.org.xml
+++ b/src/chrome/content/rules/GemCutter.org.xml
@@ -9,7 +9,7 @@
 
 	<target host="gemcutter.org" />
 
-	<rule from="^http://gemcutter\.org/" 
+	<rule from="^http://gemcutter\.org/"
 		to="https://rubygems.org/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gemalto.com.xml b/src/chrome/content/rules/Gemalto.com.xml
index 0b558719c0c1..408959b3bc66 100644
--- a/src/chrome/content/rules/Gemalto.com.xml
+++ b/src/chrome/content/rules/Gemalto.com.xml
@@ -47,7 +47,7 @@ Fetch error: http://allynisconnect1.gemalto.com/ => https://allynisconnect1.gema
 	³ Secured by us
 
 -->
-<ruleset name="Gemalto.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Gemalto.com (partial)" default_off="failed ruleset test">
 
 	<target host="allynisconnect1.gemalto.com" />
 	<target host="boutique.gemalto.com" />
diff --git a/src/chrome/content/rules/Gemklub.xml b/src/chrome/content/rules/Gemklub.xml
index d1d8cb0993d8..8ae207fe1b83 100644
--- a/src/chrome/content/rules/Gemklub.xml
+++ b/src/chrome/content/rules/Gemklub.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.gemklub.hu/ => https://www.gemklub.hu/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="G&#233;mklub" default_off='failed ruleset test'>
+<ruleset name="G&#233;mklub" default_off="failed ruleset test">
 	<target host="www.gemklub.hu" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/GenGes.com.xml b/src/chrome/content/rules/GenGes.com.xml
index 7edce1d8ff00..20251b9119cd 100644
--- a/src/chrome/content/rules/GenGes.com.xml
+++ b/src/chrome/content/rules/GenGes.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.genges.com/ => https://www.genges.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.genges.com'")
 
 -->
-<ruleset name="GenGes.com" default_off='failed ruleset test'>
+<ruleset name="GenGes.com" default_off="failed ruleset test">
 
 	<target host="genges.com" />
 	<target host="www.genges.com" />
@@ -15,4 +15,4 @@ Fetch error: http://www.genges.com/ => https://www.genges.com/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GenNextFoundation.org.xml b/src/chrome/content/rules/GenNextFoundation.org.xml
new file mode 100644
index 000000000000..df8e8d8804a0
--- /dev/null
+++ b/src/chrome/content/rules/GenNextFoundation.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="GenNextFoundation.org">
+
+	<target host="gennextfoundation.org" />
+	<target host="www.gennextfoundation.org" />
+	<target host="cdn.gennextfoundation.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GenderJam-NI.xml b/src/chrome/content/rules/GenderJam-NI.xml
deleted file mode 100644
index e63596dfcec6..000000000000
--- a/src/chrome/content/rules/GenderJam-NI.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Mismatched:
-		- ntyn (3gmax.com.ar)
-		- tni (3gmax.com.ar)
--->
-
-<ruleset name="GenderJam NI">
-	<target host="genderjam.lgbt" />
-	<target host="www.genderjam.lgbt" />
-
-	<target host="genderjam.org.uk" />
-	<target host="www.genderjam.org.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/General-Electric.xml b/src/chrome/content/rules/General-Electric.xml
deleted file mode 100644
index a2c9bf6cf1e2..000000000000
--- a/src/chrome/content/rules/General-Electric.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="General Electric (partial)">
-
-	<target host="files.*.geblogs.com"/>
-
-	<rule from="^http://files\.([^\.]+)\.geblogs\.com/"
-		to="https://s3.amazonaws.com/files.$1.geblogs.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/General-anzeiger-bonn.de.xml b/src/chrome/content/rules/General-anzeiger-bonn.de.xml
index 986073ea2fa8..525bd671447b 100644
--- a/src/chrome/content/rules/General-anzeiger-bonn.de.xml
+++ b/src/chrome/content/rules/General-anzeiger-bonn.de.xml
@@ -1,13 +1,13 @@
+<!--
+  Host unresolved:
+    - epaper.general-anzeiger-bonn.de
+ -->
+
 <ruleset name="General-anzeiger-bonn.de">
 	<target host="general-anzeiger-bonn.de" />
 	<target host="www.general-anzeiger-bonn.de" />
-	<target host="epaper.general-anzeiger-bonn.de" />
 	<target host="trauer.general-anzeiger-bonn.de" />
-		<test url="http://epaper.general-anzeiger-bonn.de/shelf.act" />
-
-	<rule from="^http://epaper\.general-anzeiger-bonn\.de/"
-			to="https://epaper.ga-bonn.de/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Generalitat-of-Catalonia.xml b/src/chrome/content/rules/Generalitat-of-Catalonia.xml
index fe07dedd110a..4f0e393c9acb 100644
--- a/src/chrome/content/rules/Generalitat-of-Catalonia.xml
+++ b/src/chrome/content/rules/Generalitat-of-Catalonia.xml
@@ -6,10 +6,11 @@ Fetch error: http://gencat.cat/ => https://gencat.cat/: (51, "SSL: no alternativ
 Disabled by https-everywhere-checker because:
 Fetch error: http://gencat.cat/ => https://gencat.cat/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Generalitat of Catalonia (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Generalitat of Catalonia (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gencat.cat"/>
-	<target host="*.gencat.cat"/>
+	<target host="www.gencat.cat" />
+	<target host="www20.gencat.cat" />
 
 	<securecookie host="^(?:.*[^0]*\.)?gencat\.cat$" name=".+" />
 
diff --git a/src/chrome/content/rules/Genesis-Technologies.xml b/src/chrome/content/rules/Genesis-Technologies.xml
index cb0e3fd4aa8a..8ccc927cd9b9 100644
--- a/src/chrome/content/rules/Genesis-Technologies.xml
+++ b/src/chrome/content/rules/Genesis-Technologies.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gentle_labs.com.xml b/src/chrome/content/rules/Gentle_labs.com.xml
index b46d79023c55..9302e2fbbf58 100644
--- a/src/chrome/content/rules/Gentle_labs.com.xml
+++ b/src/chrome/content/rules/Gentle_labs.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://gentlelabs.com/ => https://www.gentlelabs.com/: (6, 'Could n
 	^gentlelabs.com: Refused
 
 -->
-<ruleset name="Gentle labs.com" default_off='failed ruleset test'>
+<ruleset name="Gentle labs.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GeoAmigo.xml b/src/chrome/content/rules/GeoAmigo.xml
deleted file mode 100644
index 8b02ef8bc4cb..000000000000
--- a/src/chrome/content/rules/GeoAmigo.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="GeoAmigo">
-
-	<target host="geoamigo.com" />
-	<target host="www.geoamigo.com" />
-
-
-	<securecookie host="^(?:www\.)?geoamigo\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GeoCoder.xml b/src/chrome/content/rules/GeoCoder.xml
index 14a47e5639e8..c270861c3464 100644
--- a/src/chrome/content/rules/GeoCoder.xml
+++ b/src/chrome/content/rules/GeoCoder.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.geocoder.ca/ => https://www.geocoder.ca/: Too many redir
 	* Secured by us
 
 -->
-<ruleset name="GeoCoder.ca" default_off='failed ruleset test'>
+<ruleset name="GeoCoder.ca" default_off="failed ruleset test">
 
 	<target host="geocoder.ca"/>
 	<target host="www.geocoder.ca"/>
@@ -25,7 +25,7 @@ Fetch error: http://www.geocoder.ca/ => https://www.geocoder.ca/: Too many redir
 					-->
 	<!--securecookie host="^(?:www\.)?geocoder\.ca$" name="^geocoder_ca$" /-->
 
-	<securecookie host="^(?:.*\.)?geocoder\.ca$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/GeoTrust.net.xml b/src/chrome/content/rules/GeoTrust.net.xml
deleted file mode 100644
index 99baad11cd0c..000000000000
--- a/src/chrome/content/rules/GeoTrust.net.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other GeoTrust coverage, see Geotrust.xml.
-
-
-	^geotrust.net doesn't exist.
-
--->
-<ruleset name="GeoTrust.net">
-
-	<target host="*.geotrust.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^\.geotrust\.net$" name="^v1st$" />
-
-
-	<rule from="^http://(enterprise-security-center\.ilg|www)\.geotrust\.net/"
-		to="https://$1.geotrust.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Geocaching.com-falsemixed.xml b/src/chrome/content/rules/Geocaching.com-falsemixed.xml
deleted file mode 100644
index 1890b9333c56..000000000000
--- a/src/chrome/content/rules/Geocaching.com-falsemixed.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For rules that are on by default, see Geocaching.com.xml.
-
--->
-<ruleset name="Geocaching.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="geocaching.com" />
-	<target host="www.geocaching.com" />
-
-	<!--	Complications:
-				-->
-	<target host="blog.geocaching.com" />
-
-
-	<securecookie host="^www\.geocaching\.com$" name=".+" />
-
-
-	<!--	Redirect keeps path, args,
-		and forward slash:
-					-->
-	<rule from="^http://blog\.geocaching\.com/"
-		to="https://www.geocaching.com/blog/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Geocaching.com.xml b/src/chrome/content/rules/Geocaching.com.xml
index d27e6118eee6..1fa7401796ac 100644
--- a/src/chrome/content/rules/Geocaching.com.xml
+++ b/src/chrome/content/rules/Geocaching.com.xml
@@ -1,97 +1,42 @@
 <!--
-	For rules causing false/broken MCB, see Geocaching.com-falsemixed.xml.
-
 	For other Groundspeak coverage, see Groundspeak.com.xml.
 
 
-	Problematic hosts in *geocaching.com:
-
-		- blog *
-
-	* 403
-
+	Nonfunctional hosts in *.geocaching.com:
 
-	Fully covered hosts:
+		- status.geocaching.com (t)
 
-		- img
-		- shop
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 
 
 	Insecure cookies are set for these hosts:
 
 		- shop.geocaching.com
 		- www.geocaching.com
-
-
-	Mixed content:
-
-		- Scripts, on:
-
-			- www from d3mo08i005h0zn.cloudfront.net *
-			- www from s.gravatar.com *
-			- www from s0.wp.com *
-
-		- css on www from d3mo08i005h0zn.cloudfront.net *
-		- Images on www from d3mo08i005h0zn.cloudfront.net *
-
-		- Bugs, on:
-
-			- www from static.ak.fbcdn.net *
-			- www from platform.twitter.com *
-			- www from stats.wp.com
-
-	* Secured by us
-
 -->
-<ruleset name="Geocaching.com (partial)">
+<ruleset name="Geocaching.com">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="geocaching.com" />
+	<target host="www.geocaching.com" />
+	<target host="blog.geocaching.com" />
+	<target host="forums.geocaching.com" />
 	<target host="img.geocaching.com" />
 	<target host="shop.geocaching.com" />
-	<target host="www.geocaching.com" />
-
-	<!--	Complications:
-				-->
-	<!--target host="blog.geocaching.com" /-->
-
-		<!--	Avoid broken MCB:
-					-->
-		<exclusion pattern="^http://(?:www\.)?geocaching\.com/blog(?:$|[?/])" />
-
-			<test url="http://geocaching.com/blog" />
-			<test url="http://geocaching.com/blog/" />
-			<test url="http://www.geocaching.com/blog" />
-			<test url="http://www.geocaching.com/blog/" />
-
+	<target host="apidevelopers.geocaching.com" />
+	<target host="payments.geocaching.com" />
+	<target host="newsroom.geocaching.com" />
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^www\.geocaching\.com$" name="^(__RequestVerificationToken|ASP\.NET_SessionId)$" /-->
 	<!--securecookie host="^shop\.geocaching\.com$" name="^(CUSTOMER|CUSTOMER_AUTH|CUSTOMER_INFO|CUSTOMER_SEGMENT_IDS|NEWMESSAGE|frontend)$" /-->
 
-	<securecookie host="^shop\.geocaching\.com$" name=".+" />
-
-
-	<!--	Redirect keeps path, args,
-		and forward slash:
-					-->
-	<!--rule from="^http://blog\.geocaching\.com/"
-		to="https://www.geocaching.com/blog/" /-->
-
-	<!--	Redirects to http as-is:
-		(drops args)
-					-->
-	<rule from="^http://www\.geocaching\.com/forums/default\.aspx(?:\?.*)?"
-		to="https://forums.groundspeak.com/GC/" />
-
-		<test url="http://www.geocaching.com/forums/default.aspx" />
-		<test url="http://www.geocaching.com/forums/default.aspx?" />
-		<test url="http://www.geocaching.com/forums/default.aspx?f" />
-		<test url="http://www.geocaching.com/forums/default.aspx?o" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/George-Mason-University.xml b/src/chrome/content/rules/George-Mason-University.xml
index 8b2e9ff11dd4..cf565fe5f31a 100644
--- a/src/chrome/content/rules/George-Mason-University.xml
+++ b/src/chrome/content/rules/George-Mason-University.xml
@@ -84,7 +84,7 @@ Fetch error: http://welcomeweek.gmu.edu/ => https://welcomeweek.gmu.edu/: (60, '
 			- si from www.facebook.com
 
 -->
-<ruleset name="GMU.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="GMU.edu (partial)" default_off="failed ruleset test">
 
 	<target host="gmu.edu"/>
 	<target host="chnm.gmu.edu"/>
diff --git a/src/chrome/content/rules/George-Washington-University.xml b/src/chrome/content/rules/George-Washington-University.xml
index db21f87bd684..7c66db28306c 100644
--- a/src/chrome/content/rules/George-Washington-University.xml
+++ b/src/chrome/content/rules/George-Washington-University.xml
@@ -27,19 +27,20 @@
 -->
 <ruleset name="GWU.edu (partial)">
 
-	<target host="*.gwu.edu" />
+	<target host="gwtoday.gwu.edu" />
+	<target host="www.seas.gwu.edu" />
+	<target host="www.gwu.edu" />
 		<!--
 			Avoid broken MCB:
 						-->
 		<exclusion pattern="^http://www\.seas\.gwu\.edu/+(?!~|favicon\.ico|sites/)" />
 
 
-	<securecookie host="^.*\.gwu\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	!www doesn't exist.
 					-->
-	<rule from="^http://(gwtoday|www\.seas|www)\.gwu\.edu/"
-		to="https://$1.gwu.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Geotrust.xml b/src/chrome/content/rules/Geotrust.xml
index 6315dce2155e..f8200a25f3a8 100644
--- a/src/chrome/content/rules/Geotrust.xml
+++ b/src/chrome/content/rules/Geotrust.xml
@@ -1,45 +1,36 @@
-<!--
-	Other GeoTrust rulesets:
 
-		- GeoTrust.net.xml
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
 
+Fetch error: http://gesc.geotrust.com/ => https://gesc.geotrust.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gesc.geotrust.com'")
 
 	Fully covered subdomains:
 
 		- (www.)
 		- enterprise-security-center
 		- gesc
-		- knowledge
 		- products
 		- seal
 		- security-center
 		- smarticon
 
+  Nonfunctional hosts
+    - knowledge.geotrust.com (r)
+
 -->
 <ruleset name="GeoTrust">
 
 	<target host="geotrust.com" />
-	<target host="*.geotrust.com" />
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^enterprise-security-center\.geotrust\.com$" name="^(JSESSIONID|language|locale)$" /-->
-	<!--securecookie host="^products\.geotrust\.com$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^security-center\.geotrust\.com$" name="^(JSESSIONID|__utxx)$" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^\.geotrust\.com$" name="^v1st$" /-->
-	<!--securecookie host="^knowledge\.geotrust\.com$" name="^JSESSIONID$" /-->
+	<target host="www.geotrust.com" />
+	<target host="enterprise-security-center.geotrust.com" />
+	<!-- target host="gesc.geotrust.com" /-->
+	<target host="products.geotrust.com" />
+	<target host="seal.geotrust.com" />
+	<target host="security-center.geotrust.com" />
+	<target host="smarticon.geotrust.com" />
 
 	<securecookie host="^(?:knowledge)?\.geotrust\.com$" name=".+" />
 
-
-	<rule from="^http://(www\.)?geotrust\.com/"
-		to="https://$1geotrust.com/" />
-
-	<rule from="^http://(enterprise-security-center|gesc|knowledge|products|seal|security-center|smarticon)\.geotrust\.com/"
-		to="https://$1.geotrust.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/German-Academic-Exchange-Service.xml b/src/chrome/content/rules/German-Academic-Exchange-Service.xml
index b7152fde86ae..9708a4724b32 100644
--- a/src/chrome/content/rules/German-Academic-Exchange-Service.xml
+++ b/src/chrome/content/rules/German-Academic-Exchange-Service.xml
@@ -1,7 +1,8 @@
 <ruleset name="German Academic Exchange Service">
 
 	<target host="daad.de" />
-	<target host="*.daad.de" />
+	<target host="ssl.daad.de" />
+	<target host="www.daad.de" />
 
 
 	<securecookie host="^ssl\.daad\.de$" name=".+" />
diff --git a/src/chrome/content/rules/German-Design-Council.xml b/src/chrome/content/rules/German-Design-Council.xml
index f041f6173ff0..95bcd90ebafd 100644
--- a/src/chrome/content/rules/German-Design-Council.xml
+++ b/src/chrome/content/rules/German-Design-Council.xml
@@ -3,7 +3,7 @@
 	<target host="german-design-council.de" />
 	<target host="www.german-design-council.de" />
 
-	<securecookie host="^(?:.*\.)?german-design-council\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml b/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml
index 41db727c6f15..7d2e4e5e050d 100644
--- a/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml
+++ b/src/chrome/content/rules/German_Center_for_Neurodegenerative_Diseases.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Get.It.xml b/src/chrome/content/rules/Get.It.xml
deleted file mode 100644
index 3146dba46b7d..000000000000
--- a/src/chrome/content/rules/Get.It.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- detect.get.it.s3.amazonaws.com
-
-			- detect
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- detect	(→ s3.amazonaws.com)
-		- media
-
--->
-<ruleset name="Get.It">
-
-	<target host="get.it" />
-	<target host="*.get.it" />
-
-
-	<securecookie host="^\.get.it$" name=".+" />
-
-
-	<rule from="^http://(media\.|www\.)?get\.it/"
-		to="https://$1get.it/" />
-
-	<rule from="^http://detect\.get\.it/"
-		to="https://s3.amazonaws.com/detect.get.it/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Get.it.xml b/src/chrome/content/rules/Get.it.xml
new file mode 100644
index 000000000000..88968e510802
--- /dev/null
+++ b/src/chrome/content/rules/Get.it.xml
@@ -0,0 +1,8 @@
+<ruleset name="Get.it">
+	<target host="get.it" />
+	<target host="www.get.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetAwayGrey.xml b/src/chrome/content/rules/GetAwayGrey.xml
index 6ac970cea012..2b300046f446 100644
--- a/src/chrome/content/rules/GetAwayGrey.xml
+++ b/src/chrome/content/rules/GetAwayGrey.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetChef.com.xml b/src/chrome/content/rules/GetChef.com.xml
index 455fa5619443..2e606192e21d 100644
--- a/src/chrome/content/rules/GetChef.com.xml
+++ b/src/chrome/content/rules/GetChef.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Invalid certificate:
 		pages.getchef.com
- 
+
 -->
 <ruleset name="Get Chef.com">
 
diff --git a/src/chrome/content/rules/GetChute.com.xml b/src/chrome/content/rules/GetChute.com.xml
new file mode 100644
index 000000000000..345354f1080c
--- /dev/null
+++ b/src/chrome/content/rules/GetChute.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="GetChute.com (partial)">
+
+	<target host="getchute.com" />
+	<target host="www.getchute.com" />
+	<target host="auth.getchute.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetChute.xml b/src/chrome/content/rules/GetChute.xml
deleted file mode 100644
index 9c51f0c0bc35..000000000000
--- a/src/chrome/content/rules/GetChute.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www
-
-	^getchute.com works, but 302s to https://www, which doesn't.
-
--->
-<ruleset name="GetChute (partial)">
-
-	<target host="*.getchute.com" />
-
-
-	<rule from="^http://auth\.getchute\.com/"
-		to="https://auth.getchute.com/" />
-
-	<!--	301s to media.getchute.com.s3.amazonaws.com
-									-->
-	<rule from="^http://media\.getchute\.com/"
-		to="https://s3.amazonaws.com/media.getchute.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GetClicky.com.xml b/src/chrome/content/rules/GetClicky.com.xml
new file mode 100644
index 000000000000..8eaebabbac3c
--- /dev/null
+++ b/src/chrome/content/rules/GetClicky.com.xml
@@ -0,0 +1,20 @@
+<!--
+	For other clicky rulesets, see Clicky.com.xml
+
+	Wilcard DNS and certificate
+
+-->
+<ruleset name="GetClicky.com">
+
+	<target host="getclicky.com" />
+	<target host="*.getclicky.com" />
+		<test url="http://www.getclicky.com/" />
+		<test url="http://freewebs.getclicky.com/" />
+		<test url="http://static.getclicky.com/js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://([\w-]+\.)?getclicky\.com/"
+		to="https://$1getclicky.com/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GetCloudApp.com.xml b/src/chrome/content/rules/GetCloudApp.com.xml
new file mode 100644
index 000000000000..a25346e3258d
--- /dev/null
+++ b/src/chrome/content/rules/GetCloudApp.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- status.getcloudapp.com
+-->
+<ruleset name="GetCloudApp.com (partial)">
+	<target host="getcloudapp.com" />
+	<target host="www.getcloudapp.com" />
+	<target host="info.getcloudapp.com" />
+	<target host="share.getcloudapp.com" />
+	<target host="support.getcloudapp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GetClouder.com.xml b/src/chrome/content/rules/GetClouder.com.xml
index 0e8d400e0b36..47208141ed65 100644
--- a/src/chrome/content/rules/GetClouder.com.xml
+++ b/src/chrome/content/rules/GetClouder.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://tutorials.getclouder.com/ => https://tutorials.getclouder.co
 Fetch error: http://www.getclouder.com/ => https://www.getclouder.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="GetClouder.com" default_off='failed ruleset test'>
+<ruleset name="GetClouder.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GetGlue.xml b/src/chrome/content/rules/GetGlue.xml
index 996cc7291b96..3db3b54874b4 100644
--- a/src/chrome/content/rules/GetGlue.xml
+++ b/src/chrome/content/rules/GetGlue.xml
@@ -9,16 +9,13 @@ Fetch error: http://getglue.com/ => https://getglue.com/: (51, "SSL: no alternat
 <ruleset name="GetGlue">
 
 	<target host="getglue.com" />
-	<target host="*.getglue.com" />
+	<target host="www.getglue.com" />
+	<target host="widgets.getglue.com" />
 
 
 	<securecookie host="^www\.getglue\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?getglue\.com/"
-		to="https://$1getglue.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://widgets\.getglue\.com/"
-		to="https://s3.amazonaws.com/widgets.getglue.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetHOW.xml b/src/chrome/content/rules/GetHOW.xml
deleted file mode 100644
index 907fe4d15cb4..000000000000
--- a/src/chrome/content/rules/GetHOW.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="GET.HOW">
-
-	<target host="get.how" />
-	<target host="www.get.how" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GetHarvest.com.xml b/src/chrome/content/rules/GetHarvest.com.xml
index 3477b5ba3d74..71bf1c38455d 100644
--- a/src/chrome/content/rules/GetHarvest.com.xml
+++ b/src/chrome/content/rules/GetHarvest.com.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:asset\d\.|(www\.))?getharvest\.com/"
 		to="https://$1getharvest.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GetHashing.com.xml b/src/chrome/content/rules/GetHashing.com.xml
deleted file mode 100644
index 3ef978cbedc1..000000000000
--- a/src/chrome/content/rules/GetHashing.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Fully covered hosts *gethashing.com:
-
-		- (www.)?
-		- forum
-
-
-	Insecure cookies are set for these hosts:
-
-		- forum.gethashing.com
-
--->
-<ruleset name="GetHashing.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="gethashing.com" />
-	<target host="forum.gethashing.com" />
-	<target host="www.gethashing.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^forum\.gethashing\.com$" name="^(_forum_sessio|destination_url)$" /-->
-
-	<securecookie host="^forum\.gethashing\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GetItHere.xyz.xml b/src/chrome/content/rules/GetItHere.xyz.xml
deleted file mode 100644
index d1fd12c5d34a..000000000000
--- a/src/chrome/content/rules/GetItHere.xyz.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other GameCopyWorld coverage, see GameCopyWorld.com.xml.
--->
-
-<ruleset name="GetItHere.xyz">
-	<target host="getithere.xyz" />
-	<target host="www.getithere.xyz" />
-	<target host="fx.getithere.xyz" />
-	<target host="g01.getithere.xyz" />
-	<target host="g11.getithere.xyz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/GetOutline.org.xml b/src/chrome/content/rules/GetOutline.org.xml
new file mode 100644
index 000000000000..908f143313a9
--- /dev/null
+++ b/src/chrome/content/rules/GetOutline.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Google coverage, see GoogleServices.xml.
+
+	Problematic subdomains:
+		- metrics-prod (mismatched, CN=*.google.com)
+		- metrics-test (mismatched, CN=*.google.com)
+-->
+
+<ruleset name="GetOutline.org">
+	<target host="getoutline.org" />
+	<target host="www.getoutline.org" />
+	<target host="dev.getoutline.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Get_ASGard.com.xml b/src/chrome/content/rules/Get_ASGard.com.xml
index 078297850833..2044bfb0149d 100644
--- a/src/chrome/content/rules/Get_ASGard.com.xml
+++ b/src/chrome/content/rules/Get_ASGard.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.getasgard.com/ => https://www.getasgard.com/: (28, 'Oper
 		- .getasgard.com
 
 -->
-<ruleset name="Get ASGard.com" default_off='failed ruleset test'>
+<ruleset name="Get ASGard.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Get_Beagle.co.xml b/src/chrome/content/rules/Get_Beagle.co.xml
index 50938a1ffdee..2a08711df5a0 100644
--- a/src/chrome/content/rules/Get_Beagle.co.xml
+++ b/src/chrome/content/rules/Get_Beagle.co.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.getbeagle.co/ => https://www.getbeagle.co/: (28, 'Connec
 	* Tumblr
 
 -->
-<ruleset name="Get Beagle.co (partial)" default_off='failed ruleset test'>
+<ruleset name="Get Beagle.co (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Get_Shine.com.xml b/src/chrome/content/rules/Get_Shine.com.xml
index 4d83c3447f23..a209b4d70494 100644
--- a/src/chrome/content/rules/Get_Shine.com.xml
+++ b/src/chrome/content/rules/Get_Shine.com.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://getshine.com/ => https://www.getshine.com/: Too many redirects while fetching 'https://www.getshine.com/'
 
 -->
-<ruleset name="get Shine.com" default_off='failed ruleset test'>
+<ruleset name="get Shine.com" default_off="failed ruleset test">
 
 	<target host="getshine.com" />
-	<target host="*.getshine.com" />
+	<target host="www.getshine.com" />
 
 
 	<securecookie host="^\.getshine\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Get_jaco.com.xml b/src/chrome/content/rules/Get_jaco.com.xml
index 8c917e4cd16f..92198d53733b 100644
--- a/src/chrome/content/rules/Get_jaco.com.xml
+++ b/src/chrome/content/rules/Get_jaco.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://getjaco.com/ => https://getjaco.com/: (28, 'Operation timed
 	* Secured by us
 
 -->
-<ruleset name="get jaco.com" default_off='failed ruleset test'>
+<ruleset name="get jaco.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -32,12 +32,7 @@ Fetch error: http://getjaco.com/ => https://getjaco.com/: (28, 'Operation timed
 		<test url="http://bo-staging.getjaco.com/build/recorder.js" />
 
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.getjacko\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^bo(?:-staging)?\.getjacko\.com$" name="^connect\.sid$" /-->
-
-	<securecookie host=".*\.getjacko\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Get_pol.org.xml b/src/chrome/content/rules/Get_pol.org.xml
deleted file mode 100644
index a0cca42de67a..000000000000
--- a/src/chrome/content/rules/Get_pol.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="get pol.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="getpol.org" />
-	<target host="www.getpol.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Getbootstrap.com.xml b/src/chrome/content/rules/Getbootstrap.com.xml
deleted file mode 100644
index 8af75d47940c..000000000000
--- a/src/chrome/content/rules/Getbootstrap.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-    Cloudflare SSL
--->
-<ruleset name="Getbootstrap.com">
-    <target host="getbootstrap.com" />
-    <target host="www.getbootstrap.com" />
-    <target host="expo.getbootstrap.com" />
-    <target host="blog.getbootstrap.com" />
-    <target host="themes.getbootstrap.com" />
-    <target host="v4-alpha.getbootstrap.com" />
-    
-    <!-- Fix https://trac.torproject.org/projects/tor/ticket/19396 -->
-    <exclusion pattern="^http://themes\.getbootstrap\.com/products/dashboard" />
-    
-    <test url="http://themes.getbootstrap.com/products/dashboard" />
-
-    <securecookie host="^(www\.|expo\.|blog\.|v4-alpha\.)?getbootstrap\.com$" name=".+" />
-
-    <rule from="^http:"
-          to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Getclicky.xml b/src/chrome/content/rules/Getclicky.xml
deleted file mode 100644
index 1a7f694a1c44..000000000000
--- a/src/chrome/content/rules/Getclicky.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Partially covered domains:
-
-		- (www.)clicky.com	(some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- cdn.staticstuff.net
-
--->
-<ruleset name="GetClicky">
-
-	<target host="clicky.com" />
-	<target host="www.clicky.com" />
-	<target host="getclicky.com" />
-	<target host="*.getclicky.com" />
-	<target host="staticstuff.net" />
-	<target host="*.staticstuff.net" />
-
-
-	<securecookie host="^(?:.*\.)?getclicky\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?staticstuff\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?clicky\.com/(favicon\.ico|user(?:$|\?|/))"
-		to="https://$1clicky.com/$2" />
-
-	<rule from="^http://([^/:@\.]+\.)?getclicky\.com/"
-		to="https://$1getclicky.com/" />
-
-	<rule from="^http://(?:win\.|www\.)?staticstuff\.net/"
-		to="https://win.staticstuff.net/" />
-
-	<rule from="^http://hello\.staticstuff\.net/"
-		to="https://hello.staticstuff.net/" />
-
-	<rule from="^http://cdn\.staticstuff\.net/"
-		to="https://cdn.staticstuff.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Getname.ru.xml b/src/chrome/content/rules/Getname.ru.xml
deleted file mode 100644
index 616ea493b19b..000000000000
--- a/src/chrome/content/rules/Getname.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Getname.ru">
-	<target host="getname.ru" />
-	<target host="www.getname.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Getprice.xml b/src/chrome/content/rules/Getprice.xml
index 623b96a9776d..bd99664db251 100644
--- a/src/chrome/content/rules/Getprice.xml
+++ b/src/chrome/content/rules/Getprice.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Getsatisfaction.com.xml b/src/chrome/content/rules/Getsatisfaction.com.xml
index 52561c6fa755..57f30371f2db 100644
--- a/src/chrome/content/rules/Getsatisfaction.com.xml
+++ b/src/chrome/content/rules/Getsatisfaction.com.xml
@@ -53,7 +53,7 @@ Fetch error: http://info.getsatisfaction.com/ => https://info.getsatisfaction.co
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Getsatisfaction.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Getsatisfaction.com (partial)" default_off="failed ruleset test">
 
 	<target host="getsatisfaction.com" />
 	<target host="assets1.getsatisfaction.com" />
diff --git a/src/chrome/content/rules/Getty.edu.xml b/src/chrome/content/rules/Getty.edu.xml
index caf4a868f8d2..4ec5913cde97 100644
--- a/src/chrome/content/rules/Getty.edu.xml
+++ b/src/chrome/content/rules/Getty.edu.xml
@@ -15,7 +15,8 @@
 <ruleset name="Getty.edu">
 
 	<target host="getty.edu" />
-	<target host="*.getty.edu" />
+	<target host="www.getty.edu" />
+	<target host="shop.getty.edu" />
 
 
 	<rule from="^http://(?:www\.)?getty\.edu/"
diff --git a/src/chrome/content/rules/Getty_Images.xml b/src/chrome/content/rules/Getty_Images.xml
index 5b5e85420b9c..c0e1a5e9d85d 100644
--- a/src/chrome/content/rules/Getty_Images.xml
+++ b/src/chrome/content/rules/Getty_Images.xml
@@ -179,7 +179,7 @@ Fetch error: http://secure.stage-gettyimages.co.nz/ => https://secure.stage-gett
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Getty Images (partial)" default_off='failed ruleset test'>
+<ruleset name="Getty Images (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GfK_Etilize.xml b/src/chrome/content/rules/GfK_Etilize.xml
index 48a7b6a0c3fe..0f9dbdfb1de3 100644
--- a/src/chrome/content/rules/GfK_Etilize.xml
+++ b/src/chrome/content/rules/GfK_Etilize.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gfycat.com.xml b/src/chrome/content/rules/Gfycat.com.xml
index 5494f1083231..5d88f661370a 100644
--- a/src/chrome/content/rules/Gfycat.com.xml
+++ b/src/chrome/content/rules/Gfycat.com.xml
@@ -11,7 +11,7 @@
 		<test url="http://www.gfycat.com/" />
 		<test url="http://assets.gfycat.com/gfycat.js" />
 		<test url="http://thumbs.gfycat.com/AgileExaltedGreyhounddog-size_restricted.gif" />
-	
+
 		<!-- Second level subdomains -->
 		<test url="http://1.sockets.gfycat.com/" />
 
diff --git a/src/chrome/content/rules/Ghbtns.com.xml b/src/chrome/content/rules/Ghbtns.com.xml
deleted file mode 100644
index 62d5876dca66..000000000000
--- a/src/chrome/content/rules/Ghbtns.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		.ghbtns.com
-
--->
-<ruleset name="ghbtns.com">
-
-	<target host="ghbtns.com" />
-	<target host="www.ghbtns.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.ghbtns\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ghidra-SRE.org.xml b/src/chrome/content/rules/Ghidra-SRE.org.xml
new file mode 100644
index 000000000000..7e13126d3943
--- /dev/null
+++ b/src/chrome/content/rules/Ghidra-SRE.org.xml
@@ -0,0 +1,9 @@
+<!--
+	For other National Security Agency coverage, see National-Security-Agency.xml
+-->
+<ruleset name="Ghidra-SRE.org">
+	<target host="ghidra-sre.org" />
+	<target host="www.ghidra-sre.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghirardelligiftguides.com.xml b/src/chrome/content/rules/Ghirardelligiftguides.com.xml
index 9fbed3f4a994..7317433bdb31 100644
--- a/src/chrome/content/rules/Ghirardelligiftguides.com.xml
+++ b/src/chrome/content/rules/Ghirardelligiftguides.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.ghirardelligiftguides.com/ => https://www.ghirardelligif
 Disabled by https-everywhere-checker because:
 Fetch error: http://ghirardelligiftguides.com/ => https://ghirardelligiftguides.com/: (51, "SSL: no alternative certificate subject name matches target host name 'ghirardelligiftguides.com'")
 -->
-<ruleset name="ghirardelligiftguides.com" default_off='failed ruleset test'>
+<ruleset name="ghirardelligiftguides.com" default_off="failed ruleset test">
 
 	<target host="ghirardelligiftguides.com" />
 	<target host="www.ghirardelligiftguides.com" />
diff --git a/src/chrome/content/rules/Ghisler.com.xml b/src/chrome/content/rules/Ghisler.com.xml
new file mode 100644
index 000000000000..713e6bd7d003
--- /dev/null
+++ b/src/chrome/content/rules/Ghisler.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ghisler.com">
+	<target host="ghisler.com" />
+	<target host="www.ghisler.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ghost.org.xml b/src/chrome/content/rules/Ghost.org.xml
index 0570abce3594..37d592e5f00b 100644
--- a/src/chrome/content/rules/Ghost.org.xml
+++ b/src/chrome/content/rules/Ghost.org.xml
@@ -1,33 +1,44 @@
 <!--
-	Nonfunctional subdomains:
+	No working URL known:
+		casper.ghost.org
+		streams.ghost.org
 
-		- blog *
+	Invalid certificate:
+		cdn.ghost.org
+		email.ghost.org
 
-	* Redirects to http
+	Refused:
+		desktop-updates.ghost.org
 
 -->
-<ruleset name="Ghost.org (partial)">
+<ruleset name="Ghost.org">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="ghost.org" />
 	<target host="www.ghost.org" />
-
-	<!--	Complications:
-				-->
+	<target host="academy.ghost.org" />
+	<target host="api.ghost.org" />
+	<target host="apps.ghost.org" />
+	<target host="auth.ghost.org" />
+	<target host="blog.ghost.org" />
+	<target host="count.ghost.org" />
+	<target host="dev.ghost.org" />
+	<target host="docs.ghost.org" />
+	<target host="en.ghost.org" />
+	<target host="forum.ghost.org" />
+	<target host="gscan.ghost.org" />
+	<target host="help.ghost.org" />
+	<target host="ideas.ghost.org" />
+	<target host="marketplace.ghost.org" />
+	<target host="my.ghost.org" />
+	<target host="offline.ghost.org" />
+	<target host="shop.ghost.org" />
+	<target host="slack.ghost.org" />
 	<target host="status.ghost.org" />
+	<target host="support.ghost.org" />
+	<target host="themes.ghost.org" />
+	<target host="updates.ghost.org" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^ghost\.org$" name="^_ghostweb_sess$" /-->
-
-	<securecookie host="^ghost\.org$" name=".+" />
-	<securecookie host="^\.ghost\.org$" name="^(?:__cfduid|cf_clearance)$" />
-
-
-	<rule from="^http://status\.ghost\.org/"
-		to="https://ghost.statuspage.io/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Ghostscript.com.xml b/src/chrome/content/rules/Ghostscript.com.xml
new file mode 100644
index 000000000000..1ff039f1a1e1
--- /dev/null
+++ b/src/chrome/content/rules/Ghostscript.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired/Mismatch:
+		- downloads.ghostscript.com
+		- svn.ghostscript.com
+-->
+<ruleset name="Ghostscript.com">
+	<target host="ghostscript.com" />
+	<target host="www.ghostscript.com" />
+	<target host="bugs.ghostscript.com" />
+	<target host="git.ghostscript.com" />
+	<target host="twiki.ghostscript.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Giant_Bomb.com.xml b/src/chrome/content/rules/Giant_Bomb.com.xml
index d371cc77345f..d4bd8acb7910 100644
--- a/src/chrome/content/rules/Giant_Bomb.com.xml
+++ b/src/chrome/content/rules/Giant_Bomb.com.xml
@@ -1,49 +1,15 @@
 <!--
 	For other CBS coverage, see CBS.xml.
-
-
-	Nonfunctional subdomains:
-
-		- store *
-
-	* Redirects back from shopify
-
-
-	At least some pages redirect to http.
-
 -->
 <ruleset name="Giant Bomb.com (partial)">
 
 	<target host="giantbomb.com" />
-	<target host="auth.giantbomb.com" />
 	<target host="www.giantbomb.com" />
-		<!--
-			At least some stylesheets reference resources relative to root:
-											-->
-		<!--exclusion pattern="^http://static\.giantbomb\.com/(?=bundles/.+\.css($|\?))" /-->
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.giantbomb\.com/+($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.giantbomb\.com/+(?!bundles/|favicon\.ico)" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^auth\.giantbomb\.com$" name="^(_promos_seen|device_view|sptg)$" /-->
-
-	<securecookie host="^\.giantbomb\.com$" name="^(?:AD_SESSION|ads_firstpg)$" />
-	<securecookie host="^auth\.giantbomb\.com$" name=".+" />
-	<securecookie host="^www\.giantbomb\.com$" name="^_promos_seen" />
-
+	<target host="auth.giantbomb.com" />
+	<target host="store.giantbomb.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
-	<!--rule from="^http://store\.giantbomb\.com/"
-		to="https://giantbomb.myshopify.com/" /-->
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Giardini.biz.xml b/src/chrome/content/rules/Giardini.biz.xml
new file mode 100644
index 000000000000..52b4adcb1573
--- /dev/null
+++ b/src/chrome/content/rules/Giardini.biz.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		css.giardini.biz
+		js.giardini.biz
+		old.giardini.biz
+-->
+<ruleset name="giardini.biz">
+	<target host="www.giardini.biz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GigaSize.xml b/src/chrome/content/rules/GigaSize.xml
index d120149fe7ed..d0ee5fc39fe2 100644
--- a/src/chrome/content/rules/GigaSize.xml
+++ b/src/chrome/content/rules/GigaSize.xml
@@ -5,12 +5,12 @@ Fetch error: http://gigasize.com/ => https://gigasize.com/: (60, 'SSL certificat
 Fetch error: http://www.gigasize.com/ => https://www.gigasize.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="GigaSize (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="GigaSize (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gigasize.com" />
 	<target host="www.gigasize.com" />
 
-	<securecookie host="^(?:.*\.)?gigasize\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Gigabyte.cn.xml b/src/chrome/content/rules/Gigabyte.cn.xml
new file mode 100644
index 000000000000..29b38f11243c
--- /dev/null
+++ b/src/chrome/content/rules/Gigabyte.cn.xml
@@ -0,0 +1,21 @@
+<!--
+	Top-level domain does not exist.
+
+	Invalid certificate:
+		- m
+		- fans
+
+	Mismatched:
+		- b2b
+		- download
+		- cnbpm
+
+	Timeout:
+		- jidian
+-->
+<ruleset name="Gigabyte.cn">
+	<target host="www.gigabyte.cn" />
+	<target host="eip.nb.gigabyte.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigabyte.com.xml b/src/chrome/content/rules/Gigabyte.com.xml
index 03d0260442a2..e49ca311805f 100644
--- a/src/chrome/content/rules/Gigabyte.com.xml
+++ b/src/chrome/content/rules/Gigabyte.com.xml
@@ -1,160 +1,153 @@
 <!--
-	Non-functional hosts
-		Couldn't connect to server:
-			 - battlefield.gigabyte.com
-			 - nseu.gigabyte.com
-			 - nsus.gigabyte.com
+	NXDOMAIN: ^
 
-		Timeout was reached:
-			 - gigabyte.com
-			 - test.ae.gigabyte.com
-			 - aivia.gigabyte.com
-			 - az.gigabyte.com
-			 - ba.gigabyte.com
-			 - bg.gigabyte.com
-			 - blackedition.gigabyte.com
-			 - test.br.gigabyte.com
-			 - test.bsy.gigabyte.com
-			 - vga.cn.gigabyte.com
-			 - computex.gigabyte.com
-			 - csr.gigabyte.com
-			 - cy.gigabyte.com
-			 - manage.de.gigabyte.com
-			 - test.de.gigabyte.com
-			 - ee.gigabyte.com
-			 - es.gigabyte.com
-			 - test.es.gigabyte.com
-			 - esupport.gigabyte.com
-			 - manage.esupport.gigabyte.com
-			 - event.gigabyte.com
-			 - faq.gigabyte.com
-			 - manage.faq.gigabyte.com
-			 - test.fr.gigabyte.com
-			 - gcenter.gigabyte.com
-			 - ge.gigabyte.com
-			 - ggcs.gigabyte.com
-			 - ggts.gigabyte.com
-			 - test2014.global.gigabyte.com
-			 - gmx1.gigabyte.com
-			 - gmx2.gigabyte.com
-			 - gmx3.gigabyte.com
-			 - grmapart.gigabyte.com
-			 - gsq.gigabyte.com
-			 - hu.gigabyte.com
-			 - test.id.gigabyte.com
-			 - test.in.gigabyte.com
-			 - test.ir.gigabyte.com
-			 - it.gigabyte.com
-			 - test.jp.gigabyte.com
-			 - kg.gigabyte.com
-			 - test.kr.gigabyte.com
-			 - global.manage.gigabyte.com
-			 - marketing.gigabyte.com
-			 - mbuws.gigabyte.com
-			 - me.gigabyte.com
-			 - msoa3-cki.gigabyte.com
-			 - test.mx.gigabyte.com
-			 - test.nl.gigabyte.com
-			 - nscn.gigabyte.com
-			 - nstw.gigabyte.com
-			 - test.se.gigabyte.com
-			 - sk.gigabyte.com
-			 - smiling.gigabyte.com
-			 - mb.srm.gigabyte.com
-			 - peripheral.srm.gigabyte.com
-			 - b2b.test.gigabyte.com
-			 - cn.test.gigabyte.com
-			 - fr.test.gigabyte.com
-			 - global.test.gigabyte.com
-			 - tw.test.gigabyte.com
-			 - us.test.gigabyte.com
-			 - vn.test.gigabyte.com
-			 - test.tr.gigabyte.com
-			 - ud9.gigabyte.com
-			 - usb3.gigabyte.com
-			 - test.vn.gigabyte.com
-			 - websys.gigabyte.com
+	Timeout:
+		- vga.cn
+		- gcenter
+		- gmx1
+		- grmapart
+		- log
+		- global.manage
+		- mbuws
+		- msoa3-cki
+		- mb.srm
+		- mb.srm
+		- peripheral.srm
+		- b2b.test
+		- cn.test
+		- fr.test
+		- global.test
+		- tw.test
+		- us.test
+		- vn.test
+		- websys
 
-		SSL connect error:
-			 - forum.b2b.gigabyte.com
-			 - partner.br.gigabyte.com
-			 - test.global.gigabyte.com
-			 - event.latam.gigabyte.com
-			 - m.gigabyte.com
+	Mismatched:
+		- ar
+		- arabic
+		- au
+		- bd
+		- be
+		- br
+		- test.bsy
+		- ca
+		- cl
+		- cz
+		- de
+		- mb.download
+		- arabic.english
+		- manage.esupport
+		- faq
+		- manage.faq
+		- fr
+		- gamescom
+		- global
+		- gr.global
+		- hu.global
+		- pt.global
+		- ua.global
+		- grma
+		- id
+		- il
+		- in
+		- ir
+		- jp
+		- kr
+		- latam
+		- ldap
+		- lu
+		- md
+		- mx
+		- ni
+		- nl
+		- persian
+		- pl
+		- pop3
+		- ro
+		- ru
+		- se
+		- smtp
+		- th
+		- tr
+		- uk
+		- us
+		- uy
+		- vn
+		- za
 
-		SSL peer certificate was not OK:
-			 - ae.gigabyte.com
-			 - ar.gigabyte.com
-			 - arabic.gigabyte.com
-			 - au.gigabyte.com
-			 - b2b.gigabyte.com
-			 - bd.gigabyte.com
-			 - be.gigabyte.com
-			 - br.gigabyte.com
-			 - ca.gigabyte.com
-			 - businesscenter.ca.gigabyte.com
-			 - cl.gigabyte.com
-			 - club.gigabyte.com
-			 - cz.gigabyte.com
-			 - mb.download.gigabyte.com
-			 - e-service.gigabyte.com
-			 - arabic.english.gigabyte.com
-			 - g1.gigabyte.com
-			 - gamescom.gigabyte.com
-			 - global.gigabyte.com
-			 - gr.global.gigabyte.com
-			 - hu.global.gigabyte.com
-			 - pt.global.gigabyte.com
-			 - ua.global.gigabyte.com
-			 - grma.gigabyte.com
-			 - id.gigabyte.com
-			 - il.gigabyte.com
-			 - in.gigabyte.com
-			 - jp.gigabyte.com
-			 - kr.gigabyte.com
-			 - latam.gigabyte.com
-			 - lu.gigabyte.com
-			 - md.gigabyte.com
-			 - mx.gigabyte.com
-			 - ni.gigabyte.com
-			 - persian.gigabyte.com
-			 - pl.gigabyte.com
-			 - reseller.gigabyte.com
-			 - ro.gigabyte.com
-			 - ru.gigabyte.com
-			 - th.gigabyte.com
-			 - tr.gigabyte.com
-			 - tw.gigabyte.com
-			 - uk.gigabyte.com
-			 - us.gigabyte.com
-			 - uy.gigabyte.com
-			 - vn.gigabyte.com
-			 - webservice.gigabyte.com
+	Incomplete certificate chain:
+		- admin
+		- test.global
+		- m
+		- public
+		- public4
+		- tw
 
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - admin.gigabyte.com
-			 - edi-test.gigabyte.com
+	Refused:
+		- az
+		- ba
+		- bg
+		- cy
+		- dreamhack
+		- edi-test
+		- ee
+		- es
+		- ge
+		- gr
+		- gsq
+		- hu
+		- it
+		- kg
+		- me
+		- sk
+		- ua
+		- yu
 
-		Different content:
-			 - eip.gigabyte.com
+	SSL protocol error:
+		- forum.b2b
+		- partner.br
+
+	Connection reset:
+		- battlefield
+		- businesscenter.ca
+		- b2b.inside-test
+		- club
+		- member
+		- ud9
+		- usb3
+
+	Expired:
+		- computex
+		- smartchat
+
+	HTTP != HTTPS:
+		- ggts
+
+	Network is unreachable:
+		- forum.latam
 -->
-<ruleset name="Gigabyte.com (partial)">
-	<target host="gigabyte.com" />
+<ruleset name="Gigabyte.com">
 	<target host="www.gigabyte.com" />
 	<target host="autodiscover.gigabyte.com" />
+	<target host="b2b.gigabyte.com" />
 	<target host="reseller.b2b.gigabyte.com" />
-	<target host="partner.uk.gigabyte.com" />
-		<test url="http://partner.uk.gigabyte.com/grma" />
+	<target host="csr.gigabyte.com" />
+	<target host="download.gigabyte.com" />
+	<target host="download1.gigabyte.com" />
+	<target host="e-service.gigabyte.com" />
+	<target host="eip.gigabyte.com" />
+	<target host="esupport.gigabyte.com" />
+	<target host="event.gigabyte.com" />
+	<target host="ggcs.gigabyte.com" />
+	<target host="ibpm.gigabyte.com" />
+	<target host="event.latam.gigabyte.com" />
+	<target host="marketing.gigabyte.com" />
 	<target host="passport.gigabyte.com" />
+	<target host="reseller.gigabyte.com" />
 	<target host="static.gigabyte.com" />
-		<test url="http://static.gigabyte.com/Global/Banner/A3/843_s.jpg" />
 	<target host="store.gigabyte.com" />
+	<target host="partner.uk.gigabyte.com" />
 	<target host="webmail.gigabyte.com" />
-	<target host="xg.gigabyte.com" />
-
-	<rule from="^http://gigabyte\.com/" 
-			to="https://www.gigabyte.com/" />
 
-	<rule from="^http:" 
-			to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gigabyte.us.xml b/src/chrome/content/rules/Gigabyte.us.xml
new file mode 100644
index 000000000000..01da3ca162f1
--- /dev/null
+++ b/src/chrome/content/rules/Gigabyte.us.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatched:
+		- ^
+		- www
+		- forum
+		- battlefield
+
+	Self-signed:
+		- m
+
+	No certificates sent:
+		- event
+		- reseller
+		- businesscenter
+		- rebate
+		- brix
+		- rma
+-->
+<ruleset name="Gigabyte.us (partial)">
+	<target host="store.gigabyte.us" />
+	<target host="download.gigabyte.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://download.gigabyte.us/FileList/BIOS/mb_bios_z390-aorus-pro-wifi_f9a.zip" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gigantic_Tickets.xml b/src/chrome/content/rules/Gigantic_Tickets.xml
index 1b161cebccd1..1361d49ab14b 100644
--- a/src/chrome/content/rules/Gigantic_Tickets.xml
+++ b/src/chrome/content/rules/Gigantic_Tickets.xml
@@ -10,7 +10,7 @@ Fetch error: http://gigantic.com/ => https://gigantic.com/: Redirect for 'http:/
 		- dashboard	(shows default CentOS page)
 
 -->
-<ruleset name="Gigantic Tickets (partial)" default_off='failed ruleset test'>
+<ruleset name="Gigantic Tickets (partial)" default_off="failed ruleset test">
 
 	<target host="gigantic.com" />
 	<target host="cdn.gigantic.com" />
@@ -18,9 +18,9 @@ Fetch error: http://gigantic.com/ => https://gigantic.com/: Redirect for 'http:/
 	<target host="www.gigantic.com" />
 
 
-	<securecookie host="^(?:.+\.)?gigantic\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gigaserver.xml b/src/chrome/content/rules/Gigaserver.xml
index 0af1bbf4edfc..63c78a4e2f1f 100644
--- a/src/chrome/content/rules/Gigaserver.xml
+++ b/src/chrome/content/rules/Gigaserver.xml
@@ -17,7 +17,7 @@
 	<!--	* for cross-subdomain cookie.	-->
 
 
-	<securecookie host="^(?:.*\.)?gigaserver\.cz$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/Gigya.xml b/src/chrome/content/rules/Gigya.xml
index c11b1e11a096..4e3a156ab244 100644
--- a/src/chrome/content/rules/Gigya.xml
+++ b/src/chrome/content/rules/Gigya.xml
@@ -76,7 +76,7 @@ Fetch error: http://uploads.www.gigya.com/ => https://uploads.www.gigya.com/: (5
 	* Secured by us
 
 -->
-<ruleset name="Gigya.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Gigya.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Gihyo.jp.xml b/src/chrome/content/rules/Gihyo.jp.xml
index 163165b6bc7d..dd56097151e4 100644
--- a/src/chrome/content/rules/Gihyo.jp.xml
+++ b/src/chrome/content/rules/Gihyo.jp.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.gihyo.jp/ => https://gihyo/: (6, 'Could not resolve host
 		- gihyo.jp
 
 -->
-<ruleset name="Gihyo.jp" default_off='failed ruleset test'>
+<ruleset name="Gihyo.jp" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GijsK.com.xml b/src/chrome/content/rules/GijsK.com.xml
new file mode 100644
index 000000000000..9b37168aee27
--- /dev/null
+++ b/src/chrome/content/rules/GijsK.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="GijsK.com">
+	<target host="gijsk.com" />
+	<target host="www.gijsk.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GileadHIV.com.xml b/src/chrome/content/rules/GileadHIV.com.xml
new file mode 100644
index 000000000000..ba0195463b66
--- /dev/null
+++ b/src/chrome/content/rules/GileadHIV.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+		franchiseguide.gileadhiv.com
+-->
+<ruleset name="GileadHIV.com">
+
+	<target host="gileadhiv.com" />
+	<target host="www.gileadhiv.com" />
+	<target host="services.gileadhiv.com" />
+		<test url="http://services.gileadhiv.com/pdf/DESCOVY/Important_Facts" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Gimme_Bar.com.xml b/src/chrome/content/rules/Gimme_Bar.com.xml
deleted file mode 100644
index 0334553c6ef4..000000000000
--- a/src/chrome/content/rules/Gimme_Bar.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	www: cert only matches ^gimmebar.com
-
-
-	Mixed content:
-
-		- Flash, from:
-
-			- player.vimeo.com
-			- \w.vimeocdn.com
-
--->
-<ruleset name="Gimme Bar.com">
-
-	<target host="gimmebar.com" />
-	<target host="www.gimmebar.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gimmickwear.xml b/src/chrome/content/rules/Gimmickwear.xml
index 008551743e2f..dea23a4c44a8 100644
--- a/src/chrome/content/rules/Gimmickwear.xml
+++ b/src/chrome/content/rules/Gimmickwear.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gionn.net.xml b/src/chrome/content/rules/Gionn.net.xml
index e9c2fb041665..53483a945305 100644
--- a/src/chrome/content/rules/Gionn.net.xml
+++ b/src/chrome/content/rules/Gionn.net.xml
@@ -1,11 +1,9 @@
 <!--
-	www.gionn.net: Self-signed
-
+	www.gionn.net: Unresolved
 
 	Insecure cookies are set for these domains:
 
 		- .gionn.net
-
 -->
 <ruleset name="gionn.net">
 
@@ -13,21 +11,12 @@
 				-->
 	<target host="gionn.net" />
 
-	<!--	Complications:
-				-->
-	<target host="www.gionn.net" />
-
-
 	<!--	CloudFlare cookies:
 					-->
 	<!--securecookie host="^\.gionn\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://www\.gionn\.net/"
-		to="https://gionn.net/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/GirlLoveGirl.net.xml b/src/chrome/content/rules/GirlLoveGirl.net.xml
deleted file mode 100644
index ebd6ccc70af5..000000000000
--- a/src/chrome/content/rules/GirlLoveGirl.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Mismatched:
-		- www (girllovegirl.net, fixed by this ruleset)
--->
-
-<ruleset name="GirlLoveGirl.net">
-	<target host="girllovegirl.net" />
-	<target host="www.girllovegirl.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.girllovegirl\.net/" to="https://girllovegirl.net/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Girl_Scouts.xml b/src/chrome/content/rules/Girl_Scouts.xml
index b160aaae85e0..c866dda1ca41 100644
--- a/src/chrome/content/rules/Girl_Scouts.xml
+++ b/src/chrome/content/rules/Girl_Scouts.xml
@@ -1,29 +1,25 @@
 <!--
 	Nonfunctional subdomains:
 
-		- blog		(blogspot)
-		- catalog *
 		- forgirls *
 
 	* No https
 
-
-	!www: blank page, valid cert
+    !www: 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection
 
 -->
 <ruleset name="Girl Scouts (partial)">
 
 	<target host="girlscouts.org" />
 	<target host="www.girlscouts.org" />
-
+	<target host="blog.girlscouts.org" />
 
 	<securecookie host="^www\.girlscouts\.org$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?girlscouts\.org/"
+	<rule from="^http://girlscouts\.org/"
 		to="https://www.girlscouts.org/" />
 
-	<rule from="^http://blog\.girlscouts\.org/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GirlsChannel.net.xml b/src/chrome/content/rules/GirlsChannel.net.xml
new file mode 100644
index 000000000000..1c5da27de335
--- /dev/null
+++ b/src/chrome/content/rules/GirlsChannel.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		4xx client error:
+		- mail.girlschannel.net
+		- test.girlschannel.net
+-->
+<ruleset name="GirlsChannel.net">
+	<target host="girlschannel.net" />
+	<target host="www.girlschannel.net" />
+	<target host="info.girlschannel.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gistmarks.com.xml b/src/chrome/content/rules/Gistmarks.com.xml
deleted file mode 100644
index 677823dbc074..000000000000
--- a/src/chrome/content/rules/Gistmarks.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://gistmarks.com/ => https://gistmarks.com/: (7, 'Failed to connect to gistmarks.com port 443: Connection refused')
-Fetch error: http://www.gistmarks.com/ => https://www.gistmarks.com/: (7, 'Failed to connect to www.gistmarks.com port 443: Connection refused')
-
--->
-<ruleset name="gistmarks.com" default_off='failed ruleset test'>
-
-	<target host="gistmarks.com" />
-	<target host="www.gistmarks.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?gistmarks\.com$" name="^gistmarking$" /-->
-
-	<securecookie host="^(?:www\.)?gistmarks\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Git.io.xml b/src/chrome/content/rules/Git.io.xml
index b4b930628a51..edcb7c8a763e 100644
--- a/src/chrome/content/rules/Git.io.xml
+++ b/src/chrome/content/rules/Git.io.xml
@@ -5,7 +5,7 @@
 
 	<target host="git.io" />
 	<target host="www.git.io" />
-	
+
 	<test url="http://git.io/vzorI" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/GitBook.io.xml b/src/chrome/content/rules/GitBook.io.xml
index 2fac5f34d757..fd53251e21cb 100644
--- a/src/chrome/content/rules/GitBook.io.xml
+++ b/src/chrome/content/rules/GitBook.io.xml
@@ -4,7 +4,7 @@
 	Timeout:
 		- gitbook.io
 		- help.gitbook.io
-		
+
 	Problematic subdomains:
 		- ^ *
 		- push ³
diff --git a/src/chrome/content/rules/GitCDN.link.xml b/src/chrome/content/rules/GitCDN.link.xml
new file mode 100644
index 000000000000..f7f551148440
--- /dev/null
+++ b/src/chrome/content/rules/GitCDN.link.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		ip.gitcdn.link
+-->
+<ruleset name="GitCDN.link">
+	<target host="gitcdn.link" />
+	<target host="www.gitcdn.link" />
+	<target host="cdn.gitcdn.link" />
+	<target host="min.gitcdn.link" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitCDN.xyz.xml b/src/chrome/content/rules/GitCDN.xyz.xml
new file mode 100644
index 000000000000..8a3c8077687b
--- /dev/null
+++ b/src/chrome/content/rules/GitCDN.xyz.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		ip.gitcdn.xyz
+-->
+<ruleset name="GitCDN.xyz">
+	<target host="gitcdn.xyz" />
+	<target host="www.gitcdn.xyz" />
+	<target host="cdn.gitcdn.xyz" />
+	<target host="min.gitcdn.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitFoo.com.xml b/src/chrome/content/rules/GitFoo.com.xml
new file mode 100644
index 000000000000..1f371d6a051e
--- /dev/null
+++ b/src/chrome/content/rules/GitFoo.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		mail.gitfoo.com
+-->
+<ruleset name="GitFoo.com">
+	<target host="gitfoo.com" />
+	<target host="www.gitfoo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GitHub.xml b/src/chrome/content/rules/GitHub.xml
index ae51b1ccf217..6d48b0a203d4 100644
--- a/src/chrome/content/rules/GitHub.xml
+++ b/src/chrome/content/rules/GitHub.xml
@@ -6,13 +6,13 @@
 	Other GitHub rulesets:
 		- Choosealicense.com.xml
 		- Github-Pages.xml
+		- githubassets.com.xml
 		- Guag.es.xml
 		- Speaker_Deck.com.xml
 -->
 <ruleset name="GitHub">
 	<target host="github.io" />
 
-	<target host="collector.githubapp.com" />
 
 	<target host="avatars0.githubusercontent.com" />
 	<target host="avatars1.githubusercontent.com" />
diff --git a/src/chrome/content/rules/GitLab.io.xml b/src/chrome/content/rules/GitLab.io.xml
index dd8af97499ad..eea97a475761 100644
--- a/src/chrome/content/rules/GitLab.io.xml
+++ b/src/chrome/content/rules/GitLab.io.xml
@@ -18,10 +18,10 @@
 	<!-- GitLab.io doesn't support TLS on 4th level domains.
 
 		From their documentation:
-		"When using Pages under the general domain of a GitLab instance (*.example.io), you 
-		cannot use HTTPS with sub-subdomains. That means that if your username/groupname 
-		contains a dot, for example foo.bar, the domain foo.bar.example.io will not work. 
-		This is a limitation of the HTTP Over TLS protocol. HTTP pages will continue to 
+		"When using Pages under the general domain of a GitLab instance (*.example.io), you
+		cannot use HTTPS with sub-subdomains. That means that if your username/groupname
+		contains a dot, for example foo.bar, the domain foo.bar.example.io will not work.
+		This is a limitation of the HTTP Over TLS protocol. HTTP pages will continue to
 		work provided you don't redirect HTTP to HTTPS."
 
 		https://web.archive.org/web/20170121211447/http://docs.gitlab.com/ee/pages/README.html#limitations
diff --git a/src/chrome/content/rules/GitList.org.xml b/src/chrome/content/rules/GitList.org.xml
new file mode 100644
index 000000000000..2203393ef2ee
--- /dev/null
+++ b/src/chrome/content/rules/GitList.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		www.gitlist.org
+-->
+<ruleset name="GitList.org">
+	<target host="gitlist.org" />
+	<target host="www.gitlist.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.gitlist\.org/"
+		to="https://gitlist.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Github-Pages.xml b/src/chrome/content/rules/Github-Pages.xml
index 5ec63d5833a9..86c627e10fb5 100644
--- a/src/chrome/content/rules/Github-Pages.xml
+++ b/src/chrome/content/rules/Github-Pages.xml
@@ -15,9 +15,8 @@
 		<test url="http://duckietv.github.io/DuckieTV" />
 		<test url="http://duckietv.github.io/DuckieTV/" />
 
-	<!-- See https://github.com/EFForg/https-everywhere/issues/2507 -->
-	<exclusion pattern="^http://googletrends\.github\.io/(GOPDebate1|iframe-scaffolder)/" />
-		<test url="http://googletrends.github.io/GOPDebate1/" />
+	<exclusion pattern="^http://googletrends\.github\.io/iframe-scaffolder" />
+		<test url="http://googletrends.github.io/iframe-scaffolder" />
 		<test url="http://googletrends.github.io/iframe-scaffolder/" />
 
 	<exclusion pattern="^http://schizoduckie\.github\.io/DuckieTorrent/?" />
@@ -27,11 +26,6 @@
 		<test url="http://schizoduckie.github.io/PimpMyuTorrent" />
 		<test url="http://schizoduckie.github.io/PimpMyuTorrent/" />
 
-	<!-- Avoid mixed content blocking -->
-	<exclusion pattern="^http://katbailey\.github\.io/" />
-		<test url="http://katbailey.github.io/" />
-		<test url="http://katbailey.github.io/post/gaussian-processes-for-dummies/" />
-
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"	to="https:"/>
diff --git a/src/chrome/content/rules/Githubstats.com.xml b/src/chrome/content/rules/Githubstats.com.xml
deleted file mode 100644
index d8740491208d..000000000000
--- a/src/chrome/content/rules/Githubstats.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Githubstats.com">
-	<target host="githubstats.com" />
-	<target host="www.githubstats.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gitorious.xml b/src/chrome/content/rules/Gitorious.xml
deleted file mode 100644
index 7a135644243c..000000000000
--- a/src/chrome/content/rules/Gitorious.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Gitorious">
-
-	<target host="gitorious.org" />
-	<target host="www.gitorious.org" />
-
-	<rule from="^http://(www\.)?gitorious\.org/"
-		to="https://gitorious.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gittigidiyor.net.xml b/src/chrome/content/rules/Gittigidiyor.net.xml
new file mode 100644
index 000000000000..2652e767569d
--- /dev/null
+++ b/src/chrome/content/rules/Gittigidiyor.net.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.gittigidiyor.net:
+
+		- gittigidiyor.net	(secure connection failed)
+		- www.gittigidiyor.net	(secure connection failed)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="GittiGidiyor.net">
+
+	<target host="mcdn01.gittigidiyor.net" />
+		<test url="http://mcdn01.gittigidiyor.net/29801/tn24/298011980_tn24_0.jpg" />
+	<target host="mcdnaff03.gittigidiyor.net" />
+	<target host="st.gittigidiyor.net" />
+	<target host="st2.gittigidiyor.net" />
+
+	<!-- /$ doesn't work with HTTPS -->
+	<exclusion pattern="^http://st\.gittigidiyor\.net/$" />
+		<test url="http://st.gittigidiyor.net/rsrc/devgg/images/ebay-pt.png" />
+
+	<exclusion pattern="^http://st2\.gittigidiyor\.net/$" />
+		<test url="http://st2.gittigidiyor.net/fred/framework/assets/img/core/main/simple-modal-close.png" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gittigidiyor.xml b/src/chrome/content/rules/Gittigidiyor.xml
deleted file mode 100644
index e8afde5accc6..000000000000
--- a/src/chrome/content/rules/Gittigidiyor.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For other eBay coverage, see EBay.xml.
-
-	Nonfunctional hosts in *.gittigidiyor.com:
-		- blog.gittigidiyor.com (mixedcontnet)
-		- kurumsal.gittigidiyor.com (connection reset)
-
-		- gittigidiyor.net (secure connection failed)
-		- www.gittigidiyor.net (secure connection failed)
-
-	h: http redirect
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="GittiGidiyor">
-
-	<target host="mcdn01.gittigidiyor.net" />
-		<test url="http://mcdn01.gittigidiyor.net/29801/tn24/298011980_tn24_0.jpg" />
-	<target host="mcdnaff03.gittigidiyor.net" />
-	<target host="mhd.gittigidiyor.net" />
-	<target host="st.gittigidiyor.net" />
-	<target host="st2.gittigidiyor.net" />
-
-	<!-- /$ doesn't work with HTTPS -->
-	<exclusion pattern="^http://mhd\.gittigidiyor\.net/$" />
-	<test url="http://mhd.gittigidiyor.com/servlet/files/19595" />
-	<exclusion pattern="^http://st\.gittigidiyor\.net/$" />
-	<test url="http://st.gittigidiyor.net/rsrc/devgg/images/ebay-pt.png" />
-	<exclusion pattern="^http://st2\.gittigidiyor\.net/$" />
-	<test url="http://st2.gittigidiyor.net/fred/framework/assets/img/core/main/simple-modal-close.png" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gittip.com.xml b/src/chrome/content/rules/Gittip.com.xml
deleted file mode 100644
index e19666d0a958..000000000000
--- a/src/chrome/content/rules/Gittip.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Other Gittip rulesets:
-
-		- Gratipay.com.xml
-
-
-	CDN buckets:
-
-		- assets-gittipllc.netdna-ssl.com
-
--->
-<ruleset name="Gittip.com">
-
-	<target host="gittip.com" />
-	<target host="www.gittip.com" />
-
-
-	<securecookie host="^www\.gittip\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Give-Kids-the-World.xml b/src/chrome/content/rules/Give-Kids-the-World.xml
index abcd225f2654..9d85fda672ff 100644
--- a/src/chrome/content/rules/Give-Kids-the-World.xml
+++ b/src/chrome/content/rules/Give-Kids-the-World.xml
@@ -27,13 +27,13 @@ Fetch error: http://secure.gktw.org/ => https://secure.gktw.org/: (60, 'SSL cert
 	**	The ruleset redirects givekidstheworldstore.org to www.givekidstheworldstore.org; both appear
 		to have the same content.
 -->
-<ruleset name="Give Kids the World" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Give Kids the World" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="gktw.org" />
 	<target host="www.gktw.org" />
 	<target host="givekidstheworld.org" />
 	<target host="www.givekidstheworld.org" />
 	<target host="secure.gktw.org" />
-	
+
 	<target host="givekidstheworldstore.org" />
 	<target host="www.givekidstheworldstore.org" />
 
diff --git a/src/chrome/content/rules/GiveDirect.xml b/src/chrome/content/rules/GiveDirect.xml
index ff188cccc3a8..e77f7e0015a9 100644
--- a/src/chrome/content/rules/GiveDirect.xml
+++ b/src/chrome/content/rules/GiveDirect.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Givex.xml b/src/chrome/content/rules/Givex.xml
index acd01883f360..5af3b1564c03 100644
--- a/src/chrome/content/rules/Givex.xml
+++ b/src/chrome/content/rules/Givex.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://wwws(-\w\w\d)?\.givex\.com/"
 		to="https://wwws$1.givex.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GivingPrograms.com.xml b/src/chrome/content/rules/GivingPrograms.com.xml
index 9240f799c8db..c92909fd3c2f 100644
--- a/src/chrome/content/rules/GivingPrograms.com.xml
+++ b/src/chrome/content/rules/GivingPrograms.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://givingprograms.com/ => https://givingprograms.com/: (60, 'SS
 	Mixed css from amerigives.com (expired 2013-03-08)
 
 -->
-<ruleset name="GivingPrograms.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="GivingPrograms.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="givingprograms.com" />
 	<target host="giving.givingprograms.com" />
@@ -16,9 +16,9 @@ Fetch error: http://givingprograms.com/ => https://givingprograms.com/: (60, 'SS
 	<target host="www.givingprograms.com" />
 
 
-	<securecookie host="^(?:.+\.)?givingprograms\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gizmodo.com.xml b/src/chrome/content/rules/Gizmodo.com.xml
deleted file mode 100644
index a035165e8b46..000000000000
--- a/src/chrome/content/rules/Gizmodo.com.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.com.xml.
-
-
-	Problematic hosts in *gizmodo.com:
-
-		- cache ᵐ
-
-	ᵐ Mismatched, CN: *.a.ssl.fastly.net
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- gizmodo.com
-		- (column_name).gizmodo.com
-		- www.gizmodo.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Bugs on ^, (column_name) from b.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Gizmodo.com">
-
-	<target host="gizmodo.com" />
-	<target host="*.gizmodo.com" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}gizmodo\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.gizmodo.com/" />
-			<test url="http://exist.not.gizmodo.com/" />
-
-		<!--	Direct rewrites:
-					-->
-
-		<!--	Complications:
-					-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?gizmodo\.com$" name="^geocc$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://cache\.gizmodo\.com/"
-		to="https://cache.gawkerassets.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Glam.xml b/src/chrome/content/rules/Glam.xml
index fd92c8f4a416..fa255ecae8d1 100644
--- a/src/chrome/content/rules/Glam.xml
+++ b/src/chrome/content/rules/Glam.xml
@@ -45,7 +45,7 @@ Fetch error: http://swww2.glam.com/ => https://swww2.glam.com/: (28, 'Operation
 	* → akamai
 
 -->
-<ruleset name="Glam (partial)" default_off='failed ruleset test'>
+<ruleset name="Glam (partial)" default_off="failed ruleset test">
 
 	<target host="www2.glam.com" />
 	<target host="swww2.glam.com" />
diff --git a/src/chrome/content/rules/Glamorous_UK.xml b/src/chrome/content/rules/Glamorous_UK.xml
index f5d8002ff345..62297f02afbc 100644
--- a/src/chrome/content/rules/Glamorous_UK.xml
+++ b/src/chrome/content/rules/Glamorous_UK.xml
@@ -8,10 +8,10 @@ Fetch error: http://glamorousuk.com/ => https://glamorousuk.com/: (51, "SSL: no
 	Cert only matches glamorousuk.com.
 
 -->
-<ruleset name="Glamorous UK" default_off='failed ruleset test'>
+<ruleset name="Glamorous UK" default_off="failed ruleset test">
 
 	<target host="glamorousuk.com" />
-	<target host="*.glamorousuk.com" />
+	<target host="www.glamorousuk.com" />
 
 
 	<securecookie host="^\.glamorousuk\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Glasgow.gov.uk.xml b/src/chrome/content/rules/Glasgow.gov.uk.xml
index 08d7e4a4b03b..11f4e3cd787b 100644
--- a/src/chrome/content/rules/Glasgow.gov.uk.xml
+++ b/src/chrome/content/rules/Glasgow.gov.uk.xml
@@ -74,7 +74,7 @@
 	<target host="spx2.glasgow.gov.uk" />
 	<target host="testmapping.glasgow.gov.uk" />
 	<target host="youraccount.glasgow.gov.uk" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Glasses.com.xml b/src/chrome/content/rules/Glasses.com.xml
index d7ceb11ee89c..996fa5aaa6d7 100644
--- a/src/chrome/content/rules/Glasses.com.xml
+++ b/src/chrome/content/rules/Glasses.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://media.glasses.com/ => https://media.glasses.com/: (60, 'SSL
 	Some pages redirect to http.
 
 -->
-<ruleset name="Glasses.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Glasses.com (partial)" default_off="failed ruleset test">
 
 	<target host="glasses.com" />
 	<target host="media.glasses.com" />
@@ -16,4 +16,4 @@ Fetch error: http://media.glasses.com/ => https://media.glasses.com/: (60, 'SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GlenScott.xml b/src/chrome/content/rules/GlenScott.xml
index 0e4b6e220a5e..811242d4a06a 100644
--- a/src/chrome/content/rules/GlenScott.xml
+++ b/src/chrome/content/rules/GlenScott.xml
@@ -2,7 +2,7 @@
   <target host="glenscott.net" />
   <target host="www.glenscott.net" />
 
-  <securecookie host="^(?:.+\.)?glenscott\.net$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Glenoit.com.xml b/src/chrome/content/rules/Glenoit.com.xml
deleted file mode 100644
index 2afb70f2672c..000000000000
--- a/src/chrome/content/rules/Glenoit.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Glenoit.com">
-
-	<target host="glenoit.com" />
-	<target host="www.glenoit.com" />
-
-
-	<securecookie host="^(?:www\.)?glenoit\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GloDLS.to.xml b/src/chrome/content/rules/GloDLS.to.xml
new file mode 100644
index 000000000000..8cd312af7536
--- /dev/null
+++ b/src/chrome/content/rules/GloDLS.to.xml
@@ -0,0 +1,24 @@
+<ruleset name="GloDLS.to">
+	<target host="glodls.to" />
+	<target host="www.glodls.to" />
+	<target host="fbgroup.glodls.to" />
+	<target host="forum.glodls.to" />
+	<target host="forums.glodls.to" />
+	<target host="forums2.glodls.to" />
+	<target host="ftp.glodls.to" />
+	<target host="glostatus.glodls.to" />
+	<target host="imghost.glodls.to" />
+	<target host="live.glodls.to" />
+	<target host="mail.glodls.to" />
+	<target host="media.glodls.to" />
+	<target host="mg.glodls.to" />
+	<target host="ns1.glodls.to" />
+	<target host="ns2.glodls.to" />
+	<target host="paedia.glodls.to" />
+	<target host="smdb.glodls.to" />
+	<target host="tmdb.glodls.to" />
+	<target host="tracker.glodls.to" />
+	<target host="venturead.glodls.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GlobaLeaks.org.xml b/src/chrome/content/rules/GlobaLeaks.org.xml
deleted file mode 100644
index cb9ac275ac39..000000000000
--- a/src/chrome/content/rules/GlobaLeaks.org.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://globaleaks.org/ => https://globaleaks.org/: (7, 'Failed to connect to globaleaks.org port 443: Connection refused')
-
-	Nonfunctional subdomains:
-
-		- checktorda ¹
-		- lists ²
-
-	¹ 404; mismatched, CN: www.statuscake.com
-	² Refused
-
-
-	Fully covered hosts in *globaleaks.org:
-
-		- (www.)?
-		- deb
-
--->
-<ruleset name="GlobaLeaks.org (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="globaleaks.org" />
-	<target host="deb.globaleaks.org" />
-	<target host="www.globaleaks.org" />
-
-		<!--exclusion pattern="^http://(?:checktorda|lists)\.globaleaks\.org" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Global-Marine-Networks.xml b/src/chrome/content/rules/Global-Marine-Networks.xml
index 10eba36e1972..2b196f1a14b1 100644
--- a/src/chrome/content/rules/Global-Marine-Networks.xml
+++ b/src/chrome/content/rules/Global-Marine-Networks.xml
@@ -16,12 +16,12 @@ Fetch error: http://www.globalmarinenet.com/ => https://www.globalmarinenet.com/
 		- web	(ditto)
 
 -->
-<ruleset name="Global Marine Networks (partial)" default_off='failed ruleset test'>
+<ruleset name="Global Marine Networks (partial)" default_off="failed ruleset test">
 
 	<target host="globalmarinenet.com" />
 	<target host="www.globalmarinenet.com" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 
 
 	<securecookie host="^\.www\.globalmarinenet\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Global-Marketing-Strategies.xml b/src/chrome/content/rules/Global-Marketing-Strategies.xml
index 189f88dd2737..881ca7555db3 100644
--- a/src/chrome/content/rules/Global-Marketing-Strategies.xml
+++ b/src/chrome/content/rules/Global-Marketing-Strategies.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.howtowriteabookasap.com/ => https://www.howtowriteabooka
 		- Trust-Guard.com.xml
 
 -->
-<ruleset name="Global Marketing Strategies (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Global Marketing Strategies (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="fanpagegeneratorpro.com" />
 	<target host="www.fanpagegeneratorpro.com" />
diff --git a/src/chrome/content/rules/Global-Witness.xml b/src/chrome/content/rules/Global-Witness.xml
deleted file mode 100644
index fb36aae58f10..000000000000
--- a/src/chrome/content/rules/Global-Witness.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Global Witness">
-
-	<target host="globalwitness.org" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.globalwitness.org" />
-
-
-	<securecookie host="^.*\.globalwitness\.org$" name=".+" />
-
-	<!--	!www doesn't work over https,
-		redirects to www over http.	-->
-	<rule from="^http://(?:www\.)?globalwitness\.org/"
-		to="https://www.globalwitness.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GlobalConnect.dk.xml b/src/chrome/content/rules/GlobalConnect.dk.xml
new file mode 100644
index 000000000000..10ef10e41ab8
--- /dev/null
+++ b/src/chrome/content/rules/GlobalConnect.dk.xml
@@ -0,0 +1,49 @@
+<!--
+	Incomplete certificate chain:
+		- ^
+		- www
+		- techvpn1
+
+	Refused:
+		- escalation
+		- test
+
+	Self-signed:
+		- gccmg
+		- ldap
+		- ssl
+		- vpn
+
+	Mismatched:
+		- booking2
+		- fibertjek
+		- ipv6
+		- link
+		- sip
+		- support
+		- web
+-->
+<ruleset name="GlobalConnect.dk (partial)">
+	<target host="autodiscover.globalconnect.dk" />
+	<target host="booking.globalconnect.dk" />
+	<target host="bookinguk.globalconnect.dk" />
+	<target host="citrix.globalconnect.dk" />
+	<target host="develop.globalconnect.dk" />
+	<target host="eng.globalconnect.dk" />
+	<target host="extranet.globalconnect.dk" />
+	<target host="insight.globalconnect.dk" />
+	<target host="my.globalconnect.dk" />
+	<target host="dash.my.globalconnect.dk" />
+	<target host="mytest.globalconnect.dk" />
+	<target host="omc.globalconnect.dk" />
+	<target host="rnj.globalconnect.dk" />
+	<target host="tracker.globalconnect.dk" />
+	<target host="tw.globalconnect.dk" />
+	<target host="tysktest.globalconnect.dk" />
+	<target host="ug.globalconnect.dk" />
+	<target host="vip.globalconnect.dk" />
+	<target host="webmail.globalconnect.dk" />
+	<target host="xms.globalconnect.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GlobalSign.xml b/src/chrome/content/rules/GlobalSign.xml
index 1334385cc1fa..090cd473eacf 100644
--- a/src/chrome/content/rules/GlobalSign.xml
+++ b/src/chrome/content/rules/GlobalSign.xml
@@ -83,6 +83,6 @@
 	<rule from="^http://apac\.globalsign\.com/"
 			to="https://www.globalsign.com.sg/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GlobalTestSupply.com.xml b/src/chrome/content/rules/GlobalTestSupply.com.xml
index ee555f2bff55..ccbca9dd0b7f 100644
--- a/src/chrome/content/rules/GlobalTestSupply.com.xml
+++ b/src/chrome/content/rules/GlobalTestSupply.com.xml
@@ -8,7 +8,7 @@
 	<target host="globaltestsupply.com"/>
 	<target host="www.globaltestsupply.com"/>
 
-	<rule from="^http://(www\.)?globaltestsupply\.com/" 
+	<rule from="^http://(www\.)?globaltestsupply\.com/"
 		to="https://www.globaltestsupply.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Global_Bersih.xml b/src/chrome/content/rules/Global_Bersih.xml
index e9b8de659d78..760014cdc122 100644
--- a/src/chrome/content/rules/Global_Bersih.xml
+++ b/src/chrome/content/rules/Global_Bersih.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Cloud_Xchange.com.xml b/src/chrome/content/rules/Global_Cloud_Xchange.com.xml
index 74574a861262..3c32a3d5cc32 100644
--- a/src/chrome/content/rules/Global_Cloud_Xchange.com.xml
+++ b/src/chrome/content/rules/Global_Cloud_Xchange.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://cdn.globalcloudxchange.com/ => https://d6v3rabjzlopt.cloudfr
 	² Insecure renegotiation
 
 -->
-<ruleset name="Global Cloud Xchange.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Global Cloud Xchange.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Global_Network.pl.xml b/src/chrome/content/rules/Global_Network.pl.xml
index ca57fc1b9727..f2080d5c6630 100644
--- a/src/chrome/content/rules/Global_Network.pl.xml
+++ b/src/chrome/content/rules/Global_Network.pl.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.globalnetwork.pl/ => https://globalnetwork.pl/: (60, 'SS
 		- (www.)?	(www → ^)
 
 -->
-<ruleset name="Global Network.pl" default_off='failed ruleset test'>
+<ruleset name="Global Network.pl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Global_Perspectives_Canada.xml b/src/chrome/content/rules/Global_Perspectives_Canada.xml
deleted file mode 100644
index ca94e9ffa70c..000000000000
--- a/src/chrome/content/rules/Global_Perspectives_Canada.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Global Perspectives Canada">
-
-	<target host="globalperspectivescanada.com" />
-	<target host="www.globalperspectivescanada.com" />
-
-
-	<securecookie host="^\.globalperspectivescanada.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Global_Policy_Forum.xml b/src/chrome/content/rules/Global_Policy_Forum.xml
index 84064f22c7ca..69a402c075fb 100644
--- a/src/chrome/content/rules/Global_Policy_Forum.xml
+++ b/src/chrome/content/rules/Global_Policy_Forum.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Promote.xml b/src/chrome/content/rules/Global_Promote.xml
index 71ea60a731ec..9e399a67f824 100644
--- a/src/chrome/content/rules/Global_Promote.xml
+++ b/src/chrome/content/rules/Global_Promote.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?globalpromote\.com/"
 		to="https://globalpromote.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Global_Sources.xml b/src/chrome/content/rules/Global_Sources.xml
index 22220ebdda10..e42f487b7abe 100644
--- a/src/chrome/content/rules/Global_Sources.xml
+++ b/src/chrome/content/rules/Global_Sources.xml
@@ -25,10 +25,12 @@ Fetch error: http://globalsources.com/ => https://www.globalsources.com/: (51, "
 	p serves images only.
 
 -->
-<ruleset name="Global Sources (partial)" default_off='failed ruleset test'>
+<ruleset name="Global Sources (partial)" default_off="failed ruleset test">
 
 	<target host="globalsources.com" />
-	<target host="*.globalsources.com" />
+	<target host="s.globalsources.com" />
+	<target host="www.globalsources.com" />
+	<target host="login.globalsources.com" />
 
 
 	<securecookie host="^w*\.globalsources\.com$" name=".+" />
@@ -37,7 +39,6 @@ Fetch error: http://globalsources.com/ => https://www.globalsources.com/: (51, "
 	<rule from="^http://(?:s\.|www\.)?globalsources\.com/"
 		to="https://www.globalsources.com/" />
 
-	<rule from="^http://login\.globalsources\.com/"
-		to="https://login.globalsources.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Global_Voices_Online.org.xml b/src/chrome/content/rules/Global_Voices_Online.org.xml
index 0034bf48ea22..404afd3423e9 100644
--- a/src/chrome/content/rules/Global_Voices_Online.org.xml
+++ b/src/chrome/content/rules/Global_Voices_Online.org.xml
@@ -85,14 +85,41 @@
 <ruleset name="Global Voices Online.org (partial)">
 
 	<target host="globalvoicesonline.org" />
-	<target host="*.globalvoicesonline.org" />
+	<target host="advocacy.globalvoicesonline.org" />
+	<target host="ar.globalvoicesonline.org" />
+	<target host="ay.globalvoicesonline.org" />
+	<target host="aym.globalvoicesonline.org" />
+	<target host="bn.globalvoicesonline.org" />
+	<target host="books.globalvoicesonline.org" />
+	<target host="da.globalvoicesonline.org" />
+	<target host="de.globalvoicesonline.org" />
+	<target host="el.globalvoicesonline.org" />
+	<target host="es.globalvoicesonline.org" />
+	<target host="fa.globalvoicesonline.org" />
+	<target host="fr.globalvoicesonline.org" />
+	<target host="hu.globalvoicesonline.org" />
+	<target host="id.globalvoicesonline.org" />
+	<target host="it.globalvoicesonline.org" />
+	<target host="jp.globalvoicesonline.org" />
+	<target host="ko.globalvoicesonline.org" />
+	<target host="mg.globalvoicesonline.org" />
+	<target host="mk.globalvoicesonline.org" />
+	<target host="nl.globalvoicesonline.org" />
+	<target host="pl.globalvoicesonline.org" />
+	<target host="pt.globalvoicesonline.org" />
+	<target host="rising.globalvoicesonline.org" />
+	<target host="ru.globalvoicesonline.org" />
+	<target host="sr.globalvoicesonline.org" />
+	<target host="sv.globalvoicesonline.org" />
+	<target host="sw.globalvoicesonline.org" />
+	<target host="www.globalvoicesonline.org" />
+	<target host="zh.globalvoicesonline.org" />
 		<!--exclusion pattern="^http://(img|summit2012)\." /-->
 
 
 	<securecookie host="^\.(?:\w+\.)?globalvoicesonline\.org$" name=".+" />
 
 
-	<rule from="^http://((?:advocacy|ar|aym?|bn|books|da|de|el|es|fa|fr|hu|id|it|jp|ko|mg|mk|nl|pl|pt|rising|ru|s[rvw]|www|zh)\.)?globalvoicesonline\.org/"
-		to="https://$1globalvoicesonline.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Globalclimatemarch.org.xml b/src/chrome/content/rules/Globalclimatemarch.org.xml
index 763c92f6c9e6..ff4f7a100b4b 100644
--- a/src/chrome/content/rules/Globalclimatemarch.org.xml
+++ b/src/chrome/content/rules/Globalclimatemarch.org.xml
@@ -12,7 +12,7 @@
 	<!-- redirect www subdomain to main domain -->
 	<rule from="^http://www\.globalclimatemarch\.org/"
 		to="https://globalclimatemarch.org/" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Globalogiq.com.xml b/src/chrome/content/rules/Globalogiq.com.xml
deleted file mode 100644
index 0fc013ee3ccd..000000000000
--- a/src/chrome/content/rules/Globalogiq.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Globalogiq.com" >
-	<target host="globalogiq.com" />
-	<target host="www.globalogiq.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Globalscaletechnologies.com.xml b/src/chrome/content/rules/Globalscaletechnologies.com.xml
index 35a4e9d3fcc4..bfafd53dfa96 100644
--- a/src/chrome/content/rules/Globalscaletechnologies.com.xml
+++ b/src/chrome/content/rules/Globalscaletechnologies.com.xml
@@ -4,7 +4,7 @@
 	<target host="www.globalscaletechnologies.com" />
 
 
-	<securecookie host="^(?:.*\.)?globalscaletechnologies\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Globaltap.com.xml b/src/chrome/content/rules/Globaltap.com.xml
index 5892236a0c50..f9af471e2386 100644
--- a/src/chrome/content/rules/Globaltap.com.xml
+++ b/src/chrome/content/rules/Globaltap.com.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Globat.com.xml b/src/chrome/content/rules/Globat.com.xml
new file mode 100644
index 000000000000..d368f2787bc5
--- /dev/null
+++ b/src/chrome/content/rules/Globat.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Globat.com">
+
+	<target host="globat.com" />
+	<target host="www.globat.com" />
+	<target host="secure.globat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Globat.xml b/src/chrome/content/rules/Globat.xml
deleted file mode 100644
index 091ecb9d52c6..000000000000
--- a/src/chrome/content/rules/Globat.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Globat">
-
-	<target host="globat.com" />
-	<target host="*.globat.com" />
-
-
-	<securecookie host="^\.globat\.com$" name=".+" />
-
-
-	<rule from="^http://(secure\.|www\.)?globat\.com(?:443)?/"
-		to="https://$1globat.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Globes.xml b/src/chrome/content/rules/Globes.xml
index b714cd642344..c72a28472150 100644
--- a/src/chrome/content/rules/Globes.xml
+++ b/src/chrome/content/rules/Globes.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Globus-Online.xml b/src/chrome/content/rules/Globus-Online.xml
index b08b75f1e17d..9a82e44b7b8e 100644
--- a/src/chrome/content/rules/Globus-Online.xml
+++ b/src/chrome/content/rules/Globus-Online.xml
@@ -11,7 +11,7 @@
 	<target host="www.globusonline.org" />
 
 
-	<securecookie host="^(?:.*\.)?globusonline\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Gluster.org.xml b/src/chrome/content/rules/Gluster.org.xml
index 42ddee4bbd1a..906471ea8557 100644
--- a/src/chrome/content/rules/Gluster.org.xml
+++ b/src/chrome/content/rules/Gluster.org.xml
@@ -13,7 +13,7 @@ Fetch error: http://forge.gluster.org/ => https://forge.gluster.org/: (6, 'Could
 		- forge
 
 -->
-<ruleset name="Gluster.org" default_off='failed ruleset test'>
+<ruleset name="Gluster.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Glyph.im.xml b/src/chrome/content/rules/Glyph.im.xml
index 73c5d6397c32..b2b3edec48f8 100644
--- a/src/chrome/content/rules/Glyph.im.xml
+++ b/src/chrome/content/rules/Glyph.im.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.glyph.im/ => https://www.glyph.im/: (51, "SSL: no alternative certificate subject name matches target host name 'www.glyph.im'")
 
 -->
-<ruleset name="glyph.im" default_off='failed ruleset test'>
+<ruleset name="glyph.im" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Gmedianetworks.com.xml b/src/chrome/content/rules/Gmedianetworks.com.xml
deleted file mode 100644
index 7119f72f33ce..000000000000
--- a/src/chrome/content/rules/Gmedianetworks.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dn6540p04s3vz.cloudfront.net
-
-			- staticcdn.gmedianetworks.com
-
-
-	(www.) doesn't exist.
-
--->
-<ruleset name="gmedianetworks.com">
-
-	<target host="*.gmedianetworks.com" />
-
-
-	<rule from="^http://static\.gmedianetworks\.com/"
-		to="https://static.gmedianetworks.com/" />
-
-	<rule from="^http://staticcdn\.gmedianetworks\.com/"
-		to="https://dn6540p04s3vz.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gna.xml b/src/chrome/content/rules/Gna.xml
index 512e276a61d4..6255f33c975b 100644
--- a/src/chrome/content/rules/Gna.xml
+++ b/src/chrome/content/rules/Gna.xml
@@ -12,7 +12,7 @@
 	NB: server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Gna.org (partial)" default_off="missing certificate chain">
+<ruleset name="Gna.org (partial)" default_off="cert-chain">
 
 	<target host="gna.org" />
 	<target host="mail.gna.org" />
diff --git a/src/chrome/content/rules/Gngr.info.xml b/src/chrome/content/rules/Gngr.info.xml
index f296a189ee77..42369061a300 100644
--- a/src/chrome/content/rules/Gngr.info.xml
+++ b/src/chrome/content/rules/Gngr.info.xml
@@ -5,7 +5,8 @@
 <ruleset name="gngr.info">
 
 	<target host="gngr.info" />
-	<target host="*.gngr.info" />
+	<target host="blog.gngr.info" />
+	<target host="www.gngr.info" />
 
 
 	<rule from="^http://(?:(blog\.)|www\.)?gngr\.info/"
diff --git a/src/chrome/content/rules/GnuCash.xml b/src/chrome/content/rules/GnuCash.xml
index 6fcacfb741b7..ffa6a75b7ee8 100644
--- a/src/chrome/content/rules/GnuCash.xml
+++ b/src/chrome/content/rules/GnuCash.xml
@@ -11,4 +11,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GnuPG.com.xml b/src/chrome/content/rules/GnuPG.com.xml
new file mode 100644
index 000000000000..fd8694281751
--- /dev/null
+++ b/src/chrome/content/rules/GnuPG.com.xml
@@ -0,0 +1,18 @@
+<!--
+	See also: GnuPG.org.xml
+
+	Invalid certificate:
+		support.gnupg.com
+-->
+<ruleset name="GnuPG.com">
+
+	<target host="gnupg.com" />
+	<target host="www.gnupg.com" />
+	<target host="demo.gnupg.com" />
+	<target host="ellsberg.gnupg.com" />
+	<target host="preview.gnupg.com" />
+	<target host="zetkin.gnupg.com" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/GnuPG.org.xml b/src/chrome/content/rules/GnuPG.org.xml
index 3c25479c127d..4a50f1b5db1a 100644
--- a/src/chrome/content/rules/GnuPG.org.xml
+++ b/src/chrome/content/rules/GnuPG.org.xml
@@ -1,29 +1,48 @@
 <!--
-	No working URL known:
-		versions.gnupg.org (403)
-		wkd.gnupg.org (403)
+	See also: GnuPG.com.xml
 
 	Bad certificate:
+		al-kindi.gnupg.org
 		alberti.gnupg.org
+		blog.gnupg.org
+		cvs.gnupg.org
+		jenkins.gnupg.org
 		logo-contest.gnupg.org
 		www.tla-friendly.gnupg.org
 		www-old.gnupg.org
 
+	Non-2xx HTTP code:
+		media.gnupg.org
+
+	Refused:
+		ftp.gnupg.org
+
+	SSL: no alternative certificate subject name matches target host name:
+		www.wiki.gnupg.org
+
+	Timeout:
+		pt.gnupg.org
+		trithemius.gnupg.org
 -->
 <ruleset name="GnuPG.org">
 
 	<target host="gnupg.org" />
 	<target host="www.gnupg.org" />
 	<target host="bugs.gnupg.org" />
+	<target host="chat.gnupg.org" />
+	<target host="dev.gnupg.org" />
 	<target host="git.gnupg.org" />
 	<target host="gitstats.gnupg.org" />
-	<target host="jenkins.gnupg.org" />
+	<target host="jabber.gnupg.org" />
 	<target host="lists.gnupg.org" />
+	<target host="openpgpkey.gnupg.org" />
+	<target host="preview.gnupg.org" />
 	<target host="test.gnupg.org" />
+	<target host="versions.gnupg.org" />
+		<test url="http://versions.gnupg.org/swdb.lst" />
 	<target host="wiki.gnupg.org" />
-	<target host="www.wiki.gnupg.org" />
+	<target host="xmpp.gnupg.org" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GnuTLS.org.xml b/src/chrome/content/rules/GnuTLS.org.xml
index 1fc693258ae1..4ebcdd7ae3aa 100644
--- a/src/chrome/content/rules/GnuTLS.org.xml
+++ b/src/chrome/content/rules/GnuTLS.org.xml
@@ -1,27 +1,22 @@
 <!--
-	Nonfunctional subdomains:
+	Invalid certificate:
+		www.mod.gnutls.org
+		www2.gnutls.org
 
-		- nmav	(refused)
-
-
-	Problematic subdomains:
-
-		- lists		(mismatched)
+	Refused:
+		ftp.gnutls.org
+		nmav.gnutls.org
 
+	Timeout:
+		gitlab.gnutls.org
 -->
-<ruleset name="GnuTLS.org (partial)">
+<ruleset name="GnuTLS.org">
 
 	<target host="gnutls.org" />
 	<target host="www.gnutls.org" />
 	<target host="lists.gnutls.org" />
 	<target host="mod.gnutls.org" />
-	<target host="www.mod.gnutls.org" />
-
-
-	<rule from="^http://lists\.gnutls\.org/"
-		to="https://lists.gnupg.org/" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/GoAbroad.com.xml b/src/chrome/content/rules/GoAbroad.com.xml
deleted file mode 100644
index 05b638c1e81c..000000000000
--- a/src/chrome/content/rules/GoAbroad.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="GoAbroad.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secure.goabroad.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GoAruna.com.xml b/src/chrome/content/rules/GoAruna.com.xml
index 8b04ea6ff707..cc7e10278910 100644
--- a/src/chrome/content/rules/GoAruna.com.xml
+++ b/src/chrome/content/rules/GoAruna.com.xml
@@ -13,7 +13,7 @@
 <ruleset name="GoAruna.com (partial)" default_off="expired">
 
 	<target host="goaruna.com" />
-	<target host="*.goaruna.com" />
+	<target host="www.goaruna.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -27,4 +27,4 @@
 	<rule from="^http://(?:www\.)?goaruna\.com/(?=account(?:$|[?/])|favicon\.ico|images/|javascripts/|stylesheets/)"
 		to="https://goaruna.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GoDaddy.xml b/src/chrome/content/rules/GoDaddy.xml
index 94db61abd119..305ee7cf306d 100644
--- a/src/chrome/content/rules/GoDaddy.xml
+++ b/src/chrome/content/rules/GoDaddy.xml
@@ -1,11 +1,13 @@
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://idp.m.godaddy.com/user/retrieveloginname.aspx?spkey= => https://idp.m.godaddy.com/user/retrieveloginname.aspx?spkey=: (28, 'Connection timed out after 20001 milliseconds')
 
 	Other GoDaddy rulesets:
 
 		- GoDaddy.net.xml
 		- GoDaddy_mobile.com.xml
 		- Instantpage.me.xml
-		- Tdnam.com.xml
 
 
 	Nonfunctional subdomains:
@@ -121,13 +123,21 @@
 	<target host="godaddy.com" />
 	<target host="auctions.godaddy.com" />
 	<target host="*.auctions.godaddy.com" />
+    <test url="http://pe.auctions.godaddy.com/" />
+    <test url="http://pl.auctions.godaddy.com/" />
+    <test url="http://ca.auctions.godaddy.com/" />
+
 	<target host="cart.godaddy.com" />
 	<target host="certs.godaddy.com" />
-	<target host="idp.godaddy.com" />
 	<target host="img.godaddy.com" />
 	<target host="m.godaddy.com" />
 	<target host="*.m.godaddy.com" />
-	<target host="mcc.godaddy.com" />
+    <test url="http://pe.m.godaddy.com/" />
+    <test url="http://se.m.godaddy.com/" />
+    <test url="http://sg.m.godaddy.com/" />
+    <test url="http://ca.m.godaddy.com/" />
+
+  <target host="mcc.godaddy.com" />
 	<target host="mya.godaddy.com" />
 	<target host="seal.godaddy.com" />
 	<target host="supportcenter.godaddy.com" />
@@ -171,12 +181,13 @@
 	<target host="ua.godaddy.com" />
 
 	<test url="http://nl.auctions.godaddy.com/" />
-	<test url="http://ca.m.godaddy.com/" />
-	<test url="http://idp.m.godaddy.com/user/retrieveloginname.aspx?spkey=" />
-	<test url="http://sg.m.godaddy.com/" />
 
 	<securecookie host=".+" name=".+" />
 
+ <!-- SSL error, redirect to www-->
+  <rule from="^http://godaddy\.com/"
+		to="https://www.godaddy.com/" />
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/GoDaddy_mobile.com.xml b/src/chrome/content/rules/GoDaddy_mobile.com.xml
index 4ee31bee388e..fbe4a5f1ead2 100644
--- a/src/chrome/content/rules/GoDaddy_mobile.com.xml
+++ b/src/chrome/content/rules/GoDaddy_mobile.com.xml
@@ -16,7 +16,7 @@ Non-2xx HTTP code: http://godaddymobile.com/ (200) => https://godaddymobile.com/
 		- .godaddymobile.com
 
 -->
-<ruleset name="GoDaddy mobile.com (partial)" default_off='failed ruleset test'>
+<ruleset name="GoDaddy mobile.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GoExplore.net.xml b/src/chrome/content/rules/GoExplore.net.xml
index 31a291ee4f96..97956ea31bac 100644
--- a/src/chrome/content/rules/GoExplore.net.xml
+++ b/src/chrome/content/rules/GoExplore.net.xml
@@ -12,11 +12,11 @@ Fetch error: http://static.goexplore.net/ => https://static.goexplore.net/: (60,
 		- ESET_static.com.xml
 		- Sicontact.at.xml
 -->
-<ruleset name="GoExplore.net" default_off='failed ruleset test'>
+<ruleset name="GoExplore.net" default_off="failed ruleset test">
 	<target host=       "goexplore.net" />
 	<target host=   "www.goexplore.net" />
 	<target host="static.goexplore.net" />
-	
+
 	<!--
 	Exclusion for buggy URL (which sometimes redirects to HTTP), more information: https://github.com/EFForg/https-everywhere/pull/3083
 	https://regex101.com/r/vC6jX8/1
diff --git a/src/chrome/content/rules/GoNewSoft.com.xml b/src/chrome/content/rules/GoNewSoft.com.xml
deleted file mode 100644
index fe4232b478bb..000000000000
--- a/src/chrome/content/rules/GoNewSoft.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="GoNewSoft.com">
-        <target host="gonewsoft.com" />
-        <target host="www.gonewsoft.com" />
-	
-	<rule from="^http:"
-	to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/GoPayment.com.xml b/src/chrome/content/rules/GoPayment.com.xml
new file mode 100644
index 000000000000..9a6c852990e1
--- /dev/null
+++ b/src/chrome/content/rules/GoPayment.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="GoPayment.com">
+	<target host="gopayment.com" />
+	<target host="www.gopayment.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GoStats.com.xml b/src/chrome/content/rules/GoStats.com.xml
deleted file mode 100644
index bf01ca47261e..000000000000
--- a/src/chrome/content/rules/GoStats.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-		- git.gostats.com
-
-		Timeout was reached:
-		- gostats.com
-		- db1.gostats.com
-		- db2.gostats.com
-		- ssl.gostats.com
-
-		SSL peer certificate was not OK:
-		- c2.gostats.com
-		- c3.gostats.com
-		- c4.gostats.com
-		- c5.gostats.com
-		- monster.gostats.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-		- www.gostats.com
-		- 461780.gostats.com
-		- a874610.gostats.com
-		- as.gostats.com
-		- c.gostats.com
-		- c1.gostats.com
-		- ded.gostats.com
-		- gost.gostats.com
-		- c2.gost.gostats.com
-		- c4.gost.gostats.com
-		- htt.gostats.com
-		- img.gostats.com
-		- js.gostats.com
-		- login.gostats.com
-		- romans8.gostats.com
-		- www.ssl.gostats.com
-
-		Mixed content blocking (MCB) triggered:
-		- counterblog.gostats.com
--->
-<ruleset name="GoStats.com (partial)">
-	<target host="board.gostats.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Go_Lang.org.xml b/src/chrome/content/rules/Go_Lang.org.xml
deleted file mode 100644
index 7684f63eda29..000000000000
--- a/src/chrome/content/rules/Go_Lang.org.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
--->
-<ruleset name="Go Lang.org">
-
-	<target host="golang.org" />
-	<target host="*.golang.org" />
-
-		<test url="http://blog.golang.org/" />
-		<test url="http://http2.golang.org/" />
-		<test url="http://play.golang.org/" />
-		<test url="http://tour.golang.org/" />
-		<test url="http://www.golang.org/" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Go_Turkey.com.xml b/src/chrome/content/rules/Go_Turkey.com.xml
index 30f9c2f8cf95..e7220b09f9d6 100644
--- a/src/chrome/content/rules/Go_Turkey.com.xml
+++ b/src/chrome/content/rules/Go_Turkey.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.goturkey.com/ => https://www.goturkey.com/: (35, 'Unknow
 	* Secured by us
 
 -->
-<ruleset name="Go Turkey.com" default_off='failed ruleset test'>
+<ruleset name="Go Turkey.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Go_eShow.com.xml b/src/chrome/content/rules/Go_eShow.com.xml
deleted file mode 100644
index 2ac0c4841a9c..000000000000
--- a/src/chrome/content/rules/Go_eShow.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Go eShow.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="goeshow.com" />
-	<target host="admin.goeshow.com" />
-	<target host="s4.goeshow.com" />
-	<target host="www.goeshow.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Goaldet.com.xml b/src/chrome/content/rules/Goaldet.com.xml
deleted file mode 100644
index 7d8149fa66ac..000000000000
--- a/src/chrome/content/rules/Goaldet.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Mixed images from www.sport24.gr
-
--->
-<ruleset name="Goaldet.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="goaldet.com" />
-	<target host="www.goaldet.com" />
-
-
-	<securecookie host="^(?:w*\.)?goaldet.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GodPraksis.no.xml b/src/chrome/content/rules/GodPraksis.no.xml
index 1740fdf73697..76e237bfec71 100644
--- a/src/chrome/content/rules/GodPraksis.no.xml
+++ b/src/chrome/content/rules/GodPraksis.no.xml
@@ -5,7 +5,7 @@ Fetch error: http://godpraksis.no/ => https://godpraksis.no/: (7, 'Failed to con
 Fetch error: http://www.godpraksis.no/ => https://www.godpraksis.no/: (7, 'Failed to connect to www.godpraksis.no port 443: Connection refused')
 
 -->
-<ruleset name="GodPraksis.no" default_off='failed ruleset test'>
+<ruleset name="GodPraksis.no" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Goddard-Group.xml b/src/chrome/content/rules/Goddard-Group.xml
deleted file mode 100644
index 01753488ff28..000000000000
--- a/src/chrome/content/rules/Goddard-Group.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="The Goddard Group">
-
-	<target host="garygoddard.com" />
-	<target host="www.garygoddard.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Goeswhere.com.xml b/src/chrome/content/rules/Goeswhere.com.xml
index 564c58a73bcb..13483b4996d5 100644
--- a/src/chrome/content/rules/Goeswhere.com.xml
+++ b/src/chrome/content/rules/Goeswhere.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.goeswhere.com/ => https://www.goeswhere.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.goeswhere.com'")
 
 -->
-<ruleset name="goeswhere.com" default_off='failed ruleset test'>
+<ruleset name="goeswhere.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Goke.me.xml b/src/chrome/content/rules/Goke.me.xml
deleted file mode 100644
index 3363b2ef3405..000000000000
--- a/src/chrome/content/rules/Goke.me.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Goke.me">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="goke.me" />
-	<target host="www.goke.me" />
-
-
-	<securecookie host="^\.goke\.me$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Golden_Adventures.xml b/src/chrome/content/rules/Golden_Adventures.xml
index 348d894ddd48..d33d72cf75e7 100644
--- a/src/chrome/content/rules/Golden_Adventures.xml
+++ b/src/chrome/content/rules/Golden_Adventures.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://goldenadventures.com/ => https://goldenadventures.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Golden Adventures.com" default_off='failed ruleset test'>
+<ruleset name="Golden Adventures.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Golden_Charter.xml b/src/chrome/content/rules/Golden_Charter.xml
index 6d5c1459431b..b6f8d40df8b3 100644
--- a/src/chrome/content/rules/Golden_Charter.xml
+++ b/src/chrome/content/rules/Golden_Charter.xml
@@ -35,4 +35,4 @@
 	<rule from="^http://(?:www\.)?mygoldencharter\.co\.uk/"
 		to="https://mygoldencharter.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Golden_Frog.com.xml b/src/chrome/content/rules/Golden_Frog.com.xml
index 4fe759439707..705173b9f83e 100644
--- a/src/chrome/content/rules/Golden_Frog.com.xml
+++ b/src/chrome/content/rules/Golden_Frog.com.xml
@@ -39,7 +39,7 @@ Fetch error: http://app.dumptruck.goldenfrog.com/ => https://app.dumptruck.golde
 		- www.goldenfrog.com
 
 -->
-<ruleset name="Golden Frog.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Golden Frog.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Goldkeys.net.xml b/src/chrome/content/rules/Goldkeys.net.xml
index d66476526422..5c06dbc8f41d 100644
--- a/src/chrome/content/rules/Goldkeys.net.xml
+++ b/src/chrome/content/rules/Goldkeys.net.xml
@@ -1,33 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://portal.goldkeys.org/ => https://portal.goldkeys.org/: (51, "SSL: no alternative certificate subject name matches target host name 'portal.goldkeys.org'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://portal.goldkeys.org/ => https://portal.goldkeys.org/: (51, "SSL: no alternative certificate subject name matches target host name 'portal.goldkeys.org'")
-	Nonfunctional domains:
-
-		- goldkeys.net *
-		- (www.)goldkeys.org *
-
-	* http reply
-
-
-	Problematic domains:
-
-		- www.goldkeys.net	(mismatched, CN: portal.goldkeys.org)
-
+	Non-functional hosts
+		Different content:
+		- ovasight.goldkeys.net
+		- signet.goldkeys.net
 -->
-<ruleset name="Goldkeys.net (partial)" default_off='failed ruleset test'>
-
-	<target host="*.goldkeys.net" />
-	<target host="portal.goldkeys.org" />
-
-
-	<securecookie host="^portal\.goldkeys\.net$" name=".+" />
-
-
-	<rule from="^http://(?:portal|www)\.goldkeys\.(net|org)/"
-		to="https://portal.goldkeys.$1/" />
-
+<ruleset name="Goldkeys.net">
+	<target host="goldkeys.net" />
+	<target host="www.goldkeys.net" />
+	<target host="check.goldkeys.net" />
+	<target host="hub.goldkeys.net" />
+	<target host="portal.goldkeys.net" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Goldkeys.org.xml b/src/chrome/content/rules/Goldkeys.org.xml
new file mode 100644
index 000000000000..fc7d6fa453f6
--- /dev/null
+++ b/src/chrome/content/rules/Goldkeys.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- check.goldkeys.org
+		- portal.goldkeys.org
+-->
+<ruleset name="Goldkeys.org">
+	<target host="goldkeys.org" />
+	<target host="www.goldkeys.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Goldlit.ru.xml b/src/chrome/content/rules/Goldlit.ru.xml
index 496af8c466e1..e6c52322f595 100644
--- a/src/chrome/content/rules/Goldlit.ru.xml
+++ b/src/chrome/content/rules/Goldlit.ru.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http://www\.goldlit\.ru/" to="https://goldlit.ru/"/>
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Goldmann.pl.xml b/src/chrome/content/rules/Goldmann.pl.xml
index 0078b1e09f88..63f048f58aef 100644
--- a/src/chrome/content/rules/Goldmann.pl.xml
+++ b/src/chrome/content/rules/Goldmann.pl.xml
@@ -16,7 +16,7 @@ Fetch error: http://secure.goldmann.pl/ => https://secure.goldmann.pl/: (6, 'Cou
 		- secure
 
 -->
-<ruleset name="Goldmann.pl" default_off='failed ruleset test'>
+<ruleset name="Goldmann.pl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Goldsboro_Web_Development.xml b/src/chrome/content/rules/Goldsboro_Web_Development.xml
index 6a549b619dec..55d4ab67968a 100644
--- a/src/chrome/content/rules/Goldsboro_Web_Development.xml
+++ b/src/chrome/content/rules/Goldsboro_Web_Development.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://my.goldsborowebdevelopment.com/ => https://my.goldsborowebdevelopment.com/: (6, 'Could not resolve host: my.goldsborowebdevelopment.com')
 
 -->
-<ruleset name="Goldsboro Web Development.com" default_off='failed ruleset test'>
+<ruleset name="Goldsboro Web Development.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Goldstar.xml b/src/chrome/content/rules/Goldstar.xml
index 92308c7366ae..6c883360af4b 100644
--- a/src/chrome/content/rules/Goldstar.xml
+++ b/src/chrome/content/rules/Goldstar.xml
@@ -3,28 +3,35 @@
 
 		- ^	(cert only matches www)
 		- gifts	(mismatched, CN: *.myshopify.com)
-
+    - i.goldstar.com (unresolved)
 
 	Some pages redirect to http
 
+  CDN:
+    images - i.gse.io
+
 -->
 <ruleset name="Goldstar (partial)">
 
 	<target host="goldstar.com" />
-	<target host="*.goldstar.com" />
-		<exclusion pattern="^http://(?:i\.|www\.)?goldstar\.com/(?:company|help|my_tickets|series|weekendapp)(?:$|\?|/)" />
-
-
-	<securecookie host="^(?:i|images|www)\.goldstar\.com$" name=".+" />
+	<target host="www.goldstar.com" />
+	<target host="gifts.goldstar.com" />
+	<target host="images.goldstar.com" />
+		<!--
+      Outdated pattern
+      <exclusion pattern="^http://(?:i\.|www\.)?goldstar\.com/(?:company|help|my_tickets|series|weekendapp)(?:$|\?|/)" /> 
+    -->
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?goldstar\.com/"
 		to="https://www.goldstar.com/" />
-
-	<rule from="^http://gifts\.goldstar\.com/"
-		to="https://goldstar.myshopify.com/" />
-
-	<rule from="^http://i(mages)?\.goldstar\.com/"
-		to="https://i$1.goldstar.com/" />
-
-</ruleset>
\ No newline at end of file
+    <test url="http://goldstar.com/oakland-east-bay/categories/online" />
+  <!--
+    Shop no longer up
+    <rule from="^http://gifts\.goldstar\.com/"
+      to="https://goldstar.myshopify.com/" />
+  -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GolfLink.com.xml b/src/chrome/content/rules/GolfLink.com.xml
index ea1acf8a41f1..7bf914afd3c4 100644
--- a/src/chrome/content/rules/GolfLink.com.xml
+++ b/src/chrome/content/rules/GolfLink.com.xml
@@ -1,33 +1,14 @@
 <!--
 	For other Demand Media coverage, see Demand-Media.xml.
 
-
-	CDN buckets:
-
-		- i.glimg.net.edgesuite.net
-
-			- a1768.g.akamai.net
-
-		- ui.glimg.net.edgesuite.net
-
-			- a1075.g.akamai.net
-
+	Non-functional hosts
+		Timeout was reached:
+		- blog.golflink.com
 -->
 <ruleset name="GolfLink.com (partial)">
-
-	<target host="*.glimg.net" />
 	<target host="golflink.com" />
-	<target host="*.golflink.com" />
-	<target host="golflink.net" />
-	<target host="www.golflink.net" />
-
-
-	<!--	Could we secure any of these safely?
-							-->
-	<!--securecookie host="^www\.golflink\.com$" name=".+" /-->
-
-
-	<rule from="^http://(?:(?:cdn-www\.)?golflink\.com|(?:www\.)?golflink\.net|u?i\.glimg\.net)/"
-		to="https://www.golflink.com/" />
+	<target host="www.golflink.com" />
+	<target host="cdn-www.golflink.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GolfLink.net.xml b/src/chrome/content/rules/GolfLink.net.xml
new file mode 100644
index 000000000000..9e646aaf0ea3
--- /dev/null
+++ b/src/chrome/content/rules/GolfLink.net.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- golflink.net
+		- www.golflink.net
+		- staging.golflink.net
+		- a.staging.golflink.net
+		- b.staging.golflink.net
+-->
+<ruleset name="Golflink.net" default_off="cert-invalid">
+	<target host="golflink.net" />
+	<target host="www.golflink.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Golf_Digest.xml b/src/chrome/content/rules/Golf_Digest.xml
index 5da43a812909..ca57eef54556 100644
--- a/src/chrome/content/rules/Golf_Digest.xml
+++ b/src/chrome/content/rules/Golf_Digest.xml
@@ -74,7 +74,7 @@
 	<target host="sstats.golfdigest.com" />
 	<target host="subscribe.golfdigest.com" />
 	<target host="subscriptions.golfdigest.com" />
-	
+
 	<securecookie host="^secure\.golfdigest\.com$" name=".+" />
 
 
diff --git a/src/chrome/content/rules/GoodSmile.info.xml b/src/chrome/content/rules/GoodSmile.info.xml
new file mode 100644
index 000000000000..c9b098f80a7a
--- /dev/null
+++ b/src/chrome/content/rules/GoodSmile.info.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- goodsmile.info
+
+		Invalid Certificate:
+		- img.goodsmile.info
+
+		Mixed content blocking (MCB) triggered:
+		- partner.goodsmile.info
+-->
+<ruleset name="Good Smile.info">
+	<target host="goodsmile.info" />
+	<target host="www.goodsmile.info" />
+	<target host="cf.goodsmile.info" />
+		<test url="http://cf.goodsmile.info/GSCSite/gscimg/btn_search_ee7700.png" />
+		<test url="http://cf.goodsmile.info/GSCSite/gscimg/logo_gsc.png" />
+	<target host="event.goodsmile.info" />
+	<target host="images.goodsmile.info" />
+		<test url="http://images.goodsmile.info/cgm/images/product/20181207/7881/56575/large/102be28774f0a08639361d0158a3421f.jpg" />
+		<test url="http://images.goodsmile.info/cgm/images/product/20181214/7905/56743/large/8b83550b88d4a4393a4f396a7ea349dc.jpg" />
+		<test url="http://images.goodsmile.info/cgm/images/product/20180817/7533/53877/large/6910e0a8526e452537caa77161459980.jpg" />
+	<target host="m.goodsmile.info" />
+	<target host="mamitan.goodsmile.info" />
+	<target host="mikatan.goodsmile.info" />
+	<target host="nendoroid300.goodsmile.info" />
+	<target host="static.goodsmile.info" />
+		<test url="http://static.goodsmile.info/assets/application-64a56e0626d8ff027817214adc7341e3.css" />
+	<target host="support.goodsmile.info" />
+
+	<rule from="^http://goodsmile\.info/"
+			to="https://www.goodsmile.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Good_Luck_Trunk.com.xml b/src/chrome/content/rules/Good_Luck_Trunk.com.xml
deleted file mode 100644
index 5aac40124f2f..000000000000
--- a/src/chrome/content/rules/Good_Luck_Trunk.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-
-	Insecure cookies are set for these domains:
-
-		- .goodlucktrunk.com
-
--->
-<ruleset name="Good Luck Trunk.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="goodlucktrunk.com" />
-	<target host="www.goodlucktrunk.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.goodlucktrunk\.com$" name="^BIPSvr$" /-->
-
-	<securecookie host="^\.goodlucktrunk\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Goodreads.xml b/src/chrome/content/rules/Goodreads.xml
index c649e7a674cf..436094e04273 100644
--- a/src/chrome/content/rules/Goodreads.xml
+++ b/src/chrome/content/rules/Goodreads.xml
@@ -1,22 +1,17 @@
 <!--
 	Other Goodreads rulesets:
+		+ Gr-assets.com.xml
 
-		- Gr-assets.com.xml
+	Non-functional hosts:
+		Mismatched:
+		- photo.goodreads.com
 
 -->
 <ruleset name="Goodreads.com">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="goodreads.com"/>
 	<target host="www.goodreads.com" />
 
-	<!--	Complications:
-				-->
-	<target host="photo.goodreads.com" />
-
-	<rule from="^http://photo\.goodreads\.com/" to="https://s3.amazonaws.com/photo.goodreads.com/"/>
-
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Goodsie.xml b/src/chrome/content/rules/Goodsie.xml
deleted file mode 100644
index 46a674888363..000000000000
--- a/src/chrome/content/rules/Goodsie.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	help.goodsie.com is handled mostly in ENTP-clients.xml.
-
-
-	d1bn1ndebsjcoa.cloudfront.net/e641ea0/
-
-
-	Nonfunctional subdomains:
-
-		- blog		(hosted on Tumblr)
-		- feedback
-
--->
-<ruleset name="Goodsie (partial)" platform="mixedcontent">
-
-	<target host="goodsie.com" />
-	<target host="www.goodsie.com" />
-
-
-	<securecookie host="^goodsie\.com$" name=".+" />
-
-
-	<!--	- www over https: "store hidden"
-		- redirects to !www over http.
-					-->
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Google.com_Subdomains.xml b/src/chrome/content/rules/Google.com_Subdomains.xml
index 6cd4291031ea..8bc6fe425668 100644
--- a/src/chrome/content/rules/Google.com_Subdomains.xml
+++ b/src/chrome/content/rules/Google.com_Subdomains.xml
@@ -53,11 +53,9 @@
 	<target host="chart.apis.google.com" />
 		<test url="http://chart.apis.google.com/chart?cht=p3&amp;chd=t:60,40&amp;chs=250x100&amp;chl=Hello|World" />
 	<target host="appengine.google.com" />
-	<target host="calendar.google.com" />
 	<target host="cast.google.com" />
 	<target host="cbks0.google.com" />
 	<target host="cert-test.sandbox.google.com" />
-	<target host="checkout.google.com" />
 	<target host="chrome.google.com" />
 		<!-- See the complex ruleset for clients\d -->
 		<!-- See the complex ruleset for *.clients\d -->
diff --git a/src/chrome/content/rules/Google.tld_Subdomains.xml b/src/chrome/content/rules/Google.tld_Subdomains.xml
index 39b36723f0af..442c669a6796 100644
--- a/src/chrome/content/rules/Google.tld_Subdomains.xml
+++ b/src/chrome/content/rules/Google.tld_Subdomains.xml
@@ -10,111 +10,172 @@
 		failure: *.google.* failed: The target host must be a hostname, not URL, and must use at most one wildcard.
 	-->
 	<target host="accounts.google.*" />
-	<target host="adwords.google.*" />
-	<target host="finance.google.*" />
 	<target host="groups.google.*" />
-	<target host="id.google.*" />
 	<target host="images.google.*" />
-	<target host="lh2.google.*" />
-	<target host="lh3.google.*" />
-	<target host="lh4.google.*" />
-	<target host="lh5.google.*" />
-	<target host="lh6.google.*" />
 	<target host="m.google.*" />
 	<target host="maps.google.*" />
 	<target host="news.google.*" />
-	<target host="picasaweb.google.*" />
 	<target host="scholar.google.*" />
-	<target host="translate.google.*" />
-
-	<target host="accounts.google.co.*" />
-	<target host="adwords.google.co.*" />
-	<target host="finance.google.co.*" />
-	<target host="groups.google.co.*" />
-	<target host="id.google.co.*" />
-	<target host="images.google.co.*" />
-	<target host="lh2.google.co.*" />
-	<target host="lh3.google.co.*" />
-	<target host="lh4.google.co.*" />
-	<target host="lh5.google.co.*" />
-	<target host="lh6.google.co.*" />
-	<target host="m.google.co.*" />
-	<target host="maps.google.co.*" />
-	<target host="news.google.co.*" />
-	<target host="picasaweb.google.co.*" />
-	<target host="scholar.google.co.*" />
-	<target host="translate.google.co.*" />
 
 	<target host="accounts.google.com.*" />
 	<target host="adwords.google.com.*" />
-	<target host="finance.google.com.*" />
 	<target host="groups.google.com.*" />
-	<target host="id.google.com.*" />
 	<target host="images.google.com.*" />
-	<target host="lh2.google.com.*" />
-	<target host="lh3.google.com.*" />
-	<target host="lh4.google.com.*" />
-	<target host="lh5.google.com.*" />
-	<target host="lh6.google.com.*" />
-	<target host="m.google.com.*" />
 	<target host="maps.google.com.*" />
 	<target host="news.google.com.*" />
-	<target host="picasaweb.google.com.*" />
-	<target host="scholar.google.com.*" />
 	<target host="translate.google.com.*" />
 
-	<securecookie host="^(accounts|adwords|m|maps|picasaweb|translate)\.google\.[\w.]{2,6}$" name=".+" />
+	<securecookie host="^(adwords|m|maps|translate)\.google\.[\w.]{2,6}$" name=".+" />
 
-	<rule from="^http://(accounts|adwords|finance|groups|id|images|lh\d|m|maps|news|picasaweb|scholar|translate)\.google\.((com?\.)?\w{2,3})/"
+	<rule from="^http://(accounts|adwords|groups|images|m|maps|news|scholar|translate)\.google\.((com?\.)?\w{2,3})/"
 			to="https://$1.google.$2/" />
+
 		<test url="http://accounts.google.ca/" />
-		<test url="http://accounts.google.com/" />
+		<test url="http://accounts.google.ru/" />
+		<test url="http://accounts.google.cn/" />
+		<test url="http://accounts.google.hk/" />
+		<test url="http://accounts.google.ge/" />
+		<test url="http://accounts.google.af/" />
+		<test url="http://accounts.google.lv/" />
+		<test url="http://accounts.google.pk/" />
+		<test url="http://accounts.google.jp/" />
+		<test url="http://accounts.google.de/" />
+
+    <test url="http://accounts.google.com/" />
 		<test url="http://accounts.google.com.au/" />
-		<test url="http://adwords.google.ca/" />
-		<test url="http://adwords.google.com/" />
+    <test url="http://accounts.google.com.mx/" />
+    <test url="http://accounts.google.com.ge/" />
+    <test url="http://accounts.google.com.cy/" />
+    <test url="http://accounts.google.com.af/" />
+    <test url="http://accounts.google.com.et/" />
+    <test url="http://accounts.google.com.lb/" />
+    <test url="http://accounts.google.com.ai/" />
+    <test url="http://accounts.google.com.hk/" />
+
 		<test url="http://adwords.google.com.au/" />
-		<test url="http://finance.google.ca/" />
-		<test url="http://finance.google.com/" />
-		<test url="http://finance.google.co.uk/" />
+    <test url="http://adwords.google.com.mx/" />
+    <test url="http://adwords.google.com.pk/" />
+    <test url="http://adwords.google.com.cn/" />
+    <test url="http://adwords.google.com.ru/" />
+    <test url="http://adwords.google.com.ph/" />
+    <test url="http://adwords.google.com.sg/" />
+    <test url="http://adwords.google.com.vn/" />
+    <test url="http://adwords.google.com.hk/" />
+
 		<test url="http://groups.google.ca/" />
+		<test url="http://groups.google.hk/" />
+		<test url="http://groups.google.cc/" />
+		<test url="http://groups.google.pk/" />
+		<test url="http://groups.google.ru/" />
+		<test url="http://groups.google.gp/" />
+		<test url="http://groups.google.gl/" />
+		<test url="http://groups.google.ag/" />
+		<test url="http://groups.google.dj/" />
+		<test url="http://groups.google.ec/" />
+
 		<test url="http://groups.google.com/" />
 		<test url="http://groups.google.com.au/" />
-		<test url="http://id.google.ca/" />
-		<test url="http://id.google.com/" />
-		<test url="http://id.google.com.au/" />
+		<test url="http://groups.google.com.hk/" />
+		<test url="http://groups.google.com.pk/" />
+		<test url="http://groups.google.com.ru/" />
+		<test url="http://groups.google.com.af/" />
+		<test url="http://groups.google.com.ai/" />
+		<test url="http://groups.google.com.ag/" />
+		<test url="http://groups.google.com.do/" />
+
 		<test url="http://images.google.ca/" />
+		<test url="http://images.google.hk/" />
+		<test url="http://images.google.cn/" />
+		<test url="http://images.google.cz/" />
+		<test url="http://images.google.pk/" />
+		<test url="http://images.google.af/" />
+		<test url="http://images.google.dj/" />
+		<test url="http://images.google.ec/" />
+		<test url="http://images.google.ru/" />
+		<test url="http://images.google.ag/" />
+
 		<test url="http://images.google.com/" />
 		<test url="http://images.google.com.au/" />
-		<test url="http://lh3.google.ca/" />
-		<test url="http://lh4.google.com/" />
-		<test url="http://lh5.google.com.au/" />
+		<test url="http://images.google.com.hk/" />
+		<test url="http://images.google.com.cn/" />
+		<test url="http://images.google.com.ai/" />
+		<test url="http://images.google.com.ge/" />
+		<test url="http://images.google.com.ec/" />
+		<test url="http://images.google.com.ag/" />
+		<test url="http://images.google.com.sg/" />
+
 		<test url="http://m.google.ca/" />
+		<test url="http://m.google.cn/" />
+		<test url="http://m.google.ru/" />
+		<test url="http://m.google.hk/" />
+		<test url="http://m.google.cf/" />
+		<test url="http://m.google.td/" />
+		<test url="http://m.google.cc/" />
+		<test url="http://m.google.gp/" />
+		<test url="http://m.google.iq/" />
+		<test url="http://m.google.lv/" />
+
 		<test url="http://m.google.com/" />
 		<test url="http://m.google.com.au/" />
+		<test url="http://m.google.com.cn/" />
+		<test url="http://m.google.com.ru/" />
+		<test url="http://m.google.com.hk/" />
+		<test url="http://m.google.com.iq/" />
+		<test url="http://m.google.com.lb/" />
+		<test url="http://m.google.com.mt/" />
+		<test url="http://m.google.com.om/" />
+		<test url="http://m.google.com.gr/" />
+
 		<test url="http://maps.google.ca/" />
+    <test url="http://maps.google.fr/" />
+    <test url="http://maps.google.iq/" />
+    <test url="http://maps.google.lv/" />
+    <test url="http://maps.google.ru/" />
+    <test url="http://maps.google.gr/" />
+    <test url="http://maps.google.td/" />
+    <test url="http://maps.google.ge/" />
+    <test url="http://maps.google.de/" />
+
 		<test url="http://maps.google.com/" />
-		<test url="http://maps.google.fr/" />
-		<test url="http://maps.google.co.kr/" />
-		<test url="http://maps.google.co.nz/" />
-		<test url="http://maps.google.co.uk/" />
 		<test url="http://maps.google.com.au/" />
 		<test url="http://maps.google.com.br/" />
 		<test url="http://maps.google.com.hk/" />
+		<test url="http://maps.google.com.cu/" />
+		<test url="http://maps.google.com.fj/" />
+		<test url="http://maps.google.com.gt/" />
+
 		<test url="http://news.google.ca/" />
+		<test url="http://news.google.cn/" />
+		<test url="http://news.google.fr/" />
+		<test url="http://news.google.de/" />
+		<test url="http://news.google.hk/" />
+		<test url="http://news.google.cc/" />
+		<test url="http://news.google.ru/" />
+		<test url="http://news.google.gg/" />
+		<test url="http://news.google.lv/" />
+		<test url="http://news.google.is/" />
+
 		<test url="http://news.google.com/" />
 		<test url="http://news.google.com.au/" />
+		<test url="http://news.google.com.cn/" />
+		<test url="http://news.google.com.ru/" />
+		<test url="http://news.google.com.iq/" />
+		<test url="http://news.google.com.na/" />
+		<test url="http://news.google.com.nr/" />
+		<test url="http://news.google.com.pk/" />
 		<test url="http://news.google.ca/archivesearch" />
 		<test url="http://news.google.com/archivesearch" />
 		<test url="http://news.google.com.au/archivesearch" />
-		<test url="http://picasaweb.google.ca/" />
-		<test url="http://picasaweb.google.com/" />
-		<test url="http://picasaweb.google.com.au/" />
-		<test url="http://scholar.google.ca/" />
-		<test url="http://scholar.google.com/" />
-		<test url="http://scholar.google.com.au/" />
-		<test url="http://translate.google.com/" />
-		<test url="http://translate.google.co.jp/" />
+
 		<test url="http://translate.google.com.kh/" />
+		<test url="http://translate.google.com.ru/" />
+		<test url="http://translate.google.com.sg/" />
+		<test url="http://translate.google.com.cn/" />
+		<test url="http://translate.google.com.hk/" />
+		<test url="http://translate.google.com.mx/" />
+		<test url="http://translate.google.com.iq/" />
+		<test url="http://translate.google.com.ge/" />
+		<test url="http://translate.google.com.mt/" />
 
 		<!-- This exclusion is for the Google-hosted LIFE photo archive, which can be
 		found at http://images.google.com/hosted/life (no trailing slash)
diff --git a/src/chrome/content/rules/GoogleAPIs.xml b/src/chrome/content/rules/GoogleAPIs.xml
index 92172b139230..3993d9d3ddfe 100644
--- a/src/chrome/content/rules/GoogleAPIs.xml
+++ b/src/chrome/content/rules/GoogleAPIs.xml
@@ -119,7 +119,6 @@
 		<test url="http://ct.googleapis.com/aviator/ct/v1/get-entries?start=0&amp;end=1" />
 		<test url="http://chart.googleapis.com/chart?cht=p3&amp;chs=250x100&amp;chd=t:60,40&amp;chl=Hello|World" />
 		<test url="http://fonts.googleapis.com/css?family=Tangerine" />
-		<test url="http://imasdk.googleapis.com/" />
 		<test url="http://maps.googleapis.com/maps/ms?hl=da&amp;ie=UTF8&amp;msa=0&amp;msid=213981917930555964408.00044f8886ceeef1c1b88&amp;source=embed&amp;ll=55.432276,9.439402&amp;spn=0.017045,0.043774&amp;z=14" />
 
 	<rule from="^http://([\w-]+\.)?(commondata)?storage\.googleapis\.com/"
diff --git a/src/chrome/content/rules/GoogleMelange.com.xml b/src/chrome/content/rules/GoogleMelange.com.xml
index 938144e37c7a..9f4871de6f56 100644
--- a/src/chrome/content/rules/GoogleMelange.com.xml
+++ b/src/chrome/content/rules/GoogleMelange.com.xml
@@ -2,7 +2,7 @@
 	For other Google coverage, see GoogleServices.xml.
 
 -->
-<ruleset name="GoogleMelange" default_off="missing certificate chain">
+<ruleset name="GoogleMelange" default_off="cert-chain">
 
 	<target host="google-melange.com" />
 	<target host="www.google-melange.com" />
diff --git a/src/chrome/content/rules/GoogleServices.xml b/src/chrome/content/rules/GoogleServices.xml
index 5e89ca624b79..c432eddbbf21 100644
--- a/src/chrome/content/rules/GoogleServices.xml
+++ b/src/chrome/content/rules/GoogleServices.xml
@@ -6,13 +6,12 @@
 		- Apture.com.xml
 		- Blogspot.com_blogs.xml
 		- Certificate-transparency.org.xml
-		- ChannelIntelligence.com.xml
-		- Chrome_Status.com.xml
+		- ChromeStatus.com.xml
 		- Chromium.org.xml
-		- DoubleClick_by_Google.com.xml
+		- DartSearch.net.xml
 		- Doubleclick.net.xml
 		- FeedBurner.xml
-		- Go_Lang.org.xml
+		- GetOutline.org.xml
 		- Google.com_Subdomains.xml
 		- Google.com_Subdomains_Complex.html
 		- Google.org.xml
@@ -29,15 +28,13 @@
 		- Made_with_Code.com.xml
 		- Meebo.xml
 		- Orkut.xml
+		- pki.goog.xml
 		- Polymer-Project.org.xml
-		- Postini.xml
 		- Waze.com.xml
 		- WebM_Project.org.xml
 		- With_Google.com.xml
 -->
 <ruleset name="Google Services Simple">
-	<target host="g.co" />
-	<target host="www.g.co" />
 
 	<target host="pagead2.googlesyndication.com" />
 	<target host="tpc.googlesyndication.com" />
diff --git a/src/chrome/content/rules/Google_App_Engine.xml b/src/chrome/content/rules/Google_App_Engine.xml
index 76658417da82..c639af8699c7 100644
--- a/src/chrome/content/rules/Google_App_Engine.xml
+++ b/src/chrome/content/rules/Google_App_Engine.xml
@@ -32,7 +32,7 @@
 	<test url="http://hstspreload.appspot.com/" />
 
 
-	<securecookie host="^.+\.appspot\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Got_Vape.net.xml b/src/chrome/content/rules/Got_Vape.net.xml
index 02367072c450..3733f57eb2f5 100644
--- a/src/chrome/content/rules/Got_Vape.net.xml
+++ b/src/chrome/content/rules/Got_Vape.net.xml
@@ -20,9 +20,13 @@ Fetch error: http://gotvape.com/ => https://gotvape.com/: (51, "SSL: no alternat
 <ruleset name="Got Vape.net">
 
 	<target host="gotvape.com" />
-	<target host="*.gotvape.com" />
+	<target host="m.gotvape.com" />
+	<target host="images.gotvape.com" />
+	<target host="www.gotvape.com" />
 	<target host="gotvape.net" />
-	<target host="*.gotvape.net" />
+	<target host="m.gotvape.net" />
+	<target host="images.gotvape.net" />
+	<target host="www.gotvape.net" />
 
 
 	<securecookie host="^\.(?:m|www)\.gotvape\.net$" name=".+" />
@@ -31,7 +35,6 @@ Fetch error: http://gotvape.com/ => https://gotvape.com/: (51, "SSL: no alternat
 	<rule from="^http://m\.gotvape\.(?:com|net)/"
 		to="https://m.gotvape.net/" />
 
-	<rule from="^http://(images\.|www\.)?gotvape\.(com|net)/"
-		to="https://$1gotvape.$2/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gotmerchant.com.xml b/src/chrome/content/rules/Gotmerchant.com.xml
index f1838cd99c5e..7a0766d313c1 100644
--- a/src/chrome/content/rules/Gotmerchant.com.xml
+++ b/src/chrome/content/rules/Gotmerchant.com.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?gotmerchant\.com/apply($|[?/])"
 		to="https://www.gotmerchant.com/apply$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Goud.ma.xml b/src/chrome/content/rules/Goud.ma.xml
new file mode 100644
index 000000000000..92ca1b9985ca
--- /dev/null
+++ b/src/chrome/content/rules/Goud.ma.xml
@@ -0,0 +1,11 @@
+<ruleset name="Goud.ma" >
+	<target host="goud.ma" />
+	<target host="www.goud.ma" />
+	<target host="m.goud.ma" />
+	<target host="sf.goud.ma" />
+		<test url="http://sf.goud.ma/wp-content/uploads/2017/07/%D9%88%D8%AB%D9%8A%D9%82%D8%A9-1.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/GourmetGiftBaskets.com.xml b/src/chrome/content/rules/GourmetGiftBaskets.com.xml
index c58c97923050..a93d4b1e7baf 100644
--- a/src/chrome/content/rules/GourmetGiftBaskets.com.xml
+++ b/src/chrome/content/rules/GourmetGiftBaskets.com.xml
@@ -11,7 +11,8 @@
 <ruleset name="GourmetGiftBaskets.com (partial)">
 
 	<target host="gourmetgiftbaskets.com" />
-	<target host="*.gourmetgiftbaskets.com" />
+	<target host="www.gourmetgiftbaskets.com" />
+	<target host="search.gourmetgiftbaskets.com" />
 
 
 	<rule from="^http://(?:www\.)?gourmetgiftbaskets\.com/(App_Themes/|images/|login\.aspx|scripts/)"
diff --git a/src/chrome/content/rules/GovHK.xml b/src/chrome/content/rules/GovHK.xml
index d7077c3f455c..5b8d4c29c328 100644
--- a/src/chrome/content/rules/GovHK.xml
+++ b/src/chrome/content/rules/GovHK.xml
@@ -3,8 +3,11 @@
 		- 1823.gov.hk.xml
 		- brandhk.gov.hk.xml
 		- data.gov.hk.xml
+		- familycouncil.gov.hk.xml
 		- hee.gov.hk.xml
 		- heritage.gov.hk.xml
+		- hiking.gov.hk.xml
+		- hko.gov.hk.xml
 		- HKGov-AFCD.xml
 		- HKGov-ArchSD.xml
 		- HKGov-DEVB.xml
@@ -16,13 +19,19 @@
 		- HKGov-LCSD.xml
 		- HKGov-NEWS.xml
 		- HKGov-TID.xml
+		- coronavirus.gov.hk.xml
 		- hkpl.gov.hk.xml
 		- hkqf.gov.hk.xml
 		- hongkongpost.gov.hk.xml
+		- hydro.gov.hk.xml
+		- info.gov.hk.xml
 		- jobs.gov.hk.xml
+		- ogcio.gov.hk.xml
 		- police.gov.hk.xml
+		- rocars.gov.hk.xml
 		- thechinfamily.hk.xml
 		- voterinfo.gov.hk.xml
+		- wastereduction.gov.hk.xml
 		- wetlandpark.gov.hk.xml
 		- wi-fi.hk.xml
 
@@ -38,7 +47,6 @@
 -->
 <ruleset name="GovHK">
 	<target host="www.gov.hk" />
-	<target host="lp.search.gov.hk" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GovMetric.com.xml b/src/chrome/content/rules/GovMetric.com.xml
index b74233997dbb..5f11bb3d7171 100644
--- a/src/chrome/content/rules/GovMetric.com.xml
+++ b/src/chrome/content/rules/GovMetric.com.xml
@@ -7,7 +7,7 @@
 	These altnames don't exist:
 
 		- govmetric.com
-	
+
 
 	Insecure cookies are set for these hosts: ᶜ
 
diff --git a/src/chrome/content/rules/Gov_Waste.co.uk.xml b/src/chrome/content/rules/Gov_Waste.co.uk.xml
index 7f3478312963..45325b2f3c91 100644
--- a/src/chrome/content/rules/Gov_Waste.co.uk.xml
+++ b/src/chrome/content/rules/Gov_Waste.co.uk.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.govwaste.co.uk/ => https://www.govwaste.co.uk/: (7, 'Fai
 		- .govwaste.co.uk
 
 -->
-<ruleset name="Gov Waste.co.uk" default_off='failed ruleset test'>
+<ruleset name="Gov Waste.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Government-Attic.xml b/src/chrome/content/rules/Government-Attic.xml
new file mode 100644
index 000000000000..209d732295c1
--- /dev/null
+++ b/src/chrome/content/rules/Government-Attic.xml
@@ -0,0 +1,16 @@
+<ruleset name="Government Attic">
+	<!-- governmentattic.com -->
+	<target host="governmentattic.com" />
+	<target host="mail.governmentattic.com" />
+	<target host="www.governmentattic.com" />
+
+	<!-- governmentattic.org -->
+	<target host="governmentattic.org" />
+	<target host="cpanel.governmentattic.org" />
+	<target host="mail.governmentattic.org" />
+	<target host="webdisk.governmentattic.org" />
+	<target host="webmail.governmentattic.org" />
+	<target host="www.governmentattic.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Governmentattic.org.xml b/src/chrome/content/rules/Governmentattic.org.xml
deleted file mode 100644
index 4bd0a7b0a0f5..000000000000
--- a/src/chrome/content/rules/Governmentattic.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Governmentattic.org" default_off="mismatched">
-
-	<target host="governmentattic.org" />
-	<target host="www.governmentattic.org" />
-
-
-	<rule from="^http://(?:www\.)?governmentattic\.org/"
-		to="https://governmentattic.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gpg4win.de.xml b/src/chrome/content/rules/Gpg4win.de.xml
new file mode 100644
index 000000000000..f81e9a41f160
--- /dev/null
+++ b/src/chrome/content/rules/Gpg4win.de.xml
@@ -0,0 +1,17 @@
+<!--
+	See also Gpg4win.org.xml
+	
+	Invalid certificate:
+		- ftp.gpg4win.de
+-->
+<ruleset name="Gpg4win.de">
+
+	<target host="gpg4win.de" />
+	<target host="www.gpg4win.de" />
+	<target host="files.gpg4win.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Gpg4win.org.xml b/src/chrome/content/rules/Gpg4win.org.xml
index 37951547e199..8314a307cc9b 100644
--- a/src/chrome/content/rules/Gpg4win.org.xml
+++ b/src/chrome/content/rules/Gpg4win.org.xml
@@ -1,10 +1,17 @@
+<!--
+	See also Gpg4win.de.xml
+	
+	Invalid certificate:
+		- ftp.gpg4win.org
+-->
 <ruleset name="Gpg4win.org">
 
 	<target host="gpg4win.org" />
 	<target host="www.gpg4win.org" />
 	<target host="files.gpg4win.org" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gr-assets.com.xml b/src/chrome/content/rules/Gr-assets.com.xml
index 7054f1248c5b..c5bab54eab4f 100644
--- a/src/chrome/content/rules/Gr-assets.com.xml
+++ b/src/chrome/content/rules/Gr-assets.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://p.gr-assets.com/ => https://p.gr-assets.com/: (6, 'Could not
 	For other Goodreads coverage, see Goodreads.xml.
 
 -->
-<ruleset name="Gr-assets.com" default_off='failed ruleset test'>
+<ruleset name="Gr-assets.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Graasmilk.net.xml b/src/chrome/content/rules/Graasmilk.net.xml
index 80b509208a7e..fff5e1e72da7 100644
--- a/src/chrome/content/rules/Graasmilk.net.xml
+++ b/src/chrome/content/rules/Graasmilk.net.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://graasmilk.net/ => https://graasmilk.net/: (60, 'SSL certificate problem: self signed certificate')
 Fetch error: http://www.graasmilk.net/ => https://graasmilk.net/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="graasmilk.net" default_off='failed ruleset test'>
+<ruleset name="graasmilk.net" default_off="failed ruleset test">
 
 	<target host="graasmilk.net" />
 	<target host="webmail.graasmilk.net" />
diff --git a/src/chrome/content/rules/Grab_Media.xml b/src/chrome/content/rules/Grab_Media.xml
deleted file mode 100644
index 05b3171a4781..000000000000
--- a/src/chrome/content/rules/Grab_Media.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dg8ui1w5a5byc.cloudfront.net
-
-			- images.grab-media.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Grab Media (partial)">
-
-	<target host="images.grab-media.com" />
-
-
-	<rule from="^http://images\.grab-media\.com/"
-		to="https://dg8ui1w5a5byc.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/GradImages.xml b/src/chrome/content/rules/GradImages.xml
index e7d6f491d5dd..1fd138e9cb14 100644
--- a/src/chrome/content/rules/GradImages.xml
+++ b/src/chrome/content/rules/GradImages.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gradle.org.xml b/src/chrome/content/rules/Gradle.org.xml
deleted file mode 100644
index 5bd37795ac22..000000000000
--- a/src/chrome/content/rules/Gradle.org.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Nonfunctional hosts:
-
-		- forums *
-
-	* Redirects to http
-
-
-	Insecure cookies are set for these domains:
-
-		- .gradle.org
-
-
-	Mixed content:
-
-		- css from $self *
-		- fonts from $self *
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Gradle.org (partial, false MCB)" platform="mixedcontent">
-
-	<target host="gradle.org" />
-	<target host="www.gradle.org" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.gradle\.org$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.gradle\.org$" name="^(?:__cfduid|cf_clearance)$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Gradwell.com.xml b/src/chrome/content/rules/Gradwell.com.xml
index 5db04b7da5fa..c3ef447864f1 100644
--- a/src/chrome/content/rules/Gradwell.com.xml
+++ b/src/chrome/content/rules/Gradwell.com.xml
@@ -1,13 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://webmail.gradwell.com/ => https://webmail.gradwell.com/: (6, 'Could not resolve host: webmail.gradwell.com')
+
 	Other Gradwell rulesets:
 
-		- Gradwell_Cloud.com.xml
 
 
 	Problematic hosts in *gradwell.com:
 
 		- cdn *
-	
+
 	* Cloudfront
 
 
@@ -26,7 +30,7 @@
 	<target host="login.gradwell.com" />
 	<target host="portal.gradwell.com" />
 	<target host="support.gradwell.com" />
-	<target host="webmail.gradwell.com" />
+	<!-- target host="webmail.gradwell.com" /-->
 	<target host="www.gradwell.com" />
 
 	<!--	Complications:
diff --git a/src/chrome/content/rules/Gradwell_Cloud.com.xml b/src/chrome/content/rules/Gradwell_Cloud.com.xml
deleted file mode 100644
index 4b3533d1b0ee..000000000000
--- a/src/chrome/content/rules/Gradwell_Cloud.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Gradwell coverage, see Gradwell.com.xml.
-
--->
-<ruleset name="Gradwell Cloud.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="gradwellcloud.com" />
-	<target host="assets.gradwellcloud.com" />
-	<target host="controlpanel.gradwellcloud.com" />
-	<target host="www.gradwellcloud.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml b/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml
index 6ffabe5ea42b..d5e54ac2ca37 100644
--- a/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml
+++ b/src/chrome/content/rules/GrainsResearchandDevelopmentCorporation.xml
@@ -1,7 +1,7 @@
 <ruleset name="Grains Research and Development Corporation">
 	<target host="grdc.com.au" />
-	<target host="*.grdc.com.au" />
+	<target host="www.grdc.com.au" />
 
 	<rule from="^http://(?:www\.)?grdc\.com\.au/"
 		to="https://www.grdc.com.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml b/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml
index 334e696dc45f..5944dbd32c92 100644
--- a/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml
+++ b/src/chrome/content/rules/Grand-Rapids-Community-Media-Center.xml
@@ -7,7 +7,8 @@ Fetch error: http://www.wealthytheatre.org/ => https://www.grcmc.org/theatre/: R
 <ruleset name="Grand Rapids Community Media Center" platform="mixedcontent">
 
 	<target host="grcmc.org" />
-	<target host="*.grcmc.org" />
+	<target host="client.grcmc.org" />
+	<target host="www.grcmc.org" />
 	<target host="wealthytheatre.org" />
 	<target host="www.wealthytheatre.org" />
 
@@ -15,11 +16,10 @@ Fetch error: http://www.wealthytheatre.org/ => https://www.grcmc.org/theatre/: R
 	<securecookie host="^.*\.grcmc\.org$" name=".+" />
 
 
-	<rule from="^http://(client\.|www\.)?grcmc\.org/"
-		to="https://$1grcmc.org/" />
 
 	<!--	Cert only matches grcmc.org, redirects as so.	-->
 	<rule from="^http://(?:www\.)?wealthytheatre\.org/"
 		to="https://www.grcmc.org/theatre/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GrandViewOutdoors.com.xml b/src/chrome/content/rules/GrandViewOutdoors.com.xml
new file mode 100644
index 000000000000..2693d61c1ddb
--- /dev/null
+++ b/src/chrome/content/rules/GrandViewOutdoors.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		info.grandviewoutdoors.com
+		oascentral.grandviewoutdoors.com
+
+-->
+<ruleset name="GrandViewOutdoors.com">
+
+	<target host="grandviewoutdoors.com" />
+	<target host="www.grandviewoutdoors.com" />
+	<target host="business.customers.grandviewoutdoors.com" />
+	<target host="consumer.customers.grandviewoutdoors.com" />
+	<target host="sales.grandviewoutdoors.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Grand_Haven_Tribune.xml b/src/chrome/content/rules/Grand_Haven_Tribune.xml
index 480c97e0140d..d4dc812c27d3 100644
--- a/src/chrome/content/rules/Grand_Haven_Tribune.xml
+++ b/src/chrome/content/rules/Grand_Haven_Tribune.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?grandhaventribune\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.grandhaventribune.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml b/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml
index 3aaf1f53e788..c8c4db536c70 100644
--- a/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml
+++ b/src/chrome/content/rules/Grand_Lodge_of_British_Columbia.xml
@@ -9,13 +9,15 @@ Fetch error: http://bcy.ca/ => https://www.freemasonry.bcy.ca/: (51, "SSL: no al
 		- freemasonry	(cert only matches www.freemasonry)
 
 -->
-<ruleset name="Grand Lodge of British Columbia" default_off='failed ruleset test'>
+<ruleset name="Grand Lodge of British Columbia" default_off="failed ruleset test">
 
 	<target host="bcy.ca" />
-	<target host="*.bcy.ca" />
+	<target host="freemasonry.bcy.ca" />
+	<target host="www.bcy.ca" />
+	<target host="www.freemasonry.bcy.ca" />
 
 
 	<rule from="^http://(?:www\.)?(?:freemasonry\.)?bcy\.ca/"
 		to="https://www.freemasonry.bcy.ca/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GraphQL.org.xml b/src/chrome/content/rules/GraphQL.org.xml
new file mode 100644
index 000000000000..26fc6eb14d96
--- /dev/null
+++ b/src/chrome/content/rules/GraphQL.org.xml
@@ -0,0 +1,31 @@
+<ruleset name="GraphQL.org">
+	<target host="graphql.org" />
+	<target host="www.graphql.org" />
+	<target host="autojoin.graphql.org" />
+	<target host="calendar.graphql.org" />
+	<target host="code-of-conduct.graphql.org" />
+	<target host="corporate-spec-membership.graphql.org" />
+	<target host="devstats.graphql.org" />
+	<target host="expressgraphql.devstats.graphql.org" />
+	<target host="graphiql.devstats.graphql.org" />
+	<target host="graphql.devstats.graphql.org" />
+	<target host="graphqljs.devstats.graphql.org" />
+	<target host="graphqlspec.devstats.graphql.org" />
+	<target host="edx.graphql.org" />
+	<target host="foundation.graphql.org" />
+	<target host="lists.foundation.graphql.org" />
+	<target host="individual-spec-membership.graphql.org" />
+	<target host="insights.graphql.org" />
+	<target host="join.graphql.org" />
+	<target host="l.graphql.org" />
+	<target host="landscape.graphql.org" />
+	<target host="slack.graphql.org" />
+	<target host="slack-invite.graphql.org" />
+	<target host="spec.graphql.org" />
+	<target host="store.graphql.org" />
+	<target host="youtube.graphql.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Graphene-lda.com.xml b/src/chrome/content/rules/Graphene-lda.com.xml
index 1771274932be..50f3ba9d5eb6 100644
--- a/src/chrome/content/rules/Graphene-lda.com.xml
+++ b/src/chrome/content/rules/Graphene-lda.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://graphene-lda.com/ => https://graphene-lda.com/: (6, 'Could n
 Fetch error: http://www.graphene-lda.com/ => https://www.graphene-lda.com/: (6, 'Could not resolve host: www.graphene-lda.com')
 
 -->
-<ruleset name="Graphene-lda.com" default_off='failed ruleset test'>
+<ruleset name="Graphene-lda.com" default_off="failed ruleset test">
 
 	<target host="graphene-lda.com" />
 	<target host="www.graphene-lda.com" />
diff --git a/src/chrome/content/rules/Graphviz.org.xml b/src/chrome/content/rules/Graphviz.org.xml
new file mode 100644
index 000000000000..86394124dd9f
--- /dev/null
+++ b/src/chrome/content/rules/Graphviz.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.graphviz.org:
+		- ftp.graphviz.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Graphviz.org">
+	<target host="graphviz.org" />
+	<target host="www.graphviz.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grassroots.org.xml b/src/chrome/content/rules/Grassroots.org.xml
index 993b36d104e6..1e1a7ae85c84 100644
--- a/src/chrome/content/rules/Grassroots.org.xml
+++ b/src/chrome/content/rules/Grassroots.org.xml
@@ -9,12 +9,12 @@ Fetch error: http://grassroots.org/ => https://grassroots.org/: (28, 'Operation
 	For problematic rules, see Grassroots.org-mismatches.xml.
 
 -->
-<ruleset name="Grassroots.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Grassroots.org (partial)" default_off="failed ruleset test">
 
 	<target host="grassroots.org" />
 	<target host="www.grassroots.org" />
 	<!--	*s for cross-domain cookies.	-->
-	
+
 
 
 	<securecookie host="^.*\.grassroots\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Gravity.com.xml b/src/chrome/content/rules/Gravity.com.xml
deleted file mode 100644
index e41dd67f807e..000000000000
--- a/src/chrome/content/rules/Gravity.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Releated rulesets: GrvCDN.com.xml
-
-	Invalid certificate:
-		api.gravity.com
-		blog.gravity.com
-		rma-api.gravity.com	https://rma-api.gravity.com/v1/api/intelligence/wl
-		status.gravity.com
-
-	Redirect to http:
-		^
-		www.gravity.com
--->
-<ruleset name="Gravity.com">
-	<!--	Direct rewrites:	-->
-	<target host="analytics.gravity.com" />
-	<target host="dashboard.gravity.com" />
-	<target host="me.gravity.com" />
-	<target host="support.gravity.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gravity4.com.xml b/src/chrome/content/rules/Gravity4.com.xml
deleted file mode 100644
index 5f2ec8944b72..000000000000
--- a/src/chrome/content/rules/Gravity4.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Expired:
-		bamboo.gravity4.com
-
-	Invalid certificate:
-		careers.gravity4.com	https://careers.gravity4.com/apply/1pwm9l/Demand-Side-Platform-Account-Manager
-		dmp.gravity4.com	https://dmp.gravity4.com/#/login
--->
-
-<ruleset name="Gravity4.com">
-	<target host="gravity4.com" />
-	<target host="www.gravity4.com" />
-	<target host="jira.gravity4.com" />
-	<target host="os.gravity4.com" />
-	<target host="support.gravity4.com" />
-
-	<securecookie host="^\w" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/GreatDomains.com.xml b/src/chrome/content/rules/GreatDomains.com.xml
deleted file mode 100644
index 9ead9f5450b5..000000000000
--- a/src/chrome/content/rules/GreatDomains.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For other Sedo Holdings coverage, see Sedo_Holding.com.xml.
-
-
-	www.greatdomains.com: Mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .greatdomains.com
-
--->
-<ruleset name="GreatDomains.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="greatdomains.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.greatdomains.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.greatdomains\.com$" name="^session$" /-->
-
-	<securecookie host="^\.greatdomains\.com$" name=".+" />
-
-
-	<rule from="^http://www\.greatdomains\.com/"
-		to="https://greatdomains.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Great_American_Office.xml b/src/chrome/content/rules/Great_American_Office.xml
index d128105f6024..832adbf22867 100644
--- a/src/chrome/content/rules/Great_American_Office.xml
+++ b/src/chrome/content/rules/Great_American_Office.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greatis.net.xml b/src/chrome/content/rules/Greatis.net.xml
new file mode 100644
index 000000000000..4f9177d9c496
--- /dev/null
+++ b/src/chrome/content/rules/Greatis.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- ftp
+		- whm
+-->
+<ruleset name="Greatis.net">
+	<target host="greatis.net" />
+	<target host="www.greatis.net" />
+	<target host="cpanel.greatis.net" />
+	<target host="mail.greatis.net" />
+	<target host="malwarefixit.greatis.net" />
+	<target host="www.malwarefixit.greatis.net" />
+	<target host="webdisk.greatis.net" />
+	<target host="webmail.greatis.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Greek-banks.xml b/src/chrome/content/rules/Greek-banks.xml
index 5e139a9f90f4..3831c2030758 100644
--- a/src/chrome/content/rules/Greek-banks.xml
+++ b/src/chrome/content/rules/Greek-banks.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.probank.gr/ => https://www.probank.gr/: (28, 'Resolving timed out after 10520 milliseconds') This ruleset is experimental. If you experience problems please
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
-<ruleset name="Greek-banks" default_off='failed ruleset test'>
+<ruleset name="Greek-banks" default_off="failed ruleset test">
   <target host="www.nbg.gr" />
   <target host="www.alpha.gr" />
   <target host="www.alphabankcards.gr" />
diff --git a/src/chrome/content/rules/Greek-gov.xml b/src/chrome/content/rules/Greek-gov.xml
index e462f86532bc..5e74176b00d1 100644
--- a/src/chrome/content/rules/Greek-gov.xml
+++ b/src/chrome/content/rules/Greek-gov.xml
@@ -2,15 +2,16 @@
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
 <ruleset name="Greek-gov">
-  <target host="*.grnet.gr" />
-  <target host="*.gsis.gr" />
+  <target host="lists.grnet.gr" />
+  <target host="lists.noc.grnet.gr" />
+  <target host="www.noc.grnet.gr" />
+  <target host="www1.gsis.gr" />
+  <target host="login.gsis.gr" />
   <target host="service.eudoxus.gr" />
 
 	<securecookie host="^(?:lists|noc|.*\.noc)\.grnet\.gr$" name=".+" />
 	<securecookie host="^(?:.*\.)?gsis\.gr$" name=".+" />
 	<securecookie host="^service\.eudoxus\.gr$" name=".+" />
 
-  <rule from="^http://(lists|lists\.noc|www\.noc)\.grnet\.gr/" to="https://$1.grnet.gr/"/>
-  <rule from="^http://(www1|login)\.gsis\.gr/" to="https://$1.gsis.gr/"/>
-  <rule from="^http://service\.eudoxus\.gr/" to="https://service.eudoxus.gr/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Greek-media.xml b/src/chrome/content/rules/Greek-media.xml
index 8cfb9fe83f56..bcea15139d5a 100644
--- a/src/chrome/content/rules/Greek-media.xml
+++ b/src/chrome/content/rules/Greek-media.xml
@@ -13,8 +13,6 @@ open an issue at https://github.com/kargig/https-everywhere-greek-rules
 <ruleset name="Greek-media (partial)">
 	<target host="static.ant1.gr" />
 
-	<securecookie host="^(?:.*\.)?antenna\.gr$" name=".+" />
-
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Greek-travel.xml b/src/chrome/content/rules/Greek-travel.xml
index eca0b93688bb..7e70d5ba94ff 100644
--- a/src/chrome/content/rules/Greek-travel.xml
+++ b/src/chrome/content/rules/Greek-travel.xml
@@ -1,5 +1,8 @@
 <!--
-This ruleset is experimental. If you experience problems please open an issue at https://github.com/kargig/https-everywhere-greek-rules/issues/new or https://github.com/EFForg/https-everywhere/issues/new
+
+	Problematic subdomains
+
+		- aegeanair.com and www.aegeanair.com redirect to non-existent en.aegeanair.com
 
 hotel. mismatch
 flights. expired
@@ -9,160 +12,76 @@ schedulechange. mismatch
 -->
 
 <ruleset name="Greek-travel">
-	<target host="aegeanair.com" />
-	<target host="www.aegeanair.com" />
 	<target host="el.aegeanair.com" />
-	<target host="en.aegeanair.com" />
 	<target host="de.aegeanair.com" />
 	<target host="it.aegeanair.com" />
 	<target host="fr.aegeanair.com" />
 	<target host="es.aegeanair.com" />
 	<target host="ru.aegeanair.com" />
 	<target host="rentacar.aegeanair.com" />
-	<target host="en.about.aegeanair.com" />
-	<target host="alphabankbonusredemptionen.aegeanair.com" />
-	<target host="alphabankbonusredemptionel.aegeanair.com" />
 	<target host="el.about.aegeanair.com" />
 	<target host="it.about.aegeanair.com" />
 	<target host="de.about.aegeanair.com" />
 	<target host="fr.about.aegeanair.com" />
 
 	<!-- Fix #3073 and #3392 -->
-	
+
 	<!--<exclusion pattern="^http://(?:en|el|de|it|fr|es|ru)\.aegeanair\.com/(?:sys/flights/|Css/fonts/|$|\?)" />-->
 	<!--<exclusion pattern="^http://(?:en|el|de|it|fr)\.about\.aegeanair\.com/(?:Css/fonts/|$|\?)" />-->
-	
-	<exclusion pattern="^http://en\.aegeanair\.com/sys/flights/" />
+
 	<exclusion pattern="^http://el\.aegeanair\.com/sys/flights/" />
 	<exclusion pattern="^http://de\.aegeanair\.com/sys/flights/" />
 	<exclusion pattern="^http://it\.aegeanair\.com/sys/flights/" />
 	<exclusion pattern="^http://fr\.aegeanair\.com/sys/flights/" />
 	<exclusion pattern="^http://es\.aegeanair\.com/sys/flights/" />
 	<exclusion pattern="^http://ru\.aegeanair\.com/sys/flights/" />
-	
-	<exclusion pattern="^http://en\.aegeanair\.com/Css/fonts/" />
+
 	<exclusion pattern="^http://el\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://de\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://it\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://fr\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://es\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://ru\.aegeanair\.com/Css/fonts/" />
-	
-	<exclusion pattern="^http://en\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://el\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://de\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://it\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://fr\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://es\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://ru\.aegeanair\.com/?$" />
-	
-	<exclusion pattern="^http://en\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://el\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://de\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://it\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://fr\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://es\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://ru\.aegeanair\.com/?\?" />
-	
-	<exclusion pattern="^http://en\.about\.aegeanair\.com/Css/fonts/" />
+
 	<exclusion pattern="^http://el\.about\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://de\.about\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://it\.about\.aegeanair\.com/Css/fonts/" />
 	<exclusion pattern="^http://fr\.about\.aegeanair\.com/Css/fonts/" />
-	
-	<exclusion pattern="^http://en\.about\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://el\.about\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://de\.about\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://it\.about\.aegeanair\.com/?$" />
-	<exclusion pattern="^http://fr\.about\.aegeanair\.com/?$" />
-	
-	<exclusion pattern="^http://en\.about\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://el\.about\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://de\.about\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://it\.about\.aegeanair\.com/?\?" />
-	<exclusion pattern="^http://fr\.about\.aegeanair\.com/?\?" />
-
-	<test url="http://en.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+
 	<test url="http://el.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://de.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://it.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://fr.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://es.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://ru.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
-	
-	<test url="http://en.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
+
 	<test url="http://el.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://de.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://it.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
 	<test url="http://fr.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
-	<test url="http://es.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
-	<test url="http://ru.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" />
-	
-	<test url="http://en.aegeanair.com/sys/flights/airports" />
+	<!--test url="http://es.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" /-->
+	<!--test url="http://ru.about.aegeanair.com/Css/fonts/Roboto-Bold/Roboto-Bold.ttf" /-->
+
 	<test url="http://el.aegeanair.com/sys/flights/airports" />
 	<test url="http://de.aegeanair.com/sys/flights/airports" />
 	<test url="http://it.aegeanair.com/sys/flights/airports" />
 	<test url="http://fr.aegeanair.com/sys/flights/airports" />
 	<test url="http://es.aegeanair.com/sys/flights/airports" />
 	<test url="http://ru.aegeanair.com/sys/flights/airports" />
-	
-	<test url="http://en.aegeanair.com?" />
-	<test url="http://el.aegeanair.com?" />
-	<test url="http://de.aegeanair.com?" />
-	<test url="http://it.aegeanair.com?" />
-	<test url="http://fr.aegeanair.com?" />
-	<test url="http://es.aegeanair.com?" />
-	<test url="http://ru.aegeanair.com?" />
-	
-	<test url="http://en.aegeanair.com" />
-	<test url="http://el.aegeanair.com" />
-	<test url="http://de.aegeanair.com" />
-	<test url="http://it.aegeanair.com" />
-	<test url="http://fr.aegeanair.com" />
-	<test url="http://es.aegeanair.com" />
-	<test url="http://ru.aegeanair.com" />
-	
-	<test url="http://en.aegeanair.com/?" />
-	<test url="http://el.aegeanair.com/?" />
-	<test url="http://de.aegeanair.com/?" />
-	<test url="http://it.aegeanair.com/?" />
-	<test url="http://fr.aegeanair.com/?" />
-	<test url="http://es.aegeanair.com/?" />
-	<test url="http://ru.aegeanair.com/?" />
-	
-	<test url="http://en.aegeanair.com/?q" />
+
 	<test url="http://el.aegeanair.com/?q" />
 	<test url="http://de.aegeanair.com/?q" />
 	<test url="http://it.aegeanair.com/?q" />
 	<test url="http://fr.aegeanair.com/?q" />
 	<test url="http://es.aegeanair.com/?q" />
 	<test url="http://ru.aegeanair.com/?q" />
-	
-	<test url="http://en.about.aegeanair.com?" />
-	<test url="http://el.about.aegeanair.com?" />
-	<test url="http://de.about.aegeanair.com?" />
-	<test url="http://it.about.aegeanair.com?" />
-	<test url="http://fr.about.aegeanair.com?" />
-	
-	<test url="http://en.about.aegeanair.com" />
-	<test url="http://el.about.aegeanair.com" />
-	<test url="http://de.about.aegeanair.com" />
-	<test url="http://it.about.aegeanair.com" />
-	<test url="http://fr.about.aegeanair.com" />
-	
-	<test url="http://en.about.aegeanair.com/?" />
-	<test url="http://el.about.aegeanair.com/?" />
-	<test url="http://de.about.aegeanair.com/?" />
-	<test url="http://it.about.aegeanair.com/?" />
-	<test url="http://fr.about.aegeanair.com/?" />
-	
-	<test url="http://en.about.aegeanair.com/?q" />
+
 	<test url="http://el.about.aegeanair.com/?q" />
 	<test url="http://de.about.aegeanair.com/?q" />
 	<test url="http://it.about.aegeanair.com/?q" />
 	<test url="http://fr.about.aegeanair.com/?q" />
 
-	<securecookie host="^(?:.*\.)?aegeanair\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/GreenIT-BB-mismatches.xml b/src/chrome/content/rules/GreenIT-BB-mismatches.xml
index 319293b2e537..3e5392561e67 100644
--- a/src/chrome/content/rules/GreenIT-BB-mismatches.xml
+++ b/src/chrome/content/rules/GreenIT-BB-mismatches.xml
@@ -3,7 +3,7 @@
 	<target host="greenit-bb.de"/>
 	<target host="www.greenit-bb.de"/>
 
-	<securecookie host="^(?:.*\.)?greenit-bb\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?greenit-bb\.de/"
 		to="https://www.greenit-bb.de/"/>
diff --git a/src/chrome/content/rules/GreenIT-BB.xml b/src/chrome/content/rules/GreenIT-BB.xml
index 16a7024605a2..8e4402121778 100644
--- a/src/chrome/content/rules/GreenIT-BB.xml
+++ b/src/chrome/content/rules/GreenIT-BB.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://benchmarking.greenit-bb.de/ => https://benchmarking.greenit-bb.de/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="GreenIT-BB (partial)" default_off='failed ruleset test'>
+<ruleset name="GreenIT-BB (partial)" default_off="failed ruleset test">
 
 	<target host="benchmarking.greenit-bb.de"/>
 
diff --git a/src/chrome/content/rules/GreenQloud.com.xml b/src/chrome/content/rules/GreenQloud.com.xml
index aced569e920e..fd31ea8998b4 100644
--- a/src/chrome/content/rules/GreenQloud.com.xml
+++ b/src/chrome/content/rules/GreenQloud.com.xml
@@ -6,7 +6,6 @@ Fetch error: http://my.greenqloud.com/ => https://my.greenqloud.com/: (6, 'Could
 
 	Other GreenQloud rulesets:
 
-		- QStack.com.xml
 
 
 	Problematic hosts in *greenqloud.com:
@@ -22,7 +21,7 @@ Fetch error: http://my.greenqloud.com/ => https://my.greenqloud.com/: (6, 'Could
 		- auth.greenqloud.com
 
 -->
-<ruleset name="GreenQloud.com" default_off='failed ruleset test'>
+<ruleset name="GreenQloud.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GreenSky_Credit.com.xml b/src/chrome/content/rules/GreenSky_Credit.com.xml
index 156b6b8bfcc0..608d32a8317e 100644
--- a/src/chrome/content/rules/GreenSky_Credit.com.xml
+++ b/src/chrome/content/rules/GreenSky_Credit.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://greensky.com/ => http://greensky.com/: Cycle detected - URL
 <ruleset name="GreenSky Credit.com (partial)">
 
 	<target host="greensky.com" />
-	<target host="*.greensky.com" />
+	<target host="www.greensky.com" />
 
 
 	<rule from="^http://(www\.)?greensky\.com/(images/|payment(?:$|\?|/)|secure/)"
@@ -16,4 +16,4 @@ Fetch error: http://greensky.com/ => http://greensky.com/: Cycle detected - URL
 	<rule from="^http://(www\.)?greensky\.com/(favicon\.ico|_media/|_ui/)"
 		to="https://$1greensky.com/secure/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/GreenVehicleGuide.xml b/src/chrome/content/rules/GreenVehicleGuide.xml
index 4d99d886bfd0..e592ef27c11c 100644
--- a/src/chrome/content/rules/GreenVehicleGuide.xml
+++ b/src/chrome/content/rules/GreenVehicleGuide.xml
@@ -1,7 +1,7 @@
 <ruleset name="Green Vehicle Guide">
 	<target host="greenvehicleguide.gov.au" />
-	<target host="*.greenvehicleguide.gov.au" />
+	<target host="www.greenvehicleguide.gov.au" />
 
 	<rule from="^http://(?:www\.)?greenvehicleguide\.gov\.au/"
 		to="https://www.greenvehicleguide.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Green_Coffee_Bean_Extract.xml b/src/chrome/content/rules/Green_Coffee_Bean_Extract.xml
deleted file mode 100644
index fa229113c448..000000000000
--- a/src/chrome/content/rules/Green_Coffee_Bean_Extract.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	^: parked
-	www: mismatched
-
--->
-<ruleset name="Green Coffee Bean Extract">
-
-	<target host="*.mygreenbeanextract.com" />
-
-
-	<securecookie host="^(?:w*\.)?mygreenbeanextract\.com$" name=".+" />
-
-
-	<!--	//$ redirects to http://$
-						-->
-	<rule from="^http://www\.mygreenbeanextract\.com/(?=$|[^/])"
-		to="https://www.myultragreenbeansupplement.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Green_Party.org.xml b/src/chrome/content/rules/Green_Party.org.xml
deleted file mode 100644
index dae5b97d8ef8..000000000000
--- a/src/chrome/content/rules/Green_Party.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Green Party.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="greenparty.org" />
-	<target host="www.greenparty.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Green_PolkaDot_Box.xml b/src/chrome/content/rules/Green_PolkaDot_Box.xml
index 3f5a26d8696b..90f10512a333 100644
--- a/src/chrome/content/rules/Green_PolkaDot_Box.xml
+++ b/src/chrome/content/rules/Green_PolkaDot_Box.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greenbone.xml b/src/chrome/content/rules/Greenbone.xml
index c52d6af7c629..201778643d2b 100644
--- a/src/chrome/content/rules/Greenbone.xml
+++ b/src/chrome/content/rules/Greenbone.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Greenhouse.io.xml b/src/chrome/content/rules/Greenhouse.io.xml
index 0796d0c5d4bc..90ca2cf7abdd 100644
--- a/src/chrome/content/rules/Greenhouse.io.xml
+++ b/src/chrome/content/rules/Greenhouse.io.xml
@@ -21,13 +21,15 @@
 <ruleset name="Greenhouse.io">
 
 	<target host="greenhouse.io" />
-	<target host="*.greenhouse.io" />
+	<target host="www.greenhouse.io" />
+	<target host="blog.greenhouse.io" />
+	<target host="boards.greenhouse.io" />
+	<target host="info.greenhouse.io" />
 
 
 	<rule from="^http://(?:www\.)?greenhouse\.io/"
 		to="https://www.greenhouse.io/" />
 
-	<rule from="^http://(blog|boards|info)\.greenhouse\.io/"
-		to="https://$1.greenhouse.io/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Greenpeace.org.xml b/src/chrome/content/rules/Greenpeace.org.xml
index 508854782fe2..00b93d7bd481 100644
--- a/src/chrome/content/rules/Greenpeace.org.xml
+++ b/src/chrome/content/rules/Greenpeace.org.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.moon.greenpeace.org/ => https://www.moon.greenpeace.org/
 	² 503
 
 -->
-<ruleset name="greenpeace.org (partial)" default_off='failed ruleset test'>
+<ruleset name="greenpeace.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GreenvilleOnline.com.xml b/src/chrome/content/rules/GreenvilleOnline.com.xml
index 17b76ddfd94c..8b4970c477d6 100644
--- a/src/chrome/content/rules/GreenvilleOnline.com.xml
+++ b/src/chrome/content/rules/GreenvilleOnline.com.xml
@@ -37,10 +37,11 @@
 <ruleset name="GreenvilleOnline.com">
 
 	<target host="greenvilleonline.com" />
-	<target host="*.greenvilleonline.com" />
+	<target host="cmsimg.greenvilleonline.com" />
+	<target host="www.greenvilleonline.com" />
 
 
 	<rule from="^http://(?:cmsimg\.|www\.)?greenvilleonline\.com/"
 		to="https://www.greenvilleonline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Grenoble-INP.fr.xml b/src/chrome/content/rules/Grenoble-INP.fr.xml
index a8afc6fbb24b..f08d2604d0d7 100644
--- a/src/chrome/content/rules/Grenoble-INP.fr.xml
+++ b/src/chrome/content/rules/Grenoble-INP.fr.xml
@@ -12,7 +12,7 @@
 	Fully covered subdomains:
 
 		- applicationform
-		- edt 
+		- edt
 		- emploi-du-temps
 
 -->
diff --git a/src/chrome/content/rules/Greystripe.com.xml b/src/chrome/content/rules/Greystripe.com.xml
index c3f8b3738e26..41a6d7fff52a 100644
--- a/src/chrome/content/rules/Greystripe.com.xml
+++ b/src/chrome/content/rules/Greystripe.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Greystripe.com" default_off="akamai cert">
 
 	<target host="greystripe.com" />
-	<target host="*.greystripe.com" />
+	<target host="www.greystripe.com" />
+	<target host="c.greystripe.com" />
 
 
 	<rule from="^http://(?:www\.)?greystripe\.com/"
 		to="https://www.greystripe.com/" />
 
-	<rule from="^http://c\.greystripe\.com/"
-		to="https://c.greystripe.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Gridcoin.us.xml b/src/chrome/content/rules/Gridcoin.us.xml
index 568083596ba3..22540efa21bd 100644
--- a/src/chrome/content/rules/Gridcoin.us.xml
+++ b/src/chrome/content/rules/Gridcoin.us.xml
@@ -17,7 +17,7 @@ Fetch error: http://pool.gridcoin.us/ => https://pool.gridcoin.us/: (28, 'Connec
 		- (www.)?
 		- pool
 
-		- 
+		-
 	Mixed content:
 
 		- css on (www.)? from fonts.googleapis.com *
@@ -27,7 +27,7 @@ Fetch error: http://pool.gridcoin.us/ => https://pool.gridcoin.us/: (28, 'Connec
 	² Rule disabled by default
 
 -->
-<ruleset name="Gridcoin.us (partial)" default_off='failed ruleset test'>
+<ruleset name="Gridcoin.us (partial)" default_off="failed ruleset test">
 
 	<target host="gridcoin.us" />
 	<target host="pool.gridcoin.us" />
diff --git a/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml b/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml
index 60b56df1d32d..17fc0265bc0b 100644
--- a/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml
+++ b/src/chrome/content/rules/Gridz_Direct.com-falsemixed.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="Gridz Direct.com (false MCB)" default_off="handshake failure" platform="mixedcontent">
 
-	<target host="*.gridzdirect.com" />
+	<target host="www.gridzdirect.com" />
 
 
 	<securecookie host="^\.(?:www\.)?gridzdirect\.com$" name=".+" />
 
 
-	<rule from="^http://www\.gridzdirect\.com/"
-		to="https://www.gridzdirect.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Griffin_Technology.com.xml b/src/chrome/content/rules/Griffin_Technology.com.xml
deleted file mode 100644
index bfd5bbdeabff..000000000000
--- a/src/chrome/content/rules/Griffin_Technology.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	(www.)?griffintechnology.com: Redirects to http		- 
-
-
-	Insecure cookies are set for these domains:
-
-		- .store.griffintechnology.com
-
--->
-<ruleset name="Griffin Technology.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="store.griffintechnology.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.store\.griffintechnology\.com$" name="^(?:epc-initiated|frontend)$" /-->
-
-	<securecookie host="^\.store\.griffintechnology\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Griffith-University.xml b/src/chrome/content/rules/Griffith-University.xml
index b9127351f9c3..d62c1962c788 100644
--- a/src/chrome/content/rules/Griffith-University.xml
+++ b/src/chrome/content/rules/Griffith-University.xml
@@ -1,7 +1,15 @@
 <ruleset name="Griffith University">
 
 	<target host="griffith.edu.au" />
-	<target host="*.griffith.edu.au" />
+	<target host="www.griffith.edu.au" />
+	<target host="ias.griffith.edu.au" />
+	<target host="learning.griffith.edu.au" />
+	<target host="intranet.secure.griffith.edu.au" />
+	<target host="learning.secure.griffith.edu.au" />
+	<target host="portal.secure.griffith.edu.au" />
+	<target host="www3.secure.griffith.edu.au" />
+	<target host="intranet.griffith.edu.au" />
+	<target host="www3.griffith.edu.au" />
 
 
 	<securecookie host="^www3\.secure\.griffith\.edu\.au$" name=".+" />
diff --git a/src/chrome/content/rules/Grinnell_College.xml b/src/chrome/content/rules/Grinnell_College.xml
index e35fa5305eca..b0a3c891cb86 100644
--- a/src/chrome/content/rules/Grinnell_College.xml
+++ b/src/chrome/content/rules/Grinnell_College.xml
@@ -2,10 +2,7 @@
 	Nonfunctional subdomains:
 
 		- athdb			(replies with http)
-		- catalog		(shows www.acalogadmin.com; mismatched, CN: *.acalogadmin.com)
-		- perecruiting.cs
 		- pdid			(times out)
-		- pioneers
 		- schedule25wb		(times out)
 		- (www.)web
 		- wm
@@ -15,9 +12,12 @@
 	Problematic subdomains:
 
 		- ^		(times out)
-		- www.cs	(works; expired 2010-08-17, self-signed)
 		- drupal	(works, mismatched, CN: www.cs.grinnell.edu)
 		- www.cat.lib	(cert only matches ^cat.lib)
+		- db		(cert only matches ^itwebapps)
+		- www.math	(cert only matches ^www.cs)
+		- magazine	(bad cert domain)
+		- *.grin.edu	(bad cert domain)
 
 
 	Partially covered subdomains:
@@ -27,37 +27,53 @@
 
 	Fully covered subdomains:
 
-		- autodiscover
 		- bookstore
-		- db
 		- digital
 		- help
 		- imap
 		- itwebapps
 		- (www.)cat.lib		(www → ^)
 		- libweb
-		- loggia
 		- mail
 		- webmail
+		- www.cs
 
 -->
 <ruleset name="Grinnell College (partial)">
 
 	<target host="grinnell.edu" />
-	<target host="*.grinnell.edu" />
-
+	<target host="www.grinnell.edu" />
+	<target host="admission.grinnell.edu" />
+	<target host="alumni.grinnell.edu" />
+	<target host="appdev.grinnell.edu" />
+	<target host="bookstore.grinnell.edu" />
+	<target host="catalog.grinnell.edu" />
+	<target host="cat.lib.grinnell.edu" />
+	<target host="www.cs.grinnell.edu" />
+	<target host="digital.grinnell.edu" />
+	<target host="ebill.grinnell.edu" />
+	<target host="help.grinnell.edu" />
+	<target host="imap.grinnell.edu" />
+	<target host="itwebapps.grinnell.edu" />
+	<target host="libweb.grinnell.edu" />
+	<target host="mail.grinnell.edu" />
+	<target host="m.catalog.grinnell.edu" />
+	<target host="pioneers.grinnell.edu" />
+	<target host="selfservice.grinnell.edu" />
+	<target host="sga.grinnell.edu" />
+	<target host="sites.grinnell.edu" />
+	<target host="*.sites.grinnell.edu" />
+		<test url="http://gciel.sites.grinnell.edu/" />
+		<test url="http://dasil.sites.grinnell.edu/" />
+		<test url="http://wilsonspark.sites.grinnell.edu/" />
+		<test url="http://comm.sites.grinnell.edu/" />
+		<test url="http://makerlab.sites.grinnell.edu/" />
+	<target host="wa3.grinnell.edu" />
 
 	<!--securecookie host="^\.grinnell\.edu$" name="^SESS\w{32}$" /-->
-	<securecookie host="^(?:\.?bookstore|db|\.?digital|help|cat\.lib|mail)\.grinnell\.edu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?grinnell\.edu/(files/|includes/|misc/|sites/)"
-		to="https://www.grinnell.edu/$1" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(autodiscover|db|digital|help|imap|itwebapps|libweb|loggia|mail)\.grinnell\.edu/"
-		to="https://$1.grinnell.edu/" />
 
-	<rule from="^http://(?:www\.)?cat\.lib\.grinnell\.edu/"
-		to="https://cat.lib.grinnell.edu/" />
+        <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gris.ca.xml b/src/chrome/content/rules/Gris.ca.xml
new file mode 100644
index 000000000000..4540ead2085c
--- /dev/null
+++ b/src/chrome/content/rules/Gris.ca.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gris.ca" platform="mixedcontent">
+	<target host="gris.ca" />
+	<target host="www.gris.ca" />
+	<target host="membres.gris.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grocery_Server.com.xml b/src/chrome/content/rules/Grocery_Server.com.xml
index 0722b99cc4f0..7e59593d955d 100644
--- a/src/chrome/content/rules/Grocery_Server.com.xml
+++ b/src/chrome/content/rules/Grocery_Server.com.xml
@@ -18,7 +18,8 @@
 <ruleset name="Grocery Server.com (partial)">
 
 	<target host="groceryserver.com" />
-	<target host="*.groceryserver.com" />
+	<target host="wanderful.groceryserver.com" />
+	<target host="www.groceryserver.com" />
 
 
 	<securecookie host="^(?:www\.)?groceryserver\.com$" name=".+" />
diff --git a/src/chrome/content/rules/GroenLinks.nl.xml b/src/chrome/content/rules/GroenLinks.nl.xml
index a339d2cf62db..a29f2b329dea 100644
--- a/src/chrome/content/rules/GroenLinks.nl.xml
+++ b/src/chrome/content/rules/GroenLinks.nl.xml
@@ -29,7 +29,7 @@
 	<!--securecookie host="^(?:klimaat\.)?groenlinks\.nl$" name="^SimpleSAMLSessionID$" /-->
 	<!--securecookie host="^mijn\.groenlinks\.nl$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.+\.)?groenlinks\.nl$" name="" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Groton.org.xml b/src/chrome/content/rules/Groton.org.xml
index 7aebd24b4f9e..8da03ff83f66 100644
--- a/src/chrome/content/rules/Groton.org.xml
+++ b/src/chrome/content/rules/Groton.org.xml
@@ -18,7 +18,7 @@
 	<target host="groton.org" />
 	<target host="www.groton.org" />
 
-	<rule from="^http://groton\.org/" 
+	<rule from="^http://groton\.org/"
 		to="https://www.groton.org/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Group-Commerce.xml b/src/chrome/content/rules/Group-Commerce.xml
index dc003953d8dc..06c18c0d77a9 100644
--- a/src/chrome/content/rules/Group-Commerce.xml
+++ b/src/chrome/content/rules/Group-Commerce.xml
@@ -10,7 +10,7 @@ Fetch error: http://admin.groupcommerce.com/ => https://admin.groupcommerce.com/
 		- (www.)groupcommerce.com
 
 -->
-<ruleset name="Group Commerce (partial)" default_off='failed ruleset test'>
+<ruleset name="Group Commerce (partial)" default_off="failed ruleset test">
 
 	<target host="admin.groupcommerce.com"/>
 
diff --git a/src/chrome/content/rules/Groupees.com.xml b/src/chrome/content/rules/Groupees.com.xml
index 36bf650e2f4f..ed4bb475f6c5 100644
--- a/src/chrome/content/rules/Groupees.com.xml
+++ b/src/chrome/content/rules/Groupees.com.xml
@@ -2,6 +2,6 @@
 	<target host="groupees.com" />
 	<target host="www.groupees.com" />
 	<target host="blog.groupees.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Grouper_Social_Club.com.xml b/src/chrome/content/rules/Grouper_Social_Club.com.xml
index 4e262e7fb027..40f550369b18 100644
--- a/src/chrome/content/rules/Grouper_Social_Club.com.xml
+++ b/src/chrome/content/rules/Grouper_Social_Club.com.xml
@@ -8,18 +8,17 @@ Fetch error: http://groupersocialclub.com.au/ => https://groupersocialclub.com.a
 		- groupergram-photos.s3.amazonaws.com
 
 -->
-<ruleset name="Grouper Social Club.com" default_off='failed ruleset test'>
+<ruleset name="Grouper Social Club.com" default_off="failed ruleset test">
 
 	<target host="groupersocialclub.com" />
-	<target host="*.groupersocialclub.com" />
 	<target host="groupersocialclub.com.au" />
-	<target host="*.groupersocialclub.com.au" />
+	<target host="www.groupersocialclub.com" />
+	<target host="www.groupersocialclub.com.au" />
 
 
 	<securecookie host="^(?:www)?\.groupersocialclub\.com(?:\.au)?$" name=".+" />
 
 
-	<rule from="^http://(www\.)?groupersocialclub\.com(\.au)?/"
-		to="https://$1groupersocialclub.com$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Groupon.com.br.xml b/src/chrome/content/rules/Groupon.com.br.xml
index 267415e48814..a4d0b5948727 100644
--- a/src/chrome/content/rules/Groupon.com.br.xml
+++ b/src/chrome/content/rules/Groupon.com.br.xml
@@ -19,7 +19,7 @@ Non-2xx HTTP code: http://www.groupon.com.br/ (200) => https://www.groupon.com.b
 		- www.groupon.com.br
 
 -->
-<ruleset name="Groupon.com.br" default_off='failed ruleset test'>
+<ruleset name="Groupon.com.br" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Groupon.gr.xml b/src/chrome/content/rules/Groupon.gr.xml
index b350832c3445..a32c5c6517fb 100644
--- a/src/chrome/content/rules/Groupon.gr.xml
+++ b/src/chrome/content/rules/Groupon.gr.xml
@@ -5,11 +5,11 @@ Fetch error: http://groupon.gr/ => https://groupon.gr/: (51, "SSL: no alternativ
  This ruleset is experimental. If you experience problems please
 	 open an issue at https://github.com/kargig/https-everywhere -->
 
-<ruleset name="Groupon.gr" default_off='failed ruleset test'>
+<ruleset name="Groupon.gr" default_off="failed ruleset test">
   <target host="groupon.gr" />
   <target host="*.groupon.gr" />
 
-	<securecookie host="^(?:.*\.)?groupon\.gr$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
   <rule from="^http://(\w+\.)?groupon\.gr/" to="https://$1groupon.gr/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Groupon.se.xml b/src/chrome/content/rules/Groupon.se.xml
index bf818d300e25..661e90483ff4 100644
--- a/src/chrome/content/rules/Groupon.se.xml
+++ b/src/chrome/content/rules/Groupon.se.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://groupon.se/ => https://www.groupon.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.groupon.se'")
 
 -->
-<ruleset name="Groupon.se" default_off='failed ruleset test'>
+<ruleset name="Groupon.se" default_off="failed ruleset test">
   <target host="groupon.se" />
   <rule from="^http://groupon\.se/" to="https://www.groupon.se/"/>
   <rule from="^http://www\.groupon\.se/" to="https://www.groupon.se/"/>
diff --git a/src/chrome/content/rules/Groupon.xml b/src/chrome/content/rules/Groupon.xml
index 17d18673ed05..79936e5aad18 100644
--- a/src/chrome/content/rules/Groupon.xml
+++ b/src/chrome/content/rules/Groupon.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://groupon.co.uk/ (200) => https://www.groupon.co.uk/ (40
 	For other Groupon coverage, see Groupon.com.xml.
 
 -->
-<ruleset name="Groupon DE/UK" default_off='failed ruleset test'>
+<ruleset name="Groupon DE/UK" default_off="failed ruleset test">
   <target host="groupon.de" />
   <target host="*.groupon.de" />
   <target host="groupon.co.uk" />
diff --git a/src/chrome/content/rules/Groupon_Works.com.xml b/src/chrome/content/rules/Groupon_Works.com.xml
index 127453ac1e30..6a10543678ef 100644
--- a/src/chrome/content/rules/Groupon_Works.com.xml
+++ b/src/chrome/content/rules/Groupon_Works.com.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://www.grouponworks.com/ (200) => https://www.grouponwork
 	For other Groupon coverage, see Groupon.com.xml.
 
 -->
-<ruleset name="Groupon Works.com" default_off='failed ruleset test'>
+<ruleset name="Groupon Works.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Grove.io.xml b/src/chrome/content/rules/Grove.io.xml
index 33a38d4c8313..b25f875277bd 100644
--- a/src/chrome/content/rules/Grove.io.xml
+++ b/src/chrome/content/rules/Grove.io.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.grove.io/ => https://www.grove.io/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="Grove.io" default_off='failed ruleset test'>
+<ruleset name="Grove.io" default_off="failed ruleset test">
 
 	<target host="grove.io" />
 	<target host="www.grove.io" />
diff --git a/src/chrome/content/rules/Grow_HQ.com.xml b/src/chrome/content/rules/Grow_HQ.com.xml
index 299fe40b0964..e2a2ee1835b3 100644
--- a/src/chrome/content/rules/Grow_HQ.com.xml
+++ b/src/chrome/content/rules/Grow_HQ.com.xml
@@ -4,16 +4,17 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://growhq.com/ => https://growhq.com/: (35, 'Unknown SSL protocol error in connection to growhq.com:443 ')
 
 -->
-<ruleset name="Grow HQ.com" default_off='failed ruleset test'>
+<ruleset name="Grow HQ.com" default_off="failed ruleset test">
 
 	<target host="growhq.com" />
-	<target host="*.growhq.com" />
+	<target host="app.growhq.com" />
+	<target host="s3.growhq.com" />
+	<target host="www.growhq.com" />
 
 
 	<securecookie host="^\.growhq\.com$" name=".+" />
 
 
-	<rule from="^http://((?:app|s3|www)\.)?growhq\.com/"
-		to="https://$1growhq.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Growery.xml b/src/chrome/content/rules/Growery.xml
index 05e9f81fcfde..4a4ca25a1b54 100644
--- a/src/chrome/content/rules/Growery.xml
+++ b/src/chrome/content/rules/Growery.xml
@@ -7,4 +7,4 @@
 	<rule from="^http://(www\.)?growery\.org/(bnr/|favicon\.www\.growery\.org\.ico|forum/(?:avatar|image|stylesheet)s/|images/|smarty/)"
 		to="https://$1growery.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Grsm.io.xml b/src/chrome/content/rules/Grsm.io.xml
new file mode 100644
index 000000000000..7845f55cbbc3
--- /dev/null
+++ b/src/chrome/content/rules/Grsm.io.xml
@@ -0,0 +1,17 @@
+<!--
+	Wildcard certificate and DNS records:
+		- grsm.io
+-->
+
+<ruleset name="Grsm.io">
+	<target host="grsm.io" />
+	<target host="*.grsm.io" />
+		<test url="http://www.grsm.io/" />
+		<test url="http://a.grsm.io/" />
+		<test url="http://b.grsm.io/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://([\w-]+\.)?grsm\.io/"
+		to="https://$1grsm.io/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Grubstreet.com.xml b/src/chrome/content/rules/Grubstreet.com.xml
new file mode 100644
index 000000000000..edb1c0e03dc1
--- /dev/null
+++ b/src/chrome/content/rules/Grubstreet.com.xml
@@ -0,0 +1,47 @@
+<!--
+	Invalid:
+		e.grubstreet.com
+		stats.grubstreet.com
+		horizon.grubstreet.com		
+
+	Redirected:
+		client.grubstreet.com
+		chicago.grubstreet.com
+		losangeles.grubstreet.com
+		newyork.grubstreet.com
+		philadelphia.grubstreet.com
+		sanfrancisco.grubstreet.com
+
+	Refused:
+		grubstreet.com (non-www)
+		boston.grubstreet.com
+		chicago.grubstreet.com
+		losangeles.grubstreet.com
+		newyork.grubstreet.com
+		philadelphia.grubstreet.com
+		sanfrancisco.grubstreet.com
+-->
+<ruleset name="grubstreet.com">
+	<target host="grubstreet.com" />
+	<target host="www.grubstreet.com" />
+	<target host="boston.grubstreet.com" />
+	<target host="chicago.grubstreet.com" />
+	<target host="losangeles.grubstreet.com" />
+	<target host="newyork.grubstreet.com" />
+	<target host="philadelphia.grubstreet.com" />
+	<target host="sanfrancisco.grubstreet.com" />
+
+	<rule from="^http://boston\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://chicago\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://losangeles\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://newyork\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://philadelphia\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+	<rule from="^http://sanfrancisco\.grubstreet\.com/" to="https://www.grubstreet.com/" />
+
+	<rule from="^http://grubstreet\.com/" to="https://www.grubstreet.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Grupfoni.xml b/src/chrome/content/rules/Grupfoni.xml
index 6dd7bb092fa1..241da0146c21 100644
--- a/src/chrome/content/rules/Grupfoni.xml
+++ b/src/chrome/content/rules/Grupfoni.xml
@@ -2,7 +2,7 @@
   <target host="www.grupfoni.com" />
   <target host="grupfoni.com" />
 
-  <securecookie host="^(?:.*\.)?grupfoni\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Grupo-Triton.xml b/src/chrome/content/rules/Grupo-Triton.xml
index 5f37b3c71d8e..36be07f55925 100644
--- a/src/chrome/content/rules/Grupo-Triton.xml
+++ b/src/chrome/content/rules/Grupo-Triton.xml
@@ -3,7 +3,7 @@
 	<!--	Cert: *.gridserver.com		-->
 	<target host="grupotriton.com" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.grupotriton.com" />
+	<target host="www.grupotriton.com" />
 
 
 	<securecookie host="^grupotriton\.com$" name=".+" />
diff --git a/src/chrome/content/rules/GrvCDN.com.xml b/src/chrome/content/rules/GrvCDN.com.xml
deleted file mode 100644
index d520b6798710..000000000000
--- a/src/chrome/content/rules/GrvCDN.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Releated rulesets: Gravity.com.xml.
-
-	Problematic hosts in *grvcdn.com:
-		- i.api *
-		- b *
-		- i *
-	* Akamai
--->
-<ruleset name="GrvCDN.com">
-	<!--	Direct rewrites:	-->
-	<target host="b-ssl.grvcdn.com" />
-		<test url="http://b-ssl.grvcdn.com/moth-min.js" />
-	<target host="dlug-assets.grvcdn.com" />
-		<test url="http://dlug-assets.grvcdn.com/4a/8d/f1/80/89/17/0d/48/46/5c/df/f9/b0/1d/11/d4-4563911185582aa4909b6d6.84142948.jpg" />
-	<target host="interestimages.grvcdn.com" />
-		<test url="http://interestimages.grvcdn.com/img/files.techcrunch.cn/fc1ca5ba27bdff3e6701294cc52fe00e-orig.jpg" />
-	<target host="static.grvcdn.com" />
-		<test url="http://static.grvcdn.com/personalization/base.dd5bb885115b30c992b87792b6c5fe25.css" />
-	<target host="thumby.grvcdn.com" />
-
-	<!--	Complications:	-->
-	<target host="b.grvcdn.com" />
-
-	<rule from="^http://b\.grvcdn\.com/"
-		to="https://b-ssl.grvcdn.com/" />
-		<test url="http://b.grvcdn.com/moth-min.js" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gs1ca.org.xml b/src/chrome/content/rules/Gs1ca.org.xml
new file mode 100644
index 000000000000..ed2fb233dce3
--- /dev/null
+++ b/src/chrome/content/rules/Gs1ca.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Chain issue, missing intermediate:
+		- gemini.gs1ca.org
+
+	Timed out:
+		- lms.gs1ca.org
+-->
+
+<ruleset name="Gs1ca.org">
+	<target host="gs1ca.org" />
+	<target host="www.gs1ca.org" />
+	<target host="gs1dashboard.gs1ca.org" />
+	<target host="itemcentre.gs1ca.org" />
+	<target host="itemcertification.gs1ca.org" />
+	<target host="mygs1.gs1ca.org" />
+	<target host="services.gs1ca.org" />
+	<target host="thevault.gs1ca.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gsfacket.se.xml b/src/chrome/content/rules/Gsfacket.se.xml
index f4e28f2128ff..91c9911f5ead 100644
--- a/src/chrome/content/rules/Gsfacket.se.xml
+++ b/src/chrome/content/rules/Gsfacket.se.xml
@@ -1,8 +1,29 @@
-<!-- gsfacket is a swedish labour union -->
+<!-- gsfacket is a swedish labour union
+
+	Problematic subdomains: 
+	
+		- Incomplete certificate chain:
+		
+			- bladet.gsfacket.se
+			- gsbox.gsfacket.se
+			- mail.gsfacket.se
+			- webmail.gsfacket.se
+
+		- Timout:
+		
+			- kaggen.gsfacket.se
+			- smtp.gsfacket.se
+
+		- http and https not returning same content:
+		
+			- beta.gsfacket.se
+			- office.gsfacket.se
+-->
 <ruleset name="Gsfacket.se">
 	<target host="gsfacket.se" />
 	<target host="www.gsfacket.se" />
-	<rule from="^http://gsfacket\.se/" to="https://www.gsfacket.se/"/>
-	<rule from="^http://www\.gsfacket\.se/" to="https://www.gsfacket.se/"/>
-</ruleset>
+	<target host="besok.gsfacket.se" />
+	<target host="enkat.gsfacket.se" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Gsfn.us.xml b/src/chrome/content/rules/Gsfn.us.xml
index a2028e87f53d..c9a30f8f27b3 100644
--- a/src/chrome/content/rules/Gsfn.us.xml
+++ b/src/chrome/content/rules/Gsfn.us.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://loader\.engage\.gsfn\.us/"
 		to="https://loader.engage.gsfn.us/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gsmhosting.com.xml b/src/chrome/content/rules/Gsmhosting.com.xml
deleted file mode 100644
index 9020727a962c..000000000000
--- a/src/chrome/content/rules/Gsmhosting.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Gsmhosting.com">
-  <target host="gsmhosting.com" />
-  <target host="www.gsmhosting.com" />
-  <target host="forum.gsmhosting.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Gsspcln.jp.xml b/src/chrome/content/rules/Gsspcln.jp.xml
index c33f83f6485b..06f36799c6fe 100644
--- a/src/chrome/content/rules/Gsspcln.jp.xml
+++ b/src/chrome/content/rules/Gsspcln.jp.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: 
+	Remark:
 	 - *.gsspcln.jp have a wildcard DNS and a wildcard certificate
 -->
 <ruleset name="Gsspcln.jp">
diff --git a/src/chrome/content/rules/Gtimg.com.xml b/src/chrome/content/rules/Gtimg.com.xml
index 06c4aa19ba18..f59ce3c62d21 100644
--- a/src/chrome/content/rules/Gtimg.com.xml
+++ b/src/chrome/content/rules/Gtimg.com.xml
@@ -3,7 +3,6 @@
 		3366.gtimg.com
 
 	Mismatch:
-		ac.gtimg.com
 		a.map.gtimg.com
 -->
 
@@ -15,6 +14,10 @@
 		<!-- Find the test url in : https://888.qq.com/ -->
 		<test url="http://888.gtimg.com/new_js/info/marketing/statistics_fuc.js" />
 
+	<target host="ac.gtimg.com" />
+		<test url="http://ac.gtimg.com/media/images/pixel.gif" />
+		<test url="http://ac.gtimg.com/media/template/comic_copyright.doc" />
+
 	<target host="bqq.gtimg.com" />
 		<!-- Find the test url in : http://www.geetest.com/ -->
 		<test url="http://bqq.gtimg.com/da/i.js" />
@@ -40,6 +43,12 @@
 	<target host="pc5.gtimg.com" />
 	<target host="pc6.gtimg.com" />
 
+	<target host="qgcdn0.gtimg.com" />
+	<target host="qgcdn1.gtimg.com" />
+		<test url="http://qgcdn1.gtimg.com/js2.0/qqconnect/gamevip_config.js" />
+	<target host="qgcdn2.gtimg.com" />
+	<target host="qgcdn3.gtimg.com" />
+
 	<target host="rt0.map.gtimg.com" />
 	<target host="rt1.map.gtimg.com" />
 	<target host="rt2.map.gtimg.com" />
@@ -84,6 +93,9 @@
 	<target host="tr2.gtimg.com" />
 	<target host="tr3.gtimg.com" />
 
+	<!-- Find the test url in : https://v.qq.com/ -->
+	<target host="ugcdl.video.gtimg.com" />
+
 	<target host="wximg.gtimg.com" />
 		<test url="http://wximg.gtimg.com/tmt/_events/promo/EyxiHkkq/html/index.html" />
 
diff --git a/src/chrome/content/rules/Gtk.org.xml b/src/chrome/content/rules/Gtk.org.xml
new file mode 100644
index 000000000000..218032edd166
--- /dev/null
+++ b/src/chrome/content/rules/Gtk.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.gtk.org:
+		- beast.gtk.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Gtk.org">
+	<target host="gtk.org" />
+	<target host="www.gtk.org" />
+	<target host="blog.gtk.org" />
+	<target host="ftp.gtk.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gu.com.xml b/src/chrome/content/rules/Gu.com.xml
index 423267d887be..9a069e909b2d 100644
--- a/src/chrome/content/rules/Gu.com.xml
+++ b/src/chrome/content/rules/Gu.com.xml
@@ -18,4 +18,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml b/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml
index 95917de5122f..e985a4f8b810 100644
--- a/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml
+++ b/src/chrome/content/rules/Guarantorus_Loans.co.uk.xml
@@ -2,7 +2,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Guarantorus Loans.co.uk" default_off="missing certificate chain">
+<ruleset name="Guarantorus Loans.co.uk" default_off="cert-chain">
 
 	<target host="guarantorusloans.co.uk" />
 	<target host="www.guarantorusloans.co.uk" />
diff --git a/src/chrome/content/rules/Guardian.co.tt.xml b/src/chrome/content/rules/Guardian.co.tt.xml
deleted file mode 100644
index 0c75169d2081..000000000000
--- a/src/chrome/content/rules/Guardian.co.tt.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-	Trinidad Guardian
-
-
-	Nonfunctional subdomains:
-
-		- adserver *
-		- subscriptions *
-
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
-
-	Mixed content:
-
-		- Script on www from www *
-		- Images on www from www *
-
-		- css, on www from:
-
-			- www *
-			- fonts.googleapis.com *
-
-		- Ads/web bugs, on www from:
-
-			- adserver **
-			- wibiya-june-new-log.conduit-data.com *
-			- pagead2.googlesyndication.com *
-			- www.linkedin.com *
-			- api.pinterest.com *
-			- platform.twitter.com *
-			- appcdn.wibiya.com **
-			- cdn.wibiya.com **
-
-	* Secured by us
-	** Unsecurable, but who cares
-
-
-	NB: We secure all resources apart from ads, and
-	thus platform should be removed with Ffx 24.
-
--->
-<ruleset name="Guardian.co.tt (false MCB)" platform="mixedcontent">
-
-	<target host="guardian.co.tt" />
-	<target host="www.guardian.co.tt" />
-
-
-	<!--securecookie host="^\.guardian\.co\.tt$" name="^(__cfduid|__utm\w)$" /-->
-	<securecookie host="^(?:www)?\.guardian\.co\.tt$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Guardian.xml b/src/chrome/content/rules/Guardian.xml
index ea7af67aed77..2de1b6265cc2 100644
--- a/src/chrome/content/rules/Guardian.xml
+++ b/src/chrome/content/rules/Guardian.xml
@@ -1,10 +1,9 @@
-
 <!--
 Disabled by https-everywhere-checker because:
 Fetch error: http://id.guardian.co.uk/ => https://id.guardian.co.uk/: (6, 'Could not resolve host: id.guardian.co.uk')
 Fetch error: http://witness.guardian.co.uk/ => https://witness.guardian.co.uk/: (6, 'Could not resolve host: witness.guardian.co.uk')
 
-	For other Guardian rulesets, see Guardian.xml.
+	For other Guardian rulesets, see The_Guardian.com.xml.
 
 
 	CDN buckets:
@@ -55,7 +54,7 @@ Fetch error: http://witness.guardian.co.uk/ => https://witness.guardian.co.uk/:
 		- .guardian.co.uk
 
 -->
-<ruleset name="Guardian.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Guardian.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/GuardianFX.com.xml b/src/chrome/content/rules/GuardianFX.com.xml
new file mode 100644
index 000000000000..822194270d89
--- /dev/null
+++ b/src/chrome/content/rules/GuardianFX.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="GuardianFX.com">
+	<target host="guardianfx.com" />
+	<target host="www.guardianfx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Guardian_Offers.co.uk.xml b/src/chrome/content/rules/Guardian_Offers.co.uk.xml
index db3a3780158f..24b079211671 100644
--- a/src/chrome/content/rules/Guardian_Offers.co.uk.xml
+++ b/src/chrome/content/rules/Guardian_Offers.co.uk.xml
@@ -23,7 +23,7 @@ Fetch error: http://essentials.guardianoffers.co.uk/ => https://essentials.guard
 	* Secured by us
 
 -->
-<ruleset name="Guardian Offers.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Guardian Offers.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Guardian_Subscriptions.co.uk.xml b/src/chrome/content/rules/Guardian_Subscriptions.co.uk.xml
deleted file mode 100644
index 1bad19a0100e..000000000000
--- a/src/chrome/content/rules/Guardian_Subscriptions.co.uk.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://guardiansubscriptions.co.uk/ => https://guardiansubscriptions.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://www.guardiansubscriptions.co.uk/ => https://www.guardiansubscriptions.co.uk/: (28, 'Connection timed out after 20001 milliseconds')
-
-	For other Guardian coverage, see Guardian.xml.
-
--->
-<ruleset name="Guardian Subscriptions.co.uk" default_off='failed ruleset test'>
-
-	<target host="guardiansubscriptions.co.uk" />
-	<target host="www.guardiansubscriptions.co.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?guardiansubscriptions\.co\.uk$" name="^(ASP\.NET_SessionId|TestCookiesEnabled)$" /-->
-
-	<securecookie host="^(?:www\.)?guardiansubscriptions\.co\.uk$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/GuideStar.xml b/src/chrome/content/rules/GuideStar.xml
index b10cca460f4c..4e67184c3981 100644
--- a/src/chrome/content/rules/GuideStar.xml
+++ b/src/chrome/content/rules/GuideStar.xml
@@ -16,7 +16,7 @@ Fetch error: http://www2.guidestar.org/ => https://www2.guidestar.org/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="GuideStar.org (partial)" default_off='failed ruleset test'>
+<ruleset name="GuideStar.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Guild-Wars-2.xml b/src/chrome/content/rules/Guild-Wars-2.xml
index 9a6113d0f956..be4f99905024 100644
--- a/src/chrome/content/rules/Guild-Wars-2.xml
+++ b/src/chrome/content/rules/Guild-Wars-2.xml
@@ -32,13 +32,21 @@
 <ruleset name="Guild Wars 2 (partial)">
 
 	<target host="guildwars2.com" />
-	<target host="*.guildwars2.com" />
+	<target host="account.guildwars2.com" />
+	<target host="buy.guildwars2.com" />
+	<target host="forum.guildwars2.com" />
+	<target host="forum-de.guildwars2.com" />
+	<target host="forum-en.guildwars2.com" />
+	<target host="forum-es.guildwars2.com" />
+	<target host="forum-fr.guildwars2.com" />
+	<target host="register.guildwars2.com" />
+	<target host="support.guildwars2.com" />
+	<target host="www.guildwars2.com" />
 
 
-	<securecookie host="^.+\.guildwars\.com$" name=".+" />
+	<securecookie host="^.+\.guildwars2\.com$" name=".+" />
 
 
-	<rule from="^http://((?:account|buy|forum(?:-de|-e[ns]|-fr)?|register|support|www)\.)?guildwars2\.com/"
-		to="https://$1guildwars2.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/GuildEducation.com.xml b/src/chrome/content/rules/GuildEducation.com.xml
new file mode 100644
index 000000000000..d7254da195d2
--- /dev/null
+++ b/src/chrome/content/rules/GuildEducation.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- pages (CN=*.marketo.com)
+-->
+<ruleset name="GuildEducation.com">
+	<target host="guildeducation.com" />
+	<target host="www.guildeducation.com" />
+	<target host="catalog.guildeducation.com" />
+	<target host="documents.guildeducation.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Guitar_Center.com.xml b/src/chrome/content/rules/Guitar_Center.com.xml
index 1a4bcd46a3c8..7aba59ce4121 100644
--- a/src/chrome/content/rules/Guitar_Center.com.xml
+++ b/src/chrome/content/rules/Guitar_Center.com.xml
@@ -72,10 +72,15 @@ Non-2xx HTTP code: http://guitarcenter.com/ (200) => http://guitarcenter.com/ (4
 	² Unsecurable <= interrupted
 
 -->
-<ruleset name="Guitar Center.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Guitar Center.com (partial)" default_off="failed ruleset test">
 
 	<target host="guitarcenter.com" />
-	<target host="*.guitarcenter.com" />
+	<target host="www.guitarcenter.com" />
+	<target host="clearance.guitarcenter.com" />
+	<target host="gc.guitarcenter.com" />
+	<target host="images.guitarcenter.com" />
+	<target host="m.guitarcenter.com" />
+	<target host="stores.guitarcenter.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Guldencoin.com.xml b/src/chrome/content/rules/Guldencoin.com.xml
index 3aa5fde8b08a..de5bd366b781 100644
--- a/src/chrome/content/rules/Guldencoin.com.xml
+++ b/src/chrome/content/rules/Guldencoin.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.guldencoin.com/ => https://www.guldencoin.com/: (35, 'er
 		- s3-eu-west-1.amazonaws.com/guldencoin.com/
 
 -->
-<ruleset name="Guldencoin.com" default_off='failed ruleset test'>
+<ruleset name="Guldencoin.com" default_off="failed ruleset test">
 
 	<target host="guldencoin.com" />
 	<target host="www.guldencoin.com" />
diff --git a/src/chrome/content/rules/GumGum.xml b/src/chrome/content/rules/GumGum.xml
index 9b2f6e91848c..1e91aa2b596d 100644
--- a/src/chrome/content/rules/GumGum.xml
+++ b/src/chrome/content/rules/GumGum.xml
@@ -21,7 +21,10 @@
 <ruleset name="GumGum (partial)">
 
 	<target host="gumgum.com" />
-	<target host="*.gumgum.com" />
+	<target host="www.gumgum.com" />
+	<target host="ads.gumgum.com" />
+	<target host="g2.gumgum.com" />
+	<target host="c.gumgum.com" />
 
 
 	<rule from="^http://(www\.)?gumgum\.com/(?=images/|(?:login|terms-of-service)(?:/?$|\?))"
@@ -31,6 +34,6 @@
 		to="https://$1.gumgum.com/" />
 
 	<rule from="^http://c\.gumgum\.com/"
-		to="https://d1u2cbczpt82kt.cloudfront.net/" />
+		to="https://c.gumgum.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gumstix.xml b/src/chrome/content/rules/Gumstix.xml
index 405e2ccd2c0c..7883f273cfff 100644
--- a/src/chrome/content/rules/Gumstix.xml
+++ b/src/chrome/content/rules/Gumstix.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gumtree.co.za.xml b/src/chrome/content/rules/Gumtree.co.za.xml
index a7610a84ff34..10c592873e06 100644
--- a/src/chrome/content/rules/Gumtree.co.za.xml
+++ b/src/chrome/content/rules/Gumtree.co.za.xml
@@ -14,7 +14,7 @@
 		- origin-cache	(r)
 		- tm	(t)
 
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Gumtree.com.au.xml b/src/chrome/content/rules/Gumtree.com.au.xml
index aabb142b557d..67330da029e6 100644
--- a/src/chrome/content/rules/Gumtree.com.au.xml
+++ b/src/chrome/content/rules/Gumtree.com.au.xml
@@ -11,7 +11,7 @@
 		- www.paramount-motors	(r)
 		- sfapi.cloud.qa1	(t)
 		- static2	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Gumtree.com.xml b/src/chrome/content/rules/Gumtree.com.xml
index ea04f4348d38..f8bd44a53769 100644
--- a/src/chrome/content/rules/Gumtree.com.xml
+++ b/src/chrome/content/rules/Gumtree.com.xml
@@ -20,7 +20,7 @@
 		- newyork	(t)
 		- integration.sf	(r)
 		- sfgw.sf	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Gumtree.ie.xml b/src/chrome/content/rules/Gumtree.ie.xml
index bebe8727cdd9..4b38742dfba1 100644
--- a/src/chrome/content/rules/Gumtree.ie.xml
+++ b/src/chrome/content/rules/Gumtree.ie.xml
@@ -8,7 +8,7 @@
 		- mktg		(t)
 		- secure	(t)
 		- wwww		(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Gumtree.sg.xml b/src/chrome/content/rules/Gumtree.sg.xml
index 9f0518035230..43ac3fbba92d 100644
--- a/src/chrome/content/rules/Gumtree.sg.xml
+++ b/src/chrome/content/rules/Gumtree.sg.xml
@@ -14,7 +14,7 @@
 		- singapore4	(t)
 		- singfapore	(t)
 		- sngapore	(t)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/GunFacts.info.xml b/src/chrome/content/rules/GunFacts.info.xml
new file mode 100644
index 000000000000..10a06c820974
--- /dev/null
+++ b/src/chrome/content/rules/GunFacts.info.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure connection failed:
+
+	- community
+	- wp
+-->
+
+<ruleset name="GunFacts.info">
+	<target host="gunfacts.info" />
+	<target host="www.gunfacts.info" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Gust.xml b/src/chrome/content/rules/Gust.xml
index 5e93c90c3cc7..c853a3280479 100644
--- a/src/chrome/content/rules/Gust.xml
+++ b/src/chrome/content/rules/Gust.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?gust\.com/(?!$)"
 		to="https://$1gust.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Gutenberg.org.xml b/src/chrome/content/rules/Gutenberg.org.xml
index cce664121929..964951225726 100644
--- a/src/chrome/content/rules/Gutenberg.org.xml
+++ b/src/chrome/content/rules/Gutenberg.org.xml
@@ -12,7 +12,7 @@
 <ruleset name="Gutenberg.org">
 
 	<target host="gutenberg.org" />
-	<target host="*.gutenberg.org" />
+	<target host="www.gutenberg.org" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/GwDg.de.xml b/src/chrome/content/rules/GwDg.de.xml
index 61042e02f1ab..620505e0e66b 100644
--- a/src/chrome/content/rules/GwDg.de.xml
+++ b/src/chrome/content/rules/GwDg.de.xml
@@ -1,23 +1,25 @@
 <!--
 	Gesellschaft fuer wissenschaftliche Datenverarbeitung
 
-
-	These altnames don't exist:
-
-		- www.piwik.gwdg.de
-
+	Unable to get local issuer certificate:
+		status.gwdg.de
 -->
-<ruleset name="GwDg.de">
-
+<ruleset name="GwDg.de (partial)">
+
+	<target host="gwdg.de" />
+	<target host="www.gwdg.de" />
+	<target host="cryptpad.gwdg.de" />
+	<target host="ethercalc.gwdg.de" />
+	<target host="etherpad.gwdg.de" />
+	<target host="faq.gwdg.de" />
+	<target host="ftp.gwdg.de" />
+	<target host="info.gwdg.de" />
+	<target host="paste.gwdg.de" />
 	<target host="piwik.gwdg.de" />
-
 		<test url="http://piwik.gwdg.de/piwik.php?idsite=" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Gwern.net.xml b/src/chrome/content/rules/Gwern.net.xml
new file mode 100644
index 000000000000..7ec584f13642
--- /dev/null
+++ b/src/chrome/content/rules/Gwern.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="Gwern.net">
+	<target host="gwern.net" />
+	<target host="www.gwern.net" />
+	<target host="direct.gwern.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/H-T.co.xml b/src/chrome/content/rules/H-T.co.xml
index 976b78b07644..255bb5f219d0 100644
--- a/src/chrome/content/rules/H-T.co.xml
+++ b/src/chrome/content/rules/H-T.co.xml
@@ -12,7 +12,7 @@ Fetch error: http://h-t.co/ => https://h-t.co/: (51, "SSL: no alternative certif
 		- i.h-t.co
 
 -->
-<ruleset name="H-T.co" default_off='failed ruleset test'>
+<ruleset name="H-T.co" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/H5n.us.xml b/src/chrome/content/rules/H5n.us.xml
index 966473436df2..2d361cb4c4b9 100644
--- a/src/chrome/content/rules/H5n.us.xml
+++ b/src/chrome/content/rules/H5n.us.xml
@@ -4,10 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://h5n.us/ => https://h5n.us/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="h5n.us" default_off='failed ruleset test'>
+<ruleset name="h5n.us" default_off="failed ruleset test">
 
 	<target host="h5n.us" />
-	<target host="*.h5n.us" />
+	<target host="virtual.h5n.us" />
+	<target host="www.h5n.us" />
 
 
 	<!--	www cert: self-signed
diff --git a/src/chrome/content/rules/H5py.org.xml b/src/chrome/content/rules/H5py.org.xml
new file mode 100644
index 000000000000..25d16a797b74
--- /dev/null
+++ b/src/chrome/content/rules/H5py.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Refused:
+		- ^
+
+	Mismatch:
+		- docs
+
+	Time out:
+		- api
+-->
+<ruleset name="H5py.org">
+
+	<target host="h5py.org" />
+	<target host="www.h5py.org" />
+	<target host="docs.h5py.org" />
+
+	<rule from="^http://docs\.h5py\.org/"
+		to="https://h5py.readthedocs.io/" />
+
+	<rule from="^http://h5py\.org/"
+		to="https://www.h5py.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HBAnet.org.xml b/src/chrome/content/rules/HBAnet.org.xml
index f480c956d906..ec60bb86cf41 100644
--- a/src/chrome/content/rules/HBAnet.org.xml
+++ b/src/chrome/content/rules/HBAnet.org.xml
@@ -7,7 +7,7 @@
 <ruleset name="HBAnet.org">
 
 	<target host="hbanet.org" />
-	<target host="*.hbanet.org" />
+	<target host="www.hbanet.org" />
 
 
 	<securecookie host="^\.hbanet\.org$" name=".+" />
diff --git a/src/chrome/content/rules/HBO.xml b/src/chrome/content/rules/HBO.xml
index fb49409222e0..6f7f3a31b915 100644
--- a/src/chrome/content/rules/HBO.xml
+++ b/src/chrome/content/rules/HBO.xml
@@ -50,7 +50,7 @@ Fetch error: http://talk.hbo.com/ => https://talk.hbo.com/: (7, 'Failed to conne
 	ˢ Secured by us
 
 -->
-<ruleset name="HBO.com (partial)" default_off='failed ruleset test'>
+<ruleset name="HBO.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/HBR.org.xml b/src/chrome/content/rules/HBR.org.xml
index 6f1b18bce8cd..cb44ada35027 100644
--- a/src/chrome/content/rules/HBR.org.xml
+++ b/src/chrome/content/rules/HBR.org.xml
@@ -39,7 +39,11 @@
 <ruleset name="HBR.org">
 
 	<target host="hbr.org" />
-	<target host="*.hbr.org" />
+	<target host="static.hbr.org" />
+	<target host="blogs.hbr.org" />
+	<target host="ox-d.hbr.org" />
+	<target host="www.hbr.org" />
+	<target host="web.hbr.org" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/HCL_Technologies.xml b/src/chrome/content/rules/HCL_Technologies.xml
index d6bdad0432e2..a8d50cf7a56b 100644
--- a/src/chrome/content/rules/HCL_Technologies.xml
+++ b/src/chrome/content/rules/HCL_Technologies.xml
@@ -44,10 +44,23 @@ Fetch error: http://autodiscover.hcl-axon.com/ => https://autodiscover.hcl-axon.
 		- webmail.hcltech.com
 
 -->
-<ruleset name="HCL Technologies (partial)" default_off='failed ruleset test'>
-
-	<target host="*.hcl.com" />
-	<target host="*.hcl.in" />
+<ruleset name="HCL Technologies (partial)" default_off="failed ruleset test">
+
+	<target host="autodiscover.hcl.com" />
+	<target host="mail.hcl.com" />
+	<target host="chnmail.hcl.com" />
+	<target host="comnetwebmail.hcl.com" />
+	<target host="isdmail.hcl.com" />
+	<target host="meme.hcl.com" />
+	<target host="mpindia.hcl.com" />
+	<target host="mycampus.hcl.com" />
+	<target host="ocsweb.hcl.com" />
+	<target host="as.ocsweb.hcl.com" />
+	<target host="download.ocsweb.hcl.com" />
+	<target host="remedy.hcl.com" />
+	<target host="autodiscover.hcl.in" />
+	<target host="hcltmail.hcl.in" />
+	<target host="hcltmail-chn.hcl.in" />
 	<target host="autodiscover.hcl-axon.com" />
 	<target host="webmail.hcltech.com" />
 
@@ -57,16 +70,6 @@ Fetch error: http://autodiscover.hcl-axon.com/ => https://autodiscover.hcl-axon.
 	<securecookie host="^webmail\.hcltech\.com$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|(?:chn|comnetweb|isd)?mail|meme|mpindia|mycampus|(?:as\.|download\.)?ocsweb|remedy)\.hcl\.com/"
-		to="https://$1.hcl.com/" />
-
-	<rule from="^http://(autodiscover|hcltmail(?:-chn)?)\.hcl\.in/"
-		to="https://$1.hcl.in/" />
-
-	<rule from="^http://autodiscover\.hcl-axon\.com/"
-		to="https://autodiscover.hcl-axon.com/" />
-
-	<rule from="^http://webmail\.hcltech\.com/"
-		to="https://webmail.hcltech.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HD.se.xml b/src/chrome/content/rules/HD.se.xml
index df084eddd7aa..25b7f48c0956 100644
--- a/src/chrome/content/rules/HD.se.xml
+++ b/src/chrome/content/rules/HD.se.xml
@@ -4,8 +4,8 @@ Fetch error: http://hd.se/ => https://hd.se/: Cycle detected - URL already encou
 -->
 <ruleset name="HD.se">
   <target host="hd.se" />
-  <target host="*.hd.se" />
-  <rule from="^http://hd\.se/" to="https://hd.se/"/>
+  <target host="www.hd.se" />
   <rule from="^http://www\.hd\.se/" to="https://hd.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/HDM-Stuttgart.de.xml b/src/chrome/content/rules/HDM-Stuttgart.de.xml
new file mode 100644
index 000000000000..3b328b9daa23
--- /dev/null
+++ b/src/chrome/content/rules/HDM-Stuttgart.de.xml
@@ -0,0 +1,226 @@
+<!--
+	Cert expired:
+		- asta.hdm-stuttgart.de
+		- klaus.hdm-stuttgart.de
+		- klaus.mi.hdm-stuttgart.de
+		- krake.mi.hdm-stuttgart.de
+		- phabricator.mi.hdm-stuttgart.de
+		- vs.mi.hdm-stuttgart.de
+		- self.remex.hdm-stuttgart.de
+		- remex.hdm-stuttgart.de
+		- amms.remex.hdm-stuttgart.de
+		- cloud4all.remex.hdm-stuttgart.de
+		- prosperity.remex.hdm-stuttgart.de
+
+	Self-signed cert:
+		- gaia.iuk.hdm-stuttgart.de
+		- spib.iuk.hdm-stuttgart.de
+		- zeus.iuk.hdm-stuttgart.de
+		- scheible.hdm-stuttgart.de
+
+	Chain issues:
+		- ca-confluence.hdm-stuttgart.de
+		- hdr-2014.hdm-stuttgart.de
+		- iz-vpn-3.hdm-stuttgart.de
+		- apollo.iuk.hdm-stuttgart.de
+		- forschungsmethoden.iuk.hdm-stuttgart.de
+		- hera.iuk.hdm-stuttgart.de
+		- mandy.iuk.hdm-stuttgart.de
+		- modulwahl.iuk.hdm-stuttgart.de
+		- lemon.hdm-stuttgart.de
+		- media.hdm-stuttgart.de
+		- devices.mi.hdm-stuttgart.de
+		- learnmap.mi.hdm-stuttgart.de
+		- vpn-int.hdm-stuttgart.de
+		- wl-vpn-int.hdm-stuttgart.de
+
+	Connection refused:
+		- acqwiki.iuk.hdm-stuttgart.de
+		- analytics-stud.iuk.hdm-stuttgart.de
+		- analytics.iuk.hdm-stuttgart.de
+		- chronos.iuk.hdm-stuttgart.de
+		- cms02.iuk.hdm-stuttgart.de
+		- diana.iuk.hdm-stuttgart.de
+		- miner.iuk.hdm-stuttgart.de
+		- moodle-test.iuk.hdm-stuttgart.de
+		- omm-for-kids.iuk.hdm-stuttgart.de
+		- ommstage1.iuk.hdm-stuttgart.de
+		- ommwebprod.iuk.hdm-stuttgart.de
+		- storytellingmem.iuk.hdm-stuttgart.de
+		- wiki.iuk.hdm-stuttgart.de
+		- wiss.iuk.hdm-stuttgart.de
+		- iuk-wi-www-1.hdm-stuttgart.de
+		- ldap.hdm-stuttgart.de
+		- ldap1.hdm-stuttgart.de
+		- ldap2.hdm-stuttgart.de
+		- ldap3.hdm-stuttgart.de
+		- ldap4.hdm-stuttgart.de
+		- ldap5.hdm-stuttgart.de
+		- mba.hdm-stuttgart.de
+		- www.mba.hdm-stuttgart.de
+		- ewa.mi.hdm-stuttgart.de
+		- gamedesign.mi.hdm-stuttgart.de
+		- gerlicher.mi.hdm-stuttgart.de
+		- hdmapp.mi.hdm-stuttgart.de
+		- jd.mi.hdm-stuttgart.de
+		- maucher.pages.mi.hdm-stuttgart.de
+		- mc01.mi.hdm-stuttgart.de
+		- mc02.mi.hdm-stuttgart.de
+		- mc10.mi.hdm-stuttgart.de
+		- mc11.mi.hdm-stuttgart.de
+		- mobilecontent.mi.hdm-stuttgart.de
+		- pages.mi.hdm-stuttgart.de
+		- qraffiti.mi.hdm-stuttgart.de
+		- schacht.mi.hdm-stuttgart.de
+		- sq.mi.hdm-stuttgart.de
+		- mj.hdm-stuttgart.de
+		- mx1.hdm-stuttgart.de
+		- mx2.hdm-stuttgart.de
+		- mx3.hdm-stuttgart.de
+		- mx4.hdm-stuttgart.de
+		- mx5.hdm-stuttgart.de
+		- mx6.hdm-stuttgart.de
+		- www.omm.hdm-stuttgart.de
+		- schaugg.hdm-stuttgart.de
+		- schauggstream.hdm-stuttgart.de
+		- smtp.hdm-stuttgart.de
+		- wim.hdm-stuttgart.de
+		- www.wi.hdm-stuttgart.de
+		- www.wim.hdm-stuttgart.de
+		- xwing.hdm-stuttgart.de
+
+
+	TLS errors:
+		- bastet2.iuk.hdm-stuttgart.de
+		- ids.iuk.hdm-stuttgart.de
+		- ids2.iuk.hdm-stuttgart.de
+		- wiest.hdm-stuttgart.de
+		- mars.iuk.hdm-stuttgart.de
+
+	Timeout:
+		- hadoop.iuk.hdm-stuttgart.de
+		- iz-mail-1.hdm-stuttgart.de
+		- term.mi.hdm-stuttgart.de
+		- term.hdm-stuttgart.de
+		- www.mi.hdm-stuttgart.de
+
+	Cert mismatch:
+		- acts.hdm-stuttgart.de
+		- www.acts.hdm-stuttgart.de
+		- alumni.hdm-stuttgart.de
+		- gaming.hdm-stuttgart.de
+		- horads.hdm-stuttgart.de
+		- www.iaf.hdm-stuttgart.de
+		- id.hdm-stuttgart.de
+		- idb.hdm-stuttgart.de
+		- bastet.iuk.hdm-stuttgart.de
+		- download.iuk.hdm-stuttgart.de
+		- pdf.iuk.hdm-stuttgart.de
+		- usability.iuk.hdm-stuttgart.de
+		- www.iuk.hdm-stuttgart.de
+		- iz-homesrv-1.hdm-stuttgart.de
+		- iz-starplan-test.hdm-stuttgart.de
+		- iz-status-01.hdm-stuttgart.de
+		- iz-tt-1.hdm-stuttgart.de
+		- iz-www-2.hdm-stuttgart.de
+		- iz-www-1.hdm-stuttgart.de
+		- medieninformatik.hdm-stuttgart.de
+		- www.medieninformatik.hdm-stuttgart.de
+		- mi.hdm-stuttgart.de
+		- doc.mi.hdm-stuttgart.de
+		- fb1.mi.hdm-stuttgart.de
+		- mattermost.mi.hdm-stuttgart.de
+		- sol.mi.hdm-stuttgart.de
+		- streaming.mi.hdm-stuttgart.de
+		- webdav.mi.hdm-stuttgart.de
+		- webday.mi.hdm-stuttgart.de
+		- webmail.mi.hdm-stuttgart.de
+		- moodletest.hdm-stuttgart.de
+		- packagingdesign.hdm-stuttgart.de
+		- pdm.hdm-stuttgart.de
+		- realserver3.hdm-stuttgart.de
+		- www.remex.hdm-stuttgart.de
+		- science.hdm-stuttgart.de
+		- stufe.hdm-stuttgart.de
+		- v.hdm-stuttgart.de
+		- www-test.hdm-stuttgart.de
+
+-->
+<ruleset name="Hochschule der Medien Stuttgart" >
+
+	<target host="www.hdm-stuttgart.de" />
+
+	<target host="ca.hdm-stuttgart.de" />
+	<target host="bewerbung.hdm-stuttgart.de" />
+	<target host="em-web.am.hdm-stuttgart.de" />
+	<target host="crm.hdm-stuttgart.de" />
+	<target host="crpr.hdm-stuttgart.de" />
+	<target host="finanzbericht.hdm-stuttgart.de" />
+	<target host="home.hdm-stuttgart.de" />
+	<target host="curdt.home.hdm-stuttgart.de" />
+	<target host="hoermann.home.hdm-stuttgart.de" />
+	<target host="kisling.home.hdm-stuttgart.de" />
+	<target host="mk285.home.hdm-stuttgart.de" />
+	<target host="rathke.home.hdm-stuttgart.de" />
+	<target host="nicolin.home.hdm-stuttgart.de" />
+
+	<target host="idblog.hdm-stuttgart.de" />
+	<target host="idp.hdm-stuttgart.de" />
+	<target host="idp2.hdm-stuttgart.de" />
+	<target host="ifg.hdm-stuttgart.de" />
+	<target host="im-prod.hdm-stuttgart.de" />
+	<target host="imo.hdm-stuttgart.de" />
+	<target host="informationsdesign.hdm-stuttgart.de" />
+
+	<target host="bbb.iuk.hdm-stuttgart.de" />
+	<target host="cms01.iuk.hdm-stuttgart.de" />
+	<target host="id-textlabor.iuk.hdm-stuttgart.de" />
+	<target host="idb.iuk.hdm-stuttgart.de" />
+	<target host="idcloud.iuk.hdm-stuttgart.de" />
+	<target host="lists.iuk.hdm-stuttgart.de" />
+	<target host="monitor.iuk.hdm-stuttgart.de" />
+	<target host="omm-survey.iuk.hdm-stuttgart.de" />
+	<target host="portfolio.iuk.hdm-stuttgart.de" />
+
+	<target host="iz-intern.hdm-stuttgart.de" />
+	<target host="www.lnd.hdm-stuttgart.de" />
+
+	<target host="cub3d.mi.hdm-stuttgart.de" />
+	<target host="events.mi.hdm-stuttgart.de" />
+	<target host="freedocs.mi.hdm-stuttgart.de" />
+	<target host="gitlab.mi.hdm-stuttgart.de" />
+	<target host="laps.mi.hdm-stuttgart.de" />
+	<target host="learn.mi.hdm-stuttgart.de" />
+	<target host="learn2.mi.hdm-stuttgart.de" />
+	<target host="mail.mi.hdm-stuttgart.de" />
+	<target host="mailrepl.mi.hdm-stuttgart.de" />
+	<target host="mailsrv.mi.hdm-stuttgart.de" />
+	<target host="maven.mi.hdm-stuttgart.de" />
+	<target host="mirror.mi.hdm-stuttgart.de" />
+	<target host="misvn.mi.hdm-stuttgart.de" />
+	<target host="newscorpus.mi.hdm-stuttgart.de" />
+	<target host="sbeat.mi.hdm-stuttgart.de" />
+	<target host="ubs.mi.hdm-stuttgart.de" />
+	<target host="wiki.mi.hdm-stuttgart.de" />
+
+	<target host="mw.hdm-stuttgart.de" />
+	<target host="otrs.hdm-stuttgart.de" />
+	<target host="oxdav.hdm-stuttgart.de" />
+	<target host="ox.hdm-stuttgart.de" />
+
+	<target host="smarthouse.remex.hdm-stuttgart.de" />
+	<target host="smarthouse-dev.remex.hdm-stuttgart.de" />
+	<target host="urclab.remex.hdm-stuttgart.de" />
+
+	<target host="splan.hdm-stuttgart.de" />
+	<target host="status.hdm-stuttgart.de" />
+	<target host="vfx-web.hdm-stuttgart.de" />
+	<target host="vs.hdm-stuttgart.de" />
+	<target host="vw-online.hdm-stuttgart.de" />
+
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/HDME.eu.xml b/src/chrome/content/rules/HDME.eu.xml
new file mode 100644
index 000000000000..c3b76ae356b5
--- /dev/null
+++ b/src/chrome/content/rules/HDME.eu.xml
@@ -0,0 +1,6 @@
+<ruleset name="HDME.eu">
+	<target host="hdme.eu" />
+	<target host="www.hdme.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HDSA.xml b/src/chrome/content/rules/HDSA.xml
index dab34408d812..3e15918293a2 100644
--- a/src/chrome/content/rules/HDSA.xml
+++ b/src/chrome/content/rules/HDSA.xml
@@ -5,7 +5,7 @@ Fetch error: http://hdsa.org/ => https://www.hdsa.org/: Too many redirects while
 Fetch error: http://www.hdsa.org/ => https://www.hdsa.org/: Too many redirects while fetching 'https://www.hdsa.org/'
 
 -->
-<ruleset name="Huntington's Disease Society of America" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Huntington's Disease Society of America" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="hdsa.org" />
 	<target host="www.hdsa.org" />
 
diff --git a/src/chrome/content/rules/HDserviceproviders.com.xml b/src/chrome/content/rules/HDserviceproviders.com.xml
index eb20cb042fa0..f286c534635c 100644
--- a/src/chrome/content/rules/HDserviceproviders.com.xml
+++ b/src/chrome/content/rules/HDserviceproviders.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HDtracks.com.xml b/src/chrome/content/rules/HDtracks.com.xml
index d9ccd153b48b..ea197f199c2a 100644
--- a/src/chrome/content/rules/HDtracks.com.xml
+++ b/src/chrome/content/rules/HDtracks.com.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HFO-Telecom.xml b/src/chrome/content/rules/HFO-Telecom.xml
index eaf781550e2a..712b0c2f831e 100644
--- a/src/chrome/content/rules/HFO-Telecom.xml
+++ b/src/chrome/content/rules/HFO-Telecom.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.hfo-telecom.de/ => https://www.hfo-telecom.de/: (60, 'SS
 Fetch error: http://www.telefonanschluss.de/ => https://www.telefonanschluss.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="HFO Telecom AG" default_off='failed ruleset test'>
+<ruleset name="HFO Telecom AG" default_off="failed ruleset test">
 
 	<target host="cdn.hfo-telecom.de"/>
 	<target host="chat.hfo-telecom.de"/>
diff --git a/src/chrome/content/rules/HGO.se.xml b/src/chrome/content/rules/HGO.se.xml
index a53bca669ad7..fe43000ee6a7 100644
--- a/src/chrome/content/rules/HGO.se.xml
+++ b/src/chrome/content/rules/HGO.se.xml
@@ -9,7 +9,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hgo.se/ => https://www.hgo.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://hgo.se/ => https://www.hgo.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="HGO.se" default_off='failed ruleset test'>
+<ruleset name="HGO.se" default_off="failed ruleset test">
 	<target host="www.hgo.se" />
 	<target host="hgo.se" />
 	<target host="space.hgo.se" />
diff --git a/src/chrome/content/rules/HH.ru.xml b/src/chrome/content/rules/HH.ru.xml
index c24e96ce29d7..d947cffb1b52 100644
--- a/src/chrome/content/rules/HH.ru.xml
+++ b/src/chrome/content/rules/HH.ru.xml
@@ -175,7 +175,6 @@
 		<test url="http://slavgorod.hh.ru/" />
 		<test url="http://smolensk.hh.ru/" />
 		<test url="http://soltsy.hh.ru/" />
-		<test url="http://soltsy.hh.ru/" />
 		<test url="http://sorochinsk.hh.ru/" />
 		<test url="http://sortavala.hh.ru/" />
 		<test url="http://sovetskij.hh.ru/" />
diff --git a/src/chrome/content/rules/HHVM.com.xml b/src/chrome/content/rules/HHVM.com.xml
new file mode 100644
index 000000000000..cac0f52e4236
--- /dev/null
+++ b/src/chrome/content/rules/HHVM.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="HHVM.com">
+	<target host="hhvm.com" />
+	<target host="www.hhvm.com" />
+	<target host="dl.hhvm.com" />
+	<target host="dl2.hhvm.com" />
+	<target host="docs.hhvm.com" />
+	<target host="staging.docs.hhvm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HI.is.xml b/src/chrome/content/rules/HI.is.xml
index cbf8bd5b0c1c..5de027180db5 100644
--- a/src/chrome/content/rules/HI.is.xml
+++ b/src/chrome/content/rules/HI.is.xml
@@ -26,7 +26,7 @@
 	² Refused
 	³ Shows default page
 	⁴ Dropped
-	⁵ Shows trabant.rhi.hi.is	
+	⁵ Shows trabant.rhi.hi.is
 
 
 	Problematic hosts in *hi.is:
diff --git a/src/chrome/content/rules/HIBAPRESS.com.xml b/src/chrome/content/rules/HIBAPRESS.com.xml
new file mode 100644
index 000000000000..d3fbe347a1b5
--- /dev/null
+++ b/src/chrome/content/rules/HIBAPRESS.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="HIBAPRESS.com">
+	<target host="hibapress.com" />
+	<target host="www.hibapress.com" />
+	<target host="www.guercif.hibapress.com" />
+	<target host="ar.hibapress.com" />
+	<target host="en.hibapress.com" />
+	<target host="fr.hibapress.com" />
+	<target host="hanya.hibapress.com" />
+	<target host="islam.hibapress.com" />
+	<target host="static.hibapress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HIG.se.xml b/src/chrome/content/rules/HIG.se.xml
index 7f567457e3a8..30a4b86311c3 100644
--- a/src/chrome/content/rules/HIG.se.xml
+++ b/src/chrome/content/rules/HIG.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hig.se/ => https://www.hig.se/: Cycle detected - URL already encountered: https://www.hig.se/
 Fetch error: http://hig.se/ => https://www.hig.se/: Cycle detected - URL already encountered: https://www.hig.se/
 -->
-<ruleset name="HIG.se" default_off='failed ruleset test'>
+<ruleset name="HIG.se" default_off="failed ruleset test">
 	<target host="www.hig.se" />
 	<target host="hig.se" />
 	<rule from="^http://hig\.se/" to="https://www.hig.se/"/>
diff --git a/src/chrome/content/rules/HIIG.de.xml b/src/chrome/content/rules/HIIG.de.xml
index af81e7bce7f3..13e52e66f516 100644
--- a/src/chrome/content/rules/HIIG.de.xml
+++ b/src/chrome/content/rules/HIIG.de.xml
@@ -10,7 +10,7 @@
 		- css on www from fonts.googleapis.com *
 
 		- Images, on:
-		
+
 			- os from www.openingscience.org
 			- os, www from $self
 
diff --git a/src/chrome/content/rules/HJR-Verlag.de.xml b/src/chrome/content/rules/HJR-Verlag.de.xml
index 7c63940700be..aa286feb3291 100644
--- a/src/chrome/content/rules/HJR-Verlag.de.xml
+++ b/src/chrome/content/rules/HJR-Verlag.de.xml
@@ -5,7 +5,8 @@
 <ruleset name="HJR-Verlag.de">
 
 	<target host="hjr-verlag.de" />
-	<target host="*.hjr-verlag.de" />
+	<target host="www.hjr-verlag.de" />
+	<target host="mediendb.hjr-verlag.de" />
 
 
 	<!--	Not secured by server:
@@ -19,7 +20,6 @@
 	<rule from="^http://(?:www\.)?hjr-verlag\.de/"
 		to="https://www.hjr-verlag.de/" />
 
-	<rule from="^http://mediendb\.hjr-verlag\.de/"
-		to="https://mediendb.hjr-verlag.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HKET.com.xml b/src/chrome/content/rules/HKET.com.xml
new file mode 100644
index 000000000000..fe0ae7c094fd
--- /dev/null
+++ b/src/chrome/content/rules/HKET.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- ls.hket.com
+
+		Mixed content blocking (MCB) triggered:
+		- invest1.hket.com
+		- www1.hket.com
+-->
+<ruleset name="HKET.com">
+	<target host="hket.com" />
+	<target host="www.hket.com" />
+	<target host="china.hket.com" />
+	<target host="event.hket.com" />
+	<target host="epay.hket.com" />
+		<test url="http://epay.hket.com/cir/pay?name=IM20190507" />
+	<target host="eti.hket.com" />
+		<test url="http://eti.hket.com/pc/theme/OUHK30/?mtc=80008" />
+	<target host="imoney.hket.com" />
+	<target host="inews.hket.com" />
+	<target host="invest.hket.com" />
+	<target host="m.hket.com" />
+	<target host="marketing.hket.com" />
+	<target host="mkt1.hket.com" />
+		<test url="http://mkt1.hket.com/mtwealthmgt/spreadsheet/interest.xls" />
+	<target host="mkt2.hket.com" />
+		<test url="http://mkt2.hket.com/mtwealthmgt/spreadsheet/interest.xls" />
+	<target host="paper.hket.com" />
+	<target host="plus.hket.com" />
+	<target host="ps.hket.com" />
+	<target host="service.hket.com" />
+	<target host="sme.hket.com" />
+	<target host="topick.hket.com" />
+	<target host="topick2.hket.com" />
+	<target host="video.hket.com" />
+	<target host="wealth.hket.com" />
+	<target host="webmail.hket.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKEdCity.xml b/src/chrome/content/rules/HKEdCity.xml
index 2fa09390ae3a..9d6a079fbe47 100644
--- a/src/chrome/content/rules/HKEdCity.xml
+++ b/src/chrome/content/rules/HKEdCity.xml
@@ -3,6 +3,10 @@
 	<target host="www.hkedcity.net" />
 	<target host="hkedcity.net" />
 
+	<!-- Following severs doesnt redirect user to HTTPS version automaticaly if you have never visited the HTTPS version -->
+	<target host="334.edb.hkedcity.net" />
+	<target host="edb.hkedcity.net" />
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HKGOLDEN.com.xml b/src/chrome/content/rules/HKGOLDEN.com.xml
index 78e718fae129..04b71130ee73 100644
--- a/src/chrome/content/rules/HKGOLDEN.com.xml
+++ b/src/chrome/content/rules/HKGOLDEN.com.xml
@@ -12,16 +12,13 @@
 <ruleset name="HKGOLDEN.com">
 	<target host="hkgolden.com" />
 	<target host="www.hkgolden.com" />
-	<target host="archive.hkgolden.com" />
-	<target host="articlehtml.hkgolden.com" />
-	<test url="http://articlehtml.hkgolden.com/TopArticle_EP.htm?rand=464609232" />
-	
+	<target host="api.hkgolden.com" />
+	<target host="article.hkgolden.com" />
 	<target host="classbm.hkgolden.com" />
-	<target host="daily.hkgolden.com" />
 	<target host="forum.hkgolden.com" />
+	<target host="forumd.hkgolden.com" />
 	<target host="forum1.hkgolden.com" />
 	<target host="forum10.hkgolden.com" />
-	<target host="forum101.hkgolden.com" />
 	<target host="forum11.hkgolden.com" />
 	<target host="forum12.hkgolden.com" />
 	<target host="forum13.hkgolden.com" />
@@ -42,8 +39,8 @@
 	<target host="m4.hkgolden.com" />
 	<target host="m5.hkgolden.com" />
 	<target host="md.hkgolden.com" />
-	<target host="search.hkgolden.com" />
-	<target host="xmas.hkgolden.com" />
+	<target host="mdd.hkgolden.com" />
+	<target host="news.hkgolden.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/HKGov-ArchSD.xml b/src/chrome/content/rules/HKGov-ArchSD.xml
index e3706649f3ef..ec80db9dfeb2 100644
--- a/src/chrome/content/rules/HKGov-ArchSD.xml
+++ b/src/chrome/content/rules/HKGov-ArchSD.xml
@@ -1,7 +1,7 @@
 <!--
 	For other HK government coverage, see GovHK.xml.
 -->
-<ruleset name="Architectural Services Department" default_off="missing certificate chain">
+<ruleset name="Architectural Services Department" default_off="cert-chain">
 
 	<target host="www.archsd.gov.hk" />
 
diff --git a/src/chrome/content/rules/HKGov-HKMA.xml b/src/chrome/content/rules/HKGov-HKMA.xml
index c92cb32a2713..f1b784630f08 100644
--- a/src/chrome/content/rules/HKGov-HKMA.xml
+++ b/src/chrome/content/rules/HKGov-HKMA.xml
@@ -1,17 +1,16 @@
 <!--
 	For other HK government coverage, see GovHK.xml.
 
-	non-working subdomains:
-		- www.hkma.gov.hk
-		- apps.hkma.gov.hk
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
 		- coincollection.hkma.gov.hk
-		- vpr.hkma.gov.hk
 -->
 <ruleset name="Hong Kong Monetary Authority (partial)">
-
+	<target host="apps.hkma.gov.hk" />
 	<target host="hktr.hkma.gov.hk" />
 	<target host="secure.hkma.gov.hk" />
+	<target host="vpr.hkma.gov.hk" />
+	<target host="www.hkma.gov.hk" />
 
-		<rule from="^http:" to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HKGov-HYD.xml b/src/chrome/content/rules/HKGov-HYD.xml
index 2b3da17f17bd..a71a84b66def 100644
--- a/src/chrome/content/rules/HKGov-HYD.xml
+++ b/src/chrome/content/rules/HKGov-HYD.xml
@@ -10,7 +10,7 @@
 	<target host="webmail2.hyd.gov.hk"/>
 	<target host="webmail5.hyd.gov.hk"/>
 	<target host="webmail6.hyd.gov.hk"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HKGov-ITF.xml b/src/chrome/content/rules/HKGov-ITF.xml
index 080b2c0a43ae..9ed2c238e424 100644
--- a/src/chrome/content/rules/HKGov-ITF.xml
+++ b/src/chrome/content/rules/HKGov-ITF.xml
@@ -9,7 +9,7 @@
 
 	<target host="www.itf.gov.hk" />
 	<target host="www3.itf.gov.hk" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HKGov-LCSD.xml b/src/chrome/content/rules/HKGov-LCSD.xml
index 3dc7daca4b58..0efc925b74a8 100644
--- a/src/chrome/content/rules/HKGov-LCSD.xml
+++ b/src/chrome/content/rules/HKGov-LCSD.xml
@@ -10,7 +10,7 @@
 	<target host="www.lcsd.gov.hk" />
 	<target host="www2.lcsd.gov.hk" />
 	<target host="www3.lcsd.gov.hk" />
-	
+
 	<target host="corporategames.lcsd.gov.hk" />
 	<target host="eaps.lcsd.gov.hk" />
 	<target host="hongkonggames.lcsd.gov.hk" />
@@ -20,7 +20,7 @@
 	<exclusion pattern="^http://www\.lcsd\.gov\.hk/(en|tc|sc)/news\.php" />
 	<exclusion pattern="^http://www\.lcsd\.gov\.hk/(en|tc|sc)/contactus/(access|email)\.php" />
 	<exclusion pattern="^http://www\.lcsd\.gov\.hk/(en|tc|sc)/aboutlcsd/jobs\.php" />
-	
+
 	<test url="http://www.lcsd.gov.hk/en/news.php" />
 	<test url="http://www.lcsd.gov.hk/sc/news.php" />
 	<test url="http://www.lcsd.gov.hk/tc/news.php" />
@@ -34,6 +34,6 @@
 
 <!-- rules -->
 	<rule from="^http://(www\.)?lcsd\.gov\.hk/" to="https://www.lcsd.gov.hk/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HKGov-TID.xml b/src/chrome/content/rules/HKGov-TID.xml
index a47e3c976eb8..355865fb7bfd 100644
--- a/src/chrome/content/rules/HKGov-TID.xml
+++ b/src/chrome/content/rules/HKGov-TID.xml
@@ -11,7 +11,7 @@
 	<target host="www.cwc.tid.gov.hk" />
 	<target host="www.smefund.tid.gov.hk" />
 	<target host="www.stc.tid.gov.hk" />
-	<target host="www.success.tid.gov.hk" />	
+	<target host="www.success.tid.gov.hk" />
 
 	<rule from="^http:"
 	to="https:" />
diff --git a/src/chrome/content/rules/HKN.xml b/src/chrome/content/rules/HKN.xml
index 966ca2cc3e60..82ce24b69165 100644
--- a/src/chrome/content/rules/HKN.xml
+++ b/src/chrome/content/rules/HKN.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HKUST-GZ.edu.cn.xml b/src/chrome/content/rules/HKUST-GZ.edu.cn.xml
new file mode 100644
index 000000000000..7ded22e4a465
--- /dev/null
+++ b/src/chrome/content/rules/HKUST-GZ.edu.cn.xml
@@ -0,0 +1,11 @@
+<!--
+	For other UST.hk related rulesets, see UST.hk.xml
+-->
+<ruleset name="HKUST-GZ.edu.cn (partial)">
+	<target host="hkust-gz.edu.cn" />
+	<target host="www.hkust-gz.edu.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKUST.edu.cn.xml b/src/chrome/content/rules/HKUST.edu.cn.xml
new file mode 100644
index 000000000000..6b034aff4a00
--- /dev/null
+++ b/src/chrome/content/rules/HKUST.edu.cn.xml
@@ -0,0 +1,18 @@
+<!--
+	For other UST.hk related rulesets, see UST.hk.xml
+
+	Non-functional hosts:
+		Certificate mismatched:
+		- www.hkust.edu.cn
+-->
+<ruleset name="HKUST.edu.cn (partial)">
+	<target host="hkust.edu.cn" />
+	<target host="www.hkust.edu.cn" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http://www\.hkust\.edu\.cn/"
+		  	to="https://hkust.edu.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HKUST.edu.hk.xml b/src/chrome/content/rules/HKUST.edu.hk.xml
new file mode 100644
index 000000000000..c827fd94bfad
--- /dev/null
+++ b/src/chrome/content/rules/HKUST.edu.hk.xml
@@ -0,0 +1,11 @@
+<!--
+	For other UST.hk related rulesets, see UST.hk.xml
+-->
+<ruleset name="HKUST.edu.hk (partial)">
+	<target host="hkust.edu.hk" />
+	<target host="www.hkust.edu.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml b/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml
index 6747284e4dc1..87e1f99f4066 100644
--- a/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml
+++ b/src/chrome/content/rules/HK_Yanto_Yan.com-falsemixed.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="HK Yanto Yan.com (false MCB)" platform="mixedcontent">
 
-	<target host="*.hkyantoyan.com" />
+	<target host="www.hkyantoyan.com" />
 
 
 	<securecookie host="^(?:\.|www\.)?hkyantoyan\.com$" name=".+" />
 
 
-	<rule from="^http://www\.hkyantoyan\.com/"
-		to="https://www.hkyantoyan.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HM.com.xml b/src/chrome/content/rules/HM.com.xml
index 1bc5c7886cad..882ded3baa72 100644
--- a/src/chrome/content/rules/HM.com.xml
+++ b/src/chrome/content/rules/HM.com.xml
@@ -1,11 +1,12 @@
 <!--
-     Breaks shopping bag due to mixedcontent blocking. See Trac #9903
+	Mismatched:
+		- ^
 -->
 
-<ruleset name="Hm.com" platform="mixedcontent">
-  <target host="www.hm.com" />
-  <target host="hm.com" />
-  <rule from="^http://www\.hm\.com/" to="https://www.hm.com/"/>
-  <rule from="^http://hm\.com/" to="https://www.hm.com/"/>
-</ruleset>
+<ruleset name="HM.com (partial)">
+	<target host="hm.com" />
+	<target host="www.hm.com" />
 
+	<rule from="^http://hm\.com/" to="https://www.hm.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HMV_Japan.xml b/src/chrome/content/rules/HMV_Japan.xml
index 14b66a32a814..3e2a3ae7dcb8 100644
--- a/src/chrome/content/rules/HMV_Japan.xml
+++ b/src/chrome/content/rules/HMV_Japan.xml
@@ -21,7 +21,9 @@
 <ruleset name="HMV Japan (partial)">
 
 	<target host="hmv.co.jp" />
-	<target host="*.hmv.co.jp" />
+	<target host="www.hmv.co.jp" />
+	<target host="img.hmv.co.jp" />
+	<target host="img-org.hmv.co.jp" />
 
 
 	<!--	Tracking cookies:
diff --git a/src/chrome/content/rules/HNA.de.xml b/src/chrome/content/rules/HNA.de.xml
new file mode 100644
index 000000000000..c835b96e9a92
--- /dev/null
+++ b/src/chrome/content/rules/HNA.de.xml
@@ -0,0 +1,79 @@
+<!--
+	Connection closed:
+		immo
+		www.immo
+		story
+
+	Invalid certificate:
+		blog
+		dev-doc
+		horoskop
+		kassellexikon
+		m
+		www.markt
+		lt.portal
+		quiz
+		secretescapes
+		www.secretescapes
+		tippspiel
+		uelzen
+		veranstaltungen
+
+	Mixed content:
+		regiowiki
+
+	Refused:
+		kb
+		luedenscheid
+
+	Timeout:
+		mattermost-staging.hna.de
+		service-archiv
+		smtp
+		transfer
+-->
+<ruleset name="HNA.de">
+
+	<target host="hna.de" />
+	<target host="www.hna.de" />
+	<target host="abos.hna.de" />
+	<target host="auto.hna.de" />
+	<target host="banner.hna.de" />
+	<target host="blogs.hna.de" />
+	<target host="doc.hna.de" />
+	<target host="epaper.hna.de" />
+	<target host="flirt.hna.de" />
+	<target host="forum.hna.de" />
+	<target host="het164.hna.de" />
+	<target host="het199.hna.de" />
+	<target host="het35.hna.de" />
+	<target host="het71.hna.de" />
+	<target host="jobs.hna.de" />
+	<target host="selbsteingabe.jobs.hna.de" />
+	<target host="kreiszeitung.hna.de" />
+	<target host="leserreisen.hna.de" />
+	<target host="markt.hna.de" />
+	<target host="medienvorschau.hna.de" />
+	<target host="mms.hna.de" />
+	<target host="nx02.hna.de" />
+	<target host="partner.hna.de" />
+	<target host="www.partner.hna.de" />
+	<target host="praemienshop.hna.de" />
+	<target host="redaktion.hna.de" />
+	<target host="tabellen.hna.de" />
+	<target host="tickets.hna.de" />
+	<target host="trauer.hna.de" />
+	<target host="www.trauer.hna.de" />
+	<target host="vorlage1.hna.de" />
+	<target host="vorlage2.hna.de" />
+	<target host="vorlage3.hna.de" />
+	<target host="vwdweb2.hna.de" />
+	<target host="wahlomat.hna.de" />
+	<target host="www2.hna.de" />
+	<target host="www3.hna.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HON.ch.xml b/src/chrome/content/rules/HON.ch.xml
index 0c1629a5a688..5ba9c36493d1 100644
--- a/src/chrome/content/rules/HON.ch.xml
+++ b/src/chrome/content/rules/HON.ch.xml
@@ -17,7 +17,7 @@ Fetch error: http://team.hon.ch/ => https://team.hon.ch/: (60, 'SSL certificate
 			- (www.)? from www.provisu.ch
 
 -->
-<ruleset name="HON.ch (Health On the Net)" default_off='failed ruleset test'>
+<ruleset name="HON.ch (Health On the Net)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/HP_Cloud.com.xml b/src/chrome/content/rules/HP_Cloud.com.xml
index 5e68830ddcb6..b7ae9acbf43f 100644
--- a/src/chrome/content/rules/HP_Cloud.com.xml
+++ b/src/chrome/content/rules/HP_Cloud.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://hpcloud.com/ => https://hpcloud.com/: (28, 'Connection timed
 	For other HP coverage, see Hewlett-Packard.xml.
 
 -->
-<ruleset name="HP Cloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="HP Cloud.com (partial)" default_off="failed ruleset test">
 
 	<target host="hpcloud.com" />
 	<target host="blog.hpcloud.com" />
diff --git a/src/chrome/content/rules/HPlus_the_Digital_Series.xml b/src/chrome/content/rules/HPlus_the_Digital_Series.xml
index d5d1acbc6d68..4bbaae48e9b8 100644
--- a/src/chrome/content/rules/HPlus_the_Digital_Series.xml
+++ b/src/chrome/content/rules/HPlus_the_Digital_Series.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.hplusdigitalseries.com/ => https://www.hplusdigitalserie
 		- ^	(mismatched, CN: wbpinewmedia.warnerbros.com)
 
 -->
-<ruleset name="H+: the Digital Series" default_off='failed ruleset test'>
+<ruleset name="H+: the Digital Series" default_off="failed ruleset test">
 
 	<target host="hplusdigitalseries.com" />
 	<target host="www.hplusdigitalseries.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.hplusdigitalseries.com/ => https://www.hplusdigitalserie
 	<rule from="^http://(?:www\.)?hplusdigitalseries\.com/"
 		to="https://www.hplusdigitalseries.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HR_Solutions.xml b/src/chrome/content/rules/HR_Solutions.xml
index aad352f7f117..1144988c3353 100644
--- a/src/chrome/content/rules/HR_Solutions.xml
+++ b/src/chrome/content/rules/HR_Solutions.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hr-s.co.jp/ => https://hr-s.co.jp/: (51, "SSL: no alternative certificate subject name matches target host name 'hr-s.co.jp'")
 
 -->
-<ruleset name="HR Solutions" default_off='failed ruleset test'>
+<ruleset name="HR Solutions" default_off="failed ruleset test">
 
 	<target host="hr-s.co.jp" />
 	<target host="www.hr-s.co.jp" />
@@ -12,4 +12,4 @@ Fetch error: http://hr-s.co.jp/ => https://hr-s.co.jp/: (51, "SSL: no alternativ
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HRsmart.xml b/src/chrome/content/rules/HRsmart.xml
deleted file mode 100644
index b8593f8ef7ae..000000000000
--- a/src/chrome/content/rules/HRsmart.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="HRsmart" platform="mixedcontent">
-
-	<target host="*.mua.hrdepartment.com" />
-	<target host="*.tms.hrdepartment.com" />
-	<target host="hrsmart.com" />
-	<target host="www.hrsmart.com" />
-
-
-	<securecookie host="^.*\.hrdepartment\.com$" name=".+" />
-	<securecookie host="^www\.hrsmart\.com$" name=".+" />
-
-
-	<!--	Clients have unique subdomains.	-->
-	<rule from="^http://(\w+)\.(mua|tms)\.hrdepartment\.com/"
-		to="https://$1.$2.hrdepartment.com/" />
-
-	<rule from="^http://(www\.)?hrsmart\.com/"
-		to="https://$1hrsmart.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HSI.com.hk.xml b/src/chrome/content/rules/HSI.com.hk.xml
new file mode 100644
index 000000000000..02b13c44743f
--- /dev/null
+++ b/src/chrome/content/rules/HSI.com.hk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other Hang Seng Bank related rulesets, see HangSengBank.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- hsi.com.hk
+-->
+<ruleset name="HSI.com.hk">
+	<target host="hsi.com.hk" />
+	<target host="www.hsi.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hsi\.com\.hk/"
+			to="https://www.hsi.com.hk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HSLDA.xml b/src/chrome/content/rules/HSLDA.xml
index 21469ee81f03..2dcebfb7fe97 100644
--- a/src/chrome/content/rules/HSLDA.xml
+++ b/src/chrome/content/rules/HSLDA.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http://(?:www\.)?hslda\.org/" to="https://www.hslda.org/" />
 	<rule from="^http://secure\.hslda\.org/" to="https://secure.hslda.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HSV.se.xml b/src/chrome/content/rules/HSV.se.xml
index 4ab35cc62ded..dc039622f1fa 100644
--- a/src/chrome/content/rules/HSV.se.xml
+++ b/src/chrome/content/rules/HSV.se.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hsv.se/ => https://www.hsv.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hsv.se'")
 Fetch error: http://hsv.se/ => https://www.hsv.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hsv.se'")
  hogskoleverket -->
-<ruleset name="HSV.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="HSV.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.hsv.se" />
 	<target host="hsv.se" />
 	<rule from="^http://hsv\.se/" to="https://www.hsv.se/"/>
diff --git a/src/chrome/content/rules/HSappstatic.net.xml b/src/chrome/content/rules/HSappstatic.net.xml
deleted file mode 100644
index ec50a7c7bb18..000000000000
--- a/src/chrome/content/rules/HSappstatic.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other HubSpot coverage, see HubSpot.xml.
-
-
-	Fully covered hosts:
-
-		- static
-
--->
-<ruleset name="HSappstatic.net">
-
-	<target host="static.hsappstatic.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/HTC.com.xml b/src/chrome/content/rules/HTC.com.xml
index 1fc64c77de8a..87ea3a848ab5 100644
--- a/src/chrome/content/rules/HTC.com.xml
+++ b/src/chrome/content/rules/HTC.com.xml
@@ -8,7 +8,7 @@
 
 	<rule from="^http://htc\.com/"
 			to="https://www.htc.com/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HTML5Video.org.xml b/src/chrome/content/rules/HTML5Video.org.xml
deleted file mode 100644
index c802d593a5dc..000000000000
--- a/src/chrome/content/rules/HTML5Video.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Invalid certificate:
-		kgit.html5video.org
-
--->
-<ruleset name="HTML5Video.org">
-
-	<target host="html5video.org" />
-	<target host="www.html5video.org" />
-	<target host="code.html5video.org" />
-	<target host="staging.html5video.org" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HTTP.cat.xml b/src/chrome/content/rules/HTTP.cat.xml
index bbbdfd0ee5c3..83802f240c41 100644
--- a/src/chrome/content/rules/HTTP.cat.xml
+++ b/src/chrome/content/rules/HTTP.cat.xml
@@ -9,6 +9,6 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?http\.cat/" 
+	<rule from="^http://(www\.)?http\.cat/"
 			to="https://http.cat/" />
 </ruleset>
diff --git a/src/chrome/content/rules/HTTrack.com.xml b/src/chrome/content/rules/HTTrack.com.xml
new file mode 100644
index 000000000000..57a30a12910f
--- /dev/null
+++ b/src/chrome/content/rules/HTTrack.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="HTTrack.com">
+	<target host="httrack.com" />
+	<target host="www.httrack.com" />
+	<target host="android.httrack.com" />
+	<target host="blog.httrack.com" />
+	<target host="bnf.httrack.com" />
+	<target host="contrib.httrack.com" />
+	<target host="debian.httrack.com" />
+	<target host="download.httrack.com" />
+	<target host="forum.httrack.com" />
+	<target host="minitel.httrack.com" />
+	<target host="mirror.httrack.com" />
+	<target host="pgp.httrack.com" />
+	<target host="private.httrack.com" />
+	<target host="ut.httrack.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HTW-Berlin.de.xml b/src/chrome/content/rules/HTW-Berlin.de.xml
index 6c7ab1583690..3be54235e288 100644
--- a/src/chrome/content/rules/HTW-Berlin.de.xml
+++ b/src/chrome/content/rules/HTW-Berlin.de.xml
@@ -103,7 +103,7 @@ Fetch error: http://www.f4.htw-berlin.de/ => https://www.f4.htw-berlin.de/: Too
 		- signal.htw-berlin.de
 -->
 
-<ruleset name="HTW-Berlin.de (partial)" default_off='failed ruleset test'>
+<ruleset name="HTW-Berlin.de (partial)" default_off="failed ruleset test">
 	<target host="bewerben.htw-berlin.de" />
 	<target host="bewerbung.htw-berlin.de" />
 	<target host="bewerbungsstatus.htw-berlin.de" />
diff --git a/src/chrome/content/rules/HTWG-Konstanz.xml b/src/chrome/content/rules/HTWG-Konstanz.xml
index 30ebbbd3e2dc..06741b0d4d0b 100644
--- a/src/chrome/content/rules/HTWG-Konstanz.xml
+++ b/src/chrome/content/rules/HTWG-Konstanz.xml
@@ -5,4 +5,4 @@
     <target host="webmail.htwg-konstanz.de" />
 
     <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HaCoder.com.xml b/src/chrome/content/rules/HaCoder.com.xml
index ed9aba669636..c691cd77c63f 100644
--- a/src/chrome/content/rules/HaCoder.com.xml
+++ b/src/chrome/content/rules/HaCoder.com.xml
@@ -21,7 +21,7 @@ Non-2xx HTTP code: http://www.hacoder.com/ (200) => https://www.hacoder.com/ (40
 	* Secured by us
 
 -->
-<ruleset name="HaCoder.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="HaCoder.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/HabboLatino.xml b/src/chrome/content/rules/HabboLatino.xml
index d5965a645a1e..46609a1eb737 100644
--- a/src/chrome/content/rules/HabboLatino.xml
+++ b/src/chrome/content/rules/HabboLatino.xml
@@ -8,10 +8,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hlat.us/ => https://hlat.us/: Cycle detected - URL already encountered: http://hlat.us/
 	Nonfunctional domains:
 
-		- (www.)hlat.me	
+		- (www.)hlat.me
 
 -->
-<ruleset name="HabboLatino" default_off='failed ruleset test'>
+<ruleset name="HabboLatino" default_off="failed ruleset test">
 
 	<target host="hlat.us" />
 	<target host="www.hlat.us" />
@@ -22,4 +22,4 @@ Fetch error: http://hlat.us/ => https://hlat.us/: Cycle detected - URL already e
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Haber-Vision.xml b/src/chrome/content/rules/Haber-Vision.xml
index b4489741a75a..9b1ebbc33bd5 100644
--- a/src/chrome/content/rules/Haber-Vision.xml
+++ b/src/chrome/content/rules/Haber-Vision.xml
@@ -3,9 +3,8 @@
 	<target host="habervision.com"/>
 	<target host="www.habervision.com"/>
 
-	<securecookie host="^(?:.*\.)?habervision\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?habervision\.com/(css/|images/|mainstreet/)"
-		to="https://www.habervision.com/$1"/>
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Habets.se.xml b/src/chrome/content/rules/Habets.se.xml
index a72874863a77..b052041383f3 100644
--- a/src/chrome/content/rules/Habets.se.xml
+++ b/src/chrome/content/rules/Habets.se.xml
@@ -22,6 +22,6 @@
 	<rule from="^http://www\.habets\.se/"
 			to="https://habets.se/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Habpl.us.xml b/src/chrome/content/rules/Habpl.us.xml
index 3131055d7505..78ccb8851abc 100644
--- a/src/chrome/content/rules/Habpl.us.xml
+++ b/src/chrome/content/rules/Habpl.us.xml
@@ -5,7 +5,7 @@ Fetch error: http://habpl.us/ => https://habpl.us/: Too many redirects while fet
 Fetch error: http://www.habpl.us/ => https://www.habpl.us/: Too many redirects while fetching 'https://www.habpl.us/'
 
 -->
-<ruleset name="habpl.us" default_off='failed ruleset test'>
+<ruleset name="habpl.us" default_off="failed ruleset test">
 
 	<target host="habpl.us" />
 	<target host="www.habpl.us" />
@@ -16,4 +16,4 @@ Fetch error: http://www.habpl.us/ => https://www.habpl.us/: Too many redirects w
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Habrahabr.ru.xml b/src/chrome/content/rules/Habrahabr.ru.xml
index e798816f2c31..5b508cd0e52e 100644
--- a/src/chrome/content/rules/Habrahabr.ru.xml
+++ b/src/chrome/content/rules/Habrahabr.ru.xml
@@ -24,7 +24,7 @@ Fetch error: http://auth.habrahabr.ru/ => https://auth.habrahabr.ru/: (51, "SSL:
 	ʳ Unsecurable <= refused
 
 -->
-<ruleset name="Habrahabr.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="Habrahabr.ru (partial)" default_off="failed ruleset test">
 
 	<target host="habrahabr.ru" />
 	<target host="auth.habrahabr.ru" />
diff --git a/src/chrome/content/rules/Habrastorage.org.xml b/src/chrome/content/rules/Habrastorage.org.xml
deleted file mode 100644
index 873a5e889ce6..000000000000
--- a/src/chrome/content/rules/Habrastorage.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other TM coverage, see TMtm.ru.xml.
-
-
-	www.habrastorage.org: Mismatched
-
--->
-<ruleset name="habrastorage.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="habrastorage.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.habrastorage.org" />
-
-
-	<rule from="^http://www\.habrastorage\.org/"
-		to="https://habrastorage.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hack.chat.xml b/src/chrome/content/rules/Hack.chat.xml
new file mode 100644
index 000000000000..7cc4f1992ac5
--- /dev/null
+++ b/src/chrome/content/rules/Hack.chat.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		captcha.hack.chat
+		wss.hack.chat
+-->
+<ruleset name="Hack.chat">
+	<target host="hack.chat" />
+	<target host="www.hack.chat" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HackLang.org.xml b/src/chrome/content/rules/HackLang.org.xml
new file mode 100644
index 000000000000..a996e88e3c33
--- /dev/null
+++ b/src/chrome/content/rules/HackLang.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- www
+		- docs
+-->
+<ruleset name="HackLang.org">
+	<target host="hacklang.org" />
+	<target host="www.hacklang.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.hacklang\.org/" to="https://hacklang.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HackerNews.xml b/src/chrome/content/rules/HackerNews.xml
index c63bcceab79b..203a010b6330 100644
--- a/src/chrome/content/rules/HackerNews.xml
+++ b/src/chrome/content/rules/HackerNews.xml
@@ -19,7 +19,7 @@
 					-->
 	<!--securecookie host="^\.ycombinator\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?ycombinator\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/HackerRank.com.xml b/src/chrome/content/rules/HackerRank.com.xml
index dc1156c6b817..ca9b182c8828 100644
--- a/src/chrome/content/rules/HackerRank.com.xml
+++ b/src/chrome/content/rules/HackerRank.com.xml
@@ -3,7 +3,6 @@
 	<target host="hackerrank.com" />
 	<target host="www.hackerrank.com" />
 	<target host="hrcdn.net" />
-	<target host="*.hrcdn.net" />
 
 
 	<!--	Not secured by server:
@@ -14,10 +13,6 @@
 	<securecookie host="^\.hrcdn\.net$" name=".+" />
 
 
-	<rule from="^http://(www\.)?hackerrank\.com/"
-		to="https://$1hackerrank.com/" />
-
-	<rule from="^http://hrcdn\.net/"
-		to="https://hrcdn.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hacker_Target.com.xml b/src/chrome/content/rules/Hacker_Target.com.xml
index 8eaaf9b4e8ed..228267203ce1 100644
--- a/src/chrome/content/rules/Hacker_Target.com.xml
+++ b/src/chrome/content/rules/Hacker_Target.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hackertarget.com/ => https://www.hackertarget.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Hacker Target.com" default_off='failed ruleset test'>
+<ruleset name="Hacker Target.com" default_off="failed ruleset test">
 
 	<target host="hackertarget.com" />
 	<target host="www.hackertarget.com" />
diff --git a/src/chrome/content/rules/Hackers.fi.xml b/src/chrome/content/rules/Hackers.fi.xml
index 7d88eba212a3..13586929fe78 100644
--- a/src/chrome/content/rules/Hackers.fi.xml
+++ b/src/chrome/content/rules/Hackers.fi.xml
@@ -10,10 +10,11 @@ Fetch error: http://hackers.fi/ => https://hackers.fi/: (60, 'SSL certificate pr
 		- www	(mismatched, CN: www.noelia.fi)
 
 -->
-<ruleset name="hackers.fi" default_off='failed ruleset test'>
+<ruleset name="hackers.fi" default_off="failed ruleset test">
 
 	<target host="hackers.fi" />
-	<target host="*.hackers.fi" />
+	<target host="root.hackers.fi" />
+	<target host="www.hackers.fi" />
 
 
 	<rule from="^http://(?:(root\.)|www\.)?hackers\.fi/"
diff --git a/src/chrome/content/rules/Hackerschool.xml b/src/chrome/content/rules/Hackerschool.xml
index ab79a2e1b7bd..8aa8bb1cd49d 100644
--- a/src/chrome/content/rules/Hackerschool.xml
+++ b/src/chrome/content/rules/Hackerschool.xml
@@ -3,7 +3,7 @@
 	<target host="hackerschool.com"/>
 	<target host="*.hackerschool.com"/>
 
-	<securecookie host="^(?:.*\.)?hackerschool\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<!--	cert from redirector.zerigo.net	-->
 	<rule from="^http://hackerschool\.com/"
diff --git a/src/chrome/content/rules/Hackerspace.pl.xml b/src/chrome/content/rules/Hackerspace.pl.xml
index 9d2adef5c56f..a1cf8c0d2c63 100644
--- a/src/chrome/content/rules/Hackerspace.pl.xml
+++ b/src/chrome/content/rules/Hackerspace.pl.xml
@@ -21,7 +21,7 @@ Fetch error: http://redmine.hackerspace.pl/ => https://redmine.hackerspace.pl/:
 	* Secured by us
 
 -->
-<ruleset name="Hackerspace.pl" default_off='failed ruleset test'>
+<ruleset name="Hackerspace.pl" default_off="failed ruleset test">
 
 	<target host="hackerspace.pl" />
 	<target host="blog.hackerspace.pl" />
diff --git a/src/chrome/content/rules/Hacking.Ventures.xml b/src/chrome/content/rules/Hacking.Ventures.xml
index f7da667a7b1b..c5df530f26d2 100644
--- a/src/chrome/content/rules/Hacking.Ventures.xml
+++ b/src/chrome/content/rules/Hacking.Ventures.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.hacking.ventures/ => https://hacking.ventures/: (51, "SS
 	www: Mismatched
 
 -->
-<ruleset name="Hacking.Ventures" default_off='failed ruleset test'>
+<ruleset name="Hacking.Ventures" default_off="failed ruleset test">
 
 	<target host="hacking.ventures" />
 	<target host="www.hacking.ventures" />
diff --git a/src/chrome/content/rules/Hackinthebox.org.xml b/src/chrome/content/rules/Hackinthebox.org.xml
index 1d3a7a71c717..7a3df93a4a77 100644
--- a/src/chrome/content/rules/Hackinthebox.org.xml
+++ b/src/chrome/content/rules/Hackinthebox.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://hackinthebox.org/ => https://www.hackinthebox.org/: (60, 'SS
 Fetch error: http://www.hackinthebox.org/ => https://www.hackinthebox.org/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://forum.hackinthebox.org/ => https://forum.hackinthebox.org/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Hackinthebox.org" default_off='failed ruleset test'>
+<ruleset name="Hackinthebox.org" default_off="failed ruleset test">
   <target host="hackinthebox.org" />
   <target host="www.hackinthebox.org" />
   <target host="forum.hackinthebox.org" />
diff --git a/src/chrome/content/rules/Hackthe.computer.xml b/src/chrome/content/rules/Hackthe.computer.xml
index 395a44091034..21c662391446 100644
--- a/src/chrome/content/rules/Hackthe.computer.xml
+++ b/src/chrome/content/rules/Hackthe.computer.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.hackthe.computer/ => https://hackthe.computer/: (60, 'SS
 	www.hackthe.computer: Refused
 
 -->
-<ruleset name="hackthe.computer" default_off='failed ruleset test'>
+<ruleset name="hackthe.computer" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/HacktionLab.org.xml b/src/chrome/content/rules/HacktionLab.org.xml
index 22ff79ce063e..f14faca58011 100644
--- a/src/chrome/content/rules/HacktionLab.org.xml
+++ b/src/chrome/content/rules/HacktionLab.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hacktionlab.org/ => https://www.hacktionlab.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hacktionlab.org'")
 
 -->
-<ruleset name="HacktionLab.org" default_off='failed ruleset test'>
+<ruleset name="HacktionLab.org" default_off="failed ruleset test">
 	<target host="hacktionlab.org" />
 	<target host="www.hacktionlab.org" />
 
diff --git a/src/chrome/content/rules/Haiku_Project.xml b/src/chrome/content/rules/Haiku_Project.xml
index cd1e6b8cae8b..955646fa2b06 100644
--- a/src/chrome/content/rules/Haiku_Project.xml
+++ b/src/chrome/content/rules/Haiku_Project.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hail_Protector.xml b/src/chrome/content/rules/Hail_Protector.xml
deleted file mode 100644
index 1f9df22e3d89..000000000000
--- a/src/chrome/content/rules/Hail_Protector.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://myhailprotector.com/ => https://www.myhailprotector.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.myhailprotector.com'")
-
-	For other Hail Storm Products coverage, see Hail_Storm_Products.xml.
-
-
-	^ CN: *.bluehost.com
-
--->
-<ruleset name="Hail Protector" default_off='failed ruleset test'>
-
-	<target host="myhailprotector.com" />
-	<target host="*.myhailprotector.com" />
-
-
-	<securecookie host="^\.myhailprotector\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?myhailprotector\.com/"
-		to="https://www.myhailprotector.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hail_Storm_Products.xml b/src/chrome/content/rules/Hail_Storm_Products.xml
deleted file mode 100644
index 87f0ea8ed0a8..000000000000
--- a/src/chrome/content/rules/Hail_Storm_Products.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Other Hail Storm Products rulesets:
-
-		- Hail_Protector.xml
-
-
-	Problematic domains:
-
-		- hailavenger.com *
-		- www.hailavenger.com
-		- hailguardian.com *
-		- hailavenger.hailguardian.com *
-		- www.hailguardian.com
-		- hailstormproducts.com *
-
-	* Mismatched, CN: *.bluehost.com
-
--->
-<ruleset name="Hail Storm Products">
-
-	<target host="hailavenger.com" />
-	<target host="www.hailavenger.com" />
-	<target host="hailguardian.com" />
-	<target host="*.hailguardian.com" />
-	<target host="hailstormproducts.com" />
-	<target host="*.hailstormproducts.com" />
-
-
-	<securecookie host="^\.hailstormproducts\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)hailavenger(?:\.hailguardian)\.com/"
-		to="https://secure.bluehost.com/~hailguar/hailavenger/" />
-
-	<rule from="^http://(?:www\.)?hailguardian\.com/"
-		to="https://secure.bluehost.com/~hailguar/" />
-
-	<rule from="^http://(?:www\.)?hailstormproducts\.com/"
-		to="https://www.hailstormproducts.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hairsmize.com.xml b/src/chrome/content/rules/Hairsmize.com.xml
deleted file mode 100644
index 34f6e0bbe9a3..000000000000
--- a/src/chrome/content/rules/Hairsmize.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Hairsmize.com">
-
-	<target host="hairsmize.com" />
-	<target host="www.hairsmize.com" />
-
-
-	<securecookie host="^\.hairsmize\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hakko.com.xml b/src/chrome/content/rules/Hakko.com.xml
deleted file mode 100644
index 4a853c5dc64f..000000000000
--- a/src/chrome/content/rules/Hakko.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Hakko.com" platform="mixedcontent">
-  <target host="www.hakko.com" />
-  <target host="hakko.com" />
-
-  <rule from="^http://(?:www\.)?hakko\.com/" to="https://www.hakko.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/HalalTube.com.xml b/src/chrome/content/rules/HalalTube.com.xml
new file mode 100644
index 000000000000..99c284bc0c55
--- /dev/null
+++ b/src/chrome/content/rules/HalalTube.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		respect.halaltube.com
+-->
+<ruleset name="HalalTube.com">
+	<target host="halaltube.com" />
+	<target host="www.halaltube.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halebop.se.xml b/src/chrome/content/rules/Halebop.se.xml
index fa88c5efbfe8..7d51271c9d76 100644
--- a/src/chrome/content/rules/Halebop.se.xml
+++ b/src/chrome/content/rules/Halebop.se.xml
@@ -1,8 +1,12 @@
-<!-- already enforces https. adding to prevent sslstrips on port 80 -->
-<ruleset name="Halebop.se" platform="mixedcontent">
+<ruleset name="Halebop.se">
 	<target host="halebop.se" />
 	<target host="www.halebop.se" />
-	<rule from="^http://halebop\.se/" to="https://www.halebop.se/"/>
-	<rule from="^http://www\.halebop\.se/" to="https://www.halebop.se/"/>
-</ruleset>
+	<target host="ibank.halebop.se" />
+	<target host="kundservice.halebop.se" />
+	<target host="kundservice-chat.halebop.se" />
+	<target host="shop.halebop.se" />
+	<target host="support.halebop.se" />
+	<target host="support-test.halebop.se" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halifax-Online.co.uk.xml b/src/chrome/content/rules/Halifax-Online.co.uk.xml
new file mode 100644
index 000000000000..91f3f6671e5c
--- /dev/null
+++ b/src/chrome/content/rules/Halifax-Online.co.uk.xml
@@ -0,0 +1,12 @@
+<ruleset name="Halifax-Online.co.uk (partial)">
+	<target host="halifax-online.co.uk" />
+	<target host="www.halifax-online.co.uk" />
+	<target host="cem.halifax-online.co.uk" />
+		<test url="http://cem.halifax-online.co.uk/eumcollector/beacons" />
+	<target host="help.halifax-online.co.uk" />
+	<target host="marketing.halifax-online.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halifax.co.uk.xml b/src/chrome/content/rules/Halifax.co.uk.xml
new file mode 100644
index 000000000000..8d668c3c2d45
--- /dev/null
+++ b/src/chrome/content/rules/Halifax.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="Halifax.co.uk">
+	<target host="halifax.co.uk" />
+	<target host="www.halifax.co.uk" />
+	<target host="cem.halifax.co.uk" />
+		<test url="http://cem.halifax.co.uk/eumcollector/beacons/browser/v1/EU-AAB-HCH-DMP/adrum" />
+	<target host="images.halifax.co.uk" />
+		<test url="http://images.halifax.co.uk/assets/img/logo-print.png" />
+	<target host="static.halifax.co.uk" />
+		<test url="http://static.halifax.co.uk/assets/js/libs/jquery-ui.min.js" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Halifax.xml b/src/chrome/content/rules/Halifax.xml
deleted file mode 100644
index 3188790d6c46..000000000000
--- a/src/chrome/content/rules/Halifax.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic domains:
-
-		- halifax.co.uk		(cert only matches www)
-
-
-	^halifax-online.co.uk doesn't exist
-
--->
-<ruleset name="Halifax">
-
-	<target host="halifax.co.uk" />
-	<target host="*.halifax.co.uk" />
-	<target host="*.halifax-online.co.uk" />
-
-
-	<securecookie host="^\.halifax(?:-online)?\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?halifax(-online)?\.co\.uk/"
-		to="https://www.halifax$1.co.uk/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Halo-oglasi.xml b/src/chrome/content/rules/Halo-oglasi.xml
new file mode 100644
index 000000000000..95340e9940bd
--- /dev/null
+++ b/src/chrome/content/rules/Halo-oglasi.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		web2sms.halooglasi.com
+
+	Unable to connect to server:
+		webtest.halooglasi.com
+-->
+<ruleset name="Halo oglasi">
+
+	<target host="halooglasi.com" />
+	<target host="www.halooglasi.com" />
+	<target host="img.halooglasi.com" />
+	<target host="promo.halooglasi.com" />
+	<target host="static.halooglasi.com" />
+	<target host="widget.halooglasi.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hammacher-Schlemmer.xml b/src/chrome/content/rules/Hammacher-Schlemmer.xml
index 88cb4abdd2c2..356933e24b32 100644
--- a/src/chrome/content/rules/Hammacher-Schlemmer.xml
+++ b/src/chrome/content/rules/Hammacher-Schlemmer.xml
@@ -1,7 +1,9 @@
 <ruleset name="Hammacher Schlemmer (partial)" platform="mixedcontent">
 
 	<target host="hammacher.com" />
-	<target host="*.hammacher.com" />
+	<target host="images.hammacher.com" />
+	<target host="www.hammacher.com" />
+	<target host="digital.hammacher.com" />
 
 
 	<!--	Akamai
diff --git a/src/chrome/content/rules/Hamradio.com.xml b/src/chrome/content/rules/Hamradio.com.xml
index 8bbdac497d2c..8ff318024cc4 100644
--- a/src/chrome/content/rules/Hamradio.com.xml
+++ b/src/chrome/content/rules/Hamradio.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://hamradio.com/ => https://www.hamradio.com/: Too many redirec
 Fetch error: http://www.hamradio.com/ => https://www.hamradio.com/: Too many redirects while fetching 'https://www.hamradio.com/'
 
 -->
-<ruleset name="Hamradio.com" default_off='failed ruleset test'>
+<ruleset name="Hamradio.com" default_off="failed ruleset test">
   <target host="hamradio.com" />
   <target host="www.hamradio.com" />
 
diff --git a/src/chrome/content/rules/Handelsbanken.fi.xml b/src/chrome/content/rules/Handelsbanken.fi.xml
index 51affe170db4..ab62d990cac0 100644
--- a/src/chrome/content/rules/Handelsbanken.fi.xml
+++ b/src/chrome/content/rules/Handelsbanken.fi.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www2.handelsbanken.fi/ => https://www2.handelsbanken.fi/: (7, 'Failed to connect to www2.handelsbanken.fi port 80: Connection refused')
 Fetch error: http://www9.handelsbanken.fi/ => https://www9.handelsbanken.fi/: 'NoneType' object has no attribute 'xpath'
 -->
-<ruleset name="handelsbanken.fi (partial)" default_off='failed ruleset test'>
+<ruleset name="handelsbanken.fi (partial)" default_off="failed ruleset test">
   <target host="handelsbanken.fi"/>
   <target host="www.handelsbanken.fi"/>
   <target host="www1.handelsbanken.fi"/>
@@ -16,7 +16,7 @@ Fetch error: http://www9.handelsbanken.fi/ => https://www9.handelsbanken.fi/: 'N
   <target host="netsale.aktiiviraha.fi"/>
   <target host="www.aktiiviraha.fi"/>
   <target host="aktiiviraha.fi"/>
-  
+
   <rule from="^http://(?:www\.)?handelsbanken\.fi/" to="https://www.handelsbanken.fi/"/>
   <rule from="^http://(www1|www2|www9)\.handelsbanken\.fi/" to="https://$1.handelsbanken.fi/"/>
   <rule from="^http://(?:www\.)?aktiiviraha\.fi/" to="https://www.aktiiviraha.fi/"/>
diff --git a/src/chrome/content/rules/Handelsblatt.xml b/src/chrome/content/rules/Handelsblatt.xml
index 5db715ef40b0..a864f54477d2 100644
--- a/src/chrome/content/rules/Handelsblatt.xml
+++ b/src/chrome/content/rules/Handelsblatt.xml
@@ -1,62 +1,65 @@
 <!--
-	CDN buckets:
-
-		- euroforumlb1-1093815010.eu-west-1.elb.amazonaws.com
-
-			- veranstaltungen
-
-		- d21rxpf5vn0rru.cloudfront.net
-
-			- staticef[12].handelsblatt.com
-
-
-	Problematic subdomains:
-
-		- ^	(refused)
-
-
-	Problematic subdomains:
-
-		- veranstaltungen	(works; mismatched, CN: *.euroforum.com)
-
-
-	Some pages redirect to http
-
+	Chain issue, missing intermediate:
+		- veranstaltungen.handelsblatt.com
+
+	Invalid certificate:
+		- financetoday.handelsblatt.com
+		- ircenter.handelsblatt.com
+		- mailservice.handelsblatt.com
+		- orangenews.handelsblatt.com
+		- staticef1.handelsblatt.com, equivalent to d30no8cbyph8wj.cloudfront.net
+		- staticef2.handelsblatt.com, equivalent to d30no8cbyph8wj.cloudfront.net
+
+	Redirects to HTTP:
+		- club.handelsblatt.com
+
+	Wrong redirect:
+		- 360grad.handelsblatt.com
+		- energyawards.handelsblatt.com
 -->
-<ruleset name="Handelsblatt (partial)">
 
+<ruleset name="Handelsblatt">
 	<target host="handelsblatt.com" />
-	<target host="*.handelsblatt.com" />
-
-	<test url="http://abo.handelsblatt.com/" />
-	<test url="http://amp.handelsblatt.com/" />
-	<test url="http://angebot.handelsblatt.com/" />
-	<test url="http://archiv.handelsblatt.com/" />
-	<test url="http://award.handelsblatt.com/" />
-	<test url="http://epaper.handelsblatt.com/" />
-	<test url="http://global.handelsblatt.com/" />
-	<test url="http://global-auth.handelsblatt.com/" />
-	<test url="http://global-static.handelsblatt.com/handelsblatt-global-edition-issue-542_2016-10-24.pdf" />
-	<test url="http://kaufhaus.handelsblatt.com/" />
-	<test url="http://morningbriefing.handelsblatt.com/" />
-	<test url="http://quiz.handelsblatt.com/" />
-	<test url="http://reiseauktion.handelsblatt.com/" />
-	<test url="http://signup.handelsblatt.com/" />
-	<test url="http://staticef1.handelsblatt.com/" />
-	<test url="http://us-wahl.handelsblatt.com/" />
-	<test url="http://www.handelsblatt.com/" />
+	<target host="www.handelsblatt.com" />
+	<target host="abo.handelsblatt.com" />
+	<target host="amp.handelsblatt.com" />
+	<target host="angebot.handelsblatt.com" />
+	<target host="app.handelsblatt.com" />
+	<target host="apps.handelsblatt.com" />
+	<target host="archiv.handelsblatt.com" />
+	<target host="award.handelsblatt.com" />
+	<target host="chinacircle.handelsblatt.com" />
+	<target host="edison.handelsblatt.com" />
+	<target host="epaper.handelsblatt.com" />
+	<target host="finanzen.handelsblatt.com" />
+	<target host="global.handelsblatt.com" />
+	<target host="global-auth.handelsblatt.com" />
+	<target host="global-static.handelsblatt.com" />
+		<test url="http://global-static.handelsblatt.com/handelsblatt-global-edition-issue-542_2016-10-24.pdf" />
+	<target host="kaufhaus.handelsblatt.com" />
+	<target host="magazin.handelsblatt.com" />
+	<target host="morningbriefing.handelsblatt.com" />
+	<target host="morningbriefingmail.handelsblatt.com" />
+	<target host="orange.handelsblatt.com" />
+	<target host="quiz.handelsblatt.com" />
+	<target host="reiseauktion.handelsblatt.com" />
+	<target host="research.handelsblatt.com" />
+	<target host="signup.handelsblatt.com" />
+	<target host="staticef1.handelsblatt.com" />
+	<target host="staticef2.handelsblatt.com" />
+	<target host="themenplanung.handelsblatt.com" />
+	<target host="tool.handelsblatt.com" />
+	<target host="us-wahl.handelsblatt.com" />
 
 
 	<securecookie host="^abo\.handelsblatt\.com$" name=".+" />
 
 
-	<rule from="^http://handelsblatt\.com/" 
-		to="https://handelsblatt.com/"/>	
-
-	<rule from="^http://(abo|amp|angebot|archiv|award|epaper|global|global-auth|global-static|kaufhaus|morningbriefing|quiz|reiseauktion|signup|us-wahl|www)\.handelsblatt\.com/"
-		to="https://$1.handelsblatt.com/" />
-
 	<rule from="^http://staticef[12]\.handelsblatt\.com/"
-		to="https://d21rxpf5vn0rru.cloudfront.net/" />
+		to="https://d30no8cbyph8wj.cloudfront.net/" />
+		<test url="http://staticef1.handelsblatt.com/source/css/ie.css" />
+		<test url="http://staticef2.handelsblatt.com/source/img/1.jpg" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Handelsregister.de.xml b/src/chrome/content/rules/Handelsregister.de.xml
index 4fe71b5f3d13..fa079446bb6a 100644
--- a/src/chrome/content/rules/Handelsregister.de.xml
+++ b/src/chrome/content/rules/Handelsregister.de.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://handelsregister.de/ => https://handelsregister.de/: (51, "SSL: no alternative certificate subject name matches target host name 'handelsregister.de'")
 
 -->
-<ruleset name="Handelsregister.de" default_off='failed ruleset test'>
+<ruleset name="Handelsregister.de" default_off="failed ruleset test">
   <target host=    "handelsregister.de"/>
   <target host="www.handelsregister.de"/>
 
diff --git a/src/chrome/content/rules/Handy.de.xml b/src/chrome/content/rules/Handy.de.xml
deleted file mode 100644
index d0467dde722b..000000000000
--- a/src/chrome/content/rules/Handy.de.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dynimages	(refused)
-
-
-	Problematic subdomains:
-
-		- (www.)	(refused)
-		- img		(mismatched, CN: i.arvm.de)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(→ www.etracker.de)
-		- img		(→ i.arvm.de)
-
--->
-<ruleset name="handy.de">
-
-	<target host="handy.de" />
-	<target host="*.handy.de" />
-
-
-	<rule from="^http://(?:www\.)?handy\.de/+[^?]*\?(.*)"
-		to="https://www.etracker.de/lnkcnt.php?et=kbglnx&amp;url=http://www.mondiamedia.com%3FL%3D0%26redirect_from%3Dhandy.de&amp;lnkname=handy&amp;$1" />
-
-	<rule from="^http://(?:www\.)?handy\.de/.*"
-		to="https://www.etracker.de/lnkcnt.php?et=kbglnx&amp;url=http://www.mondiamedia.com%3FL%3D0%26redirect_from%3Dhandy.de&amp;lnkname=handy" />
-
-	<rule from="^http://img\.handy\.de/"
-		to="https://i.arvm.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/HangSeng.com.cn.xml b/src/chrome/content/rules/HangSeng.com.cn.xml
new file mode 100644
index 000000000000..86b956e8298d
--- /dev/null
+++ b/src/chrome/content/rules/HangSeng.com.cn.xml
@@ -0,0 +1,20 @@
+<!--
+	For other Hang Seng Bank related rulesets, see HangSengBank.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- funds.hangseng.com.cn
+
+		SSL peer certificate was not OK:
+		- hangseng.com.cn
+		- www.ecds.hangseng.com.cn
+-->
+<ruleset name="HangSeng.com.cn">
+	<target host="hangseng.com.cn" />
+	<target host="www.hangseng.com.cn" />
+
+	<rule from="^http://hangseng\.com\.cn/"
+		to="https://www.hangseng.com.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HangSengBank.xml b/src/chrome/content/rules/HangSengBank.xml
index e96433c326d6..6169f5ca5f51 100644
--- a/src/chrome/content/rules/HangSengBank.xml
+++ b/src/chrome/content/rules/HangSengBank.xml
@@ -1,38 +1,46 @@
 <!--
-	Invalid certificate:
-		hangseng.com
-		www.cn.hangseng.com
-		promotion.hangseng.com
-		hangseng.com.cn
-		www.ecds.hangseng.com.cn
-
-	No working URL known:
-		fileupload.hangseng.com
-		fileupload1.hangseng.com
-		fileupload2.hangseng.com
-		www.ipoonline.hangseng.com
-
-	Refused:
-		funds.hangseng.com.cn
-
-	Time out:
-		eba.hangseng.com
-		evalue.hangseng.com
-		inv.hangseng.com
-		realestate.hangseng.com
-		sc.hangseng.com
-		sw.hangseng.com
+	Other Hang Seng Bank related rulesets:
+		+ HSI.com.hk.xml
+		+ HangSeng.com.cn.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- hsp2gp1.hangseng.com
+		- hsp2gp2.hangseng.com
 -->
 <ruleset name="Hang Seng Bank">
+	<target host="hangseng.com" />
 	<target host="www.hangseng.com" />
+
 	<target host="bank.hangseng.com" />
+	<target host="biz-ebanking.hangseng.com" />
+	<target host="www.biz-ebanking.hangseng.com" />
+	<target host="www1.biz-ebanking.hangseng.com" />
+	<target host="www2.biz-ebanking.hangseng.com" />
+	<target host="e-banking.blp.hangseng.com" />
+
+	<target host="chatbot.hangseng.com" />
+	<target host="cms.hangseng.com" />
+
+	<target host="developer.hangseng.com" />
+
 	<target host="e-banking.hangseng.com" />
 	<target host="e-banking1.hangseng.com" />
 	<target host="e-banking2.hangseng.com" />
+	<target host="eba.hangseng.com" />
 	<target host="ebusiness.hangseng.com" />
-	<target host="quote.hangseng.com" />
-		<test url="http://quote.hangseng.com/streaming/landing/" />
-	<target host="www.hangseng.com.cn" />
+	<target host="evalue.hangseng.com" />
+
+	<target host="inv.hangseng.com" />
+	<target host="www.ipoonline.hangseng.com" />
+
+	<target host="fileupload.hangseng.com" />
+	<target host="fileupload1.hangseng.com" />
+	<target host="fileupload2.hangseng.com" />
+
+	<target host="realestate.hangseng.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hants.gov.uk.xml b/src/chrome/content/rules/Hants.gov.uk.xml
index cab833159be6..47a87dd2533c 100644
--- a/src/chrome/content/rules/Hants.gov.uk.xml
+++ b/src/chrome/content/rules/Hants.gov.uk.xml
@@ -27,7 +27,7 @@ Non-2xx HTTP code: http://tribal.hants.gov.uk/ (200) => https://tribal.hants.gov
 		- ict.hias ᵃ
 		- re.hias ᵃ
 		- science.hias ᵃ
-		
+
 		- historicenvironment ᵃ
 		- linkeddata ʳ
 		- localviewmaps ᵖ
@@ -81,7 +81,7 @@ Non-2xx HTTP code: http://tribal.hants.gov.uk/ (200) => https://tribal.hants.gov
 	ˢ Secured by us
 
 -->
-<ruleset name="Hants.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Hants.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="hants.gov.uk" />
 	<target host="accounts.hants.gov.uk" />
diff --git a/src/chrome/content/rules/Hao123.com-mixedcontent.xml b/src/chrome/content/rules/Hao123.com-mixedcontent.xml
deleted file mode 100644
index 1e72246599a2..000000000000
--- a/src/chrome/content/rules/Hao123.com-mixedcontent.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing MCB, see Hao123.com.xml
-
-	Redirects to HTTP: lady.hao123.com
--->
-<ruleset name="Hao123.com (MCB)" platform="mixedcontent">
-	<target host="djyx.hao123.com" />
-	<target host="game.hao123.com" />
-	<target host="pic.hao123.com" />
-	<target host="soft.hao123.com" />
-	<target host="tianqi.hao123.com" />
-	<target host="v.hao123.com" />
-	<target host="vip.hao123.com" />
-	<target host="www.hao123.com" />
-	<target host="wyyx.hao123.com" />
-	<target host="xyx.hao123.com" />
-
-	<securecookie host="^\w" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hao123.com.xml b/src/chrome/content/rules/Hao123.com.xml
index 4b25650f1c7f..d2594db8dc7c 100644
--- a/src/chrome/content/rules/Hao123.com.xml
+++ b/src/chrome/content/rules/Hao123.com.xml
@@ -1,118 +1,49 @@
 <!--
-	For rules causing MCB, see Hao123.com-mixedcontent.xml.
-
 	For other Baidu coverage, see Baidu.xml.
 
-	Nonfunctional hosts in *hao123.com:
-		- ae ᵈ
-		- book ᵃ
-		- common ᵈ
-		- static.book ᵃ
-		- dl ᶠ
-		- en ᵈ
-		- feedback	(times out)
-		- img ᵈ
-		- img[1-46] ᵈ
-		- life *
-		- live *
-		- m ᶠ
-		- moe *
-		- music ᵈ
-		- qipai ᵈ
-		- sjrj ᵈ
-		- tejia ᵈ
-		- topic ʰ
-		- tuan ᵈ
-		- tw ᵈ
-	ᵃ Shows www.zongheng.com
-	* Blank page
-	ᵈ Dropped
-	ᶠ Handshake fails
-	ʰ Redirects to HTTP
+	Dropped:
+		- en
+		- tuan
+		- tw
 
-	Problematic hosts in *hao123.com:
-		- ^ ᵈ
-		- djyx ˣ
-		- game ˣ
-		- lady ˣ
-		- pic ˣ
-		- soft ˣ
-		- tianqi ˣ
-		- vip ˣ
-		- www ˣ
-		- wyyx ˣ
-		- xyx ˣ
-	ᵈ Dropped, preemptable redirect
-	ˣ Mixed css or iframes
+	Mismatched:
+		- ^
+		- ae
+		- img[0-6]?
+		- music
+		- static.book
 
-	Insecure cookies are set for these domains and hosts: ᶜ
-		- .hao123.com:
-		- .common.hao123.com:
-		- .game.hao123.com:
-		- .pic.hao123.com:
-		- .tianqi.hao123.com:
-		- .topic.hao123.com:
-		- vip.hao123.com:
-		- .vip.hao123.com:
-		- www.hao123.com:
-		- .www.hao123.com:
-	ᶜ See https://owasp.org/index.php/SecureFlag
+	Redirect to HTTP:
+		- live
+		- tejia
+		- topic
 
 	Mixed content:
-		- iframes, on:
-			- lady from yule.2258.com
-			- lady from tejia.hao123.com ᵈ
-			- pic from xiuxiu.web.meitu.com ³
-			- vip from $self ˢ
-			- vip from www.baidu.com ˢ
-			- xyx from www.hao123.com
-		- flash on game from v.163.com ʳ
-		- css, on:
-			- game, lady, tianqi, vip, www from s[0-2].hao123img.com
-			- game from sc[0-4].hao123img.com
-			- djyx, game, soft, wyyx from sh[0-3].hao123img.com
-			- vip from vip.bdimg.com
-		- Images, on:
-			- vip from [a-h].hiphotos.baidu.com ᵈ
-			- game, lady, soft, tianqi, vip, www, xyx from s[0-4].hao123img.com
-			- djyx, pic, wyyx from sc[1-4].hao123img.com
-			- djyx, soft, wyyx from sh[0-4].hao123img.com
-			- djyx from soft.hao123.com
-			- pic from img.hao123.com ᵈ
-			- pic from img[1-36].hao123.com ᵈ
-			- tianqi from bcs.91.com
-			- tianqi from bcs.img.r1.91.com
-			- www from $self ˢ
-			- xyx from p[1-4].xyx.hao123img.com
-		- favicon on djyx, game, lady, pic, soft, tianqi, wyyx from www.hao123.com ˢ
-	³ Unsecurable <= 403
-	ʳ Unsecurable <= refused
+		- djyx
+		- lady
+		- pic
+		- soft
+		- tianqi
+		- vip
+		- xyx
 -->
 <ruleset name="Hao123.com (partial)">
-	<!--target host="djyx.hao123.com" /-->
-	<!--target host="game.hao123.com" /-->
-	<!--target host="lady.hao123.com" /-->
-	<!--target host="pic.hao123.com" /-->
-	<!--target host="soft.hao123.com" /-->
-	<!--target host="tianqi.hao123.com" /-->
+	<target host="hao123.com" />
+	<target host="www.hao123.com" />
+	<target host="book.hao123.com" />
+	<target host="common.hao123.com" />
+	<target host="dl.hao123.com" />
+	<target host="feedback.hao123.com" />
+	<target host="game.hao123.com" />
+	<target host="life.hao123.com" />
+	<target host="m.hao123.com" />
+	<target host="moe.hao123.com" />
+	<target host="qipai.hao123.com" />
 	<target host="user.hao123.com" />
-	<!--target host="v.hao123.com" /-->
-	<!--target host="vip.hao123.com" /-->
-	<!--target host="www.hao123.com" /-->
-	<!--target host="wyyx.hao123.com" /-->
-	<!--target host="xyx.hao123.com" /-->
-
-		<!--	Mixed iframe:
-					-->
-		<!--test url="http://pic.hao123.com/hezuo/meitu" /-->
-
-		<!--	Mixed css:
-					-->
-		<!--test url="http://game.hao123.com/article/1/1211" /-->
-		<!--test url="http://www.hao123.com/shouji" /-->
+	<target host="wyyx.hao123.com" />
 
-	<securecookie host="^\.topic\." name=".+" />
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://hao123\.com/" to="https://www.hao123.com/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Haobtc.com.xml b/src/chrome/content/rules/Haobtc.com.xml
deleted file mode 100644
index fa5df01df08a..000000000000
--- a/src/chrome/content/rules/Haobtc.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Haobtc.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="haobtc.com" />
-	<target host="www.haobtc.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HappyKnowledge.com.xml b/src/chrome/content/rules/HappyKnowledge.com.xml
index e0b443cbb66a..57a21f653acf 100644
--- a/src/chrome/content/rules/HappyKnowledge.com.xml
+++ b/src/chrome/content/rules/HappyKnowledge.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="HappyKnowledge.com">
 
 	<target host="happyknowledge.com" />
-	<target host="*.happyknowledge.com" />
+	<target host="www.happyknowledge.com" />
 
 
 	<securecookie host="^(?:www)\.happyknowledge\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Happy_Herbivore.xml b/src/chrome/content/rules/Happy_Herbivore.xml
deleted file mode 100644
index d2a20b474b7d..000000000000
--- a/src/chrome/content/rules/Happy_Herbivore.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1go12qtky6pt0.cloudfront.net | s3.amazonaws.com/happyherb-media/
-
-			- media.happyherbivore.com
-
-		- d2vtfeon2ovn8e.cloudfront.net | s3.amazonaws.com/happyherb-css/
-
-			- css.happyherbivore.com
-
-		- dmi4pvc5gbhhd.cloudfront.net | s3.amazonaws.com/happyherb-photos/
-
-			- photos.happyherbivore.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-		- store		(pages redirect to http; mismatched, CN: *.storenvy.com)
-
--->
-<ruleset name="Happy Herbivore (partial)">
-
-	<target host="*.happyherbivore.com" />
-
-
-	<rule from="^http://css\.happyherbivore\.com/"
-		to="https://d2vtfeon2ovn8e.cloudfront.net/" />
-
-	<rule from="^http://media\.happyherbivore\.com/"
-		to="https://d1go12qtky6pt0.cloudfront.net/" />
-
-	<rule from="^http://photos\.happyherbivore\.com/"
-		to="https://dmi4pvc5gbhhd.cloudfront.net/" />
-
-	<rule from="^http://store\.happyherbivore\.com/themes/"
-		to="https://www.storenvy.com/themes/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Happyassassin.net.xml b/src/chrome/content/rules/Happyassassin.net.xml
index 7d1f9f92bf48..af4be16b898f 100644
--- a/src/chrome/content/rules/Happyassassin.net.xml
+++ b/src/chrome/content/rules/Happyassassin.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://happyassassin.net/ => https://happyassassin.net/: (51, "SSL:
 Fetch error: http://mail.happyassassin.net/ => https://mail.happyassassin.net/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.happyassassin.net'")
 
 -->
-<ruleset name="happyassassin.net" default_off='failed ruleset test'>
+<ruleset name="happyassassin.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Harakahdaily.xml b/src/chrome/content/rules/Harakahdaily.xml
index 3ce88f0327a3..59bc24549ccb 100644
--- a/src/chrome/content/rules/Harakahdaily.xml
+++ b/src/chrome/content/rules/Harakahdaily.xml
@@ -14,21 +14,13 @@ Non-2xx HTTP code: http://harakah.net.my/ (200) => https://harakah.net.my/ (521)
 -->
 <ruleset name="Harakahdaily (partial)">
 
-	<target host="harakahdaily.net" />
-	<target host="*.harakahdaily.net" />
-		<exclusion pattern="^http://arkib\.harakahdaily\.net/(?!resource/)" />
 	<target host="harakah.net.my" />
-	<target host="*.harakah.net.my" />
-
+	<target host="cdn.harakah.net.my" />
+	<target host="www.harakah.net.my" />
 
 	<securecookie host="^(?:en|m)\.harakahdaily\.net$" name=".+" />
 	<securecookie host="^\.harakah\.net\.my$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://((?:arkib|bm|cdn-ads|en|m|www)\.)?harakahdaily\.net/"
-		to="https://$1harakahdaily.net/" />
-
-	<rule from="^http://(cdn\.|www\.)?harakah\.net\.my/"
-		to="https://$1harakah.net.my/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HardenedBSD.org.xml b/src/chrome/content/rules/HardenedBSD.org.xml
index d0aba8b1eca3..805ccf40efaa 100644
--- a/src/chrome/content/rules/HardenedBSD.org.xml
+++ b/src/chrome/content/rules/HardenedBSD.org.xml
@@ -19,7 +19,7 @@ Fetch error: http://pkg.hardenedbsd.org/ => https://pkg.hardenedbsd.org/: (60, '
 		- .hardenedbsd.org
 
 -->
-<ruleset name="HardenedBSD.org (partial)" default_off='failed ruleset test'>
+<ruleset name="HardenedBSD.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hark.xml b/src/chrome/content/rules/Hark.xml
index 900171c6e522..2c233d4c8dde 100644
--- a/src/chrome/content/rules/Hark.xml
+++ b/src/chrome/content/rules/Hark.xml
@@ -6,7 +6,7 @@ Fetch error: http://hark.com/ => https://hark.com/: (7, 'Failed to connect to ha
 Disabled by https-everywhere-checker because:
 Fetch error: http://hark.com/ => https://hark.com/: (7, 'Failed to connect to hark.com port 443: Connection refused')
 -->
-<ruleset name="Hark" default_off='failed ruleset test'>
+<ruleset name="Hark" default_off="failed ruleset test">
 
 	<target host="hark.com" />
 	<target host="*.hark.com" />
diff --git a/src/chrome/content/rules/Harland-Clarke.xml b/src/chrome/content/rules/Harland-Clarke.xml
index b1d38629ad77..7c4eb8ad0bd8 100644
--- a/src/chrome/content/rules/Harland-Clarke.xml
+++ b/src/chrome/content/rules/Harland-Clarke.xml
@@ -18,7 +18,7 @@ Fetch error: http://harlandclarkegiftcard.com/ => https://www.harlandclarkegiftc
 Fetch error: http://harlandclarkewebsmart.com/ => https://www.harlandclarkewebsmart.com/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://www.harlandclarkewebsmart.com/ => https://www.harlandclarkewebsmart.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Harland Clarke" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Harland Clarke" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="checksconnect.com" />
 	<target host="app3.checksconnect.com" />
 	<target host="www.checksconnect.com" />
diff --git a/src/chrome/content/rules/Harman-International-Industries.xml b/src/chrome/content/rules/Harman-International-Industries.xml
deleted file mode 100644
index 858b392b5123..000000000000
--- a/src/chrome/content/rules/Harman-International-Industries.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://karmankardon.nl/ => http://karmankardon.nl/: (6, 'Could not resolve host: karmankardon.nl')
-Fetch error: http://www.karmankardon.nl/ => http://www.karmankardon.nl/: (6, 'Could not resolve host: www.karmankardon.nl')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://karmankardon.nl/ => http://karmankardon.nl/: (6, 'Could not resolve host: karmankardon.nl')
-Fetch error: http://www.karmankardon.nl/ => http://www.karmankardon.nl/: (6, 'Could not resolve host: www.karmankardon.nl')
--->
-<ruleset name="Harman International Industries (partial)" default_off='failed ruleset test'>
-
-	<!--	cert: shop.harman.com	-->
-	<target host="*.akg.com"/>
-		<!--	"professional" section hosted elsewhere	-->
-		<exclusion pattern="http://www\.akg\."/>
-	<target host="shop.harman.com"/>
-	<target host="www.shop.harman.com"/>
-	<target host="karmankardon.nl"/>
-	<target host="www.karmankardon.nl"/>
-	<target host="*.infinitysystems.com"/>
-
-	<!--	Files are the same	-->
-	<rule from="^http://(?:\w+\.(?:akg|infinitysystems)\.com|(?:www\.)?shop\.harman\.com|(?:www\.)?harmankardon\.nl)/(plugins|system|tl_files)/"
-		to="https://shop.harman.com/$1/"/>
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Harrenmedianetwork.com.xml b/src/chrome/content/rules/Harrenmedianetwork.com.xml
deleted file mode 100644
index 7c30e3a0cbc2..000000000000
--- a/src/chrome/content/rules/Harrenmedianetwork.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ad	(mismatched, CN: ad.yieldmanager.com
-
--->
-<ruleset name="harrenmedianetwork.com">
-
-	<target host="ad.harrenmedianetwork.com" />
-
-
-	<rule from="^http://ad\.harrenmedianetwork\.com/"
-		to="https://ad.yieldmanager.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Harris-Interactive.xml b/src/chrome/content/rules/Harris-Interactive.xml
deleted file mode 100644
index b667e6ffc934..000000000000
--- a/src/chrome/content/rules/Harris-Interactive.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Harris Interactive (partial)">
-
-	<target host="www1.pollg.com"/>
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Harris_Computer.com.xml b/src/chrome/content/rules/Harris_Computer.com.xml
deleted file mode 100644
index b4a2695c56c5..000000000000
--- a/src/chrome/content/rules/Harris_Computer.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Other Harris Computer rulesets:
-
-		- Copernic.com.xml
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(reset)
-		- www1		(dropped)
-
--->
-<ruleset name="Harris Computer.com (partial)">
-
-	<target host="*.harriscomputer.com" />
-
-
-	<securecookie host="^webmail\.harriscomputer\.com$" name=".+" />
-
-
-	<rule from="^http://(bonaventure|mail|webmail)\.harriscomputer\.com/"
-		to="https://$1.harriscomputer.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Harrow.io.xml b/src/chrome/content/rules/Harrow.io.xml
deleted file mode 100644
index c4761b600be7..000000000000
--- a/src/chrome/content/rules/Harrow.io.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Harrow.io">
-
-	<target host="harrow.io" />
-	<target host="www.harrow.io" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hashbang.ca.xml b/src/chrome/content/rules/Hashbang.ca.xml
index 47f61f17c2c7..816a85d4835f 100644
--- a/src/chrome/content/rules/Hashbang.ca.xml
+++ b/src/chrome/content/rules/Hashbang.ca.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hashbang.ca/ => https://www.hashbang.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hashbang.ca'")
 
 -->
-<ruleset name="Hashbang.ca" default_off='failed ruleset test'>
+<ruleset name="Hashbang.ca" default_off="failed ruleset test">
 
 	<target host="hashbang.ca" />
 	<target host="www.hashbang.ca" />
diff --git a/src/chrome/content/rules/Haskell_on_Heroku.com.xml b/src/chrome/content/rules/Haskell_on_Heroku.com.xml
deleted file mode 100644
index c6ed6049a7f4..000000000000
--- a/src/chrome/content/rules/Haskell_on_Heroku.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: refused
-
--->
-<ruleset name="Haskell on Heroku.com">
-
-	<target host="haskellonheroku.com" />
-	<target host="www.haskellonheroku.com" />
-
-
-	<rule from="^http://(?:www\.)?haskellonheroku\.com/"
-		to="https://haskellonheroku.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hatatorium.xml b/src/chrome/content/rules/Hatatorium.xml
index 2315c5be5160..e8ef3d4f5270 100644
--- a/src/chrome/content/rules/Hatatorium.xml
+++ b/src/chrome/content/rules/Hatatorium.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hatatorium.com/ => https://hatatorium.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 Fetch error: http://www.hatatorium.com/ => https://www.hatatorium.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="Hatatorium" default_off='failed ruleset test'>
+<ruleset name="Hatatorium" default_off="failed ruleset test">
 
 	<target host="hatatorium.com" />
 	<target host="www.hatatorium.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.hatatorium.com/ => https://www.hatatorium.com/: (35, 'er
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hatena.xml b/src/chrome/content/rules/Hatena.xml
index 681048e97ec6..51f6696cc7c3 100644
--- a/src/chrome/content/rules/Hatena.xml
+++ b/src/chrome/content/rules/Hatena.xml
@@ -53,8 +53,12 @@
 -->
 <ruleset name="Hatena (partial)">
 
-	<target host="*.hatena.ne.jp" />
-	<target host="*.st-hatena.com" />
+	<target host="www.hatena.ne.jp" />
+	<target host="cdn.api.b.hatena.ne.jp" />
+	<target host="b.st-hatena.com" />
+	<target host="d.st-hatena.com" />
+	<target host="www.st-hatena.com" />
+	<target host="cdn.www.st-hatena.com" />
 
 	<!--	Not secured by server:			-->
 	<!--securecookie host="^\.hatena\.ne\.jp$" name="^b$" /-->
@@ -62,7 +66,7 @@
 
 
 	<rule from="^http://www\.hatena\.ne\.jp/(css/|images/|login($|\?|/)|statics/)"
-		to="https://www.hatena.ne.jp/$2" />
+		to="https://www.hatena.ne.jp/$1" />
 
 		<test url="http://www.hatena.ne.jp/css/" />
 		<test url="http://www.hatena.ne.jp/images/" />
@@ -80,12 +84,8 @@
 	<rule from="^http://(cdn\.)?www\.st-hatena\.com/"
 		to="https://www.hatena.ne.jp/" />
 
-		<test url="http://cdn.www.st-hatena.com/" />
-		<test url="http://www.st-hatena.com/" />
-
 	<rule from="^http://cdn\.api\.b\.hatena\.ne\.jp/"
 		to="https://cdn.api.b.hatena.ne.jp/" />
 
-		<test url="http://cdn.api.b.hatena.ne.jp/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HathiTrust-Digital-Library.xml b/src/chrome/content/rules/HathiTrust-Digital-Library.xml
index 61bf176b519b..580ce3b15e17 100644
--- a/src/chrome/content/rules/HathiTrust-Digital-Library.xml
+++ b/src/chrome/content/rules/HathiTrust-Digital-Library.xml
@@ -22,4 +22,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HaveProof.com.xml b/src/chrome/content/rules/HaveProof.com.xml
index 9fe21bb8b337..7c6315599648 100644
--- a/src/chrome/content/rules/HaveProof.com.xml
+++ b/src/chrome/content/rules/HaveProof.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.haveproof.com/ => https://haveproof.com/: (51, "SSL: no
 	www: cert only maches ^haveproof.com
 
 -->
-<ruleset name="HaveProof.com" default_off='failed ruleset test'>
+<ruleset name="HaveProof.com" default_off="failed ruleset test">
 
 	<target host="haveproof.com" />
 	<target host="www.haveproof.com" />
diff --git a/src/chrome/content/rules/Havelock_Investments.com.xml b/src/chrome/content/rules/Havelock_Investments.com.xml
deleted file mode 100644
index 84c4a68581ed..000000000000
--- a/src/chrome/content/rules/Havelock_Investments.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- havelockinvestments.com
-		- .havelockinvestments.com
-		- www.havelockinvestments.com
-
--->
-<ruleset name="Havelock Investments.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="havelockinvestments.com" />
-	<target host="support.havelockinvestments.com" />
-	<target host="www.havelockinvestments.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?havelockinvestments\.com$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^\.havelockinvestments\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?havelockinvestments\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Havering.gov.uk.xml b/src/chrome/content/rules/Havering.gov.uk.xml
index 09f088efe405..db03e4c7198a 100644
--- a/src/chrome/content/rules/Havering.gov.uk.xml
+++ b/src/chrome/content/rules/Havering.gov.uk.xml
@@ -19,6 +19,6 @@
 	<target host="www.havering.gov.uk" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hawaii.gov.xml b/src/chrome/content/rules/Hawaii.gov.xml
index 4eb9f6eaeadb..fa4b1e71dea1 100644
--- a/src/chrome/content/rules/Hawaii.gov.xml
+++ b/src/chrome/content/rules/Hawaii.gov.xml
@@ -17,20 +17,20 @@ Fetch error: http://ehawaii.gov/ => https://ehawaii.gov/: (6, 'Could not resolve
 -->
 <ruleset name="Hawaii.gov (partial)">
 
+	<target host="dlnr.hawaii.gov" />
+	<target host="hidot.hawaii.gov" />
+	<target host="stayconnected.hawaii.gov" />
 	<target host="ehawaii.gov" />
-	<target host="*.ehawaii.gov" />
+	<target host="portal.ehawaii.gov" />
+	<target host="www.ehawaii.gov" />
 		<exclusion pattern="^http://portal\.ehawaii\.gov/landing/(?:\?.*)?$" />
-	<target host="*.hawaii.gov" />
+
 
 
 	<securecookie host="^www\.ehawaii\.gov$" name=".+" />
 	<securecookie host="^stayconnected\.hawaii\.gov$" name=".+" />
 
 
-	<rule from="^http://(dlnr|hic|hidot|stayconnected)\.hawaii\.gov/"
-		to="https://$1.hawaii.gov/" />
-
-	<rule from="^http://(portal\.|www\.)?ehawaii\.gov/"
-		to="https://$1ehawaii.gov/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HawaiianAirlines.xml b/src/chrome/content/rules/HawaiianAirlines.xml
index 77078bf4e23c..60004ff503ae 100644
--- a/src/chrome/content/rules/HawaiianAirlines.xml
+++ b/src/chrome/content/rules/HawaiianAirlines.xml
@@ -1,9 +1,10 @@
 <ruleset name="Hawaiian Airlines" platform="mixedcontent">
   <target host="hawaiianair.com" />
-  <target host="*.hawaiianair.com" />
+  <target host="emarket.hawaiianair.com" />
+  <target host="ifs.hawaiianair.com" />
+  <target host="www.hawaiianair.com" />
 
   <rule from="^http://hawaiianair\.com/"
           to="https://www.hawaiianair.com/" />
-  <rule from="^http://(emarket|ifs|www)\.hawaiianair\.com/"
-          to="https://$1.hawaiianair.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hawk_Host.com.xml b/src/chrome/content/rules/Hawk_Host.com.xml
index 0e4e19f8fc01..42124dae781f 100644
--- a/src/chrome/content/rules/Hawk_Host.com.xml
+++ b/src/chrome/content/rules/Hawk_Host.com.xml
@@ -23,7 +23,10 @@
 <ruleset name="Hawk Host.com (partial)">
 
 	<target host="hawkhost.com" />
-	<target host="*.hawkhost.com" />
+	<target host="my.hawkhost.com" />
+	<target host="support.hawkhost.com" />
+	<target host="vps.hawkhost.com" />
+	<target host="www.hawkhost.com" />
 		<!--exclusion pattern="^http://(blog|forums)\.hawkhost\.com/" /-->
 
 
@@ -36,7 +39,6 @@
 	<securecookie host="^(?:my|support|vps)?\.hawkhost\.com$" name=".+" />
 
 
-	<rule from="^http://((?:my|support|vps|www)\.)?hawkhost\.com/"
-		to="https://$1hawkhost.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Haymarket-problematic.xml b/src/chrome/content/rules/Haymarket-problematic.xml
index c744e64687f2..89578ad4040a 100644
--- a/src/chrome/content/rules/Haymarket-problematic.xml
+++ b/src/chrome/content/rules/Haymarket-problematic.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="Haymarket (problematic)" default_off="mismatched">
 
-	<target host="*.haymarket.com" />
+	<target host="careers.haymarket.com" />
 
 
 	<securecookie host="^\.careers\.haymarket\.com$" name=".+" />
 
 
-	<rule from="^http://careers\.haymarket\.com/"
-		to="https://careers.haymarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Haymarket.xml b/src/chrome/content/rules/Haymarket.xml
index bdd8d6e70cb3..3bb7b3b98c88 100644
--- a/src/chrome/content/rules/Haymarket.xml
+++ b/src/chrome/content/rules/Haymarket.xml
@@ -48,21 +48,14 @@
 
 	<target host="apac.haymarket.com" />
 	<target host="shop.haymarket.com" />
-	<target host="*.shop.haymarket.com" />
-	<target host="*.haymarketmedia.com" />
+	<target host="subscribe.haymarketmedia.com" />
 
 
 	<!--	Tracking cookie:
-					-->
-	<securecookie host="^\.haymarket\.com$" name="^utag_main$" />
-	<securecookie host="^(?:apac|\.?shop)\.haymarket\.com$" name=".+" />
+					-->	<securecookie host="^(?:apac|\.?shop)\.haymarket\.com$" name=".+" />
 	<securecookie host="^\.?subscribe\.haymarketmedia\.com$" name=".+" />
 
 
-	<rule from="^http://(apac|shop)\.haymarket\.com/"
-		to="https://$1.haymarket.com/" />
-
-	<rule from="^http://subscribe\.haymarketmedia\.com/"
-		to="https://subscribe.haymarketmedia.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HaystackSoftware.xml b/src/chrome/content/rules/HaystackSoftware.xml
index e1ded791387e..97e31c2e633c 100644
--- a/src/chrome/content/rules/HaystackSoftware.xml
+++ b/src/chrome/content/rules/HaystackSoftware.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HbbTV.xml b/src/chrome/content/rules/HbbTV.xml
index dbf56a4da66c..3e1651db0df7 100644
--- a/src/chrome/content/rules/HbbTV.xml
+++ b/src/chrome/content/rules/HbbTV.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hbz.xml b/src/chrome/content/rules/Hbz.xml
index 5f659712c20b..e6cee0929cd3 100644
--- a/src/chrome/content/rules/Hbz.xml
+++ b/src/chrome/content/rules/Hbz.xml
@@ -10,7 +10,7 @@ Fetch error: http://dbspixel.hbz-nrw.de/ => https://dbspixel.hbz-nrw.de/: (28, '
 	dbspixel: Tracking
 
 -->
-<ruleset name="hbz-nrw.de (partial)" default_off='failed ruleset test'>
+<ruleset name="hbz-nrw.de (partial)" default_off="failed ruleset test">
 
 	<target host="dbspixel.hbz-nrw.de" />
 
diff --git a/src/chrome/content/rules/Hdbits.org.xml b/src/chrome/content/rules/Hdbits.org.xml
deleted file mode 100644
index ff948ef37826..000000000000
--- a/src/chrome/content/rules/Hdbits.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Hdbits.org">
-	<target host="hdbits.org" />
-	<target host="www.hdbits.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hdfcbank.com.xml b/src/chrome/content/rules/Hdfcbank.com.xml
index 2cbd10e2cedd..181e6fdbc15d 100644
--- a/src/chrome/content/rules/Hdfcbank.com.xml
+++ b/src/chrome/content/rules/Hdfcbank.com.xml
@@ -1,17 +1,17 @@
-<!-- 
+<!--
 	Problematic subdomains:
-		
+
 		- ideabank.hdfcbank.com (No valid https page)
+		- imaging.hdfcbank.com (Incomplete certificate chain)
 		- mailer.hdfcbank.com (https version redirects to http://www.hdfcbank.com. Not adding rule as it would render this subdomain unuseable)
-		- testmailer.hdfcbank.com (https version redirects to http://www.hdfcbank.com)	
-		- https://mobilityrpmcc.hdfcbank.com/ (Incomplete certificate chain)
+		- punjabadds.hdfcbank.com (Incomplete certificate chain)
+		- testmailer.hdfcbank.com (https version redirects to http://www.hdfcbank.com)
 
 	HTTPS Only domains:
 		- https://getprepaidcard.hdfcbank.com/
 		- https://netsafe.hdfcbank.com/
 		- https://nriapply.hdfcbank.com/
 		- https://netbanking.hdfcbank.com/
-		- https://imaging.hdfcbank.com/
 		- https://ifms.hdfcbank.com/
 		- https://corporate.hdfcbank.com/
 		- https://cms.hdfcbank.com/
@@ -39,14 +39,13 @@
 	<target host="nriapply.hdfcbank.com" />
 	<target host="netbanking.hdfcbank.com" />
 	<target host="m.netbanking.hdfcbank.com" />
-	<target host="imaging.hdfcbank.com" />
 	<target host="ifms.hdfcbank.com" />
 	<target host="corporate.hdfcbank.com" />
 	<target host="cms.hdfcbank.com" />
 	<target host="leads.hdfcbank.com" />
 	<target host="apply.hdfcbank.com" />
 	<target host="enetbanking.hdfcbank.com" />
-	<target host="punjabadds.hdfcbank.com" />
+	<target host="mobilityrpmcc.hdfcbank.com" />
 	<target host="mofpi.hdfcbank.com" />
 	<target host="los.hdfcbank.com" />
 	<target host="dncdedupe.hdfcbank.com" />
@@ -60,25 +59,13 @@
 	<target host="usedcar.hdfcbank.com" />
 	<target host="payzapp.biz.hdfcbank.com" />
 
-	<test url="http://www.hdfcbank.com/" />
 	<test url="http://offers.smartbuy.hdfcbank.com/" />
 	<test url="http://mobileoffers.smartbuy.hdfcbank.com/" />
 	<test url="http://mobileoffers.smartbuy.hdfcbank.com/recharge" />
 	<test url="http://www.hdfcbank.com/smartemi" />
-	<test url="http://getprepaidcard.hdfcbank.com/" />
-	<test url="http://netsafe.hdfcbank.com/" />
-	<test url="http://nriapply.hdfcbank.com/" />
-	<test url="http://netbanking.hdfcbank.com/" />
-	<test url="http://m.netbanking.hdfcbank.com/" />
-	<test url="http://imaging.hdfcbank.com/" />
 	<test url="http://ifms.hdfcbank.com/delfin" />
-	<test url="http://corporate.hdfcbank.com/" />
-	<test url="http://cms.hdfcbank.com/" />
-	<test url="http://leads.hdfcbank.com/" />
-	<test url="http://apply.hdfcbank.com/" />
 	<test url="http://apply.hdfcbank.com/BranchAuto/NewToBank" />
 	<test url="http://enetbanking.hdfcbank.com/corporate/CorporateLogin.html" />
-	<test url="http://punjabadds.hdfcbank.com/punjabprocess/login.aspx" />
 	<test url="http://mofpi.hdfcbank.com/EnetMVC/" />
 	<test url="http://los.hdfcbank.com/LOSHDFC/CheckLogin.los" />
 	<test url="http://dncdedupe.hdfcbank.com/dnc/login.htm" />
@@ -90,7 +77,6 @@
 	<test url="http://remit.hdfcbank.com/htdocs/common/pdf/ECSS_ApplicationForm.pdf" />
 	<test url="http://sme.hdfcbank.com/LoanFloWeb/Index.jsp" />
 	<test url="http://usedcar.hdfcbank.com/htdocs/aboutus/awards/bt_awards.htm" />
-	<test url="http://payzapp.biz.hdfcbank.com/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HeaDuck.com.xml b/src/chrome/content/rules/HeaDuck.com.xml
new file mode 100644
index 000000000000..60721353b7a4
--- /dev/null
+++ b/src/chrome/content/rules/HeaDuck.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="HeaDuck.com">
+	<target host="blog.headuck.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HealthCare.gov.xml b/src/chrome/content/rules/HealthCare.gov.xml
new file mode 100644
index 000000000000..11f55597dbfe
--- /dev/null
+++ b/src/chrome/content/rules/HealthCare.gov.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		HSTS preloaded:
+		- healthcare.gov
+		- www.healthcare.gov
+-->
+<ruleset name="HealthCare.gov">
+	<target host="assets.healthcare.gov" />
+	<target host="companyprofiles.healthcare.gov" />
+	<target host="data.healthcare.gov" />
+	<target host="finder.healthcare.gov" />
+	<target host="localhelp.healthcare.gov" />
+	<target host="ratereview.healthcare.gov" />
+	<target host="styleguide.healthcare.gov" />
+	<target host="data.test.healthcare.gov" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HealthDesigns.xml b/src/chrome/content/rules/HealthDesigns.xml
index 99ea06455ab8..ce9e1efe3c24 100644
--- a/src/chrome/content/rules/HealthDesigns.xml
+++ b/src/chrome/content/rules/HealthDesigns.xml
@@ -3,17 +3,17 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://healthdesigns.com/ => https://healthdesigns.com/: (7, 'Failed to connect to healthdesigns.com port 443: No route to host')
 Fetch error: http://www.healthdesigns.com/ => https://www.healthdesigns.com/: (7, 'Failed to connect to www.healthdesigns.com port 443: No route to host')
- 
-		
+
+
 		Refused:
 		- rewards.
-		
+
 		Expired:
 		- br.
-		
+
 -->
 
-<ruleset name="HealthDesigns" default_off='failed ruleset test'>
+<ruleset name="HealthDesigns" default_off="failed ruleset test">
         <target host="healthdesigns.com" />
         <target host="www.healthdesigns.com" />
 
diff --git a/src/chrome/content/rules/Healthcare.gov.xml b/src/chrome/content/rules/Healthcare.gov.xml
deleted file mode 100644
index 140e69a9cfff..000000000000
--- a/src/chrome/content/rules/Healthcare.gov.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://billing.healthcare.gov/ (200) => https://billing.healthcare.gov/ (403)
-Non-2xx HTTP code: http://localhelp.healthcare.gov/ (200) => https://localhelp.healthcare.gov/ (403)
-
-
-
-	Insecure cookies are set for these hosts:
-
-		- billing.healthcare.gov
-		- localhelp.healthcare.gov
-		- www.healthcare.gov
-
-
-	Mixed content:
-
-		- css on billing from fonts.googleapis.com ˢ
-
-	ˢ Secured by us
-
--->
-<ruleset name="Healthcare.gov" default_off='failed ruleset test'>
-    <target host="healthcare.gov" />
-    <target host="*.healthcare.gov" />
-
-		<test url="http://billing.healthcare.gov/" />
-		<test url="http://localhelp.healthcare.gov/" />
-		<test url="http://www.healthcare.gov/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:billing\.|www\.)?healthcare\.gov$" name="^akavpau_vp1$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Healthcare_Staff_Benefits.xml b/src/chrome/content/rules/Healthcare_Staff_Benefits.xml
index 81b06b32022d..3e58dd8fcc0a 100644
--- a/src/chrome/content/rules/Healthcare_Staff_Benefits.xml
+++ b/src/chrome/content/rules/Healthcare_Staff_Benefits.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HealthdirectAustralia.xml b/src/chrome/content/rules/HealthdirectAustralia.xml
index 3cebf1ae561f..c2a1f8681fb0 100644
--- a/src/chrome/content/rules/HealthdirectAustralia.xml
+++ b/src/chrome/content/rules/HealthdirectAustralia.xml
@@ -1,7 +1,7 @@
 <ruleset name="Healthdirect Australia">
 	<target host="healthdirect.gov.au" />
-	<target host="*.healthdirect.gov.au" />
+	<target host="www.healthdirect.gov.au" />
 
 	<rule from="^http://(?:www\.)?healthdirect\.gov\.au/"
 		to="https://www.healthdirect.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HealthyEating.science.xml b/src/chrome/content/rules/HealthyEating.science.xml
deleted file mode 100644
index a2822023259b..000000000000
--- a/src/chrome/content/rules/HealthyEating.science.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="HealthyEating.science">
-	<target host="healthyeating.science" />
-	<target host="www.healthyeating.science" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/HealthyGeorge.com.xml b/src/chrome/content/rules/HealthyGeorge.com.xml
new file mode 100644
index 000000000000..917736f27865
--- /dev/null
+++ b/src/chrome/content/rules/HealthyGeorge.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- healthygeorge.com
+		- www.healthygeorge.com
+-->
+
+<ruleset name="HealthyGeorge.com" platform="mixedcontent">
+	<target host="healthygeorge.com" />
+	<target host="www.healthygeorge.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Healthy_for_Kids.xml b/src/chrome/content/rules/Healthy_for_Kids.xml
index 34805a758486..96367b4ca711 100644
--- a/src/chrome/content/rules/Healthy_for_Kids.xml
+++ b/src/chrome/content/rules/Healthy_for_Kids.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://healthyforkids\.wpengine\.netdna-cdn\.com/"
 		to="https://healthyforkids.wpengine.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hearst-Corporation.xml b/src/chrome/content/rules/Hearst-Corporation.xml
deleted file mode 100644
index 97d032445f46..000000000000
--- a/src/chrome/content/rules/Hearst-Corporation.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-	Other Hearst Corporation rulesets:
-
-		- Delish.xml
-		- Elle.com.xml
-		- H-CDN.co.xml
-		- Hearst-Corporation-self-signed.xml
-		- Hearst_Magazines.xml
-		- Houston_Chronicle.xml
-		- LocalEdge.xml
-
-
-	Nonfunctional domains:
-
-		- chron.com				(cert: 236134-pweb1.hearst.com, expired, self-signed;
-							shows RHEL Apache test page, redirects to www over http)
-		- apps.chron.com
-		- extras.chron.com			(reset)
-		- images.chron.com			(reset)
-		- www.chron.com				(reset)
-		- ctpost.com				(cert: 236135-pweb2.hearstnp.com, expired, self-signed;
-							shows RHEL Apache test page, redirects to www over http)
-		- contribute.ctpost.com
-		- www.ctpost.com			(reset)
-		- ww[1-4].hdnux.com			(shows RHEL test page, akamai)
-		- ctextras.hearstdigitalnews.com	(cert: docuwiki.heartdigitalnews.com; shows that domain's data)
-		- ux.hearstdigitalnews.com		(cert: 273251-sdev1.hearstnp.com, expired,
-							self-signed; shows RHEL Apache test page)
-		- chron.ux.hearstdigitalnews.com	(ditto)
-		- ctpost.ux.hearstdigitalnews.com	(ditto)
-		- newstimes.ux.hearstdigitalnews.com	(ditto)
-		- newstimes.com				(cert: 236135-pweb2.hearstnp.com, expired,
-							self-signed; shows RHEL Apache test page)
-		- www.newstimes.com			(reset)
-		- sfgate.com				(cert: 236135-pweb2.hearstnp.com, expired,
-							self-signed; shows RHEL test page)
-		- extras.sfgate.com			(shows docuwiki, akamai)
-		- www.sfgate.com			(ditto)
-		- web.timesunion.com			(504, akamai)
-		- wcvb.com				(times out)d
-		- www.wcvb.com				(akamai, 503)
-
--->
-<ruleset name="Hearst Corporation (partial)" platform="mixedcontent">
-
-	<target host="myhearstnewspaper.com"/>
-	<target host="www.myhearstnewspaper.com"/>
-
-
-	<securecookie host="^(?:.*\.)?myhearstnewspaper\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Heart.org.xml b/src/chrome/content/rules/Heart.org.xml
index 70f4dfbeccb5..355380510e2d 100644
--- a/src/chrome/content/rules/Heart.org.xml
+++ b/src/chrome/content/rules/Heart.org.xml
@@ -20,7 +20,7 @@ Fetch error: http://heart.org/ => https://www.heart.org/: (60, 'SSL certificate
 		- newsroom ³
 
 	¹ Cert only matches www
-	² Mismatched, CN: 
+	² Mismatched, CN:
 	³ Works; mismatched, CN: cms.iprsoftware.com
 
 
@@ -47,7 +47,12 @@ Fetch error: http://heart.org/ => https://www.heart.org/: (60, 'SSL certificate
 <ruleset name="Heart.org (partial)">
 
 	<target host="heart.org" />
-	<target host="*.heart.org" />
+	<target host="www.heart.org" />
+	<target host="extranet.heart.org" />
+	<target host="donate.heart.org" />
+	<target host="static.heart.org" />
+	<target host="volunteer.heart.org" />
+	<target host="my.heart.org" />
 
 
 	<!--	Not secured by server:
@@ -62,10 +67,9 @@ Fetch error: http://heart.org/ => https://www.heart.org/: (60, 'SSL certificate
 	<rule from="^http://(?:www\.)?heart\.org/"
 		to="https://www.heart.org/" />
 
-	<rule from="^http://(extranet|donate|static|volunteer)\.heart\.org/"
-		to="https://$1.heart.org/" />
 
 	<rule from="^http://my\.heart\.org/"
 		to="https://my.americanheart.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HeatWare.com.xml b/src/chrome/content/rules/HeatWare.com.xml
new file mode 100644
index 000000000000..d5de4606427b
--- /dev/null
+++ b/src/chrome/content/rules/HeatWare.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- forum.heatware.com
+		- www.forum.heatware.com
+-->
+
+<ruleset name="HeatWare.com">
+	<target host="heatware.com" />
+	<target host="www.heatware.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Heatmap.xml b/src/chrome/content/rules/Heatmap.xml
index 803d29c403ff..4b91f46b2dff 100644
--- a/src/chrome/content/rules/Heatmap.xml
+++ b/src/chrome/content/rules/Heatmap.xml
@@ -1,27 +1,29 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://eu2.heatmap.it/ => https://eu2.heatmap.it/: (6, 'Could not resolve host: eu2.heatmap.it')
-Fetch error: http://eu3.heatmap.it/ => https://eu3.heatmap.it/: (6, 'Could not resolve host: eu3.heatmap.it')
+	Invalid certificate:
+		mailer.heatmap.me
+		shopify-app.heatmap.it
 
-	Non-functional subdomain:
-		- mailer.heatmap.me		(hostname mismatch, CN: *.mandrillapp.com, mandrillapp.com)
+	Refused:
+		eu7.heatmap.it
 -->
-<ruleset name="Heatmap" default_off='failed ruleset test'>
-	<target host=    "heatmap.me" />
+<ruleset name="Heatmap">
+
+	<target host="heatmap.me" />
 	<target host="www.heatmap.me" />
-	<target host=    "heatmap.it" />
-	<target host=  "*.heatmap.it" />
 
-		<test url="http://eu1.heatmap.it/" />
-		<test url="http://eu2.heatmap.it/" />
-		<test url="http://eu3.heatmap.it/" />
-		<test url="http://eu4.heatmap.it/" />
-		<test url="http://u.heatmap.it/" />
-		<test url="http://us2.heatmap.it/" />
+	<target host="heatmap.it" />
+	<target host="www.heatmap.it" />
+	<target host="eu1.heatmap.it" />
+	<target host="eu4.heatmap.it" />
+	<target host="eu5.heatmap.it" />
+	<target host="eu6.heatmap.it" />
+	<target host="eu8.heatmap.it" />
+	<target host="eu9.heatmap.it" />
+	<target host="us2.heatmap.it" />
+	<target host="us4.heatmap.it" />
+
+	<securecookie host=".+" name=".+" />
 
-  	<securecookie host="^heatmap\.(me|it)$" name=".+" />
+	<rule from="^http:"	to="https:" />
 
-	<rule from="^http:"
-		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Heckrath.net.xml b/src/chrome/content/rules/Heckrath.net.xml
deleted file mode 100644
index f02bb8d97742..000000000000
--- a/src/chrome/content/rules/Heckrath.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="heckrath.net">
-  <target host="heckrath.net" />
-  <target host="*.heckrath.net" />
-
-  <securecookie host="^www\.heckrath\.net$" name=".+" />
-
-  <rule from="^http://(?:www\.)?heckrath\.net/" to="https://www.heckrath.net/" />
-  <rule from="^http://login\.heckrath\.net/" to="https://www.heckrath.net/login/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hegerys.com.xml b/src/chrome/content/rules/Hegerys.com.xml
deleted file mode 100644
index 721fd65b3fab..000000000000
--- a/src/chrome/content/rules/Hegerys.com.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	For other Magic Online coverage, see Magic.fr.xml.
-
-
-	(www.): redirects to clients.sd-france.com; mismatched, CN: support.magic.fr
-
-
-	Fully covered subdomains:
-
-		- cp
-		- store
-
-
-	Mixed content:
-
-		- css on store from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Hegerys.com (partial)">
-
-	<target host="*.hegerys.com" />
-		<!--exclusion pattern="^http://www\.hegerys\.com/" /-->
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^store\.hegerys\.com$" name="^PHPSESSID$" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^cp\.hegerys\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^cp\.hegerys\.com$" name=".+" />
-
-
-	<rule from="^http://(cp|store)\.hegerys\.com/"
-		to="https://$1.hegerys.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Heidelberg.de.xml b/src/chrome/content/rules/Heidelberg.de.xml
index be1c6e2ade11..f2f4f8370e86 100644
--- a/src/chrome/content/rules/Heidelberg.de.xml
+++ b/src/chrome/content/rules/Heidelberg.de.xml
@@ -5,7 +5,7 @@ Fetch error: http://heidelberg.de/ => https://www.heidelberg.de/: (60, 'SSL cert
 Fetch error: http://www.heidelberg.de/ => https://www.heidelberg.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Heidelberg.de" default_off='failed ruleset test'>
+<ruleset name="Heidelberg.de" default_off="failed ruleset test">
   <target host=    "heidelberg.de"/>
   <target host="www.heidelberg.de"/>
 
diff --git a/src/chrome/content/rules/Heifer.org.xml b/src/chrome/content/rules/Heifer.org.xml
index abc72ff297d8..eb3cac880eb4 100644
--- a/src/chrome/content/rules/Heifer.org.xml
+++ b/src/chrome/content/rules/Heifer.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://secure1.heifer.org/ => https://secure1.heifer.org/: (7, 'Fai
 		- 9dc3f407a257cfd3f7ea-d14ef12e680aa00597bdffb57368cf92.r6.cf2.rackcdn.com
 
 -->
-<ruleset name="Heifer.org" default_off='failed ruleset test'>
+<ruleset name="Heifer.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Heise.de.xml b/src/chrome/content/rules/Heise.de.xml
index c7d8f67f3ed5..b0a4bfaf90b9 100644
--- a/src/chrome/content/rules/Heise.de.xml
+++ b/src/chrome/content/rules/Heise.de.xml
@@ -42,7 +42,7 @@
 	<target host="www.shop.heise.de" />
 	<target host="www.heise.de" />
 
-	
+
 			<test url="http://m.heise.de/avw-bin/ivw/CP/export-api/" />
 			<test url="http://m.heise.de/fonts/open-sans/OpenSans-CondBold-webfont.woff" />
 			<test url="http://m.heise.de/icons/mobi/favicon.ico" />
@@ -80,7 +80,7 @@
 
 	<rule from="^http://(www\.)?heiseshop\.de/"
 		to="https://shop.heise.de/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml b/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml
index 35a657c00bd5..c035e52c748b 100644
--- a/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml
+++ b/src/chrome/content/rules/Hell_Hole_Cheese_Factory.org.xml
@@ -8,7 +8,7 @@ Automatically by https-everywhere-checker because:
 Fetch error: http://hellholecheesefactory.org/ => https://hellholecheesefactory.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hellholecheesefactory.org'")
 Fetch error: http://www.hellholecheesefactory.org/ => https://www.hellholecheesefactory.org/: (51, "SSL: no alternative certificate subject name matches target host name 'hellholecheesefactory.org'")
 -->
-<ruleset name="Hell Hole Cheese Factory.org" default_off='failed ruleset test'>
+<ruleset name="Hell Hole Cheese Factory.org" default_off="failed ruleset test">
 
 	<target host="hellholecheesefactory.org" />
 	<target host="www.hellholecheesefactory.org" />
diff --git a/src/chrome/content/rules/Heller-Information-Services.xml b/src/chrome/content/rules/Heller-Information-Services.xml
index 5caeaeb83514..3ddb4ee55731 100644
--- a/src/chrome/content/rules/Heller-Information-Services.xml
+++ b/src/chrome/content/rules/Heller-Information-Services.xml
@@ -12,7 +12,7 @@
 	<target host="webmail.his.com" />
 
 
-	<securecookie host="^(?:.*\.)?his\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Over http, www redirects to info,
diff --git a/src/chrome/content/rules/Hello-Bar.xml b/src/chrome/content/rules/Hello-Bar.xml
index 41198e1ee254..c300eebb971b 100644
--- a/src/chrome/content/rules/Hello-Bar.xml
+++ b/src/chrome/content/rules/Hello-Bar.xml
@@ -27,7 +27,7 @@ Fetch error: http://hellobar.com/ => https://hellobar.com/: (60, 'SSL certificat
 		- www.hellobar.com
 
 -->
-<ruleset name="Hello Bar.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Hello Bar.com (partial)" default_off="failed ruleset test">
 
 	<target host="hellobar.com" />
 	<!--target host="ping.hellobar.com" /-->
@@ -38,7 +38,7 @@ Fetch error: http://hellobar.com/ => https://hellobar.com/: (60, 'SSL certificat
 					-->
 	<!--securecookie host="^www\.hellobar\.com$" name="^(?:_hellobar_session|adxs|vid)$" /-->
 
-	<securecookie host="^www\.hellobar\.com$" name="" />
+	<securecookie host="^www\.hellobar\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hello-Neighbour.xml b/src/chrome/content/rules/Hello-Neighbour.xml
index adb9fd7907ef..88d9780b467e 100644
--- a/src/chrome/content/rules/Hello-Neighbour.xml
+++ b/src/chrome/content/rules/Hello-Neighbour.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.helloneighbour.com/ => https://www.helloneighbour.com/:
 		- (www.)askyourneighbour.ca	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Hello Neighbour" default_off='failed ruleset test'>
+<ruleset name="Hello Neighbour" default_off="failed ruleset test">
 
 	<target host="helloneighbour.com" />
 	<target host="www.helloneighbour.com" />
diff --git a/src/chrome/content/rules/Hello_Bond.com.xml b/src/chrome/content/rules/Hello_Bond.com.xml
index 8c8d353903e4..d974bddf17dd 100644
--- a/src/chrome/content/rules/Hello_Bond.com.xml
+++ b/src/chrome/content/rules/Hello_Bond.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.hellobond.com/ => https://www.hellobond.com/: (60, 'SSL
 		- staging.hellobond.com
 
 -->
-<ruleset name="Hello Bond.com" default_off='failed ruleset test'>
+<ruleset name="Hello Bond.com" default_off="failed ruleset test">
 
 	<target host="hellobond.com" />
 	<target host="dev.hellobond.com" />
diff --git a/src/chrome/content/rules/Helmich_IT-Security.xml b/src/chrome/content/rules/Helmich_IT-Security.xml
index 4f808badf45c..136853927587 100644
--- a/src/chrome/content/rules/Helmich_IT-Security.xml
+++ b/src/chrome/content/rules/Helmich_IT-Security.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HelpOcean.xml b/src/chrome/content/rules/HelpOcean.xml
index 2c5fdfad56b6..2ae53ed3a547 100644
--- a/src/chrome/content/rules/HelpOcean.xml
+++ b/src/chrome/content/rules/HelpOcean.xml
@@ -8,7 +8,7 @@ Fetch error: http://helpocean.com/ => https://helpocean.com/: (51, "SSL: no alte
 	Many in *.helpocean.com: clients
 
 -->
-<ruleset name="helpOcean" default_off='failed ruleset test'>
+<ruleset name="helpOcean" default_off="failed ruleset test">
 
 	<target host="helpocean.com" />
 	<target host="*.helpocean.com" />
@@ -20,4 +20,4 @@ Fetch error: http://helpocean.com/ => https://helpocean.com/: (51, "SSL: no alte
 	<rule from="^http://([\w\-]+\.)?helpocean\.com/"
 		to="https://$1helpocean.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HelpOnClick.xml b/src/chrome/content/rules/HelpOnClick.xml
index c8260bcd12bf..ecf90da4da2f 100644
--- a/src/chrome/content/rules/HelpOnClick.xml
+++ b/src/chrome/content/rules/HelpOnClick.xml
@@ -4,9 +4,9 @@
 	<target host="www.helponclick.com" />
 
 
-	<securecookie host="^(?:.*\.)?helponclick\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HelpSpot.xml b/src/chrome/content/rules/HelpSpot.xml
index c1bb7977ac5d..7f66292e0f39 100644
--- a/src/chrome/content/rules/HelpSpot.xml
+++ b/src/chrome/content/rules/HelpSpot.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Helsingor.dk.xml b/src/chrome/content/rules/Helsingor.dk.xml
index 0ad45b3bf17b..2d1a2cd7640e 100644
--- a/src/chrome/content/rules/Helsingor.dk.xml
+++ b/src/chrome/content/rules/Helsingor.dk.xml
@@ -2,7 +2,7 @@
 	Subdomains not covered:
 		- rotteanmeldelse¹
 		- webgis¹
-	
+
 	¹: Refused
 -->
 <ruleset name="Helsingor.dk">
diff --git a/src/chrome/content/rules/HentaiVerse.org.xml b/src/chrome/content/rules/HentaiVerse.org.xml
new file mode 100644
index 000000000000..daf693be6663
--- /dev/null
+++ b/src/chrome/content/rules/HentaiVerse.org.xml
@@ -0,0 +1,16 @@
+<!--
+	For other E-Hentai.org coverage see E-Hentai.org.xml
+
+	Mismatched:
+		- alt
+-->
+<ruleset name="HentaiVerse.org">
+	<target host="hentaiverse.org" />
+	<target host="www.hentaiverse.org" />
+	<target host="alt.hentaiverse.org" />
+
+	<rule from="^http://alt\.hentaiverse\.org/"
+		to="https://hentaiverse.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Herald_Times_Reporter.xml b/src/chrome/content/rules/Herald_Times_Reporter.xml
index c131cca43560..a04ad2581452 100644
--- a/src/chrome/content/rules/Herald_Times_Reporter.xml
+++ b/src/chrome/content/rules/Herald_Times_Reporter.xml
@@ -15,7 +15,7 @@ Fetch error: http://htrnews.com/ => https://www.htrnews.com/: (51, "SSL: no alte
 		- deals		(mismatched, CN: *.planetdiscover.com)
 
 -->
-<ruleset name="Herald Times Reporter" default_off='failed ruleset test'>
+<ruleset name="Herald Times Reporter" default_off="failed ruleset test">
 
 	<target host="htrnews.com" />
 	<target host="*.htrnews.com" />
diff --git a/src/chrome/content/rules/Herbal-nutrition2.net.xml b/src/chrome/content/rules/Herbal-nutrition2.net.xml
index 30b5284fd59a..dc4952464f09 100644
--- a/src/chrome/content/rules/Herbal-nutrition2.net.xml
+++ b/src/chrome/content/rules/Herbal-nutrition2.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://herbal-nutrition2.net/ => https://herbal-nutrition2.net/: To
 Fetch error: http://www.herbal-nutrition2.net/ => https://www.herbal-nutrition2.net/: Too many redirects while fetching 'https://www.herbal-nutrition2.net/'
 
 -->
-<ruleset name="herbal-nutrition2.net" default_off='failed ruleset test'>
+<ruleset name="herbal-nutrition2.net" default_off="failed ruleset test">
 
 	<target host="herbal-nutrition2.net" />
 	<target host="www.herbal-nutrition2.net" />
@@ -16,4 +16,4 @@ Fetch error: http://www.herbal-nutrition2.net/ => https://www.herbal-nutrition2.
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hercrentals.com.xml b/src/chrome/content/rules/Hercrentals.com.xml
new file mode 100644
index 000000000000..0af8f078c98e
--- /dev/null
+++ b/src/chrome/content/rules/Hercrentals.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional subdomains:
+		- airwatch	(expired cert)
+		- autodiscover	(connection refused)
+		- css		(SSL handshake failed)
+		- g		(redirects to invalid www.g)
+		- ir		(SSL handshake failed)
+		- mft		(timeout)
+		- prdaemweb	(redirects to invalid www.prdaemweb)
+		- qaaem		(redirects to invalid www.qaaem)
+		- qaaemweb	(redirects to invalid www.qaaemweb)
+		- qasolr	(timeout)
+		- ra		(invalid certificate chain)
+		- rac		(invalid certificate chain)
+		- rad		(invalid certificate chain)
+		- sip		(mismatch hostname, CN: sipfed.online.lync.com)
+		- used		(mismatch hostname, CN: *.rousesales.com)
+		- vpn		(expired cert)
+		- vpnadmin	(timeout)
+
+-->
+<ruleset name="Herc Rentals">
+	<target host="hercrentals.com" />
+	<target host="www.hercrentals.com" />
+	<target host="sts.ad.hercrentals.com" />
+	<target host="aemweb.hercrentals.com" />
+	<target host="benefitsplus.hercrentals.com" />
+	<target host="careers.hercrentals.com" />
+	<target host="etrieve.hercrentals.com" />
+	<target host="etrievedev.hercrentals.com" />
+	<target host="etrieveqa.hercrentals.com" />
+	<target host="etrievestg.hercrentals.com" />
+	<target host="fleetweb.hercrentals.com" />
+	<target host="jenkins.hercrentals.com" />
+	<target host="procontrol.hercrentals.com" />
+	<target host="procontrolqa.hercrentals.com" />
+	<target host="procontrolstg.hercrentals.com" />
+	<target host="stgaemweb.hercrentals.com" />
+	<target host="stgintranet.hercrentals.com" />
+	<target host="stgwebsvc.hercrentals.com" />
+	<target host="webapp.hercrentals.com" />
+	<target host="websvc.hercrentals.com" />
+
+  	<securecookie host="^www\.hercrentals\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Herefordshire.gov.uk.xml b/src/chrome/content/rules/Herefordshire.gov.uk.xml
index 0e48e375f2fd..38e5f78e54db 100644
--- a/src/chrome/content/rules/Herefordshire.gov.uk.xml
+++ b/src/chrome/content/rules/Herefordshire.gov.uk.xml
@@ -61,7 +61,7 @@
 
 	<securecookie host="^\." name="^_gat?$" />
 	<securecookie host="^\w" name=".+" />
-	
+
 	<rule from="^http://herefordshire\.gov\.uk/"
 			to="https://www.herefordshire.gov.uk/" />
 
diff --git a/src/chrome/content/rules/HeroX.com.xml b/src/chrome/content/rules/HeroX.com.xml
index f1874a358abe..9ef9da2e51fd 100644
--- a/src/chrome/content/rules/HeroX.com.xml
+++ b/src/chrome/content/rules/HeroX.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.herox.com/ => https://www.herox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.herox.com'")
 
 -->
-<ruleset name="HeroX.com" default_off='failed ruleset test'>
+<ruleset name="HeroX.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml b/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml
index 479e981d4b8a..acaa244dbd91 100644
--- a/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml
+++ b/src/chrome/content/rules/Hertsdirect.org-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://drivertraining.hertsdirect.org/ => https://drivertraining.he
 	For rules not causing false/broken MCB, see Hertsdirect.org.xml.
 
 -->
-<ruleset name="hertsdirect.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="hertsdirect.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="drivertraining.hertsdirect.org" />
 
diff --git a/src/chrome/content/rules/Hertsdirect.org.xml b/src/chrome/content/rules/Hertsdirect.org.xml
index 89feb43662c2..cf0815a7fe1f 100644
--- a/src/chrome/content/rules/Hertsdirect.org.xml
+++ b/src/chrome/content/rules/Hertsdirect.org.xml
@@ -58,7 +58,7 @@ Fetch error: http://m.hertsdirect.org/images/interface/govmetric_orangeface28x28
 	ˢ Secured by us
 
 -->
-<ruleset name="hertsdirect.org (partial)" default_off='failed ruleset test'>
+<ruleset name="hertsdirect.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hertz-Australia.xml b/src/chrome/content/rules/Hertz-Australia.xml
index 8ed50ffe9b54..957fc544a63d 100644
--- a/src/chrome/content/rules/Hertz-Australia.xml
+++ b/src/chrome/content/rules/Hertz-Australia.xml
@@ -40,7 +40,7 @@ Non-2xx HTTP code: http://www.hertz.com.au/ (200) => https://www.hertz.com.au/ (
 		- Hertz-UAE.xml
 		- Hertz-UK.xml
 		- Hertz-US.xml
-		
+
 	Non-functional domains:
 		- (www.)hertzrent2buy.com.au	(¹, CN: secure.cdsonline.com.au)
 		- (www.)hertzcarsales.com.au	(¹, CN: secure.cdsonline.com.au)
@@ -49,7 +49,7 @@ Non-2xx HTTP code: http://www.hertz.com.au/ (200) => https://www.hertz.com.au/ (
 
 	¹ hostname mismatch
 -->
-<ruleset name="Hertz Australia" default_off='failed ruleset test'>
+<ruleset name="Hertz Australia" default_off="failed ruleset test">
 	<target host="www.hertz.com.au" />
 	<target host=    "hertztrucks.com.au" />
 	<target host="www.hertztrucks.com.au" />
diff --git a/src/chrome/content/rules/Hertz-Austria.xml b/src/chrome/content/rules/Hertz-Austria.xml
index 1e1a5fd63ee9..b3d5b253bdfb 100644
--- a/src/chrome/content/rules/Hertz-Austria.xml
+++ b/src/chrome/content/rules/Hertz-Austria.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.at/ (200) => https://www.hertz.at/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Austria" default_off='failed ruleset test'>
+<ruleset name="Hertz Austria" default_off="failed ruleset test">
 	<target host="www.hertz.at" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Belgium.xml b/src/chrome/content/rules/Hertz-Belgium.xml
index d290453c7747..ab53b340545b 100644
--- a/src/chrome/content/rules/Hertz-Belgium.xml
+++ b/src/chrome/content/rules/Hertz-Belgium.xml
@@ -42,7 +42,7 @@ Non-2xx HTTP code: http://nl.hertz.be/ (200) => https://nl.hertz.be/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Belgium" default_off='failed ruleset test'>
+<ruleset name="Hertz Belgium" default_off="failed ruleset test">
 	<target host="fr.hertz.be" />
 	<target host="hertz247.be" />
 	<target host="nl.hertz.be" />
diff --git a/src/chrome/content/rules/Hertz-Canada.xml b/src/chrome/content/rules/Hertz-Canada.xml
index 38a75fb6435b..e783886901d5 100644
--- a/src/chrome/content/rules/Hertz-Canada.xml
+++ b/src/chrome/content/rules/Hertz-Canada.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://fr.hertz.ca/ (200) => https://fr.hertz.ca/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Canda" default_off='failed ruleset test'>
+<ruleset name="Hertz Canda" default_off="failed ruleset test">
 	<target host="fr.hertz.ca" />
 	<target host="www.hertz.ca" />
 
diff --git a/src/chrome/content/rules/Hertz-China.xml b/src/chrome/content/rules/Hertz-China.xml
index fc3db925c8e6..062c8de46a78 100644
--- a/src/chrome/content/rules/Hertz-China.xml
+++ b/src/chrome/content/rules/Hertz-China.xml
@@ -1,8 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://www.hertz.cn/ (200) => https://www.hertz.cn/ (403)
-
 	Other Hertz rulesets:
 		- Hertz-Australia.xml
 		- Hertz-Austria.xml
@@ -41,9 +37,8 @@ Non-2xx HTTP code: http://www.hertz.cn/ (200) => https://www.hertz.cn/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz China" default_off='failed ruleset test'>
+<ruleset name="Hertz China">
 	<target host="www.hertz.cn" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hertz-Croatia.xml b/src/chrome/content/rules/Hertz-Croatia.xml
index 1b2983437100..06bcabaafdee 100644
--- a/src/chrome/content/rules/Hertz-Croatia.xml
+++ b/src/chrome/content/rules/Hertz-Croatia.xml
@@ -41,7 +41,7 @@ Fetch error: http://www.hertz.hr/ => https://www.hertz.hr/: (35, 'Unknown SSL pr
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Croatia" default_off='failed ruleset test'>
+<ruleset name="Hertz Croatia" default_off="failed ruleset test">
 	<target host="www.hertz.hr" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Finland.xml b/src/chrome/content/rules/Hertz-Finland.xml
index 3cfcc838bfc5..e3e4cefd30ac 100644
--- a/src/chrome/content/rules/Hertz-Finland.xml
+++ b/src/chrome/content/rules/Hertz-Finland.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.fi/ (200) => https://www.hertz.fi/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Finland" default_off='failed ruleset test'>
+<ruleset name="Hertz Finland" default_off="failed ruleset test">
 	<target host="www.hertz.fi" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Germany.xml b/src/chrome/content/rules/Hertz-Germany.xml
index 27ffea82fd66..c8444c86107d 100644
--- a/src/chrome/content/rules/Hertz-Germany.xml
+++ b/src/chrome/content/rules/Hertz-Germany.xml
@@ -54,7 +54,7 @@ Non-2xx HTTP code: http://www.hertztrucks.de/ (200) => https://www.hertztrucks.d
 
 -->
 
-<ruleset name="Hertz Germany" default_off='failed ruleset test'>
+<ruleset name="Hertz Germany" default_off="failed ruleset test">
 	<target host="hertz247.de" />
 	<target host="www.hertz247.de" />
 	<target host="www.hertztrucks.de" />
diff --git a/src/chrome/content/rules/Hertz-Hong-Kong.xml b/src/chrome/content/rules/Hertz-Hong-Kong.xml
index c618b734dab4..40d46e74e190 100644
--- a/src/chrome/content/rules/Hertz-Hong-Kong.xml
+++ b/src/chrome/content/rules/Hertz-Hong-Kong.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.com.hk/ (200) => https://www.hertz.com.hk/ (
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Hong Kong" default_off='failed ruleset test'>
+<ruleset name="Hertz Hong Kong" default_off="failed ruleset test">
 	<target host="www.hertz.com.hk" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Indonesia.xml b/src/chrome/content/rules/Hertz-Indonesia.xml
index d234bdce7e04..10848766ad62 100644
--- a/src/chrome/content/rules/Hertz-Indonesia.xml
+++ b/src/chrome/content/rules/Hertz-Indonesia.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.co.id/ (200) => https://www.hertz.co.id/ (40
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Indonesia" default_off='failed ruleset test'>
+<ruleset name="Hertz Indonesia" default_off="failed ruleset test">
 	<target host="www.hertz.co.id" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Ireland.xml b/src/chrome/content/rules/Hertz-Ireland.xml
index 77377e706b9d..392e09f476d8 100644
--- a/src/chrome/content/rules/Hertz-Ireland.xml
+++ b/src/chrome/content/rules/Hertz-Ireland.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.ie/ (200) => https://www.hertz.ie/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Ireland" default_off='failed ruleset test'>
+<ruleset name="Hertz Ireland" default_off="failed ruleset test">
 	<target host="hertz247.ie" />
 	<target host="www.hertz247.ie" />
 	<target host="www.hertz.ie" />
diff --git a/src/chrome/content/rules/Hertz-Italy.xml b/src/chrome/content/rules/Hertz-Italy.xml
index 291cede64dac..28f512f91e4f 100644
--- a/src/chrome/content/rules/Hertz-Italy.xml
+++ b/src/chrome/content/rules/Hertz-Italy.xml
@@ -50,7 +50,7 @@ Non-2xx HTTP code: http://www.hertz.it/ (200) => https://www.hertz.it/ (403)
 		- (www.)hertzusato.it		(self-signed)
 -->
 
-<ruleset name="Hertz Italy" default_off='failed ruleset test'>
+<ruleset name="Hertz Italy" default_off="failed ruleset test">
 	<target host="hertz247.it" />
 	<target host="www.hertz247.it" />
 	<target host="www.hertz.it" />
diff --git a/src/chrome/content/rules/Hertz-Kuwait.xml b/src/chrome/content/rules/Hertz-Kuwait.xml
index ebc21ee7bc18..ebda6abc1205 100644
--- a/src/chrome/content/rules/Hertz-Kuwait.xml
+++ b/src/chrome/content/rules/Hertz-Kuwait.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.com.kw/ (200) => https://www.hertz.com.kw/ (
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Kuwait" default_off='failed ruleset test'>
+<ruleset name="Hertz Kuwait" default_off="failed ruleset test">
 	<target host="www.hertz.com.kw" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Netherlands.xml b/src/chrome/content/rules/Hertz-Netherlands.xml
index f71f3413f91b..ea82e3857559 100644
--- a/src/chrome/content/rules/Hertz-Netherlands.xml
+++ b/src/chrome/content/rules/Hertz-Netherlands.xml
@@ -44,7 +44,7 @@ Non-2xx HTTP code: http://www.hertz.nl/ (200) => https://www.hertz.nl/ (403)
 	Non-functional domains:
 		- (www.)minilease.nl	(connection refused)
 -->
-<ruleset name="Hertz Netherlands" default_off='failed ruleset test'>
+<ruleset name="Hertz Netherlands" default_off="failed ruleset test">
 	<target host="hertz247.nl" />
 	<target host="www.hertz247.nl" />
 	<target host="www.hertz.nl" />
diff --git a/src/chrome/content/rules/Hertz-New-Zealand.xml b/src/chrome/content/rules/Hertz-New-Zealand.xml
index 75d72eb241a7..5c06a382e22b 100644
--- a/src/chrome/content/rules/Hertz-New-Zealand.xml
+++ b/src/chrome/content/rules/Hertz-New-Zealand.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.co.nz/ (200) => https://www.hertz.co.nz/ (40
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz New Zealand" default_off='failed ruleset test'>
+<ruleset name="Hertz New Zealand" default_off="failed ruleset test">
 	<target host="www.hertz.co.nz" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Norway.xml b/src/chrome/content/rules/Hertz-Norway.xml
index 2d17e8b23ddb..8e8d0b80c68c 100644
--- a/src/chrome/content/rules/Hertz-Norway.xml
+++ b/src/chrome/content/rules/Hertz-Norway.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.no/ (200) => https://www.hertz.no/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Norway" default_off='failed ruleset test'>
+<ruleset name="Hertz Norway" default_off="failed ruleset test">
 	<target host="www.hertz.no" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Portugal.xml b/src/chrome/content/rules/Hertz-Portugal.xml
index 1cf005bc96ee..e64df3609e0c 100644
--- a/src/chrome/content/rules/Hertz-Portugal.xml
+++ b/src/chrome/content/rules/Hertz-Portugal.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.pt/ (200) => https://www.hertz.pt/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Portugal" default_off='failed ruleset test'>
+<ruleset name="Hertz Portugal" default_off="failed ruleset test">
 	<target host="hertz247.pt" />
 	<target host="www.hertz247.pt" />
 	<target host="www.hertz.com.pt" />
diff --git a/src/chrome/content/rules/Hertz-Qatar.xml b/src/chrome/content/rules/Hertz-Qatar.xml
index 58b1f2cddef4..1c88d541600e 100644
--- a/src/chrome/content/rules/Hertz-Qatar.xml
+++ b/src/chrome/content/rules/Hertz-Qatar.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.qa/ (200) => https://www.hertz.qa/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Qatar" default_off='failed ruleset test'>
+<ruleset name="Hertz Qatar" default_off="failed ruleset test">
 	<target host="www.hertz.qa" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-South-Korea.xml b/src/chrome/content/rules/Hertz-South-Korea.xml
index 7007de3c3935..e1dcd23640bc 100644
--- a/src/chrome/content/rules/Hertz-South-Korea.xml
+++ b/src/chrome/content/rules/Hertz-South-Korea.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.co.kr/ (200) => https://www.hertz.co.kr/ (40
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz South Korea" default_off='failed ruleset test'>
+<ruleset name="Hertz South Korea" default_off="failed ruleset test">
 	<target host="www.hertz.co.kr" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Spain.xml b/src/chrome/content/rules/Hertz-Spain.xml
index 7ad8e146594f..38c59b519a5f 100644
--- a/src/chrome/content/rules/Hertz-Spain.xml
+++ b/src/chrome/content/rules/Hertz-Spain.xml
@@ -51,7 +51,7 @@ Non-2xx HTTP code: http://www.hertz.es/ (200) => https://www.hertz.es/ (403)
 	¹ hostname mismatch
 -->
 
-<ruleset name="Hertz Spain" default_off='failed ruleset test'>
+<ruleset name="Hertz Spain" default_off="failed ruleset test">
 	<target host="hertz247.es" />
 	<target host="www.hertz247.es" />
 	<target host="www.hertz.es" />
diff --git a/src/chrome/content/rules/Hertz-Sweden.xml b/src/chrome/content/rules/Hertz-Sweden.xml
index 207b5939fd15..ef430eb1d4a4 100644
--- a/src/chrome/content/rules/Hertz-Sweden.xml
+++ b/src/chrome/content/rules/Hertz-Sweden.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.se/ (200) => https://www.hertz.se/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Sweden" default_off='failed ruleset test'>
+<ruleset name="Hertz Sweden" default_off="failed ruleset test">
 	<target host="www.hertz.se" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-Switzerland.xml b/src/chrome/content/rules/Hertz-Switzerland.xml
index 12b1effc4531..14b8a5b23c16 100644
--- a/src/chrome/content/rules/Hertz-Switzerland.xml
+++ b/src/chrome/content/rules/Hertz-Switzerland.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://fr.hertz.ch/ (200) => https://fr.hertz.ch/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Switzerland" default_off='failed ruleset test'>
+<ruleset name="Hertz Switzerland" default_off="failed ruleset test">
 	<target host="fr.hertz.ch" />
 	<target host="www.hertz.ch" />
 
diff --git a/src/chrome/content/rules/Hertz-Taiwan.xml b/src/chrome/content/rules/Hertz-Taiwan.xml
index 9b853f8f6329..67cb2bb897ce 100644
--- a/src/chrome/content/rules/Hertz-Taiwan.xml
+++ b/src/chrome/content/rules/Hertz-Taiwan.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.com.tw/ (200) => https://www.hertz.com.tw/ (
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz Taiwan" default_off='failed ruleset test'>
+<ruleset name="Hertz Taiwan" default_off="failed ruleset test">
 	<target host="www.hertz.com.tw" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-UAE.xml b/src/chrome/content/rules/Hertz-UAE.xml
index c1eef871d124..466675a3ecdf 100644
--- a/src/chrome/content/rules/Hertz-UAE.xml
+++ b/src/chrome/content/rules/Hertz-UAE.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://www.hertz.ae/ (200) => https://www.hertz.ae/ (403)
 		- Hertz-UK.xml
 		- Hertz-US.xml
 -->
-<ruleset name="Hertz UAE" default_off='failed ruleset test'>
+<ruleset name="Hertz UAE" default_off="failed ruleset test">
 	<target host="www.hertz.ae" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hertz-UK.xml b/src/chrome/content/rules/Hertz-UK.xml
index 52541d4a3af4..80527aa93c9d 100644
--- a/src/chrome/content/rules/Hertz-UK.xml
+++ b/src/chrome/content/rules/Hertz-UK.xml
@@ -53,7 +53,7 @@ Non-2xx HTTP code: http://www.hertzvans.co.uk/ (200) => https://www.hertzvans.co
 	¹ hostname mismatch
 -->
 
-<ruleset name="Hertz UK" default_off='failed ruleset test'>
+<ruleset name="Hertz UK" default_off="failed ruleset test">
 	<target host="hertz247.co.uk" />
 	<target host="hertz.co.uk" />
 	<target host="www.hertz.co.uk" />
diff --git a/src/chrome/content/rules/Hertz-US.xml b/src/chrome/content/rules/Hertz-US.xml
index 01d75d5ba70f..0a7451ffffce 100644
--- a/src/chrome/content/rules/Hertz-US.xml
+++ b/src/chrome/content/rules/Hertz-US.xml
@@ -73,7 +73,7 @@ Fetch error: http://www.hertzequipsales.com/ => https://www.hertzequipsales.com/
 	¹ invalid hostname
 	² timeout
 -->
-<ruleset name="Hertz US" default_off='failed ruleset test'>
+<ruleset name="Hertz US" default_off="failed ruleset test">
 
 	<!-- only country-specific subdomains are valid, despite matching SSL cert
 	<target host="hertz-carsales.com" />-->
diff --git a/src/chrome/content/rules/Hesapla_Bakalim.com.xml b/src/chrome/content/rules/Hesapla_Bakalim.com.xml
index 3dfe6a70ba60..9b7e094e2593 100644
--- a/src/chrome/content/rules/Hesapla_Bakalim.com.xml
+++ b/src/chrome/content/rules/Hesapla_Bakalim.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.hesaplabakalim.com/ => https://www.hesaplabakalim.com/:
 	* Secured by us
 
 -->
-<ruleset name="Hesapla Bakalim.com" default_off='failed ruleset test'>
+<ruleset name="Hesapla Bakalim.com" default_off="failed ruleset test">
 
 	<target host="hesaplabakalim.com" />
 	<target host="www.hesaplabakalim.com" />
diff --git a/src/chrome/content/rules/Hesecure.com.xml b/src/chrome/content/rules/Hesecure.com.xml
index 6630a6ed352a..55b2dcf9f0ee 100644
--- a/src/chrome/content/rules/Hesecure.com.xml
+++ b/src/chrome/content/rules/Hesecure.com.xml
@@ -7,10 +7,10 @@
 	<target host="*.c13.hesecure.com" />
 
 
-	<securecookie host=".+\.c13\.hesecure\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.c13\.hesecure\.com/"
 		to="https://$1.c13.hesecure.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hewlett-Packard.xml b/src/chrome/content/rules/Hewlett-Packard.xml
index 78f10566dd8d..1b1558bcc8ba 100644
--- a/src/chrome/content/rules/Hewlett-Packard.xml
+++ b/src/chrome/content/rules/Hewlett-Packard.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Hewlett Packard rulesets:
 
-		- Compaq.com.xml
 		- HP_Cloud.com.xml
 		- Optimost.xml
 		- Palm.com.xml
@@ -199,7 +198,7 @@
 
 	<rule from="^http://(?:ssl\.)?www8\.hp\.com/"
 		to="https://ssl.www8.hp.com/" />
-		
+
 	<rule from="^http://([^/:@.]+|community\.dev|v4nzproa\.houston|(?:apps|uat|apps\.uat)\.protect724)\.hp\.com/"
 		to="https://$1.hp.com/" />
 
diff --git a/src/chrome/content/rules/Hexonet.xml b/src/chrome/content/rules/Hexonet.xml
index ff23b4958470..3d577baa8fa5 100644
--- a/src/chrome/content/rules/Hexonet.xml
+++ b/src/chrome/content/rules/Hexonet.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://demo\.hexonet\.net/(?:\?.*)?$"
 		to="https://cp-ote.hexonet.net/cp2/index.php/domain/listing/?LOGIN_USER=test.user&amp;LOGIN_PASSWORD=test.passw0rd" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hexplo.it.xml b/src/chrome/content/rules/Hexplo.it.xml
index 90630bbcf353..18fccb67ebfa 100644
--- a/src/chrome/content/rules/Hexplo.it.xml
+++ b/src/chrome/content/rules/Hexplo.it.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.hexplo.it/ => https://www.hexplo.it/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hexplo.it'")
 
 -->
-<ruleset name="Hexplo.it" default_off='failed ruleset test'>
+<ruleset name="Hexplo.it" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hezenparastin.com.xml b/src/chrome/content/rules/Hezenparastin.com.xml
deleted file mode 100644
index 7731cce06775..000000000000
--- a/src/chrome/content/rules/Hezenparastin.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Hezenparastin.com" platform="mixedcontent">
-	<target host="hezenparastin.com" />
-	<target host="www.hezenparastin.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hft-leipzig.de.xml b/src/chrome/content/rules/Hft-leipzig.de.xml
index b03cd67a38c3..816b06f88541 100644
--- a/src/chrome/content/rules/Hft-leipzig.de.xml
+++ b/src/chrome/content/rules/Hft-leipzig.de.xml
@@ -11,7 +11,7 @@
 		- www.bpmn  -> wrong domain
 		- bibo      -> no connection
 		- www1      -> different site
-	
+
 	Notes:
 		- www1   -> different sites, but also HTTP version is useless for visitor, real sites like https://www1.hft-leipzig.de/bpmn/ e.g. works.
 -->
diff --git a/src/chrome/content/rules/Hi.nl.xml b/src/chrome/content/rules/Hi.nl.xml
index 4abe453f4c2e..da7efadbb73d 100644
--- a/src/chrome/content/rules/Hi.nl.xml
+++ b/src/chrome/content/rules/Hi.nl.xml
@@ -1,6 +1,6 @@
 <ruleset name="Hi">
   <target host="*.hi.nl" />
-  
+
   <rule from="^http://(?:www\.)?hi\.nl/" to="https://www.hi.nl/"/>
   <rule from="^http://shop\.(?:www\.)?hi\.nl/" to="https://shop.www.hi.nl/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HiFX.xml b/src/chrome/content/rules/HiFX.xml
index 49ef92810a3f..27a7286e1f60 100644
--- a/src/chrome/content/rules/HiFX.xml
+++ b/src/chrome/content/rules/HiFX.xml
@@ -7,7 +7,8 @@
 	<target host="hifx.co.uk" />
 	<target host="www.hifx.co.uk" />
 	<target host="hifxonline.co.uk" />
-	<target host="*.hifxonline.co.uk" />
+	<target host="www.hifxonline.co.uk" />
+	<target host="postoffice.hifxonline.co.uk" />
 
 
 	<securecookie host="^(?:postoffice|www)\.hifx(?:online)?\.co\.uk$" name=".+" />
@@ -16,7 +17,6 @@
 	<rule from="^http://(?:www\.)?hifx(online)?\.co\.uk/"
 		to="https://www.hifx$1.co.uk/" />
 
-	<rule from="^http://postoffice\.hifxonline\.co\.uk/"
-		to="https://postoffice.hifxonline.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HiPEAC.net.xml b/src/chrome/content/rules/HiPEAC.net.xml
index 2112cab577e6..c26ae6c82aae 100644
--- a/src/chrome/content/rules/HiPEAC.net.xml
+++ b/src/chrome/content/rules/HiPEAC.net.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.hipeac.org/ => https://www.hipeac.org/: (28, 'Connection
 	² Shows www.hipeac.org
 
 -->
-<ruleset name="HiPEAC.net (partial)" default_off='failed ruleset test'>
+<ruleset name="HiPEAC.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hide.me.xml b/src/chrome/content/rules/Hide.me.xml
index d157f5caa52c..36681d544c02 100644
--- a/src/chrome/content/rules/Hide.me.xml
+++ b/src/chrome/content/rules/Hide.me.xml
@@ -1,23 +1,12 @@
 <!--
-	Fully covered hosts in *hide.me:
-		(www.)?
-		community
-		member
-	These altnames don't exist:
-		www.community.hide.me
 	Timeout:
 		nl.hideproxy.me
 -->
-<ruleset name="hide.me">
-	<target host="hide.me" />
-	<target host="www.hide.me" />
-	<target host="community.hide.me" />
-	<target host="member.hide.me" />
+<ruleset name="Hide.me">
 
 	<target host="de.hideproxy.me" />
-	<target host="us.hideproxy.me" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"	to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hideman.net.xml b/src/chrome/content/rules/Hideman.net.xml
index bfbe3062c914..9a617062f1c2 100644
--- a/src/chrome/content/rules/Hideman.net.xml
+++ b/src/chrome/content/rules/Hideman.net.xml
@@ -14,13 +14,14 @@
 <ruleset name="Hideman.net">
 
 	<target host="hideman.net" />
-	<target host="*.hideman.net" />
+	<!--target host="cdn.hideman.net" /-->
+	<target host="static.hideman.net" />
+	<target host="www.hideman.net" />
 
 
 	<securecookie host="^\.hideman\.net$" name=".+" />
 
 
-	<rule from="^http://((?:cdn|static|www)\.)?hideman\.net/"
-		to="https://$1hideman.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hidemyass.xml b/src/chrome/content/rules/Hidemyass.xml
index ddf6ca5b26e0..bd53204fd164 100644
--- a/src/chrome/content/rules/Hidemyass.xml
+++ b/src/chrome/content/rules/Hidemyass.xml
@@ -10,13 +10,13 @@
 	<target host="hidemyass.com"/>
 	<target host="*.hidemyass.com"/>
 
-	
+
 	<!--	Observed cookie domains:
 
 			- ^.
 			- ^affiliate
 					-->
-	<securecookie host="^(?:.*\.)?hidemyass\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	cert !valid for !www	-->
diff --git a/src/chrome/content/rules/Hidepay.net.xml b/src/chrome/content/rules/Hidepay.net.xml
index e0be1136c82e..f9a468728b92 100644
--- a/src/chrome/content/rules/Hidepay.net.xml
+++ b/src/chrome/content/rules/Hidepay.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.hidepay.net/ => https://www.hidepay.net/: (6, 'Could not
 	For other Hideman coverage, see Hideman.net.xml.
 
 -->
-<ruleset name="Hidepay.net" default_off='failed ruleset test'>
+<ruleset name="Hidepay.net" default_off="failed ruleset test">
 
 	<target host="hidepay.net" />
 	<target host="www.hidepay.net" />
diff --git a/src/chrome/content/rules/High.fi.xml b/src/chrome/content/rules/High.fi.xml
new file mode 100644
index 000000000000..3f00269d9868
--- /dev/null
+++ b/src/chrome/content/rules/High.fi.xml
@@ -0,0 +1,13 @@
+<ruleset name="High.fi">
+	<target host="high.fi" />
+	<target host="www.high.fi" />
+	<target host="ee.high.fi" />
+	<target host="en.high.fi" />
+	<target host="fi.high.fi" />
+	<target host="it.high.fi" />
+	<target host="no.high.fi" />
+	<target host="sv.high.fi" />
+	<target host="widget.high.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HighQ_Solutions.xml b/src/chrome/content/rules/HighQ_Solutions.xml
index fa59fc53f26f..68b27a04b397 100644
--- a/src/chrome/content/rules/HighQ_Solutions.xml
+++ b/src/chrome/content/rules/HighQ_Solutions.xml
@@ -17,7 +17,8 @@
 <ruleset name="HighQ Solutions" default_off="self-signed">
 
 	<target host="highqsolutions.com" />
-	<target host="*.highqsolutions.com" />
+	<target host="www.highqsolutions.com" />
+	<target host="support.highqsolutions.com" />
 
 
 	<rule from="^http://(?:www\.)?highqsolutions\.com/"
@@ -26,4 +27,4 @@
 	<rule from="^http://support\.highqsolutions\.com/(generated|system)/"
 		to="https://assets.zendesk.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HighWire.xml b/src/chrome/content/rules/HighWire.xml
deleted file mode 100644
index e2ee0c8c703a..000000000000
--- a/src/chrome/content/rules/HighWire.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="HighWire (partial)">
-
-	<target host="shibboleth.highwire.org" />
-
-
-	<securecookie host="^shibboleth\.highwire\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Highcharts.com-mixedcontent.xml b/src/chrome/content/rules/Highcharts.com-mixedcontent.xml
deleted file mode 100644
index 95afe708bf1b..000000000000
--- a/src/chrome/content/rules/Highcharts.com-mixedcontent.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing valid MCB, see Highcharts.com.xml.
-
--->
-<ruleset name="Highcharts.com (MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="code.highcharts.com" />
-
-
-	<securecookie host="^\.highcharts\.com$" name="^(?:__cfduid|cf_clearance)$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Highcharts.com.xml b/src/chrome/content/rules/Highcharts.com.xml
index ca9358ee6e79..a125ea758e9b 100644
--- a/src/chrome/content/rules/Highcharts.com.xml
+++ b/src/chrome/content/rules/Highcharts.com.xml
@@ -1,39 +1,21 @@
 <!--
-	For rules causing valid MCB, see Highcharts.com-mixedcontent.xml.
+	Other Highcharts.com related rulesets:
+		+ Highsoft.com.xml
 
-	MCB:
-		code.highcharts.com/mapdata/
-
-	Redirects to http:
-		api.highcharts.com
-
-	Too many redirects:
-		^	( equal to www. )
-
-	These altnames don't exist:
-		- www.shop.highsoft.com
+	Non-functional hosts
+		Redirect to HTTP:
+		- highcharts.com
 -->
-
 <ruleset name="Highcharts.com (partial)">
 	<target host="highcharts.com" />
-	<rule from="^http://highcharts\.com/" to="https://www.highcharts.com/" />
-
 	<target host="www.highcharts.com" />
+	<target host="api.highcharts.com" />
+	<target host="code.highcharts.com" />
 	<target host="cloud.highcharts.com" />
 	<target host="forum.highcharts.com" />
 
-	<target host="shop.highsoft.com" />
-
-	<!--	MCB:	-->
-	<target host="code.highcharts.com" />
-		<exclusion pattern="^http://code\.highcharts\.com/mapdata/" />
-
-			<test url="http://code.highcharts.com/mapdata/" />
-			<test url="http://code.highcharts.com/mapdata/1.0.0/" />
-			<test url="http://code.highcharts.com/mapdata/changelog.html" />
-
-			<test url="http://code.highcharts.com/2.3.5/modules/canvas-tools.js" />
-			<test url="http://code.highcharts.com/4.0.4/gfx/vml-radial-gradient.png" />
+	<rule from="^http://highcharts\.com/"
+		to="https://www.highcharts.com/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Higher_Education_Academy.xml b/src/chrome/content/rules/Higher_Education_Academy.xml
index 26df474afff9..41ef7300e74d 100644
--- a/src/chrome/content/rules/Higher_Education_Academy.xml
+++ b/src/chrome/content/rules/Higher_Education_Academy.xml
@@ -1,35 +1,27 @@
 <!--
 	Nonfunctional subdomains:
 
-		- (www.)	(replies with http)
-
-
-	Fully covered subdomains:
-
-		- anywhere
-		- autodiscover
-		- groupspace
-		- heagateway
-		- heamysites
-		- integra
-		- my
-		- oma
-		- owa
-		- portaltest
-		- servicedesk
-		- vpn
-		- webmail
+	Connection refused:
+		- autodiscover.heacademy.ac.uk
 
 -->
 <ruleset name="Higher Education Academy (partial)">
 
-	<target host="*.heacademy.ac.uk" />
+	<target host="heacademy.ac.uk" />
+	<target host="www.heacademy.ac.uk" />
+	<target host="anywhere.heacademy.ac.uk" />
+	<target host="groupspace.heacademy.ac.uk" />
+	<target host="heagateway.heacademy.ac.uk" />
+	<target host="heamysites.heacademy.ac.uk" />
+	<target host="my.heacademy.ac.uk" />
+	<target host="oma.heacademy.ac.uk" />
+	<target host="owa.heacademy.ac.uk" />
+	<target host="webmail.heacademy.ac.uk" />
 
 
-	<securecookie host="^.+\.heacademy\.ac\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(anywhere|autodiscover|groupspace|heagateway|heamysites|integra|my|o[mw]a|portaltest|servicedesk|vpn|webmail)\.heacademy\.ac\.uk/"
-		to="https://$1.heacademy.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Highsoft.com.xml b/src/chrome/content/rules/Highsoft.com.xml
new file mode 100644
index 000000000000..8b70d9368587
--- /dev/null
+++ b/src/chrome/content/rules/Highsoft.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Highcharts.com related rulesets, see Highcharts.com.xml
+-->
+<ruleset name="Highsoft.com (partial)">
+	<target host="highsoft.com" />
+	<target host="www.highsoft.com" />
+	<target host="shop.highsoft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Highwebmedia.com.xml b/src/chrome/content/rules/Highwebmedia.com.xml
index 82263db5f52d..b138217d527c 100644
--- a/src/chrome/content/rules/Highwebmedia.com.xml
+++ b/src/chrome/content/rules/Highwebmedia.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://ssl-cdn.highwebmedia.com/ => https://ssl-cdn.highwebmedia.co
 		- .highwebmedia.com
 
 -->
-<ruleset name="highwebmedia.com" default_off='failed ruleset test'>
+<ruleset name="highwebmedia.com" default_off="failed ruleset test">
 
 	<target host="ssl-ccstatic.highwebmedia.com" />
 	<target host="ssl-cdn.highwebmedia.com" />
diff --git a/src/chrome/content/rules/Himediadx.com.xml b/src/chrome/content/rules/Himediadx.com.xml
index f308abe5b7dc..207b37c4719c 100644
--- a/src/chrome/content/rules/Himediadx.com.xml
+++ b/src/chrome/content/rules/Himediadx.com.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://ad\.himediadx\.com/"
 		to="https://ib.adnxs.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml b/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml
index d4d0fe582b4a..528721f31379 100644
--- a/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml
+++ b/src/chrome/content/rules/Hinckley-Bosworth.gov.uk.xml
@@ -26,7 +26,7 @@ Fetch error: http://services.hinckley-bosworth.gov.uk/ => https://services.hinck
 		- .www.hinckley-bosworth.gov.uk
 
 -->
-<ruleset name="Hinckley-Bosworth.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Hinckley-Bosworth.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="hinckley-bosworth.gov.uk" />
 	<target host="access.hinckley-bosworth.gov.uk" />
diff --git a/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml b/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml
index c0ccdacc0453..6d4dbd7bfa21 100644
--- a/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml
+++ b/src/chrome/content/rules/Hinckley_and_Bosworth_online.org.uk.xml
@@ -20,6 +20,8 @@
 	<rule from="^http://(?:www\.)?hinckleyandbosworthonline\.org\.uk/+"
 		to="https://www.hinckley-bosworth.gov.uk/" />
 
-		<test url="http://www.hinckleyandbosworthonline.org.uk/default.aspx" />
+		<test url="http://www.hinckleyandbosworthonline.org.uk/myarea" />
+		<test url="http://www.hinckleyandbosworthonline.org.uk/contact" />
+		<test url="http://www.hinckleyandbosworthonline.org.uk/atoz" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HindustanTimes.com.xml b/src/chrome/content/rules/HindustanTimes.com.xml
new file mode 100644
index 000000000000..a66afb7a68d0
--- /dev/null
+++ b/src/chrome/content/rules/HindustanTimes.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- staging-htgifa.hindustantimes.com
+
+		SSL peer certificate was not OK:
+		- www.paathshala.hindustantimes.com
+
+		Incomplete certificate chain error:
+		- sis.hindustantimes.com
+-->
+<ruleset name="HindustanTimes.com">
+	<target host="hindustantimes.com" />
+	<target host="www.hindustantimes.com" />
+	<target host="accounts.hindustantimes.com" />
+	<target host="analytics.hindustantimes.com" />
+	<target host="auto.hindustantimes.com" />
+	<target host="bangla.hindustantimes.com" />
+	<target host="brandleadership.hindustantimes.com" />
+	<target host="epaper.hindustantimes.com" />
+	<target host="epst.hindustantimes.com" />
+	<target host="healthshots.hindustantimes.com" />
+	<target host="herowecare.hindustantimes.com" />
+	<target host="www.htgifa.hindustantimes.com" />
+	<target host="indiashopps.hindustantimes.com" />
+	<target host="kalaghoda.hindustantimes.com" />
+	<target host="liveupdates.hindustantimes.com" />
+	<target host="m.hindustantimes.com" />
+	<target host="marathi.hindustantimes.com" />
+	<target host="mmarathi.hindustantimes.com" />
+	<target host="mpunjabi.hindustantimes.com" />
+	<target host="notify.hindustantimes.com" />
+	<target host="punjabi.hindustantimes.com" />
+	<target host="reducetheuse.hindustantimes.com" />
+	<target host="unclogmumbai.hindustantimes.com" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hip-Hop.ru.xml b/src/chrome/content/rules/Hip-Hop.ru.xml
index 367e3175df18..521e516784ac 100644
--- a/src/chrome/content/rules/Hip-Hop.ru.xml
+++ b/src/chrome/content/rules/Hip-Hop.ru.xml
@@ -1,26 +1,26 @@
-<!--
-	Mismatched (console.re):
-		- battle
-		- battle5
-		- battle6
-		- battle7
-		- battle8
-		- battle9
-		- files
-		- grundig
-		- ib15
-		- isquad
-		- kb8
-		- molodoy
-		- mral
--->
-
-<ruleset name="Hip-Hop.ru">
-	<target host="hip-hop.ru" />
-	<target host="www.hip-hop.ru" />
-	<target host="ib16.hip-hop.ru" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
+<!--
+	Mismatched (console.re):
+		- battle
+		- battle5
+		- battle6
+		- battle7
+		- battle8
+		- battle9
+		- files
+		- grundig
+		- ib15
+		- isquad
+		- kb8
+		- molodoy
+		- mral
+-->
+
+<ruleset name="Hip-Hop.ru">
+	<target host="hip-hop.ru" />
+	<target host="www.hip-hop.ru" />
+	<target host="ib16.hip-hop.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hipercor.es.xml b/src/chrome/content/rules/Hipercor.es.xml
index 53547380a5a2..602f1583e391 100644
--- a/src/chrome/content/rules/Hipercor.es.xml
+++ b/src/chrome/content/rules/Hipercor.es.xml
@@ -5,7 +5,7 @@
 	Not supporting HTTPS or using an invalid certificate:
 
 		* hipercor.es
-	
+
 		* c.hipercor.es
 		* juguetes.hipercor.es
 		* www.familiasnumerosas.hipercor.es
diff --git a/src/chrome/content/rules/Hipmunk.com-falsemixed.xml b/src/chrome/content/rules/Hipmunk.com-falsemixed.xml
deleted file mode 100644
index 8864737f10be..000000000000
--- a/src/chrome/content/rules/Hipmunk.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false MCB, see Hipmunk.com.xml.
-
--->
-<ruleset name="Hipmunk.com (false MCB)" platform="mixedcontent">
-
-	<target host="blog.hipmunk.com" />
-	<target host="*.blog.hipmunk.com" />
-
-
-	<securecookie host="^\.blog\.hipmunk\.com$" name=".+" />
-
-
-	<rule from="^http://blog\.hipmunk\.com/"
-		to="https://blog.hipmunk.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hipmunk.com.xml b/src/chrome/content/rules/Hipmunk.com.xml
deleted file mode 100644
index de04c6a39cf1..000000000000
--- a/src/chrome/content/rules/Hipmunk.com.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For rules causing false MCB, see Hipmunk.com-falsemixed.xml.
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- on blog from blog *
-			- on blog from apis.google.com **
-			- on blog from assets.pinterest.com **
-
-		- css:
-
-			- on blog from blog *
-			- on blog from fonts.googleapis.com **
-
-		- Images:
-
-			- on blog from blog *
-			- on blog from static.dezeen.com **
-
-	* Secured by us, handled in -falsemixed.xml
-	** Secured by us
-
-
-	NB: We secure all resources, and thus
-	-falsemixed should merged with Ffx 24.
-
--->
-<ruleset name="Hipmunk.com">
-  <target host="hipmunk.com" />
-	<target host="www.hipmunk.com" />
-
-
-	<securecookie host="^(?:www)?\.hipmunk\.com$" name=".+" />
-
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/HistoryOfPhilosophy.net.xml b/src/chrome/content/rules/HistoryOfPhilosophy.net.xml
deleted file mode 100644
index a7403dece0a0..000000000000
--- a/src/chrome/content/rules/HistoryOfPhilosophy.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Remark: *.historyofphilosophy.net have a wildcard DNS Record.
-
-	Invalid Certificate:
-		ww.w.historyofphilosophy.net
--->
-<ruleset name="HistoryOfPhilosophy.net">
-	<target host="historyofphilosophy.net" />
-	<target host="www.historyofphilosophy.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/HitBTC.com.xml b/src/chrome/content/rules/HitBTC.com.xml
index 2cfb097e365e..5ff463e3d345 100644
--- a/src/chrome/content/rules/HitBTC.com.xml
+++ b/src/chrome/content/rules/HitBTC.com.xml
@@ -18,8 +18,12 @@
 <ruleset name="HitBTC.com">
 
 	<target host="hitbtc.com" />
-
-	<target host="*.hitbtc.com" />
+	<target host="affiliate.hitbtc.com" />
+	<target host="auth.hitbtc.com" />
+	<target host="blog.hitbtc.com" />
+	<target host="demo.hitbtc.com" />
+	<target host="forum.hitbtc.com" />
+	<target host="www.hitbtc.com" />
 
 
 	<!--	Not secured by server:
@@ -30,7 +34,6 @@
 	<securecookie host="^(?:\.|forum\.)?hitbtc\.com$" name=".+" />
 
 
-	<rule from="^http://((?:affiliate|auth|blog|demo|forum|www)\.)?hitbtc\.com/"
-		to="https://$1hitbtc.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/HitLeap.com.xml b/src/chrome/content/rules/HitLeap.com.xml
deleted file mode 100644
index 459d3898c58f..000000000000
--- a/src/chrome/content/rules/HitLeap.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="HitLeap.com">
-
-	<target host="hitleap.com" />
-	<target host="www.hitleap.com" />
-
-
-	<securecookie host="^\.hitleap\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hitbox.com.xml b/src/chrome/content/rules/Hitbox.com.xml
deleted file mode 100644
index c24cfad90a6c..000000000000
--- a/src/chrome/content/rules/Hitbox.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://hitbox.com/ => https://www.omniture.com/: (28, 'Connection timed out after 10000 milliseconds')
-	For other Adobe coverage, see Adobe.xml.
-
-
-	Fully covered subdomains:
-
-		- ai
-		- ehg
-		- login
-		- \w+		(per-client subdomains)
-
--->
-<ruleset name="Hitbox.com">
-
-	<target host="hitbox.com" />
-	<target host="*.hitbox.com" />
-
-
-	<rule from="^http://(?:www\.)?hitbox\.com/(?:.*)"
-		to="https://www.omniture.com/" />
-
-	<rule from="^http://([\w-])\.hitbox\.com/"
-		to="https://$1.hitbox.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hitchhq.com.xml b/src/chrome/content/rules/Hitchhq.com.xml
deleted file mode 100644
index ff10146e0a05..000000000000
--- a/src/chrome/content/rules/Hitchhq.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Hitchhq.com">
-	<target host="hitchhq.com" />
-	<target host="www.hitchhq.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/HitsLink.xml b/src/chrome/content/rules/HitsLink.xml
index ad7a3a3fb7e6..a58c2b0c57c1 100644
--- a/src/chrome/content/rules/HitsLink.xml
+++ b/src/chrome/content/rules/HitsLink.xml
@@ -9,7 +9,7 @@
 	<target host="www.hitslink.com" />
 
 
-	<securecookie host="^(?:.*\.)?hitslink\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Hits_processor.com.xml b/src/chrome/content/rules/Hits_processor.com.xml
index 506d83d473b6..2ca3f33c8dff 100644
--- a/src/chrome/content/rules/Hits_processor.com.xml
+++ b/src/chrome/content/rules/Hits_processor.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://loc1.hitsprocessor.com/ => https://loc1.hitsprocessor.com/:
 	(www.)?hitsprocessor.com doesn't exist.
 
 -->
-<ruleset name="Hits processor.com" default_off='failed ruleset test'>
+<ruleset name="Hits processor.com" default_off="failed ruleset test">
 
 	<target host="loc1.hitsprocessor.com" />
 
diff --git a/src/chrome/content/rules/Hivos.org.xml b/src/chrome/content/rules/Hivos.org.xml
index 67b8c8926f58..18d5816d62ff 100644
--- a/src/chrome/content/rules/Hivos.org.xml
+++ b/src/chrome/content/rules/Hivos.org.xml
@@ -17,7 +17,7 @@ Fetch error: http://india.hivos.org/ => https://india.hivos.org/: (52, 'Empty re
 	² different content; mismatched, CN: digitaldefenders.org
 
 -->
-<ruleset name="Hivos.org" default_off='failed ruleset test'>
+<ruleset name="Hivos.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 					-->
diff --git a/src/chrome/content/rules/Hizli_Saat.xml b/src/chrome/content/rules/Hizli_Saat.xml
index e25efa7de5c5..50a5e82ced30 100644
--- a/src/chrome/content/rules/Hizli_Saat.xml
+++ b/src/chrome/content/rules/Hizli_Saat.xml
@@ -7,7 +7,7 @@ Fetch error: http://taki.hizlisaat.com/ => https://taki.hizlisaat.com/: (60, 'SS
 Fetch error: http://www.hizlisaat.com/ => https://www.hizlisaat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Hızlı Saat" default_off='failed ruleset test'>
+<ruleset name="Hızlı Saat" default_off="failed ruleset test">
 
 	<target host="hizlisaat.com" />
 	<target host="gozluk.hizlisaat.com" />
@@ -15,9 +15,9 @@ Fetch error: http://www.hizlisaat.com/ => https://www.hizlisaat.com/: (60, 'SSL
 	<target host="www.hizlisaat.com" />
 
 
-	<securecookie host="^(?:.*\.)?hizlisaat\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hizook.xml b/src/chrome/content/rules/Hizook.xml
index ff89e68e7bdd..e1ac26e15009 100644
--- a/src/chrome/content/rules/Hizook.xml
+++ b/src/chrome/content/rules/Hizook.xml
@@ -3,7 +3,7 @@
 	<target host="hizook.com"/>
 	<target host="www.hizook.com"/>
 
-	<securecookie host="^(?:.*\.)?hizook\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?hizook\.com/"
 		to="https://www.hizook.com/"/>
diff --git a/src/chrome/content/rules/Hmapps.net.xml b/src/chrome/content/rules/Hmapps.net.xml
index c0832792439e..232db1e1c7e6 100644
--- a/src/chrome/content/rules/Hmapps.net.xml
+++ b/src/chrome/content/rules/Hmapps.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://hmapps.net/ => https://hmapps.net/: (60, 'SSL certificate pr
 Fetch error: http://www.hmapps.net/ => https://www.hmapps.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="hmapps.net" default_off='failed ruleset test'>
+<ruleset name="hmapps.net" default_off="failed ruleset test">
 
 	<target host="hmapps.net" />
 	<target host="www.hmapps.net" />
@@ -16,4 +16,4 @@ Fetch error: http://www.hmapps.net/ => https://www.hmapps.net/: (60, 'SSL certif
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hn.premii.com.xml b/src/chrome/content/rules/Hn.premii.com.xml
index 99877ea210ab..bbdf0762897d 100644
--- a/src/chrome/content/rules/Hn.premii.com.xml
+++ b/src/chrome/content/rules/Hn.premii.com.xml
@@ -4,10 +4,6 @@
 	<target host="reddit.premii.com" />
 	<target host="www.premii.com" />
 
-	<test url="http://premii.com/" />
-	<test url="http://hn.premii.com/" />
-	<test url="http://reddit.premii.com/" />
-	<test url="http://www.premii.com/" />
 
 	<rule from="^http://www\.premii\.com/"
 		to="https://premii.com/" />
diff --git a/src/chrome/content/rules/Hnonline.sk.xml b/src/chrome/content/rules/Hnonline.sk.xml
deleted file mode 100644
index 9187dc451d77..000000000000
--- a/src/chrome/content/rules/Hnonline.sk.xml
+++ /dev/null
@@ -1,55 +0,0 @@
-<!--
-	Nonfunctional hosts in *.hnonline.sk:
-
-	certificate mismatch:
-		- liecik.hnonline.sk
-		- www.liecik.hnonline.sk
-	connection refused:
-		- living.hnonline.sk
-	timeout on https:
-		- n01.hnonline.sk
-		- pustito.old.hnonline.sk
-	Error 404 Not found:
-		- blogy.hnonline.sk
-		- cezaar2016.hnonline.sk
-		- cloudia.hnonline.sk
-		- club.hnonline.sk
-		- detskedobrodruzstva.hnonline.sk
-		- ecopress.hnonline.sk
-		- mafraslovakia.hnonline.sk
-		- erun.hnonline.sk
-		- fotosutaz.hnonline.sk
-		- www.hnporadna.hnonline.sk
-		- konferencie.hnonline.sk
-		- mediweb.hnonline.sk
-		- moje.hnonline.sk
-		- poradna.hnonline.sk
-		- rungo.hnonline.sk
-		- topinovacie.hnonline.sk
-		- toplekari.hnonline.sk
--->
-<ruleset name="Hnonline.sk">
-	<target host="hnonline.sk" />
-	<target host="www.hnonline.sk" />
-	<target host="articles.hnonline.sk" />
-	<target host="auth.hnonline.sk" />
-	<target host="dennik.hnonline.sk" />
-	<target host="dia.hnonline.sk" />
-	<target host="eshop.hnonline.sk" />
-	<target host="evita.hnonline.sk" />
-	<target host="finweb.hnonline.sk" />
-	<target host="forms.hnonline.sk" />
-	<target host="hn.hnonline.sk" />
-	<target host="hnkonto.hnonline.sk" />
-	<target host="hnporadna.hnonline.sk" />
-	<target host="istp.hnonline.sk" />
-	<target host="komentare.hnonline.sk" />
-	<target host="konto.hnonline.sk" />
-	<target host="media.hnonline.sk" />
-	<target host="pustito.hnonline.sk" />
-	<target host="strategie.hnonline.sk" />
-	<target host="style.hnonline.sk" />
-	<target host="tv.hnonline.sk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hobocomp.com.xml b/src/chrome/content/rules/Hobocomp.com.xml
deleted file mode 100644
index cf962b63b7ef..000000000000
--- a/src/chrome/content/rules/Hobocomp.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://hobocomp.com/ => https://hobocomp.com/: (7, 'Failed to connect to hobocomp.com port 443: No route to host')
-Fetch error: http://www.hobocomp.com/ => https://www.hobocomp.com/: (7, 'Failed to connect to www.hobocomp.com port 443: No route to host')
-
--->
-<ruleset name="Hobocomp.com" default_off='failed ruleset test'>
-
-	<target host="hobocomp.com" />
-	<target host="www.hobocomp.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Hochschule-Esslingen.xml b/src/chrome/content/rules/Hochschule-Esslingen.xml
index 66fd0aecf0a2..8b8e396ec565 100644
--- a/src/chrome/content/rules/Hochschule-Esslingen.xml
+++ b/src/chrome/content/rules/Hochschule-Esslingen.xml
@@ -3,6 +3,7 @@
 	<target host="hs-esslingen.de"/>
 	<target host="ftp-stud.hs-esslingen.de"/>
 	<target host="idp.hs-esslingen.de"/>
+	<target host="mirror1.hs-esslingen.de"/>
 	<target host="webmail.hs-esslingen.de"/>
 	<target host="www.hs-esslingen.de"/>
 	<target host="www2.hs-esslingen.de"/>
@@ -13,7 +14,7 @@
 	<test url="http://www.hs-esslingen.de/en/prospective-students.html" />
 	<test url="http://hs-esslingen.de/en/international.html" />
 
-	<rule from="^http://(ftp-stud|idp|webmail|www2)\.hs-esslingen\.de/"
+	<rule from="^http://(ftp-stud|idp|mirror1|webmail|www2)\.hs-esslingen\.de/"
 		to="https://$1.hs-esslingen.de/"/>
 
 	<rule from="^http://(www\.)?hs-esslingen\.de/((de|en)/.+)"
diff --git a/src/chrome/content/rules/Hochschule-Trier.de.xml b/src/chrome/content/rules/Hochschule-Trier.de.xml
index e34131e56e26..7ac1d66f11d6 100644
--- a/src/chrome/content/rules/Hochschule-Trier.de.xml
+++ b/src/chrome/content/rules/Hochschule-Trier.de.xml
@@ -28,7 +28,18 @@
 <ruleset name="Hochschule-Trier.de (partial)">
 
 	<target host="hochschule-trier.de" />
-	<target host="*.hochschule-trier.de" />
+	<target host="autodiscover.hochschule-trier.de" />
+	<target host="asta.hochschule-trier.de" />
+	<target host="www.asta.hochschule-trier.de" />
+	<target host="fht.hochschule-trier.de" />
+	<target host="fsi.hochschule-trier.de" />
+	<target host="lists.hochschule-trier.de" />
+	<target host="protron.hochschule-trier.de" />
+	<target host="www.protron.hochschule-trier.de" />
+	<target host="rft.hochschule-trier.de" />
+	<target host="rz.hochschule-trier.de" />
+	<target host="rzshop.hochschule-trier.de" />
+	<target host="www.hochschule-trier.de" />
 
 
 	<!--	Redirect preserves path and args:
@@ -36,7 +47,6 @@
 	<rule from="^http://autodiscover\.hochschule-trier\.de/"
 		to="https://autodiscover.fh-trier.de/" />
 
-	<rule from="^http://((?:(?:www\.)?asta|autodiscover|fht|fsi|lists|(?:www\.)?protron|rft|rz|rzshop|www)\.)?hochschule-trier\.de/"
-		to="https://$1hochschule-trier.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hochwasser-RLP.de.xml b/src/chrome/content/rules/Hochwasser-RLP.de.xml
new file mode 100644
index 000000000000..363598822cfe
--- /dev/null
+++ b/src/chrome/content/rules/Hochwasser-RLP.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Timeout:
+		masffmh.hochwasser-rlp.de
+		materialien.hochwasser-rlp.de
+-->
+<ruleset name="Hochwasser-RLP.de">
+
+	<target host="hochwasser-rlp.de" />
+	<target host="www.hochwasser-rlp.de" />
+	<target host="cdn.hochwasser-rlp.de" />
+	<target host="fruehwarnung.hochwasser-rlp.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Timeout on https://hochwasser-rlp.de/,
+		http://hochwasser-rlp.de/ redirects to http://www.hochwasser-rlp.de/. -->
+	<rule from="^http://hochwasser-rlp\.de/"
+			to="https://www.hochwasser-rlp.de/" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Hochwasserzentralen.de.xml b/src/chrome/content/rules/Hochwasserzentralen.de.xml
new file mode 100644
index 000000000000..03d3eac3c1be
--- /dev/null
+++ b/src/chrome/content/rules/Hochwasserzentralen.de.xml
@@ -0,0 +1,19 @@
+<!--
+	See also:
+		- Hochwasserzentralen.info.xml
+		- mhwz.de.xml
+
+	Invalid certificate:
+		- m.hochwasserzentralen.de
+-->
+<ruleset name="Hochwasserzentralen.de">
+
+	<target host="hochwasserzentralen.de" />
+	<target host="www.hochwasserzentralen.de" />
+	<target host="media.hochwasserzentralen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Hochwasserzentralen.info.xml b/src/chrome/content/rules/Hochwasserzentralen.info.xml
new file mode 100644
index 000000000000..36d7d14619ae
--- /dev/null
+++ b/src/chrome/content/rules/Hochwasserzentralen.info.xml
@@ -0,0 +1,17 @@
+<!--
+	See also:
+		- Hochwasserzentralen.info.xml
+		- mhwz.de.xml
+
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Hochwasserzentralen.info">
+
+	<target host="hochwasserzentralen.info" />
+	<target host="www.hochwasserzentralen.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/HolidayBullshit.com.xml b/src/chrome/content/rules/HolidayBullshit.com.xml
index 0bff891f4de6..5672b0ad801c 100644
--- a/src/chrome/content/rules/HolidayBullshit.com.xml
+++ b/src/chrome/content/rules/HolidayBullshit.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.holidaybullshit.com/ => https://www.holidaybullshit.com/
 	^: refused
 
 -->
-<ruleset name="HolidayBullshit.com" default_off='failed ruleset test'>
+<ruleset name="HolidayBullshit.com" default_off="failed ruleset test">
 
 	<target host="holidaybullshit.com" />
 	<target host="www.holidaybullshit.com" />
diff --git a/src/chrome/content/rules/HolidayExtras.com.xml b/src/chrome/content/rules/HolidayExtras.com.xml
index 529eb7b66b3d..722d144a63e0 100644
--- a/src/chrome/content/rules/HolidayExtras.com.xml
+++ b/src/chrome/content/rules/HolidayExtras.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.holidayextras.com/ => https://www.holidayextras.com/: To
 
 		¹ hostname mismatch
 -->
-<ruleset name="HolidayExtras.com" default_off='failed ruleset test'>
+<ruleset name="HolidayExtras.com" default_off="failed ruleset test">
 	<target host="holidayextras.co.uk" />
 	<target host="app.holidayextras.co.uk" />
 	<target host="hungrygeek.holidayextras.co.uk" />
diff --git a/src/chrome/content/rules/Holidaybreak-mismatches.xml b/src/chrome/content/rules/Holidaybreak-mismatches.xml
index f1fc5f69b5f3..9de17cd63597 100644
--- a/src/chrome/content/rules/Holidaybreak-mismatches.xml
+++ b/src/chrome/content/rules/Holidaybreak-mismatches.xml
@@ -5,7 +5,7 @@
 		<!--	homepage redirects to http	-->
 		<exclusion pattern="^http://(?:www\.)?nachtjeweg\.nl/$"/>
 
-	<securecookie host="^(?:.*\.)?nachtjeweg\.nl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?nachtjeweg\.nl/"
 		to="https://www.nachtjeweg.nl/"/>
diff --git a/src/chrome/content/rules/Holidaybreak.xml b/src/chrome/content/rules/Holidaybreak.xml
index 0ba47ead8aee..b197e6b63261 100644
--- a/src/chrome/content/rules/Holidaybreak.xml
+++ b/src/chrome/content/rules/Holidaybreak.xml
@@ -25,7 +25,7 @@ Fetch error: http://www.holidaybreak.co.uk/ => https://ww7.investorrelations.co.
 	* Reset
 
 -->
-<ruleset name="Holidaybreak (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Holidaybreak (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="djoserjunior.nl"/>
 	<target host="www.djoserjunior.nl"/>
diff --git a/src/chrome/content/rules/Hollywood-Reporter.xml b/src/chrome/content/rules/Hollywood-Reporter.xml
index f159b315c33f..0318fd7fb0e3 100644
--- a/src/chrome/content/rules/Hollywood-Reporter.xml
+++ b/src/chrome/content/rules/Hollywood-Reporter.xml
@@ -31,7 +31,7 @@
 
 	<target host="hollywoodreporter.com" />
 	<target host="www.hollywoodreporter.com" />
-		
+
 	<target host="amp.hollywoodreporter.com" />
 	<target host="shop.hollywoodreporter.com" />
 	<target host="subscribe.hollywoodreporter.com" />
diff --git a/src/chrome/content/rules/Hololive.tv.xml b/src/chrome/content/rules/Hololive.tv.xml
new file mode 100644
index 000000000000..a4ae113c15dd
--- /dev/null
+++ b/src/chrome/content/rules/Hololive.tv.xml
@@ -0,0 +1,15 @@
+<ruleset name="Hololive.tv">
+	<target host="hololive.tv" />
+	<target host="www.hololive.tv" />
+	<target host="alt.hololive.tv" />
+	<target host="beyondthestage.hololive.tv" />
+	<target host="bloom.hololive.tv" />
+	<target host="en.hololive.tv" />
+	<target host="from1st.hololive.tv" />
+	<target host="www.nonstop.hololive.tv" />
+	<target host="schedule.hololive.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Holoscripter.org.xml b/src/chrome/content/rules/Holoscripter.org.xml
deleted file mode 100644
index 443b895d216c..000000000000
--- a/src/chrome/content/rules/Holoscripter.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Holoscripter.org">
-
-	<target host="holoscripter.org" />
-	<target host="www.holoscripter.org" />
-
-
-	<securecookie host="^(?:w*\.)?holoscripter\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Home-Assistant.io.xml b/src/chrome/content/rules/Home-Assistant.io.xml
new file mode 100644
index 000000000000..6f608aa598fc
--- /dev/null
+++ b/src/chrome/content/rules/Home-Assistant.io.xml
@@ -0,0 +1,22 @@
+<ruleset name="Home-Assistant.io">
+	<target host="home-assistant.io" />
+	<target host="www.home-assistant.io" />
+	<target host="alerts.home-assistant.io" />
+	<target host="cast.home-assistant.io" />
+	<target host="cla.home-assistant.io" />
+	<target host="community.home-assistant.io" />
+	<target host="companion.home-assistant.io" />
+	<target host="data.home-assistant.io" />
+	<target host="demo.home-assistant.io" />
+	<target host="dev-docs.home-assistant.io" />
+	<target host="developers.home-assistant.io" />
+	<target host="ios-push.home-assistant.io" />
+	<target host="mobile-apps.home-assistant.io" />
+	<target host="next.home-assistant.io" />
+	<target host="rc.home-assistant.io" />
+	<target host="status.home-assistant.io" />
+	<target host="updater.home-assistant.io" />
+	<target host="version.home-assistant.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Home-of-the-Sebijk.com.xml b/src/chrome/content/rules/Home-of-the-Sebijk.com.xml
index 3b1270a030b0..6c5df51a1a8a 100644
--- a/src/chrome/content/rules/Home-of-the-Sebijk.com.xml
+++ b/src/chrome/content/rules/Home-of-the-Sebijk.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.sebijk.com/ => https://www.sebijk.com/: (60, 'SSL certif
 Disabled by https-everywhere-checker because:
 Fetch error: http://freemail.sebijk.com/ => https://freemail.sebijk.com/: Redirect for 'http://freemail.sebijk.com/' missing Location
 -->
-<ruleset name="Home of the Sebijk.com" default_off='failed ruleset test'>
+<ruleset name="Home of the Sebijk.com" default_off="failed ruleset test">
   <target host="www.sebijk.com"/>
   <target host="freemail.sebijk.com"/>
   <rule from="^http://(?:www\.)?sebijk\.com/" to="https://www.sebijk.com/"/>
diff --git a/src/chrome/content/rules/Home.ch.xml b/src/chrome/content/rules/Home.ch.xml
index 761dbda19745..282f063ba037 100644
--- a/src/chrome/content/rules/Home.ch.xml
+++ b/src/chrome/content/rules/Home.ch.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home.pl.xml b/src/chrome/content/rules/Home.pl.xml
index 3cd86e31ac73..2c46b335d179 100644
--- a/src/chrome/content/rules/Home.pl.xml
+++ b/src/chrome/content/rules/Home.pl.xml
@@ -9,13 +9,20 @@
 <ruleset name="home.pl">
 
 	<target host="home.pl" />
-	<target host="*.home.pl" />
+	<target host="akcje.home.pl" />
+	<target host="hq.home.pl" />
+	<target host="m.home.pl" />
+	<target host="panel.home.pl" />
+	<target host="poczta.home.pl" />
+	<target host="m.poczta.home.pl" />
+	<target host="pomoc.home.pl" />
+	<target host="rozwijaj.home.pl" />
+	<target host="www.home.pl" />
 
 
-	<securecookie host="^(?:.+\.)?home\.pl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:akcje|hq|m|panel|(?:m\.)?poczta|pomoc|rozwijaj|www)\.)?home\.pl/"
-		to="https://$1home.pl/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HomeBello.xml b/src/chrome/content/rules/HomeBello.xml
index 187848e72ad8..af0143db8ac8 100644
--- a/src/chrome/content/rules/HomeBello.xml
+++ b/src/chrome/content/rules/HomeBello.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?homebello\.com/((?:checkout|contact|order-status)(?:$|\?)|content/|css/|images/|photos/|Public/|store_image/|Styles/)"
 		to="https://$1homebello.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HomeInsurance.com.xml b/src/chrome/content/rules/HomeInsurance.com.xml
index 6c8ab36c440f..4f602bdd034e 100644
--- a/src/chrome/content/rules/HomeInsurance.com.xml
+++ b/src/chrome/content/rules/HomeInsurance.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Depot.com-problematic.xml b/src/chrome/content/rules/Home_Depot.com-problematic.xml
index 4d440cb509d1..c9a84df028a8 100644
--- a/src/chrome/content/rules/Home_Depot.com-problematic.xml
+++ b/src/chrome/content/rules/Home_Depot.com-problematic.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(ir|www)\.homedepot\.com/"
 		to="https://$1.homedepot.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Depot_Foundation.org.xml b/src/chrome/content/rules/Home_Depot_Foundation.org.xml
index d29ba3e0774e..44486148dd58 100644
--- a/src/chrome/content/rules/Home_Depot_Foundation.org.xml
+++ b/src/chrome/content/rules/Home_Depot_Foundation.org.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?homedepotfoundation\.org/"
 		to="https://homedepotfoundation.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Home_Mentors.com.xml b/src/chrome/content/rules/Home_Mentors.com.xml
index 8589b24efddf..2f14bc3cda11 100644
--- a/src/chrome/content/rules/Home_Mentors.com.xml
+++ b/src/chrome/content/rules/Home_Mentors.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://homementors.com/ => https://homementors.com/: (60, 'SSL cert
 Fetch error: http://www.homementors.com/ => https://www.homementors.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Home Mentors.com" default_off='failed ruleset test'>
+<ruleset name="Home Mentors.com" default_off="failed ruleset test">
 
 	<target host="homementors.com" />
 	<target host="www.homementors.com" />
diff --git a/src/chrome/content/rules/Homecomputing.fr.xml b/src/chrome/content/rules/Homecomputing.fr.xml
index c0ddd2fab70d..eb42223a1d61 100644
--- a/src/chrome/content/rules/Homecomputing.fr.xml
+++ b/src/chrome/content/rules/Homecomputing.fr.xml
@@ -57,7 +57,7 @@
 	<target host="sanpi.homecomputing.fr" />
 	<target host="search.homecomputing.fr" />
 	<target host="status.homecomputing.fr" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Homeless_Veterans.co.uk-falsemixed.xml b/src/chrome/content/rules/Homeless_Veterans.co.uk-falsemixed.xml
deleted file mode 100644
index 8a49b2bd06fe..000000000000
--- a/src/chrome/content/rules/Homeless_Veterans.co.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Homeless_Veterans.co.uk.xml.
-
--->
-<ruleset name="Homeless Veterans.co.uk (false MCB)" platform="mixedcontent">
-
-	<target host="*.homelessveterans.co.uk" />
-
-
-	<securecookie host="^\.homelessveterans\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://www\.homelessveterans\.co\.uk/"
-		to="https://www.homelessveterans.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Homeless_Veterans.co.uk.xml b/src/chrome/content/rules/Homeless_Veterans.co.uk.xml
index 63b19fe29131..4aa6e98f8132 100644
--- a/src/chrome/content/rules/Homeless_Veterans.co.uk.xml
+++ b/src/chrome/content/rules/Homeless_Veterans.co.uk.xml
@@ -40,7 +40,7 @@ Fetch error: http://donate.homelessveterans.co.uk/ => https://donate.homelessvet
 		- donate
 
 -->
-<ruleset name="Homeless Veterans.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Homeless Veterans.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="homelessveterans.co.uk" />
 	<target host="donate.homelessveterans.co.uk" />
diff --git a/src/chrome/content/rules/Homeless_World_Cup.xml b/src/chrome/content/rules/Homeless_World_Cup.xml
index 5c6171246f3b..9af98cf8001a 100644
--- a/src/chrome/content/rules/Homeless_World_Cup.xml
+++ b/src/chrome/content/rules/Homeless_World_Cup.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Honest.com.xml b/src/chrome/content/rules/Honest.com.xml
index 4973e36764c7..eda934f15b1a 100644
--- a/src/chrome/content/rules/Honest.com.xml
+++ b/src/chrome/content/rules/Honest.com.xml
@@ -23,8 +23,9 @@
 <ruleset name="Honest.com">
 
 	<target host="honest.com" />
-
-	<target host="*.honest.com" />
+	<target host="blog.honest.com" />
+	<target host="img.honest.com" />
+	<target host="www.honest.com" />
 
 
 	<!--	Not secured by server:
@@ -35,7 +36,6 @@
 	<securecookie host="^(?:www)?\.honest\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|img|www)\.)?honest\.com/"
-		to="https://$1honest.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Honest_Policy.xml b/src/chrome/content/rules/Honest_Policy.xml
index 15ad0e7b3189..2bc485282df6 100644
--- a/src/chrome/content/rules/Honest_Policy.xml
+++ b/src/chrome/content/rules/Honest_Policy.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HoneyBeeLoans.com.xml b/src/chrome/content/rules/HoneyBeeLoans.com.xml
index 790f7d612e49..e4f73fa16f04 100644
--- a/src/chrome/content/rules/HoneyBeeLoans.com.xml
+++ b/src/chrome/content/rules/HoneyBeeLoans.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://honeybeeloans.com/ => https://honeybeeloans.com/: (6, 'Could
 Fetch error: http://www.honeybeeloans.com/ => https://www.honeybeeloans.com/: (6, 'Could not resolve host: www.honeybeeloans.com')
 
 -->
-<ruleset name="HoneyBeeLoans.com" default_off='failed ruleset test'>
+<ruleset name="HoneyBeeLoans.com" default_off="failed ruleset test">
 
 	<target host="honeybeeloans.com" />
 	<target host="www.honeybeeloans.com" />
diff --git a/src/chrome/content/rules/Honolulu_Star_Advertiser.xml b/src/chrome/content/rules/Honolulu_Star_Advertiser.xml
index a97fbdda9bd2..06d294a4ffb3 100644
--- a/src/chrome/content/rules/Honolulu_Star_Advertiser.xml
+++ b/src/chrome/content/rules/Honolulu_Star_Advertiser.xml
@@ -19,19 +19,20 @@ Fetch error: http://staradvertiser.com/ => https://www.staradvertiser.com/: Cycl
 		- ^
 
 -->
-<ruleset name="Honolulu Star Advertiser" default_off='failed ruleset test'>
+<ruleset name="Honolulu Star Advertiser" default_off="failed ruleset test">
 
 	<target host="staradvertiser.com" />
-	<target host="*.staradvertiser.com" />
+	<target host="www.staradvertiser.com" />
+	<target host="media.staradvertiser.com" />
+	<target host="sa-cmedia01.staradvertiser.com" />
 
 
 	<rule from="^http://(?:www\.)?staradvertiser\.com/"
 		to="https://www.staradvertiser.com/" />
 
-	<rule from="^http://media\.staradvertiser\.com/"
-		to="https://media.staradvertiser.com/" />
 
 	<rule from="^http://sa-cmedia01\.staradvertiser\.com/"
 		to="https://d392249hhaazk5.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hooch.net.xml b/src/chrome/content/rules/Hooch.net.xml
new file mode 100644
index 000000000000..71c8b66b21c7
--- /dev/null
+++ b/src/chrome/content/rules/Hooch.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Timed out:
+		- hooch.net, equivalent to www.hooch.net
+-->
+
+<ruleset name="Hooch.net">
+	<target host="hooch.net" />
+	<target host="www.hooch.net" />
+	<target host="images.hooch.net" />
+
+	<rule from="^http://hooch\.net/"
+		to="https://www.hooch.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HootSuite.xml b/src/chrome/content/rules/HootSuite.xml
index 6c60c426531f..203614e3d240 100644
--- a/src/chrome/content/rules/HootSuite.xml
+++ b/src/chrome/content/rules/HootSuite.xml
@@ -81,7 +81,7 @@
 	<!--securecookie host="^hootsuite\.com$" name="^eZSESSID$" /-->
 	<!--securecookie host="^feedback\.hootsuite\.com$" name="^(_rf|_session_id)$" /-->
 
-	<securecookie host="^(?:.*\.)?hootsuite\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:s7\.)?static\.hootsuite\.com/"
diff --git a/src/chrome/content/rules/Hoover_Institution.xml b/src/chrome/content/rules/Hoover_Institution.xml
index d5647a27fefc..f4dd22caaa44 100644
--- a/src/chrome/content/rules/Hoover_Institution.xml
+++ b/src/chrome/content/rules/Hoover_Institution.xml
@@ -8,13 +8,13 @@
 <ruleset name="Hoover Institution" default_off="mismatched">
 
 	<target host="hoover.org" />
-	<target host="*.hoover.org" />
+	<target host="www.hoover.org" />
+	<target host="media.hoover.org" />
 
 
 	<rule from="^http://(?:www\.)?hoover\.org/"
 		to="https://www.hoover.org/" />
 
-	<rule from="^http://media\.hoover\.org/"
-		to="https://media.hoover.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hoovers.xml b/src/chrome/content/rules/Hoovers.xml
index 4e01d70f127f..acdc6d672c79 100644
--- a/src/chrome/content/rules/Hoovers.xml
+++ b/src/chrome/content/rules/Hoovers.xml
@@ -7,13 +7,13 @@
 -->
 <ruleset name="Hoover's (partial)" default_off="webmaster request">
 
-	<target host="*.hoovers.com" />
+	<target host="secure.hoovers.com" />
+	<target host="subscriber.hoovers.com" />
 
 
 	<securecookie host="^subscriber\.hoovers\.com$" name=".+" />
 
 
-	<rule from="^http://s(ecure|ubscriber)\.hoovers\.com/"
-		to="https://s$1.hoovers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Hop-Studios.xml b/src/chrome/content/rules/Hop-Studios.xml
index ec6e8afaa8a2..532208985102 100644
--- a/src/chrome/content/rules/Hop-Studios.xml
+++ b/src/chrome/content/rules/Hop-Studios.xml
@@ -4,7 +4,7 @@
 	<!--	* for cross-domain cookie	-->
 	<target host="www.hopstudios.com"/>
 
-	<securecookie host="^(?:.*\.)?hopstudios\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Horde.xml b/src/chrome/content/rules/Horde.xml
index ee3ba3113506..d80cba3c4750 100644
--- a/src/chrome/content/rules/Horde.xml
+++ b/src/chrome/content/rules/Horde.xml
@@ -13,7 +13,7 @@ Fetch error: http://horde-llc.com/ => https://horde-llc.com/: (51, "SSL: no alte
 		- wiki		(cert: dev.horde.org; shows dev's data)
 
 -->
-<ruleset name="Horde (partial)" default_off='failed ruleset test'>
+<ruleset name="Horde (partial)" default_off="failed ruleset test">
 
 	<target host="dev.horde.org" />
 	<target host="horde-llc.com" />
diff --git a/src/chrome/content/rules/Hornstra_Farms.com.xml b/src/chrome/content/rules/Hornstra_Farms.com.xml
index f7cab84d54de..8d4402772f94 100644
--- a/src/chrome/content/rules/Hornstra_Farms.com.xml
+++ b/src/chrome/content/rules/Hornstra_Farms.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.hornstrafarms.com/ => https://hornstrafarms.com/: (51, "
 		- (www.)?	(www → ^)
 
 -->
-<ruleset name="Hornstra Farms.com" default_off='failed ruleset test'>
+<ruleset name="Hornstra Farms.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hoseasons.co.uk.xml b/src/chrome/content/rules/Hoseasons.co.uk.xml
index 3cee98ae10f1..e332d7cb57a0 100644
--- a/src/chrome/content/rules/Hoseasons.co.uk.xml
+++ b/src/chrome/content/rules/Hoseasons.co.uk.xml
@@ -1,5 +1,9 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
+
+	Note: api.hoseasons.co.uk and productfeed.hoseasons.co.uk are misconfiged
+		to serve both valid and expired certificates, this resulted in
+		inconsistent Travis test output.
 
 	Non-functional hosts
 		Couldn't connect to server:
@@ -15,8 +19,10 @@
 		- www2.hoseasons.co.uk
 
 		SSL peer certificate was not OK:
+		- api.hoseasons.co.uk
 		- help.hoseasons.co.uk
 		- mail.hoseasons.co.uk
+		- productfeed.hoseasons.co.uk
 
 		Peer certificate cannot be authenticated with given CA certificates:
 		- email.hoseasons.co.uk
@@ -32,7 +38,6 @@
 <ruleset name="Hoseasons.co.uk">
 	<target host="hoseasons.co.uk" />
 	<target host="www.hoseasons.co.uk" />
-	<target host="api.hoseasons.co.uk" />
 	<target host="autodiscover.hoseasons.co.uk" />
 	<target host="booking.hoseasons.co.uk" />
 	<target host="goschedulev2.hoseasons.co.uk" />
@@ -40,7 +45,6 @@
 	<target host="partners.hoseasons.co.uk" />
 	<target host="procurement.hoseasons.co.uk" />
 	<target host="www.procurement.hoseasons.co.uk" />
-	<target host="productfeed.hoseasons.co.uk" />
 	<target host="purchasing.hoseasons.co.uk" />
 	<target host="www.purchasing.hoseasons.co.uk" />
 	<target host="secureowners.hoseasons.co.uk" />
@@ -48,7 +52,7 @@
 
 	<rule from="^http://hoseasons\.co\.uk/"
 		  	to="https://www.hoseasons.co.uk/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hospitality_Leaders.xml b/src/chrome/content/rules/Hospitality_Leaders.xml
index 1a6d01a15247..f10821eeab64 100644
--- a/src/chrome/content/rules/Hospitality_Leaders.xml
+++ b/src/chrome/content/rules/Hospitality_Leaders.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ads.hospitalityleaders.com/ => https://ads.hospitalityleaders.com/: (6, 'Could not resolve host: ads.hospitalityleaders.com')
 
 -->
-<ruleset name="Hospitality Leaders " default_off='failed ruleset test'>
+<ruleset name="Hospitality Leaders " default_off="failed ruleset test">
 
 	<target host="hospitalityleaders.com" />
 	<target host="ads.hospitalityleaders.com" />
@@ -16,4 +16,4 @@ Fetch error: http://ads.hospitalityleaders.com/ => https://ads.hospitalityleader
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host-Creo.xml b/src/chrome/content/rules/Host-Creo.xml
index d5649841b28d..9b8b53d2efdc 100644
--- a/src/chrome/content/rules/Host-Creo.xml
+++ b/src/chrome/content/rules/Host-Creo.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.hostcreo.com/ => https://www.creocommunico.com/: (51, "S
 Fetch error: http://secure.creocommunico.com/ => https://secure.creocommunico.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 Fetch error: http://www.creocommunico.com/ => https://www.creocommunico.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.creocommunico.com'")
 -->
-<ruleset name="Host Creo" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Host Creo" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="hostcreo.com"/>
 	<target host="www.hostcreo.com"/>
diff --git a/src/chrome/content/rules/Host-Europe-Group.xml b/src/chrome/content/rules/Host-Europe-Group.xml
index 335f1199ac1f..a392785e3d61 100644
--- a/src/chrome/content/rules/Host-Europe-Group.xml
+++ b/src/chrome/content/rules/Host-Europe-Group.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.hosteuropegroup.com/ => https://www.hosteuropegroup.com/
 
 -->
 
-<ruleset name="Host Europe Group" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Host Europe Group" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="heg.org" />
 	<target host="www.heg.org" />
 	<target host="heg.com" />
diff --git a/src/chrome/content/rules/Host.co.id.xml b/src/chrome/content/rules/Host.co.id.xml
index 648ffa9066e2..751fabb958d3 100644
--- a/src/chrome/content/rules/Host.co.id.xml
+++ b/src/chrome/content/rules/Host.co.id.xml
@@ -5,7 +5,7 @@ Fetch error: http://site.biz.id/ => https://site.biz.id/: (6, 'Could not resolve
 Fetch error: http://www.site.biz.id/ => https://www.site.biz.id/: (6, 'Could not resolve host: www.site.biz.id')
 
 -->
-<ruleset name="Host.co.id" default_off='failed ruleset test'>
+<ruleset name="Host.co.id" default_off="failed ruleset test">
 
 	<target host="host.co.id" />
 	<target host="www.host.co.id" />
diff --git a/src/chrome/content/rules/Host1Plus.xml b/src/chrome/content/rules/Host1Plus.xml
deleted file mode 100644
index 296f8b46b719..000000000000
--- a/src/chrome/content/rules/Host1Plus.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://host1plus.com/ => https://host1plus.com/: Cycle detected - URL already encountered: https://host1plus.com/
--->
-<ruleset name="Host1Plus" platform="mixedcontent">
-
-	<target host="host1plus.com"/>
-	<target host="*.host1plus.com"/>
-
-	<securecookie host="^(?:.*\.)?host1plus\.com$" name=".+" />
-
-	<rule from="^http://(\w+\.)?host1plus\.com/"
-		to="https://$1host1plus.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Host2.bg.xml b/src/chrome/content/rules/Host2.bg.xml
index 9ae6d6321798..ed7b5c36bb98 100644
--- a/src/chrome/content/rules/Host2.bg.xml
+++ b/src/chrome/content/rules/Host2.bg.xml
@@ -5,7 +5,7 @@ Fetch error: http://host2.bg/ => https://host2.bg/: (60, 'SSL certificate proble
 Fetch error: http://www.host2.bg/ => https://www.host2.bg/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="host2.bg" default_off='failed ruleset test'>
+<ruleset name="host2.bg" default_off="failed ruleset test">
 
 	<target host="host2.bg" />
 	<target host="www.host2.bg" />
diff --git a/src/chrome/content/rules/HostDime.xml b/src/chrome/content/rules/HostDime.xml
index 8059f3040ea8..9a5531bb3446 100644
--- a/src/chrome/content/rules/HostDime.xml
+++ b/src/chrome/content/rules/HostDime.xml
@@ -39,7 +39,7 @@ Fetch error: http://forum.hostdime.com/ => https://forum.hostdime.com/: (6, 'Cou
 	² 404 page only
 
 -->
-<ruleset name="HostDime.com (partial)" default_off='failed ruleset test'>
+<ruleset name="HostDime.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -58,7 +58,7 @@ Fetch error: http://forum.hostdime.com/ => https://forum.hostdime.com/: (6, 'Cou
 					-->
 	<!--securecookie host="^www\.hostdime\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.*\.)?hostdime\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Redirect drops path and forward
diff --git a/src/chrome/content/rules/HostSearch.xml b/src/chrome/content/rules/HostSearch.xml
index 03ad737557b2..3b6f7cb9623e 100644
--- a/src/chrome/content/rules/HostSearch.xml
+++ b/src/chrome/content/rules/HostSearch.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://secure.hostsearch.com/ (200) => https://secure.hostsearch.com/ (403)
 
 -->
-<ruleset name="HostSearch (partial)" default_off='failed ruleset test'>
+<ruleset name="HostSearch (partial)" default_off="failed ruleset test">
 
 	<target host="secure.hostsearch.com" />
 
diff --git a/src/chrome/content/rules/Host_Analytics.xml b/src/chrome/content/rules/Host_Analytics.xml
index 9ea91185e96f..fecb80eb6427 100644
--- a/src/chrome/content/rules/Host_Analytics.xml
+++ b/src/chrome/content/rules/Host_Analytics.xml
@@ -13,7 +13,7 @@ Fetch error: http://hive.hostanalytics.com/ => https://hive.hostanalytics.com/:
 	ᵉ Expired
 
 -->
-<ruleset name="Host Analytics.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Host Analytics.com (partial)" default_off="failed ruleset test">
 
 	<!--target host="hostanalytics.com" /-->
 	<target host="cpm.hostanalytics.com" />
diff --git a/src/chrome/content/rules/Host_One.xml b/src/chrome/content/rules/Host_One.xml
index 8f1de5da5341..64003893be84 100644
--- a/src/chrome/content/rules/Host_One.xml
+++ b/src/chrome/content/rules/Host_One.xml
@@ -10,7 +10,7 @@ Fetch error: http://sugarcrm.hostone.com.au/ => https://sugarcrm.hostone.com.au/
 		- (www.)	(shows sugarcrm; mismatched, CN: sugarcrm.hostone.com.au)
 
 -->
-<ruleset name="Host One (partial)" default_off='failed ruleset test'>
+<ruleset name="Host One (partial)" default_off="failed ruleset test">
 
 	<target host="sugarcrm.hostone.com.au" />
 
@@ -20,4 +20,4 @@ Fetch error: http://sugarcrm.hostone.com.au/ => https://sugarcrm.hostone.com.au/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Host_Voice.com.xml b/src/chrome/content/rules/Host_Voice.com.xml
index d72939de7124..8da512988284 100644
--- a/src/chrome/content/rules/Host_Voice.com.xml
+++ b/src/chrome/content/rules/Host_Voice.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.hostvoice.com/ => https://www.hostvoice.com/: (60, 'SSL
 	For other iNET Interactive coverage, see INet-Interactive.xml.
 
 -->
-<ruleset name="Host Voice.com" default_off='failed ruleset test'>
+<ruleset name="Host Voice.com" default_off="failed ruleset test">
 
 	<target host="hostvoice.com" />
 	<target host="www.hostvoice.com" />
diff --git a/src/chrome/content/rules/HostingCon.xml b/src/chrome/content/rules/HostingCon.xml
index 2e6529079e12..767aea22823d 100644
--- a/src/chrome/content/rules/HostingCon.xml
+++ b/src/chrome/content/rules/HostingCon.xml
@@ -13,7 +13,7 @@ Fetch error: http://europe.hostingcon.com/ => https://europe.hostingcon.com/: (5
 	* Secured by us
 
 -->
-<ruleset name="HostingCon.com" default_off='failed ruleset test'>
+<ruleset name="HostingCon.com" default_off="failed ruleset test">
 
 	<target host="hostingcon.com" />
 	<target host="europe.hostingcon.com" />
diff --git a/src/chrome/content/rules/HostingXtreme.com.xml b/src/chrome/content/rules/HostingXtreme.com.xml
index 822674fc62ed..e1af919f1a5d 100644
--- a/src/chrome/content/rules/HostingXtreme.com.xml
+++ b/src/chrome/content/rules/HostingXtreme.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.hostingxtreme.com/ => https://www.hostingxtreme.com/: (2
 		- news	(http reply)
 
 -->
-<ruleset name="HostingXtreme.com (partial)" default_off='failed ruleset test'>
+<ruleset name="HostingXtreme.com (partial)" default_off="failed ruleset test">
 
 	<target host="hostingxtreme.com" />
 	<target host="www.hostingxtreme.com" />
diff --git a/src/chrome/content/rules/Hosting_Catalog.com-falsemixed.xml b/src/chrome/content/rules/Hosting_Catalog.com-falsemixed.xml
deleted file mode 100644
index 75c58f165867..000000000000
--- a/src/chrome/content/rules/Hosting_Catalog.com-falsemixed.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Hosting_Catalog.com.xml.
-
-	For other iNET Interactive coverage, see INet-Interactive.xml.
-
--->
-<ruleset name="Hosting Catalog.com (false MCB)" platform="mixedcontent">
-
-	<target host="www.hostingcatalog.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hosting_Catalog.com.xml b/src/chrome/content/rules/Hosting_Catalog.com.xml
deleted file mode 100644
index b14a49b5beb6..000000000000
--- a/src/chrome/content/rules/Hosting_Catalog.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Hosting_Catalog.com-falsemixed.xml.
-
-	For other iNET Interactive coverage, see INet-Interactive.xml.
-
-
-	Mixed content:
-
-		- css from $self *
-
-		- Images from $self *
-
-		- favicon from $self *
-
-		- Bug from s.clicktale.net *
-
-	* Secured by us
-
--->
-<ruleset name="Hosting Catalog.com (partial)">
-
-	<target host="hostingcatalog.com" />
-	<target host="www.hostingcatalog.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://www\.hostingcatalog\.com/+(?!1x1s\.gif|favicon\.ico|images/|style\.css)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hostname.sk.xml b/src/chrome/content/rules/Hostname.sk.xml
index 802f8e9de808..0de242207915 100644
--- a/src/chrome/content/rules/Hostname.sk.xml
+++ b/src/chrome/content/rules/Hostname.sk.xml
@@ -23,14 +23,15 @@
 -->
 <ruleset name="hostname.sk (partial)">
 
-	<target host="*.hostname.sk" />
+	<target host="blog.hostname.sk" />
+	<target host="sendxmpp.hostname.sk" />
+	<target host="whatsmyip.hostname.sk" />
 		<!--exclusion pattern="^http://www\." /-->
 
 
 	<securecookie host="^blog\.hostname\.sk$" name=".+" />
 
 
-	<rule from="^http://(blog|sendxmpp|whatsmyip)\.hostname\.sk/"
-		to="https://$1.hostname.sk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hostoople.com-falsemixed.xml b/src/chrome/content/rules/Hostoople.com-falsemixed.xml
index 78d97a0d2ff3..f52777387983 100644
--- a/src/chrome/content/rules/Hostoople.com-falsemixed.xml
+++ b/src/chrome/content/rules/Hostoople.com-falsemixed.xml
@@ -6,7 +6,7 @@
 
 	<target host="hostoople.com" />
 	<target host="www.hostoople.com" />
-	<target host="*.hostooplecom.netdna-cdn.com" />
+	<target host="hostooplecms.hostooplecom.netdna-cdn.com" />
 
 
 	<rule from="^http://(?:(?:www\.)?hostoople|hostooplecms\.hostooplecom\.netdna-cdn)\.com/"
diff --git a/src/chrome/content/rules/Hostoople.com.xml b/src/chrome/content/rules/Hostoople.com.xml
index 18aa729aaedc..03ece6451c9d 100644
--- a/src/chrome/content/rules/Hostoople.com.xml
+++ b/src/chrome/content/rules/Hostoople.com.xml
@@ -37,7 +37,9 @@
 <ruleset name="Hostoople.com (partial)">
 
 	<target host="hostoople.com" />
-	<target host="*.hostoople.com" />
+	<target host="www.hostoople.com" />
+	<target host="affiliate.hostoople.com" />
+	<target host="customer.hostoople.com" />
 		<!--
 			Avoid broken MCB:
 						-->
@@ -48,7 +50,6 @@
 	<rule from="^http://(?:(?:www\.)?hostoople|hostooplecms\.hostooplecom\.netdna-cdn)\.com/"
 		to="https://www.hostoople.com/" />
 
-	<rule from="^http://(affiliate|customer)\.hostoople\.com/"
-		to="https://$1.hostoople.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hostpoint.xml b/src/chrome/content/rules/Hostpoint.xml
deleted file mode 100644
index 820100c1e94a..000000000000
--- a/src/chrome/content/rules/Hostpoint.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	Other Hostpoint rulesets:
-
-		- Hostpointpartner.ch.xml
-
-
-	Problematic subdomains:
-
-		- ^ *
-		- (www.)14daytrial *
-		- www.admin ²
-		- www.blog		(cert only matches ^blog)
-		- www.support		(cert only matches *.hostpoint.ch)
-
-	* Cert only matches www
-	² Cert only matches ^foo
-
-
-	Fully covered subdomains:
-
-		- (www.)		(^ → www)
-		- (www.)14daytrial	(→ www)
-		- (www.)admin		(www → ^)
-		- (www.)blog		(www → ^)
-		- (www.)support		(www → ^)
-
--->
-<ruleset name="Hostpoint">
-
-	<target host="hostpoint.ch" />
-	<target host="*.hostpoint.ch" />
-
-
-	<securecookie host="^(?:admin|support|www)\.hostpoint\.ch$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?hostpoint\.ch/"
-		to="https://www.hostpoint.ch/" />
-
-	<rule from="^http://(?:www\.)?14daytrial\.hostpoint\.ch/[^\?]*(\?.*)?"
-		to="https://www.hostpoint.ch/ms/promo/hostingtrial/index.php$1" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:www\.)?admin\.hostpoint\.ch/"
-		to="https://admin.hostpoint.ch/" />
-
-	<rule from="^http://(?:www\.)?blog\.hostpoint\.ch/"
-		to="https://blog.hostpoint.ch/" />
-
-	<rule from="^http://support\.hostpoint\.ch/"
-		to="https://support.hostpoint.ch/" />
-
-	<rule from="^http://www\.support\.hostpoint\.ch/[^\?]*(\?.*)?"
-		to="https://support.hostpoint.ch/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hostpointpartner.ch.xml b/src/chrome/content/rules/Hostpointpartner.ch.xml
index 3acd04e1f583..1e50233a810b 100644
--- a/src/chrome/content/rules/Hostpointpartner.ch.xml
+++ b/src/chrome/content/rules/Hostpointpartner.ch.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HotHardware.com.xml b/src/chrome/content/rules/HotHardware.com.xml
new file mode 100644
index 000000000000..5464ae02c1c8
--- /dev/null
+++ b/src/chrome/content/rules/HotHardware.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		admin.hothardware.com
+		beta.hothardware.com
+-->
+<ruleset name="HotHardware.com">
+	<target host="hothardware.com" />
+	<target host="www.hothardware.com" />
+	<target host="amp.hothardware.com" />
+	<target host="shop.hothardware.com" />
+
+	<securecookie host="^(www|amp|shop)\.hothardware\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HotLog.ru.xml b/src/chrome/content/rules/HotLog.ru.xml
index 306fc41678d3..ddc9e5cc1932 100644
--- a/src/chrome/content/rules/HotLog.ru.xml
+++ b/src/chrome/content/rules/HotLog.ru.xml
@@ -16,7 +16,7 @@
 		- .hotlog.ru
 
 -->
-<ruleset name="HotLog.ru (partial)" default_off="missing certificate chain">
+<ruleset name="HotLog.ru (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/HotUKDeals.xml b/src/chrome/content/rules/HotUKDeals.xml
index 998927553184..297a5d62a0ab 100644
--- a/src/chrome/content/rules/HotUKDeals.xml
+++ b/src/chrome/content/rules/HotUKDeals.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.hotukdeals.com/ => http://www.hotukdeals.com/: Cycle det
 Fetch error: http://statichukd.com/ => https://www.hotukdeals.com/: Pycurl fetch failed for 'http://statichukd.com/'
 Fetch error: http://www.statichukd.com/ => https://www.hotukdeals.com/: Cycle detected - URL already encountered: http://www.hotukdeals.com/
 -->
-<ruleset name="HotUKDeals (partial)" default_off='failed ruleset test'>
+<ruleset name="HotUKDeals (partial)" default_off="failed ruleset test">
 
 	<target host="dealspwn.com"/>
 	<target host="gamebase.dealspwn.com"/>
diff --git a/src/chrome/content/rules/Hot_Pics_Amateur.xml b/src/chrome/content/rules/Hot_Pics_Amateur.xml
index 79f6b04b26f9..69420b1f4fe8 100644
--- a/src/chrome/content/rules/Hot_Pics_Amateur.xml
+++ b/src/chrome/content/rules/Hot_Pics_Amateur.xml
@@ -5,7 +5,9 @@
 <ruleset name="Hot Pics Amateur" default_off="mismatched" platform="mixedcontent">
 
 	<target host="hotpics-amateur.com" />
-	<target host="*.hotpics-amateur.com" />
+	<target host="collection.hotpics-amateur.com" />
+	<target host="www.hotpics-amateur.com" />
+	<target host="www.collection.hotpics-amateur.com" />
 
 
 	<securecookie host="^(?:www\.)?hotpics-amateur\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Hotel_Wifi.com.xml b/src/chrome/content/rules/Hotel_Wifi.com.xml
index fb727a2a312f..313486d389a8 100644
--- a/src/chrome/content/rules/Hotel_Wifi.com.xml
+++ b/src/chrome/content/rules/Hotel_Wifi.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://hotelwifi.com/ => https://hotelwifi.com/: (60, 'SSL certific
 	* Plaintext reply
 
 -->
-<ruleset name="Hotel Wifi.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Hotel Wifi.com (partial)" default_off="failed ruleset test">
 
 	<target host="hotelwifi.com" />
 	<target host="hiesorrentovalley.hotelwifi.com" />
diff --git a/src/chrome/content/rules/Hotels.com.xml b/src/chrome/content/rules/Hotels.com.xml
deleted file mode 100644
index 0c05afc220b9..000000000000
--- a/src/chrome/content/rules/Hotels.com.xml
+++ /dev/null
@@ -1,89 +0,0 @@
-<!--
-
-	Nonfunctional domains:
-
-		- jobs.hotels.com	(times out)
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.hotels.com)
-		- el *
-		- es		(mismatched, CN: *.test.edgekey.net)
-		- www *
-
-	* Akamai
-
-
-	Partially covered subdomains:
-
-		- (www.)
-
-
-	Fully covered domains:
-
-		- a[12].cdn-hotels.com
-		- exp.cdn-hotels.com
-
-		- hotel.com subdomains:
-
-			- customercare
-			- delivery
-
-			- service subdomains:
-
-				- ^
-				- be
-				- cn
-				- da
-				- de
-				- es
-				- fi
-				- fr
-				- id
-				- it
-				- jp
-				- kr
-				- ms
-				- no
-				- ru
-				- sv
-				- zh
-
-			- ssl
-
--->
-<ruleset name="Hotels.com (partial)">
-
-	<target host="*.cdn-hotels.com" />
-	<target host="hotels.com" />
-	<target host="*.hotels.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://hotels\.com/"
-		to="https://ssl.hotels.com/" />
-
-	<rule from="^http://(\w+)\.cdn-hotels\.com/"
-		to="https://$1.cdn-hotels.com/" />
-
-	<!--	Also on ssl, but presumably pointing
-		to CDN would be preferred:
-							-->
-	<rule from="^http://(?:\w\w\.|www\.)?hotels\.com/(external/|html/blank\.html|static/)"
-		to="https://a1.cdn-hotels.com/$1" />
-
-	<!--	CDN redirects to ssl, so preempt it:
-							-->
-	<rule from="^http://(?:www\.)?hotels\.com/((?:c[no]\d+|customer_care|de\d+|deals|ImageDisplay|site-index)(?:$|\?|/)|selectors/|__ssobj/)"
-		to="https://ssl.hotels.com/$1" />
-
-	<!--	Same for different locales:
-						-->
-	<rule from="^http://(\w\w)\.hotels\.com/((?:c[no]\d+|customer_care|de\d+|deals|ImageDisplay|site-index)(?:$|\?|/)|selectors/|__ssobj/)"
-		to="https://ssl-$1.hotels.com/$2" />
-
-	<rule from="^http://(customercare|delivery|(?:\w\w\.)?service|ssl(?:-\w\w)?)\.hotels\.com/"
-		to="https://$1.hotels.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hotspot_Shield.xml b/src/chrome/content/rules/Hotspot_Shield.xml
index d241923c7965..877a2e0dc5a3 100644
--- a/src/chrome/content/rules/Hotspot_Shield.xml
+++ b/src/chrome/content/rules/Hotspot_Shield.xml
@@ -36,4 +36,4 @@ Fetch error: http://hotspotshield.com/ => https://hotspotshield.com/: (7, 'Faile
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hotwire.xml b/src/chrome/content/rules/Hotwire.xml
index e4f8d934aac3..b7e5cb4e8c1f 100644
--- a/src/chrome/content/rules/Hotwire.xml
+++ b/src/chrome/content/rules/Hotwire.xml
@@ -1,9 +1,10 @@
 <ruleset name="Hotwire">
   <target host="hotwire.com" />
-  <target host="*.hotwire.com" />
+  <target host="cruise.hotwire.com" />
+  <target host="extranet.hotwire.com" />
+  <target host="www.hotwire.com" />
 
   <rule from="^http://hotwire\.com/"
           to="https://www.hotwire.com/" />
-  <rule from="^http://(cruise|extranet|www)\.hotwire\.com/"
-          to="https://$1.hotwire.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Hounddog_Central.xml b/src/chrome/content/rules/Hounddog_Central.xml
index 008c4c63dcb3..5a75e716356b 100644
--- a/src/chrome/content/rules/Hounddog_Central.xml
+++ b/src/chrome/content/rules/Hounddog_Central.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Houseoffraser.co.uk.xml b/src/chrome/content/rules/Houseoffraser.co.uk.xml
deleted file mode 100644
index 4eaf46772a3c..000000000000
--- a/src/chrome/content/rules/Houseoffraser.co.uk.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Refused:
-		- careers.houseoffraser.co.uk
-
-	Invalid certificate:
-		- answers.houseoffraser.co.uk
-		- blog.houseoffraser.co.uk
-		- mail1.houseoffraser.co.uk
-		- mail2.houseoffraser.co.uk
-		- press.houseoffraser.co.uk
-		- recs.houseoffraser.co.uk
-		- reviews.houseoffraser.co.uk
-		- stories.houseoffraser.co.uk
-		- ugc.houseoffraser.co.uk
-
-	Redirect to http:
-		- www.houseoffraser.co.uk
-		- m.houseoffraser.co.uk
--->
-<ruleset name="Houseoffraser.co.uk">
-	<target host="houseoffraser.co.uk" />
-	<target host="apply.houseoffraser.co.uk" />
-	<target host="bond.houseoffraser.co.uk" />
-	<target host="bookings.houseoffraser.co.uk" />
-	<target host="corp.houseoffraser.co.uk" />
-	<target host="points.houseoffraser.co.uk" />
-	<target host="stores.houseoffraser.co.uk" />
-	<target host="suppliers.houseoffraser.co.uk" />
-	<target host="welcome.houseoffraser.co.uk" />
-	<target host="www2.houseoffraser.co.uk" />
-	<target host="yoursay.houseoffraser.co.uk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/HousingWire.com.xml b/src/chrome/content/rules/HousingWire.com.xml
index 11ed574e5b28..db469617c10d 100644
--- a/src/chrome/content/rules/HousingWire.com.xml
+++ b/src/chrome/content/rules/HousingWire.com.xml
@@ -19,4 +19,4 @@ Fetch error: http://housingwire.com/ => https://www.housingwire.com/: Cycle dete
 	<rule from="^http://store\.housingwire\.com/[^\?]*(\?.*)?"
 		to="https://checkout.subscriptiongenius.com/housingwire.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Houston_Chronicle.xml b/src/chrome/content/rules/Houston_Chronicle.xml
index dc1872f17788..96bdcc67bf0b 100644
--- a/src/chrome/content/rules/Houston_Chronicle.xml
+++ b/src/chrome/content/rules/Houston_Chronicle.xml
@@ -63,7 +63,10 @@
 -->
 <ruleset name="Houston Chronicle (partial)">
 
-	<target host="*.chron.com" />
+	<target host="dailydeal.chron.com" />
+	<target host="fangear.chron.com" />
+	<target host="file.chron.com" />
+	<target host="local.chron.com" />
 		<exclusion pattern="^http://fangear\.chron\.com/(?!App_Themes|images)/" />
 	<target host="myaccount.houstonchronicle.com" />
 
diff --git a/src/chrome/content/rules/HowManyDaysTill.com.xml b/src/chrome/content/rules/HowManyDaysTill.com.xml
new file mode 100644
index 000000000000..0473d224f80b
--- /dev/null
+++ b/src/chrome/content/rules/HowManyDaysTill.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid Certificate:
+		www.howmanydaystill.com
+-->
+<ruleset name="HowManyDaysTill.com">
+	<target host="howmanydaystill.com" />
+	<target host="www.howmanydaystill.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.howmanydaystill\.com/" to="https://howmanydaystill.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml b/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml
index 8df596f1fa30..c60917bd9a12 100644
--- a/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml
+++ b/src/chrome/content/rules/HowManyPeopleAreInSpaceRightNow.com.xml
@@ -4,5 +4,6 @@
 
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://howmanypeopleareinspacerightnow\.com/" to="https://www.howmanypeopleareinspacerightnow.com/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HowTo.gov.xml b/src/chrome/content/rules/HowTo.gov.xml
deleted file mode 100644
index 176330aa0e5c..000000000000
--- a/src/chrome/content/rules/HowTo.gov.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-
-
-	Nonfunctional hosts in *howto.gov:
-
-		- blog		(redirects to http)
-
-
-	^howto.gov: Expired, missing certificate
-
--->
-<ruleset name="HowTo.gov">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.howto.gov" />
-
-	<!--	Complications:
-				-->
-	<target host="howto.gov" />
-
-
-	<rule from="^http://howto\.gov/"
-		to="https://www.howto.gov/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/How_to_Box.xml b/src/chrome/content/rules/How_to_Box.xml
deleted file mode 100644
index b6a40ac653d2..000000000000
--- a/src/chrome/content/rules/How_to_Box.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="How-to-Box.com">
-
-	<target host="how-to-box.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Howinerd.com.xml b/src/chrome/content/rules/Howinerd.com.xml
deleted file mode 100644
index 85b5eea683e8..000000000000
--- a/src/chrome/content/rules/Howinerd.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Howinerd.com">
-
-	<target host="howinerd.com" />
-	<target host="www.howinerd.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HowiyaPress.com.xml b/src/chrome/content/rules/HowiyaPress.com.xml
new file mode 100644
index 000000000000..8dee595df542
--- /dev/null
+++ b/src/chrome/content/rules/HowiyaPress.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="HowiyaPress.com" platform="mixedcontent">
+	<target host="howiyapress.com" />
+	<target host="www.howiyapress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HrC.onl.xml b/src/chrome/content/rules/HrC.onl.xml
deleted file mode 100644
index 8f6ac4975a40..000000000000
--- a/src/chrome/content/rules/HrC.onl.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	(www.)? doesn't exist.
-
--->
-<ruleset name="HrC.onl">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="a.hrc.onl" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HsI_cloud.com.xml b/src/chrome/content/rules/HsI_cloud.com.xml
index 5dfdf23531f7..8a1a28e7b913 100644
--- a/src/chrome/content/rules/HsI_cloud.com.xml
+++ b/src/chrome/content/rules/HsI_cloud.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://fb.hsicloud.com/ => https://fb.hsicloud.com/: (60, 'SSL cert
 	* http reply
 
 -->
-<ruleset name="HsI cloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="HsI cloud.com (partial)" default_off="failed ruleset test">
 
 	<target host="fb.hsicloud.com" />
 
diff --git a/src/chrome/content/rules/Hstor.org.xml b/src/chrome/content/rules/Hstor.org.xml
index ae30e6bff81a..4d71a945c6d4 100644
--- a/src/chrome/content/rules/Hstor.org.xml
+++ b/src/chrome/content/rules/Hstor.org.xml
@@ -13,7 +13,7 @@ Fetch error: http://beta.hstor.org/ => https://beta.hstor.org/: (60, 'SSL certif
 	www.hstor.org doesn't exist.
 
 -->
-<ruleset name="hstor.org" default_off='failed ruleset test'>
+<ruleset name="hstor.org" default_off="failed ruleset test">
 
 	<target host="hstor.org" />
 	<!--target host="alpha.hstor.org" /-->
diff --git a/src/chrome/content/rules/Ht.vc.xml b/src/chrome/content/rules/Ht.vc.xml
index 36c05c833ec3..44b3c0558e63 100644
--- a/src/chrome/content/rules/Ht.vc.xml
+++ b/src/chrome/content/rules/Ht.vc.xml
@@ -6,7 +6,7 @@ Fetch error: http://bh.ht.vc/ => https://bh.ht.vc/: (60, 'SSL certificate proble
 Fetch error: http://www.ht.vc/ => https://www.ht.vc/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="ht.vc" default_off='failed ruleset test'>
+<ruleset name="ht.vc" default_off="failed ruleset test">
 
 	<target host="ht.vc" />
 	<target host="bh.ht.vc" />
diff --git a/src/chrome/content/rules/Htwk-leipzig-owndomains.xml b/src/chrome/content/rules/Htwk-leipzig-owndomains.xml
index 3a5a1aa523b1..6b6418f4328e 100644
--- a/src/chrome/content/rules/Htwk-leipzig-owndomains.xml
+++ b/src/chrome/content/rules/Htwk-leipzig-owndomains.xml
@@ -7,11 +7,11 @@ Fetch error: http://www.cmw-leipzig.de/ => https://www.cmw-leipzig.de/: (51, "SS
 	Nonfunctional subdomains:
 		- streifband.de
 			- www	-> wrong cert
-	
+
 	Other HTWK Leipzig rulesets:
 		- Htwk-leipzig.de.xml
 -->
-<ruleset name="HTWK Leipzig (own domains)" default_off='failed ruleset test'>
+<ruleset name="HTWK Leipzig (own domains)" default_off="failed ruleset test">
 	<target host="cmw-leipzig.de" />
 	<target host="www.cmw-leipzig.de" />
 	<target host="structuralengineering.de" />
diff --git a/src/chrome/content/rules/Htwk-leipzig.de.xml b/src/chrome/content/rules/Htwk-leipzig.de.xml
index fb50b37ff497..c440392e59e1 100644
--- a/src/chrome/content/rules/Htwk-leipzig.de.xml
+++ b/src/chrome/content/rules/Htwk-leipzig.de.xml
@@ -17,11 +17,11 @@ Fetch error: http://cmw.htwk-leipzig.de/ => https://cmw.htwk-leipzig.de/: (51, "
 		- naoteam.imn	        -> different site
 		- www.fitl		        -> times out
 		- katalog.bib	        -> DNS error
-	
+
 	Other HTWK Leipzig rulesets:
 		- Htwk-leipzig-owndomains.xml
 -->
-<ruleset name="HTWK-Leipzig.de" default_off='failed ruleset test'>
+<ruleset name="HTWK-Leipzig.de" default_off="failed ruleset test">
 	<target host="antonius.imn.htwk-leipzig.de" />
 	<target host="webmail.htwk-leipzig.de" />
 	<target host="www.imn.htwk-leipzig.de" />
diff --git a/src/chrome/content/rules/Huawei.com.xml b/src/chrome/content/rules/Huawei.com.xml
index 415968e033a8..2cb87e8a6c93 100644
--- a/src/chrome/content/rules/Huawei.com.xml
+++ b/src/chrome/content/rules/Huawei.com.xml
@@ -57,7 +57,7 @@ Fetch error: http://imailpk.huawei.com/ => https://imailpk.huawei.com/OWA: (60,
 		- uniportal.huawei.com
 
 -->
-<ruleset name="Huawei.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Huawei.com (partial)" default_off="failed ruleset test">
 
 	<target host="*.huawei.com" />
 
diff --git a/src/chrome/content/rules/HubSpot.com.xml b/src/chrome/content/rules/HubSpot.com.xml
deleted file mode 100644
index 20e13c12c517..000000000000
--- a/src/chrome/content/rules/HubSpot.com.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-	Other HubSpot rulesets:
-
-		- HS-analytics.net.xml
-		- HSappstatic.net.xml
-		- HSstatic.net.xml
-		- HubSpot.net.xml
-		- HubSpot_QA.com.xml
-		- leadin.com.xml
-
-	Invalid certificate:
-		go.hubspot.com
-		university.web11.hubspot.com
-
-	No working URL known:
-		hugs.hubspot.com
-
--->
-<ruleset name="HubSpot.com">
-
-	<target host="hubspot.com" />
-	<target host="www.hubspot.com" />
-	<target host="academy.hubspot.com" />
-	<target host="app.hubspot.com" />
-	<target host="blog.hubspot.com" />
-	<target host="br.hubspot.com" />
-	<target host="cdn1.hubspot.com" />
-	<target host="community.hubspot.com" />
-	<target host="cta-redirect.hubspot.com" />
-	<target host="designers.hubspot.com" />
-	<target host="dev.hubspot.com" />
-	<target host="developers.hubspot.com" />
-	<target host="forms.hubspot.com" />
-	<target host="forums.hubspot.com" />
-	<target host="help.hubspot.com" />
-	<target host="ideas.hubspot.com" />
-	<target host="info.hubspot.com" />
-	<target host="jobs.hubspot.com" />
-	<target host="js.hubspot.com" />
-	<target host="knowledge.hubspot.com" />
-	<target host="leadin.hubspot.com" />
-	<target host="legal.hubspot.com" />
-	<target host="library.hubspot.com" />
-	<target host="login.hubspot.com" />
-	<target host="marketplace.hubspot.com" />
-	<target host="no-cache.hubspot.com" />
-	<target host="offers.hubspot.com" />
-	<target host="product.hubspot.com" />
-	<target host="sites-auth.hubspot.com" />
-	<target host="static.hubspot.com" />
-	<target host="static2cdn.hubspot.com" />
-	<target host="track.hubspot.com" />
-	<target host="tracking.hubspot.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://cdn1\.hubspot\.com/"
-		to="https://s3.amazonaws.com/cdn1.hubspot.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/HubSpot.net.xml b/src/chrome/content/rules/HubSpot.net.xml
index ef741c488e22..8d8bd7087c51 100644
--- a/src/chrome/content/rules/HubSpot.net.xml
+++ b/src/chrome/content/rules/HubSpot.net.xml
@@ -1,7 +1,4 @@
 <!--
-	For other HubSpot coverage, see HubSpot.xml.
-
-
 	Fully covered hosts:
 
 		- cdn2
diff --git a/src/chrome/content/rules/Hudson_Valley_Host.xml b/src/chrome/content/rules/Hudson_Valley_Host.xml
index 213b89e7f08a..89b862e26763 100644
--- a/src/chrome/content/rules/Hudson_Valley_Host.xml
+++ b/src/chrome/content/rules/Hudson_Valley_Host.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://billing\.hudsonvalleyhost\.com/((?:cart|clientarea|submitticket)\.php|favicon\.ico|images/|includes/|modules/|templates/)"
 		to="https://billing.hudsonvalleyhost.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Huffington-Post.xml b/src/chrome/content/rules/Huffington-Post.xml
index e20dcbc5f9c8..ecf70c5c78e4 100644
--- a/src/chrome/content/rules/Huffington-Post.xml
+++ b/src/chrome/content/rules/Huffington-Post.xml
@@ -120,7 +120,7 @@
 
 
 	<rule from="^http://big\.assets\.huffingtonpost\.com/"
-		to="https://s3.amazonaws.com/big.assets.huffingtonpost.com/" />
+		to="https://big.assets.huffingtonpost.com/" />
 
 	<rule from="^http://images\.huffingtonpost\.com/"
 		to="https://s-i.huffpost.com/" />
diff --git a/src/chrome/content/rules/HughesNet.xml b/src/chrome/content/rules/HughesNet.xml
index c79d7207e888..b07c1dcec9d7 100644
--- a/src/chrome/content/rules/HughesNet.xml
+++ b/src/chrome/content/rules/HughesNet.xml
@@ -9,11 +9,11 @@ Fetch error: http://s1.hughesnet.com/ => https://s1.hughesnet.com/: (51, "SSL: n
 		- (www.)	(shows s1, CN: s1.hughesnet.com)
 
 -->
-<ruleset name="HughesNet (partial)" default_off='failed ruleset test'>
+<ruleset name="HughesNet (partial)" default_off="failed ruleset test">
 
 	<target host="s1.hughesnet.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HugoBoss.xml b/src/chrome/content/rules/HugoBoss.xml
index 6c199de3c370..86bad8ee9c88 100644
--- a/src/chrome/content/rules/HugoBoss.xml
+++ b/src/chrome/content/rules/HugoBoss.xml
@@ -21,7 +21,7 @@
 	<target host="mail.hugoboss.com" />
 	<target host="portal.hugoboss.com" />
 
-	<!-- Invalid certificate on https://hugoboss.com/ 
+	<!-- Invalid certificate on https://hugoboss.com/
 		 http://hugoboss.com/ redirects to http://www.hugoboss.com/ -->
 	<rule from="^http://hugoboss\.com/" to="https://www.hugoboss.com/" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/HumanDesign.fi.xml b/src/chrome/content/rules/HumanDesign.fi.xml
new file mode 100644
index 000000000000..f7b0ad4272a8
--- /dev/null
+++ b/src/chrome/content/rules/HumanDesign.fi.xml
@@ -0,0 +1,13 @@
+<!--
+		Nonfunctional hosts in *.humandesign.fi:
+			- autodiscover (m)
+			- ftp (m)
+		m: certificate mismatch
+-->
+<ruleset name="HumanDesign.fi">
+	<target host="humandesign.fi" />
+	<target host="www.humandesign.fi" />
+	<target host="mail.humandesign.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/HumanResearchEthicsPortal.xml b/src/chrome/content/rules/HumanResearchEthicsPortal.xml
index cf3c0f7cdb07..06aab896a788 100644
--- a/src/chrome/content/rules/HumanResearchEthicsPortal.xml
+++ b/src/chrome/content/rules/HumanResearchEthicsPortal.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hrep.nhmrc.gov.au/ => https://hrep.nhmrc.gov.au/: (6, 'Could not resolve host: hrep.nhmrc.gov.au')
 
 -->
-<ruleset name="Human Research Ethics Portal" default_off='failed ruleset test'>
+<ruleset name="Human Research Ethics Portal" default_off="failed ruleset test">
 	<target host="hrep.nhmrc.gov.au" />
-	<target host="*.hrep.nhmrc.gov.au" />
+	<target host="www.hrep.nhmrc.gov.au" />
 
 	<rule from="^http://(?:www\.)?hrep\.nhmrc\.gov\.au/"
 		to="https://hrep.nhmrc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Action.xml b/src/chrome/content/rules/Human_Action.xml
index ad3740717a80..e855cc0afa54 100644
--- a/src/chrome/content/rules/Human_Action.xml
+++ b/src/chrome/content/rules/Human_Action.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Human_Brain_Project.eu.xml b/src/chrome/content/rules/Human_Brain_Project.eu.xml
index 3b5eca05e9f5..438e871c1673 100644
--- a/src/chrome/content/rules/Human_Brain_Project.eu.xml
+++ b/src/chrome/content/rules/Human_Brain_Project.eu.xml
@@ -1,7 +1,9 @@
 <ruleset name="Human Brain Project.eu">
 
 	<target host="humanbrainproject.eu" />
-	<target host="*.humanbrainproject.eu" />
+	<target host="collaboration.humanbrainproject.eu" />
+	<target host="education.humanbrainproject.eu" />
+	<target host="www.humanbrainproject.eu" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^(?:collaboration|education|www)\.humanbrainproject\.eu$" name=".+" />
 
 
-	<rule from="^http://((?:collaboration|education|www)\.)?humanbrainproject\.eu/"
-		to="https://$1humanbrainproject.eu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Human_Events.xml b/src/chrome/content/rules/Human_Events.xml
index f0c0dedacd18..a89c352c21c9 100644
--- a/src/chrome/content/rules/Human_Events.xml
+++ b/src/chrome/content/rules/Human_Events.xml
@@ -13,7 +13,7 @@ Fetch error: http://order.humanevents.com/ => https://order.humanevents.com/: (6
 		- (www.)	(at least some pages redirect to http)
 
 -->
-<ruleset name="Human Events (partial)" default_off='failed ruleset test'>
+<ruleset name="Human Events (partial)" default_off="failed ruleset test">
 
 	<target host="humanevents.com" />
 	<target host="order.humanevents.com" />
@@ -26,4 +26,4 @@ Fetch error: http://order.humanevents.com/ => https://order.humanevents.com/: (6
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HumanityPlus.xml b/src/chrome/content/rules/HumanityPlus.xml
index 37c994ed8474..f097c07c5e23 100644
--- a/src/chrome/content/rules/HumanityPlus.xml
+++ b/src/chrome/content/rules/HumanityPlus.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?humanityplus\.org/"
 		to="https://humanityplus.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hunch.xml b/src/chrome/content/rules/Hunch.xml
index a103cfe0d85c..f1fc3e830678 100644
--- a/src/chrome/content/rules/Hunch.xml
+++ b/src/chrome/content/rules/Hunch.xml
@@ -24,7 +24,7 @@ Fetch error: http://hunch.com/ => https://hunch.com/: (60, 'SSL certificate prob
 		- img-1.hunch.com		(mismatched, CN: HUNCH.COM)
 
 -->
-<ruleset name="Hunch (partial)" default_off='failed ruleset test'>
+<ruleset name="Hunch (partial)" default_off="failed ruleset test">
 
 	<target host="aka-img-1.h-img.com" />
 	<target host="hunch.com" />
diff --git a/src/chrome/content/rules/Hungry-for-Change.xml b/src/chrome/content/rules/Hungry-for-Change.xml
index 15083282b16f..d11e0f767e00 100644
--- a/src/chrome/content/rules/Hungry-for-Change.xml
+++ b/src/chrome/content/rules/Hungry-for-Change.xml
@@ -3,10 +3,10 @@
 	<!--	Cert: *.worldsecuresystems.tv	-->
 	<target host="hungryforchange.tv" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.hungryforchange.tv" />
+	<target host="www.hungryforchange.tv" />
 
 
-	<securecookie host="^(?:.*\.)?hungryforchange\.tv$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	!www redirects to www.	-->
diff --git a/src/chrome/content/rules/Hunting_Bears.nl.xml b/src/chrome/content/rules/Hunting_Bears.nl.xml
index 6eef84edf5fd..ba4d205c085d 100644
--- a/src/chrome/content/rules/Hunting_Bears.nl.xml
+++ b/src/chrome/content/rules/Hunting_Bears.nl.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.huntingbears.nl/ => https://www.huntingbears.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.huntingbears.nl'")
 
 -->
-<ruleset name="Hunting Bears.nl" default_off='failed ruleset test'>
+<ruleset name="Hunting Bears.nl" default_off="failed ruleset test">
 
 	<target host="huntingbears.nl" />
 	<target host="www.huntingbears.nl" />
diff --git a/src/chrome/content/rules/Huobi.com.xml b/src/chrome/content/rules/Huobi.com.xml
index e673eb52b25d..00d5ae8b8402 100644
--- a/src/chrome/content/rules/Huobi.com.xml
+++ b/src/chrome/content/rules/Huobi.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://s.huobi.com/ => https://s.huobi.com/: (7, 'Failed to connect
 	* Secured by us
 
 -->
-<ruleset name="huobi.com" default_off='failed ruleset test'>
+<ruleset name="huobi.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Hupu.xml b/src/chrome/content/rules/Hupu.xml
index 5487d2e859bc..5c4f7550b151 100644
--- a/src/chrome/content/rules/Hupu.xml
+++ b/src/chrome/content/rules/Hupu.xml
@@ -43,7 +43,7 @@
     <target host="touch.hupucdn.com" />
     <target host="shihuo.hupucdn.com" />
     <target host="www.hupucdn.com" />
-    
+
     <!-- Hupuchina.com -->
     <target host="b1.hoopchina.com.cn" />
     <target host="b2.hoopchina.com.cn" />
diff --git a/src/chrome/content/rules/Hurley_Medical_Center.xml b/src/chrome/content/rules/Hurley_Medical_Center.xml
index 1267a5f41226..097df5f3fa98 100644
--- a/src/chrome/content/rules/Hurley_Medical_Center.xml
+++ b/src/chrome/content/rules/Hurley_Medical_Center.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hurleymc.com/ => https://hurleymc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hurleymc.com'")
 Fetch error: http://www.hurleymc.com/ => https://www.hurleymc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.hurleymc.com'")
 -->
-<ruleset name="Hurley Medical Center" default_off='failed ruleset test'>
+<ruleset name="Hurley Medical Center" default_off="failed ruleset test">
 
 	<target host="hurleymc.com" />
 	<target host="www.hurleymc.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.hurleymc.com/ => https://www.hurleymc.com/: (51, "SSL: n
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/HurricaneElectric.xml b/src/chrome/content/rules/HurricaneElectric.xml
index fdf946061e83..8039843d7420 100644
--- a/src/chrome/content/rules/HurricaneElectric.xml
+++ b/src/chrome/content/rules/HurricaneElectric.xml
@@ -3,41 +3,40 @@
 
 		- TunnelBroker.xml
 
-
-
-	Nonfunctional subdomains:
-
-		- bgp.he.net	(refused)
-		- man.he.net	(redirects to www.he.net, valid cert)
-
-
-	bgp.he.net and faq.he.net don't support SSL at the moment
-
-
-	Problematic domains:
-
-		- (www.)hu.com *
-		- hurricaneelectric.com *
-
-	* Alternative domains, same content, using he.net certificate
-
+	Non-functional hosts
+		SSL connect error:
+		- man.he.net
+
+		SSL peer certificate was not OK:
+		- he.com
+		- www.he.com
+		- hurricaneelectric.net
 -->
-<ruleset name="Hurricane Electric">
-
+<ruleset name="Hurricane Electric (partial)">
 	<target host="he.com" />
 	<target host="www.he.com" />
+	
 	<target host="he.net" />
-	<target host="*.he.net" />
+	<target host="www.he.net" />
+	<target host="admin.he.net" />
+	<target host="bgp.he.net" />
+		<test url="http://bgp.he.net/AS39056" />
+	<target host="code.he.net" />
+	<target host="cust.he.net" />
+	<target host="dns.he.net" />
+	<target host="faq.he.net" />
+	<target host="ipv6.he.net" />
+	
 	<target host="hurricaneelectric.net" />
+		<test url="http://hurricaneelectric.net/tour/" />
 
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http://(www\.)?he\.com/"
+		  to="https://www.he.net/" />
+	
+	<rule from="^http://hurricaneelectric\.net/"
+		  to="https://www.he.net/" />
 
-	<securecookie host="^(?:.*\.)?he\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?h(?:e\.com|urricaneelectric\.net)/"
-		to="https://www.he.net/" />
-
-	<rule from="^http://((?:admin|code|cust|dns|ipv6|www)\.)?he\.net/"
-		to="https://$1he.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/HurricaneTweets.com.xml b/src/chrome/content/rules/HurricaneTweets.com.xml
deleted file mode 100644
index 4175876e9674..000000000000
--- a/src/chrome/content/rules/HurricaneTweets.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="HurricaneTweets.com">
-	<target host="hurricanetweets.com" />
-	<target host="www.hurricanetweets.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Hush-Hush.xml b/src/chrome/content/rules/Hush-Hush.xml
index 5f84d45d3509..337a20000660 100644
--- a/src/chrome/content/rules/Hush-Hush.xml
+++ b/src/chrome/content/rules/Hush-Hush.xml
@@ -1,7 +1,8 @@
 <ruleset name="Hush-Hush (partial)">
 
 	<target host="hush-hush.com"/>
-	<target host="*.hush-hush.com"/>
+	<target host="www.hush-hush.com" />
+	<target host="secure.hush-hush.com" />
 
 	<securecookie host="^secure\.hush-hush\.com$" name=".+" />
 
diff --git a/src/chrome/content/rules/Hush.technology.xml b/src/chrome/content/rules/Hush.technology.xml
deleted file mode 100644
index e5f579aee5d9..000000000000
--- a/src/chrome/content/rules/Hush.technology.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Hush.technology">
-
-	<target host="hush.technology" />
-	<target host="www.hush.technology" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^hush\.technology$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^hush\.technology$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hustler.xml b/src/chrome/content/rules/Hustler.xml
index 25317ff096f0..24cdf4d601b4 100644
--- a/src/chrome/content/rules/Hustler.xml
+++ b/src/chrome/content/rules/Hustler.xml
@@ -14,7 +14,7 @@ Fetch error: http://hustlermagazine.com/ => https://www.hustlermagazine.com/: (7
 	* Handshake fails
 
 -->
-<ruleset name="Hustler" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Hustler" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.hustlermagazine.com" />
   <target host="hustlermagazine.com" />
 
diff --git a/src/chrome/content/rules/Huxiu.com.xml b/src/chrome/content/rules/Huxiu.com.xml
index cba4d3954388..dd185e346941 100644
--- a/src/chrome/content/rules/Huxiu.com.xml
+++ b/src/chrome/content/rules/Huxiu.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://huxiu.com/ => https://huxiu.com/: (60, 'SSL certificate prob
 	- Refused on:
 		duwu.huxiu.com
 -->
-<ruleset name="Huxiu" default_off='failed ruleset test'>
+<ruleset name="Huxiu" default_off="failed ruleset test">
 	<target host="analyzer.huxiu.com" />
 	<target host="chuanyan.huxiu.com" />
 	<target host="en.huxiu.com" />
@@ -18,6 +18,6 @@ Fetch error: http://huxiu.com/ => https://huxiu.com/: (60, 'SSL certificate prob
 	<target host="sdata.huxiu.com" />
 	<target host="statics.huxiu.com" />
 	<target host="www.huxiu.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hvosting.ua.xml b/src/chrome/content/rules/Hvosting.ua.xml
index c14b50d3fbf2..0a0ae5aeb095 100644
--- a/src/chrome/content/rules/Hvosting.ua.xml
+++ b/src/chrome/content/rules/Hvosting.ua.xml
@@ -13,9 +13,9 @@
 	<target host="www.hvosting.ua" />
 
 
-	<securecookie host="^(?:.*\.)?hvosting\.ua$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hwbot.org.xml b/src/chrome/content/rules/Hwbot.org.xml
index 90d682fcbea8..08e3731b05c3 100644
--- a/src/chrome/content/rules/Hwbot.org.xml
+++ b/src/chrome/content/rules/Hwbot.org.xml
@@ -15,7 +15,8 @@
 -->
 <ruleset name="Hwbot.org (partial)">
 
-	<target host="*.hwbot.org" />
+	<target host="img.hwbot.org" />
+	<target host="static.hwbot.org" />
 
 
 	<rule from="^http://img\.hwbot\.org/"
diff --git a/src/chrome/content/rules/Hypanova.com.xml b/src/chrome/content/rules/Hypanova.com.xml
index 27c6c1d60700..81389926a47a 100644
--- a/src/chrome/content/rules/Hypanova.com.xml
+++ b/src/chrome/content/rules/Hypanova.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.hypanova.com/ => https://www.hypanova.com/: (60, 'SSL ce
 Disabled by https-everywhere-checker because:
 Fetch error: http://hypanova.com/ => https://hypanova.com/: (51, "SSL: no alternative certificate subject name matches target host name 'hypanova.com'")
 -->
-<ruleset name="Hypanova.com" default_off='failed ruleset test'>
+<ruleset name="Hypanova.com" default_off="failed ruleset test">
 
 	<target host="hypanova.com" />
 	<target host="www.hypanova.com" />
diff --git a/src/chrome/content/rules/HypeMachine.xml b/src/chrome/content/rules/HypeMachine.xml
index 8d30b454c8b6..773a08946225 100644
--- a/src/chrome/content/rules/HypeMachine.xml
+++ b/src/chrome/content/rules/HypeMachine.xml
@@ -1,43 +1,17 @@
 <!--
-	CDN buckets:
-
-		- s3.amazonaws.com/faces-s3.hypem.com/
-
-		- hypem-static.edgesuite.net
-
-			- static-ak.hypem.net
-
-
-	Problematic domains:
-
-		- static-ak.hypem.net	(works, akamai)
-
-
-	Fully covered domains:
-
-		- static.hypem.com
-		- static-ak.hypem.net	(→ static.hypem.net)
-
+	Non-functional hosts:
+		Certificate mismatched:
+		- www.hypem.com
 -->
-<ruleset name="HypeMachine (not supported)" default_off="Full SSL not supported">
-    <target host="hypem.com" />
-    <target host="*.hypem.com" />
-		<!--
-			Pages 501:
-
-				https://trac.torproject.org/projects/tor/ticket/9153
-											-->
-		<exclusion pattern="^http://(?:www\.)?hypem\.com/(?!favicon\.ico|images/|inc/|js/)" />
-	<target host="static-ak.hypem.net" />
-
-
-	<!--securecookie host="^([^/:@]+\.)?hypem\.com$" name=".+" /-->
-
-
-	<rule from="^http://([^/:@]+\.)?hypem\.com/"
-		to="https://$1hypem.com/" />
+<ruleset name="Hype Machine">
+	<target host="hypem.com" />
+	<target host="www.hypem.com" />
+	<target host="blog.hypem.com" />
+	<target host="merch.hypem.com" />
+	<target host="static.hypem.com" />
 
-	<rule from="^http://static-ak\.hypem\.net/"
-		to="https://static.hypem.com/" />
+	<rule from="^http://www\.hypem\.com/"
+		  	to="https://hypem.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Hyper.sh.xml b/src/chrome/content/rules/Hyper.sh.xml
deleted file mode 100644
index 02f87ab871c5..000000000000
--- a/src/chrome/content/rules/Hyper.sh.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Hyper.sh">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="hyper.sh" />
-	<target host="docs.hyper.sh" />
-	<target host="www.hyper.sh" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Hyperoptic.com.xml b/src/chrome/content/rules/Hyperoptic.com.xml
index e376b49288e4..597513202a83 100644
--- a/src/chrome/content/rules/Hyperoptic.com.xml
+++ b/src/chrome/content/rules/Hyperoptic.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Hypovereinsbank.de.xml b/src/chrome/content/rules/Hypovereinsbank.de.xml
index 62ec28643514..4254e36b4caf 100644
--- a/src/chrome/content/rules/Hypovereinsbank.de.xml
+++ b/src/chrome/content/rules/Hypovereinsbank.de.xml
@@ -3,9 +3,7 @@
   <target host="www.hvb.de"/>
   <target host="hypovereinsbank.de"/>
   <target host="www.hypovereinsbank.de"/>
-
-  <securecookie host="^(?:.*\.)?hvb\.de$" name=".+" />
-  <securecookie host="^(?:.*\.)?hypovereinsbank\.de$" name=".+" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?hypovereinsbank\.de/" to="https://www.hypovereinsbank.de/"/>
   <rule from="^http://(?:www\.)?hvb\.de/" to="https://www.hypovereinsbank.de/"/>
diff --git a/src/chrome/content/rules/I-Do-Foundation.xml b/src/chrome/content/rules/I-Do-Foundation.xml
deleted file mode 100644
index 7843e7958b4b..000000000000
--- a/src/chrome/content/rules/I-Do-Foundation.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="I Do Foundation" platform="mixedcontent">
-	<target host="idofoundation.org" />
-	<target host="www.idofoundation.org" />
-
-	<rule from="^http://(?:www\.)?idofoundation\.org/" to="https://www.idofoundation.org/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/I2PD.website.xml b/src/chrome/content/rules/I2PD.website.xml
new file mode 100644
index 000000000000..c7fd3127ab1c
--- /dev/null
+++ b/src/chrome/content/rules/I2PD.website.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.i2pd.website
+-->
+<ruleset name="I2PD.website">
+	<target host="i2pd.website" />
+	<target host="www.i2pd.website" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.i2pd\.website/" to="https://i2pd.website/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/I3D.net.xml b/src/chrome/content/rules/I3D.net.xml
index ca5839ebe9f0..64233ef8cfa4 100644
--- a/src/chrome/content/rules/I3D.net.xml
+++ b/src/chrome/content/rules/I3D.net.xml
@@ -10,7 +10,8 @@
 <ruleset name="i3D.net">
 
 	<target host="i3d.net" />
-	<target host="*.i3d.net" />
+	<target host="customer.i3d.net" />
+	<target host="www.i3d.net" />
 
 
 	<!--	(www.)? and customer appear identical:
diff --git a/src/chrome/content/rules/IAAPA.xml b/src/chrome/content/rules/IAAPA.xml
index 816abaf6e3d0..33970f547478 100644
--- a/src/chrome/content/rules/IAAPA.xml
+++ b/src/chrome/content/rules/IAAPA.xml
@@ -6,12 +6,12 @@ Fetch error: http://iaapa.org/ => https://www.iaapa.org/: (28, 'Connection timed
 Disabled by https-everywhere-checker because:
 Fetch error: http://iaapa.org/ => https://www.iaapa.org/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="International Association of Amusement Parks and Attractions" default_off='failed ruleset test'>
+<ruleset name="International Association of Amusement Parks and Attractions" default_off="failed ruleset test">
 
 	<target host="iaapa.org"/>
-	<target host="*.iaapa.org"/>
+	<target host="www.iaapa.org" />
 
-	<securecookie host="^(?:.*\.)?iaapa\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?iaapa\.org/"
 		to="https://www.iaapa.org/"/>
diff --git a/src/chrome/content/rules/IAB.org.xml b/src/chrome/content/rules/IAB.org.xml
deleted file mode 100644
index 06ceda32f40b..000000000000
--- a/src/chrome/content/rules/IAB.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="IAB.org">
-
-	<target host="iab.org" />
-	<target host="www.iab.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IARU-R1.org.xml b/src/chrome/content/rules/IARU-R1.org.xml
new file mode 100644
index 000000000000..513a50610ee7
--- /dev/null
+++ b/src/chrome/content/rules/IARU-R1.org.xml
@@ -0,0 +1,26 @@
+<ruleset name="IARU-R1.org">
+	<!-- International Amateur Radio Union - Region 1 -->
+
+	<target host="iaru-r1.org" />
+	<target host="www.iaru-r1.org" />
+	<target host="autodiscover.iaru-r1.org" />
+	<target host="codeofconduct.iaru-r1.org" />
+	<target host="www.codeofconduct.iaru-r1.org" />
+	<target host="cpanel.iaru-r1.org" />
+	<target host="hamradio-operating-ethics.iaru-r1.org" />
+	<target host="www.hamradio-operating-ethics.iaru-r1.org" />
+	<target host="iarums.iaru-r1.org" />
+	<target host="www.iarums.iaru-r1.org" />
+	<target host="mail.iaru-r1.org" />
+	<target host="vienna.iaru-r1.org" />
+	<target host="www.vienna.iaru-r1.org" />
+	<target host="webdisk.iaru-r1.org" />
+	<target host="webmail.iaru-r1.org" />
+	<target host="youth.iaru-r1.org" />
+	<target host="www.youth.iaru-r1.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IAS.edu.xml b/src/chrome/content/rules/IAS.edu.xml
index 821943e4ca0d..fd98b957bd01 100644
--- a/src/chrome/content/rules/IAS.edu.xml
+++ b/src/chrome/content/rules/IAS.edu.xml
@@ -41,7 +41,7 @@ Fetch error: http://springdale.math.ias.edu/ => https://springdale.math.ias.edu/
 		- (www.)sss	(^ → www)
 
 -->
-<ruleset name="IAS.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="IAS.edu (partial)" default_off="failed ruleset test">
 
 	<target host="admin.ias.edu" />
 	<target host="www.admin.ias.edu" />
diff --git a/src/chrome/content/rules/IATS_Payments.com.xml b/src/chrome/content/rules/IATS_Payments.com.xml
index 431cd629a6dc..049c731b8fe3 100644
--- a/src/chrome/content/rules/IATS_Payments.com.xml
+++ b/src/chrome/content/rules/IATS_Payments.com.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IB-IBI.com.xml b/src/chrome/content/rules/IB-IBI.com.xml
index 585e42ad4c91..2190f2e47f6f 100644
--- a/src/chrome/content/rules/IB-IBI.com.xml
+++ b/src/chrome/content/rules/IB-IBI.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://global.ib-ibi.com/ => https://global.ib-ibi.com/: (56, 'SSL
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="IB-IBI.com (partial)" default_off='failed ruleset test'>
+<ruleset name="IB-IBI.com (partial)" default_off="failed ruleset test">
 
 	<target host="global.ib-ibi.com" />
 
diff --git a/src/chrome/content/rules/IBM.xml b/src/chrome/content/rules/IBM.xml
index 5b020f9574be..7bf2450865b7 100644
--- a/src/chrome/content/rules/IBM.xml
+++ b/src/chrome/content/rules/IBM.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://www-950.ibm.com/ => https://www-950.ibm.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	IBM has lots of resources, besides software,
 	also developerworks and redbooks.
 
@@ -9,8 +14,6 @@
 		- CoreMetrics.xml
 		- ibm.biz.xml
 		- Kenexa.xml
-		- Lotus.xml
-		- Pviq.com.xml
 		- Trusteer.com.xml
 
 
@@ -98,7 +101,7 @@
 	<target host="www-01.ibm.com" />
 	<target host="www-03.ibm.com" />
 	<target host="www-304.ibm.com" />
-	<target host="www-950.ibm.com" />
+	<!-- target host="www-950.ibm.com" /-->
 	<target host="www-935.ibm.com" />
 	<target host="www-947.ibm.com" />
 
diff --git a/src/chrome/content/rules/IBPhoenix.com.xml b/src/chrome/content/rules/IBPhoenix.com.xml
index 8453c806a7b1..226088e9b000 100644
--- a/src/chrome/content/rules/IBPhoenix.com.xml
+++ b/src/chrome/content/rules/IBPhoenix.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.ibphoenix.com/ => https://www.ibphoenix.com/: (60, 'SSL
 	^: 503
 
 -->
-<ruleset name="IBPhoenix.com" default_off='failed ruleset test'>
+<ruleset name="IBPhoenix.com" default_off="failed ruleset test">
 
 	<target host="ibphoenix.com" />
 	<target host="www.ibphoenix.com" />
diff --git a/src/chrome/content/rules/IBario.com.xml b/src/chrome/content/rules/IBario.com.xml
index 4f688a2b4316..9d7d5444960e 100644
--- a/src/chrome/content/rules/IBario.com.xml
+++ b/src/chrome/content/rules/IBario.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.ibario.com/ => https://www.ibario.com/: (60, 'SSL certif
 	^: refused
 
 -->
-<ruleset name="iBario.com" default_off='failed ruleset test'>
+<ruleset name="iBario.com" default_off="failed ruleset test">
 
 	<target host="ibario.com" />
 	<target host="www.ibario.com" />
diff --git a/src/chrome/content/rules/IBsrv.net.xml b/src/chrome/content/rules/IBsrv.net.xml
new file mode 100644
index 000000000000..6d1467cda200
--- /dev/null
+++ b/src/chrome/content/rules/IBsrv.net.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Internet Brands rules, see Internet_Brands.xml
+
+	Invalid certificate:
+		cdc.ibsrv.net
+		mms.ibsrv.net
+
+-->
+<ruleset name="IBsrv.net (partial)">
+
+	<target host="cdc.ibsrv.net" />
+		<test url="http://cdc.ibsrv.net/cdcx/images/tile1.jpg" />
+	<target host="cdcssl.ibsrv.net" />
+		<test url="http://cdcssl.ibsrv.net/cdcx/images/tile1.jpg" />
+	<target host="static.ibsrv.net" />
+		<test url="http://static.ibsrv.net/FordTrucks/PigtailIdentificationKit_1.pdf" />
+	<target host="staticssl.ibsrv.net" />
+		<test url="http://staticssl.ibsrv.net/FordTrucks/PigtailIdentificationKit_1.pdf" />
+
+	<rule from="^http://cdc\.ibsrv\.net/"
+		to="https://cdcssl.ibsrv.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ICA.se.xml b/src/chrome/content/rules/ICA.se.xml
index c4f5484da0e3..2e609ec99818 100644
--- a/src/chrome/content/rules/ICA.se.xml
+++ b/src/chrome/content/rules/ICA.se.xml
@@ -1,7 +1,10 @@
 <ruleset name="ICA.se">
-	<target host="www.ica.se" />
 	<target host="ica.se" />
-	<rule from="^http://ica\.se/" to="https://www.ica.se/"/>
-	<rule from="^http://www\.ica\.se/" to="https://www.ica.se/"/>
-</ruleset>
+	<target host="www.ica.se" />
+	<target host="handla.ica.se" />
+	<target host="foto.ica.se" />
 
+	<target host="assets.icanet.se" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ICANN.xml b/src/chrome/content/rules/ICANN.xml
index f89a04e9986f..19698f5a7da1 100644
--- a/src/chrome/content/rules/ICANN.xml
+++ b/src/chrome/content/rules/ICANN.xml
@@ -97,7 +97,7 @@
 		<exclusion pattern="^http://(?:newgtlds|whois)\.icann\.org/+(?!sites/)" />
 
 
-	<securecookie host="(?:.*\.)?icann\.org$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?atlarge\.icann\.org/"
diff --git a/src/chrome/content/rules/ICLN.org.xml b/src/chrome/content/rules/ICLN.org.xml
index fa683ecb54fe..57775d13b7e0 100644
--- a/src/chrome/content/rules/ICLN.org.xml
+++ b/src/chrome/content/rules/ICLN.org.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICMail.xml b/src/chrome/content/rules/ICMail.xml
deleted file mode 100644
index f1aecaf640bc..000000000000
--- a/src/chrome/content/rules/ICMail.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ICMail">
-  <target host="icmail.com" />
-  <target host="www.icmail.com" />
-
-  <rule from="^http://(?:www\.)?icmail\.net/" to="https://icmail.net/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/ICPDR.org.xml b/src/chrome/content/rules/ICPDR.org.xml
new file mode 100644
index 000000000000..53a35ada0826
--- /dev/null
+++ b/src/chrome/content/rules/ICPDR.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- icpdr.org, equivalent to www.icpdr.org
+-->
+
+<ruleset name="ICPDR.org">
+	<target host="icpdr.org" />
+	<target host="www.icpdr.org" />
+	<target host="danubis.icpdr.org" />
+
+	<rule from="^http://icpdr\.org/"
+		to="https://www.icpdr.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ICPEN.xml b/src/chrome/content/rules/ICPEN.xml
index 2287a90f69b0..34364549441f 100644
--- a/src/chrome/content/rules/ICPEN.xml
+++ b/src/chrome/content/rules/ICPEN.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.icpen.org/ => https://icpen.org/: Too many redirects whi
 	Cert only matches ^icpen.org
 
 -->
-<ruleset name="ICPEN" default_off='failed ruleset test'>
+<ruleset name="ICPEN" default_off="failed ruleset test">
 
 	<target host="icpen.org" />
 	<target host="www.icpen.org" />
diff --git a/src/chrome/content/rules/ICRAA.org.xml b/src/chrome/content/rules/ICRAA.org.xml
new file mode 100644
index 000000000000..a4f6f12ef0ec
--- /dev/null
+++ b/src/chrome/content/rules/ICRAA.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Secure Connection Failed:
+		fr.icraa.org
+		tr.icraa.org
+		ur.icraa.org
+-->
+<ruleset name="ICRAA.org">
+	<target host="icraa.org" />
+	<target host="www.icraa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ICSA_Labs.com.xml b/src/chrome/content/rules/ICSA_Labs.com.xml
deleted file mode 100644
index e1b5911f181e..000000000000
--- a/src/chrome/content/rules/ICSA_Labs.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For other Verizon coverage, see Verizon.xml.
-
-
-	^icsalabs.com: Cert only matches www
-
-
-	Insecure cookies are set for these domains:
-
-		- .icsalabs.com
-
--->
-<ruleset name="ICSA Labs.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.icsalabs.com" />
-
-	<!--	Complications:
-				-->
-	<target host="icsalabs.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.icsalabs\.com$" name="^SESS[\da-f]{32}$" /-->
-
-	<securecookie host="^\.icsalabs\.com$" name=".+" />
-
-
-	<rule from="^http://icsalabs\.com/"
-		to="https://www.icsalabs.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ICTRecht.xml b/src/chrome/content/rules/ICTRecht.xml
index ec7d26cf55c8..412f10a4a6c7 100644
--- a/src/chrome/content/rules/ICTRecht.xml
+++ b/src/chrome/content/rules/ICTRecht.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICharts.xml b/src/chrome/content/rules/ICharts.xml
deleted file mode 100644
index 347bfe374269..000000000000
--- a/src/chrome/content/rules/ICharts.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="iCharts (partial)">
-
-	<target host="accounts.icharts.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^accounts\.icharts\.net$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^accounts\.icharts\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IClick_Interactive.xml b/src/chrome/content/rules/IClick_Interactive.xml
index 1c9366641765..1c9abd78381a 100644
--- a/src/chrome/content/rules/IClick_Interactive.xml
+++ b/src/chrome/content/rules/IClick_Interactive.xml
@@ -6,14 +6,11 @@
 -->
 <ruleset name="iClick Interactive (partial)">
 
-	<target host="*.optimix.asia" />
+	<target host="e02.optimix.asia" />
 
-
-	<securecookie host="^\.optimix\.asia$" name="^opxPID$" />
 	<securecookie host="^e02\.optimix\.asia$" name=".+" />
 
 
-	<rule from="^http://e02\.optimix\.asia/"
-		to="https://e02.optimix.asia/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ICommunity.fr.xml b/src/chrome/content/rules/ICommunity.fr.xml
index 302888583a83..f7ab5a3763e6 100644
--- a/src/chrome/content/rules/ICommunity.fr.xml
+++ b/src/chrome/content/rules/ICommunity.fr.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.icommunity.fr/ => https://www.icommunity.fr/: (7, 'Faile
 	^icommunity.fr doesn't exist.
 
 -->
-<ruleset name="iCommunity.fr" default_off='failed ruleset test'>
+<ruleset name="iCommunity.fr" default_off="failed ruleset test">
 
 	<target host="www.icommunity.fr" />
 
diff --git a/src/chrome/content/rules/IDC.xml b/src/chrome/content/rules/IDC.xml
index 3a69b16098c8..ca16b290f5fc 100644
--- a/src/chrome/content/rules/IDC.xml
+++ b/src/chrome/content/rules/IDC.xml
@@ -17,7 +17,9 @@
 <ruleset name="IDC">
 
 	<target host="idc.com" />
-	<target host="*.idc.com" />
+	<target host="cdn.idc.com" />
+	<target host="www.idc.com" />
+	<target host="cas.idc.com" />
 
 
 	<securecookie host="^.+\.idc\.com$" name=".+" />
@@ -26,7 +28,6 @@
 	<rule from="^http://(?:cdn\.|www\.)?idc\.com/"
 		to="https://www.idc.com/" />
 
-	<rule from="^http://cas\.idc\.com/"
-		to="https://cas.idc.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IDG.com.au.xml b/src/chrome/content/rules/IDG.com.au.xml
index 98d3402d6821..a3004019f697 100644
--- a/src/chrome/content/rules/IDG.com.au.xml
+++ b/src/chrome/content/rules/IDG.com.au.xml
@@ -23,23 +23,21 @@ Fetch error: http://computerworld.com.au/ => https://computerworld.com.au/: (51,
 <ruleset name="IDG.com.au" platform="mixedcontent">
 
 	<target host="computerworld.com.au" />
-	<target host="*.computerworld.com.au" />
-	<target host="*.idg.com.au" />
+	<target host="www.computerworld.com.au" />
+	<target host="demo.idg.com.au" />
+	<target host="cdn.idg.com.au" />
 
 
 	<securecookie host="^(?:www)?\.computerworld\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(www\.)?computerworld\.com\.au/"
-		to="https://$1computerworld.com.au/" />
 
 	<!--	Protocol-relative link from www.computerworld.com.au:
 							-->
-	<rule from="^http://demo\.idg\.com\.au/"
-		to="https://d1i47h7pyjy1h0.cloudfront.net/" />
 
 	<rule from="^http://cdn\.idg\.com\.au/"
 		to="https://dfwp37e65law8.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/IDG.se.xml b/src/chrome/content/rules/IDG.se.xml
index 9139b3ee8e6f..b7a1a75c931d 100644
--- a/src/chrome/content/rules/IDG.se.xml
+++ b/src/chrome/content/rules/IDG.se.xml
@@ -63,7 +63,7 @@ Non-2xx HTTP code: http://upphandling24.idg.se/ (200) => https://upphandling24.i
 	* Times out
 
 -->
-<ruleset name="IDG.se (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="IDG.se (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="idg.se" />
 	<target host="androidguiden.idg.se" />
diff --git a/src/chrome/content/rules/ID_managed_solutions.com.xml b/src/chrome/content/rules/ID_managed_solutions.com.xml
deleted file mode 100644
index a24a1e7a4068..000000000000
--- a/src/chrome/content/rules/ID_managed_solutions.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Interactive Data Corporation coverage, see Interactive_Data_Corporation.xml.
-
-
-	These altnames don't exist:
-
-		- moa.idmanagedsolutions.com
-
--->
-<ruleset name="ID managed solutions.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.moa.idmanagedsolutions.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IEEE.org-falsemixed.xml b/src/chrome/content/rules/IEEE.org-falsemixed.xml
index b2afcdca70fe..5fb1d3c2a968 100644
--- a/src/chrome/content/rules/IEEE.org-falsemixed.xml
+++ b/src/chrome/content/rules/IEEE.org-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://ieeexplore.ieee.org/ => https://ieeexplore.ieee.org/: Too ma
 	For rules not causing false/broken MCB, see IEEE.xml.
 
 -->
-<ruleset name="IEEE.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="IEEE.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ieeexplore.ieee.org" />
 
diff --git a/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml b/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml
index f2aadd96e446..dfae2b05935a 100644
--- a/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml
+++ b/src/chrome/content/rules/IEEE_USA.org-falsemixed.xml
@@ -7,7 +7,7 @@ Fetch error: http://entportal.ieeeusa.org/ => https://entportal.ieeeusa.org/: (6
 	For rules not causing false/broken MCB, see IEEE_USA.org.xml.
 
 -->
-<ruleset name="IEEE USA.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="IEEE USA.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/IELTS.org.xml b/src/chrome/content/rules/IELTS.org.xml
new file mode 100644
index 000000000000..dfac9c5c40ae
--- /dev/null
+++ b/src/chrome/content/rules/IELTS.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		bandscore.ielts.org
+-->
+<ruleset name="IELTS.org" >
+	<target host="ielts.org" />
+	<target host="www.ielts.org" />
+	<target host="results.ielts.org" />
+
+	<securecookie host="^(www|results)\.ielts\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IELTS.xml b/src/chrome/content/rules/IELTS.xml
deleted file mode 100644
index 750188010352..000000000000
--- a/src/chrome/content/rules/IELTS.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="IELTS" platform="mixedcontent">
-  <target host="ielts.org" />
-	<target host="www.ielts.org" />
-	<target host="results.ielts.org" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/IEQuran.com.xml b/src/chrome/content/rules/IEQuran.com.xml
new file mode 100644
index 000000000000..0dd0d6100d02
--- /dev/null
+++ b/src/chrome/content/rules/IEQuran.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="IEQuran.com">
+	<target host="iequran.com" />
+	<target host="www.iequran.com" />
+	<target host="mail.iequran.com" />
+	<target host="online.iequran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IET.xml b/src/chrome/content/rules/IET.xml
index d52e0abe1334..038c3c686539 100644
--- a/src/chrome/content/rules/IET.xml
+++ b/src/chrome/content/rules/IET.xml
@@ -8,7 +8,8 @@
 <ruleset name="IET (partial)">
 
 	<target host="theiet.org" />
-	<target host="*.theiet.org" />
+	<target host="www.theiet.org" />
+	<target host="digital-library.theiet.org" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/IETF.org.xml b/src/chrome/content/rules/IETF.org.xml
index 407b54c5b591..e66cc347f325 100644
--- a/src/chrome/content/rules/IETF.org.xml
+++ b/src/chrome/content/rules/IETF.org.xml
@@ -108,10 +108,10 @@
 	<target host="xml2rfc.ietf.org" />
 
 	<securecookie host="^\.ietf\.org$" name="^(?:__cfduid|cf_clearance)$" />
-	
+
 	<rule from="^http://www\.ops\.ietf\.org/"
 		  	to="https://trac.ietf.org/trac/ops/wiki/" />
-		  
+
 	<rule from="^http://edu\.ietf\.org/"
 			to="https://trac.ietf.org/trac/edu/" />
 
diff --git a/src/chrome/content/rules/IFA.ch.xml b/src/chrome/content/rules/IFA.ch.xml
index cb5dd9780510..7203fc1e4bc0 100644
--- a/src/chrome/content/rules/IFA.ch.xml
+++ b/src/chrome/content/rules/IFA.ch.xml
@@ -1,6 +1,6 @@
 <ruleset name="IFA.ch">
 	<target host="www.ifa.ch"/>
-	<securecookie host="^(?:.*\.)?ifa\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/IFriends.xml b/src/chrome/content/rules/IFriends.xml
deleted file mode 100644
index ef108fccca87..000000000000
--- a/src/chrome/content/rules/IFriends.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="iFriends (partial)">
-
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.ifriends.net" />
-
-
-	<securecookie host="^\.ifriends\.net$" name=".+" />
-
-
-	<rule from="^http://images\.ifriends\.net/"
-		to="https://images.ifriends.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IGCD.net.xml b/src/chrome/content/rules/IGCD.net.xml
new file mode 100644
index 000000000000..a720beb8e3cd
--- /dev/null
+++ b/src/chrome/content/rules/IGCD.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="IGCD.net">
+	<target host="igcd.net" />
+	<target host="www.igcd.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IGN-problematic.xml b/src/chrome/content/rules/IGN-problematic.xml
deleted file mode 100644
index a75fff864850..000000000000
--- a/src/chrome/content/rules/IGN-problematic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules that are on by default, see IGN.xml.
-
--->
-<ruleset name="IGN (problematic)" default_off="akamai certificate">
-
-	<target host="ign.com" />
-	<target host="*.ign.com" />
-
-
-	<securecookie host="^.*\.ign\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ign\.com/"
-		to="https://www.ign.com/" />
-
-	<rule from="^http://(au|ca|de|ie|maint|dia|redirect|uk|widgets)\.ign\.com/"
-		to="https://$1.ign.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IGN.xml b/src/chrome/content/rules/IGN.xml
index d40db0b4eb19..1e231ada7fd5 100644
--- a/src/chrome/content/rules/IGN.xml
+++ b/src/chrome/content/rules/IGN.xml
@@ -1,127 +1,69 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mail.ign.com/ => https://mail.ign.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://ads.ign.com/ (200) => https://a248.e.akamai.net/f/1005/1/g/ads.ign.com/ (503)
-Fetch error: http://mail.ign.com/ => https://mail.ign.com/: None
-Non-2xx HTTP code: http://media.ign.com/ (200) => https://a248.e.akamai.net/media.ign.com/ (503)
-Non-2xx HTTP code: http://pcmedia.ign.com/ (200) => https://a248.e.akamai.net/f/1005/1/g/pcmedia.ign.com/ (503)
-	For problematic rules, see IGN-problematic.xml.
-
-
 	For other News Corporation coverage, see News-Corporation.xml.
 
-
 	CDN buckets:
-
 		- maint.ign.com.edgesuite.net
+		- www.ign.com.edgesuite.net/…
 
-		- www.ign.com.edgesuite.net/...
-
-			- ign.com subdomains:
-				- au
-				- ca
-				- ie
-				- dsmedia
-				- media
-				- pcmedia
-				- ps3media
-				- pspmedia
-				- uk
-				- xbox360media
-				- widgets
-				- www
-
-			- assets[12].ignimgs.com
-			- fonts.ignimgs.com
-			- media.ignimgs.com
-			- oyster.ignimgs.com
-			- oystatic.ignimgs.com
-
-
-	Nonfunctional domains:
-
-		- corp.ign.com
-		- nwvault.ign.com *
-
-	* Refused
-
-
-	Problematic domains:
-
-		ign.com subdomains:
-
-			- ^		(cert only matches redirect.ign.com)
-			- ap
-			- au *
-			- ca *
-			- de **
-			- ds *
-			- maint *
-			- pcmedia *
-			- ps3media *
-			- pspmedia *
-			- redirect **
-			- uk *
-			- widgets *
-			- www *
-			- xbox360media *
-
-		- assets[12].ignimgs.com
+	Invalid certificate:
 		- fonts.ignimgs.com
-		- media.ignimgs.com *
-		- oystatic.ignimgs.com *
-
-	* Akamai, works
-	* Self-signed
-
-
-	Fully covered domains:
-
-		- ign.com subdomains:
 
-			- ads *
-			- assets *
-			- dsmedia *
-			- pcmedia *
-			- ps3media *
-			- pspmedia *
-			- wirelessmedia *
-			- xbox360media *
-
-		- ignimgs.com subdomains:
-
-			- assets[12] *
-			- fonts *
-			- media *
-			- oyster *
-
-	* → akamai
+	Server error:
+		- docs.widgets.ign.com
 
+	Timed out:
+		- ign.com, equivalent to www.ign.com
+		- ds.ign.com, equivalent to www.ign.com/ds if no path, else www.ign.com
 -->
-<ruleset name="IGN (partial)" default_off='failed ruleset test'>
 
+<ruleset name="IGN (partial)">
+	<!-- ign.com -->
+	<target host="ign.com" />
+	<target host="www.ign.com" />
 	<target host="ads.ign.com" />
-	<target host="mail.ign.com" />
+	<target host="ap.ign.com" />
+	<target host="au.ign.com" />
+	<target host="assets.ign.com" />
+	<target host="ca.ign.com" />
+	<target host="corp.ign.com" />
+	<target host="de.ign.com" />
+	<target host="ds.ign.com" />
+		<test url="http://ds.ign.com/a" />
+	<target host="dsmedia.ign.com" />
+	<target host="ie.ign.com" />
 	<target host="media.ign.com" />
+	<target host="nwvault.ign.com" />
 	<target host="pcmedia.ign.com" />
 	<target host="ps3media.ign.com" />
 	<target host="pspmedia.ign.com" />
+	<target host="redirect.ign.com" />
 	<target host="s.ign.com" />
+	<target host="sea.ign.com" />
+	<target host="uk.ign.com" />
+	<target host="widgets.ign.com" />
 	<target host="wirelessmedia.ign.com" />
-	<target host="*.ignimgs.com" />
-		<!--
-			Points some resource links to akamai.net/$
-									-->
-		<exclusion pattern="^http://oystatic\.ignimgs\.com/cache/css/(?!35/70/3570337b77bc103506ad234873b09d3f\.css)" />
+	<target host="xbox360media.ign.com" />
+
+	<!-- ignimgs.com -->
+	<target host="assets1.ignimgs.com" />
+	<target host="assets2.ignimgs.com" />
+	<target host="kraken.ignimgs.com" />
+	<target host="media.ignimgs.com" />
+	<target host="oystatic.ignimgs.com" />
+	<target host="oyster.ignimgs.com" />
+
+
+	<securecookie host="^.+\.ign\.com$" name=".+" />
 
 
-	<securecookie host="^s\.ign\.com$" name=".+" />
+	<rule from="^http://ign\.com/"
+		to="https://www.ign.com/" />
 
+	<rule from="^http://ds\.ign\.com/$"
+		to="https://www.ign.com/ds" />
 
-	<rule from="^http://(mail|s)\.ign\.com/"
-		to="https://$1.ign.com/" />
+	<rule from="^http://ds\.ign\.com/"
+		to="https://www.ign.com/ds/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IGaming-mismatches.xml b/src/chrome/content/rules/IGaming-mismatches.xml
index 391482d1ca12..8819d0d05492 100644
--- a/src/chrome/content/rules/IGaming-mismatches.xml
+++ b/src/chrome/content/rules/IGaming-mismatches.xml
@@ -15,7 +15,7 @@
 	<target host="soccerpunt.com"/>
 	<target host="www.soccerpunt.com"/>
 	<target host="tipseri.net"/>
-	<target host="*.tipseri.net"/>
+	<target host="www.tipseri.net" />
 
 	<securecookie host="^(?:best-pariuri-online|betclair|soccerpunt)\.com$" name=".+" />
 	<securecookie host="^igaming\.biz$" name=".+" />
diff --git a/src/chrome/content/rules/IGaming.xml b/src/chrome/content/rules/IGaming.xml
index f04a5d263805..d404408ba8dd 100644
--- a/src/chrome/content/rules/IGaming.xml
+++ b/src/chrome/content/rules/IGaming.xml
@@ -1,21 +1,20 @@
 <ruleset name="iGaming (partial)" platform="mixedcontent">
 
 	<target host="bwin.com"/>
-	<target host="*.bwin.com"/>
+	<target host="www.bwin.com" />
+	<target host="casino.bwin.com" />
 	<target host="gambling-affiliation.com"/>
 	<!--	for cross-domain cookie	-->
-	<target host="*.gambling-affiliation.com"/>
-	<target host="*.itsfogo.com"/>
+	<target host="www.gambling-affiliation.com" />
+	<target host="adserver.itsfogo.com" />
+	<target host="mcf.itsfogo.com" />
 
-	<securecookie host="^(?:.*\.)?(?:bwin|gambling-affiliation|itsfogo)\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(?:www\.)?(bwin|gambling-affiliation)\.com/"
 		to="https://www.$1.com/"/>
 
-	<rule from="^http://casino\.bwin\.com/"
-		to="https://casino.bwin.com/"/>
 
-	<rule from="^http://(adserver|mcf)\.itsfogo\.com/"
-		to="https://$1.itsfogo.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IGoDigital.com.xml b/src/chrome/content/rules/IGoDigital.com.xml
deleted file mode 100644
index d47b25b1fcf3..000000000000
--- a/src/chrome/content/rules/IGoDigital.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other ExactTarget coverage, see ExactTarget.xml.
-
-
-	(www.): dropped
-
--->
-<ruleset name="iGoDigital.com">
-
-	<target host="igodigital.com" />
-	<target host="*.igodigital.com" />
-
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://(?:www\.)?igodigital\.com/.*"
-		to="https://www.exacttarget.com/products/predictive-intelligence/" />
-
-	<rule from="^http://(\w+)\.collect\.igodigital\.com/"
-		to="https://$1.collect.igodigital.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IGrasp.xml b/src/chrome/content/rules/IGrasp.xml
index 255bfbd0b01a..31e04ccfe453 100644
--- a/src/chrome/content/rules/IGrasp.xml
+++ b/src/chrome/content/rules/IGrasp.xml
@@ -3,10 +3,10 @@
 	<target host="*.i-grasp.com" />
 
 
-	<securecookie host="^.+\.i-grasp\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.i-grasp\.com/"
 		to="https://$1.i-grasp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IHG_Merlin.com.xml b/src/chrome/content/rules/IHG_Merlin.com.xml
index 084cb8aaf9ce..957377b3566d 100644
--- a/src/chrome/content/rules/IHG_Merlin.com.xml
+++ b/src/chrome/content/rules/IHG_Merlin.com.xml
@@ -29,7 +29,12 @@ Fetch error: http://ihgmerlin.com/ => https://ihgmerlin.com/: (60, 'SSL certific
 <ruleset name="IHG Merlin.com (partial)">
 
 	<target host="ihgmerlin.com" />
-	<target host="*.ihgmerlin.com" />
+	<target host="images.ihgmerlin.com" />
+	<target host="imagesqa.ihgmerlin.com" />
+	<target host="me2.ihgmerlin.com" />
+	<target host="me2qa.ihgmerlin.com" />
+	<target host="qa.ihgmerlin.com" />
+	<target host="www.ihgmerlin.com" />
 
 
 	<!--	Not secured by server:
@@ -41,7 +46,6 @@ Fetch error: http://ihgmerlin.com/ => https://ihgmerlin.com/: (60, 'SSL certific
 	<securecookie host="^(?:qa\.|www\.)?ihgmerlin\.com$" name=".+" />
 
 
-	<rule from="^http://((?:images|imagesqa|me2|me2qa|qa|www)\.)?ihgmerlin\.com/"
-		to="https://$1ihgmerlin.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IHeart.com.xml b/src/chrome/content/rules/IHeart.com.xml
index a13aa8438762..5f92fd0fdeea 100644
--- a/src/chrome/content/rules/IHeart.com.xml
+++ b/src/chrome/content/rules/IHeart.com.xml
@@ -49,7 +49,11 @@
 <ruleset name="iHeart.com (partial)">
 
 	<target host="iheart.com" />
-	<target host="*.iheart.com" />
+	<target host="iscale.iheart.com" />
+	<target host="pylon.iheart.com" />
+	<target host="www.iheart.com" />
+	<target host="static.iheart.com" />
+	<target host="securestatic.iheart.com" />
 
 
 	<!--	Not secured by server:
@@ -59,8 +63,6 @@
 	<securecookie host="^\.iheart\.com$" name=".+" />
 
 
-	<rule from="^http://((?:iscale|pylon|www)\.)?iheart\.com/"
-		to="https://$1iheart.com/" />
 
 	<!--rule from="^http://help\.iheart\.com/"
 		to="https://iheartradio.desk.com/" /-->
@@ -68,4 +70,5 @@
 	<rule from="^http://(?:secure)?static\.iheart\.com/"
 		to="https://securestatic.iheart.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IIPVV.nl.xml b/src/chrome/content/rules/IIPVV.nl.xml
index 9c98d2b9ab89..88b203e0eb40 100644
--- a/src/chrome/content/rules/IIPVV.nl.xml
+++ b/src/chrome/content/rules/IIPVV.nl.xml
@@ -5,7 +5,7 @@ Fetch error: http://iipvv.nl/ => https://iipvv.nl/: (51, "SSL: no alternative ce
 Fetch error: http://www.iipvv.nl/ => https://www.iipvv.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.iipvv.nl'")
 
 -->
-<ruleset name="IIPVV.nl" default_off='failed ruleset test'>
+<ruleset name="IIPVV.nl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/IIS.net.xml b/src/chrome/content/rules/IIS.net.xml
deleted file mode 100644
index fcc102e379e1..000000000000
--- a/src/chrome/content/rules/IIS.net.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://i1.iis.net/ => https://i1.iis.net/: (51, "SSL: no alternative certificate subject name matches target host name 'i1.iis.net'")
-Fetch error: http://i2.iis.net/ => https://i2.iis.net/: (51, "SSL: no alternative certificate subject name matches target host name 'i2.iis.net'")
-Fetch error: http://i3.iis.net/ => https://i3.iis.net/: (51, "SSL: no alternative certificate subject name matches target host name 'i3.iis.net'")
-
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- login.iis.net
-		- .login.iis.net
-
-
-	Mixed content:
-
-		- Bug on www from msstonojstemp.112.2o7.net *
-		
-	NET::ERR_CERT_COMMON_NAME_INVALID
-	
-		- learn.iis.net
-		- php.iis.net
-
-	* Secured by us
-
--->
-<ruleset name="IIS.net" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="iis.net" />
-	<target host="i1.iis.net" />
-	<target host="i2.iis.net" />
-	<target host="i3.iis.net" />
-	<target host="forums.iis.net" />
-	<target host="blogs.iis.net" />
-	<target host="login.iis.net" />
-	<target host="www.iis.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^login\.iis\.net$" name="^ASP\.NET_SessionId$" /-->
-	<!--securecookie host="^\.login\.iis\.net$" name="^forums\.ReturnUrl$" /-->
-
-	<securecookie host="^\.?login\.iis\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/IISP.org.xml b/src/chrome/content/rules/IISP.org.xml
index b51bb7583150..b7bcf6666baa 100644
--- a/src/chrome/content/rules/IISP.org.xml
+++ b/src/chrome/content/rules/IISP.org.xml
@@ -11,13 +11,13 @@
 <ruleset name="IISP.org">
 
 	<target host="iisp.org" />
-	<target host="*.iisp.org" />
+	<target host="www.iisp.org" />
+	<target host="apply.iisp.org" />
 
 
 	<rule from="^http://(?:www\.)?iisp\.org/"
 		to="https://www.iisp.org/" />
 
-	<rule from="^http://apply\.iisp\.org/"
-		to="https://apply.iisp.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IITBooks.co.in.xml b/src/chrome/content/rules/IITBooks.co.in.xml
new file mode 100644
index 000000000000..e197d058d18c
--- /dev/null
+++ b/src/chrome/content/rules/IITBooks.co.in.xml
@@ -0,0 +1,6 @@
+<ruleset name="IITBooks.co.in">
+	<target host="iitbooks.co.in" />
+	<target host="www.iitbooks.co.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IJM_Freedom_Maker.xml b/src/chrome/content/rules/IJM_Freedom_Maker.xml
deleted file mode 100644
index 770c68cd4dbd..000000000000
--- a/src/chrome/content/rules/IJM_Freedom_Maker.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
--->
-<ruleset name="IJM Freedom Maker (partial)">
-
-	<target host="ijmfreedommaker.org" />
-	<target host="www.ijmfreedommaker.org" />
-
-
-	<rule from="^http://(www\.)?ijmfreedommaker\.org/(apps|boost)/"
-		to="https://$1ijmfreedommaker.org/$2/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IJReview.com-falsemixed.xml b/src/chrome/content/rules/IJReview.com-falsemixed.xml
deleted file mode 100644
index ec7be8d701a4..000000000000
--- a/src/chrome/content/rules/IJReview.com-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see IJReview.com.xml.
-
--->
-<ruleset name="IJReview.com (false MCB)" platform="mixedcontent">
-
-	<target host="*.ijreview.com" />
-
-
-	<securecookie host="^\.ijreview\.com$" name=".+" />
-
-
-	<rule from="^http://www\.ijreview\.com/"
-		to="https://www.ijreview.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IKSR.org.xml b/src/chrome/content/rules/IKSR.org.xml
new file mode 100644
index 000000000000..8a8075221f5d
--- /dev/null
+++ b/src/chrome/content/rules/IKSR.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Timeout:
+		- workplace.iksr.org
+-->
+<ruleset name="IKSR.org">
+
+	<target host="iksr.org" />
+	<target host="www.iksr.org" />
+	<target host="kids.iksr.org" />
+	<target host="piwik.iksr.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IKeepinCloud.com.xml b/src/chrome/content/rules/IKeepinCloud.com.xml
deleted file mode 100644
index c337b0d00992..000000000000
--- a/src/chrome/content/rules/IKeepinCloud.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Ikoula coverage, see Ikoula.com.xml.
-
--->
-<ruleset name="iKeepinCloud.com">
-
-	<target host="ikeepincloud.com" />
-	<target host="blog.ikeepincloud.com" />
-	<target host="www.ikeepincloud.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IKoruna.xml b/src/chrome/content/rules/IKoruna.xml
index 0e317b2de167..c4acffdd4f8b 100644
--- a/src/chrome/content/rules/IKoruna.xml
+++ b/src/chrome/content/rules/IKoruna.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://i-koruna.com/ => https://i-koruna.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 Fetch error: http://www.i-koruna.com/ => https://www.i-koruna.com/: (6, 'Could not resolve host: www.i-koruna.com')
 -->
-<ruleset name="iKoruna" default_off='failed ruleset test'>
+<ruleset name="iKoruna" default_off="failed ruleset test">
 
 	<target host="i-koruna.com" />
 	<target host="www.i-koruna.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.i-koruna.com/ => https://www.i-koruna.com/: (6, 'Could n
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ILO.org.xml b/src/chrome/content/rules/ILO.org.xml
index 7d06a135c626..c058b669fb30 100644
--- a/src/chrome/content/rules/ILO.org.xml
+++ b/src/chrome/content/rules/ILO.org.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.ilo.org/ => https://www.ilo.org/: Cycle detected - URL already encountered: https://www.ilo.org/global/lang- -en/index.htm
 Fetch error: http://ilo.org/ => https://www.ilo.org/: Cycle detected - URL already encountered: https://www.ilo.org/global/lang- -en/index.htm
 -->
-<ruleset name="ILO.org" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="ILO.org" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.ilo.org" />
 	<target host="ilo.org" />
 	<rule from="^http://ilo\.org/" to="https://www.ilo.org/"/>
diff --git a/src/chrome/content/rules/ILikeBigBits.com.xml b/src/chrome/content/rules/ILikeBigBits.com.xml
new file mode 100644
index 000000000000..9f3f7d71feaa
--- /dev/null
+++ b/src/chrome/content/rules/ILikeBigBits.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- ilikebigbits.com
+-->
+<ruleset name="ILikeBigBits.com">
+	<target host="ilikebigbits.com" />
+	<target host="www.ilikebigbits.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ilikebigbits\.com/" to="https://www.ilikebigbits.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ILogo.xml b/src/chrome/content/rules/ILogo.xml
index 55799d860690..85e356aabbf6 100644
--- a/src/chrome/content/rules/ILogo.xml
+++ b/src/chrome/content/rules/ILogo.xml
@@ -4,9 +4,9 @@
 	<target host="www.ilogo.in" />
 
 
-	<securecookie host="^(?:.*\.)?ilogo\.in$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IMDB.xml b/src/chrome/content/rules/IMDB.xml
index 5b6ce5e9af14..4678becbba54 100644
--- a/src/chrome/content/rules/IMDB.xml
+++ b/src/chrome/content/rules/IMDB.xml
@@ -24,20 +24,6 @@
 
 -->
 <ruleset name="IMDb">
-
-	<target host="imdb.com" />
-	<target host="www.imdb.com" />
-	<target host="app.imdb.com" />
-		<test url="http://app.imdb.com/title/maindetails?tconst=tt4630562" />
-	<target host="contribute.imdb.com" />
-	<target host="help.imdb.com" />
-	<target host="m.imdb.com" />
-	<target host="pro.imdb.com" />
-	<target host="pro-labs.imdb.com" />
-		<test url="http://pro-labs.imdb.com/subagreement" />
-	<target host="secure.imdb.com" />
-		<test url="http://secure.imdb.com/contact" />
-
 	<target host="ia.media-imdb.com" />
 		<test url="http://ia.media-imdb.com/images/G/01/imdb/images/navbar/imdbpro_logo_nb-3000473826._CB530713470_.png" />
 	<target host="i.media-imdb.com" />
diff --git a/src/chrome/content/rules/IMGrind.com.xml b/src/chrome/content/rules/IMGrind.com.xml
index 3ab9db852333..823f2e7fbd8c 100644
--- a/src/chrome/content/rules/IMGrind.com.xml
+++ b/src/chrome/content/rules/IMGrind.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.imgrind.com/ => https://www.imgrind.com/: (28, 'Connecti
 	* Secured by us
 
 -->
-<ruleset name="IMGrind.com" default_off='failed ruleset test'>
+<ruleset name="IMGrind.com" default_off="failed ruleset test">
 
 	<target host="imgrind.com" />
 	<target host="www.imgrind.com" />
diff --git a/src/chrome/content/rules/IMSLP.xml b/src/chrome/content/rules/IMSLP.xml
new file mode 100644
index 000000000000..79826f74d7ff
--- /dev/null
+++ b/src/chrome/content/rules/IMSLP.xml
@@ -0,0 +1,35 @@
+<!--
+	Chain issue, missing intermediate:
+		- cn.imslp.org
+
+	Connection refused:
+		- s6.imslp.org
+
+	Invalid certificate:
+		- cnks.imslp.org
+		- ftp.imslp.org, equivalent to imslp.org
+		- mail.imslp.org, equivalent to imslp.org
+		- s3.imslp.org, equivalent to imslp.org
+		- s5.imslp.org, equivalent to cdn.imslp.org
+-->
+
+<ruleset name="IMSLP">
+	<target host="imslp.org" />
+	<target host="www.imslp.org" />
+	<target host="app-sandbox.imslp.org" />
+	<target host="cdn.imslp.org" />
+	<target host="ftp.imslp.org" />
+	<target host="ks2.imslp.org" />
+	<target host="mail.imslp.org" />
+	<target host="s3.imslp.org" />
+	<target host="s5.imslp.org" />
+
+	<rule from="^http://(ftp|mail|s3)\.imslp\.org/"
+		to="https://imslp.org/" />
+
+	<rule from="^http://s5\.imslp\.org/"
+		to="https://cdn.imslp.org/" />
+		<test url="http://s5.imslp.org/images/thumb/pdfs/2a/b6f395c4a4090b106c63bab5dd42a55dbe59e1b2.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IMshopping.com.xml b/src/chrome/content/rules/IMshopping.com.xml
index ca02fd696a98..2c972b297cc9 100644
--- a/src/chrome/content/rules/IMshopping.com.xml
+++ b/src/chrome/content/rules/IMshopping.com.xml
@@ -1,28 +1,10 @@
 <!--
-	CDN buckets:
-
-		- product-images.imshopping.com.s3.amazonaws.com
-
-
-	^imshopping.com: Dropped
-	www.imshopping.com: 400
-
-
-	Problematic hosts in *imshopping.com:
-
-		- product-images *
-
-	* AmazonAWS/mismatched
-
+	Timeout:
+		- imshopping.com
+		- www.imshopping.com
 -->
 <ruleset name="IMshopping.com (partial)">
+	<target host="euwidget.imshopping.com" />
 
-	<!--	Complications:
-				-->
-	<target host="product-images.imshopping.com" />
-
-
-	<rule from="^http://product-images\.imshopping\.com/"
-		to="https://s3.amazonaws.com/product-images.imshopping.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/INDURE.xml b/src/chrome/content/rules/INDURE.xml
index e137496d5077..2ff45a4439ab 100644
--- a/src/chrome/content/rules/INDURE.xml
+++ b/src/chrome/content/rules/INDURE.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.indure.org/ => https://www.indure.org/: (51, "SSL: no al
 	!www doesn't exist.
 
 -->
-<ruleset name="INDURE" default_off='failed ruleset test'>
+<ruleset name="INDURE" default_off="failed ruleset test">
 
 	<target host="www.indure.org" />
 
@@ -19,4 +19,4 @@ Fetch error: http://www.indure.org/ => https://www.indure.org/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/INFN.it.xml b/src/chrome/content/rules/INFN.it.xml
index 4878c9be09eb..289ce7c3d930 100644
--- a/src/chrome/content/rules/INFN.it.xml
+++ b/src/chrome/content/rules/INFN.it.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.lnf.infn.it/ => https://www.lnf.infn.it/: Too many redir
 
 		- edu.lnf ¹
 		- scienzapertutti.lnf ¹
-		- w3.lnf ¹ 
+		- w3.lnf ¹
 
 		- sperimentando.lnl ³
 		- trasparenza ⁴
@@ -91,7 +91,7 @@ Fetch error: http://www.lnf.infn.it/ => https://www.lnf.infn.it/: Too many redir
 	* Secured by us
 
 -->
-<ruleset name="INFN.it (partial)" default_off='failed ruleset test'>
+<ruleset name="INFN.it (partial)" default_off="failed ruleset test">
 
 	<target host="www.ac.infn.it" />
 	<target host="agenda.infn.it" />
@@ -118,8 +118,8 @@ Fetch error: http://www.lnf.infn.it/ => https://www.lnf.infn.it/: Too many redir
 	<target host="portale-utente.infn.it" />
 	<target host="www.presid.infn.it" />
 	<target host="www.tifpa.infn.it" />
-	
-	
+
+
 	<!-- 404 on https -->
 	<exclusion pattern="^http://www\.lnf\.infn\.it/~\w+" />
 	<test url="http://www.lnf.infn.it/~angius/" />
diff --git a/src/chrome/content/rules/ING-Direct.xml b/src/chrome/content/rules/ING-Direct.xml
index fe7b243bbd56..7e1f0faf0156 100644
--- a/src/chrome/content/rules/ING-Direct.xml
+++ b/src/chrome/content/rules/ING-Direct.xml
@@ -10,10 +10,14 @@ Fetch error: http://ingdirect.com/ => https://www.ingdirect.com/: (60, 'SSL cert
 		- cafes.ingdirect.com	(cert: 217569-2.217569-2.com, self-signed; shows RHEL Apache test page)
 
 -->
-<ruleset name="ING Direct" default_off='failed ruleset test'>
+<ruleset name="ING Direct" default_off="failed ruleset test">
 
 	<target host="ingdirect.com" />
-	<target host="*.ingdirect.com" />
+	<target host="www.ingdirect.com" />
+	<target host="helpcenter.ingdirect.com" />
+	<target host="home.ingdirect.com" />
+	<target host="secure.ingdirect.com" />
+	<target host="shop.ingdirect.com" />
 	<target host="ingdirect.com.au" />
 	<target host="www.ingdirect.com.au" />
 
@@ -27,11 +31,10 @@ Fetch error: http://ingdirect.com/ => https://www.ingdirect.com/: (60, 'SSL cert
 	<rule from="^http://(?:www\.)?ingdirect\.com/"
 		to="https://www.ingdirect.com/" />
 
-	<rule from="^http://(helpcenter|home|secure|shop)\.ingdirect\.com/"
-		to="https://$1.ingdirect.com/" />
 
 	<!--	Cert only matches www.	-->
 	<rule from="^http://(?:www\.)?ingdirect\.com\.au/"
 		to="https://www.ingdirect.com.au/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/INYT.com.xml b/src/chrome/content/rules/INYT.com.xml
deleted file mode 100644
index db9046ece1b2..000000000000
--- a/src/chrome/content/rules/INYT.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other New York Times coverage, see NYTimes.xml.
-
-	Incomplete cert chain:
-		customercare.inyt.com	http://customercare.inyt.com/ManageMyAccount/Login.html
-		partner.inyt.com	http://partner.inyt.com/ExtranetPnD/login
-		subscribe.inyt.com	http://subscribe.inyt.com/student
-
-	Mismatched:
-		eedition.inyt.com
-		(www.)?inyt.com	*
-	* : Some redirect to www.nytimes.com, some redirect to global.nytimes.com, some no redirect.
-	Tests:
-	http://www.inyt.com/digileftnav
-	http://www.inyt.com/edu-leftnav
-	http://www.inyt.com/share/
-	http://www.inyt.com/subscriptions/inyt/lp3KXL9.html
-	http://www.inyt.com/subscriptions/inyt/lp3KYXX.html/
-	http://www.inyt.com/subscriptions/inyt/lp3L3W7.html
--->
-<ruleset name="INYT.com (partial)">
-	<target host="goldengate.inyt.com" />
-		<test url="http://goldengate.inyt.com/dana-na/auth/remediate.cgi" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/INaturalist.org.xml b/src/chrome/content/rules/INaturalist.org.xml
index 71fb027e5158..76792e1c0b07 100644
--- a/src/chrome/content/rules/INaturalist.org.xml
+++ b/src/chrome/content/rules/INaturalist.org.xml
@@ -1,35 +1,29 @@
 <!--
-	CDN buckets:
+	Invalid certificate:
+		inaturalist.org
+		sticta.inaturalist.org
 
-		- s3.amazonaws.com/static.inaturalist.org/
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- static *
-			- www *
-
-	* Secured by us, doesn't trip MCB
+	Refused:
+		colombia.inaturalist.org
+		canada.inaturalist.org
+		conabio.inaturalist.org
+		naturewatch.inaturalist.org
 
 -->
 <ruleset name="iNaturalist.org">
 
 	<target host="inaturalist.org" />
-	<target host="static.inaturalist.org" />
 	<target host="www.inaturalist.org" />
-
+	<target host="api.inaturalist.org" />
+	<target host="static.inaturalist.org" />
+		<test url="http://static.inaturalist.org/wiki_page_attachments/364-original.pdf" />
+	<target host="tiles.inaturalist.org" />
 
 	<securecookie host="^www\.inaturalist\.org$" name=".+" />
 
-
 	<rule from="^http://inaturalist\.org/"
 		to="https://www.inaturalist.org/" />
 
-	<rule from="^http://static\.inaturalist\.org/"
-		to="https://s3.amazonaws.com/static.inaturalist.org/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/INet-Interactive.xml b/src/chrome/content/rules/INet-Interactive.xml
index b2312e93da21..a4a7b4d2fc0b 100644
--- a/src/chrome/content/rules/INet-Interactive.xml
+++ b/src/chrome/content/rules/INet-Interactive.xml
@@ -5,12 +5,10 @@ Fetch error: http://inetinteractive.com/ => https://inetinteractive.com/: (51, "
 
 	Other iNet Interactive rulesets:
 
-		- ABestWeb.com.xml
 		- AFCOM.com.xml
 		- DataCenterKnowledge.com.xml
 		- Data_Center_World.com.xml
 		- DBforums.xml
-		- Hosting_Catalog.com.xml
 		- HostingCon.xml
 		- Host_Voice.com.xml
 		- Hot_Scripts.com.xml
@@ -32,7 +30,7 @@ Fetch error: http://inetinteractive.com/ => https://inetinteractive.com/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="iNet Interactive (partial)" default_off='failed ruleset test'>
+<ruleset name="iNet Interactive (partial)" default_off="failed ruleset test">
 
 	<target host="inetinteractive.com"/>
 	<target host="www.inetinteractive.com"/>
diff --git a/src/chrome/content/rules/IOCCC.org.xml b/src/chrome/content/rules/IOCCC.org.xml
index c64d1b2ffd69..c5236f061fd3 100644
--- a/src/chrome/content/rules/IOCCC.org.xml
+++ b/src/chrome/content/rules/IOCCC.org.xml
@@ -1,17 +1,9 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows submit)
-
-
-	Expired 2012-11-30
-
--->
-<ruleset name="IOCCC.org (partial)" default_off="expired">
+<ruleset name="IOCCC.org (partial)">
 
+	<target host="ioccc.org" />
+	<target host="www.ioccc.org" />
 	<target host="submit.ioccc.org" />
 
-
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IOLProperty.co.za.xml b/src/chrome/content/rules/IOLProperty.co.za.xml
index 5734530bfaaf..f61222248f6d 100644
--- a/src/chrome/content/rules/IOLProperty.co.za.xml
+++ b/src/chrome/content/rules/IOLProperty.co.za.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ION-Audio.xml b/src/chrome/content/rules/ION-Audio.xml
deleted file mode 100644
index 65344619c750..000000000000
--- a/src/chrome/content/rules/ION-Audio.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="ION Audio">
-
-	<target host="ionaudio.com" />
-	<target host="www.ionaudio.com" />
-	<target host="*.www.ionaudio.com" />
-
-
-	<securecookie host="^\.?www\.ionaudio\.com$" name=".+" />
-
-
-	<!--	Cert only matches www.
-					-->
-	<rule from="^http://(?:www\.)?ionaudio\.com/"
-		to="https://www.ionaudio.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IONAudio.com.xml b/src/chrome/content/rules/IONAudio.com.xml
new file mode 100644
index 000000000000..a439e9d65052
--- /dev/null
+++ b/src/chrome/content/rules/IONAudio.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="IONAudio.com">
+
+	<target host="ionaudio.com" />
+	<target host="www.ionaudio.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IOPLEX_Software.xml b/src/chrome/content/rules/IOPLEX_Software.xml
index 9fc2268008f6..322860064544 100644
--- a/src/chrome/content/rules/IOPLEX_Software.xml
+++ b/src/chrome/content/rules/IOPLEX_Software.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IOpus.com.xml b/src/chrome/content/rules/IOpus.com.xml
deleted file mode 100644
index 1f700e72fe41..000000000000
--- a/src/chrome/content/rules/IOpus.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="iOpus.com (partial)">
-
-	<target host="support.iopus.com" />
-
-
-	<securecookie host="^support\.iopus\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IPAC.global.xml b/src/chrome/content/rules/IPAC.global.xml
new file mode 100644
index 000000000000..9a9ea03ba9fa
--- /dev/null
+++ b/src/chrome/content/rules/IPAC.global.xml
@@ -0,0 +1,15 @@
+<!--
+	Inter-Parliamentary Alliance on China
+
+	Mismatched:
+		- link.ipac.global
+-->
+<ruleset name="IPAC.global">
+	<target host="ipac.global" />
+	<target host="www.ipac.global" />
+	<target host="stg.ipac.global" />
+  
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IPAddressLabs.com.xml b/src/chrome/content/rules/IPAddressLabs.com.xml
index e8a876f3355e..1cc11854a21e 100644
--- a/src/chrome/content/rules/IPAddressLabs.com.xml
+++ b/src/chrome/content/rules/IPAddressLabs.com.xml
@@ -11,10 +11,12 @@ Fetch error: http://ipaddresslabs.com/ => http://ipaddresslabs.com/: (6, 'Could
 	Some pages redirect to http.
 
 -->
-<ruleset name="IPAddressLabs.com (partial)" default_off='failed ruleset test'>
+<ruleset name="IPAddressLabs.com (partial)" default_off="failed ruleset test">
 
 	<target host="ipaddresslabs.com" />
-	<target host="*.ipaddresslabs.com" />
+	<target host="www.ipaddresslabs.com" />
+	<target host="services.ipaddresslabs.com" />
+	<target host="https-services.ipaddresslabs.com" />
 
 
 	<rule from="^http://(www\.)?ipaddresslabs\.com/(cs|image)s/"
diff --git a/src/chrome/content/rules/IPCdigital.co.uk.xml b/src/chrome/content/rules/IPCdigital.co.uk.xml
index 790d69f40124..72d070849710 100644
--- a/src/chrome/content/rules/IPCdigital.co.uk.xml
+++ b/src/chrome/content/rules/IPCdigital.co.uk.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://([\w-]+)(?:\.secure)?\.media\.ipcdigital\.co\.uk/"
 		to="https://$1.secure.media.ipcdigital.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPQualityScore.com.xml b/src/chrome/content/rules/IPQualityScore.com.xml
index 88eb2723baf8..636ebf60594d 100644
--- a/src/chrome/content/rules/IPQualityScore.com.xml
+++ b/src/chrome/content/rules/IPQualityScore.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPR_Software.com.xml b/src/chrome/content/rules/IPR_Software.com.xml
index 07900d79bf77..03d3c822f38d 100644
--- a/src/chrome/content/rules/IPR_Software.com.xml
+++ b/src/chrome/content/rules/IPR_Software.com.xml
@@ -1,36 +1,16 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.cms.iprsoftware.com/ => https://www.cms.iprsoftware.com/: (35, 'Unknown SSL protocol error in connection to www.cms.iprsoftware.com:443 ')
-
-	(www.): works; mismatched, CN: cms.iprsoftware.com
+	Non-functional hosts
+		SSL connect error:
+		- www.cms.iprsoftware.com
 
+		SSL peer certificate was not OK:
+		- iprsoftware.com
 -->
-<ruleset name="iPR Software.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="iPR Software.com (partial)">
 	<target host="cms.iprsoftware.com" />
-	<target host="www.cms.iprsoftware.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cms.ipressroom.com.s3.amazonaws.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?iprsoftware\.com$" name="^ipr_i$" /-->
-	<!--securecookie host="^cms\.iprsoftware\.com$" name="^session$" /-->
-	<!--securecookie host="^(www\.)?cms\.iprsoftware\.com$" name="^(_cmstt|ipr_i)$" /-->
-
-	<securecookie host="^(?:www\.)?cms\.iprsoftware\.com$" name=".+" />
-
-
-	<rule from="^http://cms\.ipressroom\.com\.s3\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/cms.ipressroom.com/" />
+	<target host="www.iprsoftware.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IPVanish.com.xml b/src/chrome/content/rules/IPVanish.com.xml
index cd7aeedc423b..f831a61fd28b 100644
--- a/src/chrome/content/rules/IPVanish.com.xml
+++ b/src/chrome/content/rules/IPVanish.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://forum.ipvanish.com/ => https://forum.ipvanish.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="IPVanish.com" default_off='failed ruleset test'>
+<ruleset name="IPVanish.com" default_off="failed ruleset test">
 	<target host=        "ipvanish.com" />
 	<target host=    "www.ipvanish.com" />
 	<target host="account.ipvanish.com" />
diff --git a/src/chrome/content/rules/IPXE.org.xml b/src/chrome/content/rules/IPXE.org.xml
index bb534c9312e0..3df97daaf0d0 100644
--- a/src/chrome/content/rules/IPXE.org.xml
+++ b/src/chrome/content/rules/IPXE.org.xml
@@ -35,4 +35,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IP_check.xml b/src/chrome/content/rules/IP_check.xml
index 4233dbca9558..48328c54bd7b 100644
--- a/src/chrome/content/rules/IP_check.xml
+++ b/src/chrome/content/rules/IP_check.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?ip-check\.info/(all\.css|authAttack\.php|(?:auth|cache)\.css\.php|images/|ip-check\.png)"
 		to="https://ip-check.info/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPredator.xml b/src/chrome/content/rules/IPredator.xml
index 7df9d83fe051..20d6c3371be7 100644
--- a/src/chrome/content/rules/IPredator.xml
+++ b/src/chrome/content/rules/IPredator.xml
@@ -12,7 +12,7 @@ Fetch error: http://beta.ipredator.se/ => https://beta.ipredator.se/: (7, 'Faile
 	³ Untrusted root
 
 -->
-<ruleset name="IPredator.se (partial)" default_off='failed ruleset test'>
+<ruleset name="IPredator.se (partial)" default_off="failed ruleset test">
 
 	<target host="ipredator.se" />
 	<target host="beta.ipredator.se" />
@@ -20,7 +20,7 @@ Fetch error: http://beta.ipredator.se/ => https://beta.ipredator.se/: (7, 'Faile
 	<target host="www.ipredator.se" />
 
 
-	<securecookie host="^(?:.*\.)?ipredator\.se$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/IProduction.xml b/src/chrome/content/rules/IProduction.xml
index 6cd3d82806be..c1ec2644e666 100644
--- a/src/chrome/content/rules/IProduction.xml
+++ b/src/chrome/content/rules/IProduction.xml
@@ -9,10 +9,11 @@ Fetch error: http://iproduction.com/ => https://www.iproduction.com/: (60, 'SSL
 		- cdn	(403; mismatched, CN: *.pantherssl.com)
 
 -->
-<ruleset name="IProduction" default_off='failed ruleset test'>
+<ruleset name="IProduction" default_off="failed ruleset test">
 
 	<target host="iproduction.com" />
-	<target host="*.iproduction.com" />
+	<target host="cdn.iproduction.com" />
+	<target host="www.iproduction.com" />
 
 
 	<securecookie host="^(?:www)?\.iproduction\.com$" name=".+" />
@@ -21,4 +22,4 @@ Fetch error: http://iproduction.com/ => https://www.iproduction.com/: (60, 'SSL
 	<rule from="^http://(?:cdn\.|www\.)?iproduction\.com/"
 		to="https://www.iproduction.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IPv6Forum.com.xml b/src/chrome/content/rules/IPv6Forum.com.xml
new file mode 100644
index 000000000000..535ffd6179e7
--- /dev/null
+++ b/src/chrome/content/rules/IPv6Forum.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Refused:
+		- www.jp
+-->
+<ruleset name="IPv6Forum.com">
+	<target host="ipv6forum.com" />
+	<target host="www.ipv6forum.com" />
+	<target host="education.ipv6forum.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IPython.org.xml b/src/chrome/content/rules/IPython.org.xml
index a3fa213cfcdd..53e9c33ff6a2 100644
--- a/src/chrome/content/rules/IPython.org.xml
+++ b/src/chrome/content/rules/IPython.org.xml
@@ -15,7 +15,7 @@
 
 	<target host="ipython.org" />
 	<target host="www.ipython.org" />
-	
+
 	<target host="nbviewer.ipython.org" />
 
 	<!-- At the time of writing of this ruleset,
diff --git a/src/chrome/content/rules/IQ-Media-Marketing.xml b/src/chrome/content/rules/IQ-Media-Marketing.xml
deleted file mode 100644
index e28c58710a27..000000000000
--- a/src/chrome/content/rules/IQ-Media-Marketing.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="IQ Digital Media Marketing">
-
-	<target host="cdn.iqcontentplatform.de" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IR.net.xml b/src/chrome/content/rules/IR.net.xml
deleted file mode 100644
index af589c38877c..000000000000
--- a/src/chrome/content/rules/IR.net.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="IR.net">
-	<target host="ir.net" />
-	<target host="www.ir.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/IRCreviews.org.xml b/src/chrome/content/rules/IRCreviews.org.xml
deleted file mode 100644
index cbd5b1755f9b..000000000000
--- a/src/chrome/content/rules/IRCreviews.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="IRC Reviews">
-
-	<target host="ircreviews.org" />
-	<target host="www.ircreviews.org" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IRILL.org.xml b/src/chrome/content/rules/IRILL.org.xml
index 55ac29600b70..5a8140449323 100644
--- a/src/chrome/content/rules/IRILL.org.xml
+++ b/src/chrome/content/rules/IRILL.org.xml
@@ -3,7 +3,7 @@
 		coinst.irill.org
 
 -->
-<ruleset name="IRILL.org" default_off="missing certificate chain">
+<ruleset name="IRILL.org" default_off="cert-chain">
 
 	<target host="www.irill.org" />
 
diff --git a/src/chrome/content/rules/IRON_Search.xml b/src/chrome/content/rules/IRON_Search.xml
index 25f4820cc132..716ea4f5b316 100644
--- a/src/chrome/content/rules/IRON_Search.xml
+++ b/src/chrome/content/rules/IRON_Search.xml
@@ -13,16 +13,16 @@ Fetch error: http://ironsearch.com/ => https://www.ironsearch.com/: Cycle detect
 		- ^	(mismatched, CN: secure.ironsearch.com)
 
 -->
-<ruleset name="IRON Search" default_off='failed ruleset test'>
+<ruleset name="IRON Search" default_off="failed ruleset test">
 
 	<target host="ironsearch.com" />
-	<target host="*.ironsearch.com" />
+	<target host="secure.ironsearch.com" />
+	<target host="www.ironsearch.com" />
 
 
 	<rule from="^http://ironsearch\.com/"
 		to="https://www.ironsearch.com/" />
 
-	<rule from="^http://(secure|www)\.ironsearch\.com/"
-		to="https://$1.ironsearch.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IRON_Solutions.xml b/src/chrome/content/rules/IRON_Solutions.xml
index d947eb607d11..3d53bb015a11 100644
--- a/src/chrome/content/rules/IRON_Solutions.xml
+++ b/src/chrome/content/rules/IRON_Solutions.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IRTF.org.xml b/src/chrome/content/rules/IRTF.org.xml
deleted file mode 100644
index 79046903fcef..000000000000
--- a/src/chrome/content/rules/IRTF.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Internet Research Task Force
-
--->
-<ruleset name="IRTF.org">
-
-	<target host="irtf.org" />
-	<target host="www.irtf.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ISC.xml b/src/chrome/content/rules/ISC.xml
index 6e2552d6de55..e1bc1bfd30a9 100644
--- a/src/chrome/content/rules/ISC.xml
+++ b/src/chrome/content/rules/ISC.xml
@@ -18,7 +18,7 @@ Fetch error: http://store.isc.org/ => https://store.isc.org/: (6, 'Could not res
 	* Secured by us
 
 -->
-<ruleset name="ISC.org" default_off='failed ruleset test'>
+<ruleset name="ISC.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ISC2_cares.org.xml b/src/chrome/content/rules/ISC2_cares.org.xml
index 526f9bce30fb..e5ee64f93415 100644
--- a/src/chrome/content/rules/ISC2_cares.org.xml
+++ b/src/chrome/content/rules/ISC2_cares.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.isc2cares.org/ => https://www.isc2cares.org/: (60, 'SSL
 	^: cert only matches www
 
 -->
-<ruleset name="ISC2 Cares.org" default_off='failed ruleset test'>
+<ruleset name="ISC2 Cares.org" default_off="failed ruleset test">
 
 	<target host="isc2cares.org" />
 	<target host="www.isc2cares.org" />
diff --git a/src/chrome/content/rules/ISEC-Partners.xml b/src/chrome/content/rules/ISEC-Partners.xml
index 08efb34c5111..85858bc2070c 100644
--- a/src/chrome/content/rules/ISEC-Partners.xml
+++ b/src/chrome/content/rules/ISEC-Partners.xml
@@ -4,14 +4,14 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://labs.isecpartners.com/ => https://labs.isecpartners.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="iSEC Partners" default_off='failed ruleset test'>
+<ruleset name="iSEC Partners" default_off="failed ruleset test">
 
 	<target host="isecpartners.com" />
 	<target host="labs.isecpartners.com" />
 	<target host="www.isecpartners.com" />
 
 
-	<securecookie host="^(?:.*\.)?isecpartners\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/ISOC.org.xml b/src/chrome/content/rules/ISOC.org.xml
index 53d6ba7ac531..c65625c9e4f1 100644
--- a/src/chrome/content/rules/ISOC.org.xml
+++ b/src/chrome/content/rules/ISOC.org.xml
@@ -19,7 +19,7 @@ Fetch error: http://ws.edu.isoc.org/ => https://ws.edu.isoc.org/: (60, 'SSL cert
 	* Secure by us
 
 -->
-<ruleset name="ISOC.org" default_off='failed ruleset test'>
+<ruleset name="ISOC.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/IT-Agenten.xml b/src/chrome/content/rules/IT-Agenten.xml
index 6881d12abf94..490d28d0abaf 100644
--- a/src/chrome/content/rules/IT-Agenten.xml
+++ b/src/chrome/content/rules/IT-Agenten.xml
@@ -5,7 +5,7 @@ Fetch error: http://crm.it-agenten.com/ => https://crm.it-agenten.com/: (60, 'SS
 Fetch error: http://www.it-agenten.com/ => https://www.it-agenten.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.it-agenten.com'")
 
 -->
-<ruleset name="IT:Agenten" default_off='failed ruleset test'>
+<ruleset name="IT:Agenten" default_off="failed ruleset test">
 
 	<target host="it-agenten.com"/>
 	<target host="crm.it-agenten.com"/>
diff --git a/src/chrome/content/rules/IT-Cube_Systems.xml b/src/chrome/content/rules/IT-Cube_Systems.xml
index 31e252a793de..14450b1a28ef 100644
--- a/src/chrome/content/rules/IT-Cube_Systems.xml
+++ b/src/chrome/content/rules/IT-Cube_Systems.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?it-cube\.net/"
 		to="https://www.it-cube.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IT-University-of-Copenhagen.xml b/src/chrome/content/rules/IT-University-of-Copenhagen.xml
index a3bca2f7b2b0..65dc1881cff1 100644
--- a/src/chrome/content/rules/IT-University-of-Copenhagen.xml
+++ b/src/chrome/content/rules/IT-University-of-Copenhagen.xml
@@ -1,13 +1,10 @@
-<ruleset name="IT University of Copenhagen" platform="mixedcontent">
-
+<ruleset name="IT University of Copenhagen (partial)">
 	<target host="itu.dk" />
-	<target host="*.itu.dk" />
-
-
-	<securecookie host="^.*\.itu\.dk$" name=".+" />
-
-
-	<rule from="^http://((?:intranet|mit|wayf|www1?)\.)?itu\.dk/"
-		to="https://$1itu.dk/" />
+	<target host="www.itu.dk" />
+	<target host="intranet.itu.dk" />
+	<target host="mit.itu.dk" />
+	<target host="wayf.itu.dk" />
+	<target host="www1.itu.dk" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ITPC.xml b/src/chrome/content/rules/ITPC.xml
index 80fc29c6436b..e1aec87dd272 100644
--- a/src/chrome/content/rules/ITPC.xml
+++ b/src/chrome/content/rules/ITPC.xml
@@ -22,7 +22,7 @@
 					-->
 	<!--securecookie host="^www\.iptc\.org$" name="^JSESSIONID$" /-->
 
-	<securecookie host="^(?:.*\.)?iptc\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?iptc\.org/"
 		to="https://www.iptc.org/"/>
diff --git a/src/chrome/content/rules/ITSPA.org.uk.xml b/src/chrome/content/rules/ITSPA.org.uk.xml
index 7bd0dcf3d9a9..5b9861453b4d 100644
--- a/src/chrome/content/rules/ITSPA.org.uk.xml
+++ b/src/chrome/content/rules/ITSPA.org.uk.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.itspa.org.uk/ => https://www.itspa.org.uk/: (60, 'SSL ce
 	* Secured by us
 
 -->
-<ruleset name="ITSPA.org.uk" default_off='failed ruleset test'>
+<ruleset name="ITSPA.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ITU.xml b/src/chrome/content/rules/ITU.xml
index 4c9f1c4692ad..b9088656915a 100644
--- a/src/chrome/content/rules/ITU.xml
+++ b/src/chrome/content/rules/ITU.xml
@@ -13,7 +13,9 @@
 <ruleset name="ITU (partial)">
 
 	<target host="itu.int" />
-	<target host="*.itu.int" />
+	<target host="www.itu.int" />
+	<target host="erecruit.itu.int" />
+	<target host="itunews.itu.int" />
 
 
 	<securecookie host="^(?:erecruit|itunews)\.itu\.int$" name=".+" />
@@ -25,4 +27,4 @@
 	<rule from="^http://(erecruit|itunews)\.itu\.int/"
 		to="https://$1.itu.int/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ITWeb.co.za.xml b/src/chrome/content/rules/ITWeb.co.za.xml
deleted file mode 100644
index f1d95b3180c3..000000000000
--- a/src/chrome/content/rules/ITWeb.co.za.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- ad *
-		- adsrv *
-		- alpha *
-		- banners *
-		- ciozone *
-		- stats		(shows secure; mismatched, CN: secure.itweb.co.za)
-
-	* Dropped
-
--->
-<ruleset name="ITWeb.co.za (partial)">
-
-	<target host="secure.itweb.co.za" />
-
-
-	<securecookie host="^secure\.itweb\.co\.za$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IT_Toolbox.com.xml b/src/chrome/content/rules/IT_Toolbox.com.xml
index 7a1c86c218f6..4ef9f442ccfc 100644
--- a/src/chrome/content/rules/IT_Toolbox.com.xml
+++ b/src/chrome/content/rules/IT_Toolbox.com.xml
@@ -21,7 +21,8 @@
 -->
 <ruleset name="IT Toolbox.com (partial)">
 
-	<target host="*.ittoolbox.com" />
+	<target host="images.ittoolbox.com" />
+	<target host="userimages.ittoolbox.com" />
 
 
 	<!--	Could we secure this safely?
@@ -29,10 +30,6 @@
 	<!--securecookie host="^\.ittoolbox\.com$" name="^iNa$" /-->
 
 
-	<rule from="^http://images\.ittoolbox\.com/"
-		to="https://images.ittoolbox.com/" />
-
-	<rule from="^http://userimages\.ittoolbox\.com/"
-		to="https://deh50at6yod5w.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/IUCNredlist.org.xml b/src/chrome/content/rules/IUCNredlist.org.xml
deleted file mode 100644
index 8074c7d4e8aa..000000000000
--- a/src/chrome/content/rules/IUCNredlist.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	International Union for Conservation of Nature and Natural Resources
-
-
-	CDN buckets:
-
-		- d17e9fs5g1pnhb.cloudfront.net
-
-			- i.iucnredlist.org
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="IUCNredlist.org (partial)">
-
-	<target host="i.iucnredlist.org" />
-
-
-	<rule from="^http://i\.iucnredlist\.org/"
-		to="https://d17e9fs5g1pnhb.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/IVPN.net.xml b/src/chrome/content/rules/IVPN.net.xml
index 2aafe5c1569b..f83e5e356fd9 100644
--- a/src/chrome/content/rules/IVPN.net.xml
+++ b/src/chrome/content/rules/IVPN.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://static.ivpn.net/ => https://static.ivpn.net/: (6, 'Could not resolve host: static.ivpn.net')
 
 -->
-<ruleset name="IVPN.net" default_off='failed ruleset test'>
+<ruleset name="IVPN.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/IVW.xml b/src/chrome/content/rules/IVW.xml
index 78cb36c0fe26..c0959988202e 100644
--- a/src/chrome/content/rules/IVW.xml
+++ b/src/chrome/content/rules/IVW.xml
@@ -6,7 +6,7 @@
 		- www		(shows heft)
 
 	* Mismatched, CN: heft.ivw.eu
-	
+
 
 
 -->
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IWOWCase.xml b/src/chrome/content/rules/IWOWCase.xml
deleted file mode 100644
index 2791776fe87e..000000000000
--- a/src/chrome/content/rules/IWOWCase.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .iwowcase.com
-
-
-	Mixed content:
-
-		- Images on (www.)? from cache.iwowcase.com *
-
-	* Secured by us
-
--->
-<ruleset name="iWOWCase.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="iwowcase.com" />
-	<target host="cache.iwowcase.com" />
-	<target host="www.iwowcase.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.iwowcase\.com$" name="^(?:__cfduid|cf_clearance|cookie_test)$" /-->
-
-	<securecookie host="^\.iwowcase\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IWPR.net.xml b/src/chrome/content/rules/IWPR.net.xml
new file mode 100644
index 000000000000..8907d3e7169a
--- /dev/null
+++ b/src/chrome/content/rules/IWPR.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="IWPR.net">
+	<target host="iwpr.net" />
+	<target host="www.iwpr.net" />
+
+	<rule from="^http://www\.iwpr\.net/" to="https://iwpr.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IWeb.com.xml b/src/chrome/content/rules/IWeb.com.xml
index 3b21a35092d2..5b5b021bbecf 100644
--- a/src/chrome/content/rules/IWeb.com.xml
+++ b/src/chrome/content/rules/IWeb.com.xml
@@ -4,7 +4,7 @@
 
 	Nonfunctional hosts in *iweb.com:
 
-		- blog 
+		- blog
 		- carrieres ²
 
 	¹ Redirects to http
diff --git a/src/chrome/content/rules/IWebReader.xml b/src/chrome/content/rules/IWebReader.xml
index ea9e1b111590..0ababfc262d6 100644
--- a/src/chrome/content/rules/IWebReader.xml
+++ b/src/chrome/content/rules/IWebReader.xml
@@ -13,13 +13,13 @@
 -->
 <ruleset name="iWebReader (partial)">
 
-	<target host="*.iwebreader.com" />
+	<target host="secure.iwebreader.com" />
+	<target host="static.iwebreader.com" />
 
 
-	<rule from="^http://secure\.iwebreader\.com/"
-		to="https://secure.iwebreader.com/" />
 
 	<rule from="^http://static\.iwebreader\.com/"
 		to="https://du4ozcxd5zwr5.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IWouldDo.It.xml b/src/chrome/content/rules/IWouldDo.It.xml
index a8dec928196e..c7cbd3b5e151 100644
--- a/src/chrome/content/rules/IWouldDo.It.xml
+++ b/src/chrome/content/rules/IWouldDo.It.xml
@@ -12,7 +12,7 @@ Fetch error: http://iwoulddo.it/ => https://www.iwoulddo.it/: (60, 'SSL certific
 	* Mismatched
 
 -->
-<ruleset name="IWouldDo.It (partial)" default_off='failed ruleset test'>
+<ruleset name="IWouldDo.It (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/IXI.xml b/src/chrome/content/rules/IXI.xml
index cff4ee45b529..c222abd4e932 100644
--- a/src/chrome/content/rules/IXI.xml
+++ b/src/chrome/content/rules/IXI.xml
@@ -6,7 +6,7 @@ Fetch error: http://s.ixiaa.com/ => https://s.ixiaa.com/: (60, 'SSL certificate
 	For problematic rules, see IXI-mismatches.xml.
 
 -->
-<ruleset name="IXI (partial)" default_off='failed ruleset test'>
+<ruleset name="IXI (partial)" default_off="failed ruleset test">
 
 	<target host="s.ixiaa.com" />
 
diff --git a/src/chrome/content/rules/IXit.cz.xml b/src/chrome/content/rules/IXit.cz.xml
deleted file mode 100644
index 2f563f0f0944..000000000000
--- a/src/chrome/content/rules/IXit.cz.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	www: Mismatched
-
-
-	Fully covered subdomains:
-
-		- (www.)?	(www → ^)
-		- m
-
-
-	Mixed content:
-
-		- Image on ^ from $self *
-
-	* Secured by us
-
--->
-<ruleset name="iXit.cz">
-
-	<target host="ixit.cz" />
-	<target host="m.ixit.cz" />
-	<target host="www.ixit.cz" />
-
-
-	<rule from="^http://(?:www\.)?ixit\.cz/"
-		to="https://ixit.cz/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IYouPort.com.xml b/src/chrome/content/rules/IYouPort.com.xml
index a3e9388282b4..061be9291471 100644
--- a/src/chrome/content/rules/IYouPort.com.xml
+++ b/src/chrome/content/rules/IYouPort.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://iyouport.com/ => https://iyouport.com/: (28, 'Connection tim
 Fetch error: http://www.iyouport.com/ => https://www.iyouport.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="iYouPort.com" default_off='failed ruleset test'>
+<ruleset name="iYouPort.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/I_Make_Things_Work.xml b/src/chrome/content/rules/I_Make_Things_Work.xml
index 3bf026f39e00..b3bfe3a7d594 100644
--- a/src/chrome/content/rules/I_Make_Things_Work.xml
+++ b/src/chrome/content/rules/I_Make_Things_Work.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/I_love_Freegle.org.xml b/src/chrome/content/rules/I_love_Freegle.org.xml
index 01cc701a2f4c..26595543fd66 100644
--- a/src/chrome/content/rules/I_love_Freegle.org.xml
+++ b/src/chrome/content/rules/I_love_Freegle.org.xml
@@ -25,7 +25,7 @@ Fetch error: http://shared.ilovefreegle.org/ => https://shared.ilovefreegle.org/
 			- mm from www.w3.org
 
 -->
-<ruleset name="I love Freegle.org (partial)" default_off='failed ruleset test'>
+<ruleset name="I love Freegle.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/I_love_blue_sea.com.xml b/src/chrome/content/rules/I_love_blue_sea.com.xml
index b7fa125eeaa0..6f74c3b321b0 100644
--- a/src/chrome/content/rules/I_love_blue_sea.com.xml
+++ b/src/chrome/content/rules/I_love_blue_sea.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://ilovebluesea.com/ => https://ilovebluesea.com/: (35, 'Unknow
 	* Secured by us
 
 -->
-<ruleset name="i love blue sea.com" default_off='failed ruleset test'>
+<ruleset name="i love blue sea.com" default_off="failed ruleset test">
 
 	<target host="ilovebluesea.com" />
 	<target host="www.ilovebluesea.com" />
diff --git a/src/chrome/content/rules/Iamnoone-solutions.net.xml b/src/chrome/content/rules/Iamnoone-solutions.net.xml
deleted file mode 100644
index e9b5b14e238e..000000000000
--- a/src/chrome/content/rules/Iamnoone-solutions.net.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-
-		- 3192.iamnoonesolution.netdna-cdn.com
-
-			- -ssl does not exist
-			- cdn.iamnoone-solutions.com
-
-
-		- 4014.iamnoonesolution.netdna-cdn.com
-
-			- -ssl exists
-			- cdn.analytics.iamnoone-solutions.net
-
--->
-<ruleset name="iamnoone-solutions.net (partial)">
-
-	<target host="*.iamnoone-solutions.net" />
-
-
-	<rule from="^http://analytics\.iamnoone-solutions\.net/"
-		to="https://analytics.iamnoone-solutions.net/" />
-
-	<rule from="^http://cdn\.analytics\.iamnoone-solutions\.net/"
-		to="https://4014-iamnoonesolution.netdna-ssl.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Iberdrola.xml b/src/chrome/content/rules/Iberdrola.xml
index 90dbac591f8b..bcb94b97fd6a 100644
--- a/src/chrome/content/rules/Iberdrola.xml
+++ b/src/chrome/content/rules/Iberdrola.xml
@@ -12,7 +12,7 @@
 <ruleset name="Iberdrola (partial)">
 
 	<target host="iberdrola.es" />
-	<target host="*.iberdrola.es" />
+	<target host="www.iberdrola.es" />
 
 
 	<securecookie host="^(?:www)?\.iberdrola\.es$" name=".+" />
diff --git a/src/chrome/content/rules/Iberia.xml b/src/chrome/content/rules/Iberia.xml
index c49fa02d1b2b..2fb302ee83b8 100644
--- a/src/chrome/content/rules/Iberia.xml
+++ b/src/chrome/content/rules/Iberia.xml
@@ -6,10 +6,10 @@ Fetch error: http://iberia.com/ => https://iberia.com/: (60, 'SSL certificate pr
 Disabled by https-everywhere-checker because:
 Fetch error: http://iberia.com/ => https://iberia.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 -->
-<ruleset name="Iberia" default_off='failed ruleset test'>
+<ruleset name="Iberia" default_off="failed ruleset test">
   <target host="iberia.com" />
   <target host="*.iberia.com" />
-  
+
   <rule from="^http://iberia\.com/" to="https://iberia.com/"/>
   <rule from="^http://([^/:@\.]+)\.iberia\.com/" to="https://$1.iberia.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Iberiabank.xml b/src/chrome/content/rules/Iberiabank.xml
index 8600b9fbc680..80f5ff9f42bd 100644
--- a/src/chrome/content/rules/Iberiabank.xml
+++ b/src/chrome/content/rules/Iberiabank.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ibibo.com.xml b/src/chrome/content/rules/Ibibo.com.xml
index aa1e9b5171d2..1ad8813ac98f 100644
--- a/src/chrome/content/rules/Ibibo.com.xml
+++ b/src/chrome/content/rules/Ibibo.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://ads.ibibo.com/ => https://ads.ibibo.com/: (6, 'Could not res
 	* Refused
 
 -->
-<ruleset name="ibibo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ibibo.com (partial)" default_off="failed ruleset test">
 
 	<target host="ads.ibibo.com" />
 
diff --git a/src/chrome/content/rules/Ibiza-Rocks.xml b/src/chrome/content/rules/Ibiza-Rocks.xml
index e42baff1f72b..2a89657faeac 100644
--- a/src/chrome/content/rules/Ibiza-Rocks.xml
+++ b/src/chrome/content/rules/Ibiza-Rocks.xml
@@ -5,13 +5,13 @@ Fetch error: http://bookings.ibizarocks.com/ => https://bookings.ibizarocks.com/
 Fetch error: http://mrh.ibizarocks.com/ => https://mrh.ibizarocks.com/: (6, 'Could not resolve host: mrh.ibizarocks.com')
 
 -->
-<ruleset name="Ibiza Rocks (partial)" default_off='failed ruleset test'>
+<ruleset name="Ibiza Rocks (partial)" default_off="failed ruleset test">
 
 	<target host="bookings.ibizarocks.com" />
 	<target host="mrh.ibizarocks.com" />
 
 
-	<securecookie host="^.*\.ibizarocks\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Ibqonline.com.xml b/src/chrome/content/rules/Ibqonline.com.xml
deleted file mode 100644
index 3803aee65615..000000000000
--- a/src/chrome/content/rules/Ibqonline.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)ibq.com.qa	(503)
-
-
-	Cert only matches www.
-
--->
-<ruleset name="ibqonline.com">
-
-	<target host="ibqonline.com" />
-	<target host="www.ibqonline.com" />
-
-
-	<securecookie host="^www\.ibqonline\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ibqonline\.com/"
-		to="https://www.ibqonline.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ibs.sberbank.sk.xml b/src/chrome/content/rules/Ibs.sberbank.sk.xml
deleted file mode 100644
index fa1df68f72a2..000000000000
--- a/src/chrome/content/rules/Ibs.sberbank.sk.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Ibs.sberbank.sk">
-  <target host="ibs.sberbank.sk" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ic-live.com.xml b/src/chrome/content/rules/Ic-live.com.xml
deleted file mode 100644
index 4ab3343cb2c4..000000000000
--- a/src/chrome/content/rules/Ic-live.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Web bugs.
-
-
-	c\d+ sets icxid wildcard cookie on whichever domain it is loaded from.
-
--->
-<ruleset name="ic-live.com">
-
-	<target host="ic-live.com" />
-	<target host="*.ic-live.com" />
-
-
-	<securecookie host="^\.ic-live\.com$" name=".+" />
-
-
-	<rule from="^http://(c\d+\.|www\.)?ic-live\.com/"
-		to="https://$1ic-live.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ice-WM.org.xml b/src/chrome/content/rules/Ice-WM.org.xml
new file mode 100644
index 000000000000..c13ef2439a9b
--- /dev/null
+++ b/src/chrome/content/rules/Ice-WM.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="Ice-WM.org">
+
+	<target host="ice-wm.org" />
+	<target host="www.ice-wm.org" />
+	<target host="themes.ice-wm.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.ice-wm.org/,
+	http://www.ice-wm.org/ redirects to https://ice-wm.org/.-->
+	<rule from="^http://www\.ice-wm\.org/"
+			to="https://ice-wm.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IceDivX.com.xml b/src/chrome/content/rules/IceDivX.com.xml
deleted file mode 100644
index 36af4287c52a..000000000000
--- a/src/chrome/content/rules/IceDivX.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .icedivx.com
-
--->
-<ruleset name="IceDivX.com">
-
-	<target host="icedivx.com" />
-	<target host="www.icedivx.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.icedivx\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.icedivx\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IceFilms.info.xml b/src/chrome/content/rules/IceFilms.info.xml
deleted file mode 100644
index bbda466de389..000000000000
--- a/src/chrome/content/rules/IceFilms.info.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .icefilms.info
-		- .forum.icefilms.info
-		- www.icefilms.info
-
-
-	Mixed content:
-
-		- Images, on :
-
-			- forum and www from i.imgur.com *
-			- www from imageshack.us *
-			- www from img\d+.imageshack.us *
-
-		- Ads/bugs, on:
-
-			- www from s7.addthis.com *
-			- www from leeplarp.chatango.com *
-
-	* Secured by us
-
--->
-<ruleset name="IceFilms.info">
-
-	<target host="icefilms.info" />
-	<target host="forum.icefilms.info" />
-	<target host="img.icefilms.info" />
-	<target host="www.icefilms.info" />
-
-		<test url="http://www.icefilms.info/membersonly/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.icefilms\.info$" name="^(__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^\.forum\.icefilms\.info$" name="^phpbb3_61hr1_(k|sid|u)$" /-->
-	<!--securecookie host="^www\.icefilms\.info$" name="^[0-9a-f]{32}$" /-->
-
-	<securecookie host="^\.icefilms\.info$" name="(?:__cfduid|__utm\w+|cf_clearance)$" />
-	<securecookie host="^(?:\.forum\.|www\.)?icefilms\.info$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IceWarp.com.xml b/src/chrome/content/rules/IceWarp.com.xml
index 9f3afbcb0663..923a36552644 100644
--- a/src/chrome/content/rules/IceWarp.com.xml
+++ b/src/chrome/content/rules/IceWarp.com.xml
@@ -50,7 +50,7 @@ Fetch error: http://www.icewarp.com/ => https://www.icewarp.com/: (60, 'SSL cert
 	² Unsecurable <= refused
 
 -->
-<ruleset name="IceWarp.com (partial)" default_off='failed ruleset test'>
+<ruleset name="IceWarp.com (partial)" default_off="failed ruleset test">
 
 	<target host="icewarp.com" />
 	<target host="server.icewarp.com" />
diff --git a/src/chrome/content/rules/Icecast.org.xml b/src/chrome/content/rules/Icecast.org.xml
new file mode 100644
index 000000000000..b1337b88b089
--- /dev/null
+++ b/src/chrome/content/rules/Icecast.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		- www.icecast.org, equivalent to icecast.org
+		- au.icecast.org, equivalent to xiph.org
+		- www.au.icecast.org, equivalent to xiph.org
+		- docs.icecast.org
+		- www.eu.icecast.org, equivalent to xiph.org
+		- us.icecast.org, equivalent to icecast.org
+		- www.us.icecast.org, equivalent to icecast.org
+-->
+
+<ruleset name="Icecast.org">
+	<target host="icecast.org" />
+	<target host="www.icecast.org" />
+	<target host="au.icecast.org" />
+	<target host="www.au.icecast.org" />
+	<target host="www.eu.icecast.org" />
+	<target host="us.icecast.org" />
+	<target host="www.us.icecast.org" />
+
+	<rule from="^http://(www|(www\.)?us)\.icecast\.org/"
+		to="https://icecast.org/" />
+
+	<rule from="^http://(au|www\.(au|eu))\.icecast\.org/"
+		to="https://xiph.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Icecat.xml b/src/chrome/content/rules/Icecat.xml
index 92c2dc676d65..30b69a6ae35e 100644
--- a/src/chrome/content/rules/Icecat.xml
+++ b/src/chrome/content/rules/Icecat.xml
@@ -33,7 +33,7 @@
 		- www.icecat.biz
 		- .www.icecat.biz
 
-		Off due to continuous reloading as reported in 
+		Off due to continuous reloading as reported in
 		https://github.com/EFForg/https-everywhere/issues/1711
 -->
 <ruleset name="Icecat.biz (partial)" default_off="broken">
diff --git a/src/chrome/content/rules/Ichijinsha.co.jp.xml b/src/chrome/content/rules/Ichijinsha.co.jp.xml
new file mode 100644
index 000000000000..994da8c61d82
--- /dev/null
+++ b/src/chrome/content/rules/Ichijinsha.co.jp.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- www.shop
+	Authentication required:
+		- next
+-->
+<ruleset name="Ichijinsha">
+	<target host="ichijinsha.co.jp" />
+	<target host="www.ichijinsha.co.jp" />
+	<target host="ad.ichijinsha.co.jp" />
+	<target host="data.ichijinsha.co.jp" />
+	<target host="online.ichijinsha.co.jp" />
+	<target host="shop.ichijinsha.co.jp" />
+	<target host="static.ichijinsha.co.jp" />
+	<target host="www2.ichijinsha.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iciciprulife.com.xml b/src/chrome/content/rules/Iciciprulife.com.xml
index bcdb4a96e5c5..cacbd1a3ee91 100644
--- a/src/chrome/content/rules/Iciciprulife.com.xml
+++ b/src/chrome/content/rules/Iciciprulife.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://documents.iciciprulife.com/ => https://documents.iciciprulif
 		clickpss.iciciprulife.com
 -->
 
-<ruleset name="Iciciprulife.com" default_off='failed ruleset test'>
+<ruleset name="Iciciprulife.com" default_off="failed ruleset test">
 	<target host="www.iciciprulife.com" />
 	<target host="buy.iciciprulife.com" />
 	<target host="campaign.iciciprulife.com" />
diff --git a/src/chrome/content/rules/Icinga.xml b/src/chrome/content/rules/Icinga.xml
index 6fced327a45b..674017e0af23 100644
--- a/src/chrome/content/rules/Icinga.xml
+++ b/src/chrome/content/rules/Icinga.xml
@@ -1,20 +1,41 @@
 <!--
-	Nonfunctional subdomains:
-
-		- classic.demo
-		- web.demo
-
+	Nonfunctional hosts in *.icinga.org:
+		- packages.icinga.org
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Icinga">
 
 	<target host="icinga.org" />
-	<target host="*.icinga.org" />
-
-
-	<securecookie host="^(?:.*\.)?icinga\.org$" name=".+" />
-
-
-	<rule from="^http://((?:dev|translate|wiki|www)\.)?icinga\.org/"
-		to="https://$1icinga.org/" />
+	<target host="www.icinga.org" />
+	<target host="boxes.icinga.org" />
+	<target host="dev.icinga.org" />
+	<target host="docs.icinga.org" />
+	<target host="git.icinga.org" />
+	<target host="lists.icinga.org" />
+	<target host="packages.icinga.org" />
+	<target host="support.icinga.org" />
+	<target host="wiki.icinga.org" />
+
+	<target host="icinga.com" />
+	<target host="www.icinga.com" />
+	<target host="boxes.icinga.com" />
+	<target host="dev.icinga.com" />
+	<target host="docs.icinga.com" />
+	<target host="git.icinga.com" />
+	<target host="packages.icinga.com" />
+	<target host="support.icinga.com" />
+	<target host="wiki.icinga.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://packages\.icinga\.org/" to="https://packages.icinga.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Icio.us.xml b/src/chrome/content/rules/Icio.us.xml
index 31fcceed47ba..964596f40968 100644
--- a/src/chrome/content/rules/Icio.us.xml
+++ b/src/chrome/content/rules/Icio.us.xml
@@ -37,7 +37,7 @@ Fetch error: http://images.del.icio.us/ => https://api.del.icio.us/: (60, 'SSL c
 	* See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="icio.us" default_off='failed ruleset test'>
+<ruleset name="icio.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Icony.xml b/src/chrome/content/rules/Icony.xml
index c3fef162302a..4be72bdf7a2e 100644
--- a/src/chrome/content/rules/Icony.xml
+++ b/src/chrome/content/rules/Icony.xml
@@ -5,7 +5,7 @@ Fetch error: http://flirt.icony.com/ => https://flirt.icony.com/: (6, 'Could not
 Fetch error: http://jira.icony.com/ => https://jira.icony.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="ICONY" default_off='failed ruleset test'>
+<ruleset name="ICONY" default_off="failed ruleset test">
 
 	<target host="icony.com" />	<!-- cert only valid for www -->
 	<target host="flirt.icony.com" />
diff --git a/src/chrome/content/rules/Icsdelivery.com.xml b/src/chrome/content/rules/Icsdelivery.com.xml
index 0b6a139b4282..ab6562f09ecb 100644
--- a/src/chrome/content/rules/Icsdelivery.com.xml
+++ b/src/chrome/content/rules/Icsdelivery.com.xml
@@ -13,7 +13,8 @@
 <ruleset name="icsdelivery.com">
 
 	<target host="icsdelivery.com" />
-	<target host="*.icsdelivery.com" />
+	<target host="www.icsdelivery.com" />
+	<target host="enroll.icsdelivery.com" />
 
 
 	<securecookie host="^(?:enroll|www)\.icsdelivery\.com$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?icsdelivery\.com/"
 		to="https://www.icsdelivery.com/" />
 
-	<rule from="^http://enroll\.icsdelivery\.com/"
-		to="https://enroll.icsdelivery.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ida2at.com.xml b/src/chrome/content/rules/Ida2at.com.xml
new file mode 100644
index 000000000000..bfe9f1e4dd94
--- /dev/null
+++ b/src/chrome/content/rules/Ida2at.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ida2at.com">
+	<target host="ida2at.com" />
+	<target host="www.ida2at.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Idea_Stations.org.xml b/src/chrome/content/rules/Idea_Stations.org.xml
index 8007dd8315ff..460e7b6c05cb 100644
--- a/src/chrome/content/rules/Idea_Stations.org.xml
+++ b/src/chrome/content/rules/Idea_Stations.org.xml
@@ -1,50 +1,6 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.ideastations.org/ => https://www.ideastations.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ideastations.org'")
-
-	Problematic hosts in *ideastations.org:
-
-		- support *
-
-	* Convio
-
--->
-<ruleset name="Idea Stations.org (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Idea Stations.org (partial)">
 	<target host="ideastations.org" />
 	<target host="www.ideastations.org" />
 
-	<!--	Complications:
-				-->
-	<target host="cdn.ideastations.org.s3.amazonaws.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://ideastations\.org/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://ideastations\.org/+(?!misc/|sites/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://ideastations.org/about" />
-			<test url="http://ideastations.org/contact" />
-			<test url="http://ideastations.org/radio" />
-
-			<!--	-ve:
-					-->
-			<test url="http://ideastations.org/misc/menu-leaf.png" />
-			<test url="http://ideastations.org/sites/default/files/attached-images/ideastations-logo-white.png" />
-
-
-	<rule from="^http://cdn\.ideastations\.org\.s3\.amazonaws\.com/"
-		to="https://s3.amazonaws.com/cdn.ideastations.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Idea_Storm.com.xml b/src/chrome/content/rules/Idea_Storm.com.xml
deleted file mode 100644
index e97ac5118eeb..000000000000
--- a/src/chrome/content/rules/Idea_Storm.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Dell coverage, see Dell.xml.
-
-
-	Mixed content:
-
-		- Images on dellideas.secure.force.com from www.ideastorm.com *
-		- favicon on dellideas.secure.force.com from i.dell.com *
-
-	* Secured by us
-
--->
-<ruleset name="Idea Storm.com">
-
-	<!--	Complications:
-				-->
-	<target host="ideastorm.com" />
-	<target host="www.ideastorm.com" />
-
-
-	<rule from="^http://(?:www\.)?ideastorm\.com/"
-		to="https://dellideas.secure.force.com/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Idealo.com.xml b/src/chrome/content/rules/Idealo.com.xml
index 13fb0fad5412..1b7c1839427a 100644
--- a/src/chrome/content/rules/Idealo.com.xml
+++ b/src/chrome/content/rules/Idealo.com.xml
@@ -36,7 +36,7 @@
 					-->
 	<!--securecookie host="^business\.idealo\.com$" name="^(?:YII_CSRF_TOKEN|business_lang)$" /-->
 
-	<securecookie host="^business\.idealo\.com$" name="" />
+	<securecookie host="^business\.idealo\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Ideel.com.xml b/src/chrome/content/rules/Ideel.com.xml
index 4d957624b039..2aafa3623d26 100644
--- a/src/chrome/content/rules/Ideel.com.xml
+++ b/src/chrome/content/rules/Ideel.com.xml
@@ -27,7 +27,7 @@ Fetch error: http://support.ideel.com/ => https://support.ideel.com/: (7, 'Faile
 		- www.ideel.com
 
 -->
-<ruleset name="Ideel.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ideel.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ideenw3rk.de.xml b/src/chrome/content/rules/Ideenw3rk.de.xml
new file mode 100644
index 000000000000..4aa1ff515d50
--- /dev/null
+++ b/src/chrome/content/rules/Ideenw3rk.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Ideenw3rk.de">
+
+	<target host="ideenw3rk.de" />
+	<target host="www.ideenw3rk.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Idefi.xml b/src/chrome/content/rules/Idefi.xml
index 532913ff8510..fdea14b3eeee 100644
--- a/src/chrome/content/rules/Idefi.xml
+++ b/src/chrome/content/rules/Idefi.xml
@@ -11,7 +11,7 @@ Fetch error: http://idefimusic.com/ => https://idefimusic.com/: (28, 'Connection
 		- production-idefi.s3.amazonaws.com
 
 -->
-<ruleset name="idefi" default_off='failed ruleset test'>
+<ruleset name="idefi" default_off="failed ruleset test">
 
 	<target host="idefimusic.com" />
 	<target host="www.idefimusic.com" />
@@ -22,4 +22,4 @@ Fetch error: http://idefimusic.com/ => https://idefimusic.com/: (28, 'Connection
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Idefix.xml b/src/chrome/content/rules/Idefix.xml
index ec8c2848541e..aacb4b4245b1 100644
--- a/src/chrome/content/rules/Idefix.xml
+++ b/src/chrome/content/rules/Idefix.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.idefix.com/ => https://www.idefix.com/: Too many redirec
 Fetch error: http://idefix.com/ => https://www.idefix.com/: Too many redirects while fetching 'https://www.idefix.com/'
 
 -->
-<ruleset name="Idefix" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Idefix" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.idefix.com" />
   <target host="idefix.com" />
 
diff --git a/src/chrome/content/rules/Identica.xml b/src/chrome/content/rules/Identica.xml
index 2dab4ab0e1e0..1077fe83914e 100644
--- a/src/chrome/content/rules/Identica.xml
+++ b/src/chrome/content/rules/Identica.xml
@@ -7,7 +7,7 @@ Fetch error: http://files.status.net/ => https://files.status.net/: (6, 'Could n
 Disabled by https-everywhere-checker because:
 Fetch error: http://files.status.net/ => https://files.status.net/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Identica" default_off='failed ruleset test'>
+<ruleset name="Identica" default_off="failed ruleset test">
   <target host="*.identi.ca" />
   <target host="identi.ca" />
   <target host="files.status.net" />
@@ -19,7 +19,7 @@ Fetch error: http://files.status.net/ => https://files.status.net/: (28, 'Connec
 	        to="https://identi.ca/"/>
   <rule from="^http://files\.status\.net/"
 	        to="https://files.status.net/"/>
-  <rule from="^http://(meteor\d+\.identi\.ca)/" 
+  <rule from="^http://(meteor\d+\.identi\.ca)/"
           to="https://$1/" />
   <rule from="^http://avatar\.identi\.ca/"
 	        to="https://avatar3.status.net/i/identica/"/>
diff --git a/src/chrome/content/rules/IdentityTheft.xml b/src/chrome/content/rules/IdentityTheft.xml
index 4cb3482d99b8..ee783898faef 100644
--- a/src/chrome/content/rules/IdentityTheft.xml
+++ b/src/chrome/content/rules/IdentityTheft.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://identitytheft.org.uk/ => https://www.identitytheft.org.uk/: (7, 'Failed to connect to www.identitytheft.org.uk port 443: Connection refused')
 Fetch error: http://www.identitytheft.org.uk/ => https://www.identitytheft.org.uk/: (7, 'Failed to connect to www.identitytheft.org.uk port 443: Connection refused')
 -->
-<ruleset name="IdentityTheft" default_off='failed ruleset test'>
+<ruleset name="IdentityTheft" default_off="failed ruleset test">
   <target host="identitytheft.org.uk"/>
   <target host="www.identitytheft.org.uk"/>
 
diff --git a/src/chrome/content/rules/Identity_Workshop.eu.xml b/src/chrome/content/rules/Identity_Workshop.eu.xml
index 3e74f68bb184..65e48132ef74 100644
--- a/src/chrome/content/rules/Identity_Workshop.eu.xml
+++ b/src/chrome/content/rules/Identity_Workshop.eu.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.identityworkshop.eu/ => https://www.identityworkshop.eu/
 		- www.identityworkshop.eu
 
 -->
-<ruleset name="Identity Workshop.eu" default_off='failed ruleset test'>
+<ruleset name="Identity Workshop.eu" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/IdeoClick.com.xml b/src/chrome/content/rules/IdeoClick.com.xml
index 1150b6419a5b..442302be1ff1 100644
--- a/src/chrome/content/rules/IdeoClick.com.xml
+++ b/src/chrome/content/rules/IdeoClick.com.xml
@@ -6,7 +6,6 @@ Fetch error: http://www.ideoclick.com/ => https://www.ideoclick.com/: (60, 'SSL
 
 	Other IdeoClick rulesets:
 
-		- Demand-driver.com.xml
 
 
 	Insecure cookies are set for these hosts:
@@ -22,7 +21,7 @@ Fetch error: http://www.ideoclick.com/ => https://www.ideoclick.com/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="IdeoClick.com" default_off='failed ruleset test'>
+<ruleset name="IdeoClick.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ideone.com.xml b/src/chrome/content/rules/Ideone.com.xml
index 48fc6ada5c0b..90bb40035208 100644
--- a/src/chrome/content/rules/Ideone.com.xml
+++ b/src/chrome/content/rules/Ideone.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://okta6.ideone.com/ => https://okta6.ideone.com/: (28, 'Connec
 		- www.ideone.com
 
 -->
-<ruleset name="Ideone.com" default_off='failed ruleset test'>
+<ruleset name="Ideone.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Idevelop.ro.xml b/src/chrome/content/rules/Idevelop.ro.xml
index 54319a1d0729..081fceeacfe3 100644
--- a/src/chrome/content/rules/Idevelop.ro.xml
+++ b/src/chrome/content/rules/Idevelop.ro.xml
@@ -4,7 +4,7 @@ Cloudflare SSL
 <ruleset name="Idevelop.ro">
     <target host="idevelop.ro" />
     <target host="www.idevelop.ro" />
-	
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Idris-lang.org.xml b/src/chrome/content/rules/Idris-lang.org.xml
index 4495bb52b83c..7daef3aa2f50 100644
--- a/src/chrome/content/rules/Idris-lang.org.xml
+++ b/src/chrome/content/rules/Idris-lang.org.xml
@@ -1,12 +1,10 @@
 <!--
 	Nonfunctional hosts in *.idris-lang.org:
-
-	certificate mismatch:
-		- docs.idris-lang.org
 -->
 <ruleset name="Idris-lang.org">
 	<target host="idris-lang.org" />
 	<target host="www.idris-lang.org" />
+	<target host="docs.idris-lang.org" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IgHome.com.xml b/src/chrome/content/rules/IgHome.com.xml
index 7a4d2cc116ea..e813864e0d4f 100644
--- a/src/chrome/content/rules/IgHome.com.xml
+++ b/src/chrome/content/rules/IgHome.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="igHome.com">
 
 	<target host="ighome.com" />
-	<target host="*.ighome.com" />
+	<target host="www.ighome.com" />
+	<target host="rss.ighome.com" />
 
 
 	<securecookie host="^(?:rss|www)\.ighome\.com$" name=".+" />
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?ighome\.com/"
 		to="https://www.ighome.com/" />
 
-	<rule from="^http://rss\.ighome\.com/"
-		to="https://rss.ighome.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Igalia-self-signed.xml b/src/chrome/content/rules/Igalia-self-signed.xml
index 05a49ce92e4a..46028669a441 100644
--- a/src/chrome/content/rules/Igalia-self-signed.xml
+++ b/src/chrome/content/rules/Igalia-self-signed.xml
@@ -1,12 +1,12 @@
 <ruleset name="igalia.com (self-signed)" default_off="expired, self-signed">
 
-	<target host="*.igalia.com"/>
+	<target host="blogs.igalia.com" />
+	<target host="www.igalia.com" />
 		<!--exclusion pattern="^http://www\.igalia\.com/($|\?|fileadmin/)" /-->
 		<exclusion pattern="^http://www\.igalia\.com/(?!typo3(?:conf|temp)/)" />
 
 	<securecookie host="^blogs\.igalia\.com$" name=".+" />
 
-	<rule from="^http://(blogs|www)\.igalia\.com/"
-		to="https://$1.igalia.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Igalia.xml b/src/chrome/content/rules/Igalia.xml
index 63a0f79eb0af..726d9e2c8bb3 100644
--- a/src/chrome/content/rules/Igalia.xml
+++ b/src/chrome/content/rules/Igalia.xml
@@ -18,7 +18,7 @@ Fetch error: http://labs.igalia.com/ => https://labs.igalia.com/: (6, 'Could not
 	² Works, self-signed
 
 -->
-<ruleset name="Igalia (partial)" default_off='failed ruleset test'>
+<ruleset name="Igalia (partial)" default_off="failed ruleset test">
 
 	<target host="igalia.com" />
 	<target host="labs.igalia.com"/>
diff --git a/src/chrome/content/rules/IiBuy.com.au.xml b/src/chrome/content/rules/IiBuy.com.au.xml
index 0346e61918db..1f0a78e661a7 100644
--- a/src/chrome/content/rules/IiBuy.com.au.xml
+++ b/src/chrome/content/rules/IiBuy.com.au.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IiNet.net.au.xml b/src/chrome/content/rules/IiNet.net.au.xml
index fa0af2f84024..363360b5b11b 100644
--- a/src/chrome/content/rules/IiNet.net.au.xml
+++ b/src/chrome/content/rules/IiNet.net.au.xml
@@ -37,7 +37,13 @@
 <ruleset name="iiNet.net.au (partial)">
 
 	<target host="iinet.net.au" />
-	<target host="*.iinet.net.au" />
+	<target host="hostedmail.iinet.net.au" />
+	<target host="iihelp.iinet.net.au" />
+	<target host="mail.iinet.net.au" />
+	<target host="toolbox.iinet.net.au" />
+	<target host="toolbox3.iinet.net.au" />
+	<target host="www.iinet.net.au" />
+	<target host="hostedwebmail.iinet.net.au" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Iki.fi.xml b/src/chrome/content/rules/Iki.fi.xml
index 7f372e0cc645..02d75315f08f 100644
--- a/src/chrome/content/rules/Iki.fi.xml
+++ b/src/chrome/content/rules/Iki.fi.xml
@@ -1,17 +1,7 @@
+<ruleset name="Iki.fi (partial)">
+	<target host="iki.fi" />
+	<target host="www.iki.fi" />
+	<target host="ikiwiki.iki.fi" />
 
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://iki.fi/ => https://www.iki.fi/: (28, 'Connection timed out after 20001 milliseconds')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://iki.fi/ => https://www.iki.fi/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://www.iki.fi/ => https://www.iki.fi/: (28, 'Connection timed out after 10000 milliseconds')
--->
-<ruleset name="Iki.fi" default_off='failed ruleset test'>
-  <target host="iki.fi" />
-  <target host="www.iki.fi" />
-  <target host="ikiwiki.iki.fi" />
-
-  <rule from="^http://(?:www\.)?iki\.fi/" to="https://www.iki.fi/" />
-  <rule from="^http://ikiwiki\.iki\.fi/" to="https://ikiwiki.iki.fi/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ikoula.com.xml b/src/chrome/content/rules/Ikoula.com.xml
index db4aa3ea2472..e06f48bb3258 100644
--- a/src/chrome/content/rules/Ikoula.com.xml
+++ b/src/chrome/content/rules/Ikoula.com.xml
@@ -5,8 +5,6 @@ Fetch error: http://livehelpvm01.ikoula.com/ => https://livehelpvm01.ikoula.com/
 
 	Other Ikoula rulesets:
 
-		- Ex10.biz.xml
-		- IKeepinCloud.com.xml
 
 
 	Insecure cookies are set for these domains:
@@ -14,7 +12,7 @@ Fetch error: http://livehelpvm01.ikoula.com/ => https://livehelpvm01.ikoula.com/
 		- .ikoula.com
 
 -->
-<ruleset name="Ikoula.com" default_off='failed ruleset test'>
+<ruleset name="Ikoula.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Iljmp.com.xml b/src/chrome/content/rules/Iljmp.com.xml
index 4de4581f5716..06fe9c8030bc 100644
--- a/src/chrome/content/rules/Iljmp.com.xml
+++ b/src/chrome/content/rules/Iljmp.com.xml
@@ -9,16 +9,16 @@ Fetch error: http://iljmp.com/ => https://iljmp.com/: (51, "SSL: no alternative
 	Web bugs.
 
 -->
-<ruleset name="Iljmp.com" default_off='failed ruleset test'>
+<ruleset name="Iljmp.com" default_off="failed ruleset test">
 
 	<target host="iljmp.com" />
 	<target host="*.iljmp.com" />
 
 
-	<securecookie host="(?:.*\.)?iljmp\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://([\w-]+\.)?iljmp\.com/"
 		to="https://$1iljmp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml b/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml
index 21579f94ef45..f1196e489b7a 100644
--- a/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml
+++ b/src/chrome/content/rules/Illinois_Department_of_Financial_and_Professional_Regulation.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?idfpr\.com/"
 		to="https://www.idfpr.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Illuminated_Pots.xml b/src/chrome/content/rules/Illuminated_Pots.xml
deleted file mode 100644
index df80fadd84ac..000000000000
--- a/src/chrome/content/rules/Illuminated_Pots.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	!www loops over http
-
--->
-<ruleset name="Illuminated Pots">
-
-	<target host="*.illuminated-pots.com" />
-
-
-	<securecookie host="^(?:\.?www)?\.illuminated-pots\.com$" name=".+" />
-
-
-	<rule from="^http://www\.illuminated-pots\.com/"
-		to="https://www.illuminated-pots.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Imag.fr.xml b/src/chrome/content/rules/Imag.fr.xml
index e48482dd8ad6..b6220509cb84 100644
--- a/src/chrome/content/rules/Imag.fr.xml
+++ b/src/chrome/content/rules/Imag.fr.xml
@@ -65,7 +65,13 @@
 -->
 <ruleset name="Imag.fr (partial)">
 
-	<target host="*.imag.fr" />
+	<target host="msiam.imag.fr" />
+	<target host="c-vpn-pub.imag.fr" />
+	<target host="cmp.imag.fr" />
+	<target host="forge.imag.fr" />
+	<target host="iam.imag.fr" />
+	<target host="mi2s.imag.fr" />
+	<target host="trombi-timc.imag.fr" />
 		<!--
 			Avoid broken MCB:
 						-->
@@ -75,7 +81,6 @@
 	<rule from="^http://msiam\.imag\.fr/"
 		to="https://iam.imag.fr/" />
 
-	<rule from="^http://(c-vpn-pub|cmp|forge|iam|mi2s|trombi-timc)\.imag\.fr/"
-		to="https://$1.imag.fr/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ImageMagick.xml b/src/chrome/content/rules/ImageMagick.xml
index 5aeb23def1f4..e88bac6ca4b7 100644
--- a/src/chrome/content/rules/ImageMagick.xml
+++ b/src/chrome/content/rules/ImageMagick.xml
@@ -1,21 +1,27 @@
 <!--
-	Nonfunctional hosts in *imagemagick.org:
-
-		- git ᵃ
-
-	ᵃ Shows ^imagemagick.org
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- archive.imagemagick.org
+		- ftp.imagemagick.org
+		- git.imagemagick.org
+		- mirror.imagemagick.org
+		- nextgen.imagemagick.org
+		- studio.imagemagick.org
+		- trac.imagemagick.org
+		- transloadit.imagemagick.org
+		- warrior.imagemagick.org
+
+		Mixed content blocking (MCB) triggered:
+		- jqmagick.imagemagick.org
 -->
-<ruleset name="ImageMagick.org (partial)">
-
+<ruleset name="ImageMagick.org">
 	<target host="imagemagick.org" />
 	<target host="www.imagemagick.org" />
-
+	<target host="legacy.imagemagick.org" />
+	<target host="magick.imagemagick.org" />
+	<target host="magickstudio.imagemagick.org" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ImageShack.xml b/src/chrome/content/rules/ImageShack.xml
index 5957eae9985e..be664b5d78a0 100644
--- a/src/chrome/content/rules/ImageShack.xml
+++ b/src/chrome/content/rules/ImageShack.xml
@@ -19,7 +19,7 @@
 	<target host="*.imageshack.us" />
 		<test url="http://www.imageshack.us/" />
 		<!-- Show 404 page: -->
-		<test url="http://a.imageshack.us/img254/8219/40789751.png" />	
+		<test url="http://a.imageshack.us/img254/8219/40789751.png" />
 		<test url="http://imagizer.imageshack.us/" />
 		<test url="http://post.imageshack.us/" />
 		<test url="http://img5.imageshack.us/img5/133/homeworld.jpg" />
diff --git a/src/chrome/content/rules/ImageTwist.com.xml b/src/chrome/content/rules/ImageTwist.com.xml
new file mode 100644
index 000000000000..30df5cce63e5
--- /dev/null
+++ b/src/chrome/content/rules/ImageTwist.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="ImageTwist.com">
+	<target host="imagetwist.com" />
+	<target host="*.imagetwist.com" />
+
+		<test url="http://www.imagetwist.com/" />
+		<test url="http://img114.imagetwist.com/" />
+		<test url="http://img115.imagetwist.com/" />
+		<test url="http://img116.imagetwist.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imageforensic.org.xml b/src/chrome/content/rules/Imageforensic.org.xml
index 246335f69326..7eb8caa163f1 100644
--- a/src/chrome/content/rules/Imageforensic.org.xml
+++ b/src/chrome/content/rules/Imageforensic.org.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 Cloudflare SSL
 -->
 <ruleset name="Imageforensic.org">
diff --git a/src/chrome/content/rules/Images-Amazon.com.xml b/src/chrome/content/rules/Images-Amazon.com.xml
index 56e4f8efefa2..06dc0696199b 100644
--- a/src/chrome/content/rules/Images-Amazon.com.xml
+++ b/src/chrome/content/rules/Images-Amazon.com.xml
@@ -7,7 +7,7 @@
 		ec8.images-amazon.com
 		ecx.images-amazon.com
 		g-ecx.images-amazon.com
-	
+
 	Time out:
 		ec1.images-amazon.com
 		ec3.images-amazon.com
@@ -30,7 +30,7 @@
 
 	<rule from="^http://g-ecx\.images-amazon\.com/"
 		to="https://d1ge0kk1l5kms0.cloudfront.net/" />
-		
+
 		<test url="http://g-ecx.images-amazon.com/images/G/01/x-site/icons/no-img-sm._V192198896_.gif" />
 
 	<rule from="^http://(ec[1-8]|z-ak)\.images-amazon\.com/"
diff --git a/src/chrome/content/rules/Images-CreateSpace.com.xml b/src/chrome/content/rules/Images-CreateSpace.com.xml
deleted file mode 100644
index 70d97e53c65a..000000000000
--- a/src/chrome/content/rules/Images-CreateSpace.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
--->
-<ruleset name="images-CreateSpace.com">
-
-	<target host="ssl.images-createspace.com" />
-
-		<test url="http://ssl.images-createspace.com/csp/Special/Img/logo-csp-no-tm.png" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ImagesBN.com.xml b/src/chrome/content/rules/ImagesBN.com.xml
index 7a8e494f4b5a..05df96d4389e 100644
--- a/src/chrome/content/rules/ImagesBN.com.xml
+++ b/src/chrome/content/rules/ImagesBN.com.xml
@@ -13,7 +13,11 @@
 -->
 <ruleset name="imagesBN.com">
 
-	<target host="*.imagesbn.com" />
+	<target host="img1.imagesbn.com" />
+	<target host="img2.imagesbn.com" />
+	<target host="simg1.imagesbn.com" />
+	<target host="simg2.imagesbn.com" />
+	<target host="img3.imagesbn.com" />
 
 
 	<!--	s?img[12] appear identical, but copy what
@@ -25,7 +29,6 @@
 	<!--	simg3 doesn't exist, and unlike
 		1 & 2, the cert matches img3:
 						-->
-	<rule from="^http://img3\.imagesbn\.com/"
-		to="https://img3.imagesbn.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Imagestash.xml b/src/chrome/content/rules/Imagestash.xml
index 863f3332932e..5ae18b293175 100644
--- a/src/chrome/content/rules/Imagestash.xml
+++ b/src/chrome/content/rules/Imagestash.xml
@@ -5,7 +5,7 @@ Fetch error: http://imagestash.org/ => https://imagestash.org/: (60, 'SSL certif
 Fetch error: http://www.imagestash.org/ => https://www.imagestash.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Imagestash" default_off='failed ruleset test'>
+<ruleset name="Imagestash" default_off="failed ruleset test">
 
 	<target host="imagestash.org" />
 	<target host="www.imagestash.org" />
@@ -16,4 +16,4 @@ Fetch error: http://www.imagestash.org/ => https://www.imagestash.org/: (60, 'SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Imaging-resource.com.xml b/src/chrome/content/rules/Imaging-resource.com.xml
new file mode 100644
index 000000000000..02a24e10ba55
--- /dev/null
+++ b/src/chrome/content/rules/Imaging-resource.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Imaging-resource.com">
+	<target host="imaging-resource.com" />
+	<target host="www.imaging-resource.com" />
+	<target host="api.imaging-resource.com" />
+	<target host="ir.imaging-resource.com" />
+	<target host="server.imaging-resource.com" />
+	<target host="server1.imaging-resource.com" />
+	<target host="server7.imaging-resource.com" />
+	<target host="similarity.imaging-resource.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imation.com.xml b/src/chrome/content/rules/Imation.com.xml
index 5e61196af3dc..248b394e1fe3 100644
--- a/src/chrome/content/rules/Imation.com.xml
+++ b/src/chrome/content/rules/Imation.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://support.imation.com/ => https://support.imation.com/: (60, '
 		- support
 
 -->
-<ruleset name="Imation.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Imation.com (partial)" default_off="failed ruleset test">
 
 	<target host="imation.com" />
 	<target host="support.imation.com" />
diff --git a/src/chrome/content/rules/Imerys.com.xml b/src/chrome/content/rules/Imerys.com.xml
index 7dbe1a78c322..49f1293299f9 100644
--- a/src/chrome/content/rules/Imerys.com.xml
+++ b/src/chrome/content/rules/Imerys.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.imerys.com/ => https://www.imerys.com/: (60, 'SSL certif
 	² Not secured by us <= mismatched
 
 -->
-<ruleset name="Imerys.com" default_off='failed ruleset test'>
+<ruleset name="Imerys.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Imfimg.com.xml b/src/chrome/content/rules/Imfimg.com.xml
deleted file mode 100644
index 43c81c7c78af..000000000000
--- a/src/chrome/content/rules/Imfimg.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="imfimg.com">
-
-	<target host="imfimg.com" />
-	<target host="www.imfimg.com" />
-
-
-	<securecookie host="^(?:w*\.)?imfimg\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ImgTC.com.xml b/src/chrome/content/rules/ImgTC.com.xml
deleted file mode 100644
index 513aababa310..000000000000
--- a/src/chrome/content/rules/ImgTC.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="ImgTC.com">
-	<target host="imgtc.com" />
-	<target host="www.imgtc.com" />
-	<target host="i.imgtc.com" />
-		<test url="http://i.imgtc.com/zqNBqn4.jpg" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Imgflip.com.xml b/src/chrome/content/rules/Imgflip.com.xml
index cc7d82f29a0b..eac3861b52e2 100644
--- a/src/chrome/content/rules/Imgflip.com.xml
+++ b/src/chrome/content/rules/Imgflip.com.xml
@@ -1,7 +1,9 @@
 <ruleset name="Imgflip.com">
 
 	<target host="imgflip.com" />
-	<target host="*.imgflip.com" />
+	<target host="i.imgflip.com" />
+	<target host="s.imgflip.com" />
+	<target host="www.imgflip.com" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^(?:\.|www\.)?imgflip\.com$" name=".+" />
 
 
-	<rule from="^http://((?:i|s|www)\.)?imgflip\.com/"
-		to="https://$1imgflip.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Imgrush.com.xml b/src/chrome/content/rules/Imgrush.com.xml
index 91e6525e459a..3eb50024ef06 100644
--- a/src/chrome/content/rules/Imgrush.com.xml
+++ b/src/chrome/content/rules/Imgrush.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.imgrush.com/ => https://www.imgrush.com/: (7, 'Failed to
 		- .imgrush.com
 
 -->
-<ruleset name="Imgrush.com" default_off='failed ruleset test'>
+<ruleset name="Imgrush.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Imgs_Mail.ru.xml b/src/chrome/content/rules/Imgs_Mail.ru.xml
index 2aac54edccc0..db130d5d4426 100644
--- a/src/chrome/content/rules/Imgs_Mail.ru.xml
+++ b/src/chrome/content/rules/Imgs_Mail.ru.xml
@@ -61,9 +61,10 @@
 		<test url="http://go1.imgsmail.ru/" />
 		<test url="http://go1.imgsmail.ru/static/web/img/go-form__submit-btn.png" />
 		<test url="http://go1.imgsmail.ru/static/web/img/main_sprite.png" />
-		<test url="http://go1.imgsmail.ru/static/web/img/main_sprite.png" />
 		<test url="http://go1.imgsmail.ru/static/web/img/sprites/main/communities.png" />
 		<test url="http://hi-tech.imgsmail.ru/" />
+		<test url="http://img.imgsmail.ru/r/new_share_buttons_sprite.gif" />
+		<test url="http://img1.imgsmail.ru/r/new_share_buttons_sprite.gif" />
 		<test url="http://limg.imgsmail.ru/" />
 		<test url="http://minigames.imgsmail.ru/" />
 		<test url="http://proxy.imgsmail.ru/" />
diff --git a/src/chrome/content/rules/Imgur.com.xml b/src/chrome/content/rules/Imgur.com.xml
new file mode 100644
index 000000000000..8deee9ccfd5c
--- /dev/null
+++ b/src/chrome/content/rules/Imgur.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Self-signed:
+		- browserevents
+
+	Timeout:
+		- go
+		- stack
+
+	Expired:
+		- nexus
+
+	Mismatched:
+		- www.press
+		- r.imgur
+-->
+<ruleset name="Imgur.com">
+	<target host="imgur.com" />
+	<target host="www.imgur.com" />
+	<target host="8ybhy85kld9zp9xf84x6.imgur.com" />
+	<target host="api.imgur.com" />
+	<target host="apidocs.imgur.com" />
+	<target host="backup.imgur.com" />
+	<target host="blog.imgur.com" />
+	<target host="community.imgur.com" />
+	<target host="help.imgur.com" />
+	<target host="i.imgur.com" />
+	<target host="iob.imgur.com" />
+	<target host="m.imgur.com" />
+	<target host="links.msg.imgur.com" />
+	<target host="pb.imgur.com" />
+	<target host="press.imgur.com" />
+	<target host="rt.imgur.com" />
+	<target host="s.imgur.com" />
+	<target host="sen.imgur.com" />
+	<target host="sentry.imgur.com" />
+	<target host="i.stack.imgur.com" />
+	<target host="status.imgur.com" />
+	<target host="store.imgur.com" />
+	<target host="zip.imgur.com" />
+	<target host="zrk.imgur.com" />
+
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imgur.xml b/src/chrome/content/rules/Imgur.xml
deleted file mode 100644
index 7c8ecbffb2e3..000000000000
--- a/src/chrome/content/rules/Imgur.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	Imgur now has full HTTPS support on all subdomains.
-	Previously, there were issues as discussed :
-		- https://mail1.eff.org/pipermail/https-everywhere-rules/2013-July/001645.html
-		- https://bugzilla.mozilla.org/show_bug.cgi?id=866986#c7
-	Ruleset simplified and fixed by bryn@imgur.com, January 2014.
-
-	Fully covered domains:
-		- imgur.com
-		- *.imgur.com:
-			- i
-			- origin
-			- m
-			- s
-			- i.stack
-			- www
-		- img.imgur.com		(→ i)
-		- status.imgur.com  (→ imgur.statuspage.io)
-		- store.imgur.com	(→ imgur-store.myshopify.com)
-
-	Insecure cookies are set for these domains:
-		- .imgur.com
-			__cfduid
-		- .m.imgur.com
-			IMGURUIDJAFO, MWSESSIONDATA, user_page, user_query,
-			user_section, user_sort, user_tag, user_timeWindow, user_view
-
--->
-<ruleset name="Imgur.com">
-
-	<target host="imgur.com" />
-	<target host="*.imgur.com" />
-
-		<test url="http://www.imgur.com/" />
-		<test url="http://i.imgur.com/" />
-		<test url="http://i.stack.imgur.com/t4snY.png" />
-		<test url="http://status.imgur.com/" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://status\.imgur\.com/"
-		to="https://imgur.statuspage.io/" />
-
-	<rule from="^http:"	to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Imgurp.com.xml b/src/chrome/content/rules/Imgurp.com.xml
new file mode 100644
index 000000000000..68d3aeb756d5
--- /dev/null
+++ b/src/chrome/content/rules/Imgurp.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Imgurp.com">
+	<target host="imgurp.com" />
+	<target host="www.imgurp.com" />
+	<target host="i.imgurp.com" />
+	<target host="m.imgurp.com" />
+
+	<test url="http://imgurp.com/UPcvbM1" />
+	<test url="http://www.imgurp.com/UPcvbM1" />
+	<test url="http://i.imgurp.com/UPcvbM1" />
+	<test url="http://m.imgurp.com/UPcvbM1" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Imine.co.xml b/src/chrome/content/rules/Imine.co.xml
deleted file mode 100644
index f3b2f3783b41..000000000000
--- a/src/chrome/content/rules/Imine.co.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="imine.co">
-
-	<target host="imine.co" />
-	<target host="www.imine.co" />
-
-
-	<securecookie host="^\.?imine\.co$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Iminent.com.xml b/src/chrome/content/rules/Iminent.com.xml
index 28a872bd3c8e..38ee3b66a5a8 100644
--- a/src/chrome/content/rules/Iminent.com.xml
+++ b/src/chrome/content/rules/Iminent.com.xml
@@ -27,4 +27,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ImmobilienScout24.xml b/src/chrome/content/rules/ImmobilienScout24.xml
index ca7fef428571..b5ade85ab59e 100644
--- a/src/chrome/content/rules/ImmobilienScout24.xml
+++ b/src/chrome/content/rules/ImmobilienScout24.xml
@@ -2,24 +2,24 @@
 <!--
 Disabled by https-everywhere-checker because:
 Fetch error: http://service.immobilienscout24.de/ => https://service.immobilienscout24.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
- 
-		
+
+
 		^ does not exist:
 		- www.static-immobilienscout24.de
-		
+
 		Mismatch:
 		- immobilienscout24.de
 		- blog.immobilienscout24.de
 		- developer.immobilienscout24.de
 		- www.focus.immobilienscout24.de
 		- wwworig.static-immobilienscout24.de
-		
+
 		Refused:
 		- forum.immobilienscout24.de
-		
+
 -->
 
-<ruleset name="ImmobilienScout24" default_off='failed ruleset test'>
+<ruleset name="ImmobilienScout24" default_off="failed ruleset test">
 
 	<target host="immobilienscout24.de" />
 	<target host="www.immobilienscout24.de" />
@@ -43,7 +43,7 @@ Fetch error: http://service.immobilienscout24.de/ => https://service.immobiliens
 
 	<rule from="^http://(www\.)?immobilienscout24\.de/"
 		to="https://www.immobilienscout24.de/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Immunicity.org.xml b/src/chrome/content/rules/Immunicity.org.xml
deleted file mode 100644
index 8c89979732da..000000000000
--- a/src/chrome/content/rules/Immunicity.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- check *
-		- clientconfig *
-
-	* Dropped
-
--->
-<ruleset name="Immunicity.org">
-
-	<target host="immunicity.org" />
-	<target host="www.immunicity.org" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?immunicity\.org/"
-		to="https://immunicity.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ImpAct.xml b/src/chrome/content/rules/ImpAct.xml
index 2989cefa98e0..8caf36d2c703 100644
--- a/src/chrome/content/rules/ImpAct.xml
+++ b/src/chrome/content/rules/ImpAct.xml
@@ -32,7 +32,12 @@
 -->
 <ruleset name="impAct (partial)">
 
-	<target host="*.impact-ad.jp" />
+	<target host="as.dc.impact-ad.jp" />
+	<target host="as.ief.impact-ad.jp" />
+	<target host="as.iy.impact-ad.jp" />
+	<target host="img.ak.impact-ad.jp" />
+	<target host="m.one.impact-ad.jp" />
+	<target host="y.one.impact-ad.jp" />
 
 
 	<securecookie host="^(?:\.dc|\.?[my]\.one)?\.impact-ad\.jp$" name=".+" />
@@ -40,10 +45,6 @@
 
 	<!--	as.dc 302s to a248.e.akamai.net/f/248/45380/60m/dac1.download.akamai.com/
 							-->
-	<rule from="^http://as\.(dc|ief|iy)\.impact-ad\.jp/"
-		to="https://as.$1.impact-ad.jp/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(img\.ak|[my]\.one)\.impact-ad\.jp/"
-		to="https://$1.impact-ad.jp/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Impactstory.org.xml b/src/chrome/content/rules/Impactstory.org.xml
index c92ed067896c..9e88bdfe3d16 100644
--- a/src/chrome/content/rules/Impactstory.org.xml
+++ b/src/chrome/content/rules/Impactstory.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.impactstory.org/ => https://www.impactstory.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.impactstory.org'")
 
 -->
-<ruleset name="Impactstory.org" default_off='failed ruleset test'>
+<ruleset name="Impactstory.org" default_off="failed ruleset test">
 	<target host=    "impactstory.org" />
 	<target host="www.impactstory.org" />
 
diff --git a/src/chrome/content/rules/Imperative_Ideas.com.xml b/src/chrome/content/rules/Imperative_Ideas.com.xml
deleted file mode 100644
index dca9fb1f4636..000000000000
--- a/src/chrome/content/rules/Imperative_Ideas.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Imperative Ideas.com (partial)">
-
-	<target host="imperativeideas.com" />
-	<target host="www.imperativeideas.com" />
-
-
-	<rule from="^http://(www\.)?imperativeideas\.com/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1imperativeideas.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Imperial-College-London-Union.xml b/src/chrome/content/rules/Imperial-College-London-Union.xml
index e2ef5db3ff3a..46d2b578c14a 100644
--- a/src/chrome/content/rules/Imperial-College-London-Union.xml
+++ b/src/chrome/content/rules/Imperial-College-London-Union.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Imperial College London coverage, see 
+	For other Imperial College London coverage, see
 		Imperial-College-London.xml
 -->
 <ruleset name="Imperial College London Union">
diff --git a/src/chrome/content/rules/Imperial-College-London.xml b/src/chrome/content/rules/Imperial-College-London.xml
index 5b28240f6ead..8614debf62a9 100644
--- a/src/chrome/content/rules/Imperial-College-London.xml
+++ b/src/chrome/content/rules/Imperial-College-London.xml
@@ -1,28 +1,48 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.doc.ic.ac.uk/ => https://www.doc.ic.ac.uk/: Too many redirects while fetching 'https://www.doc.ic.ac.uk/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.doc.ic.ac.uk/ => https://www.doc.ic.ac.uk/: Cycle detected - URL already encountered: https://www3.imperial.ac.uk/computing/
 	Other Imperial College London rulesets:
-
-		- Imperial-College-London-Union.xml
-
+		+ Imperial-College-London-Union.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- www.sbg.bio.imperial.ac.uk
+		- www.bioinformatics.imperial.ac.uk
+
+		Timeout was reached:
+		- www9.imperial.ac.uk
+
+		SSL peer certificate was not OK:
+		- www.ee.imperial.ac.uk
+		- eprints.imperial.ac.uk
+		- www.ma.imperial.ac.uk
+		- www.femto.ph.imperial.ac.uk
+		- www.union.imperial.ac.uk
+		- spectradspace.lib.imperial.ac.uk
+
+		Redirects to HTTP:
+		- www3.imperial.ac.uk
+		- www.ch.imperial.ac.uk
 -->
-<ruleset name="Imperial College London (partial)" default_off='failed ruleset test'>
-
-	<target host="www.doc.ic.ac.uk" />
+<ruleset name="Imperial College London (partial)">
 	<target host="imperial.ac.uk" />
-	<target host="*.imperial.ac.uk" />
-
-
-	<rule from="^http://www\.doc\.ic\.ac\.uk/"
-		to="https://www.doc.ic.ac.uk/" />
-
-	<!--	!www: cert only matches www.
-						-->
-	<rule from="^http://(?:www(3)?\.)?imperial\.ac\.uk/"
-		to="https://www$1.imperial.ac.uk/" />
-
+	<target host="www.imperial.ac.uk" />
+	<target host="apply.imperial.ac.uk" />
+	<target host="www.doc.ic.ac.uk" />
+	<target host="fileexchange.imperial.ac.uk" />
+	<target host="hallsf.imperial.ac.uk" />
+	<target host="data.hpc.imperial.ac.uk" />
+	<target host="cran.ma.imperial.ac.uk" />
+	<target host="www.hep.ph.imperial.ac.uk" />
+	<target host="secureaccess.imperial.ac.uk" />
+	<target host="spiral.imperial.ac.uk" />
+	<target host="www1.imperial.ac.uk" />
+	<target host="www2.imperial.ac.uk" />
+	<target host="www3.imperial.ac.uk" />
+	<target host="www4.imperial.ac.uk" />
+	<target host="www5.imperial.ac.uk" />
+	<target host="wwwf.imperial.ac.uk" />
+
+	<rule from="^http://www3\.imperial\.ac\.uk/"
+		  	to="https://www.imperial.ac.uk/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ImperialViolet.org.xml b/src/chrome/content/rules/ImperialViolet.org.xml
index dee3784616fa..3355065957fe 100644
--- a/src/chrome/content/rules/ImperialViolet.org.xml
+++ b/src/chrome/content/rules/ImperialViolet.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://pond.imperialviolet.org/ => https://pond.imperialviolet.org/: (6, 'Could not resolve host: pond.imperialviolet.org')
 
 -->
-<ruleset name="ImperialViolet.org" default_off='failed ruleset test'>
+<ruleset name="ImperialViolet.org" default_off="failed ruleset test">
 
 	<target host="imperialviolet.org" />
 	<target host="pond.imperialviolet.org" />
diff --git a/src/chrome/content/rules/ImprintMusic.ca.xml b/src/chrome/content/rules/ImprintMusic.ca.xml
new file mode 100644
index 000000000000..a584e7cc102a
--- /dev/null
+++ b/src/chrome/content/rules/ImprintMusic.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- clients.imprintmusic.ca
+-->
+
+<ruleset name="ImprintMusic.ca">
+	<target host="imprintmusic.ca" />
+	<target host="www.imprintmusic.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ImprovedTube.com.xml b/src/chrome/content/rules/ImprovedTube.com.xml
new file mode 100644
index 000000000000..4855322fb6e9
--- /dev/null
+++ b/src/chrome/content/rules/ImprovedTube.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="ImprovedTube.com">
+	<target host="improvedtube.com" />
+	<target host="www.improvedtube.com" />
+
+	<rule from="^http://www\.improvedtube\.com/" to="https://improvedtube.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Improvely.com.xml b/src/chrome/content/rules/Improvely.com.xml
index 666d9ab5dc9e..0b6ed259e090 100644
--- a/src/chrome/content/rules/Improvely.com.xml
+++ b/src/chrome/content/rules/Improvely.com.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Impulse.net.xml b/src/chrome/content/rules/Impulse.net.xml
index b6a4de7b98c6..286b5b545f2b 100644
--- a/src/chrome/content/rules/Impulse.net.xml
+++ b/src/chrome/content/rules/Impulse.net.xml
@@ -29,7 +29,7 @@ Fetch error: http://impulse.net/ => https://impulse.net/: (51, "SSL: no alternat
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="Impulse.net" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Impulse.net" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="impulse.net" />
 	<target host="webmail.impulse.net" />
@@ -41,4 +41,4 @@ Fetch error: http://impulse.net/ => https://impulse.net/: (51, "SSL: no alternat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Impulsedriven.com.xml b/src/chrome/content/rules/Impulsedriven.com.xml
deleted file mode 100644
index c669e91ad80d..000000000000
--- a/src/chrome/content/rules/Impulsedriven.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other GameStop coverage, see GameStop.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- impulsedriven.com
-		- www.impulsedriven.com
-
--->
-<ruleset name="impulsedriven.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="impulsedriven.com" />
-	<target host="www.impulsedriven.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?impulsedriven\.com$" name="^(?:ASP\.NET_SessionId|Currency|Region|Stardock\.Users\.Login\.Manager\.UserDomain|akamai-cookie)$" /-->
-
-	<securecookie host="^(?:www\.)?impulsedriven\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/In-Disguise.com.xml b/src/chrome/content/rules/In-Disguise.com.xml
index f6f501952493..2af263e4ae57 100644
--- a/src/chrome/content/rules/In-Disguise.com.xml
+++ b/src/chrome/content/rules/In-Disguise.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.vpnincome.com/ => https://www.vpnincome.com/: (28, 'Conn
 		- (www.)wpnincome.com
 
 -->
-<ruleset name="in-Disguise.com" default_off='failed ruleset test'>
+<ruleset name="in-Disguise.com" default_off="failed ruleset test">
 
 	<target host="in-disguise.com" />
 	<target host="my.in-disguise.com" />
@@ -29,6 +29,6 @@ Fetch error: http://www.vpnincome.com/ => https://www.vpnincome.com/: (28, 'Conn
 
 	<!--	Simply redirects to in-disguise.com:
 							-->
-	
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/In-Q-Tel.xml b/src/chrome/content/rules/In-Q-Tel.xml
index 6e4eb12c818e..bc58b49bdf26 100644
--- a/src/chrome/content/rules/In-Q-Tel.xml
+++ b/src/chrome/content/rules/In-Q-Tel.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.iqt.org/ => https://www.iqt.org/: (60, 'SSL certificate
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="In-Q-Tel" default_off='failed ruleset test'>
+<ruleset name="In-Q-Tel" default_off="failed ruleset test">
 
 	<target host="iqt.org" />
 	<target host="www.iqt.org" />
@@ -18,4 +18,4 @@ Fetch error: http://www.iqt.org/ => https://www.iqt.org/: (60, 'SSL certificate
 	<rule from="^http://(?:www\.)?iqt\.org/"
 		to="https://www.iqt.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InCloak.com.xml b/src/chrome/content/rules/InCloak.com.xml
index 24fbe751eaa8..3d253c51f5c3 100644
--- a/src/chrome/content/rules/InCloak.com.xml
+++ b/src/chrome/content/rules/InCloak.com.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InCommon.xml b/src/chrome/content/rules/InCommon.xml
index 590360c63078..77db79176606 100644
--- a/src/chrome/content/rules/InCommon.xml
+++ b/src/chrome/content/rules/InCommon.xml
@@ -9,19 +9,19 @@ Fetch error: http://incommonfederation.org/ => https://incommonfederation.org/:
 		- wayf2.incommonfederation.org	(mismatched, CN: wayf.incommonfederation.org)
 
 -->
-<ruleset name="InCommon" default_off='failed ruleset test'>
+<ruleset name="InCommon" default_off="failed ruleset test">
 
 	<target host="incommon.org" />
 	<target host="www.incommon.org" />
 	<target host="incommonfederation.org" />
-	<target host="*.incommonfederation.org" />
+	<target host="www.incommonfederation.org" />
+	<target host="wayf.incommonfederation.org" />
+	<target host="wayf2.incommonfederation.org" />
 
 
 	<securecookie host="^\.incommonfederation\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?incommon\.org/"
-		to="https://$1incommon.org/" />
 
 	<rule from="^http://(?:www\.)?incommonfederation\.org/"
 		to="https://incommonfederation.org/" />
@@ -29,4 +29,5 @@ Fetch error: http://incommonfederation.org/ => https://incommonfederation.org/:
 	<rule from="^http://wayf2?\.incommonfederation\.org/"
 		to="https://wayf.incommonfederation.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/InSided.xml b/src/chrome/content/rules/InSided.xml
index b104af50ac69..f77d68da15c7 100644
--- a/src/chrome/content/rules/InSided.xml
+++ b/src/chrome/content/rules/InSided.xml
@@ -9,7 +9,7 @@ Fetch error: http://static.insided.nl/ => https://static.insided.nl/: (28, 'Conn
 		- www
 
 -->
-<ruleset name="inSided (partial)" default_off='failed ruleset test'>
+<ruleset name="inSided (partial)" default_off="failed ruleset test">
 
 	<target host="static.insided.nl" />
 
diff --git a/src/chrome/content/rules/Inapub.co.uk.xml b/src/chrome/content/rules/Inapub.co.uk.xml
index 48fd054229ef..2b2ee0b05f88 100644
--- a/src/chrome/content/rules/Inapub.co.uk.xml
+++ b/src/chrome/content/rules/Inapub.co.uk.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InboxApp.com.xml b/src/chrome/content/rules/InboxApp.com.xml
index 1348facaed9f..cab4f070d386 100644
--- a/src/chrome/content/rules/InboxApp.com.xml
+++ b/src/chrome/content/rules/InboxApp.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://inboxapp.com/ => https://inboxapp.com/: (60, 'SSL certificat
 Fetch error: http://www.inboxapp.com/ => https://www.inboxapp.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="InboxApp.com" default_off='failed ruleset test'>
+<ruleset name="InboxApp.com" default_off="failed ruleset test">
 
 	<target host="inboxapp.com" />
 	<target host="www.inboxapp.com" />
diff --git a/src/chrome/content/rules/Inburke.com.xml b/src/chrome/content/rules/Inburke.com.xml
index 2975307b8a5f..782d18dc15c0 100644
--- a/src/chrome/content/rules/Inburke.com.xml
+++ b/src/chrome/content/rules/Inburke.com.xml
@@ -10,7 +10,9 @@
 <ruleset name="inburke.com">
 
 	<target host="inburke.com" />
-	<target host="*.inburke.com" />
+	<target host="kev.inburke.com" />
+	<target host="www.inburke.com" />
+	<target host="www.kev.inburke.com" />
 
 
 	<rule from="^http://(?:www\.)?(?:kev\.)?inburke\.com/"
diff --git a/src/chrome/content/rules/Inc.com-falsemixed.xml b/src/chrome/content/rules/Inc.com-falsemixed.xml
deleted file mode 100644
index 77304dad5df8..000000000000
--- a/src/chrome/content/rules/Inc.com-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules not causing MCB, see Inc.com.xml.
-
--->
-<ruleset name="Inc.com (mixed content)" platform="mixedcontent">
-
-	<target host="inc.com" />
-	<target host="conference.inc.com" />
-	<target host="mediakit.inc.com" />
-	<target host="www.inc.com" />
-
-
-	<rule from="^http://(?:www\.)?inc\.com/"
-		to="https://www.inc.com/" />
-
-	<rule from="^http://(conference|mediakit)\.inc\.com/"
-		to="https://$1.inc.com/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Inc.com.xml b/src/chrome/content/rules/Inc.com.xml
index 230441359672..c21d59217628 100644
--- a/src/chrome/content/rules/Inc.com.xml
+++ b/src/chrome/content/rules/Inc.com.xml
@@ -1,68 +1,19 @@
 <!--
-	For rules causing MCB, see Inc.com-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- admin ¹
-		- dev-admin ²
-		- store ¹
-
-	¹ Shows CentOS test page
-	² Refused
-
-
-	These altnames don't exist:
-
-		- www.subscriptions.inc.com
-
-
-	Mixed content:
-
-		- frame on www from dev-admin ¹
-
-		- css, on:
-
-			- conference from $self ²
-			- conference and www from netdna.bootstrapcdn.com ²
-			- conference from fonts.googleapis.com ²
-			- mediakit from $self ²
-			- www from $self ²
-			- www from admin ¹
-
-		- Images, on:
-
-			- www from admin ¹
-			- www from dev-admin ¹
-
-	¹ Unsecurable
-	² Secured by us
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- subscriptions.inc.com
 
+		Mixed content blocking (MCB) triggered:
+		- mediakit.inc.com
 -->
-<ruleset name="Inc.com (partial)">
-
+<ruleset name="Inc.com">
 	<target host="inc.com" />
-	<target host="*.inc.com" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://(?:conference|mediakit)\.inc\.com/+(?!wp-content/|wp-includes/)" />
-		<exclusion pattern="^http://(?:www\.)?inc\.com/+(?!favicon\.ico|lib/|views/css/)" />
-
+	<target host="www.inc.com" />
+	<target host="conference.inc.com" /><!-- Note: MCB issues but server redirect to https -->
+	<target host="magazine.inc.com" />
+	<target host="store.inc.com" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^magazine\.inc\.com$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^\.subscriptions\.inc\.com$" name="^mb_sessid_/inc_amst$" /-->
-
-	<securecookie host="^(?:magazine|\.subscriptions)\.inc\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?inc\.com/"
-		to="https://www.inc.com/" />
-
-	<rule from="^http://(conference|mediakit|subscriptions|magazine)\.inc\.com/"
-		to="https://$1.inc.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/Incisive_Media.xml b/src/chrome/content/rules/Incisive_Media.xml
index 62d22b114471..4f99c66782b2 100644
--- a/src/chrome/content/rules/Incisive_Media.xml
+++ b/src/chrome/content/rules/Incisive_Media.xml
@@ -18,10 +18,12 @@ Fetch error: http://incisivemedia.com/ => https://secure.incisivemedia.com/: (60
 	* Mismatched, CN: secure.incisivemedia.com
 
 -->
-<ruleset name="Incisive Media" default_off='failed ruleset test'>
+<ruleset name="Incisive Media" default_off="failed ruleset test">
 
 	<target host="incisivemedia.com" />
-	<target host="*.incisivemedia.com" />
+	<target host="secure.incisivemedia.com" />
+	<target host="www.incisivemedia.com" />
+	<target host="incmai.incisivemedia.com" />
 	<target host="db.riskwaters.com" />
 
 
diff --git a/src/chrome/content/rules/IncludeOS.org.xml b/src/chrome/content/rules/IncludeOS.org.xml
new file mode 100644
index 000000000000..9e3e9ada2912
--- /dev/null
+++ b/src/chrome/content/rules/IncludeOS.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Redirects:
+		includeos.org
+	Cannot connect:
+		jenkins.includeos.org
+-->
+<ruleset name="IncludeOS.org">
+	<target host="includeos.org" />
+	<target host="jenkins.includeos.org" />
+	<target host="www.includeos.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Incoin.io.xml b/src/chrome/content/rules/Incoin.io.xml
index ceb01b92b107..148a21f4b7eb 100644
--- a/src/chrome/content/rules/Incoin.io.xml
+++ b/src/chrome/content/rules/Incoin.io.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.incoin.io/ => https://www.incoin.io/: (28, 'Connection t
 		- www.beta.incoin.io
 
 -->
-<ruleset name="incoin.io (partial)" default_off='failed ruleset test'>
+<ruleset name="incoin.io (partial)" default_off="failed ruleset test">
 
 	<target host="incoin.io" />
 	<target host="beta.incoin.io" />
diff --git a/src/chrome/content/rules/Indaba_Music.com.xml b/src/chrome/content/rules/Indaba_Music.com.xml
index abf3cfeea7e1..7e07495f9459 100644
--- a/src/chrome/content/rules/Indaba_Music.com.xml
+++ b/src/chrome/content/rules/Indaba_Music.com.xml
@@ -21,13 +21,13 @@
 <ruleset name="Indaba Music.com (false MCB)" platform="mixedcontent">
 
 	<target host="indabamusic.com" />
-	<target host="*.indabamusic.com" />
+	<target host="beta.indabamusic.com" />
+	<target host="www.indabamusic.com" />
 
 
 	<securecookie host="^\.indabamusic\.com$" name=".+" />
 
 
-	<rule from="^http://((?:beta|notifications|www)\.)?indabamusic\.com/"
-		to="https://$1indabamusic.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Indeed.co.uk.xml b/src/chrome/content/rules/Indeed.co.uk.xml
new file mode 100644
index 000000000000..af357a2d71d1
--- /dev/null
+++ b/src/chrome/content/rules/Indeed.co.uk.xml
@@ -0,0 +1,12 @@
+<!--
+	Redirect to HTTP:
+		- blog.indeed.co.uk
+-->
+<ruleset name="indeed.co.uk">
+	<target host="indeed.co.uk" />
+	<target host="www.indeed.co.uk" />
+	<target host="events.indeed.co.uk" />
+	<target host="hire.indeed.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Independent-Centre-for-Privacy-Protection-Schleswig-Holstein.xml b/src/chrome/content/rules/Independent-Centre-for-Privacy-Protection-Schleswig-Holstein.xml
deleted file mode 100644
index 67867c7b2418..000000000000
--- a/src/chrome/content/rules/Independent-Centre-for-Privacy-Protection-Schleswig-Holstein.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Independent Centre for Privacy Protection Schleswig-Holstein">
-
-	<target host="datenschutzzentrum.de"/>
-	<target host="www.datenschutzzentrum.de"/>
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Independent_News.xml b/src/chrome/content/rules/Independent_News.xml
index 380425de2cfc..f5fd5d03f822 100644
--- a/src/chrome/content/rules/Independent_News.xml
+++ b/src/chrome/content/rules/Independent_News.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?the-independent-news\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.the-independent-news.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Indepnet.net.xml b/src/chrome/content/rules/Indepnet.net.xml
index a70dbb9341ed..7d979f44f147 100644
--- a/src/chrome/content/rules/Indepnet.net.xml
+++ b/src/chrome/content/rules/Indepnet.net.xml
@@ -38,7 +38,7 @@ Fetch error: http://forge.indepnet.net/ => https://forge.indepnet.net/: (28, 'Co
 	* Secured by us
 
 -->
-<ruleset name="Indepnet.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Indepnet.net (partial)" default_off="failed ruleset test">
 
 	<target host="forge.indepnet.net" />
 
diff --git a/src/chrome/content/rules/Index_on_Censorship.org.xml b/src/chrome/content/rules/Index_on_Censorship.org.xml
index 11bb978d2581..863db4b497d0 100644
--- a/src/chrome/content/rules/Index_on_Censorship.org.xml
+++ b/src/chrome/content/rules/Index_on_Censorship.org.xml
@@ -15,7 +15,7 @@ Fetch error: http://awards.indexoncensorship.org/ => https://awards.indexoncenso
 	* Secured by us
 
 -->
-<ruleset name="Index on Censorship.org" default_off='failed ruleset test'>
+<ruleset name="Index on Censorship.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/India.com.xml b/src/chrome/content/rules/India.com.xml
index 93e90a0434e6..37ebd31d9842 100644
--- a/src/chrome/content/rules/India.com.xml
+++ b/src/chrome/content/rules/India.com.xml
@@ -1,44 +1,36 @@
 <!--
-	CDN buckets:
+	Non-functional hosts
+		Couldn't connect to server:
+		- india.com
 
-		- s3.india.com.edgesuite.net
+		SSL connect error:
+		- arijitsinghshow.india.com
 
+		SSL peer certificate was not OK:
+		- www.zeenews.india.com
 
-	Nonfunctional subdomains:
-
-		- ^ ¹
-		- auth ²
-		- did3 ³
-		- mail ²
-		- st2 ¹
-		- travel ⁴
-		- video ⁵
-		- vimg ⁵
-		- www ⁴
-
-	¹ Dropped
-	² Handshake fails
-	³ Refused
-	⁴ 504, Akamai
-	⁵ 400
-
-
-	Problematic hosts in *india.com:
-
-		- jt ¹
-		- s3 ²
-
-	¹ Adtech
-	² Akamai
-
+		Status code mismatch:
+		- s3.travel.india.com
 -->
-<ruleset name="India.com (partial)" default_off="mismatched">
-
-	<target host="jt.india.com" />
+<ruleset name="India.com">
+	<target host="india.com" />
+	<target host="www.india.com" />
+	<target host="americas.india.com" />
+	<target host="playandwingame.india.com" />
+	<target host="ribbon.india.com" />
 	<target host="s3.india.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<target host="st1.india.com" />
+	<target host="stb.india.com" />
+	<target host="ste.india.com" />
+	<target host="sth.india.com" />
+	<target host="stm.india.com" />
+	<target host="znb.india.com" />
+	<target host="znm.india.com" />
+	<target host="znn.india.com" />
+	<target host="zeenews.india.com" />
+
+	<rule from="^http://india\.com/"
+		to="https://www.india.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IndiaMART.xml b/src/chrome/content/rules/IndiaMART.xml
index e7e4f56faba9..e9327d48def0 100644
--- a/src/chrome/content/rules/IndiaMART.xml
+++ b/src/chrome/content/rules/IndiaMART.xml
@@ -33,23 +33,13 @@
 -->
 <ruleset name="IndiaMART (partial)">
 
-	<target host="*.imimg.com" />
+	<target host="1.imimg.com" />
+	<target host="2.imimg.com" />
+	<target host="3.imimg.com" />
+	<target host="4.imimg.com" />
 	<target host="im.gifbt.com" />
 
 
-	<rule from="^http://1\.imgimg\.com/"
-		to="https://d2y6cbvg1xh035.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://2\.imimg\.com/"
-		to="https://d1raip7zazff6e.cloudfront.net/" />
-
-	<rule from="^http://3\.imimg\.com/"
-		to="https://dypmusfs8hvdw.cloudfront.net/" />
-
-	<rule from="^http://4\.imimg\.com/"
-		to="https://d3p8pcjf51nlqw.cloudfront.net/" />
-
-	<rule from="^http://im\.gifbt\.com/"
-		to="https://d1wd2icune084.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Indiana-University.xml b/src/chrome/content/rules/Indiana-University.xml
index 1ff40f83655b..bf6aba3e2d6b 100644
--- a/src/chrome/content/rules/Indiana-University.xml
+++ b/src/chrome/content/rules/Indiana-University.xml
@@ -92,7 +92,7 @@ Fetch error: http://osl.iu.edu/ => https://www.osl.iu.edu/: (51, "SSL: no altern
 	² Unsecurable <= refused
 
 -->
-<ruleset name="IU.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="IU.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Indiana.edu.xml b/src/chrome/content/rules/Indiana.edu.xml
index 7d1d12522e0f..e4b779daa85e 100644
--- a/src/chrome/content/rules/Indiana.edu.xml
+++ b/src/chrome/content/rules/Indiana.edu.xml
@@ -16,6 +16,11 @@
 <ruleset name="Indiana.edu (partial)">
 	<target host="indiana.edu" />
 	<target host="www.indiana.edu" />
+		<!-- Different content HTTP/HTTPS -->
+		<exclusion pattern="^http://(www\.)?indiana\.edu/~\w+/" />
+			<test url="http://www.indiana.edu/~oah/" />
+			<test url="http://indiana.edu/~sphs/home/" />
+			<test url="http://www.indiana.edu/~sphs/home/" />
 	<target host="alumni.indiana.edu" />
 	<target host="bursar.indiana.edu" />
 	<target host="d2i.indiana.edu" />
diff --git a/src/chrome/content/rules/IndianaCourts.us.xml b/src/chrome/content/rules/IndianaCourts.us.xml
new file mode 100644
index 000000000000..06dda1e529d4
--- /dev/null
+++ b/src/chrome/content/rules/IndianaCourts.us.xml
@@ -0,0 +1,6 @@
+<ruleset name="IndianaCourts.us">
+	<target host="indianacourts.us" />
+	<target host="www.indianacourts.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indiana_State_University.xml b/src/chrome/content/rules/Indiana_State_University.xml
index 75b8700279bd..ce41a5dc5d37 100644
--- a/src/chrome/content/rules/Indiana_State_University.xml
+++ b/src/chrome/content/rules/Indiana_State_University.xml
@@ -1,30 +1,16 @@
 <!--
-	Nonfunctional subdomains:
-
-		- library	(revoked)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- isuportal
-		- www1
+	Non-functional hosts
+		Timeout was reached:
+		- www1.indstate.edu
 
+		Mixed content blocking (MCB) triggered:
+		- library.indstate.edu
 -->
 <ruleset name="Indiana State University (partial)">
+	<target host="indstate.edu" />
+	<target host="www.indstate.edu" />
+	<target host="blackboard.indstate.edu" />
+	<target host="isuportal.indstate.edu" />
 
-	<target host="*.indstate.edu" />
-		<exclusion pattern="^http://(?:www\.)?indstate\.edu/(?!css/|favicon\.ico|images/|js/)" />
-
-
-	<securecookie host="^isuportal\.indstate\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:isuportal|www1?)\.)?indstate\.edu/"
-		to="https://$1indstate.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Indianapolis_Star.xml b/src/chrome/content/rules/Indianapolis_Star.xml
index ba5797d230bf..bc0b08588957 100644
--- a/src/chrome/content/rules/Indianapolis_Star.xml
+++ b/src/chrome/content/rules/Indianapolis_Star.xml
@@ -14,7 +14,8 @@
 <ruleset name="Indianapolis Star" default_off="mismatched">
 
 	<target host="indystar.com" />
-	<target host="*.indystar.com" />
+	<target host="cmsing.indystar.com" />
+	<target host="www.indystar.com" />
 
 
 	<securecookie host="^www\.indystar\.com$" name=".+" />
diff --git a/src/chrome/content/rules/IndieHackers.com.xml b/src/chrome/content/rules/IndieHackers.com.xml
new file mode 100644
index 000000000000..45b0d92872dd
--- /dev/null
+++ b/src/chrome/content/rules/IndieHackers.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="IndieHackers.com">
+	<target host="indiehackers.com" />
+	<target host="www.indiehackers.com" />
+	<target host="shop.indiehackers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IndieMerch.xml b/src/chrome/content/rules/IndieMerch.xml
index 42e591a9e73e..324bb08c7cdb 100644
--- a/src/chrome/content/rules/IndieMerch.xml
+++ b/src/chrome/content/rules/IndieMerch.xml
@@ -13,7 +13,9 @@
 <ruleset name="IndieMerch (partial)">
 
 	<target host="indiemerch.com" />
-	<target host="*.indiemerch.com" />
+	<target host="cdn.indiemerch.com" />
+	<target host="pad.indiemerch.com" />
+	<target host="www.indiemerch.com" />
 
 
 	<securecookie host="^.+\.indiemerch\.com$" name=".+" />
@@ -22,7 +24,6 @@
 	<rule from="^http://indiemerch\.com/"
 		to="https://www.indiemerch.com/" />
 
-	<rule from="^http://(cdn|pad|www)\.indiemerch\.com/"
-		to="https://$1.indiemerch.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IndieMerchandising.xml b/src/chrome/content/rules/IndieMerchandising.xml
index d15c2672b46d..26fb9dabaa48 100644
--- a/src/chrome/content/rules/IndieMerchandising.xml
+++ b/src/chrome/content/rules/IndieMerchandising.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Induction_Solutions.com-falsemixed.xml b/src/chrome/content/rules/Induction_Solutions.com-falsemixed.xml
deleted file mode 100644
index a695bfc4566d..000000000000
--- a/src/chrome/content/rules/Induction_Solutions.com-falsemixed.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Induction_Solutions.com.xml.
-
--->
-<ruleset name="Induction Solutions.com (false MCB)" platform="mixedcontent">
-
-	<target host="inductionsolutions.com" />
-	<target host="*.inductionsolutions.com" />
-		<!--
-			Handled in Induction_Solutions.com.xml:
-								-->
-		<!--exclusion pattern="^http://(www\.)?inductionsolutions\.com/+(?!favicon\.ico|my-account($|[?/])|wp-content/|wp-includes/)" /-->
-
-
-	<securecookie host="^(?:w*\.)?inductionsolutions\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?inductionsolutions\.com/(?!favicon\.ico|my-account(?:$|[?/])|wp-content/|wp-includes/)"
-		to="https://$1inductionsolutions.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Induction_Solutions.com.xml b/src/chrome/content/rules/Induction_Solutions.com.xml
deleted file mode 100644
index 023b35d78a55..000000000000
--- a/src/chrome/content/rules/Induction_Solutions.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Induction_Solutions.com-falsemixed.xml.
-
-
-	Mixed content:
-
-		- css, on (www.) from:
-
-			- ^ *
-			- fonts.googleapis.com *
-
-		- Images on (www.) from ^ *
-
-	* Secured by us
-
--->
-<ruleset name="Induction Solutions.com (partial)">
-
-	<target host="inductionsolutions.com" />
-	<target host="www.inductionsolutions.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?inductionsolutions\.com/+(favicon\.ico|my-account($|[?/])|wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://(www\.)?inductionsolutions\.com/(?=favicon\.ico|my-account(?:$|[?/])|wp-content/|wp-includes/)"
-		to="https://$1inductionsolutions.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IndusGuard.xml b/src/chrome/content/rules/IndusGuard.xml
deleted file mode 100644
index cb794406ac77..000000000000
--- a/src/chrome/content/rules/IndusGuard.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(record_too_long)
-		- www	(times out)
-
--->
-<ruleset name="IndusGuard (partial)">
-
-	<target host="soc.indusguard.com" />
-
-
-	<securecookie host="^soc\.indusguard\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Indymedia.xml b/src/chrome/content/rules/Indymedia.xml
index 0198d3f8f3f9..009c13416504 100644
--- a/src/chrome/content/rules/Indymedia.xml
+++ b/src/chrome/content/rules/Indymedia.xml
@@ -1,264 +1,101 @@
 <!--
 	Other Indymedia rulesets:
-
-		- Indymedia.nl.xml
-		- Indymedia.org.uk.xml
-
-
-	Nonfunctional hosts in *indymedia.org:
-
-		- argentina ʳ
-		- armenia
-		- austin ʳ
-		- barcelona ᵃ
-		- bc ¹
-		- beirut ²
-		- belarus ᵈ
-		- www.belarus ᵈ
-		- boston ²
-		- dev.boston ²
-		- docs ᵖ
-		- www.docs ᵖ
-		- bristol	Redirects to http
-		- colorado ᵈ
-		- cyprus ʳ
-		- hu ¹
-		- hungary ¹
-		- istanbul ⁴
-		- japan ᵃ
-		- la ᵖ
-		- lists ³
-		- liveradio ³
-		- mexico ²
-		- miami ²
-		- neworleans ²
-		- newsreal ²
-		- piter ʳ
-		- pittsburgh ʳ
-		- portland ²
-		- portugal ᵖ
-		- print ʳ
-		- pt ᵖ
-		- richmond ²
-		- satellite ²
-		- tech ²
-		- worcester ¹
-
-	⁴ 404
-	¹ Shows another domain
-	ᵃ Shows another domain
-	ᵈ Dropped
-	ᵖ Plaintext reply
-	² Refused
-	ʳ Refused
-	³ Dropped
-
-
-	Problematic hosts in *indymedia.org:
-
-		- abruzzo ᵉ ᵘ
-		- antwerpen ᵐ
-		- barcelona ⁵
-		- calabria ᵉ ᵘ
-		- www.belgium ᵐ
-		- ch ²
-		- chat ¹ ²
-		- emiliaromagna ᵉ ᵘ
-		- grenoble ³
-		- next.grenoble ² ⁵
-		- irc ¹
-		- israel ¹ ² ⁴
-		- italy	¹ ⁵
-		- lille ³
-		- www.lille ²
-		- manila ²
-		- napoli ᵉ ᵘ
-		- netherlands ²
-		- northern ¹ ²
-		- nottingham ² ⁶
-		- perth ᵐ
-		- piemonte ᵉ ᵘ ˣ
-		- publish.portland ¹ ⁶
-		- roma ¹ ⁵
-		- swizerland ²
-		- ukraine ¹ ᵀ
-		- wichmann ²
-
-	ᵀ CAcert
-	¹ Expired
-	ᵉ Expired
-	² Mismatched
-	ᵐ Mismatched
-	³ Self-signed
-	⁴ Missing certificate chain
-	⁵ Untrusted root
-	ᵘ Untrusted root
-	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
-	⁶ CAcert
-
-
-	STS header includes includeSubdomains
-	for belgium, brussels, bruxelles, bxl, grenoble, nantes
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .israel.indymedia.org
-		- nantes.indymedia.org
-		- .nantes.indymedia.org
-		- www.nantes.indymedia.org
-		- publish.nyc.indymedia.org
-		- publish.indymedia.org
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css, on:
-
-			- piemonte from $self
-
-		- Images, on:
-
-			- (www.)?, publish from www.indymedia.org ˢ
-			- barcelona from $self
-			- piemonte from $self
-
-	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+		+ Indymedia.nl.xml
+		+ Indymedia.org.uk.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- barcelona.indymedia.org
+		- bcn.indymedia.org
+		- boston.indymedia.org
+		- che.indymedia.org
+		- cyprus.indymedia.org
+		- docs.indymedia.org
+		- newsreal.indymedia.org
+		- satellite.indymedia.org
+
+		Timeout was reached:
+		- grenoble.indymedia.org
+		- manila.indymedia.org
+		- www.sweden.indymedia.org
+
+		SSL connect error:
+		- media.de.indymedia.org
+		- japan.indymedia.org
+		- nyc.indymedia.org
+
+		SSL peer certificate was not OK:
+		- www.adelaide.indymedia.org
+		- bagimsiz-istanbul.indymedia.org
+		- brasil.indymedia.org
+		- ch.indymedia.org
+		- chicago.indymedia.org
+		- www.chicago.indymedia.org
+		- cleveland.indymedia.org
+		- www.cleveland.indymedia.org
+		- ecuador.indymedia.org
+		- irc.indymedia.org
+		- www.mexico.indymedia.org
+		- newmexico.indymedia.org
+		- www.newmexico.indymedia.org
+		- neworleans.indymedia.org
+		- nm.indymedia.org
+		- nola.indymedia.org
+		- pittsburgh.indymedia.org
+		- portland.indymedia.org
+		- www.portland.indymedia.org
+		- media.portland.indymedia.org
+		- publish.portland.indymedia.org
+		- pr.indymedia.org
+		- www.pr.indymedia.org
+		- print.indymedia.org
+		- www.print.indymedia.org
+		- puertorico.indymedia.org
+		- www.puertorico.indymedia.org
+		- quebec.indymedia.org
+		- richmond.indymedia.org
+		- www.richmond.indymedia.org
+		- rochester.indymedia.org
+		- www.rochester.indymedia.org
+		- santacruz.indymedia.org
+		- www.santacruz.indymedia.org
+		- sonora.indymedia.org
+		- www.stlouis.indymedia.org
+		- switzerland.indymedia.org
+		- valparaiso.indymedia.org
+		- www.valparaiso.indymedia.org
+
+		Incomplete certificate chain error:
+		- austin.indymedia.org
+		- ie.indymedia.org
+		- www.ie.indymedia.org
+		- ireland.indymedia.org
+		- www.ireland.indymedia.org
+
+		5xx server error:
+		- de.indymedia.org
 -->
-<ruleset name="Indymedia.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Indymedia.org">
 	<target host="indymedia.org" />
+	<target host="www.indymedia.org" />
+	<target host="linksunten.archive.indymedia.org" />
+	<target host="argentina.indymedia.org" />
+	<target host="archivo.argentina.indymedia.org" />
 	<target host="athens.indymedia.org" />
-	<target host="belgium.indymedia.org" />
+	<target host="bristol.indymedia.org" />
+	<target host="brussel.indymedia.org" />
 	<target host="brussels.indymedia.org" />
-	<target host="bruxelles.indymedia.org" />
 	<target host="bxl.indymedia.org" />
-	<target host="de.indymedia.org" />
-	<target host="grenoble.indymedia.org" />
-	<target host="*.grenoble.indymedia.org" />
+	<target host="chat.indymedia.org" />
+	<target host="la.indymedia.org" />
 	<target host="lille.indymedia.org" />
 	<target host="linksunten.indymedia.org" />
-	<target host="www.linksunten.indymedia.org" />
+	<target host="mexico.indymedia.org" />
 	<target host="nantes.indymedia.org" />
-	<target host="www.nantes.indymedia.org" />
-	<target host="nyc.indymedia.org" />
-	<target host="publish.nyc.indymedia.org" />
-	<target host="www.nyc.indymedia.org" />
-	<target host="pouget.indymedia.org" />
-	<target host="publish.indymedia.org" />
-	<target host="www.indymedia.org" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="http://(?:[^./]+\.){2,}(?:belgium|brussels|bruxelles|bxl|grenoble|nantes)\.indymedia\.org/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.belgium.indymedia.org/" />
-			<test url="http://exists.not.belgium.indymedia.org/" />
-			<test url="http://this.host.brussels.indymedia.org/" />
-			<test url="http://exists.not.brussels.indymedia.org/" />
-			<test url="http://this.host.bruxelles.indymedia.org/" />
-			<test url="http://exists.not.bruxelles.indymedia.org/" />
-			<test url="http://this.host.bxl.indymedia.org/" />
-			<test url="http://exists.not.bxl.indymedia.org/" />
-			<test url="http://this.host.grenoble.indymedia.org/" />
-			<test url="http://exists.not.grenoble.indymedia.org/" />
-			<test url="http://this.host.nantes.indymedia.org/" />
-			<test url="http://exists.not.nantes.indymedia.org/" />
+	<target host="radio.indymedia.org" />
+	<target host="www.radio.indymedia.org" />
 
-			<!--	-ve:
-					-->
-			<test url="http://www.belgium.indymedia.org/" />
-			<test url="http://www.grenoble.indymedia.org/" />
-			<test url="http://www.nantes.indymedia.org/" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<test url="http://publish.nyc.indymedia.org/nyc/servlet/OpenMir" />
-		<test url="http://publish.indymedia.org/earth/servlet/OpenMir" />
-
-	<!--	Complications:
-				-->
-	<target host="netherlands.indymedia.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.israel\.indymedia\.org$" name="^SESS[\da-f]{32}$" /-->
-	<!--securecookie host="^(?:www\.)?nantes\.indymedia\.org$" name="^(?:_session_id|flash)$" /-->
-	<!--securecookie host="^\.nantes\.indymedia\.org$" name="^_session_id$" /-->
-	<!--securecookie host="^publish\.(?:nyc\.)?indymedia\.org$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^publish\.indymedia\.org$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.belgium\.indymedia\.org/"
-		to="https://belgium.indymedia.org/" />
-
-	<rule from="^http://netherlands\.indymedia\.org/"
-		to="https://www.indymedia.nl/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-
-<!--	Old exclusions and notes follow for reference purposes.
-
-
- This is a ruleset for the https-everywhere extension for firefox.
- for more info see https://www.eff.org/https-everywhere
-
- to install the extension put this file in
-  ~/.mozilla/your.profile/HTTPSEverywhereUserRules
-
- 2010/07/14 Version 0.1 chekov(at-sign)riseup.net
-
- scope of this document:
-  indymedia.org based imcs and infrastructure
-  it also includes the indymedia.org.uk and the northern-indymedia.org ans northernindymedia.org domains
-  discuss this document at the im-tech list from lists.indymedia.org
-  not including indymedia.us, indymedia.org.il and the like
-
- 2010-06-23 report on tested sites:
- == working ==
- "global"
- radio, mir
- keys
-
- linksunten
-
- == failed ==
- ambazonia|beirut|bergstedt|blackcat|bulgaria|canarias|chiapas|
- dc|dl1\.video|hm|hudsonmohawk|jakarta|korea|laplana|lille1|mail\.se
- |minneapolis|mke|nettlau|newsreal|nycap|ottawa|perth|pl|
- rochester|romania|rous|russia|shiva|sweden|twincities|victoria|wmass|worcester|www1\.mexico|www3\.ch
-
- translations
- italia
-
-
-  exclusion for infrastructure
-  <exclusion pattern="^http://(?:www\.)?translations\.indymedia\.org/"/>
-
-  exclusion for imcs
-
-  <exclusion pattern="^http://(?:www\.)?(?:pr|italia|beirut)\.indymedia\.org/"/>
-
-  <exclusion pattern="^http://(?:ambazonia|atlanta|beirut|bergstedt|blackcat|bulgaria|canarias|chiapas|dc|dl1\.video|hm|hudsonmohawk|jakarta|korea|laplana|lille1|mail\.se|minneapolis|mke|nettlau|newsreal|nycap|ottawa|perth|pl|rochester|romania|rous|russia|shiva|sweden|twincities|victoria|wmass|worcester|www1?\.mexico|www3\.ch)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:media[12]?\.argentina|buscador\.argentina)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:(?:www2?\.)?brasil|brazil)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:chicago2|www0\.chicago|dev\.chicago)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:media[12]?\.de|www[23]\.de|www[23]\.germany)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:www[12]\.istanbul|media2?\.istanbul|bagimsiz-istanbul|istanbul\.bbm)\.indymedia\.org/"/>
-  <exclusion pattern="^http://(?:(?:publish\.)?sandiego)\.indymedia\.org/"/>
-
--->
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/InfNX.xml b/src/chrome/content/rules/InfNX.xml
deleted file mode 100644
index eeadfd58846c..000000000000
--- a/src/chrome/content/rules/InfNX.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Other InfNX rulesets:
-
-		- FixUnix.xml
-
-
-	(www.)?infnx.com: Plaintext reply
-
-
-	In buckets somewhere:
-
-		- [ci].dbaspot.com
-		- c.objectmix.com
-
--->
-<ruleset name="InfNX.com">
-
-	<!--	infnx.com/web-portfolio	-->
-	<target host="idn.infnx.com"/>
-	<target host="static.infnx.com"/>
-
-		<test url="http://idn.infnx.com/fixunix/fixunix-logo.png" />
-
-
-	<rule from="^http://(idn|static)\.infnx\.com/"
-		to="https://s3.amazonaws.com/$1.infnx.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Infamous.xml b/src/chrome/content/rules/Infamous.xml
deleted file mode 100644
index c2f7e5bf174e..000000000000
--- a/src/chrome/content/rules/Infamous.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	(www.)?: Dropped
-
--->
-<ruleset name="Infamous" default_off="refused">
-
-	<target host="foreverinfamous.com" />
-	<target host="www.foreverinfamous.com" />
-
-
-	<securecookie host="^(?:w*\.)?foreverinfamous\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Infinet.com.au.xml b/src/chrome/content/rules/Infinet.com.au.xml
index d2a5eed24d32..a2036db63d7e 100644
--- a/src/chrome/content/rules/Infinet.com.au.xml
+++ b/src/chrome/content/rules/Infinet.com.au.xml
@@ -21,7 +21,8 @@ Fetch error: http://support.infinet.com.au/ => https://support.infinet.com.au/:
 <ruleset name="Infinet.com.au (partial)">
 
 	<target host="infinet.com.au" />
-	<target host="shop.infinet.com.au" />
+	<target host="support.infinet.com.au" />
+	<target host="www.infinet.com.au" />
 	<target host="www.shop.infinet.com.au" />
 		<!--
 			Redirect to http:
@@ -31,8 +32,7 @@ Fetch error: http://support.infinet.com.au/ => https://support.infinet.com.au/:
 			Exceptions:
 					-->
 		<exclusion pattern="^http://(?:www\.)?shop\.infinet\.com\.au/+(?!epages/shop\.sf/en_AU/\?ObjectPath=/Shops/infinet&amp;ViewAction=ViewRegistration|WebRoot/)" />
-	<target host="support.infinet.com.au" />
-	<target host="www.infinet.com.au" />
+
 		<!--
 			Avoid false/broken MCB:
 						-->
@@ -42,7 +42,6 @@ Fetch error: http://support.infinet.com.au/ => https://support.infinet.com.au/:
 	<securecookie host="^support\.infinet\.com\.au$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.(?:shop\.)?)?infinet\.com\.au/"
-		to="https://$1infinet.com.au/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/InfiniteDescent.xyz.xml b/src/chrome/content/rules/InfiniteDescent.xyz.xml
new file mode 100644
index 000000000000..ec0afe016575
--- /dev/null
+++ b/src/chrome/content/rules/InfiniteDescent.xyz.xml
@@ -0,0 +1,8 @@
+<ruleset name="InfiniteDescent.xyz">
+	<target host="infinitedescent.xyz" />
+	<target host="www.infinitedescent.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InfinityDev.org.xml b/src/chrome/content/rules/InfinityDev.org.xml
deleted file mode 100644
index a5ce5f4cf4f0..000000000000
--- a/src/chrome/content/rules/InfinityDev.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- infinitydev.org
-		- .infinitydev.org
-
--->
-<ruleset name="InfinityDev.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="infinitydev.org" />
-	<target host="www.infinitydev.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^infinitydev\.org$" name="^laravel_session$" /-->
-	<!--securecookie host="^\.infinitydev\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Infinity_Tracking.xml b/src/chrome/content/rules/Infinity_Tracking.xml
index c93e9f1deb5e..51750f86877a 100644
--- a/src/chrome/content/rules/Infinity_Tracking.xml
+++ b/src/chrome/content/rules/Infinity_Tracking.xml
@@ -24,4 +24,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Infinow.net.xml b/src/chrome/content/rules/Infinow.net.xml
deleted file mode 100644
index 62e1aab9f3b8..000000000000
--- a/src/chrome/content/rules/Infinow.net.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Infinow.net">
-	<target host="infinow.net" />
-	<target host="www.infinow.net" />
-	
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/InfluAds.xml b/src/chrome/content/rules/InfluAds.xml
deleted file mode 100644
index b620099697dc..000000000000
--- a/src/chrome/content/rules/InfluAds.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows dashboard; mismatched, CN: dashboard.influads.com)
-
-
-	Problematic subdomains:
-
-		- papi		(works; mismatched, CN: engine.influads.com)
-
--->
-<ruleset name="InfluAds (partial)">
-
-	<target host="*.influads.com" />
-
-
-	<securecookie host="^dashboard\.influads\.com$" name=".+" />
-
-
-	<rule from="^http://(dashboard|engine)\.influads\.com/"
-		to="https://$1.influads.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Influencers_Conference.xml b/src/chrome/content/rules/Influencers_Conference.xml
deleted file mode 100644
index 8f604074a0c5..000000000000
--- a/src/chrome/content/rules/Influencers_Conference.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Influencers Conference">
-
-	<target host="influencersconference.com" />
-	<target host="www.influencersconference.com" />
-
-
-	<securecookie host="^\.influencersconference\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/InfoJobs.net.xml b/src/chrome/content/rules/InfoJobs.net.xml
index bc8c343bf1e1..f8b9377ab774 100644
--- a/src/chrome/content/rules/InfoJobs.net.xml
+++ b/src/chrome/content/rules/InfoJobs.net.xml
@@ -40,7 +40,13 @@
 <ruleset name="InfoJobs.net (partial)">
 
 	<target host="infojobs.net" />
-	<target host="*.infojobs.net" />
+	<target host="citrix.infojobs.net" />
+	<target host="formacion.infojobs.net" />
+	<target host="m.infojobs.net" />
+	<target host="media.infojobs.net" />
+	<target host="nosotros.infojobs.net" />
+	<target host="www.infojobs.net" />
+	<target host="static1.infojobs.net" />
 
 
 	<!--	Not secured by server:
@@ -51,10 +57,9 @@
 	<securecookie host="^citrix\.infojobs\.net$" name=".+" />
 
 
-	<rule from="^http://((?:citrix|formacion|m|media|nosotros|www)\.)?infojobs\.net/"
-		to="https://$1infojobs.net/" />
 
 	<rule from="^http://static1\.infojobs\.net/"
 		to="https://es-static0.infojobs.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/InfoTomb.com.xml b/src/chrome/content/rules/InfoTomb.com.xml
index 5e28791cb4d6..4559a784f743 100644
--- a/src/chrome/content/rules/InfoTomb.com.xml
+++ b/src/chrome/content/rules/InfoTomb.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://infotomb.com/ => https://infotomb.com/: (60, 'SSL certificat
 Fetch error: http://www.infotomb.com/ => https://www.infotomb.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="InfoTomb.com" default_off='failed ruleset test'>
+<ruleset name="InfoTomb.com" default_off="failed ruleset test">
 
 	<target host="infotomb.com" />
 	<target host="www.infotomb.com" />
diff --git a/src/chrome/content/rules/InfoWar.com.xml b/src/chrome/content/rules/InfoWar.com.xml
index c63fb0c3c86f..d51d61b57c1e 100644
--- a/src/chrome/content/rules/InfoWar.com.xml
+++ b/src/chrome/content/rules/InfoWar.com.xml
@@ -18,7 +18,7 @@
 	* Secured by us
 
 -->
-<ruleset name="InfoWar.com" default_off="missing certificate chain">
+<ruleset name="InfoWar.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Infocube.xml b/src/chrome/content/rules/Infocube.xml
index b8d435d19935..d8ed849d4497 100644
--- a/src/chrome/content/rules/Infocube.xml
+++ b/src/chrome/content/rules/Infocube.xml
@@ -6,7 +6,7 @@ Fetch error: http://ogt.jp/ => https://ogt.jp/: (7, 'Failed to connect to ogt.jp
 Automatically by https-everywhere-checker because:
 Fetch error: http://ogt.jp/ => https://ogt.jp/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Infocube (partial)" default_off='failed ruleset test'>
+<ruleset name="Infocube (partial)" default_off="failed ruleset test">
 
 	<target host="ogt.jp" />
 	<target host="a3.ogt.jp" />
diff --git a/src/chrome/content/rules/Infogroup.xml b/src/chrome/content/rules/Infogroup.xml
index cdf695befe34..8ab1931c8d72 100644
--- a/src/chrome/content/rules/Infogroup.xml
+++ b/src/chrome/content/rules/Infogroup.xml
@@ -35,7 +35,7 @@ Fetch error: http://shared.sub.infousa.com/ => https://shared.sub.infousa.com/:
 		- .link.p0.com
 
 -->
-<ruleset name="Infogroup (partial)" default_off='failed ruleset test'>
+<ruleset name="Infogroup (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Infolinks.xml b/src/chrome/content/rules/Infolinks.xml
index b2fea8e8ace6..eba64aeb8c93 100644
--- a/src/chrome/content/rules/Infolinks.xml
+++ b/src/chrome/content/rules/Infolinks.xml
@@ -48,14 +48,23 @@
 <ruleset name="Infolinks (partial)">
 
 	<target host="infolinks.com" />
-	<target host="*.infolinks.com" />
+	<target host="advertisers.infolinks.com" />
+	<target host="blog.infolinks.com" />
+	<target host="c1.infolinks.com" />
+	<target host="indnf.infolinks.com" />
+	<target host="internalindn.infolinks.com" />
+	<target host="ls.infolinks.com" />
+	<target host="metrics.infolinks.com" />
+	<target host="p1105.infolinks.com" />
+	<target host="publishers.infolinks.com" />
+	<target host="resources.infolinks.com" />
+	<target host="www.infolinks.com" />
 		<exclusion pattern="^http://ls\.infolinks\.com/(?!images/)" />
 
 
 	<securecookie host="^advertisers\.infolinks\.com$" name=".+" />
 
 
-	<rule from="^http://((?:advertisers|blog|c1|indnf|internalindn|ls|metrics|p1105|publishers|resources|www)\.)?infolinks\.com/"
-		to="https://$1infolinks.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Infopaginas.xml b/src/chrome/content/rules/Infopaginas.xml
index a6ace957367a..d043308d606b 100644
--- a/src/chrome/content/rules/Infopaginas.xml
+++ b/src/chrome/content/rules/Infopaginas.xml
@@ -5,7 +5,7 @@
 <ruleset name="Infopáginas">
 
 	<target host="infopaginas.com" />
-	<target host="*.infopaginas.com" />
+	<target host="www.infopaginas.com" />
 
 
 	<securecookie host="^w*\.infopaginas\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?infopaginas\.com/"
 		to="https://www.infopaginas.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InformIT.com.xml b/src/chrome/content/rules/InformIT.com.xml
new file mode 100644
index 000000000000..4fde352b4160
--- /dev/null
+++ b/src/chrome/content/rules/InformIT.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		- ^ (fixed by this ruleset)
+		- aw
+		- cs
+		- e
+		- it
+		- safari
+		- sams
+		- security
+
+	Time out:
+		- admin
+		- beta
+		- cert
+		- citrix
+		- cmp
+		- exchange
+		- www.extranet
+		- infobase
+		- lists
+		- net
+		- office
+		- openmarket
+		- safariexamples
+		- secure
+		- software
+		- windows
+-->
+<ruleset name="InformIT.com">
+	<target host="informit.com" />
+	<target host="www.informit.com" />
+	<target host="corpservices.informit.com" />
+	<target host="memberservices.informit.com" />
+
+	<rule from="^http://informit\.com/" to="https://www.informit.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InformIT.xml b/src/chrome/content/rules/InformIT.xml
deleted file mode 100644
index e7c92f44ab6a..000000000000
--- a/src/chrome/content/rules/InformIT.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Pearson coverage, see Pearson.xml.
-
-
-	Nonfunctional subdomains:
-
-		- widget
-
--->
-<ruleset name="InformIT (partial)" platform="mixedcontent">
-
-	<target host="informit.com" />
-	<target host="*.informit.com" />
-
-
-	<rule from="^http://informit\.com/"
-		to="https://www.informit.com/" />
-
-	<rule from="^http://(memberservices|www)\.informit\.com/"
-		to="https://$1.informit.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Informa.xml b/src/chrome/content/rules/Informa.xml
index b4979f4717a4..ddc7aad4ef79 100644
--- a/src/chrome/content/rules/Informa.xml
+++ b/src/chrome/content/rules/Informa.xml
@@ -15,7 +15,7 @@ Fetch error: http://garlandscience.com/ => https://www.garlandscience.com/: (60,
 		- Informa_Healthcare.xml
 
 -->
-<ruleset name="Informa (partial)" default_off='failed ruleset test'>
+<ruleset name="Informa (partial)" default_off="failed ruleset test">
 
 	<target host="crcpress.com"/>
 	<target host="www.crcpress.com"/>
diff --git a/src/chrome/content/rules/Informa_Healthcare-problematic.xml b/src/chrome/content/rules/Informa_Healthcare-problematic.xml
index 3f7f46135dc9..05046046a519 100644
--- a/src/chrome/content/rules/Informa_Healthcare-problematic.xml
+++ b/src/chrome/content/rules/Informa_Healthcare-problematic.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Informa_Healthcare.xml b/src/chrome/content/rules/Informa_Healthcare.xml
index 5a9927fe4aa4..990f49a6a004 100644
--- a/src/chrome/content/rules/Informa_Healthcare.xml
+++ b/src/chrome/content/rules/Informa_Healthcare.xml
@@ -40,7 +40,7 @@ Fetch error: http://www.informahealthcare.com/templates/jsp/style.css => https:/
 		- (www.)informahealthcare.com		(most pages redirect to http)
 
 -->
-<ruleset name="Informa Healthcare (partial)" default_off='failed ruleset test'>
+<ruleset name="Informa Healthcare (partial)" default_off="failed ruleset test">
 
 	<target host="informahealthcare.com" />
 	<target host="www.informahealthcare.com" />
diff --git a/src/chrome/content/rules/Informatick.net.xml b/src/chrome/content/rules/Informatick.net.xml
index 3cafc1ca602a..e030065da7a1 100644
--- a/src/chrome/content/rules/Informatick.net.xml
+++ b/src/chrome/content/rules/Informatick.net.xml
@@ -10,7 +10,7 @@ Fetch error: http://informatick.com/ => https://informatick.com/: (60, 'SSL cert
 Fetch error: http://www.informatick.com/ => https://www.informatick.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://informatick.net/ => https://informatick.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="informatick.net (partial)" default_off='failed ruleset test'>
+<ruleset name="informatick.net (partial)" default_off="failed ruleset test">
 
 	<target host="informatick.com" />
 	<target host="www.informatick.com" />
diff --git a/src/chrome/content/rules/InformationWeek.xml b/src/chrome/content/rules/InformationWeek.xml
index 33bfe7041469..3cf088f12b8b 100644
--- a/src/chrome/content/rules/InformationWeek.xml
+++ b/src/chrome/content/rules/InformationWeek.xml
@@ -46,7 +46,7 @@ Non-2xx HTTP code: http://webinar.informationweek.com/ (200) => https://webinar.
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="InformationWeek" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="InformationWeek" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Infoworld.com.xml b/src/chrome/content/rules/Infoworld.com.xml
index 8b164356ac7a..8f517dda25e2 100644
--- a/src/chrome/content/rules/Infoworld.com.xml
+++ b/src/chrome/content/rules/Infoworld.com.xml
@@ -20,10 +20,11 @@ Fetch error: http://infoworld.com/ => https://www.infoworld.com/: (28, 'Connecti
 		- m	(mismatched, CN: *.mobify.com)
 
 -->
-<ruleset name="InfoWorld.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="InfoWorld.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="infoworld.com" />
-	<target host="*.infoworld.com" />
+	<target host="www.infoworld.com" />
+	<target host="m.infoworld.com" />
 
 
 	<securecookie host="^\.infoworld\.com$" name="^(?:s_\w+|__utm)\w$" />
diff --git a/src/chrome/content/rules/Infra-Furth.xml b/src/chrome/content/rules/Infra-Furth.xml
index 5752e8ab13b8..7388fdf01a5c 100644
--- a/src/chrome/content/rules/Infra-Furth.xml
+++ b/src/chrome/content/rules/Infra-Furth.xml
@@ -6,7 +6,6 @@
 <rule from="^http:" to="https:" />
 <!-- <rule from="^http://www\.stadtverkehr-fuerth\.de/" to="https://www.stadtverkehr-fuerth.de/"/> -->
 
-<test url="http://www.infra-fuerth.de/" />
 <!-- <test url="http://www.stadtverkehr-fuerth.de/" /> -->
 
 </ruleset>
diff --git a/src/chrome/content/rules/Infradead.org.xml b/src/chrome/content/rules/Infradead.org.xml
index fe12cfd9785d..1d44a93ad6c6 100644
--- a/src/chrome/content/rules/Infradead.org.xml
+++ b/src/chrome/content/rules/Infradead.org.xml
@@ -1,8 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.infradead.org/ => https://www.infradead.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.infradead.org'")
-
 	Non-functional hosts
 		Couldn't connect to server:
 			 - adsl-1.infradead.org
@@ -22,6 +18,7 @@ Fetch error: http://www.infradead.org/ => https://www.infradead.org/: (51, "SSL:
 			 - merlin.infradead.org
 			 - myth.infradead.org
 			 - n300.infradead.org
+			 - ns2.infradead.org
 			 - ns3.infradead.org
 			 - onkyo.infradead.org
 			 - peach.infradead.org
@@ -55,18 +52,15 @@ Fetch error: http://www.infradead.org/ => https://www.infradead.org/: (51, "SSL:
 
 		Different content:
 			 - ftp.infradead.org
-			 - git.infradead.org
 -->
-<ruleset name="Infradead.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Infradead.org (partial)">
 	<target host="www.infradead.org" />
-	<target host="bombadil.infradead.org" />
 	<target host="casper.infradead.org" />
 	<target host="domoticz.infradead.org" />
 	<target host="lists.infradead.org" />
-	<target host="ns2.infradead.org" />
 	<target host="smtpauth.infradead.org" />
-	<target host="tdw8970.infradead.org" />
 	<target host="wndr3800.infradead.org" />
+	<target host="git.infradead.org" />
 
 	<securecookie host="^www\.infradead\.org$" name=".+" />
 	<securecookie host="^lists\.infradead\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Infused-Systems.xml b/src/chrome/content/rules/Infused-Systems.xml
index 24bb97a4a9ac..a40689e8c070 100644
--- a/src/chrome/content/rules/Infused-Systems.xml
+++ b/src/chrome/content/rules/Infused-Systems.xml
@@ -9,7 +9,7 @@
 		- 2012.infusioncon.com
 		- help(center).infusionsoft.com
 		- marketplace.infusionsoft.com
--->	
+-->
 <ruleset name="Infusionsoft (partial)" platform="mixedcontent">
 
 	<target host="customerhub.net"/>
@@ -20,9 +20,7 @@
 	<target host="www.infusionsoft.com"/>
 		<exclusion pattern="^http://(?:help(?:center)?|marketplace)\.infusionsoft\."/>
 
-
-	<securecookie host="^(?:.*\.)?customerhub\.net$" name=".+" />
-	<securecookie host="^(?:.*\.)?infusionsoft\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://customerhub\.net/$"
diff --git a/src/chrome/content/rules/Ingenuity_Hosting.xml b/src/chrome/content/rules/Ingenuity_Hosting.xml
deleted file mode 100644
index c8bc77ab9a10..000000000000
--- a/src/chrome/content/rules/Ingenuity_Hosting.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: secure1.ingenuity.net.au)
-
--->
-<ruleset name="Ingenuity Hosting">
-
-	<target host="ingenuity.net.au" />
-	<target host="*.ingenuity.net.au" />
-
-
-	<rule from="^http://(?:secure1\.|www\.)?ingenuity\.net\.au/"
-		to="https://secure1.ingenuity.net.au/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ingress.xml b/src/chrome/content/rules/Ingress.xml
index 3e53e09bfe9c..de566426be52 100644
--- a/src/chrome/content/rules/Ingress.xml
+++ b/src/chrome/content/rules/Ingress.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Inhabitat.com.xml b/src/chrome/content/rules/Inhabitat.com.xml
new file mode 100644
index 000000000000..af0638b75109
--- /dev/null
+++ b/src/chrome/content/rules/Inhabitat.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Non-functional subdomains:
+		- assets	(m)
+		- m	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Inhabitat.com">
+
+	<target host="inhabitat.com" />
+	<target host="www.inhabitat.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Init7.xml b/src/chrome/content/rules/Init7.xml
index d595429efd1f..2b5e35a2c3b5 100644
--- a/src/chrome/content/rules/Init7.xml
+++ b/src/chrome/content/rules/Init7.xml
@@ -16,27 +16,54 @@
 		- notomys.init7.net
 
 	Incomplete cert chain:
-		- enoc.init7.net
+		- rt.init7.net
 		- wc.init7.net
+		- webmail.init7.net
+
+	No 2xx response:
+		- kanban.init7.net
 
 	User-controlled subdomains (*.fiber7.init7.net) not covered here.
 
 -->
 <ruleset name="Init7">
 
-
 	<target host="fiber7.ch" />
 	<target host="www.fiber7.ch" />
 
 	<target host="fiber7.tv" />
 	<target host="www.fiber7.tv" />
 
+	<target host="init7.ch" />
+	<target host="www.init7.ch" />
+
 	<target host="init7.net" />
 	<target host="www.init7.net" />
+	<target host="biber.init7.net" />
+	<target host="ci.init7.net" />
+	<target host="enoc.init7.net" />
+	<target host="fibre.init7.net" />
+	<target host="formicidae.init7.net" />
+	<target host="herald.init7.net" />
+	<target host="lynx.init7.net" />
+	<target host="matomo.init7.net" />
+	<target host="mattermost.init7.net" />
+	<target host="megas.init7.net" />
+	<target host="mirror.init7.net" />
+	<target host="noctools.init7.net" />
+	<target host="nuttalli.init7.net" />
+	<target host="salt.init7.net" />
+	<target host="troglodytes.init7.net" />
 
 	<target host="as13030.net"/>
 	<target host="www.as13030.net"/>
 
+	<rule from="^http://init7\.ch/"
+		to="https://init7.net/" />
+
+	<rule from="^http://www\.init7\.ch/"
+		to="https://www.init7.net/" />
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/InkFrog.com.xml b/src/chrome/content/rules/InkFrog.com.xml
index 0bcfadc4ce8d..4e02f7aadc80 100644
--- a/src/chrome/content/rules/InkFrog.com.xml
+++ b/src/chrome/content/rules/InkFrog.com.xml
@@ -16,7 +16,7 @@
 		- img ¹
 		- imgs ²
 		- thmb ¹
-		- thumbnails ²
+		- thumbnails (expired)
 
 	¹ Works, expired 2013-04-24
 	² Cloudfront
@@ -36,22 +36,14 @@
 -->
 <ruleset name="inkFrog.com (partial)">
 
+	<target host="imgs.inkfrog.com" />
 	<target host="inkfrog.com" />
-	<target host="*.inkfrog.com" />
+	<target host="www.inkfrog.com" />
 
 
 	<securecookie host="^(?:www\.)?inkfrog\.com$" name=".+" />
 
 
-	<rule from="^http://imgs\.inkfrog\.com/"
-		to="https://d29h7ql7qnxkqx.cloudfront.net/" />
-
-	<!--	Protocol relative links exist on img:
-							-->
-	<rule from="^https?://thumbnails\.inkfrog\.com/"
-		to="https://d33oiwhbojapjx.cloudfront.net/" />
-
-	<rule from="^http://(www\.)?inkfrog\.com/"
-		to="https://$1inkfrog.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Inkbunny.xml b/src/chrome/content/rules/Inkbunny.xml
deleted file mode 100644
index afa09d67caf1..000000000000
--- a/src/chrome/content/rules/Inkbunny.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Inkbunny">
-  <target host="inkbunny.net" />
-  <target host="www.inkbunny.net" />
-
-  <securecookie host="^inkbunny\.net$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Inmoment.com.xml b/src/chrome/content/rules/Inmoment.com.xml
new file mode 100644
index 000000000000..fd3c1f52f759
--- /dev/null
+++ b/src/chrome/content/rules/Inmoment.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		- choose.inmoment.com
+		- info.inmoment.com
+-->
+
+<ruleset name="Inmoment.com">
+	<target host="inmoment.com" />
+	<target host="www.inmoment.com" />
+	<target host="arbys.inmoment.com" />
+	<target host="buffalowildwings.inmoment.com" />
+	<target host="community.inmoment.com" />
+	<target host="freemancustomerviewpoint.inmoment.com" />
+	<target host="get.inmoment.com" />
+	<target host="intercept.inmoment.com" />
+	<target host="mandb.inmoment.com" />
+	<target host="nbty.inmoment.com" />
+	<target host="pizzahut.inmoment.com" />
+	<target host="starbucks.inmoment.com" />
+	<target host="zaxbys.inmoment.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Innocence_Project.xml b/src/chrome/content/rules/Innocence_Project.xml
index e7b21d3bb329..3b67bcacbd0d 100644
--- a/src/chrome/content/rules/Innocence_Project.xml
+++ b/src/chrome/content/rules/Innocence_Project.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Innometrics.com.xml b/src/chrome/content/rules/Innometrics.com.xml
index 076fcce8dbe4..4e6127b843c4 100644
--- a/src/chrome/content/rules/Innometrics.com.xml
+++ b/src/chrome/content/rules/Innometrics.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://customer.innometrics.com/ => https://customer.innometrics.co
 		- (www.)	(refused)
 
 -->
-<ruleset name="Innometrics.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Innometrics.com (partial)" default_off="failed ruleset test">
 
 	<target host="customer.innometrics.com" />
 
@@ -23,4 +23,4 @@ Fetch error: http://customer.innometrics.com/ => https://customer.innometrics.co
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InoReader.com.xml b/src/chrome/content/rules/InoReader.com.xml
deleted file mode 100644
index da4ce7bbda38..000000000000
--- a/src/chrome/content/rules/InoReader.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Based on blogspot:
-		blog.inoreader.com
-
-	Expired:
-		beta.inoreader.com
--->
-<ruleset name="InoReader.com">
-    <target host="inoreader.com"/>
-    <target host="www.inoreader.com"/>
-    <target host="forum.inoreader.com"/>
-    <target host="status.inoreader.com"/>
-
-    <securecookie host=".+" name=".+" />
-
-    <rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Inphi.xml b/src/chrome/content/rules/Inphi.xml
deleted file mode 100644
index 1f1a8fb8e9cb..000000000000
--- a/src/chrome/content/rules/Inphi.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Inphi" default_off="expired, mismatch, self-signed">
-
-	<target host="inphi.com" />
-	<target host="www.inphi.com" />
-
-
-	<securecookie host="^www\.inphi\.com$" name=".+" />
-
-
-	<!--	- Cert only matches //inphi.com
-		- At least some pages redirect from !www to www
-					-->
-	<rule from="^http://(?:www\.)?inphi\.com/"
-		to="https://www.inphi.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Inpros.net.xml b/src/chrome/content/rules/Inpros.net.xml
index 4c923298ee50..815d0132ffee 100644
--- a/src/chrome/content/rules/Inpros.net.xml
+++ b/src/chrome/content/rules/Inpros.net.xml
@@ -17,7 +17,7 @@
 <ruleset name="inpros.net" default_off="self-signed">
 
 	<target host="inpros.net" />
-	<target host="*.inpros.net" />
+	<target host="www.inpros.net" />
 
 
 	<securecookie host="^\.?inpros\.net$" name=".+" />
diff --git a/src/chrome/content/rules/InsideUniversal.xml b/src/chrome/content/rules/InsideUniversal.xml
new file mode 100644
index 000000000000..4af74f25dfb9
--- /dev/null
+++ b/src/chrome/content/rules/InsideUniversal.xml
@@ -0,0 +1,9 @@
+<ruleset name="InsideUniversal">
+	<target host="insideuniversal.net" />
+	<target host="www.insideuniversal.net" />
+	<target host="forums.insideuniversal.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Inside_Illinois.info.xml b/src/chrome/content/rules/Inside_Illinois.info.xml
index 8649c6fc1136..c10ed979f62d 100644
--- a/src/chrome/content/rules/Inside_Illinois.info.xml
+++ b/src/chrome/content/rules/Inside_Illinois.info.xml
@@ -6,7 +6,7 @@ Fetch error: http://insideillinois.info/ => https://insideillinois.info/: (28, '
 	www.insideillinois.info doesn't exist.
 
 -->
-<ruleset name="Inside Illinois.info" default_off='failed ruleset test'>
+<ruleset name="Inside Illinois.info" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Insidecelebs.com.xml b/src/chrome/content/rules/Insidecelebs.com.xml
deleted file mode 100644
index f9dab335e658..000000000000
--- a/src/chrome/content/rules/Insidecelebs.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="insidecelebs.com">
-
-	<target host="insidecelebs.com" />
-	<target host="www.insidecelebs.com" />
-
-
-	<securecookie host="^\.insidecelebs\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Insideygs.com.xml b/src/chrome/content/rules/Insideygs.com.xml
index e7a0d474ae9f..03ac0b3ab0ac 100644
--- a/src/chrome/content/rules/Insideygs.com.xml
+++ b/src/chrome/content/rules/Insideygs.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.insideygs.com/ => https://www.insideygs.com/: (28, 'Conn
 		- adintegration.insideygs.com
 
 -->
-<ruleset name="insideygs.com" default_off='failed ruleset test'>
+<ruleset name="insideygs.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/InsightExpress.com.xml b/src/chrome/content/rules/InsightExpress.com.xml
index 1b856d3fd5bf..1c97e39bcdbb 100644
--- a/src/chrome/content/rules/InsightExpress.com.xml
+++ b/src/chrome/content/rules/InsightExpress.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/InsightExpressai.com.xml b/src/chrome/content/rules/InsightExpressai.com.xml
index 3b0a8229b35c..d6f131c3aa98 100644
--- a/src/chrome/content/rules/InsightExpressai.com.xml
+++ b/src/chrome/content/rules/InsightExpressai.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://icompass.insightexpressai.com/ => https://icompass.insightex
 		- .insightexpressai.com
 
 -->
-<ruleset name="InsightExpressai.com" default_off='failed ruleset test'>
+<ruleset name="InsightExpressai.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Insnw.net.xml b/src/chrome/content/rules/Insnw.net.xml
index 6d57e3768bbe..3b6e2e7d9b5f 100644
--- a/src/chrome/content/rules/Insnw.net.xml
+++ b/src/chrome/content/rules/Insnw.net.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Instart Logic coverage, see Instart_Logic.com.xml.
+	For other Instart Logic coverage, see Instart_Logic.com.xml & Volantix.com.xml
 
 -->
 <ruleset name="Insnw.net">
diff --git a/src/chrome/content/rules/Inspectlet.com.xml b/src/chrome/content/rules/Inspectlet.com.xml
index afdca2a91326..24e9d82e3e22 100644
--- a/src/chrome/content/rules/Inspectlet.com.xml
+++ b/src/chrome/content/rules/Inspectlet.com.xml
@@ -20,7 +20,7 @@
 	<target host="cdn.inspectlet.com" />
 		<exclusion pattern="^http://cdn\.inspectlet\.com/$" />
 		<test url="http://cdn.inspectlet.com/inspectlet.js" />
-	
+
 	<rule from="^http:" to="https:" />
 
 	<securecookie host=".+" name=".+" />
diff --git a/src/chrome/content/rules/Inspiration_Green.xml b/src/chrome/content/rules/Inspiration_Green.xml
deleted file mode 100644
index 50c4cb843f71..000000000000
--- a/src/chrome/content/rules/Inspiration_Green.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Inspiration Green">
-
-	<target host="inspirationgreen.com" />
-	<target host="www.inspirationgreen.com" />
-
-
-	<securecookie host="^(?:www\.)?inspirationgreen\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Instaemail.net.xml b/src/chrome/content/rules/Instaemail.net.xml
deleted file mode 100644
index 74cab9ff7a36..000000000000
--- a/src/chrome/content/rules/Instaemail.net.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cdn.instaemail.net.s3.amazonaws.com
-
-			- cdn.instaemail.net
-
-
-	Nonfunctional domains:
-
-		- instaemail.com	(dropped)
-		- www.instaemail.com	(refused)
-
--->
-<ruleset name="Instaemail.net">
-
-	<target host="cdn.instaemail.net" />
-
-
-	<rule from="^http://cdn\.instaemail\.net/"
-		to="https://s3.amazonaws.com/cdn.instaemail.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Instagr.am.xml b/src/chrome/content/rules/Instagr.am.xml
index 89cb1ac309d9..aa6b1d2e5c72 100644
--- a/src/chrome/content/rules/Instagr.am.xml
+++ b/src/chrome/content/rules/Instagr.am.xml
@@ -1,26 +1,13 @@
 <!--
-	For other Instagram coverage, see Instagram.xml.
-
-
-	Partially covered domains:
-
-		- instagr.am
-
+	Other Instragram rulesets:
+		- CDN_Instagram.com.xml
+		- Instagrampartners.com.xml
 -->
-<ruleset name="Instagr.am (partial)" default_off="Needs ruleset tests">
+<ruleset name="Instagr.am (partial)">
 
-	<!--	Complications:
-				-->
 	<target host="instagr.am" />
+	<target host="www.instagr.am" />
 
-
-	<rule from="^http://instagr\.am/static/images/"
-		to="https://s3.amazonaws.com/instagram-static/images/" />
-
-	<!--	Note that this next rule does not currently work for /static/images
-		but that case is handled by the previous rule.
-								-->
-	<rule from="^http://instagr\.am/(?=p/|static/)"
-		to="https://instagram.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Instagram.xml b/src/chrome/content/rules/Instagram.xml
deleted file mode 100644
index 27f181727750..000000000000
--- a/src/chrome/content/rules/Instagram.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-<!--
-	Other Instagram rulesets:
-
-		- CDN_Instagram.com.xml
-		- Instagr.am.xml
-		- Instagrampartners.com.xml
-
-
-	CDN buckets:
-
-		- igcdn-photos-a-a.akamaihd.net
-		- igcdn-photos-b-a.akamaihd.net
-		- igcdn-photos-c-a.akamaihd.net
-		- igcdn-photos-d-a.akamaihd.net
-		- igcdn-photos-e-a.akamaihd.net
-		- igcdn-photos-f-a.akamaihd.net
-		- instagramimages-a.akamaihd.net
-		- instagramstatic-a.akamaihd.net
-
-		- distillery.s3.amazonaws.com | d18txuuu339yuz.cloudfront.net
-
-			- images.instagram.com
-
-
-	Problematic hosts in *instagram.com:
-
-		- images1.ak	(works, akamai)
-
-		Mismatch (tumblr):
-			- blog.instagram.com
-			- blog.business.instagram.com
-			- developers.instagram.com
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- instagram.com
-		- badges.instagram.com
-		- .help.instagram.com
-
--->
-<ruleset name="Instagram.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="instagram.com" />
-	<target host="www.instagram.com" />
-	<target host="api.instagram.com" />
-	<target host="badges.instagram.com" />
-	<target host="business.instagram.com" />
-	<target host="engineering.instagram.com" />
-	<target host="help.instagram.com" />
-	<target host="l.instagram.com" />
-	<target host="platform.instagram.com" />
-
-	<!--	Complications:
-				-->
-	<target host="images.instagram.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(badges\.)?instagram\.com$" name="^(csrftoken|mid)$" /-->
-	<!--securecookie host="^\.help\.instagram\.com$" name="^(datr|noscript|reg_ext_ref|reg_fb_ref|reg_fb_gate)$" /-->
-
-	<securecookie host="^(?:badges\.|\.help\.)?instagram\.com$" name=".+" />
-
-	<rule from="^http://images\.instagram\.com/"
-		to="https://d18txuuu339yuz.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Instagrampartners.com.xml b/src/chrome/content/rules/Instagrampartners.com.xml
index 4efe39ea1bce..3960ba09479b 100644
--- a/src/chrome/content/rules/Instagrampartners.com.xml
+++ b/src/chrome/content/rules/Instagrampartners.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Instagram coverage, see Instagram.xml.
+	For other Instagram coverage, see Instagr.am.xml.
 -->
 <ruleset name="Instagrampartners.com">
 	<target host="instagrampartners.com" />
diff --git a/src/chrome/content/rules/Instantbird.org.xml b/src/chrome/content/rules/Instantbird.org.xml
index b82d32e95ce7..f5f828d65d2e 100644
--- a/src/chrome/content/rules/Instantbird.org.xml
+++ b/src/chrome/content/rules/Instantbird.org.xml
@@ -28,7 +28,7 @@ Fetch error: http://wiki.instantbird.org/ => https://wiki.instantbird.org/: (60,
 		- bugzilla.instantbird.org
 
 -->
-<ruleset name="Instantbird.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Instantbird.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Instart_Logic.com.xml b/src/chrome/content/rules/Instart_Logic.com.xml
deleted file mode 100644
index 9890c76ab6d3..000000000000
--- a/src/chrome/content/rules/Instart_Logic.com.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	Other Instart Logic rulesets:
-
-		- Insnw.net.xml
-
-
-	Nonfunctional subdomains:
-
-		- go *
-
-	* Marketo
-
-
-	Problematic subdomains:
-
-		- status *
-
-	* StatusPage
-
--->
-<ruleset name="Instart Logic.com (partial)">
-
-	<target host="instartlogic.com" />
-	<target host="*.instartlogic.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?instartlogic\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:\.customer\.|www\.)?instartlogic\.com$" name=".+" />
-
-
-	<!--	Redirect drops args:
-					-->
-	<rule from="^http://go\.instartlogic\.com/+(?:$|\?.*)"
-		to="https://www.instartlogic.com/" />
-
-	<rule from="^http://go\.instartlogic\.com/(?=css/|images/|js/|rs/)"
-		to="https://na-sj07.marketo.com/" />
-
-	<rule from="^http://status\.instartlogic\.com/"
-		to="https://instartlogic.statuspage.io/" />
-
-	<rule from="^http://(customer\.|www\.)?instartlogic\.com/"
-		to="https://$1instartlogic.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Instella_Platform.xml b/src/chrome/content/rules/Instella_Platform.xml
deleted file mode 100644
index 36704a639335..000000000000
--- a/src/chrome/content/rules/Instella_Platform.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Instella Platform (partial)">
-
-	<target host="*.instellaplatform.com" />
-
-
-	<securecookie host="^.+\.instellaplatform\.com$" name=".+" />
-
-
-	<!--	Unique subdomains for each client.
-							-->
-	<rule from="^http://(?!www)\.instellaplatform\.com/"
-		to="https://$1.instellaplatform.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml b/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml
index b2e5fc16d297..0f8def95aa8b 100644
--- a/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml
+++ b/src/chrome/content/rules/Institut_fur_Internet-Sicherheit.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?it-sicherheit\.de/"
 		to="https://www.it-sicherheit.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Institute-of-Physics.xml b/src/chrome/content/rules/Institute-of-Physics.xml
index 6f7db2bb5c37..63a371de1a9b 100644
--- a/src/chrome/content/rules/Institute-of-Physics.xml
+++ b/src/chrome/content/rules/Institute-of-Physics.xml
@@ -43,7 +43,7 @@ Fetch error: http://iopscience.iop.org/ => https://iopscience.iop.org/: (28, 'Op
 	ᵐ Rule disabled by default <= mismatched
 
 -->
-<ruleset name="IoP.org (partial)" default_off='failed ruleset test'>
+<ruleset name="IoP.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Instogram.pro.xml b/src/chrome/content/rules/Instogram.pro.xml
new file mode 100644
index 000000000000..1201f79c2dea
--- /dev/null
+++ b/src/chrome/content/rules/Instogram.pro.xml
@@ -0,0 +1,8 @@
+<ruleset name="Instogram.pro">
+	<target host="instogram.pro" />
+	<target host="www.instogram.pro" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Instra.xml b/src/chrome/content/rules/Instra.xml
index 6382389e5440..72715f9597f3 100644
--- a/src/chrome/content/rules/Instra.xml
+++ b/src/chrome/content/rules/Instra.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Intan.net.xml b/src/chrome/content/rules/Intan.net.xml
deleted file mode 100644
index b8a879bed63a..000000000000
--- a/src/chrome/content/rules/Intan.net.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="intan.net">
-	<target host="icm.intan.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Integral-Marketing.com.xml b/src/chrome/content/rules/Integral-Marketing.com.xml
deleted file mode 100644
index 64e712e236fe..000000000000
--- a/src/chrome/content/rules/Integral-Marketing.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	(www.): refused
-
--->
-<ruleset name="Integral-Marketing.com (partial)">
-
-	<target host="ads.integral-marketing.com" />
-
-
-	<rule from="^http://ads\.integral-marketing\.com/"
-		to="https://saxp.zedo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intel-mismatches.xml b/src/chrome/content/rules/Intel-mismatches.xml
deleted file mode 100644
index 45a19e73e7c4..000000000000
--- a/src/chrome/content/rules/Intel-mismatches.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For rules that are on by default, see Intel.xml.
-
--->
-<ruleset name="Intel (mismatches)" default_off="mismatched">
-
-	<target host="failover.intel.com" />
-	<target host="intel.co.uk" />
-	<target host="*.intel.co.uk" />
-
-
-	<!--	Akamai	-->
-	<rule from="^http://failover\.intel\.com/"
-		to="https://failover.intel.com/" />
-
-	<!--	- !www times out over https
-		- !www redirects to www over http
-					-->
-	<rule from="^http://(?:www\.)?intel\.co\.uk/"
-		to="https://www.intel.co.uk/" />
-
-	<!--	- Times out
-		- 301s like so over http
-					-->
-	<rule from="^http://itcommunity\.intel\.co\.uk/"
-		to="https://www.intel.co.uk/content/www/uk/en/it-management/intel-it/it-managers.html" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intel.co.uk.xml b/src/chrome/content/rules/Intel.co.uk.xml
index 830f5c1f6474..403545b018ba 100644
--- a/src/chrome/content/rules/Intel.co.uk.xml
+++ b/src/chrome/content/rules/Intel.co.uk.xml
@@ -1,35 +1,13 @@
 <!--
 	For other Intel coverage, see Intel.xml.
 
-
-	Problematic subdomains:
-
-		- iq *
-
-	* Mixed css
-
-
-	These altnames don't exist:
-
-		- www.iq.intel.co.uk
-
-
-	Mixed content:
-
-		- css on iq from $self *
-
-	* Secured by us
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- intel.co.uk
 -->
 <ruleset name="Intel.co.uk (partial)">
-
 	<target host="iq.intel.co.uk" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://iq\.intel\.co\.uk/+(?!favicon\.ico|wp-content/|wp-includes/)" />
-
+	<target host="www.intel.co.uk" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Intel.xml b/src/chrome/content/rules/Intel.xml
index 5d2fa937bdf5..472b81cc59e5 100644
--- a/src/chrome/content/rules/Intel.xml
+++ b/src/chrome/content/rules/Intel.xml
@@ -1,239 +1,70 @@
 <!--
-	For problematic rules, see Intel-mismatches.xml.
-
-	CDN buckets:
-		- corpredirect.intel.com.edgesuite.net
-		- downloadmirror.intel.com.edgesuite.net
-		- inside.intel.com.edgesuite.net
-			- a1578.b.akamai.net
-		- software.intel.com.edgesuite.net
-			- a163.b.akamai.net
-		- software-downloads.intel.com.edgesuite.net
-			- a978.b.akamai.net
-			- downloads-software.intel.com
-
 	Other Intel rulesets:
-		- ACPICA.org.xml
-		- Cilk_Plus.org.xml
-		- Intel.co.jp.xml
-		- Intel.co.uk.xml
-		- Intel_Free_Press.com.xml
-		- McAfee.xml
-		- McAfee-Mobile-Security.xml
-		- McAfee-MX-Logic.xml
-		- McAfee-SECURE.xml
-		- PathDefender.com.xml
-		- ScanAlert.xml
-		- SiteAdvisor.com.xml
-		- Threading-Building-Blocks.xml
-		- Ywxi.net.xml
-
-	Nonfunctional domains:
-		- intel.com subdomains:
-			- cache-www      ²
-			- corpredirect   ³
-			- mysearch       ⁴
-			- prd1idz.cps    ⁵
-			- processormatch ⁴
-			- www            ²
-			- www-cache      ²
-			- scoop          ⁴
-			- staging-our    ⁵
-			- staging-scoop  ⁵
-			- xdk		     ⁴
-		- itcommunity.intel.co.uk ⁵
-		- intellinuxgraphics.org
-	¹ Redirects to http, akamai
-	² 503, akamai
-	³ Shows another domain, akamai
-	⁴ Refused
-	⁵ Dropped
-
-	Problematic subdomains:
-		- chi1      (Expired)
-		- embedded.edc ³
-		- firmware ⁴
-		- inside ¹
-		- search ²
-		- ssl    ²
-	¹ Works, akamai
-	² Works, self-signed
-	³ Some paths 404; mismatched, CN: chi1.intel.com
-	⁴ Incomplete certificate chain
-
-	Partially covered subdomains:
-		- communities.edc ³	(→ embedded.communities)
-		- newsroom ¹
-	¹ Avoiding false/broken MCB, rest handled in -falsemixed.xml
-	³ Inconsistent redirection behavior
-
-	Fully covered subdomains:
-		- communities
-		- embedded.communities
-		- downloadcenter
-		- downloads-software
-		- jira.hppd
-		- appcenter.html5tools-software
-		- origin-software
-		- registrationcenter
-		- secure-software
-		- sfederation
-		- signin
-		- software
-		- xdk		(→ software.intel.com)
-		- download.xdk
-
-	Observed cookie domains:
-		- communities
-		- embedded.communities
-		- downloadcenter
-		- edc
-		- engage
-		- freepress
-		- origin-software
-		- secure-software
-		- software
-		- thehub
-		- www
-
-	Insecure cookies are set for these domains and hosts:
-		- .intel.com
+		+ Cilk_Plus.org.xml
+		+ Intel.co.jp.xml
+		+ Intel.co.uk.xml
+		+ Intel_Free_Press.com.xml
+		+ McAfee.xml
+		+ McAfee-Mobile-Security.xml
+		+ McAfee-MX-Logic.xml
+		+ McAfee-SECURE.xml
+		+ ScanAlert.xml
+		+ SiteAdvisor.com.xml
+		+ Threading-Building-Blocks.xml
+		+ Ywxi.net.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- prd1idz.cps.intel.com
+		- mysearch.intel.com
+		- scoop.intel.com
+		- search.intel.com
+		- ssl.intel.com
+		- xdk.intel.com
+
+		Timeout was reached:
+		- staging-our.intel.com
+		- staging-scoop.intel.com
+
+		SSL connect error:
+		- chi1.intel.com
+
+		4xx client error:
+		- corpredirect.intel.com
+
+		Different content:
 		- click.intel.com
-		- .click.intel.com
-		- newsroom.intel.com
-		- registrationcenter.intel.com
-		- sfederation.intel.com
-		- signin.intel.com
-		- .signin.intel.com
-
-	Mixed content:
-		- css on newsroom from www ¹
-		- Images, on:
-			- blogs, from:
-				- $self ¹
-				- www ¹
-			- embedded.communities from $self ¹
-			- engage from $self ¹
-			- newsroom from www ¹
-			- favicon on downloadcenter from www ¹
-		- Ad/web bug on engage from intel.airprojects.org ²
-	¹ Secured by us
-	² Unsecurable
 -->
 <ruleset name="Intel.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
+	<target host="intel.com" />
+	<target host="www.intel.com" />
 	<target host="ark.intel.com" />
 	<target host="blogs.intel.com" />
-	<target host="click.intel.com" />
 	<target host="communities.intel.com" />
 	<target host="embedded.communities.intel.com" />
 	<target host="download-software.intel.com" />
 	<target host="downloadcenter.intel.com" />
 	<target host="downloadmirror.intel.com" />
+		<test url="http://downloadmirror.intel.com/28992/eng/Release_Note_16_8_3_1003.pdf" />
 	<target host="edc.intel.com" />
 	<target host="educate.intel.com" />
 	<target host="engage.intel.com" />
-	<target host="freepress.intel.com" />
-	<target host="appcenter.html5tools-software.intel.com" />
+	<target host="failover.intel.com" />
+		<test url="http://failover.intel.com/failover/www.intel.com/Assets/contact-numbers.pdf" />
+	<target host="firmware.intel.com" />
 	<target host="newsroom.intel.com" />
-	<target host="registrationcenter.intel.com" />
-	<target host="software.intel.com" />
 	<target host="origin-software.intel.com" />
+	<target host="processormatch.intel.com" />
+		<test url="http://processormatch.intel.com/Resources/Program%20for%20CEC%20Friendly%20MB%20Guidelines%20June%202018%20Public.pdf" />
+	<target host="registrationcenter.intel.com" />
 	<target host="sfederation.intel.com" />
 	<target host="signin.intel.com" />
-	<!-- Fails travis-ci
-		target host="staging-blogs.intel.com" /-->
+	<target host="software.intel.com" />
+	<target host="staging-blogs.intel.com" />
+	<target host="tuningplan.intel.com" />
 	<target host="www-ssl.intel.com" />
-	<target host="download.xdk.intel.com" />
-
-	<!--	Complications:
-				-->
-	<target host="intel.com" />
-	<target host="embedded.edc.intel.com" />
-	<target host="www.intel.com" />
-	<target host="xdk.intel.com" />
-
-		<!--	https://lists.eff.org/pipermail/https-everywhere-rules/2013-November/001732.html
-													-->
-		<!--exclusion pattern="^http://www\.intel\.com/newsroom/assets/bio/" /-->
-		<!--
-			Without these, there would be mixed content on newsroom:
-										-->
-		<exclusion pattern="^http://(?:www\.)?intel\.com/(?!content/|etc/|favicon\.ico|newsroom/assets/(?!bio/)|sites/)" />
-
-			<!--	+ve:	-->
-			<test url="http://www.intel.com/apac/" />
-			<test url="http://www.intel.com/espanol/" />
-			<test url="http://www.intel.com/facebook" />
-			<test url="http://www.intel.com/p/en_US/support" />
-			<test url="http://www.intel.com/p/en_US/support/detect" />
-			<test url="http://www.intel.com/video/" />
-
-			<!--	-ve:	-->
-			<test url="http://www.intel.com/etc/designs/intel/us/en/images/share-icons.png" />
-			<test url="http://www.intel.com/favicon.ico" />
-			<test url="http://www.intel.com/newsroom/assets/images/nr-view-more-sub-small-mrq.png" />
-			<test url="http://www.intel.com/newsroom/assets/tab/prTab.css" />
-			<test url="http://www.intel.com/sites/sitewide/HAT/50recode/pix/main-logo.png" />
-
-		<!--	Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://newsroom\.intel\.com/+(?!favicon\.ico|(?:\d\.\d\.\d/)?(?:images/|plugins/|styles/|themes?/)|people/\w+/avatar/)" />
-			<!--	+ve:	-->
-			<test url="http://newsroom.intel.com/archive.jspa" />
-			<test url="http://newsroom.intel.com/communications" />
-			<test url="http://newsroom.intel.com/community/intel_newsroom" />
-			<test url="http://newsroom.intel.com/community/intel_newsroom/bios" />
-			<test url="http://newsroom.intel.com/community/intel_newsroom/contact_pr" />
-			<test url="http://newsroom.intel.com/community/intel_newsroom/create-account.jspa" />
-			<test url="http://newsroom.intel.com/community/intel_newsroom/login.jspa" />
-			<test url="http://newsroom.intel.com/create-account.jspa" />
-			<test url="http://newsroom.intel.com/docs/DOC-6309" />
-			<test url="http://newsroom.intel.com/people" />
-			<!--	-ve:	-->
-			<test url="http://newsroom.intel.com/5.0.2/images/steelhead/j-ui-sprite.png" />
-			<test url="http://newsroom.intel.com/5.0.2/styles/jive-icons.css" />
-			<test url="http://newsroom.intel.com/favicon.ico" />
-			<test url="http://newsroom.intel.com/images/jive-image-loading.gif" />
-			<test url="http://newsroom.intel.com/people/guest/avatar/40.png" />
-			<test url="http://newsroom.intel.com/plugins/event-type-plugin/resources/styles/event.css" />
-			<test url="http://newsroom.intel.com/theme/white/styles/theme.css" />
-			<test url="http://newsroom.intel.com/themes/intel-ipr/images/bg-gradient.png" />
-
-	<securecookie host=".+\.intel\.com$" name=".+" />
-
-	<rule from="^http://(?:www\.)?intel\.com/"
-		to="https://www-ssl.intel.com/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://embedded\.edc\.intel\.com/+(?:$|\?.*)"
-		to="https://embedded.communities.intel.com/" />
-
-		<test url="http://embedded.edc.intel.com/?f" />
-		<test url="http://embedded.edc.intel.com/?o" />
-		<test url="http://embedded.edc.intel.com//?o" />
-		<test url="http://embedded.edc.intel.com/?b" />
-
-	<rule from="^http://xdk\.intel\.com/$"
-		to="https://software.intel.com/en-us/intel-xdk" />
-
-	<!--	It's impossible to fill the test quota for this
-		rule since for the coverage checker, \? = ?
-								-->
-	<rule from="^http://xdk\.intel\.com/\?$"
-		to="https://software.intel.com/en-us/intel-xdk/" />
-
-		<test url="http://xdk.intel.com/?" />
-
-	<rule from="^http://xdk\.intel\.com/"
-		to="https://software.intel.com/en-us/intel-xdk/" />
-
-		<test url="http://xdk.intel.com/index.php" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Intelexit.org.xml b/src/chrome/content/rules/Intelexit.org.xml
deleted file mode 100644
index 511472844da7..000000000000
--- a/src/chrome/content/rules/Intelexit.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Intelexit.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="intelexit.org" />
-	<target host="video.intelexit.org" />
-	<target host="www.intelexit.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Inteligo.pl.xml b/src/chrome/content/rules/Inteligo.pl.xml
new file mode 100644
index 000000000000..2ad3cc8dfd53
--- /dev/null
+++ b/src/chrome/content/rules/Inteligo.pl.xml
@@ -0,0 +1,35 @@
+<!--
+	SSL handshake error:
+		- beta
+
+	Mismatched:
+		- pko
+		- studio
+		- wap
+
+	Timeout:
+		- www.developers
+		- igolokata
+		- www.igolokata
+		- www.junior
+-->
+<ruleset name="Inteligo.pl">
+	<target host="inteligo.pl" />
+	<target host="www.inteligo.pl" />
+	<target host="ui.sandbox.api.inteligo.pl" />
+	<target host="auth.inteligo.pl" />
+	<target host="developers.inteligo.pl" />
+	<target host="www.developers.inteligo.pl" />
+	<target host="igolokata.inteligo.pl" />
+	<target host="www.igolokata.inteligo.pl" />
+	<target host="junior.inteligo.pl" />
+	<target host="www.junior.inteligo.pl" />
+	<target host="kontakt.inteligo.pl" />
+	<target host="m.inteligo.pl" />
+	<target host="token.inteligo.pl" />
+
+	<rule from="^http://www\.developers\.inteligo\.pl/" to="https://developers.inteligo.pl/" />
+	<rule from="^http://(www\.)?igolokata\.inteligo\.pl/" to="https://inteligo.pl/" />
+	<rule from="^http://www\.junior\.inteligo\.pl/" to="https://junior.inteligo.pl/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intelli-direct.com.xml b/src/chrome/content/rules/Intelli-direct.com.xml
index 5cc667642c2f..f9b50200d82b 100644
--- a/src/chrome/content/rules/Intelli-direct.com.xml
+++ b/src/chrome/content/rules/Intelli-direct.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://([\w-]+\.)?intelli-direct\.com/"
 		to="https://$1intelli-direct.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/IntelliResponse.com.xml b/src/chrome/content/rules/IntelliResponse.com.xml
new file mode 100644
index 000000000000..df319d0abb96
--- /dev/null
+++ b/src/chrome/content/rules/IntelliResponse.com.xml
@@ -0,0 +1,108 @@
+<!--
+	Chain issue, missing intermediate:
+		- ualberta.intelliresponse.com
+
+	Invalid certificate:
+		- intelliresponse.com, equivalent to www.247.ai
+		- www.intelliresponse.com, equivalent to www.247.ai
+-->
+
+<ruleset name="IntelliResponse.com">
+	<target host="intelliresponse.com" />
+	<target host="www.intelliresponse.com" />
+	<target host="aacargo.intelliresponse.com" />
+	<target host="advia.intelliresponse.com" />
+	<target host="ahc.intelliresponse.com" />
+	<target host="algonquin.intelliresponse.com" />
+	<target host="analytics1.intelliresponse.com" />
+	<target host="arc.intelliresponse.com" />
+	<target host="askiris.intelliresponse.com" />
+	<target host="bankatunion.intelliresponse.com" />
+	<target host="bcbsks.intelliresponse.com" />
+	<target host="bmo.intelliresponse.com" />
+	<target host="bmocm.intelliresponse.com" />
+	<target host="bnsask.intelliresponse.com" />
+	<target host="bofifederalbank.intelliresponse.com" />
+	<target host="broward.intelliresponse.com" />
+	<target host="cabrillo.intelliresponse.com" />
+	<target host="canyons.intelliresponse.com" />
+	<target host="cfcc.intelliresponse.com" />
+	<target host="choicehotels.intelliresponse.com" />
+	<target host="cibc.intelliresponse.com" />
+	<target host="cibcbrokerage.intelliresponse.com" />
+	<target host="cod.intelliresponse.com" />
+	<target host="compton.intelliresponse.com" />
+	<target host="conestogac.intelliresponse.com" />
+	<target host="cos.intelliresponse.com" />
+	<target host="csupomona.intelliresponse.com" />
+	<target host="deakin.intelliresponse.com" />
+	<target host="delmar.intelliresponse.com" />
+	<target host="deltacollege.intelliresponse.com" />
+	<target host="dollarbank.intelliresponse.com" />
+	<target host="elcamino.intelliresponse.com" />
+	<target host="epcor.intelliresponse.com" />
+	<target host="eversource.intelliresponse.com" />
+	<target host="experian.intelliresponse.com" />
+	<target host="fanshawec.intelliresponse.com" />
+	<target host="foothill.intelliresponse.com" />
+	<target host="frontrange.intelliresponse.com" />
+	<target host="fult.intelliresponse.com" />
+	<target host="gaston.intelliresponse.com" />
+	<target host="gatech.intelliresponse.com" />
+	<target host="genisyscu.intelliresponse.com" />
+	<target host="gwc.intelliresponse.com" />
+	<target host="harpercollege.intelliresponse.com" />
+	<target host="hcc.intelliresponse.com" />
+	<target host="hnb.intelliresponse.com" />
+	<target host="ipfw.intelliresponse.com" />
+	<target host="iu.intelliresponse.com" />
+	<target host="laguardia.intelliresponse.com" />
+	<target host="mccd.intelliresponse.com" />
+	<target host="mcmasteru.intelliresponse.com" />
+	<target host="mcneiluk.intelliresponse.com" />
+	<target host="missioncollege.intelliresponse.com" />
+	<target host="msu.intelliresponse.com" />
+	<target host="npc.intelliresponse.com" />
+	<target host="oakton.intelliresponse.com" />
+	<target host="optus.intelliresponse.com" />
+	<target host="optusadmin.intelliresponse.com" />
+	<target host="pcfinancial.intelliresponse.com" />
+	<target host="pgn.intelliresponse.com" />
+	<target host="rbc.intelliresponse.com" />
+	<target host="ryerson.intelliresponse.com" />
+	<target host="salesdemo.intelliresponse.com" />
+	<target host="sbcc.intelliresponse.com" />
+	<target host="sccnc.intelliresponse.com" />
+	<target host="sdmesa.intelliresponse.com" />
+	<target host="sears.intelliresponse.com" />
+	<target host="sheridaninstitute.intelliresponse.com" />
+	<target host="simplii.intelliresponse.com" />
+	<target host="smc.intelliresponse.com" />
+	<target host="stericycle.intelliresponse.com" />
+	<target host="tarion.intelliresponse.com" />
+	<target host="td.intelliresponse.com" />
+	<target host="tdbank.intelliresponse.com" />
+	<target host="tdinsurance.intelliresponse.com" />
+	<target host="tri-c.intelliresponse.com" />
+	<target host="tric.intelliresponse.com" />
+	<target host="triton.intelliresponse.com" />
+	<target host="ucsb.intelliresponse.com" />
+	<target host="umanitoba.intelliresponse.com" />
+	<target host="uoguelph.intelliresponse.com" />
+	<target host="usecu.intelliresponse.com" />
+	<target host="uvic.intelliresponse.com" />
+	<target host="uwm.intelliresponse.com" />
+	<target host="uwo.intelliresponse.com" />
+	<target host="vaillantgroup.intelliresponse.com" />
+	<target host="vodafoneqa.intelliresponse.com" />
+	<target host="voices1.intelliresponse.com" />
+	<target host="volaris.intelliresponse.com" />
+	<target host="wallacestate.intelliresponse.com" />
+	<target host="wvu.intelliresponse.com" />
+	<target host="yale.intelliresponse.com" />
+
+	<rule from="^http://(www\.)?intelliresponse\.com/"
+		to="https://www.247.ai/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intelligent_Exploit.com.xml b/src/chrome/content/rules/Intelligent_Exploit.com.xml
deleted file mode 100644
index e938de7e48fb..000000000000
--- a/src/chrome/content/rules/Intelligent_Exploit.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	NB: Tor users cannot view* this website due to CloudFlare settings.
-
-	See:
-
-		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
-		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
-		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
-
-	* without enabling javascript, for security and privacy implications see e.g.:
-
-		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
-		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
-		- https://panopticlick.eff.org
-
-
-	Insecure cookies are set for these domains:
-
-		- .intelligentexploit.com
-
--->
-<ruleset name="Intelligent Exploit.com">
-
-	<target host="intelligentexploit.com" />
-	<target host="www.intelligentexploit.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.intelligentexploit\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\." name=".+" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intelliserver.net.xml b/src/chrome/content/rules/Intelliserver.net.xml
index e1ff49450c70..80bafe09ad0c 100644
--- a/src/chrome/content/rules/Intelliserver.net.xml
+++ b/src/chrome/content/rules/Intelliserver.net.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.intelliserver.net/ => https://www.intelliserver.net/: (5
 	^: mismatched
 
 -->
-<ruleset name="intelliserver.net" default_off='failed ruleset test'>
+<ruleset name="intelliserver.net" default_off="failed ruleset test">
 
 	<target host="intelliserver.net" />
 	<target host="www.intelliserver.net" />
diff --git a/src/chrome/content/rules/Intelliworks_Chat.com.xml b/src/chrome/content/rules/Intelliworks_Chat.com.xml
index 5a05a54b1bd9..8d379e3b6107 100644
--- a/src/chrome/content/rules/Intelliworks_Chat.com.xml
+++ b/src/chrome/content/rules/Intelliworks_Chat.com.xml
@@ -1,4 +1,6 @@
 <!--
+	Domains expired
+
 	Problematic subdomains:
 
 		- ^ ¹
@@ -8,23 +10,11 @@
 	² Mismatched, CN: liveleader.com
 
 -->
-<ruleset name="Intelliworks Chat.com">
+<ruleset name="Intelliworks Chat.com" default_off="expired">
 
 	<target host="intelliworkschat.com" />
-	<target host="*.intelliworkschat.com" />
-
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://intelliworkschat\.com/.*"
-		to="https://www.intelliworkschat.com/" />
-
-	<rule from="^http://www\.intelliworkschat\.com/"
-		to="https://www.intelliworkschat.com/" />
-
-	<!--	s? for redirect from /poll.../$:
-						-->
-	<rule from="^https?://(?:www\.)?poll\.intelliworkschat\.com/"
-		to="https://poll.intelliworkschat.com/" />
+	<target host="poll.intelliworkschat.com" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Intelrad.com.xml b/src/chrome/content/rules/Intelrad.com.xml
index 3d3224d7e854..da69fe4ec099 100644
--- a/src/chrome/content/rules/Intelrad.com.xml
+++ b/src/chrome/content/rules/Intelrad.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.intelrad.com/ => https://www.intelrad.com/: (7, 'Failed
 Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://intelrad.com/ (200) => https://intelrad.com/ (400)
 -->
-<ruleset name="Intelrad.com" default_off='failed ruleset test'>
+<ruleset name="Intelrad.com" default_off="failed ruleset test">
 
 	<target host="intelrad.com" />
 	<target host="www.intelrad.com" />
diff --git a/src/chrome/content/rules/Intent-Media.xml b/src/chrome/content/rules/Intent-Media.xml
deleted file mode 100644
index bc6beb9d0bce..000000000000
--- a/src/chrome/content/rules/Intent-Media.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	See Intent-Media-mismatches.xml also
-
-
-	Other NewsBay Media rulesets:
-
-		- bikebiz.com.xml
-		- develop-online.net.xml
-		- develop100.com.xml
-		- mcvuk.com.xml
-		- mi-pro.co.uk.xml
-		- pcr-online.biz.xml
-		- toynews-online.biz.xml
-
-
-	Problematic domains:
-
-		- (www.)?mobile-ent.biz ᵐ ˢ
-
-	ᵐ Mismatched
-	ˢ Self-signed
-
--->
-<ruleset name="Intent Media.co.uk">
-
-	<target host="intentmedia.co.uk" />
-	<target host="www.intentmedia.co.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Inter.net.xml b/src/chrome/content/rules/Inter.net.xml
index bc261221d3aa..b2e9431364a7 100644
--- a/src/chrome/content/rules/Inter.net.xml
+++ b/src/chrome/content/rules/Inter.net.xml
@@ -3,7 +3,7 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://br.inter.net/ => https://br.inter.net/: (60, 'SSL certificate problem: certificate has expired')
 
-	www.br.inter.net , owa.br.inter.net , mail.br.inter.net , autodiscover.br.inter.net , br.inter.net 
+	www.br.inter.net , owa.br.inter.net , mail.br.inter.net , autodiscover.br.inter.net , br.inter.net
 
 
 	Nonfunctional domains:
@@ -21,18 +21,17 @@ Fetch error: http://br.inter.net/ => https://br.inter.net/: (60, 'SSL certificat
 		- www.intersite.mobi		(cert: www.br.inter.net; redirects to www.br.inter.net/inicio)
 
 -->
-<ruleset name="Inter.net (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Inter.net (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="br.inter.net" />
-	<target host="*.br.inter.net" />
+	<target host="www.br.inter.net" />
+	<target host="central.br.inter.net" />
 	<target host="hosting.de.inter.net" />
 
 
 	<securecookie host="^www\.br\.inter\.net$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?br|hosting\.de)\.inter\.net/"
-		to="https://$1.inter.net/" />
 
 	<!--	- Cert: www.br.inter.net
 		- Shows www.br's data over https
@@ -40,4 +39,5 @@ Fetch error: http://br.inter.net/ => https://br.inter.net/: (60, 'SSL certificat
 				-->
 	<rule from="^http://central\.br\.inter\.net/"
 		to="https://www.br.inter.net/central-assinante" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/InterContinental_Hotels_Group.xml b/src/chrome/content/rules/InterContinental_Hotels_Group.xml
index 198cbf583087..73d5afde2ebf 100644
--- a/src/chrome/content/rules/InterContinental_Hotels_Group.xml
+++ b/src/chrome/content/rules/InterContinental_Hotels_Group.xml
@@ -53,7 +53,7 @@ Non-2xx HTTP code: http://ihg.com/ (200) => https://www.ihg.com/ (403)
 		- aci-qap.secure.contact.ihg.com
 
 -->
-<ruleset name="InterContinental Hotels Group" default_off='failed ruleset test'>
+<ruleset name="InterContinental Hotels Group" default_off="failed ruleset test">
 
 	<target host="ihg.com" />
 	<target host="*.ihg.com" />
diff --git a/src/chrome/content/rules/InterNetworX.xml b/src/chrome/content/rules/InterNetworX.xml
index 4b3888fd55e0..7b8032544df5 100644
--- a/src/chrome/content/rules/InterNetworX.xml
+++ b/src/chrome/content/rules/InterNetworX.xml
@@ -1,18 +1,18 @@
 <ruleset name="InterNetworX">
-  <target host="*.inwx.at" />
+  <target host="www.inwx.at" />
   <target host="inwx.at" />
-  <target host="*.inwx.ch" />
+  <target host="www.inwx.ch" />
   <target host="inwx.ch" />
-  <target host="*.inwx.com" />
+  <target host="www.inwx.com" />
   <target host="inwx.com" />
-  <target host="*.inwx.de" />
+  <target host="www.inwx.de" />
   <target host="inwx.de" />
-  <target host="*.inwx.es" />
+  <target host="www.inwx.es" />
   <target host="inwx.es" />
-  <target host="*.inwx.net" />
+  <target host="www.inwx.net" />
   <target host="inwx.net" />
 
-  <securecookie host="^(?:.*\.)?inwx\.(?:at|ch|com|de|es|net)$" name=".+" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?inwx\.(at|ch|de|es)/" to="https://www.inwx.$1/" />
   <rule from="^http://(?:www\.)?inwx\.(?:com|net)/" to="https://www.inwx.com/" />
diff --git a/src/chrome/content/rules/InterWorx.xml b/src/chrome/content/rules/InterWorx.xml
index 2b3ee5d6a040..efa33fbf0a4f 100644
--- a/src/chrome/content/rules/InterWorx.xml
+++ b/src/chrome/content/rules/InterWorx.xml
@@ -6,10 +6,12 @@ Fetch error: http://interworx.com/ => https://interworx.com/: Too many redirects
 Disabled by https-everywhere-checker because:
 Fetch error: http://interworx.com/ => https://interworx.com/: Cycle detected - URL already encountered: https://www.interworx.com/
 -->
-<ruleset name="InterWorx (partial)" default_off='failed ruleset test'>
+<ruleset name="InterWorx (partial)" default_off="failed ruleset test">
 
-	<target host="interworx.com"/>
-	<target host="*.interworx.com"/>
+	<target host="interworx.com" />
+	<target host="my.interworx.com" />
+	<target host="support.interworx.com" />
+	<target host="www.interworx.com" />
 
 	<!--	encountered cookies:
 			- ^\.
@@ -17,7 +19,6 @@ Fetch error: http://interworx.com/ => https://interworx.com/: Cycle detected - U
 			- ^support	-->
 	<securecookie host="^(?:my|support)?\.interworx\.com$" name=".+" />
 
-	<rule from="^http://((my|support|www)\.)?interworx\.com/"
-		to="https://$1interworx.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Interactive_Data_Corporation.xml b/src/chrome/content/rules/Interactive_Data_Corporation.xml
index 6fcbecc01b08..f9c162a4c2f5 100644
--- a/src/chrome/content/rules/Interactive_Data_Corporation.xml
+++ b/src/chrome/content/rules/Interactive_Data_Corporation.xml
@@ -8,7 +8,11 @@
 <ruleset name="Interactive Data Corporation (partial)">
 
 	<target host="chartbigchart.gtm.idmanagedsolutions.com" />
-	<target host="*.interactivedata.com" />
+	<target host="fundrun.interactivedata.com" />
+	<target host="pool.interactivedata.com" />
+	<target host="services.interactivedata.com" />
+	<target host="vantage.interactivedata.com" />
+	<target host="go.interactivedata.com" />
 
 
 	<securecookie host="^(?:services|vantage)\.interactivedata\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Interactive_Online.xml b/src/chrome/content/rules/Interactive_Online.xml
index 48ee426d1ef1..4f2053d7964f 100644
--- a/src/chrome/content/rules/Interactive_Online.xml
+++ b/src/chrome/content/rules/Interactive_Online.xml
@@ -11,7 +11,11 @@ Fetch error: http://www.interactiveonline.com/ => https://interactiveonline.com/
 
 	<target host="interactiveonline.com" />
 	<target host="www.interactiveonline.com" />
-	<target host="*.primary001.net" />
+	<target host="cpanel8.primary001.net" />
+	<target host="cpanel9.primary001.net" />
+	<target host="cpanel10.primary001.net" />
+	<target host="cpanel11.primary001.net" />
+	<target host="cpanel12.primary001.net" />
 
 
 	<securecookie host="^interactiveonline\.com$" name=".+" />
@@ -20,7 +24,6 @@ Fetch error: http://www.interactiveonline.com/ => https://interactiveonline.com/
 	<rule from="^http://(?:www\.)?interactiveonline\.com/"
 		to="https://interactiveonline.com/" />
 
-	<rule from="^http://cpanel(8|9|1[012])\.primary001\.net/"
-		to="https://cpanel$1.primary001.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Interbix.net.xml b/src/chrome/content/rules/Interbix.net.xml
new file mode 100644
index 000000000000..08975b16fa3f
--- /dev/null
+++ b/src/chrome/content/rules/Interbix.net.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection closed:
+		- board
+		- calendar
+		- mail
+-->
+<ruleset name="Interbix.net">
+	<target host="interbix.net" />
+	<target host="www.interbix.net" />
+	<target host="archive.interbix.net" />
+	<target host="cloud.interbix.net" />
+	<target host="doclib.interbix.net" />
+	<target host="download.interbix.net" />
+	<target host="file.interbix.net" />
+	<target host="investor.interbix.net" />
+	<target host="mlogin.interbix.net" />
+	<target host="press.interbix.net" />
+	<target host="secure.interbix.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intercom.io.xml b/src/chrome/content/rules/Intercom.io.xml
deleted file mode 100644
index 35eac20e7392..000000000000
--- a/src/chrome/content/rules/Intercom.io.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Other Intercom rulesets:
-
-		- Intercom_CDN.com.xml
-
-	Preloaded:
-		intercom.io
-
--->
-<ruleset name="Intercom.io">
-
-	<target host="www.intercom.io" />
-	<target host="app.intercom.io" />
-	<target host="blog.intercom.io" />
-	<target host="demos.intercom.io" />
-	<target host="developers.intercom.io" />
-	<target host="docs.intercom.io" />
-	<target host="engineering.intercom.io" />
-	<target host="status.intercom.io" />
-	<target host="share.intercom.io" />
-	<target host="via.intercom.io" />
-	<target host="widget.intercom.io" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intercom_CDN.com.xml b/src/chrome/content/rules/Intercom_CDN.com.xml
index a0b0968f11dd..7bc7d8a276b8 100644
--- a/src/chrome/content/rules/Intercom_CDN.com.xml
+++ b/src/chrome/content/rules/Intercom_CDN.com.xml
@@ -1,7 +1,4 @@
 <!--
-	For other Intercom rules, see Intercom.io.xml.
-
-
 	Insecure cookies are set for these domains:
 
 		- .intercomcdn.com
diff --git a/src/chrome/content/rules/Interfacelift.xml b/src/chrome/content/rules/Interfacelift.xml
deleted file mode 100644
index 9c8ee88e35dd..000000000000
--- a/src/chrome/content/rules/Interfacelift.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- interfacelift.com
-		- www.interfacelift.com
-
-
-	Mixed content:
-
-		- Images from $self *
-
-		- Bug from www.facebook.com *
-
-	* Secured by us
-
--->
-<ruleset name="Interfacelift.com">
-
-	<target host="interfacelift.com" />
-	<target host="www.interfacelift.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?interfacelift\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?interfacelift\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intergi.xml b/src/chrome/content/rules/Intergi.xml
index 84118b303ae7..614b585fa5e0 100644
--- a/src/chrome/content/rules/Intergi.xml
+++ b/src/chrome/content/rules/Intergi.xml
@@ -40,7 +40,7 @@ Fetch error: http://app.intergi.com/ => https://app.intergi.com/: (28, 'Connecti
 		- .intergi.com
 
 -->
-<ruleset name="Intergi.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Intergi.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Interia.pl.xml b/src/chrome/content/rules/Interia.pl.xml
new file mode 100644
index 000000000000..9931d2994204
--- /dev/null
+++ b/src/chrome/content/rules/Interia.pl.xml
@@ -0,0 +1,43 @@
+<!--
+	*.interia.pl domains redirect to plain and/or have chain issues
+-->
+<ruleset name="Grupa Interia.pl (partial)" >
+
+	<target host="d.iplsc.com" />
+	<target host="i.iplsc.com" />
+	<target host="iwa.iplsc.com" />
+	<target host="js.iplsc.com" />
+	<target host="p.iplsc.com" />
+	<target host="player.iplsc.com" />
+	<target host="s.iplsc.com" />
+	<target host="sgi.iplsc.com" />
+	<target host="sgi1.iplsc.com" />
+	<target host="sgi2.iplsc.com" />
+	<target host="sgi3.iplsc.com" />
+	<target host="sgi4.iplsc.com" />
+	<target host="sgs.iplsc.com" />
+	<target host="staticbryk.iplsc.com" />
+	<target host="staticshoperia.iplsc.com" />
+	<target host="statictipy.iplsc.com" />
+	<target host="stipy.iplsc.com" />
+	<target host="t.iplsc.com" />
+	<target host="v-nocdn.iplsc.com" />
+	<target host="v.iplsc.com" />
+	<target host="w.iplsc.com" />
+
+	<rule from="^http:"	to="https:" />
+
+	<test url="http://d.iplsc.com/ebi/11/13/108389/Skonsolidowany-Raport-BG_IIIQ2017.pdf" />
+	<test url="http://d.iplsc.com/ebi/39362/Raport_3Q2012_Median_Polska_SA.pdf" />
+
+	<test url="http://p.iplsc.com/-/0003PMUNLIRELTEG.pdf" />
+	<test url="http://p.iplsc.com/-/0004667W27TKE809.pdf" />
+	<test url="http://p.iplsc.com/-/0005VZ13KY5TP26R.pdf" />
+
+	<test url="http://player.iplsc.com/embedPlayer.swf" />
+	<test url="http://player.iplsc.com/embedvideoplayer.swf" />
+
+	<test url="http://staticbryk.iplsc.com/bryk_prod_sitemap/sitemap3.xml" />
+	<test url="http://staticbryk.iplsc.com/bryk_prod_sitemap/sitemap4.xml" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Interkassa.xml b/src/chrome/content/rules/Interkassa.xml
index 1f7f4d63d49e..ec90485c906b 100644
--- a/src/chrome/content/rules/Interkassa.xml
+++ b/src/chrome/content/rules/Interkassa.xml
@@ -8,7 +8,7 @@
 	<target host="www.interkassa.com" />
 
 
-	<securecookie host="^(?:.+\.)?interkassa\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Intermundo_Media.com.xml b/src/chrome/content/rules/Intermundo_Media.com.xml
index 40e50f25969c..948378bd0314 100644
--- a/src/chrome/content/rules/Intermundo_Media.com.xml
+++ b/src/chrome/content/rules/Intermundo_Media.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://intermundomedia.com/ => https://intermundomedia.com/: (51, "
 		- media
 
 -->
-<ruleset name="Intermundo Media.com" default_off='failed ruleset test'>
+<ruleset name="Intermundo Media.com" default_off="failed ruleset test">
 
 	<target host="intermundomedia.com" />
 	<target host="media.intermundomedia.com" />
diff --git a/src/chrome/content/rules/Internap.xml b/src/chrome/content/rules/Internap.xml
index ecfe9a83180d..b7519db156c3 100644
--- a/src/chrome/content/rules/Internap.xml
+++ b/src/chrome/content/rules/Internap.xml
@@ -17,12 +17,14 @@ Non-2xx HTTP code: http://sslcdce.internapcdn.net/ (200) => https://sslcdce.inte
 		- (www.)internap.com
 
 -->
-<ruleset name="Internap Network Services (partial)" default_off='failed ruleset test'>
+<ruleset name="Internap Network Services (partial)" default_off="failed ruleset test">
 
 	<target host="http.cdnlayer.com" />
 	<target host="www.internap.co.jp" />
 	<target host="internap.com" />
-	<target host="*.internap.com" />
+	<target host="customers.internap.com" />
+	<target host="www.internap.com" />
+	<target host="promo.internap.com" />
 	<target host="sslcdce.internapcdn.net"/>
 
 
diff --git a/src/chrome/content/rules/International-Business-Times.xml b/src/chrome/content/rules/International-Business-Times.xml
index f0563b05c228..41f60bb507d3 100644
--- a/src/chrome/content/rules/International-Business-Times.xml
+++ b/src/chrome/content/rules/International-Business-Times.xml
@@ -25,7 +25,8 @@
 -->
 <ruleset name="International Business Times (partial)">
 
-	<target host="*.ibtimes.com" />
+	<target host="markets.ibtimes.com" />
+	<target host="ssl.ibtimes.com" />
 
 
 	<rule from="^http://markets\.ibtimes\.com/$"
diff --git a/src/chrome/content/rules/International-Components-for-Unicode.xml b/src/chrome/content/rules/International-Components-for-Unicode.xml
deleted file mode 100644
index 5fbc40fd7def..000000000000
--- a/src/chrome/content/rules/International-Components-for-Unicode.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	International Components for Unicode
-
-
-	Nonfunctional subdomains:
-
-		- site *
-		- userguide *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- (www.)? *
-		- apps *
-		- bugs *
-		- demo *
-		- source *
-
-	* Mismatched
-
-
-	These altnames don't exist:
-
-		- www.ssl.icu-project.org
-
--->
-<ruleset name="ICU-Project.org (partial)">
-
-	<target host="icu-project.org" />
-	<target host="*.icu-project.org" />
-		<!--
-			Redirects to //site.
-						-->
-		<exclusion pattern="^http://(?:(?:apps|bugs|demo|source|www)\.)?icu-project\.org/$" />
-
-
-	<securecookie host="^ssl\.icu-project\.org$" name=".+" />
-
-
-	<rule from="^http://(?:(?:apps|bugs|demo|source|ssl|www)\.)?icu-project\.org/"
-		to="https://ssl.icu-project.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/International-Finance-Corporation.xml b/src/chrome/content/rules/International-Finance-Corporation.xml
index 917e65633f66..9ab7ef6afee3 100644
--- a/src/chrome/content/rules/International-Finance-Corporation.xml
+++ b/src/chrome/content/rules/International-Finance-Corporation.xml
@@ -28,7 +28,7 @@ Fetch error: http://www.wbginvestmentclimate.org/ => https://www.wbginvestmentcl
 
 	See International-Finance-Corporation-mismatches.xml for problematic rules
 -->
-<ruleset name="International Finance Corporation (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="International Finance Corporation (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gefpmis.org"/>
 	<target host="www.gefpmis.org"/>
diff --git a/src/chrome/content/rules/International-Supercomputing-Conference.xml b/src/chrome/content/rules/International-Supercomputing-Conference.xml
index df4a7b9d7d12..c615f2577a91 100644
--- a/src/chrome/content/rules/International-Supercomputing-Conference.xml
+++ b/src/chrome/content/rules/International-Supercomputing-Conference.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://isc-events.com/ => https://isc-events.com/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="International Supercomputing Conference" default_off='failed ruleset test'>
+<ruleset name="International Supercomputing Conference" default_off="failed ruleset test">
 
 	<target host="isc-events.com" />
 	<target host="www.isc-events.com" />
diff --git a/src/chrome/content/rules/InternationalMan.xml b/src/chrome/content/rules/InternationalMan.xml
index 7e0cfe39fd79..f21924112f3d 100644
--- a/src/chrome/content/rules/InternationalMan.xml
+++ b/src/chrome/content/rules/InternationalMan.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.internationalman.com/ => https://www.internationalman.co
 Disabled by https-everywhere-checker because:
 Fetch error: http://internationalman.com/ => https://internationalman.com/: Cycle detected - URL already encountered: https://www.internationalman.com/
 -->
-<ruleset name="InternationalMan" default_off='failed ruleset test'>
+<ruleset name="InternationalMan" default_off="failed ruleset test">
 
 	<target host="internationalman.com" />
 	<target host="www.internationalman.com" />
diff --git a/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml b/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml
index 02f9351acb8e..0fa7f2994bb3 100644
--- a/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml
+++ b/src/chrome/content/rules/International_Association_of_Privacy_Professionals.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.privacyassociation.org/ => https://www.privacyassociatio
 	International Association of Privacy Professionals
 
 -->
-<ruleset name="Privacy Association.org" default_off='failed ruleset test'>
+<ruleset name="Privacy Association.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/International_Energy_Agency.xml b/src/chrome/content/rules/International_Energy_Agency.xml
index 69df339e8444..f21ec93a3e1b 100644
--- a/src/chrome/content/rules/International_Energy_Agency.xml
+++ b/src/chrome/content/rules/International_Energy_Agency.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/International_Financial_Cryptography_Association.xml b/src/chrome/content/rules/International_Financial_Cryptography_Association.xml
index 76ab2fb457b4..7349f80f6cda 100644
--- a/src/chrome/content/rules/International_Financial_Cryptography_Association.xml
+++ b/src/chrome/content/rules/International_Financial_Cryptography_Association.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.ifca.ai/ => https://www.ifca.ai/: (60, 'SSL certificate
 		- fc13	(works; mismatched, CN: www.ifca.ai)
 
 -->
-<ruleset name="International Financial Cryptography Association (partial)" default_off='failed ruleset test'>
+<ruleset name="International Financial Cryptography Association (partial)" default_off="failed ruleset test">
 
 	<target host="ifca.ai" />
 	<target host="www.ifca.ai" />
@@ -20,4 +20,4 @@ Fetch error: http://www.ifca.ai/ => https://www.ifca.ai/: (60, 'SSL certificate
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml b/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml
index e2492fbbad5a..6471fcd7f082 100644
--- a/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml
+++ b/src/chrome/content/rules/International_School_of_the_Sacred_Heart.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://issh.ac.jp/ => https://issh.ac.jp/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="International School of the Sacred Heart" default_off='failed ruleset test'>
+<ruleset name="International School of the Sacred Heart" default_off="failed ruleset test">
 
 	<target host="issh.ac.jp" />
 	<target host="www.issh.ac.jp" />
@@ -15,4 +15,4 @@ Fetch error: http://issh.ac.jp/ => https://issh.ac.jp/: (28, 'Connection timed o
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Internet-Safety-Project.xml b/src/chrome/content/rules/Internet-Safety-Project.xml
index cf6e2cc0ff61..c4fcbcd207ba 100644
--- a/src/chrome/content/rules/Internet-Safety-Project.xml
+++ b/src/chrome/content/rules/Internet-Safety-Project.xml
@@ -8,6 +8,6 @@
 	<rule from="^http://internetsafetyproject\.org/"
 		to="https://www.internetsafetyproject.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Internet.bs.xml b/src/chrome/content/rules/Internet.bs.xml
index ff025629cb9f..8692010fc91a 100644
--- a/src/chrome/content/rules/Internet.bs.xml
+++ b/src/chrome/content/rules/Internet.bs.xml
@@ -8,9 +8,10 @@
 <ruleset name="Internet.bs">
 
 	<target host="internet.bs" />
-	<target host="*.internet.bs" />
+	<target host="chat.internet.bs" />
+	<target host="www.internet.bs" />
 	<target host="internetbs.net" />
-	<target host="*.internetbs.net" />
+	<target host="www.internetbs.net" />
 
 
 	<securecookie host="^\.internetbs\.net$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://(?:www\.)?internetbs\.net/"
 		to="https://internetbs.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Internet.org.nz.xml b/src/chrome/content/rules/Internet.org.nz.xml
index b80bfd204206..93cd50059b80 100644
--- a/src/chrome/content/rules/Internet.org.nz.xml
+++ b/src/chrome/content/rules/Internet.org.nz.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://static.internet.org.nz/ (200) => https://static.intern
 	Internet Party
 
 -->
-<ruleset name="Internet.org.nz" default_off='failed ruleset test'>
+<ruleset name="Internet.org.nz" default_off="failed ruleset test">
 
 	<target host="internet.org.nz" />
 	<target host="static.internet.org.nz" />
diff --git a/src/chrome/content/rules/Internet.org.xml b/src/chrome/content/rules/Internet.org.xml
deleted file mode 100644
index 4452d0499c42..000000000000
--- a/src/chrome/content/rules/Internet.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- connect.internet.org
-
--->
-<ruleset name="Internet.org">
-
-	<target host="internet.org" />
-	<target host="connect.internet.org" />
-	<target host="info.internet.org" />
-	<target host="m.internet.org" />
-	<target host="press.internet.org" />
-	<target host="www.internet.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^connect\.internet\.org$" name="^(?:[\da-f]{32}|laravel_session)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Internet2.xml b/src/chrome/content/rules/Internet2.xml
index 76cea3276fed..0a2cab4be6bb 100644
--- a/src/chrome/content/rules/Internet2.xml
+++ b/src/chrome/content/rules/Internet2.xml
@@ -48,7 +48,7 @@ Fetch error: http://mail.internet2.edu/ => https://mail.internet2.edu/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="Internet2.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Internet2.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/InternetVotes.org.xml b/src/chrome/content/rules/InternetVotes.org.xml
deleted file mode 100644
index 4a775e1fc054..000000000000
--- a/src/chrome/content/rules/InternetVotes.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other "Fight for the Future" rules, see Fight-for-the-Future.xml
-
-	Refused:
-		internetvotes.org
-
-	Invalid certificate:
-		www.internetvotes.org
-
--->
-<ruleset name="Internet Votes.org">
-
-	<target host="internetvotes.org" />
-	<target host="www.internetvotes.org" />
-
-	<rule from="^http://(www\.)?internetvotes\.org/"
-		to="https://internetvotes.herokuapp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/InternetX.com.xml b/src/chrome/content/rules/InternetX.com.xml
new file mode 100644
index 000000000000..ddff5eb32c41
--- /dev/null
+++ b/src/chrome/content/rules/InternetX.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="InternetX.com (partial)">
+	<target host="internetx.com" />
+	<target host="www.internetx.com" />
+	<target host="cdn.internetx.com" />
+	<target host="help.internetx.com" />
+	<target host="ox.internetx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Internet_Brands.xml b/src/chrome/content/rules/Internet_Brands.xml
index fcb0e26173b0..b9d1475c4487 100644
--- a/src/chrome/content/rules/Internet_Brands.xml
+++ b/src/chrome/content/rules/Internet_Brands.xml
@@ -2,65 +2,16 @@
 	Other Internet Brands rulesets:
 
 		- Model_Mayhem.xml
-
-
-	CDN buckets:
-
-		- wac.2632.edgecastcdn.net
-
-			- cdc.ibsrv.net
-			- mms.ibsrv.net
-			- static.ibsrv.net
-			- www.internetbrands.com
-
-
-	Problematic domains:
-
-		- cdc.ibsrv.net			(works, mismatched, CN: gp1.wac.edgecastcdn.net)
-		- mms.ibsrv.net *
-		- static.ibsrv.net *
-		- internetbrands.com		(expired, mismatched, CN: www.internetbrands.com)
-		- www.internetbrands.com *
-
-	* 404, mismatched, CN: gp1.wac.edgecastcdn.net
-
-
-	Partially covered domains:
-
-		- (www.)internetbrands.com	(→ cdcssl.ibsrv.net)
-
-
-	Fully covered domains:
-
-		- pxlssl.ibpxl.com
-
-		- ibsrv.net subdomains:
-
-			- cdc		(→ cdcssl)
-			- cdcssl
-			- mms		(→ cdcssl)
-			- static	(→ staticssl)
-			- staticssl
+		- IBsrv.net.xml
 
 -->
 <ruleset name="Internet Brands">
 
 	<target host="pxlssl.ibpxl.com" />
-	<target host="*.ibsrv.net" />
 	<target host="internetbrands.com" />
 	<target host="www.internetbrands.com" />
 
-
-	<rule from="^http://pxlssl\.ibpxl\.com/"
-		to="https://pxlssl.ibpxl.com/" />
-
-	<rule from="^http://(?:cdc|cdcssl|mms)\.ibsrv\.net/"
-		to="https://cdcssl.ibsrv.net/modelmayhem/" />
-
-	<rule from="^http://static(?:ssl)?\.ibsrv\.net/"
-		to="https://staticssl.ibsrv.net/" />
-
-	<rule from="^http://(?:www\.)?internetbrands\.com/mt-static/"
-		to="https://cdcssl.ibsrv.net/ibcom/mt-static/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Internet_Video_Archive.com.xml b/src/chrome/content/rules/Internet_Video_Archive.com.xml
index a424d17b8921..16e46bd06bb5 100644
--- a/src/chrome/content/rules/Internet_Video_Archive.com.xml
+++ b/src/chrome/content/rules/Internet_Video_Archive.com.xml
@@ -9,7 +9,6 @@
 	<target host="content.internetvideoarchive.com" />
 
 
-	<rule from="^http://content\.internetvideoarchive\.com/"
-		to="https://d2nebe8lbbiml.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Internetfonden.se.xml b/src/chrome/content/rules/Internetfonden.se.xml
deleted file mode 100644
index 84007a44576a..000000000000
--- a/src/chrome/content/rules/Internetfonden.se.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Internetfonden.se">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="internetfonden.se" />
-	<target host="www.internetfonden.se" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Internetsuccess.at.xml b/src/chrome/content/rules/Internetsuccess.at.xml
index 003f8cee7f63..d9b09f7ef9a2 100644
--- a/src/chrome/content/rules/Internetsuccess.at.xml
+++ b/src/chrome/content/rules/Internetsuccess.at.xml
@@ -6,10 +6,12 @@ Fetch error: http://internetsuccess.at/ => https://internetsuccess.at/: (51, "SS
 	www: mismatched
 
 -->
-<ruleset name="internetsuccess.at" default_off='failed ruleset test'>
+<ruleset name="internetsuccess.at" default_off="failed ruleset test">
 
 	<target host="internetsuccess.at" />
-	<target host="*.internetsuccess.at" />
+	<target host="p42.internetsuccess.at" />
+	<target host="second.internetsuccess.at" />
+	<target host="www.internetsuccess.at" />
 
 
 	<rule from="^http://(?:(p42\.|second\.)|www\.)?internetsuccess\.at/"
diff --git a/src/chrome/content/rules/Internot.info.xml b/src/chrome/content/rules/Internot.info.xml
deleted file mode 100644
index f5f62ed21e58..000000000000
--- a/src/chrome/content/rules/Internot.info.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog
-
--->
-<ruleset name="Internot.info (partial)">
-
-	<target host="internot.info" />
-	<target host="www.internot.info" />
-
-
-	<securecookie host="^\.internot\.info$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Interpol.int.xml b/src/chrome/content/rules/Interpol.int.xml
index cbba79286f9f..bd3b2feddbc9 100644
--- a/src/chrome/content/rules/Interpol.int.xml
+++ b/src/chrome/content/rules/Interpol.int.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	Bad certficate:
 		autodiscover.interpol.int
 		c11.interpol.int
diff --git a/src/chrome/content/rules/Intertwingly.net.xml b/src/chrome/content/rules/Intertwingly.net.xml
new file mode 100644
index 000000000000..81fa4b39f3a4
--- /dev/null
+++ b/src/chrome/content/rules/Intertwingly.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Intertwingly.net">
+  <target host="intertwingly.net" />
+  <target host="www.intertwingly.net" />
+  <target host="rubix.intertwingly.net" />
+<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intevation-GmbH.xml b/src/chrome/content/rules/Intevation-GmbH.xml
index 54deba1daff2..51fa6c0f87e5 100644
--- a/src/chrome/content/rules/Intevation-GmbH.xml
+++ b/src/chrome/content/rules/Intevation-GmbH.xml
@@ -113,6 +113,6 @@ Refused connection:
 	<target host="testkolab.intevation.de" />
 	<target host="waska-anwender.intevation.de" />
 	<target host="wasko-schulverweigerung.intevation.de" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Into_Higher.com.xml b/src/chrome/content/rules/Into_Higher.com.xml
index 2d6f53cde71a..55517fc576fe 100644
--- a/src/chrome/content/rules/Into_Higher.com.xml
+++ b/src/chrome/content/rules/Into_Higher.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.intohigher.com/ => https://www.intohigher.com/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="Into Higher.com" default_off='failed ruleset test'>
+<ruleset name="Into Higher.com" default_off="failed ruleset test">
 
 	<target host="intohigher.com" />
 	<target host="www.intohigher.com" />
diff --git a/src/chrome/content/rules/Intrepid_Museum.xml b/src/chrome/content/rules/Intrepid_Museum.xml
index b4297d62ecdf..4c3c83dcfc5d 100644
--- a/src/chrome/content/rules/Intrepid_Museum.xml
+++ b/src/chrome/content/rules/Intrepid_Museum.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Intrepidus_Group.com.xml b/src/chrome/content/rules/Intrepidus_Group.com.xml
index e0a06e8bd1b6..dce9d8d5013e 100644
--- a/src/chrome/content/rules/Intrepidus_Group.com.xml
+++ b/src/chrome/content/rules/Intrepidus_Group.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.intrepidusgroup.com/ => https://www.intrepidusgroup.com/
 	Server is configured for rc4 only.
 
 -->
-<ruleset name="Intrepidus Group.com" default_off='failed ruleset test'>
+<ruleset name="Intrepidus Group.com" default_off="failed ruleset test">
 
 	<target host="intrepidusgroup.com" />
 	<target host="www.intrepidusgroup.com" />
diff --git a/src/chrome/content/rules/Intuit-problematic.xml b/src/chrome/content/rules/Intuit-problematic.xml
deleted file mode 100644
index f7c2ea6f27ed..000000000000
--- a/src/chrome/content/rules/Intuit-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Intuit.xml.
-
--->
-<ruleset name="Intuit (problematic)" default_off="mismatched">
-
-	<target host="intuitpayments.com" />
-	<target host="www.intuitpayments.com" />
-
-
-	<rule from="^http://(?:www\.)?/intuitpayments\.com/(favicon\.ico|Global/|KeyGrip\.ashx|Templates/)"
-		to="https://intuitpayments.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intuit.com.xml b/src/chrome/content/rules/Intuit.com.xml
new file mode 100644
index 000000000000..f7e0c020177b
--- /dev/null
+++ b/src/chrome/content/rules/Intuit.com.xml
@@ -0,0 +1,59 @@
+<!--
+
+	Non-functional hosts
+		Timeout was reached:
+		- business.intuit.com
+		- healthcard.intuit.com
+		- healthcards.intuit.com
+		- quickbase-community-e2e.intuit.com
+		- websites.intuit.com
+
+		SSL connect error:
+		- ifs.intuit.com
+
+		SSL peer certificate was not OK:
+		- academy.intuit.com
+		- paytrust.intuit.com
+
+		4xx client error:
+		- http-download.intuit.com
+		- support.quickbooks.intuit.com
+		- images.turbotax.intuit.com
+-->
+<ruleset name="Intuit.com">
+	<target host="intuit.com" />
+	<target host="www.intuit.com" />
+	<target host="about.intuit.com" />
+	<target host="accountants.intuit.com" />
+	<target host="accounts.intuit.com" />
+	<target host="appcenter.intuit.com" />
+	<target host="css.appcenter.intuit.com" />
+	<target host="images.appcenter.intuit.com" />
+	<target host="blog.intuit.com" />
+	<target host="careers.intuit.com" />
+	<target host="community.intuit.com" />
+	<target host="developer.intuit.com" />
+	<target host="enterprisesuite.intuit.com" />
+	<target host="fi.intuit.com" />
+	<target host="www.fi.intuit.com" />
+	<target host="healthcare.intuit.com" />
+	<target host="index.intuit.com" />
+	<target host="intuitmarket.intuit.com" />
+	<target host="quickbooks.lc.intuit.com" />
+	<target host="payments.intuit.com" />
+	<target host="payroll.intuit.com" />
+	<target host="pointofsale.intuit.com" />
+	<target host="privacy.intuit.com" />
+	<target host="proadvisor.intuit.com" />
+	<target host="quickbooks.intuit.com" />
+	<target host="quickbooksonline.intuit.com" />
+	<target host="sci.intuit.com" />
+	<target host="security.intuit.com" />
+	<target host="smallbusiness.intuit.com" />
+	<target host="ttlc.intuit.com" />
+	<target host="turbotax.intuit.com" />
+	<target host="blog.turbotax.intuit.com" />
+	<target host="support.turbotax.intuit.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intuit.xml b/src/chrome/content/rules/Intuit.xml
deleted file mode 100644
index b15a57b50efb..000000000000
--- a/src/chrome/content/rules/Intuit.xml
+++ /dev/null
@@ -1,197 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://quickbase.com/ => https://www.quickbase.com/: Too many redirects while fetching 'https://www.quickbase.com/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://billscenter.paytrust.com/ => https://billscenter.paytrust.com/: (7, 'Failed to connect to billscenter.paytrust.com port 80: Connection refused')
-	For problematic rules, see Intuit-problematic.xml
-
-
-	Other Intuit rulesets:
-
-		- Intuit_Labs.com.xml
-		- Love_Our_Local_Business.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/media.turbotaxcpaselect.intuit.com/
-		- d13yycbcrizy5m.cloudfront.net
-		- d2l1w43gzkifhk.cloudfront.net
-		- d2t6vx8xuyfwjt.cloudfront.net
-		- e61667af7f740600c4e8-0971b8480fe84ded6a5e322d96450080.r36.cf1.rackcdn.com
-
-
-	Nonfunctional domains:
-
-		- gopayment.com
-		- www.gopayment.com *
-
-		- intuit.com subdomains:
-
-			- blog			(reset, expired)
-			- careers		(shows default MediaTemple page, self-signed)
-			- ippblog		(times out)
-			- m
-			- reviews.turbotax ***
-			- socialreviews.turbotax ***
-			- support.turbotax *
-
-		- intuitreseller.com		(times out)
-		- www.intuitreseller.com	(shows meeting-reg.com, CN: meeting-reg.com)
-		- (www.)intuitsolutionproviders.com	(shows meeting-reg.com, CN: meeting-reg.com)
-		- blog-s1.intuitstatic.com	(500)
-		- m-s1.intuitstatic.com		(500)
-
-	* Redirects to www.intuit.com, expired
-	*** 503, akamai
-
-
-	Problematic domains:
-
-		- intuit.com subdomains:
-
-			- index			(pages work but images don't, mismatched, CN: online.payroll.intuit.com)
-			- a\d+.quickbase	(mismatched, CN: quickbase.intuit.com)
-			- blog.turbotax		(mismatched, CN: *.wordpress.com)
-
-		- intuitpayments.com		(mismatched, CN: *.postclickmarketing.com)
-		- quickbase.com			(cert only matches *.quickbase.com)
-
-
-	Fully covered domains:
-
-		- intuit.com subdomains:
-
-			- (www.)
-			- about
-			- academy
-			- accountants
-			- blog.accountants
-			- accounts
-
-			- appcenter subdomains:
-
-				- ^
-				- css
-				- images
-
-			- business
-			- community
-			- developer
-			- enterprisesuite
-			- (www.)fi
-			- healthcard
-			- healthcards
-			- healthcare
-			- http-download
-			- ifs
-			- insurance
-			- intuitmarket
-			- ipn
-			- quickbooks.lc
-			- qbosg.lcp
-			- learn
-			- marketplace
-			- paymentnetwork
-			- payments
-			- payroll
-			- paytrust
-			- pointofsale
-			- privacy
-			- proadvisor
-			- psswprod3lb
-			- support.quickbooks.qdc
-			- quickbase
-			- a\d*.quickbase		(→ quickbase)
-			- quickbase-community-e2e
-
-			- quickbooks subdomains:
-
-				- ^
-				- support
-
-			- quickbooksonline
-			- quicken
-			- sci
-			- security
-			- smallbusiness
-			- ttlc
-			- ttlcprd
-			- turbotax
-			- images.turbotax
-			- turbotaxcpaselect
-			- media.turbotaxcpaselect	(→ s3.amazonaws.com)
-			- websites
-
-		- *.intuitcdn.net:
-
-			- intuitmarket
-			- quickbase
-
-		- intuitstatic.com subdomains:
-
-			- s[123]
-			- payments-s3
-
-		- billscenter.paytrust.com
-
-		- quickbase.com subdomains:
-
-			- (www.)	(^ → www)
-			- intuitcorp
-
-		- (www.)turbotax.com
-
--->
-<ruleset name="Intuit (partial)" default_off='failed ruleset test'>
-
-	<target host="*.intuit.com" />
-	<target host="*.intuitcdn.net" />
-	<target host="*.intuitstatic.com" />
-	<target host="billscenter.paytrust.com" />
-	<target host="quickbase.com" />
-	<target host="*.quickbase.com" />
-	<target host="turbotax.com" />
-	<target host="*.turbotax.com" />
-
-
-	<!--securecookie host="^\.intuit\.com$" name=".+" /-->
-	<securecookie host="^.+\.intuit\.com$" name=".+" />
-	<securecookie host="^billscenter\.paytrust\.com$" name=".+" />
-
-
-	<!--	$ redirects to http.
-					-->
-	<rule from="^http://quicken\.intuit\.com/(\?.*)?$"
-		to="https://quicken.intuit.com/index.jsp$1" />
-
-	<rule from="^http://((?:about|academy|(?:blog\.)?accountants|accounts|(?:css\.|images\.)?appcenter|business|community|developer|enterprisesuite|(?:www\.)?fi|healthcards?|healthcare|http-download|ifs|insurance|intuitmarket|ipn|quickbooks\.lc|qbosg\.lcp|learn|marketplace|paymentnetwork|payments|payroll|paytrust|pointofsale|privacy|proadvisor|psswprod3lb|support\.quickbooks\.qdc|quickbase|quickbase-community-e2e|(?:support\.)?quickbooks|quickbooksonline|quicken|sci|security|smallbusiness|ttlc|ttlcprd|(?:images\.)?turbotax|turbotaxcpaselect|websites|www)\.)?intuit\.com/"
-		to="https://$1intuit.com/" />
-
-	<rule from="^http://a\d*\.quickbase\.intuit\.com/"
-		to="https://quickbase.intuit.com/" />
-
-	<rule from="^http://media\.turbotaxcpaselect\.intuit\.com/"
-		to="https://s3.amazonaws.com/media.turbotaxcpaselect.intuit.com/" />
-
-	<rule from="^http://(\w+)\.intuitcdn\.net/"
-		to="https://$1.intuitcdn.net/" />
-
-	<rule from="^http://(payments-s3|s[123])\.intuitstatic\.com/"
-		to="https://$1.intuitstatic.com/" />
-
-	<rule from="^http://billscenter\.paytrust\.com/"
-		to="https://billscenter.paytrust.com/" />
-
-	<rule from="^http://(?:www\.)?quickbase\.com/"
-		to="https://www.quickbase.com/" />
-
-	<rule from="^http://intuitcorp\.quickbase\.com/"
-		to="https://intuitcorp.quickbase.com/" />
-
-	<rule from="^http://(www\.)?turbotax\.com/"
-		to="https://$1turbotax.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/IntuitPayments.com.xml b/src/chrome/content/rules/IntuitPayments.com.xml
new file mode 100644
index 000000000000..ac5036e67a8a
--- /dev/null
+++ b/src/chrome/content/rules/IntuitPayments.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="IntuitPayments.com">
+	<target host="intuitpayments.com" />
+	<target host="www.intuitpayments.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IntuitStatic.com.xml b/src/chrome/content/rules/IntuitStatic.com.xml
new file mode 100644
index 000000000000..d84b960c86f3
--- /dev/null
+++ b/src/chrome/content/rules/IntuitStatic.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- payments-s3.intuitstatic.com
+		- s3.intuitstatic.com
+
+		4xx client error:
+		- intuitstatic.com
+
+		5xx server error:
+		- m-s1.intuitstatic.com
+-->
+<ruleset name="IntuitStatic.com">
+	<target host="blog-s1.intuitstatic.com" />
+	<target host="s1.intuitstatic.com" />
+	<target host="s2.intuitstatic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Intuit_Labs.com.xml b/src/chrome/content/rules/Intuit_Labs.com.xml
deleted file mode 100644
index 6672c8e3873f..000000000000
--- a/src/chrome/content/rules/Intuit_Labs.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Intuit coverage, see Intuit.xml.
-
--->
-<ruleset name="Intuit Labs.com">
-
-	<target host="intuitlabs.com" />
-	<target host="www.intuitlabs.com" />
-
-
-	<securecookie host="^\.intuitlabs\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Intuitive_Password.com.xml b/src/chrome/content/rules/Intuitive_Password.com.xml
index f8ac6bfba046..56855c44cd09 100644
--- a/src/chrome/content/rules/Intuitive_Password.com.xml
+++ b/src/chrome/content/rules/Intuitive_Password.com.xml
@@ -12,7 +12,7 @@
 <ruleset name="Intuitive Password.com (partial)">
 
 	<target host="intuitivepassword.com" />
-	<target host="*.intuitivepassword.com" />
+	<target host="www.intuitivepassword.com" />
 
 
 	<securecookie host="^(?:www)?\.intuitivepassword\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Invaluable.com.xml b/src/chrome/content/rules/Invaluable.com.xml
new file mode 100644
index 000000000000..0f9a75cd60c4
--- /dev/null
+++ b/src/chrome/content/rules/Invaluable.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional subdomains:
+		- live	(s)
+		- sothebys.live		(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard cert and dns.
+-->
+<ruleset name="Invaluable.com">
+
+	<target host="invaluable.com" />
+	<target host="www.invaluable.com" />
+	<target host="2018.invaluable.com" />
+	<target host="api.invaluable.com" />
+	<target host="asiaweek.invaluable.com" />
+	<target host="blog.invaluable.com" />
+	<target host="connect.invaluable.com" />
+	<target host="gdpr.invaluable.com" />
+	<target host="news.invaluable.com" />
+	<target host="oldmasters.invaluable.com" />
+	<target host="secure.invaluable.com" />
+	<target host="site.invaluable.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InvenSense.com.xml b/src/chrome/content/rules/InvenSense.com.xml
deleted file mode 100644
index 85ab83e8d18f..000000000000
--- a/src/chrome/content/rules/InvenSense.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	(www.): refused
-
-
-	Problematic subdomains:
-
-		- ir *
-
-	* corporate-ir.net
-
--->
-<ruleset name="InvenSense.com (partial)">
-
-	<target host="store.invensense.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^store\.invensense\.com$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^store\.invensense\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Invenio-software.org.xml b/src/chrome/content/rules/Invenio-software.org.xml
index 0fc8d0cf3833..5140d659e37d 100644
--- a/src/chrome/content/rules/Invenio-software.org.xml
+++ b/src/chrome/content/rules/Invenio-software.org.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.invenio-software.org/ => https://www.invenio-software.or
 	* Unsecurable <= dropped
 
 -->
-<ruleset name="Invenio-software.org" default_off='failed ruleset test'>
+<ruleset name="Invenio-software.org" default_off="failed ruleset test">
 
 	<target host="invenio-software.org" />
 	<target host="www.invenio-software.org" />
diff --git a/src/chrome/content/rules/InventHelp.xml b/src/chrome/content/rules/InventHelp.xml
index f42fc085a457..1bcee2a431f6 100644
--- a/src/chrome/content/rules/InventHelp.xml
+++ b/src/chrome/content/rules/InventHelp.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Inventive_Designers.com.xml b/src/chrome/content/rules/Inventive_Designers.com.xml
index f88f7a0bc2ba..914efbf0decf 100644
--- a/src/chrome/content/rules/Inventive_Designers.com.xml
+++ b/src/chrome/content/rules/Inventive_Designers.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://support.inventivedesigners.com/ => https://support.inventive
 		- www.inventivedesigners.com
 
 -->
-<ruleset name="Inventive Designers.com" default_off='failed ruleset test'>
+<ruleset name="Inventive Designers.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Investigative-News-Network.xml b/src/chrome/content/rules/Investigative-News-Network.xml
deleted file mode 100644
index 0650e2f93476..000000000000
--- a/src/chrome/content/rules/Investigative-News-Network.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--	hosted on bluehost, pages redirect recursively
--->
-<ruleset name="Investigative News Network (partial)" default_off="mismatched">
-
-	<target host="npjhub.org"/>
-	<target host="www.npjhub.org"/>
-
-	<rule from="^http://(?:www\.)?npjhub\.org/favicon\.ico"
-		to="https://www.npjhub.org/favicon.ico"/>
-
-	<rule from="^http://(?:www\.)?npjhub\.org/wp-(admin/|content/|login\.php)"
-		to="https://www.npjhub.org/~npjhubor/wp-$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Investing-Channel.xml b/src/chrome/content/rules/Investing-Channel.xml
deleted file mode 100644
index d216ebb23529..000000000000
--- a/src/chrome/content/rules/Investing-Channel.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/cdn.investingchannel.com | dggaenaawxe8z.cloudfront.net
-
-	Nonfunctional domains:
-
-		- (www.)investingchannel.com	(times out)
-
--->
-<ruleset name="Investing Channel (partial)">
-
-	<target host="*.investingchannel.com" />
-
-
-	<rule from="^http://ads\.investingchannel\.com/"
-		to="https://ads.investingchannel.com/" />
-
-	<rule from="^http://cdn\.investingchannel\.com/"
-		to="https://s3.amazonaws.com/cdn.investingchannel.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Investing.com.xml b/src/chrome/content/rules/Investing.com.xml
new file mode 100644
index 000000000000..b829dc50b820
--- /dev/null
+++ b/src/chrome/content/rules/Investing.com.xml
@@ -0,0 +1,75 @@
+<!--
+	Non-functional hosts
+		Mixed content blocking (MCB) triggered:
+		- ru.investing.com
+-->
+<ruleset name="Investing.com">
+	<target host="investing.com" />
+	<target host="www.investing.com" />
+	<target host="au.investing.com" />
+	<target host="binfinity.investing.com" />
+	<target host="br.investing.com" />
+	<target host="ca.investing.com" />
+	<target host="m.ca.investing.com" />
+	<target host="cn.investing.com" />
+	<target host="de.investing.com" />
+	<target host="news.education.investing.com" />
+	<target host="es.investing.com" />
+	<target host="fi.investing.com" />
+	<target host="fr.investing.com" />
+	<target host="gr.investing.com" />
+	<target host="hi.investing.com" />
+	<target host="hk.investing.com" />
+	<target host="id.investing.com" />
+	<target host="il.investing.com" />
+	<target host="in.investing.com" />
+	<target host="it.investing.com" />
+	<target host="jp.investing.com" />
+	<target host="kr.investing.com" />
+	<target host="m.kr.investing.com" />
+	<target host="m.investing.com" />
+	<target host="ms.investing.com" />
+	<target host="mx.investing.com" />
+	<target host="ng.investing.com" />
+	<target host="nl.investing.com" />
+	<target host="ph.investing.com" />
+	<target host="pl.investing.com" />
+	<target host="pt.investing.com" />
+	<target host="sa.investing.com" />
+	<target host="se.investing.com" />
+	<target host="th.investing.com" />
+	<target host="tr.investing.com" />
+	<target host="tvcharts.investing.com" />
+	<target host="uk.investing.com" />
+	<target host="vn.investing.com" />
+	<target host="www.widgets.investing.com" />
+	<target host="br.widgets.investing.com" />
+	<target host="cn.widgets.investing.com" />
+	<target host="de.widgets.investing.com" />
+	<target host="es.widgets.investing.com" />
+	<target host="fi.widgets.investing.com" />
+	<target host="fr.widgets.investing.com" />
+	<target host="gr.widgets.investing.com" />
+	<target host="hk.widgets.investing.com" />
+	<target host="id.widgets.investing.com" />
+	<target host="il.widgets.investing.com" />
+	<target host="in.widgets.investing.com" />
+	<target host="it.widgets.investing.com" />
+	<target host="jp.widgets.investing.com" />
+	<target host="kr.widgets.investing.com" />
+	<target host="mx.widgets.investing.com" />
+	<target host="nl.widgets.investing.com" />
+	<target host="pl.widgets.investing.com" />
+	<target host="pt.widgets.investing.com" />
+	<target host="ru.widgets.investing.com" />
+	<target host="sa.widgets.investing.com" />
+	<target host="th.widgets.investing.com" />
+	<target host="tr.widgets.investing.com" />
+	<target host="uk.widgets.investing.com" />
+	<target host="vn.widgets.investing.com" />
+	<target host="za.investing.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/InvestingChannel.com.xml b/src/chrome/content/rules/InvestingChannel.com.xml
new file mode 100644
index 000000000000..3abcbec13180
--- /dev/null
+++ b/src/chrome/content/rules/InvestingChannel.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- cdn.investingchannel.com
+-->
+<ruleset name="InvestingChannel.com">
+	<target host="investingchannel.com" />
+	<target host="ads.investingchannel.com" />
+	<target host="www.investingchannel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Investis.com.xml b/src/chrome/content/rules/Investis.com.xml
deleted file mode 100644
index 1cd231d61d02..000000000000
--- a/src/chrome/content/rules/Investis.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(mismatched, CN: www2.myinvestis.com)
-		- blog *
-		- www1 *
-
-	* Refused
-
-
-	Problematic domains:
-
-		- miranda.hemscott.com	(mismatched, CN: hsprod.investis.com)
-
--->
-<ruleset name="Investis.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="hsprod.investis.com" />
-
-	<!--	Complications:
-				-->
-	<target host="miranda.hemscott.com" />
-
-
-	<!--	Server sets Secure:
-					-->
-	<!--securecookie host="^hsprod\.investis\.com$" name=".+" /-->
-
-
-	<rule from="^http://miranda\.hemscott\.com/"
-		to="https://hsprod.investis.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Invidious.site.xml b/src/chrome/content/rules/Invidious.site.xml
new file mode 100644
index 000000000000..63605f5492e5
--- /dev/null
+++ b/src/chrome/content/rules/Invidious.site.xml
@@ -0,0 +1,7 @@
+<ruleset name="Invidious.site">
+	<target host="invidious.site" />
+	<target host="www.invidious.site" />
+	<target host="status.invidious.site" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invidious.tube.xml b/src/chrome/content/rules/Invidious.tube.xml
new file mode 100644
index 000000000000..1022b1ed76a7
--- /dev/null
+++ b/src/chrome/content/rules/Invidious.tube.xml
@@ -0,0 +1,8 @@
+<ruleset name="Invidious.tube">
+	<target host="invidious.tube" />
+	<target host="www.invidious.tube" />
+	<target host="status.invidious.tube" />
+	<target host="vps.invidious.tube" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invidious.xyz.xml b/src/chrome/content/rules/Invidious.xyz.xml
new file mode 100644
index 000000000000..89dc00d89715
--- /dev/null
+++ b/src/chrome/content/rules/Invidious.xyz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Invidious.xyz">
+	<target host="invidious.xyz" />
+	<target host="status.invidious.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invincea.com.xml b/src/chrome/content/rules/Invincea.com.xml
index efc40cf49bc0..0c6460060269 100644
--- a/src/chrome/content/rules/Invincea.com.xml
+++ b/src/chrome/content/rules/Invincea.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="Invincea.com (partial)">
 
 	<target host="invincea.com" />
-	<target host="*.invincea.com" />
+	<target host="www.invincea.com" />
+	<target host="info.invincea.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/InviteMedia.com.xml b/src/chrome/content/rules/InviteMedia.com.xml
new file mode 100644
index 000000000000..651fb9e17c15
--- /dev/null
+++ b/src/chrome/content/rules/InviteMedia.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- invitemedia.com
+		- www.invitemedia.com
+		- assets.invitemedia.com
+		- dashboard.invitemedia.com
+		- adaptv.pixel.invitemedia.com
+		- adscale.pixel.invitemedia.com
+		- contextweb.pixel.invitemedia.com
+		- hulu.pixel.invitemedia.com
+		- lijit.pixel.invitemedia.com
+		- ca.lijit.pixel.invitemedia.com
+		- pixel.prod2.invitemedia.com
+-->
+<ruleset name="InviteMedia.com">
+	<target host="akamai.invitemedia.com" />
+	<target host="conversion-pixel.invitemedia.com" />
+	<target host="g-pixel.invitemedia.com" />
+	<target host="pixel.invitemedia.com" />
+	<target host="segment-pixel.invitemedia.com" />
+	<target host="t.invitemedia.com" />
+	<target host="tracker.invitemedia.com" />
+	<target host="vmm-pixel.invitemedia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Invite_Media.xml b/src/chrome/content/rules/Invite_Media.xml
deleted file mode 100644
index e575551c5ec2..000000000000
--- a/src/chrome/content/rules/Invite_Media.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dakeffzy54mxb.cloudfront.net
-
-			- www.invitemedia.com
-
-		- akamai.invitemedia.com.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- ^
-		- www		(cloudfront)
-		- akamai	(works, akamai)
-		- bub.px	(depth mismatched)
-
-
-	bub.px, g-pixel, pixel, & segment-pixel serve web bugs.
-
--->
-<ruleset name="Invite Media (partial)">
-
-	<target host="invitemedia.com" />
-	<target host="*.invitemedia.com" />
-
-
-	<securecookie host="^\.invitemedia\.com$" name="^(?:segments_p1|uid)$" />
-
-
-	<rule from="^http://(?:www\.)?invitemedia\.com/([\w-]+\.(?:css|png))"
-		to="https://www.invitemedia.com/$1" />
-
-	<!--	Seems to work (and who cares if it doesn't):
-								-->
-	<rule from="^http://bub\.px\.invitemedia\.com/"
-		to="https://pixel.invitemedia.com/" />
-
-	<rule from="^http://(?:dashboard(?:-cdn)?|g-pixel|pixel|segment-pixel)\.invitemedia\.com/"
-		to="https://$1.invitemedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Invitel.xml b/src/chrome/content/rules/Invitel.xml
deleted file mode 100644
index 8d926f7c99e0..000000000000
--- a/src/chrome/content/rules/Invitel.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!-- Nonfunctional subdomains:
-	 - www.invitel.hu (broken links)
--->
-<ruleset name="Invitel (partial)">
-	<target host="mail.invitel.hu" />
-	<target host="webmail.eol.hu" />
-
-	<securecookie host="^(?:mail\.invitel|webmail\.eol)\.hu$" name=".+" />
-	<rule from="^http://mail\.invitel\.hu/" to="https://mail.invitel.hu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Invoca.net.xml b/src/chrome/content/rules/Invoca.net.xml
index a547636012a5..e32f56842d23 100644
--- a/src/chrome/content/rules/Invoca.net.xml
+++ b/src/chrome/content/rules/Invoca.net.xml
@@ -5,7 +5,8 @@
 <ruleset name="Invoca.net">
 
 	<target host="invoca.net" />
-	<target host="*.invoca.net" />
+	<target host="www.invoca.net" />
+	<target host="www2.invoca.net" />
 
 
 	<!--	Some, but not all, secured by server:
@@ -13,7 +14,6 @@
 	<securecookie host="^\.invoca\.net$" name=".+" />
 
 
-	<rule from="^http://(www2?\.)?invoca\.net/"
-		to="https://$1invoca.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Invodo.xml b/src/chrome/content/rules/Invodo.xml
index 2698035116a9..3e06e6feca22 100644
--- a/src/chrome/content/rules/Invodo.xml
+++ b/src/chrome/content/rules/Invodo.xml
@@ -13,7 +13,9 @@
 <ruleset name="Invodo (partial)">
 
 	<target host="invodo.com" />
-	<target host="*.invodo.com" />
+	<target host="www.invodo.com" />
+	<target host="e.invodo.com" />
+	<target host="www2.invodo.com" />
 
 
 	<rule from="^http://(www\.)?invodo\.com/register/"
@@ -25,4 +27,4 @@
 	<rule from="^http://www2\.invodo\.com/l/"
 		to="https://go.pardot.com/l/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Invoice_Ocean.xml b/src/chrome/content/rules/Invoice_Ocean.xml
index 8841cca289d5..df62548c879c 100644
--- a/src/chrome/content/rules/Invoice_Ocean.xml
+++ b/src/chrome/content/rules/Invoice_Ocean.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Involver.xml b/src/chrome/content/rules/Involver.xml
index b53b3921c8d6..9b31c27e4ec6 100644
--- a/src/chrome/content/rules/Involver.xml
+++ b/src/chrome/content/rules/Involver.xml
@@ -10,10 +10,16 @@ Fetch error: http://involver.com/ => https://involver.com/: (51, "SSL: no altern
 		- blog
 
 -->
-<ruleset name="Involver" default_off='failed ruleset test'>
+<ruleset name="Involver" default_off="failed ruleset test">
 
 	<target host="involver.com" />
-	<target host="*.involver.com" />
+	<target host="amp.involver.com" />
+	<target host="docs.involver.com" />
+	<target host="embednr.involver.com" />
+	<target host="facebook.involver.com" />
+	<target host="status.involver.com" />
+	<target host="www.involver.com" />
+	<target host="support.involver.com" />
 
 
 	<securecookie host="^.*\.involver\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Io9.com.xml b/src/chrome/content/rules/Io9.com.xml
deleted file mode 100644
index 52530e4c8903..000000000000
--- a/src/chrome/content/rules/Io9.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-	Invalid certificate:
-		- io9.com
-		- www.io9.com
-
-	Timeout:
-		- on.io9.com
--->
-<ruleset name="io9.com (partial)">
-	<target host="io9.com" />
-	<target host="www.io9.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://(www\.)?io9\.com/"
-		to="https://io9.gizmodo.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/IoMTT.com.xml b/src/chrome/content/rules/IoMTT.com.xml
index 89c63914932c..729f5199f4f1 100644
--- a/src/chrome/content/rules/IoMTT.com.xml
+++ b/src/chrome/content/rules/IoMTT.com.xml
@@ -23,14 +23,14 @@
 <ruleset name="IoMTT.com (partial)">
 
 	<target host="iomtt.com" />
-	<target host="*.iomtt.com" />
+	<target host="www.iomtt.com" />
+	<target host="shop.iomtt.com" />
 		<exclusion pattern="^http://(?:shop\.|www\.)?iomtt\.com/(?!~/|(?:Basket|My-Account)(?:$|[?/])|css/|favicon\.ico|images/|js/)" />
 
 
 	<rule from="^http://(?:www\.)?iomtt\.com/"
 		to="https://www.iomtt.com/" />
 
-	<rule from="^http://shop\.iomtt\.com/"
-		to="https://shop.iomtt.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Iono.fm.xml b/src/chrome/content/rules/Iono.fm.xml
index 0f68dd55c5a7..a3df11cb2914 100644
--- a/src/chrome/content/rules/Iono.fm.xml
+++ b/src/chrome/content/rules/Iono.fm.xml
@@ -42,10 +42,6 @@
 	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://static\.iono\.fm/"
-		to="https://d1pbkbr0pcz1zy.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Iovation.xml b/src/chrome/content/rules/Iovation.xml
index 3bf08cc7dd01..8842117e740c 100644
--- a/src/chrome/content/rules/Iovation.xml
+++ b/src/chrome/content/rules/Iovation.xml
@@ -14,9 +14,9 @@
 	<target host="www.iovation.com" />
 
 
-	<securecookie host="^(?:.+\.)?iovation\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ipfs.pics.xml b/src/chrome/content/rules/Ipfs.pics.xml
deleted file mode 100644
index 3f46f629121d..000000000000
--- a/src/chrome/content/rules/Ipfs.pics.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ipfs.pics/ => https://ipfs.pics/: (7, 'Failed to connect to ipfs.pics port 443: Connection refused')
-
-
--->
-<ruleset name="Ipfs.pics" default_off='failed ruleset test'>
-    <target host="ipfs.pics" />
-    <!-- <target host="www.ipfs.pics" /> (included in cert, but connection error) -->
-
-    <securecookie host="^(www\.)?ipfs\.pics" name=".+" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Iphoneblog.de.xml b/src/chrome/content/rules/Iphoneblog.de.xml
index b2215dc7466c..6dd11888f866 100644
--- a/src/chrome/content/rules/Iphoneblog.de.xml
+++ b/src/chrome/content/rules/Iphoneblog.de.xml
@@ -1,6 +1,6 @@
 <!--
 	Nonfunctional hosts in *.iphoneblog.de:
-	
+
 	Server not found:
 	    beta.iphoneblog.de
 	    dav.iphoneblog.de
diff --git a/src/chrome/content/rules/Iphoneincanada.ca.xml b/src/chrome/content/rules/Iphoneincanada.ca.xml
index b4d51c9f35f1..9f5129eb8d4e 100644
--- a/src/chrome/content/rules/Iphoneincanada.ca.xml
+++ b/src/chrome/content/rules/Iphoneincanada.ca.xml
@@ -10,7 +10,7 @@ Fetch error: http://cdn.iphoneincanada.ca/ => https://cdn.iphoneincanada.ca/: To
 	    push.iphoneincanada.ca (Error 404 - Not found)
 	    www.push.iphoneincanada.ca (Server not found)
 -->
-<ruleset name="Iphoneincanada" default_off='failed ruleset test'>
+<ruleset name="Iphoneincanada" default_off="failed ruleset test">
 
 	<target host="iphoneincanada.ca" />
 	<target host="www.iphoneincanada.ca" />
diff --git a/src/chrome/content/rules/Iphonelife.com.xml b/src/chrome/content/rules/Iphonelife.com.xml
index 3cfddeceb793..aed79ec23bcd 100644
--- a/src/chrome/content/rules/Iphonelife.com.xml
+++ b/src/chrome/content/rules/Iphonelife.com.xml
@@ -16,7 +16,7 @@
 	<target host="deals.iphonelife.com" />
 	<target host="insider.iphonelife.com" />
 	<target host="mailer.iphonelife.com" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Iplay.com.xml b/src/chrome/content/rules/Iplay.com.xml
index d2d329fed971..37218ff13f82 100644
--- a/src/chrome/content/rules/Iplay.com.xml
+++ b/src/chrome/content/rules/Iplay.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Iplay.com (partial)">
 
 	<target host="iplay.com" />
-	<target host="*.iplay.com" />
+	<target host="www.iplay.com" />
+	<target host="client.iplay.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Ipsidixit.net.xml b/src/chrome/content/rules/Ipsidixit.net.xml
index 8febfbf57ef7..67de74f343bc 100644
--- a/src/chrome/content/rules/Ipsidixit.net.xml
+++ b/src/chrome/content/rules/Ipsidixit.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ipsidixit.net/ => https://ipsidixit.net/: (51, "SSL: no alternative certificate subject name matches target host name 'ipsidixit.net'")
 
 -->
-<ruleset name="ipsidixit.net" default_off='failed ruleset test'>
+<ruleset name="ipsidixit.net" default_off="failed ruleset test">
 
 	<target host="ipsidixit.net" />
 	<target host="www.ipsidixit.net" />
diff --git a/src/chrome/content/rules/IraqBodyCount.org.xml b/src/chrome/content/rules/IraqBodyCount.org.xml
new file mode 100644
index 000000000000..a6c4385e5c37
--- /dev/null
+++ b/src/chrome/content/rules/IraqBodyCount.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="IraqBodyCount.org">
+	<target host="iraqbodycount.org" />
+	<target host="www.iraqbodycount.org" />
+	<target host="reports.iraqbodycount.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iraqueer.org.xml b/src/chrome/content/rules/Iraqueer.org.xml
new file mode 100644
index 000000000000..7bdf51859152
--- /dev/null
+++ b/src/chrome/content/rules/Iraqueer.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Time out:
+		mail.iraqueer.org
+		mail.ar-iraqueer.org
+
+-->
+<ruleset name="Iraqueer.org">
+
+	<target host="iraqueer.org" />
+	<target host="www.iraqueer.org" />
+
+	<target host="ar-iraqueer.org" />
+	<target host="www.ar-iraqueer.org" />
+
+	<target host="ku-iraqueer.org" />
+	<target host="www.ku-iraqueer.org" />	
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml
index 13d338e1dbd5..6aa15d4b9599 100644
--- a/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml
+++ b/src/chrome/content/rules/Irish-Country-Cottages.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
@@ -14,7 +14,7 @@
 
 	<rule from="^http://irish-country-cottages\.co\.uk/"
 		  	to="https://www.irish-country-cottages.co.uk/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/IrishBroadband.xml b/src/chrome/content/rules/IrishBroadband.xml
index dc269d9e4233..1aae84e7fac3 100644
--- a/src/chrome/content/rules/IrishBroadband.xml
+++ b/src/chrome/content/rules/IrishBroadband.xml
@@ -6,7 +6,7 @@ Fetch error: http://irishbroadband.ie/ => https://www.irishbroadband.ie/: (60, '
 Disabled by https-everywhere-checker because:
 Fetch error: http://irishbroadband.ie/ => https://www.irishbroadband.ie/: (51, "SSL: no alternative certificate subject name matches target host name 'www.irishbroadband.ie'")
 -->
-<ruleset name="Irish Broadband" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Irish Broadband" platform="mixedcontent" default_off="failed ruleset test">
   <target host="irishbroadband.ie" />
   <target host="*.irishbroadband.ie" />
 
diff --git a/src/chrome/content/rules/Ironwhale.com.xml b/src/chrome/content/rules/Ironwhale.com.xml
index a7f979d7a9b9..42f3e18e801e 100644
--- a/src/chrome/content/rules/Ironwhale.com.xml
+++ b/src/chrome/content/rules/Ironwhale.com.xml
@@ -4,13 +4,13 @@
 -->
 <ruleset name="Ironwhale.com">
 
-	<target host="*.ironwhale.com" />
+	<target host="mail.ironwhale.com" />
+	<target host="www.ironwhale.com" />
 
 
 	<securecookie host="^www\.ironwhale\.com$" name=".+" />
 
 
-	<rule from="^http://(mail|www)\.ironwhale\.com/"
-		to="https://$1.ironwhale.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Isalo.org.xml b/src/chrome/content/rules/Isalo.org.xml
index 0cb31f13e30b..5c4ddc42f2ae 100644
--- a/src/chrome/content/rules/Isalo.org.xml
+++ b/src/chrome/content/rules/Isalo.org.xml
@@ -17,14 +17,14 @@ Fetch error: http://pix.isalo.org/ => https://pix.isalo.org/: (51, "SSL: no alte
 		- css on paste from www.karma.mg ˢ
 
 		- Images, on:
-		
+
 			- paste from www.karma.mg ˢ
 			- www from $self ˢ
 
 	ˢ Secured by us
 
 -->
-<ruleset name="Isalo.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Isalo.org (partial)" default_off="failed ruleset test">
 
 	<target host="isalo.org" />
 	<target host="pix.isalo.org" />
diff --git a/src/chrome/content/rules/Iscturkey.org.xml b/src/chrome/content/rules/Iscturkey.org.xml
new file mode 100644
index 000000000000..cde499685f68
--- /dev/null
+++ b/src/chrome/content/rules/Iscturkey.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="ISCTurkey.org">
+	<target host="iscturkey.org" />
+	<target host="www.iscturkey.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iseclab.org.xml b/src/chrome/content/rules/Iseclab.org.xml
index b4c5d8a40979..e40e77a970f2 100644
--- a/src/chrome/content/rules/Iseclab.org.xml
+++ b/src/chrome/content/rules/Iseclab.org.xml
@@ -1,44 +1,20 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://wepawet.iseclab.org/ => https://wepawet.iseclab.org/: (60, 'SSL certificate problem: certificate has expired')
-
-	Nonfunctional hosts in *iseclab.org:
-
-		- exposure *
-
-	* Dropped
-
-
-	These altnames don't exist:
-
-		- www.wepawet.iseclab.org
-
-
-	Insecure cookies are set for these hosts:
-
-		- anubis.iseclab.org
+	Invalid certificate:
+		anubis.iseclab.org
+		blog.iseclab.org
+		mail.iseclab.org
+		secenv.iseclab.org
+		secprog.iseclab.org
+		wepawet.iseclab.org
 
 -->
-<ruleset name="Iseclab.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Iseclab.org">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="iseclab.org"/>
-	<target host="anubis.iseclab.org"/>
-	<target host="wepawet.iseclab.org" />
 	<target host="www.iseclab.org"/>
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^anubis\.iseclab\.org$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^anubis\.iseclab\.org$" name=".+" />
-
+	<target host="course.iseclab.org" />
 
 	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 and manually edited -->
diff --git a/src/chrome/content/rules/Islam-Globe.com.xml b/src/chrome/content/rules/Islam-Globe.com.xml
deleted file mode 100644
index 23bc90e13482..000000000000
--- a/src/chrome/content/rules/Islam-Globe.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Islam-Globe.com">
-	<target host="islam-globe.com" />
-	<target host="www.islam-globe.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Islam21c.com.xml b/src/chrome/content/rules/Islam21c.com.xml
new file mode 100644
index 000000000000..136e2c8c2cfd
--- /dev/null
+++ b/src/chrome/content/rules/Islam21c.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Islam21c.com">
+	<target host="islam21c.com" />
+	<target host="www.islam21c.com" />
+	<target host="ecourses.islam21c.com" />
+	<target host="emag.islam21c.com" />
+
+	<securecookie host="^(www|ecourses|emag)\.islam21c\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamAcademy.net.xml b/src/chrome/content/rules/IslamAcademy.net.xml
index 15bfc8c66f62..312d45f1a454 100644
--- a/src/chrome/content/rules/IslamAcademy.net.xml
+++ b/src/chrome/content/rules/IslamAcademy.net.xml
@@ -10,7 +10,7 @@ Fetch error: http://intesab.islamacademy.net/ => https://intesab.islamacademy.ne
 	- www.forum.islamacademy.net
 
 -->
-<ruleset name="IslamAcademy.net" default_off='failed ruleset test'>
+<ruleset name="IslamAcademy.net" default_off="failed ruleset test">
 	<target host="islamacademy.net" />
 	<target host="www.islamacademy.net" />
 	<target host="almajd.islamacademy.net" />
diff --git a/src/chrome/content/rules/IslamQA.info.xml b/src/chrome/content/rules/IslamQA.info.xml
deleted file mode 100644
index 589727c95472..000000000000
--- a/src/chrome/content/rules/IslamQA.info.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="IslamQA.info">
-	<target host="islamqa.info" />
-	<target host="www.islamqa.info" />
-	<target host="quiz.islamqa.info" />
-	<target host="static.islamqa.info" />
-		<test url="http://static.islamqa.info/js/flat-qa.js" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/IslamSpirit.com.xml b/src/chrome/content/rules/IslamSpirit.com.xml
new file mode 100644
index 000000000000..9245b1c2e236
--- /dev/null
+++ b/src/chrome/content/rules/IslamSpirit.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="IslamSpirit.com">
+	<target host="islamspirit.com" />
+	<target host="www.islamspirit.com" />
+	<target host="mail.islamspirit.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamSyria.com.xml b/src/chrome/content/rules/IslamSyria.com.xml
new file mode 100644
index 000000000000..cc328a230ee7
--- /dev/null
+++ b/src/chrome/content/rules/IslamSyria.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamSyria.com">
+	<target host="islamsyria.com" />
+	<target host="www.islamsyria.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamToday.net.xml b/src/chrome/content/rules/IslamToday.net.xml
index c3dbd18bd6a2..ff9ada647894 100644
--- a/src/chrome/content/rules/IslamToday.net.xml
+++ b/src/chrome/content/rules/IslamToday.net.xml
@@ -14,7 +14,7 @@ Fetch error: http://dev.islamtoday.net/ => https://dev.islamtoday.net/: (28, 'Op
 	- muntada.islamtoday.net
 
 -->
-<ruleset name="IslamToday.net" default_off='failed ruleset test'>
+<ruleset name="IslamToday.net" default_off="failed ruleset test">
 	<target host="islamtoday.net" />
 	<target host="www.islamtoday.net" />
 	<target host="azzawiah.islamtoday.net" />
diff --git a/src/chrome/content/rules/Islamic-Awareness.org.xml b/src/chrome/content/rules/Islamic-Awareness.org.xml
new file mode 100644
index 000000000000..fcf85121fda1
--- /dev/null
+++ b/src/chrome/content/rules/Islamic-Awareness.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islamic-Awareness.org">
+	<target host="islamic-awareness.org" />
+	<target host="www.islamic-awareness.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicBand.com.xml b/src/chrome/content/rules/IslamicBand.com.xml
deleted file mode 100644
index 4ab03d3cf8ff..000000000000
--- a/src/chrome/content/rules/IslamicBand.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="IslamicBand.com">
-	<target host="islamicband.com" />
-	<target host="www.islamicband.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/IslamicBulletin.org.xml b/src/chrome/content/rules/IslamicBulletin.org.xml
new file mode 100644
index 000000000000..9b9965d299cf
--- /dev/null
+++ b/src/chrome/content/rules/IslamicBulletin.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		m.islamicbulletin.org
+	SSL error:
+		www.mobile.islamicbulletin.org
+-->
+<ruleset name="IslamicBulletin.org">
+	<target host="islamicbulletin.org" />
+	<target host="www.islamicbulletin.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicPortal.co.uk.xml b/src/chrome/content/rules/IslamicPortal.co.uk.xml
new file mode 100644
index 000000000000..a4ceb6de6363
--- /dev/null
+++ b/src/chrome/content/rules/IslamicPortal.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="IslamicPortal.co.uk">
+	<target host="islamicportal.co.uk" />
+	<target host="www.islamicportal.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/IslamicTech.com.xml b/src/chrome/content/rules/IslamicTech.com.xml
index e7df03231493..7659cd8919e6 100644
--- a/src/chrome/content/rules/IslamicTech.com.xml
+++ b/src/chrome/content/rules/IslamicTech.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://bramj.islamictech.com/ => https://bramj.islamictech.com/: la
 Fetch error: http://soft.islamictech.com/ => https://soft.islamictech.com/: label empty or too long
 
 -->
-<ruleset name="IslamicTech.com" default_off='failed ruleset test'>
+<ruleset name="IslamicTech.com" default_off="failed ruleset test">
 	<target host="islamictech.com" />
 	<target host="www.islamictech.com" />
 	<target host="ar.islamictech.com" />
diff --git a/src/chrome/content/rules/Islamosaic.com.xml b/src/chrome/content/rules/Islamosaic.com.xml
new file mode 100644
index 000000000000..c606dece083e
--- /dev/null
+++ b/src/chrome/content/rules/Islamosaic.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Islamosaic.com">
+	<target host="islamosaic.com" />
+	<target host="www.islamosaic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Island-Savings.xml b/src/chrome/content/rules/Island-Savings.xml
index 80955eecf2f4..14e547af427b 100644
--- a/src/chrome/content/rules/Island-Savings.xml
+++ b/src/chrome/content/rules/Island-Savings.xml
@@ -7,7 +7,7 @@ Fetch error: http://dashband.islandsavings.ca/ => https://dashband.islandsavings
 		- partners.islandsavings.ca
 -->
 
-<ruleset name="Island Savings" default_off='failed ruleset test'>
+<ruleset name="Island Savings" default_off="failed ruleset test">
 	<target host="islandsavings.ca" />
 	<target host="www.islandsavings.ca" />
 	<target host="dashband.islandsavings.ca" />
diff --git a/src/chrome/content/rules/Islington.gov.uk.xml b/src/chrome/content/rules/Islington.gov.uk.xml
index 175d5a30efef..a53e2460a6dd 100644
--- a/src/chrome/content/rules/Islington.gov.uk.xml
+++ b/src/chrome/content/rules/Islington.gov.uk.xml
@@ -42,7 +42,7 @@
 		- css on touchchoices from $self ᵐ
 
 		- Images, on:
-		
+
 			- democracy from $self ˢ
 			- www.energyadvice, touchchoices from $self ᵐ
 
diff --git a/src/chrome/content/rules/IsoHunt.xml b/src/chrome/content/rules/IsoHunt.xml
index 1f360ca9dd84..738a7899c9c7 100644
--- a/src/chrome/content/rules/IsoHunt.xml
+++ b/src/chrome/content/rules/IsoHunt.xml
@@ -15,14 +15,14 @@ Fetch error: http://isohunt.com/ => https://isohunt.com/: (7, 'Failed to connect
 		- tickets
 
 -->
-<ruleset name="IsoHunt" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="IsoHunt" platform="mixedcontent" default_off="failed ruleset test">
 
 	  <target host="isohunt.com" />
 	<target host="ca.isohunt.com" />
 	<target host="www.isohunt.com" />
 
 
-	<securecookie host="^(?:.*\.)?isohunt\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	  <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Isomorphic_Software.xml b/src/chrome/content/rules/Isomorphic_Software.xml
index 25a3050ab68c..e639134521d7 100644
--- a/src/chrome/content/rules/Isomorphic_Software.xml
+++ b/src/chrome/content/rules/Isomorphic_Software.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.isomorphic.com/ => https://www.isomorphic.com/: (51, "SS
 	Cert only matches www.
 
 -->
-<ruleset name="Isomorphic Software (partial)" default_off='failed ruleset test'>
+<ruleset name="Isomorphic Software (partial)" default_off="failed ruleset test">
 
 	<target host="isomorphic.com" />
 	<target host="www.isomorphic.com" />
diff --git a/src/chrome/content/rules/Isorno.com.xml b/src/chrome/content/rules/Isorno.com.xml
index 8f77991b2628..ffe317b28f81 100644
--- a/src/chrome/content/rules/Isorno.com.xml
+++ b/src/chrome/content/rules/Isorno.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Isorno.com" default_off="self-signed">
 
 	<target host="isorno.com" />
-	<target host="*.isorno.com" />
+	<target host="www.isorno.com" />
 
 
 	<securecookie host="^\.isorno\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Ispgateway.de.xml b/src/chrome/content/rules/Ispgateway.de.xml
deleted file mode 100644
index ff56bc66b7b1..000000000000
--- a/src/chrome/content/rules/Ispgateway.de.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	(www.): refused
-
--->
-<ruleset name="ispgateway.de (partial)">
-
-	<target host="ml01.ispgateway.de" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Issuu_Aps.xml b/src/chrome/content/rules/Issuu_Aps.xml
index bbaf9f049570..463a0103b391 100644
--- a/src/chrome/content/rules/Issuu_Aps.xml
+++ b/src/chrome/content/rules/Issuu_Aps.xml
@@ -5,16 +5,11 @@
 
 		- Isu.pub.xml
 
-
-	CDN buckets:
-
-		- s3.amazonaws.com/feed.issuu.com/
-		- s3.amazonaws.com/sidebar.issuu.com/
-
-
 	Nonfunctional hosts in *issuu.com:
 
 		- help *
+    - feed *
+    - sidebar *
 
 	* Zendesk / redirects to http
 
@@ -23,7 +18,7 @@
 
 		- issuu.com
 		- .issuu.com
- 
+
 -->
 <ruleset name="Issuu.com (partial)">
 
@@ -39,9 +34,7 @@
 
 	<!--	Complications:
 				-->
-	<target host="feed.issuu.com" />
 	<target host="help.issuu.com" />
-	<target host="sidebar.issuu.com" />
 
 		<exclusion pattern="^http://help\.issuu\.com/(?!/*(?:favicon\.ico|images/|system/))" />
 
@@ -64,10 +57,6 @@
 	<!--securecookie host="^issuu\.com$" name="^experiment$" /-->
 	<!--securecookie host="^\.issuu\.com$" name="^(?:i18next|iutk)$" /-->
 
-
-	<rule from="^http://(feed|sidebar)\.issuu\.com/"
-		to="https://s3.amazonaws.com/$1.issuu.com/" />
-
 	<rule from="^http://help\.issuu\.com/"
 		to="https://issuu.zendesk.com/" />
 
diff --git a/src/chrome/content/rules/Istanbul_hs.org.xml b/src/chrome/content/rules/Istanbul_hs.org.xml
index bbb8d1001c7f..356585496cb2 100644
--- a/src/chrome/content/rules/Istanbul_hs.org.xml
+++ b/src/chrome/content/rules/Istanbul_hs.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://istanbulhs.org/ => https://istanbulhs.org/: (52, 'Empty repl
 Fetch error: http://www.istanbulhs.org/ => https://www.istanbulhs.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="istanbul hs.org" default_off='failed ruleset test'>
+<ruleset name="istanbul hs.org" default_off="failed ruleset test">
 
 	<target host="istanbulhs.org" />
 	<target host="www.istanbulhs.org" />
diff --git a/src/chrome/content/rules/Istio.io.xml b/src/chrome/content/rules/Istio.io.xml
new file mode 100644
index 000000000000..8c78698a10fa
--- /dev/null
+++ b/src/chrome/content/rules/Istio.io.xml
@@ -0,0 +1,27 @@
+<!--
+	Refused:
+		fortio-daily
+		fortio-stage
+-->
+<ruleset name="Istio.io">
+
+	<target host="istio.io" />
+	<target host="www.istio.io" />
+	<target host="archive.istio.io" />
+	<target host="discuss.istio.io" />
+	<target host="eng.istio.io" />
+	<target host="fortio.istio.io" />
+	<target host="gcsweb.istio.io" />
+		<test url="http://gcsweb.istio.io/gcs/istio-prerelease/daily-build" />
+	<target host="ibmcloud-perf.istio.io" />
+	<target host="ibmcloud-perf-grafana.istio.io" />
+	<target host="preliminary.istio.io" />
+	<target host="prow.istio.io" />
+	<target host="prow-private.istio.io" />
+	<target host="velodrome.istio.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/IsyVmon.xml b/src/chrome/content/rules/IsyVmon.xml
index 117b8097b4fa..ad5f526ddf83 100644
--- a/src/chrome/content/rules/IsyVmon.xml
+++ b/src/chrome/content/rules/IsyVmon.xml
@@ -19,4 +19,4 @@ Fetch error: http://www.isyvmon.com/ => http://www.isyvmon.com/: (28, 'Connectio
 	<rule from="^http://(?:www\.)?isyvmon\.com/(fileadmin/|index\.php\?eID=sr_freecap_captcha|(?:de/)?login\.html|typo3(?:conf|temp)?/)"
 		to="https://www.isyvmon.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ItHappens.me.xml b/src/chrome/content/rules/ItHappens.me.xml
new file mode 100644
index 000000000000..b32e3be4789e
--- /dev/null
+++ b/src/chrome/content/rules/ItHappens.me.xml
@@ -0,0 +1,11 @@
+<!--
+	See also ItHappens.ru.xml
+-->
+<ruleset name="ItHappens.me">
+	<target host="ithappens.me" />
+	<target host="www.ithappens.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ItHappens.ru.xml b/src/chrome/content/rules/ItHappens.ru.xml
new file mode 100644
index 000000000000..1c07ea3a1943
--- /dev/null
+++ b/src/chrome/content/rules/ItHappens.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	See also ItHappens.me.xml
+-->
+<ruleset name="ItHappens.ru">
+	<target host="ithappens.ru" />
+	<target host="www.ithappens.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml
index 6558c125242d..97e716ac0d67 100644
--- a/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml
+++ b/src/chrome/content/rules/Italian-Country-Cottages.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/Italien-Facile.com.xml b/src/chrome/content/rules/Italien-Facile.com.xml
new file mode 100644
index 000000000000..0ad437dae1c5
--- /dev/null
+++ b/src/chrome/content/rules/Italien-Facile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="Italien-Facile.com">
+	<target host="italien-facile.com" />
+	<target host="www.italien-facile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Itc.cn.xml b/src/chrome/content/rules/Itc.cn.xml
index 49c556abe948..67c8469c4911 100644
--- a/src/chrome/content/rules/Itc.cn.xml
+++ b/src/chrome/content/rules/Itc.cn.xml
@@ -1,15 +1,38 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://001.img.qf.56.itc.cn/ => https://001.img.qf.56.itc.cn/: (6, 'Could not resolve host: 001.img.qf.56.itc.cn')
+Fetch error: http://002.img.qf.56.itc.cn/ => https://002.img.qf.56.itc.cn/: (6, 'Could not resolve host: 002.img.qf.56.itc.cn')
+Fetch error: http://003.img.qf.56.itc.cn/ => https://003.img.qf.56.itc.cn/: (6, 'Could not resolve host: 003.img.qf.56.itc.cn')
+Fetch error: http://004.img.qf.56.itc.cn/ => https://004.img.qf.56.itc.cn/: (6, 'Could not resolve host: 004.img.qf.56.itc.cn')
+Fetch error: http://005.img.qf.56.itc.cn/ => https://005.img.qf.56.itc.cn/: (6, 'Could not resolve host: 005.img.qf.56.itc.cn')
+Fetch error: http://s0.life.itc.cn/ => https://s0.life.itc.cn/: (51, "SSL: no alternative certificate subject name matches target host name 's0.life.itc.cn'")
+
+	Mismatched:
+		i7.17173.itc.cn	http://i7.17173.itc.cn/2010/dnf/2010/11/11/jiangsu001.jpg
+		i8.17173.itc.cn	http://i8.17173.itc.cn/2010/dnf/2010/11/11/jiangsu002.jpg
+
+	Server error:
+		i7.itc.cn
+		All images on i7.itc.cn get error: The requested URL '*' was not found on this server.
+		We can get some evidence from http://tl.cibmall.net/information_weapon_shengqi_1f.html :
+		<td align="center" bgcolor="#FFFFFF"><img width="510" height="350" src="images/weapon/information_weapon_shengqi_1f_clip_image001.jpg" alt="http://i7.itc.cn/20080722/688_b196b007_b0e1_4a9f_aa02_43b211cecf96_1.jpg" /></td>
+		http://tl.cibmall.net/images/weapon/information_weapon_shengqi_1f_clip_image001.jpg should be equal to http://i7.itc.cn/20080722/688_b196b007_b0e1_4a9f_aa02_43b211cecf96_1.jpg
+		We cannot get i7.itc.cn, however, https://i0.itc.cn/20080722/688_b196b007_b0e1_4a9f_aa02_43b211cecf96_1.jpg is equal to http://tl.cibmall.net/images/weapon/information_weapon_shengqi_1f_clip_image001.jpg.
+  Nonfunctional:
+    changyan.itc.cn
+-->
 <ruleset name="Itc.cn">
-	<target host="001.img.qf.56.itc.cn" />
-	<target host="002.img.qf.56.itc.cn" />
-	<target host="003.img.qf.56.itc.cn" />
-	<target host="004.img.qf.56.itc.cn" />
-	<target host="005.img.qf.56.itc.cn" />
+	<!-- target host="001.img.qf.56.itc.cn" /-->
+	<!-- target host="002.img.qf.56.itc.cn" /-->
+	<!-- target host="003.img.qf.56.itc.cn" /-->
+	<!-- target host="004.img.qf.56.itc.cn" /-->
+	<!-- target host="005.img.qf.56.itc.cn" /-->
 	<target host="a1.itc.cn" />
 	<target host="a2.itc.cn" />
 	<target host="a3.itc.cn" />
 	<target host="a4.itc.cn" />
-	<target host="changyan.itc.cn" />
-		<test url="http://changyan.itc.cn/mdevp/extensions/cmt-box/052/images/face.png" />
 	<target host="d1.biz.itc.cn" />
 		<test url="http://d1.biz.itc.cn/q/cn/831/600831/tline2.png" />
 	<target host="d2.biz.itc.cn" />
@@ -21,13 +44,21 @@
 	<target host="s3.biz.itc.cn" />
 	<target host="s4.biz.itc.cn" />
 	<target host="i0.itc.cn" />
-		<test url="http://i0.itc.cn/20150722/333f_5f592d6d_bf6f_a4eb_5604_58592af67c98_1.jpg" />
 	<target host="i1.itc.cn" />
 	<target host="i2.itc.cn" />
 	<target host="i3.itc.cn" />
+	<target host="i4.itc.cn" />
+	<target host="i5.itc.cn" />
+	<target host="i6.itc.cn" />
+	<target host="i7.itc.cn" /><!-- Mismatched: -->
+		<test url="http://i7.itc.cn/20150722/333f_5f592d6d_bf6f_a4eb_5604_58592af67c98_1.jpg" />
+	<target host="i8.itc.cn" />
+	<target host="i9.itc.cn" />
 	<target host="kzcdn.itc.cn" />
 		<test url="http://kzcdn.itc.cn/res/skin/js/uaredirect.js" />
-	<target host="s0.life.itc.cn" />
+	<!-- target host="s0.life.itc.cn" /-->
+	<target host="img.mp.itc.cn" />
+		<test url="http://img.mp.itc.cn/upload/20170712/6e1a8d46bf5041c8a5f6fd3edb079f49_th.jpg" />
 	<target host="n1.itc.cn" />
 		<test url="http://n1.itc.cn/img8/wb/recom/2016/12/10/148130195469287749.JPEG" />
 	<target host="s1.rr.itc.cn" />
@@ -48,5 +79,7 @@
 
 	<securecookie host="^\w" name=".+" />
 
+	<rule from="^http://i7\.itc\.cn/" to="https://i0.itc.cn/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Itex.xml b/src/chrome/content/rules/Itex.xml
index bd44eff2b92c..648997d6d1f9 100644
--- a/src/chrome/content/rules/Itex.xml
+++ b/src/chrome/content/rules/Itex.xml
@@ -1,9 +1,9 @@
 <ruleset name="Itex" platform="mixedcontent">
 
 	<target host="itex.com"/>
-	<target host="*.itex.com"/>
+	<target host="www.itex.com" />
 
-	<securecookie host="^(?:.*\.)?itex\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?itex\.com/"
 		to="https://www.itex.com/"/>
diff --git a/src/chrome/content/rules/Ithenticate.com.xml b/src/chrome/content/rules/Ithenticate.com.xml
new file mode 100644
index 000000000000..ead29016ee8c
--- /dev/null
+++ b/src/chrome/content/rules/Ithenticate.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		blog.ithenticate.com
+		research.ithenticate.com
+
+	No working URL known:
+		sprint.ithenticate.com
+
+-->
+<ruleset name="Ithenticate.com">
+
+	<target host="ithenticate.com" />
+	<target host="www.ithenticate.com" />
+	<target host="api.ithenticate.com" />
+	<target host="app.ithenticate.com" />
+	<target host="crosscheck.ithenticate.com" />
+	<target host="crossref.ithenticate.com" />
+	<target host="internal.ithenticate.com" />
+	<target host="plps.ithenticate.com" />
+	<target host="sac2-app.ithenticate.com" />
+	<target host="scl-api.ithenticate.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ItsAnHonour.xml b/src/chrome/content/rules/ItsAnHonour.xml
deleted file mode 100644
index 1fa2c9af20f8..000000000000
--- a/src/chrome/content/rules/ItsAnHonour.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="It's an Honour">
-	<target host="itsanhonour.gov.au" />
-	<target host="*.itsanhonour.gov.au" />
-
-	<rule from="^http://(?:www\.)?itsanhonour\.gov\.au/"
-		to="https://www.itsanhonour.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ittisaq.com.xml b/src/chrome/content/rules/Ittisaq.com.xml
new file mode 100644
index 000000000000..680e454b3440
--- /dev/null
+++ b/src/chrome/content/rules/Ittisaq.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ittisaq.com">
+	<target host="ittisaq.com" />
+	<target host="www.ittisaq.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Iv.lt.xml b/src/chrome/content/rules/Iv.lt.xml
index 1d6b7ac21792..218dd973f12b 100644
--- a/src/chrome/content/rules/Iv.lt.xml
+++ b/src/chrome/content/rules/Iv.lt.xml
@@ -16,14 +16,18 @@
 <ruleset name="Iv.lt (partial)">
 
 	<target host="iv.lt" />
-	<target host="*.iv.lt" />
+	<target host="gedimai.iv.lt" />
+	<target host="grafika.iv.lt" />
+	<target host="klientams.iv.lt" />
+	<target host="pagalba.iv.lt" />
+	<target host="sutartys.iv.lt" />
+	<target host="www.iv.lt" />
 		<exclusion pattern="^http://pagalba\.iv\.lt/(?!images/)" />
 
 
 	<securecookie host="^klientams\.iv\.lt$" name=".+" />
 
 
-	<rule from="^http://((?:gedimai|grafika|klientams|pagalba|sutartys|www)\.)?iv\.lt/"
-		to="https://$1iv.lt/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ivarch.com.xml b/src/chrome/content/rules/Ivarch.com.xml
deleted file mode 100644
index 9f09b05a8b74..000000000000
--- a/src/chrome/content/rules/Ivarch.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="ivarch.com">
-
-	<target host="ivarch.com" />
-	<target host="www.ivarch.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ivorde.com.xml b/src/chrome/content/rules/Ivorde.com.xml
deleted file mode 100644
index 3a028944fbb0..000000000000
--- a/src/chrome/content/rules/Ivorde.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	www.ivorde.com: Mismatched
-
--->
-<ruleset name="ivorde.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ivorde.com" />
-	<target host="forum.ivorde.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.ivorde.com" />
-
-
-	<rule from="^http://www\.ivorde\.com/"
-		to="https://ivorde.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ivwbox.de.xml b/src/chrome/content/rules/Ivwbox.de.xml
index 65723a6c9889..60500fd5ae88 100644
--- a/src/chrome/content/rules/Ivwbox.de.xml
+++ b/src/chrome/content/rules/Ivwbox.de.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://([\w-]+)\.ivwbox\.de/"
 		to="https://$1.ivwbox.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ix.de.xml b/src/chrome/content/rules/Ix.de.xml
index ceb72a31e11d..52c28ac9fb11 100644
--- a/src/chrome/content/rules/Ix.de.xml
+++ b/src/chrome/content/rules/Ix.de.xml
@@ -7,7 +7,7 @@ Fetch error: http://3.f.ix.de/ => https://3.f.ix.de/: (6, 'Could not resolve hos
 	For other Heise coverage, see Heise.de.xml.
 
 -->
-<ruleset name="ix.de" default_off='failed ruleset test'>
+<ruleset name="ix.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ixbt.com.xml b/src/chrome/content/rules/Ixbt.com.xml
index 8a761e0634ce..4b0a779bbb5b 100644
--- a/src/chrome/content/rules/Ixbt.com.xml
+++ b/src/chrome/content/rules/Ixbt.com.xml
@@ -40,4 +40,4 @@
 	<target host="spot-rc.ixbt.com"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Izvestia.ru.xml b/src/chrome/content/rules/Izvestia.ru.xml
index 4ed7e4b5c3d9..4718b82292a9 100644
--- a/src/chrome/content/rules/Izvestia.ru.xml
+++ b/src/chrome/content/rules/Izvestia.ru.xml
@@ -17,7 +17,7 @@ Timeout:
 	admin.izvestia.ru
 	oauth-admin.izvestia.ru
 -->
-<ruleset name="izvestia.ru" default_off='failed ruleset test'>
+<ruleset name="izvestia.ru" default_off="failed ruleset test">
 	<target host="izvestia.ru"/>
 	<target host="www.izvestia.ru"/>
 	<target host="100.izvestia.ru"/>
diff --git a/src/chrome/content/rules/JAMA-Network.xml b/src/chrome/content/rules/JAMA-Network.xml
index 3a82d21aef61..cb2665632534 100644
--- a/src/chrome/content/rules/JAMA-Network.xml
+++ b/src/chrome/content/rules/JAMA-Network.xml
@@ -56,17 +56,27 @@
 <ruleset name="JAMA Network (partial)">
 
 	<target host="jamanetwork.com" />
-	<target host="*.jamanetwork.com" />
+	<target host="archderm.jamanetwork.com" />
+	<target host="archfaci.jamanetwork.com" />
+	<target host="archinte.jamanetwork.com" />
+	<target host="archneur.jamanetwork.com" />
+	<target host="archneurpsyc.jamanetwork.com" />
+	<target host="archopht.jamanetwork.com" />
+	<target host="archotol.jamanetwork.com" />
+	<target host="archpedi.jamanetwork.com" />
+	<target host="archsurg.jamanetwork.com" />
+	<target host="jama.jamanetwork.com" />
+	<target host="store.jamanetwork.com" />
+	<target host="www.jamanetwork.com" />
 
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^\.jamanetwork\.com$" name="^(AMA Publishing GroupMachineID|AMA_SessionId|IsMobile)$" /-->
 
-	<securecookie host="^(?:.*\.)?jamanetwork\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:arch(?:derm|faci|inte|neur|neurpsyc|opht|otol|neurpsyc|pedi|surg)|jama|store|www)\.)?jamanetwork\.com/"
-		to="https://$1jamanetwork.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JAMF_Software.com.xml b/src/chrome/content/rules/JAMF_Software.com.xml
index f25f70123c0f..e37ad99af510 100644
--- a/src/chrome/content/rules/JAMF_Software.com.xml
+++ b/src/chrome/content/rules/JAMF_Software.com.xml
@@ -1,20 +1,17 @@
-<ruleset name="JAMF Software.com (partial)">
-
+<ruleset name="JAMF_Software.com (partial)">
 	<target host="jamfnation.jamfsoftware.com" />
 	<target host="my.jamfsoftware.com" />
 	<target host="store.jamfsoftware.com" />
 	<target host="support.jamfsoftware.com" />
-		<!--
-			Dropped:
-					-->
-		<!--exclusion pattern="^http://www\.jamfsoftware\.com/" /-->
-
 
-	<!--	Not secured by server, could we secure this safely?
-									-->
-	<!--securecookie host="^\.jamfsoftware\.com$" name="^JSESSIONID$" /-->
+	<target host="*.jamfcloud.com" />
+		<test url="http://signup.jamfcloud.com/" />
+		<test url="http://jamf.jamfcloud.com/" />
+		<test url="http://hosted.jamfcloud.com/" />
 
+	<!--	Mismatched:	-->
+	<exclusion pattern="^http://content\.jamfcloud\.com/" />
+		<test url="http://content.jamfcloud.com/" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/JANET.xml b/src/chrome/content/rules/JANET.xml
index cffae37de56d..8d65a55c2afc 100644
--- a/src/chrome/content/rules/JANET.xml
+++ b/src/chrome/content/rules/JANET.xml
@@ -17,10 +17,11 @@ Fetch error: http://ja.net/ => https://www.ja.net/: (6, 'Could not resolve host:
 -->
 <ruleset name="JA.NET (partial)">
   <target host="ja.net" />
-  <target host="*.ja.net" />
+  <target host="www.ja.net" />
+  <target host="community.ja.net" />
+  <target host="networkshop.ja.net" />
 
   <rule from="^http://(?:www\.)?ja\.net/" to="https://www.ja.net/"/>
 
-	<rule from="^http://(community|networkshop)\.ja\.net/"
-		to="https://$1.ja.net/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JBoss.com.xml b/src/chrome/content/rules/JBoss.com.xml
deleted file mode 100644
index d544b789087d..000000000000
--- a/src/chrome/content/rules/JBoss.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Red Hat coverage, see RedHat.xml.
-
-
-	Problematic hosts in *jboss.com:
-
-		- download *
-		- downloads *
-
-	* Mismatched
-
--->
-<ruleset name="JBoss.com (partial)">
-
-	<target host="jboss.com" />
-	<target host="www.jboss.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JBoss.xml b/src/chrome/content/rules/JBoss.xml
index 448835dc6a8d..9853165be553 100644
--- a/src/chrome/content/rules/JBoss.xml
+++ b/src/chrome/content/rules/JBoss.xml
@@ -13,7 +13,7 @@ Fetch error: http://jboss.jboss.org/ => https://jboss.jboss.org/: (6, 'Could not
 		- issues.jboss.org
 
 -->
-<ruleset name="JBoss.org" default_off='failed ruleset test'>
+<ruleset name="JBoss.org" default_off="failed ruleset test">
 
 	<target host="jboss.org" />
 	<target host="*.jboss.org" />
diff --git a/src/chrome/content/rules/JCB.co.jp.xml b/src/chrome/content/rules/JCB.co.jp.xml
new file mode 100644
index 000000000000..84f9556a8e5d
--- /dev/null
+++ b/src/chrome/content/rules/JCB.co.jp.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.jcb.co.jp:
+
+		- renewal (m)
+		- www.saiyo (t)
+		- yutai (r)
+		- yutai-p (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="JCB.co.jp">
+	<target host="www.jcb.co.jp" />
+	<target host="faq.jcb.co.jp" />
+	<target host="faq-acq.jcb.co.jp" />
+	<target host="edm.mail.jcb.co.jp" />
+	<target host="original.jcb.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JD.com-CIties.xml b/src/chrome/content/rules/JD.com-CIties.xml
deleted file mode 100644
index 404dfd940298..000000000000
--- a/src/chrome/content/rules/JD.com-CIties.xml
+++ /dev/null
@@ -1,308 +0,0 @@
-<!--
-	Related:
-		JD.com.xml
--->
-<ruleset name="JD.com-Cities">
-	<!--	https://china.jd.com/	-->
-	<target host="abaguan.jd.com" />
-	<target host="akesu.jd.com" />
-	<target host="anhui.jd.com" />
-	<target host="ankang.jd.com" />
-	<target host="anshun.jd.com" />
-	<target host="anxiguan.jd.com" />
-	<target host="anxitea.jd.com" />
-	<target host="anyang.jd.com" />
-	<target host="baise.jd.com" />
-	<target host="banan.jd.com" />
-	<target host="baoding.jd.com" />
-	<target host="bayannaoer.jd.com" />
-	<target host="beijing.jd.com" />
-	<target host="beijingguan.jd.com" />
-	<target host="bengbu.jd.com" />
-	<target host="binzhou.jd.com" />
-	<target host="boaiguan.jd.com" />
-	<target host="cangzhou.jd.com" />
-	<target host="changbaishan.jd.com" />
-	<target host="changde.jd.com" />
-	<target host="changping.jd.com" />
-	<target host="changwu.jd.com" />
-	<target host="changxing.jd.com" />
-	<target host="changzhi.jd.com" />
-	<target host="changzhou.jd.com" />
-	<target host="chaozhou.jd.com" />
-	<target host="chengde.jd.com" />
-	<target host="chengdu.jd.com" />
-	<target host="chenpi.jd.com" />
-	<target host="chifeng.jd.com" />
-	<target host="china-henan.jd.com" />
-	<target host="chongzuoguan.jd.com" />
-	<target host="chuxiangyuan.jd.com" />
-	<target host="conghua.jd.com" />
-	<target host="dalian.jd.com" />
-	<target host="daliguan.jd.com" />
-	<target host="dameiqh.jd.com" />
-	<target host="dangshan.jd.com" />
-	<target host="danjiangkou.jd.com" />
-	<target host="daqing.jd.com" />
-	<target host="daxinganling.jd.com" />
-	<target host="deyang.jd.com" />
-	<target host="dezhou.jd.com" />
-	<target host="dltcg.jd.com" />
-	<target host="dongguan.jd.com" />
-	<target host="dongwuzhumuqin.jd.com" />
-	<target host="enshi.jd.com" />
-	<target host="enshinong.jd.com" />
-	<target host="flygoo.jd.com" />
-	<target host="fruit.jd.com" />
-	<target host="fuding.jd.com" />
-	<target host="fudingguan.jd.com" />
-	<target host="fujian.jd.com" />
-	<target host="fujianguan.jd.com" />
-	<target host="fuping.jd.com" />
-	<target host="fuyang.jd.com" />
-	<target host="fuzhou.jd.com" />
-	<target host="gannan.jd.com" />
-	<target host="ganzhou.jd.com" />
-	<target host="gaochun.jd.com" />
-	<target host="gaoyao.jd.com" />
-	<target host="gaoyou.jd.com" />
-	<target host="gaoyouguan.jd.com" />
-	<target host="guandongge.jd.com" />
-	<target host="guangxi.jd.com" />
-	<target host="guangyuan.jd.com" />
-	<target host="guigang.jd.com" />
-	<target host="guilin.jd.com" />
-	<target host="guilinguan.jd.com" />
-	<target host="guizhou.jd.com" />
-	<target host="guizhoufp.jd.com" />
-	<target host="gz.jd.com" />
-	<target host="gzguan.jd.com" />
-	<target host="haerbin.jd.com" />
-	<target host="hainan.jd.com" />
-	<target host="haixian.jd.com" />
-	<target host="hanyuanguan.jd.com" />
-	<target host="hebei.jd.com" />
-	<target host="hebeiguan.jd.com" />
-	<target host="hebiguan.jd.com" />
-	<target host="heihe.jd.com" />
-	<target host="helan.jd.com" />
-	<target host="henan.jd.com" />
-	<target host="henanguan.jd.com" />
-	<target host="hezenong.jd.com" />
-	<target host="hlbeg.jd.com" />
-	<target host="hongan.jd.com" />
-	<target host="hongyushipin.jd.com" />
-	<target host="hongze.jd.com" />
-	<target host="hongzenong.jd.com" />
-	<target host="hsdzsw.jd.com" />
-	<target host="huaibei.jd.com" />
-	<target host="huainingguan.jd.com" />
-	<target host="huaiyuan.jd.com" />
-	<target host="huanggang.jd.com" />
-	<target host="huanghekou.jd.com" />
-	<target host="huangshan.jd.com" />
-	<target host="huanxian.jd.com" />
-	<target host="huinan.jd.com" />
-	<target host="hulunbeier.jd.com" />
-	<target host="hulunbeierguan.jd.com" />
-	<target host="hunanguan.jd.com" />
-	<target host="huxian.jd.com" />
-	<target host="ishanghai.jd.com" />
-	<target host="ixian.jd.com" />
-	<target host="jdxinyi.jd.com" />
-	<target host="jiangmen.jd.com" />
-	<target host="jiangsuguan.jd.com" />
-	<target host="jiangsunong.jd.com" />
-	<target host="jiangxi.jd.com" />
-	<target host="jiaohe.jd.com" />
-	<target host="jiaoling.jd.com" />
-	<target host="jieyang.jd.com" />
-	<target host="jilin.jd.com" />
-	<target host="jingmen.jd.com" />
-	<target host="jinhuaguan.jd.com" />
-	<target host="jining.jd.com" />
-	<target host="jinjiang.jd.com" />
-	<target host="jintangguan.jd.com" />
-	<target host="js-sc.jd.com" />
-	<target host="jstcg.jd.com" />
-	<target host="kaifengguan.jd.com" />
-	<target host="kejia.jd.com" />
-	<target host="keshan.jd.com" />
-	<target host="kfguan.jd.com" />
-	<target host="kuitun.jd.com" />
-	<target host="kunming.jd.com" />
-	<target host="kunshan.jd.com" />
-	<target host="laifeng.jd.com" />
-	<target host="laishui.jd.com" />
-	<target host="laiwu.jd.com" />
-	<target host="laiyang.jd.com" />
-	<target host="langaoguan.jd.com" />
-	<target host="lankao.jd.com" />
-	<target host="lankaonong.jd.com" />
-	<target host="lanxiguan.jd.com" />
-	<target host="lasaguan.jd.com" />
-	<target host="leshanguan.jd.com" />
-	<target host="lianjiang.jd.com" />
-	<target host="liaoning.jd.com" />
-	<target host="lijiang.jd.com" />
-	<target host="lijintechan.jd.com" />
-	<target host="linshu.jd.com" />
-	<target host="linshuguan.jd.com" />
-	<target host="linyi.jd.com" />
-	<target host="lipuguan.jd.com" />
-	<target host="liyang.jd.com" />
-	<target host="longchuan.jd.com" />
-	<target host="ls-guan.jd.com" />
-	<target host="luobei.jd.com" />
-	<target host="luzhou.jd.com" />
-	<target host="luzhounong.jd.com" />
-	<target host="lvanlife.jd.com" />
-	<target host="lvjfarm.jd.com" />
-	<target host="lvshun.jd.com" />
-	<target host="lz0772.jd.com" />
-	<target host="maoming.jd.com" />
-	<target host="meizhou.jd.com" />
-	<target host="mianyang.jd.com" />
-	<target host="miyun.jd.com" />
-	<target host="mming.jd.com" />
-	<target host="nanning.jd.com" />
-	<target host="nantong.jd.com" />
-	<target host="nanyangguan.jd.com" />
-	<target host="neimenggu.jd.com" />
-	<target host="ningbo.jd.com" />
-	<target host="ningde.jd.com" />
-	<target host="ningshan.jd.com" />
-	<target host="ningxia.jd.com" />
-	<target host="nytsg.jd.com" />
-	<target host="ordos.jd.com" />
-	<target host="panjin.jd.com" />
-	<target host="panzhou.jd.com" />
-	<target host="penglai.jd.com" />
-	<target host="pengyang.jd.com" />
-	<target host="pengyangguan.jd.com" />
-	<target host="pingba.jd.com" />
-	<target host="pinggu.jd.com" />
-	<target host="pingxiang.jd.com" />
-	<target host="pingyao.jd.com" />
-	<target host="pingyin.jd.com" />
-	<target host="ptntc.jd.com" />
-	<target host="pubei.jd.com" />
-	<target host="puerguan.jd.com" />
-	<target host="putianguan.jd.com" />
-	<target host="puyang.jd.com" />
-	<target host="qianjiang.jd.com" />
-	<target host="qianxi.jd.com" />
-	<target host="qianxiguan.jd.com" />
-	<target host="qianyang.jd.com" />
-	<target host="qingchengguan.jd.com" />
-	<target host="qinghaiguan.jd.com" />
-	<target host="qingyangguan.jd.com" />
-	<target host="qingyuan.jd.com" />
-	<target host="qinhuangdao.jd.com" />
-	<target host="qitaihe.jd.com" />
-	<target host="qixian.jd.com" />
-	<target host="qybuye.jd.com" />
-	<target host="renshou.jd.com" />
-	<target host="renshouguan.jd.com" />
-	<target host="ruzhou.jd.com" />
-	<target host="sanyaguan.jd.com" />
-	<target host="sc-mall.jd.com" />
-	<target host="sdcoop.jd.com" />
-	<target host="shaanxi.jd.com" />
-	<target host="shandong.jd.com" />
-	<target host="shandonggx.jd.com" />
-	<target host="shangheguan.jd.com" />
-	<target host="shangxiguan.jd.com" />
-	<target host="shangzhiguan.jd.com" />
-	<target host="shantou.jd.com" />
-	<target host="shantounong.jd.com" />
-	<target host="shanweiguan.jd.com" />
-	<target host="shanxi.jd.com" />
-	<target host="shanxiguan.jd.com" />
-	<target host="shanxinong.jd.com" />
-	<target host="shanzhou.jd.com" />
-	<target host="shaoshan.jd.com" />
-	<target host="shaoyang.jd.com" />
-	<target host="shayang.jd.com" />
-	<target host="shexian.jd.com" />
-	<target host="shouguang.jd.com" />
-	<target host="shucheng.jd.com" />
-	<target host="sichuanguan.jd.com" />
-	<target host="sihongguan.jd.com" />
-	<target host="stntc.jd.com" />
-	<target host="sunite.jd.com" />
-	<target host="suqian.jd.com" />
-	<target host="suqianguan.jd.com" />
-	<target host="tacheng.jd.com" />
-	<target host="taian.jd.com" />
-	<target host="taihang.jd.com" />
-	<target host="tangshan.jd.com" />
-	<target host="tangxian.jd.com" />
-	<target host="tcbrand.jd.com" />
-	<target host="tianyang.jd.com" />
-	<target host="tongcheng.jd.com" />
-	<target host="tongchengguan.jd.com" />
-	<target host="tongshan.jd.com" />
-	<target host="tosine.jd.com" />
-	<target host="twfood.jd.com" />
-	<target host="wanzai.jd.com" />
-	<target host="weifang.jd.com" />
-	<target host="wuchuan.jd.com" />
-	<target host="wulong.jd.com" />
-	<target host="wuping.jd.com" />
-	<target host="wuwei.jd.com" />
-	<target host="wuxiguan.jd.com" />
-	<target host="xiajinguan.jd.com" />
-	<target host="xianguan.jd.com" />
-	<target host="xiangxiguan.jd.com" />
-	<target host="xianning.jd.com" />
-	<target host="xiantao.jd.com" />
-	<target host="xiaogan.jd.com" />
-	<target host="xilinguole.jd.com" />
-	<target host="xinghe.jd.com" />
-	<target host="xingren.jd.com" />
-	<target host="xinhui.jd.com" />
-	<target host="xiuyan.jd.com" />
-	<target host="xizang.jd.com" />
-	<target host="xjtacheng.jd.com" />
-	<target host="xjx2g.jd.com" />
-	<target host="xmnxg.jd.com" />
-	<target host="xuzhou.jd.com" />
-	<target host="yancheng.jd.com" />
-	<target host="yangjiang.jd.com" />
-	<target host="yangquan.jd.com" />
-	<target host="yangzhou.jd.com" />
-	<target host="yanhu.jd.com" />
-	<target host="yantaiguan.jd.com" />
-	<target host="yichangguan.jd.com" />
-	<target host="yichun.jd.com" />
-	<target host="yiduguan.jd.com" />
-	<target host="yinchuan.jd.com" />
-	<target host="yixianguan.jd.com" />
-	<target host="yixingguan.jd.com" />
-	<target host="yongchun.jd.com" />
-	<target host="yongzhou.jd.com" />
-	<target host="yuanan.jd.com" />
-	<target host="yuexiguan.jd.com" />
-	<target host="yulinguan.jd.com" />
-	<target host="yuncheng.jd.com" />
-	<target host="yunnan.jd.com" />
-	<target host="yunyang.jd.com" />
-	<target host="zgtcbag.jd.com" />
-	<target host="zhalantun.jd.com" />
-	<target host="zhangzhouguan.jd.com" />
-	<target host="zhanhua.jd.com" />
-	<target host="zhaoqing.jd.com" />
-	<target host="zhenan.jd.com" />
-	<target host="zhenglanqi.jd.com" />
-	<target host="zhouzhi.jd.com" />
-	<target host="zhucunren.jd.com" />
-	<target host="zhuhai.jd.com" />
-	<target host="zhumadian.jd.com" />
-	<target host="zhuxi.jd.com" />
-	<target host="zhuxig.jd.com" />
-	<target host="zixing.jd.com" />
-	<target host="zunyi.jd.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/JD.com-Cities.xml b/src/chrome/content/rules/JD.com-Cities.xml
new file mode 100644
index 000000000000..4b06ae80a25e
--- /dev/null
+++ b/src/chrome/content/rules/JD.com-Cities.xml
@@ -0,0 +1,296 @@
+<!--
+	Related:
+		JD.com.xml
+-->
+<ruleset name="JD.com-Cities">
+	<!--	https://china.jd.com/	-->
+	<target host="abaguan.jd.com" />
+	<target host="akesu.jd.com" />
+	<target host="anhui.jd.com" />
+	<target host="ankang.jd.com" />
+	<target host="anshun.jd.com" />
+	<target host="anxiguan.jd.com" />
+	<target host="anxitea.jd.com" />
+	<target host="anyang.jd.com" />
+	<target host="baise.jd.com" />
+	<target host="banan.jd.com" />
+	<target host="baoding.jd.com" />
+	<target host="bayannaoer.jd.com" />
+	<target host="beijing.jd.com" />
+	<target host="beijingguan.jd.com" />
+	<target host="bengbu.jd.com" />
+	<target host="binzhou.jd.com" />
+	<target host="boaiguan.jd.com" />
+	<target host="cangzhou.jd.com" />
+	<target host="changbaishan.jd.com" />
+	<target host="changde.jd.com" />
+	<target host="changping.jd.com" />
+	<target host="changwu.jd.com" />
+	<target host="changxing.jd.com" />
+	<target host="changzhi.jd.com" />
+	<target host="changzhou.jd.com" />
+	<target host="chaozhou.jd.com" />
+	<target host="chengde.jd.com" />
+	<target host="chengdu.jd.com" />
+	<target host="chenpi.jd.com" />
+	<target host="chifeng.jd.com" />
+	<target host="china-henan.jd.com" />
+	<target host="chongzuoguan.jd.com" />
+	<target host="chuxiangyuan.jd.com" />
+	<target host="conghua.jd.com" />
+	<target host="dalian.jd.com" />
+	<target host="daliguan.jd.com" />
+	<target host="dameiqh.jd.com" />
+	<target host="dangshan.jd.com" />
+	<target host="danjiangkou.jd.com" />
+	<target host="daqing.jd.com" />
+	<target host="daxinganling.jd.com" />
+	<target host="deyang.jd.com" />
+	<target host="dezhou.jd.com" />
+	<target host="dltcg.jd.com" />
+	<target host="dongguan.jd.com" />
+	<target host="dongwuzhumuqin.jd.com" />
+	<target host="enshi.jd.com" />
+	<target host="enshinong.jd.com" />
+	<target host="flygoo.jd.com" />
+	<target host="fruit.jd.com" />
+	<target host="fuding.jd.com" />
+	<target host="fudingguan.jd.com" />
+	<target host="fujian.jd.com" />
+	<target host="fujianguan.jd.com" />
+	<target host="fuping.jd.com" />
+	<target host="fuyang.jd.com" />
+	<target host="fuzhou.jd.com" />
+	<target host="gannan.jd.com" />
+	<target host="ganzhou.jd.com" />
+	<target host="gaochun.jd.com" />
+	<target host="gaoyou.jd.com" />
+	<target host="gaoyouguan.jd.com" />
+	<target host="guandongge.jd.com" />
+	<target host="guangxi.jd.com" />
+	<target host="guangyuan.jd.com" />
+	<target host="guigang.jd.com" />
+	<target host="guilin.jd.com" />
+	<target host="guilinguan.jd.com" />
+	<target host="guizhou.jd.com" />
+	<target host="guizhoufp.jd.com" />
+	<target host="gzguan.jd.com" />
+	<target host="haerbin.jd.com" />
+	<target host="hainan.jd.com" />
+	<target host="haixian.jd.com" />
+	<target host="hanyuanguan.jd.com" />
+	<target host="hebei.jd.com" />
+	<target host="hebeiguan.jd.com" />
+	<target host="hebiguan.jd.com" />
+	<target host="heihe.jd.com" />
+	<target host="helan.jd.com" />
+	<target host="henan.jd.com" />
+	<target host="henanguan.jd.com" />
+	<target host="hezenong.jd.com" />
+	<target host="hlbeg.jd.com" />
+	<target host="hongan.jd.com" />
+	<target host="hongyushipin.jd.com" />
+	<target host="hongze.jd.com" />
+	<target host="hongzenong.jd.com" />
+	<target host="hsdzsw.jd.com" />
+	<target host="huaibei.jd.com" />
+	<target host="huainingguan.jd.com" />
+	<target host="huaiyuan.jd.com" />
+	<target host="huanggang.jd.com" />
+	<target host="huanghekou.jd.com" />
+	<target host="huangshan.jd.com" />
+	<target host="huanxian.jd.com" />
+	<target host="huinan.jd.com" />
+	<target host="hulunbeier.jd.com" />
+	<target host="hulunbeierguan.jd.com" />
+	<target host="hunanguan.jd.com" />
+	<target host="huxian.jd.com" />
+	<target host="ishanghai.jd.com" />
+	<target host="ixian.jd.com" />
+	<target host="jdxinyi.jd.com" />
+	<target host="jiangsuguan.jd.com" />
+	<target host="jiangsunong.jd.com" />
+	<target host="jiangxi.jd.com" />
+	<target host="jiaohe.jd.com" />
+	<target host="jiaoling.jd.com" />
+	<target host="jieyang.jd.com" />
+	<target host="jilin.jd.com" />
+	<target host="jining.jd.com" />
+	<target host="jinjiang.jd.com" />
+	<target host="jintangguan.jd.com" />
+	<target host="js-sc.jd.com" />
+	<target host="jstcg.jd.com" />
+	<target host="kaifengguan.jd.com" />
+	<target host="kejia.jd.com" />
+	<target host="keshan.jd.com" />
+	<target host="kfguan.jd.com" />
+	<target host="kuitun.jd.com" />
+	<target host="kunming.jd.com" />
+	<target host="kunshan.jd.com" />
+	<target host="laifeng.jd.com" />
+	<target host="laishui.jd.com" />
+	<target host="laiwu.jd.com" />
+	<target host="laiyang.jd.com" />
+	<target host="langaoguan.jd.com" />
+	<target host="lankao.jd.com" />
+	<target host="lankaonong.jd.com" />
+	<target host="lanxiguan.jd.com" />
+	<target host="lasaguan.jd.com" />
+	<target host="leshanguan.jd.com" />
+	<target host="lianjiang.jd.com" />
+	<target host="liaoning.jd.com" />
+	<target host="lijiang.jd.com" />
+	<target host="linshu.jd.com" />
+	<target host="linshuguan.jd.com" />
+	<target host="lipuguan.jd.com" />
+	<target host="liyang.jd.com" />
+	<target host="longchuan.jd.com" />
+	<target host="ls-guan.jd.com" />
+	<target host="luobei.jd.com" />
+	<target host="luzhou.jd.com" />
+	<target host="luzhounong.jd.com" />
+	<target host="lvanlife.jd.com" />
+	<target host="lvjfarm.jd.com" />
+	<target host="lvshun.jd.com" />
+	<target host="lz0772.jd.com" />
+	<target host="maoming.jd.com" />
+	<target host="meizhou.jd.com" />
+	<target host="mianyang.jd.com" />
+	<target host="miyun.jd.com" />
+	<target host="mming.jd.com" />
+	<target host="nanning.jd.com" />
+	<target host="nantong.jd.com" />
+	<target host="neimenggu.jd.com" />
+	<target host="ningbo.jd.com" />
+	<target host="ningde.jd.com" />
+	<target host="ningshan.jd.com" />
+	<target host="ningxia.jd.com" />
+	<target host="nytsg.jd.com" />
+	<target host="ordos.jd.com" />
+	<target host="panjin.jd.com" />
+	<target host="panzhou.jd.com" />
+	<target host="penglai.jd.com" />
+	<target host="pengyang.jd.com" />
+	<target host="pengyangguan.jd.com" />
+	<target host="pingba.jd.com" />
+	<target host="pinggu.jd.com" />
+	<target host="pingxiang.jd.com" />
+	<target host="pingyao.jd.com" />
+	<target host="pingyin.jd.com" />
+	<target host="ptntc.jd.com" />
+	<target host="pubei.jd.com" />
+	<target host="puerguan.jd.com" />
+	<target host="putianguan.jd.com" />
+	<target host="puyang.jd.com" />
+	<target host="qianjiang.jd.com" />
+	<target host="qianxi.jd.com" />
+	<target host="qianxiguan.jd.com" />
+	<target host="qianyang.jd.com" />
+	<target host="qingchengguan.jd.com" />
+	<target host="qinghaiguan.jd.com" />
+	<target host="qingyangguan.jd.com" />
+	<target host="qingyuan.jd.com" />
+	<target host="qinhuangdao.jd.com" />
+	<target host="qixian.jd.com" />
+	<target host="qybuye.jd.com" />
+	<target host="renshou.jd.com" />
+	<target host="renshouguan.jd.com" />
+	<target host="ruzhou.jd.com" />
+	<target host="sc-mall.jd.com" />
+	<target host="sdcoop.jd.com" />
+	<target host="shaanxi.jd.com" />
+	<target host="shandong.jd.com" />
+	<target host="shandonggx.jd.com" />
+	<target host="shangheguan.jd.com" />
+	<target host="shangxiguan.jd.com" />
+	<target host="shangzhiguan.jd.com" />
+	<target host="shantou.jd.com" />
+	<target host="shantounong.jd.com" />
+	<target host="shanweiguan.jd.com" />
+	<target host="shanxi.jd.com" />
+	<target host="shanxiguan.jd.com" />
+	<target host="shanxinong.jd.com" />
+	<target host="shanzhou.jd.com" />
+	<target host="shaoshan.jd.com" />
+	<target host="shaoyang.jd.com" />
+	<target host="shayang.jd.com" />
+	<target host="shexian.jd.com" />
+	<target host="shouguang.jd.com" />
+	<target host="shucheng.jd.com" />
+	<target host="sichuanguan.jd.com" />
+	<target host="sihongguan.jd.com" />
+	<target host="stntc.jd.com" />
+	<target host="sunite.jd.com" />
+	<target host="suqian.jd.com" />
+	<target host="suqianguan.jd.com" />
+	<target host="tacheng.jd.com" />
+	<target host="taian.jd.com" />
+	<target host="taihang.jd.com" />
+	<target host="tangshan.jd.com" />
+	<target host="tangxian.jd.com" />
+	<target host="tcbrand.jd.com" />
+	<target host="tianyang.jd.com" />
+	<target host="tongcheng.jd.com" />
+	<target host="tongchengguan.jd.com" />
+	<target host="tongshan.jd.com" />
+	<target host="tosine.jd.com" />
+	<target host="twfood.jd.com" />
+	<target host="wanzai.jd.com" />
+	<target host="weifang.jd.com" />
+	<target host="wuchuan.jd.com" />
+	<target host="wulong.jd.com" />
+	<target host="wuping.jd.com" />
+	<target host="wuwei.jd.com" />
+	<target host="wuxiguan.jd.com" />
+	<target host="xiajinguan.jd.com" />
+	<target host="xianguan.jd.com" />
+	<target host="xiangxiguan.jd.com" />
+	<target host="xianning.jd.com" />
+	<target host="xiantao.jd.com" />
+	<target host="xiaogan.jd.com" />
+	<target host="xilinguole.jd.com" />
+	<target host="xinghe.jd.com" />
+	<target host="xingren.jd.com" />
+	<target host="xinhui.jd.com" />
+	<target host="xiuyan.jd.com" />
+	<target host="xizang.jd.com" />
+	<target host="xjtacheng.jd.com" />
+	<target host="xjx2g.jd.com" />
+	<target host="xmnxg.jd.com" />
+	<target host="xuzhou.jd.com" />
+	<target host="yancheng.jd.com" />
+	<target host="yangjiang.jd.com" />
+	<target host="yangquan.jd.com" />
+	<target host="yangzhou.jd.com" />
+	<target host="yanhu.jd.com" />
+	<target host="yantaiguan.jd.com" />
+	<target host="yichangguan.jd.com" />
+	<target host="yichun.jd.com" />
+	<target host="yiduguan.jd.com" />
+	<target host="yinchuan.jd.com" />
+	<target host="yixianguan.jd.com" />
+	<target host="yixingguan.jd.com" />
+	<target host="yongchun.jd.com" />
+	<target host="yongzhou.jd.com" />
+	<target host="yuanan.jd.com" />
+	<target host="yuexiguan.jd.com" />
+	<target host="yulinguan.jd.com" />
+	<target host="yuncheng.jd.com" />
+	<target host="yunnan.jd.com" />
+	<target host="yunyang.jd.com" />
+	<target host="zgtcbag.jd.com" />
+	<target host="zhalantun.jd.com" />
+	<target host="zhangzhouguan.jd.com" />
+	<target host="zhaoqing.jd.com" />
+	<target host="zhenan.jd.com" />
+	<target host="zhouzhi.jd.com" />
+	<target host="zhucunren.jd.com" />
+	<target host="zhuhai.jd.com" />
+	<target host="zhumadian.jd.com" />
+	<target host="zhuxi.jd.com" />
+	<target host="zhuxig.jd.com" />
+	<target host="zixing.jd.com" />
+	<target host="zunyi.jd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JD.com-Problematic.xml b/src/chrome/content/rules/JD.com-Problematic.xml
deleted file mode 100644
index b92cb1bb44c8..000000000000
--- a/src/chrome/content/rules/JD.com-Problematic.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-<!--
-	No Problem rules : JD.com.xml
--->
-
-<ruleset name="JD.com-Problematic">
-
-	<!--	myjd.crm.jd.com mismatch but equal to myjd-crm.jd.com	-->
-
-	<target host="myjd.crm.jd.com" />
-	<rule from="^http://myjd\.crm\.jd\.com/"
-		to="https://myjd-crm.jd.com/" />
-		<test url="http://myjd.crm.jd.com/misc/img/loading.gif" />
-	
-	<!--	Try to fix check error : Too many redirects:	-->
-
-	<target host="jd.com" />
-	<target host="www.jd.com" />
-	<rule from="^http://(www\.)?jd\.com/"
-		to="https://www.jd.com/" />
-		<test url="http://jd.com/allSort.aspx" />
-		<test url="http://www.jd.com/allSort.aspx" />
-
-	<target host="channel.jd.com" />
-	<exclusion pattern="^http://channel.jd.com/$" />
-	<rule from="^http://channel\.jd\.com/(.+)\.html"
-		to="https://channel.jd.com/$1.html" />
-		<test url="http://channel.jd.com/fashion.html" />
-		<test url="http://channel.jd.com/electronic.htmlv" />
-
-	<target host="acsten.jd.com" />
-	<exclusion pattern="^http://acsten.jd.com/$" />
-	<rule from="^http://acsten\.jd\.com/"
-		to="https://acsten.jd.com/" />
-		<test url="http://acsten.jd.com/" />
-		<test url="http://acsten.jd.com/static/brands/puppyoo/en/bg_521_01.jpg" />
-
-	<target host="authcode.jd.com" />
-	<exclusion pattern="^http://authcode.jd.com/$" />
-	<rule from="^http://authcode\.jd\.com/verify/image"
-		to="https://authcode.jd.com/verify/image" />
-		<test url="http://authcode.jd.com/verify/image?a=1&amp;acid=46e37f33-c280-410f-822e-3295caae06fd&amp;uid=46e37f33-c280-410f-822e-3295caae06fd&amp;yys=1425883312677" />
-
-	<target host="c-nfa.jd.com" />
-	<exclusion pattern="^http://c-nfa.jd.com/$" />
-	<rule from="^http://c-nfa\.jd\.com/.+&amp;url=//(.+)/"
-		to="https://$1/" />
-		<test url="http://c-nfa.jd.com/adclick?keyStr=z5AXFoIimt1jiDK32+w4mfTFZtF1YOC+opB7Ao37jUjDSR4ZkhdprAyoH1hPJzIvYIvzFrd2TCsHa9MPtmJJ38/q5Qih+7c1BDeh8zmM5DtHWmoByPeXmwN+vPPmAue8nPRVaxDTMvb4FGTgPthakqmhEn5VjYb//IDriB1m2VsGNejglATI3rYKcJNNinLWO8kB+sSzSS0dWVpqx287jLMnQRjLX8LeruC5DQu2wwDKXBn/4XyfZBkqZDvr0dRqsYAhmxRmBoISpVNFyZRXL4a+892nOos/0aSRnf6vbMmf9HLeDipRHAKm4vcfN+U1KKFU6qVYkYEbrR18iEkgIA==&amp;cv=2.0&amp;url=//sale.jd.com/act/o1Yagd0IiDNGc.html" />
-		<test url="http://c-nfa.jd.com/adclick?keyStr=z5AXFoIimt1jiDK32+w4mT1nRnpFpAizF+5WhO0AHkwztMovE9R5AVbwwls8hQ5kPIi3cMEhhoV6ooyGp0aJkRpamRD4zxoXfKU1fYn2dDNa4eG9P+LQ+i7XDdn0nvJzLUHKRy5AMBHgXaliXNh0TR/99MUGL/DAI9QQrj/aPDO+rjt+wmNBqathelSaHUsWvi3DP9vR6BVkUfiEtycMxl/Qae9xh2e/T9YWCueIsatyVMmKJ+LujoLlfkmAfmKTYpUboR8ciyR5H4ne31buZoYjevjHNvGqTDM3fonDawQ=&amp;cv=2.0&amp;url=//zbird.jd.com/" />
-		<test url="http://c-nfa.jd.com/adclick?keyStr=6PQwtwh0f06syGHwQVvRO5ztV98xI1kb04VWxj27qyHhTr8/YivtDmYW6ZcIZV4BhtMfyzQy3d2vyFSlAb5kvHrWjH42RUbxLhwOK41QshZHWmoByPeXmwN+vPPmAue8mmUBBv3jNBcx2P/iDtTmlnWDS2AWBitvTotLMyrh0gWj/QmG6Hzf2c4HDr/5L48+9tBUiEEIuYKGXbq9vzM2Lqy/C1Kvp7QdX/NpCflYIjVCh34pjEI9yMOFfVGi4Ym9ZZfyyAExFGwJ/7N9isOCE/th/T/WZaFB38TA49bffI3pjvqkRSOdaFeco1V1km9VcJnJ8/i4ypiBDe/7mST+Nw7Yv1DRlzva1IPuVpLUl/CoIYJKTBYHRRkT9yWbX5d8&amp;cv=2.0&amp;url=//search.jd.hk/Search?keyword=%E7%A2%A7%E7%84%B6%E5%BE%B7&amp;enc=utf-" />
-
-	<target host="ccc.jd.com" />
-	<exclusion pattern="^http://ccc.jd.com/$" />
-	<rule from="^http://ccc\.jd\.com/"
-		to="https://ccc.jd.com/" />
-		<test url="http://ccc.jd.com/" />
-		<test url="http://ccc.jd.com/cookie_check" />
-
-	<target host="item.jd.com" />
-	<exclusion pattern="^http://item.jd.com/$" />
-	<rule from="^http://item\.jd\.com/(.+)\.html"
-		to="https://item.jd.com/$1.html" />
-		<test url="http://item.jd.com/849719.html" />
-		<test url="http://item.jd.com/1856588.html" />
-
-	<target host="list.jd.com" />
-	<exclusion pattern="^http://list.jd.com/$" />
-	<rule from="^http://list\.jd\.com/(\d+)-(\d+)-(\d+)\.html"
-		to="https://list.jd.com/list.html?cat=$1,$2,$3" />
-		<test url="http://list.jd.com/652-654-831.html" />
-		<test url="http://list.jd.com/670-671-672.html" />
-		<test url="http://list.jd.com/670-671-1105.html" />
-		<test url="http://list.jd.com/670-677-679.html" />
-	<rule from="^http://list\.jd\.com/list\.html\?cat="
-		to="https://list.jd.com/list.html" />
-		<test url="http://list.jd.com/list.html?cat=652,654,831" />
-		<test url="http://list.jd.com/list.html?cat=670,671,672" />
-
-	<target host="passport.jd.com" />
-	<exclusion pattern="^http://passport.jd.com/$" />
-	<rule from="^http://passport\.jd\.com/(relay|new|paipai|uc)/"
-		to="https://passport.jd.com/$1/" />
-	<test url="http://passport.jd.com/relay/loginRelay.htm" />
-	<test url="http://passport.jd.com/new/login.aspx" />
-	<test url="http://passport.jd.com/paipai/login?token=cd78e4a78a25b0b5b0e34dd2be9661d3ac6ca47b2d76d87890d4297b07f7ff35a7993cec1bb6fdef5907b3390fd75812" />
-	<test url="http://passport.jd.com/uc/login" />
-
-	<target host="sale.jd.com" />
-	<exclusion pattern="^http://sale.jd.com/$" />
-	<rule from="^http://sale\.jd\.com/(act|app\/act|m\/act|wq\/act|mall)/(\w+)\.html"
-		to="https://sale.jd.com/$1/$2.html" />
-		<test url="http://sale.jd.com/act/2jXYua5KQMmci.html" />
-		<test url="http://sale.jd.com/act/AcTvhYHdpLOI.html" />
-		<test url="http://sale.jd.com/app/act/4KgIHXnAepzE5.html" />
-		<test url="http://sale.jd.com/m/act/L1Y2V6ERZePab4.html" />
-		<test url="http://sale.jd.com/wq/act/AoasEIgDXM.html" />
-		<test url="http://sale.jd.com/mall/2Gl1cBViAsHo.html" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JD.com.xml b/src/chrome/content/rules/JD.com.xml
index df82b9d06d03..5ca6945603e0 100644
--- a/src/chrome/content/rules/JD.com.xml
+++ b/src/chrome/content/rules/JD.com.xml
@@ -4,7 +4,6 @@
 		- 360buy.com.xml
 		- 360buyimg.com.xml
 		- Jcloud.com.xml
-		- JD.com-Problematic.xml
 		- JD.hk.xml
 
 	Nonfunctional hosts in *jd.com:
@@ -40,23 +39,15 @@
 	⁵ Reset
 	* Timeout
 
-	Problematic hosts in *jd.com:
-		- licai.bx *
-		- chat2 ³
-		- cread.e *
-		- fashion *
-		- gongyi ⁴
-		- ir *
-		- misc.jzt *
-		- nj *
-		- click.union *
-		- ccc.x *
-
-	¹ Mixed css
-	* Mismatched
-	³ Weak DHE key
-	⁴ Mixed flash
-	⁵ Mixed iframe
+	Mismatched:
+		- licai.bx
+		- cread.e
+		- fashion
+		- ir
+		- misc.jzt
+		- nj
+		- click.union
+		- ccc.x
 
 	Insecure cookies are set for these domains and hosts:
 		- .jd.com
@@ -72,63 +63,51 @@
 		- xjzt.jd.com
 		- zhaopin.jd.com
 
-	Mixed content:
-		- reg.jd.com/reg/$
-		- Flash on gongyi from player.youku.com
-		- Images, on:
-			- baby, china from tp4.sinaimg.cn *
-			- jzt from misc.jzt.jd.com
-			- me from storage.jd.com *
-			- safe from authcode.jd.com *
-		- Bugs, on:
-			- baby, china, gongyi, shouji from widget.weibo.com *
-			- zx from wpa.qq.com
-
-	* Secured by us
-
 	Redirect to www.jd.com :
 		- item.jd.com/$
 
 	Too many redirects:
-		- ^
-		- ccc
 		- group
 		- huishou
-		- list
 		- market
 		- mine
-		- sale
 		- sq
 		- storage
-		- www
-		- x
 -->
-
 <ruleset name="JD.com">
 	<!--	Directly	-->
+	<target host="jd.com" />
+	<target host="www.jd.com" />
 	<target host="7gege.jd.com" />
 	<target host="8.jd.com" />
 	<target host="acen.jd.com" />
+	<target host="acsten.jd.com" />
+		<test url="http://acsten.jd.com/static/brands/puppyoo/en/bg_521_01.jpg" />
 	<target host="act-jshop.jd.com" />
 	<target host="api-gemini.jd.com" />
 	<target host="app.jd.com" />
 	<target host="asus.jd.com" />
 	<target host="auction.jd.com" />
+	<target host="authcode.jd.com" />
+		<test url="http://authcode.jd.com/verify/image?a=1&amp;acid=46e37f33-c280-410f-822e-3295caae06fd&amp;uid=46e37f33-c280-410f-822e-3295caae06fd&amp;yys=1425883312677" />
 	<target host="autorank.jd.com" />
 	<target host="b.jd.com" />
 	<target host="baby.jd.com" />
-	<target host="baina.jd.com" />
 	<target host="baitiao.jd.com" />
 	<target host="bangong.jd.com" />
 	<target host="bao.jd.com" />
 	<target host="bk.jd.com" />
 	<target host="book.jd.com" />
-	<target host="brand.jd.com" />
+	<target host="c-nfa.jd.com" />
 	<target host="caimi.jd.com" />
 	<target host="caipiao.jd.com" />
 	<target host="card.jd.com" />
 	<target host="cart.jd.com" />
+	<target host="ccc.jd.com" />
 	<target host="cfx.jd.com" />
+	<target host="channel.jd.com" />
+		<test url="http://channel.jd.com/fashion.html" />
+		<test url="http://channel.jd.com/electronic.htmlv" />
 	<target host="chat.jd.com" />
 	<target host="china.jd.com" />
 	<target host="chongzhi.jd.com" />
@@ -143,7 +122,6 @@
 	<target host="dapeigou.jd.com" />
 	<target host="dcrz.jd.com" />
 	<target host="details.jd.com" />
-	<target host="dev.jd.com" />
 	<target host="devsmart.jd.com" />
 	<target host="diannao.jd.com" />
 	<target host="diy.jd.com" />
@@ -160,7 +138,7 @@
 	<target host="game.jd.com" />
 	<target host="gb.jd.com" />
 	<target host="gift.jd.com" />
-	<target host="go.jd.com" />
+	<target host="gongyi.jd.com" />
 	<target host="gupiao.jd.com" />
 	<target host="help.jd.com" />
 	<target host="home.jd.com" />
@@ -170,10 +148,11 @@
 	<target host="i.jd.com" />
 	<target host="im.jd.com" />
 	<target host="isale.jd.com" />
+	<target host="item.jd.com" />
+		<test url="http://item.jd.com/1856588.html" />
 	<target host="itzl.jd.com" />
 	<target host="jcm.jd.com" />
 	<target host="jd2008.jd.com" />
-	<target host="jdamii.jd.com" />
 	<target host="jdc.jd.com" />
 	<target host="jdj.jd.com" />
 	<target host="jiaofei.jd.com" />
@@ -183,14 +162,15 @@
 	<target host="jockey.jd.com" />
 	<target host="jos.jd.com" />
 	<target host="jr.jd.com" />
-	<target host="club.jr.jd.com" />
-	<target host="list.jr.jd.com" />
 	<target host="trade.jr.jd.com" />
 	<target host="vip.jr.jd.com" />
 	<target host="jrb2b.jd.com" />
 	<target host="jrclick.jd.com" />
 	<target host="jzt.jd.com" />
 	<target host="licai.jd.com" />
+	<target host="list.jd.com" />
+		<test url="http://list.jd.com/652-654-831.html" />
+		<test url="http://list.jd.com/list.html?cat=670,671,672" />
 	<target host="list-china.jd.com" />
 	<target host="liuliang.jd.com" />
 	<target host="loan.jd.com" />
@@ -218,6 +198,11 @@
 	<target host="order.jd.com" />
 	<target host="paimai.jd.com" />
 	<target host="parker.jd.com" />
+	<target host="passport.jd.com" />
+		<test url="http://passport.jd.com/relay/loginRelay.htm" />
+		<test url="http://passport.jd.com/new/login.aspx" />
+		<test url="http://passport.jd.com/paipai/login" />
+		<test url="http://passport.jd.com/uc/login" />
 	<target host="payrisk.jd.com" />
 	<target host="piao.jd.com" />
 	<target host="peijian.jd.com" />
@@ -228,6 +213,12 @@
 	<target host="red.jd.com" />
 	<target host="reg-en.jd.com" />
 	<target host="s.jd.com" />
+	<target host="sale.jd.com" />
+		<test url="http://sale.jd.com/act/2jXYua5KQMmci.html" />
+		<test url="http://sale.jd.com/app/act/4KgIHXnAepzE5.html" />
+		<test url="http://sale.jd.com/m/act/L1Y2V6ERZePab4.html" />
+		<test url="http://sale.jd.com/wq/act/AoasEIgDXM.html" />
+		<test url="http://sale.jd.com/mall/2Gl1cBViAsHo.html" />
 	<target host="search.jd.com" />
 	<target host="selected.jd.com" />
 	<target host="shuma.jd.com" />
@@ -255,10 +246,6 @@
 	<target host="what.jd.com" />
 	<target host="wl.jd.com" />
 	<target host="wqs.jd.com" />
-	<target host="wxlink.jd.com" />
-	<target host="x.jd.com" />
-		<test url="http://x.jd.com/file/images/logo.jpg" />
-		<test url="http://x.jd.com/exsites?ad_ids=111:5" />
 	<target host="xiongdi.jd.com" />
 	<target host="xjzt.jd.com" />
 	<target host="xuan.jd.com" />
@@ -267,17 +254,15 @@
 	<target host="yushou.jd.com" />
 	<target host="z.jd.com" />
 	<target host="zan.jd.com" />
-	<target host="zbbs.jd.com" />
 	<target host="zbird.jd.com" />
 	<target host="zhaopin.jd.com" />
 	<target host="zmeit.jd.com" />
 	<target host="zx.jd.com" />
 
-	<!--	品牌旗舰店 https://www.jd.com/brand.aspx	-->
+	<!-- Brand-exclusive stores (https://www.jd.com/brand.aspx) -->
 	<target host="cxmst.jd.com" />
 	<target host="d-link.jd.com" />
 	<target host="deli.jd.com" />
-	<target host="jmall.jd.com" />
 	<target host="qhtfpc.jd.com" />
 	<target host="seagate.jd.com" />
 	<target host="thinkpad.jd.com" />
diff --git a/src/chrome/content/rules/JD_Kasten.com.xml b/src/chrome/content/rules/JD_Kasten.com.xml
index 2d4f81fe6f1a..304b4190f2fe 100644
--- a/src/chrome/content/rules/JD_Kasten.com.xml
+++ b/src/chrome/content/rules/JD_Kasten.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.jdkasten.com/ => https://www.jdkasten.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jdkasten.com'")
 
 -->
-<ruleset name="JD Kasten.com" default_off='failed ruleset test'>
+<ruleset name="JD Kasten.com" default_off="failed ruleset test">
 
 	<target host="jdkasten.com" />
 	<target host="www.jdkasten.com" />
diff --git a/src/chrome/content/rules/JEDEC.com.xml b/src/chrome/content/rules/JEDEC.com.xml
index bf73ed190af8..1d7ef15dfe77 100644
--- a/src/chrome/content/rules/JEDEC.com.xml
+++ b/src/chrome/content/rules/JEDEC.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.jedec.com/ => https://www.jedec.com/: (51, "SSL: no alte
 		- .jedec.com
 
 -->
-<ruleset name="JEDEC.com" default_off='failed ruleset test'>
+<ruleset name="JEDEC.com" default_off="failed ruleset test">
 
 	<target host="jedec.com" />
 	<target host="www.jedec.com" />
diff --git a/src/chrome/content/rules/JIDE.com.xml b/src/chrome/content/rules/JIDE.com.xml
index 04775de9c131..a7c2d7abe276 100644
--- a/src/chrome/content/rules/JIDE.com.xml
+++ b/src/chrome/content/rules/JIDE.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://forum.jide.com/ => https://forum.jide.com/: (28, 'Connection
 	Non-functional subdomain:
 		- www	        (404 not found)
 -->
-<ruleset name="JIDE.com" default_off='failed ruleset test'>
+<ruleset name="JIDE.com" default_off="failed ruleset test">
 	<target host=      "jide.com" />
 	<target host="forum.jide.com" />
 	<target host=  "bbs.jide.com" />
diff --git a/src/chrome/content/rules/JISCMail.xml b/src/chrome/content/rules/JISCMail.xml
index 117c4f8e4e82..c1c151a651c5 100644
--- a/src/chrome/content/rules/JISCMail.xml
+++ b/src/chrome/content/rules/JISCMail.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://jiscmail.ac.uk/ => https://jiscmail.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'jiscmail.ac.uk'")
 
 -->
-<ruleset name="JISCMail.ac.uk" default_off='failed ruleset test'>
+<ruleset name="JISCMail.ac.uk" default_off="failed ruleset test">
 
 	<target host="jiscmail.ac.uk" />
 	<target host="www.jiscmail.ac.uk" />
diff --git a/src/chrome/content/rules/JJC.edu.xml b/src/chrome/content/rules/JJC.edu.xml
index 8bbc2d4dc6db..087af2fb62f6 100644
--- a/src/chrome/content/rules/JJC.edu.xml
+++ b/src/chrome/content/rules/JJC.edu.xml
@@ -18,7 +18,7 @@
 		- eresources
 
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- employment.jjc.edu
 		- eresources.jjc.edu
diff --git a/src/chrome/content/rules/JList.com.xml b/src/chrome/content/rules/JList.com.xml
index 8da8b8f44d0d..e033fda96739 100644
--- a/src/chrome/content/rules/JList.com.xml
+++ b/src/chrome/content/rules/JList.com.xml
@@ -1,57 +1,27 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.jlist.com/ => https://www.jlist.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
-
-	Other J-List rulesets:
-
+	Other J-List related rulesets:
 		- jbox.com.xml
 
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+		- devo.jlist.com
 
-	CDN buckets:
-
-		- s3.amazonaws.com/images3.jlist.com/
-		- jlist-images.s3.amazonaws.com
-		- d1ct5r26oaip1n.cloudfront.net
-
-
-	Nonfunctional hosts in *jlist.com:
-
-		- feeds ᵃ
-
-	ᵃ Shows ^jlist.com
-
-
-	Insecure cookies are set for these domains:
-
-		- .jlist.com
-
+		Incomplete certificate chain error:
+		- devo2.jlist.com
 -->
-<ruleset name="JList.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="JList.com">
 	<target host="jlist.com" />
-	<target host="support.jlist.com" />
 	<target host="www.jlist.com" />
+	<target host="blog.jlist.com" />
+	<target host="company.jlist.com" />
+	<target host="help.jlist.com" />
+	<target host="mail.jlist.com" />
+	<target host="sendy.jlist.com" />
+	<target host="senpai.jlist.com" />
+	<target host="status.jlist.com" />
+	<target host="support.jlist.com" />
 
-	<!--	Complications:
-				-->
-	<target host="images3.jlist.com" />
-
-
-	<!--	not secured by server:
-					-->
-	<!--securecookie host="^\.jlist\.com$" name="^(?:\d+jlist1|affiliateplus_account_code_1|affiliateplus_map_index|frontend|store)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-	<securecookie host="^\." name="^(?:affiliateplus_account_code_1|affiliateplus_map_index|frontend)$" />
-
-
-	<rule from="^http://images3\.jlist\.com/"
-		to="https://s3.amazonaws.com/images3.jlist.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JML_Direct.com.xml b/src/chrome/content/rules/JML_Direct.com.xml
index 1663e7e55815..f39a3cad01f2 100644
--- a/src/chrome/content/rules/JML_Direct.com.xml
+++ b/src/chrome/content/rules/JML_Direct.com.xml
@@ -21,10 +21,10 @@ Fetch error: http://jmldirect.uat.venda.com/ => http://jmldirect.uat.venda.com/:
 	* Secured by us
 
 -->
-<ruleset name="JML Direct.com" default_off='failed ruleset test'>
+<ruleset name="JML Direct.com" default_off="failed ruleset test">
 
 	<target host="jmldirect.com" />
-	<target host="*.jmldirect.com" />
+	<target host="www.jmldirect.com" />
 	<target host="jmldirect.uat.venda.com" />
 
 
diff --git a/src/chrome/content/rules/JPCSP.org.xml b/src/chrome/content/rules/JPCSP.org.xml
new file mode 100644
index 000000000000..03b917bf66b8
--- /dev/null
+++ b/src/chrome/content/rules/JPCSP.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="JPCSP.org">
+	<target host="jpcsp.org" />
+	<target host="www.jpcsp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JRES.org.xml b/src/chrome/content/rules/JRES.org.xml
index 0b45d6b62ee6..9eb5dc50f40b 100644
--- a/src/chrome/content/rules/JRES.org.xml
+++ b/src/chrome/content/rules/JRES.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://archives.jres.org/ => https://archives.jres.org/: (60, 'SSL
 		- www
 
 -->
-<ruleset name="JRES.org" default_off='failed ruleset test'>
+<ruleset name="JRES.org" default_off="failed ruleset test">
 
 	<target host="archives.jres.org" />
 	<target host="www.jres.org" />
diff --git a/src/chrome/content/rules/JREast.co.jp.xml b/src/chrome/content/rules/JREast.co.jp.xml
new file mode 100644
index 000000000000..db98bb31108a
--- /dev/null
+++ b/src/chrome/content/rules/JREast.co.jp.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Site uses weak encryption:
+		- jbfile.jreast.co.jp
+		- shukkou-kinmu.jreast.co.jp
+-->
+<ruleset name="JREast.co.jp">
+	<target host="www.jreast.co.jp" />
+	<target host="www.lings.jreast.co.jp" />
+	<target host="mainteweb.jreast.co.jp" />
+	<target host="origin2-www.jreast.co.jp" />
+	<target host="traininfo.jreast.co.jp" />
+	<test url="http://traininfo.jreast.co.jp/train_info/e/kanto.aspx" />
+	<target host="www.remsext.jreast.co.jp" />
+	<target host="voice2.jreast.co.jp" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JS.org.xml b/src/chrome/content/rules/JS.org.xml
index 7742cf4fbe21..1bd6855c4d7b 100644
--- a/src/chrome/content/rules/JS.org.xml
+++ b/src/chrome/content/rules/JS.org.xml
@@ -2,7 +2,7 @@
 	See https://github.com/js-org/dns.js.org/blob/master/cnames_active.js for JS.org subdomain list.
 
 	Mismatched hosts in js.org*:
-	
+
 		- 101
 		- 7anshuai
 		- 8art
diff --git a/src/chrome/content/rules/JSBi.org.xml b/src/chrome/content/rules/JSBi.org.xml
index 9aaaf421e8e2..54f8de8e7547 100644
--- a/src/chrome/content/rules/JSBi.org.xml
+++ b/src/chrome/content/rules/JSBi.org.xml
@@ -2,7 +2,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="JSBi.org" default_off="missing certificate chain">
+<ruleset name="JSBi.org" default_off="cert-chain">
 
 	<target host="jsbi.org" />
 	<target host="www.jsbi.org" />
diff --git a/src/chrome/content/rules/JSON-Schema.org.xml b/src/chrome/content/rules/JSON-Schema.org.xml
new file mode 100644
index 000000000000..43f54afecee8
--- /dev/null
+++ b/src/chrome/content/rules/JSON-Schema.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		www.json-schema.org
+-->
+<ruleset name="JSON-Schema.org">
+	<target host="json-schema.org" />
+	<target host="www.json-schema.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.json-schema\.org/" to="https://json-schema.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JSXC.org.xml b/src/chrome/content/rules/JSXC.org.xml
new file mode 100644
index 000000000000..c7f4aa4457d5
--- /dev/null
+++ b/src/chrome/content/rules/JSXC.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="JSXC.org">
+	<target host="jsxc.org" />
+	<target host="www.jsxc.org" />
+	<target host="dl.jsxc.org" />
+	<target host="xmpp.jsxc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JUA.com.xml b/src/chrome/content/rules/JUA.com.xml
index 5385232e4eab..c1819c7b80dc 100644
--- a/src/chrome/content/rules/JUA.com.xml
+++ b/src/chrome/content/rules/JUA.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://jua.com/ => https://www.jua.com/: (51, "SSL: no alternative
 		- www.jua.com
 
 -->
-<ruleset name="JUA.com" default_off='failed ruleset test'>
+<ruleset name="JUA.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/JUCY-New-Zealand.xml b/src/chrome/content/rules/JUCY-New-Zealand.xml
index 729434d70c22..4d439edf0085 100644
--- a/src/chrome/content/rules/JUCY-New-Zealand.xml
+++ b/src/chrome/content/rules/JUCY-New-Zealand.xml
@@ -14,7 +14,7 @@ Fetch error: http://jucy.co.nz/ => https://jucy.co.nz/: (51, "SSL: no alternativ
 
 	¹ Hostname mismatch
 -->
-<ruleset name="JUCY New Zealand" default_off='failed ruleset test'>
+<ruleset name="JUCY New Zealand" default_off="failed ruleset test">
 	<target host=         "jucy.co.nz" />
 	<target host=     "www.jucy.co.nz" />
 	<target host="bookings.jucy.co.nz" />
diff --git a/src/chrome/content/rules/JUKI.xml b/src/chrome/content/rules/JUKI.xml
index 17fe44161683..5b58ab1e9c89 100644
--- a/src/chrome/content/rules/JUKI.xml
+++ b/src/chrome/content/rules/JUKI.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JULAC.org.xml b/src/chrome/content/rules/JULAC.org.xml
new file mode 100644
index 000000000000..7fc41f4f3bbc
--- /dev/null
+++ b/src/chrome/content/rules/JULAC.org.xml
@@ -0,0 +1,11 @@
+<!--
+	The Joint University Librarians Advisory Committee (JULAC)
+-->
+<ruleset name="JULAC.org">
+	<target host="julac.org" />
+	<target host="www.julac.org" />
+	<target host="hkall.julac.org" />
+	<target host="hkcan.julac.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JWChat.org.xml b/src/chrome/content/rules/JWChat.org.xml
index c8ac63c7da34..c397259d44c8 100644
--- a/src/chrome/content/rules/JWChat.org.xml
+++ b/src/chrome/content/rules/JWChat.org.xml
@@ -4,7 +4,7 @@
 	* See https://whatsmychaincert.com
 
 -->
-<ruleset name="JWChat.org" default_off="missing certificate chain">
+<ruleset name="JWChat.org" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/JXT.net.au.xml b/src/chrome/content/rules/JXT.net.au.xml
index ce378fd75196..f3159600c79f 100644
--- a/src/chrome/content/rules/JXT.net.au.xml
+++ b/src/chrome/content/rules/JXT.net.au.xml
@@ -9,4 +9,4 @@ Fetch error: http://images.jxt.net.au/ => https://images.jxt.net.au/: (60, 'SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/J_Deslippe.com.xml b/src/chrome/content/rules/J_Deslippe.com.xml
index 7fc02614034e..a499d9be57ed 100644
--- a/src/chrome/content/rules/J_Deslippe.com.xml
+++ b/src/chrome/content/rules/J_Deslippe.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.jdeslippe.com/ => https://www.jdeslippe.com/: (35, 'Unkn
 	^: mismatched, CN: jdeslip.com
 
 -->
-<ruleset name="J Deslippe.com" default_off='failed ruleset test'>
+<ruleset name="J Deslippe.com" default_off="failed ruleset test">
 
 	<target host="jdeslippe.com" />
 	<target host="www.jdeslippe.com" />
diff --git a/src/chrome/content/rules/JabRef.org.xml b/src/chrome/content/rules/JabRef.org.xml
new file mode 100644
index 000000000000..7e3329847725
--- /dev/null
+++ b/src/chrome/content/rules/JabRef.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Connection refused:
+		- imap
+		- ipv6
+		- mysql
+		- pop
+		- smtp
+-->
+<ruleset name="JabRef.org">
+	<target host="jabref.org" />
+	<target host="www.jabref.org" />
+	<target host="abbrv.jabref.org" />
+	<target host="blog.jabref.org" />
+	<target host="builds.jabref.org" />
+	<target host="code.jabref.org" />
+	<target host="contribute.jabref.org" />
+	<target host="discourse.jabref.org" />
+	<target host="donations.jabref.org" />
+	<target host="downloads.jabref.org" />
+	<target host="files.jabref.org" />
+	<target host="help.jabref.org" />
+	<target host="jabcon.jabref.org" />
+	<target host="jstyles.jabref.org" />
+	<target host="layouts.jabref.org" />
+	<target host="manuals.jabref.org" />
+	<target host="translate.jabref.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JabbR.net.xml b/src/chrome/content/rules/JabbR.net.xml
index fba2dceb109c..8899cb01c721 100644
--- a/src/chrome/content/rules/JabbR.net.xml
+++ b/src/chrome/content/rules/JabbR.net.xml
@@ -6,10 +6,9 @@ Fetch error: http://jabbr.net/ => https://jabbr.net/: (51, "SSL: no alternative
 	www doesn't exist.
 
 -->
-<ruleset name="JabbR.net" default_off='failed ruleset test'>
+<ruleset name="JabbR.net" default_off="failed ruleset test">
 
 	<target host="jabbr.net" />
-	<target host="*.jabbr.net" />
 
 
 	<!--	Not secured by server:
@@ -20,7 +19,6 @@ Fetch error: http://jabbr.net/ => https://jabbr.net/: (51, "SSL: no alternative
 	<securecookie host="^\.?jabbr\.net$" name=".+" />
 
 
-	<rule from="^http://jabbr\.net/"
-		to="https://jabbr.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jabber.org.uk.xml b/src/chrome/content/rules/Jabber.org.uk.xml
index 55d298f1e20a..24f1fc232dd0 100644
--- a/src/chrome/content/rules/Jabber.org.uk.xml
+++ b/src/chrome/content/rules/Jabber.org.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://jabber.org.uk/ => https://jabber.org.uk/: (7, 'Failed to connect to jabber.org.uk port 443: Connection refused')
 
 -->
-<ruleset name="jabber.org.uk" default_off='failed ruleset test'>
+<ruleset name="jabber.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Jack_Imaging.com.xml b/src/chrome/content/rules/Jack_Imaging.com.xml
index d21b236a6b0f..2bdf03dc6057 100644
--- a/src/chrome/content/rules/Jack_Imaging.com.xml
+++ b/src/chrome/content/rules/Jack_Imaging.com.xml
@@ -12,7 +12,9 @@
 <ruleset name="Jack Imaging.com">
 
 	<target host="jackimaging.com" />
-	<target host="*.jackimaging.com" />
+	<target host="beta.jackimaging.com" />
+	<target host="www.jackimaging.com" />
+	<target host="cdn.jackimaging.com" />
 
 
 	<rule from="^http://(?:beta\.|www\.)?jackimaging\.com/"
diff --git a/src/chrome/content/rules/Jacks_Fetish_Tube.xml b/src/chrome/content/rules/Jacks_Fetish_Tube.xml
index aa77567e0e7e..6596e59392b8 100644
--- a/src/chrome/content/rules/Jacks_Fetish_Tube.xml
+++ b/src/chrome/content/rules/Jacks_Fetish_Tube.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jackson_Sun.xml b/src/chrome/content/rules/Jackson_Sun.xml
index 33e7cb957490..a6cf964afb5e 100644
--- a/src/chrome/content/rules/Jackson_Sun.xml
+++ b/src/chrome/content/rules/Jackson_Sun.xml
@@ -11,7 +11,8 @@
 <ruleset name="The Jackson Sun (partial)">
 
 	<target host="jacksonsun.com" />
-	<target host="*.jacksonsun.com" />
+	<target host="cmsimg.jacksonsun.com" />
+	<target host="www.jacksonsun.com" />
 
 
 	<rule from="^http://(?:cmsimg\.|www\.)?jacksonsun\.com/"
diff --git a/src/chrome/content/rules/Jacksonville.com.xml b/src/chrome/content/rules/Jacksonville.com.xml
deleted file mode 100644
index e85334d46fb2..000000000000
--- a/src/chrome/content/rules/Jacksonville.com.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<!--
-	CDN buckets:
-
-		- img1.lamp3.groupz.net
-
-			- static.jacksonville.com
-
-		- rptvirt.morris.com
-
-			- rpt2.homes.jacksonville.com
-
-		- photos.mycapture.com/JAXF/
-
-
-	Nonfunctional domains:
-
-		- (www.)firstcoastphotos.com *
-
-		- jacksonville.com subdomains:
-
-			- (www.) *
-			- autos *
-			- class *
-			- homes *
-			- rpt2.homes **
-			- jobs *
-			- members *
-			- news *
-			- photos *
-			- static **
-
-		- jax-cdn.com *
-
-	* Refused
-	** Dropped
-
-
-	Problematic subdomains:
-
-		- dailydeals	(works; mismatched, CN: *.upickem.net)
-
-
-	Fully covered subdomains:
-
-		- sec
-
-
-	Mixed image on sec from wikijax.com
-
--->
-<ruleset name="Jacksonville.com (partial)">
-
-	<target host="*.jacksonville.com" />
-
-
-	<!--	Tracking cookies;
-					-->
-	<securecookie host="^\.jacksonville\.com$" name="(?:_chartbeat2|cX_\w|ppRef|ppThirdPartyCookieFound|s_\w+|utag_main)" />
-
-
-	<rule from="^http://sec\.jacksonville\.com/"
-		to="https://sec.jacksonville.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Jacqueline_Gold.xml b/src/chrome/content/rules/Jacqueline_Gold.xml
index b7668212ad09..0c74652a471c 100644
--- a/src/chrome/content/rules/Jacqueline_Gold.xml
+++ b/src/chrome/content/rules/Jacqueline_Gold.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?jacquelinegold\.com/"
 		to="https://www.jacquelinegold.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jaim.at.xml b/src/chrome/content/rules/Jaim.at.xml
index 89a2a280dc53..d424283622d5 100644
--- a/src/chrome/content/rules/Jaim.at.xml
+++ b/src/chrome/content/rules/Jaim.at.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://jaim.at/ => https://jaim.at/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Jaim.at" default_off='failed ruleset test'>
+<ruleset name="Jaim.at" default_off="failed ruleset test">
 
 	<target host="jaim.at" />
 	<target host="www.jaim.at" />
diff --git a/src/chrome/content/rules/Jalopnik.com.xml b/src/chrome/content/rules/Jalopnik.com.xml
deleted file mode 100644
index fca2513147d4..000000000000
--- a/src/chrome/content/rules/Jalopnik.com.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	Problematic hosts in *jalopnik.com:
-
-		- cache *
-
-	* Mismatched, CN: *.a.ssl.fastly.net
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- jalopnik.com
-		- (column_name).jalopnik.com
-		- www.jalopnik.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Ads / bugs on ^, (column_name) from sb.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Jalopnik.com">
-
-	<target host="jalopnik.com" />
-	<target host="*.jalopnik.com" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}jalopnik\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.jalopnik.com/" />
-			<test url="http://exist.not.jalopnik.com/" />
-
-		<!--	Direct rewrites:
-					-->
-		<test url="http://blackflag.jalopnik.com/" />
-		<test url="http://foxtrotalpha.jalopnik.com/" />
-		<test url="http://lanesplitter.jalopnik.com/" />
-		<test url="http://oppositelock.jalopnik.com/" />
-		<test url="http://thegarage.jalopnik.com/" />
-		<test url="http://www.jalopnik.com/" />
-
-		<!--	Complications:
-					-->
-		<test url="http://cache.jalopnik.com/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?jalopnik\.com$" name="^geocc$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://cache\.jalopnik\.com/"
-		to="https://cache.gawkerassets.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JamPlay.xml b/src/chrome/content/rules/JamPlay.xml
index e347a2ac7662..27b0e0021a8b 100644
--- a/src/chrome/content/rules/JamPlay.xml
+++ b/src/chrome/content/rules/JamPlay.xml
@@ -2,4 +2,4 @@
     <target host="account.jamplay.com" />
 
     <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jamalon.com.xml b/src/chrome/content/rules/Jamalon.com.xml
new file mode 100644
index 000000000000..0bf24125dbc1
--- /dev/null
+++ b/src/chrome/content/rules/Jamalon.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Jamalon.com">
+	<target host="jamalon.com" />
+	<target host="www.jamalon.com" />
+	<target host="cdn.jamalon.com" />
+	<target host="express.jamalon.com" />
+	<target host="performance.jamalon.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jamendo.com.xml b/src/chrome/content/rules/Jamendo.com.xml
index ee75b120ec9d..e3ee07f562a5 100644
--- a/src/chrome/content/rules/Jamendo.com.xml
+++ b/src/chrome/content/rules/Jamendo.com.xml
@@ -1,46 +1,15 @@
 <!--
-	Nonfunctional hosts in *jamendo.com:
-
-		- blog *
-		- forum *
-
-	* Refused
-
-
-	Fully covered hosts in *jamendo.com:
-
-		- (www.)?
-		- artists
-		- artistscorner
-		- developer
-		- devportal
-		- imgjam1
-		- imgjam2
-		- licensing
-		- pro
-		- widgets
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .jamendo.com
-		- devportal.jamendo.com
-		- .artists.jamendo.com
-		- .developer.jamendo.com
-		- .licensing.jamendo.com
-		- .widgets.jamendo.com
-		- .www.jamendo.com
-
+	Non-functional hosts
+		Different content:
+		- blog.jamendo.com
 -->
 <ruleset name="Jamendo.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
 	<target host="jamendo.com" />
 	<target host="artists.jamendo.com" />
 	<target host="artistscorner.jamendo.com" />
 	<target host="developer.jamendo.com" />
 	<target host="devportal.jamendo.com" />
+	<target host="forum.jamendo.com" />
 	<target host="imgjam1.jamendo.com" />
 	<target host="imgjam2.jamendo.com" />
 	<target host="licensing.jamendo.com" />
@@ -48,18 +17,7 @@
 	<target host="widgets.jamendo.com" />
 	<target host="www.jamendo.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.jamendo\.com$" name="^jamsession$" /-->
-	<!--securecookie host="^\.(?:artists|developer|licensing|widgets|www)\.jamendo\.com$" name="^(jamlanŋ|jamloc)$" /-->
-	<!--securecookie host="^devportal\.jamendo\.com$" name="^_system_session$" /-->
-	<!--securecookie host="^\.licensing\.jamendo\.com$" name="^jamcart$" /-->
-
-	<securecookie host="^\.?(?:(?:artists|developer|devportal|licensing|widgets|www)\.)?jamendo\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jamendo.xml b/src/chrome/content/rules/Jamendo.xml
deleted file mode 100644
index 7989f37045d7..000000000000
--- a/src/chrome/content/rules/Jamendo.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Jamendo (partial)">
-
-	<target host="cdn.imgjam.com" />
-
-	<rule from="^http://cdn\.imgjam\.com/"
-		to="https://s3.amazonaws.com/imgcdn.jamendo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JamesVillas.co.uk.xml b/src/chrome/content/rules/JamesVillas.co.uk.xml
index 2cc17fdae573..96de1e0f29a3 100644
--- a/src/chrome/content/rules/JamesVillas.co.uk.xml
+++ b/src/chrome/content/rules/JamesVillas.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
diff --git a/src/chrome/content/rules/Jamie-Oliver.xml b/src/chrome/content/rules/Jamie-Oliver.xml
index 48a960d7d9d9..cd26e8672b57 100644
--- a/src/chrome/content/rules/Jamie-Oliver.xml
+++ b/src/chrome/content/rules/Jamie-Oliver.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.jamieoliver.com/ => https://www.jamieoliver.com/: Too ma
 	c466531.ssl.cf0.rackcdn.com
 
 -->
-<ruleset name="Jamie Oliver" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Jamie Oliver" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="jamieoliver.com" />
 	<target host="www.jamieoliver.com" />
diff --git a/src/chrome/content/rules/Jammerbugt.dk-mixedcontent.xml b/src/chrome/content/rules/Jammerbugt.dk-mixedcontent.xml
deleted file mode 100644
index 1f7925d14132..000000000000
--- a/src/chrome/content/rules/Jammerbugt.dk-mixedcontent.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	Main ruleset file: Jammerbugt.dk.xml
-
-	For the rules below, the dropdown menues give rise
-	to mixed content errors.
--->
-<ruleset name="Jammerbugt.dk (mixed content)" platform="mixedcontent">
-	<target host="jammerbugt.dk" />
-	<target host="www.jammerbugt.dk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Jammerbugt.dk.xml b/src/chrome/content/rules/Jammerbugt.dk.xml
index a811dc9a46da..3e2d75a916e3 100644
--- a/src/chrome/content/rules/Jammerbugt.dk.xml
+++ b/src/chrome/content/rules/Jammerbugt.dk.xml
@@ -1,14 +1,14 @@
 <!--
 	Problematic subdomains:
-		- ^ ¹
-		- www ¹
-		. kort ²
+		. helhedsplan17 ¹
 
-	¹: Mixed content. Covered instead in Jammerbugt.dk-mixedcontent.xml
-	²: Handshake failed
+	¹: Handshake failed
 -->
 <ruleset name="Jammerbugt.dk">
+	<target host="jammerbugt.dk" />
+	<target host="www.jammerbugt.dk" />
 	<target host="jobcenter.jammerbugt.dk" />
+	<target host="kort.jammerbugt.dk" />
 	<target host="sommerkunstskolen.jammerbugt.dk" />
 	<target host="tryk.jammerbugt.dk" />
 
diff --git a/src/chrome/content/rules/JanRain.xml b/src/chrome/content/rules/JanRain.xml
index cfd8c15bbb64..fd6847c03c94 100644
--- a/src/chrome/content/rules/JanRain.xml
+++ b/src/chrome/content/rules/JanRain.xml
@@ -1,57 +1,25 @@
 <!--
 	Other JanRain rulesets:
+		+ JanRainCapture.com.xml
+		+ RPXNow.com.xml
 
-		- RPXNow.com.xml
-
-
-	Buckets at:
-
-		- s3.amazonaws.com/capture-cdn/
-
-			- Equivalent to d7v0k4dt27zlp.cloudfront.net
-
-		- s3.amazonaws.com/janrain.quilt/
-
-			- Equivalent to d3hmp0045zy3cs.cloudfront.net
-
-		- s3.amazonaws.com/janrain.ui/
-
-
-	Nonfunctional:
-
-		- janrain.andculture.cc ¹
-		- (www.)janrain.com ²
-		- developers.janrain.com ²
-
-	¹ Shows Hatchbck Web "Launching soon" page over https
-	² Dropped
+	Non-functional hosts om *.janrain.com
+		Couldn't connect to server:
+		- janrain.com
 
+		SSL peer certificate was not OK:
+		- developers.janrain.com
+		- cdn.quilt.janrain.com
 -->
-<ruleset name="JanRain (partial)">
-
-	<target host="*.janrain.com" />
-	<target host="janraincapture.com" />
-	<target host="*.janraincapture.com" />
-
-
-	<securecookie host="^(?:community|support)\.janrain\.com$" name=".+" />
-	<securecookie host="^dashboard-login\.janraincapture\.com$" name=".+" />
-
-
-	<rule from="^http://(community|(?:dashboard-)?login|support)\.janrain\.com/"
-		to="https://$1.janrain.com/" />
-
-	<!--	Cert is for (*.)actonsoftware.com
-
-		Example: info.janrain.com/acton/attachment/1205/f-0005/0/-/-/-/-/file.pdf
-						-->
-	<rule from="^http://info\.janrain\.com/"
-		to="https://actonsoftware.com/" />
-
-	<rule from="^http://cdn\.quilt\.janrain\.com/"
-		to="https://s3.amazonaws.com/janrain.quilt/" />
+<ruleset name="JanRain.com">
+	<target host="community.janrain.com" />
+	<target host="dashboard.janrain.com" />
+	<target host="info.janrain.com" />
+	<target host="login.janrain.com" />
+	<target host="support.janrain.com" />
+	<target host="www.janrain.com" />
 
-	<rule from="^http://(dashboard-login\.|www\.)?janraincapture\.com/"
-		to="https://$1janraincapture.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JanRainCapture.com.xml b/src/chrome/content/rules/JanRainCapture.com.xml
new file mode 100644
index 000000000000..e8205f1f0213
--- /dev/null
+++ b/src/chrome/content/rules/JanRainCapture.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="JanRainCapture.com">
+	<target host="janraincapture.com" />
+	<target host="www.janraincapture.com" />
+	<target host="dashboard-login.janraincapture.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Janalta.com.xml b/src/chrome/content/rules/Janalta.com.xml
index 829f2842cd55..ea06b97df612 100644
--- a/src/chrome/content/rules/Janalta.com.xml
+++ b/src/chrome/content/rules/Janalta.com.xml
@@ -8,7 +8,6 @@
 
 	Fully covered subdomains:
 
-		- ftp.amazonweb1
 		- cdn		(→ d2hcl8anv7xxg0.cloudfront.net)
 		- www
 
@@ -26,17 +25,10 @@
 
 -->
 <ruleset name="Janalta.com">
+	<target host="www.janalta.com" />
+	<target host="cdn2.janalta.com" />
 
-	<target host="*.janalta.com" />
-
-
-	<securecookie host="^(?:ftp\.amazonweb1|www)\.janalta\.com$" name=".+" />
-
-
-	<rule from="^http://(ftp\.amazonweb1|www)\.janalta\.com/"
-		to="https://$1.janalta.com/" />
-
-	<rule from="^http://cdn2\.janalta\.com/"
-		to="https://d2hcl8anv7xxg0.cloudfront.net/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JapanAirlines.xml b/src/chrome/content/rules/JapanAirlines.xml
deleted file mode 100644
index bbfe8e09c338..000000000000
--- a/src/chrome/content/rules/JapanAirlines.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Japan Airlines">
-  <target host="jal.co.jp" />
-  <target host="www.jal.co.jp" />
-
-  <rule from="^http://(?:www\.)?jal\.co\.jp/"
-          to="https://www.jal.co.jp/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/JapanTimes.co.jp.xml b/src/chrome/content/rules/JapanTimes.co.jp.xml
index 78611a8e6e58..2f872f9083ee 100644
--- a/src/chrome/content/rules/JapanTimes.co.jp.xml
+++ b/src/chrome/content/rules/JapanTimes.co.jp.xml
@@ -52,7 +52,7 @@ Fetch error: http://weekly.japantimes.co.jp/ => https://weekly.japantimes.co.jp/
 			 - club.japantimes.co.jp
 			 - spelling-bee.japantimes.co.jp
 -->
-<ruleset name="The Japan Times (partial)" default_off='failed ruleset test'>
+<ruleset name="The Japan Times (partial)" default_off="failed ruleset test">
 	<target host="japantimes.co.jp" />
 	<target host="awsadmin.japantimes.co.jp" />
 	<target host="form.japantimes.co.jp" />
diff --git a/src/chrome/content/rules/Japanese-Communist-Party.xml b/src/chrome/content/rules/Japanese-Communist-Party.xml
new file mode 100644
index 000000000000..a753fac26f2e
--- /dev/null
+++ b/src/chrome/content/rules/Japanese-Communist-Party.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- hd
+		- mail
+		- ptv
+		- www.ptv
+-->
+<ruleset name="Japanese Communist Party">
+	<target host="jcp.or.jp" />
+	<target host="www.jcp.or.jp" />
+
+	<rule from="^http://jcp\.or\.jp/" to="https://www.jcp.or.jp/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Japias.jp.xml b/src/chrome/content/rules/Japias.jp.xml
deleted file mode 100644
index 2a1b54aa5bb6..000000000000
--- a/src/chrome/content/rules/Japias.jp.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	(www.): shows webcon
-
--->
-<ruleset name="Japias.jp (partial)">
-
-	<target host="webcon.japias.jp" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jappix.xml b/src/chrome/content/rules/Jappix.xml
index 3dbde3fd7f99..a66e3ff96fdc 100644
--- a/src/chrome/content/rules/Jappix.xml
+++ b/src/chrome/content/rules/Jappix.xml
@@ -24,7 +24,7 @@ Fetch error: http://jappix.com/ => https://jappix.com/: (51, "SSL: no alternativ
 		- websocket
 
 -->
-<ruleset name="Jappix (partial)" default_off='failed ruleset test'>
+<ruleset name="Jappix (partial)" default_off="failed ruleset test">
 
 	<target host="jappix.com" />
 	<target host="*.jappix.com" />
diff --git a/src/chrome/content/rules/Jarian_Gibson.com.xml b/src/chrome/content/rules/Jarian_Gibson.com.xml
index ffd290c5095a..4fe702d5def5 100644
--- a/src/chrome/content/rules/Jarian_Gibson.com.xml
+++ b/src/chrome/content/rules/Jarian_Gibson.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://cdn.jariangibson.com/ => https://cdn.jariangibson.com/: (51,
 	* Secured by us
 
 -->
-<ruleset name="Jarian Gibson.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Jarian Gibson.com (partial)" default_off="failed ruleset test">
 
 	<target host="jariangibson.com" />
 	<target host="cdn.jariangibson.com" />
diff --git a/src/chrome/content/rules/Jarir.com.xml b/src/chrome/content/rules/Jarir.com.xml
new file mode 100644
index 000000000000..5bab5d251599
--- /dev/null
+++ b/src/chrome/content/rules/Jarir.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Jarir.com">
+	<target host="jarir.com" />
+	<target host="www.jarir.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jaspan.com.xml b/src/chrome/content/rules/Jaspan.com.xml
index 5e04eb0aad83..f69656cba904 100644
--- a/src/chrome/content/rules/Jaspan.com.xml
+++ b/src/chrome/content/rules/Jaspan.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.jaspan.com/themes/acquia/acquia_marina/images/close-quot
 	www.jaspan.com: Mismatched
 
 -->
-<ruleset name="Jaspan.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Jaspan.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Java.net.xml b/src/chrome/content/rules/Java.net.xml
index 364814f891d6..1cd0e38dcfd6 100644
--- a/src/chrome/content/rules/Java.net.xml
+++ b/src/chrome/content/rules/Java.net.xml
@@ -1,76 +1,33 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://java.net/ => https://java.net/: Too many redirects while fetching 'https://java.net/'
-Fetch error: http://asset-0.java.net/ => https://asset-0.java.net/: Too many redirects while fetching 'https://asset-0.java.net/'
-Fetch error: http://asset-1.java.net/ => https://asset-1.java.net/: Too many redirects while fetching 'https://asset-1.java.net/'
-Fetch error: http://asset-2.java.net/ => https://asset-2.java.net/: Too many redirects while fetching 'https://asset-2.java.net/'
-Fetch error: http://asset-3.java.net/ => https://asset-3.java.net/: Too many redirects while fetching 'https://asset-3.java.net/'
-Fetch error: http://glassfish.java.net/ => https://glassfish.java.net/: Too many redirects while fetching 'https://glassfish.java.net/'
-Fetch error: http://home.java.net/ => https://home.java.net/: Too many redirects while fetching 'https://home.java.net/'
-Fetch error: http://jax-rs-spec.java.net/ => https://jax-rs-spec.java.net/: Too many redirects while fetching 'https://jax-rs-spec.java.net/'
-Fetch error: http://jersey.java.net/ => https://jersey.java.net/: Too many redirects while fetching 'https://jersey.java.net/'
-Fetch error: http://jsr311.java.net/ => https://jsr311.java.net/: Too many redirects while fetching 'https://jsr311.java.net/'
-Fetch error: http://tyrus.java.net/ => https://tyrus.java.net/: Too many redirects while fetching 'https://tyrus.java.net/'
-Fetch error: http://www.java.net/ => https://www.java.net/: Too many redirects while fetching 'https://www.java.net/'
-
-	For other Oracle coverage, see Oracle.xml.
-
-
-	Nonfunctional hosts in *java.net:
-
-		- openjdk *
-
-	* Refused
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .java.net
+	For other Oracle coverage, see Oracle.xml
+
+	Non-functional hosts
+		5xx server error:
+		- asset-0.java.net
+		- asset-1.java.net
+		- asset-2.java.net
+		- asset-3.java.net
 		- home.java.net
-		- jax-rs-spec.java.net
-		- jsr311.java.net
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- home from $self *
-			- jax-rs-spec from jersey.java.net *
-
-	* Secured by us
-
 -->
-<ruleset name="Java.net (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Java.net (partial)">
 	<target host="java.net" />
-	<target host="asset-0.java.net" />
-	<target host="asset-1.java.net" />
-	<target host="asset-2.java.net" />
-	<target host="asset-3.java.net" />
+	<target host="www.java.net" />
+	<target host="download.java.net" />
 	<target host="glassfish.java.net" />
-	<target host="home.java.net" />
 	<target host="jax-rs-spec.java.net" />
+	<target host="jdk.java.net" />
 	<target host="jersey.java.net" />
 	<target host="jsr311.java.net" />
+	<target host="openjdk.java.net" />
+	<target host="bugs.openjdk.java.net" />
+	<target host="cr.openjdk.java.net" />
+	<target host="db.openjdk.java.net" />
+	<target host="hg.openjdk.java.net" />
+	<target host="mail.openjdk.java.net" />
 	<target host="wiki.openjdk.java.net" />
 	<target host="tyrus.java.net" />
-	<target host="www.java.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.java\.net$" name="^SESS[0-9a-f]{32}$" /-->
-	<!--securecookie host="^(jax-rs-spec|jsr311)?\.java\.net$" name="^_junction2_session$" /-->
-	<!--securecookie host="^home\.java\.net$" name="^poll-\d+$" /-->
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JavaLand.eu.xml b/src/chrome/content/rules/JavaLand.eu.xml
new file mode 100644
index 000000000000..7be607acc6ad
--- /dev/null
+++ b/src/chrome/content/rules/JavaLand.eu.xml
@@ -0,0 +1,17 @@
+<!--
+	Connection closed:
+ 		javaland.eu
+-->
+<ruleset name="JavaLand.eu">
+
+	<target host="javaland.eu" />
+	<target host="www.javaland.eu" />
+	<target host="programm.javaland.eu" />
+
+	<rule from="^http://javaland\.eu/"
+		to="https://www.javaland.eu/" />
+    <test url="http://javaland.eu/de/rueckabwicklung/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/JavaScriptIsSexy.com.xml b/src/chrome/content/rules/JavaScriptIsSexy.com.xml
new file mode 100644
index 000000000000..d4810d732d5f
--- /dev/null
+++ b/src/chrome/content/rules/JavaScriptIsSexy.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="JavaScriptIsSexy.com">
+	<target host="javascriptissexy.com" />
+	<target host="www.javascriptissexy.com" />
+	<target host="cpanel.javascriptissexy.com" />
+	<target host="mail.javascriptissexy.com" />
+	<target host="webdisk.javascriptissexy.com" />
+	<target host="webmail.javascriptissexy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JavaScriptMVC.xml b/src/chrome/content/rules/JavaScriptMVC.xml
index a208ffa56937..a75051dec30a 100644
--- a/src/chrome/content/rules/JavaScriptMVC.xml
+++ b/src/chrome/content/rules/JavaScriptMVC.xml
@@ -17,7 +17,8 @@ Fetch error: http://javascriptmvc.com/ => http://javascriptmvc.com/: Cycle detec
 <ruleset name="JavaScriptMVC (partial)">
 
 	<target host="javascriptmvc.com" />
-	<target host="*.javascriptmvc.com" />
+	<target host="www.javascriptmvc.com" />
+	<target host="forum.javascriptmvc.com" />
 
 
 	<securecookie host="^forum\.javascriptmvc\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Javacoolsoftware.com.xml b/src/chrome/content/rules/Javacoolsoftware.com.xml
index 3885b5d45bfc..625a27e76ed5 100644
--- a/src/chrome/content/rules/Javacoolsoftware.com.xml
+++ b/src/chrome/content/rules/Javacoolsoftware.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.javacoolsoftware.com/ => https://www.javacoolsoftware.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://javacoolsoftware.com/ => https://www.javacoolsoftware.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Javacoolsoftware.com" default_off='failed ruleset test'>
+<ruleset name="Javacoolsoftware.com" default_off="failed ruleset test">
   <target host="www.javacoolsoftware.com"/>
   <target host="javacoolsoftware.com"/>
   <target host="licenses.javacoolsoftware.com"/>
diff --git a/src/chrome/content/rules/Javelin_Strategy.com.xml b/src/chrome/content/rules/Javelin_Strategy.com.xml
index d35aaad0314e..94b92850bd78 100644
--- a/src/chrome/content/rules/Javelin_Strategy.com.xml
+++ b/src/chrome/content/rules/Javelin_Strategy.com.xml
@@ -11,7 +11,8 @@
 <ruleset name="Javelin Strategy.com">
 
 	<target host="javelinstrategy.com" />
-	<target host="*.javelinstrategy.com" />
+	<target host="www.javelinstrategy.com" />
+	<target host="store.javelinstrategy.com" />
 
 
 	<!--	Not secured by server:
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?javelinstrategy\.com/"
 		to="https://www.javelinstrategy.com/" />
 
-	<rule from="^http://store\.javelinstrategy\.com/"
-		to="https://store.javelinstrategy.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Javvin.com.xml b/src/chrome/content/rules/Javvin.com.xml
index f23ada8abe39..0f6c7814d298 100644
--- a/src/chrome/content/rules/Javvin.com.xml
+++ b/src/chrome/content/rules/Javvin.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.javvin.com/ => http://www.javvin.com/: (28, 'Connection
 	Some pages redirect to http.
 
 -->
-<ruleset name="Javvin.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Javvin.com (partial)" default_off="failed ruleset test">
 
 	<target host="javvin.com" />
 	<target host="www.javvin.com" />
diff --git a/src/chrome/content/rules/Jawbone.com.xml b/src/chrome/content/rules/Jawbone.com.xml
index b46be5103ec4..3ffaf3eed701 100644
--- a/src/chrome/content/rules/Jawbone.com.xml
+++ b/src/chrome/content/rules/Jawbone.com.xml
@@ -9,6 +9,10 @@
 
 			- forums
 
+	Non-functional hosts:
+		Timeout:
+		- jawbone.com
+
 
 	Partially covered subdomains:
 
@@ -47,18 +51,21 @@
 -->
 <ruleset name="Jawbone.com (partial)">
 
-	<target host="jawbone.com" />
-	<target host="*.jawbone.com" />
+	<target host="eu.jawbone.com" />
+	<target host="forums.jawbone.com" />
+	<target host="mytalk.jawbone.com" />
+	<target host="store.jawbone.com" />
+	<target host="thoughts.jawbone.com" />
+	<target host="up.jawbone.com" />
+	<target host="www.jawbone.com" />
+	<target host="content.jawbone.com" />
 		<exclusion pattern="^http://store\.jawbone\.com/(?!Admin/|DRHM/)" />
 
 
 	<securecookie host="^(?!store\.).*\.jawbone\.com$" name=".+" />
 
 
-	<rule from="^http://((?:eu|forums|mytalk|store|thoughts|up|www)\.)?jawbone\.com/"
-		to="https://$1jawbone.com/" />
 
-	<rule from="^http://content\.jawbone\.com/"
-		to="https://d3osil7svxrrgt.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jcloud.com.xml b/src/chrome/content/rules/Jcloud.com.xml
index b9cee53d1a81..24064a8259ca 100644
--- a/src/chrome/content/rules/Jcloud.com.xml
+++ b/src/chrome/content/rules/Jcloud.com.xml
@@ -1,88 +1,17 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://i.jcloud.com/css/center/btn_applytoo.png => https://i.jcloud.com/css/center/btn_applytoo.png: (6, 'Could not resolve host: i.jcloud.com')
-Fetch error: http://i.jcloud.com/js/utility.js => https://i.jcloud.com/js/utility.js: (6, 'Could not resolve host: i.jcloud.com')
-Fetch error: http://plus.jcloud.com/ => https://plus.jcloud.com/: (6, 'Could not resolve host: plus.jcloud.com')
-
 	For other Jingdong Mall coverage, see JD.com.xml.
-
-
-	Nonfunctional hosts in *jcloud.com:
-
-		- man *
-		
-	* Shows www.jcloud.com
-
-
-	Problematic hosts in *jcloud.com:
-
-		- hosting *
-
-	* NB: Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- hosting.jcloud.com
-
-
-	Mixed content:
-		- i.jcloud.com
-		- Images on plus from www.jcloud.com
-
-	Refused：
-		cpsc.jcloud.com
-
 -->
-<ruleset name="Jcloud.com (partial)" default_off='failed ruleset test'>
-	
-	<!--	404
-	
-	<target host="jbox.jcloud.com" />
-	<exclusion pattern="^http://jbox.jcloud.com/$" />
-	<rule from="^http://jbox\.jcloud\.com/assets/"
-		to="https://jbox.jcloud.com/asssets/" />
-	<test url="http://jbox.jcloud.com/assets/css/v2/i/default_head_img.jpg" />
-	
-			-->
-
-	<!--	MCB	-->
-	
-	<target host="i.jcloud.com" />
-	<exclusion pattern="^http://i.jcloud.com/$" />
-	<exclusion pattern="^http://i.jcloud.com/(?!css|js)" />
-		<test url="http://i.jcloud.com/" />
-		<test url="http://i.jcloud.com/account" />
-		<test url="http://i.jcloud.com/bill/toDayJcloudBill" />
-		<test url="http://i.jcloud.com/jcloud/home/toHome" />
-		<test url="http://i.jcloud.com/user/info/authorization" />
-		
-		<test url="http://i.jcloud.com/css/center/btn_applytoo.png" />
-		<test url="http://i.jcloud.com/js/utility.js" />
-	
-	<target host="jfs.jcloud.com" />
-	<exclusion pattern="^http://jfs.jcloud.com/$" />
-	<rule from="^http://jfs\.jcloud\.com/(/assets|console|css|image|js)"
-		to="https://jfs.jcloud.com/$1" />
-		<test url="http://jfs.jcloud.com//assets/image/help/pic3.jpg" />
-		<test url="http://jfs.jcloud.com/console/checkCookie?randomid=693" />
-		<test url="http://jfs.jcloud.com/css/help/help.css" />
-		<test url="http://jfs.jcloud.com/image/help/rz.jpg" />
-		<test url="http://jfs.jcloud.com/js/portal/portal.min.js" />
-	
-	<!--	Directly	-->
-
+<ruleset name="Jcloud.com">
+	<target host="jcloud.com" />
+	<target host="www.jcloud.com" />
 	<target host="dataplus.jcloud.com" />
-	<target host="fws.jcloud.com" />
+	<target host="hosting.jcloud.com" />
+	<target host="jbox.jcloud.com" />
+		<test url="http://jbox.jcloud.com/assets/css/v2/i/default_head_img.jpg" />
 	<target host="market.jcloud.com" />
-	<target host="plus.jcloud.com" />
 	<target host="uc.jcloud.com" />
-	<target host="www.jcloud.com" />
-	<target host="wxlink.jcloud.com" />
 
 	<securecookie host="^\w" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Jeena.net.xml b/src/chrome/content/rules/Jeena.net.xml
index f7c827dc49ee..b5522b3d0ae3 100644
--- a/src/chrome/content/rules/Jeena.net.xml
+++ b/src/chrome/content/rules/Jeena.net.xml
@@ -1,7 +1,8 @@
 <ruleset name="jeena.net">
 
 	<target host="jeena.net" />
-	<target host="*.jeena.net" />
+	<target host="m.jeena.net" />
+	<target host="www.jeena.net" />
 
 
 	<securecookie host="^jeena\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Jeep_Tops_Direct.com.xml b/src/chrome/content/rules/Jeep_Tops_Direct.com.xml
index 0885d7be6841..ee7b675f3ba9 100644
--- a/src/chrome/content/rules/Jeep_Tops_Direct.com.xml
+++ b/src/chrome/content/rules/Jeep_Tops_Direct.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jeff_Mitchell.me.xml b/src/chrome/content/rules/Jeff_Mitchell.me.xml
index eee35af52bcb..bafc60678e8f 100644
--- a/src/chrome/content/rules/Jeff_Mitchell.me.xml
+++ b/src/chrome/content/rules/Jeff_Mitchell.me.xml
@@ -8,7 +8,7 @@ Fetch error: http://jeffmitchell.me/ => https://jeffmitchell.me/: (60, 'SSL cert
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="Jeff Mitchell.me" default_off='failed ruleset test'>
+<ruleset name="Jeff Mitchell.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml b/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml
index 5d0227a3e031..20189d2a9e92 100644
--- a/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml
+++ b/src/chrome/content/rules/Jeff_Nabers.com-falsemixed.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Jeff Nabers.com (false MCB)" platform="mixedcontent">
 
-	<target host="*.jeffnabers.com" />
+	<target host="www.jeffnabers.com" />
 
 
-	<securecookie host="^\.jeffnabers\.com$" name=".+" />
 
-
-	<rule from="^http://www\.jeffnabers\.com/"
-		to="https://www.jeffnabers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jenkins-CI.org.xml b/src/chrome/content/rules/Jenkins-CI.org.xml
index 8202c8dead72..4cc3c296fb4a 100644
--- a/src/chrome/content/rules/Jenkins-CI.org.xml
+++ b/src/chrome/content/rules/Jenkins-CI.org.xml
@@ -1,59 +1,36 @@
 <!--
-	Fully covered subdomains:
-
-		- (www.)
-		- issues
-		- updates
-		- usage
-		- wiki
-
-
-	Insecure cookies are set for these hosts:
-
-		- issues.jenkins-ci.org
-		- wiki.jenkins-ci.org
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- wiki from jenkins-ci.org *
-			- wiki from upload.wikimedia.org *
-
-
 	Invalid certificate:
-
 		- ci.jenkins-ci.org
+		- demo.jenkins-ci.org
+		- lists.jenkins-ci.org
+		- meetings.jenkins-ci.org
+		- mirrors.jenkins-ci.org
+		- pkg.jenkins-ci.org
+		- puppet.jenkins-ci.org
 
+	Refused:
+		- archives.jenkins-ci.org
+		- ns3.jenkins-ci.org
 
 	Timeout:
-
+		- stacktrace.jenkins-ci.org
 		- svn.jenkins-ci.org
-
-
-	* Secured by us
-
 -->
 <ruleset name="Jenkins-CI.org">
 
 	<target host="jenkins-ci.org" />
+	<target host="www.jenkins-ci.org" />
+	<target host="accounts.jenkins-ci.org" />
 	<target host="issues.jenkins-ci.org" />
+	<target host="javadoc.jenkins-ci.org" />
+	<target host="repo.jenkins-ci.org" />
+	<target host="stats.jenkins-ci.org" />
 	<target host="updates.jenkins-ci.org" />
 	<target host="usage.jenkins-ci.org" />
 	<target host="wiki.jenkins-ci.org" />
-	<target host="www.jenkins-ci.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(issues|wiki)\.jenkins-ci\.org$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^wiki\.jenkins-ci\.org$" name="^atlassian\.xsrf\.token$" /-->
-
-	<securecookie host="^(?:issues|update|usage|wiki)?\.jenkins-ci\.org$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Jenkins-X.io.xml b/src/chrome/content/rules/Jenkins-X.io.xml
new file mode 100644
index 000000000000..6ece69aa6c6f
--- /dev/null
+++ b/src/chrome/content/rules/Jenkins-X.io.xml
@@ -0,0 +1,13 @@
+<!--
+	cd.jenkins-x.io contains a wildcard DNS record.
+-->
+<ruleset name="Jenkins-X.io">
+
+	<target host="jenkins-x.io" />
+	<target host="chartmuseum.build.cd.jenkins-x.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jennyvixenryan.com.xml b/src/chrome/content/rules/Jennyvixenryan.com.xml
new file mode 100644
index 000000000000..14ccec806734
--- /dev/null
+++ b/src/chrome/content/rules/Jennyvixenryan.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="jennyvixenryan.com">
+	<target host="jennyvixenryan.com" />
+	<target host="www.jennyvixenryan.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jensge.org.xml b/src/chrome/content/rules/Jensge.org.xml
index 3a5f2837a4d8..2a18dbaa3574 100644
--- a/src/chrome/content/rules/Jensge.org.xml
+++ b/src/chrome/content/rules/Jensge.org.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.jensge.org/ => https://jensge.org/: (60, 'SSL certificat
 		- www	(mismatched, CN: www.webstreams.de)
 
 -->
-<ruleset name="jensge.org" default_off='failed ruleset test'>
+<ruleset name="jensge.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Jet2.com.xml b/src/chrome/content/rules/Jet2.com.xml
index 7972e1d70518..8f6834210d60 100644
--- a/src/chrome/content/rules/Jet2.com.xml
+++ b/src/chrome/content/rules/Jet2.com.xml
@@ -4,12 +4,13 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://jet2.com/ => https://www.jet2.com/: Too many redirects while fetching 'https://www.jet2.com/'
 
 -->
-<ruleset name="Jet2.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Jet2.com" platform="mixedcontent" default_off="failed ruleset test">
   <target host="jet2.com" />
-  <target host="*.jet2.com" />
+  <target host="intranet.jet2.com" />
+  <target host="reservations.jet2.com" />
+  <target host="www.jet2.com" />
 
   <rule from="^http://jet2\.com/"
           to="https://www.jet2.com/" />
-  <rule from="^http://(intranet|reservations|www)\.jet2\.com/"
-          to="https://$1.jet2.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JetBrains.com-falsemixed.xml b/src/chrome/content/rules/JetBrains.com-falsemixed.xml
deleted file mode 100644
index 177fc11a6bc0..000000000000
--- a/src/chrome/content/rules/JetBrains.com-falsemixed.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://blogs.jetbrain.com// => https://blogs.jetbrain.com//: (7, 'Failed to connect to blogs.jetbrain.com port 443: Connection refused')
-
-	For rules not causing false/broken MCB, see JetBrains.xml.
-
--->
-<ruleset name="JetBrains.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="blog.jetbrains.com" />
-
-	<!--	complications:
-				-->
-	<target host="blogs.jetbrains.com" />
-
-		<!--	/*(?!$|\?) 404s:
-					-->
-		<exclusion pattern="^http://blogs\.jetbrains\.com/+(?!$|\?)" />
-
-			<!--	ve:
-					-->
-			<test url="http://blogs.jetbrains.com/home" />
-			<test url="http://blogs.jetbrains.com/index.asp" />
-			<test url="http://blogs.jetbrains.com/index.aspx" />
-			<test url="http://blogs.jetbrains.com/index.htm" />
-			<test url="http://blogs.jetbrains.com/index.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://blogs.jetbrain.com//" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<!--	Redirect keeps args but
-		not forward slash:
-					-->
-	<rule from="^http://blogs\.jetbrains\.com/+"
-		to="https://blog.jetbrains.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JetBrains.com.xml b/src/chrome/content/rules/JetBrains.com.xml
new file mode 100644
index 000000000000..4ab1561f441d
--- /dev/null
+++ b/src/chrome/content/rules/JetBrains.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- blogs.jetbrains.com
+		- www.onboard.jetbrains.com
+
+		SSL peer certificate was not OK:
+		- download-ln.jetbrains.com
+		- slack-mps.jetbrains.com
+
+		4xx client error:
+		- data.services.jetbrains.com
+-->
+<ruleset name="JetBrains.com">
+	<target host="jetbrains.com" />
+	<target host="www.jetbrains.com" />
+	<target host="account.jetbrains.com" />
+	<target host="blog.jetbrains.com" />
+	<target host="code2art.jetbrains.com" />
+	<target host="confluence.jetbrains.com" />
+	<target host="dotnettools-support.jetbrains.com" />
+	<target host="download.jetbrains.com" />
+	<test url="http://download.jetbrains.com/idea/ideaIU-2018.3.4.tar.gz" />
+	<target host="ea.jetbrains.com" />
+	<target host="go.jetbrains.com" />
+	<target host="hub.jetbrains.com" />
+	<target host="hub-support.jetbrains.com" />
+	<target host="info.jetbrains.com" />
+	<target host="intellij-support.jetbrains.com" />
+	<target host="internship.jetbrains.com" />
+	<target host="mps-support.jetbrains.com" />
+	<target host="plugins.jetbrains.com" />
+	<target host="repository.jetbrains.com" />
+	<target host="resharper-platform.jetbrains.com" />
+	<target host="resharper-support.jetbrains.com" />
+	<target host="resources.jetbrains.com" />
+	<test url="http://resources.jetbrains.com/storage/products/clion/docs/Comparisons_CLion.pdf" />
+	<target host="rider-support.jetbrains.com" />
+	<target host="sales.jetbrains.com" />
+	<target host="uploads.services.jetbrains.com" />
+	<target host="space-support.jetbrains.com" />
+	<target host="status.jetbrains.com" />
+	<target host="teamcity.jetbrains.com" />
+	<test url="http://teamcity.jetbrains.com/login.html" />
+	<target host="teamcity-support.jetbrains.com" />
+	<target host="toolbox-support.jetbrains.com" />
+	<target host="upsource.jetbrains.com" />
+	<target host="upsource-support.jetbrains.com" />
+	<target host="youtrack.jetbrains.com" />
+	<target host="youtrack-support.jetbrains.com" />
+	<target host="youtrack-workflow-converter.jetbrains.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JetBrains.xml b/src/chrome/content/rules/JetBrains.xml
deleted file mode 100644
index c24b3cf2c91e..000000000000
--- a/src/chrome/content/rules/JetBrains.xml
+++ /dev/null
@@ -1,170 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://info.jetbrains.com/rs/jetbrains/images/2015_03_March_JetBrains_Monthly_Newsletter.html (200) => https://na-lon02.marketo.com/rs/jetbrains/images/2015_03_March_JetBrains_Monthly_Newsletter.html (403)
-Fetch error: http://sso.jetbrains.com/ => https://sso.jetbrains.com/: (6, 'Could not resolve host: sso.jetbrains.com')
-
-	For rules causing false/broken MCB, see JetBrains.com-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- up-20131014-174310-staticss3bucket-11pv7uv2jov7b.s3-eu-west-1.amazonaws.com
-
-		- jetbrains.vo.llnwd.net
-
-			- .hs. doesn't exist
-			- download-ln
-
-		- dotnettools.zendesk.com
-
-			- dotnettools-support
-
-		- resharper.zendesk.com
-
-			- resharper-support
-
-
-	Nonfunctional hosts in *jetbrains.com:
-
-		- confluence ¹
-		- download ¹
-		- download-ln ²
-		- forum ¹
-		- kotlin-demo ¹
-		- plugins ¹
-		- teamcity ³
-
-	¹ Refused
-	² 400, CN: *.hs.llnwd.net
-	³ Dropped
-
-
-	Problematic hosts in *jetbrains.com:
-
-		- blog ¹
-		- blogs ²
-		- jetpeople ³
-		- youtrack ³
-
-	¹ Mixed css
-	² Refused
-	³ Self-signed
-
-
-	Insecure cookies are set for these hosts:
-
-		- account.jetbrains.com
-		- blog.jetbrains.com
-		- plugins.jetbrains.com
-
-
-	Mixed content:
-
-		- css on blog from $self *
-
-		- Images, on:
-
-			- blog on blog from $self *
-			- blog from www.jetbrains.com *
-
-		- Ads on www from www.googleadservices.com *
-
-	* Secured by us
-
--->
-<ruleset name="JetBrains.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="jetbrains.com" />
-	<target host="account.jetbrains.com" />
-	<!--target host="blog.jetbrains.com" /-->
-	<target host="devnet.jetbrains.com" />
-	<target host="intellij-support.jetbrains.com" />
-	<target host="sso.jetbrains.com" />
-	<target host="plugins.jetbrains.com" />
-	<target host="www.jetbrains.com" />
-
-	<!--	complications:
-				-->
-	<!--target host="blogs.jetbrains.com" /-->
-	<target host="dotnettools-support.jetbrains.com" />
-	<target host="info.jetbrains.com" />
-	<target host="resharper-support.jetbrains.com" />
-
-		<!--	/*(?!$|\?) 404s:
-					-->
-		<!--exclusion pattern="^http://blogs\.jetbrains\.com/+(?!$|\?)" /-->
-
-			<!--	ve:
-					-->
-			<!--test url="http://blogs.jetbrains.com/home" /-->
-			<!--test url="http://blogs.jetbrains.com/index.asp" /-->
-			<!--test url="http://blogs.jetbrains.com/index.aspx" /-->
-			<!--test url="http://blogs.jetbrains.com/index.htm" /-->
-			<!--test url="http://blogs.jetbrains.com/index.php" /-->
-
-			<!--	-ve:
-					-->
-			<!--test url="http://blogs.jetbrain.com//" /-->
-
-		<exclusion pattern="^http://info\.jetbrains\.com/+(?!css/|images/|rs/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://info.jetbrains.com/Continuous-Integration-Webinar.html" />
-			<test url="http://info.jetbrains.com/JetBrains-at-RailsClub-2015.html" />
-			<test url="http://info.jetbrains.com/PhpStorm-Webinar-November2015.html" />
-			<test url="http://info.jetbrains.com/ReSharper-Webinar-November2015-registration.html" />
-			<test url="http://info.jetbrains.com/RubyMine-Webinar-November2015-registration.html" />
-
-			<!--	-ve:
-					-->
-			<test url="http://info.jetbrains.com/rs/jetbrains/images/2015_03_March_JetBrains_Monthly_Newsletter.html" />
-
-		<exclusion pattern="^http://(?:dotnettools|resharper)-support\.jetbrains\.com/+(?!favicon\.ico|images/|system/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://dotnettools-support.jetbrains.com/hc/en-us/" />
-			<test url="http://dotnettools-support.jetbrains.com/hc/en-us/articles/206531803-A-snapshot-obtained-during-Sampling-profiling-mode-contains-many-unresolved-nodes" />
-			<test url="http://dotnettools-support.jetbrains.com/hc/en-us/requests/new" />
-			<test url="http://dotnettools-support.jetbrains.com/hc/en-us/signin" />
-
-			<test url="http://resharper-support.jetbrains.com/hc/en-us/" />
-			<test url="http://resharper-support.jetbrains.com/hc/en-us/requests/new" />
-			<test url="http://resharper-support.jetbrains.com/hc/en-us/signin" />
-
-			<!--	-ve:
-					-->
-			<test url="http://dotnettools-support.jetbrains.com/favicon.ico" />
-
-			<test url="http://resharper-support.jetbrains.com/favicon.ico" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^account\.jetbrains\.com$" name="^_st$" /-->
-	<!--securecookie host="^blog\.jetbrains\.com$" name="^(?:AWSELB|PHPSESSID)$" /-->
-	<!--securecookie host="^plugins\.jetbrains\.com$" name="^ccc$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	Redirect keeps args but
-		not forward slash:
-					-->
-	<!--rule from="^http://blogs\.jetbrains\.com/+"
-		to="https://blog.jetbrains.com/" /-->
-
-	<rule from="^http://(dotnettools|resharper)-support\.jetbrains\.com/"
-		to="https://$1.zendesk.com/" />
-
-	<rule from="^http://info\.jetbrains\.com/"
-		to="https://na-lon02.marketo.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jetico.com.xml b/src/chrome/content/rules/Jetico.com.xml
index 7087a2245b58..2b13eb4d2b22 100644
--- a/src/chrome/content/rules/Jetico.com.xml
+++ b/src/chrome/content/rules/Jetico.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://jetico.com/ => https://jetico.com/: (51, "SSL: no alternativ
 	* Secured by us
 
 -->
-<ruleset name="Jetico.com" default_off='failed ruleset test'>
+<ruleset name="Jetico.com" default_off="failed ruleset test">
 
 	<target host="jetico.com" />
 	<target host="www.jetico.com" />
diff --git a/src/chrome/content/rules/Jewel_Osco.com.xml b/src/chrome/content/rules/Jewel_Osco.com.xml
index 06ae7d28007b..15c764b0f7c5 100644
--- a/src/chrome/content/rules/Jewel_Osco.com.xml
+++ b/src/chrome/content/rules/Jewel_Osco.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://jewelosco.com/ => https://jewelosco.com/: (51, "SSL: no alte
 	² Unsecurable <= refused
 
 -->
-<ruleset name="Jewel Osco.com" default_off='failed ruleset test'>
+<ruleset name="Jewel Osco.com" default_off="failed ruleset test">
 
 	<target host="jewelosco.com" />
 	<target host="www.jewelosco.com" />
diff --git a/src/chrome/content/rules/JewishPress.com.xml b/src/chrome/content/rules/JewishPress.com.xml
index 0ec81a4ae059..0913904a1a84 100644
--- a/src/chrome/content/rules/JewishPress.com.xml
+++ b/src/chrome/content/rules/JewishPress.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.jewishpress.com/ => https://www.jewishpress.com/: (7, 'F
 		- i[012].wp.com/www.jewishpress.com/
 
 -->
-<ruleset name="JewishPress.com" default_off='failed ruleset test'>
+<ruleset name="JewishPress.com" default_off="failed ruleset test">
 
 	<target host="jewishpress.com" />
 	<target host="www.jewishpress.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.jewishpress.com/ => https://www.jewishpress.com/: (7, 'F
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jezebel.com.xml b/src/chrome/content/rules/Jezebel.com.xml
deleted file mode 100644
index 9ff84bdec4b2..000000000000
--- a/src/chrome/content/rules/Jezebel.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	Mixed content:
-
-		- Bugs on ^, (column_name) from b.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Jezebel.com">
-
-	<target host="jezebel.com" />
-	<target host="groupthink.jezebel.com" />
-	<target host="pictorial.jezebel.com" />
-	<target host="themuse.jezebel.com" />
-	<target host="theslot.jezebel.com" />
-	<target host="www.jezebel.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?jezebel\.com$" name="^geocc$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JiWire.xml b/src/chrome/content/rules/JiWire.xml
index 9a3477c31ca3..b9781d9766cf 100644
--- a/src/chrome/content/rules/JiWire.xml
+++ b/src/chrome/content/rules/JiWire.xml
@@ -33,10 +33,16 @@ Fetch error: http://jiwire.com/ => https://www.jiwire.com/: (60, 'SSL certificat
 		- v4
 
 -->
-<ruleset name="JiWire (partial)" default_off='failed ruleset test'>
+<ruleset name="JiWire (partial)" default_off="failed ruleset test">
 
 	<target host="jiwire.com" />
-	<target host="*.jiwire.com" />
+	<target host="cms.jiwire.com" />
+	<target host="www.jiwire.com" />
+	<target host="ads.jiwire.com" />
+	<target host="api.jiwire.com" />
+	<target host="tags.jiwire.com" />
+	<target host="v4.jiwire.com" />
+	<target host="wi-fi.jiwire.com" />
 
 
 	<securecookie host="^v4\.jiwire\.com$" name=".+" />
@@ -45,7 +51,6 @@ Fetch error: http://jiwire.com/ => https://www.jiwire.com/: (60, 'SSL certificat
 	<rule from="^http://(?:cms\.|www\.)?jiwire\.com/"
 		to="https://www.jiwire.com/" />
 
-	<rule from="^http://(ads|api|tags|v4|wi-fi)\.jiwire\.com/"
-		to="https://$1.jiwire.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JianGuoYun.xml b/src/chrome/content/rules/JianGuoYun.xml
index 33dc469a0491..98eb6f6206cb 100644
--- a/src/chrome/content/rules/JianGuoYun.xml
+++ b/src/chrome/content/rules/JianGuoYun.xml
@@ -14,7 +14,6 @@
 
 	  <!--  MCB:  -->
 		<exclusion pattern="^http://bbs\.jianguoyun\.com/(?!my-templates/)" />
-		<test url="http://bbs.jianguoyun.com/" />
 		<test url="http://bbs.jianguoyun.com/forum.php?id=1" />
 		<test url="http://bbs.jianguoyun.com/my-templates/nutstore/style.css" />
 
diff --git a/src/chrome/content/rules/Jigsaw.xml b/src/chrome/content/rules/Jigsaw.xml
deleted file mode 100644
index b7867b9f1074..000000000000
--- a/src/chrome/content/rules/Jigsaw.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	- jigsaw.i.lithium.com
-	- jigsaw.mashery.com
-
-
-	Nonfunctional subdomains:
-
-		- developer	(redirects to http; mismatched, CN: *.mashery.com)
-
-
-	Problematic subdomains:
-
-		- community
-
--->
-<ruleset name="Jigsaw (partial)">
-
-	<target host="jigsaw.com" />
-	<target host="*.jigsaw.com" />
-
-
-	<securecookie host="^(?:www)?\.jigsaw\.com$" name=".+" />
-
-
-	<rule from="^http://((?:about|email|enterprise|static|www)\.)?jigsaw\.com/"
-		to="https://$1jigsaw.com/" />
-
-	<rule from="^http://community\.jigsaw\.com/"
-		to="https://jigsaw.i.lithium.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jim_static.com.xml b/src/chrome/content/rules/Jim_static.com.xml
deleted file mode 100644
index cb8d6fda0173..000000000000
--- a/src/chrome/content/rules/Jim_static.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://a0.jimstatic.com/ => https://a0.jimstatic.com/: (6, 'Could not resolve host: a0.jimstatic.com')
-Fetch error: http://a1.jimstatic.com/ => https://a1.jimstatic.com/: (6, 'Could not resolve host: a1.jimstatic.com')
-Fetch error: http://a2.jimstatic.com/ => https://a2.jimstatic.com/: (6, 'Could not resolve host: a2.jimstatic.com')
-Fetch error: http://a3.jimstatic.com/ => https://a3.jimstatic.com/: (6, 'Could not resolve host: a3.jimstatic.com')
-Fetch error: http://a4.jimstatic.com/ => https://a4.jimstatic.com/: (6, 'Could not resolve host: a4.jimstatic.com')
-
-	For other Jimdo coverage, see Jimdo.xml.
-
--->
-<ruleset name="Jim static.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="a0.jimstatic.com" />
-	<target host="a1.jimstatic.com" />
-	<target host="a2.jimstatic.com" />
-	<target host="a3.jimstatic.com" />
-	<target host="a4.jimstatic.com" />
-	<target host="assets.jimstatic.com" />
-	<target host="assets1.jimstatic.com" />
-	<target host="assets2.jimstatic.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jimcdn.com.xml b/src/chrome/content/rules/Jimcdn.com.xml
new file mode 100644
index 000000000000..8dd6d53269d8
--- /dev/null
+++ b/src/chrome/content/rules/Jimcdn.com.xml
@@ -0,0 +1,19 @@
+
+<!--
+	Other Jimdo rulesets:
+		-Jimdo.xml
+-->
+<ruleset name="Jimcdn.com">
+
+	<target host="image.jimcdn.com" />
+	<target host="screenshot-service.jimcdn.com" />
+	<target host="u.jimcdn.com" />
+
+	<test url="http://image.jimcdn.com/app/cms/image/transf/none/path/sa6549607c78f5c11/image/i9d6e7fb91ac77594/version/1490381820/best-landscapes-in-europe-godafoss-waterfall-at-sunset-iceland-europe-copyright-ronnybas.jpg/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimdo-Server.com.xml b/src/chrome/content/rules/Jimdo-Server.com.xml
new file mode 100644
index 000000000000..498d64a08156
--- /dev/null
+++ b/src/chrome/content/rules/Jimdo-Server.com.xml
@@ -0,0 +1,23 @@
+
+<!--
+	Other Jimdo rulesets:
+		- Jimdo.xml
+
+	Invalid certificate:
+		jimdo-server.com
+-->
+<ruleset name="Jimdo-Server.com (partial)">
+
+	<target host="api.dmp.jimdo-server.com" />
+	<target host="devkit.dmp.jimdo-server.com" />
+	<target host="screenshots.dmp.jimdo-server.com" />
+	<target host="mgmt.jimdo-server.com" />
+
+	<test url="http://api.dmp.jimdo-server.com/designs/316/versions/2.0.28/preview/" />
+	<test url="http://screenshots.dmp.jimdo-server.com/?ressource=https://api.dmp.jimdo-server.com/designs/316/versions/2.0.28/&amp;format=medium/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimdo.design.xml b/src/chrome/content/rules/Jimdo.design.xml
new file mode 100644
index 000000000000..89aa5ed44484
--- /dev/null
+++ b/src/chrome/content/rules/Jimdo.design.xml
@@ -0,0 +1,15 @@
+
+<!--
+	Other Jimdo rulesets:
+		-Jimdo.xml
+-->
+<ruleset name="Jimdo.design">
+
+	<target host="jimdo.design" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jimdo.xml b/src/chrome/content/rules/Jimdo.xml
index 7d9eddf5cb9b..13c95c3b0a2b 100644
--- a/src/chrome/content/rules/Jimdo.xml
+++ b/src/chrome/content/rules/Jimdo.xml
@@ -1,46 +1,23 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www51.jimdo.com/ => https://www51.jimdo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www51.jimdo.com'")
-
 	Other Jimdo rulesets:
+		-Jimdo-Server.com.xml
+		-Jimcdn.com.xml
+		-Jimstatic.com.xml
+		-Jimdo.design.xml
 
-		- Jim_static.com.xml
-
-
-	Nonfunctional subdomains:
-
-		- ^ ¹
-		- blog ²
-		- u ³
-		- support ¹
-		- web63 ⁴
-		- web40[23] ¹
-		- www ³
-
-	¹ Dropped
-	² wpengine
-	³ 403; mismatched, CN: ssl2.cdngc.net
-	⁴ Refused
-
+	Jimdo is a web hosting provider. All client pages have a subdomain with the Jimdo certificate.
 -->
-<ruleset name="Jimdo.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="a.jimdo.com" />
-	<target host="webmail.jimdo.com" />
-	<target host="www51.jimdo.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.jimdo\.com$" name="^JDI$" /-->
-	<!--securecookie host="^a\.jimdo\.com$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^www51\.jimdo\.com$" name="^ClickAndChange$" /-->
+<ruleset name="Jimdo.com">
 
-	<securecookie host="^(?:a|webmail|www51)\.jimdo\.com$" name=".+" />
+	<target host="jimdo.com" />
+	<target host="*.jimdo.com" />
+			<test url="http://de.jimdo.com/" />
+			<test url="http://es.jimdo.com/" />
+			<test url="http://help.jimdo.com/" />
+			<test url="http://webmail.jimdo.com/" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Jimg.dk.xml b/src/chrome/content/rules/Jimg.dk.xml
index d4d079ed6297..302cd2ef30bd 100644
--- a/src/chrome/content/rules/Jimg.dk.xml
+++ b/src/chrome/content/rules/Jimg.dk.xml
@@ -13,7 +13,7 @@ Fetch error: http://jimg.dk/ => https://jimg.dk/: (51, "SSL: no alternative cert
 		- z
 
 -->
-<ruleset name="Jimg.dk" default_off='failed ruleset test'>
+<ruleset name="Jimg.dk" default_off="failed ruleset test">
 
 	<target host="jimg.dk" />
 	<target host="i1.jimg.dk" />
diff --git a/src/chrome/content/rules/Jimstatic.com.xml b/src/chrome/content/rules/Jimstatic.com.xml
new file mode 100644
index 000000000000..595cf2b3a951
--- /dev/null
+++ b/src/chrome/content/rules/Jimstatic.com.xml
@@ -0,0 +1,21 @@
+
+<!--
+	Other Jimdo rulesets:
+		-Jimdo.xml
+-->
+<ruleset name="Jimstatic.com">
+
+	<target host="account-assets.jimstatic.com" />
+	<target host="assets.jimstatic.com" />
+	<target host="assets1.jimstatic.com" />
+	<target host="assets2.jimstatic.com" />
+	<target host="growth.jimstatic.com" />
+	<target host="signup.jimstatic.com" />
+	<target host="webteam.jimstatic.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Jit.su.xml b/src/chrome/content/rules/Jit.su.xml
index 3203f6f52037..d471423ff066 100644
--- a/src/chrome/content/rules/Jit.su.xml
+++ b/src/chrome/content/rules/Jit.su.xml
@@ -8,7 +8,7 @@ Fetch error: http://xmpp-ftw.jit.su/ => https://xmpp-ftw.jit.su/: (7, 'Failed to
 	For other GoDaddy coverage, see GoDaddy.xml.
 
 -->
-<ruleset name="jit.su" default_off='failed ruleset test'>
+<ruleset name="jit.su" default_off="failed ruleset test">
 
 	<target host="jit.su" />
 	<target host="www.jit.su" />
diff --git a/src/chrome/content/rules/Jitscale.com-falsemixed.xml b/src/chrome/content/rules/Jitscale.com-falsemixed.xml
index be515d96868f..1f5776fa030d 100644
--- a/src/chrome/content/rules/Jitscale.com-falsemixed.xml
+++ b/src/chrome/content/rules/Jitscale.com-falsemixed.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jitscale.com.xml b/src/chrome/content/rules/Jitscale.com.xml
index 80a638e4ba69..455e762aecf9 100644
--- a/src/chrome/content/rules/Jitscale.com.xml
+++ b/src/chrome/content/rules/Jitscale.com.xml
@@ -51,4 +51,4 @@
 	<rule from="^http://cdn3\.jitscale\.com/"
 		to="https://d2ve2fyg0zf8xm.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jive.com.xml b/src/chrome/content/rules/Jive.com.xml
index 3a4a78d48062..2220ce69eaf8 100644
--- a/src/chrome/content/rules/Jive.com.xml
+++ b/src/chrome/content/rules/Jive.com.xml
@@ -19,7 +19,7 @@
 	² Server sends no certificate chain
 
 -->
-<ruleset name="Jive.com" default_off='missing certificate chain'>
+<ruleset name="Jive.com" default_off="missing certificate chain">
 
 	<target host="getjive.com" />
 	<target host="www.getjive.com" />
diff --git a/src/chrome/content/rules/Jjslinterrors.com.xml b/src/chrome/content/rules/Jjslinterrors.com.xml
index 743b88cebfd6..60abd79ce6a9 100644
--- a/src/chrome/content/rules/Jjslinterrors.com.xml
+++ b/src/chrome/content/rules/Jjslinterrors.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.jslinterrors.com/ => https://www.jslinterrors.com/: (28,
   Notes:
   - Cloudflare SSL
 -->
-<ruleset name="jslinterrors.com" default_off='failed ruleset test'>
+<ruleset name="jslinterrors.com" default_off="failed ruleset test">
     <target host="jslinterrors.com" />
     <target host="www.jslinterrors.com" />
 
diff --git a/src/chrome/content/rules/Jku.at.xml b/src/chrome/content/rules/Jku.at.xml
new file mode 100644
index 000000000000..0d90eef00c33
--- /dev/null
+++ b/src/chrome/content/rules/Jku.at.xml
@@ -0,0 +1,31 @@
+<ruleset name="Jku.at (partial)">
+	<target host="jku.at" />
+	<target host="www.jku.at" />
+
+	<!-- student services -->
+	<target host="kusss.jku.at" />
+	<target host="www.kusss.jku.at" />
+	<target host="lisss.jku.at" />
+	<target host="moodle.jku.at" />
+	<target host="musss.jku.at" />
+
+	<!-- employee services -->
+	<target host="access.jku.at" />
+	<target host="drive.jku.at" />
+	<target host="ess.jku.at" />
+	<target host="ework.jku.at" />
+	<target host="forms.jku.at" />
+	<target host="groupwise.jku.at" />
+	<target host="intranet.jku.at" />
+	<target host="password.jku.at" />
+
+	<!-- research institutes -->
+	<target host="ins.jku.at" />
+	<target host="www.ins.jku.at" />
+	<target host="mail.ins.jku.at" />
+
+	<!-- misc -->
+	<target host="usi.jku.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JobCloud.ch.xml b/src/chrome/content/rules/JobCloud.ch.xml
new file mode 100644
index 000000000000..0174bab69b06
--- /dev/null
+++ b/src/chrome/content/rules/JobCloud.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Different content:
+		- cdn.jobcloud.ch
+-->
+<ruleset name="JobCloud.ch">
+	<target host="jobcloud.ch" />
+	<target host="www.jobcloud.ch" />
+	<target host="confluence.jobcloud.ch" />
+	<target host="test.confluence.jobcloud.ch" />
+	<target host="img.jobcloud.ch" />
+	<target host="jira.jobcloud.ch" />
+	<target host="test.jira.jobcloud.ch" />
+	<target host="timetracker.jobcloud.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Job_a_matic.com.xml b/src/chrome/content/rules/Job_a_matic.com.xml
index d81958f5121d..083a6f006412 100644
--- a/src/chrome/content/rules/Job_a_matic.com.xml
+++ b/src/chrome/content/rules/Job_a_matic.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://jobamatic.com/ => https://jobamatic.com/: (7, 'Failed to con
 	* Secured by us
 
 -->
-<ruleset name="Job a matic.com" default_off='failed ruleset test'>
+<ruleset name="Job a matic.com" default_off="failed ruleset test">
 
 	<target host="jobamatic.com"/>
 	<target host="*.jobamatic.com"/>
diff --git a/src/chrome/content/rules/Jobs2Web.xml b/src/chrome/content/rules/Jobs2Web.xml
index 6ba13be9711b..dbbf9f1a29c5 100644
--- a/src/chrome/content/rules/Jobs2Web.xml
+++ b/src/chrome/content/rules/Jobs2Web.xml
@@ -14,13 +14,13 @@ Fetch error: http://jobs2web.com/ => https://jobs2web.com/: (51, "SSL: no altern
 			- \w+		(per-client subdomains)
 
 -->
-<ruleset name="Jobs2Web" default_off='failed ruleset test'>
+<ruleset name="Jobs2Web" default_off="failed ruleset test">
 
 	<target host="jobs2web.com" />
 	<target host="*.jobs2web.com" />
 
 
-	<securecookie host="^(?:.*\.)?jobs2web\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?jobs2web\.com/"
diff --git a/src/chrome/content/rules/JobsDB.com.xml b/src/chrome/content/rules/JobsDB.com.xml
new file mode 100644
index 000000000000..613ab7f7242b
--- /dev/null
+++ b/src/chrome/content/rules/JobsDB.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="JobsDB.com">
+	<target host="jobsdb.com" />
+	<target host="www.jobsdb.com" />
+	<target host="employer-sg.jobsdb.com" />
+	<target host="hk.jobsdb.com" />
+	<target host="id.jobsdb.com" />
+	<target host="m.jobsdb.com" />
+	<target host="rms.jobsdb.com" />
+	<target host="sg.jobsdb.com" />
+	<target host="th.jobsdb.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jobsgopublic.com.xml b/src/chrome/content/rules/Jobsgopublic.com.xml
index 9dc71c6a4781..becaf5d906e6 100644
--- a/src/chrome/content/rules/Jobsgopublic.com.xml
+++ b/src/chrome/content/rules/Jobsgopublic.com.xml
@@ -18,10 +18,11 @@
 <ruleset name="jobsgopublic.com (partial)">
 
 	<target host="jobsgopublic.com" />
-	<target host="*.jobsgopublic.com" />
+	<target host="poweredby.jobsgopublic.com" />
+	<target host="www.jobsgopublic.com" />
 
 
 	<rule from="^http://(poweredby\.|www\.)?jobsgopublic\.com/(account(?:$|\?|/)|assets/|icons/|javascripts/|sites/)"
 		to="https://$1jobsgopublic.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jobsite.com.xml b/src/chrome/content/rules/Jobsite.com.xml
index 6ed7d83f8fc5..6ba2be5ba66f 100644
--- a/src/chrome/content/rules/Jobsite.com.xml
+++ b/src/chrome/content/rules/Jobsite.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://jobsite.com/ => https://jobsite.com/: (51, "SSL: no alternat
 Fetch error: http://www.jobsite.com/ => https://www.jobsite.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.jobsite.com'")
 
 -->
-<ruleset name="Jobsite.com" default_off='failed ruleset test'>
+<ruleset name="Jobsite.com" default_off="failed ruleset test">
 
 	<target host="jobsite.com" />
 	<target host="www.jobsite.com" />
@@ -13,4 +13,4 @@ Fetch error: http://www.jobsite.com/ => https://www.jobsite.com/: (51, "SSL: no
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jobvite.xml b/src/chrome/content/rules/Jobvite.xml
index ca3b8378495b..85dea3f4d7b0 100644
--- a/src/chrome/content/rules/Jobvite.xml
+++ b/src/chrome/content/rules/Jobvite.xml
@@ -1,15 +1,13 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://web.jobvite.com/css/mktLPSupportCompat.css (200) => https://na-aba.marketo.com/css/mktLPSupportCompat.css (403)
-Non-2xx HTTP code: http://web.jobvite.com/rs/jobvite/images/jobvite-logo-gunmetal.png (200) => https://na-aba.marketo.com/rs/jobvite/images/jobvite-logo-gunmetal.png (403)
 
 	Nonfunctional subdomains:
 
+		- blog *
 		- web ³
 
-	³ Marketo / shows another domain
-
+	³ Certificate for Marketo, 403 errors
+	* Certificate expired
 
 	Insecure cookies are set for these domains:
 
@@ -35,14 +33,13 @@ Non-2xx HTTP code: http://web.jobvite.com/rs/jobvite/images/jobvite-logo-gunmeta
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Jobvite (partial)" default_off='failed ruleset test'>
+<ruleset name="Jobvite (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="jobvite.com" />
 	<target host="app.jobvite.com" />
 	<target host="app-stg.jobvite.com" />
-	<target host="blog.jobvite.com" />
 	<target host="careers.jobvite.com" />
 	<target host="hire.jobvite.com" />
 	<target host="hire-stg.jobvite.com" />
@@ -73,24 +70,6 @@ Non-2xx HTTP code: http://web.jobvite.com/rs/jobvite/images/jobvite-logo-gunmeta
 			<test url="http://app.jobvite.com/admin/info/timeout.html" />
 			<test url="http://app.jobvite.com/TalentNetwork/action/campaign/w/MjUzODA" />
 
-	<!--	Complications:
-				-->
-	<target host="web.jobvite.com" />
-
-		<exclusion pattern="^http://web\.jobvite\.com/(?!css/|images/|rs/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://web.jobvite.com/Q315_Website_Demo_LP.html" />
-			<test url="http://web.jobvite.com/Q315_Website_FreeTrial_LP.html" />
-			<test url="http://web.jobvite.com/Q415_Website_ProductTour_Platform_LP.html" />
-
-			<!--	+ve:
-					-->
-			<test url="http://web.jobvite.com/css/mktLPSupportCompat.css" />
-			<test url="http://web.jobvite.com/rs/jobvite/images/jobvite-logo-gunmetal.png" />
-
-
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^(?:app\.)?jobvite\.com$" name="(?:^ADRUM_BT[a1]|AWSELB|ASP\.NET_SessionId)$" /-->
@@ -102,9 +81,6 @@ Non-2xx HTTP code: http://web.jobvite.com/rs/jobvite/images/jobvite-logo-gunmeta
 	<securecookie host="^(?!web\.)\w" name=".+" />
 
 
-	<rule from="^http://web\.jobvite\.com/"
-		to="https://na-aba.marketo.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Jobzonen.xml b/src/chrome/content/rules/Jobzonen.xml
index 40e9fced6ce1..60faf01c6df8 100644
--- a/src/chrome/content/rules/Jobzonen.xml
+++ b/src/chrome/content/rules/Jobzonen.xml
@@ -7,7 +7,7 @@ Fetch error: http://arbejdsgiver.jobzonen.dk/ => https://arbejdsgiver.jobzonen.d
 
 	Note: https://jobzonen.dk (without the www) redirects to its http counterpart.
 
-	Not included:	
+	Not included:
 		kursuszonen.dk (cert expired)
 		analytics.clickdimensions.com/ (used for newsletter)¹
 		business.jobzonen.dk (bad cert)
@@ -16,7 +16,7 @@ Fetch error: http://arbejdsgiver.jobzonen.dk/ => https://arbejdsgiver.jobzonen.d
            fails as mixed content. Interestingly, the same problem does not
 	   occur on arbejdsgiver.jobzonen.dk.
 -->
-<ruleset name="Jobzonen (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Jobzonen (partial)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="jobzonen.dk" />
 	<target host="www.jobzonen.dk" />
 	<target host="arbejdsgiver.jobzonen.dk" />
diff --git a/src/chrome/content/rules/JodoHost.xml b/src/chrome/content/rules/JodoHost.xml
index cf4f2cbd815f..70b490782779 100644
--- a/src/chrome/content/rules/JodoHost.xml
+++ b/src/chrome/content/rules/JodoHost.xml
@@ -7,7 +7,8 @@
 <ruleset name="JodoHost (partial)">
 
 	<target host="cp.gohsphere.com" />
-	<target host="*.jodohost.com" />
+	<target host="support.jodohost.com" />
+	<target host="www.support.jodohost.com" />
 	<target host="lcsrv1.myhsphere.biz" />
 
 
@@ -15,13 +16,6 @@
 	<securecookie host="^lcsrv1\.myhsphere\.biz$" name=".+" />
 
 
-	<rule from="^http://cp\.gohsphere\.com/"
-		to="https://cp.gohsphere.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(www\.)?support\.jodohost\.com/"
-		to="https://$1support.jodohost.com/" />
-
-	<rule from="^http://lcsrv1\.myhsphere\.biz/"
-		to="https://lcsrv1.myhsphere.biz/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JoeRockHeads.com.xml b/src/chrome/content/rules/JoeRockHeads.com.xml
new file mode 100644
index 000000000000..d24941e26861
--- /dev/null
+++ b/src/chrome/content/rules/JoeRockHeads.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="JoeRockHeads.com">
+	<target host="joerockheads.com" />
+	<target host="www.joerockheads.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JoeyH.name.xml b/src/chrome/content/rules/JoeyH.name.xml
index b04da5c99ece..7809cc304e6a 100644
--- a/src/chrome/content/rules/JoeyH.name.xml
+++ b/src/chrome/content/rules/JoeyH.name.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Johnson-King.xml b/src/chrome/content/rules/Johnson-King.xml
index a9566f31259c..4aa99a68638d 100644
--- a/src/chrome/content/rules/Johnson-King.xml
+++ b/src/chrome/content/rules/Johnson-King.xml
@@ -2,9 +2,9 @@
 
 	<!--	hostcentric.com	-->
 	<target host="johnsonking.com"/>
-	<target host="*.johnsonking.com"/>
+	<target host="www.johnsonking.com" />
 
-	<securecookie host="^(?:.*\.)?johnsonking\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?johnsonking\.com/"
 		to="https://www.johnsonking.com/"/>
diff --git a/src/chrome/content/rules/Johnson_Press.xml b/src/chrome/content/rules/Johnson_Press.xml
index 203ed8551aab..8eb6fcfd3193 100644
--- a/src/chrome/content/rules/Johnson_Press.xml
+++ b/src/chrome/content/rules/Johnson_Press.xml
@@ -12,7 +12,7 @@ Fetch error: http://remote.jpress.co.uk/ => https://remote.jpress.co.uk/: (28, '
 		- www.johnstonpress.co.uk	(refused)
 
 -->
-<ruleset name="Johnson Press (partial)" default_off='failed ruleset test'>
+<ruleset name="Johnson Press (partial)" default_off="failed ruleset test">
 
 	<target host="secure.johnstonpress.co.uk" />
 	<target host="remote.jpress.co.uk" />
@@ -23,4 +23,4 @@ Fetch error: http://remote.jpress.co.uk/ => https://remote.jpress.co.uk/: (28, '
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Johoobuy.com.xml b/src/chrome/content/rules/Johoobuy.com.xml
index 884131f303cc..a807d7fc0859 100644
--- a/src/chrome/content/rules/Johoobuy.com.xml
+++ b/src/chrome/content/rules/Johoobuy.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.johoobuy.com/ => https://www.johoobuy.com/: (28, 'Connec
 	^: dropped
 
 -->
-<ruleset name="Johoobuy.com" default_off='failed ruleset test'>
+<ruleset name="Johoobuy.com" default_off="failed ruleset test">
 
 	<target host="johoobuy.com" />
 	<target host="www.johoobuy.com" />
diff --git a/src/chrome/content/rules/Joico.com.xml b/src/chrome/content/rules/Joico.com.xml
new file mode 100644
index 000000000000..f361ddfd4745
--- /dev/null
+++ b/src/chrome/content/rules/Joico.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		- m.joico.com
+		- moblie.joico.com
+-->
+
+<ruleset name="Joico.com">
+	<target host="joico.com" />
+	<target host="www.joico.com" />
+	<target host="healthyhair.joico.com" />
+	<target host="hub.joico.com" />
+	<target host="imagequest.joico.com" />
+	<target host="mail.joico.com" />
+	<target host="rewards.joico.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JoinMastodon.org.xml b/src/chrome/content/rules/JoinMastodon.org.xml
index 379444198577..bd405f3c8cb8 100644
--- a/src/chrome/content/rules/JoinMastodon.org.xml
+++ b/src/chrome/content/rules/JoinMastodon.org.xml
@@ -1,6 +1,7 @@
 <ruleset name="JoinMastodon.org">
 	<target host="joinmastodon.org" />
 	<target host="www.joinmastodon.org" />
+	<target host="blog.joinmastodon.org" />
 	<target host="bridge.joinmastodon.org" />
 	<target host="discourse.joinmastodon.org" />
 
diff --git a/src/chrome/content/rules/JoinUs.Today.xml b/src/chrome/content/rules/JoinUs.Today.xml
index e069a80fbf70..ecab144ff789 100644
--- a/src/chrome/content/rules/JoinUs.Today.xml
+++ b/src/chrome/content/rules/JoinUs.Today.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.joinus.today/ => https://www.joinus.today/: (60, 'SSL ce
 	For other TransIP coverage, see TransIP.nl.xml.
 
 -->
-<ruleset name="JoinUs.Today" default_off='failed ruleset test'>
+<ruleset name="JoinUs.Today" default_off="failed ruleset test">
 
 	<target host="joinus.today" />
 	<target host="www.joinus.today" />
diff --git a/src/chrome/content/rules/Joinos.com.xml b/src/chrome/content/rules/Joinos.com.xml
index cd7cb670d6b4..19c425800053 100644
--- a/src/chrome/content/rules/Joinos.com.xml
+++ b/src/chrome/content/rules/Joinos.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://joinos.com/ => https://joinos.com/: (7, 'Failed to connect t
 		- pay.joinos.com
 
 -->
-<ruleset name="Joinos.com" default_off='failed ruleset test'>
+<ruleset name="Joinos.com" default_off="failed ruleset test">
 
 	<target host="joinos.com" />
 	<target host="my.joinos.com" />
diff --git a/src/chrome/content/rules/JonDos.xml b/src/chrome/content/rules/JonDos.xml
index e3456d185807..01d6d2894af8 100644
--- a/src/chrome/content/rules/JonDos.xml
+++ b/src/chrome/content/rules/JonDos.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.jondos.org/ => https://www.jondos.org/: (7, 'Failed to c
 		- IP_check.xml
 
 -->
-<ruleset name="JonDos" default_off='failed ruleset test'>
+<ruleset name="JonDos" default_off="failed ruleset test">
 
 	<target host="anonymous-proxy-servers.net"/>
 	<target host="*.anonymous-proxy-servers.net"/>
diff --git a/src/chrome/content/rules/Joomag.com.xml b/src/chrome/content/rules/Joomag.com.xml
index 9248d424dd63..7906ae8c1d19 100644
--- a/src/chrome/content/rules/Joomag.com.xml
+++ b/src/chrome/content/rules/Joomag.com.xml
@@ -18,7 +18,9 @@
 <ruleset name="Joomag.com (partial)">
 
 	<target host="joomag.com" />
-	<target host="*.joomag.com" />
+	<target host="s1.joomag.com" />
+	<target host="www.joomag.com" />
+	<target host="static.joomag.com" />
 
 
 	<!--	Not secured by server:
@@ -28,10 +30,9 @@
 	<securecookie host="^\.joomag\.com$" name=".+" />
 
 
-	<rule from="^http://(s1\.|www\.)?joomag\.com/"
-		to="https://$1joomag.com/" />
 
 	<rule from="^http://static\.joomag\.com/"
 		to="https://d25ow0ysq5ykrj.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JoomlArt.com.xml b/src/chrome/content/rules/JoomlArt.com.xml
index d820638b25e2..0cfc9664ec1d 100644
--- a/src/chrome/content/rules/JoomlArt.com.xml
+++ b/src/chrome/content/rules/JoomlArt.com.xml
@@ -15,11 +15,12 @@
 <ruleset name="JoomlArt.com (partial)">
 
 	<target host="joomlart.com" />
-	<target host="*.joomlart.com" />
+	<target host="asset.joomlart.com" />
+	<target host="www.joomlart.com" />
 		<exclusion pattern="^http://(?:www\.)?joomlart\.com/(?!favicon\.ico|images/|media/|member(?:$|[?/])|modules/|plugins/|t3-assets/|templates/)" />
 
 
 	<rule from="^http://(?:asset\.|(www\.))?joomlart\.com/"
 		to="https://$1joomlart.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/JoomlaCode.org.xml b/src/chrome/content/rules/JoomlaCode.org.xml
index 9e7b1133a332..6828e8486f88 100644
--- a/src/chrome/content/rules/JoomlaCode.org.xml
+++ b/src/chrome/content/rules/JoomlaCode.org.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(?:www\.)?joomlacode\.org/"
 		to="https://joomlacode.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Joomlancers.com.xml b/src/chrome/content/rules/Joomlancers.com.xml
index d819b250d474..eb7a00479f7a 100644
--- a/src/chrome/content/rules/Joomlancers.com.xml
+++ b/src/chrome/content/rules/Joomlancers.com.xml
@@ -1,18 +1,11 @@
 <!--
-	- Expired 2011-02-23
-	- CN: localhost.localdomain
-
+	Time out:
+		dev.joomlancers.com
 -->
-<ruleset name="Joomlancers.com" default_off="expired, self-signed">
-
+<ruleset name="joomlancers.com">
 	<target host="joomlancers.com" />
 	<target host="www.joomlancers.com" />
+	<target host="blog.joomlancers.com" />
 
-
-	<securecookie host="^www\.joomlancers\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?joomlancers\.com/"
-		to="https://www.joomlancers.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml b/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml
index d1aaccb282a9..9b79fcd70d02 100644
--- a/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml
+++ b/src/chrome/content/rules/Joseph-Rowntree-Reform-Trust-mismatches.xml
@@ -9,7 +9,7 @@
 	<!--
 		* for secure cookie and also to avoid duplicate host warning.
 						-->
-	<target host="*.jrrt.org.uk" />
+	<target host="www.jrrt.org.uk" />
 		<!--
 			Handled in Joseph-Rowntree-Reform-Trust.xml.
 					-->
diff --git a/src/chrome/content/rules/JotForm.xml b/src/chrome/content/rules/JotForm.xml
index 3417b200e423..4894bbc21c5f 100644
--- a/src/chrome/content/rules/JotForm.xml
+++ b/src/chrome/content/rules/JotForm.xml
@@ -21,9 +21,10 @@
 
 	<target host="max.jotfor.ms" />
 	<target host="jotform.com" />
-	<target host="*.jotform.com" />
+	<target host="www.jotform.com" />
 	<target host="jotformpro.com" />
-	<target host="*.jotformpro.com" />
+	<target host="secure.jotformpro.com" />
+	<target host="www.jotformpro.com" />
 
 
 	<securecookie host="^(?:w*\.)?jotform\.com$" name=".+" />
@@ -38,7 +39,6 @@
 	<rule from="^http://(?:www\.)?jotform\.com/"
 		to="https://www.jotform.com/" />
 
-	<rule from="^http://(secure\.|www\.)?jotformpro\.com/"
-		to="https://$1jotformpro.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jottit.com.xml b/src/chrome/content/rules/Jottit.com.xml
deleted file mode 100644
index 69bb06ea137f..000000000000
--- a/src/chrome/content/rules/Jottit.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Invalid certificate:
-		jottit.com
-
-	Users create their own subdomain.
-
--->
-<ruleset name="Jottit">
-	
-	<target host="jottit.com" />
-	<target host="*.jottit.com" />
-		<test url="http://testurl1.jottit.com/" />
-		<test url="http://testurl2.jottit.com/" />
-		<test url="http://testurl3.jottit.com/" />
-		<test url="http://testurl4.jottit.com/" />
-
-	<rule from="^http://jottit\.com/" to="https://www.jottit.com/" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Journal-News.net-problematic.xml b/src/chrome/content/rules/Journal-News.net-problematic.xml
index e905b84e6517..b98c63abf68b 100644
--- a/src/chrome/content/rules/Journal-News.net-problematic.xml
+++ b/src/chrome/content/rules/Journal-News.net-problematic.xml
@@ -4,13 +4,13 @@
 -->
 <ruleset name="Journal-News.net (mismatched)" default_off="mismatched">
 
-	<target host="*.journal-news.net" />
+	<target host="cu.journal-news.net" />
+	<target host="mobile.journal-news.net" />
 
 
 	<securecookie host="^mobile\.journal-news\.net$" name=".+" />
 
 
-	<rule from="^http://(cu|mobile)\.journal-news\.net/"
-		to="https://$1.journal-news.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml b/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml
index 761fe96720c4..69f69e4138a8 100644
--- a/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml
+++ b/src/chrome/content/rules/Journal-of-Bodywork-and-Movement-Therapies.xml
@@ -7,7 +7,7 @@
 	<!--	Cert: secure.elsivierhealth.com	-->
 	<target host="bodyworkmovementtherapies.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.bodyworkmovementtherapies.com" />
+	<target host="www.bodyworkmovementtherapies.com" />
 
 
 	<securecookie host="\.bodyworkmovementtherapies\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Journal_of_Affective_Disorders.xml b/src/chrome/content/rules/Journal_of_Affective_Disorders.xml
index 3abbcb6c8f52..589d22f0425d 100644
--- a/src/chrome/content/rules/Journal_of_Affective_Disorders.xml
+++ b/src/chrome/content/rules/Journal_of_Affective_Disorders.xml
@@ -7,7 +7,7 @@
 <ruleset name="Journal of Affective Disorders" default_off="mismatched">
 
 	<target host="jad-journal.com" />
-	<target host="*.jad-journal.com" />
+	<target host="www.jad-journal.com" />
 
 
 	<securecookie host="^\.jad-journal\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml b/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml
index 68b285d47eb5..8d6a27e5f3ee 100644
--- a/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml
+++ b/src/chrome/content/rules/Journal_of_Clinical_Investigation.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Journeyed.com.xml b/src/chrome/content/rules/Journeyed.com.xml
index 84847cb62e1a..353c3f723689 100644
--- a/src/chrome/content/rules/Journeyed.com.xml
+++ b/src/chrome/content/rules/Journeyed.com.xml
@@ -1,7 +1,22 @@
-<ruleset name="Journeyed">
-  <target host="www.journeyed.com"/>
-  <target host="journeyed.com"/>
+<!--
+	Invalid certificate:
+		journey.journeyed.com
+		marketing.journeyed.com
+		pixar.journeyed.com
+
+-->
+<ruleset name="Journeyed.com">
+
+	<target host="journeyed.com" />
+	<target host="www.journeyed.com" />
+	<target host="efollett.journeyed.com" />
+	<target host="fairfax.journeyed.com" />
+	<target host="headphones.journeyed.com" />
+	<target host="k12.journeyed.com" />
+	<target host="schools.journeyed.com" />
+	<target host="static.journeyed.com" />
+	<target host="usaf.journeyed.com" />
+
+	<rule from="^http:" to="https:" />
 
-  <rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/Joyent_Cloud.com.xml b/src/chrome/content/rules/Joyent_Cloud.com.xml
index e60a574894e3..82a0c5671e01 100644
--- a/src/chrome/content/rules/Joyent_Cloud.com.xml
+++ b/src/chrome/content/rules/Joyent_Cloud.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://my.joyentcloud.com/ => https://my.joyentcloud.com/: (60, 'SS
 	* Mismatched
 
 -->
-<ruleset name="Joyent Cloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Joyent Cloud.com (partial)" default_off="failed ruleset test">
 
 	<target host="*.joyentcloud.com"/>
 
diff --git a/src/chrome/content/rules/Jsclasses.org.xml b/src/chrome/content/rules/Jsclasses.org.xml
index 6afaa57ecf4a..eb0c58c6ddbb 100644
--- a/src/chrome/content/rules/Jsclasses.org.xml
+++ b/src/chrome/content/rules/Jsclasses.org.xml
@@ -7,7 +7,7 @@ safe.jsclasses.net mismatch-->
 	<target host="www.jsclasses.org" />
 	<target host="jsclasses.net" />
 	<target host="www.jsclasses.net" />
-	
+
 	<rule from="^http://(www\.)?jsclasses\.net/"
 		to="https://$1jsclasses.org/" />
 
diff --git a/src/chrome/content/rules/Jtlebi.fr.xml b/src/chrome/content/rules/Jtlebi.fr.xml
deleted file mode 100644
index 4350a61043a9..000000000000
--- a/src/chrome/content/rules/Jtlebi.fr.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Invalid certificate:
-		jtlebi.fr
-		core2.jtlebi.fr
-		home.jtlebi.fr
-
-	All subdomains redirect to https://blog.yadutaf.fr/
-
--->
-<ruleset name="jtlebi.fr">
-
-	<target host="jtlebi.fr" />
-	<target host="www.jtlebi.fr" />
-	<target host="blog.jtlebi.fr" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://jtlebi\.fr/"
-		to="https://www.jtlebi.fr/" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jubii.dk.xml b/src/chrome/content/rules/Jubii.dk.xml
index 0dd2641bba81..a64b79f7316c 100644
--- a/src/chrome/content/rules/Jubii.dk.xml
+++ b/src/chrome/content/rules/Jubii.dk.xml
@@ -46,7 +46,8 @@
 -->
 <ruleset name="Jubii.dk (partial)">
 
-	<target host="*.jubii.dk" />
+	<target host="konto.jubii.dk" />
+	<target host="support.jubii.dk" />
 
 
 	<rule from="^http://konto\.jubii\.dk/"
diff --git a/src/chrome/content/rules/Judici.xml b/src/chrome/content/rules/Judici.xml
index 1ba8e5554ffe..cd168a41ac93 100644
--- a/src/chrome/content/rules/Judici.xml
+++ b/src/chrome/content/rules/Judici.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Judicial_Watch.xml b/src/chrome/content/rules/Judicial_Watch.xml
index 195426a2d04b..fff0bb6eb5f0 100644
--- a/src/chrome/content/rules/Judicial_Watch.xml
+++ b/src/chrome/content/rules/Judicial_Watch.xml
@@ -5,7 +5,7 @@ Fetch error: http://judicialwatch.org/ => https://judicialwatch.org/: Too many r
 Fetch error: http://www.judicialwatch.org/ => https://www.judicialwatch.org/: Too many redirects while fetching 'https://www.judicialwatch.org/'
 
 -->
-<ruleset name="Judicial Watch" default_off='failed ruleset test'>
+<ruleset name="Judicial Watch" default_off="failed ruleset test">
 
 	<target host="judicialwatch.org" />
 	<target host="www.judicialwatch.org" />
@@ -16,4 +16,4 @@ Fetch error: http://www.judicialwatch.org/ => https://www.judicialwatch.org/: To
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Jugendaemter.com.xml b/src/chrome/content/rules/Jugendaemter.com.xml
new file mode 100644
index 000000000000..5844a7afafb5
--- /dev/null
+++ b/src/chrome/content/rules/Jugendaemter.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Jugendaemter.com">
+
+	<target host="jugendaemter.com" />
+	<target host="www.jugendaemter.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Jugendschutzprogramm.de.xml b/src/chrome/content/rules/Jugendschutzprogramm.de.xml
index 5813fc95670e..08a8e4e40f12 100644
--- a/src/chrome/content/rules/Jugendschutzprogramm.de.xml
+++ b/src/chrome/content/rules/Jugendschutzprogramm.de.xml
@@ -1,5 +1,5 @@
 <ruleset name="Jugendschutzprogramm.de">
 <target host="www.jugendschutzprogramm.de" />
-	
+
 <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Jugger.ru.xml b/src/chrome/content/rules/Jugger.ru.xml
index d7cf8cd1b914..25461aa9ec05 100644
--- a/src/chrome/content/rules/Jugger.ru.xml
+++ b/src/chrome/content/rules/Jugger.ru.xml
@@ -22,7 +22,9 @@
 <ruleset name="Jugger.ru">
 
 	<target host="jugger.ru" />
-	<target host="*.jugger.ru" />
+	<target host="s1.jugger.ru" />
+	<target host="s2.jugger.ru" />
+	<target host="www.jugger.ru" />
 
 
 	<!--	Not secured by server:
@@ -33,7 +35,6 @@
 
 
 
-	<rule from="^http://(s[12]\.|www\.)?jugger\.ru/"
-		to="https://$1jugger.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/JuicyCanvas.xml b/src/chrome/content/rules/JuicyCanvas.xml
index b940433f90ac..d6129f6ccd85 100644
--- a/src/chrome/content/rules/JuicyCanvas.xml
+++ b/src/chrome/content/rules/JuicyCanvas.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://www.juicycanvas.com/ (200) => https://www.juicycanvas.com/ (526)
 
 -->
-<ruleset name="JuicyCanvas.com" default_off='failed ruleset test'>
+<ruleset name="JuicyCanvas.com" default_off="failed ruleset test">
 
 	<target host="juicycanvas.com" />
 	<target host="www.juicycanvas.com" />
diff --git a/src/chrome/content/rules/Juliar.xml b/src/chrome/content/rules/Juliar.xml
index 415fadd779e6..6a9311a72c6d 100644
--- a/src/chrome/content/rules/Juliar.xml
+++ b/src/chrome/content/rules/Juliar.xml
@@ -2,7 +2,7 @@
 	<target host="juliar.org" />
 	<target host="ai.juliar.org" />
 	<target host="sec.juliar.org" />
-	
+
 	<rule from="^http:" to="https:"/>
 	<securecookie host="^juliar\.org$" name=".+" />
- </ruleset>
\ No newline at end of file
+ </ruleset>
diff --git a/src/chrome/content/rules/Jumio.xml b/src/chrome/content/rules/Jumio.xml
index 52f5e7adb31c..1392cd3a49f9 100644
--- a/src/chrome/content/rules/Jumio.xml
+++ b/src/chrome/content/rules/Jumio.xml
@@ -17,12 +17,16 @@ Fetch error: http://netswipe.com/ => https://netswipe.com/: Cycle detected - URL
 		- (www.)jumio.com
 
 -->
-<ruleset name="Jumio" default_off='failed ruleset test'>
+<ruleset name="Jumio" default_off="failed ruleset test">
 
 	<target host="jumio.com" />
-	<target host="*.jumio.com" />
+	<target host="www.jumio.com" />
+	<target host="pay.jumio.com" />
+	<target host="static.jumio.com" />
 	<target host="netswipe.com" />
-	<target host="*.netswipe.com" />
+	<target host="www.netswipe.com" />
+	<target host="pay.netswipe.com" />
+	<target host="static.netswipe.com" />
 
 
 	<securecookie host="^(?:.+\.)?(?:jumio|netswipe)\.com$" name=".+" />
@@ -31,7 +35,6 @@ Fetch error: http://netswipe.com/ => https://netswipe.com/: Cycle detected - URL
 	<rule from="^http://(?:www\.)?(?:jumio|netswipe)\.com/"
 		to="https://netswipe.com/" />
 
-	<rule from="^http://(pay|static)\.(jumio|netswipe)\.com/"
-		to="https://$1.$2.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/JumpingJack.xml b/src/chrome/content/rules/JumpingJack.xml
index 5f4c60aea024..e9c34f5b5269 100644
--- a/src/chrome/content/rules/JumpingJack.xml
+++ b/src/chrome/content/rules/JumpingJack.xml
@@ -6,20 +6,17 @@ Fetch error: http://images.jitsmart.com/ => https://images.jitsmart.com/: (6, 'C
 Disabled by https-everywhere-checker because:
 Fetch error: http://images.jitsmart.com/ => https://images.jitsmart.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="JumpingJack" default_off='failed ruleset test'>
+<ruleset name="JumpingJack" default_off="failed ruleset test">
 
 	<target host="images.jitsmart.com" />
 	<target host="jumpingjack.com" />
-	<target host="*.jumpingjack.com" />
+	<target host="media.jumpingjack.com" />
+	<target host="www.jumpingjack.com" />
 
 
 	<securecookie host="^jumpingjack\.com$" name=".+" />
 
 
-	<rule from="^http://images\.jitsmart\.com/"
-		to="https://images.jitsmart.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(media\.|www\.)?jumpingjack\.com/"
-		to="https://$1jumpingjack.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Junge-Piraten.de.xml b/src/chrome/content/rules/Junge-Piraten.de.xml
index 15e3100b3e61..9f44d9f1bdd0 100644
--- a/src/chrome/content/rules/Junge-Piraten.de.xml
+++ b/src/chrome/content/rules/Junge-Piraten.de.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.junge-piraten.de/ => https://www.junge-piraten.de/: (51,
 	For other Pirate Party coverage, see PirateParty.xml.
 
 -->
-<ruleset name="Junge-Piraten.de" default_off='failed ruleset test'>
+<ruleset name="Junge-Piraten.de" default_off="failed ruleset test">
 
 	<target host="junge-piraten.de" />
 	<target host="forum.junge-piraten.de" />
diff --git a/src/chrome/content/rules/Junglee.com.xml b/src/chrome/content/rules/Junglee.com.xml
deleted file mode 100644
index 725f2a1f2249..000000000000
--- a/src/chrome/content/rules/Junglee.com.xml
+++ /dev/null
@@ -1,64 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	Fully covered hosts in *junglee.com:
-
-		- blog
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .junglee.com
-		- www.junglee.com
-
-
-	Mixed content:
-
-		- Images on blog from cdn.amazonblogs.com *
-
-	* Secured by us
-
--->
-<ruleset name="Junglee.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="junglee.com" />
-	<target host="blog.junglee.com" />
-	<target host="www.junglee.com" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.junglee\.com/((\d+-){3}$|b/|dp/|post-your-ad$|s/)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.junglee\.com/+(?!favicon\.ico|mn/search/uedata/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.junglee.com/b/804191031" />
-			<test url="http://www.junglee.com/dp/B00I4591WG" />
-			<test url="http://www.junglee.com/f/1000799023" />
-			<test url="http://www.junglee.com/post-your-ad" />
-			<test url="http://www.junglee.com/reviews/B000RVX0V8" />
-			<test url="http://www.junglee.com/seller/A2WLZ68OJYV8MM" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.junglee.com/favicon.ico" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.junglee\.com$" name="^(cpa-blogs-session-id|cpa-blogs-session-id-time|cpa-blogs-ubid-main|session-id|session-id-time|ubid-acbin)$" /-->
-	<!--securecookie host="^www\.junglee\.com$" name="^junglee_visited$" /-->
-
-	<securecookie host="^\.junglee\.com$" name="^cpa-blogs-(?:session-id|session-id-time|ubid-main)$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Juniper-Research.xml b/src/chrome/content/rules/Juniper-Research.xml
index 5fe5f868ed9a..8b73c78ffca4 100644
--- a/src/chrome/content/rules/Juniper-Research.xml
+++ b/src/chrome/content/rules/Juniper-Research.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://juniperresearch.com/ => https://junipersearch.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.juniperresearch.com/ => https://www.junipersearch.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Juniper Research" default_off='failed ruleset test'>
+<ruleset name="Juniper Research" default_off="failed ruleset test">
 
 	<target host="juniperresearch.com" />
 	<target host="www.juniperresearch.com" />
diff --git a/src/chrome/content/rules/Junkudo.xml b/src/chrome/content/rules/Junkudo.xml
new file mode 100644
index 000000000000..8d5b90771d37
--- /dev/null
+++ b/src/chrome/content/rules/Junkudo.xml
@@ -0,0 +1,6 @@
+<ruleset name="JUNKUDO">
+    <target host="junkudo.co.jp" />
+    <target host="www.junkudo.co.jp" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JunoDownload.xml b/src/chrome/content/rules/JunoDownload.xml
deleted file mode 100644
index 06ddb8653e65..000000000000
--- a/src/chrome/content/rules/JunoDownload.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://secure.junodownload.com/ => https://secure.junodownload.com/: (28, 'Connection timed out after 10000 milliseconds')
--->
-<ruleset name="JunoDownload">
-  <target host="junodownload.com" />
-  <target host="www.junodownload.com" />
-  <target host="secure.junodownload.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.junodownload\.com$" name="^PHPSESSID$" /-->
-
-
-  <rule from="^http://(?:www\.)?junodownload\.com/" to="https://www.junodownload.com/" />
-  <rule from="^http://secure\.junodownload\.com/" to="https://secure.junodownload.com/" />
-  <!-- Juno Player -->
-  <exclusion pattern="^http://www\.junodownload\.com/crossdomain\.xml$" />
-  <exclusion pattern="^http://www\.junodownload\.com/api/.+/track/dostream" />
-  <!-- Juno Plus -->
-  <exclusion pattern="^http://(?:www\.)?junodownload\.com/plus/" />
-  <!-- Juno searches -->
-  <exclusion pattern="^http://(?:www\.)?junodownload\.com/search/" />
-</ruleset>
diff --git a/src/chrome/content/rules/JunoRecords.xml b/src/chrome/content/rules/JunoRecords.xml
deleted file mode 100644
index 2abc7adcd2b5..000000000000
--- a/src/chrome/content/rules/JunoRecords.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<ruleset name="JunoRecords">
-
-	<target host="juno.co.uk" />
-	<target host="*.juno.co.uk" />
-		<!--
-			Juno Player
-					-->
-		<exclusion pattern="^http://www\.juno\.co\.uk/crossdomain\.xml$" />
-	<target host="junostatic.com" />
-	<target host="*.junostatic.com" />
-
-
-	<rule from="^http://(www\.|secure\.)?juno\.co\.uk/"
-		to="https://$1juno.co.uk/" />
-
-	<rule from="^http://(?:www\.)?junostatic\.com/"
-		to="https://static.juno.co.uk/" />
-
-	<rule from="^http://(?:image|cm)s\.junostatic\.com/"
-		to="https://images.juno.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Jupiter_Artland.org.xml b/src/chrome/content/rules/Jupiter_Artland.org.xml
index ac84e9a925e9..01e428651611 100644
--- a/src/chrome/content/rules/Jupiter_Artland.org.xml
+++ b/src/chrome/content/rules/Jupiter_Artland.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://jupiterartland.org/ (200) => https://jupiterartland.org/ (404)
 
 -->
-<ruleset name="Jupiter Artland.org" default_off='failed ruleset test'>
+<ruleset name="Jupiter Artland.org" default_off="failed ruleset test">
 
 	<target host="jupiterartland.org" />
 	<target host="www.jupiterartland.org" />
diff --git a/src/chrome/content/rules/Jussieu.fr.xml b/src/chrome/content/rules/Jussieu.fr.xml
index 73bd1921a59f..bf617f9e9ab5 100644
--- a/src/chrome/content/rules/Jussieu.fr.xml
+++ b/src/chrome/content/rules/Jussieu.fr.xml
@@ -30,7 +30,7 @@ Fetch error: http://forge.ipsl.jussieu.fr/ => https://forge.ipsl.jussieu.fr/: (6
 	* Unsecurable <= refused
 
 -->
-<ruleset name="Jussieu.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="Jussieu.fr (partial)" default_off="failed ruleset test">
 
 	<target host="forge.ipsl.jussieu.fr" />
 
diff --git a/src/chrome/content/rules/Just-Develop-It.xml b/src/chrome/content/rules/Just-Develop-It.xml
index 7979423e3a3c..3c6dda5d0596 100644
--- a/src/chrome/content/rules/Just-Develop-It.xml
+++ b/src/chrome/content/rules/Just-Develop-It.xml
@@ -16,7 +16,7 @@ Fetch error: http://zipcloud.com/ => https://zipcloud.com/: Redirect for 'http:/
 		- justcloud.com.xml
 
 -->
-<ruleset name="Just Develop It (partial)" default_off='failed ruleset test'>
+<ruleset name="Just Develop It (partial)" default_off="failed ruleset test">
 
 	<target host="intellichat.com"/>
 	<target host="*.intellichat.com"/>
diff --git a/src/chrome/content/rules/Just-Extend.com.xml b/src/chrome/content/rules/Just-Extend.com.xml
new file mode 100644
index 000000000000..0b79552d9bab
--- /dev/null
+++ b/src/chrome/content/rules/Just-Extend.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Just-Extend.com">
+	<target host="just-extend.com" />
+	<target host="www.just-extend.com" />
+	<target host="autodiscover.just-extend.com" />
+	<target host="cpanel.just-extend.com" />
+	<target host="mail.just-extend.com" />
+	<target host="webdisk.just-extend.com" />
+	<target host="webmail.just-extend.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JustApple.com.xml b/src/chrome/content/rules/JustApple.com.xml
deleted file mode 100644
index 9dc321daa625..000000000000
--- a/src/chrome/content/rules/JustApple.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="JustApple.com">
-	<target host="justapple.com" />
-	<target host="www.justapple.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/JustGiving.xml b/src/chrome/content/rules/JustGiving.xml
index d2f61584f5a9..0d4279e82ac0 100644
--- a/src/chrome/content/rules/JustGiving.xml
+++ b/src/chrome/content/rules/JustGiving.xml
@@ -46,7 +46,7 @@ Non-2xx HTTP code: http://pages.justgiving.com/css/mktLPSupport.css (200) => htt
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="JustGiving.com (partial)" default_off='failed ruleset test'>
+<ruleset name="JustGiving.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/JustTomatoes.com.xml b/src/chrome/content/rules/JustTomatoes.com.xml
index e0df0ebb1ee7..db84b6303515 100644
--- a/src/chrome/content/rules/JustTomatoes.com.xml
+++ b/src/chrome/content/rules/JustTomatoes.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://justtomatoes.com/ => https://www.justtomatoes.com/: (60, 'SS
 Fetch error: http://www.justtomatoes.com/ => https://www.justtomatoes.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="JustTomatoes.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="JustTomatoes.com" platform="mixedcontent" default_off="failed ruleset test">
   <target host="justtomatoes.com" />
   <target host="www.justtomatoes.com" />
 
diff --git a/src/chrome/content/rules/Justaguy.pw.xml b/src/chrome/content/rules/Justaguy.pw.xml
index 38bc5f2c6de9..b4fef9bbfaea 100644
--- a/src/chrome/content/rules/Justaguy.pw.xml
+++ b/src/chrome/content/rules/Justaguy.pw.xml
@@ -6,7 +6,7 @@ Fetch error: http://services.justaguy.pw/ => https://services.justaguy.pw/: (28,
 Fetch error: http://www.justaguy.pw/ => https://www.justaguy.pw/: (6, 'Could not resolve host: www.justaguy.pw')
 
 -->
-<ruleset name="Justaguy.pw" default_off='failed ruleset test'>
+<ruleset name="Justaguy.pw" default_off="failed ruleset test">
 
 	<target host="justaguy.pw" />
 	<target host="services.justaguy.pw" />
diff --git a/src/chrome/content/rules/Justia.com.xml b/src/chrome/content/rules/Justia.com.xml
new file mode 100644
index 000000000000..e2a3241431f6
--- /dev/null
+++ b/src/chrome/content/rules/Justia.com.xml
@@ -0,0 +1,161 @@
+<!--
+	This website has both a wildcard DNS record and a wildcard certificate, thus enumerating all valid subdomains is impossible.
+-->
+<ruleset name="Justia.com (partial)">
+	<target host="justia.com" />
+	<target host="www.justia.com" />
+	<target host="0.justia.com" />
+	<target host="abablawgsearch.justia.com" />
+	<target host="accounts.justia.com" />
+	<target host="answers.justia.com" />
+	<target host="ar.justia.com" />
+	<target host="argentina.justia.com" />
+	<target host="docs.argentina.justia.com" />
+	<target host="www.docs.argentina.justia.com" />
+	<target host="auto.justia.com" />
+	<target host="auto-recalls.justia.com" />
+	<target host="autos.justia.com" />
+	<target host="bankruptcy.justia.com" />
+	<target host="belize.justia.com" />
+	<target host="blawgsearch.justia.com" />
+	<target host="blawgsfm.justia.com" />
+	<target host="blog.justia.com" />
+	<target host="blogs4.justia.com" />
+	<target host="blogsearch.justia.com" />
+	<target host="bo.justia.com" />
+	<target host="bol.justia.com" />
+	<target host="bolivia.justia.com" />
+	<target host="docs.bolivia.justia.com" />
+	<target host="www.docs.bolivia.justia.com" />
+	<target host="br.justia.com" />
+	<target host="bra.justia.com" />
+	<target host="brand.justia.com" />
+	<target host="brasil.justia.com" />
+	<target host="brazil.justia.com" />
+	<target host="bz.justia.com" />
+	<target host="cases.justia.com" />
+	<target host="chile.justia.com" />
+	<target host="cl.justia.com" />
+	<target host="clientvideos.justia.com" />
+	<target host="co.justia.com" />
+	<target host="col.justia.com" />
+	<target host="colombia.justia.com" />
+	<target host="company.justia.com" />
+	<target host="companyprofile.justia.com" />
+	<target host="companyprofiles.justia.com" />
+	<target host="contracts.justia.com" />
+	<target host="costa-rica.justia.com" />
+	<target host="costarica.justia.com" />
+	<target host="cr.justia.com" />
+	<target host="cri.justia.com" />
+	<target host="cu.justia.com" />
+	<target host="cub.justia.com" />
+	<target host="cuba.justia.com" />
+	<target host="d.justia.com" />
+	<target host="daily.justia.com" />
+	<target host="design.justia.com" />
+	<target host="dir.justia.com" />
+	<target host="directory.justia.com" />
+	<target host="do.justia.com" />
+	<target host="docfiles.justia.com" />
+	<target host="docket.justia.com" />
+	<target host="dockets.justia.com" />
+	<target host="docketsupport.justia.com" />
+	<target host="docs.justia.com" />
+	<target host="dom.justia.com" />
+	<target host="dominican-republic.justia.com" />
+	<target host="ec.justia.com" />
+	<target host="ecu.justia.com" />
+	<target host="ecuador.justia.com" />
+	<target host="docs.ecuador.justia.com" />
+	<target host="www.docs.ecuador.justia.com" />
+	<target host="editing.justia.com" />
+	<target host="el-salvador.justia.com" />
+	<target host="elsalvador.justia.com" />
+	<target host="fairuse.justia.com" />
+	<target host="fairusealpha.justia.com" />
+	<target host="formfiles.justia.com" />
+	<target host="forms.justia.com" />
+	<target host="free-jweb.justia.com" />
+	<target host="gao.justia.com" />
+	<target host="gt.justia.com" />
+	<target host="gtm.justia.com" />
+	<target host="guatemala.justia.com" />
+	<target host="helpdesk.justia.com" />
+	<target host="hn.justia.com" />
+	<target host="hnd.justia.com" />
+	<target host="honduras.justia.com" />
+	<target host="jobs.justia.com" />
+	<target host="jweb.justia.com" />
+	<target host="jweb-cms.justia.com" />
+	<target host="jwfeeds.justia.com" />
+	<target host="www.jwfeeds.justia.com" />
+	<target host="law.justia.com" />
+	<target host="lawblog.justia.com" />
+	<target host="lawblogsearch.justia.com" />
+	<target host="laws.justia.com" />
+	<target host="lawschools.justia.com" />
+	<target host="lawyers.justia.com" />
+	<target host="legalbirds.justia.com" />
+	<target host="lists.justia.com" />
+	<target host="marketing.justia.com" />
+	<target host="mexico.justia.com" />
+	<target host="docs.mexico.justia.com" />
+	<target host="www.docs.mexico.justia.com" />
+	<target host="mx.justia.com" />
+	<target host="news.justia.com" />
+	<target host="ni.justia.com" />
+	<target host="nic.justia.com" />
+	<target host="nicaragua.justia.com" />
+	<target host="onward.justia.com" />
+	<target host="pa.justia.com" />
+	<target host="pan.justia.com" />
+	<target host="panama.justia.com" />
+	<target host="docs.panama.justia.com" />
+	<target host="www.docs.panama.justia.com" />
+	<target host="paraguay.justia.com" />
+	<target host="docs.paraguay.justia.com" />
+	<target host="www.docs.paraguay.justia.com" />
+	<target host="patents.justia.com" />
+	<target host="pe.justia.com" />
+	<target host="per.justia.com" />
+	<target host="peru.justia.com" />
+	<target host="portfolio.justia.com" />
+	<target host="professionals.justia.com" />
+	<target host="profile-images.justia.com" />
+	<target host="py.justia.com" />
+	<target host="qa.justia.com" />
+	<target host="recall-warnings.justia.com" />
+	<target host="recalls.justia.com" />
+	<target host="regulations.justia.com" />
+	<target host="docs.regulations.justia.com" />
+	<target host="www.docs.regulations.justia.com" />
+	<target host="republica-dominicana.justia.com" />
+	<target host="docs.republica-dominicana.justia.com" />
+	<target host="www.docs.republica-dominicana.justia.com" />
+	<target host="rss-auto-recalls.justia.com" />
+	<target host="seo.justia.com" />
+	<target host="statecasefiles.justia.com" />
+	<target host="statecases.justia.com" />
+	<target host="statecodesfiles.justia.com" />
+	<target host="static.justia.com" />
+	<target host="stats.justia.com" />
+	<target host="support.justia.com" />
+	<target host="supreme.justia.com" />
+	<target host="sv.justia.com" />
+	<target host="techlaw.justia.com" />
+	<target host="test2.justia.com" />
+	<target host="tools.justia.com" />
+	<target host="trademarks.justia.com" />
+	<target host="uruguay.justia.com" />
+	<target host="docs.uruguay.justia.com" />
+	<target host="www.docs.uruguay.justia.com" />
+	<target host="uy.justia.com" />
+	<target host="ve.justia.com" />
+	<target host="ven.justia.com" />
+	<target host="venezuela.justia.com" />
+	<target host="verdict.justia.com" />
+	<target host="virtualchase.justia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Justia.xml b/src/chrome/content/rules/Justia.xml
deleted file mode 100644
index a387ab535baa..000000000000
--- a/src/chrome/content/rules/Justia.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- company	(redirects to www)
-		- docketsupport	(ditto)
-		- forms
-		- verdict
-
-
-	Problematic subdomains:
-
-		- (www.)blogs	(times out)
-
--->
-<ruleset name="Justia (partial)" platform="mixedcontent">
-
-	<target host="justia.com" />
-	<target host="*.justia.com" />
-
-
-	<securecookie host="^.*\.justia\.com$" name=".+" />
-
-
-	<rule from="^http://((?:accounts|answers|blawgsearch|blawgsfm|daily|dockets|docs|law|lawyers|marketing|supreme|www)\.)?justia\.com/"
-		to="https://$1justia.com/" />
-
-	<rule from="^http://(?:www\.)?blogs\.justia\.com/"
-		to="https://marketing.justia.com/content-lawyer-blogs.html" />
-
-	<rule from="^http://(clientvideos|profile-images|statecasefiles|static)\.justia\.com/"
-		to="https://s3.amazonaws.com/$1.justia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/JusticeForKatie.com.xml b/src/chrome/content/rules/JusticeForKatie.com.xml
deleted file mode 100644
index 146b4f40c642..000000000000
--- a/src/chrome/content/rules/JusticeForKatie.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="JusticeForKatie.com">
-	<target host="justiceforkatie.com" />
-	<target host="www.justiceforkatie.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/JusticeForStrumia.org.xml b/src/chrome/content/rules/JusticeForStrumia.org.xml
new file mode 100644
index 000000000000..e1033b864d64
--- /dev/null
+++ b/src/chrome/content/rules/JusticeForStrumia.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="JusticeForStrumia.org">
+	<target host="justiceforstrumia.org" />
+	<target host="www.justiceforstrumia.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/JusticeMail.xml b/src/chrome/content/rules/JusticeMail.xml
index 55706efec13f..84f126fc9581 100644
--- a/src/chrome/content/rules/JusticeMail.xml
+++ b/src/chrome/content/rules/JusticeMail.xml
@@ -6,8 +6,8 @@ Fetch error: http://mail.justice.com/ => https://mail.justice.com/: (51, "SSL: n
 Disabled by https-everywhere-checker because:
 Fetch error: http://mail.justice.com/ => https://mail.justice.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.justice.com'")
 -->
-<ruleset name="mail.justice.com" default_off='failed ruleset test'>
+<ruleset name="mail.justice.com" default_off="failed ruleset test">
   <target host="mail.justice.com" />
-  <securecookie host="^(?:.+\.)?justice\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KAKAO.com.xml b/src/chrome/content/rules/KAKAO.com.xml
new file mode 100644
index 000000000000..ff212dd24b21
--- /dev/null
+++ b/src/chrome/content/rules/KAKAO.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="KAKAO.com (partial)">
+	<target host="kakao.com" />
+	<target host="www.kakao.com" />
+	<target host="map.kakao.com" />
+	<target host="page.kakao.com" />
+	<target host="story.kakao.com" />
+	<target host="translate.kakao.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KAKAO.xml b/src/chrome/content/rules/KAKAO.xml
deleted file mode 100644
index bfd29460e6f4..000000000000
--- a/src/chrome/content/rules/KAKAO.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://kakao.com/ => https://www.kakao.com/: Too many redirects while fetching 'https://www.kakao.com/'
-Fetch error: http://www.kakao.com/ => https://www.kakao.com/: Too many redirects while fetching 'https://www.kakao.com/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://kakao.com/ => https://www.kakao.com/: Cycle detected - URL already encountered: https://www.kakao.com/
-Fetch error: http://www.kakao.com/ => https://www.kakao.com/: Cycle detected - URL already encountered: https://www.kakao.com/
-	Cert only matches *.kakao.com
-
--->
-<ruleset name="KAKAO" default_off='failed ruleset test'>
-
-	<target host="kakao.com" />
-	<target host="www.kakao.com" />
-
-
-	<rule from="^http://(?:www\.)?kakao\.com/"
-		to="https://www.kakao.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KAU.se-problematic.xml b/src/chrome/content/rules/KAU.se-problematic.xml
index 28dde6a21851..89f5dbb47269 100644
--- a/src/chrome/content/rules/KAU.se-problematic.xml
+++ b/src/chrome/content/rules/KAU.se-problematic.xml
@@ -5,13 +5,12 @@
 <ruleset name="KAU.se (problematic)" default_off="mismatched, self-signed" platform="mixedcontent">
 
 	<target host="itsakhandbok.irt.kau.se" />
-	<target host="*.sae.kau.se" />
+	<target host="narvi.sae.kau.se" />
 
 
 	<securecookie host="^\.narvi\.sae\.kau\.se$" name=".+" />
 
 
-	<rule from="^http://(itsakhandbok\.irt|narvi\.sae)\.kau\.se/"
-		to="https://$1.kau.se/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KD2.us.xml b/src/chrome/content/rules/KD2.us.xml
index eaa520ea34b2..0aadd2fe1bcd 100644
--- a/src/chrome/content/rules/KD2.us.xml
+++ b/src/chrome/content/rules/KD2.us.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.kd2.us/ => https://www.kd2.us/: (51, "SSL: no alternativ
 		- (www.)?
 
 -->
-<ruleset name="KD2.us" default_off='failed ruleset test'>
+<ruleset name="KD2.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/KEMI.se.xml b/src/chrome/content/rules/KEMI.se.xml
index eabd65ce62ea..1eb8cd759859 100644
--- a/src/chrome/content/rules/KEMI.se.xml
+++ b/src/chrome/content/rules/KEMI.se.xml
@@ -5,7 +5,7 @@ Fetch error: http://kemi.se/ => https://kemi.se/: (60, 'SSL certificate problem:
 Fetch error: http://www.kemi.se/ => https://www.kemi.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="KEMI.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="KEMI.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="kemi.se" />
 	<target host="www.kemi.se" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/KETrade.com.sg.xml b/src/chrome/content/rules/KETrade.com.sg.xml
index 4db5f4fcba78..3f5bb21857a7 100644
--- a/src/chrome/content/rules/KETrade.com.sg.xml
+++ b/src/chrome/content/rules/KETrade.com.sg.xml
@@ -8,7 +8,7 @@
 		- g03	(t)
 		- m	(m)
 		- www.mke	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/KH.hu.xml b/src/chrome/content/rules/KH.hu.xml
index 371b5dd51d15..22428eda35f0 100644
--- a/src/chrome/content/rules/KH.hu.xml
+++ b/src/chrome/content/rules/KH.hu.xml
@@ -5,7 +5,7 @@ Fetch error: http://mi-vsp2.kh.hu/ => https://mi-vsp2.kh.hu/: (35, 'Unknown SSL
 
 
 	Valid site, broken https:
-	
+
 		Timeout:
 			- aliases.kh.hu
 			- khb.hu (redirects www.khb.hu)
@@ -20,7 +20,7 @@ Fetch error: http://mi-vsp2.kh.hu/ => https://mi-vsp2.kh.hu/: (35, 'Unknown SSL
 		Timeout:
 			- rtitest.kh.hu
 			- biztosnetwsact.kh.hu
-	
+
 		Invalid certificate:
 			- mi-sentry-test.kh.hu (http redirects to https)
 			- edma.khb.hu (http timeout)
@@ -29,7 +29,7 @@ Fetch error: http://mi-vsp2.kh.hu/ => https://mi-vsp2.kh.hu/: (35, 'Unknown SSL
 			- im.kh.hu (http empty)
 
 -->
-<ruleset name="K&amp;H Bank (HU)" default_off='failed ruleset test'>
+<ruleset name="K&amp;H Bank (HU)" default_off="failed ruleset test">
 	<!-- Online banking and administration -->
 	<target host="ebank.kh.hu" />
 	<target host="faktor.kh.hu" />
@@ -73,7 +73,7 @@ Fetch error: http://mi-vsp2.kh.hu/ => https://mi-vsp2.kh.hu/: (35, 'Unknown SSL
 			to="https://szepkartya.kh.hu/" />
 	<rule from="^http://khb\.hu/"
 			to="https://www.khb.hu/" />
-	
+
 	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KHN.nl.xml b/src/chrome/content/rules/KHN.nl.xml
deleted file mode 100644
index 271e172d4007..000000000000
--- a/src/chrome/content/rules/KHN.nl.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Koninklijke Horeca Nederland
-
-
-	^: Handshake fails
-	www: Refused
-
--->
-<ruleset name="KHN.nl (partial)">
-
-	<!--target host="khn.nl" /-->
-	<target host="*.khn.nl" />
-
-
-	<securecookie host="^ox\.khn\.nl$" name=".+" />
-
-
-	<!--	^ redirects to www over http,
-		so copy that behavior:
-					-->
-	<!--rule from="^http://(?:www\.)?khn\.nl/"
-		to="https://www.khn.nl/" /-->
-
-	<rule from="^http://ox\.khn\.nl/"
-		to="https://ox.khn.nl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KHOC.co.xml b/src/chrome/content/rules/KHOC.co.xml
index 110d02058675..620d14af115f 100644
--- a/src/chrome/content/rules/KHOC.co.xml
+++ b/src/chrome/content/rules/KHOC.co.xml
@@ -23,10 +23,10 @@ Fetch error: http://khoc.co/ => https://www.khoc.co/: (7, 'Failed to connect to
 	* Secured by us
 
 -->
-<ruleset name="KHOC.co" default_off='failed ruleset test'>
+<ruleset name="KHOC.co" default_off="failed ruleset test">
 
 	<target host="khoc.co" />
-	<target host="*.khoc.co" />
+	<target host="www.khoc.co" />
 
 
 	<securecookie host="^\.khoc\.co$" name=".+" />
diff --git a/src/chrome/content/rules/KI.se.xml b/src/chrome/content/rules/KI.se.xml
index d45c725149e0..26fc8742ccb7 100644
--- a/src/chrome/content/rules/KI.se.xml
+++ b/src/chrome/content/rules/KI.se.xml
@@ -14,7 +14,7 @@ Fetch error: http://fonder.ki.se/ => https://fonder.ki.se/: (28, 'Operation time
 Fetch error: http://kib.ki.se/ => https://kib.ki.se/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://metasearch.kib.ki.se/ => https://metasearch.kib.ki.se/: (6, 'Could not resolve host: metasearch.kib.ki.se')
 -->
-<ruleset name="KI.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="KI.se" platform="mixedcontent" default_off="failed ruleset test">
   <target host="bibliometrics.ki.se" />
   <target host="cas.ki.se" />
   <target host="cwaa.ki.se" />
diff --git a/src/chrome/content/rules/KIT_digital.xml b/src/chrome/content/rules/KIT_digital.xml
index 3cbe76c4f123..08e7d0c0c2ee 100644
--- a/src/chrome/content/rules/KIT_digital.xml
+++ b/src/chrome/content/rules/KIT_digital.xml
@@ -16,7 +16,7 @@ Fetch error: http://kitd.com/ => https://kitd.com/: (51, "SSL: no alternative ce
 		- ir	(works, akamai)
 
 -->
-<ruleset name="KIT digital" default_off='failed ruleset test'>
+<ruleset name="KIT digital" default_off="failed ruleset test">
 
 	<target host="kitd.com" />
 	<target host="www.kitd.com" />
@@ -27,4 +27,4 @@ Fetch error: http://kitd.com/ => https://kitd.com/: (51, "SSL: no alternative ce
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KIXEYE.com.xml b/src/chrome/content/rules/KIXEYE.com.xml
new file mode 100644
index 000000000000..f8b496c2b5bc
--- /dev/null
+++ b/src/chrome/content/rules/KIXEYE.com.xml
@@ -0,0 +1,134 @@
+<ruleset name="KIXEYE.com (partial)">
+	<target host="kixeye.com" />
+	<target host="www.kixeye.com" />
+	<target host="looker.prod.ae.kixeye.com" />
+	<target host="webhooks.prod.analytics.aws.kixeye.com" />
+	<target host="webhooks.stage.analytics.aws.kixeye.com" />
+	<target host="vc-news-feed.prod.kxl.aws.kixeye.com" />
+	<target host="vc-news-feed-wordpress.prod.kxl.aws.kixeye.com" />
+	<target host="vc-news-feed-wordpress.stage.kxl.aws.kixeye.com" />
+	<target host="blog.kixeye.com" />
+	<target host="bp.kixeye.com" />
+	<target host="dev-mfb-vip1.bp.kixeye.com" />
+	<target host="dev-mfb-vip10.bp.kixeye.com" />
+	<target host="dev-mfb-vip11.bp.kixeye.com" />
+	<target host="dev-mfb-vip12.bp.kixeye.com" />
+	<target host="dev-mfb-vip13.bp.kixeye.com" />
+	<target host="dev-mfb-vip14.bp.kixeye.com" />
+	<target host="dev-mfb-vip15.bp.kixeye.com" />
+	<target host="dev-mfb-vip16.bp.kixeye.com" />
+	<target host="dev-mfb-vip2.bp.kixeye.com" />
+	<target host="dev-mfb-vip3.bp.kixeye.com" />
+	<target host="dev-mfb-vip4.bp.kixeye.com" />
+	<target host="dev-mfb-vip5.bp.kixeye.com" />
+	<target host="dev-mfb-vip6.bp.kixeye.com" />
+	<target host="dev-mfb-vip7.bp.kixeye.com" />
+	<target host="dev-mfb-vip8.bp.kixeye.com" />
+	<target host="dev-mfb-vip9.bp.kixeye.com" />
+	<target host="dev-sbx1.bp.kixeye.com" />
+	<target host="dev-sbx10.bp.kixeye.com" />
+	<target host="dev-sbx11.bp.kixeye.com" />
+	<target host="dev-sbx12.bp.kixeye.com" />
+	<target host="dev-sbx13.bp.kixeye.com" />
+	<target host="dev-sbx14.bp.kixeye.com" />
+	<target host="dev-sbx15.bp.kixeye.com" />
+	<target host="dev-sbx16.bp.kixeye.com" />
+	<target host="dev-sbx2.bp.kixeye.com" />
+	<target host="dev-sbx3.bp.kixeye.com" />
+	<target host="dev-sbx4.bp.kixeye.com" />
+	<target host="dev-sbx5.bp.kixeye.com" />
+	<target host="dev-sbx6.bp.kixeye.com" />
+	<target host="dev-sbx7.bp.kixeye.com" />
+	<target host="dev-sbx8.bp.kixeye.com" />
+	<target host="dev-sbx9.bp.kixeye.com" />
+	<target host="community.kixeye.com" />
+	<target host="community-dev.kixeye.com" />
+	<target host="community-stage.kixeye.com" />
+	<target host="entitlements.core.kixeye.com" />
+	<target host="game-configurations.core.kixeye.com" />
+	<target host="identity.core.kixeye.com" />
+	<target host="corp.kixeye.com" />
+	<target host="privacy.corp.kixeye.com" />
+	<target host="privacy-dev.corp.kixeye.com" />
+	<target host="bp-ar-vip.dc.kixeye.com" />
+	<target host="bp-fb-vip.dc.kixeye.com" />
+	<target host="bp-fb-wm00.dc.kixeye.com" />
+	<target host="bp-fb-wm01.dc.kixeye.com" />
+	<target host="bp-fb-wm02.dc.kixeye.com" />
+	<target host="bp-fb-wm03.dc.kixeye.com" />
+	<target host="bp-fb-wm04.dc.kixeye.com" />
+	<target host="bp-fb-wmvip0.dc.kixeye.com" />
+	<target host="bp-fb-wmvip1.dc.kixeye.com" />
+	<target host="bp-kg-vip.dc.kixeye.com" />
+	<target host="bp-kx-vip.dc.kixeye.com" />
+	<target host="bp-log-vip.dc.kixeye.com" />
+	<target host="bp-prod-admin.dc.kixeye.com" />
+	<target host="bp-prod-battle-vip.dc.kixeye.com" />
+	<target host="bp-prod-framework-vip.dc.kixeye.com" />
+	<target host="bp-prod-worldmap-vip.dc.kixeye.com" />
+	<target host="dd-lb1.kixeye.com" />
+	<target host="developers.kixeye.com" />
+	<target host="forums.kixeye.com" />
+	<target host="wcra-newsfeed.get.kixeye.com" />
+	<target host="wcra-newsfeed-stage.get.kixeye.com" />
+	<target host="helpcenter.kixeye.com" />
+	<target host="admin.dev.kxl.kixeye.com" />
+	<target host="web.dev.kxl.kixeye.com" />
+	<target host="kxl-admin.kixeye.com" />
+	<target host="kxl-avatars-cdn.kixeye.com" />
+	<target host="looker.kixeye.com" />
+	<target host="m.kixeye.com" />
+	<target host="mobile.kixeye.com" />
+	<target host="moderators.kixeye.com" />
+	<target host="monocle.kixeye.com" />
+	<target host="play.kixeye.com" />
+	<target host="wc-fb-vip.sjc.kixeye.com" />
+	<target host="wc-fb-vip-alt.sjc.kixeye.com" />
+	<target host="wc-kx-vip.sjc.kixeye.com" />
+	<target host="forums.stage.kixeye.com" />
+	<target host="play.stage.kixeye.com" />
+	<target host="support.kixeye.com" />
+	<target host="support.tools.kixeye.com" />
+	<target host="unsub.kixeye.com" />
+	<target host="vapi.kixeye.com" />
+	<target host="cherry-auw2-admin.vc.kixeye.com" />
+	<target host="cherry-auw2-api.vc.kixeye.com" />
+	<target host="cherry-auw2-kxl.vc.kixeye.com" />
+	<target host="prod-aue1-admin.vc.kixeye.com" />
+	<target host="prod-aue1-api.vc.kixeye.com" />
+	<target host="prod-aue1-fb.vc.kixeye.com" />
+	<target host="prod-aue1-kxl.vc.kixeye.com" />
+	<target host="stage-auw2-admin.vc.kixeye.com" />
+	<target host="stage-auw2-api.vc.kixeye.com" />
+	<target host="stage-auw2-kxl.vc.kixeye.com" />
+	<target host="test-auw2-admin.vc.kixeye.com" />
+	<target host="test-auw2-api.vc.kixeye.com" />
+	<target host="test-auw2-kxl.vc.kixeye.com" />
+	<target host="alliances-production.wcra.kixeye.com" />
+	<target host="alliances-stage1.wcra.kixeye.com" />
+	<target host="alliances-stage2.wcra.kixeye.com" />
+	<target host="chat-production.wcra.kixeye.com" />
+	<target host="chat-stage1.wcra.kixeye.com" />
+	<target host="chat-stage2.wcra.kixeye.com" />
+	<target host="directory-productiontools.wcra.kixeye.com" />
+	<target host="gameplay-production.wcra.kixeye.com" />
+	<target host="gameplay-stage1.wcra.kixeye.com" />
+	<target host="gameplay-stage2.wcra.kixeye.com" />
+	<target host="logconsumer-production.wcra.kixeye.com" />
+	<target host="logconsumer-stage1.wcra.kixeye.com" />
+	<target host="logconsumer-stage2.wcra.kixeye.com" />
+	<target host="messagechannels-production.wcra.kixeye.com" />
+	<target host="messagechannels-stage1.wcra.kixeye.com" />
+	<target host="messagechannels-stage2.wcra.kixeye.com" />
+	<target host="notifications-production.wcra.kixeye.com" />
+	<target host="notifications-stage1.wcra.kixeye.com" />
+	<target host="notifications-stage2.wcra.kixeye.com" />
+	<target host="worldmap-production.wcra.kixeye.com" />
+	<target host="worldmap-stage1.wcra.kixeye.com" />
+	<target host="worldmap-stage2.wcra.kixeye.com" />
+	<target host="worldmapzones-production.wcra.kixeye.com" />
+	<target host="worldmapzones-stage1.wcra.kixeye.com" />
+	<target host="worldmapzones-stage2.wcra.kixeye.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KIXEYE.xml b/src/chrome/content/rules/KIXEYE.xml
deleted file mode 100644
index 00cdd20f18f9..000000000000
--- a/src/chrome/content/rules/KIXEYE.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	bym-netdna.s3.amazonaws.com
-
-		- Equivalent to bym-fb4-s.cdn.kixeye.com
-
-	dd-fb-cdn.s3.amazonaws.com
-
-		- Equivalent to dd-fb-cdn4.kixeye.com
-
-
-	Nonfunctional domains:
-
-		- (www.)casualcollective.com
-		- old.casualcollective.com
-		- (www.)kixeye.com
-		- forums.kixeye.com	(ssl_error_rx_record_too_long)
-
--->
-<ruleset name="KIXEYE (partial)">
-
-	<target host="cdn.casualcollective.com" />
-	<target host="*.kixeye.com" />
-
-
-	<rule from="^http://cdn\.casualcollective\.com/"
-		to="https://s3.amazonaws.com/cdn.casualcollective.com/" />
-
-		<!--
-				- bym-vx4-s
-				- dd-fb-cdn4
-				- di-fb-cdn4
-				- gp-fb-cdn4-s
-				- wc-fb4-s
-				- bp-fb4-s.cdn
-				- bym-fb4-s.cdn
-				- wc-fb4-s.cdn
-						-->
-	<rule from="^http://(bym-vx4-s|b(?:p|ym)-fb4-s\.cdn|d[di]-fb-cdn4|gp-fb-cdn4-s|wc-fb4-s(?:\.cdn)?)\.kixeye\.com/"
-		to="https://$1.kixeye.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KK.dk.xml b/src/chrome/content/rules/KK.dk.xml
index bde68a5f87de..67e0f03dcb10 100644
--- a/src/chrome/content/rules/KK.dk.xml
+++ b/src/chrome/content/rules/KK.dk.xml
@@ -23,7 +23,7 @@ Fetch error: http://medarbejdere.kk.dk/ => https://medarbejdere.kk.dk/: (6, 'Cou
 
 -->
 
-<ruleset name="KK.dk (partial)" default_off='failed ruleset test'>
+<ruleset name="KK.dk (partial)" default_off="failed ruleset test">
 
 	<target host="kk.dk" />
 	<target host="www.kk.dk" />
diff --git a/src/chrome/content/rules/KKH.de.xml b/src/chrome/content/rules/KKH.de.xml
index 3ff3faafe4a2..9ff5dca2d823 100644
--- a/src/chrome/content/rules/KKH.de.xml
+++ b/src/chrome/content/rules/KKH.de.xml
@@ -9,17 +9,10 @@ Fetch error: http://stats.kkh-allianz.de/ => https://stats.kkh-allianz.de/: (60,
         have a wrong certificate (*.kkh.de, kkh.de),
         so we need to handle the https redirect.
 -->
-<ruleset name="KKH.de" default_off='failed ruleset test'>
+<ruleset name="KKH.de" default_off="failed ruleset test">
 <target host="www.kkh.de" />
 <target host="kkh.de" />
-<target host="www.kkh-allianz.de" />
-<target host="kkh-allianz.de" />
-<target host="stats.kkh-allianz.de" />
 
-<test    url="https://www.kkh-allianz.de/" />
-<test    url="https://kkh-allianz.de/" />
-
-<rule from="^http://kkh\.de/"                   to="https://www.kkh.de/" />
-<rule from="^https?://(www\.)?kkh-allianz\.de/" to="https://www.kkh.de/" />
+<rule from="^http://kkh\.de/" to="https://www.kkh.de/" />
 <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KKR.bund.de.xml b/src/chrome/content/rules/KKR.bund.de.xml
new file mode 100644
index 000000000000..43570e3dfde4
--- /dev/null
+++ b/src/chrome/content/rules/KKR.bund.de.xml
@@ -0,0 +1,18 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="KKR.bund.de">
+
+	<target host="kkr.bund.de" />
+	<target host="www.kkr.bund.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--Invalid certificate on https://kkr.bund.de/,
+	http://kkr.bund.de/ redirects to https://www.kkr.bund.de/ -->
+	<rule from="^http://kkr\.bund\.de/"
+		to="https://www.kkr.bund.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/KLDP.net.xml b/src/chrome/content/rules/KLDP.net.xml
index 6df25c30d617..d7afa39a71f9 100644
--- a/src/chrome/content/rules/KLDP.net.xml
+++ b/src/chrome/content/rules/KLDP.net.xml
@@ -34,7 +34,7 @@ Fetch error: http://qmail.kldp.net/ => https://qmail.kldp.net/: (7, 'Failed to c
 
 
 -->
-<ruleset name="KLDP.net" default_off='failed ruleset test'>
+<ruleset name="KLDP.net" default_off="failed ruleset test">
 
 	<target host="kldp.net" />
 	<target host="*.kldp.net" />
diff --git a/src/chrome/content/rules/KLDP.org.xml b/src/chrome/content/rules/KLDP.org.xml
index 7dbbee14bfd2..98ab5673a449 100644
--- a/src/chrome/content/rules/KLDP.org.xml
+++ b/src/chrome/content/rules/KLDP.org.xml
@@ -40,10 +40,10 @@ Fetch error: http://weblog.kldp.org/ => https://weblog.kldp.org/: (51, "SSL: no
 			- validator from validator.w3.org ²
 
 	¹ Secured by us
-	² Unsecurable			- 
+	² Unsecurable			-
 
 -->
-<ruleset name="KLDP.org" default_off='failed ruleset test'>
+<ruleset name="KLDP.org" default_off="failed ruleset test">
 
 	<target host="kldp.org" />
 	<target host="*.kldp.org" />
diff --git a/src/chrome/content/rules/KLM.xml b/src/chrome/content/rules/KLM.xml
index 3c645875de72..797f3ac2f1dc 100644
--- a/src/chrome/content/rules/KLM.xml
+++ b/src/chrome/content/rules/KLM.xml
@@ -4,12 +4,12 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://klm.com/ (200) => https://www.klm.com/ (403)
 
 -->
-<ruleset name="KLM" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="KLM" platform="mixedcontent" default_off="failed ruleset test">
   <target host="klm.com" />
-  <target host="*.klm.com" />
+  <target host="mobile.klm.com" />
+  <target host="www.klm.com" />
 
   <rule from="^http://klm\.com/"
           to="https://www.klm.com/" />
-  <rule from="^http://(mobile|www)\.klm\.com/"
-          to="https://$1.klm.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KNET.cn.xml b/src/chrome/content/rules/KNET.cn.xml
index 2e15d851d39c..e252031d294f 100644
--- a/src/chrome/content/rules/KNET.cn.xml
+++ b/src/chrome/content/rules/KNET.cn.xml
@@ -9,14 +9,14 @@ Fetch error: http://yida.knet.cn/ => https://yida.knet.cn/: (60, 'SSL certificat
 	Dropped:
 		- jubao *
 		- t *
-	
+
 	Mismatch:
 		- (www.)?
 		- rr
 		- ts
 		- yida
 		- zt *
-		
+
 	Redirect to http:
 		- dmp
 		- domain
@@ -37,8 +37,8 @@ Fetch error: http://yida.knet.cn/ => https://yida.knet.cn/: (60, 'SSL certificat
 		- ss.knet.cn
 
 -->
-<ruleset name="KNET.cn (partial)" default_off='failed ruleset test'>
-	
+<ruleset name="KNET.cn (partial)" default_off="failed ruleset test">
+
 	<target host="gtld.knet.cn" />
 	<target host="kxlogo.knet.cn" />
 	<target host="ss.knet.cn" />
diff --git a/src/chrome/content/rules/KOLRanking.com.xml b/src/chrome/content/rules/KOLRanking.com.xml
new file mode 100644
index 000000000000..f7c2b29632cb
--- /dev/null
+++ b/src/chrome/content/rules/KOLRanking.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KOLRanking.com">
+	<target host="kolranking.com" />
+	<target host="www.kolranking.com" />
+	<target host="dl.kolranking.com" />
+	<target host="images.kolranking.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KOOORA.com.xml b/src/chrome/content/rules/KOOORA.com.xml
index 4e19081f7766..fde14ab1853e 100644
--- a/src/chrome/content/rules/KOOORA.com.xml
+++ b/src/chrome/content/rules/KOOORA.com.xml
@@ -1,16 +1,11 @@
 <!--
-		Error code 29 (SSL not supported):
-
-	o forum.kooora.com
-	o img.koora.com
-
-		Connection is not secure:
-
-	o tv.koora.com
+	HTTP != HTTPS:
+		- forum.kooora.com
 -->
 <ruleset name="KOOORA.com">
 	<target host="kooora.com" />
 	<target host="www.kooora.com" />
+	<target host="img.kooora.com" />
 	<target host="m.kooora.com" />
 	<target host="o.kooora.com" />
 
diff --git a/src/chrome/content/rules/KPN.com.xml b/src/chrome/content/rules/KPN.com.xml
index 4dc826443235..067a5e2d7f03 100644
--- a/src/chrome/content/rules/KPN.com.xml
+++ b/src/chrome/content/rules/KPN.com.xml
@@ -11,20 +11,20 @@
 -->
 <ruleset name="KPN">
 
-	<target host="*.hetnet.nl" />
+	<target host="netmail.hetnet.nl" />
 	<target host="kpn.com" />
-	<target host="*.kpn.com" />
+	<target host="www.kpn.com" />
 	<target host="kpn.nl" />
-	<target host="*.kpn.nl" />
-	<target host="*.kpnmail.nl" />
+	<target host="www.kpn.nl" />
+	<target host="home.kpn.nl" />
+	<target host="www.kpnmail.nl" />
+	<target host="webmail.kpnmail.nl" />
 
 
 	<securecookie host="^.*\.hetnet\.nl$" name=".+" />
 	<securecookie host="^webmail\.kpnmail\.nl$" name=".+" />
 
 
-	<rule from="^http://netmail\.hetnet\.nl/"
-		to="https://netmail.hetnet.nl/" />
 
 	<!--	- !www prints "The request did not specify a valid virtual host" over https
 		- !www redirects to www over http
@@ -32,8 +32,6 @@
 	<rule from="^http://(?:www\.)?kpn\.(?:com|nl)/"
 		to="https://www.kpn.com/" />
 
-	<rule from="^http://home\.kpn\.nl/"
-		to="https://home.kpn.nl/" />
 
 	<!--	- !www doesn't exist
 		- Cert only matches (www.)kpn
@@ -42,7 +40,6 @@
 	<rule from="^http://www\.kpnmail\.nl/"
 		to="https://www.kpn.nl/" />
 
-	<rule from="^http://webmail\.kpnmail\.nl/"
-		to="https://webmail.kpnmail.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KPT.ch.xml b/src/chrome/content/rules/KPT.ch.xml
index c0ba9d9a428a..5cbb4068545e 100644
--- a/src/chrome/content/rules/KPT.ch.xml
+++ b/src/chrome/content/rules/KPT.ch.xml
@@ -1,7 +1,7 @@
 <ruleset name="KPT.ch">
         <target host="kpt.ch" />
         <target host="www.kpt.ch" />
-        <securecookie host="^(?:.*\.)?kpt\.ch$" name=".+" />
+        <securecookie host=".+" name=".+" />
 
         <rule from="^http://(?:www\.)?kpt\.ch/" to="https://www.kpt.ch/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/KProxy.xml b/src/chrome/content/rules/KProxy.xml
index a9278f9ecfb2..87634de6ddd1 100644
--- a/src/chrome/content/rules/KProxy.xml
+++ b/src/chrome/content/rules/KProxy.xml
@@ -3,8 +3,8 @@
 	<target host="kproxy.com" />
 	<target host="*.kproxy.com" />
 	<!--	* for cross-domain cookie.	-->
-	
-	
+
+
 	<test url="http://server1.kproxy.com/" />
 	<test url="http://server2.kproxy.com/" />
 	<test url="http://server3.kproxy.com/" />
@@ -14,7 +14,7 @@
 	<test url="http://server7.kproxy.com/" />
 	<test url="http://server8.kproxy.com/" />
 	<test url="http://server9.kproxy.com/" />
-	
+
 
 
 	<!--	Observed cookie domains:
@@ -23,7 +23,7 @@
 			- ^.
 			- www
 				-->
-	<securecookie host="^(?:.*\.)?kproxy\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/KQED.org.xml b/src/chrome/content/rules/KQED.org.xml
index d68476d4c2e5..11b16b9c4d09 100644
--- a/src/chrome/content/rules/KQED.org.xml
+++ b/src/chrome/content/rules/KQED.org.xml
@@ -16,7 +16,7 @@ Non-2xx HTTP code: http://u.s.kqed.org/ (200) => https://u.s.kqed.net/ (403)
 	² Redirects to http
 
 -->
-<ruleset name="KQED.org (partial)" default_off='failed ruleset test'>
+<ruleset name="KQED.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/KSH.xml b/src/chrome/content/rules/KSH.xml
index b9793d563e52..2e4405bea69a 100644
--- a/src/chrome/content/rules/KSH.xml
+++ b/src/chrome/content/rules/KSH.xml
@@ -6,6 +6,12 @@
 
 	<rule from="^http://(?:www\.)?ksh\.hu/"
 		to="https://www.ksh.hu/" />
+	
+	<!-- These pages return a 404 error when requested over HTTPS -->
+	<exclusion pattern="^http://statinfo\.ksh\.hu/Statinfo/" />
+		<test url="http://statinfo.ksh.hu/Statinfo/" />
+		<test url="http://statinfo.ksh.hu/Statinfo/themeSelector.jsp?lang=hu" />
+		<test url="http://statinfo.ksh.hu/Statinfo/QueryServlet?ha=TA2019_W" />
 
 	<rule from="^http://(statinfo|elektra)\.ksh\.hu/"
 		to="https://$1.ksh.hu/" />
diff --git a/src/chrome/content/rules/KSL.xml b/src/chrome/content/rules/KSL.xml
index 269f46da7d43..129ec1585892 100644
--- a/src/chrome/content/rules/KSL.xml
+++ b/src/chrome/content/rules/KSL.xml
@@ -1,13 +1,15 @@
 <ruleset name="KSL">
 
 	<target host="ksl.com" />
-	<target host="*.ksl.com" />
+	<target host="img.ksl.com" />
+	<target host="local.ksl.com" />
+	<target host="static.ksl.com" />
+	<target host="www.ksl.com" />
 
 
 	<securecookie host="^\.ksl\.com$" name=".+" />
 
 
-	<rule from="^http://((?:img|local|static|www)\.)?ksl\.com/"
-		to="https://$1ksl.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KT.kz.xml b/src/chrome/content/rules/KT.kz.xml
new file mode 100644
index 000000000000..6d4bd5b26d46
--- /dev/null
+++ b/src/chrome/content/rules/KT.kz.xml
@@ -0,0 +1,6 @@
+<ruleset name="KT.kz">
+	<target host="kt.kz" />
+	<target host="www.kt.kz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KTAS.com.au.xml b/src/chrome/content/rules/KTAS.com.au.xml
new file mode 100644
index 000000000000..3b02fba8a110
--- /dev/null
+++ b/src/chrome/content/rules/KTAS.com.au.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- insurance	(SSL connection error)
+		- myservice	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="KTAS.com.au">
+
+	<target host="ktas.com.au" />
+	<target host="www.ktas.com.au" />
+	<target host="booking.ktas.com.au" />
+	<target host="bookingtest.ktas.com.au" />
+	<target host="click.e.ktas.com.au" />
+	<target host="pages.e.ktas.com.au" />
+	<target host="view.e.ktas.com.au" />
+	<target host="test.ktas.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KTk.de.xml b/src/chrome/content/rules/KTk.de.xml
index 7e7463516a1e..495a2909e610 100644
--- a/src/chrome/content/rules/KTk.de.xml
+++ b/src/chrome/content/rules/KTk.de.xml
@@ -1,7 +1,7 @@
 <!--
 	For other Kevag Telekom coverage, see Kevag-Telekom.de.xml.
 
-	
+
 	(www.)?ktk.de: Shows default page
 
 -->
diff --git a/src/chrome/content/rules/KYM-CDN.com.xml b/src/chrome/content/rules/KYM-CDN.com.xml
index bafa761ce586..397be50aab18 100644
--- a/src/chrome/content/rules/KYM-CDN.com.xml
+++ b/src/chrome/content/rules/KYM-CDN.com.xml
@@ -9,12 +9,25 @@
 	* 503
 
 -->
-<ruleset name="KYM-CDN.com (partial)" default_off="mismatched">
+<ruleset name="KYM-CDN.com">
 
+	<target host="i.kym-cdn.com" />
+		<test url="http://i.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
 	<target host="i0.kym-cdn.com" />
+		<test url="http://i0.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
 	<target host="i1.kym-cdn.com" />
+		<test url="http://i1.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
 	<target host="i2.kym-cdn.com" />
+		<test url="http://i2.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
 	<target host="i3.kym-cdn.com" />
+	<test url="http://i3.kym-cdn.com/entries/icons/mobile/000/006/363/pokemon-balls-pokeball-1920x1080-5166.jpg" />
+	
+	<target host="s.kym-cdn.com" />
+		<test url="http://s.kym-cdn.com/assets/kym-logo-fbdeb4f48d4b9e0d7f9675fa5e1e011a.png" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/KabelDeutschland.xml b/src/chrome/content/rules/KabelDeutschland.xml
index 280c308a7c0e..66ccb2fb0275 100644
--- a/src/chrome/content/rules/KabelDeutschland.xml
+++ b/src/chrome/content/rules/KabelDeutschland.xml
@@ -5,7 +5,7 @@ Fetch error: http://newsletter.kabelmail.de/ => https://newsletter.kabelmail.de/
 Fetch error: http://static.kabelmail.de/ => https://static.kabelmail.de/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Kabel Deutschland" default_off='failed ruleset test'>
+<ruleset name="Kabel Deutschland" default_off="failed ruleset test">
     <target host="kabeldeutschland.de" />
     <target host="www.kabeldeutschland.de" />
     <target host="kabeldeutschland.com" />
@@ -21,7 +21,7 @@ Fetch error: http://static.kabelmail.de/ => https://static.kabelmail.de/: (28, '
     <rule from="^http://(www\.)?kabeldeutschland\.de/" to="https://www.kabeldeutschland.de/"/>
     <rule from="^http://(www\.)?kabeldeutschland\.com/" to="https://www.kabeldeutschland.com/"/>
     <rule from="^http://(www\.)?kabelmail\.de/" to="https://www.kabelmail.de/" />
-    
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kabelkiosk.de.xml b/src/chrome/content/rules/Kabelkiosk.de.xml
deleted file mode 100644
index 0a214c89d145..000000000000
--- a/src/chrome/content/rules/Kabelkiosk.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Kabelkiosk.de" platform="mixedcontent">
-<target host="www.kabelkiosk.de"/>
-<target host="kabelkiosk.de"/>
-<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Kable_Media_Services.xml b/src/chrome/content/rules/Kable_Media_Services.xml
index 54a1336b6fab..31531a87fe08 100644
--- a/src/chrome/content/rules/Kable_Media_Services.xml
+++ b/src/chrome/content/rules/Kable_Media_Services.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.kable.com/ => https://www.kable.com/: (60, 'SSL certific
 		- ^kable.com	(cert only matches www)
 
 -->
-<ruleset name="Kable Media Services (partial)" default_off='failed ruleset test'>
+<ruleset name="Kable Media Services (partial)" default_off="failed ruleset test">
 
 	<target host="secure2.insideknc.com" />
 	<target host="kable.com" />
diff --git a/src/chrome/content/rules/Kachingle.xml b/src/chrome/content/rules/Kachingle.xml
index a102132cfded..7d998b784cf6 100644
--- a/src/chrome/content/rules/Kachingle.xml
+++ b/src/chrome/content/rules/Kachingle.xml
@@ -11,14 +11,14 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://downloads.kachingle.com/ => https://downloads.kachingle.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://assets.kachingle.com/ => https://assets.kachingle.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Kachingle" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Kachingle" platform="mixedcontent" default_off="failed ruleset test">
   <target host="kachingle.com" />
   <target host="www.kachingle.com" />
   <target host="downloads.kachingle.com" />
   <target host="assets.kachingle.com" />
   <target host="medallion.kachingle.com" />
 
-  <securecookie host="^(?:.+\.)?kachingle\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kaggle.com.xml b/src/chrome/content/rules/Kaggle.com.xml
deleted file mode 100644
index b326c2724282..000000000000
--- a/src/chrome/content/rules/Kaggle.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- kaggle2.blob.core.windows.net
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .kaggle.com
-		- www.kaggle.com
-		- .www.kaggle.com
-
--->
-<ruleset name="Kaggle.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="kaggle.com" />
-	<target host="www.kaggle.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.(www\.)?kaggle\.com$" name="^ARRAffinity$" /-->
-	<!--securecookie host="^www\.kaggle\.com$" name="^__RequestVerificationToken$" /-->
-
-	<securecookie host="^(\.|\.?www\.)?kaggle\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KaiRo.xml b/src/chrome/content/rules/KaiRo.xml
index 6aef3cf20562..2dbec26d197f 100644
--- a/src/chrome/content/rules/KaiRo.xml
+++ b/src/chrome/content/rules/KaiRo.xml
@@ -16,7 +16,7 @@ Fetch error: http://mail.kairo.at/ => https://mail.kairo.at/: (28, 'Connection t
 		- spoeck.kairo.at
 		- www.uze.kairo.at
 -->
-<ruleset name="KaiRo" default_off='failed ruleset test'>
+<ruleset name="KaiRo" default_off="failed ruleset test">
 
 	<target host="www.cbsm.at" />
 	<target host="14.cbsm.at" />
@@ -51,7 +51,7 @@ Fetch error: http://mail.kairo.at/ => https://mail.kairo.at/: (28, 'Connection t
 	<target host="www.rentyoursong.cbsm.at" />
 	<target host="roses.cbsm.at" />
 	<target host="www.roses.cbsm.at" />
-	
+
 	<target host="www.kairo.at" />
 	<target host="amrathea-test.kairo.at" />
 	<target host="www.amrathea-test.kairo.at" />
diff --git a/src/chrome/content/rules/Kaimi.io.xml b/src/chrome/content/rules/Kaimi.io.xml
index 5cc5dd23b7a7..4d32005a9254 100644
--- a/src/chrome/content/rules/Kaimi.io.xml
+++ b/src/chrome/content/rules/Kaimi.io.xml
@@ -5,14 +5,11 @@
 -->
 
 <ruleset name="Kaimi.io">
-	<target host="kaimi.io" />
-	<target host="www.kaimi.io" />
 
 	<target host="kaimi.ru" />
 	<target host="www.kaimi.ru" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://www\.kaimi\.(io|ru)/" to="https://kaimi.$1/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kaiseki.me.xml b/src/chrome/content/rules/Kaiseki.me.xml
deleted file mode 100644
index 5f78955e40df..000000000000
--- a/src/chrome/content/rules/Kaiseki.me.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="kaiseki.me">
-
-	<target host="kaiseki.me" />
-	<target host="www.kaiseki.me" />
-
-
-	<securecookie host="^(?:www\.)?kaiseki\.me$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kaiser_Systeme.xml b/src/chrome/content/rules/Kaiser_Systeme.xml
index bc7c9ac39cb8..c85cde2c475e 100644
--- a/src/chrome/content/rules/Kaiser_Systeme.xml
+++ b/src/chrome/content/rules/Kaiser_Systeme.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?kaisersysteme\.com/(.+/image|.+/stylesheet)s/"
 		to="https://$1kaisersysteme.com/$2s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaldi-ASR.org.xml b/src/chrome/content/rules/Kaldi-ASR.org.xml
new file mode 100644
index 000000000000..a043d3d260d4
--- /dev/null
+++ b/src/chrome/content/rules/Kaldi-ASR.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Kaldi-ASR.org">
+	<target host="kaldi-asr.org" />
+	<target host="www.kaldi-asr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kalooga.com.xml b/src/chrome/content/rules/Kalooga.com.xml
index 772af459df19..cb4362143b30 100644
--- a/src/chrome/content/rules/Kalooga.com.xml
+++ b/src/chrome/content/rules/Kalooga.com.xml
@@ -55,7 +55,7 @@
 	<test url="http://img.kaloo.ga/thumb?url=http%3A%2F%2Fwww.shz.de%2Fimg%2Fwirtschaft%2Fcrop11177506%2F8806138589-cv16_9-h335%2Furn-newsml-dpa-com-20090101-151111-99-05409-large-4-3.jpg&amp;md5val=911f772734b61479440330f1140d13b4&amp;key=00f8a403a132c924d4f37b5df7818f1454f668f8&amp;size=192x140" />
 	<test url="http://publishing.kaloo.ga/acct/4455.js" />
 	<test url="http://geo.kaloo.ga/json/" />
-	
+
 	<rule from="^http://kalooga\.com/"
 		to="https://www.kalooga.com/" />
 
diff --git a/src/chrome/content/rules/Kaltura.com-falsemixed.xml b/src/chrome/content/rules/Kaltura.com-falsemixed.xml
index aa290220763e..85bed5e42743 100644
--- a/src/chrome/content/rules/Kaltura.com-falsemixed.xml
+++ b/src/chrome/content/rules/Kaltura.com-falsemixed.xml
@@ -1,5 +1,5 @@
 <!--
-	For rules not causing false/broken MCB, see Kaltura.xml.	
+	For rules not causing false/broken MCB, see Kaltura.xml.
 
 -->
 <ruleset name="Kaltura.com (false MCB)" platform="mixedcontent">
diff --git a/src/chrome/content/rules/Kangurum.xml b/src/chrome/content/rules/Kangurum.xml
index c5b245a0097e..d2661bdc5901 100644
--- a/src/chrome/content/rules/Kangurum.xml
+++ b/src/chrome/content/rules/Kangurum.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.kangurum.com.tr/ => https://www.kangurum.com.tr/: Redirect for 'http://www.kangurum.com.tr/' missing Location
 Fetch error: http://kangurum.com.tr/ => https://www.kangurum.com.tr/: Redirect for 'http://kangurum.com.tr/' missing Location
 -->
-<ruleset name="Kangurum" default_off='failed ruleset test'>
+<ruleset name="Kangurum" default_off="failed ruleset test">
   <target host="www.kangurum.com.tr" />
   <target host="kangurum.com.tr" />
 
diff --git a/src/chrome/content/rules/Kansas.com.xml b/src/chrome/content/rules/Kansas.com.xml
index 903fddef4833..d42dacc96514 100644
--- a/src/chrome/content/rules/Kansas.com.xml
+++ b/src/chrome/content/rules/Kansas.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://customercare.kansas.com/ => https://customercare.kansas.com/
 	* 503, akamai
 
 -->
-<ruleset name="Kansas.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Kansas.com (partial)" default_off="failed ruleset test">
 
 	<target host="customercare.kansas.com" />
 
@@ -24,4 +24,4 @@ Fetch error: http://customercare.kansas.com/ => https://customercare.kansas.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kantar-Latam-Portal.xml b/src/chrome/content/rules/Kantar-Latam-Portal.xml
index 39329dfa170b..d434b9e05599 100644
--- a/src/chrome/content/rules/Kantar-Latam-Portal.xml
+++ b/src/chrome/content/rules/Kantar-Latam-Portal.xml
@@ -8,10 +8,10 @@ Fetch error: http://kantarlatam.com/ => https://www.kantarlatam.com/: (6, 'Could
 	For other Kanvar coverage, see TNS-Global.xml.
 
 -->
-<ruleset name="Kantar Latam Portal" default_off='failed ruleset test'>
+<ruleset name="Kantar Latam Portal" default_off="failed ruleset test">
 
 	<target host="kantarlatam.com" />
-	<target host="*.kantarlatam.com" />
+	<target host="www.kantarlatam.com" />
 
 
 	<securecookie host="^.*\.kantarlatam\.com$" name=".+" />
diff --git a/src/chrome/content/rules/KapWatch.com.xml b/src/chrome/content/rules/KapWatch.com.xml
new file mode 100644
index 000000000000..dc3d77882e6b
--- /dev/null
+++ b/src/chrome/content/rules/KapWatch.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KapWatch.com">
+	<target host="kapwatch.com" />
+	<target host="www.kapwatch.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kapital.kz.xml b/src/chrome/content/rules/Kapital.kz.xml
new file mode 100644
index 000000000000..dd0b2fa2986d
--- /dev/null
+++ b/src/chrome/content/rules/Kapital.kz.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatch:
+		www.kapital.kz
+-->
+<ruleset name="Kapital.kz" >
+	<target host="kapital.kz" />
+	<target host="www.kapital.kz" />
+	<target host="ey25.kapital.kz" />
+	<target host="i.kapital.kz" />
+		<test url="http://i.kapital.kz/c/5a8fbba50b6ec8389cfc885b714fb734/n/109/100/9/b/7/a/d/357a05925f648fd154ef368ea53.jpg" />
+	<target host="kimep.kapital.kz" />
+	<target host="m.kapital.kz" />
+	<target host="max.kapital.kz" />
+	<target host="visa.kapital.kz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.kapital\.kz/" to="https://kapital.kz/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kapiton.se.xml b/src/chrome/content/rules/Kapiton.se.xml
index 9ff64e41e9e8..22646e7bdf90 100644
--- a/src/chrome/content/rules/Kapiton.se.xml
+++ b/src/chrome/content/rules/Kapiton.se.xml
@@ -5,7 +5,7 @@ Fetch error: http://kapiton.se/ => https://kapiton.se/: (7, 'Failed to connect t
 Fetch error: http://www.kapiton.se/ => https://www.kapiton.se/: (7, 'Failed to connect to www.kapiton.se port 443: Connection refused')
 
 -->
-<ruleset name="Kapiton.se" default_off='failed ruleset test'>
+<ruleset name="Kapiton.se" default_off="failed ruleset test">
 
 	<target host="kapiton.se" />
 	<target host="www.kapiton.se" />
@@ -16,4 +16,4 @@ Fetch error: http://www.kapiton.se/ => https://www.kapiton.se/: (7, 'Failed to c
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaply.com.xml b/src/chrome/content/rules/Kaply.com.xml
index aba250356354..d8b8e78084d6 100644
--- a/src/chrome/content/rules/Kaply.com.xml
+++ b/src/chrome/content/rules/Kaply.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.mike.kaply.com/ => https://www.mike.kaply.com/: (51, "SS
 	(www.)?kaply.com: Mismatched
 
 -->
-<ruleset name="Kaply.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Kaply.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kapsi.fi.xml b/src/chrome/content/rules/Kapsi.fi.xml
index e5cdf6a76f4f..cacb45636c50 100644
--- a/src/chrome/content/rules/Kapsi.fi.xml
+++ b/src/chrome/content/rules/Kapsi.fi.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://koti.kapsi.fi/ => https://koti.kapsi.fi/: label empty or too long
 
 -->
-<ruleset name="Kapsi.fi (very partial)" default_off='failed ruleset test'>
+<ruleset name="Kapsi.fi (very partial)" default_off="failed ruleset test">
   <target host="www.kapsi.fi"/>
   <target host="kapsi.fi"/>
   <target host="koti.kapsi.fi"/>
diff --git a/src/chrome/content/rules/Kapt-Cha.xml b/src/chrome/content/rules/Kapt-Cha.xml
index 52bd8fc2ac88..506d1c344717 100644
--- a/src/chrome/content/rules/Kapt-Cha.xml
+++ b/src/chrome/content/rules/Kapt-Cha.xml
@@ -2,7 +2,7 @@
 	<target host="ssl.kaptcha.com" />
 
 	<securecookie host="^\.kaptcha\.com$" name=".+" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Karger.com.xml b/src/chrome/content/rules/Karger.com.xml
deleted file mode 100644
index 2c4b59aa277c..000000000000
--- a/src/chrome/content/rules/Karger.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	Nonfunctional hosts in *karger.com:
-
-		- misc *
-
-	* 503
-
-
-	^karger.com: Mismatched
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .karger.com
-		- www.karger.com
-
--->
-<ruleset name="Karger.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.karger.com" />
-
-	<!--	Complications:
-				-->
-	<target host="karger.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.karger\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
-	<!--securecookie host="^www\.karger\.com$" name="^(?:___utm[abm]\w+|\.ASPXAUTH|ASP\.NET_SessionId)$" /-->
-
-	<securecookie host="^\." name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://karger\.com/"
-		to="https://www.karger.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kariera.gr.xml b/src/chrome/content/rules/Kariera.gr.xml
index 5b401074c784..3bb918d58b45 100644
--- a/src/chrome/content/rules/Kariera.gr.xml
+++ b/src/chrome/content/rules/Kariera.gr.xml
@@ -4,7 +4,7 @@
 <ruleset name="Kariera.gr">
   <target host="*.kariera.gr" />
 
-	<securecookie host="^(?:.*\.)?kariera\.gr$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
   <rule from="^http://(\w+\.)?kariera\.gr/" to="https://$1kariera.gr/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Karlsruhe.de.xml b/src/chrome/content/rules/Karlsruhe.de.xml
new file mode 100644
index 000000000000..b52351b9224a
--- /dev/null
+++ b/src/chrome/content/rules/Karlsruhe.de.xml
@@ -0,0 +1,142 @@
+<!--
+	Invalid certificate:
+		- www.cbs.karlsruhe.de
+		- www.vibe.ces.karlsruhe.de
+		- www.web.ces.karlsruhe.de
+		- ess.karlsruhe.de
+		- cas.ess.karlsruhe.de
+		- moodle.ess.karlsruhe.de
+		- fls.karlsruhe.de
+		- huebsch.karlsruhe.de
+		- www.huebsch.karlsruhe.de
+		- owigow.karlsruhe.de
+		- www.sicheres.karlsruhe.de
+		- staatstheater.karlsruhe.de
+		- www.staatstheater.karlsruhe.de
+		- sanierung.staatstheater.karlsruhe.de
+		- spielzeit1[2-8]-1[3-9].staatstheater.karlsruhe.de
+		- stadtlexikon.karlsruhe.de
+		- www.stoerfall.karlsruhe.de
+		- web2.karlsruhe.de
+		- akorgbw.wiki.karlsruhe.de
+
+	Non-2xx HTTP code:
+		- karl.karlsruhe.de
+
+	Refused:
+		- qualle.hhs.karlsruhe.de
+		- kontentor99.karlsruhe.de
+		- rhin2.karlsruhe.de
+
+	Timeout:
+		- afsta.karlsruhe.de
+		- avg.karlsruhe.de
+		- chs.karlsruhe.de
+		- daten.karlsruhe.de
+		- db1.karlsruhe.de
+		- dienste2.karlsruhe.de
+		- endeavour.karlsruhe.de
+		- kultur.karlsruhe.de
+		- la.karlsruhe.de
+		- mail2.karlsruhe.de
+		- mail3.karlsruhe.de
+		- matrix-mdm.karlsruhe.de
+		- cloud.mgg.karlsruhe.de
+		- mdm.mgg.karlsruhe.de
+		- ns1.karlsruhe.de
+		- oa.karlsruhe.de
+		- rhin1.karlsruhe.de
+		- sjb.karlsruhe.de
+		- as.staatstheater.karlsruhe.de
+		- cloud.staatstheater.karlsruhe.de
+		- mon.staatstheater.karlsruhe.de
+		- webmail.staatstheater.karlsruhe.de
+		- ua.karlsruhe.de
+		- wettbewerbe.karlsruhe.de
+		- zjd.karlsruhe.de
+		- zoo.karlsruhe.de
+
+	Unable to get local issuer certificate:
+		- hms.karlsruhe.de
+		- files.hms.karlsruhe.de
+		- suche.karlsruhe.de
+		- suche.karlsruhe2.de
+-->
+<ruleset name="Karlsruhe.de">
+
+	<target host="karlsruhe.de" />
+	<target host="www.karlsruhe.de" />
+	<target host="artenschutz.karlsruhe.de" />
+	<target host="autodiscover.avg.karlsruhe.de" />
+	<target host="bem.karlsruhe.de" />
+	<target host="beteiligung.karlsruhe.de" />
+	<target host="bsb.karlsruhe.de" />
+	<target host="cbs.karlsruhe.de" />
+	<target host="files.cbs.karlsruhe.de" />
+	<target host="moodle.cbs.karlsruhe.de" />
+	<target host="vibe.cbs.karlsruhe.de" />
+	<target host="ces.karlsruhe.de" />
+	<target host="www.ces.karlsruhe.de" />
+	<target host="filr.ces.karlsruhe.de" />
+	<target host="kalender.ces.karlsruhe.de" />
+	<target host="mobile.ces.karlsruhe.de" />
+	<target host="piwik.ces.karlsruhe.de" />
+	<target host="vibe.ces.karlsruhe.de" />
+	<target host="web.ces.karlsruhe.de" />
+	<target host="fw.chs.karlsruhe.de" />
+	<target host="dienste.karlsruhe.de" />
+	<target host="edit.karlsruhe.de" />
+	<target host="edit99.karlsruhe.de" />
+	<target host="faecher.karlsruhe.de" />
+	<target host="feedback.karlsruhe.de" />
+	<target host="formulare.karlsruhe.de" />
+	<target host="geodaten.karlsruhe.de" />
+	<target host="geoportal.karlsruhe.de" />
+	<target host="grabsuche.karlsruhe.de" />
+	<target host="gruenestadt.karlsruhe.de" />
+	<target host="guide.karlsruhe.de" />
+	<target host="heimstiftung.karlsruhe.de" />
+	<target host="hhs.karlsruhe.de" />
+	<target host="www.hhs.karlsruhe.de" />
+	<target host="beta.hhs.karlsruhe.de" />
+	<target host="filr.hhs.karlsruhe.de" />
+	<target host="gazoo.hhs.karlsruhe.de" />
+	<target host="groupwise.hhs.karlsruhe.de" />
+	<target host="moodle.hhs.karlsruhe.de" />
+	<target host="moodlex.hhs.karlsruhe.de" />
+	<target host="moodle.hms.karlsruhe.de" />
+	<target host="mail1.huebsch.karlsruhe.de" />
+	<target host="kalender.karlsruhe.de" />
+	<target host="kammermusikwettbewerb.karlsruhe.de" />
+	<target host="kita.karlsruhe.de" />
+	<target host="autodiscover.kvv.karlsruhe.de" />
+	<target host="lernfabrik.karlsruhe.de" />
+	<target host="www.lernfabrik.karlsruhe.de" />
+	<target host="m.karlsruhe.de" />
+	<target host="matrix-seg.karlsruhe.de" />
+	<target host="www.mgg.karlsruhe.de" />
+	<target host="owncloud.mgg.karlsruhe.de" />
+	<target host="mobil.karlsruhe.de" />
+	<target host="nubnetzwerk.karlsruhe.de" />
+	<target host="opac.karlsruhe.de" />
+	<target host="otv.karlsruhe.de" />
+	<target host="partnerschaftsboerse-eine-welt.karlsruhe.de" />
+	<target host="presse.karlsruhe.de" />
+	<target host="rhin.karlsruhe.de" />
+	<target host="staatstheatertickets.karlsruhe.de" />
+	<target host="transparenz.karlsruhe.de" />
+	<target host="autodiscover.vbk.karlsruhe.de" />
+	<target host="vmz.karlsruhe.de" />
+	<target host="vps.karlsruhe.de" />
+	<target host="web1.karlsruhe.de" />
+	<target host="web3.karlsruhe.de" />
+	<target host="wes.karlsruhe.de" />
+	<target host="wolke.karlsruhe.de" />
+	<target host="www1.karlsruhe.de" />
+	<target host="www99.karlsruhe.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml b/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml
index 692a52576c8f..f4d1886364b5 100644
--- a/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml
+++ b/src/chrome/content/rules/Karlsruhe_Institute_of_Technology.xml
@@ -1,46 +1,41 @@
 <!--
 	Non-functional hosts in *.kit.edu
 		SSL peer certificate was not OK:
-			 - alumni.kit.edu
-			 - bibliothek.kit.edu
-			 - cs.kit.edu
-			 - www.cs.kit.edu
-			 - informatik.kit.edu
-			 - innovation.kit.edu
 			 - lists.kit.edu
-			 - pst.kit.edu
-			 - ptka.kit.edu
-			 - rsm.kit.edu
-			 - scc.kit.edu
-			 - studiumundbehinderung.kit.edu
 -->
 <ruleset name="Karlsruhe Institute of Technology (partial)">
 	<target host="kit.edu" />
 	<target host="www.kit.edu" />
 	<target host="alumni.kit.edu" />
 	<target host="www.alumni.kit.edu" />
+	<target host="bibliothek.kit.edu" />
+	<target host="www.bibliothek.kit.edu" />
 	<target host="blog.bibliothek.kit.edu" />
 	<target host="campus.kit.edu" />
+	<target host="cel.kit.edu" />
+	<target host="www.cel.kit.edu" />
+	<target host="cs.kit.edu" />
+	<target host="www.cs.kit.edu" />
+	<target host="informatik.kit.edu" />
 	<target host="www.informatik.kit.edu" />
+	<target host="innovation.kit.edu" />
 	<target host="www.innovation.kit.edu" />
 	<target host="intranet.kit.edu" />
+	<target host="itiv.kit.edu" />
+	<target host="www.itiv.kit.edu" />
 	<target host="www.lists.kit.edu" />
 	<target host="owa.kit.edu" />
-	<target host="pst.kit.edu" />
 	<target host="www.pst.kit.edu" />
+	<target host="ptka.kit.edu" />
 	<target host="www.ptka.kit.edu" />
+	<target host="rsm.kit.edu" />
 	<target host="www.rsm.kit.edu" />
+	<target host="scc.kit.edu" />
 	<target host="idp.scc.kit.edu" />
 	<target host="wsm10.scc.kit.edu" />
 	<target host="www.scc.kit.edu" />
+	<target host="studiumundbehinderung.kit.edu" />
 	<target host="www.studiumundbehinderung.kit.edu" />
 
-	<rule from="^http://alumni\.kit\.edu/"
-			to="https://www.rsm.kit.edu/" />
-
-	<rule from="^http://pst\.kit\.edu/"
-			to="https://www.pst.kit.edu/" />
-
-	<rule from="^http:" 
-			to="https:" />
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kart_Fighter.com.xml b/src/chrome/content/rules/Kart_Fighter.com.xml
index c46a0645aa0d..4d7c3206d980 100644
--- a/src/chrome/content/rules/Kart_Fighter.com.xml
+++ b/src/chrome/content/rules/Kart_Fighter.com.xml
@@ -35,7 +35,7 @@ Fetch error: http://worldtour.kartfighter.com/ => https://worldtour.kartfighter.
 		- app.kartfighter.com
 
 -->
-<ruleset name="Kart Fighter.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Kart Fighter.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kaseya.net.xml b/src/chrome/content/rules/Kaseya.net.xml
index 75629589f12f..dee88bfe619e 100644
--- a/src/chrome/content/rules/Kaseya.net.xml
+++ b/src/chrome/content/rules/Kaseya.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://provision.relay.kaseya.net/ => https://provision.relay.kasey
 	^kaseya.net doesn't exist.
 
 -->
-<ruleset name="Kaseya.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Kaseya.net (partial)" default_off="failed ruleset test">
 
 	<target host="provision.relay.kaseya.net" />
 
diff --git a/src/chrome/content/rules/Kasimp3.xml b/src/chrome/content/rules/Kasimp3.xml
index 88cb15c81649..aa14bb1ec29a 100644
--- a/src/chrome/content/rules/Kasimp3.xml
+++ b/src/chrome/content/rules/Kasimp3.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?kasimp3\.co\.za/"
 		to="https://www.kasimp3.co.za/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaspersky-cyberstat.com.xml b/src/chrome/content/rules/Kaspersky-cyberstat.com.xml
index 7423d43d1d23..0b182c89b4a9 100644
--- a/src/chrome/content/rules/Kaspersky-cyberstat.com.xml
+++ b/src/chrome/content/rules/Kaspersky-cyberstat.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.kaspersky-cyberstat.com/ => https://www.kaspersky-cybers
 	For other Kaspersky coverage, see Kaspersky.com.xml.
 
 -->
-<ruleset name="Kaspersky-cyberstat.com" default_off='failed ruleset test'>
+<ruleset name="Kaspersky-cyberstat.com" default_off="failed ruleset test">
 
 	<target host="kaspersky-cyberstat.com" />
 	<target host="www.kaspersky-cyberstat.com" />
diff --git a/src/chrome/content/rules/Kasperskycontenthub.com.xml b/src/chrome/content/rules/Kasperskycontenthub.com.xml
index ca49eee5cb7d..004f142d979b 100644
--- a/src/chrome/content/rules/Kasperskycontenthub.com.xml
+++ b/src/chrome/content/rules/Kasperskycontenthub.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.kasperskycontenthub.com/ => https://www.kasperskycontent
 	* Secured by us, doesn't trip MCB
 
 -->
-<ruleset name="kasperskycontenthub.com" default_off='failed ruleset test'>
+<ruleset name="kasperskycontenthub.com" default_off="failed ruleset test">
 
 	<target host="kasperskycontenthub.com" />
 	<target host="www.kasperskycontenthub.com" />
diff --git a/src/chrome/content/rules/Kat_de_Paris.xml b/src/chrome/content/rules/Kat_de_Paris.xml
deleted file mode 100644
index 161a5d777edf..000000000000
--- a/src/chrome/content/rules/Kat_de_Paris.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<ruleset name="Kat-de-Paris.fr (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="kat-de-paris.fr" />
-	<target host="www.kat-de-paris.fr" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://kat-de-paris\.fr/en/(?:$|authentication\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://kat-de-paris\.fr/+(?!\d+-home_default/|favicon\.ico|modules/|themes/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://kat-de-paris.fr/blog" />
-			<test url="http://kat-de-paris.fr/en/" />
-			<test url="http://kat-de-paris.fr/en/authentication" />
-			<test url="http://kat-de-paris.fr/en/contact-us" />
-			<test url="http://kat-de-paris.fr/en/my-account" />
-			<test url="http://kat-de-paris.fr/en/password-recovery" />
-
-			<!--	-ve:
-					-->
-			<test url="http://kat-de-paris.fr/2332-home_default/parure-lit-enfant-reversible-taupe-pois-rayures-noires.jpg" />
-			<test url="http://kat-de-paris.fr/favicon.ico" />
-			<test url="http://kat-de-paris.fr/img/logo.jpg" />
-			<test url="http://kat-de-paris.fr/modules/homeslider/images/sample-1.jpg" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kates_Comment.com.xml b/src/chrome/content/rules/Kates_Comment.com.xml
index 578fbc460f7f..307262e2bffb 100644
--- a/src/chrome/content/rules/Kates_Comment.com.xml
+++ b/src/chrome/content/rules/Kates_Comment.com.xml
@@ -21,7 +21,7 @@
 	<target host="cdn.katescomment.com" />
 
 
-	<securecookie host="^(?:.*\.)?katescomment\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://cdn\.katescomment\.com/"
diff --git a/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml b/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml
index 68690382842c..9e357259fba5 100644
--- a/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml
+++ b/src/chrome/content/rules/Katholieke-Universiteit-Leuven.xml
@@ -68,7 +68,7 @@ Fetch error: http://netlogin.kuleuven.be/ => https://netlogin.kuleuven.be/: (28,
 	¹ * Secured by us
 
 -->
-<ruleset name="KU Leuven.be (partial)" default_off='failed ruleset test'>
+<ruleset name="KU Leuven.be (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Katwarn.de.xml b/src/chrome/content/rules/Katwarn.de.xml
new file mode 100644
index 000000000000..f8d394542997
--- /dev/null
+++ b/src/chrome/content/rules/Katwarn.de.xml
@@ -0,0 +1,27 @@
+<!--
+	This domain contains a wildcard certificate and DNS record.
+
+	Connection refused:
+		- api.katwarn.de
+
+	Invalid certificate:
+		- profile.api.katwarn.de
+		- service.api.katwarn.de
+
+	Legacy Symantec certificate:
+		- geoserver.katwarn.de
+		- management.katwarn.de
+		- web-test.katwarn.de
+-->
+
+<ruleset name="Katwarn.de">
+	<target host="katwarn.de" />
+	<target host="www.katwarn.de" />
+	<target host="content.katwarn.de" />
+	<target host="katwarnw.katwarn.de" />
+	<target host="redsys.katwarn.de" />
+	<target host="warnungen.katwarn.de" />
+	<target host="ww.katwarn.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kaufland.cz.xml b/src/chrome/content/rules/Kaufland.cz.xml
index 4a974730075b..8c665e0eaaa7 100644
--- a/src/chrome/content/rules/Kaufland.cz.xml
+++ b/src/chrome/content/rules/Kaufland.cz.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www-q.kaufland.cz/ => https://www-q.kaufland.cz/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Kaufland.cz" default_off='failed ruleset test'>
+<ruleset name="Kaufland.cz" default_off="failed ruleset test">
     <target host="www.kaufland.cz" />
     <target host="www-q.kaufland.cz" />
 
diff --git a/src/chrome/content/rules/Kayako-clients.xml b/src/chrome/content/rules/Kayako-clients.xml
index a9e8c08c5a07..0a61edf48425 100644
--- a/src/chrome/content/rules/Kayako-clients.xml
+++ b/src/chrome/content/rules/Kayako-clients.xml
@@ -9,7 +9,7 @@
 	<target host="*.helpserve.com" />
 
 
-	<securecookie host="^.*\.helpserve\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Clients have unique subdomains, e.g.
diff --git a/src/chrome/content/rules/Kayako.xml b/src/chrome/content/rules/Kayako.xml
index e128cfd4b467..0977f0760f63 100644
--- a/src/chrome/content/rules/Kayako.xml
+++ b/src/chrome/content/rules/Kayako.xml
@@ -30,7 +30,7 @@
 		<exclusion pattern="^http://(?:blog|forge|forums|wiki|www)\." />
 
 
-	<securecookie host=".+\.kayako\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://media\.kayako\.com/"
@@ -39,4 +39,4 @@
 	<rule from="^http://([\w-]+)\.kayako\.com/"
 		to="https://$1.kayako.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kaywa.xml b/src/chrome/content/rules/Kaywa.xml
index cd7733b7c292..3439531e6bdd 100644
--- a/src/chrome/content/rules/Kaywa.xml
+++ b/src/chrome/content/rules/Kaywa.xml
@@ -38,7 +38,7 @@
 	<target host="toshiro.kaywa.com" />
 
 	<securecookie host="^\w" name=".+" />
-	
+
 	<rule from="^http://(www\.)?kaywa\.com/"
 		to="https://qrcode.kaywa.com/" />
 
diff --git a/src/chrome/content/rules/Kb.se.xml b/src/chrome/content/rules/Kb.se.xml
new file mode 100644
index 000000000000..455f88d8d558
--- /dev/null
+++ b/src/chrome/content/rules/Kb.se.xml
@@ -0,0 +1,13 @@
+<!--
+ 	Nonfunctional hosts in *.kb.se:
+	    www.libris.kb.se (m)	
+            librishelp.libris.kb.se (403 Forbidden)
+            uppsok.libris.kb.se (No route to host)
+-->
+<ruleset name="Kb.se">
+	<target host="kb.se" />
+	<target host="www.kb.se" />
+	<target host="libris.kb.se" />
+	<target host="sondera.kb.se" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kb8ojh.net.xml b/src/chrome/content/rules/Kb8ojh.net.xml
index 01711a30bf45..fe01e3642a78 100644
--- a/src/chrome/content/rules/Kb8ojh.net.xml
+++ b/src/chrome/content/rules/Kb8ojh.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.kb8ojh.net/ => https://www.kb8ojh.net/: (51, "SSL: no al
 Disabled by https-everywhere-checker because:
 Fetch error: http://www.kb8ojh.net/ => https://www.kb8ojh.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kb8ojh.net'")
 -->
-<ruleset name="kb8ojh.net" default_off='failed ruleset test'>
+<ruleset name="kb8ojh.net" default_off="failed ruleset test">
 
 	<target host="kb8ojh.net" />
 	<target host="www.kb8ojh.net" />
diff --git a/src/chrome/content/rules/Kbia-gmbh.de.xml b/src/chrome/content/rules/Kbia-gmbh.de.xml
index 8653980ee51e..f19f6db6a788 100644
--- a/src/chrome/content/rules/Kbia-gmbh.de.xml
+++ b/src/chrome/content/rules/Kbia-gmbh.de.xml
@@ -18,7 +18,7 @@
 		- cloud.kbia-gmbh.de
 
 -->
-<ruleset name="kbia-gmbh.de (partial)" default_off="missing certificate chain">
+<ruleset name="kbia-gmbh.de (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kdelive.org.xml b/src/chrome/content/rules/Kdelive.org.xml
index 85545cb86211..02f63b7569a7 100644
--- a/src/chrome/content/rules/Kdelive.org.xml
+++ b/src/chrome/content/rules/Kdelive.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://kdelive.org/ => https://kdelive.org/: (7, 'Failed to connect
 Fetch error: http://www.kdelive.org/ => https://www.kdelive.org/: (7, 'Failed to connect to www.kdelive.org port 443: Connection refused')
 
 -->
-<ruleset name="Kdelive.org" default_off='failed ruleset test'>
+<ruleset name="Kdelive.org" default_off="failed ruleset test">
 
 	<target host="kdelive.org" />
 	<target host="www.kdelive.org" />
diff --git a/src/chrome/content/rules/KeePassXC.org.xml b/src/chrome/content/rules/KeePassXC.org.xml
new file mode 100644
index 000000000000..3654300f4ead
--- /dev/null
+++ b/src/chrome/content/rules/KeePassXC.org.xml
@@ -0,0 +1,16 @@
+<ruleset name="KeePassXC.org">
+
+	<target host="keepassxc.org" />
+	<target host="www.keepassxc.org" />
+	<target host="analytics.keepassxc.org" />
+	<target host="ci.keepassxc.org" />
+	<target host="docs.keepassxc.org" />
+	<target host="githook.keepassxc.org" />
+	<target host="snapshot.keepassxc.org" />
+	<target host="staging.keepassxc.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Keelog.com.xml b/src/chrome/content/rules/Keelog.com.xml
index 22dfb3d777d4..8034c870a37c 100644
--- a/src/chrome/content/rules/Keelog.com.xml
+++ b/src/chrome/content/rules/Keelog.com.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KeepTempo.com.xml b/src/chrome/content/rules/KeepTempo.com.xml
index 83dcd1889ee4..5adcc3ec503d 100644
--- a/src/chrome/content/rules/KeepTempo.com.xml
+++ b/src/chrome/content/rules/KeepTempo.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://app.keeptempo.com/ => https://app.keeptempo.com/: (6, 'Could
 		- app.keeptempo.com
 
 -->
-<ruleset name="keepTempo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="keepTempo.com (partial)" default_off="failed ruleset test">
 
 	<!--target host="keeptempo.com" /-->
 	<target host="app.keeptempo.com" />
diff --git a/src/chrome/content/rules/Keep_all_the_things.com.xml b/src/chrome/content/rules/Keep_all_the_things.com.xml
index f3f7c16c7ce9..2a9dcea844d1 100644
--- a/src/chrome/content/rules/Keep_all_the_things.com.xml
+++ b/src/chrome/content/rules/Keep_all_the_things.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://keepallthethings.com/ => https://keepallthethings.com/: (6, 'Could not resolve host: keepallthethings.com')
 
 -->
-<ruleset name="Keep all the things.com" default_off='failed ruleset test'>
+<ruleset name="Keep all the things.com" default_off="failed ruleset test">
 
 	<target host="keepallthethings.com" />
 	<target host="assets.keepallthethings.com" />
diff --git a/src/chrome/content/rules/Keksbude.net.xml b/src/chrome/content/rules/Keksbude.net.xml
index 31decc9a4f57..4c6b98a84419 100644
--- a/src/chrome/content/rules/Keksbude.net.xml
+++ b/src/chrome/content/rules/Keksbude.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.keksbude.net/ => https://www.keksbude.net/: (6, 'Could n
 	* Mismatched
 
 -->
-<ruleset name="keksbude.net (partial)" default_off='failed ruleset test'>
+<ruleset name="keksbude.net (partial)" default_off="failed ruleset test">
 
 	<target host="keksbude.net" />
 	<target host="svn.keksbude.net" />
diff --git a/src/chrome/content/rules/Kelley-Blue-Book.xml b/src/chrome/content/rules/Kelley-Blue-Book.xml
index 0ae4d0d6c500..0c90b3681432 100644
--- a/src/chrome/content/rules/Kelley-Blue-Book.xml
+++ b/src/chrome/content/rules/Kelley-Blue-Book.xml
@@ -6,19 +6,20 @@ Fetch error: http://kbb.com/ => https://kbb.com/: (28, 'Connection timed out aft
 Disabled by https-everywhere-checker because:
 Fetch error: http://kbb.com/ => https://kbb.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Kelley Blue Book Co." platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Kelley Blue Book Co." platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="kbb.com"/>
-	<target host="*.kbb.com"/>
+	<target host="s1.kbb.com" />
+	<target host="www.kbb.com" />
+	<target host="file.kbb.com" />
 	<!--	Akamai	-->
 	<target host="file.kelleybluebookimages.com"/>
 
 	<securecookie host="^(?:.*\.)?kbb\.com$" name=".+" />
 
-	<rule from="^http://(s1\.|www\.)?kbb\.com/"
-		to="https://$1kbb.com/"/>
 
 	<rule from="^http://file\.k(?:bb|elleybluebookimages)\.com/"
 		to="https://file.kbb.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kenengba.com.xml b/src/chrome/content/rules/Kenengba.com.xml
index 34c1621ea2cf..4eabbacd1de8 100644
--- a/src/chrome/content/rules/Kenengba.com.xml
+++ b/src/chrome/content/rules/Kenengba.com.xml
@@ -3,4 +3,4 @@
   <target host="www.kenengba.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kent.gov.uk.xml b/src/chrome/content/rules/Kent.gov.uk.xml
index 1898ff5a31aa..0bb6c58f9173 100644
--- a/src/chrome/content/rules/Kent.gov.uk.xml
+++ b/src/chrome/content/rules/Kent.gov.uk.xml
@@ -32,10 +32,10 @@ Fetch error: http://www.eis.kent.gov.uk/ => https://www.eiskent.co.uk/: (51, "SS
 
 
 	These altnames don't exist:
-	
+
 		- www.ola.kent.gov.uk
 
-	
+
 	Insecure cookies are set for these hosts: ᶜ
 
 		- beta.kent.gov.uk
@@ -57,14 +57,14 @@ Fetch error: http://www.eis.kent.gov.uk/ => https://www.eiskent.co.uk/: (51, "SS
 	Mixed content:
 
 		- css, on:
-		
+
 			- consultations from fonts.googleapis.com ˢ
 			- www.eis, oktd, admin.oktd, open, admin.open from www.google.com ˢ
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Kent.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Kent.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kent_Backman.com.xml b/src/chrome/content/rules/Kent_Backman.com.xml
index d6ff85b3df3a..d99319a9a301 100644
--- a/src/chrome/content/rules/Kent_Backman.com.xml
+++ b/src/chrome/content/rules/Kent_Backman.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://b.kentbackman.com/ => https://b.kentbackman.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Kent Backman.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Kent Backman.com (partial)" default_off="failed ruleset test">
 	<target host="b.kentbackman.com" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Kentico.xml b/src/chrome/content/rules/Kentico.xml
index b0f7bc5cf3d3..6ef52053b55b 100644
--- a/src/chrome/content/rules/Kentico.xml
+++ b/src/chrome/content/rules/Kentico.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KentuckyOneHealth.org.xml b/src/chrome/content/rules/KentuckyOneHealth.org.xml
index 59f05f169f3f..0633ccf2a64c 100644
--- a/src/chrome/content/rules/KentuckyOneHealth.org.xml
+++ b/src/chrome/content/rules/KentuckyOneHealth.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.jhsmh.org/ => https://www.jhsmh.org/: (6, 'Could not res
 Fetch error: http://jhsmh.org/ => https://jhsmh.org/: (7, 'Failed to connect to jhsmh.org port 443: Connection timed out')
 
 -->
-<ruleset name="KentuckyOne Health" default_off='failed ruleset test'>
+<ruleset name="KentuckyOne Health" default_off="failed ruleset test">
 <target host="www.kentuckyonehealth.org"/>
 <target host=    "kentuckyonehealth.org"/>
 <!-- insidekentuckyonehealth.org without ssl -->
diff --git a/src/chrome/content/rules/Ketchum.com.xml b/src/chrome/content/rules/Ketchum.com.xml
deleted file mode 100644
index 5cbb2da9ff90..000000000000
--- a/src/chrome/content/rules/Ketchum.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Ketchum.com (partial)">
-
-	<target host="*.ketchum.com" />
-
-
-	<securecookie host="^\.?facebook\.ketchum\.com$" name=".+" />
-
-
-	<rule from="^http://facebook\.ketchum\.com/"
-		to="https://facebook.ketchum.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/KettleBrand.com.xml b/src/chrome/content/rules/KettleBrand.com.xml
new file mode 100644
index 000000000000..baf7922fd8c7
--- /dev/null
+++ b/src/chrome/content/rules/KettleBrand.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- kettlebrand.comm
+-->
+
+<ruleset name="KettleBrand.com" platform="mixedcontent">
+	<target host="kettlebrand.com" />
+	<target host="www.kettlebrand.com" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KevinAThompson.com.xml b/src/chrome/content/rules/KevinAThompson.com.xml
new file mode 100644
index 000000000000..27fbdb19687a
--- /dev/null
+++ b/src/chrome/content/rules/KevinAThompson.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.kevinathompson.com
+-->
+
+<ruleset name="KevinAThompson.com" platform="mixedcontent">
+	<target host="kevinathompson.com" />
+	<target host="www.kevinathompson.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Key-server.io.xml b/src/chrome/content/rules/Key-server.io.xml
new file mode 100644
index 000000000000..b24b173348a7
--- /dev/null
+++ b/src/chrome/content/rules/Key-server.io.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.key-server.io:
+		- www (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Key-server.io">
+	<target host="key-server.io" />
+	<target host="www.key-server.io" />
+	<target host="pgp.key-server.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.key-server\.io/" to="https://key-server.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Keygens.nl.xml b/src/chrome/content/rules/Keygens.nl.xml
index 162620ba7d0b..7dbcf3e5fb8a 100644
--- a/src/chrome/content/rules/Keygens.nl.xml
+++ b/src/chrome/content/rules/Keygens.nl.xml
@@ -4,7 +4,7 @@
 	www.keygens.nl: Mismatched
 
 -->
-<ruleset name="Keygens.nl" default_off="missing certificate chain">
+<ruleset name="Keygens.nl" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Keygiveaway.xml b/src/chrome/content/rules/Keygiveaway.xml
deleted file mode 100644
index ed26a0041238..000000000000
--- a/src/chrome/content/rules/Keygiveaway.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Keygiveaway.com">
-	<target host="keygiveaway.com" />
-	<target host="www.keygiveaway.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Kfc.ca.xml b/src/chrome/content/rules/Kfc.ca.xml
new file mode 100644
index 000000000000..74428200426c
--- /dev/null
+++ b/src/chrome/content/rules/Kfc.ca.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- careers.kfc.ca
+
+	SSL error:
+		- morefor4.kfc.ca
+-->
+
+<ruleset name="Kfc.ca">
+	<target host="kfc.ca" />
+	<target host="www.kfc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KhalifaofIslam.com.xml b/src/chrome/content/rules/KhalifaofIslam.com.xml
deleted file mode 100644
index 5ed135baaff8..000000000000
--- a/src/chrome/content/rules/KhalifaofIslam.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid certificate:
-	- khalifaofislam.com
-
--->
-<ruleset name="KhalifaofIslam.com">
-	<target host="khalifaofislam.com" />
-	<target host="www.khalifaofislam.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://khalifaofislam\.com/" to="https://www.khalifaofislam.com/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Khalsa-Credit-Union.xml b/src/chrome/content/rules/Khalsa-Credit-Union.xml
index 7faec0fdb499..df684a00b59c 100644
--- a/src/chrome/content/rules/Khalsa-Credit-Union.xml
+++ b/src/chrome/content/rules/Khalsa-Credit-Union.xml
@@ -5,11 +5,9 @@
 
 <ruleset name="Khalsa Credit Union">
 	<target host="khalsacreditunion.ca" />
-	<target host="www.khalsacreditunion.ca" />
+	<!-- <target host="www.khalsacreditunion.ca" /> -->
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^https?://khalsacreditunion\.ca/" to="https://www.khalsacreditunion.ca/" />
-		<test url="https://khalsacreditunion.ca/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Khamsat.com.xml b/src/chrome/content/rules/Khamsat.com.xml
new file mode 100644
index 000000000000..55493ca894d0
--- /dev/null
+++ b/src/chrome/content/rules/Khamsat.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Khamsat.com">
+	<target host="khamsat.com" />
+	<target host="www.khamsat.com" />
+	<target host="blog.khamsat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Khan-Academy.xml b/src/chrome/content/rules/Khan-Academy.xml
index 7166941c7172..3d81a4c2ce43 100644
--- a/src/chrome/content/rules/Khan-Academy.xml
+++ b/src/chrome/content/rules/Khan-Academy.xml
@@ -1,32 +1,140 @@
 <!--
-	khanacademy.myshopify.com <=> shop.khanacademy.org
+	Wildcard certificate and DNS records:
+		- kasandbox.org
+		- kastatic.org
+		- khanacademy.org
 
 
-	Nonfunctional domains:
+	kasandbox.org:
+		Invalid certificate:
+			- graphie-to-png.kasandbox.org
 
-		- shop.khanacademy.org *
 
-	* shopify
+	khanacademy.org:
+		Connection closed:
+			- cs-blog.khanacademy.org
+			- data.khanacademy.org
 
+		Connection refused:
+			- toby.khanacademy.org
+
+		Invalid certificate:
+			- invalid cert
+			- crowdin.khanacademy.org
+			- emails.khanacademy.org
+			- internal-services-kube.khanacademy.org
+			- international.khanacademy.org
+			- life.khanacademy.org
+			- schools.khanacademy.org
+			- sendgrid.khanacademy.org
+			- sthorizon.khanacademy.org
+
+		Timed out:
+			- hackweek.khanacademy.org
+			- healthyhackathon.khanacademy.org
 -->
-<ruleset name="Khan Academy">
 
-	<target host="khanacademy.org"/>
-	<target host="www.khanacademy.org"/>
-	<target host="kasandbox.org" />
+<ruleset name="Khan Academy">
+	<!-- kasandbox.org -->
 	<target host="www.kasandbox.org" />
+
+
+	<!-- kastatic.org -->
 	<target host="www.kastatic.org" />
+	<target host="ar.kastatic.org" />
+	<target host="cdn.kastatic.org" />
+	<target host="en.kastatic.org" />
+	<target host="es.kastatic.org" />
+	<target host="fastly.kastatic.org" />
+	<target host="fr.kastatic.org" />
+	<target host="maxcdn.kastatic.org" />
+	<target host="nl.kastatic.org" />
+	<target host="no.kastatic.org" />
+	<target host="pt.kastatic.org" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.khanacademy\.org$" name="^(KAID_PH|detectCookiesEnabled|fkey|gae_b_id|return_visits_.+)$"/-->
 
-	<securecookie host=".+" name=".+" />
+	<!-- khanacademy.org -->
+	<target host="khanacademy.org" />
+	<target host="www.khanacademy.org" />
+	<target host="alerta.khanacademy.org" />
+	<target host="api-explorer.khanacademy.org" />
+	<target host="ar.khanacademy.org" />
+	<target host="bg.khanacademy.org" />
+	<target host="bn.khanacademy.org" />
+	<target host="boxes.khanacademy.org" />
+	<target host="buildmaster.khanacademy.org" />
+	<target host="cmn.khanacademy.org" />
+	<target host="content.khanacademy.org" />
+	<target host="crowdin-gcs-sync.khanacademy.org" />
+	<target host="cs.khanacademy.org" />
+	<target host="da.khanacademy.org" />
+	<target host="da-dk.khanacademy.org" />
+	<target host="de.khanacademy.org" />
+	<target host="de-de.khanacademy.org" />
+	<target host="el.khanacademy.org" />
+	<target host="en.khanacademy.org" />
+	<target host="engineering.khanacademy.org" />
+	<target host="es.khanacademy.org" />
+	<target host="en-pt.khanacademy.org" />
+	<target host="error-monitor-db.khanacademy.org" />
+	<target host="es-es-boxes.khanacademy.org" />
+	<target host="fa.khanacademy.org" />
+	<target host="fa-af.khanacademy.org" />
+	<target host="fr.khanacademy.org" />
+	<target host="he.khanacademy.org" />
+	<target host="hi.khanacademy.org" />
+	<target host="hy.khanacademy.org" />
+	<target host="id.khanacademy.org" />
+	<target host="international-forum.khanacademy.org" />
+	<target host="it.khanacademy.org" />
+	<target host="ja.khanacademy.org" />
+	<target host="jenkins.khanacademy.org" />
+	<target host="ka.khanacademy.org" />
+	<target host="khanalytics.khanacademy.org" />
+	<target host="ko.khanacademy.org" />
+	<target host="learn.khanacademy.org" />
+	<target host="lol.khanacademy.org" />
+	<target host="mathfacts.khanacademy.org" />
+	<target host="mn.khanacademy.org" />
+	<target host="mobile-ci.khanacademy.org" />
+	<target host="mooc.khanacademy.org" />
+	<target host="ms.khanacademy.org" />
+	<target host="nb.khanacademy.org" />
+	<target host="nl.khanacademy.org" />
+	<target host="no.khanacademy.org" />
+	<target host="phabricator.khanacademy.org" />
+	<target host="pl.khanacademy.org" />
+	<target host="pl-pl.khanacademy.org" />
+	<target host="pt.khanacademy.org" />
+	<target host="pt-pt.khanacademy.org" />
+	<target host="ptpt.khanacademy.org" />
+	<target host="ru.khanacademy.org" />
+	<target host="shop.khanacademy.org" />
+	<target host="smarthistory.khanacademy.org" />
+	<target host="sr.khanacademy.org" />
+	<target host="status.khanacademy.org" />
+	<target host="sw.khanacademy.org" />
+	<target host="te.khanacademy.org" />
+	<target host="team.khanacademy.org" />
+	<target host="th.khanacademy.org" />
+	<target host="tr.khanacademy.org" />
+	<target host="uk.khanacademy.org" />
+	<target host="ur.khanacademy.org" />
+	<target host="us.khanacademy.org" />
+	<target host="xh.khanacademy.org" />
+	<target host="ycla.khanacademy.org" />
+	<target host="zero.khanacademy.org" />
+	<target host="www.zero.khanacademy.org" />
+	<target host="es.zero.khanacademy.org" />
+	<target host="httpswww.zero.khanacademy.org" />
+	<target host="zh.khanacademy.org" />
+	<target host="zh-hans.khanacademy.org" />
+	<target host="zu.khanacademy.org" />
 
-	<rule from="^http:"
-		to="https:"/>
 
-	<!--rule from="^http://shop\.khanacademy\.org/"
-		to="https://khanacademy.myshopify.com/" /-->
+	<!-- Not secured by server -->
+	<!--securecookie host="^www\.khanacademy\.org$" name="^(KAID_PH|detectCookiesEnabled|fkey|gae_b_id|return_visits_.+)$"/-->
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KiCanada.com.xml b/src/chrome/content/rules/KiCanada.com.xml
new file mode 100644
index 000000000000..e2da4375f412
--- /dev/null
+++ b/src/chrome/content/rules/KiCanada.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="KiCanada.com">
+	<target host="kicanada.com" />
+	<target host="www.kicanada.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KickApps.xml b/src/chrome/content/rules/KickApps.xml
index 88a255b7c7e3..c3f0f40287d3 100644
--- a/src/chrome/content/rules/KickApps.xml
+++ b/src/chrome/content/rules/KickApps.xml
@@ -16,19 +16,16 @@ Fetch error: http://media.kickstatic.com/ => https://media.kickstatic.com/: (6,
 		- login.cloud	(works, depth mismatched)
 
 -->
-<ruleset name="KickApps (partial)" default_off='failed ruleset test'>
+<ruleset name="KickApps (partial)" default_off="failed ruleset test">
 
-	<target host="*.kickapps.com" />
+	<target host="affiliate.kickapps.com" />
+	<target host="community.kickapps.com" />
 	<target host="media.kickstatic.com" />
 
 
 	<securecookie host="^(?:affiliate|community)\.kickapps\.com$" name=".+" />
 
 
-	<rule from="^http://(affiliate|community)\.kickapps\.com/"
-		to="https://$1.kickapps.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://media\.kickstatic\.com/"
-		to="https://media.kickstatic.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kicker.de.xml b/src/chrome/content/rules/Kicker.de.xml
index c1b20488fbec..b8db34bc46d0 100644
--- a/src/chrome/content/rules/Kicker.de.xml
+++ b/src/chrome/content/rules/Kicker.de.xml
@@ -1,28 +1,67 @@
 <!--
-	Timeout:
-		- (www.)
-		- static
-		- esport
-		- community
-		- anfahrt
-		- rss
-
-	Refused:
-		- esportcup
-		- voting
-
-	Mismatch:
-		- ue
+	SSL: no alternative certificate subject name matches target host name:
+		- *.damoh.kicker.de
+		- spielerkabine.kicker.de
+		- ue.kicker.de
 
-	Problematic hosts:
-		- secure redirects to www on most pages
+	Timeout:
+		- ads.kicker.de
+		- api0.kicker.de
+		- appandroid-cdn.kicker.de
+		- cdn.kicker.de
+		- cetv.kicker.de
+		- devovsyndication.kicker.de
+		- media.kicker.de
+		- mediadb.kicker.de
+		- mediaproxy.kicker.de
+		- origin.kicker.de
+		- photodb.kicker.de
+		- podcast.kicker.de
+		- wcf.kicker.de
 -->
-<ruleset name="Kicker.de (partial)">
-	<target host="fanshop.kicker.de" />
+<ruleset name="Kicker.de">
+
+	<target host="kicker.de" />
+	<target host="www.kicker.de" />
+	<target host="11ts-shop.kicker.de" />
+	<target host="aktion.kicker.de" />
+	<target host="api.kicker.de" />
+	<target host="appmedia.kicker.de" />
+	<target host="appmedia-cdn.kicker.de" />
+	<target host="community.kicker.de" />
+	<target host="community-stage.kicker.de" />
+	<target host="ssl.1.damoh.kicker.de" />
+	<target host="ssl.2.damoh.kicker.de" />
+	<target host="ssl.3.damoh.kicker.de" />
+	<target host="derivates.kicker.de" />
+	<target host="emagazine.kicker.de" />
+	<target host="esport.kicker.de" />
+	<target host="esportcup.kicker.de" />
+	<target host="euro.kicker.de" />
+	<target host="jdgtgb.kicker.de" />
 	<target host="leserservice.kicker.de" />
-	<!-- <target host="mediadb.kicker.de" /> https target misses some resources -->
+	<target host="lesesaal.kicker.de" />
+	<target host="manager.kicker.de" />
+	<target host="olympia.kicker.de" />
+	<target host="ovsyndication.kicker.de" />
+	<target host="partnershop.kicker.de" />
+	<target host="rss.kicker.de" />
 	<target host="secure.kicker.de" />
+	<target host="secure-media.kicker.de" />
+	<target host="secure-mediadb.kicker.de" />
+	<target host="secure-mediaproxy.kicker.de" />
+	<target host="shop.kicker.de" />
+	<target host="stageapi.kicker.de" />
+	<target host="stageovsyndication.kicker.de" />
+	<target host="static.kicker.de" />
+	<target host="staticsecure.kicker.de" />
+	<target host="b0.t.kicker.de" />
+	<target host="tipp.kicker.de" />
+	<target host="ues.kicker.de" />
+	<target host="voting.kicker.de" />
+	<target host="votingrelaunch.kicker.de" />
+	<target host="wintersport.kicker.de" />
+
+	<rule from="^http:"	to="https:" />
 
-	<rule from="^http:"
-		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kicktraq.xml b/src/chrome/content/rules/Kicktraq.xml
deleted file mode 100644
index c0c51a7529ab..000000000000
--- a/src/chrome/content/rules/Kicktraq.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Kicktraq">
-
-	<target host="kicktraq.com" />
-	<target host="www.kicktraq.com" />
-
-
-	<securecookie host="^www\.kicktraq\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KidsHealth.xml b/src/chrome/content/rules/KidsHealth.xml
index d184c21e0466..9c56f92b54b8 100644
--- a/src/chrome/content/rules/KidsHealth.xml
+++ b/src/chrome/content/rules/KidsHealth.xml
@@ -9,7 +9,7 @@ Fetch error: http://teenshealth.org/ => https://secure02.kidshealth.org/teen/: (
 Fetch error: http://www.teenshealth.org/ => https://secure02.kidshealth.org/teen/: (6, 'Could not resolve host: secure02.kidshealth.org')
 
 -->
-<ruleset name="KidsHealth/TeensHealth" default_off='failed ruleset test'>
+<ruleset name="KidsHealth/TeensHealth" default_off="failed ruleset test">
 	<target host="kidshealth.org" />
 	<target host="secure02.kidshealth.org" />
 	<target host="websrv01.kidshealth.org" />
diff --git a/src/chrome/content/rules/Kids_Foot_Locker.xml b/src/chrome/content/rules/Kids_Foot_Locker.xml
index 8f88c2a82a88..dbdac5ac8047 100644
--- a/src/chrome/content/rules/Kids_Foot_Locker.xml
+++ b/src/chrome/content/rules/Kids_Foot_Locker.xml
@@ -18,7 +18,8 @@
 <ruleset name="Kids Foot Locker">
 
 	<target host="kidsfootlocker.com" />
-	<target host="*.kidsfootlocker.com" />
+	<target host="www.kidsfootlocker.com" />
+	<target host="m.kidsfootlocker.com" />
 
 
 	<securecookie host="^.*\.kidsfootlocker\.com$" name=".+" />
@@ -27,7 +28,6 @@
 	<rule from="^http://(?:www\.)?kidsfootlocker\.com/"
 		to="https://www.kidsfootlocker.com/" />
 
-	<rule from="^http://m\.kidsfootlocker\.com/"
-		to="https://m.kidsfootlocker.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kijiji.ca.xml b/src/chrome/content/rules/Kijiji.ca.xml
index 1740258e0a1d..fe97d775da57 100644
--- a/src/chrome/content/rules/Kijiji.ca.xml
+++ b/src/chrome/content/rules/Kijiji.ca.xml
@@ -1,7 +1,11 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://marketing.kijiji.ca/ => https://marketing.kijiji.ca/: (60, 'SSL certificate problem: certificate has expired')
+
 	Other Kijiji rulesets:
 		- Kijiji.it.xml
-		- Kijijiblog.ca.xml
 
 
 	Non-functional subdomains:
@@ -43,7 +47,7 @@
 	<target host="info.kijiji.ca" />
 	<target host="kit.kijiji.ca" />
 	<target host="re.kit.kijiji.ca" />
-	<target host="marketing.kijiji.ca" />
+	<!-- target host="marketing.kijiji.ca" /-->
 	<target host="mingle.kijiji.ca" />
 	<target host="pint.kijiji.ca" />
 	<target host="tmx.kijiji.ca" />
diff --git a/src/chrome/content/rules/Kijijiblog.ca.xml b/src/chrome/content/rules/Kijijiblog.ca.xml
deleted file mode 100644
index 672a178e8c74..000000000000
--- a/src/chrome/content/rules/Kijijiblog.ca.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other Kijiji coverage, see Kijiji.ca.xml
--->
-<ruleset name="Kijijiblog.ca">
-
-	<target host="kijijiblog.ca" />
-	<target host="www.kijijiblog.ca" />
-	<target host="fr.kijijiblog.ca" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Kimono_Labs.com.xml b/src/chrome/content/rules/Kimono_Labs.com.xml
index 840497ef141f..b682671154c2 100644
--- a/src/chrome/content/rules/Kimono_Labs.com.xml
+++ b/src/chrome/content/rules/Kimono_Labs.com.xml
@@ -9,12 +9,12 @@ Fetch error: http://www.kimonolabs.com/ => https://www.kimonolabs.com/: (60, 'SS
 		- (www.)?
 
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- .kimonolabs.com
 
 -->
-<ruleset name="Kimono Labs.com" default_off='failed ruleset test'>
+<ruleset name="Kimono Labs.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kimpluscraig.com.xml b/src/chrome/content/rules/Kimpluscraig.com.xml
index 35bbcea4d3f1..c429795b8b2f 100644
--- a/src/chrome/content/rules/Kimpluscraig.com.xml
+++ b/src/chrome/content/rules/Kimpluscraig.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kinesis-Ergo.com.xml b/src/chrome/content/rules/Kinesis-Ergo.com.xml
index b04f29b054d6..327879b5edc1 100644
--- a/src/chrome/content/rules/Kinesis-Ergo.com.xml
+++ b/src/chrome/content/rules/Kinesis-Ergo.com.xml
@@ -3,7 +3,7 @@
 
 		- Web bug from alaskaoregonwesternwashington.bbb.org *
 
-	* Secured by us 
+	* Secured by us
 
 -->
 <ruleset name="Kinesis-Ergo.com">
diff --git a/src/chrome/content/rules/Kings-College-London.xml b/src/chrome/content/rules/Kings-College-London.xml
index 1f2a09732c8c..e7b6f592c708 100644
--- a/src/chrome/content/rules/Kings-College-London.xml
+++ b/src/chrome/content/rules/Kings-College-London.xml
@@ -6,7 +6,7 @@ Fetch error: http://kcl.ac.uk/ => https://kcl.ac.uk/: (51, "SSL: no alternative
 Disabled by https-everywhere-checker because:
 Fetch error: http://kcl.ac.uk/ => https://kcl.ac.uk/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 -->
-<ruleset name="King's College London (partial)" default_off='failed ruleset test'>
+<ruleset name="King's College London (partial)" default_off="failed ruleset test">
 
 	<target host="kcl.ac.uk" />
 	<target host="alumni.kcl.ac.uk" />
diff --git a/src/chrome/content/rules/Kings_Road_Merch.xml b/src/chrome/content/rules/Kings_Road_Merch.xml
index 44b9361e8eba..1d54bcb67020 100644
--- a/src/chrome/content/rules/Kings_Road_Merch.xml
+++ b/src/chrome/content/rules/Kings_Road_Merch.xml
@@ -7,7 +7,8 @@
 <ruleset name="Kings Road Merch">
 
 	<target host="kingsroadmerch.com" />
-	<target host="*.kingsroadmerch.com" />
+	<target host="secure.kingsroadmerch.com" />
+	<target host="www.kingsroadmerch.com" />
 
 
 	<securecookie host="^(?:secure)?\.kingsroadmerch\.com$" name=".+" />
@@ -16,4 +17,4 @@
 	<rule from="^http://(?:secure\.|www\.)?kingsroadmerch\.com/"
 		to="https://secure.kingsroadmerch.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kinja.xml b/src/chrome/content/rules/Kinja.xml
deleted file mode 100644
index 80f3f76ae2ba..000000000000
--- a/src/chrome/content/rules/Kinja.xml
+++ /dev/null
@@ -1,122 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	CDN buckets:
-
-		- a.prod.fastly.net
-
-			- api
-			- front
-			- gawker
-			- legal
-			- www
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- kinja.com
-		- (column_name).kinja.com
-		- www.kinja.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	api sets KinjaToken wildcard cookie on whichever domain it is loaded from.
-
-
-	Mixed content:
-
-		- Bug on ^, (column_name) from b.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Kinja.com (partial)">
-
-	<target host="kinja.com" />
-	<target host="*.kinja.com" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}kinja\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.kinja.com/" />
-			<test url="http://exists.not.kinja.com/" />
-
-		<test url="http://aerokel.kinja.com/" />
-		<test url="http://amm0nyc.kinja.com/" />
-		<test url="http://api.kinja.com/" />
-		<test url="http://artclub.kinja.com/" />
-		<test url="http://ashleyfeinberg.kinja.com/" />
-		<test url="http://askfortask.kinja.com/" />
-		<test url="http://backtalk.kinja.com/" />
-		<test url="http://bengm225.kinja.com/" />
-		<test url="http://bratkneed.kinja.com/" />
-		<test url="http://co-op.kinja.com/" />
-		<test url="http://deadkitten.kinja.com/" />
-		<test url="http://deals.kinja.com/" />
-		<test url="http://delta.kinja.com/" />
-		<test url="http://eisenbolan.kinja.com/" />
-		<test url="http://falsoman.kinja.com/" />
-		<test url="http://forgotmymantra.kinja.com/" />
-		<test url="http://fourfingerwu.kinja.com/" />
-		<test url="http://front.kinja.com/" />
-		<test url="http://gawker.kinja.com/" />
-		<test url="http://gear.kinja.com/" />
-		<test url="http://hackerspace.kinja.com/" />
-		<test url="http://hardcelery.kinja.com/" />
-		<test url="http://hommmer.kinja.com/" />
-		<test url="http://hypemachine.kinja.com/" />
-		<test url="http://inproduction.kinja.com/" />
-		<test url="http://io9.kinja.com/" />
-		<test url="http://jdrentarol.kinja.com/" />
-		<test url="http://jezebel.kinja.com/" />
-		<test url="http://kinjaroundup.kinja.com/" />
-		<test url="http://kocomedy.kinja.com/" />
-		<test url="http://legal.kinja.com/" />
-		<test url="http://lifehacker.kinja.com/" />
-		<test url="http://liptakaa.kinja.com/" />
-		<test url="http://liveandletdiecast.kinja.com/" />
-		<test url="http://lizzhaa.kinja.com/" />
-		<test url="http://mack41.kinja.com/" />
-		<test url="http://neetzanz.kinja.com/" />
-		<test url="http://nomiskye.kinja.com/" />
-		<test url="http://observationdeck.kinja.com/" />
-		<test url="http://onceasoroksari.kinja.com/" />
-		<test url="http://orlove.kinja.com/" />
-		<test url="http://paleofuture.kinja.com/" />
-		<test url="http://panchovilleneuve.kinja.com/" />
-		<test url="http://planelopnik.kinja.com/" />
-		<test url="http://playboysfw.kinja.com/" />
-		<test url="http://powderroom.kinja.com/" />
-		<test url="http://remusshepherd.kinja.com/" />
-		<test url="http://roadtrippers.kinja.com/" />
-		<test url="http://shiryu.kinja.com/" />
-		<test url="http://skociainszajd.kinja.com/" />
-		<test url="http://sumit.kinja.com/" />
-		<test url="http://szielins.kinja.com/" />
-		<test url="http://terrortola.kinja.com/" />
-		<test url="http://theperfectline.kinja.com/" />
-		<test url="http://thesaladbowl.kinja.com/" />
-		<test url="http://thesmokingtire.kinja.com/" />
-		<test url="http://tom.kinja.com/" />
-		<test url="http://vampireparty.kinja.com/" />
-		<test url="http://weirdspinach.kinja.com/" />
-		<test url="http://whitenoise.kinja.com/" />
-		<test url="http://workingtitleinprogress.kinja.com/" />
-		<test url="http://www.kinja.com/" />
-		<test url="http://zgirskaa.kinja.com/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?kinja\.com$" name="^geocc$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/KinkLink.me.xml b/src/chrome/content/rules/KinkLink.me.xml
index 9a306773eec2..545e2a19ce15 100644
--- a/src/chrome/content/rules/KinkLink.me.xml
+++ b/src/chrome/content/rules/KinkLink.me.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://kinklink.me/ => https://kinklink.me/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.kinklink.me/ => https://www.kinklink.me/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="KinkLink.me" default_off='failed ruleset test'>
+<ruleset name="KinkLink.me" default_off="failed ruleset test">
 
 	<target host="kinklink.me" />
 	<target host="www.kinklink.me" />
diff --git a/src/chrome/content/rules/Kinko.me.xml b/src/chrome/content/rules/Kinko.me.xml
index dbf128c60632..49da1a6135be 100644
--- a/src/chrome/content/rules/Kinko.me.xml
+++ b/src/chrome/content/rules/Kinko.me.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.kinko.me/ => https://www.kinko.me/: (60, 'SSL certificat
 Disabled by https-everywhere-checker because:
 Fetch error: http://kinko.me/ => https://kinko.me/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Kinko.me" default_off='failed ruleset test'>
+<ruleset name="Kinko.me" default_off="failed ruleset test">
 
 	<target host="kinko.me" />
 	<target host="www.kinko.me" />
diff --git a/src/chrome/content/rules/Kintera-Network.xml b/src/chrome/content/rules/Kintera-Network.xml
deleted file mode 100644
index de95f1a75026..000000000000
--- a/src/chrome/content/rules/Kintera-Network.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Problematic domains:
-
-		- kintera.org *
-
-	* Cert only matches www
-
--->
-<ruleset name="Kintera Network">
-
-	<target host="kintera.com" />
-	<target host="www.kintera.com" />
-	<target host="kintera.org" />
-	<target host="*.kintera.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="\.kintera\.org$" name="^KNTASESSION$" /-->
-
-
-	<rule from="^http://(?:www\.)?kintera\.(com|org)/"
-		to="https://www.kintera.$1/" />
-
-	<rule from="^http://(?:[\w-]+\.){1,2}kintera\.org/(?=[^/]+/[^/])"
-		to="https://www.kintera.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kirjoitusalusta.xml b/src/chrome/content/rules/Kirjoitusalusta.xml
index 65d9f5a1e423..46e981098d3f 100644
--- a/src/chrome/content/rules/Kirjoitusalusta.xml
+++ b/src/chrome/content/rules/Kirjoitusalusta.xml
@@ -8,7 +8,7 @@
 	<test url="http://www.kirjoitusalusta.fi/static/rekisteriseloste.html" />
 
 
-	<securecookie host="^(?:.*\.)?kirjoitusalusta\.fi" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Kirklees.gov.uk.xml b/src/chrome/content/rules/Kirklees.gov.uk.xml
index 0c97c46eee04..872c41f1b045 100644
--- a/src/chrome/content/rules/Kirklees.gov.uk.xml
+++ b/src/chrome/content/rules/Kirklees.gov.uk.xml
@@ -49,7 +49,7 @@
 	Mixed content:
 
 		- Images, on:
-		
+
 			- (www.)? from www.kirklees.gov.uk ˢ
 			- observatory from observatory.bradford.gov.uk ᵐ
 			- observatory from observatory.calderdale.gov.uk ᵐ
diff --git a/src/chrome/content/rules/KissKissBankBank.com.xml b/src/chrome/content/rules/KissKissBankBank.com.xml
new file mode 100644
index 000000000000..344ef187671c
--- /dev/null
+++ b/src/chrome/content/rules/KissKissBankBank.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Unable to Connect:
+		kisskissbankbank.com
+-->
+<ruleset name="KissKissBankBank.com">
+	<target host="kisskissbankbank.com" />
+	<target host="www.kisskissbankbank.com" />
+	<target host="blog.kisskissbankbank.com" />
+	<target host="contact.kisskissbankbank.com" />
+	<target host="crowd.kisskissbankbank.com" />
+	<target host="lafabrique.kisskissbankbank.com" />
+	<target host="styleguide.kisskissbankbank.com" />
+	<target host="welcome.kisskissbankbank.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://kisskissbankbank\.com/" to="https://www.kisskissbankbank.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kitapyurdu.xml b/src/chrome/content/rules/Kitapyurdu.xml
index e25bb871599c..da7491cab5a9 100644
--- a/src/chrome/content/rules/Kitapyurdu.xml
+++ b/src/chrome/content/rules/Kitapyurdu.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.kitapyurdu.com/ => https://www.kitapyurdu.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 Fetch error: http://kitapyurdu.com/ => https://www.kitapyurdu.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 -->
-<ruleset name="Kitapyurdu" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Kitapyurdu" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.kitapyurdu.com" />
   <target host="kitapyurdu.com" />
 
diff --git a/src/chrome/content/rules/Kitenet.net.xml b/src/chrome/content/rules/Kitenet.net.xml
index b8a204b6d4cd..3b22cd2ced2e 100644
--- a/src/chrome/content/rules/Kitenet.net.xml
+++ b/src/chrome/content/rules/Kitenet.net.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kivo.com.xml b/src/chrome/content/rules/Kivo.com.xml
index b7b420608ab0..0f3f6f289f4c 100644
--- a/src/chrome/content/rules/Kivo.com.xml
+++ b/src/chrome/content/rules/Kivo.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://kivo.com/ => https://kivo.com/: (60, 'SSL certificate proble
 Fetch error: http://www.kivo.com/ => https://www.kivo.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Kivo.com" default_off='failed ruleset test'>
+<ruleset name="Kivo.com" default_off="failed ruleset test">
 
 	<target host="kivo.com" />
 	<target host="www.kivo.com" />
diff --git a/src/chrome/content/rules/Kiwiirc.com.xml b/src/chrome/content/rules/Kiwiirc.com.xml
index 82bb0b37602f..0685f098e9e1 100644
--- a/src/chrome/content/rules/Kiwiirc.com.xml
+++ b/src/chrome/content/rules/Kiwiirc.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://owa.clients.kiwiirc.com/ => https://owa.clients.kiwiirc.com/
 		- .kiwiirc.com
 
 -->
-<ruleset name="KiwiIRC.com" default_off='failed ruleset test'>
+<ruleset name="KiwiIRC.com" default_off="failed ruleset test">
 	<target host="kiwiirc.com" />
 	<target host="owa.clients.kiwiirc.com" />
 	<target host="www.kiwiirc.com" />
diff --git a/src/chrome/content/rules/Kiwix.org.xml b/src/chrome/content/rules/Kiwix.org.xml
index 2b09ba5fe42c..903a4ee133b2 100644
--- a/src/chrome/content/rules/Kiwix.org.xml
+++ b/src/chrome/content/rules/Kiwix.org.xml
@@ -1,9 +1,8 @@
 <!--
 	Connection refused:
 		kiwix.org
+		chat.kiwix.org
 		input.kiwix.org
-		planet.kiwix.org
-		wiki.kiwix.org
 
 	Invalid certificate
 		mirror.download.kiwix.org
@@ -25,8 +24,13 @@
 -->
 <ruleset name="Kiwix.org">
 	<target host="download.kiwix.org" />
-	<target host="mirror.download.kiwix.org" />
+		<target host="mirror.download.kiwix.org" />
+	<target host="planet.kiwix.org" />
+	<target host="stats.kiwix.org" />
+	<target host="wiki.kiwix.org" />
 
-	<rule from="^http://(mirror\.)?download\.kiwix\.org/"
+	<rule from="^http://mirror\.download\.kiwix\.org/"
 		to="https://download.kiwix.org/" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/KizlarSoruyor.com.xml b/src/chrome/content/rules/KizlarSoruyor.com.xml
new file mode 100644
index 000000000000..bf3213eb4b98
--- /dev/null
+++ b/src/chrome/content/rules/KizlarSoruyor.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="KızlarSoruyor.com">
+	<target host="kizlarsoruyor.com" />
+	<target host="www.kizlarsoruyor.com" />
+	<target host="blog.kizlarsoruyor.com" />
+	<target host="images.kizlarsoruyor.com" />
+		<test url="http://images.kizlarsoruyor.com/content/js/home-tiles.min.js?4202" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kizunaai.com.xml b/src/chrome/content/rules/Kizunaai.com.xml
new file mode 100644
index 000000000000..f5cc7dd610f1
--- /dev/null
+++ b/src/chrome/content/rules/Kizunaai.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.kizunaai.com
+-->
+<ruleset name="Kizuna AI Official Website" platform="mixedcontent">
+	<target host="kizunaai.com" />
+	<target host="www.kizunaai.com" />
+
+	<rule from="^http://www\.kizunaai\.com/"
+			to="https://kizunaai.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kkk.com.xml b/src/chrome/content/rules/Kkk.com.xml
index e16a0a72d793..8de5ff895857 100644
--- a/src/chrome/content/rules/Kkk.com.xml
+++ b/src/chrome/content/rules/Kkk.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://kkk.com/ => https://kkk.com/: (28, 'Connection timed out aft
 Fetch error: http://www.kkk.com/ => https://www.kkk.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Kkk.com" default_off='failed ruleset test'>
+<ruleset name="Kkk.com" default_off="failed ruleset test">
   <target host="kkk.com" />
   <target host="www.kkk.com" />
 
diff --git a/src/chrome/content/rules/Klinika.zdravie.sk.xml b/src/chrome/content/rules/Klinika.zdravie.sk.xml
index b4194550b8bd..7ec2931957f2 100644
--- a/src/chrome/content/rules/Klinika.zdravie.sk.xml
+++ b/src/chrome/content/rules/Klinika.zdravie.sk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://klinika.zdravie.sk/ => https://klinika.zdravie.sk/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Klinika.zdravie.sk" default_off='failed ruleset test'>
+<ruleset name="Klinika.zdravie.sk" default_off="failed ruleset test">
   <target host="klinika.zdravie.sk" />
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Kmart.com.au.xml b/src/chrome/content/rules/Kmart.com.au.xml
new file mode 100644
index 000000000000..1b2f8f54ec13
--- /dev/null
+++ b/src/chrome/content/rules/Kmart.com.au.xml
@@ -0,0 +1,56 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+
+		- careers	(m)
+		- catalogues	(m)
+		- christmas	(m)
+		- cnwebsrvr	(m)
+		- contractor	(m)
+		- f1.kmart.com.au	(e)
+		- c.f1	(m)
+		- idp	(t)
+		- images	(m)
+		- mediacentre	(m)
+		- www.mediacentre	(m)
+		- pim	(HTTP 404 error)
+		- www.quality	(m)
+		- shop	(m)
+		- www.shop	(m)
+		- web	(m)
+		- wishingtree	(m)
+		- www.wishingtree	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Kmart Australia">
+
+	<target host="kmart.com.au" />
+	<target host="www.kmart.com.au" />
+	<target host="adfs.kmart.com.au" />
+	<target host="autodiscover.kmart.com.au" />
+	<target host="email.kmart.com.au" />
+	<target host="go.kmart.com.au" />
+	<target host="hatm.kmart.com.au" />
+	<target host="hybridexch.kmart.com.au" />
+	<target host="kdwmobile.kmart.com.au" />
+	<target host="kmartcontractor.kmart.com.au" />
+	<target host="oa.kmart.com.au" />
+	<target host="quality.kmart.com.au" />
+	<target host="rsdev.kmart.com.au" />
+	<target host="supplier.kmart.com.au" />
+	<target host="et.supplier.kmart.com.au" />
+	<target host="vendor.kmart.com.au" />
+	<target host="www2.kmart.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KnCMiner.com.xml b/src/chrome/content/rules/KnCMiner.com.xml
deleted file mode 100644
index 9e528475c12c..000000000000
--- a/src/chrome/content/rules/KnCMiner.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://kncminer.com/ => https://kncminer.com/: (28, 'Operation timed out after 30006 milliseconds with 0 bytes received')
-
--->
-<ruleset name="KnCMiner.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="kncminer.com" />
-	<!--target host="www.kncminer.com" /-->
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.kncminer\.com/($|bundles/|css/images/)" /-->
-
-			<!--	+ve:
-					-->
-			<!--test url="http://www.kncminer.com/bundles/bmatznerjqueryui/css/smoothness/jquery.ui.theme.css" /-->
-			<!--test url="http://www.kncminer.com/images/KnCMinerLogo.png" /-->
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.kncminer\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.kncminer\.com$" name="^__cfduid$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Knappschaft-Bahn-See.xml b/src/chrome/content/rules/Knappschaft-Bahn-See.xml
index 55f1a55a7aaa..d75e5d685f23 100644
--- a/src/chrome/content/rules/Knappschaft-Bahn-See.xml
+++ b/src/chrome/content/rules/Knappschaft-Bahn-See.xml
@@ -2,24 +2,11 @@
 	Domains without SSL/TLS:
 		kbs-jobboerse.de
 		willkommen-im-job.de
--->	
+-->
 <ruleset name="Knappschaft-Bahn-See.de">
-<target host="www.kbs.de" />
-<target host=    "kbs.de" />
-<target host="www.knappschaft-bahn-see.de" />
-<target host=    "knappschaft-bahn-see.de" />
 <target host="www.knappschaft.de" />
-<target host=    "knappschaft.de" />
+<target host="knappschaft.de" />
 
-<test url="https://www.knappschaft-bahn-see.de/" />
-<test url="https://knappschaft.de/" />
-
-<rule from="^http://kbs\.de/"
-	to="https://www.kbs.de/" />
-<rule from="^https?://(www\.)?knappschaft-bahn-see\.de/"
-	to="https://www.kbs.de/" />
-<rule from="^https?://knappschaft\.de/"
-	to="https://www.knappschaft.de/" />
 <rule from="^http:"
 	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kneon.com-problematic.xml b/src/chrome/content/rules/Kneon.com-problematic.xml
index 90acd950e0fa..603f39dd5475 100644
--- a/src/chrome/content/rules/Kneon.com-problematic.xml
+++ b/src/chrome/content/rules/Kneon.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Kneon.com (problematic)" default_off="mismatched">
 
 	<target host="kneon.com" />
-	<target host="*.kneon.com" />
+	<target host="www.kneon.com" />
 
 
 	<securecookie host="^\.kneon\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?kneon\.com/"
 		to="https://kneon.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kneon.com.xml b/src/chrome/content/rules/Kneon.com.xml
index 955916290080..c24e44816d38 100644
--- a/src/chrome/content/rules/Kneon.com.xml
+++ b/src/chrome/content/rules/Kneon.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://beta.kneon.com/ => https://beta.kneon.com/: (6, 'Could not r
 	² Squarespace
 
 -->
-<ruleset name="Kneon.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Kneon.com (partial)" default_off="failed ruleset test">
 
 	<target host="beta.kneon.com" />
 
diff --git a/src/chrome/content/rules/KnewOne.com.xml b/src/chrome/content/rules/KnewOne.com.xml
deleted file mode 100644
index 58c97cc33d02..000000000000
--- a/src/chrome/content/rules/KnewOne.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="KnewOne.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="knewone.com" />
-	<target host="www.knewone.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Knexjs.org.xml b/src/chrome/content/rules/Knexjs.org.xml
new file mode 100644
index 000000000000..89de3600da74
--- /dev/null
+++ b/src/chrome/content/rules/Knexjs.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.knexjs.org
+-->
+<ruleset name="Knexjs.org">
+	<target host="knexjs.org" />
+	<target host="www.knexjs.org" />
+
+	<rule from="^http://www\.knexjs\.org/"
+			to="https://knexjs.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KnightSwarm.xml b/src/chrome/content/rules/KnightSwarm.xml
index a89d697a9db7..d3e99f5e2a8c 100644
--- a/src/chrome/content/rules/KnightSwarm.xml
+++ b/src/chrome/content/rules/KnightSwarm.xml
@@ -22,7 +22,7 @@ Fetch error: http://my.knightswarm.com/ => https://my.knightswarm.com/: (6, 'Cou
 		- www.knightswarm.com
 
 -->
-<ruleset name="KnightSwarm.com (partial)" default_off='failed ruleset test'>
+<ruleset name="KnightSwarm.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -37,7 +37,7 @@ Fetch error: http://my.knightswarm.com/ => https://my.knightswarm.com/: (6, 'Cou
 	<!--securecookie host="^(www\.)?knightswarm\.com$" name="^PHPSESSID[\da-f]{4}$" /-->
 	<!--securecookie host="^\.knightswarm\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?knightswarm\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/KnowTheirName.com.xml b/src/chrome/content/rules/KnowTheirName.com.xml
new file mode 100644
index 000000000000..2b81b3161553
--- /dev/null
+++ b/src/chrome/content/rules/KnowTheirName.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KnowTheirName.com">
+	<target host="knowtheirname.com" />
+	<target host="www.knowtheirname.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Knowledge_Blog.org.xml b/src/chrome/content/rules/Knowledge_Blog.org.xml
index c0d396af0c2d..5b18b3026535 100644
--- a/src/chrome/content/rules/Knowledge_Blog.org.xml
+++ b/src/chrome/content/rules/Knowledge_Blog.org.xml
@@ -9,7 +9,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Knowledge Blog.org" default_off="missing certificate chain">
+<ruleset name="Knowledge Blog.org" default_off="cert-chain">
 
 	<target host="knowledgeblog.org" />
 	<target host="bio-ontologies.knowledgeblog.org" />
diff --git a/src/chrome/content/rules/KnownHost.com.xml b/src/chrome/content/rules/KnownHost.com.xml
new file mode 100644
index 000000000000..1abe7f428162
--- /dev/null
+++ b/src/chrome/content/rules/KnownHost.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		careers.knownhost.com
+-->
+<ruleset name="KnownHost.com">
+
+	<target host="knownhost.com" />
+	<target host="www.knownhost.com" />
+	<target host="billing.knownhost.com" />
+	<target host="blog.knownhost.com" />
+	<target host="chat.knownhost.com" />
+	<target host="forums.knownhost.com" />
+	<target host="img.knownhost.com" />
+	<target host="list.knownhost.com" />
+	<target host="my.knownhost.com" />
+	<target host="support.knownhost.com" />
+	<target host="wiki.knownhost.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kobo.xml b/src/chrome/content/rules/Kobo.xml
index 1aebeec2d786..76c92f45281a 100644
--- a/src/chrome/content/rules/Kobo.xml
+++ b/src/chrome/content/rules/Kobo.xml
@@ -137,7 +137,7 @@
 	<!--
 		Tracking cookies:
 					-->
-	<securecookie host="^\.kobobooks\.com$" name="^(?:tracking|__utm\w)$" />	
+	<securecookie host="^\.kobobooks\.com$" name="^(?:tracking|__utm\w)$" />
 	<securecookie host="^(?!ptbr\.|wwwt?\.)\w+\.kobobooks\.com$" name=".+" />
 	<securecookie host="^\.kobobooks\.\w\w$" name="^tracking$" />
 	<securecookie host="^s(?:ecure(?:stage\d?|t)|tage[36]?)\.kobobooks\.\w\w$" name=".+" />
diff --git a/src/chrome/content/rules/KodeRoot.net.xml b/src/chrome/content/rules/KodeRoot.net.xml
index 7a0cf7b62618..ea6560b37fc2 100644
--- a/src/chrome/content/rules/KodeRoot.net.xml
+++ b/src/chrome/content/rules/KodeRoot.net.xml
@@ -16,7 +16,7 @@ Fetch error: http://xmpp.koderoot.net/ => https://xmpp.koderoot.net/: (6, 'Could
 	² Unsecurable <= refused
 
 -->
-<ruleset name="KodeRoot.net" default_off='failed ruleset test'>
+<ruleset name="KodeRoot.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kodi.tv.xml b/src/chrome/content/rules/Kodi.tv.xml
index bfba6ea48970..78ee935ea4c8 100644
--- a/src/chrome/content/rules/Kodi.tv.xml
+++ b/src/chrome/content/rules/Kodi.tv.xml
@@ -5,7 +5,7 @@
 		ftp.kodi.tv
 		graphs.kodi.tv
 		mirrors.kodi.tv
-		
+
 	No working URL known:
 		issues.kodi.tv
 		wiki.kodi.tv
diff --git a/src/chrome/content/rules/Koding.xml b/src/chrome/content/rules/Koding.xml
index fa1815444028..9c39bdeaeddf 100644
--- a/src/chrome/content/rules/Koding.xml
+++ b/src/chrome/content/rules/Koding.xml
@@ -4,10 +4,10 @@
 	<target host="*.koding.com" />
 
 
-	<securecookie host="^(?:.+\.)?koding\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?koding\.com/"
 		to="https://$1koding.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Koen_Rouwhorst.nl.xml b/src/chrome/content/rules/Koen_Rouwhorst.nl.xml
deleted file mode 100644
index 0330a3cb3279..000000000000
--- a/src/chrome/content/rules/Koen_Rouwhorst.nl.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Koen Rouwhorst.nl">
-
-	<target host="koenrouwhorst.nl" />
-	<target host="www.koenrouwhorst.nl" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kogan.com.xml b/src/chrome/content/rules/Kogan.com.xml
index 14ceae2e0dd8..616b35ca990c 100644
--- a/src/chrome/content/rules/Kogan.com.xml
+++ b/src/chrome/content/rules/Kogan.com.xml
@@ -2,7 +2,7 @@
 	Other Kogan rulesets:
 		- KoganInsurance.com.au.xml
 		- KoganMobile.com.au.xml
-	
+
 
 	Non-functional subdomains:
 
@@ -51,28 +51,28 @@
 	<target host="nimda.kogan.com" />
 	<target host="static.kogan.com" />
 	<target host="vip.kogan.com" />
-	
+
 	<target host="kogan.com.au" />
 	<target host="www.kogan.com.au" />
 
 	<target host="kogancorporate.com" />
 	<target host="www.kogancorporate.com" />
-	
+
 	<target host="koganforbusiness.com" />
 	<target host="www.koganforbusiness.com" />
-	<target host="koganforbusiness.com.au" />	
+	<target host="koganforbusiness.com.au" />
 	<target host="www.koganforbusiness.com.au" />
-	
+
   	<securecookie host="^www\.kogan\.com$" name=".+" />
 
 	<!-- certificate mismatch -->
 	<rule from="^http://kogan\.com\.au/"
 		to="https://www.kogan.com.au/" />
-		
+
 	<!-- connection refused -->
 	<rule from="^http://kogancorporate\.com/"
 		to="https://www.kogancorporate.com/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/KoganInsurance.com.au.xml b/src/chrome/content/rules/KoganInsurance.com.au.xml
index 9d4640298c9a..e2bcdffda4e0 100644
--- a/src/chrome/content/rules/KoganInsurance.com.au.xml
+++ b/src/chrome/content/rules/KoganInsurance.com.au.xml
@@ -1,7 +1,7 @@
 <!--
 	For other Kogan coverage, see Kogan.com.xml
-	
-	
+
+
 	Non-functional subdomains:
 
 		- (www.)koganinsurance.com	(m)
@@ -19,9 +19,9 @@
 	<target host="www.koganinsurance.com.au" />
 	<target host="quote.koganinsurance.com.au" />
 	<target host="travel.koganinsurance.com.au" />
-	
+
   	<securecookie host="^www\.koganinsurance\.com$" name=".+" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/KoganMobile.com.au.xml b/src/chrome/content/rules/KoganMobile.com.au.xml
index 7c67bd1557d4..d0394c645883 100644
--- a/src/chrome/content/rules/KoganMobile.com.au.xml
+++ b/src/chrome/content/rules/KoganMobile.com.au.xml
@@ -1,6 +1,6 @@
 <!--
 	For other Kogan coverage, see Kogan.com.xml
-	
+
 
 	Non-functional subdomains:
 
@@ -22,9 +22,9 @@
 	<target host="cdn.koganmobile.com.au" />
 	<target host="help.koganmobile.com.au" />
 	<target host="home.koganmobile.com.au" />
-	
+
   	<securecookie host="^www\.koganmobile\.com$" name=".+" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Kohls.xml b/src/chrome/content/rules/Kohls.xml
deleted file mode 100644
index 0e2a086f67fb..000000000000
--- a/src/chrome/content/rules/Kohls.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Kohls.com">
-  <target host="kohls.com"/>
-  <target host="www.kohls.com"/>
-  <rule from="^http://kohls\.com/" to="https://www.kohls.com/"/>
-  <rule from="^http://www\.kohls\.com/" to="https://www.kohls.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Kohsuke.org.xml b/src/chrome/content/rules/Kohsuke.org.xml
new file mode 100644
index 000000000000..50b056ef582c
--- /dev/null
+++ b/src/chrome/content/rules/Kohsuke.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Invalid certificate:
+		photo
+-->
+<ruleset name="Kohsuke.org">
+
+	<target host="kohsuke.org" />
+	<target host="www.kohsuke.org" />
+	<target host="ajaxterm4j.kohsuke.org" />
+	<target host="akuma.kohsuke.org" />
+	<target host="args4j.kohsuke.org" />
+	<target host="com4j.kohsuke.org" />
+	<target host="downgraded-dependency-maven-plugin.kohsuke.org" />
+	<target host="eiie-logger.kohsuke.org" />
+	<target host="file-leak-detector.kohsuke.org" />
+	<target host="github-api.kohsuke.org" />
+	<target host="groovy-sandbox.kohsuke.org" />
+	<target host="javadoc-capture.kohsuke.org" />
+	<target host="libpam4j.kohsuke.org" />
+	<target host="maven-jellydoc-plugin.kohsuke.org" />
+	<target host="maven-skin.kohsuke.org" />
+	<target host="metainf-services.kohsuke.org" />
+	<target host="no-more-tears.kohsuke.org" />
+	<target host="robust-http-client.kohsuke.org" />
+	<target host="stapler.kohsuke.org" />
+	<target host="stopforumspam.kohsuke.org" />
+	<target host="trilead-putty-extension.kohsuke.org" />
+	<target host="windows-package-checker.kohsuke.org" />
+	<target host="winp.kohsuke.org" />
+	<target host="youdebug.kohsuke.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Koinify.com.xml b/src/chrome/content/rules/Koinify.com.xml
index acc65b51c59a..102ebebad2cb 100644
--- a/src/chrome/content/rules/Koinify.com.xml
+++ b/src/chrome/content/rules/Koinify.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://koinify.com/ => https://koinify.com/: (28, 'Connection timed
 Fetch error: http://www.koinify.com/ => https://www.koinify.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Koinify.com" default_off='failed ruleset test'>
+<ruleset name="Koinify.com" default_off="failed ruleset test">
 
 	<target host="koinify.com" />
 	<target host="www.koinify.com" />
diff --git a/src/chrome/content/rules/Kolektiva.com.xml b/src/chrome/content/rules/Kolektiva.com.xml
index 0a5f40259536..de5419ddf809 100644
--- a/src/chrome/content/rules/Kolektiva.com.xml
+++ b/src/chrome/content/rules/Kolektiva.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.kolektiva.com/ => https://www.kolektiva.com/: (7, 'Faile
 	* Secured by us
 
 -->
-<ruleset name="Kolektiva.com" default_off='failed ruleset test'>
+<ruleset name="Kolektiva.com" default_off="failed ruleset test">
 
 	<target host="kolektiva.com" />
 	<target host="biz.kolektiva.com" />
diff --git a/src/chrome/content/rules/Komments.net.xml b/src/chrome/content/rules/Komments.net.xml
index b7e2578069f7..9077e89aae04 100644
--- a/src/chrome/content/rules/Komments.net.xml
+++ b/src/chrome/content/rules/Komments.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://komments.net/ => https://komments.net/: (35, 'Unknown SSL pr
 Fetch error: http://www.komments.net/ => https://www.komments.net/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Komments.net" default_off='failed ruleset test'>
+<ruleset name="Komments.net" default_off="failed ruleset test">
 
 	<target host="komments.net" />
 	<target host="www.komments.net" />
diff --git a/src/chrome/content/rules/Komoona.com.xml b/src/chrome/content/rules/Komoona.com.xml
deleted file mode 100644
index fb316318e715..000000000000
--- a/src/chrome/content/rules/Komoona.com.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dimrh7ecexr02.cloudfront.net
-
-			- cdn
-
-
-	At least some pages redirect to http.
-
-	TLS not supported on:
-		-	test.komoona.com - self-signed
--->
-<ruleset name="Komoona.com (partial)">
-
-	<target host="komoona.com" />
-	<target host="a.komoona.com" />
-	<target host="a1.komoona.com" />
-	<target host="a2.komoona.com" />
-	<target host="a3.komoona.com" />
-	<target host="a4.komoona.com" />
-	<target host="admin.komoona.com" />
-	<target host="cdn.komoona.com" />
-	<target host="cs.komoona.com" />
-	<target host="e1.komoona.com" />
-	<target host="e2.komoona.com" />
-	<target host="s.komoona.com" />
-	<target host="stat.komoona.com" />
-	<target host="w.komoona.com" />
-	<target host="www.komoona.com" />
-
-		<exclusion pattern="^http://www\.komoona\.com/(?!favicon\.ico|new/css/|new/images/)" />
-
-	<test url="http://www.komoona.com/" />
-	<test url="http://www.komoona.com/favicon.ico" />
-	<test url="http://www.komoona.com/new/css" />
-	<test url="http://www.komoona.com/new/images" />
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(a|stat)\.komoona\.com$" name="^AWSELB$" /-->
-
-	<securecookie host="^(?:a|stat)\.komoona\.com$" name=".+" />
-
-	<rule from="^http:" to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Konami-Korea.kr.xml b/src/chrome/content/rules/Konami-Korea.kr.xml
index be970f86a1b1..9aa1c4d2ea62 100644
--- a/src/chrome/content/rules/Konami-Korea.kr.xml
+++ b/src/chrome/content/rules/Konami-Korea.kr.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.konami-korea.kr/ => https://www.konami-korea.kr/: (28, '
 	^: cert only matches www
 
 -->
-<ruleset name="Konami-Korea.kr" default_off='failed ruleset test'>
+<ruleset name="Konami-Korea.kr" default_off="failed ruleset test">
 
 	<target host="konami-korea.kr" />
 	<target host="www.konami-korea.kr" />
diff --git a/src/chrome/content/rules/Kontalk.xml b/src/chrome/content/rules/Kontalk.xml
index 41e3b91f58ae..cc79415843a8 100644
--- a/src/chrome/content/rules/Kontalk.xml
+++ b/src/chrome/content/rules/Kontalk.xml
@@ -6,7 +6,7 @@
     <target host="kontalk.org" />
     <target host="www.kontalk.org" />
     <target host="translate.kontalk.org" />
-	
+
     <target host="kontalk.net" />
     <target host="www.kontalk.net" />
     <target host="beta.kontalk.net" />
diff --git a/src/chrome/content/rules/Kontera.xml b/src/chrome/content/rules/Kontera.xml
index 9023a2342d1e..f133c31214e4 100644
--- a/src/chrome/content/rules/Kontera.xml
+++ b/src/chrome/content/rules/Kontera.xml
@@ -66,7 +66,7 @@ Fetch error: http://publishers.kontera.com/ => https://publishers.kontera.com/:
 		- publishers
 
 -->
-<ruleset name="Kontera (partial)" default_off='failed ruleset test'>
+<ruleset name="Kontera (partial)" default_off="failed ruleset test">
 
 	<target host="kona32.kontera.com" />
 	<target host="kona33.kontera.com" />
diff --git a/src/chrome/content/rules/Konto_API.xml b/src/chrome/content/rules/Konto_API.xml
index 6716fd547e79..cc4273476297 100644
--- a/src/chrome/content/rules/Konto_API.xml
+++ b/src/chrome/content/rules/Konto_API.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Koonoz.info.xml b/src/chrome/content/rules/Koonoz.info.xml
new file mode 100644
index 000000000000..5bd30f2c1683
--- /dev/null
+++ b/src/chrome/content/rules/Koonoz.info.xml
@@ -0,0 +1,8 @@
+<ruleset name="Koonoz.info">
+	<target host="koonoz.info" />
+	<target host="www.koonoz.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kopiosto.xml b/src/chrome/content/rules/Kopiosto.xml
index 07c46a39e2fd..249025ab7514 100644
--- a/src/chrome/content/rules/Kopiosto.xml
+++ b/src/chrome/content/rules/Kopiosto.xml
@@ -7,12 +7,12 @@ Working subdomains:
 -->
 <ruleset name="Kopiosto">
 	<target host="kopiosto.fi"/>
-	<target host="*.kopiosto.fi"/>
+	<target host="www.kopiosto.fi" />
+	<target host="serv3.kopiosto.fi" />
 
 	<!-- WWW works -->
 	<rule from="^http://(?:www\.)?kopiosto\.fi/"
 		to="https://www.kopiosto.fi/"/>
 
-	<rule from="^http://serv3\.kopiosto\.fi/"
-		to="https://serv3.kopiosto.fi/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kornerstone_Admin.com.xml b/src/chrome/content/rules/Kornerstone_Admin.com.xml
index 1818809085cf..b2d8a96f0233 100644
--- a/src/chrome/content/rules/Kornerstone_Admin.com.xml
+++ b/src/chrome/content/rules/Kornerstone_Admin.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.kornerstoneadmin.com/ => https://kornerstoneadmin.com/:
 	www: cert only matches ^kornerstoneadmin.com
 
 -->
-<ruleset name="Kornerstone Admin.com" default_off='failed ruleset test'>
+<ruleset name="Kornerstone Admin.com" default_off="failed ruleset test">
 
 	<target host="kornerstoneadmin.com" />
 	<target host="www.kornerstoneadmin.com" />
diff --git a/src/chrome/content/rules/Korora_Project.org.xml b/src/chrome/content/rules/Korora_Project.org.xml
index 0fa868a5e307..07e6c9eedbe8 100644
--- a/src/chrome/content/rules/Korora_Project.org.xml
+++ b/src/chrome/content/rules/Korora_Project.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://archive.kororaproject.org/ => https://archive.kororaproject.
 	www.kororaproject.org: Mismatched
 
 -->
-<ruleset name="Korora Project.org" default_off='failed ruleset test'>
+<ruleset name="Korora Project.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kotaku.com.xml b/src/chrome/content/rules/Kotaku.com.xml
deleted file mode 100644
index 825659637e26..000000000000
--- a/src/chrome/content/rules/Kotaku.com.xml
+++ /dev/null
@@ -1,71 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	Problematic hosts in kotaku.com:
-
-		- cache *
-
-	* Works, mismatched, CN: *.a.ssl.fastly.net
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- kotaku.com
-		- (column_name).kotaku.com
-		- www.kotaku.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Bug on ^, (column_name) from b.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Kotaku.com">
-
-	<target host="kotaku.com" />
-	<target host="*.kotaku.com" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}kotaku\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.kotaku.com/" />
-			<test url="http://exists.not.kotaku.com/" />
-
-		<!--	Direct rewrites:
-					-->
-		<test url="http://cosplay.kotaku.com/" />
-		<test url="http://numbers.kotaku.com/" />
-		<test url="http://pocketmonster.kotaku.com/" />
-		<test url="http://screenburn.kotaku.com/" />
-		<test url="http://selects.kotaku.com/" />
-		<test url="http://steamed.kotaku.com/" />
-		<test url="http://tay.kotaku.com/" />
-		<test url="http://thebests.kotaku.com/" />
-		<test url="http://watchlist.kotaku.com/" />
-		<test url="http://www.kotaku.com/" />
-
-		<!--	Complications:
-					-->
-		<test url="http://cache.kotaku.com/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?kotaku\.com$" name="^geocc$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://cache\.kotaku\.com/"
-		to="https://cache.gawkerassets.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kotex.xml b/src/chrome/content/rules/Kotex.xml
index 7d55d05ea3f1..9e9bbb0cd514 100644
--- a/src/chrome/content/rules/Kotex.xml
+++ b/src/chrome/content/rules/Kotex.xml
@@ -8,7 +8,7 @@ Fetch error: http://kotex.com/ => https://www.kotex.com/: Cycle detected - URL a
 Fetch error: http://www.kotex.com/ => https://www.kotex.com/: Cycle detected - URL already encountered: https://www.kotex.com/
 Fetch error: http://dare.kotex.com/ => https://dare.kotex.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="Kotex" default_off='failed ruleset test'>
+<ruleset name="Kotex" default_off="failed ruleset test">
 	<target host="kotex.com" />
 	<target host="www.kotex.com" />
 	<target host="dare.kotex.com" />
diff --git a/src/chrome/content/rules/Kouio.com.xml b/src/chrome/content/rules/Kouio.com.xml
deleted file mode 100644
index e24a92c00d68..000000000000
--- a/src/chrome/content/rules/Kouio.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	www: Cert only matches ^kouio.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- kouio.com
-
--->
-<ruleset name="Kouio.com">
-
-	<target host="kouio.com" />
-	<target host="www.kouio.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^kouio\.com$" name="^csrftoken$" /-->
-
-	<securecookie host="^kouio\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?kouio\.com/"
-		to="https://kouio.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kpopstage.co.xml b/src/chrome/content/rules/Kpopstage.co.xml
deleted file mode 100644
index 62e487177fff..000000000000
--- a/src/chrome/content/rules/Kpopstage.co.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other AtticTV coverage, see AtticTV.com.xml.
-
-
-	^kpopstage.co: Mismatched
-
-
-	www.kpopstage.co doesn't exist.
-
--->
-<ruleset name="kpopstage.co">
-
-	<!--	Complications:
-				-->
-	<target host="kpopstage.co" />
-
-
-	<rule from="^http://kpopstage\.co/"
-		to="https://www.attictv.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kr36.co.xml b/src/chrome/content/rules/Kr36.co.xml
index 686b9e033380..e6f98613e77f 100644
--- a/src/chrome/content/rules/Kr36.co.xml
+++ b/src/chrome/content/rules/Kr36.co.xml
@@ -5,7 +5,7 @@ Fetch error: http://kr36.co/ => https://kr36.co/: (7, 'Failed to connect to kr36
 Fetch error: http://www.kr36.co/ => https://www.kr36.co/: (7, 'Failed to connect to www.kr36.co port 443: Connection refused')
 
 -->
-<ruleset name="kr36.co" default_off='failed ruleset test'>
+<ruleset name="kr36.co" default_off="failed ruleset test">
 
 	<target host="kr36.co" />
 	<target host="www.kr36.co" />
diff --git a/src/chrome/content/rules/KralenStart.nl.xml b/src/chrome/content/rules/KralenStart.nl.xml
index b4228961ad44..301971f696db 100644
--- a/src/chrome/content/rules/KralenStart.nl.xml
+++ b/src/chrome/content/rules/KralenStart.nl.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.kralenstart.nl/ => https://www.kralenstart.nl/: (28, 'Op
 	For other xCAT coverage, XCAT.nl.xml.
 
 -->
-<ruleset name="KralenStart.nl" default_off='failed ruleset test'>
+<ruleset name="KralenStart.nl" default_off="failed ruleset test">
 
 	<target host="kralenstart.nl" />
 	<target host="www.kralenstart.nl" />
diff --git a/src/chrome/content/rules/Krautchan.xml b/src/chrome/content/rules/Krautchan.xml
deleted file mode 100644
index beff4d5a719f..000000000000
--- a/src/chrome/content/rules/Krautchan.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Krautchan">
-
-	<target host="krautchan.net" />
-	<target host="www.krautchan.net" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kreativ_Media.xml b/src/chrome/content/rules/Kreativ_Media.xml
index 21f71388e903..b68c8bdd23be 100644
--- a/src/chrome/content/rules/Kreativ_Media.xml
+++ b/src/chrome/content/rules/Kreativ_Media.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Krihelinator.xyz.xml b/src/chrome/content/rules/Krihelinator.xyz.xml
new file mode 100644
index 000000000000..7805fc226773
--- /dev/null
+++ b/src/chrome/content/rules/Krihelinator.xyz.xml
@@ -0,0 +1,8 @@
+<ruleset name="Krihelinator.xyz">
+	<target host="krihelinator.xyz" />
+	<target host="www.krihelinator.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kriminalvarden.se.xml b/src/chrome/content/rules/Kriminalvarden.se.xml
index 109949f6a8a0..87660fe69981 100644
--- a/src/chrome/content/rules/Kriminalvarden.se.xml
+++ b/src/chrome/content/rules/Kriminalvarden.se.xml
@@ -1,7 +1,7 @@
-<ruleset name="KriminalVarden.se" platform="mixedcontent">
+<ruleset name="kriminalvarden.se">
 	<target host="kriminalvarden.se" />
 	<target host="www.kriminalvarden.se" />
-	<rule from="^http://www\.kriminalvarden\.se/" to="https://www.kriminalvarden.se/"/>
-	<rule from="^http://kriminalvarden\.se/" to="https://www.kriminalvarden.se/"/>
+  	<target host="blogg.kriminalvarden.se" />
+	
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/Krux-Digital.xml b/src/chrome/content/rules/Krux-Digital.xml
deleted file mode 100644
index 1768993a2996..000000000000
--- a/src/chrome/content/rules/Krux-Digital.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Other Krux Digital rulesets:
-
-		- KrxD.net.xml
-
-
-	krux.zendesk.com
-
--->
-<ruleset name="Krux Digital.com">
-
-	<target host="dataconsole.kruxdigital.com" />
-
-
-	<securecookie host="^dataconsole\.kruxdigital\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kryptnostic.com.xml b/src/chrome/content/rules/Kryptnostic.com.xml
index 60f155576ad7..d8bc8dc40f74 100644
--- a/src/chrome/content/rules/Kryptnostic.com.xml
+++ b/src/chrome/content/rules/Kryptnostic.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://kryptnostic.com/ => https://kryptnostic.com/: (60, 'SSL cert
 	* Secured by us
 
 -->
-<ruleset name="Kryptnostic.com" default_off='failed ruleset test'>
+<ruleset name="Kryptnostic.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Kryptronic.xml b/src/chrome/content/rules/Kryptronic.xml
index 450d8c386a91..cf039eda14df 100644
--- a/src/chrome/content/rules/Kryptronic.xml
+++ b/src/chrome/content/rules/Kryptronic.xml
@@ -4,7 +4,7 @@
 	<target host="*.kryptronic.com"/>
 		<exclusion pattern="^http://(?:forum|wiki)\."/>
 
-	<securecookie host="^(?:.*\.)?kryptronic\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?kryptronic\.com/"
 		to="https://$1kryptronic.com/"/>
diff --git a/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml b/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml
index 0747f3cd6d51..736a40bd9818 100644
--- a/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml
+++ b/src/chrome/content/rules/KsiegarniaWarszawa.pl.xml
@@ -5,7 +5,7 @@ Fetch error: http://ksiegarniawarszawa.pl/ => https://ksiegarniawarszawa.pl/: (5
 Fetch error: http://www.ksiegarniawarszawa.pl/ => https://www.ksiegarniawarszawa.pl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ksiegarniawarszawa.pl'")
 
 -->
-<ruleset name="KsięgarniaWarszawa.pl" default_off='failed ruleset test'>
+<ruleset name="KsięgarniaWarszawa.pl" default_off="failed ruleset test">
 
 	<target host="ksiegarniawarszawa.pl" />
 	<target host="www.ksiegarniawarszawa.pl" />
diff --git a/src/chrome/content/rules/Ksplice.xml b/src/chrome/content/rules/Ksplice.xml
index 229df857b751..63bfd9e2c91e 100644
--- a/src/chrome/content/rules/Ksplice.xml
+++ b/src/chrome/content/rules/Ksplice.xml
@@ -1,11 +1,5 @@
 <!--
-	Other Oracle rulesets:
-
-		- MySQL.xml
-		- NetBeans.zml
-		- Oracle.xml
-		- Oracle-mismatches.xml
-
+	For other Oracle coverage, see Oracle.xml.
 
 	blog.ksplice.com redirects to blogs.oracle.com in an unpredictable way.
 
diff --git a/src/chrome/content/rules/Kuantokusta.pt.xml b/src/chrome/content/rules/Kuantokusta.pt.xml
index 5428b45a040a..494a0b25435a 100644
--- a/src/chrome/content/rules/Kuantokusta.pt.xml
+++ b/src/chrome/content/rules/Kuantokusta.pt.xml
@@ -1,4 +1,4 @@
-<ruleset name="Kuantokusta.pt" platform="mixedcontent" default_off='mismatch'>
+<ruleset name="Kuantokusta.pt" platform="mixedcontent" default_off="mismatch">
 	<target host="kuantokusta.pt" />
 	<target host="www.kuantokusta.pt" />
 
diff --git a/src/chrome/content/rules/Kubernetes.io.xml b/src/chrome/content/rules/Kubernetes.io.xml
new file mode 100644
index 000000000000..4e89c924787d
--- /dev/null
+++ b/src/chrome/content/rules/Kubernetes.io.xml
@@ -0,0 +1,28 @@
+<ruleset name="Kubernetes.io (partial)">
+
+	<target host="kubernetes.io" />
+	<target host="www.kubernetes.io" />
+	<target host="apt.kubernetes.io" />
+	<target host="blog.kubernetes.io" />
+	<target host="changelog.kubernetes.io" />
+	<target host="code.kubernetes.io" />
+	<target host="cs.kubernetes.io" />
+	<target host="discuss.kubernetes.io" />
+	<target host="dl.kubernetes.io" />
+	<target host="docs.kubernetes.io" />
+	<target host="examples.kubernetes.io" />
+	<target host="feature.kubernetes.io" />
+	<target host="features.kubernetes.io" />
+	<target host="get.kubernetes.io" />
+	<target host="git.kubernetes.io" />
+	<target host="go.kubernetes.io" />
+	<target host="issue.kubernetes.io" />
+	<target host="issues.kubernetes.io" />
+	<target host="releases.kubernetes.io" />
+	<target host="yum.kubernetes.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Kubieziel.de.xml b/src/chrome/content/rules/Kubieziel.de.xml
index f70fd5ecabd8..d193746e3361 100644
--- a/src/chrome/content/rules/Kubieziel.de.xml
+++ b/src/chrome/content/rules/Kubieziel.de.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: This domain has a wildcard DNS record and serves a HSTS header but 
+	Remark: This domain has a wildcard DNS record and serves a HSTS header but
 		it does not have a wildcard certificates.
 -->
 <ruleset name="Kubieziel.de">
diff --git a/src/chrome/content/rules/Kuechenstud.io.xml b/src/chrome/content/rules/Kuechenstud.io.xml
index 808fb9ad9c40..727a1dc01c0d 100644
--- a/src/chrome/content/rules/Kuechenstud.io.xml
+++ b/src/chrome/content/rules/Kuechenstud.io.xml
@@ -19,4 +19,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kundelik.kz.xml b/src/chrome/content/rules/Kundelik.kz.xml
new file mode 100644
index 000000000000..146c030ea0a3
--- /dev/null
+++ b/src/chrome/content/rules/Kundelik.kz.xml
@@ -0,0 +1,18 @@
+<ruleset name="Kundelik.kz">
+	<target host="kundelik.kz" />
+	<target host="*.kundelik.kz" />
+
+	<test url="http://www.kundelik.kz/" />
+	<test url="http://apps.kundelik.kz/" />
+	<test url="http://children.kundelik.kz/" />
+	<test url="http://groups.kundelik.kz/" />
+	<test url="http://help.kundelik.kz/" />
+	<test url="http://mobile.kundelik.kz/" />
+	<test url="http://networks.kundelik.kz/" />
+	<test url="http://olap.kundelik.kz/" />
+	<test url="http://schools.kundelik.kz/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kununu.xml b/src/chrome/content/rules/Kununu.xml
index 89cb48dfc709..4fbce1184f67 100644
--- a/src/chrome/content/rules/Kununu.xml
+++ b/src/chrome/content/rules/Kununu.xml
@@ -28,7 +28,8 @@
 <ruleset name="kununu (partial)">
 
 	<target host="kununu.com" />
-	<target host="*.kununu.com" />
+	<target host="www.kununu.com" />
+	<target host="cf.kununu.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Kuro5hin.xml b/src/chrome/content/rules/Kuro5hin.xml
index 35218335af28..cfb8daca56c8 100644
--- a/src/chrome/content/rules/Kuro5hin.xml
+++ b/src/chrome/content/rules/Kuro5hin.xml
@@ -5,7 +5,7 @@ Fetch error: http://kuro5hin.org/ => https://www.kuro5hin.org/: (28, 'Connection
 Fetch error: http://www.kuro5hin.org/ => https://www.kuro5hin.org/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="kuro5hin.org" default_off='failed ruleset test'>
+<ruleset name="kuro5hin.org" default_off="failed ruleset test">
 	<target host="kuro5hin.org" />
 	<target host="www.kuro5hin.org" />
 	<rule from="^http://kuro5hin\.org/" to="https://www.kuro5hin.org/"/>
diff --git a/src/chrome/content/rules/Kursbuero.de.xml b/src/chrome/content/rules/Kursbuero.de.xml
deleted file mode 100644
index 83fd3b030975..000000000000
--- a/src/chrome/content/rules/Kursbuero.de.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-
-	* Refused
-
--->
-<ruleset name="Kursbuero.de (partial)">
-
-	<target host="medienberufe-sde.kursbuero.de" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Kuruc.info.xml b/src/chrome/content/rules/Kuruc.info.xml
index 677de411237c..66d4019aa3b0 100644
--- a/src/chrome/content/rules/Kuruc.info.xml
+++ b/src/chrome/content/rules/Kuruc.info.xml
@@ -1,7 +1,9 @@
 <ruleset name="Kuruc.info">
 	<target host="kuruc.info" />
-	<target host="m.kuruc.info" />
-	<target host="w.kuruc.org" />
+	<target host="kuruc.org" />
 
-	<rule from="^http://(m\.)?(?:kuruc\.info|w\.kuruc\.org)/" to="https://$1kuruc.info/" />
+	<rule from="^http://kuruc\.org/" to="https://kuruc.info/" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Kutub.one.xml b/src/chrome/content/rules/Kutub.one.xml
new file mode 100644
index 000000000000..5e4f21ce69cf
--- /dev/null
+++ b/src/chrome/content/rules/Kutub.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Kutub.one">
+	<target host="kutub.one" />
+	<target host="www.kutub.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/KutubPDFBook.com.xml b/src/chrome/content/rules/KutubPDFBook.com.xml
new file mode 100644
index 000000000000..1c4b336f3dbb
--- /dev/null
+++ b/src/chrome/content/rules/KutubPDFBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="KutubPDFBook.com">
+	<target host="kutubpdfbook.com" />
+	<target host="www.kutubpdfbook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Kvack.org.xml b/src/chrome/content/rules/Kvack.org.xml
index 8ef7b7ad32bb..475896adc5ba 100644
--- a/src/chrome/content/rules/Kvack.org.xml
+++ b/src/chrome/content/rules/Kvack.org.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?kvack\.org/"
 		to="https://kvack.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/KwikSurveys.xml b/src/chrome/content/rules/KwikSurveys.xml
index 46ade1084321..7f94778866ad 100644
--- a/src/chrome/content/rules/KwikSurveys.xml
+++ b/src/chrome/content/rules/KwikSurveys.xml
@@ -5,4 +5,4 @@
 	<securecookie host="^www\.kwiksurveys\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kyani.net.xml b/src/chrome/content/rules/Kyani.net.xml
index 5b4e2c0cc097..37877426ce34 100644
--- a/src/chrome/content/rules/Kyani.net.xml
+++ b/src/chrome/content/rules/Kyani.net.xml
@@ -32,4 +32,4 @@ Fetch error: http://kyani.net/ => https://eu.kyani.net/public/eu/en/main: Too ma
 	<rule from="^http://eu\.kyani\.net/"
 		to="https://eu.kyani.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Kylie.com.xml b/src/chrome/content/rules/Kylie.com.xml
new file mode 100644
index 000000000000..d8824669c254
--- /dev/null
+++ b/src/chrome/content/rules/Kylie.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Kylie.com" >
+
+	<target host="kylie.com" />
+	<target host="www.kylie.com" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/L-rumors.com.xml b/src/chrome/content/rules/L-rumors.com.xml
new file mode 100644
index 000000000000..e48e1512bfe3
--- /dev/null
+++ b/src/chrome/content/rules/L-rumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="L-rumors.com">
+	<target host="l-rumors.com" />
+	<target host="www.l-rumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/L0g.us.xml b/src/chrome/content/rules/L0g.us.xml
index ca3880fdb452..3e8a2867999a 100644
--- a/src/chrome/content/rules/L0g.us.xml
+++ b/src/chrome/content/rules/L0g.us.xml
@@ -5,7 +5,7 @@ Fetch error: http://l0g.us/ => https://l0g.us/: (7, 'Failed to connect to l0g.us
 Fetch error: http://www.l0g.us/ => https://www.l0g.us/: (7, 'Failed to connect to www.l0g.us port 443: No route to host')
 
 -->
-<ruleset name="l0g.us" default_off='failed ruleset test'>
+<ruleset name="l0g.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/L2020.xml b/src/chrome/content/rules/L2020.xml
index 171c0f733583..0d05a61f7c5c 100644
--- a/src/chrome/content/rules/L2020.xml
+++ b/src/chrome/content/rules/L2020.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://l2020.org/ => https://l2020.org/: (51, "SSL: no alternative certificate subject name matches target host name 'l2020.org'")
 Fetch error: http://www.l2020.org/ => https://l2020.org/: (51, "SSL: no alternative certificate subject name matches target host name 'l2020.org'")
 -->
-<ruleset name="Local 20/20" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Local 20/20" platform="mixedcontent" default_off="failed ruleset test">
   <target host="l2020.org" />
   <target host="www.l2020.org" />
 
diff --git a/src/chrome/content/rules/L2C.xml b/src/chrome/content/rules/L2C.xml
index f63a7d64a033..e1db3fffac01 100644
--- a/src/chrome/content/rules/L2C.xml
+++ b/src/chrome/content/rules/L2C.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://l2c.co.kr/ => https://l2c.co.kr/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.l2c.co.kr/ => https://www.l2c.co.kr/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="L2C" default_off='failed ruleset test'>
+<ruleset name="L2C" default_off="failed ruleset test">
 
 	<target host="l2c.co.kr" />
 	<target host="www.l2c.co.kr" />
diff --git a/src/chrome/content/rules/LADSPA.org.xml b/src/chrome/content/rules/LADSPA.org.xml
new file mode 100644
index 000000000000..1272f81bf603
--- /dev/null
+++ b/src/chrome/content/rules/LADSPA.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="LADSPA.org">
+	<target host="ladspa.org" />
+	<target host="www.ladspa.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LANsquared.xml b/src/chrome/content/rules/LANsquared.xml
index ef1587382afa..7c64b54269fb 100644
--- a/src/chrome/content/rules/LANsquared.xml
+++ b/src/chrome/content/rules/LANsquared.xml
@@ -1,7 +1,8 @@
 <ruleset name="LANsquared" default_off="expired, mismatch">
 
 	<target host="lansquared.com" />
-	<target host="*.lansquared.com" />
+	<target host="webmail.lansquared.com" />
+	<target host="www.lansquared.com" />
 
 
 	<securecookie host="^webmail\.lansquared\.com$" name=".+" />
diff --git a/src/chrome/content/rules/LBHF.gov.uk.xml b/src/chrome/content/rules/LBHF.gov.uk.xml
index 7c59c8abf359..d589c072d111 100644
--- a/src/chrome/content/rules/LBHF.gov.uk.xml
+++ b/src/chrome/content/rules/LBHF.gov.uk.xml
@@ -36,7 +36,7 @@ Fetch error: http://www.apps4.lbhf.gov.uk/ => https://www.apps4.lbhf.gov.uk/: (7
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="LBHF.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="LBHF.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="lbhf.gov.uk" />
 	<target host="apps1.lbhf.gov.uk" />
diff --git a/src/chrome/content/rules/LCHost.xml b/src/chrome/content/rules/LCHost.xml
index 39188d26d49a..1e696abeae0e 100644
--- a/src/chrome/content/rules/LCHost.xml
+++ b/src/chrome/content/rules/LCHost.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cloud0.lchost.co.uk/ => https://cloud0.lchost.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="LCHost" default_off='failed ruleset test'>
+<ruleset name="LCHost" default_off="failed ruleset test">
 
 	<target host="lchost.co.uk" />
 	<target host="cloud0.lchost.co.uk" />
diff --git a/src/chrome/content/rules/LEspace_client.fr.xml b/src/chrome/content/rules/LEspace_client.fr.xml
index f80d0f2a739a..747bd7cc1ef8 100644
--- a/src/chrome/content/rules/LEspace_client.fr.xml
+++ b/src/chrome/content/rules/LEspace_client.fr.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.lespaceclient.fr/ => https://www.lespaceclient.fr/: (60,
 	For other Magic Online coverage, see Magic.fr.xml.
 
 -->
-<ruleset name="LEspace client.fr" default_off='failed ruleset test'>
+<ruleset name="LEspace client.fr" default_off="failed ruleset test">
 
 	<target host="lespaceclient.fr" />
 	<target host="www.lespaceclient.fr" />
diff --git a/src/chrome/content/rules/LExpress.fr.xml b/src/chrome/content/rules/LExpress.fr.xml
index 8086553c51ed..c03d4d1a9253 100644
--- a/src/chrome/content/rules/LExpress.fr.xml
+++ b/src/chrome/content/rules/LExpress.fr.xml
@@ -22,13 +22,14 @@
 -->
 <ruleset name="LExpress.fr (partial)">
 
-	<target host="*.lexpress.fr" />
+	<target host="boutique.lexpress.fr" />
+	<target host="media-boutique.lexpress.fr" />
+	<target host="skin-boutique.lexpress.fr" />
 
 
 	<securecookie host="^\.boutique\.lexpress\.fr$" name=".+" />
 
 
-	<rule from="^http://(media-|skin-)?boutique\.lexpress\.fr/"
-		to="https://$1boutique.lexpress.fr/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LFC-Hosting.xml b/src/chrome/content/rules/LFC-Hosting.xml
index 1614979749c1..023b42244f65 100644
--- a/src/chrome/content/rules/LFC-Hosting.xml
+++ b/src/chrome/content/rules/LFC-Hosting.xml
@@ -6,22 +6,18 @@ Fetch error: http://208.68.106.8/ => https://208.68.106.8/: (60, 'SSL certificat
 Automatically by https-everywhere-checker because:
 Fetch error: http://208.68.106.8/ => https://208.68.106.8/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="LFC Hosting" default_off='failed ruleset test'>
+<ruleset name="LFC Hosting" default_off="failed ruleset test">
 
-	<target host="208.68.106.8" />
 	<target host="lfchosting.com" />
-	<target host="*.lfchosting.com" />
+	<target host="account.lfchosting.com" />
+	<target host="cp.lfchosting.com" />
+	<target host="demo.lfchosting.com" />
+	<target host="www.lfchosting.com" />
 
 
 	<securecookie host="^.+\.lfchosting\.com$" name=".+" />
 
 
-	<!--	- Cert only matches IP
-		- Redirects like so
-					-->
-	<rule from="^http://(?:208\.68\.106\.8|webmail\.lfchosting\.com)/"
-		to="https://208.68.106.8/" />
-
 	<!--	www: cert only matches ^lfchosting.com.
 							-->
 	<rule from="^http://(?:((?:account|cp|demo)\.)|www\.)?lfchosting\.com/"
diff --git a/src/chrome/content/rules/LF_Hair.com.xml b/src/chrome/content/rules/LF_Hair.com.xml
index e712ddec0abc..66d3acac327d 100644
--- a/src/chrome/content/rules/LF_Hair.com.xml
+++ b/src/chrome/content/rules/LF_Hair.com.xml
@@ -9,7 +9,7 @@
 <ruleset name="LF Hair.com (partial)">
 
 	<target host="lfhair.com" />
-	<target host="*.lfhair.com" />
+	<target host="www.lfhair.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/LFov.net.xml b/src/chrome/content/rules/LFov.net.xml
index e78d703afd4f..b1dc9acefadc 100644
--- a/src/chrome/content/rules/LFov.net.xml
+++ b/src/chrome/content/rules/LFov.net.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.lfov.net/ => https://www.lfov.net/: (28, 'Connection tim
 	cookie on whichever domain it is loaded from.
 
 -->
-<ruleset name="LFov.net" default_off='failed ruleset test'>
+<ruleset name="LFov.net" default_off="failed ruleset test">
 
 	<target host="lfov.net" />
 	<target host="www.lfov.net" />
@@ -25,4 +25,4 @@ Fetch error: http://www.lfov.net/ => https://www.lfov.net/: (28, 'Connection tim
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LGTM.com.xml b/src/chrome/content/rules/LGTM.com.xml
new file mode 100644
index 000000000000..998b648211a3
--- /dev/null
+++ b/src/chrome/content/rules/LGTM.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="LGTM.com">
+	<target host="lgtm.com" />
+	<target host="www.lgtm.com" />
+	<target host="competitions.lgtm.com" />
+	<target host="discuss.lgtm.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LIHKG.com.xml b/src/chrome/content/rules/LIHKG.com.xml
new file mode 100644
index 000000000000..46321ad49854
--- /dev/null
+++ b/src/chrome/content/rules/LIHKG.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="LIHKG.com">
+	<target host="lihkg.com" />
+	<target host="www.lihkg.com" />
+	<target host="amp.lihkg.com" />
+	<target host="cd-socket-game.lihkg.com" />
+	<target host="cdn.lihkg.com" />
+	<target host="game.lihkg.com" />
+	<target host="pb.lihkg.com" />
+	<target host="r.lihkg.com" />
+	<target host="sendgrid.lihkg.com" />
+	<target host="wtf689.lihkg.com" />
+	<target host="x.lihkg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LINBIT.com-falsemixed.xml b/src/chrome/content/rules/LINBIT.com-falsemixed.xml
deleted file mode 100644
index e66c11ad1bd8..000000000000
--- a/src/chrome/content/rules/LINBIT.com-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://linbit.com/ => https://linbit.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	For rules causing false/broken MCB, see LINBIT.com-falsemixed.xml.
-
--->
-<ruleset name="LINBIT (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="linbit.com" />
-	<target host="www.linbit.com" />
-
-
-	<securecookie host="^(?:.*\.)?linbit\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LINBIT.com.xml b/src/chrome/content/rules/LINBIT.com.xml
new file mode 100644
index 000000000000..bf4dc279a12e
--- /dev/null
+++ b/src/chrome/content/rules/LINBIT.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="LINBIT.com (partial)">
+
+	<target host="linbit.com" />
+	<target host="www.linbit.com" />
+	<target host="blogs.linbit.com" />
+	<target host="docs.linbit.com" />
+	<target host="downloads.linbit.com" />
+	<target host="my.linbit.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LINBIT.xml b/src/chrome/content/rules/LINBIT.xml
deleted file mode 100644
index a7d6d4ad617e..000000000000
--- a/src/chrome/content/rules/LINBIT.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see LINBIT.com-falsemixed.xml.
-
-
-	Mixed content:
-
-		- css on ^ from $self *
-
-		- Images, on:
-
-			- ^ from $self *
-			- blogs from $self
-
-		- favicon on my from www *
-
-	* Secured by us
-
--->
-<ruleset name="LINBIT (partial)">
-
-	<target host="linbit.com" />
-	<target host="www.linbit.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?linbit\.com/+(?!components/|favicon\.ico|images/|libraries/|modules/|plugins/)" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?linbit\.com$" name="^[0-9a-f]{32}$" /-->
-	<!--securecookie host="^my\.linbit\.com$" name="^_skeleton_session$" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LIS.gov.xml b/src/chrome/content/rules/LIS.gov.xml
index 0f088af6db4e..a21b16294883 100644
--- a/src/chrome/content/rules/LIS.gov.xml
+++ b/src/chrome/content/rules/LIS.gov.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.lis.gov/ => https://www.lis.gov/: Too many redirects whi
 
 
 -->
-<ruleset name="LIS.gov" default_off='failed ruleset test'>
+<ruleset name="LIS.gov" default_off="failed ruleset test">
 
 	<target host="lis.gov" />
 	<target host="www.lis.gov" />
diff --git a/src/chrome/content/rules/LIU.se.xml b/src/chrome/content/rules/LIU.se.xml
index c9afd56c1de2..06c95cee19a5 100644
--- a/src/chrome/content/rules/LIU.se.xml
+++ b/src/chrome/content/rules/LIU.se.xml
@@ -1,11 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://moviii.isy.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to connect to moviii.isy.liu.se port 443: Connection refused')
-Fetch error: http://login.lisam.liu.se/ => https://login.lisam.liu.se/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.moviii.isy.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to connect to moviii.isy.liu.se port 443: Connection refused')
-Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to connect to moviii.isy.liu.se port 443: Connection refused')
-
 	Linköping university
 
 	For rules causing false/broken MCB, see LIU.se-falsemixed.xml.
@@ -26,6 +19,9 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 		- www.ek.isy ³
 		- m ⁴
 		- mobil ⁶
+		- moviii ³
+		- moviii.isy ³
+		- www.moviii.isy ³
 		- search ³
 		- sah ⁴
 		- e-go.student ⁷
@@ -45,11 +41,10 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 		- www1.bibl ²
 		- www3.bibl ³
 		- (www.)?commsys.isy ²
-		- www.moviii.isy ³
 		- www.vehicular.isy ³
 		- planet.lysator ⁴
-		- moviii ³
 		- www.stars ⁵
+		- login.lisam ⁵
 
 	¹ Mixed iframe
 	² Mixed css
@@ -88,7 +83,7 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 	* Secured by us
 
 -->
-<ruleset name="LIU.se (partial)" default_off='failed ruleset test'>
+<ruleset name="LIU.se (partial)">
 
 	<!--	Direct rewrites:
 				-->
@@ -115,7 +110,6 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 	<target host="www.fs.isy.liu.se" />
 	<target host="www.icg.isy.liu.se" />
 	<target host="www.ics.isy.liu.se" />
-	<target host="moviii.isy.liu.se" />
 	<target host="people.isy.liu.se" />
 	<target host="www.rt.isy.liu.se" />
 	<target host="users.isy.liu.se" />
@@ -124,12 +118,10 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 	<target host="servlet.it.liu.se" />
 	<target host="www.it.liu.se" />
 	<target host="lisam.liu.se" />
-	<target host="login.lisam.liu.se" />
 	<target host="lith.liu.se" />
 	<target host="www.lith.liu.se" />
 	<target host="login.liu.se" />
 
-	<target host="bugzilla.lysator.liu.se" />
 	<target host="datorhandbok.lysator.liu.se" />
 	<target host="git.lysator.liu.se" />
 	<target host="jskom.lysator.liu.se" />
@@ -145,10 +137,8 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 	<!--	Complications:
 				-->
 	<!--target host="www3.bibl.liu.se" /-->
-	<target host="www.moviii.isy.liu.se" />
 	<target host="www.vehicular.isy.liu.se" />
 	<target host="planet.lysator.liu.se" />
-	<target host="moviii.liu.se" />
 
 		<!--	Mixed css:
 					-->
@@ -166,9 +156,6 @@ Fetch error: http://moviii.liu.se/ => https://moviii.isy.liu.se/: (7, 'Failed to
 	<!--rule from="^http://www3\.bibl\.liu\.se/"
 		to="https://www2.bibl.liu.se/" /-->
 
-	<rule from="^http://(?:www\.moviii\.isy|moviii)\.liu\.se/"
-		to="https://moviii.isy.liu.se/" />
-
 	<rule from="^http://www\.vehicular\.isy\.liu\.se/"
 		to="https://www.fs.isy.liu.se/" />
 
diff --git a/src/chrome/content/rules/LKQD.net.xml b/src/chrome/content/rules/LKQD.net.xml
index 405cf6e86254..a681c9752358 100644
--- a/src/chrome/content/rules/LKQD.net.xml
+++ b/src/chrome/content/rules/LKQD.net.xml
@@ -3,7 +3,7 @@
 		- lookup.lkqd.net
 		- rs-lb-a.lkqd.net
 		- rs-lb-b.lkqd.net
-		
+
 	Timeout
 		- lkqd.net
 		- www.lkqd.net
diff --git a/src/chrome/content/rules/LLS.org.xml b/src/chrome/content/rules/LLS.org.xml
index 3783f6c1bb94..14c43b9170aa 100644
--- a/src/chrome/content/rules/LLS.org.xml
+++ b/src/chrome/content/rules/LLS.org.xml
@@ -47,7 +47,7 @@ Fetch error: http://community.lls.org/ => https://community.lls.org/: (51, "SSL:
 	* Secured by us, doesn't trip MCB anyway
 
 -->
-<ruleset name="LLS.org (partial)" default_off='failed ruleset test'>
+<ruleset name="LLS.org (partial)" default_off="failed ruleset test">
 
 	<target host="community.lls.org" />
 	<target host="www.lls.org" />
diff --git a/src/chrome/content/rules/LLVM.org.xml b/src/chrome/content/rules/LLVM.org.xml
index 1e9590680f39..3a2899f23cb6 100644
--- a/src/chrome/content/rules/LLVM.org.xml
+++ b/src/chrome/content/rules/LLVM.org.xml
@@ -39,6 +39,7 @@
 	<target host="lldb.llvm.org" />
 	<target host="openmp.llvm.org" />
 	<target host="polly.llvm.org" />
+	<target host="releases.llvm.org" />
 	<target host="reviews.llvm.org" />
 	<target host="svn.llvm.org" />
 	<target host="vmkit.llvm.org" />
diff --git a/src/chrome/content/rules/LMU-Muenchen-IFI.xml b/src/chrome/content/rules/LMU-Muenchen-IFI.xml
index 6c84f00c18b2..3d8fef8a457f 100644
--- a/src/chrome/content/rules/LMU-Muenchen-IFI.xml
+++ b/src/chrome/content/rules/LMU-Muenchen-IFI.xml
@@ -1,7 +1,7 @@
 <!--
 	Ludwig-Maximilians-Universitaet Muenchen
 	department: Institute of Informatics / Institut fuer Informatik
-  	
+
 	Ruleset for main page, see LMU-Muenchen.xml
 
 	Error:
@@ -15,7 +15,7 @@
     - www.uniworx.informatik.uni-muenchen.de
     - www.tcs.informatik.uni-muenchen.de
     - www.mmi.ifi.lmu.de
-  
+
 	Do not exist:
 	- ifi.lmu.de
     - informatik.uni-muenchen.de
@@ -42,7 +42,7 @@
   <target host="www.rz.ifi.lmu.de" />
   <target host="tools.rz.ifi.lmu.de" />
   <target host="survey.rz.ifi.lmu.de" />
-  
+
   <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LMU-Muenchen-Library.xml b/src/chrome/content/rules/LMU-Muenchen-Library.xml
index 870730089586..fc6a24e6b09b 100644
--- a/src/chrome/content/rules/LMU-Muenchen-Library.xml
+++ b/src/chrome/content/rules/LMU-Muenchen-Library.xml
@@ -1,12 +1,12 @@
 <!--
 	Ludwig-Maximilians-Universitaet Muenchen
 	department: Library / Bibliothek
-  	
+
 	Ruleset for main page, see LMU-Muenchen.xml
-	
+
 	No https support:
 		- www.ub.uni-muenchen.de
-	
+
 	Do not exist:
 		- ub.uni-muenchen.de
 		- www.opac.ub.uni-muenchen.de
@@ -17,7 +17,7 @@
 <ruleset name="LMU Muenchen Bibliothek">
 	<!-- library -->
 	<target host="opac.ub.uni-muenchen.de" />
-  
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LMU-Muenchen.xml b/src/chrome/content/rules/LMU-Muenchen.xml
index 22bb70da14e6..46a4f9f4701d 100644
--- a/src/chrome/content/rules/LMU-Muenchen.xml
+++ b/src/chrome/content/rules/LMU-Muenchen.xml
@@ -4,7 +4,7 @@
 	Univeristy sites are big. For better maintaining there are seperate rulesets:
 	department: Library / Bibliothek, see LMU-Muenchen-Library.xml
 	department: Institute of Informatics / Institut fuer Informatik, see LMU-Muenchen-IFI.xml
-	
+
 	These altnames don't exist:
 
 		- uni-muenchen.de
@@ -25,7 +25,7 @@
 	<target host="www.uni-muenchen.de" />
 	<target host="cms-static.uni-muenchen.de" />
 	<target host="www.en.uni-muenchen.de" />
-	
+
 	<!-- restricted student sites -->
 	<target host="www.portal.uni-muenchen.de" />
 	<target host="login.portal.uni-muenchen.de" />
diff --git a/src/chrome/content/rules/LPI.org.xml b/src/chrome/content/rules/LPI.org.xml
index 16ffaceb7aa6..9f2c9207517e 100644
--- a/src/chrome/content/rules/LPI.org.xml
+++ b/src/chrome/content/rules/LPI.org.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LPICE.eu.xml b/src/chrome/content/rules/LPICE.eu.xml
index 7e527ba9250a..4ef215709758 100644
--- a/src/chrome/content/rules/LPICE.eu.xml
+++ b/src/chrome/content/rules/LPICE.eu.xml
@@ -1,6 +1,6 @@
 <!--
-	Remark: *.lpice.eu has a wildcard DNS record, wildcard 
-		certificate, HSTS header but lacked a proper setting 
+	Remark: *.lpice.eu has a wildcard DNS record, wildcard
+		certificate, HSTS header but lacked a proper setting
 		to be preload as of May 2017.
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/LSBU.ac.uk.xml b/src/chrome/content/rules/LSBU.ac.uk.xml
index 996d75d3dfd1..6e0da6a159aa 100644
--- a/src/chrome/content/rules/LSBU.ac.uk.xml
+++ b/src/chrome/content/rules/LSBU.ac.uk.xml
@@ -65,7 +65,7 @@ Fetch error: http://vletrain.lsbu.ac.uk/ => https://vletrain.lsbu.ac.uk/: (28, '
 		- .lsbu.ac.uk
 
 -->
-<ruleset name="LSBU.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="LSBU.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LTER.xml b/src/chrome/content/rules/LTER.xml
index 819ef5c0cfff..42187cbfcc82 100644
--- a/src/chrome/content/rules/LTER.xml
+++ b/src/chrome/content/rules/LTER.xml
@@ -16,7 +16,10 @@ Fetch error: http://lternet.edu/ => https://www.lternet.edu/: (35, 'error:140770
 <ruleset name="LTER">
 
 	<target host="lternet.edu" />
-	<target host="*.lternet.edu" />
+	<target host="intranet.lternet.edu" />
+	<target host="intranet2.lternet.edu" />
+	<target host="metacat.lternet.edu" />
+	<target host="www.lternet.edu" />
 		<exclusion pattern="^http://intranet2\.lternet\.edu/(?!misc/|modules/|sites/|(?:track|us)er(?:$|\?|/))" />
 
 
@@ -30,7 +33,6 @@ Fetch error: http://lternet.edu/ => https://www.lternet.edu/: (35, 'error:140770
 	<rule from="^http://intranet2?\.lternet\.edu/"
 		to="https://intranet2.lternet.edu/" />
 
-	<rule from="^http://(metacat|www)\.lternet\.edu/"
-		to="https://$1.lternet.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LTH.se.xml b/src/chrome/content/rules/LTH.se.xml
index 62d5c42fe605..0163f9d69449 100644
--- a/src/chrome/content/rules/LTH.se.xml
+++ b/src/chrome/content/rules/LTH.se.xml
@@ -29,7 +29,7 @@ Fetch error: http://doc.ddg.lth.se/ => https://doc.ddg.lth.se/: (60, 'SSL certif
 		- Image on www from www.lu.se
 
 -->
-<ruleset name="LTH.se (partial)" default_off='failed ruleset test'>
+<ruleset name="LTH.se (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LTRADIO.com.xml b/src/chrome/content/rules/LTRADIO.com.xml
index 9f1a8097a7e8..f8bb414f7752 100644
--- a/src/chrome/content/rules/LTRADIO.com.xml
+++ b/src/chrome/content/rules/LTRADIO.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?ltradio\.com/"
 		to="https://www.ltradio.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LTTStore.com.xml b/src/chrome/content/rules/LTTStore.com.xml
new file mode 100644
index 000000000000..e468bb5253dc
--- /dev/null
+++ b/src/chrome/content/rules/LTTStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LTTStore.com">
+	<target host="lttstore.com" />
+	<target host="www.lttstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LTTng_Project.xml b/src/chrome/content/rules/LTTng_Project.xml
index e4f649971431..e6f09902f56e 100644
--- a/src/chrome/content/rules/LTTng_Project.xml
+++ b/src/chrome/content/rules/LTTng_Project.xml
@@ -19,7 +19,11 @@
 <ruleset name="LTTng.org">
 
 	<target host="lttng.org" />
-	<target host="*.lttng.org" />
+	<target host="bugs.lttng.org" />
+	<target host="ci.lttng.org" />
+	<target host="git.lttng.org" />
+	<target host="lists.lttng.org" />
+	<target host="www.lttng.org" />
 
 
 	<!--	Not secured by server:
@@ -29,7 +33,6 @@
 	<securecookie host="^(?:bugs)?\.lttng\.org$" name=".+" />
 
 
-	<rule from="^http://((?:bugs|ci|git|lists|www)\.)?lttng\.org/"
-		to="https://$1lttng.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LUV.asn.au.xml b/src/chrome/content/rules/LUV.asn.au.xml
deleted file mode 100644
index 8dbc0b998cbf..000000000000
--- a/src/chrome/content/rules/LUV.asn.au.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- lists *
-
-	* 403/404; mismatched, CN: www.luv.asn.au
-
-
-	Problematic subdomains:
-
-		- (www.) ¹
-		- wiki ²
-
-	¹ Works, expired 2013-12-13
-	² Works; mismatched, CN: www.luv.asn.au
-
-
-	Mixed content:
-
-		- Images on ^ from $self *
-
-		- Bugs on ^ from i.creativecommons.org *
-
-	* Secured by us
-
--->
-<ruleset name="LUV.asn.au (partial)" default_off="expired, mismatched">
-
-	<target host="luv.asn.au" />
-	<target host="*.luv.asn.au" />
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^\.linux\.org\.au$" name="^luv_wiki_session$" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^\.linux\.org\.au$" name="^SESS[0-9a-f]{32}$" /-->
-	<!--securecookie host="^www\.linux\.org\.au$" name="^PHPSESSID" /-->
-
-	<securecookie host="^(?:www)?\.linux\.org\.au$" name=".+" />
-
-
-	<rule from="^http://(?:(wiki\.)|www\.)?luv\.asn\.au/"
-		to="https://$1luv.asn.au/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LVOC.org.xml b/src/chrome/content/rules/LVOC.org.xml
index 16661fb4f043..62eb9d393605 100644
--- a/src/chrome/content/rules/LVOC.org.xml
+++ b/src/chrome/content/rules/LVOC.org.xml
@@ -11,7 +11,7 @@
 	ˢ Secured by us
 
 -->
-<ruleset name="LVOC.org" default_off="missing certificate chain">
+<ruleset name="LVOC.org" default_off="cert-chain">
 
 	<target host="lvoc.org" />
 	<target host="*.lvoc.org" />
diff --git a/src/chrome/content/rules/LaCaixa.xml b/src/chrome/content/rules/LaCaixa.xml
index 9054f00182c6..6d15398cc860 100644
--- a/src/chrome/content/rules/LaCaixa.xml
+++ b/src/chrome/content/rules/LaCaixa.xml
@@ -2,7 +2,7 @@
   <target host="lacaixa.es" />
   <target host="*.lacaixa.es" />
 
-  <securecookie host="^(?:.*\.)?lacaixa\.es$" name=".+" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://lacaixa\.es/" to="https://www.lacaixa.es/"/>
   <rule from="^http://([^/:@\.]+)\.lacaixa\.es/" to="https://$1.lacaixa.es/"/>
diff --git a/src/chrome/content/rules/LaDepeche.fr.xml b/src/chrome/content/rules/LaDepeche.fr.xml
index c8f846e5d61c..eba58dfb39cf 100644
--- a/src/chrome/content/rules/LaDepeche.fr.xml
+++ b/src/chrome/content/rules/LaDepeche.fr.xml
@@ -43,7 +43,7 @@
 	<target host="ejournal.ladepeche.fr" />
 	<target host="immo.ladepeche.fr" />
 	<target host="m.ladepeche.fr" />
-	<target host="premium.ladepeche.fr" /> 
+	<target host="premium.ladepeche.fr" />
 	<target host="pro.ladepeche.fr" />
 	<target host="purl.ladepeche.fr" />
 	<target host="static.ladepeche.fr" />
diff --git a/src/chrome/content/rules/La_Cie.com.xml b/src/chrome/content/rules/La_Cie.com.xml
index 2bd32e2da9f2..1dfcd4bbe5f8 100644
--- a/src/chrome/content/rules/La_Cie.com.xml
+++ b/src/chrome/content/rules/La_Cie.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://lacie.com/ => https://www.lacie.com/: Too many redirects whi
 		- www.lacie.com
 
 -->
-<ruleset name="La Cie.com" default_off='failed ruleset test'>
+<ruleset name="La Cie.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/La_Crosse_Alerts.com.xml b/src/chrome/content/rules/La_Crosse_Alerts.com.xml
index 9888993264cd..0ae808b26990 100644
--- a/src/chrome/content/rules/La_Crosse_Alerts.com.xml
+++ b/src/chrome/content/rules/La_Crosse_Alerts.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.lacrossealerts.com/ => https://www.lacrossealerts.com/:
 	^: dropped
 
 -->
-<ruleset name="La Crosse Alerts.com" default_off='failed ruleset test'>
+<ruleset name="La Crosse Alerts.com" default_off="failed ruleset test">
 
 	<target host="lacrossealerts.com" />
 	<target host="www.lacrossealerts.com" />
diff --git a/src/chrome/content/rules/La_Crosse_Technology.com.xml b/src/chrome/content/rules/La_Crosse_Technology.com.xml
index c18d7975e85f..0fd7d63b5f3b 100644
--- a/src/chrome/content/rules/La_Crosse_Technology.com.xml
+++ b/src/chrome/content/rules/La_Crosse_Technology.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://store.lacrossetechnology.com/ => https://store.lacrossetechn
 		- La_Crosse_Alerts.com.xml
 
 -->
-<ruleset name="La Crosse Technology.com" default_off='failed ruleset test'>
+<ruleset name="La Crosse Technology.com" default_off="failed ruleset test">
 
 	<target host="lacrossetechnology.com" />
 	<target host="store.lacrossetechnology.com" />
diff --git a/src/chrome/content/rules/La_Naya_Chocolate.xml b/src/chrome/content/rules/La_Naya_Chocolate.xml
index 8b2180091d87..c7db61ff128c 100644
--- a/src/chrome/content/rules/La_Naya_Chocolate.xml
+++ b/src/chrome/content/rules/La_Naya_Chocolate.xml
@@ -1,7 +1,7 @@
 <ruleset name="La Naya Chocolate">
 	<target host="lanayachocolate.com" />
 	<target host="www.lanayachocolate.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LabCorp.xml b/src/chrome/content/rules/LabCorp.xml
index f6b16b441e26..eb8220342eb3 100644
--- a/src/chrome/content/rules/LabCorp.xml
+++ b/src/chrome/content/rules/LabCorp.xml
@@ -16,7 +16,7 @@ Fetch error: http://hypersend.labcorp.com/ => https://hypersend.labcorp.com/: (2
 		- www.labcorp.com
 
 -->
-<ruleset name="LabCorp.com" default_off='failed ruleset test'>
+<ruleset name="LabCorp.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Labaia.xml b/src/chrome/content/rules/Labaia.xml
index 52b6e39b032a..511fc1a63071 100644
--- a/src/chrome/content/rules/Labaia.xml
+++ b/src/chrome/content/rules/Labaia.xml
@@ -10,7 +10,7 @@ Fetch error: http://labaia.ws/ => https://labaia.ws/: (7, 'Failed to connect to
 		- bayimg	(mismatch; reset)
 
 -->
-<ruleset name="labaia.ws (partial)" default_off='failed ruleset test'>
+<ruleset name="labaia.ws (partial)" default_off="failed ruleset test">
 
 	<target host="labaia.ws" />
 	<target host="*.labaia.ws" />
diff --git a/src/chrome/content/rules/Labix.org.xml b/src/chrome/content/rules/Labix.org.xml
new file mode 100644
index 000000000000..6866571d3d98
--- /dev/null
+++ b/src/chrome/content/rules/Labix.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Nonfunctional hosts in *.labix.org:
+		- 5gram (m)
+		- bzr (s)
+		- godoc (s)
+		- lists (r)
+		- mail (r)
+		- tracker (s)
+		- ubuntu (m)
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Labix.org">
+	<target host="labix.org" />
+	<target host="www.labix.org" />
+	<target host="blog.labix.org" />
+	<target host="www.blog.labix.org" />
+	<target host="humbox1.labix.org" />
+	<target host="snapdocs.labix.org" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/LackName.org.xml b/src/chrome/content/rules/LackName.org.xml
deleted file mode 100644
index 191d58a0c02c..000000000000
--- a/src/chrome/content/rules/LackName.org.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="LackName.org">
-
-	<target host="lackname.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lady_Foot_Locker.xml b/src/chrome/content/rules/Lady_Foot_Locker.xml
index 4db7c8c5d4d9..4a5239db17bc 100644
--- a/src/chrome/content/rules/Lady_Foot_Locker.xml
+++ b/src/chrome/content/rules/Lady_Foot_Locker.xml
@@ -18,7 +18,8 @@
 <ruleset name="Lady Foot Locker">
 
 	<target host="ladyfootlocker.com" />
-	<target host="*.ladyfootlocker.com" />
+	<target host="www.ladyfootlocker.com" />
+	<target host="m.ladyfootlocker.com" />
 
 
 	<securecookie host="^.*\.ladyfootlocker\.com$" name=".+" />
@@ -27,7 +28,6 @@
 	<rule from="^http://(?:www\.)?ladyfootlocker\.com/"
 		to="https://www.ladyfootlocker.com/" />
 
-	<rule from="^http://m\.ladyfootlocker\.com/"
-		to="https://m.ladyfootlocker.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml b/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml
index 1f84a0382b63..c428c8e2fdfe 100644
--- a/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml
+++ b/src/chrome/content/rules/Ladysmith-District-Credit-Union.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ldcu.ca/ => https://ldcu.ca/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
 
 -->
-<ruleset name="Ladysmith District Credit Union" default_off='failed ruleset test'>
+<ruleset name="Ladysmith District Credit Union" default_off="failed ruleset test">
 	<target host="ldcu.ca" />
 	<target host="www.ldcu.ca" />
 	<target host="mdws.ldcu.ca" />
diff --git a/src/chrome/content/rules/Lainfile.pw.xml b/src/chrome/content/rules/Lainfile.pw.xml
deleted file mode 100644
index 1df4027912e7..000000000000
--- a/src/chrome/content/rules/Lainfile.pw.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Lainfile.pw">
-	<target host="lainfile.pw" />
-	<target host="a.lainfile.pw" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lambda-Linux.io.xml b/src/chrome/content/rules/Lambda-Linux.io.xml
index c96b881d9bfd..268739fecf9d 100644
--- a/src/chrome/content/rules/Lambda-Linux.io.xml
+++ b/src/chrome/content/rules/Lambda-Linux.io.xml
@@ -7,7 +7,7 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="lambda-linux.io" />
-	
+
 	<!--	Complications:
 				-->
 	<target host="www.lambda-linux.io" />
diff --git a/src/chrome/content/rules/Landal.xml b/src/chrome/content/rules/Landal.xml
index e16fc60771d6..76931d412240 100644
--- a/src/chrome/content/rules/Landal.xml
+++ b/src/chrome/content/rules/Landal.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
@@ -75,7 +75,7 @@
 	<rule from="^http://landal\.nl/"
 		to="https://www.landal.nl/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Landfall.se.xml b/src/chrome/content/rules/Landfall.se.xml
new file mode 100644
index 000000000000..da296c5a727e
--- /dev/null
+++ b/src/chrome/content/rules/Landfall.se.xml
@@ -0,0 +1,6 @@
+<ruleset name="Landfall.se">
+	<target host="landfall.se" />
+	<target host="www.landfall.se" />
+	<target host="tabz.landfall.se" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lands_End.com.xml b/src/chrome/content/rules/Lands_End.com.xml
index e955b209d6b8..6eece9242f7f 100644
--- a/src/chrome/content/rules/Lands_End.com.xml
+++ b/src/chrome/content/rules/Lands_End.com.xml
@@ -42,7 +42,6 @@
 		to="https://business.landsend.com/" />
 
 
-	<test url="http://business.landsend.com/" />
 	<test url="http://www.landsend.com/pps/r3f9221c/js/_apps/index/app/results/results.directive.html" />
 	<test url="http://www.landsend.com/pps/r3f9221c/js/_apps/index/app/breadcrumb/breadcrumb.directive.html" />
 	<test url="http://www.landsend.com/pps/r3f9221c/js/_apps/index/app/sidebar/sidebar.directive.html" />
diff --git a/src/chrome/content/rules/Landslide.com.xml b/src/chrome/content/rules/Landslide.com.xml
index 3678ddd7fb64..13d3cb5fb69e 100644
--- a/src/chrome/content/rules/Landslide.com.xml
+++ b/src/chrome/content/rules/Landslide.com.xml
@@ -11,10 +11,11 @@ Fetch error: http://landslide.com/ => https://www.campaignercrm.com/: (60, 'SSL
 	(www.): expired 2013-04-20
 
 -->
-<ruleset name="Landslide.com" default_off='failed ruleset test'>
+<ruleset name="Landslide.com" default_off="failed ruleset test">
 
 	<target host="landslide.com" />
-	<target host="*.landslide.com" />
+	<target host="www.landslide.com" />
+	<target host="landslide.landslide.com" />
 
 
 	<securecookie host="^landslide\.landslide\.com$" name=".+" />
@@ -25,7 +26,6 @@ Fetch error: http://landslide.com/ => https://www.campaignercrm.com/: (60, 'SSL
 	<rule from="^http://(?:www\.)?landslide\.com/"
 		to="https://www.campaignercrm.com/" />
 
-	<rule from="^http://landslide\.landslide\.com/"
-		to="https://landslide.landslide.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Langille.org.xml b/src/chrome/content/rules/Langille.org.xml
index 01da1ccf6958..145c6dd5de0d 100644
--- a/src/chrome/content/rules/Langille.org.xml
+++ b/src/chrome/content/rules/Langille.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://dan.langille.org/ => https://dan.langille.org/: (60, 'SSL ce
 	(www.)?langille.org: Plaintext reply
 
 -->
-<ruleset name="Langille.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Langille.org (partial)" default_off="failed ruleset test">
 
 	<target host="dan.langille.org" />
 
diff --git a/src/chrome/content/rules/Langtons.com.au.xml b/src/chrome/content/rules/Langtons.com.au.xml
index 81a17415c1af..796afefcf391 100644
--- a/src/chrome/content/rules/Langtons.com.au.xml
+++ b/src/chrome/content/rules/Langtons.com.au.xml
@@ -3,7 +3,7 @@
 
 
 	Nonfunctional subdomains:
-	
+
 		- links.email	(mismatch hostname, CN: *.ibmmarketingcloud.com)
 		- img		(SSL handshake failed)
 		- promo		(mismatch hostname, CN: *.azurewebsites.net)
diff --git a/src/chrome/content/rules/Language_Perfect.xml b/src/chrome/content/rules/Language_Perfect.xml
index 9b52c8e1b839..0ac075226e4c 100644
--- a/src/chrome/content/rules/Language_Perfect.xml
+++ b/src/chrome/content/rules/Language_Perfect.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?languageperfect\.com/(.+\.(?:jp|pn))g"
 		to="https://d177cien2ijyro.cloudfront.net/$1g" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Langui.sh.xml b/src/chrome/content/rules/Langui.sh.xml
index 73c7f62bd977..60c72d00071d 100644
--- a/src/chrome/content/rules/Langui.sh.xml
+++ b/src/chrome/content/rules/Langui.sh.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.langui.sh/ => https://www.langui.sh/: (51, "SSL: no alternative certificate subject name matches target host name 'www.langui.sh'")
 
 -->
-<ruleset name="langui.sh" default_off='failed ruleset test'>
+<ruleset name="langui.sh" default_off="failed ruleset test">
 
 	<target host="langui.sh" />
 	<target host="www.langui.sh" />
diff --git a/src/chrome/content/rules/Lanik.us.xml b/src/chrome/content/rules/Lanik.us.xml
index a2f52f94840a..a685c3466b04 100644
--- a/src/chrome/content/rules/Lanik.us.xml
+++ b/src/chrome/content/rules/Lanik.us.xml
@@ -20,4 +20,4 @@
 
 	<securecookie host="^forums\.lanik\.us$" name=".+" />
 	<securecookie host="^\.lanik\.us$" name="^__cfduid$" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lansforsakringar.se.xml b/src/chrome/content/rules/Lansforsakringar.se.xml
index 6c44ab6956d2..9d23f9353c2d 100644
--- a/src/chrome/content/rules/Lansforsakringar.se.xml
+++ b/src/chrome/content/rules/Lansforsakringar.se.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://lansforsakringar.se/ => https://www.lansforsakringar.se/: Too many redirects while fetching 'https://www.lansforsakringar.se/'
 Fetch error: http://www.lansforsakringar.se/ => https://www.lansforsakringar.se/: Too many redirects while fetching 'https://www.lansforsakringar.se/'
  This is a swedish insurance company -->
-<ruleset name="Lansforsakringar.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Lansforsakringar.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="lansforsakringar.se" />
 	<target host="www.lansforsakringar.se" />
 	<target host="www1.lansforsakringar.se" />
diff --git a/src/chrome/content/rules/Lanyrd.xml b/src/chrome/content/rules/Lanyrd.xml
deleted file mode 100644
index 5a12b2b33c81..000000000000
--- a/src/chrome/content/rules/Lanyrd.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.lanyrd.net/
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Lanyrd">
-
-	<target host="lanyrd.com" />
-	<target host="www.lanyrd.com" />
-	<target host="static.lanyrd.net" />
-
-
-	<rule from="^http://(www\.)?lanyrd\.com/s(ignin|tatic/)"
-		to="https://$1lanyrd.com/$2" />
-
-	<rule from="^http://static\.lanyrd\.net/"
-		to="https://s3.amazonaws.com/static.lanyrd.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Laptop.hu.xml b/src/chrome/content/rules/Laptop.hu.xml
index fd65fc6888d4..6b67c316d130 100644
--- a/src/chrome/content/rules/Laptop.hu.xml
+++ b/src/chrome/content/rules/Laptop.hu.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.onlinenotebook.hu/ => https://laptop.hu/: (7, 'Failed to
 Fetch error: http://www.laptoplap.hu/ => https://laptop.hu/: (7, 'Failed to connect to laptop.hu port 443: Connection refused')
 Fetch error: http://gfxpro.hu/ => https://gfxpro.hu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Laptop.hu" default_off='failed ruleset test'>
+<ruleset name="Laptop.hu" default_off="failed ruleset test">
 	<target host="laptop.hu" />
 	<target host="www.laptop.hu" />
 	<!-- Image hosting, same server, no HTTPS -> redirect -->
diff --git a/src/chrome/content/rules/Las_Vegas_Review-Journal.xml b/src/chrome/content/rules/Las_Vegas_Review-Journal.xml
index 2e65aad3cb97..c9883730c815 100644
--- a/src/chrome/content/rules/Las_Vegas_Review-Journal.xml
+++ b/src/chrome/content/rules/Las_Vegas_Review-Journal.xml
@@ -23,11 +23,13 @@ Fetch error: http://oneday.lvrj.com/ => https://oneday.lvrj.com/: Redirect for '
 	* Works; mismatched, CN: *.reviewjournal.com
 
 -->
-<ruleset name="Las Vegas Review-Journal (partial)" default_off='failed ruleset test'>
+<ruleset name="Las Vegas Review-Journal (partial)" default_off="failed ruleset test">
 
 	<target host="oneday.lvrj.com" />
 	<target host="reviewjournal.com" />
-	<target host="*.reviewjournal.com" />
+	<target host="www.reviewjournal.com" />
+	<target host="myrjnewsstand.reviewjournal.com" />
+	<target host="obits.reviewjournal.com" />
 
 
 	<!--	Tracking cookie:
@@ -48,4 +50,4 @@ Fetch error: http://oneday.lvrj.com/ => https://oneday.lvrj.com/: Redirect for '
 	<rule from="^http://obits\.reviewjournal\.com/(favicon\.ico|Obituaries/(?:AffiliateAdvertisement\.axd|AffiliateArtwork\.axd|_(?:cs|j)s/)|obituaries/lvrj/(?:Images/|ObitsTileCorner\.axd|scripts/)|sites/)"
 		to="https://www.legacy.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lasallehs.net.xml b/src/chrome/content/rules/Lasallehs.net.xml
index 10bd7a9fc7f4..a6f096810fb3 100644
--- a/src/chrome/content/rules/Lasallehs.net.xml
+++ b/src/chrome/content/rules/Lasallehs.net.xml
@@ -5,7 +5,7 @@
     <target host="powerschool.lasallehs.net" />
     <target host="ps-img.lasallehs.net" />
 
-    <securecookie host=".*\.lasallehs\.net" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Last.fm.xml b/src/chrome/content/rules/Last.fm.xml
index 381160043fa6..9976edf64f11 100644
--- a/src/chrome/content/rules/Last.fm.xml
+++ b/src/chrome/content/rules/Last.fm.xml
@@ -43,7 +43,7 @@
 	<target host="static.last.fm" />
 	<target host="static-web.last.fm" />
 	<target host="store.last.fm" />
-	
+
 	<!-- Not secured by server: -->
 	<!--securecookie host="^(?:secure|www)\.last\.fm$" name="^csrftoken$" /-->
 	<securecookie host="^\w" name=".+" />
diff --git a/src/chrome/content/rules/LastStopShop.co.nz.xml b/src/chrome/content/rules/LastStopShop.co.nz.xml
deleted file mode 100644
index 56a1e226293c..000000000000
--- a/src/chrome/content/rules/LastStopShop.co.nz.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Woolworths coverage, see Woolworths.com.au.xml
-
-
-	Nonfunctional subdomains:
-	
-		- links.email	(mismatch hostname, CN: *.ibmmarketingcloud.com)
-		- img		(SSL handshake failed)
-		- promo		(mismatch hostname, CN: *.azurewebsites.net)
-		- test	(mismatch hostname, CN: *.nzwinesociety.co.nz)
-
--->
-<ruleset name="LastStopShop.co.nz">
-
-	<target host="laststopshop.co.nz" />
-	<target host="www.laststopshop.co.nz" />
-	<target host="media.laststopshop.co.nz" />
-	<target host="www-lss-sit.laststopshop.co.nz" />
-
-	<securecookie host="^(www\.)?laststopshop\.co\.nz$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/LastStopShop.com.au.xml b/src/chrome/content/rules/LastStopShop.com.au.xml
deleted file mode 100644
index ce555d69bce6..000000000000
--- a/src/chrome/content/rules/LastStopShop.com.au.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Woolworths coverage, see Woolworths.com.au.xml
-
-
-	Nonfunctional subdomains:
-		- www.$self	(HTTP 410 error)
-		- links.email	(mismatch hostname, CN: *.ibmmarketingcloud.com)
-		- img		(SSL handshake failed)
-		- promo		(mismatch hostname, CN: *.azurewebsites.net)
-		- test	(mismatch hostname, CN: *.nzwinesociety.co.nz)
-
--->
-<ruleset name="LastStopShop.com.au">
-
-	<target host="laststopshop.com.au" />
-	<target host="media.laststopshop.com.au" />
-	<target host="www-lss-sit.laststopshop.com.au" />
-
-	<securecookie host="^(www\.)?laststopshop\.com\.au$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lastlog.de.xml b/src/chrome/content/rules/Lastlog.de.xml
index 6b6c36181916..cfb91affdd72 100644
--- a/src/chrome/content/rules/Lastlog.de.xml
+++ b/src/chrome/content/rules/Lastlog.de.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.lastlog.de/ => https://www.lastlog.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lastlog.de'")
 
 -->
-<ruleset name="lastlog.de" default_off='failed ruleset test'>
+<ruleset name="lastlog.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Lastminute.xml b/src/chrome/content/rules/Lastminute.xml
index 18d247f8294b..0a4d47febc57 100644
--- a/src/chrome/content/rules/Lastminute.xml
+++ b/src/chrome/content/rules/Lastminute.xml
@@ -62,7 +62,7 @@ Fetch error: http://it.lastminute.com/ => https://www.it.lastminute.com/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="Lastminute.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Lastminute.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Launchpad.xml b/src/chrome/content/rules/Launchpad.xml
index 2f2b28786a95..54b809012989 100644
--- a/src/chrome/content/rules/Launchpad.xml
+++ b/src/chrome/content/rules/Launchpad.xml
@@ -67,7 +67,7 @@
 			<test url="http://feeds.launchpad.net/" />
 			<test url="http://feeds.launchpad.net/rohc/announcements.atom" />
 			<test url="http://ppa.launchpad.net/" />
-			
+
 
 		<test url="http://answers.launchpad.net/" />
 		<test url="http://bazaar.launchpad.net/" />
@@ -83,9 +83,7 @@
 
 
 	<!--	Not secured by server:
-					-->
-	<securecookie host="^(?:.*\.)?launchpad\.net$" name=".+" />
-    <securecookie host="^(?:.*\.)?launchpadlibrarian\.net$" name=".+" />
+					-->    <securecookie host="^(?:.*\.)?launchpadlibrarian\.net$" name=".+" />
 
     <exclusion pattern="^http://blog\.launchpad\.net/" />
     <exclusion pattern="^http://news\.launchpad\.net/" />
diff --git a/src/chrome/content/rules/Laup.xml b/src/chrome/content/rules/Laup.xml
index 65380f93f806..9334c01f7cce 100644
--- a/src/chrome/content/rules/Laup.xml
+++ b/src/chrome/content/rules/Laup.xml
@@ -13,4 +13,4 @@ Fetch error: http://laup.nu/ => https://laup.nu/: (35, 'error:140770FC:SSL routi
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lavabit.xml b/src/chrome/content/rules/Lavabit.xml
deleted file mode 100644
index d561fd64d694..000000000000
--- a/src/chrome/content/rules/Lavabit.xml
+++ /dev/null
@@ -1,76 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.lavabit.com/ => https://www.lavabit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lavabit.com'")
-
-chain issues:
-
-	linux1.hosting.lavabit.com
-	linux2.hosting.lavabit.com
-	mail.hosting.lavabit.com
-	mysql.hosting.lavabit.com
-	pgsql.hosting.lavabit.com
-	stats.hosting.lavabit.com
-	windows2.hosting.lavabit.com
-	www.hosting.lavabit.com
-	144-72.249.41.lavabit.com
-	165-72.249.41.lavabit.com
-
-cert mismatch:
-	ashlee.lavabit.com
-	osheana.virtual.lavabit.com
-
-(still) expired:
-	hosting.lavabit.com
-	windows1.hosting.lavabit.com
-
-no response:
-	alexis.lavabit.com check
-	click.lavabit.com
-	liberty.lavabit.com
-	alexis.lavabit.com
-	vpn.lavabit.com
-	hayden.virtual.lavabit.com
-	risa.virtual.lavabit.com
-	ns1.lavabit.com
-	ns2.lavabit.com
-	ns3.lavabit.com
-	ns4.lavabit.com
-	mistress.stacie.lavabit.com
-	ns1.hosting.lavabit.com
-	ns2.hosting.lavabit.com
-	karen.lavabit.com
-	lacey.lavabit.com
-	mssql.hosting.lavabit.com
-
-can't be resolved:
-
-	www.liberty.lavabit.com
-	(www.)admin.lavabit.com
-
-Self-Signed:
-	mercurial.stacie.lavabit.com
-	rogers.virtual.lavabit.com
-
-Timeout:
-	michelle.lavabit.com
-	minnie.ashlee.lavabit.com
-	gw.lavabit.com
-	genny.hosting.lavabit.com
-	gina.hosting.lavabit.com
-	brooke.virtual.lavabit.com
-	butters.virtual.lavabit.com
--->
-<ruleset name="Lavabit"  default_off='failed ruleset test'>
-	<target host="lavabit.com" />
-	<target host="www.lavabit.com" />
-	<target host="dana.ashlee.lavabit.com" />
-	<target host="dana.lavabit.com" />
-	<target host="git.lavabit.com" />
-
-
-	<securecookie host="^(?:.+\.)?lavabit\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Lavaboom.com.xml b/src/chrome/content/rules/Lavaboom.com.xml
index 5e56658bab6b..8dc5f2228aa3 100644
--- a/src/chrome/content/rules/Lavaboom.com.xml
+++ b/src/chrome/content/rules/Lavaboom.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://www.lavaboom.com/ => https://www.lavaboom.com/: (60, 'SSL ce
 		- technical.lavaboom.com
 
 -->
-<ruleset name="Lavaboom.com" default_off='failed ruleset test'>
+<ruleset name="Lavaboom.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Laverna.xml b/src/chrome/content/rules/Laverna.xml
index a6481297856b..9286b81d9182 100644
--- a/src/chrome/content/rules/Laverna.xml
+++ b/src/chrome/content/rules/Laverna.xml
@@ -1,6 +1,6 @@
 <ruleset name="Laverna">
 	<target host="laverna.cc" />
-	<target host="*.laverna.cc" />
+	<target host="www.laverna.cc" />
 
 	<rule from="^http://(?:www\.)?laverna\.cc/"
 		to="https://laverna.cc/" />
diff --git a/src/chrome/content/rules/Law_Business_Research_CDN.xml b/src/chrome/content/rules/Law_Business_Research_CDN.xml
deleted file mode 100644
index d90a216a565a..000000000000
--- a/src/chrome/content/rules/Law_Business_Research_CDN.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- cdn.lbresearch.com	(times out)
-
-
-	s3-external-3.amazonaws.com/s3.lbrcdn.net/ doesn't work.
-
--->
-<ruleset name="Law Business Research CDN (partial)">
-
-	<target host="s3.lbrcdn.net" />
-	<target host="s3.lbrcdn.net.s3-external-3.amazonaws.com" />
-
-
-	<rule from="^http://s3\.lbrcdn\.net(?:\.s3-external-3\.amazonaws\.com)?/"
-		to="https://s3-eu-west-1.amazonaws.com/s3.lbrcdn.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Law_School_Admission_Council.xml b/src/chrome/content/rules/Law_School_Admission_Council.xml
index 3ff7d230e730..e0d2951d8576 100644
--- a/src/chrome/content/rules/Law_School_Admission_Council.xml
+++ b/src/chrome/content/rules/Law_School_Admission_Council.xml
@@ -18,9 +18,9 @@
 	<target host="os.lsac.org" />
 
 
-	<securecookie host="^.+\.lsac\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml b/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml
index d11cabd1df68..c5711d7e7dbf 100644
--- a/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml
+++ b/src/chrome/content/rules/Lawrence-Livermore-National-Laboratory.xml
@@ -40,7 +40,7 @@ Fetch error: http://publicaffairs.llnl.gov/ => https://publicaffairs.llnl.gov/:
 	ˢ Secured by us
 
 -->
-<ruleset name="LLNL.gov" default_off='failed ruleset test'>
+<ruleset name="LLNL.gov" default_off="failed ruleset test">
 
 	<target host="llnl.gov" />
 	<target host="*.llnl.gov" />
diff --git a/src/chrome/content/rules/Lawyermarketing.com.xml b/src/chrome/content/rules/Lawyermarketing.com.xml
new file mode 100644
index 000000000000..c599ffbdc53c
--- /dev/null
+++ b/src/chrome/content/rules/Lawyermarketing.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="FindLaw LawyerMarketing">
+    <target host="lawyermarketing.com" />
+    <target host="www.lawyermarketing.com" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LayerBNC.org.xml b/src/chrome/content/rules/LayerBNC.org.xml
deleted file mode 100644
index 17eba987dc29..000000000000
--- a/src/chrome/content/rules/LayerBNC.org.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	NB: Tor users cannot view* this website due to CloudFlare settings.
-
-	See:
-
-		- https://blog.torproject.org/blog/call-arms-helping-internet-services-accept-anonymous-users
-		- https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-
-		- https://support.cloudflare.com/hc/en-us/articles/200170206-How-do-I-turn-I-m-Under-Attack-mode-on-
-
-	* without enabling javascript, for security and privacy implications see e.g.:
-
-		- https://www.mozilla.org/security/known-vulnerabilities/firefox.html
-		- https://trac.torproject.org/projects/tor/query?status=!closed&keywords=~tbb-fingerprinting
-		- https://panopticlick.eff.org
-
-
-	Insecure cookies are set for these domains:
-
-		- .layerbnc.org
-
--->
-<ruleset name="LayerBNC.org">
-
-	<target host="layerbnc.org" />
-	<target host="www.layerbnc.org" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.layerbnc\.org$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Layne_Publications.xml b/src/chrome/content/rules/Layne_Publications.xml
index 5ce40afa6f2b..1227c39c5201 100644
--- a/src/chrome/content/rules/Layne_Publications.xml
+++ b/src/chrome/content/rules/Layne_Publications.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LazyCoins.com.xml b/src/chrome/content/rules/LazyCoins.com.xml
index c360f11111f4..b12cc021f819 100644
--- a/src/chrome/content/rules/LazyCoins.com.xml
+++ b/src/chrome/content/rules/LazyCoins.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.lazycoins.com/ => https://www.lazycoins.com/: (28, 'Conn
 		- .lazycoins.com
 
 -->
-<ruleset name="LazyCoins.com" default_off='failed ruleset test'>
+<ruleset name="LazyCoins.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Lazy_Kush.xml b/src/chrome/content/rules/Lazy_Kush.xml
index 570d4cc571f8..98051856b2ed 100644
--- a/src/chrome/content/rules/Lazy_Kush.xml
+++ b/src/chrome/content/rules/Lazy_Kush.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lb.ca.xml b/src/chrome/content/rules/Lb.ca.xml
index 1791005b60c2..910a6d78703b 100644
--- a/src/chrome/content/rules/Lb.ca.xml
+++ b/src/chrome/content/rules/Lb.ca.xml
@@ -4,7 +4,7 @@
 		- (www.)?
 
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- lb.ca
 		- www.lb.ca
diff --git a/src/chrome/content/rules/LeFebvre.org.xml b/src/chrome/content/rules/LeFebvre.org.xml
index 23ea378f85fc..f0867a7e426e 100644
--- a/src/chrome/content/rules/LeFebvre.org.xml
+++ b/src/chrome/content/rules/LeFebvre.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://lefebvre.org/ => https://lefebvre.org/: (51, "SSL: no alternative certificate subject name matches target host name 'lefebvre.org'")
 
 -->
-<ruleset name="LeFebvre.org" default_off='failed ruleset test'>
+<ruleset name="LeFebvre.org" default_off="failed ruleset test">
 
 	<target host="lefebvre.org" />
 	<target host="www.lefebvre.org" />
diff --git a/src/chrome/content/rules/LeMonde.fr.xml b/src/chrome/content/rules/LeMonde.fr.xml
index 9614267cc77f..8314361409ee 100644
--- a/src/chrome/content/rules/LeMonde.fr.xml
+++ b/src/chrome/content/rules/LeMonde.fr.xml
@@ -83,7 +83,7 @@
 		paroles2chansons.lemonde.fr
 
 -->
-<ruleset name="LeMonde.fr" platform="mixedcontent">
+<ruleset name="LeMonde.fr" >
 
 	<target host="www.lemonde.fr" />
 	<target host="abo.lemonde.fr" />
@@ -148,7 +148,7 @@
 
 	<rule from="^http://(contact|info)\.lemonde\.fr/"
 		to="https://www.lemonde.fr/service/qui_sommes_nous.html" />
-	
+
 	<rule from="^http://formule1\.lemonde\.fr/"
 		to="https://www.lemonde.fr/formule-1/" />
 
diff --git a/src/chrome/content/rules/LePoing.net.xml b/src/chrome/content/rules/LePoing.net.xml
new file mode 100644
index 000000000000..35385a8a63ab
--- /dev/null
+++ b/src/chrome/content/rules/LePoing.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.lepoing.net
+-->
+<ruleset name="LePoing.net">
+
+	<target host="lepoing.net" />
+	<target host="www.lepoing.net" />
+
+	<rule from="^http://www\.lepoing\.net/"
+		to="https://lepoing.net/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Le_Loop.org.xml b/src/chrome/content/rules/Le_Loop.org.xml
index dbb71f3d7f30..27103c2b960c 100644
--- a/src/chrome/content/rules/Le_Loop.org.xml
+++ b/src/chrome/content/rules/Le_Loop.org.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.leloop.org/ => https://www.leloop.org/: (60, 'SSL certif
 		- links.leloop.org
 
 -->
-<ruleset name="Le Loop.org" default_off='failed ruleset test'>
+<ruleset name="Le Loop.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -29,7 +29,7 @@ Fetch error: http://www.leloop.org/ => https://www.leloop.org/: (60, 'SSL certif
 	<target host="paste.leloop.org" />
 	<target host="wiki.leloop.org" />
 	<target host="www.leloop.org" />
-        			
+
 
 	<!--	Not secured by server:
 					-->
diff --git a/src/chrome/content/rules/LeadPages.net.xml b/src/chrome/content/rules/LeadPages.net.xml
index 4bcf72096267..528bde1beccf 100644
--- a/src/chrome/content/rules/LeadPages.net.xml
+++ b/src/chrome/content/rules/LeadPages.net.xml
@@ -12,7 +12,7 @@
 	<target host="blog.leadpages.net" />
 	<target host="consultants.leadpages.net" />
 	<target host="lp.leadpages.net" />
-	<target host="lps.leadpages.net" />	
+	<target host="lps.leadpages.net" />
 	<target host="marketplace.leadpages.net" />
 	<target host="my.leadpages.net" />
 	<target host="podcast.leadpages.net" />
diff --git a/src/chrome/content/rules/LeadSpend.com.xml b/src/chrome/content/rules/LeadSpend.com.xml
index 38524e8f9004..5e3d50ce3bbd 100644
--- a/src/chrome/content/rules/LeadSpend.com.xml
+++ b/src/chrome/content/rules/LeadSpend.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://leadspend.com/ => https://leadspend.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="LeadSpend.com (partial)" default_off='failed ruleset test'>
+<ruleset name="LeadSpend.com (partial)" default_off="failed ruleset test">
 
 	<target host="leadspend.com" />
 	<target host="www.leadspend.com" />
diff --git a/src/chrome/content/rules/Leader-Manager.com.xml b/src/chrome/content/rules/Leader-Manager.com.xml
deleted file mode 100644
index cd81a4b85daf..000000000000
--- a/src/chrome/content/rules/Leader-Manager.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	www: dropped
-
--->
-<ruleset name="Leader-Manager.com">
-
-	<target host="leader-manager.com" />
-	<target host="www.leader-manager.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^leader-manager\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?leader-manager\.com/"
-		to="https://leader-manager.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Leader-Technologies.xml b/src/chrome/content/rules/Leader-Technologies.xml
index 61cb372cd016..eba6d6916743 100644
--- a/src/chrome/content/rules/Leader-Technologies.xml
+++ b/src/chrome/content/rules/Leader-Technologies.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.leadertech.com/ => https://www.leadertech.com/: (60, 'SS
 		- Online-Register.xml
 
 -->
-<ruleset name="Leader Technologies" default_off='failed ruleset test'>
+<ruleset name="Leader Technologies" default_off="failed ruleset test">
 
 	<target host="leadertech.com" />
 	<target host="www.leadertech.com" />
diff --git a/src/chrome/content/rules/Leader.xml b/src/chrome/content/rules/Leader.xml
deleted file mode 100644
index 92be246212af..000000000000
--- a/src/chrome/content/rules/Leader.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other News-Gazette coverage, see News-Gazette.xml
-
-
-	- !www: mismatched, CN: digital.news-gazette.com
-	- Some pages redirect to http
-
--->
-<ruleset name="The Leader (partial)">
-
-	<target host="leaderlandnews.com" />
-	<target host="www.leaderlandnews.com" />
-
-
-	<rule from="^http://(?:www\.)?leaderlandnews\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.leaderlandnews.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Leadnow.xml b/src/chrome/content/rules/Leadnow.xml
index 2d4d903b3056..df227206f5e3 100644
--- a/src/chrome/content/rules/Leadnow.xml
+++ b/src/chrome/content/rules/Leadnow.xml
@@ -2,10 +2,10 @@
 
 	<!--	Cert: *.heroku.com	-->
 	<target host="leadnow.ca" />
-	<target host="*.leadnow.ca" />
+	<target host="www.leadnow.ca" />
 
 
-	<securecookie host="^(?:.*\.)?leadnow\.ca$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Neither !www nor www redirect to the other,
diff --git a/src/chrome/content/rules/Leadwerks.com.xml b/src/chrome/content/rules/Leadwerks.com.xml
index 625a62ec629e..31a2fe521cfc 100644
--- a/src/chrome/content/rules/Leadwerks.com.xml
+++ b/src/chrome/content/rules/Leadwerks.com.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(www\.)?leadwerks\.com/(favicon\.ico|files/|img/|scripts/|/?werkspace/(?:cache/|cometchat/|index\.php|/?public/|uploads/))"
 		to="https://$1leadwerks.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/League_of_Legends.com.xml b/src/chrome/content/rules/League_of_Legends.com.xml
index 8a3d180feb42..0c5ae8e21ac2 100644
--- a/src/chrome/content/rules/League_of_Legends.com.xml
+++ b/src/chrome/content/rules/League_of_Legends.com.xml
@@ -14,10 +14,6 @@
 
 			- gameinfo.na
 
-		- dx0wf1fepagqw.cloudfront.net
-
-			- cdn
-
 		- competitive-akamai.edgesuite.net
 
 			- competitive.na
@@ -96,7 +92,6 @@
 	<target host="signup.leagueoflegends.com" />
 	<target host="www.leagueoflegends.com" />
 	<target host="pbesignup.na.leagueoflegends.com" />
-	<target host="pbesignup.euw.leagueoflegends.com" />
 	<target host="account.leagueoflegends.com" />
 	<target host="ddragon.leagueoflegends.com" />
 	<target host="cdn.leagueoflegends.com" />
@@ -105,17 +100,6 @@
 	<target host="ask.leagueoflegends.com" />
 	<target host="battlegrounds.leagueoflegends.com" />
 
-	<!--	Server sets Secure for:
-					-->
-	<!--securecookie host="^support\.leagueoflegends\.com$" name=".+" /-->
-
-	<rule from="^http://cdn\.leagueoflegends\.com/"
-		to="https://dx0wf1fepagqw.cloudfront.net/" />
-
-	<rule from="^http://support\.leagueoflegends\.com/"
-		to="https://support.riotgames.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Leakedsource.com.xml b/src/chrome/content/rules/Leakedsource.com.xml
index 2ff49afe39a2..e2934a4aa6bf 100644
--- a/src/chrome/content/rules/Leakedsource.com.xml
+++ b/src/chrome/content/rules/Leakedsource.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://id.leakedsource.com/ => https://id.leakedsource.com/: (6, 'C
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="LeakedSource.com" default_off='failed ruleset test'>
+<ruleset name="LeakedSource.com" default_off="failed ruleset test">
 
 	<target host="leakedsource.com" />
 	<target host="id.leakedsource.com" />
diff --git a/src/chrome/content/rules/LeanCrew.com.xml b/src/chrome/content/rules/LeanCrew.com.xml
new file mode 100644
index 000000000000..b0ba59d4e365
--- /dev/null
+++ b/src/chrome/content/rules/LeanCrew.com.xml
@@ -0,0 +1,10 @@
+<!--
+	LeanCrew.com has a wildcard DNS record, but the certificate is only valid for ^.
+-->
+<ruleset name="LeanCrew.com">
+	<target host="leancrew.com" />
+	<target host="www.leancrew.com" />
+
+	<rule from="^http://www\.leancrew\.com/" to="https://leancrew.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leanpub.com.xml b/src/chrome/content/rules/Leanpub.com.xml
index 043dc34f2d8a..7cc7620d28a6 100644
--- a/src/chrome/content/rules/Leanpub.com.xml
+++ b/src/chrome/content/rules/Leanpub.com.xml
@@ -1,28 +1,14 @@
 <!--
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Refused
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- blog.leanpub.com
+		- samples.leanpub.com
 -->
 <ruleset name="Leanpub.com (partial)">
-
 	<target host="leanpub.com" />
-	<target host="*.leanpub.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?leanpub\.com$" name="^AWSELB$" /-->
-
-	<securecookie host="^(?:www\.)?leanpub\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?leanpub\.com/"
-		to="https://$1leanpub.com/" />
+	<target host="www.leanpub.com" />
 
-	<rule from="^http://samples\.leanpub\.com/"
-		to="https://s3.amazonaws.com/samples.leanpub.com/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Leap_Motion.xml b/src/chrome/content/rules/Leap_Motion.xml
index e6c51255c3de..8873a81039d5 100644
--- a/src/chrome/content/rules/Leap_Motion.xml
+++ b/src/chrome/content/rules/Leap_Motion.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Learn-C.org.xml b/src/chrome/content/rules/Learn-C.org.xml
index ce843c539136..cc7df3c5216d 100644
--- a/src/chrome/content/rules/Learn-C.org.xml
+++ b/src/chrome/content/rules/Learn-C.org.xml
@@ -1,16 +1,16 @@
 <!--
 	Related Rulesets:
 		Learn-Cpp.org.xml
-		Learn-GoLang.org.xml	
+		Learn-GoLang.org.xml
 		Learn-JS.org.xml
-		Learn-HTML.org.xml	
+		Learn-HTML.org.xml
 		Learn-PHP.org.xml
 		Learn-Perl.org.xml
 		LearnCS.org.xml
 		LearnJavaOnline.org.xml
 		LearnPython.org.xml
 		LearnShell.org.xml
-		LearnRubyOnline.org.xml 
+		LearnRubyOnline.org.xml
 -->
 <ruleset name="Learn-C.org">
 	<target host="learn-c.org" />
diff --git a/src/chrome/content/rules/LearnShare.com.xml b/src/chrome/content/rules/LearnShare.com.xml
index 9444f79ce526..d1d73a93dfb0 100644
--- a/src/chrome/content/rules/LearnShare.com.xml
+++ b/src/chrome/content/rules/LearnShare.com.xml
@@ -5,9 +5,9 @@
 	<target host="www.learnshare.com" />
 
 
-	<securecookie host="(?:.+\.)?learnshare\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LearnXInYMinutes.com.xml b/src/chrome/content/rules/LearnXInYMinutes.com.xml
new file mode 100644
index 000000000000..5beee6671997
--- /dev/null
+++ b/src/chrome/content/rules/LearnXInYMinutes.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- www.learnxinyminutes.com
+-->
+<ruleset name="LearnXInYMinutes.com">
+	<target host="learnxinyminutes.com" />
+	<target host="www.learnxinyminutes.com" />
+
+	<rule from="^http://www\.learnxinyminutes\.com/" to="https://learnxinyminutes.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LeaseRig.net.xml b/src/chrome/content/rules/LeaseRig.net.xml
index 48340cecc8f1..90ccd9e064a5 100644
--- a/src/chrome/content/rules/LeaseRig.net.xml
+++ b/src/chrome/content/rules/LeaseRig.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://leaserig.net/ => https://leaserig.net/: (7, 'Failed to conne
 Fetch error: http://www.leaserig.net/ => https://www.leaserig.net/: (7, 'Failed to connect to www.leaserig.net port 443: Connection refused')
 
 -->
-<ruleset name="LeaseRig.net" default_off='failed ruleset test'>
+<ruleset name="LeaseRig.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LeaseWeb.xml b/src/chrome/content/rules/LeaseWeb.xml
index be742f4f1cd1..9478fa0f4023 100644
--- a/src/chrome/content/rules/LeaseWeb.xml
+++ b/src/chrome/content/rules/LeaseWeb.xml
@@ -22,7 +22,7 @@
 	<target host="auth.leaseweb.com" />
 	<target host="mirror.leaseweb.com" />
 	<target host="secure.leaseweb.com" />
-	
+
 	<target host="mirror.ams1.nl.leaseweb.net" />
 	<target host="mirror.dal10.us.leaseweb.net" />
 	<target host="mirror.de.leaseweb.net" />
@@ -36,7 +36,7 @@
 	<target host="mirror.sin11.sg.leaseweb.net" />
 	<target host="mirror.syd10.au.leaseweb.net" />
 	<target host="mirror.us.leaseweb.net" />
-	<target host="mirror.wdc1.us.leaseweb.net" />	
+	<target host="mirror.wdc1.us.leaseweb.net" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Lecanardenchaine.fr.xml b/src/chrome/content/rules/Lecanardenchaine.fr.xml
new file mode 100644
index 000000000000..f438d0e9f790
--- /dev/null
+++ b/src/chrome/content/rules/Lecanardenchaine.fr.xml
@@ -0,0 +1,7 @@
+<ruleset name="Lecanardenchaine.fr">
+	<target host="lecanardenchaine.fr" />
+	<target host="www.lecanardenchaine.fr" />
+	<target host="abonnement.lecanardenchaine.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ledevoir.com.xml b/src/chrome/content/rules/Ledevoir.com.xml
new file mode 100644
index 000000000000..065eddf4392c
--- /dev/null
+++ b/src/chrome/content/rules/Ledevoir.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *.ledevoir.com:
+		- elections.ledevoir.com m
+		- m.ledevoir.com m
+		- www.offres.ledevoir.com m
+		- www.preprod.ledevoir.com m
+		- www.abonnement.preprod.ledevoir.com m
+		- jesoutiens.preprod.ledevoir.com m
+		- jesoutiens.ledevoir.com t
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ledevoir.com">
+	<target host="ledevoir.com" />
+	<target host="www.ledevoir.com" />
+	<target host="abonnement.ledevoir.com" />
+	<target host="admin.ledevoir.com" />
+	<target host="boutique.ledevoir.com" />
+	<target host="mail.ledevoir.com" />
+	<target host="media1.ledevoir.com" />
+	<target host="media2.ledevoir.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host="^ledevoir\.com$" name=".+" />
+	<securecookie host="^boutique\.ledevoir\.com$" name=".+" />
+	<securecookie host="^media1\.ledevoir\.com$" name=".+" />
+	<securecookie host="^media2\.ledevoir\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ledgerscope.xml b/src/chrome/content/rules/Ledgerscope.xml
index 1cb4c9e86f2a..1be38a099cab 100644
--- a/src/chrome/content/rules/Ledgerscope.xml
+++ b/src/chrome/content/rules/Ledgerscope.xml
@@ -5,7 +5,7 @@ Fetch error: http://ledgerscope.net/ => https://ledgerscope.net/: (51, "SSL: no
 Fetch error: http://www.ledgerscope.net/ => https://www.ledgerscope.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ledgerscope.net'")
 
 -->
-<ruleset name="Ledgerscope" default_off='failed ruleset test'>
+<ruleset name="Ledgerscope" default_off="failed ruleset test">
 	<target host="ledgerscope.net" />
 	<target host="www.ledgerscope.net" />
 	<target host="check.ledgerscope.com" />
diff --git a/src/chrome/content/rules/Leeds.ac.uk-falsemixed.xml b/src/chrome/content/rules/Leeds.ac.uk-falsemixed.xml
deleted file mode 100644
index 39af9d454215..000000000000
--- a/src/chrome/content/rules/Leeds.ac.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see University_of_Leeds.xml.
-
--->
-<ruleset name="Leeds.ac.uk (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.geog.leeds.ac.uk" />
-	<target host="hr.leeds.ac.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Leet_Media.com.xml b/src/chrome/content/rules/Leet_Media.com.xml
index 5cb37668b6c0..bbbfd0ddebf8 100644
--- a/src/chrome/content/rules/Leet_Media.com.xml
+++ b/src/chrome/content/rules/Leet_Media.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://leetmedia.com/ => https://leetmedia.com/: (28, 'Operation timed out after 15000 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Leet Media.com" default_off='failed ruleset test'>
+<ruleset name="Leet Media.com" default_off="failed ruleset test">
 
 	<target host="leetmedia.com" />
 	<target host="www.leetmedia.com" />
diff --git a/src/chrome/content/rules/Leetway.com.xml b/src/chrome/content/rules/Leetway.com.xml
index b53916add92d..993008e0ad81 100644
--- a/src/chrome/content/rules/Leetway.com.xml
+++ b/src/chrome/content/rules/Leetway.com.xml
@@ -34,7 +34,7 @@ Fetch error: http://leetway.com/ => https://leetway.com/: (28, 'Operation timed
 	and css from (www.).
 
 -->
-<ruleset name="Leetway.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Leetway.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="leetway.com" />
 	<target host="www.leetway.com" />
diff --git a/src/chrome/content/rules/Lef.org.xml b/src/chrome/content/rules/Lef.org.xml
deleted file mode 100644
index 43c22b56bf76..000000000000
--- a/src/chrome/content/rules/Lef.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Life Extension Magazine">
-  <target host="www.lef.org"/>
-  <target host="lef.org"/>
-
-  <rule from="^http://(?:www\.)?lef\.org/" to="https://www.lef.org/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Legacy.com.xml b/src/chrome/content/rules/Legacy.com.xml
index 40840728b54c..605aba0b1dfa 100644
--- a/src/chrome/content/rules/Legacy.com.xml
+++ b/src/chrome/content/rules/Legacy.com.xml
@@ -1,68 +1,44 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mi.legacy.com/ => https://mi.legacy.com/: Too many redirects while fetching 'https://mi.legacy.com/'
-Fetch error: http://static.legacy.com/ => https://static.legacy.com/: Too many redirects while fetching 'https://static.legacy.com/'
-
-	CDN buckets:
-
-		- legacy.o.miisolutions.net
-
-
-	Nonfunctional hosts in *legacy.com:
-
-		- (www.)? ᵈ
-		- static.cms ³
-
-	³ 503
-	ᵈ Dropped
-
-
-	Problematic hosts in *legacy.com:
-
-		- ak-static ᴬ
-		- (www.)?connect ᵐ
-		- mi-cache ᴬ
-		- mi-static ᴬ
+	Invalid certificate:
+		- static.cms.legacy.com
+		- connect.legacy.com
+		- www.connect.legacy.com
 
-	ᴬ Akamai / mismatched
-	ᵐ Mismatched
-
-
-	Partially covered hosts in *legacy.com:
-
-		- memorialwebsites *
-
-	* Some pages redirect to http
+	Partially redirects to HTTP:
+		- memorialwebsites.legacy.com
 
+	Timed out:
+		- legacy.com, equivalent to www.legacy.com
 -->
-<ruleset name="Legacy.com (partial)" default_off='failed ruleset test'>
 
+<ruleset name="Legacy.com (partial)">
+	<target host="legacy.com" />
+	<target host="www.legacy.com" />
+	<target host="ak-static.legacy.com" />
 	<target host="blog.legacy.com" />
 	<target host="cache.legacy.com" />
+	<target host="cms.legacy.com" />
 	<target host="media2.legacy.com" />
 	<target host="memorialwebsites.legacy.com" />
+		<!-- Redirects to HTTP -->
+		<exclusion pattern="^http://memorialwebsites\.legacy\.com/(.*/)?(Homepage|InvalidPage)\.aspx" />
+			<test url="http://memorialwebsites.legacy.com/Homepage.aspx" />
+			<test url="http://memorialwebsites.legacy.com/InvalidPage.aspx" />
+			<test url="http://memorialwebsites.legacy.com/mi/Homepage.aspx" />
+			<test url="http://memorialwebsites.legacy.com/mi/InvalidPage.aspx" />
 	<target host="mi.legacy.com" />
+	<target host="mi-cache.legacy.com" />
+	<target host="mi-static.legacy.com" />
 	<target host="static.legacy.com" />
 	<target host="sympathy.legacy.com" />
 
-		<!--	Redirects to http:
-						-->
-		<exclusion pattern="^http://memorialwebsites\.legacy\.com/(?:.*/)?InvalidPage\.aspx" />
-
-			<!--	+ve:
-					-->
-			<test url="http://memorialwebsites.legacy.com/InvalidPage.aspx" />
-			<test url="http://memorialwebsites.legacy.com/bar/InvalidPage.aspx" />
-			<test url="http://memorialwebsites.legacy.com/foo/InvalidPage.aspx" />
-
-
 	<securecookie host=".+" name="^optimizely" />
 	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
 	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http://legacy\.com/"
+		to="https://www.legacy.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Legal_Directores.xml b/src/chrome/content/rules/Legal_Directores.xml
index 9a25d38b0702..112150cff77d 100644
--- a/src/chrome/content/rules/Legal_Directores.xml
+++ b/src/chrome/content/rules/Legal_Directores.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LegiScan.com.xml b/src/chrome/content/rules/LegiScan.com.xml
index 834f89d23fd5..1b1e08cbcadf 100644
--- a/src/chrome/content/rules/LegiScan.com.xml
+++ b/src/chrome/content/rules/LegiScan.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://acme.legiscan.com/ => https://acme.legiscan.com/: (60, 'SSL
 		- .legiscan.com
 
 -->
-<ruleset name="LegiScan.com" default_off='failed ruleset test'>
+<ruleset name="LegiScan.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Legolanddiscoverycenter.xml b/src/chrome/content/rules/Legolanddiscoverycenter.xml
index 6d79a0b2749b..b8087da3e03a 100644
--- a/src/chrome/content/rules/Legolanddiscoverycenter.xml
+++ b/src/chrome/content/rules/Legolanddiscoverycenter.xml
@@ -15,7 +15,7 @@ Fetch error: http://secure.legolanddiscoverycentre.co.uk/ => https://secure.lego
 
 	¹ cert mismatch
 -->
-<ruleset name="LEGOLAND Discovery Centre" default_off='failed ruleset test'>
+<ruleset name="LEGOLAND Discovery Centre" default_off="failed ruleset test">
 	<target host="legolanddiscoverycenter.com" />
 	<target host="secure.legolanddiscoverycenter.com" />
 	<target host="www.legolanddiscoverycenter.com" />
@@ -23,7 +23,7 @@ Fetch error: http://secure.legolanddiscoverycentre.co.uk/ => https://secure.lego
 	<target host="legolanddiscoverycentre.co.uk" />
 	<target host="www.legolanddiscoverycentre.co.uk" />
 	<target host="secure.legolanddiscoverycentre.co.uk" />
-	
+
 	<target host="legolanddiscoverycentre.ca" />
 	<target host="www.legolanddiscoverycentre.ca" />
 
diff --git a/src/chrome/content/rules/Legolas-Media.xml b/src/chrome/content/rules/Legolas-Media.xml
deleted file mode 100644
index 4e11b20eb137..000000000000
--- a/src/chrome/content/rules/Legolas-Media.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For problematic rules, see Legolas-Media-mismatches.xml.
-
--->
-<ruleset name="Legolas Media (partial)">
-
-	<target host="*.legolas-media.com" />
-
-
-	<!--	Set by rt:
-				-->
-	<securecookie host="^\.legolas-media\.com$" name="^uid$" />
-
-
-	<rule from="^http://rt\.legolas-media\.com/"
-		to="https://rt.legolas-media.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Leia_Jung.org.xml b/src/chrome/content/rules/Leia_Jung.org.xml
index 3a4cd5382306..e5b631850e46 100644
--- a/src/chrome/content/rules/Leia_Jung.org.xml
+++ b/src/chrome/content/rules/Leia_Jung.org.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?leiajung\.org/"
 		to="https://leiajung.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml b/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml
index 26b612ed7ed0..e4e36d279a49 100644
--- a/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml
+++ b/src/chrome/content/rules/Leibniz_Supercomputing_Centre.xml
@@ -12,7 +12,7 @@ Fetch error: http://idportal.lrz-muenchen.de/ => https://idportal.lrz-muenchen.d
 		- servicedesk.lrz.de
 
 -->
-<ruleset name="Leibniz Supercomputing Centre" default_off='failed ruleset test'>
+<ruleset name="Leibniz Supercomputing Centre" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Leiden_Univ.nl.xml b/src/chrome/content/rules/Leiden_Univ.nl.xml
index ad717e676954..6f0bad7dcf7b 100644
--- a/src/chrome/content/rules/Leiden_Univ.nl.xml
+++ b/src/chrome/content/rules/Leiden_Univ.nl.xml
@@ -78,14 +78,33 @@
 -->
 <ruleset name="Leiden Univ.nl (partial)">
 
-	<target host="*.leidenuniv.nl" />
+	<target host="beeldbank.leidenuniv.nl" />
+	<target host="www.beeldbank.leidenuniv.nl" />
+	<target host="blackboard.leidenuniv.nl" />
+	<target host="disc.leidenuniv.nl" />
+	<target host="www.disc.leidenuniv.nl" />
+	<target host="lic.leidenuniv.nl" />
+	<target host="biosyn.lic.leidenuniv.nl" />
+	<target host="www.math.leidenuniv.nl" />
+	<target host="media.leidenuniv.nl" />
+	<target host="nepo.leidenuniv.nl" />
+	<target host="openaccess.leidenuniv.nl" />
+	<target host="socrates.leidenuniv.nl" />
+	<target host="lcserver.strw.leidenuniv.nl" />
+	<target host="studiegids.leidenuniv.nl" />
+	<target host="uaccess.leidenuniv.nl" />
+	<target host="login.uaccess.leidenuniv.nl" />
+	<target host="usis.leidenuniv.nl" />
+	<target host="weblog.leidenuniv.nl" />
+	<target host="webmail.leidenuniv.nl" />
+	<target host="physics.leidenuniv.nl" />
+	<target host="www.physics.leidenuniv.nl" />
 		<exclusion pattern="^http://biosyn\.lic\.leidenuniv\.nl/+(?!files/|modules/|sites/)" />
 
 
-	<rule from="^http://((?:www\.)?beeldbank|blackboard|(?:www\.)?disc|lic|biosyn\.lic|www\.math|media|nepo|openaccess|socrates|lcserver\.strw|studiegids|(?:login\.)?uaccess|usis|weblog|webmail)\.leidenuniv\.nl/"
-		to="https://$1.leidenuniv.nl/" />
 
 	<rule from="^http://(?:www\.)?physics\.leidenuniv\.nl/"
 		to="https://www.physics.leidenuniv.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lemde.fr.xml b/src/chrome/content/rules/Lemde.fr.xml
index 93686988d36a..bf57487b0e1c 100644
--- a/src/chrome/content/rules/Lemde.fr.xml
+++ b/src/chrome/content/rules/Lemde.fr.xml
@@ -16,7 +16,7 @@
 		<test url="http://s1.lemde.fr/medias/web/1.2.702/img/placeholder/ratio-7.svg" />
 	<target host="s2.lemde.fr" />
 		<test url="http://s2.lemde.fr/medias/web/1.2.702/img/placeholder/ratio-7.svg" />
-    
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Lending-Club.xml b/src/chrome/content/rules/Lending-Club.xml
deleted file mode 100644
index 4ae836cc6556..000000000000
--- a/src/chrome/content/rules/Lending-Club.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Non-functional subdomains:
-		- blog		(unknown protocol)
-		- ir	        (failed connection)
-		- kb		(hostname mismatch, CN: a248.e.akamai.net)
-		- mail		(hostname mismatch, CN: vpn.tlcinternal.com)
--->
-
-<ruleset name="Lending Club (partial)">
-	<target host=        "lendingclub.com" />
-	<target host=   "help.lendingclub.com" />
-	<target host="reviews.lendingclub.com" />
-	<target host=    "www.lendingclub.com" />
-
-  	<securecookie host="^www\.lendingclub\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lendo.se.xml b/src/chrome/content/rules/Lendo.se.xml
index 055941699345..bb5df0ce05cc 100644
--- a/src/chrome/content/rules/Lendo.se.xml
+++ b/src/chrome/content/rules/Lendo.se.xml
@@ -18,7 +18,7 @@
 <ruleset name="Lendo.se (partial)">
 
 	<target host="lendo.se" />
-	<target host="*.lendo.se" />
+	<target host="www.lendo.se" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Lengow.com.xml b/src/chrome/content/rules/Lengow.com.xml
deleted file mode 100644
index f8610d5e6919..000000000000
--- a/src/chrome/content/rules/Lengow.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="lengow.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="tracking.lengow.com" />
-
-		<test url="http://tracking.lengow.com/tos_ssl.js" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lenos-Software.xml b/src/chrome/content/rules/Lenos-Software.xml
deleted file mode 100644
index 5c3b4e2548b3..000000000000
--- a/src/chrome/content/rules/Lenos-Software.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Lenos Softwarse (partial)">
-
-	<target host="secure.lenos.com"/>
-
-	<securecookie host="^secure\.lenos\.com$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lenovo.com.cn.xml b/src/chrome/content/rules/Lenovo.com.cn.xml
index fc0396a7d703..2671a2af6c1f 100644
--- a/src/chrome/content/rules/Lenovo.com.cn.xml
+++ b/src/chrome/content/rules/Lenovo.com.cn.xml
@@ -43,7 +43,7 @@ Fetch error: http://welfare.lenovo.com.cn/ => https://welfare.lenovo.com.cn/: (2
 		iknow.lenovo.com.cn	( https://iknow.lenovo.com.cn/detail/dc_153184.html )
 		m.lenovo.com.cn
 -->
-<ruleset name="lenovo.com.cn" default_off='failed ruleset test'>
+<ruleset name="lenovo.com.cn" default_off="failed ruleset test">
 	<target host="www.lenovo.com.cn" />
 	<target host="buy.lenovo.com.cn" />
 	<target host="17.lenovo.com.cn" />
diff --git a/src/chrome/content/rules/Leo.org.xml b/src/chrome/content/rules/Leo.org.xml
index 04eb3bd5dd19..8447edc05b04 100644
--- a/src/chrome/content/rules/Leo.org.xml
+++ b/src/chrome/content/rules/Leo.org.xml
@@ -1,20 +1,58 @@
 <!--
-	Time out:
+	Encoding error:
+		frde.leo.org
+
+	Invalid certificate:
+		advert-nue.leo.org
+		redir-muc.leo.org
+
+	Refused:
 		bar.leo.org
-		redir.leo.org
+		t.cdn.leo.org
+		tndict.leo.org
 
+	Timeout:
+		q.cdn.leo.org
+		dz-becan12.leo.org
+		mx.leo.org
+		ns-1.leo.org
+		ns-2.leo.org
+		ns1.leo.org
+		ns2.leo.org
+		ns3.leo.org
 -->
-<ruleset name="Leo.org (partial)">
+<ruleset name="Leo.org">
 
 	<target host="leo.org" />
 	<target host="www.leo.org" />
+	<target host="advert.leo.org" />
+		<test url="http://advert.leo.org/adv_pda" />
+	<target host="beta.leo.org" />
+	<target host="bwww.leo.org" />
 	<target host="dict.leo.org" />
 	<target host="www.dict.leo.org" />
+	<target host="dict-muc.leo.org" />
+	<target host="dict-nue.leo.org" />
+	<target host="ende.leo.org" />
+	<target host="esde.leo.org" />
+	<target host="itde.leo.org" />
+	<target host="mobile.leo.org" />
+	<target host="mobile-muc.leo.org" />
+	<target host="mobile-nue.leo.org" />
 	<target host="pda.leo.org" />
 	<target host="www.pda.leo.org" />
+	<target host="pda-muc.leo.org" />
+	<target host="pda-nue.leo.org" />
+	<target host="prev1.leo.org" />
+	<target host="prev2.leo.org" />
+	<target host="prev3.leo.org" />
+	<target host="redir.leo.org" />
+	<target host="rude.leo.org" />
 	<target host="tdict.leo.org" />
+	<target host="tpda.leo.org" />
+	<target host="twww.leo.org" />
+	<target host="zhde.leo.org" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Leona.my.xml b/src/chrome/content/rules/Leona.my.xml
new file mode 100644
index 000000000000..dc911d2b3f82
--- /dev/null
+++ b/src/chrome/content/rules/Leona.my.xml
@@ -0,0 +1,10 @@
+<ruleset name="Leona.my">
+	<target host="leona.my" />
+	<target host="www.leona.my" />
+	<target host="cpanel.leona.my" />
+	<target host="mail.leona.my" />
+	<target host="webdisk.leona.my" />
+	<target host="webmail.leona.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leroy_Farmer_City_Press.xml b/src/chrome/content/rules/Leroy_Farmer_City_Press.xml
deleted file mode 100644
index 43bef015be9c..000000000000
--- a/src/chrome/content/rules/Leroy_Farmer_City_Press.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other News-Gazette coverage, see News-Gazette.xml
-
-
-	- !www: mismatched, CN: digital.news-gazette.com
-	- Some pages redirect to http
-
--->
-<ruleset name="Leroy Farmer City Press (partial)">
-
-	<target host="leroyfcpress.com" />
-	<target host="www.leroyfcpress.com" />
-
-
-	<rule from="^http://(?:www\.)?leroyfcpress\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.leroyfcpress.com/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LesFurets.com.xml b/src/chrome/content/rules/LesFurets.com.xml
deleted file mode 100644
index 529373e37953..000000000000
--- a/src/chrome/content/rules/LesFurets.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2f59t599bk8ak.cloudfront.net
-
-			- cdn.lesfurets.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="LesFurets.com (partial)">
-
-	<target host="cdn.lesfurets.com" />
-
-
-	<rule from="^http://cdn\.lesfurets\.com/"
-		to="https://d2f59t599bk8ak.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LesInrocks.com.xml b/src/chrome/content/rules/LesInrocks.com.xml
index cc3579e51d6e..f273ded097f3 100644
--- a/src/chrome/content/rules/LesInrocks.com.xml
+++ b/src/chrome/content/rules/LesInrocks.com.xml
@@ -6,7 +6,7 @@
 		mon-compte.lesinrocks.com
 		revue-du-web.lesinrocks.com
 		statics.lesinrocks.com
-		
+
 	Time out:
 		lesinrocks.com
 		blogs.lesinrocks.com
@@ -49,7 +49,7 @@
 	<rule from="^http://lesinrocks\.com/"
 		to="https://www.lesinrocks.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/LesLumieresdOrient.com.xml b/src/chrome/content/rules/LesLumieresdOrient.com.xml
new file mode 100644
index 000000000000..db29cdac45c8
--- /dev/null
+++ b/src/chrome/content/rules/LesLumieresdOrient.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Les Lumières D'Orient.com">
+	<target host="leslumieresdorient.com" />
+	<target host="www.leslumieresdorient.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LessThan3.xml b/src/chrome/content/rules/LessThan3.xml
index 0f4faab0f614..9f95070ceac1 100644
--- a/src/chrome/content/rules/LessThan3.xml
+++ b/src/chrome/content/rules/LessThan3.xml
@@ -9,13 +9,13 @@
 <ruleset name="LessThan3" default_off="mismatched">
 
 	<target host="lessthan3.com" />
-	<target host="*.lessthan3.com" />
+	<target host="www.lessthan3.com" />
+	<target host="media.lessthan3.com" />
 
 
 	<rule from="^http://(?:www\.)?lessthan3\.com/"
 		to="https://www.lessthan3.com/" />
 
-	<rule from="^http://media\.lessthan3\.com/"
-		to="https://media.lessthan3.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LessWrong.com.xml b/src/chrome/content/rules/LessWrong.com.xml
new file mode 100644
index 000000000000..58ed4ab7e653
--- /dev/null
+++ b/src/chrome/content/rules/LessWrong.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		images.lesswrong.com
+
+-->
+<ruleset name="LessWrong.com">
+
+	<target host="lesswrong.com" />
+	<target host="www.lesswrong.com" />
+	<target host="wiki.lesswrong.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lessig_for_president.com.xml b/src/chrome/content/rules/Lessig_for_president.com.xml
index e69f2395a7e8..2fee85ec6fc5 100644
--- a/src/chrome/content/rules/Lessig_for_president.com.xml
+++ b/src/chrome/content/rules/Lessig_for_president.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.lessigforpresident.com/ => https://www.lessigforpresiden
 		- .lessigforpresident.com
 
 -->
-<ruleset name="Lessig for president.com" default_off='failed ruleset test'>
+<ruleset name="Lessig for president.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Lester_Chan.net.xml b/src/chrome/content/rules/Lester_Chan.net.xml
index 96af4228621a..d73a04d6008c 100644
--- a/src/chrome/content/rules/Lester_Chan.net.xml
+++ b/src/chrome/content/rules/Lester_Chan.net.xml
@@ -20,29 +20,11 @@
 -->
 <ruleset name="Lester Chan.net">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="lesterchan.net" />
-	<target host="www.lesterchan.net" />
-
-	<!--	Complications:
-				-->
 	<target host="lc2.lcstatic.net" />
 
 	<target host="lesterchan.lesterchan.netdna-cdn.com" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^lesterchan\.net$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^lesterchan\.net$" name=".+" />
-
-
 	<rule from="^http://l(?:c2\.lcstatic\.net|esterchan\.lesterchan\.netdna-cdn\.com)/"
 		to="https://lesterchan-lesterchan.netdna-ssl.com/" />
 
-	<rule from="^http:"
-		to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/LetMeTurnTheTables.com.xml b/src/chrome/content/rules/LetMeTurnTheTables.com.xml
new file mode 100644
index 000000000000..93b9d2441069
--- /dev/null
+++ b/src/chrome/content/rules/LetMeTurnTheTables.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Secure Connection Failed:
+		fr.letmeturnthetables.com
+-->
+<ruleset name="LetMeTurnTheTables.com">
+	<target host="letmeturnthetables.com" />
+	<target host="www.letmeturnthetables.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lets_Encrypt.org.xml b/src/chrome/content/rules/Lets_Encrypt.org.xml
index 6df8c770110f..85b79864ceec 100644
--- a/src/chrome/content/rules/Lets_Encrypt.org.xml
+++ b/src/chrome/content/rules/Lets_Encrypt.org.xml
@@ -1,19 +1,26 @@
+<!--
+	Invalid certificate:
+		- ocsp.int-x3.letsencrypt.org
+-->
 <ruleset name="Lets Encrypt.org">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="community.letsencrypt.org" />
-	<target host="helloworld.letsencrypt.org" />
 	<target host="letsencrypt.org" />
 	<target host="www.letsencrypt.org" />
-
-		<test url="http://letsencrypt.org/repository/" />
-
+	<target host="acme-staging.api.letsencrypt.org" />
+	<target host="acme-staging-v02.api.letsencrypt.org" />
+	<target host="acme-v01.api.letsencrypt.org" />
+	<target host="acme-v02.api.letsencrypt.org" />
+	<target host="community.letsencrypt.org" />
+	<target host="cps.letsencrypt.org" />
+	<target host="helloworld.letsencrypt.org" />
+	<target host="cert.int-x3.letsencrypt.org" />
+	<target host="cp.root-x1.letsencrypt.org" />
+	<target host="cps.root-x1.letsencrypt.org" />
+	<target host="status.letsencrypt.org" />
+	<target host="valid-isrgrootx1.letsencrypt.org" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml b/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml
index 0610625418a9..b073b720cf03 100644
--- a/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml
+++ b/src/chrome/content/rules/Lets_Talk_Bitcoin.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.letstalkbitcoin.com/ => https://www.letstalkbitcoin.com/
 		- .letstalkbitcoin.com
 
 -->
-<ruleset name="Lets Talk Bitcoin.com" default_off='failed ruleset test'>
+<ruleset name="Lets Talk Bitcoin.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Letterboxd.com.xml b/src/chrome/content/rules/Letterboxd.com.xml
index ec4988bdf4ff..34800b6c9aed 100644
--- a/src/chrome/content/rules/Letterboxd.com.xml
+++ b/src/chrome/content/rules/Letterboxd.com.xml
@@ -2,21 +2,21 @@
 	<target host="letterboxd.com" />
 	<target host="www.letterboxd.com" />
 
-<!-- 
-	the following subdomains don't support https yet but are listed here for reference 
+<!--
+	the following subdomains don't support https yet but are listed here for reference
 -->
 
 <!-- 	<target host="news.letterboxd.com" /> -->
 <!-- 	<target host="embed.letterboxd.com" /> -->
 <!-- 	<target host="feedback.letterboxd.com" /> -->
 
-<!-- 
-	there is also ltrbxd.com which appears to be mainly used for a cdn. 
-	However not all subdomains work correctly with https. For example, 
-	every file on a.ltrbxd.com is also available on skyfall.a.ltrbxd.com, 
-	oblivion.a.ltrbxd.com etc. These servers can be accessed with https 
-	but browsers will display errors/warnings because there is only a 
-	wildcard certificate for *.ltrbxd.com and not one for each of the subdomains. 
+<!--
+	there is also ltrbxd.com which appears to be mainly used for a cdn.
+	However not all subdomains work correctly with https. For example,
+	every file on a.ltrbxd.com is also available on skyfall.a.ltrbxd.com,
+	oblivion.a.ltrbxd.com etc. These servers can be accessed with https
+	but browsers will display errors/warnings because there is only a
+	wildcard certificate for *.ltrbxd.com and not one for each of the subdomains.
 -->
 
 	<target host="a.ltrbxd.com" />
@@ -26,8 +26,6 @@
 	<target host="s2.ltrbxd.com" />
 <!-- 	<target host="*.s2.ltrbxd.com" /> -->
 
-	<test url="http://letterboxd.com/" />
-	<test url="http://www.letterboxd.com/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Level1Techs.com.xml b/src/chrome/content/rules/Level1Techs.com.xml
new file mode 100644
index 000000000000..953bd327292f
--- /dev/null
+++ b/src/chrome/content/rules/Level1Techs.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Level1Techs.com">
+	<target host="level1techs.com" />
+	<target host="www.level1techs.com" />
+	<target host="forum.level1techs.com" />
+	<target host="store.level1techs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Leveson_Inquiry.xml b/src/chrome/content/rules/Leveson_Inquiry.xml
index 8f8a3cecc3ee..a05c4e1919cb 100644
--- a/src/chrome/content/rules/Leveson_Inquiry.xml
+++ b/src/chrome/content/rules/Leveson_Inquiry.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.levesoninquiry.org.uk/ => https://www.levesoninquiry.org
 	!www doesn't work.
 
 -->
-<ruleset name="The Leveson Inquiry" default_off='failed ruleset test'>
+<ruleset name="The Leveson Inquiry" default_off="failed ruleset test">
 
 	<target host="levesoninquiry.org.uk" />
 	<target host="www.levesoninquiry.org.uk" />
diff --git a/src/chrome/content/rules/Levo.com.xml b/src/chrome/content/rules/Levo.com.xml
deleted file mode 100644
index 15351da7d1e7..000000000000
--- a/src/chrome/content/rules/Levo.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Other Levo League rulesets:
-
-		- Levo_League.com.xml
-
-	Invalid certificate:
-		horizon.levo.com
-		link.levo.com
-
-	Login required:
-		leaders.levo.com
-
-	Time out:
-		ttd.levo.com
-
-    Redirect to HTTP:
-        pages.levo.com ( https://pages.levo.com/guides/ , https://pages.levo.com/jetset/ )
-
--->
-<ruleset name="Levo.com">
-
-	<target host="levo.com" />
-	<target host="www.levo.com" />
-	<target host="support.levo.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Levonline.com.xml b/src/chrome/content/rules/Levonline.com.xml
index 9bac1432012d..aa0048a70bfa 100644
--- a/src/chrome/content/rules/Levonline.com.xml
+++ b/src/chrome/content/rules/Levonline.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lh.co.th.xml b/src/chrome/content/rules/Lh.co.th.xml
index f149de25759d..9f4e422a051c 100644
--- a/src/chrome/content/rules/Lh.co.th.xml
+++ b/src/chrome/content/rules/Lh.co.th.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://lh.co.th/ => https://www.lh.co.th/: (7, 'Failed to connect to www.lh.co.th port 443: Connection refused')
 Fetch error: http://www.lh.co.th/ => https://www.lh.co.th/: (7, 'Failed to connect to www.lh.co.th port 443: Connection refused')
 -->
-<ruleset name="Lh.co.th" default_off='failed ruleset test'>
+<ruleset name="Lh.co.th" default_off="failed ruleset test">
   <target host="lh.co.th" />
   <target host="www.lh.co.th" />
 
diff --git a/src/chrome/content/rules/Li.ru.xml b/src/chrome/content/rules/Li.ru.xml
new file mode 100644
index 000000000000..369416ce99cb
--- /dev/null
+++ b/src/chrome/content/rules/Li.ru.xml
@@ -0,0 +1,11 @@
+<!--
+	For other LiveInternet coverage, see LiveInternet.ru.xml.
+-->
+<ruleset name="Li.ru">
+	<target host="li.ru" />
+	<target host="www.li.ru" />
+	<target host="captcha.li.ru" />
+	<target host="i.li.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiLux.lu.xml b/src/chrome/content/rules/LiLux.lu.xml
index d1ce47089107..9698faede84c 100644
--- a/src/chrome/content/rules/LiLux.lu.xml
+++ b/src/chrome/content/rules/LiLux.lu.xml
@@ -17,13 +17,14 @@
 <ruleset name="LiLux.lu">
 
 	<target host="lilux.lu" />
-	<target host="*.lilux.lu" />
+	<target host="lists.lilux.lu" />
+	<target host="mail.lilux.lu" />
+	<target host="www.lilux.lu" />
 
 
 	<securecookie host="^(?:mail|www)\.lilux\.lu$" name=".+" />
 
 
-	<rule from="^http://((?:lists|mail|www)\.)?lilux\.lu/"
-		to="https://$1lilux.lu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LibApps.com.xml b/src/chrome/content/rules/LibApps.com.xml
index 39c1b06222ec..1bfd7cafe95a 100644
--- a/src/chrome/content/rules/LibApps.com.xml
+++ b/src/chrome/content/rules/LibApps.com.xml
@@ -1,7 +1,7 @@
 <!--
 	For other Springshare coverage, see Springshare.xml.
-	
-	
+
+
 	CDN buckets:
 
 		- s3.amazonaws.com/libapps/
diff --git a/src/chrome/content/rules/LibGen.is.xml b/src/chrome/content/rules/LibGen.is.xml
new file mode 100644
index 000000000000..2fa1c3ddbea9
--- /dev/null
+++ b/src/chrome/content/rules/LibGen.is.xml
@@ -0,0 +1,6 @@
+<ruleset name="LibGen.is">
+	<target host="libgen.is" />
+	<target host="www.libgen.is" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibGuides.xml b/src/chrome/content/rules/LibGuides.xml
index 143f0382be16..8212e4b50f31 100644
--- a/src/chrome/content/rules/LibGuides.xml
+++ b/src/chrome/content/rules/LibGuides.xml
@@ -13,7 +13,7 @@ Fetch error: http://libguides.com/ => https://libguides.com/: Cycle detected - U
 		- lgimages.s3.amazonaws.com
 
 -->
-<ruleset name="LibGuides" default_off='failed ruleset test'>
+<ruleset name="LibGuides" default_off="failed ruleset test">
 
 	<target host="libguides.com" />
 	<target host="*.libguides.com" />
diff --git a/src/chrome/content/rules/Libarchive.org.xml b/src/chrome/content/rules/Libarchive.org.xml
new file mode 100644
index 000000000000..db8b6316971f
--- /dev/null
+++ b/src/chrome/content/rules/Libarchive.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Libarchive.org">
+	<target host="libarchive.org" />
+	<target host="www.libarchive.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libdems.org.uk.xml b/src/chrome/content/rules/Libdems.org.uk.xml
index fd8fd12d1962..634501d79602 100644
--- a/src/chrome/content/rules/Libdems.org.uk.xml
+++ b/src/chrome/content/rules/Libdems.org.uk.xml
@@ -10,7 +10,8 @@
 <ruleset name="Libdems.org.uk (partial)">
 
 	<target host="libdems.org.uk" />
-	<target host="*.libdems.org.uk" />
+	<target host="www.libdems.org.uk" />
+	<target host="pdd.libdems.org.uk" />
 
 
 	<securecookie host="^(?:www\.)?libdems\.org\.uk$" name=".+" />
@@ -22,4 +23,4 @@
 	<rule from="^http://pdd\.libdems\.org\.uk/"
 		to="https://pdd.libdems.org.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Liberal_America.org-falsemixed.xml b/src/chrome/content/rules/Liberal_America.org-falsemixed.xml
index 7ee0a0d9b178..d92b4119fc52 100644
--- a/src/chrome/content/rules/Liberal_America.org-falsemixed.xml
+++ b/src/chrome/content/rules/Liberal_America.org-falsemixed.xml
@@ -5,7 +5,7 @@
 <ruleset name="Liberal America.org (false MCB)" platform="mixedcontent">
 
 	<target host="liberalamerica.org" />
-	<target host="*.liberalamerica.org" />
+	<target host="www.liberalamerica.org" />
 
 
 	<securecookie host="^\.liberalamerica\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Liberdade.Digital.xml b/src/chrome/content/rules/Liberdade.Digital.xml
index 54f6f65a2b6d..11cbec541f60 100644
--- a/src/chrome/content/rules/Liberdade.Digital.xml
+++ b/src/chrome/content/rules/Liberdade.Digital.xml
@@ -16,7 +16,7 @@ Fetch error: http://piwik.liberdade.digital/ => https://piwik.liberdade.digital/
 	* Secured by us
 
 -->
-<ruleset name="Liberdade.Digital" default_off='failed ruleset test'>
+<ruleset name="Liberdade.Digital" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Liberty.xml b/src/chrome/content/rules/Liberty.xml
deleted file mode 100644
index 91b8aa71d2ad..000000000000
--- a/src/chrome/content/rules/Liberty.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Liberty">
-
-	<target host="liberty-human-rights.org.uk" />
-	<target host="www.liberty-human-rights.org.uk" />
-
-
-	<securecookie host="^(?:www\.)?liberty-human-rights\.org\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Libevent.org.xml b/src/chrome/content/rules/Libevent.org.xml
new file mode 100644
index 000000000000..f26d3a0fde3a
--- /dev/null
+++ b/src/chrome/content/rules/Libevent.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- www.libevent.org
+-->
+<ruleset name="Libevent.org">
+	<target host="libevent.org" />
+	<target host="www.libevent.org" />
+
+	<rule from="^http://www\.libevent\.org/" to="https://libevent.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libgen.xml b/src/chrome/content/rules/Libgen.xml
index 136887571007..a8d713638bab 100644
--- a/src/chrome/content/rules/Libgen.xml
+++ b/src/chrome/content/rules/Libgen.xml
@@ -6,7 +6,7 @@
 		*.libgen.me
 
 -->
-<ruleset name="Libgen">
+<ruleset name="Libgen" default_off="mismatched">
 
 	<target host="libgen.pw" />
 	<target host="www.libgen.pw" />
diff --git a/src/chrome/content/rules/Libravatar.org.xml b/src/chrome/content/rules/Libravatar.org.xml
deleted file mode 100644
index d97acfdb4cd6..000000000000
--- a/src/chrome/content/rules/Libravatar.org.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	No working URL known:
-		stats.libravatar.org (401)
-	
-	Invalid certificate:
-		cdn.libravatar.org
-		openid.libravatar.org
-
--->
-<ruleset name="Libravatar.org">
-
-	<target host="libravatar.org" />
-	<target host="www.libravatar.org" />
-	<target host="apt.libravatar.org" />
-	<target host="blog.libravatar.org" />
-	<target host="cdn.libravatar.org" />
-	<target host="feeds.libravatar.org" />
-	<target host="seccdn.libravatar.org" />
-	<target host="selfoss.libravatar.org" />
-	<target host="wiki.libravatar.org" />
-
-	<rule from="^http://cdn\.libravatar\.org/"
-		to="https://seccdn.libravatar.org/" />
-
-		<test url="http://cdn.libravatar.org/nobody/195.png" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LibreLabUCM.org.xml b/src/chrome/content/rules/LibreLabUCM.org.xml
new file mode 100644
index 000000000000..aff9e1c21ef4
--- /dev/null
+++ b/src/chrome/content/rules/LibreLabUCM.org.xml
@@ -0,0 +1,26 @@
+<ruleset name="LibreLabUCM.org">
+    <target host="librelabucm.org"              />
+    <target host="foro.librelabucm.org"         />
+    <target host="liberarfdi.librelabucm.org"   />
+    <target host="trinity.librelabucm.org"      />
+    <target host="wekan.librelabucm.org"        />
+    <target host="pgp.librelabucm.org"          />
+    <target host="moodle.librelabucm.org"       />
+    <target host="mtproxy.librelabucm.org"      />
+    <target host="gitlab.librelabucm.org"       />
+    <target host="openproject.librelabucm.org"  />
+    <target host="peertube.librelabucm.org"     />
+    <target host="calendar.librelabucm.org"     />
+    <target host="gnusocial.librelabucm.org"    />
+    <target host="mattermost.librelabucm.org"   />
+    <target host="latex.librelabucm.org"        />
+    <target host="analytics.librelabucm.org"    />
+    <target host="xmpp.librelabucm.org"         />
+    <target host="minetest.librelabucm.org"     />
+    <target host="minecraft.librelabucm.org"    />
+    <target host="redeclipse.librelabucm.org"   />
+    <target host="syncthing.librelabucm.org"    />
+
+    <rule from="^http:"
+        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LibreOffice.org.xml b/src/chrome/content/rules/LibreOffice.org.xml
index b938add91162..c6075ee0dbb3 100644
--- a/src/chrome/content/rules/LibreOffice.org.xml
+++ b/src/chrome/content/rules/LibreOffice.org.xml
@@ -27,6 +27,7 @@
 	<target host="da.libreoffice.org" />
 	<target host="de.libreoffice.org" />
 	<target host="dev-builds.libreoffice.org" />
+	<target host="dev-www.libreoffice.org" />
 	<target host="docs.libreoffice.org" />
 	<target host="documentation.libreoffice.org" />
 	<target host="donate.libreoffice.org" />
diff --git a/src/chrome/content/rules/LibreOfficeBox.xml b/src/chrome/content/rules/LibreOfficeBox.xml
deleted file mode 100644
index 77783e40416e..000000000000
--- a/src/chrome/content/rules/LibreOfficeBox.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="LibreOffice-Box">
-<target host="libreofficebox.org" />
-<target host="www.libreofficebox.org" />
-<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Libre_Graphics_World.org.xml b/src/chrome/content/rules/Libre_Graphics_World.org.xml
index 480ce2b90ae8..d866d5353727 100644
--- a/src/chrome/content/rules/Libre_Graphics_World.org.xml
+++ b/src/chrome/content/rules/Libre_Graphics_World.org.xml
@@ -28,4 +28,4 @@
 	<rule from="^http://(?:www\.)?libregraphicsworld\.org/"
 		to="https://libregraphicsworld.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Libregamewiki.org.xml b/src/chrome/content/rules/Libregamewiki.org.xml
deleted file mode 100644
index 538b1cb337c6..000000000000
--- a/src/chrome/content/rules/Libregamewiki.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Libregamewiki.org">
-
-	<target host="libregamewiki.org" />
-	<target host="www.libregamewiki.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Libri.de.xml b/src/chrome/content/rules/Libri.de.xml
index 9d819412f919..50d337333da0 100644
--- a/src/chrome/content/rules/Libri.de.xml
+++ b/src/chrome/content/rules/Libri.de.xml
@@ -1,17 +1,19 @@
+<!--
+  h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+  Nonfunctional hosts
+    - media.libri.de (m)
+  -->
 <ruleset name="Libri.de">
 
 	<target host="libri.de" />
-	<target host="*.libri.de" />
-
+	<target host="www.libri.de" />
 
 	<securecookie host="^www\.libri\.de$" name=".+" />
 
-
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?libri\.de/"
-		to="https://www.libri.de/" />
-
-	<rule from="^http://media\.libri\.de/"
-		to="https://media.libri.de/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Libspf2.org.xml b/src/chrome/content/rules/Libspf2.org.xml
new file mode 100644
index 000000000000..278173965da6
--- /dev/null
+++ b/src/chrome/content/rules/Libspf2.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Libspf2.org">
+	<target host="www.libspf2.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libssh2.org.xml b/src/chrome/content/rules/Libssh2.org.xml
new file mode 100644
index 000000000000..c836b96030ea
--- /dev/null
+++ b/src/chrome/content/rules/Libssh2.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Libssh2.org">
+	<target host="libssh2.org" />
+	<target host="www.libssh2.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Libsyn.xml b/src/chrome/content/rules/Libsyn.xml
index fd5a2c908f29..5c2762ee22c9 100644
--- a/src/chrome/content/rules/Libsyn.xml
+++ b/src/chrome/content/rules/Libsyn.xml
@@ -20,7 +20,7 @@
 		<test url="http://secure-ec.libsyn.com/" />
 		<test url="http://secure-hwcdn.libsyn.com/" />
 		<test url="http://static.libsyn.com/" />
-	
+
 		<!-- Each user gets their own subdomain -->
 		<test url="http://fightsgoneby.libsyn.com/" />
 		<test url="http://revolutionaryleftradio.libsyn.com/" />
diff --git a/src/chrome/content/rules/Lidl.xml b/src/chrome/content/rules/Lidl.xml
index a86d55b7cf59..7fb89e2a2c06 100644
--- a/src/chrome/content/rules/Lidl.xml
+++ b/src/chrome/content/rules/Lidl.xml
@@ -8,7 +8,7 @@
 	Insecure cookies are set for these hosts: ᶜ
 
 		- webforms.lidl.com
-	
+
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
diff --git a/src/chrome/content/rules/Lifars.com.xml b/src/chrome/content/rules/Lifars.com.xml
deleted file mode 100644
index 850226c4b7f8..000000000000
--- a/src/chrome/content/rules/Lifars.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Problematic hosts in *lifars.com:
-
-		- blog *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- lifars.com
-		- www.lifars.com
-
--->
-<ruleset name="Lifars.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="lifars.com" />
-	<target host="www.lifars.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?lifars\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?lifars\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LifeReimagined.org.xml b/src/chrome/content/rules/LifeReimagined.org.xml
index 2a2b7d39cc4d..4fef1f52c04e 100644
--- a/src/chrome/content/rules/LifeReimagined.org.xml
+++ b/src/chrome/content/rules/LifeReimagined.org.xml
@@ -6,7 +6,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="LifeReimagined.org" default_off="missing certificate chain">
+<ruleset name="LifeReimagined.org" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Lifehacker.com.xml b/src/chrome/content/rules/Lifehacker.com.xml
deleted file mode 100644
index 2cb9ddf9b4ee..000000000000
--- a/src/chrome/content/rules/Lifehacker.com.xml
+++ /dev/null
@@ -1,63 +0,0 @@
-<!--
-	For other Gawker coverage, see Gawker.xml.
-
-
-	Problematic hosts in *lifehacker.com:
-
-		- cache ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- lifehacker.com
-		- (column_name).lifehacker.com
-		- www.lifehacker.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mied content:
-
-		- Bug on ^, (column_name) from b.scorecardresearch.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Lifehacker.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="lifehacker.com" />
-	<target host="afterhours.lifehacker.com" />
-	<target host="alanhenry.lifehacker.com" />
-	<target host="quickhacks.lifehacker.com" />
-	<target host="skillet.lifehacker.com" />
-	<target host="twocents.lifehacker.com" />
-	<target host="vitals.lifehacker.com" />
-	<target host="wayfarer.lifehacker.com" />
-	<target host="workshop.lifehacker.com" />
-	<target host="www.lifehacker.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cache.lifehacker.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(column_name)\.|www\.)?lifehacker\.com$" name="^geocc$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://cache\.lifehacker\.com/"
-		to="https://cache.gawkerassets.com/" />
-
-		<test url="http://cache.lifehacker.com/assets/images/17/2011/06/1000-pc-maintenance-whitson.jpg" />
-		<test url="http://cache.lifehacker.com/assets/images/17/2011/08/1230-diy-rj-45-key-rack.jpg" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Lift-conference.xml b/src/chrome/content/rules/Lift-conference.xml
index 0500c0502a57..fddbfa597dd3 100644
--- a/src/chrome/content/rules/Lift-conference.xml
+++ b/src/chrome/content/rules/Lift-conference.xml
@@ -1,7 +1,8 @@
 <ruleset name="Lift conference" default_off="mismatch, self-signed">
 
 	<target host="liftconference.com" />
-	<target host="*.liftconference.com" />
+	<target host="videos.liftconference.com" />
+	<target host="www.liftconference.com" />
 
 
 	<securecookie host="^.*\.liftconference\.com$" name=".+" />
diff --git a/src/chrome/content/rules/LiftShare.xml b/src/chrome/content/rules/LiftShare.xml
index 018757d2e7aa..709bbf8c4975 100644
--- a/src/chrome/content/rules/LiftShare.xml
+++ b/src/chrome/content/rules/LiftShare.xml
@@ -4,7 +4,7 @@
   <target host="images.liftshare.com"/>
   <target host="scripts.liftshare.com"/>
 
-  <securecookie host="^(?:.+\.)?liftshare\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lift_Security.io.xml b/src/chrome/content/rules/Lift_Security.io.xml
index 11440cd66b03..0ca6a26729f6 100644
--- a/src/chrome/content/rules/Lift_Security.io.xml
+++ b/src/chrome/content/rules/Lift_Security.io.xml
@@ -5,7 +5,8 @@
 <ruleset name="Lift Security.io">
 
 	<target host="liftsecurity.io" />
-	<target host="*.liftsecurity.io" />
+	<target host="blog.liftsecurity.io" />
+	<target host="www.liftsecurity.io" />
 
 
 	<rule from="^http://(?:(blog\.)|www\.)?liftsecurity\.io/"
diff --git a/src/chrome/content/rules/Liftdna.com-problematic.xml b/src/chrome/content/rules/Liftdna.com-problematic.xml
index 351b5863f7af..9e42e6bbca21 100644
--- a/src/chrome/content/rules/Liftdna.com-problematic.xml
+++ b/src/chrome/content/rules/Liftdna.com-problematic.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?liftdna\.com/(?!\w+\.js|css/|images/|js/)"
 		to="https://www.liftdna.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ligatus.xml b/src/chrome/content/rules/Ligatus.xml
index 6aa2e9b68b65..01f845501dbb 100644
--- a/src/chrome/content/rules/Ligatus.xml
+++ b/src/chrome/content/rules/Ligatus.xml
@@ -125,7 +125,7 @@
 		to="https://$1-ssl.ligatus.com/" />
 
 
-		
+
 	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Light-Paint.com.xml b/src/chrome/content/rules/Light-Paint.com.xml
deleted file mode 100644
index 85c0ec93e1d4..000000000000
--- a/src/chrome/content/rules/Light-Paint.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Different content http/https:
-		cpanel.light-paint.com
-		mail.light-paint.com
-		webdisk.light-paint.com
-		webmail.light-paint.com
-
--->
-<ruleset name="Light-Paint.com">
-
-	<target host="light-paint.com" />
-	<target host="www.light-paint.com" />
-
-	<securecookie host="^light-paint\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LightEdge.com.xml b/src/chrome/content/rules/LightEdge.com.xml
new file mode 100644
index 000000000000..2a95fe71937c
--- /dev/null
+++ b/src/chrome/content/rules/LightEdge.com.xml
@@ -0,0 +1,28 @@
+<!--
+	Chain issue, missing intermediate:
+		- lightedge.com, equivalent to www.lightedge.com
+		- webmail.cyr.lightedge.com
+		- webmail.lightedge.com
+
+	Connection timed out:
+		- drsuse.lightedge.com
+		- speedtest.lightedge.com
+
+	Invalid certificate:
+		- as1.lightedge.com
+-->
+
+<ruleset name="LightEdge.com">
+	<target host="lightedge.com" />
+	<target host="www.lightedge.com" />
+	<target host="antispam.lightedge.com" />
+	<target host="ews4.lightedge.com" />
+	<target host="my.lightedge.com" />
+	<target host="securemessaging.lightedge.com" />
+	<target host="wxsp1.lightedge.com" />
+
+	<rule from="^http://lightedge\.com/"
+		  to="https://www.lightedge.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LightTheNight.org.xml b/src/chrome/content/rules/LightTheNight.org.xml
new file mode 100644
index 000000000000..20dfa8911b0b
--- /dev/null
+++ b/src/chrome/content/rules/LightTheNight.org.xml
@@ -0,0 +1,22 @@
+<!--
+	MCB:
+		pages.lightthenight.org (e.g. https://pages.lightthenight.org/va/Frdrcksb13/TeamTomas)
+
+	No working URL known:
+		donate.lightthenight.org
+
+	This domain has a wildcard DNS.
+
+-->
+<ruleset name="LightTheNight.org">
+
+	<target host="lightthenight.org" />
+	<target host="www.lightthenight.org" />
+	<target host="registration.lightthenight.org" />
+
+	<securecookie host="^www\.lightthenight\.org" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Light_the_Night.org.xml b/src/chrome/content/rules/Light_the_Night.org.xml
deleted file mode 100644
index aa63e5550928..000000000000
--- a/src/chrome/content/rules/Light_the_Night.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- etools *
-		- pages *
-
-	* Dropped
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN:   *.lls.org)
-
--->
-<ruleset name="Light the Night.org" default_off="mismatched">
-
-	<target host="lightthenight.org" />
-	<target host="www.lightthenight.org" />
-
-
-	<securecookie host="^www\.lightthenight\.org" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?lightthenight\.org/"
-		to="https://www.lightthenight.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/LightningMaps.org.xml b/src/chrome/content/rules/LightningMaps.org.xml
index 509c6905e17f..ef79b5f3978b 100644
--- a/src/chrome/content/rules/LightningMaps.org.xml
+++ b/src/chrome/content/rules/LightningMaps.org.xml
@@ -1,25 +1,46 @@
 <!--
-	Invalid certificate:
-		tiles-radar.lightningmaps.org
-		www1.lightningmaps.org
-		www2.lightningmaps.org
-		www3.lightningmaps.org
+	Mismatched:
+		- s4.www
+		- cdn
+		- fo-ovh
+		- fo-ovh3
+		- git
+		- s1.gitlab
+		- webmail.mail
+		- server1
+		- server4
+		- tiles-radar
+		- wiki
+		- ws
+		- s4.ws
+		- s5.ws
+		- ws1
+		- ws3
+		- www1
+		- www2
 
+	No test URL found:
+		- live
+		- live2
+		- map.tiles
+		- osm.tiles
+		- overlay.tiles
 -->
 <ruleset name="LightningMaps.org">
-
 	<target host="lightningmaps.org" />
 	<target host="www.lightningmaps.org" />
 	<target host="counter.lightningmaps.org" />
+	<target host="data.lightningmaps.org" />
+	<target host="docs.lightningmaps.org" />
 	<target host="forum.lightningmaps.org" />
+	<target host="gitlab.lightningmaps.org" />
+	<target host="ibod.lightningmaps.org" />
 	<target host="images.lightningmaps.org" />
+	<target host="mail.lightningmaps.org" />
+	<target host="monitor.lightningmaps.org" />
 	<target host="piwik.lightningmaps.org" />
 	<target host="tiles.lightningmaps.org" />
-		<test url="http://tiles.lightningmaps.org/?x=9&#x26;y=5&#x26;z=4&#x26;s=256&#x26;t=5&#x26;T=6233330" />
 	<target host="tracker.lightningmaps.org" />
-	<target host="wiki.lightningmaps.org" />
-
-	<rule from="^http:"
-		to="https:" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lijit.com.xml b/src/chrome/content/rules/Lijit.com.xml
index 6a4cb9f1f22b..d7a2a436c78c 100644
--- a/src/chrome/content/rules/Lijit.com.xml
+++ b/src/chrome/content/rules/Lijit.com.xml
@@ -16,8 +16,10 @@
 	Connection refused:
 		- up.lijit.com
 		- vap1sjc1.lijit.com
+		- vap1yyz1.lijit.com
 		- vap2sjc1.lijit.com
 		- vap2sna1.lijit.com
+		- vap3iad1.lijit.com
 		- vap4sna1.lijit.com
 
 	Timeout:
@@ -33,6 +35,18 @@
 		- vap4yyz1.lijit.com
 		- vap5iad1.lijit.com
 		- vapden1.lijit.com
+		- vap1iad3.lijit.com
+		- vap1sna1.lijit.com
+		- vap2iad3.lijit.com
+		- vap2yyz1.lijit.com
+		- vap3iad3.lijit.com
+		- vap3sna1.lijit.com
+		- vap4iad3.lijit.com
+		- vap5iad3.lijit.com
+		- vap5sna1.lijit.com
+		- vap6iad3.lijit.com
+		- vap6sna1.lijit.com
+		- vap6iad1.lijit.com
 -->
 <ruleset name="Lijit.com">
 
@@ -47,24 +61,21 @@
 	<target host="secure.lijit.com" />
 	<target host="vap.lijit.com" />
 	<target host="vap1ams2.lijit.com" />
+	<target host="vap1ewr1.lijit.com" />
 	<target host="vap1iad1.lijit.com" />
-	<target host="vap1iad3.lijit.com" />
-	<target host="vap1sna1.lijit.com" />
-	<target host="vap1yyz1.lijit.com" />
+	<target host="vap1sfo1.lijit.com" />
 	<target host="vap2ams2.lijit.com" />
+	<target host="vap2ewr1.lijit.com" />
 	<target host="vap2iad1.lijit.com" />
-	<target host="vap2iad3.lijit.com" />
-	<target host="vap2yyz1.lijit.com" />
-	<target host="vap3iad1.lijit.com" />
-	<target host="vap3iad3.lijit.com" />
-	<target host="vap3sna1.lijit.com" />
+	<target host="vap2sfo1.lijit.com" />
+	<target host="vap3ewr1.lijit.com" />
+	<target host="vap3sfo1.lijit.com" />
+	<target host="vap4ewr1.lijit.com" />
 	<target host="vap4iad1.lijit.com" />
-	<target host="vap4iad3.lijit.com" />
-	<target host="vap5iad3.lijit.com" />
-	<target host="vap5sna1.lijit.com" />
-	<target host="vap6iad1.lijit.com" />
-	<target host="vap6iad3.lijit.com" />
-	<target host="vap6sna1.lijit.com" />
+	<target host="vap4sfo1.lijit.com" />
+	<target host="vap5ewr1.lijit.com" />
+	<target host="vap5iad1.lijit.com" />
+	<target host="vap6ewr1.lijit.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Likes.xml b/src/chrome/content/rules/Likes.xml
deleted file mode 100644
index a9fce39b782a..000000000000
--- a/src/chrome/content/rules/Likes.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1qfo1bk8s78mq.cloudfront.net
-
-			- i[1-6].likes-media.com
-
--->
-<ruleset name="Likes">
-
-	<target host="likes.com" />
-	<target host="*.likes.com" />
-	<target host="*.likes-media.com" />
-
-
-	<securecookie host="^\.likes\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?likes\.com/"
-		to="https://$1likes.com/" />
-
-	<rule from="^http://i\d\.likes-media\.com/"
-		to="https://d1qfo1bk8s78mq.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Likeyed.com.xml b/src/chrome/content/rules/Likeyed.com.xml
deleted file mode 100644
index 021eb421b386..000000000000
--- a/src/chrome/content/rules/Likeyed.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images on (www.) from images100.xvideos.com *
-
-		- Ads/web bugs, on (www.) from:
-
-			- www.affxx.com *
-
-	* Unsecurable
-
--->
-<ruleset name="likeyed.com">
-
-	<target host="likeyed.com" />
-	<target host="www.likeyed.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Limango.xml b/src/chrome/content/rules/Limango.xml
index 967cebb5bc77..3e67df30133b 100644
--- a/src/chrome/content/rules/Limango.xml
+++ b/src/chrome/content/rules/Limango.xml
@@ -4,20 +4,18 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://img.limango-media.de/ => https://img.limango-media.de/: (6, 'Could not resolve host: img.limango-media.de')
 
 -->
-<ruleset name="limango" default_off='failed ruleset test'>
+<ruleset name="limango" default_off="failed ruleset test">
 
 	<target host="limango.de" />
-	<target host="*.limango.de" />
+	<target host="checkout.limango.de" />
+	<target host="www.limango.de" />
 	<target host="img.limango-media.de" />
 
 
 	<securecookie host="^(?:.*\.)?limango\.de$" name=".+" />
 
 
-	<rule from="^http://(checkout\.|www\.)?limango\.de/"
-		to="https://$1limango.de/" />
 
-	<rule from="^http://img\.limango-media\.de/"
-		to="https://img.limango-media.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LimeService.xml b/src/chrome/content/rules/LimeService.xml
deleted file mode 100644
index 7156ee0464a9..000000000000
--- a/src/chrome/content/rules/LimeService.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	^limeservice.com: Cert only matches www.limeservice.com
-
--->
-<ruleset name="LimeService.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.limeservice.com" />
-
-	<!--	Complications:
-				-->
-	<target host="limeservice.com" />
-
-
-	<securecookie host="^www\.limeservice\.com$" name=".+" />
-
-
-	<rule from="^http://limeservice\.com/"
-		to="https://www.limeservice.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LimeSurvey.com.xml b/src/chrome/content/rules/LimeSurvey.com.xml
new file mode 100644
index 000000000000..70f345cb9b30
--- /dev/null
+++ b/src/chrome/content/rules/LimeSurvey.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional domain:
+		- limesurvey.cn		(connection refused)
+
+	Wildcard DNS record and cert.
+-->
+<ruleset name="LimeSurvey.com">
+
+	<target host="limesurvey.com" />
+	<target host="www.limesurvey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LimeSurvey.org.xml b/src/chrome/content/rules/LimeSurvey.org.xml
new file mode 100644
index 000000000000..0ae8483607fa
--- /dev/null
+++ b/src/chrome/content/rules/LimeSurvey.org.xml
@@ -0,0 +1,17 @@
+<!--
+	For other LimeSurvey coverage, see LimeSurvey.com.xml
+
+  Wildcard DNS record and cert.
+-->
+<ruleset name="LimeSurvey.org">
+
+	<target host="limesurvey.org" />
+	<target host="www.limesurvey.org" />
+	<target host="manual.limesurvey.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/LimeSurvey.xml b/src/chrome/content/rules/LimeSurvey.xml
deleted file mode 100644
index b5606c5996ad..000000000000
--- a/src/chrome/content/rules/LimeSurvey.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="LimeSurvey.org">
-
-	<target host="limesurvey.org" />
-	<target host="manual.limesurvey.org" />
-	<target host="wwww.limesurvey.org" />
-	<target host="www.limesurvey.org" />
-
-
-	<securecookie host="^www\.limesurvey\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Limelight-Networks.xml b/src/chrome/content/rules/Limelight-Networks.xml
index f34a73f85736..068f40ee0c82 100644
--- a/src/chrome/content/rules/Limelight-Networks.xml
+++ b/src/chrome/content/rules/Limelight-Networks.xml
@@ -7,10 +7,16 @@
 <ruleset name="Limelight Networks (partial)">
 
 	<target host="*.hs.llnwd.net" />
+		<test url="http://pcvarkr.hs.llnwd.net/v1/astroreporter/sample/Kundali-Milan-English.pdf" />
+		<test url="http://polaris.hs.llnwd.net/o40/ind/2018/documents/coupons/november-brotherhood.pdf" />
+		<test url="http://primerica.hs.llnwd.net/o40/u/pol/wheel/index.html" />
+	<!-- Different content HTTP/HTTPS on some test urls (seems random):
+	<target host="*.vo.llnwd.net" />
+		<test url="http://synthes.vo.llnwd.net/o16/LLNWMB8/INT%20Mobile/Synthes%20International/Product%20Support%20Material/legacy_Synthes_PDF/DSEM-TRM-0416-0657-1_LR.pdf" />
+		<test url="http://tmz.vo.llnwd.net/o28/newsdesk/tmz_documents/charles-manson-will-02.pdf" />
+		<test url="http://wsba.vo.llnwd.net/v1/CLE%20Documents/Post/17516_FinalAgenda.pdf" />
+	-->
 
-
-	<!--	CDN.
-			-->
 	<rule from="^http://([\w\-]+)\.hs\.llnwd\.net/"
 		to="https://$1.hs.llnwd.net/" />
 
diff --git a/src/chrome/content/rules/Limited_2_Art.com.xml b/src/chrome/content/rules/Limited_2_Art.com.xml
index cfa4fecedb0b..a1f588643728 100644
--- a/src/chrome/content/rules/Limited_2_Art.com.xml
+++ b/src/chrome/content/rules/Limited_2_Art.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?limited2art\.com/(?=content/|default\.asp\?template=l2art_checkout\d\.htm|favicon\.ico|statics/|templates/)"
 		to="https://$1limited2art.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Limun.org.xml b/src/chrome/content/rules/Limun.org.xml
index 2fe8771c89f2..d76119bf04c3 100644
--- a/src/chrome/content/rules/Limun.org.xml
+++ b/src/chrome/content/rules/Limun.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://archlinux.limun.org/ => https://archlinux.limun.org/: (7, 'Failed to connect to archlinux.limun.org port 443: Connection refused')
 
 -->
-<ruleset name="limun.org" default_off='failed ruleset test'>
+<ruleset name="limun.org" default_off="failed ruleset test">
 
 	<target host="limun.org" />
 	<target host="*.limun.org" />
diff --git a/src/chrome/content/rules/Lincolnshire.gov.uk-falsemixed.xml b/src/chrome/content/rules/Lincolnshire.gov.uk-falsemixed.xml
deleted file mode 100644
index e6c415f5f608..000000000000
--- a/src/chrome/content/rules/Lincolnshire.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Lincolnshire.gov.uk.xml.
-
--->
-<ruleset name="Lincolnshire.gov.uk (false MCB)" platform="mixedcontent">
-
-	<target host="apps.lincolnshire.gov.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lincolnshire.gov.uk.xml b/src/chrome/content/rules/Lincolnshire.gov.uk.xml
index 4db8169cfcd9..a3e9afbbfd52 100644
--- a/src/chrome/content/rules/Lincolnshire.gov.uk.xml
+++ b/src/chrome/content/rules/Lincolnshire.gov.uk.xml
@@ -45,7 +45,7 @@
 		- css on apps from aspapps.lincolnshire.gov.uk ˢ
 
 		- Images, on:
-		
+
 			- apps from aspapps.lincolnshire.gov.uk ˢ
 			- microsites, www from $self ˢ
 
diff --git a/src/chrome/content/rules/Lincs_to_the_Past.com.xml b/src/chrome/content/rules/Lincs_to_the_Past.com.xml
index 73701f76d658..2fb9abed0e32 100644
--- a/src/chrome/content/rules/Lincs_to_the_Past.com.xml
+++ b/src/chrome/content/rules/Lincs_to_the_Past.com.xml
@@ -13,7 +13,7 @@
 		- Images from $self
 
 -->
-<ruleset name="Lincs to the Past.com" default_off="missing certificate chain">
+<ruleset name="Lincs to the Past.com" default_off="cert-chain">
 
 	<target host="www.lincstothepast.com" />
 
diff --git a/src/chrome/content/rules/Lindy.com.xml b/src/chrome/content/rules/Lindy.com.xml
index 7f85fa846a98..b629b40f8db0 100644
--- a/src/chrome/content/rules/Lindy.com.xml
+++ b/src/chrome/content/rules/Lindy.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?lindy\.com/"
 		to="https://www.lindy.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LineageOS.org.xml b/src/chrome/content/rules/LineageOS.org.xml
deleted file mode 100644
index a3d07925db6b..000000000000
--- a/src/chrome/content/rules/LineageOS.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional hosts in *.lineageos.org:
-
-	certificate mismatch:
-		- app01.lineageos.org
-		- translate.lineageos.org
-	connection refused:
-		- icinga2.lineageos.org
-		- new-wiki.lineageos.org
-		- uptime.lineageos.org
-
--->
-<ruleset name="LineageOS.org">
-	<target host="lineageos.org" />
-	<target host="www.lineageos.org" />
-	<target host="cve.lineageos.org" />
-	<target host="download.lineageos.org" />
-	<target host="jenkins.lineageos.org" />
-	<target host="jira.lineageos.org" />
-	<target host="mirrorbits.lineageos.org" />
-	<target host="review.lineageos.org" />
-	<target host="stats.lineageos.org" />
-	<target host="status.lineageos.org" />
-	<target host="wiki.lineageos.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Linear.com.xml b/src/chrome/content/rules/Linear.com.xml
deleted file mode 100644
index fd0bb597cd94..000000000000
--- a/src/chrome/content/rules/Linear.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	m, (www.)?: at least some pages redirect to http
-
--->
-<ruleset name="Linear.com (partial)">
-
-	<target host="linear.com" />
-	<target host="cds.linear.com" />
-	<target host="www.linear.com" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://(m\.|www\.)?linear\.com/($|favicon\.ico|image/)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:www\.)?linear\.com/+(?!assets/|mylinear(?:$|[?/])|_ui/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linear_Collider_Collaboration.xml b/src/chrome/content/rules/Linear_Collider_Collaboration.xml
index d873e9822065..0543d4ec19a7 100644
--- a/src/chrome/content/rules/Linear_Collider_Collaboration.xml
+++ b/src/chrome/content/rules/Linear_Collider_Collaboration.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linerunner-mismatches.xml b/src/chrome/content/rules/Linerunner-mismatches.xml
deleted file mode 100644
index 1c4e7afe8289..000000000000
--- a/src/chrome/content/rules/Linerunner-mismatches.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Linerunner.xml.
-
--->
-<ruleset name="Linerunner (mismatches)" default_off="mismatched">
-
-	<target host="blog.getcloudapp.com" />
-	<target host="developer.getcloudapp.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linerunner.xml b/src/chrome/content/rules/Linerunner.xml
deleted file mode 100644
index a19a5428cf95..000000000000
--- a/src/chrome/content/rules/Linerunner.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	For problematic rules, see Linerunner-mismatches.xml.
-
-
-	CDN buckets:
-
-		- cloudapp.herokuapp.com
-
-	- cloudapp.assistly.com
-	- cloudapp.desk.com	(redirects back to support.getcloudapp.com)
-
-
-	Problematic domains:
-
-		- store.getcloudapp.com *
-
-	* Refused
-
-
-	List of related domains:
-
-		- getcloudapp.com
-		- blog.getcloudapp.com
-		- developer.getcloudapp.com
-		- store.getcloudapp.com
-
-
--->
-<ruleset name="Linerunner (partial)">
-
-	<target host="getcloudapp.com" />
-	<target host="*.getcloudapp.com" />
-
-
-	<rule from="^http://(api\.|www\.)?getcloudapp\.com/"
-		to="https://$1getcloudapp.com/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://store\.getcloudapp\.com//+([^?]+)"
-		to="https://my.cl.ly/plans/$1" />
-
-	<rule from="^http://store\.getcloudapp\.com//+\?.*"
-		to="https://my.cl.ly/plans" />
-
-	<rule from="^http://store\.getcloudapp\.com/"
-		to="https://my.cl.ly/plans" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lingospot.xml b/src/chrome/content/rules/Lingospot.xml
index c44c8029181e..dc5bea323ce0 100644
--- a/src/chrome/content/rules/Lingospot.xml
+++ b/src/chrome/content/rules/Lingospot.xml
@@ -22,7 +22,7 @@ Fetch error: http://engine.lingospot.com/ => https://engine.lingospot.com/: (6,
 		- .lingospot.com
 
 -->
-<ruleset name="Lingospot.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Lingospot.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Linguee.xml b/src/chrome/content/rules/Linguee.xml
index d3b827562054..2c1c238e0165 100644
--- a/src/chrome/content/rules/Linguee.xml
+++ b/src/chrome/content/rules/Linguee.xml
@@ -3,7 +3,7 @@
 
 	Localized versions of linguee (eg. de.linguee.com, cn.linguee.com)
 	have mixed content but it doesn't hinder site functionality.
-		
+
 -->
 <ruleset name="Linguee">
 
diff --git a/src/chrome/content/rules/Lingvoforum.net.xml b/src/chrome/content/rules/Lingvoforum.net.xml
index 4e79dc2ddec2..b24ec24d1fb5 100644
--- a/src/chrome/content/rules/Lingvoforum.net.xml
+++ b/src/chrome/content/rules/Lingvoforum.net.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http://www\.lingvoforum\.net/" to="https://lingvoforum.net/"/>
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LinkShare.xml b/src/chrome/content/rules/LinkShare.xml
index 790e61567571..0e60ec8abbf5 100644
--- a/src/chrome/content/rules/LinkShare.xml
+++ b/src/chrome/content/rules/LinkShare.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.lsh.re/ => https://www.lsh.re/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lsh.re'")
 
 -->
-<ruleset name="LinkShare" default_off='failed ruleset test'>
-	<target host="lsh.re" />
-	<target host="www.lsh.re" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
+<ruleset name="LinkShare" default_off="failed ruleset test">
+	<target host="lsh.re" />
+	<target host="www.lsh.re" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linkbucks.xml b/src/chrome/content/rules/Linkbucks.xml
index cdd227de189f..3d44fa79adcc 100644
--- a/src/chrome/content/rules/Linkbucks.xml
+++ b/src/chrome/content/rules/Linkbucks.xml
@@ -7,7 +7,8 @@
 <ruleset name="Linkbucks">
 
 	<target host="linkbucks.com" />
-	<target host="*.linkbucks.com" />
+	<target host="static.linkbucks.com" />
+	<target host="www.linkbucks.com" />
 
 
 	<securecookie host="^(?:www\.)?linkbucks\.com$" name=".+" />
diff --git a/src/chrome/content/rules/LinkedIn.xml b/src/chrome/content/rules/LinkedIn.xml
index f1536424bfdb..16279f2c852a 100644
--- a/src/chrome/content/rules/LinkedIn.xml
+++ b/src/chrome/content/rules/LinkedIn.xml
@@ -238,7 +238,7 @@
 			Redirects to http:
 						-->
 		<!--exclusion pattern="^http://blog\.linkedin\.com/($|favicon\.ico|wp-content/)" /-->
-	
+
 		<exclusion pattern="^http://help-enterprise\.linkedin\.com/" />
 		<exclusion pattern="^http://ja\.linkedin\.com/" />
 
diff --git a/src/chrome/content/rules/Linkomanija.xml b/src/chrome/content/rules/Linkomanija.xml
index 893ec7424dbf..ab85831d4fea 100644
--- a/src/chrome/content/rules/Linkomanija.xml
+++ b/src/chrome/content/rules/Linkomanija.xml
@@ -2,6 +2,6 @@
 	<target host="linkomanija.net" />
 	<target host="www.linkomanija.net" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LinksAlpha.com.xml b/src/chrome/content/rules/LinksAlpha.com.xml
index c7b1db66dbe5..45f5fb9b4c24 100644
--- a/src/chrome/content/rules/LinksAlpha.com.xml
+++ b/src/chrome/content/rules/LinksAlpha.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://api.linksalpha.com/ => https://api.linksalpha.com/: (35, 'Un
 	* Secured by us
 
 -->
-<ruleset name="LinksAlpha.com (partial)" default_off='failed ruleset test'>
+<ruleset name="LinksAlpha.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Linksynergy.com.xml b/src/chrome/content/rules/Linksynergy.com.xml
index 14995b470539..0f7d64edf33c 100644
--- a/src/chrome/content/rules/Linksynergy.com.xml
+++ b/src/chrome/content/rules/Linksynergy.com.xml
@@ -1,63 +1,31 @@
 <!--
 	For other Rakuten coverage, see Rakuten.co.jp.xml.
 
-
-	CDN buckets:
-
-		- wac.BB16.edgecastcdn.net	← mproxy.banner
-		- wrpx.service.mirror-image.net	← m.www
-
-
-	Nonfunctional hosts in *linksynergy.com:
-
-		- ad ᵈ
-		- banner ᵈ
-		- mproxy.banner ⁴ ᴱ
-		- bento ᵈ
-		- click ᵈ
-		- couponfeed ᵈ
-		- lld2 ʳ
-
-	⁴ 404
-	ᴱ EdgeCast
-	ᵈ Dropped
-	ʳ Refused
-
-
-	Problematic hosts in *linksynergy.com:
-
-		- m.www ⁴ ᵐ	(CN: *.service.mirror-image.net)
-
-	⁴ 404
-	ᵐ Mismatched
-
+	Invalid certificate:
+		- m.www.linksynergy.com, equivalent to linkshare.com
 -->
-<ruleset name="linksynergy.com (partial)">
 
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Linksynergy.com">
+	<target host="m.www.linksynergy.com" />
+	<target host="ad.linksynergy.com" />
+	<target host="banner.linksynergy.com" />
+	<target host="mproxy.banner.linksynergy.com" />
+	<target host="bento.linksynergy.com" />
 	<target host="cli.linksynergy.com" />
+	<target host="click.linksynergy.com" />
+	<target host="couponfeed.linksynergy.com" />
+	<target host="lld2.linksynergy.com" />
 	<target host="merchant.linksynergy.com" />
 	<target host="ssl.linksynergy.com" />
 
-	<!--	Special cases:
-				-->
-	<target host="m.www.linksynergy.com" />
-
-
-	<!--	Not secured by server:
-					-->
+	<!-- Not secured by server -->
 	<!--securecookie host="^cli\.linksynergy\.com$" name="^PHPSESSID$" /-->
 	<!--securecookie host="^\.cli\.linksynergy\.com$" name="^langpref$" /-->
 	<!--securecookie host="^signup\.linksynergy\.com$" name="^NSC_\w+(-\w+){3}$" /-->
-
 	<securecookie host="^(?:\.?cli|signup)\.linksynergy\.com$" name=".+" />
 
-
 	<rule from="^http://m\.www\.linksynergy\.com/"
-		to="https://www.linkshare.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+		to="https://linkshare.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Linksys.xml b/src/chrome/content/rules/Linksys.xml
index 35d7c56d69a7..8ba369ec5322 100644
--- a/src/chrome/content/rules/Linksys.xml
+++ b/src/chrome/content/rules/Linksys.xml
@@ -1,108 +1,209 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cache-www.linksys.com/ => https://cache-www.linksys.com.s3.amazonaws.com/cache-www.linksys.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cache-www.linksys.com.s3.amazonaws.com'")
-
-	For other Cisco coverage, see Cisco.xml.
-
-
-	CDN buckets:
-
-		- cache-www.linksys.com.s3.amazonaws.com
-		- downloads.linksys.com.edgesuite.net
-		- linksys.lithium.com	← community
-
-		- linksys-content.vcommerce.com
-
-			- 403; mismatched, CN: support3.cdnetworks.net
-
-
-	Nonfunctional hosts in *linksys.com:
-
-		- m ᵃ		(CN: www.linksysbycisco.com)
-
-	ᵃ Shows another domain
-
-
-	Problematic hosts in *linksys.com:
-
-		- cache-www ¹
-		- downloads	(akamai)
-
-	¹ AmazonAWS
-
-
-	www.linksys.com: Some pages redirect to http
-
-
-	^linksys.com: Refused over https, reset over http
-
-
-	Insecure cookies are set for these hosts:
-
-		- community.linksys.com
-		- store.linksys.com
-		- support.linksys.com
-		- www.linksys.com
-
-
-	downloads serves mixed images on www and
-	support, but no scripts nor stylesheets.
-
+	Connection closed:
+		- broadband
+		- faq
+		- m
+		- msupport
+		- mumimo
+		- prod
+		- store
+		- store-ca
+		- support-origin
+		- uat-www-origin
+		- www-ae
+		- www-ar
+		- www-at
+		- www-au
+		- www-be
+		- www-bh
+		- www-bo
+		- www-br
+		- www-ca
+		- www-ch
+		- www-cn
+		- www-co
+		- www-cr
+		- www-cs
+		- www-cz
+		- www-de
+		- www-dk
+		- www-dz
+		- www-ee
+		- www-eg
+		- www-es
+		- www-fi
+		- www-fr
+		- www-gh
+		- www-hk
+		- www-hu
+		- www-id
+		- www-ie
+		- www-in
+		- www-is
+		- www-it
+		- www-jo
+		- www-ke
+		- www-kr
+		- www-kw
+		- www-lb
+		- www-lt
+		- www-lv
+		- www-ma
+		- www-mk
+		- www-mu
+		- www-mx
+		- www-my
+		- www-nl
+		- www-no
+		- www-nz
+		- www-om
+		- www-origin
+		- www-pa
+		- www-ph
+		- www-pk
+		- www-pl
+		- www-pt
+		- www-py
+		- www-qa
+		- www-ro
+		- www-ru
+		- www-sa
+		- www-se
+		- www-sg
+		- www-si
+		- www-sk
+		- www-th
+		- www-tn
+		- www-tr
+		- www-uk
+		- www-uy
+		- www-ve
+		- www-vn
+		- www-za
+		- www1
+
+	Connection timed out:
+		- alert
+		- alert-stage
+		- auth
+		- client1s
+		- client1s-stage
+		- client2s
+		- client2s-stage
+		- commerce-stage
+		- connect-stage
+		- csr
+		- directory
+		- downloads
+		- downloads-auth2
+		- downloads-qa
+		- extender
+		- hcsetup-stage
+		- homecentral-stage
+		- jira-external
+		- ld
+		- nmreports
+		- nmreports-stage
+		- pg
+		- ra
+		- ra-stage
+		- ras
+		- ras-stage
+		- redirect
+		- redirect-stage
+		- resources-www
+		- search
+		- search-auth2
+		- search-qa
+		- secure
+		- services
+		- services-stage
+		- smoke
+		- start
+		- support-auth2
+		- support-qa
+		- var
+		- vendors
+		- vendors-stage
+		- websearch
+		- websearch-stage
+		- websearch1
+		- ws
+		- ws-auth2
+		- ws-qa
+		- www-auth2
+
+	Mismatched:
+		- beta
+		- cache-www
+		- cdn-www
+		- download
+		- forums
+		- forums-tac
+		- lyncdiscover
+		- msoid
+		- router
+		- sip
+		- wnc
+		- eu.wnc
+		- wnc-eu
+		- wnc-event
+		- wnc-event-eu
+		- wnc-server
+
+	Operation timed out:
+		- connect
+		- developers
+		- go
+		- go-stage
+		- remote
+		- st-aws
+		- tac
+		- ui
+		- us-firmware
+
+	Incomplete certificate chain:
+		- qa
+		- update
+		- update-qa
+		- update-stage
+
+	Expired:
+		- support-stg
+		- www-stg
+
+	Connection refused:
+		- autodiscover
+
+	SSL handshake error:
+		- wnc-server-eu
 -->
-<ruleset name="Linksys.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Linksys.com">
+	<target host="linksys.com" />
+	<target host="www.linksys.com" />
+	<target host="business.linksys.com" />
 	<target host="community.linksys.com" />
-	<target host="store.linksys.com" />
+	<target host="community-stage.linksys.com" />
+	<target host="csc.linksys.com" />
+	<target host="friends.linksys.com" />
+	<target host="hybris1.linksys.com" />
+	<target host="hybris2.linksys.com" />
+	<target host="hybris3.linksys.com" />
+	<target host="hybris4.linksys.com" />
+	<target host="hybris5.linksys.com" />
+	<target host="hybris6.linksys.com" />
+	<target host="kb.linksys.com" />
+	<target host="partnerportal.linksys.com" />
+	<target host="promotions.linksys.com" />
+	<target host="rewards.linksys.com" />
+	<target host="sociallogin.linksys.com" />
 	<target host="support.linksys.com" />
-	<target host="www.linksys.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cache-www.linksys.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.linksys\.com/us/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.linksys\.com/+(?!.+\.(?:jpg|png|svg)(?:$|\?))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.linksys.com/hu/p/P-WRT1200AC/" />
-			<test url="http://www.linksys.com/id/for-business/" />
-			<test url="http://www.linksys.com/us/" />
-			<test url="http://www.linksys.com/us/c/wireless-routers/" />
-			<test url="http://www.linksys.com/us/shop-linksys/" />
-			<test url="http://www.linksys.com/us/support/" />
-			<test url="http://www.linksys.com/us/wireless-routers/c/ac-wireless-routers/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.linksys.com/_ui/linksys/img/brand/linksys-logo-white.svg" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.linksys\.com$" name="^_gat?$" /-->
-	<!--securecookie host="store\.linksys\.com$" name="^_hybris\.tenantID_$" /-->
-	<!--securecookie host="^community\.linksys\.com$" name="^LithiumUser(?:Info|Secure)$" /-->
-	<!--securecookie host="^support\.linksys\.com$" name="^(?:_hybris\.tenantID_$|BIGipServer|JSESSION$)" /-->
-	<!--securecookie host="^www\.linksys\.com$" name="^_hybris\.tenantID_$" /-->
-
-	<!--securecookie host="." name="." /-->
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^(?!www\.linksys\.com$)\w" name=".+" />
-
-
-	<rule from="^http://cache-www\.linksys\.com/"
-		to="https://cache-www.linksys.com.s3.amazonaws.com/cache-www.linksys.com/" />
+	<target host="uat-www.linksys.com" />
+	<target host="update1.linksys.com" />
+	<target host="update1-stage.linksys.com" />
+	<target host="varsite.linksys.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Linn_Records.com.xml b/src/chrome/content/rules/Linn_Records.com.xml
index 198b9bedff06..efe8763aefb6 100644
--- a/src/chrome/content/rules/Linn_Records.com.xml
+++ b/src/chrome/content/rules/Linn_Records.com.xml
@@ -36,4 +36,4 @@
 	<rule from="^http://small\.linncdn\.com/"
 		to="https://gp1.wac.edgecastcdn.net/0043E0/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linode.xml b/src/chrome/content/rules/Linode.xml
index 8003690aa8c2..9cee7761f9f5 100644
--- a/src/chrome/content/rules/Linode.xml
+++ b/src/chrome/content/rules/Linode.xml
@@ -37,7 +37,7 @@ Fetch error: http://tokyo.webconsole.linode.com/ => https://tokyo.webconsole.lin
 	¹ Refused
 	² Customer load balancers and VPSes. Mismatched, refused or time out.
 -->
-<ruleset name="Linode.com" default_off='failed ruleset test'>
+<ruleset name="Linode.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -71,7 +71,7 @@ Fetch error: http://tokyo.webconsole.linode.com/ => https://tokyo.webconsole.lin
 					-->
 	<!--securecookie host="^\.forum\.linode\.com$" name="^phpbb3_\w+_(k|sid|u)$" /-->
 
-	<securecookie host="^(?:.*\.)?linode\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/LinusTechTips.com.xml b/src/chrome/content/rules/LinusTechTips.com.xml
new file mode 100644
index 000000000000..0b300619c617
--- /dev/null
+++ b/src/chrome/content/rules/LinusTechTips.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="LinusTechTips.com">
+	<target host="linustechtips.com" />
+	<target host="www.linustechtips.com" />
+	<target host="merch.linustechtips.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linutronix.xml b/src/chrome/content/rules/Linutronix.xml
index d806b9ced881..bf1d77ccf2e2 100644
--- a/src/chrome/content/rules/Linutronix.xml
+++ b/src/chrome/content/rules/Linutronix.xml
@@ -3,10 +3,10 @@
 	<target host="linutronix.de" />
 	<target host="www.linutronix.de" />
 	<!--	* for cross-domain cookie	-->
-	
 
 
-	<securecookie host="^(?:.*\.)?linutronix\.de$" name=".+" />
+
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Linux-Counter.xml b/src/chrome/content/rules/Linux-Counter.xml
deleted file mode 100644
index 559ff2a01bdd..000000000000
--- a/src/chrome/content/rules/Linux-Counter.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Linux Counter">
-
-	<target host="counter.li.org" />
-	<target host="linuxcounter.net" />
-	<target host="www.linuxcounter.net" />
-
-
-	<securecookie host="^linuxcounter.net$" name=".+" />
-
-
-	<rule from="^http://counter\.li\.org/"
-		to="https://linuxcounter.net/" />
-
-	<rule from="^http://(www\.)?linuxcounter\.net/"
-		to="https://$1linuxcounter.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linux-KVM.org.xml b/src/chrome/content/rules/Linux-KVM.org.xml
new file mode 100644
index 000000000000..1659042a7434
--- /dev/null
+++ b/src/chrome/content/rules/Linux-KVM.org.xml
@@ -0,0 +1,13 @@
+<!--
+	m: certificate mismatch
+		- linux-kvm.org
+-->
+<ruleset name="Linux-KVM.org">
+	<target host="linux-kvm.org" />
+	<target host="www.linux-kvm.org" />
+
+	<rule from="^http://linux-kvm\.org/"
+		to="https://www.linux-kvm.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux-Magazin-Online.xml b/src/chrome/content/rules/Linux-Magazin-Online.xml
index 3217fdc7e6bf..b3413e37758b 100644
--- a/src/chrome/content/rules/Linux-Magazin-Online.xml
+++ b/src/chrome/content/rules/Linux-Magazin-Online.xml
@@ -26,7 +26,7 @@ Fetch error: http://linux-magazin.de/ => https://www.linux-magazin.de/: Too many
 	* Expired
 
 -->
-<ruleset name="Linux-Magazin.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Linux-Magazin.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Linux-New-Media.xml b/src/chrome/content/rules/Linux-New-Media.xml
index ad2b92882f90..7681a6234d79 100644
--- a/src/chrome/content/rules/Linux-New-Media.xml
+++ b/src/chrome/content/rules/Linux-New-Media.xml
@@ -10,18 +10,16 @@
 -->
 <ruleset name="Linux New Media (partial)">
 
-	<target host="*.linuxnewmedia.com" />
+	<target host="rotation.linuxnewmedia.com" />
+	<target host="shop.linuxnewmedia.com" />
+	<target host="shop.linuxnewmedia.de" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.linuxnewmedia.de" />
 
 
-	<securecookie host="^.*\.linuxnewmedia\.(?:com|de)$" name=".+" />
 
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://rotation\.linuxnewmedia\.com/"
-		to="https://rotation.linuxnewmedia.com/" />
 
-	<rule from="^http://shop\.linuxnewmedia\.(com|de)/"
-		to="https://shop.linuxnewmedia.$1/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linux-nfs.org.xml b/src/chrome/content/rules/Linux-nfs.org.xml
new file mode 100644
index 000000000000..259e1aeb623f
--- /dev/null
+++ b/src/chrome/content/rules/Linux-nfs.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired:
+		- nfsometer.linux-nfs.org
+-->
+<ruleset name="Linux-nfs.org" default_off="cert-chain">
+	<target host="linux-nfs.org" />
+	<target host="www.linux-nfs.org" />
+	<target host="bugzilla.linux-nfs.org" />
+	<target host="client.linux-nfs.org" />
+	<target host="git.linux-nfs.org" />
+	<target host="wiki.linux-nfs.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linux.lu.xml b/src/chrome/content/rules/Linux.lu.xml
index 6652ceb83acf..d3d22bfa5595 100644
--- a/src/chrome/content/rules/Linux.lu.xml
+++ b/src/chrome/content/rules/Linux.lu.xml
@@ -16,7 +16,9 @@
 <ruleset name="Linux.lu (partial)">
 
 	<target host="linux.lu" />
-	<target host="*.linux.lu" />
+	<target host="www.linux.lu" />
+	<target host="udpcast.linux.lu" />
+	<target host="www.udpcast.linux.lu" />
 
 
 	<!--	Server does not drop path:
@@ -24,7 +26,6 @@
 	<rule from="^http://(?:www\.)?linux\.lu/"
 		to="https://www.lilux.lu/" />
 
-	<rule from="^http://(www\.)?udpcast\.linux\.lu/"
-		to="https://$1udpcast.linux.lu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LinuxFoundation.xml b/src/chrome/content/rules/LinuxFoundation.xml
index fed747da308e..8cb5df7abb4c 100644
--- a/src/chrome/content/rules/LinuxFoundation.xml
+++ b/src/chrome/content/rules/LinuxFoundation.xml
@@ -1,15 +1,18 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://developerbugs.linuxfoundation.org/ => https://developerbugs.linuxfoundation.org/: (28, 'Connection timed out after 20000 milliseconds')
+
 
 	Other Linux Foundation rulesets:
 
-		- AllSeen_Alliance.org.xml
 		- Automotive_Linux.org.xml
 		- FOSSBazaar.org.xml
 		- hyperledger.org.xml
 		- iovisor.org.xml
 		- LinuxFound.info.xml
 		- OpenDaylight.xml
-		- Open_Virtualization_Alliance.org.xml
 		- Openprinting.xml
 		- Poky.xml
 		- SPDX.org.xml
@@ -36,7 +39,7 @@
 	<target host="admin.linuxfoundation.org" />
 	<target host="automotive.linuxfoundation.org" />
 	<target host="collabprojects.linuxfoundation.org" />
-	<target host="developerbugs.linuxfoundation.org" />
+	<!-- target host="developerbugs.linuxfoundation.org" /-->
 	<target host="events.linuxfoundation.org" />
 		<exclusion pattern="^http://events\.linuxfoundation\.org/((events/|\?).*)?$" />
 		<!-- Secured -->
diff --git a/src/chrome/content/rules/LinuxMIPS.xml b/src/chrome/content/rules/LinuxMIPS.xml
index c12bf2cf1ac6..30f6a2c98d55 100644
--- a/src/chrome/content/rules/LinuxMIPS.xml
+++ b/src/chrome/content/rules/LinuxMIPS.xml
@@ -12,7 +12,7 @@
 		- patchwork.linux-mips.org
 
 -->
-<ruleset name="Linux-MIPS.org (partial)" default_off="missing certificate chain">
+<ruleset name="Linux-MIPS.org (partial)" default_off="cert-chain">
 
 	<target host="bugs.linux-mips.org" />
 	<target host="cvs.linux-mips.org" />
diff --git a/src/chrome/content/rules/LinuxQuestions.xml b/src/chrome/content/rules/LinuxQuestions.xml
index c197c3616c73..3db3f760d0d6 100644
--- a/src/chrome/content/rules/LinuxQuestions.xml
+++ b/src/chrome/content/rules/LinuxQuestions.xml
@@ -32,7 +32,8 @@
 <ruleset name="LinuxQuestions.org (partial)">
 
 	<target host="linuxquestions.org" />
-	<target host="*.linuxquestions.org" />
+	<target host="www.linuxquestions.org" />
+	<target host="static.linuxquestions.org" />
 
 
 	<!--	Not secured by server:
@@ -42,10 +43,9 @@
 	<securecookie host="^www\.linuxquestions\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?linuxquestions\.org/"
-		to="https://$1linuxquestions.org/" />
 
 	<rule from="^http://static\.linuxquestions\.org/"
 		to="https://lqo-thequestionsnetw.netdna-ssl.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LinuxTag.org.xml b/src/chrome/content/rules/LinuxTag.org.xml
index aaf0059a663d..2b4b061b029b 100644
--- a/src/chrome/content/rules/LinuxTag.org.xml
+++ b/src/chrome/content/rules/LinuxTag.org.xml
@@ -9,7 +9,7 @@
 		- openmusic.linuxtag.org
 
 -->
-<ruleset name="LinuxTag.org" default_off="missing certificate chain">
+<ruleset name="LinuxTag.org" default_off="cert-chain">
 	<target host="linuxtag.org" />
 	<target host="www.linuxtag.org" />
 	<target host="intern.linuxtag.org" />
diff --git a/src/chrome/content/rules/Linux_Distro_Community.com.xml b/src/chrome/content/rules/Linux_Distro_Community.com.xml
deleted file mode 100644
index 43ad9f1eb8a3..000000000000
--- a/src/chrome/content/rules/Linux_Distro_Community.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .bbs.linuxdistrocommunity.com
-
--->
-<ruleset name="Linux Distro Community.com">
-
-	<target host="linuxdistrocommunity.com" />
-	<target host="bbs.linuxdistrocommunity.com" />
-	<target host="media.linuxdistrocommunity.com" />
-	<target host="static.linuxdistrocommunity.com" />
-	<target host="www.linuxdistrocommunity.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.bbs\.linuxdistrocommunity\.com$" name="^(sid|mybb\[lastactive\]|mybb\[lastvisit\]|mybb\[threadread\])$" /-->
-
-	<securecookie host="^\.bbs\." name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linux_Forums.xml b/src/chrome/content/rules/Linux_Forums.xml
deleted file mode 100644
index 4abc61172455..000000000000
--- a/src/chrome/content/rules/Linux_Forums.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dir *
-		- hosts *
-
-	* Shows www, mismatched
-
--->
-<ruleset name="Linux Forums (partial)">
-
-	<target host="linuxforums.org" />
-	<target host="www.linuxforums.org" />
-
-
-	<securecookie host="^(?:w*\.)?linuxforums\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Linux_Game_Publishing.xml b/src/chrome/content/rules/Linux_Game_Publishing.xml
index d7bee65fe96b..d22dee17fd40 100644
--- a/src/chrome/content/rules/Linux_Game_Publishing.xml
+++ b/src/chrome/content/rules/Linux_Game_Publishing.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.linuxgamepublishing.com/ => https://www.linuxgamepublish
 	* Shows www
 
 -->
-<ruleset name="Linux Game Publishing (partial)" default_off='failed ruleset test'>
+<ruleset name="Linux Game Publishing (partial)" default_off="failed ruleset test">
 
 	<target host="linuxgamepublishing.com" />
 	<target host="www.linuxgamepublishing.com" />
@@ -25,4 +25,4 @@ Fetch error: http://www.linuxgamepublishing.com/ => https://www.linuxgamepublish
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Linux_Voice.com.xml b/src/chrome/content/rules/Linux_Voice.com.xml
deleted file mode 100644
index ded3d0be216c..000000000000
--- a/src/chrome/content/rules/Linux_Voice.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - shop.linuxvoice.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - backup.linuxvoice.com
-			 - forums.linuxvoice.com
--->
-<ruleset name="Linux Voice.com">
-	<target host="linuxvoice.com" />
-	<target host="subs.linuxvoice.com" />
-	<target host="www.linuxvoice.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Linuxaudio.org.xml b/src/chrome/content/rules/Linuxaudio.org.xml
index 363913c82359..2bf4d1d409a5 100644
--- a/src/chrome/content/rules/Linuxaudio.org.xml
+++ b/src/chrome/content/rules/Linuxaudio.org.xml
@@ -6,7 +6,7 @@
 
 	<target host="linuxaudio.org"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.linuxaudio.org"/>
+	<target host="www.linuxaudio.org" />
 
 	<securecookie host="^\.linuxaudio\.org$" name=".+" />
 
diff --git a/src/chrome/content/rules/Linuxbenchmarking.com.xml b/src/chrome/content/rules/Linuxbenchmarking.com.xml
new file mode 100644
index 000000000000..2e284f2b7d77
--- /dev/null
+++ b/src/chrome/content/rules/Linuxbenchmarking.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Linuxbenchmarking.com">
+	<target host="linuxbenchmarking.com" />
+	<target host="www.linuxbenchmarking.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Linuxpl.com.xml b/src/chrome/content/rules/Linuxpl.com.xml
index 570c6f4eaff1..1f0218ee183a 100644
--- a/src/chrome/content/rules/Linuxpl.com.xml
+++ b/src/chrome/content/rules/Linuxpl.com.xml
@@ -26,7 +26,10 @@
 <ruleset name="Linuxpl.com (partial)">
 
 	<target host="linuxpl.com" />
-	<target host="*.linuxpl.com" />
+	<target host="blog.linuxpl.com" />
+	<target host="support.linuxpl.com" />
+	<target host="webftp.linuxpl.com" />
+	<target host="www.linuxpl.com" />
 		<!--exclusion pattern="^http://forum\.linuxpl\.com/" /-->
 
 
@@ -39,7 +42,6 @@
 	<securecookie host="^(?:(?:support|webftp|www)\.)?linuxpl\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|support|webftp|www)\.)?linuxpl\.com/"
-		to="https://$1linuxpl.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Linuxslut.net.xml b/src/chrome/content/rules/Linuxslut.net.xml
index ba9712616e91..77665010ce01 100644
--- a/src/chrome/content/rules/Linuxslut.net.xml
+++ b/src/chrome/content/rules/Linuxslut.net.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.linuxslut.net/ => https://www.linuxslut.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.linuxslut.net'")
 
 -->
-<ruleset name="linuxslut.net" default_off='failed ruleset test'>
+<ruleset name="linuxslut.net" default_off="failed ruleset test">
 
 	<target host="linuxslut.net" />
 	<target host="www.linuxslut.net" />
diff --git a/src/chrome/content/rules/Lionbrand.com.xml b/src/chrome/content/rules/Lionbrand.com.xml
new file mode 100644
index 000000000000..8c5eea7f4b54
--- /dev/null
+++ b/src/chrome/content/rules/Lionbrand.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		Seems like most functioning subdomains do not have https
+		*.lionbrand.com
+-->
+<ruleset name="Lionbrand.com">
+	<target host="lionbrand.com" />
+	<target host="www.lionbrand.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins.xml b/src/chrome/content/rules/Lippincott_Williams_and_Wilkins.xml
deleted file mode 100644
index a7f166b95afa..000000000000
--- a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For problematic rules, see Lippincott_Williams_and_Wilkins-problematic.xml.
-
-
-	Nonfunctional domains:
-
-		- thepoint *
-
-	* Dropped
-
-
-	^: cert only matches www
-
--->
-<ruleset name="Lippincott Williams &amp; Wilkins (partial)">
-
-	<target host="lww.com" />
-	<target host="*.lww.com" />
-
-
-	<securecookie host="^www\.lww\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?lww\.com/"
-		to="https://www.lww.com/" />
-
-	<!--	At least some pages 302 to http.
-							-->
-	<rule from="^http://journals\.lww\.com/(?=_LAYOUTS/|_layouts/|WebResource\.axd|\w+/(?:_layouts|PublishingImages|Style\ Library)/)"
-		to="https://journals.lww.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml b/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml
index d17be1540ff0..5797f9d994d1 100644
--- a/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml
+++ b/src/chrome/content/rules/Lippincott_Williams_and_Wilkins_problematic.xml
@@ -15,4 +15,4 @@
 							-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lippupiste_Oy.xml b/src/chrome/content/rules/Lippupiste_Oy.xml
index 10b0fefb5741..bf03b3cd8518 100644
--- a/src/chrome/content/rules/Lippupiste_Oy.xml
+++ b/src/chrome/content/rules/Lippupiste_Oy.xml
@@ -14,12 +14,13 @@ Fetch error: http://lippu.fi/ => https://www.lippu.fi/: Redirect for 'http://lip
 		- lippu.fi
 
 -->
-<ruleset name="Lippupiste Oy" default_off='failed ruleset test'>
+<ruleset name="Lippupiste Oy" default_off="failed ruleset test">
 
 	<target host="eventim.fi" />
 	<target host="www.eventim.fi" />
 	<target host="lippu.fi" />
-	<target host="*.lippu.fi" />
+	<target host="www.lippu.fi" />
+	<target host="secure.lippu.fi" />
 
 
 	<securecookie host="^.*\.lippu\.fi$" name=".+" />
@@ -28,7 +29,6 @@ Fetch error: http://lippu.fi/ => https://www.lippu.fi/: Redirect for 'http://lip
 	<rule from="^http://(?:www\.)?(?:eventim|lippu)\.fi/"
 		to="https://www.lippu.fi/" />
 
-	<rule from="^http://secure\.lippu\.fi/"
-		to="https://secure.lippu.fi/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Liquid-Web.xml b/src/chrome/content/rules/Liquid-Web.xml
index f0a3949e9e1d..17b3a3a79b6b 100644
--- a/src/chrome/content/rules/Liquid-Web.xml
+++ b/src/chrome/content/rules/Liquid-Web.xml
@@ -1,15 +1,17 @@
 <ruleset name="Liquid Web">
 
 	<target host="liquidweb.com"/>
-	<target host="*.liquidweb.com"/>
+	<target host="moya.liquidweb.com" />
+	<target host="www.liquidweb.com" />
+	<target host="media.liquidweb.com" />
+	<target host="media.cdn.liquidweb.com" />
 
-	<securecookie host="^(?:.*\.)?liquidweb\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(moya\.|www\.)?liquidweb\.com/"
-		to="https://$1liquidweb.com/"/>
 
 	<!--	media.cdn: timeout	-->
 	<rule from="^http://media(?:\.cdn)?\.liquidweb\.com/"
 		to="https://media.liquidweb.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Liquidmatrix.org.xml b/src/chrome/content/rules/Liquidmatrix.org.xml
deleted file mode 100644
index 1abad93d690c..000000000000
--- a/src/chrome/content/rules/Liquidmatrix.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-
-	Mixed content:
-
-		- Images from $self *
-
-		- Ads/web bugs, from:
-
-			- www.google-analytics.com *
-			- edge.quantserve.com *
-			- pixel.quantserve.com *
-
-	* Secured by us
-
--->
-<ruleset name="Liquidmatrix.org">
-
-	<target host="liquidmatrix.org" />
-	<target host="www.liquidmatrix.org" />
-
-
-	<securecookie host="^\.liquidmatrix\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Liquorland.com.au.xml b/src/chrome/content/rules/Liquorland.com.au.xml
new file mode 100644
index 000000000000..b5d4f731cef8
--- /dev/null
+++ b/src/chrome/content/rules/Liquorland.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- beta		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Liquorland">
+
+	<target host="liquorland.com.au" />
+	<target host="www.liquorland.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/List.org.xml b/src/chrome/content/rules/List.org.xml
new file mode 100644
index 000000000000..a3d32ff71bed
--- /dev/null
+++ b/src/chrome/content/rules/List.org.xml
@@ -0,0 +1,9 @@
+<!--  GNU Mailman
+-->
+<ruleset name="List.org">
+	<target host="list.org" />
+	<target host="www.list.org" />
+	<target host="wiki.list.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Listener.co.nz.xml b/src/chrome/content/rules/Listener.co.nz.xml
index 890e3d5e1b3d..ca209cdb4d37 100644
--- a/src/chrome/content/rules/Listener.co.nz.xml
+++ b/src/chrome/content/rules/Listener.co.nz.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.listener.co.nz/ => https://www.listener.co.nz/: Cycle de
 		- ^	(refused)
 
 -->
-<ruleset name="Listener.co.nz" default_off='failed ruleset test'>
+<ruleset name="Listener.co.nz" default_off="failed ruleset test">
 
 	<target host="listener.co.nz" />
 	<target host="www.listener.co.nz" />
@@ -27,4 +27,4 @@ Fetch error: http://www.listener.co.nz/ => https://www.listener.co.nz/: Cycle de
 	<rule from="^http://(?:www\.)?listener\.co\.nz/"
 		to="https://www.listener.co.nz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Listener_Approved.xml b/src/chrome/content/rules/Listener_Approved.xml
index 5d6a60bbc45f..6452a5abcb2c 100644
--- a/src/chrome/content/rules/Listener_Approved.xml
+++ b/src/chrome/content/rules/Listener_Approved.xml
@@ -12,7 +12,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://listenerapproved.com/ (200) => https://listenerapproved.com/ (500)
 
 -->
-<ruleset name="Listener Approved" default_off='failed ruleset test'>
+<ruleset name="Listener Approved" default_off="failed ruleset test">
 
 	<target host="listenerapproved.com" />
 	<target host="api.listenerapproved.com" />
@@ -24,4 +24,4 @@ Non-2xx HTTP code: http://listenerapproved.com/ (200) => https://listenerapprove
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Listings360.xml b/src/chrome/content/rules/Listings360.xml
new file mode 100644
index 000000000000..0e42232f5d94
--- /dev/null
+++ b/src/chrome/content/rules/Listings360.xml
@@ -0,0 +1,117 @@
+<!--
+	This host is referenced on listings360.africa, but does not work:
+		- listings360.com.sd
+		- www.listings360.com.sd
+-->
+<ruleset name="Listings360">
+	<target host="listings360.africa" />
+	<target host="www.listings360.africa" />
+	<target host="ao.listings360.africa" />
+	<target host="bw.listings360.africa" />
+	<target host="cd.listings360.africa" />
+	<target host="cg.listings360.africa" />
+	<target host="cv.listings360.africa" />
+	<target host="dz.listings360.africa" />
+	<target host="eg.listings360.africa" />
+	<target host="er.listings360.africa" />
+	<target host="et.listings360.africa" />
+	<target host="gh.listings360.africa" />
+	<target host="gm.listings360.africa" />
+	<target host="gn.listings360.africa" />
+	<target host="gw.listings360.africa" />
+	<target host="km.listings360.africa" />
+	<target host="lr.listings360.africa" />
+	<target host="ls.listings360.africa" />
+	<target host="ly.listings360.africa" />
+	<target host="mr.listings360.africa" />
+	<target host="mw.listings360.africa" />
+	<target host="na.listings360.africa" />
+	<target host="ne.listings360.africa" />
+	<target host="rw.listings360.africa" />
+	<target host="sc.listings360.africa" />
+	<target host="sh.listings360.africa" />
+	<target host="sl.listings360.africa" />
+	<target host="so.listings360.africa" />
+	<target host="ss.listings360.africa" />
+	<target host="sz.listings360.africa" />
+	<target host="td.listings360.africa" />
+	<target host="zm.listings360.africa" />
+	<target host="zw.listings360.africa" />
+
+	<target host="listings360.bf" />
+	<target host="www.listings360.bf" />
+
+	<target host="listings360.bj" />
+	<target host="www.listings360.bj" />
+
+	<target host="listings360.cf" />
+	<target host="www.listings360.cf" />
+
+	<target host="listings360.ci" />
+	<target host="www.listings360.ci" />
+
+	<target host="listings360.cm" />
+	<target host="www.listings360.cm" />
+
+	<target host="listings360.co.bi" />
+	<target host="www.listings360.co.bi" />
+
+	<target host="listings360.co.ke" />
+	<target host="www.listings360.co.ke" />
+
+	<target host="listings360.co.mz" />
+	<target host="www.listings360.co.mz" />
+
+	<target host="listings360.co.tz" />
+	<target host="www.listings360.co.tz" />
+
+	<target host="listings360.co.za" />
+	<target host="www.listings360.co.za" />
+
+	<target host="listings360.com.ng" />
+	<target host="www.listings360.com.ng" />
+
+	<target host="listings360.dj" />
+	<target host="www.listings360.dj" />
+
+	<target host="listings360.ga" />
+	<target host="www.listings360.ga" />
+
+	<target host="listings360.gq" />
+	<target host="www.listings360.gq" />
+
+	<target host="listings360.ma" />
+	<target host="www.listings360.ma" />
+
+	<target host="listings360.mg" />
+	<target host="www.listings360.mg" />
+
+	<target host="listings360.ml" />
+	<target host="www.listings360.ml" />
+
+	<target host="listings360.mu" />
+	<target host="www.listings360.mu" />
+
+	<target host="listings360.re" />
+	<target host="www.listings360.re" />
+
+	<target host="listings360.sn" />
+	<target host="www.listings360.sn" />
+
+	<target host="listings360.st" />
+	<target host="www.listings360.st" />
+
+	<target host="listings360.tg" />
+	<target host="www.listings360.tg" />
+
+	<target host="listings360.tn" />
+	<target host="www.listings360.tn" />
+
+	<target host="listings360.ug" />
+	<target host="www.listings360.ug" />
+
+	<target host="listings360.yt" />
+	<target host="www.listings360.yt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Listonic.xml b/src/chrome/content/rules/Listonic.xml
index b1fd67347efb..df555615b08a 100644
--- a/src/chrome/content/rules/Listonic.xml
+++ b/src/chrome/content/rules/Listonic.xml
@@ -18,7 +18,8 @@
 <ruleset name="Listonic (partial)">
 
 	<target host="listonic.com" />
-	<target host="*.listonic.com" />
+	<target host="www.listonic.com" />
+	<target host="static.listonic.com" />
 
 
 	<rule from="^http://(www\.)?listonic\.com/(en-us/WebResource\.axd|(?:en-us/)?login(?:$|\?))"
diff --git a/src/chrome/content/rules/ListrakBI.com.xml b/src/chrome/content/rules/ListrakBI.com.xml
index b3426a255810..c17b881b6e73 100644
--- a/src/chrome/content/rules/ListrakBI.com.xml
+++ b/src/chrome/content/rules/ListrakBI.com.xml
@@ -19,10 +19,10 @@
 	<target host="*.listrakbi.com" />
 
 
-	<securecookie host=".*\.listrakbi\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://((?:a[lt]|s|sca)\d*|www)\.listrakbi\.com/"
 		to="https://$1.listrakbi.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LitHive.com.xml b/src/chrome/content/rules/LitHive.com.xml
deleted file mode 100644
index 5260b5bcc0b3..000000000000
--- a/src/chrome/content/rules/LitHive.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www: Reset
-
--->
-<ruleset name="LitHive.com">
-
-	<target host="lithive.com" />
-	<target host="*.lithive.com" />
-
-
-	<securecookie host="^\.lithive\.com$" name="^__cfduid$" />
-
-
-	<rule from="^http://(?:www\.)?lithive\.com/"
-		to="https://lithive.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LitRes.ru.xml b/src/chrome/content/rules/LitRes.ru.xml
new file mode 100644
index 000000000000..a482c79a37a8
--- /dev/null
+++ b/src/chrome/content/rules/LitRes.ru.xml
@@ -0,0 +1,19 @@
+<!-- LitRes.ru has both a wildcard certificate and a wildcard DNS record. -->
+<ruleset name="LitRes.ru">
+	<target host="litres.ru" />
+	<target host="*.litres.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.litres.ru/" />
+	<test url="http://cv0.litres.ru/" />
+	<test url="http://cv1.litres.ru/" />
+	<test url="http://cv2.litres.ru/" />
+	<test url="http://cv3.litres.ru/" />
+
+	<test url="http://wjpano1sy2iirsflgqkb.litres.ru/" />
+	<test url="http://rotigswy6pfsr6ny9mfn.litres.ru/" />
+	<test url="http://tszujktt0nvoixrv1dok.litres.ru/" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiteBit.eu.xml b/src/chrome/content/rules/LiteBit.eu.xml
deleted file mode 100644
index 620d80543177..000000000000
--- a/src/chrome/content/rules/LiteBit.eu.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="LiteBit.eu">
-
-	<target host="litebit.eu" />
-	<target host="www.litebit.eu" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?litebit\.eu$" name="^(PHPSESSID|lang)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?litebit\.eu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml b/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml
index 6ee6785c12ab..c757b362d481 100644
--- a/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml
+++ b/src/chrome/content/rules/LiteSpeed-Technologies-mismatches.xml
@@ -1,10 +1,10 @@
 <ruleset name="LiteSpeed Technologies (mismatches)" default_off="mismatched">
 
 	<target host="litespeedtech.com" />
-	<target host="*.litespeedtech.com" />
+	<target host="www.litespeedtech.com" />
 
 
-	<securecookie host="^(?:.*\.)?litespeedtech\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?litespeedtech\.com/"
diff --git a/src/chrome/content/rules/LitecoinTalk.org.xml b/src/chrome/content/rules/LitecoinTalk.org.xml
deleted file mode 100644
index 1b1a0f8df8f5..000000000000
--- a/src/chrome/content/rules/LitecoinTalk.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="LitecoinTalk.org">
-
-	<target host="litecointalk.org" />
-	<target host="www.litecointalk.org" />
-
-
-	<securecookie host="^\.?litecointalk\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Literotica.com.xml b/src/chrome/content/rules/Literotica.com.xml
index a51c7594c42c..b384bb3d8892 100644
--- a/src/chrome/content/rules/Literotica.com.xml
+++ b/src/chrome/content/rules/Literotica.com.xml
@@ -25,7 +25,7 @@
 	Mixed content:
 
 		- Bug on i from piwik1eaf.literotica.com *
- 
+
 		- Images, on:
 
 			- shop from cnvassets.s3.amazonaws.com *
diff --git a/src/chrome/content/rules/Litle.com.xml b/src/chrome/content/rules/Litle.com.xml
deleted file mode 100644
index 9b4e2f4238a1..000000000000
--- a/src/chrome/content/rules/Litle.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- tacit *
-
-	* Mismatched
-
-
-	Fully covered subdomains:
-
-		- (www.)?
-		- tepid
-
--->
-<ruleset name="Litle.com (partial)">
-
-	<target host="litle.com" />
-	<target host="tepid.litle.com" />
-	<target host="www.litle.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Litter.com.xml b/src/chrome/content/rules/Litter.com.xml
index 002c59423a54..639f72e6dc9a 100644
--- a/src/chrome/content/rules/Litter.com.xml
+++ b/src/chrome/content/rules/Litter.com.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(?:www\.)?littler\.com/(favicon\.ico|files/|sites/)"
 		to="https://www.littler.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Little.my.xml b/src/chrome/content/rules/Little.my.xml
index 8a5b8f0f822e..dff98ba7e815 100644
--- a/src/chrome/content/rules/Little.my.xml
+++ b/src/chrome/content/rules/Little.my.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LittleSis.org.xml b/src/chrome/content/rules/LittleSis.org.xml
index 373ce3ad5f9b..751118a8e5f9 100644
--- a/src/chrome/content/rules/LittleSis.org.xml
+++ b/src/chrome/content/rules/LittleSis.org.xml
@@ -36,7 +36,7 @@ Non-2xx HTTP code: http://api.littlesis.org/ (200) => https://api.littlesis.org/
 	ˢ Secured by us
 
 -->
-<ruleset name="LittleSis.org" default_off='failed ruleset test'>
+<ruleset name="LittleSis.org" default_off="failed ruleset test">
 
 	<target host="littlesis.org" />
 	<target host="api.littlesis.org" />
diff --git a/src/chrome/content/rules/Little_CMS.com.xml b/src/chrome/content/rules/Little_CMS.com.xml
index 88f3c729f403..37d36c4c2bb6 100644
--- a/src/chrome/content/rules/Little_CMS.com.xml
+++ b/src/chrome/content/rules/Little_CMS.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?littlecms\.com/"
 		to="https://www.littlecms.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Liv.ac.uk.xml b/src/chrome/content/rules/Liv.ac.uk.xml
index 9222bf995e34..ad1be48b5f4e 100644
--- a/src/chrome/content/rules/Liv.ac.uk.xml
+++ b/src/chrome/content/rules/Liv.ac.uk.xml
@@ -17,13 +17,16 @@
 		- people
 		- staff
 		- student
-		- 
+		-
 
 -->
 <ruleset name="Liv.ac.uk (partial)">
 
 	<target host="liv.ac.uk" />
-	<target host="*.liv.ac.uk" />
+	<target host="www.liv.ac.uk" />
+	<target host="people.liv.ac.uk" />
+	<target host="staff.liv.ac.uk" />
+	<target host="student.liv.ac.uk" />
 		<!--
 			Personal dirs 404:
 						-->
@@ -33,7 +36,6 @@
 	<rule from="^http://(?:www\.)?liv\.ac\.uk/"
 		to="https://www.liv.ac.uk/" />
 
-	<rule from="^http://(people|staff|student)\.liv\.ac\.uk/"
-		to="https://$1.liv.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Live-Chat.xml b/src/chrome/content/rules/Live-Chat.xml
index 463339a3250e..8a9969595d0b 100644
--- a/src/chrome/content/rules/Live-Chat.xml
+++ b/src/chrome/content/rules/Live-Chat.xml
@@ -1,7 +1,11 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://chat1a.livechatinc.com/ => https://chat1a.livechatinc.com/: (6, 'Could not resolve host: chat1a.livechatinc.com')
+
 	Other LiveChat rulesets:
 
-		- LiveChat_Inc.net.xml
 
 
 	Fully covered hosts in *livechatinc.com:
@@ -22,7 +26,7 @@
 	<target host="livechatinc.com"/>
 	<target host="app.livechatinc.com" />
 	<target host="cdn.livechatinc.com" />
-	<target host="chat1a.livechatinc.com" />
+	<!-- target host="chat1a.livechatinc.com" /-->
 	<target host="developers.livechatinc.com" />
 	<target host="partners.livechatinc.com" />
 	<target host="support.livechatinc.com" />
diff --git a/src/chrome/content/rules/Live.net.xml b/src/chrome/content/rules/Live.net.xml
index 4fb80a30959c..5d3b059e160f 100644
--- a/src/chrome/content/rules/Live.net.xml
+++ b/src/chrome/content/rules/Live.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://feeds.live.net/ => https://feeds.live.net/: (7, 'Failed to c
 	For other Microsoft coverage, see Microsoft.xml.
 
 -->
-<ruleset name="Live.net" default_off='failed ruleset test'>
+<ruleset name="Live.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LiveChat_Inc.net.xml b/src/chrome/content/rules/LiveChat_Inc.net.xml
deleted file mode 100644
index 843ac81cfccf..000000000000
--- a/src/chrome/content/rules/LiveChat_Inc.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other LiveChat coverage, see Live-Chat.xml.
-
--->
-<ruleset name="LiveChat Inc.net">
-
-	<target host="chat.livechatinc.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LiveCorp.xml b/src/chrome/content/rules/LiveCorp.xml
index b00bf44cc117..9fc0ba7086f2 100644
--- a/src/chrome/content/rules/LiveCorp.xml
+++ b/src/chrome/content/rules/LiveCorp.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.livecorp.com.au/favicon.ico => https://www.livecorp.com.au/favicon.ico: Too many redirects while fetching 'https://www.livecorp.com.au/favicon.ico'
 
 -->
-<ruleset name="LiveCorp.com.au (partial)" default_off='failed ruleset test'>
+<ruleset name="LiveCorp.com.au (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LiveInternet-falsemixed.xml b/src/chrome/content/rules/LiveInternet-falsemixed.xml
deleted file mode 100644
index a0b799258b06..000000000000
--- a/src/chrome/content/rules/LiveInternet-falsemixed.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For other LiveInternet coverage, see LiveInternet.xml.
-
-
-	Nonfunctional hosts in *li.ru:
-
-		- captcha *
-
-	* Dropped
-
-
-	Problematic hosts in *li.ru:
-
-		- (www.)? *
-		- i		(refused)
-
-	* Works; mismatched, CN: www.liveinternet.ru
-
-
-	Fully covered hosts in *li.ru:
-
-		- (www.)? *
-		- i *
-
-	* → www.liveinternet.ru
-
--->
-<ruleset name="LI.ru (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="li.ru" />
-	<target host="i.li.ru" />
-	<target host="www.li.ru" />
-
-
-	<rule from="^http://(?:i\.|www\.)?li\.ru/"
-		to="https://www.liveinternet.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LiveInternet.ru.xml b/src/chrome/content/rules/LiveInternet.ru.xml
new file mode 100644
index 000000000000..ac8ded94a9cf
--- /dev/null
+++ b/src/chrome/content/rules/LiveInternet.ru.xml
@@ -0,0 +1,22 @@
+<!--
+	Other LiveInternet rulesets:
+		- Li.ru.xml
+		- Yadro.ru.xml
+
+	Dropped:
+		wiki		https://wiki.liveinternet.ru/ProektyLiveInternet
+-->
+<ruleset name="LiveInternet.ru">
+
+	<target host="liveinternet.ru" />
+	<target host="www.liveinternet.ru" />
+		<test url="http://www.liveinternet.ru/users/mila3107/post290166214/" />
+	<target host="g.liveinternet.ru" />
+	<target host="img.liveinternet.ru" />
+	<target host="img0.liveinternet.ru" />
+	<target host="img1.liveinternet.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LiveInternet.xml b/src/chrome/content/rules/LiveInternet.xml
deleted file mode 100644
index 69c92c713a14..000000000000
--- a/src/chrome/content/rules/LiveInternet.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	Other LiveInternet rulesets:
-
-		- LiveInternet-falsemixed.xml
-		- Yadro.ru.xml
-
-
-	Nonfunctional hosts in *liveinternet.ru:
-
-		- wiki *
-
-	* Dropped
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.liveinternet.ru
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- g from captcha.li.ru *
-			- www from i.li.ru *
-
-		- Bugs on www from counter.yadro.ru *
-
-	* Secured by us
-
--->
-<ruleset name="LiveInternet.ru (partial)">
-
-	<target host="liveinternet.ru" />
-	<target host="g.liveinternet.ru" />
-	<target host="www.liveinternet.ru" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.liveinternet\.ru$" name="^lang$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LiveMeme.xml b/src/chrome/content/rules/LiveMeme.xml
index a7dce78b11ac..0e99de357a22 100644
--- a/src/chrome/content/rules/LiveMeme.xml
+++ b/src/chrome/content/rules/LiveMeme.xml
@@ -14,7 +14,7 @@ Fetch error: http://i.lvme.me/ => https://i.lvme.me/: (60, 'SSL certificate prob
 
 -->
 
-<ruleset name="LiveMeme (partial)" default_off='failed ruleset test'>
+<ruleset name="LiveMeme (partial)" default_off="failed ruleset test">
 
 	<target host="livememe.com" />
 	<target host="www.livememe.com" />
diff --git a/src/chrome/content/rules/LiveNation.com.xml b/src/chrome/content/rules/LiveNation.com.xml
index 4efe1ca4c448..e125909f14dd 100644
--- a/src/chrome/content/rules/LiveNation.com.xml
+++ b/src/chrome/content/rules/LiveNation.com.xml
@@ -45,6 +45,6 @@
 	<rule from="^http://livenation\.com/"
 		  	to="https://www.livenation.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LiveNationInternational.com.xml b/src/chrome/content/rules/LiveNationInternational.com.xml
deleted file mode 100644
index 3466ab3d1be5..000000000000
--- a/src/chrome/content/rules/LiveNationInternational.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other related rulesets, see LiveNation.com.xml
-
-	Non-functional hosts
-		Couldn't connect to server:
-		- livenationinternational.com
-		- www.livenationinternational.com
-
-		SSL peer certificate was not OK:
-		- developer.livenationinternational.com
-
-		Incomplete certificate chain error:
-		- preview.media.livenationinternational.com
--->
-<ruleset name="LiveNationInternational.com (partial)">
-	<target host="media.livenationinternational.com" />
-		<test url="http://media.livenationinternational.com/lincsmedia/Media/m/u/f/38ef2e40-aa87-46ee-9874-78ee9b332ad4.jpg" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/LivePerson.net.xml b/src/chrome/content/rules/LivePerson.net.xml
index 5a9ecb379ce3..3c6e6bc57330 100644
--- a/src/chrome/content/rules/LivePerson.net.xml
+++ b/src/chrome/content/rules/LivePerson.net.xml
@@ -47,7 +47,7 @@ Fetch error: http://sso.liveperson.net/ => https://sso.liveperson.net/: (60, 'SS
 		- \d{8}-VID
 
 -->
-<ruleset name="LivePerson.net" default_off='failed ruleset test'>
+<ruleset name="LivePerson.net" default_off="failed ruleset test">
 
 	<target host="adminlogon.liveperson.net" />
 	<target host="base.liveperson.net" />
@@ -61,7 +61,7 @@ Fetch error: http://sso.liveperson.net/ => https://sso.liveperson.net/: (60, 'SS
 	<target host="tags.liveperson.net" />
 
 
-	<securecookie host=".*\.liveperson\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	sr2 example: https://www.oracle.com/partners/index.html
diff --git a/src/chrome/content/rules/LivePerson.xml b/src/chrome/content/rules/LivePerson.xml
index 4bdd7b7e42e9..5c71eb9d0682 100644
--- a/src/chrome/content/rules/LivePerson.xml
+++ b/src/chrome/content/rules/LivePerson.xml
@@ -47,7 +47,7 @@ Fetch error: http://liveperson.hosted.jivesoftware.com/ => https://community.liv
 			- customercenter
 
 -->
-<ruleset name="LivePerson (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="LivePerson (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LiveRail.xml b/src/chrome/content/rules/LiveRail.xml
index 1136925975aa..4f2adc4be31f 100644
--- a/src/chrome/content/rules/LiveRail.xml
+++ b/src/chrome/content/rules/LiveRail.xml
@@ -61,7 +61,7 @@ Fetch error: http://t4.liverail.com/ => https://t4.liverail.com/: (6, 'Could not
 		- platform4.liverail.com
 
 -->
-<ruleset name="LiveRail.com (partial) " default_off='failed ruleset test'>
+<ruleset name="LiveRail.com (partial) " default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LiveStrong.com.xml b/src/chrome/content/rules/LiveStrong.com.xml
index 9a78ebe75ab1..a58a3e10ff58 100644
--- a/src/chrome/content/rules/LiveStrong.com.xml
+++ b/src/chrome/content/rules/LiveStrong.com.xml
@@ -3,20 +3,22 @@
 
 	All subdomains seem to redirect to www.livestrong.com.
 
+	Non-functional hosts:
+		Timeout:
+		- i.lsimg.net
+
 -->
 <ruleset name="Live Strong.com (partial)">
 
 	<target host="livestrong.com" />
 	<target host="www.livestrong.com" />
 
-	<target host="i.lsimg.net" />
-	
 	<target host="dynamic01.livestrongcdn.com" />
 	<target host="dynamic02.livestrongcdn.com" />
 	<target host="img.aws.livestrongcdn.com" />
 	<target host="static.livestrongcdn.com" />
 
-	<securecookie host="^(?:.*\.)?livestrong\.org$" name=".+" />
+	<securecookie host="^(?:.*\.)?livestrong\.com$" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/LiveWyer.com.xml b/src/chrome/content/rules/LiveWyer.com.xml
index 54bb9ac60d92..227e029175ba 100644
--- a/src/chrome/content/rules/LiveWyer.com.xml
+++ b/src/chrome/content/rules/LiveWyer.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://livewyer.com/ => https://livewyer.com/: (60, 'SSL certificat
 Fetch error: http://www.livewyer.com/ => https://www.livewyer.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="LiveWyer.com" default_off='failed ruleset test'>
+<ruleset name="LiveWyer.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LiveZilla.net.xml b/src/chrome/content/rules/LiveZilla.net.xml
index c6607b259ac6..bb917aef0b77 100644
--- a/src/chrome/content/rules/LiveZilla.net.xml
+++ b/src/chrome/content/rules/LiveZilla.net.xml
@@ -33,7 +33,7 @@ Fetch error: http://livezilla.net/ => https://livezilla.net/: (51, "SSL: no alte
 		- .livezilla.net
 
 -->
-<ruleset name="LiveZilla.net (partial)" default_off='failed ruleset test'>
+<ruleset name="LiveZilla.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Live_Business_Chat.com.xml b/src/chrome/content/rules/Live_Business_Chat.com.xml
deleted file mode 100644
index 42e91f8bc508..000000000000
--- a/src/chrome/content/rules/Live_Business_Chat.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	^livebusinesschat.com doesn't exist.
-
-
-	Mixed content:
-
-		- Images, from:
-
-			- $self *
-			- www.feedburner.com *
-
-		- Bugs from s7.addthis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Live Business Chat.com">
-
-	<target host="www.livebusinesschat.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Livefyre.xml b/src/chrome/content/rules/Livefyre.xml
index 1d0ff515619e..b72700b63f5c 100644
--- a/src/chrome/content/rules/Livefyre.xml
+++ b/src/chrome/content/rules/Livefyre.xml
@@ -1,55 +1,20 @@
 <!--
-	Disabled per https://github.com/EFForg/https-everywhere/issues/1419
-	Breaks comments on SI Live and WSJ.
-
 	For problematic rules, see Livefyre-mismatches.xml.
-
-
-	CDN buckets:
-
-		- lfavatar-a.akamaihd.net
-		- lfzor-a.akamaihd.net
-		- livefyre-avatar.s3.amazonaws.com | dpstvy7p9whsy.cloudfront.net
-		- d584h2bjreb1u.cloudfront.net 
-		- 3d88duefqgf2d7l2p18hja4194m.wpengine.netdna-cdn.com
-		- i\d.wp.com/avatars.fyre.co/
-
-		- livefyre.wpengine.com
-
-			- web
-
-
-	Nonfunctional domains:
-
-		- web.livefyre.com *
-
-	* wpengine
-
 -->
-<ruleset name="Livefyre (partial)" default_off="Breaks comments">
-
-	<!--	cloudfront.net
-			-->
-	<target host="*.fyre.co" />
-	<!--	No https.
-			-->
-	<target host="livefyre.com" />
-	<target host="*.livefyre.com" />
-	<target host="3d88duefqgf2d7l2p18hja4194m.wpengine.netdna-cdn.com" />
-
+<ruleset name="Livefyre (partial)">
 
-	<securecookie host="^\.livefyre\.co$" name=".+" />
+	<!-- *.fyre.co -->
+	<target host="avatars.fyre.co" />
+	<target host="zor.fyre.co" />
 
+	<!-- *.livefyre.com -->
+	<target host="livefyre.com" />
+	<target host="www.livefyre.com" />
+	<target host="web.livefyre.com" />
+	<target host="zor.livefyre.com" />
 
-	<rule from="^http://avatars\.fyre\.co/"
-		to="https://dpstvy7p9whsy.cloudfront.net/" />
-
-	<!--	Data appear to be identical.
-						-->
-	<rule from="^http://(?:zor\.fyre\.co|(?:www\.|zor\.)?livefyre\.com)/"
-		to="https://d584h2bjreb1u.cloudfront.net/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://3d88duefqgf2d7l2p18hja4194m\.wpengine\.netdna-cdn\.com/"
-		to="https://livefyre.wpengine.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Livermores-Centennial-Light-Live-Cam.xml b/src/chrome/content/rules/Livermores-Centennial-Light-Live-Cam.xml
deleted file mode 100644
index 951fe2b72dc3..000000000000
--- a/src/chrome/content/rules/Livermores-Centennial-Light-Live-Cam.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Livermore's Centennial Light Live Cam" default_off="expired, self-signed">
-
-	<!--	cert: ip-72-167-166-180.ip.secureserver.net	-->
-	<target host="centennialbulb.org"/>
-	<target host="www.centennialbulb.org"/>
-
-	<rule from="^http://(?:www\.)?centennialbulb\.org/"
-		to="https://centennialbulb.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Liverpool_Victoria.xml b/src/chrome/content/rules/Liverpool_Victoria.xml
index 11eb8d6cf9b6..693f02815fce 100644
--- a/src/chrome/content/rules/Liverpool_Victoria.xml
+++ b/src/chrome/content/rules/Liverpool_Victoria.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Livestatserver.com.xml b/src/chrome/content/rules/Livestatserver.com.xml
index 8e105580a9ec..1741eac3d975 100644
--- a/src/chrome/content/rules/Livestatserver.com.xml
+++ b/src/chrome/content/rules/Livestatserver.com.xml
@@ -1,19 +1,20 @@
 <!--
-	Problematic subdomains:
-
-		- noc *
-		- staging *
-		- w1 *
-
-	* Works; mismatched, CN: ssl.livestatserver.com
+	No working URL known:
+		cdn.livestatserver.com
+		images.livestatserver.com
+		ssl.livestatserver.com
+		staging.livestatserver.com
+		w1.livestatserver.com
 
 -->
-<ruleset name="livechatserver.com">
-
-	<target host="*.livestatserver.com" />
+<ruleset name="Livestatserver.com">
 
+	<target host="livestatserver.com" />
+		<test url="http://livestatserver.com/form-analytics.php" />
+	<target host="www.livestatserver.com" />
+		<test url="http://www.livestatserver.com/form-analytics.php" />
 
-	<rule from="^http://(?:noc|ssl|staging|w1)\.livechatserver\.com/"
-		to="https://ssl.livechatserver.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Livestock-Transport.xml b/src/chrome/content/rules/Livestock-Transport.xml
index 1c556c77ce60..bf71d9fe0fe8 100644
--- a/src/chrome/content/rules/Livestock-Transport.xml
+++ b/src/chrome/content/rules/Livestock-Transport.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.livestock-transport.com/ => https://www.livestock-transp
 	livestock.ning.com
 
 -->
-<ruleset name="Livestock Transport" default_off='failed ruleset test'>
+<ruleset name="Livestock Transport" default_off="failed ruleset test">
 
 	<target host="livestock-transport.com" />
 	<target host="www.livestock-transport.com" />
diff --git a/src/chrome/content/rules/Livestream.xml b/src/chrome/content/rules/Livestream.xml
index 45f40a3e7e88..e0e8c022143d 100644
--- a/src/chrome/content/rules/Livestream.xml
+++ b/src/chrome/content/rules/Livestream.xml
@@ -2,7 +2,7 @@
 	Nonfunctional hosts in *livestream.com:
 
 		- upload-downloads -> refused
-		- blog             -> wrong domain 
+		- blog             -> wrong domain
 
 
 	^(?!thumbnail\.)*.api: Per-account subdomains
diff --git a/src/chrome/content/rules/Livestrong.xml b/src/chrome/content/rules/Livestrong.xml
index b9d94efc147d..e401f7235860 100644
--- a/src/chrome/content/rules/Livestrong.xml
+++ b/src/chrome/content/rules/Livestrong.xml
@@ -3,10 +3,10 @@
 	- ^ŵww
 	- blog (expired)
 -->
-<ruleset name="Livestrong (partial)" default_off='redirect loop'>
+<ruleset name="Livestrong (partial)" default_off="redirect loop">
 	<target host="www.livestrong.org"/>
 
-	<securecookie host="^(?:.*\.)?livestrong\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/LivingSocial.co.uk.xml b/src/chrome/content/rules/LivingSocial.co.uk.xml
index 7c34995c2c33..05c7cc27b45d 100644
--- a/src/chrome/content/rules/LivingSocial.co.uk.xml
+++ b/src/chrome/content/rules/LivingSocial.co.uk.xml
@@ -12,7 +12,7 @@ Fetch error: http://help.livingsocial.co.uk/ => https://help.livingsocial.co.uk/
 		- help
 
 -->
-<ruleset name="LivingSocial.co.uk" default_off='failed ruleset test'>
+<ruleset name="LivingSocial.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LivingSocial.xml b/src/chrome/content/rules/LivingSocial.xml
index abe86dfe069f..f0e9dc1e5a6f 100644
--- a/src/chrome/content/rules/LivingSocial.xml
+++ b/src/chrome/content/rules/LivingSocial.xml
@@ -56,7 +56,7 @@ Fetch error: http://paypass.livingsocial.com/ => https://paypass.livingsocial.co
 		- www.livingsocial.com
 
 -->
-<ruleset name="LivingSocial.com (partial)" default_off='failed ruleset test'>
+<ruleset name="LivingSocial.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Living_Routes.org.xml b/src/chrome/content/rules/Living_Routes.org.xml
deleted file mode 100644
index 0c70f25bc76f..000000000000
--- a/src/chrome/content/rules/Living_Routes.org.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Mixed content:
-
-		- css, on ^ from:
-
-			- ^ *
-			- fonts.googleapis.com *
-
-		- Images, on ^ from:
-
-			- ^ *
-			- \d.staticflickr.com *
-
-	* Secured by us
-
--->
-<ruleset name="Living Routes.org (false MCB)" platform="mixedcontent">
-
-	<target host="livingroutes.org" />
-	<target host="www.livingroutes.org" />
-
-
-	<securecookie host="^(?:www)?\.livingroutes\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk.xml b/src/chrome/content/rules/Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk.xml
new file mode 100644
index 000000000000..c6859aecc6bd
--- /dev/null
+++ b/src/chrome/content/rules/Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk">
+  <target host="llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk" />
+  <target host="www.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk" />
+  <target host="mail.llanfairpwllgwyngyllgogerychwyrndrobwllllantysiliogogogoch.co.uk" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lloyds_TSB_Offshore.xml b/src/chrome/content/rules/Lloyds_TSB_Offshore.xml
index 8f41b8ef931c..96a2a11bb553 100644
--- a/src/chrome/content/rules/Lloyds_TSB_Offshore.xml
+++ b/src/chrome/content/rules/Lloyds_TSB_Offshore.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.lloydstsb-offshore.com/ => https://www.lloydstsb-offshor
 		- lloydstsb-offshore.com	(cert only matches www)
 
 -->
-<ruleset name="Lloyds TSB Offshore" default_off='failed ruleset test'>
+<ruleset name="Lloyds TSB Offshore" default_off="failed ruleset test">
 
 	<target host="online-offshore.lloydstsb.com" />
 	<target host="lloydstsb-offshore.com" />
@@ -30,4 +30,4 @@ Fetch error: http://www.lloydstsb-offshore.com/ => https://www.lloydstsb-offshor
 	<rule from="^http://(?:www\.)?lloydstsb-offshore\.com/"
 		to="https://www.lloydstsb-offshore.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lloydsbank.com.xml b/src/chrome/content/rules/Lloydsbank.com.xml
index 8bd2be141a7f..2b80daaa178b 100644
--- a/src/chrome/content/rules/Lloydsbank.com.xml
+++ b/src/chrome/content/rules/Lloydsbank.com.xml
@@ -1,15 +1,24 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://choicerewards.lloydsbank.com/ => https://choicerewards.lloydsbank.com/: (6, 'Could not resolve host: choicerewards.lloydsbank.com')
+Fetch error: http://toolbox.lloydsbank.com/ => https://toolbox.lloydsbank.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Dropped:
 		- infotools
 
 	Incomplete certificate chain:
 		- lloydslink.online
+
+  Connection refused:
+    - secure.lloydsbank.com
 -->
 
 <ruleset name="Lloydsbank.com (partial)">
 	<target host="lloydsbank.com" />
 	<target host="www.lloydsbank.com" />
-	<target host="choicerewards.lloydsbank.com" />
+	<!-- target host="choicerewards.lloydsbank.com" /-->
 	<target host="commercialbanking.lloydsbank.com" />
 	<target host="community.lloydsbank.com" />
 	<target host="international.lloydsbank.com" />
@@ -19,15 +28,9 @@
 	<target host="www.mycarfinance.lloydsbank.com" />
 	<target host="request.lloydsbank.com" />
 	<target host="resources.lloydsbank.com" />
-	<target host="secure.lloydsbank.com" />
-	<target host="toolbox.lloydsbank.com" />
+	<!-- target host="toolbox.lloydsbank.com" /-->
 
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
-	<test url="http://secure.lloydsbank.com/online_forms/contact_us/enquiry/form.asp" />
-
-	<!-- / redirects to HTTP which in turn is refused -->
-	<exclusion pattern="http://secure\.lloydsbank\.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Loan_Science.xml b/src/chrome/content/rules/Loan_Science.xml
deleted file mode 100644
index 8adcd27be6ba..000000000000
--- a/src/chrome/content/rules/Loan_Science.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	^loanscience.com times out
-
--->
-<ruleset name="Loan Science">
-
-	<target host="loanscience.com" />
-	<target host="*.loanscience.com" />
-
-
-	<securecookie host="^\.loanscience\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?loanscience\.com/"
-		to="https://www.loanscience.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Loans.com.au.xml b/src/chrome/content/rules/Loans.com.au.xml
new file mode 100644
index 000000000000..bd2b034415fb
--- /dev/null
+++ b/src/chrome/content/rules/Loans.com.au.xml
@@ -0,0 +1,15 @@
+<ruleset name="Loans.com.au">
+
+	<target host="loans.com.au" />
+	<target host="www.loans.com.au" />
+	<target host="login.loans.com.au" />
+	<target host="login1.loans.com.au" />
+	<target host="mobilemoney.loans.com.au" />
+	<target host="money.loans.com.au" />
+	<target host="money2.loans.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lob.com.xml b/src/chrome/content/rules/Lob.com.xml
deleted file mode 100644
index 7b4a717e1541..000000000000
--- a/src/chrome/content/rules/Lob.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)?
-		- dashboard
-
--->
-<ruleset name="Lob.com">
-
-	<target host="lob.com" />
-	<target host="dashboard.lob.com" />
-	<target host="www.lob.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Locaid.xml b/src/chrome/content/rules/Locaid.xml
deleted file mode 100644
index 462828cb91c8..000000000000
--- a/src/chrome/content/rules/Locaid.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	(www.)?loc-aid.com: Mismatched
-
--->
-<ruleset name="Locaid">
-
-	<!--	Complications:
-				-->
-	<target host="loc-aid.com" />
-	<target host="www.loc-aid.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	Redirect drops forward slash
-		and path, but not args:
-					-->
-	<rule from="^http://(?:www\.)?loc-aid\.com/[^?]*"
-		to="https://www.locationsmart.com/" />
-
-		<test url="http://www.loc-aid.com/get/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LocalEdge.xml b/src/chrome/content/rules/LocalEdge.xml
index 622441985851..f535c7dfca37 100644
--- a/src/chrome/content/rules/LocalEdge.xml
+++ b/src/chrome/content/rules/LocalEdge.xml
@@ -11,16 +11,18 @@
 <ruleset name="LocalEdge (partial)" platform="mixedcontent">
 
 	<target host="localedge.com" />
-	<target host="*.localedge.com" />
+	<target host="extranet.localedge.com" />
+	<target host="sso.localedge.com" />
+	<target host="static.localedge.com" />
+	<target host="www.localedge.com" />
 	<target host="talkingphonebook.com" />
-	<target host="*.talkingphonebook.com" />
+	<target host="images.talkingphonebook.com" />
+	<target host="www.talkingphonebook.com" />
 
 
 	<securecookie host="^.*\.localedge\.com$" name=".+" />
 
 
-	<rule from="^http://((?:extranet|sso|static|www)\.)?localedge\.com/"
-		to="https://$1localedge.com/" />
 
 	<!--	www times out over https, redirects to localedge over http.
 
@@ -30,4 +32,5 @@
 	<rule from="^http://(?:images\.|www\.)?talkingphonebook\.com/"
 		to="https://www.localedge.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LogMeIn_Inc.com.xml b/src/chrome/content/rules/LogMeIn_Inc.com.xml
index e82499a1322b..010b4b6f6b6f 100644
--- a/src/chrome/content/rules/LogMeIn_Inc.com.xml
+++ b/src/chrome/content/rules/LogMeIn_Inc.com.xml
@@ -13,7 +13,6 @@
 		- LogMeIn_Rescue.com.xml
 		- Meldium.com.xml
 		- RemotelyAnywhere.com.xml
-		- Xively.com.xml
 
 
 	Problematic hosts in *logmeininc.com:
diff --git a/src/chrome/content/rules/Logdown.com.xml b/src/chrome/content/rules/Logdown.com.xml
new file mode 100644
index 000000000000..f18f6ad394e9
--- /dev/null
+++ b/src/chrome/content/rules/Logdown.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Logdown.com" platform="mixedcontent">
+	<target host="logdown.com" />
+
+	<!--
+		- Wildcard DNS records for *.logdown.com
+		- Wildcard SSL certificate for *.logdown.com
+	-->
+	<target host="*.logdown.com" />
+		<test url="http://www.logdown.com/" />
+		<test url="http://assets0.logdown.com/" />
+		<test url="http://blog.logdown.com/" />
+		<test url="http://hello-logdown.logdown.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LogicBox_Software.xml b/src/chrome/content/rules/LogicBox_Software.xml
deleted file mode 100644
index b6c81ceed27f..000000000000
--- a/src/chrome/content/rules/LogicBox_Software.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Clients have unique subdomains.
-
--->
-<ruleset name="LogicBox Software">
-
-	<target host="logicboxsoftware.com" />
-	<target host="*.logicboxsoftware.com" />
-
-
-	<securecookie host=".+\.logicboxsoftware\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?logicboxsoftware\.com/"
-		to="https://$1logicboxsoftware.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Logilab.fr.xml b/src/chrome/content/rules/Logilab.fr.xml
index 74bc683c8d59..69108c5ea032 100644
--- a/src/chrome/content/rules/Logilab.fr.xml
+++ b/src/chrome/content/rules/Logilab.fr.xml
@@ -27,7 +27,7 @@
 	<target host="lists.logilab.fr" />
 	<target host="survey.logilab.fr" />
 
-	<securecookie host="^(?:.*\.)?logilab\.fr$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://bagu\.logilab\.fr/"
 		to="https://astroid.org/" />
diff --git a/src/chrome/content/rules/Logilab.org.xml b/src/chrome/content/rules/Logilab.org.xml
index 16a558eaa65f..2986bf07bc37 100644
--- a/src/chrome/content/rules/Logilab.org.xml
+++ b/src/chrome/content/rules/Logilab.org.xml
@@ -20,7 +20,7 @@
 
 	<rule from="^http://lax\.logilab\.org/"
 		to="https://www.cubicweb.org/" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Logitech.com.xml b/src/chrome/content/rules/Logitech.com.xml
index af3e603208e2..96611128716a 100644
--- a/src/chrome/content/rules/Logitech.com.xml
+++ b/src/chrome/content/rules/Logitech.com.xml
@@ -39,7 +39,13 @@
 <ruleset name="Logitech.com (partial)">
 
 	<target host="logitech.com" />
-	<target host="*.logitech.com" />
+	<target host="origin2.logitech.com" />
+	<target host="secure.logitech.com" />
+	<target host="www.logitech.com" />
+	<target host="alert.logitech.com" />
+	<target host="buy.logitech.com" />
+	<target host="forums.logitech.com" />
+	<target host="register.logitech.com" />
 		<!--
 			Handling any pages but those under country_code-locale/
 			would require nontrivial effort, so ToDo:
@@ -64,7 +70,6 @@
 	<rule from="^http://(?:(?:origin2|secure|www)\.)?logitech\.com/"
 		to="https://secure.logitech.com/" />
 
-	<rule from="^http://(alert|buy|forums|register)\.logitech\.com/"
-		to="https://$1.logitech.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/LogoYes.xml b/src/chrome/content/rules/LogoYes.xml
deleted file mode 100644
index 90c33f2027e9..000000000000
--- a/src/chrome/content/rules/LogoYes.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Web.com coverage, see Web.com.xml.
-
-
-	www: cert only matches ^logoyes.com
-
--->
-<ruleset name="LogoYes">
-
-	<target host="logoyes.com" />
-	<target host="www.logoyes.com" />
-
-
-	<securecookie host="^logoyes\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lohud.com.xml b/src/chrome/content/rules/Lohud.com.xml
index 938aa5918846..e944580eae9d 100644
--- a/src/chrome/content/rules/Lohud.com.xml
+++ b/src/chrome/content/rules/Lohud.com.xml
@@ -1,37 +1,19 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://lohud.com/ => https://www.lohud.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lohud.com'")
-Fetch error: http://thejournalnews.com/ => http://thejournalnews.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.lohud.com'")
 	For other Gannett Company coverage, see Gannett-Company.xml.
 
-
-	Problematic domains:
-
-		- (www.)thejournalnews.com	(times out)
-		- cmsimg.thejournalnews.com	(503, akamai)
-		- (www.)lohud.com		(akamai invalid cert)
-		- (www.)thejournalnews.com	(→ www.lohud.com)
-		- cmsimg.thejournalnews.com	(→ www.lohud.com
-
-	Mixed images from:
-
-		- bcdownload.gannett.edgesuite.net
-		- www.gannett-cdn.com
-		- lohudblogs.com
-
+	Non-functional hosts
+		Mismatched:
+		- cmsimg.lohud.com
 -->
-<ruleset name="lohud.com (partial)" platform="mixedcontent">
+<ruleset name="lohud.com (partial)">
 
 	<target host="lohud.com" />
-	<target host="*.lohud.com" />
-	<target host="thejournalnews.com" />
-	<target host="*.thejournalnews.com" />
-
+	<target host="www.lohud.com" />
+	<target host="user.lohud.com" />
 
-	<securecookie host="^(?:www)?\.lohud\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(?:cmsimg\.|www\.)?lohud\.com/"
-		to="https://www.lohud.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Lokun.is.xml b/src/chrome/content/rules/Lokun.is.xml
index 07d1da9e68dd..7e5d19b9015f 100644
--- a/src/chrome/content/rules/Lokun.is.xml
+++ b/src/chrome/content/rules/Lokun.is.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.lokun.is/ => https://www.lokun.is/: (60, 'SSL certificat
 		- www.lokun.is
 
 -->
-<ruleset name="Lokun.is" default_off='failed ruleset test'>
+<ruleset name="Lokun.is" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Lokus.no.xml b/src/chrome/content/rules/Lokus.no.xml
index 0d414ab74333..07cb19149080 100644
--- a/src/chrome/content/rules/Lokus.no.xml
+++ b/src/chrome/content/rules/Lokus.no.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?lokus\.no/"
 		to="https://www.lokus.no/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lokus.se.xml b/src/chrome/content/rules/Lokus.se.xml
index fc3995b62bfe..a0a65642a37e 100644
--- a/src/chrome/content/rules/Lokus.se.xml
+++ b/src/chrome/content/rules/Lokus.se.xml
@@ -7,7 +7,8 @@
 -->
 <ruleset name="Lokus.se (partial)">
 
-	<target host="*.lokus.se" />
+	<target host="secure.lokus.se" />
+	<target host="sifomedia.lokus.se" />
 
 
 	<!--	Tracking cookies:
@@ -16,10 +17,9 @@
 	<securecookie host="^secure\.lokus\.se$" name=".+" />
 
 
-	<rule from="^http://secure\.lokus\.se/"
-		to="https://secure.lokus.se/" />
 
 	<rule from="^http://sifomedia\.lokus\.se/"
 		to="https://oasc07.247realmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lolnet.org.xml b/src/chrome/content/rules/Lolnet.org.xml
index 748fcd7d3742..c979aeb4bde6 100644
--- a/src/chrome/content/rules/Lolnet.org.xml
+++ b/src/chrome/content/rules/Lolnet.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://lolnet.org/ => https://www.lolnet.org/: (60, 'SSL certificat
 		- ^	(cert only matches *.lolnet.org)
 
 -->
-<ruleset name="lolnet.org" default_off='failed ruleset test'>
+<ruleset name="lolnet.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/London-2012-mismatches.xml b/src/chrome/content/rules/London-2012-mismatches.xml
index 1775ac8cde24..0ebca3248c2a 100644
--- a/src/chrome/content/rules/London-2012-mismatches.xml
+++ b/src/chrome/content/rules/London-2012-mismatches.xml
@@ -4,7 +4,7 @@
 	<target host="londonpreparesseries.com"/>
 	<target host="www.londonpreparesseries.com"/>
 
-	<securecookie host="^(?:.*\.)?londonpreparesseries\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?londonpreparesseries\.com/"
 		to="https://www.londonpreparesseries.com/"/>
diff --git a/src/chrome/content/rules/London-2012.xml b/src/chrome/content/rules/London-2012.xml
index df79f8105831..17673d135462 100644
--- a/src/chrome/content/rules/London-2012.xml
+++ b/src/chrome/content/rules/London-2012.xml
@@ -10,10 +10,15 @@ Fetch error: http://london2012.com/ => https://www.london2012.com/: (7, 'Failed
 Fetch error: http://www.festival.london2012.com/ => https://festival.london2002.com/: (6, 'Could not resolve host: festival.london2002.com')
 Fetch error: http://tickets.london2012.com/ => https://www.tickets.london2012.com/: (7, 'Failed to connect to www.tickets.london2012.com port 443: Connection refused')
 -->
-<ruleset name="London 2012" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="London 2012" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="london2012.com"/>
-	<target host="*.london2012.com"/>
+	<target host="getset.london2012.com" />
+	<target host="www.festival.london2012.com" />
+	<target host="shop.london2012.com" />
+	<target host="www.london2012.com" />
+	<target host="tickets.london2012.com" />
+	<target host="www.tickets.london2012.com" />
 		<exclusion pattern="^http://getset\.london2012\.com/(?:(?:cy|en)/(?:home)?)?$"/>
 
 	<securecookie host="^(?:(?:festival|www)?\.)?london2012\.com$" name=".+" />
diff --git a/src/chrome/content/rules/London-Nano.com.xml b/src/chrome/content/rules/London-Nano.com.xml
deleted file mode 100644
index 42a99a9339a3..000000000000
--- a/src/chrome/content/rules/London-Nano.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	^: cert only matches www
-
-
-	Mixed content:
-
-		- Images from pbs.twimg.com *
-
-	* Secured by us
-
--->
-<ruleset name="London-Nano.com">
-
-	<target host="london-nano.com" />
-	<target host="www.london-nano.com" />
-
-
-	<rule from="^http://(?:www\.)?london-nano\.com/"
-		to="https://www.london-nano.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml b/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml
index cad36a39a3da..3eedbc03011e 100644
--- a/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml
+++ b/src/chrome/content/rules/London-School-of-Hygiene-and-Tropical-Medicine.xml
@@ -8,7 +8,7 @@ Fetch error: http://lshtm.ac.uk/ => https://www.lshtm.ac.uk/: (6, 'Could not res
 Fetch error: http://blogs.lshtm.ac.uk/ => https://blogs.lshtm.ac.uk/: Cycle detected - URL already encountered: https://blogs.lshtm.ac.uk/
 Fetch error: http://forums.lshtm.ac.uk/ => https://forums.lshtm.ac.uk/: (6, 'Could not resolve host: forums.lshtm.ac.uk')
 -->
-<ruleset name="London School of Hygiene &amp; Tropical Medicine" default_off='failed ruleset test'>
+<ruleset name="London School of Hygiene &amp; Tropical Medicine" default_off="failed ruleset test">
 
   <target host="lshtm.ac.uk" />
   <target host="www.lshtm.ac.uk" />
diff --git a/src/chrome/content/rules/London-Stock-Exchange.xml b/src/chrome/content/rules/London-Stock-Exchange.xml
deleted file mode 100644
index 55824854d010..000000000000
--- a/src/chrome/content/rules/London-Stock-Exchange.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.londonstockexchange.com/global/faqs/faqs.htm => https://www.londonstockexchange.com/global/faqs/faqs.htm: Too many redirects while fetching 'https://www.londonstockexchange.com/global/faqs/faqs.htm'
-Fetch error: http://www.londonstockexchange.com/global/map.htm => https://www.londonstockexchange.com/global/map.htm: Too many redirects while fetching 'https://www.londonstockexchange.com/global/map.htm'
-
-	Nonfunctional hosts in *londonstockexchange.com:
-
-		- safe *
-
-	* Handshake fails
-
-
-	^londonstockexchange.com: Handshake fails
-
--->
-<ruleset name="London Stock Exchange.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.londonstockexchange.com"/>
-
-	<!--	Complications:
-				-->
-	<target host="londonstockexchange.com"/>
-
-		<exclusion pattern="^http://(?:www\.)?londonstockexchange\.com/+(?!exchange/user/|global/|media/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.londonstockexchange.com/exchange/global/contact-us/contact-us.html" />
-			<test url="http://www.londonstockexchange.com/exchange/prices-and-markets/stocks/indices/ftse-indices.html" />
-			<test url="http://www.londonstockexchange.com/global/faqs/faqs.htm" />
-			<test url="http://www.londonstockexchange.com/global/map.htm" />
-			<test url="http://www.londonstockexchange.com/home/bribery-act-external.htm" />
-			<test url="http://www.londonstockexchange.com/home/homepage.htm" />
-			<test url="http://www.londonstockexchange.com/news/news/finance.htm" />
-
-			<!--	-ve:
-					-->
-			<test url="http://londonstockexchange.com/exchange/user/registration.html" />
-			<test url="http://www.londonstockexchange.com/global/icons/searchbig.gif" />
-			<test url="http://www.londonstockexchange.com/media/img/rebranding/logo_lse_rebranding.png" />
-
-
-	<rule from="^http://londonstockexchange\.com/"
-		to="https://www.londonstockexchange.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/London.gov.uk.xml b/src/chrome/content/rules/London.gov.uk.xml
index d7c367a05789..40f4958e3f3d 100644
--- a/src/chrome/content/rules/London.gov.uk.xml
+++ b/src/chrome/content/rules/London.gov.uk.xml
@@ -26,7 +26,7 @@
 	These altnames don't exist:
 
 		- www.volunteerbooking.london.gov.uk
-	
+
 
 	Insecure cookies are set for these hosts:
 
@@ -41,7 +41,7 @@
 	<target host="talklondon.london.gov.uk" />
 	<target host="volunteerbooking.london.gov.uk" />
 	<target host="www.london.gov.uk" />
-	
+
 		<!--	Redirects to http:
 						-->
 		<!--exclusion pattern="^http://talklondon\.london\.gov\.uk/(?:$|contact$)" /-->
diff --git a/src/chrome/content/rules/LondonStockExchange.com.xml b/src/chrome/content/rules/LondonStockExchange.com.xml
new file mode 100644
index 000000000000..60f680d5bb91
--- /dev/null
+++ b/src/chrome/content/rules/LondonStockExchange.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="London Stock Exchange">
+	<target host="londonstockexchange.com" />
+	<target host="www.londonstockexchange.com" />
+	<target host="api.londonstockexchange.com" />
+		<test url="http://api.londonstockexchange.com/api/gw/lse/download/COCPG/tearsheet" />
+	<target host="docs.londonstockexchange.com" />
+		<test url="http://docs.londonstockexchange.com/sites/default/files/documents/fees-for-issuers.pdf" />
+	<target host="www.rns-pdf.londonstockexchange.com" />
+	<target host="services.londonstockexchange.com" />
+	<target host="www.unavista.londonstockexchange.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/London_City_Airport.xml b/src/chrome/content/rules/London_City_Airport.xml
index f21e2371a433..fae5314f9dd7 100644
--- a/src/chrome/content/rules/London_City_Airport.xml
+++ b/src/chrome/content/rules/London_City_Airport.xml
@@ -2,7 +2,7 @@
     <target host="londoncityairport.com" />
     <target host="*.londoncityairport.com" />
 
-    <securecookie host="^(?:.*\.)?londoncityairport\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://londoncityairport\.com/"
         to="https://www.londoncityairport.com/"/>
diff --git a/src/chrome/content/rules/London_Review_of_Books.xml b/src/chrome/content/rules/London_Review_of_Books.xml
index 1ed524173fdc..1fcf35db10a9 100644
--- a/src/chrome/content/rules/London_Review_of_Books.xml
+++ b/src/chrome/content/rules/London_Review_of_Books.xml
@@ -18,13 +18,14 @@
 <ruleset name="London Review of Books (partial)">
 
 	<target host="lrb.co.uk" />
-	<target host="*.lrb.co.uk" />
+	<target host="www.lrb.co.uk" />
+	<target host="cdn.lrb.co.uk" />
 
 
 	<rule from="^http://(?:www\.)?lrb\.co\.uk/(activate/?(?:$|\?)|assets/|Shibboleth\.sso)"
 		to="https://www.lrb.co.uk/$1" />
 
 	<rule from="^http://cdn\.lrb\.co\.uk/"
-		to="https://d7mx03fbraf30.cloudfront.net/" />
+		to="https://cdn.lrb.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Londonist.com.xml b/src/chrome/content/rules/Londonist.com.xml
index ebf89e94374c..f35cc1adabc7 100644
--- a/src/chrome/content/rules/Londonist.com.xml
+++ b/src/chrome/content/rules/Londonist.com.xml
@@ -19,7 +19,8 @@
 <ruleset name="Londonist.com (partial)">
 
 	<target host="londonist.com" />
-	<target host="*.londonist.com" />
+	<target host="www.londonist.com" />
+	<target host="cdn.londonist.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/LongDate.pl.xml b/src/chrome/content/rules/LongDate.pl.xml
index 0129a7a1d233..a5e00aa4dd20 100644
--- a/src/chrome/content/rules/LongDate.pl.xml
+++ b/src/chrome/content/rules/LongDate.pl.xml
@@ -22,7 +22,7 @@ Fetch error: http://www.longdate.pl/ => https://www.longdate.pl/: (6, 'Could not
 		- www.longdate.pl
 
 -->
-<ruleset name="LongDate.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="LongDate.pl (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/LongTail.xml b/src/chrome/content/rules/LongTail.xml
index 509adddddeb7..938002f6029f 100644
--- a/src/chrome/content/rules/LongTail.xml
+++ b/src/chrome/content/rules/LongTail.xml
@@ -3,59 +3,48 @@
 		- Bitsontherun.com.xml
 		- JW_Platform.com.xml
 
-	Cert expired:
-		- dev.jwpltx.com
-		- i.dev.jwpltx.com
-		- stg.jwpltx.com
-		
 	Cert mismatch:
-		- code.longtailvideo.com
-		- developer.longtailvideo.com
 		- go.longtailvideo.com
-		- secure.longtailvideo.com
-		- www2.longtailvideo.com
 		- ltvimg.com
 		- s0-www.ltvimg.com
 		- s1-www.ltvimg.com
 		- www.ltvimg.com
 		- a.jwpcdn.com
-		- p.jwpcdn.com
-		- go.jwplayer.com
-		- ovp.jwplayer.com
-		- i.n.jwpltx.com
+		- p.jwpcdn.com, equivalent to ssl.p.jwpcdn.com
+
+	Redirect loop:
+		- mvn.jwplayer.com
+
 	Timeout:
 		- demo.longtailvideo.com
 		- design.longtailvideo.com
 		- bob.jwplayer.com
 		- demo.jwplayer.com
-		- jw7.jwplayer.com
-		- jw7beta.jwplayer.com
 		- qa.jwplayer.com
-		- recommendations.jwplayer.com
-		- sdk.jwplayer.com
-		
-		
+
 	TLS error:
 		- g5bmawnx.cdn.jwplayer.com
 -->
 <ruleset name="LongTail (partial)" >
 
+	<target host="p.jwpcdn.com" />
 	<target host="ssl.p.jwpcdn.com" />
 
 	<target host="jwpltx.com" />
-	<target host="s.c.jwpltx.com" />
-	<target host="s.n.jwpltx.com" />
-	<target host="s.jwpltx.com" />
+	<target host="dev.jwpltx.com" />
+	<target host="stg.jwpltx.com" />
 
 	<target host="longtailvideo.com" />
 	<target host="www.longtailvideo.com" />
 	<target host="account.longtailvideo.com" />
-	<target host="api.longtailvideo.com" />
+	<target host="code.longtailvideo.com" />
+	<target host="developer.longtailvideo.com" />
 	<target host="l.longtailvideo.com" />
 	<target host="lp.longtailvideo.com" />
 	<target host="ova.longtailvideo.com" />
 	<target host="playertest.longtailvideo.com" />
 	<target host="plugins.longtailvideo.com" />
+	<target host="secure.longtailvideo.com" />
 	<target host="securel.longtailvideo.com" />
 	<target host="securelp.longtailvideo.com" />
 	<target host="secureplugins.longtailvideo.com" />
@@ -72,19 +61,22 @@
 	<target host="dashboard.jwplayer.com" />
 	<target host="developer.jwplayer.com" />
 	<target host="entitlements.jwplayer.com" />
-	<target host="icons.jwplayer.com" />
+	<target host="go.jwplayer.com" />
 	<target host="insights.jwplayer.com" />
-	<target host="mvn.jwplayer.com" />
-	<target host="portal-api.jwplayer.com" />
-	<target host="staging-icons.jwplayer.com" />
+	<target host="jw7.jwplayer.com" />
+	<target host="jw7beta.jwplayer.com" />
+	<target host="recommendations.jwplayer.com" />
+	<target host="sdk.jwplayer.com" />
 	<target host="status.jwplayer.com" />
-	<target host="support-static.jwplayer.com" />
 	<target host="support.jwplayer.com" />
 	<target host="tv.jwplayer.com" />
 	<target host="vr.jwplayer.com" />
 
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://p\.jwpcdn\.com/"
+		  to="https://ssl.p.jwpcdn.com/" />
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Long_Access.com.xml b/src/chrome/content/rules/Long_Access.com.xml
deleted file mode 100644
index 18ace9c26d69..000000000000
--- a/src/chrome/content/rules/Long_Access.com.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://longaccess.com/ => https://www.longaccess.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.longaccess.com'")
-
-	CDN buckets:
-
-		- s3.amazonaws.com/the.longaccess.com/
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- stage ²
-		- the ¹
-
-	¹ Refused
-	² Works, revoked
-
-
-	These altnames don't exist:
-
-		- api.longaccess.com
-
--->
-<ruleset name="Long Access.com (partial)" default_off='failed ruleset test'>
-
-	<target host="longaccess.com" />
-	<target host="*.longaccess.com" />
-		<!--exclusion pattern="^http://stage\.longaccess\.com/" /-->
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://the\.longaccess\.com/+($|\?|blog/rss\.xml|(developers/)?index\.html)" /-->
-		<!--exclusion pattern="^http://the\.longaccess\.com/+(?!assets/|blog/2\d{3}/\d\d/\d\d/[\w-]+/\w+\.(jpe?|pn)g)" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(stage|www)\.longaccess\.com$" name="^csrftoken$" /-->
-
-	<securecookie host="^www\.longaccess\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?longaccess\.com/"
-		to="https://www.longaccess.com/" />
-
-	<rule from="^http://the\.longaccess\.com/(?=assets/|blog/2\d{3}/\d\d/\d\d/[\w-]+/\w+\.(?:jpe?|pn)g)"
-		to="https://s3.amazonaws.com/the.longaccess.com/" />
-
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/LoohPress.com.xml b/src/chrome/content/rules/LoohPress.com.xml
new file mode 100644
index 000000000000..718c3b72a650
--- /dev/null
+++ b/src/chrome/content/rules/LoohPress.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LoohPress.com">
+	<target host="loohpress.com" />
+	<target host="www.loohpress.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Look.co.uk-mixed.xml b/src/chrome/content/rules/Look.co.uk-mixed.xml
index 2f9e4c96269b..5fbf75a27c0d 100644
--- a/src/chrome/content/rules/Look.co.uk-mixed.xml
+++ b/src/chrome/content/rules/Look.co.uk-mixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://shop.look.co.uk/ => https://shop.look.co.uk/: (7, 'Failed to
 	For rules not causing mixed content, see Look.co.uk.xml.
 
 -->
-<ruleset name="Look.co.uk (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Look.co.uk (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="shop.look.co.uk" />
 		<!--
@@ -17,4 +17,4 @@ Fetch error: http://shop.look.co.uk/ => https://shop.look.co.uk/: (7, 'Failed to
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Look.co.uk.xml b/src/chrome/content/rules/Look.co.uk.xml
index 3e90045d494b..32a7897f431d 100644
--- a/src/chrome/content/rules/Look.co.uk.xml
+++ b/src/chrome/content/rules/Look.co.uk.xml
@@ -24,7 +24,8 @@
 -->
 <ruleset name="Look.co.uk (partial)">
 
-	<target host="*.look.co.uk" />
+	<target host="comps.look.co.uk" />
+	<target host="shop.look.co.uk" />
 		<!--
 			$ redirects to http:
 						-->
@@ -40,7 +41,6 @@
 	<securecookie host="^\.(?:comps\.)?look\.co\.uk$" name="^__utm\w$" />
 
 
-	<rule from="^http://(comps|shop)\.look\.co\.uk/"
-		to="https://$1.look.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Look_Dumbass.xml b/src/chrome/content/rules/Look_Dumbass.xml
index fe37a94e1e6b..000e5ef2f084 100644
--- a/src/chrome/content/rules/Look_Dumbass.xml
+++ b/src/chrome/content/rules/Look_Dumbass.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lookback.io.xml b/src/chrome/content/rules/Lookback.io.xml
index fc0cc2e21bab..8d8818c8db73 100644
--- a/src/chrome/content/rules/Lookback.io.xml
+++ b/src/chrome/content/rules/Lookback.io.xml
@@ -10,6 +10,6 @@
 	<rule from="^http://www\.lookback\.io/"
 			to="https://lookback.io/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lookingglass.xml b/src/chrome/content/rules/Lookingglass.xml
index 51f21bd7773b..83aa6542b47d 100644
--- a/src/chrome/content/rules/Lookingglass.xml
+++ b/src/chrome/content/rules/Lookingglass.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lookup.uribl.com.xml b/src/chrome/content/rules/Lookup.uribl.com.xml
new file mode 100644
index 000000000000..2b52a169caa4
--- /dev/null
+++ b/src/chrome/content/rules/Lookup.uribl.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Lookup.uribl.com">
+	<target host="lookup.uribl.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Looloo.com.xml b/src/chrome/content/rules/Looloo.com.xml
index 8afe13cb6d5b..381c17bac3f5 100644
--- a/src/chrome/content/rules/Looloo.com.xml
+++ b/src/chrome/content/rules/Looloo.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.looloo.com/ => https://www.looloo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.looloo.com'")
 
 -->
-<ruleset name="looloo.com" default_off='failed ruleset test'>
+<ruleset name="looloo.com" default_off="failed ruleset test">
 
 	<target host="looloo.com" />
 	<target host="www.looloo.com" />
@@ -15,4 +15,4 @@ Fetch error: http://www.looloo.com/ => https://www.looloo.com/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LoopPay.xml b/src/chrome/content/rules/LoopPay.xml
index c776c531da54..a633f98d92b4 100644
--- a/src/chrome/content/rules/LoopPay.xml
+++ b/src/chrome/content/rules/LoopPay.xml
@@ -4,12 +4,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://checkout.looppay.com/ => https://checkout.looppay.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="LoopPay" default_off='failed ruleset test'>
+<ruleset name="LoopPay" default_off="failed ruleset test">
 
 	<target host="looppay.com" />
 	<target host="www.looppay.com" />
 	<target host="checkout.looppay.com" />
-	
+
 	<securecookie host=".+" name=".+" />
 
   <rule from="^http://looppay\.com/" to="https://www.looppay.com/" />
diff --git a/src/chrome/content/rules/Loopia.xml b/src/chrome/content/rules/Loopia.xml
index cc3664d10e20..f85fc2b438f7 100644
--- a/src/chrome/content/rules/Loopia.xml
+++ b/src/chrome/content/rules/Loopia.xml
@@ -9,7 +9,10 @@ Fetch error: http://loopiasecure.com/ => https://www.loopia.se/: (60, 'SSL certi
 <ruleset name="Loopia">
 
 	<target host="loopia.se" />
-	<target host="*.loopia.se" />
+	<target host="static.loopia.se" />
+	<target host="support.loopia.se" />
+	<target host="webmail.loopia.se" />
+	<target host="www.loopia.se" />
 		<!--	blogg times out.	-->
 		<exclusion pattern="^http://blogg\." />
 	<!--	* for cross-domain cookie.	-->
@@ -19,12 +22,11 @@ Fetch error: http://loopiasecure.com/ => https://www.loopia.se/: (60, 'SSL certi
 	<securecookie host="^(?:.*\.)?loopia\.se$" name=".+" />
 
 
-	<rule from="^http://((static|support|webmail|www)\.)?loopia\.se/"
-		to="https://$1loopia.se/" />
 
 	<!--	Cert doesn't match,
 		server redirects as so.	-->
 	<rule from="^http://loopiasecure\.com/"
 		to="https://www.loopia.se/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Loopt.xml b/src/chrome/content/rules/Loopt.xml
index 4043ac9efbdf..83792bc265ae 100644
--- a/src/chrome/content/rules/Loopt.xml
+++ b/src/chrome/content/rules/Loopt.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://loopt.com/ => https://www.loopt.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.loopt.com/ => https://www.loopt.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Loopt" default_off='failed ruleset test'>
+<ruleset name="Loopt" default_off="failed ruleset test">
   <target host="loopt.com" />
   <target host="www.loopt.com" />
 
diff --git a/src/chrome/content/rules/Los_Angeles_Times.xml b/src/chrome/content/rules/Los_Angeles_Times.xml
index 31e335a1db68..b7207559b5b6 100644
--- a/src/chrome/content/rules/Los_Angeles_Times.xml
+++ b/src/chrome/content/rules/Los_Angeles_Times.xml
@@ -1,8 +1,16 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://origin-www.latimes.com/ => https://origin-www.latimes.com/: (6, 'Could not resolve host: origin-www.latimes.com')
+Fetch error: http://circulars.latimes.com/ => https://circulars.latimes.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	lat.ms is handled in Bit.ly_vanity_domains.xml.
 
 	For other Tribune coverage, see Tribune.xml.
 
+  Timeout:
+    secure.latimes.com
 
 	CDN buckets:
 
@@ -20,39 +28,31 @@
 
 
 	Problematic subdomains:
-
+    May 7, 2020: Doesn't seem to be in active use, but will keep in the target list
 		- circulars	(pages redirect to http; mismatched, CN: www.flyertown.ca)
 
 -->
 <ruleset name="Los Angeles Times (partial)">
 
 	<target host="latimes.com" />
-	<target host="*.latimes.com" />
+	<target host="www.latimes.com" />
+	<!-- target host="origin-www.latimes.com" /-->
+	<target host="membership.latimes.com" />
+	<target host="myaccount2.latimes.com" />
+	<!-- target host="circulars.latimes.com" /-->
 		<!--
+      May 7, 2020 - Doesn't seem to be in use as much, they have converted to
+      another insecure CDN ca-times.brightspotcdn.com
 			Not on secure, redirects to another domain. e.g.
 
+      outdated reference
 				latimes.com/media/photo/2009-11/50719492.jpg
 
 			redirects to
 
 				latimes.image2.trb.com/lanews/media/photo/2009-11/50719492.jpg
 									-->
-		<exclusion pattern="^http://(?:www\.)?latimes\.com/media/photo/" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.latimes\.com$" name="^(?:gpv_p\w|metrics_id|s_\w+|tribanalyticscookie)$" />
-	<securecookie host="^.+\.latimes\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(?:origin-)?www\.)?latimes\.com/(favicon\.ico|hive/|images/|includes/|media/|stylesheets/)"
-		to="https://secure.latimes.com/$1" />
-
-	<rule from="^http://(membership|myaccount2|secure)\.latimes\.com/"
-		to="https://$1.latimes.com/" />
-
-	<rule from="^http://circulars\.latimes\.com/(assets/|dist_stage/|favicon\.ico|images/)"
-		to="https://www.flyertown.ca/$1" />
+  <securecookie host=".+" name=".+" />
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lotame.xml b/src/chrome/content/rules/Lotame.xml
index e7f44f3bb569..77d4e95f7cce 100644
--- a/src/chrome/content/rules/Lotame.xml
+++ b/src/chrome/content/rules/Lotame.xml
@@ -1,19 +1,35 @@
+<!--
+	crwdcntrl.net:
+		Invalid certificate:
+			- gui.crwdcntrl.net
+-->
+
 <ruleset name="Lotame">
+	<!-- lotame.com -->
+	<target host="lotame.com" />
+	<target host="www.lotame.com" />
+	<target host="api.lotame.com" />
+	<target host="crowdcontrol.lotame.com" />
+	<target host="platform.lotame.com" />
+	<target host="resources.lotame.com" />
+	<target host="widgets.lotame.com" />
+
 
+	<!-- crwdcntrl.net -->
+	<target host="crwdcntrl.net" />
+	<target host="www.crwdcntrl.net" />
 	<target host="ad.crwdcntrl.net" />
 	<target host="bcp.crwdcntrl.net" />
 	<target host="meez.crwdcntrl.net" />
 	<target host="multiply.crwdcntrl.net" />
+	<target host="optout.crwdcntrl.net" />
 	<target host="tags.crwdcntrl.net" />
-
-	<target host="lotame.com" />
-	<target host="crowdcontrol.lotame.com" />
-	<target host="widgets.lotame.com" />
-	<target host="www.lotame.com" />
+	<target host="td.crwdcntrl.net" />
+	<target host="td2.crwdcntrl.net" />
+	<target host="ts.crwdcntrl.net" />
 
 	<securecookie host="^(?:ad|bcp|meez|multiply|tags)?\.crwdcntrl\.net$" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lotus.xml b/src/chrome/content/rules/Lotus.xml
deleted file mode 100644
index c3b4f1065723..000000000000
--- a/src/chrome/content/rules/Lotus.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	For other IBM coverage, see IBM.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- greenhouse.lotus.com
-
--->
-<ruleset name="Lotus.com (partial)">
-
-	<target host="greenhouse.lotus.com" />
-	<target host="www-10.lotus.com" />
-	
-		<!--	Some sites redirect to http using an inline JS snippet:
-										-->
-		<exclusion pattern="^http://www-10\.lotus\.com/ldd/(?:ei|lc|ss|st|nd6|nd8|nd85|mc|protector)forum\.nsf" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www-10.lotus.com/ldd/eiforum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/lcforum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/mcforum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/nd6forum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/nd85forum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/nd8forum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/protectorforum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/ssforum.nsf" />
-			<test url="http://www-10.lotus.com/ldd/stforum.nsf" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^greenhouse\.lotus\.com$" name="^(?:BIGipServer[\w~]+|JSESSIONID)$" /-->
-
-	<securecookie host="^(?:greenhouse|www-10)\.lotus\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Louder_Than_War.com.xml b/src/chrome/content/rules/Louder_Than_War.com.xml
index bd158b5b8a96..91c7c859e763 100644
--- a/src/chrome/content/rules/Louder_Than_War.com.xml
+++ b/src/chrome/content/rules/Louder_Than_War.com.xml
@@ -14,7 +14,7 @@
 <ruleset name="Louder Than War.com" default_off="expired, self-signed">
 
 	<target host="louderthanwar.com" />
-	<target host="*.louderthanwar.com" />
+	<target host="www.louderthanwar.com" />
 
 
 	<securecookie host="^\.?louderthanwar\.com$" name=".+" />
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?louderthanwar\.com/"
 		to="https://louderthanwar.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Louhi.net.xml b/src/chrome/content/rules/Louhi.net.xml
index 1051e9095473..71b8ec6a6c8a 100644
--- a/src/chrome/content/rules/Louhi.net.xml
+++ b/src/chrome/content/rules/Louhi.net.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(oma|webmail|whm\d\d)\.louhi\.net/"
 		to="https://$1.louhi.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Louise_Harrison_Couture.com.xml b/src/chrome/content/rules/Louise_Harrison_Couture.com.xml
index 559cef2a9d3b..41ec91d13891 100644
--- a/src/chrome/content/rules/Louise_Harrison_Couture.com.xml
+++ b/src/chrome/content/rules/Louise_Harrison_Couture.com.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://louiseharrisoncouture.com/ (200) => https://louiseharr
 Non-2xx HTTP code: http://www.louiseharrisoncouture.com/ (200) => https://www.louiseharrisoncouture.com/ (521)
 
 -->
-<ruleset name="Louise Harrison Couture.com" default_off='failed ruleset test'>
+<ruleset name="Louise Harrison Couture.com" default_off="failed ruleset test">
 
 	<target host="louiseharrisoncouture.com" />
 	<target host="www.louiseharrisoncouture.com" />
diff --git a/src/chrome/content/rules/Louisiana_State_University-problematic.xml b/src/chrome/content/rules/Louisiana_State_University-problematic.xml
index 5cd19f9430a6..c1731480701c 100644
--- a/src/chrome/content/rules/Louisiana_State_University-problematic.xml
+++ b/src/chrome/content/rules/Louisiana_State_University-problematic.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Louisiana_State_University.xml b/src/chrome/content/rules/Louisiana_State_University.xml
index 9db3934ffefb..591c52ad7f0f 100644
--- a/src/chrome/content/rules/Louisiana_State_University.xml
+++ b/src/chrome/content/rules/Louisiana_State_University.xml
@@ -112,7 +112,60 @@ Fetch error: http://lsu.edu/ => https://www.lsu.edu/: Pycurl fetch failed for 'h
 <ruleset name="Louisiana State University (partial)">
 
 	<target host="lsu.edu" />
-	<target host="*.lsu.edu" />
+	<target host="www.lsu.edu" />
+	<target host="appl008.lsu.edu" />
+	<target host="appl008.ocs.lsu.edu" />
+	<target host="appl037.lsu.edu" />
+	<target host="appl037.ocs.lsu.edu" />
+	<target host="calendar.apps.lsu.edu" />
+	<target host="careercenter.apps.lsu.edu" />
+	<target host="mylsu.apps.lsu.edu" />
+	<target host="myproxy.apps.lsu.edu" />
+	<target host="web.apps.lsu.edu" />
+	<target host="courses.lsu.edu" />
+	<target host="connect.grok.lsu.edu" />
+	<target host="moodle2.grok.lsu.edu" />
+	<target host="networking.grok.lsu.edu" />
+	<target host="housing.lsu.edu" />
+	<target host="itservice.lsu.edu" />
+	<target host="sso.paws.lsu.edu" />
+	<target host="photo-management.lsu.edu" />
+	<target host="photos.lsu.edu" />
+	<target host="jlee.saa.lsu.edu" />
+	<target host="sites01.lsu.edu" />
+	<target host="lsumvs.sncc.lsu.edu" />
+	<target host="studlife-web1.lsu.edu" />
+	<target host="piwik.uss.lsu.edu" />
+	<target host="as.lsu.edu" />
+	<target host="bengalbound.lsu.edu" />
+	<target host="cas.lsu.edu" />
+	<target host="complaints.lsu.edu" />
+	<target host="deanofstudents.lsu.edu" />
+	<target host="disability.lsu.edu" />
+	<target host="fye.lsu.edu" />
+	<target host="greeks.lsu.edu" />
+	<target host="groksaa.lsu.edu" />
+	<target host="sfmc.lsu.edu" />
+	<target host="studentlife.lsu.edu" />
+	<target host="www.as.lsu.edu" />
+	<target host="www.bengalbound.lsu.edu" />
+	<target host="www.cas.lsu.edu" />
+	<target host="www.complaints.lsu.edu" />
+	<target host="www.deanofstudents.lsu.edu" />
+	<target host="www.disability.lsu.edu" />
+	<target host="www.fye.lsu.edu" />
+	<target host="www.greeks.lsu.edu" />
+	<target host="www.groksaa.lsu.edu" />
+	<target host="www.sfmc.lsu.edu" />
+	<target host="www.studentlife.lsu.edu" />
+	<target host="families.lsu.edu" />
+	<target host="www.families.lsu.edu" />
+	<target host="family.lsu.edu" />
+	<target host="sg.lsu.edu" />
+	<target host="www.family.lsu.edu" />
+	<target host="www.sg.lsu.edu" />
+	<target host="tigercard.lsu.edu" />
+	<target host="www.tigercard.lsu.edu" />
 		<exclusion pattern="^http://(?:careercenter|(?:www\.)?(?:bengalbound|cas|deanofstudents|disability|families|family|fye|greeks|sg|sfmc|studentlife))\.lsu\.edu/(?!favicon\.ico|misc/|sites/)" />
 
 
@@ -128,14 +181,10 @@ Fetch error: http://lsu.edu/ => https://www.lsu.edu/: Pycurl fetch failed for 'h
 	<rule from="^http://appl0(08|37)(?:\.ocs)?\.lsu\.edu/"
 		to="https://appl0$1.lsu.edu/" />
 
-	<rule from="^http://((?:calendar|careercenter|mylsu|myproxy|web)\.apps|courses|(?:connect|moodle2|networking)\.grok|housing|itservice|sso\.paws|photo-management|photos|jlee\.saa|sites01|lsumvs\.sncc|studlife-web1|piwik\.uss)\.lsu\.edu/"
-		to="https://$1.lsu.edu/" />
 
 	<!--	Domains for which both ^foo and www.foo
 		exist, and both work, with valid certs:
 							-->
-	<rule from="^http://(www\.)?(as|bengalbound|cas|complaints|deanofstudents|disability|fye|greeks|groksaa|sfmc|studentlife)\.lsu\.edu/"
-		to="https://$1$2.lsu.edu/" />
 
 	<rule from="^http://(?:www\.)?families\.lsu\.edu/"
 		to="https://studlife-web1.lsu.edu/" />
@@ -151,4 +200,5 @@ Fetch error: http://lsu.edu/ => https://www.lsu.edu/: Pycurl fetch failed for 'h
 	<rule from="^http://(?:www\.)?tigercard\.lsu\.edu/"
 		to="https://as.lsu.edu/tigercard" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LoveFilm.xml b/src/chrome/content/rules/LoveFilm.xml
deleted file mode 100644
index 48c968668120..000000000000
--- a/src/chrome/content/rules/LoveFilm.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-			 - lovefilm.com
-			 - lovefilm.de
-			 - www.lovefilm.dk
-
-		SSL connect error:
-			 - lovefilm.no
-			 - www.lovefilm.no
--->
-<ruleset name="LoveFilm (partial)">
-	<!-- *lovefilm.com -->
-	<target host="lovefilm.com" />
-	<target host="www.lovefilm.com" />
-
-	<!-- *lovefilm.de -->
-	<target host="lovefilm.de" />
-	<target host="www.lovefilm.de" />
-
-	<rule from="^http://lovefilm\.com/"
-			to="https://www.lovefilm.com/" />
-
-	<rule from="^http://lovefilm\.de/"
-			to="https://www.lovefilm.de/" />
-
-	<rule from="^http:" 
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/LoveHoney.xml b/src/chrome/content/rules/LoveHoney.xml
deleted file mode 100644
index b49e2d8b9e1e..000000000000
--- a/src/chrome/content/rules/LoveHoney.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3f650ayx9w00n.cloudfront.net
-
-
-	- Cert only matches www
-	- Most pages redirect to http
-
--->
-<ruleset name="LoveHoney (partial)">
-
-	<target host="lovehoney.co.uk" />
-	<target host="www.lovehoney.co.uk" />
-
-
-	<rule from="^http://(?:www\.)?lovehoney\.co\.uk/(help/contact-us|your-account)"
-		to="https://www.lovehoney.co.uk/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/LovePlanet.ru.xml b/src/chrome/content/rules/LovePlanet.ru.xml
index ecad3b665edd..d56346f50041 100644
--- a/src/chrome/content/rules/LovePlanet.ru.xml
+++ b/src/chrome/content/rules/LovePlanet.ru.xml
@@ -42,7 +42,7 @@ Fetch error: http://www.loveplanet.ru/ => https://www.loveplanet.ru/: (51, "SSL:
 	⁴ Secured by us
 
 -->
-<ruleset name="LovePlanet.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="LovePlanet.ru (partial)" default_off="failed ruleset test">
 
 	<target host="loveplanet.ru" />
 	<target host="css.loveplanet.ru" />
diff --git a/src/chrome/content/rules/Love_Our_Local_Business.xml b/src/chrome/content/rules/Love_Our_Local_Business.xml
deleted file mode 100644
index bdfb1e915008..000000000000
--- a/src/chrome/content/rules/Love_Our_Local_Business.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://loveourlocalbusiness.com/ => https://www.loveourlocalbusiness.com/: (6, 'Could not resolve host: www.loveourlocalbusiness.com')
-Fetch error: http://www.loveourlocalbusiness.com/ => https://www.loveourlocalbusiness.com/: (6, 'Could not resolve host: www.loveourlocalbusiness.com')
-
-	For other Intuit coverage, see Intuit.xml.
-
-
-	!www times out.
-
--->
-<ruleset name="Love Our Local Business" default_off='failed ruleset test'>
-
-	<target host="loveourlocalbusiness.com" />
-	<target host="www.loveourlocalbusiness.com" />
-
-
-	<securecookie host="^www\.loveourlocalbusiness\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?loveourlocalbusiness\.com/"
-		to="https://www.loveourlocalbusiness.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Lovemoney.xml b/src/chrome/content/rules/Lovemoney.xml
index 506bd0b374a8..42d11c048bad 100644
--- a/src/chrome/content/rules/Lovemoney.xml
+++ b/src/chrome/content/rules/Lovemoney.xml
@@ -3,7 +3,9 @@
 	<target host="lovefood.com"/>
 	<target host="www.lovefood.com"/>
 	<target host="lovemoney.com"/>
-	<target host="*.lovemoney.com"/>
+	<target host="www.lovemoney.com" />
+	<target host="energy.lovemoney.com" />
+	<target host="sanalytics.lovemoney.com" />
 
 	<rule from="^http://(?:www\.)?love(food|money)\.com/(css|favicon\.ico|[iI]mages/|login/)"
 		to="https://www.love$1.com/$2"/>
diff --git a/src/chrome/content/rules/Loverpi.com.xml b/src/chrome/content/rules/Loverpi.com.xml
index 98929b0221fb..c010497983ba 100644
--- a/src/chrome/content/rules/Loverpi.com.xml
+++ b/src/chrome/content/rules/Loverpi.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://forum.loverpi.com/ => https://forum.loverpi.com/: (6, 'Could
 	share.loverpi.com (refused)
 -->
 
-<ruleset name="Loverpi.com" default_off='failed ruleset test'>
+<ruleset name="Loverpi.com" default_off="failed ruleset test">
 	<target host="loverpi.com" />
 	<target host="www.loverpi.com" />
 	<target host="forum.loverpi.com" />
diff --git a/src/chrome/content/rules/Lovett_Publishing_House.com.xml b/src/chrome/content/rules/Lovett_Publishing_House.com.xml
index b0637b722b12..d36c42fee6dc 100644
--- a/src/chrome/content/rules/Lovett_Publishing_House.com.xml
+++ b/src/chrome/content/rules/Lovett_Publishing_House.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://lovettpublishinghouse.com/ => https://lovettpublishinghouse.
 	* Secured by us
 
 -->
-<ruleset name="Lovett Publishing House.com" default_off='failed ruleset test'>
+<ruleset name="Lovett Publishing House.com" default_off="failed ruleset test">
 
 	<target host="lovettpublishinghouse.com" />
 	<target host="www.lovettpublishinghouse.com" />
diff --git a/src/chrome/content/rules/Lovtidende.dk.xml b/src/chrome/content/rules/Lovtidende.dk.xml
index f89a111f4053..9f95f087bd9b 100644
--- a/src/chrome/content/rules/Lovtidende.dk.xml
+++ b/src/chrome/content/rules/Lovtidende.dk.xml
@@ -11,7 +11,7 @@ Fetch error: http://lovtidende.dk/ => https://lovtidende.dk/: (56, 'SSL read: er
 		- www.lovtidende.dk
 
 -->
-<ruleset name="Lovtidende.dk" default_off='failed ruleset test'>
+<ruleset name="Lovtidende.dk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Lowes.com.xml b/src/chrome/content/rules/Lowes.com.xml
index 4d1477430684..afcd0bb55f85 100644
--- a/src/chrome/content/rules/Lowes.com.xml
+++ b/src/chrome/content/rules/Lowes.com.xml
@@ -27,6 +27,6 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Loyal_Forex.xml b/src/chrome/content/rules/Loyal_Forex.xml
index 27d8d88c7837..d92643add474 100644
--- a/src/chrome/content/rules/Loyal_Forex.xml
+++ b/src/chrome/content/rules/Loyal_Forex.xml
@@ -5,7 +5,7 @@ Fetch error: http://loyalforex.com/ => https://loyalforex.com/: (35, 'Unknown SS
 Fetch error: http://www.loyalforex.com/ => https://www.loyalforex.com/: (35, 'Unknown SSL protocol error in connection to www.loyalforex.com:443 ')
 
 -->
-<ruleset name="Loyal Forex" default_off='failed ruleset test'>
+<ruleset name="Loyal Forex" default_off="failed ruleset test">
 
 	<target host="loyalforex.com" />
 	<target host="www.loyalforex.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.loyalforex.com/ => https://www.loyalforex.com/: (35, 'Un
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/LuaJIT.org.xml b/src/chrome/content/rules/LuaJIT.org.xml
new file mode 100644
index 000000000000..a88f4fd811c1
--- /dev/null
+++ b/src/chrome/content/rules/LuaJIT.org.xml
@@ -0,0 +1,17 @@
+<!--
+	luajit.org has a wildcard DNS record, all other subdomains are mismatched.
+
+	Incomplete certificate chain:
+		- wiki
+
+	Mismatched:
+		- wiki
+-->
+<ruleset name="LuaJIT.org">
+	<target host="luajit.org" />
+	<target host="www.luajit.org" />
+	<target host="bitop.luajit.org" />
+	<target host="coco.luajit.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Luadns.com.xml b/src/chrome/content/rules/Luadns.com.xml
new file mode 100644
index 000000000000..1c4162230449
--- /dev/null
+++ b/src/chrome/content/rules/Luadns.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.luadns.com:
+		- status.luadns.com (f)
+		- uptime.luadns.com (f)
+
+	f: secure connection failed
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Luadns.com">
+	<target host="luadns.com" />
+	<target host="www.luadns.com" />
+	<target host="api.luadns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lubuntu.me.xml b/src/chrome/content/rules/Lubuntu.me.xml
new file mode 100644
index 000000000000..b2aafcbe4220
--- /dev/null
+++ b/src/chrome/content/rules/Lubuntu.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Lubuntu.me">
+
+	<target host="lubuntu.me" />
+	<target host="www.lubuntu.me" />
+	<target host="manual.lubuntu.me" />
+	<target host="phab.lubuntu.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lucid-Reverie.xml b/src/chrome/content/rules/Lucid-Reverie.xml
index bd48b4b27a25..a5d85aa5d3ef 100644
--- a/src/chrome/content/rules/Lucid-Reverie.xml
+++ b/src/chrome/content/rules/Lucid-Reverie.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://lrcd.com/ => https://lrcd.com/: (60, 'SSL certificate problem: self signed certificate')
 Fetch error: http://www.lrcd.com/ => https://lrcd.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Lucid Reverie" default_off='failed ruleset test'>
+<ruleset name="Lucid Reverie" default_off="failed ruleset test">
 
 	<target host="lrcd.com" />
 	<target host="www.lrcd.com" />
diff --git a/src/chrome/content/rules/Lucios_Gold.xml b/src/chrome/content/rules/Lucios_Gold.xml
index 40cc81168338..01a9c6f8b98b 100644
--- a/src/chrome/content/rules/Lucios_Gold.xml
+++ b/src/chrome/content/rules/Lucios_Gold.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.luciosgold.ca/ => https://www.luciosgold.ca/: (60, 'SSL
 Disabled by https-everywhere-checker because:
 Fetch error: http://luciosgold.ca/ => https://luciosgold.ca/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Lucio's Gold" default_off='failed ruleset test'>
+<ruleset name="Lucio's Gold" default_off="failed ruleset test">
 
 	<target host="luciosgold.ca" />
 	<target host="www.luciosgold.ca" />
@@ -18,4 +18,4 @@ Fetch error: http://luciosgold.ca/ => https://luciosgold.ca/: (60, 'SSL certific
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lucky2u.net.xml b/src/chrome/content/rules/Lucky2u.net.xml
index 3e1f9b862eb9..19b1e4adaba7 100644
--- a/src/chrome/content/rules/Lucky2u.net.xml
+++ b/src/chrome/content/rules/Lucky2u.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?lucky2u\.net/"
 		to="https://lucky2u.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ludwigshafen-diskutiert.de.xml b/src/chrome/content/rules/Ludwigshafen-diskutiert.de.xml
new file mode 100644
index 000000000000..2fffe4487a64
--- /dev/null
+++ b/src/chrome/content/rules/Ludwigshafen-diskutiert.de.xml
@@ -0,0 +1,13 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Ludwigshafen-diskutiert.de">
+
+	<target host="ludwigshafen-diskutiert.de" />
+	<target host="www.ludwigshafen-diskutiert.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ludwigshafen.de.xml b/src/chrome/content/rules/Ludwigshafen.de.xml
new file mode 100644
index 000000000000..3209e1b1dc72
--- /dev/null
+++ b/src/chrome/content/rules/Ludwigshafen.de.xml
@@ -0,0 +1,42 @@
+<!--
+	Connection closed:
+		sentry.ludwigshafen.de
+
+	Content mismatch:
+		karriere.ludwigshafen.de
+
+	Invalid certificate:
+		alt.ludwigshafen.de
+		(www.)?dialog.ludwigshafen.de
+		lumm.ludwigshafen.de
+
+	Timeout:
+		bibliothek-katalog.ludwigshafen.de
+		geoportal.ludwigshafen.de
+		mail2.ludwigshafen.de
+		mailsec01.ludwigshafen.de
+-->
+<ruleset name="Ludwigshafen.de">
+
+	<target host="ludwigshafen.de" />
+	<target host="www.ludwigshafen.de" />
+	<target host="www.abfallkalender.ludwigshafen.de" />
+	<target host="bloch.ludwigshafen.de" />
+	<target host="dashaus.ludwigshafen.de" />
+	<target host="kitaportal.ludwigshafen.de" />
+	<target host="www.kitaportal.ludwigshafen.de" />
+	<target host="open-stadtbibliothek.ludwigshafen.de" />
+	<target host="portal.ludwigshafen.de" />
+	<target host="stadtplan.ludwigshafen.de" />
+	<target host="stadtplan2.ludwigshafen.de" />
+	<target host="stadtratlive.ludwigshafen.de" />
+	<target host="www.stadtratlive.ludwigshafen.de" />
+	<target host="tevisweb.ludwigshafen.de" />
+	<target host="teviswebdev.ludwigshafen.de" />
+	<target host="vsp.ludwigshafen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Lufthansa.xml b/src/chrome/content/rules/Lufthansa.xml
index 902694addf38..04d66afa7cf2 100644
--- a/src/chrome/content/rules/Lufthansa.xml
+++ b/src/chrome/content/rules/Lufthansa.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://lufthansa.com/ (200) => https://www.lufthansa.com/ (404)
 
 -->
-<ruleset name="Lufthansa" default_off='failed ruleset test'>
+<ruleset name="Lufthansa" default_off="failed ruleset test">
     <target host="lufthansa.com" />
     <target host="*.lufthansa.com" />
 
diff --git a/src/chrome/content/rules/LukeSmith.xyz.xml b/src/chrome/content/rules/LukeSmith.xyz.xml
new file mode 100644
index 000000000000..34c76056b203
--- /dev/null
+++ b/src/chrome/content/rules/LukeSmith.xyz.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatch:
+		old.lukesmith.xyz
+		talk.lukesmith.xyz
+-->
+<ruleset name="LukeSmith.xyz">
+	<target host="lukesmith.xyz" />
+	<target host="www.lukesmith.xyz" />
+	<target host="forum.lukesmith.xyz" />
+	<target host="www.forum.lukesmith.xyz" />
+	<target host="git.lukesmith.xyz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lulea_Municipality.xml b/src/chrome/content/rules/Lulea_Municipality.xml
index 54e2181dfa55..a5a314209b42 100644
--- a/src/chrome/content/rules/Lulea_Municipality.xml
+++ b/src/chrome/content/rules/Lulea_Municipality.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lulea_University_of_Technology.xml b/src/chrome/content/rules/Lulea_University_of_Technology.xml
index f9eeb6d91c24..7bbf680e3891 100644
--- a/src/chrome/content/rules/Lulea_University_of_Technology.xml
+++ b/src/chrome/content/rules/Lulea_University_of_Technology.xml
@@ -15,7 +15,8 @@
 <ruleset name="Luleå University of Technology (partial)">
 
 	<target host="ltu.se" />
-	<target host="*.ltu.se" />
+	<target host="www.ltu.se" />
+	<target host="weblogon.ltu.se" />
 
 
 	<securecookie host="^weblogon\.ltu\.se$" name=".+" />
@@ -27,4 +28,4 @@
 	<rule from="^http://weblogon\.ltu\.se/"
 		to="https://weblogon.ltu.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lulu.xml b/src/chrome/content/rules/Lulu.xml
index 3a690e2b7241..dd210b4ded07 100644
--- a/src/chrome/content/rules/Lulu.xml
+++ b/src/chrome/content/rules/Lulu.xml
@@ -1,7 +1,8 @@
 <ruleset name="Lulu (partial)">
 
 	<target host="lulu.com"/>
-	<target host="*.lulu.com"/>
+	<target host="www.lulu.com" />
+	<target host="static.lulu.com" />
 
 	<rule from="^http://(www\.)?lulu\.com/(login|register)\.php"
 		to="https://$1lulu.com/$2.php"/>
diff --git a/src/chrome/content/rules/Lumen.xml b/src/chrome/content/rules/Lumen.xml
index a95d10d0ca71..68119abd00cd 100644
--- a/src/chrome/content/rules/Lumen.xml
+++ b/src/chrome/content/rules/Lumen.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lumesse.com.xml b/src/chrome/content/rules/Lumesse.com.xml
index 4b1c99a99112..352e98859883 100644
--- a/src/chrome/content/rules/Lumesse.com.xml
+++ b/src/chrome/content/rules/Lumesse.com.xml
@@ -41,7 +41,7 @@ Fetch error: http://www.lumesse.com/ => https://www.lumesse.com/: (51, "SSL: no
 	⁴ Secured by us
 
 -->
-<ruleset name="Lumesse.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Lumesse.com (partial)" default_off="failed ruleset test">
 
 	<target host="lumesse.com" />
 	<target host="www.lumesse.com" />
diff --git a/src/chrome/content/rules/Lumiblade.xml b/src/chrome/content/rules/Lumiblade.xml
index d67cb3f384f5..8163ed028fda 100644
--- a/src/chrome/content/rules/Lumiblade.xml
+++ b/src/chrome/content/rules/Lumiblade.xml
@@ -8,12 +8,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://lumiblade-shop.com/ => https://lumiblade-shop.com/: (7, 'Failed to connect to lumiblade-shop.com port 443: Connection refused')
 Fetch error: http://www.lumiblade-shop.com/ => https://www.lumiblade-shop.com/: (7, 'Failed to connect to www.lumiblade-shop.com port 443: Connection refused')
 -->
-<ruleset name="Lumiblade" default_off='failed ruleset test'>
+<ruleset name="Lumiblade" default_off="failed ruleset test">
 
 	<target host="lumiblade-shop.com" />
 	<target host="www.lumiblade-shop.com" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 
 
 	<securecookie host="^\.www\.lumiblade-shop\.com$" name=".+" />
diff --git a/src/chrome/content/rules/LuminoWorld.com.xml b/src/chrome/content/rules/LuminoWorld.com.xml
index d065e93cae6a..c3a655790c9b 100644
--- a/src/chrome/content/rules/LuminoWorld.com.xml
+++ b/src/chrome/content/rules/LuminoWorld.com.xml
@@ -14,4 +14,4 @@ Fetch error: http://www.luminoworld.com/ => http://www.luminoworld.com/: (6, 'Co
 	<rule from="^http://(www\.)?luminoworld\.com/(images/|Portals/|scripts/|show(?:Category|Product)Image\.aspx)"
 		to="https://$1luminoworld.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lumo.xml b/src/chrome/content/rules/Lumo.xml
deleted file mode 100644
index 92806baf22d8..000000000000
--- a/src/chrome/content/rules/Lumo.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Lumo">
-
-	<target host="lumo.me" />
-	<target host="www.lumo.me" />
-
-
-	<securecookie host="^lumo\.me$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Lumosity.xml b/src/chrome/content/rules/Lumosity.xml
index a8f0ce152e08..f7093a99dce3 100644
--- a/src/chrome/content/rules/Lumosity.xml
+++ b/src/chrome/content/rules/Lumosity.xml
@@ -7,7 +7,9 @@
 <ruleset name="Lumosity (partial)">
 
 	<target host="lumosity.com" />
-	<target host="*.lumosity.com" />
+	<target host="www.lumosity.com" />
+	<target host="static.lumosity.com" />
+	<target host="static.sl.lumosity.com" />
 
 
 	<!--	Many pages redirect to http.	-->
diff --git a/src/chrome/content/rules/Luna-Nivius.xml b/src/chrome/content/rules/Luna-Nivius.xml
index 5e6b2645fc40..c10c7ace2512 100644
--- a/src/chrome/content/rules/Luna-Nivius.xml
+++ b/src/chrome/content/rules/Luna-Nivius.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://niveusluna.org/ => https://niveusluna.org/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.niveusluna.org/ => https://www.niveusluna.org/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Luna Nivius" default_off='failed ruleset test'>
+<ruleset name="Luna Nivius" default_off="failed ruleset test">
 
 	<target host="niveusluna.org" />
 	<target host="www.niveusluna.org" />
diff --git a/src/chrome/content/rules/Lurkmore.to.xml b/src/chrome/content/rules/Lurkmore.to.xml
index f56b153662f8..f77af99dc622 100644
--- a/src/chrome/content/rules/Lurkmore.to.xml
+++ b/src/chrome/content/rules/Lurkmore.to.xml
@@ -1,42 +1,54 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://main.lurkmore.so/ => https://main.lurkmore.so/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-Fetch error: http://test.lurkmore.so/ => https://test.lurkmore.so/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-Fetch error: http://wwwmeleno.lurkmore.so/ => https://wwwmeleno.lurkmore.so/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-
-	Problematic domains:
-
-		- direct.lurkmore.so mismatch
-		- ipv6.lurkmore.to nonexist
-		- ad.lurkmore.ru mismatch
-		- m.lurkmore.ru mismatch
-
+	Invalid certificate:
+		ad.lurkmore.to
+		egor.lurkmore.to
+		googlefffffffff9e3a2d8.lurkmore.to
+		failover.lurkmore.to
+		ftp.lurkmore.to
+		ipv6.lurkmore.to
+		irc.lurkmore.to
+		mail.lurkmore.to
+		ns.lurkmore.to
+		ns1.lurkmore.to
+		redmine.lurkmore.to
+		ssl.lurkmore.to
+
+	Time out:
+		riten.hn.lurkmore.to
+		munin.riten.hn.lurkmore.to
+		a.riten.hn.lurkmore.to
+		b.riten.hn.lurkmore.to
+		c.riten.hn.lurkmore.to
+		d.riten.hn.lurkmore.to
+		e.riten.hn.lurkmore.to
+		sunny.hn.lurkmore.to
+		a.sunny.hn.lurkmore.to
+		b.sunny.hn.lurkmore.to
+		c.sunny.hn.lurkmore.to
+		d.sunny.hn.lurkmore.to
+		e.sunny.hn.lurkmore.to
+		mail.in.lurkmore.to
+		meleno.in.lurkmore.to
+		newmeleno.in.lurkmore.to
+		ns.in.lurkmore.to
+		main.lurkmore.to
+		meleno.lurkmore.to
+		nauka.lurkmore.to
+		newmeleno.lurkmore.to
+		ivy.ns.lurkmore.to
+		jay.ns.lurkmore.to
+		nsmaster.lurkmore.to
+		science.lurkmore.to
+		test.lurkmore.to
+		wwwmeleno.lurkmore.to
 -->
-<ruleset name="Lurkmore.to" default_off='failed ruleset test'>
-
-	<target host="lurkmo.re" />
-	<target host="www.lurkmo.re" />
-	<target host="lurkmore.so" />
-	<target host="www.lurkmore.so" />
-	<target host="main.lurkmore.so" />
-	<target host="ipv6.lurkmore.so" />
-	<target host="m.lurkmore.so" />
-	<target host="test.lurkmore.so" />
-	<target host="wwwmeleno.lurkmore.so" />
+<ruleset name="lurkmore.to">
 	<target host="lurkmore.to" />
 	<target host="www.lurkmore.to" />
-	<target host="lurkmore.co" />
-	<target host="www.lurkmore.co" />
-	<target host="lurkmore.ru" />
-	<target host="www.lurkmore.ru" />
-	<target host="s.lurkmore.ru" />
-
-
-	<securecookie host="^\.?lurkmo(?:\.re|re\.[st]o)$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<target host="m.lurkmore.to" />
+	<target host="forward.lurkmore.to" />
+	<target host="s.lurkmore.to" />
 
+	<rule from="^http://www\.lurkmore\.to/" to="https://lurkmore.to/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Luxomo.com.xml b/src/chrome/content/rules/Luxomo.com.xml
index ad29b4ace77c..5428d707a6ff 100644
--- a/src/chrome/content/rules/Luxomo.com.xml
+++ b/src/chrome/content/rules/Luxomo.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://luxomo.com/ => https://luxomo.com/: (28, 'Connection timed o
 	* Secured by us
 
 -->
-<ruleset name="Luxomo.com" default_off='failed ruleset test'>
+<ruleset name="Luxomo.com" default_off="failed ruleset test">
 
 	<target host="luxomo.com" />
 	<target host="www.luxomo.com" />
diff --git a/src/chrome/content/rules/Luxury_Custom_Wheels.xml b/src/chrome/content/rules/Luxury_Custom_Wheels.xml
index c5f9056b336f..98055c6cf6e6 100644
--- a/src/chrome/content/rules/Luxury_Custom_Wheels.xml
+++ b/src/chrome/content/rules/Luxury_Custom_Wheels.xml
@@ -5,15 +5,15 @@ Fetch error: http://luxurycustomwheels.com/ => https://luxurycustomwheels.com/:
 Fetch error: http://www.luxurycustomwheels.com/ => https://www.luxurycustomwheels.com/: (35, 'Unknown SSL protocol error in connection to www.luxurycustomwheels.com:443 ')
 
 -->
-<ruleset name="Luxury Custom Wheels" default_off='failed ruleset test'>
+<ruleset name="Luxury Custom Wheels" default_off="failed ruleset test">
 
 	<target host="luxurycustomwheels.com" />
 	<target host="www.luxurycustomwheels.com" />
 
 
-	<securecookie host="^(?:.*\.)?luxurycustomwheels\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Luxury_Replica.xml b/src/chrome/content/rules/Luxury_Replica.xml
index a62b2247360a..f6ca93dac62e 100644
--- a/src/chrome/content/rules/Luxury_Replica.xml
+++ b/src/chrome/content/rules/Luxury_Replica.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.luxuryreplica.net/ => https://www.luxuryreplica.net/: (2
 Disabled by https-everywhere-checker because:
 Fetch error: http://luxuryreplica.net/ => https://luxuryreplica.net/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Luxury Replica" default_off='failed ruleset test'>
+<ruleset name="Luxury Replica" default_off="failed ruleset test">
 
 	<target host="luxuryreplica.net" />
 	<target host="www.luxuryreplica.net" />
@@ -18,4 +18,4 @@ Fetch error: http://luxuryreplica.net/ => https://luxuryreplica.net/: (28, 'Conn
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lxde.org.xml b/src/chrome/content/rules/Lxde.org.xml
new file mode 100644
index 000000000000..0f5cc0003922
--- /dev/null
+++ b/src/chrome/content/rules/Lxde.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.lxde.org:
+		- lists.lxde.org redirects to NXDOMAIN
+-->
+<ruleset name="Lxde.org">
+	<target host="lxde.org" />
+	<target host="www.lxde.org" />
+	<target host="blog.lxde.org" />
+	<target host="git.lxde.org" />
+	<target host="wiki.lxde.org" />
+	<target host="pootle.lxde.org" />
+	<target host="forum.lxde.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/LyinComey.com.xml b/src/chrome/content/rules/LyinComey.com.xml
new file mode 100644
index 000000000000..ac7335cc9b8f
--- /dev/null
+++ b/src/chrome/content/rules/LyinComey.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="LyinComey.com">
+	<target host="lyincomey.com" />
+	<target host="www.lyincomey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lymo.fr.xml b/src/chrome/content/rules/Lymo.fr.xml
index a0a3d0c73c32..15405ded50ff 100644
--- a/src/chrome/content/rules/Lymo.fr.xml
+++ b/src/chrome/content/rules/Lymo.fr.xml
@@ -1,11 +1,11 @@
-<!--
-	Invalid certificate:
-		blog.lymo.fr
-
--->
-<ruleset name="Lymo.fr">
-	<target host="lymo.fr" />
-	<target host="www.lymo.fr" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
+<!--
+	Invalid certificate:
+		blog.lymo.fr
+
+-->
+<ruleset name="Lymo.fr">
+	<target host="lymo.fr" />
+	<target host="www.lymo.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Lynch_Interactive.com.xml b/src/chrome/content/rules/Lynch_Interactive.com.xml
index 23fbd95bea62..5d0f1015956a 100644
--- a/src/chrome/content/rules/Lynch_Interactive.com.xml
+++ b/src/chrome/content/rules/Lynch_Interactive.com.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://lynchinteractive.com/ (200) => https://lynchinteractive.com/ (404)
 
 -->
-<ruleset name="Lynch Interactive.com" default_off='failed ruleset test'>
+<ruleset name="Lynch Interactive.com" default_off="failed ruleset test">
 
 	<target host="lynchinteractive.com" />
 	<target host="www.lynchinteractive.com" />
diff --git a/src/chrome/content/rules/Lynda.com.xml b/src/chrome/content/rules/Lynda.com.xml
index 2846ac82e1d5..e6c7f2e04516 100644
--- a/src/chrome/content/rules/Lynda.com.xml
+++ b/src/chrome/content/rules/Lynda.com.xml
@@ -43,7 +43,6 @@
 					-->
 			<test url="http://www.lynda.com/apps/ios" />
 			<test url="http://www.lynda.com/business" />
-			<test url="http://www.lynda.com/business" />
 			<test url="http://www.lynda.com/government" />
 			<test url="http://www.lynda.com/login/loginhelp.aspx" />
 			<test url="http://www.lynda.com/promo/trial/default.aspx" />
diff --git a/src/chrome/content/rules/Lynku.com.xml b/src/chrome/content/rules/Lynku.com.xml
index 8b5c6278fb02..b99e9a0ccdf0 100644
--- a/src/chrome/content/rules/Lynku.com.xml
+++ b/src/chrome/content/rules/Lynku.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://images.lynku.com/ => https://shop.look.co.uk/: (7, 'Failed t
 		- images	(mismatched, CN: shop.look.co.uk)
 
 -->
-<ruleset name="Lynku.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Lynku.com (partial)" default_off="failed ruleset test">
 
 	<target host="images.lynku.com" />
 
@@ -23,4 +23,4 @@ Fetch error: http://images.lynku.com/ => https://shop.look.co.uk/: (7, 'Failed t
 	<rule from="^http://images\.lynku\.com/"
 		to="https://shop.look.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Lyris.xml b/src/chrome/content/rules/Lyris.xml
index adc923ec4f8d..2266b31fb8f9 100644
--- a/src/chrome/content/rules/Lyris.xml
+++ b/src/chrome/content/rules/Lyris.xml
@@ -18,12 +18,14 @@ Fetch error: http://www.lyrishq.com/ => https://www.lyris.com/blog: (28, 'Connec
 		- Up0.net.xml
 
 -->
-<ruleset name="Lyris (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Lyris (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="clicktracks.com" />
-	<target host="*.clicktracks.com" />
+	<target host="stats1.clicktracks.com" />
+	<target host="www.clicktracks.com" />
 	<target host="lyris.com"/>
-	<target host="*.lyris.com"/>
+	<target host="landing.lyris.com" />
+	<target host="www.lyris.com" />
 	<target host="lyrishq.com"/>
 	<target host="www.lyrishq.com"/>
 
@@ -35,16 +37,13 @@ Fetch error: http://www.lyrishq.com/ => https://www.lyris.com/blog: (28, 'Connec
 	<rule from="^http://clicktracks\.com/"
 		to="https://www.clicktracks.com/" />
 
-	<rule from="^http://(stats1|www)\.clicktracks\.com/"
-		to="https://$1.clicktracks.com/" />
 
 	<rule from="^http://lyris\.com/"
 		to="https://www.lyris.com/"/>
 
-	<rule from="^http://(landing|www)\.lyris\.com/"
-		to="https://$1.lyris.com/"/>
 
 	<rule from="^http://(?:www\.)?lyrishq\.com/"
 		to="https://www.lyris.com/blog"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Lyrk.de.xml b/src/chrome/content/rules/Lyrk.de.xml
index e4bad3a79f84..08dd1293bb4d 100644
--- a/src/chrome/content/rules/Lyrk.de.xml
+++ b/src/chrome/content/rules/Lyrk.de.xml
@@ -9,7 +9,8 @@
 <ruleset name="Lyrk.de">
 
 	<target host="lyrk.de" />
-	<target host="*.lyrk.de" />
+	<target host="geodienste.lyrk.de" />
+	<target host="www.lyrk.de" />
 
 
 	<!--	 Not secured by server:
diff --git a/src/chrome/content/rules/M-Fanshop.ch.xml b/src/chrome/content/rules/M-Fanshop.ch.xml
deleted file mode 100644
index 29e2bcbded6b..000000000000
--- a/src/chrome/content/rules/M-Fanshop.ch.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!--
-	For other Migros coverage, see Migros.xml.
--->
-<ruleset name="M-Fanshop.ch">
-	<target host="m-fanshop.ch" />
-	<target host="www.m-fanshop.ch" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/M-W.co.uk.xml b/src/chrome/content/rules/M-W.co.uk.xml
index a17d4062babe..c1036b8ebf24 100644
--- a/src/chrome/content/rules/M-W.co.uk.xml
+++ b/src/chrome/content/rules/M-W.co.uk.xml
@@ -17,7 +17,7 @@ Fetch error: http://m-w.co.uk/ => https://m-w.co.uk/: Too many redirects while f
 	* Secured by us
 
 -->
-<ruleset name="M-W.co.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="M-W.co.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="m-w.co.uk" />
 	<target host="www.m-w.co.uk" />
diff --git a/src/chrome/content/rules/M-and-T_Bank.xml b/src/chrome/content/rules/M-and-T_Bank.xml
index 1276a5c26c57..f54c72baa872 100644
--- a/src/chrome/content/rules/M-and-T_Bank.xml
+++ b/src/chrome/content/rules/M-and-T_Bank.xml
@@ -14,7 +14,10 @@
 
 	<target host="onlinebanking.mandtbank.com" />
 	<target host="mtb.com" />
-	<target host="*.mtb.com" />
+	<target host="www.mtb.com" />
+	<target host="applynow.mtb.com" />
+	<target host="services.mtb.com" />
+	<target host="webmail.mtb.com" />
 	<target host="mandtbank.spatialpoint.com" />
 
 
@@ -22,16 +25,11 @@
 	<securecookie host="^.*\.mtb\.com$" name=".+" />
 
 
-	<rule from="^http://onlinebanking\.mandtbank\.com/"
-		to="https://onlinebanking.mandtbank.com/" />
 
 	<rule from="^http://(?:www\.)?mtb\.com/"
 		to="https://www.mtb.com/" />
 
-	<rule from="^http://(applynow|services|webmail)\.mtb\.com/"
-		to="https://$1.mtb.com/" />
 
-	<rule from="^http://mandtbank\.spatialpoint\.com/"
-		to="https://mandtbank.spatialpoint.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/M-net.de.xml b/src/chrome/content/rules/M-net.de.xml
deleted file mode 100644
index 6d9b03aab62f..000000000000
--- a/src/chrome/content/rules/M-net.de.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-<!--
-		Cert chain issues:
-			- www-maint.m-net.de
-			- svn.m-net.de
-
-		Cert expired:
-			- muc.m-net.de
-
-		Cert mismatch:
-			- 24h.m-net.de
-			- studenten.m-net.de
-			- lyncdiscover.m-net.de
-			- meinbusiness.m-net.de
-			- msoid.m-net.de
-			- news.m-net.de
-			- traffic.m-net.de
-			- services.m-net.de
-			- sip.m-net.de
-
-		Connection refused:
-			- it-sec1.m-net.de
-			- localhost.m-net.de
-			- media.m-net.de
-
-		Redirect loop:
-			- gk.m-net.de
-			- tvplus.m-net.de
-			- www-test.m-net.de
-
-		Self-signed cert:
-			- fw-access-cl02-muc-outside.m-net.de
-			- it-dv-tool.m-net.de
-			- mnetffmmipprod.m-net.de
-
-		Timeout:
-			- dsl.m-net.de
-			- heimdall-cl02.m-net.de
-			- heimdall2.m-net.de
-			- owl.m-net.de
-			- rt-access-1.m-net.de
-			- rt-access-2.m-net.de
-			- wwtest01.m-net.de
-
-
-		TLS broken:
-
-			- dtts.m-net.de
-			- heimdall.m-net.de
-			- heimdall-cl01.m-net.de
-			- it-sec4.m-net.de
-			- it-sftp.m-net.de
-			- it-zuya.m-net.de
-			- kampagne.m-net.de
-			- mdm03-int.m-net.de
-			- mnetffmmip02.m-net.de
-			- mnetffmmip03.m-net.de
-			- mnetffmmip11.m-net.de
-			- mnetffmserv11.m-net.de
-			- mnetmail01.m-net.de
-			- mdm02-int.m-net.de
-			- spri-prod.m-net.de
-			- spri-test.m-net.de
-			- umfrage.m-net.de
-			- vc.m-net.de
-			- wbci.m-net.de
-			- wita.m-net.de
-			- wita-kft.m-net.de
-			- wwtest02.m-net.de)
-
--->
-<ruleset name="M-net Telekommunikations GmbH" >
-
-	<target host="m-net.de" />
-	<target host="www.m-net.de" />
-	<target host="aktiontv.m-net.de" />
-	<target host="autodiscover.m-net.de" />
-	<target host="dataspace.m-net.de" />
-	<target host="exmail.m-net.de" />
-	<target host="extmail.m-net.de" />
-	<target host="forum.m-net.de" />
-	<target host="karriere.m-net.de" />
-	<target host="kundenportal.m-net.de" />
-	<target host="mdm01-int.m-net.de" />
-	<target host="mvg.m-net.de" />
-	<target host="owa.m-net.de" />
-	<target host="owa2-int.m-net.de" />
-	<target host="partner.m-net.de" />
-	<target host="partnerportal.m-net.de" />
-	<target host="sds.m-net.de" />
-	<target host="shop.m-net.de" />
-	<target host="speedtest.m-net.de" />
-	<target host="upgrade.m-net.de" />
-	<target host="webaccess.m-net.de" />
-	<target host="webaccess2.m-net.de" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
- 
diff --git a/src/chrome/content/rules/M-pathy.xml b/src/chrome/content/rules/M-pathy.xml
index 33d16df76c35..04f45723f3d3 100644
--- a/src/chrome/content/rules/M-pathy.xml
+++ b/src/chrome/content/rules/M-pathy.xml
@@ -10,7 +10,8 @@
 <ruleset name="m-pathy (partial)">
 
 	<target host="m-pathy.com" />
-	<target host="*.m-pathy.com" />
+	<target host="www.m-pathy.com" />
+	<target host="cdn.m-pathy.com" />
 
 
 	<rule from="^http://(?:www\.)?m-pathy\.com/(css/|favicon\.ico|images/|questionnaire/|sf/|user/)"
@@ -19,4 +20,4 @@
 	<rule from="^http://cdn\.m-pathy\.com/"
 		to="https://cdn.m-pathy.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/M-privacy.xml b/src/chrome/content/rules/M-privacy.xml
index dd73c404f552..c20c2bf48e62 100644
--- a/src/chrome/content/rules/M-privacy.xml
+++ b/src/chrome/content/rules/M-privacy.xml
@@ -1,7 +1,9 @@
 <ruleset name="m-privacy">
 
 	<target host="m-privacy.de" />
-	<target host="*.m-privacy.de" />
+	<target host="git.m-privacy.de" />
+	<target host="rsbac.m-privacy.de" />
+	<target host="www.m-privacy.de" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^(?:rsbac|www)\.m-privacy\.de$" name=".+" />
 
 
-	<rule from="^http://((?:git|rsbac|www)\.)?m-privacy\.de/"
-		to="https://$1m-privacy.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/M01.eu.xml b/src/chrome/content/rules/M01.eu.xml
deleted file mode 100644
index adadbad9310c..000000000000
--- a/src/chrome/content/rules/M01.eu.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	www: mismatched
-
--->
-<ruleset name="M01.eu">
-
-	<target host="m01.eu" />
-	<target host="*.m01.eu" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(me\.)?m01\.eu$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:me\.)?m01\.eu$" name=".+" />
-
-
-	<rule from="^http://(?:(me\.)|www\.)?m01\.eu/"
-		to="https://$1m01.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/M2pub.com.xml b/src/chrome/content/rules/M2pub.com.xml
deleted file mode 100644
index 156ab9967b9c..000000000000
--- a/src/chrome/content/rules/M2pub.com.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	For other Matomy Media coverage, see Matomy-Media.xml.
-
-
-	CDN buckets:
-
-		- ads.adk2.com
-
-			- s
-
-		- d3vg9hiogk70qz.cloudfront.net
-
-			creative
-
-
-	Problematic subdomains:
-
-		- creative	(cloudfront)
-		- s		(works; mismatched, CN: ads.adk2.com)
-
-
-	Fully covered subdomains:
-
-		- creative	(→ d3vg9hiogk70qz.cloudfront.net)
-		- s		(→ ads.adk2.com)
-
-
-	(www.)m2pub.com doesn't exist.
-
-	Ads and web bugs.
-
--->
-<ruleset name="M2pub.com">
-
-	<target host="*.m2pub.com" />
-
-
-	<rule from="^http://creative\.m2pub\.com/"
-		to="https://d3vg9hiogk70qz.cloudfront.net/" />
-
-	<rule from="^http://s\.m2pub\.com/"
-		to="https://ads.adk2.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MAC_Paper.com.xml b/src/chrome/content/rules/MAC_Paper.com.xml
index c3fabcc79cfe..5f715035742c 100644
--- a/src/chrome/content/rules/MAC_Paper.com.xml
+++ b/src/chrome/content/rules/MAC_Paper.com.xml
@@ -20,10 +20,11 @@ Fetch error: http://macpaper.com/ => https://secure.macpaper.com/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="MAC Paper.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MAC Paper.com (partial)" default_off="failed ruleset test">
 
 	<target host="macpaper.com" />
-	<target host="*.macpaper.com" />
+	<target host="secure.macpaper.com" />
+	<target host="www.macpaper.com" />
 
 
 	<securecookie host="^secure\.macpaper\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MADD-California.xml b/src/chrome/content/rules/MADD-California.xml
index 8a65a1e0a463..50d7e3611b3f 100644
--- a/src/chrome/content/rules/MADD-California.xml
+++ b/src/chrome/content/rules/MADD-California.xml
@@ -5,9 +5,9 @@ Fetch error: http://maddcalifornia.org/ => https://www.maddcalifornia.org/: (35,
 Fetch error: http://www.maddcalifornia.org/ => https://www.maddcalifornia.org/: (35, 'Unknown SSL protocol error in connection to www.maddcalifornia.org:443 ')
 
 -->
-<ruleset name="MADD California" default_off='failed ruleset test'>
+<ruleset name="MADD California" default_off="failed ruleset test">
 	<target host="maddcalifornia.org" />
 	<target host="www.maddcalifornia.org" />
 
 	<rule from="^http://(?:www\.)?maddcalifornia\.org/" to="https://www.maddcalifornia.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MARC.info.xml b/src/chrome/content/rules/MARC.info.xml
deleted file mode 100644
index a6bc3ed773ff..000000000000
--- a/src/chrome/content/rules/MARC.info.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="MARC.info">
-
-	<target host="marc.info" />
-	<target host="www.marc.info" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MARE-system.de.xml b/src/chrome/content/rules/MARE-system.de.xml
index 64a8fd053d8a..3745e3bde58d 100644
--- a/src/chrome/content/rules/MARE-system.de.xml
+++ b/src/chrome/content/rules/MARE-system.de.xml
@@ -7,7 +7,7 @@ Fetch error: http://mare-system.de/ => https://www.mare-system.de/: (60, 'SSL ce
 	^: Cert only matches www
 
 -->
-<ruleset name="MARE-system.de" default_off='failed ruleset test'>
+<ruleset name="MARE-system.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MARSocial.com.xml b/src/chrome/content/rules/MARSocial.com.xml
index db9c19b38213..12681362aea1 100644
--- a/src/chrome/content/rules/MARSocial.com.xml
+++ b/src/chrome/content/rules/MARSocial.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.marsocial.com/ => https://www.marsocial.com/: (28, 'Conn
 	* Not secured by us <= missing certificate chain
 
 -->
-<ruleset name="MARSocial.com" default_off='failed ruleset test'>
+<ruleset name="MARSocial.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MASSPIRG.xml b/src/chrome/content/rules/MASSPIRG.xml
index d3579a4107d2..09874dd763ed 100644
--- a/src/chrome/content/rules/MASSPIRG.xml
+++ b/src/chrome/content/rules/MASSPIRG.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?masspirg\.org/"
 		to="https://masspirg.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MASSPIRG_Education_Fund.xml b/src/chrome/content/rules/MASSPIRG_Education_Fund.xml
index d1b75dbf77e6..5d4732615273 100644
--- a/src/chrome/content/rules/MASSPIRG_Education_Fund.xml
+++ b/src/chrome/content/rules/MASSPIRG_Education_Fund.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?masspirgedfund\.org/"
 		to="https://masspirgedfund.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MASSPIRG_Students.xml b/src/chrome/content/rules/MASSPIRG_Students.xml
index 44e8658438f6..034b315025c1 100644
--- a/src/chrome/content/rules/MASSPIRG_Students.xml
+++ b/src/chrome/content/rules/MASSPIRG_Students.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?masspirgstudents\.org/"
 		to="https://masspirgstudents.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MAXROAM.xml b/src/chrome/content/rules/MAXROAM.xml
index 0bac73aa668b..eb7106dc6b69 100644
--- a/src/chrome/content/rules/MAXROAM.xml
+++ b/src/chrome/content/rules/MAXROAM.xml
@@ -1,7 +1,8 @@
 <ruleset name="MAXROAM (partial)">
 
 	<target host="maxroam.com" />
-	<target host="*.maxroam.com" />
+	<target host="www.maxroam.com" />
+	<target host="hostels.maxroam.com" />
 
 
 	<!--	Some pages redirect to http.	-->
diff --git a/src/chrome/content/rules/MAZDA_Web_Members.xml b/src/chrome/content/rules/MAZDA_Web_Members.xml
index ce85f7b882d8..180407254d96 100644
--- a/src/chrome/content/rules/MAZDA_Web_Members.xml
+++ b/src/chrome/content/rules/MAZDA_Web_Members.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.m-wm.com/ => https://www.m-wm.com/: (6, 'Could not resolve host: www.m-wm.com')
 
 -->
-<ruleset name="MAZDA Web Members" default_off='failed ruleset test'>
+<ruleset name="MAZDA Web Members" default_off="failed ruleset test">
 
 	<target host="www.m-wm.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MA_Legislature.gov.xml b/src/chrome/content/rules/MA_Legislature.gov.xml
deleted file mode 100644
index 327fd9c8d03f..000000000000
--- a/src/chrome/content/rules/MA_Legislature.gov.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-
-
-	www.malegislature.gov: Mismatched
-
--->
-<ruleset name="MA Legislature.gov">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="malegislature.gov" />
-
-	<!--	Complications:
-				-->
-	<target host="www.malegislature.gov" />
-
-
-	<rule from="^http://www\.malegislature\.gov/"
-		to="https://malegislature.gov/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MBC-Karlsruhe.de.xml b/src/chrome/content/rules/MBC-Karlsruhe.de.xml
new file mode 100644
index 000000000000..f56fb2b00404
--- /dev/null
+++ b/src/chrome/content/rules/MBC-Karlsruhe.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="MBC-Karlsruhe.de">
+
+	<target host="mbc-karlsruhe.de" />
+	<target host="www.mbc-karlsruhe.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MBSportsWeb.xml b/src/chrome/content/rules/MBSportsWeb.xml
index 682ba6afd753..723ace1146cf 100644
--- a/src/chrome/content/rules/MBSportsWeb.xml
+++ b/src/chrome/content/rules/MBSportsWeb.xml
@@ -14,7 +14,7 @@
 	<target host="mbsportsweb.ca" />
 	<target host="www.mbsportsweb.ca" />
 	<target host="mbsportsweb.com" />
-	<target host="*.mbsportsweb.com" />
+	<target host="www.mbsportsweb.com" />
 
 
 	<securecookie host="^\.mbsportsweb\.com$" name=".+" />
@@ -23,4 +23,4 @@
 	<rule from="^http://(www\.)?mbsportsweb\.c(?:a|om)/"
 		to="https://$1mbsportsweb.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MBank.xml b/src/chrome/content/rules/MBank.xml
index d674ea51bf0f..71a3903a42b4 100644
--- a/src/chrome/content/rules/MBank.xml
+++ b/src/chrome/content/rules/MBank.xml
@@ -49,7 +49,7 @@ Fetch error: http://ssl1.mbank.pl/ => https://ssl1.mbank.pl/: (60, 'SSL certific
 		- media.mbank.eu
 			- Presents cert for secure.netpr.pl.
 -->
-<ruleset name="mBank (partial)" default_off='failed ruleset test'>
+<ruleset name="mBank (partial)" default_off="failed ruleset test">
 
 	<target host="mbank.cz"/>
 	<target host="mbank.pl"/>
diff --git a/src/chrome/content/rules/MBnet.xml b/src/chrome/content/rules/MBnet.xml
index bacbbcd13c9b..662fcb9f89ee 100644
--- a/src/chrome/content/rules/MBnet.xml
+++ b/src/chrome/content/rules/MBnet.xml
@@ -13,7 +13,7 @@ Fetch error: http://webmail.mbnet.fi/ => https://webmail.mbnet.fi/: (7, 'Failed
 		- webmail.mbnet.fi
 
 -->
-<ruleset name="MBnet.fi (partial)" default_off='failed ruleset test'>
+<ruleset name="MBnet.fi (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MBuy.com.xml b/src/chrome/content/rules/MBuy.com.xml
index 56f8c7a9a724..d2d967c4e02f 100644
--- a/src/chrome/content/rules/MBuy.com.xml
+++ b/src/chrome/content/rules/MBuy.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://app.mbuy.com/ => https://app.mbuy.com/: (7, 'Failed to conne
 		- (www.)	(refused)
 
 -->
-<ruleset name="MBuy.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MBuy.com (partial)" default_off="failed ruleset test">
 
 	<target host="app.mbuy.com" />
 
@@ -18,4 +18,4 @@ Fetch error: http://app.mbuy.com/ => https://app.mbuy.com/: (7, 'Failed to conne
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MCLU.xml b/src/chrome/content/rules/MCLU.xml
index c4bcabdfd2cc..0555a04794f5 100644
--- a/src/chrome/content/rules/MCLU.xml
+++ b/src/chrome/content/rules/MCLU.xml
@@ -8,9 +8,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mclu.org/ => https://www.mclu.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.mclu.org/ => https://www.mclu.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Maine Civil Liberties Union" default_off='failed ruleset test'>
+<ruleset name="Maine Civil Liberties Union" default_off="failed ruleset test">
 	<target host="mclu.org" />
 	<target host="www.mclu.org" />
 
 	<rule from="^http://(?:www\.)?mclu\.org/" to="https://www.mclu.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MCM_Electronics.com.xml b/src/chrome/content/rules/MCM_Electronics.com.xml
index 1b373e740838..d39adcf03a34 100644
--- a/src/chrome/content/rules/MCM_Electronics.com.xml
+++ b/src/chrome/content/rules/MCM_Electronics.com.xml
@@ -31,4 +31,4 @@
 	<rule from="^http://(?:www\.)?mcmelectronics\.com/"
 		to="https://www.mcmelectronics.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MDC_US.com.xml b/src/chrome/content/rules/MDC_US.com.xml
deleted file mode 100644
index 3b1f3f43097c..000000000000
--- a/src/chrome/content/rules/MDC_US.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	CDN buckets:
-
-		- nebula.wsimg.com
-
--->
-<ruleset name="MDC US.com">
-
-	<target host="mdcus.com" />
-	<target host="www.mdcus.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MDR.de.xml b/src/chrome/content/rules/MDR.de.xml
new file mode 100644
index 000000000000..81ae42fb2019
--- /dev/null
+++ b/src/chrome/content/rules/MDR.de.xml
@@ -0,0 +1,105 @@
+<!--
+	Invalid certificate:
+		autodiscover.mdr.de
+		*.cast.mdr.de
+		event.mdr.de
+		gastwlan.mdr.de
+		live.mdr.de
+		liveevent1.mdr.de
+		liveevent2.mdr.de
+		livetvsachsen.mdr.de
+		livetvsachsenanhalt.mdr.de
+		livetvthueringen.mdr.de
+		mdm2.mdr.de
+		ondemand.mdr.de
+		ondemanddownload.mdr.de
+		ondemandgeo.mdr.de
+		ondemandstatic.mdr.de
+		pageflow-(image|static|video).mdr.de
+		sachsen-anhalt-live.mdr.de
+		sachen-live.mdr.de
+		teamwire.mdr.de
+		thueringen-live.mdr.de
+
+	Non-2xx HTTP code:
+		mdr-284290-0.sslcast.mdr.de
+		mdr-284320-0.sslcast.mdr.de
+		mdr-284350-0.sslcast.mdr.de
+
+	Refused:
+		data.mdr.de
+		dlvr.mdr.de
+		ucweb.mdr.de
+		hundertprozentich.mdr.de
+		klimakarte.mdr.de
+		livestream.mdr.de
+		m.mdr.de
+		mail.mdr.de
+		mediabox.mdr.de
+		www.mobil.mdr.de
+		stg2.mdr.de
+		sync.mdr.de
+		sync2.mdr.de
+		sync3.mdr.de
+		www-stg.mdr.de
+		www[1-4].mdr.de
+
+	Timeout:
+		esponse.mdr.de
+		ftp.mdr.de
+		hinkelstein.mdr.de
+		hinkelstein2.mdr.de
+		mobile.mdr.de
+		mx[1-3].mdr.de
+
+	Unable to get local issuer certificate:
+		ecs.mdr.de
+		sts.mdr.de
+-->
+<ruleset name="MDR.de">
+
+	<target host="mdr.de" />
+	<target host="www.mdr.de" />
+	<target host="100prozentich.mdr.de" />
+	<target host="app.mdr.de" />
+	<target host="avw.mdr.de" />
+	<target host="cdn.mdr.de" />
+	<target host="ellen.mdr.de" />
+	<target host="ellen-dev.mdr.de" />
+	<target host="ellen2.mdr.de" />
+	<target host="entwicklungslabor.mdr.de" />
+	<target host="frequenzsuche.mdr.de" />
+	<target host="frequenzsuchetest.mdr.de" />
+	<target host="git.mdr.de" />
+	<target host="heuteimosten.mdr.de" />
+	<target host="incontrol.mdr.de" />
+	<target host="intraportal.mdr.de" />
+	<target host="intraportaldev.mdr.de" />
+	<target host="isec.mdr.de" />
+	<target host="kandidatencheck.mdr.de" />
+	<target host="kinder.mdr.de" />
+	<target host="kommentare.mdr.de" />
+	<target host="kommentare-live.mdr.de" />
+	<target host="listserver.mdr.de" />
+	<target host="lyncjoin.mdr.de" />
+	<target host="mdm.mdr.de" />
+	<target host="mdm3.mdr.de" />
+	<target host="mftweb1.mdr.de" />
+	<target host="origin.mdr.de" />
+	<target host="owasvc.mdr.de" />
+	<target host="reportage.mdr.de" />
+	<target host="search.mdr.de" />
+	<target host="secure.mdr.de" />
+	<target host="securemail.mdr.de" />
+	<target host="sip.mdr.de" />
+	<target host="sommer88.mdr.de" />
+	<target host="topoftheday.mdr.de" />
+	<target host="volo.mdr.de" />
+	<target host="wahlzone.mdr.de" />
+	<target host="worldskills.mdr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MDTS.xml b/src/chrome/content/rules/MDTS.xml
deleted file mode 100644
index a33e49a38ffa..000000000000
--- a/src/chrome/content/rules/MDTS.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="MDTS">
-
-	<target host="mdts.uk.com" />
-
-
-	<securecookie host="^mdts\.uk\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MEBank.xml b/src/chrome/content/rules/MEBank.xml
index 59ecc8ba3a3b..2600c0525e0e 100644
--- a/src/chrome/content/rules/MEBank.xml
+++ b/src/chrome/content/rules/MEBank.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MEPS-FPX.com.my.xml b/src/chrome/content/rules/MEPS-FPX.com.my.xml
new file mode 100644
index 000000000000..1fce1b7863c5
--- /dev/null
+++ b/src/chrome/content/rules/MEPS-FPX.com.my.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional subdomains:
+		- uatdemo	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="MEPS FPX.com.my">
+
+	<target host="mepsfpx.com.my" />
+	<target host="www.mepsfpx.com.my" />
+	<target host="uat.mepsfpx.com.my" />
+	<target host="uatwv.mepsfpx.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MERY.jp.xml b/src/chrome/content/rules/MERY.jp.xml
index 8584a8c27594..9aecb60bd1fe 100644
--- a/src/chrome/content/rules/MERY.jp.xml
+++ b/src/chrome/content/rules/MERY.jp.xml
@@ -5,7 +5,7 @@ Fetch error: http://mery.jp/ => https://mery.jp/: (60, 'SSL certificate problem:
 Fetch error: http://www.mery.jp/ => https://www.mery.jp/: (6, 'Could not resolve host: www.mery.jp')
 
 -->
-<ruleset name="MERY.jp" default_off='failed ruleset test'>
+<ruleset name="MERY.jp" default_off="failed ruleset test">
 
 	<target host="assets.mery.jp" />
 	<target host="bravo.mery.jp" />
diff --git a/src/chrome/content/rules/MESO-Rx.xml b/src/chrome/content/rules/MESO-Rx.xml
index 27e830d48415..88189014db93 100644
--- a/src/chrome/content/rules/MESO-Rx.xml
+++ b/src/chrome/content/rules/MESO-Rx.xml
@@ -25,7 +25,7 @@ Non-2xx HTTP code: http://www.thinksteroids.com/ (200) => https://www.thinkstero
 			- cdn-ru.thinksteroids.com
 
 -->
-<ruleset name="MESO-Rx" default_off='failed ruleset test'>
+<ruleset name="MESO-Rx" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -43,12 +43,9 @@ Non-2xx HTTP code: http://www.thinksteroids.com/ (200) => https://www.thinkstero
 	<target host="static.thinksteroids.com" />
 
 
-	<securecookie host="^(?:.*\.)?thinksteroids\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://cdn\.thinksteroids\.com/"
-		to="https://d1uxx6tvzy89fj.cloudfront.net/" />
-
 	<rule from="^http://cdn-ru\.thinksteroids\.com/"
 		to="https://ru.thinksteroids.com/" />
 
diff --git a/src/chrome/content/rules/METEO.PL.xml b/src/chrome/content/rules/METEO.PL.xml
new file mode 100644
index 000000000000..56e1e25c7c0b
--- /dev/null
+++ b/src/chrome/content/rules/METEO.PL.xml
@@ -0,0 +1,14 @@
+<ruleset name="METEO.PL">
+	<target host="meteo.pl" />
+	<target host="www.meteo.pl" />
+	<target host="biznes.meteo.pl" />
+	<target host="faq.meteo.pl" />
+	<target host="m.meteo.pl" />
+	<target host="maps.meteo.pl" />
+	<target host="mapy.meteo.pl" />
+	<target host="nowe.meteo.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MGID.com.xml b/src/chrome/content/rules/MGID.com.xml
index c91444702811..5af1018e08ee 100644
--- a/src/chrome/content/rules/MGID.com.xml
+++ b/src/chrome/content/rules/MGID.com.xml
@@ -73,14 +73,30 @@
 -->
 <ruleset name="MGID.com (partial)">
 
-	<target host="*.dt00.net" />
+	<target host="img.dt00.net" />
+	<target host="imgn.dt00.net" />
+	<target host="jsc.dt00.net" />
+	<target host="oth.dt00.net" />
 		<!--
 			Not identical to mgid.com:
 						-->
 		<exclusion pattern="^http://imgn\.dt00\." />
-	<target host="*.dt07.net" />
+	<target host="img.dt07.net" />
+	<target host="imgn.dt07.net" />
+	<target host="jsc.dt07.net" />
+	<target host="oth.dt07.net" />
+	<target host="admin.dt07.net" />
+	<target host="admin4.dt07.net" />
 	<target host="mgid.com" />
-	<target host="*.mgid.com" />
+	<target host="img.mgid.com" />
+	<target host="imgn.mgid.com" />
+	<target host="jsc.mgid.com" />
+	<target host="oth.mgid.com" />
+	<target host="dashboard.mgid.com" />
+	<target host="freelance.mgid.com" />
+	<target host="my.mgid.com" />
+	<target host="usr.mgid.com" />
+	<target host="www.mgid.com" />
 
 
 	<!--	Not secured by server:
@@ -94,10 +110,7 @@
 	<rule from="^http://(imgn?|jsc|oth)\.(?:dt0[07]\.net|mgid\.com)/"
 		to="https://$1.mgid.com/" />
 
-	<rule from="^http://admin(4)?\.dt07\.net/"
-		to="https://admin$1.dt07.net/" />
 
-	<rule from="^http://((?:dashboard|freelance|my|usr|www)\.)?mgid\.com/"
-		to="https://$1mgid.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MIC-Gadget.xml b/src/chrome/content/rules/MIC-Gadget.xml
deleted file mode 100644
index f2479e57b1c0..000000000000
--- a/src/chrome/content/rules/MIC-Gadget.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- images.micgadget.com.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(cert: store; shows directory listing)
-
--->
-<ruleset name="M.I.C. Gadget (partial)">
-
-	<target host="*.micgadget.com" />
-
-
-	<securecookie host="^\.store\.micgadget\.com$" name=".+" />
-
-
-
-	<rule from="^http://images\.micgadget\.com/"
-		to="https://s3.amazonaws.com/images.micgadget.com/" />
-
-	<rule from="^http://store\.micgadget\.com/"
-		to="https://store.micgadget.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MICGadget.com.xml b/src/chrome/content/rules/MICGadget.com.xml
new file mode 100644
index 000000000000..9052d06c3651
--- /dev/null
+++ b/src/chrome/content/rules/MICGadget.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="MICGadget.com">
+	<target host="micgadget.com" />
+	<target host="www.micgadget.com" />
+	<target host="store.micgadget.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIMS.xml b/src/chrome/content/rules/MIMS.xml
index 6259983bd872..55fc195e8bbd 100644
--- a/src/chrome/content/rules/MIMS.xml
+++ b/src/chrome/content/rules/MIMS.xml
@@ -13,7 +13,7 @@ Non-2xx HTTP code: http://www.mims.com.tw/ (200) => https://www.mims.com.tw/ (50
 		- mims.com
 			- pubmiddleware		(timeout)
 -->
-<ruleset name="MIMS (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="MIMS (partial)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.mims.com" />
 	<target host="mims.com" />
 	<target host="www.cimsasia.com" />
diff --git a/src/chrome/content/rules/MINV.sk.xml b/src/chrome/content/rules/MINV.sk.xml
new file mode 100644
index 000000000000..1811063c7156
--- /dev/null
+++ b/src/chrome/content/rules/MINV.sk.xml
@@ -0,0 +1,16 @@
+<!--
+Ministry of Interior of the Slovak Republic
+
+certificate mismatch:
+	minv.sk
+-->
+<ruleset name="MINV.sk">
+	<target host="minv.sk" />
+	<target host="www.minv.sk" />
+	<target host="portal.minv.sk" />
+
+	<rule from="^http://minv\.sk/"
+		to="https://www.minv.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MIUI.com.xml b/src/chrome/content/rules/MIUI.com.xml
index a8250f732aa3..34874084eca8 100644
--- a/src/chrome/content/rules/MIUI.com.xml
+++ b/src/chrome/content/rules/MIUI.com.xml
@@ -1,39 +1,47 @@
 <!--
-	For other domains belong to xiaomi, see Xiaomi.com.xml
+	For other domains belong to Xiaomi, see Xiaomi.com.xml
 
-	Drop:
-		^miui.com
-		bbs.miui.com
-		hk.miui.com
+	404:
+		^
 
-	MCB:
-		video.browser.miui.com
-		webapp.browser.miui.com
-
-	Mismatch:
-		www.miui.com	( equal to ^ )
-		api.bbs.miui.com
-		attach.bbs.miui.com
-		avatar.bbs.miui.com
-		embed.bbs.miui.com
-		static.bbs.miui.com
-		translate.miui.com
+	Expired:
+		https://static.bbs.miui.com
 
-	No secure protocols supported
-		geek.miui.com
-		kong.miui.com
+	Invalid certificate:
+		https://bbs.miui.com
+		https://embed.bbs.miui.com
+		https://geek.miui.com
 
-	Redirect to http:
-		en.miui.com
-		tw.miui.com
-		live.miui.com
+	MCB:
+		https://video.browser.miui.com
+		https://webapp.browser.miui.com
 -->
 <ruleset name="MIUI.com">
+	<target host="miui.com" />
+	<target host="www.miui.com" />
+	<target host="api.bbs.miui.com" />
+	<target host="attach.bbs.miui.com" />
+		<test url="http://attach.bbs.miui.com/common/6d/common_331_icon.png" />
+	<target host="avatar.bbs.miui.com" />
+		<test url="http://avatar.bbs.miui.com/data/avatar/000/00/00/00_avatar_small.jpg" />
+		<test url="http://avatar.bbs.miui.com/data/avatar/noavatar_small.gif" />
+	<target host="embed.bbs.miui.com" />
 	<target host="news.browser.miui.com" />
+	<target host="bigota.d.miui.com" />
+	<target host="en.miui.com" />
+	<target host="hk.miui.com" />
 	<target host="testit.miui.com" />
+	<target host="tw.miui.com" />
 	<target host="rs.vip.miui.com" />
 	<target host="web.vip.miui.com" />
-		<test url="http://web.vip.miui.com/page/packet2017#main_page" />
+		<test url="http://web.vip.miui.com/page/packet2017" />
+
+	<rule from="^http://miui\.com/" to="https://www.miui.com/" />
 
+	<rule from="^http://embed\.bbs\.miui\.com/" to="https://www.miui.com/" />
+		<test url="http://embed.bbs.miui.com/download.html" />
+		<test url="http://embed.bbs.miui.com/thread-14022542-1-1.html" />
+		<test url="http://embed.bbs.miui.com/index.php?29961042" />
+	
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MJG_International.xml b/src/chrome/content/rules/MJG_International.xml
index fc890972b728..58a3313288ad 100644
--- a/src/chrome/content/rules/MJG_International.xml
+++ b/src/chrome/content/rules/MJG_International.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mjg.in/ => https://mjg.in/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.mjg.in/ => https://www.mjg.in/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="MJG International" default_off='failed ruleset test'>
+<ruleset name="MJG International" default_off="failed ruleset test">
 
 	<target host="mjg.in" />
 	<target host="www.mjg.in" />
@@ -19,4 +19,4 @@ Fetch error: http://www.mjg.in/ => https://www.mjg.in/: (60, 'SSL certificate pr
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MK2.com.xml b/src/chrome/content/rules/MK2.com.xml
index 864ba8b3808e..7c87b2b6e492 100644
--- a/src/chrome/content/rules/MK2.com.xml
+++ b/src/chrome/content/rules/MK2.com.xml
@@ -24,14 +24,14 @@
 -->
 
 <ruleset name="MK2 (partial)">
-  
+
 	<target host="mk2.com" />
 	<target host="www.mk2.com" />
 	<target host="api.mk2.com" />
 	<target host="m.mk2.com" />
 	<target host="nuitnoire.mk2.com" />
 	<target host="preprod.mk2.com" />
-  
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/MLPchan.net.xml b/src/chrome/content/rules/MLPchan.net.xml
deleted file mode 100644
index b15ca4038bcf..000000000000
--- a/src/chrome/content/rules/MLPchan.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="MLPchan.net">
-
-	<target host="mlpchan.net" />
-	<target host="www.mlpchan.net" />
-
-
-	<securecookie host="^\.mlpchan\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MLSec_Project.org.xml b/src/chrome/content/rules/MLSec_Project.org.xml
index bdc6d202f427..5685878521c6 100644
--- a/src/chrome/content/rules/MLSec_Project.org.xml
+++ b/src/chrome/content/rules/MLSec_Project.org.xml
@@ -16,7 +16,7 @@ Fetch error: http://mlsecproject.org/ => https://mlsecproject.org/: (28, 'Connec
 		- www.mlsecproject.org
 
 -->
-<ruleset name="MLSec Project.org (partial)" default_off='failed ruleset test'>
+<ruleset name="MLSec Project.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MLno6.com.xml b/src/chrome/content/rules/MLno6.com.xml
index ff1b9c975040..91c49afd2f50 100644
--- a/src/chrome/content/rules/MLno6.com.xml
+++ b/src/chrome/content/rules/MLno6.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.mlno6.com/ => https://www.mlno6.com/: (60, 'SSL certific
 	Web bugs.
 
 -->
-<ruleset name="MLno6.com" default_off='failed ruleset test'>
+<ruleset name="MLno6.com" default_off="failed ruleset test">
 
 	<target host="mlno6.com" />
 	<target host="www.mlno6.com" />
@@ -21,4 +21,4 @@ Fetch error: http://www.mlno6.com/ => https://www.mlno6.com/: (60, 'SSL certific
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MMAHQ.xml b/src/chrome/content/rules/MMAHQ.xml
index 6dd78db60b2d..139d945b4238 100644
--- a/src/chrome/content/rules/MMAHQ.xml
+++ b/src/chrome/content/rules/MMAHQ.xml
@@ -16,7 +16,7 @@
 <ruleset name="MMAHQ">
 
 	<target host="mmahq.com" />
-	<target host="*.mmahq.com" />
+	<target host="www.mmahq.com" />
 
 
 	<securecookie host="^(?:www)?\.mmahq\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MMOGA.xml b/src/chrome/content/rules/MMOGA.xml
index 21918256ef06..86c2b456fbf0 100644
--- a/src/chrome/content/rules/MMOGA.xml
+++ b/src/chrome/content/rules/MMOGA.xml
@@ -1,15 +1,16 @@
 <ruleset name="MMOGA">
 
 	<target host="mmoga.com" />
-	<target host="*.mmoga.com" />
 	<target host="mmoga.de" />
-	<target host="*.mmoga.de" />
+	<target host="blog.mmoga.com" />
+	<target host="blog.mmoga.de" />
+	<target host="www.mmoga.com" />
+	<target host="www.mmoga.de" />
 
 
 	<securecookie host="^\.mmoga\.(?:com|de)$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?mmoga\.(com|de)/"
-		to="https://$1mmoga.$2/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MMO_Culture.xml b/src/chrome/content/rules/MMO_Culture.xml
index 138f336a3576..6197fcf50b6c 100644
--- a/src/chrome/content/rules/MMO_Culture.xml
+++ b/src/chrome/content/rules/MMO_Culture.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MOBIUS_Catalog.xml b/src/chrome/content/rules/MOBIUS_Catalog.xml
index 21a88b856440..222f9a896882 100644
--- a/src/chrome/content/rules/MOBIUS_Catalog.xml
+++ b/src/chrome/content/rules/MOBIUS_Catalog.xml
@@ -8,13 +8,11 @@
 <ruleset name="MOBIUS Catalog">
 
 	<target host="searchmobius.org" />
-	<target host="*.searchmobius.org" />
 
 
 	<securecookie host="^\.?searchmobius\.org$" name=".+" />
 
 
-	<rule from="^http://searchmobius\.org/"
-		to="https://searchmobius.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MORryde.com.xml b/src/chrome/content/rules/MORryde.com.xml
new file mode 100644
index 000000000000..14493b77260d
--- /dev/null
+++ b/src/chrome/content/rules/MORryde.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Active mixed content:
+		- www.morryde.com, e.g. www.morryde.com/find-a-dealer
+
+	Invalid certificate:
+		- webapps.morryde.com
+
+	Wildcard DNS records:
+		- *.morryde.com
+-->
+
+<ruleset name="MORryde.com" platform="mixedcontent">
+	<target host="morryde.com" />
+	<target host="www.morryde.com" />
+	<target host="m.morryde.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MPlayer.xml b/src/chrome/content/rules/MPlayer.xml
index 19eb377010af..c6b5f897261d 100644
--- a/src/chrome/content/rules/MPlayer.xml
+++ b/src/chrome/content/rules/MPlayer.xml
@@ -13,7 +13,7 @@ Fetch error: http://bugzilla.mplayerhq.hu/ => https://bugzilla.mplayerhq.hu/: (7
 	ʳ Refused
 
 -->
-<ruleset name="MPlayer" default_off='failed ruleset test'>
+<ruleset name="MPlayer" default_off="failed ruleset test">
 
 	<target host="mplayerhq.hu" />
 	<target host="bugzilla.mplayerhq.hu" />
diff --git a/src/chrome/content/rules/MQTT.org.xml b/src/chrome/content/rules/MQTT.org.xml
new file mode 100644
index 000000000000..d554eb894253
--- /dev/null
+++ b/src/chrome/content/rules/MQTT.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- webmail.mqtt.org
+		- www.webmail.mqtt.org
+-->
+
+<ruleset name="MQTT.org">
+	<target host="mqtt.org" />
+	<target host="www.mqtt.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MR_PORTER.xml b/src/chrome/content/rules/MR_PORTER.xml
index bd185a2881e7..b05feb243506 100644
--- a/src/chrome/content/rules/MR_PORTER.xml
+++ b/src/chrome/content/rules/MR_PORTER.xml
@@ -6,10 +6,12 @@ Non-2xx HTTP code: http://mrporter.com/ (200) => https://www.mrporter.com/ (403)
 	!www: cert only matches www.
 
 -->
-<ruleset name="MR PORTER" default_off='failed ruleset test'>
+<ruleset name="MR PORTER" default_off="failed ruleset test">
 
 	<target host="mrporter.com" />
-	<target host="*.mrporter.com" />
+	<target host="www.mrporter.com" />
+	<target host="cache.mrporter.com" />
+	<target host="www-lt.mrporter.com" />
 
 
 	<securecookie host="^\.?www\.mrporter\.com$" name=".+" />
@@ -18,7 +20,6 @@ Non-2xx HTTP code: http://mrporter.com/ (200) => https://www.mrporter.com/ (403)
 	<rule from="^http://(?:www\.)?mrporter\.com/"
 		to="https://www.mrporter.com/" />
 
-	<rule from="^http://(cache|www-lt)\.mrporter\.com/"
-		to="https://$1.mrporter.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MSDN.xml b/src/chrome/content/rules/MSDN.xml
index 7286941380aa..c885ccd523b9 100644
--- a/src/chrome/content/rules/MSDN.xml
+++ b/src/chrome/content/rules/MSDN.xml
@@ -1,7 +1,5 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://public.create.msdn.com/assets/ (200) => https://www.create.msdn.com/assets/ (403)
 
 	For other Microsoft coverage, see Microsoft.xml.
 
@@ -21,19 +19,14 @@ Non-2xx HTTP code: http://public.create.msdn.com/assets/ (200) => https://www.cr
 		- media.ch9.ms			(CN: *.sharepointonline.com; 400)
 		- files.channel9.msdn.com	(400; CN: *.vo.msecnd.net)
 
-
-	Partially covered msdn.com subdomains:
-
 		- public.create
+		- profile.create
 
 
 	Fully covered msdn.com subdomains:
-
-		- i1.blogs
+		- www
 		- channel9
 
-		- profile.create
-
 
 	Insecure cookies are set for these hosts:
 
@@ -53,38 +46,17 @@ Non-2xx HTTP code: http://public.create.msdn.com/assets/ (200) => https://www.cr
 	* Secured by us
 
 -->
-<ruleset name="MSDN.com (partial)" default_off='failed ruleset test'>
+
+<ruleset name="MSDN.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
+	<target host="msdn.com" />
+	<target host="www.msdn.com" />
 	<target host="channel9.msdn.com" />
 
-	<target host="profile.create.msdn.com" />
 	<!--target host="www.create.msdn.com" /-->
 
-	<!--	Complications:
-				-->
-	<target host="i1.blogs.msdn.com" />
-	<target host="public.create.msdn.com" />
-
-		<!--	https://trac.torproject.org/projects/tor/ticket/8778
-										-->
-		<!--exclusion pattern="^http://blogs\.msdn\.com/" /-->
-
-		<!--	403:
-				-->
-		<!--exclusion pattern="^http://www\.create\.msdn\.com/$" /-->
-
-		<exclusion pattern="^http://public\.create\.msdn\.com/(?!assets/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://public.create.msdn.com/Feeds/CcoFeeds.svc/CmsFeed" />
-
-			<!--	-ve:
-					-->
-			<test url="http://public.create.msdn.com/assets/" />
-
 
 	<!--	Not secured by server:
 					-->
@@ -97,20 +69,8 @@ Non-2xx HTTP code: http://public.create.msdn.com/assets/ (200) => https://www.cr
 			- blogs
 			- forums.create
 					-->
-	<securecookie host="^.+\.msdn\.com$" name=".+" />
-
-
-	<!--	i1: Akamai
-				-->
-	<rule from="^http://i1\.blogs\.msdn\.com/"
-		to="https://blogs.msdn.com/" />
-
-	<!--	Cert doesn't match public
-						-->
-	<rule from="^http://public\.create\.msdn\.com/"
-		to="https://www.create.msdn.com/" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MSF-Online.com.xml b/src/chrome/content/rules/MSF-Online.com.xml
new file mode 100644
index 000000000000..38ec445973c4
--- /dev/null
+++ b/src/chrome/content/rules/MSF-Online.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MSF-Online.com" platform="mixedcontent">
+	<target host="msf-online.com" />
+	<target host="www.msf-online.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MSN.xml b/src/chrome/content/rules/MSN.xml
index 340b732953a1..eb5b3a43bac8 100644
--- a/src/chrome/content/rules/MSN.xml
+++ b/src/chrome/content/rules/MSN.xml
@@ -234,7 +234,7 @@
 	<securecookie host="^\.msn\.com$" name="^(?:MUID|s_\w+)$" />
 	<!--securecookie host="^\.msn\.com$" name="(cbus|Sample)$" /-->
 	<securecookie host="^(?:\.c|now|preview|\.bat\.r)\.msn\.com$" name=".+" />
-	
+
 	<rule from="^http://c\.jp\.msn\.com/"
 		  to="https://c.msn.co.jp/" />
 
diff --git a/src/chrome/content/rules/MTAC.xml b/src/chrome/content/rules/MTAC.xml
index bddbf1c5207c..f7c6dab5c5f7 100644
--- a/src/chrome/content/rules/MTAC.xml
+++ b/src/chrome/content/rules/MTAC.xml
@@ -5,7 +5,7 @@ Fetch error: http://mtac.org/ => https://www.mtac.org/: Cycle detected - URL alr
 <ruleset name="Music Teachers' Association of California">
 
 	<target host="mtac.org"/>
-	<target host="*.mtac.org"/>
+	<target host="www.mtac.org" />
 
 	<rule from="^http://(?:www\.)?mtac\.org/"
 		to="https://www.mtac.org/"/>
diff --git a/src/chrome/content/rules/MTCCC.com.xml b/src/chrome/content/rules/MTCCC.com.xml
new file mode 100644
index 000000000000..68e5b0835c9d
--- /dev/null
+++ b/src/chrome/content/rules/MTCCC.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Chain issue, missing intermediate:
+		- employee.mtccc.com
+
+	Connection refused:
+		- blog.mtccc.com
+-->
+
+<ruleset name="MTCCC.com">
+	<target host="mtccc.com" />
+	<target host="www.mtccc.com" />
+	<target host="iebms.mtccc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MVG-mobil.de.xml b/src/chrome/content/rules/MVG-mobil.de.xml
index 107cdedcbe0f..3cb19401417e 100644
--- a/src/chrome/content/rules/MVG-mobil.de.xml
+++ b/src/chrome/content/rules/MVG-mobil.de.xml
@@ -13,7 +13,7 @@
 	<securecookie host="^www\.mvg-mobil\.de$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?mvg-mobile\.de/"
-		to="https://www.mvg-mobile.de/" />
+	<rule from="^http://(?:www\.)?mvg-mobil\.de/"
+		to="https://www.mvg.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MVP_National_Title.xml b/src/chrome/content/rules/MVP_National_Title.xml
index ddaf1eec117f..e1041e95f808 100644
--- a/src/chrome/content/rules/MVP_National_Title.xml
+++ b/src/chrome/content/rules/MVP_National_Title.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MYEDDEBT.com.xml b/src/chrome/content/rules/MYEDDEBT.com.xml
deleted file mode 100644
index 17f08d086d03..000000000000
--- a/src/chrome/content/rules/MYEDDEBT.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://myeddebt.com/ => https://www.myeddebt.com/: (28, 'Connection timed out after 20002 milliseconds')
-Fetch error: http://www.myeddebt.com/ => https://www.myeddebt.com/: (28, 'Connection timed out after 20001 milliseconds')
-
-Automatically by https-everywhere-checker because:
-Fetch error: http://myeddebt.com/ => https://www.myeddebt.com/: (51, "SSL: no alternative certificate subject name matches target host name 'myeddebt.com'")
--->
-<ruleset name="MYEDDEBT.com" default_off='failed ruleset test'>
-	<target host="myeddebt.com" />
-	<target host="www.myeddebt.com" />
-
-	<securecookie host="(?:^|\.)myeddebt\.com$" name=".+" />
-
-	<rule from="^(?:http://(?:www\.)?|https://)myeddebt\.com/" to="https://www.myeddebt.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/MYOB.com.xml b/src/chrome/content/rules/MYOB.com.xml
index 875d93123e4b..d45217932809 100644
--- a/src/chrome/content/rules/MYOB.com.xml
+++ b/src/chrome/content/rules/MYOB.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://myob.com/ => https://myob.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="MYOB.com" default_off='failed ruleset test'>
+<ruleset name="MYOB.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MacArthur_Foundation.xml b/src/chrome/content/rules/MacArthur_Foundation.xml
index 0fc54d9de7e9..2d87b3528b2d 100644
--- a/src/chrome/content/rules/MacArthur_Foundation.xml
+++ b/src/chrome/content/rules/MacArthur_Foundation.xml
@@ -21,7 +21,7 @@ Fetch error: http://owa.macfound.org/ => https://owa.macfound.org/: (51, "SSL: n
 	* Secured by us
 
 -->
-<ruleset name="MacFound.org (partial)" default_off='failed ruleset test'>
+<ruleset name="MacFound.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MacPorts.org.xml b/src/chrome/content/rules/MacPorts.org.xml
index bda80e1a8d5d..eb20f1479ba1 100644
--- a/src/chrome/content/rules/MacPorts.org.xml
+++ b/src/chrome/content/rules/MacPorts.org.xml
@@ -1,29 +1,89 @@
 <!--
-	Insecure cookies are set for these hosts:
+	Non-functional hosts
+		Couldn't connect to server:
+		- jog.id.distfiles.macports.org
+		- jog.id.packages.macports.org
 
-		- trac.macports.org
+		Timeout was reached:
+		- cjj.kr.distfiles.macports.org
+		- nou.nc.distfiles.macports.org
+		- aus.us.distfiles.macports.org
+		- nou.nc.packages.macports.org
+		- cjj.kr.rsync.macports.org
 
+		SSL peer certificate was not OK:
+		- build2.macports.org
+		- aarnet.au.distfiles.macports.org
+		- ykf.ca.distfiles.macports.org
+		- nue.de.distfiles.macports.org
+		- her.gr.distfiles.macports.org
+		- fco.it.distfiles.macports.org
+		- osl.no.distfiles.macports.org
+		- mse.uk.distfiles.macports.org
+		- jnb.za.distfiles.macports.org
+		- distfiles-origin.macports.org
+		- mail.macports.org
+		- man-origin.macports.org
+		- nerv.macports.org
+		- nue.de.packages.macports.org
+		- her.gr.packages.macports.org
+		- fco.it.packages.macports.org
+		- osl.no.packages.macports.org
+		- mse.uk.packages.macports.org
+		- jnb.za.packages.macports.org
+		- packages-origin.macports.org
+		- rsync.macports.org
+		- nue.de.rsync.macports.org
+		- rsync-origin.macports.org
+		- trac-origin.macports.org
+		- webapp.macports.org
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- cph.dk.distfiles.macports.org
+		- cph.dk.packages.macports.org
+
+		4xx client error:
+		- distfiles-private.macports.org
+		- distfiles-private-origin.macports.org
+		- packages-private.macports.org
+		- packages-private-origin.macports.org
+
+		Empty reply from server:
+		- pek.cn.distfiles.macports.org
+		- pek.cn.packages.macports.org
+		- pek.cn.rsync.macports.org
 -->
 <ruleset name="MacPorts.org">
-
-	<!--	Direct rewrites:
-				-->
 	<target host="macports.org" />
+	<target host="www.macports.org" />
+	<target host="braeburn.macports.org" />
+	<target host="build.macports.org" />
+	<target host="chat.macports.org" />
 	<target host="distfiles.macports.org" />
+	<target host="ywg.ca.distfiles.macports.org" />
+	<target host="lil.fr.distfiles.macports.org" />
+	<target host="kmq.jp.distfiles.macports.org" />
 	<target host="guide.macports.org" />
+	<target host="guide-origin.macports.org" />
+	<target host="guide-test.macports.org" />
+	<target host="infra.macports.org" />
+	<target host="lists.macports.org" />
+	<target host="man.macports.org" />
+	<target host="packages.macports.org" />
+	<target host="ywg.ca.packages.macports.org" />
+	<target host="lil.fr.packages.macports.org" />
+	<target host="kmq.jp.packages.macports.org" />
+	<target host="paste.macports.org" />
+	<target host="ports.macports.org" />
+	<target host="ywg.ca.rsync.macports.org" />
 	<target host="svn.macports.org" />
+	<target host="svn-test.macports.org" />
 	<target host="trac.macports.org" />
-	<target host="www.macports.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^trac\.macports\.org$" name="^trac_(?:form_token|session)" /-->
+	<target host="trac-test.macports.org" />
+	<target host="www-origin.macports.org" />
+	<target host="www-test.macports.org" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MacRuby.org.xml b/src/chrome/content/rules/MacRuby.org.xml
index 18a8fa8d785f..ec2b496df97c 100644
--- a/src/chrome/content/rules/MacRuby.org.xml
+++ b/src/chrome/content/rules/MacRuby.org.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.macruby.org/ => https://www.macruby.org/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://macruby.org/ => https://www.macruby.org/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="MacRuby" default_off='failed ruleset test'>
+<ruleset name="MacRuby" default_off="failed ruleset test">
   <target host="www.macruby.org" />
   <target host="macruby.org" />
 
diff --git a/src/chrome/content/rules/MacWorld.com.au.xml b/src/chrome/content/rules/MacWorld.com.au.xml
deleted file mode 100644
index ee9cb4753253..000000000000
--- a/src/chrome/content/rules/MacWorld.com.au.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Refused:
-		- ^
-		- www
-
-	Mismatched:
-		- cdn (CN: *.cloudfront.net)
--->
-
-<ruleset name="MacWorld.com.au (partial)">
-	<target host="mresell.macworld.com.au" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MacaInfo.org.xml b/src/chrome/content/rules/MacaInfo.org.xml
index e09feeddcf9c..59282637ca4e 100644
--- a/src/chrome/content/rules/MacaInfo.org.xml
+++ b/src/chrome/content/rules/MacaInfo.org.xml
@@ -4,10 +4,10 @@
 		- ^	(times out)
 
 -->
-<ruleset name="MacaInfo.org" default_off='mismatch'>
+<ruleset name="MacaInfo.org" default_off="mismatch">
 
 	<target host="macainfo.org" />
-	<target host="*.macainfo.org" />
+	<target host="www.macainfo.org" />
 
 
 	<securecookie host="^\.macainfo\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Macfarlane_Packaging.com.xml b/src/chrome/content/rules/Macfarlane_Packaging.com.xml
index 096e422e01bb..a604d5531d74 100644
--- a/src/chrome/content/rules/Macfarlane_Packaging.com.xml
+++ b/src/chrome/content/rules/Macfarlane_Packaging.com.xml
@@ -12,7 +12,7 @@
 <ruleset name="Macfarlane Packaging.com">
 
 	<target host="macfarlanepackaging.com" />
-	<target host="*.macfarlanepackaging.com" />
+	<target host="www.macfarlanepackaging.com" />
 
 
 	<securecookie host="^(?:[.w]*\.)?macfarlanepackaging\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Macgamestore.com.xml b/src/chrome/content/rules/Macgamestore.com.xml
index 13ef74d27c35..3494a2776f96 100644
--- a/src/chrome/content/rules/Macgamestore.com.xml
+++ b/src/chrome/content/rules/Macgamestore.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://macgamestore.com/ => https://macgamestore.com/: (60, 'SSL ce
 Fetch error: http://www.macgamestore.com/ => https://www.macgamestore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Macgamestore.com" default_off='failed ruleset test'>
+<ruleset name="Macgamestore.com" default_off="failed ruleset test">
   <target host="macgamestore.com" />
   <target host="www.macgamestore.com" />
 
diff --git a/src/chrome/content/rules/Machines_Like_Us.xml b/src/chrome/content/rules/Machines_Like_Us.xml
index 413064925b0a..1ecdd59a097f 100644
--- a/src/chrome/content/rules/Machines_Like_Us.xml
+++ b/src/chrome/content/rules/Machines_Like_Us.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.machineslikeus.com/ => https://machineslikeus.com/: (7,
 	Cert doesn't match www.
 
 -->
-<ruleset name="Machines Like Us" default_off='failed ruleset test'>
+<ruleset name="Machines Like Us" default_off="failed ruleset test">
 
 	<target host="machineslikeus.com" />
 	<target host="www.machineslikeus.com" />
diff --git a/src/chrome/content/rules/Mad_Mimi.com.xml b/src/chrome/content/rules/Mad_Mimi.com.xml
index 256f0e155975..12a667f16b75 100644
--- a/src/chrome/content/rules/Mad_Mimi.com.xml
+++ b/src/chrome/content/rules/Mad_Mimi.com.xml
@@ -36,7 +36,10 @@
 <ruleset name="Mad Mimi.com (partial)">
 
 	<target host="madmimi.com" />
-	<target host="*.madmimi.com" />
+	<target host="api.madmimi.com" />
+	<target host="billing.madmimi.com" />
+	<target host="go.madmimi.com" />
+	<target host="www.madmimi.com" />
 
 
 	<!--	Secured by server
@@ -48,7 +51,6 @@
 	<securecookie host="^(?:api|billing)?\.madmimi\.com$" name=".+" />
 
 
-	<rule from="^http://((?:api|billing|go|www)\.)?madmimi\.com/"
-		to="https://$1madmimi.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Madame-Tussauds.xml b/src/chrome/content/rules/Madame-Tussauds.xml
index 68b2ab3b9f0b..b556403b1373 100644
--- a/src/chrome/content/rules/Madame-Tussauds.xml
+++ b/src/chrome/content/rules/Madame-Tussauds.xml
@@ -17,7 +17,7 @@ Fetch error: http://www2.madametussauds.com/ => https://www2.madametussauds.com/
 		- reservations		(expired cert)
 		- !www			(cert only matches www)
 -->
-<ruleset name="Madame Tussauds" default_off='failed ruleset test'>
+<ruleset name="Madame Tussauds" default_off="failed ruleset test">
 	<target host="madametussauds.com" />
 	<target host="cms.madametussauds.com" />
 	<target host="m.madametussauds.com" />
diff --git a/src/chrome/content/rules/MadgexJB.com.xml b/src/chrome/content/rules/MadgexJB.com.xml
index f65cf4df4945..98897952f186 100644
--- a/src/chrome/content/rules/MadgexJB.com.xml
+++ b/src/chrome/content/rules/MadgexJB.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://ijobs-rs.madgexjb.com/ => https://ijobs-rs.madgexjb.com/: (5
 		- ijobs-rs.madgexjb.com
 
 -->
-<ruleset name="MadgexJB.com" default_off='failed ruleset test'>
+<ruleset name="MadgexJB.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Madison-Logic.xml b/src/chrome/content/rules/Madison-Logic.xml
index 546a76f591dd..e5eb441eb9fb 100644
--- a/src/chrome/content/rules/Madison-Logic.xml
+++ b/src/chrome/content/rules/Madison-Logic.xml
@@ -6,70 +6,27 @@
 
 	Problematic domains:
 
-		- (www.)dinclinx.com	(mismatched, CN: *.madisonlogic.com)
-
-		- (www.)madisonlogic.com
-
-			- Data differ
-			- $ redirects to Login.aspx
-			- css/ & graphics/ 404
-
-
-	Partially covered domains:
-
-		- (www.)madisonlogic.com
-
+		- (www|blog.)madisonlogic.com	SSL certificate problem: unable to get local issuer certificate
 
 	Fully covered domains:
 
-		- (www.)dinclinx.com	(→ clk.madisonlogic.com)
-
 		- madisonlogic.com subdomains:
 
-			- blog
 			- clk
-			- js-agent
 			- jsc
 			- st
 
-
-	Mixed content:
-
-		- Script on blog from blog *
-
-		- css:
-
-			- On blog from blog *
-			- On blog from fonts.googleapis.com **
-
-		- Images on blog from blog ***
-
-	* Secured by us, just a facebook widget
-	** Secured by us
-	*** Secured by us, doesn't trip MCB anyway
-
 -->
 <ruleset name="Madison Logic (partial)">
 
-	<target host="dinclinx.com" />
-	<target host="www.dinclinx.com" />
-	<target host="*.madisonlogic.com"/>
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.madisonlogic\.com$" name="^__(?:utm\w|zlcid)$" />
-
-
-	<rule from="^http://(?:www\.)?dinclinx\.com/"
-		to="https://clk.madisonlogic.com/" />
+	<target host="clk.madisonlogic.com" />
+	<target host="jsc.madisonlogic.com" />
+	<target host="st.madisonlogic.com" />
 
-	<rule from="^http://www\.madisonlogic\.com/images/(arrow|bg|headBg|linkbutton_background|mainNav)\.gif$"
-		to="https://www.madisonlogic.com/images/$2.gif"/>
 
 	<!--	Included on 3rd-party websites.
 						-->
-	<rule from="^http://(blog|clk|js-agent|jsc|st)\.madisonlogic\.com/"
-		to="https://$1.madisonlogic.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mael_Soucaze.com.xml b/src/chrome/content/rules/Mael_Soucaze.com.xml
deleted file mode 100644
index 4ec322146a63..000000000000
--- a/src/chrome/content/rules/Mael_Soucaze.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Mael Soucaze.com">
-
-	<target host="maelsoucaze.com" />
-	<target host="www.maelsoucaze.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maemo.xml b/src/chrome/content/rules/Maemo.xml
index ab59e6249e32..153da98e51c1 100644
--- a/src/chrome/content/rules/Maemo.xml
+++ b/src/chrome/content/rules/Maemo.xml
@@ -28,7 +28,7 @@ Fetch error: http://static.maemo.org/ => https://maemo.org/midcom-static/: (60,
 		- wiki
 
 -->
-<ruleset name="Maemo.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Maemo.org (partial)" default_off="failed ruleset test">
 
 	<target host="maemo.org" />
 	<target host="garage.maemo.org" />
diff --git a/src/chrome/content/rules/Magazin.io.xml b/src/chrome/content/rules/Magazin.io.xml
index 2e0b930adca7..dff60f5803d8 100644
--- a/src/chrome/content/rules/Magazin.io.xml
+++ b/src/chrome/content/rules/Magazin.io.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://magazin.io/ => https://magazin.io/: (7, 'Failed to connect to magazin.io port 443: Connection refused')
 Fetch error: http://www.magazin.io/ => https://magazin.io/: (7, 'Failed to connect to magazin.io port 443: Connection refused')
 
-	www.magazin.io: Expired, mismatched		- 
+	www.magazin.io: Expired, mismatched		-
 
 -->
-<ruleset name="Magazin.io" default_off='failed ruleset test'>
+<ruleset name="Magazin.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Magazinesdirect.com.xml b/src/chrome/content/rules/Magazinesdirect.com.xml
index 054206123b36..7767b0835f37 100644
--- a/src/chrome/content/rules/Magazinesdirect.com.xml
+++ b/src/chrome/content/rules/Magazinesdirect.com.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mageia.xml b/src/chrome/content/rules/Mageia.xml
index 8068f96cf4c2..a59098c3c894 100644
--- a/src/chrome/content/rules/Mageia.xml
+++ b/src/chrome/content/rules/Mageia.xml
@@ -28,7 +28,7 @@ Non-2xx HTTP code: http://svn.mageia.org/ (200) => https://svnweb.mageia.org/ (4
 	* Secured by us
 
 -->
-<ruleset name="Mageia.org" default_off='failed ruleset test'>
+<ruleset name="Mageia.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Magento_Go_images.xml b/src/chrome/content/rules/Magento_Go_images.xml
index 369f5ac1d5b4..abf8069415f0 100644
--- a/src/chrome/content/rules/Magento_Go_images.xml
+++ b/src/chrome/content/rules/Magento_Go_images.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://(\w+\.)?img\.gostorego\.com/"
 		to="https://$1img.gostorego.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Magic.fr.xml b/src/chrome/content/rules/Magic.fr.xml
index 23c1185751de..05e7dfb16c99 100644
--- a/src/chrome/content/rules/Magic.fr.xml
+++ b/src/chrome/content/rules/Magic.fr.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Magic Online rulesets:
 
-		- Hegerys.com.xml
 		- LEspace_client.fr.xml
 -->
 <ruleset name="Magic.fr">
diff --git a/src/chrome/content/rules/Magnatune.xml b/src/chrome/content/rules/Magnatune.xml
deleted file mode 100644
index 30647a0c31f8..000000000000
--- a/src/chrome/content/rules/Magnatune.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(times out)
-
--->
-<ruleset name="Magnatune (partial)" platform="mixedcontent">
-
-	<target host="magnatune.com" />
-	<target host="*.magnatune.com" />
-
-
-	<securecookie host="^(?:.*\.)magnatune\.com$" name=".+" />
-
-
-	<rule from="^http://(?:he3\.|(www\.))?magnatune\.com/"
-		to="https://$1magnatune.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Magnet.ie.xml b/src/chrome/content/rules/Magnet.ie.xml
index 14c6a09f712d..9fb778577ad3 100644
--- a/src/chrome/content/rules/Magnet.ie.xml
+++ b/src/chrome/content/rules/Magnet.ie.xml
@@ -16,7 +16,7 @@
 	<!--securecookie host="^\.magnet\.ie$" name="^multisitevisited$" /-->
 	<!--securecookie host="^www\.magnet\.ie$" name="^(?:PHPSESSID|fileDownload|magsignpaysession)$" /-->
 
-	<securecookie host="^(?:www)?\.magnet\.ie$" name="" />
+	<securecookie host="^(?:www)?\.magnet\.ie$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Magserv.com.xml b/src/chrome/content/rules/Magserv.com.xml
deleted file mode 100644
index 3a45fff6e148..000000000000
--- a/src/chrome/content/rules/Magserv.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Subscription service.
-
--->
-<ruleset name="magserv.com">
-
-	<target host="magserv.com" />
-	<target host="*.magserv.com" />
-
-
-	<rule from="^http://([\w-]+\.)?magserv\.com/"
-		to="https://$1magserv.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Magyar_Telekom.xml b/src/chrome/content/rules/Magyar_Telekom.xml
index b6eca3a4b0c7..1b59341f63d4 100644
--- a/src/chrome/content/rules/Magyar_Telekom.xml
+++ b/src/chrome/content/rules/Magyar_Telekom.xml
@@ -6,7 +6,7 @@ Fetch error: http://pool.telekom.hu/ => https://pool.telekom.hu/: (28, 'Connecti
 	 - tudakozo.telekom.hu (cert mismatch, expired)
 	 - telefonkonyv.telekom.hu
 -->
-<ruleset name="Magyar Telekom (partial)" default_off='failed ruleset test'>
+<ruleset name="Magyar Telekom (partial)" default_off="failed ruleset test">
 	<target host="pool.telekom.hu" />
 	<target host="www.telekom.hu" />
 
diff --git a/src/chrome/content/rules/Mahomet_Citizen.xml b/src/chrome/content/rules/Mahomet_Citizen.xml
index e7b1d3524321..7f6ea220f19e 100644
--- a/src/chrome/content/rules/Mahomet_Citizen.xml
+++ b/src/chrome/content/rules/Mahomet_Citizen.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?mcitizen\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.mcitizen.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mahran.net.xml b/src/chrome/content/rules/Mahran.net.xml
new file mode 100644
index 000000000000..e00476455091
--- /dev/null
+++ b/src/chrome/content/rules/Mahran.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mahran.net">
+	<target host="mahran.net" />
+	<target host="www.mahran.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MailChimp.xml b/src/chrome/content/rules/MailChimp.xml
index 17d2dc159ed2..1d91c415d91e 100644
--- a/src/chrome/content/rules/MailChimp.xml
+++ b/src/chrome/content/rules/MailChimp.xml
@@ -159,10 +159,6 @@
 	<securecookie host=".\.mailchimp\.com$" name=".+" />
 
 
-	<rule from="^http://downloads\.mailchimp\.com/"
-		to="https://d1zgderxoe1a.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MailLift.com.xml b/src/chrome/content/rules/MailLift.com.xml
deleted file mode 100644
index e7b44c63a91d..000000000000
--- a/src/chrome/content/rules/MailLift.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)?
-		- api
-
-
-	Insecure cookies are set for these hosts:
-
-		- maillift.com
-
--->
-<ruleset name="MailLift.com">
-
-	<target host="maillift.com" />
-	<target host="api.maillift.com" />
-	<target host="www.maillift.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^maillift\.com$" name="^mld_session$" /-->
-
-	<securecookie host="^maillift\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MailNull.com.xml b/src/chrome/content/rules/MailNull.com.xml
index d793834b06b6..689acb65c357 100644
--- a/src/chrome/content/rules/MailNull.com.xml
+++ b/src/chrome/content/rules/MailNull.com.xml
@@ -1,27 +1,13 @@
 <!--
-	Problematic subdomains:
-
-		- ^ ¹
-		- www ¹	(cert only matches ^mailnull.com)
-
-	¹ Server sends no certificate chain, see https://whatsmychaincert.com
-
+	Mismatched:
+		- out
+		- outside
 -->
-<ruleset name="MailNull.com" default_off="missing certificate chain">
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="MailNull.com">
 	<target host="mailnull.com" />
-
-	<!--	Complications:
-				-->
 	<target host="www.mailnull.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://www\.mailnull\.com/"
-		to="https://mailnull.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mailgun.com.xml b/src/chrome/content/rules/Mailgun.com.xml
deleted file mode 100644
index 449d2eb8d706..000000000000
--- a/src/chrome/content/rules/Mailgun.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For other Rackspace coverage, see Rackspace.xml.
-
-
-	Problematic hosts in *mailgun.com:
-
-		- blog ¹
-		- status ²
-
-	¹ Mismatched, CN: ssl4093.cloudflare.com
-	² StatusPage.io / mismatched
-
--->
-<ruleset name="Mailgun.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="mailgun.com" />
-	<target host="documentation.mailgun.com" />
-	<target host="help.mailgun.com" />
-	<target host="www.mailgun.com" />
-
-	<!--	Complications:
-				-->
-	<target host="status.mailgun.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^mailgun\.com$" name="^mailgun_website$" /-->
-
-	<securecookie host="^\." name="^_ga" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://status\.mailgun\.com/"
-		to="https://mailgun.statuspage.io/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mailigen.xml b/src/chrome/content/rules/Mailigen.xml
index fff36e40eb48..04d52f16c689 100644
--- a/src/chrome/content/rules/Mailigen.xml
+++ b/src/chrome/content/rules/Mailigen.xml
@@ -5,7 +5,7 @@ Fetch error: http://static-admin.mailigen.com/ => https://static-admin.mailigen.
 
 	CDN buckets:
 
-		- 500745869.r.cdn77.net 
+		- 500745869.r.cdn77.net
 
 			- static.mailigen.com
 
@@ -42,7 +42,7 @@ Fetch error: http://static-admin.mailigen.com/ => https://static-admin.mailigen.
 	* Secured by us
 
 -->
-<ruleset name="Mailigen.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mailigen.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mailout_Interactive.com.xml b/src/chrome/content/rules/Mailout_Interactive.com.xml
index 4f60dad6e42c..08e570c47bb7 100644
--- a/src/chrome/content/rules/Mailout_Interactive.com.xml
+++ b/src/chrome/content/rules/Mailout_Interactive.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.mailoutinteractive.com/ => https://mailoutinteractive.co
 		- www	(shows industrymailout.com)
 
 -->
-<ruleset name="Mailout Interactive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mailout Interactive.com (partial)" default_off="failed ruleset test">
 
 	<target host="mailoutinteractive.com" />
 	<target host="www.mailoutinteractive.com" />
diff --git a/src/chrome/content/rules/Mailstation.de.xml b/src/chrome/content/rules/Mailstation.de.xml
deleted file mode 100644
index 30eef58265df..000000000000
--- a/src/chrome/content/rules/Mailstation.de.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: galileo.mailstation.de)
-
--->
-<ruleset name="mailstation.de">
-
-	<target host="mailstation.de" />
-	<target host="*.mailstation.de" />
-
-
-	<!--	Server redirect from (www.) to
-		galileo preserves path and args:
-						-->
-	<rule from="^http://(?:galileo\.|www\.)?mailstation\.de/"
-		to="https://galileo.mailstation.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maine.gov.xml b/src/chrome/content/rules/Maine.gov.xml
index 4822f3a0c65c..77d8f021ded4 100644
--- a/src/chrome/content/rules/Maine.gov.xml
+++ b/src/chrome/content/rules/Maine.gov.xml
@@ -32,7 +32,7 @@ Non-2xx HTTP code: http://www.maine.gov/local/ (200) => https://www.maine.gov/lo
 	* Secured by us
 
 -->
-<ruleset name="Maine.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="Maine.gov (partial)" default_off="failed ruleset test">
 
 	<target host="maine.gov" />
 	<target host="data.maine.gov" />
diff --git a/src/chrome/content/rules/Mainline_Hobby.net.xml b/src/chrome/content/rules/Mainline_Hobby.net.xml
deleted file mode 100644
index 6900eda0d844..000000000000
--- a/src/chrome/content/rules/Mainline_Hobby.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Mainline Hobby.net">
-
-	<target host="mainlinehobby.net" />
-	<target host="www.mainlinehobby.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml b/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml
index 9a80a737cd1a..24e4f7d13008 100644
--- a/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml
+++ b/src/chrome/content/rules/Make-A-Wish-Foundation-MI.xml
@@ -8,9 +8,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://wishmich.org/ => https://www.wishmich.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wishmich.org'")
 Fetch error: http://www.wishmich.org/ => https://www.wishmich.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wishmich.org'")
 -->
-<ruleset name="Make-A-Wish Foundation of Michigan" default_off='failed ruleset test'>
+<ruleset name="Make-A-Wish Foundation of Michigan" default_off="failed ruleset test">
 	<target host="wishmich.org" />
 	<target host="www.wishmich.org" />
 
 	<rule from="^http://(?:www\.)?wishmich\.org/" to="https://www.wishmich.org/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Make-Projects.xml b/src/chrome/content/rules/Make-Projects.xml
deleted file mode 100644
index 9ff171526306..000000000000
--- a/src/chrome/content/rules/Make-Projects.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Make: Projects
-
-
-	CDN buckets:
-
-		- d1c7nyv5gwvh6t.cloudfront.net
-			- guide-images.makeprojects.org
-
-
-	(www.)?makeprojects.org: Dropped over http & https
-
--->
-<ruleset name="Make Projects.org">
-
-	<!--	Complications:
-				-->
-	<target host="guide-images.makeprojects.org" />
-
-
-	<rule from="^http://guide-images\.makeprojects\.org/"
-		to="https://d1c7nyv5gwvh6t.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MakeFrontendShitAgain.party.xml b/src/chrome/content/rules/MakeFrontendShitAgain.party.xml
new file mode 100644
index 000000000000..9499493eef9e
--- /dev/null
+++ b/src/chrome/content/rules/MakeFrontendShitAgain.party.xml
@@ -0,0 +1,8 @@
+<ruleset name="MakeFrontendShitAgain.party">
+	<target host="makefrontendshitagain.party" />
+	<target host="www.makefrontendshitagain.party" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MakeMyTrip.xml b/src/chrome/content/rules/MakeMyTrip.xml
index 6837e7c76df2..3f078b421337 100644
--- a/src/chrome/content/rules/MakeMyTrip.xml
+++ b/src/chrome/content/rules/MakeMyTrip.xml
@@ -1,9 +1,28 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://makemytrip.com/holidays-india/ => https://www.makemytrip.com/holidays-india/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://makemytrip.com/ => https://www.makemytrip.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://image4.makemytrip.com/ => https://image4.makemytrip.com/: (6, 'Could not resolve host: image4.makemytrip.com')
+Fetch error: http://image5.makemytrip.com/ => https://image5.makemytrip.com/: (6, 'Could not resolve host: image5.makemytrip.com')
+Fetch error: http://m.makemytrip.com/ => https://m.makemytrip.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://railtourism.makemytrip.com/ => https://railtourism.makemytrip.com/: (6, 'Could not resolve host: railtourism.makemytrip.com')
+Fetch error: http://support.makemytrip.com/ => https://support.makemytrip.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://us.makemytrip.com/ => https://us.makemytrip.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.makemytrip.com/ => https://www.makemytrip.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+-->
 <ruleset name="Make My Trip" platform="mixedcontent">
-  <target host="makemytrip.com" />
-  <target host="*.makemytrip.com" />
+  <!-- target host="makemytrip.com" /-->
+  <target host="cheapfaresindia.makemytrip.com" />
+  <!-- target host="image4.makemytrip.com" /-->
+  <!-- target host="image5.makemytrip.com" /-->
+  <!-- target host="m.makemytrip.com" /-->
+  <!-- target host="railtourism.makemytrip.com" /-->
+  <!-- target host="support.makemytrip.com" /-->
+  <!-- target host="us.makemytrip.com" /-->
+  <!-- target host="www.makemytrip.com" /-->
 
-  <rule from="^http://makemytrip\.com/"
-          to="https://www.makemytrip.com/" />
-  <rule from="^http://(cheapfaresindia|image4|image5|m|railtourism|support|us|www)\.makemytrip\.com/"
-          to="https://$1.makemytrip.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MakeUseOf.com.xml b/src/chrome/content/rules/MakeUseOf.com.xml
new file mode 100644
index 000000000000..c3738bc4ff6e
--- /dev/null
+++ b/src/chrome/content/rules/MakeUseOf.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatch:
+		wiki.makeuseof.com
+-->
+<ruleset name="MakeUseOf.com">
+	<target host="makeuseof.com" />
+	<target host="www.makeuseof.com" />
+	<target host="cdn.makeuseof.com" />
+	<target host="deals.makeuseof.com" />
+	<target host="groups.makeuseof.com" />
+	<target host="mail.makeuseof.com" />
+	<target host="www.mail.makeuseof.com" />
+	<target host="static.makeuseof.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MakeUseOf.xml b/src/chrome/content/rules/MakeUseOf.xml
deleted file mode 100644
index 5e7098271fd2..000000000000
--- a/src/chrome/content/rules/MakeUseOf.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- main.makeuseoflimited.netdna-cdn.com
-
-			- ssl doesn't exist
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="MakeUseOf (partial)">
-
-	<target host="makeuseof.com" />
-	<target host="*.makeuseof.com" />
-	<target host="main.makeuseoflimited.netdna-cdn.com" />
-
-
-	<rule from="^http://(www\.)?makeuseof\.com/(favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1makeuseof.com/$2" />
-
-	<rule from="^http://(?:cdn\.makeuseof|main\.makeuseoflimited\.netdna-cdn)\.com/"
-		to="https://makeuseof.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maker_Shed.xml b/src/chrome/content/rules/Maker_Shed.xml
index 6856ab810dec..7736af3af6d5 100644
--- a/src/chrome/content/rules/Maker_Shed.xml
+++ b/src/chrome/content/rules/Maker_Shed.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Makerbot.xml b/src/chrome/content/rules/Makerbot.xml
index 85a948860252..04eb8e525d41 100644
--- a/src/chrome/content/rules/Makerbot.xml
+++ b/src/chrome/content/rules/Makerbot.xml
@@ -41,16 +41,19 @@
 <ruleset name="Makerbot">
 
 	<target host="makerbot.com" />
-	<target host="*.makerbot.com" />
+	<target host="accounts.makerbot.com" />
+	<target host="digitalstore.makerbot.com" />
+	<target host="www.makerbot.com" />
+	<target host="store.makerbot.com" />
+	<target host="www.store.makerbot.com" />
 
 
 	<securecookie host="^(?:accounts|\.digitalstore|\.store)?\.makerbot\.com$" name=".+" />
 
 
-	<rule from="^http://((?:accounts|digitalstore|www)\.)?makerbot\.com/"
-		to="https://$1makerbot.com/" />
 
 	<rule from="^http://(?:www\.)?store\.makerbot\.com/"
 		to="https://store.makerbot.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Makes.org.xml b/src/chrome/content/rules/Makes.org.xml
index ca7cd654ffed..285c4fb8d2c7 100644
--- a/src/chrome/content/rules/Makes.org.xml
+++ b/src/chrome/content/rules/Makes.org.xml
@@ -16,7 +16,7 @@ Fetch error: http://gerv.makes.org/ => https://gerv.makes.org/: (60, 'SSL certif
 		- gerv
 
 -->
-<ruleset name="Makes.org" default_off='failed ruleset test'>
+<ruleset name="Makes.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MakiBox.xml b/src/chrome/content/rules/MakiBox.xml
index 86f99837454a..2d76d19d7fec 100644
--- a/src/chrome/content/rules/MakiBox.xml
+++ b/src/chrome/content/rules/MakiBox.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://makibox.com/ => https://makibox.com/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.makibox.com/ => https://www.makibox.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="MakiBox" default_off='failed ruleset test'>
+<ruleset name="MakiBox" default_off="failed ruleset test">
 
 	<target host="makibox.com" />
 	<target host="www.makibox.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.makibox.com/ => https://www.makibox.com/: (28, 'Connecti
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Makrotex.hu.xml b/src/chrome/content/rules/Makrotex.hu.xml
index aa0d6b13c905..d64914c7e8f9 100644
--- a/src/chrome/content/rules/Makrotex.hu.xml
+++ b/src/chrome/content/rules/Makrotex.hu.xml
@@ -18,7 +18,7 @@
 	² Unsecurable <= plaintext reply
 
 -->
-<ruleset name="Makrotex.hu" default_off="missing certificate chain">
+<ruleset name="Makrotex.hu" default_off="cert-chain">
 
 	<target host="makrotex.hu" />
 	<target host="www.makrotex.hu" />
diff --git a/src/chrome/content/rules/Malcovery.com.xml b/src/chrome/content/rules/Malcovery.com.xml
index e8416e7b5ce8..56cd40bc894b 100644
--- a/src/chrome/content/rules/Malcovery.com.xml
+++ b/src/chrome/content/rules/Malcovery.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://malcovery.com/ => https://www.malcovery.com/: (51, "SSL: no
 		- www.malcovery.com
 
 -->
-<ruleset name="Malcovery.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Malcovery.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Malware-research.org.xml b/src/chrome/content/rules/Malware-research.org.xml
index eb5910510a29..463d34a54764 100644
--- a/src/chrome/content/rules/Malware-research.org.xml
+++ b/src/chrome/content/rules/Malware-research.org.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.malware-research.org/ => https://www.malware-research.or
 	* Secured by us
 
 -->
-<ruleset name="malware-research.org" default_off='failed ruleset test'>
+<ruleset name="malware-research.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Malware_Tracker.com.xml b/src/chrome/content/rules/Malware_Tracker.com.xml
index 6cead2acefe5..00b3af6e6a32 100644
--- a/src/chrome/content/rules/Malware_Tracker.com.xml
+++ b/src/chrome/content/rules/Malware_Tracker.com.xml
@@ -16,16 +16,16 @@
 <ruleset name="Malware Tracker.com (partial)">
 
 	<target host="malwaretracker.com" />
-	<target host="*.malwaretracker.com" />
+	<target host="app.malwaretracker.com" />
+	<target host="www.malwaretracker.com" />
 		<!--exclusion pattern="http://blog\.malwaretracker\.com/" /-->
 	<target host="malware-tracker.com" />
 	<target host="www.malware-tracker.com" />
 
 
-	<rule from="^http://(app\.|www\.)?malwaretracker\.com/"
-		to="https://$1malwaretracker.com/" />
 
 	<rule from="^http://(?:www\.)?malware-tracker\.com/"
 		to="https://www.malware-tracker.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mamba.xml b/src/chrome/content/rules/Mamba.xml
index 2036be5a94af..29b589130061 100644
--- a/src/chrome/content/rules/Mamba.xml
+++ b/src/chrome/content/rules/Mamba.xml
@@ -12,7 +12,6 @@
 
 	<rule from="^http:" to="https:" />
 
-	<test url="http://mamba.ru/" />
 	<test url="http://www.mamba.ru/" />
 	<test url="http://corp.mamba.ru/" />
 	<test url="http://partner.mamba.ru/" />
diff --git a/src/chrome/content/rules/Mammut.xml b/src/chrome/content/rules/Mammut.xml
index c171bc2688cd..46c3e2d668f7 100644
--- a/src/chrome/content/rules/Mammut.xml
+++ b/src/chrome/content/rules/Mammut.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mammut.ch/ => https://mammut.ch/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Mammut" default_off='failed ruleset test'>
+<ruleset name="Mammut" default_off="failed ruleset test">
 	<target host="mammut.ch" />
 	<target host="www.mammut.ch" />
 
diff --git a/src/chrome/content/rules/Man_Group.xml b/src/chrome/content/rules/Man_Group.xml
index 475b9586ecb0..2ad73bc753b2 100644
--- a/src/chrome/content/rules/Man_Group.xml
+++ b/src/chrome/content/rules/Man_Group.xml
@@ -2,7 +2,7 @@
     <target host="man.com" />
     <target host="*.man.com" />
 
-    <securecookie host="^(?:.*\.)?man\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://man\.com/"
         to="https://www.man.com/" />
diff --git a/src/chrome/content/rules/Managed_Forex_Program.com.xml b/src/chrome/content/rules/Managed_Forex_Program.com.xml
index e9db863f27e6..3eb0473eaeea 100644
--- a/src/chrome/content/rules/Managed_Forex_Program.com.xml
+++ b/src/chrome/content/rules/Managed_Forex_Program.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.managedforexprogram.com/ => https://www.managedforexprog
 	* Secured by us
 
 -->
-<ruleset name="Managed Forex Program.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Managed Forex Program.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Manchester.gov.uk.xml b/src/chrome/content/rules/Manchester.gov.uk.xml
index 362845f0a7a1..f60d7526eea4 100644
--- a/src/chrome/content/rules/Manchester.gov.uk.xml
+++ b/src/chrome/content/rules/Manchester.gov.uk.xml
@@ -66,7 +66,7 @@ Fetch error: http://open.manchester.gov.uk/open => https://open.manchester.gov.u
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Manchester.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Manchester.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MandS.xml b/src/chrome/content/rules/MandS.xml
index 4befc1f71e32..df033307d822 100644
--- a/src/chrome/content/rules/MandS.xml
+++ b/src/chrome/content/rules/MandS.xml
@@ -38,16 +38,23 @@
 <ruleset name="Marks &amp; Spencer" platform="mixedcontent">
 
 	<target host="marksandspencer.com" />
-	<target host="*.marksandspencer.com" />
+	<target host="www.marksandspencer.com" />
+	<target host="www7.marksandspencer.com" />
+	<target host="www10.marksandspencer.com" />
+	<target host="www11.marksandspencer.com" />
+	<target host="asset1.marksandspencer.com" />
+	<target host="asset2.marksandspencer.com" />
+	<target host="help.marksandspencer.com" />
+	<target host="m.marksandspencer.com" />
+	<target host="plana.marksandspencer.com" />
 
 
-	<securecookie host="^(?:.*\.)?marksandspencer\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www(7|10|11)?\.)?marksandspencer\.com/"
 		to="https://www$1.marksandspencer.com/" />
 
-	<rule from="^http://(asset[12]|help|m|plana)\.marksandspencer\.com/"
-		to="https://$1.marksandspencer.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Manga.xml b/src/chrome/content/rules/Manga.xml
index 9c556f546b50..917ebf10e690 100644
--- a/src/chrome/content/rules/Manga.xml
+++ b/src/chrome/content/rules/Manga.xml
@@ -8,7 +8,7 @@ Fetch error: http://secure.manga.com/ => https://secure.manga.com/: (7, 'Failed
 		- (www.)	(shows secure; mismatched, CN: secure.manga.com
 
 -->
-<ruleset name="Manga (partial)" default_off='failed ruleset test'>
+<ruleset name="Manga (partial)" default_off="failed ruleset test">
 	<target host="secure.manga.com" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Mango.xml b/src/chrome/content/rules/Mango.xml
index eef5c7e6fe46..6260142b45b2 100644
--- a/src/chrome/content/rules/Mango.xml
+++ b/src/chrome/content/rules/Mango.xml
@@ -31,14 +31,14 @@
 -->
 <ruleset name="Mango (partial)">
 
-	<target host="*.mango.com" />
+	<target host="shop.mango.com" />
+	<target host="ssl.mango.com" />
 
 
 	<!--securecookie host="^\.mango\.com$" name="^JSESSIONID$" /-->
 	<securecookie host="^s(?:hop|ssl)\.mango\.com$" name=".+" />
 
 
-	<rule from="^http://s(hop|sl)\.mango\.com/"
-		to="https://s$1.mango.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Manhattanite.xml b/src/chrome/content/rules/Manhattanite.xml
index 26367ec05c95..2cedae23b3eb 100644
--- a/src/chrome/content/rules/Manhattanite.xml
+++ b/src/chrome/content/rules/Manhattanite.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Manhattanville_College.xml b/src/chrome/content/rules/Manhattanville_College.xml
index b735ce2b2958..25c79b22e70e 100644
--- a/src/chrome/content/rules/Manhattanville_College.xml
+++ b/src/chrome/content/rules/Manhattanville_College.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ManilaPrinciples.org.xml b/src/chrome/content/rules/ManilaPrinciples.org.xml
deleted file mode 100644
index d3003963d3e0..000000000000
--- a/src/chrome/content/rules/ManilaPrinciples.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other EFF coverage, see EFF.xml.
--->
-
-<ruleset name="ManilaPrinciples.org">
-	<target host="manilaprinciples.org" />
-	<target host="www.manilaprinciples.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Manitu.de.xml b/src/chrome/content/rules/Manitu.de.xml
index 19d09d2db9ef..c23ab5a8a39b 100644
--- a/src/chrome/content/rules/Manitu.de.xml
+++ b/src/chrome/content/rules/Manitu.de.xml
@@ -9,17 +9,17 @@
 <ruleset name="manitu.de">
 
 	<target host="manitu.de" />
-	<target host="*.manitu.de" />
+	<target host="status.manitu.de" />
+	<target host="www.manitu.de" />
 	<target host="manitu.net" />
 	<target host="www.manitu.net" />
 
 
-	<rule from="^http://(status\.|www\.)?manitu\.de/"
-		to="https://$1manitu.de/" />
 
 	<!--	Simple redirect to .de:
 					-->
 	<rule from="^http://(?:www\.)?manitu\.net/"
 		to="https://www.manitu.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mankier.com.xml b/src/chrome/content/rules/Mankier.com.xml
deleted file mode 100644
index b2d2a54e76ec..000000000000
--- a/src/chrome/content/rules/Mankier.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		. mankier.com
-
--->
-<ruleset name="Mankier.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="mankier.com" />
-	<target host="www.mankier.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.mankier\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.mankier\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml b/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml
index 66501947f475..55dcb379ace8 100644
--- a/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml
+++ b/src/chrome/content/rules/Manlysealifesanctuary.com.au.xml
@@ -6,7 +6,7 @@ Fetch error: http://secure.manlysealifesanctuary.com.au/ => https://secure.manly
 	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
 -->
 
-<ruleset name="Manly SEA LIFE Sanctuary" default_off='failed ruleset test'>
+<ruleset name="Manly SEA LIFE Sanctuary" default_off="failed ruleset test">
 	<target host="manlysealifesanctuary.com.au" />
 	<target host="secure.manlysealifesanctuary.com.au" />
 	<target host="www.manlysealifesanctuary.com.au" />
diff --git a/src/chrome/content/rules/Manta.xml b/src/chrome/content/rules/Manta.xml
index 4e4d7ccfd855..471f6a5dbaf1 100644
--- a/src/chrome/content/rules/Manta.xml
+++ b/src/chrome/content/rules/Manta.xml
@@ -23,7 +23,7 @@ Fetch error: http://manta.com/ => https://manta.com/: (51, "SSL: no alternative
 	* Works; mismatched, CN: www.manta.com
 
 -->
-<ruleset name="Manta (partial)" default_off='failed ruleset test'>
+<ruleset name="Manta (partial)" default_off="failed ruleset test">
 
 	<target host="manta.com" />
 	<target host="*.manta.com" />
diff --git a/src/chrome/content/rules/Manticore.xml b/src/chrome/content/rules/Manticore.xml
deleted file mode 100644
index e234ea5803ce..000000000000
--- a/src/chrome/content/rules/Manticore.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Manticore (partial)">
-
-	<target host="*.manticoretechnology.com"/>
-
-
-	<securecookie host="^stats\.manticoretechnology\.com$" name=".+" />
-
-
-	<rule from="^http://(?:app|purl)\.manticoretechnology\.com/"
-		to="https://app.manticoretechnology.com/"/>
-
-	<rule from="^http://stats\.manticoretechnology\.com/"
-		to="https://stats.manticoretechnology.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Manx_Computer_Bureau.xml b/src/chrome/content/rules/Manx_Computer_Bureau.xml
index a2e0e44261ea..58983c762aaf 100644
--- a/src/chrome/content/rules/Manx_Computer_Bureau.xml
+++ b/src/chrome/content/rules/Manx_Computer_Bureau.xml
@@ -6,7 +6,7 @@ Fetch error: http://mail.mcb.net/ => https://mail.mcb.net/: (7, 'Failed to conne
 Fetch error: http://www.mcb.net/ => https://www.mcb.net/: (28, 'Connection timed out after 20002 milliseconds')
 
 -->
-<ruleset name="Manx Computer Bureau" default_off='failed ruleset test'>
+<ruleset name="Manx Computer Bureau" default_off="failed ruleset test">
 
 	<target host="mcb.net" />
 	<target host="mail.mcb.net" />
@@ -15,4 +15,4 @@ Fetch error: http://www.mcb.net/ => https://www.mcb.net/: (28, 'Connection timed
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mapillary.com.xml b/src/chrome/content/rules/Mapillary.com.xml
index 369da0b4fac2..875ba40936db 100644
--- a/src/chrome/content/rules/Mapillary.com.xml
+++ b/src/chrome/content/rules/Mapillary.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://elva.mapillary.com/ => https://elva.mapillary.com/: (6, 'Cou
 		^:    Refused
 		blog: Timeout
 		edu:  Mismatch
-		
+
 
 
 	Mixed content:
@@ -18,7 +18,7 @@ Fetch error: http://elva.mapillary.com/ => https://elva.mapillary.com/: (6, 'Cou
 	* Secured by us
 
 -->
-<ruleset name="Mapillary.com" default_off='failed ruleset test'>
+<ruleset name="Mapillary.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Marathon_Bet.com.xml b/src/chrome/content/rules/Marathon_Bet.com.xml
index 231507f9995d..69966bb4b58e 100644
--- a/src/chrome/content/rules/Marathon_Bet.com.xml
+++ b/src/chrome/content/rules/Marathon_Bet.com.xml
@@ -39,7 +39,8 @@
 <ruleset name="Marathon Bet.com (partial)" platform="mixedcontent">
 
 	<target host="marathonbet.com" />
-	<target host="*.marathonbet.com" />
+	<target host="www.marathonbet.com" />
+	<target host="static.marathonbet.com" />
 
 
 	<securecookie host="^(?:www)?\.marathonbet\.com$" name=".+" />
@@ -48,7 +49,6 @@
 	<rule from="^http://(?:www\.)?marathonbet\.com/"
 		to="https://www.marathonbet.com/" />
 
-	<rule from="^http://static\.marathonbet\.com/"
-		to="https://static.marathonbet.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/March_for_Babies.org.xml b/src/chrome/content/rules/March_for_Babies.org.xml
index ab9b05342910..26797d933021 100644
--- a/src/chrome/content/rules/March_for_Babies.org.xml
+++ b/src/chrome/content/rules/March_for_Babies.org.xml
@@ -24,7 +24,8 @@
 <ruleset name="March for Babies.org (partial)">
 
 	<target host="marchforbabies.org" />
-	<target host="*.marchforbabies.org" />
+	<target host="www.marchforbabies.org" />
+	<target host="m.marchforbabies.org" />
 
 
 	<securecookie host="^(?:www)?\.marchforbabies\.org$" name=".+" />
@@ -33,7 +34,6 @@
 	<rule from="^http://(?:www\.)?marchforbabies\.org/"
 		to="https://www.marchforbabies.org/" />
 
-	<rule from="^http://m\.marchforbabies\.org/"
-		to="https://m.marchforbabies.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marchex.xml b/src/chrome/content/rules/Marchex.xml
index 771c9d67f032..c4a19dd149cf 100644
--- a/src/chrome/content/rules/Marchex.xml
+++ b/src/chrome/content/rules/Marchex.xml
@@ -63,7 +63,7 @@ Fetch error: http://c.enhance.com/ => https://c.enhance.com/: (60, 'SSL certific
 	² Not secured by us <= invalid cert
 
 -->
-<ruleset name="Marchex (partial)" default_off='failed ruleset test'>
+<ruleset name="Marchex (partial)" default_off="failed ruleset test">
 
 	<target host="c.enhance.com" />
 	<target host="industrybrains.com" />
diff --git a/src/chrome/content/rules/Marcusoft.net.xml b/src/chrome/content/rules/Marcusoft.net.xml
new file mode 100644
index 000000000000..e563d54f7ae1
--- /dev/null
+++ b/src/chrome/content/rules/Marcusoft.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Timed out:
+		- marcusoft.net, equivalent to www.marcusoft.net
+-->
+
+<ruleset name="Marcusoft.net">
+	<target host="marcusoft.net" />
+	<target host="www.marcusoft.net" />
+
+	<rule from="^http://marcusoft\.net/"
+		to="https://www.marcusoft.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarginalRevolution.com.xml b/src/chrome/content/rules/MarginalRevolution.com.xml
new file mode 100644
index 000000000000..e90bb8666255
--- /dev/null
+++ b/src/chrome/content/rules/MarginalRevolution.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="MarginalRevolution.com">
+	<target host="marginalrevolution.com" />
+	<target host="www.marginalrevolution.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marhab.xml b/src/chrome/content/rules/Marhab.xml
deleted file mode 100644
index 2bb8b8673e7b..000000000000
--- a/src/chrome/content/rules/Marhab.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(record_too_long)
-		- www1		(shows fb, mismatched, CN: fb1)
-
--->
-<ruleset name="Marhab (partial)">
-
-	<target host="*.marhab.com" />
-
-
-	<securecookie host="^fb1\.marhab\.com$" name=".+" />
-
-
-	<rule from="^http://(cdn4|fb1|static)\.marhab\.com/"
-		to="https://$1.marhab.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MariaDB.com.xml b/src/chrome/content/rules/MariaDB.com.xml
index 5c9d3f7d0631..ef14a713f8be 100644
--- a/src/chrome/content/rules/MariaDB.com.xml
+++ b/src/chrome/content/rules/MariaDB.com.xml
@@ -1,35 +1,42 @@
 <!--
 	Other MariaDB Corporation rulesets:
-
 		- Monty_Program.xml
 		- SkySQL.com.xml
 
+	Content mismatch:
+		download.mariadb.com
 
-	Problematic hosts in *mariadb.com:
-
-		- info *
-
-	* Hubspot
-
-
-	Mixed content:
-
-		- Image on info from cdn2.hubspot.net *
-
-	* Secured by us
+	Invalid certificate:
+		dl02.mariadb.com
+		feedback.mariadb.com
+		kbproxy.mariadb.com
+		maxscale-jenkins.mariadb.com
 
+	Timeout:
+		enterprise.mariadb.com
 -->
-<ruleset name="MariaDB.com (partial)">
+<ruleset name="MariaDB.com">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="mariadb.com" />
-	<!--target host="info.mariadb.com" /-->
-	<target host="support.mariadb.com" />
 	<target host="www.mariadb.com" />
+	<target host="cloud.mariadb.com" />
+	<target host="customers.mariadb.com" />
+	<target host="dlm.mariadb.com" />
+	<target host="downloads.mariadb.com" />
+	<target host="exam.mariadb.com" />
+	<target host="go.mariadb.com" />
+	<target host="go2.mariadb.com" />
+	<target host="id.mariadb.com" />
+	<target host="intranet.mariadb.com" />
+	<target host="jira-new.mariadb.com" />
+	<target host="maxscale-ci.mariadb.com" />
+	<target host="r.mariadb.com" />
+	<target host="sltk.mariadb.com" />
+	<target host="support.mariadb.com" />
+	<target host="training-exercises.mariadb.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MariaDB.org.xml b/src/chrome/content/rules/MariaDB.org.xml
new file mode 100644
index 000000000000..513f0485f663
--- /dev/null
+++ b/src/chrome/content/rules/MariaDB.org.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Monty Program coverage, see Monty_Program.xml.
+
+	Invalid certificate:
+		archive.mariadb.org
+		bugs.mariadb.org
+		mirmon.mariadb.org
+
+	Timeout:
+		foundation01.mariadb.org
+		old.mariadb.org
+-->
+<ruleset name="MariaDB.org">
+
+	<target host="mariadb.org" />
+	<target host="www.mariadb.org" />
+	<target host="blog.mariadb.org" />
+	<target host="buildbot.mariadb.org" />
+	<target host="ci.mariadb.org" />
+	<target host="dev.mariadb.org" />
+	<target host="download.mariadb.org" />
+	<target host="downloads.mariadb.org" />
+	<target host="fi.mariadb.org" />
+	<target host="hbm.mariadb.org" />
+	<target host="jira.mariadb.org" />
+	<target host="monitoring.mariadb.org" />
+	<target host="tools.mariadb.org" />
+	<target host="yum.mariadb.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/MariaDB.xml b/src/chrome/content/rules/MariaDB.xml
deleted file mode 100644
index 8e3459940db6..000000000000
--- a/src/chrome/content/rules/MariaDB.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Monty Program coverage, see Monty_Program.xml.
-
--->
-<ruleset name="MariaDB.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="mariadb.org" />
-	<target host="blog.mariadb.org" />
-	<target host="downloads.mariadb.org" />
-	<target host="www.mariadb.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maricopa-Community-Colleges.xml b/src/chrome/content/rules/Maricopa-Community-Colleges.xml
index 3c56344ecfde..e212b0bb55c7 100644
--- a/src/chrome/content/rules/Maricopa-Community-Colleges.xml
+++ b/src/chrome/content/rules/Maricopa-Community-Colleges.xml
@@ -10,7 +10,14 @@
 <ruleset name="Maricopa Community Colleges (partial)">
 
 	<target host="maricopa.edu" />
-	<target host="*.maricopa.edu" />
+	<target host="www.maricopa.edu" />
+	<target host="ecourses.maricopa.edu" />
+	<target host="eims.maricopa.edu" />
+	<target host="google.maricopa.edu" />
+	<target host="memo.maricopa.edu" />
+	<target host="memo2.maricopa.edu" />
+	<target host="memo3.maricopa.edu" />
+	<target host="student.sis.maricopa.edu" />
 	<!--	* for cross-domain cookie.	-->
 
 
@@ -23,7 +30,6 @@
 	<rule from="^http://(?:www\.)?maricopa\.edu/"
 		to="https://www.maricopa.edu/" />
 
-	<rule from="^http://(ecourses|eims|google|memo[23]?|student\.sis)\.maricopa\.edu/"
-		to="https://$1.maricopa.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marie_Claire.co.uk.xml b/src/chrome/content/rules/Marie_Claire.co.uk.xml
index b4b3979eeeb1..9f4f6d1648b0 100644
--- a/src/chrome/content/rules/Marie_Claire.co.uk.xml
+++ b/src/chrome/content/rules/Marie_Claire.co.uk.xml
@@ -34,4 +34,4 @@
 	<rule from="^http://(?:www\.)?marieclaire\.co\.uk/(css/|favicon\.ico|images/|js/)"
 		to="https://marieclaire.ipcmediasecure.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marijuana_Majority.xml b/src/chrome/content/rules/Marijuana_Majority.xml
deleted file mode 100644
index 40fe2a1fafa4..000000000000
--- a/src/chrome/content/rules/Marijuana_Majority.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	marijuana-majority.com.s133485.gridserver.com
-
--->
-<ruleset name="Marijauana Majority">
-
-	<target host="marijuanamajority.com" />
-	<target host="www.marijuanamajority.com" />
-
-
-	<securecookie host="^\.marijuanamajority\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marin_Software.xml b/src/chrome/content/rules/Marin_Software.xml
index 7e7c6e148e01..c91cc848f969 100644
--- a/src/chrome/content/rules/Marin_Software.xml
+++ b/src/chrome/content/rules/Marin_Software.xml
@@ -26,7 +26,7 @@ Fetch error: http://rt.marinsoftware.com/ => https://rt.marinsoftware.com/: (51,
 		- www.marinsoftware.de		(works, mismatched, CN: *.marinsoftware.com)
 
 -->
-<ruleset name="Marin Software.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Marin Software.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Marine_Depot.com.xml b/src/chrome/content/rules/Marine_Depot.com.xml
index 77d0b4f681c7..70d777292f35 100644
--- a/src/chrome/content/rules/Marine_Depot.com.xml
+++ b/src/chrome/content/rules/Marine_Depot.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="Marine Depot.com (partial)">
 
 	<target host="marinedepot.com" />
-	<target host="*.marinedepot.com" />
+	<target host="www.marinedepot.com" />
+	<target host="shop.marinedepot.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -25,7 +26,7 @@
 			Exceptions:
 					-->
 		<!--exclusion pattern="^http://(www\.)?marinedepot\.com/+(?!App_Themes/|favicon\.ico)" /-->
-	
+
 
 	<rule from="^http://(?:www\.)?marinedepot\.com/(?=App_Themes/|favicon\.ico)"
 		to="https://www.marinedepot.com/" />
diff --git a/src/chrome/content/rules/MarinellaRose.com.xml b/src/chrome/content/rules/MarinellaRose.com.xml
index 5368072fe7f7..20d6369f27a9 100644
--- a/src/chrome/content/rules/MarinellaRose.com.xml
+++ b/src/chrome/content/rules/MarinellaRose.com.xml
@@ -8,18 +8,17 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bellareed.com/ => https://bellareed.com/: (7, 'Failed to connect to bellareed.com port 443: Connection refused')
 Fetch error: http://marinellarose.com/ => https://marinellarose.com/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
 -->
-<ruleset name="MarinellaRose.com" default_off='failed ruleset test'>
+<ruleset name="MarinellaRose.com" default_off="failed ruleset test">
 
 	<target host="bellareed.com" />
-	<target host="*.bellareed.com" />
+	<target host="www.bellareed.com" />
 	<target host="marinellarose.com" />
-	<target host="*.marinellarose.com" />
+	<target host="www.marinellarose.com" />
 
 
 	<securecookie host="^(?:w*\.)?(?:bellareed|marinellarose)\.com" name=".+" />
 
 
-	<rule from="^http://(www\.)?(bellareed|marinellarose)\.com/"
-		to="https://$1$2.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MarioWiki.com.xml b/src/chrome/content/rules/MarioWiki.com.xml
deleted file mode 100644
index ceaaa04656e9..000000000000
--- a/src/chrome/content/rules/MarioWiki.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="MarioWiki.com">
-	<target host="mariowiki.com" />
-	<target host="www.mariowiki.com" />
-	<target host="cpanel.mariowiki.com" />
-	<target host="forum.mariowiki.com" />
-	<target host="www.forum.mariowiki.com" />
-	<target host="mail.mariowiki.com" />
-	<target host="webdisk.mariowiki.com" />
-	<target host="webmail.mariowiki.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Marion_Star.xml b/src/chrome/content/rules/Marion_Star.xml
index 3a515a6bfb34..068000965113 100644
--- a/src/chrome/content/rules/Marion_Star.xml
+++ b/src/chrome/content/rules/Marion_Star.xml
@@ -11,7 +11,8 @@
 <ruleset name="The Marion Star">
 
 	<target host="marionstar.com" />
-	<target host="*.marionstar.com" />
+	<target host="cmsimg.marionstar.com" />
+	<target host="www.marionstar.com" />
 
 
 	<rule from="^http://(?:cmsimg\.|www\.)?marionstar\.com/"
diff --git a/src/chrome/content/rules/Mark-Monitor.xml b/src/chrome/content/rules/Mark-Monitor.xml
index 6c60213d3aed..294f66802f96 100644
--- a/src/chrome/content/rules/Mark-Monitor.xml
+++ b/src/chrome/content/rules/Mark-Monitor.xml
@@ -11,7 +11,8 @@
 <ruleset name="Mark Monitor">
 
 	<target host="markmonitor.com" />
-	<target host="*.markmonitor.com" />
+	<target host="www.markmonitor.com" />
+	<target host="corp.markmonitor.com" />
 
 
 	<securecookie host="^corp\.markmonitor\.com$" name=".+" />
@@ -23,7 +24,6 @@
 	<rule from="^http://(?:www\.)?markmonitor\.com/"
 		to="https://www.markmonitor.com/" />
 
-	<rule from="^http://corp\.markmonitor\.com/"
-		to="https://corp.markmonitor.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MarkMail.xml b/src/chrome/content/rules/MarkMail.xml
index 4cb3fdbb8dd2..9526ee1f77fa 100644
--- a/src/chrome/content/rules/MarkMail.xml
+++ b/src/chrome/content/rules/MarkMail.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?markmail\.biz/"
 		to="https://markmail.biz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MarkRuler.xml b/src/chrome/content/rules/MarkRuler.xml
index bbede6e47b43..15cdc31997dc 100644
--- a/src/chrome/content/rules/MarkRuler.xml
+++ b/src/chrome/content/rules/MarkRuler.xml
@@ -4,7 +4,7 @@
 	<target host="*.conversionruler.com" />
 
 
-	<securecookie host="^(?:.*\.)?conversionruler\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?conversionruler\.com/"
diff --git a/src/chrome/content/rules/MarkShuttleworth.com.xml b/src/chrome/content/rules/MarkShuttleworth.com.xml
new file mode 100644
index 000000000000..a988f731ce53
--- /dev/null
+++ b/src/chrome/content/rules/MarkShuttleworth.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MarkShuttleworth.com">
+	<target host="markshuttleworth.com" />
+	<target host="www.markshuttleworth.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mark_NG.co.uk.xml b/src/chrome/content/rules/Mark_NG.co.uk.xml
index b624947aba5a..88d74ad3b257 100644
--- a/src/chrome/content/rules/Mark_NG.co.uk.xml
+++ b/src/chrome/content/rules/Mark_NG.co.uk.xml
@@ -5,7 +5,7 @@ Fetch error: http://markng.co.uk/ => https://markng.co.uk/: (35, 'error:140770FC
 Fetch error: http://www.markng.co.uk/ => https://www.markng.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 
 -->
-<ruleset name="Mark NG.co.uk" default_off='failed ruleset test'>
+<ruleset name="Mark NG.co.uk" default_off="failed ruleset test">
 
 	<target host="markng.co.uk" />
 	<target host="www.markng.co.uk" />
diff --git a/src/chrome/content/rules/Markee_Dragon.xml b/src/chrome/content/rules/Markee_Dragon.xml
index a2ef97a0851e..96618859f189 100644
--- a/src/chrome/content/rules/Markee_Dragon.xml
+++ b/src/chrome/content/rules/Markee_Dragon.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://markeedragon.com/ => https://markeedragon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'markeedragon.com'")
 Fetch error: http://www.markeedragon.com/ => https://www.markeedragon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.markeedragon.com'")
 -->
-<ruleset name="Markee Dragon" default_off='failed ruleset test'>
+<ruleset name="Markee Dragon" default_off="failed ruleset test">
 
 	<target host="markeedragon.com" />
 	<target host="www.markeedragon.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.markeedragon.com/ => https://www.markeedragon.com/: (51,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Market_Dojo.xml b/src/chrome/content/rules/Market_Dojo.xml
index e8b923bfe31b..db7e05f179ba 100644
--- a/src/chrome/content/rules/Market_Dojo.xml
+++ b/src/chrome/content/rules/Market_Dojo.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://community.marketdojo.com/ => https://community.marketdojo.com/: (51, "SSL: no alternative certificate subject name matches target host name 'community.marketdojo.com'")
 
 -->
-<ruleset name="Market Dojo" default_off='failed ruleset test'>
+<ruleset name="Market Dojo" default_off="failed ruleset test">
 
 	<target host="marketdojo.com" />
 	<target host="community.marketdojo.com" />
@@ -12,9 +12,9 @@ Fetch error: http://community.marketdojo.com/ => https://community.marketdojo.co
 	<target host="www.marketdojo.com" />
 
 
-	<securecookie host="^(?:.*\.)?marketdojo\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marketing_G2.xml b/src/chrome/content/rules/Marketing_G2.xml
index a8f899bf4921..d2fd4c270d89 100644
--- a/src/chrome/content/rules/Marketing_G2.xml
+++ b/src/chrome/content/rules/Marketing_G2.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marketing_Matters.xml b/src/chrome/content/rules/Marketing_Matters.xml
index 3c17acb4d807..7308486375f7 100644
--- a/src/chrome/content/rules/Marketing_Matters.xml
+++ b/src/chrome/content/rules/Marketing_Matters.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marketing_Research.org.xml b/src/chrome/content/rules/Marketing_Research.org.xml
index 1366b9da2560..18e37d3e35cd 100644
--- a/src/chrome/content/rules/Marketing_Research.org.xml
+++ b/src/chrome/content/rules/Marketing_Research.org.xml
@@ -21,7 +21,7 @@
 <ruleset name="Marketing Research.org (partial)" default_off="mismatched">
 
 	<target host="marketingresearch.org" />
-	<target host="*.marketingresearch.org" />
+	<target host="www.marketingresearch.org" />
 
 
 	<securecookie host="^\.marketingresearch\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Marketplace.org.xml b/src/chrome/content/rules/Marketplace.org.xml
deleted file mode 100644
index 7a0268d1d150..000000000000
--- a/src/chrome/content/rules/Marketplace.org.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-			 - autodiscover.marketplace.org
-
-		Timeout was reached:
-			 - mail.marketplace.org
-
-		SSL peer certificate was not OK:
-			 - beta.marketplace.org
-			 - longform.marketplace.org
-			 - thenumbers.marketplace.org
--->
-<ruleset name="Marketplace.org (partial)">
-	<target host="marketplace.org" />
-	<target host="www.marketplace.org" />
-	<target host="cms.marketplace.org" />
-		<test url="http://cms.marketplace.org/sites/default/files/morning.jpg" />
-	<target host="features.marketplace.org" />
-		<test url="http://features.marketplace.org/yourstateonwelfare/" />
-	<target host="origin-www.marketplace.org" />
-	<target host="ssl.marketplace.org" />
-
-	<securecookie host="^(www\.)?marketplace\.org$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Marketplace_Used.xml b/src/chrome/content/rules/Marketplace_Used.xml
deleted file mode 100644
index ec2a0a9f99b6..000000000000
--- a/src/chrome/content/rules/Marketplace_Used.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Marketplace Used (partial)">
-
-	<target host="marketplace-used.com" />
-	<target host="www.marketplace-used.com" />
-
-
-	<rule from="^http://(www\.)?marketplace-used\.com/(addons/|geo_templates/|index\.php\?a=10|user_images/)"
-		to="https://$1marketplace-used.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marketstudio.net.xml b/src/chrome/content/rules/Marketstudio.net.xml
deleted file mode 100644
index 697040a9f667..000000000000
--- a/src/chrome/content/rules/Marketstudio.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Digital River coverage, see Digital-River.xml.
-
--->
-<ruleset name="marketstudio.net">
-
-	<target host="reservoir.marketstudio.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Marketwatch.com.xml b/src/chrome/content/rules/Marketwatch.com.xml
index a7010dc3201e..a8e02c9f0c79 100644
--- a/src/chrome/content/rules/Marketwatch.com.xml
+++ b/src/chrome/content/rules/Marketwatch.com.xml
@@ -1,39 +1,41 @@
 <!--
 	Other News Corporation rulesets:
-		+ News-Corporation.xml
-		+ News-Corporation-mismatches.xml
+		- News-Corporation-mismatches.xml
 
-	Non-functional hosts
+	Non-functional hosts:
 		Couldn't connect to server:
-		- sm.marketwatch.com
+			- sm.marketwatch.com
+
+		Expired certificate:
+			- id.marketwatch.com
 
 		Timeout was reached:
-		- admin.marketwatch.com
+			- admin.marketwatch.com
 
 		SSL peer certificate was not OK:
-		- communitycontent.marketwatch.com
+			- communitycontent.marketwatch.com
 
 		Peer certificate cannot be authenticated with given CA certificates:
-		- marketwatch.com
-		- store.marketwatch.com
+			- marketwatch.com
+			- store.marketwatch.com
 
 		4xx client error:
-		- i.marketwatch.com
-		- static.marketwatch.com
+			- i.marketwatch.com
+			- static.marketwatch.com
 
 		5xx server error:
-		- portfolio.marketwatch.com
+			- portfolio.marketwatch.com
 
 		Secure connection redirects to plaintext:
-		- blogs.marketwatch.com
+			- blogs.marketwatch.com
 -->
+
 <ruleset name="Marketwatch.com">
 	<target host="marketwatch.com" />
 	<target host="www.marketwatch.com" />
 	<target host="accounts.marketwatch.com" />
 	<target host="dev.accounts.marketwatch.com" />
 	<target host="int.accounts.marketwatch.com" />
-	<target host="id.marketwatch.com" />
 	<target host="s.marketwatch.com" />
 	<target host="s1.marketwatch.com" />
 	<target host="s2.marketwatch.com" />
@@ -42,8 +44,7 @@
 	<target host="secure.marketwatch.com" />
 
 	<rule from="^http://marketwatch\.com/"
-			to="https://www.marketwatch.com/" />
+		to="https://www.marketwatch.com/" />
 
-	<rule from="^http:" 
-			to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marketwire.com.xml b/src/chrome/content/rules/Marketwire.com.xml
deleted file mode 100644
index 7cb5d7dcc1f8..000000000000
--- a/src/chrome/content/rules/Marketwire.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Marketwire">
-
-	<target host="marketwire.com" />
-	<target host="media.marketwire.com" />
-	<target host="www.marketwire.com" />
-
-	<rule from="^http://(?:www\.)?marketwire\.com/"
-		to="https://marketwire.com/" />
-
-	<rule from="^http://media\.marketwire\.com/"
-		to="https://media.marketwire.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Markit.xml b/src/chrome/content/rules/Markit.xml
index b7a70d7eafa6..bdbe4338ad4c 100644
--- a/src/chrome/content/rules/Markit.xml
+++ b/src/chrome/content/rules/Markit.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Markit rulesets:
 
-		- Markit_On_Demand.xml
 		- OpenF2.org.xml
 
 
@@ -22,18 +21,16 @@
 
 	<target host="markit.com" />
 	<target host="*.markit.com" />
+    <test url="http://wso.markit.com/" />
+    <test url="http://outreach360.uat.markit.com/" />
+    <test url="http://ufeqa.markit.com/" />
 
 
 	<securecookie host="^.*\.markit\.com$" name=".+" />
 
-
 	<rule from="^http://markit\.com/"
 		to="https://www.markit.com/" />
 
-	<rule from="^http://(web\.apps|www)\.markit\.com/"
-		to="https://$1.markit.com/" />
-
-	<rule from="^http://(?:www\.)?feedback\.markit\.com/dashboard/(?:\w+\.(?:cs|j)s|org/)"
-		to="https://www.clicktools.com/dashboard/$1" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Markit_On_Demand.xml b/src/chrome/content/rules/Markit_On_Demand.xml
deleted file mode 100644
index b049273ba88c..000000000000
--- a/src/chrome/content/rules/Markit_On_Demand.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	For other Markit coverage, see Markit.xml.
-
-
-	Fully covered domains:
-
-		- wallst.com subdomains:
-
-			- (www.)
-			- cdn.markit
-			- media.scottrade
-
-		- *.wsod.com:
-
-			- ad
-			- admedia
-
-		- ad.wsodcdn.com
-		- media.wsodcdn.com
-
--->
-<ruleset name="Markit On Demand">
-
-	<target host="wallst.com" />
-	<target host="*.wallst.com" />
-	<target host="*.wsod.com" />
-	<target host="*.wsodcdn.com" />
-
-
-	<securecookie host="^(?:www\.)?wallst\.com$" name=".+" />
-	<securecookie host=".*\.wsod\.com$" name=".+" />
-
-
-	<rule from="^http://((?:cdn\.markit|media\.scottrade|www)\.)?wallst\.com/"
-		to="https://$1wallst.com/" />
-
-	<rule from="^http://([\w-]+)\.wsod\.com/"
-		to="https://$1.wsod.com/" />
-
-	<rule from="^http://(ad|media)\.wsodcdn\.com/"
-		to="https://$1.wsodcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Marktplaats.com.xml b/src/chrome/content/rules/Marktplaats.com.xml
new file mode 100644
index 000000000000..9f36b0cae498
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaats.com.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+
+
+	Non-functional subdomains:
+		- $self		(t)
+		- www		(m)
+		- cps		(t)
+		- e-mail	(m)
+		- gss		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Marktplaats.com">
+
+	<target host="aanbieding.marktplaats.com" />
+	<target host="bigthumbs.marktplaats.com" />
+	<target host="fotos.marktplaats.com" />
+	<target host="i.marktplaats.com" />
+	<target host="kwsug.marktplaats.com" />
+	<target host="pers.marktplaats.com" />
+	<target host="s.marktplaats.com" />
+	<target host="static.marktplaats.com" />
+	<target host="statisch.marktplaats.com" />
+	<target host="thumbs.marktplaats.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marktplaats.nl.xml b/src/chrome/content/rules/Marktplaats.nl.xml
new file mode 100644
index 000000000000..b959988e1a07
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaats.nl.xml
@@ -0,0 +1,139 @@
+<!--
+	Other Marktplaats rulesets:
+		- Marktplaats.com.xml
+		- Marktplaatsautojournaal.nl.xml
+		- Marktplaatsjournaal.nl.xml
+		- Marktplaatsperskamer.nl.xml
+		- Nieuweautokopen.nl.xml
+
+
+	Non-functional subdomains:
+		- adyen	(i)
+		- cas-integration	(t)
+		- chat2	(r)
+		- csbizapp	(t)
+		- csreports	(t)
+		- e-mail	(m)
+		- gss	(r)
+		- help	(i)
+		- imx1	(r)
+		- imx2	(r)
+		- marketingactie	(m)
+		- marketingprogramma	(m)
+		- mededelingen	(i)
+		- meldingtransactiegeschil	(t)
+		- ntd	(t)
+		- payreports	(t)
+		- www.perskamer	(m)
+		- securemx	(t)
+		- worldpay	(t)
+		- ww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Marktplaats.nl">
+
+	<target host="marktplaats.nl" />
+	<target host="www.marktplaats.nl" />
+	<target host="aanbieding.marktplaats.nl" />
+	<target host="admarkt.marktplaats.nl" />
+	<target host="antiek-kunst.marktplaats.nl" />
+	<target host="api.marktplaats.nl" />
+	<target host="audio-tv-foto.marktplaats.nl" />
+	<target host="audio-video.marktplaats.nl" />
+	<target host="auth.marktplaats.nl" />
+	<target host="auto.marktplaats.nl" />
+	<target host="auto-diversen.marktplaats.nl" />
+	<target host="auto-onderdelen.marktplaats.nl" />
+	<target host="autoonderdelen.marktplaats.nl" />
+	<target host="banen.marktplaats.nl" />
+	<target host="betalingen.marktplaats.nl" />
+	<target host="bigthumbs.marktplaats.nl" />
+	<target host="boeken.marktplaats.nl" />
+	<target host="bouw-tuin.marktplaats.nl" />
+	<target host="caravan-kamperen.marktplaats.nl" />
+	<target host="cd-dvd.marktplaats.nl" />
+	<target host="chat0.marktplaats.nl" />
+	<target host="chat1.marktplaats.nl" />
+	<target host="computer-hardware.marktplaats.nl" />
+	<target host="computer-software.marktplaats.nl" />
+	<target host="contacten.marktplaats.nl" />
+	<target host="dealerdashboard.marktplaats.nl" />
+	<target host="diensten.marktplaats.nl" />
+	<target host="diensten-vakmensen.marktplaats.nl" />
+	<target host="dieren.marktplaats.nl" />
+	<target host="diversen.marktplaats.nl" />
+	<target host="doe-het-zelf-verbouw.marktplaats.nl" />
+	<target host="elektronica.marktplaats.nl" />
+	<target host="eml.marktplaats.nl" />
+	<target host="expert.marktplaats.nl" />
+	<target host="fiets.marktplaats.nl" />
+	<target host="fietsen-brommers.marktplaats.nl" />
+	<target host="fotografie.marktplaats.nl" />
+	<target host="fotos.marktplaats.nl" />
+	<target host="gateway.marktplaats.nl" />
+	<target host="gsm-telecom.marktplaats.nl" />
+	<target host="hobby.marktplaats.nl" />
+	<target host="huis-huren.marktplaats.nl" />
+	<target host="huis-inrichting.marktplaats.nl" />
+	<target host="huis-kopen.marktplaats.nl" />
+	<target host="huizen.marktplaats.nl" />
+	<target host="kind-baby.marktplaats.nl" />
+	<target host="kleding.marktplaats.nl" />
+	<target host="kleding-schoenen-dames.marktplaats.nl" />
+	<target host="kleding-schoenen-heren.marktplaats.nl" />
+	<target host="klussen.marktplaats.nl" />
+	<target host="koopjes.marktplaats.nl" />
+	<target host="kopen.marktplaats.nl" />
+	<target host="link.marktplaats.nl" />
+	<target host="m.marktplaats.nl" />
+	<target host="mktg.marktplaats.nl" />
+	<target host="img.mktg.marktplaats.nl" />
+	<target host="img-cdn.mktg.marktplaats.nl" />
+	<target host="secure.img-cdn.mktg.marktplaats.nl" />
+	<target host="motor-brommer.marktplaats.nl" />
+	<target host="motoren.marktplaats.nl" />
+	<target host="muziek.marktplaats.nl" />
+	<target host="nieuw.marktplaats.nl" />
+	<target host="nieuweauto.marktplaats.nl" />
+	<target host="nps.marktplaats.nl" />
+	<target host="outlet.marktplaats.nl" />
+	<target host="partner.marktplaats.nl" />
+	<target host="pers.marktplaats.nl" />
+	<target host="perskamer.marktplaats.nl" />
+	<target host="postzegels-munten.marktplaats.nl" />
+	<target host="proeftuin.marktplaats.nl" />
+	<target host="rbb.marktplaats.nl" />
+	<target host="recommendations.marktplaats.nl" />
+	<target host="sentry.marktplaats.nl" />
+	<target host="sieraden-tassen-uiterlijk.marktplaats.nl" />
+	<target host="slimmedeals.marktplaats.nl" />
+	<target host="spelcomputers-games.marktplaats.nl" />
+	<target host="sport.marktplaats.nl" />
+	<target host="static.marktplaats.nl" />
+	<target host="statisch.marktplaats.nl" />
+	<target host="thumbs.marktplaats.nl" />
+	<target host="tickets-kaartjes.marktplaats.nl" />
+	<target host="top40.marktplaats.nl" />
+	<target host="toppers.marktplaats.nl" />
+	<target host="tuin-terras.marktplaats.nl" />
+	<target host="vacatures.marktplaats.nl" />
+	<target host="vakantie.marktplaats.nl" />
+	<target host="verkopen.marktplaats.nl" />
+	<target host="verkopers.marktplaats.nl" />
+	<target host="vernieuwd.marktplaats.nl" />
+	<target host="verzamelen.marktplaats.nl" />
+	<target host="watersport.marktplaats.nl" />
+	<target host="witgoed-apparatuur.marktplaats.nl" />
+	<target host="zakelijk.marktplaats.nl" />
+	<target host="zoeken.marktplaats.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marktplaats.xml b/src/chrome/content/rules/Marktplaats.xml
deleted file mode 100644
index 91b1e241f031..000000000000
--- a/src/chrome/content/rules/Marktplaats.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Mismatch:
-		help.marktplaats.nl
-
-		www.marktplaats.com
-
-	Timeout:
-		marktplaats.com
--->
-<ruleset name="Marktplaats">
-	<target host="marktplaats.nl" />
-	<target host="www.marktplaats.nl" />
-		<test url="http://www.marktplaats.nl/kijkinuwwijk.html" />
-	<target host="aanbieding.marktplaats.nl" />
-	<target host="admarkt.marktplaats.nl" />
-	<target host="api.marktplaats.nl" />
-	<target host="klussen.marktplaats.nl" />
-	<target host="perskamer.marktplaats.nl" />
-	<target host="statisch.marktplaats.nl" />
-
-	<target host="marktplaatsperskamer.nl" />
-	<target host="www.marktplaatsperskamer.nl" />
-
-	<target host="aanbieding.marktplaats.com" />
-	<target host="statisch.marktplaats.com" />
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Marktplaatsperskamer.nl.xml b/src/chrome/content/rules/Marktplaatsperskamer.nl.xml
new file mode 100644
index 000000000000..aee48cb2dddf
--- /dev/null
+++ b/src/chrome/content/rules/Marktplaatsperskamer.nl.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Marktplaats coverage, see Marktplaats.nl.xml
+-->
+<ruleset name="Marktplaatsperskamer.nl">
+	<target host="marktplaatsperskamer.nl" />
+	<target host="www.marktplaatsperskamer.nl" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Marsupi.org.xml b/src/chrome/content/rules/Marsupi.org.xml
index 5288edf0dbde..a834a2dfab6c 100644
--- a/src/chrome/content/rules/Marsupi.org.xml
+++ b/src/chrome/content/rules/Marsupi.org.xml
@@ -26,7 +26,7 @@
 <ruleset name="Marsupi.org (partial)" default_off="self-signed">
 
 	<target host="marsupi.org" />
-	<target host="*.marsupi.org" />
+	<target host="www.marsupi.org" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Martha-Stewart-mismatches.xml b/src/chrome/content/rules/Martha-Stewart-mismatches.xml
index 403972dcbe2f..cc9648cdba8b 100644
--- a/src/chrome/content/rules/Martha-Stewart-mismatches.xml
+++ b/src/chrome/content/rules/Martha-Stewart-mismatches.xml
@@ -6,24 +6,21 @@
 
 	<target host="shop.marthastewart.com" />
 	<target host="community.wholeliving.com" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.community.wholeliving.com" />
 	<target host="wholelivingdaily.wholeliving.com" />
+	<!--	* for cross-domain cookie.	-->
+
 
 
 	<securecookie host="^\.community\.wholeliving\.com$" name=".+" />
 
 
 	<!--	Cert: storefront.amazon.com	-->
-	<rule from="^http://shop\.marthastewart\.com/"
-		to="https://shop.marthastewart.com/" />
+	<rule from="^http:" to="https:" />
 
 	<!--	Cert: *.ning.com	-->
-	<rule from="^http://community\.wholeliving\.com/"
-		to="https://community.wholeliving.com/" />
+
 
 	<!--	Expired, self-signed	-->
-	<rule from="^http://wholelivingdaily\.wholeliving\.com/"
-		to="https://wholelivingdaily.wholeliving.com/" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Martha-Stewart.xml b/src/chrome/content/rules/Martha-Stewart.xml
index 82fea4ec88d7..3e5f931a71ea 100644
--- a/src/chrome/content/rules/Martha-Stewart.xml
+++ b/src/chrome/content/rules/Martha-Stewart.xml
@@ -17,10 +17,16 @@
 <ruleset name="Martha Stewart (partial)">
 
 	<target host="marthastewart.com" />
-	<target host="*.marthastewart.com" />
+	<target host="www.marthastewart.com" />
+	<target host="images.marthastewart.com" />
+	<target host="my.marthastewart.com" />
+	<target host="metric.marthastewart.com" />
 	<target host="marthastewartweddings.com" />
-	<target host="*.marthastewartweddings.com" />
-	<target host="*.wholeliving.com" />
+	<target host="www.marthastewartweddings.com" />
+	<target host="images.marthastewartweddings.com" />
+	<target host="my.marthastewartweddings.com" />
+	<target host="images.wholeliving.com" />
+	<target host="my.wholeliving.com" />
 
 
 	<securecookie host="^my\.marthastewart(?:weddings)?\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Martus.xml b/src/chrome/content/rules/Martus.xml
index 1c6aef84b27c..27f560f78ea3 100644
--- a/src/chrome/content/rules/Martus.xml
+++ b/src/chrome/content/rules/Martus.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Marvel_Heroes.com.xml b/src/chrome/content/rules/Marvel_Heroes.com.xml
deleted file mode 100644
index 604a8d81fff8..000000000000
--- a/src/chrome/content/rules/Marvel_Heroes.com.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-<!--
-	CDN buckets:
-
-		- cds.u2a6i5j4.hwcdn.net
-
-			- cscdn
-
-
-	Nonfunctional subdomains:
-
-		- cscdn *
-
-	* Dropped
-
-	Fully covered subdomains:
-
-		- (www.)
-		- forums
-		- login
-		- store
-
-
-	These altnames don't exist:
-
-		- www.forums.marvelheroes.com
-
-
-	Observed cookie domains:
-
-		- login *
-		- .store *
-
-	* Secured by us <= not secured by server
-
-
-	Mixed content:
-
-		- Images on store from cscdn *
-
-	* Unsecurable
-
--->
-<ruleset name="Marvel Heroes.com (partial)">
-
-	<target host="marvelheroes.com" />
-	<target host="*.marvelheroes.com" />
-		<!--exclusion pattern="^http://cscdn\.marvelheroes\.com/" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^(?:login|\.store)\.marvelheroes\.com$" name=".+" />
-
-
-	<rule from="^http://((?:forums|login|store|www)\.)?marvelheroes\.com/"
-		to="https://$1marvelheroes.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Marvel_Store.xml b/src/chrome/content/rules/Marvel_Store.xml
index f3c262e71a88..fa043d1d8a4e 100644
--- a/src/chrome/content/rules/Marvel_Store.xml
+++ b/src/chrome/content/rules/Marvel_Store.xml
@@ -27,7 +27,7 @@ Fetch error: http://cdn.static1.marvelstore.com/ => https://cdn.static1.marvelst
 		- www	(some pages redirect to http)
 
 -->
-<ruleset name="Marvel Store.com" default_off='failed ruleset test'>
+<ruleset name="Marvel Store.com" default_off="failed ruleset test">
 
 	<target host="img.marvelstore.com" />
 	<target host="static1.marvelstore.com" />
diff --git a/src/chrome/content/rules/Marvell.xml b/src/chrome/content/rules/Marvell.xml
index 10a4a1f92dbe..cae1d49bab89 100644
--- a/src/chrome/content/rules/Marvell.xml
+++ b/src/chrome/content/rules/Marvell.xml
@@ -1,7 +1,9 @@
 <ruleset name="Marvell">
 
 	<target host="marvell.com"/>
-	<target host="*.marvell.com"/>
+	<target host="www.marvell.com" />
+	<target host="origin-www.marvell.com" />
+	<target host="extranet.marvell.com" />
 
 
 	<securecookie host="^origin-www\.marvell\.com$" name=".+" />
@@ -11,7 +13,6 @@
 	<rule from="^http://(?:(?:origin-)?www\.)?marvell\.com/"
 		to="https://origin-www.marvell.com/"/>
 
-	<rule from="^http://extranet\.marvell\.com/"
-		to="https://extranet.marvell.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Marxists.xml b/src/chrome/content/rules/Marxists.xml
deleted file mode 100644
index 0373541b1918..000000000000
--- a/src/chrome/content/rules/Marxists.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Invalid certificate:
-		marx.org
-		www.marx.org
-
-	No working URL known:
-		nuremburg.marxists.org
-		search.marxists.org
-
--->
-<ruleset name="Marxists Internet Archive ">
-
-	<target host="marxists.org" />
-	<target host="www.marxists.org" />
-	<target host="chrs-scc-cm.marxists.org" />
-	<target host="lists.marxists.org" />
-	<target host="mail.marxists.org" />
-	<target host="nemesis.marxists.org" />
-
-	<target host="marx.org" />
-	<target host="www.marx.org" />
-
-	<rule from="^http://(www\.)?marx\.org/"
-		to="https://www.marxists.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maryland_Shooters.xml b/src/chrome/content/rules/Maryland_Shooters.xml
index a46cb1e98745..663d091e1190 100644
--- a/src/chrome/content/rules/Maryland_Shooters.xml
+++ b/src/chrome/content/rules/Maryland_Shooters.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mashape.com.xml b/src/chrome/content/rules/Mashape.com.xml
index 712f6beb7898..456776cc26dc 100644
--- a/src/chrome/content/rules/Mashape.com.xml
+++ b/src/chrome/content/rules/Mashape.com.xml
@@ -5,7 +5,6 @@ Fetch error: http://api.analytics.mashape.com/ => https://api.analytics.mashape.
 
 	Other Mashape rulesets:
 
-		- API_Analytics.com.xml
 
 
 	CDN buckets:
@@ -26,7 +25,7 @@ Fetch error: http://api.analytics.mashape.com/ => https://api.analytics.mashape.
 		- www.mashape.com
 
 -->
-<ruleset name="Mashape.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mashape.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mashery.com.xml b/src/chrome/content/rules/Mashery.com.xml
new file mode 100644
index 000000000000..163d387adfb5
--- /dev/null
+++ b/src/chrome/content/rules/Mashery.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- content.developer.mashery.com
+		- tms.mashery.com
+		- visit.mashery.com
+
+		Redirect to HTTP:
+		- iata.mashery.com
+-->
+<ruleset name="Mashery.com (partial)">
+	<target host="mashery.com" />
+	<target host="www.mashery.com" />
+	<target host="dnbdirect.admin.mashery.com" />
+	<target host="hoovers.admin.mashery.com" />
+	<target host="nbcuni.admin.mashery.com" />
+	<target host="constantcontact.mashery.com" />
+	<target host="coxautoinc.mashery.com" />
+	<target host="demo1.mashery.com" />
+	<target host="dev.mashery.com" />
+	<target host="developer.mashery.com" />
+	<target host="docs.mashery.com" />
+	<target host="manheim.mashery.com" />
+	<target host="secure.mashery.com" />
+	<target host="sensis.mashery.com" />
+	<target host="stagingcs1.mashery.com" />
+	<target host="stagingcs9.mashery.com" />
+	<target host="support.mashery.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mashery.xml b/src/chrome/content/rules/Mashery.xml
deleted file mode 100644
index 35f44a598e33..000000000000
--- a/src/chrome/content/rules/Mashery.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://visit.mashery.com/ => https://visit.mashery.com/: (60, 'SSL certificate problem: certificate has expired')
-
-	CDN buckets:
-
-		- s3.amazonaws.com/content.developer.mashery.com/
-
-
-	Nonfunctional subdomains:
-
-		- blog		(Dropped)
-
-
-	^mashery.com: Refused
-
-
-	Partially covered hosts in *mashery.com:
-
-		- dev *
-		- developer *
-		- support *
-
-	* Some pages redirect to http
-
-
-	Fully covered hosts in *mashery.com:
-
-		- (www.)?		(^ → www)
-		- demo1
-		- content.developer	(→ s3.amazonaws.com)
-		- secure
-		- visit
-
-
-	Insecure cookies are set for these hosts:
-
-		- visit.mashery.com
-
--->
-<ruleset name="Mashery.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="demo1.mashery.com" />
-	<target host="dev.mashery.com" />
-	<target host="developer.mashery.com" />
-	<target host="secure.mashery.com" />
-	<target host="support.mashery.com" />
-	<target host="visit.mashery.com" />
-	<target host="www.mashery.com" />
-
-	<!--	Complications:
-				-->
-	<target host="mashery.com" />
-	<target host="content.developer.mashery.com" />
-
-		<!--	At least the home page 301s to http.
-
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:dev|developer|support)\.mashery\.com/(?!files/|public/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://dev.mashery.com/apis" />
-			<test url="http://developer.mashery.com/apis" />
-			<test url="http://support.mashery.com/GettingStarted" />
-
-			<!--	-ve:
-					-->
-			<test url="http://dev.mashery.com/public/Mashery/styles/Iodocs/prettify.css" />
-			<test url="http://developer.mashery.com/files/developernetwork-theme1.79.css" />
-			<test url="http://developer.mashery.com/public/Mashery/styles/print-default.css" />
-			<test url="http://support.mashery.com/public/Mashery/images/masherysupport/local.gif" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^visit\.mashery\.com$" name="^BIGipServer[\w-]+$" /-->
-
-	<securecookie host="^(?:secure|visit)\.mashery\.com$" name=".+" />
-
-
-	<!--	Redirect keeps forward
-		slash, path, and args:
-					-->
-	<rule from="^http://mashery\.com/"
-		to="https://www.mashery.com/" />
-
-	<rule from="^http://content\.developer\.mashery\.com/"
-		to="https://s3.amazonaws.com/content.developer.mashery.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MassLive.com.xml b/src/chrome/content/rules/MassLive.com.xml
index 698dc4750d5b..6f66784d86da 100644
--- a/src/chrome/content/rules/MassLive.com.xml
+++ b/src/chrome/content/rules/MassLive.com.xml
@@ -58,7 +58,7 @@ Fetch error: http://marketingsolutions.masslive.com/ => https://marketingsolutio
 	* Secured by us
 
 -->
-<ruleset name="MassLive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MassLive.com (partial)" default_off="failed ruleset test">
 
 	<target host="marketingsolutions.masslive.com" />
 		<!--exclusion pattern="http://(blog|connect|jobs|www)\.masslive\.com/" /-->
diff --git a/src/chrome/content/rules/Mass_Relevance.xml b/src/chrome/content/rules/Mass_Relevance.xml
index 35a8681bb5ed..460b4af4897a 100644
--- a/src/chrome/content/rules/Mass_Relevance.xml
+++ b/src/chrome/content/rules/Mass_Relevance.xml
@@ -23,21 +23,19 @@
 <ruleset name="Mass Relevance">
 
 	<target host="massrelevance.com" />
-	<target host="*.massrelevance.com" />
+	<target host="api.massrelevance.com" />
+	<target host="secure-up.massrelevance.com" />
+	<target host="up.massrelevance.com" />
 	<target host="tweetriver.com" />
-	<target host="*.tweetriver.com" />
+	<target host="www.tweetriver.com" />
+	<target host="proxy.tweetriver.com" />
 
 
-	<rule from="^http://(api\.|secure-up\.)?massrelevance\.com/"
-		to="https://$1massrelevance.com/" />
 
-	<rule from="^http://up\.massrelevance\.com/"
-		to="https://d1rts87l9itzp2.cloudfront.net/" />
 
 	<rule from="^http://(?:www\.)?tweetriver\.com/"
 		to="https://tweetriver.com/" />
 
-	<rule from="^http://proxy\.tweetriver\.com/"
-		to="https://proxy.tweetriver.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MassageMagazine.xml b/src/chrome/content/rules/MassageMagazine.xml
index 80d6ec48d97d..bca63eca3949 100644
--- a/src/chrome/content/rules/MassageMagazine.xml
+++ b/src/chrome/content/rules/MassageMagazine.xml
@@ -1,7 +1,7 @@
 <ruleset name="Massage Magazine" platform="mixedcontent">
         <target host="massagemag.com" />
         <target host="www.massagemag.com" />
-        <securecookie host="^(?:.*\.)?massagemag\.com$" name=".+" />
+        <securecookie host=".+" name=".+" />
 
         <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Massengeschmack.tv.xml b/src/chrome/content/rules/Massengeschmack.tv.xml
index 3274eff000dd..a30c7b81cc07 100644
--- a/src/chrome/content/rules/Massengeschmack.tv.xml
+++ b/src/chrome/content/rules/Massengeschmack.tv.xml
@@ -17,7 +17,7 @@
 	<target host="forum.massengeschmack.tv" />
 	<target host="www.massengeschmack.tv" />
 
-	<rule from="^http:" to="https:" />    
+	<rule from="^http:" to="https:" />
 
 	<test url="http://massengeschmack.tv/infos" />
 	<test url="http://forum.massengeschmack.tv/faq.php" />
diff --git a/src/chrome/content/rules/MasterCard.xml b/src/chrome/content/rules/MasterCard.xml
index fa41a338648f..1aabc344d784 100644
--- a/src/chrome/content/rules/MasterCard.xml
+++ b/src/chrome/content/rules/MasterCard.xml
@@ -32,7 +32,7 @@ Fetch error: http://smetrics.mastercardintl.com/ => https://smetrics.mastercardi
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="MasterCard" default_off='failed ruleset test'>
+<ruleset name="MasterCard" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MasterChan.org.xml b/src/chrome/content/rules/MasterChan.org.xml
index b5ef4fbc5a96..e677f308c68d 100644
--- a/src/chrome/content/rules/MasterChan.org.xml
+++ b/src/chrome/content/rules/MasterChan.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.masterchan.org/ => https://www.masterchan.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.masterchan.org'")
 
 -->
-<ruleset name="MasterChan.org" default_off='failed ruleset test'>
+<ruleset name="MasterChan.org" default_off="failed ruleset test">
 
 	<target host="masterchan.org" />
 	<target host="www.masterchan.org" />
diff --git a/src/chrome/content/rules/MasterNet.xml b/src/chrome/content/rules/MasterNet.xml
index cf2c21283d63..30e486358359 100644
--- a/src/chrome/content/rules/MasterNet.xml
+++ b/src/chrome/content/rules/MasterNet.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MasterXchange.com.xml b/src/chrome/content/rules/MasterXchange.com.xml
index 4afe7f7b2e5d..2e55054aa478 100644
--- a/src/chrome/content/rules/MasterXchange.com.xml
+++ b/src/chrome/content/rules/MasterXchange.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://masterxchange.com/ => https://masterxchange.com/: (60, 'SSL
 Fetch error: http://www.masterxchange.com/ => https://www.masterxchange.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="MasterXchange.com" default_off='failed ruleset test'>
+<ruleset name="MasterXchange.com" default_off="failed ruleset test">
 
 	<target host="masterxchange.com" />
 	<target host="www.masterxchange.com" />
diff --git a/src/chrome/content/rules/Mastermind.xml b/src/chrome/content/rules/Mastermind.xml
index db643733181c..6f0d364f0d65 100644
--- a/src/chrome/content/rules/Mastermind.xml
+++ b/src/chrome/content/rules/Mastermind.xml
@@ -19,7 +19,7 @@ Fetch error: http://secure2.mastermindpro.com/ => https://secure2.mastermindpro.
 	* Secured by us
 
 -->
-<ruleset name="Mastermind" default_off='failed ruleset test'>
+<ruleset name="Mastermind" default_off="failed ruleset test">
 
 	<target host="mastermindpro.com" />
 	<target host="www.mastermindpro.com" />
diff --git a/src/chrome/content/rules/Masterminds_Digital.com.xml b/src/chrome/content/rules/Masterminds_Digital.com.xml
index 86886751140e..15aaf0c905cd 100644
--- a/src/chrome/content/rules/Masterminds_Digital.com.xml
+++ b/src/chrome/content/rules/Masterminds_Digital.com.xml
@@ -40,7 +40,7 @@ Fetch error: http://support.mastermindsdigital.com/ => https://support.mastermin
 	* Secured by us
 
 -->
-<ruleset name="Masterminds Digital.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Masterminds Digital.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mastodon.cloud.xml b/src/chrome/content/rules/Mastodon.cloud.xml
new file mode 100644
index 000000000000..745716eca2ef
--- /dev/null
+++ b/src/chrome/content/rules/Mastodon.cloud.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.mastodon.cloud:
+	assets.mastodon.cloud (t)
+	mail.mastodon.cloud (t)
+	s3.mastodon.cloud (t)
+	status.mastodon.cloud (t)
+	www.mastodon.cloud (t)	
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Mastodon.cloud">
+	<target host="mastodon.cloud" />
+	
+	<target host="media.mastodon.cloud" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Masty.nl.xml b/src/chrome/content/rules/Masty.nl.xml
deleted file mode 100644
index 9a4a3a3f7f05..000000000000
--- a/src/chrome/content/rules/Masty.nl.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Masty.nl">
-
-	<target host="masty.nl" />
-	<target host="www.masty.nl" />
-
-
-	<securecookie host="^\.masty\.nl$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Matatall.com.xml b/src/chrome/content/rules/Matatall.com.xml
deleted file mode 100644
index 4ba853af9c7d..000000000000
--- a/src/chrome/content/rules/Matatall.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	^: Mismatched, self-signed
-	www: Refused
-
-
-	These altnames don't exist:
-
-		- www.blog.matatall.com
-
--->
-<ruleset name="Matatall.com (partial)">
-
-	<target host="blog.matatall.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Matcc.company.xml b/src/chrome/content/rules/Matcc.company.xml
new file mode 100644
index 000000000000..3142d7b61027
--- /dev/null
+++ b/src/chrome/content/rules/Matcc.company.xml
@@ -0,0 +1,6 @@
+<ruleset name="Matcc.company" platform="mixedcontent">
+	<target host="matcc.company" />
+	<target host="www.matcc.company" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Match-Trade.xml b/src/chrome/content/rules/Match-Trade.xml
new file mode 100644
index 000000000000..7fd49271aab8
--- /dev/null
+++ b/src/chrome/content/rules/Match-Trade.xml
@@ -0,0 +1,37 @@
+<!--
+	Chain issue, missing intermediate:
+		- co.fxeprime.com
+
+	Connection closed:
+		- match-trade.com, equivalent to www.match-trade.com
+
+	Connection reset:
+		- platform.match-trade.com
+-->
+
+<ruleset name="Match Trade">
+	<!-- coinmatch.io -->
+	<target host="coinmatch.io" />
+	<target host="www.coinmatch.io" />
+	<target host="demo.coinmatch.io" />
+
+
+	<!-- fxedgellc.com -->
+	<target host="www.fxedgellc.com" />
+
+
+	<!-- fxeprime.com -->
+	<target host="fxeprime.com" />
+	<target host="www.fxeprime.com" />
+
+
+	<!-- match-trade.com -->
+	<target host="match-trade.com" />
+	<target host="www.match-trade.com" />
+
+	<rule from="^http://match-trade\.com/"
+		to="https://www.match-trade.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MatchEnDirect.fr.xml b/src/chrome/content/rules/MatchEnDirect.fr.xml
new file mode 100644
index 000000000000..6a88154bfcef
--- /dev/null
+++ b/src/chrome/content/rules/MatchEnDirect.fr.xml
@@ -0,0 +1,14 @@
+<ruleset name="MatchEnDirect.fr">
+	<target host="matchendirect.fr" />
+	<target host="www.matchendirect.fr" />
+	<target host="asset.matchendirect.fr" />
+	<target host="blog.matchendirect.fr" />
+	<target host="live-foot.matchendirect.fr" />
+	<target host="mobile.matchendirect.fr" />
+	<target host="partenaire.matchendirect.fr" />
+	<target host="qa.matchendirect.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MathematiquesFaciles.com.xml b/src/chrome/content/rules/MathematiquesFaciles.com.xml
new file mode 100644
index 000000000000..12b41e18cd1d
--- /dev/null
+++ b/src/chrome/content/rules/MathematiquesFaciles.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="MathematiquesFaciles.com">
+	<target host="mathematiquesfaciles.com" />
+	<target host="www.mathematiquesfaciles.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Matkahuolto.xml b/src/chrome/content/rules/Matkahuolto.xml
deleted file mode 100644
index 7d850108d9db..000000000000
--- a/src/chrome/content/rules/Matkahuolto.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://matkahuolto.info/ => https://www.matkahuolto.info/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
-Fetch error: http://www.matkahuolto.info/ => https://www.matkahuolto.info/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
--->
-<ruleset name="Matkahuolto">
-	<target host="matkahuolto.info"/>
-	<target host="www.matkahuolto.info"/>
-
-	<securecookie host="^www\.matkahuolto\.info$" name=".+" />
-
-	<!-- Cert matches www -->
-	<rule from="^http://(?:www\.)?matkahuolto\.info/"
-		to="https://www.matkahuolto.info/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Matomy-Media.xml b/src/chrome/content/rules/Matomy-Media.xml
index 4d493b5f5b76..cf8706b9618a 100644
--- a/src/chrome/content/rules/Matomy-Media.xml
+++ b/src/chrome/content/rules/Matomy-Media.xml
@@ -1,15 +1,3 @@
-<!--
-	Other Matomy Media rulesets:
-
-		- M2pub.com.xml
-		- Matomy_Market.xml
-		- Rev2pub.com.xml
-		- Xtendmedia.com.xml
-
-
-	Expired 2013-05-18
-
--->
 <ruleset name="Matomy Media" default_off="expired">
 
 	<target host="matomymedia.com" />
diff --git a/src/chrome/content/rules/Matomy_Market.xml b/src/chrome/content/rules/Matomy_Market.xml
index 9458b78e4aa7..90c0dbb78f5e 100644
--- a/src/chrome/content/rules/Matomy_Market.xml
+++ b/src/chrome/content/rules/Matomy_Market.xml
@@ -1,21 +1,12 @@
-<!--
-	For other Matomy Media coverage, see Matomy-Media.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(shows matomymedia.com)
-
--->
 <ruleset name="Matomy Market">
 
-	<target host="*.adsmarket.com" />
+	<target host="adsmarket.com" />
+	<target host="www.adsmarket.com" />
 
 
-	<securecookie host="^\.?network\.adsmarket\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://network\.adsmarket\.com/"
-		to="https://network.adsmarket.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Matrix.org.xml b/src/chrome/content/rules/Matrix.org.xml
deleted file mode 100644
index 04b885e5134c..000000000000
--- a/src/chrome/content/rules/Matrix.org.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- matrix.org
-		- www.matrix.org
-
-
-	Mixed content:
-
-		- Images from matrix.org *
-
-	* Secured by us
-
--->
-<ruleset name="Matrix.org">
-
-	<target host="matrix.org" />
-	<target host="www.matrix.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^(www\.)?matrix\.org$" name="^PHPSESSID$" />
-
-	<securecookie host="^(?:www\.)?matrix\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Matrix_Group.xml b/src/chrome/content/rules/Matrix_Group.xml
index eb066dd36def..a711a27db4e7 100644
--- a/src/chrome/content/rules/Matrix_Group.xml
+++ b/src/chrome/content/rules/Matrix_Group.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://(clients|www)\.matrixgroup\.net/"
 		to="https://$1.matrixgroup.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Matrox.xml b/src/chrome/content/rules/Matrox.xml
index ea9b6c7d2beb..94bcb7165757 100644
--- a/src/chrome/content/rules/Matrox.xml
+++ b/src/chrome/content/rules/Matrox.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?matrox\.com/video/media/"
 		to="https://$1matrox.com/video/media/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Matt_Drollette.xml b/src/chrome/content/rules/Matt_Drollette.xml
deleted file mode 100644
index c22d205a8d4e..000000000000
--- a/src/chrome/content/rules/Matt_Drollette.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Matt Drollette">
-
-	<target host="drollette.com" />
-	<target host="www.drollette.com" />
-
-
-	<securecookie host="^\.drollette\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MauivaAirCruise.com.xml b/src/chrome/content/rules/MauivaAirCruise.com.xml
index f7ecd4fa0180..2f721bda9b62 100644
--- a/src/chrome/content/rules/MauivaAirCruise.com.xml
+++ b/src/chrome/content/rules/MauivaAirCruise.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?mauivaaircruise\.com/(misc|modules|profiles|sites)/"
 		to="https://$1mauivaaircruise.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Maurus.net.xml b/src/chrome/content/rules/Maurus.net.xml
deleted file mode 100644
index 0c7b6dafe5c7..000000000000
--- a/src/chrome/content/rules/Maurus.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="maurus.net">
-
-	<target host="maurus.net" />
-	<target host="www.maurus.net" />
-
-
-	<securecookie host="^maurus\.net$" name=".+" />
-
-
-	<!--	Cert doesn't match www.
-					-->
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maven.co.xml b/src/chrome/content/rules/Maven.co.xml
index 0e1d54b9059c..8a3e786967e2 100644
--- a/src/chrome/content/rules/Maven.co.xml
+++ b/src/chrome/content/rules/Maven.co.xml
@@ -17,7 +17,7 @@ Fetch error: http://help.maven.co/ => https://help.maven.co/: Too many redirects
 		- .maven.co
 
 -->
-<ruleset name="Maven.co (partial)" default_off='failed ruleset test'>
+<ruleset name="Maven.co (partial)" default_off="failed ruleset test">
 
 	<target host="maven.co" />
 	<target host="app.maven.co" />
diff --git a/src/chrome/content/rules/Mawdoo3.com.xml b/src/chrome/content/rules/Mawdoo3.com.xml
new file mode 100644
index 000000000000..979baf937817
--- /dev/null
+++ b/src/chrome/content/rules/Mawdoo3.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		academy.mawdoo3.com
+-->
+<ruleset name="Mawdoo3.com">
+	<target host="mawdoo3.com" />
+	<target host="www.mawdoo3.com" />
+	<target host="ai.mawdoo3.com" />
+	<target host="experts.mawdoo3.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml b/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml
index 0f744a58f17b..87a4ef1453be 100644
--- a/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml
+++ b/src/chrome/content/rules/Max-Planck-Institute-for-Software-Systems.xml
@@ -10,14 +10,37 @@
 	<target host="mpi-soft.mpg.de" />
 	<target host="www.mpi-soft.mpg.de" />
 	<target host="mpi-sws.org" />
-	<target host="*.mpi-sws.org" />
+	<target host="adresearch.mpi-sws.org" />
+	<target host="broadband.mpi-sws.org" />
+	<target host="bftsim.mpi-sws.org" />
+	<target host="bgp.mpi-sws.org" />
+	<target host="bugassist.mpi-sws.org" />
+	<target host="ceal.mpi-sws.org" />
+	<target host="cloud.mpi-sws.org" />
+	<target host="concurrency.mpi-sws.org" />
+	<target host="courses.mpi-sws.org" />
+	<target host="dependability.mpi-sws.org" />
+	<target host="friendlist-manager.mpi-sws.org" />
+	<target host="imprs.mpi-sws.org" />
+	<target host="mg.mpi-sws.org" />
+	<target host="monarch.mpi-sws.org" />
+	<target host="peerreview.mpi-sws.org" />
+	<target host="peerspective.mpi-sws.org" />
+	<target host="popl.mpi-sws.org" />
+	<target host="psn.mpi-sws.org" />
+	<target host="robust-fpga.mpi-sws.org" />
+	<target host="satellitelab.mpi-sws.org" />
+	<target host="simna2011.mpi-sws.org" />
+	<target host="socialnetworks.mpi-sws.org" />
+	<target host="twitter.mpi-sws.org" />
+	<target host="wiki.mpi-sws.org" />
+	<target host="www.mpi-sws.org" />
 
 
 	<!--	Cert doesn't match !www.	-->
 	<rule from="^http://(?:www\.)?mpi-soft\.mpg\.de/"
 		to="https://www.mpi-soft.mpg.de/" />
 
-	<rule from="^http://((?:adresearch|broadband|bftsim|bgp|bugassist|ceal|cloud|concurrency|courses|dependability|friendlist-manager|imprs|mg|monarch|peerreview|peerspective|popl|psn|robust-fpga|satellitelab|simna2011|socialnetworks|twitter|wiki|www)\.)?mpi-sws\.org/"
-		to="https://$1mpi-sws.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MaxMaillots.org.xml b/src/chrome/content/rules/MaxMaillots.org.xml
new file mode 100644
index 000000000000..a03b06e1f2da
--- /dev/null
+++ b/src/chrome/content/rules/MaxMaillots.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="MaxMaillots.org">
+	<target host="maxmaillots.org" />
+	<target host="www.maxmaillots.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MaxSpeed_CDN.com.xml b/src/chrome/content/rules/MaxSpeed_CDN.com.xml
index f63cfd2cf137..60e99e5ec92c 100644
--- a/src/chrome/content/rules/MaxSpeed_CDN.com.xml
+++ b/src/chrome/content/rules/MaxSpeed_CDN.com.xml
@@ -27,4 +27,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Max_Kitap.com.xml b/src/chrome/content/rules/Max_Kitap.com.xml
index 5dd863377e4a..0ccfafd09114 100644
--- a/src/chrome/content/rules/Max_Kitap.com.xml
+++ b/src/chrome/content/rules/Max_Kitap.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://maxkitap.com/ => https://maxkitap.com/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="Max Kitap.com" default_off='failed ruleset test'>
+<ruleset name="Max Kitap.com" default_off="failed ruleset test">
 
 	<target host="maxkitap.com" />
 	<target host="www.maxkitap.com" />
diff --git a/src/chrome/content/rules/Maxdome.de.xml b/src/chrome/content/rules/Maxdome.de.xml
index 63ba1990b9c0..6b49b0edb2e7 100644
--- a/src/chrome/content/rules/Maxdome.de.xml
+++ b/src/chrome/content/rules/Maxdome.de.xml
@@ -8,7 +8,7 @@
 	Mixed content:
 		- blog.maxdome.de
 		- community.maxdome.de
-	
+
 	Redirect to HTTP:
 		- faq.maxdome.de
 		- sony.maxdome.de
diff --git a/src/chrome/content/rules/Maxim-IC.com.xml b/src/chrome/content/rules/Maxim-IC.com.xml
index 43a4d4681b1a..0a6e171facac 100644
--- a/src/chrome/content/rules/Maxim-IC.com.xml
+++ b/src/chrome/content/rules/Maxim-IC.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://maxim-ic.com/ => https://www.maxim-ic.com/: (60, 'SSL certif
 	^maxim-ic.com: Mismatched
 
 -->
-<ruleset name="Maxim-IC.com" default_off='failed ruleset test'>
+<ruleset name="Maxim-IC.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Maxim_Integrated.com.xml b/src/chrome/content/rules/Maxim_Integrated.com.xml
index 456d6ea70b03..5a0007d7b5e3 100644
--- a/src/chrome/content/rules/Maxim_Integrated.com.xml
+++ b/src/chrome/content/rules/Maxim_Integrated.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://search.maximintegrated.com/ => https://search.maximintegrate
 		- shop.maximintegrated.com
 
 -->
-<ruleset name="Maxim Integrated.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Maxim Integrated.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Maxmind.xml b/src/chrome/content/rules/Maxmind.xml
deleted file mode 100644
index 070fa2d058a5..000000000000
--- a/src/chrome/content/rules/Maxmind.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- status		(hostname mismatch, CN: *.status.io, status.io )
-
--->
-<ruleset name="MaxMind (partial)">
-
-	<target host=        "maxmind.com" />
-	<target host=    "www.maxmind.com" />
-	<target host=    "dev.maxmind.com" />
-	<target host=   "blog.maxmind.com" />
-	<target host="staging.maxmind.com" />
-
-	<securecookie host="^www\.maxmind\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Maxon.net.xml b/src/chrome/content/rules/Maxon.net.xml
index 2abd52256c87..cffdd3fb024f 100644
--- a/src/chrome/content/rules/Maxon.net.xml
+++ b/src/chrome/content/rules/Maxon.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nimius.maxon.net/ => https://nimius.maxon.net/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 
 -->
-<ruleset name="Maxon.net"  default_off='failed ruleset test'>
+<ruleset name="Maxon.net"  default_off="failed ruleset test">
 	<target host="maxon.net" />
 	<target host="www.maxon.net" />
 	<target host="developers.maxon.net" />
diff --git a/src/chrome/content/rules/Maxymiser.xml b/src/chrome/content/rules/Maxymiser.xml
index 6c09b4e58262..9cf85235b570 100644
--- a/src/chrome/content/rules/Maxymiser.xml
+++ b/src/chrome/content/rules/Maxymiser.xml
@@ -8,18 +8,18 @@ Fetch error: http://maxymiser.com/ => https://maxymiser.com/: Too many redirects
 		- maxymiser.hs.llnwd.net/o36/
 
 -->
-<ruleset name="Maxymiser (partial)" default_off='failed ruleset test'>
+<ruleset name="Maxymiser (partial)" default_off="failed ruleset test">
 
 	<target host="maxymiser.com" />
-	<target host="*.maxymiser.com" />
+	<target host="cg-global.maxymiser.com" />
+	<target host="hub.maxymiser.com" />
+	<target host="www.maxymiser.com" />
 	<target host="service.maxymiser.net" />
 
 
 	<securecookie host="^.*\.maxymiser\.com$" name=".+" />
 
 
-	<rule from="^http://(cg-global\.|hub\.|www\.)?maxymiser\.com/"
-		to="https://$1maxymiser.com/" />
 
 	<!--	- Cert: *.marketo.com
 		- 302s to app-c.market.com
@@ -27,7 +27,6 @@ Fetch error: http://maxymiser.com/ => https://maxymiser.com/: Too many redirects
 	<rule from="^http://go\.maxymiser\.com/()"
 		to="https://na-c.marketo.com/$1" /-->
 
-	<rule from="^http://service\.maxymiser\.net/"
-		to="https://service.maxymiser.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MayFirstPeopleLink.xml b/src/chrome/content/rules/MayFirstPeopleLink.xml
index 74a085e5ecd0..ec4685542300 100644
--- a/src/chrome/content/rules/MayFirstPeopleLink.xml
+++ b/src/chrome/content/rules/MayFirstPeopleLink.xml
@@ -34,7 +34,7 @@
 					-->
 	<!--securecookie host="^social\.mayfirst\.org$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.*\.)?mayfirst\.org$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<!--	cert !match www	-->
 	<rule from="^http://www\.mayfirst\.org/"
diff --git a/src/chrome/content/rules/MayFlower-Software.xml b/src/chrome/content/rules/MayFlower-Software.xml
index 74ac64da6c2e..9bdbaca89757 100644
--- a/src/chrome/content/rules/MayFlower-Software.xml
+++ b/src/chrome/content/rules/MayFlower-Software.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://notesappstore.com/ => https://www.notesappstore.com/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://www.notesappstore.com/ => https://www.notesappstore.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="MayFlower Software (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="MayFlower Software (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="maysoft.com"/>
 	<target host="www.maysoft.com"/>
diff --git a/src/chrome/content/rules/Maybank-IB.com.xml b/src/chrome/content/rules/Maybank-IB.com.xml
new file mode 100644
index 000000000000..bbb76182a5b1
--- /dev/null
+++ b/src/chrome/content/rules/Maybank-IB.com.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional host:
+		- (www.)maybank-ib.com	(r)
+			- rcs		(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank Investment Bank">
+
+	<target host="btx.maybank-ib.com" />
+	<target host="d.maybank-ib.com" />
+	<target host="s.maybank-ib.com" />
+	<target host="t.maybank-ib.com" />
+
+	<target host="powerbroking2u.com.my" />
+	<target host="www.powerbroking2u.com.my" />
+	<target host="mbbibtwcms.powerbroking2u.com.my" />
+	<target host="mobiletrade.powerbroking2u.com.my" />
+	<target host="www.mobiletrade.powerbroking2u.com.my" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank-KE.co.th.xml b/src/chrome/content/rules/Maybank-KE.co.th.xml
index faf6ea91bbc8..c1c67ffac2e2 100644
--- a/src/chrome/content/rules/Maybank-KE.co.th.xml
+++ b/src/chrome/content/rules/Maybank-KE.co.th.xml
@@ -10,7 +10,7 @@
 		- m	(r)
 		- pda	(r)
 		- sse	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/Maybank-KE.com.xml b/src/chrome/content/rules/Maybank-KE.com.xml
new file mode 100644
index 000000000000..a52d726dd288
--- /dev/null
+++ b/src/chrome/content/rules/Maybank-KE.com.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+		- maybank-ke.com	(r)
+			- www	(r)
+			- clientmanager	(r)
+			- groupfr	(m)
+			- www.m	(r)
+			- mail1	(r)
+
+		- ketradewl.com
+			- www.m		(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank Kim Eng">
+
+	<target host="ehub.maybank-ke.com" />
+	<target host="factset.maybank-ke.com" />
+	<target host="factsetpdf.maybank-ke.com" />
+	<target host="factsettd.maybank-ke.com" />
+
+	<target host="www.ketradewl.com" />
+	<target host="backoffice.ketradewl.com" />
+	<target host="kest.ketradewl.com" />
+	<target host="kestbo.ketradewl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank.co.id.xml b/src/chrome/content/rules/Maybank.co.id.xml
new file mode 100644
index 000000000000..dfa2ef171e06
--- /dev/null
+++ b/src/chrome/content/rules/Maybank.co.id.xml
@@ -0,0 +1,50 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional subdomains:
+
+		- mail	(m)
+		- maingw2	(t)
+		- www.mbiwfh	(i)
+		- microsite	(m)
+		- myhr2u	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank.co.id">
+
+	<target host="maybank.co.id" />
+	<target host="www.maybank.co.id" />
+	<target host="3ds.maybank.co.id" />
+	<target host="3dsecure.maybank.co.id" />
+	<target host="autodiscover.maybank.co.id" />
+	<target host="boardpac.maybank.co.id" />
+	<target host="coolbanking.maybank.co.id" />
+	<target host="coolpay.maybank.co.id" />
+	<target host="coolpay-fscm.maybank.co.id" />
+	<target host="ecustody.maybank.co.id" />
+	<target host="form.maybank.co.id" />
+	<target host="m2e.maybank.co.id" />
+	<target host="m2u.maybank.co.id" />
+	<target host="microsite.maybank.co.id" />
+	<target host="www.microsite.maybank.co.id" />
+	<target host="move.maybank.co.id" />
+	<target host="tradeconnex.maybank.co.id" />
+	<target host="webmail.maybank.co.id" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- certificate mismatch -->
+	<rule from="^http://microsite\.maybank\.co\.id/"
+		to="https://www.microsite.maybank.co.id/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank.com.sg.xml b/src/chrome/content/rules/Maybank.com.sg.xml
new file mode 100644
index 000000000000..a1aeff4b4d74
--- /dev/null
+++ b/src/chrome/content/rules/Maybank.com.sg.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+
+
+	Non-functional hosts:
+
+		- (www.)maybank.com.sg	(m)
+			- dns1	(t)
+			- dns2	(t)
+			- mbb3dsecure	(t)
+			- securewo	(t)
+			- smtp	(t)
+
+		- (www.)maybank2u.com.sg	(m)
+			- info	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Maybank.com.sg">
+
+	<target host="3dsecure.maybank.com.sg" />
+	<target host="apply.maybank.com.sg" />
+	<target host="eportal.maybank.com.sg" />
+	<target host="rewards.maybank.com.sg" />
+	<target host="sft.maybank.com.sg" />
+	<target host="sslsecure.maybank.com.sg" />
+	<target host="voltage-pp-0000.maybank.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Maybank2u.com.ph.xml b/src/chrome/content/rules/Maybank2u.com.ph.xml
new file mode 100644
index 000000000000..b1a1afc95db3
--- /dev/null
+++ b/src/chrome/content/rules/Maybank2u.com.ph.xml
@@ -0,0 +1,22 @@
+<!--
+	For other Maybank coverage, see Maybank.com.xml
+-->
+<ruleset name="Maybank2u.com.ph">
+
+	<target host="maybank2u.com.ph" />
+	<target host="www.maybank2u.com.ph" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- only main website; RIBNOW, resources and ph_maybank_gif directories are functional -->
+	<rule from="^http://(www\.)?maybank2u\.com\.ph/$"
+		to="https://www.maybank2u.com.ph/" />
+
+	<rule from="^http://(www\.)?maybank2u\.com\.ph/(RIBNOW|resources|ph_maybank_gif)/"
+		to="https://www.maybank2u.com.ph/$2/" />
+
+		<test url="http://maybank2u.com.ph/RIBNOW/common/Login.do" />
+		<test url="http://www.maybank2u.com.ph/resources/my/img/common/logo-maybank2u_m.png" />
+		<test url="http://www.maybank2u.com.ph/ph_maybank_gif/image/BancNet.gif" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mayday.us.xml b/src/chrome/content/rules/Mayday.us.xml
index a506e0217e2f..fb5243666154 100644
--- a/src/chrome/content/rules/Mayday.us.xml
+++ b/src/chrome/content/rules/Mayday.us.xml
@@ -30,7 +30,7 @@ Fetch error: http://auth.mayday.us/ => https://auth.mayday.us/: (60, 'SSL certif
 		- .mayday.us
 
 -->
-<ruleset name="Mayday.us" default_off='failed ruleset test'>
+<ruleset name="Mayday.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mayo-Clinic.xml b/src/chrome/content/rules/Mayo-Clinic.xml
index a9d411620916..83ceab54bf64 100644
--- a/src/chrome/content/rules/Mayo-Clinic.xml
+++ b/src/chrome/content/rules/Mayo-Clinic.xml
@@ -1,38 +1,14 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mayoclinic.org/ => https://mayoclinic.org/: (56, 'SSL read: error:00000000:lib(0):func(0):reason(0), errno 104')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://mayoclinic.com/ => https://www.mayoclinic.com/: Redirect for 'http://mayoclinic.com/' missing Location
-	Nonfunctional domains:
-
-		- www.mayo.edu	(times out)
-
-
-	Problematic domains:
-
-		- mayoclinic.com	(cert only matches www)
-
--->
-<ruleset name="Mayo Clinic (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-
+<ruleset name="Mayo Clinic (partial)">
 	<target host="mayoclinic.com" />
-	<target host="*.mayoclinic.com" />
-	<target host="mayoclinic.org" />
-	<target host="*.mayoclinic.org" />
-
-
-	<securecookie host="^(?:.*\.)?mayoclinic\.(?:com|org)$" name=".+" />
+	<target host="www.mayoclinic.com" />
+	<target host="healthletter.mayoclinic.com" />
+	<target host="marketplace.mayoclinic.com" />
+	<target host="store.mayoclinic.com" />
 
+	<target host="mayoclinic.org" />
+	<target host="www.mayoclinic.org" />
 
-	<rule from="^http://mayoclinic\.com/"
-		to="https://www.mayoclinic.com/" />
-
-	<rule from="^http://(healthletter|(?:book)?store|www)\.mayoclinic\.com/"
-		to="https://$1.mayoclinic.com/" />
-
-	<rule from="^http://(www\.)?mayoclinic\.org/"
-		to="https://$1mayoclinic.org/" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MazaCoin.org.xml b/src/chrome/content/rules/MazaCoin.org.xml
index e71710153391..4fd5a244e339 100644
--- a/src/chrome/content/rules/MazaCoin.org.xml
+++ b/src/chrome/content/rules/MazaCoin.org.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.mazacoin.org/ => https://www.mazacoin.org/: (7, 'Failed
 		- www.mazacoin.org
 
 -->
-<ruleset name="MazaCoin.org" default_off='failed ruleset test'>
+<ruleset name="MazaCoin.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mazacha.in.xml b/src/chrome/content/rules/Mazacha.in.xml
index b7488f8a9080..dc51d314f0e4 100644
--- a/src/chrome/content/rules/Mazacha.in.xml
+++ b/src/chrome/content/rules/Mazacha.in.xml
@@ -8,7 +8,7 @@ Fetch error: http://mazacha.in/ => https://mazacha.in/: (28, 'Connection timed o
 		- www.mazacha.in
 
 -->
-<ruleset name="mazacha.in" default_off='failed ruleset test'>
+<ruleset name="mazacha.in" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mbed.org.xml b/src/chrome/content/rules/Mbed.org.xml
index 950df70b8419..80cc003c1b9c 100644
--- a/src/chrome/content/rules/Mbed.org.xml
+++ b/src/chrome/content/rules/Mbed.org.xml
@@ -46,7 +46,7 @@
 					-->
 	<rule from="^http://www\.mbed\.org/+"
 		to="https://mbed.org/" />
-	
+
 		<test url="http://www.mbed.org/about/" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Mbl.is.xml b/src/chrome/content/rules/Mbl.is.xml
index 286c653ebc67..de1d63895afd 100644
--- a/src/chrome/content/rules/Mbl.is.xml
+++ b/src/chrome/content/rules/Mbl.is.xml
@@ -26,7 +26,8 @@
 <ruleset name="mbl.is (partial)">
 
 	<target host="mbl.is" />
-	<target host="*.mbl.is" />
+	<target host="secure.mbl.is" />
+	<target host="www.mbl.is" />
 	<target host="mbl.teljari.is" />
 
 	<!-- Causes redirect loop and breaks search form. -->
@@ -35,9 +36,6 @@
 		<test url="http://www.mbl.is/fasteignir/" />
 		<test url="http://secure.mbl.is/fasteignir/" />
 
-	<test url="http://secure.mbl.is/" />
-	<test url="http://www.mbl.is/" />
-
 	<rule from="^http://(?:secure\.|www\.)?mbl\.is/"
 		to="https://secure.mbl.is/" />
 
diff --git a/src/chrome/content/rules/McAfee-Mobile-Security.xml b/src/chrome/content/rules/McAfee-Mobile-Security.xml
index 8911d9779677..af6139051d47 100644
--- a/src/chrome/content/rules/McAfee-Mobile-Security.xml
+++ b/src/chrome/content/rules/McAfee-Mobile-Security.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/McAfee-SECURE.xml b/src/chrome/content/rules/McAfee-SECURE.xml
index 09cb6caa3d0a..7188f2a8b850 100644
--- a/src/chrome/content/rules/McAfee-SECURE.xml
+++ b/src/chrome/content/rules/McAfee-SECURE.xml
@@ -13,7 +13,7 @@ Fetch error: http://www2.mcafeesecure.com/ => https://www2.mcafeesecure.com/: (6
 		Incomplete certificate chain
 			- blog.mcafeesecure.com
 -->
-<ruleset name="McAfeeSECURE.com" default_off='failed ruleset test'>
+<ruleset name="McAfeeSECURE.com" default_off="failed ruleset test">
 	<target host="mcafeesecure.com" />
 	<target host="www.mcafeesecure.com" />
 	<target host="www2.mcafeesecure.com" />
diff --git a/src/chrome/content/rules/McAfee.xml b/src/chrome/content/rules/McAfee.xml
index f14e93384725..68e81656b3e2 100644
--- a/src/chrome/content/rules/McAfee.xml
+++ b/src/chrome/content/rules/McAfee.xml
@@ -44,7 +44,7 @@
 
 	Null response:
 		- ngfwlicenses
-	
+
 	403:
 		- app
 		- service-home
@@ -115,9 +115,9 @@
 
 	<rule from="^http://(www\.)?blogs\.mcafee\.com/"
 			to="https://blogs.mcafee.com/" />
-	
+
 	<rule from="^http:"	to="https:" />
-	
+
 	<test url="http://download.mcafee.com/products/manuals/es/VSH_DataSheet_2006.pdf" />
 	<test url="http://sm.mcafee.com/ShowMessage.aspx" />
 	<test url="http://smarthelp.mcafee.com/help/verizon/14.0/internet%20security/en-us/GUID-C5FA6855-61ED-4861-8312-82B836A97F33.html" />
diff --git a/src/chrome/content/rules/McClatchy.com.xml b/src/chrome/content/rules/McClatchy.com.xml
index 606812e49fb9..72b54c3027b1 100644
--- a/src/chrome/content/rules/McClatchy.com.xml
+++ b/src/chrome/content/rules/McClatchy.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://subscriberservices.mcclatchy.com/ => https://subscriberservi
 		- (www.)	(works; mismatched, CN: media.mcclatchyinteractive.com)
 
 -->
-<ruleset name="McClatchy.com (partial)" default_off='failed ruleset test'>
+<ruleset name="McClatchy.com (partial)" default_off="failed ruleset test">
 
 	<target host="subscriberservices.mcclatchy.com" />
 
@@ -25,4 +25,4 @@ Fetch error: http://subscriberservices.mcclatchy.com/ => https://subscriberservi
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/McClatchy_Interactive.com.xml b/src/chrome/content/rules/McClatchy_Interactive.com.xml
deleted file mode 100644
index 7827d95b5d02..000000000000
--- a/src/chrome/content/rules/McClatchy_Interactive.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://media.mcclatchyinteractive.com/ (200) => https://media.mcclatchyinteractive.com/ (403)
-	CDN buckets:
-
-		- mi.edgesuite.net
-
-			- www.mcclatchydc.com
-
-
-	Nonfunctional domains:
-
-		- www.mcclatchydc.com	(503, akamai)
-
--->
-<ruleset name="McClatchy Interactive.com (partial)">
-
-	<target host="media.mcclatchyinteractive.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/McDelivery-Malaysia.xml b/src/chrome/content/rules/McDelivery-Malaysia.xml
index b16315c62173..151383f3cc53 100644
--- a/src/chrome/content/rules/McDelivery-Malaysia.xml
+++ b/src/chrome/content/rules/McDelivery-Malaysia.xml
@@ -6,7 +6,7 @@ Fetch error: http://mcdelivery.com.my/ => https://mcdelivery.com.my/: (35, 'Unkn
 	CDN bucket:
 		- d8x8n3ezc8rio.cloudfront.net
 -->
-<ruleset name="McDelivery Malaysia" default_off='failed ruleset test'>
+<ruleset name="McDelivery Malaysia" default_off="failed ruleset test">
 	<target host=    "mcdelivery.com.my" />
 	<target host="www.mcdelivery.com.my" />
 
diff --git a/src/chrome/content/rules/McEvoy-Group.xml b/src/chrome/content/rules/McEvoy-Group.xml
index e6a282bfe5bd..73930393911d 100644
--- a/src/chrome/content/rules/McEvoy-Group.xml
+++ b/src/chrome/content/rules/McEvoy-Group.xml
@@ -3,7 +3,7 @@
 	<target host="chroniclebooks.com" />
 	<target host="www.chroniclebooks.com" />
 
-	<securecookie host="^(?:.*\.)?chroniclebooks.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/McMaster_University.xml b/src/chrome/content/rules/McMaster_University.xml
index 0bf2be6453c7..a398f4e92bb9 100644
--- a/src/chrome/content/rules/McMaster_University.xml
+++ b/src/chrome/content/rules/McMaster_University.xml
@@ -5,7 +5,7 @@ Fetch error: http://mcmaster.ca/ => https://mcmaster.ca/: (60, 'SSL certificate
 Fetch error: http://www.mcmaster.ca/ => https://www.mcmaster.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="McMaster University" default_off='failed ruleset test'>
+<ruleset name="McMaster University" default_off="failed ruleset test">
 	<target host="mcmaster.ca" />
 	<target host="www.mcmaster.ca" />
 
diff --git a/src/chrome/content/rules/Mcdee.com.au.xml b/src/chrome/content/rules/Mcdee.com.au.xml
index df0b38c6e5ef..957193717d8c 100644
--- a/src/chrome/content/rules/Mcdee.com.au.xml
+++ b/src/chrome/content/rules/Mcdee.com.au.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.mcdee.com.au/ => https://www.mcdee.com.au/: (7, 'Failed
 	* Secured by us
 
 -->
-<ruleset name="mcdee.com.au" default_off='failed ruleset test'>
+<ruleset name="mcdee.com.au" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mdm.ru.xml b/src/chrome/content/rules/Mdm.ru.xml
index 6394b6f264b6..95c13505adbb 100644
--- a/src/chrome/content/rules/Mdm.ru.xml
+++ b/src/chrome/content/rules/Mdm.ru.xml
@@ -9,7 +9,7 @@ business. timed out
 coins. timed out
 tehnosila. redirect
 distrib. expired-->
-<ruleset name="Mdm.ru" default_off='failed ruleset test'>
+<ruleset name="Mdm.ru" default_off="failed ruleset test">
 	<target host="mdm.ru" />
 	<target host="www.mdm.ru" />
 	<target host="m.mdm.ru" />
diff --git a/src/chrome/content/rules/Me.bf.xml b/src/chrome/content/rules/Me.bf.xml
new file mode 100644
index 000000000000..0a0711d182b2
--- /dev/null
+++ b/src/chrome/content/rules/Me.bf.xml
@@ -0,0 +1,8 @@
+<ruleset name="Me.bf">
+	<target host="me.bf" />
+	<target host="www.me.bf" />
+	<target host="jeb.me.bf" />
+	<target host="serviceamis.me.bf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Me.me.xml b/src/chrome/content/rules/Me.me.xml
new file mode 100644
index 000000000000..4b6f050b5bf2
--- /dev/null
+++ b/src/chrome/content/rules/Me.me.xml
@@ -0,0 +1,12 @@
+<ruleset name="Me.me">
+	<target host="me.me" />
+	<target host="www.me.me" />
+	<target host="crowdfund.me.me" />
+	<target host="pics.me.me" />
+		<test url="http://pics.me.me/when-you-realize-you-only-have-to-work-four-days-33576865.png" />
+	<target host="secret.me.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeWe.com.xml b/src/chrome/content/rules/MeWe.com.xml
new file mode 100644
index 000000000000..1ac21c487e54
--- /dev/null
+++ b/src/chrome/content/rules/MeWe.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- dev2.mewe.com
+-->
+<ruleset name="MeWe.com">
+	<target host="mewe.com" />
+	<target host="www.mewe.com" />
+	<target host="admin.mewe.com" />
+	<target host="api.mewe.com" />
+	<target host="blog.mewe.com" />
+	<target host="c.mewe.com" />
+	<target host="cdn.mewe.com" />
+	<test url="http://cdn.mewe.com/front/favicon.ico" />
+	<target host="img.mewe.com" />
+	<target host="media.mewe.com" />
+	<target host="secure.mewe.com" />
+	<test url="http://secure.mewe.com/matomo.js" />
+	<target host="sendy.mewe.com" />
+	<target host="sentry.mewe.com" />
+	<target host="support.mewe.com" />
+	<target host="ws.mewe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeXBT.com.xml b/src/chrome/content/rules/MeXBT.com.xml
index 40ffbc795cec..b87460347289 100644
--- a/src/chrome/content/rules/MeXBT.com.xml
+++ b/src/chrome/content/rules/MeXBT.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.mexbt.com/ => https://www.mexbt.com/: (28, 'Operation ti
 		- .mexbt.com
 
 -->
-<ruleset name="MeXBT.com" default_off='failed ruleset test'>
+<ruleset name="MeXBT.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -21,7 +21,7 @@ Fetch error: http://www.mexbt.com/ => https://www.mexbt.com/: (28, 'Operation ti
 					-->
 	<!--securecookie host="\.mexbt\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="\.mexbt\.com$" name="" />
+	<securecookie host="\.mexbt\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Mean_Stinks.xml b/src/chrome/content/rules/Mean_Stinks.xml
index 0b91d9e264b2..256fb3507812 100644
--- a/src/chrome/content/rules/Mean_Stinks.xml
+++ b/src/chrome/content/rules/Mean_Stinks.xml
@@ -11,7 +11,7 @@ Fetch error: http://meanstinks.com/ => https://meanstinks.com/: (7, 'Failed to c
 		- 45192e03bdcc882f78f4-4b80efdc0c25f8535e19785674c1f42a.r22.cf1.rackcdn.com
 
 -->
-<ruleset name="Mean Stinks" default_off='failed ruleset test'>
+<ruleset name="Mean Stinks" default_off="failed ruleset test">
 
 	<target host="meanstinks.com" />
 	<target host="www.meanstinks.com" />
@@ -22,4 +22,4 @@ Fetch error: http://meanstinks.com/ => https://meanstinks.com/: (7, 'Failed to c
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MeatandLivestockAustralia.xml b/src/chrome/content/rules/MeatandLivestockAustralia.xml
index af61a079ee52..cfabd6cee591 100644
--- a/src/chrome/content/rules/MeatandLivestockAustralia.xml
+++ b/src/chrome/content/rules/MeatandLivestockAustralia.xml
@@ -1,7 +1,7 @@
 <ruleset name="Meat and Livestock Australia">
 	<target host="mla.com.au" />
-	<target host="*.mla.com.au" />
+	<target host="www.mla.com.au" />
 
 	<rule from="^http://(?:www\.)?mla\.com\.au/"
 		to="https://www.mla.com.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MedWatch.xml b/src/chrome/content/rules/MedWatch.xml
index c609b83e04b3..e8950e9e2e4c 100644
--- a/src/chrome/content/rules/MedWatch.xml
+++ b/src/chrome/content/rules/MedWatch.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.medwatch.dk/ => https://www.medwatch.dk/: (51, "SSL: no
     http://medwatch.dk/template/mwVer1-0/css/main.css?rev=35817
   is essential for the layout but is initially considered mixed content.
 -->
-<ruleset name="Medwatch (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Medwatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="medwatch.dk" />
 	<target host="www.medwatch.dk" />
 
diff --git a/src/chrome/content/rules/Media-Storehouse.xml b/src/chrome/content/rules/Media-Storehouse.xml
index 6d995f74a9d3..ed99110b1fa2 100644
--- a/src/chrome/content/rules/Media-Storehouse.xml
+++ b/src/chrome/content/rules/Media-Storehouse.xml
@@ -1,34 +1,32 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mediastorehouse.com/ => http://mediastorehouse.com/: Redirect for 'http://mediastorehouse.com/' missing Location
-Fetch error: http://mediastorehouse.net/ => https://secure.mediastorehouse.com/: Redirect for 'http://mediastorehouse.net/' missing Location
-Fetch error: http://www.mediastorehouse.net/ => https://secure.mediastorehouse.com/: Redirect for 'http://www.mediastorehouse.net/' missing Location
-	s3.amazonaws.com/images.mediastorehouse.com/
+	Non-functional hosts in *.mediastorehouse.com
+		SSL peer certificate was not OK:
+		- mediastorehouse.com
 
+	Non-functional hosts in *.mediastorehouse.net
+		Timeout was reached:
+		- mediastorehouse.net
 
-	Nonfunctional:
-
-		- images.mediastorehouse.net	(times out; not on secure nor images...com)
-
+		SSL peer certificate was not OK:
+		- images.mediastorehouse.net
+		- www.mediastorehouse.net
 -->
 <ruleset name="Media Storehouse (partial)">
-
+	<!-- *.mediastorehouse.com -->
 	<target host="mediastorehouse.com" />
-	<target host="*.mediastorehouse.com" />
+	<target host="www.mediastorehouse.com" />
+	<target host="secure.mediastorehouse.com" />
+	<target host="static.mediastorehouse.com" />
+
+	<!-- *.mediastorehouse.net -->
 	<target host="mediastorehouse.net" />
 	<target host="www.mediastorehouse.net" />
 
+	<rule from="^http://mediastorehouse\.com/"
+		to="https://www.mediastorehouse.com/" />
 
-	<securecookie host="^secure\.mediastorehouse\.com$" name=".+" />
-
-
-	<!--	Cert not valid for static nor www.
-		Data appear identical.			-->
-	<rule from="^http://(?:static|www)\.mediastorehouse\.com/"
-		to="https://secure.mediastorehouse.com/" />
-
-	<!--	www...net redirects to www...com	-->
-	<rule from="^http://(?:www\.)?mediastorehouse\.net/"
-		to="https://secure.mediastorehouse.com/" />
+	<rule from="^http://(www\.)?mediastorehouse\.net/"
+		to="https://www.mediastorehouse.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Media-clic.com.xml b/src/chrome/content/rules/Media-clic.com.xml
deleted file mode 100644
index 5c77809f2b1e..000000000000
--- a/src/chrome/content/rules/Media-clic.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Ads.
-
-
-	Insecure cookies are set for these hosts:
-
-		- pub9.media-clic.com
-
--->
-<ruleset name="media-clic.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pub9.media-clic.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^pub9\.media-clic\.com$" name="^(?:OAGEO|OAID)$" /-->
-
-	<securecookie host="^pub9\.media-clic\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Media.net.xml b/src/chrome/content/rules/Media.net.xml
index 1d239948c729..e1a1cad34395 100644
--- a/src/chrome/content/rules/Media.net.xml
+++ b/src/chrome/content/rules/Media.net.xml
@@ -48,7 +48,10 @@
 -->
 <ruleset name="media.net (partial)">
 
-	<target host="*.media.net" />
+	<target host="cdn.media.net" />
+	<target host="contextual.media.net" />
+	<target host="qsearch.media.net" />
+	<target host="static.media.net" />
 
 
 	<!--	Can this be secured safely?
diff --git a/src/chrome/content/rules/Media6degrees.xml b/src/chrome/content/rules/Media6degrees.xml
index 715483d705c9..b4b4ab107691 100644
--- a/src/chrome/content/rules/Media6degrees.xml
+++ b/src/chrome/content/rules/Media6degrees.xml
@@ -36,7 +36,9 @@
 	<target host="m6d.com" />
 	<target host="www.m6d.com" />
 	<target host="media6degrees.com" />
-	<target host="*.media6degrees.com" />
+	<target host="www.media6degrees.com" />
+	<target host="action.media6degrees.com" />
+	<target host="secure.media6degrees.com" />
 
 
 	<securecookie host="^\.media6degrees\.com$" name=".+" />
@@ -48,4 +50,4 @@
 	<rule from="^http://(?:action|secure)\.media6degrees\.com/"
 		to="https://secure.media6degrees.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MediaDelivery.io.xml b/src/chrome/content/rules/MediaDelivery.io.xml
deleted file mode 100644
index 84782e7bed1a..000000000000
--- a/src/chrome/content/rules/MediaDelivery.io.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="MediaDelivery.io">
-
-	<target host="hs.mediadelivery.io" />
-	<target host="is.mediadelivery.io" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediaEd.org.xml b/src/chrome/content/rules/MediaEd.org.xml
index 958800b42424..090814d490fe 100644
--- a/src/chrome/content/rules/MediaEd.org.xml
+++ b/src/chrome/content/rules/MediaEd.org.xml
@@ -19,7 +19,7 @@ Fetch error: http://mediaed.org/ => https://www.mediaed.org/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="MediaEd.org" default_off='failed ruleset test'>
+<ruleset name="MediaEd.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MediaFire.com.xml b/src/chrome/content/rules/MediaFire.com.xml
index 1b1cff6eded0..e9a7eae6dc8f 100644
--- a/src/chrome/content/rules/MediaFire.com.xml
+++ b/src/chrome/content/rules/MediaFire.com.xml
@@ -1,64 +1,26 @@
 <!--
-	Other MediaFire rulesets:
-		- MFi.re.xml
-
-	CDN buckets:
-		- staticcdn.mediafire.com.edgesuite.net
-
-	Mismatch:
-		blog.mediafire.com
-
-	Redirect to http:
-		www(1|2)?.mediafire.com/file/
-		www(1|2)?.mediafire.com/*.php
-
-	Redirect to www:
-		^
-		download\d+.mediafire.com
-		and so on
+	Other MediaFire.com related rulesets;
+		+ MFi.re.xml
 -->
-
-<ruleset name="MediaFire.com">
-	<!-- Mismatch: -->
-	<rule from="^http://staticcdn\.mediafire\.com/" to="https://static-cdn.mediafire.com/" />
-		<test url="http://staticcdn.mediafire.com/images/buttons/btn_twitter_connect.png" />
-
-	<!-- Redirect to http: -->
-		<test url="http://www.mediafire.com/asuswrt-merlin/" />
-		<test url="http://www1.mediafire.com/asuswrt-merlin/" />
-		<test url="http://www2.mediafire.com/asuswrt-merlin/" />
-		<test url="http://www.mediafire.com/view/lhh2hm41m412un5/VOL_29_for_web.pdf" />
-		<test url="http://www1.mediafire.com/view/lhh2hm41m412un5/VOL_29_for_web.pdf" />
-		<test url="http://www2.mediafire.com/view/lhh2hm41m412un5/VOL_29_for_web.pdf" />
-
-	<exclusion pattern="^http://www(1|2)?\.mediafire\.com/file/" />
-		<test url="http://www.mediafire.com/file/0cmtrrpm5db9skw/2.35.pdf" />
-		<test url="http://www1.mediafire.com/file/0cmtrrpm5db9skw/2.35.pdf" />
-		<test url="http://www2.mediafire.com/file/0cmtrrpm5db9skw/2.35.pdf" />
-		<test url="http://www.mediafire.com/file/1ztynkwgjym/Hellblazer+102.cbr" />
-		<test url="http://www1.mediafire.com/file/1ztynkwgjym/Hellblazer+102.cbr" />
-		<test url="http://www2.mediafire.com/file/1ztynkwgjym/Hellblazer+102.cbr" />
-
-	<exclusion pattern="^http://www(1|2)?\.mediafire\.com/\S+\.php" />
-		<test url="http://www.mediafire.com/download_repair.php?dkey=093qciqr0a0&amp;qkey=cah5j9i4i3chrj5" />
-		<test url="http://www1.mediafire.com/download_repair.php?dkey=093qciqr0a0&amp;qkey=cah5j9i4i3chrj5" />
-		<test url="http://www2.mediafire.com/download_repair.php?dkey=093qciqr0a0&amp;qkey=cah5j9i4i3chrj5" />
-		<test url="http://www.mediafire.com/error.php" />
-		<test url="http://www1.mediafire.com/error.php" />
-		<test url="http://www2.mediafire.com/error.php" />
-
-	<!-- Directly: -->
+<ruleset name="MediaFire.com (partial)">
 	<target host="mediafire.com" />
-
-	<target host="*.mediafire.com" />
-		<test url="http://mediafire.com/asuswrt-merlin/" />
-		<test url="http://999-cdn.mediafire.com/images/buttons/btn_twitter_connect.png" />
-		<test url="http://origin-cdn.mediafire.com/images/buttons/btn_twitter_connect.png" />
-		<test url="http://w.mediafire.com/images/buttons/btn_twitter_connect.png" />
-		<test url="http://download9999.mediafire.com/11dagdfqsyqg/0cmtrrpm5db9skw/2.35.pdf" />
-
-	<exclusion pattern="^http://blog\.mediafire\.com/" />
-		<test url="http://blog.mediafire.com/" />
-
+	<target host="www.mediafire.com" />
+	<target host="app.mediafire.com" />
+	<target host="blog.mediafire.com" />
+	<target host="cdn.mediafire.com" />
+	<target host="devtest.mediafire.com" />
+	<target host="m.mediafire.com" />
+	<target host="mediafire.mediafire.com" />
+	<target host="sandbox.mediafire.com" />
+	<target host="staticcdn.mediafire.com" />
+	<target host="support.mediafire.com" />
+	<target host="w.mediafire.com" />
+	<target host="www1.mediafire.com" />
+	<target host="www2.mediafire.com" />
+	<target host="www3.mediafire.com" />
+	<target host="www4.mediafire.com" />
+
+	<securecookie host=".+" name=".+" />
+	
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MediaGoblin.org.xml b/src/chrome/content/rules/MediaGoblin.org.xml
index 62cedbd7bf4a..53b9d2f4d901 100644
--- a/src/chrome/content/rules/MediaGoblin.org.xml
+++ b/src/chrome/content/rules/MediaGoblin.org.xml
@@ -25,4 +25,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MediaMath.xml b/src/chrome/content/rules/MediaMath.xml
index 31aa12672428..2955274a5ab7 100644
--- a/src/chrome/content/rules/MediaMath.xml
+++ b/src/chrome/content/rules/MediaMath.xml
@@ -41,7 +41,7 @@
 					-->
 	<!--securecookie host="^www\.mediamath\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.*\.)?mediamath\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/MediaMatters.org.xml b/src/chrome/content/rules/MediaMatters.org.xml
index fd3d13156fed..d64df278d4a8 100644
--- a/src/chrome/content/rules/MediaMatters.org.xml
+++ b/src/chrome/content/rules/MediaMatters.org.xml
@@ -1,64 +1,27 @@
 <!--
-	CDN buckets:
-
-		- s3.mediamatters.org.s3.amazonaws.com
-
-			- s3.mediamatters.org
-
-		- dnqv4na4axyak.cloudfront.net
-
-			- cloudfront.mediamatters.org
-
-
-	Nonfunctional subdomains:
-
-		- mythopedia *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- action ¹
-		- cloudfront ²
-		- s3 ³
-
-	¹ NationBuilder, Tor users blocked by CloudFlare settings
-	² Cloudfront
-	² AmazonAWS
-
-
-	Fully covered subdomains:
-
-		- cloudfront	(→ dnqv4na4axyak.cloudfront.net)
-		- s3		(→ s3.mediamatters.org.s3.amazonaws.com)
-
+	Non-functional hosts
+		Timeout was reached:
+		- mta.e.mediamatters.org
+		- o1.email.mediamatters.org
+		- mail.mediamatters.org
+		- mythopedia.mediamatters.org
+		- www.mythopedia.mediamatters.org
+		- pti.mediamatters.org
+
+		SSL connect error:
+		- feeds.mediamatters.org
+
+		SSL peer certificate was not OK:
+		- s3.mediamatters.org
 -->
-<ruleset name="MediaMatters.org (partial)">
-
+<ruleset name="MediaMatters.org">
 	<target host="mediamatters.org" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://mediamatters\.org/($|css/|js/|layout/)" /-->
-		<!--
-			At least two stylesheets 403
-
-			https://mail1.eff.org/pipermail/https-everywhere/2012-May/001434.html
-						-->
-		<exclusion pattern="^http://mediamatters\.org/static/stylesheets/" />
-	<target host="cloudfront.mediamatters.org" />
-	<target host="s3.mediamatters.org" />
 	<target host="www.mediamatters.org" />
+	<target host="action.mediamatters.org" />
+	<target host="cloudfront.mediamatters.org" />
+	<target host="support.mediamatters.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:www\.)?mediamatters\.org/static/"
-		to="https://dnqv4na4axyak.cloudfront.net/static/" />
-
-	<rule from="^http://cloudfront\.mediamatters\.org/"
-		to="https://dnqv4na4axyak.cloudfront.net/" />
-
-	<rule from="^http://s3\.mediamatters\.org/"
-		to="https://s3.amazonaws.com/s3.mediamatters.org/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MediaMind.xml b/src/chrome/content/rules/MediaMind.xml
index 289835f8d673..533c504d9936 100644
--- a/src/chrome/content/rules/MediaMind.xml
+++ b/src/chrome/content/rules/MediaMind.xml
@@ -1,67 +1,22 @@
 <!--
 	Other MediaMind rulesets:
+		+ Peer39.xml
+		+ Serving-sys.com.xml
 
-		- Peer39.xml
-		- Serving-sys.com.xml
+	Non-functional hosts
+		Couldn't connect to server:
+		- creativezone.mediamind.com
 
+		SSL connect error:
+		- origin.demo.mediamind.com
 
-	CDN buckets:
-
-		- www.eyeblasterwiz.com.edgekey.net
-		- www.mediamind.com.edgekey.net
-
-
-	Nonfunctional domains:
-
-		- pilot.eyeblasterwiz.com	(403; mismatched, CN: platform.mediamind.com)
-		- mediamind.com			(refused)
-		- www.mediamind.com		(503, valid cert)
-
-
-	Problematic domains:
-
-		- demo.eyeblaster.com		(works, akamai)
-		- eyeblasterwiz.com		(400; mismatched, CN: platform.mediamind.com)
-		- www2.mediamind.com		(works; mismatched, CN: origin.demo.mediamind.com)
-
-
-	Fully covered domains:
-
-		- (www.)eyeblasterwiz.com	(^ → www)
-
-		- mediamind.com subdomains:
-
-			- creativezone
-			- demo
-			- origin.demo
-			- platform
-			- sandbox
-
-		- a.pgtb.me
-
-
-	Observed cookie domains:
-
-		- creativezone
-		- platform
-
+		Incomplete certificate chain error:
+		- mediamind.com
 -->
 <ruleset name="MediaMind (partial)">
+	<target host="www.mediamind.com" />
+	<target host="platform.mediamind.com" />
+	<target host="vpn.mediamind.com" />
 
-	<target host="*.mediamind.com" />
-	<target host="a.pgtb.me" />
-
-
-	<securecookie host="^(?:creativezone|platform)\.mediamind\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?eyeblasterwiz\.com/"
-		to="https://www.eyeblasterwiz.com/" />
-
-	<rule from="^http://(creativezone|demo|origin\.demo|platform|sandbox)\.mediamind\.com/"
-		to="https://$1.mediamind.com/" />
-
-	<rule from="^http://a\.pgtb\.me/"
-		to="https://a.pgtb.me/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MediaNews-Group.xml b/src/chrome/content/rules/MediaNews-Group.xml
index c53251b1bf86..e4f8f804bdd1 100644
--- a/src/chrome/content/rules/MediaNews-Group.xml
+++ b/src/chrome/content/rules/MediaNews-Group.xml
@@ -9,7 +9,7 @@ Fetch error: http://weather.mercurynews.com/ => https://www.weatherunderground.c
 		- (origin.|www.)mercurynews.com	(www: Akamai, redirects back to http; !www: timeout)
 		- extras.mnginteractive.com	(Akamai, redirects to http://.../ with "Directory Listing Denied")
 -->
-<ruleset name="MediaNews Group (partial)" default_off='failed ruleset test'>
+<ruleset name="MediaNews Group (partial)" default_off="failed ruleset test">
 
 	<target host="weather.mercurynews.com"/>
 
diff --git a/src/chrome/content/rules/MediaPost.com.xml b/src/chrome/content/rules/MediaPost.com.xml
new file mode 100644
index 000000000000..9682181785bb
--- /dev/null
+++ b/src/chrome/content/rules/MediaPost.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- media.mediapost.com
+-->
+<ruleset name="MediaPost.com (partial)">
+	<target host="mediapost.com" />
+	<target host="www.mediapost.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MediaPost.xml b/src/chrome/content/rules/MediaPost.xml
deleted file mode 100644
index 4316785beb99..000000000000
--- a/src/chrome/content/rules/MediaPost.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/media.mediapost.com/
-
-
-	Partially covered subdomains:
-
-		- (www.)	(at least some pages redirect to http, including login)
-
--->
-<ruleset name="MediaPost (partial)">
-
-	<target host="mediapost.com" />
-	<target host="*.mediapost.com" />
-
-
-	<rule from="^http://(www\.)?mediapost\.com/(favicon\.ico|register(?:/?$|\?))"
-		to="https://$1mediapost.com/$2" />
-
-	<rule from="^http://media\.mediapost\.com/"
-		to="https://s3.amazonaws.com/media.mediapost.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediaSpan.xml b/src/chrome/content/rules/MediaSpan.xml
deleted file mode 100644
index 231750d0ab87..000000000000
--- a/src/chrome/content/rules/MediaSpan.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://fimc.net/ => https://mediaspanonline.com/: (35, 'error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version')
-Fetch error: http://www.fimc.net/ => https://www.mediaspanonline.com/: (7, 'Failed to connect to www.mediaspanonline.com port 443: Connection refused')
-Fetch error: http://mediaspanonline.com/ => https://mediaspanonline.com/: (35, 'error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://fimc.net/ => https://mediaspanonline.com/: (35, 'error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version')
-Fetch error: http://www.fimc.net/ => https://www.mediaspanonline.com/: (7, 'Failed to connect to www.mediaspanonline.com port 443: Connection refused')
-Fetch error: http://mediaspanonline.com/ => https://mediaspanonline.com/: (35, 'error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version')
-	Nonfunctional domains:
-
-		- captcha.fimc.net
-
-
-	Problematic domains:
-
-		- (www.)fimc.net	(mismatched)
-
--->
-<ruleset name="MediaSpan (partial)" default_off='failed ruleset test'>
-
-	<target host="fimc.net" />
-	<target host="www.fimc.net" />
-	<target host="mediaspanonline.com" />
-	<target host="*.mediaspanonline.com" />
-
-
-	<securecookie host="^(?:.+\.)?mediaspanonline\.com$" name=".+" />
-
-
-	<rule from="^http://(assets\.|www\.)?(?:fimc\.net|mediaspanonline\.com)/"
-		to="https://$1mediaspanonline.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MediaTakeOut.com.xml b/src/chrome/content/rules/MediaTakeOut.com.xml
index ec1aac5d10bf..b0b8acc86494 100644
--- a/src/chrome/content/rules/MediaTakeOut.com.xml
+++ b/src/chrome/content/rules/MediaTakeOut.com.xml
@@ -19,7 +19,8 @@
 <ruleset name="MediaTakeOut.com" default_off="expired, self-signed" platform="mixedcontent">
 
 	<target host="mediatakeout.com" />
-	<target host="*.mediatakeout.com" />
+	<target host="i2.mediatakeout.com" />
+	<target host="www.mediatakeout.com" />
 
 
 	<rule from="^http://(?:i2\.|www\.)?mediatakeout\.com/"
diff --git a/src/chrome/content/rules/MediaWatch.xml b/src/chrome/content/rules/MediaWatch.xml
index bc81c41a2070..b45ddf3b72b9 100644
--- a/src/chrome/content/rules/MediaWatch.xml
+++ b/src/chrome/content/rules/MediaWatch.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.mediawatch.dk/ => https://www.mediawatch.dk/: (51, "SSL:
   This renders poorly. The page requires two style sheets which are only
   served over http.
 -->
-<ruleset name="MediaWatch (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="MediaWatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="mediawatch.dk" />
 	<target host="www.mediawatch.dk" />
 
diff --git a/src/chrome/content/rules/MediaWorks.xml b/src/chrome/content/rules/MediaWorks.xml
index c21638f88287..da162612e280 100644
--- a/src/chrome/content/rules/MediaWorks.xml
+++ b/src/chrome/content/rules/MediaWorks.xml
@@ -30,7 +30,7 @@
 
 	<rule from="^http://cdn\.mediaworks\.co\.nz/"
 		to="https://cdn.mediaworks.nz/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Media_Factory.xml b/src/chrome/content/rules/Media_Factory.xml
deleted file mode 100644
index 3d5fc24b0c97..000000000000
--- a/src/chrome/content/rules/Media_Factory.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Filemobile coverage, see Filemobile.xml.
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- developer
-
--->
-<ruleset name="Media Factory">
-
-	<target host="mediafactory.fm" />
-	<target host="*.mediafactory.fm" />
-
-
-	<securecookie host="^(?:www\.)?mediafactory\.fm$" name=".+" />
-
-
-	<rule from="^http://(\w+\.)?mediafactory\.fm/"
-		to="https://$1mediafactory.fm/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mediaarts-db.jp.xml b/src/chrome/content/rules/Mediaarts-db.jp.xml
deleted file mode 100644
index bbd914569fdb..000000000000
--- a/src/chrome/content/rules/Mediaarts-db.jp.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="mediaarts-db.jp">
-	<target host="mediaarts-db.jp" />
-	<target host="www.mediaarts-db.jp" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mediabistro.xml b/src/chrome/content/rules/Mediabistro.xml
index b045f3beda06..0018f605bf3a 100644
--- a/src/chrome/content/rules/Mediabistro.xml
+++ b/src/chrome/content/rules/Mediabistro.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://oxs.mediabistro.com/ => https://oxs.mediabistro.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Mediabistro.com" default_off='failed ruleset test'>
+<ruleset name="Mediabistro.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -14,7 +14,7 @@ Fetch error: http://oxs.mediabistro.com/ => https://oxs.mediabistro.com/: (28, '
 	<target host="www.mediabistro.com" />
 
 
-	<securecookie host="^(?:.*\.)?mediabistro\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Medialand.ru.xml b/src/chrome/content/rules/Medialand.ru.xml
index 5b0606c5685f..509f7342d116 100644
--- a/src/chrome/content/rules/Medialand.ru.xml
+++ b/src/chrome/content/rules/Medialand.ru.xml
@@ -13,7 +13,7 @@ Fetch error: http://mediamir.medialand.ru/ => https://mediamir.medialand.ru/: (6
 	² 404; mismatched, CN: *.medialand.ru
 
 -->
-<ruleset name="Medialand.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="Medialand.ru (partial)" default_off="failed ruleset test">
 
 	<target host="mediamir.medialand.ru" />
 
diff --git a/src/chrome/content/rules/Mediamarkt.ru.xml b/src/chrome/content/rules/Mediamarkt.ru.xml
deleted file mode 100644
index e47b6a7270a3..000000000000
--- a/src/chrome/content/rules/Mediamarkt.ru.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--yoshkar-ola. 444
-nizhniy-novgorod. 444
-job. 444
-metro. 444
-ekaterinburg. 444
-veteranam. different content-->
-<ruleset name="Mediamarkt.ru">
-	<target host="mediamarkt.ru" />
-	<target host="www.mediamarkt.ru" />
-	<target host="nalchik.mediamarkt.ru" />
-	<target host="m.mediamarkt.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Median.xml b/src/chrome/content/rules/Median.xml
index 88cba3c30292..90d8d42689cc 100644
--- a/src/chrome/content/rules/Median.xml
+++ b/src/chrome/content/rules/Median.xml
@@ -6,7 +6,7 @@ Fetch error: http://audit.median.hu/ => https://audit.median.hu/: (7, 'Failed to
 	(www.)?median.hu: Refused
 
 -->
-<ruleset name="Median.hu (partial)" default_off='failed ruleset test'>
+<ruleset name="Median.hu (partial)" default_off="failed ruleset test">
 
 	<target host="audit.median.hu"/>
 
diff --git a/src/chrome/content/rules/Mediant.xml b/src/chrome/content/rules/Mediant.xml
index 5c697d7da239..80e65d870b03 100644
--- a/src/chrome/content/rules/Mediant.xml
+++ b/src/chrome/content/rules/Mediant.xml
@@ -5,7 +5,7 @@ Fetch error: http://mandiant.net/ => https://mandiant.net/: (28, 'Operation time
 Fetch error: http://www.mandiant.net/ => https://www.mandiant.net/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Mediant" default_off='failed ruleset test'>
+<ruleset name="Mediant" default_off="failed ruleset test">
 
 	<target host="mandiant.net" />
 	<target host="www.mandiant.net" />
@@ -16,4 +16,4 @@ Fetch error: http://www.mandiant.net/ => https://www.mandiant.net/: (28, 'Operat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mediaxus.com.xml b/src/chrome/content/rules/Mediaxus.com.xml
index d9a4ca5807b3..d6fbfecc6b1b 100644
--- a/src/chrome/content/rules/Mediaxus.com.xml
+++ b/src/chrome/content/rules/Mediaxus.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MedibankHealthSolutions.xml b/src/chrome/content/rules/MedibankHealthSolutions.xml
deleted file mode 100644
index 47be6c3e4b29..000000000000
--- a/src/chrome/content/rules/MedibankHealthSolutions.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Medibank Health Solutions">
-	<target host="medibankhealth.com.au" />
-	<target host="*.medibankhealth.com.au" />
-
-	<rule from="^http://(?:www\.)?medibankhealth\.com\.au/"
-		to="https://www.medibankhealth.com.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Medical_Jane.xml b/src/chrome/content/rules/Medical_Jane.xml
index 051a026b19e5..2dc35622b07d 100644
--- a/src/chrome/content/rules/Medical_Jane.xml
+++ b/src/chrome/content/rules/Medical_Jane.xml
@@ -6,7 +6,7 @@ Fetch error: http://medicaljane.com/ => https://medicaljane.com/: (7, 'Failed to
 Disabled by https-everywhere-checker because:
 Fetch error: http://medicaljane.com/ => https://medicaljane.com/: (51, "SSL: no alternative certificate subject name matches target host name 'medicaljane.com'")
 -->
-<ruleset name="Medical Jane" default_off='failed ruleset test'>
+<ruleset name="Medical Jane" default_off="failed ruleset test">
 
 	<target host="medicaljane.com" />
 	<target host="www.medicaljane.com" />
@@ -17,4 +17,4 @@ Fetch error: http://medicaljane.com/ => https://medicaljane.com/: (51, "SSL: no
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Medical_Treatments_Management.xml b/src/chrome/content/rules/Medical_Treatments_Management.xml
index b18e96c7287e..bb38ef25f538 100644
--- a/src/chrome/content/rules/Medical_Treatments_Management.xml
+++ b/src/chrome/content/rules/Medical_Treatments_Management.xml
@@ -5,7 +5,7 @@
 <ruleset name="Medical Treatments Management">
 
 	<target host="medical-treatments-management.com" />
-	<target host="*.medical-treatments-management.com" />
+	<target host="www.medical-treatments-management.com" />
 	<target host="mtmweb.biz" />
 	<target host="www.mtmweb.biz" />
 	<target host="mtmweb.com" />
@@ -18,7 +18,6 @@
 	<rule from="^http://(www\.)?m(?:edical-treatments-management|tmweb)\.com/"
 		to="https://$1medical-treatments-management.com/" />
 
-	<rule from="^http://(www\.)?mtmweb\.biz/"
-		to="https://$1mtmweb.biz/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Medici-manager.com.xml b/src/chrome/content/rules/Medici-manager.com.xml
index bc6adada0d26..944cf21dd4f1 100644
--- a/src/chrome/content/rules/Medici-manager.com.xml
+++ b/src/chrome/content/rules/Medici-manager.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.medici-manager.com/ => https://www.medici-manager.com/:
 	* Secured by us
 
 -->
-<ruleset name="Medici-manager.com" default_off='failed ruleset test'>
+<ruleset name="Medici-manager.com" default_off="failed ruleset test">
 
 	<target host="medici-manager.com" />
 	<target host="www.medici-manager.com" />
diff --git a/src/chrome/content/rules/MediciGlobal.com-falsemixed.xml b/src/chrome/content/rules/MediciGlobal.com-falsemixed.xml
deleted file mode 100644
index 95bd34dd8b6d..000000000000
--- a/src/chrome/content/rules/MediciGlobal.com-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-
-	For rules not causing false/broken MCB, see MediciGlobal.com.xml.
-
--->
-<ruleset name="MediciGlobal.com (false MCB)" platform="mixedcontent">
-
-	<target host="mediciglobal.com" />
-	<target host="www.mediciglobal.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^mediciglobal\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MediciGlobal.com.xml b/src/chrome/content/rules/MediciGlobal.com.xml
index 95855a3546fd..518704776c04 100644
--- a/src/chrome/content/rules/MediciGlobal.com.xml
+++ b/src/chrome/content/rules/MediciGlobal.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://stats.mediciglobal.com/ => https://stats.mediciglobal.com/:
 	* Secured by us
 
 -->
-<ruleset name="MediciGlobal.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MediciGlobal.com (partial)" default_off="failed ruleset test">
 
 	<target host="mediciglobal.com" />
 	<target host="stats.mediciglobal.com" />
diff --git a/src/chrome/content/rules/Mediekompaniet.com.xml b/src/chrome/content/rules/Mediekompaniet.com.xml
index 466c41afde2c..1a34edbb94f4 100644
--- a/src/chrome/content/rules/Mediekompaniet.com.xml
+++ b/src/chrome/content/rules/Mediekompaniet.com.xml
@@ -8,11 +8,11 @@ Fetch error: http://nysk.mediekompaniet.com/ => https://nysk.mediekompaniet.com/
 		- (www.)	(refused)
 
 -->
-<ruleset name="Mediekompaniet.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mediekompaniet.com (partial)" default_off="failed ruleset test">
 
 	<target host="nysk.mediekompaniet.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Medienstiftung-hsh.de.xml b/src/chrome/content/rules/Medienstiftung-hsh.de.xml
deleted file mode 100644
index fdf6047ebad2..000000000000
--- a/src/chrome/content/rules/Medienstiftung-hsh.de.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Medienstiftung-hsh.de">
-    <target host="medienstiftung-hsh.de" />
-    <target host="www.medienstiftung-hsh.de" />
-
-    <securecookie host="^(www\.)?medienstiftung-hsh\.de$" name=".+" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Medius_Corp.com.xml b/src/chrome/content/rules/Medius_Corp.com.xml
deleted file mode 100644
index c8a6472c9e2a..000000000000
--- a/src/chrome/content/rules/Medius_Corp.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Other Medius rulesets:
-
-		- Medius_Viewer.com.xml
-
-
-	(www.): dropped
-
--->
-<ruleset name="Medius Corp.com (partial)">
-
-	<target host="services-sj.mediuscorp.com" />
-		<!--exclusion pattern="^http://www\.mediuscorp\.com/" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Medius_Viewer.com.xml b/src/chrome/content/rules/Medius_Viewer.com.xml
deleted file mode 100644
index 342c257ab2e3..000000000000
--- a/src/chrome/content/rules/Medius_Viewer.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Medius coverage, see Medius_Corp.com.xml.
-
-
-	services-sj: mismatched, CN: *.mediuscorp.com
-
--->
-<ruleset name="Medius Viewer.com">
-
-	<target host="services-sj.mediusviewer.com" />
-
-
-	<rule from="^http://services-sj\.mediusviewer\.com/"
-		to="https://services-sj.mediuscorp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Medscape.xml b/src/chrome/content/rules/Medscape.xml
index a117869d992f..0a319aa42a0c 100644
--- a/src/chrome/content/rules/Medscape.xml
+++ b/src/chrome/content/rules/Medscape.xml
@@ -23,7 +23,10 @@
 -->
 <ruleset name="Medscape (partial)">
 
-	<target host="*.medscape.com" />
+	<target host="images.medscape.com" />
+	<target host="img.medscape.com" />
+	<target host="login.medscape.com" />
+	<target host="profreg.medscape.com" />
 
 
 	<!--	Presumably at least some cross-domain cookies need
@@ -37,9 +40,8 @@
 	<rule from="^http://images\.medscape\.com/"
 		to="https://img.medscape.com/" />
 
-	<rule from="^http://(img|login|profreg)\.medscape\.com/"
-		to="https://$1.medscape.com/" />
 
 
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Meebo.xml b/src/chrome/content/rules/Meebo.xml
index 65e70e8840b3..06c3280bfb0b 100644
--- a/src/chrome/content/rules/Meebo.xml
+++ b/src/chrome/content/rules/Meebo.xml
@@ -14,10 +14,12 @@ Fetch error: http://meebo.com/ => https://www.meebo.com/: (51, "SSL: no alternat
 		- rd	(works; expired 2013-01-26)
 
 -->
-<ruleset name="Meebo" default_off='failed ruleset test'>
+<ruleset name="Meebo" default_off="failed ruleset test">
 
 	<target host="meebo.com" />
-	<target host="*.meebo.com" />
+	<target host="www.meebo.com" />
+	<target host="cim.meebo.com" />
+	<target host="dashboard.meebo.com" />
 
 
 	<securecookie host="^\.meebo\.com$" name=".+" />
@@ -26,7 +28,6 @@ Fetch error: http://meebo.com/ => https://www.meebo.com/: (51, "SSL: no alternat
 	<rule from="^http://(?:www\.)?meebo\.com/"
 		to="https://www.meebo.com/" />
 
-	<rule from="^http://(cim|dashboard)\.meebo\.com/"
-		to="https://$1.meebo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Meego.xml b/src/chrome/content/rules/Meego.xml
index 2b2f8c3fae33..a786103e6c25 100644
--- a/src/chrome/content/rules/Meego.xml
+++ b/src/chrome/content/rules/Meego.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.meego.com/ => https://www.meego.com/: (51, "SSL: no alte
 Disabled by https-everywhere-checker because:
 Fetch error: http://meego.com/ => https://meego.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Meego" default_off='failed ruleset test'>
+<ruleset name="Meego" default_off="failed ruleset test">
 
 	<target host="meego.com" />
 	<target host="www.meego.com" />
diff --git a/src/chrome/content/rules/MeetInLeeds.xml b/src/chrome/content/rules/MeetInLeeds.xml
index 38769f402db5..88d5985f294c 100644
--- a/src/chrome/content/rules/MeetInLeeds.xml
+++ b/src/chrome/content/rules/MeetInLeeds.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MeetMe.xml b/src/chrome/content/rules/MeetMe.xml
index 6314e92df22e..aab520100772 100644
--- a/src/chrome/content/rules/MeetMe.xml
+++ b/src/chrome/content/rules/MeetMe.xml
@@ -34,7 +34,7 @@ Fetch error: http://vip.meetme.com/ => https://vip.meetme.com/: (51, "SSL: no al
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="MeetMe" default_off='failed ruleset test'>
+<ruleset name="MeetMe" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MeetMe_Corp.xml b/src/chrome/content/rules/MeetMe_Corp.xml
index 07b11fa0ab0c..fe502bd8e6bb 100644
--- a/src/chrome/content/rules/MeetMe_Corp.xml
+++ b/src/chrome/content/rules/MeetMe_Corp.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?meetmecorp\.com/"
 		to="https://www.meetmecorp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meetic-problematic.xml b/src/chrome/content/rules/Meetic-problematic.xml
index 96ad4f9c1b09..518c16b5cfdc 100644
--- a/src/chrome/content/rules/Meetic-problematic.xml
+++ b/src/chrome/content/rules/Meetic-problematic.xml
@@ -4,7 +4,8 @@
 -->
 <ruleset name="Meetic (problematic)" default_off="mismatched">
 
-	<target host="*.ilius.net" />
+	<target host="k.ilius.net" />
+	<target host="stda.ilius.net" />
 		<!--
 			Handled in Meetic.xml:
 						-->
@@ -14,13 +15,10 @@
 	<target host="statics.meetic-affinity.com" />
 
 
-	<rule from="^http://(k|stda)\.ilius\.net/"
-		to="https://$1.ilius.net/" />
 
 	<rule from="^http://p(?:ictures\.meetic\.com|hotos\.meetic\.fr)/"
 		to="https://photos.meetic.fr/" />
 
-	<rule from="^http://statics\.meetic-affinity\.com/"
-		to="https://statics.meetic-affinity.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Meetic.pt.xml b/src/chrome/content/rules/Meetic.pt.xml
index 7d98b3bab22c..7509a5c388be 100644
--- a/src/chrome/content/rules/Meetic.pt.xml
+++ b/src/chrome/content/rules/Meetic.pt.xml
@@ -2,6 +2,6 @@
   <target host="meetic.pt" />
   <target host="www.meetic.pt" />
   <target host="touch.meetic.pt" />
-  
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Meetrics.xml b/src/chrome/content/rules/Meetrics.xml
index fa5439fe0dad..d6e9ea9ebf87 100644
--- a/src/chrome/content/rules/Meetrics.xml
+++ b/src/chrome/content/rules/Meetrics.xml
@@ -47,4 +47,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MegWorld.xml b/src/chrome/content/rules/MegWorld.xml
index 2c3a62afcc37..8d6c8d2d563d 100644
--- a/src/chrome/content/rules/MegWorld.xml
+++ b/src/chrome/content/rules/MegWorld.xml
@@ -8,10 +8,12 @@ Fetch error: http://megworld.co.uk/ => https://megworld.co.uk/: (60, 'SSL certif
 		- www		(http redirects to https://www; mismatched, CN: pump.megaworld.co.uk)
 
 -->
-<ruleset name="MegWorld" default_off='failed ruleset test'>
+<ruleset name="MegWorld" default_off="failed ruleset test">
 
 	<target host="megworld.co.uk" />
-	<target host="*.megworld.co.uk" />
+	<target host="pump.megworld.co.uk" />
+	<target host="webchat.megworld.co.uk" />
+	<target host="www.megworld.co.uk" />
 
 
 	<securecookie host="^pump\.megworld\.co\.uk$" name=".+" />
@@ -20,4 +22,4 @@ Fetch error: http://megworld.co.uk/ => https://megworld.co.uk/: (60, 'SSL certif
 	<rule from="^http://(?:(pump\.|webchat\.)|www\.)?megworld\.co\.uk/"
 		to="https://$1megworld.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MegaBigPower.com.xml b/src/chrome/content/rules/MegaBigPower.com.xml
index 64308cedb409..bd43b6791c0f 100644
--- a/src/chrome/content/rules/MegaBigPower.com.xml
+++ b/src/chrome/content/rules/MegaBigPower.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://megabigpower.com/ => https://megabigpower.com/: (60, 'SSL ce
 Fetch error: http://www.megabigpower.com/ => https://www.megabigpower.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="MegaBigPower.com" default_off='failed ruleset test'>
+<ruleset name="MegaBigPower.com" default_off="failed ruleset test">
 
 	<target host="megabigpower.com" />
 	<target host="www.megabigpower.com" />
diff --git a/src/chrome/content/rules/MegaPath.xml b/src/chrome/content/rules/MegaPath.xml
index 833fab779bf6..5ab459f98beb 100644
--- a/src/chrome/content/rules/MegaPath.xml
+++ b/src/chrome/content/rules/MegaPath.xml
@@ -23,7 +23,7 @@ Fetch error: http://vp1-voiceportal.megapath.com/Login/ => https://vp1-voiceport
 		- www.megapath.com
 
 -->
-<ruleset name="MegaPath.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MegaPath.com (partial)" default_off="failed ruleset test">
 
 	<target host="megapath.com"/>
 	<target host="extranet.megapath.com"/>
diff --git a/src/chrome/content/rules/Megabus.com.xml b/src/chrome/content/rules/Megabus.com.xml
index da154e87ed00..ddeb870435bf 100644
--- a/src/chrome/content/rules/Megabus.com.xml
+++ b/src/chrome/content/rules/Megabus.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.megabusgold.com/ => https://www.megabusgold.com/: (60, '
 	Nonfunctional domains:
 		festivals.megabus.com (wrong domain for certificate)
 -->
-<ruleset name="Megabus" default_off='failed ruleset test'>
+<ruleset name="Megabus" default_off="failed ruleset test">
 	<target host="megabus.com" />
 	<target host="www.megabus.com" />
 	<target host="ca.megabus.com" />
diff --git a/src/chrome/content/rules/MeiPian.xml b/src/chrome/content/rules/MeiPian.xml
index a60a0607d9fb..a83df1b535d1 100644
--- a/src/chrome/content/rules/MeiPian.xml
+++ b/src/chrome/content/rules/MeiPian.xml
@@ -1,22 +1,19 @@
 <!--
 	Invalid certificate:
-		^meipian.cn
 		download.meipian.cn
 		verify.meipian.cn
-		
-		^(www.)?meipian.me
+
+		^meipian.me
 		editor.meipian.me
-	
-	MCB:
-		www.meipian.cn
 -->
-
 <ruleset name="MeiPian (partial)">
-	
+	<target host="meipian.cn" />
+	<target host="www.meipian.cn" />
 	<target host="a.meipian.cn" />
+
+	<target host="www.meipian.me" />
 	<target host="a.meipian.me" />
 	<target host="ss2.meipian.me" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/MeiTuan.com.xml b/src/chrome/content/rules/MeiTuan.com.xml
index ab3944e2ac4c..4c9be83c2210 100644
--- a/src/chrome/content/rules/MeiTuan.com.xml
+++ b/src/chrome/content/rules/MeiTuan.com.xml
@@ -3,57 +3,33 @@
 		MeiTuan.net.xml
 
 	Cities:
-		There are more and more cities: https://www.meituan.com/index/changecity/initiative
+		There are more and more cities: https://www.meituan.com/changecity/
 		While this ruleset be created on 28 May 2016, there were 886 cities.
 		On 20 Feb 2017, the number is 964.
+		On 13 June 2020, the number is more than 1k.
 		We get error from travis: “The job exceeded the maximum time limit for jobs, and has been terminated.”
 		To fix this issue, maybe exclusion is the best choise.
-		Use strict regex ^http://(\w+)\.meituan\.com/ to avoid redirects on 4th level subdomains (*.*.meituan.com)
-
-	Different http/https content:
-		^meituan.com
-		tech.meituan.com
-		union.meituan.com
-		zhao.meituan.com
+		Maybe we need strict regex ^http://(\w+)\.meituan\.com/ to avoid redirects on 4th level subdomains (*.*.meituan.com)
 
 	Invalid cert:
-		ck.dsp.meituan.com
 		api.mobile.meituan.com
-
-	MCB:
-		i.meituan.com/mobile/
-		waimai.meituan.com
 -->
-
 <ruleset name="MeiTuan.com">
-	<!--Directly:-->
-		<test url="http://s1.meituan.com/bs/js/?f=mta-js:mta.min.js" />
-
-	<!--MCB:-->
-		<exclusion pattern="^http://i\.meituan\.com/mobile/" />
-		<test url="http://i.meituan.com/mobile/down/meituan" />
-		<exclusion pattern="^http://waimai\.meituan\.com/(?!static/)" />
-		<test url="http://waimai.meituan.com/static/img/logos/small_3.png" />
-		<test url="http://waimai.meituan.com/mobile/download/default" />
+	<target host="meituan.com"/>
+	<target host="*.meituan.com"/>
 
-	<!--For Cities:-->
-	<rule from="^http://kaidian\.waimai\.meituan\.com/"
-			to="https://kaidian.waimai.meituan.com/" />
-		<test url="http://kaidian.waimai.meituan.com/images/welcome/step1.png" />
+	<exclusion pattern="^http://api\.mobile\.meituan\.com/" />
+		<test url="http://api.mobile.meituan.com/" />
 
-	<target host="*.meituan.com"/>
+	<rule from="^http:" to="https:" />
 		<test url="http://bj.meituan.com/" />
 		<test url="http://sh.meituan.com/" />
 		<test url="http://gz.meituan.com/" />
 		<test url="http://sz.meituan.com/" />
 
-	<exclusion pattern="^http://tech\.meituan\.com/" />
+		<test url="http://i.meituan.com/mobile/down/meituan" />
+		<test url="http://s1.meituan.com/bs/js/?f=mta-js:mta.min.js" />
 		<test url="http://tech.meituan.com/" />
-	<exclusion pattern="^http://union\.meituan\.com/" />
 		<test url="http://union.meituan.com/" />
-	<exclusion pattern="^http://zhao\.meituan\.com/" />
-		<test url="http://zhao.meituan.com/" />
-
-	<rule from="^http://(\w+)\.meituan\.com/"
-			to="https://$1.meituan.com/" />
+		<test url="http://kaidian.waimai.meituan.com/open_store/pclogin" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mekanist.xml b/src/chrome/content/rules/Mekanist.xml
index 800e9708ad0e..252ad3867a4c 100644
--- a/src/chrome/content/rules/Mekanist.xml
+++ b/src/chrome/content/rules/Mekanist.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.mekanist.net/ => https://www.mekanist.net/: (60, 'SSL ce
 Fetch error: http://mekanist.net/ => https://www.mekanist.net/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Mekanist" default_off='failed ruleset test'>
+<ruleset name="Mekanist" default_off="failed ruleset test">
   <target host="www.mekanist.net" />
   <target host="mekanist.net" />
 
diff --git a/src/chrome/content/rules/Mellanox-problematic.xml b/src/chrome/content/rules/Mellanox-problematic.xml
index e3a564b9cb11..856dd35adf5d 100644
--- a/src/chrome/content/rules/Mellanox-problematic.xml
+++ b/src/chrome/content/rules/Mellanox-problematic.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Melonbooks.co.jp.xml b/src/chrome/content/rules/Melonbooks.co.jp.xml
index 31d812d7709b..02fafed3f6ae 100644
--- a/src/chrome/content/rules/Melonbooks.co.jp.xml
+++ b/src/chrome/content/rules/Melonbooks.co.jp.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	Non-functional hosts:
 		Certificate mismatch:
 			- admin.melonbooks.co.jp
@@ -46,7 +46,7 @@
 
 	<rule from="^http://melonbooks\.co\.jp/"
 			to="https://www.melonbooks.co.jp/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Meltwater-News.xml b/src/chrome/content/rules/Meltwater-News.xml
index e0ca177bc2db..149432b38238 100644
--- a/src/chrome/content/rules/Meltwater-News.xml
+++ b/src/chrome/content/rules/Meltwater-News.xml
@@ -34,7 +34,7 @@
 			- service
 			- ^www
 				-->
-	<securecookie host="^(?:.*\.)?meltwaternews\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--rule from="^http://(?:www\.)?meltwater\.com/"
diff --git a/src/chrome/content/rules/MemberCentral.xml b/src/chrome/content/rules/MemberCentral.xml
index 2e43e4ba3e9c..aabf9f7480b4 100644
--- a/src/chrome/content/rules/MemberCentral.xml
+++ b/src/chrome/content/rules/MemberCentral.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Memberful.com.xml b/src/chrome/content/rules/Memberful.com.xml
index d93f69dbfa43..0b15b5080609 100644
--- a/src/chrome/content/rules/Memberful.com.xml
+++ b/src/chrome/content/rules/Memberful.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.memberful.com/ => https://www.memberful.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Memberful.com" default_off='failed ruleset test'>
+<ruleset name="Memberful.com" default_off="failed ruleset test">
 
 	<target host="memberful.com" />
 	<target host="signup.memberful.com" />
diff --git a/src/chrome/content/rules/Memberhealthplan.com.xml b/src/chrome/content/rules/Memberhealthplan.com.xml
new file mode 100644
index 000000000000..4d7a364154b3
--- /dev/null
+++ b/src/chrome/content/rules/Memberhealthplan.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Memberhealthplan.com">
+	<target host="memberhealthplan.com" />
+	<target host="www.memberhealthplan.com" />
+	<target host="edocs.memberhealthplan.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Meme_Center.xml b/src/chrome/content/rules/Meme_Center.xml
index ad733113c8d9..75e154f86d7f 100644
--- a/src/chrome/content/rules/Meme_Center.xml
+++ b/src/chrome/content/rules/Meme_Center.xml
@@ -6,18 +6,14 @@
 -->
 <ruleset name="Meme Center (partial)">
 
-	<target host="*.memecdn.com" />
+	<target host="scdn.memecdn.com" />
 	<target host="memecenter.com" />
-	<target host="*.memecenter.com" />
+	<target host="www.memecenter.com" />
 
 
 	<securecookie host="^\.memecenter\.com$" name=".+" />
 
 
-	<rule from="^http://(global3|scdn)\.memecdn\.com/"
-		to="https://$1.memecdn.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://((?:ovh|red|rn|www|yntmeme)\.)?memecenter\.com/"
-		to="https://$1memecenter.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Memo.tv.xml b/src/chrome/content/rules/Memo.tv.xml
new file mode 100644
index 000000000000..e2816759f67e
--- /dev/null
+++ b/src/chrome/content/rules/Memo.tv.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- ftp
+
+	Connection closed:
+		- mail
+-->
+<ruleset name="Memo.tv">
+	<target host="memo.tv" />
+	<target host="www.memo.tv" />
+	<target host="wpmemo.memo.tv" />
+	<target host="www.wpmemo.memo.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Memorial-University.xml b/src/chrome/content/rules/Memorial-University.xml
index 988bcb954e46..d0a76b343cda 100644
--- a/src/chrome/content/rules/Memorial-University.xml
+++ b/src/chrome/content/rules/Memorial-University.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.cs.mun.ca/courses/ => https://www.cs.mun.ca/courses/: (6
 
 	¹: Connection timeout
 -->
-<ruleset name="Memorial University" default_off='failed ruleset test'>
+<ruleset name="Memorial University" default_off="failed ruleset test">
 	<target host="*.mun.ca" />
 
 	<exclusion pattern="^http://www.ucs.mun.ca/" />
diff --git a/src/chrome/content/rules/Memory-Alpha.xml b/src/chrome/content/rules/Memory-Alpha.xml
index 8e44a31b68d1..3a084c78c848 100644
--- a/src/chrome/content/rules/Memory-Alpha.xml
+++ b/src/chrome/content/rules/Memory-Alpha.xml
@@ -22,13 +22,12 @@
 <ruleset name="Memory Alpha" default_off="mismatched">
 
 	<!--	Cert: *.a.ssl.fastly.net	-->
-	<target host="*.memory-alpha.org" />
+	<target host="en.memory-alpha.org" />
 
 
 	<securecookie host="^(?:en)?\.memory-alpha\.org$" name=".+" />
 
 
-	<rule from="^http://en\.memory-alpha\.org/"
-		to="https://en.memory-alpha.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Memorydealers.xml b/src/chrome/content/rules/Memorydealers.xml
deleted file mode 100644
index 097a11668c44..000000000000
--- a/src/chrome/content/rules/Memorydealers.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Memorydealers" platform="mixedcontent">
-
-	<target host="memorydealers.com" />
-	<target host="www.memorydealers.com" />
-	<!--	* for cross-domain cookie.	-->
-	
-
-
-	<securecookie host="^\.memorydealers\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Memrise.xml b/src/chrome/content/rules/Memrise.xml
deleted file mode 100644
index bb1140cfde2b..000000000000
--- a/src/chrome/content/rules/Memrise.xml
+++ /dev/null
@@ -1,79 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.memrise.com/ | d107cgb5lgj7br.cloudfront.net
-
-			- media.memrise.com
-			- static.memrise.com
-
-
-	Problematic hosts in *memrise.com:
-
-		- feedback ¹
-		- static ²
-
-	¹ Uservoice
-	² Cloudfront
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .memrise.com
-		- feedback.memrise.com
-		- www.memrise.com
-
--->
-<ruleset name="Memrise.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="memrise.com" />
-	<target host="www.memrise.com" />
-
-	<!--	Complications:
-				-->
-	<target host="media.memrise.com" />
-	<target host="static.memrise.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.memrise\.com/(?:blog|courses|forums|password/reset)(?:$|[?/])" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.memrise\.com/+(?!$|\?|(?:join|login)(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.memrise.com/about/" />
-			<test url="http://www.memrise.com/blog/" />
-			<test url="http://www.memrise.com/contact/" />
-			<test url="http://www.memrise.com/courses/" />
-			<test url="http://www.memrise.com/courses/english/the-natural-world/" />
-			<test url="http://www.memrise.com/forums/" />
-			<test url="http://www.memrise.com/password/reset/" />
-			<test url="http://www.memrise.com/science/" />
-			<test url="http://www.memrise.com/teachers/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.memrise.com/join/" />
-			<test url="http://www.memrise.com/login/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.memrise\.com$" name="^(?:__cfuid|cf_clearance)$" /-->
-	<!--securecookie host="^feedback\.memrise\.com$" name="^(?:_rf|_session_id)$" /-->
-	<!--securecookie host="^www\.memrise\.com$" name="^csrftoken$" /-->
-
-	<securecookie host="^\.memrise\.com$" name="^__cfduid$" />
-
-
-	<rule from="^http://(?:media|static)\.memrise\.com/"
-		to="https://d107cgb5lgj7br.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Memset.xml b/src/chrome/content/rules/Memset.xml
index 3439bc01ec70..192e719e0cf9 100644
--- a/src/chrome/content/rules/Memset.xml
+++ b/src/chrome/content/rules/Memset.xml
@@ -21,7 +21,7 @@
 					-->
 	<!--securecookie host="^www\.memset\.com$" name="^(?:currency|navloggedin|visitorsession)$" /-->
 
-	<securecookie host="^(?:.*\.)?memset\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?memset\.com/"
 		to="https://$1memset.com/"/>
diff --git a/src/chrome/content/rules/Memtest.org.xml b/src/chrome/content/rules/Memtest.org.xml
new file mode 100644
index 000000000000..bde759dfde10
--- /dev/null
+++ b/src/chrome/content/rules/Memtest.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- memtest.org
+-->
+<ruleset name="Memtest.org">
+	<target host="memtest.org" />
+	<target host="www.memtest.org" />
+
+	<rule from="^http://memtest\.org/" to="https://www.memtest.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mencap.org.uk.xml b/src/chrome/content/rules/Mencap.org.uk.xml
index 648918a952c6..3e6a40eb4495 100644
--- a/src/chrome/content/rules/Mencap.org.uk.xml
+++ b/src/chrome/content/rules/Mencap.org.uk.xml
@@ -41,7 +41,7 @@ Fetch error: http://www.jobs.mencap.org.uk/ => https://www.jobs.mencap.org.uk/:
 	for ^, donate, www, yournetwork
 
 -->
-<ruleset name="Mencap.org.uk" default_off='failed ruleset test'>
+<ruleset name="Mencap.org.uk" default_off="failed ruleset test">
 
 	<target host="mencap.org.uk" />
 	<target host="*.mencap.org.uk" />
diff --git a/src/chrome/content/rules/MeningitisTrust.org.xml b/src/chrome/content/rules/MeningitisTrust.org.xml
deleted file mode 100644
index caf15b61ecc6..000000000000
--- a/src/chrome/content/rules/MeningitisTrust.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Time out:
-		meningitis-trust.org
-
--->
-<ruleset name="Meningitus Trust.org">
-
-	<target host="meningitis-trust.org" />
-	<target host="www.meningitis-trust.org" />
-
-	<rule from="^http://meningitis-trust\.org/"
-		to="https://www.meningitis-trust.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MentalHealthServicesinAustralia.xml b/src/chrome/content/rules/MentalHealthServicesinAustralia.xml
deleted file mode 100644
index 6db866ed7dcf..000000000000
--- a/src/chrome/content/rules/MentalHealthServicesinAustralia.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Mental health services in Australia">
-	<target host="mhsa.aihw.gov.au" />
-	<target host="*.mhsa.aihw.gov.au" />
-
-	<rule from="^http://(?:www\.)?mhsa\.aihw\.gov\.au/"
-		to="https://mhsa.aihw.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mentalfloss.com.xml b/src/chrome/content/rules/Mentalfloss.com.xml
new file mode 100644
index 000000000000..3b6773839e88
--- /dev/null
+++ b/src/chrome/content/rules/Mentalfloss.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Connection refused:
+		- aphrodite.mentalfloss.com
+		- cms.mentalfloss.com
+		- eros.mentalfloss.com
+
+	Invalid certificate:
+		- store.mentalfloss.com
+-->
+
+<ruleset name="Mentalfloss.com">
+	<target host="mentalfloss.com" />
+	<target host="www.mentalfloss.com" />
+	<target host="adonis.mentalfloss.com" />
+	<target host="images.mentalfloss.com" />
+	<target host="m.mentalfloss.com" />
+	<target host="subscribe.mentalfloss.com" />
+	<target host="us.mentalfloss.com" />
+	<target host="us1.mentalfloss.com" />
+	<target host="us2.mentalfloss.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mentalhealth.asn.au.xml b/src/chrome/content/rules/Mentalhealth.asn.au.xml
index 462706a02090..76c8a369085a 100644
--- a/src/chrome/content/rules/Mentalhealth.asn.au.xml
+++ b/src/chrome/content/rules/Mentalhealth.asn.au.xml
@@ -14,8 +14,8 @@
 -->
 <ruleset name="Mentalhealth.asn.au">
   <target host="mentalhealth.asn.au" />
-  <target host="*.mentalhealth.asn.au" />
+  <target host="www.mentalhealth.asn.au" />
 
   <rule from="^http://(www\.)?mentalhealth\.asn\.au/"
           to="https://www.mentalhealth.asn.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mentor-Graphics.xml b/src/chrome/content/rules/Mentor-Graphics.xml
deleted file mode 100644
index a73526327c97..000000000000
--- a/src/chrome/content/rules/Mentor-Graphics.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/images.mentor.com/
-		- d30fqqf2omcq1k.cloudfront.net
-		- d3hnmhviacntp6.cloudfront.net
-
--->
-<ruleset name="Mentor Graphics (partial)">
-
-	<target host="codesourcery.com" />
-	<target host="www.codesourcery.com" />
-	<target host="mentor.com" />
-	<target host="*.mentor.com" />
-		<!--
-			* for cross-domain cookie.
-							-->
-
-
-	<securecookie host="^\.store1\.mentor\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?codesourcery\.com/"
-		to="https://www.mentor.com/embedded-software/codesourcery" />
-
-	<!--	!www doesn't work.
-					-->
-	<rule from="^http://mentor\.com/"
-		to="https://www.mentor.com/" />
-
-	<rule from="^http://(accounts|store1?|supportnet)\.mentor\.com/"
-		to="https://$1.mentor.com/" />
-
-	<rule from="^http://cache\.mentor\.com/"
-		to="https://d30fqqf2omcq1k.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mentor.com.xml b/src/chrome/content/rules/Mentor.com.xml
new file mode 100644
index 000000000000..8a2d0ae644b4
--- /dev/null
+++ b/src/chrome/content/rules/Mentor.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Refused:
+		- cache
+		- suggest
+
+	Timeout:
+		- wiki
+-->
+<ruleset name="Mentor.com">
+	<target host="mentor.com" />
+	<target host="www.mentor.com" />
+	<target host="accounts.mentor.com" />
+	<target host="advantage.mentor.com" />
+	<target host="analytics.mentor.com" />
+	<target host="beta.mentor.com" />
+	<target host="blogs.mentor.com" />
+	<target host="connect.mentor.com" />
+	<target host="crm.mentor.com" />
+	<target host="go.mentor.com" />
+	<target host="help.mentor.com" />
+	<target host="interactive.mentor.com" />
+	<target host="iweb.mentor.com" />
+	<target host="learn.mentor.com" />
+	<target host="login.mentor.com" />
+	<target host="marketing.mentor.com" />
+	<target host="salesconnect.mentor.com" />
+	<target host="signin.mentor.com" />
+	<target host="sourcery.mentor.com" />
+	<target host="store.mentor.com" />
+	<target host="store1.mentor.com" />
+	<target host="support.mentor.com" />
+	<target host="supportnet.mentor.com" />
+	<target host="video.mentor.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mentoring_Central.xml b/src/chrome/content/rules/Mentoring_Central.xml
index d9bd052f2ced..a0eff0680785 100644
--- a/src/chrome/content/rules/Mentoring_Central.xml
+++ b/src/chrome/content/rules/Mentoring_Central.xml
@@ -8,16 +8,16 @@ Non-2xx HTTP code: http://www.mentoringcentral.net/ (200) => https://www.mentori
 Automatically by https-everywhere-checker because:
 Fetch error: http://mentoringcentral.net/ => https://mentoringcentral.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Mentoring Central" default_off='failed ruleset test'>
+<ruleset name="Mentoring Central" default_off="failed ruleset test">
 
 	<target host="mentoringcentral.net" />
 	<target host="resources.mentoringcentral.net" />
 	<target host="www.mentoringcentral.net" />
 
 
-	<securecookie host="^(?:.*\.)?mentoringcentral\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meo.pt.xml b/src/chrome/content/rules/Meo.pt.xml
index f1ba9de6b030..8cdb1b3c1b11 100644
--- a/src/chrome/content/rules/Meo.pt.xml
+++ b/src/chrome/content/rules/Meo.pt.xml
@@ -37,7 +37,7 @@ Fetch error: http://login.meo.pt/ => https://login.meo.pt/: (6, 'Could not resol
 	lojas.meo.pt
 -->
 
-<ruleset name="Meo.pt" default_off='failed ruleset test'>
+<ruleset name="Meo.pt" default_off="failed ruleset test">
 	<target host="meo.pt" />
 	<target host="www.meo.pt" />
 	<target host="online.meo.pt" />
@@ -52,6 +52,6 @@ Fetch error: http://login.meo.pt/ => https://login.meo.pt/: (6, 'Could not resol
 	<target host="cliente.meo.pt" />
 	<target host="promospot.meo.pt" />
 	<target host="parking.meo.pt" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mephi.ru.xml b/src/chrome/content/rules/Mephi.ru.xml
index 21dec071e208..9fb66ddb26d8 100644
--- a/src/chrome/content/rules/Mephi.ru.xml
+++ b/src/chrome/content/rules/Mephi.ru.xml
@@ -37,7 +37,11 @@
 -->
 <ruleset name="MEPhI.ru (partial)">
 
-	<target host="*.mephi.ru" />
+	<target host="ca.mephi.ru" />
+	<target host="eis.mephi.ru" />
+	<target host="oir.mephi.ru" />
+	<target host="ut.mephi.ru" />
+	<target host="mail.ut.mephi.ru" />
 		<!--exclusion pattern="^http://(readme\.campus|voip|www)\." /-->
 
 
@@ -47,7 +51,6 @@
 	<securecookie host="^(?:oir|ut|\.mail\.ut)\.mephi\.ru$" name=".+" />
 
 
-	<rule from="^http://(ca|eis|oir|ut|mail\.ut)\.mephi\.ru/"
-		to="https://$1.mephi.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mequoda.com.xml b/src/chrome/content/rules/Mequoda.com.xml
index 5b4a87b340fe..430e4cb592eb 100644
--- a/src/chrome/content/rules/Mequoda.com.xml
+++ b/src/chrome/content/rules/Mequoda.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.mequoda.com/ => https://www.mequoda.com/: (60, 'SSL cert
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Mequoda.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mequoda.com (partial)" default_off="failed ruleset test">
 
 	<target host="mequoda.com" />
 	<target host="www.mequoda.com" />
@@ -26,4 +26,4 @@ Fetch error: http://www.mequoda.com/ => https://www.mequoda.com/: (60, 'SSL cert
 	<rule from="^http://(?:www\.)?mequoda\.com/"
 		to="https://www.mequoda.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meraki.xml b/src/chrome/content/rules/Meraki.xml
index 2c493caeed20..9ddb4c20ce91 100644
--- a/src/chrome/content/rules/Meraki.xml
+++ b/src/chrome/content/rules/Meraki.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MerchDirect.xml b/src/chrome/content/rules/MerchDirect.xml
index c8ea6f1e78ca..7bb96456f720 100644
--- a/src/chrome/content/rules/MerchDirect.xml
+++ b/src/chrome/content/rules/MerchDirect.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.merchdirect.com/ => https://www.merchdirect.com/: (51, "
 	Some (most?) pages redirect to http
 
 -->
-<ruleset name="MerchDirect (partial)" default_off='failed ruleset test'>
+<ruleset name="MerchDirect (partial)" default_off="failed ruleset test">
 
 	<target host="merchdirect.com" />
 	<target host="www.merchdirect.com" />
diff --git a/src/chrome/content/rules/Merchantquest.net.xml b/src/chrome/content/rules/Merchantquest.net.xml
index 951b1a813896..c875e4c995c5 100644
--- a/src/chrome/content/rules/Merchantquest.net.xml
+++ b/src/chrome/content/rules/Merchantquest.net.xml
@@ -4,10 +4,10 @@
 		<exclusion pattern="^http://www\." />
 
 
-	<securecookie host=".+\.merchantquest\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.merchantquest\.net/"
 		to="https://$1.merchantquest.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mercurial_SCM.xml b/src/chrome/content/rules/Mercurial_SCM.xml
index e9015b73ee6a..7e65907ba526 100644
--- a/src/chrome/content/rules/Mercurial_SCM.xml
+++ b/src/chrome/content/rules/Mercurial_SCM.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mercurial.selenic.com/ => https://mercurial.selenic.com/: (6, 'Could not resolve host: mercurial.selenic.com')
 
 -->
-<ruleset name="Mercurial SCM" default_off='failed ruleset test'>
+<ruleset name="Mercurial SCM" default_off="failed ruleset test">
   <target host="mercurial-scm.org" />
   <target host="www.mercurial-scm.org" />
   <target host="bz.mercurial-scm.org" />
diff --git a/src/chrome/content/rules/Mercury_News.xml b/src/chrome/content/rules/Mercury_News.xml
index 867c40a881f6..a8dfc8100dfa 100644
--- a/src/chrome/content/rules/Mercury_News.xml
+++ b/src/chrome/content/rules/Mercury_News.xml
@@ -12,9 +12,9 @@
 			- .
 			- now
 					-->
-	<securecookie host="^(?:.*\.)?mmedia\.me$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meritrust_CU.org.xml b/src/chrome/content/rules/Meritrust_CU.org.xml
index 234a15eea369..72c711bbe051 100644
--- a/src/chrome/content/rules/Meritrust_CU.org.xml
+++ b/src/chrome/content/rules/Meritrust_CU.org.xml
@@ -8,7 +8,8 @@
 <ruleset name="Meritrust CU.org">
 
 	<target host="meritrustcu.org" />
-	<target host="*.meritrustcu.org" />
+	<target host="www.meritrustcu.org" />
+	<target host="xenapp.meritrustcu.org" />
 
 
 	<!--	Secured by server:
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?meritrustcu\.org/"
 		to="https://www.meritrustcu.org/" />
 
-	<rule from="^http://xenapp\.meritrustcu\.org/"
-		to="https://xenapp.meritrustcu.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Merkur.de.xml b/src/chrome/content/rules/Merkur.de.xml
index 994a0288cb03..fe2d0b06d07d 100644
--- a/src/chrome/content/rules/Merkur.de.xml
+++ b/src/chrome/content/rules/Merkur.de.xml
@@ -1,45 +1,33 @@
-<!-- Cert mismatch:
-
-		- branchenbuch.merkur.de
+<!--
+	Cert mismatch:
 		- epaper.merkur.de
+		- epaperapp.merkur.de
 		- epaperkiosk.merkur.de
-		- media.merkur.de
-		- playground.merkur.de
-		- veranstaltungen.merkur.de
 		- webviewer.merkur.de
-
-	Different HTTP/HTTPS content:
-		- www.promo.merkur.de
-
-	Mixed-Content:
-		- autoanzeigen.merkur.de
-
-	Refused:
-		- jobs.merkur.de
-
-	TimeOut:
-		- epaperapp.merkur.de
-
-	Secure connection failed:
-		- immobilien.merkur.de
 -->
 
 <ruleset name="Merkur.de">
 
 	<target host="merkur.de" />
-	<target host="www.merkur.de"/>
-	<target host="autoanzeigen.merkur.de"/>
-	<target host="druckhaustour.merkur.de"/>
+	<target host="www.merkur.de" />
+	<target host="autoanzeigen.merkur.de" />
+	<target host="druckhaustour.merkur.de" />
+	<target host="immobilien.merkur.de" />
+	<target host="jobs.merkur.de" />
 	<target host="markt.merkur.de" />
+	<target host="media.merkur.de" />
 	<target host="playground.merkur.de" />
 	<target host="promo.merkur.de" />
 	<target host="trauer.merkur.de" />
 	<target host="www.trauer.merkur.de" />
+	<target host="veranstaltungen.merkur.de" />
 
 	<test url="http://promo.merkur.de/abo/epaper/" />
 
 	<rule from="^http://www\.trauer\.merkur\.de/" to="https://trauer.merkur.de/"/>
-	
+
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Merlin-Entertainments.xml b/src/chrome/content/rules/Merlin-Entertainments.xml
deleted file mode 100644
index ef8e7a6ead86..000000000000
--- a/src/chrome/content/rules/Merlin-Entertainments.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Other Merlin Entertainments rulesets:
-		- AltonTowers.xml
-		- FallsCreek.com.au.xml
-		- Heide-Park.xml
-		- Kelly-Tarltons.xml
-		- Legolanddiscoverycenter.xml
-		- London-Eye.xml
-		- Madame-Tussauds.xml
-		- Manlysealifesanctuary.com.au
-		- Melbourne-Aquarium.xml
-		- shreksadventure.com.xml
-		- Sydney-Aquarium.xml
-		- Sydney-Tower-Eye.xml
-		- The-Blackpool-Tower.xml
-		- The-Dungeons.xml
-		- Thorpe-Park.xml
-		- UnderwaterWorld.com.au.xml
-		- visitsealife.com.xml
-		- Warwick-Castle.xml
-		- Wildlifesydney.com.au.xml
-
-	Non-functional domain:
-		- merlincareers.com			(connection refused)
-		- merlinentertainments.biz		(timeout)
-		- merlinentertainmentsgroup.com		(timeout)
--->
-<ruleset name="Merlin Entertainments Group (partial)">
-	<target host="secure.merlinentertainmentsgroup.com" />
-
-	<securecookie host="secure\.merlinentertainmentsgroup\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Merlinux.xml b/src/chrome/content/rules/Merlinux.xml
index c6aea3ae5105..7faa1e0590e9 100644
--- a/src/chrome/content/rules/Merlinux.xml
+++ b/src/chrome/content/rules/Merlinux.xml
@@ -1,19 +1,6 @@
-<ruleset name="Merlinux" default_off="self-signed">
-
-	<target host="merlinux.eu"/>
-	<target host="www.merlinux.eu"/>
-	<target host="pypy.org"/>
-	<target host="*.pypy.org"/>
-
-	<securecookie host="^(?:.*\.)?pypy\.org$" name=".+" />
-
-	<rule from="^http://(?:www\.)?merlinux\.eu/"
-		to="https://merlinux.eu/"/>
-
-	<rule from="^http://(?:www\.)?pypy\.org/"
-		to="https://pypy.org/"/>
-
-	<rule from="^http://bugs\.pypy\.org/"
-		to="https://bugs.pypy.org/"/>
-
+<ruleset name="Merlinux">
+	<target host="merlinux.eu" />
+	<target host="www.merlinux.eu" />
+	<target host="hq5.merlinux.eu" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MesExercices.com.xml b/src/chrome/content/rules/MesExercices.com.xml
new file mode 100644
index 000000000000..22b104f93b7d
--- /dev/null
+++ b/src/chrome/content/rules/MesExercices.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="MesExercices.com">
+	<target host="mesexercices.com" />
+	<target host="www.mesexercices.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MesOutils.com.xml b/src/chrome/content/rules/MesOutils.com.xml
new file mode 100644
index 000000000000..341e7535394f
--- /dev/null
+++ b/src/chrome/content/rules/MesOutils.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="MesOutils.com">
+	<target host="mesoutils.com" />
+	<target host="www.mesoutils.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mesa3d.org.xml b/src/chrome/content/rules/Mesa3d.org.xml
new file mode 100644
index 000000000000..9e9d82a66b5d
--- /dev/null
+++ b/src/chrome/content/rules/Mesa3d.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Mesa3d.org">
+
+	<target host="mesa3d.org" />
+	<target host="www.mesa3d.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mesh-Internet.xml b/src/chrome/content/rules/Mesh-Internet.xml
index dc3d4ce93a32..3ef0242846c5 100644
--- a/src/chrome/content/rules/Mesh-Internet.xml
+++ b/src/chrome/content/rules/Mesh-Internet.xml
@@ -8,13 +8,13 @@
 -->
 <ruleset name="Mesh Internet (partial)">
 
-	<target host="*.mesh-internet.co.uk" />
+	<target host="my.mesh-internet.co.uk" />
+	<target host="secure.mesh-internet.co.uk" />
 
 
 	<securecookie host="^\w+\.mesh-internet\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://(my|secure)\.mesh-internet\.co\.uk/"
-		to="https://$1.mesh-internet.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MesonBuild.com.xml b/src/chrome/content/rules/MesonBuild.com.xml
new file mode 100644
index 000000000000..3cdf8c7fdb2c
--- /dev/null
+++ b/src/chrome/content/rules/MesonBuild.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.mesonbuild.com
+-->
+<ruleset name="MesonBuild.com">
+	<target host="mesonbuild.com" />
+	<target host="www.mesonbuild.com" />
+	<target host="wrapdb.mesonbuild.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.mesonbuild\.com/" to="https://mesonbuild.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Messagingengine.com.xml b/src/chrome/content/rules/Messagingengine.com.xml
deleted file mode 100644
index 906436ae2011..000000000000
--- a/src/chrome/content/rules/Messagingengine.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Fastail coverage, see Fastmail.xml.
-
--->
-<ruleset name="messagingengine.com">
-
-	<target host="messagingengine.com" />
-	<target host="*.messagingengine.com" />
-
-
-	<!--	Redirect keeps path but not args:
-							-->
-	<rule from="^http://(?:www\.)?messagingengine\.com/+([^?]*)(?:\?.*)?"
-		to="https://www.fastmail.com/$1" />
-
-	<rule from="^http://mail\.messagingengine\.com/"
-		to="https://mail.messagingengine.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Messenger.com.xml b/src/chrome/content/rules/Messenger.com.xml
index 0fd7b626c574..6f49bb3b7496 100644
--- a/src/chrome/content/rules/Messenger.com.xml
+++ b/src/chrome/content/rules/Messenger.com.xml
@@ -1,27 +1,21 @@
 <!--
 	For other Facebook coverage, see Facebook.xml.
 
+	HSTS preloaded:
+		- messenger.com
+		- www.messenger.com
 
 	Insecure cookies are set for these domains:
-
 		- .messenger.com
-
 -->
-<ruleset name="Messenger.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="messenger.com" />
 
+<ruleset name="Messenger.com">
+	<!-- Direct rewrites -->
+	<target host="l.messenger.com" />
 
-	<!--	Not secured by server:
-					-->
+	<!-- Not secured by server -->
 	<!--securecookie host="^\.messenger\.com$" name="^(datr|noscript)$" /-->
-
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Messer_Financial.xml b/src/chrome/content/rules/Messer_Financial.xml
index 057a6aab0e6c..83ef7c3369a7 100644
--- a/src/chrome/content/rules/Messer_Financial.xml
+++ b/src/chrome/content/rules/Messer_Financial.xml
@@ -4,9 +4,9 @@
 	<target host="www.messerfinancial.com" />
 
 
-	<securecookie host="^(?:.*\.)?messerfinancial\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MetaCPAN.xml b/src/chrome/content/rules/MetaCPAN.xml
index e357e813dbd9..c1db2f774423 100644
--- a/src/chrome/content/rules/MetaCPAN.xml
+++ b/src/chrome/content/rules/MetaCPAN.xml
@@ -8,7 +8,7 @@
 	<target host="www.metacpan.org" />
 
 
-	<securecookie host="^(?:.*\.)?metacpan\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/MetaPress.com.xml b/src/chrome/content/rules/MetaPress.com.xml
index 0bb4a7ea8d62..8e0df62dd01d 100644
--- a/src/chrome/content/rules/MetaPress.com.xml
+++ b/src/chrome/content/rules/MetaPress.com.xml
@@ -8,7 +8,11 @@
 <ruleset name="Metapress (partial)">
 
 	<target host="metapress.com" />
-	<target host="*.metapress.com" />
+	<target host="www.metapress.com" />
+	<target host="ons.metapress.com" />
+	<target host="psycontent.metapress.com" />
+	<target host="shibboleth.metapress.com" />
+	<target host="springerlink3.metapress.com" />
 
 
 	<securecookie host="^s(?:hibboleth|pringerlink3)\.metapress\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Metaboli.co.uk.xml b/src/chrome/content/rules/Metaboli.co.uk.xml
index fb6657daa162..1935240d9dd6 100644
--- a/src/chrome/content/rules/Metaboli.co.uk.xml
+++ b/src/chrome/content/rules/Metaboli.co.uk.xml
@@ -17,7 +17,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Metaboli.co.uk" default_off="missing certificate chain">
+<ruleset name="Metaboli.co.uk" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
@@ -33,7 +33,7 @@
 	<!--securecookie host="^www\.metaboli\.co\.uk$" name="^(?:PHPSESSID|splashscreen)$" /-->
 	<!--securecookie host="^\.www\.metaboli\.co\.uk$" name="^phpbb3_\w_(?:k|sid|u)$" /-->
 
-	<securecookie host="^\.?www\.metaboli\.co\.uk$" name="" />
+	<securecookie host="^\.?www\.metaboli\.co\.uk$" name=".+" />
 
 
 	<rule from="^http://metaboli\.co\.uk/"
diff --git a/src/chrome/content/rules/Metal-Detector-Town.com.xml b/src/chrome/content/rules/Metal-Detector-Town.com.xml
index 86d7598642dc..d0817e9534db 100644
--- a/src/chrome/content/rules/Metal-Detector-Town.com.xml
+++ b/src/chrome/content/rules/Metal-Detector-Town.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://old.metal-detector-town.com/ => https://old.metal-detector-t
 	* Secured by us
 
 -->
-<ruleset name="Metal-Detector-Town.com" default_off='failed ruleset test'>
+<ruleset name="Metal-Detector-Town.com" default_off="failed ruleset test">
 
 	<target host="metal-detector-town.com" />
 	<target host="old.metal-detector-town.com" />
diff --git a/src/chrome/content/rules/Metasploit.xml b/src/chrome/content/rules/Metasploit.xml
index 03b661fee932..1e4a12eadd94 100644
--- a/src/chrome/content/rules/Metasploit.xml
+++ b/src/chrome/content/rules/Metasploit.xml
@@ -32,7 +32,7 @@ Fetch error: http://mail.metasploit.com/ => https://mail.metasploit.com/: (51, "
 		- www.metasploit.com
 
 -->
-<ruleset name="Metasploit.com" default_off='failed ruleset test'>
+<ruleset name="Metasploit.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Metcombank.ru.xml b/src/chrome/content/rules/Metcombank.ru.xml
index 132e33fc6cee..182b13014987 100644
--- a/src/chrome/content/rules/Metcombank.ru.xml
+++ b/src/chrome/content/rules/Metcombank.ru.xml
@@ -19,7 +19,7 @@ vklad.metcombank.ru ¹
 ¹ mismatch
 ³ timed out
 -->
-<ruleset name="metcombank.ru" default_off='failed ruleset test'>
+<ruleset name="metcombank.ru" default_off="failed ruleset test">
 	<target host="metcombank.ru" />
 	<target host="www.metcombank.ru" />
 	<target host="cfo.metcombank.ru" />
diff --git a/src/chrome/content/rules/MeteoCiel.fr.xml b/src/chrome/content/rules/MeteoCiel.fr.xml
index 40a523f6212e..df6ff646a88e 100644
--- a/src/chrome/content/rules/MeteoCiel.fr.xml
+++ b/src/chrome/content/rules/MeteoCiel.fr.xml
@@ -13,7 +13,7 @@
 
 	Unknown error:
 		modeles9.meteociel.fr
-	
+
 -->
 <ruleset name="MeteoCiel.fr">
 
diff --git a/src/chrome/content/rules/MeteoNews.xml b/src/chrome/content/rules/MeteoNews.xml
index 96e8061b6617..c1f086eaef93 100644
--- a/src/chrome/content/rules/MeteoNews.xml
+++ b/src/chrome/content/rules/MeteoNews.xml
@@ -33,4 +33,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Meteoalarm.eu.xml b/src/chrome/content/rules/Meteoalarm.eu.xml
new file mode 100644
index 000000000000..8b52f08e5066
--- /dev/null
+++ b/src/chrome/content/rules/Meteoalarm.eu.xml
@@ -0,0 +1,21 @@
+
+<!--
+    Mismatched:
+        - www3
+        - www4
+        - ftp
+        - mail
+        - web
+
+    Self-signed:
+        - test2
+-->
+<ruleset name="Meteoalarm.eu">
+	<target host="meteoalarm.eu" />
+	<target host="www.meteoalarm.eu" />
+	<target host="alerthub.meteoalarm.eu" />
+	<target host="googleexport.meteoalarm.eu" />
+	<target host="test.meteoalarm.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MeteorHacks.com.xml b/src/chrome/content/rules/MeteorHacks.com.xml
index 7962cac76d22..12b64c843507 100644
--- a/src/chrome/content/rules/MeteorHacks.com.xml
+++ b/src/chrome/content/rules/MeteorHacks.com.xml
@@ -4,12 +4,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://meteorhacks.com/ => https://meteorhacks.com/: (51, "SSL: no alternative certificate subject name matches target host name 'meteorhacks.com'")
 Fetch error: http://www.meteorhacks.com/ => https://www.meteorhacks.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.meteorhacks.com'")
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- .meteorhacks.com
 
 -->
-<ruleset name="MeteorHacks.com" default_off='failed ruleset test'>
+<ruleset name="MeteorHacks.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Method_Acting_Strasberg.com.xml b/src/chrome/content/rules/Method_Acting_Strasberg.com.xml
deleted file mode 100644
index 5558da1ace4c..000000000000
--- a/src/chrome/content/rules/Method_Acting_Strasberg.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	The Lee Strasberg Theatre & Film Institute - New York
-
-
-	Mixed content:
-
-		- css on www from fonts.googleapis.com *
-
-		- Images on www from www *
-
-	* Secured by us
-
--->
-<ruleset name="Method Acting Strasberg.com">
-
-	<target host="methodactingstrasberg.com" />
-	<target host="www.methodactingstrasberg.com" />
-
-
-	<securecookie host="^(?:w*\.)?methodactingstrasberg.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Metin2.co.nz.xml b/src/chrome/content/rules/Metin2.co.nz.xml
deleted file mode 100644
index 002cccd0d8df..000000000000
--- a/src/chrome/content/rules/Metin2.co.nz.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed images from:
-
-		- arena-top100.com
-		- i.epvpimg.com
-		- gamingtop100.net	(web bug)
-
--->
-<ruleset name="Metin2.co.nz">
-
-	<target host="metin2.co.nz" />
-	<target host="www.metin2.co.nz" />
-
-
-	<securecookie host="^\.?metin2\.co\.nz$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Metooo.io.xml b/src/chrome/content/rules/Metooo.io.xml
index 2789fd1bbf49..9ae8ee4286e3 100644
--- a/src/chrome/content/rules/Metooo.io.xml
+++ b/src/chrome/content/rules/Metooo.io.xml
@@ -13,7 +13,7 @@ Fetch error: http://test.metooo.io/ => https://test.metooo.io/: (6, 'Could not r
 		- .metooo.io
 
 -->
-<ruleset name="Metooo.io" default_off='failed ruleset test'>
+<ruleset name="Metooo.io" default_off="failed ruleset test">
 
 	<target host="metooo.io" />
 	<target host="api.metooo.io" />
diff --git a/src/chrome/content/rules/Metrics34.com.xml b/src/chrome/content/rules/Metrics34.com.xml
deleted file mode 100644
index 188099010033..000000000000
--- a/src/chrome/content/rules/Metrics34.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	(www.): mismatched, CN: webserver.ispgateway.de
-
--->
-<ruleset name="metrics34.com (partial)">
-
-	<target host="ctrack.metrics34.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Metro.Istanbul.xml b/src/chrome/content/rules/Metro.Istanbul.xml
new file mode 100644
index 000000000000..2873272473e7
--- /dev/null
+++ b/src/chrome/content/rules/Metro.Istanbul.xml
@@ -0,0 +1,8 @@
+<ruleset name="Metro.Istanbul">
+	<target host="metro.istanbul" />
+	<target host="www.metro.istanbul" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Metro.co.uk.xml b/src/chrome/content/rules/Metro.co.uk.xml
index df98156a9aee..4d93b9a87544 100644
--- a/src/chrome/content/rules/Metro.co.uk.xml
+++ b/src/chrome/content/rules/Metro.co.uk.xml
@@ -1,17 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://metro.co.uk/ => https://metro.co.uk/: Too many redirects while fetching 'https://metro.co.uk/'
-Fetch error: http://www.metro.co.uk/ => https://www.metro.co.uk/: Too many redirects while fetching 'https://www.metro.co.uk/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://metro.co.uk/ => https://metro.co.uk/: Cycle detected - URL already encountered: https://metro.co.uk/
-Fetch error: http://www.metro.co.uk/ => https://www.metro.co.uk/: Cycle detected - URL already encountered: https://metro.co.uk/
+	Non-functional hosts:
+		Certificate mismatched:
+		- f.metro.co.uk
+		- img.metro.co.uk
+		- s.metro.co.uk
 -->
-<ruleset name="Metro.co.uk" default_off='failed ruleset test'>
+<ruleset name="Metro.co.uk">
 
 	<target host="metro.co.uk" />
 	<target host="www.metro.co.uk" />
+	<target host="static.metro.co.uk" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Metro.xml b/src/chrome/content/rules/Metro.xml
deleted file mode 100644
index bb2e97c61b6d..000000000000
--- a/src/chrome/content/rules/Metro.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	www is handled in WordPress-blogs.xml.
-
-
-	CDN buckets:
-
-		- f.metro.co.uk.edgesuite.net
-		- img.metro.co.uk.edgesuite.net
-		- s.metro.co.uk.edgesuite.net
-
-
-	Problematic subdomains:
-
-		- (www.)	(wordpress)
-		- f *
-		- img *
-		- s *
-
-	* Akamai, works.
-
--->
-<ruleset name="Metro (partial)" default_off="akamai certificate">
-
-	<target host="f.metro.co.uk" />
-	<target host="img.metro.co.uk" />
-	<target host="s.metro.co.uk" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Metro_Ethernet_Forum.com.xml b/src/chrome/content/rules/Metro_Ethernet_Forum.com.xml
deleted file mode 100644
index bb753da448d1..000000000000
--- a/src/chrome/content/rules/Metro_Ethernet_Forum.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- jira	(refused)
-
--->
-<ruleset name="Metro Ethernet Forum.com (partial)">
-
-	<target host="metroethernetforum.com" />
-	<target host="wiki.metroethernetforum.com" />
-	<target host="www.metroethernetforum.com" />
-
-
-	<securecookie host="^(?:.*\.)?metroethernetforum\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Metropolnews.info.xml b/src/chrome/content/rules/Metropolnews.info.xml
new file mode 100644
index 000000000000..d27465076983
--- /dev/null
+++ b/src/chrome/content/rules/Metropolnews.info.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		stage.metropolnews.info
+		wp.metropolnews.info
+-->
+<ruleset name="Metropolnews.info">
+
+	<target host="metropolnews.info" />
+	<target host="www.metropolnews.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://metropolnews.info/.-->
+	<rule from="^http://metropolnews\.info/"
+		  to="https://www.metropolnews.info/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mew.xml b/src/chrome/content/rules/Mew.xml
index 03180dbd8a7a..9c83f962930a 100644
--- a/src/chrome/content/rules/Mew.xml
+++ b/src/chrome/content/rules/Mew.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MewsNavigator.com.xml b/src/chrome/content/rules/MewsNavigator.com.xml
new file mode 100644
index 000000000000..065b8b7dfa41
--- /dev/null
+++ b/src/chrome/content/rules/MewsNavigator.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="MewsNavigator.com">
+	<target host="mewsnavigator.com" />
+	<target host="www.mewsnavigator.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mexicantears.ch.xml b/src/chrome/content/rules/Mexicantears.ch.xml
deleted file mode 100644
index eefceef00a6f..000000000000
--- a/src/chrome/content/rules/Mexicantears.ch.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Mexicantears.ch">
-	<target host="mexicantears.ch" />
-	<target host="www.mexicantears.ch" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MeynConnect.xml b/src/chrome/content/rules/MeynConnect.xml
index 3350c231bbeb..f2753712ed99 100644
--- a/src/chrome/content/rules/MeynConnect.xml
+++ b/src/chrome/content/rules/MeynConnect.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.meynconnect.com/ => https://www.meynconnect.com/: (60, '
 	Cert only matches www
 
 -->
-<ruleset name="MeynConnect" default_off='failed ruleset test'>
+<ruleset name="MeynConnect" default_off="failed ruleset test">
 
 	<target host="meynconnect.com" />
 	<target host="www.meynconnect.com" />
diff --git a/src/chrome/content/rules/MiKTEX.org.xml b/src/chrome/content/rules/MiKTEX.org.xml
new file mode 100644
index 000000000000..b6a9417ed61c
--- /dev/null
+++ b/src/chrome/content/rules/MiKTEX.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.miktex.org
+		- ieyasu.miktex.org
+
+-->
+<ruleset name="MiKTEX.org">
+	<target host="miktex.org" />
+	<target host="www.miktex.org" />
+	<target host="api.miktex.org" />
+	<target host="api2.miktex.org" />
+	<target host="build.miktex.org" />
+	<target host="docs.miktex.org" />
+	<target host="staging.miktex.org" />
+
+	<rule from="^http://www\.miktex\.org/"
+			to="https://miktex.org/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Miaozhen.com.xml b/src/chrome/content/rules/Miaozhen.com.xml
deleted file mode 100644
index 1009ef8bca92..000000000000
--- a/src/chrome/content/rules/Miaozhen.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="miaozhen.com">
-
-	<target host="collect.cn.miaozhen.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mibbit.xml b/src/chrome/content/rules/Mibbit.xml
index 140a71367162..661a36ad133a 100644
--- a/src/chrome/content/rules/Mibbit.xml
+++ b/src/chrome/content/rules/Mibbit.xml
@@ -33,7 +33,7 @@
 		<test url="http://www.mibbit.com/" />
 
 
-	<securecookie host="^(?:.*\.)?mibbit.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://((?:chat|(?:02|client0\d)\.chat|search|widget(?:0\d|manager)?|wiki|www)\.)?mibbit\.com/"
diff --git a/src/chrome/content/rules/MichelbergerHotel.com.xml b/src/chrome/content/rules/MichelbergerHotel.com.xml
new file mode 100644
index 000000000000..6405bd4a965e
--- /dev/null
+++ b/src/chrome/content/rules/MichelbergerHotel.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Self-signed:
+		- mail
+		- shop
+		- store
+		- vpn
+
+	michelbergerhotel.com has both a wildcard DNS record and a wildcard certificate, so enumerating all subdomains is impossible.
+-->
+<ruleset name="MichelbergerHotel.com">
+	<target host="michelbergerhotel.com" />
+	<target host="www.michelbergerhotel.com" />
+	<target host="archive.michelbergerhotel.com" />
+	<target host="beta.michelbergerhotel.com" />
+	<target host="download.michelbergerhotel.com" />
+	<target host="festival.michelbergerhotel.com" />
+	<target host="goto.michelbergerhotel.com" />
+	<target host="info.michelbergerhotel.com" />
+	<target host="m.michelbergerhotel.com" />
+	<target host="src.michelbergerhotel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MichelbergerMonkey.com.xml b/src/chrome/content/rules/MichelbergerMonkey.com.xml
new file mode 100644
index 000000000000..e273791b5741
--- /dev/null
+++ b/src/chrome/content/rules/MichelbergerMonkey.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- hostmaster
+		- m
+		- store
+-->
+<ruleset name="MichelbergerMonkey.com">
+	<target host="michelbergermonkey.com" />
+	<target host="www.michelbergermonkey.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Michelle-Bridges-12-Week-Body-Transformation.xml b/src/chrome/content/rules/Michelle-Bridges-12-Week-Body-Transformation.xml
deleted file mode 100644
index 4a62251e55a1..000000000000
--- a/src/chrome/content/rules/Michelle-Bridges-12-Week-Body-Transformation.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- public	(404)
-
--->
-<ruleset name="Michelle Bridges 12 Week Body Transformation (partial)">
-
-	<target host="12wbt.com" />
-	<target host="images.12wbt.com" />
-	<target host="shop.12wbt.com" />
-	<target host="www.12wbt.com" />
-		<!--
-			Many paths redirect to http.  There may
-			be more than are handled here that don't.
-									-->
-		<exclusion pattern="^http://(?:www\.)?12wbt\.com/(?!assets/|(?:login|sign-up)(?:$|[\?/]))" />
-		<exclusion pattern="^http://shop\.12wbt\.com/(?!assets/|spree/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Michigan_Campus_Compact.xml b/src/chrome/content/rules/Michigan_Campus_Compact.xml
index 8c69ed20cc3c..0062e12ee751 100644
--- a/src/chrome/content/rules/Michigan_Campus_Compact.xml
+++ b/src/chrome/content/rules/Michigan_Campus_Compact.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?micampuscompact\.org/"
 		to="https://micampuscompact.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Michigan_Nonprofit_Association.xml b/src/chrome/content/rules/Michigan_Nonprofit_Association.xml
index ce9f5749e8c6..b9a761ee22f0 100644
--- a/src/chrome/content/rules/Michigan_Nonprofit_Association.xml
+++ b/src/chrome/content/rules/Michigan_Nonprofit_Association.xml
@@ -1,13 +1,13 @@
 <!--
-	Problematic subdomains:
-
+	Certificate Expired:
 		- mnaadmin	($ redirects to www; mismatched, CN: www.mnaonline.org)
 
 -->
 <ruleset name="Michigan Nonprofit Association (partial)">
 
 	<target host="mnaonline.org" />
-	<target host="*.mnaonline.org" />
+	<target host="www.mnaonline.org" />
+	<!-- <target host="mnaadmin.mnaonline.org" /> -->
 
 
 	<securecookie host="^(?:www\.)?mnaonline\.org$" name=".+" />
@@ -16,7 +16,9 @@
 	<rule from="^http://(www\.)?mnaonline\.org/"
 		to="https://$1mnaonline.org/" />
 
-	<rule from="^http://mnaadmin\.mnaonline\.org/(cmi|CMI)mages/"
-		to="https://www.mnaonline.org/$1mages/" />
+	<!--
+    cert expired:
+    <rule from="^http://mnaadmin\.mnaonline\.org/(cmi|CMI)mages/"
+		to="https://www.mnaonline.org/$1mages/" /> -->
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MicroAd.co.jp.xml b/src/chrome/content/rules/MicroAd.co.jp.xml
index 528a5d4d5946..1b12fca0ee3c 100644
--- a/src/chrome/content/rules/MicroAd.co.jp.xml
+++ b/src/chrome/content/rules/MicroAd.co.jp.xml
@@ -16,7 +16,7 @@ Fetch error: http://careers.microad.co.jp/ => https://careers.microad.co.jp/: (6
 		4xx client error:
 			 - app.microad.co.jp
 -->
-<ruleset name="MicroAd.co.jp" default_off='failed ruleset test'>
+<ruleset name="MicroAd.co.jp" default_off="failed ruleset test">
 	<target host="microad.co.jp" />
 	<target host="www.microad.co.jp" />
 	<target host="careers.microad.co.jp" />
diff --git a/src/chrome/content/rules/MicroAd.net.xml b/src/chrome/content/rules/MicroAd.net.xml
index 2dc0ac8b44b1..945380b041aa 100644
--- a/src/chrome/content/rules/MicroAd.net.xml
+++ b/src/chrome/content/rules/MicroAd.net.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	For more MicroAd, Inc related ruleset, see MicroAdInc.com.xml
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/MicroAdInc.com.xml b/src/chrome/content/rules/MicroAdInc.com.xml
index 9660b0fe44c0..24b997e6a5ff 100644
--- a/src/chrome/content/rules/MicroAdInc.com.xml
+++ b/src/chrome/content/rules/MicroAdInc.com.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	MicroAd, Inc related rulesets:
 		- MicroAd.co.jp.xml
 		- MicroAd.jp.xml
@@ -22,6 +22,6 @@
 	<target host="dsp.send.microadinc.com" />
 	<target host="ssp.send.microadinc.com" />
 	<target host="s-rtb.send.microadinc.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Micro_Focus.com.xml b/src/chrome/content/rules/Micro_Focus.com.xml
index abe238350c0f..ac3a0c58016c 100644
--- a/src/chrome/content/rules/Micro_Focus.com.xml
+++ b/src/chrome/content/rules/Micro_Focus.com.xml
@@ -7,7 +7,6 @@
 		- NetIQ.xml
 		- Novell.xml
 		- OpenSUSE.xml
-		- PartnerNet_program.com.xml
 		- SUSE.xml
 		- SUSE_Studio.com.xml
 
diff --git a/src/chrome/content/rules/Micro_Polia.xml b/src/chrome/content/rules/Micro_Polia.xml
index cccf46b612fc..872d1e3123a7 100644
--- a/src/chrome/content/rules/Micro_Polia.xml
+++ b/src/chrome/content/rules/Micro_Polia.xml
@@ -6,7 +6,7 @@ Fetch error: http://idp.micropolia.com/ => https://idp.micropolia.com/: (60, 'SS
 	(www.)?micropolia.com: 401
 
 -->
-<ruleset name="Micro Polia.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Micro Polia.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Microgaming.xml b/src/chrome/content/rules/Microgaming.xml
deleted file mode 100644
index 049bd4ea0d7e..000000000000
--- a/src/chrome/content/rules/Microgaming.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	^tickerassist.co.uk doesn't exist
-
--->
-<ruleset name="Microgaming">
-
-	<target host="www.tickerassist.co.uk" />
-
-
-	<securecookie host="^www\.tickerassist\.co\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MicropartsUSA.xml b/src/chrome/content/rules/MicropartsUSA.xml
index d6094e55ff7b..d1cb7e6e64fe 100644
--- a/src/chrome/content/rules/MicropartsUSA.xml
+++ b/src/chrome/content/rules/MicropartsUSA.xml
@@ -12,7 +12,7 @@ Fetch error: http://micropartsusa.com/ => https://micropartsusa.com/: (28, 'Oper
 Fetch error: http://www.micropartsusa.com/ => https://www.micropartsusa.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 
 -->
-<ruleset name="MicropartsUSA" default_off='failed ruleset test'>
+<ruleset name="MicropartsUSA" default_off="failed ruleset test">
 
 	<target host="micropartsusa.com" />
 	<target host="www.micropartsusa.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.micropartsusa.com/ => https://www.micropartsusa.com/: (2
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft-Atlas.xml b/src/chrome/content/rules/Microsoft-Atlas.xml
index 069692e37988..435fde8f1349 100644
--- a/src/chrome/content/rules/Microsoft-Atlas.xml
+++ b/src/chrome/content/rules/Microsoft-Atlas.xml
@@ -17,7 +17,7 @@ Non-2xx HTTP code: http://h.atdmt.com/ (200) => https://h.bing.com/ (403)
 		- atlasdmt.vo.msecnd.net
 
 			- cdn.atdmt.com
-	
+
 
 	Problematic hosts in *atdmt.com:
 
@@ -42,7 +42,7 @@ Non-2xx HTTP code: http://h.atdmt.com/ (200) => https://h.bing.com/ (403)
 	whichever domain it is loaded from.
 
 -->
-<ruleset name="Atdmt.com" default_off='failed ruleset test'>
+<ruleset name="Atdmt.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Microsoft.xml b/src/chrome/content/rules/Microsoft.xml
index dad1e22f7efa..5af9697a22ab 100644
--- a/src/chrome/content/rules/Microsoft.xml
+++ b/src/chrome/content/rules/Microsoft.xml
@@ -1,9 +1,16 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://preview.bingads.microsoft.com/ => https://preview.bingads.microsoft.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://sxp.microsoft.com/ => https://sxp.microsoft.com/: (6, 'Could not resolve host: sxp.microsoft.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://spcache.microsoft.com/ => https://www.microsoft.com/: (6, 'Could not resolve host: spcache.microsoft.com')
+
 	Other Microsoft rulesets:
 		- Acik_Akademi.com.xml
 		- Afx.ms.xml
 		- AKA.ms.xml
-		- ASP.NET.xml
 		- ASPNETcdn.com.xml
 		- Azure.com.xml
 		- AzurecomCDN.net.xml
@@ -30,7 +37,7 @@
 		- Microsoft_Online-p.com.xml
 		- Microsoft_Online-p.net.xml
 		- Microsoft_Online_Services.xml
-		- Microsoft_Studios.com.xml
+		- MicrosoftStudios.com.xml
 		- Microsoft_Translator.com.xml
 		- Microsoft_Ventures.com.xml
 		- Microsoft_Store.xml
@@ -48,7 +55,6 @@
 		- OneNote.com.xml
 		- OneNote.net.xml
 		- Onestore.ms.xml
-		- Outlook_Live.xml
 		- Photosynth.xml
 		- PowerShell_Gallery.com.xml
 		- Sfx.ms.xml
@@ -59,14 +65,11 @@
 		- Surface.com.xml
 		- System_Center_Advisor.com.xml
 		- Technet.com.xml
-		- Technical_Community.com.xml
 		- Translatoruser.net.xml
 		- TwinsOrNot.Net.xml
-		- VSIP_Program.com.xml
 		- Virtualearth.net.xml
 		- Visual_Studio.com.xml
 		- WLxrs.com.xml
-		- WPdev.ms.xml
 		- Windows_Azure.xml
 		- Windows.com.xml
 		- Windows.net.xml
@@ -93,6 +96,7 @@
 		- (www.)imaginecup.com ***
 		- compete.imaginecup.com ***
 		- microsoft.com subdomains:
+			- adcenter (timeout)
 			- www.bingads                  ᴹ
 			- advertising.bingads          ᴹ
 			- accountservices              ᴱ
@@ -107,8 +111,10 @@
 			- adinquiry.bcp.bingads        ᴹ
 			- secure.bcp.bingads           ᴹ
 			- secure.beta.bingads          ᴹ
+			- cam.bingads (timeout)
 			- community.bingads            ᴹ
 			- secure.eu.bingads            ᴹ
+			- internal.bingads             ᴵ
 			- beta.express.bingads         ʳ
 			- fd.bingads                   ᴹ
 			- help.bingads                 ᴵ
@@ -118,6 +124,7 @@
 			- internal.next.bingads        ʳ
 			- resources.next.bingads       ᴿ
 			- nirvana.bingads              ᴿ
+			- planner-int.bingads (timeout)
 			- express.perf.bingads         ʳ
 			- reportingapi.bingads         ᴿ
 			- download.reportingapi.bingadsᴿ
@@ -143,8 +150,11 @@
 			- silverlight.dlservice *
 			- web.esd *		      (esd, origin, origin-web, and web don't exist)
 			- widgets.membership  ᴹ
+			- apisandbox.msdn (expired)
+			- lab.msdn ***
 			- samples.msdn        ᴿ
 			- visualstudiogallery.msdn	(redirects to http, valid cert)
+			- msevents (timeout)
 			- logobuilder.mspartner ᴱ
 			- mymfe               ʳ
 			- news			(Redirects to http)
@@ -156,12 +166,20 @@
 			- academic.research ***
 			- sharepoint		(redirects to login.live.com, cert valid)
 			- signature         (expired)
-			- snackbox            ᴹ
+			- services.social (cert-chain)
+			- i1.services.social (cert-chain)
+			- i2.services.social (cert-chain)
+			- i3.services.social (cert-chain)
+			- i4.services.social (cert-chain)
+			- corp.sts (cert-chain)
+			- fud.community.services.support (ssl-error)
+			- sysdev (ssl-error)
 			- tag.microsoft.com   ᴿ
 			- i1.gallery.technet  ᴹ
 			- edir.windowsm		(404)
 			- visio **
 			- (www.)windows **
+      - profile ᴿ
 		- msimg.com
 		- blog.surface.com		(handshake fails)
 		- (www.)windowsteamblog.com
@@ -186,7 +204,6 @@
 			- wscont[12].apps	(works, akamai)
 			- i[1-4].connect *
 			- silverlight.dlservice **
-			- go2 **
 			- i\d **
 			- ie	(mismatched, CN: *.azurewebsites.net)
 			- i1.mobile **
@@ -251,7 +268,6 @@
 
 		- mspartner.microsoft.com
 		- logobuilder.mspartner.microsoft.com
-		- mspartnerlp.mspartner.microsoft.com
 
 		- news.microsoft.com
 		- .news.microsoft.com
@@ -281,13 +297,11 @@
 			- social.technet from i1.social.s-msft.com *
 			- sxp from az648995.vo.msecnd.net
 			- sxp from blogs.technet.com
-			- mspartnerlp.mspartner from v3lpastorage.blob.core.windows.net *
 		- Bugs, on:
 			- msdn from msstonojsmsdn.112.2o7.net       *
 			- technet from msstonojstechnet.112.2o7.net *
 			- social.technet from msstonojssocial.112.2o7.net *
 			- careers, msdn, logobuilder.mspartner, pinpoint, technet, social.technet from m.webtrends.com
-			- blogs, news, www from c.microsoft.com     *
 			- sxp from blogs.technet.com
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 -->
@@ -296,14 +310,12 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="account.microsoft.com" />
-	<target host="adcenter.microsoft.com" />
 	<target host="advertising.microsoft.com" />
 	<target host="ajax.microsoft.com" />
 	<target host="answers.microsoft.com" />
 	<target host="wscont.apps.microsoft.com" />
-	<target host="assets.microsoft.com" />
 	<target host="azure.microsoft.com" />
-	
+
 	<target host="bingads.microsoft.com" />
 	<target host="adinquiry.bingads.microsoft.com" />
 	<target host="ads.bingads.microsoft.com" />
@@ -311,25 +323,19 @@
 	<target host="advertise.bingads.microsoft.com" />
 		<test url="http://advertise.bingads.microsoft.com/en-us/bing-ads-support" />
 	<target host="www.advertise.bingads.microsoft.com" />
-	<target host="ui.am.bingads.microsoft.com" />
 	<target host="azure.bingads.microsoft.com" />
 	<target host="secure.azure.bingads.microsoft.com" />
 	<target host="ui.beta.bingads.microsoft.com" />
-	<target host="cam.bingads.microsoft.com" />
 	<target host="developers.bingads.microsoft.com" />
-	<target host="internal.bingads.microsoft.com" />
 	<target host="m.bingads.microsoft.com" />
 	<target host="si.m.bingads.microsoft.com" />
-	<target host="planner.bingads.microsoft.com" />
-	<target host="planner-int.bingads.microsoft.com" />
-	<target host="preview.bingads.microsoft.com" />
+	<!-- target host="preview.bingads.microsoft.com" /-->
 	<target host="resources.bingads.microsoft.com" />
 	<target host="secure.bingads.microsoft.com" />
 	<target host="ucm.bingads.microsoft.com" />
 	<target host="ui.bingads.microsoft.com" />
 
 	<target host="blogs.microsoft.com" />
-	<target host="c.microsoft.com" />
 	<target host="c1.microsoft.com" />
 	<target host="careers.microsoft.com" />
 	<target host="choice.microsoft.com" />
@@ -339,9 +345,9 @@
 	<target host="developer.microsoft.com" />
 	<target host="download.microsoft.com" />
 	<target host="events.microsoft.com" />
-	<target host="social.expression.microsoft.com" />
 	<target host="g.microsoft.com" />
 	<target host="go.microsoft.com" />
+	<target host="go2.microsoft.com" />
 	<target host="i.microsoft.com" />
 	<target host="ieonline.microsoft.com" />
 	<target host="ignite.microsoft.com" />
@@ -352,15 +358,11 @@
 	<target host="code.msdn.microsoft.com" />
 	<target host="msdn.microsoft.com" />
 
-	<target host="apisandbox.msdn.microsoft.com" />
 	<target host="events.msdn.microsoft.com" />
-	<target host="lab.msdn.microsoft.com" />
 	<target host="social.msdn.microsoft.com" />
 	<target host="visualstudiogallery.msdn.microsoft.com" />
 
-	<target host="msevents.microsoft.com" />
 	<target host="mspartner.microsoft.com" />
-	<target host="mspartnerlp.mspartner.microsoft.com" />
 
 	<target host="mvastorage.microsoft.com" />
 	<target host="news.microsoft.com" />
@@ -372,24 +374,15 @@
 	<target host="o15.officeredir.microsoft.com" />
 	<target host="pinpoint.microsoft.com" />
 	<target host="privacy.microsoft.com" />
-	<target host="profile.microsoft.com" />
-	<target host="rad.microsoft.com" />
+	<!-- <target host="profile.microsoft.com" /> -->
 	<target host="profileapi.services.microsoft.com" />
+	<target host="schemas.microsoft.com" />
+	<target host="snackbox.microsoft.com" />
 	<target host="social.microsoft.com" />
 
-	<target host="services.social.microsoft.com" />
-	<target host="i1.services.social.microsoft.com" />
-	<target host="i2.services.social.microsoft.com" />
-	<target host="i3.services.social.microsoft.com" />
-	<target host="i4.services.social.microsoft.com" />
-
-	<target host="corp.sts.microsoft.com" />
 	<target host="support.microsoft.com" />
-		<target host="fud.community.services.support.microsoft.com" />
-		<test url="http://fud.community.services.support.microsoft.com/Fud/FileDownloadHandler.ashx" />
 	<target host="support2.microsoft.com" />
-	<target host="sxp.microsoft.com" />
-	<target host="sysdev.microsoft.com" />
+	<!-- target host="sxp.microsoft.com" /-->
 	<target host="technet.microsoft.com" />
 	<target host="gallery.technet.microsoft.com" />
 	<target host="social.technet.microsoft.com" />
@@ -403,16 +396,9 @@
 	<target host="feedback.adcenter.microsoft.com" />
 	<target host="fp.advertising.microsoft.com" />
 
-	<target host="i.answers.microsoft.com" />
-	<target host="i2.answers.microsoft.com" />
-	<target host="i3.answers.microsoft.com" />
-
 	<target host="wscont1.apps.microsoft.com" />
 	<target host="wscont2.apps.microsoft.com" />
 
-	<target host="go2.microsoft.com" />
-
-	<target host="i1.microsoft.com" />
 	<target host="i2.microsoft.com" />
 	<target host="i3.microsoft.com" />
 	<target host="i4.microsoft.com" />
@@ -427,15 +413,13 @@
 
 	<target host="office365.microsoft.com" />
 	<target host="scache.microsoft.com" />
-	<target host="search.microsoft.com" />
-	<target host="snackbox.microsoft.com" />
 
 	<target host="i1.social.microsoft.com" />
 	<target host="i2.social.microsoft.com" />
 	<target host="i3.social.microsoft.com" />
 	<target host="i4.social.microsoft.com" />
 
-	<target host="spcache.microsoft.com" />
+	<!-- target host="spcache.microsoft.com" /-->
 	<target host="img3.store.microsoft.com" />
 
 	<target host="i1.gallery.technet.microsoft.com" />
@@ -445,69 +429,8 @@
 	<target host="i.technet.microsoft.com" />
 	<target host="i2.technet.microsoft.com" />
 	<target host="i3.technet.microsoft.com" />
-	
-	<target host="blogs.msdn.com" />
-
-		<!-- Produces a 502 Gateway Timeout on HTTPS.
-				 Reported by tweet: https://twitter.com/MarcGLib/status/620931025653342208 -->
-		<exclusion pattern="^http://www\.microsoft\.com/en-us/software-recovery" />
-			<test url="http://www.microsoft.com/en-us/software-recovery" />
-		<!--exclusion pattern="^http://msdn\.microsoft\.com/" /-->
-
-		<!--	https://mail1.eff.org/pipermail/https-everywhere-rules/2012-June/001189.html
-											-->
-		<!--exclusion pattern="^http://www\.microsoft\.com/.*[fF]amily[iI][dD]" /-->
-
-		<!--	Microsoft won't serve OEM pages on https
-								-->
-		<!--exclusion pattern="^http://(?:www\.)?microsoft\.com/[oO][eE][mM]/" /-->
-
-			<!--test url="http://www.microsoft.com/oem/en/pages/index.aspx" /-->
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.microsoft\.com/Surface/\w\w-\w\w(?:$|[?/])" /-->
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://learning\.microsoft\.com/Manager/Catalog\.aspx" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://learning\.microsoft\.com/+(?!Resources/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://learning.microsoft.com/Manager/Catalog.aspx" />
-			<test url="http://learning.microsoft.com/manager/catalog.aspx" />
-			<test url="http://learning.microsoft.com/Manager/default.aspx" />
-
-			<!--	-ve:
-					-->
-			<test url="http://learning.microsoft.com/Resources/styles/Microsoft.css" />
-			<test url="http://learning.microsoft.com/Resources/Images/Learning/logo.png" />
-
-		<!--	https://trac.torproject.org/projects/tor/ticket/5754
-										-->
-		<!--exclusion pattern="^http://msdn\.microsoft\.com/(?:$|en-us/$|.+(?:/$|\.aspx|/\w\w\d{6,10}$))" /-->
 
-			<!--	+ve:
-					-->
-			<test url="http://msdn.microsoft.com/" />
-			<test url="http://msdn.microsoft.com/en-us/" />
-
-		<!--exclusion pattern="^http://code\.msdn\.microsoft\.com/(?![cC]content/|RequestReduceContent/)" /-->
-
-			<test url="http://code.msdn.microsoft.com/vstudio/" />
-
-		<!--	Some data exist on www, exclude the rest here.
-									-->
-		<exclusion pattern="^http://search\.microsoft\.com/(?!global/oneMscomSettings/|shared/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://search.microsoft.com/default.aspx" />
-			<test url="http://search.microsoft.com/search/results.aspx" />
+	<target host="blogs.msdn.com" />
 
 		<!--	Redirect to http:
 						-->
@@ -530,34 +453,9 @@
 			<test url="http://careers.microsoft.com/shared/core/2/css/css.ashx" />
 			<test url="http://careers.microsoft.com/shared/templates/master/gcmodern/images/msft-logo.png" />
 
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://research\.microsoft\.com/(a/i/c/go\.png|en-us/$)" /-->
-
-		<!--	(?!$|\?) 404s:
-					-->
-		<exclusion pattern="^http://snackbox\.microsoft\.com/(?!$|\?)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://snackbox.microsoft.com/Pages/CreateSnack.aspx" />
-			<test url="http://snackbox.microsoft.com/Pages//CreateSnack.aspx" />
-			<test url="http://snackbox.microsoft.com/Pages/PublishSnack.aspx" />
-			<test url="http://snackbox.microsoft.com/pages/snackdetail.aspx" />
-
-		<!--exclusion pattern="^http://social\.technet\.microsoft\.com/Forums(?:$|[?/])" /-->
-
-			<!--	+ve:
-					-->
-			<test url="http://social.technet.microsoft.com/Forums" />
-			<test url="http://social.technet.microsoft.com/Forums/en-US/home" />
-
 		<!--
 			Exceptions:
 					-->
-		<!--exclusion pattern="^http://careers\.microsoft\.com/+(?!Css/|Images/|(?:appliedjobs|jobalerts|search)\.aspx|favicon\.ico|global/|shared/)" /-->
-		<!--	Avoid false/broken MCB:
-						-->
 		<exclusion pattern="http://social\.technet\.microsoft\.com/+wiki(?!/CustomWidgets/|/themes/|/Utility/)" />
 
 			<!--	+ve:
@@ -606,7 +504,6 @@
 	<!--securecookie host="^lab\.msdn\.microsoft\.com$" name="^ASP\.NET_SessionId$" /-->
 	<!--securecookie host="^mspartner\.microsoft\.com$" name="^(ai_session|ai_user)$" /-->
 	<!--securecookie host="^logobuilder\.mspartner\.microsoft\.com$" name="^(__RequestVerificationToken|UiLanguageCode)$" /-->
-	<!--securecookie host="^mspartnerlp\.mspartner\.microsoft\.com$" name="^(__RequestVerificationToken|ASP\.NET_SessionId|pathState)$" /-->
 	<!--securecookie host="^news\.microsoft\.com$" name="^PHPSESSID$" /-->
 	<!--securecookie host="^\.news\.microsoft\.com$" name="^ARRAffinity$" /-->
 	<!--securecookie host="^training\.partner\.microsoft\.com$" name="^(ASP\.NET_SessionId|BlueStripe\.PVN|SUMTOTALAUTH)$" /-->
@@ -624,15 +521,9 @@
 		s_.+: Other tracking cookies
 						-->
 	<securecookie host="^\.microsoft\.com$" name="^(?:A|GsfxStatsLog|MC1|MS0|OnlineTrackingV2\.0|R|RioTracking\..+|s_.+)$" />
-	<securecookie host="^(account|advertising|advertise\.bingads|choice|commerce|connect|\.?developer|download|ieonline|info|m|mbs|msdn|(\.?apisandbox|lab|visualstudiogallery)\.msdn|mspartner|(logobuilder|mspartnerlp)\.mspartner|\.?news|\.?office|office(15client|2010|preview|redir)|training\.partner|corp\.sts|\.?support|support2|sxp|gallery\.technet|\.?www)\.microsoft\.com$" name=".+" />
+	<securecookie host="^(account|advertising|advertise\.bingads|choice|commerce|connect|\.?developer|download|ieonline|info|m|mbs|msdn|(\.?apisandbox|lab|visualstudiogallery)\.msdn|mspartner|logobuilder\.mspartner|\.?news|\.?office|office(15client|2010|preview|redir)|training\.partner|\.?support|support2|sxp|gallery\.technet|\.?www)\.microsoft\.com$" name=".+" />
 	<securecookie host="^social\.technet\.microsoft\.com$" name="^CSExtendedAnalytics(?:Session)?$" />
 
-
-	<rule from="^http://(?:s(?:cache|earch|pcache)\.)?microsoft\.com/"
-		to="https://www.microsoft.com/" />
-
-		<test url="http://scache.microsoft.com//" />
-
 	<!--	Redirect drops path, args, and forward slash:
 								-->
 	<rule from="^http://feedback\.adcenter\.microsoft\.com/.*"
@@ -645,19 +536,12 @@
 
 	<!--	Akamai without valid cert.
 						-->
-	<rule from="^http://i\d?\.(answers|msdn|social|technet)\.microsoft\.com/"
+	<rule from="^http://i\d?\.(msdn|social|technet)\.microsoft\.com/"
 		to="https://$1.microsoft.com/" />
 
-		<test url="http://i.answers.microsoft.com/static/css/core.css" />
-		<test url="http://i2.answers.microsoft.com/static/css/pagecontrols.css" />
-		<test url="http://i3.answers.microsoft.com/static/css/search.css" />
-
 	<rule from="^http://wscont\d\.apps\.microsoft\.com/"
 		to="https://wscont.apps.microsoft.com/" />
 
-	<rule from="^http://go2\.microsoft\.com/"
-		to="https://go.microsoft.com/" />
-
 	<rule from="^http://i\d\.microsoft\.com/"
 		to="https://i.microsoft.com/" />
 
@@ -673,15 +557,6 @@
 
 		<test url="http://office365.microsoft.com/favicon.ico" />
 
-	<!--	Direct drops args:
-					-->
-	<rule from="^http://snackbox\.microsoft\.com/.*"
-		to="https://learning.microsoft.com/" />
-
-		<test url="http://snackbox.microsoft.com/?" />
-		<test url="http://snackbox.microsoft.com/?f" />
-		<test url="http://snackbox.microsoft.com/?o" />
-
 	<rule from="^http://img3\.store\.microsoft\.com/"
 		to="https://msstore.vo.msecnd.net/" />
 
diff --git a/src/chrome/content/rules/MicrosoftStudios.com.xml b/src/chrome/content/rules/MicrosoftStudios.com.xml
new file mode 100644
index 000000000000..53c8da88a65c
--- /dev/null
+++ b/src/chrome/content/rules/MicrosoftStudios.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Time out:
+		microsoftstudios.com
+
+	Invalid certificate:
+		casualgames.microsoftstudios.com
+		khforum.microsoftstudios.com
+
+-->
+<ruleset name="MicrosoftStudios.com">
+	
+	<target host="microsoftstudios.com" />
+	<target host="www.microsoftstudios.com" />
+	<target host="cdn.microsoftstudios.com" />
+		<test url="http://cdn.microsoftstudios.com/microsoftstudios/wp-content/uploads/2018/11/Microsoft-Studios_Hero.jpg" />
+	<target host="subscribe.microsoftstudios.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://microsoftstudios\.com/"
+		to="https://www.microsoftstudios.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Store.xml b/src/chrome/content/rules/Microsoft_Store.xml
index 50361cef5e55..6f8bcc9ed203 100644
--- a/src/chrome/content/rules/Microsoft_Store.xml
+++ b/src/chrome/content/rules/Microsoft_Store.xml
@@ -1,91 +1,17 @@
 <!--
 	For other Microsoft coverage, see Microsoft.xml.
 
-
-	CDN buckets:
-
-		- surface.microsoftstore.edgesuite.net
-		- msstore.vo.msecnd.net
-
-
-	Nonfunctional domains:
-
-		- surface.microsoftstore.com	(akamai; redirects to http)
-
-
-	Problematic domains:
-
-		- microsoftstore.com *
-		- content.microsoftstore.com *
-
-	* Mismatched
-
-
-	Partially covered domains:
-
-		- (www.)microsoftstore.com	(some [most?] pages redirect to http)
-
-
-	Fully covered domains:
-
-		- *.microsoftstoreassets.com:
-
-			- assets-\d
-
-
-	emea.microsoftstore.com: Dropped over http
-	external.microsoftstoreservices.com: Dropped over http
-
-
-	Mixed content:
-
-		- Images on www from dri1.img.digitalrivercontent.net
-
+	Invalid certificate:
+		- content.microsoftstore.com
 -->
-<ruleset name="Microsoft Store (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="content.microsoftstore.com" /-->
-	<!--target host="emea.microsoftstore.com" /-->
-	<target host="www.microsoftstore.com" />
-
-	<target host="*.microsoftstoreassets.com" />
-	<!--target host="external.microsoftstoreservices.com" /-->
 
-	<!--	Special cases:
-				-->
+<ruleset name="Microsoft Store (partial)">
 	<target host="microsoftstore.com" />
+	<target host="www.microsoftstore.com" />
+	<target host="answerdesk.microsoftstore.com" />
+	<target host="lobby.microsoftstore.com" />
+	<target host="surface.microsoftstore.com" />
+	<target host="xbox.microsoftstore.com" />
 
-		<!--exclusion pattern="^http://emea\.microsoftstore\.com/(?!\w+/(?:desktopdefault\.aspx|portaldata/|services/|tags\.axd))" /-->
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://(?:www\.)?microsoftstore\.com/store(?:$|[?/])" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:www\.)?microsoftstore\.com/(?!DRHM|sstore(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.microsoftstore.com/signature" />
-			<test url="http://www.microsoftstore.com/sms" />
-			<test url="http://www.microsoftstore.com/store" />
-			<test url="http://www.microsoftstore.com/store/msca/en_CA/home" />
-			<test url="http://www.microsoftstore.com/store/msde/de_DE/DisplayHelpContactUsPage/" />
-			<test url="http://www.microsoftstore.com/store/msus/en_AU/DisplayWorldWidePage/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://microsoftstore.com/sstore?Action=DisplayPage&amp;Env=BASE&amp;Locale=en_IE&amp;SiteID=msmea&amp;id=ThreePgCheckoutShoppingCartPage" />
-			<test url="http://www.microsoftstore.com/sstore?Action=DisplayPage&amp;Env=BASE&amp;Locale=en_IE&amp;SiteID=msmea&amp;id=ThreePgCheckoutShoppingCartPage" />
-
-
-	<rule from="^http://microsoftstore\.com/"
-		to="https://www.microsoftstore.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Microsoft_Studios.com.xml b/src/chrome/content/rules/Microsoft_Studios.com.xml
deleted file mode 100644
index 01a608a845f7..000000000000
--- a/src/chrome/content/rules/Microsoft_Studios.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://microsoftstudios.com/ => https://microsoftstudios.com/: (7, 'Failed to connect to microsoftstudios.com port 443: Connection timed out')
-Fetch error: http://www.microsoftstudios.com/ => https://microsoftstudios.com/: (7, 'Failed to connect to microsoftstudios.com port 443: Connection timed out')
-
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	www.microsoftstudios.com: Mismatched
-
--->
-<ruleset name="Microsoft Studios.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="microsoftstudios.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.microsoftstudios.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.microsoftstudios\.com/"
-		to="https://microsoftstudios.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Microtech.xml b/src/chrome/content/rules/Microtech.xml
index 3a21504f2a79..abf3aa012f40 100644
--- a/src/chrome/content/rules/Microtech.xml
+++ b/src/chrome/content/rules/Microtech.xml
@@ -1,15 +1,29 @@
-<ruleset name="Microtech (partial)" platform="mixedcontent">
+<!--
+	Non-functional host in *.mtgsy.net
+		Timeout:
+		- mtgsy.net
+
+	Non-functional host in *.cloudfloordns.com
+		Refused:
+		- my.cloudfloordns.com
+-->
+<ruleset name="Microtech (partial)">
+
+	<target host="panel.cloudfloordns.com"/>
 
-	<target host="my.cloudfloordns.com"/>
 	<target host="mtgsy.net"/>
 	<target host="*.mtgsy.net"/>
+	<test url="http://www.mtgsy.net/" />
+	<test url="http://images1.mtgsy.net/" />
+	<test url="http://images2.mtgsy.net/" />
+	<test url="http://images3.mtgsy.net/" />
 
-	<securecookie host="^(?:.*\.)?mtgsy\.com$" name=".+" />
+	<securecookie host="^(?:.*\.)?mtgsy\.net$" name=".+" />
 
-	<rule from="^http://my\.cloudfloordns\.com/"
-		to="https://www.mtgsy.net/myaccount.php"/>
+	<rule from="^http://mtgsy\.net/"
+		to="https://www.mtgsy.net/" />
 
-	<rule from="^http://(?:images\d\.|www\.)mtgsy\.net/"
-		to="https://www.mtgsy.net/"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Microtronix.xml b/src/chrome/content/rules/Microtronix.xml
index 6745523deb96..8f465fff2148 100644
--- a/src/chrome/content/rules/Microtronix.xml
+++ b/src/chrome/content/rules/Microtronix.xml
@@ -28,4 +28,4 @@
 	<rule from="^http://clients\.microtronix-tech\.com/((?:affiliates|clientarea|contact|pwreset|register|submitticket)\.php|(?:imag|includ|templat)es/)"
 		to="https://clients.microtronix-tech.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Midphase.xml b/src/chrome/content/rules/Midphase.xml
index 829b923bda5c..96297a012f03 100644
--- a/src/chrome/content/rules/Midphase.xml
+++ b/src/chrome/content/rules/Midphase.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mietek.io.xml b/src/chrome/content/rules/Mietek.io.xml
index 786fa60c380e..da469db2f59b 100644
--- a/src/chrome/content/rules/Mietek.io.xml
+++ b/src/chrome/content/rules/Mietek.io.xml
@@ -12,7 +12,9 @@
 <ruleset name="Mietek.io">
 
 	<target host="mietek.io" />
-	<target host="*.mietek.io" />
+	<target host="bashmenot.mietek.io" />
+	<target host="cannot.mietek.io" />
+	<target host="www.mietek.io" />
 
 
 	<rule from="^http://(?:(bashmenot\.|cannot\.)|www\.)?mietek\.io/"
diff --git a/src/chrome/content/rules/Mightyupload.com.xml b/src/chrome/content/rules/Mightyupload.com.xml
index 0d74d0c9460f..51683abaaf4b 100644
--- a/src/chrome/content/rules/Mightyupload.com.xml
+++ b/src/chrome/content/rules/Mightyupload.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.mightyupload.com/ => https://www.mightyupload.com/: (28,
 		- .mightyupload.com
 
 -->
-<ruleset name="mightyupload.com" default_off='failed ruleset test'>
+<ruleset name="mightyupload.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Migros-Kulturprozent.ch.xml b/src/chrome/content/rules/Migros-Kulturprozent.ch.xml
index 5a3fdd970f93..d05a4cd446f8 100644
--- a/src/chrome/content/rules/Migros-Kulturprozent.ch.xml
+++ b/src/chrome/content/rules/Migros-Kulturprozent.ch.xml
@@ -13,7 +13,7 @@ Fetch error: http://facebook.migros-kulturprozent.ch/ => https://facebook.migros
 	m: mismatch
 	r: refused
 -->
-<ruleset name="Migros Kulturprozent (partial)" default_off='failed ruleset test'>
+<ruleset name="Migros Kulturprozent (partial)" default_off="failed ruleset test">
 	<target host="facebook.migros-kulturprozent.ch"/>
 	<target host="foerderung.migros-kulturprozent.ch"/>
 
diff --git a/src/chrome/content/rules/Migros.xml b/src/chrome/content/rules/Migros.xml
index e13f77941429..016ff6fd7033 100644
--- a/src/chrome/content/rules/Migros.xml
+++ b/src/chrome/content/rules/Migros.xml
@@ -1,11 +1,21 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://chinoise.migros.ch/ => https://chinoise.migros.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'chinoise.migros.ch'")
+Fetch error: http://farmchips.migros.ch/ => https://farmchips.migros.ch/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://gmz75.migros.ch/ => https://gmz75.migros.ch/: (6, 'Could not resolve host: gmz75.migros.ch')
+Fetch error: http://momente.migros.ch/ => https://momente.migros.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'momente.migros.ch'")
+Fetch error: http://vonuns-vonhier.migros.ch/ => https://vonuns-vonhier.migros.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'vonuns-vonhier.migros.ch'")
+Fetch error: http://m-connect.ch/ => https://m-connect.ch/: (6, 'Could not resolve host: m-connect.ch')
+Fetch error: http://www.m-connect.ch/ => https://www.m-connect.ch/: (6, 'Could not resolve host: www.m-connect.ch')
+Fetch error: http://qual.m-connect.ch/ => https://qual.m-connect.ch/: (6, 'Could not resolve host: qual.m-connect.ch')
+
 	Other Migros rulesets:
 		- Chocolatfrey.ch.xml
-		- Doitgarden.ch.xml
 		- Exlibris.ch.xml
 		- Hotelplan.ch.xml
 		- Interhome.ch.xml
-		- M-Fanshop.ch.xml
 		- Melectronics.ch.xml
 		- Micasa.ch.xml
 		- Migrol.ch.xml
@@ -74,16 +84,16 @@
 	<target host="brot.migros.ch"/>
 	<target host="candida.migros.ch"/>
 	<target host="cdn.migros.ch"/>
-	<target host="chinoise.migros.ch"/>
+	<!-- target host="chinoise.migros.ch" /-->
 	<target host="community.migros.ch"/>
 	<target host="famigros.migros.ch"/>
 	<target host="faq.migros.ch"/>
-	<target host="farmchips.migros.ch"/>
+	<!-- target host="farmchips.migros.ch" /-->
 	<target host="farmer.migros.ch"/>
 	<target host="filialen.migros.ch"/>
 	<target host="fisch.migros.ch"/>
 	<target host="geschenkkarte.migros.ch"/>
-	<target host="gmz75.migros.ch"/>
+	<!-- target host="gmz75.migros.ch" /-->
 	<target host="heidi.migros.ch"/>
 	<target host="image.migros.ch"/>
 	<target host="jobs.migros.ch"/>
@@ -98,7 +108,7 @@
 	<target host="migipedia.migros.ch"/>
 	<target host="migros-service.migros.ch"/>
 	<target host="migusto.migros.ch"/>
-	<target host="momente.migros.ch"/>
+	<!-- target host="momente.migros.ch" /-->
 	<target host="prodotti.migros.ch"/>
 	<target host="produits.migros.ch"/>
 	<target host="produkte.migros.ch"/>
@@ -112,7 +122,7 @@
 	<target host="theke.migros.ch"/>
 	<target host="total.migros.ch"/>
 	<target host="valflora.migros.ch"/>
-	<target host="vonuns-vonhier.migros.ch"/>
+	<!-- target host="vonuns-vonhier.migros.ch" /-->
 	<target host="wartung.migros.ch"/>
 	<target host="web-api.migros.ch"/>
 	<target host="weidebeef.migros.ch"/>
@@ -120,9 +130,9 @@
 	<target host="migipedia.ch"/>
 	<target host="www.migipedia.ch"/>
 
-	<target host="m-connect.ch"/>
-	<target host="www.m-connect.ch"/>
-	<target host="qual.m-connect.ch"/>
+	<!-- target host="m-connect.ch" /-->
+	<!-- target host="www.m-connect.ch" /-->
+	<!-- target host="qual.m-connect.ch" /-->
 
 	<target host="leshop.ch"/>
 	<target host="www.leshop.ch"/>
diff --git a/src/chrome/content/rules/Mike_Masin.xml b/src/chrome/content/rules/Mike_Masin.xml
deleted file mode 100644
index 0e1457a67e70..000000000000
--- a/src/chrome/content/rules/Mike_Masin.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	(www.)?mikemasin.com: Refused
-
--->
-<ruleset name="Mike Masin.com">
-
-	<!--	Complications:
-				-->
-	<target host="mikemasin.com" />
-	<target host="www.mikemasin.com" />
-
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://(?:www\.)?mikemasin\.com/[^?]*"
-		to="https://medium.com/@mikemasin" />
-
-		<test url="http://mikemasin.com/?" />
-		<test url="http://mikemasin.com//" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MikroTik.com.xml b/src/chrome/content/rules/MikroTik.com.xml
index 986405ec9c0f..d778d5525410 100644
--- a/src/chrome/content/rules/MikroTik.com.xml
+++ b/src/chrome/content/rules/MikroTik.com.xml
@@ -71,13 +71,11 @@
 	<!--securecookie host="^www\.mikrotik\.com$" name=".+" /-->
 
 
-	<rule from="^http://download2\.mikrotik\.com/"
-		to="https://d355q2xs8kb5oj.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 	<!--rule from="^http://training\.mikrotik\.com/.*"
 		to="https://www.mikrotik.com/training/" /-->
 
-	<rule from="^http:"
-		to="https:" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/MilbenCheck.at.xml b/src/chrome/content/rules/MilbenCheck.at.xml
deleted file mode 100644
index 011e84a5512f..000000000000
--- a/src/chrome/content/rules/MilbenCheck.at.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="MilbenCheck.at">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="milbencheck.at" />
-	<target host="www.milbencheck.at" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Milepoint.xml b/src/chrome/content/rules/Milepoint.xml
deleted file mode 100644
index a8ae6b6a2b54..000000000000
--- a/src/chrome/content/rules/Milepoint.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Milepoint.com">
-    <target host="milepoint.com"/>
-    <target host="www.milepoint.com"/>
-    <rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/MilitarySuper.xml b/src/chrome/content/rules/MilitarySuper.xml
index 74a8afc1f986..d46a02f5a292 100644
--- a/src/chrome/content/rules/MilitarySuper.xml
+++ b/src/chrome/content/rules/MilitarySuper.xml
@@ -1,7 +1,7 @@
 <ruleset name="Military Super">
 	<target host="militarysuper.gov.au" />
-	<target host="*.militarysuper.gov.au" />
+	<target host="www.militarysuper.gov.au" />
 
 	<rule from="^http://(?:www\.)?militarysuper\.gov\.au/"
 		to="https://www.militarysuper.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Millennium_Seating.xml b/src/chrome/content/rules/Millennium_Seating.xml
index 228e06f85802..6fb5fc32aa4e 100644
--- a/src/chrome/content/rules/Millennium_Seating.xml
+++ b/src/chrome/content/rules/Millennium_Seating.xml
@@ -5,25 +5,19 @@
 
 			- static.millenniumseating.com
 
-
-	Nonfunctional subdomains:
-
-		- blog		(502)
-
-
-	Some pages redirect to http.
-
 -->
 <ruleset name="Millennium Seating (partial)">
 
 	<target host="millenniumseating.com" />
 	<target host="www.millenniumseating.com" />
+	<target host="static.millenniumseating.com" />
 
-
-	<rule from="^http://(www\.)?millenniumseating\.com/(buttons/|favicon\.ico|images/|[sS]tore/(?:i/|inc/|login\.aspx|[tT]emplates/))"
-		to="https://$1millenniumseating.com/$2" />
+		<test url="http://www.millenniumseating.com/favicon.ico" />
+		<test url="http://millenniumseating.com/favicon.ico" />
 
 	<rule from="^http://static\.millenniumseating\.com/"
 		to="https://d2oplcg29czvvo.cloudfront.net/" />
 
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MillionShort.com.xml b/src/chrome/content/rules/MillionShort.com.xml
new file mode 100644
index 000000000000..276ceaaa9bbc
--- /dev/null
+++ b/src/chrome/content/rules/MillionShort.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- dns.millionshort.com
+		- gold.millionshort.com
+		- new.millionshort.com
+		- staging.millionshort.com
+-->
+<ruleset name="MillionShort.com">
+	<target host="millionshort.com" />
+	<target host="www.millionshort.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Minacs.com.xml b/src/chrome/content/rules/Minacs.com.xml
deleted file mode 100644
index 2a56a674696e..000000000000
--- a/src/chrome/content/rules/Minacs.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Minacs.com">
-
-	<target host="clientchat.minacs.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^clientchat\.minacs\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Minalyzer.com.xml b/src/chrome/content/rules/Minalyzer.com.xml
deleted file mode 100644
index 203683b9d29f..000000000000
--- a/src/chrome/content/rules/Minalyzer.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Chambal coverage, see Chambal.com.xml.
-
-
-	CDN buckets:
-
-		- images.minalyzer.com.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- ^	(http reply)
-		- www	(shows app; mismatched, CN: app.sunosunao.com)
-
--->
-<ruleset name="Minalyzer.com (partial)">
-
-	<target host="images.minalyzer.com" />
-
-
-	<rule from="^http://images\.minalyzer\.com/"
-		to="https://s3.amazonaws.com/images.minalyzer.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MindTouch.com.xml b/src/chrome/content/rules/MindTouch.com.xml
index 8912622acad8..181428e78d2e 100644
--- a/src/chrome/content/rules/MindTouch.com.xml
+++ b/src/chrome/content/rules/MindTouch.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://f1.support.mindtouch.com/ => https://f1.support.mindtouch.co
 		- .mindtouch.com
 
 -->
-<ruleset name="MindTouch.com" default_off='failed ruleset test'>
+<ruleset name="MindTouch.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MindTouch.us.xml b/src/chrome/content/rules/MindTouch.us.xml
index 0e393ec99ddc..4b4c2a7f7713 100644
--- a/src/chrome/content/rules/MindTouch.us.xml
+++ b/src/chrome/content/rules/MindTouch.us.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://help.mindtouch.us/ => https://help.mindtouch.us/: (51, "SSL: no alternative certificate subject name matches target host name 'help.mindtouch.us'")
 Fetch error: http://f1.help.mindtouch.us/ => https://f1.help.mindtouch.us/: (51, "SSL: no alternative certificate subject name matches target host name 'f1.help.mindtouch.us'")
 
-	For other MindTouch coverage, see MindTouch.com.xml.		- 
+	For other MindTouch coverage, see MindTouch.com.xml.		-
 
 
 	Fully covered hosts:
@@ -16,7 +16,7 @@ Fetch error: http://f1.help.mindtouch.us/ => https://f1.help.mindtouch.us/: (51,
 		- f1.sapseod
 
 -->
-<ruleset name="MindTouch.us" default_off='failed ruleset test'>
+<ruleset name="MindTouch.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MindWeb.network.xml b/src/chrome/content/rules/MindWeb.network.xml
deleted file mode 100644
index e9e20eebcea5..000000000000
--- a/src/chrome/content/rules/MindWeb.network.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MindWeb.network">
-	<target host="mindweb.network" />
-	<target host="www.mindweb.network" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mindfactory.de.xml b/src/chrome/content/rules/Mindfactory.de.xml
index 9878e10e038f..e7343eeda105 100644
--- a/src/chrome/content/rules/Mindfactory.de.xml
+++ b/src/chrome/content/rules/Mindfactory.de.xml
@@ -8,10 +8,10 @@ Fetch error: http://mobile.mindfactory.de/ => https://mobile.mindfactory.de/: (5
     - blog.mindfactory.de (different content)
     - user.mindfactory.de (invalid, CN=www6.kd-menue.de)
 -->
-<ruleset name="Mindfactory.de" default_off='failed ruleset test'>
+<ruleset name="Mindfactory.de" default_off="failed ruleset test">
 	<target host="mindfactory.de" />
 	<target host="www.mindfactory.de" />
-	
+
 	<target host="ads.mindfactory.de" />
 	<target host="forum.mindfactory.de" />
 	<target host="image.mindfactory.de" />
diff --git a/src/chrome/content/rules/Mindhealthconnect.xml b/src/chrome/content/rules/Mindhealthconnect.xml
deleted file mode 100644
index c1f6cd4e4ba0..000000000000
--- a/src/chrome/content/rules/Mindhealthconnect.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Mindhealthconnect">
-	<target host="mindhealthconnect.org.au" />
-	<target host="*.mindhealthconnect.org.au" />
-
-	<rule from="^http://(?:www\.)?mindhealthconnect\.org\.au/"
-		to="https://www.mindhealthconnect.org.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MineMyTraffic.com.xml b/src/chrome/content/rules/MineMyTraffic.com.xml
deleted file mode 100644
index a2a4ca72f351..000000000000
--- a/src/chrome/content/rules/MineMyTraffic.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MineMyTraffic.com">
-	<target host="minemytraffic.com" />
-	<target host="www.minemytraffic.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Minetest.ru.xml b/src/chrome/content/rules/Minetest.ru.xml
index 7ef10f35b859..20877175a5eb 100644
--- a/src/chrome/content/rules/Minetest.ru.xml
+++ b/src/chrome/content/rules/Minetest.ru.xml
@@ -11,7 +11,7 @@ Fetch error: http://minetest.ru/ => https://minetest.ru/: (60, 'SSL certificate
 	* Shows ^ over https
 
 -->
-<ruleset name="Minetest.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="Minetest.ru (partial)" default_off="failed ruleset test">
 
 	<target host="minetest.ru" />
 
diff --git a/src/chrome/content/rules/MingPao.com.xml b/src/chrome/content/rules/MingPao.com.xml
index db4867108ef6..27b2c923e27a 100644
--- a/src/chrome/content/rules/MingPao.com.xml
+++ b/src/chrome/content/rules/MingPao.com.xml
@@ -6,8 +6,8 @@
 		- www.jump.mingpao.com
 		- www.life.mingpao.com
 
-	SSL error: 
-		- mobilenews.mingpao.com		
+	SSL error:
+		- mobilenews.mingpao.com
 		- premium.mingpao.com
 		- tssl.mingpao.com
 		- video.mingpao.com
diff --git a/src/chrome/content/rules/MiniLock.io.xml b/src/chrome/content/rules/MiniLock.io.xml
index 8241d03ad817..cc52a766df6e 100644
--- a/src/chrome/content/rules/MiniLock.io.xml
+++ b/src/chrome/content/rules/MiniLock.io.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.minilock.io/ => https://www.minilock.io/: (6, 'Could not
 		- .minilock.io
 
 -->
-<ruleset name="miniLock.io" default_off='failed ruleset test'>
+<ruleset name="miniLock.io" default_off="failed ruleset test">
 
 	<target host="minilock.io" />
 	<target host="www.minilock.io" />
diff --git a/src/chrome/content/rules/MiniMundos_online.com.xml b/src/chrome/content/rules/MiniMundos_online.com.xml
deleted file mode 100644
index efd865948aad..000000000000
--- a/src/chrome/content/rules/MiniMundos_online.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://minimundosonline.com/ => https://minimundosonline.com/: (6, 'Could not resolve host: minimundosonline.com')
-Fetch error: http://www.minimundosonline.com/ => https://www.minimundosonline.com/: (6, 'Could not resolve host: www.minimundosonline.com')
-
-	For other Axeso5 coverage, see Axeso5.com.xml.
-
-
-	Problematic subdomains:
-
-		- content *
-
-	* Cloudfront, unknown id
-
--->
-<ruleset name="MiniMundos online.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="minimundosonline.com" />
-	<target host="www.minimundosonline.com" />
-
-	<!--	Special cases:
-				-->
-	<target host="content.minimundosonline.com" />
-
-
-	<rule from="^http://content\.minimundosonline\.com/"
-		to="https://s3.amazonaws.com/content.minimundosonline.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Miniand-Tech.xml b/src/chrome/content/rules/Miniand-Tech.xml
index a4872b34fca2..053f9e26af95 100644
--- a/src/chrome/content/rules/Miniand-Tech.xml
+++ b/src/chrome/content/rules/Miniand-Tech.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.miniand.com/ => https://www.miniand.com/: (6, 'Could not
 	dl serves images only.
 
 -->
-<ruleset name="Miniand Tech (partial)" default_off='failed ruleset test'>
+<ruleset name="Miniand Tech (partial)" default_off="failed ruleset test">
 
 	<target host="miniand.com" />
 	<target host="www.miniand.com" />
diff --git a/src/chrome/content/rules/Miniclip.com.xml b/src/chrome/content/rules/Miniclip.com.xml
deleted file mode 100644
index 13b39a45d926..000000000000
--- a/src/chrome/content/rules/Miniclip.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For other Miniclip coverage, see Miniclip_CDN.xml.
-
-	Nonfunctional hosts in *.miniclip.com:
-		- *.board.miniclip.com (r)
-		- powerfootball.miniclip.com (t)
-		- starstable.miniclip.com (m)
-
-	m: certificate mismatch
-	r: connection refused
-	t: timeout on https
--->
-<ruleset name="Miniclip.com (partial)">
-	<target host="miniclip.com" />
-	<target host="www.miniclip.com" />
-	<target host="8ballpoolforum.miniclip.com" />
-	<target host="blog.miniclip.com" />
-	<target host="corporate.miniclip.com" />
-	<target host="m.miniclip.com" />
-	<target host="site.miniclip.com" />
-	<target host="support.miniclip.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Miniclip_CDN.com.xml b/src/chrome/content/rules/Miniclip_CDN.com.xml
index 750bb157eec8..f7d2d4750b5d 100644
--- a/src/chrome/content/rules/Miniclip_CDN.com.xml
+++ b/src/chrome/content/rules/Miniclip_CDN.com.xml
@@ -1,6 +1,3 @@
-<!--
-	For other Miniclip coverage, see Miniclip.com.xml.
--->
 <ruleset name="MiniclipCDN.com">
 	<target host="images.miniclipcdn.com" />
 	<target host="images1.miniclipcdn.com" />
diff --git a/src/chrome/content/rules/Mining.Bitcoin.cz.xml b/src/chrome/content/rules/Mining.Bitcoin.cz.xml
index e54d42cac0ff..f335fbe8fbb1 100644
--- a/src/chrome/content/rules/Mining.Bitcoin.cz.xml
+++ b/src/chrome/content/rules/Mining.Bitcoin.cz.xml
@@ -1,18 +1,19 @@
 <!--
+  302 on mining.bitcoin.cz
+    https://slushpool.com/
+
 	Problematic subdomains:
 
 		- beta.mining (dropped, mismatch)
 		- support *
 
-	* Mismatched, CN: *.kayako.com
+	* Mismatched
+    - CN: *.kayako.com
+    - old.bitcoin.cz
 -->
 <ruleset name="Mining.Bitcoin.cz">
 	<target host="mining.bitcoin.cz" />
-	<target host="beta.mining.bitcoin.cz" />
-	<target host="old.bitcoin.cz" />
 
-	<rule from="^http://beta\.mining\.bitcoin\.cz/"
-		to="https://mining.bitcoin.cz/" />
 	<rule from="^http:"
 		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Minix3.org.xml b/src/chrome/content/rules/Minix3.org.xml
new file mode 100644
index 000000000000..43ef5d0e2274
--- /dev/null
+++ b/src/chrome/content/rules/Minix3.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional subdomains:
+		cd (certificate lacks the alt-name)
+		download (certificate lacks the alt-name)
+		ftp (certificate lacks the alt-name)
+		gerrit (unsupported)
+		jenkins (unsupported)
+		ns1 (certificate lacks the alt-name)
+		oldwiki (certificate lacks the alt-name)
+ 		packages (certificate lacks the alt-name)
+		server (certificate lacks the alt-name)
+-->
+<ruleset name="Minix3.org (partial)">
+	<target host="minix3.org" />
+	<target host="www.minix3.org" />
+	<target host="blog.minix3.org" />
+	<target host="git.minix3.org" />
+	<target host="man.minix3.org" />
+	<target host="wiki.minix3.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Minnesota-Public-Radio.xml b/src/chrome/content/rules/Minnesota-Public-Radio.xml
index bbdc239b8c20..5baec3cb3f42 100644
--- a/src/chrome/content/rules/Minnesota-Public-Radio.xml
+++ b/src/chrome/content/rules/Minnesota-Public-Radio.xml
@@ -12,7 +12,9 @@
 -->
 <ruleset name="Minnesota Public Radio (partial)">
 
-	<target host="*.publicradio.org" />
+	<target host="contribute.publicradio.org" />
+	<target host="www.publicradio.org" />
+	<target host="minnesota.publicradio.org" />
 
 
 	<securecookie host="^\.publicradio\.org$" name="^WT_FPC$" />
diff --git a/src/chrome/content/rules/Mint.com.xml b/src/chrome/content/rules/Mint.com.xml
new file mode 100644
index 000000000000..48f0f348c513
--- /dev/null
+++ b/src/chrome/content/rules/Mint.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Mint.com" >
+	<target host="mint.com" />
+	<target host="www.mint.com" />
+	<target host="accounts.mint.com" />
+	<target host="blog.mint.com" />
+	<target host="credit.mint.com" />
+	<target host="help.mint.com" />
+	<target host="mobile.mint.com" />
+	<target host="wwws.mint.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mint.xml b/src/chrome/content/rules/Mint.xml
deleted file mode 100644
index 86654d771d9f..000000000000
--- a/src/chrome/content/rules/Mint.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Mint" platform="mixedcontent">
-  <target host="www.mint.com" />
-  <target host="mint.com" />
-
-  <rule from="^http://(?:www\.)?mint\.com/" to="https://www.mint.com/"/>
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Minted.xml b/src/chrome/content/rules/Minted.xml
index 3f67f5c64778..7224c9aec399 100644
--- a/src/chrome/content/rules/Minted.xml
+++ b/src/chrome/content/rules/Minted.xml
@@ -60,12 +60,12 @@
 		to="https://www.minted.com/" />
 
 	<rule from="^http://cdn3\.minted\.com/"
-		to="https://d2bhls43bg90ow.cloudfront.net/" />
+		to="https://cdn3.minted.com/" />
 
 	<rule from="^http://cdn4\.minted\.com/"
-		to="https://d27r269iws82ha.cloudfront.net/" />
+		to="https://cdn4.minted.com/" />
 
 	<rule from="^http://cdn5\.minted\.com/"
-		to="https://dyx88w6kx3fik.cloudfront.net/" />
+		to="https://cdn5.minted.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mipay.com.xml b/src/chrome/content/rules/Mipay.com.xml
index 426922bd2e65..84dbc1af1440 100644
--- a/src/chrome/content/rules/Mipay.com.xml
+++ b/src/chrome/content/rules/Mipay.com.xml
@@ -12,4 +12,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MirBSD.xml b/src/chrome/content/rules/MirBSD.xml
deleted file mode 100644
index 937a612bdebc..000000000000
--- a/src/chrome/content/rules/MirBSD.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	^mirbsd.org: Expired, mismatched
-
--->
-<ruleset name="MirBSD.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.mirbsd.org" />
-
-	<!--	Complications:
-				-->
-	<target host="mirbsd.org" />
-
-
-	<rule from="^http://mirbsd\.org/"
-		to="https://www.mirbsd.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mirakar.com.xml b/src/chrome/content/rules/Mirakar.com.xml
index d1932c68af15..ab346fa7e068 100644
--- a/src/chrome/content/rules/Mirakar.com.xml
+++ b/src/chrome/content/rules/Mirakar.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mirakar.com/ => https://www.mirakar.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.mirakar.com/ => https://www.mirakar.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Mirakar.com" default_off='failed ruleset test'>
+<ruleset name="Mirakar.com" default_off="failed ruleset test">
   <target host="mirakar.com" />
   <target host="www.mirakar.com" />
 
diff --git a/src/chrome/content/rules/Miramax.com.xml b/src/chrome/content/rules/Miramax.com.xml
index 42f78917eb62..c2cb9c9b279f 100644
--- a/src/chrome/content/rules/Miramax.com.xml
+++ b/src/chrome/content/rules/Miramax.com.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://miramax.com/ => https://miramax.com/: Cycle detected - URL already encountered: https://miramax.com/
 Fetch error: http://www.miramax.com/ => https://www.miramax.com/: Cycle detected - URL already encountered: https://www.miramax.com/
 -->
-<ruleset name="Miramax.com" default_off='failed ruleset test'>
+<ruleset name="Miramax.com" default_off="failed ruleset test">
 
 	<target host="miramax.com" />
 	<target host="www.miramax.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.miramax.com/ => https://www.miramax.com/: Cycle detected
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Miranda-IM.xml b/src/chrome/content/rules/Miranda-IM.xml
index 0ac1b777e0a6..251148354d34 100644
--- a/src/chrome/content/rules/Miranda-IM.xml
+++ b/src/chrome/content/rules/Miranda-IM.xml
@@ -27,7 +27,8 @@
 <ruleset name="Miranda IM (partial)">
 
 	<target host="miranda-im.org" />
-	<target host="*.miranda-im.org" />
+	<target host="www.miranda-im.org" />
+	<target host="addons.miranda-im.org" />
 
 
 	<securecookie host="^.*\.miranda-im\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Mirantis.com.xml b/src/chrome/content/rules/Mirantis.com.xml
index d55cfaa46fe2..6c8b7351b85f 100644
--- a/src/chrome/content/rules/Mirantis.com.xml
+++ b/src/chrome/content/rules/Mirantis.com.xml
@@ -18,7 +18,9 @@
 <ruleset name="Mirantis.com">
 
 	<target host="mirantis.com" />
-	<target host="*.mirantis.com" />
+	<target host="software.mirantis.com" />
+	<target host="training.mirantis.com" />
+	<target host="www.mirantis.com" />
 
 
 	<!--	Secured by server:
@@ -32,7 +34,6 @@
 	<securecookie host="^training\.mirantis\.com$" name=".+" />
 
 
-	<rule from="^http://((?:software|training|www)\.)?mirantis\.com/"
-		to="https://$1mirantis.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mirror.ng.xml b/src/chrome/content/rules/Mirror.ng.xml
deleted file mode 100644
index c841360585ec..000000000000
--- a/src/chrome/content/rules/Mirror.ng.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional hosts in *.mirror.ng:
-		- www.mirror.ng (m)
-
-	h: http redirect
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="Mirror.ng">
-	<target host="mirror.ng" />
-	<target host="www.mirror.ng" />
-	<target host="pypi.mirror.ng" />
-
-	<rule from="^http://www\.mirror\.ng/" to="https://mirror.ng/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mirror_Image_Internet.xml b/src/chrome/content/rules/Mirror_Image_Internet.xml
index eadf045cc0a9..3fbd81de8233 100644
--- a/src/chrome/content/rules/Mirror_Image_Internet.xml
+++ b/src/chrome/content/rules/Mirror_Image_Internet.xml
@@ -8,4 +8,4 @@
 	<rule from="^http://(\w+)\.service\.mirror-image\.net/"
 		to="https://$1.service.mirror-image.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mirrorcreator.com.xml b/src/chrome/content/rules/Mirrorcreator.com.xml
index 5aacc166cf61..d81a5c92b526 100644
--- a/src/chrome/content/rules/Mirrorcreator.com.xml
+++ b/src/chrome/content/rules/Mirrorcreator.com.xml
@@ -7,4 +7,4 @@
 	<target host="www.mirrorcreator.com"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Misco.co.uk.xml b/src/chrome/content/rules/Misco.co.uk.xml
index a59226c459eb..71d53ee6ee31 100644
--- a/src/chrome/content/rules/Misco.co.uk.xml
+++ b/src/chrome/content/rules/Misco.co.uk.xml
@@ -9,7 +9,7 @@
 <ruleset name="Misco.co.uk (partial)">
 
 	<target host="misco.co.uk" />
-	<target host="*.misco.co.uk" />
+	<target host="www.misco.co.uk" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Mit-dem-rad-zur-arbeit.de.xml b/src/chrome/content/rules/Mit-dem-rad-zur-arbeit.de.xml
deleted file mode 100644
index 9c9e8e314328..000000000000
--- a/src/chrome/content/rules/Mit-dem-rad-zur-arbeit.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Mit-dem-rad-zur-arbeit.de">
-  <target host="www.mit-dem-rad-zur-arbeit.de" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mitro.co.xml b/src/chrome/content/rules/Mitro.co.xml
index 44f05fe4672a..d00b98bdac27 100644
--- a/src/chrome/content/rules/Mitro.co.xml
+++ b/src/chrome/content/rules/Mitro.co.xml
@@ -5,7 +5,7 @@ Fetch error: http://mitro.co/ => https://mitro.co/: (7, 'Failed to connect to mi
 Fetch error: http://www.mitro.co/ => https://www.mitro.co/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Mitro.co" default_off='failed ruleset test'>
+<ruleset name="Mitro.co" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MivaCentral.xml b/src/chrome/content/rules/MivaCentral.xml
deleted file mode 100644
index 7a724877eacf..000000000000
--- a/src/chrome/content/rules/MivaCentral.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Miva Merchant coverage, see Miva_Merchant.xml.
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="MivaCentral">
-
-	<target host="mivacentral.com" />
-	<target host="www.mivacentral.com" />
-
-
-	<securecookie host="^www\.mivacentral\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Miva_Merchant.xml b/src/chrome/content/rules/Miva_Merchant.xml
index e766dfdb5e31..458ebd7318b1 100644
--- a/src/chrome/content/rules/Miva_Merchant.xml
+++ b/src/chrome/content/rules/Miva_Merchant.xml
@@ -9,7 +9,6 @@ Fetch error: http://mivamerchant.com/ => https://mivamerchant.com/: (51, "SSL: n
 Fetch error: http://www.mivamerchant.com/ => https://www.mivamerchant.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mivamerchant.com'")
 	Other Miva Merchant rulesets:
 
-		- MivaCentral.xml
 
 
 	CDN buckets:
@@ -22,7 +21,7 @@ Fetch error: http://www.mivamerchant.com/ => https://www.mivamerchant.com/: (51,
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Miva Merchant" default_off='failed ruleset test'>
+<ruleset name="Miva Merchant" default_off="failed ruleset test">
 
 	<target host="mivamerchant.com" />
 	<target host="www.mivamerchant.com" />
@@ -33,4 +32,4 @@ Fetch error: http://www.mivamerchant.com/ => https://www.mivamerchant.com/: (51,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MixBit.com.xml b/src/chrome/content/rules/MixBit.com.xml
index 9138ef0c3728..6265b4aeab45 100644
--- a/src/chrome/content/rules/MixBit.com.xml
+++ b/src/chrome/content/rules/MixBit.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://api.mixbit.com/ => https://api.mixbit.com/: (6, 'Could not resolve host: api.mixbit.com')
 
 -->
-<ruleset name="MixBit.com" default_off='failed ruleset test'>
+<ruleset name="MixBit.com" default_off="failed ruleset test">
 
 	<target host="mixbit.com" />
 	<target host="api.mixbit.com" />
diff --git a/src/chrome/content/rules/Mixi.xml b/src/chrome/content/rules/Mixi.xml
index d1e5995b972b..13bb5b84d2cb 100644
--- a/src/chrome/content/rules/Mixi.xml
+++ b/src/chrome/content/rules/Mixi.xml
@@ -23,7 +23,9 @@
 					-->
 		<exclusion pattern="^http://mixi\.jp/+(?!$|\?|appli_|comm/|favicon\.ico|photo/)" />
 	<target host="mixi.jp" />
-	<target host="*.mixi.jp" />
+	<target host="www.mixi.jp" />
+	<target host="plugins.mixi.jp" />
+	<target host="static.mixi.jp" />
 	<target host="img.mixi.net" />
 
 
@@ -33,10 +35,7 @@
 	<rule from="^http://(?:www\.)?mixi\.(co\.)?jp/"
 		to="https://mixi.$1jp/" />
 
-	<rule from="^http://(plugins|static)\.mixi\.jp/"
-		to="https://$1.mixi.jp/" />
 
-	<rule from="^http://img\.mixi\.net/"
-		to="https://img.mixi.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mixpanel.xml b/src/chrome/content/rules/Mixpanel.xml
index 8e328435d3d4..8178cd10c9e9 100644
--- a/src/chrome/content/rules/Mixpanel.xml
+++ b/src/chrome/content/rules/Mixpanel.xml
@@ -28,7 +28,7 @@
 					-->
 	<!--securecookie host="^\.mixpanel\.com$" name="^mp_metrics-1_mixpanel$" /-->
 
-	<securecookie host="^(?:.*\.)?mixpanel\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Mixtum.io.xml b/src/chrome/content/rules/Mixtum.io.xml
new file mode 100644
index 000000000000..5ca945673312
--- /dev/null
+++ b/src/chrome/content/rules/Mixtum.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mixtum.io">
+	<target host="mixtum.io" />
+	<target host="www.mixtum.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mixx.com.xml b/src/chrome/content/rules/Mixx.com.xml
index b5f0ff7f48ca..f0985ebad051 100644
--- a/src/chrome/content/rules/Mixx.com.xml
+++ b/src/chrome/content/rules/Mixx.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.mixx.com/ => https://www.mixx.com/: (28, 'Connection tim
 <!-- blog.mixx.com doesn't use https -->
 <!-- help.mixx.com doesn't use https -->
 <!-- engineroom.mixx.com doesn't use https -->
-<ruleset name="mixx.com" default_off='failed ruleset test'>
+<ruleset name="mixx.com" default_off="failed ruleset test">
 	<target host="mixx.com" />
 	<target host="www.mixx.com" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Mixxx.org.xml b/src/chrome/content/rules/Mixxx.org.xml
index 08eb8936804f..c1db912c61d2 100644
--- a/src/chrome/content/rules/Mixxx.org.xml
+++ b/src/chrome/content/rules/Mixxx.org.xml
@@ -13,6 +13,7 @@
 
 	<target host="mixxx.org" />
 	<target host="www.mixxx.org" />
+	<target host="downloads.mixxx.org" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Mktoresp.com.xml b/src/chrome/content/rules/Mktoresp.com.xml
index 4d91c31d7074..8bd229e9db51 100644
--- a/src/chrome/content/rules/Mktoresp.com.xml
+++ b/src/chrome/content/rules/Mktoresp.com.xml
@@ -11,10 +11,10 @@
 
 
 	<!--	name="^(BIGipServersjnweb_mch_https|RSMKTO1)$"	-->
-	<securecookie host=".+\.mktoresp\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\d{3}-\w{3}-\d{3})\.mktoresp\.com/"
 		to="https://$1.mktoresp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mmixr.com.xml b/src/chrome/content/rules/Mmixr.com.xml
index 64a358f6e07c..7f99f4951f51 100644
--- a/src/chrome/content/rules/Mmixr.com.xml
+++ b/src/chrome/content/rules/Mmixr.com.xml
@@ -10,10 +10,11 @@ Fetch error: http://mmixr.com/ => https://www.mmixr.com/: (28, 'Connection timed
 		- ^	(shows app)
 
 -->
-<ruleset name="mmixr.com" default_off='failed ruleset test'>
+<ruleset name="mmixr.com" default_off="failed ruleset test">
 
 	<target host="mmixr.com" />
-	<target host="*.mmixr.com" />
+	<target host="www.mmixr.com" />
+	<target host="app.mmixr.com" />
 
 
 	<securecookie host="^\.mmixr\.com$" name=".+" />
@@ -22,7 +23,6 @@ Fetch error: http://mmixr.com/ => https://www.mmixr.com/: (28, 'Connection timed
 	<rule from="^http://(?:www\.)?mmixr\.com/"
 		to="https://www.mmixr.com/" />
 
-	<rule from="^http://app\.mmixr\.com/"
-		to="https://app.mmixr.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mmstat.com.xml b/src/chrome/content/rules/Mmstat.com.xml
index 8d6c43f23a2a..c68035667cb1 100644
--- a/src/chrome/content/rules/Mmstat.com.xml
+++ b/src/chrome/content/rules/Mmstat.com.xml
@@ -3,7 +3,7 @@
 
 	Mismatch:
 		- ^(www.)?
-	
+
 	Insecure cookies are set for these domains:
 
 		- .mmstat.com
diff --git a/src/chrome/content/rules/MoAF.org.xml b/src/chrome/content/rules/MoAF.org.xml
deleted file mode 100644
index 344fb73e5277..000000000000
--- a/src/chrome/content/rules/MoAF.org.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	Museum of American Finance
-
-	For problematic rules, see MoAF.org-problematic.xml.
-
-
-	(www.)?: Expired 2012
-	^: cert only matches www
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- shop.moaf.org
-		- .shop.moaf.org
-		- www.moaf.org
-
--->
-<ruleset name="MoAF.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="shop.moaf.org" />
-	<!--target host="www.moaf.org" /-->
-
-	<!--	Complications:
-				-->
-	<!--target host="moaf.org" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^shop\.moaf\.org$" name="(?:CFGLOBALS|CFID|CFTOKEN)$" /-->
-	<!--securecookie host="^\.shop\.moaf\.org$" name="CPSESSIONID$" /-->
-	<!--securecookie host="^www\.moaf\.org$" name="^PHPSESSID$" /-->
-
-	<!--securecookie host="^(?:\.?shop|www)\.moaf\.org$" name=".+" /-->
-	<securecookie host="^\.?shop\.moaf\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Moana_Surfrider.xml b/src/chrome/content/rules/Moana_Surfrider.xml
index f9c158511b04..7f84fd8f9461 100644
--- a/src/chrome/content/rules/Moana_Surfrider.xml
+++ b/src/chrome/content/rules/Moana_Surfrider.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?moana-surfrider\.com/images/"
 		to="https://www.moana-surfrider.com/images/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moat_ads.com.xml b/src/chrome/content/rules/Moat_ads.com.xml
index 3fe3a06bd8eb..b8e6f66215f8 100644
--- a/src/chrome/content/rules/Moat_ads.com.xml
+++ b/src/chrome/content/rules/Moat_ads.com.xml
@@ -40,7 +40,7 @@
 	<securecookie host="^\w" name=".+" />
 
 
-	<!--	Redirects like so: 
+	<!--	Redirects like so:
 					-->
 	<rule from="^http://(?:www\.)?moatads\.com/"
 		to="https://www.moat.com/" />
@@ -53,7 +53,7 @@
 			<test url="http://www.moatads.com/index.htm" />
 			<test url="http://www.moatads.com/index.php" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
-					
+
 </ruleset>
diff --git a/src/chrome/content/rules/Moava.xml b/src/chrome/content/rules/Moava.xml
index 95723b0d4fec..6fe41a6ce1fc 100644
--- a/src/chrome/content/rules/Moava.xml
+++ b/src/chrome/content/rules/Moava.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MobStac.xml b/src/chrome/content/rules/MobStac.xml
index 379e473047f0..e35703e70e16 100644
--- a/src/chrome/content/rules/MobStac.xml
+++ b/src/chrome/content/rules/MobStac.xml
@@ -5,7 +5,8 @@
 <ruleset name="MobStac (partial)">
 
 	<target host="mobstac.com" />
-	<target host="*.mobstac.com" />
+	<target host="www.mobstac.com" />
+	<target host="cdn.mobstac.com" />
 
 
 	<!--	At least some pages 301 to http.
diff --git a/src/chrome/content/rules/Mobify.me.xml b/src/chrome/content/rules/Mobify.me.xml
index 1e01bb1f51e1..5c755d66c004 100644
--- a/src/chrome/content/rules/Mobify.me.xml
+++ b/src/chrome/content/rules/Mobify.me.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Mobify rulesets:
 
-		- Mobify.net.xml
 
 
 	(www.)?, community: Mismatched
diff --git a/src/chrome/content/rules/Mobify.net.xml b/src/chrome/content/rules/Mobify.net.xml
deleted file mode 100644
index 3b4ce20551ca..000000000000
--- a/src/chrome/content/rules/Mobify.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Mobify coverage, see Mobify.xml.
-
--->
-<ruleset name="Mobify.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="mobify.net" />
-	<target host="www.mobify.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mobify.xml b/src/chrome/content/rules/Mobify.xml
index 328a6e14328f..3b051cda852b 100644
--- a/src/chrome/content/rules/Mobify.xml
+++ b/src/chrome/content/rules/Mobify.xml
@@ -1,8 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://community.mobify.com/ => https://community.mobify.com/: (35, 'error:1408F10B:SSL routines:ssl3_get_record:wrong version number')
+Fetch error: http://portal.mobify.com/ => https://portal.mobify.com/: (6, 'Could not resolve host: portal.mobify.com')
+
 	Other Mobify rulesets:
 
 		- Mobify.me.xml
-		- Mobify.net.xml
 
 
 	Nonfunctional hosts in *mobify.com:
@@ -39,8 +44,8 @@
 	<target host="a.mobify.com" />
 	<target host="cdn.mobify.com" />
 	<target host="cloud.mobify.com" />
-	<target host="community.mobify.com" />
-	<target host="portal.mobify.com" />
+	<!-- target host="community.mobify.com" /-->
+	<!-- target host="portal.mobify.com" /-->
 	<target host="support.mobify.com" />
 	<target host="www.mobify.com" />
 
diff --git a/src/chrome/content/rules/Mobile01.com.xml b/src/chrome/content/rules/Mobile01.com.xml
index 54ada9c3e7e3..429826be5e98 100644
--- a/src/chrome/content/rules/Mobile01.com.xml
+++ b/src/chrome/content/rules/Mobile01.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mobile01.com/ => https://mobile01.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Mobile01.com" default_off='failed ruleset test'>
+<ruleset name="Mobile01.com" default_off="failed ruleset test">
 	<target host="mobile01.com" />
 	<target host="www.mobile01.com" />
 	<target host="attach.mobile01.com" />
diff --git a/src/chrome/content/rules/Mobile_Asia_Expo.xml b/src/chrome/content/rules/Mobile_Asia_Expo.xml
index 07a1dac2e1e2..34a3275fba53 100644
--- a/src/chrome/content/rules/Mobile_Asia_Expo.xml
+++ b/src/chrome/content/rules/Mobile_Asia_Expo.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://content\.mobileasiaexpo\.com/"
 		to="https://d1cu38qo94v965.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobile_Enterprise_360.com.xml b/src/chrome/content/rules/Mobile_Enterprise_360.com.xml
index 5ee80c5eccf1..328a8fa64ff8 100644
--- a/src/chrome/content/rules/Mobile_Enterprise_360.com.xml
+++ b/src/chrome/content/rules/Mobile_Enterprise_360.com.xml
@@ -6,7 +6,7 @@
 <ruleset name="Mobile Enterprise 360.com" default_off="expired, mismatched, self-signed">
 
 	<target host="mobileenterprise360.com" />
-	<target host="*.mobileenterprise360.com" />
+	<target host="www.mobileenterprise360.com" />
 
 
 	<securecookie host="^(?:www)?\.mobileenterprise360\.com$" name=".+" />
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?mobileenterprise360\.com/"
 		to="https://www.mobileenterprise360.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobile_Nations.xml b/src/chrome/content/rules/Mobile_Nations.xml
index f498dc2006ff..faf0e9897e34 100644
--- a/src/chrome/content/rules/Mobile_Nations.xml
+++ b/src/chrome/content/rules/Mobile_Nations.xml
@@ -1,10 +1,8 @@
 <!--
-	Problematic subdomains:
-
-		- shop *
-
-	* Front page differs
-
+  Host unresolved:
+    - shop.mobilenations.com
+    - cdn.passport.mobilenations.com
+    - passport-cdn.mobilenations.com
 
 	Problematic domains:
 
@@ -13,14 +11,7 @@
 -->
 <ruleset name="Mobile Nations (partial)">
 
-	<target host="*.mobilenations.com" />
-		<exclusion pattern="^http://shop\.mobilenations\.com/+(?!images/|store_images/|v3_templates/)" />
-
-
-	<rule from="^http://(passport|shop)\.mobilenations\.com/"
-		to="https://$1.mobilenations.com/" />
-
-	<rule from="^http://(?:cdn\.passport|passport-cdn)\.mobilenations\.com/"
-		to="https://passport-cdn.mobilenations.com/" />
+	<target host="passport.mobilenations.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mobile_Vikings.xml b/src/chrome/content/rules/Mobile_Vikings.xml
index f457d5bd4d23..6f96fdd62210 100644
--- a/src/chrome/content/rules/Mobile_Vikings.xml
+++ b/src/chrome/content/rules/Mobile_Vikings.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobio_INsider.xml b/src/chrome/content/rules/Mobio_INsider.xml
index fcbb70bdd8da..dcc667a812c7 100644
--- a/src/chrome/content/rules/Mobio_INsider.xml
+++ b/src/chrome/content/rules/Mobio_INsider.xml
@@ -6,7 +6,7 @@ Fetch error: http://stage-mobioinsider.com/ => https://stage-mobioinsider.com/:
 Fetch error: http://www.stage-mobioinsider.com/ => https://www.stage-mobioinsider.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Mobio INsider" default_off='failed ruleset test'>
+<ruleset name="Mobio INsider" default_off="failed ruleset test">
 
 	<target host="mobioinsider.com" />
 	<target host="s.mobioinsider.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.stage-mobioinsider.com/ => https://www.stage-mobioinside
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mobypicture.xml b/src/chrome/content/rules/Mobypicture.xml
index 1b2053271bc2..2289ea9ecce8 100644
--- a/src/chrome/content/rules/Mobypicture.xml
+++ b/src/chrome/content/rules/Mobypicture.xml
@@ -64,7 +64,7 @@ Fetch error: http://mobypicture.com/ => https://mobypicture.com/: (60, 'SSL cert
 	* Secured by us
 
 -->
-<ruleset name="Mobypicture" default_off='failed ruleset test'>
+<ruleset name="Mobypicture" default_off="failed ruleset test">
 
 	<target host="media.mobyhub.com" />
 	<target host="*.media.mobyhub.com" />
@@ -96,6 +96,6 @@ Fetch error: http://mobypicture.com/ => https://mobypicture.com/: (60, 'SSL cert
 		to="https://d3l076gtvxuom7.cloudfront.net/" />
 
 	<rule from="^http://vid\.mobypicture\.com/"
-		to="https://dxujr96dorra9.cloudfront.net/" />
+		to="https://vid.mobypicture.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mochtu.de.xml b/src/chrome/content/rules/Mochtu.de.xml
index 220114161c49..4065a1e9b687 100644
--- a/src/chrome/content/rules/Mochtu.de.xml
+++ b/src/chrome/content/rules/Mochtu.de.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.mochtu.de/ => https://mochtu.de/: (51, "SSL: no alternat
 		- walla.mochtu.de
 
 -->
-<ruleset name="mochtu.de" default_off='failed ruleset test'>
+<ruleset name="mochtu.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ModArchive.org.xml b/src/chrome/content/rules/ModArchive.org.xml
new file mode 100644
index 000000000000..93c54e9ca817
--- /dev/null
+++ b/src/chrome/content/rules/ModArchive.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- ircstats.modarchive.org
+		- lite.modarchive.org
+		- sidney.mirror.modarchive.org
+		- tracker.modarchive.org
+
+	Mismatched:
+		- mail.modarchive.org
+		- mirror.modarchive.org
+		- new.modarchive.org
+
+	HTTP != HTTPS:
+		- pma.modarchive.org
+-->
+<ruleset name="ModArchive.org">
+	<target host="modarchive.org" />
+	<target host="www.modarchive.org" />
+	<target host="api.modarchive.org" />
+	<target host="data.modarchive.org" />
+	<target host="forums.modarchive.org" />
+	<target host="img.modarchive.org" />
+	<target host="quotes.modarchive.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ModMyPi.xml b/src/chrome/content/rules/ModMyPi.xml
index 68cd0713041c..a01c2c543484 100644
--- a/src/chrome/content/rules/ModMyPi.xml
+++ b/src/chrome/content/rules/ModMyPi.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ModTheSims.info.xml b/src/chrome/content/rules/ModTheSims.info.xml
new file mode 100644
index 000000000000..d80ae07e19b1
--- /dev/null
+++ b/src/chrome/content/rules/ModTheSims.info.xml
@@ -0,0 +1,28 @@
+<!--
+	Refused:
+		- chii.modthesims.info
+
+	Timeout:
+		- mail.modthesims.info
+
+	Mismatched:
+		- bulma.modthesims.info
+		- *.modthesims.info (wildcard record)
+
+	Mixed content:
+		- classic.modthesims.info
+		- upload.modthesims.info
+-->
+<ruleset name="ModTheSims.info">
+	<target host="modthesims.info" />
+	<target host="www.modthesims.info" />
+	<target host="bootstrap.modthesims.info" />
+	<target host="forums.modthesims.info" />
+	<target host="linna.modthesims.info" />
+	<target host="nene.modthesims.info" />
+	<target host="skuld.modthesims.info" />
+	<target host="thumbs.modthesims.info" />
+	<target host="thumbs2.modthesims.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mod_DB.com.xml b/src/chrome/content/rules/Mod_DB.com.xml
index 8985e1b42dbd..52a3cb2e82a3 100644
--- a/src/chrome/content/rules/Mod_DB.com.xml
+++ b/src/chrome/content/rules/Mod_DB.com.xml
@@ -20,10 +20,11 @@
 -->
 <ruleset name="Mod DB.com (partial)">
 
-	<target host="*.moddb.com" />
+	<target host="secure.moddb.com" />
+	<target host="static.moddb.com" />
 
 
 	<rule from="^http://s(?:ecure|tatic)\.moddb\.com/"
 		to="https://secure.moddb.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Model_Mayhem-problematic.xml b/src/chrome/content/rules/Model_Mayhem-problematic.xml
index f54194f9366b..d6e827df2678 100644
--- a/src/chrome/content/rules/Model_Mayhem-problematic.xml
+++ b/src/chrome/content/rules/Model_Mayhem-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Model_Mayhem.xml b/src/chrome/content/rules/Model_Mayhem.xml
index 18148eb88f85..cbaa02afe65d 100644
--- a/src/chrome/content/rules/Model_Mayhem.xml
+++ b/src/chrome/content/rules/Model_Mayhem.xml
@@ -13,7 +13,8 @@
 <ruleset name="Model Mayhem (partial)" platform="mixedcontent">
 
 	<target host="modelmayhem.com" />
-	<target host="*.modelmayhem.com" />
+	<target host="secure.modelmayhem.com" />
+	<target host="www.modelmayhem.com" />
 
 
 	<securecookie host="^.*\.modelmayhem\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Modern.IE.xml b/src/chrome/content/rules/Modern.IE.xml
index 742dff41a795..d4e4bb7a01a0 100644
--- a/src/chrome/content/rules/Modern.IE.xml
+++ b/src/chrome/content/rules/Modern.IE.xml
@@ -30,7 +30,7 @@ Fetch error: http://remote.modern.ie/ => https://remote.modern.ie/: (6, 'Could n
 	* Secured by us
 
 -->
-<ruleset name="modern.IE" default_off='failed ruleset test'>
+<ruleset name="modern.IE" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -48,8 +48,8 @@ Fetch error: http://remote.modern.ie/ => https://remote.modern.ie/: (6, 'Could n
 	<!--securecookie host="^remote\.modern\.ie$" name="^connect\.sid$" /-->
 
 	<securecookie host="^(?:\.devchannel|\.?remote|\.status|\.www)?\.modern\.ie$" name=".+" />
-	
-	
+
+
 	<rule from="^http://www\.modern\.ie/"
 		to="https://modern.ie/"/>
 
diff --git a/src/chrome/content/rules/Modern_Giver.xml b/src/chrome/content/rules/Modern_Giver.xml
index 39a78375659b..eabe3bd1f081 100644
--- a/src/chrome/content/rules/Modern_Giver.xml
+++ b/src/chrome/content/rules/Modern_Giver.xml
@@ -8,7 +8,7 @@
 <ruleset name="Modern Giver">
 
 	<target host="moderngiver.com" />
-	<target host="*.moderngiver.com" />
+	<target host="www.moderngiver.com" />
 	<target host="simplegiver.com" />
 	<target host="www.simplegiver.com" />
 
diff --git a/src/chrome/content/rules/Modernus.xml b/src/chrome/content/rules/Modernus.xml
index f6418a61ca28..ba0b434dfa74 100644
--- a/src/chrome/content/rules/Modernus.xml
+++ b/src/chrome/content/rules/Modernus.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Modicine.ru.xml b/src/chrome/content/rules/Modicine.ru.xml
new file mode 100644
index 000000000000..18c68d5cae92
--- /dev/null
+++ b/src/chrome/content/rules/Modicine.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Modicine.ru">
+	<target host="modicine.ru" />
+	<target host="www.modicine.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Modoee.com.xml b/src/chrome/content/rules/Modoee.com.xml
new file mode 100644
index 000000000000..5cc20ffb593c
--- /dev/null
+++ b/src/chrome/content/rules/Modoee.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Modoee.com">
+	<target host="modoee.com" />
+	<target host="www.modoee.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ModrsBook.com.xml b/src/chrome/content/rules/ModrsBook.com.xml
new file mode 100644
index 000000000000..1c6d47fd6b2e
--- /dev/null
+++ b/src/chrome/content/rules/ModrsBook.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ModrsBook.com">
+	<target host="modrsbook.com" />
+	<target host="www.modrsbook.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Modulus.io.xml b/src/chrome/content/rules/Modulus.io.xml
index 1078ba68b6b1..096a4db939ee 100644
--- a/src/chrome/content/rules/Modulus.io.xml
+++ b/src/chrome/content/rules/Modulus.io.xml
@@ -33,7 +33,7 @@ Fetch error: http://www.modulus.io/ => https://modulus.io/: (28, 'Connection tim
 		- .modulus.io
 
 -->
-<ruleset name="Modulus.io (partial)" default_off='failed ruleset test'>
+<ruleset name="Modulus.io (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mofobian.com.xml b/src/chrome/content/rules/Mofobian.com.xml
index 1898e534a45b..afeb08316ea1 100644
--- a/src/chrome/content/rules/Mofobian.com.xml
+++ b/src/chrome/content/rules/Mofobian.com.xml
@@ -1,14 +1,9 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="Mofobian.com (partial)">
+<ruleset name="Mofobian.com">
 
 	<target host="mofobian.com" />
 	<target host="www.mofobian.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(?:www\.)?mofobian\.com/(favicon\.ico|wp-content/|wp-includes/)"
-		to="https://secure.bluehost.com/~mofobian/$1" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moja.tatrabanka.sk.xml b/src/chrome/content/rules/Moja.tatrabanka.sk.xml
deleted file mode 100644
index 08b6699c27c9..000000000000
--- a/src/chrome/content/rules/Moja.tatrabanka.sk.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Moja.tatrabanka.sk">
-  <target host="moja.tatrabanka.sk" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MojoHaus.org.xml b/src/chrome/content/rules/MojoHaus.org.xml
new file mode 100644
index 000000000000..ca431159f954
--- /dev/null
+++ b/src/chrome/content/rules/MojoHaus.org.xml
@@ -0,0 +1,15 @@
+<ruleset name="MojoHaus.org">
+
+	<target host="mojohaus.org" />
+	<target host="www.mojohaus.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- 'no alternative certificate subject name matches target host name'
+	on https://mojohaus.org/, http://mojohaus.org/ redirects to http://www.mojohaus.org/ -->
+	<rule from="^http://mojohaus\.org/"
+		to="https://www.mojohaus.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mollom.xml b/src/chrome/content/rules/Mollom.xml
index e3b0fdcbe525..32765046c99c 100644
--- a/src/chrome/content/rules/Mollom.xml
+++ b/src/chrome/content/rules/Mollom.xml
@@ -19,7 +19,7 @@ Fetch error: http://wdc-api04.mollom.com/ => https://wdc-api04.mollom.com/: (28,
 		- xmlrpc2
 
 -->
-<ruleset name="Mollom.com" default_off='failed ruleset test'>
+<ruleset name="Mollom.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MomentusMedia.xml b/src/chrome/content/rules/MomentusMedia.xml
deleted file mode 100644
index d0fb085b2a08..000000000000
--- a/src/chrome/content/rules/MomentusMedia.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	(www.)?momentusmedia.com: Mismatched
-
--->
-<ruleset name="MomentusMedia.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secure.momentusmedia.com" />
-
-	<!--	Complications:
-				-->
-  <target host="momentusmedia.com" />
-  <target host="www.momentusmedia.com" />
-
-  <securecookie host="^(?:.+\.)?momentusmedia\.com$" name=".+" />
-
-  <rule from="^http://(?:www\.)?momentusmedia\.com/" to="https://secure.momentusmedia.com/"/>
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mommys_Little_Sunshine.com.xml b/src/chrome/content/rules/Mommys_Little_Sunshine.com.xml
deleted file mode 100644
index 8526ba88a068..000000000000
--- a/src/chrome/content/rules/Mommys_Little_Sunshine.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Some pages redirect to http.
-
-
-	Mixed content:
-
-		- favicon from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Mommys Little Sunshine.com (partial)">
-
-	<target host="mommyslittlesunshine.com" />
-	<target host="www.mommyslittlesunshine.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="http://mommyslittlesunshine\.com/+($|\?|cart/$|contact/$)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="http://mommyslittlesunshine\.com/+(favicon\.ico|images/|my-account($|[?/])|wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://(www\.)?mommyslittlesunshine\.com/(?=favicon\.ico|images/|my-account(?:$|[?/])|wp-content/|wp-includes/)"
-		to="https://$1mommyslittlesunshine.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Monarch.co.uk.xml b/src/chrome/content/rules/Monarch.co.uk.xml
index 0a3e5adb81a4..d54bfff89c49 100644
--- a/src/chrome/content/rules/Monarch.co.uk.xml
+++ b/src/chrome/content/rules/Monarch.co.uk.xml
@@ -5,10 +5,10 @@ Fetch error: http://monarch.co.uk/ => https://www.monarch.co.uk/: (60, 'SSL cert
 Fetch error: http://www.monarch.co.uk/ => https://www.monarch.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Monarch.co.uk" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Monarch.co.uk" platform="mixedcontent" default_off="failed ruleset test">
   <target host="monarch.co.uk" />
   <target host="www.monarch.co.uk" />
 
   <rule from="^http://(?:www\.)?monarch\.co\.uk/"
           to="https://www.monarch.co.uk/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Monash.edu.xml b/src/chrome/content/rules/Monash.edu.xml
index 597b048e75ec..8d99a635fd50 100644
--- a/src/chrome/content/rules/Monash.edu.xml
+++ b/src/chrome/content/rules/Monash.edu.xml
@@ -25,7 +25,7 @@ Non-2xx HTTP code: http://login.monash.edu/ (200) => https://login.monash.edu/ (
 		- Images on (www.)? from www.monash.edu.au
 
 -->
-<ruleset name="Monash.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Monash.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mondemp3.com.xml b/src/chrome/content/rules/Mondemp3.com.xml
index 472f332156ed..3e2d6f74284c 100644
--- a/src/chrome/content/rules/Mondemp3.com.xml
+++ b/src/chrome/content/rules/Mondemp3.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.mondemp3.com/ => https://www.mondemp3.com/: (51, "SSL: n
 Disabled by https-everywhere-checker because:
 Fetch error: http://mondemp3.com/ => https://mondemp3.com/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="mondemp3.com" default_off='failed ruleset test'>
+<ruleset name="mondemp3.com" default_off="failed ruleset test">
 
 	<target host="mondemp3.com" />
 	<target host="www.mondemp3.com" />
@@ -18,4 +18,4 @@ Fetch error: http://mondemp3.com/ => https://mondemp3.com/: (60, 'SSL certificat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Monetate.xml b/src/chrome/content/rules/Monetate.xml
index 6ffc20326ab0..622e460c38b2 100644
--- a/src/chrome/content/rules/Monetate.xml
+++ b/src/chrome/content/rules/Monetate.xml
@@ -17,14 +17,21 @@
 -->
 <ruleset name="Monetate (partial)">
 
-	<target host="*.monetate.net" />
-
-	<securecookie host="^.+\.monetate\.net$" name=".+" />
+	<target host="b.monetate.net" />
+	<target host="d.monetate.net" />
+	<target host="e.monetate.net" />
+	<target host="f.monetate.net" />
+	<target host="marketer.monetate.net" />
+	<target host="sb.monetate.net" />
+	<target host="sd.monetate.net" />
+	<target host="se.monetate.net" />
+	<target host="sf.monetate.net" />
+
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(b|d|e|f)\.monetate\.net/"
 		to="https://s$1.monetate.net/" />
 
-	<rule from="^http://(marketer|sb|sd|se|sf)\.monetate\.net/"
-		to="https://$1.monetate.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monex.co.jp.xml b/src/chrome/content/rules/Monex.co.jp.xml
index 4db72ede9ee0..7ec0ff98f108 100644
--- a/src/chrome/content/rules/Monex.co.jp.xml
+++ b/src/chrome/content/rules/Monex.co.jp.xml
@@ -21,7 +21,7 @@ Fetch error: http://its2.monex.co.jp/ => https://its2.monex.co.jp/: (28, 'Connec
 
 -->
 
-<ruleset name="Monex.co.jp" default_off='failed ruleset test'>
+<ruleset name="Monex.co.jp" default_off="failed ruleset test">
 
 	<target host="fs.monex.co.jp" />
 	<target host="fund.monex.co.jp" />
diff --git a/src/chrome/content/rules/Money.pl-falsemixed.xml b/src/chrome/content/rules/Money.pl-falsemixed.xml
index 9f6db888e632..93707b9568c1 100644
--- a/src/chrome/content/rules/Money.pl-falsemixed.xml
+++ b/src/chrome/content/rules/Money.pl-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://przetargi.money.pl/ => https://przetargi.money.pl/: Too many
 	For rules not causing false/broken MCB, see Money.pl.xml.
 
 -->
-<ruleset name="Money.pl (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Money.pl (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="firma.money.pl" />
 	<target host="fundusze-emerytalne.money.pl" />
diff --git a/src/chrome/content/rules/Money.pl.xml b/src/chrome/content/rules/Money.pl.xml
index 3771d1c05b7b..6236235aede9 100644
--- a/src/chrome/content/rules/Money.pl.xml
+++ b/src/chrome/content/rules/Money.pl.xml
@@ -127,7 +127,7 @@ Fetch error: http://www.money.pl/ => https://www.money.pl/: Too many redirects w
 	* Secured by us
 
 -->
-<ruleset name="Money.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="Money.pl (partial)" default_off="failed ruleset test">
 
 	<target host="adv.money.pl" />
 	<!--target host="agrobiznes.money.pl" /-->
diff --git a/src/chrome/content/rules/Money_Saving_Expert.com.xml b/src/chrome/content/rules/Money_Saving_Expert.com.xml
index 20a65365964f..10a1d51b5c0d 100644
--- a/src/chrome/content/rules/Money_Saving_Expert.com.xml
+++ b/src/chrome/content/rules/Money_Saving_Expert.com.xml
@@ -42,4 +42,4 @@
 	<rule from="^http://static\d?\.moneysavingexpert\.com/"
 		to="https://c950035.ssl.cf3.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moneybookers.xml b/src/chrome/content/rules/Moneybookers.xml
index 892e49d32d77..510c7efc7333 100644
--- a/src/chrome/content/rules/Moneybookers.xml
+++ b/src/chrome/content/rules/Moneybookers.xml
@@ -23,18 +23,16 @@
 -->
 <ruleset name="Moneybookers">
 
-	<target host="*.mbsvr.net" />
+	<target host="i1.mbsvr.net" />
+	<target host="i2.mbsvr.net" />
 	<target host="moneybookers.com" />
-	<target host="*.moneybookers.com" />
+	<target host="www.moneybookers.com" />
 
 
 	<securecookie host="^(?:.*\.)?moneybookers\.com$" name=".+" />
 
 
-	<rule from="^http://i(1|2)\.mbsvr\.net/"
-		to="https://i$1.mbsvr.net/" />
 
-	<rule from="^http://(www\.)?moneybookers\.com/"
-		to="https://$1moneybookers.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mongabay.com.xml b/src/chrome/content/rules/Mongabay.com.xml
index 2cb557b47d92..08986b5349ac 100644
--- a/src/chrome/content/rules/Mongabay.com.xml
+++ b/src/chrome/content/rules/Mongabay.com.xml
@@ -42,4 +42,4 @@
 	<rule from="^http://www\.supporter\.mongabay\.com/(?:\?.*)?$"
 		to="https://news.mongabay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MongoDB.com.xml b/src/chrome/content/rules/MongoDB.com.xml
index 6a335a107614..3c2f51f76eb2 100644
--- a/src/chrome/content/rules/MongoDB.com.xml
+++ b/src/chrome/content/rules/MongoDB.com.xml
@@ -12,6 +12,7 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="mongodb.com" />
+	<target host="api.mongodb.com" />
 	<target host="cloud.mongodb.com" />
 	<target host="education.mongodb.com" />
 	<target host="university.mongodb.com" />
diff --git a/src/chrome/content/rules/Monitis.com.xml b/src/chrome/content/rules/Monitis.com.xml
index edb459ebb302..17bfa8c0a9b0 100644
--- a/src/chrome/content/rules/Monitis.com.xml
+++ b/src/chrome/content/rules/Monitis.com.xml
@@ -28,10 +28,12 @@ Fetch error: http://monitis.com/ => https://www.monitis.com/: Cycle detected - U
 		- portal
 
 -->
-<ruleset name="monitis.com (partial)" default_off='failed ruleset test'>
+<ruleset name="monitis.com (partial)" default_off="failed ruleset test">
 
 	<target host="monitis.com" />
-	<target host="*.monitis.com" />
+	<target host="www.monitis.com" />
+	<target host="dashboard.monitis.com" />
+	<target host="portal.monitis.com" />
 
 
 	<securecookie host="^(?:dashboard|portal|www)\.monitis\.com$" name=".+" />
@@ -40,7 +42,6 @@ Fetch error: http://monitis.com/ => https://www.monitis.com/: Cycle detected - U
 	<rule from="^http://(?:www\.)?monitis\.com/"
 		to="https://www.monitis.com/" />
 
-	<rule from="^http://(dashboard|portal)\.monitis\.com/"
-		to="https://$1.monitis.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MonkeyBroker.net.xml b/src/chrome/content/rules/MonkeyBroker.net.xml
deleted file mode 100644
index 54ee72c09254..000000000000
--- a/src/chrome/content/rules/MonkeyBroker.net.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Cert mismatch:
-		- www.monkeybroker.net
-		- cdn.monkeybroker.net
-
-	Chain issues:
-		- mb-stage.monkeybroker.net
-
-	Timeout:
-		- monkeybroker.net
--->
-<ruleset name="MonkeyBroker.net (partial)" >
-
-	<target host="sv.monkeybroker.net" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Monkeyking.ch.xml b/src/chrome/content/rules/Monkeyking.ch.xml
deleted file mode 100644
index a6b1526e6437..000000000000
--- a/src/chrome/content/rules/Monkeyking.ch.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Monkeyking.ch">
-	<target host="monkeyking.ch" />
-	<target host="www.monkeyking.ch" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Monkeys-Audio.xml b/src/chrome/content/rules/Monkeys-Audio.xml
deleted file mode 100644
index 15a6ce3bb0f2..000000000000
--- a/src/chrome/content/rules/Monkeys-Audio.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Monkey’s Audio" default_off="mismatched">
-
-	<target host="ashlands.net"/>
-	<target host="*.ashlands.net"/>
-	<target host="monkeysaudio.com"/>
-	<target host="www.monkeysaudio.com"/>
-
-	<rule from="^http://(?:www\.)?ashlands\.net/"
-		to="https://ashlands.net/~monkeys6/"/>
-
-	<rule from="^http://audio\.ashlands\.net/"
-		to="https://audio.ashlands.net/~monkeys6/monkeysaudio/"/>
-
-	<rule from="^http://(?:www\.)monkeysaudio\.com/"
-		to="https://audio.ashlands.net/~monkeys6/monkeysaudio/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/MonkeysAudio.com.xml b/src/chrome/content/rules/MonkeysAudio.com.xml
new file mode 100644
index 000000000000..122885ffc919
--- /dev/null
+++ b/src/chrome/content/rules/MonkeysAudio.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Other MonkeysAudio.com related rulesets:
+		+ Ashlands.net.xml
+-->
+<ruleset name="MonkeysAudio.com">
+	<target host="monkeysaudio.com"/>
+	<target host="www.monkeysaudio.com"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/Monmouthshire.gov.uk.xml b/src/chrome/content/rules/Monmouthshire.gov.uk.xml
index 6db9b1b8f067..0cc3b3f4d110 100644
--- a/src/chrome/content/rules/Monmouthshire.gov.uk.xml
+++ b/src/chrome/content/rules/Monmouthshire.gov.uk.xml
@@ -39,7 +39,7 @@ Fetch error: http://www.monmouthshire.gov.uk/ => https://www.monmouthshire.gov.u
 	ˢ Secured by us
 
 -->
-<ruleset name="Monmouthshire.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Monmouthshire.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="monmouthshire.gov.uk" />
 	<target host="forms.monmouthshire.gov.uk" />
diff --git a/src/chrome/content/rules/Mono-project.xml b/src/chrome/content/rules/Mono-project.xml
new file mode 100644
index 000000000000..72ae0e3c3121
--- /dev/null
+++ b/src/chrome/content/rules/Mono-project.xml
@@ -0,0 +1,12 @@
+<ruleset name="Mono project">
+	<target host="mono-project.com" />
+	<target host="www.mono-project.com" />
+	<target host="download.mono-project.com" />
+	<target host="jenkins.mono-project.com" />
+	<target host="news.mono-project.com" />
+	<target host="origin-download.mono-project.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Monoprice.xml b/src/chrome/content/rules/Monoprice.xml
index 15f55d8fd26c..d05d020d9906 100644
--- a/src/chrome/content/rules/Monoprice.xml
+++ b/src/chrome/content/rules/Monoprice.xml
@@ -5,7 +5,8 @@
 <ruleset name="Monoprice">
 
 	<target host="monoprice.com" />
-	<target host="*.monoprice.com" />
+	<target host="www.monoprice.com" />
+	<target host="images.monoprice.com" />
 
 
 	<securecookie host="^(?:www)?\.monoprice\.com$" name=".+" />
@@ -14,7 +15,6 @@
 	<rule from="^http://(?:www\.)?monoprice\.com/"
 		to="https://www.monoprice.com/" />
 
-	<rule from="^http://images\.monoprice\.com/"
-		to="https://images.monoprice.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Monotype-Imaging.xml b/src/chrome/content/rules/Monotype-Imaging.xml
index b174aa25c398..ed34a92281e1 100644
--- a/src/chrome/content/rules/Monotype-Imaging.xml
+++ b/src/chrome/content/rules/Monotype-Imaging.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Monotype Imaging rulesets:
 
-		- AscenderFonts.com.xml
 		- FontMarketplace.com.xml
 		- Fonts.com.xml
 		- Fonts.net.xml
diff --git a/src/chrome/content/rules/Monsoon.xml b/src/chrome/content/rules/Monsoon.xml
index be890ffb1fdc..76b9f51b6bd5 100644
--- a/src/chrome/content/rules/Monsoon.xml
+++ b/src/chrome/content/rules/Monsoon.xml
@@ -9,7 +9,8 @@
 -->
 <ruleset name="Monsoon (partial)">
 
-	<target host="*.monsoon.co.uk" />
+	<target host="media.monsoon.co.uk" />
+	<target host="uk.monsoon.co.uk" />
 
 
 	<rule from="^http://media\.monsoon\.co\.uk/"
diff --git a/src/chrome/content/rules/Monster.com.xml b/src/chrome/content/rules/Monster.com.xml
index d34849769f2d..2582874635c0 100644
--- a/src/chrome/content/rules/Monster.com.xml
+++ b/src/chrome/content/rules/Monster.com.xml
@@ -1,27 +1,30 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cookie.monster.com/ => https://cookie.monster.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://oas.monster.com/ => https://oas.monster.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	Other Monster rulesets:
 
 		- Admissions.com.xml
-		- Art_Schools.com.xml
-		- Cooking_Schools.com.xml
 		- Fastweb.com.xml
-		- MyResumeAgent.com.xml
 		- Newjobs.com.xml
 
 	Invalid certificate:
-			- advertising 
-			- career-services 
-			- inside 
-			- jdn 
-			- my 
-			- partner 
-			- promotion 
-			- resume 
+			- advertising
+			- career-services
+			- inside
+			- jdn
+			- my
+			- partner
+			- promotion
+			- resume
 	Time out:
-			- chat 
-			- company 
-			- jobs 
-			- jobsearch 
+			- chat
+			- company
+			- jobs
+			- jobsearch
 	Redirect to http:
 			- ^
 			- answers
@@ -32,11 +35,11 @@
 
 	<target host="monster.com" />
 	<target host="www.monster.com" />
-	<target host="cookie.monster.com" />
+	<!-- target host="cookie.monster.com" /-->
 	<target host="hiring.monster.com" />
 	<target host="login.monster.com" />
 	<target host="media.monster.com" />
-	<target host="oas.monster.com" />
+	<!-- target host="oas.monster.com" /-->
 
 	<securecookie host="^\.monster\.com$" name="^(OAX|v1st|WT_FPC)$" />
 	<securecookie host="^(cookie|login|oas)\.monster\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MonsterDivx.com.xml b/src/chrome/content/rules/MonsterDivx.com.xml
deleted file mode 100644
index 6f38a39d4039..000000000000
--- a/src/chrome/content/rules/MonsterDivx.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- foros		(shows www)
-
--->
-<ruleset name="MonsterDivx.com (partial)">
-
-	<target host="monsterdivx.com" />
-	<target host="www.monsterdivx.com" />
-
-
-	<securecookie host="^monsterdivx\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Monster_WoW.xml b/src/chrome/content/rules/Monster_WoW.xml
index b84a115de4f9..417b4a6ccbaf 100644
--- a/src/chrome/content/rules/Monster_WoW.xml
+++ b/src/chrome/content/rules/Monster_WoW.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://forum.monster-wow.com/ => https://forum.monster-wow.com/: Too many redirects while fetching 'https://forum.monster-wow.com/'
 
 -->
-<ruleset name="Monster WoW" default_off='failed ruleset test'>
+<ruleset name="Monster WoW" default_off="failed ruleset test">
 
 	<target host="monster-wow.com" />
 	<target host="armory.monster-wow.com" />
@@ -12,9 +12,9 @@ Fetch error: http://forum.monster-wow.com/ => https://forum.monster-wow.com/: To
 	<target host="www.monster-wow.com" />
 
 
-	<securecookie host="^(?:.*\.)?monster-wow\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Monthly_Review.org.xml b/src/chrome/content/rules/Monthly_Review.org.xml
index abb6e08ec287..cfb91fb8d51e 100644
--- a/src/chrome/content/rules/Monthly_Review.org.xml
+++ b/src/chrome/content/rules/Monthly_Review.org.xml
@@ -21,7 +21,7 @@ Fetch error: http://mrzine.monthlyreview.org/ => https://mrzine.monthlyreview.or
 	* Secured by us
 
 -->
-<ruleset name="Monthly Review.org" default_off='failed ruleset test'>
+<ruleset name="Monthly Review.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Monty_Program.xml b/src/chrome/content/rules/Monty_Program.xml
index 9fce947d2630..d9b68d7d02c3 100644
--- a/src/chrome/content/rules/Monty_Program.xml
+++ b/src/chrome/content/rules/Monty_Program.xml
@@ -5,7 +5,7 @@
 	Other Monty Program rulesets:
 
 		- AskMonty.xml
-		- MariaDB.xml
+		- MariaDB.org.xml
 
 
 	Problematic subdomains:
diff --git a/src/chrome/content/rules/MoodSmith.com.xml b/src/chrome/content/rules/MoodSmith.com.xml
index 5ced8fe16b0c..48194938915f 100644
--- a/src/chrome/content/rules/MoodSmith.com.xml
+++ b/src/chrome/content/rules/MoodSmith.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moodle.net-problematic.xml b/src/chrome/content/rules/Moodle.net-problematic.xml
index 0421e5d7a966..2eb77107c9da 100644
--- a/src/chrome/content/rules/Moodle.net-problematic.xml
+++ b/src/chrome/content/rules/Moodle.net-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Moodle.net.xml.
 
 -->
-<ruleset name="Moodle.net (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="Moodle.net (missing certificate chain)" default_off="cert-chain">
 
 	<target host="messages.moodle.net" />
 
diff --git a/src/chrome/content/rules/MoonScript.org.xml b/src/chrome/content/rules/MoonScript.org.xml
new file mode 100644
index 000000000000..6dec8de0df90
--- /dev/null
+++ b/src/chrome/content/rules/MoonScript.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- dc-a6e751df4fc0
+		- rocks
+-->
+<ruleset name="MoonScript.org">
+	<target host="moonscript.org" />
+	<target host="www.moonscript.org" />
+	<target host="rocks.moonscript.org" />
+
+	<rule from="^http://rocks\.moonscript\.org/" to="https://luarocks.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moonfruit.com.xml b/src/chrome/content/rules/Moonfruit.com.xml
index a98b7b7d2f47..36ae0324e75b 100644
--- a/src/chrome/content/rules/Moonfruit.com.xml
+++ b/src/chrome/content/rules/Moonfruit.com.xml
@@ -19,14 +19,14 @@
 <ruleset name="Moonfruit.com (partial)">
 
 	<target host="moonfruit.com" />
-	<target host="*.moonfruit.com" />
+	<target host="www.moonfruit.com" />
+	<target host="secure.moonfruit.com" />
 		<!--exclusion pattern="http://ubt\.moonfruit\.com" /-->
 
 
 	<rule from="^http://(?:www\.)?moonfruit\.com/"
 		to="https://www.moonfruit.com/" />
 
-	<rule from="^http://secure\.moonfruit\.com/"
-		to="https://secure.moonfruit.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mooshi.com.au.xml b/src/chrome/content/rules/Mooshi.com.au.xml
deleted file mode 100644
index 55bfd388bf3f..000000000000
--- a/src/chrome/content/rules/Mooshi.com.au.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Mooshi.com.au (partial)">
-
-	<target host="mooshi.com.au" />
-	<target host="www.mooshi.com.au" />
-
-
-	<rule from="^http://(www\.)?mooshi\.com\.au/(\?ai1ec_render_css=|(?:my-account|pay)(?:$|\?|/)|wp-content/)"
-		to="https://$1mooshi.com.au/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Moot.it.xml b/src/chrome/content/rules/Moot.it.xml
index f99f3b6c6237..da5a5f80bad0 100644
--- a/src/chrome/content/rules/Moot.it.xml
+++ b/src/chrome/content/rules/Moot.it.xml
@@ -21,7 +21,10 @@
 <ruleset name="Moot.it">
 
 	<target host="moot.it" />
-	<target host="*.moot.it" />
+	<target host="api.moot.it" />
+	<target host="www.moot.it" />
+	<target host="cdn.moot.it" />
+	<target host="origin.moot.it" />
 
 
 	<securecookie host="^moot\.it$" name=".+" />
@@ -33,4 +36,4 @@
 	<rule from="^http://(?:cd|origi)n\.moot\.it/"
 		to="https://cdn.moot.it/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MootiPass.com.xml b/src/chrome/content/rules/MootiPass.com.xml
deleted file mode 100644
index 45be926b9b43..000000000000
--- a/src/chrome/content/rules/MootiPass.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MootiPass.com">
-	<target host="mootipass.com" />
-	<target host="www.mootipass.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Moovweb.xml b/src/chrome/content/rules/Moovweb.xml
index fb87e4101537..be0af42a846b 100644
--- a/src/chrome/content/rules/Moovweb.xml
+++ b/src/chrome/content/rules/Moovweb.xml
@@ -23,8 +23,11 @@
 <ruleset name="Moovweb (partial)">
 
 	<target host="moovweb.com" />
-	<target host="*.moovweb.com" />
-	<target host="*.moovweb.net" />
+	<target host="www.moovweb.com" />
+	<target host="console.moovweb.com" />
+	<target host="help.moovweb.com" />
+	<target host="assets.moovweb.net" />
+	<target host="cloud.moovweb.net" />
 
 
 	<securecookie host="^(?:help)?\.moovweb\.com$" name=".+" />
@@ -33,10 +36,7 @@
 	<rule from="^http://(?:www\.)?moovweb\.com/"
 		to="https://www.moovweb.com/" />
 
-	<rule from="^http://(console|help)\.moovweb\.com/"
-		to="https://$1.moovweb.com/" />
 
-	<rule from="^http://(assets|cloud)\.moovweb\.net/"
-		to="https://$1.moovweb.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moreover-Technologies.xml b/src/chrome/content/rules/Moreover-Technologies.xml
index 5d40df258279..953a3335397a 100644
--- a/src/chrome/content/rules/Moreover-Technologies.xml
+++ b/src/chrome/content/rules/Moreover-Technologies.xml
@@ -6,13 +6,12 @@
 -->
 <ruleset name="Moreover Technologies (partial)">
 
-	<target host="*.moreover.com" />
+	<target host="newsdesk4.moreover.com" />
 
 
 	<securecookie host="^newsdesk4\.moreover\.com$" name=".+" />
 
 
-	<rule from="^http://(c|newsdesk4)\.moreover\.com/"
-		to="https://$1.moreover.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Morning_Star_Online.co.uk.xml b/src/chrome/content/rules/Morning_Star_Online.co.uk.xml
index 77709788b5e3..c01e45c3c6f2 100644
--- a/src/chrome/content/rules/Morning_Star_Online.co.uk.xml
+++ b/src/chrome/content/rules/Morning_Star_Online.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://shop.morningstaronline.co.uk/ => https://shop.morningstaronl
 	* Secured by us
 
 -->
-<ruleset name="Morning Star Online.co.uk" default_off='failed ruleset test'>
+<ruleset name="Morning Star Online.co.uk" default_off="failed ruleset test">
 
 	<target host="morningstaronline.co.uk" />
 	<target host="shop.morningstaronline.co.uk" />
diff --git a/src/chrome/content/rules/Moroccan-Bazaar.xml b/src/chrome/content/rules/Moroccan-Bazaar.xml
deleted file mode 100644
index d19f77e8bef3..000000000000
--- a/src/chrome/content/rules/Moroccan-Bazaar.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Moroccan Bazaar">
-
-	<target host="moroccanbazaar.co.uk" />
-	<target host="www.moroccanbazaar.co.uk" />
-
-	<securecookie host="^(?:.*\.)?moroccanbazaar\.co\.uk$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Morphis.com.xml b/src/chrome/content/rules/Morphis.com.xml
index d7560a57d1cb..a07cfa979635 100644
--- a/src/chrome/content/rules/Morphis.com.xml
+++ b/src/chrome/content/rules/Morphis.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.morphis.com/ => https://morphis.com/: (51, "SSL: no alte
 	www.morphis.com: Mismatched
 
 -->
-<ruleset name="Morphis.com" default_off='failed ruleset test'>
+<ruleset name="Morphis.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Morrisons.xml b/src/chrome/content/rules/Morrisons.xml
index 44c89cf34705..d95974262029 100644
--- a/src/chrome/content/rules/Morrisons.xml
+++ b/src/chrome/content/rules/Morrisons.xml
@@ -50,9 +50,15 @@ Fetch error: http://morrisons.com/ => https://morrisons.com/: (60, 'SSL certific
 <ruleset name="Morrisons">
 
 	<target host="morrisons.co.uk" />
-	<target host="*.morrisons.co.uk" />
+	<target host="www.morrisons.co.uk" />
+	<target host="admin.morrisons.co.uk" />
+	<target host="groceries.morrisons.co.uk" />
+	<target host="your.morrisons.co.uk" />
 	<target host="morrisons.com" />
-	<target host="*.morrisons.com" />
+	<target host="admin.morrisons.com" />
+	<target host="groceries.morrisons.com" />
+	<target host="your.morrisons.com" />
+	<target host="www.morrisons.com" />
 
 
 	<securecookie host="^(?:\.?groceries|\.?your)?\.morrisons\.com$" name=".+" />
@@ -64,7 +70,6 @@ Fetch error: http://morrisons.com/ => https://morrisons.com/: (60, 'SSL certific
 	<rule from="^http://(admin|groceries|your)\.morrisons\.co(?:\.uk|m)/"
 		to="https://$1.morrisons.com/" />
 
-	<rule from="^http://(www\.)?morrisons\.com/"
-		to="https://$1morrisons.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Morrisons_Cellar.com.xml b/src/chrome/content/rules/Morrisons_Cellar.com.xml
index 5a83436dba53..1faeb8894500 100644
--- a/src/chrome/content/rules/Morrisons_Cellar.com.xml
+++ b/src/chrome/content/rules/Morrisons_Cellar.com.xml
@@ -18,11 +18,11 @@ Fetch error: http://morrisonscellar.com/ => https://morrisonscellar.com/webapp/w
 	* Secured by us
 
 -->
-<ruleset name="Morrisons Cellar.com" default_off='failed ruleset test'>
+<ruleset name="Morrisons Cellar.com" default_off="failed ruleset test">
 
 	<target host="morrisonscellar.com" />
 	<target host="*.morrisonscellar.com" />
-		
+
 
 	<securecookie host="^www\.morrisonscellar\.com$" name=".+" />
 
diff --git a/src/chrome/content/rules/Mosh.org.xml b/src/chrome/content/rules/Mosh.org.xml
new file mode 100644
index 000000000000..571203759165
--- /dev/null
+++ b/src/chrome/content/rules/Mosh.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mosh.org">
+
+	<target host="mosh.org" />
+	<target host="www.mosh.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moshimonsters.com.xml b/src/chrome/content/rules/Moshimonsters.com.xml
new file mode 100644
index 000000000000..470a19b338b1
--- /dev/null
+++ b/src/chrome/content/rules/Moshimonsters.com.xml
@@ -0,0 +1,24 @@
+<!--
+    Non-functional hosts:
+        Timeout:
+        - admin.moshimonsters.com
+        - jam.moshimonsters.com	
+        
+        SSL peer certificate was not OK:
+        - origin.moshimonsters.com
+        - store.moshimonsters.com
+        - static.moshimonsters.com
+        - forums.moshimonsters.com
+        - news.moshimonsters.com
+        - service.moshimonsters.com
+        - api.moshimonsters.com
+-->
+<ruleset name="Moshimonsters.com">
+    <target host="moshimonsters.com" />
+    <target host="www.moshimonsters.com" />
+    <target host="secure.moshimonsters.com" />
+
+    <rule from="^http:" to="https:" />
+
+    <securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moswarat.com.xml b/src/chrome/content/rules/Moswarat.com.xml
new file mode 100644
index 000000000000..9e3da3cdc6dd
--- /dev/null
+++ b/src/chrome/content/rules/Moswarat.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Moswarat.com">
+	<target host="moswarat.com" />
+	<target host="www.moswarat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MotherJones.com.xml b/src/chrome/content/rules/MotherJones.com.xml
index 82112b74f093..38010bc5a8bc 100644
--- a/src/chrome/content/rules/MotherJones.com.xml
+++ b/src/chrome/content/rules/MotherJones.com.xml
@@ -1,35 +1,15 @@
 <!--
-	CDN buckets:
-
-		- mjassets.s3.amazonaws.com
-			- assets.motherjones.com
-
-		- mjcdn.s3.amazonaws.com
-			- mjcdn.motherjones.com
-
-		- wildcard.motherjones.com.edgekey.net
-		- assets.motherjones.com.edgesuite.net
-		- mjcdn.motherjones.com.edgesuite.net
-
+	Non-functional hosts
+		Certificate Mismatched:
+		- mjcdn.motherjones.com
 -->
-<ruleset name="MotherJones.com (partial)">
-
+<ruleset name="MotherJones.com">
 	<target host="motherjones.com" />
-	<target host="*.motherjones.com" />
-
-
-	<!--	At least some pages 302 to http.
-						-->
-	<rule from="^http://(www\.)?motherjones\.com/(files|misc|sites|transition)/"
-		to="https://$1motherjones.com/$2/" />
-
-	<rule from="^http://(?:(assets)|mj(cdn))\.motherjones\.com/"
-		to="https://mj$1$2.s3.amazonaws.com/" />
-
-	<rule from="^http://oascentral\.motherjones\.com/"
-		to="https://oasc11a.247realmedia.com/" />
-
-	<rule from="^http://secure\.motherjones\.com/"
-		to="https://secure.motherjones.com/" />
+	<target host="www.motherjones.com" />
+	<target host="assets.motherjones.com" />
+	<target host="preprod.motherjones.com" />
+	<target host="secure.motherjones.com" />
+	<target host="store.motherjones.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Motherpipe.co.uk.xml b/src/chrome/content/rules/Motherpipe.co.uk.xml
index f63bc554269b..bd4a8a0fce3b 100644
--- a/src/chrome/content/rules/Motherpipe.co.uk.xml
+++ b/src/chrome/content/rules/Motherpipe.co.uk.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.motherpipe.co.uk/ => https://www.motherpipe.co.uk/: (28,
 		- Motherpipe.com.xml
 
 -->
-<ruleset name="Motherpipe.co.uk" default_off='failed ruleset test'>
+<ruleset name="Motherpipe.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Motherpipe.com.xml b/src/chrome/content/rules/Motherpipe.com.xml
index 5565546526ec..1b28da2551f4 100644
--- a/src/chrome/content/rules/Motherpipe.com.xml
+++ b/src/chrome/content/rules/Motherpipe.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://search.motherpipe.com/ => https://search.motherpipe.com/: (2
 	(www.)?motherpipe.com: Refused
 
 -->
-<ruleset name="Motherpipe.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Motherpipe.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Motley-Fool-Australia.xml b/src/chrome/content/rules/Motley-Fool-Australia.xml
new file mode 100644
index 000000000000..732ac8fc59bc
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Australia.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Australia">
+
+	<target host="fool.com.au" />
+	<target host="www.fool.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Canada.xml b/src/chrome/content/rules/Motley-Fool-Canada.xml
new file mode 100644
index 000000000000..0f2910925785
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Canada.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Canada">
+
+	<target host="fool.ca" />
+	<target host="www.fool.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Germany.xml b/src/chrome/content/rules/Motley-Fool-Germany.xml
new file mode 100644
index 000000000000..014c1c853f46
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Germany.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Germany">
+
+	<target host="fool.de" />
+	<target host="www.fool.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-Singapore.xml b/src/chrome/content/rules/Motley-Fool-Singapore.xml
new file mode 100644
index 000000000000..33ef4fe9cc8f
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-Singapore.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+-->
+<ruleset name="The Motley Fool Singapore">
+
+	<target host="fool.sg" />
+	<target host="www.fool.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool-UK.xml b/src/chrome/content/rules/Motley-Fool-UK.xml
new file mode 100644
index 000000000000..c911aa461732
--- /dev/null
+++ b/src/chrome/content/rules/Motley-Fool-UK.xml
@@ -0,0 +1,26 @@
+<!--
+	For other Motley Fool related rulesets, see Motley-Fool.xml
+
+
+	Non-functional subdomains:
+		- beta	(m)
+		- boards	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="The Motley Fool UK">
+
+	<target host="fool.co.uk" />
+	<target host="www.fool.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Motley-Fool.xml b/src/chrome/content/rules/Motley-Fool.xml
index 61929f68b76d..db7d54a0886a 100644
--- a/src/chrome/content/rules/Motley-Fool.xml
+++ b/src/chrome/content/rules/Motley-Fool.xml
@@ -1,74 +1,73 @@
 <!--
-	For rules causing false/broken MCB, see Fool.com-falsemixed.xml.
-
-
-	Problematic domains:
-
-		- wiki.fool.com *
-
-	* Mixed css from www.fool.com
-
-
-	Partially covered domains:
-
-		- wiki.fool.com *
-
-	* Avoiding mixed css from www.fool.com
-
-
-	Mixed content:
-
-		- css on wiki.fool.com from www.fool.com *
-
-		- Images, on:
-
-			- wiki.fool.com from www.fool.com *
-			- wiki.fool.com from g.foolcdn.com *
-
-	* Secured by us
-
+	Other related rulesets:
+		- Fool-CDN.com.xml
+		- Motley-Fool-Australia.xml
+		- Motley-Fool-Canada.xml
+		- Motley-Fool-Germany.xml
+		- Motley-Fool-Singapore.xml
+		- Motley-Fool-UK.xml
+
+
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- bbnvoting	(t)
+		- boards	(h)
+		- caps		(h)
+		- staging.fool-iq	(m)
+		- insight	(e)
+		- test.investigator	(m)
+		- m		(h)
+		- mockup.m	(m)
+		- my	(h)
+		- offers	(m)
+		- passwordreset	(m)
+		- social	(m)
+		- staging.tmf-mobile-api	(m)
+		- staging.www	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has wildcard dns.
 -->
-<ruleset name="The Motley Fool (partial)" default_off="breaks images">
-
-	<target host="fool.com"/>
-	<!-- /g.:	Akamai	-->
-	<target host="*.fool.com"/>
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://wiki\.fool\.com/+(?!wiki/(?:extension|skin)s/)" />
-	<target host="fool.com.au"/>
-	<target host="*.fool.com.au"/>
-	<target host="fool.co.uk"/>
-	<target host="*.fool.co.uk"/>
-	<target host="*.foolcdn.com"/>
-	
-
-	<!--	Incapsula cookies:
-					-->
-	<securecookie host="\.foolcdn\.com$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
-	<securecookie host="^s\.foolcdn\.com$" name=".+" />
-
-
-	<rule from="^http://fool\.com/"
-		to="https://www.fool.com/"/>
-
-	<rule from="^http://www\.fool\.co(m|m\.au|\.uk)/(ads/|author/|Foolwatch/|help/|img/|Landing/|marketing/|PopUps/|press/|Scripts/|secure/|shop/|tracking/)"
-		to="https://www.fool.co$1/$2"/>
-
-	<rule from="^http://boards\.fool\.com/(Css/|\w+\.aspx$)"
-		to="https://boards.fool.com/$1"/>
-
-	<rule from="^http://caps\.fool\.com/(Blogs|Ticker/)"
-		to="https://caps.fool.com/$1"/>
-
-	<rule from="^http://my\.fool\.com/"
-		to="https://my.fool.com/"/>
-
-	<rule from="^http://[gs]\.fool(?:cdn)?\.co(m|m\.au|\.uk)/"
-		to="https://s.foolcdn.co$1/"/>
-
-	<rule from="^http://wiki\.fool\.com/"
-		to="https://wiki.fool.com/"/>
-
+<ruleset name="The Motley Fool">
+
+	<target host="fool.com" />
+	<target host="www.fool.com" />
+	<target host="api.fool.com" />
+	<target host="beta.fool.com" />
+	<target host="careers.fool.com" />
+	<target host="cms.fool.com" />
+	<target host="consenter-center-de.fool.com" />
+	<target host="staging.consenter-center-de.fool.com" />
+	<target host="consenter-center-uk.fool.com" />
+	<target host="staging.consenter-center-uk.fool.com" />
+	<target host="culture.fool.com" />
+	<target host="disclosure.fool.com" />
+	<target host="farmteam.fool.com" />
+	<target host="feeds.fool.com" />
+	<target host="g.fool.com" />
+	<target host="infotron.fool.com" />
+	<target host="infotron-admin.fool.com" />
+	<target host="infotron-splitter.fool.com" />
+	<target host="infotron-track.fool.com" />
+	<target host="iq.fool.com" />
+	<target host="newsletters.fool.com" />
+	<target host="onesupport.fool.com" />
+	<target host="scorecard.fool.com" />
+	<target host="supernovasupport.fool.com" />
+	<target host="support.fool.com" />
+	<target host="tmf-mobile-api.fool.com" />
+	<target host="wiki.fool.com" />
+	<target host="preview.www.fool.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Moto-G.com.xml b/src/chrome/content/rules/Moto-G.com.xml
index ae84e1432631..d05a2f0fc8ff 100644
--- a/src/chrome/content/rules/Moto-G.com.xml
+++ b/src/chrome/content/rules/Moto-G.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.moto-g.com/ => https://www.moto-g.com/: (60, 'SSL certif
 		- ^	(dropped)
 
 -->
-<ruleset name="Moto-G.com" default_off='failed ruleset test'>
+<ruleset name="Moto-G.com" default_off="failed ruleset test">
 
 	<target host="moto-g.com" />
 	<target host="www.moto-g.com" />
diff --git a/src/chrome/content/rules/Motorola.xml b/src/chrome/content/rules/Motorola.xml
index 5371ca8cf749..96666e132ced 100644
--- a/src/chrome/content/rules/Motorola.xml
+++ b/src/chrome/content/rules/Motorola.xml
@@ -67,7 +67,7 @@ Non-2xx HTTP code: http://www.motorola.de/ (200) => https://www.motorola.de/ (40
 	* Secured by us
 
 -->
-<ruleset name="Motorola (partial)" default_off='failed ruleset test'>
+<ruleset name="Motorola (partial)" default_off="failed ruleset test">
 
 	<target host="*.motorola.com" />
 		<exclusion pattern="^http://(?:www\.)?motorola\.com/(?:Business|staticfiles)/" />
@@ -79,7 +79,7 @@ Non-2xx HTTP code: http://www.motorola.de/ (200) => https://www.motorola.de/ (40
 
 	<securecookie host="^(?:globalrepairtools|mediacenter|membership)\.motorola\.com$" name=".+" />
 	<securecookie host="^mediacenter\.motorolasolutions\.com$" name=".+" />
-	
+
 	<test url="http://motorola.com/" />
 	<test url="http://www.motorola.com/" />
 
@@ -87,19 +87,19 @@ Non-2xx HTTP code: http://www.motorola.de/ (200) => https://www.motorola.de/ (40
 	<test url="http://globalrepairtools.motorola.com/" />
 	<test url="http://mediacenter.motorola.com/" />
 	<test url="http://sdc.motorola.com/" />
-	
+
 	<test url="http://mediacenter.motorolasolutions.com/" />
-	
+
 	<test url="http://www.motorola.com/Business/" />
 	<test url="http://www.motorola.com/staticfiles/" />
 	<test url="http://motorola.com/staticfiles/" />
-	
+
 	<rule from="^http://motorolasolutions\.com/"
 		to="https://www.motorolasolutions.com/" />
-	
+
 	<rule from="^http://motorola\.com/"
 		to="https://www.motorola.com/" />
-		
+
 	<rule from="^http:" to="https:" />
 
 	<rule from="^http://(?:www\.)?motorolasolutions\.com/web/"
diff --git a/src/chrome/content/rules/Motorola_Trade_Up.xml b/src/chrome/content/rules/Motorola_Trade_Up.xml
index 6d4760e2d50a..efdfbc5305c6 100644
--- a/src/chrome/content/rules/Motorola_Trade_Up.xml
+++ b/src/chrome/content/rules/Motorola_Trade_Up.xml
@@ -11,10 +11,10 @@ Fetch error: http://mototradeup.com/ => https://www.mototradeup.com/: (60, 'SSL
 	!www: mismatched, CN: mac.fairbanksllc.com
 
 -->
-<ruleset name="Motorola Trade Up" default_off='failed ruleset test'>
+<ruleset name="Motorola Trade Up" default_off="failed ruleset test">
 
 	<target host="mototradeup.com" />
-	<target host="*.mototradeup.com" />
+	<target host="www.mototradeup.com" />
 
 
 	<securecookie host="^\.mototradeup\.com$" name=".+" />
@@ -23,4 +23,4 @@ Fetch error: http://mototradeup.com/ => https://www.mototradeup.com/: (60, 'SSL
 	<rule from="^http://(?:www\.)?mototradeup\.com/"
 		to="https://www.mototradeup.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Motricity.xml b/src/chrome/content/rules/Motricity.xml
index 9d7656bc0b58..e6f314745c7d 100644
--- a/src/chrome/content/rules/Motricity.xml
+++ b/src/chrome/content/rules/Motricity.xml
@@ -12,7 +12,7 @@ Fetch error: http://webshared.mcore.com/ => https://webshared.mcore.com/: (6, 'C
 		- sry.it.mcore.com
 
 -->
-<ruleset name="Motricity (partial)" default_off='failed ruleset test'>
+<ruleset name="Motricity (partial)" default_off="failed ruleset test">
 
 	<target host="alltel.web.mcore.com" />
 	<target host="webshared.mcore.com" />
@@ -20,4 +20,4 @@ Fetch error: http://webshared.mcore.com/ => https://webshared.mcore.com/: (6, 'C
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mount_Sinai.org.xml b/src/chrome/content/rules/Mount_Sinai.org.xml
index 1c2c15cbfe7a..9cd932537ba9 100644
--- a/src/chrome/content/rules/Mount_Sinai.org.xml
+++ b/src/chrome/content/rules/Mount_Sinai.org.xml
@@ -30,13 +30,14 @@
 <ruleset name="Mount Sinai.org">
 
 	<target host="mountsinai.org" />
-	<target host="*.mountsinai.org" />
+	<target host="mychart.mountsinai.org" />
+	<target host="philanthropy.mountsinai.org" />
+	<target host="www.mountsinai.org" />
 
 
 	<securecookie host="^(?:(?:mychart|philanthropy|www)\.)?mountsinai\.org$" name=".+" />
 
 
-	<rule from="^http://((?:mychart|philanthropy|www)\.)?mountsinai\.org/"
-		to="https://$1mountsinai.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MountaineeringMethodology.com.xml b/src/chrome/content/rules/MountaineeringMethodology.com.xml
new file mode 100644
index 000000000000..d3dcce65694d
--- /dev/null
+++ b/src/chrome/content/rules/MountaineeringMethodology.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Active mixed content:
+		- www.mountaineeringmethodology.com
+-->
+
+<ruleset name="MountaineeringMethodology.com" platform="mixedcontent">
+	<target host="mountaineeringmethodology.com" />
+	<target host="www.mountaineeringmethodology.com" />
+	<target host="cms.mountaineeringmethodology.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mountspace.com.xml b/src/chrome/content/rules/Mountspace.com.xml
deleted file mode 100644
index 9e866b341858..000000000000
--- a/src/chrome/content/rules/Mountspace.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.mountspace.com/ => https://www.mountspace.com/: (7, 'Failed to connect to www.mountspace.com port 443: Connection refused')
-Fetch error: http://mountspace.com/ => https://www.mountspace.com/: (7, 'Failed to connect to www.mountspace.com port 443: Connection refused')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.mountspace.com/ => https://www.mountspace.com/: (7, 'Failed to connect to www.mountspace.com port 443: Connection refused')
-Fetch error: http://mountspace.com/ => https://www.mountspace.com/: (7, 'Failed to connect to www.mountspace.com port 443: Connection refused')
--->
-<ruleset name="Mountspace.com" default_off='failed ruleset test'>
-  <target host="www.mountspace.com"/>
-  <target host="mountspace.com"/>
-  <rule from="^http://(?:www\.)?mountspace\.com/" to="https://www.mountspace.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Mountyhall.com.xml b/src/chrome/content/rules/Mountyhall.com.xml
index 3f0b998da86a..33ab7c429614 100644
--- a/src/chrome/content/rules/Mountyhall.com.xml
+++ b/src/chrome/content/rules/Mountyhall.com.xml
@@ -19,7 +19,7 @@
 		phpmyadmin.mountyhall.com
 
 -->
-<ruleset name="Mountyhall" default_off="missing certificate chain">
+<ruleset name="Mountyhall" default_off="cert-chain">
 
 	<target host="www.mountyhall.com" />
 	<target host="games.mountyhall.com" />
diff --git a/src/chrome/content/rules/Mouseflow.xml b/src/chrome/content/rules/Mouseflow.xml
index 74fa041ad403..8c87ef2f1b9c 100644
--- a/src/chrome/content/rules/Mouseflow.xml
+++ b/src/chrome/content/rules/Mouseflow.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.mouseflow.nl/ => https://www.mouseflow.nl/: (28, 'Connec
 	Mismtached:
 		- go.mouseflow.com
 -->
-<ruleset name="Mouseflow" default_off='failed ruleset test'>
+<ruleset name="Mouseflow" default_off="failed ruleset test">
 	<target host="mouseflow.com" />
 	<target host="cdn.mouseflow.com" />
 	<target host="www.mouseflow.com" />
diff --git a/src/chrome/content/rules/Mov.ad.xml b/src/chrome/content/rules/Mov.ad.xml
index 96790563ce2b..10097e16fb39 100644
--- a/src/chrome/content/rules/Mov.ad.xml
+++ b/src/chrome/content/rules/Mov.ad.xml
@@ -17,14 +17,14 @@
 		- reptracy.movad.net
 		- dev.reptracy.movad.net
 	-->
- 
+
 <ruleset name="Mov.ad">
- 
+
 	<target host="ad2.movad.net" />
 	<target host="cdn2.movad.net" />
  	<target host="track.movad.net" />
 
  	<rule from="^http:"
  		to="https:" />
- 
-</ruleset>
\ No newline at end of file
+
+</ruleset>
diff --git a/src/chrome/content/rules/MoveOn.org-falsemixed.xml b/src/chrome/content/rules/MoveOn.org-falsemixed.xml
index e98ee2356b56..8dee75777009 100644
--- a/src/chrome/content/rules/MoveOn.org-falsemixed.xml
+++ b/src/chrome/content/rules/MoveOn.org-falsemixed.xml
@@ -5,18 +5,12 @@
 <ruleset name="MoveOn.org (false MCB)" platform="mixedcontent">
 
 	<target host="petitions.moveon.org" />
-	<target host="signon.org" />
-	<target host="*.signon.org" />
 
 
 	<securecookie host="^petitions\.moveon\.org$" name=".+" />
 	<securecookie host="^\.signon\.org$" name=".+" />
 
 
-	<rule from="^http://petitions\.moveon\.org/"
-		to="https://petitions.moveon.org/" />
-
-	<rule from="^http://(www\.)?signon\.org/"
-		to="https://$1signon.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MoveOn.org.xml b/src/chrome/content/rules/MoveOn.org.xml
new file mode 100644
index 000000000000..9a6a5b766511
--- /dev/null
+++ b/src/chrome/content/rules/MoveOn.org.xml
@@ -0,0 +1,86 @@
+<!--
+	Connection closed:
+		- start
+
+	Connection timed out:
+		- bb
+		- bugzilla
+		- cloudondev
+		- code
+		- dev
+		- dev.front
+		- fwc
+		- kb
+		- o17.list
+		- o23.list
+		- o24.list
+		- o9.list
+		- notes
+		- offsite
+		- piwik
+		- thanks
+
+	Incomplete certificate chain:
+		- action
+		- cnnbc
+		- cdn.front
+		- peace
+		- www.realvotervoices
+
+	Mismatched:
+		- call
+		- cf
+		- www.civ
+		- www.civic
+		- petitions.cloudon
+		- front-stage-original
+		- img
+		- jonossoff
+		- list
+		- local
+		- www.opensource
+		- www.peace
+		- s3.petitions
+		- www.pol
+		- www.political
+		- s3
+-->
+<ruleset name="MoveOn.org">
+	<target host="moveon.org" />
+	<target host="www.moveon.org" />
+	<target host="2016forum.moveon.org" />
+	<target host="act.moveon.org" />
+	<target host="campaigns.moveon.org" />
+	<target host="campaigns-stage.moveon.org" />
+	<target host="candidates.moveon.org" />
+	<target host="cdn.moveon.org" />
+	<target host="civ.moveon.org" />
+	<target host="civic.moveon.org" />
+	<target host="direct.moveon.org" />
+	<target host="electilhanomar.moveon.org" />
+	<target host="electrashidatlaib.moveon.org" />
+	<target host="field.moveon.org" />
+	<target host="forums.moveon.org" />
+	<target host="front.moveon.org" />
+	<target host="front-stage.moveon.org" />
+	<target host="gianforte.moveon.org" />
+	<target host="opensource.moveon.org" />
+	<target host="petitions.moveon.org" />
+	<target host="www.petitions.moveon.org" />
+	<target host="pac.petitions.moveon.org" />
+	<target host="static.petitions.moveon.org" />
+	<target host="pol.moveon.org" />
+	<target host="political.moveon.org" />
+	<target host="quiz.moveon.org" />
+	<target host="realvotervoices.moveon.org" />
+	<target host="rwleaders.moveon.org" />
+	<target host="share.moveon.org" />
+	<target host="share-stage.moveon.org" />
+	<target host="spoke.moveon.org" />
+	<target host="static.moveon.org" />
+	<target host="swingvotergostatic.moveon.org" />
+	<target host="votelove.moveon.org" />
+	<target host="wiki.moveon.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MoveOn.xml b/src/chrome/content/rules/MoveOn.xml
deleted file mode 100644
index d0842b33f7ca..000000000000
--- a/src/chrome/content/rules/MoveOn.xml
+++ /dev/null
@@ -1,92 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see MoveOn.org-falsemixed.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/actionkit.moveon.org/
-		- s3.amazonaws.com/s3.moveon.org/
-
-		- d83190g0d3lhr.cloudfront.net
-
-			- static.petitions.moveon.org
-
-		- moveon.wpengine.com
-
-			- front.moveon.org
-
-
-	Nonfunctional hosts in *moveon.org:
-
-		- front ʰ
-		- old-site ᵈ
-
-	ᵈ Dropped
-	ʰ WP Engine / redirects to http
-
-
-	Fully covered domains:
-
-		- static.petitions.moveon.org	(→ d83190g0d3lhr.cloudfront.net)
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .moveon.org
-		- act.moveon.org
-
-
-	Mixed content:
-
-		- Images, on petitions.moveon.org from:
-
-			- front.moveon.org
-			- moveon.wpengine.netdna-cdn.com ²
-
-	¹ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-	² Unsecurable
-
--->
-<ruleset name="MoveOn.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="moveon.org" />
-	<target host="act.moveon.org" />
-	<target host="civ.moveon.org" />
-	<target host="civic.moveon.org" />
-	<target host="petitions.moveon.org" />
-	<target host="pol.moveon.org" />
-	<target host="www.moveon.org" />
-
-	<!--	Complications:
-				-->
-	<target host="static.petitions.moveon.org" />
-	<target host="s3.moveon.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.moveon\.org$" name="^SO_SESSION$" /-->
-	<!--securecookie host="^act\.moveon\.org$" name="^sid$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://s3\.moveon\.org/"
-		to="https://s3.amazonaws.com/s3.moveon.org/" />
-
-	<!--	A protocol-relative reference
-		exists on petitions.moveon.org:
-						-->
-	<rule from="^https?://static\.petitions\.moveon\.org/"
-		to="https://d83190g0d3lhr.cloudfront.net/" />
-
-		<!--	Specifically:
-					-->
-		<test url="https://static.petitions.moveon.org/css/front.css" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Moverall.com.xml b/src/chrome/content/rules/Moverall.com.xml
index 92ea9479654e..d5b6e87cea64 100644
--- a/src/chrome/content/rules/Moverall.com.xml
+++ b/src/chrome/content/rules/Moverall.com.xml
@@ -6,10 +6,11 @@ Fetch error: http://www.moverall.com/ => https://www.moverall.com/: (60, 'SSL ce
 Fetch error: http://moverall.com/ => https://www.moverall.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Moverall" default_off='failed ruleset test'>
+<ruleset name="Moverall" default_off="failed ruleset test">
 
 	<target host="moverall.com" />
-	<target host="*.moverall.com" />
+	<target host="www.moverall.com" />
+	<target host="cdn.moverall.com" />
 	<target host="az698912.vo.msecnd.net" />
 
 	<test url="http://moverall.com/" />
@@ -18,7 +19,7 @@ Fetch error: http://moverall.com/ => https://www.moverall.com/: (60, 'SSL certif
 	<test url="http://az698912.vo.msecnd.net/" />
 
 	<rule from="^http://(www\.)?moverall\.com/" to="https://www.moverall.com/" />
-	<rule from="^http://az698912\.vo\.msecnd\.net/" to="https://az698912.vo.msecnd.net/" />
 	<rule from="^http://cdn\.moverall\.com/" to="https://az698912.vo.msecnd.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Movie2k.tv.xml b/src/chrome/content/rules/Movie2k.tv.xml
index 0780747d78c3..fb6dc003b8ec 100644
--- a/src/chrome/content/rules/Movie2k.tv.xml
+++ b/src/chrome/content/rules/Movie2k.tv.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.movie2k.pe/ => https://www.movie2k.pe/: (51, "SSL: no al
 
 movie2k.tv is on sale
 -->
-<ruleset name="Movie2k.tv" default_off='failed ruleset test'>
+<ruleset name="Movie2k.tv" default_off="failed ruleset test">
 	<target host="movie2k.cm"/>
 	<target host="www.movie2k.cm"/>
 	<target host="movie2k.nu"/>
diff --git a/src/chrome/content/rules/MovieTH.com.xml b/src/chrome/content/rules/MovieTH.com.xml
deleted file mode 100644
index 1ce8dfe96d59..000000000000
--- a/src/chrome/content/rules/MovieTH.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="MovieTH.com">
-
-	<target host="movieth.com" />
-	<target host="*.movieth.com" />
-
-
-	<securecookie host="^\.movieth\.com$" name=".+" />
-
-
-	<rule from="^http://(sexy\.|www2?\.)?movieth\.com/"
-		to="https://$1movieth.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MovieTickets.com.xml b/src/chrome/content/rules/MovieTickets.com.xml
index dfb6cbf9da85..dd0a58b9e788 100644
--- a/src/chrome/content/rules/MovieTickets.com.xml
+++ b/src/chrome/content/rules/MovieTickets.com.xml
@@ -12,7 +12,7 @@ Non-2xx HTTP code: http://movietickets.com/ (200) => https://movietickets.com/ (
 			- reviews.movietickets.com
 
 -->
-<ruleset name="MovieTickets.com" default_off='failed ruleset test'>
+<ruleset name="MovieTickets.com" default_off="failed ruleset test">
 
 	<target host="movietickets.com" />
 	<target host="www.movietickets.com" />
diff --git a/src/chrome/content/rules/Moviease.com.xml b/src/chrome/content/rules/Moviease.com.xml
index 91c22fba18bc..5c529b432320 100644
--- a/src/chrome/content/rules/Moviease.com.xml
+++ b/src/chrome/content/rules/Moviease.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Nonfunctional subdomains:
 
-		- ads	(502; mismatched, CN: 
+		- ads	(502; mismatched, CN:
 
 -->
 <ruleset name="moviease.com">
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moviefone.xml b/src/chrome/content/rules/Moviefone.xml
index 2da44c03cb72..14de066450c0 100644
--- a/src/chrome/content/rules/Moviefone.xml
+++ b/src/chrome/content/rules/Moviefone.xml
@@ -1,27 +1,11 @@
 <!--
 	For othe AOL coverage, see AOL.xml.
-
-
-	!www doesn't work
-
 -->
-<ruleset name="Moviefone.com" default_off="redirects to http">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.moviefone.com" />
+<ruleset name="Moviefone.com">
 
-	<!--	Complications:
-				-->
-	<target host="www.blogsmithmedia.com" />
 	<target host="moviefone.com" />
+	<target host="www.moviefone.com" />
 
-		<!--	Redirects to http:
-						-->
-		<exclusion pattern="^http://www\.moviefone\.com/(?:$|cache/)" />
-
-
-	<rule from="^http://(?:www\.blogsmithmedia\.com/)?(?:www\.)?moviefone\.com/"
-		to="https://www.moviefone.com/" />
-
+	<rule from="^http://(www\.)?moviefone\.com/"
+			to="https://www.moviefone.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Moviemagnet.net.xml b/src/chrome/content/rules/Moviemagnet.net.xml
index 944a27d52187..1052940dd4e2 100644
--- a/src/chrome/content/rules/Moviemagnet.net.xml
+++ b/src/chrome/content/rules/Moviemagnet.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://moviemagnet.net/ => https://moviemagnet.net/: (35, 'Unknown
 Fetch error: http://www.moviemagnet.net/ => https://www.moviemagnet.net/: (35, 'Unknown SSL protocol error in connection to www.moviemagnet.net:443 ')
 
 -->
-<ruleset name="Moviemagnet.net" default_off='failed ruleset test'>
+<ruleset name="Moviemagnet.net" default_off="failed ruleset test">
 	<target host="moviemagnet.net" />
 	<target host="www.moviemagnet.net" />
 
diff --git a/src/chrome/content/rules/Movieposter.com.xml b/src/chrome/content/rules/Movieposter.com.xml
index af10d8d01ef9..adc881ec97bf 100644
--- a/src/chrome/content/rules/Movieposter.com.xml
+++ b/src/chrome/content/rules/Movieposter.com.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Moxie_Soft.com.xml b/src/chrome/content/rules/Moxie_Soft.com.xml
index 81e7b395d6fc..3abef4a69726 100644
--- a/src/chrome/content/rules/Moxie_Soft.com.xml
+++ b/src/chrome/content/rules/Moxie_Soft.com.xml
@@ -23,12 +23,14 @@ Fetch error: http://moxiesoft.com/ => https://moxiesoft.com/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="Moxie Soft.com" default_off='failed ruleset test'>
+<ruleset name="Moxie Soft.com" default_off="failed ruleset test">
 
 	<target host="gomoxie.com" />
-	<target host="*.gomoxie.com" />
+	<target host="support.gomoxie.com" />
+	<target host="www.gomoxie.com" />
 	<target host="moxiesoft.com" />
-	<target host="*.moxiesoft.com" />
+	<target host="www.moxiesoft.com" />
+	<target host="resources.moxiesoft.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/MoyoTheatre.com.xml b/src/chrome/content/rules/MoyoTheatre.com.xml
new file mode 100644
index 000000000000..5d143fdfe21d
--- /dev/null
+++ b/src/chrome/content/rules/MoyoTheatre.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="MoyoTheatre.com">
+	<target host="moyotheatre.com" />
+	<target host="www.moyotheatre.com" />
+	<target host="autodiscover.moyotheatre.com" />
+	<target host="bloodwatch-org.moyotheatre.com" />
+	<target host="cpanel.moyotheatre.com" />
+	<target host="mail.moyotheatre.com" />
+	<target host="webdisk.moyotheatre.com" />
+	<target host="webmail.moyotheatre.com" />
+	<target host="www.bloodwatch-org.moyotheatre.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozdev-mismatches.xml b/src/chrome/content/rules/Mozdev-mismatches.xml
index ed984ce809a5..a590184d9d61 100644
--- a/src/chrome/content/rules/Mozdev-mismatches.xml
+++ b/src/chrome/content/rules/Mozdev-mismatches.xml
@@ -13,7 +13,7 @@
 			<test url="http://www.mozdev.org/" />
 			<test url="http://mozdev.org/" />
 
-	<securecookie host="^.*\.mozdev\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://([\w\-]+)\.mozdev\.org/"
 		to="https://$1.mozdev.org/"/>
diff --git a/src/chrome/content/rules/Mozdev.xml b/src/chrome/content/rules/Mozdev.xml
deleted file mode 100644
index 8d73d3cfb107..000000000000
--- a/src/chrome/content/rules/Mozdev.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-
-	Problematic hosts in *mozdev.org:
-
-		- ^ (mismatched)
-		- bugzilla (mismatched, different content)
-		- hg (mismatched)
-		- svn (mismatched, different content)
-		- * (mismatched, see Mozdev-mismatches.xml)
-
--->
-<ruleset name="Mozdev">
-
-	<target host="mozdev.org" />
-	<target host="www.mozdev.org" />
-	<target host="bugzilla.mozdev.org" />
-		<test url="http://bugzilla.mozdev.org/enter_bug.cgi?product=forward" />
-
-	<rule from="^http://bugzilla\.mozdev\.org/"
-		to="https://www.mozdev.org/bugs/" />
-
-	<rule from="^http://mozdev\.org/"
-		to="https://www.mozdev.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mozdev_Group.com.xml b/src/chrome/content/rules/Mozdev_Group.com.xml
index 7e9eaba6c815..e4cd01ffe4d4 100644
--- a/src/chrome/content/rules/Mozdev_Group.com.xml
+++ b/src/chrome/content/rules/Mozdev_Group.com.xml
@@ -23,7 +23,14 @@
 <ruleset name="Mozdev Group.com (partial)">
 
 	<target host="mozdevgroup.com" />
-	<target host="*.mozdevgroup.com" />
+	<target host="air.mozdevgroup.com" />
+	<target host="emory.mozdevgroup.com" />
+	<target host="fresenius.mozdevgroup.com" />
+	<target host="ipcache.mozdevgroup.com" />
+	<target host="measurement.mozdevgroup.com" />
+	<target host="okcd.mozdevgroup.com" />
+	<target host="vantage.mozdevgroup.com" />
+	<target host="www.mozdevgroup.com" />
 
 
 	<!--	Not secured by server:
@@ -33,8 +40,7 @@
 	<securecookie host="^(?:air|emory|fresenius|ipcache|measurement|okcd|vantage)\.mozdevgroup\.com$" name=".+" />
 
 
-	<rule from="^http://((?:air|emory|fresenius|ipcache|measurement|okcd|vantage|www)\.)?mozdevgroup\.com/"
-		to="https://$1mozdevgroup.com/" />
+	<rule from="^http:" to="https:" />
 
 	<!--rule from="^http://jslib\.mozdevgroup\.com/"
 		to="https://jslib.mozdev.org/" /-->
diff --git a/src/chrome/content/rules/Mozgvya.com.xml b/src/chrome/content/rules/Mozgvya.com.xml
new file mode 100644
index 000000000000..c769577b1fd5
--- /dev/null
+++ b/src/chrome/content/rules/Mozgvya.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-active domain:
+	- www.mozgvya.com
+-->
+<ruleset name="mozgvya.com">
+	<target host="mozgvya.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozilla-Russia.org.xml b/src/chrome/content/rules/Mozilla-Russia.org.xml
index 81a4893b99c9..d07eff5bb1e2 100644
--- a/src/chrome/content/rules/Mozilla-Russia.org.xml
+++ b/src/chrome/content/rules/Mozilla-Russia.org.xml
@@ -31,7 +31,9 @@
 <ruleset name="Mozilla-Russia.org (partial)">
 
 	<target host="mozilla-russia.org" />
-	<target host="*.mozilla-russia.org" />
+	<target host="bugzilla.mozilla-russia.org" />
+	<target host="forum.mozilla-russia.org" />
+	<target host="www.mozilla-russia.org" />
 
 
 	<securecookie host="^(?:bugzilla|forum)\.mozilla-russia\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Mozilla.com.xml b/src/chrome/content/rules/Mozilla.com.xml
index d27a7d4bd3e8..172c11a4f656 100644
--- a/src/chrome/content/rules/Mozilla.com.xml
+++ b/src/chrome/content/rules/Mozilla.com.xml
@@ -1,143 +1,62 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://air.mozilla.com/ => https://air.mozilla.com/: (7, 'Failed to connect to air.mozilla.com port 443: Connection refused')
-Fetch error: http://services.mozilla.com/ => https://services.mozilla.com/: (6, 'Could not resolve host: services.mozilla.com')
-Fetch error: http://labs.mozilla.com/ => https://mozillalabs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mozillalabs.com'")
-Fetch error: http://labs.mozilla.com/ => https://mozillalabs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mozillalabs.com'")
-Fetch error: http://labs.mozilla.com// => https://mozillalabs.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mozillalabs.com'")
-
 	NB: If a host ceases to exist, just remove the respective test.
 
 	For other Mozilla coverage, see Mozilla.xml.
 
 
-	Nonfunctional hosts in *mozilla.com:
-
-		- www.authstage ¹
-		- identity ²
-		- *.malware-error ³
-		- www-trunk.stage ¹
-
-	¹ Dropped
-	² Hosted on tumblr
-	³ https://trac.torproject.org/projects/tor/ticket/14022
-
-
 	Problematic hosts in *mozilla.com:
 
+		- air ¹
 		- labs ¹
-	        - *.phish-report ²
-		- status ²
 
 	¹ Refused
 	² Mismatched
-
-
-	Observed hosts in *mozilla.com:
-
-		- (www.)?
-		- activations
-		- addons
-		- air
-		- basket
-		- blog
-		- brasstacks
-		- careers
-		- crash-analysis
-		- crash-stats
-		- data
-		- fhr.data
-		- input
-		- labs		(→ mozillalabs.com)
-		- people
-
-		- in *services:
-
-			- ^
-			- account
-			- auth
-			- location
-			- setup
-			- tiles
-			- tracking
-
-		- snippets
-		- status	(→ status.mozilla.org)
-		- support
-		- v
-
-
-	Mixed content:
-
-		- Images on status.mozilla.com from wmpsp.s3.amazonaws.com *
-
-	* Secured by us
-
 -->
-<ruleset name="Mozilla.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mozilla.com">
 
 	<target host="mozilla.com" />
 	<target host="*.mozilla.com" />
 
-		<exclusion pattern="^http://(?:www\.authstage|fxfeeds|identity|.+\.malware-error|www-trunk\.stage)\.mozilla\.com/" />
+		<exclusion pattern="^http://fxfeeds\.mozilla\.com/" />
 
-			<test url="http://www.authstage.mozilla.com/" />
-			<test url="http://www.authstage.mozilla.com//" />
 			<test url="http://fxfeeds.mozilla.com/" />
-			<test url="http://identity.mozilla.com/" />
-			<test url="http://tr.malware-error.mozilla.com/" />
-			<test url="http://www-trunk.stage.mozilla.com/" />
-
-		<exclusion pattern="^http://(?:[\w.-]+\.)?phish-report\.mozilla\.com/" />
-
-			<test url="http://phish-report.mozilla.com/" />
-			<test url="http://phish-report.mozilla.com//" />
-			<test url="http://en-us.phish-report.mozilla.com/" />
 
 		<!--	Direct rewrites:
 					-->
 		<test url="http://activations.mozilla.com/" />
 		<test url="http://addons.mozilla.com/" />
-		<test url="http://air.mozilla.com/" />
 		<test url="http://basket.mozilla.com/" />
 		<test url="http://blog.mozilla.com/" />
 		<test url="http://brasstacks.mozilla.com/" />
 		<test url="http://careers.mozilla.com/" />
-		<test url="http://crash-analysis.mozilla.com/" />
 		<test url="http://crash-stats.mozilla.com/" />
 		<test url="http://data.mozilla.com/" />
 		<test url="http://fhr.data.mozilla.com/" />
+		<test url="http://hardware.metrics.mozilla.com/" />
 		<test url="http://input.mozilla.com/" />
-		<test url="http://people.mozilla.com/" />
-		<test url="http://services.mozilla.com/" />
+		<test url="http://phish-report.mozilla.com/" />
+		<test url="http://en-us.phish-report.mozilla.com/" />
 		<test url="http://snippets.mozilla.com/" />
 		<test url="http://support.mozilla.com/" />
+		<test url="http://tr.malware-error.mozilla.com/" />
 		<test url="http://v.mozilla.com/" />
 		<test url="http://www.mozilla.com/" />
 
 		<!--	Complications:
 					-->
+		<test url="http://air.mozilla.com/" />
 		<test url="http://labs.mozilla.com/" />
-		<test url="http://status.mozilla.com/" />
 
 
-	<securecookie host=".*\.mozilla\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://labs\.mozilla\.com/+"
-		to="https://mozillalabs.com/" />
+	<rule from="^http://labs\.mozilla\.com/"
+		to="https://www.mozillalabs.com/" />
 
-		<test url="http://labs.mozilla.com/" />
-		<test url="http://labs.mozilla.com//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://status\.mozilla\.com/+"
-		to="https://status.mozilla.org/" />
+	<rule from="^http://air\.mozilla\.com/"
+		to="https://air.mozilla.org/" />
 
-		<test url="http://status.mozilla.com//" />
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Mozilla.net.xml b/src/chrome/content/rules/Mozilla.net.xml
index c33a392b9e98..d48d84834427 100644
--- a/src/chrome/content/rules/Mozilla.net.xml
+++ b/src/chrome/content/rules/Mozilla.net.xml
@@ -8,56 +8,38 @@
 			- hardhat.mozilla.net
 
 	Problematic hosts in *mozilla.net:
-		- download.cdn ¹
 		- hardhat ²
-		- www ³
-	¹ 404; mismatched, CN: gp1.wac.edgecastcdn.net
 	² Works; mismatched, CN: gp1.wac.edgecastcdn.net
-	³ Prompts for LDAP login; mismatched, CN: static-san.mozilla.org
-
-	Observed hosts in *mozilla.net:
-		- static-cdn.addons
-		- static-ssl-cdn.addons
-		- in *cdn
-			- activations
-			- addons
-			- air
-			- code
-			- developer
-			- download		(→ ftp.mozilla.org)
-			- download-installer
-			- fhr
-			- marketplace
-			- mozorg
-			- support
-			- versioncheck
-		- videos-cdn
-		- www			(→ www.mozilla.org)
-
-	Mixed content:
-		- Images on hardhat.cdn.mozilla.net from www.mozilla.org *
-		- Ad on activations.cdn.mozilla.net from getpocket.com *
-	* Secured by us
 -->
-<ruleset name="Mozilla.net (partial)">
+<ruleset name="Mozilla.net">
 
 	<target host="*.mozilla.net" />
+		<test url="http://assets.mozilla.net/pdf/IHPbriefs_Web_Literacy_March_2017.pdf" />
 		<test url="http://cdn.mozilla.net/browserquest/img/1/spritesheet.png" />
-		<test url="http://code.cdn.mozilla.net/fonts/fira.css" />
-		<test url="http://developer.cdn.mozilla.net/" />
+			<test url="http://activations.cdn.mozilla.net/" />
+			<test url="http://addons-discovery.cdn.mozilla.net/50b599424886d5ec9380d52b954087cb.webm" />
+			<test url="http://addons.cdn.mozilla.net/user-media/addon_icons/5/5890-64.png" />
+			<test url="http://air.cdn.mozilla.net/" />
+			<test url="http://blocked.cdn.mozilla.net/" />
+			<test url="http://code.cdn.mozilla.net/fonts/fira.css" />
+			<test url="http://developer.cdn.mozilla.net/" />
+			<test url="http://download-installer.cdn.mozilla.net/" />
+			<test url="http://download.cdn.mozilla.net/" />
+			<test url="http://fhr.cdn.mozilla.net/" />
+			<test url="http://hardhat.cdn.mozilla.net/" />
+			<test url="http://mozorg.cdn.mozilla.net/" />
+			<test url="http://snippets.cdn.mozilla.net/" />
+			<test url="http://support.cdn.mozilla.net/" />
+			<test url="http://videos.cdn.mozilla.net/" />
+		<test url="http://interactive-examples.mdn.mozilla.net/pages/tabbed/map.html" />
+		<test url="http://static.addons.mozilla.net/en-US/firefox/.pdf" />
+		<test url="http://www.mozilla.net/" />
 
 	<!--	Mismatched:	-->
 	<exclusion pattern="^http://hardhat\.mozilla\.net/" />
 		<test url="http://hardhat.mozilla.net/en-US/outages.html" />
 
-	<rule from="^http://download\.cdn\.mozilla\.net/"
-		to="https://ftp.mozilla.org/" />
-		<test url="http://download.cdn.mozilla.net/" />
-
-	<!--	Redirects as so over http.	-->
-	<rule from="^http://www\.mozilla\.net/"
-		to="https://www.mozilla.org/" />
-		<test url="http://www.mozilla.net/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Mozilla.xml b/src/chrome/content/rules/Mozilla.xml
index 4e9199007dc2..55908ba52d1c 100644
--- a/src/chrome/content/rules/Mozilla.xml
+++ b/src/chrome/content/rules/Mozilla.xml
@@ -1,28 +1,33 @@
 <!--
+The following targets have been disabled at 2020-10-14 21:27:05:
+
+Fetch error: http://advocacy.mozilla.org/ => https://advocacy.mozilla.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://alerts.telemetry.mozilla.org/ => https://alerts.telemetry.mozilla.org/: (6, 'Could not resolve host: alerts.telemetry.mozilla.org')
+Fetch error: http://mig.mozilla.org/ => https://mig.mozilla.org/: (6, 'Could not resolve host: mig.mozilla.org')
+
 	NB: If a host ceases to exist, just remove the respective test
 
 
 	Other Mozilla rulesets:
 
 		- Allizom.org.xml
-		- Are_We_Slim_Yet.com.xml
 		- BadgeKit.org.xml
 		- Bugzilla.xml
 		- Firefox.com.xml
 		- Lizard_Wrangler.com.xml
 		- Makes.org.xml
-		- Mozilla.com.xml
+		- Mozilla-Community.org.xml
 		- Mozilla.com.tw.xml
+		- Mozilla.com.xml
 		- Mozilla.jp.xml
 		- Mozilla.net.xml
-		- Mozilla-Community.org.xml
 		- Mozilla_Demos.org.xml
 		- Mozilla_Messaging.com.xml
 		- Mozilla_Webmaker.xml
+		- Mozillalabs.com.xml
 		- Moztw.org.xml
 		- mzl.la (via Bitly_branded_short_domains.xml)
 		- Open_Badges.xml
-		- Searchfox.org.xml
 		- TaskCluster.net
 		- TogetherJS.com.xml
 		- WebFWD.org.xml
@@ -47,24 +52,13 @@
 
 		- (www.)?drumbeat.org ³
 
-		- in *mozilla.org:
-
-			- bonsai ³
-			- browserquest ³
-			- mig ³
-			- alerts.telemetry *
-			- website-archive ³
-			- www-archive ³
-
 	³ Refused
-	* https://github.com/EFForg/https-everywhere/issues/1374
 
 
 	Problematic hosts in *mozilla.org:
 
-		- affiliates-cdn ²
+		- browserquest ⁴
 		- bzr ²
-		- iot ²
 		- labs ¹
 		- talkback-public ⁴
 
@@ -75,118 +69,6 @@
 	⁴ Connection refused
 
 
-	Observed working hosts in *mozilla.org:
-
-		- (www.)?
-		- activations
-		- advocacy
-
-		- in *addons:
-
-			- ^
-			- blocklist
-			- forums
-			- pyrepo
-			- services
-			- versioncheck
-
-		- archive
-		- air
-		- aus3
-		- aus4
-		- basket
-		- beta
-		- blog
-		- boardwiki
-		- bugzilla
-		- secure.pub.build
-		- calendar
-		- careers
-		- communitystore
-		- creative
-		- developer
-		- directory
-		- dnt
-		- donate
-		- download
-		- dragnet
-		- dxr
-		- education
-		- etherpad
-		- fb-affiliates
-		- firefoxflicks
-		- firefoxlive
-		- forums
-		- foundationwiki
-		- ftp
-		- gameon
-		- gear
-		- git
-		- gpg
-		- hacks
-		- hg
-		- inform
-		- input
-		- intlstore
-		- intranet
-		- join
-		- keys
-		- keyserver
-		- krakenbenchmark
-		- l10n
-		- labs			(→ mozillalabs.com)
-		- ldap
-		- lists
-		- localize
-		- m
-		- svc.m
-		- mail
-		- mana
-		- marketplace
-		- metrics
-		- moztrap
-		- mpl
-		- mxr
-		- nightly
-		- outgoing
-		- people
-		- pfs
-		- planet
-		- pulse
-		- quality
-		- release
-		- releases
-		- reps
-		- securitywiki
-		- sendto
-		- start
-		- status
-		- studentreps
-		- support
-		- symbols
-		- talkback-public	(→ crash-stats.mozilla.com)
-		- telemetry
-		- tbpl
-
-		- telemetry
-		- fxos.telemetry
-		- hotfix.telemetry
-		- incoming.telemetry
-		- loop.telemetry
-
-		- telemetry-dash
-		- treeherder
-		- videos
-		- wiki
-		- www
-
-
-	These altnames don't exist:
-
-		- generic-san.mozilla.org
-		- analysis.telemetry.mozilla.org
-
-
 	Insecure cookies are set for these domains:
 
 		- .mozilla.org
@@ -195,17 +77,6 @@
 		- .sendto.mozilla.org
 		- support.mozilla.org
 		- telemetry.mozilla.org
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- blog.mozilla.org from $self *
-			- www.mozilla.org from www.seamonkey-project.org
-
-	* Secured by us
-
 -->
 <ruleset name="Mozilla.org">
 
@@ -218,22 +89,15 @@
 
 				https://mail1.eff.org/pipermail/https-everywhere-rules/2013-June/001635.html
 													-->
-		<exclusion pattern="^http://(europe|browserquest|trychooser\.pub\.build|bzr|iot|mig|symbolapi|alerts\.telemetry|w(ebsite|ww)-archive)\.mozilla\.org/" />
+		<exclusion pattern="^http://(europe|browserquest|trychooser\.pub\.build|bzr|symbolapi)\.mozilla\.org/" />
 
 			<test url="http://europe.mozilla.org/" />
 			<test url="http://browserquest.mozilla.org/" />
 			<test url="http://bzr.mozilla.org/" />
 			<test url="http://trychooser.pub.build.mozilla.org/" />
-			<test url="http://iot.mozilla.org/" />
-			<test url="http://mig.mozilla.org/" />
-			<test url="http://symbolapi.mozilla.org/" />			
-			<test url="http://alerts.telemetry.mozilla.org/" />
-			<test url="http://website-archive.mozilla.org/" />
-			<test url="http://www-archive.mozilla.org/" />
-			<test url="http://www-archive.mozilla.org//" />
+			<test url="http://symbolapi.mozilla.org/" />
 
 		<test url="http://addons.mozilla.org/" />
-		<test url="http://advocacy.mozilla.org/" />
 		<test url="http://air.mozilla.org/" />
 		<test url="http://archive.mozilla.org/" />
 		<test url="http://bugzilla.mozilla.org/" />
@@ -245,6 +109,7 @@
 		<test url="http://git.mozilla.org/" />
 		<test url="http://hg.mozilla.org/" />
 		<test url="http://image.e.mozilla.org/" />
+		<test url="http://iot.mozilla.org/" />
 		<test url="http://krakenbenchmark.mozilla.org/" />
 		<test url="http://lists.mozilla.org/" />
 		<test url="http://planet.mozilla.org/" />
@@ -256,9 +121,11 @@
 		<test url="http://support.mozilla.org/" />
 		<test url="http://symbols.mozilla.org/" />
 		<test url="http://telemetry.mozilla.org/" />
-		<test url="http://wiki.mozilla.org/" />
 		<test url="http://videos.mozilla.org/" />
 		<test url="http://view.e.mozilla.org/" />
+		<test url="http://website-archive.mozilla.org/" />
+		<test url="http://wiki.mozilla.org/" />
+		<test url="http://www-archive.mozilla.org/" />
 		<test url="http://www.mozilla.org/" />
 
 
@@ -271,15 +138,8 @@
 	<!--securecookie host="^support\.mozilla\.org$" name="^dwf_surveygizmo$" /-->
 	<!--securecookie host="^telemetry-dash\.mozilla\.org$" name="^session$" /-->
 
-	<securecookie host=".*\.mozilla\.org$" name=".+" />
-
-
-	<!--	Would this rule be safe?
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://click\.e\.mozilla\.org/"
-		to="https://click.virt.s4.exacttarget.com/" /-->
-
-		<test url="http://image.e.mozilla.org/" />
 
 	<!--	Redirects like so over http.
 						-->
diff --git a/src/chrome/content/rules/Mozillalabs.com.xml b/src/chrome/content/rules/Mozillalabs.com.xml
new file mode 100644
index 000000000000..e8e36741fb14
--- /dev/null
+++ b/src/chrome/content/rules/Mozillalabs.com.xml
@@ -0,0 +1,24 @@
+<!--
+	For other Mozilla coverage, see Mozilla.xml.
+
+	Nonfunctional hosts in *.mozillalabs.com:
+		- mozillalabs.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Mozillalabs.com">
+	<target host="mozillalabs.com" />
+	<target host="www.mozillalabs.com" />
+	<target host="pontoon.mozillalabs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://mozillalabs\.com/"
+		to="https://www.mozillalabs.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mozio.com.xml b/src/chrome/content/rules/Mozio.com.xml
new file mode 100644
index 000000000000..ecacac3d5ae6
--- /dev/null
+++ b/src/chrome/content/rules/Mozio.com.xml
@@ -0,0 +1,82 @@
+<!--
+	Invalid certificate:
+		- www.blog.mozio.com
+		- try.mozio.com
+-->
+
+<ruleset name="Mozio.com">
+	<target host="mozio.com" />
+	<target host="www.mozio.com" />
+	<target host="accor.mozio.com" />
+	<target host="aegeanair.mozio.com" />
+	<target host="agoda.mozio.com" />
+	<target host="airbaltic.mozio.com" />
+	<target host="airportparkingreservations.mozio.com" />
+	<target host="airportshuttle.mozio.com" />
+	<target host="airtickets.mozio.com" />
+	<target host="amoma.mozio.com" />
+	<target host="analytics.mozio.com" />
+	<target host="api.mozio.com" />
+	<target host="api-staging.mozio.com" />
+	<target host="app-prod.mozio.com" />
+	<target host="app-prod-gbt.mozio.com" />
+	<target host="app-widget.mozio.com" />
+	<target host="autocomplete.mozio.com" />
+	<target host="blog.mozio.com" />
+	<target host="booking.mozio.com" />
+	<target host="budgetair.mozio.com" />
+	<target host="budgetairbe.mozio.com" />
+	<target host="budgetaircomau.mozio.com" />
+	<target host="budgetaircouk.mozio.com" />
+	<target host="budgetaires.mozio.com" />
+	<target host="budgetairfr.mozio.com" />
+	<target host="budgetairit.mozio.com" />
+	<target host="budgetairnl.mozio.com" />
+	<target host="cheaptickets.mozio.com" />
+	<target host="cheapticketsbe.mozio.com" />
+	<target host="cheapticketsch.mozio.com" />
+	<target host="cheapticketscoth.mozio.com" />
+	<target host="cheapticketsde.mozio.com" />
+	<target host="cheapticketshk.mozio.com" />
+	<target host="chef-server.mozio.com" />
+	<target host="cityjet.mozio.com" />
+	<target host="confirmationdesk.mozio.com" />
+	<target host="dev.mozio.com" />
+	<target host="edreams.mozio.com" />
+	<target host="ethiopianairlines.mozio.com" />
+	<target host="flugladenat.mozio.com" />
+	<target host="flugladende.mozio.com" />
+	<target host="guesthouser.mozio.com" />
+	<target host="hostelworld.mozio.com" />
+	<target host="hotels.mozio.com" />
+	<target host="hsbc.mozio.com" />
+	<target host="infobooking.mozio.com" />
+	<target host="internationaltransfer.mozio.com" />
+	<target host="jetblue.mozio.com" />
+	<target host="kiwi.mozio.com" />
+	<target host="lozadaviajes.mozio.com" />
+	<target host="m.mozio.com" />
+	<target host="onefinestay.mozio.com" />
+	<target host="parksleepfly.mozio.com" />
+	<target host="partners.mozio.com" />
+	<target host="secure-widget.mozio.com" />
+	<target host="shuttleman.mozio.com" />
+	<target host="skgroup.mozio.com" />
+	<target host="skys.mozio.com" />
+	<target host="skyscanner.mozio.com" />
+	<target host="spirit.mozio.com" />
+	<target host="staging-static.mozio.com" />
+	<target host="static.mozio.com" />
+	<target host="studentuniverse.mozio.com" />
+	<target host="sydneyairport.mozio.com" />
+	<target host="tripcase.mozio.com" />
+	<target host="tripsta.mozio.com" />
+	<target host="ui-test-2.mozio.com" />
+	<target host="vayama.mozio.com" />
+	<target host="vayamaie.mozio.com" />
+	<target host="vliegwinkel.mozio.com" />
+	<target host="widget.mozio.com" />
+	<target host="wtg.mozio.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Moztw.org.xml b/src/chrome/content/rules/Moztw.org.xml
index 16002f266056..9383d5d4eafb 100644
--- a/src/chrome/content/rules/Moztw.org.xml
+++ b/src/chrome/content/rules/Moztw.org.xml
@@ -3,7 +3,7 @@
 
 	Timeout:
 		- mozlinks
-		
+
 	Refused:
 		www	( equal to ^ )
 -->
@@ -12,10 +12,10 @@
 
 	<target host="moztw.org" />
 	<target host="www.moztw.org" />
-	
+
 	<rule from="^http://(www\.)?moztw\.org/" to="https://moztw.org/" />
 
-	
+
 	<target host="wiki.moztw.org" />
 	<target host="forum.moztw.org" />
 
diff --git a/src/chrome/content/rules/Mp3-Juices.com.xml b/src/chrome/content/rules/Mp3-Juices.com.xml
deleted file mode 100644
index 7fbbf197cfe0..000000000000
--- a/src/chrome/content/rules/Mp3-Juices.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	www.mp3-juices.com: Mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .mp3-juices.com
-
--->
-<ruleset name="Mp3-Juices.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="mp3-juices.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.mp3-juices.com" />
-
-
-	<!--	CloudFlare cookies
-					-->
-	<!--securecookie host="^\.mp3-juices\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://www\.mp3-juices\.com/"
-		to="https://mp3-juices.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mp3eee.com.xml b/src/chrome/content/rules/Mp3eee.com.xml
deleted file mode 100644
index 1b7cc5359319..000000000000
--- a/src/chrome/content/rules/Mp3eee.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Mp3eee.com">
-	<target host="mp3eee.com" />
-	<target host="www.mp3eee.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MrMondialisation.org.xml b/src/chrome/content/rules/MrMondialisation.org.xml
new file mode 100644
index 000000000000..ad5491ddcb62
--- /dev/null
+++ b/src/chrome/content/rules/MrMondialisation.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.mrmondialisation.org
+-->
+<ruleset name="MrMondialisation.org">
+	<target host="mrmondialisation.org" />
+	<target host="www.mrmondialisation.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.mrmondialisation\.org/" to="https://mrmondialisation.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mr_cote.info.xml b/src/chrome/content/rules/Mr_cote.info.xml
index 6349b852bca5..5ac3b426dead 100644
--- a/src/chrome/content/rules/Mr_cote.info.xml
+++ b/src/chrome/content/rules/Mr_cote.info.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.mrcote.info/ => https://www.mrcote.info/: (60, 'SSL cert
 	* Secured by us
 
 -->
-<ruleset name="mr cote.info" default_off='failed ruleset test'>
+<ruleset name="mr cote.info" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Mrakopedia.org.xml b/src/chrome/content/rules/Mrakopedia.org.xml
deleted file mode 100644
index 494fde4ecdfa..000000000000
--- a/src/chrome/content/rules/Mrakopedia.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Mrakopedia.org">
-	<target host="mrakopedia.org" />
-	<target host="www.mrakopedia.org" />
-	<target host="dev.mrakopedia.org" />
-	<target host="www.dev.mrakopedia.org" />
-	<target host="forum.mrakopedia.org" />
-	<target host="www.forum.mrakopedia.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mrlocksmith.com.xml b/src/chrome/content/rules/Mrlocksmith.com.xml
new file mode 100644
index 000000000000..f149552f3fbc
--- /dev/null
+++ b/src/chrome/content/rules/Mrlocksmith.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Mrlocksmith.com" platform="mixedcontent">
+	<target host="mrlocksmith.com" />
+	<target host="www.mrlocksmith.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mrs_McNastys.xml b/src/chrome/content/rules/Mrs_McNastys.xml
index 3844fa54f9d0..ceab4bbdfc2b 100644
--- a/src/chrome/content/rules/Mrs_McNastys.xml
+++ b/src/chrome/content/rules/Mrs_McNastys.xml
@@ -7,15 +7,15 @@ Fetch error: http://www.mrsmcnastys.com/ => https://www.mrsmcnastys.com/: (7, 'F
 Disabled by https-everywhere-checker because:
 Fetch error: http://mrsmcnastys.com/ => https://mrsmcnastys.com/: (7, 'Failed to connect to mrsmcnastys.com port 443: Connection refused')
 -->
-<ruleset name="Mrs. McNasty's" default_off='failed ruleset test'>
+<ruleset name="Mrs. McNasty's" default_off="failed ruleset test">
 
 	<target host="mrsmcnastys.com" />
 	<target host="www.mrsmcnastys.com" />
 
 
-	<securecookie host="^(?:.*\.)?mrsmcnastys\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MtGox.xml b/src/chrome/content/rules/MtGox.xml
index f812cd122609..df091c9148cd 100644
--- a/src/chrome/content/rules/MtGox.xml
+++ b/src/chrome/content/rules/MtGox.xml
@@ -4,16 +4,20 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mtgox.com/ => https://mtgox.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Mt.Gox" default_off='failed ruleset test'>
+<ruleset name="Mt.Gox" default_off="failed ruleset test">
 
 	<target host="mtgox.com" />
-	<target host="*.mtgox.com" />
+	<target host="bitcoind.mtgox.com" />
+	<target host="data.mtgox.com" />
+	<target host="m.mtgox.com" />
+	<target host="support.mtgox.com" />
+	<target host="www.mtgox.com" />
+	<target host="yubikey.mtgox.com" />
 
 
-	<securecookie host="^(?:.*\.)?mtgox\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:bitcoind|data|m|support|www|yubikey)\.)?mtgox\.com/"
-		to="https://$1mtgox.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mtstatic.com.xml b/src/chrome/content/rules/Mtstatic.com.xml
index 0db8bc9f65a6..772b928abb9a 100644
--- a/src/chrome/content/rules/Mtstatic.com.xml
+++ b/src/chrome/content/rules/Mtstatic.com.xml
@@ -1,15 +1,11 @@
 <!--
 	For other MindTouch coverage, see MindTouch.com.xml.
-
 -->
-<ruleset name="mtstatic.com">
 
+<ruleset name="Mtstatic.com">
 	<target host="a.mtstatic.com" />
-
 		<test url="http://a.mtstatic.com/@public/production/site_6795/1450392481-logo.png" />
+	<target host="files.mtstatic.com" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MujBiz.cz.xml b/src/chrome/content/rules/MujBiz.cz.xml
index 5818174d2b68..35db5f7db281 100644
--- a/src/chrome/content/rules/MujBiz.cz.xml
+++ b/src/chrome/content/rules/MujBiz.cz.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?mujbiz\.cz/"
 		to="https://www.mujbiz.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MultiSeek.xml b/src/chrome/content/rules/MultiSeek.xml
index 05d96eb3d04c..4b3f0848f275 100644
--- a/src/chrome/content/rules/MultiSeek.xml
+++ b/src/chrome/content/rules/MultiSeek.xml
@@ -6,7 +6,7 @@ Fetch error: http://mail.multiseek.net/ => https://mail.multiseek.net/: (51, "SS
 	www.multiseek.net: Mismatched
 
 -->
-<ruleset name="MultiSeek.net" default_off='failed ruleset test'>
+<ruleset name="MultiSeek.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/MultiSoft.xml b/src/chrome/content/rules/MultiSoft.xml
index 9e84032155b0..b9b0df07505b 100644
--- a/src/chrome/content/rules/MultiSoft.xml
+++ b/src/chrome/content/rules/MultiSoft.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?multisoft\.com/([aA]pp_[tT]hemes/|jssrc/|moduleskins/|[mM]ulti[sS]oft[cC]orporation/|[rR]ad[sS]kins/|[sS]kinning/|[wW]eb[rR]esource\.axd)"
 		to="https://$1multisoft.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Multicast_Media.xml b/src/chrome/content/rules/Multicast_Media.xml
index 49e1290cc4f7..dd6065e287be 100644
--- a/src/chrome/content/rules/Multicast_Media.xml
+++ b/src/chrome/content/rules/Multicast_Media.xml
@@ -10,7 +10,7 @@ Fetch error: http://multicastmedia.com/ => https://www.kitd.com/multicast/: (51,
 		- (www.)	(mismatched, CN: *.kitd.com)
 
 -->
-<ruleset name="Multicast Media" default_off='failed ruleset test'>
+<ruleset name="Multicast Media" default_off="failed ruleset test">
 
 	<target host="multicastmedia.com" />
 	<target host="*.multicastmedia.com" />
@@ -25,4 +25,4 @@ Fetch error: http://multicastmedia.com/ => https://www.kitd.com/multicast/: (51,
 	<rule from="^http://(static\.|vidego\.)?multicastmedia\.com/"
 		to="https://$1multicastmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Multicore-DevCon.com.xml b/src/chrome/content/rules/Multicore-DevCon.com.xml
index 6302dc0082b4..835fe0666228 100644
--- a/src/chrome/content/rules/Multicore-DevCon.com.xml
+++ b/src/chrome/content/rules/Multicore-DevCon.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://multicore-devcon.com/ => https://multicore-devcon.com/: (60,
 Fetch error: http://www.multicore-devcon.com/ => https://www.multicore-devcon.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Multicore-DevCon.com" default_off='failed ruleset test'>
+<ruleset name="Multicore-DevCon.com" default_off="failed ruleset test">
 
 	<target host="multicore-devcon.com" />
 	<target host="www.multicore-devcon.com" />
diff --git a/src/chrome/content/rules/Multinationales.org.xml b/src/chrome/content/rules/Multinationales.org.xml
new file mode 100644
index 000000000000..b50a4ec7a2a8
--- /dev/null
+++ b/src/chrome/content/rules/Multinationales.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Multinationales.org">
+
+	<target host="multinationales.org" />
+	<target host="www.multinationales.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Multiply.xml b/src/chrome/content/rules/Multiply.xml
index a71c152e10d1..99a07d0e8b71 100644
--- a/src/chrome/content/rules/Multiply.xml
+++ b/src/chrome/content/rules/Multiply.xml
@@ -9,7 +9,7 @@ Fetch error: http://multiply.com/ => https://multiply.com/: (51, "SSL: no altern
 		- multiply	(ditto)
 
 -->
-<ruleset name="Multiply (partial)" default_off='failed ruleset test'>
+<ruleset name="Multiply (partial)" default_off="failed ruleset test">
 
 	<target host="multiply.com" />
 	<target host="www.multiply.com" />
diff --git a/src/chrome/content/rules/Mumzworld.com.xml b/src/chrome/content/rules/Mumzworld.com.xml
index 2239a687f7fc..597056bb6f81 100644
--- a/src/chrome/content/rules/Mumzworld.com.xml
+++ b/src/chrome/content/rules/Mumzworld.com.xml
@@ -22,7 +22,8 @@
 <ruleset name="Mumzworld.com">
 
 	<target host="mumzworld.com" />
-	<target host="*.mumzworld.com" />
+	<target host="media.mumzworld.com" />
+	<target host="www.mumzworld.com" />
 
 
 	<securecookie host="^\.mumzworld\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Muni.cz.xml b/src/chrome/content/rules/Muni.cz.xml
index 21a66966eeb7..a97dcf50f705 100644
--- a/src/chrome/content/rules/Muni.cz.xml
+++ b/src/chrome/content/rules/Muni.cz.xml
@@ -9,13 +9,13 @@
 
 
 	Nonfunctional subdomains:
-	
+
 		- 95 ¹
 		- patat06 ²
 		- science ³
 		- (www.)veda ³
 		- www.video ⁴
-		
+
 	¹ Shows webserver.ics; mismatched, CN: webserver.ics.muni.cz
 	² Shows marach.ics; mismatched, CN: www.cerit.cz
 	³ Shows morwen2.rect; mismatched, CN: morwen2.rect.muni.cz
@@ -51,8 +51,8 @@
 		- (www.)kite *
 
 	* $ redirects to http
-	
-	
+
+
 	Fully covered subdomains:
 
 		- (www.)
@@ -88,7 +88,7 @@
 	Observed cookie domains:
 
 		- cic
-		- czs 
+		- czs
 		- em2il
 		- www.em2il
 		- idp2.ics
diff --git a/src/chrome/content/rules/Muqri.com.xml b/src/chrome/content/rules/Muqri.com.xml
new file mode 100644
index 000000000000..4cec05fbd39f
--- /dev/null
+++ b/src/chrome/content/rules/Muqri.com.xml
@@ -0,0 +1,36 @@
+<ruleset name="Muqri.com">
+	<target host="muqri.com" />
+	<target host="www.muqri.com" />
+	<target host="ar.muqri.com" />
+	<target host="bn.muqri.com" />
+	<target host="bs.muqri.com" />
+	<target host="de.muqri.com" />
+	<target host="en.muqri.com" />
+	<target host="es.muqri.com" />
+	<target host="fa.muqri.com" />
+	<target host="fr.muqri.com" />
+	<target host="gr.muqri.com" />
+	<target host="hi.muqri.com" />
+	<target host="id.muqri.com" />
+	<target host="it.muqri.com" />
+	<target host="ja.muqri.com" />
+	<target host="ko.muqri.com" />
+	<target host="ku.muqri.com" />
+	<target host="mk.muqri.com" />
+	<target host="ms.muqri.com" />
+	<target host="nl.muqri.com" />
+	<target host="no.muqri.com" />
+	<target host="pt.muqri.com" />
+	<target host="ru.muqri.com" />
+	<target host="sq.muqri.com" />
+	<target host="sv.muqri.com" />
+	<target host="th.muqri.com" />
+	<target host="tr.muqri.com" />
+	<target host="ur.muqri.com" />
+	<target host="vi.muqri.com" />
+	<target host="zh.muqri.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MusaFurber.com.xml b/src/chrome/content/rules/MusaFurber.com.xml
new file mode 100644
index 000000000000..46e011b4f0cb
--- /dev/null
+++ b/src/chrome/content/rules/MusaFurber.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="MusaFurber.com">
+	<target host="musafurber.com" />
+	<target host="www.musafurber.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Muse.mu.xml b/src/chrome/content/rules/Muse.mu.xml
index 21d145aabb5d..02cb311d8c9b 100644
--- a/src/chrome/content/rules/Muse.mu.xml
+++ b/src/chrome/content/rules/Muse.mu.xml
@@ -34,7 +34,7 @@ Fetch error: http://muse-cdn.warnerartists.com/ => https://muse-cdn.warnerartist
 		- Images on preorder from wmiuk.edgeboss.net
 
 -->
-<ruleset name="Muse.mu (partial)" default_off='failed ruleset test'>
+<ruleset name="Muse.mu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Muselive.com.xml b/src/chrome/content/rules/Muselive.com.xml
index 4f7f9770cdae..2a31bdc4ee9e 100644
--- a/src/chrome/content/rules/Muselive.com.xml
+++ b/src/chrome/content/rules/Muselive.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://community.muselive.com/ => https://community.muselive.com/:
 		- community.muselive.com
 
 -->
-<ruleset name="Muselive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Muselive.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Museodelprado.es.xml b/src/chrome/content/rules/Museodelprado.es.xml
index 03c3536ab3f3..80eb9810b248 100644
--- a/src/chrome/content/rules/Museodelprado.es.xml
+++ b/src/chrome/content/rules/Museodelprado.es.xml
@@ -9,12 +9,12 @@ Fetch error: http://static.museodelprado.es/ => https://static.museodelprado.es/
 Fetch error: http://museodelprado.es/ => https://museodelprado.es/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="MuseoDelPrado.es" default_off='failed ruleset test'>
+<ruleset name="MuseoDelPrado.es" default_off="failed ruleset test">
 
 	<target host="museodelprado.es" />
 	<!-- HTTPS available on all subdomains -->
 	<target host="*.museodelprado.es" />
-	
+
 	<test url="http://biblioteca.museodelprado.es/" />
 	<test url="http://content.museodelprado.es/" />
 	<test url="http://content1.museodelprado.es/" />
diff --git a/src/chrome/content/rules/MusicPD.org.xml b/src/chrome/content/rules/MusicPD.org.xml
new file mode 100644
index 000000000000..af1d7c6d25ef
--- /dev/null
+++ b/src/chrome/content/rules/MusicPD.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional subdomains:
+		- git	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="MusicPD.org">
+
+	<target host="musicpd.org" />
+	<target host="www.musicpd.org" />
+	<target host="bugs.musicpd.org" />
+	<target host="forum.musicpd.org" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musicians_Friend.xml b/src/chrome/content/rules/Musicians_Friend.xml
index 5e7e4b9cbf5c..a06805b7509d 100644
--- a/src/chrome/content/rules/Musicians_Friend.xml
+++ b/src/chrome/content/rules/Musicians_Friend.xml
@@ -17,10 +17,12 @@ Non-2xx HTTP code: http://musiciansfriend.com/ (200) => http://musiciansfriend.c
 	At least some pages redirect to http.
 
 -->
-<ruleset name="Musician's Friend (partial)" default_off='failed ruleset test'>
+<ruleset name="Musician's Friend (partial)" default_off="failed ruleset test">
 
 	<target host="musiciansfriend.com" />
-	<target host="*.musiciansfriend.com" />
+	<target host="www.musiciansfriend.com" />
+	<target host="static.musiciansfriend.com" />
+	<target host="origin-static.musiciansfriend.com" />
 
 
 	<securecookie host="^origin-static\.musiciansfriend\.com$" name=".+" />
@@ -32,4 +34,4 @@ Non-2xx HTTP code: http://musiciansfriend.com/ (200) => http://musiciansfriend.c
 	<rule from="^http://(origin-)?static\.musiciansfriend\.com/"
 		to="https://$1static.musiciansfriend.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Musicmetric.xml b/src/chrome/content/rules/Musicmetric.xml
index bf11e4a964ce..0f0245264af1 100644
--- a/src/chrome/content/rules/Musicmetric.xml
+++ b/src/chrome/content/rules/Musicmetric.xml
@@ -19,7 +19,7 @@ Fetch error: http://knowledgebase.musicmetric.com/ => https://knowledgebase.musi
 		- knowledgebase.musicmetric.com
 
 -->
-<ruleset name="Musicmetric.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Musicmetric.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -31,7 +31,7 @@ Fetch error: http://knowledgebase.musicmetric.com/ => https://knowledgebase.musi
 					-->
 	<!--securecookie host="(?:app|knowledgebase)\.musicmetric\.com$" name=".+" /-->
 
-	<securecookie host=".+\.musicmetric\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Musicnotes.xml b/src/chrome/content/rules/Musicnotes.xml
index a39f26c58631..1447728325c3 100644
--- a/src/chrome/content/rules/Musicnotes.xml
+++ b/src/chrome/content/rules/Musicnotes.xml
@@ -20,7 +20,12 @@
 <ruleset name="Musicnotes.com (partial)">
 
 	<target host="musicnotes.com" />
-	<target host="*.musicnotes.com" />
+	<target host="www.musicnotes.com" />
+	<target host="help.musicnotes.com" />
+	<target host="origin-www.musicnotes.com" />
+	<target host="sheetmusic.musicnotes.com" />
+	<target host="stage.musicnotes.com" />
+	<target host="tx.musicnotes.com" />
 		<!--exclusion pattern="^http://(blog|search)\.musicnotes\.com/" /-->
 
 
@@ -34,7 +39,6 @@
 	<rule from="^http://(?:www\.)?musicnotes\.com/"
 		to="https://www.musicnotes.com/" />
 
-	<rule from="^http://(help|origin-www|sheetmusic|stage|tx)\.musicnotes\.com/"
-		to="https://$1.musicnotes.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/MusikhusetAarhus.dk.xml b/src/chrome/content/rules/MusikhusetAarhus.dk.xml
new file mode 100644
index 000000000000..afd737ed635e
--- /dev/null
+++ b/src/chrome/content/rules/MusikhusetAarhus.dk.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="MusikhusetAarhus.dk">
+	<target host="musikhusetaarhus.dk" />
+	<target host="www.musikhusetaarhus.dk" />
+	<target host="billet.musikhusetaarhus.dk" />
+	<target host="konkurrence.musikhusetaarhus.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Musl-libc.org.xml b/src/chrome/content/rules/Musl-libc.org.xml
index 52badceae5ed..ea7fa546cd75 100644
--- a/src/chrome/content/rules/Musl-libc.org.xml
+++ b/src/chrome/content/rules/Musl-libc.org.xml
@@ -1,21 +1,10 @@
-<!--
-	Mixed content:
-
-		- css on wiki from $self *
-
-	* Secured by us
-
--->
-<ruleset name="musl-libc.org (partial)" default_off="self-signed">
-
+<ruleset name="musl-libc.org">
+	<target host="musl-libc.org" />
+	<target host="www.musl-libc.org" />
+	<target host="git.musl-libc.org" />
 	<target host="wiki.musl-libc.org" />
 
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^wiki\.musl-libc\.org$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/MuslimIssues.com.xml b/src/chrome/content/rules/MuslimIssues.com.xml
deleted file mode 100644
index 114ff918725e..000000000000
--- a/src/chrome/content/rules/MuslimIssues.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="MuslimIssues.com">
-	<target host="muslimissues.com" />
-	<target host="www.muslimissues.com" />
-	<target host="mail.muslimissues.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MuslimsCondemn.com.xml b/src/chrome/content/rules/MuslimsCondemn.com.xml
deleted file mode 100644
index 0a244c0fa220..000000000000
--- a/src/chrome/content/rules/MuslimsCondemn.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="MuslimsCondemn.com">
-	<target host="muslimscondemn.com" />
-	<target host="www.muslimscondemn.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MuslimsDiscuss.com.xml b/src/chrome/content/rules/MuslimsDiscuss.com.xml
deleted file mode 100644
index 14b186bd88a2..000000000000
--- a/src/chrome/content/rules/MuslimsDiscuss.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid certificate
-	- muslimsdiscuss.com
-
--->
-<ruleset name="MuslimsDiscuss.com">
-	<target host="muslimsdiscuss.com" />
-	<target host="www.muslimsdiscuss.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://muslimsdiscuss\.com/" to="https://www.muslimsdiscuss.com/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Muspy.xml b/src/chrome/content/rules/Muspy.xml
index 75cdbd17b20f..f31f2ce4ea23 100644
--- a/src/chrome/content/rules/Muspy.xml
+++ b/src/chrome/content/rules/Muspy.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Mutoon.one.xml b/src/chrome/content/rules/Mutoon.one.xml
new file mode 100644
index 000000000000..744f0618b9b2
--- /dev/null
+++ b/src/chrome/content/rules/Mutoon.one.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		www.mutoon.one
+-->
+<ruleset name="Mutoon.one">
+	<target host="mutoon.one" />
+	<target host="www.mutoon.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.mutoon\.one/" to="https://mutoon.one/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mutt.org.xml b/src/chrome/content/rules/Mutt.org.xml
deleted file mode 100644
index 85b09039e983..000000000000
--- a/src/chrome/content/rules/Mutt.org.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-			 - mutt.org
-			 - www.mutt.org
-
-		SSL peer certificate was not OK:
-			 - ftp.mutt.org
--->
-<ruleset name="Mutt.org (partial)">
-	<target host="bugs.mutt.org" />
-	<target host="dev.mutt.org" />
-	<target host="wiki.mutt.org" />
-
-	<securecookie host="^dev\.mutt\.org$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mutterschaftsgeld.de.xml b/src/chrome/content/rules/Mutterschaftsgeld.de.xml
index 31c18b441755..f8aa6aa47bf6 100644
--- a/src/chrome/content/rules/Mutterschaftsgeld.de.xml
+++ b/src/chrome/content/rules/Mutterschaftsgeld.de.xml
@@ -1,8 +1,8 @@
-<ruleset name="Mutterschaftsgeld.de" default_off="missing certificate chain">
+<ruleset name="Mutterschaftsgeld.de" default_off="cert-chain">
 
 	<target host="mutterschaftsgeld.de" />
 	<target host="www.mutterschaftsgeld.de" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Mux.de.xml b/src/chrome/content/rules/Mux.de.xml
index 2f7515d3d13f..f71d953d4501 100644
--- a/src/chrome/content/rules/Mux.de.xml
+++ b/src/chrome/content/rules/Mux.de.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.mux.de/ => https://www.mux.de/: Too many redirects while
 	- reichenbachdelikatessen.mux.de
 	- bidjanbek.mux.de
 -->
-<ruleset name="Branchenbuch München" default_off='failed ruleset test'>
+<ruleset name="Branchenbuch München" default_off="failed ruleset test">
 
 	<target host="mux.de"/>
 	<target host="edit.mux.de"/>
diff --git a/src/chrome/content/rules/Mwave.com.au.xml b/src/chrome/content/rules/Mwave.com.au.xml
new file mode 100644
index 000000000000..91e00d1c4e33
--- /dev/null
+++ b/src/chrome/content/rules/Mwave.com.au.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		computers.mwave.com.au
+		specs.mwave.com.au
+		vendor.mwave.com.au
+
+-->
+<ruleset name="Mwave.com.au">
+
+	<target host="mwave.com.au" />
+	<target host="www.mwave.com.au" />
+	<target host="blog.mwave.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Mwave.xml b/src/chrome/content/rules/Mwave.xml
deleted file mode 100644
index 0bbfd451619d..000000000000
--- a/src/chrome/content/rules/Mwave.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Some pages redirect to http
-
--->
-<ruleset name="Mwave Australia (partial)">
-
-	<target host="mwave.com.au" />
-	<target host="www.mwave.com.au" />
-
-
-	<rule from="^http://(?:www\.)?mwave\.com\.au/((?:businesscorp|checkout|help|myaccount|privacy-policy|terms-and-conditions)(?:$|\?|/)|catalog/emailsubscribe|[cC]ontent/|favicon\.ico|images/|[sS]ecure/)"
-		to="https://www.mwave.com.au/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Mxptint.net.xml b/src/chrome/content/rules/Mxptint.net.xml
index 82345085fee9..6a73ba27b14e 100644
--- a/src/chrome/content/rules/Mxptint.net.xml
+++ b/src/chrome/content/rules/Mxptint.net.xml
@@ -1,31 +1,51 @@
 <!--
-	www.mxptint.net: Dropped over http & https
-
-
-	These altnames don't exist:
-
-		- www.mpp.mxptint.net
-
-
-	Insecure cookies are set for these domains:
-
-		- .mxptint.net
-
+	Connection refused:
+		- noredir.mxptint.net
+		- r.mxptint.net
+
+	Timeout:
+		- ftp.mxptint.net
+		- mlc.mxptint.net
+		- mpt.mxptint.net
+		- preview.mxptint.net
+		- www.mxptint.net
+
+	TLS error:
+		- aep.emea.mxptint.net
+		- bkp.emea.mxptint.net
+		- mps.mxptint.net
+		- mpc.nl.mxptint.net
+		- mpd.nl.mxptint.net
+		- oxp.emea.mxptint.net
+		- rbp.emea.mxptint.net
 -->
 <ruleset name="mxptint.net">
 
 	<target host="mxptint.net" />
+
+	<target host="abp.mxptint.net" />
+	<target host="aep.mxptint.net" />
+	<target host="atp.mxptint.net" />
+	<target host="bkp.mxptint.net" />
+	<target host="brp.mxptint.net" />
+	<target host="cxp.mxptint.net" />
 	<target host="mpp.emea.mxptint.net" />
+	<target host="exp.mxptint.net" />
+	<target host="lrp.mxptint.net" />
+	<target host="mpc.mxptint.net" />
+	<target host="mpd.mxptint.net" />
 	<target host="mpp.mxptint.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.mxptint\.net$" name="^mxpim$" /-->
+	<target host="optout.mxptint.net" />
+	<target host="oxp.mxptint.net" />
+	<target host="pmp.mxptint.net" />
+	<target host="rbp.mxptint.net" />
+	<target host="sxp.mxptint.net" />
+	<target host="tap.mxptint.net" />
+	<target host="test.mxptint.net" />
+	<target host="yhp.mxptint.net" />
 
 	<securecookie host=".+" name=".+" />
 
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/My-Aime.net.xml b/src/chrome/content/rules/My-Aime.net.xml
new file mode 100644
index 000000000000..6f23c565d680
--- /dev/null
+++ b/src/chrome/content/rules/My-Aime.net.xml
@@ -0,0 +1,11 @@
+<!--
+	Timeout:
+		- mx
+-->
+<ruleset name="My-Aime.net">
+	<target host="my-aime.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/My-Files.xml b/src/chrome/content/rules/My-Files.xml
index cd2629a090db..b4fa63340e6d 100644
--- a/src/chrome/content/rules/My-Files.xml
+++ b/src/chrome/content/rules/My-Files.xml
@@ -6,7 +6,7 @@ Fetch error: http://w01.my-files.de/ => https://w01.my-files.de/: (60, 'SSL cert
 Disabled by https-everywhere-checker because:
 Fetch error: http://w01.my-files.de/ => https://w01.my-files.de/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="My-files.de" default_off='failed ruleset test'>
+<ruleset name="My-files.de" default_off="failed ruleset test">
   <target host="w01.my-files.de" />
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/My.com.xml b/src/chrome/content/rules/My.com.xml
index 1721aad6db13..ee17f7707d3f 100644
--- a/src/chrome/content/rules/My.com.xml
+++ b/src/chrome/content/rules/My.com.xml
@@ -14,8 +14,7 @@
 <ruleset name="My.com (partial)">
     <target host="my.com" />
     <target host="*.my.com" />
-	
-	<test url="http://mymail.my.com/" />
+
 	<test url="http://account.my.com/" />
 	<test url="http://allods.my.com/" />
 	<test url="http://aw.my.com/" />
@@ -37,7 +36,6 @@
 	<test url="http://sf.my.com/" />
 	<test url="http://support.my.com/" />
 	<test url="http://target.my.com/" />
-	<test url="http://target.my.com/" />
 	<test url="http://wos.my.com/" />
 
     <securecookie host="^(.*\.)?my\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MyAMS.org.xml b/src/chrome/content/rules/MyAMS.org.xml
new file mode 100644
index 000000000000..cd2e15239513
--- /dev/null
+++ b/src/chrome/content/rules/MyAMS.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="MyAMS.org">
+	<target host="myams.org" />
+	<target host="www.myams.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyBB_Central.xml b/src/chrome/content/rules/MyBB_Central.xml
index 3d501443db24..2b5ce5cb3624 100644
--- a/src/chrome/content/rules/MyBB_Central.xml
+++ b/src/chrome/content/rules/MyBB_Central.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyBetter.com.xml b/src/chrome/content/rules/MyBetter.com.xml
index 40a9d1aada3f..6322855ef60c 100644
--- a/src/chrome/content/rules/MyBetter.com.xml
+++ b/src/chrome/content/rules/MyBetter.com.xml
@@ -15,19 +15,17 @@ Fetch error: http://mybetter.com/ => https://mybetter.com/: (60, 'SSL certificat
 		- server2...:2222
 
 -->
-<ruleset name="MyBetter.com" default_off='failed ruleset test'>
+<ruleset name="MyBetter.com" default_off="failed ruleset test">
 
 	<target host="mybetter.com" />
-	<target host="*.mybetter.com" />
+	<target host="server2.mybetter.com" />
+	<target host="www.mybetter.com" />
 
 
 	<securecookie host="^server2\.mybetter\.com$" name=".+" />
 
 
-	<rule from="^http://(server2\.|www\.)?mybetter\.com/"
-		to="https://$1mybetter.com/" />
 
-	<rule from="^http://server2\.mybetter\.com:2222/"
-		to="https://server2.mybetter.com:2222/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/MyBuys.xml b/src/chrome/content/rules/MyBuys.xml
index 9ab1ca1c7f7b..781079adca73 100644
--- a/src/chrome/content/rules/MyBuys.xml
+++ b/src/chrome/content/rules/MyBuys.xml
@@ -51,7 +51,12 @@
 <ruleset name="MyBuys (partial)">
 
 	<target host="mybuys.com" />
-	<target host="*.mybuys.com" />
+	<target host="bi5.p.mybuys.com" />
+	<target host="portal.p.mybuys.com" />
+	<target host="t.p.mybuys.com" />
+	<target host="w.p.mybuys.com" />
+	<target host="www.mybuys.com" />
+	<target host="www2.mybuys.com" />
 
 
 	<securecookie host=".*\.mybuys\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MyCalendar.xml b/src/chrome/content/rules/MyCalendar.xml
deleted file mode 100644
index 3ab4aad17076..000000000000
--- a/src/chrome/content/rules/MyCalendar.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="MyCalendar">
-
-	<target host="mycalendarbook.com" />
-	<target host="www.mycalendarbook.com" />
-
-
-	<!--	Cert doesn't match !www.
-						-->
-	<rule from="^http://(?:www\.)?mycalendarbook\.com/"
-		to="https://mycalendarbook.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyCharity.ie.xml b/src/chrome/content/rules/MyCharity.ie.xml
index be7342991725..2add9da0b56b 100644
--- a/src/chrome/content/rules/MyCharity.ie.xml
+++ b/src/chrome/content/rules/MyCharity.ie.xml
@@ -5,7 +5,7 @@ Fetch error: http://mycharity.ie/ => https://www.mycharity.ie/: (7, 'Failed to c
 Fetch error: http://www.mycharity.ie/ => https://www.mycharity.ie/: (7, 'Failed to connect to www.mycharity.ie port 443: Connection refused')
 
 -->
-<ruleset name="MyCharity.ie" default_off='failed ruleset test'>
+<ruleset name="MyCharity.ie" default_off="failed ruleset test">
   <!-- cert valid only for www. -->
   <target host="mycharity.ie" />
   <target host="www.mycharity.ie" />
diff --git a/src/chrome/content/rules/MyChart.xml b/src/chrome/content/rules/MyChart.xml
index 42ecbd2d8564..04f201679b6f 100644
--- a/src/chrome/content/rules/MyChart.xml
+++ b/src/chrome/content/rules/MyChart.xml
@@ -1,10 +1,10 @@
 <ruleset name="MyChart" platform="mixedcontent">
 
 	<target host="viewmychart.com" />
-	<target host="*.viewmychart.com" />
+	<target host="www.viewmychart.com" />
 
 
-	<securecookie host="^(?:.*\.)?viewmychart\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?viewmychart\.com/"
diff --git a/src/chrome/content/rules/MyComputer.com.xml b/src/chrome/content/rules/MyComputer.com.xml
index 62dfe1db6ea0..27c7c6416d81 100644
--- a/src/chrome/content/rules/MyComputer.com.xml
+++ b/src/chrome/content/rules/MyComputer.com.xml
@@ -1,7 +1,21 @@
 <!--
 	For other Network Solutions coverage, see Network-Solutions.xml.
 
-
+	Nonfunctional subdomains:
+
+		a		(hostname mismatch, CN: a248.e.akamai.net)
+		sa		(hostname mismatch, CN: a248.e.akamai.net)
+		mail	(timeout)
+		siteminer	(timeout)
+		ppctool		(timeout)
+		phoenix-adrunner	(timeout)
+		405f42d2.chi	(connection refused)
+
+		www.guestbook
+		www.counter
+		www.bannerexchange
+		www.boardserver
+		www.superstats
 	^: cert only matches *.mycomputer.com
 
 -->
@@ -9,12 +23,32 @@
 
 	<target host="mycomputer.com" />
 	<target host="www.mycomputer.com" />
-
-
-	<rule from="^http://(?:www\.)?mycomputer\.com/"
-		to="https://www.mycomputer.com/" />
-
-	<rule from="^http://watchdog\.mycomputer\.com/"
-		to="https://watchdog.mycomputer.com/" />
+	<target host="123counter.mycomputer.com" />
+	<target host="bannerexchange.mycomputer.com" />
+	<target host="boardserver.mycomputer.com" />
+	<target host="code-adrunner.mycomputer.com" />
+	<target host="code-mc-adrunner.mycomputer.com" />
+	<target host="counter.mycomputer.com" />
+	<target host="domains.mycomputer.com" />
+	<target host="enterprise.mycomputer.com" />
+	<target host="ezpolls.mycomputer.com" />
+	<target host="guestbook.mycomputer.com" />
+	<target host="iclicks.mycomputer.com" />
+	<target host="linkcount.mycomputer.com" />
+	<target host="media-adrunner.mycomputer.com" />
+	<target host="media-mc-adrunner.mycomputer.com" />
+	<target host="new.mycomputer.com" />
+	<target host="phoenix-mc-adrunner.mycomputer.com" />
+	<target host="sitemechanic.mycomputer.com" />
+	<target host="siterewards.mycomputer.com" />
+	<target host="submitwizard.mycomputer.com" />
+	<target host="superstats.mycomputer.com" />
+	<target host="textomatic.mycomputer.com" />
+	<target host="watchdog.mycomputer.com" />
+	<target host="webrookie.mycomputer.com" />
+	<target host="websnapshot.mycomputer.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/MyEdAccount.Com.xml b/src/chrome/content/rules/MyEdAccount.Com.xml
deleted file mode 100644
index ec1940db73b6..000000000000
--- a/src/chrome/content/rules/MyEdAccount.Com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://myedaccount.com/ => https://www.myedaccount.com/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://www.myedaccount.com/ => https://www.myedaccount.com/: (28, 'Connection timed out after 20000 milliseconds')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://myedaccount.com/ => https://www.myedaccount.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.myedaccount.com'")
-Fetch error: http://www.myedaccount.com/ => https://www.myedaccount.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.myedaccount.com'")
--->
-<ruleset name="MyEdAccount.Com" default_off='failed ruleset test'>
-	<target host="myedaccount.com" />
-	<target host="www.myedaccount.com" />
-
-	<securecookie host="(?:^|\.)myedaccount\.com$" name=".+" />
-
-	<rule from="^(?:http://(?:www\.)?|https://)myedaccount\.com/" to="https://www.myedaccount.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/MyEtherWallet.com.xml b/src/chrome/content/rules/MyEtherWallet.com.xml
deleted file mode 100644
index 9f3aadb15326..000000000000
--- a/src/chrome/content/rules/MyEtherWallet.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	No working URL known:
-		rpc.myetherwallet.com
-
--->
-<ruleset name="MyEtherWallet.com">
-	<target host="myetherwallet.com" />
-	<target host="www.myetherwallet.com" />
-	<target host="alpha.myetherwallet.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MyFBO.com.xml b/src/chrome/content/rules/MyFBO.com.xml
index e5205ca39968..d8d43095fcbd 100644
--- a/src/chrome/content/rules/MyFBO.com.xml
+++ b/src/chrome/content/rules/MyFBO.com.xml
@@ -19,7 +19,7 @@
 	<target host="s10.myfbo.com" />
 	<target host="s11.myfbo.com" />
 	<target host="s13.myfbo.com" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/MyFreeCopyright.com-problematic.xml b/src/chrome/content/rules/MyFreeCopyright.com-problematic.xml
deleted file mode 100644
index 094cfa49d468..000000000000
--- a/src/chrome/content/rules/MyFreeCopyright.com-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see MyFreeCopyright.com.xml.
-
--->
-<ruleset name="MyFreeCopyright.com (problematic)" default_off="expired">
-
-	<target host="myfreecopyright.com" />
-	<target host="www.myfreecopyright.com" />
-
-
-	<securecookie host="^myfreecopyright\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?myfreecopyright\.com/"
-		to="https://myfreecopyright.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyFreeCopyright.com.xml b/src/chrome/content/rules/MyFreeCopyright.com.xml
deleted file mode 100644
index 916088d04991..000000000000
--- a/src/chrome/content/rules/MyFreeCopyright.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For problematic rules, see MyFreeCopyright.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- myfreecopyright.s3.amazonaws.com
-
-			- storage
-
-
-	Problematic subdomains:
-
-		- (www.)	(works, expired 2013-11-07)
-		- storage	(amazonws)
-
-
-	Mixed content:
-
-		- Images on (www.) from (www.) *
-
-	* Secured by us
-
--->
-<ruleset name="MyFreeCopyright.com (partial)">
-
-	<target host="storage.myfreecopyright.com" />
-
-
-	<rule from="^http://storage\.myfreecopyright\.com/"
-		to="https://myfreecopyright.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MyGirlFund.xml b/src/chrome/content/rules/MyGirlFund.xml
index cd88e0ee0f95..174a96c78244 100644
--- a/src/chrome/content/rules/MyGirlFund.xml
+++ b/src/chrome/content/rules/MyGirlFund.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyGoxClaim.com.xml b/src/chrome/content/rules/MyGoxClaim.com.xml
deleted file mode 100644
index 3ace003f066b..000000000000
--- a/src/chrome/content/rules/MyGoxClaim.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="MyGoxClaim.com">
-	<target host="mygoxclaim.com" />
-	<target host="www.mygoxclaim.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/MyInteriorDecorator.com.xml b/src/chrome/content/rules/MyInteriorDecorator.com.xml
index 169d91a77578..85f4725be6bc 100644
--- a/src/chrome/content/rules/MyInteriorDecorator.com.xml
+++ b/src/chrome/content/rules/MyInteriorDecorator.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.myinteriordecorator.com/ => https://www.myinteriordecora
 Disabled by https-everywhere-checker because:
 Fetch error: http://myinteriordecorator.com/ => https://myinteriordecorator.com/: (51, "SSL: no alternative certificate subject name matches target host name 'myinteriordecorator.com'")
 -->
-<ruleset name="MyInteriorDecorator.com" default_off='failed ruleset test'>
+<ruleset name="MyInteriorDecorator.com" default_off="failed ruleset test">
 
 	<target host="myinteriordecorator.com" />
 	<target host="www.myinteriordecorator.com" />
@@ -18,4 +18,4 @@ Fetch error: http://myinteriordecorator.com/ => https://myinteriordecorator.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyLeague.xml b/src/chrome/content/rules/MyLeague.xml
index e50580b7b57e..422fafff115f 100644
--- a/src/chrome/content/rules/MyLeague.xml
+++ b/src/chrome/content/rules/MyLeague.xml
@@ -8,7 +8,7 @@
 <ruleset name="MyLeague">
 
 	<target host="myleague.com" />
-	<target host="*.myleague.com" />
+	<target host="www.myleague.com" />
 
 
 	<securecookie host="^\.myleague\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MyLifetime.com.xml b/src/chrome/content/rules/MyLifetime.com.xml
index daba5f007c56..5a1b518b9340 100644
--- a/src/chrome/content/rules/MyLifetime.com.xml
+++ b/src/chrome/content/rules/MyLifetime.com.xml
@@ -64,7 +64,7 @@ Fetch error: http://ssos.mylifetime.com/ => https://ssos.mylifetime.com/: (6, 'C
 	* → akamai
 
 -->
-<ruleset name="myLifetime.com (partial)" default_off='failed ruleset test'>
+<ruleset name="myLifetime.com (partial)" default_off="failed ruleset test">
 
 	<target host="ssos.mylifetime.com" />
 
diff --git a/src/chrome/content/rules/MyLikes.xml b/src/chrome/content/rules/MyLikes.xml
index 618d8bd21180..cfbb9ada2c17 100644
--- a/src/chrome/content/rules/MyLikes.xml
+++ b/src/chrome/content/rules/MyLikes.xml
@@ -22,14 +22,15 @@ Fetch error: http://mlv-cdn.com/ => https://mylikes.com/: (28, 'Connection timed
 	- www.mlv-cdn.com doesn't exist
 
 -->
-<ruleset name="MyLikes" default_off='failed ruleset test'>
+<ruleset name="MyLikes" default_off="failed ruleset test">
 
 	<target host="longurl.it" />
 	<target host="*.longurl.it" />
 	<target host="mlv-cdn.com" />
 	<target host="w.mlv-cdn.com" />
 	<target host="mylikes.com" />
-	<target host="*.mylikes.com" />
+	<target host="ads.mylikes.com" />
+	<target host="www.mylikes.com" />
 
 
 	<securecookie host="^\.longurl\.it$" name=".+" />
diff --git a/src/chrome/content/rules/MyPlayDirect.xml b/src/chrome/content/rules/MyPlayDirect.xml
index cc436ffba7b3..52c717c99245 100644
--- a/src/chrome/content/rules/MyPlayDirect.xml
+++ b/src/chrome/content/rules/MyPlayDirect.xml
@@ -5,11 +5,11 @@ Fetch error: http://myplaydirect.com/ => https://www.myplaydirect.com/: (60, 'SS
 Fetch error: http://www.myplaydirect.com/ => https://www.myplaydirect.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="MyPlayDirect" default_off='failed ruleset test'>
+<ruleset name="MyPlayDirect" default_off="failed ruleset test">
   <target host="myplaydirect.com" />
   <target host="www.myplaydirect.com" />
 
-  <securecookie host="^(?:.+\.)?myplaydirect\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?myplaydirect\.com/" to="https://www.myplaydirect.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/MyResumeAgent.com.xml b/src/chrome/content/rules/MyResumeAgent.com.xml
deleted file mode 100644
index f42f334a5c26..000000000000
--- a/src/chrome/content/rules/MyResumeAgent.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Monster coverage, see Monster.xml.
-
-
-	^myresumeagent.com: Mismatched
-
--->
-<ruleset name="myResumeAgent.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.myresumeagent.com" />
-
-	<!--	Complications:
-				-->
-	<target host="myresumeagent.com" />
-
-
-	<securecookie host="^(?:www)?\.myresumeagent\.com$" name=".+" />
-
-
-	<rule from="^http://myresumeagent\.com/"
-		to="https://www.myresumeagent.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/MySQL.xml b/src/chrome/content/rules/MySQL.xml
index 05c940db822a..690226bd8e89 100644
--- a/src/chrome/content/rules/MySQL.xml
+++ b/src/chrome/content/rules/MySQL.xml
@@ -1,13 +1,5 @@
 <!--
-	Other Oracle rulesets:
-
-		- NetBeans.xml
-		- Oracle.xml
-		- Oracle-mismatches.xml
-
-
-	See Oracle-mismatches.xml for problematic rules.
-
+	For other Oracle coverage, see Oracle.xml.
 
 	Problematic subdomains:
 
diff --git a/src/chrome/content/rules/MySecureConnect.com.xml b/src/chrome/content/rules/MySecureConnect.com.xml
deleted file mode 100644
index d834ed743d3e..000000000000
--- a/src/chrome/content/rules/MySecureConnect.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Trustwave coverage, see Trustwave.xml.
-
--->
-<ruleset name="mySecureConnect">
-
-	<target host="mysecureconnect.com" />
-	<target host="order.mysecureconnect.com" />
-	<target host="www.mysecureconnect.com" />
-
-
-	<securecookie host="^(?:order\.|www\.)?mysecureconnect\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/MySkreen.com.xml b/src/chrome/content/rules/MySkreen.com.xml
index b2550519a5f0..57145515ffb5 100644
--- a/src/chrome/content/rules/MySkreen.com.xml
+++ b/src/chrome/content/rules/MySkreen.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://medias.myskreen.com/ => https://medias.myskreen.com/: (60, '
 		- www	(redirects to http, valid cert)
 
 -->
-<ruleset name="mySkreen.com (partial)" default_off='failed ruleset test'>
+<ruleset name="mySkreen.com (partial)" default_off="failed ruleset test">
 
 	<target host="medias.myskreen.com" />
 
diff --git a/src/chrome/content/rules/MySociety.org.xml b/src/chrome/content/rules/MySociety.org.xml
index ea1d9fc9fb8d..06922e9f44b8 100644
--- a/src/chrome/content/rules/MySociety.org.xml
+++ b/src/chrome/content/rules/MySociety.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://mysociety.org/ => https://mysociety.org/: (51, "SSL: no alte
 		- www.mysociety.org
 
 -->
-<ruleset name="mySociety.org" default_off='failed ruleset test'>
+<ruleset name="mySociety.org" default_off="failed ruleset test">
 
 	<target host="mysociety.org" />
 	<target host="www.mysociety.org" />
diff --git a/src/chrome/content/rules/MyStockOptions.com.xml b/src/chrome/content/rules/MyStockOptions.com.xml
index 1c2ae95e91c0..6d6def4fc041 100644
--- a/src/chrome/content/rules/MyStockOptions.com.xml
+++ b/src/chrome/content/rules/MyStockOptions.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="myStockOptions.com">
 
 	<target host="mystockoptions.com" />
-	<target host="*.mystockoptions.com" />
+	<target host="www.mystockoptions.com" />
 
 
 	<securecookie host="^(?:www)?\.mystockoptions\.com$" name=".+" />
diff --git a/src/chrome/content/rules/MyTextGraphics.com.xml b/src/chrome/content/rules/MyTextGraphics.com.xml
index 334f35797753..d49e8388a6b0 100644
--- a/src/chrome/content/rules/MyTextGraphics.com.xml
+++ b/src/chrome/content/rules/MyTextGraphics.com.xml
@@ -52,4 +52,4 @@
 	<rule from="^http://img-s3-01\.mytextgraphics\.com/"
 		to="https://dn7bb6u52b8om.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/MyWOT.xml b/src/chrome/content/rules/MyWOT.xml
index 85f6e3b5ac9d..6258d5df3070 100644
--- a/src/chrome/content/rules/MyWOT.xml
+++ b/src/chrome/content/rules/MyWOT.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.mywot.net/ => https://www.mywot.net/: (51, "SSL: no alte
 		- d203dmbd9wdx7j.cloudfront.net
 -->
 
-<ruleset name="MyWOT" default_off='failed ruleset test'>
+<ruleset name="MyWOT" default_off="failed ruleset test">
 
 	<target host="mywot.com" />
 	<target host="api.mywot.com" />
@@ -17,7 +17,7 @@ Fetch error: http://www.mywot.net/ => https://www.mywot.net/: (51, "SSL: no alte
 	<target host="filter.mywot.com" />
 	<target host="search.mywot.com" />
 	<target host="www.mywot.com" />
-	
+
 	<target host="mywot.net" />
 	<target host="cdn-cf.mywot.net" />
 	<target host="www.mywot.net" />
diff --git a/src/chrome/content/rules/MyWell-Being.com.xml b/src/chrome/content/rules/MyWell-Being.com.xml
index 49119f604b9a..662ca6c09c46 100644
--- a/src/chrome/content/rules/MyWell-Being.com.xml
+++ b/src/chrome/content/rules/MyWell-Being.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.mywell-being.com/ => https://www.mywell-being.com/: (28,
 
 
 -->
-<ruleset name="MyWell-Being.com" default_off='failed ruleset test'>
+<ruleset name="MyWell-Being.com" default_off="failed ruleset test">
 
 	<target host="mywell-being.com" />
 	<target host="www.mywell-being.com" />
@@ -22,4 +22,4 @@ Fetch error: http://www.mywell-being.com/ => https://www.mywell-being.com/: (28,
 	<rule from="^http://(?:www\.)?mywell-being\.com/"
 		to="https://www.mywell-being.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Aloe_Cleanse.com.xml b/src/chrome/content/rules/My_Aloe_Cleanse.com.xml
deleted file mode 100644
index b083ceaa8e57..000000000000
--- a/src/chrome/content/rules/My_Aloe_Cleanse.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://tryprocleanse.com/ => http://tryprocleanse.com/: (60, 'SSL certificate problem: certificate has expired')
-
--->
-<ruleset name="My Aloe Cleanse.com">
-
-	<target host="myaloecleanse.com" />
-	<target host="*.myaloecleanse.com" />
-	<target host="tryprocleanse.com" />
-	<target host="*.tryprocleanse.com" />
-
-
-	<securecookie host="^\.(?:myaloe|trypto)cleanse\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?(myaloe|trypto)cleanse\.com/"
-		to="https://$1$2cleanse.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/My_Healthcare_Contacts.xml b/src/chrome/content/rules/My_Healthcare_Contacts.xml
deleted file mode 100644
index da98f12a52a7..000000000000
--- a/src/chrome/content/rules/My_Healthcare_Contacts.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="My Healthcare Contacts">
-
-	<target host="minavardkontakter.se" />
-	<target host="*.minavardkontakter.se" />
-
-
-	<securecookie host="^kontakt\.minavardkontakter\.se$" name=".+" />
-
-
-	<rule from="^http://(?:kontakt\.|www\.)?minavardkontakter\.se/"
-		to="https://minavardkontakter.se/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/My_InMon.com.xml b/src/chrome/content/rules/My_InMon.com.xml
index bf946feb56be..54822c49020d 100644
--- a/src/chrome/content/rules/My_InMon.com.xml
+++ b/src/chrome/content/rules/My_InMon.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="my InMon.com">
 
 	<target host="myinmon.com" />
-	<target host="*.myinmon.com" />
+	<target host="www.myinmon.com" />
 
 
 	<securecookie host="^\.www\.myinmon\.com$" name=".+" />
diff --git a/src/chrome/content/rules/My_OptPlus_secure.com.xml b/src/chrome/content/rules/My_OptPlus_secure.com.xml
index a95ed440b4e1..c2b4a6e87c3e 100644
--- a/src/chrome/content/rules/My_OptPlus_secure.com.xml
+++ b/src/chrome/content/rules/My_OptPlus_secure.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://myoptplussecure.com/ => https://myoptplussecure.com/: (7, 'Failed to connect to myoptplussecure.com port 80: Connection refused')
 Fetch error: http://www.myoptplussecure.com/ => https://www.myoptplussecure.com/: (7, 'Failed to connect to www.myoptplussecure.com port 80: Connection refused')
 -->
-<ruleset name="My OptPlus secure.com" default_off='failed ruleset test'>
+<ruleset name="My OptPlus secure.com" default_off="failed ruleset test">
 
 	<target host="myoptplussecure.com" />
 	<target host="www.myoptplussecure.com" />
diff --git a/src/chrome/content/rules/My_OptimizerPlus.com.xml b/src/chrome/content/rules/My_OptimizerPlus.com.xml
index 9b762fcb0ac6..c798bd400522 100644
--- a/src/chrome/content/rules/My_OptimizerPlus.com.xml
+++ b/src/chrome/content/rules/My_OptimizerPlus.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://myoptimizerplus.com/ => https://myoptimizerplus.com/: (51, "
 Fetch error: http://www.myoptimizerplus.com/ => https://www.myoptimizerplus.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.myoptimizerplus.com'")
 
 -->
-<ruleset name="My OptimizerPlus.com" default_off='failed ruleset test'>
+<ruleset name="My OptimizerPlus.com" default_off="failed ruleset test">
 
 	<target host="myoptimizerplus.com" />
 	<target host="www.myoptimizerplus.com" />
diff --git a/src/chrome/content/rules/My_Radio_Creative.xml b/src/chrome/content/rules/My_Radio_Creative.xml
index 31e09ca5a4c6..cc019cf3ed32 100644
--- a/src/chrome/content/rules/My_Radio_Creative.xml
+++ b/src/chrome/content/rules/My_Radio_Creative.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://myradiocreative.com/ => https://myradiocreative.com/: (6, 'Could not resolve host: myradiocreative.com')
 
 -->
-<ruleset name="My Radio Creative" default_off='failed ruleset test'>
+<ruleset name="My Radio Creative" default_off="failed ruleset test">
 
 	<target host="myradiocreative.com" />
 	<target host="www.myradiocreative.com" />
@@ -15,4 +15,4 @@ Fetch error: http://myradiocreative.com/ => https://myradiocreative.com/: (6, 'C
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/My_Shazam.com.xml b/src/chrome/content/rules/My_Shazam.com.xml
index 87f1c1824efb..ace0334bd44d 100644
--- a/src/chrome/content/rules/My_Shazam.com.xml
+++ b/src/chrome/content/rules/My_Shazam.com.xml
@@ -11,7 +11,7 @@
 		- myshazam.com
 
 -->
-<ruleset name="My Shazam.com" default_off="missing certificate chain">
+<ruleset name="My Shazam.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/My_Virtual_Paper.xml b/src/chrome/content/rules/My_Virtual_Paper.xml
deleted file mode 100644
index fa9ae44102c4..000000000000
--- a/src/chrome/content/rules/My_Virtual_Paper.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- admin		(shows secure.admin; mismatched, CN: secure.admin.myvirtualpaper.com)
-		- america *
-		- cdn-aec2w1	(503, akamai)
-		- img *
-		- www *
-
-	* No https
-
-
-	Problematic domains:
-
-		- ^		(works; expired 2011-11-05, CN: web6)
-		- cdn-as3	(works, akamai)
-
--->
-<ruleset name="My Virtual Paper (partial)">
-
-	<target host="secure.admin.myvirtualpaper.com" />
-
-
-	<securecookie host="^secure\.admin\.myvirtualpaper\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Mycoles.com.au.xml b/src/chrome/content/rules/Mycoles.com.au.xml
new file mode 100644
index 000000000000..9825ac5a498b
--- /dev/null
+++ b/src/chrome/content/rules/Mycoles.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+-->
+<ruleset name="mycoles.com.au">
+
+	<target host="mycoles.com.au" />
+	<target host="www.mycoles.com.au" />
+	<target host="apps.mycoles.com.au" />
+	<target host="learning.mycoles.com.au" />
+	<target host="notifications.mycoles.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mydigipass.com.xml b/src/chrome/content/rules/Mydigipass.com.xml
deleted file mode 100644
index e12c91b35c96..000000000000
--- a/src/chrome/content/rules/Mydigipass.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	mismatch:
-		-help.mydigipass.com
--->
-<ruleset name="Mydigipass.com">
-	<target host="mydigipass.com" />
-	<target host="www.mydigipass.com" />
-	<target host="backoffice.mydigipass.com" />
-	<target host="developer.mydigipass.com" />
-	<target host="sandbox.mydigipass.com" />
-
-	<securecookie host="^(\w+\.)?mydigipass\.com$" name=".+" />
-
-	<rule from="^http:"
-	to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Mydrive.ch.xml b/src/chrome/content/rules/Mydrive.ch.xml
new file mode 100644
index 000000000000..5d3eda70c86c
--- /dev/null
+++ b/src/chrome/content/rules/Mydrive.ch.xml
@@ -0,0 +1,10 @@
+<ruleset name="Mydrive.ch">
+	<target host="mydrive.ch"/>
+	<target host="www.mydrive.ch"/>
+	<target host="static.mydrive.ch"/>
+	<target host="webdav.mydrive.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Mydrive.xml b/src/chrome/content/rules/Mydrive.xml
deleted file mode 100644
index b9507f596641..000000000000
--- a/src/chrome/content/rules/Mydrive.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Mydrive">
-  <target host="mydrive.ch"/>
-  <target host="www.mydrive.ch"/>
-  <target host="static.mydrive.ch"/>
-  <target host="webdav.mydrive.ch"/>
-  
-   <securecookie host="^(?:.*\.)?mydrive\.ch$" name=".+" />
-   
-  <rule from="^http://(www|static|webdav)\.?mydrive\.ch/" to="https://$1.mydrive.ch/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Myfolder.xml b/src/chrome/content/rules/Myfolder.xml
index 32bda4fbc4c2..467fb78f64de 100644
--- a/src/chrome/content/rules/Myfolder.xml
+++ b/src/chrome/content/rules/Myfolder.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.myfolder.net/ => https://www.myfolder.net/: (28, 'Connec
 		- vaccine	(cert: www.myfolder.net; shows www's data)
 
 -->
-<ruleset name="myfolder (partial)" default_off='failed ruleset test'>
+<ruleset name="myfolder (partial)" default_off="failed ruleset test">
 
 	<target host="myfolder.net" />
 	<target host="www.myfolder.net" />
diff --git a/src/chrome/content/rules/Myftp.utechsoft.com.xml b/src/chrome/content/rules/Myftp.utechsoft.com.xml
deleted file mode 100644
index b81bd445a03f..000000000000
--- a/src/chrome/content/rules/Myftp.utechsoft.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Myftp.utechsoft.com">
-  <target host="myftp.utechsoft.com"/>
-  <rule from="^http://(?:www\.)?myftp\.utechsoft\.com/" to="https://myftp.utechsoft.com/"/>
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Myheritage.xml b/src/chrome/content/rules/Myheritage.xml
index 343a2a8a3669..de96498b69b2 100644
--- a/src/chrome/content/rules/Myheritage.xml
+++ b/src/chrome/content/rules/Myheritage.xml
@@ -18,17 +18,17 @@ Fetch error: http://myheritage.com.il/ => https://myheritage.com.il/: (6, 'Could
     Nonfunctional domains:
         - blog.myheritage.*          -> stupid error 29 by incapsula
         - helpcenter.myheritage.*    -> wrong cert (valid for nanorep.com)
-	
+
 	Mixed content:
 		- iframes on myheritage.* *
-	
+
 	* secured by us
 
     Other MyHeritage rulesets:
 	    - Mhcache.com
 	    - Myheritageimages.com
 -->
-<ruleset name="MyHeritage" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="MyHeritage" platform="mixedcontent" default_off="failed ruleset test">
     <!-- .com -->
     <target host="myheritage.com" />
     <target host="*.myheritage.com" />
@@ -124,7 +124,7 @@ Fetch error: http://myheritage.com.il/ => https://myheritage.com.il/: (6, 'Could
 
     <!-- https://regex101.com/r/fT8rK6/6 -->
     <exclusion pattern="^http://(blog|helpcenter)\.myheritage\.(com\.br|co\.il|no|nl|de|dk|se|fr|fi|es|pl)" />
-	
+
     <test url="http://blog.myheritage.com/" />
     <test url="http://helpcenter.myheritage.com/" />
     <test url="http://blog.myheritage.br/" />
diff --git a/src/chrome/content/rules/Myitcv.org.uk.xml b/src/chrome/content/rules/Myitcv.org.uk.xml
index 120cadd9de03..dfeb9d6f7817 100644
--- a/src/chrome/content/rules/Myitcv.org.uk.xml
+++ b/src/chrome/content/rules/Myitcv.org.uk.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.myitcv.org.uk/ => https://www.myitcv.org.uk/: (7, 'Faile
 	* github
 
 -->
-<ruleset name="myitcv.org.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="myitcv.org.uk (partial)" default_off="failed ruleset test">
 
 	<target host="myitcv.org.uk" />
 	<target host="www.myitcv.org.uk" />
diff --git a/src/chrome/content/rules/Mynaweb.com.xml b/src/chrome/content/rules/Mynaweb.com.xml
index 99b076f9aea6..5e779842c391 100644
--- a/src/chrome/content/rules/Mynaweb.com.xml
+++ b/src/chrome/content/rules/Mynaweb.com.xml
@@ -27,19 +27,20 @@ Fetch error: http://mynaweb.com/ => https://mynaweb.com/: (51, "SSL: no alternat
 	api sets myna cookie on whichever domain it is loaded from
 
 -->
-<ruleset name="Mynaweb.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mynaweb.com (partial)" default_off="failed ruleset test">
 
 	<target host="mynaweb.com" />
-	<target host="*.mynaweb.com" />
+	<target host="api.mynaweb.com" />
+	<target host="www.mynaweb.com" />
+	<target host="cdn.mynaweb.com" />
 
 
 	<securecookie host="^mynaweb\.com$" name=".+" />
 
 
-	<rule from="^http://(api\.|www\.)?mynaweb\.com/"
-		to="https://$1mynaweb.com/" />
 
 	<rule from="^http://cdn\.mynaweb\.com/"
 		to="https://ddnxkh4q55q4m.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Mynewsdesk.com.xml b/src/chrome/content/rules/Mynewsdesk.com.xml
index d2f3e4f46602..2975479440a9 100644
--- a/src/chrome/content/rules/Mynewsdesk.com.xml
+++ b/src/chrome/content/rules/Mynewsdesk.com.xml
@@ -32,7 +32,7 @@ Fetch error: http://get.mynewsdesk.com/ => https://get.mynewsdesk.com/: (60, 'SS
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Mynewsdesk.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Mynewsdesk.com (partial)" default_off="failed ruleset test">
 
 	<target host="mynewsdesk.com" />
 	<target host="get.mynewsdesk.com" />
diff --git a/src/chrome/content/rules/Myregisteredsite.com.xml b/src/chrome/content/rules/Myregisteredsite.com.xml
index 52b8d0c7d504..561bd26d56fc 100644
--- a/src/chrome/content/rules/Myregisteredsite.com.xml
+++ b/src/chrome/content/rules/Myregisteredsite.com.xml
@@ -7,10 +7,10 @@
 	<target host="*.myregisteredsite.com" />
 
 
-	<securecookie host="^.+\.myregisteredsite\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(iscorecard|\d+\.sites)\.myregisteredsite\.com/"
 		to="https://$1.myregisteredsite.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Myricom.com.xml b/src/chrome/content/rules/Myricom.com.xml
index 7654939df549..ad21f548b088 100644
--- a/src/chrome/content/rules/Myricom.com.xml
+++ b/src/chrome/content/rules/Myricom.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.myricom.com/ => https://www.myricom.com/: (51, "SSL: no
 		- www.myricom.com
 
 -->
-<ruleset name="Myricom.com" default_off='failed ruleset test'>
+<ruleset name="Myricom.com" default_off="failed ruleset test">
 
 	<target host="myricom.com" />
 	<target host="www.myricom.com" />
diff --git a/src/chrome/content/rules/Mysitemyway.xml b/src/chrome/content/rules/Mysitemyway.xml
index 52c08a9973da..d7e0e9df346c 100644
--- a/src/chrome/content/rules/Mysitemyway.xml
+++ b/src/chrome/content/rules/Mysitemyway.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.mysitemyway.com/ => https://www.mysitemyway.com/: (60, '
 Disabled by https-everywhere-checker because:
 Fetch error: http://www.mysitemyway.com/ => https://www.mysitemyway.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.mysitemyway.com'")
 -->
-<ruleset name="Mysitemyway" default_off='failed ruleset test'>
+<ruleset name="Mysitemyway" default_off="failed ruleset test">
 
 	<target host="mysitemyway.com" />
 	<target host="www.mysitemyway.com" />
@@ -15,4 +15,4 @@ Fetch error: http://www.mysitemyway.com/ => https://www.mysitemyway.com/: (51, "
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/N-2.org.xml b/src/chrome/content/rules/N-2.org.xml
index 73e22335ded2..1e41437a6fbf 100644
--- a/src/chrome/content/rules/N-2.org.xml
+++ b/src/chrome/content/rules/N-2.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.n-2.org/ => https://www.n-2.org/: (6, 'Could not resolve host: www.n-2.org')
 
 -->
-<ruleset name="N-2.org" default_off='failed ruleset test'>
+<ruleset name="N-2.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/N-ERGIE.xml b/src/chrome/content/rules/N-ERGIE.xml
index 0e582ce29786..231739f5d612 100644
--- a/src/chrome/content/rules/N-ERGIE.xml
+++ b/src/chrome/content/rules/N-ERGIE.xml
@@ -3,6 +3,5 @@
 
 <rule from="^http:" to="https:" />
 
-<test url="http://www.n-ergie.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/N-JOY.de.xml b/src/chrome/content/rules/N-JOY.de.xml
index f9e88700290c..0b5b1951a26b 100644
--- a/src/chrome/content/rules/N-JOY.de.xml
+++ b/src/chrome/content/rules/N-JOY.de.xml
@@ -15,7 +15,7 @@
 
     <target host="n-joy.de" />
     <target host="www.n-joy.de" />
-	
+
 	<securecookie host="^(www\.)?n-joy\.de$" name=".+" />
 
     <rule from="^http:"
diff --git a/src/chrome/content/rules/N-Somerset.gov.uk.xml b/src/chrome/content/rules/N-Somerset.gov.uk.xml
index febc998cfae5..9c65a1018984 100644
--- a/src/chrome/content/rules/N-Somerset.gov.uk.xml
+++ b/src/chrome/content/rules/N-Somerset.gov.uk.xml
@@ -43,7 +43,7 @@ Fetch error: http://ehmlive.n-somerset.gov.uk/ => https://ehmlive.n-somerset.gov
 		- travelcardonline.n-somerset.gov.uk
 
 -->
-<ruleset name="N-Somerset.gov.uk" default_off='failed ruleset test'>
+<ruleset name="N-Somerset.gov.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/N-able.com.xml b/src/chrome/content/rules/N-able.com.xml
index e17ff8f432b2..ad754eaeb46d 100644
--- a/src/chrome/content/rules/N-able.com.xml
+++ b/src/chrome/content/rules/N-able.com.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NAACP.org.xml b/src/chrome/content/rules/NAACP.org.xml
deleted file mode 100644
index 14590767212b..000000000000
--- a/src/chrome/content/rules/NAACP.org.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Other NAACP rulesets:
-		- NAACP_Company_Store.org.xml
-		- NAACP_Image_Awards.net.xml
-
-	Invalid certificate:
-		- naacp.org
-		- www.naacp.org
-
-	Time out:
-		- actso.naacp.org
-		- email.naacp.org
-
--->
-<ruleset name="NAACP.org">
-	<target host="action.naacp.org" />
-	<target host="donate.naacp.org" />
-		<test url="http://donate.naacp.org/page/contribute/make-a-contribution" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/NAB.com.au.xml b/src/chrome/content/rules/NAB.com.au.xml
index 451895222a24..50e80443d46e 100644
--- a/src/chrome/content/rules/NAB.com.au.xml
+++ b/src/chrome/content/rules/NAB.com.au.xml
@@ -80,14 +80,14 @@
 			- learn	(m)
 			- maint	(t)
 			- online	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	m: certificate mismatch
 	r: connection refused
 	s: self-signed certificate
 	t: timeout on https
-	
+
 -->
 <ruleset name="National Australia Bank">
 
diff --git a/src/chrome/content/rules/NAB.org.xml b/src/chrome/content/rules/NAB.org.xml
index c21b185e1bc7..89cd23860de1 100644
--- a/src/chrome/content/rules/NAB.org.xml
+++ b/src/chrome/content/rules/NAB.org.xml
@@ -26,4 +26,4 @@
 	<rule from="^http://(?:www\.)?nab\.org/"
 		to="https://www.nab.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NADAguides.xml b/src/chrome/content/rules/NADAguides.xml
index 052b71220ff7..9752e4536927 100644
--- a/src/chrome/content/rules/NADAguides.xml
+++ b/src/chrome/content/rules/NADAguides.xml
@@ -5,7 +5,9 @@ Fetch error: http://nadaguides.com/ => https://www.nadaguides.com/: Cycle detect
 <ruleset name="NADAguides">
 
 	<target host="nadaguides.com" />
-	<target host="*.nadaguides.com" />
+	<target host="www.nadaguides.com" />
+	<target host="images.nadaguides.com" />
+	<target host="images-ssl.nadaguides.com" />
 	<target host="nadaguidesstore.com" />
 	<target host="www.nadaguidesstore.com" />
 
diff --git a/src/chrome/content/rules/NARSOL.org.xml b/src/chrome/content/rules/NARSOL.org.xml
new file mode 100644
index 000000000000..99d375f60b4e
--- /dev/null
+++ b/src/chrome/content/rules/NARSOL.org.xml
@@ -0,0 +1,13 @@
+<!--
+	See also NationalRSOL.org.xml, RSOLConference.org.xml
+-->
+<ruleset name="NARSOL.org">
+	<target host="narsol.org" />
+	<target host="www.narsol.org" />
+	<target host="conference.narsol.org" />
+	<target host="humans.narsol.org" />
+	<target host="test.narsol.org" />
+	<target host="tftr.narsol.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NASA.gov-falsemixed.xml b/src/chrome/content/rules/NASA.gov-falsemixed.xml
index 77b9f355198b..681319da547f 100644
--- a/src/chrome/content/rules/NASA.gov-falsemixed.xml
+++ b/src/chrome/content/rules/NASA.gov-falsemixed.xml
@@ -6,26 +6,9 @@
 
 	<!--	Direct rewrites:
 				-->
-	<target host="reverb.echo.nasa.gov" />
-	<target host="www.echo.nasa.gov" />
 	<target host="jwst.gsfc.nasa.gov" />
 	<target host="smap.jpl.nasa.gov" />
 
-		<exclusion pattern="^http://reverb\.echo\.nasa\.gov/(?!/*assets/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://reverb.echo.nasa.gov/reverb/" />
-			<test url="http://reverb.echo.nasa.gov/reverb/datasets" />
-			<test url="http://reverb.echo.nasa.gov/reverb/datasets/C179001967-SEDAC" />
-			<test url="http://reverb.echo.nasa.gov/reverb/datasets/C179002914-ORNL_DAAC" />
-			<test url="http://reverb.echo.nasa.gov/reverb/query.echo10?catalog_id=&amp;id=" />
-			<test url="http://reverb.echo.nasa.gov/reverb/redirect/wist" />
-
-			<!--	-ve:
-					-->
-			<test url="http://reverb.echo.nasa.gov/reverb/assets/page/sidebar-bg-a7d14eba8874362a070f3375c0d0f2d1.png" />
-
 		<exclusion pattern="^http://smap\.jpl\.nasa\.gov/(?!/*(?:assets|system)/)" />
 
 			<!--	+ve:
diff --git a/src/chrome/content/rules/NASA.gov.xml b/src/chrome/content/rules/NASA.gov.xml
index a7e098598a36..0c22778ee43f 100644
--- a/src/chrome/content/rules/NASA.gov.xml
+++ b/src/chrome/content/rules/NASA.gov.xml
@@ -1,23 +1,8 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.towerfts.csbf.nasa.gov/ => https://www.towerfts.csbf.nasa.gov/: (6, 'Could not resolve host: www.towerfts.csbf.nasa.gov')
-Fetch error: http://www.nasasearch.nasa.gov/ => https://www.nasasearch.nasa.gov/: (6, 'Could not resolve host: www.nasasearch.nasa.gov')
-Fetch error: http://www.towerfts.nsbf.nasa.gov/ => https://www.towerfts.nsbf.nasa.gov/: (6, 'Could not resolve host: www.towerfts.nsbf.nasa.gov')
-Fetch error: http://ppm.pps.eosdis.nasa.gov/ => https://ppm.pps.eosdis.nasa.gov/: (6, 'Could not resolve host: ppm.pps.eosdis.nasa.gov')
-Fetch error: http://wp-dev.grc.nasa.gov/ => https://wp-dev.grc.nasa.gov/: (6, 'Could not resolve host: wp-dev.grc.nasa.gov')
-Fetch error: http://jwst.jpl.nasa.gov/ => https://jwst.jpl.nasa.gov/: (6, 'Could not resolve host: jwst.jpl.nasa.gov')
-Fetch error: http://pds-naif.jpl.nasa.gov/ => https://pds-naif.jpl.nasa.gov/: (6, 'Could not resolve host: pds-naif.jpl.nasa.gov')
-Fetch error: http://mapdis.ndc.nasa.gov/ => https://mapdis.ndc.nasa.gov/: (6, 'Could not resolve host: mapdis.ndc.nasa.gov')
-Fetch error: http://ntr.nasa.gov/ => https://ntr.nasa.gov/: (6, 'Could not resolve host: ntr.nasa.gov')
-Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwudimf00.cloudfront.net/ (502)
-
 	National Aeronautics and Space Administration
 
 	For rules causing false/broken MCB, see NASA.gov-falsemixed.
 
-
-
 	stiesx2-ntrs.larc.nasa.gov, ntrs.larc.nasa.gov, &
 	ntrs.nasa.gov are handled in US-government-mismatches.xml.
 
@@ -30,10 +15,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 
 			- mars.jpl.nasa.gov
 
-		- d3r05mwudimf00.cloudfront.net
-
-			- marsstaticcdn.jpl.nasa.gov
-
 		- msfcnasa.r3h.net
 			- www.msfc.nasa.gov.edgesuite.net
 
@@ -82,12 +63,14 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 
 			- gsfc subdomains:
 
+				- apd440 (redirect to non-existent domain)
 				- arcade ᵃ
 				- asd ᵃ
 				- astrophysics ᵃ
 				- atmospheres ᵖ
 				- cats *
 				- iswa.ccmc *
+				- decadal (refused)
 				- disc ʰ
 				- eclipse *
 				- eoimages ᵈ
@@ -108,6 +91,7 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 				- radhome ᵈ
 				- seabass ᵈ
 				- seadas ᵈ
+				- glory (refused)
 				- giovanni.sci ᵃ
 				- oceandata.sci ᵈ
 				- sdo *
@@ -119,6 +103,7 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 				- voyager
 
 			- www.hec *
+			- corts.hq (refused)
 			- dayton.hq *
 			- grin.hq *
 			- icb *
@@ -132,6 +117,7 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 				- cmds-gis ᵃ
 				- dawn ʳ
 				- genesismission ʳ
+				- gracefo (incomplete cert chain)
 				- hydro ʳ
 				- careerlaunch ʳ
 				- grace		403
@@ -178,6 +164,8 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 			- nix ᵃ
 			- www.nsbf ʳ
 
+			- open (expired)
+
 			- atmos.pds **
 			- geo.pds *
 			- img.pds ᶠ
@@ -230,7 +218,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 		- kauai.ccmc.gsfc ᶜ
 		- modis.gsfc ᵘ
 
-		- www.data ²
 		- discovery ᵘ
 		- www.discovery ᵃ ᵐ ᵘ
 		- www.echo ˣ
@@ -241,21 +228,16 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 		- aeronet.gsfc ᵘ
 		- aetd.gsfc ᵘ
 		- ccmc.gsfc ᵐ ᵘ
-		- dsm.gsfc		404, preemptable redirect
 		- esto.gsfc ᵘ
 		- gmao.gsfc ᵘ
-		- helios.gsfc ᵐ
 		- jwst.gsfc ˣ
 		- neptune.gsfc ᶜ
 		- science.gsfc ᵘ
 		- swrc.gsfc ᵉ ¹ ⁵
 		- terra.gsfc ¹ ᵘ
 		- uae2.gsfc ᶜ ¹
-		- www.gsfc	400, preemptable redirect
 
-		- heasarc ³
 		- (www.)?history ᵐ
-		- itsecurity ᵘ
 
 		- beacon.jpl ᶜ
 		- insight.jpl ᵐ ˣ
@@ -263,7 +245,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 		- marsstaticcdn.jpl ⁴
 		- marstrek.jpl ᵐ
 		- rosetta.jpl ᵉ ˣ
-		- sse.jpl		(Mismatched)
 
 		- jwst ᵐ ˣ
 		- km ᵐ
@@ -278,22 +259,16 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 		- stiprod-ntrs.larc ᵘ
 
 		- lunarscience ᵘ
-		- mars ᵐ
 
 		- artgallery.msfc ᵘ
 		- discovery.msfc ᵘ
 		- discovery-alpha.msfc ᵘ
-		- www.msfc	400, preemptable redirect
 
 		- nccs ᵈ
 		- esto.ndc ᵘ
 		- nepp ᵘ
 		- www.nepp ᵐ ᵘ
 		- nscs ᵈ
-		- nssc ᵐ
-		- sage ˣ	redirects to https
-		- search ᵇ ᵘ
-		- sservi ᵘ
 		- www.sti ᶜ
 		- terra ᵘ
 
@@ -314,14 +289,13 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 
 	Partially covered hosts in *nasa.gov:
 
-		- reverb.echo ʰ
 		- smap.jpl ʰ
 
 	ʰ >=1 path redirects to http
 
 
 	STS header includes includeSubdomains
-	for towerfts.csbf, www.csbf, discovery, esto, esto.gsfc, history, www.history, discovery.msfc, discovery.msfc, nasasearch, esto.ndc, nepp, towerfts.csbf, www.csbf
+	for towerfts.csbf, www.csbf, discovery, esto, esto.gsfc, history, www.history, discovery.msfc, discovery.msfc, esto.ndc, nepp, towerfts.csbf, www.csbf
 
 
 	These altnames do not exist:
@@ -365,7 +339,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 
 		- css, on:
 
-			- www.echo from reverb.echo.nasa.gov ¹
 			- employeeorientation from $self ¹
 			- jwst.gsfc, jwst from jwst.nasa.gov ¹
 			- insight.jpl from solarsystem.nasa.gov ¹
@@ -383,7 +356,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 			- (www.)?space.arc from astrobiology.nasa.gov ¹
 			- (www.)?space.arc from sservi.nasa.gov
 			- discovery, pub.lmmp, discovery.msfc from www.adobe.com ¹
-			- www.echo from reverb.echo.nasa.gov
 			- jwst.gsfc, jwst from jwst.nasa.gov ¹
 			- modis.gsfc from $self ᵘ
 			- neptune.gsfc from $self
@@ -429,7 +401,7 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	ᵘ Not secured by us <= untrusted root
 
 -->
-<ruleset name="NASA.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="NASA.gov (partial)">
 
 	<!--	Direct rewrites:
 				-->
@@ -462,14 +434,12 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="urs.earthdata.nasa.gov" />
 	<target host="wiki.earthdata.nasa.gov" />
 
-	<target host="reverb.echo.nasa.gov" />
 	<!--target host="www.echo.nasa.gov" /-->
 	<target host="employeeorientation.nasa.gov" />
 	<target host="eods.nasa.gov" />
 
 	<target host="ws1.ems.eosdis.nasa.gov" />
 	<!--target host="firms.modaps.eosdis.nasa.gov" /-->
-	<target host="ppm.pps.eosdis.nasa.gov" />
 
 	<target host="esdpubs.nasa.gov" />
 	<target host="espo.nasa.gov" />
@@ -484,11 +454,9 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 
 	<target host="rt.grc.nasa.gov" />
 	<target host="wordpress.grc.nasa.gov" />
-	<target host="wp-dev.grc.nasa.gov" />
 	<target host="www.grc.nasa.gov" />
 
 	<target host="acemission.gsfc.nasa.gov" />
-	<target host="apd440.gsfc.nasa.gov" />
 	<target host="apod.gsfc.nasa.gov" />
 	<target host="aura.gsfc.nasa.gov" />
 	<!--target host="kauai.ccmc.gsfc.nasa.gov" /-->
@@ -496,13 +464,12 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="cor.gsfc.nasa.gov" />
 	<target host="cosmicopia.gsfc.nasa.gov" />
 	<target host="daac.gsfc.nasa.gov" />
-	<target host="decadal.gsfc.nasa.gov" />
+	<!-- target host="decadal.gsfc.nasa.gov" / -->
 	<target host="ehpd.gsfc.nasa.gov" />
-	<target host="espd.gsfc.nasa.gov" />
 	<target host="explorers.gsfc.nasa.gov" />
 	<target host="fits.gsfc.nasa.gov" />
 	<target host="fpd.gsfc.nasa.gov" />
-	<target host="glory.gsfc.nasa.gov" />
+	<!-- target host="glory.gsfc.nasa.gov" / -->
 	<target host="gms.gsfc.nasa.gov" />
 	<target host="heasarc.gsfc.nasa.gov" />
 	<target host="hires.gsfc.nasa.gov" />
@@ -529,14 +496,14 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="svs.gsfc.nasa.gov" />
 	<target host="tess.gsfc.nasa.gov" />
 
-	<target host="corts.hq.nasa.gov" />
+	<!-- target host="corts.hq.nasa.gov" / -->
 	<target host="www.hq.nasa.gov" />
 	<target host="intern.nasa.gov" />
 	<target host="invention.nasa.gov" />
 
 	<target host="acquisition.jpl.nasa.gov" />
 	<!--target host="beacon.jpl.nasa.gov" /-->
-	<target host="cancer.jpl.nasa.gov" />
+	<!--<target host="cancer.jpl.nasa.gov" />-->
 	<target host="dir.jpl.nasa.gov" />
 	<target host="directory.jpl.nasa.gov" />
 	<target host="edrn.jpl.nasa.gov" />
@@ -545,12 +512,11 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="exoplanets.jpl.nasa.gov" />
 	<target host="eyes.jpl.nasa.gov" />
 	<target host="eyesstage.jpl.nasa.gov" />
-	<target host="gracefo.jpl.nasa.gov" />
+	<!-- target host="gracefo.jpl.nasa.gov" / -->
 	<target host="hyspiri.jpl.nasa.gov" />
 	<target host="icis.jpl.nasa.gov" />
 	<target host="jpldataeval.jpl.nasa.gov" />
 	<target host="jplspaceship.jpl.nasa.gov" />
-	<target host="jwst.jpl.nasa.gov" />
 	<target host="mars.jpl.nasa.gov" />
 	<target host="marsrovers.jpl.nasa.gov" />
 	<target host="naif.jpl.nasa.gov" />
@@ -558,7 +524,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="nisar.jpl.nasa.gov" />
 	<target host="pds.jpl.nasa.gov" />
 	<target host="pds-engineering.jpl.nasa.gov" />
-	<target host="pds-naif.jpl.nasa.gov" />
 	<target host="planetquest.jpl.nasa.gov" />
 	<target host="podaac.jpl.nasa.gov" />
 	<target host="podaac-uat.jpl.nasa.gov" />
@@ -573,7 +538,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="studentprograms.jpl.nasa.gov" />
 	<target host="swot.jpl.nasa.gov" />
 	<target host="technology.jpl.nasa.gov" />
-	<target host="telework.jpl.nasa.gov" />
 	<target host="www-robotics.jpl.nasa.gov" />
 
 	<target host="lsda.jsc.nasa.gov" />
@@ -582,8 +546,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="launchpad.nasa.gov" />
 	<target host="auth.launchpad.nasa.gov" />
 	<target host="lists.nasa.gov" />
-	<target host="lmmp.nasa.gov" />
-	<target host="pub.lmmp.nasa.gov" />
 	<target host="see.msfc.nasa.gov" />
 	<target host="nasajobs.nasa.gov" />
 	<target host="nasapeople.nasa.gov" />
@@ -592,8 +554,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="genelab-data.ndc.nasa.gov" />
 	<target host="gs66-vdclambda.ndc.nasa.gov" />
 	<target host="mail01.ndc.nasa.gov" />
-	<target host="mapdis.ndc.nasa.gov" />
-	<target host="ntr.ndc.nasa.gov" />
 
 	<target host="neba.nasa.gov" />
 	<target host="towerfts.nsbf.nasa.gov" />
@@ -606,10 +566,9 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="www.nssc.nasa.gov" />
 
 	<target host="ghrc.nsstc.nasa.gov" />
-	<target host="ntr.nasa.gov" />
 	<target host="ntrs.nasa.gov" />
 	<target host="oig.nasa.gov" />
-	<target host="open.nasa.gov" />
+	<!-- target host="open.nasa.gov" / -->
 	<target host="pds.nasa.gov" />
 	<target host="people.nasa.gov" />
 	<target host="pmm.nasa.gov" />
@@ -619,6 +578,7 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 	<target host="software.nasa.gov" />
 	<target host="solarsystem.nasa.gov" />
 	<target host="spinoff.nasa.gov" />
+	<target host="sservi.nasa.gov" />
 	<!--target host="www.sti.nasa.gov" /-->
 	<target host="webmail.nasa.gov" />
 	<target host="www.nasa.gov" />
@@ -636,60 +596,22 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 			<test url="http://this.host.towerfts.nsbf.nasa.gov/" />
 			<test url="http://exists.not.towerfts.nsbf.nasa.gov/" />
 
-		<test url="http://www.towerfts.csbf.nasa.gov/" />
-		<test url="http://www.nasasearch.nasa.gov/" />
-		<test url="http://www.towerfts.nsbf.nasa.gov/" />
-
 	<!--	Complications:
 				-->
-	<target host="www.data.nasa.gov" />
-
-	<target host="dsm.gsfc.nasa.gov" />
 	<target host="helios.gsfc.nasa.gov" />
 	<target host="www.gsfc.nasa.gov" />
 
 	<target host="heasarc.nasa.gov" />
-	<target host="itsecurity.nasa.gov" />
 
 	<target host="marsstaticcdn.jpl.nasa.gov" />
-	<target host="metrics.jpl.nasa.gov" />
-	<target host="sse.jpl.nasa.gov" />
 
 	<!--target host="jwst.nasa.gov" /-->
 	<target host="mars.nasa.gov" />
 	<target host="www.msfc.nasa.gov" />
 	<target host="nccs.nasa.gov" />
 	<target host="nscs.nasa.gov" />
-	<target host="nssc.nasa.gov" />
 	<target host="search.nasa.gov" />
 
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://reverb\.echo\.nasa\.gov/reverb/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://reverb\.echo\.nasa\.gov/(?!/*(?:reverb/(?:(?:orders|shopping_cart)(?:$|[?/])|assets/)))" /-->
-		<!--
-			Reduce non-Tor distinguishability:
-								-->
-		<exclusion pattern="^http://reverb\.echo\.nasa\.gov/(?!/*reverb/(?:(?:orders|shopping_cart)(?:$|[?/])))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://reverb.echo.nasa.gov/reverb/" />
-			<test url="http://reverb.echo.nasa.gov/reverb/datasets" />
-			<test url="http://reverb.echo.nasa.gov/reverb/datasets/C179001967-SEDAC" />
-			<test url="http://reverb.echo.nasa.gov/reverb/datasets/C179002914-ORNL_DAAC" />
-			<test url="http://reverb.echo.nasa.gov/reverb/query.echo10?catalog_id=&amp;id=" />
-			<test url="http://reverb.echo.nasa.gov/reverb/redirect/wist" />
-
-			<!--	-ve:
-					-->
-			<test url="http://reverb.echo.nasa.gov/reverb/assets/page/sidebar-bg-a7d14eba8874362a070f3375c0d0f2d1.png" />
-			<test url="http://reverb.echo.nasa.gov/reverb/orders" />
-			<test url="http://reverb.echo.nasa.gov/reverb/shopping_cart" />
-
 		<!--	Redirects to http:
 						-->
 		<!--exclusion pattern="^http://smap\.jpl\.nasa\.gov/$" /-->
@@ -724,80 +646,13 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 		<!--test url="http://www.nasa.gov/centers/glenn/home/index.html" /-->
 
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^access\.earthdata\.nasa\.gov$" name="^request_method$" /-->
-	<!--securecookie host="^ecc\.earthdata\.nasa\.gov$" name="^ring-session$" /-->
-	<!--securecookie host="^search\.earthdata\.nasa\.gov$" name="^BIGipServer" /-->
-	<!--securecookie host="^(?:urs\.earthdata|exoplanets|saturn\.jpl)\.nasa\.gov$" name="^_[\w-]+_session$" /-->
-	<!--securecookie host="^firms\.modaps\.eosdis\.nasa\.gov$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^flightopportunities\.nasa\.gov$" name="^django_language$" /-->
-	<!--securecookie host="^neptune\.gsfc\.nasa\.gov$" name="^(?:AbsoluteImagePath|ImagePath|[\da-f]{32})$" /-->
-	<!--securecookie host="^(?:cancer|edrn)\.jpl\.nasa\.gov$" name="^l18N_LANGUAGE$" /-->
-	<!--securecookie host="^nisar\.jpl\.nasa\.gov$" name="^CF(?:ID|TOKEN)$" /-->
-	<!--securecookie host="^(?:sealevel|swot)\.jpl\.nasa\.gov$" name="^cf(?:id|token)$" /-->
-	<!--securecookie host="^lsda\.jsc\.nasa\.gov$" name="^ASP\.NET_SessionId$" /-->
-	<!--securecookie host="^mynasadata\.larc\.nasa\.gov$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^answers\.nssc\.nasa\.gov$" name="^TS[\da-f]{8}$" /-->
-	<!--securecookie host="^sage\.nasa\.gov$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^(?!reverb\.echo\.)." name=".+" />
-
-
-	<rule from="^http://www\.data\.nasa\.gov/"
-		to="https://data.nasa.gov/" />
-
-	<rule from="^http://helios\.gsfc\.nasa\.gov/"
-		to="https://cosmicopia.gsfc.nasa.gov/" />
-
-	<!--	Redirect keeps path, but not
-		forward slash nor args:
-					-->
-	<rule from="^http://dsm\.gsfc\.nasa\.gov/+([^?]*).*"
-		to="https://decadal.gsfc.nasa.gov/" />
-
-		<test url="http://dsm.gsfc.nasa.gov/ascends.html" />
-		<test url="http://dsm.gsfc.nasa.gov/index.html" />
-		<test url="http://dsm.gsfc.nasa.gov/index.php" />
-
-	<!--	Redirect keeps all:
-					-->
-	<rule from="^http://www\.gsfc\.nasa\.gov/"
-		to="https://www.nasa.gov/centers/goddard/home/" />
-
-	<rule from="^http://heasarc\.nasa\.gov/"
-		to="https://heasarc.gsfc.nasa.gov/" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://itsecurity\.nasa\.gov/[^?]*"
-		to="https://www.nasa.gov/offices/ocio/itsecurity/index.html" />
-
-		<test url="http://itsecurity.nasa.gov/index.html" />
-
-	<rule from="^http://marsstaticcdn\.jpl\.nasa\.gov/"
-		to="https://d3r05mwudimf00.cloudfront.net/" />
-
-	<rule from="^http://metrics\.jpl\.nasa\.gov/"
-		to="https://jpl-nasa-gov.122.2o7.net/" />
-
-	<rule from="^http://sse\.jpl\.nasa\.gov/"
-		to="https://solarsystem.nasa.gov/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--rule from="^http://jwst\.nasa\.gov/"
-		to="https://jwst.gsfc.nasa.gov/" /-->
-
-	<rule from="^http://mars\.nasa\.gov/"
-		to="https://mars.jpl.nasa.gov/" />
 
 	<!--	Redirect keeps all:
 					-->
-	<rule from="^http://www\.msfc\.nasa\.gov/"
-		to="https://www.nasa.gov/centers/marshall/home/" />
-
-	<rule from="^http://(nccs|nssc)\.nasa\.gov/"
-		to="https://www.$1.nasa.gov/" />
+	<rule from="^http://nccs\.nasa\.gov/"
+		to="https://www.nccs.nasa.gov/" />
 
 	<!--	Redirect drops all:
 					-->
@@ -806,14 +661,6 @@ Non-2xx HTTP code: http://marsstaticcdn.jpl.nasa.gov/ (200) => https://d3r05mwud
 
 		<test url="http://nscs.nasa.gov/nscs_lp.htm" />
 
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://search\.nasa\.gov/+"
-		to="https://nasasearch.nasa.gov/" />
-
-		<test url="http://search.nasa.gov/default.aspx" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/NASDAQ.xml b/src/chrome/content/rules/NASDAQ.xml
index 14dc97851183..13b16ab72eb0 100644
--- a/src/chrome/content/rules/NASDAQ.xml
+++ b/src/chrome/content/rules/NASDAQ.xml
@@ -25,7 +25,7 @@ Fetch error: http://secure.directorsdesk.com/ => https://secure.directorsdesk.co
 
 	<target host="secure.directorsdesk.com" />
 	<target host="community.nasdaq.com" />
-	<target host="*.nasdaqomx.com" />
+	<target host="corporateintelligence.nasdaqomx.com" />
 	<target host="dialogue.openboard.info" />
 
 
@@ -35,16 +35,6 @@ Fetch error: http://secure.directorsdesk.com/ => https://secure.directorsdesk.co
 	<securecookie host="^dialogue\.openboard\.info$" name=".+" />
 
 
-	<rule from="^http://secure\.directorsdesk\.com/"
-		to="https://secure.directorsdesk.com/" />
-
-	<rule from="^http://community\.nasdaq\.com/"
-		to="https://community.nasdaq.com/" />
-
-	<rule from="^http://(corporateintelligence|listingcenter)\.nasdaqomx\.com/"
-		to="https://$1.nasdaqomx.com/" />
-
-	<rule from="^http://dialogue\.openboard\.info/"
-		to="https://dialogue.openboard.info/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NAVTEQ-problematic.xml b/src/chrome/content/rules/NAVTEQ-problematic.xml
index fc407154dcd1..dd49f70b421c 100644
--- a/src/chrome/content/rules/NAVTEQ-problematic.xml
+++ b/src/chrome/content/rules/NAVTEQ-problematic.xml
@@ -11,4 +11,4 @@
 					-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NAVTEQ.xml b/src/chrome/content/rules/NAVTEQ.xml
index 50422bc4e4c3..6003c4b52b17 100644
--- a/src/chrome/content/rules/NAVTEQ.xml
+++ b/src/chrome/content/rules/NAVTEQ.xml
@@ -28,10 +28,13 @@ Fetch error: http://www.navteqmedia.com/ => https://primeplace.nokia.com/: (51,
 	* Mismatched, CN: mapreporter.navteq.com
 
 -->
-<ruleset name="NAVTEQ (partial)" default_off='failed ruleset test'>
+<ruleset name="NAVTEQ (partial)" default_off="failed ruleset test">
 
 	<target host="navteq.com" />
-	<target host="*.navteq.com" />
+	<target host="www.navteq.com" />
+	<target host="www2-test.navteq.com" />
+	<target host="mapreporter.navteq.com" />
+	<target host="css.mapreporter.navteq.com" />
 	<target host="navteqmedia.com" />
 	<target host="www.navteqmedia.com" />
 
diff --git a/src/chrome/content/rules/NAY.sk.xml b/src/chrome/content/rules/NAY.sk.xml
deleted file mode 100644
index 3155ae7d809a..000000000000
--- a/src/chrome/content/rules/NAY.sk.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Nonfunctional hosts in *.nay.sk:
-
-	certificate mismatch:
-		- mail.nay.sk
-		- vpn.nay.sk
-	connection refused:
-		- autodiscover.nay.sk
-		- beta.nay.sk
-		- cdn.nay.sk
-		- cloud.nay.sk
-		- www.cloud.nay.sk
-		- isasrv.nay.sk
-		- ocs.nay.sk
-		- pool.nay.sk
-		- sapkonzola.nay.sk
-		- shp.nay.sk
-		- webmail.nay.sk
-		- websvc.nay.sk
--->
-<ruleset name="NAY.sk">
-	<target host="nay.sk" />
-	<target host="www.nay.sk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/NBC-News.xml b/src/chrome/content/rules/NBC-News.xml
index ec9b444665ba..64f45afb252f 100644
--- a/src/chrome/content/rules/NBC-News.xml
+++ b/src/chrome/content/rules/NBC-News.xml
@@ -1,5 +1,5 @@
 <!--
-	For other National Broadcasting Company coverage, see 
+	For other National Broadcasting Company coverage, see
 		+ National-Broadcasting-Company.xml
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/NBCOlympics.com.xml b/src/chrome/content/rules/NBCOlympics.com.xml
new file mode 100644
index 000000000000..c0d8163d14fa
--- /dev/null
+++ b/src/chrome/content/rules/NBCOlympics.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Mixed content:
+		api-gracenote.nbcolympics.com
+
+	Invalid certificate:
+		archiverio.nbcolympics.com
+		olystreameast.nbcolympics.com
+		olystreamwest.nbcolympics.com
+		olyvodeast.nbcolympics.com
+		olyvodwest.nbcolympics.com
+		publisher.nbcolympics.com
+		rss.nbcolympics.com
+		telemundo.nbcolympics.com
+
+	Time out:
+		cms.devstream.nbcolympics.com
+
+	No working URL known:
+		edit.nbcolympics.com
+
+	Different content HTTP/HTTPS:
+		m.nbcolympics.com
+
+	Redirect to HTTP:
+		stream.nbcolympics.com
+
+-->
+<ruleset name="NBC Olympics.com">
+
+	<target host="nbcolympics.com" />
+	<target host="www.nbcolympics.com" />
+	<target host="api.nbcolympics.com" />
+	<target host="images.nbcolympics.com" />
+		<test url="http://images.nbcolympics.com/www.nbcolympics.com/affiliate-logos/default_260.png" />
+	<target host="load.nbcolympics.com" />
+	<target host="loadedit.nbcolympics.com" />
+	<target host="assets.rio2016.nbcolympics.com" />
+		<test url="http://assets.rio2016.nbcolympics.com/country-flags/168x112/AUT.png" />
+	<target host="results.nbcolympics.com" />
+		<test url="http://results.nbcolympics.com/taekwondo/event/women-49kg/index.html" />
+	<target host="search.nbcolympics.com" />
+	<target host="staging.nbcolympics.com" />
+	<target host="sweepstakes.nbcolympics.com" />
+	<target host="widgets.nbcolympics.com" />
+		<test url="http://widgets.nbcolympics.com/v2.0.0/7f762a6f8a4b74449995bc4524b00f06.ttf" />
+	<target host="vplayer.nbcolympics.com" />
+		<test url="http://vplayer.nbcolympics.com/p/BxmELC/nbcolympics/select/mIytHBVUNcY3" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NBCUDigitalAdOps.com.xml b/src/chrome/content/rules/NBCUDigitalAdOps.com.xml
new file mode 100644
index 000000000000..c703e7676c28
--- /dev/null
+++ b/src/chrome/content/rules/NBCUDigitalAdOps.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Digital Ad Operations
+
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- nbcudigitaladops.com
+		- origin-www.nbcudigitaladops.com
+
+-->
+<ruleset name="NBCUDigitalAdOps.com">
+
+	<target host="www.nbcudigitaladops.com" />
+	<test url="http://www.nbcudigitaladops.com/hosted/global_header.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NBCUniversal_Media.xml b/src/chrome/content/rules/NBCUniversal_Media.xml
deleted file mode 100644
index 67aee24fae49..000000000000
--- a/src/chrome/content/rules/NBCUniversal_Media.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://origin-www.nbcudigitaladops.com/ => https://origin-www.nbcudigitaladops.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	^nbcudigitaladops.com: Mismatched
-
--->
-<ruleset name="NBCUniversal Media (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="origin-www.nbcudigitaladops.com" />
-	<target host="www.nbcudigitaladops.com" />
-
-	<!--	Complications:
-				-->
-	<target host="nbcudigitaladops.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://nbcudigitaladops\.com/"
-		to="https://www.nbcudigitaladops.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NBCWashington.com.xml b/src/chrome/content/rules/NBCWashington.com.xml
index 5f4018f39de3..d2fb81b198cb 100644
--- a/src/chrome/content/rules/NBCWashington.com.xml
+++ b/src/chrome/content/rules/NBCWashington.com.xml
@@ -34,6 +34,6 @@
 	<rule from="^http://nbcwashington\.com/"
 			to="https://www.nbcwashington.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NCC_Group.com.xml b/src/chrome/content/rules/NCC_Group.com.xml
index a815d00a8f72..b5ce3333ba69 100644
--- a/src/chrome/content/rules/NCC_Group.com.xml
+++ b/src/chrome/content/rules/NCC_Group.com.xml
@@ -3,7 +3,6 @@
 
 		- Escrow_Live.net.xml
 		- NCC_Group.trust.xml
-		- NCC_Group_Domain_Services.com.xml
 		- Who_do_you.trust.xml
 
 -->
diff --git a/src/chrome/content/rules/NCC_Group_Domain_Services.com.xml b/src/chrome/content/rules/NCC_Group_Domain_Services.com.xml
deleted file mode 100644
index 458d252aa23d..000000000000
--- a/src/chrome/content/rules/NCC_Group_Domain_Services.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other NCC Group coverage, see NCC_Group.com.xml.
-
--->
-<ruleset name="NCC Group Domain Services.com">
-
-	<target host="nccgroupdomainservices.com" />
-	<target host="www.nccgroupdomainservices.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NCISF.org.xml b/src/chrome/content/rules/NCISF.org.xml
index 7918ab8bf223..36de1a5a0647 100644
--- a/src/chrome/content/rules/NCISF.org.xml
+++ b/src/chrome/content/rules/NCISF.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://ncisf.org/ => https://ncisf.org/: (7, 'Failed to connect to
 Fetch error: http://www.ncisf.org/ => https://www.ncisf.org/: (7, 'Failed to connect to www.ncisf.org port 443: Connection refused')
 
 -->
-<ruleset name="NCISF.org" default_off='failed ruleset test'>
+<ruleset name="NCISF.org" default_off="failed ruleset test">
 
 	<target host="ncisf.org" />
 	<target host="www.ncisf.org" />
diff --git a/src/chrome/content/rules/NCJRS.gov.xml b/src/chrome/content/rules/NCJRS.gov.xml
index eb8d772394f5..a5a56cf29895 100644
--- a/src/chrome/content/rules/NCJRS.gov.xml
+++ b/src/chrome/content/rules/NCJRS.gov.xml
@@ -7,7 +7,7 @@ Fetch error: http://ncjrs.gov/ => https://ncjrs.gov/: (51, "SSL: no alternative
 
 
 -->
-<ruleset name="NCJS.gov" default_off='failed ruleset test'>
+<ruleset name="NCJS.gov" default_off="failed ruleset test">
 
 	<target host="ncjrs.gov" />
 	<target host="puborder.ncjrs.gov" />
diff --git a/src/chrome/content/rules/NCL.ac.uk.xml b/src/chrome/content/rules/NCL.ac.uk.xml
index a6a2f194495f..16b10e72978b 100644
--- a/src/chrome/content/rules/NCL.ac.uk.xml
+++ b/src/chrome/content/rules/NCL.ac.uk.xml
@@ -11,7 +11,7 @@ Fetch error: http://saptraining.ncl.ac.uk/ => https://saptraining.ncl.ac.uk/: (6
 		- www.nhsn ᵖ
 
 	ᵖ Shows default page
-	
+
 
 
 	Problematic hosts in *ncl.ac.uk:
@@ -27,7 +27,7 @@ Fetch error: http://saptraining.ncl.ac.uk/ => https://saptraining.ncl.ac.uk/: (6
 		- Image on teaching from www.ncl.ac.uk
 
 -->
-<ruleset name="NCL.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="NCL.ac.uk (partial)" default_off="failed ruleset test">
 
 	<target host="apps.ncl.ac.uk" />
 	<target host="blackboard.ncl.ac.uk" />
@@ -57,7 +57,7 @@ Fetch error: http://saptraining.ncl.ac.uk/ => https://saptraining.ncl.ac.uk/: (6
 	<target host="sitemanager.ncl.ac.uk" />
 	<target host="vacancies.ncl.ac.uk" />
 	<target host="webmail.ncl.ac.uk" />
-	
+
 		<!--	Redirects to http:
 						-->
 		<!--exclusion pattern="^http://www\.ncl\.ac\.uk/$" /-->
diff --git a/src/chrome/content/rules/NCRIC.xml b/src/chrome/content/rules/NCRIC.xml
index 6856106cbee8..11f34a4fadc6 100644
--- a/src/chrome/content/rules/NCRIC.xml
+++ b/src/chrome/content/rules/NCRIC.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://www\.ncric\.org/.*"
 		to="https://ncric.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NCRegister.com.xml b/src/chrome/content/rules/NCRegister.com.xml
new file mode 100644
index 000000000000..eaf24a6f74f3
--- /dev/null
+++ b/src/chrome/content/rules/NCRegister.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Refused:
+		- mail
+
+	Mismatched:
+		- m
+		- mail2
+		- pages
+		- test
+		- www.test
+-->
+<ruleset name="NCRegister.com">
+	<target host="ncregister.com" />
+	<target host="www.ncregister.com" />
+	<target host="donate.ncregister.com" />
+	<target host="m-origin.ncregister.com" />
+	<target host="origin.ncregister.com" />
+	<target host="www.pages.ncregister.com" />
+	<target host="sd.ncregister.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NCStateFair.org.xml b/src/chrome/content/rules/NCStateFair.org.xml
new file mode 100644
index 000000000000..262ca051435d
--- /dev/null
+++ b/src/chrome/content/rules/NCStateFair.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- secure-registration
+
+	Mismatched:
+		- wwwdev
+-->
+<ruleset name="NCStateFair.org">
+	<target host="ncstatefair.org" />
+	<target host="www.ncstatefair.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NCsoft.com.xml b/src/chrome/content/rules/NCsoft.com.xml
index d24d3b7bf17b..83eeb60d4c66 100644
--- a/src/chrome/content/rules/NCsoft.com.xml
+++ b/src/chrome/content/rules/NCsoft.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://ncsoft.com/ => https://ncsoft.com/: (28, 'Operation timed ou
 		- WildStar-online.com.xml
 
 -->
-<ruleset name="NCsoft.com" default_off='failed ruleset test'>
+<ruleset name="NCsoft.com" default_off="failed ruleset test">
 
 	<target host="ncsoft.com" />
 	<target host="help.ncsoft.com" />
diff --git a/src/chrome/content/rules/NDCHost.com.xml b/src/chrome/content/rules/NDCHost.com.xml
index 6f05e8f52755..3fa61d25e0fb 100644
--- a/src/chrome/content/rules/NDCHost.com.xml
+++ b/src/chrome/content/rules/NDCHost.com.xml
@@ -9,13 +9,14 @@
 <ruleset name="NDCHost.com">
 
 	<target host="ndchost.com" />
-	<target host="*.ndchost.com" />
+	<target host="customer.ndchost.com" />
+	<target host="helpdesk.ndchost.com" />
+	<target host="www.ndchost.com" />
 
 
 	<securecookie host="^(?:customer|helpdesk|www)\.ndchost\.com$" name=".+" />
 
 
-	<rule from="^http://((?:customer|helpdesk|www)\.)?ndchost\.com/"
-		to="https://$1ndchost.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NDI.org.xml b/src/chrome/content/rules/NDI.org.xml
index a39ff585894f..5bb88cf74083 100644
--- a/src/chrome/content/rules/NDI.org.xml
+++ b/src/chrome/content/rules/NDI.org.xml
@@ -12,13 +12,15 @@
 <ruleset name="NDI.org">
 
 	<target host="ndi.org" />
-	<target host="*.ndi.org" />
+	<target host="www.ndi.org" />
+	<target host="contribute.ndi.org" />
+	<target host="idp.ndi.org" />
+	<target host="portal.ndi.org" />
 
 
 	<rule from="^http://(?:www\.)?ndi\.org/"
 		to="https://www.ndi.org/" />
 
-	<rule from="^http://(contribute|idp|portal)\.ndi\.org/"
-		to="https://$1.ndi.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NDN_media_services.com.xml b/src/chrome/content/rules/NDN_media_services.com.xml
deleted file mode 100644
index c7dd0d89024c..000000000000
--- a/src/chrome/content/rules/NDN_media_services.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	CDN buckets:
-
-		- dithr9x6satds.cloudfront.net
-
--->
-<ruleset name="NDN media services.com">
-
-	<target host="vault.studio.ndnmediaservices.com" />
-
-
-	<rule from="^http://vault\.studio\.ndnmediaservices\.com/"
-		to="https://dithr9x6satds.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NEC_Display.com.xml b/src/chrome/content/rules/NEC_Display.com.xml
index acf020af6ab0..b52ed1f83cdb 100644
--- a/src/chrome/content/rules/NEC_Display.com.xml
+++ b/src/chrome/content/rules/NEC_Display.com.xml
@@ -15,7 +15,8 @@
 <ruleset name="NEC Display.com (partial)">
 
 	<target host="necdisplay.com" />
-	<target host="*.necdisplay.com" />
+	<target host="www.necdisplay.com" />
+	<target host="partners.necdisplay.com" />
 		<!--exclusion pattern="^http://(www\.)?necdisplay\.com/+($|\?|(about|accessories|awards|category|company-profile|contactus|digital-media-library|downloads|email-signup|events|global-locations|nectools|press-room|products|programs|solutions?|terms|tool)($|[?/]))" /-->
 
 
diff --git a/src/chrome/content/rules/NEDCC.org.xml b/src/chrome/content/rules/NEDCC.org.xml
deleted file mode 100644
index e6d0b92cf5ff..000000000000
--- a/src/chrome/content/rules/NEDCC.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Northeast Document Conversation Center
-
-
-	^: cert only matches www
-
--->
-<ruleset name="NEDCC.org">
-
-	<target host="nedcc.org" />
-	<target host="www.nedcc.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NEO-Direct.xml b/src/chrome/content/rules/NEO-Direct.xml
index 24e6fcaf5b84..87187110f3aa 100644
--- a/src/chrome/content/rules/NEO-Direct.xml
+++ b/src/chrome/content/rules/NEO-Direct.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://neo-direct.com/ => https://www.neo-direct.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.neo-direct.com'")
 Fetch error: http://www.neo-direct.com/ => https://www.neo-direct.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.neo-direct.com'")
 -->
-<ruleset name="NEO Direct" default_off='failed ruleset test'>
+<ruleset name="NEO Direct" default_off="failed ruleset test">
 
 	<target host="neo-direct.com" />
 	<target host="www.neo-direct.com" />
diff --git a/src/chrome/content/rules/NEOS.eu.xml b/src/chrome/content/rules/NEOS.eu.xml
index 0591e136d0dc..09dcd4b5e98f 100644
--- a/src/chrome/content/rules/NEOS.eu.xml
+++ b/src/chrome/content/rules/NEOS.eu.xml
@@ -33,7 +33,7 @@
 	<!--securecookie host="^(?:europa\.|www\.)?neos\.eu$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
 	<!--securecookie host="^(?:burgenland|glasneost|hypo|kaernten|lab|niederoesterreich|oberoesterreich|salzburg|steiermark|vorarlberg|wien)\.neos\.eu$" name="^wfvt_\d+$" /-->
 
-	<securecookie host="^(?:.*\.)?neos\.eu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/NESEA.xml b/src/chrome/content/rules/NESEA.xml
index f8dade13bae2..bec37801bb52 100644
--- a/src/chrome/content/rules/NESEA.xml
+++ b/src/chrome/content/rules/NESEA.xml
@@ -1,4 +1,4 @@
-<ruleset name="NESEA" default_off='http redirect'>
+<ruleset name="NESEA" default_off="http redirect">
 	<target host="nesea.org" />
 	<target host="www.nesea.org" />
 
diff --git a/src/chrome/content/rules/NETZWELT.de.xml b/src/chrome/content/rules/NETZWELT.de.xml
new file mode 100644
index 000000000000..7b2ce4fa8b25
--- /dev/null
+++ b/src/chrome/content/rules/NETZWELT.de.xml
@@ -0,0 +1,43 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		2fwww.netzwelt.de
+		3dwww.netzwelt.de
+		www.dl2.netzwelt.de
+		download.netzwelt.de
+		downloads.netzwelt.de
+		eee.netzwelt.de
+		favatars.netzwelt.de
+		fclientscript.netzwelt.de
+		1f4yt8j.gi.netzwelt.de
+		jfikozeo.gi.netzwelt.de
+		pwsadptr.gi.netzwelt.de
+		images.netzwelt.de
+		media.netzwelt.de
+		preisvergleich.netzwelt.de
+		related.netzwelt.de
+		*.schulterglatze.netzwelt.de
+		www.slick-sleeve.netzwelt.de
+		toidl.netzwelt.de
+		tumblr.netzwelt.de
+		pseudo.videos.netzwelt.de
+-->
+<ruleset name="NETZWELT.de">
+
+	<target host="netzwelt.de" />
+	<target host="www.netzwelt.de" />
+	<target host="amp.netzwelt.de" />
+	<target host="area52.netzwelt.de" />
+	<target host="dl1.netzwelt.de" />
+	<target host="dl2.netzwelt.de" />
+	<target host="img.netzwelt.de" />
+	<target host="static.netzwelt.de" />
+	<target host="suche.netzwelt.de" />
+	<target host="videos.netzwelt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NFARL.org.xml b/src/chrome/content/rules/NFARL.org.xml
new file mode 100644
index 000000000000..1be2c90bc3f0
--- /dev/null
+++ b/src/chrome/content/rules/NFARL.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatched:
+		- autodiscover.nfarl.org
+		- cloudflare-resolve-to.nfarl.org
+		- cpanel.nfarl.org
+		- ftp.nfarl.org
+		- autodiscover.hamjam.nfarl.org
+		- webmail.hamjam.nfarl.org
+		- autodiscover.hamjaminfo.nfarl.org
+		- webmail.hamjaminfo.nfarl.org
+		- mail.nfarl.org
+		- autodiscover.nfareswrc.nfarl.org
+		- webmail.nfareswrc.nfarl.org
+		- webmail.nfarl.org
+-->
+<ruleset name="NFARL.org">
+	<target host="nfarl.org" />
+	<target host="www.nfarl.org" />
+	<target host="hamjam.nfarl.org" />
+	<target host="www.hamjam.nfarl.org" />
+	<target host="hamjaminfo.nfarl.org" />
+	<target host="www.hamjaminfo.nfarl.org" />
+	<target host="nfares.nfarl.org" />
+	<target host="nfareswrc.nfarl.org" />
+	<target host="www.nfareswrc.nfarl.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NFrance.xml b/src/chrome/content/rules/NFrance.xml
index 5f6195fbd0b8..72ae9946877b 100644
--- a/src/chrome/content/rules/NFrance.xml
+++ b/src/chrome/content/rules/NFrance.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NGA_cn.xml b/src/chrome/content/rules/NGA_cn.xml
new file mode 100644
index 000000000000..4d3ca6fec3d7
--- /dev/null
+++ b/src/chrome/content/rules/NGA_cn.xml
@@ -0,0 +1,22 @@
+<!--
+	404:
+		www.178.com
+	Mismatched:
+		www.ngabbs.com === www.ngacn.cc
+-->
+<ruleset name="NGA_cn (partial)">
+
+	<target host="bbs.nga.cn" />
+	<target host="g.nga.cn" />
+		<test url="http://g.nga.cn/read.php?tid=13018116" />
+	<exclusion pattern="^http://g\.nga\.cn/$" /> <!-- https://travis-ci.org/EFForg/https-everywhere/jobs/487776087#L571 -->
+
+	<target host="ngabbs.com" />
+
+	<target host="bbs.ngacn.cc" />
+
+	<target host="nga.178.com" />
+	<target host="img.nga.178.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NGP-VAN.xml b/src/chrome/content/rules/NGP-VAN.xml
new file mode 100644
index 000000000000..db2538cea31d
--- /dev/null
+++ b/src/chrome/content/rules/NGP-VAN.xml
@@ -0,0 +1,43 @@
+<!--
+	ngpvan.com:
+		Timed out:
+			- act2.ngpvan.com
+			- socialfundraising.ngpvan.com
+
+
+	ngpvanhost.com:
+		Wildcard certificate and DNS:
+			- ngpvanhost.com
+-->
+
+<ruleset name="NGP VAN">
+	<!-- ngpvan.com -->
+	<target host="ngpvan.com" />
+	<target host="www.ngpvan.com" />
+	<target host="accounts.ngpvan.com" />
+	<target host="accounts3.ngpvan.com" />
+	<target host="accountsprimary.ngpvan.com" />
+	<target host="act.ngpvan.com" />
+	<target host="blog.ngpvan.com" />
+	<target host="click.ngpvan.com" />
+	<target host="developers.ngpvan.com" />
+	<target host="election2013.ngpvan.com" />
+	<target host="email.ngpvan.com" />
+	<target host="fastaction.ngpvan.com" />
+	<target host="go.ngpvan.com" />
+	<target host="help.ngpvan.com" />
+	<target host="progress.ngpvan.com" />
+	<target host="secure.ngpvan.com" />
+	<target host="support.ngpvan.com" />
+	<target host="accelerator.support.ngpvan.com" />
+
+
+	<!-- ngpvanhost.com -->
+	<target host="*.ngpvanhost.com" />
+		<test url="http://everytown.ngpvanhost.com/" />
+		<test url="http://hoyerforcongress.ngpvanhost.com/" />
+		<test url="http://kevinmatthews.ngpvanhost.com/" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NGP_VAN.xml b/src/chrome/content/rules/NGP_VAN.xml
deleted file mode 100644
index c6f43caea14e..000000000000
--- a/src/chrome/content/rules/NGP_VAN.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic domains:
-
-		- (www.)ngpvan.com	(mismatched, CN: *.ngpvanhost.com)
-
--->
-<ruleset name="NGP VAN">
-
-	<target host="ngpvan.com" />
-	<target host="www.ngpvan.com" />
-	<target host="*.ngpvanhost.com" />
-
-
-	<rule from="^http://(?:www\.)?ngpvan\.com/"
-		to="https://ngpvan.ngpvanhost.com/" />
-
-	<rule from="^http://(\w+)\.ngpvanhost\.com/"
-		to="https://$1.ngpvanhost.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NHM.ac.uk.xml b/src/chrome/content/rules/NHM.ac.uk.xml
deleted file mode 100644
index c08b370cacb4..000000000000
--- a/src/chrome/content/rules/NHM.ac.uk.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	www: redirects to http
-
--->
-<ruleset name="NHM.ac.uk (partial)">
-
-	<target host="nhm.ac.uk" />
-	<target host="wpymedia.nhm.ac.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^wpymedia\.nhm\.ac\.uk$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^wpymedia\.nhm\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NHN-Corporation.xml b/src/chrome/content/rules/NHN-Corporation.xml
deleted file mode 100644
index cb7e099aab95..000000000000
--- a/src/chrome/content/rules/NHN-Corporation.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-
-	Other NHN Corporation rulesets:
-
-		- Unthem.xml
-
--->
-<ruleset name="NHN Corporation">
-
-	<target host="nhn.com" />
-	<target host="www.nhn.com" />
-	<target host="nhncorp.com" />
-	<target host="www.nhncorp.com" />
-
-
-	<securecookie host="^www\.nhncorp\.com$" name=".+" />
-
-
-	<!--	- Cert only matches www.nhncorp.com
-		- !www redirects to www
-		- nhm.com 301s to nhcorp.com
-					-->
-	<rule from="^http://(?:www\.)?nhn(?:corp)?\.com/"
-		to="https://www.nhncorp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NHN_Next.org.xml b/src/chrome/content/rules/NHN_Next.org.xml
deleted file mode 100644
index 4ecdbb9d6ba5..000000000000
--- a/src/chrome/content/rules/NHN_Next.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Naver Corporation coverage, see Naver_Corp.com.xml.
-
-
-	^: cert only matches *.nhnnext.org
-
--->
-<ruleset name="NHN Next.org">
-
-	<target host="nhnnext.org" />
-	<target host="www.nhnnext.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NHS-Direct.xml b/src/chrome/content/rules/NHS-Direct.xml
index 58156537d3ae..e24b0a0a3a59 100644
--- a/src/chrome/content/rules/NHS-Direct.xml
+++ b/src/chrome/content/rules/NHS-Direct.xml
@@ -6,7 +6,7 @@ Fetch error: http://nhsdirect.nhs.uk/ => https://www.nhsdirect.nhs.uk/: (60, 'SS
 Disabled by https-everywhere-checker because:
 Fetch error: http://nhsdirect.nhs.uk/ => https://www.nhsdirect.nhs.uk/: (6, 'Could not resolve host: nhsdirect.nhs.uk')
 -->
-<ruleset name="NHS Direct (partial)" default_off='failed ruleset test'>
+<ruleset name="NHS Direct (partial)" default_off="failed ruleset test">
 
 	<target host="nhsdirect.nhs.uk" />
 	<target host="*.nhsdirect.nhs.uk" />
diff --git a/src/chrome/content/rules/NHS.xml b/src/chrome/content/rules/NHS.xml
index 75733da09047..0cf258cf86e0 100644
--- a/src/chrome/content/rules/NHS.xml
+++ b/src/chrome/content/rules/NHS.xml
@@ -32,7 +32,6 @@ Fetch error: http://www.noo.nhs.uk/ => https://www.noo.org.uk/: (51, "SSL: no al
 
 	Other NHS rulesets:
 
-		- mystar.org.uk.xml
 		- NHS_ePortfolios.org.xml
 
 
@@ -276,7 +275,7 @@ Fetch error: http://www.noo.nhs.uk/ => https://www.noo.org.uk/: (51, "SSL: no al
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="NHS.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="NHS.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NIBC_Direct.nl.xml b/src/chrome/content/rules/NIBC_Direct.nl.xml
index 9fa70fc25bf9..089e92217f64 100644
--- a/src/chrome/content/rules/NIBC_Direct.nl.xml
+++ b/src/chrome/content/rules/NIBC_Direct.nl.xml
@@ -22,7 +22,9 @@
 <ruleset name="NIBC Direct.nl">
 
 	<target host="nibcdirect.nl" />
-	<target host="*.nibcdirect.nl" />
+	<target host="www.nibcdirect.nl" />
+	<target host="service.nibcdirect.nl" />
+	<target host="sparen.nibcdirect.nl" />
 
 
 	<securecookie host=".+\.nibcdirect\.nl$" name=".+" />
@@ -31,7 +33,6 @@
 	<rule from="^http://(?:www\.)?nibcdirect\.nl/"
 		to="https://www.nibcdirect.nl/" />
 
-	<rule from="^http://s(ervice|paren)\.nibcdirect\.nl/"
-		to="https://s$1.nibcdirect.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NIC.br.xml b/src/chrome/content/rules/NIC.br.xml
index dfeba744aa20..143c9c4b2133 100644
--- a/src/chrome/content/rules/NIC.br.xml
+++ b/src/chrome/content/rules/NIC.br.xml
@@ -26,7 +26,9 @@
 <ruleset name="NIC.br (partial)">
 
 	<target host="nic.br" />
-	<target host="*.nic.br" />
+	<target host="gter.nic.br" />
+	<target host="www.gter.nic.br" />
+	<target host="www.nic.br" />
 
 
 	<!--	Not secured by server:
@@ -37,7 +39,6 @@
 	<securecookie host="^(?:eventos|gter|www\.gter)\.nic\.br$" name=".+" />
 
 
-	<rule from="^http://((?:eventos|gter|www\.gter|www)\.)?nic\.br/"
-		to="https://$1nic.br/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NICE.org.uk.xml b/src/chrome/content/rules/NICE.org.uk.xml
index 2d171c12dc03..c0e60adaffde 100644
--- a/src/chrome/content/rules/NICE.org.uk.xml
+++ b/src/chrome/content/rules/NICE.org.uk.xml
@@ -27,7 +27,7 @@ Fetch error: http://docs.nice.org.uk/ => https://docs.nice.org.uk/: (6, 'Could n
 	ˢ Secured by us
 
 -->
-<ruleset name="NICE.org.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="NICE.org.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NIFC.gov.xml b/src/chrome/content/rules/NIFC.gov.xml
deleted file mode 100644
index 4125e30ac84c..000000000000
--- a/src/chrome/content/rules/NIFC.gov.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	National Interagency Fire Center
-
-
-
-	Problematic hosts in *nifc.gov:
-
-		- ^ ᵐ ᶜ
-		- predictiveservices ᶜ
-		- www.predictiveservices ᵐ ᶜ
-		- www ᶜ
-
-	ᶜ Missing certificate chain
-	ᵐ Mismatched
-
-
--->
-<ruleset name="NIFC.gov (partial)" default_off="missing certificate chain">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="predictiveservices.nifc.gov" />
-	<target host="www.nifc.gov" />
-
-	<!--	Complications:
-				-->
-	<target host="nifc.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://nifc\.gov/"
-		to="https://www.nifc.gov/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NIFTY.xml b/src/chrome/content/rules/NIFTY.xml
deleted file mode 100644
index a083ecc3ec25..000000000000
--- a/src/chrome/content/rules/NIFTY.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- btm	(times out)
-		- clip	(ditto)
-
--->
-<ruleset name="NIFTY (buggy)" default_off="https://trac.torproject.org/projects/tor/ticket/7107">
-
-	<target host="nifty.com" />
-	<target host="*.nifty.com" />
-		<!--
-			At least some paths 404 over https.
-
-			This pattern attempts to exclude everything
-			but favicon.ico and images/, which do work.
-									-->
-		<exclusion pattern="^http://www\.nifty\.com/(?:\w+$|[^fi]|f[^/]+\.\w+$|i[^m].*/|\w{1,5}/|\w{7,}/)" />
-		<exclusion pattern="^http://(?:btm|clip)\." />
-
-
-	<securecookie host="^.*\.nifty\.com$" name=".+" />
-
-
-	<!--	!www redirects to www.nifty.com/$ over https.
-								-->
-	<rule from="^http://(?:www\.)?nifty\.com/(favicon\.ico|images/)"
-		to="https://www.nifty.com/$1" />
-
-	<!--	Clients have unique subdomains.  e.g.
-
-		azby.nifty.com
-			-->
-	<rule from="^http://([\w\-]+)\.nifty\.com/"
-		to="https://$1.nifty.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NJ.com.xml b/src/chrome/content/rules/NJ.com.xml
index 7c60fde642f9..6dcb7f7ae0e5 100644
--- a/src/chrome/content/rules/NJ.com.xml
+++ b/src/chrome/content/rules/NJ.com.xml
@@ -82,7 +82,7 @@ Fetch error: http://signup.nj.com/ => https://signup.nj.com/: (28, 'Connection t
 	* Secured by us
 
 -->
-<ruleset name="NJ.com (partial)" default_off='failed ruleset test'>
+<ruleset name="NJ.com (partial)" default_off="failed ruleset test">
 
 	<target host="findnsave.nj.com" />
 	<target host="signup.nj.com" />
diff --git a/src/chrome/content/rules/NJIT.edu.xml b/src/chrome/content/rules/NJIT.edu.xml
index 1b2d8bc4c92d..db40c1d4a047 100644
--- a/src/chrome/content/rules/NJIT.edu.xml
+++ b/src/chrome/content/rules/NJIT.edu.xml
@@ -90,7 +90,7 @@
 			Exceptions:
 					-->
 		<exclusion pattern="^http://cp4\.njit\.edu/+(?!favicon\.ico|misc/|cp/content/|cps/images/|custom/|site/)" />
-		
+
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/NJ_Edge.Net.xml b/src/chrome/content/rules/NJ_Edge.Net.xml
index 0adf92b2c4b1..56de4cd65f9f 100644
--- a/src/chrome/content/rules/NJ_Edge.Net.xml
+++ b/src/chrome/content/rules/NJ_Edge.Net.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NLFacile.com.xml b/src/chrome/content/rules/NLFacile.com.xml
new file mode 100644
index 000000000000..ba0f88a45478
--- /dev/null
+++ b/src/chrome/content/rules/NLFacile.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="NLFacile.com">
+	<target host="nlfacile.com" />
+	<target host="www.nlfacile.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NMU.xml b/src/chrome/content/rules/NMU.xml
index f7a5bd914afa..fb7a0ecf7706 100644
--- a/src/chrome/content/rules/NMU.xml
+++ b/src/chrome/content/rules/NMU.xml
@@ -1,13 +1,15 @@
 <ruleset name="NMU">
 
 	<target host="nmugroup.com" />
-	<target host="*.nmugroup.com" />
+	<target host="mail.nmugroup.com" />
+	<target host="portal.nmugroup.com" />
+	<target host="webmail.nmugroup.com" />
+	<target host="www.nmugroup.com" />
 
 
-	<securecookie host="^(?:.*\.)?nmugroup\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:mail|portal|webmail|www)\.)?nmugroup\.com/"
-		to="https://$1nmugroup.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NNM-Club.xml b/src/chrome/content/rules/NNM-Club.xml
index 0c9e4f1e6e0c..3708ad8bcd8e 100644
--- a/src/chrome/content/rules/NNM-Club.xml
+++ b/src/chrome/content/rules/NNM-Club.xml
@@ -5,7 +5,7 @@ Fetch error: http://ipv6.nnm-club.me/ => https://ipv6.nnm-club.me/: (7, '')
 Fetch error: http://ipv6.nnmclub.to/ => https://ipv6.nnmclub.to/: (7, '')
 ipv4. mismatch
 tor. mismatch-->
-<ruleset name="NNM-Club" default_off='failed ruleset test'>
+<ruleset name="NNM-Club" default_off="failed ruleset test">
 
 	<target host="nnm-club.me" />
 	<target host="www.nnm-club.me" />
@@ -15,11 +15,11 @@ tor. mismatch-->
 	<target host="ipv6.nnmclub.to" />
 	<target host="assets.nnm-club.ws" />
 	<target host="assets-ssl.nnm-club.ws" />
-	
+
 	<exclusion pattern="^http://assets-ssl.nnm-club.ws/?$" />
 	<exclusion pattern="^http://assets-ssl.nnm-club.ws/?\?" />
 	<exclusion pattern="^http://assets-ssl.nnm-club.ws/?#" />
-	
+
 	<test url="http://assets-ssl.nnm-club.ws/" />
 	<test url="http://assets-ssl.nnm-club.ws/?" />
 	<test url="http://assets-ssl.nnm-club.ws/#" />
diff --git a/src/chrome/content/rules/NOO.org.uk.xml b/src/chrome/content/rules/NOO.org.uk.xml
index 1d674a5b8288..1f226b1c81b8 100644
--- a/src/chrome/content/rules/NOO.org.uk.xml
+++ b/src/chrome/content/rules/NOO.org.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://noo.org.uk/ => https://www.noo.org.uk/: (51, "SSL: no altern
 	^noo.org.uk: Mismatched
 
 -->
-<ruleset name="NOO.org.uk" default_off='failed ruleset test'>
+<ruleset name="NOO.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NPAC.com.xml b/src/chrome/content/rules/NPAC.com.xml
index 2ad10b8cf991..debade23e1b0 100644
--- a/src/chrome/content/rules/NPAC.com.xml
+++ b/src/chrome/content/rules/NPAC.com.xml
@@ -14,7 +14,7 @@
 		- www.npac.com
 
 -->
-<ruleset name="NPAC.com" default_off="missing certificate chain">
+<ruleset name="NPAC.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NPD_Group.xml b/src/chrome/content/rules/NPD_Group.xml
index d3d0b6b20566..8feae1da0d9b 100644
--- a/src/chrome/content/rules/NPD_Group.xml
+++ b/src/chrome/content/rules/NPD_Group.xml
@@ -7,7 +7,10 @@
 <ruleset name="NPD Group">
 
 	<target host="npd.com" />
-	<target host="*.npd.com" />
+	<target host="autodiscover.npd.com" />
+	<target host="webmail.npd.com" />
+	<target host="www.npd.com" />
+	<target host="www0.npd.com" />
 	<target host="npdgroup.com" />
 	<target host="www.npdgroup.com" />
 
@@ -15,10 +18,7 @@
 	<securecookie host="^.+\.npd\.com$" name=".+" />
 
 
-	<rule from="^http://(autodiscover\.|webmail\.|www0?\.)?npd\.com/"
-		to="https://$1npd.com/" />
 
-	<rule from="^http://(www\.)?npdgroup\.com/"
-		to="https://$1npdgroup.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NPR.org.xml b/src/chrome/content/rules/NPR.org.xml
index 8677bb3f36d1..0ea49ce93c98 100644
--- a/src/chrome/content/rules/NPR.org.xml
+++ b/src/chrome/content/rules/NPR.org.xml
@@ -1,69 +1,73 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://kunk.org/ => https://kunc.drupal.publicbroadcasting.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-	CDN buckets:
-
-		- docj27ko03fnu.cloudfront.net
-			- Used on login.npr.org
-
-		- images.npr.org.edgesuite.net
-		- s.npr.org.edgesuite.net
-
-		- npr.vo.llnwd.net
-
-			- .hs. doesn't exist
-			- pd.npr.org
-
-
-	Nonfunctional domains:
-
-		- pd *
-
-	* 400; mismatched, CN: *.hs.llnwd.net
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- n.npr.org
+
+		Timeout was reached:
+		- elections2014.npr.org
+
+		SSL connect error (TLSv1 or TLSv1.1 earlier):
+		- ccp.npr.org
+		- teleport.npr.org
+
+		SSL peer certificate was not OK:
+		- download.npr.org
+		- election2012.npr.org
+		- elections2012.npr.org
+		- pages.et.npr.org
+		- live.npr.org
+		- att.m.npr.org
+		- pd.npr.org
+		- podcastdownload.npr.org
+		- public.npr.org
+
+		Incomplete certificate chain error:
+		- help.npr.org
+
+		Status code mismatch:
+		- armstrong.npr.org
+		- fessenden.npr.org
+
+		Mixed content blocking (MCB) triggered:
+		- elections.npr.org
 -->
 <ruleset name="NPR.org (partial)">
-
-	<target host="kunk.org" />
-	<target host="*.kunk.org" />
 	<target host="npr.org" />
-	<target host="*.npr.org" />
-
-
-	<securecookie host="^support\.kunc\.org$" name=".+" />
-	<!--	Observed cookies:
-
-			^login:
-				- _accelerator_session_id
-			^shop:
-				- ShoppingCartSession
-			^www:
-				- rosi
-						-->
-
-
-	<!--	Cert doesn't match.  Luckily...
-						-->
-	<rule from="^http://(?:www\.)?kunk\.org/"
-		to="https://kunc.drupal.publicbroadcasting.net/" />
-
-	<rule from="^http://support\.kunc\.org/"
-		to="https://support.kunc.org/" />
-
-	<rule from="^http://help\.npr\.org/$"
-		to="https://www.fuzeqna.com/npr/consumer/search.asp" />
-
-	<rule from="^http://help\.npr\.org/npr/"
-		to="https://www.fuzeqna.com/npr/"/>
-
-  <!-- Moved to Akamai, broke
-	<securecookie host="^.*\.npr\.org$" name=".+" />
-	<rule from="^http://(?:media\.|s\.|www\.)?npr\.org/"
-		to="https://www.npr.org/" />
-    -->
-
-	<rule from="^http://shop\.npr\.org/"
-		to="https://shop.npr.org/" />
-
+	<target host="www.npr.org" />
+	<target host="sso.ad.npr.org" />
+	<target host="apps.npr.org" />
+	<target host="blog.apps.npr.org" />
+	<target host="dev.npr.org" />
+	<target host="digitalservices.npr.org" />
+	<target host="cpa.ds.npr.org" />
+		<test url="http://cpa.ds.npr.org/wrkf/audio/2013/01/En_Luisiana,_Los_Cubanos_Tocan_Ranch.mp3" />
+	<target host="generationlisten.npr.org" />
+	<target host="livesessions.npr.org" />
+	<target host="local.npr.org" />
+	<target host="mail.npr.org" />
+	<target host="media.npr.org" />
+		<test url="http://media.npr.org/templates/favicon/favicon-180x180.png" />
+	<target host="news.npr.org" />
+	<target host="one.npr.org" />
+	<target host="partners.npr.org" />
+	<target host="rad.npr.org" />
+	<target host="s.npr.org" />
+		<test url="http://s.npr.org/templates/javascript/lib/modernizr/modernizr.custom.js" />
+	<target host="seamus.npr.org" />
+	<target host="secure.npr.org" />
+	<target host="shop.npr.org" />
+	<target host="sources.npr.org" />
+	<target host="stateimpact.npr.org" />
+	<target host="studio.npr.org" />
+	<target host="support.npr.org" />
+	<target host="text.npr.org" />
+	<target host="tinydeskcontest.npr.org" />
+	<target host="training.npr.org" />
+	<target host="ww.npr.org" />
+	<target host="www-cdn.npr.org" />
+	<target host="www-cf.npr.org" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/NPTEd.org.xml b/src/chrome/content/rules/NPTEd.org.xml
deleted file mode 100644
index d70fb14cf2d1..000000000000
--- a/src/chrome/content/rules/NPTEd.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	^npted.org doesn't exist.
-
--->
-<ruleset name="NPTEd.org">
-
-	<target host="www.npted.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NPario.xml b/src/chrome/content/rules/NPario.xml
deleted file mode 100644
index 79ce120e2327..000000000000
--- a/src/chrome/content/rules/NPario.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	eu sets "nPsegs" wildcard cookie on whichever domain it is loaded
-	from.
-
-
-	Nonfunctional domains:
-
-		- (www.)npario.com *
-		- www.npario-inc.net *
-
-	* http reply
-
-
-	Mixed image on audiencediscovery from www
-
--->
-<ruleset name="nPario (partial)">
-
-	<target host="*.npario.com" />
-	<target host="*.npario-inc.net" />
-
-
-	<securecookie host="^\.?audiencediscovery\.npario\.com$" name=".+" />
-	<!--	Set by eu:
-				-->
-	<securecookie host="^\.npario-inc\.net$" name="^(?:andata|C\d{3}_seg|npidl?|npst)$" />
-
-
-	<rule from="^http://audiencediscovery\.npario\.com/"
-		to="https://audiencediscovery.npario.com/" />
-
-	<rule from="^http://eu\.npario-inc\.net/"
-		to="https://eu.npario-inc.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NQuran.com.xml b/src/chrome/content/rules/NQuran.com.xml
new file mode 100644
index 000000000000..0e99fd307875
--- /dev/null
+++ b/src/chrome/content/rules/NQuran.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="NQuran.com">
+	<target host="nquran.com" />
+	<target host="www.nquran.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NSS_Labs.xml b/src/chrome/content/rules/NSS_Labs.xml
index 44478989097c..7ac18f1f09a1 100644
--- a/src/chrome/content/rules/NSS_Labs.xml
+++ b/src/chrome/content/rules/NSS_Labs.xml
@@ -5,7 +5,7 @@ Fetch error: http://nsslabs.com/ => https://nsslabs.com/: (28, 'Connection timed
 Fetch error: http://dev.nsslabs.com/ => https://dev.nsslabs.com/: (6, 'Could not resolve host: dev.nsslabs.com')
 
 -->
-<ruleset name="NSS Labs.com" default_off='failed ruleset test'>
+<ruleset name="NSS Labs.com" default_off="failed ruleset test">
 
 	<target host="nsslabs.com" />
 	<target host="dev.nsslabs.com" />
diff --git a/src/chrome/content/rules/NTNU.no.xml b/src/chrome/content/rules/NTNU.no.xml
index e0a7999905c8..0d3636572471 100644
--- a/src/chrome/content/rules/NTNU.no.xml
+++ b/src/chrome/content/rules/NTNU.no.xml
@@ -22,7 +22,7 @@ Fetch error: http://er.ntnu.no/ => https://er.ntnu.no/: (60, 'SSL certificate pr
 	* Secured by us
 
 -->
-<ruleset name="NTNU.no" default_off='failed ruleset test'>
+<ruleset name="NTNU.no" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NTP.org.xml b/src/chrome/content/rules/NTP.org.xml
index 2888603a4010..8f7ea48934b6 100644
--- a/src/chrome/content/rules/NTP.org.xml
+++ b/src/chrome/content/rules/NTP.org.xml
@@ -3,7 +3,7 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://lists.ntp.org/ => https://lists.ntp.org/: (60, 'SSL certificate problem: certificate has expired')
 
-	Remark: [0-9].*pool.ntp.org are completely omitted here. 
+	Remark: [0-9].*pool.ntp.org are completely omitted here.
 		*.pool.ntp.org are omitted if they do not give SSL error.
 
 	Non-functional hosts
@@ -74,7 +74,7 @@ Fetch error: http://lists.ntp.org/ => https://lists.ntp.org/: (60, 'SSL certific
 			 - support.ntp.org
 			 - twiki.ntp.org
 -->
-<ruleset name="NTP.org (partial)" default_off='failed ruleset test'>
+<ruleset name="NTP.org (partial)" default_off="failed ruleset test">
 	<target host="lists.ntp.org" />
 
 	<securecookie host="^lists\.ntp\.org$" name=".+" />
diff --git a/src/chrome/content/rules/NTT.com.xml b/src/chrome/content/rules/NTT.com.xml
index 098bcdbf4986..7c544118760e 100644
--- a/src/chrome/content/rules/NTT.com.xml
+++ b/src/chrome/content/rules/NTT.com.xml
@@ -13,10 +13,11 @@ Fetch error: http://ntt.com/ => https://www.ntt.com/: Too many redirects while f
 	* Secured by us
 
 -->
-<ruleset name="NTT.com" default_off='failed ruleset test'>
+<ruleset name="NTT.com" default_off="failed ruleset test">
 
 	<target host="ntt.com" />
-	<target host="*.ntt.com" />
+	<target host="www.ntt.com" />
+	<target host="support.ntt.com" />
 
 
 	<!--	Secured by server:
@@ -34,7 +35,6 @@ Fetch error: http://ntt.com/ => https://www.ntt.com/: Too many redirects while f
 	<rule from="^http://(?:www\.)?ntt\.com/"
 		to="https://www.ntt.com/" />
 
-	<rule from="^http://support\.ntt\.com/"
-		to="https://support.ntt.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NTTCom.xml b/src/chrome/content/rules/NTTCom.xml
index df9af0605342..6fb5c5e17c3f 100644
--- a/src/chrome/content/rules/NTTCom.xml
+++ b/src/chrome/content/rules/NTTCom.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.digitalforest.co.jp/ => https://www.digitalforest.co.jp/
 		- nttcoms.com	(cert only matches www)
 
 -->
-<ruleset name="NTTCom" default_off='failed ruleset test'>
+<ruleset name="NTTCom" default_off="failed ruleset test">
 
 	<target host="www.digitalforest.co.jp" />
 	<target host="nttcoms.com" />
diff --git a/src/chrome/content/rules/NTU.edu.tw.xml b/src/chrome/content/rules/NTU.edu.tw.xml
index 754367a44163..f8161c8e38e0 100644
--- a/src/chrome/content/rules/NTU.edu.tw.xml
+++ b/src/chrome/content/rules/NTU.edu.tw.xml
@@ -108,7 +108,7 @@ Fetch error: http://galogin.ntu.edu.tw/ => https://galogin.ntu.edu.tw/: (60, 'SS
 	Mixed content:
 
 		- css, on:
-		
+
 			- epaper from $self ˢ
 			- galong from fonts.googleapis.com ˢ
 
@@ -126,7 +126,7 @@ Fetch error: http://galogin.ntu.edu.tw/ => https://galogin.ntu.edu.tw/: (60, 'SS
 	ˢ Secured by us
 
 -->
-<ruleset name="NTU.edu.tw (partial)" default_off='failed ruleset test'>
+<ruleset name="NTU.edu.tw (partial)" default_off="failed ruleset test">
 
 	<target host="adfs.ntu.edu.tw" />
 
diff --git a/src/chrome/content/rules/NTVSpor.xml b/src/chrome/content/rules/NTVSpor.xml
index b225436c2c5c..3b189f605c01 100644
--- a/src/chrome/content/rules/NTVSpor.xml
+++ b/src/chrome/content/rules/NTVSpor.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.ntvspor.net/ => https://www.ntvspor.net/: Too many redir
 Fetch error: http://ntvspor.net/ => https://www.ntvspor.net/: Too many redirects while fetching 'https://www.ntvspor.net/'
 
 -->
-<ruleset name="NTVSpor" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NTVSpor" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.ntvspor.net" />
   <target host="ntvspor.net" />
 
diff --git a/src/chrome/content/rules/NVMExpress.org.xml b/src/chrome/content/rules/NVMExpress.org.xml
new file mode 100644
index 000000000000..4cc0d250c399
--- /dev/null
+++ b/src/chrome/content/rules/NVMExpress.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- www.nvmexpress.org
+-->
+
+<ruleset name="NVMExpress.org">
+	<target host="nvmexpress.org" />
+	<target host="www.nvmexpress.org" />
+	<target host="workspace.nvmexpress.org" />
+
+	<rule from="^http://www\.nvmexpress\.org/"
+		to="https://nvmexpress.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NVidia-mismatches.xml b/src/chrome/content/rules/NVidia-mismatches.xml
deleted file mode 100644
index 26580f2e8154..000000000000
--- a/src/chrome/content/rules/NVidia-mismatches.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see NVidia.xml.
-
--->
-<ruleset name="nVidia (mismatches)" default_off="mismatched">
-
-	<target host="blogs.nvidia.com" />
-	<target host="nvidianews.nvidia.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NVidia.co.uk.xml b/src/chrome/content/rules/NVidia.co.uk.xml
index 24a98f3e2af4..5e8f19408b3c 100644
--- a/src/chrome/content/rules/NVidia.co.uk.xml
+++ b/src/chrome/content/rules/NVidia.co.uk.xml
@@ -16,7 +16,7 @@ Non-2xx HTTP code: http://nvidia.co.uk/ (200) => https://www.nvidia.co.uk/ (504)
 	² Akamai
 
 -->
-<ruleset name="nVidia.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="nVidia.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NVidia.eu.xml b/src/chrome/content/rules/NVidia.eu.xml
index 3339b4b83070..015a3f046e5d 100644
--- a/src/chrome/content/rules/NVidia.eu.xml
+++ b/src/chrome/content/rules/NVidia.eu.xml
@@ -14,7 +14,7 @@ Fetch error: http://partners.nvidia.eu/ => https://partners.nvidia.eu/: (60, 'SS
 	* Zendesk
 
 -->
-<ruleset name="nVidia.eu (partial)" default_off='failed ruleset test'>
+<ruleset name="nVidia.eu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NVidia.ru.xml b/src/chrome/content/rules/NVidia.ru.xml
index 9a4712a9dfaf..de82be2f3eaf 100644
--- a/src/chrome/content/rules/NVidia.ru.xml
+++ b/src/chrome/content/rules/NVidia.ru.xml
@@ -23,7 +23,7 @@
 	<test url="http://www.nvidia.ru/shield/" />
 
 	<rule from="^http://(shield|store|support-shield)\.nvidia\.ru/" to="https://$1.nvidia.ru/" />
-	
+
 	<!-- These exclusions are required for the tests to pass. -->
 	<exclusion pattern="^http://nvidia\.ru/$" />
 	<exclusion pattern="^http://www.nvidia\.ru/$" />
diff --git a/src/chrome/content/rules/NVidia.xml b/src/chrome/content/rules/NVidia.xml
index 15722a3048bb..593174afa66f 100644
--- a/src/chrome/content/rules/NVidia.xml
+++ b/src/chrome/content/rules/NVidia.xml
@@ -1,8 +1,5 @@
 <!--
-	For problematic rules, see NVidia-mismatches.xml.
-
 	Other nVidia rulesets:
-		- 3D_Vision_Live.com.xml
 		- GeForce.com.xml
 		- NVidia.ru.xml
 
@@ -22,15 +19,19 @@
 		- www.nvidia.com.edgesuite.net
 
 	Nonfunctional subdomains:
-		- blogs ¹
 		- news.developer ²
 		- ngvpn04.nvidia.com ²
 		- ngvpn12.nvidia.com ²
+		- ngvpn15.nvidia.com ²
+		- ngvpn31.nvidia.com ²
+		- ngvpn32.nvidia.com ²
+		- ngvpn33.nvidia.com ²
 		- download.gfe ²
 		- download-dce-2.gfe ²
 		- investor ²
 		- origin-forums ²
 		- research.nvidia.com ³
+		- nbound.nvidia.com ¹
 
 	¹ 503
 	² Dropped
@@ -44,8 +45,8 @@
 		- http.developer ²
 		- developer.download ²
 		- us.download ²
-		- enterprisesupport	Missing certificate chain
 		- forums ³
+		- enterprisesupport	Missing certificate chain
 		- ftpservices-uk	Missing certificate chain
 		- ngvpn ²
 		- ngvpn17 ⁴
@@ -109,36 +110,31 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="account.nvidia.com" />
+	<target host="blogs.nvidia.com" />
+	<target host="careers.nvidia.com" />
 	<target host="contests.nvidia.com" />
 	<target host="developer.nvidia.com" />
 	<target host="devtalk.nvidia.com" />
-	<!--target host="enterprisesupport.nvidia.com" /-->
-	<!--target host="ftpservices-uk.nvidia.com" /-->
 	<target host="download-cdn.gfe.nvidia.com" />
 	<target host="gridforums.nvidia.com" />
 	<target host="images.nvidia.com" />
-	<target host="nbound.nvidia.com" />
 	<target host="ngvpn01.nvidia.com" />
 	<target host="ngvpn03.nvidia.com" />
 	<target host="ngvpn05.nvidia.com" />
 	<target host="ngvpn10.nvidia.com" />
 	<target host="ngvpn13.nvidia.com" />
-	<target host="ngvpn15.nvidia.com" />
 	<target host="ngvpn16.nvidia.com" />
 	<target host="ngvpn19.nvidia.com" />
 	<target host="ngvpn20.nvidia.com" />
 	<target host="ngvpn21.nvidia.com" />
 	<target host="ngvpn30.nvidia.com" />
-	<target host="ngvpn31.nvidia.com" />
-	<target host="ngvpn32.nvidia.com" />
-	<target host="ngvpn33.nvidia.com" />
 	<target host="ngvpn34.nvidia.com" />
 	<target host="ngvpn35.nvidia.com" />
 	<target host="ngvpn36.nvidia.com" />
 	<target host="ngvpn37.nvidia.com" />
 	<target host="partners.nvbugs.nvidia.com" />
 	<target host="nvdeveloper.nvidia.com" />
-	<!--target host="nvidianews.nvidia.com" /-->
+	<target host="nvidianews.nvidia.com" />
 	<target host="partners.nvidia.com" />
 	<target host="es.pforce.nvidia.com" />
 	<target host="redeem.nvidia.com" />
@@ -150,11 +146,9 @@
 	<!--	Complications:
 				-->
 	<target host="nvidia.com" />
-	<target host="careers.nvidia.com" />
 
 	<target host="forums.nvidia.com" />
 	<target host="nsomniture.nvidia.com" />
-	<target host="omniture.nvidia.com" />
 
 		<!--	Some pages redirect to http.
 							-->
@@ -188,20 +182,15 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<!--	Redirect drops path, args,
-		and forward slash:
-					-->
-	<rule from="^http://careers\.nvidia\.com/.*"
-		to="https://www.nvidia.com/object/careers.html" />
-
-		<test url="http://careers.nvidia.com/?" />
-		<test url="http://careers.nvidia.com//" />
+	<rule from="^http://nvidia\.com/"
+		to="https://www.nvidia.com/" />
 
 	<rule from="^http://forums\.nvidia\.com/"
 		to="https://forums.geforce.com/" />
 
-	<rule from="^http://(?:ns)?omniture\.nvidia\.com/"
+	<rule from="^http://nsomniture\.nvidia\.com/"
 		to="https://nvidia.122.2o7.net/" />
 
-	<rule from="^http:"	to="https:" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NVisium.com.xml b/src/chrome/content/rules/NVisium.com.xml
index f6a81a87f14d..8f9a78ef40a8 100644
--- a/src/chrome/content/rules/NVisium.com.xml
+++ b/src/chrome/content/rules/NVisium.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://blog.nvisium.com/ => https://blog.nvisium.com/: (6, 'Could n
 	ˢ Secured by us
 
 -->
-<ruleset name="NVisium.com" default_off='failed ruleset test'>
+<ruleset name="NVisium.com" default_off="failed ruleset test">
 
 	<target host="nvisium.com" />
 	<target host="blog.nvisium.com" />
diff --git a/src/chrome/content/rules/NXBus.co.uk.xml b/src/chrome/content/rules/NXBus.co.uk.xml
new file mode 100644
index 000000000000..3f36c07a4c8c
--- /dev/null
+++ b/src/chrome/content/rules/NXBus.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="NXBus.co.uk">
+	<target host="nxbus.co.uk" />
+	<target host="secure.nxbus.co.uk" />
+	<target host="www.nxbus.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml b/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml
index 0097fcfaa072..4c93a2e949a5 100644
--- a/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml
+++ b/src/chrome/content/rules/NYDailyNews.com-falsemixed.xml
@@ -1,13 +1,26 @@
 <!--
 	For rules not causing false/broken MCB, see NYDailyNews.xml.
+
+	Server error:
+		- nydailynews.com/(autos|horoscopes)
+
+	SSL error:
+		- nydailynews.com, equivalent to www.nydailynews.com
 -->
+
 <ruleset name="NYDailyNews (false MCB)" platform="mixedcontent">
 
 	<target host="nydailynews.com" />
 	<target host="www.nydailynews.com" />
 
+	<rule from="^http://nydailynews\.com/"
+		  to="https://www.nydailynews.com/" />
+
+	<exclusion pattern="^http://www\.nydailynews\.com/(autos|horoscopes)" />
+		<test url="http://www.nydailynews.com/autos" />
+		<test url="http://www.nydailynews.com/autos/" />
+		<test url="http://www.nydailynews.com/horoscopes" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NYDailyNews.xml b/src/chrome/content/rules/NYDailyNews.xml
index 7bdbd6957de2..aaee3f6af7cf 100644
--- a/src/chrome/content/rules/NYDailyNews.xml
+++ b/src/chrome/content/rules/NYDailyNews.xml
@@ -1,6 +1,4 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://nydailynews.com/ => http://nydailynews.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	For rules causing false/broken MCB, see NYDailyNews.com-falsemixed.xml.
 
 
@@ -15,33 +13,26 @@ Fetch error: http://nydailynews.com/ => http://nydailynews.com/: (60, 'SSL certi
 			- .hs. doesn't exist
 			- assets
 			- multimedia
-			- static[123]
 
 
 	Nonfunctional subdomains:
 
-		- assets ²
+		- assets: Invalid certificate. Also causes CORS problem, see https://github.com/EFForg/https-everywhere/pull/11514
+		- classifieds: Works; mismatched, CN: *.adperfect.com
+		- creative.nydailynews.com: Works; mismatched, CN: *.creatavist.com
+		- games.nydailynews.com: Timed out
+		- homedelivery.nydailynews.com: Self-signed certificate
+		- interactive.nydailynews.com: 500; mismatched, CN: a248.e.akamai.net
+		- live.nydailynews.com: Works; mismatched, CN: *.scribblelive.com
+		- liveblog.nydailynews.com: Works; mismatched, CN: *.scribblelive.com
+		- local.nydailynews.com: Works; mismatched, CN: *.localedge.com
+		- m: Invalid certificate
 		- multimedia *
+		- obituaries: 400; mismatched, CN: *.legacy.com
+		- video: Works; mismatched, CN: *.newsinc.com
+		- webport1.nydailynews.com:8443: Chain issue (missing intermediate certificate)
 
-	* 400; mismatched, CN: *.hs.llnwd.net
-	² redirects to www and causes CORS problem, see https://github.com/EFForg/https-everywhere/pull/11514
-
-
-	Problematic subdomains:
-
-		- classifieds ²
-		- static[123] *
-
-	* 400; mismatched, CN: *.hs.llnwd.net
-	² Works; mismatched, CN: *.adperfect.com
-
-
-	Fully covered subdomains:
-
-		- homedelivery
-		- webport
-		- webport...:8443
-		- webport1...:8443
+	* 400; mismatched, CN: a248.e.akamai.net
 
 
 	Mixed content:
@@ -55,10 +46,6 @@ Fetch error: http://nydailynews.com/ => http://nydailynews.com/: (60, 'SSL certi
 
 			- classifieds from *.cloudfront.net *
 
-	Mixed image on www from multimedia
-
-			- www from static[123] *
-
 
 		Web bugs, on www from:
 
@@ -70,29 +57,14 @@ Fetch error: http://nydailynews.com/ => http://nydailynews.com/: (60, 'SSL certi
 			- i.simpli.fi *
 
 	* Secured by us
-
 -->
-<ruleset name="NYDailyNews (partial)">
-
-	<target host="nydailynews.com" />
-	<target host="*.nydailynews.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://classifieds\.nydailynews\.com/+(?!resource/)"/>
-		<exclusion pattern="^http://www\.nydailynews\.com/+(?!cmlink/|nydn/|polopoly_fs/)" />
 
+<ruleset name="NYDailyNews (partial)">
+	<target host="beta.nydailynews.com" />
+	<target host="myaccount2.nydailynews.com" />
+	<target host="placeanad.nydailynews.com" />
 
 	<securecookie host="^[^@:/]*\.nydailynews\.com$" name=".+" />
 
-
-	<rule from="^http://(?:static\d|www)\.nydailynews\.com/"
-		to="https://www.nydailynews.com/" />
-
-	<rule from="^http://(classifiedads|homedelivery|webport1?)\.nydailynews\.com(:8443)?/"
-		to="https://$1.nydailynews.com$2/" />
-
-	<rule from="^http://classifieds\.nydailynews\.com/resource/"
-		to="https://casmp.adperfect.com/resource/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NYI.net-falsemixed.xml b/src/chrome/content/rules/NYI.net-falsemixed.xml
index 67fc5290b1f2..6d4f4c68a601 100644
--- a/src/chrome/content/rules/NYI.net-falsemixed.xml
+++ b/src/chrome/content/rules/NYI.net-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://webmail.nyi.net/ => https://webmail.nyi.net/: (28, 'Connecti
 	For rules not causing broken MCB, see NYI.net.xml.
 
 -->
-<ruleset name="NYI.net (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NYI.net (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NYI.net.xml b/src/chrome/content/rules/NYI.net.xml
index dea7f2355427..9e44be313fb5 100644
--- a/src/chrome/content/rules/NYI.net.xml
+++ b/src/chrome/content/rules/NYI.net.xml
@@ -28,7 +28,7 @@ Fetch error: http://webmail.nyi.net/webmailimages/sm_logo_tp.png => https://webm
 	* Secured by us
 
 -->
-<ruleset name="NYI.net (partial)" default_off='failed ruleset test'>
+<ruleset name="NYI.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml b/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml
index 20140d430eb0..16d8d5bf31f7 100644
--- a/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml
+++ b/src/chrome/content/rules/NYK_Europe.com-falsemixed.xml
@@ -12,7 +12,7 @@ Fetch error: http://nykeurope.com/ => https://nykeurope.com/: Too many redirects
 	For rules not causing mixed content, see NYK_Europe.com.xml.
 
 -->
-<ruleset name="NYK Europe.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NYK Europe.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="nykeurope.com" />
 	<target host="*.nykeurope.com" />
diff --git a/src/chrome/content/rules/NYMag.com.xml b/src/chrome/content/rules/NYMag.com.xml
new file mode 100644
index 000000000000..9b215b2a3b13
--- /dev/null
+++ b/src/chrome/content/rules/NYMag.com.xml
@@ -0,0 +1,17 @@
+<!--
+	SSL protocol error:
+		- mediakit.nymag.com
+-->
+
+<ruleset name="NYMag.com">
+	<target host="nymag.com" />
+	<target host="www.nymag.com" />
+	<target host="images.nymag.com" />
+	<target host="subs.nymag.com" />
+	<target host="taste.nymag.com" />
+	<target host="test.nymag.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYSE_Euronext.xml b/src/chrome/content/rules/NYSE_Euronext.xml
index 1eb0f6366fab..858e33897eb4 100644
--- a/src/chrome/content/rules/NYSE_Euronext.xml
+++ b/src/chrome/content/rules/NYSE_Euronext.xml
@@ -32,10 +32,23 @@ Fetch error: http://nyx.com/ => https://www.nyx.com/: (28, 'Resolving timed out
 		- usequities
 
 -->
-<ruleset name="NYSE Euronext" default_off='failed ruleset test'>
+<ruleset name="NYSE Euronext" default_off="failed ruleset test">
 
 	<target host="nyx.com" />
-	<target host="*.nyx.com" />
+	<target host="www.nyx.com" />
+	<target host="bonds.nyx.com" />
+	<target host="connect.nyx.com" />
+	<target host="corporate.nyx.com" />
+	<target host="etp.nyx.com" />
+	<target host="euconsumer.nyx.com" />
+	<target host="europeanequities.nyx.com" />
+	<target host="exchanges.nyx.com" />
+	<target host="globalderivatives.nyx.com" />
+	<target host="indices.nyx.com" />
+	<target host="markets.nyx.com" />
+	<target host="nyse.nyx.com" />
+	<target host="nysetechnologies.nyx.com" />
+	<target host="usequities.nyx.com" />
 
 
 	<securecookie host="^(?:bonds|connect|etp|euconsumer|europeanequities|exchanges|globalderivatives|indices|markets|nyse|nysetechnologies|usequities|www)\.nyx\.com$" name=".+" />
@@ -44,7 +57,6 @@ Fetch error: http://nyx.com/ => https://www.nyx.com/: (28, 'Resolving timed out
 	<rule from="^http://(?:www\.)?nyx\.com/"
 		to="https://www.nyx.com/" />
 
-	<rule from="^http://(bonds|connect|corporate|etp|euconsumer|europeanequities|exchanges|globalderivatives|indices|markets|nyse|nysetechnologies|usequities)\.nyx\.com/"
-		to="https://$1.nyx.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NYT_Co.com.xml b/src/chrome/content/rules/NYT_Co.com.xml
index b0ae60b22a7b..7b8a083bd965 100644
--- a/src/chrome/content/rules/NYT_Co.com.xml
+++ b/src/chrome/content/rules/NYT_Co.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other New York Times coverage, see 
+	For other New York Times coverage, see
 		+ NYTimes.xml
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/NYTimes-Problematic.xml b/src/chrome/content/rules/NYTimes-Problematic.xml
deleted file mode 100644
index 44c4a278c603..000000000000
--- a/src/chrome/content/rules/NYTimes-Problematic.xml
+++ /dev/null
@@ -1,140 +0,0 @@
-<!--
-	For other New York Times coverage, see NYTimes.xml.
--->
-<ruleset name="NYTimes-Problematic">
-	<!-- As of 4/2017, 5th level .blogs.nytimes.com domains do not support SSL.
-		https://this.host.blogs.nytimes.com/
-		https://exists.not.blogs.nytimes.com/
-			-->
-	<target host="*.blogs.nytimes.com" />
-	<rule from="^http://([\w-]+)\.blogs\.nytimes\.com/" to="https://$1.blogs.nytimes.com/" />
-		<test url="http://firstlook.blogs.nytimes.com/" />
-		<test url="http://lens.blogs.nytimes.com/" />
-		<test url="http://newoldage.blogs.nytimes.com/" />
-
-	<!--	Redirect keeps path, but not args nor forward slash:	-->
-	<target host="documents.nytimes.com" />
-	<rule from="^http://documents\.nytimes\.com/+([^?]*)"
-		to="https://www.nytimes.com/interactive/projects/documents/$1" />
-		<test url="http://documents.nytimes.com/index.htm" />
-		<test url="http://documents.nytimes.com/index.html" />
-
-	<!--	Redirects to http:	-->
-	<target host="www.global.nytimes.com" />
-	<rule from="^http://www\.global\.nytimes\.com/"
-		to="https://www.nytimes.com/" />
-		<test url="http://www.global.nytimes.com/svc/web-products/userinfo-v2.json" />
-
-	<!--	Redirect drops path and forward slash, but not args:	-->
-	<target host="jobmarket.nytimes.com" />
-	<rule from="^http://jobmarket\.nytimes\.com/[^?]*"
-		to="https://www.nytimes.com/section/jobs" />
-		<test url="http://jobmarket.nytimes.com/index.html" />
-
-	<target host="pimage.timespeople.nytimes.com" />
-	<rule from="^http://pimage\.timespeople\.nytimes\.com/"
-		to="https://s3.amazonaws.com/pimage.timespeople.nytimes.com/" />
-
-	<!--	Mixed content: -->
-	<target host="query.nytimes.com" />
-		<exclusion pattern="^http://query\.nytimes\.com/mem/archive-free/pdf" />
-			<test url="http://query.nytimes.com/mem/archive-free/pdf?res=9806E2D61438EE32A25753C1A9679C946696D6CF" />
-			<test url="http://query.nytimes.com/mem/archive-free/pdf?res=940DE7D71F31E233A2575AC1A9609C946396D6CF" />
-			<test url="http://query.nytimes.com/mem/archive-free/pdf?res=9B00E0DE153AE03ABC4053DFBF668382609EDE" />
-	<rule from="^http://query\.nytimes\.com/"
-		to="https://query.nytimes.com/" />
-		<test url="http://query.nytimes.com/search/" />
-		<test url="http://query.nytimes.com/search/sitesearch/" />
-
-	<!--	Too many redirects:	-->
-	<target host="regilite.nytimes.com" />
-	<rule from="^http://regilite\.nytimes\.com/regilite\?product="
-		to="https://www.nytimes.com/newsletters/regilite/button?product=" />
-		<test url="http://regilite.nytimes.com/regilite?product=TY" />
-
-	<rule from="^http://regilite\.nytimes\.com/$" to="https://www.nytimes.com/" />
-
-	<!--	Redirect drops args and forward slash:	-->
-	<target host="travel.nytimes.com" />
-	<rule from="^http://travel\.nytimes\.com/(?:$|\?.*)"
-		to="https://www.nytimes.com/section/travel" />
-		<test url="http://travel.nytimes.com/?" />
-		<test url="http://travel.nytimes.com//?" />
-
-	<rule from="^http://travel\.nytimes\.com/"
-		to="https://www.nytimes.com/" />
-	<!--	travis errors: Too many redirects:
-		<test url="http://travel.nytimes.com/2005/08/03/business/03react.html" />
-		<test url="http://travel.nytimes.com/2005/06/24/opinion/24fri2.html" />
-			-->
-		<test url="http://travel.nytimes.com/section/realestate" />
-
-	<target host="www.nytimes.com" />
-	<!--	Redirects to http first:	-->
-	<rule from="^http://www\.nytimes\.com/twitter"
-		to="https://twitter.com/nytimes" />
-		<test url="http://www.nytimes.com/twitter" />
-		<test url="http://www.nytimes.com/twitter?" />
-
-	<!--	Redirects to http:	-->
-	<rule from="^http://www\.nytimes\.com/"
-		to="https://www.nytimes.com/" />
-		<exclusion pattern="^http://www\.nytimes\.com/(alweekend|books/|citiesfortomorrow|content/help/contact/directory\.html|css/|edu-|educationleftnav|elections|events|favicon\.ico|js/|leadership|marketing/|mem/|membercenter|mostpopular|newsletters|newwork|pages/|ref/|roomfordebate|rss|search/|services/|share|tpnav|vrlpsublink)" />
-			<!--	+ve:	-->
-			<test url="http://www.nytimes.com/alweekend" />
-			<test url="http://www.nytimes.com/books/first/n/novick-holocaust.html" />
-			<test url="http://www.nytimes.com/citiesfortomorrow" />
-			<test url="http://www.nytimes.com/content/help/contact/directory.html" />
-			<test url="http://www.nytimes.com/css/article.css" />
-			<test url="http://www.nytimes.com/edu-leftnav" />
-			<test url="http://www.nytimes.com/edu-rightnav" />
-			<test url="http://www.nytimes.com/educationleftnav" />
-			<test url="http://www.nytimes.com/elections" />
-			<test url="http://www.nytimes.com/elections/results/president" />
-			<test url="http://www.nytimes.com/elections/results/tennessee" />
-			<test url="http://www.nytimes.com/events" />
-			<test url="http://www.nytimes.com/favicon.ico" />
-			<test url="http://www.nytimes.com/js/browserSize.js" />
-			<test url="http://www.nytimes.com/leadership" />
-			<test url="http://www.nytimes.com/marketing/nytvr/" />
-			<test url="http://www.nytimes.com/mem/email.html" />
-			<test url="http://www.nytimes.com/membercenter" />
-			<test url="http://www.nytimes.com/membercenter/help.html" />
-			<test url="http://www.nytimes.com/mostpopular" />
-			<test url="http://www.nytimes.com/newsletters" />
-			<test url="http://www.nytimes.com/newsletters/dealbook" />
-			<test url="http://www.nytimes.com/newsletters/newyorktoday" />
-			<test url="http://www.nytimes.com/newwork" />
-			<test url="http://www.nytimes.com/pages/books/index.html" />
-			<test url="http://www.nytimes.com/pages/todayspaper/index.html" />
-			<test url="http://www.nytimes.com/ref/membercenter/help/infoservdirectory.html" />
-			<test url="http://www.nytimes.com/ref/sports/baseball/2002NL-SUMMARY.html" />
-			<test url="http://www.nytimes.com/roomfordebate" />
-			<test url="http://www.nytimes.com/rss" />
-			<test url="http://www.nytimes.com/search/" />
-			<test url="http://www.nytimes.com/services/mobile/" />
-			<test url="http://www.nytimes.com/share" />
-			<test url="http://www.nytimes.com/tpnav" />
-			<test url="http://www.nytimes.com/vrlpsublink" />
-			<!--	-ve:	-->
-			<test url="http://www.nytimes.com/2017/03/07/opinion/peanut-butter-on-the-trump-teams-chins.html" />
-			<test url="http://www.nytimes.com/by/eduardo-porter" />
-			<test url="http://www.nytimes.com/column/fixes" />
-			<test url="http://www.nytimes.com/column/trilobites" />
-			<test url="http://www.nytimes.com/content/help/front.html" />
-			<test url="http://www.nytimes.com/interactive/2017/03/08/upshot/who-wins-and-who-loses-under-republicans-health-care-plan.html" />
-			<test url="http://www.nytimes.com/podcasts/" />
-			<test url="http://www.nytimes.com/section/arts" />
-			<test url="http://www.nytimes.com/section/fashion" />
-			<test url="http://www.nytimes.com/section/jobs" />
-			<test url="http://www.nytimes.com/store" />
-			<test url="http://www.nytimes.com/subscriptions/switch/lp8964W.html" />
-			<test url="http://www.nytimes.com/times-journeys" />
-			<test url="http://www.nytimes.com/times-journeys/travel/a-transatlantic-crossing-with-the-times-crossword/" />
-			<test url="http://www.nytimes.com/trending" />
-			<test url="http://www.nytimes.com/video" />
-			<test url="http://www.nytimes.com/video/sports" />
-			<test url="http://www.nytimes.com/watching" />
-			<test url="http://www.nytimes.com/watching/recommendations/train-to-busan" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NYTimes.xml b/src/chrome/content/rules/NYTimes.xml
index 660bb54678b7..feffd672a6ec 100644
--- a/src/chrome/content/rules/NYTimes.xml
+++ b/src/chrome/content/rules/NYTimes.xml
@@ -1,12 +1,8 @@
 <!--
 	Other New York Times rulesets:
-		- NYTimes-Problematic.xml
 		- NewYorkTimes.com.xml
 		- NYT.com.xml
 		- NYT_cn.me.xml
-		- NYT_eXaminer.com.xml
-		- INYT.com.xml
-		- nyttips4bmquxfzw.onion.xml
 
 	CDN buckets:
 		- pimage.timespeople.nytimes.com.amazonaws.com
@@ -20,21 +16,21 @@
 		- dealbook.on ʳ
 		- spiderbites ᵈ
 		- topics ʳ
+    - messaging-notifications.api.nytimes.com ⁴
 	⁴ 404
 	ᵈ Dropped
 	ʳ Refused
 
 	Problematic hosts in *nytimes.com:
-		- ads ʰ
-		- assets ¹
-		- documents ᵐ
+		- content.api ᶜ
+		- beta620 ʰ
+		- developers ᶜ
 		- elections ᵐ
-		- jobs ᶜ
+		- www.global ᵐ
 		- json8 ʰ
+		- travels ʰ
 		- wt.o ᵐ
 		- pimage.timespeople ¹
-		- query ²
-		- travel ᵈ
 	¹ AmazonAWS / mismatched
 	ᶜ Missing certificate chain
 	ᵈ Dropped, preemptable redirect
@@ -45,26 +41,26 @@
 
 	Too many redirects:
 		homedelivery.nytimes.com
-		regilite.nytimes.com
-
-	Problematic hosts in *nytimesathome.com:
-		- ^ ᵐ
-		- www ᵐ
 
 -->
 <ruleset name="NYTimes">
 	<target host="nytimes.com" />
-	<target host="messaging-notifications.api.nytimes.com" />
-		<test url="http://messaging-notifications.api.nytimes.com/svc/message/v1/list/global.json" />
-	<target host="assets-origin.nytimes.com" />
-		<test url="http://assets-origin.nytimes.com/analytics/tagx-simple.min.js" />
-	<target host="beta620.nytimes.com" />
+	<target host="www.nytimes.com" />
+
+	<target host="ads.nytimes.com" />
+	<!-- <target host="messaging-notifications.api.nytimes.com" /> -->
+	<target host="firstlook.blogs.nytimes.com" />
+	<target host="lens.blogs.nytimes.com" />
+	<target host="newoldage.blogs.nytimes.com" />
+
 	<target host="cn.nytimes.com" />
+
 	<target host="dealbook.nytimes.com" />
-	<target host="developer.nytimes.com" />
 	<target host="developers.nytimes.com" />
+	<target host="documents.nytimes.com" />
+
 	<target host="et.nytimes.com" />
-	<target host="global.nytimes.com" />
+
 	<target host="graphics.nytimes.com" />
 		<test url="http://graphics.nytimes.com/subscriptions/components/img/icons/icons_gift.png" />
 	<target host="graphics8.nytimes.com" />
@@ -72,15 +68,28 @@
 		<test url="http://graphics8.nytimes.com/css/common/global.css" />
 		<test url="http://graphics8.nytimes.com/images/blogs_v5/artsbeat/artsbeat_main.png" />
 		<test url="http://graphics8.nytimes.com/images/misc/nytlogo153x23.gif" />
+
 	<target host="international.nytimes.com" />
+
+	<target host="jobs.nytimes.com" />
+	<target host="jobmarket.nytimes.com" />
+
 	<target host="meter-svc.nytimes.com" />
 	<target host="myaccount.nytimes.com" />
 	<target host="markets.on.nytimes.com" />
 		<test url="http://markets.on.nytimes.com/research/Net/SectionFrontAPI/MarketModuleData/jsonp" />
+	<target host="mwcm.nytimes.com" />
+
+	<target host="purr.nytimes.com" />
+	<target host="query.nytimes.com" />
+	<target host="regilite.nytimes.com" />
+
+	<target host="samizdat-graphql.nytimes.com" />
 	<target host="static.nytimes.com" />
+
 	<target host="typeface.nytimes.com" />
+
 	<target host="up.nytimes.com" />
-	<target host="tagx.nytimes.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/NZBMatrix.xml b/src/chrome/content/rules/NZBMatrix.xml
index a9eb67a9fa0d..a270d730bd88 100644
--- a/src/chrome/content/rules/NZBMatrix.xml
+++ b/src/chrome/content/rules/NZBMatrix.xml
@@ -3,11 +3,13 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nzbmatrix.com/ => https://nzbmatrix.com/: (28, 'Resolving timed out after 10519 milliseconds')
 -->
 <ruleset name="nzbmatrix">
-  <target host="*.nzbmatrix.com" />
+  <target host="www.nzbmatrix.com" />
+  <target host="search.nzbmatrix.com" />
+  <target host="static.nzbmatrix.com" />
   <target host="nzbmatrix.com" />
-  
+
   <securecookie host="^(?:. .)nzbmatrix\.com$" name=".+" />
-  
+
   <rule from="^http://(?:www\.)?nzbmatrix\.com/" to="https://nzbmatrix.com/"/>
-  <rule from="^http://(search|static)\.nzbmatrix\.com/" to="https://$1.nzbmatrix.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NZF.org.uk.xml b/src/chrome/content/rules/NZF.org.uk.xml
new file mode 100644
index 000000000000..83f7ae3b5a42
--- /dev/null
+++ b/src/chrome/content/rules/NZF.org.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="NZF.org.uk">
+	<target host="nzf.org.uk" />
+	<target host="www.nzf.org.uk" />
+	<target host="go.nzf.org.uk" />
+	<target host="help.nzf.org.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml b/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml
index b90cab728772..8e214e03773b 100644
--- a/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml
+++ b/src/chrome/content/rules/NZ_Herald.co.nz-problematic.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?nzherald\.co\.nz/"
 		to="https://www.nzherald.co.nz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nabble.com.xml b/src/chrome/content/rules/Nabble.com.xml
new file mode 100644
index 000000000000..e5979a0eb428
--- /dev/null
+++ b/src/chrome/content/rules/Nabble.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Nabble.com has hundreds of subdomains like watchophilia-forums.32196.x6.nabble.com,
+	some support HTTPS while the others do not, with no apparent pattern.
+-->
+<ruleset name="Nabble.com (partial)">
+	<target host="nabble.com" />
+	<target host="www.nabble.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nadim.computer.xml b/src/chrome/content/rules/Nadim.computer.xml
deleted file mode 100644
index 3cf644dd01dd..000000000000
--- a/src/chrome/content/rules/Nadim.computer.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.nadim.computer/ => https://www.nadim.computer/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nadim.computer'")
-
-	Insecure cookies are set for these domains:
-
-		- .nadim.computer
-
--->
-<ruleset name="Nadim.computer" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="nadim.computer" />
-	<target host="www.nadim.computer" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.nadim\.computer$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.nadim\.computer$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nagios.com.xml b/src/chrome/content/rules/Nagios.com.xml
new file mode 100644
index 000000000000..3ee9ca2a5383
--- /dev/null
+++ b/src/chrome/content/rules/Nagios.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Other Nagios rulesets:
+		- Nagios.org.xml
+
+	Nonfunctional hosts in *.nagios.com:
+		- nagioscore.demos.nagios.com (r)
+		- nagiosfusion.demos.nagios.com (r)
+		- nagiosls.demos.nagios.com (r)
+		- nagiosna.demos.nagios.com (r)
+		- nagiosxi.demos.nagios.com (r)
+		- reactor.nagios.com (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nagios.com">
+	<target host="nagios.com" />
+	<target host="www.nagios.com" />
+	<target host="assets.nagios.com" />
+	<target host="demos.nagios.com" />
+	<target host="dev.nagios.com" />
+	<target host="exchange.nagios.com" />
+	<target host="go.nagios.com" />
+	<target host="labs.nagios.com" />
+	<target host="library.nagios.com" />
+	<target host="repo.nagios.com" />
+	<target host="resellers.nagios.com" />
+	<target host="support.nagios.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nagios.org.xml b/src/chrome/content/rules/Nagios.org.xml
new file mode 100644
index 000000000000..8dfe84c39177
--- /dev/null
+++ b/src/chrome/content/rules/Nagios.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Other Nagios rulesets:
+		- Nagios.com.xml
+
+	Nonfunctional hosts in *.nagios.org:
+		- labs.nagios.org (m)
+		- wiki.nagios.org (wrong content)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nagios.org">
+	<target host="nagios.org" />
+	<target host="www.nagios.org" />
+	<target host="exchange.nagios.org" />
+	<target host="ideas.nagios.org" />
+	<target host="old.nagios.org" />
+	<target host="tracker.nagios.org" />
+	<target host="users.nagios.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nagra.com.xml b/src/chrome/content/rules/Nagra.com.xml
index e1beb3bf2374..e104d40778d0 100644
--- a/src/chrome/content/rules/Nagra.com.xml
+++ b/src/chrome/content/rules/Nagra.com.xml
@@ -17,13 +17,14 @@
 <ruleset name="Nagra.com">
 
 	<target host="nagra.com" />
-	<target host="*.nagra.com" />
+	<target host="www.nagra.com" />
+	<target host="careers.nagra.com" />
+	<target host="www2014.nagra.com" />
 
 
 	<rule from="^http://(?:www\.)?nagra\.com/"
 		to="https://www.nagra.com/" />
 
-	<rule from="^http://(careers|www2014)\.nagra\.com/"
-		to="https://$1.nagra.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NakedCapitalism.com.xml b/src/chrome/content/rules/NakedCapitalism.com.xml
new file mode 100644
index 000000000000..6791fe4940a1
--- /dev/null
+++ b/src/chrome/content/rules/NakedCapitalism.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="NakedCapitalism.com">
+	<target host="nakedcapitalism.com" />
+	<target host="www.nakedcapitalism.com" />
+	<target host="staging.nakedcapitalism.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NameCentr.al.xml b/src/chrome/content/rules/NameCentr.al.xml
index 1d97a9ee8b2e..53f67c7c61c1 100644
--- a/src/chrome/content/rules/NameCentr.al.xml
+++ b/src/chrome/content/rules/NameCentr.al.xml
@@ -13,12 +13,12 @@ Fetch error: http://namecentral.com/ => https://namecentral.com/: (6, 'Could not
 	² Mismatched, CN: namecentral.com
 
 -->
-<ruleset name="NameCentr.al" default_off='failed ruleset test'>
+<ruleset name="NameCentr.al" default_off="failed ruleset test">
 
 	<target host="namecentr.al" />
-	<target host="*.namecentr.al" />
+	<target host="www.namecentr.al" />
 	<target host="namecentral.com" />
-	<target host="*.namecentral.com" />
+	<target host="www.namecentral.com" />
 
 
 	<securecookie host="^\.namecentr(?:\.al|al\.com)$" name=".+" />
diff --git a/src/chrome/content/rules/NameMedia.xml b/src/chrome/content/rules/NameMedia.xml
index 1ddf6e79ff59..20180e9cc599 100644
--- a/src/chrome/content/rules/NameMedia.xml
+++ b/src/chrome/content/rules/NameMedia.xml
@@ -5,7 +5,8 @@
 <ruleset name="NameMedia (partial)">
 
 	<target host="partners.smartname.com"/>
-	<target host="*.sitesense-oo.com"/>
+	<target host="images.sitesense-oo.com" />
+	<target host="origin-images.sitesense-oo.com" />
 
 	<securecookie host="^partners\.smartname\.com$" name=".+" />
 
@@ -13,7 +14,6 @@
 	<rule from="^http://(?:origin-)?images\.sitesense-oo\.com/"
 		to="https://origin-images.sitesense-oo.com/"/>
 
-	<rule from="^http://partners\.smartname\.com/"
-		to="https://partners.smartname.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NameSilo.xml b/src/chrome/content/rules/NameSilo.xml
new file mode 100644
index 000000000000..ddb8f9901c94
--- /dev/null
+++ b/src/chrome/content/rules/NameSilo.xml
@@ -0,0 +1,22 @@
+<!--
+	Timeout on https:
+		- marketsites
+
+	Certificate mismatch:
+		- sandbox
+
+	Connection refused:
+		- whois
+-->
+<ruleset name="NameSilo.com">
+	<target host="namesilo.com" />
+	<target host="www.namesilo.com" />
+	<target host="blog.namesilo.com" />
+	<target host="host.namesilo.com" />
+	<target host="new.namesilo.com" />
+	<target host="sites.namesilo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Names.xml b/src/chrome/content/rules/Names.xml
index 2814db74742b..c55c4da49a4c 100644
--- a/src/chrome/content/rules/Names.xml
+++ b/src/chrome/content/rules/Names.xml
@@ -33,7 +33,7 @@
 	<!--securecookie host="^(?:(?:admin|blog|webmail4?|www)\.)?names\.co\.uk$" name="^X-Mapping-\w+$" /-->
 	<!--securecookie host="^webmail4\.names\.co\.uk$" name="roundcube_sessid$" /-->
 
-	<securecookie host="^(?:.*\.)?names\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Nancys_Gone_Green.com.xml b/src/chrome/content/rules/Nancys_Gone_Green.com.xml
deleted file mode 100644
index 1507ba289d21..000000000000
--- a/src/chrome/content/rules/Nancys_Gone_Green.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Nancys Gone Green.com">
-
-	<target host="nancysgonegreen.com" />
-	<target host="www.nancysgonegreen.com" />
-
-
-	<securecookie host="^(?:www)?\.nancysgonegreen\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nanigans.xml b/src/chrome/content/rules/Nanigans.xml
index c920d1faa15f..3ed5003e51f2 100644
--- a/src/chrome/content/rules/Nanigans.xml
+++ b/src/chrome/content/rules/Nanigans.xml
@@ -16,7 +16,7 @@ Fetch error: http://lp.nanigans.com/ => https://lp.nanigans.com/: (28, 'Connecti
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Nanigans.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Nanigans.com (partial)" default_off="failed ruleset test">
 
 	<target host="api.nanigans.com" />
 	<target host="lp.nanigans.com" />
diff --git a/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml b/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml
index 33f2e14e027c..6922c766ec6c 100644
--- a/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml
+++ b/src/chrome/content/rules/Napoleon_Makeup_Academy.com.xml
@@ -4,18 +4,17 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://napoleonmakeupacademy.com/ => https://napoleonmakeupacademy.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Napoleon Makeup Academy.com" default_off='failed ruleset test'>
+<ruleset name="Napoleon Makeup Academy.com" default_off="failed ruleset test">
 
 	<target host="napoleonmakeupacademy.com" />
-	<target host="*.napoleonmakeupacademy.com" />
 	<target host="napoleonmakeupacademy.com.au" />
-	<target host="*.napoleonmakeupacademy.com.au" />
+	<target host="www.napoleonmakeupacademy.com" />
+	<target host="www.napoleonmakeupacademy.com.au" />
 
 
 	<securecookie host="^\.napoleonmakeupacademy\.com(?:\.au)?$" name=".+" />
 
 
-	<rule from="^http://(www\.)?napoleonmakeupacademy\.com(\.au)?/"
-		to="https://$1napoleonmakeupacademy.com$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nartac.com.xml b/src/chrome/content/rules/Nartac.com.xml
index bfd6308e7791..640920c5c64a 100644
--- a/src/chrome/content/rules/Nartac.com.xml
+++ b/src/chrome/content/rules/Nartac.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://nartac.com/ => https://nartac.com/: (51, "SSL: no alternativ
 		- 2015.nartac.com
 
 -->
-<ruleset name="Nartac.com" default_off='failed ruleset test'>
+<ruleset name="Nartac.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NatMonitor.com.xml b/src/chrome/content/rules/NatMonitor.com.xml
index 00562c9255cb..68236f3b1e30 100644
--- a/src/chrome/content/rules/NatMonitor.com.xml
+++ b/src/chrome/content/rules/NatMonitor.com.xml
@@ -1,31 +1,18 @@
 <!--
-	- Expired 2013-03-12
-	- CN: localhost.localdomain
-
-
-	Mixed content:
-
-		- Images on ^ from ^ *
-
-		- Ads/web bugs, on www from:
-
-			- api.lanistaads.com **
-			- c7.zedo.com
-
-	* Secured by us
-	** Unsecurable
-
+	Invalid certificate:
+		ftp.natmonitor.com
+		ns1.natmonitor.com
+		ns2.natmonitor.com
 -->
-<ruleset name="NatMonitor.com" default_off="expired, self-signed">
-
+<ruleset name="natmonitor.com">
 	<target host="natmonitor.com" />
 	<target host="www.natmonitor.com" />
-
-
-	<securecookie host="^natmonitor\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?natmonitor\.com/"
-		to="https://natmonitor.com/" />
-
+	<target host="cpanel.natmonitor.com" />
+	<target host="cpcalendars.natmonitor.com" />
+	<target host="cpcontacts.natmonitor.com" />
+	<target host="mail.natmonitor.com" />
+	<target host="webdisk.natmonitor.com" />
+	<target host="webmail.natmonitor.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NatalieJonckheere.com.xml b/src/chrome/content/rules/NatalieJonckheere.com.xml
new file mode 100644
index 000000000000..b5c0cf8102c8
--- /dev/null
+++ b/src/chrome/content/rules/NatalieJonckheere.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="NatalieJonckheere">
+	<target host="nataliejonckheere.com" />
+	<target host="www.nataliejonckheere.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/National-Academies.xml b/src/chrome/content/rules/National-Academies.xml
index ae4623313d55..a8a44e68730d 100644
--- a/src/chrome/content/rules/National-Academies.xml
+++ b/src/chrome/content/rules/National-Academies.xml
@@ -25,13 +25,13 @@
 -->
 <ruleset name="The National Academies (partial)" platform="mixedcontent">
 
-	<target host="*.nationalacademies.org" />
+	<target host="www7.nationalacademies.org" />
+	<target host="www8.nationalacademies.org" />
 
 
 	<securecookie host="^www[78]\.nationalacademies\.org$" name=".+" />
 
 
-	<rule from="^http://www(7|8)\.nationalacademies\.org/"
-		to="https://www$1.nationalacademies.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National-Broadcasting-Company.xml b/src/chrome/content/rules/National-Broadcasting-Company.xml
index f573742119dd..a66c93d2318d 100644
--- a/src/chrome/content/rules/National-Broadcasting-Company.xml
+++ b/src/chrome/content/rules/National-Broadcasting-Company.xml
@@ -9,7 +9,7 @@
 	<!--	Akamai.
 			-->
 	<target host="nbc.com" />
-	<target host="*.nbc.com" />
+	<target host="www.nbc.com" />
 
 
 	<securecookie host="^(?:www)?\.nbc\.com$" name=".+" />
diff --git a/src/chrome/content/rules/National-Express.xml b/src/chrome/content/rules/National-Express.xml
index 15ad72121c00..a58ae03adc07 100644
--- a/src/chrome/content/rules/National-Express.xml
+++ b/src/chrome/content/rules/National-Express.xml
@@ -10,7 +10,9 @@ Fetch error: http://www.nationalexpress.jobs/ => https://www.nationalexpress.job
 <ruleset name="National Express (partial)">
 
 	<target host="nationalexpress.com" />
-	<target host="*.nationalexpress.com" />
+	<target host="www.nationalexpress.com" />
+	<target host="coach.nationalexpress.com" />
+	<target host="help.nationalexpress.com" />
 	<target host="nationalexpress.jobs" />
 	<target host="www.nationalexpress.jobs" />
 
@@ -30,4 +32,4 @@ Fetch error: http://www.nationalexpress.jobs/ => https://www.nationalexpress.job
 	<rule from="^http://(www\.)?nationalexpress\.jobs/"
 		to="https://$1nationalexpress.jobs/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml b/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml
index 5b8877c114a8..2608c44ec127 100644
--- a/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml
+++ b/src/chrome/content/rules/National-Rail-Enquiries-mismatches.xml
@@ -5,13 +5,11 @@
 <ruleset name="National Rail Enquiries (mismatches)" default_off="mismatched">
 
 	<target host="hotels.nationalrail.co.uk" />
-	<target host="*.hotels.nationalrail.co.uk" />
 
 
 	<securecookie host="^\.hotels\.nationalrail\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://hotels\.nationalrail\.co\.uk/"
-		to="https://hotels.nationalrail.co.uk/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/National-Rail-Enquiries.xml b/src/chrome/content/rules/National-Rail-Enquiries.xml
index f937ad552b59..3ca358d0d493 100644
--- a/src/chrome/content/rules/National-Rail-Enquiries.xml
+++ b/src/chrome/content/rules/National-Rail-Enquiries.xml
@@ -18,7 +18,10 @@
 <ruleset name="National Rail Enquiries (partial)">
 
 	<target host="nationalrail.co.uk" />
-	<target host="*.nationalrail.co.uk" />
+	<target host="www.nationalrail.co.uk" />
+	<target host="img.nationalrail.co.uk" />
+	<target host="js.nationalrail.co.uk" />
+	<target host="ojp.nationalrail.co.uk" />
 		<!--
 			Redirects to http.
 						-->
diff --git a/src/chrome/content/rules/National-Research-Council-Canada.xml b/src/chrome/content/rules/National-Research-Council-Canada.xml
index 630f92faab2e..f585ea1e4be2 100644
--- a/src/chrome/content/rules/National-Research-Council-Canada.xml
+++ b/src/chrome/content/rules/National-Research-Council-Canada.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nrc-cnrc.gc.ca/ => https://nrc-cnrc.gc.ca/: Cycle detected - URL already encountered: https://www.nrc-cnrc.gc.ca/index.html
 Fetch error: http://www.nrc-cnrc.gc.ca/ => https://www.nrc-cnrc.gc.ca/: Cycle detected - URL already encountered: https://www.nrc-cnrc.gc.ca/index.html
 -->
-<ruleset name="National Research Council Canada" default_off='failed ruleset test'>
+<ruleset name="National Research Council Canada" default_off="failed ruleset test">
 
 	<target host="nrc-cnrc.gc.ca"/>
 	<target host="www.nrc-cnrc.gc.ca"/>
diff --git a/src/chrome/content/rules/National-Security-Agency.xml b/src/chrome/content/rules/National-Security-Agency.xml
index 384dc4ff3eb6..a5dd5292925c 100644
--- a/src/chrome/content/rules/National-Security-Agency.xml
+++ b/src/chrome/content/rules/National-Security-Agency.xml
@@ -1,4 +1,7 @@
 <!--
+	Other National Security Agency rulesets:
+		- Ghidra-SRE.org.xml
+
 	Not supporting HTTPS:
 		* m.nsa.gov
 -->
diff --git a/src/chrome/content/rules/National-University-of-Ireland.xml b/src/chrome/content/rules/National-University-of-Ireland.xml
index 5d469867001b..44083893b631 100644
--- a/src/chrome/content/rules/National-University-of-Ireland.xml
+++ b/src/chrome/content/rules/National-University-of-Ireland.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.deri.ie/ => https://www.deri.ie/: (28, 'Operation timed
 	Mismatch:
 		- ^nuigalway.ie
 -->
-<ruleset name="National University of Ireland (partial)" default_off='failed ruleset test'>
+<ruleset name="National University of Ireland (partial)" default_off="failed ruleset test">
 	<target host="deri.ie"/>
 	<target host="www.deri.ie"/>
 	<target host="nuigalway.ie"/>
diff --git a/src/chrome/content/rules/NationalArchivesGovUK.xml b/src/chrome/content/rules/NationalArchivesGovUK.xml
index 1c877f8ac9f3..30798a4115d7 100644
--- a/src/chrome/content/rules/NationalArchivesGovUK.xml
+++ b/src/chrome/content/rules/NationalArchivesGovUK.xml
@@ -49,7 +49,7 @@ Fetch error: http://community.nationalarchives.gov.uk/ => https://community.nati
 	² Unsecurable
 
 -->
-<ruleset name="National Archives.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="National Archives.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="nationalarchives.gov.uk" />
 	<target host="community.nationalarchives.gov.uk" />
diff --git a/src/chrome/content/rules/NationalCapitalAuthority.xml b/src/chrome/content/rules/NationalCapitalAuthority.xml
deleted file mode 100644
index 2186df81d455..000000000000
--- a/src/chrome/content/rules/NationalCapitalAuthority.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="National Capital Authority">
-	<target host="nationalcapital.gov.au" />
-	<target host="*.nationalcapital.gov.au" />
-
-	<rule from="^http://(?:www\.)?nationalcapital\.gov\.au/"
-		to="https://www.nationalcapital.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml b/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml
index 0ad06e82dab8..7fa7dea6fe83 100644
--- a/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml
+++ b/src/chrome/content/rules/NationalE-HealthTransitionAuthority.xml
@@ -1,7 +1,7 @@
 <ruleset name="National E-Health Transition Authority">
 	<target host="nehta.gov.au" />
-	<target host="*.nehta.gov.au" />
+	<target host="www.nehta.gov.au" />
 
 	<rule from="^http://(?:www\.)?nehta\.gov\.au/"
 		to="https://www.nehta.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NationalEatingDisorders.org.xml b/src/chrome/content/rules/NationalEatingDisorders.org.xml
index acea6890e36c..170a15494dda 100644
--- a/src/chrome/content/rules/NationalEatingDisorders.org.xml
+++ b/src/chrome/content/rules/NationalEatingDisorders.org.xml
@@ -3,7 +3,7 @@
 		bp.nationaleatingdisorders.org
 
 	Wildcard DNS but without wildcard certificate.
-	
+
 	All other subdomains are mismatched.
 
 -->
diff --git a/src/chrome/content/rules/NationalEthicsApplicationForm.xml b/src/chrome/content/rules/NationalEthicsApplicationForm.xml
deleted file mode 100644
index 1b2b7fbbbd06..000000000000
--- a/src/chrome/content/rules/NationalEthicsApplicationForm.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="National Ethics Application Form">
-	<target host="neaf.gov.au" />
-	<target host="www.neaf.gov.au" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml b/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml
index 2b9ad3f95b33..3ec1b656746a 100644
--- a/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml
+++ b/src/chrome/content/rules/NationalHealthandMedicalResearchCouncil.xml
@@ -1,7 +1,7 @@
 <ruleset name="National Health and Medical Research Council">
 	<target host="nhmrc.gov.au" />
-	<target host="*.nhmrc.gov.au" />
+	<target host="www.nhmrc.gov.au" />
 
 	<rule from="^http://(?:www\.)?nhmrc\.gov\.au/"
 		to="https://www.nhmrc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NationalLibraryofAustralia.xml b/src/chrome/content/rules/NationalLibraryofAustralia.xml
index 2e4964daad93..15d12922f753 100644
--- a/src/chrome/content/rules/NationalLibraryofAustralia.xml
+++ b/src/chrome/content/rules/NationalLibraryofAustralia.xml
@@ -1,7 +1,7 @@
 <ruleset name="National Library of Australia">
 	<target host="nla.gov.au" />
-	<target host="*.nla.gov.au" />
+	<target host="www.nla.gov.au" />
 
 	<rule from="^http://(?:www\.)?nla\.gov\.au/"
 		to="https://www.nla.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NationalLottery.xml b/src/chrome/content/rules/NationalLottery.xml
deleted file mode 100644
index 802977befec4..000000000000
--- a/src/chrome/content/rules/NationalLottery.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="NationalLottery">
-  <target host="national-lottery.co.uk" />
-  <target host="www.national-lottery.co.uk" />
-
-  <securecookie host="^(?:.+\.)?national-lottery\.co\.uk$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/NationalRSOL.org.xml b/src/chrome/content/rules/NationalRSOL.org.xml
new file mode 100644
index 000000000000..7187c13e4c1b
--- /dev/null
+++ b/src/chrome/content/rules/NationalRSOL.org.xml
@@ -0,0 +1,16 @@
+<!--
+	See also NARSOL.org.xml, RSOLConference.org.xml
+-->
+<ruleset name="NationalRSOL.org">
+	<target host="nationalrsol.org" />
+	<target host="www.nationalrsol.org" />
+	<target host="mail.nationalrsol.org" />
+	<target host="rsolconference.nationalrsol.org" />
+	<target host="www.rsolconference.nationalrsol.org" />
+	<target host="talesfromtheregistry.nationalrsol.org" />
+	<target host="www.talesfromtheregistry.nationalrsol.org" />
+	<target host="tftr.nationalrsol.org" />
+	<target host="www.tftr.nationalrsol.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NationalReview.com.xml b/src/chrome/content/rules/NationalReview.com.xml
index dc85c7a1f41c..ceadf9c40e58 100644
--- a/src/chrome/content/rules/NationalReview.com.xml
+++ b/src/chrome/content/rules/NationalReview.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://nr-media-01.nationalreview.com/ => https://nr-media-01.natio
 Disabled by https-everywhere-checker because:
 Fetch error: http://nr-media-01.nationalreview.com/ => https://nr-media-01.nationalreview.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="NationalReview.com (partial)" default_off='failed ruleset test'>
+<ruleset name="NationalReview.com (partial)" default_off="failed ruleset test">
 
 	<target host="nationalreview.com" />
 	<target host="nr-media-01.nationalreview.com" />
diff --git a/src/chrome/content/rules/National_Academy_of_Engineering.xml b/src/chrome/content/rules/National_Academy_of_Engineering.xml
index ddadb1507411..7160feb47909 100644
--- a/src/chrome/content/rules/National_Academy_of_Engineering.xml
+++ b/src/chrome/content/rules/National_Academy_of_Engineering.xml
@@ -8,10 +8,10 @@
 	<target host="www.nae.edu" />
 
 
-	<securecookie host="^(?:.*\.)?nae\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?nae\.edu/"
 		to="https://www.nae.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml b/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml
index c085e1c13162..43b105be2da9 100644
--- a/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml
+++ b/src/chrome/content/rules/National_Bureau_of_Economic_Research.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Geographic.com.xml b/src/chrome/content/rules/National_Geographic.com.xml
index 3ccbc7a8c068..36a6fc440cf5 100644
--- a/src/chrome/content/rules/National_Geographic.com.xml
+++ b/src/chrome/content/rules/National_Geographic.com.xml
@@ -31,7 +31,7 @@
 
 	502 proxy error:
 		- images
-	
+
 	Mixed content:
 		- archive (Example: https://archive.nationalgeographic.com/?iid=133596#folio=CV1)
 		- news
@@ -47,7 +47,7 @@
 
 	No working URL known:
 		- media-yourshot
-	
+
 	Time out:
 		- nationalgeographic.com *
 
diff --git a/src/chrome/content/rules/National_Institute_for_Social_Media.xml b/src/chrome/content/rules/National_Institute_for_Social_Media.xml
index 588baac17939..fbd5a1c0e97f 100644
--- a/src/chrome/content/rules/National_Institute_for_Social_Media.xml
+++ b/src/chrome/content/rules/National_Institute_for_Social_Media.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml b/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml
index 640c297f3129..7d64a673afb7 100644
--- a/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml
+++ b/src/chrome/content/rules/National_Oceanic_and_Atmospheric_Administration.xml
@@ -74,7 +74,7 @@ Fetch error: http://nes.ncdc.noaa.gov/ => https://nes.ncdc.noaa.gov/: (51, "SSL:
 	* Secured by us
 
 -->
-<ruleset name="NOAA.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="NOAA.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/National_Park_Service.xml b/src/chrome/content/rules/National_Park_Service.xml
index d072055f794b..7739f773843c 100644
--- a/src/chrome/content/rules/National_Park_Service.xml
+++ b/src/chrome/content/rules/National_Park_Service.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.science.nature.nps.gov/ => https://www.science.nature.nps.gov/: (6, 'Could not resolve host: www.science.nature.nps.gov')
 Fetch error: http://www.npssa.nps.gov/ => https://www.npssa.nps.gov/: (6, 'Could not resolve host: www.npssa.nps.gov')
 
-	National Park Service 
+	National Park Service
 
 
 
@@ -48,7 +48,7 @@ Fetch error: http://www.npssa.nps.gov/ => https://www.npssa.nps.gov/: (6, 'Could
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="NPS.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="NPS.gov (partial)" default_off="failed ruleset test">
 
 	<target host="nps.gov" /><!--	for future commit -->
 	<target host="cr.nps.gov" /><!--	for future commit -->
diff --git a/src/chrome/content/rules/National_Transport_Safety_Board.xml b/src/chrome/content/rules/National_Transport_Safety_Board.xml
deleted file mode 100644
index 5eec66f6897c..000000000000
--- a/src/chrome/content/rules/National_Transport_Safety_Board.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	National Transport Safety Board
-
-
-
-	Nonfunctional hosts in *ntsb.gov:
-
-		- (www.)? ᵈ
-		- dms ᵈ
-
-	ᵈ Dropped
-
-
-	Problematic hosts in *ntsb.gov:
-
-		- foiarequest ᶜ ᵉ
-
-	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
-	ᵉ Expired
-
--->
-<ruleset name="NTSB.gov (partial)">
-
-	<target host="app.ntsb.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^foiarequest\.ntsb\.gov$" name="^(?:APP_UniqueIdentifier|ASP\.NET_SessionId)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml b/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml
index 1289c1747572..36cb99eb3e6d 100644
--- a/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml
+++ b/src/chrome/content/rules/National_Travel_Health_Network_and_Centre.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nathnac.org/ => https://www.nathnac.org/: (35, 'Unknown SSL protocol error in connection to www.nathnac.org:443 ')
 
 -->
-<ruleset name="National Travel Health Network and Centre (NaTHNaC)" default_off='failed ruleset test'>
+<ruleset name="National Travel Health Network and Centre (NaTHNaC)" default_off="failed ruleset test">
     <target host="nathnac.org" />
     <target host="*.nathnac.org" />
 
diff --git a/src/chrome/content/rules/National_Wildlife_Foundation.xml b/src/chrome/content/rules/National_Wildlife_Foundation.xml
index d136a9d2f542..b559c8e21d0e 100644
--- a/src/chrome/content/rules/National_Wildlife_Foundation.xml
+++ b/src/chrome/content/rules/National_Wildlife_Foundation.xml
@@ -57,7 +57,7 @@
 
 	<target host="shopnwf.org" />
 	<target host="www.shopnwf.org" />
-	
+
 	<securecookie host="^www\.nwf\.org$" name=".+" />
 
 	<rule from="^http://affiliates\.nwf\.org/"
@@ -68,7 +68,7 @@
 
 	<rule from="^http://legacy\.nwf\.org/"
 		to="https://www.nwf.org/Legacy.aspx" />
-	
+
 	<rule from="^http://photos\.nwf\.org/"
 		to="https://www.nwf.org/News-and-Magazines/National-Wildlife/PhotoZone.aspx" />
 
diff --git a/src/chrome/content/rules/Nationalserviceresources.org.xml b/src/chrome/content/rules/Nationalserviceresources.org.xml
index 0f98875b5a24..c13a2957ec24 100644
--- a/src/chrome/content/rules/Nationalserviceresources.org.xml
+++ b/src/chrome/content/rules/Nationalserviceresources.org.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.nationalserviceresources.org/ => https://www.nationalser
 	* Mismatched, CN: acquia-sites.com
 
 -->
-<ruleset name="nationalserviceresources.org" default_off='failed ruleset test'>
+<ruleset name="nationalserviceresources.org" default_off="failed ruleset test">
 
 	<target host="americorpsconnect.org" />
 	<target host="www.americorpsconnect.org" />
@@ -28,4 +28,4 @@ Fetch error: http://www.nationalserviceresources.org/ => https://www.nationalser
 	<rule from="^http://(?:www\.)?(americorpsconnect|nationalserviceresources)\.org/"
 		to="https://www.$1.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nationwide.xml b/src/chrome/content/rules/Nationwide.xml
index 8b24af4af584..12e6a623ef9d 100644
--- a/src/chrome/content/rules/Nationwide.xml
+++ b/src/chrome/content/rules/Nationwide.xml
@@ -28,10 +28,13 @@ Fetch error: http://olb.nationwideuk.ie/ => https://olb.nationwideuk.ie/: (60, '
 		- nationwide-jobs.co.uk		(cert only matches www)
 
 -->
-<ruleset name="Nationwide Building Society (partial)" default_off='failed ruleset test'>
+<ruleset name="Nationwide Building Society (partial)" default_off="failed ruleset test">
 
 	<target host="olb2.nationet.com" />
-	<target host="*.nationwide.co.uk" />
+	<target host="metrics.nationwide.co.uk" />
+	<target host="onlinebanking.nationwide.co.uk" />
+	<target host="savings.nationwide.co.uk" />
+	<target host="securemail.nationwide.co.uk" />
 	<target host="olb.nationwideinternational.com" />
 	<target host="nationwide-jobs.co.uk" />
 	<target host="www.nationwide-jobs.co.uk" />
@@ -47,19 +50,14 @@ Fetch error: http://olb.nationwideuk.ie/ => https://olb.nationwideuk.ie/: (60, '
 	<securecookie host="^www\.nationwide-jobs\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://olb2\.nationet\.com/"
-		to="https://olb2.nationet.com/" />
 
 	<rule from="^http://metrics\.nationwide\.co\.uk/"
 		to="https://nationwide-co-uk.d2.sc.omtrdc.net/" />
 
-	<rule from="^http://(onlinebanking|savings|securemail)\.nationwide\.co\.uk/"
-		to="https://$1.nationwide.co.uk/" />
 
 	<rule from="^http://(?:www\.)?nationwide-jobs\.co\.uk/"
 		to="https://www.nationwide-jobs.co.uk/" />
 
-	<rule from="^http://olb\.nationwide(international\.com|uk\.ie)/"
-		to="https://olb.nationwide$1/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nativo.net.xml b/src/chrome/content/rules/Nativo.net.xml
index 104b63503dfd..a8a3f104f803 100644
--- a/src/chrome/content/rules/Nativo.net.xml
+++ b/src/chrome/content/rules/Nativo.net.xml
@@ -18,7 +18,7 @@ Fetch error: http://beta.nativo.net/ => https://beta.nativo.net/: (6, 'Could not
 		- beta
 
 -->
-<ruleset name="Nativo.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Nativo.net (partial)" default_off="failed ruleset test">
 	<target host="nativo.net" />
 	<target host="www.nativo.net" />
 	<target host="admin.nativo.net" />
diff --git a/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml b/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml
index 7692c455bfdb..de332b2ae2f4 100644
--- a/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml
+++ b/src/chrome/content/rules/Natl-American-Arab-Nursing-Assn.xml
@@ -1,16 +1,12 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://n-aana.org/ => https://n-aana.org/: (7, 'Failed to connect to n-aana.org port 443: Connection refused')
-Fetch error: http://www.n-aana.org/ => https://n-aana.org/: (7, 'Failed to connect to n-aana.org port 443: Connection refused')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://n-aana.org/ => https://n-aana.org/: (51, "SSL: no alternative certificate subject name matches target host name 'n-aana.org'")
-Fetch error: http://www.n-aana.org/ => https://n-aana.org/: (51, "SSL: no alternative certificate subject name matches target host name 'n-aana.org'")
+	Non-functional hosts:
+		Certificate mismatched:
+		- ^
+		- www
 -->
-<ruleset name="National American Arab Nursing Association" default_off='failed ruleset test'>
+<ruleset name="National American Arab Nursing Association" default_off="cert-invalid">
 	<target host="n-aana.org" />
 	<target host="www.n-aana.org" />
 
-	<rule from="^(?:http://(?:www\.)?|https://www\.)n-aana\.org/" to="https://n-aana.org/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml b/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml
index ba7d15569feb..e79c56b7292e 100644
--- a/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml
+++ b/src/chrome/content/rules/Natl-Childrens-Leukemia-Foundation.xml
@@ -12,7 +12,7 @@ Fetch error: http://leukemiafoundation.org/ => https://www.leukemiafoundation.or
 Fetch error: http://www.leukemiafoundation.org/ => https://www.leukemiafoundation.org/: (28, 'Connection timed out after 10001 milliseconds')
 
 -->
-<ruleset name="National Children's Leukemia Foundation" default_off='failed ruleset test'>
+<ruleset name="National Children's Leukemia Foundation" default_off="failed ruleset test">
 	<target host="leukemiafoundation.org" />
 	<target host="www.leukemiafoundation.org" />
 
diff --git a/src/chrome/content/rules/Nattstad.se.xml b/src/chrome/content/rules/Nattstad.se.xml
index 481e97180768..577899251acb 100644
--- a/src/chrome/content/rules/Nattstad.se.xml
+++ b/src/chrome/content/rules/Nattstad.se.xml
@@ -5,7 +5,7 @@ Fetch error: http://nattstad.se/ => https://www.nattstad.se/: (51, "SSL: no alte
 Fetch error: http://www.nattstad.se/ => https://www.nattstad.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.nattstad.se'")
 
 -->
-<ruleset name="Nattstad.se" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Nattstad.se" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="nattstad.se" />
 	<target host="www.nattstad.se" />
 	<rule from="^http://www\.nattstad\.se/" to="https://www.nattstad.se/"/>
diff --git a/src/chrome/content/rules/Natural_Skin_Shop.xml b/src/chrome/content/rules/Natural_Skin_Shop.xml
index 19822bf4f9a3..cad0ad656f48 100644
--- a/src/chrome/content/rules/Natural_Skin_Shop.xml
+++ b/src/chrome/content/rules/Natural_Skin_Shop.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://store.naturalskinshop.com/ => https://store.naturalskinshop.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Natural Skin Shop" default_off='failed ruleset test'>
+<ruleset name="Natural Skin Shop" default_off="failed ruleset test">
 
 	<target host="naturalskinshop.com" />
 	<target host="store.naturalskinshop.com" />
@@ -22,4 +22,4 @@ Fetch error: http://store.naturalskinshop.com/ => https://store.naturalskinshop.
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nature.com.xml b/src/chrome/content/rules/Nature.com.xml
index df5536559c31..da81f92eaed8 100644
--- a/src/chrome/content/rules/Nature.com.xml
+++ b/src/chrome/content/rules/Nature.com.xml
@@ -89,7 +89,7 @@
 	<target host="www.guide.nature.com" />
 	<target host="immunology.nature.com" />
 	<target host="www.immunology.nature.com" />
-	<target host="languageediting.nature.com" />                                              
+	<target host="languageediting.nature.com" />
 	<target host="identity.languageediting.nature.com" />
 	<target host="secure.languageediting.nature.com" />
 	<target host="masterclasses.nature.com" />
@@ -136,7 +136,7 @@
 
 	<rule from="^http://(www\.)?immunology\.nature\.com/"
 		to="https://www.nature.com/subjects/immunology" />
-	
+
 	<rule from="^http://(www\.)?medicine\.nature\.com/"
 		to="https://www.nature.com/medicalresearch//index.html" />
 
diff --git a/src/chrome/content/rules/Nature.org.xml b/src/chrome/content/rules/Nature.org.xml
index 550333ae3f85..a659f3087b36 100644
--- a/src/chrome/content/rules/Nature.org.xml
+++ b/src/chrome/content/rules/Nature.org.xml
@@ -21,7 +21,7 @@
 	Expired certificate:
 		future.nature.org
 		secure.nature.org (http redirects to www.nature.org)
-	
+
 	Broken chain cert:
 		nature.org
 		voice.nature.org
diff --git a/src/chrome/content/rules/NatureCast.org.xml b/src/chrome/content/rules/NatureCast.org.xml
new file mode 100644
index 000000000000..9ededa480c18
--- /dev/null
+++ b/src/chrome/content/rules/NatureCast.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		course.naturecast.org
+		phenology.naturecast.org
+
+	Refused:
+		www.naturecast.org
+
+	Time out:
+		naturecast.org
+
+-->
+<ruleset name="NatureCast.org (partial)">
+
+	<target host="portal.naturecast.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/NatureIndex.com.xml b/src/chrome/content/rules/NatureIndex.com.xml
new file mode 100644
index 000000000000..e0f0c8f2d64b
--- /dev/null
+++ b/src/chrome/content/rules/NatureIndex.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		feedback.natureindex.com
+-->
+<ruleset name="NatureIndex.com">
+	<target host="natureindex.com" />
+	<target host="www.natureindex.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nature_Shop.xml b/src/chrome/content/rules/Nature_Shop.xml
index 4347d3484300..b12f9699ca9e 100644
--- a/src/chrome/content/rules/Nature_Shop.xml
+++ b/src/chrome/content/rules/Nature_Shop.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(www\.)?natureshop\.com/(cart/|Content/|s/|secure/|Support/index|upload/)"
 		to="https://$1natureshop.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nau.ch.xml b/src/chrome/content/rules/Nau.ch.xml
index f43a0d991867..5b50f5f22b9b 100644
--- a/src/chrome/content/rules/Nau.ch.xml
+++ b/src/chrome/content/rules/Nau.ch.xml
@@ -1,13 +1,18 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Non-2xx HTTP code: http://api.nau.ch/ (200) => https://api.nau.ch/ (404)
+
+-->
 <ruleset name="Nau.ch">
 	<target host="nau.ch" />
 	<target host="www.nau.ch" />
-	<target host="api.nau.ch" />
+	<!-- target host="api.nau.ch" /-->
 	<target host="create.nau.ch" />
 	<target host="media.nau.ch" />
+    <test url="http://media.nau.ch/default_avatar.png" />
 	<target host="t.nau.ch" />
 
-	<test url="http://api.nau.ch/robots.txt" />
-	<test url="http://media.nau.ch/default_avatar.png" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nautil.us.xml b/src/chrome/content/rules/Nautil.us.xml
index ece92666a8a4..f4a99fd98578 100644
--- a/src/chrome/content/rules/Nautil.us.xml
+++ b/src/chrome/content/rules/Nautil.us.xml
@@ -5,10 +5,6 @@
 
 			- static
 
-
-	(www.): refused
-
-
 	Mixed content:
 
 		- Images on shop from $self ¹
@@ -18,16 +14,18 @@
 	² Unsecurable <= refused
 
 -->
-<ruleset name="Nautil.us (partial)">
+<ruleset name="Nautil.us">
 
-	<target host="*.nautil.us" />
+	<target host="shop.nautil.us" />
+	<target host="static.nautil.us" />
+	<target host="nautil.us" />
+	<target host="www.nautil.us" />
 		<!--exclusion pattern="http://www\.nautil\.us/" /-->
 
 
-	<rule from="^http://shop\.nautil\.us/"
-		to="https://shop.nautil.us/" />
 
 	<rule from="^http://static\.nautil\.us/"
 		to="https://d3chnh8fr629l6.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Navdem.com.xml b/src/chrome/content/rules/Navdem.com.xml
index edbe9cbf8f1d..d636d27812ed 100644
--- a/src/chrome/content/rules/Navdem.com.xml
+++ b/src/chrome/content/rules/Navdem.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://navdem.com/ => https://navdem.com/: (35, 'error:14077438:SSL
 Fetch error: http://www.navdem.com/ => https://www.navdem.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
 
 -->
-<ruleset name="Navdem.com" default_off='failed ruleset test'>
+<ruleset name="Navdem.com" default_off="failed ruleset test">
 	<target host="navdem.com" />
 	<target host="www.navdem.com" />
 
diff --git a/src/chrome/content/rules/Naver.com.xml b/src/chrome/content/rules/Naver.com.xml
deleted file mode 100644
index 40e4ef0af004..000000000000
--- a/src/chrome/content/rules/Naver.com.xml
+++ /dev/null
@@ -1,114 +0,0 @@
-<!--
-	For other Naver Corporation coverage, see Naver_Corp.com.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.) ¹
-		- a11ybooth ¹
-		- guestbook.blog ¹
-		- prologue.blog ⁷
-		- section.cafe ³
-		- event2.checkout ¹
-		- comic	 ³
-		- dic ²
-		- displayad ⁴
-		- finance ¹
-		- info.finance ¹
-		- imgfinance ²
-		- jr ¹
-		- kin ¹
-		- localshop ⁵
-		- mktg ¹
-		- map ¹
-		- moneybook ¹
-		- movie ¹
-		- music ¹
-		- navercast ¹
-		- news ³
-		- sports.news ¹
-		- newspaper ¹
-		- newsstand ³
-		- nstore ¹
-		- saedu	⁴
-		- search ¹
-		- news.search ¹
-		- shop ¹
-		- shopping ⁶
-		- castbox.shopping ¹
-		- crossmedia.static ¹
-		- stock ¹
-		- storefarm ¹
-		- story ¹
-		- tvguide ¹
-		- weather ¹
-		- webmastertool ¹
-		- woorikids ¹
-
-	¹ Refused
-	² 503, akamai
-	³ 504, akamai
-	⁴ Redirects to http
-	⁵ 404
-	⁶ 403
-	⁷ invalid certificate
-
-
-	Problematic subdomains:
-
-		- cafe ¹
-		- land ²
-		- landad ²
-		- mileage ²
-		- searchad ³
-		- ips.shop ⁴
-		- join.shopping ³
-		- sstatic ¹
-
-	¹ Akamai
-	² Cert only matches *.foo
-	³ Mixed css
-	⁴ Expired
-
-
-	Partially covered subdomains:
-
-		- help.checkout *
-		- crossmedia *
-		- partners *
-		- ips.storefarm
-
-	* Some pages redirect to http
-
-
-	Mixed content:
-
-		- css, on:
-
-			- searchad from img.searchad *
-			- join.shopping from static.shopping.navar.net
-
-		- Images on searchad from img.searchad *
-
-	* Secured by us
-
--->
-<ruleset name="Naver.com (partial)">
-
-	<target host="*.naver.com" />
-		<exclusion pattern="^http://crossmedia\.naver\.com/+(?!css/|favicon\.ico|renewal_\d+/)" />
-		<exclusion pattern="^http://help\.checkout\.naver\.com/+(?!fpsfiles/|static/)" />
-		<exclusion pattern="^http://partners\.naver\.com/+(?!css/|img/)" />
-		<exclusion pattern="^http://ips\.storefarm\.naver\.com/+(?!css/)" />
-
-
-	<securecookie host="^((admin\.|order\.)?checkout|sell\.storefarm)\.naver\.com$" name=".+" />
-
-
-	<rule from="^http://(((m|section)\.)?blog|calendar|((admin|help|order)\.)?checkout|crossmedia|happybean|help|(m\.)?mail[12]?|ssl\.mileage|nid|static\.nid|partners|img\.searchad|sell\.shop|(ips|sell)\.storefarm|submit)\.naver\.com/"
-		to="https://$1.naver.com/" />
-
-	<rule from="^http://(ssl\.)?mileage\.naver\.com/"
-		to="https://ssl.mileage.naver.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Naver.net.xml b/src/chrome/content/rules/Naver.net.xml
index f5ffdf537232..c1bb584f4c5b 100644
--- a/src/chrome/content/rules/Naver.net.xml
+++ b/src/chrome/content/rules/Naver.net.xml
@@ -36,13 +36,14 @@
 -->
 <ruleset name="Naver.net (partial)">
 
-	<target host="*.naver.net" />
+	<target host="img.calendar.naver.net" />
+	<target host="static.checkout.naver.net" />
+	<target host="static.mileage.naver.net" />
 
 
-	<rule from="^http://img\.calendar\.naver\.net/"
-		to="https://img.calendar.naver.net/" />
 
 	<rule from="^http://(static\.checkout|static\.mileage)\.naver\.net/"
 		to="https://ssl.pstatic.net/$1/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Naver_Corp.com.xml b/src/chrome/content/rules/Naver_Corp.com.xml
index 38516699a3dd..7e567a053b41 100644
--- a/src/chrome/content/rules/Naver_Corp.com.xml
+++ b/src/chrome/content/rules/Naver_Corp.com.xml
@@ -1,9 +1,8 @@
 <!--
 	Other Naver Corporation rulesets:
 
-		- Naver.com.xml
+		- naver.com.xml
 		- Naver.net.xml
-		- NHN_Next.org.xml
 		- Pstatic.net.xml
 
 
@@ -13,9 +12,18 @@
 <ruleset name="Naver Corp.com">
 
 	<target host="navercorp.com" />
+	<target host="alice.navercorp.com" />
+	<target host="cos2.navercorp.com" />
+	<target host="enterprise-auth.navercorp.com" />
+	<target host="live.navercorp.com" />
+	<target host="mail.navercorp.com" />
+	<target host="mirror.navercorp.com" />
+	<target host="ndrive.navercorp.com" />
+	<target host="nss.navercorp.com" />
+	<target host="static.navercorp.com" />
+	<target host="recruit.navercorp.com" />
 	<target host="www.navercorp.com" />
 
-
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Navigant_Research.com.xml b/src/chrome/content/rules/Navigant_Research.com.xml
index 28fb8e093daf..887f2e805aec 100644
--- a/src/chrome/content/rules/Navigant_Research.com.xml
+++ b/src/chrome/content/rules/Navigant_Research.com.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://(www\.)?navigantresearch\.com/(?=favicon\.ico|wordpress/wp-content/|wordpress/wp-login\.php|wp-assets/|wp-content/)"
 		to="https://$1navigantresearch.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nawaat.xml b/src/chrome/content/rules/Nawaat.xml
index 74275739ddf5..6e5097fdf4d1 100644
--- a/src/chrome/content/rules/Nawaat.xml
+++ b/src/chrome/content/rules/Nawaat.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nazariyat.org.xml b/src/chrome/content/rules/Nazariyat.org.xml
new file mode 100644
index 000000000000..401cac81ca52
--- /dev/null
+++ b/src/chrome/content/rules/Nazariyat.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		tracking.nazariyat.org
+-->
+<ruleset name="Nazariyat.org">
+	<target host="nazariyat.org" />
+	<target host="www.nazariyat.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ncloud.dk.xml b/src/chrome/content/rules/Ncloud.dk.xml
index 88edb5627e08..4ce0b3aa1022 100644
--- a/src/chrome/content/rules/Ncloud.dk.xml
+++ b/src/chrome/content/rules/Ncloud.dk.xml
@@ -8,7 +8,7 @@ Fetch error: http://partner.ncloud.dk/ => https://partner.ncloud.dk/: (28, 'Conn
 	For other Netgroup coverage, see Netgroup.dk.xml.
 
 -->
-<ruleset name="ncloud.dk" default_off='failed ruleset test'>
+<ruleset name="ncloud.dk" default_off="failed ruleset test">
 
 	<target host="partner.ncloud.dk" />
 
diff --git a/src/chrome/content/rules/Ndla.no.xml b/src/chrome/content/rules/Ndla.no.xml
index c1acd55cdb67..f38ef790ec86 100644
--- a/src/chrome/content/rules/Ndla.no.xml
+++ b/src/chrome/content/rules/Ndla.no.xml
@@ -4,7 +4,7 @@
 		- bak.ndla.no
 		- ndlap4prodadm01v.ndlap4.ndla.no
 		- ndlat4cm02v.ndlap4.ndla.no
-		
+
 	Mismatch:
 		- arkiv.ndla.no
 		- 2009.arkiv.ndla.no
@@ -25,12 +25,12 @@
 		- ndlat4vhosts01v.ndlap4.ndla.no
 		- ndlat4vhosts02v.ndlap4.ndla.no
 		- ndlat4vhosts03v.ndlap4.ndla.no
-		
-	
+
+
 	Different content:
 		- samskrive.ndla.no
 		- sti.ndla.no
-	
+
 	Timeout:
 		- nettskole.ndla.no
 		- www.nettskole.ndla.no
@@ -39,7 +39,7 @@
 	Redirects to HTTP:
 		- deling.ndla.no
 		- fyr.ndla.no
-	
+
 	Other HTTPS failure:
 		- ndlap4stream01v.ndlap4.ndla.no
 
@@ -58,6 +58,6 @@
 	<target host="ndlap4.ndla.no" />
 	<target host="search.ndla.no" />
 	<target host="ndlap4cpanelhost01v.ndlap4.ndla.no" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ndr.de.xml b/src/chrome/content/rules/Ndr.de.xml
index a79a12eaa920..5c5eb37ed802 100644
--- a/src/chrome/content/rules/Ndr.de.xml
+++ b/src/chrome/content/rules/Ndr.de.xml
@@ -21,9 +21,9 @@
     <target host="m.ndr.de" />
 	<!-- redirects to www.daserste.de -->
     <target host="daserste.ndr.de" />
-	
+
     <securecookie host="^(www\.|static\.|hbbtv\.|ard\.|daserste\.)?ndr\.de$" name=".+" />
-	
+
     <rule from="^http:"
             to="https:" />
 
diff --git a/src/chrome/content/rules/Nearbuysystems.com.xml b/src/chrome/content/rules/Nearbuysystems.com.xml
index 96ddbd5a576b..034daddfbbaa 100644
--- a/src/chrome/content/rules/Nearbuysystems.com.xml
+++ b/src/chrome/content/rules/Nearbuysystems.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://luneta.nearbuysystems.com/ => https://luneta.nearbuysystems.
 	-refused:
 		- (www.)
 -->
-<ruleset name="Nearbuysystems.com" default_off='failed ruleset test'>
+<ruleset name="Nearbuysystems.com" default_off="failed ruleset test">
 	<target host="luneta.nearbuysystems.com" />
 
 	<securecookie host="^luneta\.nearbuysystems\.com$" name=".+" />
diff --git a/src/chrome/content/rules/NeatoShop.xml b/src/chrome/content/rules/NeatoShop.xml
index 15082ce28fca..6478b25ece2f 100644
--- a/src/chrome/content/rules/NeatoShop.xml
+++ b/src/chrome/content/rules/NeatoShop.xml
@@ -5,7 +5,8 @@
 <ruleset name="NeatoShop.com">
 
 	<target host="neatoshop.com"/>
-	<target host="*.neatoshop.com"/>
+	<target host="static.neatoshop.com" />
+	<target host="www.neatoshop.com" />
 
 	<!--	observed cookies:
 			- PHPSESSID	-->
diff --git a/src/chrome/content/rules/Nebezi.cz.xml b/src/chrome/content/rules/Nebezi.cz.xml
index 5f5c7fed0035..0b53ab3af689 100644
--- a/src/chrome/content/rules/Nebezi.cz.xml
+++ b/src/chrome/content/rules/Nebezi.cz.xml
@@ -8,7 +8,7 @@ Fetch error: http://ipv6.nebezi.cz/ => https://ipv6.nebezi.cz/: (7, '')
     Other Nebezi.cz rulesets:
         - DoesNotWork.eu.xml
 -->
-<ruleset name="Neběží.cz" default_off='failed ruleset test'>
+<ruleset name="Neběží.cz" default_off="failed ruleset test">
     <target host="nebezi.cz" />
     <target host="www.nebezi.cz" />
     <target host="ipv4.nebezi.cz" />
diff --git a/src/chrome/content/rules/Nebrija.com.xml b/src/chrome/content/rules/Nebrija.com.xml
index a9b31c893e93..cbbc8a576104 100644
--- a/src/chrome/content/rules/Nebrija.com.xml
+++ b/src/chrome/content/rules/Nebrija.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.nebrija.com/ => https://www.nebrija.com/: (60, 'SSL cert
 		* mysql.nebrija.com
 		* webmail.nebrija.com
 -->
-<ruleset name="nebrija.com" default_off='failed ruleset test'>
+<ruleset name="nebrija.com" default_off="failed ruleset test">
 
 	<target host="nebrija.com" />
 	<target host="www.nebrija.com" />
diff --git a/src/chrome/content/rules/Nebula.xml b/src/chrome/content/rules/Nebula.xml
index e236d9232cdd..23882f644d50 100644
--- a/src/chrome/content/rules/Nebula.xml
+++ b/src/chrome/content/rules/Nebula.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.nebula.com/ => https://www.nebula.com/: (7, 'Failed to c
 		- nebula-www.s3.amazonaws.com
 
 -->
-<ruleset name="Nebula" default_off='failed ruleset test'>
+<ruleset name="Nebula" default_off="failed ruleset test">
 
 	<target host="nebula.com" />
 	<target host="www.nebula.com" />
diff --git a/src/chrome/content/rules/Neck2Neck.xml b/src/chrome/content/rules/Neck2Neck.xml
index b1c64597ca6b..c5f4a836e4e6 100644
--- a/src/chrome/content/rules/Neck2Neck.xml
+++ b/src/chrome/content/rules/Neck2Neck.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Necuhb.xml b/src/chrome/content/rules/Necuhb.xml
index c49c9b48fe04..fa653cc71fdb 100644
--- a/src/chrome/content/rules/Necuhb.xml
+++ b/src/chrome/content/rules/Necuhb.xml
@@ -1,12 +1,12 @@
 <ruleset name="Northeast Credit Union" platform="mixedcontent">
-  <target host="necuhb.org" />
+  <!--
+    Failed to connect port 443
+
+    <target host="necuhb.org" />
+  -->
   <target host="necu.org" />
   <target host="www.necu.org" />
-  <target host="*.necuhb.org" />
-
-  <rule from="^http://([^/:@]*)\.necuhb\.org/"
-          to="https://$1.necuhb.org/"/>
 
-  <rule from="^https://(www\.)?necu\.org/"
-          to="https://$1necu.org/"/>
+  <rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NedLinux.com.xml b/src/chrome/content/rules/NedLinux.com.xml
deleted file mode 100644
index c04b25becec4..000000000000
--- a/src/chrome/content/rules/NedLinux.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<ruleset name="NedLinux.com">
-
-	<target host="nccc.nl"/>
-	<target host="www.nccc.nl"/>
-	<target host="nedlinux.com"/>
-	<target host="webmail.nedlinux.com"/>
-	<target host="www.nedlinux.com"/>
-
-	<rule from="^http://(?:www\.)?nccc\.nl/"
-		to="https://www.nccc.nl/"/>
-
-	<rule from="^http://(?:www\.)?nedlinux\.com/"
-		to="https://nedlinux.com/"/>
-
-	<rule from="^http://webmail\.nedlinux\.com/"
-		to="https://webmail.nedlinux.com/"/>
-
-	<securecookie host="^www\.nccc\.nl$" name=".+" />
-	<securecookie host="^(?:www\.)?nedlinux\.com$" name=".+" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nederland.xml b/src/chrome/content/rules/Nederland.xml
index 970da6971995..357eb72046e8 100644
--- a/src/chrome/content/rules/Nederland.xml
+++ b/src/chrome/content/rules/Nederland.xml
@@ -97,7 +97,7 @@ Fetch error: http://www.zwijndrecht.nl/ => https://www.zwijndrecht.nl/: (51, "SS
 	* 404
 
 -->
-<ruleset name="NL Overheid" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NL Overheid" platform="mixedcontent" default_off="failed ruleset test">
   <!-- Ruleset created by Jeroen van der Gun
 
        This large ruleset secures a large amount of websites
diff --git a/src/chrome/content/rules/NeedMoreHits.com.xml b/src/chrome/content/rules/NeedMoreHits.com.xml
index 2be600081225..7ab322d0cb42 100644
--- a/src/chrome/content/rules/NeedMoreHits.com.xml
+++ b/src/chrome/content/rules/NeedMoreHits.com.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?needmorehits\.com/"
 		to="https://www.needmorehits.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Neelwafurat.com.xml b/src/chrome/content/rules/Neelwafurat.com.xml
index 00f3fc922cc6..e8eb977e4e8b 100644
--- a/src/chrome/content/rules/Neelwafurat.com.xml
+++ b/src/chrome/content/rules/Neelwafurat.com.xml
@@ -3,4 +3,4 @@
   <target host="www.neelwafurat.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NegotiatingSalary.com.xml b/src/chrome/content/rules/NegotiatingSalary.com.xml
index 4b1c9fa75495..f8fdf340cd10 100644
--- a/src/chrome/content/rules/NegotiatingSalary.com.xml
+++ b/src/chrome/content/rules/NegotiatingSalary.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://negotiatingsalary.com/ => https://negotiatingsalary.com/: Too many redirects while fetching 'https://negotiatingsalary.com/'
 
 -->
-<ruleset name="NegotiatingSalary.com" default_off='failed ruleset test'>
+<ruleset name="NegotiatingSalary.com" default_off="failed ruleset test">
 
 	<target host="negotiatingsalary.com" />
 	<target host="www.negotiatingsalary.com" />
@@ -22,4 +22,4 @@ Fetch error: http://negotiatingsalary.com/ => https://negotiatingsalary.com/: To
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Neil.brown.name.xml b/src/chrome/content/rules/Neil.brown.name.xml
new file mode 100644
index 000000000000..023f242b8fc3
--- /dev/null
+++ b/src/chrome/content/rules/Neil.brown.name.xml
@@ -0,0 +1,31 @@
+<!--
+	Network unreachable:
+		- ip6.neil.brown.name
+		- ipv6.neil.brown.name
+		- notabene.neil.brown.name
+		- v6.neil.brown.name
+
+	Connection timed out:
+		- joy.neil.brown.name
+
+	Mismatched:
+		- files.neil.brown.name
+		- gnubean.neil.brown.name
+		- ip4.neil.brown.name
+		- ipv4.neil.brown.name
+		- mail.neil.brown.name
+		- ns.neil.brown.name
+		- ns2.neil.brown.name
+		- v4.neil.brown.name
+
+	HTTP != HTTPS:
+		- cloud.neil.brown.name
+		- home.neil.brown.name
+-->
+<ruleset name="neil.brown.name">
+	<target host="neil.brown.name" />
+	<target host="blog.neil.brown.name" />
+	<target host="git.neil.brown.name" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neis-One.org.xml b/src/chrome/content/rules/Neis-One.org.xml
new file mode 100644
index 000000000000..07491add0043
--- /dev/null
+++ b/src/chrome/content/rules/Neis-One.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Mismatched:
+		- livechanges
+		- www.livechanges
+		- osmbirthday
+		- www.osmbirthday
+		- resultmap
+		- www.resultmap
+	
+	Active mixed content (see Neis-One.org_mixedcontent.xml):
+		- resultmaps
+		- www.resultmaps
+-->
+<ruleset name="Neis-One.org">
+	<target host="neis-one.org" />
+	<target host="www.neis-one.org" />
+	<target host="hdyc.neis-one.org" />
+	<target host="www.hdyc.neis-one.org" />
+	<target host="maps.neis-one.org" />
+	<target host="www.maps.neis-one.org" />
+	<target host="osmfight.neis-one.org" />
+	<target host="www.osmfight.neis-one.org" />
+	<target host="osmstats.neis-one.org" />
+	<target host="www.osmstats.neis-one.org" />
+	<target host="tools.neis-one.org" />
+	<target host="www.tools.neis-one.org" />
+	<target host="yosmhm.neis-one.org" />
+	<target host="www.yosmhm.neis-one.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Neis-One.org_mixedcontent.xml b/src/chrome/content/rules/Neis-One.org_mixedcontent.xml
new file mode 100644
index 000000000000..0e68cc40a21e
--- /dev/null
+++ b/src/chrome/content/rules/Neis-One.org_mixedcontent.xml
@@ -0,0 +1,9 @@
+<!--
+	For rules not causing mixed content issues, see Neis-One.org.xml.
+-->
+<ruleset name="Neis-One.org (mixed content)" platform="mixedcontent">
+	<target host="resultmaps.neis-one.org" />
+	<target host="www.resultmaps.neis-one.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nelonen.fi-mixedvideo.xml b/src/chrome/content/rules/Nelonen.fi-mixedvideo.xml
deleted file mode 100644
index dc5c18af7ce3..000000000000
--- a/src/chrome/content/rules/Nelonen.fi-mixedvideo.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://nelonen.fi/ => https://nelonen.fi/: (7, 'Failed to connect to nelonen.fi port 443: Connection refused')
-Fetch error: http://www.nelonen.fi/ => https://www.nelonen.fi/: (7, 'Failed to connect to www.nelonen.fi port 443: Connection refused')
-
-	For rules not causing genuine mixed content, see Melonen.fi.xml.
-
-
-	NB: we cannot enable this ruleset until
-	adtech.de fixes its video loading code.
-
--->
-<ruleset name="Nelonen.fi (mixed videos)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="nelonen.fi" />
-	<target host="www.nelonen.fi" />
-		<!--
-			Breaks video:
-					-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/(?:crossdomain\.xml|utils/video_config/geoblock\.php)" />
-		<!--
-			Handled in Nelonen.fi.xml:
-							-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/utils/virheenmaaritys/(?:\w+\.jpg|css/|img/|js/|save\.php)" />
-
-
-	<securecookie host="^www\.nelonen\.fi$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nelonen.fi.xml b/src/chrome/content/rules/Nelonen.fi.xml
index 959237967b42..e5bd1acb1f13 100644
--- a/src/chrome/content/rules/Nelonen.fi.xml
+++ b/src/chrome/content/rules/Nelonen.fi.xml
@@ -1,108 +1,16 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://nelonen.fi/ => https://nelonen.fi/: (7, 'Failed to connect to nelonen.fi port 443: Connection refused')
-Fetch error: http://www.nelonen.fi/ => https://www.nelonen.fi/: (7, 'Failed to connect to www.nelonen.fi port 443: Connection refused')
-
-	For rules causing real mixed content, see Nelonen.fi-mixedvideo.xml
-
-
-		- nelonen.spring-tns.net
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- on www from www *
-			- on www from cts.sanoma.fi *
-			- on www from n.sestatic.fi *
-			- on www from nt.sestatic.fi *
-			- on www from rb2.sestatic.fi ***
-			- on www from assets.zendesk.com *
-
-		- css:
-
-			- on www from www *
-			- on www from fonts.googleapis.com *
-
-		- Flash:
-
-			- on www from www.ruutu.fi ***
-
-		- xml:
-
-			- on www from www **
-			- on www from adserver.adtech.de **
-			- on www from gatling.nelonenmedia.fi ***
-
-		- video:
-
-			- on www from www.ruutu.fi ***
-
-		- Images:
-
-			- on www from www *
-			- on www from sandbox.betatesti.com ****
-			- on www from rb3.sestatic.fi ****
-
-		- Web bugs and ads:
-
-			- on www from ad.360yield.com *
-			- on www from creative.360yield.com ***
-			- on www from s1.adform.net *
-			- on www from track.adform.net *
-			- on www from adserver.adtech.de *
-			- on www from aka-cdn-ns.adtech.de *
-			- on www from analytics.sanoma.fi *
-			- on www from is12.snstatic.fi *
-			- on www from anet.tradedoubler.com *
-			- on www from ad.yieldbot.net *
-
-	* Secured by us
-	** Breaks video
-	*** Unsecurable
-	**** Unsecurable, but images don't trigger MCB
-
-
-	NB: We *cannot* merge -mixedvideo because securing
-	adserver.adtech.de xml breaks video streams:
-
-		https://trac.torproject.org/projects/tor/ticket/7670
-
-	However, since we secure all active content
-	aside from that which is on pages under utils/,
-	we should remove platform for Ffx 24.
+	Invalid certificate:
+		gigantti.nelonen.fi
+		kampanjat.nelonen.fi
 
 -->
-<ruleset name="Nelonen.fi (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Nelonen.fi">
 
 	<target host="nelonen.fi" />
 	<target host="www.nelonen.fi" />
-		<!--
-			Videos subject to adtech.de mixed content:
-									-->
-		<!--exclusion pattern="^http://(www\.)?nelonen\.fi/utils/virheenmaaritys/" /-->
-		<!--
-			These breaks video:
-						-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/crossdomain\.xml" />
-		<!--exclusion pattern="^http://(www\.)?nelonen\.fi/utils/video_config/geoblock\.php" /-->
-		<!--
-			Exclude everything under utils/ that hasn't been tested wrt to video:
-												-->
-		<exclusion pattern="^http://(?:www\.)?nelonen\.fi/utils/(?!virheenmaaritys/(?:\w+\.jpg|css/|img/|js/|save\.php))" />
-		<!--
-			Uncomment this if other videos turn out to break:
-										-->
-		<!--exclusion pattern="^http://(?:www\.)?nelonen\.fi/(?![\w-]+\.json|adimages/|sites/|utils/)" /-->
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.nelonen\.fi$" name="^(?:adptset|enzgd|evid1st|evid(?:_ref|_set)?|__utm\w)$" />
 
+	<securecookie host="^\.nelonen\.fi$" name="^(adptset|enzgd|evid1st|evid(_ref|_set)?|__utm\w)$" />
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nelonenmedia.fi.xml b/src/chrome/content/rules/Nelonenmedia.fi.xml
index 59614492d963..c3210d3e9556 100644
--- a/src/chrome/content/rules/Nelonenmedia.fi.xml
+++ b/src/chrome/content/rules/Nelonenmedia.fi.xml
@@ -19,7 +19,8 @@
 -->
 <ruleset name="Nelonmedia.fi (partial)">
 
-	<target host="*.nelonenmedia.fi" />
+	<target host="crossbow.nelonenmedia.fi" />
+	<target host="sso.nelonenmedia.fi" />
 		<!--
 			Redirects to http:
 						-->
@@ -29,7 +30,6 @@
 	<securecookie host="^crossbow\.nelonenmedia\.fi$" name=".+" />
 
 
-	<rule from="^http://(crossbow|sso)\.nelonenmedia\.fi/"
-		to="https://$1.nelonenmedia.fi/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Neo-interactive.hu.xml b/src/chrome/content/rules/Neo-interactive.hu.xml
index 1f434ce32a0d..236a8912e3c3 100644
--- a/src/chrome/content/rules/Neo-interactive.hu.xml
+++ b/src/chrome/content/rules/Neo-interactive.hu.xml
@@ -6,7 +6,7 @@ Fetch error: http://neo-interactive.hu/ => https://neo-interactive.hu/: Too many
 Disabled by https-everywhere-checker because:
 Fetch error: http://neo-interactive.hu/ => https://neo-interactive.hu/: Cycle detected - URL already encountered: https://neo-interactive.hu/
 -->
-<ruleset name="Neo-interactive.hu" default_off='failed ruleset test'>
+<ruleset name="Neo-interactive.hu" default_off="failed ruleset test">
 	<target host="*.neo-interactive.hu" />
 	<target host="neo-interactive.hu" />
 
diff --git a/src/chrome/content/rules/NeoSmart.com.xml b/src/chrome/content/rules/NeoSmart.com.xml
index 8e1635cd9faf..f6b9f5592cf3 100644
--- a/src/chrome/content/rules/NeoSmart.com.xml
+++ b/src/chrome/content/rules/NeoSmart.com.xml
@@ -16,7 +16,8 @@
 <ruleset name="NeoSmart.net">
 
 	<target host="neosmart.net" />
-	<target host="*.neosmart.net" />
+	<target host="www.neosmart.net" />
+	<target host="secure.neosmart.net" />
 
 
 	<securecookie host="^\.?(?:secure\.)?neosmart\.com$" name=".+" />
@@ -25,7 +26,6 @@
 	<rule from="^http://(?:www\.)?neosmart\.net/"
 		to="https://neosmart.net/" />
 
-	<rule from="^http://secure\.neosmart\.net/"
-		to="https://secure.neosmart.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NeonMob.com.xml b/src/chrome/content/rules/NeonMob.com.xml
index 41ae0a06467c..4e0f603c44ef 100644
--- a/src/chrome/content/rules/NeonMob.com.xml
+++ b/src/chrome/content/rules/NeonMob.com.xml
@@ -10,7 +10,7 @@
 <ruleset name="NeonMob.com">
 
 	<target host="neonmob.com" />
-	<target host="*.neonmob.com" />
+	<target host="www.neonmob.com" />
 
 
 	<securecookie host="^(?:www)?\.neonmob\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Neos.io.xml b/src/chrome/content/rules/Neos.io.xml
index c52b0a0178aa..82b255e6e69e 100644
--- a/src/chrome/content/rules/Neos.io.xml
+++ b/src/chrome/content/rules/Neos.io.xml
@@ -24,7 +24,7 @@ Fetch error: http://jira.neos.io/ => https://jira.neos.io/: (28, 'Connection tim
 		- translate.neos.io
 
 -->
-<ruleset name="Neos.io (partial)" default_off='failed ruleset test'>
+<ruleset name="Neos.io (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Neoseeker.xml b/src/chrome/content/rules/Neoseeker.xml
index c9d558985902..443633810ddc 100644
--- a/src/chrome/content/rules/Neoseeker.xml
+++ b/src/chrome/content/rules/Neoseeker.xml
@@ -29,7 +29,7 @@ Fetch error: http://neoseeker.com/ => https://neoseeker.com/: (60, 'SSL certific
 
 		- cdn.staticneo.com
 -->
-<ruleset name="Neoseeker" default_off='failed ruleset test'>
+<ruleset name="Neoseeker" default_off="failed ruleset test">
 
 	<target host="neoseeker.com" />
 	<target host="*.neoseeker.com" />
diff --git a/src/chrome/content/rules/Neowin.net.xml b/src/chrome/content/rules/Neowin.net.xml
deleted file mode 100644
index cf954c90a08e..000000000000
--- a/src/chrome/content/rules/Neowin.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="neowin">
-	<target host="neowin.net"/>
-	<target host="www.neowin.net"/>
-	<target host="deals.neowin.net"/>
-	<test url="http://neowin.net/"/>
-		<test url="http://neowin.net/forum/"/>
-		<test url="http://deals.neowin.net/"/>
-	<securecookie host=".+" name=".+" />
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Nerds_Nook.com.xml b/src/chrome/content/rules/Nerds_Nook.com.xml
index 2aeabf3fbc1b..5b47472b3524 100644
--- a/src/chrome/content/rules/Nerds_Nook.com.xml
+++ b/src/chrome/content/rules/Nerds_Nook.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.nerdsnook.com/ => https://www.nerdsnook.com/: (60, 'SSL
 		- .nerdsnook.com
 
 -->
-<ruleset name="Nerds Nook.com" default_off='failed ruleset test'>
+<ruleset name="Nerds Nook.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nerf_NOW.xml b/src/chrome/content/rules/Nerf_NOW.xml
index 2e4822980bb1..6b31e68bde43 100644
--- a/src/chrome/content/rules/Nerf_NOW.xml
+++ b/src/chrome/content/rules/Nerf_NOW.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nero.xml b/src/chrome/content/rules/Nero.xml
deleted file mode 100644
index 24a0799b838b..000000000000
--- a/src/chrome/content/rules/Nero.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://apps.nero.com/ => https://apps.nero.com/: (6, 'Could not resolve host: apps.nero.com')
-Fetch error: http://shop.nero.com/ => https://shop.nero.com/: (7, 'Failed to connect to shop.nero.com port 443: No route to host')
-Fetch error: http://shopping.nero.com/ => https://shopping.nero.com/: (7, 'Failed to connect to shopping.nero.com port 443: No route to host')
-
-	Problematic hosts in *nero.com:
-
-		- webstatic *
-
-	* Akamai/mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .nero.com
-
--->
-<ruleset name="Nero.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="nero.com" />
-	<target host="apps.nero.com" />
-	<target host="onlineshop.nero.com" />
-	<target host="shop.nero.com" />
-	<target host="shopping.nero.com" />
-	<target host="www.nero.com" />
-	<target host="www2.nero.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.nero\.com$" name="^(?:n_store|neroportal|portaldefaults|sh_uuid|specoffer)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nervous.io.xml b/src/chrome/content/rules/Nervous.io.xml
deleted file mode 100644
index 13e2347b55f6..000000000000
--- a/src/chrome/content/rules/Nervous.io.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Nervous.io">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="nervous.io" />
-	<target host="www.nervous.io" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Net-A-Porter.com.xml b/src/chrome/content/rules/Net-A-Porter.com.xml
index ab1db6fd3f5e..6a9665226a3a 100644
--- a/src/chrome/content/rules/Net-A-Porter.com.xml
+++ b/src/chrome/content/rules/Net-A-Porter.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://fashionfix.net-a-porter.com/ => https://fashionfix.net-a-por
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Net-A-Porter.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Net-A-Porter.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Net-Applications.xml b/src/chrome/content/rules/Net-Applications.xml
index 61efea061426..c51f9a565745 100644
--- a/src/chrome/content/rules/Net-Applications.xml
+++ b/src/chrome/content/rules/Net-Applications.xml
@@ -25,7 +25,7 @@
 	<target host="partners.netapplications.com" />
 
 
-	<securecookie host=".*\.netapplications\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Net-Housting.de.xml b/src/chrome/content/rules/Net-Housting.de.xml
index 15380f5c79e4..ec50844e9565 100644
--- a/src/chrome/content/rules/Net-Housting.de.xml
+++ b/src/chrome/content/rules/Net-Housting.de.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.net-housting.de/ => https://www.net-housting.de/: (51, "
 		- (www.)housting.de	(mismatched, CN: *.net-housting.de)
 
 -->
-<ruleset name="Net-Housting.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Net-Housting.de (partial)" default_off="failed ruleset test">
 
 	<target host="housting.de" />
 	<target host="www.housting.de" />
@@ -34,4 +34,4 @@ Fetch error: http://www.net-housting.de/ => https://www.net-housting.de/: (51, "
 	<rule from="^http://(www\.)?(?:net-)?housting\.de/"
 		to="https://$1net-housting.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net-Results.xml b/src/chrome/content/rules/Net-Results.xml
index c52771005d7b..d9f347663eaa 100644
--- a/src/chrome/content/rules/Net-Results.xml
+++ b/src/chrome/content/rules/Net-Results.xml
@@ -8,23 +8,15 @@
 
 	<target host="cdnma.com" />
 	<target host="sc.cdnma.com" />
-	<target host="*.net-results.com" />
+	<target host="apps.net-results.com" />
+	<target host="secure.net-results.com" />
 	<target host="nr7.us" />
 
 
 	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.net-results\.com$" name="^__utm\w$" />
-	<securecookie host="^(?:apps|\.?secure)\.net-results\.com$" name=".+" />
+					-->	<securecookie host="^(?:apps|\.?secure)\.net-results\.com$" name=".+" />
 
 
-	<rule from="^http://(sc\.)?cdnma\.com/"
-		to="https://$1cdnma.com/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(apps|secure)\.net-results\.com/"
-		to="https://$1.net-results.com/" />
-
-	<rule from="^http://nr7\.us/"
-		to="https://nr7.us/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net-dns.org.xml b/src/chrome/content/rules/Net-dns.org.xml
new file mode 100644
index 000000000000..796fa6b2f812
--- /dev/null
+++ b/src/chrome/content/rules/Net-dns.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Net-dns.org">
+	<target host="net-dns.org" />
+	<target host="www.net-dns.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Net-metrix.ch.xml b/src/chrome/content/rules/Net-metrix.ch.xml
new file mode 100644
index 000000000000..f3306592b452
--- /dev/null
+++ b/src/chrome/content/rules/Net-metrix.ch.xml
@@ -0,0 +1,24 @@
+<!--
+	For other NET-Metrix coverage, see Wemfbox.ch.xml.
+
+	Nonfunctional hosts in *.net-metrix.ch:
+		- sehstoff.net-metrix.ch (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Host has a wildcard DNS record but serves no wildcard cert.
+-->
+<ruleset name="Net-metrix.ch">
+	<target host="net-metrix.ch" />
+	<target host="www.net-metrix.ch" />
+	<target host="tool.net-metrix.ch" />
+	<target host="kb.net-metrix.ch" />
+	<target host="scores.net-metrix.ch" />
+	<target host="heatmap.net-metrix.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetApp.xml b/src/chrome/content/rules/NetApp.xml
index 5e0dbfc70bbb..b29cebd1dc01 100644
--- a/src/chrome/content/rules/NetApp.xml
+++ b/src/chrome/content/rules/NetApp.xml
@@ -72,7 +72,7 @@ Fetch error: http://tech.netapp.com/ => https://tech.netapp.com/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="NetApp.com (partial)" default_off='failed ruleset test'>
+<ruleset name="NetApp.com (partial)" default_off="failed ruleset test">
 
 	<target host="learningcenter.netapp.com" />
 	<target host="learningcentre.netapp.com" />
diff --git a/src/chrome/content/rules/NetBeans.xml b/src/chrome/content/rules/NetBeans.xml
index 087a5d7f47a6..77dde912ec2a 100644
--- a/src/chrome/content/rules/NetBeans.xml
+++ b/src/chrome/content/rules/NetBeans.xml
@@ -1,69 +1,50 @@
 <!--
 	For other Oracle coverage, see Oracle.xml.
 
+	Refused:
+		- wiki.netbeans.org
 
-	Nonfunctional hosts in *netbeans.org:
-
-		- bits ¹
-		- plugins ²
-		- wiki ¹
-
-	¹ Refused
-	² Handshake fails
-
-
-	www.netbeans.org: redirect differs
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- netbeans.org
-		- .netbeans.org
+	SSL error:
 		- forums.netbeans.org
+		- plugins.netbeans.org
+		- services.netbeans.org
 
+	HTTP =/= HTTPS:
+		- www.netbeans.org
 
-	Mixed content:
-
-		- Images on edu from (www.)?netbeans.org *
-
-	* Secured by us
-
+	Host contains a wildcard DNS record for project pages, but not all subdomains support HTTPS.
 -->
 <ruleset name="NetBeans.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
 	<target host="netbeans.org" />
+	<target host="www.netbeans.org" />
 	<target host="asset-0.netbeans.org" />
 	<target host="asset-1.netbeans.org" />
 	<target host="asset-2.netbeans.org" />
 	<target host="asset-3.netbeans.org" />
+	<target host="bits.netbeans.org" />
+	<target host="cnd.netbeans.org" />
+	<target host="core.netbeans.org" />
+	<target host="db.netbeans.org" />
+	<target host="download.netbeans.org" />
+	<target host="editor.netbeans.org" />
 	<target host="edu.netbeans.org" />
-	<target host="forums.netbeans.org" />
-	<target host="services.netbeans.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.netbeans.org" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<test url="http://netbeans.org/projects/www/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^netbeans\.org$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^\.netbeans\.org$" name="^_junction2_session$" /-->
-	<!--securecookie host="^forums\.netbeans\.org$" name="^(phpbb2mysql_data|phpbb2mysql_sid)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
+	<target host="fr.netbeans.org" />
+	<target host="ja.netbeans.org" />
+	<target host="nblocalization.netbeans.org" />
+	<target host="performance.netbeans.org" />
+	<target host="php.netbeans.org" />
+	<target host="platform.netbeans.org" />
+	<target host="profiler.netbeans.org" />
+	<target host="soa.netbeans.org" />
+	<target host="ui.netbeans.org" />
+	<target host="versioncontrol.netbeans.org" />
+	<target host="web.netbeans.org" />
+	<target host="xml.netbeans.org" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://www\.netbeans\.org/"
 		to="https://netbeans.org/" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NetBet.xml b/src/chrome/content/rules/NetBet.xml
index 55f661897fcf..1ded0396c07b 100644
--- a/src/chrome/content/rules/NetBet.xml
+++ b/src/chrome/content/rules/NetBet.xml
@@ -5,7 +5,7 @@ Fetch error: http://betnet.fr/ => https://betnet.fr/: (7, 'Failed to connect to
 Fetch error: http://www.betnet.fr/ => https://www.betnet.fr/: (7, 'Failed to connect to www.betnet.fr port 443: Connection refused')
 
 -->
-<ruleset name="NetBet" default_off='failed ruleset test'>
+<ruleset name="NetBet" default_off="failed ruleset test">
 	<target host="betnet.fr" />
 	<target host="www.betnet.fr" />
 	<target host="m.netbet.fr" />
diff --git a/src/chrome/content/rules/NetClean.com.xml b/src/chrome/content/rules/NetClean.com.xml
index b80fdf8544a0..ce727c48babc 100644
--- a/src/chrome/content/rules/NetClean.com.xml
+++ b/src/chrome/content/rules/NetClean.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://netclean.com/ => https://netclean.com/: (28, 'Connection tim
 	² Not secured by us <= mismatched
 
 -->
-<ruleset name="NetClean.com (partial)" default_off='failed ruleset test'>
+<ruleset name="NetClean.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NetCologne.xml b/src/chrome/content/rules/NetCologne.xml
index 28d6c0657db5..c15df6dc6ccf 100644
--- a/src/chrome/content/rules/NetCologne.xml
+++ b/src/chrome/content/rules/NetCologne.xml
@@ -33,7 +33,7 @@
 	Self-signed cert:
 		- cftp
 		- kftp
-		
+
 	Timeout:
 		- netty
 		- speedtest
diff --git a/src/chrome/content/rules/NetDNA.xml b/src/chrome/content/rules/NetDNA.xml
index 11b8a98296b2..0ef9e24de297 100644
--- a/src/chrome/content/rules/NetDNA.xml
+++ b/src/chrome/content/rules/NetDNA.xml
@@ -42,7 +42,7 @@ Fetch error: http://hddn.com/ => https://hddn.com/: (51, "SSL: no alternative ce
 	ʰ WP Engine / redirects to http
 
 -->
-<ruleset name="NetDNA (partial)" default_off='failed ruleset test'>
+<ruleset name="NetDNA (partial)" default_off="failed ruleset test">
 
 	<target host="hddn.com" />
 	<target host="login.hddn.com" />
diff --git a/src/chrome/content/rules/NetEase.com.xml b/src/chrome/content/rules/NetEase.com.xml
index ae9a3e0273dd..42580d3ab925 100644
--- a/src/chrome/content/rules/NetEase.com.xml
+++ b/src/chrome/content/rules/NetEase.com.xml
@@ -9,10 +9,10 @@
 		dtws.netease.com
 		dtws2.netease.com
 		g5.gdl.netease.com
-		ma3.gdl.netease.com	https://ma3.gdl.netease.com/ninja2_101_netease.apk
+		ma3.gdl.netease.com		https://ma3.gdl.netease.com/ninja2_101_netease.apk
 		f.mgame.netease.com
 		f.my.netease.com
-		res.nie.netease.com	https://res.nie.netease.com/comm/NIE_copyRight/images/nie.2.png
+		res.nie.netease.com		https://res.nie.netease.com/comm/NIE_copyRight/images/nie.2.png
 		api.perf.netease.com
 		qn2.netease.com
 		app-down.x.netease.com	https://app-down.x.netease.com/download/game/yzr/channel/gw
@@ -31,6 +31,8 @@
 	<target host="adl.netease.com" />
 	<target host="apm.netease.com" />
 	<target host="art.netease.com" />
+	<target host="mov.bn.netease.com" />
+		<test url="http://mov.bn.netease.com/open-movie/nos/mp4/2015/03/25/SAKK9JTE7_sd.m3u8" />
 	<target host="img1.cache.netease.com" />
 		<test url="http://img1.cache.netease.com/cnews/netease/logo_w.gif" />
 		<test url="http://img1.cache.netease.com/common/script/wrating.js" />
@@ -65,7 +67,7 @@
 	<target host="qnm-f.netease.com" />
 	<target host="cc.fp.ps.netease.com" />
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NetFronts-mismatches.xml b/src/chrome/content/rules/NetFronts-mismatches.xml
index 1f72b84b6f70..7c3f777cba94 100644
--- a/src/chrome/content/rules/NetFronts-mismatches.xml
+++ b/src/chrome/content/rules/NetFronts-mismatches.xml
@@ -6,7 +6,8 @@
 
 	<!--	Cert: *.hosting-advantage.com	-->
 	<target host="netfronts.com" />
-	<target host="*.netfronts.com" />
+	<target host="support.netfronts.com" />
+	<target host="www.netfronts.com" />
 
 
 	<securecookie host="^.*\.netfronts\.com$" name=".+" />
diff --git a/src/chrome/content/rules/NetFronts.xml b/src/chrome/content/rules/NetFronts.xml
index a34c29432854..42aa6ec42071 100644
--- a/src/chrome/content/rules/NetFronts.xml
+++ b/src/chrome/content/rules/NetFronts.xml
@@ -18,7 +18,7 @@ Fetch error: http://hosting-advantage.com/ => https://hosting-advantage.com/: (6
 		- (www.)web-hsoting.com	(ditto)
 
 -->
-<ruleset name="NetFronts (partial)" default_off='failed ruleset test'>
+<ruleset name="NetFronts (partial)" default_off="failed ruleset test">
 
 	<target host="hosting-advantage.com" />
 	<target host="*.hosting-advantage.com" />
diff --git a/src/chrome/content/rules/NetHack.org.xml b/src/chrome/content/rules/NetHack.org.xml
new file mode 100644
index 000000000000..cdf6ebe2f35e
--- /dev/null
+++ b/src/chrome/content/rules/NetHack.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- ns1
+		- mail3
+-->
+<ruleset name="NetHack.org">
+	<target host="nethack.org" />
+	<target host="www.nethack.org" />
+	<target host="ww2.nethack.org" />
+	<target host="rodney.nethack.org" />
+	<target host="mail1.nethack.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetMediaEurope.xml b/src/chrome/content/rules/NetMediaEurope.xml
index 885abe18a659..a5350c6479c7 100644
--- a/src/chrome/content/rules/NetMediaEurope.xml
+++ b/src/chrome/content/rules/NetMediaEurope.xml
@@ -17,13 +17,14 @@
 		techweekeurope.co.uk			(plesk default page)
 		www.techweekeurope.co.uk		(reset)
 		theinquirer.fr				(cert: plesk; pages redirect to www)
-		
+
 
 -->
 <ruleset name="NetMediaEurope" default_off="expired, mismatch">
 	<!--	plesk	-->
 	<target host="itespresso.fr"/>
-	<target host="*.itespresso.fr"/>
+	<target host="www.itespresso.fr" />
+	<target host="quiz.itespresso.fr" />
 	<target host="netmediaeurope.co.uk"/>
 	<target host="www.netmediaeurope.co.uk"/>
 	<target host="netmediaeurope.fr"/>
@@ -61,4 +62,4 @@
 		to="https://techweekeurope.fr/"/>
 
 </ruleset>
-		
+
diff --git a/src/chrome/content/rules/NetMile.co.jp.xml b/src/chrome/content/rules/NetMile.co.jp.xml
index 355a61c8fcad..90da3a79dfe9 100644
--- a/src/chrome/content/rules/NetMile.co.jp.xml
+++ b/src/chrome/content/rules/NetMile.co.jp.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.netmile.co.jp/ => https://www.netmile.co.jp/: (28, 'Oper
 	^netmile.co.jp doesn't exist.
 
 -->
-<ruleset name="NetMile.co.jp" default_off='failed ruleset test'>
+<ruleset name="NetMile.co.jp" default_off="failed ruleset test">
 
 	<target host="www.netmile.co.jp" />
 
diff --git a/src/chrome/content/rules/NetNow.co.xml b/src/chrome/content/rules/NetNow.co.xml
deleted file mode 100644
index 999f079da0f7..000000000000
--- a/src/chrome/content/rules/NetNow.co.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mixed content:
-		www.netnow.co (css,js and img from ^)
-
-	Invalid certificate:
-		asi.netnow.co
--->
-<ruleset name="NetNow.co">
-
-	<target host="netnow.co" />
-	<target host="www.netnow.co" />
-
-	<securecookie host=".+" name=".+" />
-
-	<!-- Avoid mixed content -->
-	<rule from="^http://www\.netnow\.co/"
-		to="https://netnow.co/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NetSeer.xml b/src/chrome/content/rules/NetSeer.xml
deleted file mode 100644
index 0ba558c7e298..000000000000
--- a/src/chrome/content/rules/NetSeer.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(404; mismatched, CN: google.com)
-		- www	(refused)
-
--->
-<ruleset name="NetSeer">
-
-	<target host="*.netseer.com" />
-
-
-	<!--	Wildcard cookies set by tracking beacons:
-								-->
-	<securecookie host="^\.netseer\.com$" name="^netseer_v3_(?:gp|vi)$" />
-	<securecookie host="^pixel\.netseer\.com$" name=".+" />
-
-
-	<!--	Tracking beacon.	-->
-	<rule from="^http://(cmi|pixel)\.netseer\.com/"
-		to="https://$1.netseer.com/" />
-
-	<!--	- Cert only matches (www.)leadback
-		- Data appear identical
-				-->
-	<rule from="^http://(?:cl|contextlinks|leadback|media|staging)\.netseer\.com/"
-		to="https://leadback.netseer.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NetShelter.xml b/src/chrome/content/rules/NetShelter.xml
index 30da2884d5d5..556e7202b3e8 100644
--- a/src/chrome/content/rules/NetShelter.xml
+++ b/src/chrome/content/rules/NetShelter.xml
@@ -17,7 +17,7 @@ Fetch error: http://ad.netshelter.net/ => https://ad.netshelter.net/: (6, 'Could
 		- (www.)netshelter.net
 
 -->
-<ruleset name="NetShelter (partial)" default_off='failed ruleset test'>
+<ruleset name="NetShelter (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NetWorks_Group.com.xml b/src/chrome/content/rules/NetWorks_Group.com.xml
deleted file mode 100644
index c0d1b9a357bf..000000000000
--- a/src/chrome/content/rules/NetWorks_Group.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	STS header includes includeSubdomains
-
--->
-<ruleset name="NetWorks Group.com">
-
-	<target host="networksgroup.com" />
-	<target host="*.networksgroup.com" />
-
-		<test url="http://www.networksgroup.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Net_Index.xml b/src/chrome/content/rules/Net_Index.xml
index 9aa7f82c85e1..f9aeccc0e42d 100644
--- a/src/chrome/content/rules/Net_Index.xml
+++ b/src/chrome/content/rules/Net_Index.xml
@@ -11,10 +11,11 @@
 <ruleset name="Ookla" default_off="mismatched">
 
 	<target host="netindex.com" />
-	<target host="*.netindex.com" />
+	<target host="cdn.netindex.com" />
+	<target host="www.netindex.com" />
 
 
 	<rule from="^http://(?:cdn\.|www\.)?netindex\.com/"
 		to="https://netindex.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Mobile.xml b/src/chrome/content/rules/Net_Mobile.xml
index 03fc9023c355..24c8bfdb478c 100644
--- a/src/chrome/content/rules/Net_Mobile.xml
+++ b/src/chrome/content/rules/Net_Mobile.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Net_Mundial.net.xml b/src/chrome/content/rules/Net_Mundial.net.xml
index 4d8b93955a21..390f7a8cd39e 100644
--- a/src/chrome/content/rules/Net_Mundial.net.xml
+++ b/src/chrome/content/rules/Net_Mundial.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://netmundial.net/ => https://netmundial.net/: (6, 'Could not r
 Fetch error: http://www.netmundial.net/ => https://www.netmundial.net/: (6, 'Could not resolve host: www.netmundial.net')
 
 -->
-<ruleset name="Net Mundial.net" default_off='failed ruleset test'>
+<ruleset name="Net Mundial.net" default_off="failed ruleset test">
 
 	<target host="netmundial.net" />
 	<target host="www.netmundial.net" />
diff --git a/src/chrome/content/rules/Netcloude.cz.xml b/src/chrome/content/rules/Netcloude.cz.xml
index 622cd6341c49..f4c771268eae 100644
--- a/src/chrome/content/rules/Netcloude.cz.xml
+++ b/src/chrome/content/rules/Netcloude.cz.xml
@@ -5,7 +5,7 @@ Fetch error: http://netcloude.cz/ => https://netcloude.cz/: (60, 'SSL certificat
 Fetch error: http://www.netcloude.cz/ => https://www.netcloude.cz/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Netcloude.cz" default_off='failed ruleset test'>
+<ruleset name="Netcloude.cz" default_off="failed ruleset test">
     <target host="netcloude.cz" />
     <target host="www.netcloude.cz" />
 
diff --git a/src/chrome/content/rules/Netdialog.se.xml b/src/chrome/content/rules/Netdialog.se.xml
index c175aa10c414..917eb0e507d7 100644
--- a/src/chrome/content/rules/Netdialog.se.xml
+++ b/src/chrome/content/rules/Netdialog.se.xml
@@ -1,7 +1,7 @@
 <!--
 	CDN buckets:
 
-		- s3.netdialog.se.s3.amazonaws.com 
+		- s3.netdialog.se.s3.amazonaws.com
 
 			- s3.netdialog.se
 
diff --git a/src/chrome/content/rules/Netelligent.xml b/src/chrome/content/rules/Netelligent.xml
index 64b83abdc55c..d8bbbf864470 100644
--- a/src/chrome/content/rules/Netelligent.xml
+++ b/src/chrome/content/rules/Netelligent.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.netelligent.ca/ => https://www.netelligent.ca/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="Netelligent.ca (partial)" default_off='failed ruleset test'>
+<ruleset name="Netelligent.ca (partial)" default_off="failed ruleset test">
 
 	<target host="netelligent.ca"/>
 	<target host="iam.netelligent.ca"/>
diff --git a/src/chrome/content/rules/Netfilter.org.xml b/src/chrome/content/rules/Netfilter.org.xml
index f9d6afbc27a9..f294bd793ee4 100644
--- a/src/chrome/content/rules/Netfilter.org.xml
+++ b/src/chrome/content/rules/Netfilter.org.xml
@@ -2,7 +2,6 @@
 	Nonfunctional subdomains:
 
 		- ftp *
-		- ipset *
 		- planet
 	* Shows bugzilla.netfilter.org
 
@@ -28,25 +27,11 @@
 	<target host="netfilter.org" />
 	<target host="bugzilla.netfilter.org" />
 	<target host="git.netfilter.org" />
-	<target host="people.netfilter.org" />
+	<target host="ipset.netfilter.org" />
 	<target host="lists.netfilter.org" />
-	<target host="www.netfilter.org" />
+	<target host="people.netfilter.org" />
 	<target host="workshop.netfilter.org" />
-
-	<!--	Complications:
-				-->
-	<target host="patchwork.netfilter.org" />
-	<target host="svn.netfilter.org" />
-	<target host="vishnu.netfilter.org" />
-
-		<!--	p://patches.../\w.* 404s:
-						-->
-		<exclusion pattern="^http://patchwork\.netfilter\.org/+(?!$|\?)" />
-
-			<test url="http://patchwork.netfilter.org/index.htm" />
-			<test url="http://patchwork.netfilter.org//index.htm" />
-			<test url="http://patchwork.netfilter.org/index.php" />
-			<test url="http://patchwork.netfilter.org//index.php" />
+	<target host="www.netfilter.org" />
 
 
 	<!--	Not secured by server:
@@ -56,17 +41,6 @@
 	<securecookie host=".+\.netfilter\.org$" name=".+" />
 
 
-	<!--	Redirect drops forward slash and args
-					-->
-	<rule from="^http://patchwork\.netfilter\.org/.*"
-		to="https://patchwork.ozlabs.org/project/netfilter-devel/list/" />
-
-		<test url="http://patchwork.netfilter.org/?" />
-		<test url="http://patchwork.netfilter.org//" />
-
-	<rule from="^http://(?:svn|vishnu)\.netfilter\.org/"
-		to="https://bugzilla.netfilter.org/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Netfirms.xml b/src/chrome/content/rules/Netfirms.xml
index 8cb9e8a88f7c..92fcb634dda7 100644
--- a/src/chrome/content/rules/Netfirms.xml
+++ b/src/chrome/content/rules/Netfirms.xml
@@ -1,13 +1,15 @@
 <ruleset name="Netfirms">
 
 	<target host="netfirms.com" />
-	<target host="*.netfirms.com" />
+	<target host="images.netfirms.com" />
+	<target host="secure.netfirms.com" />
+	<target host="www.netfirms.com" />
+	<target host="www2.netfirms.com" />
 
 
 	<securecookie host="^\.netfirms\.com$" name=".+" />
 
 
-	<rule from="^http://(images\.|secure\.|www2?\.)?netfirms\.com/"
-		to="https://$1netfirms.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Netflame.cc.xml b/src/chrome/content/rules/Netflame.cc.xml
index 72bc664827b8..52dd9676f31c 100644
--- a/src/chrome/content/rules/Netflame.cc.xml
+++ b/src/chrome/content/rules/Netflame.cc.xml
@@ -20,7 +20,7 @@ Fetch error: http://ssl-hints.netflame.cc/ => https://ssl-hints.netflame.cc/: (5
 		- fcR
 
 -->
-<ruleset name="netflame.cc" default_off='failed ruleset test'>
+<ruleset name="netflame.cc" default_off="failed ruleset test">
 
 	<target host="hints.netflame.cc" />
 	<target host="ssl-hints.netflame.cc" />
diff --git a/src/chrome/content/rules/Netfox.ru.xml b/src/chrome/content/rules/Netfox.ru.xml
index 87438a5d60e4..13dd4e9f73f9 100644
--- a/src/chrome/content/rules/Netfox.ru.xml
+++ b/src/chrome/content/rules/Netfox.ru.xml
@@ -3,7 +3,7 @@
 	<target host="netfox.ru" />
 	<target host="www.netfox.ru" />
 	<target host="my.netfox.ru" />
-	
+
 	<rule from="^http://www\.netfox\.ru/"
 		to="https://netfox.ru/" />
 
diff --git a/src/chrome/content/rules/Netguava.xml b/src/chrome/content/rules/Netguava.xml
index 4870a77e4e5e..4d85b2ccaca9 100644
--- a/src/chrome/content/rules/Netguava.xml
+++ b/src/chrome/content/rules/Netguava.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?netguava\.com/(app/|contact(?:$|\?)|c[ms]s/|favicon\.ico|images/|js/|scripts/)"
 		to="https://$1netguava.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Netistrar.com.xml b/src/chrome/content/rules/Netistrar.com.xml
index c7758175a00b..0fba07c9d74e 100644
--- a/src/chrome/content/rules/Netistrar.com.xml
+++ b/src/chrome/content/rules/Netistrar.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://secure.netistrar.com/ => https://secure.netistrar.com/: (7,
 		- www.netistrar.com
 
 -->
-<ruleset name="Netistrar.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Netistrar.com (partial)" default_off="failed ruleset test">
 
 	<!--target host="netistrar.com" /-->
 	<target host="secure.netistrar.com" />
diff --git a/src/chrome/content/rules/Netlib.org.xml b/src/chrome/content/rules/Netlib.org.xml
new file mode 100644
index 000000000000..29b615659786
--- /dev/null
+++ b/src/chrome/content/rules/Netlib.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatch:
+		- ftp.netlib.org
+-->
+<ruleset name="Netlib.org">
+	<target host="netlib.org" />
+	<target host="www.netlib.org" />
+	<target host="performance.netlib.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netlify.com.xml b/src/chrome/content/rules/Netlify.com.xml
deleted file mode 100644
index db2ce76a1a5f..000000000000
--- a/src/chrome/content/rules/Netlify.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Fully covered hosts in *netlify.com:
-
-		- (www.)?
-		- app
-
--->
-<ruleset name="Netlify.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="netlify.com" />
-	<target host="app.netlify.com" />
-	<target host="www.netlify.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netline.com.xml b/src/chrome/content/rules/Netline.com.xml
deleted file mode 100644
index 484b52f3ff63..000000000000
--- a/src/chrome/content/rules/Netline.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Other NetLine rulesets:
-
-		- RevResponse.com.xml
-
-
-		- netline-d3.openxenterprise.com
-
-			- ox-d.netline.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(shows my; mismatched, CN: my.netline.com)
-
-
-	Problematic subdomains:
-
-		- ox-d	(mismatched, CN: *.openxenterprise.com)
-
--->
-<ruleset name="netline.com (partial)">
-
-	<target host="ox-d.netline.com" />
-
-
-	<rule from="^http://my\.netline\.com/"
-		to="https://my.netline.com/" />
-
-	<!--rule from="^http://ox-d\.netline\.com/"
-		to="https://netline-d3.openxenterprise.com/" /-->
-
-	<rule from="^http://ox-d\.netline\.com/w/1\.0/afr\?cc=1&amp;auid=(\d+)&amp;cb="
-		to="https://u.openx.net/w/1.0/sc?r=https%3A%2F%2Fox-d.netline.com%2Fw%2F1.0%2Fafr%3Fcc%3D1%26auid%3D$1%26cb%3D" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netload.xml b/src/chrome/content/rules/Netload.xml
index 8a02344a8ec3..4403f2573a15 100644
--- a/src/chrome/content/rules/Netload.xml
+++ b/src/chrome/content/rules/Netload.xml
@@ -5,7 +5,7 @@ Fetch error: http://netload.in/ => https://netload.in/: (6, 'Could not resolve h
 Fetch error: http://www.netload.in/ => https://www.netload.in/: (6, 'Could not resolve host: www.netload.in')
 
 -->
-<ruleset name="Netload" default_off='failed ruleset test'>
+<ruleset name="Netload" default_off="failed ruleset test">
 
 	<target host="netload.in" />
 	<target host="www.netload.in" />
diff --git a/src/chrome/content/rules/Netmarble.xml b/src/chrome/content/rules/Netmarble.xml
index 17e44f0e1a73..6dc13a48d0fd 100644
--- a/src/chrome/content/rules/Netmarble.xml
+++ b/src/chrome/content/rules/Netmarble.xml
@@ -49,7 +49,14 @@
 <ruleset name="Netmarble (partial)">
 
 	<target host="netmarble.com" />
-	<target host="*.netmarble.com" />
+	<target host="auth.netmarble.com" />
+	<target host="bill.netmarble.com" />
+	<target host="nbill.netmarble.com" />
+	<target host="img.netmarble.com" />
+	<target host="simg.netmarble.com" />
+	<target host="member.netmarble.com" />
+	<target host="www.netmarble.com" />
+	<target host="img.cdn.global.netmarble.com" />
 
 
 	<securecookie host="^(?:auth|www)\.netmarble\.com$" name=".+" />
@@ -58,10 +65,9 @@
 	<rule from="^http://netmarble\.com/"
 		to="https://www.netmarble.com/" />
 
-	<rule from="^http://(auth|n?bill|s?img|member|www)\.netmarble\.com/"
-		to="https://$1.netmarble.com/" />
 
 	<rule from="^http://img\.cdn\.global\.netmarble\.com/"
 		to="https://simg.netmarble.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Netnea.com.xml b/src/chrome/content/rules/Netnea.com.xml
deleted file mode 100644
index 2682d25ba0ad..000000000000
--- a/src/chrome/content/rules/Netnea.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mail.netnea.com/ => https://mail.netnea.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.netnea.com'")
-
-	STS header includes includeSubDomains.
-
-
-	These altnames don't exist:
-
-		- netnea.com
-
--->
-<ruleset name="netnea.com" default_off='failed ruleset test'>
-
-	<target host="*.netnea.com" />
-
-		<test url="http://mail.netnea.com/" />
-		<test url="http://www.netnea.com/" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netnod.se.xml b/src/chrome/content/rules/Netnod.se.xml
index 2ba1a08d5104..ae4cb995612d 100644
--- a/src/chrome/content/rules/Netnod.se.xml
+++ b/src/chrome/content/rules/Netnod.se.xml
@@ -12,7 +12,7 @@
 <ruleset name="Netnod.se">
 
 	<target host="netnod.se" />
-	<target host="*.netnod.se" />
+	<target host="www.netnod.se" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Nets-DanID.xml b/src/chrome/content/rules/Nets-DanID.xml
deleted file mode 100644
index 9bd4548c25e6..000000000000
--- a/src/chrome/content/rules/Nets-DanID.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Nets-DanID.dk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="nets-danid.dk"/>
-	<target host="www.nets-danid.dk"/>
-
-	<securecookie host="^www\.nets-danid\.dk$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netscape.com.xml b/src/chrome/content/rules/Netscape.com.xml
index 7a5b27d16df4..e391d6f5e548 100644
--- a/src/chrome/content/rules/Netscape.com.xml
+++ b/src/chrome/content/rules/Netscape.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.netscape.com/ => https://netscape.aol.com/: (7, 'Failed
 	For other AOL coverage, see AOL.xml.
 
 -->
-<ruleset name="Netscape.com" default_off='failed ruleset test'>
+<ruleset name="Netscape.com" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Netsekure.org.xml b/src/chrome/content/rules/Netsekure.org.xml
index 634999c03b0d..a98b9019bf34 100644
--- a/src/chrome/content/rules/Netsekure.org.xml
+++ b/src/chrome/content/rules/Netsekure.org.xml
@@ -14,7 +14,7 @@ Fetch error: http://netsekure.org/ => https://netsekure.org/: (60, 'SSL certific
 	* Secured by us
 
 -->
-<ruleset name="netsekure.org" default_off='failed ruleset test'>
+<ruleset name="netsekure.org" default_off="failed ruleset test">
 
 	<target host="netsekure.org" />
 	<target host="tests.netsekure.org" />
diff --git a/src/chrome/content/rules/Netswarm.net.xml b/src/chrome/content/rules/Netswarm.net.xml
index 12a3fee6c80b..b8ba9ed89b09 100644
--- a/src/chrome/content/rules/Netswarm.net.xml
+++ b/src/chrome/content/rules/Netswarm.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?netswarm\.net/"
 		to="https://www.netswarm.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nettica.xml b/src/chrome/content/rules/Nettica.xml
index 158d22ef16f4..e34297a6c445 100644
--- a/src/chrome/content/rules/Nettica.xml
+++ b/src/chrome/content/rules/Nettica.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nettica.com/ => https://www.nettica.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Nettica" default_off='failed ruleset test'>
+<ruleset name="Nettica" default_off="failed ruleset test">
   <target host="nettica.com" />
   <target host="www.netteca.com" />
 
diff --git a/src/chrome/content/rules/Nettitude.co.uk.xml b/src/chrome/content/rules/Nettitude.co.uk.xml
deleted file mode 100644
index db29ef64fbe8..000000000000
--- a/src/chrome/content/rules/Nettitude.co.uk.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Other Nettitude rulesets:
-
-		- Nettitude.com.xml
-		- Threat2Alert.com.xml
-
-
-	Insecure cookies are set for these hosts:
-
-		- nettitude.co.uk
-		- www.nettitude.co.uk
-
--->
-<ruleset name="Nettitude.co.uk">
-
-	<target host="nettitude.co.uk" />
-	<target host="www.nettitude.co.uk" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://www.nettitude.co.uk/wp-content/plugins/si-contact-form/captcha/securimage_show.php?ctf_sm_captcha=1&amp;prefix=" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^nettitude\.co\.uk$" name="^(?:PHPSESSID|wfvt_\d+)$" /-->
-	<!--securecookie host="^www\.nettitude\.co\.uk$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nettitude.com.xml b/src/chrome/content/rules/Nettitude.com.xml
deleted file mode 100644
index 8e7c38d116a9..000000000000
--- a/src/chrome/content/rules/Nettitude.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Nettitude coverage, see Nettitude.co.uk.xml.
-
--->
-<ruleset name="Nettitude.com">
-
-	<target host="nettitude.com" />
-	<target host="www.nettitude.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nettog.dk.xml b/src/chrome/content/rules/Nettog.dk.xml
new file mode 100644
index 000000000000..b27770d96335
--- /dev/null
+++ b/src/chrome/content/rules/Nettog.dk.xml
@@ -0,0 +1,10 @@
+<ruleset name="nettog.dk">
+
+	<target host="nettog.dk"/>
+	<target host="www.nettog.dk"/>
+
+	<securecookie host="^(?:www)?\.nettog\.dk$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Netverify.xml b/src/chrome/content/rules/Netverify.xml
index 2515da4b70cd..bd022954829b 100644
--- a/src/chrome/content/rules/Netverify.xml
+++ b/src/chrome/content/rules/Netverify.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Netviewer.com.xml b/src/chrome/content/rules/Netviewer.com.xml
index 65e4c100bb58..dc6399fa4b34 100644
--- a/src/chrome/content/rules/Netviewer.com.xml
+++ b/src/chrome/content/rules/Netviewer.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://my.netviewer.com/ => https://my.netviewer.com/: (28, 'Connec
 		- www.netviewer.com
 
 -->
-<ruleset name="Netviewer.com" default_off='failed ruleset test'>
+<ruleset name="Netviewer.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Network-Depot.xml b/src/chrome/content/rules/Network-Depot.xml
index f37a5b32fb3b..83323a7435d4 100644
--- a/src/chrome/content/rules/Network-Depot.xml
+++ b/src/chrome/content/rules/Network-Depot.xml
@@ -1,24 +1,12 @@
 <!--
-	CDN buckets:
-
-		- d1n2i0nchws850.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(rx_record_too_long)
-		- engage	(times out)
-
+	Non-functional hosts
+		Incomplete certificate chain error:
+		- onestepahead.networkdepot.com
 -->
 <ruleset name="Network Depot (partial)">
+	<target host="networkdepot.com" />
+	<target host="tips.networkdepot.com" />
+	<target host="www.networkdepot.com" />
 
-	<target host="*.networkdepot.com" />
-
-
-	<securecookie host="^.+\.networkdepot\.com$" name=".+" />
-
-
-	<rule from="^http://(onestepahead|support|tips)\.networkdepot\.com/"
-		to="https://$1.networkdepot.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NetworkWorld.xml b/src/chrome/content/rules/NetworkWorld.xml
index 7ac34571a173..a1c6ea5e10d6 100644
--- a/src/chrome/content/rules/NetworkWorld.xml
+++ b/src/chrome/content/rules/NetworkWorld.xml
@@ -61,15 +61,17 @@ Fetch error: http://subscribenww.com/ => https://subscribenww.com/: (60, 'SSL ce
 	* Secured by us
 
 -->
-<ruleset name="NetworkWorld (partial)" default_off='failed ruleset test'>
+<ruleset name="NetworkWorld (partial)" default_off="failed ruleset test">
 
 	<target host="networkworld.com" />
-	<target host="*.networkworld.com" />
+	<target host="edge.networkworld.com" />
+	<target host="www.networkworld.com" />
+	<target host="m.networkworld.com" />
 	<target host="subscribenww.com" />
-	<target host="*.subscribenww.com" />
+	<target host="www.subscribenww.com" />
 
 
-	<securecookie host="^(?:.*\.)?(?:networkworld|subscribenww)\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:edge\.|www\.)?networkworld\.com/"
diff --git a/src/chrome/content/rules/Network_Computing.xml b/src/chrome/content/rules/Network_Computing.xml
index 0a20f449a7e7..ec036e79ef73 100644
--- a/src/chrome/content/rules/Network_Computing.xml
+++ b/src/chrome/content/rules/Network_Computing.xml
@@ -12,7 +12,7 @@
 <ruleset name="Network Computing" default_off="mismatched, self-signed">
 
 	<target host="networkcomputing.com" />
-	<target host="*.networkcomputing.com" />
+	<target host="www.networkcomputing.com" />
 
 
 	<!--securecookie host="^\.networkcomputing\.com$" name="^(s_\w\w|s_fid|s_lv_s|us_ubm_aut|__utm\w)$" /-->
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?networkcomputing\.com/"
 		to="https://www.networkcomputing.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Network_Maker.xml b/src/chrome/content/rules/Network_Maker.xml
deleted file mode 100644
index 69703b2322c2..000000000000
--- a/src/chrome/content/rules/Network_Maker.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(500; mismatched, CN: *.socialgo.com)
-		- www	(shows another domain, valid cert)
-
--->
-<ruleset name="Network Maker (partial)">
-
-	<target host="signup.network-maker.com" />
-
-
-	<securecookie host="^signup\.network-maker\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NetworkedBlogs.xml b/src/chrome/content/rules/NetworkedBlogs.xml
index 050ef19e3e33..131a0c2197dc 100644
--- a/src/chrome/content/rules/NetworkedBlogs.xml
+++ b/src/chrome/content/rules/NetworkedBlogs.xml
@@ -15,7 +15,8 @@
 <ruleset name="NetworkedBlogs">
 
 	<target host="networkedblogs.com" />
-	<target host="*.networkedblogs.com" />
+	<target host="www.networkedblogs.com" />
+	<target host="nwidget.networkedblogs.com" />
 
 
 	<securecookie host="^www\.networkedblogs\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Networkhm.com.xml b/src/chrome/content/rules/Networkhm.com.xml
deleted file mode 100644
index 92053901014c..000000000000
--- a/src/chrome/content/rules/Networkhm.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ads	(mismatched, CN: *.adnxs.com)
-
--->
-<ruleset name="networkhm.com">
-
-	<target host="ads.networkhm.com" />
-
-
-	<rule from="^http://ads\.networkhm\.com/"
-		to="https://ib.adnxs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Networking4all.com.xml b/src/chrome/content/rules/Networking4all.com.xml
deleted file mode 100644
index a712b4ddce30..000000000000
--- a/src/chrome/content/rules/Networking4all.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Networking4all.com">
-
-	<target host="networking4all.com" />
-	<target host="www.networking4all.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netzguerilla.net.xml b/src/chrome/content/rules/Netzguerilla.net.xml
index 9a37ce4d2dbb..2afff47a1830 100644
--- a/src/chrome/content/rules/Netzguerilla.net.xml
+++ b/src/chrome/content/rules/Netzguerilla.net.xml
@@ -5,7 +5,9 @@
 <ruleset name="netzguerilla.net">
 
 	<target host="netzguerilla.net" />
-	<target host="*.netzguerilla.net" />
+	<target host="lists.netzguerilla.net" />
+	<target host="webmail.netzguerilla.net" />
+	<target host="www.netzguerilla.net" />
 
 
 	<rule from="^http://(?:(lists\.|webmail\.)|www\.)?netzguerilla\.net/"
diff --git a/src/chrome/content/rules/Netzob.org.xml b/src/chrome/content/rules/Netzob.org.xml
deleted file mode 100644
index 8dbf93596141..000000000000
--- a/src/chrome/content/rules/Netzob.org.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	(www.)?netzob.org: Mismatched
-
--->
-<ruleset name="Netzob.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="dev.netzob.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Netzpolitik.xml b/src/chrome/content/rules/Netzpolitik.xml
index f71baa6dff2f..d8233407b70c 100644
--- a/src/chrome/content/rules/Netzpolitik.xml
+++ b/src/chrome/content/rules/Netzpolitik.xml
@@ -1,10 +1,30 @@
+<!--
+  Invalid certificate:
+    2048.netzpolitik.org
+    asset.netzpolitik.org
+    conference.netzpolitik.org
+    matrix.netzpolitik.org
+    movim.netzpolitik.org
+    pound.netzpolitik.org
+    riot.netzpolitik.org
+    xmpp.netzpolitik.org
+-->
 <ruleset name="Netzpolitik.org">
 
-	<!--	Direct rewrites:
-				-->
   <target host="netzpolitik.org" />
   <target host="www.netzpolitik.org" />
+  <target host="10.netzpolitik.org" />
+  <target host="11.netzpolitik.org" />
+  <target host="12.netzpolitik.org" />
+  <target host="13.netzpolitik.org" />
+  <target host="be.netzpolitik.org" />
+  <target host="cdn.netzpolitik.org" />
+  <target host="hackmd.netzpolitik.org" />
+  <target host="proxy.netzpolitik.org" />
+  <target host="stories.netzpolitik.org" />
+  <target host="spenden.netzpolitik.org" />
+  <target host="vcs.netzpolitik.org" />
+
+  <rule from="^http:"	to="https:" />
 
-	<rule from="^http:"
-		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NeuStar.xml b/src/chrome/content/rules/NeuStar.xml
index c53ea1a39e2b..82e703af2485 100644
--- a/src/chrome/content/rules/NeuStar.xml
+++ b/src/chrome/content/rules/NeuStar.xml
@@ -11,7 +11,6 @@ Fetch error: http://registry.neustar.biz/ => https://registry.neustar.biz/: (60,
 		- NPAC.com.xml
 		- Neustar_Localeze.biz.xml
 		- Neuweb.biz.xml
-		- TCPA_Compliance.us.xml
 		- UltraDNS.xml
 		- Webmetrics.com.xml
 		- Neustar.com.xml
@@ -76,7 +75,7 @@ Fetch error: http://registry.neustar.biz/ => https://registry.neustar.biz/: (60,
 		- static.wpm.neustar.biz
 
 -->
-<ruleset name="Neustar.biz (partial)" default_off='failed ruleset test'>
+<ruleset name="Neustar.biz (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Neudesic-Media-Group.xml b/src/chrome/content/rules/Neudesic-Media-Group.xml
index 9445422cb287..a4b1fc591717 100644
--- a/src/chrome/content/rules/Neudesic-Media-Group.xml
+++ b/src/chrome/content/rules/Neudesic-Media-Group.xml
@@ -6,14 +6,12 @@ Fetch error: http://ads.neudesicmediagroup.com/ => https://ads.neudesicmediagrou
 Disabled by https-everywhere-checker because:
 Fetch error: http://ads.neudesicmediagroup.com/ => https://ads.neudesicmediagroup.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Neudesic Media Group (partial)" default_off='failed ruleset test'>
+<ruleset name="Neudesic Media Group (partial)" default_off="failed ruleset test">
 
-	<target host="ads.neudesicmediagroup.com"/>
-	<target host="*.ads.neudesicmediagroup.com"/>
+	<target host="ads.neudesicmediagroup.com" />
 
-	<securecookie host="^(?:.*\.)?ads\.neudesicmediagroup\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://ads\.neudesicmediagroup\.com/"
-		to="https://ads.neudesicmediagroup.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Neustar.com.xml b/src/chrome/content/rules/Neustar.com.xml
index 1f9d7c6d3cfb..9c7e89a52a83 100644
--- a/src/chrome/content/rules/Neustar.com.xml
+++ b/src/chrome/content/rules/Neustar.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://payment.neustar.com/ => https://payment.neustar.com/: (51, "
 	For other NeuStar coverage, see NeuStar.xml.
 
 -->
-<ruleset name="Neustar.com" default_off='failed ruleset test'>
+<ruleset name="Neustar.com" default_off="failed ruleset test">
 
 	<target host="neustar.com" />
 	<target host="payment.neustar.com" />
diff --git a/src/chrome/content/rules/Neustar_Localeze.biz.xml b/src/chrome/content/rules/Neustar_Localeze.biz.xml
index d8d6710d5264..35a7807053b9 100644
--- a/src/chrome/content/rules/Neustar_Localeze.biz.xml
+++ b/src/chrome/content/rules/Neustar_Localeze.biz.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.neustarlocaleze.biz/ => https://www.neustarlocaleze.biz/
 	For other NeuStar coverage, see NeuStar.xml.
 
 -->
-<ruleset name="Neustar Localeze.biz" default_off='failed ruleset test'>
+<ruleset name="Neustar Localeze.biz" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NeverDDoS.com.xml b/src/chrome/content/rules/NeverDDoS.com.xml
deleted file mode 100644
index c4ec4b02c9c9..000000000000
--- a/src/chrome/content/rules/NeverDDoS.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="NeverDDoS.com">
-
-	<target host="neverddos.com" />
-	<target host="www.neverddos.com" />
-
-
-	<securecookie host="^(?:w*\.)?neverddos\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nevill_Holt_Opera.xml b/src/chrome/content/rules/Nevill_Holt_Opera.xml
index 10dbbe0cd668..ce0bb40c5f04 100644
--- a/src/chrome/content/rules/Nevill_Holt_Opera.xml
+++ b/src/chrome/content/rules/Nevill_Holt_Opera.xml
@@ -10,10 +10,10 @@ Fetch error: http://nevillholtopera.net/ => https://www.nevillholtopera.net/: (6
 		- ^	("Error"; mismatched, CN: *.eurodiet.co.uk)
 
 -->
-<ruleset name="Nevill Holt Opera" default_off='failed ruleset test'>
+<ruleset name="Nevill Holt Opera" default_off="failed ruleset test">
 
 	<target host="nevillholtopera.net" />
-	<target host="*.nevillholtopera.net" />
+	<target host="www.nevillholtopera.net" />
 
 
 	<securecookie host="^w*\.nevillholtopera\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Nevistas_Health.com.xml b/src/chrome/content/rules/Nevistas_Health.com.xml
index 381a3493756b..41f7c2cfb491 100644
--- a/src/chrome/content/rules/Nevistas_Health.com.xml
+++ b/src/chrome/content/rules/Nevistas_Health.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.nevistashealth.com/ => https://www.nevistashealth.com/:
 	* Secured by us
 
 -->
-<ruleset name="Nevistas Health.com" default_off='failed ruleset test'>
+<ruleset name="Nevistas Health.com" default_off="failed ruleset test">
 
 	<target host="nevistashealth.com" />
 	<target host="www.nevistashealth.com" />
diff --git a/src/chrome/content/rules/New-Dream-Network.xml b/src/chrome/content/rules/New-Dream-Network.xml
index 5c6490a33a36..9eeb77ae804d 100644
--- a/src/chrome/content/rules/New-Dream-Network.xml
+++ b/src/chrome/content/rules/New-Dream-Network.xml
@@ -8,10 +8,11 @@ Fetch error: http://newdream.net/ => https://newdream.net/: (60, 'SSL certificat
 		- DreamHost.xml
 
 -->
-<ruleset name="New Dream Network" default_off='failed ruleset test'>
+<ruleset name="New Dream Network" default_off="failed ruleset test">
 
 	<target host="newdream.net" />
-	<target host="*.newdream.net" />
+	<target host="secure.newdream.net" />
+	<target host="www.newdream.net" />
 
 
 	<!--	www: Cert only matches ^newdream.net.
@@ -19,4 +20,4 @@ Fetch error: http://newdream.net/ => https://newdream.net/: (60, 'SSL certificat
 	<rule from="^http://(?:(secure\.)|www\.)?newdream\.net/"
 		to="https://$1newdream.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/New-Moon-Girls-Online.xml b/src/chrome/content/rules/New-Moon-Girls-Online.xml
index 7984997356a4..eccd4f6f1899 100644
--- a/src/chrome/content/rules/New-Moon-Girls-Online.xml
+++ b/src/chrome/content/rules/New-Moon-Girls-Online.xml
@@ -12,7 +12,7 @@ Fetch error: http://newmoon.com/ => https://www.newmoon.com/: (51, "SSL: no alte
 Fetch error: http://www.newmoon.com/ => https://www.newmoon.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.newmoon.com'")
 
 -->
-<ruleset name="New Moon Girls Online" default_off='failed ruleset test'>
+<ruleset name="New Moon Girls Online" default_off="failed ruleset test">
 	<target host="newmoon.com" />
 	<target host="www.newmoon.com" />
 
diff --git a/src/chrome/content/rules/New-York-City.xml b/src/chrome/content/rules/New-York-City.xml
index 81af6d792123..33905fd86be3 100644
--- a/src/chrome/content/rules/New-York-City.xml
+++ b/src/chrome/content/rules/New-York-City.xml
@@ -38,7 +38,7 @@ Fetch error: http://a856-citystore.nyc.gov/ => https://a856-citystore.nyc.gov/:
 		- portal/site/nycgov/menuitem.beb0d8fdaa9e1607a62fa24601c789a0/
 
 -->
-<ruleset name="NYC.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="NYC.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/New-York-University.xml b/src/chrome/content/rules/New-York-University.xml
index 0c38328c7ea0..b7c42491c26f 100644
--- a/src/chrome/content/rules/New-York-University.xml
+++ b/src/chrome/content/rules/New-York-University.xml
@@ -100,7 +100,42 @@
 <ruleset name="NYU.edu (partial)" platform="mixedcontent">
 
 	<target host="nyu.edu" />
-	<target host="*.nyu.edu" />
+	<target host="www.nyu.edu" />
+	<target host="bookstores.nyu.edu" />
+	<target host="www.bookstores.nyu.edu" />
+	<target host="admissions.nyu.edu" />
+	<target host="cims.nyu.edu" />
+	<target host="cs.nyu.edu" />
+	<target host="g4li.nyu.edu" />
+	<target host="home.nyu.edu" />
+	<target host="math.nyu.edu" />
+	<target host="mrl.nyu.edu" />
+	<target host="steinhardt.nyu.edu" />
+	<target host="www.cims.nyu.edu" />
+	<target host="www.cs.nyu.edu" />
+	<target host="www.g4li.nyu.edu" />
+	<target host="www.home.nyu.edu" />
+	<target host="www.math.nyu.edu" />
+	<target host="www.mrl.nyu.edu" />
+	<target host="www.steinhardt.nyu.edu" />
+	<target host="vlg.cs.nyu.edu" />
+	<target host="engineering.nyu.edu" />
+	<target host="its.law.nyu.edu" />
+	<target host="library.nyu.edu" />
+	<target host="arch.library.nyu.edu" />
+	<target host="getit.library.nyu.edu" />
+	<target host="login.library.nyu.edu" />
+	<target host="login.nyu.edu" />
+	<target host="nursing.nyu.edu" />
+	<target host="frms.nursing.nyu.edu" />
+	<target host="orientation.nursing.nyu.edu" />
+	<target host="admin.portal.nyu.edu" />
+	<target host="shibboleth.nyu.edu" />
+	<target host="sis.nyu.edu" />
+	<target host="start.nyu.edu" />
+	<target host="testhome.home.syr.nyu.edu" />
+	<target host="web.home.syr.nyu.edu" />
+	<target host="wikis.nyu.edu" />
 		<!--
 			Redirects to http:
 						-->
@@ -131,8 +166,6 @@
 	<securecookie host="^\w+[\w.]+\.nyu\.edu$" name=".+" />
 
 
-	<rule from="^http://(www\.)?nyu\.edu/"
-		to="https://$1nyu.edu/" />
 
 	<rule from="^http://(?:www\.)?bookstores\.nyu\.edu/"
 		to="https://www.bookstores.nyu.edu/" />
@@ -145,7 +178,6 @@
 	<rule from="^http://(?:www\.)?(cims|cs|g4li|home|math|mrl|steinhardt)\.nyu\.edu/"
 		to="https://$1.nyu.edu/" />
 
-	<rule from="^http://(vlg\.cs|engineering|its\.law|(?:(?:arch|getit|login)\.)?library|login|(?:frms\.|orientation\.)?nursing|admin\.portal|shibboleth|sis|start|steinhardt|(?:testhome|web)\.home\.syr|wikis)\.nyu\.edu/"
-		to="https://$1.nyu.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NewIT.xml b/src/chrome/content/rules/NewIT.xml
index 312f48720cef..67aefa673adf 100644
--- a/src/chrome/content/rules/NewIT.xml
+++ b/src/chrome/content/rules/NewIT.xml
@@ -2,7 +2,7 @@
   <target host="newit.co.uk" />
   <target host="www.newit.co.uk" />
 
-  <securecookie host="^(?:.+\.)?newit\.co\.uk$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NewMuslimVoice.com.xml b/src/chrome/content/rules/NewMuslimVoice.com.xml
deleted file mode 100644
index 82dd52448d4b..000000000000
--- a/src/chrome/content/rules/NewMuslimVoice.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="NewMuslimVoice.com">
-	<target host="newmuslimvoice.com" />
-	<target host="www.newmuslimvoice.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/NewScientist_Subscriptions.com.xml b/src/chrome/content/rules/NewScientist_Subscriptions.com.xml
index 92a669f455a6..232ec1644539 100644
--- a/src/chrome/content/rules/NewScientist_Subscriptions.com.xml
+++ b/src/chrome/content/rules/NewScientist_Subscriptions.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.newscientistsubscriptions.com/ => https://www.newscienti
 	For other NewScientist coverage, see NewScientist.com.xml.
 
 -->
-<ruleset name="NewScientist Subscriptions.com" default_off='failed ruleset test'>
+<ruleset name="NewScientist Subscriptions.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NewYorkVocalCoaching.xml b/src/chrome/content/rules/NewYorkVocalCoaching.xml
index a1c356667b76..fe3ccbd80ab4 100644
--- a/src/chrome/content/rules/NewYorkVocalCoaching.xml
+++ b/src/chrome/content/rules/NewYorkVocalCoaching.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.theapp.voicelessonstotheworld.com/ => https://www.theapp.voicelessonstotheworld.com/: (6, 'Could not resolve host: www.theapp.voicelessonstotheworld.com')
 
 -->
-<ruleset name="NewYorkVocalCoaching" default_off='failed ruleset test'>
+<ruleset name="NewYorkVocalCoaching" default_off="failed ruleset test">
 
 	<target host="newyorkvocalcoaching.com" />
 	<target host="theapp.voicelessonstotheworld.com" />
diff --git a/src/chrome/content/rules/New_England_Journal_of_Medicine.xml b/src/chrome/content/rules/New_England_Journal_of_Medicine.xml
index 9191d292dae7..b4ca4769d53a 100644
--- a/src/chrome/content/rules/New_England_Journal_of_Medicine.xml
+++ b/src/chrome/content/rules/New_England_Journal_of_Medicine.xml
@@ -18,7 +18,9 @@
 <ruleset name="New England Journal of Medicine (partial)">
 
 	<target host="nejm.org" />
-	<target host="*.nejm.org" />
+	<target host="www.nejm.org" />
+	<target host="cdf.nejm.org" />
+	<target host="cdn.nejm.org" />
 
 
 	<securecookie host="^cdf\.nejm\.org$" name=".+" />
diff --git a/src/chrome/content/rules/New_Flag.xml b/src/chrome/content/rules/New_Flag.xml
deleted file mode 100644
index 0872098e4f9c..000000000000
--- a/src/chrome/content/rules/New_Flag.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="New Flag">
-
-	<target host="mynewflag.com" />
-	<target host="www.mynewflag.com" />
-
-
-	<securecookie host="^\.mynewflag\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/New_York_Needs_You.com.xml b/src/chrome/content/rules/New_York_Needs_You.com.xml
index fd38fdd53ab1..1e85744ce198 100644
--- a/src/chrome/content/rules/New_York_Needs_You.com.xml
+++ b/src/chrome/content/rules/New_York_Needs_You.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.newyorkneedsyou.org/ => https://www.newyorkneedsyou.org/
 	* Secured by us
 
 -->
-<ruleset name="New York Needs You.com" default_off='failed ruleset test'>
+<ruleset name="New York Needs You.com" default_off="failed ruleset test">
 
 	<target host="newyorkneedsyou.org" />
 	<target host="www.newyorkneedsyou.org" />
diff --git a/src/chrome/content/rules/Newegg.com.xml b/src/chrome/content/rules/Newegg.com.xml
index 4b23dfb2efab..88a64cf08ef7 100644
--- a/src/chrome/content/rules/Newegg.com.xml
+++ b/src/chrome/content/rules/Newegg.com.xml
@@ -141,7 +141,7 @@
 	<!-- *neweggimages.com -->
 	<target host="c1.neweggimages.com" />
 		<test url="http://c1.neweggimages.com/BizIntell/tool/psucalc/index.html" />
-	
+
 	<securecookie host="^newegg\.com$" name=".+" />
 	<securecookie host="^www\.newegg\.com$" name=".+" />
 	<securecookie host="^secure\.newegg\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Newport_Motorsports.xml b/src/chrome/content/rules/Newport_Motorsports.xml
index ccaef90f8dc8..55dd0354ab9b 100644
--- a/src/chrome/content/rules/Newport_Motorsports.xml
+++ b/src/chrome/content/rules/Newport_Motorsports.xml
@@ -7,15 +7,15 @@ Fetch error: http://www.newportmotorsports.com/ => https://www.newportmotorsport
 Disabled by https-everywhere-checker because:
 Fetch error: http://newportmotorsports.com/ => https://newportmotorsports.com/: (51, "SSL: no alternative certificate subject name matches target host name 'newportmotorsports.com'")
 -->
-<ruleset name="Newport Motorsports" default_off='failed ruleset test'>
+<ruleset name="Newport Motorsports" default_off="failed ruleset test">
 
 	<target host="newportmotorsports.com" />
 	<target host="www.newportmotorsports.com" />
 
 
-	<securecookie host="^(?:.*\.)?newportmotorsports\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/News-Corporation-mismatches.xml b/src/chrome/content/rules/News-Corporation-mismatches.xml
index 2ad858aa6f6b..e312feb41152 100644
--- a/src/chrome/content/rules/News-Corporation-mismatches.xml
+++ b/src/chrome/content/rules/News-Corporation-mismatches.xml
@@ -8,61 +8,26 @@
 			(www.)edgesuite.net/404.fox(business|news).com/
 
 -->
+
 <ruleset name="News Corporation (mismatches)" default_off="mismatched">
 
 	<!--	Akamai	-->
-	<target host="404.foxnews.com.edgesuite.net" />
 	<target host="dowjones.com" />
 	<target host="www.dowjones.com" />
-	<target host="ureport.foxnews.com" />
-		<!--
-			Handled in Fox_News.xml.
-							-->
-		<exclusion pattern="^http://ureport\.foxnews\.com/services/" />
+	<target host="404.foxnews.com.edgesuite.net" />
 	<target host="myfoxdetroit.com" />
 	<target host="www.myfoxdetroit.com" />
-	<target host="charts.smartmoney.com" />
-		<!--
-			Handled in News-Corporation.xml.
-							-->
-		<exclusion pattern="^http://charts\.smartmoney\.com/gifbuilder/" />
-	<!--	www.dowjones.com	-->
-	<target host="wsjpro.com" />
-	<target host="*.wsjpro.com" />
-
-
-	<securecookie host="^ureport\.foxnews\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?wsjpro\.com$" name=".+" />
-
-
-	<rule from="^http://404\.foxnews\.com\.edgesuite\.net/"
-		to="https://404.foxnews.com.edgesuite.net/" />
-
-	<!--	https slows things down a bit.
-		wsjpro.com isn't hosted on Akamai,
-		and since files appear to be on
-		wsjpro.com too, point there instead.
-						-->
-	<rule from="^http://(?:www\.)?dowjones\.com/(carousel_files|(?:chart/)?css|factiva|images)/"
-		to="https://wsjpro.com/$1/" />
 
 	<!--	- !www cert: www.dowjones.com
 		- www cert: Akamai
 		- !www redirects to www.
 						-->
-	<rule from="^http://(?:www\.)?dowjones\.com/"
+	<rule from="^http://dowjones\.com/"
 		to="https://www.dowjones.com/" />
 
-	<rule from="^http://ureport\.foxnews\.com/"
-		to="https://ureport.foxnews.com/" />
-
-	<rule from="^http://(?:www\.)?myfoxdetroit\.com/"
+	<rule from="^http://myfoxdetroit\.com/"
 		to="https://www.myfoxdetroit.com/" />
 
-	<rule from="^http://charts\.smartmoney\.com/"
-		to="https://charts.smartmoney.com/" />
-
-	<rule from="^http://(?:www\.)?wsjpro\.com/"
-		to="https://wsjpro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/News-Corporation.xml b/src/chrome/content/rules/News-Corporation.xml
deleted file mode 100644
index d272b8a2b374..000000000000
--- a/src/chrome/content/rules/News-Corporation.xml
+++ /dev/null
@@ -1,104 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://efinancialnews.com/ (200) => http://efinancialnews.com/ (500)
-Fetch error: http://services.wsje.com/ => https://services.wsje.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://wsjeuropesubs.com/ => https://wsjeuropesubs.com/: (28, 'Connection timed out after 20002 milliseconds')
-Fetch error: http://wsjsafehouse.com/ => https://www.wsjsafehouse.com/: (7, 'Failed to connect to www.wsjsafehouse.com port 443: Connection refused')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://om.dowjoneson.com/ => https://djglobal.122.2o7.net/: None
-Fetch error: http://services.wsje.com/ => https://services.wsje.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-	For problematic rules, see News-Corporation-mismatches.xml.
-
-
-	Other News Corporation rulesets:
-
-		- alsop-n.uk.xml
-		- barrons.com.xml
-		- driving.co.uk.xml
-		- Fox_News.xml
-		- IGN.xml
-		- Marketwatch.com.xml
-		- sunmotors.co.uk.xml
-		- thescottishsun.co.uk.xml
-		- thesun.co.uk.xml
-		- thesun.ie.xml
-		- Times.xml
-		- wsj.com.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/static.fins.com/
-		- efinancialnews.com.edgesuite.net/...
-			- a1859.g.akamai.net/...
-		- s.smartmoney.net.edgesuite.net/...
-			- a1092.g.akamai.net/...
-		- sj.smartmoney.net.edgesuite.net/...
-			- a1683.g.akamai.net/...
-
-
-	Nonfunctional domains:
-
-		- www.news.com.au	(Akamai; "Service Unavailable")
-
--->
-<ruleset name="News Corporation (partial)" default_off='failed ruleset test'>
-
-	<target host="om.dowjoneson.com" />
-	<target host="djrc.portal.dowjones.com" />
-	<target host="efinancialnews.com" />
-	<target host="*.efinancialnews.com" />
-	<target host="factiva.com" />
-	<target host="*.factiva.com" />
-	<target host="fins.com" />
-	<target host="*.fins.com" />
-	<target host="*.wsj.com" />
-	<target host="services.wsje.com" />
-	<target host="smartmoney.com" />
-	<target host="*.smartmoney.com" />
-	<target host="*.smartmoney.net" />
-	<target host="wsjeuropesubs.com" />
-	<target host="*.wsjeuropesubs.com" />
-	<target host="wsjsafehouse.com" />
-	<target host="*.wsjsafehouse.com" />
-
-
-	<securecookie host="^.*\.factiva\.com$" name=".+" />
-	<securecookie host="^secure\.smartmoney\.com$" name=".+" />
-	<securecookie host="^services\.wsje\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?wsj(?:eurosubs|safehouse)\.com$" name=".+" />
-
-	<rule from="^http://om\.dowjoneson\.com/"
-		to="https://djglobal.122.2o7.net/" />
-
-	<rule from="^http://djrc\.portal\.dowjones\.com/"
-		to="https://djrc.portal.dowjones.com/" />
-
-	<rule from="^http://(www\.)?efinancialnews\.com/(about-us/tour/|css/|img/|js/|login/|forgot-password|register)"
-		to="https://$1efinancialnews.com/$2" />
-
-	<!--	Cert doesn't match !www.	-->
-	<rule from="^http://factiva\.com/"
-		to="https://www.factiva.com/" />
-
-	<rule from="^http://(customer|global|www)\.factiva\.com/"
-		to="https://$1.factiva.com/" />
-
-	<rule from="^http://(?:www\.)?fins\.com/Finance/(cs|Image)s/"
-		to="https://www.fins.com/Finance/$1s/" />
-
-	<rule from="^http://j(?:tools|secure)?\.smartmoney\.com/"
-		to="https://jsecure.smartmoney.com/" />
-
-	<rule from="^http://services\.wsje\.com/"
-		to="https://services.wsje.com/" />
-
-	<rule from="^http://(www\.)?wsjeuropesubs\.com/"
-		to="https://$1wsjeuropesubs.com/" />
-
-	<rule from="^http://(?:www\.)?wsjsafehouse\.com/"
-		to="https://www.wsjsafehouse.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/News-Gazette.xml b/src/chrome/content/rules/News-Gazette.xml
index d0145568d3a8..ee32e8defbb1 100644
--- a/src/chrome/content/rules/News-Gazette.xml
+++ b/src/chrome/content/rules/News-Gazette.xml
@@ -1,10 +1,20 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://assets.news-gazette.com/ => https://assets.news-gazette.com/: (51, "SSL: no alternative certificate subject name matches target host name 'assets.news-gazette.com'")
+Fetch error: http://static.news-gazette.com/ => https://static.news-gazette.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static.news-gazette.com'")
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://digital.news-gazette.com/ => http://digital.news-gazette.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	Other News-Gazette rulesets:
 
-		- County_Star.xml
 		- Independent_News.xml
-		- Leader.xml
-		- Leroy_Farmer_City_Press.xml
 		- Mahomet_Citizen.xml
 		- Paxton_Record.xml
 		- Piatt_County_Journal-Republican.xml
@@ -28,13 +38,11 @@
 <ruleset name="The News-Gazette (partial)">
 
 	<target host="news-gazette.com" />
-	<target host="*.news-gazette.com" />
-
-
-	<rule from="^http://(?:assets\.|static\.|www\.)?news-gazette\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.news-gazette.com/$1" />
+	<!-- target host="assets.news-gazette.com" /-->
+	<!-- target host="static.news-gazette.com" /-->
+	<target host="www.news-gazette.com" />
+	<!-- target host="digital.news-gazette.com" /-->
 
-	<rule from="^http://digital\.news-gazette\.com/(misc|sites)/"
-		to="https://digital.news-gazette.com/$1/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/News-Limited.xml b/src/chrome/content/rules/News-Limited.xml
new file mode 100644
index 000000000000..c9fb31bc8230
--- /dev/null
+++ b/src/chrome/content/rules/News-Limited.xml
@@ -0,0 +1,36 @@
+<!--
+	CDN buckets:
+		- media.news.com.au.edgesuite.net
+		- resources.news.com.au.edgesuite.net
+			- resources[0-3]?.news.com.au
+		- subscription.news.com.au.edgesuite.net/...
+		- www.news.com.au.edgesuite.net
+
+	Nonfunctional domains:
+		- resources[0-3]?.news.com.au ¹
+		- search.news.com.au ²
+		- subscription.news.com.au	(500, akamai)
+		- www.news.com.au ¹
+	¹ 503, akamai
+	² Dropped
+
+	These altnames don't exist:
+		- www.media.foxsports.news.com.au
+		- www.media.foxsports.news.com.au
+-->
+
+<ruleset name="News Limited (partial)">
+	<target host="news.com.au" />
+	<target host="www.news.com.au" />
+	<target host="myaccount.news.com.au" />
+	<target host="preferences.news.com.au" />
+	<target host="sops.news.com.au" />
+	<target host="sslcam.news.com.au" />
+	<target host="tags.news.com.au" />
+	<target host="traktr.news.com.au" />
+	<target host="connect.news.com.au" />
+
+	<securecookie host="^myaccount\.news\.com\.au$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/News-Registry.xml b/src/chrome/content/rules/News-Registry.xml
index 727b18754b03..d69a196ac90f 100644
--- a/src/chrome/content/rules/News-Registry.xml
+++ b/src/chrome/content/rules/News-Registry.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.newsregistry.com/ => https://www.newsregistry.com/: (6,
 		- marketing.newsregistry.com	(times out)
 
 -->
-<ruleset name="News Registry (partial)" default_off='failed ruleset test'>
+<ruleset name="News Registry (partial)" default_off="failed ruleset test">
 
 	<target host="newsregistry.com" />
 	<target host="www.newsregistry.com" />
diff --git a/src/chrome/content/rules/News.com.xml b/src/chrome/content/rules/News.com.xml
new file mode 100644
index 000000000000..aea3022a4330
--- /dev/null
+++ b/src/chrome/content/rules/News.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- news.com
+		- www.news.com
+
+		SSL peer certificate was not OK:
+		- investor.news.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- de.news.com
+		- fr.news.com
+
+		Incomplete certificate chain error:
+		- uk.news.com
+-->
+<ruleset name="News.com">
+	<target host="news.com" />
+	<target host="www.news.com" />
+
+	<rule from="^http://(www\.)?news\.com/"
+		to="https://www.cnet.com/news/" />
+</ruleset>
diff --git a/src/chrome/content/rules/News9daily.org.xml b/src/chrome/content/rules/News9daily.org.xml
deleted file mode 100644
index e189c81b5597..000000000000
--- a/src/chrome/content/rules/News9daily.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="news9daily.org">
-
-	<target host="news9daily.org" />
-	<target host="www.news9daily.org" />
-
-
-	<securecookie host="^(?:w*\.)?news9daily\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NewsBlur.com.xml b/src/chrome/content/rules/NewsBlur.com.xml
index d1f448d67608..19c50571c086 100644
--- a/src/chrome/content/rules/NewsBlur.com.xml
+++ b/src/chrome/content/rules/NewsBlur.com.xml
@@ -1,22 +1,17 @@
 <!--
-	Invalid certificate:
-		blog.newsblur.com	( tumblr.com )
-		popular.global.newsblur.com
-		(icons|pages).newsblur.com	( s3.amazonaws.com )
-		macdrifter.newsblur.com
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- popular.global.newsblur.com
+		- icons.newsblur.com
+		- pages.newsblur.com
 -->
-
 <ruleset name="NewsBlur.com">
 	<target host="newsblur.com" />
 	<target host="www.newsblur.com" />
+	<target host="blog.newsblur.com" />
 	<target host="global.newsblur.com" />
 	<target host="homepage.newsblur.com" />
-
-	<target host="icons.newsblur.com" />
-	<target host="pages.newsblur.com" />
-	<rule from="^http://(icons|pages)\.newsblur\.com/"
-			to="https://s3.amazonaws.com/$1.newsblur.com/"/>
-		<test url="http://icons.newsblur.com/10.png" />
+	<target host="macdrifter.newsblur.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/NewsCred.com.xml b/src/chrome/content/rules/NewsCred.com.xml
index 0508397a065e..ffa63120ce59 100644
--- a/src/chrome/content/rules/NewsCred.com.xml
+++ b/src/chrome/content/rules/NewsCred.com.xml
@@ -37,7 +37,11 @@
 -->
 <ruleset name="NewsCred.com (partial)">
 
-	<target host="*.newscred.com" />
+	<target host="static.cms.newscred.com" />
+	<target host="newsdaily.cms.newscred.com" />
+	<target host="images.newscred.com" />
+	<target host="daylifeimages.newscred.com" />
+	<target host="info.newscred.com" />
 
 
 	<rule from="^http://static\.cms\.newscred\.com/"
diff --git a/src/chrome/content/rules/NewsDaily.com.xml b/src/chrome/content/rules/NewsDaily.com.xml
index 3cb75ac58b3f..5ec6923f105a 100644
--- a/src/chrome/content/rules/NewsDaily.com.xml
+++ b/src/chrome/content/rules/NewsDaily.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.newsdaily.com/ => https://www.newsdaily.com/: (28, 'Conn
 	* Secured by us
 
 -->
-<ruleset name="NewsDaily.com" default_off='failed ruleset test'>
+<ruleset name="NewsDaily.com" default_off="failed ruleset test">
 
 	<target host="newsdaily.com" />
 	<target host="www.newsdaily.com" />
diff --git a/src/chrome/content/rules/NewsGator.xml b/src/chrome/content/rules/NewsGator.xml
index 1cd9100b6fe4..c120735019b0 100644
--- a/src/chrome/content/rules/NewsGator.xml
+++ b/src/chrome/content/rules/NewsGator.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://newsgator.com/ => https://www.newsgator.com/: (7, 'Failed to connect to www.newsgator.com port 443: Connection refused')
 Fetch error: http://www.newsgator.com/ => https://www.newsgator.com/: (7, 'Failed to connect to www.newsgator.com port 443: Connection refused')
 -->
-<ruleset name="NewsGator" default_off='failed ruleset test'>
+<ruleset name="NewsGator" default_off="failed ruleset test">
 
 	<target host="newsgator.com" />
 	<target host="www.newsgator.com" />
diff --git a/src/chrome/content/rules/NewsLook.xml b/src/chrome/content/rules/NewsLook.xml
index bb09bd770340..911e2d0d36f7 100644
--- a/src/chrome/content/rules/NewsLook.xml
+++ b/src/chrome/content/rules/NewsLook.xml
@@ -1,44 +1,17 @@
 <!--
-	CDN buckets:
-
-		- d24lblqer3jbtz.cloudfront.net
-			- sta[0-3].newslook.com
-
-		- d24y7pjjfar7k.cloudfront.net
-			- img[0-3].newslook.com
-
-		- d2nj14si6cadzm.cloudfront.net
-			- cdn.newslook.com
-
-
-	Partially covered domains:
-
-		- (www.)newslook.com	(at least some pages redirect to http)
-
-
-	Fully covered domains:
-
-		- cdn.newslook.com
-		- img[0-3].newslook.com
-		- sta[0-3].newslook.com
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.newslook.com
+		- static.newslook.com
 
+		Redirects to HTTP:
+		- newslook.com
 -->
-<ruleset name="NewsLook (partial)">
-
+<ruleset name="NewsLook.com (partial)" default_off="cert-invalid">
 	<target host="newslook.com" />
-	<target host="*.newslook.com" />
-
-
-	<rule from="^http://(www\.)?newslook\.com/assets/"
-		to="https://$1newslook.com/assets/" />
-
-	<rule from="^http://cdn\.newslook\.com/"
-		to="https://d2nj14si6cadzm.cloudfront.net/" />
-
-	<rule from="^http://img[0-3]\.newslook\.com/"
-		to="https://d24y7pjjfar7k.cloudfront.net/" />
-
-	<rule from="^http://sta[0-3]\.newslook\.com/"
-		to="https://d24lblqer3jbtz.cloudfront.net/" />
-
+	<target host="www.newslook.com" />
+	<target host="cdn.newslook.com" />
+	<target host="static.newslook.com" />
+	
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NewsNetz.ch.xml b/src/chrome/content/rules/NewsNetz.ch.xml
index 08d2809a7e1a..b7abee97a7fc 100644
--- a/src/chrome/content/rules/NewsNetz.ch.xml
+++ b/src/chrome/content/rules/NewsNetz.ch.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	Cert expired:
 		- files.staging.newsnetz.ch
 		- staging01.newsnetz.ch
diff --git a/src/chrome/content/rules/NewsNow.xml b/src/chrome/content/rules/NewsNow.xml
deleted file mode 100644
index 04427d1a3966..000000000000
--- a/src/chrome/content/rules/NewsNow.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(401, CN: lennyamd64.webcluster.newsnow.co.uk)
-		- s		(redirects to www)
-
--->
-<ruleset name="NewsNow (partial)">
-
-	<target host="delivery.ad.newsnow.net" />
-
-
-	<securecookie host="^delivery\.ad\.newsnow\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/News_Distribution_Network.xml b/src/chrome/content/rules/News_Distribution_Network.xml
deleted file mode 100644
index 4908ae190d33..000000000000
--- a/src/chrome/content/rules/News_Distribution_Network.xml
+++ /dev/null
@@ -1,100 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mail.newsinc.com/ => https://mail.newsinc.com/: (6, 'Could not resolve host: mail.newsinc.com')
-Fetch error: http://mailfire.newsinc.com/ => https://mailfire.newsinc.com/: (6, 'Could not resolve host: mailfire.newsinc.com')
-Fetch error: http://assets.newsinc.com/ => https://s3.amazonaws.com/assets.newsinc.com/: (52, 'Empty reply from server')
-
-	CDN buckets:
-
-		- landing.newsinc.com.s3.amazonaws.com | landing.newsinc.com.edgesuite.net
-
-			- a1742.g1.akamai.net
-
-		- assets.newsinc.com.s3.amazonaws.com | assets.newsinc.com.edgesuite.net
-
-			- a1683.g.akamai.net
-
-		- widget.newsinc.com.s3.amazonaws.com
-
-		- dme-prod-1955759440.us-east-1.elb.amazonaws.com
-
-			- pp-serve
-
-		- dmeserv.newsinc.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- control **
-		- dashboard **
-		- dmeserv	(503, akamai)
-		- pp-serve *
-
-	* Refused
-	** Reset
-
-
-	Problematic subdomains:
-
-		- assets ¹
-		- autodiscover	(refused)
-		- landing ¹
-		- widget ³
-
-	¹ Works, akamai
-	³ amazonaws
-
-
-	Fully covered subdomains:
-
-		- assets	(→ s3.amazonaws.com)
-		- autodiscover	(→ autodiscover-s.outlook.com)
-		- embed
-		- landing	(→ s3.amazonaws.com)
-		- launch
-		- mail
-		- mailfire
-		- widget	(→ s3.amazonaws.com)
-
-
-	Mixed content:
-
-		- css on embed from assets *
-
-		- Web bugs on embed from pixel.quantcast.com *
-
-	* Secured by us
-
--->
-<ruleset name="News Distribution Network (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="embed.newsinc.com" />
-	<target host="mail.newsinc.com" />
-	<target host="launch.newsinc.com" />
-	<target host="mailfire.newsinc.com" />
-
-	<!--	Complications:
-				-->
-	<target host="assets.newsinc.com" />
-	<target host="autodiscover.newsinc.com" />
-	<target host="landing.newsinc.com" />
-	<target host="widget.newsinc.com" />
-
-
-	<securecookie host="^mail(?:fire)?\.newsinc\.com$" name=".+" />
-
-
-	<rule from="^http://(assets|landing|widget)\.newsinc\.com/"
-		to="https://s3.amazonaws.com/$1.newsinc.com/" />
-
-	<rule from="^http://autodiscover\.newsinc\.com/"
-		to="https://autodiscover-s.outlook.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/News_Funnel.xml b/src/chrome/content/rules/News_Funnel.xml
index 405b7170f786..1b3b026b60d2 100644
--- a/src/chrome/content/rules/News_Funnel.xml
+++ b/src/chrome/content/rules/News_Funnel.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?thenewsfunnel\.com/(modules/|(?:register-tnf|user/register)(?:$|\?|/)|sites/)"
 		to="https://$1thenewsfunnel.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/News_Limited.xml b/src/chrome/content/rules/News_Limited.xml
deleted file mode 100644
index 04f30c728ae9..000000000000
--- a/src/chrome/content/rules/News_Limited.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<!--
-	CDN buckets:
-
-		- media.news.com.au.edgesuite.net
-
-		- resources.news.com.au.edgesuite.net
-			- resources[0-3]?.news.com.au
-
-		- subscription.news.com.au.edgesuite.net/...
-
-		- www.news.com.au.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- resources[0-3]?.news.com.au ¹
-		- search.news.com.au ²
-		- subscription.news.com.au	(500, akamai)
-		- www.news.com.au ¹
-
-	¹ 503, akamai
-	² Dropped
-
-
-	Problematic subdomains:
-
-		- ^, www ¹
-
-	¹ Works, mismatched, akamai
-
-
-	These altnames don't exist:
-
-		- www.media.foxsports.news.com.au
-		- www.media.foxsports.news.com.au
-
--->
-<ruleset name="News Limited (partial)">
-
-	<target host="myaccount.news.com.au" />
-	<target host="preferences.news.com.au" />
-	<target host="sops.news.com.au" />
-	<target host="sslcam.news.com.au" />
-	<target host="tags.news.com.au" />
-	<target host="traktr.news.com.au" />
-	<target host="connect.news.com.au" />
-
-	<securecookie host="^myaccount\.news\.com\.au$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Newsday.com.xml b/src/chrome/content/rules/Newsday.com.xml
index 00d339253cf1..92b547bc787d 100644
--- a/src/chrome/content/rules/Newsday.com.xml
+++ b/src/chrome/content/rules/Newsday.com.xml
@@ -35,14 +35,14 @@
 <ruleset name="Newsday.com (partial)">
 
 	<target host="newsday.com" />
-	<target host="*.newsday.com" />
+	<target host="www.newsday.com" />
+	<target host="long-island.newsday.com" />
 		<!--exclusion pattern="^http://(cars|homes|local)\.newsday\.com/" /-->
 
 
 	<rule from="^http://(?:www\.)?newsday\.com/"
 		to="https://www.newsday.com/" />
 
-	<rule from="^http://long-island\.newsday\.com/"
-		to="https://long-island.newsday.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Newsmax_Health.com.xml b/src/chrome/content/rules/Newsmax_Health.com.xml
index 559c200c5072..63aa27d7a5e1 100644
--- a/src/chrome/content/rules/Newsmax_Health.com.xml
+++ b/src/chrome/content/rules/Newsmax_Health.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://newsmaxhealth.com/ => https://www.newsmaxhealth.com/: (28, '
 	^newsmaxhealth.com: Mismatched
 
 -->
-<ruleset name="Newsmax Health.com" default_off='failed ruleset test'>
+<ruleset name="Newsmax Health.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NewspaperDirect-mismatches.xml b/src/chrome/content/rules/NewspaperDirect-mismatches.xml
deleted file mode 100644
index b0d3cabc27c3..000000000000
--- a/src/chrome/content/rules/NewspaperDirect-mismatches.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For rules that are on by default, see NewspaperDirect.xml
-
-
-	Nonfunctional:
-
-		- cache-thumb1.pressdisplay.com		(Akamai; 503)
-		- cache2-thumb1.pressdisplay.com	(cert: gp1.wac.edgecastcdn.net; 404)
-
--->
-<ruleset name="NewspaperDirect (mismatches)" default_off="mismatched">
-
-	<target host="pressdisplay.com" />
-	<target host="*.pressdisplay.com" />
-		<!--	Rewritten back to http by JS	-->
-		<exclusion pattern="^http://(?:www\.)?pressdisplay/viewer\.aspx" />
-
-
-	<!--	!2:	Akamai
-		 2:	EdgeCast	-->
-	<rule from="^http://cache2?-s(cripts|style)s\.pressdisplay\.com/"
-		to="https://cache-s$1s.pressdisplay.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/NewspaperDirect.xml b/src/chrome/content/rules/NewspaperDirect.xml
index b9c712aaccba..151ad530a1f0 100644
--- a/src/chrome/content/rules/NewspaperDirect.xml
+++ b/src/chrome/content/rules/NewspaperDirect.xml
@@ -1,38 +1,17 @@
 <!--
-	NB: account.../$ redirects to 404
-	?=> fetch test failure
-
-
-	For problematic rules, see NewspaperDirect-mismatches.xml.
-
-
-	Nonfunctional hosts in *newspaperdirect.com:
-
-		- nytimes ⁴
-
-	⁴ 404
-
-
-	Mixed content:
-
-		- css on (www.)? from fonts.googleapis.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	Other NewspaperDirect.com related rulesets:
+		+ PressDisplay.com.xml
 
+	Non-functional hosts:
+		SSL connect error:
+		- newspaperdirect.com
+		- www.newspaperdirect.com
 -->
 <ruleset name="NewspaperDirect (partial)">
 
-	<target host="newspaperdirect.com" />
 	<target host="account.newspaperdirect.com" />
-	<target host="www.newspaperdirect.com" />
-
-		<!--	$ redirects to 404, so:
-						-->
-		<test url="http://account.newspaperdirect.com/epaper/accountingloginse2_nytimes.aspx" />
-
-
-	<securecookie host="^\w" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Newsvine.com.xml b/src/chrome/content/rules/Newsvine.com.xml
index ad5f9a47183a..010b9696e86f 100644
--- a/src/chrome/content/rules/Newsvine.com.xml
+++ b/src/chrome/content/rules/Newsvine.com.xml
@@ -21,7 +21,7 @@
 		- .newsvine.com
 
 -->
-<ruleset name="newsvine.com (partial)" default_off='Needs ruleset tests'>
+<ruleset name="newsvine.com (partial)" default_off="Needs ruleset tests">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Newyorkcasual.com.xml b/src/chrome/content/rules/Newyorkcasual.com.xml
deleted file mode 100644
index ff41a755af42..000000000000
--- a/src/chrome/content/rules/Newyorkcasual.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Newyorkcasual.com">
-	<target host="newyorkcasual.com" />
-	<target host="www.newyorkcasual.com" />
-	<securecookie host="^\.newyorkcasual\.com$" name=".+" />
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Newzbin.xml b/src/chrome/content/rules/Newzbin.xml
index e69983a9186d..b4ca9fb0185d 100644
--- a/src/chrome/content/rules/Newzbin.xml
+++ b/src/chrome/content/rules/Newzbin.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://newzbin.com/ => https://www.newzbin2.es/: (7, 'Failed to connect to www.newzbin2.es port 443: Connection refused')
 Fetch error: http://newzbin2.es/ => https://www.newzbin2.es/: (7, 'Failed to connect to www.newzbin2.es port 443: Connection refused')
 -->
-<ruleset name="Newzbin" default_off='failed ruleset test'>
+<ruleset name="Newzbin" default_off="failed ruleset test">
   <target host="newzbin.com" />
   <target host="newzbin2.es" />
   <target host="www.newzbin.com" />
diff --git a/src/chrome/content/rules/Newzsec.com.xml b/src/chrome/content/rules/Newzsec.com.xml
index d0c82dfd52f8..b4ef776c54cd 100644
--- a/src/chrome/content/rules/Newzsec.com.xml
+++ b/src/chrome/content/rules/Newzsec.com.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://www.newzsec.com/ (200) => https://saltysailor.github.i
 	(www.)?newzsec.com: Some paths 404
 
 -->
-<ruleset name="newzsec.com (partial)" default_off='failed ruleset test'>
+<ruleset name="newzsec.com (partial)" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Nexac.com.xml b/src/chrome/content/rules/Nexac.com.xml
index 171ceead6118..49b75516ebec 100644
--- a/src/chrome/content/rules/Nexac.com.xml
+++ b/src/chrome/content/rules/Nexac.com.xml
@@ -27,7 +27,7 @@ Fetch error: http://nexac.com/ => https://www.datalogix.com/index.php?id=19: Too
 	Web bugs.
 
 -->
-<ruleset name="nexac.com (partial)" default_off='failed ruleset test'>
+<ruleset name="nexac.com (partial)" default_off="failed ruleset test">
 
 	<target host="nexac.com" />
 	<target host="*.nexac.com" />
@@ -46,4 +46,4 @@ Fetch error: http://nexac.com/ => https://www.datalogix.com/index.php?id=19: Too
 	<rule from="^http://([efhpr])\.nexac\.com/"
 		to="https://$1.nexac.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nexaway.xml b/src/chrome/content/rules/Nexaway.xml
deleted file mode 100644
index 8924ae2c1d68..000000000000
--- a/src/chrome/content/rules/Nexaway.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- corporate	(404, valid cert)
-
--->
-<ruleset name="Nexaway (partial)">
-
-	<target host="nexway.com" />
-	<target host="*.nexway.com" />
-
-
-	<rule from="^http://(www\.)?nexaway\.com/"
-		to="https://$1nexaway.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Next.xml b/src/chrome/content/rules/Next.xml
index ccb4f483620e..50ace319a712 100644
--- a/src/chrome/content/rules/Next.xml
+++ b/src/chrome/content/rules/Next.xml
@@ -75,7 +75,7 @@ Fetch error: http://m.next.co.uk/ => https://m.next.co.uk/: (28, 'Connection tim
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Next.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Next.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NextRegister.com.xml b/src/chrome/content/rules/NextRegister.com.xml
index 80f3c7a858f7..33708c10e21f 100644
--- a/src/chrome/content/rules/NextRegister.com.xml
+++ b/src/chrome/content/rules/NextRegister.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?nextregister\.com/"
 		to="https://nextregister.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nextbit.com.xml b/src/chrome/content/rules/Nextbit.com.xml
deleted file mode 100644
index ceab94e1f338..000000000000
--- a/src/chrome/content/rules/Nextbit.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Nextbit.com">
-
-	<target host="nextbit.com" />
-	<target host="www.nextbit.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nextiva.xml b/src/chrome/content/rules/Nextiva.xml
deleted file mode 100644
index 9cf1440fc629..000000000000
--- a/src/chrome/content/rules/Nextiva.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Nextiva">
-
-	<target host="nextiva.com" />
-	<target host="www.nextiva.com" />
-
-
-	<securecookie host="^\.nextiva\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nextpowerup.com.xml b/src/chrome/content/rules/Nextpowerup.com.xml
deleted file mode 100644
index a1b0a3fbea2d..000000000000
--- a/src/chrome/content/rules/Nextpowerup.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Nextpowerup.com">
-  <target host="nextpowerup.com" />
-  <target host="www.nextpowerup.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Nexway.com.xml b/src/chrome/content/rules/Nexway.com.xml
new file mode 100644
index 000000000000..99163a36c59f
--- /dev/null
+++ b/src/chrome/content/rules/Nexway.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Nexway.com (partial)">
+
+	<target host="nexway.com" />
+	<target host="www.nexway.com" />
+	<target host="corporate.nexway.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ngage_ICS.xml b/src/chrome/content/rules/Ngage_ICS.xml
index c3f8937a7423..80e98a56edfc 100644
--- a/src/chrome/content/rules/Ngage_ICS.xml
+++ b/src/chrome/content/rules/Ngage_ICS.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nginx.org.xml b/src/chrome/content/rules/Nginx.org.xml
index c2fb3324356e..5ab8d317c4ba 100644
--- a/src/chrome/content/rules/Nginx.org.xml
+++ b/src/chrome/content/rules/Nginx.org.xml
@@ -1,34 +1,14 @@
-<!--
-	Problematic hosts in *nginx.org:
-
-		- wiki ᵃ
-
-	ᵃ Shows www.nginx.com, preemptable redirect
-
--->
 <ruleset name="nginx.org">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="nginx.org" />
+	<target host="www.nginx.org" />
 	<target host="forum.nginx.org" />
+	<target host="hg.nginx.org" />
+	<target host="mailman.nginx.org" />
 	<target host="trac.nginx.org" />
-	<target host="www.nginx.org" />
-
-	<!--	Complications:
-				-->
+	<target host="unit.nginx.org" />
 	<target host="wiki.nginx.org" />
 
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://wiki\.nginx\.org/[^?]*"
-		to="https://www.nginx.com/resources/wiki/" />
-
-		<test url="http://wiki.nginx.org/start/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ngrok.com.xml b/src/chrome/content/rules/Ngrok.com.xml
index f3a079e6d086..057db72129b2 100644
--- a/src/chrome/content/rules/Ngrok.com.xml
+++ b/src/chrome/content/rules/Ngrok.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dl.ngrok.com/ => https://dl.ngrok.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="ngrok.com" default_off='failed ruleset test'>
+<ruleset name="ngrok.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ngx.cc.xml b/src/chrome/content/rules/Ngx.cc.xml
index d61a6cf70844..9343403f5e79 100644
--- a/src/chrome/content/rules/Ngx.cc.xml
+++ b/src/chrome/content/rules/Ngx.cc.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://b.ngx.cc/ => https://b.ngx.cc/: (6, 'Could not resolve host: b.ngx.cc')
 
 -->
-<ruleset name="Ngx.cc" default_off='failed ruleset test'>
+<ruleset name="Ngx.cc" default_off="failed ruleset test">
 	<target host="ngx.cc" />
 	<target host="b.ngx.cc" />
 	<target host="bot.ngx.cc" />
diff --git a/src/chrome/content/rules/NiKec_Solutions.xml b/src/chrome/content/rules/NiKec_Solutions.xml
index a83196076729..25fe77af5d1e 100644
--- a/src/chrome/content/rules/NiKec_Solutions.xml
+++ b/src/chrome/content/rules/NiKec_Solutions.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?nikecsolutions\.com/"
 		to="https://nikecsolutions.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nianet.dk.xml b/src/chrome/content/rules/Nianet.dk.xml
new file mode 100644
index 000000000000..198daab6c651
--- /dev/null
+++ b/src/chrome/content/rules/Nianet.dk.xml
@@ -0,0 +1,31 @@
+<!--
+	Mismatched:
+		- ^
+		- www
+		- m
+
+	Timeout:
+		- speedtest
+		- sslvpn
+		- test2
+
+	Only HTTPS version exists:
+		- autodiscover
+		- cloud
+		- consoleproxy
+		- test1.ip
+		- post
+		- snowlicense
+		- expe01.uc
+		- vpn
+-->
+<ruleset name="Nianet.dk (partial)">
+	<target host="ckm.nianet.dk" />
+	<target host="cloudvpn.nianet.dk" />
+	<target host="cst.nianet.dk" />
+	<target host="mit.nianet.dk" />
+	<target host="ok.nianet.dk" />
+	<target host="zenvpn.nianet.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nic.bc.ca.xml b/src/chrome/content/rules/Nic.bc.ca.xml
new file mode 100644
index 000000000000..686700ebc934
--- /dev/null
+++ b/src/chrome/content/rules/Nic.bc.ca.xml
@@ -0,0 +1,12 @@
+<!--
+        Nonfunctional hosts in *.nic.bc.ca:
+                nic.bc.ca (404)
+-->
+<ruleset name="Nic.bc.ca">
+	<target host="nic.bc.ca" />
+	<target host="www.nic.bc.ca" />
+
+	<rule from="^http://nic\.bc\.ca/" to="https://www.nic.bc.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nic.ir.xml b/src/chrome/content/rules/Nic.ir.xml
new file mode 100644
index 000000000000..5bcc89a1eae6
--- /dev/null
+++ b/src/chrome/content/rules/Nic.ir.xml
@@ -0,0 +1,14 @@
+<!--
+	Expired:
+		- tools.nic.ir
+		- whois.nic.ir
+
+	Incomplete certificate chain:
+		- rrmt.nic.ir
+-->
+<ruleset name="Nic.ir">
+	<target host="nic.ir" />
+	<target host="www.nic.ir" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NicAc.xml b/src/chrome/content/rules/NicAc.xml
index 32aa6d697f48..d5844c1261f9 100644
--- a/src/chrome/content/rules/NicAc.xml
+++ b/src/chrome/content/rules/NicAc.xml
@@ -2,7 +2,7 @@
   <target host="nic.ac" />
   <target host="www.nic.ac" />
 
-  <securecookie host="^(?:.+\.)?nic\.ac$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/NicIo.xml b/src/chrome/content/rules/NicIo.xml
index d28f8f7478fa..2571f95f8273 100644
--- a/src/chrome/content/rules/NicIo.xml
+++ b/src/chrome/content/rules/NicIo.xml
@@ -2,7 +2,7 @@
   <target host="nic.io" />
   <target host="www.nic.io" />
 
-  <securecookie host="^(?:.+\.)?nic\.io$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nice_n_Naughty.xml b/src/chrome/content/rules/Nice_n_Naughty.xml
index 6953a1c99647..1420b6b9572d 100644
--- a/src/chrome/content/rules/Nice_n_Naughty.xml
+++ b/src/chrome/content/rules/Nice_n_Naughty.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nicholas_Ranallo.xml b/src/chrome/content/rules/Nicholas_Ranallo.xml
deleted file mode 100644
index ea5d6a3abe10..000000000000
--- a/src/chrome/content/rules/Nicholas_Ranallo.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	mismatched, CN: *.bluehost.com
-
--->
-<ruleset name="Nicholas Ranallo (partial)">
-
-	<target host="ranallolawoffice.com" />
-	<target host="www.ranallolawoffice.com" />
-
-
-	<rule from="^http://(?:www\.)?ranallolawoffice\.com/(?:favicon\.ico|wp-content/|wp-includes/)"
-		to="https://secure.bluehost.com/~ranallol/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NickyHager.info.xml b/src/chrome/content/rules/NickyHager.info.xml
new file mode 100644
index 000000000000..d694b7cbba55
--- /dev/null
+++ b/src/chrome/content/rules/NickyHager.info.xml
@@ -0,0 +1,9 @@
+<ruleset name="NickyHager.info">
+
+	<target host="nickyhager.info" />
+	<target host="www.nickyhager.info" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Nicky_Hager.xml b/src/chrome/content/rules/Nicky_Hager.xml
deleted file mode 100644
index 4886927ab1ed..000000000000
--- a/src/chrome/content/rules/Nicky_Hager.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="Nicky Hager (partial)">
-
-	<target host="nickyhager.info" />
-	<target host="www.nickyhager.info" />
-
-
-	<rule from="^http://(?:www\.)?nickyhager\.info/wp-content/"
-		to="https://secure.bluehost.com/~nickyhag/wp-content/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nicotine-Anonymous.xml b/src/chrome/content/rules/Nicotine-Anonymous.xml
index b16246f845ba..f755e532e732 100644
--- a/src/chrome/content/rules/Nicotine-Anonymous.xml
+++ b/src/chrome/content/rules/Nicotine-Anonymous.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nicovideo.jp.xml b/src/chrome/content/rules/Nicovideo.jp.xml
index 4d7118edf573..53d21e590f28 100644
--- a/src/chrome/content/rules/Nicovideo.jp.xml
+++ b/src/chrome/content/rules/Nicovideo.jp.xml
@@ -3,47 +3,49 @@
 
 		- Friends.nico.xml
 		- Nimg.jp.xml
-		- Simg.jp.xml
 
 	Nonfunctional subdomains:
 
-		- (www.) ¹
 		- bbs ¹
-		- blog ¹
-		- ch ¹
-		- ex ¹
-		- help ¹
-		- info ²
-		- live ¹
-		- rd ¹
-		- seiga ¹
+		- ex ²
+		- jk ¹
 
 	¹ Dropped
 	² Refused
 
-
 	Problematic subdomains:
 
 		- sales.ads *
+		- help *
 
 	* Mismatched
 
-
-	Fully covered subdomains:
-
-		- ads
-		- account
-		- secure.ch
-		- secure
-
 -->
 <ruleset name="nicovideo.jp (partial)">
 
-	<target host="ads.nicovideo.jp" />
+	<target host="3d.nicovideo.jp" />
 	<target host="account.nicovideo.jp" />
+	<target host="ads.nicovideo.jp" />
+	<target host="app.nicovideo.jp" />
+	<target host="blog.nicovideo.jp" />
+	<target host="ch.nicovideo.jp" />
+	<target host="com.nicovideo.jp" />
+	<target host="commons.nicovideo.jp" />
+	<target host="dic.nicovideo.jp" />
+	<target host="enquete.nicovideo.jp" />
+	<target host="game.nicovideo.jp" />
+	<target host="info.nicovideo.jp" />
+	<target host="live.nicovideo.jp" />
+	<target host="live2.nicovideo.jp" />
+	<target host="news.nicovideo.jp" />
+	<target host="nicovideo.jp" />
+	<target host="point.nicovideo.jp" />
+	<target host="qa.nicovideo.jp" />
+	<target host="rd.nicovideo.jp" />
 	<target host="secure.ch.nicovideo.jp" />
 	<target host="secure.nicovideo.jp" />
-
+	<target host="seiga.nicovideo.jp" />
+	<target host="www.nicovideo.jp" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Nie-wieder-VDS.de.xml b/src/chrome/content/rules/Nie-wieder-VDS.de.xml
index 640fb4842f04..0cdb312f6755 100644
--- a/src/chrome/content/rules/Nie-wieder-VDS.de.xml
+++ b/src/chrome/content/rules/Nie-wieder-VDS.de.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.nie-wieder-vds.de/ => https://nie-wieder-vds.de/: (7, 'F
 		- nie-wieder-vds.de
 
 -->
-<ruleset name="Nie-wieder-VDS.de" default_off='failed ruleset test'>
+<ruleset name="Nie-wieder-VDS.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nifty.com.xml b/src/chrome/content/rules/Nifty.com.xml
new file mode 100644
index 000000000000..d6756c8a6cba
--- /dev/null
+++ b/src/chrome/content/rules/Nifty.com.xml
@@ -0,0 +1,34 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- dictionary.nifty.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- transit.nifty.com
+
+		Status code mismatch:
+		- homepage.nifty.com
+
+		4xx client error:
+		- clink.nifty.com
+		- track.nifty.com
+-->
+<ruleset name="Nifty.com (partial)">
+	<target host="nifty.com" />
+	<target host="www.nifty.com" />
+	<target host="arbeit.nifty.com" />
+	<target host="azby.nifty.com" />
+	<target host="chosa.nifty.com" />
+	<target host="game.nifty.com" />
+	<target host="hoken.nifty.com" />
+	<target host="keiba.nifty.com" />
+	<target host="news.nifty.com" />
+	<target host="onsen.nifty.com" />
+	<target host="oshiete1.nifty.com" />
+	<target host="portal.nifty.com" />
+	<target host="sportsclub.nifty.com" />
+	<target host="uranai.nifty.com" />
+	<target host="woman-money.nifty.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NightDev.com.xml b/src/chrome/content/rules/NightDev.com.xml
index 1ca01958c6ee..dd4c84d62353 100644
--- a/src/chrome/content/rules/NightDev.com.xml
+++ b/src/chrome/content/rules/NightDev.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other NightDev rulesets:
 
-		- Streamtip.com.xml
 
 
 	Insecure cookies are set for these hosts:
diff --git a/src/chrome/content/rules/NightLove.xml b/src/chrome/content/rules/NightLove.xml
index 276ba259924b..52f3b332e6e6 100644
--- a/src/chrome/content/rules/NightLove.xml
+++ b/src/chrome/content/rules/NightLove.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.nightlove.me/ => https://www.nightlove.me/: (28, 'Connec
 Disabled by https-everywhere-checker because:
 Fetch error: http://nightlove.me/ => https://nightlove.me/: (6, 'Could not resolve host: nightlove.me')
 -->
-<ruleset name="NightLove" default_off='failed ruleset test'>
+<ruleset name="NightLove" default_off="failed ruleset test">
 
 	<target host="nightlove.me" />
 	<target host="www.nightlove.me" />
@@ -18,4 +18,4 @@ Fetch error: http://nightlove.me/ => https://nightlove.me/: (6, 'Could not resol
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nightcode.info.xml b/src/chrome/content/rules/Nightcode.info.xml
index 673de5edb766..ed9d495c0580 100644
--- a/src/chrome/content/rules/Nightcode.info.xml
+++ b/src/chrome/content/rules/Nightcode.info.xml
@@ -12,7 +12,7 @@ Fetch error: http://nightcode.info/ => https://nightcode.info/: (28, 'Connection
 	www.nightcode.info doesn't exist.
 
 -->
-<ruleset name="Nightcode.info" default_off='failed ruleset test'>
+<ruleset name="Nightcode.info" default_off="failed ruleset test">
 
 	<target host="nightcode.info" />
 
diff --git a/src/chrome/content/rules/Nightmarish-Dream.ru.xml b/src/chrome/content/rules/Nightmarish-Dream.ru.xml
new file mode 100644
index 000000000000..dd45d8d8d338
--- /dev/null
+++ b/src/chrome/content/rules/Nightmarish-Dream.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nightmarish-Dream.ru">
+	<target host="nightmarish-dream.ru" />
+	<target host="www.nightmarish-dream.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nightweb.net.xml b/src/chrome/content/rules/Nightweb.net.xml
index 8131d1205dc4..bf1f7ee38276 100644
--- a/src/chrome/content/rules/Nightweb.net.xml
+++ b/src/chrome/content/rules/Nightweb.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://nightweb.net/ => https://nightweb.net/: (28, 'Connection tim
 	www.nightweb.net doesn't exist.
 
 -->
-<ruleset name="Nightweb.net" default_off='failed ruleset test'>
+<ruleset name="Nightweb.net" default_off="failed ruleset test">
 
 	<target host="nightweb.net" />
 
diff --git a/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml b/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml
index 4360250acd24..939b7215e39c 100644
--- a/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml
+++ b/src/chrome/content/rules/Nijyuyon-Bimuunzu.xml
@@ -1,19 +1,11 @@
-<!--
-	Problematic domains:
-
-		e-nls.com	(cert only matches www)
-
--->
 <ruleset name="Nijyuyon-Bimuunzu">
 
 	<target host="e-nls.com" />
 	<target host="www.e-nls.com" />
+	<target host="img.e-nls.com" />
 
 
-	<rule from="^http://(?:www\.)?e-nls\.com/"
-		to="https://www.e-nls.com/" />
-
-	<rule from="^http://img\.e-nls\.com/"
-		to="https://img.e-nls.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nik_Cub.com.xml b/src/chrome/content/rules/Nik_Cub.com.xml
index 68403c188cf1..55eaf894fe46 100644
--- a/src/chrome/content/rules/Nik_Cub.com.xml
+++ b/src/chrome/content/rules/Nik_Cub.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://nikcub.com/ => https://nikcub.com/: (28, 'Operation timed ou
 Fetch error: http://www.nikcub.com/ => https://www.nikcub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Nik Cub.com" default_off='failed ruleset test'>
+<ruleset name="Nik Cub.com" default_off="failed ruleset test">
 
 	<target host="nikcub.com" />
 	<target host="www.nikcub.com" />
diff --git a/src/chrome/content/rules/Nik_Software.xml b/src/chrome/content/rules/Nik_Software.xml
index c5bc9185ee88..ce9e29b33271 100644
--- a/src/chrome/content/rules/Nik_Software.xml
+++ b/src/chrome/content/rules/Nik_Software.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://shop.niksoftware.com/ => https://shop.niksoftware.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Nik Software (partial)" default_off='failed ruleset test'>
+<ruleset name="Nik Software (partial)" default_off="failed ruleset test">
 
 	<target host="shop.niksoftware.com" />
 
@@ -14,4 +14,4 @@ Fetch error: http://shop.niksoftware.com/ => https://shop.niksoftware.com/: (28,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nikhef.nl.xml b/src/chrome/content/rules/Nikhef.nl.xml
index 9480e99ddf59..ecc6d4377aa6 100644
--- a/src/chrome/content/rules/Nikhef.nl.xml
+++ b/src/chrome/content/rules/Nikhef.nl.xml
@@ -12,7 +12,7 @@ Fetch error: http://teams.nikhef.nl/ => https://teams.nikhef.nl/: (6, 'Could not
 		- www.nikhef.nl
 
 -->
-<ruleset name="Nikhef.nl" default_off='failed ruleset test'>
+<ruleset name="Nikhef.nl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nikkei.com.xml b/src/chrome/content/rules/Nikkei.com.xml
index f7709e429c56..cd089a225328 100644
--- a/src/chrome/content/rules/Nikkei.com.xml
+++ b/src/chrome/content/rules/Nikkei.com.xml
@@ -1,15 +1,11 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cn.nikkei.com/ => https://cn.nikkei.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
 	Reset:
 		invz.nikkei.com
 		leap.nikkei.com
 		sp.nikkei.com
 
 	Refused:
-		www.nikkei.com
+		nikkei.com
 		adb.nikkei.com
 		adpriv.nikkei.com
 		adprivcache.nikkei.com
@@ -69,12 +65,14 @@ Fetch error: http://cn.nikkei.com/ => https://cn.nikkei.com/: (60, 'SSL certific
 		link.asia.nikkei.com
 		video.asia.nikkei.com
 		cdn.nikkei.com
+		cn.nikkei.com
 		mail.cn.nikkei.com
 		regist.asia.dev.nikkei.com
 		faq.nikkei.com
 		mainta.nikkei.com
 		niid.nikkei.com
 		nkispa.nikkei.com
+		sp-ssl.nikkei.com
 		stats.nikkei.com
 		style.nikkei.com
 
@@ -84,24 +82,27 @@ Fetch error: http://cn.nikkei.com/ => https://cn.nikkei.com/: (60, 'SSL certific
 	MCB:
 		zh.cn.nikkei.com (can be secured)
 
-	Too many redirects:
-		support.nikkei.com
 -->
 
-<ruleset name="nikkei.com" default_off='failed ruleset test'>
+<ruleset name="Nikkei.com">
+	<target host="nikkei.com" />
+	<target host="www.nikkei.com" />
 	<target host="regist.asia.nikkei.com" />
-	<target host="cn.nikkei.com" />
 	<target host="evernote.nikkei.com" />
 	<target host="id.nikkei.com" />
 	<target host="idrp.nikkei.com" />
 	<target host="lissn.nikkei.com" />
 	<target host="maint.nikkei.com" />
 	<target host="partsa.nikkei.com" />
+	<target host="r.nikkei.com" />
 	<target host="s.nikkei.com" />
-	<target host="sp-ssl.nikkei.com" />
 	<target host="sstats.nikkei.com" />
+	<target host="support.nikkei.com" />
 	<target host="vdata.nikkei.com" />
 	<target host="vrid.nikkei.com" />
 
+	<rule from="^http://nikkei\.com/"
+		to="https://www.nikkei.com/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nikon-Lenswear.com.xml b/src/chrome/content/rules/Nikon-Lenswear.com.xml
deleted file mode 100644
index 3eb443f48e6e..000000000000
--- a/src/chrome/content/rules/Nikon-Lenswear.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	www.nikon-lenswear.com: Cert only matches ^nikon-lenswear.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- nikon-lenswear.com
-
-
-	Mixed content:
-
-		- css from $self *
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Nikon-Lenswear.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="nikon-lenswear.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.nikon-lenswear.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^nikon-lenswear\.com$" name="^exp_(?:last_activity|last_visit|stashid|tracker)$" /-->
-
-	<securecookie host="^nikon-lenswear\.com$" name=".+" />
-
-
-	<rule from="^http://www\.nikon-lenswear\.com/"
-		to="https://nikon-lenswear.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nikonrumors.com.xml b/src/chrome/content/rules/Nikonrumors.com.xml
new file mode 100644
index 000000000000..667343db86dd
--- /dev/null
+++ b/src/chrome/content/rules/Nikonrumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Nikonrumors.com">
+	<target host="nikonrumors.com" />
+	<target host="www.nikonrumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nikos_Dano.com.xml b/src/chrome/content/rules/Nikos_Dano.com.xml
index e545efb538d8..7f75b4209274 100644
--- a/src/chrome/content/rules/Nikos_Dano.com.xml
+++ b/src/chrome/content/rules/Nikos_Dano.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://nikosdano.com/ => https://nikosdano.com/: (7, 'Failed to con
 Fetch error: http://www.nikosdano.com/ => https://www.nikosdano.com/: (7, 'Failed to connect to www.nikosdano.com port 443: Connection refused')
 
 -->
-<ruleset name="Nikos Dano.com" default_off='failed ruleset test'>
+<ruleset name="Nikos Dano.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nimbus_Hosting.xml b/src/chrome/content/rules/Nimbus_Hosting.xml
index 9a144b88f47f..f177b34ffa83 100644
--- a/src/chrome/content/rules/Nimbus_Hosting.xml
+++ b/src/chrome/content/rules/Nimbus_Hosting.xml
@@ -7,7 +7,8 @@
 <ruleset name="Nimbus Hosting (partial)">
 
 	<target host="nimbushosting.co.uk" />
-	<target host="*.nimbushosting.co.uk" />
+	<target host="www.nimbushosting.co.uk" />
+	<target host="youraccount.nimbushosting.co.uk" />
 		<!--
 			Redirects to http:
 						-->
@@ -23,4 +24,4 @@
 	<rule from="^http://youraccount\.nimbushosting\.co\.uk/"
 		to="https://youtaccount.nimbushosting.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NimporteQui.com.xml b/src/chrome/content/rules/NimporteQui.com.xml
new file mode 100644
index 000000000000..5fb65284bb12
--- /dev/null
+++ b/src/chrome/content/rules/NimporteQui.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="NimporteQui.com">
+	<target host="nimportequi.com" />
+	<target host="www.nimportequi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ninja-Build.org.xml b/src/chrome/content/rules/Ninja-Build.org.xml
new file mode 100644
index 000000000000..9226d4c36127
--- /dev/null
+++ b/src/chrome/content/rules/Ninja-Build.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Ninja-Build.org">
+	<target host="ninja-build.org" />
+	<target host="www.ninja-build.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nintendo_World_Report.xml b/src/chrome/content/rules/Nintendo_World_Report.xml
index 776b639e31ce..e96857416afc 100644
--- a/src/chrome/content/rules/Nintendo_World_Report.xml
+++ b/src/chrome/content/rules/Nintendo_World_Report.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nintendolife.com.xml b/src/chrome/content/rules/Nintendolife.com.xml
new file mode 100644
index 000000000000..945a1ee157de
--- /dev/null
+++ b/src/chrome/content/rules/Nintendolife.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="Nintendolife.com">
+	<target host="nintendolife.com" />
+	<target host="www.nintendolife.com" />
+	<target host="3ds.nintendolife.com" />
+	<target host="3dsvc.nintendolife.com" />
+	<target host="3dsware.nintendolife.com" />
+	<target host="dsiware.nintendolife.com" />
+	<target host="ds.nintendolife.com" />
+	<target host="images.nintendolife.com" />
+	<target host="retro.nintendolife.com" />
+	<target host="fs.nintendolife.com" />
+	<target host="sp.nintendolife.com" />
+	<target host="static.nintendolife.com" />
+	<target host="vc.nintendolife.com" />
+	<target host="wii.nintendolife.com" />
+	<target host="wiiware.nintendolife.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NiteTimeToys.com.xml b/src/chrome/content/rules/NiteTimeToys.com.xml
index 4bc26dd4087d..d22d02141181 100644
--- a/src/chrome/content/rules/NiteTimeToys.com.xml
+++ b/src/chrome/content/rules/NiteTimeToys.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://affiliates.nitetimetoys.com/ => https://affiliates.nitetimet
 	* Secured by us
 
 -->
-<ruleset name="NiteTimeToys.com" default_off='failed ruleset test'>
+<ruleset name="NiteTimeToys.com" default_off="failed ruleset test">
 
 	<target host="nitetimetoys.com" />
 	<target host="affiliates.nitetimetoys.com" />
diff --git a/src/chrome/content/rules/Njal.la.xml b/src/chrome/content/rules/Njal.la.xml
new file mode 100644
index 000000000000..d4f9853850ea
--- /dev/null
+++ b/src/chrome/content/rules/Njal.la.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- git
+		- mailfwd
+		- mx
+		- ns2
+		- ns3
+		- test
+
+	Mismatched:
+		- ns0
+		- redirect
+
+	HTTP != HTTPS:
+		- netbox
+-->
+<ruleset name="Njal.la">
+	<target host="njal.la" />
+	<target host="www.njal.la" />
+	<target host="dns.njal.la" />
+	<target host="next.njal.la" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nnetworks.xml b/src/chrome/content/rules/Nnetworks.xml
deleted file mode 100644
index 844406cc4e02..000000000000
--- a/src/chrome/content/rules/Nnetworks.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Other Nnetworks rulesets:
-
-		- Rec-log.xml
-
--->
-<ruleset name="Nnetworks">
-
-	<target host="nnetworks.co.jp" />
-	<target host="www.nnetworks.co.jp" />
-
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/No-DPI-campaign.xml b/src/chrome/content/rules/No-DPI-campaign.xml
deleted file mode 100644
index dacce861536e..000000000000
--- a/src/chrome/content/rules/No-DPI-campaign.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="No Deep Packet Inspection campaign">
-
-	<target host="nodpi.org" />
-	<target host="www.nodpi.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?nodpi\.org$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?nodpi\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/No-Thank-You.de.xml b/src/chrome/content/rules/No-Thank-You.de.xml
new file mode 100644
index 000000000000..e8b2f535c040
--- /dev/null
+++ b/src/chrome/content/rules/No-Thank-You.de.xml
@@ -0,0 +1,14 @@
+<!--
+	Timeout:
+		www.no-thank-you.de
+-->
+<ruleset name="No-Thank-You.de">
+	<target host="no-thank-you.de" />
+	<target host="www.no-thank-you.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.no-thank-you\.de/" to="https://no-thank-you.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/No_1366.org.xml b/src/chrome/content/rules/No_1366.org.xml
index afe4e84f8e06..d1990b5fcd9d 100644
--- a/src/chrome/content/rules/No_1366.org.xml
+++ b/src/chrome/content/rules/No_1366.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://no1366.org/ => https://no1366.org/: (60, 'SSL certificate pr
 Fetch error: http://www.no1366.org/ => https://www.no1366.org/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="No 1366.org" default_off='failed ruleset test'>
+<ruleset name="No 1366.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/No_Bitcoin_License.org.xml b/src/chrome/content/rules/No_Bitcoin_License.org.xml
deleted file mode 100644
index 835cda2485b3..000000000000
--- a/src/chrome/content/rules/No_Bitcoin_License.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .nobitcoinlicense.org
-
--->
-<ruleset name="No Bitcoin License.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="nobitcoinlicense.org" />
-	<target host="www.nobitcoinlicense.org" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.nobitcoinlicense\.org$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.nobitcoinlicense\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/No_Starch_Press.xml b/src/chrome/content/rules/No_Starch_Press.xml
index 8f8300c1d3ad..e3594a66aac3 100644
--- a/src/chrome/content/rules/No_Starch_Press.xml
+++ b/src/chrome/content/rules/No_Starch_Press.xml
@@ -31,7 +31,9 @@
 <ruleset name="No Starch Press (partial)">
 
 	<target host="nostarch.com" />
-	<target host="*.nostarch.com" />
+	<target host="www.nostarch.com" />
+	<target host="mail.nostarch.com" />
+	<target host="media.nostarch.com" />
 
 
 	<!--	Tracking cookies set by google-analytics.com
@@ -46,6 +48,6 @@
 		to="https://mail.google.com/a/nostarch.com" />
 
 	<rule from="^http://media\.nostarch\.com/"
-		to="https://d19tnq0ilrg6a.cloudfront.net/" />
+		to="https://media.nostarch.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/No_added_sugar.xml b/src/chrome/content/rules/No_added_sugar.xml
deleted file mode 100644
index d8915cad86b6..000000000000
--- a/src/chrome/content/rules/No_added_sugar.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="no added sugar">
-
-	<target host="noaddedsugar.com" />
-	<target host="www.noaddedsugar.com" />
-
-
-	<securecookie host="^\.noaddedsugar\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nocdirect.com.xml b/src/chrome/content/rules/Nocdirect.com.xml
deleted file mode 100644
index 28ecb858ebae..000000000000
--- a/src/chrome/content/rules/Nocdirect.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="nocdirect.com">
-
-	<target host="*.nocdirect.com" />
-
-
-	<securecookie host="^(?:ninja|radium)\.nocdirect\.com$" name=".+" />
-
-
-	<rule from="^http://(ninja|radium)\.nocdirect\.com/"
-		to="https://$1.nocdirect.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/NodeServ.com.xml b/src/chrome/content/rules/NodeServ.com.xml
index ab4d368e08b1..777e69046200 100644
--- a/src/chrome/content/rules/NodeServ.com.xml
+++ b/src/chrome/content/rules/NodeServ.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://manage.nodeserv.com/ => https://manage.nodeserv.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="NodeServ.com" default_off='failed ruleset test'>
+<ruleset name="NodeServ.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nodejitsu.com.xml b/src/chrome/content/rules/Nodejitsu.com.xml
index 248f47afcf21..f53c1d4d74bb 100644
--- a/src/chrome/content/rules/Nodejitsu.com.xml
+++ b/src/chrome/content/rules/Nodejitsu.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://www.legal.nodejitsu.com/ => https://legal.nodejitsu.com/: (7
 	* Secured by us
 
 -->
-<ruleset name="Nodejitsu.com" default_off='failed ruleset test'>
+<ruleset name="Nodejitsu.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NoelShack.com.xml b/src/chrome/content/rules/NoelShack.com.xml
new file mode 100644
index 000000000000..96538f6a2c9b
--- /dev/null
+++ b/src/chrome/content/rules/NoelShack.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+		- dev
+
+	NoelShack.com has both a wildcard certificate and a wildcard DNS record, all other subdomains return 503 error.
+-->
+<ruleset name="NoelShack.com">
+	<target host="noelshack.com" />
+	<target host="www.noelshack.com" />
+	<target host="image.noelshack.com" />
+	<target host="s2.noelshack.com" />
+	<target host="s3.noelshack.com" />
+	<target host="s4.noelshack.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Noelia.xml b/src/chrome/content/rules/Noelia.xml
index cd14baf9930c..6058fc8d7107 100644
--- a/src/chrome/content/rules/Noelia.xml
+++ b/src/chrome/content/rules/Noelia.xml
@@ -5,7 +5,7 @@ Fetch error: http://noelia.fi/ => https://noelia.fi/: (60, 'SSL certificate prob
 Fetch error: http://www.noelia.fi/ => https://www.noelia.fi/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Noelia" default_off='failed ruleset test'>
+<ruleset name="Noelia" default_off="failed ruleset test">
 
 	<target host="noelia.fi" />
 	<target host="www.noelia.fi" />
@@ -16,4 +16,4 @@ Fetch error: http://www.noelia.fi/ => https://www.noelia.fi/: (60, 'SSL certific
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Noembed.com.xml b/src/chrome/content/rules/Noembed.com.xml
index ce59e35a4787..53c6573ead4f 100644
--- a/src/chrome/content/rules/Noembed.com.xml
+++ b/src/chrome/content/rules/Noembed.com.xml
@@ -1,18 +1,7 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.noembed.com/ => https://www.noembed.com/: (6, 'Could not resolve host: www.noembed.com')
-
--->
-<ruleset name="Noembed.com" default_off='failed ruleset test'>
-
+<ruleset name="Noembed.com" >
 	<target host="noembed.com" />
-	<target host="www.noembed.com" />
-
-
-	<securecookie host="^\.noembed\.com$" name=".+" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NoiseProtocol.org.xml b/src/chrome/content/rules/NoiseProtocol.org.xml
new file mode 100644
index 000000000000..568e2a45ea45
--- /dev/null
+++ b/src/chrome/content/rules/NoiseProtocol.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- www
+-->
+<ruleset name="NoiseProtocol.org">
+	<target host="noiseprotocol.org" />
+	<target host="www.noiseprotocol.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.noiseprotocol\.org/" to="https://noiseprotocol.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NoiseTrade.xml b/src/chrome/content/rules/NoiseTrade.xml
index 8b31cdb799a5..c6ddcf4da38b 100644
--- a/src/chrome/content/rules/NoiseTrade.xml
+++ b/src/chrome/content/rules/NoiseTrade.xml
@@ -11,7 +11,7 @@
 
 -->
 
-<ruleset name="NoiseTrade (partial)" default_off='failed ruleset test'>
+<ruleset name="NoiseTrade (partial)" default_off="failed ruleset test">
 
 	<target host="noisetrade.com" />
 	<target host="www.noisetrade.com" />
diff --git a/src/chrome/content/rules/Nokia.xml b/src/chrome/content/rules/Nokia.xml
index f2a8fb692bf5..2bd6c281d754 100644
--- a/src/chrome/content/rules/Nokia.xml
+++ b/src/chrome/content/rules/Nokia.xml
@@ -1,8 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://api.maps.nokia.com/ => https://api.maps.nokia.com/: (6, 'Could not resolve host: api.maps.nokia.com')
+Fetch error: http://health.nokia.com/ => https://health.nokia.com/: (6, 'Could not resolve host: health.nokia.com')
+
 	Other Nokia rulesets:
 		+ Here.com.xml
 		+ NAVTEQ.xml
-		+ Ovi.com.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
@@ -29,8 +34,8 @@
 	<target host="nokia.com" />
 	<target host="www.nokia.com" />
 	<target host="account.nokia.com" />
-	<target host="api.maps.nokia.com" />
-	<target host="health.nokia.com" />
+	<!-- target host="api.maps.nokia.com" /-->
+	<!-- target host="health.nokia.com" /-->
 	<target host="insight.nokia.com" />
 	<target host="networks.nokia.com" />
 	<target host="ozo.nokia.com" />
diff --git a/src/chrome/content/rules/Nokia_Siemens_Networks.xml b/src/chrome/content/rules/Nokia_Siemens_Networks.xml
index 9a3ffbb872f5..304fcbf82b18 100644
--- a/src/chrome/content/rules/Nokia_Siemens_Networks.xml
+++ b/src/chrome/content/rules/Nokia_Siemens_Networks.xml
@@ -17,7 +17,11 @@
 <ruleset name="Nokia Siemens Networks (partial)">
 
 	<target host="nokiasiemensnetworks.com" />
-	<target host="*.nokiasiemensnetworks.com" />
+	<target host="www.nokiasiemensnetworks.com" />
+	<target host="blogs.nokiasiemensnetworks.com" />
+	<target host="industryanalyst.nokiasiemensnetworks.com" />
+	<target host="online.portal.nokiasiemensnetworks.com" />
+	<target host="supplier.portal.nokiasiemensnetworks.com" />
 	<target host="nsn.com" />
 	<target host="www.nsn.com" />
 
@@ -37,4 +41,4 @@
 	<rule from="^http://(www\.)?nsn\.com/(?=jwbox/|sites/)"
 		to="https://$1nsn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nomadesk.xml b/src/chrome/content/rules/Nomadesk.xml
index 912b40b1e3f8..b65165387ebe 100644
--- a/src/chrome/content/rules/Nomadesk.xml
+++ b/src/chrome/content/rules/Nomadesk.xml
@@ -17,7 +17,8 @@ Fetch error: http://nomadesk.com/ => https://www.nomadesk.com/: (28, 'Connection
 	<target host="mynomadesk.com" />
 	<target host="www.mynomadesk.com" />
 	<target host="nomadesk.com" />
-	<target host="*.nomadesk.com" />
+	<target host="www.nomadesk.com" />
+	<target host="secure.nomadesk.com" />
 
 
 	<securecookie host="^secure\.nomadesk\.com$" name=".+" />
@@ -29,7 +30,6 @@ Fetch error: http://nomadesk.com/ => https://www.nomadesk.com/: (28, 'Connection
 	<rule from="^http://(?:www\.)?nomadesk\.com/"
 		to="https://www.nomadesk.com/" />
 
-	<rule from="^http://secure\.nomadesk\.com/"
-		to="https://secure.nomadesk.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nomovok.com.xml b/src/chrome/content/rules/Nomovok.com.xml
deleted file mode 100644
index feff028f3068..000000000000
--- a/src/chrome/content/rules/Nomovok.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	(www.)?nomovok.com: Handshake fails
-
--->
-<ruleset name="Nomovok.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="vk.nomovok.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nonexiste.net.xml b/src/chrome/content/rules/Nonexiste.net.xml
deleted file mode 100644
index 75aac575e093..000000000000
--- a/src/chrome/content/rules/Nonexiste.net.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.) *
-		- alice *
-
-	* Redirects to login, expired 2012-08-07
-
-
-	Problematic subdomains:
-
-		- www.images	(redirects to login; mismatched, CN: alice.nonexiste.net)
-
--->
-<ruleset name="nonexiste.net (partial)">
-
-	<target host="*.nonexiste.net" />
-
-
-	<rule from="^http://(?:www\.)?images\.nonexiste\.net/"
-		to="https://images.nonexiste.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Nootriment.xml b/src/chrome/content/rules/Nootriment.xml
index 0971ee23c242..2c3b7d5aa3f8 100644
--- a/src/chrome/content/rules/Nootriment.xml
+++ b/src/chrome/content/rules/Nootriment.xml
@@ -1,8 +1,8 @@
-<!-- 
-		
+<!--
+
 		Mixed content:
 		- m.nootriment.com
-		
+
 -->
 
 <ruleset name="Nootriment">
diff --git a/src/chrome/content/rules/NordVPN.com.xml b/src/chrome/content/rules/NordVPN.com.xml
deleted file mode 100644
index adf04af54808..000000000000
--- a/src/chrome/content/rules/NordVPN.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="NordVPN.com">
-	<target host="nordvpn.com" />
-	<target host="www.nordvpn.com" />
-	<target host="downloads.nordvpn.com" />
-	<target host="join.nordvpn.com" />
-	<target host="support.nordvpn.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/NordicHardware.xml b/src/chrome/content/rules/NordicHardware.xml
index b0216ff5bea9..1b485d26c112 100644
--- a/src/chrome/content/rules/NordicHardware.xml
+++ b/src/chrome/content/rules/NordicHardware.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.nordichardware.com/ => https://www.nordichardware.com/:
 Fetch error: http://nordichardware.se/ => https://www.nordichardware.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.nordichardware.se/ => https://www.nordichardware.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
-  www.nordichardware.com , nordichardware.se , www.nordichardware.se , nordichardware.com , admin.nordichardware.se , admin.nordichardware.com  
+  www.nordichardware.com , nordichardware.se , www.nordichardware.se , nordichardware.com , admin.nordichardware.se , admin.nordichardware.com
 
 
 	Problematic domains:
@@ -26,7 +26,7 @@ Fetch error: http://www.nordichardware.se/ => https://www.nordichardware.se/: (6
 		- ads.nordichardware.com	(CN: www.nordichardware.com; 404)
 
 -->
-<ruleset name="NordicHardware" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NordicHardware" platform="mixedcontent" default_off="failed ruleset test">
 
 <!-- see also NordicHardware-mismatches.xml -->
 
diff --git a/src/chrome/content/rules/Nordic_Academy.no.xml b/src/chrome/content/rules/Nordic_Academy.no.xml
index e48e99e002b9..da09732520d3 100644
--- a/src/chrome/content/rules/Nordic_Academy.no.xml
+++ b/src/chrome/content/rules/Nordic_Academy.no.xml
@@ -10,7 +10,7 @@ Fetch error: http://vpn.nordicacademy.no/ => https://vpn.nordicacademy.no/: (60,
 		- (www.)	(http reply)
 
 -->
-<ruleset name="Nordic Academy.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Nordic Academy.no (partial)" default_off="failed ruleset test">
 
 	<target host="vpn.nordicacademy.no" />
 
diff --git a/src/chrome/content/rules/Nordkurier.xml b/src/chrome/content/rules/Nordkurier.xml
index f805806dd2fa..d655f8535ea6 100644
--- a/src/chrome/content/rules/Nordkurier.xml
+++ b/src/chrome/content/rules/Nordkurier.xml
@@ -25,5 +25,5 @@
 
 	<rule from="^http:"
 		to="https:" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/Norge.no.xml b/src/chrome/content/rules/Norge.no.xml
index 6440664853bc..62270acf89b0 100644
--- a/src/chrome/content/rules/Norge.no.xml
+++ b/src/chrome/content/rules/Norge.no.xml
@@ -3,7 +3,7 @@
 	Timeout:
 		- psi.norge.no
 		- www2.norge.no
-	
+
 	Mismatch:
 		- test.norge.no
 
diff --git a/src/chrome/content/rules/Norid.no.xml b/src/chrome/content/rules/Norid.no.xml
index 3ac8e232e877..3e9eeba773c2 100644
--- a/src/chrome/content/rules/Norid.no.xml
+++ b/src/chrome/content/rules/Norid.no.xml
@@ -11,13 +11,13 @@
 <ruleset name="Norid.no">
 
 	<target host="norid.no" />
-	<target host="*.norid.no" />
+	<target host="www.norid.no" />
+	<target host="pid.norid.no" />
 
 
 	<rule from="^http://(?:www\.)?norid\.no/"
 		to="https://www.norid.no/" />
 
-	<rule from="^http://pid\.norid\.no/"
-		to="https://pid.norid.no/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Noris.org.xml b/src/chrome/content/rules/Noris.org.xml
index 0c9736721770..8d2975f0ea81 100644
--- a/src/chrome/content/rules/Noris.org.xml
+++ b/src/chrome/content/rules/Noris.org.xml
@@ -1,7 +1,10 @@
 <ruleset name="noris.net" platform="mixedcontent">
 
 	<target host="noris.net" />
-	<target host="*.noris.net" />
+	<target host="mail.noris.net" />
+	<target host="monitor.noris.net" />
+	<target host="service.noris.net" />
+	<target host="www.noris.net" />
 
 
 	<rule from="^http://(?:((?:mail|monitor|service)\.)|www\.)?noris\.net/"
diff --git a/src/chrome/content/rules/Norman.com.xml b/src/chrome/content/rules/Norman.com.xml
index 208b38e23762..85dd61d9a9b6 100644
--- a/src/chrome/content/rules/Norman.com.xml
+++ b/src/chrome/content/rules/Norman.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.norman.com/ => https://www.norman.com/: (51, "SSL: no al
 	* Unsecurable <= refused
 
 -->
-<ruleset name="Norman.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Norman.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Norrgruppen.se.xml b/src/chrome/content/rules/Norrgruppen.se.xml
deleted file mode 100644
index e5e3c808ce8a..000000000000
--- a/src/chrome/content/rules/Norrgruppen.se.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		(www.)		(dropped)
-
--->
-<ruleset name="Norrgruppen.se (partial)">
-
-	<target host="*.norrgruppen.se" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.norrgruppen\.se$" name="^(?:NXCLICK2|OAX)$" />
-
-
-	<rule from="^http://sifomedia\.norrgruppen\.se/"
-		to="https://oasc07.247realmedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/North-American-Network-Operators-Group.xml b/src/chrome/content/rules/North-American-Network-Operators-Group.xml
index 738314d4491e..812ccd5026b0 100644
--- a/src/chrome/content/rules/North-American-Network-Operators-Group.xml
+++ b/src/chrome/content/rules/North-American-Network-Operators-Group.xml
@@ -31,7 +31,7 @@ Fetch error: http://text.nanog.org/ => https://text.nanog.org/: (28, 'Connection
 		- css on bcop from $self
 
 -->
-<ruleset name="NANOG.org (partial)" default_off='failed ruleset test'>
+<ruleset name="NANOG.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/North-Carolina-State-University-problematic.xml b/src/chrome/content/rules/North-Carolina-State-University-problematic.xml
index faf60e17c496..91e6f016a081 100644
--- a/src/chrome/content/rules/North-Carolina-State-University-problematic.xml
+++ b/src/chrome/content/rules/North-Carolina-State-University-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see North-Carolina-State-University.xml.
 
 -->
-<ruleset name="NCSU.edu (problematic)" default_off="missing certificate chain">
+<ruleset name="NCSU.edu (problematic)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/North-Carolina-State-University.xml b/src/chrome/content/rules/North-Carolina-State-University.xml
index 4f547380bf5e..48575eb519f8 100644
--- a/src/chrome/content/rules/North-Carolina-State-University.xml
+++ b/src/chrome/content/rules/North-Carolina-State-University.xml
@@ -94,7 +94,7 @@ Fetch error: http://my.lib.ncsu.edu/ => https://my.lib.ncsu.edu/: (6, 'Could not
 	² Unsecurable
 
 -->
-<ruleset name="NCSU.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="NCSU.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/North-Herts.gov.uk.xml b/src/chrome/content/rules/North-Herts.gov.uk.xml
index 7b073c498be7..fda9281ac1f3 100644
--- a/src/chrome/content/rules/North-Herts.gov.uk.xml
+++ b/src/chrome/content/rules/North-Herts.gov.uk.xml
@@ -28,7 +28,7 @@
 			- web from www.north-herts.gov.uk
 			- www from northherts-cms.cms-dev.firmstep.com
 			- www from $self
-	
+
 	ˢ Secured by us
 
 -->
diff --git a/src/chrome/content/rules/NorthClicks.xml b/src/chrome/content/rules/NorthClicks.xml
deleted file mode 100644
index 0a849c5c7a9a..000000000000
--- a/src/chrome/content/rules/NorthClicks.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	!www: record_too_long
-
--->
-<ruleset name="NorthClicks">
-
-	<target host="northclicks.com" />
-	<target host="*.northclicks.com" />
-
-
-	<securecookie host="^(?:www)?\.northclicks\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?northclicks\.com/"
-		to="https://www.northclicks.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/North_Norfolk.org.xml b/src/chrome/content/rules/North_Norfolk.org.xml
deleted file mode 100644
index 3e12af182fbc..000000000000
--- a/src/chrome/content/rules/North_Norfolk.org.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	North Norfolk District Council
-
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	^northnorfolk.org: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.northnorfolk.org
-
--->
-<ruleset name="North Norfolk.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.northnorfolk.org" />
-
-	<!--	Complications:
-				-->
-	<target host="northnorfolk.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.northnorfolk\.org$" name="^ASPSESSIONID[A-Z]{8}$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://northnorfolk\.org/"
-		to="https://www.northnorfolk.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Northern_Tool.com.xml b/src/chrome/content/rules/Northern_Tool.com.xml
index d3030171c469..c592412e0f00 100644
--- a/src/chrome/content/rules/Northern_Tool.com.xml
+++ b/src/chrome/content/rules/Northern_Tool.com.xml
@@ -25,7 +25,10 @@
 
 	<target host="northerntool.ugc.bazaarvoice.com" />
 	<target host="northerntool.com" />
-	<target host="*.northerntool.com" />
+	<target host="answers.northerntool.com" />
+	<target host="reviews.northerntool.com" />
+	<target host="www.northerntool.com" />
+	<target host="m.northerntool.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Northpole.fi.xml b/src/chrome/content/rules/Northpole.fi.xml
index bfb24fbafdb8..f680a6247e35 100644
--- a/src/chrome/content/rules/Northpole.fi.xml
+++ b/src/chrome/content/rules/Northpole.fi.xml
@@ -1,8 +1,8 @@
 <ruleset name="Northpole.fi">
   <target host="northpole.fi" />
   <target host="www.northpole.fi" />
-  
+
   <securecookie host="^(?:.*\.)northpole\.fi$" name=".+" />
-  
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Northwest_Swim_Shop.xml b/src/chrome/content/rules/Northwest_Swim_Shop.xml
deleted file mode 100644
index 027902603c57..000000000000
--- a/src/chrome/content/rules/Northwest_Swim_Shop.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Cert expired.
-
--->
-<ruleset name="Northwest Swim Shop">
-
-	<target host="nwswimshop.com" />
-	<target host="www.nwswimshop.com" />
-
-
-	<rule from="^http://(?:www\.)?nwswimshop\.com/"
-		to="https://nwswimshop.myshopify.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Northwestern_University.xml b/src/chrome/content/rules/Northwestern_University.xml
index 3bbf35a52376..3bf8acbb9770 100644
--- a/src/chrome/content/rules/Northwestern_University.xml
+++ b/src/chrome/content/rules/Northwestern_University.xml
@@ -101,7 +101,55 @@
 -->
 <ruleset name="Northwestern.edu (partial)">
 
-	<target host="*.northwestern.edu" />
+	<target host="blog.nuamps.at.northwestern.edu" />
+	<target host="websecurity.at.northwestern.edu" />
+	<target host="autodiscover.northwestern.edu" />
+	<target host="bfmf.northwestern.edu" />
+	<target host="carlsmith.northwestern.edu" />
+	<target host="mail.chicago.northwestern.edu" />
+	<target host="mail.evanston.northwestern.edu" />
+	<target host="collaborate.northwestern.edu" />
+	<target host="www.collaborate.northwestern.edu" />
+	<target host="courses.northwestern.edu" />
+	<target host="directory.northwestern.edu" />
+	<target host="blog.ipd.northwestern.edu" />
+	<target host="fed.it.northwestern.edu" />
+	<target host="validate.it.northwestern.edu" />
+	<target host="websso.it.northwestern.edu" />
+	<target host="law.northwestern.edu" />
+	<target host="careerspace.law.northwestern.edu" />
+	<target host="www.law.northwestern.edu" />
+	<target host="www.library.northwestern.edu" />
+	<target host="mail.northwestern.edu" />
+	<target host="math.northwestern.edu" />
+	<target host="www.math.northwestern.edu" />
+	<target host="chitrec.nubic.northwestern.edu" />
+	<target host="nuhr.northwestern.edu" />
+	<target host="blog.oncofertility.northwestern.edu" />
+	<target host="autodiscover.qatar.northwestern.edu" />
+	<target host="collaborate.qatar.northwestern.edu" />
+	<target host="www.collaborate.qatar.northwestern.edu" />
+	<target host="mail.qatar.northwestern.edu" />
+	<target host="webmail.qatar.northwestern.edu" />
+	<target host="research.northwestern.edu" />
+	<target host="www.research.northwestern.edu" />
+	<target host="blog.scienceinsociety.northwestern.edu" />
+	<target host="scs.northwestern.edu" />
+	<target host="www.scs.northwestern.edu" />
+	<target host="tss.northwestern.edu" />
+	<target host="umail.northwestern.edu" />
+	<target host="blog.undergradresearch.northwestern.edu" />
+	<target host="womenshealth.northwestern.edu" />
+	<target host="blog.womenshealth.northwestern.edu" />
+	<target host="cafe.northwestern.edu" />
+	<target host="ses.northwestern.edu" />
+	<target host="undergradresearch.northwestern.edu" />
+	<target host="www.cafe.northwestern.edu" />
+	<target host="www.ses.northwestern.edu" />
+	<target host="www.undergradresearch.northwestern.edu" />
+	<target host="u.northwestern.edu" />
+	<target host="wcas.northwestern.edu" />
+	<target host="www.wcas.northwestern.edu" />
 		<exclusion pattern="^http://www\.library\.northwestern\.edu/(?!misc/|modules/|sites/)" />
 
 
@@ -110,8 +158,6 @@
 	<securecookie host="^\.undergradresearch\.northwestern\.edu$" name="^SESS\w{32}$" />
 
 
-	<rule from="^http://((?:blog\.nuamps|websecurity)\.at|autodiscover|bfmf|carlsmith|mail\.(?:chicago|evanston)|(?:www\.)?collaborate|courses|directory|blog\.ipd|(?:fed|validate|websso)\.it|(?:careerspace\.|www\.)?law|www\.library|mail|(?:www\.)?math|chitrec\.nubic|nuhr|blog\.oncofertility|(?:autodiscover|(?:www\.)?collaborate|mail|webmail)\.qatar|(?:www\.)?research|blog\.scienceinsociety|(?:www\.)?scs|tss|umail|blog\.undergradresearch|(?:blog\.)?womenshealth)\.northwestern\.edu/"
-		to="https://$1.northwestern.edu/" />
 
 	<rule from="^http://(?:www\.)?(cafe|ses|undergradresearch)\.northwestern\.edu/"
 		to="https://$1.northwestern.edu/" />
@@ -122,4 +168,5 @@
 	<rule from="^http://(?:www\.)?wcas\.northwestern\.edu/"
 		to="https://www.wcas.northwestern.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Norton.xml b/src/chrome/content/rules/Norton.xml
index 5999e58403a0..0ba38ae869ab 100644
--- a/src/chrome/content/rules/Norton.xml
+++ b/src/chrome/content/rules/Norton.xml
@@ -73,7 +73,7 @@
 	<target host="sealinfo.websecurity.norton.com" />
 	<target host="trustsealinfo.websecurity.norton.com" />
 	<target host="www.norton.com" />
-	
+
 	<target host="ae.norton.com" />
 	<target host="ar.norton.com" />
 	<target host="at.norton.com" />
@@ -96,7 +96,7 @@
 	<target host="fi.norton.com" />
 	<target host="fr.norton.com" />
 	<target host="gr.norton.com" />
-	<target host="hk.norton.com" />	
+	<target host="hk.norton.com" />
 	<target host="hk-en.norton.com" />
 	<target host="hu.norton.com" />
 	<target host="id.norton.com" />
@@ -129,7 +129,7 @@
 	<target host="uk.norton.com" />
 	<target host="us.norton.com" />
 	<target host="za.norton.com" />
-	
+
 	<target host="stage.nortoncdn.com" />
 	<target host="static.nortoncdn.com" />
 
@@ -147,7 +147,7 @@
 		<!--	Mixed images:
 					-->
 		<!--test url="http://us.norton.com/free-tools-trial/promo" /-->
-	
+
 
 	<!--	Not secured by server:
 					-->
@@ -185,5 +185,5 @@
 
 	<rule from="^http:"
 		to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Norton_Online_Backup.xml b/src/chrome/content/rules/Norton_Online_Backup.xml
index 1529813445ad..cc53001eaf45 100644
--- a/src/chrome/content/rules/Norton_Online_Backup.xml
+++ b/src/chrome/content/rules/Norton_Online_Backup.xml
@@ -11,7 +11,16 @@
 <ruleset name="Norton Online Backup">
 
 	<target host="backup.com" />
-	<target host="*.backup.com" />
+	<target host="www.backup.com" />
+	<target host="assets.backup.com" />
+	<target host="secure-assets.backup.com" />
+	<target host="centurylink.backup.com" />
+	<target host="delldatasafe.backup.com" />
+	<target host="dobu.backup.com" />
+	<target host="nobu.backup.com" />
+	<target host="nis.backup.com" />
+	<target host="nobu-nis.backup.com" />
+	<target host="vipprotection.backup.com" />
 
 
 	<securecookie host="^.+\.backup\.com$" name=".+" />
@@ -23,7 +32,6 @@
 	<rule from="^http://(?:secure-)?assets\.backup\.com/"
 		to="https://secure-assets.backup.com/" />
 
-	<rule from="^http://(centurylink|delldatasafe|[dn]obu|nis|nobu-nis|vipprotection)\.backup\.com/"
-		to="https://$1.backup.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Norwalk_Reflector.xml b/src/chrome/content/rules/Norwalk_Reflector.xml
index 4420d7eef744..59b587413b90 100644
--- a/src/chrome/content/rules/Norwalk_Reflector.xml
+++ b/src/chrome/content/rules/Norwalk_Reflector.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?norwalkreflector\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.norwalkreflector.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysFriendly.com.xml b/src/chrome/content/rules/NotAlwaysFriendly.com.xml
new file mode 100644
index 000000000000..31be8895efce
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysFriendly.com.xml
@@ -0,0 +1,18 @@
+<!--
+	See also: NotAlwaysRight.com.xml, NotAlwaysWorking.com.xml,
+	NotAlwaysHopeless.com.xml
+
+	HTTPS broken:
+		cdn.notalwaysfriendly.com
+
+	Website returns an error:
+		www.notalwaysfriendly.com
+		unfiltered.notalwaysfriendly.com
+-->
+<ruleset name="NotAlwaysFriendly.com">
+	<target host="notalwaysfriendly.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysHopeless.com.xml b/src/chrome/content/rules/NotAlwaysHopeless.com.xml
new file mode 100644
index 000000000000..f197e5d6230e
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysHopeless.com.xml
@@ -0,0 +1,12 @@
+<!--
+	See also: NotAlwaysRight.com.xml, NotAlwaysWorking.com.xml,
+	NotAlwaysFriendly.com.xml
+-->
+<ruleset name="NotAlwaysHopeless.com">
+	<target host="notalwayshopeless.com" />
+	<target host="www.notalwayshopeless.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysRight.com.xml b/src/chrome/content/rules/NotAlwaysRight.com.xml
new file mode 100644
index 000000000000..69e037d735af
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysRight.com.xml
@@ -0,0 +1,19 @@
+<!--
+	See also: NotAlwaysWorking.com.xml, NotAlwaysFriendly.com.xml,
+	NotAlwaysHopeless.com.xml
+
+	HTTPS broken:
+		cdn.notalwaysright.com
+
+	Not publicly accessible:
+		shop.notalwaysright.com
+-->
+<ruleset name="NotAlwaysRight.com">
+	<target host="notalwaysright.com" />
+	<target host="www.notalwaysright.com" />
+	<target host="about.notalwaysright.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotAlwaysWorking.com.xml b/src/chrome/content/rules/NotAlwaysWorking.com.xml
new file mode 100644
index 000000000000..19ac67ae6b8f
--- /dev/null
+++ b/src/chrome/content/rules/NotAlwaysWorking.com.xml
@@ -0,0 +1,18 @@
+<!--
+	See also: NotAlwaysRight.com.xml, NotAlwaysFriendly.com.xml,
+	NotAlwaysHopeless.com.xml
+
+	HTTPS broken:
+		cdn.notalwaysworking.com
+
+	Website returns an error:
+		www.notalwaysworking.com
+		unfiltered.notalwaysworking.com
+-->
+<ruleset name="NotAlwaysWorking.com">
+	<target host="notalwaysworking.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/NotBackingDownUMass.org.xml b/src/chrome/content/rules/NotBackingDownUMass.org.xml
new file mode 100644
index 000000000000..6ae63bd38ed3
--- /dev/null
+++ b/src/chrome/content/rules/NotBackingDownUMass.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="NotBackingDownUMass.org">
+	<target host="notbackingdownumass.org" />
+	<target host="www.notbackingdownumass.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Not_Alone.gov.xml b/src/chrome/content/rules/Not_Alone.gov.xml
deleted file mode 100644
index b138adf9d460..000000000000
--- a/src/chrome/content/rules/Not_Alone.gov.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-
--->
-<ruleset name="Not Alone.gov">
-
-	<target host="notalone.gov" />
-	<target host="www.notalone.gov" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Not_Enough_Shaders.com.xml b/src/chrome/content/rules/Not_Enough_Shaders.com.xml
index 76525d86dfd8..367dfd8666ef 100644
--- a/src/chrome/content/rules/Not_Enough_Shaders.com.xml
+++ b/src/chrome/content/rules/Not_Enough_Shaders.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://www.notenoughshaders.com/ => https://www.notenoughshaders.co
 	* Secured by us
 
 -->
-<ruleset name="Not Enough Shaders.com" default_off='failed ruleset test'>
+<ruleset name="Not Enough Shaders.com" default_off="failed ruleset test">
 
 	<target host="notenoughshaders.com" />
 	<target host="www.notenoughshaders.com" />
diff --git a/src/chrome/content/rules/NotaNet.com.br.xml b/src/chrome/content/rules/NotaNet.com.br.xml
index 0ae9dc895868..6cdb521c6409 100644
--- a/src/chrome/content/rules/NotaNet.com.br.xml
+++ b/src/chrome/content/rules/NotaNet.com.br.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.notanet.com.br/ => https://www.notanet.com.br/: (60, 'SS
 	^: Cert only matches www
 
 -->
-<ruleset name="NotaNet.com.br" default_off='failed ruleset test'>
+<ruleset name="NotaNet.com.br" default_off="failed ruleset test">
 
 	<target host="notanet.com.br" />
 	<target host="www.notanet.com.br" />
diff --git a/src/chrome/content/rules/Notabug.io.xml b/src/chrome/content/rules/Notabug.io.xml
new file mode 100644
index 000000000000..24492ace788c
--- /dev/null
+++ b/src/chrome/content/rules/Notabug.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Notabug.io">
+	<target host="notabug.io" />
+	<target host="www.notabug.io" />
+	<target host="snew.notabug.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Notacon.org.xml b/src/chrome/content/rules/Notacon.org.xml
index 14abbd430e0e..089a3538d2cc 100644
--- a/src/chrome/content/rules/Notacon.org.xml
+++ b/src/chrome/content/rules/Notacon.org.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://notacon.org/ => https://notacon.org/: (51, "SSL: no alternative certificate subject name matches target host name 'notacon.org'")
 Fetch error: http://www.notacon.org/ => https://www.notacon.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.notacon.org'")
 -->
-<ruleset name="Notacon.org" default_off='failed ruleset test'>
+<ruleset name="Notacon.org" default_off="failed ruleset test">
 
 	<target host="notacon.org" />
 	<target host="www.notacon.org" />
diff --git a/src/chrome/content/rules/NoteFly.xml b/src/chrome/content/rules/NoteFly.xml
index 8d39427803c8..88010b270b86 100644
--- a/src/chrome/content/rules/NoteFly.xml
+++ b/src/chrome/content/rules/NoteFly.xml
@@ -3,7 +3,6 @@
 	<target host="notefly.org" />
 	<target host="www.notefly.org" />
 
-	<test url="http://notefly.org/" />
 	<test url="http://www.notefly.org/downloads" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Noteapp.com.xml b/src/chrome/content/rules/Noteapp.com.xml
index bd3c6badb27e..18cc09e31cee 100644
--- a/src/chrome/content/rules/Noteapp.com.xml
+++ b/src/chrome/content/rules/Noteapp.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.noteapp.com/ => https://www.noteapp.com/: (56, 'SSL read
 		* git.noteapp.com
 		* rtc.noteapp.com
 -->
-<ruleset name="NoteApp.com" default_off='failed ruleset test'>
+<ruleset name="NoteApp.com" default_off="failed ruleset test">
 
 	<target host="noteapp.com" />
 
diff --git a/src/chrome/content/rules/Noted_Code.com.xml b/src/chrome/content/rules/Noted_Code.com.xml
deleted file mode 100644
index 48c9da485a07..000000000000
--- a/src/chrome/content/rules/Noted_Code.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Noted Code.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="notedcode.com" />
-	<target host="www.notedcode.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Notepad++.xml b/src/chrome/content/rules/Notepad++.xml
index a2d80da5117d..87d74188e201 100644
--- a/src/chrome/content/rules/Notepad++.xml
+++ b/src/chrome/content/rules/Notepad++.xml
@@ -1,24 +1,15 @@
 <!--
-	Notepad++
-
-
-	Nonfunctional hosts in *notepad-plus-plus.org:
-
-		- docs ʳ
-
-	ʳ Refused
-
+	Invalid certificate:
+		download.notepad-plus-plus.org
 -->
 <ruleset name="Notepad-plus-plus.org">
 
-	<target host=    "notepad-plus-plus.org" />
+	<target host="notepad-plus-plus.org" />
 	<target host="www.notepad-plus-plus.org" />
+	<target host="community.notepad-plus-plus.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NottinghamAC.xml b/src/chrome/content/rules/NottinghamAC.xml
index a5636e85b4ea..fa8b56815d0f 100644
--- a/src/chrome/content/rules/NottinghamAC.xml
+++ b/src/chrome/content/rules/NottinghamAC.xml
@@ -96,7 +96,7 @@ Fetch error: http://selfservice.nottingham.ac.uk/ => https://selfservice.notting
 	ˢ Secured by us
 
 -->
-<ruleset name="NottinghamAC" default_off='failed ruleset test'>
+<ruleset name="NottinghamAC" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nova.fr.xml b/src/chrome/content/rules/Nova.fr.xml
new file mode 100644
index 000000000000..537f2d498e54
--- /dev/null
+++ b/src/chrome/content/rules/Nova.fr.xml
@@ -0,0 +1,16 @@
+<!--
+	No working URL known:
+		api.nova.fr (401)
+		audio.nova.fr (403)
+
+	podcast.nova.fr ( various problems, see https://github.com/EFForg/https-everywhere/pull/15214 )
+
+-->
+<ruleset name="Nova.fr">
+
+	<target host="nova.fr" />
+	<target host="www.nova.fr" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Novartisart.com.xml b/src/chrome/content/rules/Novartisart.com.xml
index 66695c2287bd..c0784e7e97a1 100644
--- a/src/chrome/content/rules/Novartisart.com.xml
+++ b/src/chrome/content/rules/Novartisart.com.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?novartisart\.com/"
 		to="https://novartisart.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Novell.xml b/src/chrome/content/rules/Novell.xml
index 65a16f213c16..54d9dfb6277f 100644
--- a/src/chrome/content/rules/Novell.xml
+++ b/src/chrome/content/rules/Novell.xml
@@ -22,7 +22,7 @@ Fetch error: http://shop.novell.com/ => https://shop.novell.com/: (51, "SSL: no
 	² Dropped
 
 -->
-<ruleset name="Novell.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Novell.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Novosoft.net.xml b/src/chrome/content/rules/Novosoft.net.xml
index b18a1352c75a..249bc48e4b67 100644
--- a/src/chrome/content/rules/Novosoft.net.xml
+++ b/src/chrome/content/rules/Novosoft.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://novosoft.net/ => https://novosoft.net/: (51, "SSL: no altern
 Fetch error: http://www.novosoft.net/ => https://www.novosoft.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.novosoft.net'")
 
 -->
-<ruleset name="Novosoft.net" default_off='failed ruleset test'>
+<ruleset name="Novosoft.net" default_off="failed ruleset test">
 
 	<target host="novosoft.net" />
 	<target host="www.novosoft.net" />
diff --git a/src/chrome/content/rules/Nowy_BIP.xml b/src/chrome/content/rules/Nowy_BIP.xml
deleted file mode 100644
index 4964cd8f1086..000000000000
--- a/src/chrome/content/rules/Nowy_BIP.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	CN: firmlet.pl
-
--->
-<ruleset name="Nowy BIP" default_off="mismatched">
-
-	<target host="nowybip.siteor.com" />
-	<target host="nowybip.pl" />
-	<target host="*.nowybip.pl" />
-
-
-	<securecookie host="^\.nowybip\.pl$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?nowybip\.pl/"
-		to="https://nowybip.pl/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Noxsolutions.com.xml b/src/chrome/content/rules/Noxsolutions.com.xml
new file mode 100644
index 000000000000..cb91478c433e
--- /dev/null
+++ b/src/chrome/content/rules/Noxsolutions.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Noxsolutions.com">
+	<target host="noxsolutions.com" />
+	<target host="www.noxsolutions.com" />
+	<target host="podone.noxsolutions.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Np-Edv.at.xml b/src/chrome/content/rules/Np-Edv.at.xml
deleted file mode 100644
index c3d059f66452..000000000000
--- a/src/chrome/content/rules/Np-Edv.at.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- static *
-
-	* Shows hosting
-
--->
-<ruleset name="np-Edv.at (partial)">
-
-	<target host="hosting.np-edv.at" />
-	<target host="it.np-edv.at" />
-	<target host="kawas.np-edv.at" />
-	<target host="mail.np-edv.at" />
-	<target host="stats.np-edv.at" />
-	<target host="wiki.np-edv.at" />
-		<!--exclusion pattern="^http://(static|www)\.np-edv\.at/" /-->
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^\.np-edv\.at$" name="^npedvmail_sessid$" /-->
-	<!--securecookie host="^stats\.np-edv\.at$" name="^PIWIK_SESSID$" /-->
-	<!--securecookie host="^wiki\.np-edv\.at$" name="^DokuWiki$" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Npower.xml b/src/chrome/content/rules/Npower.xml
index 07d6c6cd156e..5a3c5d495d1f 100644
--- a/src/chrome/content/rules/Npower.xml
+++ b/src/chrome/content/rules/Npower.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:www\.)?npower\.com/([aA]t_[hH]ome/[aA]pplications/|favicon\.ico|idc/groups/wcms_|In_Business/)"
 		to="https://www.npower.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nrelate.xml b/src/chrome/content/rules/Nrelate.xml
deleted file mode 100644
index 8f81c415511b..000000000000
--- a/src/chrome/content/rules/Nrelate.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	CDN buckets:
-
-		- nrelate.scaleengine.net		(doesn't support https)
-			- static.nrelate.anycastcdn.net	(ditto)
-
-		- nrelate.cdn.scaleengine.net		(ditto)
-			- nrelate.anycastcdn.net	(ditto)
-
-				- imgcdn.nrelate.com
-
-
-	Nonfunctional subdomains:
-
-		- img		(once worked, no longer does)
-		- imgcdn *
-		- static *
-		- (www.)	(redirects to partners)
-
-	* Times out
-
--->
-<ruleset name="nrelate (partial)">
-
-	<target host="nrelate.com" />
-	<target host="*.nrelate.com" />
-
-
-	<securecookie host="^partners\.nrelate\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?nrelate\.com/wp-content/uploads/2010/10/favicon\.ico"
-		to="https://partners.nrelate.com/wp-content/themes/partners-main/images/favicon.ico" />
-
-	<rule from="^http://(?:www\.)?nrelate\.com/wp-content/uploads/2012/01/nrelate\.png"
-		to="https://partners.nrelate.com/wp-content/themes/partners-main/images/logo2.png" />
-
-	<rule from="^http://partners\.nrelate\.com/"
-		to="https://partners.nrelate.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nrk.no.xml b/src/chrome/content/rules/Nrk.no.xml
index 5dbd09f11b7d..10df680234ef 100644
--- a/src/chrome/content/rules/Nrk.no.xml
+++ b/src/chrome/content/rules/Nrk.no.xml
@@ -51,7 +51,7 @@ Fetch error: http://fil.nrk.no/ => https://fil.nrk.no/: (56, 'SSL read: error:00
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="NRK.no (partial)" default_off='failed ruleset test'>
+<ruleset name="NRK.no (partial)" default_off="failed ruleset test">
 
 	<target host="nrk.no" />
 	<target host="fil.nrk.no" />
diff --git a/src/chrome/content/rules/Nserver.Ru.xml b/src/chrome/content/rules/Nserver.Ru.xml
index 25720eb56c4b..b4803156f1f5 100644
--- a/src/chrome/content/rules/Nserver.Ru.xml
+++ b/src/chrome/content/rules/Nserver.Ru.xml
@@ -8,7 +8,7 @@ Fetch error: http://ovh.nserver.ru/ => https://ovh.nserver.ru/: (7, 'Failed to c
 		- .gpt.nserver.ru
 
 -->
-<ruleset name="Nserver.Ru" default_off='failed ruleset test'>
+<ruleset name="Nserver.Ru" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Nstatic.com.xml b/src/chrome/content/rules/Nstatic.com.xml
new file mode 100644
index 000000000000..4eed269ddb73
--- /dev/null
+++ b/src/chrome/content/rules/Nstatic.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Nstatic.net">
+
+	<target host="nstatic.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ntmx.de.xml b/src/chrome/content/rules/Ntmx.de.xml
index ef892f22c3a2..ffd406fde61e 100644
--- a/src/chrome/content/rules/Ntmx.de.xml
+++ b/src/chrome/content/rules/Ntmx.de.xml
@@ -14,7 +14,7 @@ Non-2xx HTTP code: http://www.ntmx.de/ (200) => https://ntmx.de/ (403)
 		- mail
 
 -->
-<ruleset name="ntmx.de" default_off='failed ruleset test'>
+<ruleset name="ntmx.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NuBlue.xml b/src/chrome/content/rules/NuBlue.xml
index 731100daf8fb..e14461d5a14a 100644
--- a/src/chrome/content/rules/NuBlue.xml
+++ b/src/chrome/content/rules/NuBlue.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/NuStarz.com.xml b/src/chrome/content/rules/NuStarz.com.xml
index c6be4a19bf1a..33dea4ec684f 100644
--- a/src/chrome/content/rules/NuStarz.com.xml
+++ b/src/chrome/content/rules/NuStarz.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://customz.nustarz.com/ => https://customz.nustarz.com/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="NuStarz.com (partial)" default_off='failed ruleset test'>
+<ruleset name="NuStarz.com (partial)" default_off="failed ruleset test">
 
 	<target host="customz.nustarz.com" />
 
diff --git a/src/chrome/content/rules/Nu_Image_Medical.xml b/src/chrome/content/rules/Nu_Image_Medical.xml
index 50efc198e29f..1fff890fd4b1 100644
--- a/src/chrome/content/rules/Nu_Image_Medical.xml
+++ b/src/chrome/content/rules/Nu_Image_Medical.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?nuimagemedical\.com/(order-hgh(?:$|\?|/)|wp-content/)"
 		to="https://$1nuimagemedical.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nuand.com.xml b/src/chrome/content/rules/Nuand.com.xml
index c3a62b98a4df..848a4cec569a 100644
--- a/src/chrome/content/rules/Nuand.com.xml
+++ b/src/chrome/content/rules/Nuand.com.xml
@@ -1,10 +1,10 @@
 <!--
+	This domain contains a wildcard DNS record.
+
 	Insecure cookies are set for these domains and hosts:
 
 		- nuand.com
-		- .nuand.com
-		- www.nuand.com
-
+		- *.nuand.com
 
 	Mixed content:
 
@@ -18,6 +18,8 @@
 
 	<target host="nuand.com" />
 	<target host="www.nuand.com" />
+	<target host="forum.nuand.com" />
+	<target host="forums.nuand.com" />
 
 		<!--	Formerly redirected to http:
 							-->
@@ -27,16 +29,8 @@
 							-->
 		<test url="http://nuand.com/forums/" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?nuand\.com$" name="^(PHPSESSID|wc_session_cookie_[\da-f]{32})$" /-->
-	<!--securecookie host="^\.nuand\.com$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
-
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Nudevista.com.xml b/src/chrome/content/rules/Nudevista.com.xml
index 2fb7330486e9..3d9a7651178e 100644
--- a/src/chrome/content/rules/Nudevista.com.xml
+++ b/src/chrome/content/rules/Nudevista.com.xml
@@ -4,7 +4,9 @@
 -->
 <ruleset name="nudevista.com (partial)" default_off="mismatched">
 
-	<target host="*.nudevista.com" />
+	<target host="a97.nudevista.com" />
+	<target host="a98.nudevista.com" />
+	<target host="a99.nudevista.com" />
 
 
 	<rule from="^http://a9[789]\.nudevista\.com/"
diff --git a/src/chrome/content/rules/Nugg.ad.xml b/src/chrome/content/rules/Nugg.ad.xml
index 9d8ef09b27c2..1b0efe588417 100644
--- a/src/chrome/content/rules/Nugg.ad.xml
+++ b/src/chrome/content/rules/Nugg.ad.xml
@@ -5,7 +5,7 @@ Fetch error: http://71.nuggad.net/ => https://71.nuggad.net/: (6, 'Could not res
 Fetch error: http://mtm.nuggad.net/ => https://mtm.nuggad.net/: Too many redirects while fetching 'https://mtm.nuggad.net/'
 
 -->
-<ruleset name="nugg.ad" default_off='failed ruleset test'>
+<ruleset name="nugg.ad" default_off="failed ruleset test">
 
 	<target host="*.nugg.ad" />
 	<target host="*.nuggad.net" />
diff --git a/src/chrome/content/rules/Nuitka.net.xml b/src/chrome/content/rules/Nuitka.net.xml
new file mode 100644
index 000000000000..4d238b30d72a
--- /dev/null
+++ b/src/chrome/content/rules/Nuitka.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nuitka.net">
+	<target host="nuitka.net" />
+	<target host="www.nuitka.net" />
+	<target host="bugs.nuitka.net" />
+	<target host="speedcenter.nuitka.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nulab-Inc.com.xml b/src/chrome/content/rules/Nulab-Inc.com.xml
index 2ed86470aac3..b3f9dbf8350c 100644
--- a/src/chrome/content/rules/Nulab-Inc.com.xml
+++ b/src/chrome/content/rules/Nulab-Inc.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="Nulab-Inc.com">
 
 	<target host="nulab-inc.com" />
-	<target host="*.nulab-inc.com" />
+	<target host="developer.nulab-inc.com" />
+	<target host="www.nulab-inc.com" />
 
 
 	<rule from="^http://(?:(developer\.)|www\.)?nulab-inc\.com/"
diff --git a/src/chrome/content/rules/NumPy.org.xml b/src/chrome/content/rules/NumPy.org.xml
new file mode 100644
index 000000000000..c6482a9f811c
--- /dev/null
+++ b/src/chrome/content/rules/NumPy.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Misconfigured hosts:
+		numpy.org
+		(should redirect to www.numpy.org, but certificate lacks this alt-name)
+-->
+<ruleset name="NumPy.org">
+	<target host="numpy.org" />
+	<target host="www.numpy.org" />
+
+	<rule from="^http://numpy\.org/" to="https://www.numpy.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Numa.paris.xml b/src/chrome/content/rules/Numa.paris.xml
index 9cb4b9fbb7af..e9f5bc3c67b9 100644
--- a/src/chrome/content/rules/Numa.paris.xml
+++ b/src/chrome/content/rules/Numa.paris.xml
@@ -42,7 +42,7 @@ Fetch error: http://numa.paris/ => https://www.numa.paris/: (60, 'SSL certificat
 	² Not secured by us <= mismatched
 
 -->
-<ruleset name="Numa.paris (partial)" default_off='failed ruleset test'>
+<ruleset name="Numa.paris (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/NumbersUSA.xml b/src/chrome/content/rules/NumbersUSA.xml
index 14ab163c530e..5d9e08eb546b 100644
--- a/src/chrome/content/rules/NumbersUSA.xml
+++ b/src/chrome/content/rules/NumbersUSA.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nuqayah.com.xml b/src/chrome/content/rules/Nuqayah.com.xml
new file mode 100644
index 000000000000..91de689f471a
--- /dev/null
+++ b/src/chrome/content/rules/Nuqayah.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Nuqayah.com">
+	<target host="nuqayah.com" />
+	<target host="www.nuqayah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nurago.xml b/src/chrome/content/rules/Nurago.xml
index ea100f70bffa..ae34cf6f6cb8 100644
--- a/src/chrome/content/rules/Nurago.xml
+++ b/src/chrome/content/rules/Nurago.xml
@@ -9,8 +9,5 @@
 	<rule from="^http:"
 		to="https:" />
 
-	<test url="http://sensic.net/" />
-	<test url="http://www.sensic.net/" />
-	<test url="http://mco-pb.sensic.net/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/NutriCentre.xml b/src/chrome/content/rules/NutriCentre.xml
index 34b67a6e5ae8..f3ee3e753817 100644
--- a/src/chrome/content/rules/NutriCentre.xml
+++ b/src/chrome/content/rules/NutriCentre.xml
@@ -5,11 +5,11 @@ Fetch error: http://nutricentre.com/ => https://www.nutricentre.com/: (28, 'Conn
 Fetch error: http://www.nutricentre.com/ => https://www.nutricentre.com/: (7, 'Failed to connect to www.nutricentre.com port 443: Connection refused')
 
 -->
-<ruleset name="NutriCentre" default_off='failed ruleset test'>
+<ruleset name="NutriCentre" default_off="failed ruleset test">
   <target host="nutricentre.com" />
   <target host="www.nutricentre.com" />
 
-  <securecookie host="^(?:.*\.)?nutricentre\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?nutricentre\.com/" to="https://www.nutricentre.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Nutrition.gov.xml b/src/chrome/content/rules/Nutrition.gov.xml
deleted file mode 100644
index ef718a636a77..000000000000
--- a/src/chrome/content/rules/Nutrition.gov.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-
-
-	Mixed content:
-
-		- css on www from search.usa.gov *
-		- Images on www from www.nal.usda.gov *
-
-	* Secured by us
-
--->
-<ruleset name="Nutrition.gov">
-
-	<target host="nutrition.gov" />
-	<target host="www.nutrition.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Nutritiondata.self.com.xml b/src/chrome/content/rules/Nutritiondata.self.com.xml
index 73913f7c5ead..8643e33ad33d 100644
--- a/src/chrome/content/rules/Nutritiondata.self.com.xml
+++ b/src/chrome/content/rules/Nutritiondata.self.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.nutritiondata.self.com/ => https://www.nutritiondata.self.com/: (6, 'Could not resolve host: www.nutritiondata.self.com')
 
 -->
-<ruleset name="Nutritiondata.self.com" default_off='failed ruleset test'>
+<ruleset name="Nutritiondata.self.com" default_off="failed ruleset test">
   <target host="nutritiondata.self.com" />
   <target host="www.nutritiondata.self.com" />
 
diff --git a/src/chrome/content/rules/Nuttcp.net.xml b/src/chrome/content/rules/Nuttcp.net.xml
new file mode 100644
index 000000000000..94d297746593
--- /dev/null
+++ b/src/chrome/content/rules/Nuttcp.net.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.nuttcp.net:
+		- nuttcp.net (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Nuttcp.net">
+	<target host="nuttcp.net" />
+	<target host="www.nuttcp.net" />
+
+	<rule from="^http://nuttcp\.net/" to="https://www.nuttcp.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Nuuvem.com.xml b/src/chrome/content/rules/Nuuvem.com.xml
index 26a4d970d43d..f23d864c0d86 100644
--- a/src/chrome/content/rules/Nuuvem.com.xml
+++ b/src/chrome/content/rules/Nuuvem.com.xml
@@ -1,6 +1,6 @@
 <!--
   Broken:
-  
+
   alendadoheroi (timeout)
   forum (refused)
   support (mismatch)
@@ -10,6 +10,6 @@
   <target host="nuuvem.com" />
   <target host="www.nuuvem.com" />
   <target host="secure.nuuvem.com" />
- 
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Nuwear.xml b/src/chrome/content/rules/Nuwear.xml
index 7d228cb1a13d..4169793dfc16 100644
--- a/src/chrome/content/rules/Nuwear.xml
+++ b/src/chrome/content/rules/Nuwear.xml
@@ -5,7 +5,7 @@ Fetch error: http://nuwear.com/ => https://nuwear.com/: (60, 'SSL certificate pr
 Fetch error: http://www.nuwear.com/ => https://www.nuwear.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Nuwear" default_off='failed ruleset test'>
+<ruleset name="Nuwear" default_off="failed ruleset test">
 
 	<target host="nuwear.com" />
 	<target host="www.nuwear.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.nuwear.com/ => https://www.nuwear.com/: (60, 'SSL certif
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nvcc.edu.xml b/src/chrome/content/rules/Nvcc.edu.xml
index de9dd1734b08..44a96978c845 100644
--- a/src/chrome/content/rules/Nvcc.edu.xml
+++ b/src/chrome/content/rules/Nvcc.edu.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.student.nvcc.edu/ => https://www.student.nvcc.edu/: (28,
 	Refused:
 		novastartalk.nvcc.edu
 -->
-<ruleset name="NVCC" default_off='failed ruleset test'>
+<ruleset name="NVCC" default_off="failed ruleset test">
 	<target host="nvcc.edu" />
 	<target host="www.nvcc.edu" />
 	<target host="blogs.nvcc.edu" />
diff --git a/src/chrome/content/rules/Nxt_Forum.org.xml b/src/chrome/content/rules/Nxt_Forum.org.xml
index 0c1abcf6b3b7..f8c613c1df99 100644
--- a/src/chrome/content/rules/Nxt_Forum.org.xml
+++ b/src/chrome/content/rules/Nxt_Forum.org.xml
@@ -1,4 +1,12 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.nxtforum.org/index.php => https://nxtforum.org/index.php: (6, 'Could not resolve host: ardorforum.orgindex.php')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.nxtforum.org/help/ => https://nxtforum.org/help/: (6, 'Could not resolve host: ardorforum.orghelp')
+
 	www.nxtforum.org: Mismatched
 
 
@@ -9,30 +17,12 @@
 -->
 <ruleset name="Nxt Forum.org">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="www.nxtforum.org" />
-
 	<!--	Complications:
 				-->
 	<target host="nxtforum.org" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^nxtforum\.org$" name="^PHPSESSID$" /-->
-
 	<securecookie host="^nxtforum\.org$" name=".+" />
 
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://www\.nxtforum\.org/+"
-		to="https://nxtforum.org/" />
-
-		<test url="http://www.nxtforum.org//index.php" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Nxtck.com.xml b/src/chrome/content/rules/Nxtck.com.xml
index da2027811576..be9eddc5b81f 100644
--- a/src/chrome/content/rules/Nxtck.com.xml
+++ b/src/chrome/content/rules/Nxtck.com.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Nyaa.eu.xml b/src/chrome/content/rules/Nyaa.eu.xml
index d0424550a7db..06ce57927f9a 100644
--- a/src/chrome/content/rules/Nyaa.eu.xml
+++ b/src/chrome/content/rules/Nyaa.eu.xml
@@ -9,7 +9,7 @@ Fetch error: http://sukebei.nyaa.eu/ => https://sukebei.nyaa.eu/: (6, 'Could not
 	Self-signed, mismatch:
 		- cthuko.nyaa.eu
 -->
-<ruleset name="Nyaa.eu" default_off='failed ruleset test'>
+<ruleset name="Nyaa.eu" default_off="failed ruleset test">
 	<target host="nyaa.eu" />
 	<target host="www.nyaa.eu" />
 	<target host="files.nyaa.eu" />
diff --git a/src/chrome/content/rules/Nzbplanet.net.xml b/src/chrome/content/rules/Nzbplanet.net.xml
index 80b08823a158..c4f73de4f56d 100644
--- a/src/chrome/content/rules/Nzbplanet.net.xml
+++ b/src/chrome/content/rules/Nzbplanet.net.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/O2_online.de.xml b/src/chrome/content/rules/O2_online.de.xml
index c1bda44b8dfa..f7c542d3e7f7 100644
--- a/src/chrome/content/rules/O2_online.de.xml
+++ b/src/chrome/content/rules/O2_online.de.xml
@@ -61,7 +61,16 @@
 <ruleset name="o2 online.de (partial)">
 
 	<target host="o2online.de" />
-	<target host="*.o2online.de" />
+	<target host="www.o2online.de" />
+	<target host="cct.o2online.de" />
+	<target host="cct2.o2online.de" />
+	<target host="dsl.o2online.de" />
+	<target host="email.o2online.de" />
+	<target host="hilfe.o2online.de" />
+	<target host="login.o2online.de" />
+	<target host="portal.o2online.de" />
+	<target host="track.o2online.de" />
+	<target host="mobilefun.o2online.de" />
 
 
 	<!--	Not secured by server:
@@ -71,16 +80,15 @@
 	<!--securecookie host="hilfe\.o2online\.de$" name="^(LiSESSIONID|LithiumVisitor)$" /-->
 	<!--securecookie host="\.www\.o2online\.de$" name="^mbox$" /-->
 
-	<securecookie host="^(?:.*\.)?o2online\.de$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?o2online\.de/"
 		to="https://www.o2online.de/" />
 
-	<rule from="^http://(cct2?|dsl|email|hilfe|login|portal|track)\.o2online\.de/"
-		to="https://$1.o2online.de/" />
 
 	<rule from="^http://mobilefun\.o2online\.de/"
 		to="https://o2-liv.mondiamedia.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OADOI.org.xml b/src/chrome/content/rules/OADOI.org.xml
new file mode 100644
index 000000000000..468a212e9000
--- /dev/null
+++ b/src/chrome/content/rules/OADOI.org.xml
@@ -0,0 +1,13 @@
+<!--
+	For related rules, see Unpaywall.org.xml
+
+-->
+<ruleset name="OADOI.org">
+
+	<target host="oadoi.org" />
+	<target host="www.oadoi.org" />
+	<target host="api.oadoi.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OASIS_Open.org.xml b/src/chrome/content/rules/OASIS_Open.org.xml
index 72681149cf07..4234aaf170a0 100644
--- a/src/chrome/content/rules/OASIS_Open.org.xml
+++ b/src/chrome/content/rules/OASIS_Open.org.xml
@@ -1,56 +1,25 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://blogs.oasis-open.org/ => https://blogs.oasis-open.org/: (6, 'Could not resolve host: blogs.oasis-open.org')
-
 	For rules causing false/broken MCB, see OASIS_Open.org-falsemixed.xml.
 
 
-	Nonfunctional hosts in *oasis-open.org:
-
-		- cybersecurity ¹
-		- events ²
-		- interoperate-iot ¹
-		- search ²
-
-	¹ Redirects to http
-	² Shows blank tree
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .oasis-open.org
-		- .blogs.oasis-open.org
-		- www.oasis-open.org
-
+	Invalid certificate:
+		- events.oasis-open.org
+		- search.oasis-open.org
+		- interoperate-iot.oasis-open.org
 
 	Mixed content:
-
-		- css on psi from www.oasis-open.org *
-		- Images on psi from www.oasis-open.org *
-
-	* Secured by us
-
+		- psi.oasis-open.org
 -->
-<ruleset name="OASIS Open.org (partial)" default_off='failed ruleset test'>
+<ruleset name="OASIS Open.org (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="oasis-open.org" />
-	<target host="blogs.oasis-open.org" />
+	<target host="www.oasis-open.org" />
 	<target host="docs.oasis-open.org" />
 	<target host="issues.oasis-open.org" />
 	<target host="lists.oasis-open.org" />
-	<!--target host="psi.oasis-open.org" /-->
+	<target host="support.oasis-open.org" />
 	<target host="tools.oasis-open.org" />
 	<target host="wiki.oasis-open.org" />
-	<target host="www.oasis-open.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.(?:blogs\.)?oasis-open\.org$" name="^SESS[\da-f]{32}$" /-->
-	<!--securecookie host="^www\.oasis-open\.org$" name="^ROUTEID$" /-->
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/OCCRP.org.xml b/src/chrome/content/rules/OCCRP.org.xml
index c63ebbd274ed..e18b1a2e11dd 100644
--- a/src/chrome/content/rules/OCCRP.org.xml
+++ b/src/chrome/content/rules/OCCRP.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.vis.occrp.org/ => https://www.vis.occrp.org/: (6, 'Could
 		- www.occrp.org
 
 -->
-<ruleset name="OCCRP.org" default_off='failed ruleset test'>
+<ruleset name="OCCRP.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OCamlCore.org.xml b/src/chrome/content/rules/OCamlCore.org.xml
index 275a0362faf9..c956edfc0920 100644
--- a/src/chrome/content/rules/OCamlCore.org.xml
+++ b/src/chrome/content/rules/OCamlCore.org.xml
@@ -16,7 +16,7 @@ Fetch error: http://static.ocamlcore.org/ => https://static.ocamlcore.org/: (60,
 	* Shows lists.ocamlcore.org
 
 -->
-<ruleset name="OCamlCore.org (partial)" default_off='failed ruleset test'>
+<ruleset name="OCamlCore.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OD.org.xml b/src/chrome/content/rules/OD.org.xml
deleted file mode 100644
index b78e310099c2..000000000000
--- a/src/chrome/content/rules/OD.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Open Doors coverage, see Open_Doors.org.xml.
-
-
-	Fully covered hosts in *od.org:
-
-		- shared
-
--->
-<ruleset name="OD.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="shared.od.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^shared\.od\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OECD.xml b/src/chrome/content/rules/OECD.xml
index 26f0979290fe..5e0a9bb3c3e6 100644
--- a/src/chrome/content/rules/OECD.xml
+++ b/src/chrome/content/rules/OECD.xml
@@ -7,4 +7,4 @@
 					-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OEPNVKarte.xml b/src/chrome/content/rules/OEPNVKarte.xml
new file mode 100644
index 000000000000..755ce487906b
--- /dev/null
+++ b/src/chrome/content/rules/OEPNVKarte.xml
@@ -0,0 +1,13 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="ÖPNVKarte.de">
+
+	<target host="xn--pnvkarte-m4a.de" />
+	<target host="www.xn--pnvkarte-m4a.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OFB.xml b/src/chrome/content/rules/OFB.xml
index 22bf13b9c24b..4ac662f066dc 100644
--- a/src/chrome/content/rules/OFB.xml
+++ b/src/chrome/content/rules/OFB.xml
@@ -10,10 +10,11 @@ Fetch error: http://ofb.net/ => https://ofb.net/: (60, 'SSL certificate problem:
 		- lists		(cert: ofb.net; 302s to ofb.net/wp-signup.php?new=lists)
 
 -->
-<ruleset name="OFB (partial)" default_off='failed ruleset test'>
+<ruleset name="OFB (partial)" default_off="failed ruleset test">
 
 	<target host="ofb.net" />
-	<target host="*.ofb.net" />
+	<target host="www.ofb.net" />
+	<target host="mail.ofb.net" />
 
 
 	<securecookie host="^ofb\.net$" name=".+" />
diff --git a/src/chrome/content/rules/OFFLINE.ee.xml b/src/chrome/content/rules/OFFLINE.ee.xml
index cbf6b9127179..547555dbc46d 100644
--- a/src/chrome/content/rules/OFFLINE.ee.xml
+++ b/src/chrome/content/rules/OFFLINE.ee.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OFX.com.xml b/src/chrome/content/rules/OFX.com.xml
new file mode 100644
index 000000000000..c98f3da65713
--- /dev/null
+++ b/src/chrome/content/rules/OFX.com.xml
@@ -0,0 +1,70 @@
+<!--
+	Non-functional subdomains:
+		- beta.api	(HTTP 404 error)
+		- live.api	(HTTP 404 error)
+		- rc.api	(HTTP 404 error)
+		- sandbox.api	(HTTP 404 error)
+		- bamboo	(t)
+		- bitbucket	(t)
+		- confluence	(t)
+		- dev-01.api.dev	(HTTP 404 error)
+		- dev-02.api.dev	(HTTP 404 error)
+		- dev-03.api.dev	(HTTP 404 error)
+		- qa.api.dev	(HTTP 404 error)
+		- info	(m)
+		- jira	(t)
+		- refer	(m)
+		- internationalmoneytransfers-ca.04.sit	(HTTP 404 error)
+		- travelex-au.04.sit	(t)
+		- status	(t)
+		- tableau	(t)
+		- internationalmoneytransfers-au.02.uat	(HTTP 404 error)
+		- www.02.uat	(t)
+		- vpn	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="OFX.com">
+
+	<target host="ofx.com" />
+	<target host="www.ofx.com" />
+	<target host="api.ofx.com" />
+	<target host="apps.ofx.com" />
+	<target host="au.ofx.com" />
+	<target host="content.au.ofx.com" />
+	<target host="blog.ofx.com" />
+	<target host="ca.ofx.com" />
+	<target host="admin.06.dev.ofx.com" />
+	<target host="dev.developer.dev.ofx.com" />
+	<target host="test.developer.dev.ofx.com" />
+	<target host="developer.ofx.com" />
+	<target host="docs.developer.ofx.com" />
+	<target host="payments.developer.ofx.com" />
+	<target host="etailing.ofx.com" />
+	<target host="hk.ofx.com" />
+	<target host="nz.ofx.com" />
+	<target host="content.nz.ofx.com" />
+	<target host="admin.02.pp.ofx.com" />
+	<target host="www.03.pp.ofx.com" />
+	<target host="sitecore.prd.ofx.com" />
+	<target host="secure.ofx.com" />
+	<target host="sg.ofx.com" />
+	<target host="content.sg.ofx.com" />
+	<target host="www.04.sit.ofx.com" />
+	<target host="uk.ofx.com" />
+	<target host="content.uk.ofx.com" />
+	<target host="us.ofx.com" />
+	<target host="content.us.ofx.com" />
+	<target host="widget-yahoo.ofx.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OHM2013.org.xml b/src/chrome/content/rules/OHM2013.org.xml
deleted file mode 100644
index 9f5b4d6bab06..000000000000
--- a/src/chrome/content/rules/OHM2013.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="OHM2013.org" default_off='expired'>
-
-	<target host="ohm2013.org" />
-	<target host="www.ohm2013.org" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?ohm2013\.org/"
-		to="https://ohm2013.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OHeffernan.xml b/src/chrome/content/rules/OHeffernan.xml
index 623579310536..c939f4b597cf 100644
--- a/src/chrome/content/rules/OHeffernan.xml
+++ b/src/chrome/content/rules/OHeffernan.xml
@@ -3,7 +3,7 @@
 	<target host="inachinashop.com"/>
 	<target host="www.inachinashop.com"/>
 
-	<rule from="^http://(?:www\.)?inchinashop\.com/"
+	<rule from="^http://(?:www\.)?inachinashop\.com/"
 		to="https://pingplanet.squarespace.com/"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/OKCoin.cn.xml b/src/chrome/content/rules/OKCoin.cn.xml
index d865303aac60..b850ec232e99 100644
--- a/src/chrome/content/rules/OKCoin.cn.xml
+++ b/src/chrome/content/rules/OKCoin.cn.xml
@@ -25,7 +25,7 @@ Fetch error: http://img.okcoin.cn/ => https://img.okcoin.cn/: (6, 'Could not res
 		- www.okcoin.cn
 
 -->
-<ruleset name="OKCoin.cn" default_off='failed ruleset test'>
+<ruleset name="OKCoin.cn" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OKCoin.com.xml b/src/chrome/content/rules/OKCoin.com.xml
index 0568fa3b466a..a92abf21aff7 100644
--- a/src/chrome/content/rules/OKCoin.com.xml
+++ b/src/chrome/content/rules/OKCoin.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://img.okcoin.com/ => https://img.okcoin.com/: (6, 'Could not r
 		- www.okcoin.com
 
 -->
-<ruleset name="OKCoin.com" default_off='failed ruleset test'>
+<ruleset name="OKCoin.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OKPAY.com.xml b/src/chrome/content/rules/OKPAY.com.xml
deleted file mode 100644
index 53dc5b1dea4e..000000000000
--- a/src/chrome/content/rules/OKPAY.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
--->
-<ruleset name="OKPAY.com">
-
-	<target host="okpay.com" />
-	<target host="*.okpay.com" />
-
-
-	<securecookie host="^(?:support|www)\.okpay\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?okpay\.com/"
-		to="https://www.okpay.com/" />
-
-	<rule from="^http://support\.okpay\.com/"
-		to="https://support.okay.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OLPC.xml b/src/chrome/content/rules/OLPC.xml
index a4ef2b91f92e..b2aff2bfff68 100644
--- a/src/chrome/content/rules/OLPC.xml
+++ b/src/chrome/content/rules/OLPC.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dev.laptop.org/ => https://dev.laptop.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="OLPC (partial)" default_off='failed ruleset test'>
+<ruleset name="OLPC (partial)" default_off="failed ruleset test">
 
 	<target host="dev.laptop.org"/>
 
diff --git a/src/chrome/content/rules/OMC.net.xml b/src/chrome/content/rules/OMC.net.xml
new file mode 100644
index 000000000000..c895bb006879
--- /dev/null
+++ b/src/chrome/content/rules/OMC.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="OMC.net (partial)">
+	<target host="omc.net" />
+	<target host="www.omc.net" />
+	<target host="ftp.mvg.omc.net" />
+	<target host="ocp.omc.net" />
+	<target host="roundcube.omc.net" />
+	<target host="webmail.omc.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OMG_uk.com.xml b/src/chrome/content/rules/OMG_uk.com.xml
deleted file mode 100644
index 101eeb1c0453..000000000000
--- a/src/chrome/content/rules/OMG_uk.com.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	For other Optimise Media Group coverage, see Optimise_Media.com.xml.
-
-
-	www.omguk.com: Handshake fails
-
-
-	Insecure cookies are set for these hosts:
-
-		- track.omguk.com
-
--->
-<ruleset name="OMG uk.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="track.omguk.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.omguk.com" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://track.omguk.com/action/application/img/?APPID={/data/user/loadReference}&amp;MID=&amp;PID=&amp;val=&amp;action=Landing" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^track\.omguk\.com$" name="^ASPSESSIONID[A-Z]{8}$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	Redirect drops forward
-		slash, path, and args:
-					-->
-	<rule from="^http://www\.omguk\.com/.*"
-		to="https://www.optimisemedia.com/" />
-
-		<test url="http://www.omguk.com/Default.aspx" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OMS.eu.xml b/src/chrome/content/rules/OMS.eu.xml
index cbd9f4d89866..9472a0607cd7 100644
--- a/src/chrome/content/rules/OMS.eu.xml
+++ b/src/chrome/content/rules/OMS.eu.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://coyote.srv1.oms.eu/ => https://coyote.srv1.oms.eu/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="OMS Vermarktungs GmbH" default_off='failed ruleset test'>
+<ruleset name="OMS Vermarktungs GmbH" default_off="failed ruleset test">
 
 	<target host="www.video.oms.eu"/>
 	<target host="cdn-t.omsnative.de"/>
@@ -12,7 +12,7 @@ Fetch error: http://coyote.srv1.oms.eu/ => https://coyote.srv1.oms.eu/: (60, 'SS
 	<target host="video.oms.eu"/>
 
 	<!-- cert mismatch on:
-		- (www.\)oms.eu 
+		- (www.\)oms.eu
 		- werbeformate.oms.eu
 		- (www.)mobileformate.oms.eu
 	-->
diff --git a/src/chrome/content/rules/ON24.xml b/src/chrome/content/rules/ON24.xml
index 9152ad2a81c7..959921f3c30f 100644
--- a/src/chrome/content/rules/ON24.xml
+++ b/src/chrome/content/rules/ON24.xml
@@ -15,7 +15,10 @@
 <ruleset name="ON24.com (partial)">
 
 	<target host="on24.com" />
-	<target host="*.on24.com" />
+	<target host="www.on24.com" />
+	<target host="event.on24.com" />
+	<target host="eventprd10b.on24.com" />
+	<target host="w.on24.com" />
 
 
 	<!--	Not secured by server:
@@ -28,7 +31,6 @@
 	<rule from="^http://(?:www\.)?on24\.com/"
 		to="https://www.on24.com/" />
 
-	<rule from="^http://(event|eventprd10b|w)\.on24\.com/"
-		to="https://$1.on24.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ONE.org.xml b/src/chrome/content/rules/ONE.org.xml
index 26d6d7c1ff5e..bfe0ea95b0d3 100644
--- a/src/chrome/content/rules/ONE.org.xml
+++ b/src/chrome/content/rules/ONE.org.xml
@@ -16,17 +16,17 @@
 <ruleset name="ONE.org">
 
 	<target host="one.org" />
-	<target host="*.one.org" />
+	<target host="www.one.org" />
+	<target host="give.one.org" />
 	<target host="one.actionkit.com" />
 
 
 	<securecookie host="^one\.actionkit\.com" name=".+" />
 
 
-	<rule from="^http://(www\.)?one\.org/"
-		to="https://$1one.org/" />
 
 	<rule from="^http://(?:one\.actionkit\.com|give\.one\.org)/"
 		to="https://one.actionkit.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ONEhelp.xml b/src/chrome/content/rules/ONEhelp.xml
index 691cc52ea3d4..1eed5c18e915 100644
--- a/src/chrome/content/rules/ONEhelp.xml
+++ b/src/chrome/content/rules/ONEhelp.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://www\.onehelp\.cz/"
 		to="https://www.onehelp.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONEnews.xml b/src/chrome/content/rules/ONEnews.xml
index d7e449fd35c8..b867d7d1989d 100644
--- a/src/chrome/content/rules/ONEnews.xml
+++ b/src/chrome/content/rules/ONEnews.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://www\.onenews\.cz/"
 		to="https://www.onenews.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONEsite.xml b/src/chrome/content/rules/ONEsite.xml
index e19c4341ac76..59a96ec0cd6e 100644
--- a/src/chrome/content/rules/ONEsite.xml
+++ b/src/chrome/content/rules/ONEsite.xml
@@ -17,18 +17,19 @@
 -->
 <ruleset name="ONEsite (partial)">
 
-	<target host="*.onesite.com" />
+	<target host="admin.onesite.com" />
+	<target host="fast1.onesite.com" />
+	<target host="images.onesite.com" />
 
 
 	<securecookie host="^\.admin\.onesite\.com$" name=".+" />
 
 
-	<rule from="^http://admin\.onesite\.com/"
-		to="https://admin.onesite.com/" />
 
 	<!--	fast1: Akamai
 				-->
 	<rule from="^http://(?:fast1|images)\.onesite\.com/"
 		to="https://images.onesite.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ONEweb.xml b/src/chrome/content/rules/ONEweb.xml
index b3933dfe462f..77350171057c 100644
--- a/src/chrome/content/rules/ONEweb.xml
+++ b/src/chrome/content/rules/ONEweb.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?oneweb\.cz/"
 		to="https://www.oneweb.cz/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ONOrobot.org.xml b/src/chrome/content/rules/ONOrobot.org.xml
index 6b58c7f1fe14..13639039a86d 100644
--- a/src/chrome/content/rules/ONOrobot.org.xml
+++ b/src/chrome/content/rules/ONOrobot.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.onorobot.org/ => https://www.onorobot.org/: (28, 'Connec
 	For other Tactical Technology coverage, see Tactical_Tech.org.xml.
 
 -->
-<ruleset name="ONOrobot.org" default_off='failed ruleset test'>
+<ruleset name="ONOrobot.org" default_off="failed ruleset test">
 
 	<target host="onorobot.org" />
 	<target host="www.onorobot.org" />
diff --git a/src/chrome/content/rules/OODA.com.xml b/src/chrome/content/rules/OODA.com.xml
index a7a004a19903..76444cab1c60 100644
--- a/src/chrome/content/rules/OODA.com.xml
+++ b/src/chrome/content/rules/OODA.com.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://(?:www\.)?ooda\.com/"
 		to="https://www.ooda.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OODA_Loop.com.xml b/src/chrome/content/rules/OODA_Loop.com.xml
index 0802414ea563..2ae58d4c2989 100644
--- a/src/chrome/content/rules/OODA_Loop.com.xml
+++ b/src/chrome/content/rules/OODA_Loop.com.xml
@@ -31,4 +31,4 @@
 	<rule from="^http://(?:www\.)?oodaloop\.com/"
 		to="https://www.oodaloop.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OPML.xml b/src/chrome/content/rules/OPML.xml
deleted file mode 100644
index d6eaa1578216..000000000000
--- a/src/chrome/content/rules/OPML.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www
-		- dev
-
--->
-<ruleset name="OPML (partial)">
-
-	<target host="static.opml.org" />
-
-
-	<rule from="^http://static\.opml\.org/"
-		to="https://s3.amazonaws.com/static.opml.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ORA.xml b/src/chrome/content/rules/ORA.xml
index d0b98773603b..4404f08662a4 100644
--- a/src/chrome/content/rules/ORA.xml
+++ b/src/chrome/content/rules/ORA.xml
@@ -5,7 +5,7 @@ Fetch error: http://orafarm.com/ => https://orafarm.com/: Too many redirects whi
 Fetch error: http://www.orafarm.com/ => https://www.orafarm.com/: Too many redirects while fetching 'https://www.orafarm.com/'
 
 -->
-<ruleset name="ORA" default_off='failed ruleset test'>
+<ruleset name="ORA" default_off="failed ruleset test">
 
 	<target host="orafarm.com" />
 	<target host="www.orafarm.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.orafarm.com/ => https://www.orafarm.com/: Too many redir
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ORF.at.xml b/src/chrome/content/rules/ORF.at.xml
index 376e2f6fb70e..a70413afa08e 100644
--- a/src/chrome/content/rules/ORF.at.xml
+++ b/src/chrome/content/rules/ORF.at.xml
@@ -23,7 +23,7 @@
 		- vorarlberg.orf.at
 		- voting.orf.at
 		- wien.orf.at
-		
+
 	Cert expired:
 		- oe3verkehr.orf.at
 		- content.orf.at
diff --git a/src/chrome/content/rules/OReilly-Media-mismatches.xml b/src/chrome/content/rules/OReilly-Media-mismatches.xml
deleted file mode 100644
index b016ef788699..000000000000
--- a/src/chrome/content/rules/OReilly-Media-mismatches.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For rules that are on by default, see OReilly-Media.xml.
-
--->
-<ruleset name="O’Reilly Media (mismatches)" default_off="mismatched">
-
-	<target host="akamaicovers.oreilly.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OReilly-Media.xml b/src/chrome/content/rules/OReilly-Media.xml
deleted file mode 100644
index 8a0a6eeb347b..000000000000
--- a/src/chrome/content/rules/OReilly-Media.xml
+++ /dev/null
@@ -1,60 +0,0 @@
-<!--
-	For problematic rules, see OReilly-Media-mismatches.xml.
-
-
-	Nonfunctional subdomains:
-
-		- answers ¹
-		- radar ²
-
-	¹ http reply
-	² Dropped
-
-
-	Partially covered subdomains:
-
-		- examples *
-
-	* At least some paths 404
-
-
-	Problematic subdomains:
-
-		- akamaicovers *
-
-	* Works, akamai
-
-
-	These altnames don't exist:
-
-		- www.examples.oreilly.com
-		- www.members.oreilly.com
-
--->
-<ruleset name="O’Reilly Media (partial)">
-
-	<target host="examples.oreilly.com" />
-	<target host="members.oreilly.com" />
-	<target host="shop.oreilly.com" />
-	<target host="cdn.oreillystatic.com" />
-		<!--exclusion pattern="^http://(answers|radar)\.oreilly\.com/" /-->
-		<!--
-			404s:
-				-->
-		<!--exclusion pattern="^http://examples\.oreilly\.com/\d+/" /-->
-		<!--
-			Exclusions:
-					-->
-		<exclusion pattern="^http://examples\.oreilly\.com/+(?!$)" />
-		<exclusion pattern="^http://shop\.oreilly\.com/(?!images/|includes/|mod/|text/)" />
-	
-
-
-	<!--	This was breaking the O'Reilly shopping cart...
-								-->
-	<!--securecookie host="^shop\.oreilly\.com$" name=".+" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OReilly.com.xml b/src/chrome/content/rules/OReilly.com.xml
new file mode 100644
index 000000000000..e98f96959caf
--- /dev/null
+++ b/src/chrome/content/rules/OReilly.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Different content HTTP/HTTPS:
+		answers.oreilley.com
+		bookworm.oreilly.com
+
+	Secure connection failed:
+		radar.oreilley.com
+
+	Redirect to http:
+		shop.oreilly.com
+
+-->
+<ruleset name="OReilly.com (partial)">
+
+	<target host="oreilly.com" />
+	<target host="www.oreilly.com" />
+	<target host="akamaicovers.oreilly.com" />
+	<target host="cdn.oreillystatic.com" />
+	<target host="examples.oreilly.com" />
+	<target host="members.oreilly.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OSChina.net.xml b/src/chrome/content/rules/OSChina.net.xml
index a4f777835594..ba21e54bddac 100644
--- a/src/chrome/content/rules/OSChina.net.xml
+++ b/src/chrome/content/rules/OSChina.net.xml
@@ -1,33 +1,15 @@
-<!--
-	Note: Fetch tests may time out.
-
-	Different http/https content: https mode show https://git.oschina.net/
-		tool.oschina.net
-		tools.oschina.net
-
-	MCB:
-		^oschina.net
-
-	Mixed content:
-		- Images on ^, job, my from static.oschina.net ˢ
-	ᵃ Secured by us
--->
-
-<ruleset name="OSChina.net (partial)">
-
+<ruleset name="OSChina.net">
 	<target host="oschina.net" />
-	<rule from="^http://oschina\.net/" to="https://www.oschina.net/" />
-
 	<target host="www.oschina.net" />
 	<target host="city.oschina.net" />
 	<target host="git.oschina.net" />
-	<target host="gravatar.oschina.net" />
 	<target host="job.oschina.net" />
 	<target host="m.oschina.net" />
 	<target host="my.oschina.net" />
-	<target host="sonar.oschina.net" />
 	<target host="static.oschina.net" />
 	<target host="team.oschina.net" />
+	<target host="tool.oschina.net" />
+	<target host="tools.oschina.net" />
 	<target host="zb.oschina.net" />
 
 	<securecookie host=".+" name=".+" />
diff --git a/src/chrome/content/rules/OSDC.com.au.xml b/src/chrome/content/rules/OSDC.com.au.xml
index c2b01ac1111a..8ff15ffdb951 100644
--- a/src/chrome/content/rules/OSDC.com.au.xml
+++ b/src/chrome/content/rules/OSDC.com.au.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.osdc.com.au/ => https://2015.osdc.com.au/: (60, 'SSL cer
 		- 2015.osdc.com.au
 
 -->
-<ruleset name="OSDC.com.au" default_off='failed ruleset test'>
+<ruleset name="OSDC.com.au" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OSDir.com.xml b/src/chrome/content/rules/OSDir.com.xml
deleted file mode 100644
index fcf242741935..000000000000
--- a/src/chrome/content/rules/OSDir.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from $self *
-
-		- Ads/bugs, from:
-
-			- www.google.com *
-			- partner.googleadservices.com *
-
-	* Secured by us
-
--->
-<ruleset name="OSDir.com">
-
-	<target host="osdir.com" />
-	<target host="www.osdir.com" />
-
-
-	<securecookie host="^\.osdir\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OSGeo.org.xml b/src/chrome/content/rules/OSGeo.org.xml
index dba4aedda82e..450f71b365b5 100644
--- a/src/chrome/content/rules/OSGeo.org.xml
+++ b/src/chrome/content/rules/OSGeo.org.xml
@@ -1,108 +1,79 @@
 <!--
-	Nonfunctional hosts in *osgeo.org:
-
-		- download ¹
-		- geos ²
-
-	¹ Plaintext reply
-	² Shows grass.osgeo.org
-
-
-	Problematic hosts in *osgeo.org:
-
-		- osgeo4w *
-
-	* Redirects to http
-
-
-	(www.)?osgeo.org: Some pages redirect to http
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .osgeo.org
-		- .fdo.osgeo.org
-		- grass.osgeo.org
-		- live.osgeo.org
-		- planet.osgeo.org
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- fdo from $self *
-			- live, planet from www.osgeo.org *
-			- trac from www.openlayers.org
-
-	* Secured by us
-
+	Invalid certificate:
+		de.osgeo.org
+		gallery.osgeo.org
+		grassold.osgeo.org
+		journal2.osgeo.org
+		mail.osgeo.org
+		orfeo-toolbox.osgeo.org
+		tilecache.osgeo.org
+		uk.osgeo.org
+
+	Different content HTTP/HTTPS:
+		downloads.osgeo.org
+		upload.osgeo.org
+
+	Refused:
+		geohealthcheck.osgeo.org
+		projects.mapbender.osgeo.org
+		oam.osgeo.org
+		docs.oam.osgeo.org
+
+	Time out:
+		mapguidebeta.osgeo.org
+		mapserver.osgeo.org
+		openid.osgeo.org
+
+	Redirect to HTTP:
+		www2.osgeo.org
+
+	Expired:
+		osgeo.org
+		csmap.osgeo.org
+		edu.osgeo.org
+		es.osgeo.org
+		fr.osgeo.org
+		geodata.osgeo.org
+		geotools.osgeo.org
+		gvsig.osgeo.org
+		incubator.osgeo.org
+		jp.osgeo.org
+		mapguide.osgeo.org
+		mapguide2.osgeo.org
+		metacrs.osgeo.org
+		openlayers.osgeo.org
+		osgeo4w.osgeo.org
+		ossim.osgeo.org
+		proj.osgeo.org
+		quebec.osgeo.org
+		vienna2014.sprint.osgeo.org
+		wiki2.osgeo.org
+		staging2.www.osgeo.org
 -->
-<ruleset name="OSGeo.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="osgeo.org" />
+<ruleset name="OSGeo.org">
+	<target host="www.osgeo.org" />
+	<target host="download.osgeo.org" />
+	<target host="drone.osgeo.org" />
 	<target host="fdo.osgeo.org" />
+	<target host="fdo2.osgeo.org" />
+	<target host="geos.osgeo.org" />
+	<target host="geotiff.osgeo.org" />
+	<target host="git.osgeo.org" />
 	<target host="grass.osgeo.org" />
+	<target host="grasswiki.osgeo.org" />
+	<target host="id.osgeo.org" />
+	<target host="journal.osgeo.org" />
 	<target host="lists.osgeo.org" />
+	<target host="live.osgeo.org" />
+	<target host="mapbender.osgeo.org" />
+	<target host="mapbuilder.osgeo.org" />
 	<target host="planet.osgeo.org" />
 	<target host="svn.osgeo.org" />
 	<target host="trac.osgeo.org" />
 	<target host="wiki.osgeo.org" />
-	<target host="www.osgeo.org" />
-
-	<!--	Complications:
-				-->
-	<target host="osgeo4w.osgeo.org" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://(?:www\.)?osgeo\.org/home$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:www\.)?osgeo\.org/+(?!favicon\.ico|files/|images/|misc/|modules/|sites/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.osgeo.org/Membership" />
-			<test url="http://www.osgeo.org/contact" />
-			<test url="http://www.osgeo.org/content/faq/foundation_faq.html" />
-			<test url="http://www.osgeo.org/events/submit_events" />
-			<test url="http://www.osgeo.org/home" />
-			<test url="http://www.osgeo.org/library" />
-			<test url="http://www.osgeo.org/news" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.osgeo.org/favicon.ico" />
-			<test url="http://www.osgeo.org/images/br.png" />
-			<test url="http://www.osgeo.org/misc/feed.png" />
-			<test url="http://www.osgeo.org/modules/aggregator/aggregator.css" />
-			<test url="http://www.osgeo.org/sites/all/modules/event/images/ical16x16.gif" />
-
-		<test url="http://wiki.osgeo.org/favicon.ico" />
-		<test url="http://wiki.osgeo.org/index.php/Main_Page" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.osgeo\.org$" name="^SESS[\da-f]{32}$" /-->
-	<!--securecookie host="^\.fdo\.osgeo\.org$" name="^SESS[\da-f]{32}$" /-->
-	<!--securecookie host="^grass\.osgeo\.org$" name="^CMSSESSID[\da-f]{12}$" /-->
-	<!--securecookie host="^(?:live|planet)\.osgeo\.org$" name="^OJSSID$" /-->
-
-	<securecookie host="^\.fdo\.osgeo\.org$" name=".+" />
-	<securecookie host="^(?!www\.)\w" name=".+" />
-
-
-	<rule from="^http://osgeo4w\.osgeo\.org/[^?]*"
-		to="https://trac.osgeo.org/osgeo4w/" />
-
-		<test url="http://osgeo4w.osgeo.org/index.php" />
+	<target host="staging.www.osgeo.org" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OSI_Codes.xml b/src/chrome/content/rules/OSI_Codes.xml
index c5d8bd563948..1b78b115faa4 100644
--- a/src/chrome/content/rules/OSI_Codes.xml
+++ b/src/chrome/content/rules/OSI_Codes.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://osicodesinc.com/ => https://osicodesinc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'osicodesinc.com'")
 
 -->
-<ruleset name="OSI Codes" default_off='failed ruleset test'>
+<ruleset name="OSI Codes" default_off="failed ruleset test">
 
 	<target host="osicodesinc.com" />
 	<target host="www.osicodesinc.com" />
@@ -12,4 +12,4 @@ Fetch error: http://osicodesinc.com/ => https://osicodesinc.com/: (51, "SSL: no
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OSM_Group.xml b/src/chrome/content/rules/OSM_Group.xml
index 8b163908c07a..6783a2d11703 100644
--- a/src/chrome/content/rules/OSM_Group.xml
+++ b/src/chrome/content/rules/OSM_Group.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.osmglobal.com/ => https://www.osmglobal.com/: (35, 'erro
 		- ^	(mismatched, CN: sip.osmglobal.com)
 
 -->
-<ruleset name="OSM Group" default_off='failed ruleset test'>
+<ruleset name="OSM Group" default_off="failed ruleset test">
 
 	<target host="osmglobal.com" />
 	<target host="www.osmglobal.com" />
@@ -21,4 +21,4 @@ Fetch error: http://www.osmglobal.com/ => https://www.osmglobal.com/: (35, 'erro
 	<rule from="^http://(?:www\.)?osmglobal\.com/"
 		to="https://www.osmglobal.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OSR_Foundation.org-problematic.xml b/src/chrome/content/rules/OSR_Foundation.org-problematic.xml
index 3da4234a4bc0..4b2df931638c 100644
--- a/src/chrome/content/rules/OSR_Foundation.org-problematic.xml
+++ b/src/chrome/content/rules/OSR_Foundation.org-problematic.xml
@@ -1,5 +1,5 @@
 <!--
-	For rules that are on by default, see 
+	For rules that are on by default, see
 
 -->
 <ruleset name="OSR Foundation.org (expired)" default_off="expired">
diff --git a/src/chrome/content/rules/OSU.edu-falsemixed.xml b/src/chrome/content/rules/OSU.edu-falsemixed.xml
index 29362b0bc512..8c1912f9a71e 100644
--- a/src/chrome/content/rules/OSU.edu-falsemixed.xml
+++ b/src/chrome/content/rules/OSU.edu-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://footprint.osu.edu/ => https://footprint.osu.edu/: (51, "SSL:
 	For rules not causing false/broken MCB, see Ohio-State-University.xml.
 
 -->
-<ruleset name="OSU.edu (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="OSU.edu (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OSVDB.org.xml b/src/chrome/content/rules/OSVDB.org.xml
deleted file mode 100644
index 030f97264c8e..000000000000
--- a/src/chrome/content/rules/OSVDB.org.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="OSVDB.org (partial)">
-
-	<target host="osvdb.org" />
-	<target host="*.osvdb.org" />
-		<!--exclusion pattern="^http://(www\.)?osvdb\.org/($|\?|account/forgot_password|(privacy|search|show/osvdb/\d+|support|tos)($|[?/]))" /-->
-
-
-	<securecookie host="^\.osvdb\.org$" name="^__utm\w$" />
-
-
-	<!--	Redirects to http first:
-						-->
-	<rule from="^http://(www\.)?osvdb\.org/account/?(?:\?.*)$"
-		to="https://$1osvdb.org/account/login" />
-
-	<rule from="^http://(www\.)?osvdb\.org/(account/(?:login|signup)(?:$|\?)|images/|javascripts/|stylesheets/)"
-		to="https://$1osvdb.org/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OSWash.org.xml b/src/chrome/content/rules/OSWash.org.xml
deleted file mode 100644
index 2870e9e66a23..000000000000
--- a/src/chrome/content/rules/OSWash.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="OS Wash.org">
-
-	<target host="oswash.org" />
-	<target host="www.oswash.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OS_Systems.xml b/src/chrome/content/rules/OS_Systems.xml
index bf1fb672c293..85d3a3898ae2 100644
--- a/src/chrome/content/rules/OS_Systems.xml
+++ b/src/chrome/content/rules/OS_Systems.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OU.edu.xml b/src/chrome/content/rules/OU.edu.xml
index ded9bc3c4f4e..1f5b3a21689c 100644
--- a/src/chrome/content/rules/OU.edu.xml
+++ b/src/chrome/content/rules/OU.edu.xml
@@ -1,82 +1,35 @@
 <!--
-	University of Oklahoma
-
-
-	Nonfunctional subdomains:
-
-		- tulsa *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- account ²
-		- checksheets ²
-		- financialaid ²
-		- forms ²
-		- www.hr ³
-		- learn ²
-		- ozone ²
-		- www ²
-
-	¹ Dropped
-	² Configured for rc4 only
-	³ Cert only matches *.ou.edu
-
-
-	Fully covered subdomains:
-
-		- (www.)	(^ → www)
-		- account
-		- checksheets
-		- financialaid
-		- forms
-		- (www.)hr	(www → ^)
-		- apps.hr
-		- janux
-		- jobs
-		- learn
-		- market
-		- ozone
-		- platform
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- tulsa.ou.edu
+
+		SSL peer certificate was not OK:
+		- forms.ou.edu
+		- heapofbirds.ou.edu
+		- platform.ou.edu
 -->
 <ruleset name="OU.edu (partial)">
-
-	<target host="*.ou.edu" />
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^\.ou\.edu$" name="^fos\.secure\.web\.server$" /-->
-	<!--securecookie host="^exchange\.ou\.edu$" name="^OutlookSession$" /-->
-	<!--securecookie host="^\.?janux\.ou\.edu$" name="^nti\.auth_tkt$" /-->
-	<!--securecookie host="^jobs\.ou\.edu$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^market\.ou\.edu$" name="^JSESSIONID$" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^\.ou\.edu$" name="^(fos\.web\.server|runId)$" /-->
-	<!--securecookie host="^account\.ou\.edu$" name="^__RequestVerificationToken$" /-->
-	<!--securecookie host="^benefitsenrollment\.ou\.edu$" name="^BIGipServerpool_campusweb$" /-->
-	<!--securecookie host="^hr\.ou\.edu$" name="^(ASPSESSIONID\d+|BIGipServerpool_campusweb)$" /-->
-	<!--securecookie host="^apps\.hr\.ou\.edu$" name="^(ASP\.NET_SessionId|BIGipServerdch-hrweb)$" /-->
-	<!--securecookie host="^janux\.ou\.edu$" name="^username$" /-->
-	<!--securecookie host="^ozone\.ou\.edu$" name="^(JSESSIONID|UserAgentId|cookies)$" /-->
-
-	<securecookie host="^(?:account|hr|apps\.hr|janux|ozone)\.ou\.edu$" name=".+" />
-
-
-
-	<rule from="^http://(?:www\.)?ou\.edu/"
-		to="https://www.ou.edu/" />
-
-	<rule from="^http://(account|benefitsenrollment|checksheets|financialaid|forms|apps\.hr|janux|jobs|learn|market|ozone|platform)\.ou\.edu/"
-		to="https://$1.ou.edu/" />
-
-	<rule from="^http://(?:www\.)?hr\.ou\.edu/"
-		to="https://hr.ou.edu/" />
-
+	<target host="ou.edu" />
+	<target host="www.ou.edu" />
+	<target host="account.ou.edu" />
+	<target host="benefitsenrollment.ou.edu" />
+	<target host="canvas.ou.edu" />
+	<target host="cceit.ou.edu" />
+	<target host="checksheets.ou.edu" />
+	<target host="financialaid.ou.edu" />
+	<target host="guides.ou.edu" />
+	<target host="hr.ou.edu" />
+	<target host="apps.hr.ou.edu" />
+	<target host="www.hr.ou.edu" />
+	<target host="janux.ou.edu" />
+	<target host="jobs.ou.edu" />
+	<target host="learn.ou.edu" />
+	<target host="market.ou.edu" />
+	<target host="meteorology.ou.edu" />
+	<target host="ozone.ou.edu" />
+	<target host="sso.ou.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OUYA.xml b/src/chrome/content/rules/OUYA.xml
deleted file mode 100644
index a0ad96bd362d..000000000000
--- a/src/chrome/content/rules/OUYA.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="OUYA (partial)">
-
-	<target host="ouya.tv" />
-	<target host="*.ouya.tv" />
-		<exclusion pattern="^http://(?:www\.)?ouya\.tv/(?!favicon\.ico|wp-content/)" />
-
-
-	<securecookie host="^devs\.ouya\.tv$" name=".+" />
-
-
-	<rule from="^http://(devs\.|www\.)?ouya\.tv/"
-		to="https://$1ouya.tv/" />
-
-	<rule from="^http://shop\.ouya\.tv/"
-		to="https://ouya.myshopify.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OVH.us.xml b/src/chrome/content/rules/OVH.us.xml
index 2a0321bd6b4f..7be032785227 100644
--- a/src/chrome/content/rules/OVH.us.xml
+++ b/src/chrome/content/rules/OVH.us.xml
@@ -14,7 +14,7 @@ Fetch error: http://forum.ovh.us/ => https://forum.ovh.us/: (60, 'SSL certificat
 		- forum.ovh.us
 
 -->
-<ruleset name="OVH.us" default_off='failed ruleset test'>
+<ruleset name="OVH.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OVPN.xml b/src/chrome/content/rules/OVPN.xml
index 105b9d7ab43e..066143b09282 100644
--- a/src/chrome/content/rules/OVPN.xml
+++ b/src/chrome/content/rules/OVPN.xml
@@ -10,7 +10,7 @@
 			- board
 			- cp
 				-->
-	<securecookie host="^.*\.ovpn\.to$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Observed subdomains:
diff --git a/src/chrome/content/rules/OVirt.org.xml b/src/chrome/content/rules/OVirt.org.xml
deleted file mode 100644
index 299854bf9e0a..000000000000
--- a/src/chrome/content/rules/OVirt.org.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.ovirt.org/ => https://www.ovirt.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://ovirt.org/ => https://www.ovirt.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	For other Red Hat coverage, see Red_Hat.xml.
-
-
-	^ovirt.org: Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.ovirt.org
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="oVirt.org" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.ovirt.org" />
-
-	<!--	Complications:
-				-->
-	<target host="ovirt.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.ovirt\.org$" name="^openshift_mediawiki_mw__session$" /-->
-
-	<securecookie host="^www\.ovirt\.org$" name=".+" />
-
-
-	<rule from="^http://ovirt\.org/"
-		to="https://www.ovirt.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml b/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml
index 91c22d8e981d..a2467ac1040d 100644
--- a/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml
+++ b/src/chrome/content/rules/Oak-Ridge-National-Laboratory.xml
@@ -158,7 +158,7 @@ Fetch error: http://sustainability-ornl.org/ => https://sustainability-ornl.org/
 	ˢ Secured by us
 
 -->
-<ruleset name="ORNL.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="ORNL.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Oaklandish.xml b/src/chrome/content/rules/Oaklandish.xml
index ddbb6097e5af..c4b8e0b35672 100644
--- a/src/chrome/content/rules/Oaklandish.xml
+++ b/src/chrome/content/rules/Oaklandish.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ObDev.at.xml b/src/chrome/content/rules/ObDev.at.xml
index f0f80a5ede09..edb41b172b34 100644
--- a/src/chrome/content/rules/ObDev.at.xml
+++ b/src/chrome/content/rules/ObDev.at.xml
@@ -21,7 +21,7 @@
 	<!--securecookie host="^(?:www\.)?obdev\.at$" name="^ODSessionID$" /-->
 	<!--securecookie host="^\.forums\.obdev\.at$" name="^phpbb3_\w+_(?:k|sid|u)$" /-->
 
-	<securecookie host="^(?:.+\.)?obdev\.at$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Oberlin_College.xml b/src/chrome/content/rules/Oberlin_College.xml
index 4ad1d87092c2..a66cb7371f66 100644
--- a/src/chrome/content/rules/Oberlin_College.xml
+++ b/src/chrome/content/rules/Oberlin_College.xml
@@ -34,18 +34,24 @@ Fetch error: http://oncampus.csr.oberlin.edu/ => https://oncampus.csr.oberlin.ed
 		- oncampus
 
 -->
-<ruleset name="Oberlin College (partial)" default_off='failed ruleset test'>
+<ruleset name="Oberlin College (partial)" default_off="failed ruleset test">
 
-	<target host="*.oberlin.edu" />
+	<target host="blackboard.oberlin.edu" />
+	<target host="classifieds.oberlin.edu" />
+	<target host="new.oberlin.edu" />
+	<target host="oncampus.oberlin.edu" />
+	<target host="oncampus.csr.oberlin.edu" />
+	<target host="cs.oberlin.edu" />
+	<target host="occs.cs.oberlin.edu" />
+	<target host="www.cs.oberlin.edu" />
 
 
-	<securecookie host="^.+\.oberlin\.edu$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(blackboard|classifieds|new|oncampus(?:\.csr)?)\.oberlin\.edu/"
-		to="https://$1.oberlin.edu/" />
 
 	<rule from="^http://(?:occs\.|www\.)?cs\.oberlin\.edu/"
 		to="https://occs.cs.oberlin.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OboeInsight.com.xml b/src/chrome/content/rules/OboeInsight.com.xml
new file mode 100644
index 000000000000..71bfb1f9c856
--- /dev/null
+++ b/src/chrome/content/rules/OboeInsight.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Active mixed content:
+		- www.oboeinsight.com
+
+	Invalid certificate:
+		- oboeinsight.com, equivalent to www.oboeinsight.com
+-->
+
+<ruleset name="OboeInsight.com" platform="mixedcontent">
+	<target host="oboeinsight.com" />
+	<target host="www.oboeinsight.com" />
+
+	<rule from="^http://oboeinsight\.com/"
+		to="https://www.oboeinsight.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ObsPol.be.xml b/src/chrome/content/rules/ObsPol.be.xml
new file mode 100644
index 000000000000..759538e61f62
--- /dev/null
+++ b/src/chrome/content/rules/ObsPol.be.xml
@@ -0,0 +1,10 @@
+<ruleset name="ObsPol.be">
+
+	<target host="obspol.be" />
+	<target host="www.obspol.be" />
+	<target host="archives.obspol.be" />
+	<target host="controles.obspol.be" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Occupywallst.org.xml b/src/chrome/content/rules/Occupywallst.org.xml
deleted file mode 100644
index a30e7ce490bf..000000000000
--- a/src/chrome/content/rules/Occupywallst.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!--
-	www: Handshake fails
-
--->
-<ruleset name="Occupywallst.org">
-  <target host="occupywallst.org" />
-  <target host="www.occupywallst.org" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OceaniaBedCollection.com.xml b/src/chrome/content/rules/OceaniaBedCollection.com.xml
new file mode 100644
index 000000000000..e82772487281
--- /dev/null
+++ b/src/chrome/content/rules/OceaniaBedCollection.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="OceaniaBedCollection.com">
+	<target host="oceaniabedcollection.com" />
+	<target host="www.oceaniabedcollection.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OceaniaCruises.com.xml b/src/chrome/content/rules/OceaniaCruises.com.xml
new file mode 100644
index 000000000000..0aef6c30f203
--- /dev/null
+++ b/src/chrome/content/rules/OceaniaCruises.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		- discover.oceaniacruises.com
+		- l.discover.oceaniacruises.com, = https://rts.eccmp.com/
+		- i.discover-intl.oceaniacruises.com
+		- l.discover-intl.oceaniacruises.com, = https://rts.eccmp.com/
+		- x.discover-intl.oceaniacruises.com, = https://rts.eccmp.com/
+		- metrics.oceaniacruises.com
+-->
+
+<ruleset name="OceaniaCruises.com">
+	<target host="www.oceaniacruises.com" />
+	<target host="assistivesite.oceaniacruises.com" />
+	<target host="brochures.oceaniacruises.com" />
+	<target host="cn.oceaniacruises.com" />
+	<target host="de.oceaniacruises.com" />
+	<target host="l.discover.oceaniacruises.com" />
+	<target host="l.discover-intl.oceaniacruises.com" />
+	<target host="x.discover-intl.oceaniacruises.com" />
+	<target host="dr.oceaniacruises.com" />
+	<target host="es.oceaniacruises.com" />
+	<target host="experience.oceaniacruises.com" />
+	<target host="explore.oceaniacruises.com" />
+	<target host="fr.oceaniacruises.com" />
+	<target host="explore.intl.oceaniacruises.com" />
+	<target host="jp.oceaniacruises.com" />
+	<target host="preprod.oceaniacruises.com" />
+	<target host="pt.oceaniacruises.com" />
+	<target host="qa-assistivesite.oceaniacruises.com" />
+	<target host="qa1.oceaniacruises.com" />
+	<target host="qa2.oceaniacruises.com" />
+	<target host="smetrics.oceaniacruises.com" />
+	<target host="value.oceaniacruises.com" />
+
+	<rule from="^http://(l|x)\.discover(-intl)?\.oceaniacruises\.com/"
+		to="https://rts.eccmp.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Octopoos.com.xml b/src/chrome/content/rules/Octopoos.com.xml
deleted file mode 100644
index c9c2f408c807..000000000000
--- a/src/chrome/content/rules/Octopoos.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Octopoos.com">
-	<target host="octopoos.com" />	
-	<target host="www.octopoos.com" />
-
-	<securecookie host="^www\.octopoos\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Octopuspop.com.xml b/src/chrome/content/rules/Octopuspop.com.xml
index 1e5743c8c6c5..b86db8b85558 100644
--- a/src/chrome/content/rules/Octopuspop.com.xml
+++ b/src/chrome/content/rules/Octopuspop.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://kuki.js.test.octopuspop.com/ => https://kuki.js.test.octopus
 	²: Invalid certificate
 
 -->
-<ruleset name="octopuspop.com" default_off='failed ruleset test'>
+<ruleset name="octopuspop.com" default_off="failed ruleset test">
 
 	<target host="octopuspop.com" />
 	<target host="www.octopuspop.com" />
diff --git a/src/chrome/content/rules/Oculu.com.xml b/src/chrome/content/rules/Oculu.com.xml
index fd8f1704c14b..53e4dc5c1051 100644
--- a/src/chrome/content/rules/Oculu.com.xml
+++ b/src/chrome/content/rules/Oculu.com.xml
@@ -34,7 +34,8 @@
 <ruleset name="Oculu.com (partial)">
 
 	<target host="oculu.com" />
-	<target host="*.oculu.com" />
+	<target host="www.oculu.com" />
+	<target host="zinc.oculu.com" />
 
 
 	<securecookie host="^(?:www\.)?oculu\.com$" name=".+" />
@@ -43,4 +44,4 @@
 	<rule from="^http://(?:(www\.)|zinc\.)?oculu\.com/"
 		to="https://$1oculu.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Oculus.com.xml b/src/chrome/content/rules/Oculus.com.xml
deleted file mode 100644
index 2bfc4d863376..000000000000
--- a/src/chrome/content/rules/Oculus.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://answers.oculus.com/ => https://answers.oculus.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://storystudio.oculus.com/ => https://storystudio.oculus.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www1.oculus.com/ => https://www1.oculus.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://oculus.com/ => https://oculus.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	CDN buckets:
-
-		- s3.amazonaws.com/static.oculus.com/
-		- dbvc4uanumi2d.cloudfront.net
-	
-
-	STS header includes includeSubdomains
-
--->
-<ruleset name="Oculus.com" default_off='failed ruleset test'>
-
-	<target host="oculus.com" />
-	<target host="*.oculus.com" />
-
-		<test url="http://answers.oculus.com/" />
-		<test url="http://static.oculus.com/" />
-		<test url="http://developer.oculus.com/" />
-		<test url="http://static.oculus.com/" />
-		<test url="http://storystudio.oculus.com/" />
-		<test url="http://www.oculus.com/" />
-		<test url="http://www1.oculus.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OculusVR.com.xml b/src/chrome/content/rules/OculusVR.com.xml
new file mode 100644
index 000000000000..bd9b0c819d2a
--- /dev/null
+++ b/src/chrome/content/rules/OculusVR.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="OculusVR.com">
+	<target host="oculusvr.com" />
+	<target host="www.oculusvr.com" />
+	<target host="answers.oculusvr.com" />
+	<target host="careers.oculusvr.com" />
+	<target host="developer.oculusvr.com" />
+	<target host="forums.oculusvr.com" />
+	<target host="live.oculusvr.com" />
+	<target host="share.oculusvr.com" />
+	<target host="static.oculusvr.com" />
+	<target host="storystudio.oculusvr.com" />
+	<target host="support.oculusvr.com" />
+	<target host="tickets.oculusvr.com" />
+	<target host="www1.oculusvr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oculus_VR.xml b/src/chrome/content/rules/Oculus_VR.xml
deleted file mode 100644
index 85a588373468..000000000000
--- a/src/chrome/content/rules/Oculus_VR.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://oculusvr.com/ => https://oculusvr.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://careers.oculusvr.com/ => https://careers.oculusvr.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://share.oculusvr.com/ => https://share.oculusvr.com/: (6, 'Could not resolve host: share.oculusvr.com')
-Fetch error: http://www.oculusvr.com/ => https://www.oculusvr.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	CDN buckets:
-
-		- s3.amazonaws.com/static.oculus.com/
-		- d11g5bl75h7gks.cloudfront.net
-
-
-	Problematic hosts in *oculusvr.com:
-
-		- answers ¹
-		- forums ¹
-		- static ²
-		- storystudio ¹
-		- www1 ¹
-
-	¹ Shows www1.oculus.com
-	² Cloudfront/mismatched
-
--->
-<ruleset name="Oculus VR" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="oculusvr.com" />
-	<target host="careers.oculusvr.com" />
-	<target host="developer.oculusvr.com" />
-	<target host="share.oculusvr.com" />
-	<target host="www.oculusvr.com" />
-
-	<!--	Complications:
-				-->
-	<target host="answers.oculusvr.com" />
-	<target host="forums.oculusvr.com" />
-	<target host="static.oculusvr.com" />
-	<target host="storystudio.oculusvr.com" />
-	<target host="www1.oculusvr.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://(?:answers|forums|storystudio|www1)\.oculusvr\.com/+"
-		to="https://www.oculus.com/" />
-
-	<rule from="^http://static\.oculusvr\.com/"
-		to="https://d11g5bl75h7gks.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Odesk.by.xml b/src/chrome/content/rules/Odesk.by.xml
index 4274960558da..b6f2b2cc98a7 100644
--- a/src/chrome/content/rules/Odesk.by.xml
+++ b/src/chrome/content/rules/Odesk.by.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.odesk.by/ => https://odesk.by/: (7, 'Failed to connect t
 	www: mismatched
 
 -->
-<ruleset name="odesk.by" default_off='failed ruleset test'>
+<ruleset name="odesk.by" default_off="failed ruleset test">
 
 	<target host="odesk.by" />
 	<target host="www.odesk.by" />
diff --git a/src/chrome/content/rules/Odoo.com.xml b/src/chrome/content/rules/Odoo.com.xml
index 72d8ef9c6a54..f99c32c72ba5 100644
--- a/src/chrome/content/rules/Odoo.com.xml
+++ b/src/chrome/content/rules/Odoo.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://demo1.odoo.com/ => https://demo1.odoo.com/: (60, 'SSL certif
 		- www.odoo.com
 
 -->
-<ruleset name="Odoo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Odoo.com (partial)" default_off="failed ruleset test">
 
 	<target host="odoo.com" />
 	<target host="demo.odoo.com" />
diff --git a/src/chrome/content/rules/Offensive_Bits.com.xml b/src/chrome/content/rules/Offensive_Bits.com.xml
index c8c4ff1e218e..fcf2c2df14c7 100644
--- a/src/chrome/content/rules/Offensive_Bits.com.xml
+++ b/src/chrome/content/rules/Offensive_Bits.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://offensivebits.com/ => https://offensivebits.com/: (28, 'Conn
 Fetch error: http://www.offensivebits.com/ => https://www.offensivebits.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Offensive Bits.com" default_off='failed ruleset test'>
+<ruleset name="Offensive Bits.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Offerpop.com.xml b/src/chrome/content/rules/Offerpop.com.xml
index 162915c9fb70..f31556fbca9d 100644
--- a/src/chrome/content/rules/Offerpop.com.xml
+++ b/src/chrome/content/rules/Offerpop.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://images.offerpop.com/ => https://d3nxc88n0lpo37.cloudfront.ne
 		- community.offerpop.com
 
 -->
-<ruleset name="Offerpop.com" default_off='failed ruleset test'>
+<ruleset name="Offerpop.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Offers_CDN.net.xml b/src/chrome/content/rules/Offers_CDN.net.xml
deleted file mode 100644
index 5c93bc469433..000000000000
--- a/src/chrome/content/rules/Offers_CDN.net.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3uc8eo6m5ta05.cloudfront.net
-
-			- 0.i
-
--->
-<ruleset name="Offers CDN.net">
-
-	<target host="*.offerscdn.net" />
-
-
-	<rule from="^http://assets\.offerscdn\.net/"
-		to="https://assets.offerscdn.net/" />
-
-	<rule from="^http://0\.i\.offerscdn\.net/"
-		to="https://d3uc8eo6m5ta05.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml b/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml
index 8011e98022e3..5f912d29174a 100644
--- a/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml
+++ b/src/chrome/content/rules/Office-of-the-Commissioner-of-Lobbying-of-Canada.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ocl-cal.gc.ca/ => https://ocl-cal.gc.ca/eic/site/012.nsf/Intro: (51, "SSL: no alternative certificate subject name matches target host name 'ocl-cal.gc.ca'")
 
 -->
-<ruleset name="Office of the Commissioner of Lobbying of Canada" default_off='failed ruleset test'>
+<ruleset name="Office of the Commissioner of Lobbying of Canada" default_off="failed ruleset test">
 
 	<target host="ocl-cal.gc.ca" />
 
diff --git a/src/chrome/content/rules/Office.co.uk.xml b/src/chrome/content/rules/Office.co.uk.xml
index d18abf9ce11f..1cc1baa2ca3c 100644
--- a/src/chrome/content/rules/Office.co.uk.xml
+++ b/src/chrome/content/rules/Office.co.uk.xml
@@ -6,7 +6,7 @@ Fetch error: http://media.office.co.uk/ => https://media.office.co.uk/: Too many
 	^office.co.uk: Dropped
 
 -->
-<ruleset name="Office.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Office.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OfficeLeaks.com.xml b/src/chrome/content/rules/OfficeLeaks.com.xml
index 380f84a96a62..216b8e5e03ef 100644
--- a/src/chrome/content/rules/OfficeLeaks.com.xml
+++ b/src/chrome/content/rules/OfficeLeaks.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://secure.officeleaks.com/ => https://secure.officeleaks.com/:
 	www: Redirects to http
 
 -->
-<ruleset name="OfficeLeaks.com (partial)" default_off='failed ruleset test'>
+<ruleset name="OfficeLeaks.com (partial)" default_off="failed ruleset test">
 
 	<target host="secure.officeleaks.com" />
 
diff --git a/src/chrome/content/rules/Office_Depot.xml b/src/chrome/content/rules/Office_Depot.xml
index 1dbba6a29e76..9b4be5b34a92 100644
--- a/src/chrome/content/rules/Office_Depot.xml
+++ b/src/chrome/content/rules/Office_Depot.xml
@@ -59,4 +59,4 @@
 	<rule from="^http://www18\.officedepot\.com/"
 		to="https://www18.officedepot.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OfficeofNationalAssessments.xml b/src/chrome/content/rules/OfficeofNationalAssessments.xml
deleted file mode 100644
index e8351d6a6158..000000000000
--- a/src/chrome/content/rules/OfficeofNationalAssessments.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Office of National Assessments">
-	<target host="ona.gov.au" />
-	<target host="*.ona.gov.au" />
-
-	<rule from="^http://(?:www\.)?ona\.gov\.au/"
-		to="https://www.ona.gov.au/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml b/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml
index a544b7d21770..6b06f343957f 100644
--- a/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml
+++ b/src/chrome/content/rules/OfficeofParliamentaryCounsel.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://opc.gov.au/ => https://www.opc.gov.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Office of Parliamentary Counsel" default_off='failed ruleset test'>
+<ruleset name="Office of Parliamentary Counsel" default_off="failed ruleset test">
 	<target host="opc.gov.au" />
-	<target host="*.opc.gov.au" />
+	<target host="www.opc.gov.au" />
 
 	<rule from="^http://(?:www\.)?opc\.gov\.au/"
 		to="https://www.opc.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml b/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml
index 8d8fc67b7ef5..d889d827e975 100644
--- a/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml
+++ b/src/chrome/content/rules/OfficeoftheMigrationAgentsRegistrationAuthority.xml
@@ -1,7 +1,7 @@
 <ruleset name="Office of the Migration Agents Registration Authority">
 	<target host="mara.gov.au" />
-	<target host="*.mara.gov.au" />
+	<target host="www.mara.gov.au" />
 
 	<rule from="^http://(?:www\.)?mara\.gov\.au/"
 		to="https://www.mara.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Officer_Down_Memorial_Page.xml b/src/chrome/content/rules/Officer_Down_Memorial_Page.xml
index 83fc403d5e9f..de88ca6d4834 100644
--- a/src/chrome/content/rules/Officer_Down_Memorial_Page.xml
+++ b/src/chrome/content/rules/Officer_Down_Memorial_Page.xml
@@ -14,7 +14,8 @@
 <ruleset name="Officer Down Memorial Page (partial)">
 
 	<target host="odmp.org" />
-	<target host="*.odmp.org" />
+	<target host="www.odmp.org" />
+	<target host="store.odmp.org" />
 
 
 	<securecookie host="^(?:www)?\.odmp\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Officeworks.com.au.xml b/src/chrome/content/rules/Officeworks.com.au.xml
new file mode 100644
index 000000000000..88a0388e806f
--- /dev/null
+++ b/src/chrome/content/rules/Officeworks.com.au.xml
@@ -0,0 +1,70 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- autodiscover	(r)
+		- av	(t)
+		- blog	(m)
+		- careers	(m)
+		- catalogues	(m)
+		- forestsurvey	(SSL connection error)
+		- uat.forestsurvey	(SSL connection error)
+		- isc	(t)
+		- lyncwebs	(t)
+		- m	(m)
+		- origin1	(m)
+		- ovtrnexpe001	(t)
+		- (www.)photos	(t)
+		- pimtest	(t)
+		- print	(t)
+		- t.service	(m)
+		- ugc	(m)
+		- vpn	(t)
+		- webconf	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Officeworks">
+
+	<target host="officeworks.com.au" />
+	<target host="www.officeworks.com.au" />
+	<target host="api.officeworks.com.au" />
+	<target host="as2test.officeworks.com.au" />
+	<target host="t.comms.officeworks.com.au" />
+	<target host="disney.officeworks.com.au" />
+	<target host="edi.officeworks.com.au" />
+	<target host="enterpriseregistration.officeworks.com.au" />
+	<target host="idfed.officeworks.com.au" />
+	<target host="jabber.officeworks.com.au" />
+	<target host="mail.officeworks.com.au" />
+	<target host="onet.officeworks.com.au" />
+	<target host="onet-admin.officeworks.com.au" />
+	<target host="ovtllasa001.officeworks.com.au" />
+	<target host="ovtllexpe001.officeworks.com.au" />
+	<target host="ovtllexpe002.officeworks.com.au" />
+	<target host="ovtrnasa001.officeworks.com.au" />
+	<target host="ovtrnexpe002.officeworks.com.au" />
+	<target host="owprod-bigidea.officeworks.com.au" />
+	<target host="pbsactivate.officeworks.com.au" />
+	<target host="pim.officeworks.com.au" />
+	<target host="printandcopy.officeworks.com.au" />
+		<test url="http://printandcopy.officeworks.com.au/OPSWebshopv2/flyers/create/create.seam?productname=place-cards&amp;isSecure=true" />
+	<target host="prod-b2b-azure.officeworks.com.au" />
+	<target host="sip.officeworks.com.au" />
+	<target host="suppliers.officeworks.com.au" />
+	<target host="training.officeworks.com.au" />
+	<target host="vpn2.officeworks.com.au" />
+	<target host="webaccess.officeworks.com.au" />
+	<target host="wsm.officeworks.com.au" />
+	<target host="www1.officeworks.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Officeworks.xml b/src/chrome/content/rules/Officeworks.xml
deleted file mode 100644
index df71f9c8ae15..000000000000
--- a/src/chrome/content/rules/Officeworks.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Officeworks.com.au">
-
-	<target host="officeworks.com.au" />
-	<target host="www.officeworks.com.au" />
-
-
-	<securecookie host="^(?:www\.)?officeworks.com.au$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Offlineimap.org.xml b/src/chrome/content/rules/Offlineimap.org.xml
new file mode 100644
index 000000000000..e5fe609fb55c
--- /dev/null
+++ b/src/chrome/content/rules/Offlineimap.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.offlineimap.org:
+		- offlineimap.org (m)
+		- docs.offlineimap.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Offlineimap.org">
+	<target host="offlineimap.org" />
+	<target host="www.offlineimap.org" />
+	<target host="imapfw.offlineimap.org" />
+	<target host="imapfwdoc.offlineimap.org" />
+
+	<rule from="^http://offlineimap\.org/" to="https://www.offlineimap.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ohio-State-University.xml b/src/chrome/content/rules/Ohio-State-University.xml
index adbaed328267..6d06fe575746 100644
--- a/src/chrome/content/rules/Ohio-State-University.xml
+++ b/src/chrome/content/rules/Ohio-State-University.xml
@@ -307,7 +307,7 @@ Fetch error: http://www.mansfield.osu.edu/ => https://www.mansfield.osu.edu/: (5
 	ˢ Secured by us
 
 -->
-<ruleset name="OSU.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="OSU.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ohio-State.edu.xml b/src/chrome/content/rules/Ohio-State.edu.xml
index 0e4061aeab6b..48346920ae92 100644
--- a/src/chrome/content/rules/Ohio-State.edu.xml
+++ b/src/chrome/content/rules/Ohio-State.edu.xml
@@ -86,7 +86,7 @@ Fetch error: http://newman.uts.ohio-state.edu/ => https://upem.it.ohio-state.edu
 		- css on www.gradsch from www.osu.edu * ˢ
 
 		- Images, on:
-		
+
 			- nucleus.con from silverlight.dlservice.microsoft.com
 			- nucleus.con from go2.microsoft.com
 			- studentweb.con from nursing.osu.edu ˢ
@@ -96,7 +96,7 @@ Fetch error: http://newman.uts.ohio-state.edu/ => https://upem.it.ohio-state.edu
 	ˢ Secured by us
 
 -->
-<ruleset name="Ohio-State.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Ohio-State.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OhioLINK.edu.xml b/src/chrome/content/rules/OhioLINK.edu.xml
index cc82773ddb8c..b9611168037f 100644
--- a/src/chrome/content/rules/OhioLINK.edu.xml
+++ b/src/chrome/content/rules/OhioLINK.edu.xml
@@ -31,7 +31,7 @@ Fetch error: http://proxy.ohiolink.edu/ => https://proxy.ohiolink.edu/: (7, 'Fai
 		- www.ohiolink.edu
 
 -->
-<ruleset name="OhioLINK.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="OhioLINK.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ohloh.xml b/src/chrome/content/rules/Ohloh.xml
deleted file mode 100644
index df421ea31ff8..000000000000
--- a/src/chrome/content/rules/Ohloh.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Ohloh">
-  <target host="ohloh.net" />
-  <target host="*.ohloh.net" />
-  <target host="ohloh.com" />
-  <target host="www.ohloh.com" />
-  <target host="ohloh.org" />
-  <target host="www.ohloh.org" />
-
-  <securecookie host="^(?:.+\.)?ohloh\.(?:net|com|org)$" name=".+" />
-
-  <rule from="^http://(?:www\.)?ohloh\.(?:net|com|org)/" to="https://www.ohloh.net/" />
-
-	<rule from="^http://meta\.ohloh\.net/"
-		to="https://meta.ohloh.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ohnward.com.xml b/src/chrome/content/rules/Ohnward.com.xml
index f4c5a0a9f770..ecb73fda46d5 100644
--- a/src/chrome/content/rules/Ohnward.com.xml
+++ b/src/chrome/content/rules/Ohnward.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://fas.ohnward.com/ => https://fas.ohnward.com/: (28, 'Connecti
 		- www.fas.ohnward.com
 
 -->
-<ruleset name="Ohnward.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ohnward.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ok.ru.xml b/src/chrome/content/rules/Ok.ru.xml
index c68db2b66908..a56f18995a42 100644
--- a/src/chrome/content/rules/Ok.ru.xml
+++ b/src/chrome/content/rules/Ok.ru.xml
@@ -6,15 +6,6 @@
 -->
 <ruleset name="Ok.ru">
 
-	<target host="ok.ru" />
-	<target host="www.ok.ru" />
-	<target host="api.ok.ru" />
-	<target host="connect.ok.ru" />
-	<target host="live.ok.ru" />
-	<target host="m.ok.ru" />
-	<target host="mobile.ok.ru" />
-	<target host="opros.ok.ru" />
-	<target host="v.ok.ru" />
 
 	<target host="apiok.ru" />
 	<target host="www.apiok.ru" />
diff --git a/src/chrome/content/rules/OkCimg.com.xml b/src/chrome/content/rules/OkCimg.com.xml
index 7577f3adce62..5150546df971 100644
--- a/src/chrome/content/rules/OkCimg.com.xml
+++ b/src/chrome/content/rules/OkCimg.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://ads.okcimg.com/ => https://ads.okcimg.com/: (28, 'Operation
 		- .okcimg.com
 
 -->
-<ruleset name="OkCimg.com (partial)" default_off='failed ruleset test'>
+<ruleset name="OkCimg.com (partial)" default_off="failed ruleset test">
 
 	<target host="ads.okcimg.com"/>
 	<!--	520, CloudFlare	-->
@@ -30,7 +30,7 @@ Fetch error: http://ads.okcimg.com/ => https://ads.okcimg.com/: (28, 'Operation
 
 	<!--	Not secured by server:
 					-->
-	<!--securecookie host="^\.okcimg\.com$" name="^(__cfuid|cf_clearance|guest)$" /-->
+	<!--securecookie host="^\.okcimg\.com$" name="^(cf_clearance|guest)$" /-->
 
 	<securecookie host="^\.okcimg\.com$" name=".+" />
 
diff --git a/src/chrome/content/rules/Okaz.com.sa.xml b/src/chrome/content/rules/Okaz.com.sa.xml
new file mode 100644
index 000000000000..78664b98be20
--- /dev/null
+++ b/src/chrome/content/rules/Okaz.com.sa.xml
@@ -0,0 +1,8 @@
+<ruleset name="Okaz.com.sa">
+	<target host="okaz.com.sa" />
+	<target host="www.okaz.com.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Okoun.cz.xml b/src/chrome/content/rules/Okoun.cz.xml
index 5280de9e2551..20548a066dcd 100644
--- a/src/chrome/content/rules/Okoun.cz.xml
+++ b/src/chrome/content/rules/Okoun.cz.xml
@@ -8,5 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-	<test url="http://www.okoun.cz/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Okta.com.xml b/src/chrome/content/rules/Okta.com.xml
index d6b1b2ca6c82..4f03efe73fd0 100644
--- a/src/chrome/content/rules/Okta.com.xml
+++ b/src/chrome/content/rules/Okta.com.xml
@@ -1,23 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://community.okta.com/ => https://community.okta.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
 	Nonfunctional subdomains:
 
-		- developer *
-
-	* Github
-
+		- ^ (cert-chain)
+		- community (cert-chain)
 
-	^: Handshake fails
 
 
 	Fully covered subdomains:
 
 		- (www.)?	(^ → www)
 		- advent-hub
-		- community
 		- support
 
 
@@ -29,12 +21,12 @@ Fetch error: http://community.okta.com/ => https://community.okta.com/: (60, 'SS
 		- www.okta.com
 
 -->
-<ruleset name="Okta.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Okta.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="advent-hub.okta.com" />
-	<target host="community.okta.com" />
+	<target host="developer.okta.com" />
 	<target host="support.okta.com" />
 	<target host="www.okta.com" />
 
@@ -42,16 +34,7 @@ Fetch error: http://community.okta.com/ => https://community.okta.com/: (60, 'SS
 				-->
 	<target host="okta.com" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--ecurecookie host="^advent-hub\.okta\.com$" name="^(JSESSIONID|sid|t)$" /-->
-	<!--ecurecookie host="^community\.okta\.com$" name="^(BIGipServer\w+-\d+-pool|JSESSIONID|jive\.login\.ts|jive\.security\.context)$" /-->
-	<!--ecurecookie host="^support\.okta\.com$" name="^apex__\w+SessionId$" /-->
-	<!--ecurecookie host="^www\.okta\.com$" name="^(ip2l|ret_okta_\w+_\w+)$" /-->
-
-	<securecookie host="^(?:advent-hub|community|support|www)\.okta\.com$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://okta\.com/"
 		to="https://www.okta.com/" />
diff --git a/src/chrome/content/rules/Olark.xml b/src/chrome/content/rules/Olark.xml
index d45413363ee2..838de8fba91d 100644
--- a/src/chrome/content/rules/Olark.xml
+++ b/src/chrome/content/rules/Olark.xml
@@ -31,7 +31,7 @@
 					-->
 	<!--securecookie host="^www\.olark\.com$" name="^analytics_user_id$" /-->
 
-	<securecookie host="^(?:.+\.)?olark\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://((?:assets|chat2?|dyn|static|\w+-async|testcdn|www)\.)?olark\.com/"
diff --git a/src/chrome/content/rules/OldUnreal.com.xml b/src/chrome/content/rules/OldUnreal.com.xml
new file mode 100644
index 000000000000..5c21953cc793
--- /dev/null
+++ b/src/chrome/content/rules/OldUnreal.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Mismatched:
+		- master
+
+	Wildcard DNS record, any other subdomains are self-signed.
+-->
+<ruleset name="OldUnreal.com">
+	<target host="oldunreal.com" />
+	<target host="www.oldunreal.com" />
+	<target host="forums.oldunreal.com" />
+	<target host="www.forums.oldunreal.com" />
+	<target host="gatherstone.oldunreal.com" />
+	<target host="www.gatherstone.oldunreal.com" />
+	<target host="quickdog.oldunreal.com" />
+	<target host="www.quickdog.oldunreal.com" />
+	<target host="wiki.oldunreal.com" />
+	<target host="www.wiki.oldunreal.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Olioboard.com.xml b/src/chrome/content/rules/Olioboard.com.xml
deleted file mode 100644
index 9b092748a68e..000000000000
--- a/src/chrome/content/rules/Olioboard.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- olioboard.com
-		- www.olioboard.com
-
--->
-<ruleset name="Olioboard.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="olioboard.com" />
-	<target host="www.olioboard.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.olioboard\.com$" name="^_olioboard_session$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ology.com-problematic.xml b/src/chrome/content/rules/Ology.com-problematic.xml
index a68030d47846..c14f97601022 100644
--- a/src/chrome/content/rules/Ology.com-problematic.xml
+++ b/src/chrome/content/rules/Ology.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Ology.com (problematic)" default_off="mismatched">
 
 	<target host="ology.com" />
-	<target host="*.ology.com" />
+	<target host="www.ology.com" />
 
 
 	<securecookie host="^\.ology\.com$" name=".+" />
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?ology\.com/"
 		to="https://www.ology.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ology.com.xml b/src/chrome/content/rules/Ology.com.xml
deleted file mode 100644
index f6491b59b140..000000000000
--- a/src/chrome/content/rules/Ology.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For problematic rules, see Ology.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- d2hddv4f3m6vd2.cloudfront.net
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- nodejs.www	(shows biglive.com)
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: www.biglive.com)
-
-
--->
-<ruleset name="Ology.com (partial)">
-
-	<target host="cdn.ology.com" />
-
-
-	<rule from="^http://cdn\.ology\.com/"
-		to="https://d2hddv4f3m6vd2.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Olx.pt.xml b/src/chrome/content/rules/Olx.pt.xml
index 698472a904d0..b19f4fb2d4b6 100644
--- a/src/chrome/content/rules/Olx.pt.xml
+++ b/src/chrome/content/rules/Olx.pt.xml
@@ -1,7 +1,7 @@
 <!--
 	Mismatch:
 	help.olx.pt
- 
+
  	Timeout:
 	www.olx.pt
 -->
diff --git a/src/chrome/content/rules/Omaha.com.xml b/src/chrome/content/rules/Omaha.com.xml
new file mode 100644
index 000000000000..b72fd4468f47
--- /dev/null
+++ b/src/chrome/content/rules/Omaha.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Handled in Bitly_branded_short_domains.xml:
+		- on.omaha.com
+
+	Invalid certificate:
+		- ballot.omaha.com
+		- studio.omaha.com
+
+	Redirects to HTTP:
+		- www.omaha.com
+-->
+
+<ruleset name="Omaha.com">
+	<target host="omaha.com" />
+	<target host="checkout.omaha.com" />
+	<target host="myaccount.omaha.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OmakaseWeb.com.xml b/src/chrome/content/rules/OmakaseWeb.com.xml
index 2bed54c84ac0..1a429a0be70c 100644
--- a/src/chrome/content/rules/OmakaseWeb.com.xml
+++ b/src/chrome/content/rules/OmakaseWeb.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.omakaseweb.com/ => https://www.omakaseweb.com/: (28, 'Co
 	For other GMO coverage, see GMO_Internet.xml.
 
 -->
-<ruleset name="OmakaseWeb.com" default_off='failed ruleset test'>
+<ruleset name="OmakaseWeb.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Omeda.xml b/src/chrome/content/rules/Omeda.xml
index fbb7306ff64e..05eef76d3011 100644
--- a/src/chrome/content/rules/Omeda.xml
+++ b/src/chrome/content/rules/Omeda.xml
@@ -4,7 +4,7 @@
 		<!--	(www.) times out.	-->
 		<exclusion pattern="^http://www\." />
 
-	<securecookie host="^.*\.omeda\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Clients have unique subdomains, e.g.
diff --git a/src/chrome/content/rules/Omgubuntu.co.uk.xml b/src/chrome/content/rules/Omgubuntu.co.uk.xml
new file mode 100644
index 000000000000..e6556949c09a
--- /dev/null
+++ b/src/chrome/content/rules/Omgubuntu.co.uk.xml
@@ -0,0 +1,23 @@
+<!--
+	Non-functional subdomains:
+		- $host		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="omgubuntu.co.uk">
+
+	<target host="omgubuntu.co.uk" />
+	<target host="www.omgubuntu.co.uk" />
+
+	<rule from="^http://omgubuntu\.co\.uk/"
+		to="https://www.omgubuntu.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OmniTI.com.xml b/src/chrome/content/rules/OmniTI.com.xml
deleted file mode 100644
index c927eb690669..000000000000
--- a/src/chrome/content/rules/OmniTI.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see OmniTI.com-falsemixed.xml.
-
-	Other OmniTI rulesets:
-
-		- OmniTI.net.xml
-
-
-	(www.)?: Mixed css
-
-
-	Fully covered subdomains:
-
-		- surge
-
-
-	Mixed content:
-
-		- css, on:
-
-			- (www.)? from s.omniti.net *
-			- surge from fonts.googleapis.com *
-
-		- Images on (www.)? from s.omniti.net *
-
-		- favicon on surge from $self *
-
-	* Secured by us
-
--->
-<ruleset name="OmniTI.com (partial)">
-
-	<target host="surge.omniti.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OmniTI.net.xml b/src/chrome/content/rules/OmniTI.net.xml
deleted file mode 100644
index e9598a1478bb..000000000000
--- a/src/chrome/content/rules/OmniTI.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other OmniTI coverage, see OmniTI.com.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- s.omniti.net
-
--->
-<ruleset name="OmniTI.net">
-
-	<target host="s.omniti.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^s\.omniti\.net$" name="^connect\.sid$" /-->
-
-	<securecookie host="^s\.omniti\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OmniUpdate.com.xml b/src/chrome/content/rules/OmniUpdate.com.xml
index 00d365d53992..8a2fcb00a828 100644
--- a/src/chrome/content/rules/OmniUpdate.com.xml
+++ b/src/chrome/content/rules/OmniUpdate.com.xml
@@ -18,13 +18,15 @@
 <ruleset name="OmniUpdate.com">
 
 	<target host="omniupdate.com" />
-	<target host="*.omniupdate.com" />
+	<target host="apps.omniupdate.com" />
+	<target host="commons.omniupdate.com" />
+	<target host="support.omniupdate.com" />
+	<target host="www.omniupdate.com" />
 
 
 	<securecookie host="^www\.omniupdate\.com$" name=".+" />
 
 
-	<rule from="^http://((?:apps|commons|support|www)\.)?omniupdate\.com/"
-		to="https://$1omniupdate.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Omniref.com.xml b/src/chrome/content/rules/Omniref.com.xml
index 4b91868bf67b..99eebd43c747 100644
--- a/src/chrome/content/rules/Omniref.com.xml
+++ b/src/chrome/content/rules/Omniref.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://omniref.com/ => https://omniref.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Omniref.com" default_off='failed ruleset test'>
+<ruleset name="Omniref.com" default_off="failed ruleset test">
 
 	<target host="omniref.com" />
 	<target host="www.omniref.com" />
diff --git a/src/chrome/content/rules/Omnirom.org.xml b/src/chrome/content/rules/Omnirom.org.xml
index 58f85d7d0689..673bd965a6c9 100644
--- a/src/chrome/content/rules/Omnirom.org.xml
+++ b/src/chrome/content/rules/Omnirom.org.xml
@@ -1,6 +1,18 @@
+<!--
+	Mismatch:
+		- jira.omnirom.org
+-->
 <ruleset name="Omnirom.org">
-<target host="omnirom.org"/>
-<target host="www.omnirom.org"/>
-<rule from="^http:" to="https:" />
+	<target host="omnirom.org"/>
+	<target host="www.omnirom.org"/>
+	<target host="blog.omnirom.org"/>
+	<target host="dl.omnirom.org"/>
+	<target host="docs.omnirom.org"/>
+	<target host="gerrit.omnirom.org"/>
+	<target host="jenkins.omnirom.org"/>
+	<target host="lists.omnirom.org"/>
+		<test url="http://lists.omnirom.org/pipermail/maintainers/" />
+	<target host="paste.omnirom.org"/>
+
+	<rule from="^http:" to="https:" />
 </ruleset>
- 
diff --git a/src/chrome/content/rules/Omnitec_Inc.com.xml b/src/chrome/content/rules/Omnitec_Inc.com.xml
deleted file mode 100644
index e7be7e8a5c38..000000000000
--- a/src/chrome/content/rules/Omnitec_Inc.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Omnitec Inc.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="trend.omnitecinc.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Omniture.com.xml b/src/chrome/content/rules/Omniture.com.xml
index 42bf9668ab05..b9e8d6b5dcaa 100644
--- a/src/chrome/content/rules/Omniture.com.xml
+++ b/src/chrome/content/rules/Omniture.com.xml
@@ -42,7 +42,7 @@
 					-->
 	<!--securecookie host="^assets\.omniture\.com" name="^BIGipServerhttps_omniture$" /-->
 
-	<securecookie host="^(?:.*\.)?omniture\.com" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Omtrdc.net.xml b/src/chrome/content/rules/Omtrdc.net.xml
index 576114992c09..382376638727 100644
--- a/src/chrome/content/rules/Omtrdc.net.xml
+++ b/src/chrome/content/rules/Omtrdc.net.xml
@@ -30,7 +30,7 @@
 		<test url="http://adobe.tt.omtrdc.net/" />
 
 
-	<securecookie host="^(?:.*\.)?omtrdc\.net$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(\w+)\.(\w+)\.d([1-3])\.sc\.omtrdc\.net/"
diff --git a/src/chrome/content/rules/On-Disk.com.xml b/src/chrome/content/rules/On-Disk.com.xml
index 6b98b4f820e9..38931f03a95b 100644
--- a/src/chrome/content/rules/On-Disk.com.xml
+++ b/src/chrome/content/rules/On-Disk.com.xml
@@ -8,10 +8,10 @@ Fetch error: http://on-disk.com/ => https://on-disk.com/: (60, 'SSL certificate
 	Cert only matches ^on-disk.com
 
 -->
-<ruleset name="On-Disk.com" default_off='failed ruleset test'>
+<ruleset name="On-Disk.com" default_off="failed ruleset test">
 
 	<target host="on-disk.com" />
-	<target host="*.on-disk.com" />
+	<target host="www.on-disk.com" />
 
 
 	<securecookie host="^\.on-disk\.com$" name=".+" />
diff --git a/src/chrome/content/rules/On-web.fr.xml b/src/chrome/content/rules/On-web.fr.xml
index 6148f9680538..019fac33c5c9 100644
--- a/src/chrome/content/rules/On-web.fr.xml
+++ b/src/chrome/content/rules/On-web.fr.xml
@@ -27,4 +27,4 @@ Fetch error: http://on-web.fr/ => https://www.planet-work.com/: (28, 'Operation
 	<rule from="^http://([\w-]+)\.on-web\.fr/"
 		to="https://$1.on-web.fr/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OnLive.com.xml b/src/chrome/content/rules/OnLive.com.xml
index 5f84bf63abcb..ee79c03f2075 100644
--- a/src/chrome/content/rules/OnLive.com.xml
+++ b/src/chrome/content/rules/OnLive.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://blog.onlive.com/ => https://blog.onlive.com/: (51, "SSL: no
 	* Mismatched
 
 -->
-<ruleset name="OnLive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="OnLive.com (partial)" default_off="failed ruleset test">
 
 	<target host="blog.onlive.com" />
 
diff --git a/src/chrome/content/rules/OnSecure.xml b/src/chrome/content/rules/OnSecure.xml
index e8e86b614638..ad207bd92c71 100644
--- a/src/chrome/content/rules/OnSecure.xml
+++ b/src/chrome/content/rules/OnSecure.xml
@@ -1,7 +1,7 @@
 <ruleset name="OnSecure">
 	<target host="onsecure.gov.au" />
-	<target host="*.onsecure.gov.au" />
+	<target host="www.onsecure.gov.au" />
 
 	<rule from="^http://(?:www\.)?onsecure\.gov\.au/"
 		to="https://www.onsecure.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onamae.com.xml b/src/chrome/content/rules/Onamae.com.xml
index 7dea22daeab4..3664b47cfc55 100644
--- a/src/chrome/content/rules/Onamae.com.xml
+++ b/src/chrome/content/rules/Onamae.com.xml
@@ -1,33 +1,18 @@
 <!--
 	For other GMO coverage, see GMO_Internet.xml.
 
-
-	www: at least some pages redirect to http.
-
+	Non-functional hosts:
+		Timeout:
+		- jp.onamae.com
 -->
 <ruleset name="Onamae.com (partial)">
 
 	<target host="onamae.com" />
-	<target host="*.onamae.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="http://www\.onamae\.com/+($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="http://www\.onamae\.com/+(?!common/|dd_menu/|favicon\.ico|images/|navi(?:$|[?/]))" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^help\.onamae\.com$" name="^cp_session$" /-->
-	<securecookie host="^www\.onamae\.com$" name="^adsense$" />
-
-	<securecookie host="^help\.onamae\.com$" name=".+" />
+	<target host="www.onamae.com" />
+	<target host="help.onamae.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://((?:help|jp|www)\.)?onamae\.com/"
-		to="https://$1onamae.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Onarbor.com.xml b/src/chrome/content/rules/Onarbor.com.xml
index 4717071e2923..6870a82887dd 100644
--- a/src/chrome/content/rules/Onarbor.com.xml
+++ b/src/chrome/content/rules/Onarbor.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://onarbor.com/ => https://onarbor.com/: (7, 'Failed to connect
 Fetch error: http://www.onarbor.com/ => https://www.onarbor.com/: (7, 'Failed to connect to www.onarbor.com port 443: Connection refused')
 
 -->
-<ruleset name="Onarbor.com" default_off='failed ruleset test'>
+<ruleset name="Onarbor.com" default_off="failed ruleset test">
 
 	<target host="onarbor.com" />
 	<target host="www.onarbor.com" />
diff --git a/src/chrome/content/rules/OnboardKit.com.xml b/src/chrome/content/rules/OnboardKit.com.xml
deleted file mode 100644
index ff85203253b4..000000000000
--- a/src/chrome/content/rules/OnboardKit.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	www.onboardkit.com: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- onboardkit.com
-
--->
-<ruleset name="OnboardKit.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="onboardkit.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.onboardkit.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^onboardkit\.com$" name="^_obk$" /-->
-
-	<securecookie host="^onboardkit\.com$" name=".+" />
-
-
-	<rule from="^http://www\.onboardkit\.com/"
-		to="https://onboardkit.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/One-Good-Driver.xml b/src/chrome/content/rules/One-Good-Driver.xml
deleted file mode 100644
index 0b891ef812c2..000000000000
--- a/src/chrome/content/rules/One-Good-Driver.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="One Good Driver.com">
-
-	<!--	Complications:
-				-->
-	<target host="onegooddriver.com" />
-	<target host="www.onegooddriver.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?onegooddriver\.com/"
-		to="https://www.cheapandspeedytrafficschool.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/One2Buy.xml b/src/chrome/content/rules/One2Buy.xml
index 7d0278a70123..0b2fe760929c 100644
--- a/src/chrome/content/rules/One2Buy.xml
+++ b/src/chrome/content/rules/One2Buy.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?one2buy\.com/(media|skin)/"
 		to="https://$1one2buy.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneCloudSecurity.com.xml b/src/chrome/content/rules/OneCloudSecurity.com.xml
index e3dcd135488f..60b73579a31b 100644
--- a/src/chrome/content/rules/OneCloudSecurity.com.xml
+++ b/src/chrome/content/rules/OneCloudSecurity.com.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://onecloudsecurity.com/ => https://onecloudsecurity.com/: Too many redirects while fetching 'https://onecloudsecurity.com/'
 
 -->
-<ruleset name="OneCloudSecurity.com" default_off='failed ruleset test'>
+<ruleset name="OneCloudSecurity.com" default_off="failed ruleset test">
 
 	<target host="onecloudsecurity.com" />
 	<target host="www.onecloudsecurity.com" />
@@ -22,4 +22,4 @@ Fetch error: http://onecloudsecurity.com/ => https://onecloudsecurity.com/: Too
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneExchange.xml b/src/chrome/content/rules/OneExchange.xml
index 0d73ab68aaf6..1484378a0979 100644
--- a/src/chrome/content/rules/OneExchange.xml
+++ b/src/chrome/content/rules/OneExchange.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneMathematicalCat.org.xml b/src/chrome/content/rules/OneMathematicalCat.org.xml
new file mode 100644
index 000000000000..5cfd0e2c6d10
--- /dev/null
+++ b/src/chrome/content/rules/OneMathematicalCat.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="OneMathematicalCat.org">
+	<target host="onemathematicalcat.org" />
+	<target host="www.onemathematicalcat.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OneNetworkDirect.xml b/src/chrome/content/rules/OneNetworkDirect.xml
index bbfade497558..c5c812456205 100644
--- a/src/chrome/content/rules/OneNetworkDirect.xml
+++ b/src/chrome/content/rules/OneNetworkDirect.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OneScreen.xml b/src/chrome/content/rules/OneScreen.xml
index 096219488a02..1d38c2769f33 100644
--- a/src/chrome/content/rules/OneScreen.xml
+++ b/src/chrome/content/rules/OneScreen.xml
@@ -22,7 +22,8 @@
 
 	<target host="images.1sfx.net" />
 	<target host="onescreen.com" />
-	<target host="*.onescreen.com" />
+	<target host="cdn.onescreen.com" />
+	<target host="www.onescreen.com" />
 
 
 	<!--	- !www times out
diff --git a/src/chrome/content/rules/One_Man_Can.xml b/src/chrome/content/rules/One_Man_Can.xml
index 5c3c7ae711f3..dc913413790f 100644
--- a/src/chrome/content/rules/One_Man_Can.xml
+++ b/src/chrome/content/rules/One_Man_Can.xml
@@ -5,7 +5,7 @@ Fetch error: http://onemancan.org/ => https://onemancan.org/: (51, "SSL: no alte
 Fetch error: http://www.onemancan.org/ => https://www.onemancan.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onemancan.org'")
 
 -->
-<ruleset name="One Man Can" default_off='failed ruleset test'>
+<ruleset name="One Man Can" default_off="failed ruleset test">
 
 	<target host="onemancan.org" />
 	<target host="www.onemancan.org" />
@@ -16,4 +16,4 @@ Fetch error: http://www.onemancan.org/ => https://www.onemancan.org/: (51, "SSL:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/One_Month.com.xml b/src/chrome/content/rules/One_Month.com.xml
index f91c00f8d6e6..dc6ed777ef2d 100644
--- a/src/chrome/content/rules/One_Month.com.xml
+++ b/src/chrome/content/rules/One_Month.com.xml
@@ -43,7 +43,7 @@ Fetch error: http://refer.onemonth.com/ => https://refer.onemonth.com/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="One Month.com (partial)" default_off='failed ruleset test'>
+<ruleset name="One Month.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/One_in_3_Campaign.xml b/src/chrome/content/rules/One_in_3_Campaign.xml
index 940733e85f88..e7a204ab164a 100644
--- a/src/chrome/content/rules/One_in_3_Campaign.xml
+++ b/src/chrome/content/rules/One_in_3_Campaign.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?1in3campaign\.org/"
 		to="https://onein3.wpengine.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onebillion.org.uk.xml b/src/chrome/content/rules/Onebillion.org.uk.xml
index c6cf5acb1256..836de864ea78 100644
--- a/src/chrome/content/rules/Onebillion.org.uk.xml
+++ b/src/chrome/content/rules/Onebillion.org.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.onebillion.org.uk/ => https://www.onebillion.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onebillion.org.uk'")
 
 -->
-<ruleset name="onebillion.org.uk" default_off='failed ruleset test'>
+<ruleset name="onebillion.org.uk" default_off="failed ruleset test">
 	<target host="onebillion.org.uk" />
 	<target host="www.onebillion.org.uk" />
 
diff --git a/src/chrome/content/rules/Onebitbug.me.xml b/src/chrome/content/rules/Onebitbug.me.xml
index bff911ebd95e..152d083ceabc 100644
--- a/src/chrome/content/rules/Onebitbug.me.xml
+++ b/src/chrome/content/rules/Onebitbug.me.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.onebitbug.me/ => https://www.onebitbug.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onebitbug.me'")
 
 -->
-<ruleset name="onebitbug.me" default_off='failed ruleset test'>
+<ruleset name="onebitbug.me" default_off="failed ruleset test">
 
 	<target host="onebitbug.me" />
 	<target host="www.onebitbug.me" />
diff --git a/src/chrome/content/rules/Onepager.xml b/src/chrome/content/rules/Onepager.xml
index b97ea74e835b..00f2fa728fda 100644
--- a/src/chrome/content/rules/Onepager.xml
+++ b/src/chrome/content/rules/Onepager.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?onepagerapp\.com/(assets/|errors/|signin(?:$|\?|/))"
 		to="https://$1onepagerapp.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Oneworld-Publications.com.xml b/src/chrome/content/rules/Oneworld-Publications.com.xml
new file mode 100644
index 000000000000..742ae8197850
--- /dev/null
+++ b/src/chrome/content/rules/Oneworld-Publications.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Oneworld-Publications.com">
+	<target host="oneworld-publications.com" />
+	<target host="www.oneworld-publications.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onion.to.xml b/src/chrome/content/rules/Onion.to.xml
index 5363b0efe1e5..bd206738d303 100644
--- a/src/chrome/content/rules/Onion.to.xml
+++ b/src/chrome/content/rules/Onion.to.xml
@@ -15,5 +15,5 @@
 	<test url="http://duskgytldkxiuqc6.onion.to/" />
 	<test url="http://5nca3wxl33tzlzj5.onion.to/" />
 	<test url="http://protonirockerxow.onion.to/" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Onion.xml b/src/chrome/content/rules/Onion.xml
deleted file mode 100644
index d8b0bf799b4c..000000000000
--- a/src/chrome/content/rules/Onion.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- o.onionstatic.com.cdngc.net
-		- www.theonion.com.cdngc.net
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- o *
-		- www *
-
-	* 403; mismatched, CN: ssl2.cdngc.net
-
--->
-<ruleset name="The Onion (partial)">
-
-	<target host="store.theonion.com" />
-
-
-	<securecookie host="^store\.theonion\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/OnionCat.org.xml b/src/chrome/content/rules/OnionCat.org.xml
index 29f49206b072..ec9425c5d26e 100644
--- a/src/chrome/content/rules/OnionCat.org.xml
+++ b/src/chrome/content/rules/OnionCat.org.xml
@@ -5,7 +5,7 @@
 	^onioncat.org: Mismatched
 
 -->
-<ruleset name="OnionCat.org" default_off="missing certificate chain">
+<ruleset name="OnionCat.org" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OnionGit.eu.xml b/src/chrome/content/rules/OnionGit.eu.xml
deleted file mode 100644
index c560893d8e34..000000000000
--- a/src/chrome/content/rules/OnionGit.eu.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="OnionGit.eu">
-	<target host="oniongit.eu" />
-	<target host="www.oniongit.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OnionTip.com.xml b/src/chrome/content/rules/OnionTip.com.xml
index d96d0b75a1de..3b5a55d7a948 100644
--- a/src/chrome/content/rules/OnionTip.com.xml
+++ b/src/chrome/content/rules/OnionTip.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://oniontip.com/ => https://oniontip.com/: (7, 'Failed to conne
 Fetch error: http://www.oniontip.com/ => https://www.oniontip.com/: (7, 'Failed to connect to www.oniontip.com port 443: No route to host')
 
 -->
-<ruleset name="OnionTip.com" default_off='failed ruleset test'>
+<ruleset name="OnionTip.com" default_off="failed ruleset test">
 
 	<target host="oniontip.com" />
 	<target host="www.oniontip.com" />
diff --git a/src/chrome/content/rules/Online-Mahnantrag.de.xml b/src/chrome/content/rules/Online-Mahnantrag.de.xml
index 349cebce3e92..e1ae3eb1668d 100644
--- a/src/chrome/content/rules/Online-Mahnantrag.de.xml
+++ b/src/chrome/content/rules/Online-Mahnantrag.de.xml
@@ -1,9 +1,17 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://online-mahnantrag.de/omahn/Mahnantrag?_ts=496048-1589412980912&Command=start => https://www.online-mahnantrag.de/omahn/Mahnantrag?_ts=496048-1589412980912&Command=start: (6, 'Could not resolve host: online-mahnantrag.de')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://online-mahnantrag.de/ => https://www.online-mahnantrag.de/: (6, 'Could not resolve host: online-mahnantrag.de')
+
+-->
 <ruleset name="Online-Mahnantrag.de">
 	<target host="www.online-mahnantrag.de" />
-	<target host=    "online-mahnantrag.de" />
+	<!-- target host="online-mahnantrag.de" /-->
 
-	<rule from="^http://online-mahnantrag\.de/"
-		to="https://www.online-mahnantrag.de/" />
 	<rule from="^http:"
 	        to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Online-convert.com.xml b/src/chrome/content/rules/Online-convert.com.xml
index 9acbfbb513de..1c225e76e0d5 100644
--- a/src/chrome/content/rules/Online-convert.com.xml
+++ b/src/chrome/content/rules/Online-convert.com.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Online.nl.xml b/src/chrome/content/rules/Online.nl.xml
index d05768250457..6e76c6072dc2 100644
--- a/src/chrome/content/rules/Online.nl.xml
+++ b/src/chrome/content/rules/Online.nl.xml
@@ -1,6 +1,15 @@
+<!--
+	Non-functional hosts:
+		Mismatched:
+		- home.online.nl
+-->
 <ruleset name="Online.nl">
-  <target host="*.online.nl" />
+	<target host="online.nl" />
+	<target host="www.online.nl" />
+	<target host="pop.online.nl" />
+	<target host="vragen.online.nl" />
+	<target host="webmail.online.nl" />
+	<target host="www1.online.nl" />
 
-  <rule from="^http://(?:www\.)?online\.nl/" to="https://www.online.nl/"/>
-  <rule from="^http://registratie\.online\.nl/" to="https://registratie.online.nl/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OnlineShoes.com.xml b/src/chrome/content/rules/OnlineShoes.com.xml
index b904a7528404..7aff1d87d490 100644
--- a/src/chrome/content/rules/OnlineShoes.com.xml
+++ b/src/chrome/content/rules/OnlineShoes.com.xml
@@ -8,10 +8,11 @@ Fetch error: http://onlineshoes.com/ => https://www.onlineshoes.com/: (6, 'Could
 		- ^	(reset)
 
 -->
-<ruleset name="OnlineShoes.com" default_off='failed ruleset test'>
+<ruleset name="OnlineShoes.com" default_off="failed ruleset test">
 
 	<target host="onlineshoes.com" />
-	<target host="*.onlineshoes.com" />
+	<target host="www.onlineshoes.com" />
+	<target host="static.onlineshoes.com" />
 
 
 	<securecookie host="^(?:static|www)\.onlineshoes\.com$" name=".+" />
@@ -20,7 +21,6 @@ Fetch error: http://onlineshoes.com/ => https://www.onlineshoes.com/: (6, 'Could
 	<rule from="^http://(?:www\.)?onlineshoes\.com/"
 		to="https://www.onlineshoes.com/" />
 
-	<rule from="^http://static\.onlineshoes\.com/"
-		to="https://static.onlineshoes.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Online_EMR.xml b/src/chrome/content/rules/Online_EMR.xml
index 9da664051add..c57465fd4243 100644
--- a/src/chrome/content/rules/Online_EMR.xml
+++ b/src/chrome/content/rules/Online_EMR.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Online_Wellness_Association.xml b/src/chrome/content/rules/Online_Wellness_Association.xml
deleted file mode 100644
index d3d01ed9cd39..000000000000
--- a/src/chrome/content/rules/Online_Wellness_Association.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Online Wellness Association">
-
-	<target host="onlinewellnessassociation.com" />
-	<target host="www.onlinewellnessassociation.com" />
-
-
-	<securecookie host="^(?:w*\.)?onlinewellnessassociation\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Onlychange.com.xml b/src/chrome/content/rules/Onlychange.com.xml
index ef5d3e9a80d2..13dc45e750df 100644
--- a/src/chrome/content/rules/Onlychange.com.xml
+++ b/src/chrome/content/rules/Onlychange.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?onlychange\.com/"
 		to="https://onlychange.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onlyoffice.com.xml b/src/chrome/content/rules/Onlyoffice.com.xml
new file mode 100644
index 000000000000..53f8c56a8751
--- /dev/null
+++ b/src/chrome/content/rules/Onlyoffice.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other Onlyoffice rulesets:
+		- Onlyoffice.org.xml
+
+	Host has wildcard DNS and cert.
+-->
+<ruleset name="Onlyoffice.com">
+	<target host="onlyoffice.com" />
+	<target host="www.onlyoffice.com" />
+	<target host="api.onlyoffice.com" />
+	<target host="helpcenter.onlyoffice.com" />
+	<target host="personal.onlyoffice.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onlyoffice.org.xml b/src/chrome/content/rules/Onlyoffice.org.xml
new file mode 100644
index 000000000000..c5a161ec5489
--- /dev/null
+++ b/src/chrome/content/rules/Onlyoffice.org.xml
@@ -0,0 +1,28 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://onlyoffice.org/ => https://onlyoffice.org/: (51, "SSL: no alternative certificate subject name matches target host name 'onlyoffice.org'")
+Fetch error: http://www.onlyoffice.org/ => https://www.onlyoffice.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.onlyoffice.org'")
+
+	For other Onlyoffice coverage, see Onlyoffice.com.xml.
+
+	Expired:
+		- onlyoffice.org
+		- www.onlyoffice.org
+
+	Host has wildcard DNS.
+-->
+<ruleset name="Onlyoffice.org">
+	<!-- target host="onlyoffice.org" /-->
+	<!-- target host="www.onlyoffice.org" /-->
+	<target host="dev.onlyoffice.org" />
+	<target host="cloud.onlyoffice.org" />
+
+	<!--
+    Can't find examples for this host pattern,
+    but keeping since it exists
+    <rule from="^http://(www\.)?onlyoffice\.org/" to="https://$1onlyoffice.com/" /> 
+  -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ono.xml b/src/chrome/content/rules/Ono.xml
index e032b45ad8bc..d745ed0bbe6c 100644
--- a/src/chrome/content/rules/Ono.xml
+++ b/src/chrome/content/rules/Ono.xml
@@ -11,4 +11,4 @@
 					-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onpage.org.xml b/src/chrome/content/rules/Onpage.org.xml
index 248d765f7b63..279ed74d38f7 100644
--- a/src/chrome/content/rules/Onpage.org.xml
+++ b/src/chrome/content/rules/Onpage.org.xml
@@ -3,7 +3,7 @@
 		- indexability.yoast.onpage.org
 
 	Cert mismatch:
-		- 
+		-
 	Connection refused:
 		- lb.onpage.org
 
diff --git a/src/chrome/content/rules/Onsalesit.com.xml b/src/chrome/content/rules/Onsalesit.com.xml
index c419d51584be..adb28b53ef28 100644
--- a/src/chrome/content/rules/Onsalesit.com.xml
+++ b/src/chrome/content/rules/Onsalesit.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onswipe.com.xml b/src/chrome/content/rules/Onswipe.com.xml
new file mode 100644
index 000000000000..bcc19eb84d92
--- /dev/null
+++ b/src/chrome/content/rules/Onswipe.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- email.onswipe.com
+		- mail.onswipe.com
+-->
+<ruleset name="Onswipe.com">
+	<target host="onswipe.com" />
+	<target host="www.onswipe.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Onswipe.xml b/src/chrome/content/rules/Onswipe.xml
deleted file mode 100644
index fab6747fdde1..000000000000
--- a/src/chrome/content/rules/Onswipe.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets.onswipe.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- dashboard *
-		- synapse	(refused)
-
-	* Times out
-
-
-	Problematic subdomains:
-
-		- assets *
-
-	* Works; mismatched, CN: *.a.ssl.fastly.net
-
-
-	Problematic subdomains:
-
-		- static	(works, akamai)
-
--->
-<ruleset name="Onswipe">
-
-	<target host="*.onswipe.com" />
-
-
-	<rule from="^http://static\.onswipe\.com/synapse/"
-		to="https://s3.amazonaws.com/cdn.onswipe.com/synapse/" />
-
-	<rule from="^http://(cdn|plug)\.onswipe\.com/"
-		to="https://s3.amazonaws.com/$1.onswipe.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml b/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml
index c74751da19e4..079d81e867a3 100644
--- a/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml
+++ b/src/chrome/content/rules/Ontario_Minor_Hockey_Association.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.omha.net/ => https://www.omha.net/: (51, "SSL: no altern
 Disabled by https-everywhere-checker because:
 Fetch error: http://omha.net/ => https://omha.net/: (51, "SSL: no alternative certificate subject name matches target host name 'omha.net'")
 -->
-<ruleset name="Ontario Minor Hockey Association" default_off='failed ruleset test'>
+<ruleset name="Ontario Minor Hockey Association" default_off="failed ruleset test">
 
 	<target host="omha.net" />
 	<target host="www.omha.net" />
@@ -18,4 +18,4 @@ Fetch error: http://omha.net/ => https://omha.net/: (51, "SSL: no alternative ce
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Onthe.io.xml b/src/chrome/content/rules/Onthe.io.xml
index c38182fe66ef..995e5e61610f 100644
--- a/src/chrome/content/rules/Onthe.io.xml
+++ b/src/chrome/content/rules/Onthe.io.xml
@@ -24,7 +24,7 @@
 					-->
 	<!--securecookie host="^(?:(?:me|sun|t)\.)?onthe\.io$" name="^s$" /-->
 
-	<securecookie host="(?:.+\.)?onthe\.io$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Oo-software.com.xml b/src/chrome/content/rules/Oo-software.com.xml
index f61e1e3b99bb..3b2c0eafaab8 100644
--- a/src/chrome/content/rules/Oo-software.com.xml
+++ b/src/chrome/content/rules/Oo-software.com.xml
@@ -8,13 +8,13 @@ Non-2xx HTTP code: http://dl2.oo-software.com/ (200) => https://dl2.oo-software.
 
     Active mixed content:
 	    - corp*
-	
+
 	* Secured by us
 
     More O&O rulesets:
 	    - Syspectr.com
 -->
-<ruleset name="OO-Software.com" default_off='failed ruleset test'>
+<ruleset name="OO-Software.com" default_off="failed ruleset test">
     <target host="oo-software.com" />
     <target host="www.oo-software.com" />
     <target host="shop.oo-software.com" />
diff --git a/src/chrome/content/rules/Oops.org.xml b/src/chrome/content/rules/Oops.org.xml
index 0198485b2f1f..3ca3d832d1e1 100644
--- a/src/chrome/content/rules/Oops.org.xml
+++ b/src/chrome/content/rules/Oops.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.oops.org/ => https://www.oops.org/: (51, "SSL: no altern
 
 mirror.kr1.oops.org refused
 -->
-<ruleset name="oops.org" default_off='failed ruleset test'>
+<ruleset name="oops.org" default_off="failed ruleset test">
 	<target host="oops.org" />
 	<target host="www.oops.org" />
 	<target host="annyung.oops.org" />
diff --git a/src/chrome/content/rules/Ooyala.xml b/src/chrome/content/rules/Ooyala.xml
index f1213d63d2a4..0dc7450889c3 100644
--- a/src/chrome/content/rules/Ooyala.xml
+++ b/src/chrome/content/rules/Ooyala.xml
@@ -56,7 +56,7 @@
 	<test url="http://www.ooyala.com/crossdomain.xml" />
 	<test url="http://api.ooyala.com/docs/v2/" />
 
-	<securecookie host="^(?:.*\.)?ooyala\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(?:ak\.)?c\.ooyala\.com/"
 		to="https://ak-c.ooyala.com/" />
diff --git a/src/chrome/content/rules/Opa.xml b/src/chrome/content/rules/Opa.xml
index a9e4b28f4607..4816d9c4d438 100644
--- a/src/chrome/content/rules/Opa.xml
+++ b/src/chrome/content/rules/Opa.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.opalang.org/ => https://www.opalang.org/: (28, 'Connecti
 		- forum	(ditto)
 
 -->
-<ruleset name="Opa (partial)" default_off='failed ruleset test'>
+<ruleset name="Opa (partial)" default_off="failed ruleset test">
 
 	<target host="opalang.org" />
 	<target host="www.opalang.org" />
diff --git a/src/chrome/content/rules/Open-Invention-Network.xml b/src/chrome/content/rules/Open-Invention-Network.xml
deleted file mode 100644
index 8483e753f07a..000000000000
--- a/src/chrome/content/rules/Open-Invention-Network.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Open Invention Network.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="openinventionnetwork.com" />
-	<target host="www.openinventionnetwork.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open-Source-Robotics-Foundation.xml b/src/chrome/content/rules/Open-Source-Robotics-Foundation.xml
deleted file mode 100644
index 9a080acdc790..000000000000
--- a/src/chrome/content/rules/Open-Source-Robotics-Foundation.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Open Source Robotics Foundation
-
-	For problematic rules, see OSR_Foundation.org-problematic.xml.
-
-
-	(www.)?: Expired
-
-
-	Insecure cookies are set for these hosts:
-
-		- events.osrfoundation.org
-
--->
-<ruleset name="OSR Foundation.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="osrfoundation.org" /-->
-	<target host="events.osrfoundation.org" />
-	<!--target host="www.osrfoundation.org" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^events\.osrfoundation\.org$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^events\.osrfoundation\.org$" name="^PHPSESSID$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open.ac.uk.xml b/src/chrome/content/rules/Open.ac.uk.xml
index 6d3235b6a4e1..ef936c2f6a0a 100644
--- a/src/chrome/content/rules/Open.ac.uk.xml
+++ b/src/chrome/content/rules/Open.ac.uk.xml
@@ -48,6 +48,13 @@
 	<rule from="^http://open\.ac\.uk/"
 			to="https://www.open.ac.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
+
+	<exclusion pattern="^http://(www\.)?open\.ac\.uk/courses(/|$)" />
+
+	<test url="http://open.ac.uk/courses" />
+	<test url="http://www.open.ac.uk/courses" />
+	<test url="http://open.ac.uk/courses/arts" />
+	<test url="http://www.open.ac.uk/courses/arts" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenAdultDirectory.com.xml b/src/chrome/content/rules/OpenAdultDirectory.com.xml
index 3fc177658d5a..fb657bc8a583 100644
--- a/src/chrome/content/rules/OpenAdultDirectory.com.xml
+++ b/src/chrome/content/rules/OpenAdultDirectory.com.xml
@@ -14,4 +14,4 @@ Fetch error: http://www.openadultdirectory.com/ => http://www.openadultdirectory
 	<rule from="^http://(www\.)?openadultdirectory\.com/(banner-img/|favicon\.ico|oad_html/images/)"
 		to="https://$1openadultdirectory.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenAthens.xml b/src/chrome/content/rules/OpenAthens.xml
deleted file mode 100644
index e1b08b61c656..000000000000
--- a/src/chrome/content/rules/OpenAthens.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="OpenAthens (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="auth.athensams.net"/>
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenBL.org.xml b/src/chrome/content/rules/OpenBL.org.xml
deleted file mode 100644
index 09b2dc64c166..000000000000
--- a/src/chrome/content/rules/OpenBL.org.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Invalid Certificate:
-	
-	- us.openbl.org
-	- www.us.openbl.org
-	- us01.openbl.org
--->
-
-<ruleset name="OpenBL.org">
-	<target host="openbl.org" />
-	<target host="www.openbl.org" />
-
-	<rule from="^http:"
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OpenBSD.org.xml b/src/chrome/content/rules/OpenBSD.org.xml
index 183887da3e8c..dc5b473d84da 100644
--- a/src/chrome/content/rules/OpenBSD.org.xml
+++ b/src/chrome/content/rules/OpenBSD.org.xml
@@ -1,4 +1,4 @@
-<!--	
+<!--
 	Mismatched certificate:
 		- firmware.openbsd.org
 
diff --git a/src/chrome/content/rules/OpenBSDEurope.com.xml b/src/chrome/content/rules/OpenBSDEurope.com.xml
deleted file mode 100644
index 1e65fa01dd07..000000000000
--- a/src/chrome/content/rules/OpenBSDEurope.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="OpenBSD Europe">
-  <target host="openbsdeurope.com" />
-  <target host="shop.openbsdeurope.com" />
-
-  <rule from="^http://(?:shop\.)?openbsdeurope\.com/" to="https://shop.openbsdeurope.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/OpenBitTorrent.com.xml b/src/chrome/content/rules/OpenBitTorrent.com.xml
deleted file mode 100644
index 934599b78fd4..000000000000
--- a/src/chrome/content/rules/OpenBitTorrent.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="OpenBitTorrent.com">
-	<target host=    "openbittorrent.com" />
-	<target host="www.openbittorrent.com" />
-
-	<!-- hostname mismatch, CN: openbittorrent.com -->
-	<rule from="^http://www\.openbittorrent\.com/"
-		to="https://openbittorrent.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OpenCCC.xml b/src/chrome/content/rules/OpenCCC.xml
index 4c112d04ada4..261f0eeafb53 100644
--- a/src/chrome/content/rules/OpenCCC.xml
+++ b/src/chrome/content/rules/OpenCCC.xml
@@ -22,4 +22,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenCSW.org.xml b/src/chrome/content/rules/OpenCSW.org.xml
index 224158aa7d47..87c7171057d5 100644
--- a/src/chrome/content/rules/OpenCSW.org.xml
+++ b/src/chrome/content/rules/OpenCSW.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://opencsw.org/ => https://opencsw.org/: (51, "SSL: no alternat
 	* Redirects to http
 
 -->
-<ruleset name="OpenCSW.org (partial)" default_off='failed ruleset test'>
+<ruleset name="OpenCSW.org (partial)" default_off="failed ruleset test">
 
 	<target host="opencsw.org" />
 	<target host="lists.opencsw.org" />
diff --git a/src/chrome/content/rules/OpenCV.org.xml b/src/chrome/content/rules/OpenCV.org.xml
new file mode 100644
index 000000000000..2c532ae70cff
--- /dev/null
+++ b/src/chrome/content/rules/OpenCV.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Self-signed:
+		- www.answers
+		- www.code
+
+	Mismatched:
+		- www.courses
+		- dl
+		- www.store
+-->
+<ruleset name="OpenCV.org">
+	<target host="opencv.org" />
+	<target host="www.opencv.org" />
+	<target host="answers.opencv.org" />
+	<target host="build.opencv.org" />
+	<target host="www.build.opencv.org" />
+	<target host="code.opencv.org" />
+	<target host="courses.opencv.org" />
+	<target host="docs.opencv.org" />
+	<target host="www.docs.opencv.org" />
+	<target host="pullrequest.opencv.org" />
+	<target host="www.pullrequest.opencv.org" />
+	<target host="store.opencv.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenClassrooms.xml b/src/chrome/content/rules/OpenClassrooms.xml
index 5a9178556618..34ef978b83d9 100644
--- a/src/chrome/content/rules/OpenClassrooms.xml
+++ b/src/chrome/content/rules/OpenClassrooms.xml
@@ -26,7 +26,7 @@
 	<!--securecookie host="^\.openclassrooms\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
 	<!--securecookie host="^www\.openclassrooms\.com$" name="^AWSELB$" /-->
 
-	<securecookie host="^(?:\.|www\.)?openclassrooms\.com$" name="" />
+	<securecookie host="^(?:\.|www\.)?openclassrooms\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/OpenCorporates.com.xml b/src/chrome/content/rules/OpenCorporates.com.xml
index 8b8e87186f47..ccc0bce55b19 100644
--- a/src/chrome/content/rules/OpenCorporates.com.xml
+++ b/src/chrome/content/rules/OpenCorporates.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://support.opencorporates.com/ => https://support.opencorporate
 		- www.opencorporates.com
 
 -->
-<ruleset name="OpenCorporates.com (partial)" default_off='failed ruleset test'>
+<ruleset name="OpenCorporates.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OpenDefinition.org.xml b/src/chrome/content/rules/OpenDefinition.org.xml
new file mode 100644
index 000000000000..2ea9fc7dcfab
--- /dev/null
+++ b/src/chrome/content/rules/OpenDefinition.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenDefinition.org">
+
+	<target host="opendefinition.org" />
+	<target host="www.opendefinition.org" />
+	<target host="licenses.opendefinition.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenF2.org.xml b/src/chrome/content/rules/OpenF2.org.xml
index 5270501543fa..f1ade5984003 100644
--- a/src/chrome/content/rules/OpenF2.org.xml
+++ b/src/chrome/content/rules/OpenF2.org.xml
@@ -60,9 +60,15 @@
 -->
 <ruleset name="OpenF2.org (partial)">
 
-	<target host="*.openf2.com" />
+	<target host="www.openf2.com" />
+	<target host="developer.openf2.com" />
 	<target host="openf2.org" />
-	<target host="*.openf2.org" />
+	<target host="cdn.openf2.org" />
+	<target host="developer.openf2.org" />
+	<target host="developer.btc.openf2.org" />
+	<target host="developer.ltc.openf2.org" />
+	<target host="services.openf2.org" />
+	<target host="www.openf2.org" />
 
 
 	<securecookie host="^developer\.openf2\.com$" name=".+" />
@@ -72,10 +78,7 @@
 	<rule from="^http://www\.openf2\.com/"
 		to="https://www.openf2.org/" />
 
-	<rule from="^http://developer\.openf2\.com/"
-		to="https://developer.openf2.com/" />
 
-	<rule from="^http://((?:cdn|developer(?:\.[bl]tc)?|services|www)\.)?openf2\.org/"
-		to="https://$1openf2.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenFoundry.org.xml b/src/chrome/content/rules/OpenFoundry.org.xml
deleted file mode 100644
index 046ddb9c210e..000000000000
--- a/src/chrome/content/rules/OpenFoundry.org.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	^: cert only matches www
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.openfoundry.org
-
-
-	Mixed content:
-
-		- Image from $self *
-
-	* Secured by us
-
--->
-<ruleset name="OpenFoundry.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.openfoundry.org" />
-
-	<!--	Complications:
-				-->
-	<target host="openfoundry.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.openfoundry\.org$" name="^([\da-f]{32}|jfcookie\[lang\]|oflang|ossfauth)$" /-->
-
-	<securecookie host="^www\.openfoundry\.org$" name=".+" />
-
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://openfoundry\.org/.*"
-		to="https://www.openfoundry.org/" />
-
-		<test url="http://openfoundry.org//" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenGroup.org.xml b/src/chrome/content/rules/OpenGroup.org.xml
new file mode 100644
index 000000000000..949336b119f5
--- /dev/null
+++ b/src/chrome/content/rules/OpenGroup.org.xml
@@ -0,0 +1,104 @@
+<!--
+	Incomplete certificate chain:
+		- personal
+		- pluto
+		- pluto.rdg
+		- store2
+		- wiki2
+
+	HTTP =/= HTTPS:
+		- newsletter
+		- ns1
+		- salesforce
+
+	Mismatched:
+		- www.db
+		- vm1.face
+		- img
+		- test.proto
+		- www.rdg
+		- xoneweb.rdg
+		- soa-standards
+
+	No route to host:
+		- new
+		- old
+		- oldweb
+		- webproxy
+		- www5
+
+	Self-signed certificate:
+		- cloud
+		- www4
+
+	Connection timed out:
+		- api
+		- pictures
+		- tracking
+-->
+<ruleset name="OpenGroup.org">
+	<target host="opengroup.org" />
+	<target host="www.opengroup.org" />
+	<target host="adl.opengroup.org" />
+	<target host="archimate-cert.opengroup.org" />
+	<target host="archive.opengroup.org" />
+	<target host="blog.opengroup.org" />
+	<target host="bridge.opengroup.org" />
+	<target host="certification.opengroup.org" />
+	<target host="collaboration.opengroup.org" />
+	<target host="cvs.opengroup.org" />
+	<target host="d1.opengroup.org" />
+	<target host="d7.opengroup.org" />
+	<target host="events.opengroup.org" />
+	<target host="gitlab.opengroup.org" />
+	<target host="help.opengroup.org" />
+	<target host="info.opengroup.org" />
+	<target host="it4it-cert.opengroup.org" />
+	<target host="jserver.opengroup.org" />
+	<target host="m1.opengroup.org" />
+	<target host="m2.opengroup.org" />
+	<target host="miniweb.opengroup.org" />
+	<target host="mmforum.opengroup.org" />
+	<target host="naspl-cert.opengroup.org" />
+	<target host="ns0.opengroup.org" />
+	<target host="omi.opengroup.org" />
+	<target host="openca-cert.opengroup.org" />
+	<target host="openfair-cert.opengroup.org" />
+	<target host="openmotif.opengroup.org" />
+	<target host="ottps-accred.opengroup.org" />
+	<target host="ottps-cert.opengroup.org" />
+	<target host="pay.opengroup.org" />
+	<target host="paystaging.opengroup.org" />
+	<target host="www.pictures.opengroup.org" />
+	<target host="plato.opengroup.org" />
+	<target host="plato-test.opengroup.org" />
+	<target host="posix.opengroup.org" />
+	<target host="prod.opengroup.org" />
+	<target host="profile.opengroup.org" />
+	<target host="projects.opengroup.org" />
+	<target host="prometheus.opengroup.org" />
+	<target host="proto.opengroup.org" />
+	<target host="publications.opengroup.org" />
+	<target host="publicationsstaging.opengroup.org" />
+	<target host="pubs.opengroup.org" />
+	<target host="reports.opengroup.org" />
+	<target host="s1.opengroup.org" />
+	<target host="search.opengroup.org" />
+	<target host="shop.opengroup.org" />
+	<target host="shopstaging.opengroup.org" />
+	<target host="sso.opengroup.org" />
+	<target host="store.opengroup.org" />
+	<target host="svn.opengroup.org" />
+	<target host="tetware.opengroup.org" />
+	<target host="tetworks.opengroup.org" />
+	<target host="togaf-cert.opengroup.org" />
+	<target host="togaf9-cert.opengroup.org" />
+	<target host="ts-help.opengroup.org" />
+	<target host="w1.opengroup.org" />
+	<target host="web.opengroup.org" />
+	<target host="wiki.opengroup.org" />
+	<target host="www2.opengroup.org" />
+	<target host="www6.opengroup.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenIT.xml b/src/chrome/content/rules/OpenIT.xml
index d765413cae45..593399287f47 100644
--- a/src/chrome/content/rules/OpenIT.xml
+++ b/src/chrome/content/rules/OpenIT.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.openit.de/ => https://www.openit.de/: (60, 'SSL certific
 	Cert only matches www.
 
 -->
-<ruleset name="OpenIT" default_off='failed ruleset test'>
+<ruleset name="OpenIT" default_off="failed ruleset test">
 
 	<target host="openit.de" />
 	<target host="www.openit.de" />
diff --git a/src/chrome/content/rules/OpenITC.co.uk.xml b/src/chrome/content/rules/OpenITC.co.uk.xml
index 35caecad9b4a..55907b5c0877 100644
--- a/src/chrome/content/rules/OpenITC.co.uk.xml
+++ b/src/chrome/content/rules/OpenITC.co.uk.xml
@@ -11,7 +11,7 @@ Fetch error: http://forums.openitc.co.uk/ => https://forums.openitc.co.uk/: (7,
 		- forums.openitc.co.uk
 
 -->
-<ruleset name="OpenITC.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="OpenITC.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OpenITP.org.xml b/src/chrome/content/rules/OpenITP.org.xml
index 24eb50ed4605..7a5b37c794b5 100644
--- a/src/chrome/content/rules/OpenITP.org.xml
+++ b/src/chrome/content/rules/OpenITP.org.xml
@@ -30,7 +30,7 @@ Fetch error: http://www.openitp.org/ => https://www.openitp.org/: (28, 'Connecti
 	ˢ Secured by us
 
 -->
-<ruleset name="OpenITP.org (partial)" default_off='failed ruleset test'>
+<ruleset name="OpenITP.org (partial)" default_off="failed ruleset test">
 
 	<target host="openitp.org" />
 	<target host="lists.openitp.org" />
@@ -41,7 +41,7 @@ Fetch error: http://www.openitp.org/ => https://www.openitp.org/: (28, 'Connecti
 	<target host="www.openitp.org" />
 
 
-	<securecookie host="^(?:.+\.)?openitp\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/OpenLDAP.org.xml b/src/chrome/content/rules/OpenLDAP.org.xml
new file mode 100644
index 000000000000..446b43c30d57
--- /dev/null
+++ b/src/chrome/content/rules/OpenLDAP.org.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		- gauss.openldap.org
+		- root.openldap.org
+
+	Timeout:
+		- euler.openldap.org
+-->
+<ruleset name="OpenLDAP.org">
+
+	<target host="openldap.org" />
+	<target host="www.openldap.org" />
+	<target host="cvs.openldap.org" />
+	<target host="cvsup.openldap.org" />
+	<target host="devel.openldap.org" />
+	<target host="directory.openldap.org" />
+	<target host="ftp.openldap.org" />
+	<target host="git.openldap.org" />
+	<target host="ldap.openldap.org" />
+	<target host="mail.openldap.org" />
+	<target host="mx.openldap.org" />
+	<target host="project.openldap.org" />
+	<target host="public.openldap.org" />
+	<target host="wwwtmp.openldap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenLayers.org.xml b/src/chrome/content/rules/OpenLayers.org.xml
new file mode 100644
index 000000000000..90d31d98ca5b
--- /dev/null
+++ b/src/chrome/content/rules/OpenLayers.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		dev.openlayers.org
+		docs.openlayers.org
+
+	Timeout:
+		svn.openlayers.org
+		trac.openlayers.org
+-->
+<ruleset name="OpenLayers.org">
+
+	<target host="openlayers.org" />
+	<target host="www.openlayers.org" />
+	<target host="blog.openlayers.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenMPT.xml b/src/chrome/content/rules/OpenMPT.xml
index 816f1b8042e9..83cda6d56103 100644
--- a/src/chrome/content/rules/OpenMPT.xml
+++ b/src/chrome/content/rules/OpenMPT.xml
@@ -11,11 +11,11 @@
 	<target host="wiki.openmpt.org" />
 	<target host="wikide.openmpt.org" />
 	<target host="update.openmpt.org" />
-	
+
 	<rule from="^http://(www\.)?openmpt\.org/"
 		to="https://openmpt.org/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/OpenMW.xml b/src/chrome/content/rules/OpenMW.xml
index bd5b0c6a5759..3e374bd06ca0 100644
--- a/src/chrome/content/rules/OpenMW.xml
+++ b/src/chrome/content/rules/OpenMW.xml
@@ -27,7 +27,7 @@
 	<!--securecookie host="^\.openmw\.org$" name="^phpbb3_\w+_(k|sid|u)$" /-->
 	<!--securecookie host="^bugs\.openmw\.org$" name="^_redmine_session$" /-->
 
-	<securecookie host="^(?:.*\.)?openmw\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/OpenMailBox.org.xml b/src/chrome/content/rules/OpenMailBox.org.xml
deleted file mode 100644
index e296601fee10..000000000000
--- a/src/chrome/content/rules/OpenMailBox.org.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	404 status code:
-		ombx.io
-
-	HSTS preloaded:
-		cloud.openmailbox.org
-		lb1.openmailbox.org
-		mail.openmailbox.org
-		smtp.openmailbox.org
-
-	Redirects:
-		app.openmailbox.org → app.openmailbox.org/login
-
-	Server not found:
-		autoconfig.openmailbox.org
-		autodiscover.openmailbox.org
-		clouds.openmailbox.org
-		imap.openmailbox.org
-		lhj5d8mf9n.openmailbox.org
-		mail2.openmailbox.org
-		ns1.openmailbox.org
-		ns2.openmailbox.org
-		pop.openmailbox.org
-		smtp3.openmailbox.org
-		td321ajzoi.openmailbox.org
-		translate.openmailbox.org
-		vkeplat7nh.openmailbox.org
-		webmail.openmailbox.org
-		www.webmail.openmailbox.org
-		www.cloud.openmailbox.org
-		www.ombx.io
-
-	Timeout was reached:
-		forum.openmailbox.org
--->
-<ruleset name="OpenMailBox.org">
-	<target host="openmailbox.org" />
-	<target host="www.openmailbox.org" />
-	<target host="app.openmailbox.org" />
-
-	<target host="ombx.io" />
-		<test url="http://ombx.io/KoRjCLGE" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OpenMandriva.org.xml b/src/chrome/content/rules/OpenMandriva.org.xml
index 9dbd05ccceae..d015929f3db2 100644
--- a/src/chrome/content/rules/OpenMandriva.org.xml
+++ b/src/chrome/content/rules/OpenMandriva.org.xml
@@ -26,7 +26,7 @@ Fetch error: http://archives.forums.openmandriva.org/ => https://archives.forums
 		www-static.openmandriva.org
 
 -->
-<ruleset name="OpenMandriva.org" default_off='failed ruleset test'>
+<ruleset name="OpenMandriva.org" default_off="failed ruleset test">
 
 	<target host="openmandriva.org" />
 	<target host="www.openmandriva.org" />
diff --git a/src/chrome/content/rules/OpenNIC.org.xml b/src/chrome/content/rules/OpenNIC.org.xml
index 664771c20f39..e83e4f271d0c 100644
--- a/src/chrome/content/rules/OpenNIC.org.xml
+++ b/src/chrome/content/rules/OpenNIC.org.xml
@@ -29,6 +29,6 @@
 	<rule from="^http://wiki\.opennicproject\.org/"
 			to="https://wiki.opennic.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenSC-Project.xml b/src/chrome/content/rules/OpenSC-Project.xml
index 521811ffbeef..dad05979a6c6 100644
--- a/src/chrome/content/rules/OpenSC-Project.xml
+++ b/src/chrome/content/rules/OpenSC-Project.xml
@@ -10,7 +10,7 @@
 		 - www.opensc-project.org
 
 -->
-<ruleset name="OpenSC-Project.org" default_off="missing certificate chain">
+<ruleset name="OpenSC-Project.org" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OpenSLR.org.xml b/src/chrome/content/rules/OpenSLR.org.xml
new file mode 100644
index 000000000000..17d6b5768fda
--- /dev/null
+++ b/src/chrome/content/rules/OpenSLR.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Nonfunctional hosts in *.openslr.org:
+		- cn-mirror
+-->
+<ruleset name="OpenSLR.org">
+	<target host="openslr.org" />
+	<target host="www.openslr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSMTPD.org.xml b/src/chrome/content/rules/OpenSMTPD.org.xml
new file mode 100644
index 000000000000..2fef7b2fe06f
--- /dev/null
+++ b/src/chrome/content/rules/OpenSMTPD.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="OpenSMTPD.org">
+
+	<target host="opensmtpd.org" />
+	<target host="www.opensmtpd.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSRS.com.xml b/src/chrome/content/rules/OpenSRS.com.xml
index 552ab6a3a339..6953c006ce00 100644
--- a/src/chrome/content/rules/OpenSRS.com.xml
+++ b/src/chrome/content/rules/OpenSRS.com.xml
@@ -7,13 +7,16 @@
 <ruleset name="OpenSRS.com (partial)">
 
 	<target host="opensrs.com" />
-	<target host="*.opensrs.com" />
+	<target host="signup.opensrs.com" />
+	<target host="www.opensrs.com" />
 		<!--
 			blog posts redirect to /www., for which the cert is invalid.
 											-->
 		<exclusion pattern="^http://www\.opensrs\.com/blog[\w/-]*/$"/>
 	<target host="opensrs.net" />
-	<target host="*.opensrs.net" />
+	<target host="signup.opensrs.net" />
+	<target host="www.opensrs.net" />
+	<target host="rr-n1-tor.opensrs.net" />
 
 
 	<securecookie host="^(?:signup\.)?opensrs\.com$" name=".+" />
@@ -22,7 +25,6 @@
 	<rule from="^http://(?:(signup\.)|www\.)?opensrs\.(?:com|net)/"
 		to="https://$1opensrs.com/" />
 
-	<rule from="^http://rr-n1-tor\.opensrs\.net/"
-		to="https://rr-n1-tor.opensrs.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSecrets.org.xml b/src/chrome/content/rules/OpenSecrets.org.xml
new file mode 100644
index 000000000000..a4f078a44299
--- /dev/null
+++ b/src/chrome/content/rules/OpenSecrets.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- staging.opensecrets.org
+		- staging2.opensecrets.org
+
+		SSL peer certificate was not OK:
+		- assets.opensecrets.org
+-->
+<ruleset name="OpenSecrets.org">
+	<target host="opensecrets.org" />
+	<target host="www.opensecrets.org" />
+	<target host="cdn1.opensecrets.org" />
+		<test url="http://cdn1.opensecrets.org/news/wp-content/uploads/2008/06/01160309/WatchdogLettertoMcCain6.25.08.pdf" />
+		<test url="http://cdn1.opensecrets.org/news/wp-content/uploads/2019/05/10113955/Bernie-Sanders-and-Alexandria-Ocasio-Cortez.jpg" />
+	<target host="ftp.opensecrets.org" />
+	<target host="images.opensecrets.org" />
+	<target host="m.opensecrets.org" />
+	<target host="pfds.opensecrets.org" />
+		<test url="http://pfds.opensecrets.org/N00000019_2011.pdf" />
+	<target host="www2.opensecrets.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSignal.com.xml b/src/chrome/content/rules/OpenSignal.com.xml
index 55ded4706c9c..87763f112a9b 100644
--- a/src/chrome/content/rules/OpenSignal.com.xml
+++ b/src/chrome/content/rules/OpenSignal.com.xml
@@ -1,19 +1,27 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://developer.opensignal.com/ => https://developer.opensignal.com/: (6, 'Could not resolve host: developer.opensignal.com')
-
+	Mismatch:
+		support.opensignal.com
+	Working URL not found:
+		data-api.opensignal.com
+		data-api-prod.opensignal.com
+		data-api-stag.opensignal.com
+		opensignal-api.opensignal.com
+	Timeout:
+		upload.opensignal.com
 -->
-<ruleset name="OpenSignal.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="OpenSignal.com">
 	<target host="opensignal.com" />
-	<target host="developer.opensignal.com" />
 	<target host="www.opensignal.com" />
+	<target host="assets.opensignal.com" />
+	<target host="engineering.opensignal.com" />
+	<target host="meteor.opensignal.com" />
+	<target host="meteor-stag.opensignal.com" />
+	<target host="opensignal-web-prod.opensignal.com" />
+	<target host="solutions.opensignal.com" />
+	<target host="solutions-stag.opensignal.com" />
+	<target host="tiles.opensignal.com" />
+	<target host="tiles-prod.opensignal.com" />
+	<target host="tiles-stag.opensignal.com" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenSnowMap.org.xml b/src/chrome/content/rules/OpenSnowMap.org.xml
new file mode 100644
index 000000000000..0901fc80b3d9
--- /dev/null
+++ b/src/chrome/content/rules/OpenSnowMap.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		www6.opensnowmap.org
+-->
+<ruleset name="OpenSnowMap.org">
+
+	<target host="opensnowmap.org" />
+	<target host="www.opensnowmap.org" />
+	<target host="beta.opensnowmap.org" />
+	<target host="blog.opensnowmap.org" />
+	<target host="tiles.opensnowmap.org" />
+	<target host="tiles7.opensnowmap.org" />
+	<target host="www7.opensnowmap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://opensnowmap.org/. -->
+	<rule from="^http://opensnowmap\.org/"
+			to="https://www.opensnowmap.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenSocietyFoundations.org.xml b/src/chrome/content/rules/OpenSocietyFoundations.org.xml
new file mode 100644
index 000000000000..201f40b904fd
--- /dev/null
+++ b/src/chrome/content/rules/OpenSocietyFoundations.org.xml
@@ -0,0 +1,51 @@
+<!--
+	For related onion service rules, see osf22p3lmweopgho.onion.xml
+
+	Could not resolve host:
+		- _autodiscover._tcp
+		- auth
+		- eupestexch1
+		- eupestexch2
+		- mail.gslb
+		- sendgrid
+		- o1.sendgrid
+
+	Timeout:
+		- autheu
+		- authus
+		- eulondexch1
+		- eulondexch2
+		- eulondras
+		- eupestras
+		- auth.gslb
+		- usargoexch1
+		- usargoexch2
+		- usargoras
+		- uscoloexch1
+		- uscoloexch2
+
+	Network is unreachable:
+		- eucoloexch1
+		- eucoloexch2
+
+	Mismatched:
+		- ttf.visualizingdata
+		- webmail.gslbpub
+-->
+<ruleset name="OpenSocietyFoundations.org">
+	<target host="opensocietyfoundations.org" />
+	<target host="www.opensocietyfoundations.org" />
+	<target host="apps.opensocietyfoundations.org" />
+	<target host="authmfaeu.opensocietyfoundations.org" />
+	<target host="authmfaus.opensocietyfoundations.org" />
+	<target host="autodiscover.opensocietyfoundations.org" />
+	<target host="eumail.opensocietyfoundations.org" />
+	<target host="mail.opensocietyfoundations.org" />
+	<target host="maileu.opensocietyfoundations.org" />
+	<target host="mailus.opensocietyfoundations.org" />
+	<target host="static.opensocietyfoundations.org" />
+	<target host="usmail.opensocietyfoundations.org" />
+	<target host="webmail.opensocietyfoundations.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStreetMap.de.xml b/src/chrome/content/rules/OpenStreetMap.de.xml
index b039525ebaa0..4b184a523f7a 100644
--- a/src/chrome/content/rules/OpenStreetMap.de.xml
+++ b/src/chrome/content/rules/OpenStreetMap.de.xml
@@ -1,17 +1,40 @@
 <!--
 	For OpenStreetMap.de
-
-		Works:
-
-			- josm
-
 		Doesn't Work:
-			- www
-			- $
+			- dev (not reachable)
+			- osmoscope (mixed content)
 -->
 <ruleset name="OpenStreetMap.de">
+	<target host="openstreetmap.de" />
+	<target host="www.openstreetmap.de" />
+	<target host="bessel.openstreetmap.de" />
+	<target host="blog.openstreetmap.de" />
+	<target host="brewmap.openstreetmap.de" />
+	<target host="brewpubs.openstreetmap.de" />
+	<target host="camping.openstreetmap.de" />
+	<target host="gauss.openstreetmap.de" />
+	<target host="humboldt.openstreetmap.de" />
 	<target host="josm.openstreetmap.de" />
-	
-	<rule from="^http:"
-			to="https:" />
-</ruleset>
\ No newline at end of file
+	<target host="lists.openstreetmap.de" />
+	<target host="luftbilder.openstreetmap.de" />
+	<target host="mattermost.openstreetmap.de" />
+	<target host="openingh.openstreetmap.de" />
+	<target host="osmbc.openstreetmap.de" />
+	<target host="osmdata.openstreetmap.de" />
+	<target host="podcast.openstreetmap.de" />
+	<target host="audio.podcast.openstreetmap.de" />
+	<target host="ptna.openstreetmap.de" />
+	<target host="routing.openstreetmap.de" />
+	<target host="routing1.openstreetmap.de" />
+	<target host="routing2.openstreetmap.de" />
+	<target host="tile.openstreetmap.de" />
+	<target host="a.tile.openstreetmap.de" />
+	<target host="b.tile.openstreetmap.de" />
+	<target host="c.tile.openstreetmap.de" />
+	<target host="d.tile.openstreetmap.de" />
+	<target host="umap.openstreetmap.de" />
+	<target host="wms.openstreetmap.de" />
+	<target host="xn--hausbru-bxa.openstreetmap.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenStreetMap.org.xml b/src/chrome/content/rules/OpenStreetMap.org.xml
deleted file mode 100644
index e7f9b980f844..000000000000
--- a/src/chrome/content/rules/OpenStreetMap.org.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	See OSM_Foundation.xml for related rules.
-
-	Invalid certificate:
-		ooc.openstreetmap.org
-
--->
-<ruleset name="OpenStreetMap.org">
-
-	<target host="openstreetmap.org" />
-	<target host="www.openstreetmap.org" />
-	<target host="agri.openstreetmap.org" />
-	<target host="api.openstreetmap.org" />
-		<test url="http://api.openstreetmap.org/api/0.6/node/3109685771" />
-	<target host="blog.openstreetmap.org" />
-	<target host="git.openstreetmap.org" />
-	<target host="gps-tile.openstreetmap.org" />
-	<target host="hardware.openstreetmap.org" />
-	<target host="help.openstreetmap.org" />
-	<target host="lists.openstreetmap.org" />
-	<target host="maps.openstreetmap.org" />
-	<target host="munin.openstreetmap.org" />
-	<target host="nominatim.openstreetmap.org" />
-	<target host="os.openstreetmap.org" />
-	<target host="piwik.openstreetmap.org" />
-	<target host="planet.openstreetmap.org" />
-	<target host="stats.openstreetmap.org" />
-	<target host="svn.openstreetmap.org" />
-	<target host="taginfo.openstreetmap.org" /> 
-	<target host="tile.openstreetmap.org"/>
-	<target host="a.tile.openstreetmap.org"/>
-	<target host="b.tile.openstreetmap.org"/>
-	<target host="c.tile.openstreetmap.org"/>
-	<target host="trac.openstreetmap.org"/>
-	<target host="wiki.openstreetmap.org"/>
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"	to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenTPX.org.xml b/src/chrome/content/rules/OpenTPX.org.xml
deleted file mode 100644
index f4207a8a388a..000000000000
--- a/src/chrome/content/rules/OpenTPX.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="OpenTPX.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="opentpx.org" />
-	<target host="www.opentpx.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenTTD-expired.xml b/src/chrome/content/rules/OpenTTD-expired.xml
deleted file mode 100644
index 9a31798945c1..000000000000
--- a/src/chrome/content/rules/OpenTTD-expired.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="OpenTTD (expired)" default_off="expired">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wiki.openttdcoop.org"/>
-
-	<securecookie host="^wiki\.openttdcoop\.org$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenTTD.xml b/src/chrome/content/rules/OpenTTD.xml
index 8814490cf68c..ab5876333eef 100644
--- a/src/chrome/content/rules/OpenTTD.xml
+++ b/src/chrome/content/rules/OpenTTD.xml
@@ -1,35 +1,45 @@
-<ruleset name="OpenTTD (partial)" platform="mixedcontent">
-
-	<target host="openttd.org" />
-	<target host="*.openttd.org" />
-		<!--
-			Website has been broken by moving media to //media.openttd.org,
-			and making s://media.../.* 301 to itself.
-				Fix this by excluding media.
-					-->
-		<exclusion pattern="^http://(?:devs|media)\.openttd\.org/" />
-	<target host="openttdcoop.org" />
-	<target host="blog.openttdcoop.org" />
-	<target host="dev.openttdcoop.org" />
-	<target host="paste.openttdcoop.org" />
-	<target host="www.openttdcoop.org" />
-
-
-	<securecookie host="^secure\.openttd\.org$" name=".+" />
-	<securecookie host="^(?:.*\.)?openttdcoop\.org$" name=".+" />
-
-
-	<rule from="^http://(\w+\.)?openttd\.org/"
-		to="https://$1openttd.org/" />
 <!--
-Rules for binaries are disabled after an IRC request from the site's admins:
-
-	<target host="*.binaries.openttd.org"/>
-	<rule from="^http://\w+\.binaries\.openttd\.org/"
-		to="https://secure.openttd.org/binaries/"/>
+	Other OpenTTD rulesets:
+		- Openttdcoop.org.xml
+
+	Nonfunctional hosts in *.openttd.org:
+		- *.binaries.openttd.org (m, for each language code)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Rules for binaries are disabled after an IRC request from the site's admins:
+		<target host="*.binaries.openttd.org" />
+		<rule from="^http://\w+\.binaries\.openttd\.org/"
+			to="https://secure.openttd.org/binaries/" />
 -->
+<ruleset name="OpenTTD">
 
-	<rule from="^http://((?:blog|dev|paste|www)\.)?openttdcoop\.org/"
-		to="https://$1openttdcoop.org/" />
+	<target host="openttd.org" />
+	<target host="www.openttd.org" />
+	<target host="account.openttd.org" />
+	<target host="bananas.openttd.org" />
+	<target host="binaries.openttd.org" />
+	<target host="bugs.openttd.org" />
+	<target host="devs.openttd.org" />
+	<target host="docs.openttd.org" />
+	<target host="farm.openttd.org" />
+	<target host="forum.openttd.org" />
+	<target host="grfsearch.openttd.org" />
+	<target host="hg.openttd.org" />
+	<target host="media.openttd.org" />
+		<test url="http://media.openttd.org/images/screens/1.0/20091018_panswat_tongvorarat.png" />
+	<target host="noai.openttd.org" />
+	<target host="nogo.openttd.org" />
+	<target host="servers.openttd.org" />
+	<target host="translator.openttd.org" />
+	<target host="wiki.openttd.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/OpenTopoMap.org.xml b/src/chrome/content/rules/OpenTopoMap.org.xml
new file mode 100644
index 000000000000..745428fbc31a
--- /dev/null
+++ b/src/chrome/content/rules/OpenTopoMap.org.xml
@@ -0,0 +1,21 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Expired:
+		garmin.opentopomap.org
+-->
+<ruleset name="OpenTopoMap.org">
+
+	<target host="opentopomap.org" />
+	<target host="www.opentopomap.org" />
+	<target host="garmin2.opentopomap.org" />
+	<target host="tile.opentopomap.org" />
+	<target host="a.tile.opentopomap.org" />
+	<target host="b.tile.opentopomap.org" />
+	<target host="c.tile.opentopomap.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/OpenVAS.org.xml b/src/chrome/content/rules/OpenVAS.org.xml
deleted file mode 100644
index b2e9b23caee5..000000000000
--- a/src/chrome/content/rules/OpenVAS.org.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	(www.): self-signed
-
--->
-<ruleset name="OpenVAS.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wiki.openvas.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/OpenVPN.xml b/src/chrome/content/rules/OpenVPN.xml
index 944ea9d3fbd0..c5a92a4f5098 100644
--- a/src/chrome/content/rules/OpenVPN.xml
+++ b/src/chrome/content/rules/OpenVPN.xml
@@ -1,14 +1,139 @@
-<ruleset name="OpenVPN.net">
+<!--
+	Disabled by https-everywhere-checker because:
+Fetch error: http://forum.openvpn.net/ => https://forum.openvpn.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://kyivvpn01.openvpn.net/ => https://kyivvpn01.openvpn.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://newstaging.openvpn.net/ => https://newstaging.openvpn.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
+	Invalid certificate:
+		as-marketing-demo.openvpn.net
+		click.openvpn.net
+		click.email.openvpn.net
+		lviv-gw-2.openvpn.net  
+		newstaging-2.openvpn.net
+		pgmt-debug1.openvpn.net
+		pgmt-debug2.openvpn.net
+		apple.qa.openvpn.net
+		webmail.openvpn.net
+
+	Non-2xx HTTP code:
+		awspc3.openvpn.net
+		awspc4.openvpn.net
+
+	Refused:
+		autodiscover.openvpn.net
+		do-pgmt.cloud.openvpn.net
+		localhost.openvpn.net
+		pgmt-client-tests.openvpn.net
+		pgmt-client-tests2.openvpn.net
+		ssltest.openvpn.net
+
+	Time out:
+		apitest.openvpn.net
+		archive.openvpn.net
+		asirc.openvpn.net
+		asn3.openvpn.net
+		awsc.openvpn.net
+		backup.openvpn.net
+		beta.openvpn.net
+		billing.openvpn.net
+		billing-staging.openvpn.net
+		cftest.openvpn.net
+		connect.openvpn.net
+		crm.openvpn.net
+		dag.openvpn.net
+		dalweb.openvpn.net
+		dev.openvpn.net
+		dev1.openvpn.net
+		dev4.openvpn.net
+		dev8.openvpn.net
+		o1.email.openvpn.net 
+		files.openvpn.net
+		hp.openvpn.net
+		hp-demo.openvpn.net
+		internal.openvpn.net
+		jenkins-test.openvpn.net
+		lists.openvpn.net
+		magnetar.openvpn.net
+		mail.openvpn.net
+		meet.openvpn.net
+		mon.openvpn.net
+		nokia.openvpn.net
+		pgmt-client-tests3.openvpn.net
+		planet.openvpn.net
+		pr.openvpn.net
+		ptdev.openvpn.net
+		o87.ptr9077.openvpn.net
+		puppet.openvpn.net
+		puppet-test.openvpn.net
+		puppet4.openvpn.net
+		qatesting.openvpn.net
+		seafailover.openvpn.net
+		seaweb.openvpn.net
+		seaweb1.openvpn.net
+		secure.openvpn.net
+		sp.openvpn.net
+		status.openvpn.net
+		support-staging-instance.openvpn.net
+		svn.openvpn.net
+		test.openvpn.net
+		testing.openvpn.net
+		testweb.openvpn.net
+		webdev.openvpn.net
+		wiki.openvpn.net
+		wp.openvpn.net
+		wpd.openvpn.net
+		zstatus.openvpn.net
+
+	Too many redirects:
+		as-dev-ua1.openvpn.net
+		as-dev-ua2.openvpn.net
+		as-dev-ua3.openvpn.net
+		internalvpn.openvpn.net
+
+	Unreachable:
+		community6.openvpn.net
+		forums6.openvpn.net
+-->
+<ruleset name="openvpn.net">
 	<target host="openvpn.net" />
+	<target host="www.openvpn.net" />
+	<target host="as-billing.openvpn.net" />
+	<target host="as-billing-demo.openvpn.net" />
+	<target host="as-repo.openvpn.net" />
+	<target host="as-repository.openvpn.net" />
+	<target host="billing-backend.openvpn.net" />
+	<target host="billing-demo.openvpn.net" />
+	<target host="billing-stable.openvpn.net" />
+	<target host="blue-sso-backend.openvpn.net" />
+	<target host="build.openvpn.net" />
+	<target host="careers.openvpn.net" />
+	<target host="cloud.openvpn.net" />
+	<target host="cloud-backend.openvpn.net" />
+	<target host="cloud-billing.openvpn.net" />
+	<target host="cloud-billing-demo.openvpn.net" />
+	<target host="cloudops.openvpn.net" />
+	<target host="cloudops-backend.openvpn.net" />
+	<target host="cloudvpn-demo.openvpn.net" />
+	<target host="cloudvpn-stable.openvpn.net" />
 	<target host="community.openvpn.net" />
 	<target host="docs.openvpn.net" />
 	<target host="forums.openvpn.net" />
-	<target host="www.openvpn.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
+	<target host="go.openvpn.net" />
+	<target host="green-sso-backend.openvpn.net" />
+	<target host="ipv6.openvpn.net" />
+	<target host="myaccount.openvpn.net" />
+	<target host="nc.openvpn.net" />
+	<target host="openvpn-ecs-cluster.openvpn.net" />
+	<target host="patchwork.openvpn.net" />
+	<target host="pay.openvpn.net" />
+	<target host="sso.openvpn.net" />
+	<target host="sso-backend.openvpn.net" />
+	<target host="sso-demo.openvpn.net" />
+	<target host="sso-stable.openvpn.net" />
+	<target host="stats.openvpn.net" />
+	<target host="support.openvpn.net" />
+	<target host="swupdate.openvpn.net" />
+	<target host="www-staging-2.openvpn.net" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenVim.com.xml b/src/chrome/content/rules/OpenVim.com.xml
new file mode 100644
index 000000000000..900eed74248f
--- /dev/null
+++ b/src/chrome/content/rules/OpenVim.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="OpenVim.com">
+	<target host="openvim.com" />
+	<target host="www.openvim.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenWRT.xml b/src/chrome/content/rules/OpenWRT.xml
index 9846c0185f56..3cc002659093 100644
--- a/src/chrome/content/rules/OpenWRT.xml
+++ b/src/chrome/content/rules/OpenWRT.xml
@@ -19,6 +19,9 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="openwrt.org" />
+	<target host="www.openwrt.org" />
+	<target host="archive.openwrt.org" />
+	<target host="dev.archive.openwrt.org" />
 	<target host="dev.openwrt.org" />
 	<target host="downloads.openwrt.org" />
 	<target host="forum.openwrt.org" />
@@ -26,7 +29,6 @@
 	<target host="lists.openwrt.org" />
 	<target host="mirror2.openwrt.org" />
 	<target host="wiki.openwrt.org" />
-	<target host="www.openwrt.org" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/OpenWall.com.xml b/src/chrome/content/rules/OpenWall.com.xml
new file mode 100644
index 000000000000..d8ffdcabd4f4
--- /dev/null
+++ b/src/chrome/content/rules/OpenWall.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenWall.com">
+	<target host="openwall.com" />
+	<target host="www.openwall.com" />
+	<target host="cvsweb.openwall.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenWall.org.xml b/src/chrome/content/rules/OpenWall.org.xml
new file mode 100644
index 000000000000..b87342aec9c6
--- /dev/null
+++ b/src/chrome/content/rules/OpenWall.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="OpenWall.org">
+	<target host="openwall.org" />
+	<target host="www.openwall.org" />
+	<target host="oss-security.openwall.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenWeatherMap.org.xml b/src/chrome/content/rules/OpenWeatherMap.org.xml
new file mode 100644
index 000000000000..fef7becc925f
--- /dev/null
+++ b/src/chrome/content/rules/OpenWeatherMap.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Refused:
+		- bulk
+
+	Timeout:
+		- snow
+
+	Mismatched:
+		- wind
+-->
+<ruleset name="OpenWeatherMap.org">
+	<target host="openweathermap.org" />
+	<target host="www.openweathermap.org" />
+	<target host="api.openweathermap.org" />
+	<target host="ru.api.openweathermap.org" />
+	<target host="home.openweathermap.org" />
+	<target host="m.openweathermap.org" />
+	<target host="pro.openweathermap.org" />
+	<target host="samples.openweathermap.org" />
+	<target host="tile.openweathermap.org" />
+	<target host="a.tile.openweathermap.org" />
+	<target host="b.tile.openweathermap.org" />
+	<target host="c.tile.openweathermap.org" />
+	<target host="d.tile.openweathermap.org" />
+	<target host="e.tile.openweathermap.org" />
+	<target host="f.tile.openweathermap.org" />
+	<target host="g.tile.openweathermap.org" />
+	<target host="h.tile.openweathermap.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OpenX.org.xml b/src/chrome/content/rules/OpenX.org.xml
deleted file mode 100644
index 46782c0ebece..000000000000
--- a/src/chrome/content/rules/OpenX.org.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Other OpenX.com related rulesets, see
-		+ OpenX.xml
-
-	Non-functional hosts
-		SSL peer certificate was not OK:
-		- adserver.openx.org
-		- download.openx.org
-		- lists.openx.org
-		- sync.openx.org
-
-		Peer certificate cannot be authenticated with given CA certificates:
-		- openx.org
-		- c3.openx.org
-		- m.openx.org
-		- production.openx.org
-		- staging.openx.org
--->
-<ruleset name="OpenX.org">
-	<target host="iridium.openx.org" />
-	<target host="vpn-east.openx.org" />
-	<target host="vpn-west.openx.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OpenX.xml b/src/chrome/content/rules/OpenX.xml
index 454bde8b4081..62763e7840cd 100644
--- a/src/chrome/content/rules/OpenX.xml
+++ b/src/chrome/content/rules/OpenX.xml
@@ -1,15 +1,27 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ssl-i.xx.openx.com/ => https://ssl-i.xx.openx.com/: (6, 'Could not resolve host: ssl-i.xx.openx.com')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cci-graphs.openx.com/ => https://cci-graphs.openx.com/: (6, 'Could not resolve host: cci-graphs.openx.com')
+Fetch error: http://i-cdn.openx.com/ => https://i-cdn.openx.com/: (51, "SSL: no alternative certificate subject name matches target host name 'i-cdn.openx.com'")
+Fetch error: http://origin-cdn.openx.com/ => https://origin-cdn.openx.com/: (51, "SSL: no alternative certificate subject name matches target host name 'origin-cdn.openx.com'")
+Fetch error: http://selfservice.openx.com/ => https://selfservice.openx.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Other OpenX.com related rulesets:
 		+ Advertisers-OpenX.com.xml
 		+ Fhserve.com.xml
 		+ JumpTime.com.xml
 		+ Liftdna.com.xml
 		+ OpenX.net.xml
-		+ OpenX.org.xml
-		+ OpenX_Enterprise.com.xml
 		+ OpenX_ad_exchange.com.xml
 		+ Served_by_OpenX.com.xml
-		+ openxmarket.asia.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
@@ -56,22 +68,22 @@
 <ruleset name="OpenX.com">
 	<target host="openx.com" />
 	<target host="www.openx.com" />
-	<target host="cci-graphs.openx.com" />
+	<!-- target host="cci-graphs.openx.com" /-->
 	<target host="ssl-i.cdn.openx.com" />
 	<target host="docs.openx.com" />
-	<target host="i-cdn.openx.com" />
+	<!-- target host="i-cdn.openx.com" /-->
 	<target host="m-sso.openx.com" />
-	<target host="origin-cdn.openx.com" />
+	<!-- target host="origin-cdn.openx.com" /-->
 	<target host="cdn.platform.openx.com" />
-	<target host="selfservice.openx.com" />
+	<!-- target host="selfservice.openx.com" /-->
 	<target host="sso.openx.com" />
 	<target host="post.update.openx.com" />
 	<target host="s.update.openx.com" />
-	<target host="ssl-i.xx.openx.com" />
+	<!-- target host="ssl-i.xx.openx.com" /-->
 
-	<rule from="^http://openx\.com/" 
+	<rule from="^http://openx\.com/"
 			to="https://www.openx.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OpenXMPP.com.xml b/src/chrome/content/rules/OpenXMPP.com.xml
index 5b9da6c71f39..c5c62fcb0869 100644
--- a/src/chrome/content/rules/OpenXMPP.com.xml
+++ b/src/chrome/content/rules/OpenXMPP.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://openxmpp.com/ => https://openxmpp.com/: (7, 'Failed to conne
 		- www.openxmpp.com
 
 -->
-<ruleset name="OpenXMPP.com" default_off='failed ruleset test'>
+<ruleset name="OpenXMPP.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OpenXMarket.jp.xml b/src/chrome/content/rules/OpenXMarket.jp.xml
deleted file mode 100644
index 79ab398a50c6..000000000000
--- a/src/chrome/content/rules/OpenXMarket.jp.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Non-functional hosts
-		Timeout was reached:
-			 - ac.openxmarket.jp
-
-		SSL peer certificate or SSH remote key was not OK:
-			 - openxmarket.jp
-			 - www.openxmarket.jp
-			 - cdn.openxmarket.jp
-			 - pc.openxmarket.jp
--->
-<ruleset name="OpenXMarket.jp">
-	<target host="servedby.openxmarket.jp" />
-	<target host="ui.openxmarket.jp" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/OpenX_Enterprise.com.xml b/src/chrome/content/rules/OpenX_Enterprise.com.xml
deleted file mode 100644
index 5c94f78ffe92..000000000000
--- a/src/chrome/content/rules/OpenX_Enterprise.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other OpenX coverage, see OpenX.xml.
-
-
-	Fully covered domains:
-
-		- *-d.openxenterprise.com
-
-
-	(www.)openxenterprise.com doesn't exist.
-
--->
-<ruleset name="OpenX Enterprise.com">
-
-	<target host="*.openxenterprise.com" />
-
-		<test url="http://oxcs-d.openxenterprise.com/" />
-		<test url="http://oxdemo-d.openxenterprise.com/" />
-
-
-	<securecookie host="^\w+-d\.openxenterprise\.com$" name=".+" />
-
-
-	<!--	- Tracking beacon
-		- Seems edentical to u.openx.net
-						-->
-	<rule from="^http://(\w+)-d\.openxenterprise\.com/"
-		to="https://$1-d.openxenterprise.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open_Badges.xml b/src/chrome/content/rules/Open_Badges.xml
index 44ff3a61b4e6..d68aa37d51ad 100644
--- a/src/chrome/content/rules/Open_Badges.xml
+++ b/src/chrome/content/rules/Open_Badges.xml
@@ -43,7 +43,7 @@
 					-->
 	<!--securecookie host="(backpack|beta)\.openbadges\.org$" name="^(AWSELB|openbadges_state)$" /-->
 
-	<securecookie host=".+\.openbadges\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Open_Culture.com-problematic.xml b/src/chrome/content/rules/Open_Culture.com-problematic.xml
index c299c0805b58..1c6831b72fc1 100644
--- a/src/chrome/content/rules/Open_Culture.com-problematic.xml
+++ b/src/chrome/content/rules/Open_Culture.com-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see Open_Culture.com.xml.
 
 -->
-<ruleset name="Open Culture.com (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="Open Culture.com (missing certificate chain)" default_off="cert-chain">
 
 	<target host="openculture.com" />
 	<target host="www.openculture.com" />
diff --git a/src/chrome/content/rules/Open_Doors.org.xml b/src/chrome/content/rules/Open_Doors.org.xml
index fb3ab5234acf..9e93d00abace 100644
--- a/src/chrome/content/rules/Open_Doors.org.xml
+++ b/src/chrome/content/rules/Open_Doors.org.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Open Door rulesets:
 
-		- OD.org.xml
 
 
 	Insecure cookies are set for these hosts:
diff --git a/src/chrome/content/rules/Open_Hunt.co.xml b/src/chrome/content/rules/Open_Hunt.co.xml
index 7257792982df..f2a5d66edff5 100644
--- a/src/chrome/content/rules/Open_Hunt.co.xml
+++ b/src/chrome/content/rules/Open_Hunt.co.xml
@@ -5,7 +5,7 @@ Fetch error: http://openhunt.co/ => https://openhunt.co/: (7, 'Failed to connect
 Fetch error: http://www.openhunt.co/ => https://www.openhunt.co/: (51, "SSL: no alternative certificate subject name matches target host name 'www.openhunt.co'")
 
 -->
-<ruleset name="Open Hunt.co" default_off='failed ruleset test'>
+<ruleset name="Open Hunt.co" default_off="failed ruleset test">
 
 	<target host="openhunt.co" />
 	<target host="www.openhunt.co" />
diff --git a/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml b/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml
index 96c9fb25b774..ebadc3247b57 100644
--- a/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml
+++ b/src/chrome/content/rules/Open_InfoSec_Foundation.org-problematic.xml
@@ -7,7 +7,7 @@
 	* See https://whatsmychaincert.com
 
 -->
-<ruleset name="Open InfoSec Foundation.org (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="Open InfoSec Foundation.org (missing certificate chain)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Open_Library.org.xml b/src/chrome/content/rules/Open_Library.org.xml
index 70262ef88059..9625a44dcab6 100644
--- a/src/chrome/content/rules/Open_Library.org.xml
+++ b/src/chrome/content/rules/Open_Library.org.xml
@@ -14,7 +14,9 @@
 	<target host="openlibrary.org" />
 	<target host="blog.openlibrary.org" />
 	<target host="www.openlibrary.org" />
-
+	<target host="code.openlibrary.org" />
+	<target host="covers.openlibrary.org" />
+	<target host="dev.openlibrary.org" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Open_Listings.co.xml b/src/chrome/content/rules/Open_Listings.co.xml
deleted file mode 100644
index 44faa50c4363..000000000000
--- a/src/chrome/content/rules/Open_Listings.co.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.openlistings.co
-
--->
-<ruleset name="Open Listings.co">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="openlistings.co" />
-	<target host="st1.openlistings.co" />
-	<target host="www.openlistings.co" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.openlistings\.co$" name="^_open_listings_session$" /-->
-
-	<securecookie host="^www\.openlistings\.co$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open_Objects.com.xml b/src/chrome/content/rules/Open_Objects.com.xml
index 5a43bdfa5dcf..da985c329d83 100644
--- a/src/chrome/content/rules/Open_Objects.com.xml
+++ b/src/chrome/content/rules/Open_Objects.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://apps.openobjects.com/ => https://apps.openobjects.com/: (52,
 	(www.)?obenobjects.com: refused
 
 -->
-<ruleset name="Open Objects.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Open Objects.com (partial)" default_off="failed ruleset test">
 
 	<target host="apps.openobjects.com" />
 	<target host="search3.openobjects.com" />
diff --git a/src/chrome/content/rules/Open_Rights_Group.xml b/src/chrome/content/rules/Open_Rights_Group.xml
index e507d400a809..916065517474 100644
--- a/src/chrome/content/rules/Open_Rights_Group.xml
+++ b/src/chrome/content/rules/Open_Rights_Group.xml
@@ -3,37 +3,25 @@
 
 		- Blocked.org.uk.xml
 
-
-	Insecure cookies are set for these domains:
-
-		- .openrightsgroup.org
+	Widcard matching cannot be used since some subdomains point at third-party services
+	(without matching https certificates) such as news.openrightsgroup.org or gowers.openrightsgroup.org
 
 -->
 <ruleset name="Open Rights Group.org">
 
 	<target host="openrightsgroup.org" />
-	<target host="*.openrightsgroup.org" />
-
-		<test url="http://bug.openrightsgroup.org/" />
-		<test url="http://cardiff.openrightsgroup.org/" />
-		<test url="http://lists.openrightsgroup.org/" />
-		<test url="http://northeast.openrightsgroup.org/" />
-		<test url="http://scotland.openrightsgroup.org/" />
-		<test url="http://sheffield.openrightsgroup.org/" />
-		<test url="http://widgets.openrightsgroup.org/" />
-		<test url="http://wiki.openrightsgroup.org/" />
-		<test url="http://www.openrightsgroup.org/" />
-		<test url="http://zine.openrightsgroup.org/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.openrightsgroup\.org$" name="^PHPSESSID$" /-->
+	<target host="bug.openrightsgroup.org" />
+	<target host="cardiff.openrightsgroup.org" />
+	<target host="lists.openrightsgroup.org" />
+	<target host="northeast.openrightsgroup.org" />
+	<target host="scotland.openrightsgroup.org" />
+	<target host="sheffield.openrightsgroup.org" />
+	<target host="widgets.openrightsgroup.org" />
+	<target host="wiki.openrightsgroup.org" />
+	<target host="www.openrightsgroup.org" />
+	<target host="zine.openrightsgroup.org" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Open_Source.org-problematic.xml b/src/chrome/content/rules/Open_Source.org-problematic.xml
deleted file mode 100644
index 945f77708664..000000000000
--- a/src/chrome/content/rules/Open_Source.org-problematic.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-
-	For rules that are on by default, see Open_Source.org.xml
-
-	Problematic hosts in *opensource.org:
-
-		- lists *
-
-	* Server sends no certificate chain, see https://whatsmychaincert.com
-
--->
-<ruleset name="Open Source.org (problematic)" default_off="missing certificate chain">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="lists.opensource.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open_Source.org.xml b/src/chrome/content/rules/Open_Source.org.xml
index 2e6fec1f15ea..fc51c4603f99 100644
--- a/src/chrome/content/rules/Open_Source.org.xml
+++ b/src/chrome/content/rules/Open_Source.org.xml
@@ -1,10 +1,8 @@
-<!--
-	For problematic rules, see Open_Source.org-problematic.xml
--->
-
 <ruleset name="Open Source.org (partial)">
 
 	<target host="opensource.org" />
+	<target host="lists.opensource.org" />
+	<target host="www.opensource.org" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Open_Source_Hacker.com.xml b/src/chrome/content/rules/Open_Source_Hacker.com.xml
deleted file mode 100644
index 547e40fe9d31..000000000000
--- a/src/chrome/content/rules/Open_Source_Hacker.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .opensourcehacker.com
-
--->
-<ruleset name="Open Source Hacker.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="opensourcehacker.com" />
-	<target host="www.opensourcehacker.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.opensourcehacker\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.opensourcehacker\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open_Virtualization_Alliance.org.xml b/src/chrome/content/rules/Open_Virtualization_Alliance.org.xml
deleted file mode 100644
index fba2e44bbc27..000000000000
--- a/src/chrome/content/rules/Open_Virtualization_Alliance.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Linux Foundation coverage, see LinuxFoundation.xml.
-
--->
-<ruleset name="Open Virtualization Alliance.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="openvirtualizationalliance.org" />
-	<target host="www.openvirtualizationalliance.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Open_Web.or.kr.xml b/src/chrome/content/rules/Open_Web.or.kr.xml
deleted file mode 100644
index c4084ddfb04f..000000000000
--- a/src/chrome/content/rules/Open_Web.or.kr.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- openweb.or.kr
-		- www.openweb.or.kr
-
-
-	Mixed content:
-
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Open Web.or.kr">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="openweb.or.kr" />
-	<target host="www.openweb.or.kr" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?openweb\.or\.kr$" name="^_wp_session$" /-->
-
-	<securecookie host="^(?:www\.)?openweb\.or\.kr$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Openas.org.xml b/src/chrome/content/rules/Openas.org.xml
deleted file mode 100644
index df6f18873450..000000000000
--- a/src/chrome/content/rules/Openas.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://openas.org/ => https://openas.org/: (28, 'Connection timed out after 20000 milliseconds')
-
--->
-<ruleset name="Openas.org" default_off='failed ruleset test'>
-	<target host="openas.org" />
-	<target host="*.openas.org" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Openbaar_Ministerie.xml b/src/chrome/content/rules/Openbaar_Ministerie.xml
index db01d16917e0..3589b08024f1 100644
--- a/src/chrome/content/rules/Openbaar_Ministerie.xml
+++ b/src/chrome/content/rules/Openbaar_Ministerie.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?om\.nl/(\?xdl=|publish|views)/"
 		to="https://$1om.nl/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OpenfMRI.xml b/src/chrome/content/rules/OpenfMRI.xml
index 0c31b1887a35..1bdc4fb1fe5e 100644
--- a/src/chrome/content/rules/OpenfMRI.xml
+++ b/src/chrome/content/rules/OpenfMRI.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.openfmri.org/ => https://www.openfmri.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.openfmri.org'")
 
 -->
-<ruleset name="OpenfMRI.org" default_off='failed ruleset test'>
+<ruleset name="OpenfMRI.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Openfiler.xml b/src/chrome/content/rules/Openfiler.xml
index 034d3f09f426..ca2b3e3333fe 100644
--- a/src/chrome/content/rules/Openfiler.xml
+++ b/src/chrome/content/rules/Openfiler.xml
@@ -20,7 +20,7 @@ Fetch error: http://store.openfiler.com/ => https://store.openfiler.com/: (7, 'F
 		- store
 
 -->
-<ruleset name="openfiler.com" default_off='failed ruleset test'>
+<ruleset name="openfiler.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Opengarden.com.xml b/src/chrome/content/rules/Opengarden.com.xml
index 1c6bb1000ad5..177a47f14520 100644
--- a/src/chrome/content/rules/Opengarden.com.xml
+++ b/src/chrome/content/rules/Opengarden.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.opengarden.com/ => https://opengarden.com/: (51, "SSL: n
 	* Works, cert only matches ^opengarden.com
 
 -->
-<ruleset name="Open Garden.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Open Garden.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Openhost.xml b/src/chrome/content/rules/Openhost.xml
index 283959921120..834cb81cccdc 100644
--- a/src/chrome/content/rules/Openhost.xml
+++ b/src/chrome/content/rules/Openhost.xml
@@ -12,7 +12,7 @@ Non-2xx HTTP code: http://www.mycp.co.nz/ (200) => https://hspc.openhost.net.nz/
 
 	* Secured by us
 -->
-<ruleset name="Openhost" default_off='failed ruleset test'>
+<ruleset name="Openhost" default_off="failed ruleset test">
 
 	<!--	mismatch	-->
 	<target host="mycp.co.nz"/>
diff --git a/src/chrome/content/rules/Openid.org.cn.xml b/src/chrome/content/rules/Openid.org.cn.xml
new file mode 100644
index 000000000000..b531cc7e3800
--- /dev/null
+++ b/src/chrome/content/rules/Openid.org.cn.xml
@@ -0,0 +1,8 @@
+<ruleset name="Openid.org.cn">
+	<target host="openid.org.cn" />
+	<target host="www.openid.org.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>  
diff --git a/src/chrome/content/rules/Openjpeg.org.xml b/src/chrome/content/rules/Openjpeg.org.xml
new file mode 100644
index 000000000000..b2a47934ce7a
--- /dev/null
+++ b/src/chrome/content/rules/Openjpeg.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="Openjpeg.org" platform="mixedcontent">
+	<target host="www.openjpeg.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Openload.xml b/src/chrome/content/rules/Openload.xml
index 19f651d18a07..86a8edbd2907 100644
--- a/src/chrome/content/rules/Openload.xml
+++ b/src/chrome/content/rules/Openload.xml
@@ -32,7 +32,7 @@
 		<test url="http://thumb.oloadcdn.net/" />
 		<test url="http://ph2dwq.oloadcdn.net/" />
 		<test url="http://v4speed.oloadcdn.net/" />
-	
+
 	<target host="openload.co" />
 	<target host="www.openload.co" />
 	<target host="api.openload.co" />
@@ -43,7 +43,7 @@
 		<test url="http://t2.openload.co/log" />
 	<target host="test.openload.co" />
 	<target host="thumb.openload.co" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Openpgpkey.info.xml b/src/chrome/content/rules/Openpgpkey.info.xml
index 507204c28d08..368f6a873bf6 100644
--- a/src/chrome/content/rules/Openpgpkey.info.xml
+++ b/src/chrome/content/rules/Openpgpkey.info.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.openpgpkey.info/ => https://www.openpgpkey.info/: (51, "
 
 
 -->
-<ruleset name="Openpgpkey.info" default_off='failed ruleset test'>
+<ruleset name="Openpgpkey.info" default_off="failed ruleset test">
     <target host="openpgpkey.info" />
     <target host="www.openpgpkey.info" />
 
diff --git a/src/chrome/content/rules/Openstreetmap.fr.xml b/src/chrome/content/rules/Openstreetmap.fr.xml
index 6f1ddfab28d2..b6ad6c7cac20 100644
--- a/src/chrome/content/rules/Openstreetmap.fr.xml
+++ b/src/chrome/content/rules/Openstreetmap.fr.xml
@@ -1,45 +1,111 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://export.openstreetmap.fr/ => https://export.openstreetmap.fr/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://osm13.openstreetmap.fr/ => https://osm13.openstreetmap.fr/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://suivi.openstreetmap.fr/ => https://suivi.openstreetmap.fr/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://nomino.openstreetmap.fr/ => https://nomino.openstreetmap.fr/: (52, 'Empty reply from server')
-
-    Related OpenStretMap rulesets:
-	    - OpenStreetMap.org.xml
-	    - OpenStreetMap.de.xml
-	    - OSM_Foundation.xml
-	
-	Nonfunctional subdomains:
-	    - analyser      -> 404/wrong content
-	    - garmin        -> 404/wrong content
-	    - download      -> 404/wrong content
-	    - osmose        -> 404/wrong content
-	    - polygons      -> 404/wrong content
-	    - live          -> 404/wrong content
-	    - comcommaker   -> 404/wrong content
-	    - tms.cadastre  -> domain mismatch
-	    - taginfo       -> refused
+	Related OpenStretMap rulesets:
+		- OpenStreetMap.de.xml
+		- OSM_Foundation.xml
+
+	Invalid certificate:
+		- analyser
+		- cluster-ovh
+		- comcommaker
+		- garmin
+		- osm103
+		- osm23
+		- owncloud
+		- planet
+		- polygons
+		- proxy108
+		- proxy117
+		- rawedit
+		- status
+		- tiles
+		- wms
+
+	HTTP != HTTPS:
+		- live
+		- buildbot.osmose
+
+	Connection refused:
+		- nantes
+		- nomino
+		- normandie
+		- osm102
+		- osm134
+		- dev.www
+
+	Timeout:
+		- export
+		- osm16
+		- opendata.osmose
+		- suivi
+		- backup.umap
 -->
-<ruleset name="Openstreetmap.fr" default_off='failed ruleset test'>
+<ruleset name="Openstreetmap.fr">
+
     <target host="openstreetmap.fr" />
     <target host="www.openstreetmap.fr" />
-    <target host="umap.openstreetmap.fr" />
-    <target host="trac.openstreetmap.fr" />
-    <target host="listes.openstreetmap.fr" />
-    <target host="forum.openstreetmap.fr" />
     <target host="adherents.openstreetmap.fr" />
-    <target host="export.openstreetmap.fr" />
+    <target host="ae.openstreetmap.fr" />
+    <target host="dev.analyser.openstreetmap.fr" />
+    <target host="api.openstreetmap.fr" />
+    <target host="api-pic4carto.openstreetmap.fr" />
     <target host="bano.openstreetmap.fr" />
+    <target host="dev.bano.openstreetmap.fr" />
+    <target host="bato.openstreetmap.fr" />
+    <target host="cachelyon.openstreetmap.fr" />
     <target host="cadastre.openstreetmap.fr" />
-    <target host="osm13.openstreetmap.fr" />
-    <target host="suivi.openstreetmap.fr" />
+    <target host="tms.cadastre.openstreetmap.fr" />
+    <target host="dev.comcommaker.openstreetmap.fr" />
+    <target host="docs.openstreetmap.fr" />
+    <target host="download.openstreetmap.fr" />
+    <target host="forum.openstreetmap.fr" />
+    <target host="dev.forum.openstreetmap.fr" />
+    <target host="imagery.openstreetmap.fr" />
+    <target host="josm-dev.openstreetmap.fr" />
+    <target host="layers.openstreetmap.fr" />
+    <target host="a.layers.openstreetmap.fr" />
+    <target host="b.layers.openstreetmap.fr" />
+    <target host="c.layers.openstreetmap.fr" />
+    <target host="listes.openstreetmap.fr" />
+    <target host="dev.listes.openstreetmap.fr" />
+    <target host="maposmatic.openstreetmap.fr" />
+    <target host="monitor.openstreetmap.fr" />
     <target host="munin.openstreetmap.fr" />
-    <target host="nomino.openstreetmap.fr" />
+    <target host="next.openstreetmap.fr" />
+    <target host="nextcloud.openstreetmap.fr" />
+    <target host="osm101.openstreetmap.fr" />
+    <target host="osm104.openstreetmap.fr" />
+    <target host="osm105.openstreetmap.fr" />
+    <target host="osm110.openstreetmap.fr" />
+    <target host="osm13.openstreetmap.fr" />
+    <target host="osm138.openstreetmap.fr" />
+    <target host="osm2pgsql-monde.openstreetmap.fr" />
+    <target host="osmma.openstreetmap.fr" />
+    <target host="osmose.openstreetmap.fr" />
+    <target host="beta.osmose.openstreetmap.fr" />
+    <target host="dev.osmose.openstreetmap.fr" />
+    <target host="overpass.openstreetmap.fr" />
+    <target host="peertube.openstreetmap.fr" />
+    <target host="petitereine.openstreetmap.fr" />
+    <target host="prev.openstreetmap.fr" />
+    <target host="proxy-ign.openstreetmap.fr" />
+    <target host="sotm2018.openstreetmap.fr" />
+    <target host="sotm2019.openstreetmap.fr" />
+    <target host="taginfo.openstreetmap.fr" />
+    <target host="dev.taginfo.openstreetmap.fr" />
+    <target host="tile.openstreetmap.fr" />
+    <target host="a.tile.openstreetmap.fr" />
+    <target host="b.tile.openstreetmap.fr" />
+    <target host="c.tile.openstreetmap.fr" />
+    <target host="tile-a.openstreetmap.fr" />
+    <target host="tile-b.openstreetmap.fr" />
+    <target host="tile-c.openstreetmap.fr" />
+    <target host="tilecache.openstreetmap.fr" />
+    <target host="trac.openstreetmap.fr" />
+    <target host="umap.openstreetmap.fr" />
+    <target host="dev.umap.openstreetmap.fr" />
+
+    <securecookie host=".+" name=".+" />
 
-    <securecookie host="^(www\.|umap\.|trac\.|listes\.|forum\.|adherents\.|export\.|bano\.|cadastre\.|osm13\.|suivi\.|munin\.|nomino\.)?openstreetmap\.fr" name=".+" />
+    <rule from="^http:" to="https:" />
 
-    <rule from="^http:"
-            to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Openttdcoop.org.xml b/src/chrome/content/rules/Openttdcoop.org.xml
new file mode 100644
index 000000000000..b974acef3308
--- /dev/null
+++ b/src/chrome/content/rules/Openttdcoop.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Other OpenTTD rulesets:
+		- OpenTTD.xml
+
+	Nonfunctional hosts in *.openttdcoop.org:
+		- openttdcoop.org (e)
+
+	e: expired
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Openttdcoop.org">
+
+	<target host="openttdcoop.org" />
+	<target host="www.openttdcoop.org" />
+	<target host="blog.openttdcoop.org" />
+	<target host="bundles.openttdcoop.org" />
+	<target host="dev.openttdcoop.org" />
+	<target host="games.openttdcoop.org" />
+	<target host="hg.openttdcoop.org" />
+	<target host="jenkins.openttdcoop.org" />
+	<target host="kallithea.openttdcoop.org" />
+	<target host="paste.openttdcoop.org" />
+	<target host="rhodecode.openttdcoop.org" />
+	<target host="translator.openttdcoop.org" />
+	<target host="webster.openttdcoop.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://openttdcoop\.org/" to="https://www.openttdcoop.org/" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Operation-Fabulous.xml b/src/chrome/content/rules/Operation-Fabulous.xml
index 53f2d2f85917..d1bca4ce579d 100644
--- a/src/chrome/content/rules/Operation-Fabulous.xml
+++ b/src/chrome/content/rules/Operation-Fabulous.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://operationfabulous.com/ => https://operationfabulous.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.operationfabulous.com/ => https://www.operationfabulous.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Operation Fabulous" default_off='failed ruleset test'>
+<ruleset name="Operation Fabulous" default_off="failed ruleset test">
 
 	<target host="operationfabulous.com" />
 	<target host="www.operationfabulous.com" />
diff --git a/src/chrome/content/rules/Opg.tv.xml b/src/chrome/content/rules/Opg.tv.xml
new file mode 100644
index 000000000000..dc208a2cf31b
--- /dev/null
+++ b/src/chrome/content/rules/Opg.tv.xml
@@ -0,0 +1,6 @@
+<ruleset name="Opg.tv" platform="mixedcontent">
+	<target host="opg.tv" />
+	<target host="www.opg.tv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Opinionmeter.xml b/src/chrome/content/rules/Opinionmeter.xml
deleted file mode 100644
index 592f2c0e4b41..000000000000
--- a/src/chrome/content/rules/Opinionmeter.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	- At least some pages redirect to http
-	- ^ & www data differ
-
--->
-<ruleset name="Opinionmeter (partial)">
-
-	<target host="opinionmeter.com" />
-	<target host="www.opinionmeter.com" />
-
-
-	<rule from="^http://opinionmeter\.com/(cdn-cgi|wp-content)/"
-		to="https://opinionmeter.com/$1/" />
-
-	<rule from="^http://www\.opinionmeter\.com/OVM2($|\?|/)"
-		to="https://www.opinionmeter.com/OVM2$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Opintoluotsi.xml b/src/chrome/content/rules/Opintoluotsi.xml
index 22e19c017c43..15f39ca87d3a 100644
--- a/src/chrome/content/rules/Opintoluotsi.xml
+++ b/src/chrome/content/rules/Opintoluotsi.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://opintoluotsi.fi/ => https://opintoluotsi.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'opintoluotsi.fi'")
 Fetch error: http://www.opintoluotsi.fi/ => https://www.opintoluotsi.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.opintoluotsi.fi'")
 -->
-<ruleset name="Opintoluotsi" default_off='failed ruleset test'>
+<ruleset name="Opintoluotsi" default_off="failed ruleset test">
 	<target host="opintoluotsi.fi"/>
 	<target host="www.opintoluotsi.fi"/>
 
diff --git a/src/chrome/content/rules/Oplata.info.xml b/src/chrome/content/rules/Oplata.info.xml
index 4308f3e7b108..53d7cf7c2e27 100644
--- a/src/chrome/content/rules/Oplata.info.xml
+++ b/src/chrome/content/rules/Oplata.info.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Oppelt.com.xml b/src/chrome/content/rules/Oppelt.com.xml
index 671df3a71272..feab762ca5c0 100644
--- a/src/chrome/content/rules/Oppelt.com.xml
+++ b/src/chrome/content/rules/Oppelt.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.oppelt.com/ => https://www.oppelt.com/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="Oppelt.com" default_off='failed ruleset test'>
+<ruleset name="Oppelt.com" default_off="failed ruleset test">
 
 	<target host="oppelt.com" />
 	<target host="piwik.oppelt.com" />
diff --git a/src/chrome/content/rules/Oprah.com.xml b/src/chrome/content/rules/Oprah.com.xml
new file mode 100644
index 000000000000..65b52abc50a1
--- /dev/null
+++ b/src/chrome/content/rules/Oprah.com.xml
@@ -0,0 +1,9 @@
+<!--
+    Nonfunctional hosts in *.oprah.com:
+        oprah.com (r)
+-->
+
+<ruleset name="Oprah.com">
+	<target host="www.oprah.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Optical-Society-of-America.xml b/src/chrome/content/rules/Optical-Society-of-America.xml
index fd136436771e..d076cee20ad1 100644
--- a/src/chrome/content/rules/Optical-Society-of-America.xml
+++ b/src/chrome/content/rules/Optical-Society-of-America.xml
@@ -14,12 +14,14 @@ Fetch error: http://www.opticsinfobase.org/ => https://www.opticsinfobase.org/:
 	!functional:
 		- (www.)osa-opn.org	(www: interrupted; doesn't translate directly to osa.org)
 -->
-<ruleset name="Optical Society of America (partial)" default_off='failed ruleset test'>
+<ruleset name="Optical Society of America (partial)" default_off="failed ruleset test">
 
 	<target host="opticsinfobase.org"/>
 	<target host="www.opticsinfobase.org"/>
 	<target host="osa.org"/>
-	<target host="*.osa.org"/>
+	<target host="account.osa.org" />
+	<target host="eweb2.osa.org" />
+	<target host="www.osa.org" />
 		<!--	redirects to http	-->
 		<exclusion pattern="^http://www\.osa\.org/(?:en-us|video_library)/"/>
 
@@ -33,10 +35,7 @@ Fetch error: http://www.opticsinfobase.org/ => https://www.opticsinfobase.org/:
 	<rule from="^http://o(pticsinfobase|sa)\.org/"
 		to="https://www.o$1.org/"/>
 
-	<rule from="^http://www\.opticsinfobase\.org/"
-		to="https://www.opticsinfobase.org/"/>
 
-	<rule from="^http://(account|eweb2|www)\.osa\.org/"
-		to="https://$1.osa.org/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Opticallimits.com.xml b/src/chrome/content/rules/Opticallimits.com.xml
new file mode 100644
index 000000000000..7931d1120176
--- /dev/null
+++ b/src/chrome/content/rules/Opticallimits.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Opticallimits.com">
+	<target host="opticallimits.com" />
+	<target host="www.opticallimits.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Optimal-Payments.xml b/src/chrome/content/rules/Optimal-Payments.xml
index 2a4d85f39e7c..c0d0e3932ac5 100644
--- a/src/chrome/content/rules/Optimal-Payments.xml
+++ b/src/chrome/content/rules/Optimal-Payments.xml
@@ -12,10 +12,13 @@ Fetch error: http://www.neteller-group.com/ => https://www.optimalpayments.com/:
 Fetch error: http://optimalpayments.com/ => https://www.optimalpayments.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.optimalpayments.com'")	!functional:
 		www1.netbanx.com
 -->
-<ruleset name="Optimal Payments (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Optimal Payments (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="neteller.com"/>
-	<target host="*.neteller.com"/>
+	<target host="help.neteller.com" />
+	<target host="member.neteller.com" />
+	<target host="merchant.neteller.com" />
+	<target host="www.neteller.com" />
 	<target host="neteller-group.com"/>
 	<target host="www.neteller-group.com"/>
 	<target host="optimalpayments.com"/>
diff --git a/src/chrome/content/rules/Optimatic.xml b/src/chrome/content/rules/Optimatic.xml
deleted file mode 100644
index 05be4cb152ba..000000000000
--- a/src/chrome/content/rules/Optimatic.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	Connection refused:
-		- optimatic.com
-		- nai.optimatic.com
-
-	Chain issues:
-		- staging.rtb.optimatic.com
-
-	Cert mismatch:
-		- www.optimatic.com
-		- ast.optimatic.com
-		- b.optimatic.com
-		- cdn.optimatic.comcdnl.optimatic.com
-		- cds.optimatic.com
-		- comcdn.optimatic.com
-		- cat.ny.us.criteo.comc
-		- cdn.optimatic.comcdn.optimatic.com
-		- tracking.optimatic.comcdn.optimatic.com
-		- comdelivery.optimatic.com
-		- data39.adlooxtracking.comdelivery.optimatic.com
-		- delivery1.optimatic.com
-		- dn.optimatic.comhttpcdn.optimatic.com
-		- 443rbt.optimatic.com
-		- vast.spsp.optimatic.com
-
--->
-<ruleset name="Optimatic.com (partial)" >
-
-	<target host="campaigns.optimatic.com" />
-	<target host="cdn.optimatic.com" />
-	<target host="delivery.optimatic.com" />
-	<target host="mg-bid.optimatic.com" />
-	<target host="mg-bid-win.optimatic.com" />
-	<target host="ntracking.optimatic.com" />
-	<target host="playerlog.optimatic.com" />
-	<target host="publishers.optimatic.com" />
-	<target host="rtb.optimatic.com" />
-	<target host="reporting.optimatic.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Optimise_Media.com.xml b/src/chrome/content/rules/Optimise_Media.com.xml
index 905aa052c036..220474bd1837 100644
--- a/src/chrome/content/rules/Optimise_Media.com.xml
+++ b/src/chrome/content/rules/Optimise_Media.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Optimise Media Group rulesets:
 
-		- OMG_uk.com.xml
 		- Optimise.com.br.xml
 
 -->
diff --git a/src/chrome/content/rules/Optimost.xml b/src/chrome/content/rules/Optimost.xml
index 48d01f7ec7b7..774f6bdfdaa7 100644
--- a/src/chrome/content/rules/Optimost.xml
+++ b/src/chrome/content/rules/Optimost.xml
@@ -13,7 +13,8 @@
 -->
 <ruleset name="Optimost (partial) ">
 
-	<target host="*.optimost.com" />
+	<target host="es.optimost.com" />
+	<target host="by.essl.optimost.com" />
 
 
 	<rule from="^http://(?:es|by\.essl)\.optimost\.com/"
diff --git a/src/chrome/content/rules/OptionBit.xml b/src/chrome/content/rules/OptionBit.xml
index af2b6b7cbe27..d97ee1b0bcb4 100644
--- a/src/chrome/content/rules/OptionBit.xml
+++ b/src/chrome/content/rules/OptionBit.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OptionsAnimal.com.xml b/src/chrome/content/rules/OptionsAnimal.com.xml
index a58671526eeb..eccd5c868206 100644
--- a/src/chrome/content/rules/OptionsAnimal.com.xml
+++ b/src/chrome/content/rules/OptionsAnimal.com.xml
@@ -21,19 +21,19 @@ Non-2xx HTTP code: http://optionsanimal.com/ (200) => https://optionsanimal.com/
 	* Secured by us
 
 -->
-<ruleset name="OptionsAnimal.com" default_off='failed ruleset test'>
+<ruleset name="OptionsAnimal.com" default_off="failed ruleset test">
 
 	<target host="optionsanimal.com" />
-	<target host="*.optionsanimal.com" />
+	<target host="fast.optionsanimal.com" />
+	<target host="www.optionsanimal.com" />
 
 
 	<securecookie host="^\.optionsanimal\.com$" name=".+" />
 
 
-	<rule from="^http://optionsanimal\.com/"
-		to="https://optionsanimal.com/" />
 
 	<rule from="^http://(?:fast|www)\.optionsanimal\.com/"
 		to="https://www.optionsanimal.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Optorb.com.xml b/src/chrome/content/rules/Optorb.com.xml
deleted file mode 100644
index 0a9f5fe95e7c..000000000000
--- a/src/chrome/content/rules/Optorb.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	(www.) do not exist.
-
-
-	Web bugs.
-
--->
-<ruleset name="optorb.com">
-
-	<target host="*.optorb.com" />
-
-
-	<!--	name="^(d|r|xa)$"
-					-->
-	<securecookie host="^\.optorb\.com$" name=".+" />
-
-
-	<rule from="^http://u\.optorb\.com/"
-		to="https://u.optorb.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Opus-codec.org.xml b/src/chrome/content/rules/Opus-codec.org.xml
index a3453bce33ed..8c99d940028d 100644
--- a/src/chrome/content/rules/Opus-codec.org.xml
+++ b/src/chrome/content/rules/Opus-codec.org.xml
@@ -5,6 +5,6 @@ cert is not valid for https://git.opus-codec.org/
 <ruleset name="Opus-codec.org">
   <target host="opus-codec.org" />
   <target host="www.opus-codec.org" />
- 
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Oracle-mismatches.xml b/src/chrome/content/rules/Oracle-mismatches.xml
deleted file mode 100644
index 403b51bf5fa4..000000000000
--- a/src/chrome/content/rules/Oracle-mismatches.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For rules that are on by default, see Oracle.xml.
-
--->
-<ruleset name="Oracle (mismatches)" default_off="mismatched">
-
-	<!--	Akamai	-->
-	<target host="events.oracle.com" />
-	<!--	cert: forums.netbeans.org	-->
-	<target host="planetnetbeans.org" />
-	<target host="www.planetnetbeans.com" />
-
-
-	<securecookie host="^\.forge\.mysql\.com$" name=".+" />
-
-
-	<rule from="^http://(\w+)\.mysql\.com/"
-		to="https://$1.mysql.com/" />
-
-	<rule from="^http://events\.oracle\.com/"
-		to="https://events.oracle.com/" />
-
-	<rule from="^http://(?:www\.)?planetnetbeans\.org/"
-		to="https://planetnetbeans.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Oracle.xml b/src/chrome/content/rules/Oracle.xml
index c59e9a73554c..e02b661e3c4d 100644
--- a/src/chrome/content/rules/Oracle.xml
+++ b/src/chrome/content/rules/Oracle.xml
@@ -1,49 +1,32 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.oracle.com/communities => https://www.oracle.com/communities: Too many redirects while fetching 'https://www.oracle.com/communities'
-Fetch error: http://www.oracle.com/corporate/careers => https://www.oracle.com/corporate/careers: Too many redirects while fetching 'https://www.oracle.com/corporate/careers'
-Fetch error: http://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html => https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html: Too many redirects while fetching 'https://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html'
-Fetch error: http://www.oracle.com/rightnow/ => https://www.oracle.com/rightnow/: Too many redirects while fetching 'https://www.oracle.com/rightnow/'
-Fetch error: http://www.oracle.com/us/assets/compass-homestyle.css => https://www.oracle.com/us/assets/compass-homestyle.css: Too many redirects while fetching 'https://www.oracle.com/us/assets/compass-homestyle.css'
-Fetch error: http://oracle.com/us/compass-hp-sprite.png => https://www.oracle.com/us/assets/compass-hp-sprite.png: Too many redirects while fetching 'https://www.oracle.com/us/assets/compass-hp-sprite.png'
-Fetch error: http://www.oracle.com/us/compass-hp-sprite.png => https://www.oracle.com/us/assets/compass-hp-sprite.png: Too many redirects while fetching 'https://www.oracle.com/us/assets/compass-hp-sprite.png'
-Fetch error: http://www.oracle.com/us/master-mosaic.css => https://www.oracle.com/us/assets/master-mosaic.css: Too many redirects while fetching 'https://www.oracle.com/us/assets/master-mosaic.css'
-Fetch error: http://www.oracle.com/us/ocom-base-styles.css => https://www.oracle.com/us/assets/ocom-base-styles.css: Too many redirects while fetching 'https://www.oracle.com/us/assets/ocom-base-styles.css'
-Fetch error: http://amr-stage.oracle.com/ => https://amr-stage.oracle.com/: (6, 'Could not resolve host: amr-stage.oracle.com')
-Fetch error: http://apexea.oracle.com/ => https://apexea.oracle.com/: Too many redirects while fetching 'https://apexea.oracle.com/'
-Fetch error: http://campus.oracle.com/ => https://campus.oracle.com/: Too many redirects while fetching 'https://campus.oracle.com/'
-Fetch error: http://conference.oracle.com/ => https://conference.oracle.com/: Too many redirects while fetching 'https://conference.oracle.com/'
-Fetch error: http://edelivery-hqdc-test.oracle.com/ => https://edelivery-hqdc-test.oracle.com/: Too many redirects while fetching 'https://edelivery-hqdc-test.oracle.com/'
-Fetch error: http://forums-stage.oracle.com/ => https://forums-stage.oracle.com/: Too many redirects while fetching 'https://forums-stage.oracle.com/'
-Fetch error: http://cn.forums-stage.oracle.com/ => https://cn.forums-stage.oracle.com/: Too many redirects while fetching 'https://cn.forums-stage.oracle.com/'
-Fetch error: http://kr.forums-stage.oracle.com/ => https://kr.forums-stage.oracle.com/: Too many redirects while fetching 'https://kr.forums-stage.oracle.com/'
-Fetch error: http://fusionhelp-stage.oracle.com/ => https://fusionhelp-stage.oracle.com/: (6, 'Could not resolve host: fusionhelp-stage.oracle.com')
-Fetch error: http://login.oracle.com/ => https://login.oracle.com/: Too many redirects while fetching 'https://login.oracle.com/'
-Fetch error: http://login-stage.oracle.com/ => https://login-stage.oracle.com/: Too many redirects while fetching 'https://login-stage.oracle.com/'
-Fetch error: http://m.oracle.com/ => https://m.oracle.com/: Too many redirects while fetching 'https://m.oracle.com/'
-Fetch error: http://my.oracle.com/ => https://my.oracle.com/: Too many redirects while fetching 'https://my.oracle.com/'
-Fetch error: http://myprofile.oracle.com/ => https://myprofile.oracle.com/: Too many redirects while fetching 'https://myprofile.oracle.com/'
-Fetch error: http://myprofile-mktas.oracle.com/ => https://myprofile-mktas.oracle.com/: (6, 'Could not resolve host: http')
-Non-2xx HTTP code: http://profile.oracle.com/ (200) => https://profile.oracle.com/ (403)
-Fetch error: http://strtc.oracle.com/ => https://strtc.oracle.com/: Too many redirects while fetching 'https://strtc.oracle.com/'
-Fetch error: http://crmondemand.oracle.com/ => https://www.oracle.com/us/products/applications/crmondemand/index.html: Too many redirects while fetching 'https://www.oracle.com/us/products/applications/crmondemand/index.html'
-Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redirects while fetching 'https://www.oracleimg.com/'
-
-	See Oracle-mismatches.xml for problematic rules.
+The following targets have been disabled at 2020-10-14 19:04:33:
 
+Fetch error: http://login.oracle.com/ => https://login.oracle.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
 
-	Other Oracle rulesets:
+-->
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://blogs.oracle.com/ => https://blogs.oracle.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://java.cloud.oracle.com/ => https://java.cloud.oracle.com/: (7, 'Failed to connect to java.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://data.us0.cloud.oracle.com/ => https://data.us0.cloud.oracle.com/: (7, 'Failed to connect to data.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://idmconsolepre.us0.cloud.oracle.com/ => https://idmconsolepre.us0.cloud.oracle.com/: (7, 'Failed to connect to idmconsolepre.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://loginpre.us0.cloud.oracle.com/ => https://loginpre.us0.cloud.oracle.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://oamadminpre.us0.cloud.oracle.com/ => https://oamadminpre.us0.cloud.oracle.com/: (7, 'Failed to connect to oamadminpre.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://oimadminpre.us0.cloud.oracle.com/ => https://oimadminpre.us0.cloud.oracle.com/: (7, 'Failed to connect to oimadminpre.us0.cloud.oracle.com port 443: Connection refused')
+Fetch error: http://isdportal.oracle.com/ => https://isdportal.oracle.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
 
+	Other Oracle rulesets:
 		- Atgsvcs.com.xml
-		- ATG_Web_Commerce.xml
 		- Compendium.com.xml
 		- Custhelp.com.xml
 		- Eloqua.xml
-		- Estara.com.xml
 		- Java.net.xml
 		- JCP.org.xml
 		- Kenai.com.xml
+		- Ksplice.xml
 		- Linksys.xml
 		- MySQL.xml
 		- NetBeans.xml
@@ -51,289 +34,135 @@ Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redir
 		- Responsys.com.xml
 		- Responsys.xml
 		- RightNow.xml
-		- RightNow-clients.xml
 		- RNengage.com.xml
 
+	Connection refused:
+		- apexea.oracle.com
+		- oukc.oracle.com
+		- tahiti.oracle.com
 
-	CDN buckets:
-
-		- oracle.112.2o7.net
-		- sun.edgeboss.net
-		- pressroom.oracle.com.edgekey.net
-		- www.oracleimg.com.edgekey.net
-		- docs.oracle.com.edgesuite.net
-
-		- oraclejapan.presscentre.com
-
-			- japanmediacentre
-
-
-	Nonfunctional subdomains:
-
-		- isdportal ¹
-		- jdevadf ²
-		- oukc ¹
-		- pressroom ³
-		- tahiti ¹
+	Connection reset:
+		- medianetwork.oracle.com
 
-	¹ Refused
-	² Dropped
-	³ 503
+	Invalid certificate:
+		- investor.oracle.com
+		- oracleimg.com
 
+	Redirects to HTTP:
+		- developer.cloud.oracle.com
+		- crmondemand.oracle.com
+		- ilearning.oracle.com
+		- japanmediacentre.oracle.com
 
-	Problematic domains:
-
-		- oracle.com subdomains:
-
-			- appsconnect ⁴
-			- crmondemand ²
-			- docs ³
-			- download ⁴
-			- japanmediacentre ⁵
-
-		- oracleimg.com ²
-
-	² Redirects to http; mismatched, CN: java.sun.com
-	³ Insecure renegotiation
-	⁴ Mismatched
-	⁵ Mismatched, CN: *.presscentre.com
-
+	Timed out:
+		- blogs-stage.oracle.com
+		- emeajobs.oracle.com
+		- forums-stage.oracle.com
+		- cn.forums-stage.oracle.com
+		- jdevadf.oracle.com
+		- wikis-stage.oracle.com
 
 	Partially covered domains:
-
 		- (www.)oracle.com ¹
 		- (www.)oracleimg.com ¹
-
 	¹ Some paths redirect to http
 
-
 	There are probably some data identical across shop and www that could be grabbed for www.
 
-
-	Fully covered domains:
-
-		- oracle.com subdomains:
-
-			- academy
-			- acsportal
-			- advancedsupport
-			- amr
-			- amr-stage
-			- apex
-			- apexea
-			- asktom
-			- appsconnect	(→ appsconnect.custhelp.com)
-			- bi-fusioncrm
-			- blogs
-			- blogs-stage
-			- campus
-			- cloud subdomains:
-
-				- ^
-
-				- *.em1:
-
-					- console
-					- javaservices
-					- login
-					- myservices
-
-				- *.us0:
-
-					- data
-					- loginpre
-					- messaging
-					- storage
-
-				- *.us1
-
-					- console
-					- javaservices
-					- login
-					- myservices
-
-			- communities
-			- community
-			- conference
-			- crm-fusioncrm
-			- crmondemand		(→ www)
-			- digitalmedia
-			- dne
-			- docs
-			- download
-			- edelivery
-			- edelivery-hqdc-test
-			- education
-			- education-stage
-			- emeajobs
-			- emeapressoffice
-			- etrm
-			- fin-fusioncrm
-
-			- forums subdomains:
-
-				- ^
-				- cn
-				- kr
-
-			- forums-stage subdomains:
-
-				- ^
-				- cn
-				- kr
-
-			- fusioncrm
-			- fusionhelp
-			- fusionhelp-stage
-			- gcmprm
-			- go
-			- hcm-fusioncrm
-			- hs-ws1
-			- iacademy
-			- ic-fusioncrm
-			- ilearning
-			- ilearningcontent
-			- irecruitment
-			- linux
-			- login
-			- login-stage
-			- m
-			- medianetwork
-			- my
-			- myprofile
-			- myprofile-mktas
-			- oai
-			- oss
-			- plmap
-			- profile
-			- scm-fusioncrm
-			- search
-			- shop
-			- solutions
-			- status-ksplice
-			- stbeehive
-			- strtc
-			- suppliers
-			- support
-			- supporthtml
-			- updates
-			- wfs
-			- wikis
-			- wikis-stage
-			- workforce
-			- www-portal-stage
-			- www-stage
-
-
-	Observed cookie subdomains:
-
-		- cloud subdomains:
-
-			- ^
-
-			- em1 subdomains:
-
-				- console
-				- javaservices
-				- login
-				- myservices
-
-			- data.us0
-			- loginpre.us0
-
-			- us1 subdomains:
-
-				- console
-				- login
-				- myservices
-
-		- competencycenter
-		- crm-fusioncrm
-		- .edelivery
-		- fin-fusioncrm
-		- fusioncrm
-		- hcm-fusioncrm
-		- ic-fusioncrm
-		- medianetwork
-		- scm-fusioncrm
-		- shop
-		- solutions
-		- wikis
-		- www
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .oracle.com
-		- blogs.oracle.com
-		- community.oracle.com
-		- education.oracle.com
-		- login.oracle.com
-
-
 	Mixed content:
-
 		- Script on medianetwork from www.oracleimg.com ¹
-
 		- Images, on:
-
 			- blog from www.eloqua.com
 			- medianetwork from sun.edgeboss.net
 			- medianetwork from www.oracleimg.com ¹
 			- medianetwork from www.oracleimg.com ²
 			- www from $self ¹
-
 		- Web bugs, on:
-
 			- events from dnn506yrbagrg.cloudfront.net ¹
 			- events from consent.truste.com ¹
 			- medianetwork from www.oracleimg.com ¹
-
 	¹ Secured by us
 	² Unsecurable, doesn't trip MCB
-
 -->
-<ruleset name="Oracle (partial)" default_off='failed ruleset test'>
 
-	<!--	Direct rewrites:
-					-->
+<ruleset name="Oracle (partial)">
+
+	<!-- Direct rewrites -->
 	<target host="academy.oracle.com" />
 	<target host="acsportal.oracle.com" />
 	<target host="advancedsupport.oracle.com" />
 	<target host="amr.oracle.com" />
 	<target host="amr-stage.oracle.com" />
 	<target host="apex.oracle.com" />
-	<target host="apexea.oracle.com" />
+	<target host="apexapps.oracle.com" />
+	<target host="appsconnect.oracle.com" />
 	<target host="asktom.oracle.com" />
-	<target host="blogs.oracle.com" />
-	<target host="blogs-stage.oracle.com" />
+	<!-- target host="blogs.oracle.com" /-->
 	<target host="campus.oracle.com" />
 
 	<target host="cloud.oracle.com" />
-	<target host="*.em1.cloud.oracle.com" />
-	<target host="*.us0.cloud.oracle.com" />
-	<target host="*.us1.cloud.oracle.com" />
 
+	<target host="cldadmininternal.ap1.cloud.oracle.com" />
+	<target host="javaservices.ap1.cloud.oracle.com" />
+	<target host="myservices.ap1.cloud.oracle.com" />
+	<target host="cldadmininternal.ap2.cloud.oracle.com" />
+	<target host="myservices.ap2.cloud.oracle.com" />
+
+	<target host="docs.cloud.oracle.com" />
+
+	<target host="console.em1.cloud.oracle.com" />
+	<target host="javaservices.em1.cloud.oracle.com" />
+	<target host="login.em1.cloud.oracle.com" />
+	<target host="myservices.em1.cloud.oracle.com" />
+	<target host="console.em2.cloud.oracle.com" />
+	<target host="javaservices.em2.cloud.oracle.com" />
+	<target host="myservices.em2.cloud.oracle.com" />
+
+	<!-- target host="java.cloud.oracle.com" /-->
+	<target host="myaccount.cloud.oracle.com" />
+	<target host="servicestatus.cloud.oracle.com" />
+	<target host="stg-myaccount.cloud.oracle.com" />
+
+	<!-- target host="data.us0.cloud.oracle.com" /-->
+	<!-- target host="idmconsolepre.us0.cloud.oracle.com" /-->
+	<!-- target host="loginpre.us0.cloud.oracle.com" /-->
+	<!-- target host="oamadminpre.us0.cloud.oracle.com" /-->
+	<!-- target host="oimadminpre.us0.cloud.oracle.com" /-->
+	<target host="console.us1.cloud.oracle.com" />
+	<target host="javaservices.us1.cloud.oracle.com" />
+	<target host="login.us1.cloud.oracle.com" />
+	<target host="myservices.us1.cloud.oracle.com" />
+	<target host="stg-cldadmininternal.us1.cloud.oracle.com" />
+	<target host="stg-javaservices.us1.cloud.oracle.com" />
+	<target host="stg-myservices.us1.cloud.oracle.com" />
+	<target host="console.us2.cloud.oracle.com" />
+	<target host="idmconsole.us2.cloud.oracle.com" />
+	<target host="javaservices.us2.cloud.oracle.com" />
+	<target host="login.us2.cloud.oracle.com" />
+	<target host="myservices.us2.cloud.oracle.com" />
+
+	<target host="cloudcustomerconnect.oracle.com" />
 	<target host="communities.oracle.com" />
 	<target host="community.oracle.com" />
+	<target host="competencycenter.oracle.com" />
 	<target host="conference.oracle.com" />
+	<target host="developer.oracle.com" />
 	<target host="digitalmedia.oracle.com" />
 	<target host="dne.oracle.com" />
 	<target host="docs.oracle.com" />
+	<target host="download.oracle.com" />
 	<target host="edelivery.oracle.com" />
 	<target host="edelivery-hqdc-test.oracle.com" />
 	<target host="education.oracle.com" />
 	<target host="education-stage.oracle.com" />
-	<target host="emeajobs.oracle.com" />
 	<target host="emeapressoffice.oracle.com" />
 	<target host="etrm.oracle.com" />
+	<target host="events.oracle.com" />
 
 	<target host="forums.oracle.com" />
 	<target host="cn.forums.oracle.com" />
 	<target host="kr.forums.oracle.com" />
 
-	<target host="forums-stage.oracle.com" />
-	<target host="cn.forums-stage.oracle.com" />
 	<target host="kr.forums-stage.oracle.com" />
 
 	<target host="fusioncrm.oracle.com" />
@@ -346,24 +175,28 @@ Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redir
 	<target host="scm-fusioncrm.oracle.com" />
 
 	<target host="fusionhelp.oracle.com" />
-	<target host="fusionhelp-stage.oracle.com" />
 	<target host="gcmprm.oracle.com" />
+	<target host="go.oracle.com" />
 	<target host="hs-ws1.oracle.com" />
 	<target host="iacademy.oracle.com" />
-	<target host="ilearning.oracle.com" />
+	<target host="internetintel.oracle.com" />
 	<target host="ilearningcontent.oracle.com" />
 	<target host="irecruitment.oracle.com" />
+	<!-- target host="isdportal.oracle.com" /-->
+	<target host="ksplice.oracle.com" />
+	<target host="jbs.oracle.com" />
+	<target host="labs.oracle.com" />
+	<target host="learn.oracle.com" />
 	<target host="linux.oracle.com" />
-	<target host="login.oracle.com" />
+	<!-- target host="login.oracle.com" /-->
 	<target host="login-stage.oracle.com" />
-	<target host="medianetwork.oracle.com" />
 	<target host="m.oracle.com" />
 	<target host="my.oracle.com" />
 	<target host="myprofile.oracle.com" />
-	<target host="myprofile-mktas.oracle.com" />
 	<target host="oai.oracle.com" />
 	<target host="oss.oracle.com" />
 	<target host="plmap.oracle.com" />
+	<target host="pressroom.oracle.com" />
 	<target host="profile.oracle.com" />
 	<target host="search.oracle.com" />
 	<target host="shop.oracle.com" />
@@ -375,37 +208,23 @@ Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redir
 	<target host="support.oracle.com" />
 	<target host="supporthtml.oracle.com" />
 	<target host="updates.oracle.com" />
+	<target host="video.oracle.com" />
+	<target host="videohub.oracle.com" />
 	<target host="wfs.oracle.com" />
 	<target host="wikis.oracle.com" />
-	<target host="wikis-stage.oracle.com" />
 	<target host="workforce.oracle.com" />
 	<target host="www-portal-stage.oracle.com" />
-	<target host="www.oracle.com" />
 	<target host="www-stage.oracle.com" />
+	<target host="yum.oracle.com" />
 
-	<target host="www.oracleimg.com" />
-
-	<!--	Special cases:
-				-->
+	<!-- Special cases -->
 	<target host="oracle.com" />
-	<target host="appsconnect.oracle.com" />
-	<target host="crmondemand.oracle.com" />
-
+	<target host="www.oracle.com" />
 	<target host="oracleimg.com" />
+	<target host="www.oracleimg.com" />
 
-		<!--exclusion pattern="^http://(isdportal|jdevadf|oukc|pressroom|tahiti)\.oracle\.com/" /-->
-		<!--
-			Very stingy https support
-			most paths redirect to http
-							-->
-		<!--exclusion pattern="^http://www\.oracle\.com/(index\.html$|ocom/groups/public/|technetwork/indexes/downloads/index\.html)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.oracle(?:img)?\.com/(?!(?:\w+/)?assets/|\w+/[^/]+\.(?:css|gif|jpg|js|png)$|(?:communities|corporate/careers|javaone|marketingcloud|rightnow)(?:$|[?/]))"/>
-
-			<!--	+ve:
-					-->
+		<exclusion pattern="^http://www\.oracle(img)?\.com/(?!(\w+/)?assets/|\w+/[^/]+\.(css|gif|jpg|js|png)$|(communities|corporate/careers|javaone|marketingcloud|rightnow)($|[?/]))"/>
+			<!-- +ve -->
 			<test url="http://www.oracle.com/ee/" />
 			<test url="http://www.oracle.com/gr/" />
 			<test url="http://www.oracle.com/index.html" />
@@ -424,8 +243,7 @@ Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redir
 			<test url="http://www.oracle.com/us/support/index.html" />
 			<test url="http://www.oracle.com/us/syndication/subscribe/index.html" />
 
-			<!--	-ve:
-					-->
+			<!-- -ve -->
 			<test url="http://www.oracle.com/communities" />
 			<test url="http://www.oracle.com/corporate/careers" />
 			<test url="http://www.oracle.com/marketingcloud/products/cross-channel/marketing-to-consumers.html" />
@@ -434,35 +252,18 @@ Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redir
 			<test url="http://www.oracleimg.com/us/assets/compass-hp-sprite.png" />
 			<test url="http://www.oracleimg.com/us/assets/sidebox-background-top.gif" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.oracle\.com$" name="^(Order_MarketingCampaignSuccess|Order_MarketingTrigger|p_cur_URL|p_lang|p_mcc|p_org_id)$" /-->
-	<!--securecookie host="^blogs\.oracle\.com$" name="^BIGipServerblogs_prod_pool$" /-->
-	<!--securecookie host="^(community|login)\.oracle\.com$" name="^BIGipServer~Public~[\w+-]_\d+$" /-->
-	<!--securecookie host="^community\.oracle\.com$" name="^(JSESSIONID|jive\.security\.context)$" /-->
-	<!--securecookie host="^education\.oracle\.com$" name="^BIGipServerfapap-education_http_pool$" /-->
-	<!--securecookie host="^login\.oracle\.com$" name="^TS[\da-f]" /-->
-
-	<securecookie host="^(?:\w+|\.edelivery)\.oracle\.com$" name=".+" />
-	<!--
-		Could we secure any of these safely?
-							-->
+	<securecookie host="^(\w+|\.edelivery)\.oracle\.com$" name=".+" />
+	<!-- Could we secure any of these safely? -->
 	<!--securecookie host="^\.oracle\.com$" name="^(ORA_FND_SESSION_CRMAP\.US\.ORACLE\.COM|ORA_FUSION_PREFS|s_eVar21)$" /-->
-	<!--
-		Tracking cookies
-					-->
-	<securecookie host="^\." name="^(?:Order_Marketing(?:CampaignSuccess|Trigger)|gpw_e24|s_(?:cc|nr|sq))$" />
-
-
-	<rule from="^http://(?:www\.)?oracle(img)?\.com/us/(?=[^/]+\.(?:css|gif|jpg|js|png)$)"
-		to="https://www.oracle$1.com/us/assets/" />
+	<!-- Tracking cookies -->
+	<securecookie host="^\." name="^(Order_Marketing(CampaignSuccess|Trigger)|gpw_e24|s_(cc|nr|sq))$" />
 
+	<rule from="^http://(www\.)?oracle(img)?\.com/us/(?=[^/]+\.(css|gif|jpg|js|png)$)"
+		to="https://www.oracle$2.com/us/assets/" />
 			<test url="http://oracle.com/us/compass-hp-sprite.png" />
 			<test url="http://www.oracle.com/us/compass-hp-sprite.png" />
 			<test url="http://www.oracle.com/us/master-mosaic.css" />
 			<test url="http://www.oracle.com/us/ocom-base-styles.css" />
-
 			<test url="http://oracleimg.com/us/compass-hp-sprite.png" />
 			<test url="http://www.oracleimg.com/us/compass-hp-sprite.png" />
 			<test url="http://www.oracleimg.com/us/f01-bgstrip.png" />
@@ -472,15 +273,5 @@ Fetch error: http://oracleimg.com/ => https://www.oracleimg.com/: Too many redir
 	<rule from="^http://oracleimg\.com/"
 		to="https://www.oracleimg.com/" />
 
-	<rule from="^http://appsconnect\.oracle\.com/"
-		to="https://appsconnect.custhelp.com/" />
-
-	<!--	Redirect keeps path:
-					-->
-	<rule from="^http://crmondemand\.oracle\.com/"
-		to="https://www.oracle.com/us/products/applications/crmondemand/index.html" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Orange.xml b/src/chrome/content/rules/Orange.xml
index 806ae112f782..abf60fa5dfb9 100644
--- a/src/chrome/content/rules/Orange.xml
+++ b/src/chrome/content/rules/Orange.xml
@@ -39,13 +39,23 @@ Fetch error: http://orange.ch/ => https://www.orange.ch/: (7, 'Failed to connect
 			- connection failed
 
 -->
-<ruleset name="Orange" default_off='failed ruleset test'>
+<ruleset name="Orange" default_off="failed ruleset test">
 
 	<target host="orange.co.il" />
 	<target host="www.orange.co.il" />
-	<target host="*.orange.co.uk" />
+	<target host="kareena.orange.co.uk" />
+	<target host="services.orange.co.uk" />
+	<target host="shop.orange.co.uk" />
+	<target host="wassup.orange.co.uk" />
+	<target host="web.orange.co.uk" />
 	<target host="orange.ch"/>
-	<target host="*.orange.ch"/>
+	<target host="www.orange.ch" />
+	<target host="apps.orange.ch" />
+	<target host="community.orange.ch" />
+	<target host="mobilesettings.orange.ch" />
+	<target host="my.orange.ch" />
+	<target host="rbt.orange.ch" />
+	<target host="shop.orange.ch" />
 
 
 	<securecookie host="^(?:kareena|shop)\.orange\.co\.uk$" name=".+" />
@@ -54,13 +64,10 @@ Fetch error: http://orange.ch/ => https://www.orange.ch/: (7, 'Failed to connect
 	<rule from="^http://(?:www\.)?orange\.co\.il/"
 		to="https://www.orange.co.il/" />
 
-	<rule from="^http://(kareena|services|shop|wassup|web)\.orange\.co\.uk/"
-		to="https://$1.orange.co.uk/" />
-		
+
 	<rule from="^http://(?:www\.)?orange\.ch/"
 		to="https://www.orange.ch/"/>
 
-	<rule from="^http://(apps|community|mobilesettings|my|rbt|shop)\.orange\.ch/"
-		to="https://$1.orange.ch/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OrangeNaturals.com.xml b/src/chrome/content/rules/OrangeNaturals.com.xml
new file mode 100644
index 000000000000..69376b766bfd
--- /dev/null
+++ b/src/chrome/content/rules/OrangeNaturals.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- orangenaturals.com, e.g. http://orangenaturals.com/blog/bone-building-strong-bodies-smoothie-recipe/
+-->
+
+<ruleset name="OrangeNaturals.com" platform="mixedcontent">
+	<target host="orangenaturals.com" />
+	<target host="www.orangenaturals.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OrangeWebsite.com.xml b/src/chrome/content/rules/OrangeWebsite.com.xml
index d86a6e9282df..29e7bf9cc75f 100644
--- a/src/chrome/content/rules/OrangeWebsite.com.xml
+++ b/src/chrome/content/rules/OrangeWebsite.com.xml
@@ -21,4 +21,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orange_Geek.xml b/src/chrome/content/rules/Orange_Geek.xml
index dd8e684c4753..53e4f00e93e8 100644
--- a/src/chrome/content/rules/Orange_Geek.xml
+++ b/src/chrome/content/rules/Orange_Geek.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orbital_Sciences.xml b/src/chrome/content/rules/Orbital_Sciences.xml
index 08290c06d90f..03aaca78a6be 100644
--- a/src/chrome/content/rules/Orbital_Sciences.xml
+++ b/src/chrome/content/rules/Orbital_Sciences.xml
@@ -12,7 +12,7 @@ Fetch error: http://orbital.com/ => https://orbital.com/: (51, "SSL: no alternat
 Fetch error: http://www.orbital.com/ => https://www.orbital.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.orbital.com'")
 
 -->
-<ruleset name="Orbital Sciences" default_off='failed ruleset test'>
+<ruleset name="Orbital Sciences" default_off="failed ruleset test">
 
 	<target host="orbital.com" />
 	<target host="www.orbital.com" />
@@ -23,4 +23,4 @@ Fetch error: http://www.orbital.com/ => https://www.orbital.com/: (51, "SSL: no
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orchid_Diva.xml b/src/chrome/content/rules/Orchid_Diva.xml
index 9cf42b67cbce..6a695af3a747 100644
--- a/src/chrome/content/rules/Orchid_Diva.xml
+++ b/src/chrome/content/rules/Orchid_Diva.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/OrderBook.net.xml b/src/chrome/content/rules/OrderBook.net.xml
index 695f51759dd7..dc5aa052a065 100644
--- a/src/chrome/content/rules/OrderBook.net.xml
+++ b/src/chrome/content/rules/OrderBook.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://orderbook.net/ => https://orderbook.net/: (7, 'Failed to con
 Fetch error: http://www.orderbook.net/ => https://www.orderbook.net/: (7, 'Failed to connect to www.orderbook.net port 443: Connection refused')
 
 -->
-<ruleset name="OrderBook.net" default_off='failed ruleset test'>
+<ruleset name="OrderBook.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Oregon-State-University.xml b/src/chrome/content/rules/Oregon-State-University.xml
index 1f96f5e1f99c..fdc2ebae34d4 100644
--- a/src/chrome/content/rules/Oregon-State-University.xml
+++ b/src/chrome/content/rules/Oregon-State-University.xml
@@ -1,8 +1,5 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://osulibrary.oregonstate.edu/ => https://osulibrary.oregonstate.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
 	Other Oregon State University rulesets:
 
 		- osufoundation.org.xml
@@ -11,29 +8,19 @@ Fetch error: http://osulibrary.oregonstate.edu/ => https://osulibrary.oregonstat
 
 	Nonfunctional hosts in *oregonstate.edu:
 
-		- ecampus ᵃ
-
-	ᵃ Shows another domain
-
-
 	www.oregonstate.edu: mismatched
 
-
-	Mixed content:
-
-		- css on osulibrary from fonts.googleapis.com ˢ
-		- Images on ^ from $self ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
 -->
-<ruleset name="Oregon State.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Oregon State.edu (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="oregonstate.edu" />
 	<target host="drupalweb.forestry.oregonstate.edu" />
 	<target host="osulibrary.oregonstate.edu" />
+	<target host="library.oregonstate.edu" />
+	<target host="ecampus.oregonstate.edu" />
+	<target host="web.engr.oregonstate.edu" />
 	<target host="secure.oregonstate.edu" />
 
 	<!--	Complications:
diff --git a/src/chrome/content/rules/Orez_Praw.com.xml b/src/chrome/content/rules/Orez_Praw.com.xml
index b5e33e3af42a..04307084c490 100644
--- a/src/chrome/content/rules/Orez_Praw.com.xml
+++ b/src/chrome/content/rules/Orez_Praw.com.xml
@@ -10,7 +10,7 @@
 -->
 <ruleset name="Orez Praw.com (partial)">
 	<target host="orezpraw.com" />
-	
+
 	<securecookie host="^orezpraw\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Organization_of_American_States.xml b/src/chrome/content/rules/Organization_of_American_States.xml
deleted file mode 100644
index 9033fa0dec2c..000000000000
--- a/src/chrome/content/rules/Organization_of_American_States.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- cidh	(cert only matches www.cidh)
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Organization of American States">
-
-	<target host="oas.org" />
-	<target host="*.oas.org" />
-
-
-	<securecookie host="^www\.(?:cidh\.)?oas\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(cidh\.)?oas\.org/"
-		to="https://www.$1oas.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Orgmode.org.xml b/src/chrome/content/rules/Orgmode.org.xml
new file mode 100644
index 000000000000..3176dea99a11
--- /dev/null
+++ b/src/chrome/content/rules/Orgmode.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.orgmode.org:
+		- ask.orgmode.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Orgmode.org">
+	<target host="orgmode.org" />
+	<target host="www.orgmode.org" />
+	<target host="beta.orgmode.org" />
+	<target host="code.orgmode.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orgreen_Optics.com.xml b/src/chrome/content/rules/Orgreen_Optics.com.xml
index 20b4f801a5df..60945b3da64a 100644
--- a/src/chrome/content/rules/Orgreen_Optics.com.xml
+++ b/src/chrome/content/rules/Orgreen_Optics.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.orgreenoptics.com/ => https://orgreenoptics.com/: (60, '
 	www: cert only matches ^orgreenoptics.com.
 
 -->
-<ruleset name="Orgreen Optics.com" default_off='failed ruleset test'>
+<ruleset name="Orgreen Optics.com" default_off="failed ruleset test">
 
 	<target host="orgreenoptics.com" />
 	<target host="www.orgreenoptics.com" />
diff --git a/src/chrome/content/rules/Originar.io.xml b/src/chrome/content/rules/Originar.io.xml
new file mode 100644
index 000000000000..4c07c004a334
--- /dev/null
+++ b/src/chrome/content/rules/Originar.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="Originar.io">
+	<target host="originar.io" />
+	<target host="www.originar.io" />
+	<target host="foodagency.originar.io" />
+	<target host="press.originar.io" />
+	<target host="shop.originar.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orion.xml b/src/chrome/content/rules/Orion.xml
deleted file mode 100644
index 06a38aeefd60..000000000000
--- a/src/chrome/content/rules/Orion.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: 404
-
--->
-<ruleset name="Orion">
-
-	<target host="orionhub.org" />
-	<target host="www.orionhub.org" />
-
-
-	<rule from="^http://(?:www\.)?orionhub\.org/"
-		to="https://orionhub.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Orion_Magazine.org.xml b/src/chrome/content/rules/Orion_Magazine.org.xml
index abd61c226a36..f38bde1db6df 100644
--- a/src/chrome/content/rules/Orion_Magazine.org.xml
+++ b/src/chrome/content/rules/Orion_Magazine.org.xml
@@ -4,7 +4,7 @@
 	<target host="www.orionmagazine.org" />
 
 
-	<rule from="^http://(www\.)?orionmagazine\.com/"
-		to="https://$1orionmagazine.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Orion_Systems_Integrators.xml b/src/chrome/content/rules/Orion_Systems_Integrators.xml
index ec01012a1e28..4b50ae0ccebc 100644
--- a/src/chrome/content/rules/Orion_Systems_Integrators.xml
+++ b/src/chrome/content/rules/Orion_Systems_Integrators.xml
@@ -5,7 +5,7 @@ Fetch error: http://orioninc.com/ => https://orioninc.com/: (51, "SSL: no altern
 Fetch error: http://time.orioninc.com/ => https://time.orioninc.com/: (6, 'Could not resolve host: time.orioninc.com')
 
 -->
-<ruleset name="Orion Systems Integrators" default_off='failed ruleset test'>
+<ruleset name="Orion Systems Integrators" default_off="failed ruleset test">
 
 	<target host="orioninc.com" />
 	<target host="time.orioninc.com" />
@@ -17,4 +17,4 @@ Fetch error: http://time.orioninc.com/ => https://time.orioninc.com/: (6, 'Could
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orkut.xml b/src/chrome/content/rules/Orkut.xml
index 81c8f10394df..ae2ab06f71c2 100644
--- a/src/chrome/content/rules/Orkut.xml
+++ b/src/chrome/content/rules/Orkut.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.orkut.com.br/ => https://www.orkut.com.br/: (6, 'Could n
 	For other Google coverage, see GoogleServices.xml.
 
 -->
-<ruleset name="Orkut (partial)" default_off='failed ruleset test'>
+<ruleset name="Orkut (partial)" default_off="failed ruleset test">
 
 	<target host="a.orkut.gmodules.com" />
 	<target host="orkut.co.in" />
@@ -31,4 +31,4 @@ Fetch error: http://www.orkut.com.br/ => https://www.orkut.com.br/: (6, 'Could n
 	<rule from="^http://((?:demo|img\d|staging|www)\.)?orkut\.co(\.in|m|m\.br)/"
 		to="https://$1orkut.co$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Orkz.net.xml b/src/chrome/content/rules/Orkz.net.xml
index ee48829accf2..3df382677ca4 100644
--- a/src/chrome/content/rules/Orkz.net.xml
+++ b/src/chrome/content/rules/Orkz.net.xml
@@ -10,7 +10,7 @@
 	Problematic hosts in *orkz.net:
 
 		- webmail *
-		
+
 	* Handshake fails
 
 -->
diff --git a/src/chrome/content/rules/OrlandoCriminalDefenseAttorneyBlog.com.xml b/src/chrome/content/rules/OrlandoCriminalDefenseAttorneyBlog.com.xml
new file mode 100644
index 000000000000..e0167895854c
--- /dev/null
+++ b/src/chrome/content/rules/OrlandoCriminalDefenseAttorneyBlog.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="OrlandoCriminalDefenseAttorneyBlog.com">
+	<target host="orlandocriminaldefenseattorneyblog.com" />
+	<target host="www.orlandocriminaldefenseattorneyblog.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oron.xml b/src/chrome/content/rules/Oron.xml
index 47c78c2efcc3..689d22bf0ad5 100644
--- a/src/chrome/content/rules/Oron.xml
+++ b/src/chrome/content/rules/Oron.xml
@@ -6,7 +6,7 @@ Fetch error: http://secure.oron.com/ => https://secure.oron.com/: (7, 'Failed to
 Disabled by https-everywhere-checker because:
 Fetch error: http://secure.oron.com/ => https://secure.oron.com/: (7, 'Failed to connect to secure.oron.com port 443: Connection refused')
 -->
-<ruleset name="Oron (partial)" default_off='failed ruleset test'>
+<ruleset name="Oron (partial)" default_off="failed ruleset test">
 
 	<target host="oron.com"/>
 	<target host="secure.oron.com"/>
diff --git a/src/chrome/content/rules/OrthogonalPublishing.com.xml b/src/chrome/content/rules/OrthogonalPublishing.com.xml
new file mode 100644
index 000000000000..e3be8780997e
--- /dev/null
+++ b/src/chrome/content/rules/OrthogonalPublishing.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="OrthogonalPublishing.com">
+	<target host="orthogonalpublishing.com" />
+	<target host="www.orthogonalpublishing.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Orxrdr.com.xml b/src/chrome/content/rules/Orxrdr.com.xml
index 3ee3630e5fee..79e1c16c0cac 100644
--- a/src/chrome/content/rules/Orxrdr.com.xml
+++ b/src/chrome/content/rules/Orxrdr.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Os-cillation-mismatches.xml b/src/chrome/content/rules/Os-cillation-mismatches.xml
index 27898a68ecf7..5944dc245ada 100644
--- a/src/chrome/content/rules/Os-cillation-mismatches.xml
+++ b/src/chrome/content/rules/Os-cillation-mismatches.xml
@@ -15,7 +15,7 @@
 		- anfrage.os-cillation.de
 
 -->
-<ruleset name="os-cillation.de (partial)" default_off="missing certificate chain">
+<ruleset name="os-cillation.de (partial)" default_off="cert-chain">
 
 	<target host="os-cillation.de"/>
 	<target host="anfrage.os-cillation.de"/>
diff --git a/src/chrome/content/rules/Os-cillation.xml b/src/chrome/content/rules/Os-cillation.xml
index 3f702a0f4873..4d7536513b33 100644
--- a/src/chrome/content/rules/Os-cillation.xml
+++ b/src/chrome/content/rules/Os-cillation.xml
@@ -9,7 +9,7 @@ Fetch error: http://schweissgut.net/ => https://schweissgut.net/: (60, 'SSL cert
 Fetch error: http://www.schweissgut.net/ => https://schweissgut.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	See Os-cillation-mismatches.xml for problematic rules.
 -->
-<ruleset name="os-cillation (partial)" default_off='failed ruleset test'>
+<ruleset name="os-cillation (partial)" default_off="failed ruleset test">
 
 	<target host="schweissgut.net"/>
 	<target host="www.schweissgut.net"/>
diff --git a/src/chrome/content/rules/Oseems.com.xml b/src/chrome/content/rules/Oseems.com.xml
index 0b230b0f9a64..af02b17952f6 100644
--- a/src/chrome/content/rules/Oseems.com.xml
+++ b/src/chrome/content/rules/Oseems.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://oseems.com/ => https://oseems.com/: Too many redirects while
 Fetch error: http://apps.oseems.com/ => https://apps.oseems.com/: Too many redirects while fetching 'https://apps.oseems.com/'
 
 -->
-<ruleset name="Oseems.com" default_off='failed ruleset test'>
+<ruleset name="Oseems.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OshkoshAirport.com.xml b/src/chrome/content/rules/OshkoshAirport.com.xml
new file mode 100644
index 000000000000..5fda2c0c9744
--- /dev/null
+++ b/src/chrome/content/rules/OshkoshAirport.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Timed out:
+		- oshkoshairport.com, equivalent to www.oshkoshairport.com
+-->
+
+<ruleset name="OshkoshAirport.com">
+	<target host="oshkoshairport.com" />
+	<target host="www.oshkoshairport.com" />
+
+	<rule from="^http://oshkoshairport\.com/"
+		to="https://www.oshkoshairport.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Osmo.xml b/src/chrome/content/rules/Osmo.xml
index 7b810a7be1e1..d7bdc8695d49 100644
--- a/src/chrome/content/rules/Osmo.xml
+++ b/src/chrome/content/rules/Osmo.xml
@@ -8,7 +8,7 @@
 	<target host="store.playosmo.com" />
 	<target host=  "www.playosmo.com" />
 
-	<securecookie host="^.*\.?playosmo\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Ossec.net.xml b/src/chrome/content/rules/Ossec.net.xml
new file mode 100644
index 000000000000..6d2f10bd3370
--- /dev/null
+++ b/src/chrome/content/rules/Ossec.net.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.ossec.net:
+		- ossec.net (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Ossec.net">
+	<target host="ossec.net" />
+	<target host="www.ossec.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://ossec\.net/" to="https://www.ossec.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ostagram.ru.xml b/src/chrome/content/rules/Ostagram.ru.xml
index 1f79bbb70cc5..c2eb1fb17675 100644
--- a/src/chrome/content/rules/Ostagram.ru.xml
+++ b/src/chrome/content/rules/Ostagram.ru.xml
@@ -3,7 +3,7 @@
 	<target host="ostagram.ru" />
 	<target host="www.ostagram.ru" />
 	<target host="files2.ostagram.ru" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ostel.co.xml b/src/chrome/content/rules/Ostel.co.xml
deleted file mode 100644
index a14d9b01a559..000000000000
--- a/src/chrome/content/rules/Ostel.co.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	www: cert only matches ^ostel.co
-
--->
-<ruleset name="Ostel.co">
-
-	<target host="ostel.co" />
-	<target host="www.ostel.co" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?ostel\.co$" name="^_devise_session$" /-->
-
-	<securecookie host="^(?:www\.)?ostel\.co$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?ostel\.co/"
-		to="https://ostel.co/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Otavamedia.xml b/src/chrome/content/rules/Otavamedia.xml
index 2eea901e2098..763cfa427bde 100644
--- a/src/chrome/content/rules/Otavamedia.xml
+++ b/src/chrome/content/rules/Otavamedia.xml
@@ -27,7 +27,7 @@ Fetch error: http://www.plazakauppa.fi/ => https://www.plazakauppa.fi/: (28, 'Co
 		- (www.)plaza.fi		(ditto)
 
 -->
-<ruleset name="Otavamedia (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Otavamedia (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="kuvalehdet.fi"/>
 	<target host="www.kuvalehdet.fi"/>
diff --git a/src/chrome/content/rules/Ote.xml b/src/chrome/content/rules/Ote.xml
index 142acd6139d0..ee5500e10286 100644
--- a/src/chrome/content/rules/Ote.xml
+++ b/src/chrome/content/rules/Ote.xml
@@ -8,7 +8,7 @@ Fetch error: http://adman.otenet.gr/ => https://adman.otenet.gr/: (7, 'Failed to
 Fetch error: http://ote.gr/ => https://ote.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'ote.gr'") This ruleset is experimental. If you experience problems please
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
-<ruleset name="OTE" default_off='failed ruleset test'>
+<ruleset name="OTE" default_off="failed ruleset test">
   <target host="adman.otenet.gr" />
   <target host="corpmail.otenet.gr" />
   <target host="domainmanager.otenet.gr" />
@@ -19,9 +19,7 @@ Fetch error: http://ote.gr/ => https://ote.gr/: (51, "SSL: no alternative certif
   <target host="ote.gr" />
   <target host="11888.ote.gr" />
   <target host="www.ote.gr" />
-
-	<securecookie host="^(?:.*\.)?otenet\.gr$" name=".+" />
-	<securecookie host="^(?:.*\.)?ote\.gr$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
   <rule from="^http://((adman|corpmail|ps|domainmanager|managedservices|tools|my)\.)?otenet\.gr/" to="https://$1otenet.gr/"/>
   <rule from="^http://((www|11888)\.)?ote\.gr/" to="https://$1ote.gr/"/>
diff --git a/src/chrome/content/rules/Otpdirekt.sk.xml b/src/chrome/content/rules/Otpdirekt.sk.xml
index 48a163f0aa4b..eeb0ecc0a9a1 100644
--- a/src/chrome/content/rules/Otpdirekt.sk.xml
+++ b/src/chrome/content/rules/Otpdirekt.sk.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://otpdirekt.sk/ => https://www.otpdirekt.sk/: (6, 'Could not resolve host: otpdirekt.sk')
 Fetch error: http://www.otpdirekt.sk/ => https://www.otpdirekt.sk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.otpdirekt.sk'")
 -->
-<ruleset name="Otpdirekt.sk" default_off='failed ruleset test'>
+<ruleset name="Otpdirekt.sk" default_off="failed ruleset test">
   <target host="otpdirekt.sk" />
   <target host="www.otpdirekt.sk" />
 
diff --git a/src/chrome/content/rules/Otrojah.org.xml b/src/chrome/content/rules/Otrojah.org.xml
new file mode 100644
index 000000000000..889671072f18
--- /dev/null
+++ b/src/chrome/content/rules/Otrojah.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Otrojah.org">
+	<target host="otrojah.org" />
+	<target host="www.otrojah.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otrs.com.xml b/src/chrome/content/rules/Otrs.com.xml
new file mode 100644
index 000000000000..8d524e3106a8
--- /dev/null
+++ b/src/chrome/content/rules/Otrs.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Other Otrs rulesets:
+		- Otrs.org.xml
+
+	Nonfunctional hosts in *.otrs.com:
+		- www.otrs.com (m)
+		- enzian.otrs.com (m)
+		- *.virtual.otrs.com (m, wildcard DNS record)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Otrs.com">
+	<target host="otrs.com" />
+	<target host="www.otrs.com" />
+	<target host="blog.otrs.com" />
+	<target host="cloud.otrs.com" />
+	<target host="community.otrs.com" />
+	<target host="corporate.otrs.com" />
+	<target host="doc.otrs.com" />
+	<target host="nussberg.otrs.com" />
+	<target host="portal.otrs.com" />
+	<target host="virtual.otrs.com" />
+	<target host="wiki.otrs.com" />
+	<target host="zimbra.otrs.com" />
+
+	<rule from="^http://www\.otrs\.com/" to="https://otrs.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otrs.org.xml b/src/chrome/content/rules/Otrs.org.xml
new file mode 100644
index 000000000000..1a48d8d39c56
--- /dev/null
+++ b/src/chrome/content/rules/Otrs.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Other Otrs rulesets:
+		- Otrs.com.xml
+
+	Nonfunctional hosts in *.otrs.org:
+		- doc.otrs.org (404)
+		- dev.otrs.org (404)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Otrs.org">
+	<target host="otrs.org" />
+	<target host="www.otrs.org" />
+	<target host="blog.otrs.org" />
+	<target host="bugs.otrs.org" />
+	<target host="lists.otrs.org" />
+
+	<rule from="^http://www\.otrs\.org/" to="https://otrs.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Otsuka-shokai.co.jp.xml b/src/chrome/content/rules/Otsuka-shokai.co.jp.xml
index 911c888d1074..72d0ea7eb858 100644
--- a/src/chrome/content/rules/Otsuka-shokai.co.jp.xml
+++ b/src/chrome/content/rules/Otsuka-shokai.co.jp.xml
@@ -22,13 +22,14 @@
 <ruleset name="Otsuka-shokai.co.jp">
 
 	<target host="otsuka-shokai.co.jp" />
-	<target host="*.otsuka-shokai.co.jp" />
+	<target host="www.otsuka-shokai.co.jp" />
+	<target host="campaign.otsuka-shokai.co.jp" />
+	<target host="sdc.otsuka-shokai.co.jp" />
 
 
 	<rule from="^http://(?:www\.)?otsuka-shokai\.co\.jp/"
 		to="https://www.otsuka-shokai.co.jp/" />
 
-	<rule from="^http://(campaign|sdc)\.otsuka-shokai\.co\.jp/"
-		to="https://$1.otsuka-shokai.co.jp/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Otto.de.xml b/src/chrome/content/rules/Otto.de.xml
index d0885c991d3e..bd4b30c2cbff 100644
--- a/src/chrome/content/rules/Otto.de.xml
+++ b/src/chrome/content/rules/Otto.de.xml
@@ -7,7 +7,7 @@ Fetch error: http://pxc.otto.de/ => https://pxc.otto.de/: Pycurl fetch failed fo
 		- affiliate.otto.de
 		- rot4.otto.de
 -->
-<ruleset name="Otto.de" default_off='failed ruleset test'>
+<ruleset name="Otto.de" default_off="failed ruleset test">
 	<target host="otto.de" />
 	<target host="www.otto.de" />
 	<target host="ats.otto.de" />
diff --git a/src/chrome/content/rules/Otumm.com.xml b/src/chrome/content/rules/Otumm.com.xml
index 5b3e30ec8561..c47e01a96aa8 100644
--- a/src/chrome/content/rules/Otumm.com.xml
+++ b/src/chrome/content/rules/Otumm.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.otumm.com/ => https://otumm.com/: (60, 'SSL certificate
 	* Secured by us
 
 -->
-<ruleset name="Otumm.com" default_off='failed ruleset test'>
+<ruleset name="Otumm.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ouo.xml b/src/chrome/content/rules/Ouo.xml
new file mode 100644
index 000000000000..01c56987bf6d
--- /dev/null
+++ b/src/chrome/content/rules/Ouo.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ouo">
+	<target host="ouo.io" />
+	<target host="cdn.ouo.io" />
+	<target host="www.ouo.io" />
+	<target host="ouo.press" />
+	<target host="cdn.ouo.press" />
+	<target host="www.ouo.press" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Our-Hometown.xml b/src/chrome/content/rules/Our-Hometown.xml
index 74d7677acb95..a19c18483981 100644
--- a/src/chrome/content/rules/Our-Hometown.xml
+++ b/src/chrome/content/rules/Our-Hometown.xml
@@ -6,10 +6,10 @@ Non-2xx HTTP code: http://our-hometown.com/ (200) => https://www.our-hometown.co
 Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://our-hometown.com/ (200) => https://www.our-hometown.com/ (401)
 -->
-<ruleset name="Our Hometown" default_off='failed ruleset test'>
+<ruleset name="Our Hometown" default_off="failed ruleset test">
 
 	<target host="our-hometown.com" />
-	<target host="*.our-hometown.com" />
+	<target host="www.our-hometown.com" />
 
 
 	<securecookie host="^\.our-hometown\.com$" name=".+" />
diff --git a/src/chrome/content/rules/OurCommonPlace.xml b/src/chrome/content/rules/OurCommonPlace.xml
index f749d8b958be..ddf47fdb1c66 100644
--- a/src/chrome/content/rules/OurCommonPlace.xml
+++ b/src/chrome/content/rules/OurCommonPlace.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.ourcommonplace.com/ => https://www.ourcommonplace.com/:
 	^ourcommonplace.com: 522 over http & https
 
 -->
-<ruleset name="OurCommonPlace.com" default_off='failed ruleset test'>
+<ruleset name="OurCommonPlace.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OurWorldOfText.com.xml b/src/chrome/content/rules/OurWorldOfText.com.xml
new file mode 100644
index 000000000000..e1c7e611945d
--- /dev/null
+++ b/src/chrome/content/rules/OurWorldOfText.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Expired:
+		- mail
+		- mta-sts.mail
+		- test
+		- server
+-->
+<ruleset name="OurWorldOfText.com">
+	<target host="ourworldoftext.com" />
+	<target host="www.ourworldoftext.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OutWit.com.xml b/src/chrome/content/rules/OutWit.com.xml
index af9c50bad953..2532e7c6897f 100644
--- a/src/chrome/content/rules/OutWit.com.xml
+++ b/src/chrome/content/rules/OutWit.com.xml
@@ -12,7 +12,7 @@
 <ruleset name="OutWit.com (partial)">
 
 	<target host="outwit.com" />
-	<target host="*.outwit.com" />
+	<target host="www.outwit.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Outernet.is.xml b/src/chrome/content/rules/Outernet.is.xml
index 5e930c2c85af..5fd940adb375 100644
--- a/src/chrome/content/rules/Outernet.is.xml
+++ b/src/chrome/content/rules/Outernet.is.xml
@@ -8,7 +8,7 @@ Fetch error: http://outernet.is/ => https://www.outernet.is/: (60, 'SSL certific
     <target host="outernet.is" />
     <target host="*.outernet.is" />
 
-    <securecookie host="^(?:.*\.)?outernet\.is$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://outernet\.is/"
         to="https://www.outernet.is/" />
diff --git a/src/chrome/content/rules/Outlook_Live.xml b/src/chrome/content/rules/Outlook_Live.xml
deleted file mode 100644
index 08f7a565ebbe..000000000000
--- a/src/chrome/content/rules/Outlook_Live.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
--->
-<ruleset name="Outlook.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="outlook.com" />
-	<target host="autodiscover-s.outlook.com" />
-	<target host="m.outlook.com" />
-	<target host="postmaster.outlook.com" />
-	<target host="r3.res.outlook.com" />
-	<target host="www.outlook.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Outspark.xml b/src/chrome/content/rules/Outspark.xml
index 5cb83e5096fa..2c574e7d018e 100644
--- a/src/chrome/content/rules/Outspark.xml
+++ b/src/chrome/content/rules/Outspark.xml
@@ -18,7 +18,7 @@
 	<target host="www.outspark.com" />
 
 
-	<securecookie host="^(?:.*\.)?outspark\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/OverDrive.com.xml b/src/chrome/content/rules/OverDrive.com.xml
index de5da8fa1a3a..7da9e0d68e16 100644
--- a/src/chrome/content/rules/OverDrive.com.xml
+++ b/src/chrome/content/rules/OverDrive.com.xml
@@ -67,7 +67,7 @@
 	<!--	Complications:
 				-->
 	<target host="ox-i.overdrive.com" />
-	
+
 		<test url="http://libraryreserve.cdn.overdrive.com/100429/50/1.40/spacer.gif" />
 
 		<!--	Sets cookie without Secure:
diff --git a/src/chrome/content/rules/OvercastFM.xml b/src/chrome/content/rules/OvercastFM.xml
index 0cdec0932533..d94981b11ac1 100644
--- a/src/chrome/content/rules/OvercastFM.xml
+++ b/src/chrome/content/rules/OvercastFM.xml
@@ -1,6 +1,6 @@
 <ruleset name="Overcast">
 	<target host="overcast.fm" />
-	<target host="*.overcast.fm" />
+	<target host="www.overcast.fm" />
 
 	<rule from="^http://(?:www\.)?overcast\.fm/"
 		to="https://overcast.fm/" />
diff --git a/src/chrome/content/rules/Overclock.net-problematic.xml b/src/chrome/content/rules/Overclock.net-problematic.xml
deleted file mode 100644
index cb4feadef807..000000000000
--- a/src/chrome/content/rules/Overclock.net-problematic.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For rules that are on by default, see Overclock.net.xml.
-
--->
-<ruleset name="overclock.net (mismatched)" default_off="mismatched">
-
-	<target host="overclock.net" />
-	<target host="www.overclock.net" />
-
-
-	<rule from="^http://(?:www\.)?overclock\.net/"
-		to="https://www.overclock.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Overclock.net.xml b/src/chrome/content/rules/Overclock.net.xml
index 599701322ac7..c25a7296b356 100644
--- a/src/chrome/content/rules/Overclock.net.xml
+++ b/src/chrome/content/rules/Overclock.net.xml
@@ -1,35 +1,12 @@
 <!--
-	For problematic rules, see Overclock.net-problematic.xml.
-
-
-	CDN buckets:
-
-		- d1rktuf34l9h2g.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- cdn ²
-		- files		(cert: ditto; 404)
-
-	² 404; mismatched, CN: www.cakecentral.com
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- www ²
-
-	¹ Dropped
-	² Mismatched, CN: *.a.ssl.fastly.net
-
+	Timeout:
+		- folding
+		- foldingstats
 -->
-<ruleset name="overclock.net (partial)">
-
+<ruleset name="Overclock.net">
+	<target host="overclock.net" />
+	<target host="www.overclock.net" />
 	<target host="cdn.overclock.net" />
 
-
-	<rule from="^http://cdn\.overclock\.net/"
-		to="https://d1rktuf34l9h2g.cloudfront.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Overclockers.at.xml b/src/chrome/content/rules/Overclockers.at.xml
index 26a85576f20c..cd048515e095 100644
--- a/src/chrome/content/rules/Overclockers.at.xml
+++ b/src/chrome/content/rules/Overclockers.at.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bitte.overclockers.at/ => https://bitte.overclockers.at/: (6, 'Could not resolve host: bitte.overclockers.at')
 
 -->
-<ruleset name="overclockers.at" default_off='failed ruleset test'>
+<ruleset name="overclockers.at" default_off="failed ruleset test">
   <target host="overclockers.at" />
   <target host="www.overclockers.at" />
   <target host="bitte.overclockers.at" />
diff --git a/src/chrome/content/rules/Overclockers.com.xml b/src/chrome/content/rules/Overclockers.com.xml
index ffaeb836bc68..3be70950dd71 100644
--- a/src/chrome/content/rules/Overclockers.com.xml
+++ b/src/chrome/content/rules/Overclockers.com.xml
@@ -3,49 +3,16 @@
 
 		- INet-Interactive.xml
 
-
-	Expired 2014-07-20
-
-
-	Mixed content:
-
-		- css from $self *
-
-		- Images from $self *
-
-		- favicon  from $self *
-
-		- Bug from s.skimresources.com *
-
-	* Secured by us
-
 -->
-<ruleset name="Overclockers.com (partial)" default_off="expired" platform="mixedcontent">
+<ruleset name="Overclockers.com (partial)">
 
 	<target host="ocforums.com" />
 	<target host="www.ocforums.com" />
 	<target host="overclockers.com" />
-	<target host="*.overclockers.com" />
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^\.overclockers\.com$" name="^(bbforum_view|bblastactivity|bblastvisit)$" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^\.overclockers\.com$" name="^bbsessionhash$" /-->
-
-	<securecookie host="^\.overclockers\.com$" name=".+" />
-
+	<target host="www.overclockers.com" />
 
-	<!--	Cert isn't valid for ocforums.com.
-		Server redirects as so.
-					-->
-	<rule from="^http://(?:www\.)ocforums\.com/"
-		to="https://www.overclockers.com/forums/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?overclockers\.com/"
-		to="https://$1overclockers.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Overlake-Hospital.xml b/src/chrome/content/rules/Overlake-Hospital.xml
index e856d5dab6d4..ba39f3b9d7ae 100644
--- a/src/chrome/content/rules/Overlake-Hospital.xml
+++ b/src/chrome/content/rules/Overlake-Hospital.xml
@@ -1,10 +1,10 @@
 <ruleset name="Overlake Hospital Medical Center" platform="mixedcontent">
 
 	<target host="overlakehospital.org" />
-	<target host="*.overlakehospital.org" />
+	<target host="www.overlakehospital.org" />
 
 
-	<securecookie host="^(?:.*\.)?overlakehospital\.org" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?overlakehospital\.org/"
diff --git a/src/chrome/content/rules/Overpass-api.de.xml b/src/chrome/content/rules/Overpass-api.de.xml
new file mode 100644
index 000000000000..1e60ad83e9dd
--- /dev/null
+++ b/src/chrome/content/rules/Overpass-api.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Overpass-api.de">
+	<target host="overpass-api.de" />
+	<target host="www.overpass-api.de" />
+	<target host="dev.overpass-api.de" />
+	<target host="lz4.overpass-api.de" />
+	<target host="z.overpass-api.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Oversee.xml b/src/chrome/content/rules/Oversee.xml
index 0e92c2f41ed3..5c9e54591b20 100644
--- a/src/chrome/content/rules/Oversee.xml
+++ b/src/chrome/content/rules/Oversee.xml
@@ -1,50 +1,22 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://static.couponfinder.com/ => https://d2q7dxlbtbvkph.cloudfront.net/: (6, 'Could not resolve host: d2q7dxlbtbvkph.cloudfront.net')
-Fetch error: http://domainfest.com/ => https://domainfest.com/: (7, 'Failed to connect to domainfest.com port 443: Connection refused')
-Fetch error: http://www.domainfest.com/ => https://www.domainfest.com/: (7, 'Failed to connect to www.domainfest.com port 443: Connection refused')
-Fetch error: http://oversee.net/ => https://oversee.net/: (51, "SSL: no alternative certificate subject name matches target host name 'oversee.net'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://static.couponfinder.com/ => https://d2q7dxlbtbvkph.cloudfront.net/: (6, 'Could not resolve host: static.couponfinder.com')
-Fetch error: http://domainfest.com/ => https://domainfest.com/: (7, 'Failed to connect to domainfest.com port 443: Connection refused')
-Fetch error: http://www.domainfest.com/ => https://www.domainfest.com/: (7, 'Failed to connect to www.domainfest.com port 443: Connection refused')
-Fetch error: http://oversee.net/ => https://oversee.net/: (60, 'SSL certificate problem: self signed certificate')
 	Other Oversee.net rulesets:
+		+ Cdncomputer.com.xml
+		+ ShopWiki.com.xml
+		+ Webfest_Global.xml
 
-		- Cdncomputer.com.xml
-		- DomainSponsor.xml
-		- ShopWiki.xml
-		- Webfest_Global.xml
 
--->
-<ruleset name="Oversee.net (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+	Non-functional hosts
+		Couldn't connect to server:
+		- domainfest.com
+		- www.domainfest.com
 
+		SSL peer certificate was not OK:
+		- oversee.net
+		- www.oversee.net
+-->
+<ruleset name="Oversee.net (partial)">
 	<target host="aboutairportparking.com" />
 	<target host="www.aboutairportparking.com" />
-	<target host="static.couponfinder.com" />
-	<target host="domainfest.com" />
-	<target host="www.domainfest.com" />
-	<target host="oversee.net" />
-	<target host="*.oversee.net" />
-
-
-	<securecookie host=".*\.aboutairportparking\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?domainfest\.com$" name=".+" />
-	<securecookie host="^(?:.*\.)?oversee\.net$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?aboutairportparking\.com/"
-		to="https://www.aboutairportparking.com/" />
-
-	<rule from="^http://static\.couponfinder\.com/"
-		to="https://d2q7dxlbtbvkph.cloudfront.net/" />
-
-	<rule from="^http://(www\.)?domainfest\.com/"
-		to="https://$1domainfest.com/" />
-
-	<rule from="^http://(support\.|www\.)?oversee\.net/"
-		to="https://$1oversee.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/OvershootDay.org.xml b/src/chrome/content/rules/OvershootDay.org.xml
new file mode 100644
index 000000000000..1a1d2a57ad8f
--- /dev/null
+++ b/src/chrome/content/rules/OvershootDay.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="OvershootDay.org">
+
+	<target host="overshootday.org" />
+	<target host="www.overshootday.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Overstock.com.xml b/src/chrome/content/rules/Overstock.com.xml
index c2438bf08d05..291305fcfe01 100644
--- a/src/chrome/content/rules/Overstock.com.xml
+++ b/src/chrome/content/rules/Overstock.com.xml
@@ -50,9 +50,14 @@
 -->
 <ruleset name="Overstock.com (partial)">
 
-	<target host="*.ostkcdn.com" />
+	<target host="ak1.ostkcdn.com" />
+	<target host="ak2.ostkcdn.com" />
+	<target host="ak-s.ostkcdn.com" />
 	<target host="overstock.com" />
-	<target host="*.overstock.com" />
+	<target host="www.overstock.com" />
+	<target host="help.overstock.com" />
+	<target host="newcars.overstock.com" />
+	<target host="secure.newcars.overstock.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Overview_Project.org.xml b/src/chrome/content/rules/Overview_Project.org.xml
index 27ceed9f37ae..66463de010eb 100644
--- a/src/chrome/content/rules/Overview_Project.org.xml
+++ b/src/chrome/content/rules/Overview_Project.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://overviewproject.org/ => https://overviewproject.org/: (60, '
 Fetch error: http://www.overviewproject.org/ => https://www.overviewproject.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Overview Project.org" default_off='failed ruleset test'>
+<ruleset name="Overview Project.org" default_off="failed ruleset test">
 
 	<target host="overviewproject.org" />
 	<target host="www.overviewproject.org" />
diff --git a/src/chrome/content/rules/Ovi.com.xml b/src/chrome/content/rules/Ovi.com.xml
deleted file mode 100644
index 406c67688b32..000000000000
--- a/src/chrome/content/rules/Ovi.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Nokia coverage, see Nokia.xml.
-
--->
-<ruleset name="Ovi.com (partial)">
-
-	<target host="*.ovi.com" />
-
-
-	<securecookie host="^\.store\.ovi\.com$" name=".+" />
-
-
-	<rule from="^http://(p\.d|publish|store|static\.store)\.ovi\.com/"
-		to="https://$1.ovi.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ovid.xml b/src/chrome/content/rules/Ovid.xml
index b73b4f878cbb..a0b1a4871f04 100644
--- a/src/chrome/content/rules/Ovid.xml
+++ b/src/chrome/content/rules/Ovid.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ovscruise.com.xml b/src/chrome/content/rules/Ovscruise.com.xml
index 300197e5316e..625f472eebbe 100644
--- a/src/chrome/content/rules/Ovscruise.com.xml
+++ b/src/chrome/content/rules/Ovscruise.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
@@ -16,7 +16,6 @@
 	<target host="diamond.ovscruise.com" />
 	<target host="marriott.ovscruise.com" />
 	<target host="mvcvacationredemptioncenter.ovscruise.com" />
-	<target host="prod-cruise.ovscruise.com" />
 	<target host="shop.ovscruise.com" />
 	<target host="staging-cruise.ovscruise.com" />
 	<target host="test-cruise.ovscruise.com" />
diff --git a/src/chrome/content/rules/Ow.ly.xml b/src/chrome/content/rules/Ow.ly.xml
index 0999a8cb576d..ba9b121bab95 100644
--- a/src/chrome/content/rules/Ow.ly.xml
+++ b/src/chrome/content/rules/Ow.ly.xml
@@ -1,23 +1,16 @@
 <!--
 	For other HootSuite coverage, see HootSuite.xml.
 
-
-	CDN buckets:
-
-		- d2jhuj1whasmze.cloudfront.net
-
-			- static
-
-
-	(www.): refused
+	Non-functional hosts:
+		Refused:
+		- ow.ly
+		- www.ow.ly
 
 -->
 <ruleset name="Ow.ly (partial)">
 
 	<target host="static.ow.ly" />
 
-
-	<rule from="^http://static\.ow\.ly/"
-		to="https://d2jhuj1whasmze.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Own.ag.xml b/src/chrome/content/rules/Own.ag.xml
new file mode 100644
index 000000000000..960a88ecc5b9
--- /dev/null
+++ b/src/chrome/content/rules/Own.ag.xml
@@ -0,0 +1,6 @@
+<ruleset name="Own.ag">
+	<target host="own.ag" />
+	<target host="www.own.ag" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/OwnCloud.com.xml b/src/chrome/content/rules/OwnCloud.com.xml
index f1f8bdf00e34..45d6480507e0 100644
--- a/src/chrome/content/rules/OwnCloud.com.xml
+++ b/src/chrome/content/rules/OwnCloud.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://static.owncloud.com/ => https://opendesktop.org/: Too many r
 	Not secured by us <= mismatched
 
 -->
-<ruleset name="ownCloud.com" default_off='failed ruleset test'>
+<ruleset name="ownCloud.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/OwnedCore.com.xml b/src/chrome/content/rules/OwnedCore.com.xml
index c88adc06b9d4..757862483914 100644
--- a/src/chrome/content/rules/OwnedCore.com.xml
+++ b/src/chrome/content/rules/OwnedCore.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.ownedcore.com/ => https://www.ownedcore.com/: Too many r
 	* Secured by us
 
 -->
-<ruleset name="OwnedCore.com (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="OwnedCore.com (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ownedcore.com" />
 	<target host="www.ownedcore.com" />
diff --git a/src/chrome/content/rules/OxfordJournals.org.xml b/src/chrome/content/rules/OxfordJournals.org.xml
index 98a3e1521f7b..10626a2023d1 100644
--- a/src/chrome/content/rules/OxfordJournals.org.xml
+++ b/src/chrome/content/rules/OxfordJournals.org.xml
@@ -1,10 +1,10 @@
 <!--
-	Invalid certificate: 
+	Invalid certificate:
 		globaljobs-careernetwork.oxfordjournals.org
 		m.*.oxfordjournals.org
 		test.oxfordjournals.org
-	
-	Refused: 
+
+	Refused:
 		bfgp.oxfordjournals.org
 		cep.oxfordjournals.org
 		cme.oxfordjournals.org
@@ -24,398 +24,6 @@
 
 	<target host="oxfordjournals.org" />
 	<target host="www.oxfordjournals.org" />
-	<target host="abbs.oxfordjournals.org" />
-	<target host="acn.oxfordjournals.org" />
-	<target host="adaptation.oxfordjournals.org" />
-	<target host="ae.oxfordjournals.org" />
-	<target host="aepp.oxfordjournals.org" />
-	<target host="aesa.oxfordjournals.org" />
-	<target host="afraf.oxfordjournals.org" />
-	<target host="ageing.oxfordjournals.org" />
-	<target host="ahr.oxfordjournals.org" />
-	<target host="aibsbulletin.oxfordjournals.org" />
-	<target host="ajae.oxfordjournals.org" />
-	<target host="ajcp.oxfordjournals.org" />
-	<target host="aje.oxfordjournals.org" />
-	<target host="ajh.oxfordjournals.org" />
-	<target host="ajj.oxfordjournals.org" />
-	<target host="ajlh.oxfordjournals.org" />
-	<target host="alcalc.oxfordjournals.org" />
-	<target host="aler.oxfordjournals.org" />
-	<target host="alh.oxfordjournals.org" />
-	<target host="alrr.oxfordjournals.org" />
-	<target host="amrx.oxfordjournals.org" />
-	<target host="amt.oxfordjournals.org" />
-	<target host="analysis.oxfordjournals.org" />
-	<target host="annhyg.oxfordjournals.org" />
-	<target host="annonc.oxfordjournals.org" />
-	<target host="antitrust.oxfordjournals.org" />
-	<target host="aob.oxfordjournals.org" />
-	<target host="aobpla.oxfordjournals.org" />
-	<target host="applij.oxfordjournals.org" />
-	<target host="arbitration.oxfordjournals.org" />
-	<target host="aristotelian.oxfordjournals.org" />
-	<target host="aristoteliansupp.oxfordjournals.org" />
-	<target host="asj.oxfordjournals.org" />
-	<target host="asjcme.oxfordjournals.org" />
-	<target host="az.oxfordjournals.org" />
-	<target host="background.oxfordjournals.org" />
-	<target host="backgroundwp.oxfordjournals.org" />
-	<target host="beheco.oxfordjournals.org" />
-	<target host="besa.oxfordjournals.org" />
-	<target host="bfg.oxfordjournals.org" />
-	<target host="bib.oxfordjournals.org" />
-	<target host="biohorizons.oxfordjournals.org" />
-	<target host="bioinformatics.oxfordjournals.org" />
-	<target host="biomedgerontology.oxfordjournals.org" />
-	<target host="biomet.oxfordjournals.org" />
-	<target host="biomethods.oxfordjournals.org" />
-	<target host="bioscience.oxfordjournals.org" />
-	<target host="biostatistics.oxfordjournals.org" />
-	<target host="bja.oxfordjournals.org" />
-	<target host="bjaed.oxfordjournals.org" />
-	<target host="bjaesthetics.oxfordjournals.org" />
-	<target host="bjc.oxfordjournals.org" />
-	<target host="bjps.oxfordjournals.org" />
-	<target host="bjsw.oxfordjournals.org" />
-	<target host="blms.oxfordjournals.org" />
-	<target host="bmb.oxfordjournals.org" />
-	<target host="brain.oxfordjournals.org" />
-	<target host="bybil.oxfordjournals.org" />
-	<target host="camqtly.oxfordjournals.org" />
-	<target host="carcin.oxfordjournals.org" />
-	<target host="cardiovascres.oxfordjournals.org" />
-	<target host="cb.oxfordjournals.org" />
-	<target host="cdj.oxfordjournals.org" />
-	<target host="ceaccp.oxfordjournals.org" />
-	<target host="cercor.oxfordjournals.org" />
-	<target host="cesifo.oxfordjournals.org" />
-	<target host="chemse.oxfordjournals.org" />
-	<target host="chinesejil.oxfordjournals.org" />
-	<target host="chromsci.oxfordjournals.org" />
-	<target host="cid.oxfordjournals.org" />
-	<target host="cjcl.oxfordjournals.org" />
-	<target host="cje.oxfordjournals.org" />
-	<target host="cjip.oxfordjournals.org" />
-	<target host="cjres.oxfordjournals.org" />
-	<target host="ckj.oxfordjournals.org" />
-	<target host="climatesystem.oxfordjournals.org" />
-	<target host="clp.oxfordjournals.org" />
-	<target host="cmlj.oxfordjournals.org" />
-	<target host="comjnl.oxfordjournals.org" />
-	<target host="comnet.oxfordjournals.org" />
-	<target host="conphys.oxfordjournals.org" />
-	<target host="cpe.oxfordjournals.org" />
-	<target host="criticalvalues.oxfordjournals.org" />
-	<target host="crj.oxfordjournals.org" />
-	<target host="cs.oxfordjournals.org" />
-	<target host="cww.oxfordjournals.org" />
-	<target host="cybersecurity.oxfordjournals.org" />
-	<target host="cz.oxfordjournals.org" />
-	<target host="database.oxfordjournals.org" />
-	<target host="dh.oxfordjournals.org" />
-	<target host="dnaresearch.oxfordjournals.org" />
-	<target host="dsh.oxfordjournals.org" />
-	<target host="ecco-jcc.oxfordjournals.org" />
-	<target host="ecco-jccs.oxfordjournals.org" />
-	<target host="economicpolicy.oxfordjournals.org" />
-	<target host="ee.oxfordjournals.org" />
-	<target host="eep.oxfordjournals.org" />
-	<target host="ehjcimaging.oxfordjournals.org" />
-	<target host="ehjcvp.oxfordjournals.org" />
-	<target host="ehjqcco.oxfordjournals.org" />
-	<target host="ehr.oxfordjournals.org" />
-	<target host="eic.oxfordjournals.org" />
-	<target host="ejcts.oxfordjournals.org" />
-	<target host="ejil.oxfordjournals.org" />
-	<target host="ejo.oxfordjournals.org" />
-	<target host="eltj.oxfordjournals.org" />
-	<target host="em.oxfordjournals.org" />
-	<target host="emph.oxfordjournals.org" />
-	<target host="english.oxfordjournals.org" />
-	<target host="envhis.oxfordjournals.org" />
-	<target host="envihistrevi.oxfordjournals.org" />
-	<target host="epirev.oxfordjournals.org" />
-	<target host="erae.oxfordjournals.org" />
-	<target host="ereh.oxfordjournals.org" />
-	<target host="eshremonographs.oxfordjournals.org" />
-	<target host="esr.oxfordjournals.org" />
-	<target host="eurheartj.oxfordjournals.org" />
-	<target host="eurheartjsupp.oxfordjournals.org" />
-	<target host="europace.oxfordjournals.org" />
-	<target host="eurpub.oxfordjournals.org" />
-	<target host="fampra.oxfordjournals.org" />
-	<target host="femsec.oxfordjournals.org" />
-	<target host="femsim.oxfordjournals.org" />
-	<target host="femsle.oxfordjournals.org" />
-	<target host="femsmi.oxfordjournals.org" />
-	<target host="femspd.oxfordjournals.org" />
-	<target host="femsre.oxfordjournals.org" />
-	<target host="femsyr.oxfordjournals.org" />
-	<target host="fh.oxfordjournals.org" />
-	<target host="fmls.oxfordjournals.org" />
-	<target host="foreconshist.oxfordjournals.org" />
-	<target host="forestry.oxfordjournals.org" />
-	<target host="fpa.oxfordjournals.org" />
-	<target host="fs.oxfordjournals.org" />
-	<target host="fsb.oxfordjournals.org" />
-	<target host="gastro.oxfordjournals.org" />
-	<target host="gbe.oxfordjournals.org" />
-	<target host="geronj.oxfordjournals.org" />
-	<target host="gerontologist.oxfordjournals.org" />
-	<target host="gh.oxfordjournals.org" />
-	<target host="gji.oxfordjournals.org" />
-	<target host="globalsummitry.oxfordjournals.org" />
-	<target host="glycob.oxfordjournals.org" />
-	<target host="gsmnras.oxfordjournals.org" />
-	<target host="heapol.oxfordjournals.org" />
-	<target host="heapro.oxfordjournals.org" />
-	<target host="her.oxfordjournals.org" />
-	<target host="hgs.oxfordjournals.org" />
-	<target host="hmg.oxfordjournals.org" />
-	<target host="hrlr.oxfordjournals.org" />
-	<target host="hsw.oxfordjournals.org" />
-	<target host="humrep.oxfordjournals.org" />
-	<target host="humupd.oxfordjournals.org" />
-	<target host="hwj.oxfordjournals.org" />
-	<target host="icb.oxfordjournals.org" />
-	<target host="icc.oxfordjournals.org" />
-	<target host="icesjms.oxfordjournals.org" />
-	<target host="icon.oxfordjournals.org" />
-	<target host="icsidreview.oxfordjournals.org" />
-	<target host="icvts.oxfordjournals.org" />
-	<target host="idpl.oxfordjournals.org" />
-	<target host="ije.oxfordjournals.org" />
-	<target host="ijl.oxfordjournals.org" />
-	<target host="ijlct.oxfordjournals.org" />
-	<target host="ijlit.oxfordjournals.org" />
-	<target host="ijnp.oxfordjournals.org" />
-	<target host="ijpor.oxfordjournals.org" />
-	<target host="ijrl.oxfordjournals.org" />
-	<target host="ijtj.oxfordjournals.org" />
-	<target host="ilarjournal.oxfordjournals.org" />
-	<target host="ilj.oxfordjournals.org" />
-	<target host="imaiai.oxfordjournals.org" />
-	<target host="imajna.oxfordjournals.org" />
-	<target host="imaman.oxfordjournals.org" />
-	<target host="imamat.oxfordjournals.org" />
-	<target host="imamci.oxfordjournals.org" />
-	<target host="imammb.oxfordjournals.org" />
-	<target host="imrn.oxfordjournals.org" />
-	<target host="imrp.oxfordjournals.org" />
-	<target host="imrs.oxfordjournals.org" />
-	<target host="integrablesystems.oxfordjournals.org" />
-	<target host="inthealth.oxfordjournals.org" />
-	<target host="intimm.oxfordjournals.org" />
-	<target host="intqhc.oxfordjournals.org" />
-	<target host="ips.oxfordjournals.org" />
-	<target host="irap.oxfordjournals.org" />
-	<target host="isle.oxfordjournals.org" />
-	<target host="isp.oxfordjournals.org" />
-	<target host="isq.oxfordjournals.org" />
-	<target host="isr.oxfordjournals.org" />
-	<target host="itnow.oxfordjournals.org" />
-	<target host="iwc.oxfordjournals.org" />
-	<target host="jaar.oxfordjournals.org" />
-	<target host="jac.oxfordjournals.org" />
-	<target host="jae.oxfordjournals.org" />
-	<target host="jah.oxfordjournals.org" />
-	<target host="jamia.oxfordjournals.org" />
-	<target host="japr.oxfordjournals.org" />
-	<target host="jat.oxfordjournals.org" />
-	<target host="jb.oxfordjournals.org" />
-	<target host="jcle.oxfordjournals.org" />
-	<target host="jcr.oxfordjournals.org" />
-	<target host="jcs.oxfordjournals.org" />
-	<target host="jcsl.oxfordjournals.org" />
-	<target host="jdh.oxfordjournals.org" />
-	<target host="jdsde.oxfordjournals.org" />
-	<target host="jeclap.oxfordjournals.org" />
-	<target host="jee.oxfordjournals.org" />
-	<target host="jel.oxfordjournals.org" />
-	<target host="jfec.oxfordjournals.org" />
-	<target host="jfr.oxfordjournals.org" />
-	<target host="jhc.oxfordjournals.org" />
-	<target host="jhered.oxfordjournals.org" />
-	<target host="jhmas.oxfordjournals.org" />
-	<target host="jhps.oxfordjournals.org" />
-	<target host="jhrp.oxfordjournals.org" />
-	<target host="jhs.oxfordjournals.org" />
-	<target host="jicj.oxfordjournals.org" />
-	<target host="jicru.oxfordjournals.org" />
-	<target host="jid.oxfordjournals.org" />
-	<target host="jids.oxfordjournals.org" />
-	<target host="jiel.oxfordjournals.org" />
-	<target host="jigpal.oxfordjournals.org" />
-	<target host="jinsectscience.oxfordjournals.org" />
-	<target host="jiplp.oxfordjournals.org" />
-	<target host="jipm.oxfordjournals.org" />
-	<target host="jis.oxfordjournals.org" />
-	<target host="jjco.oxfordjournals.org" />
-	<target host="jla.oxfordjournals.org" />
-	<target host="jlb.oxfordjournals.org" />
-	<target host="jleo.oxfordjournals.org" />
-	<target host="jlms.oxfordjournals.org" />
-	<target host="jmammal.oxfordjournals.org" />
-	<target host="jmcb.oxfordjournals.org" />
-	<target host="jme.oxfordjournals.org" />
-	<target host="jmicro.oxfordjournals.org" />
-	<target host="jmp.oxfordjournals.org" />
-	<target host="jmt.oxfordjournals.org" />
-	<target host="jmvm.oxfordjournals.org" />
-	<target host="jnci.oxfordjournals.org" />
-	<target host="jncimono.oxfordjournals.org" />
-	<target host="jnen.oxfordjournals.org" />
-	<target host="joeg.oxfordjournals.org" />
-	<target host="jogss.oxfordjournals.org" />
-	<target host="jole.oxfordjournals.org" />
-	<target host="jos.oxfordjournals.org" />
-	<target host="jpart.oxfordjournals.org" />
-	<target host="jpe.oxfordjournals.org" />
-	<target host="jpepsy.oxfordjournals.org" />
-	<target host="jpids.oxfordjournals.org" />
-	<target host="jpo.oxfordjournals.org" />
-	<target host="jpubhealth.oxfordjournals.org" />
-	<target host="jrls.oxfordjournals.org" />
-	<target host="jrr.oxfordjournals.org" />
-	<target host="jrs.oxfordjournals.org" />
-	<target host="jscr.oxfordjournals.org" />
-	<target host="jsh.oxfordjournals.org" />
-	<target host="jss.oxfordjournals.org" />
-	<target host="jssam.oxfordjournals.org" />
-	<target host="jtm.oxfordjournals.org" />
-	<target host="jtopol.oxfordjournals.org" />
-	<target host="jts.oxfordjournals.org" />
-	<target host="jue.oxfordjournals.org" />
-	<target host="jwelb.oxfordjournals.org" />
-	<target host="jxb.oxfordjournals.org" />
-	<target host="labmed.oxfordjournals.org" />
-	<target host="lawfam.oxfordjournals.org" />
-	<target host="leobaeck.oxfordjournals.org" />
-	<target host="library.oxfordjournals.org" />
-	<target host="litimag.oxfordjournals.org" />
-	<target host="litthe.oxfordjournals.org" />
-	<target host="llc.oxfordjournals.org" />
-	<target host="logcom.oxfordjournals.org" />
-	<target host="lpr.oxfordjournals.org" />
-	<target host="lril.oxfordjournals.org" />
-	<target host="maghis.oxfordjournals.org" />
-	<target host="mbe.oxfordjournals.org" />
-	<target host="medlaw.oxfordjournals.org" />
-	<target host="melus.oxfordjournals.org" />
-	<target host="migration.oxfordjournals.org" />
-	<target host="mind.oxfordjournals.org" />
-	<target host="misr.oxfordjournals.org" />
-	<target host="mj.oxfordjournals.org" />
-	<target host="ml.oxfordjournals.org" />
-	<target host="mmy.oxfordjournals.org" />
-	<target host="mnras.oxfordjournals.org" />
-	<target host="mnrasl.oxfordjournals.org" />
-	<target host="molehr.oxfordjournals.org" />
-	<target host="mollus.oxfordjournals.org" />
-	<target host="monist.oxfordjournals.org" />
-	<target host="mq.oxfordjournals.org" />
-	<target host="mspecies.oxfordjournals.org" />
-	<target host="mtp.oxfordjournals.org" />
-	<target host="mts.oxfordjournals.org" />
-	<target host="musictherapy.oxfordjournals.org" />
-	<target host="mutage.oxfordjournals.org" />
-	<target host="nar.oxfordjournals.org" />
-	<target host="nass.oxfordjournals.org" />
-	<target host="nc.oxfordjournals.org" />
-	<target host="ndt.oxfordjournals.org" />
-	<target host="neuro-oncology.oxfordjournals.org" />
-	<target host="nop.oxfordjournals.org" />
-	<target host="nq.oxfordjournals.org" />
-	<target host="nsr.oxfordjournals.org" />
-	<target host="ntr.oxfordjournals.org" />
-	<target host="nutritionreviews.oxfordjournals.org" />
-	<target host="oaj.oxfordjournals.org" />
-	<target host="occmed.oxfordjournals.org" />
-	<target host="oep.oxfordjournals.org" />
-	<target host="ofid.oxfordjournals.org" />
-	<target host="ohr.oxfordjournals.org" />
-	<target host="ojlr.oxfordjournals.org" />
-	<target host="ojls.oxfordjournals.org" />
-	<target host="omcr.oxfordjournals.org" />
-	<target host="oq.oxfordjournals.org" />
-	<target host="oxrep.oxfordjournals.org" />
-	<target host="pa.oxfordjournals.org" />
-	<target host="painmedicine.oxfordjournals.org" />
-	<target host="pan.oxfordjournals.org" />
-	<target host="pasj.oxfordjournals.org" />
-	<target host="past.oxfordjournals.org" />
-	<target host="pcp.oxfordjournals.org" />
-	<target host="peds.oxfordjournals.org" />
-	<target host="petrology.oxfordjournals.org" />
-	<target host="phe.oxfordjournals.org" />
-	<target host="philmat.oxfordjournals.org" />
-	<target host="plankt.oxfordjournals.org" />
-	<target host="plms.oxfordjournals.org" />
-	<target host="policing.oxfordjournals.org" />
-	<target host="poq.oxfordjournals.org" />
-	<target host="ppar.oxfordjournals.org" />
-	<target host="pq.oxfordjournals.org" />
-	<target host="ps.oxfordjournals.org" />
-	<target host="psychsocgerontology.oxfordjournals.org" />
-	<target host="ptep.oxfordjournals.org" />
-	<target host="ptp.oxfordjournals.org" />
-	<target host="ptps.oxfordjournals.org" />
-	<target host="publius.oxfordjournals.org" />
-	<target host="qje.oxfordjournals.org" />
-	<target host="qjmam.oxfordjournals.org" />
-	<target host="qjmath.oxfordjournals.org" />
-	<target host="qjmed.oxfordjournals.org" />
-	<target host="raps.oxfordjournals.org" />
-	<target host="rb.oxfordjournals.org" />
-	<target host="rcfs.oxfordjournals.org" />
-	<target host="reep.oxfordjournals.org" />
-	<target host="res.oxfordjournals.org" />
-	<target host="restud.oxfordjournals.org" />
-	<target host="rev.oxfordjournals.org" />
-	<target host="rfs.oxfordjournals.org" />
-	<target host="rheumatology.oxfordjournals.org" />
-	<target host="rof.oxfordjournals.org" />
-	<target host="rpc.oxfordjournals.org" />
-	<target host="rpd.oxfordjournals.org" />
-	<target host="rsq.oxfordjournals.org" />
-	<target host="sabouraudia.oxfordjournals.org" />
-	<target host="scan.oxfordjournals.org" />
-	<target host="schizophreniabulletin.oxfordjournals.org" />
-	<target host="screen.oxfordjournals.org" />
-	<target host="secure.oxfordjournals.org" />
-	<target host="ser.oxfordjournals.org" />
-	<target host="sf.oxfordjournals.org" />
-	<target host="shm.oxfordjournals.org" />
-	<target host="slr.oxfordjournals.org" />
-	<target host="socpro.oxfordjournals.org" />
-	<target host="socrel.oxfordjournals.org" />
-	<target host="sp.oxfordjournals.org" />
-	<target host="spp.oxfordjournals.org" />
-	<target host="ssjj.oxfordjournals.org" />
-	<target host="sw.oxfordjournals.org" />
-	<target host="swr.oxfordjournals.org" />
-	<target host="swra.oxfordjournals.org" />
-	<target host="synbio.oxfordjournals.org" />
-	<target host="sysbio.oxfordjournals.org" />
-	<target host="tandt.oxfordjournals.org" />
-	<target host="tcbh.oxfordjournals.org" />
-	<target host="teamat.oxfordjournals.org" />
-	<target host="tlms.oxfordjournals.org" />
-	<target host="toxsci.oxfordjournals.org" />
-	<target host="treephys.oxfordjournals.org" />
-	<target host="tropej.oxfordjournals.org" />
-	<target host="trstmh.oxfordjournals.org" />
-	<target host="ulr.oxfordjournals.org" />
-	<target host="ve.oxfordjournals.org" />
-	<target host="wber.oxfordjournals.org" />
-	<target host="wbro.oxfordjournals.org" />
-	<target host="whq.oxfordjournals.org" />
-	<target host="workar.oxfordjournals.org" />
-	<target host="yel.oxfordjournals.org" />
-	<target host="yielaw.oxfordjournals.org" />
-	<target host="ywcct.oxfordjournals.org" />
-	<target host="ywes.oxfordjournals.org" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Ozon.ru.xml b/src/chrome/content/rules/Ozon.ru.xml
deleted file mode 100644
index 59c259555e5e..000000000000
--- a/src/chrome/content/rules/Ozon.ru.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional hosts in *ozon.ru:
-		- marketplace ¹
-		- merchant-platform ²
-		- t.news ¹
-		- static2 ¹
-
-	¹ Refused
-	² Dropped
--->
-
-<ruleset name="Ozon.ru (partial)">
-	<target host="ozon.ru" />
-	<target host="www.ozon.ru" />
-	<target host="merchants.ozon.ru" />
-	<target host="mmedia.ozon.ru" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/PACW.org.xml b/src/chrome/content/rules/PACW.org.xml
deleted file mode 100644
index bc73c4fedac6..000000000000
--- a/src/chrome/content/rules/PACW.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	^: cert only matches www
-
--->
-<ruleset name="PACW.org">
-
-	<target host="pacw.org" />
-	<target host="www.pacw.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBHS.xml b/src/chrome/content/rules/PBHS.xml
index 2603a28810c8..fefa606ea24a 100644
--- a/src/chrome/content/rules/PBHS.xml
+++ b/src/chrome/content/rules/PBHS.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PBS.org.xml b/src/chrome/content/rules/PBS.org.xml
new file mode 100644
index 000000000000..0af714155691
--- /dev/null
+++ b/src/chrome/content/rules/PBS.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- chrome.pbs.org
+		- newshour-tc.pbs.org
+
+		4xx client error:
+		- gchrome.cdn.pbs.org
+		- urs.pbs.org
+-->
+<ruleset name="PBS.org">
+	<target host="pbs.org" />
+	<target host="www.pbs.org" />
+	<target host="www-tc.pbs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PBS.xml b/src/chrome/content/rules/PBS.xml
deleted file mode 100644
index 75f4371db688..000000000000
--- a/src/chrome/content/rules/PBS.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	to.pbs.org is handled in Bit.ly_vanity_domains.xml.
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/newshour/photos/yyyy/mm/dd/
-		- s3.amazonaws.com/pbs.merlin.cdn.prod/
-
-		- d2nu96cf2r9spk.cloudfront.net
-
-			- gchrome.cdn.pbs.org
-
-		- d2rb2ymyzshpad.cloudfront.net
-
-			- www-tc.pbs.org
-
-		- d3i6fh83elv35t.cloudfront.net
-
-			- newshour-tc.pbs.org
-
-		- dnn506yrbagrg.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- pbs.org *
-		- chrome.pbs.org
-		- urs.pbs.org
-		- www.pbs.org					(homepage redirects to http, other paths 403)
-		- www-tc.pbs.org(/cove-media|/images|/video)	(400, mismatched, CN: *.hs.llnwd.net)
-		- (www.)pbskids.org *
-
-	* Times out
-
--->
-<ruleset name="Public Broadcasting Service (partial)" platform="mixedcontent">
-
-	<target host="*.pbs.org" />
-	<target host="shoppbs.org" />
-	<target host="www.shoppbs.org" />
-
-
-	<securecookie host="^www\.shoppbs\.org$" name=".+" />
-
-
-	<rule from="^http://newshour-tc\.pbs\.org/"
-		to="https://d3i6fh83elv35t.cloudfront.net/" />
-
-	<!--	This broke Washington Week videos, like http://www.pbs.org/weta/washingtonweek/watch/watch%20the%20show/34039
-
-		Presumably caused by livepassdl.conviva.com/crossdomain.xml forbidding https. (FUU!)
-
-		https://trac.torproject.org/projects/tor/ticket/7180 
-
-	<rule from="^http://video\.pbs\.org/"
-		to="https://video.pbs.org/" /-->
-
-	<rule from="^http://www-tc\.pbs\.org/s3/pbs\.(?=merlin\.cdn\.prod/|pbsorg-prod\.mediafiles/)"
-		to="https://s3.amazonaws.com/pbs." />
-
-	<rule from="^http://gchrome\.cdn\.pbs\.org/"
-		to="https://d2nu96cf2r9spk.cloudfront.net/" />
-
-	<rule from="^http://(www\.)?shoppbs\.org/"
-		to="https://$1shoppbs.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBSKids.org.xml b/src/chrome/content/rules/PBSKids.org.xml
new file mode 100644
index 000000000000..21dea9a13bda
--- /dev/null
+++ b/src/chrome/content/rules/PBSKids.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="PBSKids.org">
+	<target host="pbskids.org" />
+	<target host="www.pbskids.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PB_Web_Dev.com.xml b/src/chrome/content/rules/PB_Web_Dev.com.xml
deleted file mode 100644
index 63296c4f9767..000000000000
--- a/src/chrome/content/rules/PB_Web_Dev.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PB Web Dev.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pbwebdev.com" />
-	<target host="www.pbwebdev.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBase.xml b/src/chrome/content/rules/PBase.xml
index 06847d92144d..897dbe7a2cb9 100644
--- a/src/chrome/content/rules/PBase.xml
+++ b/src/chrome/content/rules/PBase.xml
@@ -18,13 +18,14 @@
 <ruleset name="PBase (partial)">
 
 	<target host="pbase.com" />
-	<target host="*.pbase.com" />
+	<target host="secure2.pbase.com" />
+	<target host="www.pbase.com" />
+	<target host="ap1.pbase.com" />
 
 
 	<rule from="^http://(?:secure2\.|www\.)?pbase\.com/"
 		to="https://secure2.pbase.com/" />
 
-	<rule from="^http://ap1\.pbase\.com/"
-		to="https://d1lvd91299t0s2.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PBeBank.com.xml b/src/chrome/content/rules/PBeBank.com.xml
deleted file mode 100644
index 093911bf477a..000000000000
--- a/src/chrome/content/rules/PBeBank.com.xml
+++ /dev/null
@@ -1,61 +0,0 @@
-<!--
-	Other Public Bank rulesets:
-		- PublicBank.com.hk.xml
-		- PublicBank.com.vn.xml
-		- PublicInvestBank.com.xml
-		- PublicIslamicBank.xml
-		- PublicMutual.xml
-
-
-	Non-functional domains:
-		- cpbebank.com	(m)
-		- pbbemall.com	(h)
-		- pbebank.com.my	(r)
-		- pblebank.com	(r)
-		- publicbankgroup.com	(m)
-		- publicbank.com.my	(m)
-
-
-	Non-functional subdomains:
-		- pbebank.com	(r)
-			- cws	(t)
-			- mrt-tds	(t)
-			- ns2	(t)
-			- ns3	(t)
-			- pfeed	(t)
-			- pfeed1	(t)
-			- pfeed2	(t)
-			- pfeed3	(t)
-			- smo	(t)
-			- smo1	(t)
-			- uatinfo	(i)
-			- uattds2	(HTTP 404 error)
-
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="Public Bank Malaysia">
-
-	<target host="pbebank.com" />
-	<target host="www.pbebank.com" />
-	<target host="ecom.pbebank.com" />
-	<target host="tds.pbebank.com" />
-	<target host="threeds.pbebank.com" />
-	<target host="uat.pbebank.com" />
-	<target host="www2.pbebank.com" />
-
-  	<securecookie host=".+" name=".+" />
-
-	<!-- connection refused -->
-	<rule from="^http://pbebank\.com/"
-		to="https://www.pbebank.com/" />
-
-	<rule from="^http:" 
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBwiki.xml b/src/chrome/content/rules/PBwiki.xml
deleted file mode 100644
index 0c2180ca235e..000000000000
--- a/src/chrome/content/rules/PBwiki.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PBwiki (partial)">
-
-	<!--	/pbwiki.com redirects to http	-->
-	<target host="*.pbwiki.com"/>
-
-	<rule from="^http://(files|my|(pb-api)?docs|secure|vs1|www)\.pbworks\.com/"
-		to="https://$1.pbworks.com/"/>
-
-	<rule from="^http://usermanual\.pbworks\.com/([fw]/|theme_image\.php)"
-		to="https://usermanual.pbworks.com/$1"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/PBworks.com.xml b/src/chrome/content/rules/PBworks.com.xml
new file mode 100644
index 000000000000..1ad92195861f
--- /dev/null
+++ b/src/chrome/content/rules/PBworks.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Note: *.pbworks.com has a wildcard DNS record and certificate.
+-->
+<ruleset name="PBworks.com (partial)">
+	<target host="pbworks.com"/>
+	<target host="www.pbworks.com"/>
+	<target host="secure.pbworks.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PBworks.xml b/src/chrome/content/rules/PBworks.xml
index 565d21a6177e..72742ef0d361 100644
--- a/src/chrome/content/rules/PBworks.xml
+++ b/src/chrome/content/rules/PBworks.xml
@@ -3,7 +3,7 @@
 	<target host="*.pbworks.com" />
 
 
-	<securecookie host="^(?:.*\.)?pbworks\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Example:
diff --git a/src/chrome/content/rules/PC-BSD.xml b/src/chrome/content/rules/PC-BSD.xml
index 94da85d48a87..e51c4438f442 100644
--- a/src/chrome/content/rules/PC-BSD.xml
+++ b/src/chrome/content/rules/PC-BSD.xml
@@ -36,7 +36,7 @@ Fetch error: http://bugs.pcbsd.org/ => https://bugs.pcbsd.org/: (60, 'SSL certif
 
 	Mixed content on ^ and www.
 -->
-<ruleset name="PC BSD.org (partial)" default_off='failed ruleset test'>
+<ruleset name="PC BSD.org (partial)" default_off="failed ruleset test">
 
 	<target host="www.pcbsd.org" />
 	<target host="api.pcbsd.org" />
diff --git a/src/chrome/content/rules/PCCArx.ca.xml b/src/chrome/content/rules/PCCArx.ca.xml
new file mode 100644
index 000000000000..1b5bfa852f89
--- /dev/null
+++ b/src/chrome/content/rules/PCCArx.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="PCCArx.ca">
+	<target host="pccarx.ca" />
+	<target host="www.pccarx.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PCGamer.com.xml b/src/chrome/content/rules/PCGamer.com.xml
index 8cb7eb4c25a3..beb0457a33ce 100644
--- a/src/chrome/content/rules/PCGamer.com.xml
+++ b/src/chrome/content/rules/PCGamer.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Nonfunctional hosts in *.pcgamer.com:
-	
+
 	r: connection refused
 	    dl.pcgamer.com (Timeout)
 
diff --git a/src/chrome/content/rules/PCGamesHardware.de.xml b/src/chrome/content/rules/PCGamesHardware.de.xml
new file mode 100644
index 000000000000..2a26ec7c7c3e
--- /dev/null
+++ b/src/chrome/content/rules/PCGamesHardware.de.xml
@@ -0,0 +1,39 @@
+<!--
+	SSL: no alternative certificate subject name matches target host name:
+		- *.damoh.pcgameshardware.de
+		- forumredir.pcgameshardware.de
+-->
+<ruleset name="PCGamesHardware.de">
+
+	<target host="pcgameshardware.de" />
+	<target host="www.pcgameshardware.de" />
+	<target host="abo.pcgameshardware.de" />
+	<target host="babel2.pcgameshardware.de" />
+	<target host="cast.pcgameshardware.de" />
+	<target host="chat.pcgameshardware.de" />
+	<target host="ssl.1.damoh.pcgameshardware.de" />
+	<target host="ssl.2.damoh.pcgameshardware.de" />
+	<target host="ssl.3.damoh.pcgameshardware.de" />
+	<target host="download.pcgameshardware.de" />
+	<target host="epaper.pcgameshardware.de" />
+	<target host="extreme.pcgameshardware.de" />
+	<target host="extremebeta.pcgameshardware.de" />
+	<target host="extremedev.pcgameshardware.de" />
+	<target host="jdgtgb.pcgameshardware.de" />
+	<target host="login.pcgameshardware.de" />
+	<target host="logindev.pcgameshardware.de" />
+	<target host="m.pcgameshardware.de" />
+	<target host="mobile.pcgameshardware.de" />
+	<target host="player.pcgameshardware.de" />
+	<target host="playerdev.pcgameshardware.de" />
+	<target host="preisvergleich.pcgameshardware.de" />
+	<target host="ratgeber.pcgameshardware.de" />
+	<target host="dev.ratgeber.pcgameshardware.de" />
+	<target host="test.ratgeber.pcgameshardware.de" />
+	<target host="videos.pcgameshardware.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PCI-Security-Standards-Council.xml b/src/chrome/content/rules/PCI-Security-Standards-Council.xml
deleted file mode 100644
index ac29d125ec7b..000000000000
--- a/src/chrome/content/rules/PCI-Security-Standards-Council.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	PCI Security Standards Council
-
-
-	Insecure cookies are set for these domains:
-
-		- .pcisecuritystandards.org
-
--->
-<ruleset name="PCI Security Standards.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pcisecuritystandards.org" />
-	<target host="de.pcisecuritystandards.org" />
-	<target host="es.pcisecuritystandards.org" />
-	<target host="fr.pcisecuritystandards.org" />
-	<target host="frca.pcisecuritystandards.org" />
-	<target host="it.pcisecuritystandards.org" />
-	<target host="ja.pcisecuritystandards.org" />
-	<target host="pt.pcisecuritystandards.org" />
-	<target host="tr.pcisecuritystandards.org" />
-	<target host="ru.pcisecuritystandards.org" />
-	<target host="www.pcisecuritystandards.org" />
-	<target host="zh.pcisecuritystandards.org" />
-
-
-	<!--	Incapsula cookies:
-					-->
-	<!--securecookie host="^\.pcisecuritystandards\.org$" name="^(?:incap_ses_\d+|visid_incap)_\d+$" /-->
-
-	<securecookie host="^\w" name=".+" />
-	<securecookie host="^\." name="^(?:incap_ses_\d+|visid_incap)_\d+$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PCPro.co.uk.xml b/src/chrome/content/rules/PCPro.co.uk.xml
index 013d71db4a8d..620a6300d6a9 100644
--- a/src/chrome/content/rules/PCPro.co.uk.xml
+++ b/src/chrome/content/rules/PCPro.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://sprites.pcpro.co.uk/ => https://desawk404a9v3.cloudfront.net
 	pcpro.s3.amazonaws.com
 
 -->
-<ruleset name="PCPro.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="PCPro.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="photos.pcpro.co.uk" />
 	<target host="sprites.pcpro.co.uk" />
diff --git a/src/chrome/content/rules/PC_Booster.xml b/src/chrome/content/rules/PC_Booster.xml
index ed30e91907f1..75419906b130 100644
--- a/src/chrome/content/rules/PC_Booster.xml
+++ b/src/chrome/content/rules/PC_Booster.xml
@@ -9,16 +9,13 @@
 <ruleset name="PC Booster">
 
 	<target host="pcbooster.com" />
-	<target host="*.pcbooster.com" />
+	<target host="www.pcbooster.com" />
+	<target host="files.pcbooster.com" />
 
 
 	<securecookie host="^\.?pcbooster\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pcbooster\.com/"
-		to="https://$1pcbooster.com/" />
-
-	<rule from="^http://files\.pcbooster\.com/"
-		to="https://d1xmanv2p9uj30.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PConline.xml b/src/chrome/content/rules/PConline.xml
index a3fd16677e9c..fadda50725a5 100644
--- a/src/chrome/content/rules/PConline.xml
+++ b/src/chrome/content/rules/PConline.xml
@@ -1,21 +1,18 @@
 <!--
 	403:
 		img0-arch.pconline.com.cn/$
-
-	Refused:
-		- ^
-		- appcount
-		- arch
-		- cmt
-		- count6
-		- dl
-		- dlc2
-		- itbbs
-		- mgcdn2
-		- pdlib
 -->
 <ruleset name="PConline (partial)">
+	<target host="pconline.com.cn" />
+	<target host="www.pconline.com.cn" />
+	<target host="arch.pconline.com.cn" />
+	<target host="captcha.pconline.com.cn" />
+	<target host="cmt.pconline.com.cn" />
 	<target host="count5.pconline.com.cn" />
+	<target host="count6.pconline.com.cn" />
+	<target host="dl.pconline.com.cn" />
+	<target host="dlc2.pconline.com.cn" />
+	<target host="g.pconline.com.cn" />
 	<target host="img.pconline.com.cn" />
 		<test url="http://img.pconline.com.cn/images/upload/upc/tx/itbbs/1111/21/c4/9690749_1321875352873_1024x1024.jpg" />
 	<target host="img0.pconline.com.cn" />
@@ -34,9 +31,11 @@
 	<target host="img2-arch.pconline.com.cn" />
 	<target host="img3-arch.pconline.com.cn" />
 	<target host="imgad0.pconline.com.cn" />
+	<target host="itbbs.pconline.com.cn" />
 	<target host="ivy.pconline.com.cn" />
-	<target host="captcha.pconline.com.cn" />
-	<target host="www.pconline.com.cn" />
+	<target host="mgcdn2.pconline.com.cn" />
+	<target host="pcedu.pconline.com.cn" />
+	<target host="pdlib.pconline.com.cn" />
 	<target host="www1.pconline.com.cn" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/PDE.cc.xml b/src/chrome/content/rules/PDE.cc.xml
new file mode 100644
index 000000000000..2f0fffbdb380
--- /dev/null
+++ b/src/chrome/content/rules/PDE.cc.xml
@@ -0,0 +1,9 @@
+<ruleset name="PDE.cc">
+
+	<target host="pde.cc" />
+	<target host="www.pde.cc" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PDFMerge.com.xml b/src/chrome/content/rules/PDFMerge.com.xml
index 9c0ff782ea55..a3aff571b0e3 100644
--- a/src/chrome/content/rules/PDFMerge.com.xml
+++ b/src/chrome/content/rules/PDFMerge.com.xml
@@ -5,6 +5,6 @@
 	<target host="pdfmerge.com" />
 	<target host="www.pdfmerge.com" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PEP-project.org.xml b/src/chrome/content/rules/PEP-project.org.xml
index 33331639d4f2..8bbee5a12c53 100644
--- a/src/chrome/content/rules/PEP-project.org.xml
+++ b/src/chrome/content/rules/PEP-project.org.xml
@@ -1,5 +1,5 @@
 <!--
-	Related rulesets: 
+	Related rulesets:
 		PrettyEasyPrivacy.com.xml
 		pep.foundation.xml
 
diff --git a/src/chrome/content/rules/PET-Portal.eu.xml b/src/chrome/content/rules/PET-Portal.eu.xml
index 82be897cac4f..2cea38249c1b 100644
--- a/src/chrome/content/rules/PET-Portal.eu.xml
+++ b/src/chrome/content/rules/PET-Portal.eu.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?pet-portal\.eu/"
 		to="https://pet-portal.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PGCon.xml b/src/chrome/content/rules/PGCon.xml
index b0eef4a5bdd7..4f2806a8569d 100644
--- a/src/chrome/content/rules/PGCon.xml
+++ b/src/chrome/content/rules/PGCon.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.pgcon.org/ => https://www.pgcon.org/: (60, 'SSL certific
 		- lists		(http reply)
 
 -->
-<ruleset name="PGCon.org (partial)" default_off='failed ruleset test'>
+<ruleset name="PGCon.org (partial)" default_off="failed ruleset test">
 
 	<target host="pgcon.org" />
 	<target host="www.pgcon.org" />
diff --git a/src/chrome/content/rules/PGi-problematic.xml b/src/chrome/content/rules/PGi-problematic.xml
index 5f6a815b0db4..ef83e4825164 100644
--- a/src/chrome/content/rules/PGi-problematic.xml
+++ b/src/chrome/content/rules/PGi-problematic.xml
@@ -4,13 +4,14 @@
 -->
 <ruleset name="PGi (problematic)" default_off="expired, mismatched">
 
-	<target host="*.pgi.com" />
+	<target host="blog.pgi.com" />
+	<target host="experts.pgi.com" />
+	<target host="admin.support.pgi.com" />
 
 
 	<securecookie host="^experts\.pgi\.com$" name=".+" />
 
 
-	<rule from="^http://(blog|experts|admin\.support)\.pgi\.com/"
-		to="https://$1.pgi.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PHP.xml b/src/chrome/content/rules/PHP.xml
index aad97287b083..b16fbcce5828 100644
--- a/src/chrome/content/rules/PHP.xml
+++ b/src/chrome/content/rules/PHP.xml
@@ -6,11 +6,9 @@
 		- gcov ²
 		- gtk ³
 		- lxr ¹
-		- museum ¹
 		- news ¹
 		- snaps ¹
 		- talks ³
-		- windows ¹
 		- www ⁴
 
 	¹ Refused
@@ -46,6 +44,7 @@
 	<target host="edit.php.net" />
 	<target host="git.php.net" />
 	<target host="master.php.net" />
+	<target host="museum.php.net" />
 	<target host="pear.php.net" />
 	<target host="pear2.php.net" />
 	<target host="pecl.php.net" />
@@ -56,6 +55,7 @@
 	<target host="static.php.net" />
 	<target host="svn.php.net" />
 	<target host="wiki.php.net" />
+	<target host="windows.php.net" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/PHP_magazin.xml b/src/chrome/content/rules/PHP_magazin.xml
index 8cd77957333b..e9f8d03dde9c 100644
--- a/src/chrome/content/rules/PHP_magazin.xml
+++ b/src/chrome/content/rules/PHP_magazin.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?phpmagazin\.de/((?:cart|user)(?:$|\?|/)|modules/|sites/)"
 		to="https://$1phpmagazin.de/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PH_Cheats.xml b/src/chrome/content/rules/PH_Cheats.xml
index 623e6accc2e0..5d3b2145ed9b 100644
--- a/src/chrome/content/rules/PH_Cheats.xml
+++ b/src/chrome/content/rules/PH_Cheats.xml
@@ -9,7 +9,7 @@ Fetch error: http://phcheats.com/ => https://phcheats.com/: Cycle detected - URL
 	Mixed image from levelrapido.com
 
 -->
-<ruleset name="PH Cheats" default_off='failed ruleset test'>
+<ruleset name="PH Cheats" default_off="failed ruleset test">
 
 	<target host="phcheats.com" />
 	<target host="www.phcheats.com" />
@@ -20,4 +20,4 @@ Fetch error: http://phcheats.com/ => https://phcheats.com/: Cycle detected - URL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PICMET.org.xml b/src/chrome/content/rules/PICMET.org.xml
index adec65c18e91..c1b02a56227d 100644
--- a/src/chrome/content/rules/PICMET.org.xml
+++ b/src/chrome/content/rules/PICMET.org.xml
@@ -1,19 +1,8 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.picmet.org/ => https://www.picmet.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	^picmet.org: Handshake fails
-
--->
-<ruleset name="PICMET.org" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="PICMET.org">
+	<target host="picmet.org" />
 	<target host="www.picmet.org" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PIPNI.cz.xml b/src/chrome/content/rules/PIPNI.cz.xml
index 4541283a0aa7..9511bdb44532 100644
--- a/src/chrome/content/rules/PIPNI.cz.xml
+++ b/src/chrome/content/rules/PIPNI.cz.xml
@@ -37,7 +37,7 @@ Fetch error: http://www20.pipni.cz/ => https://www20.pipni.cz/: (28, 'Connection
 		- www5.pipni.cz
 		- www9.pipni.cz
 -->
-<ruleset name="PIPNI.cz" default_off='failed ruleset test'>
+<ruleset name="PIPNI.cz" default_off="failed ruleset test">
 	<target host="pipni.cz" />
 	<target host="admin.pipni.cz" />
 	<target host="adminer.pipni.cz" />
diff --git a/src/chrome/content/rules/PIXinsight.com.tw.xml b/src/chrome/content/rules/PIXinsight.com.tw.xml
index b2f14897d2dc..b2cb3e17316a 100644
--- a/src/chrome/content/rules/PIXinsight.com.tw.xml
+++ b/src/chrome/content/rules/PIXinsight.com.tw.xml
@@ -10,17 +10,14 @@
 -->
 <ruleset name="PIXinsight.com.tw (partial)">
 
-	<target host="*.pixinsight.com.tw" />
+	<target host="www.pixinsight.com.tw" />
 
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^\.pixinsight\.com\.tw$" name="^pixinsight-adm$" /-->
 
-	<securecookie host="^\.pixinsight\.com\.tw$" name=".+" />
 
-
-	<rule from="^http://www\.pixinsight\.com\.tw/"
-		to="https://www.pixinsight.com.tw/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PJTV.com.xml b/src/chrome/content/rules/PJTV.com.xml
deleted file mode 100644
index 30d3d4eb0318..000000000000
--- a/src/chrome/content/rules/PJTV.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	For other PJ Media coverage, see PJ_Media.xml.
-
-
-	CDN buckets:
-
-		- pajamasmed.vo.llnwd.net
-
-			- .hs. does exist
-			- Doesn't map directly
-			- cdn
-			- cdn[1-4]
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches www)
-		- cdn[1-4]	(400; mismatched, CN: *.hs.llnwd.net)
-
--->
-<ruleset name="PJTV.com">
-
-	<target host="pjtv.com" />
-	<target host="*.pjtv.com" />
-
-
-	<securecookie host="^(?:www)?\.pjtv\.com$" name=".+" />
-
-
-	<!--	What the server does:
-					-->
-	<rule from="^http://pjtv\.com/([^?]*)(?:\?.*)?$"
-		to="https://www.pjtv.com/$1" />
-
-	<rule from="^http://(?:cdn[1-3]|www)\.pjtv\.com/"
-		to="https://www.pjtv.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PJ_Media.xml b/src/chrome/content/rules/PJ_Media.xml
index 182a2226d380..5c6bd70d8c03 100644
--- a/src/chrome/content/rules/PJ_Media.xml
+++ b/src/chrome/content/rules/PJ_Media.xml
@@ -1,7 +1,6 @@
 <!--
 	Other PJ Media rulesets:
 
-		- PJTV.com.xml
 
 
 	Problematic subdomains:
@@ -13,7 +12,8 @@
 <ruleset name="PJ Media" default_off="Webmaster request">
 
 	<target host="pjmedia.com" />
-	<target host="*.pjmedia.com" />
+	<target host="cdn.pjmedia.com" />
+	<target host="www.pjmedia.com" />
 
 	<!-- Causes mixed content issues -->
 	<exclusion pattern="^http://pjmedia\.com/instapundit/" />
diff --git a/src/chrome/content/rules/PKWARE.com.xml b/src/chrome/content/rules/PKWARE.com.xml
index 5681cc3c4d7d..be4266660bff 100644
--- a/src/chrome/content/rules/PKWARE.com.xml
+++ b/src/chrome/content/rules/PKWARE.com.xml
@@ -9,7 +9,8 @@ Fetch error: http://pkware.com/ => https://pkware.com/: (35, 'error:14094410:SSL
 <ruleset name="PKWARE.com (partial)">
 
 	<target host="pkware.com" />
-	<target host="*.pkware.com" />
+	<target host="www.pkware.com" />
+	<target host="comm.pkware.com" />
 
 
 	<securecookie host="^(?:www)?\.pkware\.com$" name=".+" />
@@ -21,4 +22,4 @@ Fetch error: http://pkware.com/ => https://pkware.com/: (35, 'error:14094410:SSL
 	<rule from="^http://comm\.pkware\.com/(cs|image|j|r)s/"
 		to="https://na-k.marketo.com/$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PNAS_First_Look.xml b/src/chrome/content/rules/PNAS_First_Look.xml
deleted file mode 100644
index 737d39643a75..000000000000
--- a/src/chrome/content/rules/PNAS_First_Look.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://pnasfirstlook.org/ => http://pnasfirstlook.org/: (6, 'Could not resolve host: pnasfirstlook.org')
-Fetch error: http://www.pnasfirstlook.org/ => http://www.pnasfirstlook.org/: (6, 'Could not resolve host: www.pnasfirstlook.org')
-
--->
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.pnasfirstlook.org/ => http://www.pnasfirstlook.org/: (28, 'Resolving timed out after 10519 milliseconds')
-
-	CN: *.bluehost.com
-
--->
-<ruleset name="PNAS First Look (partial)" default_off='failed ruleset test'>
-
-	<target host="firstlook.pnas.org" />
-	<target host="pnasfirstlook.org" />
-	<target host="www.pnasfirstlook.org" />
-
-
-	<rule from="^http://(?:firstlook\.pnas|(?:www\.)?pnasfirstlook)\.org/wp-(admin|content)/"
-		to="https://secure.bluehost.com/~pnasfirs/wp-$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PNC.xml b/src/chrome/content/rules/PNC.xml
deleted file mode 100644
index a0a57300649d..000000000000
--- a/src/chrome/content/rules/PNC.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="PNC">
-  <target host="pnc.com" />
-  <target host="*.pnc.com" />
-
-  <rule from="^http://pnc\.com/"
-          to="https://www.pnc.com/" />
-  <rule from="^http://(ra|www|www\.ilink|www\.recognition)\.pnc\.com/"
-          to="https://$1.pnc.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/POLi-Payments.xml b/src/chrome/content/rules/POLi-Payments.xml
new file mode 100644
index 000000000000..69e6fe808e5a
--- /dev/null
+++ b/src/chrome/content/rules/POLi-Payments.xml
@@ -0,0 +1,84 @@
+<!--
+
+	Non-functional subdomains:
+
+		- polipaymentdeveloper.com	(m)
+
+		- paywithpoli.com	(t)
+			- www	(t)
+			- polihealth-ext.a2	(t)
+			- express.apac	(m)
+			- apac-test	(r)
+			- nz10100.apac-test	(r)
+			- nz10101.apac-test	(r)
+			- au	(t)
+			- commonapi-int.dev1	(t)
+			- multibankapi.dev1	(t)
+			- www.tst1	(s)
+			- au00710.tst1	(s)
+			- consoleapi-ext.tst1	(s)
+			- txn.tst1	(s)
+			- wiki.tst1	(s)
+
+		- polipay.co.nz	(m)
+			- blog	(m)
+			- merchants	(i)
+			- www.merchants	(i)
+			- transact	(i)
+			- www.transact	(i)
+
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+
+	polipayments.com has wildcard dns, but not cert. The cert only matches www.
+-->
+<ruleset name="POLi Payments">
+
+	<target host="polipayments.com" />
+	<target host="www.polipayments.com" />
+
+	<target host="polipaymentdeveloper.com" />
+	<target host="www.polipaymentdeveloper.com" />
+
+	<target host="apac.paywithpoli.com" />
+	<target host="ads.apac.paywithpoli.com" />
+	<target host="api.apac.paywithpoli.com" />
+	<target host="consoles.apac.paywithpoli.com" />
+	<target host="consoleapi-ext.apac.paywithpoli.com" />
+		<test url="http://consoleapi-ext.apac.paywithpoli.com/Help/Api/POST-api-Entities-Edit-Customer" />
+	<target host="facebook.apac.paywithpoli.com" />
+	<target host="merchantapi.apac.paywithpoli.com" />
+		<test url="http://merchantapi.apac.paywithpoli.com/MerchantAPIService.svc/XML/" />
+	<target host="news.apac.paywithpoli.com" />
+	<target host="paymentapi.apac.paywithpoli.com" />
+		<test url="http://paymentapi.apac.paywithpoli.com/paymentrouterservice.svc" />
+	<target host="reportapi-ext.apac.paywithpoli.com" />
+	<target host="status.apac.paywithpoli.com" />
+	<target host="signup.apac.paywithpoli.com" />
+	<target host="transaction.apac.paywithpoli.com" />
+	<target host="txn.apac.paywithpoli.com" />
+
+	<target host="polipay.co.nz" />
+	<target host="www.polipay.co.nz" />
+
+	<securecookie host="^(www\.)?polipayments\.com$" name=".+" />
+	<securecookie host="^www\.polipaymentdeveloper\.com$" name=".+" />
+	<securecookie host="^.*\.apac\.paywithpoli\.com$" name=".+" />
+	<securecookie host="^www\.polipay\.co\.nz$" name=".+" />
+
+	<!-- certificate mismatch-->
+	<rule from="^http://polipaymentdeveloper\.com/"
+		to="https://www.polipaymentdeveloper.com/" />
+
+	<!-- certificate mismatch-->
+	<rule from="^http://polipay\.co\.nz/"
+		to="https://www.polipay.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/POLi_Payments.com.xml b/src/chrome/content/rules/POLi_Payments.com.xml
deleted file mode 100644
index 982b36d200a3..000000000000
--- a/src/chrome/content/rules/POLi_Payments.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://polipayments.com/ => https://polipayments.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.polipayments.com/ => https://www.polipayments.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
--->
-<ruleset name="POLi Payments.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="polipayments.com" />
-	<target host="www.polipayments.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/POODLE_Test.com.xml b/src/chrome/content/rules/POODLE_Test.com.xml
index a9bc537a24ad..de2463332e45 100644
--- a/src/chrome/content/rules/POODLE_Test.com.xml
+++ b/src/chrome/content/rules/POODLE_Test.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://poodletest.com/ => https://poodletest.com/: (28, 'Connection
 Fetch error: http://www.poodletest.com/ => https://www.poodletest.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="POODLE Test.com" default_off='failed ruleset test'>
+<ruleset name="POODLE Test.com" default_off="failed ruleset test">
 
 	<target host="poodletest.com" />
 	<target host="www.poodletest.com" />
diff --git a/src/chrome/content/rules/PORTAL_Masq.com.xml b/src/chrome/content/rules/PORTAL_Masq.com.xml
index 65c938538ebe..0e158bc278fd 100644
--- a/src/chrome/content/rules/PORTAL_Masq.com.xml
+++ b/src/chrome/content/rules/PORTAL_Masq.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.portalmasq.com/ => https://www.portalmasq.com/: (28, 'Op
 		- .portalmasq.com
 
 -->
-<ruleset name="PORTAL Masq.com" default_off='failed ruleset test'>
+<ruleset name="PORTAL Masq.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/POS_Portal.com.xml b/src/chrome/content/rules/POS_Portal.com.xml
index baae97901387..9a4a98b36ca8 100644
--- a/src/chrome/content/rules/POS_Portal.com.xml
+++ b/src/chrome/content/rules/POS_Portal.com.xml
@@ -17,7 +17,8 @@
 <ruleset name="POS Portal.com (partial)">
 
 	<target host="posportal.com" />
-	<target host="*.posportal.com" />
+	<target host="www.posportal.com" />
+	<target host="buy.posportal.com" />
 
 
 	<securecookie host="^\.buy\.posportal\.com$" name=".+" />
diff --git a/src/chrome/content/rules/PPCoin.xml b/src/chrome/content/rules/PPCoin.xml
index c6af04cbd91a..013e0514f9ae 100644
--- a/src/chrome/content/rules/PPCoin.xml
+++ b/src/chrome/content/rules/PPCoin.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?ppcoin\.org/"
 		to="https://electric-day-4087.herokuapp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PPS.xml b/src/chrome/content/rules/PPS.xml
index 796377c42735..948decc90e20 100644
--- a/src/chrome/content/rules/PPS.xml
+++ b/src/chrome/content/rules/PPS.xml
@@ -57,7 +57,7 @@ Fetch error: http://tg.piratenpartei.ch/ => https://tg.piratenpartei.ch/: (51, "
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="PPS" default_off='failed ruleset test'>
+<ruleset name="PPS" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PPSSPP.org.xml b/src/chrome/content/rules/PPSSPP.org.xml
new file mode 100644
index 000000000000..5be4ffac4e4d
--- /dev/null
+++ b/src/chrome/content/rules/PPSSPP.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection refused:
+		- store.ppsspp.org
+-->
+
+<ruleset name="PPSSPP.org">
+	<target host="ppsspp.org" />
+	<target host="www.ppsspp.org" />
+	<target host="build.ppsspp.org" />
+	<target host="central.ppsspp.org" />
+	<target host="cydia.ppsspp.org" />
+	<target host="forums.ppsspp.org" />
+	<target host="report.ppsspp.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PQ_Archiver.com.xml b/src/chrome/content/rules/PQ_Archiver.com.xml
deleted file mode 100644
index 0ca5b9c23b78..000000000000
--- a/src/chrome/content/rules/PQ_Archiver.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .pqarchiver.com
-
--->
-<ruleset name="PQ Archiver.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secure.pqarchiver.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.pqarchiver\.com$" name="^(?:SID3_boston-sub|browser)$" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PR-Newswire.xml b/src/chrome/content/rules/PR-Newswire.xml
index ac18b5999c75..1c29a9029679 100644
--- a/src/chrome/content/rules/PR-Newswire.xml
+++ b/src/chrome/content/rules/PR-Newswire.xml
@@ -1,45 +1,21 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://photos.prnewswire.com/ => https://photos.prnewswire.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
 	For other UBM coverage, see UBM-mismatches.xml.
 
-
-	Nonfunctional:
-
-
-		- (www.)causeroom.com	(times out)
-		- \w+.causeroom.com	(ditto; unique subdomains for clients)
-		- (www.)drivetheweb.com	(times out)
-
-		- prnewswire.com:
-
-			- content	(cert: *.hs.llnwd.net; blank page)
-			- www		(ditto)
-
-		- (www.)smallbusinesspr.com
-		- (www.)thefuelteam.com	(times out)
+	Non-functional hosts
+		SSL connect error:
+		- prnewswire.com
 
 -->
-<ruleset name="PR Newswire (partial)" default_off='failed ruleset test'>
+<ruleset name="PR Newswire (partial)">
 
-	<target host="filecache.drivetheweb.com" />
-	<target host="content.prnewswire.com"/>
+	<target host="www.prnewswire.com" />
+	<target host="content.prnewswire.com" />
 	<target host="photos.prnewswire.com" />
 	<target host="portal.prnewswire.com"/>
 
 
-	<securecookie host="^p\w+\.prnewswire\.com$" name=".+" />
-
-
-	<rule from="^http://filecache\.drivetheweb\.com/"
-		to="https://s3.amazonaws.com/filecache.drivetheweb.com/" />
-
-	<rule from="^http://content\.prnewswire\.com/designimages/l(ine-horz|ogo-prn)-01_PRN\.gif"
-		to="https://portal.prnewswire.com/images/l$1-01.gif"/>
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://p(hotos|ortal)\.prnewswire\.com/"
-		to="https://p$1.prnewswire.com/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PRQ.se.xml b/src/chrome/content/rules/PRQ.se.xml
index b99acd8aa40e..ade95bd8a77b 100644
--- a/src/chrome/content/rules/PRQ.se.xml
+++ b/src/chrome/content/rules/PRQ.se.xml
@@ -1,11 +1,27 @@
-<ruleset name="prq.se" default_off="expired">
+<!--
+	Couldn't connect to server:
+		- forum
+		- ftp
+		- sql01
+		- web01
+		- webstats
 
-	<!--	Direct rewrites:
-				-->
+	Timeout was reached:
+		- admin
+
+	HTTP authentication required:
+		- mgmt
+
+	Customer subdomains:
+		- host-*.cust.prq.se
+-->
+<ruleset name="PRQ.se">
+	<target host="prq.se" />
+	<target host="www.prq.se" />
+	<target host="ip.prq.se" />
+	<target host="ipv6.prq.se" />
 	<target host="kundcenter.prq.se" />
 	<target host="webmail.prq.se" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/PRV.se.xml b/src/chrome/content/rules/PRV.se.xml
index 8a27ebc9b34f..5130e0f47f50 100644
--- a/src/chrome/content/rules/PRV.se.xml
+++ b/src/chrome/content/rules/PRV.se.xml
@@ -1,7 +1,13 @@
-<ruleset name="PRV.se" platform="mixedcontent">
+<ruleset name="PRV.se" >
 	<target host="prv.se" />
 	<target host="www.prv.se" />
-	<rule from="^http://www\.prv\.se/" to="https://www.prv.se/"/>
-	<rule from="^http://prv\.se/" to="https://www.prv.se/"/>
-</ruleset>
+	<target host="cfo.prv.se" />
+	<target host="synpunkt.prv.se" />
+	<target host="was.prv.se" />
+		<test url="http://was.prv.se/DesignDb/searchMain.jsp" />
+	<target host="wwwtest.prv.se" />
+
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PRX.xml b/src/chrome/content/rules/PRX.xml
index 086fc3f07882..6ce69a5046f9 100644
--- a/src/chrome/content/rules/PRX.xml
+++ b/src/chrome/content/rules/PRX.xml
@@ -18,16 +18,13 @@
 <ruleset name="PRX (partial)">
 
 	<target host="prx.org" />
-	<target host="*.prx.org" />
+	<target host="www.prx.org" />
+	<target host="assets1.prx.org" />
 
 
 	<securecookie host="^\.prx\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?prx\.org/"
-		to="https://$1prx.org/" />
-
-	<rule from="^http://assets1\.prx\.org/"
-		to="https://d11pcyef3meeu9.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PS-Webhosting-Webmail.xml b/src/chrome/content/rules/PS-Webhosting-Webmail.xml
deleted file mode 100644
index 32356e3bdf93..000000000000
--- a/src/chrome/content/rules/PS-Webhosting-Webmail.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="PS-Webhosting Webmail">
-  <target host="webmail.planet-school.de" />
-  <securecookie host="^webmail\.planet-school\.de$" name=".+" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/PS3Crunch.xml b/src/chrome/content/rules/PS3Crunch.xml
index 85a91ab1e259..84757c948325 100644
--- a/src/chrome/content/rules/PS3Crunch.xml
+++ b/src/chrome/content/rules/PS3Crunch.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?ps3crunch\.net/"
 		to="https://ps3crunch.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PSC.edu.xml b/src/chrome/content/rules/PSC.edu.xml
index aceaeb0104c8..3f26dda2aa77 100644
--- a/src/chrome/content/rules/PSC.edu.xml
+++ b/src/chrome/content/rules/PSC.edu.xml
@@ -19,16 +19,16 @@ Fetch error: http://delicate.psc.edu/ => https://delicate.psc.edu/: (28, 'Connec
 		- www
 
 -->
-<ruleset name="PSC.edu" default_off='failed ruleset test'>
+<ruleset name="PSC.edu" default_off="failed ruleset test">
 
 	<target host="psc.edu" />
 	<target host="delicate.psc.edu" />
 	<target host="www.psc.edu" />
 
 
-	<securecookie host="^(?:.+\.)?psc\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PSX-Extreme.xml b/src/chrome/content/rules/PSX-Extreme.xml
index 6566219e071f..68c7e2923cf2 100644
--- a/src/chrome/content/rules/PSX-Extreme.xml
+++ b/src/chrome/content/rules/PSX-Extreme.xml
@@ -10,7 +10,6 @@
 	<target host="images.psxextreme.com" />
 
 
-	<rule from="^http://images\.psxextreme\.com/"
-		to="https://dhtxsuc4vsorr.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PTE.xml b/src/chrome/content/rules/PTE.xml
index 2d14bcbea3a7..11df7a04d821 100644
--- a/src/chrome/content/rules/PTE.xml
+++ b/src/chrome/content/rules/PTE.xml
@@ -1,5 +1,5 @@
 <ruleset name="P&#233;csi Tudom&#225;nyegyetem">
 	<target host="www.pte.hu" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PTT.br.xml b/src/chrome/content/rules/PTT.br.xml
index c56b16745252..f03aa5fa7380 100644
--- a/src/chrome/content/rules/PTT.br.xml
+++ b/src/chrome/content/rules/PTT.br.xml
@@ -15,7 +15,7 @@ Fetch error: http://ptt.br/ => https://ptt.br/: (60, 'SSL certificate problem: u
 	* Secured by us
 
 -->
-<ruleset name="PTT.br" default_off='failed ruleset test'>
+<ruleset name="PTT.br" default_off="failed ruleset test">
 
 	<target host="ptt.br" />
 	<target host="www.ptt.br" />
diff --git a/src/chrome/content/rules/Pabo.xml b/src/chrome/content/rules/Pabo.xml
index 25d57d5094b1..9c02296b03e6 100644
--- a/src/chrome/content/rules/Pabo.xml
+++ b/src/chrome/content/rules/Pabo.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pabo\.nl/(/?assets_bu-hard/|data/|product/images/|selfhelp/(?:login|password_recover/))"
 		to="https://$1pabo.nl/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PacBSD.org.xml b/src/chrome/content/rules/PacBSD.org.xml
index ec474e44e28b..0179dd977333 100644
--- a/src/chrome/content/rules/PacBSD.org.xml
+++ b/src/chrome/content/rules/PacBSD.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://aur.pacbsd.org/ => https://aur.pacbsd.org/: (6, 'Could not resolve host: aur.pacbsd.org')
 
 -->
-<ruleset name="PacBSD.org" default_off='failed ruleset test'>
+<ruleset name="PacBSD.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pace2Race.xml b/src/chrome/content/rules/Pace2Race.xml
index 1d13ae8175d9..5e2c9c59b2aa 100644
--- a/src/chrome/content/rules/Pace2Race.xml
+++ b/src/chrome/content/rules/Pace2Race.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pace2race\.com/(wp-content/|wp-includes/|online-store(?:$|\?|/))"
 		to="https://$1pace2race.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pace_Bus.com.xml b/src/chrome/content/rules/Pace_Bus.com.xml
deleted file mode 100644
index 0d63d2e4b2ed..000000000000
--- a/src/chrome/content/rules/Pace_Bus.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- maps *
-		- tmweb *
-
-	* Dropped
-
-
-	^: cert only matches www
-
--->
-<ruleset name="Pace Bus.com (partial)">
-
-	<target host="pacebus.com" />
-	<target host="www.pacebus.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.pacebus\.com$" name="^ASPSESSIONID\w+$" /-->
-
-	<securecookie host="^www\.pacebus\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pachube.com.xml b/src/chrome/content/rules/Pachube.com.xml
deleted file mode 100644
index 8f999ea61ca3..000000000000
--- a/src/chrome/content/rules/Pachube.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Pachube.com">
-
-	<target host="api.pachube.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Package_Lab.com.xml b/src/chrome/content/rules/Package_Lab.com.xml
index 04c18912891a..742bbd4e888a 100644
--- a/src/chrome/content/rules/Package_Lab.com.xml
+++ b/src/chrome/content/rules/Package_Lab.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://static.packagelab.com/ => https://static.packagelab.com/: (6
 Fetch error: http://www.packagelab.com/ => https://www.packagelab.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Package Lab.com" default_off='failed ruleset test'>
+<ruleset name="Package Lab.com" default_off="failed ruleset test">
 
 	<target host="packagelab.com" />
 	<target host="static.packagelab.com" />
diff --git a/src/chrome/content/rules/Packet_Storm_Security.com.xml b/src/chrome/content/rules/Packet_Storm_Security.com.xml
index 4f96ebb60194..c2883cf3be8a 100644
--- a/src/chrome/content/rules/Packet_Storm_Security.com.xml
+++ b/src/chrome/content/rules/Packet_Storm_Security.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://packetstatic.com/ => https://packetstatic.com/: (51, "SSL: n
 	www.packetstatic.com: Mismatched
 
 -->
-<ruleset name="Packet Storm Security.com" default_off='failed ruleset test'>
+<ruleset name="Packet Storm Security.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Packt_Publishing-problematic.xml b/src/chrome/content/rules/Packt_Publishing-problematic.xml
index 759a3580c564..06abc9f3a780 100644
--- a/src/chrome/content/rules/Packt_Publishing-problematic.xml
+++ b/src/chrome/content/rules/Packt_Publishing-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Packt_Publishing.xml b/src/chrome/content/rules/Packt_Publishing.xml
index 4ba2aa0f3fe3..5e18f02f6005 100644
--- a/src/chrome/content/rules/Packt_Publishing.xml
+++ b/src/chrome/content/rules/Packt_Publishing.xml
@@ -25,13 +25,15 @@
 <ruleset name="Packt Publishing (partial)">
 
 	<target host="packtpub.com" />
-	<target host="*.packtpub.com" />
+	<target host="careers.packtpub.com" />
+	<target host="packtlib.packtpub.com" />
+	<target host="salesdb.packtpub.com" />
+	<target host="www.packtpub.com" />
 
 
 	<securecookie host=".*\.packtpub\.com$" name=".+" />
 
 
-	<rule from="^http://((?:careers|packtlib|salesdb|www)\.)?packtpub\.com/"
-		to="https://$1packtpub.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pacnet.xml b/src/chrome/content/rules/Pacnet.xml
deleted file mode 100644
index 0821c2dd676e..000000000000
--- a/src/chrome/content/rules/Pacnet.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Pacnet (partial)">
-
-	<target host="wm4.pacific.net.au" />
-
-
-	<securecookie host="^wm4\.pacific\.net\.au$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PagPop.xml b/src/chrome/content/rules/PagPop.xml
index f237ddd93502..52c14af8389f 100644
--- a/src/chrome/content/rules/PagPop.xml
+++ b/src/chrome/content/rules/PagPop.xml
@@ -6,18 +6,17 @@ Fetch error: http://vitalcred.com.br/ => https://vitalcred.com.br/: (6, 'Could n
 Disabled by https-everywhere-checker because:
 Fetch error: http://pagpop.com.br/ => https://pagpop.com.br/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="PagPop" default_off='failed ruleset test'>
+<ruleset name="PagPop" default_off="failed ruleset test">
 
 	<target host="pagpop.com.br" />
-	<target host="*.pagpop.com.br" />
 	<target host="vitalcred.com.br" />
-	<target host="*.vitalcred.com.br" />
+	<target host="www.pagpop.com.br" />
+	<target host="www.vitalcred.com.br" />
 
 
-	<securecookie host="^(?:.*\.)?(?:pagpop|vitalcred)\.com\.br$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(www\.)?(pagpop|vitalcred)\.com\.br/"
-		to="https://$1$2.com.br/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PageAbode.com.xml b/src/chrome/content/rules/PageAbode.com.xml
new file mode 100644
index 000000000000..134c2c24956f
--- /dev/null
+++ b/src/chrome/content/rules/PageAbode.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- ftp.pageabode.com
+-->
+<ruleset name="PageAbode.com">
+	<target host="pageabode.com" />
+	<target host="www.pageabode.com" />
+	<target host="anarchism.pageabode.com" />
+	<target host="www.anarchism.pageabode.com" />
+	<target host="classics.pageabode.com" />
+	<target host="www.classics.pageabode.com" />
+	<target host="flood.pageabode.com" />
+	<target host="www.flood.pageabode.com" />
+	<target host="grassroots.pageabode.com" />
+	<target host="www.grassroots.pageabode.com" />
+	<target host="surveys.pageabode.com" />
+	<target host="www.surveys.pageabode.com" />
+	<target host="whowewere.pageabode.com" />
+	<target host="www.whowewere.pageabode.com" />
+	<target host="mail.pageabode.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PageKite.xml b/src/chrome/content/rules/PageKite.xml
index 83a970bbbb21..b0dcb1e866dd 100644
--- a/src/chrome/content/rules/PageKite.xml
+++ b/src/chrome/content/rules/PageKite.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://g1-bre.pagekite.net/ => https://g1-bre.pagekite.net/: (6, 'Could not resolve host: g1-bre.pagekite.net')
 
 -->
-<ruleset name="PageKite.net" default_off='failed ruleset test'>
+<ruleset name="PageKite.net" default_off="failed ruleset test">
   <target host="pagekite.net" />
 	<target host="g1-bre.pagekite.net" />
 	<target host="www.pagekite.net" />
diff --git a/src/chrome/content/rules/Pagely.xml b/src/chrome/content/rules/Pagely.xml
index 1bfa9e1e6aa4..cdd7f535c3a8 100644
--- a/src/chrome/content/rules/Pagely.xml
+++ b/src/chrome/content/rules/Pagely.xml
@@ -1,4 +1,4 @@
-<!--	
+<!--
 	Invalid certificate:
 		blog.page.ly
 		cdn.page.ly
diff --git a/src/chrome/content/rules/PagerDuty.com.xml b/src/chrome/content/rules/PagerDuty.com.xml
deleted file mode 100644
index a3d44d9195c9..000000000000
--- a/src/chrome/content/rules/PagerDuty.com.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-	Problematic hosts in *pagerduty.com:
-
-		- developer ¹
-		- status ²
-
-	¹ Tor users blocked by CloudFlare settings
-	² Tor users blocked by StatusPage.io
-
-
-	Fully covered hosts in *pagerduty.com:
-
-		- (www.)?
-		- signup
-		- status
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .pagerduty.com
-		- www.pagerduty.com
-
--->
-<ruleset name="PagerDuty.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pagerduty.com" />
-	<!--target host="developer.pagerduty.com" /-->
-	<target host="signup.pagerduty.com" />
-	<target host="status.pagerduty.com" />
-	<target host="www.pagerduty.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.pagerduty\.com$" name="^(__cfduid|cf_clearance|uid)$" /-->
-	<!--securecookie host="^www\.pagerduty\.com$" name="^wordpress_(logged_in_|sec_)?[\da-f]{32}" /-->
-
-	<securecookie host="^(?:www)?\.pagerduty\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pagina_Zero.xml b/src/chrome/content/rules/Pagina_Zero.xml
index b5180a2f7b1c..6ff30b89f3d0 100644
--- a/src/chrome/content/rules/Pagina_Zero.xml
+++ b/src/chrome/content/rules/Pagina_Zero.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.paginazero.com.br/ => https://www.paginazero.com.br/: (5
 Disabled by https-everywhere-checker because:
 Fetch error: http://paginazero.com.br/ => https://paginazero.com.br/: (51, "SSL: no alternative certificate subject name matches target host name 'paginazero.com.br'")
 -->
-<ruleset name="Página Zero" default_off='failed ruleset test'>
+<ruleset name="Página Zero" default_off="failed ruleset test">
 
 	<target host="paginazero.com.br" />
 	<target host="www.paginazero.com.br" />
@@ -18,4 +18,4 @@ Fetch error: http://paginazero.com.br/ => https://paginazero.com.br/: (51, "SSL:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Paglen.com.xml b/src/chrome/content/rules/Paglen.com.xml
new file mode 100644
index 000000000000..03530fe35dc8
--- /dev/null
+++ b/src/chrome/content/rules/Paglen.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- ir1.paglen.com
+-->
+<ruleset name="Paglen.com">
+	<target host="paglen.com" />
+	<target host="www.paglen.com" />
+	<target host="imagenet-roulette.paglen.com" />
+	<target host="roulette.paglen.com" />
+	<target host="trevor.paglen.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pagoda_Box.xml b/src/chrome/content/rules/Pagoda_Box.xml
index 0f395f123d2f..6d985e7f7c32 100644
--- a/src/chrome/content/rules/Pagoda_Box.xml
+++ b/src/chrome/content/rules/Pagoda_Box.xml
@@ -20,12 +20,15 @@ Fetch error: http://pagodabox.com/ => https://pagodabox.com/: (60, 'SSL certific
 		- help		(redirects to http; mismatched, CN: *.assistly.com)
 
 -->
-<ruleset name="Pagoda Box" default_off='failed ruleset test'>
+<ruleset name="Pagoda Box" default_off="failed ruleset test">
 
 	<!--target host="godl.co" /-->
 	<!--target host="*.godl.co" /-->
 	<target host="pagodabox.com" />
-	<target host="*.pagodabox.com" />
+	<target host="assistly-assets.pagodabox.com" />
+	<target host="blog.pagodabox.com" />
+	<target host="dashboard.pagodabox.com" />
+	<target host="www.pagodabox.com" />
 
 
 	<!--securecookie host="^\.godl.co$" name=".+" /-->
@@ -35,7 +38,6 @@ Fetch error: http://pagodabox.com/ => https://pagodabox.com/: (60, 'SSL certific
 	<!--rule from="^http://(?:www\.)?godl\.co/"
 		to="https://www.godl.co/" /-->
 
-	<rule from="^http://((?:assistly-assets|blog|dashboard|www)\.)?pagodabox\.com/"
-		to="https://$1pagodabox.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pair-Networks.xml b/src/chrome/content/rules/Pair-Networks.xml
index b0164bf55649..8494d5420bce 100644
--- a/src/chrome/content/rules/Pair-Networks.xml
+++ b/src/chrome/content/rules/Pair-Networks.xml
@@ -7,45 +7,25 @@
 		- blog.pairnic.com		(cert: *.pair.com; redirects there)
 		- (www.)pairvps.com
 		- (www.)quickserve.com		(ditto)
-
 -->
 <ruleset name="pair Networks (partial)">
 
-	<target host="eliminatejunkemail.com" />
-	<target host="www.eliminatejunkemail.com" />
 	<target host="pair.com" />
 	<target host="*.pair.com" />
+		<test url="http://webmail.pair.com/" />
+		<test url="http://waitak.pair.com/" />
+		<test url="http://vondu.pair.com/" />
 	<target host="pairlite.com" />
-	<target host="*.pairlite.com" />
 	<target host="pairnic.com" />
 	<target host="*.pairnic.com" />
-		<exclusion pattern="http://(?:cpan|whois)\.pairnic\." />
-
+		<test url="http://gift.pairnic.com/" />
+		<test url="http://dynamic.pairnic.com/" />
+		<test url="http://comingsoon.pairnic.com/" />
+	<!-- 2018: New Domain for service-->
+	<target host="pairdomains.com" />
 
 	<securecookie host="^(?:.*\.)?pairnic\.com$" name=".+" />
 
-
-	<!--	- Cert mismatch
-		- Redirects like so over http.
-					-->
-	<rule from="^https://(?:www\.)?eliminatejunkemail\.com/"
-		to="https://www.pairnic.com/" />
-
-	<!--	Pages differ between http & https.
-							-->
-	<rule from="^http://(www\.)?pair\.com/(assets|static)/"
-		to="https://$1pair.com/$2/" />
-
-	<rule from="^http://(my|promote|static|(?:(?:[as]m|my|rc|sm)\.)?webmail)\.pair\.com/"
-		to="https://$1.pair.com/" />
-
-	<rule from="^http://(www\.)?pairlite\.com/(images/|signup/|styles01\.css)"
-		to="https://$1pairlite.com/$2" />
-
-	<rule from="^http://(my|webmail)\.pairlite\.com/"
-		to="https://$1.pairlite.com/" />
-
-	<rule from="^http://(www\.)?pairnic\.com/"
-		to="https://$1pairnic.com/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PalSolidarity.org.xml b/src/chrome/content/rules/PalSolidarity.org.xml
index 23328deec770..7ce7815e0e33 100644
--- a/src/chrome/content/rules/PalSolidarity.org.xml
+++ b/src/chrome/content/rules/PalSolidarity.org.xml
@@ -3,7 +3,7 @@
 
 		- iframe from www.youtube.com *
 		- css on ^, spain from $self *
-		
+
 		- Images, on:
 
 			- ^, spain from $self *
diff --git a/src/chrome/content/rules/Palbin.com.xml b/src/chrome/content/rules/Palbin.com.xml
index c0a1c3266abd..307ec3afaa5e 100644
--- a/src/chrome/content/rules/Palbin.com.xml
+++ b/src/chrome/content/rules/Palbin.com.xml
@@ -9,7 +9,8 @@
 <ruleset name="Palbin.com">
 
 	<target host="palbin.com" />
-	<target host="*.palbin.com" />
+	<target host="www.palbin.com" />
+	<target host="cdn.palbin.com" />
 
 
 	<securecookie host="^(?:www)?\.palbin\.com$" name=".+" />
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?palbin\.com/"
 		to="https://www.palbin.com/" />
 
-	<rule from="^http://cdn\.palbin\.com/"
-		to="https://cdn.palbin.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Palm.com.xml b/src/chrome/content/rules/Palm.com.xml
index 49361e28475f..4d7e418843c5 100644
--- a/src/chrome/content/rules/Palm.com.xml
+++ b/src/chrome/content/rules/Palm.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://developer.palm.com/ => https://developer.palm.com/: (28, 'Co
 	For other Hewlett Packard coverage, see Hewlett-Packard.xml.
 
 -->
-<ruleset name="Palm.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Palm.com (partial)" default_off="failed ruleset test">
 
 	<target host="developer.palm.com" />
 
diff --git a/src/chrome/content/rules/Palmetto.com.xml b/src/chrome/content/rules/Palmetto.com.xml
index b9590af4b7cf..0a2325ee825b 100644
--- a/src/chrome/content/rules/Palmetto.com.xml
+++ b/src/chrome/content/rules/Palmetto.com.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Palo_Alto_Networks.com.xml b/src/chrome/content/rules/Palo_Alto_Networks.com.xml
index c2d2687ade1f..1f42a80acf43 100644
--- a/src/chrome/content/rules/Palo_Alto_Networks.com.xml
+++ b/src/chrome/content/rules/Palo_Alto_Networks.com.xml
@@ -27,7 +27,7 @@ Fetch error: http://portal3.wildfire.paloaltonetworks.com/ => https://portal3.wi
 		- portal3.wildfire.paloaltonetworks.com
 
 -->
-<ruleset name="Palo Alto Networks.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Palo Alto Networks.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Palo_Alto_Research_Center.xml b/src/chrome/content/rules/Palo_Alto_Research_Center.xml
index 66d2e96fa9da..6a689ce3e437 100644
--- a/src/chrome/content/rules/Palo_Alto_Research_Center.xml
+++ b/src/chrome/content/rules/Palo_Alto_Research_Center.xml
@@ -11,4 +11,4 @@
 					-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml b/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml
index 06f88c9dab73..8ec290f6dd9a 100644
--- a/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml
+++ b/src/chrome/content/rules/Pan-Islamic_Malaysian_Party.xml
@@ -15,4 +15,4 @@ Fetch error: http://pas.org.my/ => https://pas.org.my/: (60, 'SSL certificate pr
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Panax.xml b/src/chrome/content/rules/Panax.xml
index 70c2b853513b..9bc36949d220 100644
--- a/src/chrome/content/rules/Panax.xml
+++ b/src/chrome/content/rules/Panax.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Panda-Express.xml b/src/chrome/content/rules/Panda-Express.xml
index a2c6ab0ca0dc..9063d3c78fae 100644
--- a/src/chrome/content/rules/Panda-Express.xml
+++ b/src/chrome/content/rules/Panda-Express.xml
@@ -32,4 +32,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PandaWhale.xml b/src/chrome/content/rules/PandaWhale.xml
index 6323547bcddb..73232d1b76d9 100644
--- a/src/chrome/content/rules/PandaWhale.xml
+++ b/src/chrome/content/rules/PandaWhale.xml
@@ -11,10 +11,10 @@ Fetch error: http://pandawhale.com/ => https://pandawhale.com/: (35, 'error:1407
 	Cert only matches ^.
 
 -->
-<ruleset name="PandaWhale" default_off='failed ruleset test'>
+<ruleset name="PandaWhale" default_off="failed ruleset test">
 
 	<target host="pandawhale.com" />
-	<target host="*.pandawhale.com" />
+	<target host="www.pandawhale.com" />
 
 
 	<securecookie host="^\.pandawhale\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Pando.xml b/src/chrome/content/rules/Pando.xml
index d6a54ea8df4a..fc5e6db3be66 100644
--- a/src/chrome/content/rules/Pando.xml
+++ b/src/chrome/content/rules/Pando.xml
@@ -12,9 +12,9 @@
 
 	<!--	CloudFlare cookies:
 					-->
-	<!--securecookie host="^\.pando\.com$" name="^(?:__cfuid|cf_clearance)$" /-->
+	<!--securecookie host="^\.pando\.com$" name="^cf_clearance$" /-->
 
-	<securecookie host="^(?:.*\.)?pando\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Pangora.xml b/src/chrome/content/rules/Pangora.xml
deleted file mode 100644
index f2d1f43fcbcd..000000000000
--- a/src/chrome/content/rules/Pangora.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Pangora (partial)">
-
-	<target host="images.pangora.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Panic_Button.io.xml b/src/chrome/content/rules/Panic_Button.io.xml
deleted file mode 100644
index ae644a53acad..000000000000
--- a/src/chrome/content/rules/Panic_Button.io.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Panic Button.io">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="panicbutton.io" />
-	<target host="www.panicbutton.io" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Panli.com.xml b/src/chrome/content/rules/Panli.com.xml
new file mode 100644
index 000000000000..9f443e35c270
--- /dev/null
+++ b/src/chrome/content/rules/Panli.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Timeout:
+		- h5.panli.com
+		- hr.panli.com
+		- service.panli.com
+		- tech.panli.com
+		- tuan.panli.com
+
+	SSL protocol error:
+		- a.panli.com
+		- b.panli.com
+		- c.panli.com
+		- houtai.panli.com
+		- mailc.panli.com
+		- s2.panli.com
+
+	Self-signed:
+		- mail.panli.com
+		- mail2.panli.com
+
+	Mismatched:
+		- mobile.api.panli.com
+
+	HTTP != HTTPS:
+		- test.panli.com
+-->
+<ruleset name="Panli.com">
+	<target host="panli.com" />
+	<target host="www.panli.com" />
+	<target host="api.panli.com" />
+	<target host="app.api.panli.com" />
+	<target host="ats1.panli.com" />
+	<target host="img.panli.com" />
+	<target host="passport.panli.com" />
+	<target host="pay.panli.com" />
+	<target host="s1.panli.com" />
+	<target host="sf.panli.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Panopticlick.com.xml b/src/chrome/content/rules/Panopticlick.com.xml
index 5a6f85d9e78c..446759515cfa 100644
--- a/src/chrome/content/rules/Panopticlick.com.xml
+++ b/src/chrome/content/rules/Panopticlick.com.xml
@@ -1,8 +1,7 @@
 <!--
+
 	For other Electronic Frontier Foundation coverage, see EFF.xml.
 
-	Mismatched:
-		- www (CN: panopticlick.com)
 -->
 
 <ruleset name="Panopticlick.com">
@@ -11,6 +10,5 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://www\.panopticlick\.com/" to="https://panopticlick.com/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Panopto.com.xml b/src/chrome/content/rules/Panopto.com.xml
index 4ea69031513c..81c03582aa19 100644
--- a/src/chrome/content/rules/Panopto.com.xml
+++ b/src/chrome/content/rules/Panopto.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://helpdesk.panopto.com/ => https://helpdesk.panopto.com/: (6,
 	ˢ Secured by us
 
 -->
-<ruleset name="Panopto.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Panopto.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Panoptykon.org.xml b/src/chrome/content/rules/Panoptykon.org.xml
index 26334a08d9fe..7947fb6fcb6a 100644
--- a/src/chrome/content/rules/Panoptykon.org.xml
+++ b/src/chrome/content/rules/Panoptykon.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://memopol.panoptykon.org/ => https://memopol.panoptykon.org/: (6, 'Could not resolve host: memopol.panoptykon.org')
 
 -->
-<ruleset name="Panoptykon.org" default_off='failed ruleset test'>
+<ruleset name="Panoptykon.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Panoramio.com.xml b/src/chrome/content/rules/Panoramio.com.xml
index 75c4ce987bdf..b30fd173296b 100644
--- a/src/chrome/content/rules/Panoramio.com.xml
+++ b/src/chrome/content/rules/Panoramio.com.xml
@@ -15,6 +15,6 @@
 	<rule from="^http://panoramio\.com/"
 			to="https://www.panoramio.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Panthema.net.xml b/src/chrome/content/rules/Panthema.net.xml
new file mode 100644
index 000000000000..bad85424a9de
--- /dev/null
+++ b/src/chrome/content/rules/Panthema.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		- www.panthema.net
+-->
+
+<ruleset name="Panthema.net">
+	<target host="panthema.net" />
+	<target host="www.panthema.net" />
+
+	<rule from="^http://www\.panthema\.net/"
+		  to="https://panthema.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pao-pao.net.xml b/src/chrome/content/rules/Pao-pao.net.xml
index 22b072ba360c..a8b9c0ba3c14 100644
--- a/src/chrome/content/rules/Pao-pao.net.xml
+++ b/src/chrome/content/rules/Pao-pao.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.pao-pao.net/ => https://www.pao-pao.net/: (7, 'Failed to connect to www.pao-pao.net port 443: Connection refused')
 
 -->
-<ruleset name="Pao-pao.net" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Pao-pao.net" platform="mixedcontent" default_off="failed ruleset test">
   <target host="pao-pao.net" />
   <target host="www.pao-pao.net" />
 
diff --git a/src/chrome/content/rules/PaoDelicia.com.xml b/src/chrome/content/rules/PaoDelicia.com.xml
index 9166197d97ad..cf95e6313237 100644
--- a/src/chrome/content/rules/PaoDelicia.com.xml
+++ b/src/chrome/content/rules/PaoDelicia.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://paodelicia.com/ => https://paodelicia.com/: (51, "SSL: no al
 Fetch error: http://www.paodelicia.com/ => https://www.paodelicia.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.paodelicia.com'")
 
 -->
-<ruleset name="PãoDelícia.com" default_off='failed ruleset test'>
+<ruleset name="PãoDelícia.com" default_off="failed ruleset test">
 
 	<target host="paodelicia.com" />
 	<target host="www.paodelicia.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.paodelicia.com/ => https://www.paodelicia.com/: (51, "SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ParaPoupar.com.xml b/src/chrome/content/rules/ParaPoupar.com.xml
index b234c8a238ca..6eb91cb75def 100644
--- a/src/chrome/content/rules/ParaPoupar.com.xml
+++ b/src/chrome/content/rules/ParaPoupar.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.parapoupar.com/ => https://www.parapoupar.com/: (51, "SS
 Disabled by https-everywhere-checker because:
 Fetch error: http://parapoupar.com/ => https://parapoupar.com/: (51, "SSL: no alternative certificate subject name matches target host name 'parapoupar.com'")
 -->
-<ruleset name="ParaPoupar.com" default_off='failed ruleset test'>
+<ruleset name="ParaPoupar.com" default_off="failed ruleset test">
 
 	<target host="parapoupar.com" />
 	<target host="www.parapoupar.com" />
diff --git a/src/chrome/content/rules/Parabola.nu.xml b/src/chrome/content/rules/Parabola.nu.xml
index 2231f581c6d1..05abee485474 100644
--- a/src/chrome/content/rules/Parabola.nu.xml
+++ b/src/chrome/content/rules/Parabola.nu.xml
@@ -21,6 +21,6 @@
 	<target host="winston.parabola.nu" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Paradysz.xml b/src/chrome/content/rules/Paradysz.xml
index 0bc3d8fb7725..13f19a206570 100644
--- a/src/chrome/content/rules/Paradysz.xml
+++ b/src/chrome/content/rules/Paradysz.xml
@@ -11,13 +11,13 @@
 <ruleset name="Paradysz">
 
 	<target host="offeredby.net" />
-	<target host="*.offeredby.net" />
+	<target host="ssl.analytics.offeredby.net" />
+	<target host="www.offeredby.net" />
 
 
-	<securecookie host="^(?:.*\.)?offeredby\.net" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(ssl\.analytics\.|www\.)?offeredby\.net/"
-		to="https://$1offeredby.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Paragon_IE.com.xml b/src/chrome/content/rules/Paragon_IE.com.xml
index 0b206fb87d96..d89458b375ab 100644
--- a/src/chrome/content/rules/Paragon_IE.com.xml
+++ b/src/chrome/content/rules/Paragon_IE.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://asgard.paragonie.com/ => https://asgard.paragonie.com/: (6,
 		- .paragonie.com
 
 -->
-<ruleset name="Paragon IE.com" default_off='failed ruleset test'>
+<ruleset name="Paragon IE.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Parama.ca.xml b/src/chrome/content/rules/Parama.ca.xml
new file mode 100644
index 000000000000..531d86c355d9
--- /dev/null
+++ b/src/chrome/content/rules/Parama.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Parama.ca">
+	<target host="parama.ca" />
+	<target host="www.parama.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paranoidsecurity.nl.xml b/src/chrome/content/rules/Paranoidsecurity.nl.xml
deleted file mode 100644
index 335471c218fd..000000000000
--- a/src/chrome/content/rules/Paranoidsecurity.nl.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Paranoidsecurity.nl">
-	<target host="paranoidsecurity.nl" />
-	<target host="www.paranoidsecurity.nl" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Parature.com.xml b/src/chrome/content/rules/Parature.com.xml
index 9afe48fb2ac1..8722fac0907f 100644
--- a/src/chrome/content/rules/Parature.com.xml
+++ b/src/chrome/content/rules/Parature.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://shareideas.parature.com/ => https://shareideas.parature.com/
 		- favicon on shareideas from www.parature.com
 
 -->
-<ruleset name="Parature.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Parature.com (partial)" default_off="failed ruleset test">
 
 	<!--target host="parature.com" /-->
 	<target host="d1.parature.com" />
diff --git a/src/chrome/content/rules/ParcelPoint.com.au.xml b/src/chrome/content/rules/ParcelPoint.com.au.xml
new file mode 100644
index 000000000000..c7657ed13948
--- /dev/null
+++ b/src/chrome/content/rules/ParcelPoint.com.au.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional subdomains:
+		- blog	(m)
+		- wow-agent.staging	(m)
+		- store-portal	(m)
+		- support	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="ParcelPoint.com.au">
+
+	<target host="parcelpoint.com.au" />
+	<target host="www.parcelpoint.com.au" />
+	<target host="amazon.parcelpoint.com.au" />
+	<target host="amazon-au.parcelpoint.com.au" />
+	<target host="amazontest.parcelpoint.com.au" />
+	<target host="api.parcelpoint.com.au" />
+	<target host="api-pp.parcelpoint.com.au" />
+	<target host="apitest.parcelpoint.com.au" />
+	<target host="business.parcelpoint.com.au" />
+	<target host="connect.parcelpoint.com.au" />
+	<target host="partner.parcelpoint.com.au" />
+	<target host="staging.parcelpoint.com.au" />
+	<target host="amazon.staging.parcelpoint.com.au" />
+	<target host="api.staging.parcelpoint.com.au" />
+	<target host="apicfd.staging.parcelpoint.com.au" />
+	<target host="business.staging.parcelpoint.com.au" />
+	<target host="connect.staging.parcelpoint.com.au" />
+	<target host="store-portal.staging.parcelpoint.com.au" />
+	<target host="test.parcelpoint.com.au" />
+	<target host="amazon.test.parcelpoint.com.au" />
+	<target host="api.test.parcelpoint.com.au" />
+	<target host="connect.test.parcelpoint.com.au" />
+	<target host="store-portal.test.parcelpoint.com.au" />
+	<target host="partner.wow.parcelpoint.com.au" />
+	<target host="wow-agent.parcelpoint.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parcelforce.xml b/src/chrome/content/rules/Parcelforce.xml
deleted file mode 100644
index d79cc2a3ad0f..000000000000
--- a/src/chrome/content/rules/Parcelforce.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Royal Mail coverage, see Royal_Mail_Group.xml.
-
--->
-<ruleset name="Parcelforce (partial)" platform="mixedcontent">
-
-	<target host="parcelforce.com" />
-	<target host="www.parcelforce.com" />
-
-
-	<!--	- Cert only matches *.parcelforce.com
-		- Unsupported pages 301 to http
-						-->
-	<rule from="^http://parcelforce\.com/"
-		to="https://www.parcelforce.com/" />
-
-	<rule from="^http://www\.parcelforce\.com/((?:become-account-customer-today|user)(?:/?$|\?)|sites/)"
-		to="https://www.parcelforce.com/$1" />
-
-	<!--	Redirects like so, sans-https.
-						-->
-	<rule from="^http://www\.parcelforce\.com/my-account/?$"
-		to="https://www.parcelforce.com/user" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pardot.xml b/src/chrome/content/rules/Pardot.xml
index d1f62a32afb7..7bc562ed9436 100644
--- a/src/chrome/content/rules/Pardot.xml
+++ b/src/chrome/content/rules/Pardot.xml
@@ -50,7 +50,7 @@ Fetch error: http://help.pardot.com/ => https://help.pardot.com/: (51, "SSL: no
 	loaded from.
 
 -->
-<ruleset name="Pardot.com" default_off='failed ruleset test'>
+<ruleset name="Pardot.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -86,9 +86,6 @@ Fetch error: http://help.pardot.com/ => https://help.pardot.com/: (51, "SSL: no
 	<rule from="^http://(?:form-)?cdn\.pardot\.com/"
 		to="https://pi.pardot.com/" />
 
-	<rule from="^http://storage\.pardot\.com/"
-		to="https://s3.amazonaws.com/storage.pardot.com/" />
-
 	<rule from="^http://www-cdn\d?\.pardot\.com/"
 		to="https://www.pardot.com/" />
 
diff --git a/src/chrome/content/rules/Paris_Diderot_University.xml b/src/chrome/content/rules/Paris_Diderot_University.xml
index 041647969a77..38985c932d53 100644
--- a/src/chrome/content/rules/Paris_Diderot_University.xml
+++ b/src/chrome/content/rules/Paris_Diderot_University.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Park_Models_Direct.xml b/src/chrome/content/rules/Park_Models_Direct.xml
index 47bfad78551a..18032e726abb 100644
--- a/src/chrome/content/rules/Park_Models_Direct.xml
+++ b/src/chrome/content/rules/Park_Models_Direct.xml
@@ -8,9 +8,9 @@
 	<target host="www.parkmodelsdirect.com" />
 
 
-	<securecookie host="^(?:.*\.)?parkmodelsdirect\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ParkerLab.com.xml b/src/chrome/content/rules/ParkerLab.com.xml
new file mode 100644
index 000000000000..d2ab8dc17a26
--- /dev/null
+++ b/src/chrome/content/rules/ParkerLab.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- app.parkerlab.com
+-->
+
+<ruleset name="ParkerLab.com">
+	<target host="parkerlab.com" />
+	<target host="www.parkerlab.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ParkerLabs.com.xml b/src/chrome/content/rules/ParkerLabs.com.xml
new file mode 100644
index 000000000000..3e49764bb396
--- /dev/null
+++ b/src/chrome/content/rules/ParkerLabs.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Active mixed content:
+		- www.parkerlabs.com
+
+	Invalid certificate:
+		- de.parkerlabs.com
+		- es.parkerlabs.com
+		- fr.parkerlabs.com
+-->
+
+<ruleset name="ParkerLabs.com" platform="mixedcontent">
+	<target host="parkerlabs.com" />
+	<target host="www.parkerlabs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Parkerpen.com.xml b/src/chrome/content/rules/Parkerpen.com.xml
index e97e45526936..f389cdc16c3f 100644
--- a/src/chrome/content/rules/Parkerpen.com.xml
+++ b/src/chrome/content/rules/Parkerpen.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Unsupported subdomains:
-		
+
 		* origin.parkerpen.com (mismatch)
 		* parkerpen.com (mismatch)
 
@@ -19,5 +19,5 @@
 
 	<rule from="^http:"
 		to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Parrable.com.xml b/src/chrome/content/rules/Parrable.com.xml
index cfe45ed03ab0..a0a789834740 100644
--- a/src/chrome/content/rules/Parrable.com.xml
+++ b/src/chrome/content/rules/Parrable.com.xml
@@ -5,13 +5,13 @@
 <ruleset name="Parrable.com">
 
 	<target host="parrable.com" />
-	<target host="*.parrable.com" />
+	<target host="www.parrable.com" />
+	<target host="cdn.parrable.com" />
 
 
 	<rule from="^http://(?:www\.)?parrable\.com/"
 		to="https://www.parrable.com/" />
 
-	<rule from="^http://cdn\.parrable\.com/"
-		to="https://cdn.parrable.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Parrot.com.xml b/src/chrome/content/rules/Parrot.com.xml
index 80b26428fbf0..ddaa99c0888c 100644
--- a/src/chrome/content/rules/Parrot.com.xml
+++ b/src/chrome/content/rules/Parrot.com.xml
@@ -43,7 +43,7 @@ Fetch error: http://www.recrute.parrot.com/ => https://www.recrute.parrot.com/:
 	² Not secured by us <= mismatched
 
 -->
-<ruleset name="Parrot.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Parrot.com (partial)" default_off="failed ruleset test">
 
 	<target host="download.parrot.com" />
 	<target host="recrute.parrot.com" />
diff --git a/src/chrome/content/rules/Parrot.xml b/src/chrome/content/rules/Parrot.xml
index c1a924ce5e51..c7655d3b9e24 100644
--- a/src/chrome/content/rules/Parrot.xml
+++ b/src/chrome/content/rules/Parrot.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?parrot\.org/"
 		to="https://www.parrot.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ParseCDN.com.xml b/src/chrome/content/rules/ParseCDN.com.xml
index 490ede6e43d2..b34a8ac411b8 100644
--- a/src/chrome/content/rules/ParseCDN.com.xml
+++ b/src/chrome/content/rules/ParseCDN.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.parsecdn.com/js/parse-1.2.19.min.js => https://www.parse
 	^parsecdn.com doesn't exist.
 
 -->
-<ruleset name="ParseCDN.com" default_off='failed ruleset test'>
+<ruleset name="ParseCDN.com" default_off="failed ruleset test">
 
 	<target host="*.parsecdn.com" />
 
diff --git a/src/chrome/content/rules/Part_Spider.com.xml b/src/chrome/content/rules/Part_Spider.com.xml
index cd80a54b0984..6ab483092a06 100644
--- a/src/chrome/content/rules/Part_Spider.com.xml
+++ b/src/chrome/content/rules/Part_Spider.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.partspider.com/ => https://partspider.com/: (28, 'Connec
 		- partspider.com
 
 -->
-<ruleset name="Part Spider.com" default_off='failed ruleset test'>
+<ruleset name="Part Spider.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ParticlesForJustice.org.xml b/src/chrome/content/rules/ParticlesForJustice.org.xml
new file mode 100644
index 000000000000..9a9822c962c3
--- /dev/null
+++ b/src/chrome/content/rules/ParticlesForJustice.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ParticlesForJustice.org">
+	<target host="particlesforjustice.org" />
+	<target host="www.particlesforjustice.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Partypoker.com.xml b/src/chrome/content/rules/Partypoker.com.xml
index 797a4460728d..2a1a89320189 100644
--- a/src/chrome/content/rules/Partypoker.com.xml
+++ b/src/chrome/content/rules/Partypoker.com.xml
@@ -1,9 +1,8 @@
 <ruleset name="partypoker" platform="mixedcontent">
 	<target host="partypoker.com" />
-	<target host="*.partypoker.com" />
+	<target host="www.partypoker.com" />
 	<target host="p.iivt.com" />
 	<rule from="^http://partypoker\.com/" to="https://www.partypoker.com/"/>
-	<rule from="^http://www\.partypoker\.com/" to="https://www.partypoker.com/"/>
-	<rule from="^http://p\.iivt\.com/" to="https://p.iivt.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Pashm.com.xml b/src/chrome/content/rules/Pashm.com.xml
index 74409243f3c6..fdd851d716d0 100644
--- a/src/chrome/content/rules/Pashm.com.xml
+++ b/src/chrome/content/rules/Pashm.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.pashm.com/ => https://pashm.com/: (28, 'Connection timed
 		- www (redirects to http)
 
 -->
-<ruleset name="Pashm.com" default_off='failed ruleset test'>
+<ruleset name="Pashm.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PasportaServo.org.xml b/src/chrome/content/rules/PasportaServo.org.xml
deleted file mode 100644
index c8b8e6441599..000000000000
--- a/src/chrome/content/rules/PasportaServo.org.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Time out:
-		www.pasportaservo.org
-
-	Private subdomain:
-		vikio.pasportaservo.org
-
--->
-<ruleset name="pasportaservo.org">
-
-	<target host="pasportaservo.org" />
-	<target host="www.pasportaservo.org" />
-	<target host="ido.pasportaservo.org" />
-
-	<rule from="^http://www\.pasportaservo\.org/"
-		to="https://pasportaservo.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PassSource.xml b/src/chrome/content/rules/PassSource.xml
index 8af3320b9fc7..40b27d33ce36 100644
--- a/src/chrome/content/rules/PassSource.xml
+++ b/src/chrome/content/rules/PassSource.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PassageBank.xml b/src/chrome/content/rules/PassageBank.xml
index 134dde8daadc..338537302da5 100644
--- a/src/chrome/content/rules/PassageBank.xml
+++ b/src/chrome/content/rules/PassageBank.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(www\.)?passagebank\.com/img/"
 		to="https://$1passagebank.com/img/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passed.cc.xml b/src/chrome/content/rules/Passed.cc.xml
index 773663db134d..0185b566239c 100644
--- a/src/chrome/content/rules/Passed.cc.xml
+++ b/src/chrome/content/rules/Passed.cc.xml
@@ -5,7 +5,7 @@ Fetch error: http://passed.cc/ => https://passed.cc/: (35, 'Unknown SSL protocol
 Fetch error: http://www.passed.cc/ => https://www.passed.cc/: (35, 'Unknown SSL protocol error in connection to www.passed.cc:443 ')
 
 -->
-<ruleset name="Passed.cc" default_off='failed ruleset test'>
+<ruleset name="Passed.cc" default_off="failed ruleset test">
 
 	<target host="passed.cc" />
 	<target host="www.passed.cc" />
@@ -16,4 +16,4 @@ Fetch error: http://www.passed.cc/ => https://www.passed.cc/: (35, 'Unknown SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passionfruit_Ads.com.xml b/src/chrome/content/rules/Passionfruit_Ads.com.xml
index 3c035bc3907b..8429536681f3 100644
--- a/src/chrome/content/rules/Passionfruit_Ads.com.xml
+++ b/src/chrome/content/rules/Passionfruit_Ads.com.xml
@@ -33,10 +33,12 @@ Fetch error: http://passionfruitads.com/ => https://app.passionfruitads.com/: (7
 		- load		(→ passionfruit.herokuapp.com)
 
 -->
-<ruleset name="Passionfruit Ads.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Passionfruit Ads.com (partial)" default_off="failed ruleset test">
 
 	<target host="passionfruitads.com" />
-	<target host="*.passionfruitads.com" />
+	<target host="app.passionfruitads.com" />
+	<target host="www.passionfruitads.com" />
+	<target host="load.passionfruitads.com" />
 
 
 	<securecookie host="^app\.passionfruitads\.com$" name=".+" />
@@ -50,4 +52,4 @@ Fetch error: http://passionfruitads.com/ => https://app.passionfruitads.com/: (7
 	<rule from="^http://load\.passionfruitads\.com/"
 		to="https://passionfruit.herokuapp.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Passwd.hu.xml b/src/chrome/content/rules/Passwd.hu.xml
index e4208c93e66c..8bc91b926e5d 100644
--- a/src/chrome/content/rules/Passwd.hu.xml
+++ b/src/chrome/content/rules/Passwd.hu.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?passwd\.hu/"
 		to="https://www.passwd.hu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PasswordBox.com.xml b/src/chrome/content/rules/PasswordBox.com.xml
index 516667907b06..6d80787421b5 100644
--- a/src/chrome/content/rules/PasswordBox.com.xml
+++ b/src/chrome/content/rules/PasswordBox.com.xml
@@ -17,22 +17,22 @@ Fetch error: http://psswrdbx.com/ => https://psswrdbx.com/: (28, 'Operation time
 			- extensions
 
 -->
-<ruleset name="PasswordBox.com" default_off='failed ruleset test'>
+<ruleset name="PasswordBox.com" default_off="failed ruleset test">
 
 	<target host="passwordbox.com" />
-	<target host="*.passwordbox.com" />
+	<target host="blog.passwordbox.com" />
+	<target host="www.passwordbox.com" />
 	<target host="psswrdbx.com" />
-	<target host="*.psswrdbx.com" />
+	<target host="assets-production.psswrdbx.com" />
+	<target host="extensions.psswrdbx.com" />
+	<target host="www.psswrdbx.com" />
 
 
 	<securecookie host="^\.passwordbox.com$" name=".+" />
 	<securecookie host="^\.psswrdbx\.com$" name=".+" />
 
 
-	<rule from="^http://(blog\.|www\.)?passwordbox\.com/"
-		to="https://$1passwordbox.com/" />
 
-	<rule from="^http://((?:assets-production|extensions|www)\.)?psswrdbx\.com/"
-		to="https://$1psswrdbx.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paste.ee.xml b/src/chrome/content/rules/Paste.ee.xml
index bcf9540a05b9..c11803388e6e 100644
--- a/src/chrome/content/rules/Paste.ee.xml
+++ b/src/chrome/content/rules/Paste.ee.xml
@@ -15,7 +15,7 @@ Non-2xx HTTP code: http://www.paste.ee/ (200) => https://www.paste.ee/ (404)
 		- www.paste.ee
 
 -->
-<ruleset name="Paste.ee" default_off='failed ruleset test'>
+<ruleset name="Paste.ee" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pastebin.ca.xml b/src/chrome/content/rules/Pastebin.ca.xml
index 13201eedca26..197317effefd 100644
--- a/src/chrome/content/rules/Pastebin.ca.xml
+++ b/src/chrome/content/rules/Pastebin.ca.xml
@@ -16,7 +16,7 @@
 	<target host="root.pastebin.ca" />
 	<target host="stats.pastebin.ca" />
 	<target host="wordpress.pastebin.ca" />
-	
+
 	<target host="de.pastebin.ca" />
 	<target host="en.pastebin.ca" />
 	<target host="fr.pastebin.ca" />
diff --git a/src/chrome/content/rules/Patches-Scrolls.com.xml b/src/chrome/content/rules/Patches-Scrolls.com.xml
new file mode 100644
index 000000000000..27eb0c21b2d1
--- /dev/null
+++ b/src/chrome/content/rules/Patches-Scrolls.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="Patches-Scrolls.com">
+	<target host="patches-scrolls.com" />
+	<target host="www.patches-scrolls.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patches-Scrolls.de.xml b/src/chrome/content/rules/Patches-Scrolls.de.xml
new file mode 100644
index 000000000000..ab7137003643
--- /dev/null
+++ b/src/chrome/content/rules/Patches-Scrolls.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- old
+		- psychodad
+-->
+<ruleset name="Patches-Scrolls.de">
+	<target host="patches-scrolls.de" />
+	<target host="www.patches-scrolls.de" />
+	<target host="mail.patches-scrolls.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PathDefender.com.xml b/src/chrome/content/rules/PathDefender.com.xml
deleted file mode 100644
index 2a4228ad153e..000000000000
--- a/src/chrome/content/rules/PathDefender.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Intel coverage, see Intel.xml.
-
--->
-<ruleset name="PathDefender.com">
-
-	<target host="pathdefender.com" />
-	<target host="www.pathdefender.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^www\.pathdefender\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Path_of_Exile.com.xml b/src/chrome/content/rules/Path_of_Exile.com.xml
index a4d7c3d60ef9..05160eef75cb 100644
--- a/src/chrome/content/rules/Path_of_Exile.com.xml
+++ b/src/chrome/content/rules/Path_of_Exile.com.xml
@@ -16,19 +16,18 @@
 <ruleset name="Path of Exile.com">
 
 	<target host="pathofexile.com" />
-	<target host="*.pathofexile.com" />
+	<target host="www.pathofexile.com" />
+	<target host="webcdn.pathofexile.com" />
 
 
 	<securecookie host="^www\.pathofexile\.com$" name=".+" />
 
-	<test url="http://www.pathofexile.com/" />
 	<test url="http://webcdn.pathofexile.com/public/chris/1303challenges.png" />
 
 
-	<rule from="^http://(www\.)?pathofexile\.com/"
-		to="https://$1pathofexile.com/" />
 
 	<rule from="^http://webcdn\.pathofexile\.com/"
 		to="https://p7p4m6s5.ssl.hwcdn.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pathways2gsfa.org.xml b/src/chrome/content/rules/Pathways2gsfa.org.xml
index f4e443faf7de..280c7e5d632b 100644
--- a/src/chrome/content/rules/Pathways2gsfa.org.xml
+++ b/src/chrome/content/rules/Pathways2gsfa.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.pathways2gsfa.org/ => https://www.pathways2gsfa.org/: (6
 	^: cert only matches www
 
 -->
-<ruleset name="pathways2gsfa.org" default_off='failed ruleset test'>
+<ruleset name="pathways2gsfa.org" default_off="failed ruleset test">
 
 	<target host="pathways2gsfa.org" />
 	<target host="www.pathways2gsfa.org" />
diff --git a/src/chrome/content/rules/PatientsLikeMe.com.xml b/src/chrome/content/rules/PatientsLikeMe.com.xml
index 0ef639f7d3d1..f3857d6fd12a 100644
--- a/src/chrome/content/rules/PatientsLikeMe.com.xml
+++ b/src/chrome/content/rules/PatientsLikeMe.com.xml
@@ -43,7 +43,9 @@
 <ruleset name="PatientsLikeMe.com (partial)">
 
 	<target host="patientslikeme.com" />
-	<target host="*.patientslikeme.com" />
+	<target host="news.patientslikeme.com" />
+	<target host="support.patientslikeme.com" />
+	<target host="www.patientslikeme.com" />
 		<!--
 			Redirects to http:
 						-->
diff --git a/src/chrome/content/rules/Patreon.com.xml b/src/chrome/content/rules/Patreon.com.xml
index d98f33e88145..54078db8ce92 100644
--- a/src/chrome/content/rules/Patreon.com.xml
+++ b/src/chrome/content/rules/Patreon.com.xml
@@ -20,7 +20,7 @@
 <ruleset name="Patreon.com (partial)">
 
 	<target host="patreon.com" />
-	<target host="*.patreon.com" />
+	<target host="www.patreon.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/PatriotPost.com.xml b/src/chrome/content/rules/PatriotPost.com.xml
new file mode 100644
index 000000000000..7eeafb8d2d84
--- /dev/null
+++ b/src/chrome/content/rules/PatriotPost.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other PatriotPost.us related rulesets, see PatriotPost.us.xml
+-->
+<ruleset name="PatriotPost.com (partial)">
+	<target host="patriotpost.com" />
+	<target host="www.patriotpost.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PatriotPost.us.xml b/src/chrome/content/rules/PatriotPost.us.xml
new file mode 100644
index 000000000000..f693dfa80e73
--- /dev/null
+++ b/src/chrome/content/rules/PatriotPost.us.xml
@@ -0,0 +1,17 @@
+<!--
+	Other PatriotPost.us related ruleset:
+		+ PatriotPost.com.xml
+-->
+<ruleset name="PatriotPost.us">
+	<target host="patriotpost.us" />
+	<target host="www.patriotpost.us" />
+	<target host="cached-assets.patriotpost.us" />
+	<test url="http://cached-assets.patriotpost.us/layout/sidebar_shop_2nd_v2.jpg" />
+	<target host="media.patriotpost.us" />
+	<test url="http://media.patriotpost.us/humor/2011/08-23.html" />
+	<test url="http://media.patriotpost.us/pdf/ref/500scientists.pdf" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patriotgaming.com.xml b/src/chrome/content/rules/Patriotgaming.com.xml
new file mode 100644
index 000000000000..91322e76dc2e
--- /dev/null
+++ b/src/chrome/content/rules/Patriotgaming.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Patriotgaming.com">
+	<target host="patriotgaming.com" />
+	<target host="www.patriotgaming.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Patriotsuperbowl.us.xml b/src/chrome/content/rules/Patriotsuperbowl.us.xml
deleted file mode 100644
index 45d82032c06c..000000000000
--- a/src/chrome/content/rules/Patriotsuperbowl.us.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	- CN: *.lxlabs.com
-	- ^ redirects to www
-
--->
-<ruleset name="patriotssuperbowl.us" default_off="expired, mismatched">
-
-	<target host="boxus.com" />
-	<target host="www.boxus.com" />
-	<target host="patriotssuperbowl.us" />
-	<target host="www.patriotssuperbowl.us" />
-	<target host="*.www.patriotssuperbowl.us" />
-	
-
-	<securecookie host="^\.www\.patriotssuperbowl\.us$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(?:boxus\.com|patriotssuperbowl\.us)/"
-		to="https://www.patriotssuperbowl.us/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PaulDotCom.com.xml b/src/chrome/content/rules/PaulDotCom.com.xml
index 67dc7b62b083..7e48ad07db64 100644
--- a/src/chrome/content/rules/PaulDotCom.com.xml
+++ b/src/chrome/content/rules/PaulDotCom.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.pauldotcom.com/ => https://www.pauldotcom.com/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="PaulDotCom.com (partial, false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="PaulDotCom.com (partial, false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="pauldotcom.com" />
 	<target host="www.pauldotcom.com" />
diff --git a/src/chrome/content/rules/Paxton_Record.xml b/src/chrome/content/rules/Paxton_Record.xml
index 776013ab18d0..74c3a73bb0af 100644
--- a/src/chrome/content/rules/Paxton_Record.xml
+++ b/src/chrome/content/rules/Paxton_Record.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?paxtonrecord\.net/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.paxtonrecord.net/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PayGarden.com.xml b/src/chrome/content/rules/PayGarden.com.xml
index 61c1be7ec291..2c493e90140d 100644
--- a/src/chrome/content/rules/PayGarden.com.xml
+++ b/src/chrome/content/rules/PayGarden.com.xml
@@ -6,7 +6,7 @@
 	<target host="secure.paygarden.com" />
 	<target host="twitch.paygarden.com" />
 
-  	<securecookie host="^.*paygarden\.com$" name=".+" />
+  	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/PayPal-Gifts.com.xml b/src/chrome/content/rules/PayPal-Gifts.com.xml
new file mode 100644
index 000000000000..54e2b8f32715
--- /dev/null
+++ b/src/chrome/content/rules/PayPal-Gifts.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal-Gifts.com">
+
+	<target host="paypal-gifts.com" />
+	<target host="www.paypal-gifts.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://paypal-gifts\.com/"
+		to="https://www.paypal-gifts.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPal.co.uk.xml b/src/chrome/content/rules/PayPal.co.uk.xml
index 8bb3838ff11c..9b758ffadbf0 100644
--- a/src/chrome/content/rules/PayPal.co.uk.xml
+++ b/src/chrome/content/rules/PayPal.co.uk.xml
@@ -1,11 +1,27 @@
 <!--
 	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- business		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="PayPal.co.uk">
+
 	<target host="paypal.co.uk" />
 	<target host="www.paypal.co.uk" />
+	<target host="information.paypal.co.uk" />
+	<target host="m.paypal.co.uk" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" to="https:" />
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PayPal.me.xml b/src/chrome/content/rules/PayPal.me.xml
new file mode 100644
index 000000000000..6d3f6b61bc4f
--- /dev/null
+++ b/src/chrome/content/rules/PayPal.me.xml
@@ -0,0 +1,27 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- donate	(t)
+		- s			(t)
+		- vote		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal.me">
+
+	<target host="paypal.me" />
+	<target host="www.paypal.me" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayPal.xml b/src/chrome/content/rules/PayPal.xml
index d7a8746695f1..3f675e1a3cb0 100644
--- a/src/chrome/content/rules/PayPal.xml
+++ b/src/chrome/content/rules/PayPal.xml
@@ -2,7 +2,6 @@
 	Other PayPal rulesets:
 
 		- PayPal_Forward.xml
-		- paypalobjects.com.xml
 		- Where.com.xml
 		- PayPal.co.uk.xml
 
diff --git a/src/chrome/content/rules/PayPal_Forward.xml b/src/chrome/content/rules/PayPal_Forward.xml
index 31d9412b82d3..1006ddc0b04c 100644
--- a/src/chrome/content/rules/PayPal_Forward.xml
+++ b/src/chrome/content/rules/PayPal_Forward.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.paypal-forward.com/ => https://www.paypal-forward.com/:
 	For other PayPal coverage, see PayPal.xml.
 
 -->
-<ruleset name="PayPal | Forward" default_off='failed ruleset test'>
+<ruleset name="PayPal | Forward" default_off="failed ruleset test">
 
 	<target host="paypal-forward.com" />
 	<target host="www.paypal-forward.com" />
@@ -15,4 +15,4 @@ Fetch error: http://www.paypal-forward.com/ => https://www.paypal-forward.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PayPalobjects.com.xml b/src/chrome/content/rules/PayPalobjects.com.xml
new file mode 100644
index 000000000000..bf700e0957c9
--- /dev/null
+++ b/src/chrome/content/rules/PayPalobjects.com.xml
@@ -0,0 +1,25 @@
+<!--
+	For other PayPal coverage, see PayPal.xml.
+
+
+	Non-functional subdomains:
+		- content	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PayPal objects.com">
+
+	<target host="paypalobjects.com" />
+	<target host="www.paypalobjects.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PaySmart.com.au.xml b/src/chrome/content/rules/PaySmart.com.au.xml
new file mode 100644
index 000000000000..cb58ceb7a53c
--- /dev/null
+++ b/src/chrome/content/rules/PaySmart.com.au.xml
@@ -0,0 +1,32 @@
+<!--
+	Non-functional subdomains:
+
+		- (www.)paysmart.com.au		(i)
+
+		- ffapaysmart.com.au
+			- crm		(m)
+			- mail1		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PaySmart.com.au">
+
+	<target host="autodiscover.paysmart.com.au" />
+	<target host="mail.paysmart.com.au" />
+
+	<target host="autodiscover.ffapaysmart.com.au" />
+	<target host="express.ffapaysmart.com.au" />
+	<target host="interlink.ffapaysmart.com.au" />
+	<target host="mail.ffapaysmart.com.au" />
+	<target host="psdn.ffapaysmart.com.au" />
+	<target host="webexpress-sample.ffapaysmart.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PayTrust.com.xml b/src/chrome/content/rules/PayTrust.com.xml
new file mode 100644
index 000000000000..ed13141ec2e4
--- /dev/null
+++ b/src/chrome/content/rules/PayTrust.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- paytrust.com
+		- www.paytrust.com
+-->
+<ruleset name="PayTrust.com">
+	<target host="billscenter.paytrust.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PaymentsSource.com.xml b/src/chrome/content/rules/PaymentsSource.com.xml
index 3ab6f84f99df..c138ed7ce3c3 100644
--- a/src/chrome/content/rules/PaymentsSource.com.xml
+++ b/src/chrome/content/rules/PaymentsSource.com.xml
@@ -8,10 +8,11 @@
 <ruleset name="PaymentsSource.com" default_off="mismatched">
 
 	<target host="paymentssource.com" />
-	<target host="*.paymentssource.com" />
+	<target host="cdn.paymentssource.com" />
+	<target host="www.paymentssource.com" />
 
 
 	<rule from="^http://(?:cdn\.|www\.)?paymentssource\.com/"
 		to="https://www.paymentssource.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Payoneer.com.xml b/src/chrome/content/rules/Payoneer.com.xml
index e8e031232313..6e01494527ae 100644
--- a/src/chrome/content/rules/Payoneer.com.xml
+++ b/src/chrome/content/rules/Payoneer.com.xml
@@ -1,18 +1,29 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://payoneer.com/ => https://payoneer.com/: (7, 'Failed to connect to payoneer.com port 443: Connection timed out')
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- go.payoneer.com
 -->
-<ruleset name="Payoneer.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Payoneer.com">
 	<target host="payoneer.com" />
 	<target host="www.payoneer.com" />
+	<target host="blog.payoneer.com" />
+	<target host="community.payoneer.com" />
+	<target host="explore.payoneer.com" />
+	<target host="it.payoneer.com" />
+	<target host="login.payoneer.com" />
+	<target host="myaccount.payoneer.com" />
+	<target host="partners.payoneer.com" />
+	<target host="paynow.payoneer.com" />
+	<target host="payouts.payoneer.com" />
+	<target host="register.payoneer.com" />
+	<target host="myaccount.sandbox.payoneer.com" />
+	<target host="partners.sandbox.payoneer.com" />
+	<target host="share.payoneer.com" />
+	<target host="taxforms.payoneer.com" />
+	<target host="user.payoneer.com" />
+	<target host="www-stg.payoneer.com" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Payonline.ru.xml b/src/chrome/content/rules/Payonline.ru.xml
index caf9b3363b2b..847255a3add9 100644
--- a/src/chrome/content/rules/Payonline.ru.xml
+++ b/src/chrome/content/rules/Payonline.ru.xml
@@ -5,7 +5,7 @@ smasol. mismatch-->
 	<target host="payonline.ru" />
 	<target host="www.payonline.ru" />
 	<target host="secure.payonlinesystem.com" />
-	
+
 	<rule from="^http://www\.payonline\.ru/"
 		to="https://payonline.ru/" />
 
diff --git a/src/chrome/content/rules/Paypal_Giving_Fund.org.xml b/src/chrome/content/rules/Paypal_Giving_Fund.org.xml
index 04312d3bdf12..041c3314d9c8 100644
--- a/src/chrome/content/rules/Paypal_Giving_Fund.org.xml
+++ b/src/chrome/content/rules/Paypal_Giving_Fund.org.xml
@@ -27,7 +27,7 @@ Fetch error: http://paypalgivingfund.org/ => https://paypalgivingfund.org/: (51,
 		- Bug from www.facebook.com
 
 -->
-<ruleset name="Paypal Giving Fund.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Paypal Giving Fund.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Paysafecard.com.xml b/src/chrome/content/rules/Paysafecard.com.xml
index 036a23afdbc9..1dfe1154ee13 100644
--- a/src/chrome/content/rules/Paysafecard.com.xml
+++ b/src/chrome/content/rules/Paysafecard.com.xml
@@ -14,7 +14,9 @@
 <ruleset name="paysafecard.com">
 
 	<target host="paysafecard.com" />
-	<target host="*.paysafecard.com" />
+	<target host="www.paysafecard.com" />
+	<target host="mypins.paysafecard.com" />
+	<target host="static.paysafecard.com" />
 
 
 	<securecookie host="^(?:mypins|static|www)?\.paysafecard\.com$" name=".+" />
@@ -23,7 +25,6 @@
 	<rule from="^http://(?:www\.)?paysafecard\.com/"
 		to="https://www.paysafecard.com/" />
 
-	<rule from="^http://(mypins|static)\.paysafecard\.com/"
-		to="https://$1.paysafecard.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Paysol.se.xml b/src/chrome/content/rules/Paysol.se.xml
index b1efe595cd2e..675070fbbadd 100644
--- a/src/chrome/content/rules/Paysol.se.xml
+++ b/src/chrome/content/rules/Paysol.se.xml
@@ -6,7 +6,7 @@ Fetch error: http://secure.paysol.se/ => https://secure.paysol.se/: (60, 'SSL ce
 Disabled by https-everywhere-checker because:
 Fetch error: http://secure.paysol.se/ => https://secure.paysol.se/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Paysol.se" default_off='failed ruleset test'>
+<ruleset name="Paysol.se" default_off="failed ruleset test">
   <target host="secure.paysol.se" />
 
   <!-- Subdomain www and secure hosts different pages. Cert is for secure.paysol.se. -->
diff --git a/src/chrome/content/rules/Payson.xml b/src/chrome/content/rules/Payson.xml
index a78bdea308c2..29f7c29f5867 100644
--- a/src/chrome/content/rules/Payson.xml
+++ b/src/chrome/content/rules/Payson.xml
@@ -1,18 +1,29 @@
-<ruleset name="Payson">
-
-	<target host="payson.se" />
-	<target host="*.payson.se" />
+<!--
+	Invalid certificate:
 
+		- autodiscover.payson.se   (CN mismatch)
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.payson\.se$" name="^(ASP\.NET_SessionId|i18n_lang)$" /-->
+	404 on HTTPS:
 
-	<securecookie host="^(?:www)?\.payson\.se$" name=".+" />
+		- test-mobileapi.payson.se
+-->
+<ruleset name="Payson">
 
+	<target host="payson.se" />
+	<target host="www.payson.se" />
+	<target host="account.payson.se" />
+	<target host="admin.payson.se" />
+	<target host="api.payson.se" />
+	<target host="apigateway.payson.se" />
+	<target host="card.payson.se" />
+	<target host="checkout.payson.se" />
+	<target host="demoshop.payson.se" />
+	<target host="embedded.payson.se" />
+	<target host="tech.payson.se" />
+	<target host="test-api.payson.se" />
+	<target host="test-checkout.payson.se" />
+	<target host="test-www.payson.se" />
 
-	<!--	Cert only matches www.	-->
-	<rule from="^http://(?:www\.)?payson\.se/"
-		to="https://www.payson.se/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Paytoll.xml b/src/chrome/content/rules/Paytoll.xml
index c907b0197710..654e83835de6 100644
--- a/src/chrome/content/rules/Paytoll.xml
+++ b/src/chrome/content/rules/Paytoll.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://secure.paytoll.eu/ (200) => https://secure.paytoll.eu/
 	For other Eventim coverage, see Eventim.com.xml.
 
 -->
-<ruleset name="Paytoll" default_off='failed ruleset test'>
+<ruleset name="Paytoll" default_off="failed ruleset test">
 
 	<target host="secure.paytoll.eu" />
 
@@ -16,4 +16,4 @@ Non-2xx HTTP code: http://secure.paytoll.eu/ (200) => https://secure.paytoll.eu/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Payza.xml b/src/chrome/content/rules/Payza.xml
deleted file mode 100644
index d85025533fea..000000000000
--- a/src/chrome/content/rules/Payza.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Payza">
-
-	<target host="payza.com" />
-	<target host="*.payza.com" />
-
-
-	<securecookie host=".+\.payza\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?payza\.com/"
-		to="https://www.payza.com/" />
-
-	<rule from="^http://secure\.payza\.com/"
-		to="https://secure.payza.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pbsrc.com.xml b/src/chrome/content/rules/Pbsrc.com.xml
index a0f3dd492a6b..f48e4d024c69 100644
--- a/src/chrome/content/rules/Pbsrc.com.xml
+++ b/src/chrome/content/rules/Pbsrc.com.xml
@@ -51,7 +51,7 @@
 
 -->
 <ruleset name="Pbsrc.com (partial)">
-	
+
 	<!-- https://github.com/EFForg/https-everywhere/issues/3527 -->
 	<exclusion pattern="^http://pic2\.pbsrc\.com/flash/ZeroClipboardFV3\.swf" />
 	<exclusion pattern="^http://static2\.pbsrc\.com/$" />
@@ -80,7 +80,7 @@
 
 		<test url="http://static2.pbsrc.com/" />
 
-	
+
 	<rule from="^http://pic\.pbsrc\.com/"
 		to="https://pbsrc.com/" />
 
diff --git a/src/chrome/content/rules/Pcengines.ch.xml b/src/chrome/content/rules/Pcengines.ch.xml
new file mode 100644
index 000000000000..d16c2602653f
--- /dev/null
+++ b/src/chrome/content/rules/Pcengines.ch.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- julien
+		- mail
+-->
+<ruleset name="Pcengines.ch">
+	<target host="pcengines.ch" />
+	<target host="www.pcengines.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PeKwm.org.xml b/src/chrome/content/rules/PeKwm.org.xml
deleted file mode 100644
index df9c32c01d7a..000000000000
--- a/src/chrome/content/rules/PeKwm.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - mx.pekwm.org
--->
-<ruleset name="PeKwm.org">
-	<target host="pekwm.org" />
-	<target host="www.pekwm.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml b/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml
index 960b66e34d33..69ce2e49efa9 100644
--- a/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml
+++ b/src/chrome/content/rules/Peace_Center_for_the_Performing_Arts.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pearson.xml b/src/chrome/content/rules/Pearson.xml
index f17e778e33fd..a0cf4097a0c8 100644
--- a/src/chrome/content/rules/Pearson.xml
+++ b/src/chrome/content/rules/Pearson.xml
@@ -1,59 +1,42 @@
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://register.pearsoncmg.com/ => https://register.pearsoncmg.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 	Other Pearson rulesets:
+		- InformIT.com.xml
 
-		- InformIT.xml
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- thelearningcurve.pearson.com
+		- pearsoncmg.com
+		- www.pearsoncmg.com
+		- vue.com
+		- www.vue.com
+		- www8.vue.com
 
+		Incomplete certificate chain error:
+		- pearson.com
 
-	Nonfunctional domains:
-
-		- pearson.com subdomains:
-
-			- (www.) *
-			- blog *
-			- cr2012		(dropped)
-			- thelearningcurve	(refused)
-
-	* http reply
-
-
-	Fully covered domains:
-
+		Redirects to HTTP:
 		- developer.pearson.com
-		- neo.pearson.com
-		- register.pearsoncmg.com
-		- (www.)pearsonvue.com *
-		- www8.pearsonvue.com
-		- (www.)vue.com *
-
-	* → www8.pearsonvue.com
-
 -->
-<ruleset name="Pearson (partial)" platform="mixedcontent">
-
-	<target host="*.pearson.com" />
+<ruleset name="Pearson (partial)">
+	<!-- *.pearson.com -->
+	<target host="pearson.com" />
+	<target host="www.pearson.com" />
+	<target host="cr2012.pearson.com" />
+	<target host="neo.pearson.com" />
+
+	<!-- *.pearsoncmg.com -->
 	<target host="register.pearsoncmg.com" />
-	<target host="pearsonvue.com" />
-	<target host="*.pearsonvue.com" />
-	<target host="vue.com" />
-	<target host="www.vue.com" />
-
+		<test url="http://register.pearsoncmg.com/userprofile" />
 
-	<securecookie host="^\.?(?:developer|neo)\.pearson\.com$" name=".+" />
-	<securecookie host="^register\.pearsoncmg\.com$" name=".+" />
-	<securecookie host="^www8\.pearsonvue\.com$" name=".+" />
-
-
-	<rule from="^http://(developer|neo)\.pearson\.com/"
-		to="https://$1.pearson.com/" />
+	<!-- *.pearsonvue.com -->
+	<target host="pearsonvue.com" />
+	<target host="www.pearsonvue.com" />
+	<target host="www8.pearsonvue.com" />
 
-	<rule from="^http://register\.pearsoncmg\.com/"
-		to="https://register.pearsoncmg.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<!--	Should this always go to www8?  Some other numbers work too.
-										-->
-	<rule from="^http://(?:www8?\.)?(?:pearson)?vue\.com/"
-		to="https://www8.pearsonvue.com/" />
+	<rule from="^http://pearson\.com/"
+		to="https://www.pearson.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pebble.xml b/src/chrome/content/rules/Pebble.xml
index 805098e0bf4e..3fc0ea27d093 100644
--- a/src/chrome/content/rules/Pebble.xml
+++ b/src/chrome/content/rules/Pebble.xml
@@ -9,7 +9,10 @@
 <ruleset name="Pebble (partial)">
 
 	<target host="getpebble.com" />
-	<target host="*.getpebble.com" />
+	<target host="www.getpebble.com" />
+	<target host="account.getpebble.com" />
+	<target host="developer.getpebble.com" />
+	<target host="forums.getpebble.com" />
 
 
 	<securecookie host="^account\.getpebble\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Peer1.ca.xml b/src/chrome/content/rules/Peer1.ca.xml
deleted file mode 100644
index 0e750238709b..000000000000
--- a/src/chrome/content/rules/Peer1.ca.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(redirects to http, valid cert)
-
--->
-<ruleset name="Peer1.ca (partial)">
-
-	<target host="*.peer1.com" />
-
-
-	<securecookie host="^(?:www\.)?partners\.peer1\.ca$" name=".+" />
-
-
-	<rule from="^http://(www\.)?partners\.peer1\.ca/"
-		to="https://$1partners.peer1.ca/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PeerLibrary.org.xml b/src/chrome/content/rules/PeerLibrary.org.xml
index c1dc1ee657bf..841b06c988f0 100644
--- a/src/chrome/content/rules/PeerLibrary.org.xml
+++ b/src/chrome/content/rules/PeerLibrary.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.peerlibrary.org/ => https://www.peerlibrary.org/: (51, "
 	* Tumblr
 
 -->
-<ruleset name="PeerLibrary.org (partial)" default_off='failed ruleset test'>
+<ruleset name="PeerLibrary.org (partial)" default_off="failed ruleset test">
 
 	<target host="peerlibrary.org" />
 	<target host="www.peerlibrary.org" />
diff --git a/src/chrome/content/rules/PeerTransfer.com.xml b/src/chrome/content/rules/PeerTransfer.com.xml
index 6a42f0408bf8..5c1ef2822ad9 100644
--- a/src/chrome/content/rules/PeerTransfer.com.xml
+++ b/src/chrome/content/rules/PeerTransfer.com.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://info.peertransfer.com/css/mktLPSupport.css (200) => ht
 Non-2xx HTTP code: http://info.peertransfer.com/rs/857-SYJ-051/images/ptflywirelogo.png (200) => https://na-abm.marketo.com/rs/857-SYJ-051/images/ptflywirelogo.png (403)
 
 	Nonfunctional hosts in *peertransfer.com:
-	
+
 		- info *
 
 	* Marketo
@@ -27,7 +27,7 @@ Non-2xx HTTP code: http://info.peertransfer.com/rs/857-SYJ-051/images/ptflywirel
 	* Secured by us
 
 -->
-<ruleset name="peerTransfer.com (partial)" default_off='failed ruleset test'>
+<ruleset name="peerTransfer.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Peerio.com.xml b/src/chrome/content/rules/Peerio.com.xml
deleted file mode 100644
index e6814b7d8b87..000000000000
--- a/src/chrome/content/rules/Peerio.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .peerio.com
-
--->
-<ruleset name="Peerio.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="peerio.com" />
-	<target host="www.peerio.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.peerio\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.peerio\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Peerius.com-problematic.xml b/src/chrome/content/rules/Peerius.com-problematic.xml
index 67f274da85d2..3fa7d15ba4be 100644
--- a/src/chrome/content/rules/Peerius.com-problematic.xml
+++ b/src/chrome/content/rules/Peerius.com-problematic.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?deutsch\.peerius\.com/"
 		to="https://www.deutsch.peerius.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Peerius.com.xml b/src/chrome/content/rules/Peerius.com.xml
index 6906660ed632..d8a587747584 100644
--- a/src/chrome/content/rules/Peerius.com.xml
+++ b/src/chrome/content/rules/Peerius.com.xml
@@ -32,4 +32,4 @@
 	<rule from="^http://(?!deutsch\.|www\.)([\w-]+)\.peerius\.com/"
 		to="https://$1.peerius.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Peertech.org.xml b/src/chrome/content/rules/Peertech.org.xml
index 70add45016e0..6f1e9f61b5ae 100644
--- a/src/chrome/content/rules/Peertech.org.xml
+++ b/src/chrome/content/rules/Peertech.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://peertech.org/ => https://peertech.org/: (28, 'Connection tim
 Fetch error: http://www.peertech.org/ => https://www.peertech.org/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="peertech.org" default_off='failed ruleset test'>
+<ruleset name="peertech.org" default_off="failed ruleset test">
 	<target host="peertech.org" />
 	<target host="www.peertech.org" />
 
diff --git a/src/chrome/content/rules/Peff.net.xml b/src/chrome/content/rules/Peff.net.xml
new file mode 100644
index 000000000000..5edb28d58d18
--- /dev/null
+++ b/src/chrome/content/rules/Peff.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- www.peff.net, equivalent to peff.net
+		- a.mx.peff.net
+		- a.ns.peff.net
+-->
+
+<ruleset name="Peff.net">
+	<target host="peff.net" />
+	<target host="www.peff.net" />
+
+	<rule from="^http://www\.peff\.net/"
+		  to="https://peff.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pega.xml b/src/chrome/content/rules/Pega.xml
index 66764abecb8f..942ba7dda9ec 100644
--- a/src/chrome/content/rules/Pega.xml
+++ b/src/chrome/content/rules/Pega.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://staging.pega.com/ => https://staging.pega.com/: (6, 'Could not resolve host: staging.pega.com')
+
 	Problematic subdomains:
 
 		- ^	(times out)
@@ -11,14 +16,8 @@
 <ruleset name="Pega (partial)">
 
 	<target host="pega.com" />
-	<target host="*.pega.com" />
-
-
-	<rule from="^http://(?:www\.)?pega\.com/(misc/|sites/|user(?:$|\?|/))"
-		to="https://www.pega.com/$1" />
-
-	<rule from="^http://staging\.pega\.com/(sites/|user(?:$|\?|/))"
-		to="https://staging.pega.com/$1" />
-
+	<target host="www.pega.com" />
+	<!-- target host="staging.pega.com" /-->
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pegaz_Hosting.com.xml b/src/chrome/content/rules/Pegaz_Hosting.com.xml
index f936779c70a7..51ff94745e56 100644
--- a/src/chrome/content/rules/Pegaz_Hosting.com.xml
+++ b/src/chrome/content/rules/Pegaz_Hosting.com.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Penango.xml b/src/chrome/content/rules/Penango.xml
deleted file mode 100644
index 46af4649cd7e..000000000000
--- a/src/chrome/content/rules/Penango.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets
-
-		- s3.amazonaws.com/penango-website/
-
-
-	Nonfunctional subdomains:
-
-		- m
-
--->
-<ruleset name="Penango (partial)">
-
-	<target host="penango.com" />
-	<target host="bugzilla.penango.com" />
-	<target host="www.penango.com" />
-
-
-	<securecookie host="^.+\.penango\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pendle.gov.uk.xml b/src/chrome/content/rules/Pendle.gov.uk.xml
index 519847af7e1a..ee21c255a077 100644
--- a/src/chrome/content/rules/Pendle.gov.uk.xml
+++ b/src/chrome/content/rules/Pendle.gov.uk.xml
@@ -21,7 +21,7 @@
 		- .www.pendle.gov.uk
 
 -->
-<ruleset name="Pendle.gov.uk" default_off="missing certificate chain">
+<ruleset name="Pendle.gov.uk" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Penfold_Golf.xml b/src/chrome/content/rules/Penfold_Golf.xml
index dda94aa70f45..a45fa1b77455 100644
--- a/src/chrome/content/rules/Penfold_Golf.xml
+++ b/src/chrome/content/rules/Penfold_Golf.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PengPod.com.xml b/src/chrome/content/rules/PengPod.com.xml
index e4d1441bb367..f0964c952ed4 100644
--- a/src/chrome/content/rules/PengPod.com.xml
+++ b/src/chrome/content/rules/PengPod.com.xml
@@ -8,7 +8,7 @@
 	<target host="www.pengpod.com" />
 
 
-	<securecookie host="^(?:.*\.)?pengpod\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/PenguinWebHosting.xml b/src/chrome/content/rules/PenguinWebHosting.xml
index 911d89d42b32..9923b619633e 100644
--- a/src/chrome/content/rules/PenguinWebHosting.xml
+++ b/src/chrome/content/rules/PenguinWebHosting.xml
@@ -5,20 +5,17 @@ Fetch error: http://pcicomplianthosting.com/ => https://pcicomplianthosting.com/
 Fetch error: http://penguinwebhosting.com/ => https://www.pcicomplianthosting.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pcicomplianthosting.com'")
 
 -->
-<ruleset name="PenguinWebHosting (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="PenguinWebHosting (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="pcicomplianthosting.com" />
-	<target host="*.pcicomplianthosting.com" />
+	<target host="www.pcicomplianthosting.com" />
 	<target host="ssl134.penguinhost.net" />
 	<target host="penguinwebhosting.com" />
-	<target host="*.penguinwebhosting.com" />
+	<target host="www.penguinwebhosting.com" />
+	<target host="secure.penguinwebhosting.com" />
 
 
-	<rule from="^http://(www\.)?pcicomplianthosting\.com/"
-		to="https://$1pcicomplianthosting.com/" />
 
-	<rule from="^http://ssl134\.penguinhost\.net/"
-		to="https://ssl134.penguinhost.net/" />
 
 	<!--	- Cert only mathes pcicomplianthosting.com
 		- Redirects like so
@@ -26,7 +23,6 @@ Fetch error: http://penguinwebhosting.com/ => https://www.pcicomplianthosting.co
 	<rule from="^http://(?:www\.)?penguinwebhosting\.com/"
 		to="https://www.pcicomplianthosting.com/" />
 
-	<rule from="^http://secure\.penguinwebhosting\.com/"
-		to="https://secure.penguinwebhosting.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml b/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml
index 5bed7481a135..09636c5035aa 100644
--- a/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml
+++ b/src/chrome/content/rules/Peninsula-College-of-Medicine-and-Dentistry.xml
@@ -17,7 +17,7 @@
 		<exclusion pattern="^http://pdsdef\." />
 
 
-	<securecookie host="^(?:.*\.)?pcmd\.ac\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	Encountered subdomains:
diff --git a/src/chrome/content/rules/Pennsylvania-State-University.xml b/src/chrome/content/rules/Pennsylvania-State-University.xml
index cd497b9144ca..67581d52f247 100644
--- a/src/chrome/content/rules/Pennsylvania-State-University.xml
+++ b/src/chrome/content/rules/Pennsylvania-State-University.xml
@@ -55,7 +55,29 @@
 -->
 <ruleset name="PSU.edu (partial)">
 
-	<target host="*.psu.edu" />
+	<target host="e-education.psu.edu" />
+	<target host="libraries.psu.edu" />
+	<target host="worldcampus.psu.edu" />
+	<target host="www.e-education.psu.edu" />
+	<target host="www.libraries.psu.edu" />
+	<target host="www.worldcampus.psu.edu" />
+	<target host="apps.libraries.psu.edu" />
+	<target host="secureapps.libraries.psu.edu" />
+	<target host="alumni.psu.edu" />
+	<target host="blogs.psu.edu" />
+	<target host="cms.psu.edu" />
+	<target host="www.cse.psu.edu" />
+	<target host="elion.psu.edu" />
+	<target host="citeseerx.ist.psu.edu" />
+	<target host="cat.libraries.psu.edu" />
+	<target host="ill.libraries.psu.edu" />
+	<target host="elionfacadv.oas.psu.edu" />
+	<target host="outreach.psu.edu" />
+	<target host="appnew.outreach.psu.edu" />
+	<target host="www.outreach.psu.edu" />
+	<target host="portal.psu.edu" />
+	<target host="webaccess.psu.edu" />
+	<target host="webmail.psu.edu" />
 		<exclusion pattern="^http://blogs\.psu\.edu/(?!mt4/)" />
 		<exclusion pattern="^http://www\.cse\.psu\.edu/~" />
 	<!--	At least some paths redirect to http.	-->
@@ -81,7 +103,6 @@
 	<rule from="^http://(?:secure)?apps\.libraries\.psu\.edu/"
 		to="https://secureapps.libraries.psu/" />
 
-	<rule from="^http://(alumni|blogs|cms|www\.cse|elion|citeseerx\.ist|(?:cat|ill)\.libraries|elionfacadv\.oas|(?:(?:appnew|www)\.)?outreach|portal|webaccess|webmail)\.psu\.edu/"
-		to="https://$1.psu.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pentest_Geek.com.xml b/src/chrome/content/rules/Pentest_Geek.com.xml
index fd19e60ea638..4da345a5d816 100644
--- a/src/chrome/content/rules/Pentest_Geek.com.xml
+++ b/src/chrome/content/rules/Pentest_Geek.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://pentestgeek.com/ => https://pentestgeek.com/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="Pentest Geek.com" default_off='failed ruleset test'>
+<ruleset name="Pentest Geek.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Penton_Media.xml b/src/chrome/content/rules/Penton_Media.xml
index f393886c44c6..1244e2f8a984 100644
--- a/src/chrome/content/rules/Penton_Media.xml
+++ b/src/chrome/content/rules/Penton_Media.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Penton Media rulesets:
 
-		- Windows_IT_Pro.xml
 
 
 	Nonfunctional domains:
@@ -18,7 +17,7 @@
 <ruleset name="Penton Media (partial)">
 
 	<target host="metrics.penton.com" />
-	<target host="*.pentontech.com" />
+	<target host="images.tech.pentontech.com" />
 		<exclusion pattern="^http://tech\.pentontech\.com/(?!eloquaimages/)" />
 	<target host="metrics.pisces-penton.com" />
 
diff --git a/src/chrome/content/rules/People.com-problematic.xml b/src/chrome/content/rules/People.com-problematic.xml
deleted file mode 100644
index 7a2da3a19584..000000000000
--- a/src/chrome/content/rules/People.com-problematic.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules that are on by default, see People.com.xml.
-
--->
-<ruleset name="People.com (mismatched)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="people.com" />
-	<target host="celebritybabies.people.com" />
-	<target host="www.people.com" />
-
-
-	<rule from="^http://(?:www\.)?people\.com/"
-		to="https://www.people.com/" />
-
-	<rule from="^http://celebritybabies\.people\.com/"
-		to="https://celebritybabies.people.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/People.com.xml b/src/chrome/content/rules/People.com.xml
index 03a5dab15b29..445234e205c0 100644
--- a/src/chrome/content/rules/People.com.xml
+++ b/src/chrome/content/rules/People.com.xml
@@ -1,54 +1,14 @@
 <!--
-	For problematic rules, see People.com-problematic.xml.
-
 	For other Time Inc coverage, see Time_Inc.xml.
 
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- celebritybabies ²
-		- www ³
-
-	¹ Dropped
-	² WordPress
-	³ Akamai
-
-
-	Partially covered subdomains:
-
-		- (www.)? *	(→ a248.e.akamai.net)
-
-	* Avoiding user-visible paths
-
-
-	Fully covered subdomains:
-
-		- backissues
-		- subscription
-
-
-	Mixed content:
-
-		- iframe on celebritybabes from www *
-
-		- css, on:
-
-			- www from img[\d-]+.timeinc.net *
-			- www from img-short.timeinc.net *
-
-		- Images on celebritybabies, www from img[\d-]+.timeinc.net *
-
-		- favicon on subscription, www from img2.timeinc.net *
-
-	* Secured by us
-
+	Redirects to HTTP:
+		- celebritybabies
 -->
 <ruleset name="People.com (partial)">
-
+	<target host="people.com" />
+	<target host="www.people.com" />
 	<target host="backissues.people.com" />
 	<target host="subscription.people.com" />
-	<rule from="^http:"
-		to="https:" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Peoples_Choice_Awards.xml b/src/chrome/content/rules/Peoples_Choice_Awards.xml
index 1b3b3fb210fc..a3751970a902 100644
--- a/src/chrome/content/rules/Peoples_Choice_Awards.xml
+++ b/src/chrome/content/rules/Peoples_Choice_Awards.xml
@@ -15,7 +15,8 @@
 <ruleset name="People's Choice Awards">
 
 	<target host="peopleschoice.com" />
-	<target host="*.peopleschoice.com" />
+	<target host="cdn.peopleschoice.com" />
+	<target host="www.peopleschoice.com" />
 		<exclusion pattern="^http://(?:cdn\.|www\.)?peopleschoice\.com/(?!pca/(?:css/|img/|login\.jsp|register\.jsp))" />
 
 
diff --git a/src/chrome/content/rules/PepperJam_Exchange.xml b/src/chrome/content/rules/PepperJam_Exchange.xml
index 5148dbf9a21b..dbe04d8f3e6c 100644
--- a/src/chrome/content/rules/PepperJam_Exchange.xml
+++ b/src/chrome/content/rules/PepperJam_Exchange.xml
@@ -15,16 +15,13 @@
 <ruleset name="PepperJam Exchange (partial)">
 
 	<target host="pepperjamnetwork.com" />
-	<target host="*.pepperjamnetwork.com" />
+	<target host="www.pepperjamnetwork.com" />
+	<target host="media.pepperjamnetwork.com" />
 
 
 	<securecookie host="^www\.pepperjamnetwork\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?pepperjamnetwork\.com/"
-		to="https://$1pepperjamnetwork.com/" />
-
-	<rule from="^http://media\.pepperjamnetwork\.com/"
-		to="https://s3.amazonaws.com/media.pepperjamnetwork.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pepperfish.xml b/src/chrome/content/rules/Pepperfish.xml
index bf29a16daaf2..6f0e321a5f36 100644
--- a/src/chrome/content/rules/Pepperfish.xml
+++ b/src/chrome/content/rules/Pepperfish.xml
@@ -14,11 +14,11 @@ Fetch error: http://secure.pepperfish.net/ => https://secure.pepperfish.net/: (2
 		- (www.)	(400; mismatched, CN: secure.pepperfish.net)
 
 -->
-<ruleset name="Pepperfish (partial)" default_off='failed ruleset test'>
+<ruleset name="Pepperfish (partial)" default_off="failed ruleset test">
 
 	<target host="secure.pepperfish.net" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perceptive-Pixel.xml b/src/chrome/content/rules/Perceptive-Pixel.xml
index a73e9435c5a6..cb99921b190d 100644
--- a/src/chrome/content/rules/Perceptive-Pixel.xml
+++ b/src/chrome/content/rules/Perceptive-Pixel.xml
@@ -3,7 +3,7 @@
 	<!--	Cert: *.worldsecuresystems.com	-->
 	<target host="perceptivepixel.com" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.perceptivepixel.com" />
+	<target host="www.perceptivepixel.com" />
 
 
 	<securecookie host="^.*\.perceptivepixel\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Percona.xml b/src/chrome/content/rules/Percona.xml
index ca783527226e..a991b949bd00 100644
--- a/src/chrome/content/rules/Percona.xml
+++ b/src/chrome/content/rules/Percona.xml
@@ -19,7 +19,7 @@ Fetch error: http://customers.percona.com/ => https://customers.percona.com/: To
 		- www.percona.com
 
 -->
-<ruleset name="Percona.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Percona.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Perfect-Privacy.com.xml b/src/chrome/content/rules/Perfect-Privacy.com.xml
deleted file mode 100644
index aa0f6e93638f..000000000000
--- a/src/chrome/content/rules/Perfect-Privacy.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Fully covered hosts in *perfect-privacy.com:
-
-		- (www.)?
-		- board
-
-
-	Insecure cookies are set for these hosts:
-
-		- board.perfect-privacy.com
-
--->
-<ruleset name="Perfect-Privacy.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="perfect-privacy.com" />
-	<target host="board.perfect-privacy.com" />
-	<target host="www.perfect-privacy.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^board\.perfect-privacy\.com$" name="^(pp_bblastactivity|pp_bblastvisit|pp_bbsessionhash)$" /-->
-
-	<securecookie host="^board\.perfect-privacy\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Audience.xml b/src/chrome/content/rules/Perfect_Audience.xml
index d2246cd288d2..03c9d17e7fa0 100644
--- a/src/chrome/content/rules/Perfect_Audience.xml
+++ b/src/chrome/content/rules/Perfect_Audience.xml
@@ -41,25 +41,12 @@
 	<!--	Complications:
 				-->
 	<target host="ads.perfectaudience.com" />
-	<target host="blog.perfectaudience.com" />
-
 
 	<securecookie host="^www\.perfectaudience\.com$" name=".+" />
 
-
 	<rule from="^http://ads\.perfectaudience\.com/"
 		to="https://ib.adnxs.com/" />
 
-	<!--	Protocol-relative links to blog
-		exist on perfectaudienc:
-						-->
-	<rule from="^https?://blog\.perfectaudience\.com/"
-		to="https://perfectaudienc.wpengine.com/" />
-
-		<test url="https://blog.perfectaudience.com/2015/01/29/publisher-spotlight-targeting-experienced-developer-audience-thinkster/" />
-
 	<rule from="^http:"
 		to="https:" />
-
-
 </ruleset>
diff --git a/src/chrome/content/rules/Perfect_Market.com-problematic.xml b/src/chrome/content/rules/Perfect_Market.com-problematic.xml
index 9bc8c288b92a..7a655f9c4e6f 100644
--- a/src/chrome/content/rules/Perfect_Market.com-problematic.xml
+++ b/src/chrome/content/rules/Perfect_Market.com-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?perfectmarket\.com/"
 		to="https://perfectmarket.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Market.com.xml b/src/chrome/content/rules/Perfect_Market.com.xml
index 4761752117bb..fd9f304fef60 100644
--- a/src/chrome/content/rules/Perfect_Market.com.xml
+++ b/src/chrome/content/rules/Perfect_Market.com.xml
@@ -21,4 +21,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Money.xml b/src/chrome/content/rules/Perfect_Money.xml
index aa32de06d9db..54aa1da94ce3 100644
--- a/src/chrome/content/rules/Perfect_Money.xml
+++ b/src/chrome/content/rules/Perfect_Money.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perfect_Sense_Digital.xml b/src/chrome/content/rules/Perfect_Sense_Digital.xml
index 48b1bda9c3b9..8fe7ebd2e71c 100644
--- a/src/chrome/content/rules/Perfect_Sense_Digital.xml
+++ b/src/chrome/content/rules/Perfect_Sense_Digital.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://cdn\.psddev\.com/"
 		to="https://d1xlwtusml8gh6.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Performable.com.xml b/src/chrome/content/rules/Performable.com.xml
index adee78c31c49..bd8dd0418c4f 100644
--- a/src/chrome/content/rules/Performable.com.xml
+++ b/src/chrome/content/rules/Performable.com.xml
@@ -13,11 +13,11 @@ Fetch error: http://analytics.performable.com/ => https://analytics.performable.
 	Web bugs.
 
 -->
-<ruleset name="Performable.com" default_off='failed ruleset test'>
+<ruleset name="Performable.com" default_off="failed ruleset test">
 
 	<target host="analytics.performable.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Performance-Horizon-Group.xml b/src/chrome/content/rules/Performance-Horizon-Group.xml
index de28a84865a4..494ef2335ed7 100644
--- a/src/chrome/content/rules/Performance-Horizon-Group.xml
+++ b/src/chrome/content/rules/Performance-Horizon-Group.xml
@@ -4,18 +4,17 @@
 	<target host="www.performancehorizon.com" />
 	<target host="prf.hn" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.prf.hn" />
+	<target host="www.prf.hn" />
 
 
 	<securecookie host="^\.prf\.hn$" name=".+" />
 
 
-	<rule from="^http://(www\.)?performancehorizon\.com/"
-		to="https://$1performancehorizon.com/" />
 
 	<!--	Cert doesn't match www.
 		Included on 3rd-party websites.	-->
 	<rule from="^http://(?:www\.)?prf\.hn/"
 		to="https://prf.hn/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Performance-PCs.com.xml b/src/chrome/content/rules/Performance-PCs.com.xml
new file mode 100644
index 000000000000..6f6f2fb0b579
--- /dev/null
+++ b/src/chrome/content/rules/Performance-PCs.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- mail (CN: www.performance-pcs.com)
+		- postal (CN: mandrillapp.com)
+		- smtp (CN: www.performance-pcs.com)
+
+	SHA-1 certificate:
+		- remote
+-->
+
+<ruleset name="Performance-PCs.com">
+	<target host="performance-pcs.com" />
+	<target host="www.performance-pcs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml b/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml
index 41f6aabd8d63..e1a050973976 100644
--- a/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml
+++ b/src/chrome/content/rules/Performance_Wheel_and_Tire_Warehouse.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://performancewheel.com/ => https://performancewheel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'performancewheel.com'")
 Fetch error: http://www.performancewheel.com/ => https://www.performancewheel.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.performancewheel.com'")
 -->
-<ruleset name="Performance Wheel &amp; Tire Warehouse" default_off='failed ruleset test'>
+<ruleset name="Performance Wheel &amp; Tire Warehouse" default_off="failed ruleset test">
 
 	<target host="performancewheel.com" />
 	<target host="www.performancewheel.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.performancewheel.com/ => https://www.performancewheel.co
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Perl.org.xml b/src/chrome/content/rules/Perl.org.xml
index ce4316fa5eb3..3dc42b2b7b39 100644
--- a/src/chrome/content/rules/Perl.org.xml
+++ b/src/chrome/content/rules/Perl.org.xml
@@ -6,36 +6,15 @@
 			- st.pimg.net
 
 
-	Problematic domains:
-
-		- ^ ¹
-		- perldoc		(works; mismatched, CN: *.a.ssl.fastly.net)
-		- svn.perl.org		(works, self-signed)
-
-	¹ Refused
-
-
 	Nonfunctional perl.org subdomains:
 
-		- blob *
 		- blogs *
-		- books *
-		- cpan *
-		- cpanratings *
 		- cpansearch	(times out)
-		- dbi *
-		- dev *
-		- perl5.git *
 		- history *
 		- irc		(http reply)
-		- www.irc *
-		- jobs *
-		- learn *
-		- lists *
-		- log		(blogspot)
-		- noc *
 		- pdl *
 		- use *
+		- svn		(times out)
 
 	* Refused
 
@@ -43,22 +22,29 @@
 	Mixed image from www on rt
 
 -->
-<ruleset name="Perl.org (partial)">
+<ruleset name="Perl.org">
 
 	<target host="perl.org" />
-	<target host="*.perl.org" />
-
+	<target host="www.perl.org" />
+	<target host="blob.perl.org" />
+	<target host="books.perl.org" />
+	<target host="cpan.perl.org" />
+	<target host="cpanratings.perl.org" />
+	<target host="dbi.perl.org" />
+	<target host="dev.perl.org" />
+	<target host="perl5.git.perl.org" />
+	<target host="www.irc.perl.org" />
+	<target host="jobs.perl.org" />
+	<target host="learn.perl.org" />
+	<target host="lists.perl.org" />
+	<target host="log.perl.org" />
+	<target host="noc.perl.org" />
+	<target host="pause.perl.org" />
+	<target host="perldoc.perl.org" />
+	<target host="rt.perl.org" />
 
 	<securecookie host="^rt\.perl\.org$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?perl\.org/"
-		to="https://www.perl.org/" />
-
-	<rule from="^http://log\.perl\.org/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
-
-	<rule from="^http://(pause|rt)\.perl\.org/"
-		to="https://$1.perl.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Personal_Data_Ecosystem_Consortium.xml b/src/chrome/content/rules/Personal_Data_Ecosystem_Consortium.xml
deleted file mode 100644
index a6ec77010bc7..000000000000
--- a/src/chrome/content/rules/Personal_Data_Ecosystem_Consortium.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	CN: *.bluehost.com
-
--->
-<ruleset name="Personal Data Ecosystem Consortium (partial)">
-
-	<target host="pde.cc" />
-	<target host="www.pde.cc" />
-	<target host="personaldataecosystem.org" />
-	<target host="www.personaldataecosystem.org" />
-
-
-	<rule from="^http://(?:www\.)?p(?:de\.cc|ersonaldataecosystem\.org)/(\?custom-css=|favicon\.ico|wp-content/)"
-		to="https://secure.bluehost.com/~pdecc/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Personal_Democracy_Forum.xml b/src/chrome/content/rules/Personal_Democracy_Forum.xml
index fed94001450f..e1a9d58d652a 100644
--- a/src/chrome/content/rules/Personal_Democracy_Forum.xml
+++ b/src/chrome/content/rules/Personal_Democracy_Forum.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Personalausweisportal.de.xml b/src/chrome/content/rules/Personalausweisportal.de.xml
index e346ea0ef76c..622ef2da77b8 100644
--- a/src/chrome/content/rules/Personalausweisportal.de.xml
+++ b/src/chrome/content/rules/Personalausweisportal.de.xml
@@ -1,7 +1,7 @@
 <ruleset name="Personalausweisportal.de">
   <target host="personalausweisportal.de" />
   <target host="www.personalausweisportal.de" />
-  
+
   <securecookie host="^(www\.)?personalausweisportal\.de$" name=".+" />
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/PersonalityPage.com.xml b/src/chrome/content/rules/PersonalityPage.com.xml
index 2b905b1fcd4e..e8b32ba6fdfb 100644
--- a/src/chrome/content/rules/PersonalityPage.com.xml
+++ b/src/chrome/content/rules/PersonalityPage.com.xml
@@ -1,4 +1,4 @@
-<ruleset name="Personality Page" default_off="missing certificate chain">
+<ruleset name="Personality Page" default_off="cert-chain">
 
 	<target host="personalitypage.com" />
 	<target host="www.personalitypage.com" />
diff --git a/src/chrome/content/rules/Personforce.xml b/src/chrome/content/rules/Personforce.xml
index f4d783da4a57..dc10e46a62b6 100644
--- a/src/chrome/content/rules/Personforce.xml
+++ b/src/chrome/content/rules/Personforce.xml
@@ -1,7 +1,8 @@
 <ruleset name="Personforce (partial)" platform="mixedcontent">
 
 	<target host="personforce.com" />
-	<target host="*.personforce.com" />
+	<target host="www.personforce.com" />
+	<target host="secure.personforce.com" />
 
 
 	<rule from="^http://(?:www\.)?personforce\.com/images/pencil_(add|go)\.png$"
diff --git a/src/chrome/content/rules/PerspectiveAPI.com.xml b/src/chrome/content/rules/PerspectiveAPI.com.xml
new file mode 100644
index 000000000000..0c9d4cc964d4
--- /dev/null
+++ b/src/chrome/content/rules/PerspectiveAPI.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Broken chain cert:
+		support.perspectiveapi.com
+
+-->
+<ruleset name="PerspectiveAPI.com">
+
+	<target host="perspectiveapi.com" />
+	<target host="www.perspectiveapi.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PetTravel.com.xml b/src/chrome/content/rules/PetTravel.com.xml
new file mode 100644
index 000000000000..92a170e3a630
--- /dev/null
+++ b/src/chrome/content/rules/PetTravel.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="PetTravel.com">
+	<target host="pettravel.com" />
+	<target host="www.pettravel.com" />
+
+	<rule from="^http://pettravel\.com/" to="https://www.pettravel.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pet_Nanny.xml b/src/chrome/content/rules/Pet_Nanny.xml
index be2e54527cf6..d3df98c6e0b6 100644
--- a/src/chrome/content/rules/Pet_Nanny.xml
+++ b/src/chrome/content/rules/Pet_Nanny.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Petapixel.com.xml b/src/chrome/content/rules/Petapixel.com.xml
new file mode 100644
index 000000000000..d18972b436b4
--- /dev/null
+++ b/src/chrome/content/rules/Petapixel.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Petapixel.com">
+	<target host="petapixel.com" />
+	<target host="www.petapixel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Peter_Aba.com.xml b/src/chrome/content/rules/Peter_Aba.com.xml
index 58658f949f26..d139e9016f29 100644
--- a/src/chrome/content/rules/Peter_Aba.com.xml
+++ b/src/chrome/content/rules/Peter_Aba.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://dimebag.peteraba.com/ => https://dimebag.peteraba.com/: (51,
 	www.peteraba.com: Mismatched
 
 -->
-<ruleset name="Peter Aba.com" default_off='failed ruleset test'>
+<ruleset name="Peter Aba.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Peterborough.gov.uk.xml b/src/chrome/content/rules/Peterborough.gov.uk.xml
index 78c04958bb64..7dbbc5d28c83 100644
--- a/src/chrome/content/rules/Peterborough.gov.uk.xml
+++ b/src/chrome/content/rules/Peterborough.gov.uk.xml
@@ -62,7 +62,7 @@ Fetch error: http://consult.peterborough.gov.uk/ => https://peterborough.objecti
 		- consult.peterborough.gov.uk
 
 -->
-<ruleset name="Peterborough.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Peterborough.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Petridish-mismatches.xml b/src/chrome/content/rules/Petridish-mismatches.xml
deleted file mode 100644
index 7fae6ee3e806..000000000000
--- a/src/chrome/content/rules/Petridish-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Petridish (mismatches)" default_off="mismatched">
-
-	<target host="petridish.org"/>
-	<target host="www.petridish.org"/>
-
-	<rule from="^http://(?:www\.)?petridish\.org/"
-		to="https://www.petridish.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Petridish.org.xml b/src/chrome/content/rules/Petridish.org.xml
new file mode 100644
index 000000000000..3e083bbdfa61
--- /dev/null
+++ b/src/chrome/content/rules/Petridish.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- blog.petridish.org
+
+		SSL peer certificate was not OK:
+		- www.petridish.org
+		- media.petridish.org
+-->
+<ruleset name="Petridish.org">
+	<target host="petridish.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Petridish.xml b/src/chrome/content/rules/Petridish.xml
deleted file mode 100644
index 5cf2f8750ab0..000000000000
--- a/src/chrome/content/rules/Petridish.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Petridish (partial)">
-
-	<target host="media.petridish.org"/>
-
-	<rule from="^http://media\.petridish\.org/"
-		to="https://s3.amazonaws.com/media.petridish.org/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Petstore.com.xml b/src/chrome/content/rules/Petstore.com.xml
index 7434866c22ed..7c5105ed5944 100644
--- a/src/chrome/content/rules/Petstore.com.xml
+++ b/src/chrome/content/rules/Petstore.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.petstore.com/ => https://www.petstore.com/: Too many red
 	^: expired 2013-12-02
 
 -->
-<ruleset name="Petstore.com" default_off='failed ruleset test'>
+<ruleset name="Petstore.com" default_off="failed ruleset test">
 
 	<target host="petstore.com" />
 	<target host="www.petstore.com" />
diff --git a/src/chrome/content/rules/Petteri-Raty.xml b/src/chrome/content/rules/Petteri-Raty.xml
index 686962a5b6c1..fc743fceec88 100644
--- a/src/chrome/content/rules/Petteri-Raty.xml
+++ b/src/chrome/content/rules/Petteri-Raty.xml
@@ -5,7 +5,8 @@
 <ruleset name="Petteri Räty (partial)">
 
 	<target host="petteriraty.eu" />
-	<target host="*.petteriraty.eu" />
+	<target host="mail.petteriraty.eu" />
+	<target host="www.petteriraty.eu" />
 
 
 	<!--	Cert doesn't match www.	-->
diff --git a/src/chrome/content/rules/PewDiePie.net.xml b/src/chrome/content/rules/PewDiePie.net.xml
deleted file mode 100644
index 013cdfd7f81f..000000000000
--- a/src/chrome/content/rules/PewDiePie.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PewDiePie.net">
-
-	<target host="pewdiepie.net" />
-	<target host="www.pewdiepie.net" />
-
-
-	<securecookie host="^(?:w*\.)?pewdiepie\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PfSense.org.xml b/src/chrome/content/rules/PfSense.org.xml
index f532f54337b5..784fefb8e98e 100644
--- a/src/chrome/content/rules/PfSense.org.xml
+++ b/src/chrome/content/rules/PfSense.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://devwiki.pfsense.org/ => https://devwiki.pfsense.org/: (60, '
 
 	Nonfunctional subdomains:
 
-		- various downloads URLs not listed below 
+		- various downloads URLs not listed below
 
 
 	Fully covered subdomains:
@@ -37,7 +37,7 @@ Fetch error: http://devwiki.pfsense.org/ => https://devwiki.pfsense.org/: (60, '
 	* Secured by us
 
 -->
-<ruleset name="pfSense.org (partial)" default_off='failed ruleset test'>
+<ruleset name="pfSense.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pfefferkoerner.de.xml b/src/chrome/content/rules/Pfefferkoerner.de.xml
index 703c75cf7ee9..5c0ce27f3366 100644
--- a/src/chrome/content/rules/Pfefferkoerner.de.xml
+++ b/src/chrome/content/rules/Pfefferkoerner.de.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.pfefferkoerner.de/ => https://www.pfefferkoerner.de/: (5
 
 	redirects to https://www.ndr.de/fernsehen/sendungen/pfefferkoerner/
 -->
-<ruleset name="pfefferkoerner.de" default_off='failed ruleset test'>
+<ruleset name="pfefferkoerner.de" default_off="failed ruleset test">
     <target host="pfefferkoerner.de" />
     <target host="www.pfefferkoerner.de" />
 
diff --git a/src/chrome/content/rules/Pfizer.xml b/src/chrome/content/rules/Pfizer.xml
index 556dcd9f492b..6e6176ad4579 100644
--- a/src/chrome/content/rules/Pfizer.xml
+++ b/src/chrome/content/rules/Pfizer.xml
@@ -3,7 +3,6 @@
 
 		- Pfizer_helpful_answers.com.xml
 		- Pfizer_pro.com.xml
-		- ZYVOXassist.com.xml
 
 
 	Problematic hosts in *pfizer.com:
diff --git a/src/chrome/content/rules/Pfizer_pro.com.xml b/src/chrome/content/rules/Pfizer_pro.com.xml
index fe528dee42e6..7d4b95307307 100644
--- a/src/chrome/content/rules/Pfizer_pro.com.xml
+++ b/src/chrome/content/rules/Pfizer_pro.com.xml
@@ -41,7 +41,7 @@
 					-->
 	<!--securecookie host="^(?:legacy|www)\.pfizerpro\.com$" name="^SimpleSAMLSessionID$" /-->
 
-	<securecookie host="^(?:.*\.)?pfizerpro\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://pfizerpro\.com/"
diff --git a/src/chrome/content/rules/Pgpool.net.xml b/src/chrome/content/rules/Pgpool.net.xml
new file mode 100644
index 000000000000..51895f4c0ef4
--- /dev/null
+++ b/src/chrome/content/rules/Pgpool.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pgpool.net">
+	<target host="pgpool.net" />
+	<target host="www.pgpool.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhantaFriends.de.xml b/src/chrome/content/rules/PhantaFriends.de.xml
new file mode 100644
index 000000000000..96344ec02dcb
--- /dev/null
+++ b/src/chrome/content/rules/PhantaFriends.de.xml
@@ -0,0 +1,29 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		dokument.phantafriends.de
+		host.phantafriends.de
+		www.host.phantafriends.de
+		ipb4.phantafriends.de
+		www.ipb4.phantafriends.de
+		login.phantafriends.de
+		office.phantafriends.de
+		password.phantafriends.de
+		podcast.phantafriends.de
+		projekt.phantafriends.de
+		teamspeak.phantafriends.de
+		tracking.phantafriends.de
+-->
+<ruleset name="PhantaFriends.de">
+
+	<target host="phantafriends.de" />
+	<target host="www.phantafriends.de" />
+	<target host="cloud.phantafriends.de" />
+	<target host="news.phantafriends.de" />
+	<target host="test.phantafriends.de" />
+	<target host="webmail.phantafriends.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pheedcontent.com.xml b/src/chrome/content/rules/Pheedcontent.com.xml
index 38a1749bd8a3..9b15fad6f5bf 100644
--- a/src/chrome/content/rules/Pheedcontent.com.xml
+++ b/src/chrome/content/rules/Pheedcontent.com.xml
@@ -25,4 +25,4 @@
 	<rule from="^http://www\.pheedcontent\.com/"
 		to="https://www.pheedo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pheedo.com.xml b/src/chrome/content/rules/Pheedo.com.xml
index 80b91b62054a..71414666d6c6 100644
--- a/src/chrome/content/rules/Pheedo.com.xml
+++ b/src/chrome/content/rules/Pheedo.com.xml
@@ -38,7 +38,11 @@
 <ruleset name="Pheedo.com (partial)">
 
 	<target host="pheedo.com" />
-	<target host="*.pheedo.com" />
+	<target host="www.pheedo.com" />
+	<target host="ads.pheedo.com" />
+	<target host="images.pheedo.com" />
+	<target host="feeds.pheedo.com" />
+	<target host="cforigin.feeds.pheedo.com" />
 
 
 	<!--	name="^phdo$"
@@ -46,8 +50,6 @@
 	<securecookie host="^\.pheedo\.com$" name="^phdo$" />
 
 
-	<rule from="^http://(www\.)?pheedo\.com/"
-		to="https://$1pheedo.com/" />
 
 	<rule from="^http://(?:ad|image)s\.pheedo\.com/"
 		to="https://www.pheedo.com/" />
@@ -55,4 +57,5 @@
 	<rule from="^http://(?:cforigin\.)?feeds\.pheedo\.com/"
 		to="https://d2m3yj20rqnr65.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Philadelphia_Bar_Association.xml b/src/chrome/content/rules/Philadelphia_Bar_Association.xml
index bde0cbf4acae..b5e8295b4fc0 100644
--- a/src/chrome/content/rules/Philadelphia_Bar_Association.xml
+++ b/src/chrome/content/rules/Philadelphia_Bar_Association.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Philanthropedia.xml b/src/chrome/content/rules/Philanthropedia.xml
index 3266bda12ed4..ba375c41267f 100644
--- a/src/chrome/content/rules/Philanthropedia.xml
+++ b/src/chrome/content/rules/Philanthropedia.xml
@@ -14,7 +14,7 @@ Fetch error: http://myphilanthropedia.org/ => https://myphilanthropedia.org/: (5
 	* Secured by us
 
 -->
-<ruleset name="my Philanthropedia.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="my Philanthropedia.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Phillips_Academy_Andover.xml b/src/chrome/content/rules/Phillips_Academy_Andover.xml
index 781cddc5f309..bd6944241faf 100644
--- a/src/chrome/content/rules/Phillips_Academy_Andover.xml
+++ b/src/chrome/content/rules/Phillips_Academy_Andover.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://colwizlive.andover.edu/ => https://colwizlive.andover.edu/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Phillips Academy" default_off='failed ruleset test'>
+<ruleset name="Phillips Academy" default_off="failed ruleset test">
 
 	<target host="www.andover.edu" />
 	<target host="panet.andover.edu" />
@@ -13,30 +13,30 @@ Fetch error: http://colwizlive.andover.edu/ => https://colwizlive.andover.edu/:
 	<target host="sso.andover.edu" />
 	<target host="studentreports.andover.edu" />
 	<target host="mypassword.andover.edu" />
-	
-	
+
+
 	<!-- andover.edu does not respond, but should be redirected to https://www.andover.edu to prevent MitM. -->
 	<target host="andover.edu" />
-	
+
 	<!-- mail.andover.edu returns an error, but should be included to protect mail.andover.edu/owa -->
 	<!-- commented out until 'no-test' attribute is available
 	<target host="mail.andover.edu" />
 		-->
-	
+
 	<test url="http://andover.edu/" />
-	 
+
 	<securecookie host=".+" name=".+" />
-	
+
 	<!-- redirects andover.edu to https://www.andover.edu -->
 	<rule from="^http://andover\.edu/"
 		to="https://www.andover.edu/" />
-	
-	
+
+
 	<!-- redirects http://mail.andover.edu/ (with or without "/") to https://mail.andover.edu/owa -->
 	<!-- commented out until 'no-test' attribute is available
 	<rule from="^http://mail\.andover\.edu/*$"
 		to="https://mail.andover.edu/owa" />
-		
+
 	<test url="http://mail.andover.edu" />
 	<test url="http://mail.andover.edu/" />
 		-->
diff --git a/src/chrome/content/rules/Philosophy-Documentation-Center.xml b/src/chrome/content/rules/Philosophy-Documentation-Center.xml
index 05ff883ea761..dec0104e7ccc 100644
--- a/src/chrome/content/rules/Philosophy-Documentation-Center.xml
+++ b/src/chrome/content/rules/Philosophy-Documentation-Center.xml
@@ -21,7 +21,7 @@ Fetch error: http://secure.pdcnet.org/ => https://secure.pdcnet.org/: (60, 'SSL
 		- www.secure.pdcnet.org
 
 -->
-<ruleset name="PDCnet.org (partial)" default_off='failed ruleset test'>
+<ruleset name="PDCnet.org (partial)" default_off="failed ruleset test">
 
 	<target host="pdcnet.org" />
 	<!--target host="cas.pdcnet.org" /-->
diff --git a/src/chrome/content/rules/Philosophy.lgbt.xml b/src/chrome/content/rules/Philosophy.lgbt.xml
deleted file mode 100644
index 18fc5f4f8ccd..000000000000
--- a/src/chrome/content/rules/Philosophy.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Philosophy.lgbt">
-	<target host="philosophy.lgbt" />
-	<target host="www.philosophy.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/PhishTank.xml b/src/chrome/content/rules/PhishTank.xml
index 52e1a6dc7d2a..d52488665c24 100644
--- a/src/chrome/content/rules/PhishTank.xml
+++ b/src/chrome/content/rules/PhishTank.xml
@@ -3,7 +3,7 @@
 <target host="phishtank.com" />
 <target host="www.phishtank.com" />
 <target host="data.phishtank.com" />
-   
+
 <rule from="^http://(?:www\.)?phishtank\.com/" to="https://www.phishtank.com/"/>
 <rule from="^http://(?:www\.)?data\.phishtank\.com/" to="https://data.phishtank.com/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Phoenix.com.xml b/src/chrome/content/rules/Phoenix.com.xml
deleted file mode 100644
index 267ba4b34dc1..000000000000
--- a/src/chrome/content/rules/Phoenix.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	^: cert only matches *.phoenix.com
-
--->
-<ruleset name="Phoenix.com">
-
-	<target host="phoenix.com" />
-	<target host="www.phoenix.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Phoenix.edu.xml b/src/chrome/content/rules/Phoenix.edu.xml
index cedb1960bade..295ba4e94b2f 100644
--- a/src/chrome/content/rules/Phoenix.edu.xml
+++ b/src/chrome/content/rules/Phoenix.edu.xml
@@ -27,7 +27,14 @@ Fetch error: http://phoenix.edu/ => https://phoenix.edu/: (60, 'SSL certificate
 
 	<target host="cdn.assets-phoenix.net" />
 	<target host="phoenix.edu" />
-	<target host="*.phoenix.edu" />
+	<target host="alumni.phoenix.edu" />
+	<target host="assets.phoenix.edu" />
+	<target host="content.phoenix.edu" />
+	<target host="ecampus.phoenix.edu" />
+	<target host="portal.phoenix.edu" />
+	<target host="sso.phoenix.edu" />
+	<target host="www.phoenix.edu" />
+	<target host="metrics.phoenix.edu" />
 	<target host="assetscdn.students.uophx.edu" />
 
 
@@ -40,16 +47,11 @@ Fetch error: http://phoenix.edu/ => https://phoenix.edu/: (60, 'SSL certificate
 	<securecookie host="^(?:assets|ecampus)\.phoenix\.edu$" name=".+" />
 
 
-	<rule from="^http://cdn\.assets-phoenix\.net/"
-		to="https://cdn.assets-phoenix.net/" />
 
-	<rule from="^http://((?:alumni|assets|content|ecampus|portal|sso|www)\.)?phoenix\.edu/"
-		to="https://$1phoenix.edu/" />
 
 	<rule from="^http://metrics\.phoenix\.edu/"
 		to="https://phoenix-edu.d1.sc.omtrdc.net/" />
 
-	<rule from="^http://assetscdn\.students\.uophx\.edu/"
-		to="https://assetscdn.students.uophx.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Phone-analytics.com.xml b/src/chrome/content/rules/Phone-analytics.com.xml
index 877f6f174f04..3cf28ee5a319 100644
--- a/src/chrome/content/rules/Phone-analytics.com.xml
+++ b/src/chrome/content/rules/Phone-analytics.com.xml
@@ -10,16 +10,17 @@ Fetch error: http://phone-analytics.com/ => https://ssl.phone-analytics.com/: (2
 		- (www.)	(cert only matches ssl)
 
 -->
-<ruleset name="phone-analytics.com" default_off='failed ruleset test'>
+<ruleset name="phone-analytics.com" default_off="failed ruleset test">
 
 	<target host="phone-analytics.com" />
-	<target host="*.phone-analytics.com" />
+	<target host="ssl.phone-analytics.com" />
+	<target host="www.phone-analytics.com" />
+	<target host="cdn.phone-analytics.com" />
 
 
 	<rule from="^http://(?:ssl\.|www\.)?phone-analytics\.com/"
 		to="https://ssl.phone-analytics.com/" />
 
-	<rule from="^http://cdn\.phone-analytics\.com/"
-		to="https://cdn.phone-analytics.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Phone_House.com.xml b/src/chrome/content/rules/Phone_House.com.xml
deleted file mode 100644
index 2d2f22854844..000000000000
--- a/src/chrome/content/rules/Phone_House.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Carphone Warehouse coverage, see Carphone_Warehouse.com.xml.
-
--->
-<ruleset name="Phone House.com">
-
-	<target host="media.phonehouse.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PhotoBTC.com.xml b/src/chrome/content/rules/PhotoBTC.com.xml
deleted file mode 100644
index 9ef7cc595ce5..000000000000
--- a/src/chrome/content/rules/PhotoBTC.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- photobtc.com
-		- .photobtc.com
-		- www.photobtc.com
-
--->
-<ruleset name="PhotoBTC.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="photobtc.com" />
-	<target host="www.photobtc.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?photobtc\.com$" name="^l$" /-->
-	<!--securecookie host="^\.photobtc\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?photobtc\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PhotoBlab.xml b/src/chrome/content/rules/PhotoBlab.xml
index ad5d5bb70355..aa1158a9668d 100644
--- a/src/chrome/content/rules/PhotoBlab.xml
+++ b/src/chrome/content/rules/PhotoBlab.xml
@@ -17,7 +17,7 @@ Fetch error: http://photoblab.com/ => https://photoblab.herokuapp.com/: (6, 'Cou
 		- (www.)photoblab.com	(mismatched, CN: *.herokuapp.com)
 
 -->
-<ruleset name="PhotoBlab" default_off='failed ruleset test'>
+<ruleset name="PhotoBlab" default_off="failed ruleset test">
 
 	<target host="photoblab.com" />
 	<target host="www.photoblab.com" />
diff --git a/src/chrome/content/rules/PhotoPea.com.xml b/src/chrome/content/rules/PhotoPea.com.xml
new file mode 100644
index 000000000000..3a9fbc82ef15
--- /dev/null
+++ b/src/chrome/content/rules/PhotoPea.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- ftp.photopea.com
+		- imap.photopea.com
+		- mail.photopea.com
+		- png.photopea.com
+		- smtp.photopea.com
+		- upng.photopea.com
+-->
+<ruleset name="PhotoPea.com">
+	<target host="photopea.com" />
+	<target host="www.photopea.com" />
+	<target host="blog.photopea.com" />
+	<target host="webmail.photopea.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhotoShelter.xml b/src/chrome/content/rules/PhotoShelter.xml
index 06c521adaa12..d9e662b95e5b 100644
--- a/src/chrome/content/rules/PhotoShelter.xml
+++ b/src/chrome/content/rules/PhotoShelter.xml
@@ -1,43 +1,33 @@
 <!--
-	Nonfunctional subdomains:
-
-		- blog
-
-
-	Problematic subdomains:
-
-		- cdn.c		(works, CN: gp1.wac.edgecastcdn.net)
-		- css.c		(CN: gp1.wac.edgecastcdn.net; 404)
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
+	Active mixed content:
+		- nipponnews.photoshelter.com
 
+	Invalid certificate:
+		- cdn.c, equivalent to c
+		- css.c, equivalent to c
 
 	Fully covered subdomains:
-
+		- blog
 		- c
-		- cdn.c	(→ c.photoshelter.com)
-		- css.c
-		- \w+	(unique subdomain per client)
-
+		- www
+		- [\w-]+ (unique subdomain per client)
 -->
-<ruleset name="PhotoShelter (partial)">
 
+<ruleset name="PhotoShelter (partial)">
 	<target host="photoshelter.com" />
 	<target host="*.photoshelter.com" />
-		<exclusion pattern="^http://blog\." />
-		<exclusion pattern="^http://(?:www\.)?photoshelter\.com/(?:about/|mkt/research/)?index(?:$|\?)" />
-
+		<exclusion pattern="^http://nipponnews\.photoshelter.com/" />
+			<test url="http://nipponnews.photoshelter.com/image/" />
 
-	<!--rule from="^http://www\.photoshelter\.com/(about|benefit|css|help|img|signup|support|tour|website-examples)($|\?|/)"
-		to="https://www.photoshelter.com/$1$2" /-->
-
-	<rule from="^http://c(?:dn|ss)\.c\.photoshelter\.com/"
+	<rule from="^http://(cdn|css)\.c\.photoshelter\.com/"
 		to="https://c.photoshelter.com/" />
+		<test url="http://cdn.c.photoshelter.com/" />
+		<test url="http://css.c.photoshelter.com/" />
 
-	<rule from="^http://(\w+\.)?photoshelter\.com/"
+	<rule from="^http://([\w-]+\.)?photoshelter\.com/"
 		to="https://$1photoshelter.com/" />
-
+		<test url="http://www.photoshelter.com/" />
+		<test url="http://agriphoto.photoshelter.com/" />
+		<test url="http://blog.photoshelter.com/" />
+		<test url="http://dafjones.photoshelter.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/PhotoSugar.com.xml b/src/chrome/content/rules/PhotoSugar.com.xml
deleted file mode 100644
index 7e4163ba1471..000000000000
--- a/src/chrome/content/rules/PhotoSugar.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://photosugar.com/ => https://photosugar.com/: (60, 'SSL certificate problem: certificate has expired')
-	CDN buckets:
-
-		- d1bcrgpvrd4eqj.cloudfront.net
-
-			- assets
-			- assets[0-3]
-
--->
-<ruleset name="PhotoSugar.com">
-
-	<target host="photosugar.com" />
-	<target host="*.photosugar.com" />
-
-
-	<securecookie host="^(?:www)?\.photosugar\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?photosugar\.com/"
-		to="https://$1photosugar.com/" />
-
-	<rule from="^http://assets\d?\.photosugar\.com/"
-		to="https://d1bcrgpvrd4eqj.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Photobucket.xml b/src/chrome/content/rules/Photobucket.xml
index 7b78dfcd3c5e..1a3412963d24 100644
--- a/src/chrome/content/rules/Photobucket.xml
+++ b/src/chrome/content/rules/Photobucket.xml
@@ -19,7 +19,7 @@
 
 		- wac.3B49.edgecastcdn.net
 
-			- static.pbsrc.com	
+			- static.pbsrc.com
 
 		- cdn.photobucket.com.c.footprint.net
 
diff --git a/src/chrome/content/rules/Photographer.io.xml b/src/chrome/content/rules/Photographer.io.xml
index a62dfcfb41d2..e304a4a4ad71 100644
--- a/src/chrome/content/rules/Photographer.io.xml
+++ b/src/chrome/content/rules/Photographer.io.xml
@@ -11,7 +11,7 @@ Fetch error: http://photographer.io/ => https://photographer.io/: (7, 'Failed to
 		- blog	(503, valid cert)
 
 -->
-<ruleset name="Photographer.io (partial)" default_off='failed ruleset test'>
+<ruleset name="Photographer.io (partial)" default_off="failed ruleset test">
 
 	<target host="photographer.io" />
 	<target host="www.photographer.io" />
@@ -22,4 +22,4 @@ Fetch error: http://photographer.io/ => https://photographer.io/: (7, 'Failed to
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Photographylife.com.xml b/src/chrome/content/rules/Photographylife.com.xml
new file mode 100644
index 000000000000..e85e8f7b7cad
--- /dev/null
+++ b/src/chrome/content/rules/Photographylife.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Photographylife.com">
+	<target host="photographylife.com" />
+	<target host="www.photographylife.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhotonConsulting.xml b/src/chrome/content/rules/PhotonConsulting.xml
deleted file mode 100644
index 1ae2f270d5e5..000000000000
--- a/src/chrome/content/rules/PhotonConsulting.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Photonconsulting.com">
-  <target host="photonconsulting.com" />
-  <target host="www.photonconsulting.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Photoprintit.com.xml b/src/chrome/content/rules/Photoprintit.com.xml
index 8edd8b72e369..5d4b5a522256 100644
--- a/src/chrome/content/rules/Photoprintit.com.xml
+++ b/src/chrome/content/rules/Photoprintit.com.xml
@@ -1,15 +1,13 @@
 <ruleset name="photoprintit.com">
 
-	<target host="*.photoprintit.com" />
+	<target host="as.photoprintit.com" />
+	<target host="cs.photoprintit.com" />
 
 
 	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.photoprintit\.com$" name="^s_\w+$" />
-	<securecookie host="^as\.photoprintit\.com$" name=".+" />
+					-->	<securecookie host="^as\.photoprintit\.com$" name=".+" />
 
 
-	<rule from="^http://(a|c)s\.photoprintit\.com/"
-		to="https://$1s.photoprintit.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Photosynth.xml b/src/chrome/content/rules/Photosynth.xml
index 94160088fee1..da47218da5ee 100644
--- a/src/chrome/content/rules/Photosynth.xml
+++ b/src/chrome/content/rules/Photosynth.xml
@@ -7,7 +7,7 @@ Fetch error: http://cdn.photosynth.net/ => https://cdn.photosynth.net/: (6, 'Cou
 
 	For other Microsoft coverage, see Microsoft.xml.
 -->
-<ruleset name="Photosynth.net" default_off='failed ruleset test'>
+<ruleset name="Photosynth.net" default_off="failed ruleset test">
 
 	<target host="photosynth.net" />
 	<target host="www.photosynth.net" />
diff --git a/src/chrome/content/rules/PhpBB.xml b/src/chrome/content/rules/PhpBB.xml
index ba94654d7544..a1f35c90d98e 100644
--- a/src/chrome/content/rules/PhpBB.xml
+++ b/src/chrome/content/rules/PhpBB.xml
@@ -38,14 +38,20 @@
 <ruleset name="phpBB (partial)">
 
 	<target host="phpbb.com" />
-	<target host="*.phpbb.com" />
+	<target host="area51.phpbb.com" />
+	<target host="bamboo.phpbb.com" />
+	<target host="blog.phpbb.com" />
+	<target host="camo.phpbb.com" />
+	<target host="download.phpbb.com" />
+	<target host="tracker.phpbb.com" />
+	<target host="wiki.phpbb.com" />
+	<target host="www.phpbb.com" />
 		<exclusion pattern="^http://tracker\.phpbb\.com/plugins/servlet/gadgets/dashboard-diagnostics" />
 
 
 	<securecookie host="^(?:bamboo|wiki)?\.phpbb\.com$" name=".+" />
 
 
-	<rule from="^http://((?:area51|bamboo|blog|camo|download|tracker|wiki|www)\.)?phpbb\.com/"
-		to="https://$1phpbb.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Phparchitect.xml b/src/chrome/content/rules/Phparchitect.xml
index 354beb75c909..9f447711f0ed 100644
--- a/src/chrome/content/rules/Phparchitect.xml
+++ b/src/chrome/content/rules/Phparchitect.xml
@@ -5,7 +5,11 @@
 <ruleset name="php[architect] (partial)">
 
 	<target host="phparch.com" />
-	<target host="*.phparch.com" />
+	<target host="codeworks.phparch.com" />
+	<target host="summits.phparch.com" />
+	<target host="tek13.phparch.com" />
+	<target host="www.phparch.com" />
+	<target host="tek.phparch.com" />
 		<exclusion pattern="^http://(?:codeworks\.|www\.)?phparch\.com/(?!favicon\.ico|wp-content/)" />
 
 
@@ -18,4 +22,4 @@
 	<rule from="^http://tek\.phparch\.com/wp-content/"
 		to="https://tek13.phparch.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Phpclasses.org.xml b/src/chrome/content/rules/Phpclasses.org.xml
index 583a8b6cc5c8..5841140342a2 100644
--- a/src/chrome/content/rules/Phpclasses.org.xml
+++ b/src/chrome/content/rules/Phpclasses.org.xml
@@ -7,7 +7,7 @@ ww.phpclasses.net mismatch-->
 	<target host="www.phpclasses.org" />
 	<target host="phpclasses.net" />
 	<target host="www.phpclasses.net" />
-	
+
 	<rule from="^http://(www\.)?phpclasses\.net/"
 		to="https://$1phpclasses.org/" />
 
diff --git a/src/chrome/content/rules/Phpdoc.org.xml b/src/chrome/content/rules/Phpdoc.org.xml
index 63771c6d9daa..48450dc15c42 100644
--- a/src/chrome/content/rules/Phpdoc.org.xml
+++ b/src/chrome/content/rules/Phpdoc.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://qa.phpdoc.org/ => https://qa.phpdoc.org/: (6, 'Could not res
 
 
 -->
-<ruleset name="PhpDocumentor" default_off='failed ruleset test'>
+<ruleset name="PhpDocumentor" default_off="failed ruleset test">
     <target host="phpdoc.org" />
     <target host="www.phpdoc.org" />
     <target host="demo.phpdoc.org" />
@@ -14,7 +14,7 @@ Fetch error: http://qa.phpdoc.org/ => https://qa.phpdoc.org/: (6, 'Could not res
     <target host="qa.phpdoc.org" />
 
     <securecookie host="^(www\.|demo\.|manual\.|pear\.|qa\.)?phpdoc\.org" name=".+" />
-	
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Phygee.com.xml b/src/chrome/content/rules/Phygee.com.xml
deleted file mode 100644
index 771e1cce775e..000000000000
--- a/src/chrome/content/rules/Phygee.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Phygee.com">
-
-	<target host="phygee.com" />
-	<target host="www.phygee.com" />
-	<target host="mail.phygee.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PhysicsOverflow.org.xml b/src/chrome/content/rules/PhysicsOverflow.org.xml
new file mode 100644
index 000000000000..9965abffb4b3
--- /dev/null
+++ b/src/chrome/content/rules/PhysicsOverflow.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Physicsoverflow.org">
+	<target host="physicsoverflow.org" />
+	<target host="www.physicsoverflow.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PhysicsTravelGuide.com.xml b/src/chrome/content/rules/PhysicsTravelGuide.com.xml
new file mode 100644
index 000000000000..f6f6ee777349
--- /dev/null
+++ b/src/chrome/content/rules/PhysicsTravelGuide.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="PhysicsTravelGuide.com">
+	<target host="physicstravelguide.com" />
+	<target host="www.physicstravelguide.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PiStar.uk.xml b/src/chrome/content/rules/PiStar.uk.xml
new file mode 100644
index 000000000000..9f476471384b
--- /dev/null
+++ b/src/chrome/content/rules/PiStar.uk.xml
@@ -0,0 +1,10 @@
+<ruleset name="PiStar.uk">
+	<target host="pistar.uk" />
+	<target host="www.pistar.uk" />
+	<target host="download.pistar.uk" />
+	<target host="forum.pistar.uk" />
+	<target host="multi-reflector.pistar.uk" />
+	<target host="wiki.pistar.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PiaoHua.com.xml b/src/chrome/content/rules/PiaoHua.com.xml
new file mode 100644
index 000000000000..68371977ddc7
--- /dev/null
+++ b/src/chrome/content/rules/PiaoHua.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Non-functional subdomains:
+
+		- dy125		(t)
+		- dy126		(t)
+		- dy195		(t)
+		- dy44		(t)
+		- img		(t)
+		- pic		(t)
+		- so		(t)
+		- xs		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="PiaoHua.com">
+
+	<target host="www.piaohua.com" />
+	<target host="admin2.piaohua.com" />
+
+	<target host="img.piaowu99.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piatnik.de.xml b/src/chrome/content/rules/Piatnik.de.xml
deleted file mode 100644
index 15de91972ff1..000000000000
--- a/src/chrome/content/rules/Piatnik.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Piatnik Deutschland">
-	<target host="piatnik.de" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Piatt_County_Journal-Republican.xml b/src/chrome/content/rules/Piatt_County_Journal-Republican.xml
index d34fee81ef56..5492b09eb124 100644
--- a/src/chrome/content/rules/Piatt_County_Journal-Republican.xml
+++ b/src/chrome/content/rules/Piatt_County_Journal-Republican.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?journal-republican\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.journal-republican.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Picatcha.xml b/src/chrome/content/rules/Picatcha.xml
index e4e2c939e2d6..3a782f55e15c 100644
--- a/src/chrome/content/rules/Picatcha.xml
+++ b/src/chrome/content/rules/Picatcha.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.api.picatcha.com/ => https://www.api.picatcha.com/: (60,
 	(www.)api serves captchas on 3rd-party websites.
 
 -->
-<ruleset name="Picatcha (partial)" default_off='failed ruleset test'>
+<ruleset name="Picatcha (partial)" default_off="failed ruleset test">
 
 	<target host="api.picatcha.com" />
 	<target host="www.api.picatcha.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.api.picatcha.com/ => https://www.api.picatcha.com/: (60,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pickaweb.xml b/src/chrome/content/rules/Pickaweb.xml
index adf6b5e115ef..f434de87f798 100644
--- a/src/chrome/content/rules/Pickaweb.xml
+++ b/src/chrome/content/rules/Pickaweb.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://support\.pickaweb\.co\.uk/(assets/)"
 		to="https://app.sirportly.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PicoMoney.xml b/src/chrome/content/rules/PicoMoney.xml
index ec9d782a33fa..4bbbc4d06a24 100644
--- a/src/chrome/content/rules/PicoMoney.xml
+++ b/src/chrome/content/rules/PicoMoney.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.picomoney.com/ => https://www.picomoney.com/: (7, 'Faile
 Disabled by https-everywhere-checker because:
 Fetch error: http://picomoney.com/ => https://picomoney.com/: Cycle detected - URL already encountered: http://www.picomoney.com/
 -->
-<ruleset name="PicoMoney" default_off='failed ruleset test'>
+<ruleset name="PicoMoney" default_off="failed ruleset test">
 
 	<target host="picomoney.com" />
 	<target host="www.picomoney.com" />
@@ -18,4 +18,4 @@ Fetch error: http://picomoney.com/ => https://picomoney.com/: Cycle detected - U
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Picsters.tv.xml b/src/chrome/content/rules/Picsters.tv.xml
deleted file mode 100644
index 1d6bea095b2a..000000000000
--- a/src/chrome/content/rules/Picsters.tv.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Picsters.tv">
-
-	<target host="picsters.tv" />
-	<target host="www.picsters.tv" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pidg.in.xml b/src/chrome/content/rules/Pidg.in.xml
index d10491437113..be13516f4d40 100644
--- a/src/chrome/content/rules/Pidg.in.xml
+++ b/src/chrome/content/rules/Pidg.in.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.pidg.in/ => https://www.pidg.in/: (51, "SSL: no alternat
 	For other Pidgin coverage, see Pidgin.xml.
 
 -->
-<ruleset name="Pidg.in" default_off='failed ruleset test'>
+<ruleset name="Pidg.in" default_off="failed ruleset test">
 
 	<target host="pidg.in" />
 	<target host="www.pidg.in" />
diff --git a/src/chrome/content/rules/Pidgin.xml b/src/chrome/content/rules/Pidgin.xml
index 5c17f688e66c..91fc43bebaab 100644
--- a/src/chrome/content/rules/Pidgin.xml
+++ b/src/chrome/content/rules/Pidgin.xml
@@ -1,44 +1,36 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://hg.pidgin.im/ => https://hg.pidgin.im/: (51, "SSL: no alternative certificate subject name matches target host name 'hg.pidgin.im'")
-Fetch error: http://rpm.pidgin.im/ => https://rpm.pidgin.im/: (51, "SSL: no alternative certificate subject name matches target host name 'rpm.pidgin.im'")
-Fetch error: http://stats.pidgin.im/ => https://stats.pidgin.im/: (51, "SSL: no alternative certificate subject name matches target host name 'stats.pidgin.im'")
-
 	Other Pidgin rulesets:
-
 		- Pidg.in.xml
 
 
-	Fully covered hosts:
+	Invalid certificate:
+		- hg.pidgin.im
+		- rpm.pidgin.im
+		- stats.pidgin.im
+		- test.developer.pidgin.im
+		- mtn.pidgin.im
+		- nicobar.pidgin.im
 
-		- (www.)?
-		- developer
-		- hg
-		- planet
-		- rock
-		- rpm
-		- stats
+	Refused:
+		- imperial.pidgin.im
 
+	Timeout:
+		- plugin-pack.pidgin.im
 -->
-<ruleset name="Pidgin.im" default_off='failed ruleset test'>
+<ruleset name="Pidgin.im">
 
 	<target host="pidgin.im" />
-	<target host="*.pidgin.im" />
-
-		<test url="http://developer.pidgin.im/" />
-		<test url="http://hg.pidgin.im/" />
-		<test url="http://planet.pidgin.im/" />
-		<test url="http://rock.pidgin.im/" />
-		<test url="http://rpm.pidgin.im/" />
-		<test url="http://stats.pidgin.im/" />
-		<test url="http://www.pidgin.im/" />
-
-
-	<securecookie host="^developer\.pidgin\.im$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<target host="www.pidgin.im" />
+	<target host="bamboo.pidgin.im" />
+	<target host="conference.pidgin.im" />
+	<target host="d.pidgin.im" />
+	<target host="developer.pidgin.im" />
+	<target host="planet.pidgin.im" />
+	<target host="rock.pidgin.im" />
+	<target host="status.pidgin.im" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pikabu.ru.xml b/src/chrome/content/rules/Pikabu.ru.xml
index 7275edbcaa63..4d37249fe997 100644
--- a/src/chrome/content/rules/Pikabu.ru.xml
+++ b/src/chrome/content/rules/Pikabu.ru.xml
@@ -1,15 +1,28 @@
 <!--
-	Mismatched:
-		- s2 (u.pikabu.ru)
-		- s3 (testing.pikabu.ru)
-		- s7 (u.pikabu.ru)
--->
+	Invalid certificate:
+		tickets.pikabu.ru
+
+	Non-2xx HTTP code:
+		new.pikabu.ru
+		m.pikabu.ru
+		ws.pikabu.ru
 
-<ruleset name="Pikabu.ru">
+	Time out:
+		bastion.pikabu.ru
+		bastion1.pikabu.ru
+		bastion2.pikabu.ru
+-->
+<ruleset name="pikabu.ru">
 	<target host="pikabu.ru" />
 	<target host="www.pikabu.ru" />
+	<target host="a.pikabu.ru" />
 	<target host="api.pikabu.ru" />
+	<target host="beta.pikabu.ru" />
 	<target host="cs.pikabu.ru" />
+	<target host="cs10.pikabu.ru" />
+	<target host="cs11.pikabu.ru" />
+	<target host="cs12.pikabu.ru" />
+	<target host="cs13.pikabu.ru" />
 	<target host="cs2.pikabu.ru" />
 	<target host="cs3.pikabu.ru" />
 	<target host="cs4.pikabu.ru" />
@@ -18,21 +31,29 @@
 	<target host="cs7.pikabu.ru" />
 	<target host="cs8.pikabu.ru" />
 	<target host="cs9.pikabu.ru" />
-	<target host="m.pikabu.ru" />
-	<target host="m-testing.pikabu.ru" />
-	<target host="m-testing2.pikabu.ru" />
-	<target host="m-testing4.pikabu.ru" />
-	<target host="mt2.pikabu.ru" />
-	<target host="new-testing.pikabu.ru" />
+	<target host="i.pikabu.ru" />
+	<target host="old.pikabu.ru" />
+	<target host="specials.pikabu.ru" />
+	<target host="test.specials.pikabu.ru" />
+	<target host="status.pikabu.ru" />
 	<target host="s.pikabu.ru" />
-	<target host="rabbitmq.staff.pikabu.ru" />
-	<target host="t2.pikabu.ru" />
-	<target host="testing.pikabu.ru" />
-	<target host="testing2.pikabu.ru" />
-	<target host="testing4.pikabu.ru" />
+	<target host="s10.pikabu.ru" />
+	<target host="s11.pikabu.ru" />
+	<target host="s12.pikabu.ru" />
+	<target host="s13.pikabu.ru" />
+	<target host="s2.pikabu.ru" />
+	<target host="s3.pikabu.ru" />
+	<target host="s4.pikabu.ru" />
+	<target host="s5.pikabu.ru" />
+	<target host="s6.pikabu.ru" />
+	<target host="s7.pikabu.ru" />
+	<target host="s8.pikabu.ru" />
+	<target host="s9.pikabu.ru" />
+	<target host="stand1.pikabu.ru" />
 	<target host="u.pikabu.ru" />
+	<target host="v.pikabu.ru" />
+	<target host="v1.pikabu.ru" />
 
-	<securecookie host=".+" name=".+" />
-
+	<rule from="^http://www\.pikabu\.ru/" to="https://pikabu.ru/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pillow.xml b/src/chrome/content/rules/Pillow.xml
index 86ac918c2cff..a74d21bd5227 100644
--- a/src/chrome/content/rules/Pillow.xml
+++ b/src/chrome/content/rules/Pillow.xml
@@ -4,5 +4,5 @@
 		<target host="www.python-pillow.org" />
 
 		<rule from="^http:" to="https:" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/Pimienta.org.xml b/src/chrome/content/rules/Pimienta.org.xml
new file mode 100644
index 000000000000..9562e40f9126
--- /dev/null
+++ b/src/chrome/content/rules/Pimienta.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="Pimienta.org">
+
+	<target host="pimienta.org" />
+	<target host="www.pimienta.org" />
+	<target host="alcachofa.pimienta.org" />
+	<target host="assembleasocialpoblenou.pimienta.org" />
+	<target host="bibliotecadelaevasion.pimienta.org" />
+	<target host="coati.pimienta.org" />
+	<target host="degenree.pimienta.org" />
+	<target host="fia.pimienta.org" />
+	<target host="frustros.pimienta.org"/>
+	<target host="gofistfoundation.pimienta.org" /><!-- NSFW -->
+	<target host="mambo.pimienta.org" />
+	<target host="oreja.pimienta.org" />
+	<target host="quematumovil.pimienta.org" />
+	<target host="terracremada.pimienta.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pinboard.in.xml b/src/chrome/content/rules/Pinboard.in.xml
new file mode 100644
index 000000000000..1349656d03c0
--- /dev/null
+++ b/src/chrome/content/rules/Pinboard.in.xml
@@ -0,0 +1,34 @@
+<ruleset name="Pinboard.in">
+	<target host="pinboard.in" />
+	<target host="www.pinboard.in" />
+	<target host="adelie.pinboard.in" />
+	<target host="api.pinboard.in" />
+	<target host="blog.pinboard.in" />
+	<target host="boris.pinboard.in" />
+	<target host="cache0.pinboard.in" />
+	<target host="cache1.pinboard.in" />
+	<target host="cache10.pinboard.in" />
+	<target host="cache11.pinboard.in" />
+	<target host="cache13.pinboard.in" />
+	<target host="cache14.pinboard.in" />
+	<target host="cache3.pinboard.in" />
+	<target host="cache4.pinboard.in" />
+	<target host="cache5.pinboard.in" />
+	<target host="cache6.pinboard.in" />
+	<target host="cache7.pinboard.in" />
+	<target host="cache8.pinboard.in" />
+	<target host="cache9.pinboard.in" />
+	<target host="feeds.pinboard.in" />
+	<target host="goatfish.pinboard.in" />
+	<target host="honeybadger.pinboard.in" />
+	<target host="m.pinboard.in" />
+	<target host="mail.pinboard.in" />
+	<target host="marmot.pinboard.in" />
+	<target host="notes.pinboard.in" />
+	<target host="otter.pinboard.in" />
+	<target host="skua.pinboard.in" />
+	<target host="static.pinboard.in" />
+	<target host="taco.pinboard.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pinboard.xml b/src/chrome/content/rules/Pinboard.xml
deleted file mode 100644
index c391b5b0e356..000000000000
--- a/src/chrome/content/rules/Pinboard.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://blog.pinboard.in/ => https://blog.pinboard.in/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Fully covered subdomains:
-
-		- (www.)
-		- blog
-		- feeds
-		- static
-
--->
-<ruleset name="Pinboard.in" default_off='failed ruleset test'>
-
-	<target host="pinboard.in" />
-	<target host="blog.pinboard.in" />
-	<target host="feeds.pinboard.in" />
-	<target host="static.pinboard.in" />
-	<target host="www.pinboard.in" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?pinboard\.in$" name="^groznax$" /-->
-
-	<securecookie host="^(?:www\.)?pinboard\.in$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PinchOfNom.com.xml b/src/chrome/content/rules/PinchOfNom.com.xml
new file mode 100644
index 000000000000..57ba60506b50
--- /dev/null
+++ b/src/chrome/content/rules/PinchOfNom.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="PinchOfNom.com">
+	<target host="pinchofnom.com" />
+	<target host="www.pinchofnom.com" />
+	<target host="cpanel.pinchofnom.com" />
+	<target host="dev.pinchofnom.com" />
+	<target host="mail.pinchofnom.com" />
+	<target host="webdisk.pinchofnom.com" />
+	<target host="webmail.pinchofnom.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pine64.com.xml b/src/chrome/content/rules/Pine64.com.xml
index f1b6f6e617e6..5889cb019653 100644
--- a/src/chrome/content/rules/Pine64.com.xml
+++ b/src/chrome/content/rules/Pine64.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.pine64.com/ => https://www.pine64.com/: (51, "SSL: no al
 	holiday.pine64.com
 -->
 
-<ruleset name="Pine64.com" default_off='failed ruleset test'>
+<ruleset name="Pine64.com" default_off="failed ruleset test">
 	<target host="pine64.com" />
 	<target host="www.pine64.com" />
 
diff --git a/src/chrome/content/rules/PineappleFund.org.xml b/src/chrome/content/rules/PineappleFund.org.xml
deleted file mode 100644
index f85544346acf..000000000000
--- a/src/chrome/content/rules/PineappleFund.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="PineappleFund.org">
-	<target host="pineapplefund.org" />
-	<target host="www.pineapplefund.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Pinescharter.net.xml b/src/chrome/content/rules/Pinescharter.net.xml
index 441fcffb376a..79bfcd0c9c93 100644
--- a/src/chrome/content/rules/Pinescharter.net.xml
+++ b/src/chrome/content/rules/Pinescharter.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pinescharter\.net/(DesktopModules/|favicon\.ico|images/|js/|[pP]ortals/|Resources/|SiteLogin(?:$|\?|/)|(?:Telerik\.Web\.UI\.)?WebResource\.axd)"
 		to="https://$1pinescharter.net/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ping.pe.xml b/src/chrome/content/rules/Ping.pe.xml
new file mode 100644
index 000000000000..2de5389f0d21
--- /dev/null
+++ b/src/chrome/content/rules/Ping.pe.xml
@@ -0,0 +1,21 @@
+<ruleset name="Ping.pe">
+	<target host="ping.pe" />
+	<target host="www.ping.pe" />
+		<test url="http://www.ping.pe/cloudflare.com" />
+
+	<target host="port.ping.pe" />
+		<test url="http://port.ping.pe/1.2.3.4:22" />
+
+	<target host="dig.ping.pe" />
+		<test url="http://dig.ping.pe/dns.google:A:1.0.0.1" />
+
+	<target host="mrtg.ping.pe" />
+		<test url="http://mrtg.ping.pe/load.html" />
+
+	<target host="i.ping.pe" />
+		<test url="http://i.ping.pe/n/Y/img_nYlIKgrb.png" />
+		<test url="http://i.ping.pe/y/1/img_y1WLfjiE.png" />
+		<test url="http://i.ping.pe/8/O/img_8Oi1R3Vr.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PingOne.xml b/src/chrome/content/rules/PingOne.xml
index db582fcfff3f..a2dc2c45a1e4 100644
--- a/src/chrome/content/rules/PingOne.xml
+++ b/src/chrome/content/rules/PingOne.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ping_Identity.xml b/src/chrome/content/rules/Ping_Identity.xml
index 3636f1385071..8db498d9fcd2 100644
--- a/src/chrome/content/rules/Ping_Identity.xml
+++ b/src/chrome/content/rules/Ping_Identity.xml
@@ -13,7 +13,8 @@
 <ruleset name="Ping Identity">
 
 	<target host="pingidentity.com" />
-	<target host="*.pingidentity.com" />
+	<target host="www.pingidentity.com" />
+	<target host="connect.pingidentity.com" />
 
 
 	<securecookie host="^(?:connect|www)\.pingidentity\.com$" name=".+" />
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?pingidentity\.com/"
 		to="https://www.pingidentity.com/" />
 
-	<rule from="^http://connect\.pingidentity\.com/"
-		to="https://connect.pingidentity.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pingless.xml b/src/chrome/content/rules/Pingless.xml
index 748ae6f0b513..d9cffd2b8379 100644
--- a/src/chrome/content/rules/Pingless.xml
+++ b/src/chrome/content/rules/Pingless.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?pingless\.co\.il/(agent_login|css/|default\.php\?(?:agent_login|make_money|order|support)|epanel2|favicon\.ico|framestats|images/|make_money|\?order|support)"
 		to="https://$1pingless.co.uk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PinkNews.co.uk.xml b/src/chrome/content/rules/PinkNews.co.uk.xml
index 292a00c635c0..f2de26e43da6 100644
--- a/src/chrome/content/rules/PinkNews.co.uk.xml
+++ b/src/chrome/content/rules/PinkNews.co.uk.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.pinknews.co.uk/ => https://www.pinknews.co.uk/: Too many
 	* Secured by us
 
 -->
-<ruleset name="PinkNews.co.uk" default_off='failed ruleset test'>
+<ruleset name="PinkNews.co.uk" default_off="failed ruleset test">
 
 	<target host="pinknews.co.uk" />
 	<target host="www.pinknews.co.uk" />
diff --git a/src/chrome/content/rules/Pinocc.io.xml b/src/chrome/content/rules/Pinocc.io.xml
index 192dffe01879..9a2e87020962 100644
--- a/src/chrome/content/rules/Pinocc.io.xml
+++ b/src/chrome/content/rules/Pinocc.io.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.pinocc.io/ => https://pinocc.io/: (60, 'SSL certificate
 		- www.pinocc.io
 
 -->
-<ruleset name="Pinocc.io (partial)" default_off='failed ruleset test'>
+<ruleset name="Pinocc.io (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pinsent_Masons.xml b/src/chrome/content/rules/Pinsent_Masons.xml
index aded35bc9f6c..882ca090c288 100644
--- a/src/chrome/content/rules/Pinsent_Masons.xml
+++ b/src/chrome/content/rules/Pinsent_Masons.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://extranets.pinsentmasons.com/ => https://extranets.pinsentmasons.com/: (7, 'Failed to connect to extranets.pinsentmasons.com port 443: Connection refused')
 
 -->
-<ruleset name="Pinsent Masons (partial)" default_off='failed ruleset test'>
+<ruleset name="Pinsent Masons (partial)" default_off="failed ruleset test">
 
 	<target host="extranets.pinsentmasons.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pinta-Outlet.fi.xml b/src/chrome/content/rules/Pinta-Outlet.fi.xml
index aa7b1f12a977..942f594f166d 100644
--- a/src/chrome/content/rules/Pinta-Outlet.fi.xml
+++ b/src/chrome/content/rules/Pinta-Outlet.fi.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.pinta-outlet.fi/ => https://pinta-outlet.fi/: (60, 'SSL
 		- www	(cert only matches ^pinta-outlet.fi)
 
 -->
-<ruleset name="Pinta-Outlet.fi" default_off='failed ruleset test'>
+<ruleset name="Pinta-Outlet.fi" default_off="failed ruleset test">
 
 	<target host="pinta-outlet.fi" />
 	<target host="www.pinta-outlet.fi" />
diff --git a/src/chrome/content/rules/Pipedot.org.xml b/src/chrome/content/rules/Pipedot.org.xml
index a304b46c47f7..41f5f64250fb 100644
--- a/src/chrome/content/rules/Pipedot.org.xml
+++ b/src/chrome/content/rules/Pipedot.org.xml
@@ -18,7 +18,7 @@ Fetch error: http://bugs.pipedot.org/ => https://bugs.pipedot.org/: (60, 'SSL ce
 		- .pipedot.org
 
 -->
-<ruleset name="pipedot.org" default_off='failed ruleset test'>
+<ruleset name="pipedot.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Piquadro.xml b/src/chrome/content/rules/Piquadro.xml
index 951e7ef4dd92..174507b21fdc 100644
--- a/src/chrome/content/rules/Piquadro.xml
+++ b/src/chrome/content/rules/Piquadro.xml
@@ -1,15 +1,15 @@
 <!--
 	Unsupported subdomains:
-	
+
 	* corporategift.piquadro.com - mismatch
 	* cdnlevel3.piquadro.com - timeout
-	
+
 -->
-	
+
 <ruleset name="Piquadro" default_off="breaks images">
 	<target host="piquadro.com" />
 	<target host="www.piquadro.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pirata.cat.xml b/src/chrome/content/rules/Pirata.cat.xml
new file mode 100644
index 000000000000..caddbd5dc166
--- /dev/null
+++ b/src/chrome/content/rules/Pirata.cat.xml
@@ -0,0 +1,36 @@
+<!--
+	(www.)?pirata.cat: 404
+
+
+	NB: server sends no certificate chain, see https://whatsmychaincert.com
+
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+
+		- xifrat.pirata.cat
+		- .xifrat.pirata.cat
+
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+-->
+<ruleset name="pirata.cat (partial)" >
+
+	<target host="xifrat.pirata.cat" />
+
+		<!--	Sets cookies without Secure:
+							-->
+		<!--test url="http://xifrat.pirata.cat/forum/" /-->
+
+
+	<!--	Not secured by server:
+					-->
+	<!--securecookie host="^xifrat\.pirata\.cat$" name="^(?:Vanilla|Vanilla-Volatile|vanilla_locale)$" /-->
+	<!--securecookie host="^\.xifrat\.pirata\.cat$" name="^SESS[\da-f]{32}$" /-->
+
+	<securecookie host="^(?!\.pirata\.cat$)." name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PirateHD.com.xml b/src/chrome/content/rules/PirateHD.com.xml
index 13668a1da748..07376d142220 100644
--- a/src/chrome/content/rules/PirateHD.com.xml
+++ b/src/chrome/content/rules/PirateHD.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://piratehd.com/ => https://piratehd.com/: (28, 'Connection tim
 		- .piratehd.com
 
 -->
-<ruleset name="PirateHD.com" default_off='failed ruleset test'>
+<ruleset name="PirateHD.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PirateParty.xml b/src/chrome/content/rules/PirateParty.xml
index 993370c81359..aa962bb9701d 100644
--- a/src/chrome/content/rules/PirateParty.xml
+++ b/src/chrome/content/rules/PirateParty.xml
@@ -1,4 +1,18 @@
+
+<!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://proxy.piratenpartij.nl/ => https://proxy.piratenpartij.nl/: (7, 'Failed to connect to proxy.piratenpartij.nl port 443: Connection timed out')
+Fetch error: http://tpb.piratenpartij.nl/ => https://tpb.piratenpartij.nl/: (7, 'Failed to connect to tpb.piratenpartij.nl port 443: Connection timed out')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://proxy.piratenpartij.nl/ => https://proxy.piratenpartij.nl/: (7, 'Failed to connect to proxy.piratenpartij.nl port 443: Connection timed out')
+Fetch error: http://tpb.piratenpartij.nl/ => https://tpb.piratenpartij.nl/: (7, 'Failed to connect to tpb.piratenpartij.nl port 443: Connection timed out')
+
 	See PirateParty-mismatches.xml for problematic rules.
 
 
@@ -6,9 +20,7 @@
 
 		- Junge-Piraten.de.xml
 		- Pirate_IRC.net.xml
-		- Pirate_Party.ca.xml
 		- Pirate_Party.org.au.xml
-		- Pirate_Party.org.uk.xml
 		- PiratePad.ca.xml
 		- Piraten-Oberpfalz.de.xml
 		- Piraten-Ufr.de.xml
@@ -36,8 +48,8 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="piratenpartij.nl" />
-	<target host="proxy.piratenpartij.nl" />
-	<target host="tpb.piratenpartij.nl" />
+	<!-- target host="proxy.piratenpartij.nl" /-->
+	<!-- target host="tpb.piratenpartij.nl" /-->
 	<target host="www.piratenpartij.nl" />
 
 	<!--	Complications:
diff --git a/src/chrome/content/rules/Pirate_Linux.org.xml b/src/chrome/content/rules/Pirate_Linux.org.xml
index 76422c372646..4c393d43fc21 100644
--- a/src/chrome/content/rules/Pirate_Linux.org.xml
+++ b/src/chrome/content/rules/Pirate_Linux.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.piratelinux.org/ => https://www.piratelinux.org/: (51, "
 	expired:
 		- lists
 -->
-<ruleset name="PirateLinux.org" default_off='failed ruleset test'>
+<ruleset name="PirateLinux.org" default_off="failed ruleset test">
 
 	<target host="piratelinux.org" />
 	<target host="www.piratelinux.org" />
diff --git a/src/chrome/content/rules/Pirate_Party.ca.xml b/src/chrome/content/rules/Pirate_Party.ca.xml
deleted file mode 100644
index c53bf421d801..000000000000
--- a/src/chrome/content/rules/Pirate_Party.ca.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Pirate Party coverage, see PirateParty.xml.
-
--->
-<ruleset name="Pirate Party.ca">
-
-	<target host="pirateparty.ca" />
-	<target host="wiki.pirateparty.ca" />
-	<target host="www.pirateparty.ca" />
-
-
-	<securecookie host="^www\.pirateparty\.ca$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pirate_Party.org.uk.xml b/src/chrome/content/rules/Pirate_Party.org.uk.xml
deleted file mode 100644
index d9eef42a2948..000000000000
--- a/src/chrome/content/rules/Pirate_Party.org.uk.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://edinburgh.pirateparty.org.uk/ => https://edinburgh.pirateparty.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'edinburgh.pirateparty.org.uk'")
-Fetch error: http://glasgow.pirateparty.org.uk/ => https://glasgow.pirateparty.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'glasgow.pirateparty.org.uk'")
-Fetch error: http://manchester.pirateparty.org.uk/ => https://manchester.pirateparty.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'manchester.pirateparty.org.uk'")
-Fetch error: http://tpb.pirateparty.org.uk/ => https://tpb.pirateparty.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'tpb.pirateparty.org.uk'")
-
-	For other Pirate Party coverage, see PirateParty.xml.	
-
--->
-<ruleset name="Pirate Party.org.uk" default_off='failed ruleset test'>
-
-	<target host="pirateparty.org.uk" />
-	<target host="edinburgh.pirateparty.org.uk" />
-	<target host="glasgow.pirateparty.org.uk" />
-	<target host="manchester.pirateparty.org.uk" />
-	<target host="tpb.pirateparty.org.uk" />
-	<target host="www.pirateparty.org.uk" />
-
-
-	<securecookie host="^(?:.*\.)?pirateparty\.org\.uk$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Piraten-Schwaben.de.xml b/src/chrome/content/rules/Piraten-Schwaben.de.xml
index f6a253cd2194..5b24c66b5009 100644
--- a/src/chrome/content/rules/Piraten-Schwaben.de.xml
+++ b/src/chrome/content/rules/Piraten-Schwaben.de.xml
@@ -20,7 +20,7 @@
 	<target host="www.piraten-schwaben.de"/>
 
 
-	<securecookie host="^(?:.*\.)?piraten-schwaben\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Piraten-Ufr.de.xml b/src/chrome/content/rules/Piraten-Ufr.de.xml
index 588faf9b893a..398fee28b246 100644
--- a/src/chrome/content/rules/Piraten-Ufr.de.xml
+++ b/src/chrome/content/rules/Piraten-Ufr.de.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.piraten-ufr.de/ => https://www.piraten-ufr.de/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="Piraten-Ufr.de" default_off='failed ruleset test'>
+<ruleset name="Piraten-Ufr.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Piratenpartei-bayern.de.xml b/src/chrome/content/rules/Piratenpartei-bayern.de.xml
index a054e8a06490..4eb46665d5fd 100644
--- a/src/chrome/content/rules/Piratenpartei-bayern.de.xml
+++ b/src/chrome/content/rules/Piratenpartei-bayern.de.xml
@@ -20,7 +20,7 @@
 	<target host="www.piratenpartei-bayern.de" />
 
 
-	<securecookie host="^(?:.*\.)?piratenpartei-bayern\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Piratenpartei.at.xml b/src/chrome/content/rules/Piratenpartei.at.xml
index b22db5948c88..6882706a97af 100644
--- a/src/chrome/content/rules/Piratenpartei.at.xml
+++ b/src/chrome/content/rules/Piratenpartei.at.xml
@@ -6,7 +6,7 @@ Fetch error: http://w.piratenpartei.at/ => https://w.piratenpartei.at/: (51, "SS
 	For other Pirate Party coverage, see PirateParty.xml.
 
 -->
-<ruleset name="Piratenpartei.at" default_off='failed ruleset test'>
+<ruleset name="Piratenpartei.at" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Piratenpartei.de.xml b/src/chrome/content/rules/Piratenpartei.de.xml
index 7184cebfaee5..644db7cb03a7 100644
--- a/src/chrome/content/rules/Piratenpartei.de.xml
+++ b/src/chrome/content/rules/Piratenpartei.de.xml
@@ -40,7 +40,7 @@ Fetch error: http://pshop.piratenpartei.de/ => https://pshop.piratenpartei.de/:
 		- .shop.piratenpartei.de
 
 -->
-<ruleset name="Piratenpartei.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Piratenpartei.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -69,7 +69,7 @@ Fetch error: http://pshop.piratenpartei.de/ => https://pshop.piratenpartei.de/:
 	<!--securecookie host="^\.news\.piratenpartei\.de$" name="^mybb\[(?:announcements|lastactive|lastvisit)\]$" /-->
 	<!--securecookie host="^\.shop\.piratenpartei\.de$" name="^sid_customer_\d+$" /-->
 
-	<securecookie host="^(?:.*\.)?piratenpartei\.de$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://oberbayern\.piratenpartei\.de/"
diff --git a/src/chrome/content/rules/Pirati.cz.xml b/src/chrome/content/rules/Pirati.cz.xml
index d5437e119066..c4d12d79b8dd 100644
--- a/src/chrome/content/rules/Pirati.cz.xml
+++ b/src/chrome/content/rules/Pirati.cz.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.www.pirati.cz/ => https://www.www.pirati.cz/: (6, 'Could
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Pirati.cz" default_off='failed ruleset test'>
+<ruleset name="Pirati.cz" default_off="failed ruleset test">
 
 	<target host="pirati.cz" />
 	<target host="*.pirati.cz" />
diff --git a/src/chrome/content/rules/Piratpartiet.se.xml b/src/chrome/content/rules/Piratpartiet.se.xml
index 5a9a11fd70bc..d10cb78d9b8b 100644
--- a/src/chrome/content/rules/Piratpartiet.se.xml
+++ b/src/chrome/content/rules/Piratpartiet.se.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.piratpartiet.se/ => https://www.piratpartiet.se/: (60, '
 	For other Pirate Party coverage, see PirateParty.xml.
 
 -->
-<ruleset name="Piratpartiet.se (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Piratpartiet.se (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Piratpartiet.xml b/src/chrome/content/rules/Piratpartiet.xml
index 5f89c2c2e751..04bcceb8457b 100644
--- a/src/chrome/content/rules/Piratpartiet.xml
+++ b/src/chrome/content/rules/Piratpartiet.xml
@@ -6,7 +6,7 @@ Fetch error: http://arbeidskontoret.piratpartiet.no/ => https://arbeidskontoret.
 	Non-functional domain:
 		- piratpartiet.no	(hostname mismatch, CN: *.piratpartiet.no)
 -->
-<ruleset name="Piratpartiet" default_off='failed ruleset test'>
+<ruleset name="Piratpartiet" default_off="failed ruleset test">
 	<target host="arbeidskontoret.piratpartiet.no" />
 	<target host="wiki.piratpartiet.no" />
 	<target host="www.piratpartiet.no" />
diff --git a/src/chrome/content/rules/Piriform.xml b/src/chrome/content/rules/Piriform.xml
index 1a5737991308..eb7ed0b38fc8 100644
--- a/src/chrome/content/rules/Piriform.xml
+++ b/src/chrome/content/rules/Piriform.xml
@@ -66,20 +66,24 @@
 
 	<target host="s1.pir.fm" />
 	<target host="piriform.com" />
-	<target host="*.piriform.com" />
+	<target host="www.piriform.com" />
+	<target host="download.piriform.com" />
+	<target host="secure.piriform.com" />
+	<target host="static.piriform.com" />
+	<target host="support.piriform.com" />
 
 
 	<securecookie host="^\.secure\.piriform\.com$" name=".+" />
 
 
 	<rule from="^http://s1\.pir\.fm/"
-		to="https://d3sg17i8imdw59.cloudfront.net/" />
+		to="https://s1.pir.fm/" />
 
 	<rule from="^http://(?:www\.)?piriform\.com/"
 		to="https://www.piriform.com/" />
 
 	<rule from="^http://download\.piriform\.com/"
-		to="https://d1k4dgg08m176h.cloudfront.net/" />
+		to="https://download.piriform.com/" />
 
 	<rule from="^http://secure\.piriform\.com/"
 		to="https://secure.piriform.com/" />
diff --git a/src/chrome/content/rules/Piscatus.se.xml b/src/chrome/content/rules/Piscatus.se.xml
index 212fcec23403..21025962ecec 100644
--- a/src/chrome/content/rules/Piscatus.se.xml
+++ b/src/chrome/content/rules/Piscatus.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://piscatus.se/ => https://piscatus.se/: (7, 'Failed to connect to piscatus.se port 443: Connection refused')
 Fetch error: http://www.piscatus.se/ => https://www.piscatus.se/: (7, 'Failed to connect to www.piscatus.se port 443: Connection refused')
 -->
-<ruleset name="Piscatus.se" default_off='failed ruleset test'>
+<ruleset name="Piscatus.se" default_off="failed ruleset test">
 	<target host="piscatus.se" />
 	<target host="www.piscatus.se" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Piston_Cloud_Computing.xml b/src/chrome/content/rules/Piston_Cloud_Computing.xml
index fe666fa8488e..a91a42904095 100644
--- a/src/chrome/content/rules/Piston_Cloud_Computing.xml
+++ b/src/chrome/content/rules/Piston_Cloud_Computing.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.pistoncloud.com/ => https://www.pistoncloud.com/: (51, "
 	Cert only matches www.
 
 -->
-<ruleset name="Piston Cloud Computing" default_off='failed ruleset test'>
+<ruleset name="Piston Cloud Computing" default_off="failed ruleset test">
 
 	<target host="pistoncloud.com" />
 	<target host="www.pistoncloud.com" />
diff --git a/src/chrome/content/rules/PittsburghZoo.org.xml b/src/chrome/content/rules/PittsburghZoo.org.xml
index 311af97a9ef5..cc51d1aa3323 100644
--- a/src/chrome/content/rules/PittsburghZoo.org.xml
+++ b/src/chrome/content/rules/PittsburghZoo.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.pittsburghzoo.org/ => https://www.pittsburghzoo.org/: (3
 	Invalid certificate:
 		staging.pittsburghzoo.org
 -->
-<ruleset name="Pittsburgh Zoo" default_off='failed ruleset test'>
+<ruleset name="Pittsburgh Zoo" default_off="failed ruleset test">
 	<target host="pittsburghzoo.org" />
 	<target host="www.pittsburghzoo.org" />
 
diff --git a/src/chrome/content/rules/Pittsburgh_Massage_and_Wellness.com.xml b/src/chrome/content/rules/Pittsburgh_Massage_and_Wellness.com.xml
deleted file mode 100644
index 7ba5ab03b910..000000000000
--- a/src/chrome/content/rules/Pittsburgh_Massage_and_Wellness.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Pittsburgh Massage and Wellness.com">
-
-	<target host="pittsburghmassageandwellness.com" />
-	<target host="www.pittsburghmassageandwellness.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^\.pittsburghmassageandwellness\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pivotal_Labs.xml b/src/chrome/content/rules/Pivotal_Labs.xml
deleted file mode 100644
index c26c3f218d54..000000000000
--- a/src/chrome/content/rules/Pivotal_Labs.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
-
-	Nonfunctional subdomains:
-
-		- feed		(interrupted)
-
--->
-<ruleset name="Pivotal Labs (partial)">
-
-	<target host="pivotallabs.com" />
-	<target host="*.pivotallabs.com" />
-
-
-	<rule from="^http://(www\.)?pivotallabs\.com/(image|stylesheet)s/"
-		to="https://$1pivotallabs.com/$2s/" />
-
-	<rule from="^http://assets\.pivotallabs\.com/"
-		to="https://s3.amazonaws.com/assets.pivotallabs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Piwigo.com.xml b/src/chrome/content/rules/Piwigo.com.xml
new file mode 100644
index 000000000000..c6ddfb782f1f
--- /dev/null
+++ b/src/chrome/content/rules/Piwigo.com.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Piwigo coverage, see Piwigo.org.xml.
+
+	This host uses a wildcard DNS record.
+	Customers get their own subdomain.
+-->
+<ruleset name="Piwigo.com">
+	<target host="piwigo.com" />
+	<target host="*.piwigo.com" />
+
+	<test url="http://demo.piwigo.com/" />
+	<test url="http://es.piwigo.com/" />
+	<test url="http://fr.piwigo.com/" />
+	<test url="http://www.piwigo.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piwigo.org.xml b/src/chrome/content/rules/Piwigo.org.xml
new file mode 100644
index 000000000000..9acf770ccf4d
--- /dev/null
+++ b/src/chrome/content/rules/Piwigo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Other Piwigo rulesets:
+		- Piwigo.com.xml
+-->
+<ruleset name="Piwigo.org">
+	<target host="piwigo.org" />
+	<target host="www.piwigo.org" />
+	<target host="br.piwigo.org" />
+	<target host="cn.piwigo.org" />
+	<target host="da.piwigo.org" />
+	<target host="de.piwigo.org" />
+	<target host="es.piwigo.org" />
+	<target host="fr.piwigo.org" />
+	<target host="hu.piwigo.org" />
+	<target host="it.piwigo.org" />
+	<target host="nl.piwigo.org" />
+	<target host="pl.piwigo.org" />
+	<target host="ru.piwigo.org" />
+	<target host="tr.piwigo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Piwik.org.xml b/src/chrome/content/rules/Piwik.org.xml
index caa14abb6243..49c93b333460 100644
--- a/src/chrome/content/rules/Piwik.org.xml
+++ b/src/chrome/content/rules/Piwik.org.xml
@@ -35,7 +35,7 @@
 
 	<!--securecookie host="^\.piwik\.org$" name="^(?:_icl_current_language|_pk_cvar\.1\.a819|_pk_id\.1\.a819|_pk_ses\.1\.a819)$" /-->
 
-	<securecookie host="^(?:.+\.)?piwik\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/PixFuture.xml b/src/chrome/content/rules/PixFuture.xml
index f07630ddaa44..46ac0fb91b9e 100644
--- a/src/chrome/content/rules/PixFuture.xml
+++ b/src/chrome/content/rules/PixFuture.xml
@@ -6,7 +6,8 @@
 -->
 <ruleset name="PixFuture (partial)">
 
-	<target host="*.pixfuture.net" />
+	<target host="ax-d.pixfuture.net" />
+	<target host="portal.pixfuture.net" />
 
 
 	<rule from="^http://ax-d\.pixfuture\.net/"
diff --git a/src/chrome/content/rules/Pixelh8.xml b/src/chrome/content/rules/Pixelh8.xml
index 99042ed6064c..b7c09699ce84 100644
--- a/src/chrome/content/rules/Pixelh8.xml
+++ b/src/chrome/content/rules/Pixelh8.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://pixelh8.co.uk/ => https://pixelh8.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'pixelh8.co.uk'")
 Fetch error: http://www.pixelh8.co.uk/ => https://www.pixelh8.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.pixelh8.co.uk'")
 -->
-<ruleset name="Pixelh8" default_off='failed ruleset test'>
+<ruleset name="Pixelh8" default_off="failed ruleset test">
 
 	<target host="pixelh8.co.uk" />
 	<target host="www.pixelh8.co.uk" />
@@ -16,4 +16,4 @@ Fetch error: http://www.pixelh8.co.uk/ => https://www.pixelh8.co.uk/: (51, "SSL:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pixiq.xml b/src/chrome/content/rules/Pixiq.xml
deleted file mode 100644
index 8416a80b5e8d..000000000000
--- a/src/chrome/content/rules/Pixiq.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1xlgqsil28g2u.cloudfront.net
-			- woofie[1-4].pixiq.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
-<ruleset name="Pixiq (partial)">
-
-	<target host="*.pixiq.com" />
-
-
-	<rule from="^http://woofie[1-4]\.pixiq\.com/"
-		to="https://d1xlgqsil28g2u.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pixlr.com.xml b/src/chrome/content/rules/Pixlr.com.xml
new file mode 100644
index 000000000000..b6a5d51b88ee
--- /dev/null
+++ b/src/chrome/content/rules/Pixlr.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="Pixlr (partial)">
+	<target host="pixlr.com" />
+	<target host="blog.pixlr.com" />
+	<target host="cdn.pixlr.com" />
+	<target host="support.pixlr.com" />
+	<target host="www.pixlr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pixlr.xml b/src/chrome/content/rules/Pixlr.xml
deleted file mode 100644
index 4382f81b120e..000000000000
--- a/src/chrome/content/rules/Pixlr.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	Nonfunctional:
-
-		- (www.)imm.io		(times out)
-		- blog.pixlr.com	(ditto)
-
-
-	There's a bucket at s3.amazonaws.com/i.pixlr.com/
-
--->
-<ruleset name="Pixlr (partial)" platform="mixedcontent">
-
-	<target host="i.imm.io" />
-	<target host="pixlr.com" />
-	<target host="*.pixlr.com" />
-
-
-	<securecookie host="^(?:.*\.)?pixlr\.com$" name=".+" />
-
-
-	<rule from="^http://i\.imm\.io/"
-		to="https://s3.amazonaws.com/i.imm.io/" />
-
-	<!--	cdn: CloudFront.	-->
-	<rule from="^http://(?:cdn\.|(www\.))?pixlr\.com/"
-		to="https://$1pixlr.com/" />
-
-	<rule from="^http://blog\.pixlr\.com/favicon\.ico"
-		to="https://www.blogger.com/favicon.ico" />
-
-	<!--	At least some pages redirect back.	-->
-	<rule from="^http://support\.pixlr\.com/(assets/|favicon\.png)"
-		to="https://getsatisfaction.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pixnet.cc.xml b/src/chrome/content/rules/Pixnet.cc.xml
index 401f70fde9e5..274ae8229f07 100644
--- a/src/chrome/content/rules/Pixnet.cc.xml
+++ b/src/chrome/content/rules/Pixnet.cc.xml
@@ -11,7 +11,7 @@
 -->
 <ruleset name="pixnet.cc">
 
-	<target host="*.pixnet.cc" />
+	<target host="panel.pixnet.cc" />
 
 
 	<!--	Not secured by server:
@@ -22,7 +22,6 @@
 	<securecookie host="^\.panel\.pixnet\.cc$" name=".+" />
 
 
-	<rule from="^http://panel\.pixnet\.cc/"
-		to="https://panel.pixnet.cc/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pixnet.net.xml b/src/chrome/content/rules/Pixnet.net.xml
index a02419142065..1616a387bd4d 100644
--- a/src/chrome/content/rules/Pixnet.net.xml
+++ b/src/chrome/content/rules/Pixnet.net.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Pixnet rulesets:
 
-		- 7Headlines.com.xml
 		- Pimg.tw.xml
 		- Pixfs.net.xml
 		- PIXinsight.com.tw.xml
diff --git a/src/chrome/content/rules/Pizza.de.xml b/src/chrome/content/rules/Pizza.de.xml
index f82bc19c2acf..0f541b265d0d 100644
--- a/src/chrome/content/rules/Pizza.de.xml
+++ b/src/chrome/content/rules/Pizza.de.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pizza.fr.xml b/src/chrome/content/rules/Pizza.fr.xml
index d67227ba3cd6..a063e396a322 100644
--- a/src/chrome/content/rules/Pizza.fr.xml
+++ b/src/chrome/content/rules/Pizza.fr.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pizza_Charts.com.xml b/src/chrome/content/rules/Pizza_Charts.com.xml
index 578d8031a5f8..16f67ef2e5f1 100644
--- a/src/chrome/content/rules/Pizza_Charts.com.xml
+++ b/src/chrome/content/rules/Pizza_Charts.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.pizzacharts.com/ => https://www.pizzacharts.com/: (28, '
 		- .pizzacharts.com
 
 -->
-<ruleset name="Pizza Charts.com" default_off='failed ruleset test'>
+<ruleset name="Pizza Charts.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pizzahut.xml b/src/chrome/content/rules/Pizzahut.xml
index 432a786ed386..466733c3bf33 100644
--- a/src/chrome/content/rules/Pizzahut.xml
+++ b/src/chrome/content/rules/Pizzahut.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://delivery.pizzahut.co.uk/ => https://delivery.pizzahut.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'delivery.pizzahut.co.uk'")
 
 -->
-<ruleset name="Pizzahut UK" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Pizzahut UK" platform="mixedcontent" default_off="failed ruleset test">
   <target host="pizzahut.co.uk" />
   <target host="www.pizzahut.co.uk" />
   <target host="delivery.pizzahut.co.uk" />
diff --git a/src/chrome/content/rules/Pkcell.com.xml b/src/chrome/content/rules/Pkcell.com.xml
new file mode 100644
index 000000000000..a26b9dee4107
--- /dev/null
+++ b/src/chrome/content/rules/Pkcell.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pkcell.com">
+	<target host="pkcell.com" />
+	<target host="www.pkcell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pkr.com.xml b/src/chrome/content/rules/Pkr.com.xml
index cc953e6057c3..0f140681c875 100644
--- a/src/chrome/content/rules/Pkr.com.xml
+++ b/src/chrome/content/rules/Pkr.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://pkr.com/ => https://pkr.com/: (28, 'Connection timed out aft
 Fetch error: http://www.pkr.com/ => https://www.pkr.com/: (7, 'Failed to connect to www.pkr.com port 443: Connection refused')
 
 -->
-<ruleset name="Pkr.com" default_off='failed ruleset test'>
+<ruleset name="Pkr.com" default_off="failed ruleset test">
   <target host="pkr.com" />
   <target host="www.pkr.com" />
 
diff --git a/src/chrome/content/rules/Pl.vc.xml b/src/chrome/content/rules/Pl.vc.xml
deleted file mode 100644
index 4f5bfa16934a..000000000000
--- a/src/chrome/content/rules/Pl.vc.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="pl.vc">
-
-	<target host="pl.vc" />
-	<target host="www.pl.vc" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Placehold.it.xml b/src/chrome/content/rules/Placehold.it.xml
deleted file mode 100644
index 2d8822b22266..000000000000
--- a/src/chrome/content/rules/Placehold.it.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .placehold.it
-
--->
-<ruleset name="Placehold.it">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="placehold.it" />
-	<target host="www.placehold.it" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.placehold\.it$" name="^(__cfuid|cf_clearance)$" /-->
-
-	<securecookie host="^\.placehold\.it$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Planet-Source-Code.com.xml b/src/chrome/content/rules/Planet-Source-Code.com.xml
deleted file mode 100644
index 98660dcf7090..000000000000
--- a/src/chrome/content/rules/Planet-Source-Code.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Planet-Source-Code.com">
-
-	<target host="planet-source-code.com" />
-	<target host="www.planet-source-code.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PlanetLab.org.xml b/src/chrome/content/rules/PlanetLab.org.xml
index 071903e4f624..f51e889416fa 100644
--- a/src/chrome/content/rules/PlanetLab.org.xml
+++ b/src/chrome/content/rules/PlanetLab.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://svn.planet-lab.org/ => https://svn.planet-lab.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="PlanetLab (partial)" default_off='failed ruleset test'>
+<ruleset name="PlanetLab (partial)" default_off="failed ruleset test">
 
 	<target host="planet-lab.org" />
 	<target host="svn.planet-lab.org" />
diff --git a/src/chrome/content/rules/PlanetRomeo.xml b/src/chrome/content/rules/PlanetRomeo.xml
deleted file mode 100644
index aa48fea14b61..000000000000
--- a/src/chrome/content/rules/PlanetRomeo.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="PlanetRomeo">
-  <target host="www.planetromeo.com" />
-  <target host="planetromeo.com" />
-  <target host="www.gayromeo.com" />
-  <target host="gayromeo.com" />
-
-  <rule from="^http://(?:www\.)?(?:gay|planet)romeo\.com/" to="https://www.planetromeo.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Planet_Emu.net.xml b/src/chrome/content/rules/Planet_Emu.net.xml
index e30de2ecac85..53de27588c52 100644
--- a/src/chrome/content/rules/Planet_Emu.net.xml
+++ b/src/chrome/content/rules/Planet_Emu.net.xml
@@ -9,7 +9,8 @@
 <ruleset name="Planet Emu.net" default_off="expired, mismatched, self-signed">
 
 	<target host="planetemu.net" />
-	<target host="*.planetemu.net" />
+	<target host="www.planetemu.net" />
+	<target host="forums.planetemu.net" />
 
 
 	<!--	Not secured by server:
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?planetemu\.net/"
 		to="https://www.planetemu.net/" />
 
-	<rule from="^http://forums\.planetemu\.net/"
-		to="https://forums.planetemu.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml b/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml
index 26850d887e21..8ccb5e6d9ce0 100644
--- a/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml
+++ b/src/chrome/content/rules/Planet_Minecraft.com-problematic.xml
@@ -4,7 +4,8 @@
 -->
 <ruleset name="Planet Minecraft.com (mismatched)" default_off="mismatched">
 
-	<target host="*.planetminecraft.com" />
+	<target host="cdn.planetminecraft.com" />
+	<target host="cdn2.planetminecraft.com" />
 
 
 	<rule from="^http://cdn2?\.planetminecraft\.com/"
diff --git a/src/chrome/content/rules/PlantCommunity.de.xml b/src/chrome/content/rules/PlantCommunity.de.xml
index 3dfbcb273a0e..f3d05ed4ec16 100644
--- a/src/chrome/content/rules/PlantCommunity.de.xml
+++ b/src/chrome/content/rules/PlantCommunity.de.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.plantcommunity.de/ => https://www.plantcommunity.de/: (5
 	* Secured by us
 
 -->
-<ruleset name="PlantCommunity.de" default_off='failed ruleset test'>
+<ruleset name="PlantCommunity.de" default_off="failed ruleset test">
 
 	<target host="plantcommunity.de" />
 	<target host="www.plantcommunity.de" />
diff --git a/src/chrome/content/rules/PlantOGram.com.xml b/src/chrome/content/rules/PlantOGram.com.xml
new file mode 100644
index 000000000000..f5593ced285e
--- /dev/null
+++ b/src/chrome/content/rules/PlantOGram.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="PlantOGram.com">
+	<target host="plantogram.com" />
+	<target host="www.plantogram.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PlantSolution.de.xml b/src/chrome/content/rules/PlantSolution.de.xml
deleted file mode 100644
index c47505be2326..000000000000
--- a/src/chrome/content/rules/PlantSolution.de.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see PlantSolution.de-falsemixed.xml.
-
-
-	(www.)?plantcommunity.de: Plaintext reply
-	ecustomer.plantcommunity.de: Plaintext reply
-
--->
-<ruleset name="PlantSolution.de (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="ecustomer.plantsolution.de" />
-
-
-	<rule from="^http://ecustomer\.plantsolution\.de/.*"
-		to="https://plantsolution.od1.vtiger.com/portal" />
-
-		<test url="http://ecustomer.plantsolution.de/index.php" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Plastic-Bin.com.xml b/src/chrome/content/rules/Plastic-Bin.com.xml
deleted file mode 100644
index 200f467a2cc6..000000000000
--- a/src/chrome/content/rules/Plastic-Bin.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Plastic-Bin.com">
-
-	<target host="plastic-bin.com" />
-	<target host="www.plastic-bin.com" />
-	<target host="secure.plastic-bin.com" />
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Plati.ru.xml b/src/chrome/content/rules/Plati.ru.xml
index 24ed9b7ba346..09311a16500f 100644
--- a/src/chrome/content/rules/Plati.ru.xml
+++ b/src/chrome/content/rules/Plati.ru.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?(?:exaccess|plati)\.ru/"
 		to="https://www.plati.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PlayStation.net.xml b/src/chrome/content/rules/PlayStation.net.xml
index 270390626480..de743bf0e854 100644
--- a/src/chrome/content/rules/PlayStation.net.xml
+++ b/src/chrome/content/rules/PlayStation.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://en-support.psm.playstation.net/ => https://en-support.psm.pl
 	For other Sony coverage, see Sony.xml.
 
 -->
-<ruleset name="PlayStation.net" default_off='failed ruleset test'>
+<ruleset name="PlayStation.net" default_off="failed ruleset test">
 
 	<target host="static-resource.np.community.playstation.net" />
 	<target host="en-support.psm.playstation.net" />
diff --git a/src/chrome/content/rules/PlayStation.xml b/src/chrome/content/rules/PlayStation.xml
index 942a16580f0d..d13721ab0e61 100644
--- a/src/chrome/content/rules/PlayStation.xml
+++ b/src/chrome/content/rules/PlayStation.xml
@@ -1,10 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://us.playstation.com/support/ => https://support.us.playstation.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Non-2xx HTTP code: http://secure.us.playstation.com/ (200) => https://secure.us.playstation.com/ (503)
-Fetch error: http://support.us.playstation.com/ => https://support.us.playstation.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
 	For other Sony coverage, see Sony.xml.
 
 
@@ -21,7 +15,9 @@ Fetch error: http://support.us.playstation.com/ => https://support.us.playstatio
 	Nonfunctional hosts in *playstation.com:
 
 		- blog.eu ᵈ
+		- community.us (refused)
 		- mypsn.eu ᵈ
+		- on.us (timeout)
 		- fp.profiles.us ᵈ
 
 	ᵈ Dropped
@@ -29,10 +25,9 @@ Fetch error: http://support.us.playstation.com/ => https://support.us.playstatio
 
 	Problematic hosts in *playstation.com:
 
+		- ^ (mismatched)
 		- metrics.aem ᵐ
-		- static.blog ᴬ
 		- uk ᵐ
-		- us ᴬ
 		- cdn.us ³
 		- service1.us ᵉ
 		- www.us ᵐ
@@ -75,12 +70,14 @@ Fetch error: http://support.us.playstation.com/ => https://support.us.playstatio
 	* Secured by us
 
 -->
-<ruleset name="PlayStation.com (partial)" default_off='failed ruleset test'>
+<ruleset name="PlayStation.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="playstation.com" />
 	<target host="smetrics.aem.playstation.com" />
+	<target host="asia.playstation.com" />
+	<target host="static.blog.playstation.com" />
 	<target host="docs.playstation.com" />
 
 	<target host="secure.eu.playstation.com" />
@@ -88,15 +85,15 @@ Fetch error: http://support.us.playstation.com/ => https://support.us.playstatio
 	<target host="hardware.support.eu.playstation.com" />
 
 	<target host="io.playstation.com" />
+	<target host="www.jp.playstation.com" />
 	<target host="media.playstation.com" />
 	<target host="psmedia.playstation.com" />
 	<target host="status.playstation.com" />
 	<target host="store.playstation.com" />
 
+	<target host="us.playstation.com" />
 	<target host="blog.us.playstation.com" />
 	<target host="secure.cdn.us.playstation.com" />
-	<target host="community.us.playstation.com" />
-	<target host="on.us.playstation.com" />
 	<target host="secure.us.playstation.com" />
 	<!--target host="service1.us.playstation.com" /-->
 	<target host="support.us.playstation.com" />
@@ -106,72 +103,16 @@ Fetch error: http://support.us.playstation.com/ => https://support.us.playstatio
 	<!--	Complications:
 				-->
 	<target host="metrics.aem.playstation.com" />
-	<target host="static.blog.playstation.com" />
-	<target host="us.playstation.com" />
 	<target host="cdn.us.playstation.com" />
-	<target host="www.us.playstation.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://blog\.us\.playstation\.com/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://blog\.us\.playstation\.com/(?!/*wp-content/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://blog.us.playstation.com/comment_policy/" />
-			<test url="http://blog.us.playstation.com/tag/call-of-duty/feed/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://blog.us.playstation.com/wp-content/plugins/wp-postratings/images/custom/rating_off.png" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?playstation\.com$" name="^AWSELB$" /-->
-	<!--securecookie host="^\.playstation\.com$" name="^(?:APPLICATION_SITE_URL|ps_auth|ps_profile_US|s_vi)$" /-->
-	<!--securecookie host="^\.aem\.playstation\.com$" name="^s_vi$" /-->
-	<!--securecookie host="^io\.playstation\.com$" name="^(?:JSESSIONID|SONYCOOKIE)$" /-->
-	<!--securecookie host="^support\.us\.playstation\.com$" name="^Lithium(?:UserInfo|UserSecure|Visitor)$" /-->
-	<!--securecookie host="^(www\.)support\.playstation\.com$" name="^(JSESSIONID|TS[0-9a-f]{8})$" /-->
-
-	<!--securecookie host="." name="." /-->
-	<securecookie host="^\." name="^s_v" />
-	<securecookie host="^(?!blog\.us\.)\w" name=".+" />
-
+	<rule from="^http://playstation\.com/"
+		to="https://www.playstation.com/" />
 
 	<rule from="^http://metrics\.aem\.playstation\.com/"
 		to="https://smetrics.aem.playstation.com/" />
 
-	<rule from="^http://static\.blog\.playstation\.com/"
-		to="https://blog.us.playstation.com/" />
-
-	<rule from="^http://(?:www\.)?us\.playstation\.com/$"
-		to="https://www.playstation.com/en-us/home/" />
-
-	<rule from="^http://(?:www\.)?us\.playstation\.com/support/?"
-		to="https://support.us.playstation.com/" />
-
-		<exclusion pattern="^http://(?:www\.)?us\.playstation\.com/(?!$|support/?(\?.*)?$)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://us.playstation.com/PS3/Network/Status" />
-			<test url="http://us.playstation.com/chat" />
-			<test url="http://us.playstation.com/community/myfriends/" />
-			<test url="http://us.playstation.com/digitalupgrade/" />
-			<test url="http://us.playstation.com/registration/" />
-			<test url="http://us.playstation.com/search/" />
-			<test url="http://us.playstation.com/tunein-radio/" />
-			<test url="http://us.playstation.com/vidzone/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://us.playstation.com/support/" />
-
 	<rule from="^http://cdn\.us\.playstation\.com/"
 		to="https://secure.cdn.us.playstation.com/" />
 
diff --git a/src/chrome/content/rules/Playboy_Store.com.xml b/src/chrome/content/rules/Playboy_Store.com.xml
index 42cfeba0bb39..2e7100bbb5d1 100644
--- a/src/chrome/content/rules/Playboy_Store.com.xml
+++ b/src/chrome/content/rules/Playboy_Store.com.xml
@@ -10,7 +10,7 @@
 		- .www.playboystore.com
 
 -->
-<ruleset name="Playboy Store.com" default_off="missing certificate chain">
+<ruleset name="Playboy Store.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PlayerAuctions.com.xml b/src/chrome/content/rules/PlayerAuctions.com.xml
index 79cda96596f0..93fd909aee81 100644
--- a/src/chrome/content/rules/PlayerAuctions.com.xml
+++ b/src/chrome/content/rules/PlayerAuctions.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://kimage.playerauctions.com/ => https://kimage.playerauctions.
 
 		- (s)cdn01		(works; mismatched, CN: edgecastcdn.net)
 -->
-<ruleset name="PlayerAuctions.com" default_off='failed ruleset test'>
+<ruleset name="PlayerAuctions.com" default_off="failed ruleset test">
 
 	<target host="playerauctions.com" />
 	<target host="www.playerauctions.com" />
diff --git a/src/chrome/content/rules/Playfire.com.xml b/src/chrome/content/rules/Playfire.com.xml
index 0ebdc985c7c4..e6c3bcd44a3f 100644
--- a/src/chrome/content/rules/Playfire.com.xml
+++ b/src/chrome/content/rules/Playfire.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://forums.playfire.com/ => https://www.forums.playfire.com/: (6, 'Could not resolve host: www.forums.playfire.com')
 Fetch error: http://www.forums.playfire.com/ => https://www.forums.playfire.com/: (6, 'Could not resolve host: www.forums.playfire.com')
 -->
-<ruleset name="Playfire (partial)" default_off='failed ruleset test'>
+<ruleset name="Playfire (partial)" default_off="failed ruleset test">
   <target host="forums.playfire.com" />
   <target host="playfire.com" />
   <target host="www.forums.playfire.com" />
diff --git a/src/chrome/content/rules/Playgrub.com.xml b/src/chrome/content/rules/Playgrub.com.xml
deleted file mode 100644
index ec92cf50a495..000000000000
--- a/src/chrome/content/rules/Playgrub.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	(www.)?playgrub.com: Redirects to git.playgrub.com
-
--->
-<ruleset name="playgrub.com (partial)">
-
-	<target host="git.playgrub.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Playwire.xml b/src/chrome/content/rules/Playwire.xml
index b005e9c6ce1f..7acbdd98773d 100644
--- a/src/chrome/content/rules/Playwire.xml
+++ b/src/chrome/content/rules/Playwire.xml
@@ -32,7 +32,7 @@ Fetch error: http://support.playwire.com/ => https://www.playwiresupport.com/: (
 	* Mismatched
 
 -->
-<ruleset name="Playwire.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Playwire.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Please_Ignore.com.xml b/src/chrome/content/rules/Please_Ignore.com.xml
index 49031570205e..099e2a0a234c 100644
--- a/src/chrome/content/rules/Please_Ignore.com.xml
+++ b/src/chrome/content/rules/Please_Ignore.com.xml
@@ -1,7 +1,10 @@
 <ruleset name="Please Ignore.com">
 
 	<target host="pleaseignore.com" />
-	<target host="*.pleaseignore.com" />
+	<target host="auth.pleaseignore.com" />
+	<target host="wiki.pleaseignore.com" />
+	<target host="www.pleaseignore.com" />
+	<target host="zkb.pleaseignore.com" />
 
 
 	<!--	Secured by server:
@@ -17,7 +20,6 @@
 	<securecookie host="^\w*\.pleaseignore\.com$" name=".+" />
 
 
-	<rule from="^http://((?:auth|wiki|www|zkb)\.)?pleaseignore\.com/"
-		to="https://$1pleaseignore.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pleasuredome.xml b/src/chrome/content/rules/Pleasuredome.xml
old mode 100755
new mode 100644
diff --git a/src/chrome/content/rules/Plenti.com.xml b/src/chrome/content/rules/Plenti.com.xml
deleted file mode 100644
index c4a7e6f023b6..000000000000
--- a/src/chrome/content/rules/Plenti.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Plenti.com">
-	<target host="plenti.com" />
-	<target host="www.plenti.com" />
-	<target host="marketplace.plenti.com" />
-	<target host="localdining.plenti.com" />
-	<target host="cdn2.plenti.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Plex.tv.xml b/src/chrome/content/rules/Plex.tv.xml
index c45b182fc294..1a0b148d1e2d 100644
--- a/src/chrome/content/rules/Plex.tv.xml
+++ b/src/chrome/content/rules/Plex.tv.xml
@@ -9,7 +9,7 @@ Fetch error: http://md03.plex.tv/ => https://md03.plex.tv/: (6, 'Could not resol
 
 		- Plexapp.com.xml
 -->
-<ruleset name="Plex.tv" default_off='failed ruleset test'>
+<ruleset name="Plex.tv" default_off="failed ruleset test">
 
 	<target host="plex.tv" />
 	<target host="blog.plex.tv" />
diff --git a/src/chrome/content/rules/Pliktverket.se.xml b/src/chrome/content/rules/Pliktverket.se.xml
index 7ccf9d88fe3b..e551b1b15134 100644
--- a/src/chrome/content/rules/Pliktverket.se.xml
+++ b/src/chrome/content/rules/Pliktverket.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://pliktverket.se/ => https://pliktverket.se/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.pliktverket.se/ => https://www.pliktverket.se/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Pliktverket.se" default_off='failed ruleset test'>
+<ruleset name="Pliktverket.se" default_off="failed ruleset test">
 	<target host="pliktverket.se" />
 	<target host="www.pliktverket.se" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Plimus.com.xml b/src/chrome/content/rules/Plimus.com.xml
deleted file mode 100644
index 9b55c1ada2aa..000000000000
--- a/src/chrome/content/rules/Plimus.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other BlueSnap coverage, see BlueSnap.com.xml.
-
-
-	Cert only matches *.plimus.com.
-
--->
-<ruleset name="Plimus.com">
-
-	<target host="plimus.com" />
-	<target host="*.plimus.com" />
-
-
-	<securecookie host="^(?:www)?\.plimus\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?plimus\.com/"
-		to="https://www.plimus.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Plone.org.xml b/src/chrome/content/rules/Plone.org.xml
index a3648e795d8b..1ca6b6d78c97 100644
--- a/src/chrome/content/rules/Plone.org.xml
+++ b/src/chrome/content/rules/Plone.org.xml
@@ -26,7 +26,9 @@
 <ruleset name="Plone.org (partial)">
 
 	<target host="plone.org" />
-	<target host="*.plone.org" />
+	<target host="dev.plone.org" />
+	<target host="svn.plone.org" />
+	<target host="www.plone.org" />
 
 
 	<!--	Not secured by server:
@@ -36,7 +38,6 @@
 	<securecookie host="^(?:dev\.|\.)?plone\.org$" name=".+" />
 
 
-	<rule from="^http://((?:dev|staging|svn|www)\.)?plone\.org/"
-		to="https://$1plone.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Plug.dj.xml b/src/chrome/content/rules/Plug.dj.xml
index a3dcb9c158da..fa52aa463b2b 100644
--- a/src/chrome/content/rules/Plug.dj.xml
+++ b/src/chrome/content/rules/Plug.dj.xml
@@ -17,7 +17,7 @@ Fetch error: http://tech.plug.dj/ => https://tech.plug.dj/: (51, "SSL: no altern
 	* Unsecureable <= refused
 
 -->
-<ruleset name="plug.dj (partial)" default_off='failed ruleset test'>
+<ruleset name="plug.dj (partial)" default_off="failed ruleset test">
 
 	<target host="plug.dj" />
 	<target host="www.plug.dj" />
diff --git a/src/chrome/content/rules/Plus.xml b/src/chrome/content/rules/Plus.xml
index b040e6cb1d84..4e1ad29ac3a0 100644
--- a/src/chrome/content/rules/Plus.xml
+++ b/src/chrome/content/rules/Plus.xml
@@ -34,7 +34,11 @@ Fetch error: http://plus.net/ => https://www.plus.net/: Redirect for 'http://www
 <ruleset name="Plus.net">
 
 	<target host="plus.net" />
-	<target host="*.plus.net" />
+	<target host="www.plus.net" />
+	<target host="portal.plus.net" />
+	<target host="webmail.plus.net" />
+	<target host="community.plus.net" />
+	<target host="webstats.plus.net" />
 
 
 	<securecookie host="^(?:.+\.)?plus\.net$" name=".+" />
@@ -46,7 +50,6 @@ Fetch error: http://plus.net/ => https://www.plus.net/: Redirect for 'http://www
 	<rule from="^http://(?:www\.)?plus\.net/"
 		to="https://www.plus.net/" />
 
-	<rule from="^http://(portal|webmail|community|webstats)\.plus\.net/"
-		to="https://$1.plus.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Plusgirot.se.xml b/src/chrome/content/rules/Plusgirot.se.xml
index 3398abb1ef1c..3c23c875266b 100644
--- a/src/chrome/content/rules/Plusgirot.se.xml
+++ b/src/chrome/content/rules/Plusgirot.se.xml
@@ -5,7 +5,7 @@ Fetch error: http://plusgirot.se/ => https://www.plusgirot.se/: (35, 'error:1407
 Fetch error: http://www.plusgirot.se/ => https://www.plusgirot.se/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
 
 -->
-<ruleset name="Plusgirot.se" default_off='failed ruleset test'>
+<ruleset name="Plusgirot.se" default_off="failed ruleset test">
 	<target host="plusgirot.se" />
 	<target host="www.plusgirot.se" />
 	<rule from="^http://www\.plusgirot\.se/" to="https://www.plusgirot.se/"/>
diff --git a/src/chrome/content/rules/Plymouth-University.xml b/src/chrome/content/rules/Plymouth-University.xml
deleted file mode 100644
index 87f30a279e88..000000000000
--- a/src/chrome/content/rules/Plymouth-University.xml
+++ /dev/null
@@ -1,155 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://erdt.plymouth.ac.uk/ => https://erdt.plymouth.ac.uk/: (35, 'Unknown SSL protocol error in connection to erdt.plymouth.ac.uk:443 ')
-Fetch error: http://open.plymouth.ac.uk/ => https://open.plymouth.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://psylin.plymouth.ac.uk/ => https://psylin.plymouth.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.tech.plymouth.ac.uk/ => https://www.tech.plymouth.ac.uk/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://wrb.uopnet.plymouth.ac.uk/ => https://wrb.uopnet.plymouth.ac.uk/: (6, 'Could not resolve host: wrb.uopnet.plymouth.ac.uk')
-Fetch error: http://wrb.plymouth.ac.uk/ => https://wrb.plymouth.ac.uk/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://cognition.plymouth.ac.uk/ => https://psylin.plymouth.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://psychology.plymouth.ac.uk/ => https://psylin.plymouth.ac.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Plymouth University
-
-
-	Nonfunctional hosts in *plymouth.ac.uk:
-
-		- autism ¹
-		- blogs	 ¹
-		- www.cimt ²
-		- colamn ¹
-		- collections ³
-		- www.geog ⁴
-		- ilsselfhelp ¹
-		- lists.lib ⁵
-		- lynda	 ¹
-		- www.pbs ⁴
-		- www.perc ²
-		- perception ³
-		- www.politics ²
-		- primo ⁶
-		- research.psmd ²
-		- repository ⁴
-		- www.research ²
-
-		- cmr.soc ¹
-		- mdixon.soc ⁴
-		- neuromusic.soc ¹
-
-		- www.ssb ⁴
-		- tisselfhelp ¹
-		- tvarts ¹
-		- fostsvn.uopnet ⁷
-		- wts.uopnet ¹
-		- ils679.uopnet ¹
-		- www2 ²
-
-	¹ Refused
-	² Handshake fails
-	³ Shows another domain
-	⁴ Dropped
-	⁵ 404
-	⁶ 403
-	⁷ 401
-
-
-	Problematic hosts in *plymouth.ac.uk:
-
-		- cognition ¹
-		- home ¹ ²
-		- wrasse ²
-		- www6 ¹
-
-	¹ Mismatched
-	² Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these domains:
-
-		- .plymouth.ac.uk
-
-
-	Mixed content:
-
-		- Images on upmedia from $self *
-		- Bug on collaborate from simplehitcounter.com
-
-	* Secured by us
-
--->
-<ruleset name="Plymouth.ac.uk (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="plymouth.ac.uk" />
-	<target host="agresso.plymouth.ac.uk" />
-	<target host="agresso2.plymouth.ac.uk" />
-	<target host="arc.plymouth.ac.uk" />
-	<target host="assessment.plymouth.ac.uk" />
-	<target host="collaborate.plymouth.ac.uk" />
-	<target host="documents.plymouth.ac.uk" />
-	<target host="elements.plymouth.ac.uk" />
-	<target host="e-portfolio.plymouth.ac.uk" />
-	<target host="eportfolio.plymouth.ac.uk" />
-	<target host="erdt.plymouth.ac.uk" />
-	<target host="eservices.plymouth.ac.uk" />
-	<target host="exchange.plymouth.ac.uk" />
-	<target host="www.fose1.plymouth.ac.uk" />
-	<target host="www.fotpms.plymouth.ac.uk" />
-	<target host="hrservices.plymouth.ac.uk" />
-	<target host="ict-webtools.plymouth.ac.uk" />
-	<target host="intranet.plymouth.ac.uk" />
-	<target host="itselfservice.plymouth.ac.uk" />
-	<target host="studyrooms.lib.plymouth.ac.uk" />
-	<target host="open.plymouth.ac.uk" />
-	<target host="pearl.plymouth.ac.uk" />
-	<target host="adb.psmd.plymouth.ac.uk" />
-	<target host="penctu.psmd.plymouth.ac.uk" />
-	<target host="www.psy.plymouth.ac.uk" />
-	<target host="psylin.plymouth.ac.uk" />
-	<target host="resourcestore.plymouth.ac.uk" />
-	<target host="s3.plymouth.ac.uk" />
-	<target host="student.plymouth.ac.uk" />
-	<target host="www.tech.plymouth.ac.uk" />
-	<target host="wrb.uopnet.plymouth.ac.uk" />
-	<target host="upmedia.plymouth.ac.uk" />
-	<!--target host="wrasse.plymouth.ac.uk" /-->
-	<target host="wrb.plymouth.ac.uk" />
-	<target host="www.plymouth.ac.uk" />
-	<target host="www1.plymouth.ac.uk" />
-	<target host="www4.plymouth.ac.uk" />
-	<target host="www5.plymouth.ac.uk" />
-	<target host="xerte.plymouth.ac.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="cognition.plymouth.ac.uk" />
-	<target host="psychology.plymouth.ac.uk" />
-
-		<!--	Mixed bug:
-					-->
-		<test url="http://collaborate.plymouth.ac.uk/sites/cerg/Pages/COAST.aspx" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.plymouth\.ac\.uk$" name="^SSOUOPISA$" /-->
-
-	<securecookie host="^\.plymouth\.ac\.uk$" name="^SSOUOPISA$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://cognition\.plymouth\.ac\.uk/"
-		to="https://psylin.plymouth.ac.uk/" />
-
-	<!--	s? for protocol-relative embeds
-		and links from psylin:
-					-->
-	<rule from="^https?://psychology\.plymouth\.ac\.uk/"
-		to="https://psylin.plymouth.ac.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Po.st.xml b/src/chrome/content/rules/Po.st.xml
deleted file mode 100644
index 82bbc08d4759..000000000000
--- a/src/chrome/content/rules/Po.st.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-	For other RadiumOne coverage, see RadiumOne.xml.
-
-
-	Nonfunctional hosts in *po.st:
-
-		- support *
-
-	* Zendesk
-
-
-	Problematic hosts in po.st:
-
-		- i *
-
-	* Dropped
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .po.st
-		- www.po.st
-
--->
-<ruleset name="Po.st (partial)">
-
-	<target host="po.st" />
-		<!-- Redirect to a broken host (natl.io / mismatched):
-			See https://github.com/EFForg/https-everywhere/issues/14845
-		-->
-		<exclusion pattern="^http://po\.st/scms/OrMCe04Lcp0lOFmbgkBeVPTzxpwaCzOdkPvG-UELcp0/" />
-			<test url="http://po.st/scms/OrMCe04Lcp0lOFmbgkBeVPTzxpwaCzOdkPvG-UELcp0/PGsegH" />
-			<test url="http://po.st/scms/OrMCe04Lcp0lOFmbgkBeVPTzxpwaCzOdkPvG-UELcp0/JEL5L4" />
-	<target host="blog.po.st" />
-	<target host="p.po.st" />
-	<target host="s.po.st" />
-	<target host="www.po.st" />
-
-	<!--	Complications:
-				-->
-	<target host="i.po.st" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--ssecurecookie host="^\.po\.st$" name="^post_uuid$" /-->
-	<!--ssecurecookie host="^www\.po\.st$" name="^(PHPSESSID|stat_auth_cookie)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://i\.po\.st/"
-		to="https://s.po.st/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/Poal.me.xml b/src/chrome/content/rules/Poal.me.xml
new file mode 100644
index 000000000000..c09b82df572a
--- /dev/null
+++ b/src/chrome/content/rules/Poal.me.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.poal.me:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Poal.me">
+	<target host="poal.me" />
+	<target host="www.poal.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pobox.xml b/src/chrome/content/rules/Pobox.xml
index 930c08a1e1eb..cf2d68875680 100644
--- a/src/chrome/content/rules/Pobox.xml
+++ b/src/chrome/content/rules/Pobox.xml
@@ -1,19 +1,24 @@
 <!--
-	Nonfunctional subdomains:
+	For other Fastmail coverage, see Fastmail.xml
 
-		- blog	(reset)
+	Nonfunctional subdomains:
 
+		- helpspot.pobox.com  		certificate for *.helpspot.com
+		- spf.pobox.com			certificate for www.pobox.com
 -->
+
 <ruleset name="Pobox">
 
 	<target host="pobox.com" />
-	<target host="webmail.pobox.com" />
 	<target host="www.pobox.com" />
 
+	<target host="blog.pobox.com" />
+	<target host="support.pobox.com" />
+	<target host="sysadmins.pobox.com" />
+	<target host="webmail.pobox.com" />
 
 	<securecookie host="^\.pobox\.com$" name=".+" />
 
-
 	<rule from="^http:" to="https:" />
-
+	
 </ruleset>
diff --git a/src/chrome/content/rules/PocketMatrix.com.xml b/src/chrome/content/rules/PocketMatrix.com.xml
index 98f2032047a2..98f5e5ea1cae 100644
--- a/src/chrome/content/rules/PocketMatrix.com.xml
+++ b/src/chrome/content/rules/PocketMatrix.com.xml
@@ -1,28 +1,15 @@
 <!--
-	www: cert only matches www.pocketmatrix.com
-
-
-	Mixed content:
-
-		- Bug from www.gapidraw.com *
-
-	* Unsecurable <= refused
+	Invalid certificate:
+		ipv4.pocketmatrix.com
+		mail.pocketmatrix.com
 
+	Unreachable:
+		ipv6.pocketmatrix.com
 -->
-<ruleset name="PocketMatrix.com" default_off="expired, self-signed">
-
+<ruleset name="pocketmatrix.com">
 	<target host="pocketmatrix.com" />
-	<target host="*.pocketmatrix.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.pocketmatrix\.com$" name="^phpbb3_pmcom_(k|sid|u)$" /-->
-
-	<securecookie host="^\.pocketmatrix\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?pocketmatrix\.com/"
-		to="https://pocketmatrix.com/" />
+	<target host="www.pocketmatrix.com" />
 
+	<rule from="^http://www\.pocketmatrix\.com/" to="https://pocketmatrix.com/" /> <!-- SSL: no alternative certificate subject name matches target host name 'www.pocketmatrix.com -->
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pocketgamer.biz.xml b/src/chrome/content/rules/Pocketgamer.biz.xml
index f8b7cbbe3875..a9756e2b4afb 100644
--- a/src/chrome/content/rules/Pocketgamer.biz.xml
+++ b/src/chrome/content/rules/Pocketgamer.biz.xml
@@ -1,9 +1,9 @@
 <!--
 	Nonfunctional hosts in *.pocketgamer.biz:
-	
+
 	HTTPS Connection refused:
 	    www2.pocketgamer.biz
-	
+
 	Too many redirects to HTTPS:
 	    pocketgamer.biz
 	    www.pocketgamer.biz
diff --git a/src/chrome/content/rules/Pocketgamer.co.uk.xml b/src/chrome/content/rules/Pocketgamer.co.uk.xml
deleted file mode 100644
index e85263813604..000000000000
--- a/src/chrome/content/rules/Pocketgamer.co.uk.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-
-	Redirect to www.pocketgamer.co.uk and https connection refused:
-
-		- smpgac9.pocketgamer.co.uk
-		- w.pocketgamer.co.uk
-		- www2.pocketgamer.co.uk
-
--->
-<ruleset name="Pocketgamer" platform="mixedcontent">
-	
-	<target host="pocketgamer.co.uk" />
-	<target host="www.pocketgamer.co.uk" />
-	<target host="hubs.pocketgamer.co.uk" />
-	<target host="images.pocketgamer.co.uk" />
-
-	<securecookie host="^hubs\.pocketgamer\.co\.uk$" name=".+" />
-	
-	<rule from="^http:" to="https:" />
-	
-</ruleset>
diff --git a/src/chrome/content/rules/PoderPDA.xml b/src/chrome/content/rules/PoderPDA.xml
index 63c1575566d9..b5b6856236e6 100644
--- a/src/chrome/content/rules/PoderPDA.xml
+++ b/src/chrome/content/rules/PoderPDA.xml
@@ -5,7 +5,7 @@ Fetch error: http://poderpda.com/ => https://poderpda.com/: Too many redirects w
 Fetch error: http://www.poderpda.com/ => https://www.poderpda.com/: Too many redirects while fetching 'https://www.poderpda.com/'
 
 -->
-<ruleset name="PoderPDA" default_off='failed ruleset test'>
+<ruleset name="PoderPDA" default_off="failed ruleset test">
 
 	<target host="poderpda.com" />
 	<target host="accesorios.poderpda.com" />
@@ -17,4 +17,4 @@ Fetch error: http://www.poderpda.com/ => https://www.poderpda.com/: Too many red
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Podhurl.com.xml b/src/chrome/content/rules/Podhurl.com.xml
new file mode 100644
index 000000000000..13184fa32433
--- /dev/null
+++ b/src/chrome/content/rules/Podhurl.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Podhurl.com">
+	<target host="podhurl.com" />
+	<target host="www.podhurl.com" />
+	<target host="cdn.podhurl.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Podseed.org.xml b/src/chrome/content/rules/Podseed.org.xml
index 18f0244f1db1..a4ea83a87e67 100644
--- a/src/chrome/content/rules/Podseed.org.xml
+++ b/src/chrome/content/rules/Podseed.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.podseed.org/ => https://www.podseed.org/: (60, 'SSL cert
 Fetch error: http://cache.podseed.org/ => https://cache.podseed.org/: (7, 'Failed to connect to cache.podseed.org port 443: No route to host')
 
 -->
-<ruleset name="Podseed.org" default_off='failed ruleset test'>
+<ruleset name="Podseed.org" default_off="failed ruleset test">
 	<target host="podseed.org" />
 	<target host="www.podseed.org" />
 	<target host="master.podseed.org" />
diff --git a/src/chrome/content/rules/Poesie-Francaise.fr.xml b/src/chrome/content/rules/Poesie-Francaise.fr.xml
new file mode 100644
index 000000000000..112fea8a5aa2
--- /dev/null
+++ b/src/chrome/content/rules/Poesie-Francaise.fr.xml
@@ -0,0 +1,8 @@
+<ruleset name="Poésie-Française.fr">
+	<target host="poesie-francaise.fr" />
+	<target host="www.poesie-francaise.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pogo.xml b/src/chrome/content/rules/Pogo.xml
index 2f0ab41d8818..8c10e64fb84e 100644
--- a/src/chrome/content/rules/Pogo.xml
+++ b/src/chrome/content/rules/Pogo.xml
@@ -1,13 +1,15 @@
 <ruleset name="Pogo" platform="mixedcontent">
   <target host="pogo.com" />
-  <target host="*.pogo.com" />
+  <target host="www.pogo.com" />
+  <target host="help.pogo.com" />
+  <target host="cdn.pogo.com" />
 
   <exclusion pattern="http://www.pogo.com/avatar/edit.do" />
 
   <rule from="^http://(?:www\.)?pogo\.com/" to="https://www.pogo.com/"/>
-  <rule from="^http://help\.pogo\.com/" to="https://help.pogo.com/"/>
 
 	<rule from="^http://cdn\.pogo\.com/"
 		to="https://www.pogo.com/"/>
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pogoplug.com.xml b/src/chrome/content/rules/Pogoplug.com.xml
deleted file mode 100644
index d749148b7600..000000000000
--- a/src/chrome/content/rules/Pogoplug.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog		(refused)
-		- support	(zendesk)
-
--->
-<ruleset name="Pogoplug.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pogoplug.com" />
-	<target host="www.pogoplug.com" />
-
-	<!--	Complications:
-				-->
-	<target host="support.pogoplug.com" />
-
-		<exclusion pattern="^http://support\.pogoplug\.com/(?!favicon\.ico|images/|static/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://support.pogoplug.com/access/unauthenticated" />
-			<test url="http://support.pogoplug.com/entries/21414333-How-do-I-uninstall-and-reinstall-Pogoplug-Backup-on-a-Mac-" />
-			<test url="http://support.pogoplug.com/home" />
-
-			<!--	-ve:
-					-->
-			<test url="http://support.pogoplug.com/favicon.ico" />
-
-
-	<rule from="^http://support\.pogoplug\.com/"
-		to="https://pogoplug.zendesk.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Point.im.xml b/src/chrome/content/rules/Point.im.xml
index 635a3f562e03..f9d8baba4c09 100644
--- a/src/chrome/content/rules/Point.im.xml
+++ b/src/chrome/content/rules/Point.im.xml
@@ -6,7 +6,7 @@
 	<test url="http://arts.point.im/" />
 	<test url="http://welcome.point.im/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pointroll.xml b/src/chrome/content/rules/Pointroll.xml
index 55c64f6201b3..5c6611fe46a2 100644
--- a/src/chrome/content/rules/Pointroll.xml
+++ b/src/chrome/content/rules/Pointroll.xml
@@ -12,10 +12,16 @@ Fetch error: http://pointroll.com/ => https://pointroll.com/: (7, 'Failed to con
 		- t
 
 -->
-<ruleset name="Pointroll" default_off='failed ruleset test'>
+<ruleset name="Pointroll" default_off="failed ruleset test">
 
 	<target host="pointroll.com" />
-	<target host="*.pointroll.com" />
+	<target host="adportal.pointroll.com" />
+	<target host="ads.pointroll.com" />
+	<target host="blogs.pointroll.com" />
+	<target host="onpoint.pointroll.com" />
+	<target host="spd-s.pointroll.com" />
+	<target host="t.pointroll.com" />
+	<target host="www.pointroll.com" />
 
 
 	<!--	Set by ads:
@@ -24,7 +30,6 @@ Fetch error: http://pointroll.com/ => https://pointroll.com/: (7, 'Failed to con
 	<securecookie host="^(?:adportal|\.ads)\.pointroll\.com$" name=".+" />
 
 
-	<rule from="^http://((?:adportal|ads|blogs|onpoint|spd-s|t|www)\.)?pointroll\.com/"
-		to="https://$1pointroll.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PointsHound.xml b/src/chrome/content/rules/PointsHound.xml
index 54c4daf6b1cf..d348ae77735b 100644
--- a/src/chrome/content/rules/PointsHound.xml
+++ b/src/chrome/content/rules/PointsHound.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Poivron.org.xml b/src/chrome/content/rules/Poivron.org.xml
new file mode 100644
index 000000000000..e9ff00813212
--- /dev/null
+++ b/src/chrome/content/rules/Poivron.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		radiodragon.poivron.org
+		stop-masculinisme.poivron.org
+
+-->
+<ruleset name="Poivron.org">
+
+	<target host="poivron.org" />
+	<target host="www.poivron.org" />
+	<target host="baygonvert.poivron.org" />
+	<target host="bouh.poivron.org" />
+	<target host="cas-libres.poivron.org" />
+	<target host="dl.poivron.org" />
+	<target host="eizada.poivron.org" />
+	<target host="enfance-buissonniere.poivron.org" />
+	<target host="icarus.poivron.org" />
+	<target host="listes.poivron.org" />
+	<target host="pinkusaido.poivron.org" />
+	<target host="robotnicka.poivron.org" />
+	<target host="timult.poivron.org" />
+	<target host="ttf.poivron.org" />
+	<target host="typonpatate.poivron.org" />
+	<target host="remuernotremerde.poivron.org" />
+	<target host="sundancekids.poivron.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PokeCommunity.com.xml b/src/chrome/content/rules/PokeCommunity.com.xml
new file mode 100644
index 000000000000..71a73fdc04e2
--- /dev/null
+++ b/src/chrome/content/rules/PokeCommunity.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- autodiscover.daily
+		- autodiscover.development
+		- ftp
+		- go
+		- ns2
+		- server
+		- whm
+
+	Self-signed:
+		- cbc
+		- mail.cbc
+		- ns1
+-->
+<ruleset name="PokeCommunity.com">
+	<target host="pokecommunity.com" />
+	<target host="www.pokecommunity.com" />
+	<target host="cpanel.pokecommunity.com" />
+	<target host="daily.pokecommunity.com" />
+	<target host="www.daily.pokecommunity.com" />
+	<target host="cpanel.daily.pokecommunity.com" />
+	<target host="mail.daily.pokecommunity.com" />
+	<target host="webdisk.daily.pokecommunity.com" />
+	<target host="webmail.daily.pokecommunity.com" />
+	<target host="development.pokecommunity.com" />
+	<target host="cpanel.development.pokecommunity.com" />
+	<target host="dl.development.pokecommunity.com" />
+	<target host="www.dl.development.pokecommunity.com" />
+	<target host="mail.development.pokecommunity.com" />
+	<target host="webdisk.development.pokecommunity.com" />
+	<target host="webmail.development.pokecommunity.com" />
+	<target host="mail.pokecommunity.com" />
+	<target host="staff.pokecommunity.com" />
+	<target host="www.staff.pokecommunity.com" />
+	<target host="webdisk.pokecommunity.com" />
+	<target host="webmail.pokecommunity.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pokemon_World_Online.xml b/src/chrome/content/rules/Pokemon_World_Online.xml
index f1187932f9c4..a321c4fe0017 100644
--- a/src/chrome/content/rules/Pokemon_World_Online.xml
+++ b/src/chrome/content/rules/Pokemon_World_Online.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.pokemon-world-online.net/ => https://www.pokemon-world-o
 Disabled by https-everywhere-checker because:
 Fetch error: http://pokemon-world-online.net/ => https://pokemon-world-online.net/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Pokémon World Online" default_off='failed ruleset test'>
+<ruleset name="Pokémon World Online" default_off="failed ruleset test">
 
 	<target host="pokemon-world-online.net" />
 	<target host="forum.pokemon-world-online.net" />
@@ -20,4 +20,4 @@ Fetch error: http://pokemon-world-online.net/ => https://pokemon-world-online.ne
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Poky.xml b/src/chrome/content/rules/Poky.xml
index 6442e18fc094..0a73e979a97e 100644
--- a/src/chrome/content/rules/Poky.xml
+++ b/src/chrome/content/rules/Poky.xml
@@ -8,7 +8,7 @@ Fetch error: http://pokylinux.org/ => https://pokylinux.org/: (51, "SSL: no alte
 	For other Linux Foundation coverage, see LinuxFoundation.xml.
 
 -->
-<ruleset name="Poky" default_off='failed ruleset test'>
+<ruleset name="Poky" default_off="failed ruleset test">
 
 	<target host="pokylinux.org" />
 	<target host="bugzilla.pokylinux.org" />
@@ -20,4 +20,4 @@ Fetch error: http://pokylinux.org/ => https://pokylinux.org/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Police_Mutual.xml b/src/chrome/content/rules/Police_Mutual.xml
index a7d7efaa8c94..fbddbba64d79 100644
--- a/src/chrome/content/rules/Police_Mutual.xml
+++ b/src/chrome/content/rules/Police_Mutual.xml
@@ -6,7 +6,8 @@
 <ruleset name="Police Mutual (partial)">
 
 	<target host="policemutual.co.uk" />
-	<target host="*.policemutual.co.uk" />
+	<target host="www.policemutual.co.uk" />
+	<target host="survey.policemutual.co.uk" />
 
 
 	<securecookie host="^survey\.policemutual\.co\.uk$" name=".+" />
@@ -18,4 +19,4 @@
 	<rule from="^http://survey\.policemutual\.co\.uk/"
 		to="https://survey.policemutual.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PolicyMic.xml b/src/chrome/content/rules/PolicyMic.xml
index 4e944c9510df..8acf7f4322d5 100644
--- a/src/chrome/content/rules/PolicyMic.xml
+++ b/src/chrome/content/rules/PolicyMic.xml
@@ -25,17 +25,19 @@ Fetch error: http://policymic.com/ => https://policymic.com/: (7, 'Failed to con
 	* Secured by us
 
 -->
-<ruleset name="PolicyMic" default_off='failed ruleset test'>
+<ruleset name="PolicyMic" default_off="failed ruleset test">
 
 	<target host="policymic.com" />
-	<target host="*.policymic.com" />
+	<target host="static.policymic.com" />
+	<target host="thumbs.policymic.com" />
+	<target host="www.policymic.com" />
+	<target host="media1.policymic.com" />
+	<target host="media2.policymic.com" />
 
 
 	<securecookie host="^\.policymic\.com$" name=".+" />
 
 
-	<rule from="^http://((?:static|thumbs|www)\.)?policymic\.com/"
-		to="https://$1policymic.com/" />
 
 	<rule from="^http://media1\.policymic\.com/"
 		to="https://d12x6n4r5ixux3.cloudfront.net/" />
@@ -43,4 +45,5 @@ Fetch error: http://policymic.com/ => https://policymic.com/: (7, 'Failed to con
 	<rule from="^http://media2\.policymic\.com/"
 		to="https://d3hpe7wwfhob7t.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Polisen.se.xml b/src/chrome/content/rules/Polisen.se.xml
new file mode 100644
index 000000000000..d7ca648c65c8
--- /dev/null
+++ b/src/chrome/content/rules/Polisen.se.xml
@@ -0,0 +1,17 @@
+<!--
+	Incomplete certificate chain:
+		- anmalan
+
+	Travis issues, target itself works:
+		- etjanster
+-->
+<ruleset name="Polisen.se">
+	<target host="polisen.se" />
+	<target host="www.polisen.se" />
+	<target host="cert.polisen.se" />
+	<target host="nfc.polisen.se" />
+	<target host="reserv.polisen.se" />
+	<target host="upphandling.polisen.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Polit.ru.xml b/src/chrome/content/rules/Polit.ru.xml
index e4647e7faedf..39c51dab8e1c 100644
--- a/src/chrome/content/rules/Polit.ru.xml
+++ b/src/chrome/content/rules/Polit.ru.xml
@@ -5,10 +5,10 @@ Fetch error: http://polit.ru/ => https://polit.ru/: (60, 'SSL certificate proble
 Fetch error: http://www.polit.ru/ => https://polit.ru/: (60, 'SSL certificate problem: certificate has expired')
 www. mismatch
 admin. mismatch-->
-<ruleset name="Polit.ru" default_off='failed ruleset test'>
+<ruleset name="Polit.ru" default_off="failed ruleset test">
 	<target host="polit.ru" />
 	<target host="www.polit.ru" />
-	
+
 	<rule from="^http://www\.polit\.ru/"
 		to="https://polit.ru/" />
 
diff --git a/src/chrome/content/rules/PolitiFact.xml b/src/chrome/content/rules/PolitiFact.xml
index 801dd7a348a3..a04d11d5c6bf 100644
--- a/src/chrome/content/rules/PolitiFact.xml
+++ b/src/chrome/content/rules/PolitiFact.xml
@@ -1,27 +1,10 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/static.politifact.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-
--->
 <ruleset name="PolitiFact (partial)">
 
-	<target host="*.politifact.com" />
-
-
-
-	<securecookie host="^\.politifact\.com$" name="^s_vi$" />
-
-
-	<rule from="^http://metric\.politifact\.com/"
-		to="https://stpetersburgtimes.122.2o7.net/" />
+	<target host="politifact.com" />
+	<target host="www.politifact.com" />
+	<target host="metric.politifact.com" />
+	<target host="static.politifact.com" />
 
-	<rule from="^http://static\.politifact\.com/"
-		to="https://s3.amazonaws.com/static.politifact.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Political_Wire.com.xml b/src/chrome/content/rules/Political_Wire.com.xml
index ec152c6243e6..013375a9e358 100644
--- a/src/chrome/content/rules/Political_Wire.com.xml
+++ b/src/chrome/content/rules/Political_Wire.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?politicalwire\.com/"
 		to="https://politicalwire.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Politico.xml b/src/chrome/content/rules/Politico.xml
index 8d9d38cda8b8..93cc3dff1cb1 100644
--- a/src/chrome/content/rules/Politico.xml
+++ b/src/chrome/content/rules/Politico.xml
@@ -1,106 +1,34 @@
 <!--
 	Other Politico rulesets:
+		+ Politico_Pro.com.xml
 
-		- Politico_Pro.com.xml
+	Non-functional hosts
+		Timeout was reached:
+		- login.politico.com
+		- origin-www.politico.com
 
+		SSL peer certificate was not OK:
+		- focus.politico.com
+		- tk.politico.com
 
-	Nonfunctional hosts in *politico.com:
-
-		- dyn ʳ
-		- pro.beta.ops ᵈ
-
-	ᵈ Dropped
-	ʳ Refused
-
-
-	Problematic hosts in *politico.com:
-
-		- ^ * ᵐ ᵘ
-		- images ᵐ
-		- static ⁵
-		- static2 ᵐ
-		- static3 ⁴
-		- tk ᵐ
-		- www ⁴
-
-	* Protocol-relative redirect
-	⁴ 404, equivalent to another domain
-	⁵ 504, equivalent to another domain
-	ᵐ Mismatched
-	ᵘ Untrusted root
-
-
-	Mixed content:
-
-		- Images on secure from static2.politico.com ᵐ
-		- Images on secure from static3.politico.com/dims4/ ⁴
-		- favicon on secure from static.politico.com ˢ
-
-	ᵐ Not secured by us <= mismatched
-	⁴ 404, equivalent to another domain
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+		4xx client error:
+		- images.politico.com
+		- rss.politico.com
+		- static3.politico.com
 -->
-<ruleset name="Politico.com (partial)"
-	default_off="webmaster request">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="login.politico.com" />
-	<target host="secure.politico.com" />
-	<target host="static3.politico.com" />
-
-		<!--	$ 404s, so:
-					-->
-		<test url="http://login.politico.com/_login?base=http%3A%2F%2Fwww.politico.com" />
-		<test url="http://static3.politico.com/resource/images/website/shared/template/bg-noise.24d18bcf9d414e030c36ffd7f30648e8.jpg" /><!--	2033 -->
-
-
-	<!--	Complications:
-				-->
+<ruleset name="Politico.com (partial)">
 	<target host="politico.com" />
-	<target host="static.politico.com" />
 	<target host="www.politico.com" />
+	<target host="design.politico.com" />
+	<target host="go.politico.com" />
+	<target host="qablue.ops.politico.com" />
+	<target host="secure.politico.com" />
+	<target host="static.politico.com" />
+	<test url="http://static.politico.com/ac/aa/9226248b44f0846616bfac182b22/logo-politicopro-200x2.png" />
+	<test url="http://static.politico.com/ba/ac/b50c1f104e1bbf185e73058bb8fb/secureicons4.png" />
+	<target host="vpn.politico.com" />
+	
+	<securecookie host=".+" name=".+" />
 
-		<test url="http://static.politico.com/cf/05/ee684a274496b04fa20ba2978da1/politico.png" /><!--	1064 -->
-
-	<securecookie host="^\." name="^(?:_ga|optimizely)" />
-	<securecookie host="^\w" name=".+" />
-
-	<exclusion pattern="^http://tk\.politico\.com/" />
-		<test url="http://tk.politico.com/zmr6qqx.js" />
-
-	<exclusion pattern="^http://(www\.)?politico\.com/about" />
-		<test url="http://www.politico.com/about/" />
-		<test url="http://www.politico.com/about/advertising" />
-
-	<exclusion pattern="^http://(www\.)?politico\.com/agenda" />
-		<test url="http://www.politico.com/agenda/" />
-		<test url="http://www.politico.com/agenda/story/2015/05/what-does-hillary-stand-for-check-her-staff-twitter-000057" />
-
-	<exclusion pattern="^http://(www\.)?politico\.com/magazine" />
-		<test url="http://www.politico.com/magazine/" />
-		<test url="http://www.politico.com/magazine/story/2014/01/waterboarding-cia-lawyer-john-rizzo-torture-101758" />
-
-	<exclusion pattern="^http://(www\.)?politico\.com/[0-9]+-election/" />
-		<test url="http://www.politico.com/2014-election/results/map/house" />
-		<test url="http://www.politico.com/2014-election/results/map/senate" />
-		<test url="http://www.politico.com/2016-election/results/map/house" />
-
-	<!-- many images cannot be rewritten to static3 -->
-	<exclusion pattern="^http://static\.politico\.com/dims4/" />
-		<test url="http://static.politico.com/dims4/default/07b4c8d/2147483647/legacy_thumbnail/1200x800%3E/quality/90/?url=http%3A%2F%2Fstatic.politico.com%2F2b%2F6b%2F8a85c0cf44bba0a33514ee41db43%2Fap540355375077.jpg" />
-
-	<!-- currently 404 on www as well as secure -->
-	<!-- <exclusion pattern="^http://www.politico.com/rss/.+\.xml$" /> -->
-
-	<rule from="^http://(www\.)?politico\.com/"
-		to="https://secure.politico.com/" /> 
-
-	<rule from="^http://static\.politico\.com/"
-		to="https://static3.politico.com/" /> 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Politiken.dk.xml b/src/chrome/content/rules/Politiken.dk.xml
index 528bb8673c3e..a0ea3405adac 100644
--- a/src/chrome/content/rules/Politiken.dk.xml
+++ b/src/chrome/content/rules/Politiken.dk.xml
@@ -56,7 +56,7 @@ Fetch error: http://www.politiken.dk/ => https://www.politiken.dk/: Too many red
 	* Secured by us
 
 -->
-<ruleset name="Politiken.dk (mixed content)" default_off='failed ruleset test'>
+<ruleset name="Politiken.dk (mixed content)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Polity.co.uk.xml b/src/chrome/content/rules/Polity.co.uk.xml
index b6441601e160..dd8c7fa1ae61 100644
--- a/src/chrome/content/rules/Polity.co.uk.xml
+++ b/src/chrome/content/rules/Polity.co.uk.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.polity.co.uk/ => https://www.polity.co.uk/: (51, "SSL: n
 		- www.polity.co.uk
 
 -->
-<ruleset name="Polity.co.uk" default_off='failed ruleset test'>
+<ruleset name="Polity.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Polk.xml b/src/chrome/content/rules/Polk.xml
index e02b57747c4e..6f21575f5f2c 100644
--- a/src/chrome/content/rules/Polk.xml
+++ b/src/chrome/content/rules/Polk.xml
@@ -8,12 +8,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://polk.com/ => https://www.polk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.polk.com/ => https://www.polk.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Polk" default_off='failed ruleset test'>
+<ruleset name="Polk" default_off="failed ruleset test">
 
 	<target host="polk.com"/>
 	<target host="www.polk.com"/>
 
-	<securecookie host="^(?:.*\.)?polk\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?polk\.com/"
 		to="https://www.polk.com/"/>
diff --git a/src/chrome/content/rules/Poll_Everywhere.com.xml b/src/chrome/content/rules/Poll_Everywhere.com.xml
deleted file mode 100644
index e19647f661e6..000000000000
--- a/src/chrome/content/rules/Poll_Everywhere.com.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://blog.polleverywhere.com/ => https://polleverywhere.com/blog/: Too many redirects while fetching 'https://polleverywhere.com/blog/'
-
-	Problematic hosts in *polleverywhere.com:
-
-		- blog *
-
-	* Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.polleverywhere.com
-
-
-	Mixed content:
-
-		- Ads on www from t.co *
-
-	* Secured by us
-
--->
-<ruleset name="Poll Everywhere.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="polleverywhere.com" />
-	<target host="viz.polleverywhere.com" />
-	<target host="www.polleverywhere.com" />
-
-	<!--	Complications:
-				-->
-	<target host="blog.polleverywhere.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.polleverywhere\.com$" name="^(?:polleverywhere_session_id|plan_filter_group|split)$" /-->
-
-	<securecookie host="^www\.polleverywhere\.com$" name=".+" />
-
-
-	<!--	Redirect keeps path, args,
-		and forward slash:
-					-->
-	<rule from="^http://blog\.polleverywhere\.com/"
-		to="https://polleverywhere.com/blog/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Polskie_Radio.pl.xml b/src/chrome/content/rules/Polskie_Radio.pl.xml
index 88838a8a6632..21deba8923ce 100644
--- a/src/chrome/content/rules/Polskie_Radio.pl.xml
+++ b/src/chrome/content/rules/Polskie_Radio.pl.xml
@@ -42,7 +42,7 @@
 			- redaktorext, sklep from $self ˢ
 
 		- Bugs, on:
-		
+
 			- redaktorext from www.facebook.com ˢ
 			- redaktorext from diff3.smartadserver.com ˢ
 
diff --git a/src/chrome/content/rules/PolyBrowser.com.xml b/src/chrome/content/rules/PolyBrowser.com.xml
index 6da27e8fe456..46443fd84a6c 100644
--- a/src/chrome/content/rules/PolyBrowser.com.xml
+++ b/src/chrome/content/rules/PolyBrowser.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.polybrowser.com/ => https://www.polybrowser.com/: (28, '
 	* Secured by us
 
 -->
-<ruleset name="PolyBrowser.com" default_off='failed ruleset test'>
+<ruleset name="PolyBrowser.com" default_off="failed ruleset test">
 
 	<target host="polybrowser.com" />
 	<target host="www.polybrowser.com" />
diff --git a/src/chrome/content/rules/PolyGrant.com.xml b/src/chrome/content/rules/PolyGrant.com.xml
index dd730262e62f..6ae08576d798 100644
--- a/src/chrome/content/rules/PolyGrant.com.xml
+++ b/src/chrome/content/rules/PolyGrant.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.polygrant.com/ => https://www.polygrant.com/: (7, 'Faile
 		- www.polygrant.com
 
 -->
-<ruleset name="PolyGrant.com" default_off='failed ruleset test'>
+<ruleset name="PolyGrant.com" default_off="failed ruleset test">
 
 	<target host="polygrant.com" />
 	<target host="www.polygrant.com" />
diff --git a/src/chrome/content/rules/PolyU.edu.hk.xml b/src/chrome/content/rules/PolyU.edu.hk.xml
index d071d089cb46..1ad8e3946716 100644
--- a/src/chrome/content/rules/PolyU.edu.hk.xml
+++ b/src/chrome/content/rules/PolyU.edu.hk.xml
@@ -20,7 +20,7 @@
 
     <rule from="^http://lib\.polyu\.edu\.hk/"
         to="https://www.lib.polyu.edu.hk/" />
-        
+
         <test url="http://lib.polyu.edu.hk/orientation/" />
 
     <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Polygon.com.xml b/src/chrome/content/rules/Polygon.com.xml
index 29f33e003e9b..8b6e399d3614 100644
--- a/src/chrome/content/rules/Polygon.com.xml
+++ b/src/chrome/content/rules/Polygon.com.xml
@@ -1,79 +1,10 @@
 <!--
 	For other Vox Media coverage, see Vox.com.xml.
-
-
-	^polygon.com: Refused
-
-
-	Mixed content:
-
-		Images, on:
-
-			- www from assets.sbnation.com *
-			- www from cdn\d.sbnation.com *
-			- www from cdn\d.vox-cdn.com *
-
-	* Secured by us
-
 -->
-<ruleset name="Polygon.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.polygon.com" />
+<ruleset name="Polygon.com">
 
-	<!--	Complications:
-				-->
 	<target host="polygon.com" />
-
-		<!--	Redirect to http:
-						-->
-		<exclusion pattern="^http://www\.polygon\.com/(?:$|\?)" />
-		<exclusion pattern="^http://www\.polygon\.com/comments/load_comments/" />
-		<exclusion pattern="/\d{4}/(?:\d\d?/){2}\d+/[\w-]" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.polygon.com/2015/11/27/9807860/hearthstone-disconnect-dreamhack-tournament-drama" />
-			<test url="http://www.polygon.com/2015/12/3/9847206/konami-prevented-kojima-attending-game-awards-2015" />
-			<test url="http://www.polygon.com/?" />
-			<test url="http://www.polygon.com/?foo" />
-			<test url="http://www.polygon.com/comics/2015/9/10/9297939/call-of-duty-black-ops-3-comic" />
-			<test url="http://www.polygon.com/forums/minecraft/2012/10/25/3553718/survivor-is-best-faction" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.polygon.com/features" />
-			<test url="http://www.polygon.com/forums" />
-			<test url="http://www.polygon.com/forums/destiny" />
-			<test url="http://www.polygon.com/game/dota-2/2243/media" />
-			<test url="http://www.polygon.com/game/fallout-4/38395" />
-			<test url="http://www.polygon.com/game/grand-theft-auto-5/3667/overview" />
-			<test url="http://www.polygon.com/login" />
-			<test url="http://www.polygon.com/news" />
-			<test url="http://www.polygon.com/opinion" />
-			<test url="http://www.polygon.com/rss/index.xml" />
-			<test url="http://www.polygon.com/users/Ben%20Kuchera" />
-			<test url="http://www.polygon.com/videos" />
-
-		<test url="http://www.polygon.com/comments/load_comments/" />
-		
-		<!--	Mixed images:
-					-->
-		<test url="http://www.polygon.com/pages/about" />
-
-	<!-- Fix #4007 -->
-	<exclusion pattern="http://www\.polygon\.com/chorus_page/optimally_sized_images" />
-	
-	<test url="http://www.polygon.com/chorus_page/optimally_sized_images" />
-
-	<!--	Possible trackers (untested):
-						-->
-	<securecookie host="^\.polygon\.com$" name="^__[qu].*" />
-
-
-	<rule from="^http://polygon\.com/"
-		to="https://www.polygon.com/" />
+	<target host="www.polygon.com" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Polytechnic-University-of-Catalonia-mismatches.xml b/src/chrome/content/rules/Polytechnic-University-of-Catalonia-mismatches.xml
deleted file mode 100644
index 46439175b0e8..000000000000
--- a/src/chrome/content/rules/Polytechnic-University-of-Catalonia-mismatches.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Polytechnic University of Catalonia (mismatches)" default_off="mismatched">
-
-	<target host="gentoo-euetib.upc.es"/>
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Polytechnic-University-of-Catalonia.xml b/src/chrome/content/rules/Polytechnic-University-of-Catalonia.xml
deleted file mode 100644
index f9362b0aa90f..000000000000
--- a/src/chrome/content/rules/Polytechnic-University-of-Catalonia.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Polytechnic University of Catalonia (partial)">
-
-	<target host="upc.edu"/>
-	<target host="*.upc.edu"/>
-	<target host="upc.es"/>
-	<target host="*.upc.es"/>
-
-	<securecookie host="^(?:.*\.)upc\.edu$" name=".+" />
-
-	<rule from="^http://(?:www\.)?upc\.(?:es|edu)/"
-		to="https://www.upc.edu/"/>
-
-	<rule from="^http://australis\.upc\.es/"
-		to="https://australis.upc.es/"/>
-
-	<rule from="^http://(\w+\.blog|peguera|tv)\.upc\.edu/"
-		to="https://$1.upc.edu/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ponderwall.com.xml b/src/chrome/content/rules/Ponderwall.com.xml
index a2d10ffdc63f..7047e71317fe 100644
--- a/src/chrome/content/rules/Ponderwall.com.xml
+++ b/src/chrome/content/rules/Ponderwall.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Mixed content from fonts.googleapis.com and ad server
-	
+
 -->
 <ruleset name="Ponderwall">
 
diff --git a/src/chrome/content/rules/Ponemon.xml b/src/chrome/content/rules/Ponemon.xml
index 4faa7c673809..fca9df128ad2 100644
--- a/src/chrome/content/rules/Ponemon.xml
+++ b/src/chrome/content/rules/Ponemon.xml
@@ -8,7 +8,7 @@ Fetch error: http://rim.ponemon.org/ => https://rim.ponemon.org/: (60, 'SSL cert
 		- (www.)	(redirects to rim, CN: rim.ponemon.org)
 
 -->
-<ruleset name="Ponemon (partial)" default_off='failed ruleset test'>
+<ruleset name="Ponemon (partial)" default_off="failed ruleset test">
 
 	<target host="rim.ponemon.org" />
 
@@ -18,4 +18,4 @@ Fetch error: http://rim.ponemon.org/ => https://rim.ponemon.org/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pony.fm.xml b/src/chrome/content/rules/Pony.fm.xml
index c5f5d0911854..28ee4ee384fa 100644
--- a/src/chrome/content/rules/Pony.fm.xml
+++ b/src/chrome/content/rules/Pony.fm.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://s.pony.fm/ => https://s.pony.fm/: (51, "SSL: no alternative certificate subject name matches target host name 's.pony.fm'")
 
 -->
-<ruleset name="Pony.fm" default_off='failed ruleset test'>
+<ruleset name="Pony.fm" default_off="failed ruleset test">
 
 	<target host="pony.fm" />
 	<target host="s.pony.fm" />
@@ -16,4 +16,4 @@ Fetch error: http://s.pony.fm/ => https://s.pony.fm/: (51, "SSL: no alternative
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PonyChat.net.xml b/src/chrome/content/rules/PonyChat.net.xml
deleted file mode 100644
index ba8d566921e1..000000000000
--- a/src/chrome/content/rules/PonyChat.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PonyChat.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ponychat.net" />
-	<target host="www.ponychat.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Poo.solutions.xml b/src/chrome/content/rules/Poo.solutions.xml
deleted file mode 100644
index 0cc6d5d0e080..000000000000
--- a/src/chrome/content/rules/Poo.solutions.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Poo.solutions">
-	<target host="poo.solutions" />
-	<target host="www.poo.solutions" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Poolp.org.xml b/src/chrome/content/rules/Poolp.org.xml
index 8f2407e28133..f64668dbbfd8 100644
--- a/src/chrome/content/rules/Poolp.org.xml
+++ b/src/chrome/content/rules/Poolp.org.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Poor_Man_Motorsports.xml b/src/chrome/content/rules/Poor_Man_Motorsports.xml
index 3c58a01f00fb..3b089bf2fc32 100644
--- a/src/chrome/content/rules/Poor_Man_Motorsports.xml
+++ b/src/chrome/content/rules/Poor_Man_Motorsports.xml
@@ -4,9 +4,9 @@
 	<target host="www.poormanmotorsports.com" />
 
 
-	<securecookie host="^(?:.*\.)?poormanmotorsports\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pop2imap.com.xml b/src/chrome/content/rules/Pop2imap.com.xml
new file mode 100644
index 000000000000..4db03846d0e9
--- /dev/null
+++ b/src/chrome/content/rules/Pop2imap.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Pop2imap.com">
+	<target host="pop2imap.com" />
+	<target host="www.pop2imap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PopAtomic.xml b/src/chrome/content/rules/PopAtomic.xml
deleted file mode 100644
index 589de7462ce6..000000000000
--- a/src/chrome/content/rules/PopAtomic.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PopAtomic">
-
-	<target host="popatomic.org" />
-	<target host="www.popatomic.org" />
-
-
-	<securecookie host="^(?:www\.)?popatomic\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PopCash.net.xml b/src/chrome/content/rules/PopCash.net.xml
index 8112d6a68fe5..c9017e3bac5c 100644
--- a/src/chrome/content/rules/PopCash.net.xml
+++ b/src/chrome/content/rules/PopCash.net.xml
@@ -4,6 +4,6 @@
 	<target host="static.popcash.net" />
 
 	<securecookie host=".+" name=".+" />
-				  
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PopCrunch.com.xml b/src/chrome/content/rules/PopCrunch.com.xml
deleted file mode 100644
index 8094c32832df..000000000000
--- a/src/chrome/content/rules/PopCrunch.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- pc-uploads.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(503)
-		- ox-d		(404)
-
-
-	Fully covered subdomains:
-
-		- assets
-		- pc[123]
-		- social
-
--->
-<ruleset name="PopCrunch.com (partial)">
-
-	<target host="assets.popcrunch.com" />
-	<target host="pc1.popcrunch.com" />
-	<target host="pc2.popcrunch.com" />
-	<target host="pc3.popcrunch.com" />
-	<target host="social.popcrunch.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PopSci.com.xml b/src/chrome/content/rules/PopSci.com.xml
index 4009e72af4f3..2f87d2c98eac 100644
--- a/src/chrome/content/rules/PopSci.com.xml
+++ b/src/chrome/content/rules/PopSci.com.xml
@@ -15,6 +15,6 @@
 	<target host="www.popsci.com" />
 	<target host="shop.popsci.com" />
 	<target host="subscribe.popsci.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pop_Goes_the_Week.xml b/src/chrome/content/rules/Pop_Goes_the_Week.xml
index 417b20516819..b3afe3fa9277 100644
--- a/src/chrome/content/rules/Pop_Goes_the_Week.xml
+++ b/src/chrome/content/rules/Pop_Goes_the_Week.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Popehat.com.xml b/src/chrome/content/rules/Popehat.com.xml
index d2469fd9b701..7356deb7d528 100644
--- a/src/chrome/content/rules/Popehat.com.xml
+++ b/src/chrome/content/rules/Popehat.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://webdisk.popehat.com/ => https://webdisk.popehat.com/: (51, "
 Fetch error: http://webmail.popehat.com/ => https://webmail.popehat.com/: (51, "SSL: no alternative certificate subject name matches target host name 'webmail.popehat.com'")
 
 -->
-<ruleset name="Popehat.com" default_off='failed ruleset test'>
+<ruleset name="Popehat.com" default_off="failed ruleset test">
 
 	<target host="popehat.com" />
 	<target host="www.popehat.com" />
diff --git a/src/chrome/content/rules/Poppy-Sports.xml b/src/chrome/content/rules/Poppy-Sports.xml
index 2c5ecaed8932..69c3d004e359 100644
--- a/src/chrome/content/rules/Poppy-Sports.xml
+++ b/src/chrome/content/rules/Poppy-Sports.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://poppysports.com/ => https://www.poppysports.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.poppysports.com'")
 
 -->
-<ruleset name="Poppy Sports" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Poppy Sports" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="poppysports.com" />
-	<target host="*.poppysports.com" />
+	<target host="www.poppysports.com" />
 
 	<rule from="^http://(?:www\.)?poppysports\.com/"
 		to="https://www.poppysports.com/" />
diff --git a/src/chrome/content/rules/Pops.co.xml b/src/chrome/content/rules/Pops.co.xml
index ed1ece933c2d..b816f48cb79c 100644
--- a/src/chrome/content/rules/Pops.co.xml
+++ b/src/chrome/content/rules/Pops.co.xml
@@ -1,11 +1,11 @@
-<!--
-	Invalid certificate:
-		www.pops.co
-
--->
-<ruleset name="Pops.co">
-	<target host="pops.co" />
-	<target host="app.pops.co" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
+<!--
+	Invalid certificate:
+		www.pops.co
+
+-->
+<ruleset name="Pops.co">
+	<target host="pops.co" />
+	<target host="app.pops.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Popular.com.tw.xml b/src/chrome/content/rules/Popular.com.tw.xml
deleted file mode 100644
index 3140f4b8b2f7..000000000000
--- a/src/chrome/content/rules/Popular.com.tw.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	^: cert only matches www
-
--->
-<ruleset name="Popular.com.tw">
-
-	<target host="popular.com.tw" />
-	<target host="www.popular.com.tw" />
-
-
-	<rule from="^http://(?:www\.)?popular\.com\.tw/"
-		to="https://www.popular.com.tw/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Popular_Photography.xml b/src/chrome/content/rules/Popular_Photography.xml
index 4013d35cd8d5..62ed432387ed 100644
--- a/src/chrome/content/rules/Popular_Photography.xml
+++ b/src/chrome/content/rules/Popular_Photography.xml
@@ -19,7 +19,8 @@ Fetch error: http://popphoto.com/ => https://www.popphoto.com/: Cycle detected -
 <ruleset name="Popular Photography">
 
 	<target host="popphoto.com" />
-	<target host="*.popphoto.com" />
+	<target host="www.popphoto.com" />
+	<target host="videostore.popphoto.com" />
 
 
 	<rule from="^http://(?:www\.)?popphoto\.com/"
diff --git a/src/chrome/content/rules/Populis_Engage.com.xml b/src/chrome/content/rules/Populis_Engage.com.xml
deleted file mode 100644
index 543e6684f903..000000000000
--- a/src/chrome/content/rules/Populis_Engage.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Web bugs.
-
--->
-<ruleset name="Populis Engage.com">
-
-	<target host="*.populisengage.com" />
-
-
-	<securecookie host="^\.populisengage\.com$" name="^OAX$" />
-	<securecookie host="^oas\.populisengage\.com$" name=".+" />
-
-
-	<rule from="^http://oas\.populisengage\.com/"
-		to="https://oas.populisengage.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PopupCheck.com.xml b/src/chrome/content/rules/PopupCheck.com.xml
new file mode 100644
index 000000000000..20a574c6ff20
--- /dev/null
+++ b/src/chrome/content/rules/PopupCheck.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.popupcheck.com
+-->
+
+<ruleset name="PopupCheck.com" platform="mixedcontent">
+	<target host="popupcheck.com" />
+	<target host="www.popupcheck.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Porlaputa.com.xml b/src/chrome/content/rules/Porlaputa.com.xml
index 4329d3970370..58ecf9a18a85 100644
--- a/src/chrome/content/rules/Porlaputa.com.xml
+++ b/src/chrome/content/rules/Porlaputa.com.xml
@@ -16,7 +16,7 @@
 <ruleset name="Porlaputa.com (partial)" default_off="mismatched">
 
 	<target host="porlaputa.com" />
-	<target host="*.porlaputa.com" />
+	<target host="www.porlaputa.com" />
 
 
 	<securecookie host="^\.porlaputa\.com$" name=".+" />
@@ -25,4 +25,4 @@
 	<rule from="^http://(?:www\.)?porlaputa\.com/"
 		to="https://porlaputa.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Porn-W.xml b/src/chrome/content/rules/Porn-W.xml
index 0c5704ce6262..3c554e1fe207 100644
--- a/src/chrome/content/rules/Porn-W.xml
+++ b/src/chrome/content/rules/Porn-W.xml
@@ -3,7 +3,7 @@
 	<!--	cert: astria.warezman.info	-->
 	<target host="porn-w.org"/>
 	<!--	* for cross-domain cookies	-->
-	<target host="*.porn-w.org"/>
+	<target host="www.porn-w.org" />
 
 	<securecookie host="^\.porn-w\.org$" name=".+" />
 
diff --git a/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml b/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml
index 4569e8da19a7..2668f42e9d64 100644
--- a/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml
+++ b/src/chrome/content/rules/Porn_Worms.com-falsemixed.xml
@@ -27,7 +27,7 @@ Fetch error: http://www.pornworms.com/ => https://www.pornworms.com/: (60, 'SSL
 		- www
 
 -->
-<ruleset name="Porn Worms.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Porn Worms.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Porn_Worms.com.xml b/src/chrome/content/rules/Porn_Worms.com.xml
index ffe9beebd8dc..b994c82c83b0 100644
--- a/src/chrome/content/rules/Porn_Worms.com.xml
+++ b/src/chrome/content/rules/Porn_Worms.com.xml
@@ -62,7 +62,7 @@ Fetch error: http://pornworms.com/ => https://pornworms.com/: (60, 'SSL certific
 			- adserver.juicyads.com
 
 -->
-<ruleset name="Porn Worms.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Porn Worms.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pornwikileaks.com.xml b/src/chrome/content/rules/Pornwikileaks.com.xml
new file mode 100644
index 000000000000..a837539cac19
--- /dev/null
+++ b/src/chrome/content/rules/Pornwikileaks.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Pornwikileaks.com">
+    <target host="pornwikileaks.com" />
+    <target host="www.pornwikileaks.com" />
+    <target host="mail.pornwikileaks.com" />
+    <target host="ftp.pornwikileaks.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PortForward.com.xml b/src/chrome/content/rules/PortForward.com.xml
index 62c1d97b5204..d2e5ce38cdb6 100644
--- a/src/chrome/content/rules/PortForward.com.xml
+++ b/src/chrome/content/rules/PortForward.com.xml
@@ -1,22 +1,26 @@
 <!--
-	Nonfunctional subdomains:
+	HTTP != HTTPS:
+		- admin
 
-		- boards	(cert: www.jasonbauer.net; shows that domain's data)
+	Mismatched:
+		- auth
+		- images
+		- img
+		- new
+		- search
 
--->
-<ruleset name="PortForward.com (partial)">
+	Timeout:
+		- forum
+		- mail
 
+	Expired:
+		- screenshots
+-->
+<ruleset name="PortForward.com">
 	<target host="portforward.com" />
-	<target host="*.portforward.com" />
-
-
-	<!--	- At least some pages present a link back to http
-		- https://(www.) redirects back to http
-					-->
-	<rule from="^http://(?:www\.)?portforward\.com/build/"
-		to="https://secure.portforward.com/build/" />
-
-	<rule from="^http://secure\.portforward\.com/"
-		to="https://secure.portforward.com/" />
+	<target host="www.portforward.com" />
+	<target host="portchecker.portforward.com" />
+	<target host="secure.portforward.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PortableApps.com.xml b/src/chrome/content/rules/PortableApps.com.xml
index a806da544298..af71b8eb529e 100644
--- a/src/chrome/content/rules/PortableApps.com.xml
+++ b/src/chrome/content/rules/PortableApps.com.xml
@@ -1,7 +1,16 @@
+<!--
+	Invalid certificate:
+		- download2.portableapps.com
+
+	SSL error:
+		- download.portableapps.com
+-->
+
 <ruleset name="PortableApps.com">
 	<target host="portableapps.com" />
 	<target host="www.portableapps.com" />
 	<target host="cdn.portableapps.com" />
+	<target host="download3.portableapps.com" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Portadi.com.xml b/src/chrome/content/rules/Portadi.com.xml
deleted file mode 100644
index 5b93cd5464ac..000000000000
--- a/src/chrome/content/rules/Portadi.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	Nonfunctional hosts in *portadi.com:
-
-		- blog *
-
-	* Refused
-
-
-	^portadi.com: Refused
-
-
-	Fully covered hosts in *portadi.com:
-
-		- (www.)?
-		- app
-
--->
-<ruleset name="Portadi.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="app.portadi.com" />
-	<target host="www.portadi.com" />
-
-	<!--	Complications:
-				-->
-	<target host="portadi.com" />
-
-
-	<rule from="^http://portadi\.com/"
-		to="https://www.portadi.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Portland_Mercury.com.xml b/src/chrome/content/rules/Portland_Mercury.com.xml
index 8b8ca2a464f4..80fa471221e2 100644
--- a/src/chrome/content/rules/Portland_Mercury.com.xml
+++ b/src/chrome/content/rules/Portland_Mercury.com.xml
@@ -1,6 +1,17 @@
+
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://portlandmercury.com/ => https://portlandmercury.com/: Cycle detected - URL already encountered: https://www.portlandmercury.com/
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://classifieds.portlandmercury.com/ => https://classifieds.portlandmercury.com/: (6, 'Could not resolve host: classifieds.portlandmercury.com')
+Fetch error: http://m.portlandmercury.com/ => https://m.portlandmercury.com/: (6, 'Could not resolve host: m.portlandmercury.com')
+
+  Nonfunctional hosts:
+  301:
+    - post
+  Unresolved hosts:
+    - m
+    - blog
+
 	Mixed content:
 
 		- Image from thestranger.com *
@@ -8,22 +19,15 @@ Fetch error: http://portlandmercury.com/ => https://portlandmercury.com/: Cycle
 		- favicon from thestranger.com *
 
 	* Secured by us
-
 -->
 <ruleset name="Portland Mercury.com (partial)">
 
 	<target host="portlandmercury.com" />
+  <target host="www.portlandmercury.com" />
 	<target host="blogtown.portlandmercury.com" />
-	<target host="classifieds.portlandmercury.com" />
-	<target host="m.portlandmercury.com" />
+	<!-- target host="classifieds.portlandmercury.com" /-->
+	<!-- target host="m.portlandmercury.com" /-->
 	<target host="post.portlandmercury.com" />
-	<target host="www.portlandmercury.com" />
-		<exclusion pattern="^http://(?:blogtown|m|post)\.portlandmercury\.com/(?!binary/|captcha/|favicon\.ico|foundation/|images/|styles/)" />
-		<!--
-			Redirects to www:
-						-->
-		<!--exclusion pattern="^http://(blogtown|m)\.portlandmercury\.com/($|\?)" /-->
-
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Portland_State_University-falsemixed.xml b/src/chrome/content/rules/Portland_State_University-falsemixed.xml
deleted file mode 100644
index 13a9070fcee7..000000000000
--- a/src/chrome/content/rules/Portland_State_University-falsemixed.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://pdu.edu/ => https://pdu.edu/: (6, 'Could not resolve host: pdu.edu')
-Fetch error: http://webdev.pdu.edu/ => https://webdev.pdu.edu/: (6, 'Could not resolve host: webdev.pdu.edu')
-Fetch error: http://www.pdu.edu/ => https://www.pdu.edu/: (6, 'Could not resolve host: www.pdu.edu')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://pdu.edu/ => https://pdu.edu/: (6, 'Could not resolve host: pdu.edu')
-Fetch error: http://webdev.pdu.edu/ => https://webdev.pdu.edu/: (6, 'Could not resolve host: webdev.pdu.edu')
-Fetch error: http://www.pdu.edu/ => https://www.pdu.edu/: (6, 'Could not resolve host: www.pdu.edu')
-	For rules not causing false/mixed MCB, see Portland_State_University.xml.
-
--->
-<ruleset name="Portland State University (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="pdu.edu" />
-	<target host="webdev.pdu.edu" />
-	<target host="www.pdu.edu" />
-		<!--
-			Covered in Portland_State_University.xml.
-									-->
-		<!--exclusion pattern="^http://(www\.)?pdu\.edu/(favicon\.ico|(\w+/)?(misc|sites)/|syndication/)" /-->
- 		<!--exclusion pattern="^http://webdev\.pdu\.edu/(?!css/|favicon\.ico|images/|js/)" /-->
-		<exclusion pattern="^http://(?:webdev\.|www\.)?pdu\.edu/(?:css/|favicon\.ico|images/|js/|(?:\w+/)?(?:misc|sites)/|syndication/)" />
-
-
-	<securecookie host="^www\.pdu\.edu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Portland_State_University.xml b/src/chrome/content/rules/Portland_State_University.xml
index db0dadfcd841..c3272b0abb62 100644
--- a/src/chrome/content/rules/Portland_State_University.xml
+++ b/src/chrome/content/rules/Portland_State_University.xml
@@ -1,143 +1,51 @@
 <!--
-	For rules causing false/mixed MCB, see Portland_State_University-falsemixed.xml.
+	Non-functional hosts:
+		Timeout:
+		- research.pdx.edu
 
+		SSL error:
+		- mail.pdx.edu
 
-	CDN buckets:
+		Incomplete certificate chain:
+		- banweb.banner.pdx.edu
+		- banweb.pdx.edu
 
-		- pdx.libguides.com
-
-
-	Nonfunctional subdomains:
-
-		- www.experts *
-		- psu-eres.lib		(dropped)
-		- exhibits.library	(refused)
-		- my			(redirects to http)
-		- (www.)rsp *
-
-	* 404; expired 2011-04-23, self-signed, CN: eurystheus.oit.pdx.edu
-
-
-	Problematic subdomains:
-
-		- cal *
-		- www.fap		(works, expired 2013-04-20)
-		- guides.library	(libguides.com)
-		- www.library		(cert only matches ^library)
-		- mail *
-		- sa			(works, expired 2012-12-07)
-		- (www.)summer		(404; expired 2011-08-12, self-signed, CN: sisyphus.oit.pdx.edu)
-
-	* Interrupted
-
-
-	Partially covered subdomains:
-
-		- guides.library	(→ libguides.com)
-		- webdev *
-		- (www.) *
-
-	* Avoiding false/broken MCB, rest covered in Portland_State_University-falsemixed.xml
-
-
-	Fully covered subdomains:
-
-		- banweb
-		- cal		(→ www.google.com)
-		- d2l
-		- (www.)library	(www → ^)
-		- mail		(→ mail.google.com)
-		- (www.)sa	(^ → www)
-		- sso
-		- (www.)summer	(→ ^)
-		- vikat
-		- webdev
-
-
-	Observed cookie domains:
-
-		- banweb
-		- .library
-		- guides.library
-		- my
-		- sso
-		- www
-
-
-	Mixed  content:
-
-		- Scripts on webdev from webdev *
-
-		- css, on:
-
-			- webdev from webdev *
-			- www from www *
-			- www from fonts.gentooapis.com *
-
-		- Images, from:
-
-			- vikat from library *
-			- webdev from webdev *
-			- www from www *
-
-		- favicons, on:
-
-			- www.sa from www *
-			- webdev from webdev *
-
-	* Secured by us
-
-
-	webdev and www are in a separate falsemixed ruleset
-	due to mixed scripts and css from webdev and www.
-
-	NB: We secure all resources, and thus
-	falsemixed should be merged for Ffx 24.
+		Certificate mismatched:
+		- print.pdx.edu
 
+		Different content:
+		- www.library.pdx.edu
 -->
 <ruleset name="Portland State University (partial)">
-
-	<target host="pdu.edu" />
-	<target host="*.pdu.edu" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?pdu\.edu/(?!favicon\.ico|(\w+/)?(misc|sites)/|syndication/)" /-->
-		<!--<exclusion pattern="^http://webdev\.pdu\.edu/(?!css/|favicon\.ico|images/|js/)" /-->
-		<exclusion pattern="^http://(?:webdev\.|www\.)?pdu\.edu/(?!css/|favicon\.ico|images/|js/|(?:\w+/)?(?:misc|sites)/|syndication/)" />
-		<!--exclusion pattern="^http://(www\.fap|my)\.pdu\.edu/" /-->
-		<!--exclusion pattern="^http://guides\.library\.pdx\.edu/(?!css\d*/|favicon\.ico|include/|js\d*/)" /-->
-		<!--exclusion pattern="^http://my\.pdu\.edu/($|\?|favicon\.ico|sites/)" /-->
-
-
-	<!--securecookie host="^(?!www\.)?.+\.pdu\.edu$" name=".+" /-->
-	<securecookie host="^(?:banweb|sso|vikat)\.pdu\.edu$" name=".+" />
-	<!--
-		Could we secure any of these safely?
-							-->
-	<!--securecookie host="^\.pdu\.edu$" name="^(III_EXPT_FILE|III_SESSION_ID|SESSION_LANGUAGE)$" /-->
-	<!--securecookie host="^\.library\.pdu\.edu$" name=".+" /-->
-
-
-	<rule from="^http://((?:banweb|d2l|sso|vikat|webdev|www)\.)?pdu\.edu/"
-		to="https://$1pdu.edu/" />
-
-	<rule from="^http://cal\.pdu\.edu/.*"
-		to="https://www.google.com/calendar/hosted/pdx.edu" />
-
-	<rule from="^http://(?:www\.)?library\.pdu\.edu/"
-		to="https://library.pdu.edu/" />
-
-	<rule from="^http://guides\.library\.pdx\.edu/(?=css\d*/|favicon\.ico|include/|js\d*/)"
-		to="https://libguides.com/" />
-
-	<rule from="^http://mail\.pdu\.edu/.*"
-		to="https://mail.google.com/a/pdu.edu" />
-
-	<rule from="^http://(?:www\.)?sa\.pdu\.edu/"
-		to="https://www.sa.pdu.edu/" />
-
-	<rule from="^http://(?:www\.)?summer\.pdu\.edu/.*"
-		to="https://pdu.edu/summer" />
-
-</ruleset>
\ No newline at end of file
+	<target host="pdx.edu" />
+	<target host="www.pdx.edu" />
+	
+	<target host="alba.pdx.edu" />
+
+	<target host="cat.pdx.edu" />
+	
+	<target host="d2l.pdx.edu" />
+	
+	<target host="library.pdx.edu" />
+	<target host="www.library.pdx.edu" />
+	<target host="guides.library.pdx.edu" />
+	<target host="pdxscholar.library.pdx.edu" />
+	<target host="search.library.pdx.edu" />
+	
+	<target host="oaiplus.pdx.edu" />
+	
+	<target host="publishing.pdx.edu" />
+	
+	<target host="climatecope.research.pdx.edu" />
+	<target host="wpsa.research.pdx.edu" />
+	
+	<target host="my.pdx.edu" />
+	
+	<target host="sso.pdx.edu" />
+		<test url="http://sso.pdx.edu/idp/profile/SAML2/POST/SSO" />
+
+	<rule from="^http://www\.library\.pdx\.edu/"
+		  	to="https://library.pdx.edu/" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Porton_CV.gov.cv.xml b/src/chrome/content/rules/Porton_CV.gov.cv.xml
index 82dd2368905a..ff2ea72a5675 100644
--- a/src/chrome/content/rules/Porton_CV.gov.cv.xml
+++ b/src/chrome/content/rules/Porton_CV.gov.cv.xml
@@ -6,7 +6,7 @@ Fetch error: http://portoncv.gov.cv/ => https://portoncv.gov.cv/: (28, 'Connecti
 	www doesn't exist.
 
 -->
-<ruleset name="Porton CV.gov.cv" default_off='failed ruleset test'>
+<ruleset name="Porton CV.gov.cv" default_off="failed ruleset test">
 
 	<target host="portoncv.gov.cv" />
 
diff --git a/src/chrome/content/rules/Portsmouth.gov.uk.xml b/src/chrome/content/rules/Portsmouth.gov.uk.xml
index 89a4f7493145..e33666500893 100644
--- a/src/chrome/content/rules/Portsmouth.gov.uk.xml
+++ b/src/chrome/content/rules/Portsmouth.gov.uk.xml
@@ -1,4 +1,14 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://airquality.portsmouth.gov.uk/ => https://airquality.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://bigrecycle.portsmouth.gov.uk/ => https://bigrecycle.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://brightfutures.portsmouth.gov.uk/ => https://brightfutures.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.forms.portsmouth.gov.uk/ => https://www.forms.portsmouth.gov.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.mediastore.portsmouth.gov.uk/ => https://www.mediastore.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://scip.portsmouth.gov.uk/ => https://scip.portsmouth.gov.uk/: (28, 'Connection timed out after 20000 milliseconds')
+
 	For other UK government coverage, see GOV.UK.xml.
 
 	Non-functional hosts
@@ -24,30 +34,25 @@
 		- foster.portsmouth.gov.uk
 		- jsna.portsmouth.gov.uk
 		- www.portsmouth.gov.uk
+
+    Timeout:
+      emas.portsmouth.gov.uk
+      mediastore.portsmouth.gov.uk
 -->
 <ruleset name="Portsmouth.gov.uk">
 	<target host="admissions.portsmouth.gov.uk" />
 	<target host="adultdp.portsmouth.gov.uk" />
 	<target host="www.adultdp.portsmouth.gov.uk" />
-	<target host="airquality.portsmouth.gov.uk" />
-	<target host="bigrecycle.portsmouth.gov.uk" />
-	<target host="brightfutures.portsmouth.gov.uk" />
-	<target host="www.forms.portsmouth.gov.uk" />
-	<target host="emas.portsmouth.gov.uk" />
-	<target host="www.emas.portsmouth.gov.uk" />
-	<target host="mediastore.portsmouth.gov.uk" />
-	<target host="www.mediastore.portsmouth.gov.uk" />
+	<!-- target host="airquality.portsmouth.gov.uk" /-->
+	<!-- target host="bigrecycle.portsmouth.gov.uk" /-->
+	<!-- target host="brightfutures.portsmouth.gov.uk" /-->
+	<!-- target host="www.forms.portsmouth.gov.uk" /-->
+	<!-- target host="www.mediastore.portsmouth.gov.uk" /-->
 	<target host="parkingtickets.portsmouth.gov.uk" />
-	<target host="scip.portsmouth.gov.uk" />
+	<!-- target host="scip.portsmouth.gov.uk" /-->
 	<target host="securetransfer.portsmouth.gov.uk" />
 	<target host="volunteer.portsmouth.gov.uk" />
 
-	<rule from="^http://www\.emas\.portsmouth\.gov\.uk/"
-			to="https://emas.portsmouth.gov.uk/" />
-
-	<rule from="^http://www\.mediastore\.portsmouth\.gov\.uk/"
-			to="https://mediastore.portsmouth.gov.uk/" />
-
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PoshLiving.xml b/src/chrome/content/rules/PoshLiving.xml
deleted file mode 100644
index 591bef39513a..000000000000
--- a/src/chrome/content/rules/PoshLiving.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PoshLiving">
-
-	<target host="poshliving.com" />
-	<target host="www.poshliving.com" />
-
-
-	<securecookie host="^(?:www)?\.poshliving\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Positive-Software.xml b/src/chrome/content/rules/Positive-Software.xml
index e06a105b7c67..c568decbcba1 100644
--- a/src/chrome/content/rules/Positive-Software.xml
+++ b/src/chrome/content/rules/Positive-Software.xml
@@ -11,7 +11,7 @@ Fetch error: http://license.psoft.net/ => https://license.psoft.net/: (60, 'SSL
 	(www.)?psoft.net: Refused
 
 -->
-<ruleset name="PSoft.net (partial)" default_off='failed ruleset test'>
+<ruleset name="PSoft.net (partial)" default_off="failed ruleset test">
 
 	<target host="license.psoft.net" />
 
diff --git a/src/chrome/content/rules/PositiveSSL.xml b/src/chrome/content/rules/PositiveSSL.xml
index f50fbd6da0be..915656e38a98 100644
--- a/src/chrome/content/rules/PositiveSSL.xml
+++ b/src/chrome/content/rules/PositiveSSL.xml
@@ -8,7 +8,7 @@
 				-->
  <target host="positivessl.com" />
  <target host="www.positivessl.com" />
- 
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Post.at.xml b/src/chrome/content/rules/Post.at.xml
index c6a08ef8bc8f..689a8113d290 100644
--- a/src/chrome/content/rules/Post.at.xml
+++ b/src/chrome/content/rules/Post.at.xml
@@ -19,7 +19,6 @@
 	<test url="http://paolapanel.post.at/" />
 	<test url="http://philawiki.post.at/" />
 	<test url="http://secure.post.at/" />
-	<test url="http://secure.post.at/" />
 	<test url="http://versandmanager.post.at/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Post.ch.xml b/src/chrome/content/rules/Post.ch.xml
index a58e6ff49e35..712b7b815b8f 100644
--- a/src/chrome/content/rules/Post.ch.xml
+++ b/src/chrome/content/rules/Post.ch.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.mypostbusiness.ch/ => https://www.mypostbusiness.ch/: (6
 	* Refused
 
 -->
-<ruleset name="Post.ch" default_off='failed ruleset test'>
+<ruleset name="Post.ch" default_off="failed ruleset test">
     <target host="post.ch" />
     <target host="www.post.ch" />
     <target host="posta.ch" />
@@ -30,8 +30,6 @@ Fetch error: http://www.mypostbusiness.ch/ => https://www.mypostbusiness.ch/: (6
     <target host="postbus.ch" />
     <target host="mypostbusiness.ch" />
     <target host="www.mypostbusiness.ch" />
-    <target host="postfinance.ch"/>
-    <target host="www.postfinance.ch"/>
     <target host="postsuisseid.ch" />
     <target host="www.postsuisseid.ch" />
     <target host="swisssign.com" />
@@ -41,7 +39,6 @@ Fetch error: http://www.mypostbusiness.ch/ => https://www.mypostbusiness.ch/: (6
     <securecookie host="^(?:.*\.)?post.*\.ch$" name=".+" />
     <securecookie host="^(?:.*\.)?swisspost\.ch$" name=".+" />
     <securecookie host="^(?:.*\.)?swisspost\.com$" name=".+" />
-    <securecookie host="^(?:.*\.)?postfinance\.ch$" name=".+" />
     <securecookie host="^(?:.*\.)?postsuisseid\.ch$" name=".+" />
     <securecookie host="^(?:.*\.)?swisssign\.com$" name=".+" />
 
diff --git a/src/chrome/content/rules/PostImage.xml b/src/chrome/content/rules/PostImage.xml
index 283e7e629e33..725b2e1580c4 100644
--- a/src/chrome/content/rules/PostImage.xml
+++ b/src/chrome/content/rules/PostImage.xml
@@ -1,7 +1,5 @@
 <ruleset name="PostImage">
-	<target host="postimg.cc" />
-	<target host="www.postimg.cc" />
-
+	<!-- postimg.io -->
 	<target host="postimg.io" />
 	<target host="www.postimg.io" />
 	<target host="s1.postimg.io" />
@@ -38,61 +36,14 @@
 	<target host="s32.postimg.io" />
 	<target host="s33.postimg.io" />
 
+	<!-- postimage.io -->
 	<target host="postimage.io" />
 	<target host="www.postimage.io" />
 
-	<target host="postimg.org" />
-	<target host="www.postimg.org" />
-	<target host="beta.postimg.org" />
-	<target host="mod.postimg.org" />
-	<target host="old.postimg.org" />
-	<target host="s1.postimg.org" />
-	<target host="s2.postimg.org" />
-	<target host="s3.postimg.org" />
-	<target host="s4.postimg.org" />
-	<target host="s5.postimg.org" />
-	<target host="s6.postimg.org" />
-	<target host="s7.postimg.org" />
-	<target host="s8.postimg.org" />
-	<target host="s9.postimg.org" />
-	<target host="s10.postimg.org" />
-	<target host="s11.postimg.org" />
-	<target host="s12.postimg.org" />
-	<target host="s13.postimg.org" />
-	<target host="s14.postimg.org" />
-	<target host="s15.postimg.org" />
-	<target host="s16.postimg.org" />
-	<target host="s17.postimg.org" />
-	<target host="s18.postimg.org" />
-	<target host="s19.postimg.org" />
-	<target host="s20.postimg.org" />
-	<target host="s21.postimg.org" />
-	<target host="s22.postimg.org" />
-	<target host="s23.postimg.org" />
-	<target host="s24.postimg.org" />
-	<target host="s25.postimg.org" />
-	<target host="s26.postimg.org" />
-	<target host="s27.postimg.org" />
-	<target host="s28.postimg.org" />
-	<target host="s29.postimg.org" />
-	<target host="s30.postimg.org" />
-	<target host="s31.postimg.org" />
-	<target host="s32.postimg.org" />
-	<target host="s33.postimg.org" />
-	<target host="upload1.postimg.org" />
-	<target host="upload2.postimg.org" />
-	<target host="upload3.postimg.org" />
-	<target host="upload4.postimg.org" />
-	<target host="upload5.postimg.org" />
-	<target host="upload6.postimg.org" />
-	<target host="upload7.postimg.org" />
-	<target host="upload8.postimg.org" />
-	<target host="upload9.postimg.org" />
-
+	<!-- postimage.org -->
 	<target host="postimage.org" />
 	<target host="www.postimage.org" />
 	<target host="beta.postimage.org" />
-	<target host="blog.postimage.org" />
 	<target host="mod.postimage.org" />
 	<target host="old.postimage.org" />
 	<target host="s1.postimage.org" />
@@ -129,11 +80,11 @@
 	<target host="s32.postimage.org" />
 	<target host="s33.postimage.org" />
 
-	<target host="postimages.org" />
-	<target host="www.postimages.org" />
+	<!-- postimgs.org -->
+	<target host="postimgs.org" />
+	<target host="www.postimgs.org" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://mod\.postimg\.org/" to="https://mod.postimage.org/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PostPoints_Rewards.com.xml b/src/chrome/content/rules/PostPoints_Rewards.com.xml
deleted file mode 100644
index 3111228f547c..000000000000
--- a/src/chrome/content/rules/PostPoints_Rewards.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Washington Post Company coverage, see Washington-Post-Company.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- postpointsrewards.com
-		- www.postpointsrewards.com
-
--->
-<ruleset name="PostPoints Rewards.com">
-
-	<target host="postpointsrewards.com" />
-	<target host="www.postpointsrewards.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?postpointsrewards\.com$" name="^(?:BIGipServer|TS[\da-f]{8})$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Posta.sk.xml b/src/chrome/content/rules/Posta.sk.xml
new file mode 100644
index 000000000000..9a9062587c5b
--- /dev/null
+++ b/src/chrome/content/rules/Posta.sk.xml
@@ -0,0 +1,30 @@
+<!--
+	Nonfunctional hosts in *.posta.sk:
+
+	certificate mismatch:
+		- edokumenty.posta.sk
+	connection refused:
+		- ekpt.posta.sk
+-->
+<ruleset name="Posta.sk">
+	<target host="posta.sk" />
+	<target host="www.posta.sk" />
+	<target host="admin.posta.sk" />
+	<target host="api.posta.sk" />
+	<target host="bugzero.posta.sk" />
+	<target host="cennik.posta.sk" />
+	<target host="ekp.posta.sk" />
+	<target host="enews.posta.sk" />
+	<target host="eph.posta.sk" />
+	<target host="esipo.posta.sk" />
+	<target host="esluzby.posta.sk" />
+	<target host="evzdelavanie.posta.sk" />
+	<target host="kariera.posta.sk" />
+	<target host="mojezasielky.posta.sk" />
+	<target host="otvaraciehodiny.posta.sk" />
+	<target host="pohladnica.posta.sk" />
+	<target host="psc.posta.sk" />
+	<target host="tandt.posta.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postal_Heritage.org.uk.xml b/src/chrome/content/rules/Postal_Heritage.org.uk.xml
index 53b1971170a2..1b2bc046f062 100644
--- a/src/chrome/content/rules/Postal_Heritage.org.uk.xml
+++ b/src/chrome/content/rules/Postal_Heritage.org.uk.xml
@@ -6,7 +6,7 @@ Fetch error: http://assets1.postalheritage.org.uk/ => https://assets1.postalheri
 	At least some pages redirect to http.
 
 -->
-<ruleset name="Postal Heritage.org.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Postal Heritage.org.uk (partial)" default_off="failed ruleset test">
 
 	<target host="postalheritage.org.uk" />
 	<target host="assets1.postalheritage.org.uk" />
diff --git a/src/chrome/content/rules/Poste-Impresa.it.xml b/src/chrome/content/rules/Poste-Impresa.it.xml
deleted file mode 100644
index 4b0c17e598d8..000000000000
--- a/src/chrome/content/rules/Poste-Impresa.it.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For other Poste Italiane coverage, see Poste.it.xml.
-
-
-	^poste-impresa.it: Mismatched
-
-
-	Mixed content:
-
-		- Bug on www from statse.webtrendslive.com *
-
-	* Secured by us
-
--->
-<ruleset name="Poste-Impresa.it">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.poste-impresa.it" />
-
-	<!--	Complications:
-				-->
-	<target host="poste-impresa.it" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://poste-impresa\.it/"
-		to="https://www.poste-impresa.it/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Poste.it.xml b/src/chrome/content/rules/Poste.it.xml
index 266b59956f7e..b000f8a3ddef 100644
--- a/src/chrome/content/rules/Poste.it.xml
+++ b/src/chrome/content/rules/Poste.it.xml
@@ -12,10 +12,8 @@ Fetch error: http://myposteimpresa.poste.it/ => https://myposteimpresa.poste.it/
 		- Kipoint.it.xml
 		- PI_CERT.it.xml
 		- Posta-Online.it.xml
-		- Poste-Impresa.it.xml
 		- PosteShop.it.xml
 		- Postel.it.xml
-		- Risparmio_Postale.it.xml
 		- SDA.it.xml
 
 
@@ -42,7 +40,7 @@ Fetch error: http://myposteimpresa.poste.it/ => https://myposteimpresa.poste.it/
 	* Secured by us
 
 -->
-<ruleset name="Poste.it (partial)" default_off='failed ruleset test'>
+<ruleset name="Poste.it (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PosteShop.it.xml b/src/chrome/content/rules/PosteShop.it.xml
index 84d153dcbf9a..0ae2070eaa55 100644
--- a/src/chrome/content/rules/PosteShop.it.xml
+++ b/src/chrome/content/rules/PosteShop.it.xml
@@ -10,7 +10,7 @@ Fetch error: http://posteshop.it/ => https://www.posteshop.it/: (6, 'Could not r
 	^posteshop.it: Mismatched
 
 -->
-<ruleset name="PosteShop.it" default_off='failed ruleset test'>
+<ruleset name="PosteShop.it" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Posteo.xml b/src/chrome/content/rules/Posteo.xml
deleted file mode 100644
index 0fa03ab22c69..000000000000
--- a/src/chrome/content/rules/Posteo.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://m.posteo.de/ => https://m.posteo.de/: (6, 'Could not resolve host: m.posteo.de')
-
-    Fully covered subdomains:
-
-        - $
-        - autodiscover
-        - api
-        - cdn
-        - www
-        - lists
-        - m
-
--->
-<ruleset name="Posteo.de" default_off='failed ruleset test'>
-    <target host="posteo.de" />
-    <target host="api.posteo.de" />
-    <target host="autodiscover.posteo.de" />
-    <target host="cdn.posteo.de" />
-    <target host="m.posteo.de" />
-    <target host="lists.posteo.de" />
-    <target host="www.posteo.de" />
-
-    <securecookie host="^(www\.|m\.|lists\.|autodiscover\.|api\.|cdn\.)?posteo\.de" name=".+" />
-
-    <rule from="^http:"
-            to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/PostgreSQL-self-signed.xml b/src/chrome/content/rules/PostgreSQL-self-signed.xml
deleted file mode 100644
index bac81b5886e0..000000000000
--- a/src/chrome/content/rules/PostgreSQL-self-signed.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see PostgreSQL.xml.
-
--->
-<ruleset name="PostgreSQL (self-signed)" default_off="self-signed">
-
-	<target host="svn.postgresqlfr.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PostgreSQL.xml b/src/chrome/content/rules/PostgreSQL.xml
deleted file mode 100644
index 9ca7a3da94e7..000000000000
--- a/src/chrome/content/rules/PostgreSQL.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	For problematic rules, see PostgreSQL-self-signed.xml.
-
-
-	As of 2012-02-09, known unprotected .org subdomains are:
-
-		- archives
-		- babel
-		- buildfarm
-		- doxygen
-		- ftp
-		- git
-		- jdbc
-		- media
-		- *.projects
-		- webmail
-		- www
-		- yum
-
-
-	Other nonfunctional domains:
-
-		- (www.)pgfoundry.org
-		- (www.)pgsql.ru
-		- images.pgsql.ru
-		- docs.postgresql.fr *
-		- www.postgresql.fr *
-
-	* Shows login; mismatched, CN: svn.postgresqlfr.org
-
-
-	Problematic domains:
-
-		- postgresql.eu
-		- svn.postgresqlfr.org	(self-signed)
-		- postresql.org		(404)
-
--->
-<ruleset name="PostgreSQL">
-
-	<target host="postgresql.eu" />
-	<target host="www.postgresql.eu" />
-	<target host="postgresql.org" />
-	<target host="*.postgresql.org" />
-	<target host="postgresql.us" />
-	<target host="*.postgresql.us" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.postgresql\.org$" name="^__utm\w$" />
-	<securecookie host="^wiki\.postgresql\.org$" name=".+" />
-	<securecookie host="^\.postgresql.us$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?postgresql\.eu/"
-		to="https://www.postgresql.eu/" />
-
-	<rule from="^http://(?:www\.)?postgresql\.org/(account|media)/"
-		to="https://www.postgresql.org/$1/" />
-
-	<rule from="^http://(commitfest|nagios|planet|redmine|wiki)\.postgresql\.org/"
-		to="https://$1.postgresql.org/" />
-
-	<rule from="^http://(www\.)?postgresql\.us/"
-		to="https://$1postgresql.us/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.eu.xml b/src/chrome/content/rules/Postgresql.eu.xml
new file mode 100644
index 000000000000..7ba6685c29f2
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.eu.xml
@@ -0,0 +1,9 @@
+<!--
+	For other PostgreSQL coverage, see Postgresql.org.xml.
+-->
+<ruleset name="Postgresql.eu">
+	<target host="postgresql.eu" />
+	<target host="www.postgresql.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.fr.xml b/src/chrome/content/rules/Postgresql.fr.xml
new file mode 100644
index 000000000000..f78230527fbd
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.fr.xml
@@ -0,0 +1,23 @@
+<!--
+	For other PostgreSQL coverage, see Postgresql.org.xml.
+
+	Nonfunctional hosts in *.postgresql.fr:
+		- postgresql.fr (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Postgresql.fr">
+	<target host="postgresql.fr" />
+	<target host="www.postgresql.fr" />
+	<target host="archives.postgresql.fr" />
+	<target host="docs.postgresql.fr" />
+	<target host="listes.postgresql.fr" />
+	<target host="planete.postgresql.fr" />
+
+	<rule from="^http://postgresql\.fr/" to="https://www.postgresql.fr/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.org.xml b/src/chrome/content/rules/Postgresql.org.xml
new file mode 100644
index 000000000000..e9380378d289
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.org.xml
@@ -0,0 +1,52 @@
+<!--
+	Other PostgreSQL rulesets:
+		- Postgresql.eu.xml
+		- Postgresql.fr.xml
+		- Postgresql.us.xml
+
+	As of 2018-06-23, known unprotected .org subdomains are:
+
+		- *.projects
+		- nagios.postgresql.org (mismatch)
+
+
+	Other nonfunctional domains:
+
+		- (www.)pgfoundry.org
+		- (www.)pgsql.ru
+		- images.pgsql.ru
+-->
+<ruleset name="PostgreSQL">
+
+	<target host="postgresql.org" />
+	<target host="www.postgresql.org" />
+	<target host="archives.postgresql.org" />
+	<target host="babel.postgresql.org" />
+	<target host="buildfarm.postgresql.org" />
+	<target host="commitfest.postgresql.org" />
+	<target host="doxygen.postgresql.org" />
+	<target host="ftp.postgresql.org" />
+	<target host="git.postgresql.org" />
+	<target host="jdbc.postgresql.org" />
+	<target host="lists.postgresql.org" />
+	<target host="media.postgresql.org" />
+		<test url="http://media.postgresql.org/sfpug/instagram_sfpug.pdf" />
+	<target host="odbc.postgresql.org" />
+	<target host="planet.postgresql.org" />
+	<target host="redmine.postgresql.org" />
+	<target host="webmail.postgresql.org" />
+	<target host="wiki.postgresql.org" />
+	<target host="yum.postgresql.org" />
+	<target host="zypp.postgresql.org" />
+
+
+	<!--	Tracking cookies:
+					-->
+	<securecookie host="^\.postgresql\.org$" name="^__utm\w$" />
+	<securecookie host="^wiki\.postgresql\.org$" name=".+" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Postgresql.us.xml b/src/chrome/content/rules/Postgresql.us.xml
new file mode 100644
index 000000000000..d64d40b119e9
--- /dev/null
+++ b/src/chrome/content/rules/Postgresql.us.xml
@@ -0,0 +1,20 @@
+<!--
+	For other PostgreSQL coverage, see Postgresql.org.xml.
+
+	Nonfunctional hosts in *.postgresql.us:
+		- lists.postgresql.us (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Postgresql.us">
+	<target host="postgresql.us" />
+	<target host="www.postgresql.us" />
+	<target host="pdx.postgresql.us" />
+	<target host="pgdayaustin2017.postgresql.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Posthaven.com-problematic.xml b/src/chrome/content/rules/Posthaven.com-problematic.xml
deleted file mode 100644
index a4bd396ed943..000000000000
--- a/src/chrome/content/rules/Posthaven.com-problematic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules that are on by default, see Posthaven.com.xml.
-
--->
-<ruleset name="Posthaven.com (problematic)" default_off="mismatched">
-
-	<target host="*.posthaven.com" />
-		<!--
-			Handled in Posthaven.com.xml
-							-->
-		<!--exclusion pattern="^http://www\." /-->
-
-
-	<securecookie host="^(?!www\.).+\.posthaven\.com$" name=".+" />
-
-
-	<rule from="^http://(?!www\.)(\w+)\.posthaven\.com/"
-		to="https://$1.posthaven.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Posthaven.com.xml b/src/chrome/content/rules/Posthaven.com.xml
index cf93fb49a1da..0b1ad7e68502 100644
--- a/src/chrome/content/rules/Posthaven.com.xml
+++ b/src/chrome/content/rules/Posthaven.com.xml
@@ -1,31 +1,20 @@
 <!--
-	For problematic rules, see Posthaven.com-problematic.xml.
-
-
-	CDN buckets:
-
-		- phaven-prod.s3.amazonaws.com
-		- posthaven-assets.s3.amazonaws.com
-
-
-	Problematic subdomains:
-
-		- blog *
-		- \w+ *	(per-account subdomains)
-
-	* Works; mismatched, CN: posthaven.com
-
+	Wildcard certificate and DNS records:
+ 		- posthaven.com
 -->
-<ruleset name="Posthaven.com (partial)">
 
+<ruleset name="Posthaven.com">
 	<target host="posthaven.com" />
-	<target host="www.posthaven.com" />
-
+	<target host="*.posthaven.com" />
+		<test url="http://www.posthaven.com/" />
+		<test url="http://alex.posthaven.com/" />
+		<test url="http://blog.posthaven.com/" />
+		<test url="http://geekomotion.posthaven.com/" />
 
 	<securecookie host="^posthaven\.com$" name=".+" />
 
-
-	<rule from="^http:"
-		to="https:" />
-
+	<!-- posthaven.com -->
+	<!-- *.posthaven.com -->
+	<rule from="^http://([\w-]+\.)?posthaven\.com/"
+		to="https://$1posthaven.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Postini.xml b/src/chrome/content/rules/Postini.xml
deleted file mode 100644
index 192597dc7cf8..000000000000
--- a/src/chrome/content/rules/Postini.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Google coverage, see GoogleServices.xml.
-
--->
-<ruleset name="Postini.com (partial)">
-
-	<target host="login.postini.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Postlapsaria.xml b/src/chrome/content/rules/Postlapsaria.xml
index d23cfd0b698e..6b42d7148e45 100644
--- a/src/chrome/content/rules/Postlapsaria.xml
+++ b/src/chrome/content/rules/Postlapsaria.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?postlapsaria\.com/"
 		to="https://secure.hostmonster.com/~postlaps/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Postnewsads.com.xml b/src/chrome/content/rules/Postnewsads.com.xml
index f7d48a9fd0a5..2f2da0375b84 100644
--- a/src/chrome/content/rules/Postnewsads.com.xml
+++ b/src/chrome/content/rules/Postnewsads.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.postnewsads.com/ => https://postnewsads.com/: (35, 'Unkn
 	www.postnewsads.com: 404
 
 -->
-<ruleset name="postnewsads.com" default_off='failed ruleset test'>
+<ruleset name="postnewsads.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Postscapes.com.xml b/src/chrome/content/rules/Postscapes.com.xml
index dd42653a9720..8197e998c6de 100644
--- a/src/chrome/content/rules/Postscapes.com.xml
+++ b/src/chrome/content/rules/Postscapes.com.xml
@@ -6,7 +6,7 @@
 
 	Time out:
 		about.postscapes.com
-	
+
 	No working URL known:
 		clips.postscapes.com
 		iotawards.postscapes.com
diff --git a/src/chrome/content/rules/Potager.org.xml b/src/chrome/content/rules/Potager.org.xml
index 0a25dc1cbeb6..a45711e0b72c 100644
--- a/src/chrome/content/rules/Potager.org.xml
+++ b/src/chrome/content/rules/Potager.org.xml
@@ -1,44 +1,28 @@
 <!--
-	Fully covered domains:
-
-		- (www.)pimienta.org
-		- (www.)poivron.org
-		- potager.org
-
-		- *.potager.org:
-
-			- community
-			- mail
-			- www
-
-		(www.)sweetpepper.org
+	Invalid certificate:
+		- kigbg
+		- policespiesoutoflives
 
+	Expired:
+		- lagrandeourse
 -->
-<ruleset name="potager.org">
-
-	<target host="pimienta.org" />
-	<target host="*.pimienta.org" />
-	<target host="poivron.org" />
-	<target host="*.poivron.org" />
+<ruleset name="Potager.org">
 	<target host="potager.org" />
-	<target host="*.potager.org" />
-	<target host="sweetpepper.org" />
-	<target host="*.sweetpepper.org" />
-
-
-	<securecookie host="^mail\.potager\.org$" name=".+" />
-
-
-	<rule from="^http://([^/:@\.]+\.)?pimienta\.org/"
-		to="https://$1pimienta.org/" />
-
-	<rule from="^http://([^/:@\.]+\.)?poivron\.org/"
-		to="https://$1poivron.org/" />
-
-	<rule from="^http://([^/:@\.]+\.)?potager\.org/"
-		to="https://$1potager.org/" />
-
-	<rule from="^http://([^/:@\.]+\.)?sweetpepper\.org/"
-		to="https://$1sweetpepper.org/" />
-
+	<target host="www.potager.org" />
+	<target host="awasmifee.potager.org" />
+	<target host="bla.potager.org" />
+	<target host="community.potager.org" />
+	<target host="coquelicot.potager.org" />
+	<target host="help.potager.org" />
+	<target host="jardindesmaraichers.potager.org" />
+	<target host="lentilleres.potager.org" />
+	<target host="leschouxlents.potager.org" />
+	<target host="mail.potager.org" />
+	<target host="mire.potager.org" />
+	<target host="pad.potager.org" />
+
+	<rule from="^http://www\.potager\.org/"
+		to="https://potager.org/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PowNed.xml b/src/chrome/content/rules/PowNed.xml
index f50f3177052c..a3e32ed12063 100644
--- a/src/chrome/content/rules/PowNed.xml
+++ b/src/chrome/content/rules/PowNed.xml
@@ -6,7 +6,7 @@ Fetch error: http://registratie.powned.tv/ => https://registratie.powned.tv/: (2
 	!functional:
 		- (www.)powned.tv
 -->
-<ruleset name="PowNed (partial)" default_off='failed ruleset test'>
+<ruleset name="PowNed (partial)" default_off="failed ruleset test">
 
 	<target host="registratie.powned.tv"/>
 
diff --git a/src/chrome/content/rules/PowWeb.xml b/src/chrome/content/rules/PowWeb.xml
index a9039d6ee712..5be795d29092 100644
--- a/src/chrome/content/rules/PowWeb.xml
+++ b/src/chrome/content/rules/PowWeb.xml
@@ -1,13 +1,16 @@
 <ruleset name="PowWeb">
 
 	<target host="powweb.com" />
-	<target host="*.powweb.com" />
+	<target host="blog.powweb.com" />
+	<!--target host="forums.powweb.com" /-->
+	<target host="partners.powweb.com" />
+	<target host="secure.powweb.com" />
+	<target host="www.powweb.com" />
 
 
 	<securecookie host="^\.powweb\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|forums|partners|secure|www)\.)?powweb\.com/"
-		to="https://$1powweb.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powells.com.xml b/src/chrome/content/rules/Powells.com.xml
index 3fa70e9ff0d8..3e9c07c0a4cb 100644
--- a/src/chrome/content/rules/Powells.com.xml
+++ b/src/chrome/content/rules/Powells.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://powells.com/ => https://www.powells.com/: Too many redirects while fetching 'https://www.powells.com/'
 
 -->
-<ruleset name="Powells.com" default_off='failed ruleset test'>
+<ruleset name="Powells.com" default_off="failed ruleset test">
 
 	<target host="powells.com" />
 	<target host="*.powells.com" />
diff --git a/src/chrome/content/rules/PowerDNS.com.xml b/src/chrome/content/rules/PowerDNS.com.xml
index 45c2472bc9bf..36d9bf0f1f47 100644
--- a/src/chrome/content/rules/PowerDNS.com.xml
+++ b/src/chrome/content/rules/PowerDNS.com.xml
@@ -1,21 +1,28 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://rt.powerdns.com/ => https://rt.powerdns.com/: (7, 'Failed to connect to rt.powerdns.com port 443: Connection refused')
-Fetch error: http://xs.powerdns.com/ => https://xs.powerdns.com/: (7, 'Failed to connect to xs.powerdns.com port 443: Connection refused')
+	Expired:
+		- rt.powerdns.com
+		- xs.powerdns.com
 
+	Secure connection failed:
+		- pdnsdev.powerdns.com
 -->
-<ruleset name="PowerDNS.com" default_off='failed ruleset test'>
+<ruleset name="PowerDNS.com">
 
 	<target host="powerdns.com" />
+	<target host="www.powerdns.com" />
+	<target host="blog.powerdns.com" />
+	<target host="builder.powerdns.com" />
 	<target host="doc.powerdns.com" />
+	<target host="docs.powerdns.com" />
 	<target host="downloads.powerdns.com" />
-	<target host="rt.powerdns.com" />
-	<target host="www.powerdns.com" />
-	<target host="xs.powerdns.com" />
+	<target host="mailman.powerdns.com" />
+	<target host="metronome1.powerdns.com" />
+	<target host="repo.powerdns.com" />
+	<target host="rtfm.powerdns.com" />
+	<target host="wiki.powerdns.com" />
 
 
-	<securecookie host="^rt\.powerdns\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/PowerPay.biz.xml b/src/chrome/content/rules/PowerPay.biz.xml
index c87b09a65fd5..0eff19dc5bd0 100644
--- a/src/chrome/content/rules/PowerPay.biz.xml
+++ b/src/chrome/content/rules/PowerPay.biz.xml
@@ -1,7 +1,12 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://app.powerpay.biz/ => https://app.powerpay.biz/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://merchantcenter.powerpay.biz/ => https://merchantcenter.powerpay.biz/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
 	Other PowerPay rulesets:
 
-		- E-onlinedata.com.xml
 
 
 	(www.): 404; mismatched, CN: www.e-onlinedata.com
@@ -9,8 +14,8 @@
 -->
 <ruleset name="PowerPay.biz (partial)">
 
-	<target host="app.powerpay.biz" />
-	<target host="merchantcenter.powerpay.biz" />
+	<!-- target host="app.powerpay.biz" /-->
+	<!-- target host="merchantcenter.powerpay.biz" /-->
 	<target host="secure.powerpay.biz" />
 
 
diff --git a/src/chrome/content/rules/PowerTech.no-problematic.xml b/src/chrome/content/rules/PowerTech.no-problematic.xml
index e06985641c32..66ded7654e63 100644
--- a/src/chrome/content/rules/PowerTech.no-problematic.xml
+++ b/src/chrome/content/rules/PowerTech.no-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see PowerTech.no.xml.
 
 -->
-<ruleset name="PowerTech.no (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="PowerTech.no (missing certificate chain)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PowerTech.no.xml b/src/chrome/content/rules/PowerTech.no.xml
deleted file mode 100644
index 30cfdea2a2cb..000000000000
--- a/src/chrome/content/rules/PowerTech.no.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	For problematic rules, see PowerTech.no-problematic.xml.
-
-
-	(www.)?powertech.no: Refused
-
-
-	Problematic hosts in *powertech.no:
-
-		- secure *
-
-	* Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- epost.powertech.no
-
--->
-<ruleset name="PowerTech.no (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="epost.powertech.no" />
-	<!--target host="secure.powertech.no" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^epost\.powertech\.no$" name="^SQMSESSID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Power_Speaking.com.xml b/src/chrome/content/rules/Power_Speaking.com.xml
deleted file mode 100644
index 67709f9cd006..000000000000
--- a/src/chrome/content/rules/Power_Speaking.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(shows goldmember.fordela.com Drupal)
-
--->
-<ruleset name="Power Speaking.com">
-
-	<target host="powerspeaking.com" />
-	<target host="*.powerspeaking.com" />
-
-
-	<securecookie host="^\.powerspeaking\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?powerspeaking\.com/"
-		to="https://www.powerspeaking.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Power_to_the_Pooch.xml b/src/chrome/content/rules/Power_to_the_Pooch.xml
index 7a09822725cf..6fb0ac8c8179 100644
--- a/src/chrome/content/rules/Power_to_the_Pooch.xml
+++ b/src/chrome/content/rules/Power_to_the_Pooch.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.powertothepooch.com/ => https://www.powertothepooch.com/
 Disabled by https-everywhere-checker because:
 Fetch error: http://powertothepooch.com/ => https://powertothepooch.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Power to the Pooch" default_off='failed ruleset test'>
+<ruleset name="Power to the Pooch" default_off="failed ruleset test">
 
 	<target host="powertothepooch.com" />
 	<target host="www.powertothepooch.com" />
@@ -18,4 +18,4 @@ Fetch error: http://powertothepooch.com/ => https://powertothepooch.com/: (28, '
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powered_by_Paquin.xml b/src/chrome/content/rules/Powered_by_Paquin.xml
index 3e9337695b2a..71e18aa349ed 100644
--- a/src/chrome/content/rules/Powered_by_Paquin.xml
+++ b/src/chrome/content/rules/Powered_by_Paquin.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.poweredbypaquin.com/ => https://www.poweredbypaquin.com/
 Disabled by https-everywhere-checker because:
 Fetch error: http://poweredbypaquin.com/ => https://poweredbypaquin.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Powered by Paquin" default_off='failed ruleset test'>
+<ruleset name="Powered by Paquin" default_off="failed ruleset test">
 
 	<target host="poweredbypaquin.com" />
 	<target host="www.poweredbypaquin.com" />
@@ -18,4 +18,4 @@ Fetch error: http://poweredbypaquin.com/ => https://poweredbypaquin.com/: (28, '
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powerhosting.dk.xml b/src/chrome/content/rules/Powerhosting.dk.xml
index 650eb3dfed5e..5b69b2c57957 100644
--- a/src/chrome/content/rules/Powerhosting.dk.xml
+++ b/src/chrome/content/rules/Powerhosting.dk.xml
@@ -20,7 +20,9 @@
 <ruleset name="Powerhosting.dk (partial)">
 
 	<target host="powerhosting.dk" />
-	<target host="*.powerhosting.dk" />
+	<target host="webadmin.powerhosting.dk" />
+	<target host="www.powerhosting.dk" />
+	<target host="blog.powerhosting.dk" />
 
 
 	<rule from="^http://(?:(webadmin\.)|www\.)?powerhosting\.dk/"
diff --git a/src/chrome/content/rules/Powerlineman_Magazine.xml b/src/chrome/content/rules/Powerlineman_Magazine.xml
index d0f70714d9d1..8d04b8853ef7 100644
--- a/src/chrome/content/rules/Powerlineman_Magazine.xml
+++ b/src/chrome/content/rules/Powerlineman_Magazine.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Powernotebooks.com.xml b/src/chrome/content/rules/Powernotebooks.com.xml
index 1e80eed6a9ca..103a2482d52d 100644
--- a/src/chrome/content/rules/Powernotebooks.com.xml
+++ b/src/chrome/content/rules/Powernotebooks.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://powernotebooks.com/ => https://powernotebooks.com/: (60, 'SS
 Fetch error: http://www.powernotebooks.com/ => https://www.powernotebooks.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Powernotebooks.com" default_off='failed ruleset test'>
+<ruleset name="Powernotebooks.com" default_off="failed ruleset test">
 	<target host="powernotebooks.com" />
 	<target host="www.powernotebooks.com" />
 
diff --git a/src/chrome/content/rules/Poynton.ca.xml b/src/chrome/content/rules/Poynton.ca.xml
new file mode 100644
index 000000000000..c0f224f5049c
--- /dev/null
+++ b/src/chrome/content/rules/Poynton.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="Poynton.ca">
+	<target host="poynton.ca" />
+	<target host="www.poynton.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PracticeBusiness.co.uk.xml b/src/chrome/content/rules/PracticeBusiness.co.uk.xml
new file mode 100644
index 000000000000..e32e3ee2d57a
--- /dev/null
+++ b/src/chrome/content/rules/PracticeBusiness.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Wildcard DNS records:
+		- *.practicebusiness.co.uk
+-->
+
+<ruleset name="PracticeBusiness.co.uk">
+	<target host="practicebusiness.co.uk" />
+	<target host="www.practicebusiness.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PragmaticMarketing.com.xml b/src/chrome/content/rules/PragmaticMarketing.com.xml
new file mode 100644
index 000000000000..4cccd8f55ec8
--- /dev/null
+++ b/src/chrome/content/rules/PragmaticMarketing.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts:
+		Timeout:
+		- buy.pragmaticmarketing.com
+-->
+<ruleset name="PragmaticMarketing.com (partial)">
+
+	<target host="pragmaticmarketing.com" />
+	<target host="www.pragmaticmarketing.com" />
+	<target host="mediafiles.pragmaticmarketing.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Pragmatic_Marketing.com.xml b/src/chrome/content/rules/Pragmatic_Marketing.com.xml
deleted file mode 100644
index 94133f72923b..000000000000
--- a/src/chrome/content/rules/Pragmatic_Marketing.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	CDN buckets:
-
-		- pragmatic-marketing-469ad240.s3.amazonaws.com
-
-		- d1qrnovf1k6d8a.cloudfront.net
-
-			- mediafiles
-
-
-	Partially covered subdomains:
-
-		- (www.)	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- buy
-		- mediafiles	(→ d1qrnovf1k6d8a.cloudfront.net)
-
--->
-<ruleset name="Pragmatic Marketing.com (partial)">
-
-	<target host="pragmaticmarketing.com" />
-	<target host="*.pragmaticmarketing.com" />
-		<!--exclusion pattern="^http://(www\.)?pragmaticmarketing\.com/+($|\?|favicon\.ico|my-account/|resources/[\w-]+$)" /-->
-		<exclusion pattern="^http://(?:www\.)?pragmaticmarketing\.com/(?![cC]ontent/|Scripts/)" />
-
-
-	<rule from="^http://(buy\.|www\.)?pragmaticmarketing\.com/"
-		to="https://$1pragmaticmarketing.com/" />
-
-	<rule from="^http://mediafiles\.pragmaticmarketing\.com/"
-		to="https://d1qrnovf1k6d8a.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pragmatic_Studio.com.xml b/src/chrome/content/rules/Pragmatic_Studio.com.xml
index 59334f7875bb..0e5d9122bcbf 100644
--- a/src/chrome/content/rules/Pragmatic_Studio.com.xml
+++ b/src/chrome/content/rules/Pragmatic_Studio.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://alumni.pragmaticstudio.com/ => https://alumni.pragmaticstudi
 		- online
 
 -->
-<ruleset name="Pragmatic Studio.com" default_off='failed ruleset test'>
+<ruleset name="Pragmatic Studio.com" default_off="failed ruleset test">
 
 	<target host="pragmaticstudio.com" />
 	<target host="alumni.pragmaticstudio.com" />
diff --git a/src/chrome/content/rules/Pravduh.com.xml b/src/chrome/content/rules/Pravduh.com.xml
new file mode 100644
index 000000000000..8dc0872091fa
--- /dev/null
+++ b/src/chrome/content/rules/Pravduh.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Pravduh.com">
+	<target host="pravduh.com" />
+	<target host="www.pravduh.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PravyDiplom.cz.xml b/src/chrome/content/rules/PravyDiplom.cz.xml
index 0fe773e88f04..544c09ea99bb 100644
--- a/src/chrome/content/rules/PravyDiplom.cz.xml
+++ b/src/chrome/content/rules/PravyDiplom.cz.xml
@@ -11,7 +11,6 @@
 	<!--securecookie host="^pravydiplom\.cz$" name="^issession$" /-->
 	<securecookie host="^pravydiplom\.cz$" name=".+" />
 
-	<test url="http://www.pravydiplom.cz/" />
 
 	<rule from="^http://www\.pravydiplom\.cz/" to="https://pravydiplom.cz/" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/PrayerTimes.date.xml b/src/chrome/content/rules/PrayerTimes.date.xml
new file mode 100644
index 000000000000..5d04051b9438
--- /dev/null
+++ b/src/chrome/content/rules/PrayerTimes.date.xml
@@ -0,0 +1,8 @@
+<ruleset name="PrayerTimes.date">
+	<target host="prayertimes.date" />
+	<target host="www.prayertimes.date" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PreCharge.net.xml b/src/chrome/content/rules/PreCharge.net.xml
index 6ef0b04e3f95..0149b52efdf2 100644
--- a/src/chrome/content/rules/PreCharge.net.xml
+++ b/src/chrome/content/rules/PreCharge.net.xml
@@ -36,7 +36,8 @@
 -->
 <ruleset name="preCharge.net (partial)">
 
-	<target host="*.precharge.net" />
+	<target host="affiliates.precharge.net" />
+	<target host="secure.precharge.net" />
 
 
 	<!--	Not secured by server:
@@ -49,7 +50,6 @@
 	<rule from="^http://affiliates\.precharge\.net/"
 		to="https://affiliates.precharge.com/" />
 
-	<rule from="^http://secure\.precharge\.net/"
-		to="https://secure.precharge.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Precision_Marine_Tools.xml b/src/chrome/content/rules/Precision_Marine_Tools.xml
index 30c8b0e3e764..710f6d412d52 100644
--- a/src/chrome/content/rules/Precision_Marine_Tools.xml
+++ b/src/chrome/content/rules/Precision_Marine_Tools.xml
@@ -4,15 +4,15 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://precisionmarinetools.com/ => https://precisionmarinetools.com/: (51, "SSL: no alternative certificate subject name matches target host name 'precisionmarinetools.com'")
 
 -->
-<ruleset name="Precision Marine Tools" default_off='failed ruleset test'>
+<ruleset name="Precision Marine Tools" default_off="failed ruleset test">
 
 	<target host="precisionmarinetools.com" />
 	<target host="www.precisionmarinetools.com" />
 
 
-	<securecookie host="^(?:.*\.)?precisionmarinetools\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Prediction.IO.xml b/src/chrome/content/rules/Prediction.IO.xml
index 1ba7eb3ca47d..8fd11abd9f7c 100644
--- a/src/chrome/content/rules/Prediction.IO.xml
+++ b/src/chrome/content/rules/Prediction.IO.xml
@@ -46,7 +46,7 @@ Fetch error: http://static.prediction.io/ => https://static.prediction.io/: (6,
 	* Secured by us
 
 -->
-<ruleset name="Prediction.IO" default_off='failed ruleset test'>
+<ruleset name="Prediction.IO" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Preferred_Reservations.xml b/src/chrome/content/rules/Preferred_Reservations.xml
index 340753aa2144..419a974ca6dd 100644
--- a/src/chrome/content/rules/Preferred_Reservations.xml
+++ b/src/chrome/content/rules/Preferred_Reservations.xml
@@ -8,7 +8,7 @@ Fetch error: http://vr.preferred-reservations.com/ => https://vr.preferred-reser
 		- www		(works; mismatched, CN: vr.preferred-reservations.com)
 
 -->
-<ruleset name="Preferred Reservations (partial)" default_off='failed ruleset test'>
+<ruleset name="Preferred Reservations (partial)" default_off="failed ruleset test">
 
 	<target host="vr.preferred-reservations.com" />
 
@@ -18,4 +18,4 @@ Fetch error: http://vr.preferred-reservations.com/ => https://vr.preferred-reser
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PremierLiga.ru.xml b/src/chrome/content/rules/PremierLiga.ru.xml
new file mode 100644
index 000000000000..4d7e8efec328
--- /dev/null
+++ b/src/chrome/content/rules/PremierLiga.ru.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+		- www.app
+		- www.eng
+		- www.m
+		- www.premium
+-->
+<ruleset name="PremierLiga.ru">
+	<target host="premierliga.ru" />
+	<target host="www.premierliga.ru" />
+	<target host="app.premierliga.ru" />
+	<target host="autodiscover.premierliga.ru" />
+	<target host="eng.premierliga.ru" />
+	<target host="m.premierliga.ru" />
+	<target host="mail.premierliga.ru" />
+	<target host="premium.premierliga.ru" />
+	<target host="test.premierliga.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PressDisplay.com.xml b/src/chrome/content/rules/PressDisplay.com.xml
new file mode 100644
index 000000000000..1f79552296b6
--- /dev/null
+++ b/src/chrome/content/rules/PressDisplay.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other NewspaperDirect.com related rulesets, see NewspaperDirect.xml
+
+	Non-functional hosts
+		SSL connect error:
+		- pressdisplay.com
+		- processing.pressdisplay.com
+
+		SSL peer certificate was not OK:
+		- cache-styles.pressdisplay.com
+		- images2.pressdisplay.com
+
+		4xx client error:
+		- cache3-img1.pressdisplay.com
+		- reports.pressdisplay.com
+
+		Different content:
+		- www.pressdisplay.com
+		- library.pressdisplay.com
+-->
+<ruleset name="PressDisplay.com" default_off="ssl-error">
+	<target host="pressdisplay.com" />
+	<target host="processing.pressdisplay.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PressLabs_SSL.xml b/src/chrome/content/rules/PressLabs_SSL.xml
index b8f1b9434f29..5a49ab6782c7 100644
--- a/src/chrome/content/rules/PressLabs_SSL.xml
+++ b/src/chrome/content/rules/PressLabs_SSL.xml
@@ -9,7 +9,7 @@ Fetch error: http://plssl.com/ => https://plssl.com/: (7, 'Failed to connect to
 	Clients have unique subdomains.
 
 -->
-<ruleset name="PressLabs SSL" default_off='failed ruleset test'>
+<ruleset name="PressLabs SSL" default_off="failed ruleset test">
 
 	<target host="plssl.com" />
 	<target host="*.plssl.com" />
diff --git a/src/chrome/content/rules/PressPage.com.xml b/src/chrome/content/rules/PressPage.com.xml
index c7097b543179..ac036246ed2e 100644
--- a/src/chrome/content/rules/PressPage.com.xml
+++ b/src/chrome/content/rules/PressPage.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://client.presspage.com/ => https://client.presspage.com/: (60,
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="PressPage.com (partial)" default_off='failed ruleset test'>
+<ruleset name="PressPage.com (partial)" default_off="failed ruleset test">
 
 	<target host="client.presspage.com" />
 	<target host="content.presspage.com" />
diff --git a/src/chrome/content/rules/PressPlay.co.xml b/src/chrome/content/rules/PressPlay.co.xml
new file mode 100644
index 000000000000..3978cce52733
--- /dev/null
+++ b/src/chrome/content/rules/PressPlay.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="PressPlay.co">
+	<target host="pressplay.co" />
+	<target host="www.pressplay.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PressPlus.xml b/src/chrome/content/rules/PressPlus.xml
index b782e8813c53..b9abcb52ae72 100644
--- a/src/chrome/content/rules/PressPlus.xml
+++ b/src/chrome/content/rules/PressPlus.xml
@@ -1,15 +1,12 @@
 <!--
-	CDN buckets:
-
-		- s3.amazonaws.com/s.ppjol.net/ | dsgvj67ifn3r0.cloudfront.net
-
-			- s.ppjol.net
-
-
 	Nonfunctional domains:
 
-		- (www.)mypressplus.com
+	Self-signed certificates:
+		- mypressplus.com
+		- www.mypressplus.com
 
+	Redirect to HTTP:
+		- s.ppjol.net
 
 	ppjol sets the following wildcard cookies
 	on whichever domain it is loaded from:
@@ -18,28 +15,13 @@
 		- ppThirdPartyCookieFound
 
 -->
-<ruleset name="Press+ (partial)">
+<ruleset name="Press+ (partial)" default_off="cert-invalid">
 
 	<target host="mypressplus.com" />
-	<target host="*.mypressplus.com" />
-	<target host="*.ppjol.com" />
+	<target host="www.mypressplus.com" />
 	<target host="s.ppjol.net" />
 
-
-	<securecookie host="^h?\.ppjol\.com$" name=".+" />
-	<securecookie host="^accounts\.mypressplus\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?mypressplus\.com/themes/press_plus/img/header/(bg_green|bg_tan|logo)\.png"
-		to="https://accounts.mypressplus.com/images/header/$1.png" />
-
-	<rule from="^http://accounts\.mypressplus\.com/"
-		to="https://accounts.mypressplus.com/" />
-
-	<rule from="^http://(h|ui)\.ppjol\.com/"
-		to="https://$1.ppjol.com/" />
-
-	<rule from="^http://s\.ppjol\.net/"
-		to="https://dsgvj67ifn3r0.cloudfront.net/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PressReader.com.xml b/src/chrome/content/rules/PressReader.com.xml
index 626f4fc36203..6bf655417fe5 100644
--- a/src/chrome/content/rules/PressReader.com.xml
+++ b/src/chrome/content/rules/PressReader.com.xml
@@ -33,7 +33,7 @@ Fetch error: http://cache3-res.pressreader.com/ => https://cache3-res.pressreade
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="PressReader.com (partial)" default_off='failed ruleset test'>
+<ruleset name="PressReader.com (partial)" default_off="failed ruleset test">
 
 	<target host="pressreader.com" />
 	<target host="cache3-res.pressreader.com" />
diff --git a/src/chrome/content/rules/Pressable.com.xml b/src/chrome/content/rules/Pressable.com.xml
index 257f6a1f0480..aa146713efb6 100644
--- a/src/chrome/content/rules/Pressable.com.xml
+++ b/src/chrome/content/rules/Pressable.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://static.pressable.com/ => https://static.pressable.com/: (6,
 		- help.pressable.com
 
 -->
-<ruleset name="Pressable.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Pressable.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Presseportal.de.xml b/src/chrome/content/rules/Presseportal.de.xml
new file mode 100644
index 000000000000..9bd2bbc7ca97
--- /dev/null
+++ b/src/chrome/content/rules/Presseportal.de.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		www.finanz.presseportal.de
+		footage.presseportal.de
+		www.it.presseportal.de
+		otsvideo.presseportal.de
+
+	Non-2xx HTTP code:
+		mobil.presseportal.de
+
+	Timeout:
+		leka.presseportal.de
+-->
+<ruleset name="Presseportal.de">
+
+	<target host="presseportal.de" />
+	<target host="www.presseportal.de" />
+	<target host="amp.presseportal.de" />
+	<target host="api.presseportal.de" />
+	<target host="embed.presseportal.de" />
+	<target host="fbia.presseportal.de" />
+	<target host="finanz.presseportal.de" />
+	<target host="it.presseportal.de" />
+	<target host="text.presseportal.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pressflex.xml b/src/chrome/content/rules/Pressflex.xml
index d403db763b3d..f11ec7727bc8 100644
--- a/src/chrome/content/rules/Pressflex.xml
+++ b/src/chrome/content/rules/Pressflex.xml
@@ -18,10 +18,11 @@ Fetch error: http://blogads.com/ => https://web.blogads.com/: (60, 'SSL certific
 		- adserver.pressflex.com	(self-signed; 404)
 
 -->
-<ruleset name="Pressflex (partial)" default_off='failed ruleset test'>
+<ruleset name="Pressflex (partial)" default_off="failed ruleset test">
 
 	<target host="blogads.com" />
-	<target host="*.blogads.com" />
+	<target host="web.blogads.com" />
+	<target host="www.blogads.com" />
 
 
 	<!--	- Cert only matches web
diff --git a/src/chrome/content/rules/Prestashop.com.xml b/src/chrome/content/rules/Prestashop.com.xml
index a8d103cb5453..dc2cbcac7708 100644
--- a/src/chrome/content/rules/Prestashop.com.xml
+++ b/src/chrome/content/rules/Prestashop.com.xml
@@ -11,17 +11,17 @@ Fetch error: http://medias3.prestashop.com/ => https://medias3.prestashop.com/:
 	themes.prestashop.com
 	forge.prestashop.com
 	nora.prestashop.com
-	
+
 	Mismatch:
 	status.prestashop.com
 	build.prestashop.com
-	
+
 	Timeout:
 	fo.demo.prestashop.com
 	demo.prestashop.com
 	barcamp.prestashop.com
 	newsletter.prestashop.com
-	
+
 	Forbidden:
 	weare1million.prestashop.com
 
@@ -34,7 +34,7 @@ Fetch error: http://medias3.prestashop.com/ => https://medias3.prestashop.com/:
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="PrestaShop.com" default_off='failed ruleset test'>
+<ruleset name="PrestaShop.com" default_off="failed ruleset test">
 
 	<target host="prestashop.com" />
 	<target host="addons.prestashop.com" />
diff --git a/src/chrome/content/rules/Pretty-in-Cash.xml b/src/chrome/content/rules/Pretty-in-Cash.xml
index b0f456536dca..e8117056dbce 100644
--- a/src/chrome/content/rules/Pretty-in-Cash.xml
+++ b/src/chrome/content/rules/Pretty-in-Cash.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://exgf.teenbff.com/ => https://exgf.teenbff.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Pretty in Cash (partial)" default_off='failed ruleset test'>
+<ruleset name="Pretty in Cash (partial)" default_off="failed ruleset test">
 
 	<target host="exgf.teenbff.com"/>
 
diff --git a/src/chrome/content/rules/PrettyLittleThing.com.xml b/src/chrome/content/rules/PrettyLittleThing.com.xml
index b47190947cca..f4e1bd49d35d 100644
--- a/src/chrome/content/rules/PrettyLittleThing.com.xml
+++ b/src/chrome/content/rules/PrettyLittleThing.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Prgmr.com.xml b/src/chrome/content/rules/Prgmr.com.xml
index a4ea4e96469a..14af28204504 100644
--- a/src/chrome/content/rules/Prgmr.com.xml
+++ b/src/chrome/content/rules/Prgmr.com.xml
@@ -15,7 +15,7 @@
 				-->
 	<target host="prgmr.com" />
 	<target host="billing.prgmr.com" />
-	
+
 	<!--	Complications:
 				-->
 	<target host="www.prgmr.com" />
diff --git a/src/chrome/content/rules/PriceGrabber-clients.xml b/src/chrome/content/rules/PriceGrabber-clients.xml
index 851a2e545c26..d060ec604bf5 100644
--- a/src/chrome/content/rules/PriceGrabber-clients.xml
+++ b/src/chrome/content/rules/PriceGrabber-clients.xml
@@ -9,7 +9,7 @@ Fetch error: http://hothardware.pricegrabber.com/ => https://hothardware.pricegr
 	otherwise have no rules off by default.
 
 -->
-<ruleset name="PriceGrabber clients" default_off='failed ruleset test'>
+<ruleset name="PriceGrabber clients" default_off="failed ruleset test">
 
 	<target host="hothardware.pricegrabber.com" />
 
diff --git a/src/chrome/content/rules/PriceGrabber.xml b/src/chrome/content/rules/PriceGrabber.xml
index d784f2734c4e..77f80f7bbfae 100644
--- a/src/chrome/content/rules/PriceGrabber.xml
+++ b/src/chrome/content/rules/PriceGrabber.xml
@@ -51,7 +51,7 @@ Fetch error: http://partners.pricegrabber.com/ => https://partner.pricegrabber.c
 		- Ads on www from $self
 
 -->
-<ruleset name="PriceGrabber.com" default_off='failed ruleset test'>
+<ruleset name="PriceGrabber.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PriceRunner.xml b/src/chrome/content/rules/PriceRunner.xml
index f54d32c6c63a..1710fa4d1475 100644
--- a/src/chrome/content/rules/PriceRunner.xml
+++ b/src/chrome/content/rules/PriceRunner.xml
@@ -14,9 +14,11 @@
 <ruleset name="PriceRunner (partial)" platform="mixedcontent">
 
 	<target host="pricerunner.com" />
-	<target host="*.pricerunner.com" />
+	<target host="www.pricerunner.com" />
+	<target host="partner.pricerunner.com" />
+	<target host="secure.pricerunner.com" />
 	<target host="pricerunner.co.uk" />
-	<target host="*.pricerunner.co.uk" />
+	<target host="www.pricerunner.co.uk" />
 
 
 	<securecookie host="^(?:partner|secure)\.pricerunner\.com$" name=".+" />
@@ -28,4 +30,4 @@
 	<rule from="^http://(partner|secure)\.pricerunner\.com/"
 		to="https://$1.pricerunner.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PriceZombie.com.xml b/src/chrome/content/rules/PriceZombie.com.xml
deleted file mode 100644
index 0127dd05f5b5..000000000000
--- a/src/chrome/content/rules/PriceZombie.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PriceZombie.com">
-
-	<target host="pricezombie.com" />
-	<target host="www.pricezombie.com" />
-
-
-	<securecookie host="^\.pricezombie\.com$" name="^__cfduid$" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PrimeCaster.net.xml b/src/chrome/content/rules/PrimeCaster.net.xml
new file mode 100644
index 000000000000..d4b885e241b2
--- /dev/null
+++ b/src/chrome/content/rules/PrimeCaster.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="PrimeCaster.net">
+
+	<target host="www.primecaster.net" />
+
+	<target host="api.primecaster.net" />
+	<target host="stg.primecaster.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/PrimeHost.ca.xml b/src/chrome/content/rules/PrimeHost.ca.xml
new file mode 100644
index 000000000000..993d9d2d3433
--- /dev/null
+++ b/src/chrome/content/rules/PrimeHost.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- webmail.primehost.ca
+-->
+
+<ruleset name="PrimeHost.ca">
+	<target host="primehost.ca" />
+	<target host="www.primehost.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Primes_Eco_Energie.com.xml b/src/chrome/content/rules/Primes_Eco_Energie.com.xml
deleted file mode 100644
index face40f4242e..000000000000
--- a/src/chrome/content/rules/Primes_Eco_Energie.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Primes Eco Energie.com">
-
-	<target host="primesecoenergie.com" />
-	<target host="www.primesecoenergie.com" />
-
-
-	<securecookie host="^(?:w*\.)?primesecoenergie\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Primus.com.xml b/src/chrome/content/rules/Primus.com.xml
index 950b3f3a76fe..974fe19a2db6 100644
--- a/src/chrome/content/rules/Primus.com.xml
+++ b/src/chrome/content/rules/Primus.com.xml
@@ -6,17 +6,19 @@ Fetch error: http://primus.com/ => https://www.primus.com/: (60, 'SSL certificat
 Disabled by https-everywhere-checker because:
 Fetch error: http://primus.com/ => https://www.primus.com/: (6, 'Could not resolve host: primus.com')
 -->
-<ruleset name="Primus.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Primus.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="primus.com"/>
-	<target host="*.primus.com"/>
+	<target host="home.primus.com" />
+	<target host="ru.primus.com" />
+	<target host="secure.primus.com" />
+	<target host="www.primus.com" />
 
-	<securecookie host="^(?:.*\.)?primus\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://primus\.com/"
 		to="https://www.primus.com/"/>
 
-	<rule from="^http://(home|ru|secure|www)\.primus\.com/"
-		to="https://$1.primus.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Primus_Canada.xml b/src/chrome/content/rules/Primus_Canada.xml
index 940503c8d483..4327bffaf6dc 100644
--- a/src/chrome/content/rules/Primus_Canada.xml
+++ b/src/chrome/content/rules/Primus_Canada.xml
@@ -49,7 +49,7 @@ Fetch error: http://monotelephone.primus.ca/ => https://monotelephone.primus.ca/
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Primus Canada (partial)" default_off='failed ruleset test'>
+<ruleset name="Primus Canada (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Princeton.edu.xml b/src/chrome/content/rules/Princeton.edu.xml
index f02da2d624dd..15154e5855ec 100644
--- a/src/chrome/content/rules/Princeton.edu.xml
+++ b/src/chrome/content/rules/Princeton.edu.xml
@@ -1,48 +1,37 @@
 <!--
 	Nonfunctional subdomains:
-
 		- arks *
-		- crcw *
-		- digilab **
-		- findingaids **
 		- pudl **
-		- tigernet ***
 
 	* Refused
 	** Dropped
-	*** Mismatch
-
-	Fully covered subdomains:
-		- alumni
- 		- alumnicas
- 		- blogs
-		- citp
-		- fed
-		- lists
-		- paw
-        - press
-        - www.cs
-
-	These altnames don't exist:
-
-		- www.citp.princeton.edu
-
 -->
-
 <ruleset name="Princeton.edu (partial)">
+
 	<target host="princeton.edu" />
 	<target host="www.princeton.edu" />
+	<target host="acee.princeton.edu" />
 	<target host="alumni.princeton.edu" />
 	<target host="alumnicas.princeton.edu" />
 	<target host="blogs.princeton.edu" />
 	<target host="citp.princeton.edu" />
+	<target host="www.citp.princeton.edu" />
+	<target host="crcw.princeton.edu" />
+	<target host="cs.princeton.edu" />
+	<target host="www.cs.princeton.edu" />
+	<target host="codeen.cs.princeton.edu" />
+	<target host="engineering.princeton.edu" />
 	<target host="fed.princeton.edu" />
+	<target host="findingaids.princeton.edu" />
 	<target host="lists.princeton.edu" />
+	<target host="materials.princeton.edu" />
 	<target host="paw.princeton.edu" />
 	<target host="press.princeton.edu" />
-	<target host="www.cs.princeton.edu" />
+	<target host="tigernet.princeton.edu" />
+	<target host="secure.tigernet.princeton.edu" />
 
-	<securecookie host="^(?:alumnicas|blogs|fed)\.princeton\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/PrintMojo.xml b/src/chrome/content/rules/PrintMojo.xml
deleted file mode 100644
index 737c2703ba0f..000000000000
--- a/src/chrome/content/rules/PrintMojo.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="PrintMojo">
-
-	<target host="printmojo.com" />
-	<target host="www.printmojo.com" />
-
-
-	<securecookie host="^www\.printmojo\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Pritunl.com.xml b/src/chrome/content/rules/Pritunl.com.xml
index ed82060e1191..1d38fce06b09 100644
--- a/src/chrome/content/rules/Pritunl.com.xml
+++ b/src/chrome/content/rules/Pritunl.com.xml
@@ -5,7 +5,7 @@
 	<target host="demo.pritunl.com" />
 	<target host="www.pritunl.com" />
 
-	<securecookie host="^.*\.?pritunl\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Priv.gc.ca.xml b/src/chrome/content/rules/Priv.gc.ca.xml
deleted file mode 100644
index daaca5a05025..000000000000
--- a/src/chrome/content/rules/Priv.gc.ca.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	Office of the Privacy Commissioner of Canada
-
-
-	Nonfunctional hosts in *priv.gc.ca:
-
-		- blog *
-
-	* Shows www.priv.gc.ca in *priv.gc.ca:
-
-
-	^priv.gc.ca: Mismatched
-
-
-	Fully covered hosts in *priv.gc.ca:
-
-		- (www.)?	(^ → www)
-
-
-	Insecure cookies are set for these domains:
-
-		- .priv.gc.ca
-
--->
-<ruleset name="Priv.gc.ca">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.priv.gc.ca" />
-
-	<!--	Complications:
-				-->
-	<target host="priv.gc.ca" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.priv\.gc\.ca$" name="^ID%5FTrack$" /-->
-
-	<securecookie host="^\.priv\.gc\.ca$" name=".+" />
-
-
-	<rule from="^http://priv\.gc\.ca/"
-		to="https://www.priv.gc.ca/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PrivacyChoice.xml b/src/chrome/content/rules/PrivacyChoice.xml
index 52ee4c3b830b..b97eaed3a2c8 100644
--- a/src/chrome/content/rules/PrivacyChoice.xml
+++ b/src/chrome/content/rules/PrivacyChoice.xml
@@ -43,7 +43,7 @@ Fetch error: http://www.privacychoice.org/ => https://www.privacychoice.org/: (6
 	* Secured by us
 
 -->
-<ruleset name="PrivacyChoice (partial)" default_off='failed ruleset test'>
+<ruleset name="PrivacyChoice (partial)" default_off="failed ruleset test">
 
 	<target host="privacychoice.org" />
 	<target host="www.privacychoice.org" />
diff --git a/src/chrome/content/rules/Privacy_Solutions.no.xml b/src/chrome/content/rules/Privacy_Solutions.no.xml
index 7bc8f2cb515e..15f10061c7fe 100644
--- a/src/chrome/content/rules/Privacy_Solutions.no.xml
+++ b/src/chrome/content/rules/Privacy_Solutions.no.xml
@@ -17,20 +17,21 @@ Fetch error: http://privacysolutions.no/ => https://privacysolutions.no/: (60, '
 	* Secured by us
 
 -->
-<ruleset name="Privacy Solutions.no" default_off='failed ruleset test'>
+<ruleset name="Privacy Solutions.no" default_off="failed ruleset test">
 
 	<target host="privacysolutions.no" />
-	<target host="*.privacysolutions.no" />
+	<target host="blog.privacysolutions.no" />
+	<target host="track.privacysolutions.no" />
+	<target host="www.privacysolutions.no" />
 
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^track\.privacysolutions\.no$" name="^_redmine_session$" /-->
 
-	<securecookie host="^track\.privacysolutions\.no$" name="" />
+	<securecookie host="^track\.privacysolutions\.no$" name=".+" />
 
 
-	<rule from="^http://((?:blog|track|www)\.)?privacysolutions\.no/"
-		to="https://$1privacysolutions.no/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Privacy_tools.io.xml b/src/chrome/content/rules/Privacy_tools.io.xml
deleted file mode 100644
index d47dcf48d42d..000000000000
--- a/src/chrome/content/rules/Privacy_tools.io.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .privacytools.io
-
--->
-<ruleset name="privacy tools.io">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="privacytools.io" />
-	<target host="www.privacytools.io" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.privacytools\.io$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.privacytools\.io$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Privacyfix.xml b/src/chrome/content/rules/Privacyfix.xml
index ceac649a14c0..98d5eee47a04 100644
--- a/src/chrome/content/rules/Privacyfix.xml
+++ b/src/chrome/content/rules/Privacyfix.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.privacyfix.com/ => https://www.privacyfix.com/: (28, 'Co
 	For other PrivacyChoice coverage, see PrivacyChoice.xml.
 
 -->
-<ruleset name="Privacyfix" default_off='failed ruleset test'>
+<ruleset name="Privacyfix" default_off="failed ruleset test">
 
 	<target host="privacyfix.com" />
 	<target host="addons.privacyfix.com" />
diff --git a/src/chrome/content/rules/PrivatVPN.xml b/src/chrome/content/rules/PrivatVPN.xml
index 449dd6e71d44..534663d45c4d 100644
--- a/src/chrome/content/rules/PrivatVPN.xml
+++ b/src/chrome/content/rules/PrivatVPN.xml
@@ -3,4 +3,4 @@
   <target host="www.privatevpn.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Private-Layer.xml b/src/chrome/content/rules/Private-Layer.xml
index 4673ba7e279a..69eade919fa0 100644
--- a/src/chrome/content/rules/Private-Layer.xml
+++ b/src/chrome/content/rules/Private-Layer.xml
@@ -5,7 +5,7 @@ Fetch error: http://privatelayer.com/ => https://privatelayer.com/: (60, 'SSL ce
 Fetch error: http://www.privatelayer.com/ => https://www.privatelayer.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Private Layer" default_off='failed ruleset test'>
+<ruleset name="Private Layer" default_off="failed ruleset test">
 	<target host=        "privatelayer.com" />
 	<target host=    "www.privatelayer.com" />
 	<target host="support.privatelayer.com" />
diff --git a/src/chrome/content/rules/PrivateInvestigator.lgbt.xml b/src/chrome/content/rules/PrivateInvestigator.lgbt.xml
deleted file mode 100644
index 77adf3f49e2d..000000000000
--- a/src/chrome/content/rules/PrivateInvestigator.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="PrivateInvestigator.lgbt">
-	<target host="privateinvestigator.lgbt" />
-	<target host="www.privateinvestigator.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/PrivatePaste.xml b/src/chrome/content/rules/PrivatePaste.xml
index 9dc4a658da37..2b70d2e7698a 100644
--- a/src/chrome/content/rules/PrivatePaste.xml
+++ b/src/chrome/content/rules/PrivatePaste.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://privatepaste.com/ => https://privatepaste.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="PrivatePaste.com" default_off='failed ruleset test'>
+<ruleset name="PrivatePaste.com" default_off="failed ruleset test">
   <target host="privatepaste.com" />
   <target host="*.privatepaste.com" />
 
diff --git a/src/chrome/content/rules/PrivateWifi.xml b/src/chrome/content/rules/PrivateWifi.xml
index c0176195df87..c78a4694c1af 100644
--- a/src/chrome/content/rules/PrivateWifi.xml
+++ b/src/chrome/content/rules/PrivateWifi.xml
@@ -30,7 +30,7 @@
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^www\.privatewifi\.com$" name="^(PHPSESSID|PW_ENTRY_PAGE|w3tc_referrer)$" /-->
-	<securecookie host="^(?:.*\.)?privatewifi\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Privatelee.com.xml b/src/chrome/content/rules/Privatelee.com.xml
deleted file mode 100644
index 810a7c363b55..000000000000
--- a/src/chrome/content/rules/Privatelee.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images, on ^ from:
-
-			- ^ *
-			- [a-f].thumbs.redditmedia.com *
-
-	* Secured by us, doesn't trip MCB
-
--->
-<ruleset name="Privatelee.com">
-
-	<target host="privatelee.com" />
-	<target host="www.privatelee.com" />
-
-
-	<securecookie host="^\.privatelee\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Privatesearch.io.xml b/src/chrome/content/rules/Privatesearch.io.xml
index d4df422becdd..b5c038f30964 100644
--- a/src/chrome/content/rules/Privatesearch.io.xml
+++ b/src/chrome/content/rules/Privatesearch.io.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.privatesearch.io/ => https://www.privatesearch.io/: (6,
 		- .privatesearch.io
 
 -->
-<ruleset name="privatesearch.io" default_off='failed ruleset test'>
+<ruleset name="privatesearch.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Privoxy.org.xml b/src/chrome/content/rules/Privoxy.org.xml
new file mode 100644
index 000000000000..42d17ebe4969
--- /dev/null
+++ b/src/chrome/content/rules/Privoxy.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Nonfunctional hosts in *.privoxy.org:
+		- config.privoxy.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Privoxy.org">
+	<target host="privoxy.org" />
+	<target host="www.privoxy.org" />
+	<target host="lists.privoxy.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pro-Linux.de.xml b/src/chrome/content/rules/Pro-Linux.de.xml
index f5e0d1186d5d..c10da306cde5 100644
--- a/src/chrome/content/rules/Pro-Linux.de.xml
+++ b/src/chrome/content/rules/Pro-Linux.de.xml
@@ -20,8 +20,8 @@
 		Mixed content blocking (MCB) tiggered:
 			 - pro-linux.de
 			 - www.pro-linux.de
-			 
-		Timeout: 
+
+		Timeout:
 		-	 demon.pro-linux.de
 
 -->
diff --git a/src/chrome/content/rules/Pro-Managed.xml b/src/chrome/content/rules/Pro-Managed.xml
index a20284b743ef..0bcc2a9b00f2 100644
--- a/src/chrome/content/rules/Pro-Managed.xml
+++ b/src/chrome/content/rules/Pro-Managed.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ProPublica.org.xml b/src/chrome/content/rules/ProPublica.org.xml
index 2904d2b13a22..761358391778 100644
--- a/src/chrome/content/rules/ProPublica.org.xml
+++ b/src/chrome/content/rules/ProPublica.org.xml
@@ -1,60 +1,36 @@
 <!--
-	For related hidden service rules, see propub3r6espa33w.onion.xml
+	For related onion service rules, see propub3r6espa33w.onion.xml
 
-	CDN buckets:
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- mail.propublica.org
+		- tiles-a.propublica.org
+		- tiles-b.propublica.org
+		- tiles-c.propublica.org
+		- tiles-d.propublica.org
 
-		- s3.amazonaws.com/cdn.propublica.net/
-		- propublica.s3.amazonaws.com
-		- d3i4wq2ul46tvd.cloudfront.net
-
-
-	Problematic domains:
-
-		- (www.)propublica.net *
-
-	* Works; mismatched, CN: www.propublica.org
-
-
-	Mixed content:
-
-		- Images, on:
-
-			- www, from:
-
-				- (www.) *
-				- s3.amazonaws.com *
-				- cdn.propublica.net.s3.amazonaws.com *
-				- propublica.s3.amazonaws.com *
-				- cdn.propublica.net *
-
-	* Secured by us
+		Incomplete certificate chain error:
+		- propublica.org
 
 -->
 <ruleset name="ProPublica.org">
-
-	<target host="propublica.net" />
-	<target host="*.propublica.net" />
 	<target host="propublica.org" />
-	<target host="*.propublica.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.propublica\.org$" name="^(PHPSESSID|pp-tracking)$" /-->
-
-	<securecookie host="^(?:.*\.)?propublica\.org$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?propublica\.net/+"
+	<target host="www.propublica.org" />
+	<target host="assets.propublica.org" />
+	<exclusion pattern="^http://assets\.propublica\.org/$" /><!-- 403 -->
+	<test url="http://assets.propublica.org/prod/v3/images/electionland-sprites.png" />
+	<test url="http://assets.propublica.org/prod/v3/images/logo-propublica.svg" />
+	<test url="http://assets.propublica.org/images/articles/_oneOne300w/20181106-ny-rain-1x1.jpg" />
+	<target host="donate.propublica.org" />
+	<target host="projects.propublica.org" />
+	<target host="securedrop.propublica.org" />
+	<target host="static.propublica.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://propublica\.org/"
 		to="https://www.propublica.org/" />
 
-	<rule from="^http://cdn\.propublica\.net/"
-		to="https://s3.amazonaws.com/cdn.propublica.net/" />
-
-	<rule from="^http://(www\.|mail\.|projects\.|static\.|securedrop\.)?propublica\.org/"
-		to="https://$1propublica.org/" />
-
-	<rule from="^http://tiles-[abcd]\.propublica\.org/"
-		to="https://d3i4wq2ul46tvd.cloudfront.net/" />
-
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ProQuest.xml b/src/chrome/content/rules/ProQuest.xml
index 5df1a7f399c4..0c8700566b77 100644
--- a/src/chrome/content/rules/ProQuest.xml
+++ b/src/chrome/content/rules/ProQuest.xml
@@ -22,7 +22,7 @@ Fetch error: http://pqshibboleth.proquest.com/ => https://pqshibboleth.proquest.
 	* 504, akamai
 
 -->
-<ruleset name="ProQuest.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ProQuest.com (partial)" default_off="failed ruleset test">
 
 	<target host="pqshibboleth.proquest.com" />
 	<target host="wt.proquest.com" />
diff --git a/src/chrome/content/rules/ProVenue.net.xml b/src/chrome/content/rules/ProVenue.net.xml
deleted file mode 100644
index 1867bf72d7ed..000000000000
--- a/src/chrome/content/rules/ProVenue.net.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Tickets.com coverage, see Tickets.com.xml.
-
-
-	^provenue.net works over neither http nor https.
-
--->
-<ruleset name="ProVenue.net">
-
-	<target host="*.provenue.net" />
-
-
-	<securecookie host="^\.provenue\.net$" name=".+" />
-
-
-	<rule from="^http://www\.provenue\.net/"
-		to="https://www.provenue.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Probios.sk.xml b/src/chrome/content/rules/Probios.sk.xml
new file mode 100644
index 000000000000..1018a5944f9b
--- /dev/null
+++ b/src/chrome/content/rules/Probios.sk.xml
@@ -0,0 +1,10 @@
+<ruleset name="Probios.sk">
+	<target host="probios.sk" />
+	<target host="www.probios.sk" />
+	<target host="mail.probios.sk" />
+	<target host="omega.probios.sk" />
+	<target host="portal.probios.sk" />
+	<target host="rezervacie.probios.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Process-One.net.xml b/src/chrome/content/rules/Process-One.net.xml
index c0e7297f5dfb..1ef41695b6bd 100644
--- a/src/chrome/content/rules/Process-One.net.xml
+++ b/src/chrome/content/rules/Process-One.net.xml
@@ -25,7 +25,10 @@
 <ruleset name="Process-One.net (partial)">
 
 	<target host="process-one.net" />
-	<target host="*.process-one.net" />
+	<target host="www.process-one.net" />
+	<target host="blog.process-one.net" />
+	<target host="static.process-one.net" />
+	<target host="support.process-one.net" />
 
 
 	<!--	Not secured by server:
@@ -38,7 +41,6 @@
 	<rule from="^http://(?:www\.)?process-one\.net/"
 		to="https://www.process-one.net/" />
 
-	<rule from="^http://(blog|static|support)\.process-one\.net/"
-		to="https://$1.process-one.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Processing.org.xml b/src/chrome/content/rules/Processing.org.xml
index a9b6723b486d..a64222e4d92e 100644
--- a/src/chrome/content/rules/Processing.org.xml
+++ b/src/chrome/content/rules/Processing.org.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Procter-and-Gamble.xml b/src/chrome/content/rules/Procter-and-Gamble.xml
index 4f5e2208d462..00f5b9f107ae 100644
--- a/src/chrome/content/rules/Procter-and-Gamble.xml
+++ b/src/chrome/content/rules/Procter-and-Gamble.xml
@@ -9,20 +9,23 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://brandsaver.ca/ => https://brandsaver.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'brandsaver.ca'")
 Fetch error: http://www.brandsaver.ca/ => https://www.brandsaver.ca/: (51, "SSL: no alternative certificate subject name matches target host name 'www.brandsaver.ca'")	news.pg.com hosted at pg.newshq.businesswire.com, but redirects
 -->
-<ruleset name="Procter &amp; Gamble (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Procter &amp; Gamble (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="brandsaver.ca"/>
 	<target host="www.brandsaver.ca"/>
 	<target host="oralb.com"/>
 	<target host="www.oralb.com"/>
 	<target host="pg.com"/>
-	<target host="*.pg.com"/>
+	<target host="www.pg.com" />
+	<target host="news.pg.com" />
 	<target host="pgbrandsampler.ca"/>
 	<target host="www.pgbrandsampler.ca"/>
 	<target host="pgeveryday.ca"/>
-	<target host="*.pgeveryday.ca"/>
+	<target host="media.pgeveryday.ca" />
+	<target host="www.pgeveryday.ca" />
 	<target host="pgeverydaysolutions.com"/>
-	<target host="*.pgeverydaysolutions.com"/>
+	<target host="media.pgeverydaysolutions.com" />
+	<target host="www.pgeverydaysolutions.com" />
 
 
 	<securecookie host="^(?:.*\.)?pg\.com$" name=".+" />
diff --git a/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml b/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml
index 50a1e4b27419..2a114dc889bd 100644
--- a/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml
+++ b/src/chrome/content/rules/ProductSafetyRecallsAustralia.xml
@@ -1,7 +1,7 @@
 <ruleset name="Product Safety Recalls Australia">
 	<target host="recalls.gov.au" />
-	<target host="*.recalls.gov.au" />
+	<target host="www.recalls.gov.au" />
 
 	<rule from="^http://(?:www\.)?recalls\.gov\.au/"
 		to="https://www.recalls.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Product_Safety.gov.au.xml b/src/chrome/content/rules/Product_Safety.gov.au.xml
index 5054ab95dbf5..22b6cdb74bf6 100644
--- a/src/chrome/content/rules/Product_Safety.gov.au.xml
+++ b/src/chrome/content/rules/Product_Safety.gov.au.xml
@@ -5,7 +5,7 @@
 <ruleset name="Product Safety.gov.au">
 
 	<target host="productsafety.gov.au" />
-	<target host="*.productsafety.gov.au" />
+	<target host="www.productsafety.gov.au" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Professional_Security_Testers.org.xml b/src/chrome/content/rules/Professional_Security_Testers.org.xml
deleted file mode 100644
index d0dfa294df07..000000000000
--- a/src/chrome/content/rules/Professional_Security_Testers.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Professional Security Testers.org">
-
-	<target host="professionalsecuritytesters.org" />
-	<target host="www.professionalsecuritytesters.org" />
-	<target host="mail.professionalsecuritytesters.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ProgramaJaponesOnline.com.br.xml b/src/chrome/content/rules/ProgramaJaponesOnline.com.br.xml
new file mode 100644
index 000000000000..66f15c7721c7
--- /dev/null
+++ b/src/chrome/content/rules/ProgramaJaponesOnline.com.br.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- autodiscover
+		- cpanel
+		- ftp
+		- webdisk
+		- webmail
+		- whm
+-->
+<ruleset name="ProgramaJaponesOnline.com.br">
+	<target host="programajaponesonline.com.br" />
+	<target host="www.programajaponesonline.com.br" />
+	<target host="beta.programajaponesonline.com.br" />
+	<target host="japonesexpresso.programajaponesonline.com.br" />
+	<target host="www.japonesexpresso.programajaponesonline.com.br" />
+	<target host="mail.programajaponesonline.com.br" />
+	<target host="portal.programajaponesonline.com.br" />
+	<target host="www.portal.programajaponesonline.com.br" />
+	<target host="server.programajaponesonline.com.br" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Programvareverkstedet.xml b/src/chrome/content/rules/Programvareverkstedet.xml
new file mode 100644
index 000000000000..474185c02e29
--- /dev/null
+++ b/src/chrome/content/rules/Programvareverkstedet.xml
@@ -0,0 +1,37 @@
+<ruleset name="Programvareverkstedet">
+	<!--
+		Certificates contain pvv.ntnu.no names but not pvv.org names.
+	-->
+
+	<target host="pvv.org" />
+	<target host="www.pvv.org" />
+	<target host="bokhylle.pvv.org" />
+	<target host="brzeczyszczykiewicz.pvv.org" />
+	<target host="dev.pvv.org" />
+	<target host="idp.pvv.org" />
+	<target host="knakelibrak.pvv.org" />
+	<target host="list.pvv.org" />
+	<target host="mail.pvv.org" />
+	<target host="microbel.pvv.org" />
+	<target host="skrotnisse.pvv.org" />
+	<target host="spikkjeposche.pvv.org" />
+	<target host="webmail.pvv.org" />
+	<target host="pvv.ntnu.no" />
+	<target host="www.pvv.ntnu.no" />
+	<target host="bokhylle.pvv.ntnu.no" />
+	<target host="brzeczyszczykiewicz.pvv.ntnu.no" />
+	<target host="dev.pvv.ntnu.no" />
+	<target host="idp.pvv.ntnu.no" />
+	<target host="knakelibrak.pvv.ntnu.no" />
+	<target host="list.pvv.ntnu.no" />
+	<target host="mail.pvv.ntnu.no" />
+	<target host="microbel.pvv.ntnu.no" />
+	<target host="skrotnisse.pvv.ntnu.no" />
+	<target host="spikkjeposche.pvv.ntnu.no" />
+	<target host="webmail.pvv.ntnu.no" />
+
+	<rule from="^http://(\w+\.)?pvv\.org/" to="https://$1pvv.ntnu.no/" />
+	<rule from="^http:" to="https:" />
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Progress.com.xml b/src/chrome/content/rules/Progress.com.xml
index 308a0d342bd5..fa298871bebe 100644
--- a/src/chrome/content/rules/Progress.com.xml
+++ b/src/chrome/content/rules/Progress.com.xml
@@ -66,7 +66,7 @@ Fetch error: http://origin-www.progress.com/ => https://origin-www.progress.com/
 	² Secured by us
 
 -->
-<ruleset name="Progress.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Progress.com (partial)" default_off="failed ruleset test">
 
 	<target host="progress.com" />
 	<target host="bizappstoday.progress.com" />
diff --git a/src/chrome/content/rules/Progressive.hu.xml b/src/chrome/content/rules/Progressive.hu.xml
deleted file mode 100644
index 751584934228..000000000000
--- a/src/chrome/content/rules/Progressive.hu.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!-- Nonfunctional subdomains:
-	 - jumbo.progressive.hu (ssl_error_bad_cert_domain)
--->
-<ruleset name="::progressive:: (partial)">
-	<target host="www.progressive.hu" />
-
-	<securecookie host="^www\.progressive\.hu$" name=".+" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Project-diva-ac.net.xml b/src/chrome/content/rules/Project-diva-ac.net.xml
new file mode 100644
index 000000000000..743d3e183ada
--- /dev/null
+++ b/src/chrome/content/rules/Project-diva-ac.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="project-diva-ac.net">
+	<target host="project-diva-ac.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProjectSeahorse.org.xml b/src/chrome/content/rules/ProjectSeahorse.org.xml
new file mode 100644
index 000000000000..2748f5021042
--- /dev/null
+++ b/src/chrome/content/rules/ProjectSeahorse.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ProjectSeahorse.org">
+
+	<target host="projectseahorse.org" />
+	<target host="www.projectseahorse.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Project_Meshnet.xml b/src/chrome/content/rules/Project_Meshnet.xml
index 5823fad00a60..c1b38290ffe7 100644
--- a/src/chrome/content/rules/Project_Meshnet.xml
+++ b/src/chrome/content/rules/Project_Meshnet.xml
@@ -8,7 +8,7 @@ Fetch error: http://wiki.projectmeshnet.org/ => https://wiki.projectmeshnet.org/
 		- map
 
 -->
-<ruleset name="Project Meshnet.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Project Meshnet.org (partial)" default_off="failed ruleset test">
 
 	<target host="projectmeshnet.org" />
 	<target host="wiki.projectmeshnet.org" />
diff --git a/src/chrome/content/rules/Project_Vote_Smart.xml b/src/chrome/content/rules/Project_Vote_Smart.xml
index 02b76050c5db..c8517e51d818 100644
--- a/src/chrome/content/rules/Project_Vote_Smart.xml
+++ b/src/chrome/content/rules/Project_Vote_Smart.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Project_Wonderful.xml b/src/chrome/content/rules/Project_Wonderful.xml
deleted file mode 100644
index a7deffa1f72d..000000000000
--- a/src/chrome/content/rules/Project_Wonderful.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Project Wonderful">
-
-	<target host="projectwonderful.com" />
-	<target host="www.projectwonderful.com" />
-
-
-	<securecookie host="^(?:www\.)?projectwonderful\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Prolexic.xml b/src/chrome/content/rules/Prolexic.xml
index e80817443210..16c9efeb4118 100644
--- a/src/chrome/content/rules/Prolexic.xml
+++ b/src/chrome/content/rules/Prolexic.xml
@@ -10,7 +10,7 @@
 	<target host="*.prolexic.com" />
 
 
-	<securecookie host="^(?:.*\.)?prolexic\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?!ww\.)(\w+\.)?prolexic\.com/"
diff --git a/src/chrome/content/rules/Prometheus_Global-problematic.xml b/src/chrome/content/rules/Prometheus_Global-problematic.xml
index fa59f4dd2148..43a1dcffb62f 100644
--- a/src/chrome/content/rules/Prometheus_Global-problematic.xml
+++ b/src/chrome/content/rules/Prometheus_Global-problematic.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?prometheus-?group\.com/"
 		to="https://prometheus-group.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Prometheus_Global.xml b/src/chrome/content/rules/Prometheus_Global.xml
deleted file mode 100644
index b801201fc3b4..000000000000
--- a/src/chrome/content/rules/Prometheus_Global.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For problematic rules, see Prometheus_Global-problematic.xml.
-
-
-	Problematic domains:
-
-		- progllc.com			(shows default plesk page, valid cert)
-		- prometheusgroup.com		(works; expired 2013-03-21, CN: Parallels Panel)
-		- (www.)prometheus-group.com	(works; mismatched, CN: www.progllc.com)
-
--->
-<ruleset name="Prometheus Global (partial)">
-
-	<target host="progllc.com" />
-	<target host="www.progllc.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Prometric.xml b/src/chrome/content/rules/Prometric.xml
index 6da03011785c..923fc5eda923 100644
--- a/src/chrome/content/rules/Prometric.xml
+++ b/src/chrome/content/rules/Prometric.xml
@@ -2,7 +2,7 @@
   <target host="prometric.com" />
   <target host="www.prometric.com" />
 
-  <securecookie host="^(?:.*\.)?prometric.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?prometric\.com/" to="https://www.prometric.com/"/>
 
diff --git a/src/chrome/content/rules/Proofpoint.xml b/src/chrome/content/rules/Proofpoint.xml
index 6fe896f2a043..331d76fdfece 100644
--- a/src/chrome/content/rules/Proofpoint.xml
+++ b/src/chrome/content/rules/Proofpoint.xml
@@ -11,7 +11,10 @@
 <ruleset name="Proofpoint (partial)">
 
 	<target host="proofpoint.com" />
-	<target host="*.proofpoint.com" />
+	<target host="support.proofpoint.com" />
+	<target host="urldefense.proofpoint.com" />
+	<target host="www.proofpoint.com" />
+	<target host="go.proofpoint.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/PropellerAds.xml b/src/chrome/content/rules/PropellerAds.xml
index 8c0a25d37d18..7f3798a2753d 100644
--- a/src/chrome/content/rules/PropellerAds.xml
+++ b/src/chrome/content/rules/PropellerAds.xml
@@ -13,13 +13,6 @@
 
 		- (www.)propellerads.com	(rx_record_too_long)
 
-
-	Problematic hosts in *propellerads.com:
-
-		- img ᵐ
-
-	ᵐ Mismatched
-
 -->
 <ruleset name="PropellerAds.com (partial)">
 
@@ -27,19 +20,10 @@
 				-->
 	<target host="ad.propellerads.com" />
 
-	<!--	Complications:
-				-->
-	<target host="img.propellerads.com" />
-
 
 	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://img\.propellerads\.com/"
-		to="https://ad.propellerads.com/" />
-		
-	<test url="http://ad.propellerads.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Prosody.im.xml b/src/chrome/content/rules/Prosody.im.xml
index bb11188338f3..59ab3488037b 100644
--- a/src/chrome/content/rules/Prosody.im.xml
+++ b/src/chrome/content/rules/Prosody.im.xml
@@ -1,34 +1,10 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(shows hg)
-
-
-	Problematic subdomains:
-
-		- www	(shows hg)
-
-
-	Fully covered subdomains:
-
-		- (www.)	(www → ^)
-		- hg
-
--->
 <ruleset name="Prosody.im">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="prosody.im" />
-	<target host="hg.prosody.im" />
-
-	<!--	Complications:
-				-->
 	<target host="www.prosody.im" />
-
-
-	<rule from="^http://www\.prosody\.im/"
-		to="https://prosody.im/" />
+	<target host="issues.prosody.im" />
+	<target host="blog.prosody.im" />
+	<target host="hg.prosody.im" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Prospect-Magazine.xml b/src/chrome/content/rules/Prospect-Magazine.xml
deleted file mode 100644
index 59d63ac2fc45..000000000000
--- a/src/chrome/content/rules/Prospect-Magazine.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	CDN buckets:
-
-		- prospect.prospectpublishi.netdna-cdn.com
-
-			- -ssl doesn't exist
-
-
-	Nonfunctional domains:
-
-		- flyprospect.com	(cert: *.xssl.net; 404)
-
--->
-<ruleset name="Prospect Magazine (partial)">
-
-	<target host="prospect.prospectpublishi.netdna-cdn.com" />
-	<target host="prospectmagazine.co.uk" />
-	<target host="www.prospectmagazine.co.uk" />
-
-
-	<securecookie host="^(?:www\.)?prospectmagazine\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:prospect\.prospectpublishi\.netdna-cdn\.com|(www\.)?prospectmagazine\.co\.uk)/"
-		to="https://$1prospectmagazine.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ProspectEye.com.xml b/src/chrome/content/rules/ProspectEye.com.xml
index 38c0d103b09d..812e3a64cc6a 100644
--- a/src/chrome/content/rules/ProspectEye.com.xml
+++ b/src/chrome/content/rules/ProspectEye.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://prospecteye.com/ => https://prospecteye.com/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="ProspectEye.com" default_off='failed ruleset test'>
+<ruleset name="ProspectEye.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ProspectMagazine.co.uk.xml b/src/chrome/content/rules/ProspectMagazine.co.uk.xml
new file mode 100644
index 000000000000..210c87ffb6a2
--- /dev/null
+++ b/src/chrome/content/rules/ProspectMagazine.co.uk.xml
@@ -0,0 +1,14 @@
+<ruleset name="ProspectMagazine.co.uk">
+
+	<target host="prospectmagazine.co.uk" />
+	<target host="www.prospectmagazine.co.uk" />
+	<target host="myaccount.prospectmagazine.co.uk" />
+	<target host="subscribe.prospectmagazine.co.uk" />
+	<target host="subscription.prospectmagazine.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Prospectparkzoo.com.xml b/src/chrome/content/rules/Prospectparkzoo.com.xml
new file mode 100644
index 000000000000..f8967a60ec26
--- /dev/null
+++ b/src/chrome/content/rules/Prospectparkzoo.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Server Name:
+		www.prospectparkzoo.com
+-->
+
+<ruleset name="Prospectparkzoo.com">
+	<target host="prospectparkzoo.com" />
+
+	<securecookie host="prospectparkzoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Prosystemfx.com.xml b/src/chrome/content/rules/Prosystemfx.com.xml
index d1383a218f71..b5e9d22d67a5 100644
--- a/src/chrome/content/rules/Prosystemfx.com.xml
+++ b/src/chrome/content/rules/Prosystemfx.com.xml
@@ -10,16 +10,17 @@ Fetch error: http://prosystemfx.com/ => https://www.prosystemfx.com/: (56, 'SSL
 <ruleset name="prosystemfx.com">
 
 	<target host="prosystemfx.com" />
-	<target host="*.prosystemfx.com" />
+	<target host="www.prosystemfx.com" />
+	<target host="stagewww.prosystemfx.com" />
+	<target host="cchknowledgecenter.prosystemfx.com" />
 
 
-	<securecookie host="^(?:.*\.)?prosystemfx\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:(stage)?www\.)?prosystemfx\.com/"
 		to="https://$1www.prosystemfx.com/" />
 
-	<rule from="^http://cchknowledgecenter\.prosystemfx\.com/"
-		to="https://cchknowledgecenter.prosystemfx.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ProtectWise.com.xml b/src/chrome/content/rules/ProtectWise.com.xml
deleted file mode 100644
index 63cf3798dfeb..000000000000
--- a/src/chrome/content/rules/ProtectWise.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	^protectwise.com: Refused
-
-
-	Insecure cookies are set for these domains:
-
-		- .protectwise.com
-
--->
-<ruleset name="ProtectWise.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.protectwise.com" />
-
-	<!--	Complications:
-				-->
-	<target host="protectwise.com" />
-
-
-	<!--	CloudFlare cookies
-					-->
-	<!--securecookie host="^\.protectwise\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://protectwise\.com/"
-		to="https://www.protectwise.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Protect_Network.xml b/src/chrome/content/rules/Protect_Network.xml
index a93b81181401..886c6d212d5e 100644
--- a/src/chrome/content/rules/Protect_Network.xml
+++ b/src/chrome/content/rules/Protect_Network.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://protectnetwork.org/ => https://protectnetwork.org/: (6, 'Could not resolve host: protectnetwork.org')
 
 -->
-<ruleset name="Protect Network" default_off='failed ruleset test'>
+<ruleset name="Protect Network" default_off="failed ruleset test">
 
 	<target host="protectnetwork.org" />
 	<target host="app.protectnetwork.org" />
@@ -16,4 +16,4 @@ Fetch error: http://protectnetwork.org/ => https://protectnetwork.org/: (6, 'Cou
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Protonirockerxow.onion.xml b/src/chrome/content/rules/Protonirockerxow.onion.xml
index 0e1f756a18a5..bd46642578c8 100644
--- a/src/chrome/content/rules/Protonirockerxow.onion.xml
+++ b/src/chrome/content/rules/Protonirockerxow.onion.xml
@@ -2,9 +2,9 @@
 	Invalid certificates:
 		- *.protonirockerxow.onion
 
-	This ruleset covers ProtonMail hidden services on Tor.
+	This ruleset covers ProtonMail onion services on Tor.
 -->
-<ruleset name="ProtonMail Hidden Service">
+<ruleset name="ProtonMail Onion Service">
 	<target host="protonirockerxow.onion" />
 
 	<securecookie host=".+" name=".+" />
diff --git a/src/chrome/content/rules/Provantage.xml b/src/chrome/content/rules/Provantage.xml
index b3cc997332bb..472cbd9c9b1e 100644
--- a/src/chrome/content/rules/Provantage.xml
+++ b/src/chrome/content/rules/Provantage.xml
@@ -1,9 +1,9 @@
 <ruleset name="Provantage" platform="mixedcontent">
 
 	<target host="provantage.com"/>
-	<target host="*.provantage.com"/>
+	<target host="www.provantage.com" />
 
-	<securecookie host="^(?:.*\.)?provantage\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://(?:www\.)?provantage\.com/"
diff --git a/src/chrome/content/rules/Proven_Credible.xml b/src/chrome/content/rules/Proven_Credible.xml
index a3f9af4ec86a..60a6d3481f3f 100644
--- a/src/chrome/content/rules/Proven_Credible.xml
+++ b/src/chrome/content/rules/Proven_Credible.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?provencredible\.com/"
 		to="https://www.provencredible.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Proxer.me.xml b/src/chrome/content/rules/Proxer.me.xml
index 93a6070e13ff..e3403a12248d 100644
--- a/src/chrome/content/rules/Proxer.me.xml
+++ b/src/chrome/content/rules/Proxer.me.xml
@@ -11,7 +11,7 @@
 	<target host="upload.proxer.me" />
 <!--
 	Amazon shop integration broken by mixed content blocking
-									-->	
+									-->
 	<exclusion pattern="^http://proxer\.me/ashop" />
 
 	<securecookie host="^(.*\.)?proxer\.me$" name=".+" />
diff --git a/src/chrome/content/rules/Proxery.com.xml b/src/chrome/content/rules/Proxery.com.xml
deleted file mode 100644
index 81899e5d194b..000000000000
--- a/src/chrome/content/rules/Proxery.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .proxery.com
-		- www.proxery.com
-
--->
-<ruleset name="Proxery.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="proxery.com" />
-	<target host="www.proxery.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.proxery\.com$" name="^(__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^www\.proxery\.com$" name="^s$" /-->
-
-	<securecookie host="^(?:www)?\.proxery\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Proxifier.com.xml b/src/chrome/content/rules/Proxifier.com.xml
new file mode 100644
index 000000000000..bdce853f5bc1
--- /dev/null
+++ b/src/chrome/content/rules/Proxifier.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- ipv6
+		- new
+-->
+<ruleset name="Proxifier.com">
+	<target host="proxifier.com" />
+	<target host="www.proxifier.com" />
+	<target host="support.proxifier.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Proxify.xml b/src/chrome/content/rules/Proxify.xml
index 0775f7529560..954795fbd1bc 100644
--- a/src/chrome/content/rules/Proxify.xml
+++ b/src/chrome/content/rules/Proxify.xml
@@ -3,7 +3,7 @@
 	<target host="proxify.com"/>
 	<target host="www.proxify.com"/>
 
-	<securecookie host="^(?:.*\.)?proxify\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Proxmox.com.xml b/src/chrome/content/rules/Proxmox.com.xml
index c761c1d18a41..dd08d2b2d631 100644
--- a/src/chrome/content/rules/Proxmox.com.xml
+++ b/src/chrome/content/rules/Proxmox.com.xml
@@ -4,10 +4,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://proxmox.com/ => https://proxmox.com/: (51, "SSL: no alternative certificate subject name matches target host name 'proxmox.com'")
 
 -->
-<ruleset name="Proxmox.com" default_off='failed ruleset test'>
+<ruleset name="Proxmox.com" default_off="failed ruleset test">
 
 	<target host="proxmox.com" />
-	<target host="*.proxmox.com" />
+	<target host="forum.proxmox.com" />
+	<target host="pve.proxmox.com" />
+	<target host="www.proxmox.com" />
 
 
 	<!--	Not secured by server:
@@ -18,7 +20,6 @@ Fetch error: http://proxmox.com/ => https://proxmox.com/: (51, "SSL: no alternat
 	<securecookie host="^(?:forum\.|www\.)?proxmox\.com$" name=".+" />
 
 
-	<rule from="^http://((?:forum|pve|www)\.)?proxmox\.com/"
-		to="https://$1proxmox.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Proxy.org.xml b/src/chrome/content/rules/Proxy.org.xml
index 223456b7b027..3ec3c3d4bfae 100644
--- a/src/chrome/content/rules/Proxy.org.xml
+++ b/src/chrome/content/rules/Proxy.org.xml
@@ -7,7 +7,7 @@
 	<!--	encountered:
 			- proxy.org
 			- .proxy.org		-->
-	<securecookie host="^(?:.*\.)?proxy\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Prxy.com.xml b/src/chrome/content/rules/Prxy.com.xml
index f27b974d3ddc..20cf9ad43ae9 100644
--- a/src/chrome/content/rules/Prxy.com.xml
+++ b/src/chrome/content/rules/Prxy.com.xml
@@ -13,11 +13,11 @@
 		- .prxy.com
 
 -->
-<ruleset name="prxy.com" default_off="missing certificate chain">
+<ruleset name="prxy.com" default_off="cert-chain">
 
 	<target host="prxy.com" />
 
-	<target host="*.prxy.com" />
+	<target host="www.prxy.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Psychology-Tools.com.xml b/src/chrome/content/rules/Psychology-Tools.com.xml
new file mode 100644
index 000000000000..f311ee1268fd
--- /dev/null
+++ b/src/chrome/content/rules/Psychology-Tools.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="Psychology-Tools.com">
+	<target host="psychology-tools.com" />
+	<target host="www.psychology-tools.com" />
+	<target host="amp.psychology-tools.com" />
+	<target host="beta.psychology-tools.com" />
+	<target host="lamp.psychology-tools.com" />
+	<target host="lamp-sf02.psychology-tools.com" />
+	<target host="sf02-beta.psychology-tools.com" />
+	<target host="sf02-floating.psychology-tools.com" />
+	<target host="tumblr.psychology-tools.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pt_engine.jp.xml b/src/chrome/content/rules/Pt_engine.jp.xml
index a85beac0f617..a6260b6cd46b 100644
--- a/src/chrome/content/rules/Pt_engine.jp.xml
+++ b/src/chrome/content/rules/Pt_engine.jp.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ptpimg.me.xml b/src/chrome/content/rules/Ptpimg.me.xml
index 2c4c8324215d..233311ae1497 100644
--- a/src/chrome/content/rules/Ptpimg.me.xml
+++ b/src/chrome/content/rules/Ptpimg.me.xml
@@ -1,5 +1,5 @@
 <ruleset name="Ptpimg.me">
-    <target host="*.ptpimg.me" />
+    <target host="www.ptpimg.me" />
     <target host="ptpimg.me" />
 
     <rule from="^http://(?:www\.)?ptpimg\.me/" to="https://ptpimg.me/" />
diff --git a/src/chrome/content/rules/PubGears.com.xml b/src/chrome/content/rules/PubGears.com.xml
deleted file mode 100644
index 0107b2104eaf..000000000000
--- a/src/chrome/content/rules/PubGears.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- tags *
-
-	* Refused
-
--->
-<ruleset name="PubGears.com (partial)">
-
-	<target host="ox-d.pubgears.com" />
-
-
-	<securecookie host="^ox-d\.pubgears\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/PubMatic.xml b/src/chrome/content/rules/PubMatic.xml
index 6fca761a8e01..d8da7ffbe549 100644
--- a/src/chrome/content/rules/PubMatic.xml
+++ b/src/chrome/content/rules/PubMatic.xml
@@ -45,7 +45,7 @@
 					-->
 	<!--securecookie host="^\.pubmatic\.com$" name="^(KRTBCOOKIE_\d+|PUBMDCID|PUBRETARGET)$" /-->
 
-	<securecookie host="^.*\.pubmatic\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://image(2|4)\.pubmatic\.com/"
diff --git a/src/chrome/content/rules/PubNXT.net.xml b/src/chrome/content/rules/PubNXT.net.xml
deleted file mode 100644
index c1e3a7a92427..000000000000
--- a/src/chrome/content/rules/PubNXT.net.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nunfunctional subdomains:
-
-		- (www.) *
-		- www.analytics *
-
-	* Invalid cert
-
--->
-<ruleset name="PubNXT.net (partial)">
-
-	<target host="analytics.pubnxt.net" />
-		<!--exclusion pattern="^http://(www\.analytics|www)\.pubnxt\.net/" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PubNub.xml b/src/chrome/content/rules/PubNub.xml
index 9c774270d1d5..9e6767ba3446 100644
--- a/src/chrome/content/rules/PubNub.xml
+++ b/src/chrome/content/rules/PubNub.xml
@@ -45,4 +45,4 @@
 	<rule from="^http://(?:www\.)?help\.pubnub\.com/"
 		to="https://help.pubnub.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PubSoft.org.xml b/src/chrome/content/rules/PubSoft.org.xml
index 16b2d82d4987..ae064ac2fe49 100644
--- a/src/chrome/content/rules/PubSoft.org.xml
+++ b/src/chrome/content/rules/PubSoft.org.xml
@@ -1,4 +1,4 @@
-<ruleset name="PubSoft.org" default_off='missing certificate chain'>
+<ruleset name="PubSoft.org" default_off="missing certificate chain">
 	<target host="pubsoft.org" />
 	<target host="www.pubsoft.org" />
 
diff --git a/src/chrome/content/rules/Pubdirecte.com.xml b/src/chrome/content/rules/Pubdirecte.com.xml
deleted file mode 100644
index 901583a54000..000000000000
--- a/src/chrome/content/rules/Pubdirecte.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	 subdomains:
-
-		- (www.)	(mismatched, CN: secure.pubdirecte.com)
-		- static	(refused)
-
-
-	Mixed content:
-
-		- Images on secure from static *
-
-	* Secured by us
-
--->
-<ruleset name="Pubdirecte.com">
-
-	<target host="pubdirecte.com" />
-	<target host="*.pubdirecte.com" />
-
-
-	<securecookie host="^secure\.pubdirecte\.com$" name=".+" />
-
-
-	<rule from="^http://(?:(?:secure|static|www)\.)?pubdirecte\.com/"
-		to="https://secure.pubdirecte.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Public-Idees.xml b/src/chrome/content/rules/Public-Idees.xml
index b5496a51c37c..315bbe90272c 100644
--- a/src/chrome/content/rules/Public-Idees.xml
+++ b/src/chrome/content/rules/Public-Idees.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Public.Resource.Org.xml b/src/chrome/content/rules/Public.Resource.Org.xml
index 722aeabd3567..a25b6f9905e6 100644
--- a/src/chrome/content/rules/Public.Resource.Org.xml
+++ b/src/chrome/content/rules/Public.Resource.Org.xml
@@ -21,7 +21,7 @@ Fetch error: http://wwlbd.org/ => https://wwlbd.org/: (28, 'Connection timed out
 	* Cert name mismatch
 
 -->
-<ruleset name="Public.Resource.Org" default_off='failed ruleset test'>
+<ruleset name="Public.Resource.Org" default_off="failed ruleset test">
 
 	<target host="bulk.resource.org" />
 	<target host="house.resource.org" />
diff --git a/src/chrome/content/rules/PublicBank.com.hk.xml b/src/chrome/content/rules/PublicBank.com.hk.xml
index 0c8da04d17a2..2b504da043ba 100644
--- a/src/chrome/content/rules/PublicBank.com.hk.xml
+++ b/src/chrome/content/rules/PublicBank.com.hk.xml
@@ -23,7 +23,7 @@
 
   	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PublicBank.com.vn.xml b/src/chrome/content/rules/PublicBank.com.vn.xml
deleted file mode 100644
index 08970d6f2408..000000000000
--- a/src/chrome/content/rules/PublicBank.com.vn.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Public Bank coverage, see PBeBank.com.xml
-
-
-	Non-functional subdomains:
-		- $self		(r)
-		- mail2		(t)
-		- mail3		(t)
-		- ns2		(t)
-		- ns3		(t)
-
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="Public Bank Vietnam">
-
-	<target host="ebank.publicbank.com.vn" />
-
-  	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" 
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PublicCitizen.xml b/src/chrome/content/rules/PublicCitizen.xml
index e904d14bbf32..4b9793b3dc3d 100644
--- a/src/chrome/content/rules/PublicCitizen.xml
+++ b/src/chrome/content/rules/PublicCitizen.xml
@@ -21,7 +21,9 @@
 <ruleset name="Public Citizen">
 
 	<target host="citizen.org" />
-	<target host="*.citizen.org" />
+	<target host="www.citizen.org" />
+	<target host="action.citizen.org" />
+	<target host="secure.citizen.org" />
 
 
 	<securecookie host="^(?:action|secure|www)\.citizen\.org$" name=".+" />
@@ -30,7 +32,6 @@
 	<rule from="^http://(?:www\.)?citizen\.org/"
 		to="https://www.citizen.org/" />
 
-	<rule from="^http://(action|secure)\.citizen\.org/"
-		to="https://$1.citizen.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/PublicInsightNetwork.org.xml b/src/chrome/content/rules/PublicInsightNetwork.org.xml
index 341372d80b3a..df15806922b3 100644
--- a/src/chrome/content/rules/PublicInsightNetwork.org.xml
+++ b/src/chrome/content/rules/PublicInsightNetwork.org.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://publicinsightnetwork.org/ (200) => https://publicinsig
 Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://publicinsightnetwork.org/ (200) => https://publicinsightnetwork.org/ (403)
 -->
-<ruleset name="PublicInsightNetwork.org" default_off='failed ruleset test'>
+<ruleset name="PublicInsightNetwork.org" default_off="failed ruleset test">
 
 	<target host="publicinsightnetwork.org" />
 	<target host="www.publicinsightnetwork.org" />
@@ -17,4 +17,4 @@ Non-2xx HTTP code: http://publicinsightnetwork.org/ (200) => https://publicinsig
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PublicInvestBank.com.xml b/src/chrome/content/rules/PublicInvestBank.com.xml
deleted file mode 100644
index 25615dd2ba4e..000000000000
--- a/src/chrome/content/rules/PublicInvestBank.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Public Bank coverage, see PBeBank.com.xml
-
-
-	Non-functional subdomains:
-		- etdoms	(t)
-		- ns2	(t)
-		- ns3	(t)
-		- uat	(i)
-
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="Public Investment Bank">
-
-	<target host="publicinvestbank.com" />
-	<target host="www.publicinvestbank.com" />
-
-  	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" 
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PublicIslamicBank.xml b/src/chrome/content/rules/PublicIslamicBank.xml
deleted file mode 100644
index 6661b8eb4c0a..000000000000
--- a/src/chrome/content/rules/PublicIslamicBank.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other Public Bank coverage, see PBeBank.com.xml
-
-
-	Non-functional subdomains:
-		- $self		(m)
-		- mail2		(t)
-		- mail3		(t)
-
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="Public Islamic Bank">
-
-	<target host="publicislamicbank.com.my" />
-	<target host="www.publicislamicbank.com.my" />
-
-  	<securecookie host=".+" name=".+" />
-
-	<!-- certificate mismatch -->
-	<rule from="^http://publicislamicbank\.com\.my/"
-		to="https://www.publicislamicbank.com.my/" />
-
-	<rule from="^http:" 
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PublicMutual.xml b/src/chrome/content/rules/PublicMutual.xml
index 0e25781ce663..400c33c1fe77 100644
--- a/src/chrome/content/rules/PublicMutual.xml
+++ b/src/chrome/content/rules/PublicMutual.xml
@@ -27,7 +27,7 @@
 	<rule from="^http://publicmutualonline\.com\.my/"
 		to="https://www.publicmutualonline.com.my/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PublicSectorManagementProgram.xml b/src/chrome/content/rules/PublicSectorManagementProgram.xml
index 99adf8ea2bd7..fc5a18c5842c 100644
--- a/src/chrome/content/rules/PublicSectorManagementProgram.xml
+++ b/src/chrome/content/rules/PublicSectorManagementProgram.xml
@@ -10,10 +10,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://psmprogram.gov.au/ => https://www.psmprogram.gov.au/: Too many redirects while fetching 'https://www.psmprogram.gov.au/'
 
 -->
-<ruleset name="Public Sector Management Program" default_off='failed ruleset test'>
+<ruleset name="Public Sector Management Program" default_off="failed ruleset test">
 	<target host="psmprogram.gov.au" />
-	<target host="*.psmprogram.gov.au" />
+	<target host="www.psmprogram.gov.au" />
 
 	<rule from="^http://(?:www\.)?psmprogram\.gov\.au/"
 		to="https://www.psmprogram.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml b/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml
index 044fb0920c3e..ac50267921a9 100644
--- a/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml
+++ b/src/chrome/content/rules/PublicSectorSuperannuationAccumulationPlan.xml
@@ -1,7 +1,7 @@
 <ruleset name="Public Sector Superannuation Accumulation Plan">
 	<target host="pssap.gov.au" />
-	<target host="*.pssap.gov.au" />
+	<target host="www.pssap.gov.au" />
 
 	<rule from="^http://(?:www\.)?pssap\.gov\.au/"
 		to="https://www.pssap.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml b/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml
index bce28c73a7de..ec273014aa47 100644
--- a/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml
+++ b/src/chrome/content/rules/PublicSectorSuperannuationScheme.xml
@@ -1,7 +1,7 @@
 <ruleset name="Public Sector Superannuation Scheme">
 	<target host="pss.gov.au" />
-	<target host="*.pss.gov.au" />
+	<target host="www.pss.gov.au" />
 
 	<rule from="^http://(?:www\.)?pss\.gov\.au/"
 		to="https://www.pss.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PublicWWW.com.xml b/src/chrome/content/rules/PublicWWW.com.xml
new file mode 100644
index 000000000000..a84e45b78ba9
--- /dev/null
+++ b/src/chrome/content/rules/PublicWWW.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="PublicWWW.com">
+	<target host="publicwww.com" />
+	<target host="www.publicwww.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Public_Whip.xml b/src/chrome/content/rules/Public_Whip.xml
index c9def4e07bad..866a648febd2 100644
--- a/src/chrome/content/rules/Public_Whip.xml
+++ b/src/chrome/content/rules/Public_Whip.xml
@@ -8,10 +8,10 @@ Fetch error: http://publicwhip.org.uk/ => https://www.publicwhip.org.uk/: (51, "
 	!www doesn't work.
 
 -->
-<ruleset name="The Public Whip" default_off='failed ruleset test'>
+<ruleset name="The Public Whip" default_off="failed ruleset test">
 
 	<target host="publicwhip.org.uk" />
-	<target host="*.publicwhip.org.uk" />
+	<target host="www.publicwhip.org.uk" />
 
 
 	<securecookie host="^\.publicwhip\.org\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/Publiekeomroep.nl.xml b/src/chrome/content/rules/Publiekeomroep.nl.xml
index 2fb61c806521..d2fe2aed754f 100644
--- a/src/chrome/content/rules/Publiekeomroep.nl.xml
+++ b/src/chrome/content/rules/Publiekeomroep.nl.xml
@@ -9,7 +9,7 @@
 -->
 <ruleset name="publiekeomroep.nl (partial)">
 
-	<target host="*.publiekeomroep.nl" />
+	<target host="cookiesv2.publiekeomroep.nl" />
 
 
 	<!--	Not secured by server:
@@ -30,7 +30,6 @@
 	<!--rule from="^http://(?:www\.)?publiekeomroep\.nl/+"
 		to="https://www.publiekeomroep.nl/" /-->
 
-	<rule from="^http://cookiesv2\.publiekeomroep\.nl/"
-		to="https://cookiesv2.publiekeomroep.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/PublikDemand.xml b/src/chrome/content/rules/PublikDemand.xml
index d43c808f3b88..300370d9f6d5 100644
--- a/src/chrome/content/rules/PublikDemand.xml
+++ b/src/chrome/content/rules/PublikDemand.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://publikdemand.com/ => https://publikdemand.com/: (6, 'Could not resolve host: publikdemand.com')
 Fetch error: http://www.publikdemand.com/ => https://www.publikdemand.com/: (6, 'Could not resolve host: www.publikdemand.com')
 -->
-<ruleset name="PublicDemand" default_off='failed ruleset test'>
+<ruleset name="PublicDemand" default_off="failed ruleset test">
 
 	<target host="publikdemand.com" />
 	<target host="www.publikdemand.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.publikdemand.com/ => https://www.publikdemand.com/: (6,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Puhkaeestis.ee.xml b/src/chrome/content/rules/Puhkaeestis.ee.xml
index 8b2211ff86f7..1309e09b9f61 100644
--- a/src/chrome/content/rules/Puhkaeestis.ee.xml
+++ b/src/chrome/content/rules/Puhkaeestis.ee.xml
@@ -16,13 +16,13 @@
 <ruleset name="Puhkaeestis.ee">
 
 	<target host="puhkaeestis.ee" />
-	<target host="*.puhkaeestis.ee" />
+	<target host="www.puhkaeestis.ee" />
+	<target host="prelive.puhkaeestis.ee" />
 
 
 	<rule from="^http://(?:www\.)?puhkaeestis\.ee/"
 		to="https://www.puhkaeestis.ee/" />
 
-	<rule from="^http://prelive\.puhkaeestis\.ee/"
-		to="https://prelive.puhkaeestis.ee/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Pulpix.co.xml b/src/chrome/content/rules/Pulpix.co.xml
index 60d4b92c237f..30f2f6de614d 100644
--- a/src/chrome/content/rules/Pulpix.co.xml
+++ b/src/chrome/content/rules/Pulpix.co.xml
@@ -25,7 +25,7 @@ Fetch error: http://pulpix.co/ => https://www.pulpix.co/: (7, 'Failed to connect
 		- www.pulpix.co
 
 -->
-<ruleset name="Pulpix.co" default_off='failed ruleset test'>
+<ruleset name="Pulpix.co" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Pulse.me.xml b/src/chrome/content/rules/Pulse.me.xml
index e22950cd76cf..6b33a30ae1c5 100644
--- a/src/chrome/content/rules/Pulse.me.xml
+++ b/src/chrome/content/rules/Pulse.me.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.pulse.me/ => https://www.pulse.me/: (60, 'SSL certificat
 Fetch error: http://pulse.me/ => https://www.pulse.me/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Pulse.me" default_off='failed ruleset test'>
+<ruleset name="Pulse.me" default_off="failed ruleset test">
   <target host="www.pulse.me" />
   <target host="pulse.me" />
 
diff --git a/src/chrome/content/rules/PulsePoint.xml b/src/chrome/content/rules/PulsePoint.xml
index 94c5df1d8939..5f13c0b16c1a 100644
--- a/src/chrome/content/rules/PulsePoint.xml
+++ b/src/chrome/content/rules/PulsePoint.xml
@@ -12,7 +12,6 @@ Fetch error: http://www.apertureinsight.com/ => https://www.apertureinsight.com/
 	Other PulsePoint rulesets:
 
 		- Contextweb.com.xml
-		- Displaymarketplace.com.xml
 
 
 	Nonfunctional domains:
@@ -38,7 +37,7 @@ Fetch error: http://www.apertureinsight.com/ => https://www.apertureinsight.com/
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="PulsePoint (partial)" default_off='failed ruleset test'>
+<ruleset name="PulsePoint (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Puma.com.xml b/src/chrome/content/rules/Puma.com.xml
index 03f62ec39ff8..4d5b723ea8ae 100644
--- a/src/chrome/content/rules/Puma.com.xml
+++ b/src/chrome/content/rules/Puma.com.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.puma.com/ => https://www.puma.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://puma.com/ => https://www.puma.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Puma.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Puma.com" platform="mixedcontent" default_off="failed ruleset test">
   <target host="www.puma.com" />
   <target host="assets.puma.com" />
   <target host="is.puma.com" />
diff --git a/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml b/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml
index e337aab5e40b..83d522a8a63a 100644
--- a/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml
+++ b/src/chrome/content/rules/Pumo.com.tw-falsemixed.xml
@@ -4,13 +4,12 @@
 -->
 <ruleset name="Pumo.com.tw (false MCB)" platform="mixedcontent">
 
-	<target host="*.pumo.com.tw" />
+	<target host="www.pumo.com.tw" />
 
 
 	<securecookie host="^www\.pumo\.com\.tw$" name=".+" />
 
 
-	<rule from="^http://www\.pumo\.com\.tw/"
-		to="https://www.pumo.com.tw/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Punterlink.xml b/src/chrome/content/rules/Punterlink.xml
index 2a9ffc754312..cce2d7e7739a 100644
--- a/src/chrome/content/rules/Punterlink.xml
+++ b/src/chrome/content/rules/Punterlink.xml
@@ -21,7 +21,7 @@ Fetch error: http://cdn.punterlink.co.uk/ => https://3026-iamnoonesolution.netdn
 			- Mismatched, CN: *.trappedinsidethecomputer.net
 
 -->
-<ruleset name="Punterlink (partial)" default_off='failed ruleset test'>
+<ruleset name="Punterlink (partial)" default_off="failed ruleset test">
 
 	<target host="cdn.punterlink.co.uk" />
 
@@ -29,4 +29,4 @@ Fetch error: http://cdn.punterlink.co.uk/ => https://3026-iamnoonesolution.netdn
 	<rule from="^http://cdn\.punterlink\.co\.uk/"
 		to="https://3026-iamnoonesolution.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Punycoder.com.xml b/src/chrome/content/rules/Punycoder.com.xml
new file mode 100644
index 000000000000..452084dfe6f8
--- /dev/null
+++ b/src/chrome/content/rules/Punycoder.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Punycoder.com">
+	<target host="punycoder.com" />
+	<target host="www.punycoder.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Puppet_Labs.xml b/src/chrome/content/rules/Puppet_Labs.xml
index cd471ae74bf4..ce5920f331b7 100644
--- a/src/chrome/content/rules/Puppet_Labs.xml
+++ b/src/chrome/content/rules/Puppet_Labs.xml
@@ -11,7 +11,7 @@ Fetch error: http://forgestagingapi.puppetlabs.com/ => https://forgestagingapi.p
 	* Marketo
 
 -->
-<ruleset name="Puppet Labs.com" default_off='failed ruleset test'>
+<ruleset name="Puppet Labs.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Purdue_Alumni_Association.xml b/src/chrome/content/rules/Purdue_Alumni_Association.xml
index ba525fc986dc..5af5cc3d422a 100644
--- a/src/chrome/content/rules/Purdue_Alumni_Association.xml
+++ b/src/chrome/content/rules/Purdue_Alumni_Association.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.purduealumni.org/ => https://www.purduealumni.org/: (60,
 	Certs only match www.
 
 -->
-<ruleset name="Purdue University Association" default_off='failed ruleset test'>
+<ruleset name="Purdue University Association" default_off="failed ruleset test">
 
 	<target host="purduealum.org" />
 	<target host="purduealumni.org" />
diff --git a/src/chrome/content/rules/Purdue_Plant_Doctor.xml b/src/chrome/content/rules/Purdue_Plant_Doctor.xml
index 1d630b0c1050..7566651f9a05 100644
--- a/src/chrome/content/rules/Purdue_Plant_Doctor.xml
+++ b/src/chrome/content/rules/Purdue_Plant_Doctor.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Purdue_University.xml b/src/chrome/content/rules/Purdue_University.xml
index e09de341ead5..8a5d9b13ae0b 100644
--- a/src/chrome/content/rules/Purdue_University.xml
+++ b/src/chrome/content/rules/Purdue_University.xml
@@ -79,7 +79,7 @@
 	² Redirects to gweb; mismatched, CN: gweb.genomics.purdue.edu
 	³ Shows www.pharmacy; mismatched, CN: www.pharmacy.purdue.edu
 	⁴ Shows web02p.lib; mismatched, CN: web02p.lib.purdue.edu
-	⁵ Shows api01p.lib; expired 2012-03-31, self-signed, CN: api01p.lib.purdue.edu	
+	⁵ Shows api01p.lib; expired 2012-03-31, self-signed, CN: api01p.lib.purdue.edu
 	⁶ Shows www.math; mismatched, CN: www.math.purdue.edu
 
 
diff --git a/src/chrome/content/rules/Pure-Auto.xml b/src/chrome/content/rules/Pure-Auto.xml
index 4216e6efe45f..5bb1b2d9b3f9 100644
--- a/src/chrome/content/rules/Pure-Auto.xml
+++ b/src/chrome/content/rules/Pure-Auto.xml
@@ -4,7 +4,7 @@
 	<target host="www.purecars.com"/>
 
 	<!--	encountered: purecars.com. www.purecars.com	-->
-	<securecookie host="^(?:.*\.)?purecars\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Pure-privacy.org.xml b/src/chrome/content/rules/Pure-privacy.org.xml
index 991ce79bbf13..2f963b8ef1a7 100644
--- a/src/chrome/content/rules/Pure-privacy.org.xml
+++ b/src/chrome/content/rules/Pure-privacy.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.pure-privacy.org/ => https://pure-privacy.org/: (60, 'SS
 	www: mismatched, CN: download.truecrypt.ch
 
 -->
-<ruleset name="pure-privacy.org" default_off='failed ruleset test'>
+<ruleset name="pure-privacy.org" default_off="failed ruleset test">
 
 	<target host="pure-privacy.org" />
 	<target host="www.pure-privacy.org" />
diff --git a/src/chrome/content/rules/PureHacking.xml b/src/chrome/content/rules/PureHacking.xml
deleted file mode 100644
index dface9c2c71a..000000000000
--- a/src/chrome/content/rules/PureHacking.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="PureHacking">
- <target host="www.purehacking.com" />
- <target host="purehacking.com" />
-
- <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/PureInfo.xml b/src/chrome/content/rules/PureInfo.xml
index 975e804f21dd..2a7842725a92 100644
--- a/src/chrome/content/rules/PureInfo.xml
+++ b/src/chrome/content/rules/PureInfo.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pure_Cambogia.com.xml b/src/chrome/content/rules/Pure_Cambogia.com.xml
deleted file mode 100644
index 8c3c6fd59a5c..000000000000
--- a/src/chrome/content/rules/Pure_Cambogia.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- css on (www.) from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Pure Cambogia.com">
-
-	<target host="purecambogia.com" />
-	<target host="www.purecambogia.com" />
-
-
-	<securecookie host="^\.purecambogia\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pureloto.com.xml b/src/chrome/content/rules/Pureloto.com.xml
deleted file mode 100644
index 524788f2f94a..000000000000
--- a/src/chrome/content/rules/Pureloto.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Pureloto.com">
-
-	<target host="pureloto.com" />
-	<target host="www.pureloto.com" />
-
-
-	<securecookie host="^(?:www)?\.pureloto\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Pururin.io.xml b/src/chrome/content/rules/Pururin.io.xml
new file mode 100644
index 000000000000..5e1b6022991d
--- /dev/null
+++ b/src/chrome/content/rules/Pururin.io.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- email
+-->
+<ruleset name="Pururin.io">
+	<target host="pururin.io" />
+	<target host="www.pururin.io" />
+	<target host="cdn.pururin.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pururin.us.xml b/src/chrome/content/rules/Pururin.us.xml
deleted file mode 100644
index 9087fc47886a..000000000000
--- a/src/chrome/content/rules/Pururin.us.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Mixed content blocking:
-		forum.pururin.us
-
--->
-<ruleset name="Pururin.us">
-	<target host="pururin.us" />
-	<target host="www.pururin.us" />
-	<target host="forum.pururin.us" />
-		<exclusion pattern="http://forum\.pururin\.us/$" />
-		<test url="http://forum.pururin.us/deferred.php" />
-		<test url="http://forum.pururin.us/js/jquery/jquery-1.11.0.min.js" />
-		<test url="http://forum.pururin.us/styles/brivium/tin/extra/arrow-heading.png" />
-
-	<rule from="^http://forum\.pururin\.us/(deferred.php|js/|styles/)"
-		to="https://forum.pururin.us/$1" />
-	<rule from="^http://(www\.)?pururin\.us/"
-		to="https://$1pururin.us/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Push.IO.xml b/src/chrome/content/rules/Push.IO.xml
deleted file mode 100644
index 8191f73c9c90..000000000000
--- a/src/chrome/content/rules/Push.IO.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(520)
-
--->
-<ruleset name="Push.IO (partial)">
-
-	<target host="manage.push.io" />
-	<target host="status.push.io" />
-
-
-	<securecookie host="^manage\.push\.io$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PushPlay.xml b/src/chrome/content/rules/PushPlay.xml
index 53347c222de1..422fcdeb7ec8 100644
--- a/src/chrome/content/rules/PushPlay.xml
+++ b/src/chrome/content/rules/PushPlay.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Pusher.com.xml b/src/chrome/content/rules/Pusher.com.xml
index 7756105aa0a4..6de43d03a166 100644
--- a/src/chrome/content/rules/Pusher.com.xml
+++ b/src/chrome/content/rules/Pusher.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Other Pusher rulesets:
 
-		- Pusher.xml
+		- PusherApp.com.xml
 
 
 	Nonfunctional subdomains:
diff --git a/src/chrome/content/rules/Pusher.xml b/src/chrome/content/rules/Pusher.xml
deleted file mode 100644
index 9ba92676c3f5..000000000000
--- a/src/chrome/content/rules/Pusher.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Pusher coverage, see Pusher.com.xml.
-
-
-	pusher.herokuapp.com: 503
-
--->
-<ruleset name="Pusher (partial)">
-
-	<target host="pusherapp.com" />
-	<target host="*.pusherapp.com" />
-
-
-	<securecookie host="^app\.pusherapp\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?pusherapp\.com/"
-		to="https://pusher.com/" />
-
-	<rule from="^http://(app|ws)\.pusherapp\.com/"
-		to="https://$1.pusherapp.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PusherApp.com.xml b/src/chrome/content/rules/PusherApp.com.xml
new file mode 100644
index 000000000000..8673bc0f6113
--- /dev/null
+++ b/src/chrome/content/rules/PusherApp.com.xml
@@ -0,0 +1,21 @@
+<!--
+	For other Pusher coverage, see Pusher.com.xml.
+
+	Invalid certificate:
+		blog.pusherapp.com
+		js.pusherapp.com
+
+-->
+<ruleset name="PusherApp.com">
+
+	<target host="pusherapp.com" />
+	<target host="www.pusherapp.com" />
+	<target host="api.pusherapp.com" />
+	<target host="app.pusherapp.com" />
+
+	<securecookie host="^app\.pusherapp\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Pushsquare.com.xml b/src/chrome/content/rules/Pushsquare.com.xml
new file mode 100644
index 000000000000..bc28b44010ee
--- /dev/null
+++ b/src/chrome/content/rules/Pushsquare.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Pushsquare.com">
+	<target host="pushsquare.com" />
+	<target host="www.pushsquare.com" />
+	<target host="fs.pushsquare.com" />
+	<target host="images.pushsquare.com" />
+	<target host="sp.pushsquare.com" />
+	<target host="static.pushsquare.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/PutLocker.xml b/src/chrome/content/rules/PutLocker.xml
index 8cc6d1154080..ccee0e5ece64 100644
--- a/src/chrome/content/rules/PutLocker.xml
+++ b/src/chrome/content/rules/PutLocker.xml
@@ -23,7 +23,9 @@
 
 	<target host="wac.51d5.edgecastcdn.net" />
 	<target host="putlocker.com" />
-	<target host="*.putlocker.com" />
+	<target host="images.putlocker.com" />
+	<target host="static.putlocker.com" />
+	<target host="www.putlocker.com" />
 
 
 	<rule from="^http://wac\.51d5\.edgecastcdn\.net/8051D5/"
diff --git a/src/chrome/content/rules/Pviq.com.xml b/src/chrome/content/rules/Pviq.com.xml
deleted file mode 100644
index 3b78edcb35c1..000000000000
--- a/src/chrome/content/rules/Pviq.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other IBM coverage, see IBM.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- pviq.com
-		- www.pviq.com
-
--->
-<ruleset name="pviq.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="pviq.com" />
-	<target host="www.pviq.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?pviq\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?pviq\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/PwdHash.com.xml b/src/chrome/content/rules/PwdHash.com.xml
index 55ce8652180a..3a7aa2092ff6 100644
--- a/src/chrome/content/rules/PwdHash.com.xml
+++ b/src/chrome/content/rules/PwdHash.com.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/PyCon.org.xml b/src/chrome/content/rules/PyCon.org.xml
index 6f9c9d45918f..06dada7a4c66 100644
--- a/src/chrome/content/rules/PyCon.org.xml
+++ b/src/chrome/content/rules/PyCon.org.xml
@@ -36,7 +36,7 @@ Fetch error: http://2013.de.pycon.org/ => https://2013.de.pycon.org/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="PyCon.org (partial)" default_off='failed ruleset test'>
+<ruleset name="PyCon.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/PyData.org.xml b/src/chrome/content/rules/PyData.org.xml
index 7ceffeef17f6..03c5730e0bf1 100644
--- a/src/chrome/content/rules/PyData.org.xml
+++ b/src/chrome/content/rules/PyData.org.xml
@@ -1,13 +1,7 @@
 <!--
 	Invalid certificate:
-		blaze.pydata.org
-		blz.pydata.org
-		chicago.pydata.org
-		compilers.pydata.org
-		datashape.pydata.org
 		llvmlite.pydata.org
 		odo.pydata.org
-		xarray.pydata.org
 
 	No working URL known:
 		cdn.pydata.org
@@ -21,14 +15,20 @@
 	<target host="pydata.org" />
 	<target host="www.pydata.org" />
 	<target host="berlin.pydata.org" />
+	<target host="blaze.pydata.org" />
+	<target host="blz.pydata.org" />
 	<target host="bokeh.pydata.org" />
+	<target host="chicago.pydata.org" />
+	<target host="compilers.pydata.org" />
 	<target host="conda.pydata.org" />
 	<target host="dask.pydata.org" />
+	<target host="datashape.pydata.org" />
 	<target host="london.pydata.org" />
 	<target host="numba.pydata.org" />
 	<target host="pandas.pydata.org" />
 	<target host="seaborn.pydata.org" />
-
+	<target host="xarray.pydata.org" />
+	
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/PyPy.xml b/src/chrome/content/rules/PyPy.xml
new file mode 100644
index 000000000000..d4896cd8dad8
--- /dev/null
+++ b/src/chrome/content/rules/PyPy.xml
@@ -0,0 +1,20 @@
+<!--
+	Connection refused:
+		- speed.pypy.org
+
+	Invalid certificate:
+		- bugs.pypy.org
+		- buildbot.pypy.org
+		- doc.pypy.org: equivalent to pypy.readthedocs.io
+		- packages.pypy.org
+-->
+
+<ruleset name="PyPy">
+	<target host="pypy.org" />
+	<target host="www.pypy.org" />
+	<target host="doc.pypy.org" />
+
+	<rule from="^http://doc\.pypy\.org/"
+		  to="https://pypy.readthedocs.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Python-RQ.org.xml b/src/chrome/content/rules/Python-RQ.org.xml
new file mode 100644
index 000000000000..e5666f74baee
--- /dev/null
+++ b/src/chrome/content/rules/Python-RQ.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="Python-RQ.org">
+	<target host="python-rq.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Python.org.xml b/src/chrome/content/rules/Python.org.xml
index f1fbf0a2ab7a..6b6025aaa444 100644
--- a/src/chrome/content/rules/Python.org.xml
+++ b/src/chrome/content/rules/Python.org.xml
@@ -1,12 +1,10 @@
 <!--
 	HSTS preloaded:
+		- ^
 		- docs
 		- doc
 		- hg
-
-	Incomplete certificate chain:
-		- hg.es
-		- lists.es
+		- www
 
 	Mismatched:
 		- calendario.es
@@ -15,14 +13,9 @@
 		- www.pl
 		- forum.pl
 		- ns1.pl
-		- redesign
 		- uk
 
-	Refused:
-		- buildbot
-
 	TLS protocol errors:
-		- blog
 		- blog-cn
 		- blog-de
 		- blog-es
@@ -34,29 +27,30 @@
 		- blog-ru
 		- blog-tw
 		- dinsdale
-		- legacy
 -->
 
 <ruleset name="Python.org">
-	<target host="python.org" />
-	<target host="www.python.org" />
 	<target host="africa.python.org" />
+	<target host="blog.python.org" />
 	<target host="bugs.python.org" />
+	<target host="buildbot.python.org" />
 	<target host="cheeseshop.python.org" />
 	<target host="devguide.python.org" />
 	<target host="console.python.org" />
 	<target host="discuss.python.org" />
 	<target host="es.python.org" />
+	<target host="hg.es.python.org" />
+	<target host="lists.es.python.org" />
 	<target host="www.es.python.org" />
 	<target host="openbadges.es.python.org" />
 	<target host="socios.es.python.org" />
 	<target host="front.python.org" />
 	<target host="jobs.python.org" />
+	<target host="legacy.python.org" />
 	<target host="mail.python.org" />
 	<target host="packaging.python.org" />
 	<target host="packages.python.org" />
 	<target host="pl.python.org" />
-	<target host="pypi.python.org" />
 	<target host="planet.python.org" />
 	<target host="speed.python.org" />
 	<target host="staging.python.org" />
@@ -65,7 +59,6 @@
 	<target host="status.python.org" />
 	<target host="svn.python.org" />
 	<target host="testpypi.python.org" />
-	<target host="vote.python.org" />
 	<target host="warehouse.python.org" />
 	<target host="warehouse-staging.python.org" />
 	<target host="wiki.python.org" />
diff --git a/src/chrome/content/rules/PythonTutor.ru.xml b/src/chrome/content/rules/PythonTutor.ru.xml
new file mode 100644
index 000000000000..405e187ab26b
--- /dev/null
+++ b/src/chrome/content/rules/PythonTutor.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="PythonTutor.ru">
+	<target host="pythontutor.ru" />
+	<target host="www.pythontutor.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Pythonclock.org.xml b/src/chrome/content/rules/Pythonclock.org.xml
index 9a876f0e04f6..7e70bd4a8c13 100644
--- a/src/chrome/content/rules/Pythonclock.org.xml
+++ b/src/chrome/content/rules/Pythonclock.org.xml
@@ -2,7 +2,7 @@
 
 	<target host="pythonclock.org" />
 	<target host="www.pythonclock.org" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Pythonhosted.org.xml b/src/chrome/content/rules/Pythonhosted.org.xml
deleted file mode 100644
index d44a057d3fc5..000000000000
--- a/src/chrome/content/rules/Pythonhosted.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="pythonhosted.org">
-
-	<target host="pythonhosted.org" />
-	<target host="www.pythonhosted.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Q3k.org.xml b/src/chrome/content/rules/Q3k.org.xml
index a10a61184c3c..b4741345a5f3 100644
--- a/src/chrome/content/rules/Q3k.org.xml
+++ b/src/chrome/content/rules/Q3k.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.q3k.org/ => https://www.q3k.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.q3k.org'")
 
 -->
-<ruleset name="q3k.org" default_off='failed ruleset test'>
+<ruleset name="q3k.org" default_off="failed ruleset test">
 	<target host="q3k.org" />
 	<target host="www.q3k.org" />
 
diff --git a/src/chrome/content/rules/Q8Car.xml b/src/chrome/content/rules/Q8Car.xml
index 5df91d18734c..697ae0032054 100644
--- a/src/chrome/content/rules/Q8Car.xml
+++ b/src/chrome/content/rules/Q8Car.xml
@@ -15,7 +15,7 @@ Fetch error: http://images3.q8car.com/ => https://images3.q8car.com/: (6, 'Could
 	* Secured by us
 
 -->
-<ruleset name="Q8Car.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Q8Car.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QBE-Europe.com.xml b/src/chrome/content/rules/QBE-Europe.com.xml
new file mode 100644
index 000000000000..6e11b9fa318c
--- /dev/null
+++ b/src/chrome/content/rules/QBE-Europe.com.xml
@@ -0,0 +1,63 @@
+<!--
+	For other QBE coverage, see QBE.com.xml
+
+
+	Non-functional subdomains:
+		- allenkey	(ssl connection error)
+		- careers	(m)
+		- czech	(m)
+		- deutschland	(t)
+		- email	(m)
+		- espana	(t)
+		- france	(t)
+		- hungary	(m)
+		- img	(m)
+		- italia	(t)
+		- mailexpress-dev	(ssl connection error)
+		- ns1	(t)
+		- qriskrep	(t)
+		- schweiz	(m)
+		- slovakia	(m)
+		- sverige	(m)
+		- tpaccess-test	(t)
+		- tradecredit	(m)
+		- traveler	(t)
+		- umg	(t)
+		- video	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="QBE Europe.com">
+
+	<target host="qbeeurope.com" />
+	<target host="www.qbeeurope.com" />
+	<target host="brand.qbeeurope.com" />
+	<target host="confluence.qbeeurope.com" />
+	<target host="eopdremoteaccess.qbeeurope.com" />
+	<target host="grs.qbeeurope.com" />
+	<target host="jira.qbeeurope.com" />
+	<target host="mailexpress.qbeeurope.com" />
+	<target host="qbord.qbeeurope.com" />
+	<target host="qbord-pp.qbeeurope.com" />
+	<target host="qrisk.qbeeurope.com" />
+	<target host="qriskdist.qbeeurope.com" />
+	<target host="qriskint.qbeeurope.com" />
+	<target host="remoteaccess.qbeeurope.com" />
+	<target host="sftp.qbeeurope.com" />
+	<target host="sftp-dev.qbeeurope.com" />
+	<target host="stats.qbeeurope.com" />
+	<target host="tpaccess.qbeeurope.com" />
+	<target host="uc.qbeeurope.com" />
+	<target host="vpnaccess.qbeeurope.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QBE-Re.com.xml b/src/chrome/content/rules/QBE-Re.com.xml
new file mode 100644
index 000000000000..64dbab06a805
--- /dev/null
+++ b/src/chrome/content/rules/QBE-Re.com.xml
@@ -0,0 +1,26 @@
+<!--
+	For other QBE coverage, see QBE.com.xml
+
+
+	Non-functional subdomains:
+		- lyncdiscover	(m)
+		- sip	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="QBE Re.com">
+
+	<target host="qbere.com" />
+	<target host="www.qbere.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QBE.com.au.xml b/src/chrome/content/rules/QBE.com.au.xml
new file mode 100644
index 000000000000..6c435e1ecea5
--- /dev/null
+++ b/src/chrome/content/rules/QBE.com.au.xml
@@ -0,0 +1,46 @@
+<!--
+	For other QBE coverage, see QBE.com.xml
+
+
+	Non-functional subdomains:
+		- ctpfleet	(m)
+		- affinity.ebiz	(HTTP 406 error)
+		- training.ebiz	(m)
+		- uat.ebiz	(ssl handshake failure)
+		- uat-cargo.ebiz	(i)
+		- foundation	(t)
+		- graduate	(m)
+		- www.graduate	(m)
+		- www.greenslip	(m)
+		- (www.)intermediary	(m)
+		- www.pulse	(m)
+		- search	(m)
+		- sop-vex	(t)
+		- switch	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="QBE.com.au">
+
+	<target host="qbe.com.au" />
+	<target host="www.qbe.com.au" />
+	<target host="billpay.qbe.com.au" />
+	<target host="comms.qbe.com.au" />
+	<target host="ctp.qbe.com.au" />
+	<target host="uat.ctp.qbe.com.au" />
+	<target host="ebiz.qbe.com.au" />
+	<target host="cargo.ebiz.qbe.com.au" />
+	<target host="insurance.qbe.com.au" />
+	<target host="sc.qbe.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QCon_SF.com.xml b/src/chrome/content/rules/QCon_SF.com.xml
index 43fd266fa478..ddc01ad44eee 100644
--- a/src/chrome/content/rules/QCon_SF.com.xml
+++ b/src/chrome/content/rules/QCon_SF.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.qconsf.com/ => https://www.qconsf.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.qconsf.com'")
 
 -->
-<ruleset name="QCon SF.com" default_off='failed ruleset test'>
+<ruleset name="QCon SF.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QLCrew.com.xml b/src/chrome/content/rules/QLCrew.com.xml
index 4bfe2ddd4906..d673d4204d52 100644
--- a/src/chrome/content/rules/QLCrew.com.xml
+++ b/src/chrome/content/rules/QLCrew.com.xml
@@ -3,9 +3,9 @@
 	<target host="qlcrew.com" />
 	<target host="www.qlcrew.com" />
 	<target host="login.qlcrew.com" />
-	
+
 	<securecookie host="^qlcrew\.com$" name=".+" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/QQ.com-Problematic.xml b/src/chrome/content/rules/QQ.com-Problematic.xml
deleted file mode 100644
index ed297af41080..000000000000
--- a/src/chrome/content/rules/QQ.com-Problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other rulesets of QQ.com, see QQ.xml
-
-	They don't have problem with https, just some encoding
-	problems are failing test.
--->
-<ruleset name="QQ.com-Problematic">
-	<!-- https://travis-ci.org/EFForg/https-everywhere/jobs/157928826#L257 -->
-	<target host="en.exmail.qq.com" />
-	<target host="m.exmail.qq.com" />
-	<target host="open.exmail.qq.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/QQ.com-mixedcontent.xml b/src/chrome/content/rules/QQ.com-mixedcontent.xml
index d143510b70cb..b73d0c41523f 100644
--- a/src/chrome/content/rules/QQ.com-mixedcontent.xml
+++ b/src/chrome/content/rules/QQ.com-mixedcontent.xml
@@ -2,13 +2,12 @@
 	For rules not causing MCB, see QQ.xml.
 -->
 <ruleset name="QQ.com (mixed content)" platform="mixedcontent">
-	<target host="888.qq.com" />
-	<target host="cb.qq.com" />
-	<target host="game.qq.com" />
-	<target host="shang.qq.com" />
+	<target host="1.qq.com" />
+		<test url="http://1.qq.com/mall/lottery.shtml" />
 	<target host="cache.tv.qq.com" />
+		<test url="http://cache.tv.qq.com/zhuanti/premiership/web/premiership_0_1.htm" />
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/QQ.xml b/src/chrome/content/rules/QQ.xml
index 237c5fc26ad2..dc88cba15a5e 100644
--- a/src/chrome/content/rules/QQ.xml
+++ b/src/chrome/content/rules/QQ.xml
@@ -1,203 +1,79 @@
 <!--
 	For rules causing MCB: QQ.com-mixedcontent.xml.
-	For rules causing test fails: QQ.com-Problematic.xml
 
-	CDN buckets:
-		- qzone.qq.com.edgesuite.net
-			- imgcache.qq.com
+	503：
+		https://tpai.qq.com				https://tpai.qq.com/race
 
-	500:
-		- misc.3g
-		- pushdata
+	Expired:
+		https://qzs.mail.qq.com
+		https://t.qq.com
+		https://c.t.qq.com
+		https://e.t.qq.com
+		https://k.t.qq.com
+		https://open.t.qq.com
+		https://p.t.qq.com
+		https://reg.t.qq.com
+		https://search.t.qq.com
+		https://vip.t.qq.com
 
-	Refused:
-		- trace
-		- ncgi.video
-		- wspeed
+	Mismatched:
+		https://y.3g.qq.com
+		https://adsfile.qq.com			https://adsfile.qq.com/web/default0.swf
+		https://adver.qq.com
+		https://buy.qq.com
+		https://chuangshi.qq.com
+		https://img1.chuangshi.qq.com
+		https://sta1.chuangshi.qq.com
+		https://gaauth.qq.com
+		https://gameweb-img.qq.com
+		https://img1.qq.com/			https://travis-ci.org/EFForg/https-everywhere/jobs/508812521#L753
+		https://live.qq.com
+		https://bbs.m.qq.com
+		https://open.mail.qq.com
+		https://mat1.qq.com
+		https://wiki.mg.open.qq.com
+		https://os.qzs.qq.com
+		https://soft.qq.com				https://travis-ci.org/EFForg/https-everywhere/jobs/471284912#L759
 
 	Times out:
-		- softfile.3g
-		- adver
-		- baobao
-		- byod
-		- chuangshi
-		- crm2
-		- daxue
-		- developer
-		- discuz
-		- cp.discuz
-		- djt
-		- appupdate.elife
-		- gad
-		- bbs.guanjia
-		- jq
-		- live
-		- bbs.m
-		- ptlogin2.mail
-		- stockweb.mail
-		- bbs.map
-		- radio.cloud.music
-		- roll.news
-		- bbs.open
-		- op.open
-		- zc.open
-		- passport.pengyou
-		- piao
-		- qqmusic
-		- dev.open.t
-		- follow.v.t
-		- bbs.vip
-		- like.video
-		- weixiao
-		- wpa
-		- xg
-		- yanchu
-		- cgi.yanchu
+		https://byod.qq.com
+		https://cb.qq.com
+		https://developer.qq.com
+		https://discuz.qq.com
+		https://cp.discuz.qq.com
+		https://dp3.qq.com				https://travis-ci.org/EFForg/https-everywhere/jobs/576119484#L615
+		https://appupdate.elife.qq.com
+		https://gad.qq.com
+		https://ptlogin2.mail.qq.com
+		https://bbs.g.qq.com			https://travis-ci.org/EFForg/https-everywhere/jobs/576140695#L827
+		https://bbs.map.qq.com
+		https://radio.cloud.music.qq.com
+		https://mx.qq.com
+		https://mxv.qq.com
+		https://roll.news.qq.com
+		https://open.qq.com
+		https://bbs.open.qq.com
+		https://wiki.open.qq.com
+		https://zc.open.qq.com
+		https://bbs.vip.qq.com
+		https://yanchu.qq.com
+		https://cgi.yanchu.qq.com
 
+	Redirect:
+		qq.com							equal to www.qq.com
 
-	Problematic domains:
-		- in *qq.com:
-			- ^              ᴹ
-			- www            ᴹ Akamai
-			- 1              ᴹ
-			- 3gqq           ᴹ
-			- ac             ᴵ ᶜ
-			- m.ac           ᴹ
-			- browser        ᴹ
-			- buy            ᶜ
-			- cb             ᶜ
-			- img1.chuangshi ᴹ
-			- sta1.chuangshi ᴹ
-			- city           ᴹ
-			- cul            ᴹ
-			- act.daoju      ᴹ ᶜ
-			- js01.daoju     ᴹ
-			- js02.daoju     ᴹ
-			- daoju          ᶜ ʲ
-			- data           ᴹ
-			- dldir2         ᴹ
-			- dldir3         ᴹ
-			- dlied6         ᴹ
-			- cnc.exmail     ᴹ
-			- service.exmail ᴹ
-			- tel.exmail     ᴹ
-			- finance        ᴹ Akamai
-			- bbs.g          ᴹ
-			- gaauth         ᴹ
-			- games          ᴹ
-			- gamevip        ᶜ
-			- gameweb-img    ᴹ
-			- gongyi         ᴹ Akamai
-			- guanjia        ᴹ
-			- heat           ᴹ
-			- lbs            ᴹ
-			- qqgameplatcdn  ᴹ
-			- img1           ᴹ
-			- iwan           ᴹ
-			- open.mail      ᴹ
-			- qzs.mail       ᴹ
-			- service.mail   ᴹ
-			- shangjia.map   ᴹ
-			- mat1           ᴹ
-			- mil            ᴹ
-			- mx             ᴹ
-			- mxm            ᴹ
-			- mxv            ᴹ
-			- news           ᴹ Akamai
-			- open           ᴹ Akamai
-			- wiki.mg.open   ᴹ
-			- wiki.open	     ᴹ Akamai
-			- qian           ᴹ
-			- qqgame         ᴹ
-			- open.qqgame    ᴹ
-			- user.qzone     ᴹ Akamai
-			- qzs            ᶜ ʲ
-			- os.qzs         ᴹ Akamai
-			- service        ᴹ
-			- soft           ᴹ
-			- t              ᴹ Akamai
-			- ad.t           ᴹ Akamai
-			- c.t            ᴹ Akamai
-			- dev.t          ᴹ
-			- e.t            ᴹ Akamai
-			- k.t            ᴹ Akamai
-			- p.t            ᴹ Akamai
-			- reg.t          ᴹ Akamai
-			- search.t       ᴹ Akamai
-			- vip.t          ᴹ Akamai
-			- cdn.tencentgroup ᴹ
-			- cache.tv       ᶜ
-			- cache.v        ᶜ
-			- growth.video   ᴹ
-			- web            ᴹ
-			- wetest         ᶜ ʲ
-			- xx             ᴹ
-			- y              ᶜ
-			- y.3g           ᴹ
-			- zc             ᴹ Akamai
-	ᴹ Mismatched
-	ᴵ Incomplete certificate chain
-	ᶜ Mixed css
-	ʲ Mixed js
-
-	Insecure cookies are set for these domains and hosts:
-		- .qq.com
-		- .aq.qq.com
-		- .exmail.qq.com
-		- .list.qq.com
-		- .ptlogin2.qq.com
-		- .ui.ptlogin2.qq.com
-		- .r.qq.com
-		- .reader.qq.com
-		- .wx.qq.com
-		- .login.wx.qq.com
-		- .wx1.qq.com
-		- .wx2.qq.com
-		- .login.wx2.qq.com
-
-	Mixed content:
-		- iframe on igame from ui.ptlogin2.qq.com
-		- css, on:
-			- ac                          from ac.gtimg.com
-			- act.daoju                   from ossweb-img.qq.com   *
-			- cb, cache.tv                from imgcache.qq.com     *
-			- daoju                       from js01.daoju.qq.com   *
-			- igame                       from i.igcdn.cn
-		- Images, on:
-			- ac                       from ac.gtimg.com
-			- cb                       from imgcache.qq.com     *
-			- cache.tv                 from img1.gtimg.com
-	* Secured by us
+	Redirect to http:
+		https://qqgameplatcdn.qq.com	https://qqgameplatcdn.qq.com/social_hall/js/jquery.js
 -->
 <ruleset name="QQ.com (partial)">
-	<!-- Complications -->
-	<target host="kf.qq.com" />
-	<target host="service.qq.com" />
-		<!-- Redirect to http -->
-		<rule from="^http://(kf|service)\.qq\.com/$"
-			to="https://kf.qq.com/index.html" />
-		<!-- `service` timeout in https -->
-		<rule from="^http://(kf|service)\.qq\.com/"
-			to="https://kf.qq.com/" />
-		<test url="http://kf.qq.com/product/aq.html" />
-		<test url="http://service.qq.com/product/aq.html" />
-		<test url="http://kf.qq.com/product/QQ.html" />
-		<test url="http://service.qq.com/product/QQ.html" />
-
-	<target host="img1.sj.qq.com" />
-	<target host="img2.sj.qq.com" />
-	<target host="img3.sj.qq.com" />
-	<target host="img4.sj.qq.com" />
-	<target host="img5.sj.qq.com" />
-	<target host="img6.sj.qq.com" />
-		<!-- Only img1.sj has a vaild cert -->
-		<rule from="^http://img\d\.sj\.qq\.com/"
-			to="https://img1.sj.qq.com/" />
-		<test url="http://img1.sj.qq.com/api/styles/sjqqapi.css" />
-		<test url="http://img2.sj.qq.com/api/scripts/sjqqapi.js" />
-
-	<!-- Directly -->
+	<target host="qq.com" />
+	<target host="www.qq.com" />
+	<target host="misc.3g.qq.com" />
+	<target host="softfile.3g.qq.com" />
 	<target host="3gimg.qq.com" />
+	<target host="3gqq.qq.com" />
+	<target host="888.qq.com" />
+	<target host="ac.qq.com" />
 	<target host="m.ac.qq.com" />
 	<target host="aq.qq.com" />
 	<target host="js.aq.qq.com" />
@@ -205,36 +81,77 @@
 		<test url="http://combo.b.qq.com/da/id.html" />
 	<target host="wpa.b.qq.com" />
 		<test url="http://wpa.b.qq.com/cgi/wpa.php" />
+	<target host="baobao.qq.com" />
+	<target host="browser.qq.com" />
 	<target host="btrace.qq.com" />
+	<target host="buluo.qq.com" />
+	<target host="city.qq.com" />
 	<target host="connect.qq.com" />
+	<target host="crm2.qq.com" />
+	<target host="cul.qq.com" />
+	<target host="dajia.qq.com" />
+	<target host="daju.qq.com" />
+	<target host="act.daoju.qq.com" />
+		<test url="http://act.daoju.qq.com/act/a20180629traders/index.htm" />
 	<target host="js01.daoju.qq.com" />
+	<target host="js02.daoju.qq.com" />
+	<target host="data.qq.com" />
+	<target host="daxue.qq.com" />
 	<target host="pcbrowser.dd.qq.com" />
 	<target host="dldir1.qq.com" />
-	<target host="dp3.qq.com" />
+	<target host="dldir2.qq.com" />
+	<target host="dldir3.qq.com" />
+	<target host="dlied6.qq.com" />
+		<!--test url="http://dlied6.qq.com/invc/xfspeed/qqpcmgr/versetup/portal/PCMgr_Setup_10_3_15519_204.exe" /-->
 	<target host="exmail.qq.com" />
 	<target host="edu.exmail.qq.com" />
+	<target host="cnc.exmail.qq.com" />
 		<test url="http://edu.exmail.qq.com/cgi-bin/sellonlinestatic" />
+	<target host="en.exmail.qq.com" />
+	<target host="m.exmail.qq.com" />
+	<target host="open.exmail.qq.com" />
+	<target host="service.exmail.qq.com" />
+	<target host="tel.exmail.qq.com" />
 	<target host="film.qq.com" />
+	<target host="finance.qq.com" />
 	<target host="fm.qq.com" />
-	<target host="g.qq.com" />
+	<target host="game.qq.com" />
+	<target host="games.qq.com" />
+		<test url="http://games.qq.com/mobile/" />
+	<target host="gamevip.qq.com" />
+	<target host="gongyi.qq.com" />
+	<target host="guanjia.qq.com" />
+	<target host="bbs.guanjia.qq.com" />
 	<target host="hao.qq.com" />
+	<target host="heat.qq.com" />
 	<target host="hp.qq.com" />
 		<test url="http://hp.qq.com/bz.gif" />
+	<target host="i.qq.com" />
+	<target host="igame.qq.com" />
+		<test url="http://igame.qq.com/login.php?u1=http://igame.qq.com/center/index.php" />
 	<target host="im.qq.com" />
 	<target host="imgcache.qq.com" />
 	<target host="isdspeed.qq.com" />
 		<test url="http://isdspeed.qq.com/cgi-bin/r.cgi" />
+	<target host="iwan.qq.com" />
+		<test url="http://iwan.qq.com/pcwebsite/game" />
+	<target host="jq.qq.com" />
+	<target host="jqmt.qq.com" />
 	<target host="jsqmt.qq.com" />
 		<test url="http://jsqmt.qq.com/cdn_djl.js" />
 	<target host="ke.qq.com" />
+	<target host="kf.qq.com" />
+		<!-- Redirect to http -->
+		<rule from="^http://kf\.qq\.com/$"
+			to="https://kf.qq.com/index.html" />
+		<test url="http://kf.qq.com/product/aq.html" />
+		<test url="http://kf.qq.com/product/QQ.html" />
 	<target host="kg.qq.com" />
+	<target host="kuaibao.qq.com" />
 	<target host="livew.l.qq.com" />
 		<test url="http://livew.l.qq.com/livemsg?ad_type=WL&#x26;url=https%3A%2F%2Fv.qq.com%2Fx%2Fcover%2Fzf2z0xpqcculhcz.html%3Fvid%3Dy0016wfrzsc" />
+	<target host="lbs.qq.com" />
 	<target host="lmbsy.qq.com" />
-	<target host="x.l.qq.com" />
-		<test url="http://x.l.qq.com/unique.swf" />
-		<test url="http://x.l.qq.com/web/jsproxy/uuser.html" />
-	<target host="list.qq.com" />
 	<target host="m.qq.com" />
 	<target host="yun.m.qq.com" />
 	<target host="mail.qq.com" />
@@ -242,74 +159,101 @@
 	<target host="i.mail.qq.com" />
 	<target host="res.mail.qq.com" />
 	<target host="rl.mail.qq.com" />
+	<target host="service.mail.qq.com" />
+	<target host="stockweb.mail.qq.com" />
+	<target host="wp.mail.qq.com" />
+	<target host="ws.mail.qq.com" />
+	<target host="i.match.qq.com" />
 	<target host="map.qq.com" />
-		<exclusion pattern="^http://map\.qq\.com/(?!api/|history\.html$)" />
-		<test url="http://map.qq.com/api/js" />
-		<test url="http://map.qq.com/history.html" />
-		<test url="http://map.qq.com/jiejing/home.html" />
-		<test url="http://map.qq.com/#pano=100432J7150331222813400" />
 	<target host="apis.map.qq.com" />
 	<target host="open.map.qq.com" />
 	<target host="pr.map.qq.com" />
 	<target host="s.map.qq.com" />
+	<target host="shangjia.map.qq.com" />
 	<target host="sv.map.qq.com" />
-	<target host="wp.mail.qq.com" />
-	<target host="ws.mail.qq.com" />
+	<target host="mil.qq.com" />
+	<target host="minigame.qq.com" />
+		<test url="http://minigame.qq.com/common_manage/381/big_image_2c247d2261206b6ae81ef1ccc7108582.jpg" />
 	<target host="music.qq.com" />
 	<target host="cp.music.qq.com" />
+	<target host="mxm.qq.com" />
+	<target host="news.qq.com" />
+	<target host="view.news.qq.com" />
 	<target host="nr.qq.com" />
 	<target host="office.qq.com" />
 	<target host="om.qq.com" />
 	<target host="iot.open.qq.com" />
+	<target host="op.open.qq.com" />
 	<target host="ossweb-img.qq.com" />
-		<!--	MCB:	-->
-		<exclusion pattern="^http://ossweb-img\.qq\.com/images/js/share/share\.shtml" />
 		<test url="http://ossweb-img.qq.com/images/js/share/share.shtml" />
 	<target host="pay.qq.com" />
 	<target host="my.pay.qq.com" />
 	<target host="s.pc.qq.com" />
 		<test url="http://s.pc.qq.com/discuz/css/style.css" />
 	<target host="pingfore.qq.com" />
+		<!-- https://travis-ci.org/EFForg/https-everywhere/jobs/471282290#L759 -->
 		<exclusion pattern="^http://pingfore\.qq\.com/$" />
 		<test url="http://pingfore.qq.com/pingd?dm=ent.qq.com&#x26;url=/a/20070713/000109.htm" />
 	<target host="pingjs.qq.com" />
+	<target host="player.qq.com" />
 	<target host="ssl.ptlogin2.qq.com" />
 	<target host="ui.ptlogin2.qq.com" />
 	<target host="xui.ptlogin2.qq.com" />
 	<target host="ssl.xui.ptlogin2.qq.com" />
 	<target host="cgi.pub.qq.com" />
+	<target host="pushdata.qq.com" />
+	<target host="qian.qq.com" />
 	<target host="wp.qiye.qq.com" />
+	<target host="qqgame.qq.com" />
+	<target host="open.qqgame.qq.com" />
 	<target host="dl.stream.qqmusic.qq.com" />
 	<target host="admin.qun.qq.com" />
+	<target host="user.qzone.qq.com" />
 	<target host="qzs.qq.com" />
+		<test url="http://qzs.qq.com/syzs/overSeaLogin/index.html" />
+		<test url="http://qzs.qq.com/open/baymax/8/10358_6af2d18906a25c07311b1c34cfe90ae0_0.html" />
 	<target host="r.qq.com" />
 	<target host="reader.qq.com" />
 	<target host="file.service.qq.com" />
+	<target host="shang.qq.com" />
+	<target host="img1.sj.qq.com" />
+		<test url="http://img1.sj.qq.com/api/styles/sjqqapi.css" />
+	<target host="img2.sj.qq.com" />
+		<test url="http://img2.sj.qq.com/api/scripts/sjqqapi.js" />
+	<target host="img3.sj.qq.com" />
+	<target host="img4.sj.qq.com" />
+	<target host="img5.sj.qq.com" />
+	<target host="img6.sj.qq.com" />
 	<target host="sqimg.qq.com" />
+	<target host="photo.store.qq.com" />
+	<target host="*.photo.store.qq.com" />
 	<target host="qlogo1.store.qq.com" />
 		<test url="http://qlogo1.store.qq.com/qzone/11111111/11111111/100" />
 	<target host="qlogo2.store.qq.com" />
 	<target host="qlogo3.store.qq.com" />
 	<target host="qlogo4.store.qq.com" />
 	<target host="support.qq.com" />
-	<target host="open.t.qq.com" />
 	<target host="tajs.qq.com" />
+	<target host="cdn.tencentgroup.qq.com" />
+		<test url="http://cdn.tencentgroup.qq.com/join_static/ext/20170905/" />
+	<target host="trace.qq.com" />
 	<target host="ugcbsy.qq.com" />
 	<target host="v.qq.com" />
+		<test url="http://v.qq.com/vplus/colorsofchina" />
 	<target host="m.v.qq.com" />
-		<!--	MCB	-->
-		<exclusion pattern="^http://m\.v\.qq\.com/$" />
-		<test url="http://m.v.qq.com/tv.html" />
 	<target host="c.v.qq.com" />
 		<test url="http://c.v.qq.com/vuserinfo" />
 	<target host="video.qq.com" />
-		<exclusion pattern="^http://video\.qq\.com/(?!fcgi-bin/)" />
 		<test url="http://video.qq.com/foo.bar" />
 		<test url="http://video.qq.com/fcgi-bin/get_cookie" />
 	<target host="btrace.video.qq.com" />
 		<test url="http://btrace.video.qq.com/kvcollect" />
 	<target host="data.video.qq.com" />
 		<test url="http://data.video.qq.com/fcgi-bin/data" />
+	<target host="growth.video.qq.com" />
+	<target host="like.video.qq.com" />
+		<test url="http://like.video.qq.com/fcgi-bin/like" />
+	<target host="ncgi.video.qq.com" />
 	<target host="node.video.qq.com" />
 	<target host="pay.video.qq.com" />
 		<test url="http://pay.video.qq.com/fcgi-bin/autopay" />
@@ -320,10 +264,12 @@
 	<target host="vhotlx.video.qq.com" />
 	<target host="vpic.video.qq.com" />
 	<target host="vpdata.video.qq.com" />
+	<target host="vv.video.qq.com" />
+		<test url="http://vv.video.qq.com/getinfo?otype=json" />
+	<target host="vip.qq.com" />
+	<target host="web.qq.com" />
+	<target host="web2.qq.com" />
 	<target host="weixin.qq.com" />
-	<target host="weread.qq.com" />
-	<target host="cdn.wetest.qq.com" />
-	<target host="f.wetest.qq.com" />
 	<target host="api.weixin.qq.com" />
 	<target host="login.weixin.qq.com" />
 	<target host="mp.weixin.qq.com" />
@@ -332,26 +278,45 @@
 	<target host="web.weixin.qq.com" />
 	<target host="webpush.weixin.qq.com" />
 	<target host="weixin110.qq.com" />
+	<target host="weread.qq.com" />
+	<target host="wetest.qq.com" />
+	<target host="cdn.wetest.qq.com" />
+	<target host="f.wetest.qq.com" />
+	<target host="weixiao.qq.com" />
 	<target host="wj.qq.com" />
+	<target host="wpa.qq.com" />
 	<target host="img1.write.qq.com" />
 		<test url="http://img1.write.qq.com/upload/cover/2016-09-26/cs_57e8da4a552c6.jpg" />
+	<target host="wspeed.qq.com" />
 	<target host="wx.qq.com" />
 	<target host="file.wx.qq.com" />
+		<test url="http://file.wx.qq.com/cgi-bin/mmwebwx-bin/webwxuploadmedia?f=json" />
 	<target host="login.wx.qq.com" />
 	<target host="res.wx.qq.com" />
 	<target host="wx1.qq.com" />
 	<target host="wx2.qq.com" />
 	<target host="file.wx2.qq.com" />
 	<target host="login.wx2.qq.com" />
+	<target host="xg.qq.com" />
 	<target host="xw.qq.com" />
+	<target host="xx.qq.com" />
 	<target host="y.qq.com" />
-		<exclusion pattern="^http://y\.qq\.com/yanchu/" />
-		<test url="http://y.qq.com/yanchu/" />
+	<target host="c.y.qq.com" />
 	<target host="i.y.qq.com" />
 	<target host="m.y.qq.com" />
 	<target host="p.y.qq.com" />
+	<target host="zc.qq.com" />
+
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\w" name=".+" />
+	<rule from="^http://qq\.com/" to="https://www.qq.com/" />
+	
+	<rule from="^http://(\w+)\.photo\.store\.qq\.com/" to="https://$1.photo.store.qq.com/" />
+		<test url="http://b2.photo.store.qq.com/psb?/V10hQJkd3SDBzD/KIMVhn3MHz8amum0nnr*lNoK9Z2YF9vqftH7TKwbNRw!/r/dG8BAAAAAAAA" />
+		<test url="http://b99.photo.store.qq.com/psb?/V10hQJkd3SDBzD/KIMVhn3MHz8amum0nnr*lNoK9Z2YF9vqftH7TKwbNRw!/r/dG8BAAAAAAAA" />
+		<test url="http://b400.photo.store.qq.com/psb?/V10hQJkd3SDBzD/KIMVhn3MHz8amum0nnr*lNoK9Z2YF9vqftH7TKwbNRw!/r/dG8BAAAAAAAA" />
+		<test url="http://r.photo.store.qq.com/psu?/41e942eb-6e91-4b94-a736-196e663f1666/kForrvREu9pdwmv1F5WZwS4SnfKREXjL970lewz92Cc!/b/YeOjTRG3YAAAYpT39Q7*qQAA" />
+		<test url="http://s25.photo.store.qq.com/psu?/41e942eb-6e91-4b94-a736-196e663f1666/kForrvREu9pdwmv1F5WZwS4SnfKREXjL970lewz92Cc!/b/YeOjTRG3YAAAYpT39Q7*qQAA" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/QStack.com.xml b/src/chrome/content/rules/QStack.com.xml
deleted file mode 100644
index 97c5d82b3a13..000000000000
--- a/src/chrome/content/rules/QStack.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other GreenQloud coverage, see GreenQloud.com.xml. 
-
--->
-<ruleset name="QStack.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="qstack.com" />
-	<target host="www.qstack.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/QTH.com.xml b/src/chrome/content/rules/QTH.com.xml
index 2f4101874319..0809dc787715 100644
--- a/src/chrome/content/rules/QTH.com.xml
+++ b/src/chrome/content/rules/QTH.com.xml
@@ -7,14 +7,14 @@
 		- domains *
 		- hosting *
 		- swap *
-		
+
 	* Shows www12.qth.com
 
 
 	Problematic hosts in *qth.com:
 
 		- ssl *
-	
+
 	* Mismatched
 
 
@@ -39,7 +39,7 @@
 	<!--securecookie host="^\.billing\.qth\.com$" name="^uip$" /-->
 	<!--securecookie host="^ssl\.qth\.com$" name="^\.ASPXANONYMOUS$" /-->
 
-	<securecookie host="^\.billing\.qth\.com$" name="" />
+	<securecookie host="^\.billing\.qth\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/QTafsir.com.xml b/src/chrome/content/rules/QTafsir.com.xml
new file mode 100644
index 000000000000..9dcd3d990ed0
--- /dev/null
+++ b/src/chrome/content/rules/QTafsir.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Certificate:
+		m.qtafsir.com
+-->
+<ruleset name="QTafsir.com" platform="mixedcontent">
+	<target host="qtafsir.com" />
+	<target host="www.qtafsir.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QUADAtYork.ca.xml b/src/chrome/content/rules/QUADAtYork.ca.xml
new file mode 100644
index 000000000000..f2d093ee832a
--- /dev/null
+++ b/src/chrome/content/rules/QUADAtYork.ca.xml
@@ -0,0 +1,11 @@
+<!--
+	Redirects to HTTP:
+		- wechat.quadatyork.ca
+-->
+
+<ruleset name="QUADAtYork.ca">
+	<target host="quadatyork.ca" />
+	<target host="www.quadatyork.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QWK.net.xml b/src/chrome/content/rules/QWK.net.xml
deleted file mode 100644
index 9b313c548c2c..000000000000
--- a/src/chrome/content/rules/QWK.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Other QWK.net rulesets:
-
-		- QWKnet_LLC.com.xml
-
-
-	(www.)?qwk.net: Plaintext reply
-
--->
-<ruleset name="QWK.net (partial)">
-
-	<target host="customers.qwk.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^customers\.qwk\.net$" name="^dp_user_sessionid$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/QXL.dk.xml b/src/chrome/content/rules/QXL.dk.xml
index f0569eec7043..29e19eba54a1 100644
--- a/src/chrome/content/rules/QXL.dk.xml
+++ b/src/chrome/content/rules/QXL.dk.xml
@@ -5,7 +5,7 @@
 	Nonfunctional hosts in qxl.dk:
 
 		- hjaelp *
-		
+
 	* Handshake fails
 
 -->
diff --git a/src/chrome/content/rules/Qabel.xml b/src/chrome/content/rules/Qabel.xml
deleted file mode 100644
index 281badbd6060..000000000000
--- a/src/chrome/content/rules/Qabel.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Qabel.de">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="qabel.de" />
-	<target host="files.qabel.de" />
-	<target host="www.qabel.de" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qari.one.xml b/src/chrome/content/rules/Qari.one.xml
new file mode 100644
index 000000000000..10c2b2abdeb7
--- /dev/null
+++ b/src/chrome/content/rules/Qari.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Qari.one">
+	<target host="qari.one" />
+	<target host="www.qari.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qbox.me.xml b/src/chrome/content/rules/Qbox.me.xml
index 682491c70506..8b7b4f5ebddd 100644
--- a/src/chrome/content/rules/Qbox.me.xml
+++ b/src/chrome/content/rules/Qbox.me.xml
@@ -34,6 +34,6 @@
 	<target host="dn-iyz-file.qbox.me" />
 	<target host="dn-sdkcnssl.qbox.me" />
 	<target host="dn-walletla.qbox.me" />
-	
-	
+
+
 </ruleset>
diff --git a/src/chrome/content/rules/Qbrick.com.xml b/src/chrome/content/rules/Qbrick.com.xml
index 1f013f5b471b..4044c2aa49de 100644
--- a/src/chrome/content/rules/Qbrick.com.xml
+++ b/src/chrome/content/rules/Qbrick.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://vms.admin.qbrick.com/ => https://vms.admin.qbrick.com/: (6,
 	(www.)?qbrick.com: Blank page
 
 -->
-<ruleset name="Qbrick.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Qbrick.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Qcloud.com.xml b/src/chrome/content/rules/Qcloud.com.xml
index c356aa59b604..e1baa493ccc0 100644
--- a/src/chrome/content/rules/Qcloud.com.xml
+++ b/src/chrome/content/rules/Qcloud.com.xml
@@ -19,12 +19,12 @@ Fetch error: http://wiki.qcloud.com/ => https://wiki.qcloud.com/: (28, 'Connecti
 		- o.qcloud.com
 
 	Timeout:
-		- app.qcloud.com 
+		- app.qcloud.com
 		- bbs.qcloud.com
 		- legu.qcloud.com
 		- yun.weixin.qcloud.com
 -->
-<ruleset name="Qcloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Qcloud.com (partial)" default_off="failed ruleset test">
 	<target host="qcloud.com" />
 	<target host="www.qcloud.com" />
 	<target host="act.qcloud.com" />
diff --git a/src/chrome/content/rules/Qemu.org.xml b/src/chrome/content/rules/Qemu.org.xml
new file mode 100644
index 000000000000..ad3b81f8db2b
--- /dev/null
+++ b/src/chrome/content/rules/Qemu.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Qemu.org">
+	<target host="qemu.org" />
+	<target host="www.qemu.org" />
+	<target host="download.qemu.org" />
+	<target host="git.qemu.org" />
+	<target host="wiki.qemu.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qihu_CDN.com.xml b/src/chrome/content/rules/Qihu_CDN.com.xml
index 9023d6ed0e7b..effd20ea65d3 100644
--- a/src/chrome/content/rules/Qihu_CDN.com.xml
+++ b/src/chrome/content/rules/Qihu_CDN.com.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://shouji.ssl.qihucdn.com/ (200) => https://shouji.ssl.qi
 	For other Qihoo 360 Technology coverage, see 360.cn.xml.
 
 -->
-<ruleset name="Qihu CDN.com" default_off='failed ruleset test'>
+<ruleset name="Qihu CDN.com" default_off="failed ruleset test">
 
 	<target host="*.ssl.qihucdn.com" />
 
diff --git a/src/chrome/content/rules/Qnetp.net.xml b/src/chrome/content/rules/Qnetp.net.xml
index ca2c6cdfccf0..900a533abaa1 100644
--- a/src/chrome/content/rules/Qnetp.net.xml
+++ b/src/chrome/content/rules/Qnetp.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://booster.qnetp.net/ => https://booster.qnetp.net/: (51, "SSL:
 	www.qnetp.net: shows default page, valid cert
 
 -->
-<ruleset name="qnetp.net (partial)" default_off='failed ruleset test'>
+<ruleset name="qnetp.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Qoo10.cn.xml b/src/chrome/content/rules/Qoo10.cn.xml
index 0c836539f8ae..5c1102461781 100644
--- a/src/chrome/content/rules/Qoo10.cn.xml
+++ b/src/chrome/content/rules/Qoo10.cn.xml
@@ -41,8 +41,12 @@
 -->
 <ruleset name="Qoo10.cn (partial)">
 
-	<target host="*.image-qoo10.cn" />
-	<target host="*.qoo10.cn" />
+	<target host="gd.image-qoo10.cn" />
+	<target host="gdssl.image-qoo10.cn" />
+	<target host="static.image-qoo10.cn" />
+	<target host="staticssl.image-qoo10.cn" />
+	<target host="my.qoo10.cn" />
+	<target host="qsm.qoo10.cn" />
 
 
 	<securecookie host="^(?:my|qsm)\.qoo10\.cn$" name=".+" />
@@ -51,7 +55,6 @@
 	<rule from="^http://(gd|static)(?:ssl)?\.image-qoo10\.cn/"
 		to="https://$1ssl.image-qoo10.cn/" />
 
-	<rule from="^http://(my|qsm)\.qoo10\.cn/"
-		to="https://$1.qoo10.cn/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qoo10.com.xml b/src/chrome/content/rules/Qoo10.com.xml
index 82206dea9711..739670a05225 100644
--- a/src/chrome/content/rules/Qoo10.com.xml
+++ b/src/chrome/content/rules/Qoo10.com.xml
@@ -43,8 +43,14 @@
 -->
 <ruleset name="Qoo10.com (partial)">
 
-	<target host="*.image-gmkt.com" />
-	<target host="*.qoo10.com" />
+	<target host="dp.image-gmkt.com" />
+	<target host="gd.image-gmkt.com" />
+	<target host="gdssl.image-gmkt.com" />
+	<target host="static.image-gmkt.com" />
+	<target host="staticssl.image-gmkt.com" />
+	<target host="kwave.qoo10.com" />
+	<target host="my.qoo10.com" />
+	<target host="pg.qoo10.com" />
 
 
 	<securecookie host="^(?:kwave|my)\.qoo10\.com$" name=".+" />
@@ -56,7 +62,6 @@
 	<rule from="^http://(gd|static)(?:ssl)?\.image-gmkt\.com/"
 		to="https://$1ssl.image-gmkt.com/" />
 
-	<rule from="^http://(kwave|my|pg)\.qoo10\.com/"
-		to="https://$1.qoo10.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Qpic.cn.xml b/src/chrome/content/rules/Qpic.cn.xml
index 135874f7994f..2ec55d5024fb 100644
--- a/src/chrome/content/rules/Qpic.cn.xml
+++ b/src/chrome/content/rules/Qpic.cn.xml
@@ -1,9 +1,4 @@
-<!--
-	Invalid certificate:
-		- t[1-3]
-		- ugc
--->
-<ruleset name="Qpic.cn (partial)">
+<ruleset name="Qpic.cn">
 	<target host="a1.qpic.cn" />
 	<target host="a2.qpic.cn" />
 	<target host="a3.qpic.cn" />
@@ -21,8 +16,14 @@
 		<test url="http://qidian.qpic.cn/qidian_common/349573/8b1d07b55b016ff8d191af33d6545d3c/" />
 	<target host="shp.qpic.cn" />
 		<test url="http://shp.qpic.cn/txdiscuz_pic/0/cfbbs_discuz_bbs_cf_qq_com_forum_201502_16_092046bk0cpyypctn8k05w.gif/" />
+	<target host="t1.qpic.cn" />
+		<test url="http://t1.qpic.cn/mblogpic/919e25a7a9e5b7645c7a/" />
+	<target host="t2.qpic.cn" />
+	<target host="t3.qpic.cn" />
+	<target host="ugc.qpic.cn" />
+		<test url="http://ugc.qpic.cn/gbar_pic/FOpLJ7PFFMqqydEK4tic0VKuC5PDIiaXawb1ZTI0HXLoIGxk0OPIwyqA/" />
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Qrobe.it.xml b/src/chrome/content/rules/Qrobe.it.xml
deleted file mode 100644
index b91c3d8e1b50..000000000000
--- a/src/chrome/content/rules/Qrobe.it.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	www.qrobe.it: 404
-
--->
-<ruleset name="Qrobe.it">
-
-	<target host="qrobe.it" />
-	<target host="*.qrobe.it" />
-
-		<test url="http://privatelee.qrobe.it/" />
-		<test url="http://www.qrobe.it/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://www\.qrobe\.it/"
-		to="https://qrobe.it/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qt-project.org.xml b/src/chrome/content/rules/Qt-project.org.xml
index d16b951e69f4..ac81e4e6eb28 100644
--- a/src/chrome/content/rules/Qt-project.org.xml
+++ b/src/chrome/content/rules/Qt-project.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://releases.qt-project.org/ => https://releases.qt-project.org/
 	* Expired
 
 -->
-<ruleset name="Qt-project.org" default_off='failed ruleset test'>
+<ruleset name="Qt-project.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Qt.io.xml b/src/chrome/content/rules/Qt.io.xml
index c5666808476d..36bbdb01b004 100644
--- a/src/chrome/content/rules/Qt.io.xml
+++ b/src/chrome/content/rules/Qt.io.xml
@@ -20,7 +20,7 @@
 	<target host="code.qt.io" />
 	<target host="login.qt.io" />
 	<target host="showroom.qt.io" />
-	
+
 	<rule from="^http://qt\.io/"
 		to="https://www.qt.io/" />
 
diff --git a/src/chrome/content/rules/Qt_Cloud_Services.com.xml b/src/chrome/content/rules/Qt_Cloud_Services.com.xml
index bf7cc0787eda..6c428b3680c3 100644
--- a/src/chrome/content/rules/Qt_Cloud_Services.com.xml
+++ b/src/chrome/content/rules/Qt_Cloud_Services.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.qtcloudservices.com/ => https://www.qtcloudservices.com/
 	*StatusPage.io
 
 -->
-<ruleset name="Qt Cloud Services.com" default_off='failed ruleset test'>
+<ruleset name="Qt Cloud Services.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QuKuai.com.xml b/src/chrome/content/rules/QuKuai.com.xml
deleted file mode 100644
index 2d1e12f8ae70..000000000000
--- a/src/chrome/content/rules/QuKuai.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	(www.)?qukuai.com: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- qianbao.qukuai.com
-
--->
-<ruleset name="QuKuai.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="qianbao.qukuai.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^qianbao\.qukuai\.com$" name="^(?:__jsluid|_xsrf)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Quackquackgo.nl.xml b/src/chrome/content/rules/Quackquackgo.nl.xml
index a942bcfdd15c..d8841cc7ec06 100644
--- a/src/chrome/content/rules/Quackquackgo.nl.xml
+++ b/src/chrome/content/rules/Quackquackgo.nl.xml
@@ -5,7 +5,7 @@ Fetch error: http://quackquackgo.nl/ => https://quackquackgo.nl/: (51, "SSL: no
 Fetch error: http://www.quackquackgo.nl/ => https://www.quackquackgo.nl/: (51, "SSL: no alternative certificate subject name matches target host name 'www.quackquackgo.nl'")
 
 -->
-<ruleset name="quackquackgo.nl" default_off='failed ruleset test'>
+<ruleset name="quackquackgo.nl" default_off="failed ruleset test">
 
 	<target host="quackquackgo.nl" />
 	<target host="www.quackquackgo.nl" />
diff --git a/src/chrome/content/rules/Qualcomm.xml b/src/chrome/content/rules/Qualcomm.xml
index da3dd780c21a..3c084af7c0d3 100644
--- a/src/chrome/content/rules/Qualcomm.xml
+++ b/src/chrome/content/rules/Qualcomm.xml
@@ -5,7 +5,6 @@ Fetch error: http://pages.qualcomm.com/ => https://pages.qualcomm.com/: (6, 'Cou
 
 	Other Qualcomm rulesets:
 
-		- AllJoyn.org.xml
 
 
 	Nonfunctional hosts in *qualcomm.com:
@@ -27,7 +26,7 @@ Fetch error: http://pages.qualcomm.com/ => https://pages.qualcomm.com/: (6, 'Cou
 	* Secured by us
 
 -->
-<ruleset name="Qualcomm.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Qualcomm.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QualityAgent.xml b/src/chrome/content/rules/QualityAgent.xml
index cbe3845bf84b..629a94cee5f7 100644
--- a/src/chrome/content/rules/QualityAgent.xml
+++ b/src/chrome/content/rules/QualityAgent.xml
@@ -22,7 +22,7 @@
 	<target host="www.qualityagent.com" />
 
 
-	<securecookie host="^.+\.qualityunit\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/QuantCount.xml b/src/chrome/content/rules/QuantCount.xml
new file mode 100644
index 000000000000..34bc3ec6699f
--- /dev/null
+++ b/src/chrome/content/rules/QuantCount.xml
@@ -0,0 +1,34 @@
+<!--
+	Other Quantcast rulesets:
+
+		- Quantserve.com.xml
+		- Quantcast.xml
+
+-->
+<ruleset name="Quantcast.com">
+	<target host="quantcount.com" />
+	<target host="www.quantcount.com" />
+
+	<target host="cms.quantcount.com" />
+	<target host="ads.quantcount.com" />
+	<target host="flash.quantcount.com" />
+	<target host="geo.quantcount.com" />
+	<target host="exch.quantcount.com" />
+	<target host="ede.quantcount.com" />
+	<target host="m.quantcount.com" />
+	<target host="map.quantcount.com" />
+	<target host="pixel.quantcount.com" />
+	<target host="secure.quantcount.com" />
+	<target host="ssl.quantcount.com" />
+	<target host="c.quantcount.com" />
+	<target host="content.quantcount.com" />
+	<target host="edge.quantcount.com" />
+	<target host="rules.quantcount.com" />
+	<target host="static.quantcount.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quantcast.xml b/src/chrome/content/rules/Quantcast.xml
index db517d19c1ef..70d696a6f5cd 100644
--- a/src/chrome/content/rules/Quantcast.xml
+++ b/src/chrome/content/rules/Quantcast.xml
@@ -2,18 +2,61 @@
 	Other Quantcast rulesets:
 
 		- Quantserve.com.xml
+		- QuantCount.xml
 
+	Redirect to plain:
+		- edirect.qapi.quantcast.com
+		- onedrive.redirect.qapi.quantcast.com
+		- outlook-calendar.redirect.qapi.quantcast.com
+		- outlook-mail.redirect.qapi.quantcast.com
+		- outlook-people.redirect.qapi.quantcast.com
+		- outlook-tasks.redirect.qapi.quantcast.com
+		- test.redirect.qapi.quantcast.com
+
+	Connection refused:
+		- adtest-raw.quantcast.com
+		- adtest.quantcast.com
+		- autodiscover.quantcast.com
+
+	Cert mismatch:
+		- branding.quantcast.com
+		- developer.quantcast.com
+		- em.quantcast.com
+		- go.quantcast.com
+		- help.quantcast.com
+
+	Timeout:
+		- obm.quantcast.com
 -->
 <ruleset name="Quantcast.com">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="quantcast.com" />
+	<target host="www.quantcast.com" />
+
 	<target host="aboutads.quantcast.com" />
 	<target host="ak.quantcast.com" />
+	<target host="blog.quantcast.com" />
+	<target host="info.quantcast.com" />
+	<target host="marketing2017.quantcast.com" />
+	<target host="measure.api.quantcast.com" />
+	<target host="origin-www.quantcast.com" />
+	<target host="present.quantcast.com" />
+	<target host="production-us-east-1.quantcast.com" />
+	<target host="qapi.quantcast.com" />
+	<target host="remote.quantcast.com" />
+	<target host="secure.quantcast.com" />
+	<target host="staging-us-east-1.quantcast.com" />
+	<target host="staging.quantcast.com" />
+	<target host="static.quantcast.com" />
+	<target host="thumbnail.quantcast.com" />
+	<target host="vpn-cisco.quantcast.com" />
+	<target host="w.quantcast.com" />
 	<target host="widget.quantcast.com" />
-	<target host="www.quantcast.com" />
-
+	<target host="wst.quantcast.com" />
+	<target host="ww.quantcast.com" />
+	<target host="zelmina.quantcast.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/QuantifiedCode.com.xml b/src/chrome/content/rules/QuantifiedCode.com.xml
deleted file mode 100644
index 81c1ff8517b9..000000000000
--- a/src/chrome/content/rules/QuantifiedCode.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional hosts in *quantifiedcode.com:
-
-		- docs *
-
-	* Redirects to www.quantifiedcode.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.quantifiedcode.com
-
--->
-<ruleset name="QuantifiedCode.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="quantifiedcode.com" />
-	<target host="www.quantifiedcode.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.quantifiedcode\.com$" name="^session$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Quantix.xml b/src/chrome/content/rules/Quantix.xml
deleted file mode 100644
index 144fa64cbcbc..000000000000
--- a/src/chrome/content/rules/Quantix.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Unsupported domains:
-
-		(www.)?quantixpos.com
-		quantixtickets.com
-
--->
-<ruleset name="Quantix (partial)">
-
-	<target host="www.quantixtickets.com" />
-	<target host="quantixtickets1.com" />
-	<target host="www.quantixtickets1.com" />
-	<target host="quantixtickets8.com" />
-	<target host="www.quantixtickets8.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-	<securecookie host="\.quantixtickets[18]\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Quantlib.org.xml b/src/chrome/content/rules/Quantlib.org.xml
new file mode 100644
index 000000000000..5e62d7988492
--- /dev/null
+++ b/src/chrome/content/rules/Quantlib.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		quantlib.org
+
+-->
+<ruleset name="Quantlib.org">
+
+	<target host="quantlib.org" />
+	<target host="www.quantlib.org" />
+
+	<rule from="^http://quantlib\.org/"
+		to="https://www.quantlib.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Quantserve.com.xml b/src/chrome/content/rules/Quantserve.com.xml
index 3e8e287b1623..4677a9714d4b 100644
--- a/src/chrome/content/rules/Quantserve.com.xml
+++ b/src/chrome/content/rules/Quantserve.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Quantcast coverage, see Quantcast.xml.
+	For other Quantcast coverage, see Quantcast.xml & QuantCount.xml.
 
 
 	CDN buckets:
@@ -48,7 +48,7 @@
 	<!--securecookie host="^\.quantserve\.com$" name="^(d|mc)$" /-->
 
 	<!--
-  Experiment: disable securecookies to see if it fixes 
+  Experiment: disable securecookies to see if it fixes
   https://trac.torproject.org/projects/tor/ticket/8406
 	<securecookie host="^\.quantserve\.com$" name=".+" />
   -->
diff --git a/src/chrome/content/rules/QuantumComputingReport.com.xml b/src/chrome/content/rules/QuantumComputingReport.com.xml
new file mode 100644
index 000000000000..aa79d9b67770
--- /dev/null
+++ b/src/chrome/content/rules/QuantumComputingReport.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="QuantumComputingReport.com">
+	<target host="quantumcomputingreport.com" />
+	<target host="www.quantumcomputingreport.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuantumMAN.xml b/src/chrome/content/rules/QuantumMAN.xml
deleted file mode 100644
index c06111c0caf3..000000000000
--- a/src/chrome/content/rules/QuantumMAN.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="QuantumMAN site.com">
-
-	<target host="quantummansite.com" />
-	<target host="www.quantummansite.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Quassel-irc.org.xml b/src/chrome/content/rules/Quassel-irc.org.xml
new file mode 100644
index 000000000000..d45141eddcf2
--- /dev/null
+++ b/src/chrome/content/rules/Quassel-irc.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Nonfunctional hosts in *.quassel-irc.org:
+		- lists.quassel-irc.org (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Quassel-irc.org">
+	<target host="quassel-irc.org" />
+	<target host="www.quassel-irc.org" />
+	<target host="bugs.quassel-irc.org" />
+	<target host="git.quassel-irc.org" />
+	<target host="wiki.quassel-irc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quattroplay.com.xml b/src/chrome/content/rules/Quattroplay.com.xml
index 8040a000ab26..1a6e5d23a874 100644
--- a/src/chrome/content/rules/Quattroplay.com.xml
+++ b/src/chrome/content/rules/Quattroplay.com.xml
@@ -4,10 +4,10 @@
 	<target host="*.quattroplay.com" />
 
 
-	<securecookie host="^(?:.*\.)?quattroplay\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?quattroplay\.com/"
 		to="https://$1quattroplay.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Qubit_products.com.xml b/src/chrome/content/rules/Qubit_products.com.xml
index 7eb6a6c6f2b6..78de135bb5be 100644
--- a/src/chrome/content/rules/Qubit_products.com.xml
+++ b/src/chrome/content/rules/Qubit_products.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://pong.qubitproducts.com/ => https://pong.qubitproducts.com/:
 	³ Desk.com
 
 -->
-<ruleset name="Qubit products.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Qubit products.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Queenszoo.com.xml b/src/chrome/content/rules/Queenszoo.com.xml
new file mode 100644
index 000000000000..ba83d41c14b2
--- /dev/null
+++ b/src/chrome/content/rules/Queenszoo.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid Server Name:
+		www.queenszoo.com
+-->
+
+<ruleset name="Queenszoo.com">
+	<target host="queenszoo.com" />
+
+	<securecookie host="queenszoo\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Queer.de.xml b/src/chrome/content/rules/Queer.de.xml
index d3b2be96d4ae..e8fab5363a29 100644
--- a/src/chrome/content/rules/Queer.de.xml
+++ b/src/chrome/content/rules/Queer.de.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
 	Invalid certificate:
 		- ad.queer.de
 		- ads.queer.de
diff --git a/src/chrome/content/rules/QueerCinema.lgbt.xml b/src/chrome/content/rules/QueerCinema.lgbt.xml
deleted file mode 100644
index 69f3ed6fc145..000000000000
--- a/src/chrome/content/rules/QueerCinema.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="QueerCinema.lgbt">
-	<target host="queercinema.lgbt" />
-	<target host="www.queercinema.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/QueerVids.xml b/src/chrome/content/rules/QueerVids.xml
deleted file mode 100644
index 0a029cf40239..000000000000
--- a/src/chrome/content/rules/QueerVids.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="QueerVids.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="queervids.com" />
-	<target host="join.queervids.com" />
-	<target host="www.queervids.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Questionmarket.com.xml b/src/chrome/content/rules/Questionmarket.com.xml
index ef9037965deb..9f9a76e0a2c2 100644
--- a/src/chrome/content/rules/Questionmarket.com.xml
+++ b/src/chrome/content/rules/Questionmarket.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.questionmarket.com/ => https://www.questionmarket.com/:
 	^questionmarket.com doesn't exist.
 
 -->
-<ruleset name="Questionmarket.com" default_off='failed ruleset test'>
+<ruleset name="Questionmarket.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QuickBase.com.xml b/src/chrome/content/rules/QuickBase.com.xml
new file mode 100644
index 000000000000..c8c8b7d9efe4
--- /dev/null
+++ b/src/chrome/content/rules/QuickBase.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="QuickBase.com">
+	<target host="quickbase.com" />
+	<target host="www.quickbase.com" />
+	<target host="intuitcorp.quickbase.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuickHash.com.xml b/src/chrome/content/rules/QuickHash.com.xml
index cd6d01f209b6..482588dda8be 100644
--- a/src/chrome/content/rules/QuickHash.com.xml
+++ b/src/chrome/content/rules/QuickHash.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.quickhash.com/ => https://www.quickhash.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.quickhash.com'")
 
 -->
-<ruleset name="QuickHash.com" default_off='failed ruleset test'>
+<ruleset name="QuickHash.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QuickSilverMail.net.xml b/src/chrome/content/rules/QuickSilverMail.net.xml
new file mode 100644
index 000000000000..7f0e8444e132
--- /dev/null
+++ b/src/chrome/content/rules/QuickSilverMail.net.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- mail
+		- pop
+		- smtp
+-->
+<ruleset name="QuickSilverMail.net">
+	<target host="quicksilvermail.net" />
+	<target host="www.quicksilvermail.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Quick_Shopping_Cart.xml b/src/chrome/content/rules/Quick_Shopping_Cart.xml
index 5b169e168b0e..8de97bf3b27b 100644
--- a/src/chrome/content/rules/Quick_Shopping_Cart.xml
+++ b/src/chrome/content/rules/Quick_Shopping_Cart.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.fastshoppingcart.com/ => https://www.fastshoppingcart.co
 	^fastshoppingcart.com: Redirects to app over http
 
 -->
-<ruleset name="Fast Shopping Cart.com" default_off='failed ruleset test'>
+<ruleset name="Fast Shopping Cart.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/QuizAction.de.xml b/src/chrome/content/rules/QuizAction.de.xml
index e2e561362aa1..a459c09bca01 100644
--- a/src/chrome/content/rules/QuizAction.de.xml
+++ b/src/chrome/content/rules/QuizAction.de.xml
@@ -5,7 +5,9 @@
 <ruleset name="QuizAction.de (partial)">
 
 	<target host="quizaction.de" />
-	<target host="*.quizaction.de" />
+	<target host="yahoo.quizaction.de" />
+	<target host="www.quizaction.de" />
+	<target host="www.yahoo.quizaction.de" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Quizsnack.com.xml b/src/chrome/content/rules/Quizsnack.com.xml
deleted file mode 100644
index 4aec6cf840c7..000000000000
--- a/src/chrome/content/rules/Quizsnack.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other SnackTools coverage, see SnackTools.com.xml.
-
-
-	CDN buckets:
-
-		- files.quizsnack.com.s3.amazonaws.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
--->
-<ruleset name="quizsnack.com (partial)">
-
-	<target host="files.quizsnack.com" />
-
-
-	<rule from="^http://files\.quizsnack\.com/"
-		to="https://s3.amazonaws.com/files.quizsnack.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml b/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml
index 221fd8e56a1a..0c50a7b77b8e 100644
--- a/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml
+++ b/src/chrome/content/rules/Qune.kuluttajavirasto.fi.xml
@@ -6,8 +6,8 @@ Fetch error: http://qune.kuluttajavirasto.fi/ => https://qune.kuluttajavirasto.f
 Disabled by https-everywhere-checker because:
 Fetch error: http://qune.kuluttajavirasto.fi/ => https://qune.kuluttajavirasto.fi/: (6, 'Could not resolve host: qune.kuluttajavirasto.fi')
 -->
-<ruleset name="Qune.kuluttajavirasto.fi" default_off='failed ruleset test'>
+<ruleset name="Qune.kuluttajavirasto.fi" default_off="failed ruleset test">
   <target host="qune.kuluttajavirasto.fi"/>
   <rule from="^http:" to="https:" />
 </ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
\ No newline at end of file
+<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Quora.xml b/src/chrome/content/rules/Quora.xml
deleted file mode 100644
index a3596749c6db..000000000000
--- a/src/chrome/content/rules/Quora.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d2o7bfz2il9cb7.cloudfront.net
-
-			- qph.cf.quoracdn.net
-
-
-	Fully covered domains:
-
-		- *.tch.quora.com:
-
-			- tch\d{6}
-
-		- *.cf.quoracdn.net:
-
-			- qph	(→ d2o7bfz2il9cb7.cloudfront.net)
-
-		- *.is.quoracdn.net:
-
-			- qph
-			- qs[cf]
-
--->
-<ruleset name="Quora">
-
-	<target host="quora.com" />
-	<target host="*.quora.com" />
-	<target host="*.quoracdn.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.quora\.com$" name="^(m-b|m-s)$" /-->
-
-	<securecookie host="^\.quora\.com$" name=".+" />
-
-
-	<rule from="^http://(\w+\.tch\.|www\.|[\w-]+\.)?quora\.com/"
-		to="https://$1quora.com/" />
-
-	<rule from="^http://qph\.cf\.quoracdn\.net/"
-		to="https://d2o7bfz2il9cb7.cloudfront.net/" />
-
-	<rule from="^http://(\w+)\.cf\.quoracdn\.net/"
-		to="https://$1.s3.amazonaws.com/" />
-
-	<rule from="^http://(\w+)\.is\.quoracdn\.net/"
-		to="https://$1.is.quoracdn.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/QupZilla.com.xml b/src/chrome/content/rules/QupZilla.com.xml
deleted file mode 100644
index 527be886bc71..000000000000
--- a/src/chrome/content/rules/QupZilla.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Invalid certificate:
-		addon.qupzilla.com
-
-	Refused:
-		blog.qupzilla.com
-
-	Private subdomain:
-		cloud.qupzilla.com
-
--->
-<ruleset name="QupZilla.com">
-
-	<target host="qupzilla.com" />
-	<target host="www.qupzilla.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/QuranCore.com.xml b/src/chrome/content/rules/QuranCore.com.xml
new file mode 100644
index 000000000000..759579981409
--- /dev/null
+++ b/src/chrome/content/rules/QuranCore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="QuranCore.com">
+	<target host="qurancore.com" />
+	<target host="www.qurancore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/QuranicAudio.com.xml b/src/chrome/content/rules/QuranicAudio.com.xml
index 7c8e1035f0b5..958980dcd1f0 100644
--- a/src/chrome/content/rules/QuranicAudio.com.xml
+++ b/src/chrome/content/rules/QuranicAudio.com.xml
@@ -4,7 +4,6 @@
 	- Sunnah.com.xml
 
 	Invalid certificate:
-	- www.quranicaudio.com
 	- download2.quranicaudio.com
 	- madinah.quranicaudio.com
 	- makkah.quranicaudio.com
@@ -13,6 +12,7 @@
 -->
 <ruleset name="QuranicAudio.com (partial)">
 	<target host="quranicaudio.com" />
+	<target host="www.quranicaudio.com" />
 	<target host="download.quranicaudio.com" />
 	<target host="mirrors.quranicaudio.com" />
 
diff --git a/src/chrome/content/rules/Quto.ru.xml b/src/chrome/content/rules/Quto.ru.xml
index f5e91cf55514..5e243957ad84 100644
--- a/src/chrome/content/rules/Quto.ru.xml
+++ b/src/chrome/content/rules/Quto.ru.xml
@@ -9,7 +9,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Quto.ru (partial)" default_off="missing certificate chain">
+<ruleset name="Quto.ru (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Quup.com.xml b/src/chrome/content/rules/Quup.com.xml
index ac78c77ef08c..51917a1e1a2f 100644
--- a/src/chrome/content/rules/Quup.com.xml
+++ b/src/chrome/content/rules/Quup.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.quup.com/ => https://quup.com/: (60, 'SSL certificate pr
 	www.quup.com: Cert only matches ^quup.com
 
 -->
-<ruleset name="quup.com" default_off='failed ruleset test'>
+<ruleset name="quup.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Qweery.xml b/src/chrome/content/rules/Qweery.xml
index 51ad3a20d710..946e22ad88f7 100644
--- a/src/chrome/content/rules/Qweery.xml
+++ b/src/chrome/content/rules/Qweery.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://box.qweery.nl/ => https://box.qweery.nl/: (6, 'Could not resolve host: box.qweery.nl')	!functional:
 		- (www.)qweery.nl
 -->
-<ruleset name="Qweery (partial)" default_off='failed ruleset test'>
+<ruleset name="Qweery (partial)" default_off="failed ruleset test">
 
 	<target host="box.qweery.nl"/>
 
diff --git a/src/chrome/content/rules/R-HPC.xml b/src/chrome/content/rules/R-HPC.xml
index 3ed9253b2d6f..c13d173cf13c 100644
--- a/src/chrome/content/rules/R-HPC.xml
+++ b/src/chrome/content/rules/R-HPC.xml
@@ -5,7 +5,7 @@ Fetch error: http://r-hpc.com/ => https://r-hpc.com/: (28, 'Connection timed out
 Fetch error: http://www.r-hpc.com/ => https://www.r-hpc.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="R-HPC" default_off='failed ruleset test'>
+<ruleset name="R-HPC" default_off="failed ruleset test">
 
 	<target host="r-hpc.com" />
 	<target host="www.r-hpc.com" />
diff --git a/src/chrome/content/rules/R-kom.xml b/src/chrome/content/rules/R-kom.xml
index b8a478355711..919efe1aa0a8 100644
--- a/src/chrome/content/rules/R-kom.xml
+++ b/src/chrome/content/rules/R-kom.xml
@@ -5,7 +5,5 @@
 <rule from="^http:" to="https:" />
 <!-- tls cert isn't valid for the main page www.glasfaser-ostbayern.de -->
 
-<test url="http://kundenportal.r-kom.de/" />
-<test url="http://www.r-kom.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/R-phylo.org.xml b/src/chrome/content/rules/R-phylo.org.xml
new file mode 100644
index 000000000000..f6056cd89e18
--- /dev/null
+++ b/src/chrome/content/rules/R-phylo.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="R-phylo.org">
+
+	<target host="r-phylo.org" />
+	<target host="www.r-phylo.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/R-project.org.xml b/src/chrome/content/rules/R-project.org.xml
index 858115f0fc68..20504cf7362a 100644
--- a/src/chrome/content/rules/R-project.org.xml
+++ b/src/chrome/content/rules/R-project.org.xml
@@ -12,7 +12,7 @@
 		translation.r-project.org
 
 -->
-<ruleset name="R Project">
+<ruleset name="R-Project.org">
 
 	<target host="r-project.org" />
 	<target host="www.r-project.org" />
@@ -25,9 +25,17 @@
 	<target host="journal.r-project.org" />
 	<target host="r-forge.r-project.org" />
 	<target host="svn.r-project.org" />
+	<target host="cran.us.r-project.org" />
 	<target host="wiki.r-project.org" />
 	<target host="win-builder.r-project.org" />
 
+	<rule from="^http://cran\.us\.r-project\.org/"
+		to="https://cran.r-project.org/" />
+
+		<test url="http://cran.us.r-project.org/bin/macosx/tools/" />
+		<test url="http://cran.us.r-project.org/bin/windows/base/" />
+		<test url="http://cran.us.r-project.org/doc/contrib/usingR.pdf" />
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/R01.xml b/src/chrome/content/rules/R01.xml
index c2ce92216bed..e0e643dca5d1 100644
--- a/src/chrome/content/rules/R01.xml
+++ b/src/chrome/content/rules/R01.xml
@@ -10,13 +10,12 @@
 -->
 <ruleset name="R01 (partial)">
 
-	<target host="*.r01.ru" />
+	<target host="partner.r01.ru" />
 
 
 	<securecookie host="^\.?partner\.r01\.ru$" name=".+" />
 
 
-	<rule from="^http://partner\.r01\.ru/"
-		to="https://partner.r01.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/R66T.xml b/src/chrome/content/rules/R66T.xml
index 4036ccf7e210..8890155bb802 100644
--- a/src/chrome/content/rules/R66T.xml
+++ b/src/chrome/content/rules/R66T.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.r66t.com/ => https://www.onsiteconcierge.com/: (51, "SSL
 		- (www.)r66t.com	(mismatched, CN: *.onsiteconcierge.com)
 
 -->
-<ruleset name="R66T" default_off='failed ruleset test'>
+<ruleset name="R66T" default_off="failed ruleset test">
 
 	<target host="onsiteconcierge.com" />
 	<target host="www.onsiteconcierge.com" />
@@ -30,4 +30,4 @@ Fetch error: http://www.r66t.com/ => https://www.onsiteconcierge.com/: (51, "SSL
 	<rule from="^http://(www\.)?(?:onsiteconcierge|r66t)\.com/"
 		to="https://$1onsiteconcierge.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RAC.xml b/src/chrome/content/rules/RAC.xml
index 4bc352b1d9c2..fef0c20c7e62 100644
--- a/src/chrome/content/rules/RAC.xml
+++ b/src/chrome/content/rules/RAC.xml
@@ -2,7 +2,7 @@
   <target host="rac.co.uk" />
   <target host="www.rac.co.uk" />
 
-  <securecookie host="^(?:.+\.)?rac\.co\.uk$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RAINN.org.xml b/src/chrome/content/rules/RAINN.org.xml
index 9ea0723348eb..0f484c96153d 100644
--- a/src/chrome/content/rules/RAINN.org.xml
+++ b/src/chrome/content/rules/RAINN.org.xml
@@ -29,7 +29,11 @@
 <ruleset name="RAINN.org (partial)">
 
 	<target host="rainn.org" />
-	<target host="*.rainn.org" />
+	<target host="apps.rainn.org" />
+	<target host="donate.rainn.org" />
+	<target host="hotline.rainn.org" />
+	<target host="ohl.rainn.org" />
+	<target host="www.rainn.org" />
 
 
 	<!--securecookie host="^(www\.)?rainn\.org$" name="^AWSELB$" /-->
@@ -39,7 +43,6 @@
 	<securecookie host="^(?:\.|apps\.|donate\.|www\.)?rainn\.org$" name=".+" />
 
 
-	<rule from="^http://((?:apps|donate|hotline|ohl|www)\.)?rainn\.org/"
-		to="https://$1rainn.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RAM_Host.us.xml b/src/chrome/content/rules/RAM_Host.us.xml
index 6fd1afcdf312..a3b1276d327f 100644
--- a/src/chrome/content/rules/RAM_Host.us.xml
+++ b/src/chrome/content/rules/RAM_Host.us.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://forum.ramhost.us/ => https://forum.ramhost.us/: Too many redirects while fetching 'https://forum.ramhost.us/'
 
 -->
-<ruleset name="RAM Host.us (partial)" default_off='failed ruleset test'>
+<ruleset name="RAM Host.us (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RAND.xml b/src/chrome/content/rules/RAND.xml
index 46c63fd82873..59ad4e41f8ba 100644
--- a/src/chrome/content/rules/RAND.xml
+++ b/src/chrome/content/rules/RAND.xml
@@ -15,7 +15,7 @@
 <ruleset name="RAND (partial)">
 
 	<target host="rand.org" />
-	<target host="*.rand.org" />
+	<target host="www.rand.org" />
 
 
 	<!--	Tracking cookies:
@@ -26,4 +26,4 @@
 	<rule from="^http://(?:www\.)?rand\.org/(cart(?:$|\?|/)|content/|etc/|favicon\.ico|profile(?:$|\?|\.html))"
 		to="https://www.rand.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RANZCP.xml b/src/chrome/content/rules/RANZCP.xml
index 5370434c8562..64fc411a34d4 100644
--- a/src/chrome/content/rules/RANZCP.xml
+++ b/src/chrome/content/rules/RANZCP.xml
@@ -14,4 +14,4 @@
   <target host="www.ranzcp.org" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RARLab.xml b/src/chrome/content/rules/RARLab.xml
deleted file mode 100644
index dc3375a9c430..000000000000
--- a/src/chrome/content/rules/RARLab.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other WinRAR.com related rulesets, see WinRAR.xml
-
-	Non-functional hosts
-		Timeout was reached:
-		- ftp.rarlab.com
-		- ns3.rarlab.com
--->
-<ruleset name="RARLab">
-	<target host="rarlab.com" />
-	<target host="www.rarlab.com" />
-	<target host="downloads.rarlab.com" />
-	<target host="dspam.rarlab.com" />
-	<target host="mail.rarlab.com" />
-	<target host="notifier.rarlab.com" />
-	<target host="shop.rarlab.com" />
-	<target host="stats.rarlab.com" />
-	<target host="test.rarlab.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/RC24.xyz.xml b/src/chrome/content/rules/RC24.xyz.xml
new file mode 100644
index 000000000000..6d32411cc7ec
--- /dev/null
+++ b/src/chrome/content/rules/RC24.xyz.xml
@@ -0,0 +1,38 @@
+<!--
+	SSL protocol error:
+		- ms.wii.rc24.xyz
+
+	Mismatched:
+		- en.wikipedia.praxy.rc24.xyz
+		- cfh.wii.rc24.xyz
+		- news.wii.rc24.xyz
+		- rs.wii.rc24.xyz
+		- rss.wii.rc24.xyz
+		- weather.wii.rc24.xyz
+
+	Self-signed:
+		- mc.rc24.xyz
+
+	HTTP != HTTPS:
+		- admin.rc24.xyz
+-->
+<ruleset name="RC24.xyz">
+	<target host="rc24.xyz" />
+	<target host="www.rc24.xyz" />
+	<target host="announce.rc24.xyz" />
+	<target host="banner.rc24.xyz" />
+	<target host="blog.rc24.xyz" />
+	<target host="bookmark.rc24.xyz" />
+	<target host="bot.rc24.xyz" />
+	<target host="chat.rc24.xyz" />
+	<target host="interviews.rc24.xyz" />
+	<target host="mtw.rc24.xyz" />
+	<target host="status.rc24.xyz" />
+	<target host="syscheck.rc24.xyz" />
+	<target host="tag.rc24.xyz" />
+	<target host="theme.rc24.xyz" />
+	<target host="miicontest.wii.rc24.xyz" />
+	<target host="vt.wii.rc24.xyz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RCI.com.xml b/src/chrome/content/rules/RCI.com.xml
index ab50170e9a04..cce2efef0af8 100644
--- a/src/chrome/content/rules/RCI.com.xml
+++ b/src/chrome/content/rules/RCI.com.xml
@@ -30,7 +30,7 @@
 
 	<rule from="^http://m\.rci\.com/$"
 		  	to="https://m.rci.com/rcimobile/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RCITravelStore.co.uk.xml b/src/chrome/content/rules/RCITravelStore.co.uk.xml
deleted file mode 100644
index bf0a985d3b4f..000000000000
--- a/src/chrome/content/rules/RCITravelStore.co.uk.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other Wyndham related rulesets, see Wyndham.xml
--->
-<ruleset name="RCI Travel Store.co.uk">
-	<target host="www.rcitravelstore.co.uk" />
-	<target host="test.rcitravelstore.co.uk" />
-	<target host="uat.rcitravelstore.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/RCUK.ac.uk.xml b/src/chrome/content/rules/RCUK.ac.uk.xml
index 095cee95b4c5..cda38a59e01d 100644
--- a/src/chrome/content/rules/RCUK.ac.uk.xml
+++ b/src/chrome/content/rules/RCUK.ac.uk.xml
@@ -1,7 +1,7 @@
 <!--
 
 	Nonfunctional subdomains:
-		
+
 		- ^ ²
 		- gtr ¹
 		- www ¹
diff --git a/src/chrome/content/rules/RE.is.xml b/src/chrome/content/rules/RE.is.xml
index ffb453975f75..218d48df8426 100644
--- a/src/chrome/content/rules/RE.is.xml
+++ b/src/chrome/content/rules/RE.is.xml
@@ -15,7 +15,8 @@
 <ruleset name="RE.is (partial)">
 
 	<target host="re.is" />
-	<target host="*.re.is" />
+	<target host="www.re.is" />
+	<target host="agent.re.is" />
 		<!--exclusion pattern="http://(www\.)?re\.is/(?!da/CartService/|media/|skin/)" /-->
 
 
diff --git a/src/chrome/content/rules/RECRegistry.xml b/src/chrome/content/rules/RECRegistry.xml
index 1db8d5086bb3..8bae0b6bbca9 100644
--- a/src/chrome/content/rules/RECRegistry.xml
+++ b/src/chrome/content/rules/RECRegistry.xml
@@ -1,7 +1,7 @@
 <ruleset name="REC Registry">
 	<target host="rec-registry.gov.au" />
-	<target host="*.rec-registry.gov.au" />
+	<target host="www.rec-registry.gov.au" />
 
 	<rule from="^http://(?:www\.)?rec-registry\.gov\.au/"
 		to="https://www.rec-registry.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/REWAG.xml b/src/chrome/content/rules/REWAG.xml
index 7761a6c30874..37790c9bbff2 100644
--- a/src/chrome/content/rules/REWAG.xml
+++ b/src/chrome/content/rules/REWAG.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.rewag.de/ => https://www.rewag.de/: (60, 'SSL certificat
 	Regensburger Energie- und Wasserversorgung AG
 
 -->
-<ruleset name="REWAG.de" default_off='failed ruleset test'>
+<ruleset name="REWAG.de" default_off="failed ruleset test">
 	<target host="karriere.rewag.de"/>
 	<target host="www.rewag.de"/>
 
diff --git a/src/chrome/content/rules/RFC_Express.xml b/src/chrome/content/rules/RFC_Express.xml
index 00dc8ba7f361..a3c651a432f2 100644
--- a/src/chrome/content/rules/RFC_Express.xml
+++ b/src/chrome/content/rules/RFC_Express.xml
@@ -5,7 +5,7 @@ Fetch error: http://rfcexpress.com/ => https://rfcexpress.com/: (28, 'Connection
 Fetch error: http://www.rfcexpress.com/ => https://www.rfcexpress.com/: (28, 'Connection timed out after 20002 milliseconds')
 
 -->
-<ruleset name="RFC Express" default_off='failed ruleset test'>
+<ruleset name="RFC Express" default_off="failed ruleset test">
 
 	<target host="rfcexpress.com" />
 	<target host="www.rfcexpress.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.rfcexpress.com/ => https://www.rfcexpress.com/: (28, 'Co
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RHUL.ac.uk.xml b/src/chrome/content/rules/RHUL.ac.uk.xml
index 85ccf0e9f9e9..1b41c7806d90 100644
--- a/src/chrome/content/rules/RHUL.ac.uk.xml
+++ b/src/chrome/content/rules/RHUL.ac.uk.xml
@@ -40,7 +40,11 @@
 <ruleset name="RHUL.ac.uk (partial)">
 
 	<target host="rhul.ac.uk" />
-	<target host="*.rhul.ac.uk" />
+	<target host="www.rhul.ac.uk" />
+	<target host="cimhelpdesk.rhul.ac.uk" />
+	<target host="helpdesk.ma.rhul.ac.uk" />
+	<target host="isg.rhul.ac.uk" />
+	<target host="www.isg.rhul.ac.uk" />
 		<exclusion pattern="^http://(?:www\.)?isg\.rhul\.ac\.uk/+(?:~|tls(?:$|[?/]))" />
 		<!--exclusion pattern="^http://(www\.)?isg\.rhul\.ac\.uk/+(?!$|\?|bin($|[?/])|static/)" /-->
 
@@ -57,7 +61,6 @@
 	<rule from="^http://(?:cimhelpdesk|helpdesk\.ma)\.rhul\.ac\.uk/"
 		to="https://helpdesk.ma.rhul.ac.uk/" />
 
-	<rule from="^http://(www\.)?isg\.rhul\.ac\.uk/"
-		to="https://$1isg.rhul.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RIA.com.xml b/src/chrome/content/rules/RIA.com.xml
index 9fe513d331cd..e3ab3e703493 100644
--- a/src/chrome/content/rules/RIA.com.xml
+++ b/src/chrome/content/rules/RIA.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other RIA rulesets:
 
-		- RIA.ua.xml
 		- RIA_static.com.xml
 
 
@@ -164,7 +163,6 @@
 		<test url="http://shepetivka.ria.com/" />
 		<test url="http://shostka.ria.com/" />
 		<test url="http://simeiz.ria.com/" />
-		<test url="http://simeiz.ria.com/" />
 		<test url="http://simferopol.ria.com/" />
 		<test url="http://sinelnikovo.ria.com/" />
 		<test url="http://skadovsk.ria.com/" />
diff --git a/src/chrome/content/rules/RIA.ua.xml b/src/chrome/content/rules/RIA.ua.xml
deleted file mode 100644
index cf9ab9da777f..000000000000
--- a/src/chrome/content/rules/RIA.ua.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other RIA coverage, see RIA.com.xml.
-
--->
-<ruleset name="RIA.ua">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ria.ua" />
-	<target host="*.ria.ua" />
-
-		<test url="http://mariupol.ria.ua/" />
-		<test url="http://www.ria.ua/" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RIAA.com.xml b/src/chrome/content/rules/RIAA.com.xml
new file mode 100644
index 000000000000..a904746e1002
--- /dev/null
+++ b/src/chrome/content/rules/RIAA.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RIAA.com" >
+	<target host="riaa.com" />
+	<target host="www.riaa.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RIAA.xml b/src/chrome/content/rules/RIAA.xml
deleted file mode 100644
index 821213f9157c..000000000000
--- a/src/chrome/content/rules/RIAA.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="RIAA" platform="mixedcontent">
-  <target host="riaa.com" />
-  <target host="www.riaa.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/RIKEN.jp.xml b/src/chrome/content/rules/RIKEN.jp.xml
index 0b6523e74036..d8d3fd944586 100644
--- a/src/chrome/content/rules/RIKEN.jp.xml
+++ b/src/chrome/content/rules/RIKEN.jp.xml
@@ -3,6 +3,7 @@
 
 		- (www.)? ¹
 		- 100th ¹
+		- hpci-tech.aics (timeout)
 
 		- brainatlas.brain ¹
 		- bsi-ni.brain ¹
@@ -40,7 +41,6 @@
 
 	<!--	Direct rewrites:
 				-->
-	<target host="hpci-tech.aics.riken.jp" />
 	<target host="www.aics.riken.jp" />
 	<target host="bioconductor.riken.jp" />
 	<target host="bsi-ni.brain.riken.jp" />
@@ -73,7 +73,7 @@
 	<!--securecookie host="^nijc\.brain\.riken\.jp$" name="^(?:PHPSESSID|autologin_pass|autologin_uname|ml_lang|ml_langname)$" /-->
 	<!--securecookie host="^choutatsu\.riken\.jp$" name="^PHPSESSID$" /-->
 
-	<securecookie host=".+\.riken\.jp$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/RIT.edu.xml b/src/chrome/content/rules/RIT.edu.xml
index b3536d9e5852..5777799b8cdf 100644
--- a/src/chrome/content/rules/RIT.edu.xml
+++ b/src/chrome/content/rules/RIT.edu.xml
@@ -98,7 +98,7 @@ Fetch error: http://ntid.rit.edu/ => https://ntid.rit.edu/: (51, "SSL: no altern
 		- favicon on artoncampus from $self
 
 -->
-<ruleset name="RIT.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="RIT.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -119,6 +119,7 @@ Fetch error: http://ntid.rit.edu/ => https://ntid.rit.edu/: (51, "SSL: no altern
 	<target host="ill.rit.edu" />
 	<target host="library.rit.edu" />
 	<target host="my.rit.edu" />
+	<target host="mirrors.rit.edu" />
 	<target host="ntid.rit.edu" />
 	<target host="apps.ntid.rit.edu" />
 	<target host="www.ntid.rit.edu" />
diff --git a/src/chrome/content/rules/RL_Rose.xml b/src/chrome/content/rules/RL_Rose.xml
index e1123264ae6d..2f621868c4b5 100644
--- a/src/chrome/content/rules/RL_Rose.xml
+++ b/src/chrome/content/rules/RL_Rose.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RMF.pl.xml b/src/chrome/content/rules/RMF.pl.xml
new file mode 100644
index 000000000000..e8cf5a793ad5
--- /dev/null
+++ b/src/chrome/content/rules/RMF.pl.xml
@@ -0,0 +1,76 @@
+<!--
+	Cert mismatch:
+		- (www.)rmf.pl
+		- kiosk.rmf.pl
+		- life.rmf.pl
+		- live.rmf.pl
+		- m.rmf.pl
+		 -mike.rmf.pl
+		- (www.)poplista.rmf.pl
+		- radio.rmf.pl
+		- rss.rmf.pl
+		- stream.rmf.pl
+		- sulley.rmf.pl
+		- (www.)classic.rmf.fm
+		- (www.)fakty.rmf.fm
+		- live.rmf.fm
+		- m.rmf.fm
+		- radio.rmf.fm
+		- muzyka.rmf.fm
+		- m.rmfclassic.pl
+		- panel.rmfclassic.pl
+		- forum.rmfon.pl
+		- (www.)games.rmfmaxxx.pl
+		- (www.)dedykacje.rmfmaxxx.pl
+
+	Chain issues:
+		- ftp.rmf.pl
+		- gruul.rmf.pl
+		- marauder.rmf.pl
+		- pliki.rmf.pl
+		- evio.rmfon.pl
+
+	Timeout:
+		- goauld.rmf.pl
+		- hamster.rmf.pl
+		- mxc.rmf.pl
+		- push.rmf.pl
+		- rmc.rmf.pl
+		- studio.rmf.pl
+
+	TLS not supported:
+		- (www.)20lat.rmf.fm
+		- 25lat.rmf.fm
+		- mxc.rmfmaxxx.pl
+		- mxcav.rmfmaxxx.pl
+-->
+<ruleset name="Radio Muzyka Fakty FM (partial)" >
+
+
+
+	<target host="doc.rmf.pl" />
+	<target host="gk.rmf.pl" />
+	<target host="mail.rmf.pl" />
+	<target host="partner.rmf.pl" />
+	<target host="secure.rmf.pl" />
+	<target host="skipper.rmf.pl" />
+	<target host="sopot.rmf.pl" />
+	<target host="static.rmf.pl" />
+	<target host="i.static.rmf.pl" />
+	<target host="txt.rmf.pl" />
+	<target host="vpn.rmf.pl" />
+	<target host="zol.rmf.pl" />
+
+	<target host="rmf.fm" />
+	<target host="www.rmf.fm" />
+
+	<target host="rmfclassic.pl" />
+	<target host="www.rmfclassic.pl" />
+
+	<target host="rmfmaxxx.pl" />
+	<target host="www.rmfmaxxx.pl" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RNR_Wheels_and_Tires.xml b/src/chrome/content/rules/RNR_Wheels_and_Tires.xml
index bbb1cf2ea099..d92b1b87d2c7 100644
--- a/src/chrome/content/rules/RNR_Wheels_and_Tires.xml
+++ b/src/chrome/content/rules/RNR_Wheels_and_Tires.xml
@@ -11,10 +11,11 @@ Fetch error: http://rnrwheels.com/ => https://www.rnrwheels.com/: (35, 'error:14
 	mixedcontent due to css served from static.ning.com
 
 -->
-<ruleset name="RNR Wheels &amp; Tires (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="RNR Wheels &amp; Tires (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rnrwheels.com" />
-	<target host="*.rnrwheels.com" />
+	<target host="www.rnrwheels.com" />
+	<target host="shop.rnrwheels.com" />
 
 
 	<securecookie host="^\.rnrwheels\.com$" name=".+" />
diff --git a/src/chrome/content/rules/RNW.nl.xml b/src/chrome/content/rules/RNW.nl.xml
index 76f0ce5eb5b1..1ef5f9868686 100644
--- a/src/chrome/content/rules/RNW.nl.xml
+++ b/src/chrome/content/rules/RNW.nl.xml
@@ -10,18 +10,6 @@
 
 	* Refused
 
-
-	Fully covered subdomains:
-
-		- intranet
-		- ocs
-		- rvt-docs
-		- sites
-		- vpn
-		- webmail
-		- webtier
-
-
 	Observed cookie domains:
 
 		- .
@@ -37,16 +25,14 @@
 		- .www
 
 -->
-<ruleset name="RNW.nl (partial)">
+<ruleset name="RNW.nl (partial)" default_off="timeout">
 
-	<target host="*.rnw.nl" />
-		<!--exclusion pattern="^http://(corporate|www)\." /-->
+	<target host="intranet.rnw.nl" />
 
 
-	<securecookie host=".+\.rnw\.nl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(intranet|ocs|rvt-docs|sites|vpn|webmail|webtier)\.rnw\.nl/"
-		to="https://$1.rnw.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RNZ.de.xml b/src/chrome/content/rules/RNZ.de.xml
index caa26dce7d6f..9a790316d929 100644
--- a/src/chrome/content/rules/RNZ.de.xml
+++ b/src/chrome/content/rules/RNZ.de.xml
@@ -4,7 +4,7 @@
 		sportwahl.rnz.de
 		www.sportwahl.rnz.de
 		seniorenportal.rnz.de
-		
+
 	Time-Out:
 		adcept.rnz.de
 		osc.rnz.de
diff --git a/src/chrome/content/rules/ROBEHA.de.xml b/src/chrome/content/rules/ROBEHA.de.xml
new file mode 100644
index 000000000000..fd796845df43
--- /dev/null
+++ b/src/chrome/content/rules/ROBEHA.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="ROBEHA.de">
+
+	<target host="robeha.de" />
+	<target host="www.robeha.de" />
+
+	<!-- Invalid certificate on https://robeha.de/,
+	http://robeha.de/ redirects to http://www.robeha.de/ -->
+	<rule from="^http://robeha\.de/"
+		to="https://www.robeha.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ROBOXchange.xml b/src/chrome/content/rules/ROBOXchange.xml
deleted file mode 100644
index fa8f61c19206..000000000000
--- a/src/chrome/content/rules/ROBOXchange.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	^roboxchange.com: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.roboxchange.com
-
-
-	Mixed content:
-
-		- Bug from www.webmoney.ru
-
--->
-<ruleset name="ROBOXchange.com">
-
-	<!--	Direct rewrites:
-				-->
-  <target host="www.roboxchange.com" />
-
-	<!--	Complications:
-				-->
-  <target host="roboxchange.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.roboxchange\.com$" name="^(?:ASP\.NET_SessionId|RoboxCulture)$" /-->
-
-	<securecookie host="^www\.roboxchange\.com$" name=".+" />
-
-
-	<rule from="^http://roboxchange\.com/"
-		to="https://www.roboxchange.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ROCKZi.com.xml b/src/chrome/content/rules/ROCKZi.com.xml
index 22eec381f2e7..f19fadd05c92 100644
--- a/src/chrome/content/rules/ROCKZi.com.xml
+++ b/src/chrome/content/rules/ROCKZi.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://rockzi.com/ => https://rockzi.com/: Too many redirects while
 	* Secured by us
 
 -->
-<ruleset name="ROCKZi.com" default_off='failed ruleset test'>
+<ruleset name="ROCKZi.com" default_off="failed ruleset test">
 
 	<target host="rockzi.com" />
 	<target host="cloud.rockzi.com" />
diff --git a/src/chrome/content/rules/ROHC-lib.org.xml b/src/chrome/content/rules/ROHC-lib.org.xml
index 1f4758696191..32c6909c27c2 100644
--- a/src/chrome/content/rules/ROHC-lib.org.xml
+++ b/src/chrome/content/rules/ROHC-lib.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.rohc-lib.org/ => https://www.rohc-lib.org/: (60, 'SSL ce
 	www: Mismatched
 
 -->
-<ruleset name="ROHC-lib.org" default_off='failed ruleset test'>
+<ruleset name="ROHC-lib.org" default_off="failed ruleset test">
 
 	<target host="rohc-lib.org" />
 	<target host="www.rohc-lib.org" />
diff --git a/src/chrome/content/rules/ROI.ru.xml b/src/chrome/content/rules/ROI.ru.xml
index cbbd2fdcbee2..8732ee6065e3 100644
--- a/src/chrome/content/rules/ROI.ru.xml
+++ b/src/chrome/content/rules/ROI.ru.xml
@@ -12,13 +12,14 @@
 <ruleset name="ROI.ru">
 
 	<target host="roi.ru" />
-	<target host="*.roi.ru" />
+	<target host="css.roi.ru" />
+	<target host="js.roi.ru" />
+	<target host="www.roi.ru" />
 
 
 	<securecookie host="^\.roi\.ru$" name=".+" />
 
 
-	<rule from="^http://((?:css|js|www)\.)?roi\.ru/"
-		to="https://$1roi.ru/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ROI_Solutions.xml b/src/chrome/content/rules/ROI_Solutions.xml
index 5a0d9515706b..44e5d6ceda3d 100644
--- a/src/chrome/content/rules/ROI_Solutions.xml
+++ b/src/chrome/content/rules/ROI_Solutions.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RPGRussia.com.xml b/src/chrome/content/rules/RPGRussia.com.xml
new file mode 100644
index 000000000000..63f84bfb6d37
--- /dev/null
+++ b/src/chrome/content/rules/RPGRussia.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Wildcard DNS record, all other subdomains are mismatched
+-->
+<ruleset name="RPGRussia.com">
+	<target host="rpgrussia.com" />
+	<target host="www.rpgrussia.com" />
+	<target host="chat.rpgrussia.com" />
+	<target host="www.chat.rpgrussia.com" />
+	<target host="old.rpgrussia.com" />
+	<target host="www.old.rpgrussia.com" />
+	<target host="xenforo.rpgrussia.com" />
+	<target host="www.xenforo.rpgrussia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RPXCorp.com.xml b/src/chrome/content/rules/RPXCorp.com.xml
index a536771ad42b..f8db44b0e6aa 100644
--- a/src/chrome/content/rules/RPXCorp.com.xml
+++ b/src/chrome/content/rules/RPXCorp.com.xml
@@ -31,6 +31,6 @@
 	<rule from="^http://rpxcorp\.com/"
 			to="https://www.rpxcorp.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RPXNow.com.xml b/src/chrome/content/rules/RPXNow.com.xml
index e8e6d497089c..2dd66d8cee2e 100644
--- a/src/chrome/content/rules/RPXNow.com.xml
+++ b/src/chrome/content/rules/RPXNow.com.xml
@@ -1,52 +1,16 @@
 <!--
 	For other JanRain coverage, see JanRain.xml.
 
-
-	CDN buckets:
-
-		- s3.amazonaws.com/static.rpxnow.com/
-
-			- Equivalent to docj27ko03fnu.cloudfront.net
-
-		- d29usylhdk1xyu.cloudfront.net
-
-			- widget-cdn.rpxnow.com
-
-
-	Clients have unique subdomains:
-
+	Mismatched:
+		- static.rpxnow.com
 -->
-<ruleset name="RPXNow.com (partial)">
-
+<ruleset name="RPXNow.com">
 	<target host="rpxnow.com" />
-	<target host="*.rpxnow.com" />
-
-		<exclusion pattern="^http://(?:[^.]+\.){2,}rpxnow\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.rpxnow.com/" />
-			<test url="http://exists.not.rpxnow.com/" />
-
-		<test url="http://cdn.rpxnow.com/" />
-		<test url="http://widget-cdn.rpxnow.com/" />
-		<test url="http://www.rpxnow.com/" />
-
-		<!--	clients:
-				-->
-		<test url="http://chinaaid.rpxnow.com/" />
-		<test url="http://spopconfig.rpxnow.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://static\.rpxnow\.com/"
-		to="https://s3.amazonaws.com/static.rpxnow.com/" />
-
-		<test url="http://static.rpxnow.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<target host="www.rpxnow.com" />
+	<target host="cdn.rpxnow.com" />
+	<target host="ssl-widget-cdn.rpxnow.com" />
+	<target host="widget-cdn.rpxnow.com" />
+	<target host="widgets-cdn.rpxnow.com" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RRTS.com.xml b/src/chrome/content/rules/RRTS.com.xml
index 59bf8871a20b..26af6c7da70a 100644
--- a/src/chrome/content/rules/RRTS.com.xml
+++ b/src/chrome/content/rules/RRTS.com.xml
@@ -21,7 +21,10 @@
 <ruleset name="RRTS.com">
 
 	<target host="rrts.com" />
-	<target host="*.rrts.com" />
+	<target host="www.rrts.com" />
+	<target host="beta.rrts.com" />
+	<target host="webservices.rrts.com" />
+	<target host="webservicesbeta.rrts.com" />
 
 
 	<!--	Not secured by server:
@@ -34,7 +37,6 @@
 	<rule from="^http://(?:www\.)?rrts\.com/"
 		to="https://www.rrts.com/" />
 
-	<rule from="^http://(beta|webservices|webservicesbeta)\.rrts\.com/"
-		to="https://$1.rrts.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RSA-Security.xml b/src/chrome/content/rules/RSA-Security.xml
deleted file mode 100644
index ce5ffbd645a0..000000000000
--- a/src/chrome/content/rules/RSA-Security.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="RSA Security (partial)">
-
-	<target host="www.securesuite.co.uk" />
-
-
-	<!--	Seems to break payment verification :(
-	
-	<securecookie host="^www\.securesuite\.co\.uk$" name=".+" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/RSA.xml b/src/chrome/content/rules/RSA.xml
index 26fdd61be37c..b2c416046b36 100644
--- a/src/chrome/content/rules/RSA.xml
+++ b/src/chrome/content/rules/RSA.xml
@@ -19,7 +19,8 @@
 -->
 <ruleset name="RSA">
   <target host="rsa.com" />
-  <target host="*.rsa.com" />
+  <target host="www.rsa.com" />
+  <target host="blogs.rsa.com" />
 
 
 	<securecookie host="^\.rsa\.com$" name="^__(?:qca|utm\w)$" />
@@ -28,7 +29,6 @@
 
   <rule from="^http://(?:www\.)?rsa\.com/" to="https://www.rsa.com/" />
 
-	<rule from="^http://blogs\.rsa\.com/"
-		to="https://blogs.rsa.com/" />
 
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RSA_Conference.xml b/src/chrome/content/rules/RSA_Conference.xml
index 78187a8d8e17..ef013691c8c5 100644
--- a/src/chrome/content/rules/RSA_Conference.xml
+++ b/src/chrome/content/rules/RSA_Conference.xml
@@ -11,7 +11,7 @@ Fetch error: http://dev.rsaconference.com/ => https://dev.rsaconference.com/: (6
 			- a127.g.akamai.net
 
 -->
-<ruleset name="RSA Conference (partial)" default_off='failed ruleset test'>
+<ruleset name="RSA Conference (partial)" default_off="failed ruleset test">
 
 	<target host="rsaconference.com" />
 	<target host="365.rsaconference.com" />
diff --git a/src/chrome/content/rules/RSC.org.uk.xml b/src/chrome/content/rules/RSC.org.uk.xml
index d0f88730fa5b..1478df58b0f0 100644
--- a/src/chrome/content/rules/RSC.org.uk.xml
+++ b/src/chrome/content/rules/RSC.org.uk.xml
@@ -22,7 +22,7 @@ Non-2xx HTTP code: http://mail.rsc.org.uk/ (200) => https://mail.rsc.org.uk/ (40
 		- www.rsc.org.uk
 
 -->
-<ruleset name="RSC.org.uk" default_off='failed ruleset test'>
+<ruleset name="RSC.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RSOLConference.org.xml b/src/chrome/content/rules/RSOLConference.org.xml
new file mode 100644
index 000000000000..d662d0bf9d3a
--- /dev/null
+++ b/src/chrome/content/rules/RSOLConference.org.xml
@@ -0,0 +1,10 @@
+<!--
+	See also NARSOL.org.xml, NationalRSOL.org.xml
+-->
+<ruleset name="RSOLConference.org">
+	<target host="rsolconference.org" />
+	<target host="www.rsolconference.org" />
+	<target host="mail.rsolconference.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RSPCA_shop.co.uk.xml b/src/chrome/content/rules/RSPCA_shop.co.uk.xml
index 414c12b2a509..0b273630731f 100644
--- a/src/chrome/content/rules/RSPCA_shop.co.uk.xml
+++ b/src/chrome/content/rules/RSPCA_shop.co.uk.xml
@@ -13,13 +13,13 @@ Fetch error: http://rspcashop.co.uk/ => https://rspcashop.co.uk/: (7, 'Failed to
 	For other RSPCA coverage, see RSPCA.xml.
 
 -->
-<ruleset name="RSPCA shop.co.uk" default_off='failed ruleset test'>
+<ruleset name="RSPCA shop.co.uk" default_off="failed ruleset test">
 
 	<target host="rspcashop.co.uk" />
 	<target host="www.rspcashop.co.uk" />
 
 
-	<securecookie host="^(?:.*\.)?rspcashop\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/RSSinclude.xml b/src/chrome/content/rules/RSSinclude.xml
index dce0bf803963..afdb785d118b 100644
--- a/src/chrome/content/rules/RSSinclude.xml
+++ b/src/chrome/content/rules/RSSinclude.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RSSing.com.xml b/src/chrome/content/rules/RSSing.com.xml
index 373fb9eca2cb..45766bb8326b 100644
--- a/src/chrome/content/rules/RSSing.com.xml
+++ b/src/chrome/content/rules/RSSing.com.xml
@@ -11,7 +11,7 @@
 <ruleset name="RSSing.com" default_off="expired, self-signed">
 
 	<target host="rssing.com" />
-	<target host="*.rssing.com" />
+	<target host="www.rssing.com" />
 
 
 	<securecookie host="^\.rssing\.com$" name=".+" />
diff --git a/src/chrome/content/rules/RST_forums.com.xml b/src/chrome/content/rules/RST_forums.com.xml
index 00f9badd68c0..47da661bddf8 100644
--- a/src/chrome/content/rules/RST_forums.com.xml
+++ b/src/chrome/content/rules/RST_forums.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.rstforums.com/ => https://www.rstforums.com/: (51, "SSL:
 		- .rstforums.com
 
 -->
-<ruleset name="RST forums.com" default_off='failed ruleset test'>
+<ruleset name="RST forums.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RSVP.xml b/src/chrome/content/rules/RSVP.xml
index a9afb5ba9841..21369c9282ee 100644
--- a/src/chrome/content/rules/RSVP.xml
+++ b/src/chrome/content/rules/RSVP.xml
@@ -9,7 +9,9 @@
 <ruleset name="RSVP" platform="mixedcontent">
 
 	<target host="rsvp.com.au"/>
-	<target host="*.rsvp.com.au"/>
+	<target host="images.rsvp.com.au" />
+	<target host="resources.rsvp.com.au" />
+	<target host="www.rsvp.com.au" />
 
 	<!--	images & resources: Akamai
 		Cert doesn't match !www		-->
diff --git a/src/chrome/content/rules/RStudio.com.xml b/src/chrome/content/rules/RStudio.com.xml
index dc9b02737314..e32e843a1e94 100644
--- a/src/chrome/content/rules/RStudio.com.xml
+++ b/src/chrome/content/rules/RStudio.com.xml
@@ -20,7 +20,7 @@
 	<target host="support.rstudio.com" />
 
 	<target host="rstd.io" />
-	
+
 	<rule from="^http://www\.spark\.rstudio\.com/"
 		to="https://spark.rstudio.com/" />
 
diff --git a/src/chrome/content/rules/RT.com.xml b/src/chrome/content/rules/RT.com.xml
index a0e54dfdd41b..0762e7ce3a82 100644
--- a/src/chrome/content/rules/RT.com.xml
+++ b/src/chrome/content/rules/RT.com.xml
@@ -1,100 +1,41 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://arb.rt.com/ (200) => https://arb.rt.com/ (404)
-Fetch error: http://assange.rt.com/ => https://assange.rt.com/: Too many redirects while fetching 'https://assange.rt.com/'
-Non-2xx HTTP code: http://esp.rt.com/ (200) => https://esp.rt.com/ (404)
-Non-2xx HTTP code: http://img.rt.com/ (200) => https://img.rt.com/ (404)
-Fetch error: http://meetfriends.rt.com/ => https://meetfriends.rt.com/: (6, 'Could not resolve host: meetfriends.rt.com')
-Fetch error: http://partners.rt.com/ => https://partners.rt.com/: Too many redirects while fetching 'https://partners.rt.com/'
-Fetch error: http://scounter.rt.com/ => https://scounter.rt.com/: (6, 'Could not resolve host: scounter.rt.com')
-
-	Russia Today
-
-
-	Nonfunctional hosts in *rt.com:
-
-		- catalog ʳ
-		- clubdoc ʰ
-		- freevideo ᵈ
-		- learnrussian ʳ
-		- mariinsky ᵈ
-		- russiapedia ʰ
-		- warwitness ʰ
-
-	ᵈ Dropped
-	ʰ Redirects to http, valid cert
-	ʳ Refused
-
-
-	Problematic hosts in *rt.com:
-
-		- on ᵃ
-
-	ᵃ Shows another domain, preemptable redirect
-
-
-	Mixed content:
-
-		- Bugs, on :
-
-			- actualidad from pixel.quantserve.com ˢ
-			- actualidad, arabic, deutsch, francais, www from b.scorecardresearch.com ˢ
-			- actualidad, www from c.statcounter.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+	Non-functional hosts
+		Timeout was reached:
+		- freevideo.rt.com
 
+		Server returned nothing (no headers, no data):
+		- catalog.rt.com
+		- learnrussian.rt.com
 -->
-<ruleset name="RT.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="RT.com (partial)">
 	<target host="rt.com" />
 	<target host="actualidad.rt.com" />
 	<target host="arabic.rt.com" />
 	<target host="arb.rt.com" />
 	<target host="assange.rt.com" />
 	<target host="cdn.rt.com" />
+	<target host="cdni.rt.com" />
+	<target host="clubdoc.rt.com" />
 	<target host="de.rt.com" />
 	<target host="deutsch.rt.com" />
 	<target host="doc.rt.com" />
 	<target host="esp.rt.com" />
+	<test url="http://esp.rt.com/actualidad/public_images/2016.11/article/582a64d1c36188391c8b4649.jpg" />
 	<target host="fr.rt.com" />
 	<target host="francais.rt.com" />
 	<target host="img.rt.com" />
 	<target host="inotv.rt.com" />
-	<target host="meetfriends.rt.com" />
+	<target host="on.rt.com" />
 	<target host="partners.rt.com" />
 	<target host="rtd.rt.com" />
 	<target host="rtdru.rt.com" />
 	<target host="russian.rt.com" />
-	<target host="scounter.rt.com" />
+	<target host="russiapedia.rt.com" />
+	<target host="warwitness.rt.com" />
 	<target host="www.rt.com" />
 	<target host="zakupki.rt.com" />
 
-	<!--	Complications:
-				-->
-	<target host="on.rt.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://clubdoc\.rt\.com/(?:$|static/)" /-->
-		<!--exclusion pattern="^http://russiapedia\.rt\.com/(?:$|s/images/)" /-->
-		<!--exclusion pattern="^http://warwitness\.rt\.com/(?:$|img/)" /-->
-
-
 	<securecookie host=".+" name=".+" />
 
-
-	<!--	Redirect keeps all, appends
-		forward slash:
-					-->
-	<rule from="^http://on\.rt\.com/(.*)"
-		to="https://www.rt.com/shortcode/$1/" />
-
-		<test url="http://on.rt.com/7814" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RTE.xml b/src/chrome/content/rules/RTE.xml
index cbb092d2ec15..e56a6c373df7 100644
--- a/src/chrome/content/rules/RTE.xml
+++ b/src/chrome/content/rules/RTE.xml
@@ -1,9 +1,4 @@
 <!--
-	Other RTÉ rulesets:
-
-		- Rasset.ie.xml
-
-
 	Nonfunctional hosts in *rte.ie:
 
 		- rtejr *
diff --git a/src/chrome/content/rules/RTEMS.xml b/src/chrome/content/rules/RTEMS.xml
deleted file mode 100644
index a8992420812b..000000000000
--- a/src/chrome/content/rules/RTEMS.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	STS header includes includeSubDomains
-
--->
-<ruleset name="RTEMS.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="rtems.org" />
-	<target host="*.rtems.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.rtems\.org$" name="^SESS[\da-f]{32}$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RTHK.hk.xml b/src/chrome/content/rules/RTHK.hk.xml
new file mode 100644
index 000000000000..2da74c285fc4
--- /dev/null
+++ b/src/chrome/content/rules/RTHK.hk.xml
@@ -0,0 +1,56 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- stm.rthk.hk
+		- stm1.rthk.hk
+		- stm2.rthk.hk
+		- teenpower.rthk.hk
+		- www.teenpower.rthk.hk
+		- m.teenpower.rthk.hk
+		- teenpower1.rthk.hk
+
+		Timeout was reached:
+		- newsuat.rthk.hk
+		- rthkcms3.rthk.hk
+		- rthkwcms1.rthk.hk
+
+		SSL connect error:
+		- archive.rthk.hk
+		- rthk9.rthk.hk
+
+		Incomplete certificate chain error:
+		- cibs.rthk.hk
+		- t.rthk.hk
+-->
+<ruleset name="RTHK.hk">
+	<target host="rthk.hk" />
+	<target host="www.rthk.hk" />
+	<target host="apiw01.rthk.hk" />
+	<target host="app1.rthk.hk" />
+	<target host="app3.rthk.hk" />
+	<target host="app4.rthk.hk" />
+	<target host="app7.rthk.hk" />
+	<target host="dab33.rthk.hk" />
+	<target host="dab35.rthk.hk" />
+	<target host="gbcode.rthk.hk" />
+		<test url="http://gbcode.rthk.hk/TuniS/news.rthk.hk/rthk/ch/latest-news.htm" />
+	<target host="m.rthk.hk" />
+	<target host="news.rthk.hk" />
+	<target host="newsprd.rthk.hk" />
+	<target host="newsstatic.rthk.hk" />
+	<target host="podcast.rthk.hk" />
+		<test url="http://podcast.rthk.hk/podcast/" />
+	<target host="podcasts.rthk.hk" />
+	<target host="programme.rthk.hk" />
+		<test url="http://programme.rthk.hk/assets/timetable/channel/tv/rthk_dtt32_timetable.pdf" />
+		<test url="http://programme.rthk.hk/channel/broadcaster/index.php?c=radio5" />
+		<test url="http://programme.rthk.hk/channel/radio/trafficnews/index.php" />
+	<target host="radio2.rthk.hk" />
+	<target host="radio5.rthk.hk" />
+	<target host="stmw.rthk.hk" />
+	<target host="stmw1.rthk.hk" />
+	<target host="stmw2.rthk.hk" />
+	<target host="webplus.rthk.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RTHK.org.hk.xml b/src/chrome/content/rules/RTHK.org.hk.xml
new file mode 100644
index 000000000000..ddbbc30f6c53
--- /dev/null
+++ b/src/chrome/content/rules/RTHK.org.hk.xml
@@ -0,0 +1,28 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- teenpower.rthk.org.hk
+		- www.teenpower.rthk.org.hk
+
+		SSL peer certificate was not OK:
+		- rthk.org.hk
+		- www.rthk.org.hk
+		- app1.rthk.org.hk
+		- app3.rthk.org.hk
+		- gbcode.rthk.org.hk
+		- hkfilex.rthk.org.hk
+		- www.hkfilex.rthk.org.hk
+		- news.rthk.org.hk
+		- podcast.rthk.org.hk
+		- programme.rthk.org.hk
+
+		Incomplete certificate chain error:
+		- pop.rthk.org.hk
+-->
+<ruleset name="RTHK.org.hk">
+	<target host="rthk.org.hk" />
+	<target host="www.rthk.org.hk" />
+	
+	<rule from="^http://(www\.)?rthk\.org\.hk/"
+		to="https://$1rthk.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/RTL.de.xml b/src/chrome/content/rules/RTL.de.xml
deleted file mode 100644
index 34ce36d28c5a..000000000000
--- a/src/chrome/content/rules/RTL.de.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ak.rtl.de.edgesuite.net
-
-			- a610.g2.akamai.net
-			- bilder.akamai
-
-
-	Problematic subdomains:
-
-		- bilder.akamai *
-		- (www.) ¹
-		- intentium ²
-		- kommunikation ²
-		- rtl-living ³
-		- rtl-crime ³
-		- spiele.rtl.de ¹
-		- gzsz.rtl.de ¹
-
-	* Works, akamai
-	¹ mixed content blocking (requires active content from bilder.akamai)
-	² bad cert domain
-	³ refused
-
-	Fully covered subdomains:
-
-		- autoimg
-		- bilder
-		- rtl-videoclip-player
-
--->
-<ruleset name="RTL.de (partial)" >
-
-	<target host="autoimg.rtl.de" />
-	<target host="bilder.rtl.de" />
-	<target host="rtl-videoclip-player.rtl.de" />
-
-	<rule from="^http:"
-		to="https:" />
-	
-</ruleset>
diff --git a/src/chrome/content/rules/RTP.vc.xml b/src/chrome/content/rules/RTP.vc.xml
index 59acf3805612..fe131b0b06ee 100644
--- a/src/chrome/content/rules/RTP.vc.xml
+++ b/src/chrome/content/rules/RTP.vc.xml
@@ -6,7 +6,7 @@
 <ruleset name="RTP.vc">
 
 	<target host="rtp.vc" />
-	<target host="*.rtp.vc" />
+	<target host="www.rtp.vc" />
 
 
 	<securecookie host="^\.rtp\.vc$" name=".+" />
diff --git a/src/chrome/content/rules/RT_Tire.xml b/src/chrome/content/rules/RT_Tire.xml
index f6619a3e4751..4a21c6607bdd 100644
--- a/src/chrome/content/rules/RT_Tire.xml
+++ b/src/chrome/content/rules/RT_Tire.xml
@@ -5,7 +5,7 @@ Fetch error: http://rttire.com/ => https://rttire.com/: (51, "SSL: no alternativ
 Fetch error: http://www.rttire.com/ => https://www.rttire.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.rttire.com'")
 
 -->
-<ruleset name="RT Tire" default_off='failed ruleset test'>
+<ruleset name="RT Tire" default_off="failed ruleset test">
 
 	<target host="rttire.com" />
 	<target host="www.rttire.com" />
@@ -13,4 +13,4 @@ Fetch error: http://www.rttire.com/ => https://www.rttire.com/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RU-Golos.xml b/src/chrome/content/rules/RU-Golos.xml
index 28492db510bf..5892ea98da73 100644
--- a/src/chrome/content/rules/RU-Golos.xml
+++ b/src/chrome/content/rules/RU-Golos.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://(?:www\.)?ru-golos\.ru/"
 		to="https://ru-golos.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RUDI.net.xml b/src/chrome/content/rules/RUDI.net.xml
index 8c5415c5fcc5..6db8a360446b 100644
--- a/src/chrome/content/rules/RUDI.net.xml
+++ b/src/chrome/content/rules/RUDI.net.xml
@@ -15,7 +15,7 @@
 <ruleset name="RUDI.net">
 
 	<target host="rudi.net" />
-	<target host="*.rudi.net" />
+	<target host="www.rudi.net" />
 
 
 	<securecookie host="^\.rudi\.net$" name=".+" />
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?rudi\.net/"
 		to="https://www.rudi.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RYOT.xml b/src/chrome/content/rules/RYOT.xml
index 04fafa05fc58..4ae7eafd9a07 100644
--- a/src/chrome/content/rules/RYOT.xml
+++ b/src/chrome/content/rules/RYOT.xml
@@ -12,7 +12,7 @@
 	* See https://whatsmychaincert.com
 
 -->
-<ruleset name="RYOT (partial)" default_off="missing certificate chain">
+<ruleset name="RYOT (partial)" default_off="cert-chain">
 
 	<target host="ryot.org" />
 	<target host="www.ryot.org" />
diff --git a/src/chrome/content/rules/RaKdigital.xml b/src/chrome/content/rules/RaKdigital.xml
index 90e86b06f453..918b1077ae22 100644
--- a/src/chrome/content/rules/RaKdigital.xml
+++ b/src/chrome/content/rules/RaKdigital.xml
@@ -7,13 +7,13 @@
 -->
 <ruleset name="raKditigal (partial)">
 
-	<target host="*.rakdigital.co.uk" />
+	<target host="clients.rakdigital.co.uk" />
+	<target host="managewp.rakdigital.co.uk" />
 
 
 	<securecookie host="^(?:(?:www\.)?clients|managewp)\.rakdigital\.co\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?clients|managewp)\.rakdigital\.co\.uk/"
-		to="https://$1.rakdigital.co.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Raam.org.xml b/src/chrome/content/rules/Raam.org.xml
index 58e4b56d1256..69eb2494faeb 100644
--- a/src/chrome/content/rules/Raam.org.xml
+++ b/src/chrome/content/rules/Raam.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.raam.org/ => https://raam.org/: (60, 'SSL certificate pr
 	www.raam.org: Mismatched
 
 -->
-<ruleset name="Raam.org" default_off='failed ruleset test'>
+<ruleset name="Raam.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RaceForward.org.xml b/src/chrome/content/rules/RaceForward.org.xml
new file mode 100644
index 000000000000..8d23405768d4
--- /dev/null
+++ b/src/chrome/content/rules/RaceForward.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		- arc.raceforward.org
+		- clockingin-dev.raceforward.org
+		- documentation.raceforward.org
+		- lin1.raceforward.org
+		- piwik.raceforward.org
+		- redirect.raceforward.org
+		- vendors.raceforward.org
+-->
+
+<ruleset name="RaceForward.org">
+	<target host="raceforward.org" />
+	<target host="www.raceforward.org" />
+	<target host="assets.raceforward.org" />
+	<target host="clockingin.raceforward.org" />
+	<target host="do1.raceforward.org" />
+	<target host="facingrace.raceforward.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Race_Forward.org.xml b/src/chrome/content/rules/Race_Forward.org.xml
deleted file mode 100644
index 05d8a2ef10c3..000000000000
--- a/src/chrome/content/rules/Race_Forward.org.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://piwik.raceforward.org/ => https://piwik.raceforward.org/: (60, 'SSL certificate problem: certificate has expired')
-
-	^raceforward.org: expired 2010-09-02, mismatched, CN: *.acquia-sites.com, self-signed
-
-
-	Mixed content:
-
-		- Bug on www from piwik.raceforward.org *
-
-	* Secured by us
-
--->
-<ruleset name="Race Forward.org" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="piwik.raceforward.org" />
-	<target host="www.raceforward.org" />
-
-	<!--	Complications:
-				-->
-	<target host="raceforward.org" />
-
-
-	<rule from="^http://raceforward\.org/"
-		to="https://www.raceforward.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rack911.xml b/src/chrome/content/rules/Rack911.xml
index 609ec0e44ded..907a97c2570e 100644
--- a/src/chrome/content/rules/Rack911.xml
+++ b/src/chrome/content/rules/Rack911.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Racketboy.com.xml b/src/chrome/content/rules/Racketboy.com.xml
new file mode 100644
index 000000000000..9f235d49cceb
--- /dev/null
+++ b/src/chrome/content/rules/Racketboy.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- ftp
+		- server
+
+	TLS protocol error:
+		- ns2
+-->
+<ruleset name="Racketboy.com">
+	<target host="racketboy.com" />
+	<target host="www.racketboy.com" />
+	<target host="cpanel.racketboy.com" />
+	<target host="mail.racketboy.com" />
+	<target host="webdisk.racketboy.com" />
+	<target host="webmail.racketboy.com" />
+	<target host="whm.racketboy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rackspace.co.uk.xml b/src/chrome/content/rules/Rackspace.co.uk.xml
index 8ecf1cbb5c07..c8e8351237d2 100644
--- a/src/chrome/content/rules/Rackspace.co.uk.xml
+++ b/src/chrome/content/rules/Rackspace.co.uk.xml
@@ -40,7 +40,7 @@ Fetch error: http://buyonline.rackspace.co.uk/ => https://buyonline.rackspace.co
 	* Secured by us
 
 -->
-<ruleset name="Rackspace.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Rackspace.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rackspace.co.za.xml b/src/chrome/content/rules/Rackspace.co.za.xml
index 0884040c49bb..6b51c731cc3d 100644
--- a/src/chrome/content/rules/Rackspace.co.za.xml
+++ b/src/chrome/content/rules/Rackspace.co.za.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.rackspace.co.za/ => https://www.rackspace.co.za/: (60, '
 	For other Rackspace coverage, see Rackspace.xml.
 
 -->
-<ruleset name="Rackspace.co.nz" default_off='failed ruleset test'>
+<ruleset name="Rackspace.co.nz" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rackspace.dk.xml b/src/chrome/content/rules/Rackspace.dk.xml
index 9bdeae08f7b3..b4abf73fa915 100644
--- a/src/chrome/content/rules/Rackspace.dk.xml
+++ b/src/chrome/content/rules/Rackspace.dk.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.rackspace.dk/ => https://www.rackspace.dk/: (60, 'SSL ce
 	For other Rackspace coverage, see Rackspace.xml.
 
 -->
-<ruleset name="Rackspace.dk" default_off='failed ruleset test'>
+<ruleset name="Rackspace.dk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rackspace.hk.xml b/src/chrome/content/rules/Rackspace.hk.xml
index ce065efd8405..2f0c9a32d776 100644
--- a/src/chrome/content/rules/Rackspace.hk.xml
+++ b/src/chrome/content/rules/Rackspace.hk.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.rackspace.hk/ => https://www.rackspace.hk/: (51, "SSL: n
 	For other Rackspace coverage, see Rackspace.xml.
 
 -->
-<ruleset name="Rackspace.hk" default_off='failed ruleset test'>
+<ruleset name="Rackspace.hk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rackspace.xml b/src/chrome/content/rules/Rackspace.xml
index 2c59589c8585..8a6fb1b611b0 100644
--- a/src/chrome/content/rules/Rackspace.xml
+++ b/src/chrome/content/rules/Rackspace.xml
@@ -12,7 +12,6 @@ Fetch error: http://stories.rackspace.com/ => https://stories.rackspace.com/: (5
 
 	Other Rackspace rulesets:
 
-		- Mailgun.com.xml
 		- Mailgun.net.xml
 		- Mosso.com.xml
 		- RackCDN.com.xml
@@ -93,7 +92,7 @@ Fetch error: http://stories.rackspace.com/ => https://stories.rackspace.com/: (5
 	* Secured by us
 
 -->
-<ruleset name="Rackspace.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Rackspace.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Radare.org.xml b/src/chrome/content/rules/Radare.org.xml
new file mode 100644
index 000000000000..7ae5fbc321cd
--- /dev/null
+++ b/src/chrome/content/rules/Radare.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection refused:
+		- cloud.radare.org
+
+	Wrong server:
+		- cydia.radare.org
+-->
+
+<ruleset name="Radare.org">
+	<target host="radare.org" />
+	<target host="www.radare.org" />
+
+	<securecookie host="^(www)\.radare\.org$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radboud-University-Nijmegen.xml b/src/chrome/content/rules/Radboud-University-Nijmegen.xml
index 8cd33190bc02..de86948d19c5 100644
--- a/src/chrome/content/rules/Radboud-University-Nijmegen.xml
+++ b/src/chrome/content/rules/Radboud-University-Nijmegen.xml
@@ -11,11 +11,33 @@ Fetch error: http://ru.nl/ => https://www.ru.nl/: Cycle detected - URL already e
 		- www2.cmbi.ru.nl	(cert: www.cmbi.ru.nl; redirects to http)
 
 -->
-<ruleset name="Radboud University Nijmegen" default_off='failed ruleset test'>
+<ruleset name="Radboud University Nijmegen" default_off="failed ruleset test">
 
-	<target host="*.radboudnet.nl" />
+	<target host="www.radboudnet.nl" />
+	<target host="www-acc.radboudnet.nl" />
 	<target host="ru.nl" />
-	<target host="*.ru.nl" />
+	<target host="www.ru.nl" />
+	<target host="ldap2.cmbi.ru.nl" />
+	<target host="mr.cmbi.ru.nl" />
+	<target host="nmr.cmbi.ru.nl" />
+	<target host="mrms.cmbi.ru.nl" />
+	<target host="svn.cmbi.ru.nl" />
+	<target host="webmail.cmbi.ru.nl" />
+	<target host="www.cmbi.ru.nl" />
+	<target host="cms.ru.nl" />
+	<target host="cms-acc.ru.nl" />
+	<target host="bangalore.hosting.ru.nl" />
+	<target host="bombay.hosting.ru.nl" />
+	<target host="delhi.hosting.ru.nl" />
+	<target host="hubli.hosting.ru.nl" />
+	<target host="jaipur.hosting.ru.nl" />
+	<target host="kota.hosting.ru.nl" />
+	<target host="mangalore.hosting.ru.nl" />
+	<target host="portalhelp.hosting.ru.nl" />
+	<target host="pune.hosting.ru.nl" />
+	<target host="idm.ru.nl" />
+	<target host="student.ru.nl" />
+	<target host="www-acc.ru.nl" />
 	<!--	* for cross-domain cookie.	-->
 
 
@@ -23,15 +45,12 @@ Fetch error: http://ru.nl/ => https://www.ru.nl/: Cycle detected - URL already e
 	<securecookie host="^.*\.ru\.nl$" name=".+" />
 
 
-	<rule from="^http://www(-acc)?\.radboudnet\.nl/"
-		to="https://www$1.radboudnet.nl/" />
 
 	<!--	Cert doesn't match //ru.nl.
 						-->
 	<rule from="^http://(?:www\.)?ru\.nl/"
 		to="https://www.ru.nl/" />
 
-	<rule from="^http://((?:ldap2|n?mr|mrms|svn|webmail|www)\.cmbi|cms|cms-acc|(?:bangalore|bombay|delhi|hubli|jaipur|kota|mangalore|portalhelp|pune)\.hosting|idm|student|www-acc)\.ru\.nl/"
-		to="https://$1.ru.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Raddle.me.xml b/src/chrome/content/rules/Raddle.me.xml
index e7f74bf7f523..ef5bd387ffe8 100644
--- a/src/chrome/content/rules/Raddle.me.xml
+++ b/src/chrome/content/rules/Raddle.me.xml
@@ -1,6 +1,4 @@
 <ruleset name="Raddle.me">
-	<target host="raddle.me" />
-	<target host="www.raddle.me" />
 
 	<target host="raddit.me" />
 	<target host="www.raddit.me" />
diff --git a/src/chrome/content/rules/Radentscheid-frankfurt.de.xml b/src/chrome/content/rules/Radentscheid-frankfurt.de.xml
new file mode 100644
index 000000000000..8cb7cc10f080
--- /dev/null
+++ b/src/chrome/content/rules/Radentscheid-frankfurt.de.xml
@@ -0,0 +1,14 @@
+<ruleset name="Radentscheid-frankfurt.de">
+	<target host="radentscheid-frankfurt.de" />
+	<target host="www.radentscheid-frankfurt.de" />
+	<target host="dev.radentscheid-frankfurt.de" />
+	<target host="www.dev.radentscheid-frankfurt.de" />
+	<target host="ghostbike.radentscheid-frankfurt.de" />
+	<target host="www.ghostbike.radentscheid-frankfurt.de" />
+	<target host="statistic.radentscheid-frankfurt.de" />
+	<target host="www.statistic.radentscheid-frankfurt.de" />
+	<target host="stats.radentscheid-frankfurt.de" />
+	<target host="www.stats.radentscheid-frankfurt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Radical_Designs.xml b/src/chrome/content/rules/Radical_Designs.xml
deleted file mode 100644
index 802eced92d1a..000000000000
--- a/src/chrome/content/rules/Radical_Designs.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)radicaldesigns.org	(prints "This site is currently not available"; mismatched, CN: *.rdsecure.org)
-
--->
-<ruleset name="Radical Designs">
-
-	<target host="rdsecure.org" />
-	<target host="*.rdsecure.org" />
-
-
-	<securecookie host="^.+\.rdsecure\.org$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?rdsecure\.org/"
-		to="https://$1rdsecure.org/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Radikal.com.tr.xml b/src/chrome/content/rules/Radikal.com.tr.xml
deleted file mode 100644
index b625b7519283..000000000000
--- a/src/chrome/content/rules/Radikal.com.tr.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	(www.): refused
-
-
-	Problematic subdomains:
-
-		- i2 *
-
-	* Mismatched, CN: i.radikal.com.tr
-
--->
-<ruleset name="Radikal.com.tr (partial)">
-
-	<target host="*.radikal.com.tr" />
-
-
-	<rule from="^http://i2?\.radikal\.com\.tr/"
-		to="https://i.radikal.com.tr/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RadioLab.org.xml b/src/chrome/content/rules/RadioLab.org.xml
deleted file mode 100644
index d46f43c50d99..000000000000
--- a/src/chrome/content/rules/RadioLab.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="RadioLab.org" platform="mixedcontent">
-	<target host="radiolab.org" />
-	<target host="www.radiolab.org" />
-	<target host="api.radiolab.org" />
-	<target host="beta.radiolab.org" />
-	<target host="dewey.radiolab.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/RadioShack.xml b/src/chrome/content/rules/RadioShack.xml
index 5623b6f350e2..65317dce5f29 100644
--- a/src/chrome/content/rules/RadioShack.xml
+++ b/src/chrome/content/rules/RadioShack.xml
@@ -30,13 +30,14 @@ Fetch error: http://www.radioshackwireless.com/ => https://radioshackwireless.co
 		- www.radioshackcorporation.com	(self-signed; shows blank page)
 
 -->
-<ruleset name="RadioShack (partial)" default_off='failed ruleset test'>
+<ruleset name="RadioShack (partial)" default_off="failed ruleset test">
 
 	<target host="franchiseradioshack.cloudapp.net" />
 	<target host="franchiseradioshack.com" />
 	<target host="www.franchiseradioshack.com" />
 	<target host="radioshack.com" />
-	<target host="*.radioshack.com" />
+	<target host="www.radioshack.com" />
+	<target host="blog.radioshack.com" />
 		<exclusion pattern="^http://www\.radioshack\.com/(?:$|category/|family/|home/|shop/)" />
 	<target host="radioshackwireless.com" />
 	<target host="www.radioshackwireless.com" />
@@ -84,18 +85,17 @@ Fetch error: http://www.radioshackwireless.com/ => https://radioshackwireless.co
 
 
 		Cert only matches www.
-					
+
 	<rule from="^http://(?:www\.)?radioshack\.com/($|(?:affiliate|checkout|cms_widgets|coreg|corp|emailAProduct|graphics|helpdesk|images|include|min-cat|product|search|sitemap|storeLocator3|uc)(?:$|/|\?))"
 		to="https://www.radioshack.com/$1" /-->
 
 	<rule from="^http://(?:www\.)?radioshack\.com/"
 		to="https://www.radioshack.com/" />
 
-	<rule from="^http://blog\.radioshack\.com/"
-		to="https://blog.radioshack.com/" />
 
 	<!--	Cert doesn't match www.	-->
 	<rule from="^http://(?:www\.)?radioshackwireless\.com/"
 		to="https://radioshackwireless.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Radio_Woodstock.com.xml b/src/chrome/content/rules/Radio_Woodstock.com.xml
deleted file mode 100644
index c405b99e0459..000000000000
--- a/src/chrome/content/rules/Radio_Woodstock.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-
-	* 522
-
--->
-<ruleset name="Radio Woodstock.com (partial)">
-
-	<target host="*.radiowoodstock.com" />
-
-
-	<securecookie host="^\.?ssl\.radiowoodstock\.com$" name=".+" />
-
-
-	<rule from="^http://ssl\.radiowoodstock\.com/"
-		to="https://ssl.radiowoodstock.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Radiological_Society_of_North_America.xml b/src/chrome/content/rules/Radiological_Society_of_North_America.xml
index 0b89e5e9b84d..2922c083c5fb 100644
--- a/src/chrome/content/rules/Radiological_Society_of_North_America.xml
+++ b/src/chrome/content/rules/Radiological_Society_of_North_America.xml
@@ -9,13 +9,14 @@
 <ruleset name="Radiological Society of North America (partial)">
 
 	<target host="rsna.org" />
-	<target host="*.rsna.org" />
+	<target host="careers.rsna.org" />
+	<target host="www.rsna.org" />
+	<target host="www2.rsna.org" />
 
 
 	<securecookie host="^(?:careers\.|www\.)?rsna\.org$" name=".+" />
 
 
-	<rule from="^http://(careers\.|www2?\.)?rsna\.org/"
-		to="https://$1rsna.org/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Radioreference.com.xml b/src/chrome/content/rules/Radioreference.com.xml
new file mode 100644
index 000000000000..caea01993746
--- /dev/null
+++ b/src/chrome/content/rules/Radioreference.com.xml
@@ -0,0 +1,14 @@
+<ruleset name="Radioreference.com">
+	<!-- root domain times out on HTTP and HTTPS, so we are leaving it out -->
+	<target host="www.radioreference.com" />
+	<target host="api.radioreference.com" />
+	<target host="forums.radioreference.com" />
+	<target host="m.radioreference.com" />
+	<target host="register.radioreference.com" />
+	<target host="u.radioreference.com" />
+	<target host="wiki.radioreference.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RadiumOne.xml b/src/chrome/content/rules/RadiumOne.xml
index d1b158d520da..c3d49b0be7ec 100644
--- a/src/chrome/content/rules/RadiumOne.xml
+++ b/src/chrome/content/rules/RadiumOne.xml
@@ -1,35 +1,149 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://analytics.radiumone.com/ => https://analytics.radiumone.com/: (7, 'Failed to connect to analytics.radiumone.com port 443: No route to host')
+Fetch error: http://support.radiumone.com/ => https://support.radiumone.com/: (6, 'Could not resolve host: support.radiumone.com')
+Fetch error: http://mc.gwallet.com/ => https://mc.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://optout.gwallet.com/ => https://optout.gwallet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'optout.gwallet.com'")
+Fetch error: http://panel.gwallet.com/ => https://panel.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rp.gwallet.com/ => https://rp.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ru.gwallet.com/ => https://ru.gwallet.com/: (7, 'Failed to connect to ru.gwallet.com port 443: No route to host')
+Fetch error: http://rp2.gwallet.com/ => https://rp2.gwallet.com/: (7, 'Failed to connect to rp2.gwallet.com port 443: No route to host')
+Fetch error: http://rstatic.gwallet.com/ => https://rstatic.gwallet.com/: (7, 'Failed to connect to rstatic.gwallet.com port 443: No route to host')
+Fetch error: http://sdk-log.gwallet.com/ => https://sdk-log.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rui.gwallet.com/ => https://rui.gwallet.com/: (7, 'Failed to connect to rui.gwallet.com port 443: No route to host')
+Fetch error: http://static.gwallet.com/ => https://static.gwallet.com/: (7, 'Failed to connect to static.gwallet.com port 443: No route to host')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://radiumone.com/ => https://radiumone.com/: (7, 'Failed to connect to radiumone.com port 443: Connection refused')
+Fetch error: http://www.radiumone.com/ => https://www.radiumone.com/: (7, 'Failed to connect to www.radiumone.com port 443: Connection refused')
+Fetch error: http://api.radiumone.com/ => https://api.radiumone.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://console.radiumone.com/ => https://console.radiumone.com/: (6, 'Could not resolve host: console.radiumone.com')
+Fetch error: http://dmp.radiumone.com/ => https://dmp.radiumone.com/: (6, 'Could not resolve host: dmp.radiumone.com')
+Fetch error: http://gwallet.com/ => https://gwallet.com/: (7, 'Failed to connect to gwallet.com port 443: Connection refused')
+Fetch error: http://www.gwallet.com/ => https://www.gwallet.com/: (7, 'Failed to connect to www.gwallet.com port 443: Connection refused')
+Fetch error: http://2frtb-us-east.gwallet.com/ => https://2frtb-us-east.gwallet.com/: (7, 'Failed to connect to 2frtb-us-east.gwallet.com port 443: Connection refused')
+Fetch error: http://demo.gwallet.com/ => https://demo.gwallet.com/: (7, 'Failed to connect to demo.gwallet.com port 443: Connection refused')
+Fetch error: http://frs.gwallet.com/ => https://frs.gwallet.com/: (7, 'Failed to connect to frs.gwallet.com port 443: Connection refused')
+Fetch error: http://mate.gwallet.com/ => https://mate.gwallet.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://ip.gwallet.com/ => https://ip.gwallet.com/: (7, 'Failed to connect to ip.gwallet.com port 443: Connection refused')
+Fetch error: http://ha.gwallet.com/ => https://ha.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://mx.gwallet.com/ => https://mx.gwallet.com/: (7, 'Failed to connect to mx.gwallet.com port 443: Connection refused')
+Fetch error: http://mgt2wh.gwallet.com/ => https://mgt2wh.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://mgt1wh.gwallet.com/ => https://mgt1wh.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ns4.gwallet.com/ => https://ns4.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://post-cm.gwallet.com/ => https://post-cm.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://observium.gwallet.com/ => https://observium.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://p.gwallet.com/ => https://p.gwallet.com/: (7, 'Failed to connect to p.gwallet.com port 443: Connection refused')
+Fetch error: http://pr.gwallet.com/ => https://pr.gwallet.com/: (7, 'Failed to connect to pr.gwallet.com port 443: Connection refused')
+Fetch error: http://report-rs.gwallet.com/ => https://report-rs.gwallet.com/: (7, 'Failed to connect to report-rs.gwallet.com port 443: Connection refused')
+Fetch error: http://rtb-us-east.gwallet.com/ => https://rtb-us-east.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://rtb-eu.gwallet.com/ => https://rtb-eu.gwallet.com/: (7, 'Failed to connect to rtb-eu.gwallet.com port 443: Connection refused')
+Fetch error: http://rtb-apac.gwallet.com/ => https://rtb-apac.gwallet.com/: (7, 'Failed to connect to rtb-apac.gwallet.com port 443: Connection refused')
+Fetch error: http://staging.gwallet.com/ => https://staging.gwallet.com/: (7, 'Failed to connect to staging.gwallet.com port 443: Connection refused')
+Fetch error: http://test1.gwallet.com/ => https://test1.gwallet.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ssltest.gwallet.com/ => https://ssltest.gwallet.com/: (7, 'Failed to connect to ssltest.gwallet.com port 443: Connection refused')
+Fetch error: http://temp.gwallet.com/ => https://temp.gwallet.com/: (7, 'Failed to connect to temp.gwallet.com port 443: Connection refused')
+Fetch error: http://webhost01.gwallet.com/ => https://webhost01.gwallet.com/: (7, 'Failed to connect to webhost01.gwallet.com port 443: Connection refused')
+Fetch error: http://zabbix.gwallet.com/ => https://zabbix.gwallet.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Other RadiumOne rulesets:
 
-		- Po.st.xml
 
 
 	Nonfunctional domains:
 
 		- www.radiumone.com	(expired, self-signed; shows default Media Temple page)
 
+	Connection refused:
+		- repo.gwallet.com
 
-	Insecure cookies are set for these domains and hosts:
+	TLS error:
+		- ad.gwallet.com
+		- cal.gwallet.com
+		- docs.gwallet.com
+		- groups.gwallet.com
+		- log.gwallet.com
+		- mail.gwallet.com
+		- sites.gwallet.com
+		- video.gwallet.com
 
-		- .gwallet.com
-		- rs.gwallet.com
+	Cert mismatch:
+		- control.radiumone.com
+		- go.radiumone.com
+		- optout.radiumone.com
 
+		- www.cnn.corp.gwallet.com
+		- img1.gwallet.com
+		- img2.gwallet.com
+		- img3.gwallet.com
+		- globalgw.gwallet.com
+		- post.gwallet.com
+		- racdn.gwallet.com
+		- rcdna.gwallet.com
+		- pypi.dev.dw.sc.gwallet.com
+		- git.dev.dw.sc.gwallet.com
+		- lucy.dw.sc.gwallet.com
+		- tableau01.staging.dw.sc.gwallet.com
+		- webhost-01.gwallet.com
 -->
 <ruleset name="RadiumOne (partial)">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="rs.gwallet.com" />
-	<target host="rui.gwallet.com" />
+	<!-- target host="radiumone.com" /-->
+	<!-- target host="www.radiumone.com" /-->
 
+	<!-- target host="analytics.radiumone.com" /-->
+	<!-- target host="api.radiumone.com" /-->
+	<!-- target host="console.radiumone.com" /-->
+	<!-- target host="dmp.radiumone.com" /-->
+	<target host="sso.radiumone.com" />
+	<!-- target host="support.radiumone.com" /-->
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.gwallet\.com$" name="^(?:ra1_sgm_\d+|ra1_sid|ra1_uid)$" /-->
-	<!--securecookie host="^rs\.gwallet\.com$" name="^RA1balancer$" /-->
+	<!-- target host="gwallet.com" /-->
+	<!-- target host="www.gwallet.com" /-->
 
-	<securecookie host=".+" name=".+" />
+	<!-- target host="2frtb-us-east.gwallet.com" /-->
+	<!-- target host="demo.gwallet.com" /-->
+	<!-- target host="frs.gwallet.com" /-->
+	<!-- target host="mate.gwallet.com" /-->
+	<!-- target host="ip.gwallet.com" /-->
+	<!-- target host="ha.gwallet.com" /-->
+	<!-- target host="mc.gwallet.com" /-->
+	<!-- target host="mx.gwallet.com" /-->
+	<!-- target host="mgt2wh.gwallet.com" /-->
+	<!-- target host="mgt1wh.gwallet.com" /-->
+	<!-- target host="ns4.gwallet.com" /-->
+	<!-- target host="post-cm.gwallet.com" /-->
+	<!-- target host="observium.gwallet.com" /-->
+	<!-- target host="optout.gwallet.com" /-->
+	<!-- target host="panel.gwallet.com" /-->
+	<!-- target host="p.gwallet.com" /-->
+	<!-- target host="pr.gwallet.com" /-->
+	<!-- target host="rp.gwallet.com" /-->
+	<!-- target host="report-rs.gwallet.com" /-->
+	<!-- target host="ru.gwallet.com" /-->
+	<!-- target host="rp2.gwallet.com" /-->
+	<target host="rs.gwallet.com" />
+	<!-- target host="rstatic.gwallet.com" /-->
+	<!-- target host="rtb-us-east.gwallet.com" /-->
+	<!-- target host="rtb-eu.gwallet.com" /-->
+	<!-- target host="rtb-apac.gwallet.com" /-->
+	<!-- target host="sdk-log.gwallet.com" /-->
+	<!-- target host="rui.gwallet.com" /-->
+	<!-- target host="staging.gwallet.com" /-->
+	<!-- target host="test1.gwallet.com" /-->
+	<!-- target host="static.gwallet.com" /-->
+	<!-- target host="ssltest.gwallet.com" /-->
+	<!-- target host="temp.gwallet.com" /-->
+	<!-- target host="webhost01.gwallet.com" /-->
+	<!-- target host="zabbix.gwallet.com" /-->
 
+	<securecookie host=".+" name=".+" />
 
 	<!--	- rs: Included on 3rd-party websites
 		- rui: client login/administration
diff --git a/src/chrome/content/rules/RadixDance.com.xml b/src/chrome/content/rules/RadixDance.com.xml
new file mode 100644
index 000000000000..55728f844064
--- /dev/null
+++ b/src/chrome/content/rules/RadixDance.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- radixdance.com, equivalent to www.radixdance.com
+-->
+
+<ruleset name="RadixDance.com">
+	<target host="radixdance.com" />
+	<target host="www.radixdance.com" />
+	<target host="stats.radixdance.com" />
+
+	<rule from="^http://radixdance\.com/"
+		to="https://www.radixdance.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raiffeisen.ch.xml b/src/chrome/content/rules/Raiffeisen.ch.xml
index c0f2adf7cd95..ddf3b3864c73 100644
--- a/src/chrome/content/rules/Raiffeisen.ch.xml
+++ b/src/chrome/content/rules/Raiffeisen.ch.xml
@@ -17,8 +17,6 @@
 	<target host="ebanking.raiffeisen.ch" />
 	<target host="ebankingdemo.raiffeisen.ch" />
 	<target host="isotestbank.raiffeisen.ch" />
-	<target host="login.raiffeisen.ch" />
-	<target host="member.raiffeisen.ch" />
 	<target host="memberplus.raiffeisen.ch" />
 	<target host="microsites.raiffeisen.ch" />
 		<test url="http://microsites.raiffeisen.ch/energiesparen/" />
diff --git a/src/chrome/content/rules/Raiffeisen.ru.xml b/src/chrome/content/rules/Raiffeisen.ru.xml
index 39813ec3ebce..c6c7f8a763bf 100644
--- a/src/chrome/content/rules/Raiffeisen.ru.xml
+++ b/src/chrome/content/rules/Raiffeisen.ru.xml
@@ -118,7 +118,7 @@ ielba.raiffeisen.ru different content
 ⁶ redirect
 ⁷ protocol error
 -->
-<ruleset name="raiffeisen.ru" default_off='failed ruleset test'>
+<ruleset name="raiffeisen.ru" default_off="failed ruleset test">
 	<target host="www.raiffeisen.ru" />
 	<target host="acs.raiffeisen.ru" />
 	<target host="chat.raiffeisen.ru" />
diff --git a/src/chrome/content/rules/Railsbox.io.xml b/src/chrome/content/rules/Railsbox.io.xml
deleted file mode 100644
index 8242fc3f4afa..000000000000
--- a/src/chrome/content/rules/Railsbox.io.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="railsbox.io">
-
-	<target host="railsbox.io" />
-	<target host="www.railsbox.io" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rally_Congress.xml b/src/chrome/content/rules/Rally_Congress.xml
index e1903ec85ede..5da180e08f76 100644
--- a/src/chrome/content/rules/Rally_Congress.xml
+++ b/src/chrome/content/rules/Rally_Congress.xml
@@ -8,11 +8,11 @@ Fetch error: http://secure.rallycongress.com/ => https://secure.rallycongress.co
 		- (www.)	(shows secure; mismatched, CN: secure.rallycongress.com)
 
 -->
-<ruleset name="Rally Congress (partial)" default_off='failed ruleset test'>
+<ruleset name="Rally Congress (partial)" default_off="failed ruleset test">
 
 	<target host="secure.rallycongress.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rally_Dev.com.xml b/src/chrome/content/rules/Rally_Dev.com.xml
index 6491236861ca..8d57f28a0829 100644
--- a/src/chrome/content/rules/Rally_Dev.com.xml
+++ b/src/chrome/content/rules/Rally_Dev.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://community.rallydev.com/ => https://community.rallydev.com/:
 		- us1.rallydev.com
 
 -->
-<ruleset name="Rally Dev.com" default_off='failed ruleset test'>
+<ruleset name="Rally Dev.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RamNode.com.xml b/src/chrome/content/rules/RamNode.com.xml
index 0dda32d7fabf..4f7e9f663e6e 100644
--- a/src/chrome/content/rules/RamNode.com.xml
+++ b/src/chrome/content/rules/RamNode.com.xml
@@ -30,7 +30,9 @@
 <ruleset name="RamNode.com (partial)">
 
 	<target host="ramnode.com" />
-	<target host="*.ramnode.com" />
+	<target host="clientarea.ramnode.com" />
+	<target host="vpscp.ramnode.com" />
+	<target host="www.ramnode.com" />
 
 
 	<!--	Not secured by server:
@@ -41,7 +43,6 @@
 	<securecookie host="^(?:(?:clientarea|vpscp)?\.)?ramnode\.com$" name=".+" />
 
 
-	<rule from="^http://((?:clientarea|vpscp|www)\.)?ramnode\.com/"
-		to="https://$1ramnode.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RamanujanMachine.com.xml b/src/chrome/content/rules/RamanujanMachine.com.xml
new file mode 100644
index 000000000000..f6eedc58ac12
--- /dev/null
+++ b/src/chrome/content/rules/RamanujanMachine.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="RamanujanMachine.com">
+	<target host="ramanujanmachine.com" />
+	<target host="www.ramanujanmachine.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rambler.ru.xml b/src/chrome/content/rules/Rambler.ru.xml
index faae6122c800..04dbb576c018 100644
--- a/src/chrome/content/rules/Rambler.ru.xml
+++ b/src/chrome/content/rules/Rambler.ru.xml
@@ -1,74 +1,35 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cntcerber.rambler.ru/counter.js => https://cntcerber.rambler.ru/counter.js: (7, 'Failed to connect to cntcerber.rambler.ru port 443: Connection refused')
-Fetch error: http://cntcerber.rambler.ru/ => https://cntcerber.rambler.ru/: (7, 'Failed to connect to cntcerber.rambler.ru port 443: Connection refused')
-Fetch error: http://arhangelsk-realty.rambler.ru/ => https://arhangelsk-realty.rambler.ru/: (6, 'Could not resolve host: arhangelsk-realty.rambler.ru')
-Fetch error: http://astrahan-realty.rambler.ru/ => https://astrahan-realty.rambler.ru/: (6, 'Could not resolve host: astrahan-realty.rambler.ru')
-Fetch error: http://cheboksary-realty.rambler.ru/ => https://cheboksary-realty.rambler.ru/: (6, 'Could not resolve host: cheboksary-realty.rambler.ru')
-Fetch error: http://groznyy-realty.rambler.ru/ => https://groznyy-realty.rambler.ru/: (6, 'Could not resolve host: groznyy-realty.rambler.ru')
-Fetch error: http://ivanovo-realty.rambler.ru/ => https://ivanovo-realty.rambler.ru/: (6, 'Could not resolve host: ivanovo-realty.rambler.ru')
-Fetch error: http://izhevsk-realty.rambler.ru/ => https://izhevsk-realty.rambler.ru/: (6, 'Could not resolve host: izhevsk-realty.rambler.ru')
-Fetch error: http://krasnodar-realty.rambler.ru/ => https://krasnodar-realty.rambler.ru/: (6, 'Could not resolve host: krasnodar-realty.rambler.ru')
-Fetch error: http://magas-realty.rambler.ru/ => https://magas-realty.rambler.ru/: (6, 'Could not resolve host: magas-realty.rambler.ru')
-Fetch error: http://maykop-realty.rambler.ru/ => https://maykop-realty.rambler.ru/: (6, 'Could not resolve host: maykop-realty.rambler.ru')
-Fetch error: http://nalchik-realty.rambler.ru/ => https://nalchik-realty.rambler.ru/: (6, 'Could not resolve host: nalchik-realty.rambler.ru')
-Fetch error: http://naryan-mar-realty.rambler.ru/ => https://naryan-mar-realty.rambler.ru/: (6, 'Could not resolve host: naryan-mar-realty.rambler.ru')
-Fetch error: http://nn-realty.rambler.ru/ => https://nn-realty.rambler.ru/: (6, 'Could not resolve host: nn-realty.rambler.ru')
-Fetch error: http://orenburg-realty.rambler.ru/ => https://orenburg-realty.rambler.ru/: (6, 'Could not resolve host: orenburg-realty.rambler.ru')
-Fetch error: http://penza-realty.rambler.ru/ => https://penza-realty.rambler.ru/: (6, 'Could not resolve host: penza-realty.rambler.ru')
-Fetch error: http://petrozavodsk-realty.rambler.ru/ => https://petrozavodsk-realty.rambler.ru/: (6, 'Could not resolve host: petrozavodsk-realty.rambler.ru')
-Fetch error: http://rostov-na-donu-realty.rambler.ru/ => https://rostov-na-donu-realty.rambler.ru/: (6, 'Could not resolve host: rostov-na-donu-realty.rambler.ru')
-Fetch error: http://saransk-realty.rambler.ru/ => https://saransk-realty.rambler.ru/: (6, 'Could not resolve host: saransk-realty.rambler.ru')
-Fetch error: http://simferopol-realty.rambler.ru/ => https://simferopol-realty.rambler.ru/: (6, 'Could not resolve host: simferopol-realty.rambler.ru')
-Fetch error: http://spb-realty.rambler.ru/ => https://spb-realty.rambler.ru/: (6, 'Could not resolve host: spb-realty.rambler.ru')
-Fetch error: http://syktyvkar-realty.rambler.ru/ => https://syktyvkar-realty.rambler.ru/: (6, 'Could not resolve host: syktyvkar-realty.rambler.ru')
-Fetch error: http://tver-realty.rambler.ru/ => https://tver-realty.rambler.ru/: (6, 'Could not resolve host: tver-realty.rambler.ru')
-Fetch error: http://ulyanovsk-realty.rambler.ru/ => https://ulyanovsk-realty.rambler.ru/: (6, 'Could not resolve host: ulyanovsk-realty.rambler.ru')
-Fetch error: http://vladikavkaz-realty.rambler.ru/ => https://vladikavkaz-realty.rambler.ru/: (6, 'Could not resolve host: vladikavkaz-realty.rambler.ru')
-Fetch error: http://vladimir-realty.rambler.ru/ => https://vladimir-realty.rambler.ru/: (6, 'Could not resolve host: vladimir-realty.rambler.ru')
-Fetch error: http://yoshkar-ola-realty.rambler.ru/ => https://yoshkar-ola-realty.rambler.ru/: (6, 'Could not resolve host: yoshkar-ola-realty.rambler.ru')
+	Non-functional hosts
+		Couldn't connect to server:
+		- dn.rambler.ru
+
+		Timeout was reached:
+		- booking.rambler.ru
+
+		SSL connect error:
+		- moana.rambler.ru
 
-403 Forbidden:
-	cnt.rambler.ru
-	counter.rambler.ru
-	scounter.rambler.ru
-	tools.rambler.ru
+		SSL peer certificate was not OK:
+		- gamesclub.rambler.ru
+		- www.kassa.rambler.ru
+		- pgc.rambler.ru
+		- www.tv.rambler.ru
 
-Invalid certificate:
-	gamesclub.rambler.ru
-	kinobot.rambler.ru
-	moana.rambler.ru
-	nerve.rambler.ru
-	on.rambler.ru
-	paywall.rambler.ru
-	yourside.rambler.ru
+		4xx client error:
+		- c-champ.rambler.ru
+		- cnt.rambler.ru
+		- counter.rambler.ru
+		- api.news.rambler.ru
+		- tools.rambler.ru
 
-Refused connection:
-	atd.osm.rambler.ru
-	geocaching.osm.rambler.ru
-	glosm.osm.rambler.ru
-	navitel.osm.rambler.ru
-	overpass.osm.rambler.ru
-	shurik.osm.rambler.ru
-	vwo.osm.rambler.ru
-	zverik.osm.rambler.ru
+		Mixed content blocking (MCB) triggered:
+		- kinobot.rambler.ru
 -->
-<ruleset name="Rambler.ru" default_off='failed ruleset test'>
+<ruleset name="Rambler.ru">
 	<target host="rambler.ru" />
-	<target host="www.rambler.ru" />
 	<target host="audio.rambler.ru" />
-	<target host="booking.rambler.ru" />
 	<target host="brain.rambler.ru" />
 	<target host="c.rambler.ru" />
-	<target host="c-champ.rambler.ru" />
-	<!--<target host="cnt.rambler.ru" />
-	<test url="http://cnt.rambler.ru/top100.scn" /> -->
-	<target host="cntcerber.rambler.ru" />
-	<test url="http://cntcerber.rambler.ru/counter.js" />
-	<!--<target host="counter.rambler.ru" />
-	<test url="http://counter.rambler.ru/top100.cnt?286377" />
-	<test url="http://counter.rambler.ru/top100.scn" />-->
 	<target host="dating.rambler.ru" />
 	<target host="m.dating.rambler.ru" />
 	<target host="developers.rambler.ru" />
@@ -79,73 +40,35 @@ Refused connection:
 	<target host="horoscopes.rambler.ru" />
 	<target host="m.horoscopes.rambler.ru" />
 	<target host="id.rambler.ru" />
-	<target host="dn.rambler.ru" />
-	<test url="http://dn.rambler.ru/static/browser.css" />
-	<test url="http://dn.rambler.ru/static/js/notice.js" />
 	<target host="dyn.ig.rambler.ru" />
 	<target host="images.rambler.ru" />
 	<target host="kassa.rambler.ru" />
-	<target host="www.kassa.rambler.ru" />
 	<target host="m.kassa.rambler.ru" />
 	<target host="widget.kassa.rambler.ru" />
 	<target host="m.rambler.ru" />
 	<target host="mail.rambler.ru" />
 	<target host="mail-pda.rambler.ru" />
+	<target host="nerve.rambler.ru" />
 	<target host="news.rambler.ru" />
-	<target host="api.news.rambler.ru" />
 	<target host="nova.rambler.ru" />
 	<target host="org.rambler.ru" />
-	<target host="pgc.rambler.ru" />
-	<target host="realty.rambler.ru" />
-	<target host="arhangelsk-realty.rambler.ru" />
-	<target host="astrahan-realty.rambler.ru" />
-	<target host="cheboksary-realty.rambler.ru" />
-	<target host="groznyy-realty.rambler.ru" />
-	<target host="ivanovo-realty.rambler.ru" />
-	<target host="izhevsk-realty.rambler.ru" />
-	<target host="krasnodar-realty.rambler.ru" />
-	<target host="magas-realty.rambler.ru" />
-	<target host="maykop-realty.rambler.ru" />
-	<target host="nalchik-realty.rambler.ru" />
-	<target host="naryan-mar-realty.rambler.ru" />
-	<target host="nn-realty.rambler.ru" />
-	<target host="orenburg-realty.rambler.ru" />
-	<target host="penza-realty.rambler.ru" />
-	<target host="petrozavodsk-realty.rambler.ru" />
-	<target host="rostov-na-donu-realty.rambler.ru" />
-	<target host="saransk-realty.rambler.ru" />
-	<target host="simferopol-realty.rambler.ru" />
-	<target host="spb-realty.rambler.ru" />
-	<target host="syktyvkar-realty.rambler.ru" />
-	<target host="tver-realty.rambler.ru" />
-	<target host="ulyanovsk-realty.rambler.ru" />
-	<target host="vladikavkaz-realty.rambler.ru" />
-	<target host="vladimir-realty.rambler.ru" />
-	<target host="yoshkar-ola-realty.rambler.ru" />	
 	<target host="rcounter.rambler.ru" />
-	<test url="http://rcounter.rambler.ru/rcounter/rcounter.min.js" />
-	<test url="http://rcounter.rambler.ru/rcounter/rcounter.topline.min.js" />
-	<test url="http://rcounter.rambler.ru/rcounter/clickmap.min.js" />
+	<target host="realty.rambler.ru" />
 	<target host="reklama.rambler.ru" />
-	<!--<target host="scounter.rambler.ru" />
-	<test url="http://scounter.rambler.ru/top100.scn?4402382" /> -->
+	<target host="scounter.rambler.ru" />
 	<target host="soft.rambler.ru" />
 	<target host="sport.rambler.ru" />
 	<target host="sync.rambler.ru" />
-	<test url="http://sync.rambler.ru/set?partner_id=audtd/" />
-	<target host="topline.rambler.ru" />
-	<test url="http://topline.rambler.ru/new/latest/bundle.css" />
-	<test url="http://topline.rambler.ru/new/latest/bundle.js" />
 	<target host="top100.rambler.ru" />
+	<target host="topline.rambler.ru" />
 	<target host="travel.rambler.ru" />
 	<target host="tv.rambler.ru" />
-	<target host="www.tv.rambler.ru" />
 	<target host="update.rambler.ru" />
 	<target host="video.rambler.ru" />
 	<target host="weather.rambler.ru" />
 	<target host="weekend.rambler.ru" />
+	<target host="www.rambler.ru" />
+	<target host="yourside.rambler.ru" />
 
-	<rule from="^http://www\.kassa\.rambler\.ru/" to="https://kassa.rambler.ru/" />
-	<rule from="^http://www\.tv\.rambler\.ru/" to="https://tv.rambler.ru/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RanalloLawOffice.com.xml b/src/chrome/content/rules/RanalloLawOffice.com.xml
new file mode 100644
index 000000000000..99b104245539
--- /dev/null
+++ b/src/chrome/content/rules/RanalloLawOffice.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="RanalloLawOffice.com">
+
+	<target host="ranallolawoffice.com" />
+	<target host="www.ranallolawoffice.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Randaris-Anime.net.xml b/src/chrome/content/rules/Randaris-Anime.net.xml
new file mode 100644
index 000000000000..6046bcba9c78
--- /dev/null
+++ b/src/chrome/content/rules/Randaris-Anime.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Randaris-Anime.net">
+	<target host="randaris-anime.net" />
+	<target host="www.randaris-anime.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Randischumann.dk.xml b/src/chrome/content/rules/Randischumann.dk.xml
index 365cd3e57208..7b7fa280e743 100644
--- a/src/chrome/content/rules/Randischumann.dk.xml
+++ b/src/chrome/content/rules/Randischumann.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://psykologteam.dk/ => https://psykologteam.dk/: (6, 'Could not
 Fetch error: http://www.psykologteam.dk/ => https://www.psykologteam.dk/: (6, 'Could not resolve host: www.psykologteam.dk')
 
 -->
-<ruleset name="Randischumann" default_off='failed ruleset test'>
+<ruleset name="Randischumann" default_off="failed ruleset test">
 	<target host="randischumann.dk" />
 	<target host="www.randischumann.dk" />
 	<target host="psykologteam.dk" />
diff --git a/src/chrome/content/rules/RandomOrg.xml b/src/chrome/content/rules/RandomOrg.xml
deleted file mode 100644
index 505a580e594c..000000000000
--- a/src/chrome/content/rules/RandomOrg.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	Fully covered hosts in *random.org:
-
-		- (www.)?
-		- api
-		- draws
-		- files
-		- games
-		- tuples
-
-
-	These altnames don't exist:
-
-		- codes.random.org
-		- feeds.random.org
-		- raffles.random.org
-		- widgets.random.org
-
--->
-<ruleset name="Random.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="random.org" />
-	<target host="api.random.org" />
-	<target host="draws.random.org" />
-	<target host="files.random.org" />
-	<target host="games.random.org" />
-	<target host="tuples.random.org" />
-	<target host="www.random.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="\.random\.org$" name="^RDOSESSION$" /-->
-
-	<securecookie host="\.random\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Range_Networks.com.xml b/src/chrome/content/rules/Range_Networks.com.xml
index 7a028de4ffa8..e0cd1b0cf21b 100644
--- a/src/chrome/content/rules/Range_Networks.com.xml
+++ b/src/chrome/content/rules/Range_Networks.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://support.rangenetworks.com/ => https://support.rangenetworks.
 	* Secured by us
 
 -->
-<ruleset name="Range Networks.com" default_off='failed ruleset test'>
+<ruleset name="Range Networks.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rantoul_Press.xml b/src/chrome/content/rules/Rantoul_Press.xml
index ae43613a686e..3c9b959e5220 100644
--- a/src/chrome/content/rules/Rantoul_Press.xml
+++ b/src/chrome/content/rules/Rantoul_Press.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?rantoulpress\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.rantoulpress.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rantsports.com.xml b/src/chrome/content/rules/Rantsports.com.xml
new file mode 100644
index 000000000000..8eab6dd00d0e
--- /dev/null
+++ b/src/chrome/content/rules/Rantsports.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Rantsports.com">
+
+    <target host="rantsports.com" />
+    <target host="www.rantsports.com" />
+    <target host="shop.rantsports.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raphael-Hertzog.xml b/src/chrome/content/rules/Raphael-Hertzog.xml
index df063930f422..f81f8373e810 100644
--- a/src/chrome/content/rules/Raphael-Hertzog.xml
+++ b/src/chrome/content/rules/Raphael-Hertzog.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.raphaelhertzog.com/ => https://www.raphaelhertzog.com/:
 	Raphaël Hertzog
 
 -->
-<ruleset name="Raphael Hertzog.com" default_off='failed ruleset test'>
+<ruleset name="Raphael Hertzog.com" default_off="failed ruleset test">
 
 	<target host="raphaelhertzog.com" />
 	<target host="www.raphaelhertzog.com" />
diff --git a/src/chrome/content/rules/Rapid7.xml b/src/chrome/content/rules/Rapid7.xml
index 6e16737d250f..d0eea669762a 100644
--- a/src/chrome/content/rules/Rapid7.xml
+++ b/src/chrome/content/rules/Rapid7.xml
@@ -18,7 +18,7 @@ Fetch error: http://browsercan.rapid7.com/ => https://browsercan.rapid7.com/: (6
 		- www.community.rapid7.com
 
 -->
-<ruleset name="Rapid7 (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Rapid7 (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rapid7.com" />
 	<target host="browsercan.rapid7.com" />
diff --git a/src/chrome/content/rules/RapidBuyr-problematic.xml b/src/chrome/content/rules/RapidBuyr-problematic.xml
index c16fb9229887..f5f1b051ae6c 100644
--- a/src/chrome/content/rules/RapidBuyr-problematic.xml
+++ b/src/chrome/content/rules/RapidBuyr-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RapidBuyr.xml b/src/chrome/content/rules/RapidBuyr.xml
index d418a5373ebc..6393f96b267b 100644
--- a/src/chrome/content/rules/RapidBuyr.xml
+++ b/src/chrome/content/rules/RapidBuyr.xml
@@ -15,7 +15,8 @@
 
 	<target host="rapidbuyr.cachefly.net" />
 	<target host="rapidbuyr.com" />
-	<target host="*.rapidbuyr.com" />
+	<target host="www.rapidbuyr.com" />
+	<target host="svcart.rapidbuyr.com" />
 		<!--
 			These paths redirect to http:
 
diff --git a/src/chrome/content/rules/RapidLeaf.xml b/src/chrome/content/rules/RapidLeaf.xml
index 7780a4346097..a3848355264e 100644
--- a/src/chrome/content/rules/RapidLeaf.xml
+++ b/src/chrome/content/rules/RapidLeaf.xml
@@ -8,16 +8,16 @@ Fetch error: http://www.rapidleaf.com/ => https://www.rapidleaf.com/: (28, 'Conn
 Disabled by https-everywhere-checker because:
 Fetch error: http://rapidleaf.com/ => https://rapidleaf.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="RapidLeaf" default_off='failed ruleset test'>
+<ruleset name="RapidLeaf" default_off="failed ruleset test">
 
 	<target host="rapidleaf.com" />
 	<target host="dashboard.rapidleaf.com" />
 	<target host="www.rapidleaf.com" />
 
 
-	<securecookie host="^(?:.+\.)?rapidleaf\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rapida.ru.xml b/src/chrome/content/rules/Rapida.ru.xml
index 0aa1b7b69567..0009a94f795d 100644
--- a/src/chrome/content/rules/Rapida.ru.xml
+++ b/src/chrome/content/rules/Rapida.ru.xml
@@ -35,7 +35,7 @@ webmail.rapida.ru ³
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="rapida.ru" default_off='failed ruleset test'>
+<ruleset name="rapida.ru" default_off="failed ruleset test">
 	<target host="rapida.ru" />
 	<target host="www.rapida.ru" />
 	<target host="api.rapida.ru" />
diff --git a/src/chrome/content/rules/Rapidgator.net.xml b/src/chrome/content/rules/Rapidgator.net.xml
deleted file mode 100644
index fdf9be095172..000000000000
--- a/src/chrome/content/rules/Rapidgator.net.xml
+++ /dev/null
@@ -1,81 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="Rapidgator.net (partial)">
-
-	<target host="rapidgator.net" />
-	<target host="www.rapidgator.net" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://(?:www\.)?rapidgator\.net/(?:account/ForgotPassword$|article/(?:privacyPolicy|security)$|feedback/contact/q/6$)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:www\.)?rapidgator\.net/(?!(?:/*(?:account/registration|article/premium|auth/(?:captcha|login))(?:$|[?/])|assets/|css/|images/))" />
-
-			<!--	-ve:
-					-->
-			<test url="http://rapidgator.net//upload/jsonprogress?id=" />
-			<test url="http://rapidgator.net/News/NewsList" />
-			<test url="http://rapidgator.net/account/ForgotPassword" />
-			<test url="http://rapidgator.net/antifrod/pushFromStorage" />
-			<test url="http://rapidgator.net/article/faq" />
-			<test url="http://rapidgator.net/article/premium" />
-			<test url="http://rapidgator.net/article/privacyPolicy" />
-			<test url="http://rapidgator.net/article/resource" />
-			<test url="http://rapidgator.net/article/security" />
-			<test url="http://rapidgator.net/feedback/contact/q/6" />
-			<!--
-			<test url="http://rapidgator.net/profile/ftp" />
-			<test url="http://rapidgator.net/remotedl/index" />
-			<test url="http://rapidgator.net/site/PleaseLogin" />
-			<test url="http://rapidgator.net/site/index" />
-			<test url="http://rapidgator.net/stat/StatDeletedFiles" />
-			<test url="http://rapidgator.net/storage.swf" />
-			<test url="http://rapidgator.net/storage.xap" />
-			-->
-
-			<!--	-ve:
-					-->
-			<test url="http://rapidgator.net/account/registration" />
-			<test url="http://rapidgator.net/article/premium" />
-			<test url="http://rapidgator.net/assets/53380a07/widget.css" />
-			<test url="http://rapidgator.net/auth/login" />
-			<test url="http://rapidgator.net/css/jquery.tooltip.upload.widget.css" />
-			<test url="http://rapidgator.net/favicon.ico" />
-			<test url="http://rapidgator.net/images/ico-submenu-hover.gif" />
-
-		<!--	Avoid potential XHR problems:
-							-->
-		<exclusion pattern="^http://(?:www\.)?rapidgator\.net/.+\.js(?:$|\?)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://rapidgator.net/assets/2bf718b1/fingerprint.js" />
-			<test url="http://rapidgator.net/assets/659f1fca/uploadwidget.js" />
-			<test url="http://rapidgator.net/assets/6fdaff12/md5.js" />
-			<test url="http://rapidgator.net/assets/6fdaff12/plugin_detect.js" />
-			<test url="http://rapidgator.net/assets/6fdaff12/storage.js" />
-			<!--
-			<test url="http://rapidgator.net/assets/6fdaff12/swfobject.js" />
-			<test url="http://rapidgator.net/assets/6fdaff12/swfstore.js" />
-			<test url="http://rapidgator.net/assets/a98d756f/jquery.min.js" />
-			<test url="http://rapidgator.net/assets/a98d756f/jui/js/jquery-ui.min.js" />
-			<test url="http://rapidgator.net/javascript/ddsmoothmenu.js" />
-			<test url="http://rapidgator.net/javascript/input.js" />
-			<test url="http://rapidgator.net/javascript/jquery.tooltip.js" />
-			<test url="http://rapidgator.net/javascript/json2.js" />
-			<test url="http://rapidgator.net/javascript/main.js" />
-			<test url="http://rapidgator.net/javascript/pngFX.js" />
-			-->
-
-
-	<securecookie host="^\w" name="^__utm" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Raptr.com.xml b/src/chrome/content/rules/Raptr.com.xml
index e082f256196e..f92a159e1162 100644
--- a/src/chrome/content/rules/Raptr.com.xml
+++ b/src/chrome/content/rules/Raptr.com.xml
@@ -1,50 +1,12 @@
 <!--
-	Nonfunctional hosts in *raptr.com:
-
-		- about ʳ
-		- blog ʳ
-		- caas ʳ
-		- l ᶠ
-		- support ʰ
-
-	ᶠ Handshake fails
-	ʰ Freshdesk / redirects to http
-	ʳ Refused
-
-
-	Insecure cookies are set for these domains:
-
-		- .raptr.com
-
-
-	Mixed content:
-
-		- iframe on ^ from plays.tv ˢ
-		- css on ^ from b0.raptrcdn.com ˢ
-		- Images on ^ from b1.raptrcdn.com ˢ
-		- favicon on ^ from b1.raptrcdn.com ˢ
-		- Bug on ^ from pixel.quantserve.com ˢ
-
-	ˢ Secured by us
+	Raptr.com has a wildcard DNS record and SSL certificate.
 
+	Mismatched:
+		- dev.raptr.com
 -->
-<ruleset name="Raptr.com (partial)" platform="mixedcontent">
-
+<ruleset name="Raptr.com">
 	<target host="raptr.com" />
-	<target host="clientupdater.raptr.com" />
 	<target host="www.raptr.com" />
 
-		<test url="http://clientupdater.raptr.com/client/raptr_installer.exe" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.raptr\.com$" name="^(?:PHPSESSID|xb)$" /-->
-
-	<securecookie host="^\." name="^__qca$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Rapture_Ready.xml b/src/chrome/content/rules/Rapture_Ready.xml
index 69fbaca5d8e0..11b1936876d9 100644
--- a/src/chrome/content/rules/Rapture_Ready.xml
+++ b/src/chrome/content/rules/Rapture_Ready.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rare.us.xml b/src/chrome/content/rules/Rare.us.xml
index 7488f42ae200..e40d24a1f520 100644
--- a/src/chrome/content/rules/Rare.us.xml
+++ b/src/chrome/content/rules/Rare.us.xml
@@ -5,7 +5,7 @@ Fetch error: http://rare.us/ => https://rare.us/: Too many redirects while fetch
 Fetch error: http://www.rare.us/ => https://www.rare.us/: Too many redirects while fetching 'https://www.rare.us/'
 
 -->
-<ruleset name="Rare.us" default_off='failed ruleset test'>
+<ruleset name="Rare.us" default_off="failed ruleset test">
 
 	<target host="rare.us" />
 	<target host="www.rare.us" />
diff --git a/src/chrome/content/rules/RareConnect.xml b/src/chrome/content/rules/RareConnect.xml
index 1139e0107cc7..4c72480ade5b 100644
--- a/src/chrome/content/rules/RareConnect.xml
+++ b/src/chrome/content/rules/RareConnect.xml
@@ -8,4 +8,4 @@
 		to="https://www.rareconnect.org/" />
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rasset.ie.xml b/src/chrome/content/rules/Rasset.ie.xml
deleted file mode 100644
index bb43ac647362..000000000000
--- a/src/chrome/content/rules/Rasset.ie.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other RTÉ coverage, see RTE.xml.
-
--->
-<ruleset name="Rasset.ie">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="img.rasset.ie" />
-	<target host="dj.rasset.ie" />
-	<target host="static.rasset.ie" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rateip.com.xml b/src/chrome/content/rules/Rateip.com.xml
index f4f8cc09ad10..4aee5dc8ef6d 100644
--- a/src/chrome/content/rules/Rateip.com.xml
+++ b/src/chrome/content/rules/Rateip.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.rateip.com/ => https://www.rateip.com/: (28, 'Connection
 	* Secured by us
 
 -->
-<ruleset name="Rateip.com" default_off='failed ruleset test'>
+<ruleset name="Rateip.com" default_off="failed ruleset test">
 
 	<target host="rateip.com" />
 	<target host="www.rateip.com" />
diff --git a/src/chrome/content/rules/RatfishOil.com-falsemixed.xml b/src/chrome/content/rules/RatfishOil.com-falsemixed.xml
index dd06b8b33ea6..49c5b4279ef7 100644
--- a/src/chrome/content/rules/RatfishOil.com-falsemixed.xml
+++ b/src/chrome/content/rules/RatfishOil.com-falsemixed.xml
@@ -4,7 +4,7 @@
 -->
 <ruleset name="RatfishOil.com (false MCB)" platform="mixedcontent">
 
-	<target host="*.ratfishoil.com" />
+	<target host="www.ratfishoil.com" />
 
 
 	<!--	Server doesn't set Secure for:
@@ -12,7 +12,6 @@
 	<securecookie host="^(?:www)?\.ratfishoil\.com$" name=".+" />
 
 
-	<rule from="^http://www\.ratfishoil\.com/"
-		to="https://www.ratfishoil.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RationalWiki.org.xml b/src/chrome/content/rules/RationalWiki.org.xml
new file mode 100644
index 000000000000..515f442ebab8
--- /dev/null
+++ b/src/chrome/content/rules/RationalWiki.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="RationalWiki.org">
+	<target host="rationalwiki.org" />
+	<target host="www.rationalwiki.org" />
+	<target host="ru.rationalwiki.org" />
+	<target host="www.ru.rationalwiki.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RaumZeitLabor.de.xml b/src/chrome/content/rules/RaumZeitLabor.de.xml
index f1c7eb6e46dd..13b0c851cf2a 100644
--- a/src/chrome/content/rules/RaumZeitLabor.de.xml
+++ b/src/chrome/content/rules/RaumZeitLabor.de.xml
@@ -15,13 +15,14 @@
 <ruleset name="RaumZeitLabor.de (partial)">
 
 	<target host="raumzeitlabor.de" />
-	<target host="*.raumzeitlabor.de" />
+	<target host="lists.raumzeitlabor.de" />
+	<target host="wiki.raumzeitlabor.de" />
+	<target host="www.raumzeitlabor.de" />
 
 
 	<securecookie host="^wiki\.raumzeitlabor\.de$" name=".+" />
 
 
-	<rule from="^http://((?:lists|wiki|www)\.)?raumzeitlabor\.de/"
-		to="https://$1raumzeitlabor.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rave7.com.xml b/src/chrome/content/rules/Rave7.com.xml
new file mode 100644
index 000000000000..ece94bb7104b
--- /dev/null
+++ b/src/chrome/content/rules/Rave7.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		*.rave7.com: Wildcard DNS records, but no wildcard SSL certificate
+-->
+
+<ruleset name="Rave7.com">
+	<target host="rave7.com" />
+	<target host="www.rave7.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raven_Software.xml b/src/chrome/content/rules/Raven_Software.xml
index bce2c20e1688..9876cfd92ff5 100644
--- a/src/chrome/content/rules/Raven_Software.xml
+++ b/src/chrome/content/rules/Raven_Software.xml
@@ -9,7 +9,8 @@
 <ruleset name="Raven Software" default_off="expired">
 
 	<target host="ravensoft.com" />
-	<target host="*.ravensoft.com" />
+	<target host="www.ravensoft.com" />
+	<target host="www2.ravensoft.com" />
 
 
 	<securecookie host="^www2\.ravensoft\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Ravenjs.com.xml b/src/chrome/content/rules/Ravenjs.com.xml
new file mode 100644
index 000000000000..6a3710f1c26b
--- /dev/null
+++ b/src/chrome/content/rules/Ravenjs.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid Certificate:
+		www.ravenjs.com
+-->
+<ruleset name="Ravenjs.com">
+
+	<target host="ravenjs.com" />
+	<target host="www.ravenjs.com" />
+	<target host="cdn.ravenjs.com" />
+		<test url="http://cdn.ravenjs.com/1.1.15/jquery,native/raven.min.js" />
+
+
+	<securecookie host=".+" name=".+" />
+
+
+	<rule from="^http://www\.ravenjs\.com/" to="https://ravenjs.com/" />
+	<rule from="^http:"
+		to="https:" />
+
+	<!-- See https://github.com/EFForg/https-everywhere/pull/15463 -->
+	<exclusion pattern="^http://cdn\.ravenjs\.com/$" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RawGit2.com.xml b/src/chrome/content/rules/RawGit2.com.xml
new file mode 100644
index 000000000000..3d9400de2cfb
--- /dev/null
+++ b/src/chrome/content/rules/RawGit2.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="RawGit2.com">
+	<target host="rawgit2.com" />
+	<target host="www.rawgit2.com" />
+	<target host="cdn.rawgit2.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Raymond.CC.xml b/src/chrome/content/rules/Raymond.CC.xml
index 8962d7b618d8..c01d85716d63 100644
--- a/src/chrome/content/rules/Raymond.CC.xml
+++ b/src/chrome/content/rules/Raymond.CC.xml
@@ -4,7 +4,7 @@
 	<target host="cdn.raymond.cc" />
 	<target host="www.raymond.cc" />
 
-	<securecookie host="^(?:.*\.)?raymond\.cc$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Razor_Servers.xml b/src/chrome/content/rules/Razor_Servers.xml
index 8e795686a322..890b9d798af1 100644
--- a/src/chrome/content/rules/Razor_Servers.xml
+++ b/src/chrome/content/rules/Razor_Servers.xml
@@ -4,15 +4,15 @@
 		- (www.)	(times out)
 
 -->
-<ruleset name="Razor Servers (partial)">
+<ruleset name="Razor Servers (partial)" default_off="timeout">
 
-	<target host="*.razorservers.com" />
+	<target host="manage.razorservers.com" />
+	<target host="secure.razorservers.com" />
 
 
-	<securecookie host=".+\.razorservers\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(manag|secur)e\.razorservers\.com/"
-		to="https://$1e.razorservers.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Razzies.com.xml b/src/chrome/content/rules/Razzies.com.xml
new file mode 100644
index 000000000000..f9e5224edc46
--- /dev/null
+++ b/src/chrome/content/rules/Razzies.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="razzies.com">
+	<target host="razzies.com" />
+	<target host="www.razzies.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rdio.xml b/src/chrome/content/rules/Rdio.xml
deleted file mode 100644
index 208781e59e75..000000000000
--- a/src/chrome/content/rules/Rdio.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://rd.io/ => https://rd.io/: (7, 'Failed to connect to rd.io port 443: Connection refused')
-Fetch error: http://www.rd.io/ => https://www.rd.io/: (7, 'Failed to connect to www.rd.io port 443: Connection refused')
-Fetch error: http://rdio.com/ => https://rdio.com/: (7, 'Failed to connect to rdio.com port 443: Connection refused')
-Fetch error: http://algorithms.rdio.com/ => https://algorithms.rdio.com/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://www.rdio.com/ => https://www.rdio.com/: (7, 'Failed to connect to www.rdio.com port 443: Connection refused')
-
-	CDN buckets:
-
-		- rdio-a.akamaihd.net
-		- rdio.assistly.com
-
-
-	Nonfunctional subdomains:
-
-		- blog
-		- help		(redirects to http; mismatched, CN: *.assistly.com)
-
--->
-<ruleset name="Rdio (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="rd.io" />
-
-	<target host="www.rd.io" />
-	<target host="rdio.com" />
-	<target host="algorithms.rdio.com" />
-	<target host="www.rdio.com" />
-
-	<securecookie host="^\.rdio\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Re-publica.de.xml b/src/chrome/content/rules/Re-publica.de.xml
index e38440095f1a..e25c536a6803 100644
--- a/src/chrome/content/rules/Re-publica.de.xml
+++ b/src/chrome/content/rules/Re-publica.de.xml
@@ -17,7 +17,7 @@ Non-2xx HTTP code: http://mail.re-publica.de/ (200) => https://ntmx.de/ (403)
 		- mail		(→ ntmx.de)
 
 -->
-<ruleset name="re-publica.de (partial)" default_off='failed ruleset test'>
+<ruleset name="re-publica.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ReTargeter.xml b/src/chrome/content/rules/ReTargeter.xml
index aeadb824c80b..47a434b03d8f 100644
--- a/src/chrome/content/rules/ReTargeter.xml
+++ b/src/chrome/content/rules/ReTargeter.xml
@@ -19,7 +19,7 @@ Fetch error: http://v2.retargeter.com/ => https://v2.retargeter.com/: (28, 'Conn
 		- cdn		(cert: *.netdna-ssl.com; 404)
 
 -->
-<ruleset name="ReTargeter.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ReTargeter.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -30,7 +30,7 @@ Fetch error: http://v2.retargeter.com/ => https://v2.retargeter.com/: (28, 'Conn
 	<target host="ad.retargeter.com" />
 
 
-	<securecookie host="^.*\.retargeter\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://ad\.retargeter\.com/"
diff --git a/src/chrome/content/rules/ReactOS.org.xml b/src/chrome/content/rules/ReactOS.org.xml
index 3b8dedd5e678..f1c0bbf54202 100644
--- a/src/chrome/content/rules/ReactOS.org.xml
+++ b/src/chrome/content/rules/ReactOS.org.xml
@@ -39,7 +39,10 @@
 <ruleset name="ReactOS.org (partial)">
 
 	<target host="reactos.org" />
-	<target host="*.reactos.org" />
+	<target host="jira.reactos.org" />
+	<target host="old.reactos.org" />
+	<target host="svn.reactos.org" />
+	<target host="www.reactos.org" />
 		<!--
 			Avoid broken MCB:
 						-->
@@ -54,7 +57,6 @@
 	<securecookie host="^(?:jira)?\.reactos\.org$" name=".+" />
 
 
-	<rule from="^http://((?:jira|old|svn|www)\.)?reactos\.org/"
-		to="https://$1reactos.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Reactiongifs.com.xml b/src/chrome/content/rules/Reactiongifs.com.xml
new file mode 100644
index 000000000000..3664c81e1a9e
--- /dev/null
+++ b/src/chrome/content/rules/Reactiongifs.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Reactiongifs.com">
+	<target host="reactiongifs.com" />
+	<target host="www.reactiongifs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReadSpeaker.xml b/src/chrome/content/rules/ReadSpeaker.xml
index 80b723f725b9..4fc5eca39733 100644
--- a/src/chrome/content/rules/ReadSpeaker.xml
+++ b/src/chrome/content/rules/ReadSpeaker.xml
@@ -14,7 +14,7 @@ Fetch error: http://asp.readspeaker.net/ => https://asp.readspeaker.net/: (60, '
 	ᵐ Mismatched
 
 -->
-<ruleset name="ReadSpeaker.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ReadSpeaker.com (partial)" default_off="failed ruleset test">
 
 	<!--target host="readspeaker.com" /-->
 	<target host="app.readspeaker.com" />
diff --git a/src/chrome/content/rules/ReadTheDocs.xml b/src/chrome/content/rules/ReadTheDocs.xml
index c2aa837cf64d..37229f1a3948 100644
--- a/src/chrome/content/rules/ReadTheDocs.xml
+++ b/src/chrome/content/rules/ReadTheDocs.xml
@@ -1,6 +1,6 @@
 <!--
 	*readthedocs.(com|io|org) work correctly.
-	
+
 	*.rtfd.org uses the '*.readthedocs.org' certificate.
 -->
 <ruleset name="Read the Docs">
@@ -12,14 +12,14 @@
 
 	<target host="readthedocs.io" />
 	<target host="*.readthedocs.io" />
-	
+
 	<target host="rtfd.org" />
 	<target host="*.rtfd.org" />
-	
+
 	<test url="http://blog.readthedocs.com/" />
 	<test url="http://media.readthedocs.com/" />
 	<test url="http://www.readthedocs.com/" />
-	
+
 	<test url="http://docs.readthedocs.io/" />
 	<test url="http://read-the-docs.readthedocs.io/" />
 	<test url="http://testing.readthedocs.io/" />
@@ -33,7 +33,7 @@
 	<test url="http://www.rtfd.org/" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http://([\w-]+\.)?rtfd\.org/" to="https://$1readthedocs.io/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ReadWriteWeb.xml b/src/chrome/content/rules/ReadWriteWeb.xml
index 40828e78a1b5..4f8fcf8c093a 100644
--- a/src/chrome/content/rules/ReadWriteWeb.xml
+++ b/src/chrome/content/rules/ReadWriteWeb.xml
@@ -10,7 +10,7 @@
 -->
 <ruleset name="ReadWrite" default_off="breaks site">
   <target host="readwrite.com" />
-  <target host="*.readwrite.com" />
+  <target host="www.readwrite.com" />
   <rule from="^http://(?:www\.)?readwrite\.com/"
         to="https://readwrite.com/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Readability.com.xml b/src/chrome/content/rules/Readability.com.xml
deleted file mode 100644
index 706709b17872..000000000000
--- a/src/chrome/content/rules/Readability.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	CDN buckets:
-
-		- du3itj18e4z0b.cloudfront.net
-
-
-	Some pages redirect to http
-
--->
-<ruleset name="Readability.com (partial)">
-
-	<target host="readability.com" />
-	<target host="www.readability.com" />
-
-
-	<rule from="^http://(www\.)?readability\.com/((?:account|login|register)(?:$|\?|/)|bookmarklet/\w|embed\.(?:html|js))"
-		to="https://$1readability.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Readers_Digest.com.xml b/src/chrome/content/rules/Readers_Digest.com.xml
index 43382618a099..b0a84ac23e50 100644
--- a/src/chrome/content/rules/Readers_Digest.com.xml
+++ b/src/chrome/content/rules/Readers_Digest.com.xml
@@ -10,7 +10,7 @@
 	Nonfunctional domains:
 
 		- rd.com
-		- media.rd.com	(404; mismatched, CN: 
+		- media.rd.com	(404; mismatched, CN:
 		- www.rd.com	(redirects to http, valid cert)
 
 
@@ -24,20 +24,12 @@
 -->
 <ruleset name="Readers Digest.com (partial)">
 
-	<target host="*.rd.com" />
-	<target host="*.readersdigest.com" />
+	<target host="order.readersdigest.com" />
+	<target host="us.readersdigest.com" />
 
+	<securecookie host="^legacy\.rd\.com$" name=".+" />	<securecookie host="^(?:order|\.?us)\.readersdigest\.com$" name=".+" />
 
-	<securecookie host="^\.rd\.com$" name="^s_\w+$" />
-	<securecookie host="^legacy\.rd\.com$" name=".+" />
-	<securecookie host="^\.readersdigest\.com$" name="^(?:CLEQ_\w|mbox|s_\w+)$" />
-	<securecookie host="^(?:order|\.?us)\.readersdigest\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://(legacy|somtrkpix)\.rd\.com/"
-		to="https://$1.rd.com/" />
-
-	<rule from="^http://(order|us)\.readersdigest\.com/"
-		to="https://$1.readersdigest.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReadrBoard.com.xml b/src/chrome/content/rules/ReadrBoard.com.xml
index 561aa1b1ad6c..c9ef5e65e34a 100644
--- a/src/chrome/content/rules/ReadrBoard.com.xml
+++ b/src/chrome/content/rules/ReadrBoard.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://readrboard.com/ => https://readrboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'readrboard.com'")
 Fetch error: http://www.readrboard.com/ => https://www.readrboard.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.readrboard.com'")
 -->
-<ruleset name="ReadrBoard.com" default_off='failed ruleset test'>
+<ruleset name="ReadrBoard.com" default_off="failed ruleset test">
 
 	<target host="readrboard.com" />
 	<target host="www.readrboard.com" />
diff --git a/src/chrome/content/rules/ReadyHosting.com.xml b/src/chrome/content/rules/ReadyHosting.com.xml
index 42f812d9db36..b3ddce4aad54 100644
--- a/src/chrome/content/rules/ReadyHosting.com.xml
+++ b/src/chrome/content/rules/ReadyHosting.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="ReadyHosting.com">
 
 	<target host="readyhosting.com" />
-	<target host="*.readyhosting.com" />
+	<target host="www.readyhosting.com" />
+	<target host="secure.readyhosting.com" />
 
 
 	<!--	Not secured by server:
@@ -17,7 +18,6 @@
 	<rule from="^http://(?:www\.)?readyhosting\.com/"
 		to="https://www.readyhosting.com/" />
 
-	<rule from="^http://secure\.readyhosting\.com/"
-		to="https://secure.readyhosting.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ReadyNas.xml b/src/chrome/content/rules/ReadyNas.xml
deleted file mode 100644
index 051f20cd34ec..000000000000
--- a/src/chrome/content/rules/ReadyNas.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-The certificate is only valid for www.readynas.com
--->
-<ruleset name="ReadyNAS">
-
-    <target host="readynas.com" />
-    <target host="www.readynas.com" />
-
-    <rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Real-Networks.xml b/src/chrome/content/rules/Real-Networks.xml
index 91ba88c4cbed..d8dd094ff442 100644
--- a/src/chrome/content/rules/Real-Networks.xml
+++ b/src/chrome/content/rules/Real-Networks.xml
@@ -19,21 +19,18 @@ Fetch error: http://www.realone.com/ => https://www.real.com/: Cycle detected -
 		- stats.rnhh.de
 
 -->
-<ruleset name="Real Networks (partial)" default_off='failed ruleset test'>
+<ruleset name="Real Networks (partial)" default_off="failed ruleset test">
 
 	<target host="fb-cdn.ghsrv.com" />
-	<target host="*.real.com" />
+	<target host="www.real.com" />
+	<target host="images.real.com" />
 	<target host="www.realone.com" />
 
 
 	<securecookie host="^\.real\.com$" name=".+" />
 
 
-	<rule from="^http://fb-cdn\.ghsrv\.com/"
-		to="https://fb-cdn.ghsrv.com/" />
 
-	<rule from="^http://www\.real\.com/"
-		to="https://www.real.com/" />
 
 	<!--	Doesn't work over https.	-->
 	<rule from="^http://images\.real\.com/"
@@ -43,4 +40,5 @@ Fetch error: http://www.realone.com/ => https://www.real.com/: Cycle detected -
 	<rule from="^http://www\.realone\.com/"
 		to="https://www.real.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RealClearPolitics.com.xml b/src/chrome/content/rules/RealClearPolitics.com.xml
index ed3b27380e11..afbd60d87ad6 100644
--- a/src/chrome/content/rules/RealClearPolitics.com.xml
+++ b/src/chrome/content/rules/RealClearPolitics.com.xml
@@ -1,22 +1,13 @@
 <!--
-	CDN buckets:
-
-		- assets.realclearpolitics.com.s3.amazonaws.com
-
-			- assets
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
+	Non-functional hosts:
+		Incomplete certificate chain:
+		- realclearpolitics.com
 -->
 <ruleset name="RealClearPolitics.com (partial)">
 
 	<target host="assets.realclearpolitics.com" />
+	<target host="www.realclearpolitics.com" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://assets\.realclearpolitics\.com/"
-		to="https://s3.amazonaws.com/assets.realclearpolitics.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RealMatch.com.xml b/src/chrome/content/rules/RealMatch.com.xml
index 50bc5b010f4f..7a5d04aad54e 100644
--- a/src/chrome/content/rules/RealMatch.com.xml
+++ b/src/chrome/content/rules/RealMatch.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://realmatch.com/ => https://realmatch.com/: (51, "SSL: no alte
 		- blog	(http reply)
 
 -->
-<ruleset name="RealMatch.com (partial)" default_off='failed ruleset test'>
+<ruleset name="RealMatch.com (partial)" default_off="failed ruleset test">
 
 	<target host="realmatch.com" />
 	<target host="www.realmatch.com" />
@@ -22,4 +22,4 @@ Fetch error: http://realmatch.com/ => https://realmatch.com/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RealTimeStatistics.net.xml b/src/chrome/content/rules/RealTimeStatistics.net.xml
new file mode 100644
index 000000000000..37517b8f4276
--- /dev/null
+++ b/src/chrome/content/rules/RealTimeStatistics.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="RealTimeStatistics.net">
+	<target host="realtimestatistics.net" />
+	<target host="www.realtimestatistics.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RealVNC.com.xml b/src/chrome/content/rules/RealVNC.com.xml
index ee3c3aa51806..2571bf5969d7 100644
--- a/src/chrome/content/rules/RealVNC.com.xml
+++ b/src/chrome/content/rules/RealVNC.com.xml
@@ -16,7 +16,7 @@
 					-->
 	<!--securecookie host="^support\.realvnc\.com$" name="^(?:SWIFT_client|SWIFT_sessionid40)$" /-->
 
-	<securecookie host="^support\.realvnc\.com$" name="" />
+	<securecookie host="^support\.realvnc\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Real_Robot_High.xml b/src/chrome/content/rules/Real_Robot_High.xml
index 941295f18973..5580dbc25a04 100644
--- a/src/chrome/content/rules/Real_Robot_High.xml
+++ b/src/chrome/content/rules/Real_Robot_High.xml
@@ -6,19 +6,19 @@ Fetch error: http://realrobothigh.com/ => https://realrobothigh.com/: (28, 'Conn
 	www: mismatched
 
 -->
-<ruleset name="Real Robot High" default_off='failed ruleset test'>
+<ruleset name="Real Robot High" default_off="failed ruleset test">
 
 	<target host="realrobothigh.com" />
-	<target host="*.realrobothigh.com" />
+	<target host="stage.realrobothigh.com" />
+	<target host="www.realrobothigh.com" />
 
 
 	<securecookie host="^\.realrobothigh\.com$" name=".+" />
 
 
-	<rule from="^http://(stage\.)?realrobothigh\.com/"
-		to="https://$1realrobothigh.com/" />
 
 	<rule from="^http://www\.realrobothigh\.com/"
 		to="https://realrobothigh.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Real_World_OCaml.org.xml b/src/chrome/content/rules/Real_World_OCaml.org.xml
index 7facf2efb9b5..784cbde09548 100644
--- a/src/chrome/content/rules/Real_World_OCaml.org.xml
+++ b/src/chrome/content/rules/Real_World_OCaml.org.xml
@@ -1,15 +1,13 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.realworldocaml.org/ => https://www.realworldocaml.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.realworldocaml.org'")
-
+	Invalid certificate:
+		www.realworldocaml.org
 -->
-<ruleset name="Real World OCaml.org" default_off='failed ruleset test'>
 
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Real World OCaml.org">
+
 	<target host="realworldocaml.org" />
-	<target host="www.realworldocaml.org" />
+	<target host="dev.realworldocaml.org" />
+	<target host="v1.realworldocaml.org" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Realschule-herrieden.de.xml b/src/chrome/content/rules/Realschule-herrieden.de.xml
new file mode 100644
index 000000000000..54f63f78b1f6
--- /dev/null
+++ b/src/chrome/content/rules/Realschule-herrieden.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Realschule-herrieden.de">
+	<target host="realschule-herrieden.de" />
+	<target host="www.realschule-herrieden.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Realtidbits.xml b/src/chrome/content/rules/Realtidbits.xml
index 42d46500caa8..8103313fe53e 100644
--- a/src/chrome/content/rules/Realtidbits.xml
+++ b/src/chrome/content/rules/Realtidbits.xml
@@ -19,13 +19,15 @@
 <ruleset name="Realtidbits (partial)" default_off="refused">
 
 	<target host="realtidbits.com" />
-	<target host="*.realtidbits.com" />
+	<target host="api.realtidbits.com" />
+	<target host="ssl.realtidbits.com" />
+	<target host="www.realtidbits.com" />
+	<target host="cdn.realtidbits.com" />
 
 
-	<rule from="^http://(api\.|ssl\.|www\.)?realtidbits\.com/"
-		to="https://$1realtidbits.com/" />
 
 	<rule from="^http://cdn\.realtidbits\.com/"
 		to="https://c299782.ssl.cf1.rackcdn.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Realview_Digital.com.xml b/src/chrome/content/rules/Realview_Digital.com.xml
index 6e5f7086e6c4..f43eefdc5471 100644
--- a/src/chrome/content/rules/Realview_Digital.com.xml
+++ b/src/chrome/content/rules/Realview_Digital.com.xml
@@ -20,7 +20,7 @@
 
 		- blog ¹
 		- $client_vhosts ²
-		
+
 	¹ Hubspot/mismatched
 	² Mixed css
 
diff --git a/src/chrome/content/rules/RebelMouse.com.xml b/src/chrome/content/rules/RebelMouse.com.xml
index 158b35c9dfd1..2efe45e1975e 100644
--- a/src/chrome/content/rules/RebelMouse.com.xml
+++ b/src/chrome/content/rules/RebelMouse.com.xml
@@ -40,26 +40,16 @@
 -->
 <ruleset name="RebelMouse.com">
 
+	<target host="partners.rebelmouse.com" />
 	<target host="rebelmouse.com" />
-	<target host="*.rebelmouse.com" />
+	<target host="about.rebelmouse.com" />
+	<target host="blog.rebelmouse.com" />
+	<target host="www.rebelmouse.com" />
 
-		<test url="http://about.rebelmouse.com/" />
-		<test url="http://blog.rebelmouse.com/" />
-		<test url="http://partners.rebelmouse.com/" />
-		<test url="http://www.rebelmouse.com/" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Trackers
-				-->
-	<!--securecookie host="^\.rebelmouse\.com$" name="^(__utm\w+|k.+|optimizely.+)$" /-->
 
-	<securecookie host="^\.rebelmouse\.com$" name=".+" />
-
-
-	<rule from="^http://partners\.rebelmouse\.com/"
-		to="https://s3.amazonaws.com/partners.rebelmouse.com/" />
-
-	<rule from="^http://((?:about|blog|www)\.)?rebelmouse\.com/"
-		to="https://$1rebelmouse.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rebel_Torrent.net.xml b/src/chrome/content/rules/Rebel_Torrent.net.xml
deleted file mode 100644
index 513b116d0f2f..000000000000
--- a/src/chrome/content/rules/Rebel_Torrent.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .rebeltorrent.net
-
--->
-<ruleset name="Rebel Torrent.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="rebeltorrent.net" />
-	<target host="www.rebeltorrent.net" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.rebeltorrent\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Recalll.co.xml b/src/chrome/content/rules/Recalll.co.xml
index e19ab6902f62..5a5498b3b901 100644
--- a/src/chrome/content/rules/Recalll.co.xml
+++ b/src/chrome/content/rules/Recalll.co.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.recalll.co/ => https://www.recalll.co/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Recalll.co" default_off='failed ruleset test'>
+<ruleset name="Recalll.co" default_off="failed ruleset test">
 
 	<target host="recalll.co" />
 	<target host="www.recalll.co" />
diff --git a/src/chrome/content/rules/Recap_the_Law.xml b/src/chrome/content/rules/Recap_the_Law.xml
deleted file mode 100644
index e8da6176943f..000000000000
--- a/src/chrome/content/rules/Recap_the_Law.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Recap the Law">
-
-	<target host="recapthelaw.org" />
-	<target host="www.recapthelaw.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Reclaim-Your-Privacy.com.xml b/src/chrome/content/rules/Reclaim-Your-Privacy.com.xml
deleted file mode 100644
index 370d8898a339..000000000000
--- a/src/chrome/content/rules/Reclaim-Your-Privacy.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- reclaim-your-privacy.com
-		- www.reclaim-your-privacy.com
-
--->
-<ruleset name="Reclaim-Your-Privacy.com">
-
-	<target host="reclaim-your-privacy.com" />
-	<target host="www.reclaim-your-privacy.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?reclaim-your-privacy\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www\.)?reclaim-your-privacy\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Reclam.de.xml b/src/chrome/content/rules/Reclam.de.xml
new file mode 100644
index 000000000000..d5d3dcae1796
--- /dev/null
+++ b/src/chrome/content/rules/Reclam.de.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional hosts in *.reclam.de:
+		-  filebase.reclam.de (m)
+		-  mobile.reclam.de (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Reclam.de">
+	<target host="reclam.de" />
+	<target host="www.reclam.de" />
+	<target host="newsletter.reclam.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Red-Aril.xml b/src/chrome/content/rules/Red-Aril.xml
index 4b8e4e068326..b1dd89176de8 100644
--- a/src/chrome/content/rules/Red-Aril.xml
+++ b/src/chrome/content/rules/Red-Aril.xml
@@ -22,7 +22,7 @@ Fetch error: http://p9.raasnet.com/ => https://p9.raasnet.com/: (60, 'SSL certif
 	p\d?.raasnet.com: Included on 3rd-party websites.
 
 -->
-<ruleset name="RAasnet.com (partial)" default_off='failed ruleset test'>
+<ruleset name="RAasnet.com (partial)" default_off="failed ruleset test">
 
 	<target host="p.raasnet.com" />
 	<target host="p0.raasnet.com" />
diff --git a/src/chrome/content/rules/Red.es.xml b/src/chrome/content/rules/Red.es.xml
index 27662fb8ed25..16acef7280b5 100644
--- a/src/chrome/content/rules/Red.es.xml
+++ b/src/chrome/content/rules/Red.es.xml
@@ -12,7 +12,7 @@
 <ruleset name="Red.es (partial)" default_off="self-signed">
 
 	<target host="ontsi.red.es" />
-	<target host="*.ontsi.red.es" />
+	<target host="www.ontsi.red.es" />
 
 
 	<securecookie host="^\.ontsi\.red\.es$" name=".+" />
diff --git a/src/chrome/content/rules/RedFerret.net.xml b/src/chrome/content/rules/RedFerret.net.xml
new file mode 100644
index 000000000000..9683fb548119
--- /dev/null
+++ b/src/chrome/content/rules/RedFerret.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="RedFerret.net">
+
+	<target host="redferret.net" />
+	<target host="www.redferret.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/RedState.xml b/src/chrome/content/rules/RedState.xml
index bfc8ec08302c..cda121a5c23a 100644
--- a/src/chrome/content/rules/RedState.xml
+++ b/src/chrome/content/rules/RedState.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?redstate\.com/(login|t/)"
 		to="https://$1redstate.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_Content_Pool.xml b/src/chrome/content/rules/Red_Bull_Content_Pool.xml
index aeaae9c769f8..5064409be43a 100644
--- a/src/chrome/content/rules/Red_Bull_Content_Pool.xml
+++ b/src/chrome/content/rules/Red_Bull_Content_Pool.xml
@@ -26,7 +26,16 @@ Fetch error: http://redbullcontentpool.com/ => https://www.redbullcontentpool.co
 <ruleset name="Red Bull Content Pool">
 
 	<target host="redbullcontentpool.com" />
-	<target host="*.redbullcontentpool.com" />
+	<target host="www.redbullcontentpool.com" />
+	<target host="cliffdiving.redbullcontentpool.com" />
+	<target host="crashedice.redbullcontentpool.com" />
+	<target host="images.redbullcontentpool.com" />
+	<target host="info.redbullcontentpool.com" />
+	<target host="internal.redbullcontentpool.com" />
+	<target host="musicacademy.redbullcontentpool.com" />
+	<target host="stratos.redbullcontentpool.com" />
+	<target host="www-staging.redbullcontentpool.com" />
+	<target host="xfighters.redbullcontentpool.com" />
 
 
 	<securecookie host="^(?:internal|www|www-staging)\.redbullcontentpool\.com$" name=".+" />
@@ -35,7 +44,6 @@ Fetch error: http://redbullcontentpool.com/ => https://www.redbullcontentpool.co
 	<rule from="^http://(?:www\.)?redbullcontentpool\.com/"
 		to="https://www.redbullcontentpool.com/" />
 
-	<rule from="^http://(cliffdiving|crashedice|images|info|internal|musicacademy|stratos|www-staging|xfighters)\.redbullcontentpool\.com/"
-		to="https://$1.redbullcontentpool.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_Media_House.xml b/src/chrome/content/rules/Red_Bull_Media_House.xml
index 1eadf93307e4..31a150146549 100644
--- a/src/chrome/content/rules/Red_Bull_Media_House.xml
+++ b/src/chrome/content/rules/Red_Bull_Media_House.xml
@@ -23,13 +23,19 @@
 -->
 <ruleset name="Red Bull Media House (partial)">
 
-	<target host="*.redbullmediahouse.com" />
+	<target host="analytics.redbullmediahouse.com" />
+	<target host="fonts.redbullmediahouse.com" />
+	<target host="me.redbullmediahouse.com" />
+	<target host="mediamanager.redbullmediahouse.com" />
+	<target host="mediamanager-staging.redbullmediahouse.com" />
+	<target host="sales.redbullmediahouse.com" />
+	<target host="stage-wiki.redbullmediahouse.com" />
+	<target host="wiki.redbullmediahouse.com" />
 
 
 	<securecookie host="^(?:content|me|mediamanager(?:-staging)?|sales|stage-wiki|wiki)\.redbullmediahouse\.com$" name=".+" />
 
 
-	<rule from="^http://(analytics|content|fonts|me|mediamanager(?:-staging)?|sales|stage-wiki|wiki)\.redbullmediahouse\.com/"
-		to="https://$1.redbullmediahouse.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml b/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml
index ab40591c3f23..701b7c03de69 100644
--- a/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml
+++ b/src/chrome/content/rules/Red_Bull_Mobile-falsemixed.xml
@@ -5,7 +5,7 @@
 <ruleset name="Red Bull Mobile (false MCB)" platform="mixedcontent">
 
 	<target host="redbullmobile.at" />
-	<target host="*.redbullmobile.at" />
+	<target host="www.redbullmobile.at" />
 		<!--
 			Handled in Red_Bull_Mobile.xml
 							-->
diff --git a/src/chrome/content/rules/Red_Bull_Mobile.xml b/src/chrome/content/rules/Red_Bull_Mobile.xml
index 7a375e249768..a541e8ae76f4 100644
--- a/src/chrome/content/rules/Red_Bull_Mobile.xml
+++ b/src/chrome/content/rules/Red_Bull_Mobile.xml
@@ -80,7 +80,7 @@ Fetch error: http://redbullmobile.com.au/ => https://redbullmobile.com.au/: (51,
 	-falsemixed should be merged for Ffx 24.
 
 -->
-<ruleset name="Red Bull Mobile (partial)" default_off='failed ruleset test'>
+<ruleset name="Red Bull Mobile (partial)" default_off="failed ruleset test">
 
 	<target host="redbullmobile.at" />
 	<target host="www.redbullmobile.at" />
@@ -88,9 +88,15 @@ Fetch error: http://redbullmobile.com.au/ => https://redbullmobile.com.au/: (51,
 			Avoid false/broken MCB:
 							-->
 		<!--exclusion pattern="^http://(www\.)?redbullmobile\.at/(?!fileadmin/|typo3conf/|typo3temp/|uploads/)" /-->
-	<target host="*.redbullmobile.com" />
+	<target host="fbck.redbullmobile.com" />
+	<target host="qr.redbullmobile.com" />
+	<target host="socialposter.redbullmobile.com" />
+	<target host="trackingtool.redbullmobile.com" />
+	<target host="worb.redbullmobile.com" />
 	<target host="redbullmobile.com.au" />
-	<target host="*.redbullmobile.com.au" />
+	<target host="www.redbullmobile.com.au" />
+	<target host="secure.redbullmobile.com.au" />
+	<target host="securea.redbullmobile.com.au" />
 
 
 	<securecookie host="^(?:fbck|qr|socialposter|trackingtool|worb)\.redbullmobile\.com$" name=".+" />
@@ -109,4 +115,4 @@ Fetch error: http://redbullmobile.com.au/ => https://redbullmobile.com.au/: (51,
 	<rule from="^http://secure(a)?\.redbullmobile\.com\.au/"
 		to="https://secure$1.redbullmobile.com.au/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Bull_TV.xml b/src/chrome/content/rules/Red_Bull_TV.xml
index b6103330300b..e41e99b718f8 100644
--- a/src/chrome/content/rules/Red_Bull_TV.xml
+++ b/src/chrome/content/rules/Red_Bull_TV.xml
@@ -13,13 +13,12 @@
 -->
 <ruleset name="Red Bull TV (partial)">
 
-	<target host="*.redbull.tv" />
+	<target host="live.redbull.tv" />
 
 
 	<securecookie host="^live\.redbull\.tv$" name=".+" />
 
 
-	<rule from="^http://live(2)?\.redbull\.tv/"
-		to="https://live$1.redbull.tv/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Ferret.xml b/src/chrome/content/rules/Red_Ferret.xml
deleted file mode 100644
index 22c24e6ae42d..000000000000
--- a/src/chrome/content/rules/Red_Ferret.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="The Red Ferret">
-
-	<target host="redferret.net" />
-	<target host="*.redferret.net" />
-
-
-	<securecookie host="^(?:www)?\.redferret\.net$" name=".+" />
-
-
-	<rule from="^http://(www\.)?theferret\.net/"
-		to="https://$1theferret.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Red_Flush_Casino.xml b/src/chrome/content/rules/Red_Flush_Casino.xml
index e838148736f1..3b3e2a34c931 100644
--- a/src/chrome/content/rules/Red_Flush_Casino.xml
+++ b/src/chrome/content/rules/Red_Flush_Casino.xml
@@ -9,11 +9,11 @@ Fetch error: http://secure.redflush.com/ => https://secure.redflush.com/: (28, '
 		- (www.)redflushcasino.eu	(no https)
 
 -->
-<ruleset name="Red Flush Casino (partial)" default_off='failed ruleset test'>
+<ruleset name="Red Flush Casino (partial)" default_off="failed ruleset test">
 
 	<target host="secure.redflush.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Red_Hat.xml b/src/chrome/content/rules/Red_Hat.xml
index b12e892d8c3c..0e0a8ef89abf 100644
--- a/src/chrome/content/rules/Red_Hat.xml
+++ b/src/chrome/content/rules/Red_Hat.xml
@@ -10,7 +10,6 @@
 		- JBoss.xml
 		- Opensource.com.xml
 		- OpenShift.xml
-		- OVirt.org.xml
 		- RDO_project.org.xml
 		- RH_Cloud.com.xml
 		- Spice-space.org.xml
diff --git a/src/chrome/content/rules/Redcats.xml b/src/chrome/content/rules/Redcats.xml
deleted file mode 100644
index a78c2d9d3d1e..000000000000
--- a/src/chrome/content/rules/Redcats.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Redcats (partial)">
-
-	<target host="*.redcatsecom.com" />
-
-
-	<securecookie host="^media\.redcatsecom\.com$" name=".+" />
-
-
-	<rule from="^http://(images|media)\.redcatsecom\.com/"
-		to="https://$1.redcatsecom.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Redcoon.pt.xml b/src/chrome/content/rules/Redcoon.pt.xml
index eaed55a7046c..23271299cc5b 100644
--- a/src/chrome/content/rules/Redcoon.pt.xml
+++ b/src/chrome/content/rules/Redcoon.pt.xml
@@ -14,7 +14,7 @@ Fetch error: http://redcoon.pt/ => https://www.redcoon.pt/: (60, 'SSL certificat
 	* Secured by us
 
 -->
-<ruleset name="Redcoon.pt" default_off='failed ruleset test'>
+<ruleset name="Redcoon.pt" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RedditSearch.io.xml b/src/chrome/content/rules/RedditSearch.io.xml
new file mode 100644
index 000000000000..bd993622bcad
--- /dev/null
+++ b/src/chrome/content/rules/RedditSearch.io.xml
@@ -0,0 +1,7 @@
+<ruleset name="RedditSearch.io">
+	<target host="redditsearch.io" />
+	<target host="www.redditsearch.io" />
+	<target host="dev.redditsearch.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Redmine.org.xml b/src/chrome/content/rules/Redmine.org.xml
index f9695254b579..258353c57374 100644
--- a/src/chrome/content/rules/Redmine.org.xml
+++ b/src/chrome/content/rules/Redmine.org.xml
@@ -1,11 +1,4 @@
 <!--
-	Problematic hosts in *redmine.org:
-
-		- svn *
-
-	* Server sends no certificate chain, see https://whatsmychaincert.com
-
-
 	These altnames don't exist:
 
 		- www.svn.redmine.org
@@ -17,23 +10,20 @@
 		- www.redmine.org
 
 -->
-<ruleset name="Redmine.org (partial)">
+<ruleset name="Redmine.org">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="redmine.org" />
-	<!--target host="svn.redmine.org" /-->
 	<target host="www.redmine.org" />
+	<target host="svn.redmine.org" />
 
 
 	<!--	Not secured by server_
 					-->
 	<!--securecookie host="^(www\.)?redmine\.org$" name="^_redmine_session$" /-->
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rednerd.com.xml b/src/chrome/content/rules/Rednerd.com.xml
deleted file mode 100644
index 43f8f7726114..000000000000
--- a/src/chrome/content/rules/Rednerd.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: cert only matches ^rednerd.com
-
--->
-<ruleset name="rednerd.com">
-
-	<target host="rednerd.com" />
-	<target host="www.rednerd.com" />
-
-
-	<rule from="^http://(?:www\.)?rednerd\.com/"
-		to="https://rednerd.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Redpill-Linpro.xml b/src/chrome/content/rules/Redpill-Linpro.xml
index 1ebe54df36c5..d6d45d5f9c28 100644
--- a/src/chrome/content/rules/Redpill-Linpro.xml
+++ b/src/chrome/content/rules/Redpill-Linpro.xml
@@ -6,7 +6,7 @@
 		- (www.)redpill-linpro.se
 
 -->
-<ruleset name="Redpill-Linpro.com (partial)" default_off="missing certificate chain">
+<ruleset name="Redpill-Linpro.com (partial)" default_off="cert-chain">
 
 	<target host="portal.redpill-linpro.com" />
 
diff --git a/src/chrome/content/rules/Redports.org.xml b/src/chrome/content/rules/Redports.org.xml
index 186bed5d3d4e..ce2454854b87 100644
--- a/src/chrome/content/rules/Redports.org.xml
+++ b/src/chrome/content/rules/Redports.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://redports.org/ => https://www.redports.org/: (28, 'Connection
 	^redports.org: Mismatched
 
 -->
-<ruleset name="redports.org" default_off='failed ruleset test'>
+<ruleset name="redports.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Reebok.ca.xml b/src/chrome/content/rules/Reebok.ca.xml
new file mode 100644
index 000000000000..6b76e2ae7f02
--- /dev/null
+++ b/src/chrome/content/rules/Reebok.ca.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- reviews.reebok.ca
+-->
+
+<ruleset name="Reebok.ca">
+	<target host="reebok.ca" />
+	<target host="www.reebok.ca" />
+	<target host="cp.reebok.ca" />
+		<test url="http://cp.reebok.ca/idp/startSSO.ping?PartnerSpId=sp:demandware" />
+		<test url="http://cp.reebok.ca/web/rbkeCom/en_CA/loadsignin" />
+	<target host="fitness.reebok.ca" />
+	<target host="m.reebok.ca" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reed_Business.net.xml b/src/chrome/content/rules/Reed_Business.net.xml
index c6cb0711770a..04f757cb4a22 100644
--- a/src/chrome/content/rules/Reed_Business.net.xml
+++ b/src/chrome/content/rules/Reed_Business.net.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://metrics\.reedbusiness\.net/"
 		to="https://reedbusiness-net.d2.sc.omtrdc.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reef_Builders.xml b/src/chrome/content/rules/Reef_Builders.xml
index 7214e278cae2..1f1e50f70d7c 100644
--- a/src/chrome/content/rules/Reef_Builders.xml
+++ b/src/chrome/content/rules/Reef_Builders.xml
@@ -13,7 +13,9 @@
 <ruleset name="Reef Builders">
 
 	<target host="reefbuilders.com" />
-	<target host="*.reefbuilders.com" />
+	<target host="www.reefbuilders.com" />
+	<target host="community.reefbuilders.com" />
+	<target host="jobs.reefbuilders.com" />
 
 
 	<securecookie host="^\.reefbuilders\.com$" name=".+" />
@@ -28,4 +30,4 @@
 	<rule from="^http://jobs\.reefbuilders\.com/c/"
 		to="https://reef.jobamatic.com/c/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReelHD.com.xml b/src/chrome/content/rules/ReelHD.com.xml
index 9ca6a7e90ef3..cb2c5f15599e 100644
--- a/src/chrome/content/rules/ReelHD.com.xml
+++ b/src/chrome/content/rules/ReelHD.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Nonfunctional domains:
 
-		- ads.affbuzzads.com 
+		- ads.affbuzzads.com
 		- tour.affbuzzads.com	(times out)
 
 
diff --git a/src/chrome/content/rules/ReelSEO.com.xml b/src/chrome/content/rules/ReelSEO.com.xml
index 054dfb3b825e..6a459faf06de 100644
--- a/src/chrome/content/rules/ReelSEO.com.xml
+++ b/src/chrome/content/rules/ReelSEO.com.xml
@@ -26,4 +26,4 @@ Fetch error: http://reelseo.com/ => https://reelseo.com/: (7, 'Failed to connect
 	<rule from="^http://cdn\d?\.reelstatic\.com/"
 		to="https://www.reelseo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReelVidz.com.xml b/src/chrome/content/rules/ReelVidz.com.xml
index ca4e282123fb..7ada7cb5f9f8 100644
--- a/src/chrome/content/rules/ReelVidz.com.xml
+++ b/src/chrome/content/rules/ReelVidz.com.xml
@@ -29,4 +29,4 @@ Fetch error: http://reelvidz.com/ => https://reelvidz.com/: (51, "SSL: no altern
 	<rule from="^http://(www\.)?reelvidz\.com/"
 		to="https://$1reelvidz.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Reethi_Beach.com.xml b/src/chrome/content/rules/Reethi_Beach.com.xml
index 5c8fff510f27..1c40f4b225cf 100644
--- a/src/chrome/content/rules/Reethi_Beach.com.xml
+++ b/src/chrome/content/rules/Reethi_Beach.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Reethi Beach.com">
 
 	<target host="reethibeach.com" />
-	<target host="*.reethibeach.com" />
+	<target host="www.reethibeach.com" />
 
 
 	<securecookie host="^\.reethibeach\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Refaktor.hu.xml b/src/chrome/content/rules/Refaktor.hu.xml
index c954d2f010f2..d0239c323a4f 100644
--- a/src/chrome/content/rules/Refaktor.hu.xml
+++ b/src/chrome/content/rules/Refaktor.hu.xml
@@ -1,4 +1,10 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://demo.refaktor.hu/ => https://demo.refaktor.hu/: (6, 'Could not resolve host: demo.refaktor.hu')
+Fetch error: http://logo.refaktor.hu/ => https://logo.refaktor.hu/: (6, 'Could not resolve host: logo.refaktor.hu')
+
 	There are no nonfunctional hosts in *.refaktor.hu.
 -->
 <ruleset name="Refaktor.hu">
@@ -6,10 +12,8 @@
 	<target host="www.refactor.hu" />
 	<target host="refaktor.hu" />
 	<target host="www.refaktor.hu" />
-	<target host="demo.refaktor.hu" />
-		<test url="http://demo.refaktor.hu/kelet-ausztria-legszebb-hegyei/social1.png" />
-	<target host="logo.refaktor.hu" />
-
+	<!-- target host="demo.refaktor.hu" /-->
+	<!-- target host="logo.refaktor.hu" /-->
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ReferMe.to.xml b/src/chrome/content/rules/ReferMe.to.xml
new file mode 100644
index 000000000000..84f49f43f1ec
--- /dev/null
+++ b/src/chrome/content/rules/ReferMe.to.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		- www.referme.to
+-->
+
+<ruleset name="ReferMe.to">
+	<target host="referme.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RefinedGuy.com.xml b/src/chrome/content/rules/RefinedGuy.com.xml
new file mode 100644
index 000000000000..8b5db3ed9818
--- /dev/null
+++ b/src/chrome/content/rules/RefinedGuy.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.refinedguy.com
+-->
+
+<ruleset name="RefinedGuy.com" platform="mixedcontent">
+	<target host="refinedguy.com" />
+	<target host="www.refinedguy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Refinitiv.com.xml b/src/chrome/content/rules/Refinitiv.com.xml
new file mode 100644
index 000000000000..d33e70794cea
--- /dev/null
+++ b/src/chrome/content/rules/Refinitiv.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- refinitiv.com
+
+		SSL peer certificate was not OK:
+		- online.refinitiv.com
+		- solutions.refinitiv.com
+-->
+<ruleset name="Refinitiv.com">
+	<target host="www.refinitiv.com" />
+	<target host="contribute.refinitiv.com" />
+	<target host="developers.refinitiv.com" />
+	<target host="community.developers.refinitiv.com" />
+	<target host="jobs.refinitiv.com" />
+	<target host="labs.refinitiv.com" />
+	<target host="lipperalpha.refinitiv.com" />
+	<target host="my.refinitiv.com" />
+	<target host="perspectives.refinitiv.com" />
+	<target host="resourcehub.refinitiv.com" />
+	<target host="thesource.refinitiv.com" />
+	<target host="training.refinitiv.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReflexPhoto.xml b/src/chrome/content/rules/ReflexPhoto.xml
index d93b0f276aa0..892e8266bcbc 100644
--- a/src/chrome/content/rules/ReflexPhoto.xml
+++ b/src/chrome/content/rules/ReflexPhoto.xml
@@ -1,5 +1,5 @@
-<ruleset name="ReflexPhoto">
-        <target host="reflexphoto.eu" />
-        <target host="www.reflexphoto.eu" />
-        <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+<ruleset name="ReflexPhoto">
+        <target host="reflexphoto.eu" />
+        <target host="www.reflexphoto.eu" />
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reformal.xml b/src/chrome/content/rules/Reformal.xml
index 1ccdf7cc78cf..2c75a87c054c 100644
--- a/src/chrome/content/rules/Reformal.xml
+++ b/src/chrome/content/rules/Reformal.xml
@@ -19,4 +19,4 @@ Fetch error: http://reformal.ru/ => https://reformal.ru/: (60, 'SSL certificate
 	<rule from="^http://([\w-]+\.)?reformal\.ru/"
 		to="https://$1reformal.ru/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Refunite.org.xml b/src/chrome/content/rules/Refunite.org.xml
new file mode 100644
index 000000000000..c15a557faaca
--- /dev/null
+++ b/src/chrome/content/rules/Refunite.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.refunite.org:
+
+	- www: mismatch
+	- blog: mismatch
+-->
+<ruleset name="Refunite.org">
+	<target host="refunite.org" />
+	<target host="www.refunite.org" />
+	<target host="m.refunite.org" />
+	<target host="static.refunite.org" />
+
+	<rule from="^http://www\.refunite\.org/" to="https://refunite.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reg.ru.xml b/src/chrome/content/rules/Reg.ru.xml
index b8286466946c..3ae4cad4c0bd 100644
--- a/src/chrome/content/rules/Reg.ru.xml
+++ b/src/chrome/content/rules/Reg.ru.xml
@@ -11,13 +11,14 @@
 <ruleset name="Reg.ru (partial)">
 
 	<target host="reg.ru" />
-	<target host="*.reg.ru" />
+	<target host="hosting.reg.ru" />
+	<target host="support.reg.ru" />
+	<target host="www.reg.ru" />
 
 
 	<securecookie host="^\.reg\.ru$" name=".+" />
 
 
-	<rule from="^http://((?:hosting|support|www)\.)?reg\.ru/"
-		to="https://$1reg.ru/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Regex101.xml b/src/chrome/content/rules/Regex101.xml
index 032ea413fc31..0d220172924a 100644
--- a/src/chrome/content/rules/Regex101.xml
+++ b/src/chrome/content/rules/Regex101.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RegioBank_Adviseurs.nl.xml b/src/chrome/content/rules/RegioBank_Adviseurs.nl.xml
deleted file mode 100644
index 44f74d28fd93..000000000000
--- a/src/chrome/content/rules/RegioBank_Adviseurs.nl.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other RegioBank coverage, see RegioBank.nl.xml.
-
--->
-<ruleset name="RegioBank Adviseurs.nl">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="regiobankadviseurs.nl" />
-	<target host="www.regiobankadviseurs.nl" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Regjeringen.no.xml b/src/chrome/content/rules/Regjeringen.no.xml
index 7af441fc897c..1100261a016a 100644
--- a/src/chrome/content/rules/Regjeringen.no.xml
+++ b/src/chrome/content/rules/Regjeringen.no.xml
@@ -17,7 +17,7 @@ Fetch error: http://ny.regjeringen.no/ => https://ny.regjeringen.no/: (6, 'Could
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Regjeringen.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Regjeringen.no (partial)" default_off="failed ruleset test">
 
 	<target host="regjeringen.no" />
 	<target host="frieinntekter.regjeringen.no" />
diff --git a/src/chrome/content/rules/Regruhosting.ru.xml b/src/chrome/content/rules/Regruhosting.ru.xml
index 81e46d30f0e4..9ce28bdffa39 100644
--- a/src/chrome/content/rules/Regruhosting.ru.xml
+++ b/src/chrome/content/rules/Regruhosting.ru.xml
@@ -11,7 +11,7 @@ Fetch error: http://sync.security.pp.regruhosting.ru/ => https://sync.security.p
 		- .security.pp.regruhosting.ru
 
 -->
-<ruleset name="regruhosting.ru" default_off='failed ruleset test'>
+<ruleset name="regruhosting.ru" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Reichelt.de.xml b/src/chrome/content/rules/Reichelt.de.xml
index 41b7c6c7d50f..4b2a436b7de2 100644
--- a/src/chrome/content/rules/Reichelt.de.xml
+++ b/src/chrome/content/rules/Reichelt.de.xml
@@ -8,22 +8,22 @@
 	<target host="statistic2.reichelt.de" />
 	<target host="such001.reichelt.de" />
 	<target host="versandkosten.reichelt.de" />
-	
+
 	<target host="reichelt.com" />
 	<target host="www.reichelt.com" />
 	<target host="m.reichelt.com" />
 	<target host="secure.reichelt.com" />
-	
+
 	<target host="reichelt.at" />
 	<target host="www.reichelt.at" />
 	<target host="m.reichelt.at" />
 	<target host="secure.reichelt.at" />
-	
+
 	<target host="reichelt.nl" />
 	<target host="www.reichelt.nl" />
 	<target host="m.reichelt.nl" />
 	<target host="secure.reichelt.nl" />
-	
+
 	<target host="cdn-reichelt.de" />
 	<target host="css.cdn-reichelt.de" />
 	<target host="js.cdn-reichelt.de" />
diff --git a/src/chrome/content/rules/Reifman.org.xml b/src/chrome/content/rules/Reifman.org.xml
deleted file mode 100644
index 82b02ea69e1b..000000000000
--- a/src/chrome/content/rules/Reifman.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3iwh2gikt6957.cloudfront.net
-
-			- c3.reifman.org
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
--->
-<ruleset name="Reifman.org (partial)">
-
-	<target host="c3.reifman.org" />
-
-
-	<rule from="^http://c3\.reifman\.org/"
-		to="https://d3iwh2gikt6957.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Reimanpub.com.xml b/src/chrome/content/rules/Reimanpub.com.xml
index 9b3d6b25ad41..51f4f901dafe 100644
--- a/src/chrome/content/rules/Reimanpub.com.xml
+++ b/src/chrome/content/rules/Reimanpub.com.xml
@@ -9,13 +9,14 @@
 <ruleset name="reimanpub.com">
 
 	<target host="reimanpub.com" />
-	<target host="*.reimanpub.com" />
+	<target host="hostedmedia.reimanpub.com" />
+	<target host="origin-hostedmedia.reimanpub.com" />
+	<target host="www.reimanpub.com" />
 
 
 	<securecookie host="^(?:(?:origin-)?hostedmedia\.|www\.)?reimanpub\.com$" name=".+" />
 
 
-	<rule from="^http://((?:origin-)?hostedmedia\.|www\.)?reimanpub\.com/"
-		to="https://$1reimanpub.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Reiner-SCT.com.xml b/src/chrome/content/rules/Reiner-SCT.com.xml
index 5a150d9b061a..f6b637888771 100644
--- a/src/chrome/content/rules/Reiner-SCT.com.xml
+++ b/src/chrome/content/rules/Reiner-SCT.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://tracking.reiner-sct.com/ => https://tracking.reiner-sct.com/
 	* Secured by us
 
 -->
-<ruleset name="Reiner-SCT.com" default_off='failed ruleset test'>
+<ruleset name="Reiner-SCT.com" default_off="failed ruleset test">
 
 	<target host="reiner-sct.com" />
 	<target host="tracking.reiner-sct.com" />
@@ -28,4 +28,4 @@ Fetch error: http://tracking.reiner-sct.com/ => https://tracking.reiner-sct.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rejected.us.xml b/src/chrome/content/rules/Rejected.us.xml
new file mode 100644
index 000000000000..f5458609839f
--- /dev/null
+++ b/src/chrome/content/rules/Rejected.us.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rejected.us">
+	<target host="rejected.us" />
+	<target host="www.rejected.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Reklamport.com.xml b/src/chrome/content/rules/Reklamport.com.xml
deleted file mode 100644
index 6016d9ec1f3f..000000000000
--- a/src/chrome/content/rules/Reklamport.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	^reklamport.com: 404
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.reklamport.com
-
--->
-<ruleset name="Reklamport.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ad.reklamport.com" />
-	<target host="www.reklamport.com" />
-
-	<!--	Complications:
-				-->
-	<target host="reklamport.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.reklamport\.com$" name="^(?:ASP\.NET_SessionId|RPLng)$" /-->
-
-	<securecookie host="^www\.reklamport\.com$" name="" />
-
-
-	<rule from="^http://reklamport\.com/"
-		to="https://www.reklamport.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Relate.org.uk.xml b/src/chrome/content/rules/Relate.org.uk.xml
index e71fab16bef2..21b7ebadc468 100644
--- a/src/chrome/content/rules/Relate.org.uk.xml
+++ b/src/chrome/content/rules/Relate.org.uk.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Relcom.host.xml b/src/chrome/content/rules/Relcom.host.xml
index 657e4f3537ce..6d107d9a3e46 100644
--- a/src/chrome/content/rules/Relcom.host.xml
+++ b/src/chrome/content/rules/Relcom.host.xml
@@ -6,7 +6,7 @@ www.relcomhost.ru mismatch
 	<target host="relcom.host" />
 	<target host="www.relcom.host" />
 	<target host="lk.relcomhost.ru" />
-	
+
 	<exclusion pattern="^http://lk\.relcomhost\.ru/?$" />
 	<exclusion pattern="^http://lk\.relcomhost\.ru/?\?" />
 	<exclusion pattern="^http://lk\.relcomhost\.ru/index\.php$" />
@@ -15,7 +15,7 @@ www.relcomhost.ru mismatch
 	<exclusion pattern="^http://lk\.relcomhost\.ru/announcements\.php\?" />
 	<exclusion pattern="^http://lk\.relcomhost\.ru/knowledgebase\.php$" />
 	<exclusion pattern="^http://lk\.relcomhost\.ru/knowledgebase\.php\?" />
-	
+
 	<test url="http://lk.relcomhost.ru?" />
 	<test url="http://lk.relcomhost.ru/" />
 	<test url="http://lk.relcomhost.ru/?" />
diff --git a/src/chrome/content/rules/ReligMag.com.xml b/src/chrome/content/rules/ReligMag.com.xml
deleted file mode 100644
index 3064aad6b179..000000000000
--- a/src/chrome/content/rules/ReligMag.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ReligMag.com">
-	<target host="religmag.com" />
-	<target host="www.religmag.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Religion_News.com.xml b/src/chrome/content/rules/Religion_News.com.xml
index f0acd7262e76..d928fe8c8cd6 100644
--- a/src/chrome/content/rules/Religion_News.com.xml
+++ b/src/chrome/content/rules/Religion_News.com.xml
@@ -23,14 +23,23 @@ Fetch error: http://religionnews.com/ => https://religionnews.com/: (60, 'SSL ce
 <ruleset name="Religion News.com (partial)">
 
 	<target host="religionnews.com" />
-	<target host="*.religionnews.com" />
+	<target host="archives.religionnews.com" />
+	<target host="cathleenfalsani.religionnews.com" />
+	<target host="davidgibson.religionnews.com" />
+	<target host="janariess.religionnews.com" />
+	<target host="jonathanmerritt.religionnews.com" />
+	<target host="marksilk.religionnews.com" />
+	<target host="michaeloloughlin.religionnews.com" />
+	<target host="omarsacirbey.religionnews.com" />
+	<target host="omidsafi.religionnews.com" />
+	<target host="pressreleases.religionnews.com" />
+	<target host="www.religionnews.com" />
 		<exclusion pattern="^http://archives\.religionnews\.com/(?!\w+\.png|assets/|favicon\.ico|images/|sign-in(?:$|\?|/))" />
 
 
 	<securecookie host="^\.religionnews\.com$" name=".+" />
 
 
-	<rule from="^http://((?:archives|cathleenfalsani|davidgibson|janariess|jonathanmerritt|marksilk|michaeloloughlin|omarsacirbey|omidsafi|pressreleases|www)\.)?religionnews\.com/"
-		to="https://$1religionnews.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Remedy_Entertainment.xml b/src/chrome/content/rules/Remedy_Entertainment.xml
index 073e41c3a28d..5457df14c976 100644
--- a/src/chrome/content/rules/Remedy_Entertainment.xml
+++ b/src/chrome/content/rules/Remedy_Entertainment.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RememberTheMilk.xml b/src/chrome/content/rules/RememberTheMilk.xml
index 24e8f84ce98a..f87e6bbdbfd2 100644
--- a/src/chrome/content/rules/RememberTheMilk.xml
+++ b/src/chrome/content/rules/RememberTheMilk.xml
@@ -1,5 +1,5 @@
 <!--
-	Nonfunctional: 
+	Nonfunctional:
 
 		- blog.rememberthemilk.com	(cert: *.medialayer.net; shows status message)
 		- status.rememberthemilk.com	(times out)
@@ -7,27 +7,17 @@
 
 -->
 <ruleset name="Remember the Milk">
-
 	<target host="rememberthemilk.com" />
-	<target host="*.rememberthemilk.com" />
+	<target host="api.rememberthemilk.com" />
 	<target host="rememberthemilk.jp" />
 	<target host="www.rememberthemilk.jp" />
-	<target host="*.rtmcdn.net" />
-
+	<target host="s1.rtmcdn.net" />
+	<target host="s2.rtmcdn.net" />
+	<target host="s3.rtmcdn.net" />
+	<target host="s4.rtmcdn.net" />
 
 	<securecookie host="^\.rememberthemilk\.com$" name=".+" />
 
-
-	<!--	Cert doesn't match !www.
-		.jp redirects to .com.	-->
-	<rule from="^http://(?:www\.)?rememberthemilk\.(?:com|jp)/"
-		to="https://www.rememberthemilk.com/" />
-
-	<rule from="^http://api\.rememberthemilk\.com/"
-		to="https://api.rememberthemilk.com/" />
-
-	<rule from="^http://s([1-4])\.rtmcdn\.net/"
-		to="https://s$1.rtmcdn.net/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Remmina.org.xml b/src/chrome/content/rules/Remmina.org.xml
new file mode 100644
index 000000000000..cb11b0b90f68
--- /dev/null
+++ b/src/chrome/content/rules/Remmina.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Remmina.org">
+	<target host="remmina.org" />
+	<target host="www.remmina.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RemoteCoder.io.xml b/src/chrome/content/rules/RemoteCoder.io.xml
index 09150bd002ff..99422c613ebb 100644
--- a/src/chrome/content/rules/RemoteCoder.io.xml
+++ b/src/chrome/content/rules/RemoteCoder.io.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.remotecoder.io/ => https://www.remotecoder.io/: (51, "SSL: no alternative certificate subject name matches target host name 'www.remotecoder.io'")
 
 -->
-<ruleset name="RemoteCoder.io" default_off='failed ruleset test'>
+<ruleset name="RemoteCoder.io" default_off="failed ruleset test">
 
 	<target host="remotecoder.io" />
 	<target host="www.remotecoder.io" />
diff --git a/src/chrome/content/rules/RemoteStorage.io.xml b/src/chrome/content/rules/RemoteStorage.io.xml
index 761958cc8b19..9b11924eb04f 100644
--- a/src/chrome/content/rules/RemoteStorage.io.xml
+++ b/src/chrome/content/rules/RemoteStorage.io.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.remotestorage.io/ => https://www.remotestorage.io/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="remoteStorage.io" default_off='failed ruleset test'>
+<ruleset name="remoteStorage.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Remus_Exhaust_Store.com.xml b/src/chrome/content/rules/Remus_Exhaust_Store.com.xml
deleted file mode 100644
index b9060b0c62b1..000000000000
--- a/src/chrome/content/rules/Remus_Exhaust_Store.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from ^ and $self *
-
-	* Secured by us
-
--->
-<ruleset name="Remue Exhaust Store.com">
-
-	<target host="remusexhauststore.com" />
-	<target host="www.remusexhauststore.com" />
-
-
-	<securecookie host="^\.remusexhauststore\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RenderFarming.net.xml b/src/chrome/content/rules/RenderFarming.net.xml
index f575fbb15b4f..2d9a3449d048 100644
--- a/src/chrome/content/rules/RenderFarming.net.xml
+++ b/src/chrome/content/rules/RenderFarming.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://renderfarming.net/ => https://renderfarming.net/: (51, "SSL:
 	- www.renderfarming.net
 
 -->
-<ruleset name="RenderFarming.net" default_off='failed ruleset test'>
+<ruleset name="RenderFarming.net" default_off="failed ruleset test">
 
 	<target host="burp.renderfarming.net" />
 	<target host="renderfarming.net" />
diff --git a/src/chrome/content/rules/Reno_Gazette-Journal.xml b/src/chrome/content/rules/Reno_Gazette-Journal.xml
index b6d7e145b901..7cd97fe58fee 100644
--- a/src/chrome/content/rules/Reno_Gazette-Journal.xml
+++ b/src/chrome/content/rules/Reno_Gazette-Journal.xml
@@ -25,7 +25,9 @@ Fetch error: http://rgj.com/ => https://www.rgj.com/: (51, "SSL: no alternative
 <ruleset name="Reno Gazette-Journal (partial)">
 
 	<target host="rgj.com" />
-	<target host="*.rgj.com" />
+	<target host="cmsimg.rgj.com" />
+	<target host="www.rgj.com" />
+	<target host="deals.rgj.com" />
 
 
 	<securecookie host="^(?:www)?\.rgj\.com$" name=".+" />
@@ -37,4 +39,4 @@ Fetch error: http://rgj.com/ => https://www.rgj.com/: (51, "SSL: no alternative
 	<rule from="^http://deals\.rgj\.com/sf_(framework|module)s/"
 		to="https://reno.planetdiscover.com/sf_$1s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Renovation_Experts.xml b/src/chrome/content/rules/Renovation_Experts.xml
deleted file mode 100644
index c5b5b15ee718..000000000000
--- a/src/chrome/content/rules/Renovation_Experts.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	For other Web.com Group coverage, see Web.com.xml.
-
-
-	Nonfunctional hosts in *renovationexperts.com:
-
-		- blog *
-
-	* Refused
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- renovationexperts.com
-		- .renovationexperts.com
-		- www.renovationexperts.com
-
-
-	Mixed content:
-
-		- Ads/bugs, on:
-
-			- (www.)? from fls.doubleclick.net
-			- (www.)? from \d+.fls.doubleclick.net
-			- (www.)? from fetchback.com
-
--->
-<ruleset name="RenovationExperts.com">
-
-	<target host="renovationexperts.com" />
-	<target host="www.renovationexperts.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Renren.com.xml b/src/chrome/content/rules/Renren.com.xml
index be7a47bd1fa8..4b66e8100366 100644
--- a/src/chrome/content/rules/Renren.com.xml
+++ b/src/chrome/content/rules/Renren.com.xml
@@ -31,7 +31,7 @@
 	Mixed content:
 
 		- Image on licai from fmn.rrfmn.com ³
-	
+
 	³ Unsecurable <= 403
 
 -->
diff --git a/src/chrome/content/rules/Renrencaopan.com.xml b/src/chrome/content/rules/Renrencaopan.com.xml
index 4cc26c9e320d..877b40645cd1 100644
--- a/src/chrome/content/rules/Renrencaopan.com.xml
+++ b/src/chrome/content/rules/Renrencaopan.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.renrencaopan.com/ => https://www.renrencaopan.com/: (6,
 		- www.renrencaopan.com
 
 -->
-<ruleset name="renrencaopan.com" default_off='failed ruleset test'>
+<ruleset name="renrencaopan.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rent_the_Runway.xml b/src/chrome/content/rules/Rent_the_Runway.xml
index 364375ab04d8..2f81359d88b1 100644
--- a/src/chrome/content/rules/Rent_the_Runway.xml
+++ b/src/chrome/content/rules/Rent_the_Runway.xml
@@ -30,8 +30,11 @@
 <ruleset name="Rent the Runway (partial)">
 
 	<target host="renttherunway.com" />
-	<target host="*.renttherunway.com" />
-	<target host="*.rtrcdn.com" />
+	<target host="www.renttherunway.com" />
+	<target host="cdn.renttherunway.com" />
+	<target host="cdn.rtrcdn.com" />
+	<target host="grid-p.rtrcdn.com" />
+	<target host="static-p.rtrcdn.com" />
 
 
 	<!--	Redirects to http as-is:
@@ -51,4 +54,4 @@
 	<rule from="^http://(?:grid|static)-p\.rtrcdn\.com/"
 		to="https://cdn.rtrcdn.com/grid/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rentalserver.jp.xml b/src/chrome/content/rules/Rentalserver.jp.xml
index 9ee8a5482681..7bde0ba020f6 100644
--- a/src/chrome/content/rules/Rentalserver.jp.xml
+++ b/src/chrome/content/rules/Rentalserver.jp.xml
@@ -14,7 +14,7 @@ Fetch error: http://cp-vps.rentalserver.jp/ => https://cp-vps.rentalserver.jp/:
 		- sv
 
 -->
-<ruleset name="rentalserver.jp" default_off='failed ruleset test'>
+<ruleset name="rentalserver.jp" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rephial.org.xml b/src/chrome/content/rules/Rephial.org.xml
new file mode 100644
index 000000000000..b713abe915c4
--- /dev/null
+++ b/src/chrome/content/rules/Rephial.org.xml
@@ -0,0 +1,14 @@
+<!--
+    Redirect to HTTP:
+    buildbot.rephial.org
+	www.rephial.org
+	www.trac.rephial.org
+
+-->
+<ruleset name="Rephial.org">
+	<target host="rephial.org" />
+	<target host="trac.rephial.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Replica_Perfection.xml b/src/chrome/content/rules/Replica_Perfection.xml
index 50d103f3c514..8f247c6928f6 100644
--- a/src/chrome/content/rules/Replica_Perfection.xml
+++ b/src/chrome/content/rules/Replica_Perfection.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ReportLab.xml b/src/chrome/content/rules/ReportLab.xml
index 38884caf071c..f0d99606cdfe 100644
--- a/src/chrome/content/rules/ReportLab.xml
+++ b/src/chrome/content/rules/ReportLab.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://www\.reportlab\.com/(accounts/|favicon\.ico|media/|static)"
 		to="https://www.reportlab.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Represent.Us.xml b/src/chrome/content/rules/Represent.Us.xml
index 50ab333e3961..9881c264824a 100644
--- a/src/chrome/content/rules/Represent.Us.xml
+++ b/src/chrome/content/rules/Represent.Us.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://cdn\d\.represent\.us/"
 		to="https://d16f95x138ho2a.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Republik.ch.xml b/src/chrome/content/rules/Republik.ch.xml
index 6f16d2ccea2f..064bad80c9d3 100644
--- a/src/chrome/content/rules/Republik.ch.xml
+++ b/src/chrome/content/rules/Republik.ch.xml
@@ -5,7 +5,7 @@
 	Connection refused:
 		- sandstorm.republik.ch
 		- runner-0.git.project-r.construction
-		
+
 	Timeout:
 		- email.project-r.construction
 -->
diff --git a/src/chrome/content/rules/RequireJS.org.xml b/src/chrome/content/rules/RequireJS.org.xml
new file mode 100644
index 000000000000..0d86a958c245
--- /dev/null
+++ b/src/chrome/content/rules/RequireJS.org.xml
@@ -0,0 +1,23 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Refused:
+		m
+		wap
+		wwww
+-->
+<ruleset name="RequireJS.org">
+
+	<target host="requirejs.org" />
+	<target host="www.requirejs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://www.requirejs.org/,
+	http://www.requirejs.org/ redirects to https://requirejs.org/.-->
+	<rule from="^http://www\.requirejs\.org/"
+		to="https://requirejs.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Research-Media-and-Cybernetics.xml b/src/chrome/content/rules/Research-Media-and-Cybernetics.xml
index 5d404e10f99c..23fe2935764f 100644
--- a/src/chrome/content/rules/Research-Media-and-Cybernetics.xml
+++ b/src/chrome/content/rules/Research-Media-and-Cybernetics.xml
@@ -5,7 +5,7 @@
 	<!--
 		*s for cross-domain cookies.
 						-->
-	
+
 
 
 	<securecookie host="^.*\.rmcybernetics\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Research_Results.com.xml b/src/chrome/content/rules/Research_Results.com.xml
index ffd6a7b55623..d50e63120ccb 100644
--- a/src/chrome/content/rules/Research_Results.com.xml
+++ b/src/chrome/content/rules/Research_Results.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://surveys.researchresults.com/ => https://surveys.researchresu
 	ᵉ Expired
 
 -->
-<ruleset name="Research Results.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Research Results.com (partial)" default_off="failed ruleset test">
 
 	<target host="isurveys.researchresults.com" />
 	<target host="surveys.researchresults.com" />
diff --git a/src/chrome/content/rules/ResearcherID.com.xml b/src/chrome/content/rules/ResearcherID.com.xml
new file mode 100644
index 000000000000..6dfd64ad10f3
--- /dev/null
+++ b/src/chrome/content/rules/ResearcherID.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Connection refused:
+		- dl.researcherid.com
+		- ul.researcherid.com
+
+	Connection reset:
+		- ridws.researcherid.com
+
+	Invalid certificate:
+		- origin-eagan-www.researcherid.com
+		- origin-plano-www.researcherid.com
+
+	Timed out:
+		- account-int.researcherid.com
+		- account-qa.researcherid.com
+		- labs-qa.researcherid.com
+		- rid-qa.researcherid.com
+-->
+
+<ruleset name="ResearcherID.com">
+	<target host="researcherid.com" />
+	<target host="www.researcherid.com" />
+	<target host="account.researcherid.com" />
+	<target host="labs.researcherid.com" />
+
+	<securecookie host="^(www|account|labs)\.researcherid\.com$" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ResellerRatings.xml b/src/chrome/content/rules/ResellerRatings.xml
index 4a28940752e3..f7b132c80765 100644
--- a/src/chrome/content/rules/ResellerRatings.xml
+++ b/src/chrome/content/rules/ResellerRatings.xml
@@ -48,6 +48,6 @@ Fetch error: http://resellerratings.com/ => https://resellerratings.com/: (60, '
 		to="https://d3cb52u6zfmv02.cloudfront.net/" />
 
 	<rule from="^http://images\.resellerratings\.com/"
-		to="https://d2ebdb90bhptzn.cloudfront.net/" />
+		to="https://images.resellerratings.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Reservation-Desk.com.xml b/src/chrome/content/rules/Reservation-Desk.com.xml
deleted file mode 100644
index 8ea4f2fafb6f..000000000000
--- a/src/chrome/content/rules/Reservation-Desk.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	findanswers.custhelp.com
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Reservation-Desk.com (partial)">
-
-	<target host="reservation-desk.com" />
-	<target host="callcenter.reservation-desk.com" />
-	<target host="www.reservation-desk.com" />
-		<exclusion pattern="^http://(?:www\.)?reservation-desk\.com/(?!application/themes/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ResidueTheorem.com.xml b/src/chrome/content/rules/ResidueTheorem.com.xml
new file mode 100644
index 000000000000..31b8d6e3ec5b
--- /dev/null
+++ b/src/chrome/content/rules/ResidueTheorem.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ResidueTheorem.com">
+	<target host="residuetheorem.com" />
+	<target host="www.residuetheorem.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Resinfo.org.xml b/src/chrome/content/rules/Resinfo.org.xml
index f648b3097bce..5ac266667cdd 100644
--- a/src/chrome/content/rules/Resinfo.org.xml
+++ b/src/chrome/content/rules/Resinfo.org.xml
@@ -9,7 +9,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Resinfo.org" default_off="missing certificate chain">
+<ruleset name="Resinfo.org" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Resist_Surveillance.org.xml b/src/chrome/content/rules/Resist_Surveillance.org.xml
index ebe20bfc1af8..1fd5934c5bde 100644
--- a/src/chrome/content/rules/Resist_Surveillance.org.xml
+++ b/src/chrome/content/rules/Resist_Surveillance.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://resistsurveillance.org/ => https://resistsurveillance.org/:
 Fetch error: http://www.resistsurveillance.org/ => https://www.resistsurveillance.org/: (7, 'Failed to connect to www.resistsurveillance.org port 443: Connection refused')
 
 -->
-<ruleset name="Resist Surveillance.org" default_off='failed ruleset test'>
+<ruleset name="Resist Surveillance.org" default_off="failed ruleset test">
 
 	<target host="resistsurveillance.org" />
 	<target host="www.resistsurveillance.org" />
diff --git a/src/chrome/content/rules/ResistanceReport.com.xml b/src/chrome/content/rules/ResistanceReport.com.xml
deleted file mode 100644
index 35814aaa53d8..000000000000
--- a/src/chrome/content/rules/ResistanceReport.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ResistanceReport.com">
-
-	<target host="resistancereport.com" />
-	<target host="www.resistancereport.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Resonant.org.xml b/src/chrome/content/rules/Resonant.org.xml
deleted file mode 100644
index 54f1b9142951..000000000000
--- a/src/chrome/content/rules/Resonant.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Resonant.org">
-
-	<target host="resonant.org" />
-	<target host="www.resonant.org" />
-	<target host="moebius.resonant.org" />
-	<target host="wikis.resonant.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Respect_Network.com.xml b/src/chrome/content/rules/Respect_Network.com.xml
deleted file mode 100644
index ae50def57349..000000000000
--- a/src/chrome/content/rules/Respect_Network.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	^respectnetwork.com: Server sends no certificate chain, see https://whatsmychaincert.com
-
--->
-<ruleset name="Respect Network.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.respectnetwork.com" />
-
-	<!--	Complications:
-				-->
-	<target host="respectnetwork.com" />
-
-
-	<rule from="^http://respectnetwork\.com/"
-		to="https://www.respectnetwork.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Respect_our_privacy.com.xml b/src/chrome/content/rules/Respect_our_privacy.com.xml
index 8e6df414833d..6ffe1c4132d4 100644
--- a/src/chrome/content/rules/Respect_our_privacy.com.xml
+++ b/src/chrome/content/rules/Respect_our_privacy.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.respectourprivacy.com/ => https://www.respectourprivacy.
 		- www.respectourprivacy.com
 
 -->
-<ruleset name="Respect our privacy.com" default_off='failed ruleset test'>
+<ruleset name="Respect our privacy.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Responsys.com.xml b/src/chrome/content/rules/Responsys.com.xml
index 47e9dc2d3e63..00094e16b1d9 100644
--- a/src/chrome/content/rules/Responsys.com.xml
+++ b/src/chrome/content/rules/Responsys.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.responsys.com/ => https://www.oracle.com/marketingcloud/
 	www.responsys.com: Redirects to http
 
 -->
-<ruleset name="Responsys.com" default_off='failed ruleset test'>
+<ruleset name="Responsys.com" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Restcountries.eu.xml b/src/chrome/content/rules/Restcountries.eu.xml
new file mode 100644
index 000000000000..a9e240a6c3a9
--- /dev/null
+++ b/src/chrome/content/rules/Restcountries.eu.xml
@@ -0,0 +1,5 @@
+<ruleset name="REST Countries">
+	<target host="restcountries.eu" />
+	<target host="www.restcountries.eu" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Restore_the_Fourth.xml b/src/chrome/content/rules/Restore_the_Fourth.xml
index 6b00aa134fef..3a96bb23f58c 100644
--- a/src/chrome/content/rules/Restore_the_Fourth.xml
+++ b/src/chrome/content/rules/Restore_the_Fourth.xml
@@ -11,7 +11,7 @@ Fetch error: http://restorethefourth.net/ => https://restorethefourth.net/: (51,
 		- restorethefourth.s3.amazonaws.com
 
 -->
-<ruleset name="Restore the Fourth" default_off='failed ruleset test'>
+<ruleset name="Restore the Fourth" default_off="failed ruleset test">
 
 	<target host="restorethefourth.net" />
 	<target host="www.restorethefourth.net" />
@@ -22,4 +22,4 @@ Fetch error: http://restorethefourth.net/ => https://restorethefourth.net/: (51,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Retail-Link.gr.xml b/src/chrome/content/rules/Retail-Link.gr.xml
index b01fc62cdd89..a45116386467 100644
--- a/src/chrome/content/rules/Retail-Link.gr.xml
+++ b/src/chrome/content/rules/Retail-Link.gr.xml
@@ -11,13 +11,13 @@
 <ruleset name="Retail-Link.gr">
 
 	<target host="retail-link.gr" />
-	<target host="*.retail-link.gr" />
+	<target host="www.retail-link.gr" />
+	<target host="e-invoicing.retail-link.gr" />
 
 
 	<rule from="^http://(?:www\.)?retail-link\.gr/"
 		to="https://www.retail-link.gr/" />
 
-	<rule from="^http://e-invoicing\.retail-link\.gr/"
-		to="https://e-invoicing.retail-link.gr/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Retail_Sails.xml b/src/chrome/content/rules/Retail_Sails.xml
index 07f5910afa57..9b7e0b8c6b23 100644
--- a/src/chrome/content/rules/Retail_Sails.xml
+++ b/src/chrome/content/rules/Retail_Sails.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.retailsails.com/ => https://retailsails.com/: (7, 'Faile
 	- www.retailsails.com
 	- blog.retailsails.com
 -->
-<ruleset name="Retail Sails" default_off='failed ruleset test'>
+<ruleset name="Retail Sails" default_off="failed ruleset test">
 	<target host="retailsails.com" />
 	<target host="www.retailsails.com" />
 
diff --git a/src/chrome/content/rules/Retravision.com.au.xml b/src/chrome/content/rules/Retravision.com.au.xml
new file mode 100644
index 000000000000..0335c1421ebd
--- /dev/null
+++ b/src/chrome/content/rules/Retravision.com.au.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional subdomains:
+		- catalogues	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Retravision">
+
+	<target host="retravision.com.au" />
+	<target host="www.retravision.com.au" />
+	<target host="clearance.retravision.com.au" />
+	<target host="commercial.retravision.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Retreat.lgbt.xml b/src/chrome/content/rules/Retreat.lgbt.xml
deleted file mode 100644
index 7699f5d36170..000000000000
--- a/src/chrome/content/rules/Retreat.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Retreat.lgbt" platform="mixedcontent">
-	<target host="retreat.lgbt" />
-	<target host="www.retreat.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/RetroFestive.ca.xml b/src/chrome/content/rules/RetroFestive.ca.xml
index ddbb7b3246a4..aae042f85b2e 100644
--- a/src/chrome/content/rules/RetroFestive.ca.xml
+++ b/src/chrome/content/rules/RetroFestive.ca.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rettighedsalliancen.dk.xml b/src/chrome/content/rules/Rettighedsalliancen.dk.xml
index 9575930cf27d..24786aaddac5 100644
--- a/src/chrome/content/rules/Rettighedsalliancen.dk.xml
+++ b/src/chrome/content/rules/Rettighedsalliancen.dk.xml
@@ -1,20 +1,9 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://rettighedsalliancen.dk/ => https://www.rettighedsalliancen.dk/: (60, 'SSL certificate problem: self signed certificate')
-Fetch error: http://www.rettighedsalliancen.dk/ => https://www.rettighedsalliancen.dk/: (60, 'SSL certificate problem: self signed certificate')
-
-	Some style sheet and script references are 
-	hard coded to be fetched over http, which
-	causes 	design breaking in mixed content
-	blocking browsers.
--->
-<ruleset name="Rettighedsalliancen.dk (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Rettighedsalliancen.dk">
 
 	<target host="rettighedsalliancen.dk" />
 	<target host="www.rettighedsalliancen.dk" />
 
-	<rule from="^http://(www\.)?rettighedsalliancen\.dk/"
-		to="https://www.rettighedsalliancen.dk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Return-to-the-Roots.xml b/src/chrome/content/rules/Return-to-the-Roots.xml
index b7f1e723ae8a..f77e82a5a9ce 100644
--- a/src/chrome/content/rules/Return-to-the-Roots.xml
+++ b/src/chrome/content/rules/Return-to-the-Roots.xml
@@ -21,7 +21,7 @@ Fetch error: http://packages.siedler25.org/ => https://packages.siedler25.org/:
 	ˢ Secured by us
 
 -->
-<ruleset name="Siedler 25.org" default_off='failed ruleset test'>
+<ruleset name="Siedler 25.org" default_off="failed ruleset test">
 
 	<target host="siedler25.org" />
 	<target host="bugs.siedler25.org" />
diff --git a/src/chrome/content/rules/Return_Path.com.xml b/src/chrome/content/rules/Return_Path.com.xml
deleted file mode 100644
index 169b5f8896eb..000000000000
--- a/src/chrome/content/rules/Return_Path.com.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	Other Return Path rulesets:
-
-		- Return_Path.net.xml
-		- SenderScore.org.xml
-
-
-	Problematic hosts in *returnpath.com:
-
-		- blog *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- returnpath.com
-
-
-	Mixed content:
-
-		- css on blog from fonts.googleapis.com *
-		- Image on blog from www.returnpath.com *
-
-	* Secured by us
-
--->
-<ruleset name="Return Path.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="returnpath.com" />
-	<!--target host="blog.returnpath.com" /-->
-	<target host="www.returnpath.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^returnpath\.com$" name="^_icl_current_language$" /-->
-
-	<securecookie host="^returnpath\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Return_Path.net.xml b/src/chrome/content/rules/Return_Path.net.xml
index 689d8705cb9e..6d5410859a08 100644
--- a/src/chrome/content/rules/Return_Path.net.xml
+++ b/src/chrome/content/rules/Return_Path.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.returnpath.net/ => https://www.returnpath.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.returnpath.net'")
 Fetch error: http://returnpath.net/ => https://www.returnpath.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.returnpath.net'")
 
-	For other Return Path coverage, see Return_Path.com.xml.
+	For other Return Path coverage, see SenderScore.org.xml
 
 
 	^returnpath.net: Mismatched
@@ -17,7 +17,7 @@ Fetch error: http://returnpath.net/ => https://www.returnpath.net/: (51, "SSL: n
 		- monitor2.returnpath.net
 
 -->
-<ruleset name="Return Path.net" default_off='failed ruleset test'>
+<ruleset name="Return Path.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Reussissonsensemble.fr.xml b/src/chrome/content/rules/Reussissonsensemble.fr.xml
deleted file mode 100644
index 4cd9ffe85fe5..000000000000
--- a/src/chrome/content/rules/Reussissonsensemble.fr.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Ads.
-
-	For other Sedo coverage, see Sedo.com.xml.
-
-
-	Problematic subdomains:
-
-		- (www.)	(works; mismatched, CN: *.affili.net)
-
-
-	Fully covered subdomains:
-
-		- banniere
-		- clic
-
--->
-<ruleset name="reussissonsensemble.fr (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="banniere.reussissonsensemble.fr" />
-	<target host="clic.reussissonsensemble.fr" />
-
-
-	<securecookie host="^clic\.reussissonsensemble\.fr$" name=".+" />
-
-
-	<!--	Destination redirects to http:
-						-->
-	<!--rule from="^http://(?:www\.)?reussissonsensemble\.fr/"
-		to="https://www.affili.net/de/desktopdefault.aspx" /-->
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rev2pub.com.xml b/src/chrome/content/rules/Rev2pub.com.xml
deleted file mode 100644
index ced3e543734a..000000000000
--- a/src/chrome/content/rules/Rev2pub.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://creative.rev2pub.com/ => https://d1col0l9yjljr0.cloudfront.net/: (6, 'Could not resolve host: d1col0l9yjljr0.cloudfront.net')
-
-Automatically by https-everywhere-checker because:
-Fetch error: http://creative.rev2pub.com/ => https://d1col0l9yjljr0.cloudfront.net/: (6, 'Could not resolve host: d1col0l9yjljr0.cloudfront.net')
-	For other Matomy coverage, see Matomy-Media.xml.
-
-
-	CDN buckets:
-
-		- d1col0l9yjljr0.cloudfront.net
-
-			- creative
-
--->
-<ruleset name="rev2pub.com" default_off='failed ruleset test'>
-
-	<target host="creative.rev2pub.com" />
-
-
-	<rule from="^http://creative\.rev2pub\.com/"
-		to="https://d1col0l9yjljr0.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RevResponse.com.xml b/src/chrome/content/rules/RevResponse.com.xml
index 0c04a57bfd93..dae5a2d54737 100644
--- a/src/chrome/content/rules/RevResponse.com.xml
+++ b/src/chrome/content/rules/RevResponse.com.xml
@@ -7,7 +7,7 @@
 	Cert only matches *.revresponse.com
 		- img ²
 
-	² Mismatched, CN: *.tradepub.com 
+	² Mismatched, CN: *.tradepub.com
 
 
 
diff --git a/src/chrome/content/rules/RevSci.net.xml b/src/chrome/content/rules/RevSci.net.xml
deleted file mode 100644
index e29f10a69d4b..000000000000
--- a/src/chrome/content/rules/RevSci.net.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other AudienceScience coverage, see AudienceScience.xml.
-
--->
-<ruleset name="RevSci.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="js.revsci.net" />
-	<target host="pix.revsci.net" />
-	<target host="pix01.revsci.net" />
-	<target host="pix04.revsci.net" />
-	<target host="pq-direct.revsci.net" />
-
-	<securecookie host="^\.revsci\.net$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RevenuQuebec.ca.xml b/src/chrome/content/rules/RevenuQuebec.ca.xml
new file mode 100644
index 000000000000..09f759fb0a4e
--- /dev/null
+++ b/src/chrome/content/rules/RevenuQuebec.ca.xml
@@ -0,0 +1,15 @@
+<!--
+	Subdomains other than ^ and www do not listen on port 80.
+
+	HTTP =/= HTTPS:
+		- ^
+-->
+<ruleset name="RevenuQuebec.ca">
+	<target host="revenuquebec.ca" />
+	<target host="www.revenuquebec.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://revenuquebec\.ca/" to="https://www.revenuquebec.ca/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ReverePress.com.xml b/src/chrome/content/rules/ReverePress.com.xml
deleted file mode 100644
index f2685035a15b..000000000000
--- a/src/chrome/content/rules/ReverePress.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="reverepress.com" platform="mixedcontent">
-	<target host="reverepress.com" />
-	<target host="www.reverepress.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Reviewing_Comics.xml b/src/chrome/content/rules/Reviewing_Comics.xml
index eb8f8f357c0a..894ad1c4ecbd 100644
--- a/src/chrome/content/rules/Reviewing_Comics.xml
+++ b/src/chrome/content/rules/Reviewing_Comics.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Revision3.xml b/src/chrome/content/rules/Revision3.xml
deleted file mode 100644
index b7a03f1bd011..000000000000
--- a/src/chrome/content/rules/Revision3.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- revision3-pc-ssl.bitgravity.com
-
-
-	Problematic domains:
-
-		- statics.revision3.com
-
-
-	Nonfunctional domains:
-
-		- videos.revision3.com
-
--->
-<ruleset name="Revision3 (partial)">
-
-	<target host="revision3.com" />
-	<target host="*.revision3.com" />
-
-
-	<securecookie host="^\.revision3\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?revision3\.com/"
-		to="https://$1revision3.com/" />
-
-	<rule from="^http://statics\.revision3\.com/"
-		to="https://revision3-pc-ssl.bitgravity.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Revolet.xml b/src/chrome/content/rules/Revolet.xml
index 9d5d16a9b2cf..cbe3a196e1ad 100644
--- a/src/chrome/content/rules/Revolet.xml
+++ b/src/chrome/content/rules/Revolet.xml
@@ -6,7 +6,7 @@
 	<target host="www.revolet.com" />
 
 
-	<securecookie host="^(?:.*\.)?revolet\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Revolt_Games.xml b/src/chrome/content/rules/Revolt_Games.xml
index 2ec75171a1e4..9e83b00fdc69 100644
--- a/src/chrome/content/rules/Revolt_Games.xml
+++ b/src/chrome/content/rules/Revolt_Games.xml
@@ -19,10 +19,10 @@ Fetch error: http://revoltgames.com/ => https://www.revoltgames.com/: Too many r
 		- ^	(shows blank page)
 
 -->
-<ruleset name="Revolt Games (partial)" default_off='failed ruleset test'>
+<ruleset name="Revolt Games (partial)" default_off="failed ruleset test">
 
 	<target host="revoltgames.com" />
-	<target host="*.revoltgames.com" />
+	<target host="www.revoltgames.com" />
 
 
 	<securecookie host="^\.revoltgames\.com$" name=".+" />
@@ -31,4 +31,4 @@ Fetch error: http://revoltgames.com/ => https://www.revoltgames.com/: Too many r
 	<rule from="^http://(?:www\.)?revoltgames\.com/"
 		to="https://www.revoltgames.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Revolutionwifi.net.xml b/src/chrome/content/rules/Revolutionwifi.net.xml
new file mode 100644
index 000000000000..60491aa95871
--- /dev/null
+++ b/src/chrome/content/rules/Revolutionwifi.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Revolutionwifi.net">
+	<target host="revolutionwifi.net" />
+	<target host="www.revolutionwifi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Revosec.ch.xml b/src/chrome/content/rules/Revosec.ch.xml
deleted file mode 100644
index 2d791a917844..000000000000
--- a/src/chrome/content/rules/Revosec.ch.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="revosec">
-
-	<target host="revosec.ch" />
-	<target host="www.revosec.ch" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RhB.xml b/src/chrome/content/rules/RhB.xml
index 8a4078537b4e..14e95c930280 100644
--- a/src/chrome/content/rules/RhB.xml
+++ b/src/chrome/content/rules/RhB.xml
@@ -18,7 +18,7 @@
 	<target host="www.rhb.ch"/>
 	<target host="elearning.rhb.ch"/>
 	<target host="opendata.rhb.ch"/>
-	
+
 	<rule from="^http:"
 		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Rhapsody.xml b/src/chrome/content/rules/Rhapsody.xml
index 10e462554ac8..28457bf26a3a 100644
--- a/src/chrome/content/rules/Rhapsody.xml
+++ b/src/chrome/content/rules/Rhapsody.xml
@@ -17,7 +17,7 @@
 	<target host="rhapsody.com" />
 	<target host="www.rhapsody.com" />
 
-    
+
 	<rule from="^http://(?:www\.)?rhapsody\.com/"
 		to="https://www.rhapsody.com/" />
 
diff --git a/src/chrome/content/rules/Rheinpfalz.de.xml b/src/chrome/content/rules/Rheinpfalz.de.xml
index f9754ab45526..3d80582509ac 100644
--- a/src/chrome/content/rules/Rheinpfalz.de.xml
+++ b/src/chrome/content/rules/Rheinpfalz.de.xml
@@ -1,7 +1,7 @@
 <!--
 	Mixed content blocking:
 		epaper.rheinpfalz.de
-  
+
 -->
 
 <ruleset name="Rheinpfalz.de (partial)">
@@ -18,6 +18,6 @@
 	<target host="vk.rheinpfalz.de" />
 
 	<target host="rheinpfalzdocs.de" />
-  
+
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rhino-Software.xml b/src/chrome/content/rules/Rhino-Software.xml
index 7f88c2b7518f..1a1adfa7bedc 100644
--- a/src/chrome/content/rules/Rhino-Software.xml
+++ b/src/chrome/content/rules/Rhino-Software.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.rhinosoft.com/ => https://www.rhinosoft.com/: (60, 'SSL
 		- (www.)ftpvoyager.com		(cert: rhinosoft.com; shows that domain's data)
 		- (www.)serv-u.com		(ditto)
 -->
-<ruleset name="Rhino Software (partial)" default_off='failed ruleset test'>
+<ruleset name="Rhino Software (partial)" default_off="failed ruleset test">
 
 	<target host="rhinosoft.com"/>
 	<target host="www.rhinosoft.com"/>
diff --git a/src/chrome/content/rules/Rhizome.xml b/src/chrome/content/rules/Rhizome.xml
index c861147e6736..0f8187157883 100644
--- a/src/chrome/content/rules/Rhizome.xml
+++ b/src/chrome/content/rules/Rhizome.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?rhizome\.org/static/"
 		to="https://$1rhizome.org/static/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ricardo.ch.xml b/src/chrome/content/rules/Ricardo.ch.xml
index 67cbeab320c0..a34b2fe5d816 100644
--- a/src/chrome/content/rules/Ricardo.ch.xml
+++ b/src/chrome/content/rules/Ricardo.ch.xml
@@ -21,7 +21,7 @@ Fetch error: http://fr.ricardo.ch/ => https://fr.ricardo.ch/: (51, "SSL: no alte
 		- www.schnellverkaufen.ricardo.ch
 
 -->
-<ruleset name="Ricardo.ch (partial)" default_off='failed ruleset test'>
+<ruleset name="Ricardo.ch (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ricardoshops.ch.xml b/src/chrome/content/rules/Ricardoshops.ch.xml
index 034af465b27f..8674600a2ae6 100644
--- a/src/chrome/content/rules/Ricardoshops.ch.xml
+++ b/src/chrome/content/rules/Ricardoshops.ch.xml
@@ -6,7 +6,7 @@ Fetch error: http://ricardoshops.ch/ => https://ricardoshops.ch/: (51, "SSL: no
 	For other ricardo coverage, see Ricardo.ch.xml.
 
 -->
-<ruleset name="ricardoshops.ch" default_off='failed ruleset test'>
+<ruleset name="ricardoshops.ch" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RichRelevance.xml b/src/chrome/content/rules/RichRelevance.xml
index 0f00b19942f7..7a975a04a5cf 100644
--- a/src/chrome/content/rules/RichRelevance.xml
+++ b/src/chrome/content/rules/RichRelevance.xml
@@ -39,7 +39,7 @@ Non-2xx HTTP code: http://rm.recs.richrelevance.com/rrmail/rmclick?a=8791bbd7654
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="RichRelevance.com (partial)" default_off='failed ruleset test'>
+<ruleset name="RichRelevance.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml b/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml
index 5d80be981670..b72c6a7c973c 100644
--- a/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml
+++ b/src/chrome/content/rules/Richard_Dawkins_Foundation-problematic.xml
@@ -4,7 +4,9 @@
 -->
 <ruleset name="Richard Dawkins Foundation (problematic)" default_off="mismatched">
 
-	<target host="*.richarddawkins.net" />
+	<target host="de.richarddawkins.net" />
+	<target host="givingaid.richarddawkins.net" />
+	<target host="old.richarddawkins.net" />
 	<target host="richarddawkinsfoundation.org" />
 	<target host="www.richarddawkinsfoundation.org" />
 
@@ -12,10 +14,9 @@
 	<securecookie host="^.*\.richarddawkins\.net$" name=".+" />
 
 
-	<rule from="^http://(de|givingaid|old)\.richarddawkins\.net/"
-		to="https://$1.richarddawkins.net/" />
 
 	<rule from="^http://(?:www\.)?richarddawkinsfoundation\.org/"
 		to="https://richarddawkinsfoundation.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml b/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml
index aa60a1b2a8c2..ca8b1cb725f0 100644
--- a/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml
+++ b/src/chrome/content/rules/Richard_and_Judy_Book_Club.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Richmond_Tea_Party.xml b/src/chrome/content/rules/Richmond_Tea_Party.xml
index fe41545d3fae..22e2c4cd5ba5 100644
--- a/src/chrome/content/rules/Richmond_Tea_Party.xml
+++ b/src/chrome/content/rules/Richmond_Tea_Party.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RickyGervais.com.xml b/src/chrome/content/rules/RickyGervais.com.xml
new file mode 100644
index 000000000000..dced26ed268c
--- /dev/null
+++ b/src/chrome/content/rules/RickyGervais.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Chain issue (missing intermediate):
+		- podcast.rickygervais.com
+-->
+
+<ruleset name="RickyGervais.com" platform="mixedcontent">
+	<target host="rickygervais.com" />
+	<target host="www.rickygervais.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ricoh.xml b/src/chrome/content/rules/Ricoh.xml
index e670ca75a46d..e0ab3e5b4e0c 100644
--- a/src/chrome/content/rules/Ricoh.xml
+++ b/src/chrome/content/rules/Ricoh.xml
@@ -1,41 +1,32 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ricoh.co.in/ => https://ricoh.co.in/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.ricoh.co.in/ => https://ricoh.co.in/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://ricoh.com.hk/ => http://ricoh.com.hk/: (6, 'Could not resolve host: ricoh.com.hk')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://ricoh.com.hk/ => http://ricoh.com.hk/: (6, 'Could not resolve host: ricoh.com.hk')
-Fetch error: http://ricoh.sg/ => https://www.ricoh.sg/: (6, 'Could not resolve host: ricoh.sg')
+	Could not resolve host:
+		ricoh.com.hk
+		ricoh.sg
+
+	Not found on https mode:
+		support.ricoh.com	http://support.ricoh.com/bb/html/dr_ut_e/rcn1/model/mpc4503/mpc4503.htm
 -->
-<ruleset name="Ricoh (partial)" default_off='failed ruleset test'>
+<ruleset name="Ricoh (partial)">
+	<target host="ricoh.com"/>
+	<target host="www.ricoh.com"/>
 
 	<target host="ricoh.co.in"/>
 	<target host="www.ricoh.co.in"/>
-	<target host="ricoh.com"/>
-	<target host="www.ricoh.com"/>
-	<target host="ricoh.com.hk"/>
-	<target host="www.ricoh.com.hk"/>
-	<target host="marketplace.ricoh.com.sg"/>
-	<target host="ricoh.sg"/>
-	<target host="www.ricoh.sg"/>
 
-	<securecookie host="^(?:.*\.)?ricoh\.co(?:\.in|m(?:\.sg)?)$" name=".+" />
+	<target host="ricoh.com.cn"/>
+	<target host="www.ricoh.com.cn"/>
+
+	<target host="www.ricoh.com.hk"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.co\.in/"
-		to="https://ricoh.co.in/"/>
+	<target host="www.ricoh.sg"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.com/"
-		to="https://www.ricoh.com/"/>
+	<target host="marketplace.ricoh.com.sg"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.com\.hk/co(mmon|tent)/"
-		to="https://www.ricoh.com.hk/co$1/"/>
+	<rule from="^http://ricoh\.com/" to="https://www.ricoh.com/"/>
 
-	<rule from="^http://marketplace\.ricoh\.com\.sg/"
-		to="https://marketplace.ricoh.com.sg/"/>
+	<rule from="^http://ricoh\.co\.in/" to="https://www.ricoh.co.in/"/>
 
-	<rule from="^http://(?:www\.)?ricoh\.sg/"
-		to="https://www.ricoh.sg/"/>
+	<rule from="^http://ricoh\.com\.cn/" to="https://www.ricoh.com.cn/"/>
 
+	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Riga.xml b/src/chrome/content/rules/Riga.xml
index 08af11be5b10..88da94ef5128 100644
--- a/src/chrome/content/rules/Riga.xml
+++ b/src/chrome/content/rules/Riga.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://eriga.lv/ (200) => https://eriga.lv/ (404)
 Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://eriga.lv/ (200) => https://eriga.lv/ (404)
 -->
-<ruleset name="Riga" default_off='failed ruleset test'>
+<ruleset name="Riga" default_off="failed ruleset test">
   <target host="riga.lv" />
   <target host="*.riga.lv" />
   <target host="eriga.lv" />
diff --git a/src/chrome/content/rules/Right-Media.xml b/src/chrome/content/rules/Right-Media.xml
index 80cb1ef698b8..7133ee8a98b5 100644
--- a/src/chrome/content/rules/Right-Media.xml
+++ b/src/chrome/content/rules/Right-Media.xml
@@ -48,7 +48,7 @@ Fetch error: http://my.yieldmanager.com/ => https://my.yieldmanager.com/: (7, 'F
 	* Secured by us
 
 -->
-<ruleset name="Right Media" default_off='failed ruleset test'>
+<ruleset name="Right Media" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RightNow-clients.xml b/src/chrome/content/rules/RightNow-clients.xml
deleted file mode 100644
index 533363508251..000000000000
--- a/src/chrome/content/rules/RightNow-clients.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For RightNow Technologies proper, see RightNow.xml
-
--->
-<ruleset name="RightNow Technologies clients" default_off="mismatched">
-
-	<target host="custhelp.consumerreports.org" />
-	<target host="en.support.guildwars2.com" />
-
-
-	<securecookie host="^en\.support\.guildwars2\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RightNow.xml b/src/chrome/content/rules/RightNow.xml
index 7b5c1a2b90d3..2d295e4aa8ef 100644
--- a/src/chrome/content/rules/RightNow.xml
+++ b/src/chrome/content/rules/RightNow.xml
@@ -1,21 +1,37 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://rightnow.com/ => https://rightnow.com/: Too many redirects while fetching 'https://rightnow.com/'
-Fetch error: http://www.rightnow.com/ => https://www.rightnow.com/: Too many redirects while fetching 'https://www.rightnow.com/'
+	For other Oracle coverage, see Oracle.xml
 
-	RightNow Technologies
+	Chain issue, missing intermediate:
+		- ovademos.rightnow.com
+		- ovaeu[01-15].rightnow.com
+		- ovaeu[18-25].rightnow.com
+		- ovaus[01-25].rightnow.com
 
-	For other Oracle coverage, see Oracle.xml.
+	Invalid certificate:
+		- labs.rightnow.com
+		- pr.rightnow.com
 
+	Redirects to HTTP:
+		- communities.rightnow.com
 -->
-<ruleset name="RightNow.com (partial)" default_off='failed ruleset test'>
 
+<ruleset name="RightNow">
 	<target host="rightnow.com" />
 	<target host="www.rightnow.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<target host="community.rightnow.com" />
+	<target host="csp.rightnow.com" />
+	<target host="cx.rightnow.com" />
+	<target host="de.rightnow.com" />
+	<target host="developer.rightnow.com" />
+	<target host="forum.rightnow.com" />
+	<target host="installer.rightnow.com" />
+	<target host="investor.rightnow.com" />
+	<target host="jp.rightnow.com" />
+	<target host="opensource.rightnow.com" />
+	<target host="thegame.rightnow.com" />
+	<target host="widget.pr.rightnow.com" />
+	<target host="support.rightnow.com" />
+	<target host="vcio.rightnow.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RightScale.com.xml b/src/chrome/content/rules/RightScale.com.xml
index 0767e6e9e10b..89c07f96703b 100644
--- a/src/chrome/content/rules/RightScale.com.xml
+++ b/src/chrome/content/rules/RightScale.com.xml
@@ -5,6 +5,11 @@
 
 			- assets
 
+	Non-functional hosts:
+		Self-signed certificate:
+		- forums.rightscale.com
+		- www.forums.rightscale.com
+
 
 	Fully covered subdomains:
 
@@ -31,18 +36,18 @@
 -->
 <ruleset name="RightScale.com (partial)">
 
+	<target host="assets.rightscale.com" />
 	<target host="rightscale.com" />
-	<target host="*.rightscale.com" />
+	<target host="analytics.rightscale.com" />
+	<target host="my.rightscale.com" />
+	<target host="support.rightscale.com" />
+	<target host="us-3.rightscale.com" />
 		<!--
 			Redirects to http:
 						-->
 		<!--exclusion pattern="^http://www\.rightscale\.com/$" /-->
 
 
-	<rule from="^http://assets\.rightscale\.com/"
-		to="https://duh6oa3w9hopv.cloudfront.net/" />
-
-	<rule from="^http://((?:analytics|(?:www\.)?forums|my|support|us-3)\.)?rightscale\.com/"
-		to="https://$1rightscale.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Righthaven.xml b/src/chrome/content/rules/Righthaven.xml
index 21168d96e31a..36895ff09ae8 100644
--- a/src/chrome/content/rules/Righthaven.xml
+++ b/src/chrome/content/rules/Righthaven.xml
@@ -6,7 +6,7 @@ Fetch error: http://righthaven.com/ => https://righthaven.com/: (7, 'Failed to c
 Disabled by https-everywhere-checker because:
 Fetch error: http://righthaven.com/ => https://righthaven.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Righthaven" default_off='failed ruleset test'>
+<ruleset name="Righthaven" default_off="failed ruleset test">
 
 	<target host="righthaven.com" />
 	<target host="*.righthaven.com" />
diff --git a/src/chrome/content/rules/Rightmove.co.uk.xml b/src/chrome/content/rules/Rightmove.co.uk.xml
index b2c6a1e69297..e1502897820e 100644
--- a/src/chrome/content/rules/Rightmove.co.uk.xml
+++ b/src/chrome/content/rules/Rightmove.co.uk.xml
@@ -2,7 +2,7 @@
 	Problematic hosts in *rightmove.co.uk:
 
 		- plc *
-		
+
 	* Cloudfront/mismatched
 
 
diff --git a/src/chrome/content/rules/Rigzone.xml b/src/chrome/content/rules/Rigzone.xml
index f3a7363a3c8f..82183d70cc63 100644
--- a/src/chrome/content/rules/Rigzone.xml
+++ b/src/chrome/content/rules/Rigzone.xml
@@ -29,17 +29,17 @@ Fetch error: http://rigzone.com/ => https://rigzone.com/: Too many redirects whi
 		- www
 
 -->
-<ruleset name="Rigzone (partial)" default_off='failed ruleset test'>
+<ruleset name="Rigzone (partial)" default_off="failed ruleset test">
 
 	<target host="rigzone.com" />
 	<target host="*.rigzone.com" />
 		<exclusion pattern="^http://(?:comptracker|noblewin)\." />
 
 
-	<securecookie host="^(?:.+\.)?rigzone\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(\w+\.)?rigzone\.com/"
 		to="https://$1rigzone.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Riksgalden.se.xml b/src/chrome/content/rules/Riksgalden.se.xml
index 26121972f206..3c2884e420c9 100644
--- a/src/chrome/content/rules/Riksgalden.se.xml
+++ b/src/chrome/content/rules/Riksgalden.se.xml
@@ -1,8 +1,26 @@
-<!-- already enforces https. adding to prevent sslstrips on port 80 -->
+<!--
+	Certificate errors:
+
+		- en.riksgalden.se
+		- gateway.riksgalden.se
+		- ndes.riksgalden.se
+		- premier.riksgalden.se
+		- remote.riksgalden.se
+		- riksgaldsspar.riksgalden.se
+		- se.riksgalden.se
+-->
 <ruleset name="Riksgalden.se">
 	<target host="riksgalden.se" />
 	<target host="www.riksgalden.se" />
-	<rule from="^http://riksgalden\.se/" to="https://www.riksgalden.se/"/>
-	<rule from="^http://www\.riksgalden\.se/" to="https://www.riksgalden.se/"/>
-</ruleset>
+	<target host="dialin.riksgalden.se" />
+	<target host="lyncdiscover.riksgalden.se" />
+	<target host="meet.riksgalden.se" />
+	<target host="ndesintune.riksgalden.se" />
+	<target host="rp.riksgalden.se" />
+	<target host="rgapp.riksgalden.se" />
+	<target host="securemail.riksgalden.se" />
+	<target host="sibs.riksgalden.se" />
+	<target host="sip.riksgalden.se" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/RingForce.org.xml b/src/chrome/content/rules/RingForce.org.xml
deleted file mode 100644
index a429c059712b..000000000000
--- a/src/chrome/content/rules/RingForce.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="RingForce.org">
-
-	<target host="ringforce.org" />
-	<target host="www.ringforce.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ringinout.com.xml b/src/chrome/content/rules/Ringinout.com.xml
deleted file mode 100644
index 3c776326a6f7..000000000000
--- a/src/chrome/content/rules/Ringinout.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Ringinout.com">
-	<target host="ringinout.com" />
-	<target host="www.ringinout.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ripoff_Report.xml b/src/chrome/content/rules/Ripoff_Report.xml
index 3416301c2f4a..0c84d11a24c4 100644
--- a/src/chrome/content/rules/Ripoff_Report.xml
+++ b/src/chrome/content/rules/Ripoff_Report.xml
@@ -7,23 +7,21 @@ Fetch error: http://ripoffreport.com/ => https://www.ripoffreport.com/: Too many
 	!www: mismatched
 
 -->
-<ruleset name="Ripoff Report" default_off='failed ruleset test'>
+<ruleset name="Ripoff Report" default_off="failed ruleset test">
 
 	<target host="ma.mesaazcorruptionreport.com" />
 	<target host="ripoffreport.com" />
-	<target host="*.ripoffreport.com" />
+	<target host="verified.ripoffreport.com" />
+	<target host="www.ripoffreport.com" />
 
 
 	<securecookie host="^www\.ripoffreport\.com$" name=".+" />
 
 
-	<rule from="^http://ma\.mesaazcorruptionreport\.com/"
-		to="https://ma.mesaazcorruptionreport.com/" />
 
 	<rule from="^http://ripoffreport\.com/"
 		to="https://www.ripoffreport.com/" />
 
-	<rule from="^http://(verified|www)\.ripoffreport\.com/"
-		to="https://$1.ripoffreport.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Risala.org.xml b/src/chrome/content/rules/Risala.org.xml
new file mode 100644
index 000000000000..6e5b4884dc81
--- /dev/null
+++ b/src/chrome/content/rules/Risala.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Risala.org">
+	<target host="risala.org" />
+	<target host="www.risala.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Risc_OS_Open.xml b/src/chrome/content/rules/Risc_OS_Open.xml
index bb283efcd8e6..2be6bd54b299 100644
--- a/src/chrome/content/rules/Risc_OS_Open.xml
+++ b/src/chrome/content/rules/Risc_OS_Open.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Risparmio_Postale.it.xml b/src/chrome/content/rules/Risparmio_Postale.it.xml
deleted file mode 100644
index b1c22e957477..000000000000
--- a/src/chrome/content/rules/Risparmio_Postale.it.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For other Poste Italiane coverage, see Poste.it.xml.
-
-
-	^risparmiopostale.it: Mismatched
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Risparmio Postale.it">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.risparmiopostale.it" />
-
-	<!--	Complications:
-				-->
-	<target host="risparmiopostale.it" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://risparmiopostale\.it/"
-		to="https://www.risparmiopostale.it/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ritter.vg.xml b/src/chrome/content/rules/Ritter.vg.xml
index 949a6793c556..cd42c84d93a9 100644
--- a/src/chrome/content/rules/Ritter.vg.xml
+++ b/src/chrome/content/rules/Ritter.vg.xml
@@ -1,13 +1,30 @@
 <!--
-	For related hidden service rules, see tomritterbassljd.onion.xml
+	For related onion service rules, see tomritterbassljd.onion.xml
 
--->
-<ruleset name="ritter.vg">
+	Timeout:
+		- cloud1
+		- cloud2
+
+	Refused:
+		- cloud9
+
+	Mismatched:
+		- www (fixed by this ruleset)
+		- ec2
+		- ipv4
+		- ipv6
+		- mail
+		- vconf
 
+	Self-signed:
+		- cloud8
+-->
+<ruleset name="Ritter.vg">
 	<target host="ritter.vg" />
 	<target host="www.ritter.vg" />
+	<target host="bwauth.ritter.vg" />
+	<target host="collector.ritter.vg" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http://www\.ritter\.vg/" to="https://ritter.vg/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Rivalseek.com.xml b/src/chrome/content/rules/Rivalseek.com.xml
index 18ddaa6a87ab..0e80a78510d6 100644
--- a/src/chrome/content/rules/Rivalseek.com.xml
+++ b/src/chrome/content/rules/Rivalseek.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.rivalseek.com/ => https://www.rivalseek.com/: (28, 'Conn
 		- www.rivalseek.com
 
 -->
-<ruleset name="Rivalseek.com" default_off='failed ruleset test'>
+<ruleset name="Rivalseek.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/River_Island.xml b/src/chrome/content/rules/River_Island.xml
index bb3d51b5f34c..e1170100f43b 100644
--- a/src/chrome/content/rules/River_Island.xml
+++ b/src/chrome/content/rules/River_Island.xml
@@ -39,14 +39,22 @@
 <ruleset name="River Island (partial)">
 
 	<target host="riverisland.com" />
-	<target host="*.riverisland.com" />
+	<target host="au.riverisland.com" />
+	<target host="content1.riverisland.com" />
+	<target host="content1-us.riverisland.com" />
+	<target host="eu.riverisland.com" />
+	<target host="is.riverisland.com" />
+	<target host="my.riverisland.com" />
+	<target host="us.riverisland.com" />
+	<target host="www.riverisland.com" />
 		<exclusion pattern="^http://(?:(?:au|eu|us|www)\.)?riverisland\.(?:com|fr)/(?![aA]ssets/|favicon\.ico|myaccount)" />
 		<!--
 			$ 503s
 				-->
 		<exclusion pattern="^http://is\.riverisland\.com/(?!$|\?)" />
 	<target host="riverisland.fr" />
-	<target host="*.riverisland.fr" />
+	<target host="content1.riverisland.fr" />
+	<target host="www.riverisland.fr" />
 
 
 	<!--	Omniture tracking cookies:
@@ -57,10 +65,7 @@
 	<rule from="^http://riverisland\.(com|fr)/"
 		to="https://www.riverisland.$1/" />
 
-	<rule from="^http://(au|content1|content1-us|eu|is|my|us|www)\.riverisland\.com/"
-		to="https://$1.riverisland.com/" />
 
-	<rule from="^http://(content1|www)\.riverisland\.fr/"
-		to="https://$1.riverisland.fr/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Riviera-Tours.xml b/src/chrome/content/rules/Riviera-Tours.xml
index 1ea504e7f895..1853ebc07680 100644
--- a/src/chrome/content/rules/Riviera-Tours.xml
+++ b/src/chrome/content/rules/Riviera-Tours.xml
@@ -8,12 +8,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://rivieratours.com/ => https://rivieratours.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.rivieratours.com/ => https://www.rivieratours.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Riviera Tours" default_off='failed ruleset test'>
+<ruleset name="Riviera Tours" default_off="failed ruleset test">
 
 	<target host="rivieratours.com"/>
 	<target host="www.rivieratours.com"/>
 
-	<securecookie host="^(?:.*\.)?rivieratours\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Riyadonline.com.xml b/src/chrome/content/rules/Riyadonline.com.xml
index e0104015d2d4..04f79491a13a 100644
--- a/src/chrome/content/rules/Riyadonline.com.xml
+++ b/src/chrome/content/rules/Riyadonline.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://corp.riyadonline.com/ => https://corp.riyadonline.com/: Cycl
 	Riyad Bank
 
 -->
-<ruleset name="Riyadonline.com" default_off='failed ruleset test'>
+<ruleset name="Riyadonline.com" default_off="failed ruleset test">
 
 	<target host="corp.riyadonline.com" />
 
diff --git a/src/chrome/content/rules/Rkn.gov.ru.xml b/src/chrome/content/rules/Rkn.gov.ru.xml
index 0d792ed665a6..f79df3503edf 100644
--- a/src/chrome/content/rules/Rkn.gov.ru.xml
+++ b/src/chrome/content/rules/Rkn.gov.ru.xml
@@ -23,7 +23,7 @@ test.rkn.gov.ru different content
 ¹ mismatch
 ³ timed out
 -->
-<ruleset name="rkn.gov.ru" default_off='failed ruleset test'>
+<ruleset name="rkn.gov.ru" default_off="failed ruleset test">
 	<target host="rkn.gov.ru" />
 	<target host="www.rkn.gov.ru" />
 	<target host="02.rkn.gov.ru" />
diff --git a/src/chrome/content/rules/Rl0.ru.xml b/src/chrome/content/rules/Rl0.ru.xml
index 7699bcdcfea5..6fd87bc3e73b 100644
--- a/src/chrome/content/rules/Rl0.ru.xml
+++ b/src/chrome/content/rules/Rl0.ru.xml
@@ -30,7 +30,7 @@ Fetch error: http://rimg09.rl0.ru/ => https://rimg09.rl0.ru/: (51, "SSL: no alte
 	² 504
 
 -->
-<ruleset name="Rl0.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="Rl0.ru (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RoadRunner.xml b/src/chrome/content/rules/RoadRunner.xml
deleted file mode 100644
index babf099fb162..000000000000
--- a/src/chrome/content/rules/RoadRunner.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- hercules *
-
-	* Shows webmaildata
-
--->
-<ruleset name="RoadRunner" platform="mixedcontent">
-  <target host="rr.com" />
-  <target host="www.rr.com" />
-  <!--target host="hercules.rr.com" /-->
-
-  <rule from="^http:" to="https:" />
-  <!--rule from="^http://hercules\.rr\.com/" to="https://hercules.rr.com/"/-->
-</ruleset>
diff --git a/src/chrome/content/rules/Roam_Mobility.xml b/src/chrome/content/rules/Roam_Mobility.xml
index e2b701d943e3..9c7479fad6e0 100644
--- a/src/chrome/content/rules/Roam_Mobility.xml
+++ b/src/chrome/content/rules/Roam_Mobility.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Robert.ca.xml b/src/chrome/content/rules/Robert.ca.xml
new file mode 100644
index 000000000000..ab1287b28477
--- /dev/null
+++ b/src/chrome/content/rules/Robert.ca.xml
@@ -0,0 +1,68 @@
+<!--
+	Mismatched:
+		- 70
+		- candidature
+		- web
+
+	Connection reset:
+		- av
+		- sapdev
+		- srv-qsap-gwpa
+		- srv-qsap-wdsp
+		- srv-sap-wdsp
+		- webcon
+
+	Timeout:
+		- cd
+		- cd-test
+		- lyncweb
+		- mail
+		- mail2
+		- mobilecast
+		- service
+		- srv-webservices01
+
+    Incomplete certificate chain:
+        - activesync
+        - auth
+        - autodiscover
+        - destination
+        - extranet
+        - extranetdev
+        - extranettest
+        - helpdesk
+        - legacy
+        - pnagent
+        - portal
+        - portal2
+        - portal65
+        - sinope
+        - storefront
+        - um
+        - webdriver
+        - webmail
+
+    Unsupported TLS version:
+        - jupiter
+        - manic
+        - services
+        - support
+        - tpm
+-->
+<ruleset name="Robert.ca">
+	<target host="robert.ca" />
+	<target host="www.robert.ca" />
+	<target host="access.robert.ca" />
+	<target host="callisto.robert.ca" />
+	<target host="dialin.robert.ca" />
+	<target host="duo.robert.ca" />
+	<target host="jocaste.robert.ca" />
+	<target host="lyncdiscover.robert.ca" />
+	<target host="meet.robert.ca" />
+	<target host="performance.robert.ca" />
+	<target host="sip.robert.ca" />
+	<target host="vpn.robert.ca" />
+	<target host="vpnprelogon.robert.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roberts_Space_Industries.com.xml b/src/chrome/content/rules/Roberts_Space_Industries.com.xml
index d7fada35b865..088d1d401f03 100644
--- a/src/chrome/content/rules/Roberts_Space_Industries.com.xml
+++ b/src/chrome/content/rules/Roberts_Space_Industries.com.xml
@@ -8,7 +8,7 @@ Non-2xx HTTP code: http://forums.robertsspaceindustries.com/ (200) => https://fo
 		- .robertsspaceindustries.com
 
 -->
-<ruleset name="Roberts Space Industries.com" default_off='failed ruleset test'>
+<ruleset name="Roberts Space Industries.com" default_off="failed ruleset test">
 
 	<target host="robertsspaceindustries.com" />
 	<target host="forums.robertsspaceindustries.com" />
diff --git a/src/chrome/content/rules/Robin_Rabard.xml b/src/chrome/content/rules/Robin_Rabard.xml
deleted file mode 100644
index ff6cf8fefe65..000000000000
--- a/src/chrome/content/rules/Robin_Rabard.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://robinbarnard.com/ => http://robinbarnard.com/: (6, 'Could not resolve host: robinbarnard.com')
-Fetch error: http://www.robinbarnard.com/ => http://www.robinbarnard.com/: (6, 'Could not resolve host: www.robinbarnard.com')
-
-	CN: *.justhost.com
-
--->
-<ruleset name="Robin Rabard (partial)">
-
-	<target host="robinbarnard.com" />
-	<target host="www.robinbarnard.com" />
-
-
-	<rule from="^http://(?:www\.)?robinbarnard\.com/(cms_style\.css|(?:\w+_)?images/)"
-		to="https://secure.justhost.com/~robinba2/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Roblox.xml b/src/chrome/content/rules/Roblox.xml
index f15d2a9b3afc..7df5e501e939 100644
--- a/src/chrome/content/rules/Roblox.xml
+++ b/src/chrome/content/rules/Roblox.xml
@@ -1,85 +1,106 @@
-<ruleset name="Roblox">
-	<!--
+<!--
 	Those subdomains do not support encryption:
-
-	- de.roblox.com
-	- developer.roblox.com
-	- devforum.roblox.com
-	- es.roblox.com
-	- fr.roblox.com
-	- mail.roblox.com
-	- pt.roblox.com
-	- shop.roblox.com
-	- uk.roblox.com
-	- wiki.roblox.com
+		- de.roblox.com
+		- es.roblox.com
+		- fr.roblox.com
+		- mail.roblox.com
+		- pt.roblox.com
+		- shop.roblox.com
+		- uk.roblox.com
 
 	Those subdomains have a certificate only valid for other domain names:
+		- careers.roblox.com
+		- community.roblox.com
+		- help.roblox.com
+		- js.roblox.com
+		- job.roblox.com
+		- polls.roblox.com
+		- setup.roblox.com
+		- social.roblox.com
+
+	These subdomains support encryption, but do not pass tests:
+		- web
+		- data
+		- ecsv2
+		- misc
 
-	- help.roblox.com
-	- js.roblox.com
-	- polls.roblox.com
-	- setup.roblox.com
-	- social.roblox.com
+	IP address is from private address space:
+		algorithmgamesearch.api.roblox.com
+		billing.api.roblox.com
+		disscussions.api.roblox.com
+		files.api.roblox.com
+		groups.api.roblox.com
+		marketplace.api.roblox.com
+		search.api.roblox.com
+		sms.api.roblox.com
+		systemevents.api.roblox.com
+		user.api.roblox.com
+		voice.api.roblox.com
 
 	content.roblox.com supports encryption with a valid certificate, but
 	returns invalid responses with and without encryption.
-	-->
-
+-->
+<ruleset name="Roblox">
 	<target host="roblox.com" />
+	<target host="www.roblox.com" />
 	<target host="abuse.roblox.com" />
+	<target host="accountsettings.roblox.com" />
 	<target host="affiliates.roblox.com" />
 	<target host="api.roblox.com" />
-	<target host="*.api.roblox.com" />
+	<target host="clientsettings.api.roblox.com" />
+	<target host="ephemeralcounters.api.roblox.com" />
+	<target host="games.api.roblox.com" />
+	<target host="versioncompatibility.api.roblox.com" />
 	<target host="assetgame.roblox.com" />
 	<target host="auth.roblox.com" />
 	<target host="avatar.roblox.com" />
+	<target host="billing.roblox.com" />
 	<target host="blog.roblox.com" />
 	<target host="bloxcon.roblox.com" />
-	<target host="careers.roblox.com" />
 	<target host="chat.roblox.com" />
-	<target host="community.roblox.com" />
 	<target host="confluence.roblox.com" />
 	<target host="corp.roblox.com" />
 	<target host="data.roblox.com" />
 	<target host="develop.roblox.com" />
+	<target host="developer.roblox.com" />
+	<target host="devforum.roblox.com" />
 	<target host="ecsv2.roblox.com" />
 	<target host="en.help.roblox.com" />
+	<target host="friends.roblox.com" />
 	<target host="forum.roblox.com" />
 	<target host="gamepersistence.roblox.com" />
+	<target host="games.roblox.com" />
+	<target host="groups.roblox.com" />
 	<target host="inventory.roblox.com" />
 	<target host="jira.roblox.com" />
-	<target host="job.roblox.com" />
 	<target host="jobs.roblox.com" />
 	<target host="m.roblox.com" />
 	<target host="misc.roblox.com" />
 	<target host="news.roblox.com" />
 	<target host="nl.roblox.com" />
 	<target host="notifications.roblox.com" />
-	<target host="partners.roblox.com" />
+	<target host="points.roblox.com" />
 	<target host="publish.roblox.com" />
 	<target host="realtime.roblox.com" />
 	<target host="sales.roblox.com" />
 	<target host="search.roblox.com" />
 	<target host="static.roblox.com" />
 	<target host="web.roblox.com" />
-	<target host="www.roblox.com" />
+	<target host="wiki.roblox.com" />
+
 	<target host="*.rbxcdn.com" />
 	<target host="*.robloxlabs.com" />
 
 	<test url="http://roblox.com/Catalog/" />
+	<test url="http://www.roblox.com/Catalog/" />
 	<test url="http://api.roblox.com/docs" />
 	<test url="http://assetgame.roblox.com/Asset/" />
-	<test url="http://clientsettings.api.roblox.com/" />
 	<test url="http://confluence.roblox.com/login.action" />
-	<test url="http://ephemeralcounters.api.roblox.com/" />
 	<test url="http://forum.roblox.com/forum/" />
 	<test url="http://jira.roblox.com/secure/Dashboard.jspa" />
 	<test url="http://m.roblox.com/login" />
 	<test url="http://nl.roblox.com/Catalog" />
-	<test url="http://www.roblox.com/Catalog/" />
-	<test url="http://web.roblox.com/Catalog/" />
 
-	<!-- Tests for subdomains of rbxcdn.com -->
 	<test url="http://t0.rbxcdn.com/" />
 	<test url="http://t1.rbxcdn.com/" />
 	<test url="http://t2.rbxcdn.com/" />
@@ -100,7 +121,6 @@
 	<test url="http://images.rbxcdn.com/" />
 	<test url="http://static.rbxcdn.com/" />
 
-	<!-- Tests for subdomains of robloxlabs.com -->
 	<test url="http://www.gametest1.robloxlabs.com/" />
 	<test url="http://www.gametest2.robloxlabs.com/" />
 	<test url="http://www.gametest3.robloxlabs.com/" />
diff --git a/src/chrome/content/rules/RobotShop.xml b/src/chrome/content/rules/RobotShop.xml
index 42216620575a..e0e0a6815542 100644
--- a/src/chrome/content/rules/RobotShop.xml
+++ b/src/chrome/content/rules/RobotShop.xml
@@ -5,7 +5,7 @@
 	<target host="www.robotshop.com" />
 
 
-	<securecookie host="^(?:.*\.)?robotshop\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Roccat.org.xml b/src/chrome/content/rules/Roccat.org.xml
index 0b3fca591d61..4f6693efb129 100644
--- a/src/chrome/content/rules/Roccat.org.xml
+++ b/src/chrome/content/rules/Roccat.org.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.roccat.org/ => https://www.roccat.org/: Redirect for 'ht
 	mixedcontent due to css on www from www.
 
 -->
-<ruleset name="Roccat.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Roccat.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
   <target host="roccat.org" />
   <target host="www.roccat.org" />
 
diff --git a/src/chrome/content/rules/Rochford.gov.uk.xml b/src/chrome/content/rules/Rochford.gov.uk.xml
index 7976125215ca..7177fcd8719e 100644
--- a/src/chrome/content/rules/Rochford.gov.uk.xml
+++ b/src/chrome/content/rules/Rochford.gov.uk.xml
@@ -44,7 +44,7 @@
 			- www from $self ᵐ
 
 		- Images, on:
-		
+
 			- www from fs-drupal-rochford.s3.amazonaws.com
 			- www from $self ᵐ
 
diff --git a/src/chrome/content/rules/Rock_Creek_Outfitters.xml b/src/chrome/content/rules/Rock_Creek_Outfitters.xml
index 278c6f5bf584..5c4cbd8e1ac5 100644
--- a/src/chrome/content/rules/Rock_Creek_Outfitters.xml
+++ b/src/chrome/content/rules/Rock_Creek_Outfitters.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?rockcreek\.com/(css/|favicon\.ico|img/|login\.rco|outdoor/images/)"
 		to="https://$1rockcreek.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rock_Paper_Photo.com.xml b/src/chrome/content/rules/Rock_Paper_Photo.com.xml
index 5cbb20634041..bd1cdcca33a6 100644
--- a/src/chrome/content/rules/Rock_Paper_Photo.com.xml
+++ b/src/chrome/content/rules/Rock_Paper_Photo.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://rockpaperphoto.com/ => https://rockpaperphoto.com/: (7, 'Failed to connect to rockpaperphoto.com port 443: Connection refused')
 
 -->
-<ruleset name="Rock Paper Photo.com" default_off='failed ruleset test'>
+<ruleset name="Rock Paper Photo.com" default_off="failed ruleset test">
 
 	<target host="rockpaperphoto.com" />
 	<target host="www.rockpaperphoto.com" />
diff --git a/src/chrome/content/rules/Rockman-Corner.com.xml b/src/chrome/content/rules/Rockman-Corner.com.xml
new file mode 100644
index 000000000000..82b3ca281bd6
--- /dev/null
+++ b/src/chrome/content/rules/Rockman-Corner.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Rockman-Corner.com">
+	<target host="rockman-corner.com" />
+	<target host="www.rockman-corner.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roe.ch.xml b/src/chrome/content/rules/Roe.ch.xml
index e0408df51a19..fda977c515ea 100644
--- a/src/chrome/content/rules/Roe.ch.xml
+++ b/src/chrome/content/rules/Roe.ch.xml
@@ -1,7 +1,9 @@
 <ruleset name="roe.ch">
 
 	<target host="roe.ch" />
-	<target host="*.roe.ch" />
+	<target host="daniel.roe.ch" />
+	<target host="mirror.roe.ch" />
+	<target host="www.roe.ch" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^www\.roe\.ch$" name=".+" />
 
 
-	<rule from="^http://((?:daniel|mirror|www)\.)?roe\.ch/"
-		to="https://$1roe.ch/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Roeck-us.net.xml b/src/chrome/content/rules/Roeck-us.net.xml
index 49765bb21fae..f6a156395982 100644
--- a/src/chrome/content/rules/Roeck-us.net.xml
+++ b/src/chrome/content/rules/Roeck-us.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?roeck-us\.net/"
 		to="https://roeck-us.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roem.ru.xml b/src/chrome/content/rules/Roem.ru.xml
index 525caa5ff589..70dff6ea3e07 100644
--- a/src/chrome/content/rules/Roem.ru.xml
+++ b/src/chrome/content/rules/Roem.ru.xml
@@ -11,7 +11,8 @@
 <ruleset name="Roem.ru">
 
 	<target host="roem.ru" />
-	<target host="*.roem.ru" />
+	<target host="m.roem.ru" />
+	<target host="www.roem.ru" />
 
 
 	<rule from="^http://(?:(m\.)|www\.)?roem\.ru/"
diff --git a/src/chrome/content/rules/RogerFederer.xml b/src/chrome/content/rules/RogerFederer.xml
index f5644dda4ff8..e4f2d7813b54 100644
--- a/src/chrome/content/rules/RogerFederer.xml
+++ b/src/chrome/content/rules/RogerFederer.xml
@@ -8,7 +8,7 @@ Fetch error: http://rogerfederershop.com/ => https://rogerfederershop.com/: (51,
 		- *.rogerfederer.com
 		- *.rogerfedererfoundation.org
 -->
-<ruleset name="Roger Federer" default_off='failed ruleset test'>
+<ruleset name="Roger Federer" default_off="failed ruleset test">
 	<target host="rogerfederershop.com"/>
 	<target host="www.rogerfederershop.com"/>
 
diff --git a/src/chrome/content/rules/Rogers-Bank.xml b/src/chrome/content/rules/Rogers-Bank.xml
new file mode 100644
index 000000000000..75d2f1a9b918
--- /dev/null
+++ b/src/chrome/content/rules/Rogers-Bank.xml
@@ -0,0 +1,18 @@
+<!--
+	Chain issue, missing intermediate:
+		- alerts.rogersbank.com
+
+	Invalid certificate:
+		- f.alerts.rogersbank.com
+-->
+
+<ruleset name="RogersBank.com">
+	<target host="rogersbank.com" />
+	<target host="www.rogersbank.com" />
+	<target host="creditapp.rogersbank.com" />
+	<target host="rbaccess.rogersbank.com" />
+	<target host="rbapp.rogersbank.com" />
+	<target host="staging.rogersbank.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roiservice.com.xml b/src/chrome/content/rules/Roiservice.com.xml
index edb723e048a3..d7de13310571 100644
--- a/src/chrome/content/rules/Roiservice.com.xml
+++ b/src/chrome/content/rules/Roiservice.com.xml
@@ -6,8 +6,8 @@ Fetch error: http://track.roiservice.com/ => https://track.roiservice.com/: (6,
 Disabled by https-everywhere-checker because:
 Fetch error: http://track.roiservice.com/ => https://track.roiservice.com/: (6, 'Could not resolve host: track.roiservice.com')
 -->
-<ruleset name="Roiservice.com" default_off='failed ruleset test'>
+<ruleset name="Roiservice.com" default_off="failed ruleset test">
 	<target host="track.roiservice.com" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roku.com.xml b/src/chrome/content/rules/Roku.com.xml
index 2875baa506c4..bcd34eab2dc5 100644
--- a/src/chrome/content/rules/Roku.com.xml
+++ b/src/chrome/content/rules/Roku.com.xml
@@ -11,7 +11,10 @@
 <ruleset name="Roku.com (partial)">
 
 	<target host="roku.com" />
-	<target host="*.roku.com" />
+	<target host="owner.roku.com" />
+	<target host="www.roku.com" />
+	<target host="wwwimg.roku.com" />
+	<target host="support.roku.com" />
 
 
 	<rule from="^http://((?:owner|www|wwwimg)\.)?roku\.com/"
diff --git a/src/chrome/content/rules/RolePlayChat.org.xml b/src/chrome/content/rules/RolePlayChat.org.xml
index d167c050e405..128cb9dc3262 100644
--- a/src/chrome/content/rules/RolePlayChat.org.xml
+++ b/src/chrome/content/rules/RolePlayChat.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.roleplaychat.org/ => https://www.roleplaychat.org/: (7,
 	* Secured by us
 
 -->
-<ruleset name="RolePlayChat.org" default_off='failed ruleset test'>
+<ruleset name="RolePlayChat.org" default_off="failed ruleset test">
 
 	<target host="roleplaychat.org" />
 	<target host="talk.roleplaychat.org" />
diff --git a/src/chrome/content/rules/Roll_Call.com.xml b/src/chrome/content/rules/Roll_Call.com.xml
index 627a3318e9d0..e035c4429456 100644
--- a/src/chrome/content/rules/Roll_Call.com.xml
+++ b/src/chrome/content/rules/Roll_Call.com.xml
@@ -48,10 +48,12 @@ Fetch error: http://rollcall.com/ => https://secure.rollcall.com/: (6, 'Could no
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="Roll Call.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Roll Call.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rollcall.com" />
-	<target host="*.rollcall.com" />
+	<target host="cdn.rollcall.com" />
+	<target host="secure.rollcall.com" />
+	<target host="www.rollcall.com" />
 
 
 	<securecookie host="^(?:\.?secure)?\.rollcall\.com$" name=".+" />
@@ -60,4 +62,4 @@ Fetch error: http://rollcall.com/ => https://secure.rollcall.com/: (6, 'Could no
 	<rule from="^http://(?:(?:cdn|secure|www)\.)?rollcall\.com/"
 		to="https://secure.rollcall.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rollbar.xml b/src/chrome/content/rules/Rollbar.xml
index f81248002b62..516a70a38af2 100644
--- a/src/chrome/content/rules/Rollbar.xml
+++ b/src/chrome/content/rules/Rollbar.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rolling_Stone.com.xml b/src/chrome/content/rules/Rolling_Stone.com.xml
index ec61296d1322..5040c9fc8d20 100644
--- a/src/chrome/content/rules/Rolling_Stone.com.xml
+++ b/src/chrome/content/rules/Rolling_Stone.com.xml
@@ -55,7 +55,10 @@ Fetch error: http://rollingstone.com/ => https://rollingstone.com/: (7, 'Failed
 <ruleset name="Rolling Stone.com (partial)">
 
 	<target host="rollingstone.com" />
-	<target host="*.rollingstone.com" />
+	<target host="assets.rollingstone.com" />
+	<target host="assets-s3.rollingstone.com" />
+	<target host="subscribe.rollingstone.com" />
+	<target host="www.rollingstone.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -76,7 +79,6 @@ Fetch error: http://rollingstone.com/ => https://rollingstone.com/: (7, 'Failed
 	<securecookie host="^subscribe\.rollingstone\.com$" name=".+" />
 
 
-	<rule from="^http://((?:assets|assets-s3|subscribe|www)\.)?rollingstone\.com/"
-		to="https://$1rollingstone.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml b/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml
index f3c778dbe3eb..d2710c78f145 100644
--- a/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml
+++ b/src/chrome/content/rules/Rolling_Stone_Subscriptions.com.xml
@@ -10,7 +10,7 @@
 <ruleset name="Rolling Stone Subscriptions.com">
 
 	<target host="rollingstonesubscriptions.com" />
-	<target host="*.rollingstonesubscriptions.com" />
+	<target host="www.rollingstonesubscriptions.com" />
 
 
 	<securecookie host="^(?:www)?\.rollingstonesubscriptions\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?rollingstonesubscriptions\.com/"
 		to="https://www.rollingstonesubscriptions.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roloil.xml b/src/chrome/content/rules/Roloil.xml
index e06fbec590cf..da81f24f84a1 100644
--- a/src/chrome/content/rules/Roloil.xml
+++ b/src/chrome/content/rules/Roloil.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Roloil">
 
-	<target host="*.roloil.com" />
+	<target host="www.roloil.com" />
 
 
-	<securecookie host="^\.roloil\.com$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.roloil\.com/"
-		to="https://www.roloil.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RomStation.fr.xml b/src/chrome/content/rules/RomStation.fr.xml
new file mode 100644
index 000000000000..444901aeedd7
--- /dev/null
+++ b/src/chrome/content/rules/RomStation.fr.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatched:
+		- lapanui
+		- ouroboros
+-->
+<ruleset name="RomStation.fr">
+	<target host="romstation.fr" />
+	<target host="www.romstation.fr" />
+	<target host="chat.romstation.fr" />
+	<target host="oracle.romstation.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Romab.se.xml b/src/chrome/content/rules/Romab.se.xml
index d79f73677921..95a7a6eedc42 100644
--- a/src/chrome/content/rules/Romab.se.xml
+++ b/src/chrome/content/rules/Romab.se.xml
@@ -1,7 +1,7 @@
 <!--
 	Mismatch
 		- ^
-		- www 
+		- www
 
 	romab.com is preloaded
 -->
diff --git a/src/chrome/content/rules/Romhacking.net.xml b/src/chrome/content/rules/Romhacking.net.xml
new file mode 100644
index 000000000000..1ceba9fc892d
--- /dev/null
+++ b/src/chrome/content/rules/Romhacking.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="Romhacking.net">
+	<target host="romhacking.net" />
+	<target host="www.romhacking.net" />
+	<target host="server.romhacking.net" />
+	<target host="mail.romhacking.net" />
+	<target host="transcorp.romhacking.net" />
+	<target host="datacrystal.romhacking.net" />
+  
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RoosterTeeth.com.xml b/src/chrome/content/rules/RoosterTeeth.com.xml
new file mode 100644
index 000000000000..4159b657ca81
--- /dev/null
+++ b/src/chrome/content/rules/RoosterTeeth.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="RoosterTeeth.com">
+
+	<target host="roosterteeth.com" />
+	<target host="www.roosterteeth.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Root.cz.xml b/src/chrome/content/rules/Root.cz.xml
deleted file mode 100644
index 9cc907eee19e..000000000000
--- a/src/chrome/content/rules/Root.cz.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://rss.root.cz/ => https://rss.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'rss.root.cz'")
-Fetch error: http://skoleni.root.cz/ => https://skoleni.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'skoleni.root.cz'")
-Fetch error: http://knihy.root.cz/ => https://knihy.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'knihy.root.cz'")
-Fetch error: http://zdrojak.root.cz/ => https://zdrojak.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'zdrojak.root.cz'")
-Fetch error: http://man.root.cz/ => https://man.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'man.root.cz'")
-Fetch error: http://licence.root.cz/ => https://licence.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'licence.root.cz'")
-Fetch error: http://ipv6.root.cz/ => https://ipv6.root.cz/: (7, '')
-Fetch error: http://shop.root.cz/ => https://shop.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'shop.root.cz'")
-Fetch error: http://devel.root.cz/ => https://devel.root.cz/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://beta.root.cz/ => https://beta.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'beta.root.cz'")
-Fetch error: http://i.root.cz/ => https://i.root.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'i.root.cz'")
-
-  Working subdomains:
-  root.cz
-  www.root.cz
-  forum.root.cz
-  blog.root.cz
-  rss.root.cz
-  skoleni.root.cz
-  knihy.root.cz
-  zdrojak.root.cz
-  man.root.cz
-  licence.root.cz
-  jabber.root.cz
-  ipv6.root.cz
-  shop.root.cz
-  10.root.cz
-  cos.root.cz
-  devel.root.cz
-  beta.root.cz
-  f.root.cz
-  i.root.cz
-
-  Broken subdomains:
-  butik.root.cz
-  partner.root.cz
-  autoconfig.root.cz
-  blok.root.cz
-  www.zdrojak.root.cz
-  us.root.cz
--->
-<ruleset name="Root.cz" default_off='failed ruleset test'>
-	<target host="root.cz" />
-	<target host="www.root.cz" />
-	<target host="forum.root.cz" />
-	<target host="blog.root.cz" />
-	<target host="rss.root.cz" />
-	<target host="skoleni.root.cz" />
-	<target host="knihy.root.cz" />
-	<target host="zdrojak.root.cz" />
-	<target host="man.root.cz" />
-	<target host="licence.root.cz" />
-	<target host="jabber.root.cz" />
-	<target host="ipv6.root.cz" />
-	<target host="shop.root.cz" />
-	<target host="10.root.cz" />
-	<target host="cos.root.cz" />
-	<target host="devel.root.cz" />
-	<target host="beta.root.cz" />
-	<target host="f.root.cz" />
-	<target host="i.root.cz" />
-
-	<securecookie host=".+\.root\.cz$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/RootBSD.net.xml b/src/chrome/content/rules/RootBSD.net.xml
index 865e238e29c2..b5287654fc5b 100644
--- a/src/chrome/content/rules/RootBSD.net.xml
+++ b/src/chrome/content/rules/RootBSD.net.xml
@@ -1,13 +1,14 @@
 <ruleset name="RootBSD.net">
 
 	<target host="rootbsd.net" />
-	<target host="*.rootbsd.net" />
+	<target host="admin.rootbsd.net" />
+	<target host="manage.rootbsd.net" />
+	<target host="www.rootbsd.net" />
 
 
 	<securecookie host="^(?:admin|manage)\.rootbsd\.net$" name=".+" />
 
 
-	<rule from="^http://((?:admin|manage|www)\.)?rootbsd\.net/"
-		to="https://$1rootbsd.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RoseHosting.com.xml b/src/chrome/content/rules/RoseHosting.com.xml
index 07865923f4ff..4318f23b3f1a 100644
--- a/src/chrome/content/rules/RoseHosting.com.xml
+++ b/src/chrome/content/rules/RoseHosting.com.xml
@@ -1,12 +1,10 @@
 <!--
 	Other Rose Web Services rulesets:
 
-		- AllUnmanaged.com.xml
 		- CoolWebScripts.com.xml
 		- KVM-VPS.com.xml
 		- Linux_Cloud_VPS.com.xml
 		- SolidAlert.com.xml
-		- Virtual-Server.org.xml
 
 
 	Insecure cookies are set for these hosts:
diff --git a/src/chrome/content/rules/Rosevrobank.ru.xml b/src/chrome/content/rules/Rosevrobank.ru.xml
index 23a58599161f..d1a6b97f1a99 100644
--- a/src/chrome/content/rules/Rosevrobank.ru.xml
+++ b/src/chrome/content/rules/Rosevrobank.ru.xml
@@ -19,7 +19,7 @@ webquik.rosevrobank.ru ²
 ² refused
 ³ timed out
 -->
-<ruleset name="rosevrobank.ru" default_off='failed ruleset test'>
+<ruleset name="rosevrobank.ru" default_off="failed ruleset test">
 	<target host="rosevrobank.ru" />
 	<target host="www.rosevrobank.ru" />
 	<target host="blog.rosevrobank.ru" />
diff --git a/src/chrome/content/rules/Roskilde_University.xml b/src/chrome/content/rules/Roskilde_University.xml
index 26e688766366..c4a937fb1402 100644
--- a/src/chrome/content/rules/Roskilde_University.xml
+++ b/src/chrome/content/rules/Roskilde_University.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.ruc.dk/ => https://www.ruc.dk/: (60, 'SSL certificate pr
 		- ^	(404, valid cert)
 
 -->
-<ruleset name="Roskilde University (partial)" default_off='failed ruleset test'>
+<ruleset name="Roskilde University (partial)" default_off="failed ruleset test">
 
 	<target host="ruc.dk" />
 	<target host="www.ruc.dk" />
@@ -21,4 +21,4 @@ Fetch error: http://www.ruc.dk/ => https://www.ruc.dk/: (60, 'SSL certificate pr
 	<rule from="^http://(?:www\.)?ruc\.dk/"
 		to="https://www.ruc.dk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ross_Ulbricht.org.xml b/src/chrome/content/rules/Ross_Ulbricht.org.xml
index e4275ec19484..9c32856ef0a2 100644
--- a/src/chrome/content/rules/Ross_Ulbricht.org.xml
+++ b/src/chrome/content/rules/Ross_Ulbricht.org.xml
@@ -1,4 +1,4 @@
-<ruleset name="Ross Ulbricht.org" default_off='mismatch'>
+<ruleset name="Ross Ulbricht.org" default_off="mismatch">
 	<target host="rossulbricht.org" />
 	<target host="www.rossulbricht.org" />
 
diff --git a/src/chrome/content/rules/Rossia.org.xml b/src/chrome/content/rules/Rossia.org.xml
index 0ab5c2be4106..72f45f8355f7 100644
--- a/src/chrome/content/rules/Rossia.org.xml
+++ b/src/chrome/content/rules/Rossia.org.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Roster-Teeth.xml b/src/chrome/content/rules/Roster-Teeth.xml
deleted file mode 100644
index 6575dd8b74ed..000000000000
--- a/src/chrome/content/rules/Roster-Teeth.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(valid cert; redirects to http, even *login* and *signup* pages[!])
-
--->
-<ruleset name="Roster Teeth (partial)">
-
-	<target host="s3.roosterteeth.com" />
-
-
-	<rule from="^http://s3\.roosterteeth\.com/"
-		to="https://s3.amazonaws.com/s3.roosterteeth.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/RotaryView.com.xml b/src/chrome/content/rules/RotaryView.com.xml
index 7aa6ba39e022..a1fa011a8dfe 100644
--- a/src/chrome/content/rules/RotaryView.com.xml
+++ b/src/chrome/content/rules/RotaryView.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rother.gov.uk-falsemixed.xml b/src/chrome/content/rules/Rother.gov.uk-falsemixed.xml
deleted file mode 100644
index acc7244703a3..000000000000
--- a/src/chrome/content/rules/Rother.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Rother.gov.uk.xml.
-
--->
-<ruleset name="Rother.gov.uk (false MCB)" platform="mixedcontent">
-
-	<target host="hub.rother.gov.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rotherham.gov.uk.xml b/src/chrome/content/rules/Rotherham.gov.uk.xml
index 53ac7317e449..a1dcf77f8fd3 100644
--- a/src/chrome/content/rules/Rotherham.gov.uk.xml
+++ b/src/chrome/content/rules/Rotherham.gov.uk.xml
@@ -43,7 +43,7 @@ Fetch error: http://myaccount.rotherham.gov.uk/ => https://myaccount.rotherham.g
 	ˢ Secured by us
 
 -->
-<ruleset name="Rotherham.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Rotherham.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="rotherham.gov.uk" />
 	<target host="admissions.rotherham.gov.uk" />
diff --git a/src/chrome/content/rules/Rotlogix.com.xml b/src/chrome/content/rules/Rotlogix.com.xml
deleted file mode 100644
index b42527ae5e81..000000000000
--- a/src/chrome/content/rules/Rotlogix.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="rotlogix.com">
-
-	<target host="rotlogix.com" />
-	<target host="www.rotlogix.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rottenecards.xml b/src/chrome/content/rules/Rottenecards.xml
index 06571c4fbcd8..5ffbf12b62e7 100644
--- a/src/chrome/content/rules/Rottenecards.xml
+++ b/src/chrome/content/rules/Rottenecards.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://rottenecards.com/ => https://rottenecards.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.rottenecards.com/ => https://www.rottenecards.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Rottenecards" default_off='failed ruleset test'>
+<ruleset name="Rottenecards" default_off="failed ruleset test">
 
 	<target host="rottenecards.com" />
 	<target host="www.rottenecards.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.rottenecards.com/ => https://www.rottenecards.com/: (60,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rough_Trade_Gear.xml b/src/chrome/content/rules/Rough_Trade_Gear.xml
index 922ef41480a6..49d2727e6074 100644
--- a/src/chrome/content/rules/Rough_Trade_Gear.xml
+++ b/src/chrome/content/rules/Rough_Trade_Gear.xml
@@ -12,7 +12,7 @@
 	<target host="www.roughtradegear.com" />
 
 
-	<securecookie host="^(?:.*\.)?roughtradegear\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Roundhouse.org.uk.xml b/src/chrome/content/rules/Roundhouse.org.uk.xml
new file mode 100644
index 000000000000..73538a27981d
--- /dev/null
+++ b/src/chrome/content/rules/Roundhouse.org.uk.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- volunteers.roundhouse.org.uk
+
+		Timeout was reached:
+		- tickets.roundhouse.org.uk
+-->
+<ruleset name="Roundhouse.org.uk">
+	<target host="roundhouse.org.uk" />
+	<target host="www.roundhouse.org.uk" />
+	<target host="50.roundhouse.org.uk" />
+	<target host="careers.roundhouse.org.uk" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Roundhouse.xml b/src/chrome/content/rules/Roundhouse.xml
deleted file mode 100644
index 5b9bd038e5bb..000000000000
--- a/src/chrome/content/rules/Roundhouse.xml
+++ /dev/null
@@ -1,66 +0,0 @@
-<ruleset name="Roundhouse" default_off="needs testing">
-
-	<target host="roundhouse.org.uk" />
-	<!--	* for cross-domain cookie.	-->
-	<target host="*.roundhouse.org.uk" />
-		<!--	Some pages in [\w\-]+/\w redirect to http.
-				Excluded here are:
-
-					- about
-					- about/cultural-camden
-					x about/history					(works)
-					- about/jobs$
-					- about/people
-					x about/press					(works)
-					- about/press/archive/
-					- about/roundhouse-people/ambassadors
-					x about/roundhouse-people/annual-reports	(works)
-					- about/roundhouse-people/associates
-					- about/roundhouse-people/biographies
-					- about/roundhouse-people/roundhouse-trust
-					- about/roundhouse-people/staff
-					- book-tickets
-					- call-to-create$
-					x contact/?$					(works)
-					- expore$
-					- explore/portfolios
-					- explore/profiles/all
-					- explore/radio/
-						- Some programs' pages don't.
-					x explore/what-was-on 				(works)
-					- hire/roundhouse-london-2012
-					- hire/spaces-for-hire
-					- round1$
-					- round1/about
-					- round1/blog
-					- round1/jointheteam
-					- round1/producers
-					- round1/projects
-					- takepart$
-					- take-part/creative-projects$
-					- take-part/creative-projects/creative-media/online-film-fund-2012
-					- take-part/creative-projects/music
-					- take-part/get-support$
-					- take-part/get-support/financial-support
-					- visit/buy-a-t-shirt
-					- whats-on/festivals
-					- whats-on/productions$
-					- whats-on/world-shakespeare-festival
-								-->
-	<exclusion 
-pattern="^http://(www\.)?roundhouse\.org\.uk/(about($|/cultural-camden|/jobs$|/people|press/archive/|/roundhouse-people/(ambassadors|associates|biographies|roundhouse-trust|staff))|book-tickets|call-to-create$|explore($|/portfolios|/profiles/all|/radio/)|hire/(roundhouse-london-2012|spaces-for-hire)|round1($|/about|/blog|/jointheteam|/producers|/projects)|take-part$|take-part/(creative-projects($|/creative-media/online-film-fund-2012|/performing-arts)|get-support($|financial-support))|visit/buy-a-t-shirt|whats-on/(festivals|productions$|world-shakespeare-festival))" 
-/>
-
-
-	<securecookie host="^(?:www)?\.roundhouse\.org\.uk$" name=".+" />
-
-
-	<!--	/$ redirects to $, but only after redirecting to http.
-		The same is the case for some other directories.	-->
-	<rule from="^http://(www\.)?roundhouse\.org\.uk/(contact|take-part)/$"
-		to="https://$1roundhouse.org.uk/$2" />
-
-	<rule from="^http://(www\.)?roundhouse\.org\.uk/"
-		to="https://$1roundhouse.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rovio.com.xml b/src/chrome/content/rules/Rovio.com.xml
index fceceeb839b0..a737aaf3aa47 100644
--- a/src/chrome/content/rules/Rovio.com.xml
+++ b/src/chrome/content/rules/Rovio.com.xml
@@ -64,9 +64,6 @@
 
 		<test url="http://assets.rovio.com/rovio/favicon.ico" />
 
-	<rule from="^http://assets-production\.rovio\.com/"
-		to="https://ductl1gjw76cl.cloudfront.net/" />
-
 		<test url="http://assets-production.rovio.com/s3fs-public/privacypolicy_2.jpg" />
 
 	<rule from="^http://fonts\.rovio\.com/"
diff --git a/src/chrome/content/rules/Rowetel.com.xml b/src/chrome/content/rules/Rowetel.com.xml
new file mode 100644
index 000000000000..b201a8de7aee
--- /dev/null
+++ b/src/chrome/content/rules/Rowetel.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- autoconfig.rowetel.com
+		- autodiscover.rowetel.com
+		- cpanel.rowetel.com
+		- ftp.rowetel.com
+		- mail.rowetel.com
+		- webdisk.rowetel.com
+		- webmail.rowetel.com
+		- whm.rowetel.com
+-->
+<ruleset name="Rowetel.com">
+	<target host="rowetel.com" />
+	<target host="www.rowetel.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Royal-Academy-of-Engineering.xml b/src/chrome/content/rules/Royal-Academy-of-Engineering.xml
index 11ba23dcfb57..b4dca747688d 100644
--- a/src/chrome/content/rules/Royal-Academy-of-Engineering.xml
+++ b/src/chrome/content/rules/Royal-Academy-of-Engineering.xml
@@ -6,10 +6,11 @@ Fetch error: http://raeng.org.uk/ => https://www.raeng.org.uk/: Too many redirec
 Disabled by https-everywhere-checker because:
 Fetch error: http://raeng.org.uk/ => https://www.raeng.org.uk/: Cycle detected - URL already encountered: https://www.raeng.org.uk/
 -->
-<ruleset name="Royal Academy of Engineering" default_off='failed ruleset test'>
+<ruleset name="Royal Academy of Engineering" default_off="failed ruleset test">
 
 	<target host="raeng.org.uk" />
-	<target host="*.raeng.org.uk" />
+	<target host="www.raeng.org.uk" />
+	<target host="private.raeng.org.uk" />
 
 
 	<securecookie host="^.*\.raeng\.org\.uk$" name=".+" />
@@ -20,7 +21,6 @@ Fetch error: http://raeng.org.uk/ => https://www.raeng.org.uk/: Cycle detected -
 	<rule from="^http://(?:www\.)?raeng\.org\.uk/"
 		to="https://www.raeng.org.uk/" />
 
-	<rule from="^http://private\.raeng\.org\.uk/"
-		to="https://private.raeng.org.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Royal-Society-of-Chemistry-mismatches.xml b/src/chrome/content/rules/Royal-Society-of-Chemistry-mismatches.xml
deleted file mode 100644
index 4407ef128a74..000000000000
--- a/src/chrome/content/rules/Royal-Society-of-Chemistry-mismatches.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Royal Society (mismatches)" default_off="mismatch, self-signed">
-
-	<!--	www.rscweb.org	-->
-	<target host="prospect.rsc.org"/>
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Royal-Society-of-Chemistry.xml b/src/chrome/content/rules/Royal-Society-of-Chemistry.xml
index 293bcb2f8d15..b58ac81978e7 100644
--- a/src/chrome/content/rules/Royal-Society-of-Chemistry.xml
+++ b/src/chrome/content/rules/Royal-Society-of-Chemistry.xml
@@ -1,31 +1,33 @@
-<!--	Problematic domains handled in Royal-Society-of-Chemistry-mismatches.xml
-
-	nonfunctional: blogs, pubs, www.
-
-	www redirects to http, even images, even the shop!
-
-	pubs and www: passwords, logins, details - all plain text.
-	There's a nice gif of a padlock though.  Must be secure plain text.
+<!--
+	Active mixed content:
+		- cds.rsc.org
+
+	Connection closed:
+		- feeds.rsc.org
+
+	Empty response:
+		- pubs.rsc.org
+
+	Invalid certificate:
+		- blogs.rsc.org
+		- ilab.cds.rsc.org
+		- jobs.rsc.org
+		- prospect.rsc.org
+
+	Redirects to HTTP:
+		- rsc.org
+		- www.rsc.org
+		- spectraschool.rsc.org
+
+	Timed out:
+		- ebook.rsc.org
+		- my.rsc.org
+		- xlink.rsc.org
 -->
-<ruleset name="Royal Society of Chemistry (partial)" platform="mixedcontent">
-
-	<target host="chemspider.com"/>
-	<target host="*.chemspider.com"/>
-	<target host="rsc.org"/>
-	<target host="carousel.rsc.org"/>
-	<target host="rscweb.org"/>
-	<target host="www.rscweb.org"/>
-
-	<securecookie host="^(?:.*\.)?chemspider\.com$" name=".+" />
-	<securecookie host="^(?:carousel|members)\.rsc\.org$" name=".+" />
-
-	<rule from="^http://([\w-]+\.)?chemspider\.com/"
-		to="https://$1chemspider.com/"/>
-
-	<rule from="^http://(?:rsc|(?:www\.)?rscweb)\.org/"
-		to="https://www.rsc.org/"/>
 
-	<rule from="^http://(carousel|members)\.rsc\.org/"
-		to="https://$1.rsc.org/"/>
+<ruleset name="Royal Society of Chemistry">
+	<target host="eic.rsc.org" />
+	<target host="members.rsc.org" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RoyalAustralianNavy.xml b/src/chrome/content/rules/RoyalAustralianNavy.xml
index de2b907228a9..03d082a6f635 100644
--- a/src/chrome/content/rules/RoyalAustralianNavy.xml
+++ b/src/chrome/content/rules/RoyalAustralianNavy.xml
@@ -6,10 +6,10 @@ Fetch error: http://navy.gov.au/ => https://www.navy.gov.au/: (7, 'Failed to con
 Disabled by https-everywhere-checker because:
 Fetch error: http://navy.gov.au/ => https://www.navy.gov.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Royal Australian Navy" default_off='failed ruleset test'>
+<ruleset name="Royal Australian Navy" default_off="failed ruleset test">
 	<target host="navy.gov.au" />
-	<target host="*.navy.gov.au" />
+	<target host="www.navy.gov.au" />
 
 	<rule from="^http://(?:www\.)?navy\.gov\.au/"
 		to="https://www.navy.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RoyalGovUK.xml b/src/chrome/content/rules/RoyalGovUK.xml
index bfd3307b739c..c16dce724a8c 100644
--- a/src/chrome/content/rules/RoyalGovUK.xml
+++ b/src/chrome/content/rules/RoyalGovUK.xml
@@ -5,11 +5,11 @@ Fetch error: http://royal.gov.uk/ => https://www.royal.gov.uk/: (60, 'SSL certif
 Fetch error: http://www.royal.gov.uk/ => https://www.royal.gov.uk/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="RoyalGovUK" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="RoyalGovUK" platform="mixedcontent" default_off="failed ruleset test">
   <target host="royal.gov.uk"/>
   <target host="www.royal.gov.uk"/>
 
-  <securecookie host="^(?:.+\.)?royal\.gov\.uk$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?royal\.gov\.uk/" to="https://www.royal.gov.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Royal_Mail.xml b/src/chrome/content/rules/Royal_Mail.xml
index 6546ab1e9bdb..14cbed1c085f 100644
--- a/src/chrome/content/rules/Royal_Mail.xml
+++ b/src/chrome/content/rules/Royal_Mail.xml
@@ -9,7 +9,9 @@
 <ruleset name="Royal Mail (partial)">
 
 	<target host="royalmail.com" />
-	<target host="*.royalmail.com" />
+	<target host="www.royalmail.com" />
+	<target host="shop.royalmail.com" />
+	<target host="www2.royalmail.com" />
 
 
 	<securecookie host="^(?:\.?shop|www2)\.royalmail\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Royal_Mail_Group.xml b/src/chrome/content/rules/Royal_Mail_Group.xml
deleted file mode 100644
index ecd96b4431e0..000000000000
--- a/src/chrome/content/rules/Royal_Mail_Group.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Other Royal Mail rulesets:
-
-		- Parcelforce.xml
-		- Post_Office.xml
-		- Post_Office_Shop.xml
-		- Royal_Mail.xml
-
-
-	- Cert only matches *.royalmailgroup.com
-	- Some (most?) pages redirect to http
-
--->
-<ruleset name="Royal Mail Group (partial)">
-
-	<target host="royalmailgroup.com" />
-	<target host="*.royalmailgroup.com" />
-
-
-	<rule from="^http://(?:www\.)?royalmailgroup\.com/(sites/|user(?:$|\?|/))"
-		to="https://www.royalmailgroup.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rpw.sh.xml b/src/chrome/content/rules/Rpw.sh.xml
index 8e4260f32e18..a8dce746ee9a 100644
--- a/src/chrome/content/rules/Rpw.sh.xml
+++ b/src/chrome/content/rules/Rpw.sh.xml
@@ -5,7 +5,7 @@ Fetch error: http://rpw.sh/ => https://rpw.sh/: (60, 'SSL certificate problem: c
 Fetch error: http://www.rpw.sh/ => https://www.rpw.sh/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="rpw.sh" default_off='failed ruleset test'>
+<ruleset name="rpw.sh" default_off="failed ruleset test">
 
 	<target host="rpw.sh" />
 	<target host="www.rpw.sh" />
diff --git a/src/chrome/content/rules/Rsyslog.com.xml b/src/chrome/content/rules/Rsyslog.com.xml
new file mode 100644
index 000000000000..3385fa32af2e
--- /dev/null
+++ b/src/chrome/content/rules/Rsyslog.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Nonfunctional hosts in *.rsyslog.com:
+		- rsyslog.com (m)
+		- alpine.rsyslog.com (t)
+		- cookbook.rsyslog.com (m)
+		- download.rsyslog.com (m)
+		- ubuntu16.rsyslog.com (t)
+		- wiki.rsyslog.com (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Rsyslog.com">
+	<target host="rsyslog.com" />
+	<target host="www.rsyslog.com" />
+	<target host="build.rsyslog.com" />
+
+	<rule from="^http://rsyslog\.com/" to="https://www.rsyslog.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rtbf.be.xml b/src/chrome/content/rules/Rtbf.be.xml
index 6a6757d9ecfb..e64b7a2b8cc6 100644
--- a/src/chrome/content/rules/Rtbf.be.xml
+++ b/src/chrome/content/rules/Rtbf.be.xml
@@ -22,7 +22,7 @@ Fetch error: http://www.static.rtbf.be/ => https://ssl-www.static.rtbf.be/: (51,
 		- www.rtbf.be
 
 -->
-<ruleset name="Rtbf.be Belgian Television" default_off='failed ruleset test'>
+<ruleset name="Rtbf.be Belgian Television" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Rtcquebec.ca.xml b/src/chrome/content/rules/Rtcquebec.ca.xml
new file mode 100644
index 000000000000..23feda82880d
--- /dev/null
+++ b/src/chrome/content/rules/Rtcquebec.ca.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		- portail.rtcquebec.ca
+		- retraite.rtcquebec.ca
+-->
+
+<ruleset name="Rtcquebec.ca">
+	<target host="rtcquebec.ca" />
+	<target host="www.rtcquebec.ca" />
+	<target host="m.rtcquebec.ca" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ru4.com.xml b/src/chrome/content/rules/Ru4.com.xml
deleted file mode 100644
index 369fe42e7f1a..000000000000
--- a/src/chrome/content/rules/Ru4.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .ru4.com
-
--->
-<ruleset name="ru4.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="d.xp1.ru4.com" />
-	<target host="msec.xp1.ru4.com" />
-
-		<test url="http://d.xp1.ru4.com/activity?_o=" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.ru4\.com$" name="^(TMP_X1ID|X1ID)$" /-->
-
-	<securecookie host="^\.ru4\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Rubicon-Project.xml b/src/chrome/content/rules/Rubicon-Project.xml
index 8bfff1f0a623..60d4f6740984 100644
--- a/src/chrome/content/rules/Rubicon-Project.xml
+++ b/src/chrome/content/rules/Rubicon-Project.xml
@@ -15,53 +15,141 @@
 	* Plaintext reply
 
 
-	Insecure cookies are set for these domains:
-
-		- .rubiconproject.com
-
+	Timeout:
+		- 204.rubiconproject.com
+		- arsenal.rubiconproject.com
+		- arws.rubiconproject.com
+		- bcbb-hfc2.rubiconproject.com
+		- bcbb-iad2.rubiconproject.com
+		- boxy-bea-iad2.rubiconproject.com
+		- content.rubiconproject.com
+		- pas-api.rubiconproject.com
+		- vpn-it.rubiconproject.com
+
+	Cert expired:
+		- gobuyersupport.rubiconproject.com
+		- sonic.rubiconproject.com
+
+	Chain issues:
+		- vpn-dc.rubiconproject.com
+		- vpn-eng.rubiconproject.com
+		- vpn-test.rubiconproject.com
+		- vpn.rubiconproject.com
+
+	Connection refused:
+		- rfm.rubiconproject.com
+
+	Cert mismatch:
+		- awsm.rubiconproject.com
+		- dsp-token.aws.rubiconproject.com
+		- assets.rubiconproject.com
+		- assets2.rubiconproject.com
+		- cdn.rubiconproject.com
+		- email.rubiconproject.com
+		- garagestaging.rubiconproject.com
+		- go.rubiconproject.com
+		- investor.rubiconproject.com
+		- labs2.rubiconproject.com
+		- messages.rubiconproject.com
+		- assets.rfm.rubiconproject.com
+		- rubibid.rubiconproject.com
+		- stats.rubiconproject.com
+		- status.rubiconproject.com
+		- tap-cdn.rubiconproject.com
+
+	Non-200 status code:
+		- tap2-cdn.rubiconproject.com
+
+	TLS Error:
+		- ebsdrdmz.cs.rubiconproject.com
 -->
 <ruleset name="Rubicon Project.com">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="ads.rubiconproject.com" />
+	<target host="rubiconproject.com" />
+	<target host="www.rubiconproject.com" />
+
+	<target host="49bc.rubiconproject.com" />
 	<target host="anvil.rubiconproject.com" />
-	<target host="arsenal.rubiconproject.com" />
-	<target host="beacon-apac-hkg1.rubiconproject.com" />
+	<target host="ads.aws.rubiconproject.com" />
+	<target host="prebid.aws.rubiconproject.com" />
+	<target host="sneezy.aws.rubiconproject.com" />
+	<target host="stats.aws.rubiconproject.com" />
+	<target host="usync.aws.rubiconproject.com" />
+	<target host="yahoo.aws.rubiconproject.com" />
+	<target host="assets-rfm.rubiconproject.com" />
+	<target host="beacon.rubiconproject.com" />
+	<target host="beacon-eu-ams3.rubiconproject.com" />
 	<target host="beacon-eu2.rubiconproject.com" />
+	<target host="beacon-apac-nrt1.rubiconproject.com" />
+	<target host="beacon-apac-hkg1.rubiconproject.com" />
 	<target host="beacon-us-east.rubiconproject.com" />
-	<target host="beacon.rubiconproject.com" />
+	<target host="beacon-nf.rubiconproject.com" />
+	<target host="beacon-us-iad2.rubiconproject.com" />
+	<target host="beacon-us-iad3.rubiconproject.com" />
+	<target host="beacon-us-sjc1.rubiconproject.com" />
+	<target host="beacon-us-west.rubiconproject.com" />
+	<target host="buyer.rubiconproject.com" />
+	<target host="chango.rubiconproject.com" />
+	<target host="connect.rubiconproject.com" />
+	<target host="connect-api.rubiconproject.com" />
+	<target host="ebsproddmz.cs.rubiconproject.com" />
 	<target host="demand.rubiconproject.com" />
+	<target host="dev.rubiconproject.com" />
+	<target host="dspdash.rubiconproject.com" />
+	<target host="eus.rubiconproject.com" />
+	<target host="exapi-apac.rubiconproject.com" />
+	<target host="exapi-eu.rubiconproject.com" />
+	<target host="exapi-us-east.rubiconproject.com" />
+	<target host="exapi-us-west.rubiconproject.com" />
 	<target host="fastlane.rubiconproject.com" />
+	<target host="finance.rubiconproject.com" />
+	<target host="flapi1.rubiconproject.com" />
+	<target host="flds.rubiconproject.com" />
+	<target host="idm.rubiconproject.com" />
+	<target host="integration.rubiconproject.com" />
+	<target host="kb.rubiconproject.com" />
+	<target host="labs1.rubiconproject.com" />
 	<target host="login.rubiconproject.com" />
+	<target host="mp.rubiconproject.com" />
+	<target host="mrp.rubiconproject.com" />
+	<target host="mrpdisplay.rubiconproject.com" />
+	<target host="mrpsandbox.rubiconproject.com" />
+	<target host="mrptrack-e.rubiconproject.com" />
+	<target host="mtrack-mrp.rubiconproject.com" />
+	<target host="optimization.rubiconproject.com" />
 	<target host="optimized-by.rubiconproject.com" />
+	<target host="optimized-by-adv.rubiconproject.com" />
+	<target host="optimized-rtp-us-west.rubiconproject.com" />
+	<target host="orders.rubiconproject.com" />
 	<target host="pixel.rubiconproject.com" />
-	<target host="revv-static.rubiconproject.com" />
+	<target host="pixel-apac.rubiconproject.com" />
+	<target host="pixel-eu.rubiconproject.com" />
+	<target host="pixel-us-east.rubiconproject.com" />
+	<target host="pixel-us-west.rubiconproject.com" />
+	<target host="platform-static.rubiconproject.com" />
+	<target host="platform.rubiconproject.com" />
+	<target host="post.update.rubiconproject.com" />
+	<target host="prebid-server.rubiconproject.com" />
 	<target host="revv.rubiconproject.com" />
+	<target host="revv-static.rubiconproject.com" />
 	<target host="s.update.rubiconproject.com" />
+	<target host="sas-api.rubiconproject.com" />
+	<target host="sdk.rubiconproject.com" />
+	<target host="secure-assets.rubiconproject.com" />
+	<target host="secured-by.rubiconproject.com" />
 	<target host="staged-by.rubiconproject.com" />
-	<target host="stats.aws.rubiconproject.com" />
+	<target host="support.rubiconproject.com" />
 	<target host="tap.rubiconproject.com" />
+	<target host="tap-s.rubiconproject.com" />
+	<target host="tap-secure.rubiconproject.com" />
+	<target host="tap-t.rubiconproject.com" />
 	<target host="vantage.rubiconproject.com" />
-
-	<!--	Complications:
-				-->
-	<target host="tap-cdn.rubiconproject.com" />
-	<target host="tap2-cdn.rubiconproject.com" />
-
-		<test url="http://pixel.rubiconproject.com/tap.php?v=" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(pixel)?\.rubiconproject\.com$" name="^c$" /-->
+	<target host="video-ads-apex.rubiconproject.com" />
+	<target host="video-ads.rubiconproject.com" />
+	<target host="webcast.rubiconproject.com" />
 
 	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://tap2?-cdn\.rubiconproject\.com/"
-		to="https://tap.rubiconproject.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Ruby-China.org.xml b/src/chrome/content/rules/Ruby-China.org.xml
index abcba337afd3..4c5de44a95a6 100644
--- a/src/chrome/content/rules/Ruby-China.org.xml
+++ b/src/chrome/content/rules/Ruby-China.org.xml
@@ -1,19 +1,13 @@
 <!--
-	Mismatch:
-		guides.ruby-china.org
-		www.ruby-china.org
+	SSL_ERROR_NO_CYPHER_OVERLAP:
+		cache.ruby-china.org
 -->
-
 <ruleset name="Ruby-China.org">
-
-	<target host="www.ruby-china.org" />
-	<rule from="^http://www\.ruby-china\.org/" to="https://ruby-china.org/" />
-	
 	<target host="ruby-china.org" />
-	<target host="cache.ruby-china.org" />
+	<target host="www.ruby-china.org" />
 	<target host="gems.ruby-china.org" />
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Rudix.org.xml b/src/chrome/content/rules/Rudix.org.xml
new file mode 100644
index 000000000000..9bcd75d74d16
--- /dev/null
+++ b/src/chrome/content/rules/Rudix.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatch:
+		www.rudix.org
+-->
+<ruleset name="Rudix.org">
+	<target host="rudix.org" />
+	<target host="www.rudix.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.rudix\.org/" to="https://rudix.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Rudloff.pro.xml b/src/chrome/content/rules/Rudloff.pro.xml
deleted file mode 100644
index c1cb927fc0e7..000000000000
--- a/src/chrome/content/rules/Rudloff.pro.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Rudloff.pro">
-  <target host="rudloff.pro" />
-  <target host="www.rudloff.pro" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Rue_La_La.com.xml b/src/chrome/content/rules/Rue_La_La.com.xml
index 2be81ff47b87..697102018c08 100644
--- a/src/chrome/content/rules/Rue_La_La.com.xml
+++ b/src/chrome/content/rules/Rue_La_La.com.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?ruelala\.com/"
 		to="https://www.ruelala.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rufus.xml b/src/chrome/content/rules/Rufus.xml
index 9731043ee504..69fa7a71a6a7 100644
--- a/src/chrome/content/rules/Rufus.xml
+++ b/src/chrome/content/rules/Rufus.xml
@@ -1,7 +1,7 @@
 <ruleset name="rufus">
 
 	<target host="rufus.akeo.ie"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/RugStudio.xml b/src/chrome/content/rules/RugStudio.xml
index 6df923ef3d2b..652e29886848 100644
--- a/src/chrome/content/rules/RugStudio.xml
+++ b/src/chrome/content/rules/RugStudio.xml
@@ -11,7 +11,8 @@
 <ruleset name="RugStudio (partial)">
 
 	<target host="rugstudio.com" />
-	<target host="*.rugstudio.com" />
+	<target host="www.rugstudio.com" />
+	<target host="rugs.rugstudio.com" />
 
 
 	<rule from="^http://(?:www\.)?rugstudio\.com/((?:cart|custom\.css|login|order-lookup|send-password)\.aspx|customfooter2\.css|favicon\.ico|images/|imago/|themes/)"
@@ -20,4 +21,4 @@
 	<rule from="^http://rugs\.rugstudio\.com/"
 		to="https://rugstudio.resultspage.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/RukometniTrener.com.xml b/src/chrome/content/rules/RukometniTrener.com.xml
new file mode 100644
index 000000000000..f40e31f2581f
--- /dev/null
+++ b/src/chrome/content/rules/RukometniTrener.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="RukometniTrener.com">
+	<target host="rukometnitrener.com" />
+	<target host="www.rukometnitrener.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruliweb.com.xml b/src/chrome/content/rules/Ruliweb.com.xml
new file mode 100644
index 000000000000..b2ddf9655b9a
--- /dev/null
+++ b/src/chrome/content/rules/Ruliweb.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="Ruliweb.com">
+	<target host="ruliweb.com" />
+	<target host="www.ruliweb.com" />
+	<target host="bbs.ruliweb.com" />
+	<target host="cmg.ruliweb.com" />
+	<target host="img.ruliweb.com" />
+	<target host="i1.ruliweb.com" />
+	<target host="i2.ruliweb.com" />
+	<target host="i3.ruliweb.com" />
+	<target host="m.ruliweb.com" />
+	<target host="market.ruliweb.com" />
+	<target host="mypi.ruliweb.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RunAbove.xml b/src/chrome/content/rules/RunAbove.xml
index 299612de7eae..4cf304a8b4b4 100644
--- a/src/chrome/content/rules/RunAbove.xml
+++ b/src/chrome/content/rules/RunAbove.xml
@@ -6,7 +6,7 @@ Fetch error: http://status.runabove.com/ => https://status.runabove.com/: (6, 'C
 	For other OVH Group coverage, see Ovh.xml.
 
 -->
-<ruleset name="RunAbove.com" default_off='failed ruleset test'>
+<ruleset name="RunAbove.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/RunRepeat.com.xml b/src/chrome/content/rules/RunRepeat.com.xml
new file mode 100644
index 000000000000..8787fb1c1294
--- /dev/null
+++ b/src/chrome/content/rules/RunRepeat.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="RunRepeat.com">
+
+	<target host="runrepeat.com" />
+	<target host="www.runrepeat.com" />
+	<target host="cdn.runrepeat.com" />
+	<target host="p.runrepeat.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/RunSafe.xml b/src/chrome/content/rules/RunSafe.xml
index b57bdb9ac482..bfcfd0e4f36c 100644
--- a/src/chrome/content/rules/RunSafe.xml
+++ b/src/chrome/content/rules/RunSafe.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Runbook.io.xml b/src/chrome/content/rules/Runbook.io.xml
index 313673b47f27..d12632e5a98c 100644
--- a/src/chrome/content/rules/Runbook.io.xml
+++ b/src/chrome/content/rules/Runbook.io.xml
@@ -6,7 +6,7 @@ Fetch error: http://dash.runbook.io/ => https://dash.runbook.io/: (6, 'Could not
 	For other Assembly coverage, see Assembly.com.xml.
 
 -->
-<ruleset name="Runbook.io" default_off='failed ruleset test'>
+<ruleset name="Runbook.io" default_off="failed ruleset test">
 
 	<target host="runbook.io" />
 	<target host="dash.runbook.io" />
diff --git a/src/chrome/content/rules/RushMyPassport.com.xml b/src/chrome/content/rules/RushMyPassport.com.xml
index f0a63a02039d..36e393b72ec6 100644
--- a/src/chrome/content/rules/RushMyPassport.com.xml
+++ b/src/chrome/content/rules/RushMyPassport.com.xml
@@ -14,4 +14,4 @@
 
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Russia.ru.xml b/src/chrome/content/rules/Russia.ru.xml
deleted file mode 100644
index adc5c4695cfc..000000000000
--- a/src/chrome/content/rules/Russia.ru.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- tv *
-
-	* Shows login page
-
-
-	Fully covered subdomains:
-
-		- adv
-		- mail
-
--->
-<ruleset name="russia.ru (partial)">
-
-	<target host="*.russia.ru" />
-
-
-	<securecookie host="^adv\.russia\.ru$" name=".+" />
-
-
-	<rule from="^http://(adv|mail)\.russia\.ru/"
-		to="https://$1.russia.ru/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Russian_American_Company.xml b/src/chrome/content/rules/Russian_American_Company.xml
index 02d05703a3c7..397737343ff2 100644
--- a/src/chrome/content/rules/Russian_American_Company.xml
+++ b/src/chrome/content/rules/Russian_American_Company.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rust-Lang.org.xml b/src/chrome/content/rules/Rust-Lang.org.xml
index c0bc4413f10f..aad60653dffb 100644
--- a/src/chrome/content/rules/Rust-Lang.org.xml
+++ b/src/chrome/content/rules/Rust-Lang.org.xml
@@ -1,6 +1,5 @@
 <!--
-	Unable to Connect:
-		rust-lang.org
+
 -->
 <ruleset name="Rust-Lang.org">
 	<target host="rust-lang.org" />
@@ -8,12 +7,11 @@
 	<target host="blog.rust-lang.org" />
 	<target host="doc.rust-lang.org" />
 	<target host="perf.rust-lang.org" />
+	<target host="play.rust-lang.org" />
 	<target host="static.rust-lang.org" />
 	<target host="users.rust-lang.org" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://rust-lang\.org/" to="https://www.rust-lang.org/" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/RustFest.eu.xml b/src/chrome/content/rules/RustFest.eu.xml
new file mode 100644
index 000000000000..0d14eb45a508
--- /dev/null
+++ b/src/chrome/content/rules/RustFest.eu.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatched:
+		- tickets
+-->
+<ruleset name="RustFest.eu">
+	<target host="rustfest.eu" />
+	<target host="www.rustfest.eu" />
+	<target host="2016.rustfest.eu" />
+	<target host="2017.rustfest.eu" />
+	<target host="activities.rustfest.eu" />
+	<target host="barcelona.rustfest.eu" />
+	<target host="bcn.rustfest.eu" />
+	<target host="blog.rustfest.eu" />
+	<target host="cfp.rustfest.eu" />
+	<target host="paris.rustfest.eu" />
+	<target host="rome.rustfest.eu" />
+	<target host="scholarship.rustfest.eu" />
+	<target host="zurich.rustfest.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml b/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml
index 6fa475eed425..7dfe30c9d12b 100644
--- a/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml
+++ b/src/chrome/content/rules/Ruxcon_Breakpoint.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://ruxconbreakpoint.com/ => https://ruxconbreakpoint.com/: (60,
 Fetch error: http://www.ruxconbreakpoint.com/ => https://www.ruxconbreakpoint.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Ruxcon Breakpoint.com" default_off='failed ruleset test'>
+<ruleset name="Ruxcon Breakpoint.com" default_off="failed ruleset test">
 
 	<target host="ruxconbreakpoint.com" />
 	<target host="www.ruxconbreakpoint.com" />
@@ -13,4 +13,4 @@ Fetch error: http://www.ruxconbreakpoint.com/ => https://www.ruxconbreakpoint.co
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Rxpharmacyusa.com.xml b/src/chrome/content/rules/Rxpharmacyusa.com.xml
index fcc4c45252df..a27667704d9f 100644
--- a/src/chrome/content/rules/Rxpharmacyusa.com.xml
+++ b/src/chrome/content/rules/Rxpharmacyusa.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://rxpharmacyusa.com/ => https://rxpharmacyusa.com/: (28, 'Conn
 Fetch error: http://www.rxpharmacyusa.com/ => https://www.rxpharmacyusa.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="rxpharmacyusa.com" default_off='failed ruleset test'>
+<ruleset name="rxpharmacyusa.com" default_off="failed ruleset test">
 
 	<target host="rxpharmacyusa.com" />
 	<target host="www.rxpharmacyusa.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.rxpharmacyusa.com/ => https://www.rxpharmacyusa.com/: (2
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ryanair.com.xml b/src/chrome/content/rules/Ryanair.com.xml
index e33ca58c7b17..8510d953b290 100644
--- a/src/chrome/content/rules/Ryanair.com.xml
+++ b/src/chrome/content/rules/Ryanair.com.xml
@@ -1,5 +1,5 @@
 <ruleset name="Ryanair.com">
-  <target host="*.ryanair.com" />
+  <target host="www.ryanair.com" />
   <target host="ryanair.com" />
 
 
@@ -11,7 +11,7 @@
 	<securecookie host="^(?:www)?\.ryanair\.com$" name=".+" />
 
 
-  <rule from="^http://www\.ryanair\.com/" to="https://www.ryanair.com/"/>
   <rule from="^http://ryanair\.com/" to="https://www.ryanair.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/S-3.com.xml b/src/chrome/content/rules/S-3.com.xml
index c7d6f8e7d458..e947e28d8c8f 100644
--- a/src/chrome/content/rules/S-3.com.xml
+++ b/src/chrome/content/rules/S-3.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://s-3.com/ => https://s-3.com/: (60, 'SSL certificate problem:
 Fetch error: http://www.s-3.com/ => https://www.s-3.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="S-3.com" default_off='failed ruleset test'>
+<ruleset name="S-3.com" default_off="failed ruleset test">
 
 	<target host="s-3.com" />
 	<target host="www.s-3.com" />
diff --git a/src/chrome/content/rules/S-msn.com.xml b/src/chrome/content/rules/S-msn.com.xml
index 74f23a1a2800..dd2b0944b9fc 100644
--- a/src/chrome/content/rules/S-msn.com.xml
+++ b/src/chrome/content/rules/S-msn.com.xml
@@ -106,7 +106,7 @@ Fetch error: http://wst.s-msn.com/ => https://wst.s-msn.com/: (28, 'Operation ti
 	** CN: *.sharepointonline.com; works
 
 -->
-<ruleset name="s-msn.com (partial)" default_off='failed ruleset test'>
+<ruleset name="s-msn.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/S.to.xml b/src/chrome/content/rules/S.to.xml
new file mode 100644
index 000000000000..8d21909f7a3a
--- /dev/null
+++ b/src/chrome/content/rules/S.to.xml
@@ -0,0 +1,14 @@
+<ruleset name="S.to">
+	<target host="s.to" />
+	<target host="www.s.to" />
+	<target host="serien.vc" />
+	<target host="www.serien.vc" />
+	<target host="serien.sx" />
+	<target host="www.serien.sx" />
+	<target host="serienstream.sx" />
+	<target host="www.serienstream.sx" />
+	<target host="serienstream.to" />
+	<target host="www.serienstream.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/S2-Games.xml b/src/chrome/content/rules/S2-Games.xml
index 5a48a27b5dc9..d51493adf3d3 100644
--- a/src/chrome/content/rules/S2-Games.xml
+++ b/src/chrome/content/rules/S2-Games.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://savage2.com/ => https://savage2.com/: Redirect for 'http://savage2.com/en/' missing Location
 Fetch error: http://www.savage2.com/ => https://savage2.com/: Redirect for 'http://www.savage2.com/en/' missing Location
 -->
-<ruleset name="S2 Games (partial)" default_off='failed ruleset test'>
+<ruleset name="S2 Games (partial)" default_off="failed ruleset test">
 
 	<target host="heroesofnewerth.com"/>
 	<target host="www.heroesofnewerth.com"/>
diff --git a/src/chrome/content/rules/SACNAS.xml b/src/chrome/content/rules/SACNAS.xml
index adb67b030139..526ec2beb0e2 100644
--- a/src/chrome/content/rules/SACNAS.xml
+++ b/src/chrome/content/rules/SACNAS.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sacnas.org/ => https://sacnas.org/: Too many redirects while fetching 'https://sacnas.org/'
 
 -->
-<ruleset name="SACNAS (partial)" default_off='failed ruleset test'>
+<ruleset name="SACNAS (partial)" default_off="failed ruleset test">
 
 	<target host="sacnas.org"/>
 	<target host="www.sacnas.org"/>
diff --git a/src/chrome/content/rules/SAMBA.xml b/src/chrome/content/rules/SAMBA.xml
index 220032f18012..348eb770e2ec 100644
--- a/src/chrome/content/rules/SAMBA.xml
+++ b/src/chrome/content/rules/SAMBA.xml
@@ -4,10 +4,12 @@ Fetch error: http://samba.com/ => https://www.samba.com/: (35, 'Unknown SSL prot
 -->
 <ruleset name="SAMBA">
   <target host="samba.com" />
-  <target host="*.samba.com" />
+  <target host="sambacapital.samba.com" />
+  <target host="sambatdwl.samba.com" />
+  <target host="sambaonline.samba.com" />
+  <target host="www.samba.com" />
 
   <rule from="^http://samba\.com/"
 	  to="https://www.samba.com/" />
-  <rule from="^http://(sambacapital|sambatdwl|sambaonline|www)\.samba\.com/"
-	  to="https://$1.samba.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SANS.org.xml b/src/chrome/content/rules/SANS.org.xml
index 435745a9f4e6..a469d9674392 100644
--- a/src/chrome/content/rules/SANS.org.xml
+++ b/src/chrome/content/rules/SANS.org.xml
@@ -9,8 +9,6 @@ Fetch error: http://spam.sans.org/ => https://spam.sans.org/: (7, 'Failed to con
 
 	Other SANS Institute rulesets:
 
-		- DShield.org.xml
-		- GIAC.org.xml
 		- SANS.edu.xml
 		- Securing_the_Human.org.xml
 
@@ -22,7 +20,7 @@ Fetch error: http://spam.sans.org/ => https://spam.sans.org/: (7, 'Failed to con
 	* Secured by us
 
 -->
-<ruleset name="SANS.org" default_off='failed ruleset test'>
+<ruleset name="SANS.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -33,7 +31,7 @@ Fetch error: http://spam.sans.org/ => https://spam.sans.org/: (7, 'Failed to con
 	<target host="cyber-defense.sans.org" />
 	<target host="digital-forensics.sans.org" />
 	<target host="files.sans.org" />
-	<target host="forensics.sans.org" />	
+	<target host="forensics.sans.org" />
 	<target host="isc.sans.org" />
 	<target host="isc1.sans.org" />
 	<target host="isc2.sans.org" />
diff --git a/src/chrome/content/rules/SAP.xml b/src/chrome/content/rules/SAP.xml
index 3f003c3f63e5..1166c63a64b3 100644
--- a/src/chrome/content/rules/SAP.xml
+++ b/src/chrome/content/rules/SAP.xml
@@ -63,7 +63,7 @@ DNS Name: autodiscovery.sap.com
 
 
 -->
-<ruleset name="SAP (partial)" default_off='failed ruleset test'>
+<ruleset name="SAP (partial)" default_off="failed ruleset test">
 
 	<target host="cdn.blog-sap.com" />
 	<target host="sap.com" />
@@ -89,4 +89,4 @@ DNS Name: autodiscovery.sap.com
 	<rule from="^http://(www\.sc|sd)n\.sap\.com/.*"
 		to="https://scn.sap.com/welcome?original_fqdn=$1n.sap.com" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SAS_Institute.xml b/src/chrome/content/rules/SAS_Institute.xml
index 0b88ee85cb34..5df0f2fbcf39 100644
--- a/src/chrome/content/rules/SAS_Institute.xml
+++ b/src/chrome/content/rules/SAS_Institute.xml
@@ -45,7 +45,7 @@
 			- .
 			- login
 				-->
-	<securecookie host="^(?:.*\.)?sas\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/SATA-IO.org.xml b/src/chrome/content/rules/SATA-IO.org.xml
index 79d3646b56f8..37e5b3d8b566 100644
--- a/src/chrome/content/rules/SATA-IO.org.xml
+++ b/src/chrome/content/rules/SATA-IO.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://sata-io.org/ => https://www.sata-io.org/: (60, 'SSL certific
 Fetch error: http://www.sata-io.org/ => https://www.sata-io.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="SATA-IO.org" default_off='failed ruleset test'>
+<ruleset name="SATA-IO.org" default_off="failed ruleset test">
 
 	<target host="sata-io.org" />
 	<target host="www.sata-io.org" />
diff --git a/src/chrome/content/rules/SAT_symposium.org.xml b/src/chrome/content/rules/SAT_symposium.org.xml
index f1c4537eb6dd..da97b4fbc286 100644
--- a/src/chrome/content/rules/SAT_symposium.org.xml
+++ b/src/chrome/content/rules/SAT_symposium.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://satsymposium.org/ => https://satsymposium.org/: (60, 'SSL ce
 Fetch error: http://www.satsymposium.org/ => https://www.satsymposium.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="SAT symposium.org" default_off='failed ruleset test'>
+<ruleset name="SAT symposium.org" default_off="failed ruleset test">
 
 	<target host="satsymposium.org" />
 	<target host="www.satsymposium.org" />
diff --git a/src/chrome/content/rules/SAnet.cd.xml b/src/chrome/content/rules/SAnet.cd.xml
index b1f86ed5b510..338ba409bd3f 100644
--- a/src/chrome/content/rules/SAnet.cd.xml
+++ b/src/chrome/content/rules/SAnet.cd.xml
@@ -11,4 +11,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SB-Innovation.de.xml b/src/chrome/content/rules/SB-Innovation.de.xml
index 325fde9eb2ad..a007555f5c01 100644
--- a/src/chrome/content/rules/SB-Innovation.de.xml
+++ b/src/chrome/content/rules/SB-Innovation.de.xml
@@ -4,7 +4,7 @@
 	<target host="*.sb-innovation.de" />
 
 
-	<securecookie host="^(?:.*\.)?sb-innovation\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:[\w\-]+\.)?sb-innovation\.de/"
diff --git a/src/chrome/content/rules/SB-Nation.xml b/src/chrome/content/rules/SB-Nation.xml
index 0f27a527cf0d..f2fbbd1d8312 100644
--- a/src/chrome/content/rules/SB-Nation.xml
+++ b/src/chrome/content/rules/SB-Nation.xml
@@ -45,10 +45,6 @@
 		-->
 	<securecookie host="^www\.sbnation\.com$" name=".+" />
 
-	<rule from="^http://assets\.sbnation\.com/"
-		to="https://s3.amazonaws.com/assets.sbnation.com/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SBI.xml b/src/chrome/content/rules/SBI.xml
index 343e38d017fa..bb462be14608 100644
--- a/src/chrome/content/rules/SBI.xml
+++ b/src/chrome/content/rules/SBI.xml
@@ -29,7 +29,7 @@ Fetch error: http://sbiforsme.sbi.co.in/ => https://sbiforsme.sbi.co.in/: (60, '
 		- vijaypath
 
 -->
-<ruleset name="StateBankOfIndia" default_off='failed ruleset test'>
+<ruleset name="StateBankOfIndia" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SBNdev.net.xml b/src/chrome/content/rules/SBNdev.net.xml
deleted file mode 100644
index ed21a7027659..000000000000
--- a/src/chrome/content/rules/SBNdev.net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Vox Media coverage, see Vox.com.xml.
-
--->
-<ruleset name="SBNdev.net">
-
-	<!--	Complications:
-				-->
-	<target host="share.sbndev.net" />
-
-
-	<rule from="^http://share\.sbndev\.net/"
-		to="https://s3.amazonaws.com/share.sbndev.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SBV_Improver.com.xml b/src/chrome/content/rules/SBV_Improver.com.xml
index 2b9de715f9ee..895154180058 100644
--- a/src/chrome/content/rules/SBV_Improver.com.xml
+++ b/src/chrome/content/rules/SBV_Improver.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sbvimprover.com/ => https://sbvimprover.com/: (7, 'Failed to connect to sbvimprover.com port 443: Connection timed out')
 
 -->
-<ruleset name="SBV Improver.com" default_off='failed ruleset test'>
+<ruleset name="SBV Improver.com" default_off="failed ruleset test">
 
 	<target host="sbvimprover.com" />
 	<target host="www.sbvimprover.com" />
diff --git a/src/chrome/content/rules/SCAP_Sync.com.xml b/src/chrome/content/rules/SCAP_Sync.com.xml
index 305f49fadf45..c542195aac49 100644
--- a/src/chrome/content/rules/SCAP_Sync.com.xml
+++ b/src/chrome/content/rules/SCAP_Sync.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.scapsync.com/ => https://www.scapsync.com/: (28, 'Connec
 	For other Lunarline coverage, see Lunarline.com.xml.
 
 -->
-<ruleset name="SCAP Sync.com" default_off='failed ruleset test'>
+<ruleset name="SCAP Sync.com" default_off="failed ruleset test">
 
 	<target host="scapsync.com" />
 	<target host="www.scapsync.com" />
diff --git a/src/chrome/content/rules/SDA.it.xml b/src/chrome/content/rules/SDA.it.xml
index 92402c3ee007..7ca3d24fdf09 100644
--- a/src/chrome/content/rules/SDA.it.xml
+++ b/src/chrome/content/rules/SDA.it.xml
@@ -9,14 +9,14 @@ Fetch error: http://www.sda.it/ => https://www.sda.it/: (60, 'SSL certificate pr
 	Nonfunctional hosts in *sda.it:
 
 		- m *
-		
+
 	* Dropped
 
 
 	^sda.it doesn't exist.
 
 -->
-<ruleset name="SDA.it (partial)" default_off='failed ruleset test'>
+<ruleset name="SDA.it (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SDI-Tool.org.xml b/src/chrome/content/rules/SDI-Tool.org.xml
index 0fc8e084f509..2866803b2d7d 100644
--- a/src/chrome/content/rules/SDI-Tool.org.xml
+++ b/src/chrome/content/rules/SDI-Tool.org.xml
@@ -1,8 +1,13 @@
+<!--
+	Mismatched:
+		www.sdi-tool.org
+-->
 <ruleset name="SDI-Tool.org">
 	<target host="sdi-tool.org" />
 	<target host="www.sdi-tool.org" />
 
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.sdi-tool\.org/" to="https://sdi-tool.org/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SEMABUZZ.COM.xml b/src/chrome/content/rules/SEMABUZZ.COM.xml
index 3d3486aeb47b..776755a611f0 100644
--- a/src/chrome/content/rules/SEMABUZZ.COM.xml
+++ b/src/chrome/content/rules/SEMABUZZ.COM.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://semabuzz.com/ => https://semabuzz.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 Fetch error: http://www.semabuzz.com/ => https://www.semabuzz.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 -->
-<ruleset name="SEMABUZZ.COM" default_off='failed ruleset test'>
+<ruleset name="SEMABUZZ.COM" default_off="failed ruleset test">
 
 	<target host="semabuzz.com" />
 	<target host="www.semabuzz.com" />
diff --git a/src/chrome/content/rules/SEO_Training_Toronto.xml b/src/chrome/content/rules/SEO_Training_Toronto.xml
index 12b35086382b..59aa1b712af5 100644
--- a/src/chrome/content/rules/SEO_Training_Toronto.xml
+++ b/src/chrome/content/rules/SEO_Training_Toronto.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SEScoops.xml b/src/chrome/content/rules/SEScoops.xml
index 046623a5715b..ae0815d7e8b3 100644
--- a/src/chrome/content/rules/SEScoops.xml
+++ b/src/chrome/content/rules/SEScoops.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:\d\.|(www\.))?sescoops\.com/"
 		to="https://$1sescoops.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SEstatic.fi.xml b/src/chrome/content/rules/SEstatic.fi.xml
deleted file mode 100644
index a71712c2669e..000000000000
--- a/src/chrome/content/rules/SEstatic.fi.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Sanoma Corporation coverage, see Sanoma.com.xml.
-
-
-	Sanoma Entertainment Finland
-
-
-	Nonfunctional subdomains:
-
-		- rb[23]	(dropped)
-
-
-	Fully covered subdomains:
-
-		- n
-		- nt
-
--->
-<ruleset name="SEstatic.fi (partial)">
-
-	<target host="n.sestatic.fi" />
-	<target host="nt.sestatic.fi" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SF-Mail.de.xml b/src/chrome/content/rules/SF-Mail.de.xml
index a929cdcf78b8..36db14ff1f72 100644
--- a/src/chrome/content/rules/SF-Mail.de.xml
+++ b/src/chrome/content/rules/SF-Mail.de.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://webmail.sf-mail.de/ => https://webmail.sf-mail.de/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
 
 -->
-<ruleset name="SF-Mail.de" default_off='failed ruleset test'>
+<ruleset name="SF-Mail.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SF.net.xml b/src/chrome/content/rules/SF.net.xml
index 47015e7ca819..0ef3c740834d 100644
--- a/src/chrome/content/rules/SF.net.xml
+++ b/src/chrome/content/rules/SF.net.xml
@@ -1,4 +1,10 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://apps.sf.net/ => https://apps.sf.net/: (6, 'Could not resolve host: apps.sf.net')
+Fetch error: http://goparallel.sf.net/ => https://goparallel.sf.net/: (7, 'Failed to connect to goparallel.sf.net port 443: Connection refused')
+
 	Related:
 		SourceForge.net.xml
 
@@ -26,14 +32,19 @@
 	<target host="prdownloads.sf.net" />
 
 	<!--	Complications:	-->
-	<target host="apps.sf.net" />
-	<target host="goparallel.sf.net" />
+	<!-- target host="apps.sf.net" /-->
+	<!-- target host="goparallel.sf.net" /-->
 	<target host="images.sf.net" />
 	<target host="lists.sf.net" />
-	<rule from="^http://(apps|goparallel|images|lists)\.sf\.net/"
-		to="https://$1.sourceforge.net/" />
 
 	<target host="*.svn.sf.net" />
+	<target host="*.code.sf.net" />
+		<test url="http://svn.code.sf.net/p/codeblocks/code/trunk/" />
+		<test url="http://git.code.sf.net/p/udt/git" />
+		<test url="http://git.code.sf.net/p/pykdump/code" />
+		<test url="http://svn.code.sf.net/p/seabreeze/code/trunk/" />
+		<!--<test url="http://hg.code.sf.net/p/ruamel-yaml/code" /> - no anonymous access, see https://sourceforge.net/p/forge/feature-requests/727/ -->
+
 	<rule from="^http://(\w+)\.svn\.sf\.net/"
 			to="https://$1.svn.sourceforge.net/" />
 		<test url="http://docbook.svn.sf.net/svnroot/docbook/trunk/xsl" />
diff --git a/src/chrome/content/rules/SFGate.com.xml b/src/chrome/content/rules/SFGate.com.xml
new file mode 100644
index 000000000000..01e7d27fdab8
--- /dev/null
+++ b/src/chrome/content/rules/SFGate.com.xml
@@ -0,0 +1,118 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatch:
+			- a135.sfgate.com
+			- articles.sfgate.com
+			- auto.sfgate.com
+			- autos.sfgate.com
+			- www.autos.sfgate.com
+			- cars.sfgate.com
+			- customer.sfgate.com
+			- dogood.sfgate.com
+			- emails.sfgate.com
+			- events.sfgate.com
+			- www.extra.sfgate.com
+			- findnsave.sfgate.com
+			- healthyeating.sfgate.com
+			- homeguides.sfgate.com
+			- homeresearch.sfgate.com
+			- www.homes.sfgate.com
+			- horizon.sfgate.com
+			- juice-files-staging.sfgate.com
+			- link.sfgate.com
+			- links.sfgate.com
+			- live.sfgate.com
+			- local.sfgate.com
+			- looplink.sfgate.com
+			- www.marketplace.sfgate.com
+			- newhomes.sfgate.com
+			- oascentral.sfgate.com
+			- om.sfgate.com
+			- personalshopper.sfgate.com
+			- remodeling.sfgate.com
+			- sa135.sfgate.com
+			- sfevents.sfgate.com
+			- sports.sfgate.com
+			- stats.sfgate.com
+			- thepress.sfgate.com
+			- video.sfgate.com
+			- virtual2.sfgate.com
+			- wc.sfgate.com
+			- weather.sfgate.com
+		Connection refused:
+			- blog.sfgate.com
+			- dailydeals.sfgate.com
+			- fanshop.sfgate.com
+			- foodandwine.sfgate.com
+			- insidescoopsf.sfgate.com
+			- reviews.sfgate.com
+		Self-signed certificate:
+			- baylist.sfgate.com
+			- homes.sfgate.com
+			- marketplace.sfgate.com
+			- mobile.sfgate.com
+			- mynum.sfgate.com
+			- shopping.sfgate.com
+			- topics.sfgate.com
+		Timeout on https:
+			- bunga-2.sfgate.com
+			- preview.cmf.sfgate.com
+			- contribute.sfgate.com
+			- ed.sfgate.com
+			- finance.sfgate.com
+			- gatelistreporting.sfgate.com
+			- news.sfgate.com
+			- ns.sfgate.com
+			- prewcm.sfgate.com
+			- cmf.qa1.sfgate.com
+			- services.sfgate.com
+		Unexpected http status code:
+			- cdn.sfgate.com
+			- c-6rtwjumjzx7877x24bbbx2esfstanx78twx2ent.g00.sfgate.com
+			- c-7npsfqifvt34x24btx2edbtbmfnfejbx2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24dx2ebnbapo-betztufnx2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24hpphmfbetx2ehx2eepvcmfdmjdlx2eofu.g00.sfgate.com
+			- c-7npsfqifvt34x24ifbstuofx78tqbqfst-ex2epqfoyx2eofu.g00.sfgate.com
+			- c-7npsfqifvt34x24ofyvtx2efotjhiufox2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24qvcbetx2ehx2eepvcmfdmjdlx2eofu.g00.sfgate.com
+			- c-7npsfqifvt34x24uqdx2ehpphmftzoejdbujpox2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24usfhx2eifbstuoqx2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24x78jehfux2eqfsgfdunbslfux2edpn.g00.sfgate.com
+			- c-7npsfqifvt34x24x78x78x78x2eobopwjtpsx2ejp.g00.sfgate.com
+			- c-8oqtgrjgwu46x24iqqingcfux2eix2efqwdngenkemx2epgv.g00.sfgate.com
+			- c-8oqtgrjgwu46x24jgctuvx2ednwgeqpkex2epgv.g00.sfgate.com
+			- c-8oqtgrjgwu46x24kdx2ecfpzux2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24kx2eavkoix2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24rwdcfux2eix2efqwdngenkemx2epgv.g00.sfgate.com
+			- c-8oqtgrjgwu46x24uqfcx2euvctvcrrugtx78kegx2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24utx78-4230-23-20-26x2erkzgnx2erctugnax2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24yy3x2ejfpwzx2eeqo.g00.sfgate.com
+			- c-8oqtgrjgwu46x24yy4x2ejfpwzx2eeqo.g00.sfgate.com
+			- imgs.sfgate.com
+			- juice-files.sfgate.com
+		Expired:
+			- login.sfgate.com
+-->
+<ruleset name="SFGate.com">
+	<target host="www.sfgate.com" />
+	<target host="cmf.sfgate.com" />
+	<target host="code.sfgate.com" />
+	<target host="edb.sfgate.com" />
+	<target host="edb-staging.sfgate.com" />
+	<target host="extras.sfgate.com" />
+	<target host="games.sfgate.com" />
+	<target host="m.sfgate.com" />
+	<target host="cmf.m.sfgate.com" />
+	<target host="marketing.sfgate.com" />
+	<target host="notification.sfgate.com" />
+	<target host="origin-extras.sfgate.com" />
+	<target host="realestate.sfgate.com" />
+	<target host="s.sfgate.com" />
+	<target host="cmf.s.sfgate.com" />
+	<target host="shop.sfgate.com" />
+	<target host="som.sfgate.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SFM-Group.xml b/src/chrome/content/rules/SFM-Group.xml
index a1ef21cce058..07d10c726c67 100644
--- a/src/chrome/content/rules/SFM-Group.xml
+++ b/src/chrome/content/rules/SFM-Group.xml
@@ -5,7 +5,11 @@ Fetch error: http://sfm-offshore.com/ => https://www.sfm-offshore.com/: (60, 'SS
 <ruleset name="SFM Group (partial)">
 
 	<target host="sfm-offshore.com"/>
-	<target host="*.sfm-offshore.com"/>
+	<target host="de.sfm-offshore.com" />
+	<target host="es.sfm-offshore.com" />
+	<target host="fr.sfm-offshore.com" />
+	<target host="it.sfm-offshore.com" />
+	<target host="www.sfm-offshore.com" />
 
 	<rule from="^http://sfm-offshore\.com/"
 		to="https://www.sfm-offshore.com/"/>
diff --git a/src/chrome/content/rules/SGI.com.xml b/src/chrome/content/rules/SGI.com.xml
index 589c7a828817..96f46a8cef23 100644
--- a/src/chrome/content/rules/SGI.com.xml
+++ b/src/chrome/content/rules/SGI.com.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIDN.xml b/src/chrome/content/rules/SIDN.xml
index 5534dde4f3a1..46015fbd34f3 100644
--- a/src/chrome/content/rules/SIDN.xml
+++ b/src/chrome/content/rules/SIDN.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIFF.xml b/src/chrome/content/rules/SIFF.xml
index aa5b2070ee1d..665dfc24afd0 100644
--- a/src/chrome/content/rules/SIFF.xml
+++ b/src/chrome/content/rules/SIFF.xml
@@ -6,7 +6,7 @@
   <target host="siff.net" />
   <target host="www.siff.net" />
 
-  <securecookie host="^(?:.*\.)?siff\.net$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?siff\.net/" to="https://www.siff.net/" />
-</ruleset> 
+</ruleset>
diff --git a/src/chrome/content/rules/SIL-International.xml b/src/chrome/content/rules/SIL-International.xml
index e5b170d4bca0..86a3f3ee8da6 100644
--- a/src/chrome/content/rules/SIL-International.xml
+++ b/src/chrome/content/rules/SIL-International.xml
@@ -29,4 +29,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIL_International-problematic.xml b/src/chrome/content/rules/SIL_International-problematic.xml
index f89f9a92d2ae..5000d691a20e 100644
--- a/src/chrome/content/rules/SIL_International-problematic.xml
+++ b/src/chrome/content/rules/SIL_International-problematic.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?sil\.org/"
 		to="https://www.sil.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SIMILE-Widgets.org.xml b/src/chrome/content/rules/SIMILE-Widgets.org.xml
new file mode 100644
index 000000000000..6037a13221b2
--- /dev/null
+++ b/src/chrome/content/rules/SIMILE-Widgets.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Different content HTTP/HTTPS:
+		static.simile-widgets.org
+
+	Secure connection failed:
+		trunk.simile-widgets.org
+
+-->
+<ruleset name="SIMILE-Widgets.org">
+
+	<target host="simile-widgets.org" />
+	<target host="www.simile-widgets.org" />
+	<target host="api.simile-widgets.org" />
+	<target host="service.simile-widgets.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SIRCorp.com.xml b/src/chrome/content/rules/SIRCorp.com.xml
new file mode 100644
index 000000000000..8907f5d06596
--- /dev/null
+++ b/src/chrome/content/rules/SIRCorp.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Timed out:
+		- teamplace.sircorp.com
+-->
+
+<ruleset name="SIRCorp.com">
+	<target host="sircorp.com" />
+	<target host="www.sircorp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SJ.se.xml b/src/chrome/content/rules/SJ.se.xml
index 0a14340ddd56..80f2e45d0639 100644
--- a/src/chrome/content/rules/SJ.se.xml
+++ b/src/chrome/content/rules/SJ.se.xml
@@ -1,21 +1,18 @@
 <!-- SJ is a government operated railway company in sweden. -->
 <ruleset name="SJ.se (partial)">
-  <target host="sj.se" />
-  <target host="www.sj.se" />
-		<!--
-			Some paths 404:
+	<target host="sj.se" />
+	<target host="www.sj.se" />
+	<target host="www2.sj.se" />
+	<target host="a-mrapp.sj.se" />
+	<target host="acc-xpider.sj.se" />
+	<target host="jira.sj.se" />
+	<target host="minafakturor.sj.se" />
+	<target host="mittkonto.sj.se" />
+	<target host="qamobile.sj.se" />
+	<target host="revival.sj.se" />
+	<target host="xpider.sj.se" />
 
-			https://trac.torproject.org/projects/tor/ticket/12104
-					-->
-		<exclusion pattern="^http://(?:www\.)?sj\.se/+(?:content/dam/|etc/designs/|sv/trafikinfo(?:$|[?/]))" />
+	<target host="ssl.kampanj.sj.se" />
 
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^www\.sj\.se$" name="^JSESSIONID$" /-->
-
-
-  <rule from="^http://sj\.se/" to="https://www.sj.se/"/>
-  <rule from="^http://www\.sj\.se/" to="https://www.sj.se/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
-
diff --git a/src/chrome/content/rules/SKNVibes.xml b/src/chrome/content/rules/SKNVibes.xml
deleted file mode 100644
index a4a9de3286de..000000000000
--- a/src/chrome/content/rules/SKNVibes.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="SKNVibes (partial)">
-
-	<target host="sknvibes.com" />
-	<target host="sms.sknvibes.com" />
-	<target host="www.sknvibes.com" />
-		<exclusion pattern="^http://(?:www\.)?sknvibes\.com/(?!(?:[\w-]+/)?(?:dmenu/|effects/|[iI](?:mage|tem)s/|js/|scripts/|themes/|zimg/)|general/(?:login_continue|send_pass)\.cfm|skngallery2/)" />
-
-
-	<securecookie host="^sms\.sknvibes\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SK_hynix.com.xml b/src/chrome/content/rules/SK_hynix.com.xml
index e9e0b60c1c2d..3bca17f52206 100644
--- a/src/chrome/content/rules/SK_hynix.com.xml
+++ b/src/chrome/content/rules/SK_hynix.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://skhynix.com/ => https://skhynix.com/: (35, 'error:140773E8:S
 		- www.skhynix.com
 
 -->
-<ruleset name="SK hynix.com" default_off='failed ruleset test'>
+<ruleset name="SK hynix.com" default_off="failed ruleset test">
 
 	<target host="skhynix.com" />
 	<target host="www.skhynix.com" />
diff --git a/src/chrome/content/rules/SKortekaas.nl.xml b/src/chrome/content/rules/SKortekaas.nl.xml
index 0b62ee5032e6..a8e154324131 100644
--- a/src/chrome/content/rules/SKortekaas.nl.xml
+++ b/src/chrome/content/rules/SKortekaas.nl.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SLOOH.xml b/src/chrome/content/rules/SLOOH.xml
deleted file mode 100644
index 93f849b9348b..000000000000
--- a/src/chrome/content/rules/SLOOH.xml
+++ /dev/null
@@ -1,72 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c576040.r40.cf2.rackcdn.com
-
-			- images-buttons.slooh.com
-
-		- c575441.r41.cf2.rackcdn.com
-
-			- images-home.slooh.com
-
-		- c576050.r50.cf2.rackcdn.com
-
-			- images-footer.slooh.com
-
-		- c580754.r54.cf2.rackcdn.com
-
-			- images-account.slooh.com
-
-		- c575991.r91.cf2.rackcdn.com
-
-			- images-background.slooh.com
-
-
-	Nonfunctional subdomains:
-
-		- events	(handshake fails)
-
-
-	Problematic subdomains:
-
-		- images-account *
-		- images-background *
-		- images-buttons *
-		- images-footer *
-		- images-home *
-
-	* Works, akamai
-
--->
-<ruleset name="SLOOH (partial)">
-
-	<target host="slooh.com" />
-	<target host="*.slooh.com" />
-		<!--
-			$ 403s
-				-->
-		<exclusion pattern="^http://(?:www\.)?slooh\.com/(?:\?.*)?$" />
-
-
-	<rule from="^http://(www\.)?slooh\.com/"
-		to="https://$1slooh.com/" />
-
-	<rule from="^http://images\.slooh\.com/"
-		to="https://s3.images.slooh.com/" />
-
-	<rule from="^http://images-account\.slooh\.com/"
-		to="https://c580754.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-background\.slooh\.com/"
-		to="https://c575991.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-buttons\.slooh\.com/"
-		to="https://c576040.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-footer\.slooh\.com/"
-		to="https://c576050.ssl.cf2.rackcdn.com/" />
-
-	<rule from="^http://images-home\.slooh\.com/"
-		to="https://c575441.ssl.cf2.rackcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SME.sk.xml b/src/chrome/content/rules/SME.sk.xml
index 0828b2e047f0..fef8a3a6fb4c 100644
--- a/src/chrome/content/rules/SME.sk.xml
+++ b/src/chrome/content/rules/SME.sk.xml
@@ -1,4 +1,21 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.dolnyzemplin.korzar.sme.sk/ => https://dolnyzemplin.korzar.sme.sk/: (6, 'Could not resolve host: www.dolnyzemplin.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.gemer.korzar.sme.sk/ => https://gemer.korzar.sme.sk/: (6, 'Could not resolve host: www.gemer.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.hornyzemplin.korzar.sme.sk/ => https://hornyzemplin.korzar.sme.sk/: (6, 'Could not resolve host: www.hornyzemplin.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.kosice.korzar.sme.sk/ => https://kosice.korzar.sme.sk/: (6, 'Could not resolve host: www.kosice.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.presov.korzar.sme.sk/ => https://presov.korzar.sme.sk/: (6, 'Could not resolve host: www.presov.korzar.sme.sk')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.spis.korzar.sme.sk/ => https://spis.korzar.sme.sk/: (6, 'Could not resolve host: www.spis.korzar.sme.sk')
+Fetch error: http://www.peniaze.sme.sk/ => https://www.peniaze.sme.sk/: (6, 'Could not resolve host: www.peniaze.sme.sk')
+
 	Nonfunctional hosts in *.sme.sk:
 
 	certificate mismatch:
@@ -49,17 +66,17 @@
 	<target host="kontakty.sme.sk" />
 	<target host="korzar.sme.sk" />
 	<target host="dolnyzemplin.korzar.sme.sk" />
-	<target host="www.dolnyzemplin.korzar.sme.sk" />
+	<!-- target host="www.dolnyzemplin.korzar.sme.sk" /-->
 	<target host="gemer.korzar.sme.sk" />
-	<target host="www.gemer.korzar.sme.sk" />
+	<!-- target host="www.gemer.korzar.sme.sk" /-->
 	<target host="hornyzemplin.korzar.sme.sk" />
-	<target host="www.hornyzemplin.korzar.sme.sk" />
+	<!-- target host="www.hornyzemplin.korzar.sme.sk" /-->
 	<target host="kosice.korzar.sme.sk" />
-	<target host="www.kosice.korzar.sme.sk" />
+	<!-- target host="www.kosice.korzar.sme.sk" /-->
 	<target host="presov.korzar.sme.sk" />
-	<target host="www.presov.korzar.sme.sk" />
+	<!-- target host="www.presov.korzar.sme.sk" /-->
 	<target host="spis.korzar.sme.sk" />
-	<target host="www.spis.korzar.sme.sk" />
+	<!-- target host="www.spis.korzar.sme.sk" /-->
 	<target host="kultura.sme.sk" />
 	<target host="magazin-reality.sme.sk" />
 	<target host="nanicmama.sme.sk" />
@@ -72,7 +89,7 @@
 	<target host="ockovanie.sme.sk" />
 	<target host="otvorenesudy.sme.sk" />
 	<target host="peniaze.sme.sk" />
-	<target host="www.peniaze.sme.sk" />
+	<!-- target host="www.peniaze.sme.sk" /-->
 	<target host="plus.sme.sk" />
 	<target host="pocasie.sme.sk" />
 	<target host="post.sme.sk" />
@@ -108,8 +125,5 @@
 	<rule from="^http://www\.zahrada\.artmama\.sme\.sk/"
 		to="https://zahrada.artmama.sme.sk/" />
 
-	<rule from="^http://www\.(dolnyzemplin|gemer|hornyzemplin|kosice|presov|spis)\.korzar\.sme\.sk/"
-		to="https://$1.korzar.sme.sk/" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SMFTA.com.xml b/src/chrome/content/rules/SMFTA.com.xml
index 553afa01bcbc..c7d504ecfbca 100644
--- a/src/chrome/content/rules/SMFTA.com.xml
+++ b/src/chrome/content/rules/SMFTA.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.smfta.com/ => https://www.smfta.com/: (7, 'Failed to con
 		- beta	(works; mismatched, CN: *.securesites.net)
 
 -->
-<ruleset name="SMFTA.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SMFTA.com (partial)" default_off="failed ruleset test">
 
 	<target host="smfta.com" />
 	<target host="www.smfta.com" />
@@ -24,4 +24,4 @@ Fetch error: http://www.smfta.com/ => https://www.smfta.com/: (7, 'Failed to con
 	<rule from="^http://(?:www\.)?smfta\.com/"
 		to="https://www.smfta.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SMF_for_Free.xml b/src/chrome/content/rules/SMF_for_Free.xml
index 4ba7178ee9c1..f01e3cbbf9da 100644
--- a/src/chrome/content/rules/SMF_for_Free.xml
+++ b/src/chrome/content/rules/SMF_for_Free.xml
@@ -16,13 +16,8 @@
 -->
 <ruleset name="SMF for Free (partial)">
 
-	<target host="*.smfboards.com" />
+	<target host="cdn.smfboards.com" />
+	<!-- <target host="images.smfboards.com" /> -->
 
-
-	<rule from="^http://cdn\.smfboards\.com/"
-		to="https://d2woastm347hjv.cloudfront.net/" />
-
-	<rule from="^http://images\.smfboards\.com/"
-		to="https://s3.amazonaws.com/images.smfboards.com/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SMSSecure.org.xml b/src/chrome/content/rules/SMSSecure.org.xml
index 6746a4f5a385..67e72a806214 100644
--- a/src/chrome/content/rules/SMSSecure.org.xml
+++ b/src/chrome/content/rules/SMSSecure.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://smssecure.org/ => https://smssecure.org/: (60, 'SSL certific
 Fetch error: http://www.smssecure.org/ => https://www.smssecure.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="SMSSecure.org" default_off='failed ruleset test'>
+<ruleset name="SMSSecure.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SNCB.xml b/src/chrome/content/rules/SNCB.xml
index cc7d5933b04e..45899247ce59 100644
--- a/src/chrome/content/rules/SNCB.xml
+++ b/src/chrome/content/rules/SNCB.xml
@@ -2,7 +2,7 @@
     <target host="b-europe.com" />
     <target host="*.b-europe.com" />
 
-    <securecookie host="^(?:.*\.)?b-europe\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://b-europe\.com/"
         to="https://www.b-europe.com/" />
diff --git a/src/chrome/content/rules/SNL.com.xml b/src/chrome/content/rules/SNL.com.xml
index a687bff20d53..3f465c4d798c 100644
--- a/src/chrome/content/rules/SNL.com.xml
+++ b/src/chrome/content/rules/SNL.com.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SNstatic.fi.xml b/src/chrome/content/rules/SNstatic.fi.xml
index fcae4152d962..6b1e6c891450 100644
--- a/src/chrome/content/rules/SNstatic.fi.xml
+++ b/src/chrome/content/rules/SNstatic.fi.xml
@@ -15,7 +15,7 @@ Fetch error: http://hs11.snstatic.fi/webkuva/oletus/60/1305620265306 => https://
 		- hs1[0-3] (redirects to http; mismatched, CN: *.hs.fi)
 
 -->
-<ruleset name="SNstatic.fi" default_off='failed ruleset test'>
+<ruleset name="SNstatic.fi" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SNtech.xml b/src/chrome/content/rules/SNtech.xml
index db6fb12b4be8..738af7c83c53 100644
--- a/src/chrome/content/rules/SNtech.xml
+++ b/src/chrome/content/rules/SNtech.xml
@@ -13,11 +13,11 @@ Fetch error: http://ssl.sntech.de/ => https://ssl.sntech.de/: (60, 'SSL certific
 	* Shows ssl; mismatched, CN: ssl.sntech.de
 
 -->
-<ruleset name="SNtech (partial)" default_off='failed ruleset test'>
+<ruleset name="SNtech (partial)" default_off="failed ruleset test">
 
 	<target host="ssl.sntech.de" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SONGLYRICS.com.xml b/src/chrome/content/rules/SONGLYRICS.com.xml
index 0185e6576596..676a088c1906 100644
--- a/src/chrome/content/rules/SONGLYRICS.com.xml
+++ b/src/chrome/content/rules/SONGLYRICS.com.xml
@@ -1,18 +1,19 @@
 <!--
-	Bad gateway:
-		- m.songlyrics.com
+	Refused:
+		calendar.songlyrics.com
+		mail.songlyrics.com
+		webmail.songlyrics.com
 
-	MCB:
-		- www.songlyrics.com
-		- adserver.adtechus.com
-		- song-lyrics.disqus.com
-		- jmn.jangonetwork.com
-		- l.yimg.com
+	Time out:
+		db.songlyrics.com
+		ftp.songlyrics.com
 -->
-<ruleset name="SONGLYRICS.com" platform="mixedcontent">
+<ruleset name="songlyrics.com">
 	<target host="songlyrics.com" />
 	<target host="www.songlyrics.com" />
 	<target host="admin.songlyrics.com" />
+	<target host="dev.songlyrics.com" />
+	<target host="m.songlyrics.com" />
 	<target host="static.songlyrics.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/SOS.wa.gov.xml b/src/chrome/content/rules/SOS.wa.gov.xml
index cdffaf2f4c28..2eff06226f73 100644
--- a/src/chrome/content/rules/SOS.wa.gov.xml
+++ b/src/chrome/content/rules/SOS.wa.gov.xml
@@ -1,7 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://autodiscover.sos.wa.gov/ => https://autodiscover.sos.wa.gov/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://cfdfiles.sos.wa.gov/ => https://cfdfiles.sos.wa.gov/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://corps.sos.wa.gov/ => https://corps.sos.wa.gov/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://weihelp.sos.wa.gov/ => https://weihelp.sos.wa.gov/: (28, 'Connection timed out after 20001 milliseconds')
+
 	Non-functional hosts
 		Couldn't connect to server:
 			 - share.sos.wa.gov
+       - corps2.sos.wa.gov
+       - newspapers.sos.wa.gov
 
 		Timeout was reached:
 			 - api.sos.wa.gov
@@ -15,6 +25,7 @@
 			 - wei2.qa.sos.wa.gov
 			 - secstatemxlib01.sos.wa.gov
 			 - secstatemxlib03.sos.wa.gov
+       - weiadmin.sos.wa.gov
 
 		SSL peer certificate was not OK:
 			 - assets.www.sos.wa.gov
@@ -35,23 +46,19 @@
 <ruleset name="Washington Secretary of State (partial)">
 	<target host="sos.wa.gov" />
 	<target host="www.sos.wa.gov" />
-	<target host="autodiscover.sos.wa.gov" />
+	<!-- target host="autodiscover.sos.wa.gov" /-->
 	<target host="blogs.sos.wa.gov" />
-	<target host="cfdfiles.sos.wa.gov" />
-	<target host="corps.sos.wa.gov" />
-	<target host="corps2.sos.wa.gov" />
-		<test url="http://corps2.sos.wa.gov/PDFGenerator/" />
-		<test url="http://corps2.sos.wa.gov/statementofchange/Login.aspx" />
-		<test url="http://corps2.sos.wa.gov/OnlineForms/main.aspx" />
-	<target host="newspapers.sos.wa.gov" />
+	<!-- target host="cfdfiles.sos.wa.gov" /-->
+	<!-- target host="corps.sos.wa.gov" /-->
+	<!-- <target host="corps2.sos.wa.gov" /> -->
+	<!-- <target host="newspapers.sos.wa.gov" /> -->
 	<target host="wei.sos.wa.gov" />
-	<target host="weiadmin.sos.wa.gov" />
-		<test url="http://weiadmin.sos.wa.gov/WEIAdminWeb" />
+	<!-- <target host="weiadmin.sos.wa.gov" /> -->
 	<target host="weiapplets.sos.wa.gov" />
 		<test url="http://weiapplets.sos.wa.gov/myvote/" />
 		<test url="http://weiapplets.sos.wa.gov/MyVoteOLVR/OnlineVotersGuide/MeasureDetail?measureId=113525" />
 		<test url="http://weiapplets.sos.wa.gov/elections/candidates/whofiled?countycode=sj" />
-	<target host="weihelp.sos.wa.gov" />
+	<!-- target host="weihelp.sos.wa.gov" /-->
 	<target host="wiki.sos.wa.gov" />
 		<test url="http://wiki.sos.wa.gov/trustees/" />
 		<test url="http://wiki.sos.wa.gov/trustees/Establishment-of-Public-Libraries.ashx?Discuss=1" />
diff --git a/src/chrome/content/rules/SPBAS.com.xml b/src/chrome/content/rules/SPBAS.com.xml
index ca003b49598f..406b5d5456d7 100644
--- a/src/chrome/content/rules/SPBAS.com.xml
+++ b/src/chrome/content/rules/SPBAS.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.spbas.com/ => https://www.spbas.com/: (60, 'SSL certific
 		- blog
 
 -->
-<ruleset name="SPBAS.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SPBAS.com (partial)" default_off="failed ruleset test">
 
 	<target host="spbas.com" />
 	<target host="www.spbas.com" />
diff --git a/src/chrome/content/rules/SPDX.org.xml b/src/chrome/content/rules/SPDX.org.xml
index 38d68dadd2a2..1e15e74e2b82 100644
--- a/src/chrome/content/rules/SPDX.org.xml
+++ b/src/chrome/content/rules/SPDX.org.xml
@@ -22,7 +22,7 @@
 	<!--	spdx.org wiki redirects to http, so
 		we don't want to match wiki cookies:
 							-->
-	<securecookie host="^\.spdx\.org$" name="^SESS.*" />	
+	<securecookie host="^\.spdx\.org$" name="^SESS.*" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/SPORTISIMO.xml b/src/chrome/content/rules/SPORTISIMO.xml
index 7e969b9cd1d9..6a8170282377 100644
--- a/src/chrome/content/rules/SPORTISIMO.xml
+++ b/src/chrome/content/rules/SPORTISIMO.xml
@@ -14,7 +14,6 @@
     <target host="sportisimo.com" />
     <target host="www.sportisimo.com" />
 
-    <test url="http://sportisimo.com/" />
 
     <rule from="^http://sportisimo\.com/"
             to="https://www.sportisimo.com/" />
diff --git a/src/chrome/content/rules/SPU.ac.th.xml b/src/chrome/content/rules/SPU.ac.th.xml
index 730ee9cc3007..bed0d639abda 100644
--- a/src/chrome/content/rules/SPU.ac.th.xml
+++ b/src/chrome/content/rules/SPU.ac.th.xml
@@ -118,6 +118,6 @@
 	<rule from="^http://spu\.ac\.th/"
 			to="https://www.spu.ac.th/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SP_Times.com.xml b/src/chrome/content/rules/SP_Times.com.xml
deleted file mode 100644
index 05bc8030c597..000000000000
--- a/src/chrome/content/rules/SP_Times.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	St. Petersburg Times
-
-
-	www: refused
-
-
-	Problematic subdomains:
-
-		- metric *
-
-	* 2o7.net
-
-
-	^sptimes.com doesn't exist.
-
--->
-<ruleset name="SP Times.com (partial)">
-
-	<target host="*.sptimes.com" />
-
-
-	<!--	2o7.net cookies:
-					-->
-	<securecookie host="^\.sptimes\.com$" name="^s_\w\w(?:_.*)?$" />
-
-
-	<rule from="^http://metric\.sptimes\.com/"
-		to="https://stpetersburgtimes.122.2o7.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SPajIT.xml b/src/chrome/content/rules/SPajIT.xml
deleted file mode 100644
index e4c34fb3bb8c..000000000000
--- a/src/chrome/content/rules/SPajIT.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<ruleset name="SPajIT" default_off="expired, self-signed">
-
-	<target host="hypeshell.com"/>
-	<target host="www.hypeshell.com"/>
-	<target host="shellmix.com"/>
-	<target host="www.shellmix.com"/>
-
-	<securecookie host="^(?:hypeshell|shellmix)\.com$" name=".+" />
-
-	<!--	cert !match www		-->
-	<rule from="^http://(?:www\.)?hypeshell\.com/"
-		to="https://hypeshell.com/"/>
-
-	<!--	cert !match !www	-->
-	<rule from="^http://(?:www\.)?shellmix\.com/"
-		to="https://www.shellmix.com/"/>
-
-	<!--	fix links	-->
-	<rule from="^https://shellmix\.com/"
-		to="https://www.shellmix.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/SQL_Converter.xml b/src/chrome/content/rules/SQL_Converter.xml
index b71617ff5fb8..672c5ad2ff82 100644
--- a/src/chrome/content/rules/SQL_Converter.xml
+++ b/src/chrome/content/rules/SQL_Converter.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SQLite.xml b/src/chrome/content/rules/SQLite.xml
index 1bd5ffd7b7cd..a325900ab5df 100644
--- a/src/chrome/content/rules/SQLite.xml
+++ b/src/chrome/content/rules/SQLite.xml
@@ -1,20 +1,27 @@
+<!--
+	Invalid certificate:
+		data.sqlite.org
+		lua.sqlite.org
+		mail.sqlite.org
+		mailinglists.sqlite.org
+		test1.sqlite.org
+		unql.sqlite.org
+-->
 <ruleset name="SQLite.org">
 
 	<target host="sqlite.org" />
-	<target host="system.data.sqlite.org" />
 	<target host="www.sqlite.org" />
+	<target host="system.data.sqlite.org" />
+	<target host="www2.sqlite.org" />
+	<target host="www3.sqlite.org" />
 
 		<!--	https://github.com/EFForg/https-everywhere/issues/1461
 									-->
 		<exclusion pattern="^http://sqlite\.org:8080/" />
-
 			<test url="http://sqlite.org:8080/cgi-bin/mailman/listinfo/sqlite-users" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^(?:.+\.)?sqlite\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SQLiteBrowser.org.xml b/src/chrome/content/rules/SQLiteBrowser.org.xml
new file mode 100644
index 000000000000..b9979d9ecad6
--- /dev/null
+++ b/src/chrome/content/rules/SQLiteBrowser.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- www.sqlitebrowser.org
+
+	HTTP != HTTPS:
+		- stats.sqlitebrowser.org
+-->
+<ruleset name="SQLiteBrowser.org">
+	<target host="sqlitebrowser.org" />
+	<target host="www.sqlitebrowser.org" />
+	<target host="download.sqlitebrowser.org" />
+	<target host="nightlies.sqlitebrowser.org" />
+	<target host="redash.sqlitebrowser.org" />
+
+	<rule from="^http://www\.sqlitebrowser\.org/" to="https://sqlitebrowser.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SRB2Skybase.org.xml b/src/chrome/content/rules/SRB2Skybase.org.xml
new file mode 100644
index 000000000000..8546d33142e3
--- /dev/null
+++ b/src/chrome/content/rules/SRB2Skybase.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- ftp
+		- whm
+-->
+<ruleset name="SRB2Skybase.org">
+	<target host="srb2skybase.org" />
+	<target host="www.srb2skybase.org" />
+	<target host="cpanel.srb2skybase.org" />
+	<target host="files.srb2skybase.org" />
+	<target host="www.files.srb2skybase.org" />
+	<target host="mail.srb2skybase.org" />
+	<target host="webdisk.srb2skybase.org" />
+	<target host="webmail.srb2skybase.org" />
+	<target host="wind.srb2skybase.org" />
+	<target host="www.wind.srb2skybase.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SRI_Hash.org.xml b/src/chrome/content/rules/SRI_Hash.org.xml
deleted file mode 100644
index d71b0cdfac4e..000000000000
--- a/src/chrome/content/rules/SRI_Hash.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="SRI Hash.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="srihash.org" />
-	<target host="www.srihash.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SRM.de.xml b/src/chrome/content/rules/SRM.de.xml
index 75bb3b5c517b..e561bfcbf055 100644
--- a/src/chrome/content/rules/SRM.de.xml
+++ b/src/chrome/content/rules/SRM.de.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.srm.de/ => https://www.srm.de/: Cycle detected - URL alr
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="SRM.de" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SRM.de" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="srm.de" />
 	<target host="www.srm.de" />
diff --git a/src/chrome/content/rules/SSL-Cert-Shop.com.xml b/src/chrome/content/rules/SSL-Cert-Shop.com.xml
deleted file mode 100644
index de57ee1a4a25..000000000000
--- a/src/chrome/content/rules/SSL-Cert-Shop.com.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	Nonfunctional hosts in *ssl-cert-shop.com:
-
-		- blog *
-
-	* Shows live.ssl-cert-shop.com
-
-
-	^ssl-cert-shop.com: Shows live.ssl-cert-shop.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- live.ssl-cert-shop.com
-		- www.ssl-cert-shop.com
-
--->
-<ruleset name="SSL-Cert-Shop.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="live.ssl-cert-shop.com" />
-	<target host="www.ssl-cert-shop.com" />
-
-	<!--	Complications:
-				-->
-	<target host="ssl-cert-shop.com" />
-
-		<!--	Sets cookies without Secure
-							-->
-		<test url="http://live.ssl-cert-shop.com/server.php?a=&amp;rqst=track&amp;output=nojcrpt&amp;ovlc=&amp;eca=" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^live\.ssl-cert-shop\.com$" name="^(?:livezilla|lz_last_visit|lz_userid|lz_visits)$" /-->
-	<!--securecookie host="^www\.ssl-cert-shop\.com$" name="^\.ASPXANONYMOUS$" /-->
-
-	<securecookie host=".+\.ssl-cert-shop\.com$" name=".+" />
-
-
-	<rule from="^http://ssl-cert-shop\.com/"
-		to="https://www.ssl-cert-shop.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SSL-Images-Amazon.com.xml b/src/chrome/content/rules/SSL-Images-Amazon.com.xml
index ec98b467fd77..f65483cde500 100644
--- a/src/chrome/content/rules/SSL-Images-Amazon.com.xml
+++ b/src/chrome/content/rules/SSL-Images-Amazon.com.xml
@@ -6,9 +6,9 @@
 
 	<!--
 		Exclusions for Amazon's Zeitgeist MP3 Player:
-                                                                 
+
 			https://trac.torproject.org/projects/tor/ticket/7000
-                                                                 
+
 	note that this exclusion can't be scoped to
 	the ssl-images-amazon domain, though it could have
 	copied the crazy pattern from the rule above.
diff --git a/src/chrome/content/rules/SSL-Trust.com.xml b/src/chrome/content/rules/SSL-Trust.com.xml
index fd8494307e1c..e8818fb3d8b2 100644
--- a/src/chrome/content/rules/SSL-Trust.com.xml
+++ b/src/chrome/content/rules/SSL-Trust.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.ssl-trust.com/ => https://www.ssl-trust.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.ssl-trust.com'")
 
 -->
-<ruleset name="SSL-Trust" default_off='failed ruleset test'>
+<ruleset name="SSL-Trust" default_off="failed ruleset test">
 	<target host="ssl-trust.com" />
 	<target host="www.ssl-trust.com" />
 
diff --git a/src/chrome/content/rules/SSLEnforcer.com.xml b/src/chrome/content/rules/SSLEnforcer.com.xml
new file mode 100644
index 000000000000..77aa7f2e133f
--- /dev/null
+++ b/src/chrome/content/rules/SSLEnforcer.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- ipv6
+-->
+<ruleset name="SSLEnforcer.com">
+	<target host="sslenforcer.com" />
+	<target host="www.sslenforcer.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SSSup.it.xml b/src/chrome/content/rules/SSSup.it.xml
index e906140b01f5..8c26ece9aafd 100644
--- a/src/chrome/content/rules/SSSup.it.xml
+++ b/src/chrome/content/rules/SSSup.it.xml
@@ -45,9 +45,12 @@
 	* Secured by us
 
 -->
-<ruleset name="SSSup.it (partial)">
-
-	<target host="*.sssup.it" />
+<ruleset name="SSSup.it (partial)" default_off="needs ruleset tests">
+	<target host="www.sssup.it" />
+	<target host="didactive.sssup.it" />
+	<target host="allievi.sssup.it" />
+	<target host="forms.sssup.it" />
+	<target host="pay.sssup.it" />
 		<!--
 			Avoid false/broken MCB:
 						-->
@@ -70,13 +73,5 @@
 					-->
 	<securecookie host="^(?:didactive|pay)\.sssup\.it$" name=".+" />
 
-
-	<!--	Redirects to http first, dropping args:
-							-->
-	<rule from="^http;//forms\.sssup\.it/+(?:$|\?.*)"
-		to="https://forms.sssup.it/didactive" />
-
-	<rule from="^http://(allievi|didactive|forms|pay|www)\.sssup\.it/"
-		to="https://$1.sssup.it/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.at.xml b/src/chrome/content/rules/STA-Travel.at.xml
new file mode 100644
index 000000000000..81e55ed017ac
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.at.xml
@@ -0,0 +1,33 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- forum		(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.at">
+
+	<target host="statravel.at" />
+	<target host="www.statravel.at" />
+	<target host="blog.statravel.at" />
+	<target host="book.statravel.at" />
+	<target host="forms.statravel.at" />
+	<target host="g.statravel.at" />
+	<target host="mietwagen.statravel.at" />
+	<target host="reise-buchen.statravel.at" />
+	<target host="versicherung.statravel.at" />
+	<target host="www3.statravel.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.ch.xml b/src/chrome/content/rules/STA-Travel.ch.xml
new file mode 100644
index 000000000000..fc8611babd21
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.ch.xml
@@ -0,0 +1,44 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- bookfr	(i)
+		- forum	(t)
+		- reisen	(m)
+		- test	(ssl connection error)
+		- tours	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.ch">
+
+	<target host="statravel.ch" />
+	<target host="www.statravel.ch" />
+	<target host="assurance.statravel.ch" />
+	<target host="blog.statravel.ch" />
+	<target host="book.statravel.ch" />
+	<target host="fluege.statravel.ch" />
+	<target host="forms.statravel.ch" />
+	<target host="fr.statravel.ch" />
+	<target host="g.statravel.ch" />
+	<target host="mietwagen.statravel.ch" />
+	<target host="reise-buchen.statravel.ch" />
+	<target host="versicherung.statravel.ch" />
+	<target host="www3.statravel.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.ch/"
+		to="https://www.statravel.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.jp.xml b/src/chrome/content/rules/STA-Travel.co.jp.xml
new file mode 100644
index 000000000000..2b46bd642bad
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.jp.xml
@@ -0,0 +1,26 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- www	(r)
+		- en	(r)
+		- pkg	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.jp">
+
+	<target host="trip.statravel.co.jp" />
+	<target host="ww2.statravel.co.jp" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.nz.xml b/src/chrome/content/rules/STA-Travel.co.nz.xml
new file mode 100644
index 000000000000..83ead9f632cb
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.nz.xml
@@ -0,0 +1,48 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- flight	(t)
+		- grouptravel	(m)
+		- insurance	(e)
+		- m	(m)
+		- vpn	(i)
+		- ww3	(ssl connection error)
+		- ww4	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.nz">
+
+	<target host="statravel.co.nz" />
+	<target host="www.statravel.co.nz" />
+	<target host="book.statravel.co.nz" />
+	<target host="cheap-car-rental.statravel.co.nz" />
+	<target host="g.statravel.co.nz" />
+	<target host="locations.statravel.co.nz" />
+	<target host="rail.statravel.co.nz" />
+	<target host="tours.statravel.co.nz" />
+		<test url="http://tours.statravel.co.nz/content/images/icon-cal-small.png" />
+	<target host="win.statravel.co.nz" />
+	<target host="www.win.statravel.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http redirect -->
+	<exclusion pattern="^http://www\.statravel\.co\.nz/tours" />
+		<test url="http://www.statravel.co.nz/tours.htm" />
+
+	<rule from="^http://statravel\.co\.nz/"
+		to="https://www.statravel.co.nz/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.th.xml b/src/chrome/content/rules/STA-Travel.co.th.xml
new file mode 100644
index 000000000000..9094db564b32
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.th.xml
@@ -0,0 +1,30 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- tours	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.th">
+
+	<target host="statravel.co.th" />
+	<target host="www.statravel.co.th" />
+	<target host="book.statravel.co.th" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.co\.th/"
+		to="https://www.statravel.co.th/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.co.za.xml b/src/chrome/content/rules/STA-Travel.co.za.xml
new file mode 100644
index 000000000000..fc63a93e6cf2
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.co.za.xml
@@ -0,0 +1,30 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- grouptravel	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.co.za">
+
+	<target host="statravel.co.za" />
+	<target host="www.statravel.co.za" />
+	<target host="book.statravel.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.co\.za/"
+		to="https://www.statravel.co.za/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.com.au.xml b/src/chrome/content/rules/STA-Travel.com.au.xml
new file mode 100644
index 000000000000..0b0a3803c626
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.com.au.xml
@@ -0,0 +1,48 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- cache-rg	(m)
+		- flights	(m)
+		- g	(m)
+		- ibe	(no route to host)
+		- insurance	(e)
+		- m	(m)
+		- mail	(t)
+		- ww2	(ssl connection error)
+		- ww3	(ssl connection error)
+		- ww4	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.com.au">
+
+	<target host="statravel.com.au" />
+	<target host="www.statravel.com.au" />
+	<target host="book.statravel.com.au" />
+	<target host="cheap-car-rental.statravel.com.au" />
+	<target host="locations.statravel.com.au" />
+	<target host="rail.statravel.com.au" />
+	<target host="tours.statravel.com.au" />
+		<test url="http://tours.statravel.com.au/content/images/icon-cal-small.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http redirect -->
+	<exclusion pattern="^http://www\.statravel\.com\.au/tours" />
+		<test url="http://www.statravel.com.au/tours.htm" />
+
+	<rule from="^http://statravel\.com\.au/"
+		to="https://www.statravel.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.com.sg.xml b/src/chrome/content/rules/STA-Travel.com.sg.xml
new file mode 100644
index 000000000000..9fdc7d485666
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.com.sg.xml
@@ -0,0 +1,25 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- www		(h)
+		- tours		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.com.sg">
+
+	<target host="book.statravel.com.sg" />
+	<target host="rail.statravel.com.sg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.com.xml b/src/chrome/content/rules/STA-Travel.com.xml
new file mode 100644
index 000000000000..fcd0243cc351
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.com.xml
@@ -0,0 +1,75 @@
+<!--
+	Other related rulesets:
+		- STA-Travel.at.xml
+		- STA-Travel.ch.xml
+		- STA-Travel.de.xml
+		- STA-Travel.co.jp.xml
+		- STA-Travel.co.nz.xml
+		- STA-Travel.co.th.xml
+		- STA-Travel.co.za.xml
+		- STA-Travel.com.au.xml
+		- STA-Travel.com.sg.xml
+
+
+	Non-functional subdomains:
+		- statravel.com		(t)
+			- articles	(t)
+			- links.edeals	(m)
+			- ibe	(t)
+			- owa	(no route to host)
+			- stacreativekit	(m)
+			- webchat	(t)
+			- webforms	(r)
+			- ww2	(no route to host)
+
+		- (www.)statravel.com.cn	(ssl connection error)
+			- en	(i)
+
+		- statravel.se		(t)
+			- www		(m)
+
+		- (www.)statravel.dk		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.com">
+
+	<target host="statravel.com" />
+	<target host="www.statravel.com" />
+	<target host="blog.statravel.com" />
+	<target host="book.statravel.com" />
+	<target host="car-rental.statravel.com" />
+	<target host="customercare.statravel.com" />
+	<target host="g.statravel.com" />
+	<target host="helios.statravel.com" />
+	<target host="hotels.statravel.com" />
+	<target host="login.statravel.com" />
+	<target host="m.statravel.com" />
+	<target host="marketing.statravel.com" />
+	<target host="my.statravel.com" />
+	<target host="api.my.statravel.com" />
+	<target host="api.partners.my.statravel.com" />
+	<target host="rail.statravel.com" />
+	<target host="tours.statravel.com" />
+		<test url="http://tours.statravel.com/content/images/icon-cal-small.png" />
+	<target host="usvpn.statravel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- http redirect -->
+	<exclusion pattern="^http://www\.statravel\.com/(blog/|tours)" />
+		<test url="http://www.statravel.com/blog/" />
+		<test url="http://www.statravel.com/tours-worldwide.htm" />
+
+	<rule from="^http://statravel\.com/"
+		to="https://www.statravel.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STA-Travel.de.xml b/src/chrome/content/rules/STA-Travel.de.xml
new file mode 100644
index 000000000000..0756444bf02c
--- /dev/null
+++ b/src/chrome/content/rules/STA-Travel.de.xml
@@ -0,0 +1,44 @@
+<!--
+	For other coverage, see STA-Travel.com.xml
+
+
+	Non-functional subdomains:
+		- $host	(t)
+		- www.bildungsreisen	(m)
+		- forum	(t)
+		- lastminute	(t)
+		- tracking	(t)
+		- www4	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="STA Travel.de">
+
+	<target host="statravel.de" />
+	<target host="www.statravel.de" />
+	<target host="bildungsreisen.statravel.de" />
+	<target host="blog.statravel.de" />
+	<target host="book.statravel.de" />
+	<target host="forms.statravel.de" />
+	<target host="g.statravel.de" />
+	<target host="mietwagen.statravel.de" />
+	<target host="reise-buchen.statravel.de" />
+	<target host="reisen.statravel.de" />
+	<target host="tours.statravel.de" />
+	<target host="versicherung.statravel.de" />
+	<target host="www3.statravel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://statravel\.de/"
+		to="https://www.statravel.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/STARTTLS.info.xml b/src/chrome/content/rules/STARTTLS.info.xml
index 10cce5a46347..b6d8acbd319b 100644
--- a/src/chrome/content/rules/STARTTLS.info.xml
+++ b/src/chrome/content/rules/STARTTLS.info.xml
@@ -5,7 +5,7 @@ Fetch error: http://starttls.info/ => https://starttls.info/: (51, "SSL: no alte
 Fetch error: http://www.starttls.info/ => https://www.starttls.info/: (51, "SSL: no alternative certificate subject name matches target host name 'www.starttls.info'")
 
 -->
-<ruleset name="STARTTLS.info" default_off='failed ruleset test'>
+<ruleset name="STARTTLS.info" default_off="failed ruleset test">
 
 	<target host="starttls.info" />
 	<target host="www.starttls.info" />
diff --git a/src/chrome/content/rules/STLinux.com.xml b/src/chrome/content/rules/STLinux.com.xml
deleted file mode 100644
index 517b1e876ed6..000000000000
--- a/src/chrome/content/rules/STLinux.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	www: shows bugzilla
-
--->
-<ruleset name="STLinux.com (partial)">
-
-	<target host="*.stlinux.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bugzilla\.stlinux\.com$" name="^(BUGLIST|LASTORDER)$" /-->
-
-	<securecookie host="^bugzilla\.stlinux\.com$" name=".+" />
-
-
-	<rule from="^http://bugzilla(-attachments)?\.stlinux\.com/"
-		to="https://bugzilla$1.stlinux.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/STRATO_MailCenter.xml b/src/chrome/content/rules/STRATO_MailCenter.xml
index 28ebc2ae639a..4ff0ae05a608 100644
--- a/src/chrome/content/rules/STRATO_MailCenter.xml
+++ b/src/chrome/content/rules/STRATO_MailCenter.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.strato-mailcenter.com/ => https://www.strato-mailcenter.
 	Cert only matches www.
 
 -->
-<ruleset name="STRATO MailCenter" default_off='failed ruleset test'>
+<ruleset name="STRATO MailCenter" default_off="failed ruleset test">
 
 	<target host="strato-mailcenter.com" />
 	<target host="www.strato-mailcenter.com" />
diff --git a/src/chrome/content/rules/STRATO_Pro.xml b/src/chrome/content/rules/STRATO_Pro.xml
index bea7edb6de99..9ceb7e865483 100644
--- a/src/chrome/content/rules/STRATO_Pro.xml
+++ b/src/chrome/content/rules/STRATO_Pro.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.strato-pro.com/ => https://www.strato-pro.com/: (60, 'SS
 	Cert only matches www.
 
 -->
-<ruleset name="STRATO Pro" default_off='failed ruleset test'>
+<ruleset name="STRATO Pro" default_off="failed ruleset test">
 
 	<target host="strato-pro.com" />
 	<target host="www.strato-pro.com" />
diff --git a/src/chrome/content/rules/STSDB.com.xml b/src/chrome/content/rules/STSDB.com.xml
deleted file mode 100644
index ba1dc6d21037..000000000000
--- a/src/chrome/content/rules/STSDB.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3di9a60out49j.cloudfront.net
-
-			- acdn
-
-
-	(www.): dropped
-
--->
-<ruleset name="STSDB.com (partial)">
-
-	<target host="acdn.stsdb.com" />
-
-
-	<rule from="^http://acdn\.stsdb\.com/"
-		to="https://d3di9a60out49j.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/STUBA.sk.xml b/src/chrome/content/rules/STUBA.sk.xml
new file mode 100644
index 000000000000..7917df9eedb5
--- /dev/null
+++ b/src/chrome/content/rules/STUBA.sk.xml
@@ -0,0 +1,38 @@
+<!--
+    Slovak University of Technology in Bratislava (STU)
+
+    certificate chain issues:
+	- icv.stuba.sk
+	- nadacia.stuba.sk
+	- sport.stuba.sk
+	- univerziada.stuba.sk
+	- www.ds.stuba.sk
+	- www.ects.stuba.sk
+	- www.fa.stuba.sk
+	- www.granty.stuba.sk
+	- www.ksp.stuba.sk
+	- www.nadacia.stuba.sk
+	- www.sport.stuba.sk
+	- www.stuscientific.sk
+
+-->
+
+<ruleset name="STUBA.sk">
+
+	<target host="is.stuba.sk" />
+	<target host="stuba.sk" />
+	<target host="www.stuba.sk" />
+	<target host="webmail.stuba.sk" />
+	<target host="www.absolventi.stuba.sk" />
+	<target host="www.fchpt.stuba.sk" />
+	<target host="www.fei.stuba.sk" />
+	<target host="www.fiit.stuba.sk" />
+	<target host="www.inqb.sk" />
+	<target host="www.mtf.stuba.sk" />
+	<target host="www.sjf.stuba.sk" />
+	<target host="www.svf.stuba.sk" />
+
+	<rule from="^http://stuba\.sk/" to="https://www.stuba.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SUEDKURIER.de.xml b/src/chrome/content/rules/SUEDKURIER.de.xml
new file mode 100644
index 000000000000..3cd0511b42f9
--- /dev/null
+++ b/src/chrome/content/rules/SUEDKURIER.de.xml
@@ -0,0 +1,119 @@
+<!--
+	Connection closed:
+		sso-dev.suedkurier.de
+		static1.suedkurier.de
+		static3.suedkurier.de
+		vpc.suedkurier.de
+
+	Invalid certificate:
+		apps.suedkurier.de
+
+	SSL: no alternative certificate subject name matches target host name:
+		www.glueckslos.suedkurier.de
+		konstanz.suedkurier.de
+		letter.suedkurier.de
+		sbb.suedkurier.de
+
+	Timeout:
+		abo.suedkurier.de
+		abonnieren.suedkurier.de
+		aboshop.suedkurier.de
+		adventskalender.suedkurier.de
+		angebote.suedkurier.de
+		bestellen.suedkurier.de
+		blockchain.suedkurier.de
+		bofe-tool.suedkurier.de
+		branchenbuch-wiki.suedkurier.de
+		brbuch1.suedkurier.de
+		brbuch5.suedkurier.de
+		crm-rss.suedkurier.de
+		dcx-extern.suedkurier.de
+		digital.suedkurier.de
+		dkz-zustellerportal.suedkurier.de
+		epaper.suedkurier.de
+		erlebnisse.suedkurier.de
+		fcms.suedkurier.de
+		forum.suedkurier.de
+		glueckslos.suedkurier.de
+		gpg.suedkurier.de
+		gpt.suedkurier.de
+		himate1.suedkurier.de
+		kollektive.suedkurier.de
+		leo-sport.suedkurier.de
+		mail-a.suedkurier.de
+		mail11.suedkurier.de
+		mdmap.suedkurier.de
+		mdmgw.suedkurier.de
+		mobil.suedkurier.de
+		msk.suedkurier.de
+		newsletter.suedkurier.de
+		ns1.suedkurier.de
+		ns3.suedkurier.de
+		ns6.suedkurier.de
+		owa.suedkurier.de
+		ppiweb.suedkurier.de
+		ppiweb1.suedkurier.de
+		projekte.suedkurier.de
+		psg-zustellerportal.suedkurier.de
+		regiostars.suedkurier.de
+		admin.regiostars.suedkurier.de
+		xml.regiostars.suedkurier.de
+		regiostars-media.suedkurier.de
+		reisekataloge.suedkurier.de
+		reisen.suedkurier.de
+		report.suedkurier.de
+		rubbellos.suedkurier.de
+		www.schlaraffenland.suedkurier.de
+		service.suedkurier.de
+		shop.suedkurier.de
+		shop-test.suedkurier.de
+		www.shop-test.suedkurier.de
+		skshop2test.suedkurier.de
+		ssltest.suedkurier.de
+		sslweb.suedkurier.de
+		superreisen.suedkurier.de
+		termine.suedkurier.de
+		ticket.suedkurier.de
+		tk-expe1.suedkurier.de
+		tk-expe2.suedkurier.de
+		touren.suedkurier.de
+		umfragen.suedkurier.de
+		verteilgebietsplanung-dkz.suedkurier.de
+		verteilgebietsplanung-psg.suedkurier.de
+		vorfreude.suedkurier.de
+		wahl.suedkurier.de
+		www.wahl.suedkurier.de
+		m.wahl.suedkurier.de
+		webanzeigen.suedkurier.de
+		webdesk.suedkurier.de
+		www15.suedkurier.de
+		zeltfestival-vip.suedkurier.de
+		zustellerportal.suedkurier.de
+		zustellersms.suedkurier.de
+-->
+<ruleset name="SUEDKURIER.de">
+
+	<target host="suedkurier.de" />
+	<target host="www.suedkurier.de" />
+	<target host="admin.suedkurier.de" />
+	<target host="alpha.suedkurier.de" />
+	<target host="auktion.suedkurier.de" />
+	<target host="beta.suedkurier.de" />
+	<target host="cdn.suedkurier.de" />
+	<target host="einkaufsnetz.suedkurier.de" />
+	<target host="jdgtgb.suedkurier.de" />
+	<target host="json.suedkurier.de" />
+	<target host="m.suedkurier.de" />
+	<target host="magazin.suedkurier.de" />
+	<target host="mein.suedkurier.de" />
+	<target host="static4.suedkurier.de" />
+	<target host="static5.suedkurier.de" />
+	<target host="static6.suedkurier.de" />
+	<target host="tr.suedkurier.de" />
+	<target host="traueranzeigen.suedkurier.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SUPERVALU.xml b/src/chrome/content/rules/SUPERVALU.xml
index 28fb204fbbee..7f95b821fb00 100644
--- a/src/chrome/content/rules/SUPERVALU.xml
+++ b/src/chrome/content/rules/SUPERVALU.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.supervalu.com/ => https://www.supervalu.com/: (28, 'Conn
 	Cert only matches www.
 
 -->
-<ruleset name="SUPERVALU" default_off='failed ruleset test'>
+<ruleset name="SUPERVALU" default_off="failed ruleset test">
 
 	<target host="supervalu.com" />
 	<target host="www.supervalu.com" />
@@ -22,4 +22,4 @@ Fetch error: http://www.supervalu.com/ => https://www.supervalu.com/: (28, 'Conn
 	<rule from="^http://(?:www\.)?supervalu\.com/"
 		to="https://www.supervalu.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SVGOpen.xml b/src/chrome/content/rules/SVGOpen.xml
index 0d3bb0b180af..b2dd84dab757 100644
--- a/src/chrome/content/rules/SVGOpen.xml
+++ b/src/chrome/content/rules/SVGOpen.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://svgopen.org/ => https://www.svgopen.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.svgopen.org'")
 Fetch error: http://www.svgopen.org/ => https://www.svgopen.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.svgopen.org'")
 -->
-<ruleset name="SVGOpen" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SVGOpen" platform="mixedcontent" default_off="failed ruleset test">
   <target host="svgopen.org" />
   <target host="www.svgopen.org" />
 
diff --git a/src/chrome/content/rules/SVN-Lab.xml b/src/chrome/content/rules/SVN-Lab.xml
deleted file mode 100644
index 8d765dfca005..000000000000
--- a/src/chrome/content/rules/SVN-Lab.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="SVN Lab">
-	<target host="svnlab.com" />
-	<target host="app.svnlab.com" />
-	<target host="www.svnlab.com" />
-
-	<securecookie host="^(app|www)\.svnlab\.com$" name=".+" />
-
-	<rule from="^http://svnlab\.com/"
-		to="https://www.svnlab.com/" />
-	<rule from="^http://(app|www)\.svnlab\.com/"
-		to="https://$1.svnlab.com/" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SVT.se.xml b/src/chrome/content/rules/SVT.se.xml
index 2835ce327965..4182ad71078f 100644
--- a/src/chrome/content/rules/SVT.se.xml
+++ b/src/chrome/content/rules/SVT.se.xml
@@ -1,27 +1,19 @@
 <!--
 	CDN buckets:
-
 		- svtklipp-f.akamaihd.net
 		- www.svt.se.edgesuite.net
 		- www.svtplay.se.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- svt.se		(301s to www)
-		- www.svt.se		(Akamai; 301s to http)
-		- www.svtplay.se	(ditto)
-
 -->
-<ruleset name="SVT.se (partial)">
-
-	<target host="ld.svt.se" />
 
+<ruleset name="SVT.se (partial)">
+	<target host="svt.se" />
+	<target host="www.svt.se" />
+	<target host="api.svt.se" />
 
-	<securecookie host="^ld\.svt\.se$" name=".+" />
+	<target host="svtplay.se" />
+	<target host="www.svtplay.se" />
 
+	<target host="www.svtstatic.se" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
-
diff --git a/src/chrome/content/rules/SWISS-Virtual.com.xml b/src/chrome/content/rules/SWISS-Virtual.com.xml
index 41f8f30ae906..259ee94a4ccd 100644
--- a/src/chrome/content/rules/SWISS-Virtual.com.xml
+++ b/src/chrome/content/rules/SWISS-Virtual.com.xml
@@ -1,6 +1,6 @@
 <!--
-	Note: SWISS-Virtual.com is not affiliated to 
-		Swiss International Air Lines Ltd. 
+	Note: SWISS-Virtual.com is not affiliated to
+		Swiss International Air Lines Ltd.
 
 	Non-functional hosts
 		Couldn't connect to server:
diff --git a/src/chrome/content/rules/SWM.de.xml b/src/chrome/content/rules/SWM.de.xml
index 9f5047da978e..54a2cadfc59c 100644
--- a/src/chrome/content/rules/SWM.de.xml
+++ b/src/chrome/content/rules/SWM.de.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:"/>
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SWR.de.xml b/src/chrome/content/rules/SWR.de.xml
new file mode 100644
index 000000000000..e1bf5c0f1225
--- /dev/null
+++ b/src/chrome/content/rules/SWR.de.xml
@@ -0,0 +1,115 @@
+<!--
+	Connection closed:
+		bewerberportal.swr.de
+
+	Invalid certificate:
+		ard-buffet-app.swr.de
+		dataquery.swr.de
+		depot.swr.de
+		depot1.swr.de
+		enterpriseregistration.swr.de
+		geschichte-des-suedwestens.swr.de
+		hds-ondemand.swr.de
+		hls-ondemand.swr.de
+		ios-ondemand.swr.de
+		kaffee-oder-tee-app.swr.de
+		mp3-live.swr.de
+		newsletter.swr.de
+		www.presseportal.swr.de
+		regionale-genuesse.swr.de
+		s0003052.swr.de
+		wissen.swr.de
+		www.wissen.swr.de
+
+	Mismatch:
+		standby.swr.de
+
+	Refused:
+		onlinebot.swr.de
+
+	Timeout:
+		csg.swr.de
+		db.swr.de
+		fx.swr.de
+		gast.swr.de
+		itsp.swr.de
+		lists.swr.de
+		m.swr.de
+		mailin.swr.de
+		mdm.swr.de
+		migrationsblog.swr.de
+		mp3.swr.de
+		mp4.swr.de
+		mrx.swr.de
+		mrxcox.swr.de
+		mtzd-origin.swr.de
+		mx.swr.de
+		odpapp.swr.de
+		om.swr.de
+		otherweb.swr.de
+		radio.swr.de
+		regio.swr.de
+		sportclubcam1.swr.de
+		traveler1.swr.de
+-->
+<ruleset name="SWR.de">
+
+	<target host="swr.de" />
+	<target host="www.swr.de" />
+	<target host="adfs.swr.de" />
+	<target host="autodiscover.swr.de" />
+	<target host="besucherfuehrung.swr.de" />
+	<target host="citrix.swr.de" />
+	<target host="click.swr.de" />
+	<target host="cms-besucherfuehrung.swr.de" />
+	<target host="d.swr.de" />
+	<target host="data.swr.de" />
+	<target host="depot3.swr.de" />
+	<target host="digit.swr.de" />
+	<target host="docuware.swr.de" />
+	<target host="drittplattformen.swr.de" />
+	<target host="eva.swr.de" />
+	<target host="galerie.swr.de" />
+	<target host="hybrid.swr.de" />
+	<target host="kaffee-oder-tee.swr.de" />
+	<target host="lab.swr.de" />
+	<target host="live-origin.swr.de" />
+	<target host="mdms.swr.de" />
+	<target host="meeting.swr.de" />
+	<target host="mft.swr.de" />
+	<target host="mft-test.swr.de" />
+	<target host="mimo-extern.swr.de" />
+	<target host="multimedia.swr.de" />
+	<target host="multimedia-image.swr.de" />
+	<target host="multimedia-static.swr.de" />
+	<target host="multimedia-video.swr.de" />
+	<target host="onair.swr.de" />
+	<target host="onair-origin.swr.de" />
+	<target host="presseportal.swr.de" />
+	<target host="s0002983.swr.de" />
+	<target host="shiftjuggler.swr.de" />
+	<target host="sportergebnisse.swr.de" />
+	<target host="subtitles.swr.de" />
+	<target host="swr-aktuell-app.swr.de" />
+	<target host="swr-aktuell-appcms.swr.de" />
+	<target host="swr-jira.swr.de" />
+	<target host="vote.swr.de" />
+	<target host="wahl.swr.de" />
+	<target host="webcollaboration.swr.de" />
+	<target host="wraps.swr.de" />
+	<target host="wraps-origin.swr.de" />
+	<target host="wum.swr.de" />
+	<target host="www1.swr.de" />
+	<target host="www1-origin.swr.de" />
+	<target host="x.swr.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Timeout on https://swr.de/,
+	http://swr.de/ redirects to https://www.swr.de/.-->
+	<rule from="^http://swr\.de/"
+			to="https://www.swr.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SWT.com.xml b/src/chrome/content/rules/SWT.com.xml
index a5e25bc02814..0b9ad8098f11 100644
--- a/src/chrome/content/rules/SWT.com.xml
+++ b/src/chrome/content/rules/SWT.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="SWT.com">
 
 	<target host="swt.com" />
-	<target host="*.swt.com" />
+	<target host="www.swt.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Sabnzbd.xml b/src/chrome/content/rules/Sabnzbd.xml
index f99a325a7761..fc67ca333d11 100644
--- a/src/chrome/content/rules/Sabnzbd.xml
+++ b/src/chrome/content/rules/Sabnzbd.xml
@@ -9,13 +9,12 @@
 
 	<target host="forums.sabnzbd.org" />
 	<!--	* for cross-domain cookies.	-->
-	<target host="*.forums.sabnzbd.org" />
+
 
 
 	<securecookie host="^\.forums\.sabnzbd\.org$" name=".+" />
 
 
-	<rule from="^http://forums\.sabnzbd\.org/"
-		to="https://forums.sabnzbd.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sabq.org.xml b/src/chrome/content/rules/Sabq.org.xml
new file mode 100644
index 000000000000..b286059676ec
--- /dev/null
+++ b/src/chrome/content/rules/Sabq.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid Certificate:
+		stage2.sabq.org
+-->
+<ruleset name="Sabq.org">
+	<target host="sabq.org" />
+	<target host="www.sabq.org" />
+	<target host="api.sabq.org" />
+	<target host="backend.sabq.org" />
+	<target host="beta.sabq.org" />
+	<target host="cdn.sabq.org" />
+		<test url="http://cdn.sabq.org/favicon.ico" />
+	<target host="docs.sabq.org" />
+	<target host="misc.sabq.org" />
+	<target host="mobile.sabq.org" />
+	<target host="wap.sabq.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml b/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml
index 0d46761e427e..9701451842f1 100644
--- a/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml
+++ b/src/chrome/content/rules/Sabre_Hospitality_Solutions.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sacramento-Bee.xml b/src/chrome/content/rules/Sacramento-Bee.xml
new file mode 100644
index 000000000000..3c05b1cf6477
--- /dev/null
+++ b/src/chrome/content/rules/Sacramento-Bee.xml
@@ -0,0 +1,29 @@
+<!--
+	Connection reset:
+		- events.sacbee.com
+
+	Invalid certificate:
+		- circulars.sacbee.com
+		- classifieds.sacbee.com
+		- findnsave.sacbee.com
+		- shopping.sacbee.com
+
+	Timed out:
+		- sacbee.com, equivalent to www.sacbee.com
+		- games.sacbee.com
+		- voterguide.sacbee.com
+-->
+
+<ruleset name="Sacramento Bee">
+	<target host="sacbee.com" />
+	<target host="www.sacbee.com" />
+	<target host="account.sacbee.com" />
+	<target host="checkout.sacbee.com" />
+	<target host="jobs.sacbee.com" />
+	<target host="media.sacbee.com" />
+
+	<rule from="^http://sacbee\.com/"
+		to="https://www.sacbee.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sacramento_Bee.xml b/src/chrome/content/rules/Sacramento_Bee.xml
deleted file mode 100644
index 1e5fce7dee1a..000000000000
--- a/src/chrome/content/rules/Sacramento_Bee.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://circulationportal.sacbee.com/ => https://circulationportal.sacbee.com/: (28, 'Connection timed out after 20003 milliseconds')
-
-	CDN buckets:
-
-		- mi.edgesuite.net
-
-			- media
-			- www
-
-
-	Nonfunctional subdomains:
-
-		- ^		(refused)
-		- media *
-		- www *
-
-	* 503, akamai
-
--->
-<ruleset name="The Sacramento Bee (partial)" default_off='failed ruleset test'>
-
-	<target host="circulationportal.sacbee.com" />
-
-
-	<securecookie host="^circulationportal\.sacbee\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SadeceHosting.com.xml b/src/chrome/content/rules/SadeceHosting.com.xml
deleted file mode 100644
index c5dece473792..000000000000
--- a/src/chrome/content/rules/SadeceHosting.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .sadecehosting.com
-		- www.sadecehosting.com
-
--->
-<ruleset name="SadeceHosting.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="sadecehosting.com" />
-	<target host="www.sadecehosting.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.sadecehosting\.com$" name="^(?:SH_Shopping_Cart|SH_TRACKER)$" /-->
-	<!--securecookie host="^www\.sadecehosting\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:www)?\.sadecehosting\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Safari_Flow.com.xml b/src/chrome/content/rules/Safari_Flow.com.xml
index 0bed6fd4ce1f..5a6b1c831ec6 100644
--- a/src/chrome/content/rules/Safari_Flow.com.xml
+++ b/src/chrome/content/rules/Safari_Flow.com.xml
@@ -18,7 +18,7 @@
 	* Unsecurable <= http reply
 
 -->
-<ruleset name="Safari Flow.com (partial)" default_off="missing certificate chain">
+<ruleset name="Safari Flow.com (partial)" default_off="cert-chain">
 
 	<target host="safariflow.com" />
 	<target host="www.safariflow.com" />
diff --git a/src/chrome/content/rules/Safe-mail.net.xml b/src/chrome/content/rules/Safe-mail.net.xml
index 8dba2fe1c39a..1a01a1619411 100644
--- a/src/chrome/content/rules/Safe-mail.net.xml
+++ b/src/chrome/content/rules/Safe-mail.net.xml
@@ -1,19 +1,16 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://rimon.safe-mail.net/ => https://rimon.safe-mail.net/: (28, 'Connection timed out after 20001 milliseconds')
-
--->
-<ruleset name="Safe-mail.net" default_off='failed ruleset test'>
+<ruleset name="Safe-mail.net">
 
 	<target host="safe-mail.net" />
-	<target host="*.safe-mail.net" />
-
-		<test url="http://rimon.safe-mail.net/" />
-		<test url="http://www.safe-mail.net/" />
-
+	<target host="www.safe-mail.net" />
+	<target host="apple.safe-mail.net" />
+	<target host="dekel.safe-mail.net" />
+	<target host="mail.safe-mail.net" />
+	<target host="mango.safe-mail.net" />
+	<target host="orange.safe-mail.net" />
+	<target host="pitango.safe-mail.net" />
+	<target host="pop.safe-mail.net" />
+	<target host="tamar.safe-mail.net" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SafeAssign.xml b/src/chrome/content/rules/SafeAssign.xml
deleted file mode 100644
index 0e3079b6a8bc..000000000000
--- a/src/chrome/content/rules/SafeAssign.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Blackboard coverage, see Blackboard.xml.
-
-
-	Nonfunctional hosts in *safeassign.com:
-
-		- institutionhelp	(fails to redirect properly)
-		- wiki
-
-
-	(www.)?safeassign.com: Mismatched
-
--->
-<ruleset name="SafeAssign.com">
-
-	<!--	Complications:
-				-->
-	<target host="safeassign.com" />
-	<target host="www.safeassign.com" />
-
-
-	<rule from="^http://(?:www\.)?safeassign\.com/"
-		to="https://safeassign.blackboard.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SafeHouse.com.xml b/src/chrome/content/rules/SafeHouse.com.xml
new file mode 100644
index 000000000000..67b0da614f79
--- /dev/null
+++ b/src/chrome/content/rules/SafeHouse.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Wildcard certificate and DNS records:
+		- *.safehouse.com
+-->
+
+<ruleset name="SafeHouse.com">
+	<target host="safehouse.com" />
+	<target host="*.safehouse.com" />
+		<test url="http://www.safehouse.com/" />
+		<test url="http://a.safehouse.com/" />
+		<test url="http://b.safehouse.com/" />
+
+	<rule from="^http://safehouse\.com/"
+		to="https://safehouse.com/" />
+
+	<rule from="^http://([\w-]+)\.safehouse\.com/"
+		to="https://$1.safehouse.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/SafeNet.xml b/src/chrome/content/rules/SafeNet.xml
index 6979e56e3f29..f8e60b3e5a6a 100644
--- a/src/chrome/content/rules/SafeNet.xml
+++ b/src/chrome/content/rules/SafeNet.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sentineldiscussion.safenet-inc.com/ => https://sentineldiscussion.safenet-inc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'sentineldiscussion.gemalto.com'")
 
 -->
-<ruleset name="SafeNet-Inc.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SafeNet-Inc.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SafePilots.org.xml b/src/chrome/content/rules/SafePilots.org.xml
new file mode 100644
index 000000000000..c5319e7c2a96
--- /dev/null
+++ b/src/chrome/content/rules/SafePilots.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Connection refused:
+		- ww2.safepilots.org
+-->
+
+<ruleset name="SafePilots.org">
+	<target host="safepilots.org" />
+	<target host="www.safepilots.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SafeSource.org.nz.xml b/src/chrome/content/rules/SafeSource.org.nz.xml
deleted file mode 100644
index e2d79ef1211b..000000000000
--- a/src/chrome/content/rules/SafeSource.org.nz.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="SafeSource.org.nz">
-
-	<target host="safesource.org.nz" />
-	<target host="www.safesource.org.nz" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Safebilling.com.xml b/src/chrome/content/rules/Safebilling.com.xml
deleted file mode 100644
index 385947ddbcaa..000000000000
--- a/src/chrome/content/rules/Safebilling.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="safebilling.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="safebilling.com" />
-	<target host="www.safebilling.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Safercar.gov.xml b/src/chrome/content/rules/Safercar.gov.xml
deleted file mode 100644
index 4b93a7ff8616..000000000000
--- a/src/chrome/content/rules/Safercar.gov.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-
-
-	^safercar.gov: Handshake fails
-	www.safercar.gov: Redirects to http
-
--->
-<ruleset name="Safercar.gov (partial)">
-
-	<target host="vinrcl.safercar.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SafinaSociety.org.xml b/src/chrome/content/rules/SafinaSociety.org.xml
new file mode 100644
index 000000000000..04f91eb9e015
--- /dev/null
+++ b/src/chrome/content/rules/SafinaSociety.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="SafinaSociety.org">
+	<target host="safinasociety.org" />
+	<target host="www.safinasociety.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Saga-Group.xml b/src/chrome/content/rules/Saga-Group.xml
index f98903235477..280c0920e9cd 100644
--- a/src/chrome/content/rules/Saga-Group.xml
+++ b/src/chrome/content/rules/Saga-Group.xml
@@ -1,7 +1,8 @@
 <ruleset name="Saga Group">
 
 	<target host="saga.co.uk" />
-	<target host="*.saga.co.uk" />
+	<target host="www.saga.co.uk" />
+	<target host="travel.saga.co.uk" />
 
 
 	<securecookie host="^.*\.saga\.co\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/Sage.xml b/src/chrome/content/rules/Sage.xml
index 956285cf6c52..6c2c8d54bf8c 100644
--- a/src/chrome/content/rules/Sage.xml
+++ b/src/chrome/content/rules/Sage.xml
@@ -1,7 +1,11 @@
 <ruleset name="Sage (partial)">
 
 	<target host="sagepay.com"/>
-	<target host="*.sagepay.com"/>
+	<target host="www.sagepay.com" />
+	<target host="customerservices.sagepay.com" />
+	<target host="live.sagepay.com" />
+	<target host="support.sagepay.com" />
+	<target host="test.sagepay.com" />
 
 	<securecookie host="^(?:customerservices|live)\.sagepay\.com$" name=".+" />
 
diff --git a/src/chrome/content/rules/Sahab.net.xml b/src/chrome/content/rules/Sahab.net.xml
deleted file mode 100644
index ef3f6a2c5d0b..000000000000
--- a/src/chrome/content/rules/Sahab.net.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Sahab.net">
-	<target host="sahab.net" />
-	<target host="www.sahab.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sahih-Bukhari.com.xml b/src/chrome/content/rules/Sahih-Bukhari.com.xml
new file mode 100644
index 000000000000..d1266e2f205a
--- /dev/null
+++ b/src/chrome/content/rules/Sahih-Bukhari.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sahih-Bukhari.com">
+	<target host="sahih-bukhari.com" />
+	<target host="www.sahih-bukhari.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SailfishOS.org.xml b/src/chrome/content/rules/SailfishOS.org.xml
index 4de22f100efc..6d4ebe3ca682 100644
--- a/src/chrome/content/rules/SailfishOS.org.xml
+++ b/src/chrome/content/rules/SailfishOS.org.xml
@@ -21,7 +21,8 @@
 <ruleset name="SailfishOS.org">
 
 	<target host="sailfishos.org" />
-	<target host="*.sailfishos.org" />
+	<target host="lists.sailfishos.org" />
+	<target host="www.sailfishos.org" />
 
 
 	<!--	www redirects to ^ over http,
@@ -30,4 +31,4 @@
 	<rule from="^http://(?:(lists\.)|www\.)?sailfishos\.org/"
 		to="https://$1sailfishos.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sailthru-Horizon.xml b/src/chrome/content/rules/Sailthru-Horizon.xml
index b1a5abcac4d3..fa743ead754d 100644
--- a/src/chrome/content/rules/Sailthru-Horizon.xml
+++ b/src/chrome/content/rules/Sailthru-Horizon.xml
@@ -9,13 +9,14 @@
 -->
 <ruleset name="Sailthru Horizon">
 
-	<target host="*.sail-horizon.com" />
+	<target host="ak.sail-horizon.com" />
+	<target host="ak2.sail-horizon.com" />
+	<target host="cdn.sail-horizon.com" />
 
 
-	<rule from="^http://ak(2)?\.sail-horizon\.com/"
-		to="https://ak$1.sail-horizon.com/" />
 
 	<rule from="^http://cdn\.sail-horizon\.com/"
 		to="https://d1gp8joe0evc8s.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sailthru.xml b/src/chrome/content/rules/Sailthru.xml
index df92a978c667..25fc62281e8d 100644
--- a/src/chrome/content/rules/Sailthru.xml
+++ b/src/chrome/content/rules/Sailthru.xml
@@ -57,7 +57,7 @@ Fetch error: http://me.sailthru.com/ => https://www.sailthru.com/: Too many redi
 	* Secured by us
 
 -->
-<ruleset name="Sailthru.com" default_off='failed ruleset test'>
+<ruleset name="Sailthru.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -111,9 +111,6 @@ Fetch error: http://me.sailthru.com/ => https://www.sailthru.com/: Too many redi
 	<rule from="^http://me\.sailthru\.com/"
 		to="https://na-sj08.marketo.com/" />
 
-	<rule from="^http://media\.sailthru\.com/"
-		to="https://d1t6td7a2qcurl.cloudfront.net/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Salah.com.xml b/src/chrome/content/rules/Salah.com.xml
new file mode 100644
index 000000000000..2e49553627ae
--- /dev/null
+++ b/src/chrome/content/rules/Salah.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		www.salah.com
+-->
+<ruleset name="Salah.com">
+	<target host="salah.com" />
+	<target host="www.salah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.salah\.com/" to="https://salah.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SaleCycle.xml b/src/chrome/content/rules/SaleCycle.xml
index ce67cec1f976..670c9835a9e6 100644
--- a/src/chrome/content/rules/SaleCycle.xml
+++ b/src/chrome/content/rules/SaleCycle.xml
@@ -16,13 +16,16 @@
 -->
 <ruleset name="SaleCycle (partial)">
 
-	<target host="*.salecycle.com" />
+	<target host="app.salecycle.com" />
+	<target host="app-staging.salecycle.com" />
+	<target host="platform.salecycle.com" />
+	<target host="platform-staging.salecycle.com" />
+	<target host="reports.salecycle.com" />
 
 
 	<securecookie host="^platform(?:-staging)?\.salecycle\.com$" name=".+" />
 
 
-	<rule from="^http://((?:app|platform)(?:-staging)?|reports)\.salecycle\.com/"
-		to="https://$1.salecycle.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Salenames.ru.xml b/src/chrome/content/rules/Salenames.ru.xml
index d76ac91eb076..2e394905a330 100644
--- a/src/chrome/content/rules/Salenames.ru.xml
+++ b/src/chrome/content/rules/Salenames.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://partner.salenames.ru/ => https://partner.salenames.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Salenames.ru" default_off='failed ruleset test'>
+<ruleset name="Salenames.ru" default_off="failed ruleset test">
 	<target host="salenames.ru" />
 	<target host="www.salenames.ru" />
 	<target host="partner.salenames.ru" />
diff --git a/src/chrome/content/rules/Salk_Institute.xml b/src/chrome/content/rules/Salk_Institute.xml
index 6813e804d250..ccbbb986c062 100644
--- a/src/chrome/content/rules/Salk_Institute.xml
+++ b/src/chrome/content/rules/Salk_Institute.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Salla.sa.xml b/src/chrome/content/rules/Salla.sa.xml
new file mode 100644
index 000000000000..581c6818f9e4
--- /dev/null
+++ b/src/chrome/content/rules/Salla.sa.xml
@@ -0,0 +1,9 @@
+<ruleset name="Salla.sa">
+	<target host="salla.sa" />
+	<target host="www.salla.sa" />
+	<target host="s.salla.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Salon.xml b/src/chrome/content/rules/Salon.xml
index e3bcdb33ab2b..d5af9bd5b64a 100644
--- a/src/chrome/content/rules/Salon.xml
+++ b/src/chrome/content/rules/Salon.xml
@@ -37,7 +37,7 @@ Fetch error: http://salon.com/ => https://www.salon.com/: Too many redirects whi
 	* Secured by us
 
 -->
-<ruleset name="Salon.com" default_off='failed ruleset test'>
+<ruleset name="Salon.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SaltStack.com.xml b/src/chrome/content/rules/SaltStack.com.xml
index fd4f2f071492..7fc6cbfe6179 100644
--- a/src/chrome/content/rules/SaltStack.com.xml
+++ b/src/chrome/content/rules/SaltStack.com.xml
@@ -1,18 +1,24 @@
 <!--
-	Mixed content:
-
-		- Images, on:
-
-			- ^ from unbridled.info
-			- ^ from $self *
-
-	* Secured by us
+	Connection refused port 443:
+		- debian.saltstack.com
 
 -->
 <ruleset name="SaltStack.com">
 	<target host="saltstack.com" />
-	<target host="docs.saltstack.com" />
 	<target host="www.saltstack.com" />
+	<target host="bootstrap.saltstack.com" />
+	<target host="docs.saltstack.com" />
+	<target host="enterprise.saltstack.com" />
+	<target host="get.saltstack.com" />
+	<target host="jenkinsci.saltstack.com" />
+	<target host="kitchen.saltstack.com" />
+	<target host="learn.saltstack.com" />
+	<target host="repo.saltstack.com" />
+	<target host="s.saltstack.com" />
+	<target host="ssc.saltstack.com" />
+	<target host="support.saltstack.com" />
+	<target host="train.saltstack.com" />
+	<target host="training.saltstack.com" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Sam_Whited.com.xml b/src/chrome/content/rules/Sam_Whited.com.xml
index 1c0fef76bc07..d971e4b596c1 100644
--- a/src/chrome/content/rules/Sam_Whited.com.xml
+++ b/src/chrome/content/rules/Sam_Whited.com.xml
@@ -7,7 +7,8 @@ Fetch error: http://samwhited.com/ => https://samwhited.com/: (52, 'Empty reply
 <ruleset name="Sam Whited.com">
 
 	<target host="samwhited.com" />
-	<target host="*.samwhited.com" />
+	<target host="blog.samwhited.com" />
+	<target host="www.samwhited.com" />
 
 
 	<rule from="^http://(?:(blog\.)|www\.)?samwhited\.com/"
diff --git a/src/chrome/content/rules/Samoanic.ws.xml b/src/chrome/content/rules/Samoanic.ws.xml
new file mode 100644
index 000000000000..1fcb3567325b
--- /dev/null
+++ b/src/chrome/content/rules/Samoanic.ws.xml
@@ -0,0 +1,8 @@
+<ruleset name="Samoanic.ws">
+	<target host="samoanic.ws" />
+	<target host="www.samoanic.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sams_Software_and_Consulting.xml b/src/chrome/content/rules/Sams_Software_and_Consulting.xml
index 63f1589b69b4..9fa8d6801af0 100644
--- a/src/chrome/content/rules/Sams_Software_and_Consulting.xml
+++ b/src/chrome/content/rules/Sams_Software_and_Consulting.xml
@@ -6,7 +6,7 @@ Fetch error: http://cdn.samssoftware.com.au/ => https://cdn.samssoftware.com.au/
 	Some pages redirect to http.
 
 -->
-<ruleset name="Sam's Software &amp; Consulting (partial)" default_off='failed ruleset test'>
+<ruleset name="Sam's Software &amp; Consulting (partial)" default_off="failed ruleset test">
 
 	<target host="samssoftware.com.au" />
 	<target host="cdn.samssoftware.com.au" />
@@ -16,4 +16,4 @@ Fetch error: http://cdn.samssoftware.com.au/ => https://cdn.samssoftware.com.au/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung-cn.xml b/src/chrome/content/rules/Samsung-cn.xml
index 71b70f2e1ed5..10d3556eade2 100644
--- a/src/chrome/content/rules/Samsung-cn.xml
+++ b/src/chrome/content/rules/Samsung-cn.xml
@@ -15,6 +15,6 @@
 	<target host="samsungshop.com.cn" />
 	<target host="www.samsungshop.com.cn" />
 	<target host="res.samsungshop.com.cn" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Samsung.xml b/src/chrome/content/rules/Samsung.xml
index f3c9f9b5da5f..34332a78366d 100644
--- a/src/chrome/content/rules/Samsung.xml
+++ b/src/chrome/content/rules/Samsung.xml
@@ -1,12 +1,11 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://help.content.samsung.com/csweb/main/main.do => https://help.content.samsung.com/csweb/main/main.do: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://link.samsung.com/ => https://link.samsung.com/: (6, 'Could not resolve host: link.samsung.com')
-Non-2xx HTTP code: http://www.samsung.com/cn/common/css/home.css (200) => https://www.samsung.com/cn/common/css/home.css (403)
-Fetch error: http://help.content.samsung.com/ => https://help.content.samsung.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://link.samsung.com/ => https://link.samsung.com/: (6, 'Could not resolve host: link.samsung.com')
-Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.com/ (403)
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://secureus.samsung.com/us/mobile/galaxy-tab/SM-T810NZWEXAR => https://secureus.samsung.com/us/mobile/galaxy-tab/SM-T810NZWEXAR: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://shop.us.samsung.com/store?Action=DisplayDrcartSummary => https://shop.us.samsung.com/store?Action=DisplayDrcartSummary: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://secureus.samsung.com/ => https://secureus.samsung.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://shop.us.samsung.com/ => https://shop.us.samsung.com/: (60, 'SSL certificate problem: certificate has expired')
 
 	Other Samsung rulesets:
 
@@ -17,7 +16,6 @@ Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.
 		- Samsung_Fire.xml
 		- Samsung_Knox.xml
 		- Samsung_mySingle.xml
-		- Samsung_Sem.xml
 		- Samsung_Techwin.xml
 
 	samsungbarbarian.appspot.com
@@ -29,16 +27,17 @@ Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.
 			- help.content *
 			- m		(503, akamai)
 			- origin *
+      - us *
 
 		- (www.)samsungmobilepress.com *
 
 	* Times out
 
 	Problematic domains:
-	
+
 		- samsung.com subdomains:
 
-			- ^		(Too many redirects)
+			- ^		(timeout)
 			- chaton	(akamai)
 			- nmetrics	(mismatched, CN: *.112.2o7.net)
 			- shop.us	(some paths redirect to http)
@@ -64,30 +63,19 @@ Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.
 			- smetrics
 			- secureus
 			- support-cn
-			- us
 
 	Insecure cookies are set for these domains:
 
 		- .samsung.com
 		- apps.samsung.com
 
-	Mixed content:
-
-		- css on link.samsung.com from pub.content.samsung.com *
-
 	* Secured by us
-
-	Not exist:
-		allshareplay.samsung.com
-		chaton.samsung.com
-		img.content.samsung.com
-		pub.content.samsung.com
-		findmymobile2.samsung.com
-		web.samsungchaton.com
 -->
 
-<ruleset name="Samsung.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Samsung.com (partial)">
 
+	<target host="samsung.com" />
+	<target host="www.samsung.com" />
 	<target host="account.samsung.com" />
 		<test url="http://account.samsung.com/membership/service/getServieInfoList.do/" />
 	<target host="cdn.samsung.com" />
@@ -99,36 +87,19 @@ Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.
 	<target host="findmymobile.samsung.com" />
 		<test url="http://findmymobile.samsung.com/img/favicon02.ico/" />
 	<target host="images.samsung.com" />
-		<test url="http://images.samsung.com/" />
-	<target host="link.samsung.com" />
-		<test url="http://link.samsung.com/" />
-	<target host="secureus.samsung.com" />
-		<test url="http://secureus.samsung.com/us/mobile/galaxy-tab/SM-T810NZWEXAR" />
+	<!-- target host="secureus.samsung.com" /-->
 	<target host="smetrics.samsung.com" />
-		<test url="http://smetrics.samsung.com/" />
 	<target host="support-cn.samsung.com" />
 		<test url="http://support-cn.samsung.com/cn/common/css/local_global_common.css" />
-	<target host="us.samsung.com" />
-		<test url="http://us.samsung.com/us/index.jsp" />
-	<target host="shop.us.samsung.com" />
-		<test url="http://shop.us.samsung.com/store?Action=DisplayDrcartSummary" />
-	
-	<rule from="^http://(account|cdn|displaysolutions|help\.content|findmymobile|images|link|secureus|smetrics|support-cn|us|shop\.us)\.samsung\.com/"
-		to="https://$1.samsung.com/" />
-
+	<!-- <target host="us.samsung.com" /> -->
+	<!-- target host="shop.us.samsung.com" /-->
 
 	<target host="nmetrics.samsung.com" />
-	<rule from="^http://nmetrics\.samsung\.com/"
-		to="https://samsung-com.112.2o7.net/" />
 		<test url="http://nmetrics.samsung.com/b/ss/sssamsung4in" />
 
-
 	<target host="opensource.samsung.com" />
 
-	<rule from="^http://opensource\.samsung\.com/" to="https://opensource.samsung.com/" />
-
 	<exclusion pattern="^http://opensource\.samsung\.com/(ajax|community\.do|images|org\.ditchnet\.taglib|popup|scmShowFileRevision|stylesheet|usageStatistics|wikiTreeMessage)?$" />
-		<test url="http://opensource.samsung.com/" />
 		<test url="http://opensource.samsung.com/ajax" />
 		<test url="http://opensource.samsung.com/community.do" />
 		<test url="http://opensource.samsung.com/images" />
@@ -137,7 +108,7 @@ Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.
 		<test url="http://opensource.samsung.com/scmShowFileRevision" />
 		<test url="http://opensource.samsung.com/stylesheet" />
 		<test url="http://opensource.samsung.com/usageStatistics" />
-		<test url="http://opensource.samsung.com/wikiTreeMessage" />	
+		<test url="http://opensource.samsung.com/wikiTreeMessage" />
 
 	<exclusion pattern="^http://opensource\.samsung\.com/reception(\.do)?/$" />
 		<test url="http://opensource.samsung.com/reception/" />
@@ -157,24 +128,12 @@ Non-2xx HTTP code: http://shop.us.samsung.com/ (200) => https://shop.us.samsung.
 		<test url="http://opensource.samsung.com/reception/receptionSub.do" />
 		<test url="http://opensource.samsung.com/reception/receptionSub.do?method=search&amp;searchValue=SM-N9005" />
 
+	<rule from="^http://nmetrics\.samsung\.com/"
+			to="https://samsung-com.112.2o7.net/" />
 
-	<target host="www.samsung.com" />
+	<rule from="^http://samsung\.com/"
+		  	to="https://www.samsung.com/" />
 
-	<exclusion pattern="^http://www\.samsung\.com/$" />
-
-	<!-- Support page FAQ and other features are broken. Also, their i18n is a lie.
-		Github issue: https://github.com/EFForg/https-everywhere/issues/309 -->
-	<!--	MCB : https://www.samsung.com/cn|tw|us|.*/apps/mobile/	-->	
-
-	<rule from="^http://www\.samsung\.com/(.+)\.(css|gif|ico|js|png|svg|woff)$"
-		to="https://www.samsung.com/$1.$2" />
-		<test url="http://www.samsung.com/cn/common/css/home.css" />
-		<test url="http://www.samsung.com/common/next/css/navigation.css" />
-		<test url="http://www.samsung.com/common/img/bg-navigation.gif" />
-		<test url="http://www.samsung.com/common/next/img/favicon.ico" />
-		<test url="http://www.samsung.com/common/js/dist/smg.new.common.min.js" />
-		<test url="http://www.samsung.com/common/img/nav-ir.png" />
-		<test url="http://www.samsung.com/common/img/ico-search.svg" />
-		<test url="http://www.samsung.com/common/next/font/samsungIcon.woff" />
-	
+	<rule from="^http:"
+		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SamsungPortal.com.xml b/src/chrome/content/rules/SamsungPortal.com.xml
new file mode 100644
index 000000000000..c28c4ff268c4
--- /dev/null
+++ b/src/chrome/content/rules/SamsungPortal.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Connection refused:
+		- service.samsungportal.com, equivalent to https://support-us.samsung.com/cyber/recall/washer/e/m_step_1e.jsp
+
+	Invalid certificate:
+		- japan.samsungportal.com, equivalent to rma.samsung.co.jp
+		- narsp.samsungportal.com
+-->
+
+<ruleset name="SamsungPortal.com">
+	<target host="japan.samsungportal.com" />
+	<target host="service.samsungportal.com" />
+
+	<rule from="^http://service\.samsungportal\.com/$"
+		to="https://support-us.samsung.com/cyber/recall/washer/e/m_step_1e.jsp" />
+
+	<rule from="^http://japan\.samsungportal\.com/"
+		to="https://rma.samsung.co.jp/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Apps.xml b/src/chrome/content/rules/Samsung_Apps.xml
index e529abc80949..1a403f503abf 100644
--- a/src/chrome/content/rules/Samsung_Apps.xml
+++ b/src/chrome/content/rules/Samsung_Apps.xml
@@ -1,6 +1,6 @@
 <!--
 	For other Samsung coverage, see Samsung.com.xml.
-	
+
 	Fully covered subdomains:
 
 		- *-odc:
@@ -27,7 +27,7 @@
 			- us-odc
 
 		- mkt-odc
-	
+
 	502:
 		- tv
 
@@ -57,7 +57,7 @@
 		<test url="http://img.samsungapps.com/display/2012/0327/0610/uploadfile_20120327061003463.swf" />
 		<test url="http://img.samsungapps.com/news/1st_winnerlist.xls" />
 		<test url="http://img.samsungapps.com/common/countryList.xml" />
-		
+
 	<exclusion pattern="^http://img\.samsungapps\.com/$" />
 		<test url="http://img.samsungapps.com/" />
 
diff --git a/src/chrome/content/rules/Samsung_Fire.xml b/src/chrome/content/rules/Samsung_Fire.xml
index 8ea643ca3827..e6241e6c87d8 100644
--- a/src/chrome/content/rules/Samsung_Fire.xml
+++ b/src/chrome/content/rules/Samsung_Fire.xml
@@ -25,7 +25,7 @@
 		u
 		us
 		v3
-		
+
 -->
 
 <ruleset name="Samsung_Fire">
diff --git a/src/chrome/content/rules/Samsung_Indiaestore.xml b/src/chrome/content/rules/Samsung_Indiaestore.xml
index 29b80426cc98..86747ef380f7 100644
--- a/src/chrome/content/rules/Samsung_Indiaestore.xml
+++ b/src/chrome/content/rules/Samsung_Indiaestore.xml
@@ -7,11 +7,11 @@ Fetch error: http://www.samsungindiaestore.com/ => https://www.samsungindiaestor
 	For other Samsung coverage, see Samsung.com.xml.
 -->
 
-<ruleset name="Samsung_Indiaestore.com" default_off='failed ruleset test'>
+<ruleset name="Samsung_Indiaestore.com" default_off="failed ruleset test">
 
 	<target host="samsungindiaestore.com" />
 	<target host="www.samsungindiaestore.com" />
-	
+
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Samsung_Sem.xml b/src/chrome/content/rules/Samsung_Sem.xml
deleted file mode 100644
index 1130c47dff25..000000000000
--- a/src/chrome/content/rules/Samsung_Sem.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-
-	For other Samsung coverage, see Samsung.com.xml.
-
-	Mismatch:
-		thesis
-		weblib
-
--->
-
-<ruleset name="Samsung_Sem (partial)">
-
-	<target host="samsungsem.com" />
-	<target host="www.samsungsem.com" />
-	
-	<!--	To fix the check error : Non-2xx HTTP code: http://samsungsem.com/ (200) => https://samsungsem.com/ (403)	-->
-	<rule from="^http://(www\.)?samsungsem\.com/" to="https://www.samsungsem.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Samsung_Techwin.xml b/src/chrome/content/rules/Samsung_Techwin.xml
index af2cf7e92061..80457cfd79f9 100644
--- a/src/chrome/content/rules/Samsung_Techwin.xml
+++ b/src/chrome/content/rules/Samsung_Techwin.xml
@@ -1,6 +1,6 @@
 <!--
 	For other Samsung coverage, see Samsung.com.xml.
-	
+
 	Nonfunctional domains:
 		- (www.)samsungtechwin.com	(to http://www.hanwhatechwin.com/)
 
@@ -22,5 +22,5 @@
 	<!--	https://^ is equal to www, however, http://^ will show 404 error page.	-->
 	<rule from="^http://(www\.)?hanwhatechwin\.co\.kr/"
 		to="https://www.hanwhatechwin.co.kr/" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Samsung_mySingle.xml b/src/chrome/content/rules/Samsung_mySingle.xml
index 35f171bc1f69..38f00fb8b579 100644
--- a/src/chrome/content/rules/Samsung_mySingle.xml
+++ b/src/chrome/content/rules/Samsung_mySingle.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://light.samsung.net/ => https://light.samsung.net/: (28, 'Connection timed out after 20001 milliseconds')
 
 	For other Samsung coverage, see Samsung.com.xml.
-	
+
 	Mismatch:
 		test.cyber.*
 		drm.*
@@ -26,7 +26,7 @@ Fetch error: http://light.samsung.net/ => https://light.samsung.net/: (28, 'Conn
 
 -->
 
-<ruleset name="Samsung_mySingle (partial)" default_off='failed ruleset test'>
+<ruleset name="Samsung_mySingle (partial)" default_off="failed ruleset test">
 
 	<target host="light.samsung.net" />
 	<target host="scsi.sec.samsung.net" />
diff --git a/src/chrome/content/rules/San-Diego-Reader.xml b/src/chrome/content/rules/San-Diego-Reader.xml
index 04a717ed66c6..0d62266f24d9 100644
--- a/src/chrome/content/rules/San-Diego-Reader.xml
+++ b/src/chrome/content/rules/San-Diego-Reader.xml
@@ -10,7 +10,7 @@ Fetch error: http://hummingbird.sandiegoreader.com/ => https://hummingbird.sandi
 		- media.sdreader.com
 
 -->
-<ruleset name="San Diego Reader (partial)" default_off='failed ruleset test'>
+<ruleset name="San Diego Reader (partial)" default_off="failed ruleset test">
 
 	<target host="hummingbird.sandiegoreader.com" />
 
diff --git a/src/chrome/content/rules/San_Francisco_Marathon.xml b/src/chrome/content/rules/San_Francisco_Marathon.xml
index a3bcc3a8f060..073d4ae0041f 100644
--- a/src/chrome/content/rules/San_Francisco_Marathon.xml
+++ b/src/chrome/content/rules/San_Francisco_Marathon.xml
@@ -6,13 +6,13 @@
 -->
 <ruleset name="The San Francisco Marathon (partial)">
 
-	<target host="*.thesfmarathon.com" />
+	<target host="registration.thesfmarathon.com" />
+	<target host="sync.thesfmarathon.com" />
 
 
 	<securecookie host="^registration\.thesfmarathon\.com$" name=".+" />
 
 
-	<rule from="^http://(registration|sync)\.thesfmarathon\.com/"
-		to="https://$1.thesfmarathon.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sanalika.xml b/src/chrome/content/rules/Sanalika.xml
index 5d0f09555cd9..0eb8b3c3cd86 100644
--- a/src/chrome/content/rules/Sanalika.xml
+++ b/src/chrome/content/rules/Sanalika.xml
@@ -6,13 +6,14 @@
 -->
 <ruleset name="Sanalika (partial)">
 
-	<target host="*.sanalika.com" />
+	<target host="cdn4.sanalika.com" />
+	<target host="fb.sanalika.com" />
+	<target host="fs.sanalika.com" />
 
 
 	<securecookie host="^fb\.sanalika\.com$" name=".+" />
 
 
-	<rule from="^http://(cdn4|fb|fs)\.sanalika\.com/"
-		to="https://$1.sanalika.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sandeen.net.xml b/src/chrome/content/rules/Sandeen.net.xml
index 7d693132ea50..8584f3caf70a 100644
--- a/src/chrome/content/rules/Sandeen.net.xml
+++ b/src/chrome/content/rules/Sandeen.net.xml
@@ -12,7 +12,7 @@ Fetch error: http://sandeen.net/ => https://sandeen.net/: (60, 'SSL certificate
 	* Unsecurable
 
 -->
-<ruleset name="Sandeen.net" default_off='failed ruleset test'>
+<ruleset name="Sandeen.net" default_off="failed ruleset test">
 
 	<target host="sandeen.net" />
 	<target host="calendar.sandeen.net" />
diff --git a/src/chrome/content/rules/Sandstorm.de.xml b/src/chrome/content/rules/Sandstorm.de.xml
index d0f5dfdddf9e..cf621d005fa7 100644
--- a/src/chrome/content/rules/Sandstorm.de.xml
+++ b/src/chrome/content/rules/Sandstorm.de.xml
@@ -3,7 +3,7 @@
 
 		- Sandstorm-Media.de.xml
 
-		- 
+		-
 	* www.sandstorm.de: Redirects to activecollab.sandstorm.de
 
 
diff --git a/src/chrome/content/rules/Sanitarium.se.xml b/src/chrome/content/rules/Sanitarium.se.xml
index dfab4d66c64d..fd42d2a4ef58 100644
--- a/src/chrome/content/rules/Sanitarium.se.xml
+++ b/src/chrome/content/rules/Sanitarium.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sanitarium.se/ => https://sanitarium.se/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.sanitarium.se/ => https://sanitarium.se/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Sanitarium.se" default_off='failed ruleset test'>
+<ruleset name="Sanitarium.se" default_off="failed ruleset test">
 	<target host="sanitarium.se" />
 	<target host="www.sanitarium.se" />
 	<rule from="^http://sanitarium\.se/" to="https://sanitarium.se/"/>
diff --git a/src/chrome/content/rules/Sankaty_Advisors.xml b/src/chrome/content/rules/Sankaty_Advisors.xml
index 7e1a0d78e1d6..729492c0b07b 100644
--- a/src/chrome/content/rules/Sankaty_Advisors.xml
+++ b/src/chrome/content/rules/Sankaty_Advisors.xml
@@ -1,7 +1,7 @@
 <ruleset name="Sankaty Advisors">
 
 	<target host="sankaty.com" />
-	<target host="*.sankaty.com" />
+	<target host="www.sankaty.com" />
 	<target host="sankatyadvisors.com" />
 	<target host="www.sankatyadvisors.com" />
 
@@ -9,8 +9,6 @@
 	<securecookie host="^(?:.*\.)?sankaty\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?sankaty\.com/"
-		to="https://$1sankaty.com/" />
 
 	<!--	Redirects to sankaty.com over
 		http, so copy that behavior:
@@ -18,4 +16,5 @@
 	<rule from="^http://(?:www\.)?sankatyadvisors\.com/"
 		to="https://www.sankaty.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sanoma.com.xml b/src/chrome/content/rules/Sanoma.com.xml
index c1237f9c6c83..d170aaa19ede 100644
--- a/src/chrome/content/rules/Sanoma.com.xml
+++ b/src/chrome/content/rules/Sanoma.com.xml
@@ -6,7 +6,6 @@
 
 		- Sanoma.fi
 		- sanomakauppa.fi.xml
-		- SEstatic.fi.xml
 		- SNstatic.fi.xml
 
 
diff --git a/src/chrome/content/rules/Santa_Clara_University-problematic.xml b/src/chrome/content/rules/Santa_Clara_University-problematic.xml
index 2f4db0b7abfa..26e2de8681c5 100644
--- a/src/chrome/content/rules/Santa_Clara_University-problematic.xml
+++ b/src/chrome/content/rules/Santa_Clara_University-problematic.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Santander.co.uk.xml b/src/chrome/content/rules/Santander.co.uk.xml
index cb3b0d329d87..3c21351ac435 100644
--- a/src/chrome/content/rules/Santander.co.uk.xml
+++ b/src/chrome/content/rules/Santander.co.uk.xml
@@ -8,7 +8,6 @@ Fetch error: http://santander.co.uk/ => https://www.santander.co.uk/: Cycle dete
 	Other Santander rulesets:
 
 		- International_Payments.co.uk.xml
-		- Santander_BillPayment.co.uk.xml
 
 
 	Nonfunctional subdomains:
@@ -61,7 +60,7 @@ Fetch error: http://santander.co.uk/ => https://www.santander.co.uk/: Cycle dete
 	* Secured by us
 
 -->
-<ruleset name="Santander.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Santander.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="santander.co.uk" />
 	<target host="*.santander.co.uk" />
@@ -85,4 +84,4 @@ Fetch error: http://santander.co.uk/ => https://www.santander.co.uk/: Cycle dete
 	<rule from="^http://products\.santander\.co\.uk/.*"
 		to="https://www.santander.co.uk/" />
 
-</ruleset> 
+</ruleset>
diff --git a/src/chrome/content/rules/Santander_BillPayment.co.uk.xml b/src/chrome/content/rules/Santander_BillPayment.co.uk.xml
deleted file mode 100644
index 89f5deb309e2..000000000000
--- a/src/chrome/content/rules/Santander_BillPayment.co.uk.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	For other Santander coverage, see Santander.co.uk.xml.
-
-
-	^santanderbillpayment.co.uk: Dropped
-
-
-	STS header includes includeSubdomains
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.santanderbillpayment.co.uk
-
--->
-<ruleset name="Santander BillPayment.co.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="*.santanderbillpayment.co.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="santanderbillpayment.co.uk" />
-
-		<test url="http://www.santanderbillpayment.co.uk/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.santanderbillpayment\.co\.uk$" name="^BIGipServer" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<!--	Redirect drops path but not args:
-							-->
-	<rule from="^http://santanderbillpayment\.co\.uk/+\??$"
-		to="https://www.santanderbillpayment.co.uk/" />
-
-		<test url="http://santanderbillpayment.co.uk/?" />
-
-	<rule from="^http://santanderbillpayment\.co\.uk/[^?]*"
-		to="https://www.santanderbillpayment.co.uk/" />
-
-		<test url="http://santanderbillpayment.co.uk/default.aspx" />
-		<test url="http://santanderbillpayment.co.uk/index.htm" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sapphire_Forum.com.xml b/src/chrome/content/rules/Sapphire_Forum.com.xml
index 72d0cff61cb7..75c97346d0bc 100644
--- a/src/chrome/content/rules/Sapphire_Forum.com.xml
+++ b/src/chrome/content/rules/Sapphire_Forum.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sapphireforum.com/ => https://sapphireforum.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Sapphire Forum.com" default_off='failed ruleset test'>
+<ruleset name="Sapphire Forum.com" default_off="failed ruleset test">
 
 	<target host="sapphireforum.com" />
 	<target host="www.sapphireforum.com" />
diff --git a/src/chrome/content/rules/Sarava.org.xml b/src/chrome/content/rules/Sarava.org.xml
index 6c96f808e9cc..7891dbc69cf5 100644
--- a/src/chrome/content/rules/Sarava.org.xml
+++ b/src/chrome/content/rules/Sarava.org.xml
@@ -43,10 +43,31 @@ Fetch error: http://sarava.org/ => https://sarava.org/: (28, 'Connection timed o
 		- anotador
 
 -->
-<ruleset name="Sarava.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Sarava.org (partial)" default_off="failed ruleset test">
 
 	<target host="sarava.org" />
-	<target host="*.sarava.org" />
+	<target host="agendador.sarava.org" />
+	<target host="anotador.sarava.org" />
+	<target host="calendario.sarava.org" />
+	<target host="colador.sarava.org" />
+	<target host="e.sarava.org" />
+	<target host="escritorio.sarava.org" />
+	<target host="git.sarava.org" />
+	<target host="irc.sarava.org" />
+	<target host="keyringer.sarava.org" />
+	<target host="lembrador.sarava.org" />
+	<target host="manual.sarava.org" />
+	<target host="padrao.sarava.org" />
+	<target host="policy.sarava.org" />
+	<target host="protocolos.sarava.org" />
+	<target host="rectech.sarava.org" />
+	<target host="rhatto.sarava.org" />
+	<target host="rsp.sarava.org" />
+	<target host="seguranca.sarava.org" />
+	<target host="sit.sarava.org" />
+	<target host="sit2012.sarava.org" />
+	<target host="wiki.sarava.org" />
+	<target host="www.sarava.org" />
 
 
 	<!--	Not secured by server:
@@ -57,7 +78,6 @@ Fetch error: http://sarava.org/ => https://sarava.org/: (28, 'Connection timed o
 	<securecookie host=".*\.sarava\.org$" name=".+" />
 
 
-	<rule from="^http://((?:agendador|anotador|calendario|colador|e|escritorio|git|irc|keyringer|lembrador|manual|padrao|policy|protocolos|rectech|rhatto|rsp|seguranca|sit|sit2012|wiki|www)\.)?sarava\.org/"
-		to="https://$1sarava.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sarenza.xml b/src/chrome/content/rules/Sarenza.xml
index ebedba4fab1f..0a23e56f87a6 100644
--- a/src/chrome/content/rules/Sarenza.xml
+++ b/src/chrome/content/rules/Sarenza.xml
@@ -31,11 +31,10 @@
 <ruleset name="Sarenza (partial)">
 
 	<target host="eulerian.sarenza.com" />
-	<target host="*.sarenza.net" />
+	<target host="azure.sarenza.net" />
+	<target host="static1.sarenza.net" />
 
 
-	<rule from="^http://eulerian\.sarenza\.com/"
-		to="https://eulerian.sarenza.com/" />
 
 	<rule from="^http://azure\.sarenza\.net/"
 		to="https://az104596.vo.msecnd.net/" />
@@ -43,4 +42,5 @@
 	<rule from="^http://static1\.sarenza\.net/"
 		to="https://az104596.vo.msecnd.net/static/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sashe.sk.xml b/src/chrome/content/rules/Sashe.sk.xml
new file mode 100644
index 000000000000..325e549ec1ad
--- /dev/null
+++ b/src/chrome/content/rules/Sashe.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sashe.sk">
+	<target host="sashe.sk" />
+	<target host="www.sashe.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sass-lang.com.xml b/src/chrome/content/rules/Sass-lang.com.xml
new file mode 100644
index 000000000000..dbd9b90693f3
--- /dev/null
+++ b/src/chrome/content/rules/Sass-lang.com.xml
@@ -0,0 +1,13 @@
+<!--
+	SSL protocol error:
+		- staging.sass-lang.com
+
+	Mismatched:
+		- blog.sass-lang.com
+-->
+<ruleset name="Sass-lang.com">
+	<target host="sass-lang.com" />
+	<target host="www.sass-lang.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sauce_Labs.xml b/src/chrome/content/rules/Sauce_Labs.xml
deleted file mode 100644
index 5cf03911b623..000000000000
--- a/src/chrome/content/rules/Sauce_Labs.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Sauce Labs">
-
-	<target host="saucelabs.com" />
-	<target host="www.saucelabs.com" />
-
-
-	<securecookie host="^saucelabs\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Saucony.com.au.xml b/src/chrome/content/rules/Saucony.com.au.xml
new file mode 100644
index 000000000000..d5b4de6d22a5
--- /dev/null
+++ b/src/chrome/content/rules/Saucony.com.au.xml
@@ -0,0 +1,12 @@
+<!--
+	Connection refused:
+		- autodiscover.saucony.com.au
+-->
+
+<ruleset name="Saucony.com.au">
+	<target host="saucony.com.au" />
+	<target host="www.saucony.com.au" />
+	<target host="help.saucony.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SaucyTime.com.xml b/src/chrome/content/rules/SaucyTime.com.xml
index 7580bd27201d..9b5fc81a0f01 100644
--- a/src/chrome/content/rules/SaucyTime.com.xml
+++ b/src/chrome/content/rules/SaucyTime.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://saucytime.com/ => https://www.saucytime.com/: (60, 'SSL cert
 		- www.saucytime.com
 
 -->
-<ruleset name="SaucyTime.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SaucyTime.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SaudiAirlines.xml b/src/chrome/content/rules/SaudiAirlines.xml
index ed4eaf5b434a..42c08e186cf1 100644
--- a/src/chrome/content/rules/SaudiAirlines.xml
+++ b/src/chrome/content/rules/SaudiAirlines.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bookonline.saudiairlines.com/ => https://bookonline.saudiairlines.com/: (6, 'Could not resolve host: bookonline.saudiairlines.com')
 
 -->
-<ruleset name="Saudia Airlines (partial)" default_off='failed ruleset test'>
+<ruleset name="Saudia Airlines (partial)" default_off="failed ruleset test">
 	<target host="bookonline.saudiairlines.com"/>
 	<target host="www.bookonline.saudiairlines.com"/>
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/SaudiGovernment.xml b/src/chrome/content/rules/SaudiGovernment.xml
index 0f4fe0aa2e5a..cc2f98e38974 100644
--- a/src/chrome/content/rules/SaudiGovernment.xml
+++ b/src/chrome/content/rules/SaudiGovernment.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.pv.gov.sa/ => https://www.pv.gov.sa/: (28, 'Connection t
 Fetch error: http://mol.gov.sa/ => https://mol.gov.sa/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 Fetch error: http://www.mol.gov.sa/ => https://mol.gov.sa/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 -->
-<ruleset name="Saudi Government" default_off='failed ruleset test'>
+<ruleset name="Saudi Government" default_off="failed ruleset test">
   <target host="pv.gov.sa" />
   <target host="www.pv.gov.sa" />
   <target host="saudi.gov.sa" />
diff --git a/src/chrome/content/rules/Saurik.xml b/src/chrome/content/rules/Saurik.xml
index d17b5b8d5ecd..4284a2a82c99 100644
--- a/src/chrome/content/rules/Saurik.xml
+++ b/src/chrome/content/rules/Saurik.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SaveDeo.com.xml b/src/chrome/content/rules/SaveDeo.com.xml
index 7cb6764c5b2c..3e248e1a7439 100644
--- a/src/chrome/content/rules/SaveDeo.com.xml
+++ b/src/chrome/content/rules/SaveDeo.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.savedeo.com/ => https://www.savedeo.com/: (51, "SSL: no
 		- www.savedeo.com
 
 -->
-<ruleset name="SaveDeo.com" default_off='failed ruleset test'>
+<ruleset name="SaveDeo.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SaveTheChildren.org.uk.xml b/src/chrome/content/rules/SaveTheChildren.org.uk.xml
new file mode 100644
index 000000000000..2f5dad15c842
--- /dev/null
+++ b/src/chrome/content/rules/SaveTheChildren.org.uk.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional hosts
+		Timeout:
+		- savethechildren.org.uk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- brand.savethechildren.org.uk
+-->
+<ruleset name="Save the Children.org.uk (partial)">
+	<target host="savethechildren.org.uk" />
+	<target host="www.savethechildren.org.uk" />
+	<target host="blogs.savethechildren.org.uk" />
+	<target host="secure.savethechildren.org.uk" />
+	<target host="shop.savethechildren.org.uk" />
+	<target host="stories.savethechildren.org.uk" />
+	<target host="thankyou.savethechildren.org.uk" />
+	<target host="volunteer.savethechildren.org.uk" />
+
+	<rule from="^http://savethechildren\.org\.uk/"
+		to="https://www.savethechildren.org.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Save_the_Children.org.uk-falsemixed.xml b/src/chrome/content/rules/Save_the_Children.org.uk-falsemixed.xml
deleted file mode 100644
index 6125e951d495..000000000000
--- a/src/chrome/content/rules/Save_the_Children.org.uk-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Save_the_Children.org.uk.xml.
-
--->
-<ruleset name="Save the Children.org.uk (false MCB)" platform="mixedcontent">
-
-	<target host="savethechildren.org.uk" />
-	<target host="blogs.savethechildren.org.uk" />
-	<target host="www.savethechildren.org.uk" />
-
-
-	<rule from="^http://(?:www\.)?savethechildren\.org\.uk/"
-		to="https://www.savethechildren.org.uk/" />
-
-	<rule from="^http://blogs\.savethechildren\.org\.uk/"
-		to="https://blogs.savethechildren.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Save_the_Children.org.uk.xml b/src/chrome/content/rules/Save_the_Children.org.uk.xml
deleted file mode 100644
index 8defada0add6..000000000000
--- a/src/chrome/content/rules/Save_the_Children.org.uk.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Save_the_Children.org.uk-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- ecards *
-
-	* Refused
-
-
-	^: refused
-
-
-	Mixed content:
-
-		- css, on:
-
-			- blogs from www *
-			- www from $self *
-
-		- Images, on:
-
-			- blogs from $self *
-			- shop from www *
-			- www from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Save the Children.org.uk (partial)">
-
-	<target host="savethechildren.org.uk" />
-	<target host="*.savethechildren.org.uk" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?savethechildren\.org\.uk/+(?!donate/*($|\?)|favicon\.ico|modules/|sites/)" /-->
-		<exclusion pattern="^http://blogs\.savethechildren\.org\.uk/+(?!shared/|wp-content/|wp-includes/)" />
-		<!--exclusion pattern="^http://ecards\.savethechildren\.org\.uk/" /-->
-
-
-	<rule from="^http://(?:www\.)?savethechildren\.org\.uk/(?=donate/*(?:$|\?)|favicon\.ico|modules/|sites/)"
-		to="https://www.savethechildren.org.uk/" />
-
-	<rule from="^http://(blogs|secure|shop)\.savethechildren\.org\.uk/"
-		to="https://$1.savethechildren.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Saveyourinternet.eu.xml b/src/chrome/content/rules/Saveyourinternet.eu.xml
new file mode 100644
index 000000000000..0fc6ac574b8f
--- /dev/null
+++ b/src/chrome/content/rules/Saveyourinternet.eu.xml
@@ -0,0 +1,35 @@
+<ruleset name="Saveyourinternet.eu">
+	<target host="saveyourinternet.eu" />
+	<target host="www.saveyourinternet.eu" />
+	<target host="at.saveyourinternet.eu" />
+	<target host="be.saveyourinternet.eu" />
+	<target host="bg.saveyourinternet.eu" />
+	<target host="cy.saveyourinternet.eu" />
+	<target host="cz.saveyourinternet.eu" />
+	<target host="de.saveyourinternet.eu" />
+	<target host="dk.saveyourinternet.eu" />
+	<target host="ee.saveyourinternet.eu" />
+	<target host="es.saveyourinternet.eu" />
+	<target host="fi.saveyourinternet.eu" />
+	<target host="fr.saveyourinternet.eu" />
+	<target host="gr.saveyourinternet.eu" />
+	<target host="hr.saveyourinternet.eu" />
+	<target host="hu.saveyourinternet.eu" />
+	<target host="ie.saveyourinternet.eu" />
+	<target host="it.saveyourinternet.eu" />
+	<target host="lt.saveyourinternet.eu" />
+	<target host="lu.saveyourinternet.eu" />
+	<target host="lv.saveyourinternet.eu" />
+	<target host="mt.saveyourinternet.eu" />
+	<target host="nl.saveyourinternet.eu" />
+	<target host="pl.saveyourinternet.eu" />
+	<target host="pt.saveyourinternet.eu" />
+	<target host="ro.saveyourinternet.eu" />
+	<target host="se.saveyourinternet.eu" />
+	<target host="si.saveyourinternet.eu" />
+	<target host="sk.saveyourinternet.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SavvyHawk.com.xml b/src/chrome/content/rules/SavvyHawk.com.xml
index 5b8f45625b16..b7502063db5d 100644
--- a/src/chrome/content/rules/SavvyHawk.com.xml
+++ b/src/chrome/content/rules/SavvyHawk.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://savvyhawk.com/ => https://savvyhawk.com/: (51, "SSL: no alternative certificate subject name matches target host name 'savvyhawk.com'")
 Fetch error: http://www.savvyhawk.com/ => https://www.savvyhawk.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.savvyhawk.com'")
 -->
-<ruleset name="SavvyHawk.com" default_off='failed ruleset test'>
+<ruleset name="SavvyHawk.com" default_off="failed ruleset test">
 
 	<target host="savvyhawk.com" />
 	<target host="www.savvyhawk.com" />
diff --git a/src/chrome/content/rules/SavvySME.xml b/src/chrome/content/rules/SavvySME.xml
index 2f3767fa9f25..30f0c08ef78d 100644
--- a/src/chrome/content/rules/SavvySME.xml
+++ b/src/chrome/content/rules/SavvySME.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sberbank_of_Russia.xml b/src/chrome/content/rules/Sberbank_of_Russia.xml
deleted file mode 100644
index e0f44a880d99..000000000000
--- a/src/chrome/content/rules/Sberbank_of_Russia.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ok.sberbank.ru/ => https://ok.sberbank.ru/: (28, 'Connection timed out after 20000 milliseconds')
-
-	Mismatch:
-		- pvb.sbrf.ru
-		- beta.sberbank.ru
--->
-<ruleset name="Sberbank of Russia" default_off='failed ruleset test'>
-	<target host="sbrf.ru" />
-	<target host="www.sbrf.ru" />
-	<target host="sberbank.ru" />
-	<target host="www.sberbank.ru" />
-	<target host="ok.sberbank.ru" />
-	<target host="online.sberbank.ru" />
-	<target host="sbi.sberbank.ru" />
-
-	<test url="http://sbi.sberbank.ru:9443/" />
-	<test url="https://sbi.sberbank.ru/" />
-
-	<rule from="^http://sbi\.sberbank\.ru(:9443)?/"
-		to="https://sbi.sberbank.ru:9443/" />
-	<rule from="^https://sbi\.sberbank\.ru/"
-		to="https://sbi.sberbank.ru:9443/" />
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ScMagazineUS.com.xml b/src/chrome/content/rules/ScMagazineUS.com.xml
index 080802a7e097..679c954053b6 100644
--- a/src/chrome/content/rules/ScMagazineUS.com.xml
+++ b/src/chrome/content/rules/ScMagazineUS.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.scmagazineus.com/ => https://www.scmagazineus.com/: (28,
 	* CN: *.hs.llnwd.net, 400.
 
 -->
-<ruleset name="ScMagazineUS.com" default_off='failed ruleset test'>
+<ruleset name="ScMagazineUS.com" default_off="failed ruleset test">
 
 	<target host="scmagazineus.com" />
 	<target host="www.scmagazineus.com" />
@@ -31,4 +31,4 @@ Fetch error: http://www.scmagazineus.com/ => https://www.scmagazineus.com/: (28,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scala-lang.org.xml b/src/chrome/content/rules/Scala-lang.org.xml
new file mode 100644
index 000000000000..84a8142cc304
--- /dev/null
+++ b/src/chrome/content/rules/Scala-lang.org.xml
@@ -0,0 +1,31 @@
+<!--
+	Nonfunctional hosts in *.scala-lang.org:
+		- codereview.scala-lang.org (d)
+		- days2010.scala-lang.org (i)
+		- days2011.scala-lang.org (i)
+		- days2012.scala-lang.org (i)
+
+	d: different content
+	h: http redirect
+	i: incomplete certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Scala-lang.org">
+	<target host="scala-lang.org" />
+	<target host="www.scala-lang.org" />
+	<target host="contributors.scala-lang.org" />
+	<target host="docs.scala-lang.org" />
+	<target host="index.scala-lang.org" />
+	<target host="issues.scala-lang.org" />
+	<target host="packages.scala-lang.org" />
+	<target host="platform.scala-lang.org" />
+	<target host="scaladex.scala-lang.org" />
+	<target host="scastie.scala-lang.org" />
+	<target host="users.scala-lang.org" />
+	<target host="wiki.scala-lang.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scale-Engine.xml b/src/chrome/content/rules/Scale-Engine.xml
index 6fbe2eef5528..af579a811c6f 100644
--- a/src/chrome/content/rules/Scale-Engine.xml
+++ b/src/chrome/content/rules/Scale-Engine.xml
@@ -12,7 +12,7 @@ Fetch error: http://scaleengine.com/ => https://scaleengine.com/: (60, 'SSL cert
 		- \w+.cdn.scaleengine.net	(CDN; redirects to www.scaleengine.com, depth mismatched)
 
 -->
-<ruleset name="Scale Engine (partial)" default_off='failed ruleset test'>
+<ruleset name="Scale Engine (partial)" default_off="failed ruleset test">
 
 	<target host="scaleengine.com" />
 	<target host="www.scaleengine.com" />
diff --git a/src/chrome/content/rules/Scaling_Bitcoin.org.xml b/src/chrome/content/rules/Scaling_Bitcoin.org.xml
index 30bb09dd4cec..a6c4249664cb 100644
--- a/src/chrome/content/rules/Scaling_Bitcoin.org.xml
+++ b/src/chrome/content/rules/Scaling_Bitcoin.org.xml
@@ -9,7 +9,7 @@ Non-2xx HTTP code: http://www.scalingbitcoin.org/ (200) => https://www.scalingbi
 		- www.scalingbitcoin.org
 
 -->
-<ruleset name="Scaling Bitcoin.org" default_off='failed ruleset test'>
+<ruleset name="Scaling Bitcoin.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Scanadu.com.xml b/src/chrome/content/rules/Scanadu.com.xml
index 0391075db942..723d26995fe5 100644
--- a/src/chrome/content/rules/Scanadu.com.xml
+++ b/src/chrome/content/rules/Scanadu.com.xml
@@ -35,4 +35,4 @@
 	<rule from="^http://indiegogo-artwork\.scanadu\.com/"
 		to="https://d229l50b5obo41.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scania.xml b/src/chrome/content/rules/Scania.xml
index 8426be2add5a..9e3a79e099ab 100644
--- a/src/chrome/content/rules/Scania.xml
+++ b/src/chrome/content/rules/Scania.xml
@@ -14,10 +14,10 @@
 	<target host="*.scania.com" />
 
 
-	<securecookie host="^.+\.scania\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(static|webapp\d+|www4)\.scania\.com/"
 		to="https://$1.scania.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scanmarker.xml b/src/chrome/content/rules/Scanmarker.xml
index 82c5802e9040..ba79715343b6 100644
--- a/src/chrome/content/rules/Scanmarker.xml
+++ b/src/chrome/content/rules/Scanmarker.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scanning_Pens.co.uk.xml b/src/chrome/content/rules/Scanning_Pens.co.uk.xml
index 89051b0ff76c..05e57e4de9df 100644
--- a/src/chrome/content/rules/Scanning_Pens.co.uk.xml
+++ b/src/chrome/content/rules/Scanning_Pens.co.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.scanningpens.co.uk/ => https://www.scanningpens.co.uk/:
 Disabled by https-everywhere-checker because:
 Fetch error: http://scanningpens.co.uk/ => https://scanningpens.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'scanningpens.co.uk'")
 -->
-<ruleset name="Scanning Pens.co.uk" default_off='failed ruleset test'>
+<ruleset name="Scanning Pens.co.uk" default_off="failed ruleset test">
 
 	<target host="scanningpens.co.uk" />
 	<target host="www.scanningpens.co.uk" />
diff --git a/src/chrome/content/rules/Scanscout.com.xml b/src/chrome/content/rules/Scanscout.com.xml
index 0954af18b8f5..22c72dd977bc 100644
--- a/src/chrome/content/rules/Scanscout.com.xml
+++ b/src/chrome/content/rules/Scanscout.com.xml
@@ -39,7 +39,7 @@ Fetch error: http://dt.scanscout.com/ => https://dt.scanscout.com/: (60, 'SSL ce
 	dt serves web bugs.
 
 -->
-<ruleset name="scanscout.com" default_off='failed ruleset test'>
+<ruleset name="scanscout.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sccassessor.org.xml b/src/chrome/content/rules/Sccassessor.org.xml
index c5d7fa512254..e185197093bd 100644
--- a/src/chrome/content/rules/Sccassessor.org.xml
+++ b/src/chrome/content/rules/Sccassessor.org.xml
@@ -24,4 +24,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sccgov.org.xml b/src/chrome/content/rules/Sccgov.org.xml
index 20dc0ebb7ff4..0731af27bc59 100644
--- a/src/chrome/content/rules/Sccgov.org.xml
+++ b/src/chrome/content/rules/Sccgov.org.xml
@@ -66,4 +66,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scene7.xml b/src/chrome/content/rules/Scene7.xml
index c8f787c64242..eb5199b2f965 100644
--- a/src/chrome/content/rules/Scene7.xml
+++ b/src/chrome/content/rules/Scene7.xml
@@ -1,48 +1,659 @@
 <!--
 	For other Adobe coverage, see Adobe.xml.
 
-
 	CDN buckets:
+		- a248.e.akamai.net/f/248/9086/10h/[subdomain].scene7.com/
 
-		- a248.e.akamai.net/f/248/9086/10h/origin-g3.scene7.com/
+	Invalid certificate:
+		- www.scene7.com, equivalent to https://www.adobe.com/products/scene7.html
+		- aa.scene7.com
+		- alexandermcqueen.scene7.com
+		- anntaylor.scene7.com
+		- artigiano.scene7.com
+		- asics.scene7.com
+		- balenciaga.scene7.com
+		- benesse.scene7.com
+		- bleucerise.scene7.com
+		- castorama.scene7.com
+		- chm.scene7.com
+		- christies.scene7.com
+		- crc.scene7.com
+		- demo.scene7.com
+		- desigual.scene7.com
+		- elfa.scene7.com
+		- elkjop.scene7.com
+		- gtm-l1.emea.scene7.com
+		- origin-g3.emea.scene7.com
+		- origin-g4.emea.scene7.com
+		- origin-g8.emea.scene7.com
+		- s7fmisg.emea.scene7.com
+		- s7sps3.emea.scene7.com
+		- s7ugc3.emea.scene7.com
+		- findel.scene7.com
+		- gg.scene7.com
+		- ghdemo.scene7.com
+		- gtm-e1.scene7.com
+		- gtm-l1.scene7.com
+		- gtm-n1.scene7.com
+		- hanna.scene7.com
+		- henryschein.scene7.com
+		- hongkong.scene7.com
+		- kawala.scene7.com
+		- kentaur.scene7.com
+		- kipling.scene7.com
+		- lakeland.scene7.com
+		- lancaster.scene7.com
+		- lorealdpp.scene7.com
+		- maskworld.scene7.com
+		- macys-o.na.scene7.com
+		- origin-na1.na.scene7.com
+		- origin-na2.na.scene7.com
+		- origin-na3.na.scene7.com
+		- origin-na4.na.scene7.com
+		- origin-na5.na.scene7.com
+		- origin-na9.na.scene7.com
+		- provide-o.na.scene7.com
+		- philipsconsumer.scene7.com
+		- quickstep.scene7.com
+		- rollingrock.scene7.com
+		- s7adminui1.scene7.com
+		- s7d12.scene7.com
+		- s7d14.scene7.com
+		- s7d15.scene7.com
+		- s7d16.scene7.com
+		- s7e2a.scene7.com
+		- s7ftp2.scene7.com
+		- s7g11.scene7.com
+		- s7g12.scene7.com
+		- s7g13.scene7.com
+		- s7g14.scene7.com
+		- s7g15.scene7.com
+		- s7g16.scene7.com
+		- s7mailap1.scene7.com
+		- s7mailemea1.scene7.com
+		- s7mailemea3.scene7.com
+		- s7maillon6.scene7.com
+		- s7mailna1.scene7.com
+		- s7mds1.scene7.com
+		- s7ondemand2.scene7.com
+		- s7ondemand3.scene7.com
+		- s7report1.scene7.com
+		- s7sps1api.scene7.com
+		- s7sps1apissl-demo.scene7.com
+		- s7sps2.scene7.com
+		- s7sps2api.scene7.com
+		- s7sps3api.scene7.com
+		- s7ugc2.scene7.com
+		- s7ugc3.scene7.com
+		- s7v3.scene7.com
+		- sample.scene7.com
+		- samsungsecurepreview.scene7.com
+		- selfridgesretaillimited.scene7.com
+		- showroomprive.scene7.com
+		- spacenk.scene7.com
+		- sportthieme.scene7.com
+		- test-g4.scene7.com
+		- trigema.scene7.com
 
+	Timeout:
+		s7demo.scene7.com
+		s7sps1apissl1.scene7.com
+		s7sps7apissl.scene7.com
+		s7sps7ssl.scene7.com
+		trial.scene7.com
 
 	Problematic subdomains:
-
-		- ^		(mismatched, CN: www.adobe.com)
-		- www		(akamai)
-		- s7mbrstream	(breaks embedded video, cf https://github.com/EFForg/https-everywhere/issues/2430)
-
+		- s7mbrstream.scene7.com, breaks embedded video, see https://github.com/EFForg/https-everywhere/issues/2430
 -->
-<ruleset name="Scene7.com">
-
-	<target host="scene7.com" />
+<ruleset name="Scene7">
 	<target host="www.scene7.com" />
-
-	<rule from="^http://(?:www\.)?scene7\.com/[^?]*"
-		to="https://www.adobe.com/products/scene7.html" />
-	
+	<target host="4m.scene7.com" />
+	<target host="actionenvelope.scene7.com" />
+	<target host="actionenvelope2.scene7.com" />
+	<target host="actionenvelope3.scene7.com" />
+	<target host="actionenvelopew2p.scene7.com" />
+	<target host="acushnet.scene7.com" />
+	<target host="adesa.scene7.com" />
+	<target host="adidasagw2p.scene7.com" />
+	<target host="aeo-o.scene7.com" />
+	<target host="albamoda.scene7.com" />
+	<target host="alinea.scene7.com" />
+	<target host="anf.scene7.com" />
+	<target host="anf-akamai.scene7.com" />
+	<target host="anf-assets1.scene7.com" />
+	<target host="anf-assets2.scene7.com" />
+	<target host="annieselke.scene7.com" />
+	<target host="argos.scene7.com" />
+	<target host="aritzia.scene7.com" />
+	<target host="armaniexchange.scene7.com" />
+	<target host="asda.scene7.com" />
+	<target host="asf.scene7.com" />
+	<target host="ashleyfurniture.scene7.com" />
+	<target host="asi.scene7.com" />
+	<target host="bank.scene7.com" />
+	<target host="basicinvite.scene7.com" />
+	<target host="basspro.scene7.com" />
+	<target host="baudville.scene7.com" />
+	<target host="baur.scene7.com" />
+	<target host="bcube.scene7.com" />
+	<target host="belk.scene7.com" />
+	<target host="bench.scene7.com" />
+	<target host="benchmarx-kitchens.scene7.com" />
+	<target host="bergdorfgoodman.scene7.com" />
+	<target host="berne.scene7.com" />
+	<target host="bevego.scene7.com" />
+	<target host="bf.scene7.com" />
+	<target host="bicgraphic.scene7.com" />
+	<target host="bigdotofhappiness.scene7.com" />
+	<target host="bjornborg.scene7.com" />
+	<target host="bkstr.scene7.com" />
+	<target host="bluetomato.scene7.com" />
+	<target host="bmdmedia.scene7.com" />
+	<target host="bmw.scene7.com" />
+	<target host="bonton.scene7.com" />
+	<target host="boombah.scene7.com" />
+	<target host="boots.scene7.com" />
+	<target host="bose.scene7.com" />
+	<target host="boulanger.scene7.com" />
+	<target host="brita.scene7.com" />
+	<target host="britachina.scene7.com" />
+	<target host="brooksbrothers.scene7.com" />
+	<target host="buffalo.scene7.com" />
+	<target host="burberry.scene7.com" />
+	<target host="burberryltd.scene7.com" />
+	<target host="buttinette.scene7.com" />
+	<target host="cabelas.scene7.com" />
+	<target host="calphalon.scene7.com" />
+	<target host="calvinklein.scene7.com" />
+	<target host="calvinklein-eu.scene7.com" />
+	<target host="canadiantire.scene7.com" />
+	<target host="cardinalhealth.scene7.com" />
+	<target host="caterpillar.scene7.com" />
+	<target host="catherines.scene7.com" />
+	<target host="cb2.scene7.com" />
+	<target host="ccf.scene7.com" />
+	<target host="celine.scene7.com" />
+	<target host="cenpac.scene7.com" />
+	<target host="certeo.scene7.com" />
+	<target host="chainreactioncycles.scene7.com" />
+	<target host="charlesvoegele.scene7.com" />
+	<target host="charming-o.scene7.com" />
+	<target host="christ.scene7.com" />
+	<target host="city-plumbing-supplies.scene7.com" />
+	<target host="cityfurniture.scene7.com" />
+	<target host="cityparfuemerie.scene7.com" />
+	<target host="coach.scene7.com" />
+	<target host="codsk.scene7.com" />
+	<target host="coeur.scene7.com" />
+	<target host="cofel.scene7.com" />
+	<target host="coin.scene7.com" />
+	<target host="companyc.scene7.com" />
+	<target host="cookielee.scene7.com" />
+	<target host="cornerstonerender.scene7.com" />
+	<target host="covidien.scene7.com" />
+	<target host="cpw-2.scene7.com" />
+	<target host="creditsuisse.scene7.com" />
+	<target host="crestbridge.scene7.com" />
+	<target host="crown.scene7.com" />
+	<target host="curvissa.scene7.com" />
+	<target host="cwonder.scene7.com" />
+	<target host="cyberport.scene7.com" />
+	<target host="daikyorealdo.scene7.com" />
+	<target host="dartagnan.scene7.com" />
+	<target host="debenhams.scene7.com" />
+	<target host="decor.scene7.com" />
+	<target host="deerberg.scene7.com" />
+	<target host="deichmann.scene7.com" />
+	<target host="dell-o.scene7.com" />
+	<target host="dfc.scene7.com" />
+	<target host="dim.scene7.com" />
+	<target host="disney-o.scene7.com" />
+	<target host="djbennett.scene7.com" />
+	<target host="dks.scene7.com" />
+	<target host="dm-shop.scene7.com" />
+	<target host="doryventures.scene7.com" />
+	<target host="dressbarn.scene7.com" />
+	<target host="dsm.scene7.com" />
+	<target host="dsm-dep.scene7.com" />
+	<target host="dsm-dnp.scene7.com" />
+	<target host="dsw.scene7.com" />
+	<target host="dune.scene7.com" />
+	<target host="e-leclerc.scene7.com" />
+	<target host="eastpak.scene7.com" />
+	<target host="easyar.scene7.com" />
+	<target host="echodesign.scene7.com" />
+	<target host="eddiebauer.scene7.com" />
+	<target host="eidupont.scene7.com" />
+	<target host="elkay.scene7.com" />
+	<target host="ellinee.scene7.com" />
+	<target host="empiriecom.scene7.com" />
+	<target host="epiroc.scene7.com" />
+	<target host="erwinmueller.scene7.com" />
+	<target host="esprit.scene7.com" />
+	<target host="eterna.scene7.com" />
+	<target host="fabrichouse.scene7.com" />
+	<target host="falabella.scene7.com" />
+	<target host="fci.scene7.com" />
+	<target host="felissimo.scene7.com" />
+	<target host="fgl.scene7.com" />
+	<target host="filausa.scene7.com" />
+	<target host="filippakab.scene7.com" />
+	<target host="fisheriessupply.scene7.com" />
+	<target host="fly.scene7.com" />
+	<target host="forte.scene7.com" />
+	<target host="fossil.scene7.com" />
+	<target host="freepeople-ugc.scene7.com" />
+	<target host="frontgate.scene7.com" />
+	<target host="fs.scene7.com" />
+	<target host="futurebazaar.scene7.com" />
+	<target host="galeton.scene7.com" />
+	<target host="garnethill.scene7.com" />
+	<target host="germancrystal.scene7.com" />
+	<target host="globerideinc.scene7.com" />
+	<target host="gorsuch.scene7.com" />
+	<target host="grandcircle.scene7.com" />
+	<target host="grandinroad.scene7.com" />
+	<target host="grattan.scene7.com" />
+	<target host="gresvig.scene7.com" />
+	<target host="griotsgarage.scene7.com" />
+	<target host="groupe-mb.scene7.com" />
+	<target host="grundfos.scene7.com" />
+	<target host="guesseu.scene7.com" />
+	<target host="guthyrenker.scene7.com" />
+	<target host="haladjian.scene7.com" />
+	<target host="halloweencity1.scene7.com" />
+	<target host="halloweencity2.scene7.com" />
+	<target host="halloweencity3.scene7.com" />
+	<target host="halloweencity4.scene7.com" />
+	<target host="halloweencity5.scene7.com" />
+	<target host="halloweencity6.scene7.com" />
+	<target host="harleydavidson.scene7.com" />
+	<target host="harryanddavid.scene7.com" />
+	<target host="havertys.scene7.com" />
+	<target host="heine.scene7.com" />
+	<target host="herroom.scene7.com" />
+	<target host="herroom0.scene7.com" />
+	<target host="herroom1.scene7.com" />
+	<target host="herroom2.scene7.com" />
+	<target host="herroom3.scene7.com" />
+	<target host="herroom4.scene7.com" />
+	<target host="herroom5.scene7.com" />
+	<target host="herroom6.scene7.com" />
+	<target host="herroom7.scene7.com" />
+	<target host="hfc.scene7.com" />
+	<target host="hhg.scene7.com" />
+	<target host="hhgregg.scene7.com" />
+	<target host="homebase.scene7.com" />
+	<target host="homecenterco.scene7.com" />
+	<target host="homemakersfurniture.scene7.com" />
+	<target host="hon.scene7.com" />
+	<target host="hottopic.scene7.com" />
+	<target host="houseoffraser.scene7.com" />
+	<target host="hsm.scene7.com" />
+	<target host="hugendubel.scene7.com" />
+	<target host="ib.scene7.com" />
+	<target host="ihg.scene7.com" />
+	<target host="iittala.scene7.com" />
+	<target host="improvements.scene7.com" />
+	<target host="imsdm.scene7.com" />
+	<target host="indigo.scene7.com" />
+	<target host="insulationgiant.scene7.com" />
+	<target host="interfaceinc.scene7.com" />
+	<target host="intersportfr.scene7.com" />
+	<target host="isetan.scene7.com" />
+	<target host="jamesavery.scene7.com" />
+	<target host="jjill-o.scene7.com" />
+	<target host="johnlewis.scene7.com" />
+	<target host="journelle.scene7.com" />
+	<target host="kaleidoscope.scene7.com" />
+	<target host="katespade.scene7.com" />
+	<target host="katespadesingapore.scene7.com" />
+	<target host="kela.scene7.com" />
+	<target host="kidoh.scene7.com" />
+	<target host="kingfisher.scene7.com" />
+	<target host="kke.scene7.com" />
+	<target host="kng.scene7.com" />
+	<target host="koffer24.scene7.com" />
+	<target host="kohler.scene7.com" />
+	<target host="kokon.scene7.com" />
+	<target host="l11.scene7.com" />
+	<target host="lacoste.scene7.com" />
+	<target host="lacosterender.scene7.com" />
+	<target host="lakelandcamel.scene7.com" />
+	<target host="lascana.scene7.com" />
+	<target host="lastcall.scene7.com" />
+	<target host="lenovo.scene7.com" />
+	<target host="lenox.scene7.com" />
+	<target host="lookagain.scene7.com" />
+	<target host="loomdecor.scene7.com" />
+	<target host="lsco.scene7.com" />
+	<target host="lsco1.scene7.com" />
+	<target host="lsco2.scene7.com" />
+	<target host="lsco3.scene7.com" />
+	<target host="lvprp.scene7.com" />
+	<target host="macys-o.scene7.com" />
+	<target host="madeleine.scene7.com" />
+	<target host="madeleine1.scene7.com" />
+	<target host="madeleine2.scene7.com" />
+	<target host="madeleine3.scene7.com" />
+	<target host="madeleine4.scene7.com" />
+	<target host="mamasandpapas.scene7.com" />
+	<target host="mandsintl.scene7.com" />
+	<target host="manufactum.scene7.com" />
+	<target host="maritz.scene7.com" />
+	<target host="matelsom.scene7.com" />
+	<target host="mauijim.scene7.com" />
+	<target host="mauricesprodatg.scene7.com" />
+	<target host="mdm.scene7.com" />
+	<target host="medion.scene7.com" />
+	<target host="menswearhouse.scene7.com" />
+	<target host="metro.scene7.com" />
+	<target host="metroua.scene7.com" />
+	<target host="mgm.scene7.com" />
+	<target host="michaelkors.scene7.com" />
+	<target host="midorianzen.scene7.com" />
+	<target host="mintedw2p.scene7.com" />
+	<target host="mirapodo.scene7.com" />
+	<target host="misumi.scene7.com" />
+	<target host="mizuno.scene7.com" />
+	<target host="mizunojp.scene7.com" />
+	<target host="mmo.scene7.com" />
+	<target host="moebelix.scene7.com" />
+	<target host="moebelmahler.scene7.com" />
+	<target host="moemax.scene7.com" />
+	<target host="mohawk.scene7.com" />
+	<target host="mooresclothing.scene7.com" />
+	<target host="morplan.scene7.com" />
+	<target host="mothercare.scene7.com" />
+	<target host="mrp.scene7.com" />
+	<target host="mrpg.scene7.com" />
+	<target host="mytoys.scene7.com" />
+	<target host="mytoysgroup.scene7.com" />
+	<target host="natpen.scene7.com" />
+	<target host="nautilus.scene7.com" />
+	<target host="nb.scene7.com" />
+	<target host="nbad.scene7.com" />
+	<target host="neebo.scene7.com" />
+	<target host="neimanmarcus.scene7.com" />
+	<target host="netrada2.scene7.com" />
+	<target host="newlook.scene7.com" />
+	<target host="newpig.scene7.com" />
+	<target host="newpigltd.scene7.com" />
+	<target host="niche.scene7.com" />
+	<target host="nissan.scene7.com" />
+	<target host="nissannorthamerica.scene7.com" />
+	<target host="nlyscandinavia.scene7.com" />
+	<target host="ochsnersport.scene7.com" />
+	<target host="odeu.scene7.com" />
+	<target host="officedepot.scene7.com" />
+	<target host="okl.scene7.com" />
+		<test url="http://okl.scene7.com/is/image/OKL/Product_SFM25142_Image_1" />
+	<target host="okl2.scene7.com" />
+		<test url="http://okl2.scene7.com/is/image/OKL/Product_SFM25130_Image_1" />
+	<target host="okl3.scene7.com" />
+	<target host="okl4.scene7.com" />
+	<target host="onlinecommerce.scene7.com" />
+	<target host="opsm.scene7.com" />
+	<target host="origin-ap1.scene7.com" />
+	<target host="origin-d3.scene7.com" />
+	<target host="origin-d4.scene7.com" />
+	<target host="origin-d5.scene7.com" />
+	<target host="orikomio.scene7.com" />
+	<target host="orion.scene7.com" />
+	<target host="otto.scene7.com" />
+	<target host="panabrasives.scene7.com" />
+	<target host="papersource.scene7.com" />
+	<target host="paris.scene7.com" />
+	<target host="partycity.scene7.com" />
+	<target host="partycity1.scene7.com" />
+	<target host="partycity2.scene7.com" />
+	<target host="partycity3.scene7.com" />
+	<target host="partycity4.scene7.com" />
+	<target host="partycity5.scene7.com" />
+	<target host="partycity6.scene7.com" />
+	<target host="peachjohn.scene7.com" />
+	<target host="peachsuite.scene7.com" />
+	<target host="pearsoneducation.scene7.com" />
+	<target host="peerless.scene7.com" />
+	<target host="petco.scene7.com" />
+	<target host="peterhahn.scene7.com" />
+	<target host="philipslighting.scene7.com" />
+	<target host="playmobil.scene7.com" />
+	<target host="postable.scene7.com" />
+	<target host="primetime.scene7.com" />
+	<target host="prucardsugc.scene7.com" />
+	<target host="puma.scene7.com" />
+	<target host="pumachina.scene7.com" />
+	<target host="pumaecom.scene7.com" />
+	<target host="purefishing.scene7.com" />
+	<target host="purefishingemea.scene7.com" />
+	<target host="purefishingffo.scene7.com" />
+	<target host="pvh.scene7.com" />
+	<target host="quill.scene7.com" />
+	<target host="qvc.scene7.com" />
+	<target host="qvc-o.scene7.com" />
+	<target host="raja.scene7.com" />
+	<target host="ralphlauren.scene7.com" />
+	<target host="ralphlauren1.scene7.com" />
+	<target host="ralphlauren2.scene7.com" />
+	<target host="ralphlauren3.scene7.com" />
+	<target host="ralphlauren4.scene7.com" />
+	<target host="ralphlauren5.scene7.com" />
+	<target host="ralphlauren6.scene7.com" />
+	<target host="ralphlauren7.scene7.com" />
+	<target host="ralphlauren8.scene7.com" />
+	<target host="ralphlaurenapac.scene7.com" />
+	<target host="raptor.scene7.com" />
+	<target host="raymourflanigan.scene7.com" />
+	<target host="redblue.scene7.com" />
+	<target host="redbullsalzburg.scene7.com" />
+	<target host="reef.scene7.com" />
+	<target host="rh-o.scene7.com" />
+	<target host="riverisland.scene7.com" />
+	<target host="rsn.scene7.com" />
+	<target host="rue21.scene7.com" />
+	<target host="ruelala.scene7.com" />
+	<target host="runnerspoint.scene7.com" />
+	<target host="s7alert1.scene7.com" />
+	<target host="s7d1.scene7.com" />
+	<target host="s7d10.scene7.com" />
+	<target host="s7d11.scene7.com" />
+	<target host="s7d13.scene7.com" />
 	<target host="s7d2.scene7.com" />
+	<target host="s7d3.scene7.com" />
+	<target host="s7d4.scene7.com" />
+	<target host="s7d5.scene7.com" />
+	<target host="s7d6.scene7.com" />
+	<target host="s7d7.scene7.com" />
+	<target host="s7d9.scene7.com" />
+	<target host="s7diod-isorigin.scene7.com" />
+	<target host="s7e1a.scene7.com" />
+	<target host="s7e3a.scene7.com" />
+	<target host="s7e5a.scene7.com" />
+		<test url="http://s7e5a.scene7.com/is/image/waitrose/TmgProductPodSingleBottle/050052_a_quinta-de-azevedo-vinho-verde" />
+	<target host="s7fmisg.scene7.com" />
+	<target host="s7ftp5.scene7.com" />
+	<target host="s7g1.scene7.com" />
+	<target host="s7g10.scene7.com" />
+		<test url="http://s7g10.scene7.com/is/image/waitrose/t-hp-bottles-range-icon" />
+	<target host="s7g2.scene7.com" />
+	<target host="s7g3.scene7.com" />
+	<target host="s7g4.scene7.com" />
+	<target host="s7g8.scene7.com" />
+	<target host="s7info1.scene7.com" />
+	<target host="s7info1-origin.scene7.com" />
+	<target host="s7info2.scene7.com" />
+	<target host="s7info2admin.scene7.com" />
+	<target host="s7infoadmin.scene7.com" />
+	<target host="s7ips3.scene7.com" />
+	<target host="s7ips5.scene7.com" />
+	<target host="s7is1-preview-staging.scene7.com" />
+	<target host="s7isorigin3.scene7.com" />
+	<target host="s7mbrstream-ap1.scene7.com" />
+	<target host="s7mbrstream-g1.scene7.com" />
+	<target host="s7mbrstream-g1-h2.scene7.com" />
+	<target host="s7mbrstreamdual-ap.scene7.com" />
+	<target host="s7mbrstreamdual-emea.scene7.com" />
+	<target host="s7mbrstreamdual-na.scene7.com" />
+	<target host="s7ondemand1.scene7.com" />
+	<target host="s7ondemand4.scene7.com" />
+	<target host="s7ondemand5.scene7.com" />
+	<target host="s7ondemand6.scene7.com" />
+	<target host="s7ondemand7.scene7.com" />
+	<target host="s7search5.scene7.com" />
 	<target host="s7sps1.scene7.com" />
+	<target host="s7sps1-staging.scene7.com" />
+	<target host="s7sps1agm.scene7.com" />
+	<target host="s7sps1apissl.scene7.com" />
+	<target host="s7sps1apissl-staging.scene7.com" />
+	<target host="s7sps1appssl-staging.scene7.com" />
+	<target host="s7sps1ssl.scene7.com" />
+	<target host="s7sps1ssl-staging.scene7.com" />
 	<target host="s7sps3.scene7.com" />
+	<target host="s7sps3-staging.scene7.com" />
+	<target host="s7sps3agm.scene7.com" />
+	<target host="s7sps3apissl.scene7.com" />
+	<target host="s7sps3apissl-staging.scene7.com" />
+	<target host="s7sps3ssl.scene7.com" />
 	<target host="s7sps5.scene7.com" />
+	<target host="s7sps5-staging.scene7.com" />
+	<target host="s7sps5agm.scene7.com" />
+	<target host="s7sps5api.scene7.com" />
+	<target host="s7sps5apissl.scene7.com" />
+	<target host="s7sps5apissl-staging.scene7.com" />
+	<target host="s7sps5ssl.scene7.com" />
 	<target host="s7sps7.scene7.com" />
-	<target host="trial.scene7.com" />
+	<target host="s7sps7agm.scene7.com" />
+	<target host="s7sps7api.scene7.com" />
+	<target host="s7test1.scene7.com" />
+	<target host="s7test3.scene7.com" />
+	<target host="s7test5.scene7.com" />
+	<target host="s7ugc1.scene7.com" />
+	<target host="s7v1.scene7.com" />
+	<target host="s7w2p1.scene7.com" />
+	<target host="s7w2p3.scene7.com" />
+	<target host="s7w2p5.scene7.com" />
+	<target host="s7wsproxy1.scene7.com" />
+	<target host="safco.scene7.com" />
+	<target host="sandowmedia.scene7.com" />
+	<target host="sanyoshokai.scene7.com" />
+	<target host="sce.scene7.com" />
+	<target host="schaefershop.scene7.com" />
+	<target host="searsca.scene7.com" />
+	<target host="searsoptical.scene7.com" />
+	<target host="secure.scene7.com" />
+	<target host="sgdd.scene7.com" />
+	<target host="shawfloors.scene7.com" />
+	<target host="sherwin.scene7.com" />
+	<target host="shoecarnival.scene7.com" />
+	<target host="shopjustice.scene7.com" />
+	<target host="sidestep.scene7.com" />
+	<target host="smartfurniture.scene7.com" />
+	<target host="smartwool.scene7.com" />
+	<target host="smithnoble.scene7.com" />
+	<target host="smythson.scene7.com" />
+	<target host="soccerpro.scene7.com" />
+	<target host="sodimac.scene7.com" />
+	<target host="sodimacar.scene7.com" />
+	<target host="softbankbb.scene7.com" />
+	<target host="soliver.scene7.com" />
+	<target host="sonyglobal.scene7.com" />
+	<target host="sonyhelpguide.scene7.com" />
+	<target host="sonystore.scene7.com" />
+	<target host="sonystyle.scene7.com" />
+	<target host="sp24.scene7.com" />
+	<target host="specialized.scene7.com" />
+	<target host="speedo-usa.scene7.com" />
+	<target host="spencers.scene7.com" />
+	<target host="spirit.scene7.com" />
+	<target host="sportscheck.scene7.com" />
+	<target host="staging.scene7.com" />
+	<target host="stanleyfurniture.scene7.com" />
+	<target host="steinertractor.scene7.com" />
+	<target host="steinhoffukretailltd.scene7.com" />
+	<target host="straumann.scene7.com" />
+	<target host="stuller.scene7.com" />
+	<target host="sugartown.scene7.com" />
+	<target host="swimwear365.scene7.com" />
+	<target host="swisscom.scene7.com" />
+	<target host="swisscomvbc.scene7.com" />
+	<target host="talbots.scene7.com" />
+	<target host="target.scene7.com" />
+	<target host="tbc.scene7.com" />
+	<target host="tdg.scene7.com" />
+	<target host="teddysmithdigital.scene7.com" />
+	<target host="teleflora.scene7.com" />
+	<target host="tesco.scene7.com" />
+	<target host="test-e3.scene7.com" />
+	<target host="test-e5.scene7.com" />
+	<target host="test-e8.scene7.com" />
+	<target host="teststeinhoff.scene7.com" />
+	<target host="testvip1.scene7.com" />
+	<target host="testvipd1.scene7.com" />
+	<target host="testvipd2.scene7.com" />
+	<target host="testvipd3.scene7.com" />
+	<target host="testvipd4.scene7.com" />
+	<target host="testvipd5.scene7.com" />
+	<target host="testvipd9.scene7.com" />
+	<target host="textbookunderground.scene7.com" />
+	<target host="tfc.scene7.com" />
+	<target host="thecapitalgroup.scene7.com" />
+	<target host="themomgroup.scene7.com" />
+	<target host="theodorealexander.scene7.com" />
+	<target host="theshadestore.scene7.com" />
+	<target host="thingsremembered.scene7.com" />
+	<target host="tileshop.scene7.com" />
+	<target host="tnm.scene7.com" />
+	<target host="tommy-europe.scene7.com" />
+	<target host="tommybahama.scene7.com" />
+	<target host="top.scene7.com" />
+	<target host="travelsmith.scene7.com" />
+	<target host="travisperkins.scene7.com" />
+	<target host="trek.scene7.com" />
+	<target host="triumph.scene7.com" />
+	<target host="truevalue.scene7.com" />
+	<target host="tubby.scene7.com" />
+	<target host="tuesdaymorning.scene7.com" />
+	<target host="tumi.scene7.com" />
+	<target host="turn5.scene7.com" />
+	<target host="underarmour.scene7.com" />
+	<target host="uniqlo.scene7.com" />
+	<target host="unito.scene7.com" />
+	<target host="unleashedbypetco.scene7.com" />
+	<target host="up.scene7.com" />
+	<target host="usineadesign.scene7.com" />
+	<target host="verabradley.scene7.com" />
+	<target host="verizon-o.scene7.com" />
+	<target host="vermontcountrystore.scene7.com" />
+	<target host="versace.scene7.com" />
+	<target host="vfimagewear.scene7.com" />
+	<target host="victorpest.scene7.com" />
+	<target host="vitaminshoppe.scene7.com" />
+	<target host="vp-eu.scene7.com" />
+	<target host="vp-eu-pp.scene7.com" />
+	<target host="vp-eu-r7.scene7.com" />
+	<target host="vpusa.scene7.com" />
+	<target host="waltermosergmbh.scene7.com" />
+	<target host="washford.scene7.com" />
+	<target host="watscocom.scene7.com" />
+	<target host="wefashion.scene7.com" />
+	<target host="weltbild.scene7.com" />
+	<target host="whitecompany.scene7.com" />
+	<target host="wickes.scene7.com" />
+	<target host="windycitynovelties.scene7.com" />
+	<target host="witt-international.scene7.com" />
+	<target host="wittweiden.scene7.com" />
+	<target host="wolverineworldwide.scene7.com" />
+	<target host="woodstream.scene7.com" />
+	<target host="wooniorender.scene7.com" />
+	<target host="xxxlutz.scene7.com" />
+	<target host="yomonda.scene7.com" />
+	<target host="youngamerica.scene7.com" />
+	<target host="zorch.scene7.com" />
 
-	<!--	(account vhosts:)
-				-->
-	<target host="okl.scene7.com" />
-	<target host="okl2.scene7.com" />
-	<target host="s7e5a.scene7.com" />
-	<target host="s7g10.scene7.com" />
-
-		<test url="http://okl.scene7.com/is/image/OKL/Product_SFM25142_Image_1?$small$" />
-		<test url="http://okl2.scene7.com/is/image/OKL/Product_SFM25130_Image_1?$small$" />
-		<test url="http://s7e5a.scene7.com/is/image/waitrose/TmgProductPodSingleBottle/050052_a_quinta-de-azevedo-vinho-verde?$promo=waitrose/t-roundel-save-25perc" />
-		<test url="http://s7g10.scene7.com/is/image/waitrose/t-hp-bottles-range-icon?fmt=png-alpha" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http://www\.scene7\.com/[^?]*"
+		to="https://www.adobe.com/products/scene7.html" />
+		<test url="http://www.scene7.com/removethis?keepthis" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SceneMusic.net.xml b/src/chrome/content/rules/SceneMusic.net.xml
deleted file mode 100644
index 10135885b703..000000000000
--- a/src/chrome/content/rules/SceneMusic.net.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Nectarine Demoscene Music">
-  <target host="www.scenemusic.net" />
-  <target host="scenemusic.net" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/SceneTap.xml b/src/chrome/content/rules/SceneTap.xml
index e7cab2224d7d..36724b7e8cd3 100644
--- a/src/chrome/content/rules/SceneTap.xml
+++ b/src/chrome/content/rules/SceneTap.xml
@@ -6,7 +6,7 @@
 	<target host="www.scenetap.com" />
 
 
-	<securecookie host="^(?:.*\.)?scenetap\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Scepsis.xml b/src/chrome/content/rules/Scepsis.xml
index a61ecba29f9c..e99d952bc502 100644
--- a/src/chrome/content/rules/Scepsis.xml
+++ b/src/chrome/content/rules/Scepsis.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.scepsis.ru/ => https://scepsis.ru/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://scepsis.ru/ => https://scepsis.ru/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Scepsis" default_off='failed ruleset test'>
+<ruleset name="Scepsis" default_off="failed ruleset test">
   <target host="www.scepsis.ru" />
   <target host="scepsis.ru" />
 
diff --git a/src/chrome/content/rules/Sched.org.xml b/src/chrome/content/rules/Sched.org.xml
index cf47069a4275..221df2b27672 100644
--- a/src/chrome/content/rules/Sched.org.xml
+++ b/src/chrome/content/rules/Sched.org.xml
@@ -17,10 +17,13 @@
 <ruleset name="Sched.org (partial)">
 
 	<target host="schd.ws" />
-	<target host="*.schd.ws" />
+	<target host="cdn.schd.ws" />
+	<target host="www.schd.ws" />
 	<target host="www.sched.co" />
 	<target host="sched.org" />
-	<target host="*.sched.org" />
+	<target host="static.sched.org" />
+	<target host="www.sched.org" />
+	<target host="xenprojectdevelopersummit2014.sched.org" />
 
 
 	<!--	Not secured by server:
@@ -31,13 +34,10 @@
 	<securecookie host="^(?:xenprojectdevelopersummit2014)?\.sched\.org$" name=".+" />
 
 
-	<rule from="^http://(cdn\.)?schd\.ws/"
-		to="https://$1schd.ws/" />
 
 	<rule from="^http://www\.sch(?:d\.ws|ed\.co)/"
 		to="https://sched.org/" />
 
-	<rule from="^http://((?:static|www|xenprojectdevelopersummit2014)\.)?sched\.org/"
-		to="https://$1sched.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Schetu.net.xml b/src/chrome/content/rules/Schetu.net.xml
deleted file mode 100644
index 5b0ce148866f..000000000000
--- a/src/chrome/content/rules/Schetu.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	www.schetu.net doesn't exist.
-
--->
-<ruleset name="schetu.net">
-
-	<target host="schetu.net" />
-	<target host="*.schetu.net" />
-
-
-	<securecookie host="^\.?schetu\.net$" name=".+" />
-
-
-	<rule from="^http://schetu\.net/"
-		to="https://schetu.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Schibsted-IT.xml b/src/chrome/content/rules/Schibsted-IT.xml
index 09d14451d7ec..77fd00e66c77 100644
--- a/src/chrome/content/rules/Schibsted-IT.xml
+++ b/src/chrome/content/rules/Schibsted-IT.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schibsted.io.xml b/src/chrome/content/rules/Schibsted.io.xml
index 15ecbcc8d929..a828e411aae5 100644
--- a/src/chrome/content/rules/Schibsted.io.xml
+++ b/src/chrome/content/rules/Schibsted.io.xml
@@ -12,7 +12,7 @@
 		- mc.rkt-dev.ingress.cre-pro
 		- mc.rkt-pre.ingress.cre-pro
 		- mc.rkt-pro.ingress.cre-pro
-		
+
 		- static.messaging
 		- artifacts.infra-dev
 		- travis.infra-pro
@@ -40,8 +40,8 @@
 	Connection refused:
 		- codeload.github
 		- raw.github
-		
-		
+
+
 	Timeout:
 		- xmpp.messaging
 		- northstar
@@ -58,10 +58,10 @@
 		- prometheus.dev.sportsnext
 		- vglive-admin.dev.sportsnext
 		- vglive-api.dev.sportsnext
-		- vglive-web.dev.sportsnext		
+		- vglive-web.dev.sportsnext
 		- heimdall.heimdall-pro
 		- observatory.security-pro
-		
+
 
 -->
 <ruleset name="Schibsted.io (partial)">
@@ -72,7 +72,7 @@
 	<target host="selfserve.ads.schibsted.io" />
 
 	<target host="delivery-dash.ami-store.schibsted.io" />
-	<target host="audience.schibsted.io" />   
+	<target host="audience.schibsted.io" />
 	<target host="collector.schibsted.io" />
 	<target host="confluence.schibsted.io" />
 	<target host="alerts.schibsted.io" />
@@ -230,4 +230,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schibsted.xml b/src/chrome/content/rules/Schibsted.xml
deleted file mode 100644
index 44797000687c..000000000000
--- a/src/chrome/content/rules/Schibsted.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)schibsted.com *
-		- (www.)schibsted.se *
-
-	* Times out
-
--->
-<ruleset name="Schibsted (partial)">
-
-	<target host="*.schibsted.se" />
-
-
-	<securecookie host="^\.?payment\.schibsted\.se$" name=".+" />
-
-
-	<rule from="^http://payment\.schibsted\.se/"
-		to="https://payment.schibsted.se/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Schlossberg_Store.xml b/src/chrome/content/rules/Schlossberg_Store.xml
deleted file mode 100644
index 532226baec98..000000000000
--- a/src/chrome/content/rules/Schlossberg_Store.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- !www redirects to a different domain
-	- Some pages redirect to http
-
--->
-<ruleset name="Schlossberg Store (partial)">
-
-	<target host="schlossbergstore.com" />
-	<target host="www.schlossbergstore.com" />
-
-
-	<rule from="^http://(?:www\.)?schlossbergstore\.com/(css/|(?:Member/Login|order-status)(?:$|\?|/)|Public/|registry|store_image/|Styles/)"
-		to="https://www.schlossbergstore.com/$2" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Schlumberger.xml b/src/chrome/content/rules/Schlumberger.xml
index 0e4e9af40fda..db8ba782948c 100644
--- a/src/chrome/content/rules/Schlumberger.xml
+++ b/src/chrome/content/rules/Schlumberger.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://slb.com/ => https://slb.com/: Cycle detected - URL already encountered: https://slb.com/
 Fetch error: http://www.slb.com/ => https://www.slb.com/: Cycle detected - URL already encountered: https://www.slb.com/
 -->
-<ruleset name="Schlumberger" default_off='failed ruleset test'>
+<ruleset name="Schlumberger" default_off="failed ruleset test">
 
 	<target host="slb.com" />
 	<target host="www.slb.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.slb.com/ => https://www.slb.com/: Cycle detected - URL a
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schneider-Electric.com.xml b/src/chrome/content/rules/Schneider-Electric.com.xml
index 7a48540a970c..1b7a329bbf5f 100644
--- a/src/chrome/content/rules/Schneider-Electric.com.xml
+++ b/src/chrome/content/rules/Schneider-Electric.com.xml
@@ -9,59 +9,12 @@
 
 		- schneiderele.taleo.net
 
-
-	Nonfunctional subdomains:
-
-		- www2	(503, akamai)
-
-
-	Problematic subdomains:
-
-		- ^	(works, cert only matches www)
-
-
-	Partially covered subdomains:
-
-		- (www.)
-
-			- Some pages redirect to http
-
-			- These paths 503:
-
-				- css/
-				- documents/flash/en/shared/
-				- gc_1_0/	(xiti web bugs)
-				- images/
-				- js/
-				- sites/corporate/en/customers/satisfy-our-customers/electric-utilities.page
-				- templatedata/Configuration/Xiti/
-
-			- These don't 503:
-
-				- download/resource/scripts/
-				- navigation/images/
-				- navigation/scripts/
-				- products$
-				- resource/scripts/
-				- site/home/images/custom/
-				- site/home/images/structure/
-				- site/home/js/
-				- site/marketing_center/images/
-				- site/marketing_center/js/
-				- site/tasks/sites/marketing_center/assets/Image/Corporate/Teasers/
-				- stat/xtcore.js
-				- solutions$
-				- solutions/resource/css/
-				- solutions/resource/images/
-				- solutions/resource/js/
-				- solutions/ww/en/rme/\d+/image/
-
 -->
 <ruleset name="Schneider-Electric.com (partial)">
 
 	<target host="schneider-electric.com" />
-	<target host="*.schneider-electric.com" />
-		<!--exclusion pattern="^http://(www\.)?schneider-electric\.com/(css|documents|gc_1_0|images|js|sites|templatedata)/" /-->
+	<target host="www.schneider-electric.com" />
+	<target host="download.schneider-electric.com" />
 
 
 	<!--	Tracking cookies:
@@ -69,7 +22,6 @@
 	<securecookie host="^\.schneider-electric\.com$" name="^(?:__utm\w|xtvrn)$" />
 
 
-	<rule from="^http://(?:www\.)?schneider-electric\.com/(download/|navigation/|(?:product|solution)s(?:$|[?/])|resource/|site/(?:home|marketing_center)/(?:image|j)s/|site/tasks/sites/|stat/)"
-		to="https://www.schneider-electric.com/$1" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScholarOne.xml b/src/chrome/content/rules/ScholarOne.xml
index 6c46dcfed85f..eec8d372608e 100644
--- a/src/chrome/content/rules/ScholarOne.xml
+++ b/src/chrome/content/rules/ScholarOne.xml
@@ -14,7 +14,7 @@ Fetch error: http://mc.manuscriptcentral.com/ => https://mc.manuscriptcentral.co
 
 
 -->
-<ruleset name="ScholarOne (partial)" default_off='failed ruleset test'>
+<ruleset name="ScholarOne (partial)" default_off="failed ruleset test">
 
 	<target host="mc.manuscriptcentral.com" />
 
diff --git a/src/chrome/content/rules/SchoolForge.xml b/src/chrome/content/rules/SchoolForge.xml
index 1ecabaab3c50..1810427205ed 100644
--- a/src/chrome/content/rules/SchoolForge.xml
+++ b/src/chrome/content/rules/SchoolForge.xml
@@ -8,4 +8,4 @@
 		to="https://schoolforge.net/" />
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Schottenland.xml b/src/chrome/content/rules/Schottenland.xml
deleted file mode 100644
index e42335f479a6..000000000000
--- a/src/chrome/content/rules/Schottenland.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- schottlenland.de subdomains:
-
-			- (www.)
-			- media
-			- medikamente
-			- telefon
-			- user *
-
-		- [abc].stc-schottenland.de *
-
-	* Times out
-
--->
-<ruleset name="Schottenland (partial)">
-
-	<target host="na.schottenland.de" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SchuelerVZ.xml b/src/chrome/content/rules/SchuelerVZ.xml
index d83c2fdfcd4a..41d31dddf6fb 100644
--- a/src/chrome/content/rules/SchuelerVZ.xml
+++ b/src/chrome/content/rules/SchuelerVZ.xml
@@ -2,7 +2,7 @@
 	Invalid Certificate:
 	blog.schuelervz.net
 	static.pe.schuelervz.net
-	
+
 	Time Out:
 	schuelervz.net
 -->
diff --git a/src/chrome/content/rules/Schuilenburg.org.xml b/src/chrome/content/rules/Schuilenburg.org.xml
index eca929d6e39d..e7317c3f9d14 100644
--- a/src/chrome/content/rules/Schuilenburg.org.xml
+++ b/src/chrome/content/rules/Schuilenburg.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.schuilenburg.org/ => https://www.schuilenburg.org/: (60,
 		- gallery	(shows www.ecoscentric.com)
 
 -->
-<ruleset name="Schuilenburg.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Schuilenburg.org (partial)" default_off="failed ruleset test">
 
 	<target host="schuilenburg.org" />
 	<target host="www.schuilenburg.org" />
diff --git a/src/chrome/content/rules/Schwab.com.xml b/src/chrome/content/rules/Schwab.com.xml
index f86511aa5e58..57be6f9611c0 100644
--- a/src/chrome/content/rules/Schwab.com.xml
+++ b/src/chrome/content/rules/Schwab.com.xml
@@ -31,10 +31,13 @@ Fetch error: http://schwab.com/ => https://schwab.com/: (60, 'SSL certificate pr
 	* Secured by us
 
 -->
-<ruleset name="Schwab.com" default_off='failed ruleset test'>
+<ruleset name="Schwab.com" default_off="failed ruleset test">
 
 	<target host="schwab.com" />
-	<target host="*.schwab.com" />
+	<target host="client.schwab.com" />
+	<target host="content.schwab.com" />
+	<target host="eac.schwab.com" />
+	<target host="www.schwab.com" />
 
 
 	<!--	Not secured by server:
@@ -46,7 +49,6 @@ Fetch error: http://schwab.com/ => https://schwab.com/: (60, 'SSL certificate pr
 	<securecookie host="^(?:client|\.eac)?\.schwab\.com$" name=".+" />
 
 
-	<rule from="^http://((?:client|content|eac|www)\.)?schwab\.com/"
-		to="https://$1schwab.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Schweikert.ch.xml b/src/chrome/content/rules/Schweikert.ch.xml
new file mode 100644
index 000000000000..120cfe41ec96
--- /dev/null
+++ b/src/chrome/content/rules/Schweikert.ch.xml
@@ -0,0 +1,16 @@
+<!--
+	SSL error:
+		- gore.schweikert.ch
+
+	Connection error:
+		- mail.schweikert.ch
+-->
+<ruleset name="Schweikert.ch">
+	<target host="schweikert.ch" />
+	<target host="www.schweikert.ch" />
+	<target host="david.schweikert.ch" />
+	<target host="mailgraph.schweikert.ch" />
+	<target host="postgrey.schweikert.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sci-Hub.love.xml b/src/chrome/content/rules/Sci-Hub.love.xml
new file mode 100644
index 000000000000..801498e94c94
--- /dev/null
+++ b/src/chrome/content/rules/Sci-Hub.love.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sci-Hub.love">
+	<target host="sci-hub.love" />
+	<target host="www.sci-hub.love" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sci-Hub.xml b/src/chrome/content/rules/Sci-Hub.xml
index ea7b6f97bba5..3b759ed97099 100644
--- a/src/chrome/content/rules/Sci-Hub.xml
+++ b/src/chrome/content/rules/Sci-Hub.xml
@@ -1,4 +1,35 @@
+
 <!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Fetch error: http://sci-hub.la/ => https://sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.sci-hub.la/ => https://www.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cyber.sci-hub.la/ => https://cyber.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dabamirror.sci-hub.la/ => https://dabamirror.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dacemirror.sci-hub.la/ => https://dacemirror.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ocean.sci-hub.la/ => https://ocean.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tree.sci-hub.la/ => https://tree.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://twin.sci-hub.la/ => https://twin.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://zeze.sci-hub.la/ => https://zeze.sci-hub.la/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://sci-hub.tv/ => https://sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cyber.sci-hub.tv/ => https://cyber.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dabamirror.sci-hub.tv/ => https://dabamirror.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://dacemirror.sci-hub.tv/ => https://dacemirror.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://ocean.sci-hub.tv/ => https://ocean.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tree.sci-hub.tv/ => https://tree.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://twin.sci-hub.tv/ => https://twin.sci-hub.tv/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://zeze.sci-hub.tv/ => https://zeze.sci-hub.tv/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://sci-hub.tw/ => https://sci-hub.tw/: (6, 'Could not resolve host: sci-hub.tw')
+Fetch error: http://cyber.sci-hub.tw/ => https://cyber.sci-hub.tw/: (6, 'Could not resolve host: cyber.sci-hub.tw')
+Fetch error: http://dabamirror.sci-hub.tw/ => https://dabamirror.sci-hub.tw/: (6, 'Could not resolve host: dabamirror.sci-hub.tw')
+Fetch error: http://dacemirror.sci-hub.tw/ => https://dacemirror.sci-hub.tw/: (6, 'Could not resolve host: dacemirror.sci-hub.tw')
+Fetch error: http://ocean.sci-hub.tw/ => https://ocean.sci-hub.tw/: (6, 'Could not resolve host: ocean.sci-hub.tw')
+Fetch error: http://tree.sci-hub.tw/ => https://tree.sci-hub.tw/: (6, 'Could not resolve host: tree.sci-hub.tw')
+Fetch error: http://twin.sci-hub.tw/ => https://twin.sci-hub.tw/: (6, 'Could not resolve host: twin.sci-hub.tw')
+Fetch error: http://zeze.sci-hub.tw/ => https://zeze.sci-hub.tw/: (6, 'Could not resolve host: zeze.sci-hub.tw')
+
+  Domain does not match server's certificate
+
 	Broken chain:
 		sci-hub.name
 		*.sci-hub.name
@@ -12,47 +43,34 @@
 	2017.1.11: moscow.sci-hub.* times out over both http and https.
 
 -->
-<ruleset name="Sci-Hub">
+<ruleset name="Sci-Hub"  default_off="failed ruleset test">
 
 	<target host="sci-hub.la" />
 	<target host="www.sci-hub.la" />
 	<target host="cyber.sci-hub.la" />
 	<target host="dabamirror.sci-hub.la" />
-		<test url="http://dabamirror.sci-hub.la/cc706a7f8f6c4c36d006c4079c1377f3/sunshine2015.pdf" />
 	<target host="dacemirror.sci-hub.la" />
-		<test url="http://dacemirror.sci-hub.la/journal-article/3a257a9ec768d1c3d80c066186aba421/pajno2010.pdf" />
 	<target host="ocean.sci-hub.la" />
 	<target host="tree.sci-hub.la" />
 	<target host="twin.sci-hub.la" />
-		<test url="http://twin.sci-hub.la/e0f2608efb9e6923c2cc054655bf2477/10.1111@2041-210x.12735.pdf" />
 	<target host="zeze.sci-hub.la" />
-		<test url="http://zeze.sci-hub.la/d1d0990ff30e27ddc56e09a8ce04d0b3/scheffler2007.pdf" />
-	
 	<target host="sci-hub.tv" />
 	<target host="cyber.sci-hub.tv" />
 	<target host="dabamirror.sci-hub.tv" />
-		<test url="http://dabamirror.sci-hub.tv/cc706a7f8f6c4c36d006c4079c1377f3/sunshine2015.pdf" />
 	<target host="dacemirror.sci-hub.tv" />
-		<test url="http://dacemirror.sci-hub.tv/journal-article/3a257a9ec768d1c3d80c066186aba421/pajno2010.pdf" />
 	<target host="ocean.sci-hub.tv" />
 	<target host="tree.sci-hub.tv" />
 	<target host="twin.sci-hub.tv" />
-		<test url="http://twin.sci-hub.tv/e0f2608efb9e6923c2cc054655bf2477/10.1111@2041-210x.12735.pdf" />
 	<target host="zeze.sci-hub.tv" />
-		<test url="http://zeze.sci-hub.tv/d1d0990ff30e27ddc56e09a8ce04d0b3/scheffler2007.pdf" />
-	
+
 	<target host="sci-hub.tw" />
 	<target host="cyber.sci-hub.tw" />
 	<target host="dabamirror.sci-hub.tw" />
-		<test url="http://dabamirror.sci-hub.tw/cc706a7f8f6c4c36d006c4079c1377f3/sunshine2015.pdf" />
 	<target host="dacemirror.sci-hub.tw" />
-		<test url="http://dacemirror.sci-hub.tw/journal-article/3a257a9ec768d1c3d80c066186aba421/pajno2010.pdf" />
 	<target host="ocean.sci-hub.tw" />
 	<target host="tree.sci-hub.tw" />
 	<target host="twin.sci-hub.tw" />
-		<test url="http://twin.sci-hub.tw/e0f2608efb9e6923c2cc054655bf2477/10.1111@2041-210x.12735.pdf" />
 	<target host="zeze.sci-hub.tw" />
-		<test url="http://zeze.sci-hub.tw/d1d0990ff30e27ddc56e09a8ce04d0b3/scheffler2007.pdf" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/SciPy.org.xml b/src/chrome/content/rules/SciPy.org.xml
index 713d4c06be4b..a917c90aa184 100644
--- a/src/chrome/content/rules/SciPy.org.xml
+++ b/src/chrome/content/rules/SciPy.org.xml
@@ -1,32 +1,56 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://scipy.org/ => https://scipy.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://conference.scipy.org/ => https://conference.scipy.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Nonfunctional subdomains:
-
-		- new ³
-		- numeric ³
-		- planet ¹
-		- projects ¹²
-		- travis-dev-wheels ⁴
-		- wiki ¹
-
-	¹: Unable to get local issuer certificate
-	²: Cert expired
-	³: Serves different content on http/https
-	⁴: Mismatch
+	Invalid certificate:
+		scipy.org (broken chain)
+		conference.scipy.org (broken chain)
+		www.docs.scipy.org
+		ipython.scipy.org (broken chain)
+		www.ipython.scipy.org
+		lists.ipython.scipy.org
+		mpi4py.scipy.org (broken chain)
+		www.mpi4py.scipy.org
+		neuroimaging.scipy.org (broken chain)
+		www.neuroimaging.scipy.org
+		lists.neuroimaging.scipy.org
+		numpy.scipy.org (broken chain)
+		www.numpy.scipy.org
+		planet.scipy.org (broken chain)
+		pyxg.scipy.org (broken chain)
+		scipy2015.scipy.org
+		www.scipy2015.scipy.org
+		www.swc.scipy.org
+		lists.swc.scipy.org
+		travis-dev-wheels.scipy.org
+		wheels.scipy.org
+		wiki.scipy.org (broken chain)
+
+	Different HTTP/HTTPS:
+		new.scipy.org
+		numeric.scipy.org
+		old.scipy.org
+		projects.scipy.org
+		sage.scipy.org
+		scipy.scipy.org
+		svn.scipy.org
+
+	Connection closed:
+		scikits.scipy.org
 
 -->
-<ruleset name="SciPy.org" default_off='failed ruleset test'>
+<ruleset name="SciPy.org">
 
 	<target host="scipy.org" />
 	<target host="www.scipy.org" />
-
-	<target host="conference.scipy.org" />
+	<target host="bio.scipy.org" />
 	<target host="docs.scipy.org" />
 	<target host="mail.scipy.org" />
+	<target host="scipy2016.scipy.org" />
+	<target host="scipy2017.scipy.org" />
+	<target host="scipy2018.scipy.org" />
+	<target host="swc.scipy.org" />
+	<target host="wavelets.scipy.org" />
+
+	<rule from="^http://scipy\.org/"
+		to="https://www.scipy.org/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Scieneo.de.xml b/src/chrome/content/rules/Scieneo.de.xml
index 94458e62aa79..9e34923a9d1e 100644
--- a/src/chrome/content/rules/Scieneo.de.xml
+++ b/src/chrome/content/rules/Scieneo.de.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.scieneo.de/ => https://www.scieneo.de/: (51, "SSL: no al
 	    - Dynatech.de
 	    - Dynavision.de
 -->
-<ruleset name="Scieneo.de" default_off='failed ruleset test'>
+<ruleset name="Scieneo.de" default_off="failed ruleset test">
     <target host="scieneo.de" />
     <target host="www.scieneo.de" />
 
diff --git a/src/chrome/content/rules/Scientific-American.xml b/src/chrome/content/rules/Scientific-American.xml
index ce0f48f146be..670cb6750b6f 100644
--- a/src/chrome/content/rules/Scientific-American.xml
+++ b/src/chrome/content/rules/Scientific-American.xml
@@ -36,7 +36,7 @@ Fetch error: http://www.subscribe.scientificamerican.com/ => https://www.subscri
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Scientific American.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Scientific American.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Scoop.co.nz.xml b/src/chrome/content/rules/Scoop.co.nz.xml
deleted file mode 100644
index 10ebcf17a2ef..000000000000
--- a/src/chrome/content/rules/Scoop.co.nz.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- img *
-		- pacific *
-
-	* Refused
-
--->
-<ruleset name="Scoop.co.nz (partial)">
-
-	<target host="newsagent.scoop.co.nz" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Scoop.it.xml b/src/chrome/content/rules/Scoop.it.xml
index 42519c6a0c2c..565b4511ec43 100644
--- a/src/chrome/content/rules/Scoop.it.xml
+++ b/src/chrome/content/rules/Scoop.it.xml
@@ -19,7 +19,8 @@
 <ruleset name="Scoop.it (partial)">
 
 	<target host="scoop.it" />
-	<target host="*.scoop.it" />
+	<target host="www.scoop.it" />
+	<target host="img.scoop.it" />
 		<!--exclusion pattern="^http://www\.scoop\.it/($|\?|(lostpassword|t/cultivating-community/js)($|\?))" /-->
 
 
@@ -30,6 +31,6 @@
 		to="https://www.scoop.it/$1" />
 
 	<rule from="^http://img\.scoop\.it/"
-		to="https://d1lojpvs1j5ni5.cloudfront.net/" />
+		to="https://img.scoop.it/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scooter-Attack.xml b/src/chrome/content/rules/Scooter-Attack.xml
index 53df8af3acd1..ed531bb85c47 100644
--- a/src/chrome/content/rules/Scooter-Attack.xml
+++ b/src/chrome/content/rules/Scooter-Attack.xml
@@ -29,7 +29,7 @@ Fetch error: http://stats.scooter-attack.com/ => https://stats.scooter-attack.co
 	* Secured by us
 
 -->
-<ruleset name="Scooter-Attack.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Scooter-Attack.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Scot_Borders.gov.uk.xml b/src/chrome/content/rules/Scot_Borders.gov.uk.xml
index 1ccf8c96ccad..e56570815284 100644
--- a/src/chrome/content/rules/Scot_Borders.gov.uk.xml
+++ b/src/chrome/content/rules/Scot_Borders.gov.uk.xml
@@ -35,7 +35,7 @@ Fetch error: http://www.scotborders.gov.uk/ => https://www.scotborders.gov.uk/:
 	ˢ Secured by us
 
 -->
-<ruleset name="Scot Borders.gov.uk" default_off='failed ruleset test'>
+<ruleset name="Scot Borders.gov.uk" default_off="failed ruleset test">
 
 	<target host="mapping.scotborders.gov.uk" />
 	<target host="www.scotborders.gov.uk" />
diff --git a/src/chrome/content/rules/Scottbrand.com.xml b/src/chrome/content/rules/Scottbrand.com.xml
index 1ad48e349015..d2ba111e65b5 100644
--- a/src/chrome/content/rules/Scottbrand.com.xml
+++ b/src/chrome/content/rules/Scottbrand.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://scottbrand.com/ => https://scottbrand.com/: (51, "SSL: no al
 		- www.scottbrand.com
 
 -->
-<ruleset name="Scottbrand.com" default_off='failed ruleset test'>
+<ruleset name="Scottbrand.com" default_off="failed ruleset test">
   <target host="scottbrand.com" />
   <target host="www.scottbrand.com" />
 
diff --git a/src/chrome/content/rules/Scottevest.xml b/src/chrome/content/rules/Scottevest.xml
index 9d0e4f70cd38..a9eec98b1ed1 100644
--- a/src/chrome/content/rules/Scottevest.xml
+++ b/src/chrome/content/rules/Scottevest.xml
@@ -2,7 +2,7 @@
   <target host="scottevest.com" />
   <target host="www.scottevest.com" />
 
-  <securecookie host="^(?:.+\.)?scottevest\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml
index 2ea93b700f08..92c2f51f9b2e 100644
--- a/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml
+++ b/src/chrome/content/rules/Scottish-Country-Cottages.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/Scottish_Power.xml b/src/chrome/content/rules/Scottish_Power.xml
index 8226d27e2f97..27cddc985bb7 100644
--- a/src/chrome/content/rules/Scottish_Power.xml
+++ b/src/chrome/content/rules/Scottish_Power.xml
@@ -29,4 +29,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml b/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml
index c7e2c597bde0..3d17cfeea46c 100644
--- a/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml
+++ b/src/chrome/content/rules/Scottish_Power_Pipe_Band.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scrap_Orchard.xml b/src/chrome/content/rules/Scrap_Orchard.xml
index 69686d796496..d6a2fce8a737 100644
--- a/src/chrome/content/rules/Scrap_Orchard.xml
+++ b/src/chrome/content/rules/Scrap_Orchard.xml
@@ -5,7 +5,7 @@ Fetch error: http://scraporchard.com/ => https://scraporchard.com/: (60, 'SSL ce
 Fetch error: http://www.scraporchard.com/ => https://www.scraporchard.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Scrap Orchard" default_off='failed ruleset test'>
+<ruleset name="Scrap Orchard" default_off="failed ruleset test">
 
 	<target host="scraporchard.com" />
 	<target host="www.scraporchard.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.scraporchard.com/ => https://www.scraporchard.com/: (60,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scrapy.org.xml b/src/chrome/content/rules/Scrapy.org.xml
new file mode 100644
index 000000000000..aedf5c18402f
--- /dev/null
+++ b/src/chrome/content/rules/Scrapy.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Connection closed:
+		- mail
+
+	Timeout:
+		- snippets
+		- static
+-->
+<ruleset name="Scrapy.org">
+	<target host="scrapy.org" />
+	<target host="www.scrapy.org" />
+	<target host="doc.scrapy.org" />
+	<target host="docs.scrapy.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Screen_International.xml b/src/chrome/content/rules/Screen_International.xml
index ff79c00f89f7..a3c082b57e54 100644
--- a/src/chrome/content/rules/Screen_International.xml
+++ b/src/chrome/content/rules/Screen_International.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?screendaily\.com/"
 		to="https://www.screendaily.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Screenshot_machine.xml b/src/chrome/content/rules/Screenshot_machine.xml
index 093fc05725fb..17dc76efa95b 100644
--- a/src/chrome/content/rules/Screenshot_machine.xml
+++ b/src/chrome/content/rules/Screenshot_machine.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml b/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml
index 095984b321a9..b9694bb8c307 100644
--- a/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml
+++ b/src/chrome/content/rules/ScribbleLive.com-falsemixed.xml
@@ -8,7 +8,7 @@ Fetch error: http://www2.scribblelive.com/ => https://www.scribblelive.com/: (51
 	For rules not causing false/broken MCB, see ScribbleLive.com.xml.
 
 -->
-<ruleset name="ScribbleLive.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="ScribbleLive.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ScribbleLive.com.xml b/src/chrome/content/rules/ScribbleLive.com.xml
index c9ceff6b6d9d..f3feaff9a0c7 100644
--- a/src/chrome/content/rules/ScribbleLive.com.xml
+++ b/src/chrome/content/rules/ScribbleLive.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://scribblelive.com/ => https://scribblelive.com/: (51, "SSL: n
 		- help ¹
 		- www ²
 		- www2 ¹
-	
+
 	² Mixed css
 	¹ Mismatched
 
@@ -42,7 +42,7 @@ Fetch error: http://scribblelive.com/ => https://scribblelive.com/: (51, "SSL: n
 	* Secured by us
 
 -->
-<ruleset name="ScribbleLive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ScribbleLive.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Scribd.com.xml b/src/chrome/content/rules/Scribd.com.xml
index 72988c0678a9..560af2cef19a 100644
--- a/src/chrome/content/rules/Scribd.com.xml
+++ b/src/chrome/content/rules/Scribd.com.xml
@@ -1,15 +1,5 @@
 <!--
 	CDN buckets:
-
-		- s3.amazonaws.com/assets.scribd.com/
-		- s3.amazonaws.com/html.scribd.com/
-
-		- s3.amazonaws.com/reflow.scribd.com/...
-
-			- img.scribd.com
-
-		- s3.amazonaws.com/sprited-images.scribd.com/
-		- s3.amazonaws.com/s3.scribd.com/
 		- d.scribd.com.cdngc.net
 
 		- s.scribd.com.cdngc.net/...
@@ -46,6 +36,7 @@
 			- blog ¹
 			- d ²
 			- support ³
+      - html
 
 	¹ wpengine
 	² AmazonAWS 403; mismatched, CN: ssl2?.cdngc.net
@@ -56,14 +47,12 @@
 
 		- scribd.com subdomains:
 
-			- html ¹
 			- img ¹
 			- s ²
 
 		- img.scribdassets.com ²
 		- img[1-4].scribdassets.com ²
 
-	¹ AmazonAWS
 	² 403; mismatched, CN: ssl2?.cdngc.net
 
 
@@ -80,7 +69,6 @@
 
 			- ^
 			- fonts
-			- html		(→ html.scribdassets.com)
 			- htmlcdn
 			- img		(-> s3.amazonaws.com)
 			- origin-s
@@ -99,12 +87,6 @@
 
 				- [1-4]
 
-			- html
-
-			- html\d:
-
-				- [1-4]
-
 			- htmlimg\d:
 
 				- [1-4]
@@ -142,49 +124,20 @@
 
 	<target host="scribd.com" />
 	<target host="*.scribd.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.scribd\.com/doc/\d+/[\w-]+($|\?)" /-->
-		<!--
-			More conservatively:
-						-->
-		<exclusion pattern="^http://www\.scribd\.com/doc(?:$|[?/])" />
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www\.scribd\.com/+(?!aggregated/|embeds/|favicon\.ico|images/|(?:about|account-settings|adchoices|archive|books?|browse|contact|copyright|developers|faq|fullscreen|giftcards|jobs|leadership|login|mobile|notifications|payments|privacy|profiles|publishers|read|[Ss]cribd|static|store_purchase|subscribe|terms|upload-document|zendesk_session)(?:$|[?/])|options/|ssi/)" /-->
-	<target host="*.scribdassets.com" />
+    <test url="http://viewer.scribd.com/" />
+    <test url="http://sk.scribd.com/" />
+    <test url="http://sl.scribd.com/" />
 
+	<target host="*.scribdassets.com" />
+    <test url="http://support.scribdassets.com/" />
+    <test url="http://shop.scribdassets.com/" />
+    <test url="http://article-imgs.scribdassets.com/" />
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^\.scribd\.com$" name="^(_scribd_session|scribd_ubtc)$" /-->
 	<securecookie host="^\.scribdassets\.com$" name="^scribd_ubtc$" />
 
-
-	<rule from="^http://html\.scribd\.com/"
-		to="https://html.scribassets.com/" />
-
-	<rule from="^http://img\.scribd\.com/"
-		to="https://s3.amazonaws.com/img.scribd.com/" />
-
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://s\.scribd\.com/+"
-		to="https://www.scribd.com/" />
-
-	<rule from="^http://support\.scribd\.com/(?=favicon\.ico|generated/|images/|system/)"
-		to="https://assets.zendesk.com/" />
-
-	<rule from="^http://((?:fonts|htmlcdn|rat|rs\d?|www)\.)?scribd\.com/"
-		to="https://$1scribd.com/" />
-
-	<rule from="^http://img(\d)\.scribdassets\.com/"
-		to="https://imgv2-$1.scribdassets.com/" />
-
-	<rule from="^http://(fonts\d|html\d?|htmlimg\d|imgv2|imgv2-\d|imgv2-\d-f|s\d|s\d-f)\.scribdassets\.com/"
-		to="https://$1.scribdassets.com/" />
-
-
+  <rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Scribol.xml b/src/chrome/content/rules/Scribol.xml
deleted file mode 100644
index 87aad745d305..000000000000
--- a/src/chrome/content/rules/Scribol.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d19zu6w56v1jx5.cloudfront.net
-
-		- d25h0msi7seflc.cloudfront.net
-
-			- static.scribol.com
-
-		- dmgyobx0feqxw.cloudfront.net
-
-			- images.scribol.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.)
-		- u
-
--->
-<ruleset name="Scribol (partial)">
-
-	<target host="*.scribol.com" />
-
-
-	<rule from="^http://images\.scribol\.com/"
-		to="https://dmgyobx0feqxw.cloudfront.net/" />
-
-	<rule from="^http://static\.scribol\.com/"
-		to="https://d25h0msi7seflc.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ScriptSource.xml b/src/chrome/content/rules/ScriptSource.xml
index 4a9459d67b6d..bf18d2e4d22d 100644
--- a/src/chrome/content/rules/ScriptSource.xml
+++ b/src/chrome/content/rules/ScriptSource.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://(www\.)?scriptsource\.org/cms/(assets/|local/|scripts/(?:page\.php\?item_id=(?:login_page|registration_form)|render_graphic\.php)|sites/)"
 		to="https://$1scriptsource.org/cms/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Scriptfodder.com.xml b/src/chrome/content/rules/Scriptfodder.com.xml
index 50ad62f7a6c4..23710f7e831a 100644
--- a/src/chrome/content/rules/Scriptfodder.com.xml
+++ b/src/chrome/content/rules/Scriptfodder.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://media.scriptfodder.com/ => https://media.scriptfodder.com/: (6, 'Could not resolve host: media.scriptfodder.com')
 
 -->
-<ruleset name="ScriptFodder" default_off='failed ruleset test'>
+<ruleset name="ScriptFodder" default_off="failed ruleset test">
   <target host="scriptfodder.com" />
   <target host="www.scriptfodder.com" />
   <target host="cdn.scriptfodder.com" />
diff --git a/src/chrome/content/rules/Scripting-News.xml b/src/chrome/content/rules/Scripting-News.xml
deleted file mode 100644
index b52d44fc215d..000000000000
--- a/src/chrome/content/rules/Scripting-News.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Scripting News (partial)">
-
-	<target host="static.scripting.com" />
-
-
-	<rule from="^http://static\.scripting\.com/"
-		to="https://s3.amazonaws.com/static.scripting.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Scruss.com.xml b/src/chrome/content/rules/Scruss.com.xml
new file mode 100644
index 000000000000..04731078a623
--- /dev/null
+++ b/src/chrome/content/rules/Scruss.com.xml
@@ -0,0 +1,12 @@
+<!--
+	SSL protocol error:
+		- uncle.scruss.com
+		- wind.scruss.com
+-->
+
+<ruleset name="Scruss.com">
+	<target host="scruss.com" />
+	<target host="www.scruss.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Scsstatic.ch.xml b/src/chrome/content/rules/Scsstatic.ch.xml
deleted file mode 100644
index f5036cec5aab..000000000000
--- a/src/chrome/content/rules/Scsstatic.ch.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Swisscom coverage, see Swisscom.ch.xml.
-
-
-	^scsstatic.ch does not exist
-
-
-	Fully covered subdomains:
-
-		- www.res[12]
-		- www
-
--->
-<ruleset name="scsstatic.ch">
-
-	<target host="www.scsstatic.ch" />
-	<target host="www.res1.scsstatic.ch" />
-	<target host="www.res2.scsstatic.ch" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Scubbly.xml b/src/chrome/content/rules/Scubbly.xml
index e646ebfe373b..3a9b2b396325 100644
--- a/src/chrome/content/rules/Scubbly.xml
+++ b/src/chrome/content/rules/Scubbly.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(www\.)?scubbly\.com/(bot-trap|css|images|js)/"
 		to="https://$1scubbly.com/$2/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sculpteo.com.xml b/src/chrome/content/rules/Sculpteo.com.xml
index 891114dacf52..520bd3dd3eae 100644
--- a/src/chrome/content/rules/Sculpteo.com.xml
+++ b/src/chrome/content/rules/Sculpteo.com.xml
@@ -16,7 +16,9 @@
 <ruleset name="Sculpteo.com (partial)">
 
 	<target host="sculpteo.com" />
-	<target host="*.sculpteo.com" />
+	<target host="www.sculpteo.com" />
+	<target host="3dpcase.sculpteo.com" />
+	<target host="pro.sculpteo.com" />
 		<exclusion pattern="^http://(?:3dpcase\.|pro\.|www\.)?sculpteo\.com/(?!\w\w/(?:account|jsi18n|jsurl)/|favicon\.ico|media/|static/|terms_\w\w(?:$|[?/]))" />
 
 
@@ -26,7 +28,6 @@
 	<rule from="^http://(?:www\.)?sculpteo\.com/"
 		to="https://www.sculpteo.com/" />
 
-	<rule from="^http://(3dpcase|pro)\.sculpteo\.com/"
-		to="https://$1.sculpteo.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Seacloud.xml b/src/chrome/content/rules/Seacloud.xml
deleted file mode 100644
index 2e187b81cac7..000000000000
--- a/src/chrome/content/rules/Seacloud.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Seacloud">
-
-	<target host="seacloud.cc" />
-	<target host="www.seacloud.cc" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Seafile-Server.de.xml b/src/chrome/content/rules/Seafile-Server.de.xml
index 31f02f9c37b7..ca42d899759e 100644
--- a/src/chrome/content/rules/Seafile-Server.de.xml
+++ b/src/chrome/content/rules/Seafile-Server.de.xml
@@ -25,12 +25,15 @@ Fetch error: http://www.seafileserver.de/ => https://www.seafileserver.de/: (51,
 		- wiki.seafile-server.de
 
 -->
-<ruleset name="Seafile-Server.de" default_off='failed ruleset test'>
+<ruleset name="Seafile-Server.de" default_off="failed ruleset test">
 
 	<target host="seafileserver.de" />
 	<target host="www.seafileserver.de" />
 	<target host="seafile-server.de" />
-	<target host="*.seafile-server.de" />
+	<target host="demo.seafile-server.de" />
+	<target host="shop.seafile-server.de" />
+	<target host="wiki.seafile-server.de" />
+	<target host="www.seafile-server.de" />
 
 
 	<!--securecookie host="^(www\.)?seafile-?server\.de$" name="^wfvt_\d+$" /-->
@@ -42,10 +45,6 @@ Fetch error: http://www.seafileserver.de/ => https://www.seafileserver.de/: (51,
 	<securecookie host="^(?:(?:demo|shop|wiki|www)\.)?seafile-server\.de$" name=".+" />
 
 
-	<rule from="^http://(www\.)?seafileserver\.de/"
-		to="https://$1seafileserver.de/" />
-
-	<rule from="^http://((?:demo|shop|wiki|www)\.)?seafile-server\.de/"
-		to="https://$1seafile-server.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Seafile.xml b/src/chrome/content/rules/Seafile.xml
index 9a6ea2198cbb..27e1972e1960 100644
--- a/src/chrome/content/rules/Seafile.xml
+++ b/src/chrome/content/rules/Seafile.xml
@@ -13,7 +13,7 @@ Fetch error: http://cloud.seafile.com/ => https://cloud.seafile.com/: (51, "SSL:
 		- (www.)	(shows seacloud.cc; mismatched, CN: cloud.seafile.com)
 
 -->
-<ruleset name="Seafile (partial)" default_off='failed ruleset test'>
+<ruleset name="Seafile (partial)" default_off="failed ruleset test">
 
 	<target host="cloud.seafile.com" />
 
diff --git a/src/chrome/content/rules/Seagate.com.xml b/src/chrome/content/rules/Seagate.com.xml
index e2070066871a..4b304d7d4cdd 100644
--- a/src/chrome/content/rules/Seagate.com.xml
+++ b/src/chrome/content/rules/Seagate.com.xml
@@ -63,7 +63,7 @@ Fetch error: http://wwwlacie.seagate.com/ => https://wwwlacie.seagate.com/: (6,
 		- wwwlacie.seagate.com
 
 -->
-<ruleset name="Seagate.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Seagate.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sealed_Abstract.com.xml b/src/chrome/content/rules/Sealed_Abstract.com.xml
index dccd2d7917df..4249a3510acb 100644
--- a/src/chrome/content/rules/Sealed_Abstract.com.xml
+++ b/src/chrome/content/rules/Sealed_Abstract.com.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://www\.sealedabstract\.com/[^?]*(\?.*)?"
 		to="https://sealedabstract.com/index.php$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seamonkey-project.org.xml b/src/chrome/content/rules/Seamonkey-project.org.xml
new file mode 100644
index 000000000000..8410566912e6
--- /dev/null
+++ b/src/chrome/content/rules/Seamonkey-project.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Seamonkey-project.org">
+	<target host="seamonkey-project.org" />
+	<target host="www.seamonkey-project.org" />
+	<target host="blog.seamonkey-project.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Seanmckaybeck.com.xml b/src/chrome/content/rules/Seanmckaybeck.com.xml
index c84a0cde9e3f..e7037a6997a5 100644
--- a/src/chrome/content/rules/Seanmckaybeck.com.xml
+++ b/src/chrome/content/rules/Seanmckaybeck.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://seanmckaybeck.com/ => https://seanmckaybeck.com/: (7, 'Failed to connect to seanmckaybeck.com port 443: Connection refused')
 
 -->
-<ruleset name="Seanmckaybeck.com" default_off='failed ruleset test'>
+<ruleset name="Seanmckaybeck.com" default_off="failed ruleset test">
   <target host="seanmckaybeck.com" />
 
   <rule from="^http://(?:www\.)?seanmckaybeck\.com/" to="https://seanmckaybeck.com/" />
diff --git a/src/chrome/content/rules/Search_Commander.xml b/src/chrome/content/rules/Search_Commander.xml
index e4e71029dc45..ca7d8d9f8737 100644
--- a/src/chrome/content/rules/Search_Commander.xml
+++ b/src/chrome/content/rules/Search_Commander.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Searchfox.org.xml b/src/chrome/content/rules/Searchfox.org.xml
deleted file mode 100644
index 326d7cef2eb8..000000000000
--- a/src/chrome/content/rules/Searchfox.org.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Searchfox.org">
-
-	<target host="searchfox.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Searchmarketing.com.xml b/src/chrome/content/rules/Searchmarketing.com.xml
deleted file mode 100644
index 70e174a37ed9..000000000000
--- a/src/chrome/content/rules/Searchmarketing.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="searchmarketing.com">
-
-	<target host="*.searchmarketing.com" />
-
-
-	<securecookie host="^(?:tracking)?\.searchmarketing\.com$" name=".+" />
-
-
-	<rule from="^http://tracking\.searchmarketing\.com/"
-		to="https://tracking.searchmarketing.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sears.com.xml b/src/chrome/content/rules/Sears.com.xml
index dc843bf098f6..ab46c9424edc 100644
--- a/src/chrome/content/rules/Sears.com.xml
+++ b/src/chrome/content/rules/Sears.com.xml
@@ -1,34 +1,29 @@
 <!--
-	Other Sears Holdings rulesets:
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://shop.sears.com/ => https://shop.sears.com/: (28, 'Connection timed out after 20000 milliseconds')
 
+	Other Sears Holdings rulesets:
 		- FitStudio.com.xml
 		- Kmart.com.xml
 		- Sears_Commerce_Services.com.xml
 		- Sears_Ecommerce_Jobs.com.xml
-		- Sears_Labs.com.xml
 		- SHld.net.xml
 		- Shop_Your_Way.com.xml
 		- SYW_CDN.net.xml
 
-
 	sears.com.d1.sc.omtrdc.net
-
 		- om
 
-
 	Problematic subdomains:
-
 		- ^	(cert only matches www)
 		- om	(mismatched, CN: *.d1.sc.omtrdc.net)
 
 
 	Partially covered subdomains:
-
 		- (www.)	(^ → www, some pages redirect to login)
 
-
 	Fully covered subdomains:
-
 		- davidtuterajewelry
 		- handbooks
 		- seller.marketplace
@@ -48,18 +43,12 @@
 <ruleset name="Sears.com (partial)">
 
 	<target host="*.sears.com" />
-
+    <test url="http://ux.sears.com/" />
+    <test url="http://z.sears.com/" />
+    <test url="http://local.sears.com/" />
 
 	<securecookie host="^(?:\.handbooks|seller\.marketplace|oascentral)\.sears\.com$" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?sears\.com/(?=favicon\.ico|shc/s/UserLogonFormView(?:$|[?/]))"
-		to="https://www.sears.com/" />
-
-	<rule from="^http://om\.sears\.com/"
-		to="https://sears-com.d1.sc.omtrdc.net/" />
-
-	<rule from="^http://(davidtuterajewelry|handbooks|seller\.marketplace|oascentral|s7|ux)\.sears\.com/"
-		to="https://$1.sears.com/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml b/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml
index b3615aa29b61..1fba6280c618 100644
--- a/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml
+++ b/src/chrome/content/rules/Sears_Ecommerce_Jobs.com.xml
@@ -15,7 +15,7 @@ Non-2xx HTTP code: http://www.searsecommercejobs.com/ (200) => https://www.sears
 		- Images from www.searslabs.com
 
 -->
-<ruleset name="Sears Ecommerce Jobs.com" default_off='failed ruleset test'>
+<ruleset name="Sears Ecommerce Jobs.com" default_off="failed ruleset test">
 
 	<target host="searsecommercejobs.com" />
 	<target host="www.searsecommercejobs.com" />
diff --git a/src/chrome/content/rules/Seasonal.ly.xml b/src/chrome/content/rules/Seasonal.ly.xml
index dd8a787a4992..6aafd5e5d53a 100644
--- a/src/chrome/content/rules/Seasonal.ly.xml
+++ b/src/chrome/content/rules/Seasonal.ly.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SeattleAquarium.org.xml b/src/chrome/content/rules/SeattleAquarium.org.xml
index 206755a1bf51..a31ba8e2a3ba 100644
--- a/src/chrome/content/rules/SeattleAquarium.org.xml
+++ b/src/chrome/content/rules/SeattleAquarium.org.xml
@@ -1,16 +1,21 @@
 <!--
 	Invalid certificate:
-		m.seattleaquarium.org
-		www2.seattleaquarium.org
-	Refused:
-		seattleaquarium.org
-		blog.seattleaquarium.org
+		- seattleaquarium.org
+		- m.seattleaquarium.org
+		- www2.seattleaquarium.org
+
+	Active mixed content:
+		- blog.seattleaquarium.org
 -->
+
 <ruleset name="Seattle Aquarium">
+	<target host="seattleaquarium.org" />
 	<target host="www.seattleaquarium.org" />
 	<target host="tickets.seattleaquarium.org" />
 
 	<securecookie host="^(www|tickets)\.seattleaquarium\.org$" name=".+" />
 
+	<rule from="^http://seattleaquarium\.org/"
+		  to="https://www.seattleaquarium.org/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SeattleIX.net.xml b/src/chrome/content/rules/SeattleIX.net.xml
index 9be005b0d708..8931c922089d 100644
--- a/src/chrome/content/rules/SeattleIX.net.xml
+++ b/src/chrome/content/rules/SeattleIX.net.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sebastian_Wick.net.xml b/src/chrome/content/rules/Sebastian_Wick.net.xml
index ef257d56533c..4987972deea3 100644
--- a/src/chrome/content/rules/Sebastian_Wick.net.xml
+++ b/src/chrome/content/rules/Sebastian_Wick.net.xml
@@ -19,6 +19,6 @@
 	<rule from="^http://www\.sebastianwick\.net/"
 			to="https://sebastianwick.net/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SecDev.ca.xml b/src/chrome/content/rules/SecDev.ca.xml
index f23dc09c4e07..7a27c21eb9c2 100644
--- a/src/chrome/content/rules/SecDev.ca.xml
+++ b/src/chrome/content/rules/SecDev.ca.xml
@@ -9,7 +9,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="SecDev.ca" default_off="missing certificate chain">
+<ruleset name="SecDev.ca" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SecondMarket.com.xml b/src/chrome/content/rules/SecondMarket.com.xml
index 8591b3f59bfb..915244da49a4 100644
--- a/src/chrome/content/rules/SecondMarket.com.xml
+++ b/src/chrome/content/rules/SecondMarket.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.secondmarket.com/ => https://www.secondmarket.com/: (28,
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="SecondMarket.com" default_off='failed ruleset test'>
+<ruleset name="SecondMarket.com" default_off="failed ruleset test">
 
 	<target host="secondmarket.com" />
 	<target host="www.secondmarket.com" />
diff --git a/src/chrome/content/rules/Second_Life.com.xml b/src/chrome/content/rules/Second_Life.com.xml
index 023f9734c027..1b3456c6d95b 100644
--- a/src/chrome/content/rules/Second_Life.com.xml
+++ b/src/chrome/content/rules/Second_Life.com.xml
@@ -69,7 +69,7 @@ Fetch error: http://lists.secondlife.com/ => https://lists.secondlife.com/: (60,
 	* Secured by us
 
 -->
-<ruleset name="Second Life.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Second Life.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Second_Look_Forensics.com.xml b/src/chrome/content/rules/Second_Look_Forensics.com.xml
index 1d9b9397372c..ec298e1dfa1e 100644
--- a/src/chrome/content/rules/Second_Look_Forensics.com.xml
+++ b/src/chrome/content/rules/Second_Look_Forensics.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://secondlookforensics.com/ => https://secondlookforensics.com/
 Fetch error: http://www.secondlookforensics.com/ => https://www.secondlookforensics.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Second Look Forensics.com" default_off='failed ruleset test'>
+<ruleset name="Second Look Forensics.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Section9.co.uk.xml b/src/chrome/content/rules/Section9.co.uk.xml
deleted file mode 100644
index f8efdea71536..000000000000
--- a/src/chrome/content/rules/Section9.co.uk.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="section9.co.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="section9.co.uk" />
-	<target host="www.section9.co.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Secular.org.xml b/src/chrome/content/rules/Secular.org.xml
index 4807c558dafe..49d8aeba0ad9 100644
--- a/src/chrome/content/rules/Secular.org.xml
+++ b/src/chrome/content/rules/Secular.org.xml
@@ -31,7 +31,7 @@
 					-->
 	<!--securecookie host="^\.secular\.org$" name="^SESS[\da-f]{32}$" /-->
 
-  <securecookie host="^(?:.+\.)?secular\.org$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Secunet.xml b/src/chrome/content/rules/Secunet.xml
index 17babcb9ab1d..23e91e9edb60 100644
--- a/src/chrome/content/rules/Secunet.xml
+++ b/src/chrome/content/rules/Secunet.xml
@@ -1,7 +1,8 @@
 <ruleset name="secunet (partial)">
 
 	<target host="secunet.com" />
-	<target host="*.secunet.com" />
+	<target host="www.secunet.com" />
+	<target host="sinaportal.secunet.com" />
 
 
 	<!--	Tracking cookies:
diff --git a/src/chrome/content/rules/Secur1ty.com.xml b/src/chrome/content/rules/Secur1ty.com.xml
deleted file mode 100644
index 2369cd3286e1..000000000000
--- a/src/chrome/content/rules/Secur1ty.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Fully covered hosts in *secur1ty.com:
-
-		- (www.)?
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- secur1ty.com
-		- .secur1ty.com
-
-
-	Mixed content:
-
-		- Images from purify.s3.amazonaws.com *
-
-	* Secured by us
-
--->
-<ruleset name="Secur1ty.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secur1ty.com" />
-	<target host="www.secur1ty.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^secur1ty\.com$" name="^csrftoken$" /-->
-	<!--securecookie host="^\.secur1ty\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.?secur1ty\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Secure-Endpoints.com.xml b/src/chrome/content/rules/Secure-Endpoints.com.xml
index a0103cc58d7a..c065ee9239c5 100644
--- a/src/chrome/content/rules/Secure-Endpoints.com.xml
+++ b/src/chrome/content/rules/Secure-Endpoints.com.xml
@@ -19,7 +19,7 @@ Non-2xx HTTP code: http://secure-endpoints.com/ (200) => https://secure-endpoint
 			- www.h5l.org
 
 -->
-<ruleset name="Secure-Endpoints.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Secure-Endpoints.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Secure-OS.org.xml b/src/chrome/content/rules/Secure-OS.org.xml
deleted file mode 100644
index 4c06ec5c6ad0..000000000000
--- a/src/chrome/content/rules/Secure-OS.org.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	www.secure-os.org: Mismatched
-
--->
-<ruleset name="Secure-OS.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secure-os.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.secure-os.org" />
-
-
-	<rule from="^http://www\.secure-os\.org/"
-		to="https://secure-os.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Secure-resumption.com.xml b/src/chrome/content/rules/Secure-resumption.com.xml
index a5b8749d7494..4467fbcff6e5 100644
--- a/src/chrome/content/rules/Secure-resumption.com.xml
+++ b/src/chrome/content/rules/Secure-resumption.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://secure-resumption.com/ => https://secure-resumption.com/: (6
 Fetch error: http://www.secure-resumption.com/ => https://www.secure-resumption.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="secure-resumption.com" default_off='failed ruleset test'>
+<ruleset name="secure-resumption.com" default_off="failed ruleset test">
 
 	<target host="secure-resumption.com" />
 	<target host="www.secure-resumption.com" />
diff --git a/src/chrome/content/rules/Secure-secure.co.uk.xml b/src/chrome/content/rules/Secure-secure.co.uk.xml
index 458e21653e97..8268a68bf215 100644
--- a/src/chrome/content/rules/Secure-secure.co.uk.xml
+++ b/src/chrome/content/rules/Secure-secure.co.uk.xml
@@ -9,4 +9,4 @@
 	<rule from="^http://web(\d+)\.secure-secure\.co\.uk/"
 		to="https://web$1.secure-secure.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secure-u.de.xml b/src/chrome/content/rules/Secure-u.de.xml
deleted file mode 100644
index f902f1b67328..000000000000
--- a/src/chrome/content/rules/Secure-u.de.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Mismatched:
-		- ksp
-
-	Self-signed:
-		- keyserver
--->
-
-<ruleset name="secure-u.de">
-	<target host="secure-u.de" />
-	<target host="www.secure-u.de" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Secure-zone.net.xml b/src/chrome/content/rules/Secure-zone.net.xml
index 897011645b5b..dfe4fd47d48b 100644
--- a/src/chrome/content/rules/Secure-zone.net.xml
+++ b/src/chrome/content/rules/Secure-zone.net.xml
@@ -9,4 +9,4 @@
 	<rule from="^http://asp-(\w\w)\.secure-zone\.net/"
 		to="https://asp-$1.secure-zone.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Secure.me.xml b/src/chrome/content/rules/Secure.me.xml
index c0054349901c..e5be782272c1 100644
--- a/src/chrome/content/rules/Secure.me.xml
+++ b/src/chrome/content/rules/Secure.me.xml
@@ -7,7 +7,7 @@ Fetch error: http://wp.secure.me/ => https://wp.secure.me/: (51, "SSL: no altern
 Fetch error: http://www.secure.me/ => https://www.secure.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.secure.me'")
 
 -->
-<ruleset name="secure.me" default_off='failed ruleset test'>
+<ruleset name="secure.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Secure.metoffice.gov.uk.xml b/src/chrome/content/rules/Secure.metoffice.gov.uk.xml
deleted file mode 100644
index 00c20beefbc3..000000000000
--- a/src/chrome/content/rules/Secure.metoffice.gov.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Secure.metoffice.gov.uk (partial)">
-
-	<!--	Direct rewrites:
-				-->
-  <target host="secure.metoffice.gov.uk" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/SecureConnect.com.xml b/src/chrome/content/rules/SecureConnect.com.xml
deleted file mode 100644
index 0d907d971ed9..000000000000
--- a/src/chrome/content/rules/SecureConnect.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Trustwave coverage, see Trustwave.xml.
-
--->
-<ruleset name="SecureConnect.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secureconnect.com" />
-	<target host="www.secureconnect.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SecureNet.com.xml b/src/chrome/content/rules/SecureNet.com.xml
index c349026ff5e5..46ef3d54aaac 100644
--- a/src/chrome/content/rules/SecureNet.com.xml
+++ b/src/chrome/content/rules/SecureNet.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://securenet.com/ => https://www.securenet.com/: (60, 'SSL cert
 	* Secured by us
 
 -->
-<ruleset name="SecureNet.com" default_off='failed ruleset test'>
+<ruleset name="SecureNet.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SecurePro_Software.xml b/src/chrome/content/rules/SecurePro_Software.xml
index eef53662e1aa..67b5ad5c1904 100644
--- a/src/chrome/content/rules/SecurePro_Software.xml
+++ b/src/chrome/content/rules/SecurePro_Software.xml
@@ -14,7 +14,7 @@ Non-2xx HTTP code: http://www.secureprosoftware.com/ (200) => https://securepros
 	www: mismatched, CN: *.websitewelcome.com
 
 -->
-<ruleset name="SecurePro Software.com" default_off='failed ruleset test'>
+<ruleset name="SecurePro Software.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SecureProxySite.com.xml b/src/chrome/content/rules/SecureProxySite.com.xml
new file mode 100644
index 000000000000..fbe8574d621c
--- /dev/null
+++ b/src/chrome/content/rules/SecureProxySite.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Down (403):
+		blog.secureproxysite.com
+-->
+<ruleset name="SecureProxySite.com">
+	<target host="secureproxysite.com" />
+	<target host="www.secureproxysite.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Secure_Upload.eu.xml b/src/chrome/content/rules/Secure_Upload.eu.xml
index 0e0b1cd829f2..f33df7148e0f 100644
--- a/src/chrome/content/rules/Secure_Upload.eu.xml
+++ b/src/chrome/content/rules/Secure_Upload.eu.xml
@@ -5,7 +5,7 @@ Fetch error: http://secureupload.eu/ => https://secureupload.eu/: (60, 'SSL cert
 Fetch error: http://www.secureupload.eu/ => https://www.secureupload.eu/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Secure Upload.eu" default_off='failed ruleset test'>
+<ruleset name="Secure Upload.eu" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Securepaynet.net.xml b/src/chrome/content/rules/Securepaynet.net.xml
index 9df833c24043..f998631620d3 100644
--- a/src/chrome/content/rules/Securepaynet.net.xml
+++ b/src/chrome/content/rules/Securepaynet.net.xml
@@ -1,51 +1,22 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cart.securepaynet.net/ => https://cart.securepaynet.net/: (6, 'Could not resolve host: cart.securepaynet.net')
-Fetch error: http://help.securepaynet.net/ => https://help.securepaynet.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://m.securepaynet.net/ => https://m.securepaynet.net/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://mya.securepaynet.net/ => https://mya.securepaynet.net/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://who.securepaynet.net/ => https://who.securepaynet.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.securepaynet.net/ => https://www.securepaynet.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://securepaynet.net/ => https://www.securepaynet.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Nonfunctional hosts in *securepaynet.net:
-
-		- cdrapplication *
-
-	* Dropped
-
-
-	Fully covered domains:
-
-		- securepaynet.net	(→ www.securepaynet.net)
-
-		- \w+.securepaynet.net:
-
-			- cart
-			- help
-			- idp
-			- imagesak
-			- img
-			- m
-			- mya
-			- who
-			- www
-
-		- img[1-5].wsimg.com
-		- nebula.wsimg.com
-
-
-	These altnames don't exist:
-
-		- www.cdrapplication.securepaynet.net
-
+	Chain issue (missing intermediate):
+		- custom.securepaynet.net
+
+	Invalid certificate:
+		- securepaynet.net
+		- www.securepaynet.net
+		- cdrapplication.securepaynet.net
+		- dream.securepaynet.net
+		- help.securepaynet.net
+		- idp.securepaynet.net
+		- mcc.securepaynet.net
+		- who.securepaynet.net
+
+	SSL error:
+		- imagesak.securepaynet.net
 -->
-<ruleset name="Securepaynet.net (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="*.securepaynet.net" />
+<ruleset name="Securepaynet.net (partial)">
+	<target host="img.securepaynet.net" />
 	<target host="img1.wsimg.com" />
 	<target host="img2.wsimg.com" />
 	<target host="img3.wsimg.com" />
@@ -53,37 +24,7 @@ Fetch error: http://securepaynet.net/ => https://www.securepaynet.net/: (60, 'SS
 	<target host="img5.wsimg.com" />
 	<target host="nebula.wsimg.com" />
 
-	<!--	Complications:
-				-->
-	<target host="securepaynet.net" />
-
-		<test url="http://cart.securepaynet.net/" />
-		<test url="http://help.securepaynet.net/" />
-		<test url="http://idp.securepaynet.net/" />
-		<test url="http://imagesak.securepaynet.net/" />
-		<test url="http://img.securepaynet.net/" />
-		<test url="http://m.securepaynet.net/" />
-		<test url="http://mya.securepaynet.net/" />
-		<test url="http://who.securepaynet.net/" />
-		<test url="http://www.securepaynet.net/" />
-
-		<test url="http://img1.wsimg.com/pc/img/1/trademark/registered/gd_logo.png" />
-		<test url="http://img2.wsimg.com/shared/css/1/styles_20130904.min.css" />
-		<test url="http://img3.wsimg.com/fos/liveperson/css/chat-window_20140205.css" />
-
-		<test url="http://nebula.wsimg.com/db394cfe535cca591a8e82dfd8d6a691?AccessKeyId=2B185B4E8590A8981EBB&amp;disposition=0&amp;alloworigin=1" />
-
-
-	<securecookie host="^(?:.*\.)?securepaynet\.net$" name=".+" />
-
-
-	<rule from="^http://securepaynet\.net/"
-		to="https://www.securepaynet.net/" />
-
-	<rule from="^http://(\w+)\.securepaynet\.net/"
-		to="https://$1.securepaynet.net/" />
-
-	<rule from="^http://(img\d|nebula)\.wsimg\.com/"
-		to="https://$1.wsimg.com/" />
+	<securecookie host="^(.*\.)?securepaynet\.net$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Securepicssl.com.xml b/src/chrome/content/rules/Securepicssl.com.xml
index ad62d1fde611..f54a687d65ec 100644
--- a/src/chrome/content/rules/Securepicssl.com.xml
+++ b/src/chrome/content/rules/Securepicssl.com.xml
@@ -8,10 +8,10 @@
 	<target host="*.securepcissl.com" />
 
 
-	<securecookie host="^(?:.*\.)?securepicssl\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+\.)?securepcissl\.com/"
 		to="https://$1securepcissl.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Securepurchaseserver.com.xml b/src/chrome/content/rules/Securepurchaseserver.com.xml
index 500180d9f009..0504d294920a 100644
--- a/src/chrome/content/rules/Securepurchaseserver.com.xml
+++ b/src/chrome/content/rules/Securepurchaseserver.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.securepurchaseserver2.com/ => https://securepurchaseserv
 	Cert doesn't match www.
 
 -->
-<ruleset name="securepurchaseserver.com" default_off='failed ruleset test'>
+<ruleset name="securepurchaseserver.com" default_off="failed ruleset test">
 
 	<target host="securepurchaseserver.com" />
 	<target host="www.securepurchaseserver.com" />
diff --git a/src/chrome/content/rules/Securetrust.com.xml b/src/chrome/content/rules/Securetrust.com.xml
index e12a776915b4..82c6e8178f34 100644
--- a/src/chrome/content/rules/Securetrust.com.xml
+++ b/src/chrome/content/rules/Securetrust.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://securetrust.com/ => https://www.securetrust.com/: (60, 'SSL
 	^securetrust.com: Cert only matches www.securetrust.com
 
 -->
-<ruleset name="securetrust.com (partial)" default_off='failed ruleset test'>
+<ruleset name="securetrust.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Secureuk.net.xml b/src/chrome/content/rules/Secureuk.net.xml
deleted file mode 100644
index eb9b4c4d9da3..000000000000
--- a/src/chrome/content/rules/Secureuk.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Blackfoot Hosting coverage, see Blackfoot.co.uk.xml.
-
--->
-<ruleset name="secureuk.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secureuk.net" />
-	<target host="www.secureuk.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Securing_the_Human.org.xml b/src/chrome/content/rules/Securing_the_Human.org.xml
index f115b395dd6b..79af1dfc1227 100644
--- a/src/chrome/content/rules/Securing_the_Human.org.xml
+++ b/src/chrome/content/rules/Securing_the_Human.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://help.securingthehuman.org/ => https://help.securingthehuman.
 	For other SANS Institute coverage, see SANS.org.xml.
 
 -->
-<ruleset name="Securing the Human.org" default_off='failed ruleset test'>
+<ruleset name="Securing the Human.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SecurityMetrics.xml b/src/chrome/content/rules/SecurityMetrics.xml
index 1cdeb574713a..0affd1a96e4f 100644
--- a/src/chrome/content/rules/SecurityMetrics.xml
+++ b/src/chrome/content/rules/SecurityMetrics.xml
@@ -6,7 +6,7 @@ Fetch error: http://web2.securitymetrics.com/ => https://web2.securitymetrics.co
 	Refused:
 		- blog
 -->
-<ruleset name="SecurityMetrics.com" default_off='failed ruleset test'>
+<ruleset name="SecurityMetrics.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SecurityWeek.com.xml b/src/chrome/content/rules/SecurityWeek.com.xml
index a8aebc99ade7..02478af12396 100644
--- a/src/chrome/content/rules/SecurityWeek.com.xml
+++ b/src/chrome/content/rules/SecurityWeek.com.xml
@@ -1,57 +1,18 @@
 <!--
-	Nonfunctional hosts in *securityweek.com:
-
-		- whitepapers *
-
-	* Shows default page
-
-
-	^securityweek.com: Mismatched
-	www.securityweek.com: Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these domains:
-
-		- .securityweek.com
-
-
-	Mixed content:
-
-		- Mixed script on www from securityweek.disqus.com
-
-		- Ads/web bugs, on www from:
-
-			- www.facebook.com *
-			- www.google.com *
-			- partner.googleadservices.com *
-			- platform.linkedin.com *
-
-	* Secured by us
-
-
-	mixedcontent due to script from securityweek.disqus.com.
-
+	Cloudflare error:
+		- s1.securityweek.com
 -->
-<ruleset name="SecurityWeek.com (partial)" platform="mixedcontent" default_off="missing certificate chain">
+<ruleset name="SecurityWeek.com">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="www.securityweek.com" />
-
-	<!--	Complications:
-				-->
 	<target host="securityweek.com" />
+	<target host="www.securityweek.com" />
 
 
 	<!--	Not secured by server:
 					-->
 	<!--securecookie host="^\.securityweek\.com$" name="^SESS[\da-f]{32}$" /-->
 
-	<securecookie host="^(?:www)?\.securityweek\.com$" name=".+" />
-
-
-	<rule from="^http://securityweek\.com/"
-		to="https://www.securityweek.com/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Security_Conference.de.xml b/src/chrome/content/rules/Security_Conference.de.xml
index 083d6fc956cd..dd5782317f03 100644
--- a/src/chrome/content/rules/Security_Conference.de.xml
+++ b/src/chrome/content/rules/Security_Conference.de.xml
@@ -8,7 +8,7 @@
 	<target host="www.securityconference.de" />
 
 
-	<securecookie host="^(?:.*\.)?securityconference\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Security_Experten.com-falsemixed.xml b/src/chrome/content/rules/Security_Experten.com-falsemixed.xml
index 8b79dc5de9e6..1ffc6ea015a1 100644
--- a/src/chrome/content/rules/Security_Experten.com-falsemixed.xml
+++ b/src/chrome/content/rules/Security_Experten.com-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://securityexperten.com/ => https://www.securityexperten.com/:
 	For rules not causing false/broken MCB, see Security_Experten.com.xml.
 
 -->
-<ruleset name="Security Experten.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Security Experten.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="securityexperten.com" />
 	<target host="*.securityexperten.com" />
diff --git a/src/chrome/content/rules/Security_Experten.com.xml b/src/chrome/content/rules/Security_Experten.com.xml
index 6994b383b992..a06db1046187 100644
--- a/src/chrome/content/rules/Security_Experten.com.xml
+++ b/src/chrome/content/rules/Security_Experten.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.securityexperten.com/ => http://www.securityexperten.com
 	^: mismatched
 
 -->
-<ruleset name="Security Experten.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Security Experten.com (partial)" default_off="failed ruleset test">
 
 	<target host="www.securityexperten.com" />
 
diff --git a/src/chrome/content/rules/Sedo.com.xml b/src/chrome/content/rules/Sedo.com.xml
index 1524d82dae35..4767a0a46ec6 100644
--- a/src/chrome/content/rules/Sedo.com.xml
+++ b/src/chrome/content/rules/Sedo.com.xml
@@ -6,11 +6,9 @@ Fetch error: http://sc.sedo.com/ => https://sc.sedo.com/: (60, 'SSL certificate
 	For problematic rules, see Sedo-problematic.xml.
 
 
-	Other Sedo rulesets: 
+	Other Sedo rulesets:
 
 		- Affili.net.xml
-		- Reussissonsensemble.fr.xml
-		- Sedo_Holding.com.xml
 
 
 	Problematic hosts in *sedo.com:
@@ -25,7 +23,7 @@ Fetch error: http://sc.sedo.com/ => https://sc.sedo.com/: (60, 'SSL certificate
 		- .sedo.com
 
 -->
-<ruleset name="Sedo.com" default_off='failed ruleset test'>
+<ruleset name="Sedo.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sedo.de.xml b/src/chrome/content/rules/Sedo.de.xml
index 752992814dad..c7e85f5f4033 100644
--- a/src/chrome/content/rules/Sedo.de.xml
+++ b/src/chrome/content/rules/Sedo.de.xml
@@ -25,7 +25,7 @@ Fetch error: http://backoffice.sedo.de/ => https://backoffice.sedo.de/: (6, 'Cou
 		- .sedo.de
 
 -->
-<ruleset name="Sedo.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Sedo.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sedo_Holding.com.xml b/src/chrome/content/rules/Sedo_Holding.com.xml
deleted file mode 100644
index 77c6ff1ea960..000000000000
--- a/src/chrome/content/rules/Sedo_Holding.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other Sedo coverage, see Sedo.com.xml.
-
-	Other Sedo Holding  rulesets:
-
-		- GreatDomains.com.xml
-
-
-	(www.)?sedoholding.com: Refused
-
-
-	Fully covered subdomains:
-
-		- autodiscover
-		- mail
-
--->
-<ruleset name="Sedo Holding.com (partial)">
-
-	<target host="autodiscover.sedoholding.com" />
-	<target host="mail.sedoholding.com" />
-
-
-	<securecookie host="^mail\.sedoholding\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Seecrypt.xml b/src/chrome/content/rules/Seecrypt.xml
index 0d767d1d29c4..a15eeddf5da1 100644
--- a/src/chrome/content/rules/Seecrypt.xml
+++ b/src/chrome/content/rules/Seecrypt.xml
@@ -14,7 +14,7 @@ Fetch error: http://seecrypt.com/ => https://seecrypt.com/: (60, 'SSL certificat
 	* Unsecurable <= dropped
 
 -->
-<ruleset name="Seecrypt.com" default_off='failed ruleset test'>
+<ruleset name="Seecrypt.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Seedboxes.cc.xml b/src/chrome/content/rules/Seedboxes.cc.xml
index 97dea19704d6..33c5bddb857d 100644
--- a/src/chrome/content/rules/Seedboxes.cc.xml
+++ b/src/chrome/content/rules/Seedboxes.cc.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Seedr.xml b/src/chrome/content/rules/Seedr.xml
index 7009490c9515..229deec41e8b 100644
--- a/src/chrome/content/rules/Seedr.xml
+++ b/src/chrome/content/rules/Seedr.xml
@@ -8,7 +8,7 @@ Fetch error: http://nl8.seedr.cc/ => https://nl8.seedr.cc/: (60, 'SSL certificat
 		- nl[3-12]
 		- www
 -->
-<ruleset name="Seedr" default_off='failed ruleset test'>
+<ruleset name="Seedr" default_off="failed ruleset test">
 	<target host="seedr.cc" />
 	<target host="*.seedr.cc" />
 
diff --git a/src/chrome/content/rules/Seedrs.xml b/src/chrome/content/rules/Seedrs.xml
index 81c60a7b44be..246159f83540 100644
--- a/src/chrome/content/rules/Seedrs.xml
+++ b/src/chrome/content/rules/Seedrs.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://learn.seedrs.com/ => https://learn.seedrs.com/: (6, 'Could not resolve host: learn.seedrs.com')
 
 -->
-<ruleset name="Seedrs" default_off='failed ruleset test'>
+<ruleset name="Seedrs" default_off="failed ruleset test">
 	<target host=       "seedrs.com" />
 	<target host=   "www.seedrs.com" />
 	<target host= "learn.seedrs.com" />
@@ -12,6 +12,6 @@ Fetch error: http://learn.seedrs.com/ => https://learn.seedrs.com/: (6, 'Could n
 
   	<securecookie host="^.*\.seedrs\.com$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Segger.com.xml b/src/chrome/content/rules/Segger.com.xml
index 4ca011eaf412..ff0e773dc00c 100644
--- a/src/chrome/content/rules/Segger.com.xml
+++ b/src/chrome/content/rules/Segger.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://segger.com/ => https://segger.com/: (60, 'SSL certificate pr
 	* Secured by us
 
 -->
-<ruleset name="Segger.com" default_off='failed ruleset test'>
+<ruleset name="Segger.com" default_off="failed ruleset test">
 
 	<target host="segger.com" />
 	<target host="www.segger.com" />
diff --git a/src/chrome/content/rules/Segment.xml b/src/chrome/content/rules/Segment.xml
index 197c33454703..5a841d4b666b 100644
--- a/src/chrome/content/rules/Segment.xml
+++ b/src/chrome/content/rules/Segment.xml
@@ -3,12 +3,12 @@
 	<target host="segment.com" />
 	<target host="cdn.segment.com" />
 	<target host="help.segment.com" />
-	
+
 	<!--	refused
 	<target host="registry.segment.com" />
 	<target host="stage.segment.com" />
 					-->
-	
+
 	<target host="www.segment.com" />
 
 	<target host="api.segment.io" />
@@ -16,7 +16,7 @@
 	<!--	time out
 	<target host="counters.segment.io" />
 					-->
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Seguros_Universales.xml b/src/chrome/content/rules/Seguros_Universales.xml
index e6f229e84e70..571690701e4c 100644
--- a/src/chrome/content/rules/Seguros_Universales.xml
+++ b/src/chrome/content/rules/Seguros_Universales.xml
@@ -19,4 +19,4 @@ Fetch error: http://segurosuniversales.net/ => https://www.segurosuniversales.ne
 	<rule from="^http://www\.segurosuniversales\.net/"
 		to="https://www.segurosuniversales.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sehirfirsati.xml b/src/chrome/content/rules/Sehirfirsati.xml
index 9b03dc620625..3e67427e1d15 100644
--- a/src/chrome/content/rules/Sehirfirsati.xml
+++ b/src/chrome/content/rules/Sehirfirsati.xml
@@ -6,7 +6,7 @@ Fetch error: http://sehirfirsati.com/ => https://www.sehirfirsati.com/: (51, "SS
 Fetch error: http://static.sehirfirsati.com/ => https://static.sehirfirsati.com/: (51, "SSL: no alternative certificate subject name matches target host name 'static.sehirfirsati.com'")
 
 -->
-<ruleset name="Sehirfirsati" default_off='failed ruleset test'>
+<ruleset name="Sehirfirsati" default_off="failed ruleset test">
   <target host="www.sehirfirsati.com" />
   <target host="sehirfirsati.com" />
   <target host="static.sehirfirsati.com" />
diff --git a/src/chrome/content/rules/Selangorku.xml b/src/chrome/content/rules/Selangorku.xml
index 67ee34eae4b8..28f3cde40da5 100644
--- a/src/chrome/content/rules/Selangorku.xml
+++ b/src/chrome/content/rules/Selangorku.xml
@@ -11,15 +11,15 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://selangorku.com/ => https://selangorku.com/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="Selangorku" default_off='failed ruleset test'>
+<ruleset name="Selangorku" default_off="failed ruleset test">
 
 	<target host="selangorku.com" />
 	<target host="www.selangorku.com" />
 
 
-	<securecookie host="^(?:.*\.)?selangorku\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Selfhost.de.xml b/src/chrome/content/rules/Selfhost.de.xml
deleted file mode 100644
index c36370734a53..000000000000
--- a/src/chrome/content/rules/Selfhost.de.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="selfhost.de">
-
-	<target host="selfhost.de"/>
-	<target host="*.selfhost.de"/>
-
-	<rule from="^http://(?:www\.)?selfhost\.de/" to="https://selfhost.de/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Selfridges.com.xml b/src/chrome/content/rules/Selfridges.com.xml
index 82a0c7ca2dad..8a6189a7b859 100644
--- a/src/chrome/content/rules/Selfridges.com.xml
+++ b/src/chrome/content/rules/Selfridges.com.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sellaband.com.xml b/src/chrome/content/rules/Sellaband.com.xml
index 79041cb84647..dfcf91db1f7e 100644
--- a/src/chrome/content/rules/Sellaband.com.xml
+++ b/src/chrome/content/rules/Sellaband.com.xml
@@ -4,12 +4,20 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sellaband.com/ => https://sellaband.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Sellaband.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Sellaband.com (partial)" default_off="failed ruleset test">
 
 	<target host="sellaband.com"/>
-	<target host="*.sellaband.com"/>
-
-	<securecookie host="^(?:.*\.)?sellaband\.com$" name=".+" />
+	<target host="www.sellaband.com" />
+	<target host="alternative.sellaband.com" />
+	<target host="electronic.sellaband.com" />
+	<target host="hiphop.sellaband.com" />
+	<target host="pop.sellaband.com" />
+	<target host="rnb.sellaband.com" />
+	<target host="rock.sellaband.com" />
+	<target host="world.sellaband.com" />
+	<target host="support.sellaband.com" />
+
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(www\.)?sellaband\.com/"
 		to="https://$1sellaband.com/"/>
diff --git a/src/chrome/content/rules/SemanticScholar.org.xml b/src/chrome/content/rules/SemanticScholar.org.xml
new file mode 100644
index 000000000000..4b5a635dbdbe
--- /dev/null
+++ b/src/chrome/content/rules/SemanticScholar.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Time out:
+		assets.semanticscholar.org
+		banner.semanticscholar.org
+
+-->
+<ruleset name="SemanticScholar.org">
+
+	<target host="semanticscholar.org" />
+	<target host="www.semanticscholar.org" />
+	<target host="api.semanticscholar.org" />
+	<target host="blog.semanticscholar.org" />
+	<target host="citeomatic.semanticscholar.org" />
+	<target host="labs.semanticscholar.org" />
+	<target host="open.semanticscholar.org" />
+	<target host="pdfs.semanticscholar.org" />
+		<test url="http://pdfs.semanticscholar.org/02b6/d8d8fd54fda1702e894374b5b62cc9ed9eba.pdf" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Semasio.net.xml b/src/chrome/content/rules/Semasio.net.xml
index 91613895a258..27c32ba2c9ae 100644
--- a/src/chrome/content/rules/Semasio.net.xml
+++ b/src/chrome/content/rules/Semasio.net.xml
@@ -7,7 +7,7 @@
 		- (www.)semasio.com
 		- labs.semasio.com
 		- wiki.semasio.net
-	
+
 -->
 <ruleset name="Semasio (partial)">
 
diff --git a/src/chrome/content/rules/SemiAccurate.com.xml b/src/chrome/content/rules/SemiAccurate.com.xml
new file mode 100644
index 000000000000..9ce07512aca2
--- /dev/null
+++ b/src/chrome/content/rules/SemiAccurate.com.xml
@@ -0,0 +1,9 @@
+<!--
+	For other Stone Arch related rulesets, see StoneArch.net.xml
+-->
+<ruleset name="SemiAccurate.com (partial)">
+	<target host="semiaccurate.com" />
+	<target host="www.semiaccurate.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SemiAccurate.xml b/src/chrome/content/rules/SemiAccurate.xml
deleted file mode 100644
index dc990ca3cde3..000000000000
--- a/src/chrome/content/rules/SemiAccurate.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	NB: www.stonearch.net shows semiaccurate.com over http.
-
--->
-<ruleset name="SemiAccurate">
-
-	<target host="semiaccurate.com" />
-	<target host="*.semiaccurate.com" />
-	<target host="www.stonearch.net" />
-
-
-	<securecookie host="^(?:.*\.)?semiaccurate\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?s(?:emiaccurate\.com|tonearch\.net)/"
-		to="https://$1semiaccurate.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/SemperVideo.xml b/src/chrome/content/rules/SemperVideo.xml
deleted file mode 100644
index 4c2980d90817..000000000000
--- a/src/chrome/content/rules/SemperVideo.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	self-signed:
-		- amazon.sempervideo.de
--->
-<ruleset name="SemperVideo">
-	<target host="sempervideo.de"/>
-	<target host="www.sempervideo.de"/>
-
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Sencha.xml b/src/chrome/content/rules/Sencha.xml
index 6d3f7cff87f8..23bbddbcfac2 100644
--- a/src/chrome/content/rules/Sencha.xml
+++ b/src/chrome/content/rules/Sencha.xml
@@ -32,7 +32,7 @@ Non-2xx HTTP code: http://cdn.sencha.io/ (200) => https://extjs.cachefly.net/ (4
 		- .manage.sencha.com
 
 -->
-<ruleset name="Sencha (partial)" default_off='failed ruleset test'>
+<ruleset name="Sencha (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SendGrid.com.xml b/src/chrome/content/rules/SendGrid.com.xml
index 40fd2d6d9eef..a5f5beac81ec 100644
--- a/src/chrome/content/rules/SendGrid.com.xml
+++ b/src/chrome/content/rules/SendGrid.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://community.sendgrid.com/ => https://community.sendgrid.com/:
 		- .sendgrid.com
 
 -->
-<ruleset name="SendGrid.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SendGrid.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SendMoneyToSchool.com.xml b/src/chrome/content/rules/SendMoneyToSchool.com.xml
index cbdcd0b85dda..a6fbc0cb29f8 100644
--- a/src/chrome/content/rules/SendMoneyToSchool.com.xml
+++ b/src/chrome/content/rules/SendMoneyToSchool.com.xml
@@ -9,4 +9,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SendYourFiles.com.xml b/src/chrome/content/rules/SendYourFiles.com.xml
deleted file mode 100644
index e5661672521d..000000000000
--- a/src/chrome/content/rules/SendYourFiles.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to secure.dilbertfiles.com; mismatched, CN: *.dilbertfiles.com)
-
--->
-<ruleset name="SendYourFiles.org (partial)">
-
-	<target host="secure.sendyourfiles.com" />
-
-
-	<securecookie host="^secure\.sendyourfiles\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sendmoments.com.xml b/src/chrome/content/rules/Sendmoments.com.xml
index cf54e550fd69..822d2109f907 100644
--- a/src/chrome/content/rules/Sendmoments.com.xml
+++ b/src/chrome/content/rules/Sendmoments.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://ck.sendmoments.com/ => https://ck.sendmoments.com/: Too many
 Disabled by https-everywhere-checker because:
 Fetch error: http://ck.sendmoments.com/ => https://ck.sendmoments.com/: Cycle detected - URL already encountered: http://ck.sendmoments.com
 -->
-<ruleset name="sendmoments.com (partial)" default_off='failed ruleset test'>
+<ruleset name="sendmoments.com (partial)" default_off="failed ruleset test">
 
 	<target host="ck.sendmoments.com" />
 
diff --git a/src/chrome/content/rules/Sensiolabs.com.xml b/src/chrome/content/rules/Sensiolabs.com.xml
index 103e289b775f..670a3a5d82df 100644
--- a/src/chrome/content/rules/Sensiolabs.com.xml
+++ b/src/chrome/content/rules/Sensiolabs.com.xml
@@ -10,9 +10,8 @@ Fetch error: http://www.connect.sensiolabs.com/ => https://www.connect.sensiolab
 
     More SensioLabs rulesets:
 	    - Symfony.com.xml
-	    - Blackfire.io.xml
 -->
-<ruleset name="Sensiolabs.com" default_off='failed ruleset test'>
+<ruleset name="Sensiolabs.com" default_off="failed ruleset test">
     <target host="sensiolabs.com" />
     <target host="www.sensiolabs.com" />
     <target host="support.sensiolabs.com" />
diff --git a/src/chrome/content/rules/Seower.com.xml b/src/chrome/content/rules/Seower.com.xml
deleted file mode 100644
index 900f13e1dc03..000000000000
--- a/src/chrome/content/rules/Seower.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	(www.)?seower.com: Dropped
-
--->
-<ruleset name="seower.com" platform="mixedcontent">
-
-	<target host="seower.com" />
-	<target host="www.seower.com" />
-
-
-	<!--	Redirect keeps path, args,
-		and forward slash:
-					-->
-	<rule from="^http://(?:www\.)?seower\.com/"
-		to="https://postbydnx.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sequanux.org-falsemixed.xml b/src/chrome/content/rules/Sequanux.org-falsemixed.xml
index 481ab7d03723..a87463fdc987 100644
--- a/src/chrome/content/rules/Sequanux.org-falsemixed.xml
+++ b/src/chrome/content/rules/Sequanux.org-falsemixed.xml
@@ -8,7 +8,7 @@ Fetch error: http://wiki.sequanux.org/ => https://wiki.sequanux.org/: (60, 'SSL
 	For rules that are on by default, see Sequanux.org.xml.
 
 -->
-<ruleset name="Sequanux.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Sequanux.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="wiki.sequanux.org" />
 
diff --git a/src/chrome/content/rules/Sequanux.org.xml b/src/chrome/content/rules/Sequanux.org.xml
index d9a614cea115..b7574e848a17 100644
--- a/src/chrome/content/rules/Sequanux.org.xml
+++ b/src/chrome/content/rules/Sequanux.org.xml
@@ -17,7 +17,8 @@
 <ruleset name="Sequanux.org (partial)" default_off="self-signed">
 
 	<target host="sequanux.org" />
-	<target host="*.sequanux.org" />
+	<target host="www.sequanux.org" />
+	<target host="wiki.sequanux.org" />
 
 
 	<rule from="^http://(?:www\.)?sequanux\.org/"
diff --git a/src/chrome/content/rules/Serato.com.xml b/src/chrome/content/rules/Serato.com.xml
index 2cec744d6a4e..89b5e3db3aac 100644
--- a/src/chrome/content/rules/Serato.com.xml
+++ b/src/chrome/content/rules/Serato.com.xml
@@ -28,13 +28,16 @@
 <ruleset name="Serato.com (partial)">
 
 	<target host="serato.com" />
-	<target host="*.serato.com" />
+	<target host="auth.serato.com" />
+	<target host="manage.serato.com" />
+	<target host="playlists.serato.com" />
+	<target host="www.serato.com" />
+	<target host="s.store.serato.com" />
 
 
-	<rule from="^http://((?:auth|manage|playlists|www)\.)?serato\.com/"
-		to="https://$1serato.com/" />
 
 	<rule from="^http://s\.store\.serato\.com/"
 		to="https://d3hrfuxypomrcm.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Serialist.xml b/src/chrome/content/rules/Serialist.xml
deleted file mode 100644
index 8c1b6b62f8c9..000000000000
--- a/src/chrome/content/rules/Serialist.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Invalid certificate:
-		www.serialist.net
-		ext.serialist.net
-
-	No working URL known:
-		test.serialist.net
-
-	2017/08: all subdomains 301 redirect to https://www.comic-rocket.com/
-
--->
-<ruleset name="Serialist">
-
-	<target host="serialist.net" />
-	<target host="www.serialist.net" />
-
-	<rule from="^http://(www\.)?serialist\.net/" to="https://serialist.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Serienjunkies.de.xml b/src/chrome/content/rules/Serienjunkies.de.xml
index cdf9ec93acd6..06b3ee47dbb2 100644
--- a/src/chrome/content/rules/Serienjunkies.de.xml
+++ b/src/chrome/content/rules/Serienjunkies.de.xml
@@ -1,44 +1,30 @@
 <!--
-	^serienjunkies.de: 503
-
+	This domain contains a wildcard DNS record.
 
 	Insecure cookies are set for these hosts:
-
 		- www.serienjunkies.de
-
-
-	Mixed content:
-
-		- Images, from:
-
-			- [a-z]-cdn.serienjunkies.de ¹
-			- sjme.de ²
-
-		- Bugs from www.facebook.com ¹
-
-	¹ Secured by us
-	² Not secured by us <= mismatched
-
 -->
-<ruleset name="Serienjunkies.de (mixed content)" platform="mixedcontent">
-<target host="serienjunkies.de"/>
-<target host="*.serienjunkies.de"/>
-
-		<test url="http://g-cdn.serienjunkies.de/0.gif" />
-		<test url="http://www.serienjunkies.de/" />
-
+<ruleset name="Serienjunkies.de">
+
+	<target host="serienjunkies.de" />
+	<target host="www.serienjunkies.de" />
+	<target host="a-cdn.serienjunkies.de" />
+	<target host="admin.serienjunkies.de" />
+	<target host="admin-stage.serienjunkies.de" />
+	<target host="f-cdn.serienjunkies.de" />
+	<target host="g-cdn.serienjunkies.de" />
+	<target host="n-cdn.serienjunkies.de" />
+	<target host="r-cdn.serienjunkies.de" />
+	<target host="s-cdn.serienjunkies.de" />
+	<target host="shop.serienjunkies.de" />
+	<target host="u-cdn.serienjunkies.de" />
+	<target host="v-cdn.serienjunkies.de" />
 
 	<!--	Not secured by server:
 					-->
-	<!--securecookie host="^www\.serienjunkies\.de$" name="^(?:PHPSESSID|SJW)$" /-->
-
 	<securecookie host="^www\.serienjunkies\.de$" name=".+" />
 
-
-<rule from="^http://serienjunkies\.de/" to="https://www.serienjunkies.de/"/>
-
-<rule from="^http://([a-z]-cdn|www)\.serienjunkies\.de/" to="https://$1.serienjunkies.de/"/> 
-
+	<rule from="^http:" to="https:" />
 
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Sertifikatai.lt.xml b/src/chrome/content/rules/Sertifikatai.lt.xml
index 0f22cd3db356..541b0a00e461 100644
--- a/src/chrome/content/rules/Sertifikatai.lt.xml
+++ b/src/chrome/content/rules/Sertifikatai.lt.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Server314.com.xml b/src/chrome/content/rules/Server314.com.xml
index 39e67a402a26..0f46d8402a95 100644
--- a/src/chrome/content/rules/Server314.com.xml
+++ b/src/chrome/content/rules/Server314.com.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://([\w\.-]+\.)?server314\.com/"
 		to="https://$1server314.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ServerCentral.xml b/src/chrome/content/rules/ServerCentral.xml
index 93c6ba361272..2c97c6fb99b4 100644
--- a/src/chrome/content/rules/ServerCentral.xml
+++ b/src/chrome/content/rules/ServerCentral.xml
@@ -14,7 +14,7 @@ Fetch error: http://portal.servercentral.net/ => https://portal.servercentral.ne
 	Redirects to http://www.servercentral.com/$, expired 2012-12-02, CN: *.nlayer.net
 
 -->
-<ruleset name="ServerCentral (partial)" default_off='failed ruleset test'>
+<ruleset name="ServerCentral (partial)" default_off="failed ruleset test">
 
 	<target host="portal.servercentral.net" />
 
@@ -24,4 +24,4 @@ Fetch error: http://portal.servercentral.net/ => https://portal.servercentral.ne
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ServerCrate.com.xml b/src/chrome/content/rules/ServerCrate.com.xml
deleted file mode 100644
index 8594e12ea510..000000000000
--- a/src/chrome/content/rules/ServerCrate.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- dalweb1		(interrupted)
-		- dalweb1...:2082	(times out)
-
-
-	Partially covered subdomains:
-
-		- billing	(some pages redirect to http)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- vps
-
--->
-<ruleset name="ServerCrate.com (partial)">
-
-	<target host="servercrate.com" />
-	<target host="*.servercrate.com" />
-		<exclusion pattern="^http://billing\.servercrate\.com/(?:$|\?|(?:announcements|index|knowledgebase)\.php)" />
-
-
-	<securecookie host="^(?:vps|www)?\.servercrate\.com$" name=".+" />
-
-
-	<rule from="^http://((?:billing|vps|www)\.)?servercrate\.com/"
-		to="https://$1servercrate.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ServerExpress.co.il.xml b/src/chrome/content/rules/ServerExpress.co.il.xml
deleted file mode 100644
index e87cd346f28c..000000000000
--- a/src/chrome/content/rules/ServerExpress.co.il.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^stratusexpress.com doesn't exist.
-
--->
-<ruleset name="ServerExpress.co.il">
-
-	<target host="*.stratusexpress.com" />
-
-
-	<securecookie host="^(?:www)?\.stratusexpress\.com$" name=".+" />
-
-
-	<rule from="^http://www\.stratusexpress\.com/"
-		to="https://www.stratusexpress.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Server_Express.xml b/src/chrome/content/rules/Server_Express.xml
deleted file mode 100644
index 7d91e4ed83e4..000000000000
--- a/src/chrome/content/rules/Server_Express.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows manage)
-
--->
-<ruleset name="Server Express (partial)">
-
-	<target host="*.theserverexpress.com" />
-
-
-	<securecookie host="^\.theserverexpress\.com$" name="^__cfduid$" />
-	<securecookie host="^manage\.theserverexpress\.com$" name=".+" />
-
-
-	<rule from="^http://manage\.theserverexpress\.com/"
-		to="https://manage.theserverexpress.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Servera.ovh.xml b/src/chrome/content/rules/Servera.ovh.xml
new file mode 100644
index 000000000000..e57b53ab91a6
--- /dev/null
+++ b/src/chrome/content/rules/Servera.ovh.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched (a248.e.akamai.net):
+		- bill
+		- cp
+		- my
+		- panel
+-->
+
+<ruleset name="Servera.ovh">
+	<target host="servera.ovh" />
+	<target host="www.servera.ovh" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Serverfruit.com.xml b/src/chrome/content/rules/Serverfruit.com.xml
index dc4c17e865ed..dff0d1173edd 100644
--- a/src/chrome/content/rules/Serverfruit.com.xml
+++ b/src/chrome/content/rules/Serverfruit.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://client.serverfruit.com/ => https://client.serverfruit.com/:
 	* Secured by us
 
 -->
-<ruleset name="Serverfruit.com" default_off='failed ruleset test'>
+<ruleset name="Serverfruit.com" default_off="failed ruleset test">
 
 	<target host="serverfruit.com" />
 	<target host="client.serverfruit.com" />
diff --git a/src/chrome/content/rules/Serveriai.lt.xml b/src/chrome/content/rules/Serveriai.lt.xml
index 5b70dd224f65..5849e7c9ef36 100644
--- a/src/chrome/content/rules/Serveriai.lt.xml
+++ b/src/chrome/content/rules/Serveriai.lt.xml
@@ -13,7 +13,7 @@
 	<target host="pastas.serveriai.lt" />
 	<target host="roundcube.serveriai.lt" />
 
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Servers_for_Hackers.com.xml b/src/chrome/content/rules/Servers_for_Hackers.com.xml
index 599ebededf25..2d3bbeefa4dc 100644
--- a/src/chrome/content/rules/Servers_for_Hackers.com.xml
+++ b/src/chrome/content/rules/Servers_for_Hackers.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://forums.serversforhackers.com/ => https://forums.serversforha
 		- www.serversforhackers.com
 
 -->
-<ruleset name="Servers for Hackers.com" default_off='failed ruleset test'>
+<ruleset name="Servers for Hackers.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Serversaurus.com.au.xml b/src/chrome/content/rules/Serversaurus.com.au.xml
index b1c77f565550..27f310d15576 100644
--- a/src/chrome/content/rules/Serversaurus.com.au.xml
+++ b/src/chrome/content/rules/Serversaurus.com.au.xml
@@ -15,7 +15,7 @@ Fetch error: http://tasha.serversaurus.com.au/ => https://tasha.serversaurus.com
 		- www.tasha.serversaurus.com.au
 
 -->
-<ruleset name="Serversaurus.com.au (partial)" default_off='failed ruleset test'>
+<ruleset name="Serversaurus.com.au (partial)" default_off="failed ruleset test">
 
 	<target host="serversaurus.com.au" />
 	<target host="tasha.serversaurus.com.au" />
diff --git a/src/chrome/content/rules/ServiceTick.com.xml b/src/chrome/content/rules/ServiceTick.com.xml
index d3778fc902a0..2060190e9b9f 100644
--- a/src/chrome/content/rules/ServiceTick.com.xml
+++ b/src/chrome/content/rules/ServiceTick.com.xml
@@ -22,7 +22,8 @@
 <ruleset name="ServiceTick.com">
 
 	<target host="servicetick.com" />
-	<target host="*.servicetick.com" />
+	<target host="www.servicetick.com" />
+	<target host="console.servicetick.com" />
 
 
 	<securecookie host="^console\.servicetick\.com$" name=".+" />
@@ -31,7 +32,6 @@
 	<rule from="^http://(?:www\.)?servicetick\.com/"
 		to="https://www.servicetick.com/" />
 
-	<rule from="^http://console\.servicetick\.com/"
-		to="https://console.servicetick.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Service_by_Air.xml b/src/chrome/content/rules/Service_by_Air.xml
index e608069d5822..97b5f325867a 100644
--- a/src/chrome/content/rules/Service_by_Air.xml
+++ b/src/chrome/content/rules/Service_by_Air.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://community.sbaglobal.com/ => https://community.sbaglobal.com/: (51, "SSL: no alternative certificate subject name matches target host name 'community.sbaglobal.com'")
 
 -->
-<ruleset name="Service by Air" default_off='failed ruleset test'>
+<ruleset name="Service by Air" default_off="failed ruleset test">
 
 	<target host="sbaglobal.com" />
 	<target host="community.sbaglobal.com" />
@@ -16,4 +16,4 @@ Fetch error: http://community.sbaglobal.com/ => https://community.sbaglobal.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Servo.org.xml b/src/chrome/content/rules/Servo.org.xml
deleted file mode 100644
index 5cc35340d7e3..000000000000
--- a/src/chrome/content/rules/Servo.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Unable to Connect:
-		build.servo.org
--->
-<ruleset name="Servo.org">
-	<target host="servo.org" />
-	<target host="www.servo.org" />
-	<target host="blog.servo.org" />
-	<target host="doc.servo.org" />
-	<target host="download.servo.org" />
-	<target host="starters.servo.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sesamstrasse.de.xml b/src/chrome/content/rules/Sesamstrasse.de.xml
index d998bea8c31c..224b0f4b8e72 100644
--- a/src/chrome/content/rules/Sesamstrasse.de.xml
+++ b/src/chrome/content/rules/Sesamstrasse.de.xml
@@ -1,7 +1,7 @@
 <ruleset name="Sesamstrasse.de">
 	<target host="sesamstrasse.de" />
 	<target host="www.sesamstrasse.de" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/SesliSozluk.net.xml b/src/chrome/content/rules/SesliSozluk.net.xml
new file mode 100644
index 000000000000..76a85011cd85
--- /dev/null
+++ b/src/chrome/content/rules/SesliSozluk.net.xml
@@ -0,0 +1,11 @@
+<ruleset name="SesliSözlük.net">
+	<target host="seslisozluk.net" />
+	<target host="www.seslisozluk.net" />
+	<target host="m.seslisozluk.net" />
+	<target host="static.seslisozluk.net" />
+		<test url="http://static.seslisozluk.net/img/sesli_searchicon.png" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sevenoaks.gov.uk.xml b/src/chrome/content/rules/Sevenoaks.gov.uk.xml
index 0092e4176f56..ff4a53f1a6d1 100644
--- a/src/chrome/content/rules/Sevenoaks.gov.uk.xml
+++ b/src/chrome/content/rules/Sevenoaks.gov.uk.xml
@@ -35,7 +35,7 @@
 	Mixed content:
 
 		- Images on www from $self ˢ
-	
+
 	ˢ Secured by us
 
 -->
diff --git a/src/chrome/content/rules/Sex.com.xml b/src/chrome/content/rules/Sex.com.xml
index f26e4b4112b2..1feca94e8f9a 100644
--- a/src/chrome/content/rules/Sex.com.xml
+++ b/src/chrome/content/rules/Sex.com.xml
@@ -22,6 +22,6 @@
 	<target host="pt.sex.com"/>
 	<target host="ru.sex.com"/>
 
-	<rule from="^http://gay\.sex\.com/" to="https://www.gay.sex.com/"/>	
+	<rule from="^http://gay\.sex\.com/" to="https://www.gay.sex.com/"/>
 	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SexNarod.xml b/src/chrome/content/rules/SexNarod.xml
index 9520a9f6f576..20e1c3724688 100644
--- a/src/chrome/content/rules/SexNarod.xml
+++ b/src/chrome/content/rules/SexNarod.xml
@@ -3,20 +3,20 @@
 	<target host="sexnarod.ru"/>
 	<target host="www.sexnarod.ru"/>
 	<target host="superforum.org"/>
-	<target host="*.superforum.org"/>
+	<target host="www.superforum.org" />
+	<target host="dating.superforum.org" />
 	<target host="sxnarod.com"/>
-	<target host="*.sxnarod.com"/>
+	<target host="www.sxnarod.com" />
+	<target host="pda.sxnarod.com" />
+	<target host="wap.dating.sxnarod.com" />
 
 	<rule from="^http://(?:www\.)?(sexnarod\.ru|superforum\.org|sxnarod\.com)/"
 		to="https://www.$1/"/>
 
-	<rule from="^http://dating\.superforum\.org/"
-		to="https://dating.superforum.org/"/>
 
-	<rule from="^http://(pda|wap\.dating)\.sxnarod\.com/"
-		to="https://$1.sxnarod.com/"/>
 
 	<securecookie host="^(?:www)?\.sexnarod\.ru$" name=".+" />
 	<securecookie host="^(?:\.dating)?\.s(?:uperforum\.org|xnarod\.com)$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sexad.net.xml b/src/chrome/content/rules/Sexad.net.xml
deleted file mode 100644
index 8ef292a59edd..000000000000
--- a/src/chrome/content/rules/Sexad.net.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	(www.)?: Dropped
-
-
-	Fully covered hosts in *sexad.net:
-
-		- as
-
-
-	Insecure cookies are set for these domains:
-
-		- .as.sexad.net
-
--->
-<ruleset name="sexad.net (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="as.sexad.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^\.as\.sexad\.net$" name="^at\d+(_\d+)+$" />
-
-	<securecookie host="^\.as\.sexad\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sexkompas.net.xml b/src/chrome/content/rules/Sexkompas.net.xml
index 57cd44ea25a7..a7d376a62007 100644
--- a/src/chrome/content/rules/Sexkompas.net.xml
+++ b/src/chrome/content/rules/Sexkompas.net.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.sexkompas.net/ => https://www.sexkompas.net/: (60, 'SSL
 		- www.sexkompas.net
 
 -->
-<ruleset name="Sexkompas.net" default_off='failed ruleset test'>
+<ruleset name="Sexkompas.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sexstories.com.xml b/src/chrome/content/rules/Sexstories.com.xml
index 733324b3f772..624fdc104a36 100644
--- a/src/chrome/content/rules/Sexstories.com.xml
+++ b/src/chrome/content/rules/Sexstories.com.xml
@@ -3,4 +3,4 @@
 	<target host="www.sexstories.com"/>
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sexy_House.xml b/src/chrome/content/rules/Sexy_House.xml
index 18e74c95e838..7371c00e5a51 100644
--- a/src/chrome/content/rules/Sexy_House.xml
+++ b/src/chrome/content/rules/Sexy_House.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sferra.xml b/src/chrome/content/rules/Sferra.xml
index 644c021da90c..ac71bc954e7d 100644
--- a/src/chrome/content/rules/Sferra.xml
+++ b/src/chrome/content/rules/Sferra.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://(www\.)?sferra\.com/((?:checkout|Member|registry)(?:$|\?)|content/|css/|images/|photos/|Public/|Scripts/|/?store_image/|Styles/)"
 		to="https://$1sferra.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sfu.ca.xml b/src/chrome/content/rules/Sfu.ca.xml
index 337324e6f6f4..0d1270ef4b81 100644
--- a/src/chrome/content/rules/Sfu.ca.xml
+++ b/src/chrome/content/rules/Sfu.ca.xml
@@ -77,7 +77,7 @@ Fetch error: http://itunes.sfu.ca/ => https://itunes.sfu.ca/: (6, 'Could not res
 		* www.vancouver.sfu.ca
 		* xpressconnect.its.sfu.ca
 -->
-<ruleset name="Simon Fraser University" default_off='failed ruleset test'>
+<ruleset name="Simon Fraser University" default_off="failed ruleset test">
 
 	<target host="sfu.ca" />
 
diff --git a/src/chrome/content/rules/Sgtools.info.xml b/src/chrome/content/rules/Sgtools.info.xml
new file mode 100644
index 000000000000..dbbde702b066
--- /dev/null
+++ b/src/chrome/content/rules/Sgtools.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sgtools.info">
+	<target host="sgtools.info" />
+	<target host="www.sgtools.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShackleLabs.com.xml b/src/chrome/content/rules/ShackleLabs.com.xml
deleted file mode 100644
index 3e40de3c1f6e..000000000000
--- a/src/chrome/content/rules/ShackleLabs.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Incomplete certificate chain:
-		- web01.shacklelabs.com
--->
-
-<ruleset name="ShackleLabs.com">
-	<target host="shacklelabs.com" />
-	<target host="www.shacklelabs.com" />
-	<target host="box.shacklelabs.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Shacknews.com.xml b/src/chrome/content/rules/Shacknews.com.xml
new file mode 100644
index 000000000000..517065734b83
--- /dev/null
+++ b/src/chrome/content/rules/Shacknews.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- cf.shacknews.com
+
+-->
+<ruleset name="Shacknews.com">
+
+	<target host="shacknews.com" />
+	<target host="www.shacknews.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Shacknews.xml b/src/chrome/content/rules/Shacknews.xml
deleted file mode 100644
index 66f43e3ba6e4..000000000000
--- a/src/chrome/content/rules/Shacknews.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://shacknews.com/ => https://www.shacknews.com/: Too many redirects while fetching 'https://www.shacknews.com/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://shacknews.com/ => https://www.shacknews.com/: Cycle detected - URL already encountered: https://www.shacknews.com/
--->
-<ruleset name="Shacknews" default_off='failed ruleset test'>
-
-	<target host="shacknews.com" />
-	<target host="*.shacknews.com" />
-
-
-	<securecookie host="^www\.shacknews\.com$" name=".+" />
-
-
-	<!--	- !www times out over https
-		- !www 301s to www over http
-						-->
-	<rule from="^http://(?:www\.)?shacknews\.com/"
-		to="https://www.shacknews.com/" />
-
-	<rule from="^http://cf\.shacknews\.com/"
-		to="https://shacknews.s3.amazonaws.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shadow_of_Mordor.com.xml b/src/chrome/content/rules/Shadow_of_Mordor.com.xml
index 7a35be087ec3..32f4dbb8435e 100644
--- a/src/chrome/content/rules/Shadow_of_Mordor.com.xml
+++ b/src/chrome/content/rules/Shadow_of_Mordor.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://shadowofmordor.com/ => https://www.shadowofmordor.com/: (28,
 	* Secured by us
 
 -->
-<ruleset name="Shadow of Mordor.com" default_off='failed ruleset test'>
+<ruleset name="Shadow of Mordor.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Shadowfacts.net.xml b/src/chrome/content/rules/Shadowfacts.net.xml
new file mode 100644
index 000000000000..dc6e6365dd20
--- /dev/null
+++ b/src/chrome/content/rules/Shadowfacts.net.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- toren.shadowfacts.net
+
+	Mismatched:
+		- kalr.shadowfacts.net
+		- mail.shadowfacts.net
+		- v1.shadowfacts.net
+-->
+<ruleset name="Shadowfacts.net">
+	<target host="shadowfacts.net" />
+	<target host="www.shadowfacts.net" />
+	<target host="frenzy.shadowfacts.net" />
+	<target host="git.shadowfacts.net" />
+	<target host="hn.shadowfacts.net" />
+	<target host="maven.shadowfacts.net" />
+	<target host="mememachine.shadowfacts.net" />
+	<target host="new.shadowfacts.net" />
+	<target host="rtfm.shadowfacts.net" />
+	<target host="social.shadowfacts.net" />
+	<target host="proxy.toren.shadowfacts.net" />
+	<target host="type.shadowfacts.net" />
+	<target host="update.shadowfacts.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shamans_Garden.xml b/src/chrome/content/rules/Shamans_Garden.xml
index 25f10b200bd4..daa6a3fd2b2a 100644
--- a/src/chrome/content/rules/Shamans_Garden.xml
+++ b/src/chrome/content/rules/Shamans_Garden.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shamela.ws.xml b/src/chrome/content/rules/Shamela.ws.xml
new file mode 100644
index 000000000000..00a44f029023
--- /dev/null
+++ b/src/chrome/content/rules/Shamela.ws.xml
@@ -0,0 +1,10 @@
+<ruleset name="Shamela.ws">
+	<target host="shamela.ws" />
+	<target host="www.shamela.ws" />
+	<target host="mail.shamela.ws" />
+	<target host="ns2.shamela.ws" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShanghaiCommercialBank.xml b/src/chrome/content/rules/ShanghaiCommercialBank.xml
index f544891b1dbf..432f53bc0c2b 100644
--- a/src/chrome/content/rules/ShanghaiCommercialBank.xml
+++ b/src/chrome/content/rules/ShanghaiCommercialBank.xml
@@ -4,9 +4,9 @@
 	<target host="ibusiness.shacombank.com.hk" />
 	<target host="m.shacombank.com.hk" />
 	<target host="ws21.shacombank.com.hk" />
-	
+
 	<target host="www.shacomsecurities.com.hk" />
-	
+
 		<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shannon-Health.xml b/src/chrome/content/rules/Shannon-Health.xml
index e28f9ec7577c..5cf42226243a 100644
--- a/src/chrome/content/rules/Shannon-Health.xml
+++ b/src/chrome/content/rules/Shannon-Health.xml
@@ -4,16 +4,14 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://myshannonconnection.org/ => https://www.myshannonconnection.org/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Shannon Health" default_off='failed ruleset test'>
+<ruleset name="Shannon Health" default_off="failed ruleset test">
 
 	<target host="myshannonconnection.org" />
-	<target host="*.myshannonconnection.org" />
+	<target host="www.myshannonconnection.org" />
 	<target host="shannonhealth.com" />
-	<target host="*.shannonhealth.com" />
+	<target host="www.shannonhealth.com" />
 
-
-	<securecookie host="^(?:.*\.)?myshannonconnection\.org$" name=".+" />
-	<securecookie host="^(?:.*\.)?shannonhealth\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?myshannonconnection\.org/"
diff --git a/src/chrome/content/rules/ShareASale.com.xml b/src/chrome/content/rules/ShareASale.com.xml
index 26f7ce02da18..29e1c276f48c 100644
--- a/src/chrome/content/rules/ShareASale.com.xml
+++ b/src/chrome/content/rules/ShareASale.com.xml
@@ -48,10 +48,6 @@
 	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://static\.shareasale\.com/"
-		to="https://dou14x5jx22mo.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ShareFile_support.com-problematic.xml b/src/chrome/content/rules/ShareFile_support.com-problematic.xml
index e5ccc0912872..77ec5650e604 100644
--- a/src/chrome/content/rules/ShareFile_support.com-problematic.xml
+++ b/src/chrome/content/rules/ShareFile_support.com-problematic.xml
@@ -7,7 +7,7 @@
 	* See https://whatsmychaincert.com
 
 -->
-<ruleset name="ShareFile support.com (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="ShareFile support.com (missing certificate chain)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ShareThis.xml b/src/chrome/content/rules/ShareThis.xml
index 1d552436f299..2af4869de38f 100644
--- a/src/chrome/content/rules/ShareThis.xml
+++ b/src/chrome/content/rules/ShareThis.xml
@@ -74,7 +74,7 @@
 
 	<!--securecookie host="^\.sharethis\.com$" name="^(__stid|__uset)$" /-->
 	<!--securecookie host="^(?:.*\.)?sharethis\.com$" name=".+" /-->
-	<securecookie host=".+\.sharethis\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://s\.sharethis\.com/"
diff --git a/src/chrome/content/rules/Share_it.com.xml b/src/chrome/content/rules/Share_it.com.xml
index dcd4b6398490..c13dd87ce3a6 100644
--- a/src/chrome/content/rules/Share_it.com.xml
+++ b/src/chrome/content/rules/Share_it.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://secure.shareit.com/ => https://secure.shareit.com/: (7, 'Fai
 	* Secured by us
 
 -->
-<ruleset name="Share it.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Share it.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Shared.sx-falsemixed.xml b/src/chrome/content/rules/Shared.sx-falsemixed.xml
deleted file mode 100644
index 5df3864af969..000000000000
--- a/src/chrome/content/rules/Shared.sx-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Shared.sx.xml.
-
--->
-<ruleset name="Shared.sx (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="shared.sx" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shared.sx.xml b/src/chrome/content/rules/Shared.sx.xml
deleted file mode 100644
index 00fc4c3c284b..000000000000
--- a/src/chrome/content/rules/Shared.sx.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see Shared.sx-falsemixed.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .shared.sx
-
-
-	Mixed content:
-
-		- css, from:
-
-			- fonts.googleapis.com *
-			- static.shared.sx *
-
-		- Images from static.shared.sx *
-
-	* Secured by us
-
--->
-<ruleset name="Shared.sx (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="shared.sx" /-->
-	<target host="static.shared.sx" />
-	<target host="www.shared.sx" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.shared\.sx$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<!--securecookie host="." name="." /-->
-	<securecookie host="^\." name="^__cfduid$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SharedCount.com.xml b/src/chrome/content/rules/SharedCount.com.xml
index 12677710a76c..7a020e3ab512 100644
--- a/src/chrome/content/rules/SharedCount.com.xml
+++ b/src/chrome/content/rules/SharedCount.com.xml
@@ -11,16 +11,16 @@
 		<test url="http://www.sharedcount.com/" />
 		<test url="http://api.sharedcount.com/" />
 		<test url="http://docs.sharedcount.com/" />
-	
+
 		<!-- Each customer gets their own subdomain. See https://docs.sharedcount.com/ -->
 		<test url="http://business.sharedcount.com/" />
 		<test url="http://fairfaxmedia.sharedcount.com/" />
 		<test url="http://free.sharedcount.com/" />
 		<test url="http://vidiq.sharedcount.com/" />
-	
+
 		<exclusion pattern="^http://status\.sharedcount\.com/" />
 			<test url="http://status.sharedcount.com/" />
-  
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shareshight.com.xml b/src/chrome/content/rules/Shareshight.com.xml
new file mode 100644
index 000000000000..0dac6fb4a28b
--- /dev/null
+++ b/src/chrome/content/rules/Shareshight.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Sharesight.com">
+	<target host="sharesight.com" />
+	<target host="www.sharesight.com" />
+	<target host="api.sharesight.com" />
+	<target host="cmc.sharesight.com" />
+	<target host="community.sharesight.com" />
+	<target host="ebroking.sharesight.com" />
+	<target host="help.sharesight.com" />
+	<target host="pinnacle.sharesight.com" />
+	<target host="portfolio.sharesight.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SharpSpring.xml b/src/chrome/content/rules/SharpSpring.xml
index 7ddcd0c2d987..0edc05a042ba 100644
--- a/src/chrome/content/rules/SharpSpring.xml
+++ b/src/chrome/content/rules/SharpSpring.xml
@@ -10,9 +10,9 @@
 	<target host="sfdc.sharpspring.com" />
 
 
-	<securecookie host=".+\.sharpspring\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sharpmen.xml b/src/chrome/content/rules/Sharpmen.xml
index 07bf17f2bc5d..ee19d8dbd05b 100644
--- a/src/chrome/content/rules/Sharpmen.xml
+++ b/src/chrome/content/rules/Sharpmen.xml
@@ -5,7 +5,7 @@ Fetch error: http://sharpmen.com/ => https://sharpmen.com/: (35, 'error:14077438
 Fetch error: http://www.sharpmen.com/ => https://www.sharpmen.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
 
 -->
-<ruleset name="Sharpmen" default_off='failed ruleset test'>
+<ruleset name="Sharpmen" default_off="failed ruleset test">
 
 	<target host="sharpmen.com" />
 	<target host="www.sharpmen.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.sharpmen.com/ => https://www.sharpmen.com/: (35, 'error:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shashkovs.ru.xml b/src/chrome/content/rules/Shashkovs.ru.xml
new file mode 100644
index 000000000000..bb1541235de0
--- /dev/null
+++ b/src/chrome/content/rules/Shashkovs.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="Shashkovs.ru">
+	<target host="shashkovs.ru" />
+	<target host="www.shashkovs.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shatiby.edu.sa.xml b/src/chrome/content/rules/Shatiby.edu.sa.xml
new file mode 100644
index 000000000000..8c4ad0319b29
--- /dev/null
+++ b/src/chrome/content/rules/Shatiby.edu.sa.xml
@@ -0,0 +1,9 @@
+<ruleset name="Shatiby.edu.sa" platform="mixedcontent">
+	<target host="shatiby.edu.sa" />
+	<target host="www.shatiby.edu.sa" />
+	<target host="multqa.shatiby.edu.sa" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shaun_Lorrain.com.au.xml b/src/chrome/content/rules/Shaun_Lorrain.com.au.xml
index 305973c6309c..60cb6bc5b5ee 100644
--- a/src/chrome/content/rules/Shaun_Lorrain.com.au.xml
+++ b/src/chrome/content/rules/Shaun_Lorrain.com.au.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.shaunlorrain.com.au/ => https://www.shaunlorrain.com.au/
 	* Secured by us
 
 -->
-<ruleset name="Shaun Lorrain.com.au" default_off='failed ruleset test'>
+<ruleset name="Shaun Lorrain.com.au" default_off="failed ruleset test">
 
 	<target host="shaunlorrain.com.au" />
 	<target host="www.shaunlorrain.com.au" />
diff --git a/src/chrome/content/rules/Shazam.xml b/src/chrome/content/rules/Shazam.xml
index 4b832eb2e769..a502d459f59a 100644
--- a/src/chrome/content/rules/Shazam.xml
+++ b/src/chrome/content/rules/Shazam.xml
@@ -4,7 +4,6 @@
 	Other Shazam rulesets:
 
 		- My_Shazam.com.xml
-		- ShazamID.com.xml
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/ShazamID.com.xml b/src/chrome/content/rules/ShazamID.com.xml
deleted file mode 100644
index 8baf9b5556ee..000000000000
--- a/src/chrome/content/rules/ShazamID.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Shazam coverage, see Shazam.xml.
-
--->
-<ruleset name="ShazamID.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="orbit.shazamid.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sheet-Music-Plus.xml b/src/chrome/content/rules/Sheet-Music-Plus.xml
index 4c4288c97ba3..404672b6801d 100644
--- a/src/chrome/content/rules/Sheet-Music-Plus.xml
+++ b/src/chrome/content/rules/Sheet-Music-Plus.xml
@@ -3,7 +3,9 @@
 <ruleset name="Sheet Music Plus (partial)" platform="mixedcontent">
 
 	<target host="sheetmusicplus.com"/>
-	<target host="*.sheetmusicplus.com"/>
+	<target host="www.sheetmusicplus.com" />
+	<target host="assets.sheetmusicplus.com" />
+	<target host="ssl.assets.sheetmusicplus.com" />
 
 	<rule from="^http://sheetmusicplus\.com/"
 		to="https://www.sheetmusicplus.com/"/>
@@ -11,7 +13,7 @@
 	<rule from="^http://www\.sheetmusicplus\.com/(account/orders|affiliates|cart/save_item|checkout|easyrebates|favicon\.ico|newsletter/signup|sign_(in|up))"
 		to="https://www.sheetmusicplus.com/$1"/>
 
-	<!--	internapcdn.net covers ssl.assets, but the latter presents a cloudfront cert.	
+	<!--	internapcdn.net covers ssl.assets, but the latter presents a cloudfront cert.
 			It also covers ssl.staging.assets.sheetmusicplus.com, but that doesn't
 		seem to exist.
 						-->
diff --git a/src/chrome/content/rules/Sheffield.gov.uk.xml b/src/chrome/content/rules/Sheffield.gov.uk.xml
index 6b71aea5d19e..8a054e08e78a 100644
--- a/src/chrome/content/rules/Sheffield.gov.uk.xml
+++ b/src/chrome/content/rules/Sheffield.gov.uk.xml
@@ -30,7 +30,7 @@ Fetch error: http://taxbenefits.sheffield.gov.uk/ => https://taxbenefits.sheffie
 		- signpostsheffield.sheffield.gov.uk
 
 -->
-<ruleset name="Sheffield.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Sheffield.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="sheffield.gov.uk" />
 	<target host="data.sheffield.gov.uk" />
diff --git a/src/chrome/content/rules/SheldonBrown.com.xml b/src/chrome/content/rules/SheldonBrown.com.xml
new file mode 100644
index 000000000000..db70edd96189
--- /dev/null
+++ b/src/chrome/content/rules/SheldonBrown.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="SheldonBrown.com">
+	<target host="sheldonbrown.com" />
+	<target host="www.sheldonbrown.com" />
+	<target host="cdn.sheldonbrown.com" />
+	<target host="cdn-4.sheldonbrown.com" />
+	<target host="cdn-6.sheldonbrown.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shellspace.net.xml b/src/chrome/content/rules/Shellspace.net.xml
deleted file mode 100644
index 63c59f36067e..000000000000
--- a/src/chrome/content/rules/Shellspace.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="shellspace.net">
-
-	<target host="shellspace.net" />
-	<target host="www.shellspace.net" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shenandoah_University.xml b/src/chrome/content/rules/Shenandoah_University.xml
deleted file mode 100644
index 014122029017..000000000000
--- a/src/chrome/content/rules/Shenandoah_University.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	CDN buckets:
-
-		- 8e30e7d033d0eb544c88-cfde4bf79d8fc6cacaa1550c45dd6099.r25.cf1.rackcdn.com
-
-			- cdn
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
--->
-<ruleset name="Shenandoah University (partial)">
-
-	<target host="cdn.su.edu" />
-
-
-	<rule from="^http://cdn\.su\.edu/"
-		to="https://8e30e7d033d0eb544c88-cfde4bf79d8fc6cacaa1550c45dd6099.ssl.cf1.rackcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sheperds_Friendly_Society.xml b/src/chrome/content/rules/Sheperds_Friendly_Society.xml
deleted file mode 100644
index 93ef4413f346..000000000000
--- a/src/chrome/content/rules/Sheperds_Friendly_Society.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(mismatched, CN: www.lutroninstaller.com)
-
--->
-<ruleset name="Sheperds Friendly Society">
-
-	<target host="shepherdsfriendly.co.uk" />
-	<target host="www.shepherdsfriendly.co.uk" />
-
-
-	<securecookie host="^www\.shepherdsfriendly\.co\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Shift_Payments.com.xml b/src/chrome/content/rules/Shift_Payments.com.xml
deleted file mode 100644
index fc6382d8aaf0..000000000000
--- a/src/chrome/content/rules/Shift_Payments.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Shift Payments.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="shiftpayments.com" />
-	<target host="www.shiftpayments.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shinobi.jp.xml b/src/chrome/content/rules/Shinobi.jp.xml
new file mode 100644
index 000000000000..1346adbc6ef1
--- /dev/null
+++ b/src/chrome/content/rules/Shinobi.jp.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Mixed content blocking (MCB) triggered:
+		- www.shinobi.jp
+-->
+<ruleset name="Shinobi.jp (partial)">
+	<target host="shinobi.jp" />
+	<target host="omt.shinobi.jp" />
+	<test url="http://omt.shinobi.jp/b/13110666b3d3ace36c79eaba55c9c7f5" />
+	<target host="st.shinobi.jp" />
+	<test url="http://st.shinobi.jp/img/services/admaxdsp/static/javascripts/trac.js" />
+	<target host="sync.shinobi.jp" />
+	<test url="http://sync.shinobi.jp/v2/sync/control" />
+	<target host="v2st.shinobi.jp" />
+	<test url="http://v2st.shinobi.jp/jquery/1.11.2/jquery.min.js" />
+	<target host="xa.shinobi.jp" />
+	<target host="x9.shinobi.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shipment.xml b/src/chrome/content/rules/Shipment.xml
index b4a95b9bd541..5e56a09fdf05 100644
--- a/src/chrome/content/rules/Shipment.xml
+++ b/src/chrome/content/rules/Shipment.xml
@@ -5,7 +5,7 @@ Fetch error: http://ship-ment.com/ => https://ship-ment.com/: (60, 'SSL certific
 Fetch error: http://www.ship-ment.com/ => https://www.ship-ment.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Shipment" default_off='failed ruleset test'>
+<ruleset name="Shipment" default_off="failed ruleset test">
 
 	<target host="ship-ment.com" />
 	<target host="www.ship-ment.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.ship-ment.com/ => https://www.ship-ment.com/: (60, 'SSL
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ShippingWatch.xml b/src/chrome/content/rules/ShippingWatch.xml
index 71834c8b3410..a453e10e8ab8 100644
--- a/src/chrome/content/rules/ShippingWatch.xml
+++ b/src/chrome/content/rules/ShippingWatch.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.shippingwatch.dk/ => https://www.shippingwatch.dk/: (51,
     http://shippingwatch.dk/template/swVer1-0/css/main.css?rev=35794
   is essential for the layout but is served through http.
 -->
-<ruleset name="ShippingWatch (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="ShippingWatch (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="shippingwatch.dk" />
 	<target host="www.shippingwatch.dk" />
 
diff --git a/src/chrome/content/rules/Shipto.com.xml b/src/chrome/content/rules/Shipto.com.xml
index d21c775a6d66..e1e8aae5b448 100644
--- a/src/chrome/content/rules/Shipto.com.xml
+++ b/src/chrome/content/rules/Shipto.com.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?shipto\.com/(en/questions(?:$|\?|/)|favicon\.ico|qa-theme/)"
 		to="https://$1shipto.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shmoop.com.xml b/src/chrome/content/rules/Shmoop.com.xml
index db934ea84b91..3ae5b8191df9 100644
--- a/src/chrome/content/rules/Shmoop.com.xml
+++ b/src/chrome/content/rules/Shmoop.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Shmoop.com (partial)">
 
 	<target host="shmoop.com" />
-	<target host="*.shmoop.com" />
+	<target host="www.shmoop.com" />
+	<target host="media1.shmoop.com" />
 		<!--exclusion pattern="^http://(www\.)?shmoop\.com/+($|\?|errorpage\.php|favicon\.ico|public/terms/)" /-->
 
 
@@ -23,6 +24,6 @@
 		to="https://www.shmoop.com/" />
 
 	<rule from="^http://media1\.shmoop\.com/"
-		to="https://d32v6r6fgi4k49.cloudfront.net/" />
+		to="https://media1.shmoop.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shobohat.com.xml b/src/chrome/content/rules/Shobohat.com.xml
deleted file mode 100644
index d7fa35dd3516..000000000000
--- a/src/chrome/content/rules/Shobohat.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Shobohat.com">
-	<target host="shobohat.com" />
-	<target host="www.shobohat.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Shock_Media.nl.xml b/src/chrome/content/rules/Shock_Media.nl.xml
index 45050670be6b..d897f52e8aa9 100644
--- a/src/chrome/content/rules/Shock_Media.nl.xml
+++ b/src/chrome/content/rules/Shock_Media.nl.xml
@@ -16,7 +16,9 @@ Fetch error: http://shockmedia.nl/ => https://www.shockmedia.nl/: (28, 'Connecti
 <ruleset name="Shock Media.nl">
 
 	<target host="shockmedia.nl" />
-	<target host="*.shockmedia.nl" />
+	<target host="www.shockmedia.nl" />
+	<target host="my.shockmedia.nl" />
+	<target host="webmail.shockmedia.nl" />
 
 
 	<securecookie host=".+\.shockmedia\.nl$" name=".+" />
@@ -25,7 +27,6 @@ Fetch error: http://shockmedia.nl/ => https://www.shockmedia.nl/: (28, 'Connecti
 	<rule from="^http://(?:www\.)?shockmedia\.nl/"
 		to="https://www.shockmedia.nl/" />
 
-	<rule from="^http://(my|webmail)\.shockmedia\.nl/"
-		to="https://$1.shockmedia.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ShoeShow.xml b/src/chrome/content/rules/ShoeShow.xml
index 0ef38f2ccd86..e7d5be99ea49 100644
--- a/src/chrome/content/rules/ShoeShow.xml
+++ b/src/chrome/content/rules/ShoeShow.xml
@@ -4,4 +4,4 @@
 	<target host="www.shoeshow.com.au" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shoebuy.com.xml b/src/chrome/content/rules/Shoebuy.com.xml
index e06b3cd6e3f0..dffbf9aaf3c0 100644
--- a/src/chrome/content/rules/Shoebuy.com.xml
+++ b/src/chrome/content/rules/Shoebuy.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://att-i.shoebuy.com/ => https://att-i.shoebuy.com/: (51, "SSL:
 		- i		(→ akamai)
 
 -->
-<ruleset name="Shoebuy.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Shoebuy.com (partial)" default_off="failed ruleset test">
 
 	<target host="shoebuy.com" />
 	<target host="www.shoebuy.com" />
diff --git a/src/chrome/content/rules/ShopCo.com.xml b/src/chrome/content/rules/ShopCo.com.xml
index e0b3baf3b90e..303b356b0c17 100644
--- a/src/chrome/content/rules/ShopCo.com.xml
+++ b/src/chrome/content/rules/ShopCo.com.xml
@@ -9,10 +9,10 @@
 	<target host="*.shopco.com" />
 
 
-	<securecookie host=".+\.shopco\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?!www\.)([\w-]+)\.shopco\.com/"
 		to="https://$1.shopco.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ShopLocal.xml b/src/chrome/content/rules/ShopLocal.xml
index 69f66a433ebf..3b93d4076167 100644
--- a/src/chrome/content/rules/ShopLocal.xml
+++ b/src/chrome/content/rules/ShopLocal.xml
@@ -34,9 +34,14 @@ Fetch error: http://shoplocal.com/ => https://shoplocal.com/: (60, 'SSL certific
 -->
 <ruleset name="ShopLocal" platform="mixedcontent">
 
-        <target host="*.crossmediaservices.com" />
+        <target host="images.crossmediaservices.com" />
+        <target host="akimages.crossmediaservices.com" />
 	<target host="shoplocal.com" />
-	<target host="*.shoplocal.com" />
+	<target host="akimages.shoplocal.com" />
+	<target host="sl2.shoplocal.com" />
+	<target host="support.shoplocal.com" />
+	<target host="wiki.shoplocal.com" />
+	<target host="www.shoplocal.com" />
 
 
 	<securecookie host="^(?:support|wiki|www)\.shoplocal\.com$" name=".+" />
@@ -45,7 +50,6 @@ Fetch error: http://shoplocal.com/ => https://shoplocal.com/: (60, 'SSL certific
 	<rule from="^http://(?:ak)?images\.crossmediaservices\.com/"
 		to="https://akimages.shoplocal.com/" />
 
-	<rule from="^http://((?:akimages|sl2|support|wiki|www)\.)?shoplocal\.com/"
-		to="https://$1shoplocal.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ShopPBS.org.xml b/src/chrome/content/rules/ShopPBS.org.xml
new file mode 100644
index 000000000000..163adbe11791
--- /dev/null
+++ b/src/chrome/content/rules/ShopPBS.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="ShopPBS.org">
+	<target host="shoppbs.org" />
+	<target host="www.shoppbs.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopToIt.ca.xml b/src/chrome/content/rules/ShopToIt.ca.xml
new file mode 100644
index 000000000000..e738405f469f
--- /dev/null
+++ b/src/chrome/content/rules/ShopToIt.ca.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection refused:
+		- retailers.shoptoit.ca
+		- smallbusiness.shoptoit.ca
+
+	Invalid certificate:
+		- shoptoit.ca, equivalent to www.shoptoit.ca
+		- fr.shoptoit.ca
+		- listingsca.shoptoit.ca, equivalent to www.shoptoit.ca
+		- yahoo.shoptoit.ca
+-->
+
+<ruleset name="ShopToIt.ca">
+	<target host="shoptoit.ca" />
+	<target host="www.shoptoit.ca" />
+	<target host="listingsca.shoptoit.ca" />
+	<target host="merchants.shoptoit.ca" />
+
+	<rule from="^http://(listingsca\.)?shoptoit\.ca/"
+		to="https://www.shoptoit.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopWiki.com.xml b/src/chrome/content/rules/ShopWiki.com.xml
new file mode 100644
index 000000000000..7d8305a89eb3
--- /dev/null
+++ b/src/chrome/content/rules/ShopWiki.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Peer certificate cannot be authenticated with given CA certificates:
+		- shopwiki.com
+		- redir.shopwiki.com
+		- www.shopwiki.com
+-->
+<ruleset name="ShopWiki.com" default_off="cert-invalid">
+	<target host="shopwiki.com" />
+	<target host="www.shopwiki.com" />
+	<target host="redir.shopwiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShopWiki.xml b/src/chrome/content/rules/ShopWiki.xml
deleted file mode 100644
index a5c6546fc2bf..000000000000
--- a/src/chrome/content/rules/ShopWiki.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://shopwiki.com/ => https://shopwiki.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
-	For other Oversee.net coverage, see Oversee.xml.
-
-
-	CDN buckets:
-
-		- i.s.shopwiki.com.cdngc.net
-
-			- si[0-5].shopwiki.com
-
-		- d2wh0l1jxh2l45.cloudfront.net
-			- static2.shopwiki.com
-
-		- Possible bucket at https://s3.amazonaws.com/shopwiki/
-
-		- shopwiki.co.uk.edgesuite.net
-
-			- l.shwcd.com
-			- s.shwcd.com
-
-
-	Nonfunctional subdomains:
-
-		- i.s		(reset, CN: ssl2.cdngc.net)
-		- si0		(403; mismatched, CN: support2.cdnetworks.net)
-		- si[134]	(403; mismatched, CN: ssl2.cdngc.net)
-		- static	(403, CN: support4.cdnetworks.net)
-
-		- l.shwcd.com	(shows shopwiki.com, akamai)
-
-
-	Problematic domains:
-
-		- s.shwcd.com	(works, akamai)
-
--->
-<ruleset name="ShopWiki (partial)" platform="mixedcontent">
-
-	<target host="shopwiki.com" />
-	<target host="*.shopwiki.com" />
-
-
-	<securecookie host="^.*\.shopwiki\.com$" name=".+" />
-
-
-	<rule from="^http://((?:redir|staticssl|wiki|www)\.)?shopwiki\.com/"
-		to="https://$1shopwiki.com/" />
-
-	<rule from="^http://static2\.shopwiki\.com/"
-		to="https://d2wh0l1jxh2l45.cloudfront.net/" />
-
-	<rule from="^http://s\.shwcd\.com/"
-		to="https://www.shopwiki.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shopatron.xml b/src/chrome/content/rules/Shopatron.xml
index 19d44b5797b0..4f77e5b4d8fc 100644
--- a/src/chrome/content/rules/Shopatron.xml
+++ b/src/chrome/content/rules/Shopatron.xml
@@ -30,12 +30,15 @@ Fetch error: http://shopatron.com/ => https://shopatron.com/: (7, 'Failed to con
 		- cdn.shptrn.com
 
 -->
-<ruleset name="Shopatron (partial)" default_off='failed ruleset test'>
+<ruleset name="Shopatron (partial)" default_off="failed ruleset test">
 
 	<target host="orderhlp.com" />
 	<target host="www.orderhlp.com" />
 	<target host="shopatron.com" />
-	<target host="*.shopatron.com" />
+	<target host="media.shopatron.com" />
+	<target host="mss.shopatron.com" />
+	<target host="www.shopatron.com" />
+	<target host="mediacdn.shopatron.com" />
 	<target host="cdn.shptrn.com" />
 
 
@@ -45,13 +48,10 @@ Fetch error: http://shopatron.com/ => https://shopatron.com/: (7, 'Failed to con
 	<rule from="^http://(?:www\.)?orderhlp\.com/"
 		to="https://www.orderhlp.com/" />
 
-	<rule from="^http://(media\.|mss\.|www\.)?shopatron\.com/"
-		to="https://$1shopatron.com/" />
 
 	<rule from="^http://mediacdn\.shopatron\.com/"
 		to="https://media.shopatron.com/" />
 
-	<rule from="^http://cdn\.shptrn\.com/"
-		to="https://cdn.shptrn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shopfiller.com.xml b/src/chrome/content/rules/Shopfiller.com.xml
new file mode 100644
index 000000000000..1c0b56a8a9c0
--- /dev/null
+++ b/src/chrome/content/rules/Shopfiller.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Shopfiller.com">
+	<target host="shopfiller.com" />
+	<target host="www.shopfiller.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Shopify.xml b/src/chrome/content/rules/Shopify.xml
index d65aa40a15d9..7f1707c2ed86 100644
--- a/src/chrome/content/rules/Shopify.xml
+++ b/src/chrome/content/rules/Shopify.xml
@@ -3,8 +3,6 @@
 
 		- *.myshopify.com	(stores/clients)
 
-		- various shopify.com subdomains
-
 		- shopify local homepages
 
 	* Secured by us
@@ -17,26 +15,8 @@
 		<test url="http://beastmodeco.myshopify.com/" />
 		<test url="http://naiise.myshopify.com/" />
 		<test url="http://littlefreelibrary.myshopify.com/" />
-	<target host="apps.shopify.com" />
-	<target host="canada.shopify.com" />
-	<target host="cdn.shopify.com" />
-	<target host="checkout.shopify.com" />
-	<target host="developers.shopify.com" />
-	<target host="engineering.shopify.com" />
-	<target host="help.shopify.com" />
-	<target host="pay.shopify.com" />
-	<target host="static.shopify.com" />
-		<test url="http://static.shopify.com/s/files/1/0704/4335/files/NBM_AMS4590.pdf" />
-	<target host="themes.shopify.com" />
 
-	<target host="es.shopify.com" />
 	<target host="fr.shopify.ca" />
-	<target host="fr.shopify.com" />
-	<target host="hi.shopify.com" />
-	<target host="it.shopify.com" />
-	<target host="meetups.shopify.com" />
-	<target host="pt.shopify.com" />
-	<target host="ru.shopify.com" />
 	<target host="shopify.ca" />
 	<target host="shopify.co" />
 	<target host="www.shopify.co" />
@@ -48,8 +28,6 @@
 	<target host="www.shopify.co.uk" />
 	<target host="shopify.co.za" />
 	<target host="www.shopify.co.za" />
-	<target host="shopify.com" />
-	<target host="www.shopify.com" />
 	<target host="shopify.com.au" />
 	<target host="www.shopify.com.au" />
 	<target host="shopify.com.co" />
@@ -80,7 +58,6 @@
 	<!--	Cautiously avoiding cross-domain cookies for now.
 								-->
 	<securecookie host="^\w.*\.myshopify\.com$" name=".+" />
-	<securecookie host="^themes\.shopify\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Shopping.com.xml b/src/chrome/content/rules/Shopping.com.xml
deleted file mode 100644
index e1947b2060f8..000000000000
--- a/src/chrome/content/rules/Shopping.com.xml
+++ /dev/null
@@ -1,53 +0,0 @@
-<!--
-	For other eBay coverage, see EBay.xml.
-
-
-	CDN buckets:
-
-		- img.shopping.com.edgesuite.net
-
-			- di105.shopping.com
-			- img.shopping.com
-			- img.shoppingshadow.com
-
-
-	Nonfunctional subdomains:
-
-		- cheapestpricessearchengine *
-
-	* Redirects to www
-
-
-	Problematic subdomains:
-
-		- di ¹
-		- di105 ¹
-		- formation ²
-		- img ¹
-		- merchantsupport ³
-
-	¹ Works, akamai
-	² Works, mismatched, CN: ssl5.ovh.net
-	³ Mismatched, CN: *.mashery.com
-
-
-	Partially covered subdomains:
-
-		- developer *
-
-	* Some (most?) pages redirect to http
-
--->
-<ruleset name="Shopping.com (partial)">
-
-	<target host="*.shopping.com" />
-		<exclusion pattern="^http://developer\.shopping\.com/(?!files/|login/|member/|public/)" />
-
-
-	<securecookie host="^(?!developer).+\.shopping\.com$" name=".+" />
-
-
-	<rule from="^http://(developer|haendler|marchand|(?:uk)?merchant|partners)\.shopping\.com/"
-		to="https://$1.shopping.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shopping_Cart_Elite.xml b/src/chrome/content/rules/Shopping_Cart_Elite.xml
index 57746bccd5c3..2010e0ce4519 100644
--- a/src/chrome/content/rules/Shopping_Cart_Elite.xml
+++ b/src/chrome/content/rules/Shopping_Cart_Elite.xml
@@ -10,9 +10,9 @@
 	<target host="www.shoppingcartelite.com" />
 
 
-	<securecookie host="^(?:.*\.)?shoppingcartelite\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shoppingshadow.com.xml b/src/chrome/content/rules/Shoppingshadow.com.xml
deleted file mode 100644
index 32f36c581cbd..000000000000
--- a/src/chrome/content/rules/Shoppingshadow.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other eBay coverage, see EBay.xml.
-
-
-	Fully covered domains:
-
-		- img.shoppingshadow.com	(→ img.shopping.com)
-
--->
-<ruleset name="shoppingshadow.com" default_off="mismatched">
-
-	<target host="img.shoppingshadow.com" />
-
-
-	<rule from="^http://img\.shoppingshadow\.com/"
-		to="https://img.shopping.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shoptiques.com.xml b/src/chrome/content/rules/Shoptiques.com.xml
index cf0fd1ae88e7..559fa62d7304 100644
--- a/src/chrome/content/rules/Shoptiques.com.xml
+++ b/src/chrome/content/rules/Shoptiques.com.xml
@@ -14,7 +14,8 @@
 <ruleset name="Shoptiques.com (partial)">
 
 	<target host="shoptiques.com" />
-	<target host="*.shoptiques.com" />
+	<target host="www.shoptiques.com" />
+	<target host="metrics.shoptiques.com" />
 	<target host="cdn2.shoptiques.net" />
 
 
@@ -27,4 +28,4 @@
 	<rule from="^http://cdn2\.shoptiques\.net/"
 		to="https://d2csjd0bj2nauk.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shopware.de.xml b/src/chrome/content/rules/Shopware.de.xml
deleted file mode 100644
index 4b6c403f7f0c..000000000000
--- a/src/chrome/content/rules/Shopware.de.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://shopware.de/ => https://shopware.de/: Cycle detected - URL already encountered: http://www.shopware.de/
--->
-<ruleset name="Shopware.de (partial)">
-
-	<target host="shopware.de" />
-	<target host="www.shopware.de" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.shopware\.de/+($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.shopware\.de/+(?!favicon\.ico|images/|templates/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Shopzilla.xml b/src/chrome/content/rules/Shopzilla.xml
index 938d2057c4ee..52397e8666f0 100644
--- a/src/chrome/content/rules/Shopzilla.xml
+++ b/src/chrome/content/rules/Shopzilla.xml
@@ -10,10 +10,11 @@ Fetch error: http://shopzilla.com/ => https://www.shopzilla.com/: (35, 'Unknown
 		- Bizrate.com.xml
 
 -->
-<ruleset name="Shopzilla (partial)" default_off='failed ruleset test'>
+<ruleset name="Shopzilla (partial)" default_off="failed ruleset test">
 
 	<target host="shopzilla.com" />
-	<target host="*.shopzilla.com" />
+	<target host="www.shopzilla.com" />
+	<target host="merchant.shopzilla.com" />
 
 
 	<securecookie host="^\.shopzilla\.com$" name=".+" />
@@ -23,7 +24,6 @@ Fetch error: http://shopzilla.com/ => https://www.shopzilla.com/: (35, 'Unknown
 	<rule from="^http://(?:www\.)?shopzilla\.com/"
 		to="https://www.shopzilla.com/" />
 
-	<rule from="^http://merchant\.shopzilla\.com/"
-		to="https://merchant.shopzilla.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ShortList.xml b/src/chrome/content/rules/ShortList.xml
index c530a72bf61a..4558a118e2cf 100644
--- a/src/chrome/content/rules/ShortList.xml
+++ b/src/chrome/content/rules/ShortList.xml
@@ -45,7 +45,7 @@ Fetch error: http://shortlist.com/ => https://www.shortlist.com/: Too many redir
 	ˢ Secured by us
 
 -->
-<ruleset name="ShortList.com" default_off='failed ruleset test'>
+<ruleset name="ShortList.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Shorty_Awards.com.xml b/src/chrome/content/rules/Shorty_Awards.com.xml
index 883ff796d055..fa1771c99644 100644
--- a/src/chrome/content/rules/Shorty_Awards.com.xml
+++ b/src/chrome/content/rules/Shorty_Awards.com.xml
@@ -26,7 +26,8 @@
 -->
 <ruleset name="Shorty Awards.com (partial)">
 
-	<target host="*.shortyawards.com" />
+	<target host="cdn.shortyawards.com" />
+	<target host="industry.shortyawards.com" />
 
 
 	<!--	Tracking cookies:
@@ -40,4 +41,4 @@
 	<rule from="^http://industry\.shortyawards\.com/(account|static)/"
 		to="https://industry.shortyawards.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shoryuken.com.xml b/src/chrome/content/rules/Shoryuken.com.xml
index b1017d9fd422..210bc38f59db 100644
--- a/src/chrome/content/rules/Shoryuken.com.xml
+++ b/src/chrome/content/rules/Shoryuken.com.xml
@@ -16,12 +16,12 @@
 		mail.shoryuken.com
 -->
 <ruleset name="Shoryuken">
-	
+
 	<target host="shoryuken.com" />
 	<target host="www.shoryuken.com" />
 	<target host="evo.shoryuken.com" />
 	<target host="stage.shoryuken.com" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Shotgun_Club.xml b/src/chrome/content/rules/Shotgun_Club.xml
deleted file mode 100644
index c6963bc242a2..000000000000
--- a/src/chrome/content/rules/Shotgun_Club.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Shotgun Club">
-
-	<target host="shotgunclub.com" />
-	<target host="www.shotgunclub.com" />
-
-
-	<securecookie host="^(?:w*\.)?shotgunclub\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ShouldIAnswer.xml b/src/chrome/content/rules/ShouldIAnswer.xml
new file mode 100644
index 000000000000..672d47bff54c
--- /dev/null
+++ b/src/chrome/content/rules/ShouldIAnswer.xml
@@ -0,0 +1,92 @@
+<!--
+	Invalid certificate:
+		- chistachiamando.it, equivalent to www.chistachiamando.it
+		- doisjerepondre.fr, equivalent to www.doisjerepondre.fr
+		- mozemtozdvihnut.sk, equivalent to www.mozemtozdvihnut.sk
+		- muzutozvednout.cz, equivalent to www.muzutozvednout.cz
+		- neberitrubku.ru, equivalent to www.neberitrubku.ru
+		- odebractelefon.pl, equivalent to www.odebractelefon.pl
+		- responderono.es, equivalent to www.responderono.es
+		- shouldianswer.co.uk, equivalent to www.shouldianswer.co.uk
+		- shouldianswer.com, equivalent to www.shouldianswer.com
+		- sollichannehmen.de, equivalent to www.sollichannehmen.de
+-->
+
+<ruleset name="ShouldIAnswer">
+	<target host="chistachiamando.it" />
+	<target host="www.chistachiamando.it" />
+	<target host="doisjerepondre.fr" />
+	<target host="www.doisjerepondre.fr" />
+	<target host="mozemtozdvihnut.sk" />
+	<target host="www.mozemtozdvihnut.sk" />
+	<target host="muzutozvednout.cz" />
+	<target host="www.muzutozvednout.cz" />
+	<target host="neberitrubku.ru" />
+	<target host="www.neberitrubku.ru" />
+	<target host="odebractelefon.pl" />
+	<target host="www.odebractelefon.pl" />
+	<target host="responderono.es" />
+	<target host="www.responderono.es" />
+	<target host="shouldianswer.co.uk" />
+	<target host="www.shouldianswer.co.uk" />
+	<target host="shouldianswer.com" />
+	<target host="www.shouldianswer.com" />
+	<target host="shouldianswer.net" />
+	<target host="www.shouldianswer.net" />
+	<target host="au.shouldianswer.net" />
+	<target host="ar.shouldianswer.net" />
+	<target host="at.shouldianswer.net" />
+	<target host="be.shouldianswer.net" />
+	<target host="br.shouldianswer.net" />
+	<target host="co.shouldianswer.net" />
+	<target host="ci.shouldianswer.net" />
+	<target host="cn.shouldianswer.net" />
+	<target host="cd.shouldianswer.net" />
+	<target host="cl.shouldianswer.net" />
+	<target host="dk.shouldianswer.net" />
+	<target host="fi.shouldianswer.net" />
+	<target host="hu.shouldianswer.net" />
+	<target host="in.shouldianswer.net" />
+	<target host="id.shouldianswer.net" />
+	<target host="ie.shouldianswer.net" />
+	<target host="jp.shouldianswer.net" />
+	<target host="ke.shouldianswer.net" />
+	<target host="mx.shouldianswer.net" />
+	<target host="nl.shouldianswer.net" />
+	<target host="nz.shouldianswer.net" />
+	<target host="ng.shouldianswer.net" />
+	<target host="no.shouldianswer.net" />
+	<target host="pe.shouldianswer.net" />
+	<target host="ph.shouldianswer.net" />
+	<target host="pt.shouldianswer.net" />
+	<target host="sn.shouldianswer.net" />
+	<target host="za.shouldianswer.net" />
+	<target host="se.shouldianswer.net" />
+	<target host="ch.shouldianswer.net" />
+	<target host="ve.shouldianswer.net" />
+	<target host="sollichannehmen.de" />
+	<target host="www.sollichannehmen.de" />
+
+	<rule from="^http://chistachiamando\.it/"
+		to="https://www.chistachiamando.it/" />
+	<rule from="^http://doisjerepondre\.fr/"
+		to="https://www.doisjerepondre.fr/" />
+	<rule from="^http://mozemtozdvihnut\.sk/"
+		to="https://www.mozemtozdvihnut.sk/" />
+	<rule from="^http://muzutozvednout\.cz/"
+		to="https://www.muzutozvednout.cz/" />
+	<rule from="^http://neberitrubku\.ru/"
+		to="https://www.neberitrubku.ru/" />
+	<rule from="^http://odebractelefon\.pl/"
+		to="https://www.odebractelefon.pl/" />
+	<rule from="^http://responderono\.es/"
+		to="https://www.responderono.es/" />
+	<rule from="^http://shouldianswer\.co\.uk/"
+		to="https://www.shouldianswer.co.uk/" />
+	<rule from="^http://shouldianswer\.com/"
+		to="https://www.shouldianswer.com/" />
+	<rule from="^http://sollichannehmen\.de/"
+		to="https://www.sollichannehmen.de/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShoutWiki.com.xml b/src/chrome/content/rules/ShoutWiki.com.xml
new file mode 100644
index 000000000000..68b1685dfcec
--- /dev/null
+++ b/src/chrome/content/rules/ShoutWiki.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- ^
+		- www
+		- blog
+
+	ShoutWiki.com has a wildcard DNS record, so enumerating all subdomains is impossible.
+-->
+<ruleset name="ShoutWiki.com">
+	<target host="images.shoutwiki.com" />
+	<target host="phab-storage.shoutwiki.com" />
+	<target host="phabricator.shoutwiki.com" />
+	<target host="staff.shoutwiki.com" />
+	<target host="piwik.staff.shoutwiki.com" />
+	<target host="support.shoutwiki.com" />
+	<target host="support-dev.shoutwiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ShowMeCon.com.xml b/src/chrome/content/rules/ShowMeCon.com.xml
index 4b39e23c276a..cba97961db86 100644
--- a/src/chrome/content/rules/ShowMeCon.com.xml
+++ b/src/chrome/content/rules/ShowMeCon.com.xml
@@ -8,7 +8,7 @@
 <ruleset name="ShowMeCon.com (partial)">
 
 	<target host="showmecon.com" />
-	<target host="*.showmecon.com" />
+	<target host="www.showmecon.com" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Showcase-TV.xml b/src/chrome/content/rules/Showcase-TV.xml
index b1a46a534c87..0237431a2f3c 100644
--- a/src/chrome/content/rules/Showcase-TV.xml
+++ b/src/chrome/content/rules/Showcase-TV.xml
@@ -1,32 +1,11 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://hadalog.jp/ => https://hadalog.jp/: (35, 'Unknown SSL protocol error in connection to hadalog.jp:443 ')
-Fetch error: http://hoku.co.jp/ => https://hoku.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.hoku.co.jp/ => https://www.hoku.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.navicast.co.jp/ => https://www.navicast.co.jp/: (6, 'Could not resolve host: www.navicast.co.jp')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://click-finder.jp/ => https://click-finder.jp/: (35, 'Unknown SSL protocol error in connection to click-finder.jp:443 ')
-Fetch error: http://hadalog.jp/ => https://hadalog.jp/: (35, 'Unknown SSL protocol error in connection to hadalog.jp:443 ')
-Fetch error: http://navicast.co.jp/ => https://navicast.co.jp/: (35, 'Unknown SSL protocol error in connection to navicast.co.jp:443 ')
-Fetch error: http://www.navicast.co.jp/ => https://www.navicast.co.jp/: (35, 'Unknown SSL protocol error in connection to www.navicast.co.jp:443 ')
-Fetch error: http://showcase-tv.com/ => https://showcase-tv.com/: (35, 'Unknown SSL protocol error in connection to showcase-tv.com:443 ')
-Fetch error: http://www.showcase-tv.com/ => https://www.showcase-tv.com/: (35, 'Unknown SSL protocol error in connection to www.showcase-tv.com:443 ')
-Fetch error: http://click.showcase-tv.jp/ => https://click.showcase-tv.jp/: (35, 'Unknown SSL protocol error in connection to click.showcase-tv.jp:443 ')
--->
-<ruleset name="Showcase-TV" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="click-finder.jp"/>
+<ruleset name="Showcase-TV">
 	<target host="hadalog.jp"/>
+
 	<target host="hoku.co.jp"/>
 	<target host="www.hoku.co.jp"/>
-	<target host="navicast.co.jp"/>
-	<target host="www.navicast.co.jp"/>
+
 	<target host="showcase-tv.com"/>
 	<target host="www.showcase-tv.com"/>
-	<target host="click.showcase-tv.jp"/>
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Showcase.ca-problematic.xml b/src/chrome/content/rules/Showcase.ca-problematic.xml
deleted file mode 100644
index 4d5990b74d9a..000000000000
--- a/src/chrome/content/rules/Showcase.ca-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Showcase.ca.xml.
-
--->
-<ruleset name="Showcase.ca (mismatched)" default_off="mismatched">
-
-	<target host="showcase.ca" />
-	<target host="www.showcase.ca" />
-
-
-	<securecookie host="^www\.showcase\.ca$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?showcase\.ca/"
-		to="https://www.showcase.ca/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Showcase.ca.xml b/src/chrome/content/rules/Showcase.ca.xml
index de456e96c907..4ce298541b15 100644
--- a/src/chrome/content/rules/Showcase.ca.xml
+++ b/src/chrome/content/rules/Showcase.ca.xml
@@ -1,66 +1,11 @@
 <!--
-	For problematic rules, see Showcase.ca-problematic.xml.
-
-
 	Other Showcase Media rulesets:
-
 		- Smdg.ca.xml
-
-
-	CDN buckets:
-
-		- s3.amazonaws.com/smdgstatic/
-
-		- d2wk97pdwmv7mo.cloudfront.net
-
-			- media
-
-		- www.showcase.ca.edgesuite.net
-
-			- a1694.g.akamai.net
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- media ²
-		- www ³
-
-	¹ Refused
-	² cloudfront
-	³ Works, akamai
-
-
-	Mixed content:
-
-		- Images, on www from:
-
-			- media ¹
-			- static.smdg.ca ¹
-
-		- favicon from $self ¹
-
-	¹ Secured by us
-
 -->
-<ruleset name="Showcase.ca (partial)">
-
+<ruleset name="Showcase.ca">
+	<target host="showcase.ca" />
+	<target host="www.showcase.ca" />
 	<target host="media.showcase.ca" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://(www\.)?showcase\.ca/+(?!favicon\.ico|imagehandler\.axd|SharedAssets/)" /-->
-		<!--
-			At least some stylesheets reference resources relative to root:
-											-->
-		<!--exclusion pattern="^http://(www\.)?showcase\.ca/+[\w-]+/shawconnect_dynamic_assets__" /-->
-		<!--
-			Not tested:
-					-->
-		<!--exclusion pattern="^http://(www\.)?showcase\.ca/+video/" /-->
-
-
-	<rule from="^http://media\.showcase\.ca/"
-		to="https://d2wk97pdwmv7mo.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Showing_Cloud.com.xml b/src/chrome/content/rules/Showing_Cloud.com.xml
index 86e1425490a9..07541df3eb0c 100644
--- a/src/chrome/content/rules/Showing_Cloud.com.xml
+++ b/src/chrome/content/rules/Showing_Cloud.com.xml
@@ -1,7 +1,9 @@
 <ruleset name="Showing Cloud.com">
 
 	<target host="showingcloud.com" />
-	<target host="*.showingcloud.com" />
+	<target host="cn.showingcloud.com" />
+	<target host="en.showingcloud.com" />
+	<target host="www.showingcloud.com" />
 
 
 	<!--	Server doesn't secure:
@@ -9,7 +11,6 @@
 	<securecookie host="^(?:cn|www)?\.showingcloud\.com$" name=".+" />
 
 
-	<rule from="^http://((?:cn|en|www)\.)?showingcloud\.com/"
-		to="https://$1showingcloud.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Shpock.xml b/src/chrome/content/rules/Shpock.xml
index 951b561b2254..44ebbbeed13d 100644
--- a/src/chrome/content/rules/Shpock.xml
+++ b/src/chrome/content/rules/Shpock.xml
@@ -7,7 +7,7 @@
 <ruleset name="Shpock">
 
 	<target host="shpock.com" />
-	<target host="*.shpock.com" />
+	<target host="www.shpock.com" />
 
 
 	<securecookie host="^\.?shpock\.com$" name=".+" />
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?shpock\.com/"
 		to="https://shpock.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Shtuff.it.xml b/src/chrome/content/rules/Shtuff.it.xml
index 4c52d2fb823a..a8b2b7cb403c 100644
--- a/src/chrome/content/rules/Shtuff.it.xml
+++ b/src/chrome/content/rules/Shtuff.it.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://www.shtuff.it/ (200) => https://shtuff.it/ (521)
 	www: Refused
 
 -->
-<ruleset name="shtuff.it" default_off='failed ruleset test'>
+<ruleset name="shtuff.it" default_off="failed ruleset test">
 
 	<target host="shtuff.it" />
 	<target host="www.shtuff.it" />
diff --git a/src/chrome/content/rules/Shubh.am.xml b/src/chrome/content/rules/Shubh.am.xml
index bbcf75fc4923..d28d2770fdb8 100644
--- a/src/chrome/content/rules/Shubh.am.xml
+++ b/src/chrome/content/rules/Shubh.am.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.shubh.am/ => https://www.shubh.am/: (6, 'Could not resol
 		- .shubh.am
 
 -->
-<ruleset name="Shubh.am" default_off='failed ruleset test'>
+<ruleset name="Shubh.am" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Shuddle.us.xml b/src/chrome/content/rules/Shuddle.us.xml
index 092b7aea67e3..b16c434de111 100644
--- a/src/chrome/content/rules/Shuddle.us.xml
+++ b/src/chrome/content/rules/Shuddle.us.xml
@@ -6,10 +6,13 @@ Fetch error: http://shuddle.us/ => https://shuddle.us/: (28, 'Connection timed o
 	www: refused
 
 -->
-<ruleset name="Shuddle.us" default_off='failed ruleset test'>
+<ruleset name="Shuddle.us" default_off="failed ruleset test">
 
 	<target host="shuddle.us" />
-	<target host="*.shuddle.us" />
+	<target host="blog.shuddle.us" />
+	<target host="california.shuddle.us" />
+	<target host="support.shuddle.us" />
+	<target host="www.shuddle.us" />
 
 
 	<rule from="^http://(?:((?:blog|california|support)\.)|www\.)?shuddle\.us/"
diff --git a/src/chrome/content/rules/SiaHub.info.xml b/src/chrome/content/rules/SiaHub.info.xml
index 4ed6c1ade1cf..ab02834d5bf6 100644
--- a/src/chrome/content/rules/SiaHub.info.xml
+++ b/src/chrome/content/rules/SiaHub.info.xml
@@ -5,7 +5,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Siciarz.net.xml b/src/chrome/content/rules/Siciarz.net.xml
new file mode 100644
index 000000000000..e587389c462d
--- /dev/null
+++ b/src/chrome/content/rules/Siciarz.net.xml
@@ -0,0 +1,9 @@
+<!--
+	Wildcard DNS record, but no wildcard cert.
+-->
+<ruleset name="Siciarz.net">
+	<target host="siciarz.net" />
+	<target host="www.siciarz.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SideReel.com.xml b/src/chrome/content/rules/SideReel.com.xml
new file mode 100644
index 000000000000..1b966c8207d2
--- /dev/null
+++ b/src/chrome/content/rules/SideReel.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- support.sidereel.com
+
+		Status code mismatch:
+		- groundwork.sidereel.com
+-->
+<ruleset name="SideReel.com (partial)">
+	<target host="sidereel.com" />
+	<target host="www.sidereel.com" />
+	<target host="a3.sidereel.com" />
+	<target host="blog.sidereel.com" />
+	<target host="editorial.sidereel.com" />
+	<target host="s3.sidereel.com" />
+	<target host="snowball.sidereel.com" />
+	<target host="v2.sidereel.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SideReel.xml b/src/chrome/content/rules/SideReel.xml
deleted file mode 100644
index d77763bb4255..000000000000
--- a/src/chrome/content/rules/SideReel.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/sidereel-editorial/
-		- s3.amazonaws.com/sidereel-production-static/
-
-		- sidereel.com.edgesuite.net
-
-			- s3.snowball.sidereel.com
-
-
-	Nonfunctional subdomains:
-
-		- blog		(record_too_long)
-		- groundwork
-		- v2		(loops; mismatched, CN: snowball.sidereel.com)
-
-
-	Problematic domains:
-
-		- a3 *
-		- editorial *
-		- s3 *
-		- support	(mismatched, CN: *.getsatisfaction.com)
-
-	* Works, akamai
-
--->
-<ruleset name="SideReel (partial)">
-
-	<target host="sidereel.com" />
-	<target host="*.sidereel.com" />
-
-
-	<securecookie host="^snowball\.sidereel\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?sidereel\.com/(_webapi/|images/|stylesheets/|users)"
-		to="https://$1sidereel.com/$2" />
-
-	<rule from="^http://[as]3\.sidereel\.com/"
-		to="https://s3.amazonaws.com/sidereel-production-static/" />
-
-	<rule from="^http://editorial\.sidereel\.com/"
-		to="https://sidereel-editorial.s3.amazonaws.com/" />
-
-	<rule from="^http://snowball\.sidereel\.com/"
-		to="https://snowball.sidereel.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sidearm_Sports-problematic.xml b/src/chrome/content/rules/Sidearm_Sports-problematic.xml
deleted file mode 100644
index 2e8903394b15..000000000000
--- a/src/chrome/content/rules/Sidearm_Sports-problematic.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules that are on by default, see Sidearm_Sports.xml.
-
--->
-<ruleset name="Sidearm Sports (problematic)" default_off="mismatched">
-
-	<target host="sidearmsports.com" />
-	<target host="*.sidearmsports.com" />
-
-
-	<rule from="^http://(?:www\.)?sidearmsports\.com/"
-		to="https://www.sidearmsports.com/" />
-
-	<rule from="^http://blog\.sidearmsports\.com/"
-		to="https://blog.sidearmsports.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sidearm_Sports.xml b/src/chrome/content/rules/Sidearm_Sports.xml
index 3ce058b24ad9..1874e979f999 100644
--- a/src/chrome/content/rules/Sidearm_Sports.xml
+++ b/src/chrome/content/rules/Sidearm_Sports.xml
@@ -1,21 +1,12 @@
 <!--
-	For problematic rules, see Sidearm_Sports-problematic.xml.
-
-
-	Problematic subdomains:
-
-		- (www.) *
-		- blog *
-
-	* Mismatched, CN: *.gridserver.com
-
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- assets.sidearmsports.com
 -->
 <ruleset name="Sidearm Sports (partial)">
+	<target host="sidearmsports.com" />
+	<target host="blog.sidearmsports.com" />
+	<target host="www.sidearmsports.com" />
 
-	<target host="assets.sidearmsports.com" />
-
-
-	<rule from="^http://assets\.sidearmsports\.com/"
-		to="https://s3.amazonaws.com/assets.sidearmsports.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sidibouras.xml b/src/chrome/content/rules/Sidibouras.xml
deleted file mode 100644
index 98ed48c200b2..000000000000
--- a/src/chrome/content/rules/Sidibouras.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="SidiЪouras" default_off="refused">
-	<target host="sidibouras.com" />
-	<target host="www.sidibouras.com" />
-
-	<securecookie host="^(?:www)?\.sidibouras\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sidux-ev.org.xml b/src/chrome/content/rules/Sidux-ev.org.xml
deleted file mode 100644
index 36c8231bdd10..000000000000
--- a/src/chrome/content/rules/Sidux-ev.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Invalid certificate:
-		www.sidux-ev.org
-		ac-treff.sidux-ev.org
-		wiki.sidux-ev.org
-
--->
-<ruleset name="sidux-ev.org">
-
-	<target host="sidux-ev.org"/>
-	<target host="www.sidux-ev.org"/>
-
-	<rule from="^http://www\.sidux-ev\.org/"
-		to="https://sidux-ev.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Siemens.xml b/src/chrome/content/rules/Siemens.xml
index 15ae4bfcf2ca..1ed21b45c95c 100644
--- a/src/chrome/content/rules/Siemens.xml
+++ b/src/chrome/content/rules/Siemens.xml
@@ -1,5 +1,5 @@
 <!--
-	To look for Siemens.com related TLD, 
+	To look for Siemens.com related TLD,
 		please visit https://www.healthcare.siemens.com/,
 		click the "Global" button on the top lefthand corner
 
diff --git a/src/chrome/content/rules/Sierra_Club_Green_Home.xml b/src/chrome/content/rules/Sierra_Club_Green_Home.xml
index d56212542eb5..bb81b59429bd 100644
--- a/src/chrome/content/rules/Sierra_Club_Green_Home.xml
+++ b/src/chrome/content/rules/Sierra_Club_Green_Home.xml
@@ -11,7 +11,7 @@ Fetch error: http://sierraclubgreenhome.com/ => https://sierraclubgreenhome.com/
 		- wordpress	(shows www; expired 2013-01-28, mismatched, CN: sierraclubgreenhome.com)
 
 -->
-<ruleset name="Sierra Club Green Home (partial)" default_off='failed ruleset test'>
+<ruleset name="Sierra Club Green Home (partial)" default_off="failed ruleset test">
 
 	<target host="sierraclubgreenhome.com" />
 	<target host="www.sierraclubgreenhome.com" />
@@ -22,4 +22,4 @@ Fetch error: http://sierraclubgreenhome.com/ => https://sierraclubgreenhome.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SigFig.xml b/src/chrome/content/rules/SigFig.xml
index 1ccede5c352b..2a189c774886 100644
--- a/src/chrome/content/rules/SigFig.xml
+++ b/src/chrome/content/rules/SigFig.xml
@@ -49,7 +49,11 @@
 <ruleset name="SigFig.com (partial)">
 
 	<target host="sigfig.com" />
-	<target host="*.sigfig.com" />
+	<target host="beta.sigfig.com" />
+	<target host="blog.sigfig.com" />
+	<target host="secure.sigfig.com" />
+	<target host="support.sigfig.com" />
+	<target host="www.sigfig.com" />
 		<!--
 			Avoid broken MCB:
 						-->
@@ -59,7 +63,6 @@
 	<securecookie host="^\.www\.sigfig\.com$" name=".+" />
 
 
-	<rule from="^http://((?:beta|blog|secure|support|www)\.)?sigfig\.com/"
-		to="https://$1sigfig.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sigdet.nu.xml b/src/chrome/content/rules/Sigdet.nu.xml
index ce17ab9e499b..867ac33b1efe 100644
--- a/src/chrome/content/rules/Sigdet.nu.xml
+++ b/src/chrome/content/rules/Sigdet.nu.xml
@@ -5,7 +5,7 @@ Fetch error: http://sigdet.nu/ => https://sigdet.nu/: (35, 'Unknown SSL protocol
 Fetch error: http://www.sigdet.nu/ => https://www.sigdet.nu/: (35, 'Unknown SSL protocol error in connection to www.sigdet.nu:443 ')
 
 -->
-<ruleset name="Sigdet.nu" default_off='failed ruleset test'>
+<ruleset name="Sigdet.nu" default_off="failed ruleset test">
 
 	<target host="sigdet.nu" />
 	<target host="www.sigdet.nu" />
diff --git a/src/chrome/content/rules/Siggraph.org.xml b/src/chrome/content/rules/Siggraph.org.xml
index b0942335d409..b8fd5bc7de01 100644
--- a/src/chrome/content/rules/Siggraph.org.xml
+++ b/src/chrome/content/rules/Siggraph.org.xml
@@ -1,6 +1,6 @@
-<ruleset name="Siggraph.org (buggy)" default_off="https://www.eff.org/r.3bSc">
-  <target host="siggraph.org" />
-  <target host="www.siggraph.org" />
+<ruleset name="Siggraph.org">
+	<target host="siggraph.org" />
+	<target host="www.siggraph.org" />
 
-  <rule from="^http://(?:www\.)?siggraph\.org/" to="https://www.siggraph.org/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SigmaAldrich.com.xml b/src/chrome/content/rules/SigmaAldrich.com.xml
index 38f82ee80417..a00e6a2f1afd 100644
--- a/src/chrome/content/rules/SigmaAldrich.com.xml
+++ b/src/chrome/content/rules/SigmaAldrich.com.xml
@@ -1,4 +1,11 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://sigmaaldrich.com/norway.html => https://www.sigmaaldrich.com/norway.html: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://sigmaaldrich.com/ => https://www.sigmaaldrich.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.sigmaaldrich.com/ => https://www.sigmaaldrich.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	Invalid certificate:
 		sigmaaldrich.com
 		go.sigmaaldrich.com
@@ -16,13 +23,10 @@
 -->
 <ruleset name="Sigma-Aldrich.com">
 
-	<target host="sigmaaldrich.com" />
-	<target host="www.sigmaaldrich.com" />
+	<!-- target host="sigmaaldrich.com" /-->
+	<!-- target host="www.sigmaaldrich.com" /-->
 	<target host="secure.sigmaaldrich.com" />
 
-	<rule from="^http://sigmaaldrich\.com/"
-		to="https://www.sigmaaldrich.com/" />
-
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SigmaBeauty.xml b/src/chrome/content/rules/SigmaBeauty.xml
index 1c292001672d..51e82b88b8fd 100644
--- a/src/chrome/content/rules/SigmaBeauty.xml
+++ b/src/chrome/content/rules/SigmaBeauty.xml
@@ -7,10 +7,10 @@ enews. mismatch
 	<target host="www.sigmabeauty.com" />
 	<target host="sigmabeauty.com" />
 	<target host="help.sigmabeauty.com" />
-	
+
 	<!-- Fix #4684 -->
 	<exclusion pattern="^http://www\.sigmabeauty\.com/api/commerce/" />
-	
+
 	<test url="http://www.sigmabeauty.com/api/commerce/carts/current" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Signal.org.xml b/src/chrome/content/rules/Signal.org.xml
deleted file mode 100644
index 73d3a25aee68..000000000000
--- a/src/chrome/content/rules/Signal.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Signal.org">
-	<target host="signal.org" />
-	<target host="www.signal.org" />
-	<target host="support.signal.org" />
-	<target host="updates.signal.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Signals.xml b/src/chrome/content/rules/Signals.xml
index 71d20eabb694..eb050a8ebc4f 100644
--- a/src/chrome/content/rules/Signals.xml
+++ b/src/chrome/content/rules/Signals.xml
@@ -7,7 +7,10 @@
 <ruleset name="Signals">
 
 	<target host="signals.com" />
-	<target host="*.signals.com" />
+	<target host="images.signals.com" />
+	<target host="shop.signals.com" />
+	<target host="www.signals.com" />
+	<target host="www3.signals.com" />
 
 
 	<securecookie host="^\.signals\.com$" name=".+" />
@@ -16,7 +19,6 @@
 	<rule from="^http://signals\.com/"
 		to="https://www.signals.com/" />
 
-	<rule from="^http://(images|shop|www3?)\.signals\.com/"
-		to="https://$1.signals.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sigterm.no.xml b/src/chrome/content/rules/Sigterm.no.xml
index 25d31f75cfaa..a87190568a2b 100644
--- a/src/chrome/content/rules/Sigterm.no.xml
+++ b/src/chrome/content/rules/Sigterm.no.xml
@@ -14,7 +14,7 @@ Fetch error: http://clients.sigterm.no/ => https://clients.sigterm.no/: (6, 'Cou
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Sigterm.no" default_off='failed ruleset test'>
+<ruleset name="Sigterm.no" default_off="failed ruleset test">
 
 	<target host="sigterm.no" />
 	<target host="*.sigterm.no" />
diff --git a/src/chrome/content/rules/Sikur.xml b/src/chrome/content/rules/Sikur.xml
index 87506302a8be..fe8eb7b5feab 100644
--- a/src/chrome/content/rules/Sikur.xml
+++ b/src/chrome/content/rules/Sikur.xml
@@ -19,13 +19,13 @@
 	<target host="www.sikur.com" />
 
 	<securecookie host="^www\.sikur\.com$" name=".+" />
-	
+
 	<rule from="^http://granitephone\.com/"
 			to="https://www.granitephone.com/" />
 
 	<rule from="^http://sikur\.com/"
 			to="https://www.sikur.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Silent_Circle.xml b/src/chrome/content/rules/Silent_Circle.xml
index 4d53f5a59b9b..d0d061ff968d 100644
--- a/src/chrome/content/rules/Silent_Circle.xml
+++ b/src/chrome/content/rules/Silent_Circle.xml
@@ -29,7 +29,7 @@ Fetch error: http://mail.silentcircle.com/ => https://mail.silentcircle.com/: (6
 	No respone:
 		- (www.)silentcircle.org
 -->
-<ruleset name="Silent Circle" default_off='failed ruleset test'>
+<ruleset name="Silent Circle" default_off="failed ruleset test">
 	<target host="silentcircle.com" />
 	<target host="www.silentcircle.com" />
 	<target host="accounts.silentcircle.com" />
diff --git a/src/chrome/content/rules/Silicon.com.xml b/src/chrome/content/rules/Silicon.com.xml
index 5308da2da6d5..142eab5a1c9a 100644
--- a/src/chrome/content/rules/Silicon.com.xml
+++ b/src/chrome/content/rules/Silicon.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://silicon.com/ => https://www.silicon.com/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://www.silicon.com/ => https://www.silicon.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Silicon.com" default_off='failed ruleset test'>
+<ruleset name="Silicon.com" default_off="failed ruleset test">
 	<target host="silicon.com" />
 	<target host="www.silicon.com" />
 	<rule from="^http://silicon\.com/" to="https://www.silicon.com/"/>
diff --git a/src/chrome/content/rules/Siliconera.com.xml b/src/chrome/content/rules/Siliconera.com.xml
index 038c6c83a2c8..fc7b7da7e07f 100644
--- a/src/chrome/content/rules/Siliconera.com.xml
+++ b/src/chrome/content/rules/Siliconera.com.xml
@@ -6,7 +6,7 @@
 	<target host="storage.siliconera.com" />
 
 	<rule from="^http:" to="https:" />
-	
+
 	<test url="http://www.siliconera.com/wordpress/wp-content/themes/siliconera/imgs/siliconera_logo.gif" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SilkRoad.xml b/src/chrome/content/rules/SilkRoad.xml
index 6f0b6ef33720..fe45530e76a4 100644
--- a/src/chrome/content/rules/SilkRoad.xml
+++ b/src/chrome/content/rules/SilkRoad.xml
@@ -32,7 +32,7 @@ Fetch error: http://dandbcareers.silkroad.com/ => https://dandbcareers.silkroad.
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="SilkRoad.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SilkRoad.com (partial)" default_off="failed ruleset test">
 
 	<target host="silkroad.com"/>
 	<target host="*.silkroad.com"/>
diff --git a/src/chrome/content/rules/Silkn.com.xml b/src/chrome/content/rules/Silkn.com.xml
index 3a64f888e4bf..201815bd30c4 100644
--- a/src/chrome/content/rules/Silkn.com.xml
+++ b/src/chrome/content/rules/Silkn.com.xml
@@ -28,12 +28,13 @@ Fetch error: http://www.buyfacefx.com/ => https://www.buyfacefx.com/: (6, 'Could
 		- shop.silkn.com
 
 -->
-<ruleset name="Silkn.com" default_off='failed ruleset test'>
+<ruleset name="Silkn.com" default_off="failed ruleset test">
 
 	<target host="buyfacefx.com" />
 	<target host="www.buyfacefx.com" />
 	<target host="silkn.com" />
-	<target host="*.silkn.com" />
+	<target host="shop.silkn.com" />
+	<target host="www.silkn.com" />
 		<exclusion pattern="^http://(?:www\.)?silkn\.com/(?!images/|include/|RadControls/|scripts/|upload/|WebResource\.axd)" />
 
 
@@ -43,7 +44,6 @@ Fetch error: http://www.buyfacefx.com/ => https://www.buyfacefx.com/: (6, 'Could
 	<rule from="^http://(?:www\.)?buyfacefx\.com/"
 		to="https://www.buyfacefx.com/" />
 
-	<rule from="^http://(shop\.|www\.)?silkn\.com/"
-		to="https://$1silkn.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Silkroad_WS.xml b/src/chrome/content/rules/Silkroad_WS.xml
deleted file mode 100644
index 9a0714855bd0..000000000000
--- a/src/chrome/content/rules/Silkroad_WS.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Some pages redirect to $
-
--->
-<ruleset name="Silkroad WS (partial)">
-
-	<target host="silkroad.ws" />
-	<target host="forum.silkroad.ws" />
-	<target host="www.silkroad.ws" />
-		<exclusion pattern="^http://(?:www\.)?silkroad\.ws/(?!addons/|cron\.php|img/)" />
-
-
-	<securecookie host="^forum\.silkroad\.ws$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Silkspan.com.xml b/src/chrome/content/rules/Silkspan.com.xml
index 89f4b3072579..c9d42eacba13 100644
--- a/src/chrome/content/rules/Silkspan.com.xml
+++ b/src/chrome/content/rules/Silkspan.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://silkspan.com/ => https://www.silkspan.com/: (60, 'SSL certif
 Fetch error: http://www.silkspan.com/ => https://www.silkspan.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Silkspan.com" default_off='failed ruleset test'>
+<ruleset name="Silkspan.com" default_off="failed ruleset test">
   <target host="silkspan.com" />
   <target host="www.silkspan.com" />
 
diff --git a/src/chrome/content/rules/Silktide.xml b/src/chrome/content/rules/Silktide.xml
index 020350b68067..7974a373e3d9 100644
--- a/src/chrome/content/rules/Silktide.xml
+++ b/src/chrome/content/rules/Silktide.xml
@@ -27,7 +27,7 @@ Fetch error: http://status.silktide.com/ => https://status.silktide.com/: (35, '
 	ᵂ WP Engine/redirects to http
 
 -->
-<ruleset name="Silktide.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Silktide.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Silobreaker.xml b/src/chrome/content/rules/Silobreaker.xml
index eb232ec6b6d9..0e3f7ead558e 100644
--- a/src/chrome/content/rules/Silobreaker.xml
+++ b/src/chrome/content/rules/Silobreaker.xml
@@ -20,16 +20,18 @@
 
 	<target host="thumbs.sbstatic.com" />
 	<target host="cache.thumbs.sbstatic.com" />
-	<target host="*.silobreaker.com" />
+	<target host="api.silobreaker.com" />
+	<target host="my.silobreaker.com" />
+	<target host="thumbs.silobreaker.com" />
+	<target host="cache.thumbs.silobreaker.com" />
 
 
 	<securecookie host="^my\.silobreaker\.com$" name=".+" />
 
 
-	<rule from="^http://(api|my)\.silobreaker\.com/"
-		to="https://$1.silobreaker.com/" />
 
 	<rule from="^http://(?:cache\.)?thumbs\.s(?:bstatic|ilobreaker)\.com/"
 		to="https://thumbs.silobreaker.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Silva_Wood_Flooring.xml b/src/chrome/content/rules/Silva_Wood_Flooring.xml
index 8e5e587ca52a..0d7d263941f5 100644
--- a/src/chrome/content/rules/Silva_Wood_Flooring.xml
+++ b/src/chrome/content/rules/Silva_Wood_Flooring.xml
@@ -5,7 +5,7 @@ Fetch error: http://silvawoodflooring.co.uk/ => https://silvawoodflooring.co.uk/
 Fetch error: http://www.silvawoodflooring.co.uk/ => https://www.silvawoodflooring.co.uk/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Silva Wood Flooring" default_off='failed ruleset test'>
+<ruleset name="Silva Wood Flooring" default_off="failed ruleset test">
 
 	<target host="silvawoodflooring.co.uk" />
 	<target host="www.silvawoodflooring.co.uk" />
@@ -16,4 +16,4 @@ Fetch error: http://www.silvawoodflooring.co.uk/ => https://www.silvawoodfloorin
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Silver-Oven.xml b/src/chrome/content/rules/Silver-Oven.xml
index 6da70592de9b..9999f5ebe044 100644
--- a/src/chrome/content/rules/Silver-Oven.xml
+++ b/src/chrome/content/rules/Silver-Oven.xml
@@ -3,7 +3,7 @@
 	<target host="investorflow.com"/>
 	<target host="www.investorflow.com"/>
 
-	<securecookie host="^(?:.*\.)?investorflow.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/SilverRush_Style.xml b/src/chrome/content/rules/SilverRush_Style.xml
index 566393f497ac..faeb986e492a 100644
--- a/src/chrome/content/rules/SilverRush_Style.xml
+++ b/src/chrome/content/rules/SilverRush_Style.xml
@@ -16,7 +16,7 @@
 		- .silverrushstyle.com
 
 -->
-<ruleset name="SilverRush Style.com" default_off="missing certificate chain">
+<ruleset name="SilverRush Style.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Silverflint.xml b/src/chrome/content/rules/Silverflint.xml
index 36e238ca3d47..16e6495e7eef 100644
--- a/src/chrome/content/rules/Silverflint.xml
+++ b/src/chrome/content/rules/Silverflint.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?silverflint\.com/(css/|favicon\.ico|js/|xajax/)"
 		to="https://www.silverflint.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Silverpop.xml b/src/chrome/content/rules/Silverpop.xml
index 1c713c8a11ed..4328c21de420 100644
--- a/src/chrome/content/rules/Silverpop.xml
+++ b/src/chrome/content/rules/Silverpop.xml
@@ -10,7 +10,6 @@ Fetch error: http://www1.vtrenz.net/ => https://www1.vtrenz.net/: (6, 'Could not
 
 	Other Silverpop rulesets:
 
-		- CoreMotives.com.xml
 		- mkt51.net.xml
 		- Pages05.net.xml
 
@@ -78,7 +77,7 @@ Fetch error: http://www1.vtrenz.net/ => https://www1.vtrenz.net/: (6, 'Could not
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Silverpop (partial)" default_off='failed ruleset test'>
+<ruleset name="Silverpop (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Silvertunnel.org.xml b/src/chrome/content/rules/Silvertunnel.org.xml
index a6ac1577f18b..37388c01c45b 100644
--- a/src/chrome/content/rules/Silvertunnel.org.xml
+++ b/src/chrome/content/rules/Silvertunnel.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.silvertunnel.org/ => https://silvertunnel.org/: (35, 'Un
 	www.silvertunnel.org: Refused
 
 -->
-<ruleset name="silvertunnel.org" default_off='failed ruleset test'>
+<ruleset name="silvertunnel.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sim-technik.de.xml b/src/chrome/content/rules/Sim-technik.de.xml
index 63bc8dbfaf6b..ab769dc24dd7 100644
--- a/src/chrome/content/rules/Sim-technik.de.xml
+++ b/src/chrome/content/rules/Sim-technik.de.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SimFlight-problematic.xml b/src/chrome/content/rules/SimFlight-problematic.xml
index 604d02f9cdd9..09e5edd556d4 100644
--- a/src/chrome/content/rules/SimFlight-problematic.xml
+++ b/src/chrome/content/rules/SimFlight-problematic.xml
@@ -24,39 +24,39 @@
 	<!-- *simflight.cn -->
 	<target host="simflight.cn" />
 	<target host="www.simflight.cn" />
-	
+
 	<!-- *simflight.com -->
 	<target host="simflight.com" />
 	<target host="www.simflight.com" />
-	
+
 	<!-- *simrussia.com -->
 	<target host="simrussia.com"/>
 	<target host="www.simrussia.com"/>
-	
+
 	<!-- *simflight.de -->
 	<target host="simflight.de" />
 	<target host="www.simflight.de" />
-	
+
 	<!-- *simflight.es -->
 	<target host="simflight.es" />
 	<target host="www.simflight.es" />
-	
+
 	<!-- *simflight.fr -->
 	<target host="simflight.fr" />
 	<target host="www.simflight.fr" />
-	
+
 	<!-- *simflight.it -->
 	<target host="simflight.it" />
 	<target host="www.simflight.it" />
-	
+
 	<!-- *simflight.jp -->
 	<target host="simflight.jp" />
 	<target host="www.simflight.jp" />
-	
+
 	<!-- *simflight.nl -->
 	<target host="simflight.nl" />
 	<target host="www.simflight.nl" />
 
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SimFlight.xml b/src/chrome/content/rules/SimFlight.xml
index ebba4fa42c67..c9a372ed08dc 100644
--- a/src/chrome/content/rules/SimFlight.xml
+++ b/src/chrome/content/rules/SimFlight.xml
@@ -1,9 +1,10 @@
 <ruleset name="simFlight (partial)">
 
 	<target host="simmarket.com"/>
-	<target host="*.simmarket.com"/>
+	<target host="secure.simmarket.com" />
+	<target host="www.simmarket.com" />
 
-	<securecookie host="^(?:.*\.)?simmarket\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:secure\.|www\.)?simmarket\.com/"
 		to="https://secure.simmarket.com/"/>
diff --git a/src/chrome/content/rules/Simblee.com.xml b/src/chrome/content/rules/Simblee.com.xml
deleted file mode 100644
index e994fc3673d1..000000000000
--- a/src/chrome/content/rules/Simblee.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	^simblee.com: Mismatched, self-signed
-
-
-	Mixed content:
-
-		- css from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Simblee.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.simblee.com" />
-
-	<!--	Complications:
-				-->
-	<target host="simblee.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://simblee\.com/"
-		to="https://www.simblee.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Simg.jp.xml b/src/chrome/content/rules/Simg.jp.xml
deleted file mode 100644
index 3dd8f2a26f12..000000000000
--- a/src/chrome/content/rules/Simg.jp.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!-- 
-	For more NicoVideo related rulesets, see Nicovideo.jp.xml
-
-	Non-functional hosts:
-		Certificate mismatch:
-			- vs01.nwfb.simg.jp
--->
-<ruleset name="Simg.jp">
-	<target host="nl.simg.jp" />
-
-	<rule from="^http:" 
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/SimilarGroup.com.xml b/src/chrome/content/rules/SimilarGroup.com.xml
index dfad0ff9eade..606744272218 100644
--- a/src/chrome/content/rules/SimilarGroup.com.xml
+++ b/src/chrome/content/rules/SimilarGroup.com.xml
@@ -9,7 +9,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="SimilarGroup.com (partial)" default_off="missing certificate chain">
+<ruleset name="SimilarGroup.com (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Simlar.org.xml b/src/chrome/content/rules/Simlar.org.xml
index 507f3c1ebfe0..2e5976a82808 100644
--- a/src/chrome/content/rules/Simlar.org.xml
+++ b/src/chrome/content/rules/Simlar.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://simlar.org/ => https://simlar.org/: (51, "SSL: no alternativ
 	² Self-signed
 
 -->
-<ruleset name="Simlar.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Simlar.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Simosnap.com.xml b/src/chrome/content/rules/Simosnap.com.xml
index bd007d4fe253..04458367e41a 100644
--- a/src/chrome/content/rules/Simosnap.com.xml
+++ b/src/chrome/content/rules/Simosnap.com.xml
@@ -18,7 +18,9 @@
 -->
 <ruleset name="Simosnap.com (partial)">
 
-	<target host="*.simosnap.com" />
+	<target host="community.simosnap.com" />
+	<target host="www.community.simosnap.com" />
+	<target host="developers.simosnap.com" />
 		<!--
 			.+ doesn't redirect
 						-->
diff --git a/src/chrome/content/rules/SimpleReach.com.xml b/src/chrome/content/rules/SimpleReach.com.xml
index 80bfa5c251a6..da2c0b6311f7 100644
--- a/src/chrome/content/rules/SimpleReach.com.xml
+++ b/src/chrome/content/rules/SimpleReach.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="SimpleReach.com">
 
 	<target host="simplereach.com" />
-	<target host="*.simplereach.com" />
+	<target host="www.simplereach.com" />
+	<target host="cc.simplereach.com" />
 
 
 	<securecookie host="^(?:www)?\.simplereach\.com$" name=".+" />
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?simplereach\.com/"
 		to="https://www.simplereach.com/" />
 
-	<rule from="^http://cc\.simplereach\.com/"
-		to="https://cc.simplereach.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Simple_Pickup.xml b/src/chrome/content/rules/Simple_Pickup.xml
index 4115c815bb6d..6decbba483d6 100644
--- a/src/chrome/content/rules/Simple_Pickup.xml
+++ b/src/chrome/content/rules/Simple_Pickup.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simplebooklet.com.xml b/src/chrome/content/rules/Simplebooklet.com.xml
index 52785ff2979e..d117a93c4d32 100644
--- a/src/chrome/content/rules/Simplebooklet.com.xml
+++ b/src/chrome/content/rules/Simplebooklet.com.xml
@@ -22,4 +22,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simpli.fi.xml b/src/chrome/content/rules/Simpli.fi.xml
index b45b19c0b9e8..6777efcfdcfc 100644
--- a/src/chrome/content/rules/Simpli.fi.xml
+++ b/src/chrome/content/rules/Simpli.fi.xml
@@ -1,20 +1,82 @@
 <!--
-	Nonfunctional subdomains:
+	Cert expired:
+		- ciscoasa.simpli.fi
 
-		- (www.)	(refused)
+	Chain issues:
+		- app-dev.simpli.fi
+		- s6.simpli.fi
+		- wwwdev.simpli.fi
 
+	Connection refused:
+		- dcfs.simpli.fi
+		- ftp.simpli.fi
+		- smtp.simpli.fi
+	TLS error:
+		- calendar.simpli.fi
+		- groups.simpli.fi
+		- mail.simpli.fi
+		- sites.simpli.fi
+
+	Cert mismatch:
+		- eur.ads.simpli.fi
+		- east.ads.simpli.fi
+		- west.ads.simpli.fi
+		- east.bids.simpli.fi
+		- west.bids.simpli.fi
+		- fwgw.simpli.fi
+		- tc2.gs.simpli.fi
+		- east.i.simpli.fi
+		- china.i.simpli.fi
+		- eur.i.simpli.fi
+		- west.i.simpli.fi
+		- origin.simpli.fi
+
+	Timeout:
+		- dalit1.simpli.fi
+		- dashboard.simpli.fi
+		- mon.simpli.fi
 -->
 <ruleset name="Simpli.fi (partial)">
 
+	<target host="simpli.fi" />
+	<target host="www.simpli.fi" />
+
+	<target host="ads.simpli.fi" />
+	<target host="adspreview.simpli.fi" />
+	<target host="alderaan.simpli.fi" />
 	<target host="app.simpli.fi" />
+	<target host="app2.simpli.fi" />
+	<target host="asiaads.simpli.fi" />
+	<target host="bespin.simpli.fi" />
+	<target host="beta.simpli.fi" />
+	<target host="bullseye.simpli.fi" />
+	<target host="cdn.simpli.fi" />
+	<target host="cdnpixel.simpli.fi" />
+	<target host="centralads.simpli.fi" />
+	<target host="corellia.simpli.fi" />
+	<target host="coruscant.simpli.fi" />
+	<target host="cwe.simpli.fi" />
+	<target host="cww.simpli.fi" />
+	<target host="dagobah.simpli.fi" />
+	<target host="dccgen1.simpli.fi" />
+	<target host="dckawa.simpli.fi" />
+	<target host="dcuidev1.simpli.fi" />
+	<target host="eastevents.simpli.fi" />
+	<target host="endor.simpli.fi" />
+	<target host="eurads.simpli.fi" />
+	<target host="events.simpli.fi" />
+	<target host="gs.simpli.fi" />
+	<target host="hoth.simpli.fi" />
+	<target host="hub.simpli.fi" />
 	<target host="i.simpli.fi" />
+	<target host="kamino.simpli.fi" />
+	<target host="kawa.simpli.fi" />
+	<target host="kessel.simpli.fi" />
+	<target host="optout.simpli.fi" />
+	<target host="pme.simpli.fi" />
+	<target host="tag.simpli.fi" />
 
-
-	<!--	Tracking cookies set by i:
-						-->
-	<securecookie host="^\.simpli\.fi$" name="^uid(?:_syncd)?$" />
-	<securecookie host="^app\.simpli\.fi$" name=".+" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Simply-Hired.xml b/src/chrome/content/rules/Simply-Hired.xml
index 57ec6a5a1f4a..d6c2962b84ff 100644
--- a/src/chrome/content/rules/Simply-Hired.xml
+++ b/src/chrome/content/rules/Simply-Hired.xml
@@ -69,7 +69,7 @@ Fetch error: http://blog.simplyhired.com/ => https://www.simplyhired.com/blog: (
 	* Secured by us
 
 -->
-<ruleset name="Simply Hired.com" default_off='failed ruleset test'>
+<ruleset name="Simply Hired.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Simply-Partner.com.xml b/src/chrome/content/rules/Simply-Partner.com.xml
index 652a658cab66..f22462c5e09b 100644
--- a/src/chrome/content/rules/Simply-Partner.com.xml
+++ b/src/chrome/content/rules/Simply-Partner.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.simply-partner.com/ => https://www.simply-partner.com/:
 		- simply-partner.com
 
 -->
-<ruleset name="Simply-Partner.com" default_off='failed ruleset test'>
+<ruleset name="Simply-Partner.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Simply_Business.xml b/src/chrome/content/rules/Simply_Business.xml
index 717e5451f412..ea7fd1fc5a3b 100644
--- a/src/chrome/content/rules/Simply_Business.xml
+++ b/src/chrome/content/rules/Simply_Business.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Simply_Technology.net.xml b/src/chrome/content/rules/Simply_Technology.net.xml
deleted file mode 100644
index 40c69f5735c9..000000000000
--- a/src/chrome/content/rules/Simply_Technology.net.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Simply Technology.net">
-	<target host="simplytechnology.net" />
-	<target host="www.simplytechnology.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Simson.net.xml b/src/chrome/content/rules/Simson.net.xml
new file mode 100644
index 000000000000..7a1cf46bed39
--- /dev/null
+++ b/src/chrome/content/rules/Simson.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="Simson.net">
+	<target host="simson.net" />
+	<target host="www.simson.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Simyo.xml b/src/chrome/content/rules/Simyo.xml
index a796eb5cce8b..f334adb676f9 100644
--- a/src/chrome/content/rules/Simyo.xml
+++ b/src/chrome/content/rules/Simyo.xml
@@ -28,7 +28,13 @@
 <ruleset name="Simyo (partial)">
 
 	<target host="simyo.de" />
-	<target host="*.simyo.de" />
+	<target host="www.simyo.de" />
+	<target host="a.simyo.de" />
+	<target host="b.simyo.de" />
+	<target host="cdn.simyo.de" />
+	<target host="handyshop.simyo.de" />
+	<target host="m.simyo.de" />
+	<target host="sync.simyo.de" />
 
 
 	<securecookie host="^.*\.simyo\.de$" name=".+" />
@@ -40,7 +46,6 @@
 	<rule from="^http://a\.simyo\.de/"
 		to="https://simyo-de.122.2o7.net/" />
 
-	<rule from="^http://(b|cdn|handyshop|m|sync)\.simyo\.de/"
-		to="https://$1.simyo.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sina.cn-mixedcontent.xml b/src/chrome/content/rules/Sina.cn-mixedcontent.xml
index e5bacfb458a0..a5765f65e434 100644
--- a/src/chrome/content/rules/Sina.cn-mixedcontent.xml
+++ b/src/chrome/content/rules/Sina.cn-mixedcontent.xml
@@ -1,16 +1,10 @@
 <!--
 	For rules not causing mixed content, see Sina.cn.xml.
 -->
-
 <ruleset name="Sina.cn-mixedcontent" platform="mixedcontent">
-
-	<target host="fashion.sina.cn" />
-	<target host="games.sina.cn" />
+	<target host="global.sina.cn" />
 	<target host="h5.sina.cn" />
-	<target host="k.sina.cn" />
-	<target host="lives.sina.cn" />
-	<target host="photo.sina.cn" />
-	<target host="stocks.sina.cn" />
+	<!--target host="story.sina.cn" /--><!--Timeout by Tor-->
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sina.cn.xml b/src/chrome/content/rules/Sina.cn.xml
index 7985ae31117d..5e7b068e0ab3 100644
--- a/src/chrome/content/rules/Sina.cn.xml
+++ b/src/chrome/content/rules/Sina.cn.xml
@@ -1,60 +1,61 @@
 <!--
 	For other Sina coverage, see Sina.com.cn.xml.
 
-	Invalid certificate:
-		i.apps.sina.cn
-		bbs.auto.sina.cn
-		data.auto.sina.cn
-		blog.sina.cn
-		book.sina.cn
-		h5.games.sina.cn
-		palmnews.sina.cn
-		story.sina.cn
-		ent.v.sina.cn
-
-	MCB:
-		544.sina.cn
-		fashion.sina.cn
-		games.sina.cn
-		gd.sina.cn
-		global.sina.cn
-		h5.sina.cn
-		henan.sina.cn
-		jmqmil.sina.cn
-		k.sina.cn
-		lives.sina.cn
-		ln.sina.cn
-		mil.sina.cn
-		nba.sina.cn
-		photo.sina.cn
-		stocks.sina.cn
-		video.sina.cn
+	MCB: Sina.cn-mixedcontent.xml
 
-	Redirect to http:
-		ast.sina.cn
-		cul.sina.cn
-		eladies.sina.cn
-		ent.sina.cn
-		mil.sina.cn	( /zgjq and so on. )
-		news.sina.cn
-		sky.sina.cn
+	Invalid certificate:
+		https://data.auto.sina.cn
+		https://h5.games.sina.cn
+		https://ent.v.sina.cn
 -->
-
 <ruleset name="Sina.cn">
 	<target host="sina.cn" />
 	<target host="www.sina.cn" />
+	<target host="i.apps.sina.cn" />
+		<test url="http://i.apps.sina.cn/tqt/zip/TianQiTong_3.76_free.apk" />
+	<target host="ast.sina.cn" />
+	<target host="auto.sina.cn" />
+	<target host="bbs.auto.sina.cn" />
+	<target host="db.auto.sina.cn" />
+	<target host="s.auto.sina.cn" />
+	<target host="blog.sina.cn" />
+	<target host="book.sina.cn" />
 	<target host="cre.dp.sina.cn" />
 		<test url="http://cre.dp.sina.cn/api/v3/get" />
+	<target host="cul.sina.cn" />
+	<target host="r.dmp.sina.cn" />
+		<test url="http://r.dmp.sina.cn/cm/sinaads_ck_wap.js" />
+	<target host="eladies.sina.cn" />
+	<target host="ent.sina.cn" />
+	<target host="fashion.sina.cn" />
+	<target host="games.sina.cn" />
 	<target host="interface.sina.cn" />
 		<test url="http://interface.sina.cn/wap_api/wap_rollback_blacklist.d.json" />
+	<target host="jmqmil.sina.cn" />
+	<target host="k.sina.cn" />
+		<test url="http://k.sina.cn/article_6086156539_m16ac360fb03300kj8s.html" />
+	<target host="lives.sina.cn" />
 	<target host="mail.sina.cn" />
 		<test url="http://mail.sina.cn/?vt=3" />
+	<target host="mil.sina.cn" />
+	<target host="nba.sina.cn" />
+	<target host="news.sina.cn" />
 	<target host="passport.sina.cn" />
 		<test url="http://passport.sina.cn/signin/signin" />
-	<target host="r.dmp.sina.cn" />
-		<test url="http://r.dmp.sina.cn/cm/sinaads_ck_wap.js" />
+	<target host="photo.sina.cn" />
+	<target host="quotes.sina.cn" />
+	<target host="sky.sina.cn" />
 	<target host="so.sina.cn" />
 		<test url="http://so.sina.cn/push.d.json" />
+	<target host="stocks.sina.cn" />
+	<target host="video.sina.cn" />
 
+	<!--	Provinces and Cities:	-->
+	<target host="gd.sina.cn" />
+		<target host="shenzhen.sina.cn" />
+	<target host="henan.sina.cn" />
+	<target host="jiangsu.sina.cn" />
+	<target host="ln.sina.cn" />
+	
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sina.com.cn-mixedcontent.xml b/src/chrome/content/rules/Sina.com.cn-mixedcontent.xml
new file mode 100644
index 000000000000..2ec9824b708d
--- /dev/null
+++ b/src/chrome/content/rules/Sina.com.cn-mixedcontent.xml
@@ -0,0 +1,37 @@
+<!--
+	Related rulesets:
+		- Sina.com.cn.xml
+-->
+<ruleset name="Sina.com.cn-mixedcontent" platform="mixedcontent">
+	<target host="dealer.auto.sina.com.cn" />
+	<target host="book.sina.com.cn" />
+	<target host="city.sina.com.cn" />
+	<target host="i.finance.sina.com.cn" />
+	<target host="live.finance.sina.com.cn" />
+	<target host="fund.sina.com.cn" />
+		<!--test url="http://fund.sina.com.cn/competition/2016/" /--><!--404: https://travis-ci.org/EFForg/https-everywhere/jobs/431922520#L685-->
+	<target host="green.sina.com.cn" />
+	<target host="guba.sina.com.cn" />
+	<target host="health.sina.com.cn" />
+	<target host="help.sina.com.cn" />
+	<target host="history.sina.com.cn" />
+		<test url="http://history.sina.com.cn/photo/" />
+	<target host="my.sina.com.cn" />
+	<target host="news.sina.com.cn" />
+		<test url="http://news.sina.com.cn/gov/zt/xjpbdj/" />
+		<test url="http://news.sina.com.cn/c/nd/2015-10-19/doc-ifxivsch3685302.shtml" />
+	<target host="mil.news.sina.com.cn" />
+	<target host="roll.news.sina.com.cn" />
+	<target host="sky.news.sina.com.cn" />
+	<target host="photo.sina.com.cn" />
+	<target host="publish.sina.com.cn" />
+		<test url="http://publish.sina.com.cn/ent/starshoot4/" />
+	<!--target host="sea.sina.com.cn" /--><!--CI test time out: https://travis-ci.org/EFForg/https-everywhere/jobs/431858541#L688 -->
+	<target host="match.sports.sina.com.cn" />
+	<target host="sh.sina.com.cn" />
+	<target host="sx.sina.com.cn" />
+	<target host="weather.sina.com.cn" />
+	<target host="zhuanlan.sina.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sina.com.cn.xml b/src/chrome/content/rules/Sina.com.cn.xml
index 2b79da1dcb5e..92181efeb9aa 100644
--- a/src/chrome/content/rules/Sina.com.cn.xml
+++ b/src/chrome/content/rules/Sina.com.cn.xml
@@ -1,9 +1,8 @@
-
 <!--
 	Other Sina rulesets:
+		- Sina.com.cn-mixedcontent.xml
 		- Sina.cn.xml
 		- Sina.cn-mixedcontent.xml
-		- Sina.com.xml
 		- SinaApp.com.xml
 		- SinaCloud.com.xml
 		- Sinaimg.cn.xml
@@ -11,7 +10,6 @@
 		- Sinastorage.com.xml
 		- Weibo.cn.xml
 		- Weibo.com.xml
-		- Weibo.com-mixedcontent.xml
 		- WeiboPay.com.xml
 
 	Break sina flash videos:
@@ -20,93 +18,65 @@
 		comment5.news.sina.com.cn
 		s.video.sina.com.cn
 
-	Different http/https content:
-		csl.sina.com.cn
-		golf.sina.com.cn
-		lottery.sina.com.cn
-		m.sina.com.cn
-		mobile.sina.com.cn
-		news.sina.com.cn
-
 	MCB:
-		www.sina.com.cn
-		app.sina.com.cn
-		astro.sina.com.cn
-		auto.sina.com.cn
 		dealer.auto.sina.com.cn
-		baby.sina.com.cn
 		book.sina.com.cn
 		city.sina.com.cn
-		collection.sina.com
-		emarketing.sina.com.cn
-		ent.sina.com.cn
-		fashion.sina.com.cn
-		fo.sina.com.cn
-		fund.sina.com.cn	( https://fund.sina.com.cn/competition/2016/ )
-		games.sina.com.cn
-		gongyi.sina.com.cn
+		csl.sina.com.cn			( https://csl.sina.com.cn/2010award/ )
+		fund.sina.com.cn		( https://fund.sina.com.cn/competition/2016/ )
 		green.sina.com.cn
 		guba.sina.com.cn
 		health.sina.com.cn
 		help.sina.com.cn/$
-		history.sina.com.cn	( https://history.sina.com.cn/photo/ )
-		finance.sina.com.cn
+		history.sina.com.cn		( https://history.sina.com.cn/photo/ )
 		i.finance.sina.com.cn
 		ka.sina.com.cn
 		licaishi.sina.com.cn	( https://licaishi.sina.com.cn/web/match?act=1 )
-		live.sina.com.cn
+		s3.licaishi.sina.com.cn	( https://s3.licaishi.sina.com.cn/180817/2238208671.png )
 		my.sina.com.cn
+		news.sina.com.cn
 		mil.news.sina.com.cn
 		roll.news.sina.com.cn
 		sky.news.sina.com.cn
 		slide.news.sina.com.cn
 		photo.sina.com.cn
-		publish.sina.com.cn	( http://publish.sina.com.cn/ent/starshoot4/ )
+		publish.sina.com.cn		( https://publish.sina.com.cn/ent/starshoot4/ )
 		sea.sina.com.cn
-		sports.sina.com.cn
 		match.sports.sina.com.cn
 		sh.sina.com.cn
 		sx.sina.com.cn
-		tech.sina.com.cn
-		travel.sina.com.cn
-		video.sina.com.cn
 		weather.sina.com.cn
-		woocall.sina.com.cn
 		zhuanlan.sina.com.cn
 
 		mail.sina.net
 
 	Invalid certificate:
 		ad4.sina.com.cn
-		d[0-9].sina.com.cn
-		down.apps.sina.com.cn	( https://down.apps.sina.cn/sinasrc/20/72/0e94867fafb79582d7af86f9bcf87220.apk )
+		down.apps.sina.com.cn		( https://down.apps.sina.cn/sinasrc/20/72/0e94867fafb79582d7af86f9bcf87220.apk )
 		s.auto.sina.com.cn
 		comet.blog.sina.com.cn
 		campus.sina.com.cn
-		d00.sina.com.cn
-		int.dpool.sina.com.cn	( https://int.dpool.sina.com.cn/iplookup/iplookup.php?format=js )
+		int.dpool.sina.com.cn		( https://int.dpool.sina.com.cn/iplookup/iplookup.php?format=js )
 		edu.sina.com.cn
 		eladies.sina.com.cn
 		esf.sina.com.cn
-		swf.games.sina.com.cn
 		slide.gongyi.sina.com.cn
 		slide.history.sina.com.cn
+		house.sina.com.cn
 		weblog.house.sina.com.cn	( https://weblog.house.sina.com.cn/dcs8axv0g10000oe7asc741a1_9n3x/wtid.js )
 		src.house.sina.com.cn
-		iask.sina.com.cn
-		s3.licaishi.sina.com.cn
+		jiaju.sina.com.cn
 		s.img.mix.sina.com.cn
 		storage.slide.news.sina.com.cn
-		help.pay.sina.com.cn
 		rm.sina.com.cn
 		blog.sae.sina.com.cn
 		e.sae.sina.com.cn
-		static.sae.sina.com.cn	( https://static.sae.sina.com.cn/image/poweredby/poweredby.png )
+		static.sae.sina.com.cn		( https://static.sae.sina.com.cn/image/poweredby/poweredby.png )
 		saet.sina.com.cn
 		show.sina.com.cn
 		t.sina.com.cn
 		video.vic.sina.com.cn
-		p.you.video.sina.com.cn	( Only avaiable in China. It's https will break sina videos to play even in China. )
+		p.you.video.sina.com.cn		( Only avaiable in China. It's https will break sina videos to play even in China. )
 		rcd.video.sina.com.cn
 		zhongyi.sina.com.cn
 		home.zhuanlan.com.cn
@@ -114,27 +84,38 @@
 		s2.sae.sinacdn.com
 		www.sae.sinacdn.com
 
-	Redirect to http:
-		^
+	Too many redirectors: 		https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628
+		2008mail.sina.com.cn
+		mail2008.sina.com.cn	https://travis-ci.org/EFForg/https-everywhere/jobs/432043482#L684
+
+	Handshake failed:
+		d[0-9].sina.com.cn
+
+	Timed out:
 		blog.sina.com.cn
-		house.sina.com.cn
-		jiaju.sina.com.cn
-		video.sina.com.cn
-		uc.sina.com.cn
 
 		ads.sina.com.hk
 -->
-
 <ruleset name="Sina.com.cn">
-
-	<!--	Direct rewrites:	-->
-	<target host="2008mail.sina.com.cn" />
+	<target host="sina.com.cn" />
+	<target host="www.sina.com.cn" />
 	<target host="api.sina.com.cn" />
+	<target host="app.sina.com.cn" />
+	<target host="astro.sina.com.cn" />
+	<target host="auto.sina.com.cn" />
+	<target host="baby.sina.com.cn" />
 	<target host="bbs.sina.com.cn" />
 	<target host="beacon.sina.com.cn" />
-	<exclusion pattern="^http://beacon\.sina\.com\.cn/$" /><!-- 404 -->
+	<!-- https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628 -->
+		<exclusion pattern="^http://beacon\.sina\.com\.cn/$" />
 		<test url="http://beacon.sina.com.cn/a.gif" />
+	<target host="client.sina.com.cn" />
+		<test url="http://client.sina.com.cn/2015emarketing/" />
+	<target host="collection.sina.com.cn" />
 	<target host="corp.sina.com.cn" />
+	<target host="cs.sina.com.cn" />
+		<test url="http://cs.sina.com.cn/minisite/2007gongyi/images/cn_zty_g.jpg" />
+	<target host="d00.sina.com.cn" />
 	<!--target host="d0.sina.com.cn" />
 	<target host="d1.sina.com.cn" />
 	<target host="d2.sina.com.cn" />
@@ -146,18 +127,33 @@
 	<target host="d8.sina.com.cn" />
 	<target host="d9.sina.com.cn" />
 		<test url="http://d9.sina.com.cn/litong/zhitou/sinaads/release/sinaads.js" /-->
+	<target host="emarketing.sina.com.cn" />
+	<target host="ent.sina.com.cn" />
+	<target host="fashion.sina.com.cn" />
+	<target host="finance.sina.com.cn" />
+	<target host="fo.sina.com.cn" />
+	<target host="golf.sina.com.cn" />
+	<target host="games.sina.com.cn" />
+	<target host="swf.games.sina.com.cn" />
+	<target host="gongyi.sina.com.cn" />
 	<target host="image2.sina.com.cn" />
 		<test url="http://image2.sina.com.cn/home/images/tz-002.gif" />
+	<target host="iask.sina.com.cn" />
 	<target host="p.ivideo.sina.com.cn" />
 	<target host="p1.ivideo.sina.com.cn" />
 	<target host="p2.ivideo.sina.com.cn" />
 	<target host="p3.ivideo.sina.com.cn" />
 	<target host="p4.ivideo.sina.com.cn" />
+	<target host="live.sina.com.cn" />
+	<target host="login.sina.com.cn" />
+		<test url="http://login.sina.com.cn/crossdomain2.php?action=login" />
+	<target host="lottery.sina.com.cn" />
+	<target host="m.sina.com.cn" />
 	<target host="mail.sina.com.cn" />
-	<target host="mail2008.sina.com.cn" />
 	<target host="members.sina.com.cn" />
+	<target host="mobile.sina.com.cn" />
 	<target host="pay.sina.com.cn" />
-	<!-- target host="help.pay.sina.com.cn" / -->
+	<target host="help.pay.sina.com.cn" />
 	<target host="merchant.pay.sina.com.cn" />
 	<target host="pfp.sina.com.cn" />
 		<test url="http://pfp.sina.com.cn/sinanews.html" />
@@ -165,171 +161,29 @@
 	<target host="sae.sina.com.cn" />
 	<target host="sax.sina.com.cn" />
 		<test url="http://sax.sina.com.cn/view" />
+	<target host="saxs.sina.com.cn" />
+		<test url="http://saxs.sina.com.cn/view" />
 	<target host="sbeacon.sina.com.cn" />
+	<!-- https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628 -->
+		<exclusion pattern="^http://sbeacon\.sina\.com\.cn/$" />
 		<test url="http://sbeacon.sina.com.cn/a.gif" />
+	<target host="sports.sina.com.cn" />
 	<target host="i.sso.sina.com.cn" />
 		<test url="http://i.sso.sina.com.cn/images/login/thumb_default.png" />
 		<test url="http://i.sso.sina.com.cn/js/ssologin.js" />
 	<target host="api.t.sina.com.cn" />
 		<test url="http://api.t.sina.com.cn/short_url/shorten.xml" />
 		<test url="http://api.t.sina.com.cn/statuses/user_timeline.json" />
+	<target host="tech.sina.com.cn" />
+	<target host="travel.sina.com.cn" />
+	<target host="video.sina.com.cn" />
 	<target host="count.video.sina.com.cn" />
 	<target host="so.video.sina.com.cn" />
 		<test url="http://so.video.sina.com.cn/interface/top10" />
-	<target host="open.weather.sina.com.cn" />
 	<target host="vip.sina.com.cn" />
-	<target host="zhongce.sina.com.cn" />
-
-	<!--	Complications:	-->
-	<target host="app.sina.com.cn" />
-		<exclusion pattern="^http://app\.sina\.com\.cn/(?!favorite\.ico|script/)" />
-		<test url="http://app.sina.com.cn/app_index.php" />
-		<test url="http://app.sina.com.cn/favorite.ico" />
-		<test url="http://app.sina.com.cn/appdetail.php?appID=1541551" />
-		<test url="http://app.sina.com.cn/script/feedback.js" />
-		<test url="http://app.sina.com.cn/script/jquery.simplemodal.1.4.1.min.js" />
-		<test url="http://app.sina.com.cn/script/web_common.js" />
-
-	<target host="astro.sina.com.cn" />
-		<exclusion pattern="^http://astro\.sina\.com\.cn/(?!css/|js/)" />
-		<test url="http://astro.sina.com.cn/css/149/2014/0815/style.css" />
-		<test url="http://astro.sina.com.cn/js/149/2014/0916/xdpost.js" />
-		<test url="http://astro.sina.com.cn/test/" />
-		<test url="http://astro.sina.com.cn/vogue/" />
-
-	<target host="auto.sina.com.cn" />
-		<exclusion pattern="^http://auto\.sina\.com\.cn/(?!js/)" />
-		<test url="http://auto.sina.com.cn/js/jq172.js" />
-		<test url="http://auto.sina.com.cn/newcar/index.d.html" />
-		<test url="http://auto.sina.com.cn/review/index.d.html" />
-
-	<target host="finance.sina.com.cn" />
-		<exclusion pattern="^http://finance\.sina\.com\.cn/(?!basejs/|css/|finance/|img/|js/|other/|text/|tougu/|touzi/|xincai/|xuan/)" />
-		<test url="http://finance.sina.com.cn/basejs/suggestServer.js" />
-		<test url="http://finance.sina.com.cn/basejs/tool.js" />
-		<test url="http://finance.sina.com.cn/css/462/2014/0305/bd_fi_hp.css" />
-		<test url="http://finance.sina.com.cn/finance/" />
-		<test url="http://finance.sina.com.cn/finance/touziyi/HotThemeTop6.js" />
-		<test url="http://finance.sina.com.cn/img/updown_icon.png" />
-		<test url="http://finance.sina.com.cn/js/topnav/tgdata.js" />
-		<test url="http://finance.sina.com.cn/other/nylive/nylive_renqi.json" />
-		<test url="http://finance.sina.com.cn/text/1007/2015-07-02/common.min.css" />
-		<test url="http://finance.sina.com.cn/tougu/profitStar/newprofitStar.js" />
-		<test url="http://finance.sina.com.cn/touzi/dkpromote/dkstocks.js" />
-		<test url="http://finance.sina.com.cn/xincai/fund/manager/30061307.jpg" />
-		<test url="http://finance.sina.com.cn/xincai/index/indexCons.js" />
-		<test url="http://finance.sina.com.cn/xincai/index/xi.css" />
-		<test url="http://finance.sina.com.cn/xuan/js/abigail.js" />
-
-		<test url="http://finance.sina.com.cn/focus/pricealert/index.shtml" />
-		<test url="http://finance.sina.com.cn/fund/" />
-		<test url="http://finance.sina.com.cn/iframe/1008/2015-06-25/3.html" />
-		<test url="http://finance.sina.com.cn/licaishi/iframe/lcs_trade_time.html?type=1" />
-		<test url="http://finance.sina.com.cn/money/" />
-		<test url="http://finance.sina.com.cn/money/fund/filter/" />
-		<test url="http://finance.sina.com.cn/money/globalindex/" />
-		<test url="http://finance.sina.com.cn/roll/2016-12-25/doc-ifxyxury8443442.shtml" />
-		<test url="http://finance.sina.com.cn/stock/newstock/" />
-		<test url="http://finance.sina.com.cn/trust/" />
-		<test url="http://finance.sina.com.cn/zl/" />
-		<test url="http://finance.sina.com.cn/zl/china/2016-12-23/zl-ifxyxury8149046.shtml" />
-
-	<target host="games.sina.com.cn" />
-		<exclusion pattern="^http://games\.sina\.com\.cn/(?!blank/)" />
-		<test url="http://games.sina.com.cn/blank/important/2016-01-08/cgwr.js" />
-		<test url="http://games.sina.com.cn/pc/" />
-
-	<target host="gongyi.sina.com.cn" />
-		<exclusion pattern="http://gongyi\.sina\.com\.cn/(?!css/|images/|js/)" />
-		<test url="http://gongyi.sina.com.cn/css/basev4.2.css" />
-		<test url="http://gongyi.sina.com.cn/images/2008-02-5/20/U38P11T20D9F463DT20080225140940.jpg" />
-		<test url="http://gongyi.sina.com.cn/js/jq.js" />
-
-		<test url="http://gongyi.sina.com.cn/greenlife/" />
-		<test url="http://gongyi.sina.com.cn/gyzx/ngo.html" />
-		<test url="http://gongyi.sina.com.cn/gyzx/pl.html" />
-
-	<target host="guba.sina.com.cn" />
-		<exclusion pattern="http://guba\.sina\.com\.cn/(?!app/|css/|images/)" />
-		<test url="http://guba.sina.com.cn/app/www/images/0510_finance_zyc_logo.gif" />
-		<test url="http://guba.sina.com.cn/css/style_v2.css" />
-		<test url="http://guba.sina.com.cn/images/h5.jpg" />
-
-		<test url="http://guba.sina.com.cn/?s=category&amp;cid=3" />
-		<test url="http://guba.sina.com.cn/api/?s=h5user&amp;a=newReplyNum" />
-		<test url="http://guba.sina.com.cn/live/" />
-		<test url="http://guba.sina.com.cn/proxy/iframe/v1.2.html?proxy_guba" />
-
-	<target host="help.sina.com.cn" />
-		<exclusion pattern="http://help\.sina\.com\.cn/$" />
-		<test url="http://help.sina.com.cn/commonquestion/subview/20/" />
-
-	<target host="i.finance.sina.com.cn" />
-		<exclusion pattern="^http://i\.finance\.sina\.com\.cn/(?!portfolio/)" />
-		<test url="http://i.finance.sina.com.cn/portfolio/view/css/mystock_dev.css" />
-		<test url="http://i.finance.sina.com.cn/portfolio/view/js/mystock_a_dev.js" />
-		<test url="http://i.finance.sina.com.cn/zixuan" />
-
-	<target host="ka.sina.com.cn" />
-		<exclusion pattern="^http://ka\.sina\.com\.cn/(?!ka/)" />
-		<test url="http://ka.sina.com.cn/ka/css/index.css" />
-		<test url="http://ka.sina.com.cn/ka/images/star1.png" />
-		<test url="http://ka.sina.com.cn/ka/js/popout.js" />
-		<test url="http://ka.sina.com.cn/index/mmo" />
-		<test url="http://ka.sina.com.cn/store/box" />
-
-	<target host="login.sina.com.cn" />
-		<!-- 'crossdomain2.php' requests an insecure script 'http://i.sso.sina.com.cn/js/ssologin.js' when 'action=login' or 'action=logout' present -->
-		<exclusion pattern="^http://login\.sina\.com\.cn/crossdomain2\.php\?action=(login|logout)" />
-		<test url="http://login.sina.com.cn/crossdomain2.php?action=login" />
-		<test url="http://login.sina.com.cn/crossdomain2.php?action=login&#x26;entry=weibo" />
-		<test url="http://login.sina.com.cn/crossdomain2.php?action=logout&#x26;r=https%3A%2F%2Flogin.sina.com.cn%2Fmember%2Fmy.php%3Fentry%3Dsso" />
-		<test url="http://login.sina.com.cn/crossdomain2.php?action=logout&#x26;r=http%3A%2F%2Fweibo.com%2Flogout.php%3Fbackurl%3D%25252F" />
-		<!-- https://github.com/EFForg/https-everywhere/issues/7292 -->
-		<exclusion pattern="^http://login\.sina\.com\.cn/sso/login\.php" />
-		<test url="http://login.sina.com.cn/sso/login.php?client=ssologin.js(v1.4.18)" />
-
-	<target host="my.sina.com.cn" />
-		<exclusion pattern="http://my\.sina\.com\.cn/(?!css/|images/|js/)" />
-		<test url="http://my.sina.com.cn/css/my/comment.css" />
-		<test url="http://my.sina.com.cn/images/my/icon3.png" />
-		<test url="http://my.sina.com.cn/js/my/main.js" />
-		<test url="http://my.sina.com.cn/#location=fav" />
-		<test url="http://my.sina.com.cn/#location=fo" />
-		<test url="http://my.sina.com.cn/#location=news" />
-
-	<target host="sports.sina.com.cn" />
-		<exclusion pattern="http://sports\.sina\.com\.cn/(?!css/|js/)" />
-		<test url="http://sports.sina.com.cn/css/756/2014/0711/style_sports_v4.css" />
-		<test url="http://sports.sina.com.cn/js/ad/cba_left_hzh_20131107.js" />
-
-		<test url="http://sports.sina.com.cn/cba/2016-12-25/doc-ifxyxusa5353640.shtml" />
-		<test url="http://sports.sina.com.cn/china/" />
-
-	<target host="tech.sina.com.cn" />
-		<exclusion pattern="http://tech\.sina\.com\.cn/(?!css/|js/)" />
-		<test url="http://tech.sina.com.cn/css/717/20140911/index2014/feed.1.1.7.css" />
-		<test url="http://tech.sina.com.cn/js/iframe/100/353/content_top.js" />
-		<test url="http://tech.sina.com.cn/iframe/zw/zt.shtml" />
-		<test url="http://tech.sina.com.cn/i/2016-12-13/doc-ifxypcqa9488844.shtml" />
-		<test url="http://tech.sina.com.cn/it/2017-05-07/doc-ifyeycte8966776.shtml" />
-
-	<!-- target host="video.sina.com.cn" />
-		<exclusion pattern="http://video\.sina\.com\.cn/(?!css/|js/)" />
-		<test url="http://video.sina.com.cn/css/476/2014/1008/index.css" />
-		<test url="http://video.sina.com.cn/js/476/2014/1008/feed.js" />
-
-		<test url="http://video.sina.com.cn/news/spj/topvideoes20161228/#250907503" />
-		<test url="http://video.sina.com.cn/view/250908679.html" / -->
-
+	<target host="open.weather.sina.com.cn" />
 	<target host="woocall.sina.com.cn" />
-		<exclusion pattern="http://woocall\.sina\.com\.cn/(?!lib/|rls/|newstyle\.css)" />
-		<test url="http://woocall.sina.com.cn/lib/Util.Crypt.js" />
-		<test url="http://woocall.sina.com.cn/rls/int/stable.js" />
-		<test url="http://woocall.sina.com.cn/newstyle.css" />
-		<test url="http://woocall.sina.com.cn/shishenme.html" />
-		<test url="http://woocall.sina.com.cn/wangyoufankui.html" />
-		<test url="http://woocall.sina.com.cn/yingyongfangfa.html" />
+	<target host="zhongce.sina.com.cn" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sina.com.xml b/src/chrome/content/rules/Sina.com.xml
deleted file mode 100644
index 3303cbb5a416..000000000000
--- a/src/chrome/content/rules/Sina.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other Sina coverage, see Sina.com.cn.xml.
--->
-<ruleset name="Sina.com">
-	<target host="weichouji.sina.com" />
-	<target host="pubimg-weichouji.sina.com" />
-		<test url="http://pubimg-weichouji.sina.com/img/logo/20160309092458.jpg" />
-	<target host="static-weichouji.sina.com" />
-		<test url="http://static-weichouji.sina.com/webpc/images/newIndex/icon-more.png" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/SinaApp.com.xml b/src/chrome/content/rules/SinaApp.com.xml
index d85388e5c74b..2a61169820ca 100644
--- a/src/chrome/content/rules/SinaApp.com.xml
+++ b/src/chrome/content/rules/SinaApp.com.xml
@@ -9,7 +9,7 @@
 		greengrass.sinaapp.com
 		hiwgy.sinaapp.com
 		weihr.sinaapp.com
-		
+
 	Invalid certificate:
 		greengrass-wordpress.stor.sinaapp.com
 		qdomain-saenew.stor.sinaapp.com
@@ -30,7 +30,7 @@
 		<test url="http://weihr.sinaapp.com/js/jobs/jobs.js" />
 		<test url="http://weihr.sinaapp.com/jobs/about.php" />
 		<test url="http://weihr.sinaapp.com/jobs/help.php" />
-	
+
 	<!-- Directly: -->
 	<target host="sinaapp.com" />
 	<target host="www.sinaapp.com" />
diff --git a/src/chrome/content/rules/SinaCloud.com.xml b/src/chrome/content/rules/SinaCloud.com.xml
index b1e1dd284baa..294d459a6be8 100644
--- a/src/chrome/content/rules/SinaCloud.com.xml
+++ b/src/chrome/content/rules/SinaCloud.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://gongkaike.sinacloud.com/ => https://gongkaike.sinacloud.com/
 		pma.tools.sinacloud.com	https://pma.tools.sinacloud.com/print.css
 -->
 
-<ruleset name="SinaCloud.com" default_off='failed ruleset test'>
+<ruleset name="SinaCloud.com" default_off="failed ruleset test">
 	<target host="sinacloud.com" />
 	<target host="www.sinacloud.com" />
 	<target host="ba.sinacloud.com" />
@@ -23,6 +23,6 @@ Fetch error: http://gongkaike.sinacloud.com/ => https://gongkaike.sinacloud.com/
 	<target host="sc2.sinacloud.com" />
 	<target host="sec.sinacloud.com" />
 	<target host="static.sinacloud.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SinaJS.cn.xml b/src/chrome/content/rules/SinaJS.cn.xml
index 15b2448e2c6f..f77d31c6e7c4 100644
--- a/src/chrome/content/rules/SinaJS.cn.xml
+++ b/src/chrome/content/rules/SinaJS.cn.xml
@@ -1,47 +1,32 @@
 <!--
 	For other Sina coverage, see Sina.com.cn.xml.
-
-	CDN buckets:
-		sinajs.csglb.txcdn.cn
-
-	Incomplete cert chain:
-		jss.t.sinajs.cn	( equal to js.t.sinajs.cn )
-
-	Invalid certificate:
-		hits.sinajs.cn
-		js[1-3].t.sinajs.cn	( equal to js.t.sinajs.cn )
-		rs.sinajs.cn
-		simg.sinajs.cn
-		sjs([0-3])?.sinajs.cn	( equal to js.t.sinajs.cn )
-		timg.sjs.sinajs.cn
 -->
 <ruleset name="SinaJS.cn">
+	<target host="hits.sinajs.cn" />
 	<target host="hq.sinajs.cn" />
 		<test url="http://hq.sinajs.cn/list=s_sh000001" />
 	<target host="image.sinajs.cn" />
 		<test url="http://image.sinajs.cn/newchart/v5/usstock/min_idx_n1/.ixic.gif" />
 		<test url="http://image.sinajs.cn/newchart/v5/futures/global/mint/CL.gif" />
+	<target host="rs.sinajs.cn" />
+	<target host="simg.sinajs.cn" />
+	<target host="sjs.sinajs.cn" />
+	<target host="timg.sjs.sinajs.cn" />
 	<target host="tjs.sjs.sinajs.cn" />
 		<test url="http://tjs.sjs.sinajs.cn/open/api/js/wb.js" />
+	<target host="sjs0.sinajs.cn" />
+	<target host="sjs1.sinajs.cn" />
+	<target host="sjs2.sinajs.cn" />
+	<target host="sjs3.sinajs.cn" />
 	<target host="img.t.sinajs.cn" />
 		<test url="http://img.t.sinajs.cn/open/api/js/wb.js" />
 	<target host="js.t.sinajs.cn" />
 		<test url="http://js.t.sinajs.cn/open/api/js/wb.js" />
-
 	<target host="js1.t.sinajs.cn" />
+		<test url="http://js1.t.sinajs.cn/t5/register/js/v6/pl/register/loginBox/index.js" />
 	<target host="js2.t.sinajs.cn" />
 	<target host="js3.t.sinajs.cn" />
 	<target host="jss.t.sinajs.cn" />
-	<rule from="^http://js(1|2|3|s)\.t\.sinajs\.cn/" to="https://js.t.sinajs.cn/" />
-		<test url="http://js1.t.sinajs.cn/t5/register/js/v6/pl/register/loginBox/index.js" />
-
-	<target host="sjs.sinajs.cn" />
-	<target host="sjs0.sinajs.cn" />
-	<target host="sjs1.sinajs.cn" />
-	<target host="sjs2.sinajs.cn" />
-	<target host="sjs3.sinajs.cn" />
-	<rule from="^http://sjs(0|1|2|3)?\.sinajs\.cn/" to="https://js.t.sinajs.cn/" />
-		<test url="http://sjs.sinajs.cn/video/lib/js/core.js" />
 
 	<securecookie host="^\w" name=".+" />
 
diff --git a/src/chrome/content/rules/Sinaimg.cn.xml b/src/chrome/content/rules/Sinaimg.cn.xml
index c6ae6a027974..693852a12b86 100644
--- a/src/chrome/content/rules/Sinaimg.cn.xml
+++ b/src/chrome/content/rules/Sinaimg.cn.xml
@@ -1,18 +1,26 @@
 <!--
-	For other Sina coverage, see Sina.com.cn.xml.
+	For other Sina coverage, see Sina.com.cn.xml
 
-	Invalid certificate:
-		u1.sinaimg.cn.cdngc.net
-		gongyi.sinaimg.cn
+	403:
+		w(s|x)[1-4].sinaimg.cn	Equal to ww[1-4].sinaimg.cn		https://travis-ci.org/github/EFForg/https-everywhere/jobs/675233597#L465
+
+	Invalid certificate:	in China: https://github.com/ywdblog/certbot-letencrypt-wildcardcertificates-alydns-au/issues/9#issuecomment-414920628
 		henan.sinaimg.cn	https://henan.sinaimg.cn/16/2010/0604/U4314P827T16D8548F242DT20100604175637.jpg
-		jiangxi.sinaimg.cn	https://jiangxi.sinaimg.cn/2013/0619/S92318T1371614052459.pdf
-		sh.sinaimg.cn	https://sh.sinaimg.cn/2014/0819/IsSh.js
-		r[1-4].sinaimg.cn	https://r1.sinaimg.cn/201512/000/000/aHR0cDovL21tYml6LnFwaWMuY24vbW1iaXovT3VwQW81cVd0aWNMTUdpY0podWNJMnpmUXd3eEZFRGhGQ2Q2WlNuR25SRmRCZERqNlJQN1Nha3U1UHdGRlZXbWRDS09kajRKZXU2eG03YXZ4VDNlMW4xZy8wP3d4X2ZtdD1qcGVnK2h0dHA6Ly9tcC53ZWl4aW4ucXEuY29tL3M/X19iaXo9TXpBM01UY3dPREEwTnc9PSZtaWQ9NDAyMzI2OTk0JmlkeD0xJnNuPTE4OWZjZTkwZGE5YmU5MGNjODk1ZDJlOGQ4OTM3N2Ex.jpg
-		www.sinaimg.cn	( Uses Akamai outside the Chinese GFW, something else inside the GFW that doesn't get a mismatch. )
+		i[0-3]s?.sinaimg.cn	Equal to www.sinaimg.cn
+		wwws.sinaimg.cn		Equal to www.sinaimg.cn
 -->
 <ruleset name="Sinaimg.cn">
 	<!--	Directly:	-->
-	<target host="wwws.sinaimg.cn" />
+	<target host="www.sinaimg.cn" />
+	<target host="jiangxi.sinaimg.cn" />
+	<target host="sh.sinaimg.cn" />
+
+	<target host="auto.sinaimg.cn" />
+	<target host="auto1.sinaimg.cn" />
+	<target host="auto2.sinaimg.cn" />
+	<target host="auto3.sinaimg.cn" />
+	<target host="auto4.sinaimg.cn" />
+	<target host="auto5.sinaimg.cn" />
 	<target host="d0.sinaimg.cn" />
 	<target host="d1.sinaimg.cn" />
 	<target host="d2.sinaimg.cn" />
@@ -23,20 +31,14 @@
 	<target host="d7.sinaimg.cn" />
 	<target host="d8.sinaimg.cn" />
 	<target host="d9.sinaimg.cn" />
+	<target host="gongyi.sinaimg.cn" />
 	<target host="h5.sinaimg.cn" />
-	<target host="i0.sinaimg.cn" />
-	<target host="i1.sinaimg.cn" />
-	<target host="i2.sinaimg.cn" />
-	<target host="i3.sinaimg.cn" />
-	<target host="i0s.sinaimg.cn" />
-	<target host="i1s.sinaimg.cn" />
-	<target host="i2s.sinaimg.cn" />
-	<target host="i3s.sinaimg.cn" />
 	<target host="k.sinaimg.cn" />
 	<target host="ks.sinaimg.cn" />
 	<target host="mjs.sinaimg.cn" />
 	<target host="mjss.sinaimg.cn" />
 	<target host="mu1.sinaimg.cn" />
+    		<test url="http://mu1.sinaimg.cn/square.180/weiyinyue.music.sina.com.cn/wpp_cover/61522171.jpg" />
 	<target host="n.sinaimg.cn" />
 	<target host="n0.sinaimg.cn" />
 	<target host="n1.sinaimg.cn" />
@@ -59,22 +61,6 @@
 	<target host="portrait6.sinaimg.cn" />
 	<target host="portrait7.sinaimg.cn" />
 	<target host="portrait8.sinaimg.cn" />
-	<target host="s1.sinaimg.cn" />
-	<target host="s2.sinaimg.cn" />
-	<target host="s3.sinaimg.cn" />
-	<target host="s4.sinaimg.cn" />
-	<target host="s5.sinaimg.cn" />
-	<target host="s6.sinaimg.cn" />
-	<target host="s7.sinaimg.cn" />
-	<target host="s8.sinaimg.cn" />
-	<target host="s9.sinaimg.cn" />
-	<target host="s10.sinaimg.cn" />
-	<target host="s11.sinaimg.cn" />
-	<target host="s12.sinaimg.cn" />
-	<target host="s13.sinaimg.cn" />
-	<target host="s14.sinaimg.cn" />
-	<target host="s15.sinaimg.cn" />
-	<target host="s16.sinaimg.cn" />
 	<target host="ss1.sinaimg.cn" />
 	<target host="ss2.sinaimg.cn" />
 	<target host="ss3.sinaimg.cn" />
@@ -103,22 +89,13 @@
 	<target host="tvax2.sinaimg.cn" />
 	<target host="tvax3.sinaimg.cn" />
 	<target host="tvax4.sinaimg.cn" />
-	<target host="u1.sinaimg.cn" />
 	<target host="us.sinaimg.cn" />
 	<target host="f.us.sinaimg.cn" />
 	<target host="mm.us.sinaimg.cn" />
-	<target host="ws1.sinaimg.cn" />
-	<target host="ws2.sinaimg.cn" />
-	<target host="ws3.sinaimg.cn" />
-	<target host="ws4.sinaimg.cn" />
 	<target host="ww1.sinaimg.cn" />
 	<target host="ww2.sinaimg.cn" />
 	<target host="ww3.sinaimg.cn" />
 	<target host="ww4.sinaimg.cn" />
-	<target host="wx1.sinaimg.cn" />
-	<target host="wx2.sinaimg.cn" />
-	<target host="wx3.sinaimg.cn" />
-	<target host="wx4.sinaimg.cn" />
 	<target host="z0.sinaimg.cn" />
 	<target host="z1.sinaimg.cn" />
 	<target host="z2.sinaimg.cn" />
@@ -130,37 +107,66 @@
 	<target host="z8.sinaimg.cn" />
 	<target host="z9.sinaimg.cn" />
 
+		<test url="http://www.sinaimg.cn/cj/pc/2007-10-19/32/U453P31T32D36393F1538DT20071019102225.pdf" />
+		<test url="http://www.sinaimg.cn/dy/weather/main/w2015/wt_switch2.png" />
+		<test url="http://jiangxi.sinaimg.cn/2013/0619/S92318T1371614052459.pdf" />
+		<test url="http://sh.sinaimg.cn/2014/0819/IsSh.js" />
+		<test url="http://auto.sinaimg.cn/autoimg/brand/00/00/276_3119_95.png" />
+		<test url="http://auto1.sinaimg.cn/autoimg/brand/00/00/307_7014_95.jpg" />
+		<test url="http://auto2.sinaimg.cn/autoimg/brand/00/00/272_2056_95.jpg" />
+		<test url="http://auto3.sinaimg.cn/autoimg/brand/00/00/303_4610_95.jpg" />
+		<test url="http://auto4.sinaimg.cn/autoimg/brand/00/00/16_4671_95.jpg" />
+		<test url="http://auto5.sinaimg.cn/autoimg/brand/00/00/305_5073_95.jpg" />
 		<test url="http://d0.sinaimg.cn/pfpghc/a0e6ccaf907445459a70b275444894a9.jpg" />
 		<test url="http://h5.sinaimg.cn/m/videoPlayer/js/app.c7e9c480.js" />
-		<test url="http://i0.sinaimg.cn/cha/images/c.gif" />
 		<test url="http://i0s.sinaimg.cn/dy/weather/main/index14/007/blk8_dots.gif" />
 		<test url="http://k.sinaimg.cn/n/sports/transform/20160705/8oyb-fxtsats1568094.jpg/w5707c6.jpg" />
 		<test url="http://ks.sinaimg.cn/n/ent/20161213/rIVK-fxypipt1161081.jpg/w640h320z1l50t1dcc.jpg" />
 		<test url="http://mjs.sinaimg.cn/wap/public/suda/201508041550/suda_log.min.js" />
 		<test url="http://mjss.sinaimg.cn/wap/online/home/v7/images/lz1X1.jpg" />
-		<test url="http://mu1.sinaimg.cn/square.180/weiyinyue.music.sina.com.cn/wpp_cover/61522171.jpg" />
 		<test url="http://n.sinaimg.cn/tech/transform/20160503/s9-E-fxrunru8717987.jpg" />
 		<test url="http://n0.sinaimg.cn/sports/nba/style.css" />
 		<test url="http://ns.sinaimg.cn/news/transform/20160504/mHkI-fxrtztc3215730.jpg" />
 		<test url="http://p1.sinaimg.cn/1679869477/180/94201408034020" />
 		<test url="http://portrait1.sinaimg.cn/6004496926/blog/50" />
-		<test url="http://s1.sinaimg.cn/orignal/001PGyMZzy6LeICm9HHe9" />
-		<test url="http://ss1.sinaimg.cn/orignal/001O7HQgzy6M5no8anw7a" />
+		<test url="http://ss1.sinaimg.cn/orignal/0042rM3Xzy6HBCst4Um8e" />
 		<test url="http://tp1.sinaimg.cn/5554103544/180/0/1" />
 		<test url="http://tva1.sinaimg.cn/crop.0.0.798.798.180/6462d00fgw1egno4hgy6wj20m80m8mxn.jpg" />
 		<test url="http://tvax1.sinaimg.cn/default/images/default_avatar_male_50.gif" />
-		<test url="http://u1.sinaimg.cn/3g/image/upload/0/110/176/19509/64477c90.png" />
 		<test url="http://mm.us.sinaimg.cn/004APoF4jx075YvK4Tkk060f010005Ox0k01.zip" />
-		<test url="http://ws1.sinaimg.cn/large/e8f236c4gw1f7dc0j9vxfj20f00f0myr.jpg" />
 		<test url="http://ww1.sinaimg.cn/bmiddle/4a02849cjw1elrtdbg81xj20dc0hsjst.jpg" />
-		<test url="http://wwws.sinaimg.cn/dy/weather/main/w2015/wt_switch2.png" />
-		<test url="http://wx1.sinaimg.cn/large/006DI42Nly1favzwyi6dcj30hs0vljv50.jpg" />
 		<test url="http://z0.sinaimg.cn/auto/resize?size=560_0&amp;img=http://sinastorage.com/storage.miaosha.sina.com.cn/products/201701/71a54447d99e17e3324ad1cb92d00c16.jpg" />
 
 	<!--	Complication:	-->
-	<target host="www.sinaimg.cn" />
-	<rule from="^http://www\.sinaimg\.cn/" to="https://wwws.sinaimg.cn/" />
-		<test url="http://www.sinaimg.cn/dy/weather/main/w2015/wt_switch2.png" />
+
+	<target host="wwws.sinaimg.cn" />
+	<target host="i0.sinaimg.cn" />
+	<target host="i1.sinaimg.cn" />
+	<target host="i2.sinaimg.cn" />
+	<target host="i3.sinaimg.cn" />
+	<target host="i0s.sinaimg.cn" />
+	<target host="i1s.sinaimg.cn" />
+	<target host="i2s.sinaimg.cn" />
+	<target host="i3s.sinaimg.cn" />
+
+	<rule from="^http://(i0s?|i1s?|i2s?|i3s?|wwws)\.sinaimg\.cn/" to="https://www.sinaimg.cn/" />
+		<test url="http://i0.sinaimg.cn/cha/images/c.gif" />
+		<test url="http://i1.sinaimg.cn/cha/images/c.gif" />
+		<test url="http://i2.sinaimg.cn/cha/images/c.gif" />
+		<test url="http://i3.sinaimg.cn/unipro/pub/suda_s_v839c.js" />
+		<test url="http://wwws.sinaimg.cn/dy/weather/main/w2015/wt_switch2.png" />
+
+	<target host="ws1.sinaimg.cn" />
+	<target host="ws2.sinaimg.cn" />
+	<target host="ws3.sinaimg.cn" />
+	<target host="ws4.sinaimg.cn" />
+	<target host="wx1.sinaimg.cn" />
+	<target host="wx2.sinaimg.cn" />
+	<target host="wx3.sinaimg.cn" />
+	<target host="wx4.sinaimg.cn" />
+	<rule from="^http://w(s|x)(\d+)\.sinaimg\.cn/" to="https://ww$2.sinaimg.cn/" />
+		<test url="http://ws1.sinaimg.cn/large/e8f236c4gw1f7dc0j9vxfj20f00f0myr.jpg" />
+		<test url="http://wx1.sinaimg.cn/large/006DI42Nly1favzwyi6dcj30hs0vljv50.jpg" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sinefa.com.xml b/src/chrome/content/rules/Sinefa.com.xml
index b8f20f33eeb9..026e5d1eb3df 100644
--- a/src/chrome/content/rules/Sinefa.com.xml
+++ b/src/chrome/content/rules/Sinefa.com.xml
@@ -15,7 +15,8 @@
 -->
 <ruleset name="Sinefa.com (partial)">
 
-	<target host="*.sinefa.com" />
+	<target host="controller.sinefa.com" />
+	<target host="community.sinefa.com" />
 
 
 	<!--	Not secured by server:
@@ -23,10 +24,9 @@
 	<securecookie host="^controller\.sinefa\.com$" name=".+" />
 
 
-	<rule from="^http://controller\.sinefa\.com/"
-		to="https://controller.sinefa.com/" />
 
 	<rule from="^http://community\.sinefa\.com/"
 		to="https://sinefa.zendesk.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Singlefeed.xml b/src/chrome/content/rules/Singlefeed.xml
index 9fe4b5050e5b..2608e77f781f 100644
--- a/src/chrome/content/rules/Singlefeed.xml
+++ b/src/chrome/content/rules/Singlefeed.xml
@@ -1,15 +1,14 @@
 <ruleset name="Singlefeed">
 
-	<target host="singlefeed.com" />
-	<target host="*.singlefeed.com" />
+	<target host="reporting.singlefeed.com" />
+	<target host="www.singlefeed.com" />
 
 
-	<securecookie host="^(?:.*\.)?singlefeed\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	reporting is a tracking redirecter
 		that *.pgpartner.com uses.	-->
-	<rule from="^http://(reporting|www)\.singlefeed\.com/"
-		to="https://$1.singlefeed.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Singularity_Hub.xml b/src/chrome/content/rules/Singularity_Hub.xml
index 5d51ce66bcf5..9519632d2af1 100644
--- a/src/chrome/content/rules/Singularity_Hub.xml
+++ b/src/chrome/content/rules/Singularity_Hub.xml
@@ -24,7 +24,7 @@
 	<target host="www.singularityhub.com" />
 		<exclusion pattern="^http://(?:www\.)?singularityhub\.com/(?:\d{4}/\d\d/\d\d/[\w-]+/|(?:about|(?:author|category)/[\w-]+|advertise|contact|membership-signup|privacy-policy|singularity-101)/?|video-central/?$|wp-login\.php)?(?:\?.*)?$" />
 		<exclusion pattern="^http://(?:www\.)?singularityhub\.com/(?:debate-central)(?:$|\?|/)" />
-		
+
 
 	<!--securecookie host="^\.?singularityhub\.com$" name=".+" /-->
 
diff --git a/src/chrome/content/rules/Sinica.edu.tw.xml b/src/chrome/content/rules/Sinica.edu.tw.xml
index 11d46a19080f..2a2501e3af55 100644
--- a/src/chrome/content/rules/Sinica.edu.tw.xml
+++ b/src/chrome/content/rules/Sinica.edu.tw.xml
@@ -1,75 +1,53 @@
 <!--
-	Academia Sinica Computing Center
-
-
-	Nonfunctional subdomains:
-
-		- career ¹
-		- (www.)citi ²
-		- (www.)imb ¹
-		- www2.imb ¹
-
-	¹ Refused
-	² Interrupted
-
-
-	Problematic subdomains:
-
-		- www.ascc ¹
-		- fmail0.cc ²
-		- npas.programs ³
-
-	¹ Mismatched
-	² Works; mismatched, CN: Barracuda/emailAddress=sales@barracuda.com; self-signed
-	³ Works, mismatched
-
-
-	Partially covered subdomains:
-
-		- aao *
-
-	* At least some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- app
-		- aslib
-		- (www.)ascc	(www -> ^)
-		- db3n2u
-		- db3x
-		- edir...:8443
-		- gate
-		- irb
-		- itsdesk
-		- sso
-		- www
-
-
-	^sinica.edu.tw doesn't exist.
-
-
-	Mixed content:
-
-		- Images on npas.programs from www.imb *
-
-	* Unsecurable <= refused
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- phys.sinica.edu.tw
+
+		Timeout was reached:
+		- abrc.sinica.edu.tw
+		- career.sinica.edu.tw
+		- fmail1.cc.sinica.edu.tw
+		- edir.sinica.edu.tw
+		- imb.sinica.edu.tw
+		- www.imb.sinica.edu.tw
+		- stat.sinica.edu.tw
+		- www.stat.sinica.edu.tw
+
+		SSL peer certificate was not OK:
+		- ea.sinica.edu.tw
+		- econ.sinica.edu.tw
+		- npas.programs.sinica.edu.tw
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- www.econ.sinica.edu.tw
+
+		Site uses weak encryption (TLSv1.1 or earlier):
+		- aao.sinica.edu.tw
+		- aslib.sinica.edu.tw
+		- citi.sinica.edu.tw
+		- db3n2u.sinica.edu.tw
+		- db3x.sinica.edu.tw
+		- itsdesk.sinica.edu.tw
+
+		Mixed content blocking (MCB) triggered:
+		- digiarch.sinica.edu.tw
 -->
 <ruleset name="Sinica.edu.tw (partial)">
-
-	<target host="*.sinica.edu.tw" />
-		<!--exclusion pattern="^http://(career|fmail0\.cc|(www\.)?citi|imb|www2?\.imb|npas\.programs)\.sinica\.edu\.tw/" /-->
-		<exclusion pattern="^http://aao\.sinica\.edu\.tw/+(?!CSS/|download/|images/|public/login\.php)" />
-
-
-	<rule from="^http://(aao|app|aslib|db3n2u|db3x|gate|irb|itsdesk|sso|www)\.sinica\.edu\.tw/"
-		to="https://$1.sinica.edu.tw/" />
-
-	<rule from="^http://(?:www\.)?ascc\.sinica\.edu/"
-		to="https://ascc.sinica.edu/" />
-
-	<rule from="^http://edir\.sinica\.edu\.tw:8443/"
-		to="https://edir.sinica.edu.tw:8443/" />
-
+	<target host="jobinfo.apps.sinica.edu.tw" />
+	<target host="ascc.sinica.edu.tw" />
+	<target host="www.ascc.sinica.edu.tw" />
+	<target host="app.sinica.edu.tw" />
+		<test url="http://app.sinica.edu.tw/rent/" />
+	<target host="www.citi.sinica.edu.tw" />
+	<target host="www.ea.sinica.edu.tw" />
+	<target host="gate.sinica.edu.tw" />
+	<target host="www.ios.sinica.edu.tw" />
+	<target host="irb.sinica.edu.tw" />
+	<target host="www.phys.sinica.edu.tw" />
+	<target host="research.sinica.edu.tw" />
+	<target host="sso.sinica.edu.tw" />
+	<target host="taibnet.sinica.edu.tw" />
+	<target host="www.sinica.edu.tw" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml b/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml
index 5e13b0a22915..12e7ccad1b3a 100644
--- a/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml
+++ b/src/chrome/content/rules/Sins_of_a_Solar_Empire.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://sinsofasolarempire.com/ => https://sinsofasolarempire.com/:
 	Mixed images from draginol.stardock.net
 
 -->
-<ruleset name="Sins of a Solar Empire.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Sins of a Solar Empire.com (partial)" default_off="failed ruleset test">
 
 	<target host="sinsofasolarempire.com" />
 	<target host="www.sinsofasolarempire.com" />
@@ -25,4 +25,4 @@ Fetch error: http://sinsofasolarempire.com/ => https://sinsofasolarempire.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sipgate.co.uk.xml b/src/chrome/content/rules/Sipgate.co.uk.xml
index 8f2366461f37..afb630161798 100644
--- a/src/chrome/content/rules/Sipgate.co.uk.xml
+++ b/src/chrome/content/rules/Sipgate.co.uk.xml
@@ -34,7 +34,7 @@ Fetch error: http://www.sipgate.co.uk/ => https://www.sipgate.co.uk/: Too many r
 		- www.sipgate.co.uk
 
 -->
-<ruleset name="Sipgate.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Sipgate.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Siraj.Institute.xml b/src/chrome/content/rules/Siraj.Institute.xml
new file mode 100644
index 000000000000..add2473b3491
--- /dev/null
+++ b/src/chrome/content/rules/Siraj.Institute.xml
@@ -0,0 +1,10 @@
+<ruleset name="Siraj.Institute">
+	<target host="siraj.institute" />
+	<target host="www.siraj.institute" />
+	<target host="apply.siraj.institute" />
+	<target host="demo.siraj.institute" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sirportly.xml b/src/chrome/content/rules/Sirportly.xml
index 94fbfe5da24f..412ca7beb839 100644
--- a/src/chrome/content/rules/Sirportly.xml
+++ b/src/chrome/content/rules/Sirportly.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(app\.|www\.)?sirportly\.com/"
 		to="https://$1sirportly.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Site24x7.xml b/src/chrome/content/rules/Site24x7.xml
index 0e342256df3f..529d538b9b7b 100644
--- a/src/chrome/content/rules/Site24x7.xml
+++ b/src/chrome/content/rules/Site24x7.xml
@@ -11,7 +11,7 @@
 	<target host="www.site24x7.com" />
 
 
-	<securecookie host="^(?:.*\.)?site24x7\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/SiteAdvisor.com.xml b/src/chrome/content/rules/SiteAdvisor.com.xml
index 88d05daf7443..5de70551ef53 100644
--- a/src/chrome/content/rules/SiteAdvisor.com.xml
+++ b/src/chrome/content/rules/SiteAdvisor.com.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SiteCompass.com.xml b/src/chrome/content/rules/SiteCompass.com.xml
index 003b8eb4bac9..ce8ce9ad1675 100644
--- a/src/chrome/content/rules/SiteCompass.com.xml
+++ b/src/chrome/content/rules/SiteCompass.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://mm.sitecompass.com/ => https://mm.sitecompass.com/: (28, 'Co
 	* Dropped
 
 -->
-<ruleset name="SiteCompass.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SiteCompass.com (partial)" default_off="failed ruleset test">
 
 	<target host="mm.sitecompass.com" />
 
diff --git a/src/chrome/content/rules/SiteGround.xml b/src/chrome/content/rules/SiteGround.xml
index 7ee686be65aa..ac06a45278cf 100644
--- a/src/chrome/content/rules/SiteGround.xml
+++ b/src/chrome/content/rules/SiteGround.xml
@@ -24,7 +24,7 @@ Fetch error: http://forum.siteground.com/ => https://forum.siteground.com/: (60,
 		- .siteground.com
 
 -->
-<ruleset name="SiteGround.com" default_off='failed ruleset test'>
+<ruleset name="SiteGround.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SitePen.com.xml b/src/chrome/content/rules/SitePen.com.xml
index 19ba5e625165..ff0228b35fa1 100644
--- a/src/chrome/content/rules/SitePen.com.xml
+++ b/src/chrome/content/rules/SitePen.com.xml
@@ -11,7 +11,9 @@
 <ruleset name="SitePen.com">
 
 	<target host="sitepen.com" />
-	<target host="*.sitepen.com" />
+	<target host="hub.sitepen.com" />
+	<target host="support.sitepen.com" />
+	<target host="www.sitepen.com" />
 
 
 	<!--	Not secured by server:
@@ -22,7 +24,6 @@
 	<securecookie host="^(?:hub|support|www)\.sitepen\.com$" name=".+" />
 
 
-	<rule from="^http://((?:hub|support|www)\.)?sitepen\.com/"
-		to="https://$1sitepen.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SiteTagger.co.uk.xml b/src/chrome/content/rules/SiteTagger.co.uk.xml
deleted file mode 100644
index f599a612cf63..000000000000
--- a/src/chrome/content/rules/SiteTagger.co.uk.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For problematic rules, see SiteTagger.co.uk-problematic.xml.
-
-	For other BrightTag coverage, see BrightTag.xml.
-
-
-	 subdomains:
-
-		- www2		(works; expired 2013-02-28, self-signed, CN: Parallels Panel)
-
--->
-<ruleset name="SiteTagger.co.uk (partial)">
-
-	<target host="sitetagger.co.uk" />
-	<target host="my.sitetagger.co.uk" />
-	<target host="*.tags.sitetagger.co.uk" />
-		<test url="http://cascov.tags.sitetagger.co.uk/" />
-		<test url="http://marks.tags.sitetagger.co.uk/" />
-		<test url="http://sainsburys.tags.sitetagger.co.uk/" />
-	<target host="www.sitetagger.co.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SiteTrust-Network.xml b/src/chrome/content/rules/SiteTrust-Network.xml
deleted file mode 100644
index 44336d4d69b8..000000000000
--- a/src/chrome/content/rules/SiteTrust-Network.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="SiteTrust Network">
-
-	<target host="sitetrustnetwork.com" />
-	<target host="www.sitetrustnetwork.com" />
-
-
-	<securecookie host="^(?:www\.)?sitetrustnetwork\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Site_Blindado.xml b/src/chrome/content/rules/Site_Blindado.xml
index 1dd85cbb3dec..7f5c1186aa7e 100644
--- a/src/chrome/content/rules/Site_Blindado.xml
+++ b/src/chrome/content/rules/Site_Blindado.xml
@@ -36,24 +36,26 @@ Fetch error: http://siteblindado.com/ => https://siteblindado.com/: (60, 'SSL ce
 <ruleset name="Site Blindado">
 
 	<target host="siteblindado.com" />
-	<target host="*.siteblindado.com" />
-	<target host="*.siteblindado.com.br" />
+	<target host="portal2.siteblindado.com" />
+	<target host="selo.siteblindado.com" />
+	<target host="www.siteblindado.com" />
+	<target host="portal.siteblindado.com" />
+	<target host="portal.siteblindado.com.br" />
+	<target host="selo.siteblindado.com.br" />
+	<target host="www.siteblindado.com.br" />
 
 
 	<securecookie host="^(?:portal2|selo|www)?\.siteblindado\.com$" name=".+" />
 	<securecookie host="^(?:portal|selo)?\.siteblindado\.com\.br$" name=".+" />
 
 
-	<rule from="^http://((?:portal2|selo|www)\.)?siteblindado\.com/"
-		to="https://$1siteblindado.com/" />
 
 	<rule from="^http://portal\.siteblindado\.com/"
 		to="https://portal.siteblindado.com.br/" />
 
-	<rule from="^http://(portal|selo)\.siteblindado\.com\.br/"
-		to="https://$1.siteblindado.com.br/" />
 
 	<rule from="^http://www\.siteblindado\.com\.br/"
 		to="https://www.siteblindado.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Siteor.xml b/src/chrome/content/rules/Siteor.xml
index 6960b62fde3f..3f732f6fceae 100644
--- a/src/chrome/content/rules/Siteor.xml
+++ b/src/chrome/content/rules/Siteor.xml
@@ -21,9 +21,12 @@
 -->
 <ruleset name="Siteor (partial)">
 
-	<target host="*.siteor.com" />
+	<target host="assets.siteor.com" />
+	<target host="fs.siteor.com" />
 	<target host="siteor.pl" />
-	<target host="*.siteor.pl" />
+	<target host="lavina.siteor.pl" />
+	<target host="secure.siteor.pl" />
+	<target host="www.siteor.pl" />
 
 
 	<securecookie host="^(?:.*\.)?siteor\.pl$" name=".+" />
diff --git a/src/chrome/content/rules/Sitizens.com.xml b/src/chrome/content/rules/Sitizens.com.xml
deleted file mode 100644
index 6ecac00c3d91..000000000000
--- a/src/chrome/content/rules/Sitizens.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Sitizens">
-
-	<target host="sitizens.com" />
-	<target host="www.sitizens.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sitola.xml b/src/chrome/content/rules/Sitola.xml
index 533f1a6bcf88..81c4e720c216 100644
--- a/src/chrome/content/rules/Sitola.xml
+++ b/src/chrome/content/rules/Sitola.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.sitola.cz/ => https://www.sitola.cz/: (60, 'SSL certific
 Fetch error: http://sitola.fi.muni.cz/ => https://sitola.fi.muni.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Sitola" default_off='failed ruleset test'>
+<ruleset name="Sitola" default_off="failed ruleset test">
     <target host="sitola.cz" />
     <target host="www.sitola.cz" />
     <target host="sitola.fi.muni.cz" />
diff --git a/src/chrome/content/rules/SixApart.xml b/src/chrome/content/rules/SixApart.xml
index e69fc77f1310..eb7b4cfd74b6 100644
--- a/src/chrome/content/rules/SixApart.xml
+++ b/src/chrome/content/rules/SixApart.xml
@@ -46,7 +46,7 @@ Fetch error: http://blog.sixapart.jp/ => https://blog.sixapart.jp/: (60, 'SSL ce
 	Note that ^ redirects to https, so....
 
 -->
-<ruleset name="Six Apart.jp (partial)" default_off='failed ruleset test'>
+<ruleset name="Six Apart.jp (partial)" default_off="failed ruleset test">
 
 	<target host="sixapart.jp" />
 	<target host="*.sixapart.jp" />
diff --git a/src/chrome/content/rules/SixthTone.com.xml b/src/chrome/content/rules/SixthTone.com.xml
new file mode 100644
index 000000000000..ca30e0e87e19
--- /dev/null
+++ b/src/chrome/content/rules/SixthTone.com.xml
@@ -0,0 +1,25 @@
+<!--
+	No working URL known:
+		file.sixthtone.com
+		image1.sixthtone.com
+		image2.sixthtone.com
+		image3.sixthtone.com
+		video.sixthtone.com
+
+-->
+<ruleset name="SixthTone.com">
+
+	<target host="sixthtone.com" />
+	<target host="www.sixthtone.com" />
+	<target host="file1.sixthtone.com" />
+		<test url="http://file1.sixthtone.com/css/css_elements.css" />
+	<target host="image4.sixthtone.com" />
+		<test url="http://image4.sixthtone.com/images/sendMail.svg" />
+	<target host="image5.sixthtone.com" />
+		<test url="http://image5.sixthtone.com/image/5/8/473.jpg" />
+	<target host="interaction.sixthtone.com" />
+		<test url="http://interaction.sixthtone.com/feature/2018/Melting-Away/index.html" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sizzle-Sites.xml b/src/chrome/content/rules/Sizzle-Sites.xml
index 83802603d000..aa476d9286ca 100644
--- a/src/chrome/content/rules/Sizzle-Sites.xml
+++ b/src/chrome/content/rules/Sizzle-Sites.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.sizzlesitesinc.com/ => https://www.sizzlesitesinc.com/:
 Disabled by https-everywhere-checker because:
 Fetch error: http://sizzlesitesinc.com/ => https://sizzlesitesinc.com/: (35, 'Unknown SSL protocol error in connection to sizzlesitesinc.com:443 ')
 -->
-<ruleset name="Sizzle Sites" default_off='failed ruleset test'>
+<ruleset name="Sizzle Sites" default_off="failed ruleset test">
 
 	<target host="sizzlesitesinc.com" />
 	<target host="www.sizzlesitesinc.com" />
diff --git a/src/chrome/content/rules/Skanetrafiken.se.xml b/src/chrome/content/rules/Skanetrafiken.se.xml
index 4953de8a6c69..2caad0d793bd 100644
--- a/src/chrome/content/rules/Skanetrafiken.se.xml
+++ b/src/chrome/content/rules/Skanetrafiken.se.xml
@@ -9,10 +9,10 @@ Fetch error: http://skanetrafiken.se/ => https://www.skanetrafiken.se/: (60, 'SS
 Fetch error: http://www.skanetrafiken.se/ => https://www.skanetrafiken.se/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://shop.skanetrafiken.se/ => https://www.shop.skanetrafiken.se/: (6, 'Could not resolve host: shop.skanetrafiken.se')
     Unsupported domains:
-    
+
     www.reseplaneraren.skanetrafiken.se     (cannot establish connection)
 -->
-<ruleset name="Skanetrafiken.se" default_off='failed ruleset test'>
+<ruleset name="Skanetrafiken.se" default_off="failed ruleset test">
   <target host="skanetrafiken.se"/>
   <target host="www.skanetrafiken.se"/>
   <target host="shop.skanetrafiken.se"/>
@@ -20,6 +20,6 @@ Fetch error: http://shop.skanetrafiken.se/ => https://www.shop.skanetrafiken.se/
 
   <securecookie host="skanetrafiken\.se$" name=".+" />
   <securecookie host="\.skanetrafiken\.se$" name=".+" />
-  
+
   <rule from="^http://(?:www\.)?([^\.]+\.)?skanetrafiken\.se/" to="https://www.$1skanetrafiken.se/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Skat.dk.xml b/src/chrome/content/rules/Skat.dk.xml
index b0a353156d8d..9e2b3dd415eb 100644
--- a/src/chrome/content/rules/Skat.dk.xml
+++ b/src/chrome/content/rules/Skat.dk.xml
@@ -3,7 +3,7 @@
 	Problematic subdomains:
 
 		- extranet.demo ⁴
-		- lagerhotel ¹ 
+		- lagerhotel ¹
 		- www.lagerhotel ¹
 		- tarif ²
 		- www.tarif ²
diff --git a/src/chrome/content/rules/SkateMall.xml b/src/chrome/content/rules/SkateMall.xml
index bf42c00f74de..19448ad37dcc 100644
--- a/src/chrome/content/rules/SkateMall.xml
+++ b/src/chrome/content/rules/SkateMall.xml
@@ -1,14 +1,9 @@
-<!--
-	Some pages redirect to http.
-
--->
-<ruleset name="SkateMall (partial)">
+<ruleset name="SkateMall (partial)" default_off="timeout">
 
 	<target host="skatemall.com" />
 	<target host="www.skatemall.com" />
 
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(www\.)?skatemall\.com/((?:cart|checkout|login|order-lookup)\.aspx|controls/|images/|img/|(?:Script|Web)Resource\.axd|scripts/|themes/)"
-		to="https://$1skatemall.com/$2" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skch.me.xml b/src/chrome/content/rules/Skch.me.xml
index 90bf349fe5f0..68e7a781fe39 100644
--- a/src/chrome/content/rules/Skch.me.xml
+++ b/src/chrome/content/rules/Skch.me.xml
@@ -5,7 +5,8 @@
 <ruleset name="Skch.me" default_off="self-signed" platform="mixedcontent">
 
 	<target host="skch.me" />
-	<target host="*.skch.me" />
+	<target host="wins.skch.me" />
+	<target host="www.skch.me" />
 
 
 	<securecookie host="^wins\.skch\.me$" name=".+" />
diff --git a/src/chrome/content/rules/SkepticsAnnotatedBible.com.xml b/src/chrome/content/rules/SkepticsAnnotatedBible.com.xml
new file mode 100644
index 000000000000..760cba38966f
--- /dev/null
+++ b/src/chrome/content/rules/SkepticsAnnotatedBible.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="SkepticsAnnotatedBible.com">
+	<target host="skepticsannotatedbible.com" />
+	<target host="www.skepticsannotatedbible.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sketch.systems.xml b/src/chrome/content/rules/Sketch.systems.xml
new file mode 100644
index 000000000000..2b46e38b9422
--- /dev/null
+++ b/src/chrome/content/rules/Sketch.systems.xml
@@ -0,0 +1,9 @@
+<ruleset name="Sketch.systems">
+	<target host="sketch.systems" />
+	<target host="www.sketch.systems" />
+	<target host="talk.sketch.systems" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SkimLinks.xml b/src/chrome/content/rules/SkimLinks.xml
index 74527c26b717..e42cbcccd058 100644
--- a/src/chrome/content/rules/SkimLinks.xml
+++ b/src/chrome/content/rules/SkimLinks.xml
@@ -8,7 +8,6 @@ Non-2xx HTTP code: http://info.skimlinks.com/rs/skimbitltd/images/bg.jpg (200) =
 
 		- redirectingat.com.xml
 		- Skimresources.com.xml
-		- Skm.io.xml
 
 
 	Problematic subdomains:
@@ -50,7 +49,7 @@ Non-2xx HTTP code: http://info.skimlinks.com/rs/skimbitltd/images/bg.jpg (200) =
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="SkimLinks.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SkimLinks.com (partial)" default_off="failed ruleset test">
 
 	<target host="skimlinks.com" />
 	<target host="*.skimlinks.com" />
diff --git a/src/chrome/content/rules/Skinflint.xml b/src/chrome/content/rules/Skinflint.xml
index f79bcc6051e7..71281576bc40 100644
--- a/src/chrome/content/rules/Skinflint.xml
+++ b/src/chrome/content/rules/Skinflint.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skitch.xml b/src/chrome/content/rules/Skitch.xml
index 2b3c21876a74..97bc21d0a711 100644
--- a/src/chrome/content/rules/Skitch.xml
+++ b/src/chrome/content/rules/Skitch.xml
@@ -6,12 +6,12 @@
 -->
 <ruleset name="Skitch">
   <target host="skitch.com" />
-  <target host="*.skitch.com" />
+  <target host="www.skitch.com" />
+  <target host="img.skitch.com" />
 
-	<securecookie host="^(?:.*\.)?skitch\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?skitch\.com/"
           to="https://skitch.com/" />
-  <rule from="^http://img\.skitch\.com/"
-          to="https://img.skitch.com/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Skm.io.xml b/src/chrome/content/rules/Skm.io.xml
deleted file mode 100644
index e438583c2c51..000000000000
--- a/src/chrome/content/rules/Skm.io.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other SkimLinks coverage, see SkimLinks.xml.
-
-
-	Problematic hosts:
-
-		- (www.)? *
-
-	* Mismatched
-
--->
-<ruleset name="Skm.io">
-
-	<target host="skm.io" />
-	<target host="www.skm.io" />
-
-
-	<rule from="^http://(?:www\.)?skm\.io/"
-		to="https://po.st/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Skoop.xml b/src/chrome/content/rules/Skoop.xml
deleted file mode 100644
index a1a916743e40..000000000000
--- a/src/chrome/content/rules/Skoop.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	(www.)?: Refused
-
--->
-<ruleset name="The Skoop.ca">
-
-	<target host="theskoop.ca" />
-	<target host="www.theskoop.ca" />
-
-
-	<!--	Redirect drops args and forward slash:
-							-->
-	<rule from="^http://(?:www\.)?theskoop\.ca/+(?:\?.*)?$"
-		to="https://www.facebook.com/theskoopinc" />
-
-		<test url="http://theskoop.ca//" />
-		<test url="http://theskoop.ca/?" />
-		<test url="http://www.theskoop.ca//" />
-		<test url="http://www.theskoop.ca/?" />
-
-	<!--	Redirect keeps path, but not
-		args nor forward slash:
-					-->
-	<rule from="^http://(?:www\.)?theskoop\.ca/+([^?]+).*"
-		to="https://www.facebook.com/theskoopinc/$1" />
-
-		<test url="http://theskoop.ca/f?o" />
-		<test url="http://theskoop.ca/o?b" />
-		<test url="http://theskoop.ca/a?r" />
-		<test url="http://www.theskoop.ca/f?o" />
-		<test url="http://www.theskoop.ca/o?b" />
-		<test url="http://www.theskoop.ca/a?r" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Skrill.com.xml b/src/chrome/content/rules/Skrill.com.xml
index 72b781156dcd..fdb4608a0036 100644
--- a/src/chrome/content/rules/Skrill.com.xml
+++ b/src/chrome/content/rules/Skrill.com.xml
@@ -23,17 +23,19 @@ Fetch error: http://sso.skrill.com/ => https://sso.skrill.com/: (7, 'Failed to c
 		- help
 
 -->
-<ruleset name="Skrill.com" default_off='failed ruleset test'>
+<ruleset name="Skrill.com" default_off="failed ruleset test">
 
 	<target host="skrill.com" />
 
-	<target host="*.skrill.com" />
+	<target host="account.skrill.com" />
+	<target host="help.skrill.com" />
+	<target host="sso.skrill.com" />
+	<target host="www.skrill.com" />
 
 
 	<securecookie host=".*\.skrill\.com$" name=".+" />
 
 
-	<rule from="^http://((?:account|help|sso|www)\.)?skrill\.com/"
-		to="https://$1skrill.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Skroutz.gr.xml b/src/chrome/content/rules/Skroutz.gr.xml
deleted file mode 100644
index 71ae86e2ddca..000000000000
--- a/src/chrome/content/rules/Skroutz.gr.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!-- This ruleset is experimental. If you experience problems please
-	 open an issue at https://github.com/kargig/https-everywhere -->
-
-<ruleset name="Skroutz.gr">
-  <target host="skroutz.gr" />
-  <target host="*.skroutz.gr" />
-  <target host="*.skroutzstore.gr" />
-
-	<securecookie host="^(?:.*\.)?skroutz\.gr$" name=".+" />
-	<securecookie host="^(?:.*\.)?skroutzstore\.gr$" name=".+" />
-
-  <exclusion pattern="^http://team\.skroutz\.gr/"/>
-  <rule from="^http://(\w+\.)?skroutz\.gr/" to="https://$1skroutz.gr/"/>
-  <rule from="^http://(\w+\.)?skroutzstore\.gr/" to="https://$1skroutzstore.gr/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Sky-ip.org.xml b/src/chrome/content/rules/Sky-ip.org.xml
index 7b096ccccfc6..87b916654ff3 100644
--- a/src/chrome/content/rules/Sky-ip.org.xml
+++ b/src/chrome/content/rules/Sky-ip.org.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.sky-ip.org/ => https://www.sky-ip.org/: (7, 'Failed to c
 	^: Cert only matches www
 
 -->
-<ruleset name="Sky-ip.org" default_off='failed ruleset test'>
+<ruleset name="Sky-ip.org" default_off="failed ruleset test">
 
 	<target host="sky-ip.org" />
 	<target host="www.sky-ip.org" />
diff --git a/src/chrome/content/rules/Sky.com.xml b/src/chrome/content/rules/Sky.com.xml
index 886441d40cad..2fe9764a2cde 100644
--- a/src/chrome/content/rules/Sky.com.xml
+++ b/src/chrome/content/rules/Sky.com.xml
@@ -1,11 +1,19 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://tv.help.sky.com/ => https://tv.help.sky.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tv.help.sky.com'")
+Fetch error: http://newsletter.sky.com/ => https://newsletter.sky.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://secure.api.search.sky.com/ => https://secure.api.search.sky.com/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+Fetch error: http://shop.sky.com/ => https://shop.sky.com/: (6, 'Could not resolve host: shop.sky.com')
+Fetch error: http://teachers.sky.com/ => https://teachers.sky.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.teachers.sky.com/ => https://teachers.sky.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 
 	Other Sky rulesets:
 
 		- SkyViewingHelp.com.xml
 		- Sky_Academy.com.xml
-		- Sky_Programme_Information.co.uk.xml
-		- Sky_Sports.com.xml
 
 
 	CDN buckets:
@@ -46,7 +54,7 @@
 	⁵ 504
 	ᵈ Dropped
 	ʰ Redirects to http
-	ᵉ Expired Certificate 
+	ᵉ Expired Certificate
 
 
 	Problematic hosts in *sky.com:
@@ -98,7 +106,7 @@
 	<target host="diagnostics.sky.com" />
 	<target host="global.sky.com" />
 	<target host="web-toolkit.global.sky.com" />
-	<target host="tv.help.sky.com" />
+	<!-- target host="tv.help.sky.com" /-->
 	<target host="helpforum.sky.com" />
 	<target host="player.sky.com" />
 	<target host="my.sky.com" />
@@ -106,22 +114,22 @@
 	<target host="myhelprequests.sky.com" />
 	<target host="myorders.sky.com" />
 	<target host="mysky.sky.com" />
-	<target host="newsletter.sky.com" />
+	<!-- target host="newsletter.sky.com" /-->
 	<target host="payments.sky.com" />
 	<target host="content.ott.sky.com" />
 	<target host="photos.sky.com" />
 	<target host="rainforestrescue.sky.com" />
 	<target host="rewards.sky.com" />
 
-	<target host="secure.api.search.sky.com" />
+	<!-- target host="secure.api.search.sky.com" /-->
 	<target host="secure.suggest.search.sky.com" />
 
 	<target host="secure.sky.com" />
 	<target host="servicestatus.sky.com" />
-	<target host="shop.sky.com" />
+	<!-- target host="shop.sky.com" /-->
 	<target host="skyid.sky.com" />
 	<target host="smetrics.sky.com" />
-	<target host="teachers.sky.com" />
+	<!-- target host="teachers.sky.com" /-->
 	<target host="proxy.video.sky.com" />
 	<target host="static.video.sky.com" />
 	<target host="www.sky.com" />
@@ -132,7 +140,7 @@
 	<target host="metrics.sky.com" />
 	<target host="f.newsletter.sky.com" />
 	<target host="suggest.search.sky.com" />
-	<target host="www.teachers.sky.com" />
+	<!-- target host="www.teachers.sky.com" /-->
 
 		<!--	Redirects to http:
 						-->
@@ -206,9 +214,6 @@
 	<rule from="^http://suggest\.search\.sky\.com/"
 		to="https://secure.suggest.search.sky.com/" />
 
-	<rule from="^http://www\.teachers\.sky\.com/"
-		to="https://teachers.sky.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Sky.de.xml b/src/chrome/content/rules/Sky.de.xml
index c6dbb03d5739..dd20392f59c7 100644
--- a/src/chrome/content/rules/Sky.de.xml
+++ b/src/chrome/content/rules/Sky.de.xml
@@ -52,7 +52,7 @@ Fetch error: http://uk-www.sky.de/ => https://uk-www.sky.de/: (6, 'Could not res
 		- www.skyticket.sky.de
 		- www.spieldeslebens.sky.de
 -->
-<ruleset name="Sky.de" default_off='failed ruleset test'>
+<ruleset name="Sky.de" default_off="failed ruleset test">
 	<target host="www.sky.de" />
 	<target host="6erpack.sky.de" />
 	<target host="www.6erpack.sky.de" />
diff --git a/src/chrome/content/rules/SkySQL.com.xml b/src/chrome/content/rules/SkySQL.com.xml
index 8e52c1725fdd..1bdf11479797 100644
--- a/src/chrome/content/rules/SkySQL.com.xml
+++ b/src/chrome/content/rules/SkySQL.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.skysql.com/ => https://www.skysql.com/: (51, "SSL: no al
 	For other MariaDB Corporation coverage, see MariaDB.com.xml.
 
 -->
-<ruleset name="SkySQL.com" default_off='failed ruleset test'>
+<ruleset name="SkySQL.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SkyViewingHelp.com.xml b/src/chrome/content/rules/SkyViewingHelp.com.xml
index 53bc23b1d804..bf2fb253a6cd 100644
--- a/src/chrome/content/rules/SkyViewingHelp.com.xml
+++ b/src/chrome/content/rules/SkyViewingHelp.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.skyviewinghelp.com/ => https://www.skyviewinghelp.com/:
 			- ^	(expired, mismatched, CN: secure.sky.com)
 
 -->
-<ruleset name="SkyViewingHelp.com" default_off='failed ruleset test'>
+<ruleset name="SkyViewingHelp.com" default_off="failed ruleset test">
 
 	<target host="skyviewinghelp.com" />
 	<target host="www.skyviewinghelp.com" />
diff --git a/src/chrome/content/rules/Sky_Academy.com.xml b/src/chrome/content/rules/Sky_Academy.com.xml
index 08cf2bd86c79..8f2294ba7eb9 100644
--- a/src/chrome/content/rules/Sky_Academy.com.xml
+++ b/src/chrome/content/rules/Sky_Academy.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://skyacademy.com/ => https://skyacademy.com/: (35, 'Unknown SS
 	For other Sky coverage see Sky.com.xml.
 
 -->
-<ruleset name="Sky Academy.com" default_off='failed ruleset test'>
+<ruleset name="Sky Academy.com" default_off="failed ruleset test">
 
 	<target host="skyacademy.com" />
 	<target host="www.skyacademy.com" />
diff --git a/src/chrome/content/rules/Sky_Programme_Information.co.uk.xml b/src/chrome/content/rules/Sky_Programme_Information.co.uk.xml
deleted file mode 100644
index 179a0a1480d2..000000000000
--- a/src/chrome/content/rules/Sky_Programme_Information.co.uk.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For other Sky coverage see Sky.com.xml.
-
-
-	www.skyprogrammeinformation.co.uk: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- skyprogrammeinformation.co.uk
-
--->
-<ruleset name="Sky Programme Information.co.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="skyprogrammeinformation.co.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="www.skyprogrammeinformation.co.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^skyprogrammeinformation\.co\.uk$" name="^skypi_session$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.skyprogrammeinformation\.co\.uk/"
-		to="https://skyprogrammeinformation.co.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sky_Sports.com.xml b/src/chrome/content/rules/Sky_Sports.com.xml
deleted file mode 100644
index 8934a17e9050..000000000000
--- a/src/chrome/content/rules/Sky_Sports.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Sky coverage see Sky.com.xml.
-
-
-	www.skysports.com: Dropped
-
--->
-<ruleset name="Sky Sports.com (partial)">
-
-	<target host="livingforsport.skysports.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sky_and_Telescope.xml b/src/chrome/content/rules/Sky_and_Telescope.xml
index 10a78c762c3d..4713280f1b2a 100644
--- a/src/chrome/content/rules/Sky_and_Telescope.xml
+++ b/src/chrome/content/rules/Sky_and_Telescope.xml
@@ -14,7 +14,7 @@ Fetch error: http://link.eml.skyandtelescope.com/ => https://link.eml.skyandtele
 		- media		(Refused)
 
 -->
-<ruleset name="Sky &amp; Telescope (partial)" default_off='failed ruleset test'>
+<ruleset name="Sky &amp; Telescope (partial)" default_off="failed ruleset test">
 
 	<target host="link.eml.skyandtelescope.com" />
 
diff --git a/src/chrome/content/rules/Skylark_cloud.com.xml b/src/chrome/content/rules/Skylark_cloud.com.xml
index be759148b760..bcab5d75286f 100644
--- a/src/chrome/content/rules/Skylark_cloud.com.xml
+++ b/src/chrome/content/rules/Skylark_cloud.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.skylarkcloud.com/ => https://www.skylarkcloud.com/: (28,
 		- www.skylarkcloud.com
 
 -->
-<ruleset name="Skylark cloud.com" default_off='failed ruleset test'>
+<ruleset name="Skylark cloud.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Skyline_Registrations.co.uk.xml b/src/chrome/content/rules/Skyline_Registrations.co.uk.xml
index 54e1d719a793..eddca92126a3 100644
--- a/src/chrome/content/rules/Skyline_Registrations.co.uk.xml
+++ b/src/chrome/content/rules/Skyline_Registrations.co.uk.xml
@@ -14,7 +14,7 @@ Fetch error: http://skylineregistrations.co.uk/ => https://www.skylineregistrati
 		- Ads from www.googleadservices.com
 
 -->
-<ruleset name="Skyline Registrations.co.uk" default_off='failed ruleset test'>
+<ruleset name="Skyline Registrations.co.uk" default_off="failed ruleset test">
 
 	<target host="skylineregistrations.co.uk" />
 	<target host="www.skylineregistrations.co.uk" />
diff --git a/src/chrome/content/rules/Skyrider_GraalOnline.xml b/src/chrome/content/rules/Skyrider_GraalOnline.xml
index 7c9948babbdc..e4bc2917efc5 100644
--- a/src/chrome/content/rules/Skyrider_GraalOnline.xml
+++ b/src/chrome/content/rules/Skyrider_GraalOnline.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://skyriderplay.com/ (200) => https://skyriderplay.com/ (521)
 
 -->
-<ruleset name="Skyrider GraalOnline" default_off='failed ruleset test'>
+<ruleset name="Skyrider GraalOnline" default_off="failed ruleset test">
 
 	<target host="skyriderplay.com" />
 	<target host="www.skyriderplay.com" />
@@ -22,4 +22,4 @@ Non-2xx HTTP code: http://skyriderplay.com/ (200) => https://skyriderplay.com/ (
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Skyscanner.xml b/src/chrome/content/rules/Skyscanner.xml
index 73bd37478bda..ae6db4a6f6d3 100644
--- a/src/chrome/content/rules/Skyscanner.xml
+++ b/src/chrome/content/rules/Skyscanner.xml
@@ -1,50 +1,17 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://facescanner.skyscanner.net/ => https://facescanner.skyscanner.net/: (60, 'SSL certificate problem: certificate has expired')
-
 	Ruleset for Skyscanner (multiple domain names).
 	See <https://en.wikipedia.org/wiki/Skyscanner>.
 
 	Invalid certificate:
-		help.skyscanner.com
-		tr.skyscanner.com (incomplete certificate chain)
 		help.skyscanner.co.in
 		help.skyscanner.co.th
 		help.skyscanner.com.au
 		help.skyscanner.ie
 		help.skyscanner.jp
-		partners.api.skyscanner.net
-		beta-apps.skyscanner.net
-		portal.business.skyscanner.net (incomplete certificate chain)
-		ww2.business.skyscanner.net (incomplete certificate chain)
-		cn.skyscanner.net (incomplete certificate chain)
-		deals.skyscanner.net
-		dk.skyscanner.net (incomplete certificate chain)
-		eu1-origin.skyscanner.net (incomplete certificate chain)
-		eu2-origin.skyscanner.net (incomplete certificate chain)
-		eu3-origin.skyscanner.net (incomplete certificate chain)
-		gr.skyscanner.net (incomplete certificate chain)
-		kr.skyscanner.net (incomplete certificate chain)
-		no.skyscanner.net (incomplete certificate chain)
-		pt.skyscanner.net (incomplete certificate chain)
-		ro.skyscanner.net (incomplete certificate chain)
-		se.skyscanner.net (incomplete certificate chain)
-		static.skyscanner.net (incomplete certificate chain)
-		tr.skyscanner.net (incomplete certificate chain)
 		help.skyscanner.nl
-		help.skyscanner.ru
 		skyscanner2024.com
 		www.skyscanner2024.com
 
-	No working URL known:
-		t.skyscnr.com (403)
-		slipstream.skyscanner.net (404)
-
-	Refused:
-		m.skyscanner.com
-		news.skyscanner.net
-
 	Time out:
 		skyscanner.ae
 		m.skyscanner.ae
@@ -60,12 +27,6 @@ Fetch error: http://facescanner.skyscanner.net/ => https://facescanner.skyscanne
 		m.skyscanner.co.in
 		skyscanner.co.kr
 		skyscanner.co.th
-		skyscanner.com
-		us.skyscanner.com
-		w.skyscanner.com
-		ww.skyscanner.com
-		wwww.skyscanner.com
-		skyscnr.com
 		skyscanner.com.au
 		skyscanner.com.my
 		m.skyscanner.com.my
@@ -83,29 +44,19 @@ Fetch error: http://facescanner.skyscanner.net/ => https://facescanner.skyscanne
 		m.skyscanner.it
 		skyscanner.jp
 		m.skyscanner.jp
-		skyscanner.net
-		holidays.skyscanner.net
-		hotels.skyscanner.net
-		m.skyscanner.net
-		mobile.skyscanner.net
-		redirect.skyscanner.net
 		skyscanneraffiliate.net
 		www.skyscanneraffiliate.net
 		skyscanner.nl
 		m.skyscanner.nl
 		skyscanner.no
 		m.skyscanner.no
-		skyscanner.pt
-		m.skyscanner.pt
 		skyscanner.ro
 		m.skyscanner.ro
-		skyscanner.ru
-		m.skyscanner.ru
 		skyscanner.se
 		m.skyscanner.se
 
 -->
-<ruleset name="Skyscanner" default_off='failed ruleset test'>
+<ruleset name="Skyscanner">
 
 	<target host="www.skyscanner.at" />
 	<target host="www.skyscanner.ae" />
@@ -114,7 +65,6 @@ Fetch error: http://facescanner.skyscanner.net/ => https://facescanner.skyscanne
 	<target host="www.skyscanner.co.in" />
 	<target host="www.skyscanner.co.kr" />
 	<target host="www.skyscanner.co.th" />
-	<target host="www.skyscanner.com" />
 	<target host="www.skyscanner.com.au" />
 	<target host="www.skyscanner.com.my" />
 	<target host="www.skyscanner.de" />
@@ -124,53 +74,11 @@ Fetch error: http://facescanner.skyscanner.net/ => https://facescanner.skyscanne
 	<target host="www.skyscanner.ie" />
 	<target host="www.skyscanner.it" />
 	<target host="www.skyscanner.jp" />
-
-	<!-- skyscanner.net -->
-	<target host="www.skyscanner.net" />
-	<target host="analytics.skyscanner.net" />
-	<target host="api.skyscanner.net" />
-	<target host="www.brandportal.skyscanner.net" />
-	<target host="business.skyscanner.net" />
-	<target host="mobile.ds.skyscanner.net" />
-	<target host="en.business.skyscanner.net" />
-	<target host="support.business.skyscanner.net" />
-	<target host="carhirehelp.skyscanner.net" />
-	<target host="facescanner.skyscanner.net" />
-	<target host="forum.skyscanner.net" />
-	<target host="gateway.skyscanner.net" />
-		<test url="http://gateway.skyscanner.net/article-signup" />
-	<target host="gojira.skyscanner.net" />
-	<target host="help.skyscanner.net" />
-	<target host="hotelshelp.skyscanner.net" />
-	<target host="ksa.skyscanner.net" />
-	<target host="ksaen.skyscanner.net" />
-	<target host="partners.skyscanner.net" />
-	<target host="secure.skyscanner.net" />
-	<target host="translate.skyscanner.net" />
-	<target host="travelpro.skyscanner.net" />
-	<target host="whitelabel.skyscanner.net" />
-	<target host="whitelabeldemo.skyscanner.net" />
-	<target host="widgets.skyscanner.net" />
-		<test url="http://widgets.skyscanner.net/widget-server/v1.0/en-GB/widgets/LocationWidget/refer?destinationId=CUN&amp;whitelabeldomain=flights.travelandleisure.com&amp;keyword=Cancun" />
-
 	<target host="www.skyscanner.nl" />
 	<target host="www.skyscanner.no" />
-	<target host="www.skyscanner.pt" />
 	<target host="www.skyscanner.ro" />
-	<target host="www.skyscanner.ru" />
 	<target host="www.skyscanner.se" />
 
-	<!-- skyscnr.com -->
-	<target host="content.skyscnr.com" />
-		<test url="http://content.skyscnr.com/ebd5c18551ace1c58755e382d07107f2/SkyscannerAirlineWineInfographicNew.jpg" />
-	<target host="css.skyscnr.com" />
-	<target host="images.skyscnr.com" />
-	<target host="js.skyscnr.com" />
-	<target host="logos.skyscnr.com" />
-	<target host="s1.skyscnr.com" />
-	<target host="s2.skyscnr.com" />
-	<target host="s3.skyscnr.com" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/SkyscraperPage.com.xml b/src/chrome/content/rules/SkyscraperPage.com.xml
new file mode 100644
index 000000000000..3b609b0cbc15
--- /dev/null
+++ b/src/chrome/content/rules/SkyscraperPage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Connection timed out:
+		- web1
+
+	Connection closed:
+		- webmail
+-->
+<ruleset name="SkyscraperPage.com">
+	<target host="skyscraperpage.com" />
+	<target host="www.skyscraperpage.com" />
+	<target host="forum.skyscraperpage.com" />
+	<target host="sandbox.skyscraperpage.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slader.com.xml b/src/chrome/content/rules/Slader.com.xml
new file mode 100644
index 000000000000..2ef25f846484
--- /dev/null
+++ b/src/chrome/content/rules/Slader.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatch:
+		procrastinate.slader.com
+-->
+<ruleset name="Slader.com">
+	<target host="slader.com" />
+	<target host="www.slader.com" />
+	<target host="api.slader.com" />
+	<target host="blog.slader.com" />
+	<target host="build.slader.com" />
+	<target host="swag.slader.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SlashFilm.com.xml b/src/chrome/content/rules/SlashFilm.com.xml
new file mode 100644
index 000000000000..2f3d39130f34
--- /dev/null
+++ b/src/chrome/content/rules/SlashFilm.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- daily.slashfilm.com
+-->
+
+<ruleset name="SlashFilm.com">
+	<target host="slashfilm.com" />
+	<target host="www.slashfilm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slashbits.com.xml b/src/chrome/content/rules/Slashbits.com.xml
index fa80e8338a27..1799da8a955e 100644
--- a/src/chrome/content/rules/Slashbits.com.xml
+++ b/src/chrome/content/rules/Slashbits.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.slashbits.com/ => https://www.slashbits.com/: (51, "SSL:
 Disabled by https-everywhere-checker because:
 Fetch error: http://slashbits.com/ => https://slashbits.com/: (51, "SSL: no alternative certificate subject name matches target host name 'slashbits.com'")
 -->
-<ruleset name="Slashbits.com" default_off='failed ruleset test'>
+<ruleset name="Slashbits.com" default_off="failed ruleset test">
 
 	<target host="slashbits.com" />
 	<target host="www.slashbits.com" />
diff --git a/src/chrome/content/rules/Slax_Linux.xml b/src/chrome/content/rules/Slax_Linux.xml
index 4db9eede29ef..45fff63faecc 100644
--- a/src/chrome/content/rules/Slax_Linux.xml
+++ b/src/chrome/content/rules/Slax_Linux.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Slender_Kitchen.xml b/src/chrome/content/rules/Slender_Kitchen.xml
index 24c1ad5a052b..d146d37471ce 100644
--- a/src/chrome/content/rules/Slender_Kitchen.xml
+++ b/src/chrome/content/rules/Slender_Kitchen.xml
@@ -5,7 +5,7 @@ Fetch error: http://slenderkitchen.com/ => https://slenderkitchen.com/: Too many
 Fetch error: http://www.slenderkitchen.com/ => https://www.slenderkitchen.com/: Too many redirects while fetching 'https://www.slenderkitchen.com/'
 
 -->
-<ruleset name="The Slender Kitchen" default_off='failed ruleset test'>
+<ruleset name="The Slender Kitchen" default_off="failed ruleset test">
 
 	<target host="slenderkitchen.com" />
 	<target host="www.slenderkitchen.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.slenderkitchen.com/ => https://www.slenderkitchen.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SliTaz.org.xml b/src/chrome/content/rules/SliTaz.org.xml
index 5eca813d7fad..f74325fa687b 100644
--- a/src/chrome/content/rules/SliTaz.org.xml
+++ b/src/chrome/content/rules/SliTaz.org.xml
@@ -13,18 +13,20 @@
 <ruleset name="SliTaz.org" default_off="self-signed">
 
 	<target host="slitaz.org" />
-	<target host="*.slitaz.org" />
+	<target host="www.slitaz.org" />
+	<target host="mirror.slitaz.org" />
+	<target host="pkgs.slitaz.org" />
+	<target host="shop.slitaz.org" />
 
 
 	<rule from="^http://(?:www\.)?slitaz\.org/"
 		to="https://www.slitaz.org/" />
 
-	<rule from="^http://(mirror|pkgs)\.slitaz\.org/"
-		to="https://$1.slitaz.org/" />
 
 	<!--	Server keeps path and args:
 						-->
 	<rule from="^http://shop\.slitaz\.org/"
 		to="https://slitaz.spreadshirt.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SlickEdit.com.xml b/src/chrome/content/rules/SlickEdit.com.xml
index 2ea9ac9cce82..396ded8c837e 100644
--- a/src/chrome/content/rules/SlickEdit.com.xml
+++ b/src/chrome/content/rules/SlickEdit.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://slickedit.com/ => https://slickedit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'slickedit.com'")
 
 -->
-<ruleset name="SlickEdit.com" default_off='failed ruleset test'>
+<ruleset name="SlickEdit.com" default_off="failed ruleset test">
 
 	<target host="slickedit.com" />
 	<target host="www.slickedit.com" />
diff --git a/src/chrome/content/rules/Slick_Products.xml b/src/chrome/content/rules/Slick_Products.xml
index bf0d4275582b..7e55024c05e9 100644
--- a/src/chrome/content/rules/Slick_Products.xml
+++ b/src/chrome/content/rules/Slick_Products.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Slickdeals.xml b/src/chrome/content/rules/Slickdeals.xml
index eec83dc00cd6..1710095c79a8 100644
--- a/src/chrome/content/rules/Slickdeals.xml
+++ b/src/chrome/content/rules/Slickdeals.xml
@@ -31,7 +31,13 @@
 <ruleset name="Slickdeals">
 
 	<target host="slickdeals.net" />
-	<target host="*.slickdeals.net" />
+	<target host="archive.slickdeals.net" />
+	<target host="beta.slickdeals.net" />
+	<target host="blog.slickdeals.net" />
+	<target host="i.slickdeals.net" />
+	<target host="img.slickdeals.net" />
+	<target host="m.slickdeals.net" />
+	<target host="www.slickdeals.net" />
 	<target host="static.slickdealscdn.com" />
 	<target host="static.slickdealz.net" />
 
@@ -49,10 +55,9 @@
 	<securecookie host="^(?:.*\.)?slickdeals\.net$" name=".+" />
 
 
-	<rule from="^http://((?:archive|beta|blog|i|img|m|www)\.)?slickdeals\.net/"
-		to="https://$1slickdeals.net/" />
 
 	<rule from="^http://static\.slickdeal(?:z\.net|scdn\.com)/"
 		to="https://slickdeals.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SlideMyPics.xml b/src/chrome/content/rules/SlideMyPics.xml
deleted file mode 100644
index 9f055d787b0d..000000000000
--- a/src/chrome/content/rules/SlideMyPics.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	CDN buckets:
-
-		- files.slidemypics.com.s3.amazonaws.com
-
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(404)
-
--->
-<ruleset name="SlideMyPics.com (partial)">
-
-	<target host="files.slidemypics.com" />
-
-
-	<rule from="^http://files\.slidemypics\.com/"
-		to="https://s3.amazonaws.com/files.slidemypics.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SlidePlayer.fr.xml b/src/chrome/content/rules/SlidePlayer.fr.xml
new file mode 100644
index 000000000000..aa2ad9b6f3c2
--- /dev/null
+++ b/src/chrome/content/rules/SlidePlayer.fr.xml
@@ -0,0 +1,11 @@
+<ruleset name="SlidePlayer.fr">
+
+	<target host="slideplayer.fr" />
+	<target host="www.slideplayer.fr" />
+	<target host="images.slideplayer.fr" />
+	<target host="player.slideplayer.fr" />
+		<test url="http://player.slideplayer.fr/10/2863612/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Slippedisc.com.xml b/src/chrome/content/rules/Slippedisc.com.xml
new file mode 100644
index 000000000000..4a408a30d155
--- /dev/null
+++ b/src/chrome/content/rules/Slippedisc.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Slippedisc.com">
+	<target host="slippedisc.com" />
+	<target host="www.slippedisc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml b/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml
index 2ba03c729d07..683fa8993028 100644
--- a/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml
+++ b/src/chrome/content/rules/Sloan-Digital-Sky-Survey.xml
@@ -4,13 +4,13 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sdss3.org/ => https://sdss3.org/: (51, "SSL: no alternative certificate subject name matches target host name 'sdss3.org'")
 
 -->
-<ruleset name="Sloan Digital Sky Survey (partial)" default_off='failed ruleset test'>
+<ruleset name="Sloan Digital Sky Survey (partial)" default_off="failed ruleset test">
 
 	<target host="sdss3.org"/>
 	<target host="*.sdss3.org"/>
 		<exclusion pattern="^http://www-visualmedia\."/>
 
-	<securecookie host="^(?:.*\.)?sdss3\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?sdss3\.org/"
 		to="https://$1sdss3.org/"/>
diff --git a/src/chrome/content/rules/Slough.gov.uk.xml b/src/chrome/content/rules/Slough.gov.uk.xml
index 2649c740b211..45ee3c10723d 100644
--- a/src/chrome/content/rules/Slough.gov.uk.xml
+++ b/src/chrome/content/rules/Slough.gov.uk.xml
@@ -57,7 +57,7 @@
 					-->
 	<!--securecookie host="^(?:css|static|www)\.slough\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
 
-	<securecookie host="^\w" name="" />
+	<securecookie host="^\w" name=".+" />
 
 
 	<rule from="^http://(?:css|static)\.slough\.gov\.uk/"
diff --git a/src/chrome/content/rules/SlovakGovernment.xml b/src/chrome/content/rules/SlovakGovernment.xml
index 1df10d8af1cc..0ebfb024811f 100644
--- a/src/chrome/content/rules/SlovakGovernment.xml
+++ b/src/chrome/content/rules/SlovakGovernment.xml
@@ -5,20 +5,42 @@
     Nonfunctional hosts:
 
     connection refused:
-	- mosr.sk
-	- www.mosr.sk
+        - metais.finance.gov.sk
+
     certificate chain issues:
-	- justice.gov.sk
-	- www.justice.gov.sk
-	- justice.sk
-	- www.justice.sk
-	- www.katasterportal.sk
+-       - www.ujd.gov.sk
 -->
 <ruleset name="SlovakGovernment">
 
 <!-- Government Office of the Slovak Republic -->
   <target host="vlada.gov.sk" />
   <target host="www.vlada.gov.sk" />
+  <target host="radaprestatnusluzbu.vlada.gov.sk" />
+
+<!--  Ministry of Economy -->
+  <target host="www.mhsr.sk" />
+  <target host="www.soi.sk" />
+  <target host="sario.sk" />
+  <target host="www.sario.sk" />
+
+<!-- Ministry of Investments, Regional Development and Informatization -->
+  <target host="mirri.gov.sk" />
+  <target host="www.mirri.gov.sk" />
+
+<!-- Ministry of Transport and Construction -->
+  <target host="mindop.sk" />
+  <target host="www.mindop.sk" />
+
+<!-- Ministry of Agriculture and Rural Development -->
+  <target host="mpsr.sk" />
+  <target host="www.mpsr.sk" />
+
+<!-- Ministry of Labour, Social Affairs and Family -->
+  <target host="www.employment.gov.sk" />
+
+<!-- Ministry of the Environment -->
+  <target host="minzp.sk" />
+  <target host="www.minzp.sk" />
 
 <!-- Central register of contracts -->
   <target host="crz.gov.sk" />
@@ -36,17 +58,53 @@
   <target host="www.prezident.sk" />
 
 <!-- Ministry of Finance of the Slovak Republic -->
+  <target host="mfsr.sk" />
+  <target host="www.mfsr.sk" />
+  <target host="dotacie.mfsr.sk" />
   <target host="www.finance.gov.sk" />
+  <target host="financnasprava.sk" />
+  <target host="www.financnasprava.sk" />
+  <target host="www.cep.financnasprava.sk" />
+  <target host="rozpocet.sk" />
+  <target host="www.rozpocet.sk" />
+  <target host="www.ropk.sk" />
+  <target host="pohladavkystatu.sk" />
+  <target host="www.pohladavkystatu.sk" />
+  <target host="www.majetokstatu.sk" />
+  <target host="registeruz.sk" />
+  <target host="www.registeruz.sk" />
+  <target host="www.datacentrum.sk" />
+  <target host="csirt.gov.sk" />
+  <target host="www.csirt.gov.sk" />
 
 <!-- Ministy of Defense of Slovak Republic -->
+  <target host="mosr.sk" />
+  <target host="www.mosr.sk" />
 
 <!-- Ministry of Foreign and European Affairs of the Slovak Republic -->
   <target host="www.mzv.sk" />
 
 <!-- Justice ministry -->
+  <target host="justice.sk" />
+  <target host="www.justice.sk" />
+  <target host="web.justice.sk" />
+  <target host="esmo.gov.sk" />
+  <target host="www.justice.gov.sk" />
+  <target host="obcan.justice.sk" />
+  <target host="www.radavladylp.gov.sk" />
 
 <!-- Ministry of Education -->
   <target host="www.minedu.sk" />
+  <target host="iedu.sk" />
+  <target host="www.iedu.sk" />
+
+<!-- Ministry of Culture -->
+  <target host="culture.gov.sk" />
+  <target host="www.culture.gov.sk" />
+
+<!-- Ministry of Health -->
+  <target host="health.gov.sk" />
+  <target host="www.health.gov.sk" />
 
 <!-- Office for Public Procurement -->
   <target host="uvo.gov.sk" />
@@ -56,7 +114,6 @@
   <target host="www.indprop.gov.sk" />
 
 <!-- Nuclear Regulatory Authority of the Slovak Republic -->
-  <target host="www.ujd.gov.sk" />
 
 <!-- Supreme Audit Office of the Slovak Republic -->
   <target host="www.nku.gov.sk" />
@@ -70,31 +127,19 @@
   <target host="www.sutn.sk" />
 
 <!-- Cadastral Portal -->
+  <target host="www.katasterportal.sk" />
+  <target host="zbgis.skgeodesy.sk" />
+
+<!-- Business Register - Justice ministry -->
+  <target host="orsr.sk" />
+  <target host="www.orsr.sk" />
 
 <!-- Legislative and Information Portal Slov-Lex -->
   <target host="slov-lex.sk" />
   <target host="www.slov-lex.sk" />
 
-  <rule from="^http://(?:www\.)?vlada\.gov\.sk/" to="https://vlada.gov.sk/" />
-
-  <rule from="^http://(?:www\.)?crz\.gov\.sk/" to="https://www.crz.gov.sk/" />
-
-  <rule from="^http://(?:www\.)?crp\.gov\.sk/" to="https://crp.gov.sk/" />
-
-  <rule from="^http://(?:www\.)?prezident\.sk/" to="https://www.prezident.sk/" />
-
-  <rule from="^http://(?:www\.)?mosr\.sk/" to="https://www.mosr.sk/" />
-
-  <rule from="^http://(?:www\.)?foreign\.gov\.sk/" to="https://www.mzv.sk/" />
-
-  <rule from="^http://(?:www\.)?justice\.gov\.sk/" to="https://www.justice.gov.sk/" />
-  <rule from="^http://(?:www\.)?justice\.sk/" to="https://www.justice.gov.sk/" />
-
-  <rule from="^http://(?:www\.)?uvo\.gov\.sk/" to="https://www.uvo.gov.sk/" />
-
-  <rule from="^http://(?:www\.)?sav\.sk/" to="https://www.sav.sk/" />
-
-  <rule from="^http://(?:www\.)?sutn\.sk/" to="https://www.sutn.sk/" />
+  <rule from="^http://mfsr\.sk/" to="https://www.mfsr.sk/" />
+  <rule from="^http://mindop\.sk/" to="https://www.mindop.sk/" />
 
   <rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Slovensko.digital.xml b/src/chrome/content/rules/Slovensko.digital.xml
new file mode 100644
index 000000000000..aa3ebacfa947
--- /dev/null
+++ b/src/chrome/content/rules/Slovensko.digital.xml
@@ -0,0 +1,19 @@
+<!--
+
+    Nonfunctional hosts:
+
+    certificate chain issues:
+        - edunet.slovensko.digital
+-->
+
+<ruleset name="Slovensko.digital">
+	<target host="slovensko.digital" />
+	<target host="www.slovensko.digital" />
+	<target host="ekosystem.slovensko.digital" />
+	<target host="platforma.slovensko.digital" />
+	<target host="stream.slovensko.digital" />
+	<target host="www.stream.slovensko.digital" />
+	<target host="vyzva.slovensko.digital" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Slyar.com.xml b/src/chrome/content/rules/Slyar.com.xml
index e931d098ad6e..fd2183cb97e1 100644
--- a/src/chrome/content/rules/Slyar.com.xml
+++ b/src/chrome/content/rules/Slyar.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://slyar.com/ => https://slyar.com/: Too many redirects while f
 Fetch error: http://www.slyar.com/ => https://www.slyar.com/: Too many redirects while fetching 'https://www.slyar.com/'
 
 -->
-<ruleset name="Slyar.com" default_off='failed ruleset test'>
+<ruleset name="Slyar.com" default_off="failed ruleset test">
 
 	<target host="slyar.com" />
 	<target host="www.slyar.com" />
diff --git a/src/chrome/content/rules/SmackJeeves.xml b/src/chrome/content/rules/SmackJeeves.xml
index acacc51b15f5..c4876320c3ac 100644
--- a/src/chrome/content/rules/SmackJeeves.xml
+++ b/src/chrome/content/rules/SmackJeeves.xml
@@ -1,17 +1,17 @@
 <!--
 	Smack Jeeves Webcomic Hosting (www.smackjeeves.com)
-	
+
 	Known non-HTTPS hosts in *.smackjeeves.com:
-	
+
 		- img2.smackjeeves.com (image server)
 		- *.smackjeeves.com (comic sites, except img2.smackjeeves.com
 		                     and www.smackjeeves.com)
-	
+
 -->
 <ruleset name="Smack Jeeves (partial)">
 	<target host="www.smackjeeves.com" />
 	<target host="smackjeeves.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SmallArmsReview.com.xml b/src/chrome/content/rules/SmallArmsReview.com.xml
new file mode 100644
index 000000000000..c97295bc0fae
--- /dev/null
+++ b/src/chrome/content/rules/SmallArmsReview.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SmallArmsReview.com">
+	<target host="smallarmsreview.com" />
+	<target host="www.smallarmsreview.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SmallCultFollowing.com.xml b/src/chrome/content/rules/SmallCultFollowing.com.xml
new file mode 100644
index 000000000000..1c8aa5d5dd5d
--- /dev/null
+++ b/src/chrome/content/rules/SmallCultFollowing.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatch:
+		svn.smallcultfollowing.com
+-->
+<ruleset name="SmallCultFollowing.com">
+	<target host="smallcultfollowing.com" />
+	<target host="www.smallcultfollowing.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smallbits.com.xml b/src/chrome/content/rules/Smallbits.com.xml
index 77a55b1e4c69..7573295566a8 100644
--- a/src/chrome/content/rules/Smallbits.com.xml
+++ b/src/chrome/content/rules/Smallbits.com.xml
@@ -8,11 +8,11 @@ Fetch error: http://secure.smallbits.com/ => https://secure.smallbits.com/: (60,
 		- (www.)	(shows secure; mismatched, CN: secure.smallbits.com)
 
 -->
-<ruleset name="Smallbits.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Smallbits.com (partial)" default_off="failed ruleset test">
 
 	<target host="secure.smallbits.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smart-AdServer.xml b/src/chrome/content/rules/Smart-AdServer.xml
index 4372dbdb2671..969e435cf9a2 100644
--- a/src/chrome/content/rules/Smart-AdServer.xml
+++ b/src/chrome/content/rules/Smart-AdServer.xml
@@ -20,7 +20,7 @@
 			- ww284-itx4.smartadserver.com
 			- ww284-itx5.smartadserver.com
 			- ww284.smartadserver.com
-		
+
 		Cert mismatch:
 			- ww339-itx5.smartadserver.com
 			- ww362-itx4.smartadserver.com
diff --git a/src/chrome/content/rules/SmartBrief.xml b/src/chrome/content/rules/SmartBrief.xml
index 2cd254692c82..52b6c6263085 100644
--- a/src/chrome/content/rules/SmartBrief.xml
+++ b/src/chrome/content/rules/SmartBrief.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://smartbrief.com/ (200) => https://smartbrief.com/ (404)
 Non-2xx HTTP code: http://www.smartbrief.com/ (200) => https://www.smartbrief.com/ (404)
 
 -->
-<ruleset name="SmartBrief" default_off='failed ruleset test'>
+<ruleset name="SmartBrief" default_off="failed ruleset test">
 
 	<target host="smartbrief.com" />
 	<target host="jobs.smartbrief.com" />
@@ -18,7 +18,7 @@ Non-2xx HTTP code: http://www.smartbrief.com/ (200) => https://www.smartbrief.co
 			- jobs
 			- www
 				-->
-	<securecookie host="^(?:.*\.)?smartbrief\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/SmartPractice.com.xml b/src/chrome/content/rules/SmartPractice.com.xml
index 2fb39f1413aa..d049c7411ea2 100644
--- a/src/chrome/content/rules/SmartPractice.com.xml
+++ b/src/chrome/content/rules/SmartPractice.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.allerderm.com/ => https://allerderm.com/: (51, "SSL: no
 	* Handshake fails
 
 -->
-<ruleset name="SmartPractice" default_off='failed ruleset test'>
+<ruleset name="SmartPractice" default_off="failed ruleset test">
 
 	<target host="allerderm.com"/>
 	<target host="www.allerderm.com"/>
diff --git a/src/chrome/content/rules/SmartSource.xml b/src/chrome/content/rules/SmartSource.xml
new file mode 100644
index 000000000000..6bbe90eaf128
--- /dev/null
+++ b/src/chrome/content/rules/SmartSource.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		- smartsource.ca
+		- help.smartsource.com
+		- reports.smartsource.com
+
+	Timed out:
+		- ssdcmaint.smartsource.com
+-->
+
+<ruleset name="SmartSource">
+	<target host="www.smartsource.ca" />
+	<target host="smartsource.com" />
+	<target host="www.smartsource.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SmartURL.it.xml b/src/chrome/content/rules/SmartURL.it.xml
new file mode 100644
index 000000000000..72429ec56e31
--- /dev/null
+++ b/src/chrome/content/rules/SmartURL.it.xml
@@ -0,0 +1,7 @@
+<ruleset name="SmartURL.it">
+	<target host="smarturl.it" />
+	<target host="www.smarturl.it" />
+	<target host="manage.smarturl.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smartclip.net.xml b/src/chrome/content/rules/Smartclip.net.xml
index e8c63d0d0a1b..800c6b7321d1 100644
--- a/src/chrome/content/rules/Smartclip.net.xml
+++ b/src/chrome/content/rules/Smartclip.net.xml
@@ -37,7 +37,7 @@
 
 	Timeout:
 		- smokeping.dev.hbbtv
-		
+
 	TLS error:
 		- demo
 		- gallery
@@ -129,5 +129,5 @@
 
 	<rule from="^http:"
 		to="https:" />
- 
+
 </ruleset>
diff --git a/src/chrome/content/rules/Smartling.xml b/src/chrome/content/rules/Smartling.xml
index b8da78e3edcf..278b35048be6 100644
--- a/src/chrome/content/rules/Smartling.xml
+++ b/src/chrome/content/rules/Smartling.xml
@@ -27,7 +27,11 @@
 <ruleset name="Smartling (partial)">
 
 	<target host="smartling.com" />
-	<target host="*.smartling.com" />
+	<target host="www.smartling.com" />
+	<target host="cdn01.smartling.com" />
+	<target host="dashboard.smartling.com" />
+	<target host="s-dashboard.smartling.com" />
+	<target host="s.smartling.com" />
 
 
 	<securecookie host="^dashboard\.smartling\.com$" name=".+" />
@@ -39,4 +43,4 @@
 	<rule from="^http://(cdn01|(?:s-)?dashboard|s)\.smartling\.com/"
 		to="https://$1.smartling.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Smartmix.io.xml b/src/chrome/content/rules/Smartmix.io.xml
new file mode 100644
index 000000000000..f41ad8e7d610
--- /dev/null
+++ b/src/chrome/content/rules/Smartmix.io.xml
@@ -0,0 +1,16 @@
+<!--
+	Nonfunctional hosts in *.smartmix.io:
+		staging.smartmix.io (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Smartmix.io">
+	<target host="smartmix.io" />
+	<target host="www.smartmix.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smartmixer.io.xml b/src/chrome/content/rules/Smartmixer.io.xml
new file mode 100644
index 000000000000..7c1e1aca3d80
--- /dev/null
+++ b/src/chrome/content/rules/Smartmixer.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Smartmixer.io">
+	<target host="smartmixer.io" />
+	<target host="www.smartmixer.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Smartphone_Experts.xml b/src/chrome/content/rules/Smartphone_Experts.xml
deleted file mode 100644
index 5cbbf980a9fb..000000000000
--- a/src/chrome/content/rules/Smartphone_Experts.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-
-
-	Problematic subdomains:
-
-		- cdn-store	(404, CN: *.netdna-ssl.com)
-		- store
-
--->
-<ruleset name="Smartphone Experts (partial)">
-
-	<target host="*.smartphoneexperts.com" />
-		<exclusion pattern="^http://store\.smartphoneexperts\.com/(?!images/|store/modules/|store_images/|v3_templates/)" />
-
-
-	<rule from="^http://(?:(?:cdn-)?store|secure)\.smartphoneexperts\.com/"
-		to="https://secure.smartphoneexperts.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Smartstream.tv.xml b/src/chrome/content/rules/Smartstream.tv.xml
index 04530e4ca2c8..e578a3113926 100644
--- a/src/chrome/content/rules/Smartstream.tv.xml
+++ b/src/chrome/content/rules/Smartstream.tv.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dashboard.smartstream.tv/ => https://dashboard.smartstream.tv/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Smartstream.tv" default_off='failed ruleset test'>
+<ruleset name="Smartstream.tv" default_off="failed ruleset test">
 
 	<target host="ads.smartstream.tv" />
 	<target host="cdn.smartstream.tv" />
@@ -26,7 +26,7 @@ Fetch error: http://dashboard.smartstream.tv/ => https://dashboard.smartstream.t
 	<!-- invalid cert:
 		- analytics.smartstream.tv
 		- www.smartstream.tv
-		- smartstream.tv 
+		- smartstream.tv
 		- smartseed.media.smartstream.tv
 	-->
 
diff --git a/src/chrome/content/rules/SmashFly.com.xml b/src/chrome/content/rules/SmashFly.com.xml
index e20d3135e9ca..f324d732a4df 100644
--- a/src/chrome/content/rules/SmashFly.com.xml
+++ b/src/chrome/content/rules/SmashFly.com.xml
@@ -53,7 +53,7 @@ Non-2xx HTTP code: http://go.smashfly.com/ (200) => https://smashfly.com/ (502)
 	⁴ Refused
 
 -->
-<ruleset name="SmashFly.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SmashFly.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Smdg.ca.xml b/src/chrome/content/rules/Smdg.ca.xml
index 99b3b72c910f..c2ba73160ffa 100644
--- a/src/chrome/content/rules/Smdg.ca.xml
+++ b/src/chrome/content/rules/Smdg.ca.xml
@@ -14,7 +14,6 @@
 	<target host="static.smdg.ca" />
 
 
-	<rule from="^http://static\.smdg\.ca/"
-		to="https://d3pf6blj843au7.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Smi2.net.xml b/src/chrome/content/rules/Smi2.net.xml
index c9c640348702..4171ba887d51 100644
--- a/src/chrome/content/rules/Smi2.net.xml
+++ b/src/chrome/content/rules/Smi2.net.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.smi2.net/ => https://www.smi2.net/: (6, 'Could not resol
 		- smi2.net
 
 -->
-<ruleset name="SMI2.net" default_off='failed ruleset test'>
+<ruleset name="SMI2.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -25,7 +25,7 @@ Fetch error: http://www.smi2.net/ => https://www.smi2.net/: (6, 'Could not resol
 					-->
 	<!--securecookie host="^smi2\.net$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^smi2\.net$" name="" />
+	<securecookie host="^smi2\.net$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Smowtion.xml b/src/chrome/content/rules/Smowtion.xml
deleted file mode 100644
index 880143acc607..000000000000
--- a/src/chrome/content/rules/Smowtion.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	CDN buckets:
-
-		- px.smowtion.com.s3.amazonaws.com
-
-		- wac.3D9E.edgecastcdn.net
-
-			- ads.smowtion.com
-			- edgecast.smowtion.com
-			- geo-ads.smowtion.com
-			- static.smowtion.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- blog *
-		- edge **
-		- landing	(shows passport, mismatched, CN: passport.smowtion.com)
-		- press *
-		- px		(amazonaws)
-		- static **
-
-	* Redirects to http, mismatched, CN: publisher.smowtion.com
-	** 404, mismatched, CN: gp1.wac.edgecastcdn.net
-
-
-	Problematic subdomains:
-
-		- ad		(mismatched, CN: ad.yieldmanager.com)
-		- ads		(works, akamai)
-		- geo-ads	(akamai)
-
--->
-<ruleset name="Smowtion (partial)">
-
-	<target host="*.smowtion.com" />
-
-
-	<rule from="^http://ad\.smowtion\.com/"
-		to="https://ad.yieldmanager.com/" />
-
-	<rule from="^http://p(assport|ublisher)\.smowtion\.com/"
-		to="https://p$1.smowtion.com/" />
-
-	<rule from="^http://px\.smowtion\.com/"
-		to="https://s3.amazonaws.com/px.smowtion.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Smuxi.im.xml b/src/chrome/content/rules/Smuxi.im.xml
index 04ed01550cdd..3e6605a0855a 100644
--- a/src/chrome/content/rules/Smuxi.im.xml
+++ b/src/chrome/content/rules/Smuxi.im.xml
@@ -8,7 +8,7 @@ Fetch error: http://smuxi.net/ => https://smuxi.net/: (51, "SSL: no alternative
 Fetch error: http://www.smuxi.net/ => https://www.smuxi.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.smuxi.net'")
 
 -->
-<ruleset name="Smuxi.im (partial)" default_off='failed ruleset test'>
+<ruleset name="Smuxi.im (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Smzdm.com.xml b/src/chrome/content/rules/Smzdm.com.xml
index ce6b0670908a..b19a58f7a047 100644
--- a/src/chrome/content/rules/Smzdm.com.xml
+++ b/src/chrome/content/rules/Smzdm.com.xml
@@ -12,13 +12,13 @@
 		quan
 		test
 		wiki
-	
+
 	404:
 		avatarimg
-	
+
 	502:
 		2
-	
+
 	Mismatch:
 		*.zdmimg.com
 
@@ -27,21 +27,21 @@
 -->
 
 <ruleset name="smzdm">
-	
+
 	<!--	Mixedcontent	-->
 	<target host="www.smzdm.com" />
-	
+
 	<exclusion pattern="^http://www\.smzdm\.com/(?!resources/)" />
 		<test url="http://www.smzdm.com/resources/public/img/logo.png" />
 		<test url="http://www.smzdm.com/resources/public/img/loading.gif" />
 		<test url="http://www.smzdm.com/p2/" />
-		
+
 	<!--	Direct rewrites:	-->
 
 	<target host="res.smzdm.com" />
 	<target host="res-ga.smzdm.com" />
 	<target host="zhiyou.smzdm.com" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Snabb.co.xml b/src/chrome/content/rules/Snabb.co.xml
index 2bd650e04909..72c643f34fc8 100644
--- a/src/chrome/content/rules/Snabb.co.xml
+++ b/src/chrome/content/rules/Snabb.co.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://snabb.co/ => https://snabb.co/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.snabb.co/ => https://www.snabb.co/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Snabb.co" default_off='failed ruleset test'>
+<ruleset name="Snabb.co" default_off="failed ruleset test">
 
 	<target host="snabb.co" />
 	<target host="www.snabb.co" />
diff --git a/src/chrome/content/rules/SnackTools.com-problematic.xml b/src/chrome/content/rules/SnackTools.com-problematic.xml
index f82ad6afb8bb..e7e6dbad4e9c 100644
--- a/src/chrome/content/rules/SnackTools.com-problematic.xml
+++ b/src/chrome/content/rules/SnackTools.com-problematic.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SnackTools.com.xml b/src/chrome/content/rules/SnackTools.com.xml
index 5c9ffa53a1da..7967966594a5 100644
--- a/src/chrome/content/rules/SnackTools.com.xml
+++ b/src/chrome/content/rules/SnackTools.com.xml
@@ -5,8 +5,6 @@
 	Other SnackTools rulesets:
 
 		- BannerSnack.com.xml
-		- Quizsnack.com.xml
-		- SnackTools.net.xml
 
 
 	Problematic subdomains:
diff --git a/src/chrome/content/rules/SnackTools.net.xml b/src/chrome/content/rules/SnackTools.net.xml
deleted file mode 100644
index e3f43bfa6486..000000000000
--- a/src/chrome/content/rules/SnackTools.net.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other SnackTools coverage, see SnackTools.com.xml.
-
--->
-<ruleset name="SnackTools.net">
-
-	<target host="stapi.snacktools.net" />
-
-
-	<securecookie host="^stapi\.snacktools\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Snacktv.de.xml b/src/chrome/content/rules/Snacktv.de.xml
deleted file mode 100644
index 20b894b684bf..000000000000
--- a/src/chrome/content/rules/Snacktv.de.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Incomplete certificate-chain on ^
--->
-<ruleset name="SnackTV">
-
-	<target host="cache.snacktv.de"/>
-	<target host="displayomat.snacktv.de"/>
-	<target host="events.snacktv.de"/>
-	<target host="lists.snacktv.de"/>
-	<target host="monetizer.snacktv.de"/>
-	<target host="player.snacktv.de"/>
-	<target host="snackomat.snacktv.de"/>
-	<target host="snackomat2.snacktv.de"/>
-	<target host="www.snacktv.de"/>
-
-	<rule from="^http:" to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Snafu.xml b/src/chrome/content/rules/Snafu.xml
index f81a880f9750..fb154414ff32 100644
--- a/src/chrome/content/rules/Snafu.xml
+++ b/src/chrome/content/rules/Snafu.xml
@@ -9,7 +9,7 @@ Fetch error: http://service.snafu.de/ => https://service.snafu.de/: (7, 'Failed
 		- www	(cert: ; redirects there)
 
 -->
-<ruleset name="snafu (partial)" default_off='failed ruleset test'>
+<ruleset name="snafu (partial)" default_off="failed ruleset test">
 
 	<target host="service.snafu.de" />
 
diff --git a/src/chrome/content/rules/Snagajob.xml b/src/chrome/content/rules/Snagajob.xml
index 7e0826aab1bb..8e9f9f582ba9 100644
--- a/src/chrome/content/rules/Snagajob.xml
+++ b/src/chrome/content/rules/Snagajob.xml
@@ -1,14 +1,15 @@
 <ruleset name="snagajob" platform="mixedcontent">
   <target host="snagajob.com"/>
-  <target host="*.snagajob.com"/>
+  <target host="www.snagajob.com" />
+  <target host="media.snagajob.com" />
 
-  <securecookie host="^(?:.*\.)?snagajob.com$" name=".+" />
+  <securecookie host=".+" name=".+"/>
 
   <rule from="^http://(?:www\.)?snagajob\.com/" to="https://www.snagajob.com/"/>
-  <rule from="^http://media\.snagajob\.com/" to="https://media.snagajob.com/"/>
 
   <!-- A 404 error is occurred when answers and blog are forced to https -->
   <!-- Hence a exclusion is added to both of them -->
   <exclusion pattern="^http://www\.snagajob\.com/answers/" />
   <exclusion pattern="^http://www\.snagajob\.com/blog/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Snapchat.com.xml b/src/chrome/content/rules/Snapchat.com.xml
deleted file mode 100644
index 479ea1edd4ee..000000000000
--- a/src/chrome/content/rules/Snapchat.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Refused
-
-
-	Fully covered hosts in *snapchat.com:
-
-		- (www.)?
-		- accounts
-		- support
-
--->
-<ruleset name="Snapchat.com (partial)">
-
-	<target host="snapchat.com" />
-	<target host="accounts.snapchat.com" />
-	<target host="support.snapchat.com" />
-	<target host="www.snapchat.com" />
-
-
-	<securecookie host="^support\.snapchat\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SndCDN.com.xml b/src/chrome/content/rules/SndCDN.com.xml
index 11bfacd87a67..3b419fdb35df 100644
--- a/src/chrome/content/rules/SndCDN.com.xml
+++ b/src/chrome/content/rules/SndCDN.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://api.sndcdn.com/ => https://api.sndcdn.com/: (6, 'Could not r
 			- i1.sndcdn.com
 			- w1.sndcdn.com
 
-		- m-a.sndcdn.com.edgesuite.net 
+		- m-a.sndcdn.com.edgesuite.net
 
 
 	Problematic hosts in *sndcdn.com:
@@ -25,7 +25,7 @@ Fetch error: http://api.sndcdn.com/ => https://api.sndcdn.com/: (6, 'Could not r
 	* Akamai
 
 -->
-<ruleset name="SndCDN.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SndCDN.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Snel-Internet-Services.xml b/src/chrome/content/rules/Snel-Internet-Services.xml
index 5907e595d864..813ab352fb8b 100644
--- a/src/chrome/content/rules/Snel-Internet-Services.xml
+++ b/src/chrome/content/rules/Snel-Internet-Services.xml
@@ -21,7 +21,7 @@ Fetch error: http://snelserver.com/ => https://snelserver.com/: (51, "SSL: no al
 	but these don't appear to exist(?)
 
 -->
-<ruleset name="Snel Internet Services" default_off='failed ruleset test'>
+<ruleset name="Snel Internet Services" default_off="failed ruleset test">
 
 	<target host="snelis.com" />
 	<target host="api.snelis.com" />
diff --git a/src/chrome/content/rules/Snel.com.xml b/src/chrome/content/rules/Snel.com.xml
index e44ed96a47fb..3f4e7ea2e3d5 100644
--- a/src/chrome/content/rules/Snel.com.xml
+++ b/src/chrome/content/rules/Snel.com.xml
@@ -18,7 +18,7 @@ Non-2xx HTTP code: http://session.snel.com/ (200) => https://control.snel.com/ (
 	* Secured by us
 
 -->
-<ruleset name="Snel.com" default_off='failed ruleset test'>
+<ruleset name="Snel.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Snip.ly.xml b/src/chrome/content/rules/Snip.ly.xml
new file mode 100644
index 000000000000..4e82a3bd8136
--- /dev/null
+++ b/src/chrome/content/rules/Snip.ly.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+	- go.snip.ly
+
+	Connection refused:
+	- calendar.snip.ly
+	- drive.snip.ly
+	- mail.snip.ly
+	- web1.snip.ly
+	- web2.snip.ly
+	- q.snip.ly
+
+	https installed:
+	- blog.snip.ly
+
+-->
+<ruleset name="Snip.ly">
+	<target host="snip.ly" />
+	<target host="www.snip.ly" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Snip2Code.com.xml b/src/chrome/content/rules/Snip2Code.com.xml
index 2db3d782a6de..64a60aa3d175 100644
--- a/src/chrome/content/rules/Snip2Code.com.xml
+++ b/src/chrome/content/rules/Snip2Code.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://dev.snip2code.com/ => https://dev.snip2code.com/: (28, 'Conn
 	^snip2code.com: Handshake fails
 
 -->
-<ruleset name="Snip2Code.com" default_off='failed ruleset test'>
+<ruleset name="Snip2Code.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Snipt.net.xml b/src/chrome/content/rules/Snipt.net.xml
index c787a9b5b86e..ec9fe04db9b4 100644
--- a/src/chrome/content/rules/Snipt.net.xml
+++ b/src/chrome/content/rules/Snipt.net.xml
@@ -8,7 +8,7 @@ Fetch error: http://blog.snipt.net/ => https://blog.snipt.net/: (6, 'Could not r
 		- .snipt.net
 
 -->
-<ruleset name="Snipt.net" default_off='failed ruleset test'>
+<ruleset name="Snipt.net" default_off="failed ruleset test">
 
 	<target host="snipt.net" />
 	<target host="blog.snipt.net" />
diff --git a/src/chrome/content/rules/Snoobi.xml b/src/chrome/content/rules/Snoobi.xml
index 143d13c85590..c1623ff32b10 100644
--- a/src/chrome/content/rules/Snoobi.xml
+++ b/src/chrome/content/rules/Snoobi.xml
@@ -11,7 +11,7 @@
 	<target host="eu1.snoobi.com" />
 
 
-	<securecookie host="^.*\.snoobi\.com" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Snort.xml b/src/chrome/content/rules/Snort.xml
index 358911075cb9..daa10ecd918e 100644
--- a/src/chrome/content/rules/Snort.xml
+++ b/src/chrome/content/rules/Snort.xml
@@ -11,7 +11,7 @@ Fetch error: http://store.snort.org/ => https://store.snort.org/: (6, 'Could not
 	* Blogger
 
 -->
-<ruleset name="Snort.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Snort.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Snowfly.xml b/src/chrome/content/rules/Snowfly.xml
index 2e1996111263..ceb267df9abf 100644
--- a/src/chrome/content/rules/Snowfly.xml
+++ b/src/chrome/content/rules/Snowfly.xml
@@ -6,7 +6,7 @@ Fetch error: http://regencesecure.snowfly.com/ => https://regencesecure.snowfly.
 	(www.)?snowfly.com: 403
 
 -->
-<ruleset name="Snowfly (partial)" default_off='failed ruleset test'>
+<ruleset name="Snowfly (partial)" default_off="failed ruleset test">
 
 	<target host="beesecure.prpa.org" />
 	<target host="starawardssecure.snowfly.com" />
@@ -15,5 +15,5 @@ Fetch error: http://regencesecure.snowfly.com/ => https://regencesecure.snowfly.
 
 	<rule from="^http:"
 		to="https:" />
-    
+
 </ruleset>
diff --git a/src/chrome/content/rules/So-Raise-Your-Glasses.xml b/src/chrome/content/rules/So-Raise-Your-Glasses.xml
index dd0862ad20b8..e1261304a209 100644
--- a/src/chrome/content/rules/So-Raise-Your-Glasses.xml
+++ b/src/chrome/content/rules/So-Raise-Your-Glasses.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://soraiseyourglasses.com/ => https://soraiseyourglasses.com/: (51, "SSL: no alternative certificate subject name matches target host name 'soraiseyourglasses.com'")
 Fetch error: http://www.soraiseyourglasses.com/ => https://www.soraiseyourglasses.com/: Cycle detected - URL already encountered: https://www.soraiseyourglasses.com/
 -->
-<ruleset name="So Raise Your Glasses" default_off='failed ruleset test'>
+<ruleset name="So Raise Your Glasses" default_off="failed ruleset test">
 
 	<target host="soraiseyourglasses.com" />
 	<target host="www.soraiseyourglasses.com" />
diff --git a/src/chrome/content/rules/So.cl.xml b/src/chrome/content/rules/So.cl.xml
index 4780d15b045f..e07371cef9b1 100644
--- a/src/chrome/content/rules/So.cl.xml
+++ b/src/chrome/content/rules/So.cl.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.so.cl/ => https://www.so.cl/: Cycle detected - URL alrea
 		- (www.)?
 
 -->
-<ruleset name="So.cl" default_off='failed ruleset test'>
+<ruleset name="So.cl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SoCal_Linux_Expo.org.xml b/src/chrome/content/rules/SoCal_Linux_Expo.org.xml
index f77d5056e501..a94816968360 100644
--- a/src/chrome/content/rules/SoCal_Linux_Expo.org.xml
+++ b/src/chrome/content/rules/SoCal_Linux_Expo.org.xml
@@ -10,7 +10,8 @@
 <ruleset name="SoCal Linux Expo.org">
 
 	<target host="socallinuxexpo.org" />
-	<target host="*.socallinuxexpo.org" />
+	<target host="reg.socallinuxexpo.org" />
+	<target host="www.socallinuxexpo.org" />
 
 
 	<!--	Not secured by server:
@@ -18,7 +19,6 @@
 	<securecookie host="^reg\.socallinuxexpo\.org$" name=".+" />
 
 
-	<rule from="^http://((?:helpdesk|reg|wiki|www)\.)?socallinuxexpo\.org/"
-		to="https://$1socallinuxexpo.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SoFurry.xml b/src/chrome/content/rules/SoFurry.xml
index 624f15b3214c..7bf14b59131b 100644
--- a/src/chrome/content/rules/SoFurry.xml
+++ b/src/chrome/content/rules/SoFurry.xml
@@ -1,6 +1,7 @@
 <ruleset name="SoFurry">
   <target host="sofurry.com" />
   <target host="www.sofurry.com" />
+  <target host="sofurryfiles.com" />
   <target host="www.sofurryfiles.com" />
 
   <securecookie host="^(?:www)?\.sofurry\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Soapbox-CMS.xml b/src/chrome/content/rules/Soapbox-CMS.xml
index ab1bbc0f9d90..8ce0cd213045 100644
--- a/src/chrome/content/rules/Soapbox-CMS.xml
+++ b/src/chrome/content/rules/Soapbox-CMS.xml
@@ -5,12 +5,12 @@ Fetch error: http://soapboxcms.com/ => https://soapboxcms.com/: (6, 'Could not r
 Fetch error: http://www.soapboxcms.com/ => https://www.soapboxcms.com/: (6, 'Could not resolve host: www.soapboxcms.com')
 
 -->
-<ruleset name="Soapbox CMS" default_off='failed ruleset test'>
+<ruleset name="Soapbox CMS" default_off="failed ruleset test">
 
 	<target host="soapboxcms.com" />
 	<target host="www.soapboxcms.com" />
 
-	<securecookie host="^(?:.*\.)?soapboxcms\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Sobollubov.ru.xml b/src/chrome/content/rules/Sobollubov.ru.xml
index fa885c27d5c1..69e05a45da46 100644
--- a/src/chrome/content/rules/Sobollubov.ru.xml
+++ b/src/chrome/content/rules/Sobollubov.ru.xml
@@ -5,7 +5,7 @@ Fetch error: http://sobollubov.ru/ => https://sobollubov.ru/: (28, 'Operation ti
 Fetch error: http://www.sobollubov.ru/ => https://www.sobollubov.ru/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Sobollubov.ru" default_off='failed ruleset test'>
+<ruleset name="Sobollubov.ru" default_off="failed ruleset test">
 	<target host="sobollubov.ru" />
 	<target host="www.sobollubov.ru" />
 
diff --git a/src/chrome/content/rules/SocialRank.com.xml b/src/chrome/content/rules/SocialRank.com.xml
index 22d2493b9cfa..3d6d6beff87f 100644
--- a/src/chrome/content/rules/SocialRank.com.xml
+++ b/src/chrome/content/rules/SocialRank.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.socialrank.co/ => https://www.socialrank.co/: Too many r
 	(www.)?....co is a simple redirect to .com
 
 -->
-<ruleset name="SocialRank.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SocialRank.com (partial)" default_off="failed ruleset test">
 
 	<target host="socialrank.co" />
 	<target host="www.socialrank.co" />
diff --git a/src/chrome/content/rules/SocialShows.xml b/src/chrome/content/rules/SocialShows.xml
index 2f5a1b9762d6..7acbedff114c 100644
--- a/src/chrome/content/rules/SocialShows.xml
+++ b/src/chrome/content/rules/SocialShows.xml
@@ -13,12 +13,12 @@ Fetch error: http://socialshows.net/ => https://socialshows.net/: (6, 'Could not
 	* No https
 
 -->
-<ruleset name="SocialShows" default_off='failed ruleset test'>
+<ruleset name="SocialShows" default_off="failed ruleset test">
 
 	<target host="socialshows.com" />
 	<target host="www.socialshows.com" />
 	<target host="socialshows.net" />
-	<target host="*.socialshows.net" />
+	<target host="www.socialshows.net" />
 
 
 	<securecookie host="^\.?socialshows\.net$" name=".+" />
@@ -27,4 +27,4 @@ Fetch error: http://socialshows.net/ => https://socialshows.net/: (6, 'Could not
 	<rule from="^http://(?:www\.)?socialshows\.(?:com|net)/"
 		to="https://socialshows.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SocialTwist.xml b/src/chrome/content/rules/SocialTwist.xml
index d37f0d959987..b21ee16e33d7 100644
--- a/src/chrome/content/rules/SocialTwist.xml
+++ b/src/chrome/content/rules/SocialTwist.xml
@@ -6,7 +6,7 @@ Fetch error: http://socialtwist.com/ => https://socialtwist.com/: (51, "SSL: no
 	cdn.socialtwist.com is hosted at s3.amazonaws.com/cdn.socialtwist.com/, but has a valid cert.
 
 -->
-<ruleset name="SocialTwist" default_off='failed ruleset test'>
+<ruleset name="SocialTwist" default_off="failed ruleset test">
 
 	<target host="socialtwist.com" />
 	<target host="*.socialtwist.com" />
diff --git a/src/chrome/content/rules/Social_Code_dev.com.xml b/src/chrome/content/rules/Social_Code_dev.com.xml
index def7b583781a..23499795d87c 100644
--- a/src/chrome/content/rules/Social_Code_dev.com.xml
+++ b/src/chrome/content/rules/Social_Code_dev.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.socialcodedev.com/ => https://www.socialcodedev.com/: (6
 	Web bugs.
 
 -->
-<ruleset name="Social Code dev.com" default_off='failed ruleset test'>
+<ruleset name="Social Code dev.com" default_off="failed ruleset test">
 
 	<target host="socialcodedev.com" />
 	<target host="www.socialcodedev.com" />
diff --git a/src/chrome/content/rules/Social_Reader.com.xml b/src/chrome/content/rules/Social_Reader.com.xml
deleted file mode 100644
index bf5e31a4c1b7..000000000000
--- a/src/chrome/content/rules/Social_Reader.com.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://id.socialreader.com// => https://id.trove.com/: (6, 'Could not resolve host: id.trove.com')
-Fetch error: http://id.socialreader.com/ => https://id.trove.com/: (6, 'Could not resolve host: id.trove.com')
-
-	CDN buckets:
-
-		- d2pe20ur0h0p8p.cloudfront.net
-
-
-	Problematic hosts in *socialreader.com:
-
-		- (www.)? ¹
-		- event ²
-		- help ¹
-		- id ¹
-
-	¹ Expired
-	² Mismatched
-
--->
-<ruleset name="Social Reader.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="event.socialreader.com" /-->
-	<!--target host="help.socialreader.com" /-->
-
-	<!--	Complications:
-				-->
-	<target host="socialreader.com" />
-	<target host="id.socialreader.com" />
-	<target host="www.socialreader.com" />
-
-
-	<securecookie host="^(?:id)?\.socialreader\.com$" name=".+" />
-
-
-	<!--	Redirect drops path, args,
-		amd forward slash:
-					-->
-	<rule from="^http://(?:www\.)?socialreader\.com/.*"
-		to="https://trove.com/" />
-
-		<test url="http://socialreader.com//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://id\.socialreader\.com/+"
-		to="https://id.trove.com/" />
-
-		<test url="http://id.socialreader.com//" />
-
-	<!--rule from="^http:"
-		to="https:" /-->
-
-</ruleset>
diff --git a/src/chrome/content/rules/Social_Screamer.xml b/src/chrome/content/rules/Social_Screamer.xml
index cf2a9f48c033..c164ff92d6e0 100644
--- a/src/chrome/content/rules/Social_Screamer.xml
+++ b/src/chrome/content/rules/Social_Screamer.xml
@@ -5,7 +5,7 @@ Fetch error: http://socialscreamer.com/ => https://socialscreamer.com/: (28, 'Co
 Fetch error: http://www.socialscreamer.com/ => https://www.socialscreamer.com/: (28, 'Connection timed out after 20011 milliseconds')
 
 -->
-<ruleset name="Social Screamer" default_off='failed ruleset test'>
+<ruleset name="Social Screamer" default_off="failed ruleset test">
 
 	<target host="socialscreamer.com" />
 	<target host="www.socialscreamer.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.socialscreamer.com/ => https://www.socialscreamer.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Social_Theater.xml b/src/chrome/content/rules/Social_Theater.xml
index fd5ac334b45f..cd9415102eb5 100644
--- a/src/chrome/content/rules/Social_Theater.xml
+++ b/src/chrome/content/rules/Social_Theater.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Socialbakers.xml b/src/chrome/content/rules/Socialbakers.xml
index 6863828cc10e..58a7281ef9e0 100644
--- a/src/chrome/content/rules/Socialbakers.xml
+++ b/src/chrome/content/rules/Socialbakers.xml
@@ -7,7 +7,7 @@ Fetch error: http://socialbakers.com/ => https://socialbakers.com/: (52, 'Empty
 	<target host="socialbakers.com"/>
 	<target host="*.socialbakers.com"/>
 
-	<securecookie host="^(?:.*\.)?socialbakers\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	encountered subdomains:
 			- analytics
diff --git a/src/chrome/content/rules/Socialcube.net.xml b/src/chrome/content/rules/Socialcube.net.xml
index e204016f37f2..48a533e5787a 100644
--- a/src/chrome/content/rules/Socialcube.net.xml
+++ b/src/chrome/content/rules/Socialcube.net.xml
@@ -9,7 +9,7 @@ Fetch error: http://lite.socialcube.net/ => https://lite.socialcube.net/: (60, '
 		- lite
 
 -->
-<ruleset name="Socialcube.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Socialcube.net (partial)" default_off="failed ruleset test">
 
 	<target host="socialcube.net" />
 	<target host="lite.socialcube.net" />
diff --git a/src/chrome/content/rules/SocialistWorker.org.xml b/src/chrome/content/rules/SocialistWorker.org.xml
new file mode 100644
index 000000000000..72ed9ad1f5cb
--- /dev/null
+++ b/src/chrome/content/rules/SocialistWorker.org.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain has a wildcard DNS record
+
+-->
+<ruleset name="SocialistWorker.org">
+
+	<target host="socialistworker.org" />
+	<target host="www.socialistworker.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Socializer.cc.xml b/src/chrome/content/rules/Socializer.cc.xml
deleted file mode 100644
index 74483adfe120..000000000000
--- a/src/chrome/content/rules/Socializer.cc.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Fully covered hosts in *socializer.cc
-
-		- (www.)?
-		- track
-
-
-	Insecure cookies are set for these hosts:
-
-		- track.socializer.cc
-
-
-	Mixed content:
-
-		- Bug from track *
-
-	* Secured by us
-
--->
-<ruleset name="socializer.cc">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="socializer.cc" />
-	<target host="track.socializer.cc" />
-	<target host="www.socializer.cc" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^track\.socializer\.cc$" name="^_pk_uid$" /-->
-
-	<securecookie host="^track\.socializer\.cc$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Socialtyzetracking.com.xml b/src/chrome/content/rules/Socialtyzetracking.com.xml
index c3214144c03e..19800d19d78e 100644
--- a/src/chrome/content/rules/Socialtyzetracking.com.xml
+++ b/src/chrome/content/rules/Socialtyzetracking.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://socialtyzetracking.com/ => https://www.socialtyzetracking.co
 	^socialtyzetracking.com: Mismatched
 
 -->
-<ruleset name="socialtyzetracking.com" default_off='failed ruleset test'>
+<ruleset name="socialtyzetracking.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Society-for-Technical-Communication.xml b/src/chrome/content/rules/Society-for-Technical-Communication.xml
index a8f5bb60abb2..ed404f104e9c 100644
--- a/src/chrome/content/rules/Society-for-Technical-Communication.xml
+++ b/src/chrome/content/rules/Society-for-Technical-Communication.xml
@@ -1,7 +1,9 @@
 <ruleset name="Society for Technical Communication (partial)" default_off="expired, mismatch">
 
 	<target host="stc.org" />
-	<target host="*.stc.org" />
+	<target host="archive.stc.org" />
+	<target host="www.stc.org" />
+	<target host="jobs.stc.org" />
 
 
 	<securecookie host="^.*\.stc\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Societyforscience.org.xml b/src/chrome/content/rules/Societyforscience.org.xml
index eb83f6fccf8a..b8bb8a6385ab 100644
--- a/src/chrome/content/rules/Societyforscience.org.xml
+++ b/src/chrome/content/rules/Societyforscience.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://societyforscience.org/ => https://societyforscience.org/: (2
 		- Science_News.org.xml
 
 -->
-<ruleset name="SocietyForScience.org" default_off='failed ruleset test'>
+<ruleset name="SocietyForScience.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SockShare.xml b/src/chrome/content/rules/SockShare.xml
index 399ec1d1a122..06e6ab6c6836 100644
--- a/src/chrome/content/rules/SockShare.xml
+++ b/src/chrome/content/rules/SockShare.xml
@@ -30,7 +30,7 @@ Fetch error: http://static1.sockshare.com/ => https://static1.sockshare.com/: (6
 	² Works; mismatched, CN: *.firedrive.com
 
 -->
-<ruleset name="SockShare (partial)" default_off='failed ruleset test'>
+<ruleset name="SockShare (partial)" default_off="failed ruleset test">
 
 	<target host="sockshare.com" />
 	<target host="images.sockshare.com" />
diff --git a/src/chrome/content/rules/Socrata.com.xml b/src/chrome/content/rules/Socrata.com.xml
index 532ec1a6a5cb..7b06e3170947 100644
--- a/src/chrome/content/rules/Socrata.com.xml
+++ b/src/chrome/content/rules/Socrata.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://finance.socrata.com/ => https://finance.socrata.com/: (7, 'F
 		- 1j3rac4ejwve1p3y0x1gprgk-wpengine.netdna-ssl.com
 
 -->
-<ruleset name="Socrata.com" default_off='failed ruleset test'>
+<ruleset name="Socrata.com" default_off="failed ruleset test">
 
 	<target host="socrata.com" />
 	<target host="dev.socrata.com" />
diff --git a/src/chrome/content/rules/SodaHead.com.xml b/src/chrome/content/rules/SodaHead.com.xml
index fe3abd9cc029..26726d4dcc57 100644
--- a/src/chrome/content/rules/SodaHead.com.xml
+++ b/src/chrome/content/rules/SodaHead.com.xml
@@ -19,20 +19,23 @@ Fetch error: http://sodahead.com/ => https://sodahead.com/: (51, "SSL: no altern
 	* cloudfront.net
 
 -->
-<ruleset name="SodaHead.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SodaHead.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="sodahead.com" />
-	<target host="*.sodahead.com" />
+	<target host="de.sodahead.com" />
+	<target host="latimes.sodahead.com" />
+	<target host="m.sodahead.com" />
+	<target host="partners.sodahead.com" />
+	<target host="www.sodahead.com" />
+	<target host="images.sodahead.com" />
+	<target host="statics.sodahead.com" />
+	<target host="widgets.sodahead.com" />
 
 
 	<securecookie host=".+\.sodahead\.com$" name=".+" />
 
 
-	<rule from="^http://((?:de|latimes|m|partners|www)\.)?sodahead\.com/"
-		to="https://$1sodahead.com/" />
 
-	<rule from="^http://images\.sodahead\.com/"
-		to="https://d33lglhhb8q63m.cloudfront.net/" />
 
 	<rule from="^http://statics\.sodahead\.com/"
 		to="https://d6fekxp9qbg3b.cloudfront.net/" />
@@ -40,4 +43,5 @@ Fetch error: http://sodahead.com/ => https://sodahead.com/: (51, "SSL: no altern
 	<rule from="^http://widgets\.sodahead\.com/"
 		to="https://d3ict7m6m7fhlt.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SoftCom.xml b/src/chrome/content/rules/SoftCom.xml
index 511215961e3e..126456fc4182 100644
--- a/src/chrome/content/rules/SoftCom.xml
+++ b/src/chrome/content/rules/SoftCom.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://slhost.com/ => https://slhost.com/: (28, 'Resolving timed out after 10518 milliseconds')	!functional:
 		- softcom.com	(timeout)
 -->
-<ruleset name="SoftCom (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SoftCom (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="daha.net"/>
 	<target host="www.daha.net"/>
diff --git a/src/chrome/content/rules/SoftEther_VPN.xml b/src/chrome/content/rules/SoftEther_VPN.xml
index 1bdd6ec2f9f8..daaac629a606 100644
--- a/src/chrome/content/rules/SoftEther_VPN.xml
+++ b/src/chrome/content/rules/SoftEther_VPN.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://softether.org/ => https://softether.org/: (51, "SSL: no alternative certificate subject name matches target host name 'softether.org'")
 
 -->
-<ruleset name="SoftEther VPN" default_off='failed ruleset test'>
+<ruleset name="SoftEther VPN" default_off="failed ruleset test">
 
 	<target host="softether.org" />
 	<target host="www.softether.org" />
@@ -15,4 +15,4 @@ Fetch error: http://softether.org/ => https://softether.org/: (51, "SSL: no alte
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SoftLayer-mismatches.xml b/src/chrome/content/rules/SoftLayer-mismatches.xml
index 71680f36bd72..8802998e52d2 100644
--- a/src/chrome/content/rules/SoftLayer-mismatches.xml
+++ b/src/chrome/content/rules/SoftLayer-mismatches.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SoftLayer.xml b/src/chrome/content/rules/SoftLayer.xml
index c0ab611b62f8..7158ac58a8bc 100644
--- a/src/chrome/content/rules/SoftLayer.xml
+++ b/src/chrome/content/rules/SoftLayer.xml
@@ -33,7 +33,7 @@ Fetch error: http://softlayer.com/ => https://softlayer.com/: Too many redirects
 		- www
 
 -->
-<ruleset name="SoftLayer" default_off='failed ruleset test'>
+<ruleset name="SoftLayer" default_off="failed ruleset test">
 
 	<target host="softlayer.com" />
 	<target host="*.softlayer.com" />
diff --git a/src/chrome/content/rules/Software-in-the-Public-Interest.xml b/src/chrome/content/rules/Software-in-the-Public-Interest.xml
deleted file mode 100644
index 1983271a85d9..000000000000
--- a/src/chrome/content/rules/Software-in-the-Public-Interest.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(shows members, CN: members.spi-inc.org)
-
--->
-<ruleset name="Software in the Public Interest (partial)" default_off="self-signed">
-
-	<target host="*.spi-inc.org" />
-
-
-	<securecookie host="^rt\.spi-inc\.org$" name=".+" />
-
-
-	<rule from="^http://(members|rt)\.spi-inc\.org/"
-		to="https://$1.spi-inc.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sohu.com-mixedcontent.xml b/src/chrome/content/rules/Sohu.com-mixedcontent.xml
new file mode 100644
index 000000000000..d46cd4760f77
--- /dev/null
+++ b/src/chrome/content/rules/Sohu.com-mixedcontent.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Sohu coverage, see Sohu.com.xml
+-->
+<ruleset name="Sohu.com-mixedcontent" platform="mixedcontent">
+	<target host="ad.sohu.com" />
+		<test url="http://ad.sohu.com/case1/index.shtml" />
+		<test url="http://ad.sohu.com/point/" />
+		<test url="http://ad.sohu.com/tuijiehui/index.shtml" />
+
+	<target host="business.sohu.com" />
+		<test url="http://business.sohu.com/20100822/n274383929.shtml" />
+
+	<target host="k.sohu.com" />
+		<test url="http://k.sohu.com/public.html" />
+
+	<target host="money.sohu.com" />
+		<test url="http://money.sohu.com/yinhang/" />
+
+	<target host="mt.sohu.com" />
+		<test url="http://mt.sohu.com/20161229/n477289399.shtml" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sohu.com.xml b/src/chrome/content/rules/Sohu.com.xml
index 3d38f73ec86d..a20409b71f84 100644
--- a/src/chrome/content/rules/Sohu.com.xml
+++ b/src/chrome/content/rules/Sohu.com.xml
@@ -1,12 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://db.money.sohu.com/card/js/jquery-1.4.2.min.js => https://db.money.sohu.com/card/js/jquery-1.4.2.min.js: (6, 'Could not resolve host: db.money.sohu.com')
+Fetch error: http://english.sohu.com/ => https://english.sohu.com/: (6, 'Could not resolve host: english.sohu.com')
+Fetch error: http://db.money.sohu.com/ => https://db.money.sohu.com/: (6, 'Could not resolve host: db.money.sohu.com')
+
 	Other Sohu rulesets:
+		- Sohu.com-mixedcontent.xml
 		- Sohu.com.cn.xml
-		- Sohu.net.xml
 		- SohuCS.com.xml
-		- SohuSCE.com.xml
 
 	Different http/https content:
-		- ^	(http redirect to www.sohu.com ; https redirect to pay.sohu.com )
 		- add.sohu.com	(http redirect to fuwu.sohu.com ; https redirect to pay.sohu.com )
 		- app.auto.sohu.com
 		- dir.sohu.com	(http redirect to 123.sogou.com ; https redirect to pay.sohu.com )
@@ -27,18 +32,14 @@
 		- corp.sohu.com
 		- cul.sohu.com
 		- fashion.sohu.com
-		- film.sohu.com
-		- game.sohu.com
 		- help.sohu.com
 		- history.sohu.com
 		- k.sohu.com	https://k.sohu.com/public.html
 		- mail.sohu.com
 		- mgame.sohu.com
 		- money.sohu.com
-		- mt.sohu.com
-		- news.sohu.com
-		- comment.news.sohu.com
 		- s.sohu.com
+		- sports.sohu.com
 		- stock.sohu.com
 		- q.stock.sohu.com
 		- travel.sohu.com
@@ -48,13 +49,12 @@
 		- www.sohu.com
 
 	Mismatched:
+		- data.2018.sohu.com	get from sports.sohu.com
 		- 2se.sohu.com
 		- mobile.auto.sohu.com
 		- club.sohu.com
 		- login.mail.sohu.com
-
-	Redirect to http:
-		mirrors.sohu.com
+		- comment.news.sohu.com
 
 	Refused:
 		scp.sohu.com
@@ -62,7 +62,7 @@
 
 	Non-2xx HTTP code:
 		txt.go.sohu.com
-		
+
 	Strange:
 		photocdn.sohu.com
 		OK: https://photocdn.sohu.com/20161111/Img472968305.jpeg
@@ -75,10 +75,9 @@
 		- pay.sohu.com
 		- sendcloud.sohu.com
 -->
-
 <ruleset name="Sohu.com (partial)">
-
-	<!-- Directly: -->
+	<target host="sohu.com" />
+	<target host="www.sohu.com" />
 	<target host="v.aty.sohu.com" />
 	<target host="vstat.v.blog.sohu.com" />
 	<target host="assets.changyan.sohu.com" />
@@ -87,7 +86,9 @@
 		<test url="http://changyan.sohu.com/mdevp/extensions/cmt-notice/021/images/notice-close.png" />
 	<target host="css.sohu.com" />
 		<test url="http://css.sohu.com/upload/global1.4.1.css" />
-	<target host="english.sohu.com" />
+	<!-- target host="english.sohu.com" /-->
+	<target host="film.sohu.com" />
+	<target host="game.sohu.com" />
 	<target host="pl.hd.sohu.com" />
 		<test url="http://pl.hd.sohu.com/videolist?playlistid=9174927" />
 	<target host="images.sohu.com" />
@@ -99,8 +100,8 @@
 	<target host="m.sohu.com" />
 	<target host="s.m.sohu.com" />
 	<target host="mail.sohu.com" />
-	<target host="db.money.sohu.com" />
-		<test url="http://db.money.sohu.com/card/js/jquery-1.4.2.min.js" />
+	<target host="news.sohu.com" />
+		<test url="http://news.sohu.com/20161228/n477189660.shtml" />
 	<target host="passport.sohu.com" />
 	<target host="pay.sohu.com" />
 	<target host="photo.pic.sohu.com" />
@@ -108,81 +109,17 @@
 		<test url="http://photo.pic.sohu.com/images/oldblog/person/11111.gif" />
 	<target host="pv.sohu.com" />
 	<target host="sendcloud.sohu.com" />
+	<target host="stock.sohu.com" />
+		<test url="http://stock.sohu.com/20161229/n477238585.shtml" />
 	<target host="t.sohu.com" />
+	<target host="tv.sohu.com" />
+		<test url="http://tv.sohu.com/20161229/n477242249.shtml" />
 	<target host="m.tv.sohu.com" />
 	<target host="ushq.stock.sohu.com" />
 	<target host="vip.sohu.com" />
 	<target host="count.vrs.sohu.com" />
 		<test url="http://count.vrs.sohu.com/count/query.action" />
 
-	<!-- Complication: -->
-	<target host="www.sohu.com" />
-		<exclusion pattern="^http://www\.sohu\.com/(?!sohuflash_1\.js|upload/)" />
-		<test url="http://www.sohu.com/sohuflash_1.js" />
-		<test url="http://www.sohu.com/upload/style/style150302.css" />
-		<test url="http://www.sohu.com/upload/images9_18/bg.png" />
-		<test url="http://www.sohu.com/upload/images20151228/bg01.gif" />
-		<test url="http://www.sohu.com/upload/images/server/icon08.jpg" />
-		
-		<test url="http://www.sohu.com/i/" />
-		<test url="http://www.sohu.com/reform/" />
-
-	<target host="ad.sohu.com" />
-		<exclusion pattern="^http://ad\.sohu\.com/(?!up/|upload/)" />
-		<test url="http://ad.sohu.com/up/image/070119/ad_market_2.gif" />
-		<test url="http://ad.sohu.com/upload/ad20120517/images/bg_nav.gif" />
-		<test url="http://ad.sohu.com/upload/ad20120521/images/new_283x36.jpg" />
-		<test url="http://ad.sohu.com/upload/373-355.swf" />
-		
-		<test url="http://ad.sohu.com/case1/index.shtml" />
-		<test url="http://ad.sohu.com/point/" />
-		<test url="http://ad.sohu.com/tuijiehui/index.shtml" />
-
-	<target host="business.sohu.com" />
-		<exclusion pattern="^http://business\.sohu\.com/(?!upload/)" />
-		<test url="http://business.sohu.com/upload/flash20090116/baoxian.swf" />
-		<test url="http://business.sohu.com/upload/images1120/38x38.gif" />
-
-		<test url="http://business.sohu.com/20100822/n274383929.shtml" />
-
-	<target host="money.sohu.com" />
-		<exclusion pattern="^http://money\.sohu\.com/(?!upload/)" />
-		<test url="http://money.sohu.com/upload/shcj/css/base.css" />
-		<test url="http://money.sohu.com/upload/money20151222/js/MDC_FocusImage.js" />
-
-		<test url="http://money.sohu.com/yinhang/" />
-
-	<target host="mt.sohu.com" />
-		<exclusion pattern="^http://mt\.sohu\.com/(?!upload/)" />
-		<test url="http://mt.sohu.com/upload/20140718/css/index.css" />
-		<test url="http://mt.sohu.com/upload/list20140626/js/index.js" />
-
-		<test url="http://mt.sohu.com/20161229/n477289399.shtml" />
-
-	<target host="news.sohu.com" />
-		<exclusion pattern="^http://news\.sohu\.com/(?!upload/)" />
-		<test url="http://news.sohu.com/upload/style.css" />
-		<test url="http://news.sohu.com/upload/images/pic09.jpg" />
-		<test url="http://news.sohu.com/upload/images/flash.swf" />
-
-		<test url="http://news.sohu.com/20161228/n477189660.shtml" />
-
-	<target host="stock.sohu.com" />
-		<exclusion pattern="^http://stock\.sohu\.com/(?!upload/)" />
-		<test url="http://stock.sohu.com/upload/stockindex2015/static/css/base.css" />
-		<test url="http://stock.sohu.com/upload/stockindex2015/static/images/stocklogo.gif" />
-		<test url="http://stock.sohu.com/upload/stockindex2015/static/images/ico.png" />
-
-		<test url="http://stock.sohu.com/20161229/n477238585.shtml" />
-		
-	<target host="tv.sohu.com" />
-		<exclusion pattern="^http://tv\.sohu\.com/(?!upload/)" />
-		<test url="http://tv.sohu.com/upload/jq_plugin/citys.js" />
-		<test url="http://tv.sohu.com/upload/space/skin/imgs/avatar_s.jpg" />
-		<test url="http://tv.sohu.com/upload/static/feedback/feedback.html" />
-
-		<test url="http://tv.sohu.com/20161229/n477242249.shtml" />
-
 	<securecookie host="^\w" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Sohu.net.xml b/src/chrome/content/rules/Sohu.net.xml
deleted file mode 100644
index e9315cc18ef4..000000000000
--- a/src/chrome/content/rules/Sohu.net.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://im.sohu.net/ => https://im.sohu.net/: (28, 'Connection timed out after 20001 milliseconds')
-
-	For other Sohu coverage, see Sohu.com.xml.
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- pan.sohu.net
-		- .pan.sohu.net
-
--->
-<ruleset name="Sohu.net (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="im.sohu.net" />
-	<target host="mail.sohu.net" />
-	<target host="pan.sohu.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^pan\.sohu\.net$" name="^(?:JSESSIONID|sceroute_[\da-f]{32})$" /-->
-	<!--securecookie host="^\.pan\.sohu\.net$" name=".+" /-->
-
-	<securecookie host="^\.?pan\.sohu\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SohuSCE.com.xml b/src/chrome/content/rules/SohuSCE.com.xml
deleted file mode 100644
index 1f41d38705da..000000000000
--- a/src/chrome/content/rules/SohuSCE.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Sohu coverage, see Sohu.com.xml
-
-	MCB: home and so on.
-		cs.cdn.sohusce.com
-		f_uc_20140707.cdn.sohusce.com	https://f_uc_20140707.cdn.sohusce.com/passportwap/bbs-help.html
-		mailad.cdn.sohusce.com
-		mail_wf.cdn.sohusce.com
-		pan.cdn.sohusce.com
-		wechat.cdn.sohusce.com
-
-	Invalid cert:
-		autostats.sohusce.com
-		clue.sohusce.com
-		pushcloud.sohusce.com
--->
-
-<ruleset name="SohuSCE.com">
-	<target host="h5-0000.sohusce.com" />
-		<test url="http://h5-0000.sohusce.com/piwik.js" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Solar1.net.xml b/src/chrome/content/rules/Solar1.net.xml
index ebf1499628ec..c671d351a14e 100644
--- a/src/chrome/content/rules/Solar1.net.xml
+++ b/src/chrome/content/rules/Solar1.net.xml
@@ -11,4 +11,4 @@
 						-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SolarCity.xml b/src/chrome/content/rules/SolarCity.xml
index 4bcefedeb72c..fead9dba490e 100644
--- a/src/chrome/content/rules/SolarCity.xml
+++ b/src/chrome/content/rules/SolarCity.xml
@@ -7,7 +7,8 @@ Fetch error: http://solarcity.com/ => https://www.solarcity.com/: (60, 'SSL cert
 	<target host="mysolarcity.com" />
 	<target host="www.mysolarcity.com" />
 	<target host="solarcity.com" />
-	<target host="*.solarcity.com" />
+	<target host="www.solarcity.com" />
+	<target host="solarguard.solarcity.com" />
 
 
 	<!--	Cert doesn't match, redirects like so.	-->
@@ -18,7 +19,6 @@ Fetch error: http://solarcity.com/ => https://www.solarcity.com/: (60, 'SSL cert
 	<rule from="^http://(?:www\.)?solarcity\.com/"
 		to="https://www.solarcity.com/" />
 
-	<rule from="^http://solarguard\.solarcity\.com/"
-		to="https://solarguard.solarcity.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SolarList.com.xml b/src/chrome/content/rules/SolarList.com.xml
deleted file mode 100644
index d372f84c4f53..000000000000
--- a/src/chrome/content/rules/SolarList.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="SolarList.com">
-
-	<target host="solarlist.com" />
-	<target host="app.solarlist.com" />
-	<target host="www.solarlist.com" />
-
-
-	<securecookie host="^\.solarlist\.com$" name=".+" />
-	<!--
-		Server sets Secure for:
-					-->
-	<!--securecookie host="^app\.solarlist\.com$" name=".+" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Solarbotics.com.xml b/src/chrome/content/rules/Solarbotics.com.xml
index b3627d4120ec..353a17e8fd94 100644
--- a/src/chrome/content/rules/Solarbotics.com.xml
+++ b/src/chrome/content/rules/Solarbotics.com.xml
@@ -1,30 +1,17 @@
-<!--
-	Fully covered subdomains:
-
-		- (www.)
-		- atlas
-		- content
-		- eos
-		- helios
-
-
-	Observed cookie domains:
-
-		- ^
-		- atlas
-		- eos
-
--->
 <ruleset name="Solarbotics.com">
 
 	<target host="solarbotics.com" />
-	<target host="*.solarbotics.com" />
-
-
-	<securecookie host="^(?:.+\.)?solarbotics\.com$" name=".+" />
-
-
-	<rule from="^http://((?:atlas|content|eos|helios|www)\.)?solarbotics\.com/"
-		to="https://$1solarbotics.com/" />
+	<target host="www.solarbotics.com" />
+	<target host="blog.solarbotics.com" />
+	<target host="cdn.solarbotics.com" />
+	<target host="content.solarbotics.com" />
+	<target host="distributors.solarbotics.com" />
+	<target host="helios.solarbotics.com" />
+	<target host="static.solarbotics.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SolidAlert.com.xml b/src/chrome/content/rules/SolidAlert.com.xml
index 9f563207152e..8e142914a74c 100644
--- a/src/chrome/content/rules/SolidAlert.com.xml
+++ b/src/chrome/content/rules/SolidAlert.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.solidalert.com/ => https://www.solidalert.com/: (7, 'Fai
 	For other Rose Web Services coverage, see RoseHosting.com.xml.
 
 -->
-<ruleset name="SolidAlert.com" default_off='failed ruleset test'>
+<ruleset name="SolidAlert.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Solid_Cactus.xml b/src/chrome/content/rules/Solid_Cactus.xml
index 8d2322f8e30c..d3ef7c6b7ad2 100644
--- a/src/chrome/content/rules/Solid_Cactus.xml
+++ b/src/chrome/content/rules/Solid_Cactus.xml
@@ -27,4 +27,4 @@
 	<rule from="^http://([\w-]+)\.solidcactushosting\.com/"
 		to="https://$1.solidcactushosting.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solid_Logic_Technology.xml b/src/chrome/content/rules/Solid_Logic_Technology.xml
index 28fc3d8f7251..f913087e3670 100644
--- a/src/chrome/content/rules/Solid_Logic_Technology.xml
+++ b/src/chrome/content/rules/Solid_Logic_Technology.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.solidlogic.com/ => https://www.solidlogic.com/: (7, 'Fai
 		- dvharv77wz0dp.cloudfront.net
 
 -->
-<ruleset name="Solid Logic Technology" default_off='failed ruleset test'>
+<ruleset name="Solid Logic Technology" default_off="failed ruleset test">
 
 	<target host="solidlogic.com" />
 	<target host="www.solidlogic.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.solidlogic.com/ => https://www.solidlogic.com/: (7, 'Fai
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solola.ca.xml b/src/chrome/content/rules/Solola.ca.xml
deleted file mode 100644
index c9006dd9910c..000000000000
--- a/src/chrome/content/rules/Solola.ca.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mixed content:
-
-		- css from $self *
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Solola.ca (false MCB)" platform="mixedcontent">
-
-	<target host="solola.ca" />
-	<target host="www.solola.ca" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Solus-Project.com.xml b/src/chrome/content/rules/Solus-Project.com.xml
deleted file mode 100644
index 2dedfb859851..000000000000
--- a/src/chrome/content/rules/Solus-Project.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://bugs.solus-project.com/ => https://bugs.solus-project.com/: (6, 'Could not resolve host: bugs.solus-project.com')
-
-	STS header includes includeSubdomains
-
--->
-<ruleset name="Solus-Project.com" default_off='failed ruleset test'>
-
-	<target host="solus-project.com" />
-	<target host="*.solus-project.com" />
-
-		<test url="http://bugs.solus-project.com/" />
-		<test url="http://wiki.solus-project.com/" />
-		<test url="http://www.solus-project.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Solutions_Healthcare_Management.xml b/src/chrome/content/rules/Solutions_Healthcare_Management.xml
index b74ec1403e3e..9f096bba50c0 100644
--- a/src/chrome/content/rules/Solutions_Healthcare_Management.xml
+++ b/src/chrome/content/rules/Solutions_Healthcare_Management.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.solutionshealthcare.com/ => https://www.solutionshealthcare.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Solutions Healthcare Management" default_off='failed ruleset test'>
+<ruleset name="Solutions Healthcare Management" default_off="failed ruleset test">
 
 	<target host="solutionshealthcare.com" />
 	<target host="www.solutionshealthcare.com" />
@@ -15,4 +15,4 @@ Fetch error: http://www.solutionshealthcare.com/ => https://www.solutionshealthc
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Solvemedia.com.xml b/src/chrome/content/rules/Solvemedia.com.xml
index 7fbcca80dd7e..82b25cb2b82b 100644
--- a/src/chrome/content/rules/Solvemedia.com.xml
+++ b/src/chrome/content/rules/Solvemedia.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://data-secure.solvemedia.com/ => https://data-secure.solvemedi
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Solve Media.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Solve Media.com (partial)" default_off="failed ruleset test">
 
 	<target host="api-secure.solvemedia.com" />
 	<target host="data-secure.solvemedia.com" />
diff --git a/src/chrome/content/rules/Somerset.gov.uk.xml b/src/chrome/content/rules/Somerset.gov.uk.xml
index 66f9f7c51fee..cd7442734d42 100644
--- a/src/chrome/content/rules/Somerset.gov.uk.xml
+++ b/src/chrome/content/rules/Somerset.gov.uk.xml
@@ -44,7 +44,7 @@ Fetch error: http://secure.somerset.gov.uk/ => https://secure.somerset.gov.uk/:
 		- secure.somerset.gov.uk
 
 -->
-<ruleset name="Somerset.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Somerset.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Somerset.org.uk.xml b/src/chrome/content/rules/Somerset.org.uk.xml
deleted file mode 100644
index f513462dbd2c..000000000000
--- a/src/chrome/content/rules/Somerset.org.uk.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .somerset.org.uk
-
--->
-<ruleset name="Somerset.org.uk (partial)">
-
-	<target host="mysite.somerset.org.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.somerset\.org\.uk$" name="^cadata[\da-f]{32}$" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Someserver.xml b/src/chrome/content/rules/Someserver.xml
index f4ba0f35b803..dae14db53e5c 100644
--- a/src/chrome/content/rules/Someserver.xml
+++ b/src/chrome/content/rules/Someserver.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.someserver.de/ => https://www.someserver.de/: (60, 'SSL
 		- CHDK.xml
 
 -->
-<ruleset name="Someserver (partial)" default_off='failed ruleset test'>
+<ruleset name="Someserver (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Somevid.com.xml b/src/chrome/content/rules/Somevid.com.xml
index fc853dd5f9b3..75bd4013552c 100644
--- a/src/chrome/content/rules/Somevid.com.xml
+++ b/src/chrome/content/rules/Somevid.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.somevid.com/ => https://www.somevid.com/: (28, 'Connecti
 		- www.somevid.com
 
 -->
-<ruleset name="Somevid.com" default_off='failed ruleset test'>
+<ruleset name="Somevid.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SongColeta.com.xml b/src/chrome/content/rules/SongColeta.com.xml
index 9ec8bf4757b6..1bf152628be7 100644
--- a/src/chrome/content/rules/SongColeta.com.xml
+++ b/src/chrome/content/rules/SongColeta.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://static\.songcoleta\.com/"
 		to="https://d2f4ve6v2ack21.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Songsterr.com.xml b/src/chrome/content/rules/Songsterr.com.xml
deleted file mode 100644
index ea5426002eb6..000000000000
--- a/src/chrome/content/rules/Songsterr.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Songsterr.com (partial)">
-
-	<target host="songsterr.com" />
-	<target host="www.songsterr.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://(www\.)?songsterr\.com/+($|\?|a/wsa/)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://(www\.)?songsterr\.com/+(?!a/(?!wsa/)|WebObjects/)" /-->
-
-
-	<rule from="^http://(www\.)?songsterr\.com/(?=a/(?!wsa/)|WebObjects/)"
-		to="https://$1songsterr.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sonic.net.xml b/src/chrome/content/rules/Sonic.net.xml
index 05973bc49479..271ffc1eb1e7 100644
--- a/src/chrome/content/rules/Sonic.net.xml
+++ b/src/chrome/content/rules/Sonic.net.xml
@@ -37,7 +37,13 @@
 -->
 <ruleset name="Sonic.net (partial)">
 
-	<target host="*.sonic.net" />
+	<target host="assets.sonic.net" />
+	<target host="corp.sonic.net" />
+	<target host="forums.sonic.net" />
+	<target host="legacy-webmail.sonic.net" />
+	<target host="members.sonic.net" />
+	<target host="webmail.sonic.net" />
+	<target host="wiki.sonic.net" />
 
 
 	<!--	Not secured by server:
@@ -47,7 +53,6 @@
 	<securecookie host="^newsignup\.sonic\.net$" name=".+" />
 
 
-	<rule from="^http://(assets|corp|forums|legacy-webmail|members|newsignup|webmail|wiki)\.sonic\.net/"
-		to="https://$1.sonic.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SonicWALL.xml b/src/chrome/content/rules/SonicWALL.xml
index d580aba64b5c..58c1c0a3d088 100644
--- a/src/chrome/content/rules/SonicWALL.xml
+++ b/src/chrome/content/rules/SonicWALL.xml
@@ -10,7 +10,8 @@ Fetch error: http://sonicwall.com/ => https://www.sonicwall.com/: Redirect for '
 <ruleset name="SonicWALL (partial)">
 
 	<target host="sonicwall.com" />
-	<target host="*.sonicwall.com" />
+	<target host="www.sonicwall.com" />
+	<target host="software.sonicwall.com" />
 
 
 	<securecookie host="^.+\.sonicwall\.com$" name=".+" />
@@ -19,7 +20,6 @@ Fetch error: http://sonicwall.com/ => https://www.sonicwall.com/: Redirect for '
 	<rule from="^http://(?:www\.)?sonicwall\.com/"
 		to="https://www.sonicwall.com/" />
 
-	<rule from="^http://software\.sonicwall\.com/"
-		to="https://software.sonicwall.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sonnet_Tech.com.xml b/src/chrome/content/rules/Sonnet_Tech.com.xml
deleted file mode 100644
index f1c5ecd05c4c..000000000000
--- a/src/chrome/content/rules/Sonnet_Tech.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	(www.): shows default page, valid cert
-
-
-	Problematic subdomains:
-
-		- store1 *
-
-	* Mismatched, CN: secure1.sonnettech.com
-
--->
-<ruleset name="Sonnet Tech.com (partial)">
-
-	<target host="*.sonnettech.com" />
-
-
-	<rule from="^http://s(?:ecu|to)re1\.sonnettech\.com/"
-		to="https://secure1.sonnettech.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sonobi.com.xml b/src/chrome/content/rules/Sonobi.com.xml
index 7614db7642f3..fa0ec8262a12 100644
--- a/src/chrome/content/rules/Sonobi.com.xml
+++ b/src/chrome/content/rules/Sonobi.com.xml
@@ -1,31 +1,81 @@
 <!--
-	Insecure cookies are set for these domains and hosts: ᶜ
+	Timeout:
+		- corp.sonobi.com
+		- srv-corp01.corp.sonobi.com
+		- srv-dwcs1.corp.sonobi.com
+		- opt7.go.sonobi.com
 
-		- sonobi.com
-		- .sonobi.com
+	Cert mismatch:
+		- ads.sonobi.com
+		- adobe.sync.go.sonobi.com
+		- lotame.segments.go.sonobi.com
+		- lotame.users.go.sonobi.com
+		- purch.demand.go.sonobi.com
+		- engagebdr.sync.go.sonobi.com
+		- liverail.sync.go.sonobi.com
+		- liveramp.sync.go.sonobi.com
+		- medianet.sync.go.sonobi.com
+		- optimatic.sync.go.sonobi.com
+		- pulsepoint.sync.go.sonobi.com
+		- purch.sync.go.sonobi.com
+		- sovrn.sync.go.sonobi.com
+		- zedo.sync.go.sonobi.com
+		- videos-2.sonobi.com
 
-	ᶜ See https://owasp.org/index.php/SecureFlag
+	Cert chain issues:
+		- helpdesk.corp.sonobi.com
 
 -->
 <ruleset name="Sonobi.com">
 
 	<target host="sonobi.com" />
+	<target host="www.sonobi.com" />
 
+	<target host="alpha.sonobi.com" />
+	<target host="api.sonobi.com" />
+	<target host="beta.sonobi.com" />
+	<target host="bi.corp.sonobi.com" />
+	<target host="creative.sonobi.com" />
+	<target host="equilibrium.sonobi.com" />
+	<target host="go.sonobi.com" />
 	<target host="apex.go.sonobi.com" />
+	<target host="dub-1-apex.go.sonobi.com" />
+	<target host="dub-1-sync.go.sonobi.com" />
+	<target host="dub-1-xcp.go.sonobi.com" />
+	<target host="dub-1.go.sonobi.com" />
+	<target host="iad-1-apex.go.sonobi.com" />
+	<target host="iad-1-xcp.go.sonobi.com" />
+	<target host="iad-1.go.sonobi.com" />
+	<target host="iad-2-apex.go.sonobi.com" />
+	<target host="iad-2-sync.go.sonobi.com" />
+	<target host="iad-2-xcp.go.sonobi.com" />
+	<target host="keymaker.go.sonobi.com" />
+	<target host="lax-1-sync.go.sonobi.com" />
+	<target host="lax-1-xcp.go.sonobi.com" />
+	<target host="lax-1.go.sonobi.com" />
+	<target host="lotame-test.go.sonobi.com" />
+	<target host="lotame-users.go.sonobi.com" />
+	<target host="mco-1-apex.go.sonobi.com" />
+	<target host="mco-1-sync.go.sonobi.com" />
+	<target host="mco-1-xcp.go.sonobi.com" />
+	<target host="mco-1.go.sonobi.com" />
+	<target host="medianet-sync.go.sonobi.com" />
 	<target host="mtrx.go.sonobi.com" />
+	<target host="neo.go.sonobi.com" />
+	<target host="pdx-1-apex.go.sonobi.com" />
+	<target host="pdx-1-sync.go.sonobi.com" />
+	<target host="pdx-1-xcp.go.sonobi.com" />
+	<target host="pdx-1.go.sonobi.com" />
+	<target host="purch-sync.go.sonobi.com" />
+	<target host="static-failover.go.sonobi.com" />
 	<target host="sync.go.sonobi.com" />
-
-	<target host="www.sonobi.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^sonobi\.com$" name="^language$" /-->
-	<!--securecookie host="^\.sonobi\.com$" name="^SBSS$" /-->
+	<target host="xcp.go.sonobi.com" />
+	<target host="jetstream.sonobi.com" />
+	<target host="sharepoint.sonobi.com" />
+	<target host="static-serving.sonobi.com" />
 
 	<securecookie host=".+" name=".+" />
 
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Sony.com.hk.xml b/src/chrome/content/rules/Sony.com.hk.xml
index a1ce6449222b..23ea43206a98 100644
--- a/src/chrome/content/rules/Sony.com.hk.xml
+++ b/src/chrome/content/rules/Sony.com.hk.xml
@@ -67,6 +67,6 @@
 	<target host="webaccess.sony.com.hk" />
 	<target host="wwwp.sony.com.hk" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sony.com.mx.xml b/src/chrome/content/rules/Sony.com.mx.xml
index b3efe27d1edf..c656ddfe6ba0 100644
--- a/src/chrome/content/rules/Sony.com.mx.xml
+++ b/src/chrome/content/rules/Sony.com.mx.xml
@@ -46,6 +46,6 @@
 	<rule from="^http://sony\.com\.mx/"
 			to="https://www.sony.com.mx/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sony.se.xml b/src/chrome/content/rules/Sony.se.xml
index 9abd6934bae2..2b84199e359d 100644
--- a/src/chrome/content/rules/Sony.se.xml
+++ b/src/chrome/content/rules/Sony.se.xml
@@ -32,6 +32,6 @@
 	<rule from="^http://sony\.se/"
 			to="https://www.sony.se/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SonyMobile.xml b/src/chrome/content/rules/SonyMobile.xml
index ab67b2bea007..73fb1ab7ad75 100644
--- a/src/chrome/content/rules/SonyMobile.xml
+++ b/src/chrome/content/rules/SonyMobile.xml
@@ -34,12 +34,12 @@
 	<!-- *se-mc.com -->
 	<target host="www-static.se-mc.com" />
 		<test url="http://www-static.se-mc.com/blogs.dir/0/files/2012/01/smartwatch.png" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://sonyericsson\.com/"
 			to="https://www.sonyericsson.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml b/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml
index bb692a184c17..5f16e4c3b44c 100644
--- a/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml
+++ b/src/chrome/content/rules/Sony_Computer_Science_Laboratories.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sony_Pictures_UK.xml b/src/chrome/content/rules/Sony_Pictures_UK.xml
index fdd39726f52c..0928059eec80 100644
--- a/src/chrome/content/rules/Sony_Pictures_UK.xml
+++ b/src/chrome/content/rules/Sony_Pictures_UK.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.sonypictures.co.uk/ => https://www.sonypictures.co.uk/:
 	Cert only matches www.
 
 -->
-<ruleset name="Sony Pictures UK" default_off='failed ruleset test'>
+<ruleset name="Sony Pictures UK" default_off="failed ruleset test">
 
 	<target host="sonypictures.co.uk" />
 	<target host="www.sonypictures.co.uk" />
diff --git a/src/chrome/content/rules/Sonyalpha.blog.xml b/src/chrome/content/rules/Sonyalpha.blog.xml
new file mode 100644
index 000000000000..c5b4b916c168
--- /dev/null
+++ b/src/chrome/content/rules/Sonyalpha.blog.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sonyalpha.blog">
+	<target host="sonyalpha.blog" />
+	<target host="www.sonyalpha.blog" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sonyalpharumors.com.xml b/src/chrome/content/rules/Sonyalpharumors.com.xml
new file mode 100644
index 000000000000..f66a328453ed
--- /dev/null
+++ b/src/chrome/content/rules/Sonyalpharumors.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sonyalpharumors.com">
+	<target host="sonyalpharumors.com" />
+	<target host="www.sonyalpharumors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SoundKit.io.xml b/src/chrome/content/rules/SoundKit.io.xml
deleted file mode 100644
index 8bd0db7467ff..000000000000
--- a/src/chrome/content/rules/SoundKit.io.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="SoundKit.io">
-
-	<target host="soundkit.io" />
-	<target host="www.soundkit.io" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sound_On_Sound.com.xml b/src/chrome/content/rules/Sound_On_Sound.com.xml
deleted file mode 100644
index 4cedd28cda18..000000000000
--- a/src/chrome/content/rules/Sound_On_Sound.com.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.soundonsound.com/ => https://www.soundonsound.com/: Too many redirects while fetching 'https://www.soundonsound.com/'
-Non-2xx HTTP code: http://drupal.soundonsound.com/ (200) => https://drupal.soundonsound.com/ (404)
-Fetch error: http://soundonsound.com/ => https://www.soundonsound.com/: Too many redirects while fetching 'https://www.soundonsound.com/'
-
-	CDN buckets:
-
-		- dt7v1i9vyp3mf.cloudfront.net
-
-
-	Nonfunctional hosts in *soundonsound.com:
-
-		- media *
-
-	* Refused
-
-
-	^soundonsound.com: Refused
-
-
-	Fully covered hosts in *soundonsound.com:
-
-		- (www.)?	(^ → www)
-		- drupal
-
-
-	Mixed content:
-
-		- Images on www from dt7v1i9vyp3mf.cloudfront.net *
-
-	* Secured by us
-
--->
-<ruleset name="Sound On Sound.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.soundonsound.com" />
-	<target host="drupal.soundonsound.com" />
-
-	<!--	Complications:
-				-->
-	<target host="soundonsound.com" />
-
-
-	<rule from="^http://soundonsound\.com/"
-		to="https://www.soundonsound.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Soundcloud.xml b/src/chrome/content/rules/Soundcloud.xml
index 2ec3b410a766..b62356be2d05 100644
--- a/src/chrome/content/rules/Soundcloud.xml
+++ b/src/chrome/content/rules/Soundcloud.xml
@@ -44,7 +44,6 @@
 	<target host="blog.soundcloud.com" />
 	<target host="connect.soundcloud.com" />
 	<target host="developers.soundcloud.com" />
-	<target host="ec-media.soundcloud.com" />
 	<target host="eventlogger.soundcloud.com" />
 	<target host="feeds.soundcloud.com" />
 	<target host="help-assets.soundcloud.com" />
@@ -52,8 +51,6 @@
 	<target host="telemetry.soundcloud.com" />
 	<target host="visuals.soundcloud.com" />
 	<target host="w.soundcloud.com" />
-	
-	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sounds-True.xml b/src/chrome/content/rules/Sounds-True.xml
index 4ab22469a995..aca7da50fce4 100644
--- a/src/chrome/content/rules/Sounds-True.xml
+++ b/src/chrome/content/rules/Sounds-True.xml
@@ -12,7 +12,9 @@
 <ruleset name="Sounds True">
 
 	<target host="soundstrue.com"/>
-	<target host="*.soundstrue.com"/>
+	<target host="www.soundstrue.com" />
+	<target host="assets.soundstrue.com" />
+	<target host="components.soundstrue.com" />
 
 	<!--	!www: timeout	-->
 	<rule from="^http://(?:www\.)?soundstrue\.com/((?:assets/|media)\.soundstrue\.com/|catalog/|/?components/|css/|directaccess/|email/|google/ga\.js|linkshare/|pages/popup_shipping\.php|shipping/|shop/(?:login\.do|player/|st_assets/)|wakeup/|pages/popup_shipping\.php)"
diff --git a/src/chrome/content/rules/Soup.io.xml b/src/chrome/content/rules/Soup.io.xml
index bb01a936607a..1a899fd6d3a9 100644
--- a/src/chrome/content/rules/Soup.io.xml
+++ b/src/chrome/content/rules/Soup.io.xml
@@ -1,64 +1,7 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.soup.io/favicon.ico => https://www.soup.io/favicon.ico: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.soup.io/images/soup_small.png => https://www.soup.io/images/soup_small.png: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.soup.io/login => https://www.soup.io/login: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://static.soup.io/images/bar/drop.gif => https://static.soup.io/images/bar/drop.gif: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://0.asset.soup.io/asset/1539/2240_65c6_500.jpeg => https://asset-0.soup.io/asset/1539/2240_65c6_500.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://1.asset.soup.io/asset/4345/4529_01da_390.jpeg => https://asset-1.soup.io/asset/4345/4529_01da_390.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://2.asset.soup.io/asset/3784/8642_df7d.jpeg => https://asset-2.soup.io/asset/3784/8642_df7d.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://3.asset.soup.io/asset/3810/3683_f2a3_390.jpeg => https://asset-3.soup.io/asset/3810/3683_f2a3_390.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://4.asset.soup.io/asset/3061/5988_4d48.png => https://asset-4.soup.io/asset/3061/5988_4d48.png: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://5.asset.soup.io/asset/0932/6117_09a9.jpeg => https://asset-5.soup.io/asset/0932/6117_09a9.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://6.asset.soup.io/asset/0661/6294_aaef.jpeg => https://asset-6.soup.io/asset/0661/6294_aaef.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://7.asset.soup.io/asset/2587/3719_3b0d_960.jpeg => https://asset-7.soup.io/asset/2587/3719_3b0d_960.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://8.asset.soup.io/asset/3170/9080_6033_480.jpeg => https://asset-8.soup.io/asset/3170/9080_6033_480.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://9.asset.soup.io/asset/2204/2617_36e0.jpeg => https://asset-9.soup.io/asset/2204/2617_36e0.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://a.asset.soup.io/asset/3290/9786_0213_960.jpeg => https://asset-a.soup.io/asset/3290/9786_0213_960.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://b.asset.soup.io/asset/3743/9787_4343_390.jpeg => https://asset-b.soup.io/asset/3743/9787_4343_390.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://c.asset.soup.io/asset/4582/2300_3c64.jpeg => https://asset-c.soup.io/asset/4582/2300_3c64.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://d.asset.soup.io/asset/3879/6365_97be.jpeg => https://asset-d.soup.io/asset/3879/6365_97be.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://e.asset.soup.io/asset/3708/2638_b88c.jpeg => https://asset-e.soup.io/asset/3708/2638_b88c.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://f.asset.soup.io/asset/2516/9167_0f28.jpeg => https://asset-f.soup.io/asset/2516/9167_0f28.jpeg: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://soup.io/ => https://soup.io/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://asset-0.soup.io/ => https://asset-0.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-1.soup.io/ => https://asset-1.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-2.soup.io/ => https://asset-2.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-3.soup.io/ => https://asset-3.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-4.soup.io/ => https://asset-4.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-5.soup.io/ => https://asset-5.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-6.soup.io/ => https://asset-6.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-7.soup.io/ => https://asset-7.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-8.soup.io/ => https://asset-8.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-9.soup.io/ => https://asset-9.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-a.soup.io/ => https://asset-a.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-b.soup.io/ => https://asset-b.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-c.soup.io/ => https://asset-c.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-d.soup.io/ => https://asset-d.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-e.soup.io/ => https://asset-e.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://asset-f.soup.io/ => https://asset-f.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://static.soup.io/ => https://static.soup.io/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://0.asset.soup.io/ => https://asset-0.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://1.asset.soup.io/ => https://asset-1.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://2.asset.soup.io/ => https://asset-2.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://3.asset.soup.io/ => https://asset-3.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://4.asset.soup.io/ => https://asset-4.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://5.asset.soup.io/ => https://asset-5.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://6.asset.soup.io/ => https://asset-6.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://7.asset.soup.io/ => https://asset-7.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://8.asset.soup.io/ => https://asset-8.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://9.asset.soup.io/ => https://asset-9.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://a.asset.soup.io/ => https://asset-a.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://b.asset.soup.io/ => https://asset-b.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://c.asset.soup.io/ => https://asset-c.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://d.asset.soup.io/ => https://asset-d.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://e.asset.soup.io/ => https://asset-e.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://f.asset.soup.io/ => https://asset-f.soup.io/: (60, 'SSL certificate problem: certificate has expired')
-
 	Other Soup rulesets:
 
-		- Soup_CDN.com.xml
+		- SoupCDN.com.xml
 
 
 	Problematic hosts in *soup.io:
@@ -83,9 +26,9 @@ Fetch error: http://f.asset.soup.io/ => https://asset-f.soup.io/: (60, 'SSL cert
 		- Bug on www from pixel.quantserve.com ˢ
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
 -->
-<ruleset name="Soup.io (partial)" default_off='failed ruleset test'>
+
+<ruleset name="Soup.io (partial)">
 
 	<!--	Direct rewrites:
 				-->
@@ -185,7 +128,5 @@ Fetch error: http://f.asset.soup.io/ => https://asset-f.soup.io/: (60, 'SSL cert
 		<test url="http://e.asset.soup.io/asset/3708/2638_b88c.jpeg" />
 		<test url="http://f.asset.soup.io/asset/2516/9167_0f28.jpeg" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SoupCDN.com.xml b/src/chrome/content/rules/SoupCDN.com.xml
new file mode 100644
index 000000000000..556b849d31d0
--- /dev/null
+++ b/src/chrome/content/rules/SoupCDN.com.xml
@@ -0,0 +1,53 @@
+<!--
+	For other Soup coverage, see Soup.io.xml.
+
+	Invalid certificate:
+		- www.soupcdn.com
+
+	Insecure cookies are set for these domains:
+		- .soupcdn.com
+-->
+
+<ruleset name="SoupCDN.com">
+	<target host="asset-0.soupcdn.com" />
+	<target host="asset-1.soupcdn.com" />
+	<target host="asset-2.soupcdn.com" />
+	<target host="asset-3.soupcdn.com" />
+	<target host="asset-4.soupcdn.com" />
+	<target host="asset-5.soupcdn.com" />
+	<target host="asset-6.soupcdn.com" />
+	<target host="asset-7.soupcdn.com" />
+	<target host="asset-8.soupcdn.com" />
+	<target host="asset-9.soupcdn.com" />
+	<target host="asset-a.soupcdn.com" />
+	<target host="asset-b.soupcdn.com" />
+	<target host="asset-c.soupcdn.com" />
+	<target host="asset-d.soupcdn.com" />
+	<target host="asset-e.soupcdn.com" />
+	<target host="asset-f.soupcdn.com" />
+
+	<rule from="^http://asset-(\w)\.soupcdn\.com/"
+		to="https://asset-$1.soup.io/" />
+		<test url="http://asset-0.soupcdn.com/asset/12296/4785_0195_16-square.png" />
+		<test url="http://asset-1.soupcdn.com/asset/2595/6147_1cf9_16-square.jpeg" />
+		<test url="http://asset-2.soupcdn.com/asset/9658/5146_2b49_16-square.jpeg" />
+		<test url="http://asset-3.soupcdn.com/asset/0895/1864_3b3a_16-square.jpeg" />
+		<test url="http://asset-4.soupcdn.com/asset/7062/0194_47d5_16-square.jpeg" />
+		<test url="http://asset-6.soupcdn.com/asset/6293/5904_6b30_16-square.jpeg" />
+		<test url="http://asset-7.soupcdn.com/asset/7221/8010_7b60_24-square.jpeg" />
+		<test url="http://asset-8.soupcdn.com/asset/5535/3927_80aa_16-square.jpeg" />
+		<test url="http://asset-9.soupcdn.com/asset/2375/8450_9f52_16-square.jpeg" />
+		<test url="http://asset-a.soupcdn.com/asset/3974/0287_ad6d_16-square.gif" />
+		<test url="http://asset-b.soupcdn.com/asset/0994/3951_b0db_24-square.jpeg" />
+		<test url="http://asset-c.soupcdn.com/asset/1474/9410_c0ca_16-square.jpeg" />
+		<test url="http://asset-d.soupcdn.com/asset/0825/7644_d24b_16-square.jpeg" />
+		<test url="http://asset-e.soupcdn.com/asset/12081/8990_e6c2_16-square.jpeg" />
+		<test url="http://asset-f.soupcdn.com/asset/2301/8973_f360_16-square.jpeg" />
+
+
+	<!--	CloudFlare cookies:
+					-->
+	<!--securecookie host="^\.soupcdn\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
+
+	<securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/Soup_CDN.com.xml b/src/chrome/content/rules/Soup_CDN.com.xml
deleted file mode 100644
index d846b1c95772..000000000000
--- a/src/chrome/content/rules/Soup_CDN.com.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	For other Soup coverage, see Soup.io.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .soupcdn.com
-
--->
-<ruleset name="Soup CDN.com">
-
-	<target host="asset-0.soupcdn.com" />
-	<target host="asset-1.soupcdn.com" />
-	<target host="asset-2.soupcdn.com" />
-	<target host="asset-3.soupcdn.com" />
-	<target host="asset-4.soupcdn.com" />
-	<target host="asset-5.soupcdn.com" />
-	<target host="asset-6.soupcdn.com" />
-	<target host="asset-7.soupcdn.com" />
-	<target host="asset-8.soupcdn.com" />
-	<target host="asset-9.soupcdn.com" />
-	<target host="asset-a.soupcdn.com" />
-	<target host="asset-b.soupcdn.com" />
-	<target host="asset-c.soupcdn.com" />
-	<target host="asset-d.soupcdn.com" />
-	<target host="asset-e.soupcdn.com" />
-	<target host="asset-f.soupcdn.com" />
-
-		<test url="http://asset-0.soupcdn.com/asset/12296/4785_0195_16-square.png" />
-		<test url="http://asset-1.soupcdn.com/asset/2595/6147_1cf9_16-square.jpeg" />
-		<test url="http://asset-2.soupcdn.com/asset/9658/5146_2b49_16-square.jpeg" />
-		<test url="http://asset-3.soupcdn.com/asset/0895/1864_3b3a_16-square.jpeg" />
-		<test url="http://asset-4.soupcdn.com/asset/7062/0194_47d5_16-square.jpeg" />
-		<test url="http://asset-6.soupcdn.com/asset/6293/5904_6b30_16-square.jpeg" />
-		<test url="http://asset-7.soupcdn.com/asset/7221/8010_7b60_24-square.jpeg" />
-		<test url="http://asset-8.soupcdn.com/asset/5535/3927_80aa_16-square.jpeg" />
-		<test url="http://asset-9.soupcdn.com/asset/2375/8450_9f52_16-square.jpeg" />
-		<test url="http://asset-a.soupcdn.com/asset/3974/0287_ad6d_16-square.gif" />
-		<test url="http://asset-b.soupcdn.com/asset/0994/3951_b0db_24-square.jpeg" />
-		<test url="http://asset-c.soupcdn.com/asset/1474/9410_c0ca_16-square.jpeg" />
-		<test url="http://asset-d.soupcdn.com/asset/0825/7644_d24b_16-square.jpeg" />
-		<test url="http://asset-e.soupcdn.com/asset/12081/8990_e6c2_16-square.jpeg" />
-		<test url="http://asset-f.soupcdn.com/asset/2301/8973_f360_16-square.jpeg" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.soupcdn\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SourceCoast.xml b/src/chrome/content/rules/SourceCoast.xml
index 7d1bb275595e..84d579729c0a 100644
--- a/src/chrome/content/rules/SourceCoast.xml
+++ b/src/chrome/content/rules/SourceCoast.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(www\.)?sourcecoast\.com/($|\?|components/|images/|jfbconnect/|media/|plugins/|templates/)"
 		to="https://$1sourcecoast.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SourcePoint.xml b/src/chrome/content/rules/SourcePoint.xml
new file mode 100644
index 000000000000..5720ff80dbee
--- /dev/null
+++ b/src/chrome/content/rules/SourcePoint.xml
@@ -0,0 +1,34 @@
+<!--
+	Cert mismatch:
+		- elb.app.sourcepoint.com
+		- rid-assets.sourcepoint.com
+
+	Connection refused:
+		- mml.sourcepoint.com
+
+	Timeout:
+		 research.sourcepoint.com
+-->
+<ruleset name="SourcePoint">
+	<target host="sourcepoint.com"/>
+	<target host="www.sourcepoint.com"/>
+
+	<target host="analytics-canary.sourcepoint.com"/>
+	<target host="analytics.sourcepoint.com"/>
+	<target host="api.sourcepoint.com"/>
+	<target host="app.sourcepoint.com"/>
+	<target host="consent.sourcepoint.com"/>
+	<target host="help.sourcepoint.com"/>
+	<target host="mms.sourcepoint.com"/>
+	<target host="www-test.sourcepoint.com"/>
+
+	<target host="www.summerhamster.com"/>
+
+	<target host="www.decenthat.com"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/SourceRuns.org.xml b/src/chrome/content/rules/SourceRuns.org.xml
new file mode 100644
index 000000000000..9a88304e1a1a
--- /dev/null
+++ b/src/chrome/content/rules/SourceRuns.org.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- web
+
+	Incomplete certificate chain:
+		- web3
+
+	HTTP 503:
+		- traf.web3
+		- wjs
+-->
+<ruleset name="SourceRuns.org">
+	<target host="sourceruns.org" />
+	<target host="www.sourceruns.org" />
+	<target host="cf-cdn.sourceruns.org" />
+	<target host="dl.sourceruns.org" />
+	<target host="forums.sourceruns.org" />
+	<target host="media.sourceruns.org" />
+	<target host="p.sourceruns.org" />
+	<target host="play.sourceruns.org" />
+	<target host="wiki.sourceruns.org" />
+	<target host="wiki-login.sourceruns.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sourced.fm.xml b/src/chrome/content/rules/Sourced.fm.xml
deleted file mode 100644
index 36cc07a6185b..000000000000
--- a/src/chrome/content/rules/Sourced.fm.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="sourced.fm">
-
-	<target host="sourced.fm" />
-	<target host="www.sourced.fm" />
-
-
-	<securecookie host="^\.sourced\.fm$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sous-Surveillance.fr.xml b/src/chrome/content/rules/Sous-Surveillance.fr.xml
deleted file mode 100644
index b5d7c1dc6e57..000000000000
--- a/src/chrome/content/rules/Sous-Surveillance.fr.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Sous-Surveillance.fr">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="sous-surveillance.fr" />
-	<target host="www.sous-surveillance.fr" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/South_Devon.ac.uk.xml b/src/chrome/content/rules/South_Devon.ac.uk.xml
index 1b3ab59cbd5d..7e3591ae47c6 100644
--- a/src/chrome/content/rules/South_Devon.ac.uk.xml
+++ b/src/chrome/content/rules/South_Devon.ac.uk.xml
@@ -17,11 +17,11 @@ Fetch error: http://mobile.southdevon.ac.uk/ => https://mobile.southdevon.ac.uk/
 	Problematic hosts in *southdevon.ac.uk:
 
 		- staff *
-		
+
 	* Expired
 
 -->
-<ruleset name="South Devon.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="South Devon.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/South_Glos.gov.uk.xml b/src/chrome/content/rules/South_Glos.gov.uk.xml
index 607c57a80758..e24b9a91f1cb 100644
--- a/src/chrome/content/rules/South_Glos.gov.uk.xml
+++ b/src/chrome/content/rules/South_Glos.gov.uk.xml
@@ -45,7 +45,7 @@ Fetch error: http://www.southglos.gov.uk/ => https://www.southglos.gov.uk/: Too
 		- .www.southglos.gov.uk
 
 -->
-<ruleset name="South Glos.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="South Glos.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="beta.southglos.gov.uk" />
 	<target host="consultations.southglos.gov.uk" />
diff --git a/src/chrome/content/rules/Southampton.gov.uk.xml b/src/chrome/content/rules/Southampton.gov.uk.xml
index e0b628492303..f68369811d83 100644
--- a/src/chrome/content/rules/Southampton.gov.uk.xml
+++ b/src/chrome/content/rules/Southampton.gov.uk.xml
@@ -33,7 +33,7 @@ Fetch error: http://secure.southampton.gov.uk/ => https://secure.southampton.gov
 		- www.southampton.gov.uk
 
 -->
-<ruleset name="Southampton.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Southampton.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="southampton.gov.uk" />
 	<target host="bacas.southampton.gov.uk" />
diff --git a/src/chrome/content/rules/Southbank_Centre.co.uk.xml b/src/chrome/content/rules/Southbank_Centre.co.uk.xml
index 52bcde93731e..ecea15ed72e0 100644
--- a/src/chrome/content/rules/Southbank_Centre.co.uk.xml
+++ b/src/chrome/content/rules/Southbank_Centre.co.uk.xml
@@ -28,7 +28,7 @@ Fetch error: http://shopcms.southbankcentre.co.uk/ => https://shopcms.southbankc
 	* Secured by us
 
 -->
-<ruleset name="Southbank Centre.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Southbank Centre.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Southpark.de.xml b/src/chrome/content/rules/Southpark.de.xml
new file mode 100644
index 000000000000..397a3901a188
--- /dev/null
+++ b/src/chrome/content/rules/Southpark.de.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.southpark.de:
+		- southpark.de (t)
+		- forums.southpark.de (c)
+		- wiki.southpark.de (c)
+
+	c: mixed content issues
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Southpark.de">
+	<target host="southpark.de" />
+	<target host="www.southpark.de" />
+
+	<rule from="^http://southpark\.de/" to="https://www.southpark.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Southwark.gov.uk.xml b/src/chrome/content/rules/Southwark.gov.uk.xml
index 6793205f259b..6c164116a270 100644
--- a/src/chrome/content/rules/Southwark.gov.uk.xml
+++ b/src/chrome/content/rules/Southwark.gov.uk.xml
@@ -40,7 +40,7 @@ Fetch error: http://www.southwark.gov.uk/ => https://www.southwark.gov.uk/: (60,
 		- www.southwark.gov.uk
 
 -->
-<ruleset name="Southwark.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Southwark.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="southwark.gov.uk" />
 	<target host="consultations.southwark.gov.uk" />
diff --git a/src/chrome/content/rules/Space-Inch.xml b/src/chrome/content/rules/Space-Inch.xml
index dbffd2045933..e5f754bc3d7f 100644
--- a/src/chrome/content/rules/Space-Inch.xml
+++ b/src/chrome/content/rules/Space-Inch.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://skipscreen.com/ => https://skipscreen.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.skipscreen.com/ => https://skipscreen.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Space Inch (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Space Inch (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="godownloadsongs.com"/>
 	<target host="www.godownloadsongs.com"/>
diff --git a/src/chrome/content/rules/Space.com.xml b/src/chrome/content/rules/Space.com.xml
index 4f720d95cb8f..e0429aa57bff 100644
--- a/src/chrome/content/rules/Space.com.xml
+++ b/src/chrome/content/rules/Space.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://store.space.com/ => https://store.space.com/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="Space.com store" default_off='failed ruleset test'>
+<ruleset name="Space.com store" default_off="failed ruleset test">
 
 	<target host="store.space.com" />
 
diff --git a/src/chrome/content/rules/Space2u.xml b/src/chrome/content/rules/Space2u.xml
index 284d42ee19c6..852da3a661a0 100644
--- a/src/chrome/content/rules/Space2u.xml
+++ b/src/chrome/content/rules/Space2u.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://(owa\.|webmail2\.|www\.)?space2u\.com/"
 		to="https://$1space2u.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpaceLab.ie.xml b/src/chrome/content/rules/SpaceLab.ie.xml
new file mode 100644
index 000000000000..3efbb5a46dcf
--- /dev/null
+++ b/src/chrome/content/rules/SpaceLab.ie.xml
@@ -0,0 +1,13 @@
+<ruleset name="SpaceLab.ie">
+	<target host="spacelab.ie" />
+	<target host="www.spacelab.ie" />
+	<target host="blog.spacelab.ie" />
+	<target host="www.blog.spacelab.ie" />
+	<target host="cpanel.spacelab.ie" />
+	<target host="mail.spacelab.ie" />
+	<target host="php.spacelab.ie" />
+	<target host="www.php.spacelab.ie" />
+	<target host="webmail.spacelab.ie" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpaceX.xml b/src/chrome/content/rules/SpaceX.xml
index 13da69e24c8e..69aa86e4c619 100644
--- a/src/chrome/content/rules/SpaceX.xml
+++ b/src/chrome/content/rules/SpaceX.xml
@@ -8,7 +8,7 @@ Automatically by https-everywhere-checker because:
 Fetch error: http://spacex.com/ => https://spacex.com/: Cycle detected - URL already encountered: https://spacex.com/
 Fetch error: http://www.spacex.com/ => https://spacex.com/: Cycle detected - URL already encountered: https://spacex.com/
 -->
-<ruleset name="SpaceX" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SpaceX" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="spacex.com" />
 	<target host="www.spacex.com" />
diff --git a/src/chrome/content/rules/Space_Industry_News.xml b/src/chrome/content/rules/Space_Industry_News.xml
index c372ebb30f77..244ef5f5f645 100644
--- a/src/chrome/content/rules/Space_Industry_News.xml
+++ b/src/chrome/content/rules/Space_Industry_News.xml
@@ -5,7 +5,7 @@ Fetch error: http://spaceindustrynews.com/ => https://spaceindnews.wpengine.com/
 Fetch error: http://www.spaceindustrynews.com/ => https://spaceindnews.wpengine.com/: (7, 'Failed to connect to spaceindnews.wpengine.com port 443: Connection refused')
 
 -->
-<ruleset name="Space Industry News" default_off='failed ruleset test'>
+<ruleset name="Space Industry News" default_off="failed ruleset test">
 
 	<target host="spaceindustrynews.com" />
 	<target host="www.spaceindustrynews.com" />
diff --git a/src/chrome/content/rules/Space_Telescope_Science_Institute.xml b/src/chrome/content/rules/Space_Telescope_Science_Institute.xml
index 36839e408bf3..31e673e35c15 100644
--- a/src/chrome/content/rules/Space_Telescope_Science_Institute.xml
+++ b/src/chrome/content/rules/Space_Telescope_Science_Institute.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sparked.com.xml b/src/chrome/content/rules/Sparked.com.xml
deleted file mode 100644
index a823750596bb..000000000000
--- a/src/chrome/content/rules/Sparked.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Sparked">
-  <target host="www.sparked.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Sparkfun.xml b/src/chrome/content/rules/Sparkfun.xml
index bafd7dd78dcc..769db804e69f 100644
--- a/src/chrome/content/rules/Sparkfun.xml
+++ b/src/chrome/content/rules/Sparkfun.xml
@@ -14,7 +14,7 @@ Fetch error: http://analytics.sparkfun.com/ => https://analytics.sparkfun.com/:
 		- static
 
 -->
-<ruleset name="Sparkfun.com" default_off='failed ruleset test'>
+<ruleset name="Sparkfun.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sparklit.xml b/src/chrome/content/rules/Sparklit.xml
index f1a49f02f409..51b43d2aeb95 100644
--- a/src/chrome/content/rules/Sparklit.xml
+++ b/src/chrome/content/rules/Sparklit.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sparkstudios.com.xml b/src/chrome/content/rules/Sparkstudios.com.xml
index ccfa03c2cc12..77fe3d6b0738 100644
--- a/src/chrome/content/rules/Sparkstudios.com.xml
+++ b/src/chrome/content/rules/Sparkstudios.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.sparkstudios.com/ => https://www.sparkstudios.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://sparkstudios.com/ => https://www.sparkstudios.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Sparkstudios.com" default_off='failed ruleset test'>
+<ruleset name="Sparkstudios.com" default_off="failed ruleset test">
   <target host="www.sparkstudios.com" />
   <target host="sparkstudios.com" />
   <rule from="^http://www\.sparkstudios\.com/" to="https://www.sparkstudios.com/"/>
diff --git a/src/chrome/content/rules/Spartafx.com.xml b/src/chrome/content/rules/Spartafx.com.xml
index 9a788c1e6bc4..49bd0ec0ff89 100644
--- a/src/chrome/content/rules/Spartafx.com.xml
+++ b/src/chrome/content/rules/Spartafx.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.spartafx.com/ => https://www.spartafx.com/: (51, "SSL: n
 Disabled by https-everywhere-checker because:
 Fetch error: http://spartafx.com/ => https://spartafx.com/: (6, 'Could not resolve host: spartafx.com')
 -->
-<ruleset name="Spartafx.com" default_off='failed ruleset test'>
+<ruleset name="Spartafx.com" default_off="failed ruleset test">
 
 	<target host="spartafx.com" />
 	<target host="www.spartafx.com" />
@@ -18,4 +18,4 @@ Fetch error: http://spartafx.com/ => https://spartafx.com/: (6, 'Could not resol
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spartan_Institute.xml b/src/chrome/content/rules/Spartan_Institute.xml
index 03c8fcd0842a..e9bc8bc4b1ac 100644
--- a/src/chrome/content/rules/Spartan_Institute.xml
+++ b/src/chrome/content/rules/Spartan_Institute.xml
@@ -11,7 +11,7 @@ Fetch error: http://thespartaninstitute.com/ => https://thespartaninstitute.com/
 		- portal	(http reply)
 
 -->
-<ruleset name="The Spartan Institute (partial)" default_off='failed ruleset test'>
+<ruleset name="The Spartan Institute (partial)" default_off="failed ruleset test">
 
 	<target host="thespartaninstitute.com" />
 	<target host="www.thespartaninstitute.com" />
@@ -22,4 +22,4 @@ Fetch error: http://thespartaninstitute.com/ => https://thespartaninstitute.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sparx.org.nz.xml b/src/chrome/content/rules/Sparx.org.nz.xml
index d886e702b0cd..2949a07d2ad0 100644
--- a/src/chrome/content/rules/Sparx.org.nz.xml
+++ b/src/chrome/content/rules/Sparx.org.nz.xml
@@ -8,7 +8,7 @@ Fetch error: http://research.sparx.org.nz/ => https://research.sparx.org.nz/: (2
 		- www.research.sparx.org.nz
 
 -->
-<ruleset name="Sparx.org.nz" default_off='failed ruleset test'>
+<ruleset name="Sparx.org.nz" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml b/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml
index c4512bb7e9d3..ea3609fd57d8 100644
--- a/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml
+++ b/src/chrome/content/rules/Sparx_Trading.com-falsemixed.xml
@@ -5,7 +5,7 @@
 <ruleset name="Sparx Trading.com (false MCB)" platform="mixedcontent">
 
 	<target host="sparxtrading.com" />
-	<target host="*.sparxtrading.com" />
+	<target host="www.sparxtrading.com" />
 
 
 	<securecookie host="^\.sparxtrading\.com$" name=".+" />
diff --git a/src/chrome/content/rules/SpatialBuzz.com.xml b/src/chrome/content/rules/SpatialBuzz.com.xml
index 3f4590b6fea8..9d19971464e2 100644
--- a/src/chrome/content/rules/SpatialBuzz.com.xml
+++ b/src/chrome/content/rules/SpatialBuzz.com.xml
@@ -37,7 +37,15 @@
 <ruleset name="SpatialBuzz.com (partial)">
 
 	<target host="spatialbuzz.com" />
-	<target host="*.spatialbuzz.com" />
+	<target host="admin.spatialbuzz.com" />
+	<target host="api.spatialbuzz.com" />
+	<target host="cdn.spatialbuzz.com" />
+	<target host="cdn2.spatialbuzz.com" />
+	<target host="demo.spatialbuzz.com" />
+	<target host="fs.spatialbuzz.com" />
+	<target host="maps.spatialbuzz.com" />
+	<!--target host="splunk.spatialbuzz.com" /-->
+	<target host="vpn.spatialbuzz.com" />
 
 
 	<!--	Not secured by server:
@@ -47,7 +55,6 @@
 	<securecookie host="^fs\.spatialbuzz\.com$" name=".+" />
 
 
-	<rule from="^http://((?:admin|api|cdn2?|demo|fs|maps|splunk|vpn)\.)?spatialbuzz\.com/"
-		to="https://$1spatialbuzz.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/SpatialPoint.xml b/src/chrome/content/rules/SpatialPoint.xml
index eaa94dfa8bb4..d43ac15c9727 100644
--- a/src/chrome/content/rules/SpatialPoint.xml
+++ b/src/chrome/content/rules/SpatialPoint.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Speak_Your_Silence.xml b/src/chrome/content/rules/Speak_Your_Silence.xml
index ab90c4ef9529..0595a066d2a2 100644
--- a/src/chrome/content/rules/Speak_Your_Silence.xml
+++ b/src/chrome/content/rules/Speak_Your_Silence.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Speaker_Exchange.xml b/src/chrome/content/rules/Speaker_Exchange.xml
index 5d9258a64a73..47f00e77e02d 100644
--- a/src/chrome/content/rules/Speaker_Exchange.xml
+++ b/src/chrome/content/rules/Speaker_Exchange.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpeakyChat.com.xml b/src/chrome/content/rules/SpeakyChat.com.xml
index a42ecc0b4517..de1c201e937e 100644
--- a/src/chrome/content/rules/SpeakyChat.com.xml
+++ b/src/chrome/content/rules/SpeakyChat.com.xml
@@ -1,18 +1,17 @@
 <ruleset name="SpeakyChat.com">
 
 	<target host="speakychat.com" />
-	<target host="*.speakychat.com" />
+	<target host="download.speakychat.com" />
+	<target host="install.speakychat.com" />
+	<target host="www.speakychat.com" />
 	<target host="speakyweb.com" />
-	<target host="*.speakyweb.com" />
+	<target host="www.speakyweb.com" />
 
 
 	<securecookie host="^(?:w*\.)?speaky(?:chat|web)\.com$" name=".+" />
 
 
-	<rule from="^http://((?:download|install|www)\.)?speakychat\.com/"
-		to="https://$1speakychat.com/" />
 
-	<rule from="^http://(www\.)?speakyweb\.com/"
-		to="https://$1speakyweb.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Special-trade.de.xml b/src/chrome/content/rules/Special-trade.de.xml
index 19d1c21f0361..21933aaec287 100644
--- a/src/chrome/content/rules/Special-trade.de.xml
+++ b/src/chrome/content/rules/Special-trade.de.xml
@@ -3,4 +3,4 @@
 <target host="special-trade.de"/>
 <rule from="^http:" to="https:" />
 </ruleset>
- 
+
diff --git a/src/chrome/content/rules/Specific-Media-mismatches.xml b/src/chrome/content/rules/Specific-Media-mismatches.xml
index ce8660dbfe1a..4140b5747315 100644
--- a/src/chrome/content/rules/Specific-Media-mismatches.xml
+++ b/src/chrome/content/rules/Specific-Media-mismatches.xml
@@ -7,7 +7,8 @@
 	<!--	Cert: creatives.specificmedia.co.uk
 							-->
 	<target host="specificmedia.co.uk" />
-	<target host="*.specificmedia.co.uk" />
+	<target host="creatives.specificmedia.co.uk" />
+	<target host="www.specificmedia.co.uk" />
 
 
 	<rule from="^http://(?:(creatives\.)|www\.)?specificmedia\.co\.uk/"
diff --git a/src/chrome/content/rules/Specific-Media.xml b/src/chrome/content/rules/Specific-Media.xml
index eb2dc17b885c..e0f297e4afaa 100644
--- a/src/chrome/content/rules/Specific-Media.xml
+++ b/src/chrome/content/rules/Specific-Media.xml
@@ -10,7 +10,6 @@ Fetch error: http://smp.specificmedia.net/ => https://smp.specificmedia.net/: (6
 
 	Other Specific Media rulesets:
 
-		- Adviva.net.xml
 		- Specificclick.xml
 
 
@@ -21,7 +20,7 @@ Fetch error: http://smp.specificmedia.net/ => https://smp.specificmedia.net/: (6
 		- (www.)specificmedia.net	(cert: mail.localsvcs.com; shows IIS7 default page)
 
 -->
-<ruleset name="Specific Media (partial)" default_off='failed ruleset test'>
+<ruleset name="Specific Media (partial)" default_off="failed ruleset test">
 
 	<target host="cm.specificmedia.com" />
 	<target host="smp.specificmedia.com" />
diff --git a/src/chrome/content/rules/Spectraflow.com.xml b/src/chrome/content/rules/Spectraflow.com.xml
index e2a132287fe9..4a111d11f226 100644
--- a/src/chrome/content/rules/Spectraflow.com.xml
+++ b/src/chrome/content/rules/Spectraflow.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.spectraflow.com/ => https://www.spectraflow.com/: (28, '
 Disabled by https-everywhere-checker because:
 Fetch error: http://spectraflow.com/ => https://spectraflow.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Spectraflow.com" default_off='failed ruleset test'>
+<ruleset name="Spectraflow.com" default_off="failed ruleset test">
 
 	<target host="spectraflow.com" />
 	<target host="www.spectraflow.com" />
@@ -18,4 +18,4 @@ Fetch error: http://spectraflow.com/ => https://spectraflow.com/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spectrum.com.xml b/src/chrome/content/rules/Spectrum.com.xml
deleted file mode 100644
index 493a83503e52..000000000000
--- a/src/chrome/content/rules/Spectrum.com.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-<!--
-	For other Charter Communications coverage, see Charter.com.xml.
-
-
-	Fully covered hosts in *spectrum.com:
-
-		- (www.)?
-		- (www.)?business
-		- media.business
-
-
-	These altnames don't exist:
-
-		- www2.business.spectrum.com
-		- directsales.esso.spectrum.com
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- spectrum.com
-		- .spectrum.com
-		- business.spectrum.com
-		- .business.spectrum.com
-		- www.business.spectrum.com
-		- media.business.spectrum.com
-		- www.spectrum.com
-
--->
-<ruleset name="Spectrum.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="spectrum.com" />
-	<target host="business.spectrum.com" />
-	<target host="media.business.spectrum.com" />
-	<target host="www.business.spectrum.com" />
-	<target host="www.spectrum.com" />
-
-		<test url="http://media.business.spectrum.com/cookE/geoip/iframe?spacedesc=" />
-		<test url="http://media.business.spectrum.com/ipixel?spacedesc=" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(business\.|www\.business\.|www\.)?spectrum\.com$" name="^BIGipServer[\w.-]+$" /-->
-	<!--securecookie host="^(business|www)\.spectrum\.com$" name="^(DYN_USER_CONFIRM|DYN_USER_ID|JSESSIONID|MINIFY|userPrefLanguage)$" /-->
-	<!--securecookie host="^\.business\.spectrum\.com$" name="^PrefID$" /-->
-	<!--securecookie host="^media\.business\.spectrum\.com$" name="^XGIR$" /-->
-
-	<securecookie host="^(?:business\.|(?:media|www)\.business\.|www\.)?spectrum\.com$" name=".+" />
-	<securecookie host="^\.business\.spectrum\.com$" name="^PrefID$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Speed-Dreams.xml b/src/chrome/content/rules/Speed-Dreams.xml
index 8929a6a66409..ab0356f06bba 100644
--- a/src/chrome/content/rules/Speed-Dreams.xml
+++ b/src/chrome/content/rules/Speed-Dreams.xml
@@ -4,7 +4,7 @@
 	<target host="community.speed-dreams.org"/>
 	<target host="www.speed-dreams.org"/>
 
-	<securecookie host="^(?:.*\.)?speed-dreams\.org$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://www\.speed-dreams\.org/"
 		to="https://speed-dreams.org/"/>
diff --git a/src/chrome/content/rules/SpeedBurger.xml b/src/chrome/content/rules/SpeedBurger.xml
index 804e03e6b8af..3a4cd0f775e8 100644
--- a/src/chrome/content/rules/SpeedBurger.xml
+++ b/src/chrome/content/rules/SpeedBurger.xml
@@ -3,11 +3,10 @@
 	<target host="speed-burger.com" />
 	<target host="www.speed-burger.com" />
 
-	<test url="http://speed-burger.com/" />
 	<test url="http://www.speed-burger.com/mon-compte/creer-un-compte/" />
 	<test url="http://www.speed-burger.com/livraison-hamburger/" />
 
 	<rule from="^http://speed-burger\.com/" to="https://www.speed-burger.com/" />
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpeedTree.com.xml b/src/chrome/content/rules/SpeedTree.com.xml
index cebab1b985da..d5b459950702 100644
--- a/src/chrome/content/rules/SpeedTree.com.xml
+++ b/src/chrome/content/rules/SpeedTree.com.xml
@@ -32,4 +32,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Speed_World_Grafix.com.xml b/src/chrome/content/rules/Speed_World_Grafix.com.xml
index d553133f3a82..e7f884c04f12 100644
--- a/src/chrome/content/rules/Speed_World_Grafix.com.xml
+++ b/src/chrome/content/rules/Speed_World_Grafix.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://speedworldgrafix.com/ => https://speedworldgrafix.com/: (60,
 Fetch error: http://www.speedworldgrafix.com/ => https://www.speedworldgrafix.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Speed World Grafix.com" default_off='failed ruleset test'>
+<ruleset name="Speed World Grafix.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Speedify.com.xml b/src/chrome/content/rules/Speedify.com.xml
new file mode 100644
index 000000000000..0317f17edaee
--- /dev/null
+++ b/src/chrome/content/rules/Speedify.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Speedify.com">
+	<target host="speedify.com" />
+	<target host="www.speedify.com" />
+	<target host="apidocs.speedify.com" />
+	<target host="msupport.speedify.com" />
+	<target host="my.speedify.com" />
+	<target host="newhotness.speedify.com" />
+	<target host="support.speedify.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Speedtest.net.xml b/src/chrome/content/rules/Speedtest.net.xml
index ee7f0508d66f..4f15664e2029 100644
--- a/src/chrome/content/rules/Speedtest.net.xml
+++ b/src/chrome/content/rules/Speedtest.net.xml
@@ -1,67 +1,13 @@
 <!--
-	Disabled per https://github.com/EFForg/https-everywhere/issues/1362
 	For other Ookla coverage, see Ookla.xml.
-
-
-	Mixed content:
-
-		- Ad/bug on www from ads.ookla.com
-
 -->
-<ruleset name="Speedtest.net (partial)" default_off="Breaks site">
+<ruleset name="Speedtest.net (partial)">
 
 	<target host="speedtest.net" />
-	<target host="c.speedtest.net" />
 	<target host="www.speedtest.net" />
-		<!--
-			https://mail1.eff.org/pipermail/https-everywhere-rules/2013-June/001623.html
-
-			Breaks flash:
-					-->
-		<exclusion pattern="^http://c\.speedtest\.net/crossdomain\.xml" />
-
-			<test url="http://c.speedtest.net/crossdomain.xml" />
-
-		<!--	Redirects to http:
-						-->
-		<exclusion pattern="^http://www\.speedtest\.net/+(?:$|\?)" />
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www\.speedtest\.net/(?!(?:advertise-contact|audience|link|mobile|partner-with-ookla)(?:$|[?/])|css/|csv\.php|favicon\.ico|images/|result/|results\.php|user-(?:login|register|settings)\.php)" /-->
-
-			<!--	+ve:
-					-->
-			<test url="http://www.speedtest.net/?" />
-			<test url="http://www.speedtest.net//" />
-			<test url="http://www.speedtest.net//?" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.speedtest.net/advertise-contact" />
-			<test url="http://www.speedtest.net/audience/" />
-			<test url="http://www.speedtest.net/css/layout.css" />
-			<test url="http://www.speedtest.net/csv.php" />
-			<test url="http://www.speedtest.net/favicon.ico" />
-			<test url="http://www.speedtest.net/images/bg-sub.png" />
-			<test url="http://www.speedtest.net/link" />
-			<test url="http://www.speedtest.net/mobile" />
-			<test url="http://www.speedtest.net/partner-with-ookla" />
-			<test url="http://www.speedtest.net/results.php" />
-			<test url="http://www.speedtest.net/speedwave-control.php" />
-			<test url="http://www.speedtest.net/user-login.php" />
-			<test url="http://www.speedtest.net/user-register.php" />
-			<test url="http://www.speedtest.net/user-settings.php" />
-
-
-	<!--	Cert: edgecastcdn.net
-					-->
-	<rule from="^http://c\.speedtest\.net/"
-		to="https://www.speedtest.net/" />
+	<target host="c.speedtest.net" />
+	<target host="zdstatic.speedtest.net" />
 
-	<!--	- Cert only matches www
-							-->
-	<rule from="^http://(?:www\.)?speedtest\.net/"
-		to="https://www.speedtest.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Speedyshare.com.xml b/src/chrome/content/rules/Speedyshare.com.xml
index 3cd464d3d342..5c5b0799002a 100644
--- a/src/chrome/content/rules/Speedyshare.com.xml
+++ b/src/chrome/content/rules/Speedyshare.com.xml
@@ -5,10 +5,10 @@ Fetch error: http://www.speedyshare.com/ => https://www.speedyshare.com/: (28, '
 Fetch error: http://speedyshare.com/ => https://speedyshare.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Speedyshare.com" default_off='failed ruleset test'>
+<ruleset name="Speedyshare.com" default_off="failed ruleset test">
 	<target host="www.speedyshare.com"/>
 	<target host="speedyshare.com"/>
-	
+
 	<rule from="^http:"
 		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Spench.net.xml b/src/chrome/content/rules/Spench.net.xml
index 7034fe67c55e..f6f4944986c9 100644
--- a/src/chrome/content/rules/Spench.net.xml
+++ b/src/chrome/content/rules/Spench.net.xml
@@ -17,7 +17,8 @@
 <ruleset name="spench.net" default_off="expired, mismatched, self-signed">
 
 	<target host="spench.net" />
-	<target host="*.spench.net" />
+	<target host="www.spench.net" />
+	<target host="wiki.spench.net" />
 
 
 	<!--	Not secured by server:
@@ -32,7 +33,6 @@
 	<rule from="^http://(?:www\.)?spench\.net/"
 		to="https://www.spench.net/" />
 
-	<rule from="^http://wiki\.spench\.net/"
-		to="https://wiki.spench.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Spendbitcoins.xml b/src/chrome/content/rules/Spendbitcoins.xml
index c0cad404498d..dc18a5e6b917 100644
--- a/src/chrome/content/rules/Spendbitcoins.xml
+++ b/src/chrome/content/rules/Spendbitcoins.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://spendbitcoins.com/ => https://spendbitcoins.com/: Too many redirects while fetching 'https://spendbitcoins.com/'
 
 -->
-<ruleset name="Spendbitcoins" default_off='failed ruleset test'>
+<ruleset name="Spendbitcoins" default_off="failed ruleset test">
 
 	<target host="spendbitcoins.com" />
 	<target host="www.spendbitcoins.com" />
diff --git a/src/chrome/content/rules/SphereUp.xml b/src/chrome/content/rules/SphereUp.xml
index 88a52f4297bd..9f56b61eb21b 100644
--- a/src/chrome/content/rules/SphereUp.xml
+++ b/src/chrome/content/rules/SphereUp.xml
@@ -61,4 +61,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sphinx-doc.org.xml b/src/chrome/content/rules/Sphinx-doc.org.xml
new file mode 100644
index 000000000000..156b61a60185
--- /dev/null
+++ b/src/chrome/content/rules/Sphinx-doc.org.xml
@@ -0,0 +1,16 @@
+<!--
+     Refused:
+	- ^
+-->
+<ruleset name="Sphinx-doc.org">
+
+	<target host="sphinx-doc.org" />
+	<target host="www.sphinx-doc.org" />
+
+	<rule from="^http://sphinx-doc\.org/"
+		to="https://www.sphinx-doc.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spicebox.xml b/src/chrome/content/rules/Spicebox.xml
index de0f33b572f1..63878021b303 100644
--- a/src/chrome/content/rules/Spicebox.xml
+++ b/src/chrome/content/rules/Spicebox.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spiceworks.xml b/src/chrome/content/rules/Spiceworks.xml
index 88f9b95b5381..63f2c3c58bc3 100644
--- a/src/chrome/content/rules/Spiceworks.xml
+++ b/src/chrome/content/rules/Spiceworks.xml
@@ -40,7 +40,7 @@ Fetch error: http://wwwstatic.spiceworks.com/ => https://wwwstatic.spiceworks.co
 	* Secured by us
 
 -->
-<ruleset name="Spiceworks.com" default_off='failed ruleset test'>
+<ruleset name="Spiceworks.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Spiderweb-Software.xml b/src/chrome/content/rules/Spiderweb-Software.xml
index fe1455968994..0b698620dbe0 100644
--- a/src/chrome/content/rules/Spiderweb-Software.xml
+++ b/src/chrome/content/rules/Spiderweb-Software.xml
@@ -32,9 +32,6 @@
 
 	<securecookie host="^\w" name=".+" />
 
-	<test url="http://www.spiderwebsoftware.com/" />
-	<test url="http://spidweb.com/" />
-	<test url="http://www.spidweb.com/" />
 
 	<rule from="^http://(?:(?:www\.)?spidweb|www\.spiderwebsoftware)\.com/"
 		to="https://spiderwebsoftware.com/" />
diff --git a/src/chrome/content/rules/Spiegel-QC.xml b/src/chrome/content/rules/Spiegel-QC.xml
index 3509b22c0a6c..5632757bbf7d 100644
--- a/src/chrome/content/rules/Spiegel-QC.xml
+++ b/src/chrome/content/rules/Spiegel-QC.xml
@@ -12,7 +12,7 @@ Fetch error: http://adserv.quality-channel.de/ => https://adserv.quality-channel
 		- (www.)spiegel-qc.de
 
 -->
-<ruleset name="Spiegel QC (partial)" default_off='failed ruleset test'>
+<ruleset name="Spiegel QC (partial)" default_off="failed ruleset test">
 
 	<target host="adserv.quality-channel.de" />
 
diff --git a/src/chrome/content/rules/Spiegel.xml b/src/chrome/content/rules/Spiegel.xml
index f58888e5cff6..773861284563 100644
--- a/src/chrome/content/rules/Spiegel.xml
+++ b/src/chrome/content/rules/Spiegel.xml
@@ -1,136 +1,35 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ophirum.spiegel.de/ => https://ophirum.spiegel.de/: (51, "SSL: no alternative certificate subject name matches target host name 'ophirum.spiegel.de'")
-
 	Other Spiegel Group rulesets:
 
 		- Spiegel-QC.xml
-
-
-	CDN buckets:
-
-		- cdn.spiegel.de.edgesuite.net
-
-			- cdn
-			- cdn[1-4]
-
-
-	Nonfunctional subdomains:
-
-		- orange *
-		- tvprogramm ¹
-		- werkstattvergleich ²
-		- wetter	(cert: plesk; shows default Parallels Plesk page)
-
-	* Shows www.spiegelgruppe.de
-	¹ Refused
-	² Redirects to hudson.fairgarage.de
-
-
-	Problematic hosts in spiegel.de:
-
-		- forum *
-		- shop *
-		- tippspiel ²
-		- wissen *
-
-	* Mismatched
-	² Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .spiegel.de
-		- abo.spiegel.de
-		- count.spiegel.de
-		- magazin.spiegel.de
-		- ophirum.spiegel.de
-
 -->
-<ruleset name="Spiegel.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Spiegel.de (partial)" >
 
 	<!--	Direct rewrites:
 				-->
 	<target host="spiegel.de" />
+	<target host="www.spiegel.de" />
+	<target host="cms.dev.www.spiegel.de" />
+	<target host="cdn.prod.www.spiegel.de" />
+	<target host="cdnsource.prod.www.spiegel.de" />
+	<target host="cdn.qs.www.spiegel.de" />
+	<target host="cdnsource.qs.www.spiegel.de" />
+	<target host="cdn.review.www.spiegel.de" />
+	<target host="cdnsource.review.www.spiegel.de" />
 	<target host="abo.spiegel.de" />
-	<target host="count.spiegel.de" />
+	<target host="fsm2.spiegel.de" />
 	<target host="magazin.spiegel.de" />
-	<target host="ophirum.spiegel.de" />
-	<!--target host="tippspiel.spiegel.de" /-->
-	<target host="www.spiegel.de" />
+	<target host="spiegel-de.spiegel.de" />
+	<target host="sats.spiegel.de" />
+	<target host="tippspiel.spiegel.de" />
 
 	<!--	Complications:
 				-->
-	<target host="cdn.spiegel.de" />
-	<target host="cdn1.spiegel.de" />
-	<target host="cdn2.spiegel.de" />
-	<target host="cdn3.spiegel.de" />
-	<target host="cdn4.spiegel.de" />
 	<target host="shop.spiegel.de" />
 
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://tippspiel\.spiegel\.de/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://tippspiel\.spiegel\.de/+(?!frontend/|img/)" /-->
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.spiegel\.de/index\.html" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www\.spiegel\.de/(?!images/|layout/|pics/|static/|staticgen/)" /-->
-		<!--
-			exclude static/flash from rule above to
-			to make videos work properly
-								-->
-		<!--exclusion pattern="^http://www\.spiegel\.de/static/flash/" /-->
-		<!--
-			Combined:
-					-->
-		<exclusion pattern="^http://www\.spiegel\.de/(?!images/|layout/|pics/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.spiegel.de/impressum" />
-			<test url="http://www.spiegel.de/index.html" />
-			<test url="http://www.spiegel.de/international/europe/" />
-			<test url="http://www.spiegel.de/international/germany/spreepark-the-story-behind-defunct-berlin-amusement-park-a-922117.html" />
-			<test url="http://www.spiegel.de/international/world/" />
-			<test url="http://www.spiegel.de/static/flash/flashvideo/homadconfig.json" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.spiegel.de/images/image-429070-thumbsmall-mmtp.png" />
-			<test url="http://www.spiegel.de/layout/jscfg/http/global-V6-7.js" />
-			<test url="http://www.spiegel.de/pics/43/0,1020,308043,00.jpg" />
-			<test url="http://www.spiegel.de/static/sys/dimensionspixel.gif" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.spiegel\.de$" name="^_540p$" /-->
-	<!--securecookie host="^abo\.spiegel\.de$" name="^aboshop-common$" /-->
-	<!--securecookie host="^count\.spiegel\.de$" name="^NETMIND_SID$" /-->
-	<!--securecookie host="^magazin\.spiegel\.de$" name="^BIGipServer[\w~-]+$" /-->
-	<!--securecookie host="^ophirum\.spiegel\.de$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^(?:abo|count|magazin|ophirum)\.spiegel\.de$" name=".+" />
-
-
-	<!--	- Cert only matches www
-		- Unsupported paths redirect to http
-		- cdn\d?: Akamai
-				-->
-	<rule from="^http://cdn\d?\.spiegel\.de/"
-		to="https://www.spiegel.de/" />
-
 	<!--	Redirect drops path and forward slash...:
 							-->
+
 	<rule from="^http://shop\.spiegel\.de/[^?]*\??$"
 		to="https://www.amazon.de/b?ie=UTF8&amp;node=2478999031" />
 
@@ -139,8 +38,8 @@ Fetch error: http://ophirum.spiegel.de/ => https://ophirum.spiegel.de/: (51, "SS
 		<test url="http://shop.spiegel.de/shop/action/quickSearch" />
 		<test url="http://shop.spiegel.de/shop/action/quickSearch?" />
 
-	<!--	...but not args:
-				-->
+	<!--	...but not args:-->
+
 	<rule from="^http://shop\.spiegel\.de/[^?]*\?"
 		to="https://www.amazon.de/b?ie=UTF8&amp;node=2478999031&amp;" />
 
@@ -149,8 +48,6 @@ Fetch error: http://ophirum.spiegel.de/ => https://ophirum.spiegel.de/: (51, "SS
 		<test url="http://shop.spiegel.de/shop/action/quickSearch?foo" />
 		<test url="http://shop.spiegel.de/shop/action/quickSearch?bar" />
 
-	<rule from="^http:"
-		to="https:" />
-	
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Spilnu.dk.xml b/src/chrome/content/rules/Spilnu.dk.xml
deleted file mode 100644
index b6489d7f0952..000000000000
--- a/src/chrome/content/rules/Spilnu.dk.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	^: cert only matches www
-
--->
-<ruleset name="Splinu.dk">
-
-	<target host="spilnu.dk" />
-	<target host="www.spilnu.dk" />
-
-
-	<securecookie host="^www\.spilnu\.dk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Spinroot.com.xml b/src/chrome/content/rules/Spinroot.com.xml
new file mode 100644
index 000000000000..d88b6ee54a17
--- /dev/null
+++ b/src/chrome/content/rules/Spinroot.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Spinroot.com">
+	<target host="spinroot.com" />
+	<target host="www.spinroot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SpiritAirlines.xml b/src/chrome/content/rules/SpiritAirlines.xml
index f5c4d3c93317..80677cba8d34 100644
--- a/src/chrome/content/rules/SpiritAirlines.xml
+++ b/src/chrome/content/rules/SpiritAirlines.xml
@@ -3,4 +3,4 @@
   <target host="www.spirit.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Splash_Data.com.xml b/src/chrome/content/rules/Splash_Data.com.xml
index cd9932046b94..cf6d890dea72 100644
--- a/src/chrome/content/rules/Splash_Data.com.xml
+++ b/src/chrome/content/rules/Splash_Data.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.splashdata.com/ => https://www.splashdata.com/: (35, 'Un
 	* Secured by us
 
 -->
-<ruleset name="Splash Data.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Splash Data.com (partial)" default_off="failed ruleset test">
 
 	<target host="splashdata.com" />
 	<target host="www.splashdata.com" />
diff --git a/src/chrome/content/rules/Split_Reason_Clothing.xml b/src/chrome/content/rules/Split_Reason_Clothing.xml
index 5558746405c7..e32ad6c6767a 100644
--- a/src/chrome/content/rules/Split_Reason_Clothing.xml
+++ b/src/chrome/content/rules/Split_Reason_Clothing.xml
@@ -5,7 +5,7 @@ Fetch error: http://splitreason.com/ => https://splitreason.com/: (28, 'Connecti
 Fetch error: http://www.splitreason.com/ => https://www.splitreason.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Split Reason Clothing" default_off='failed ruleset test'>
+<ruleset name="Split Reason Clothing" default_off="failed ruleset test">
 
 	<target host="splitreason.com" />
 	<target host="www.splitreason.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.splitreason.com/ => https://www.splitreason.com/: (28, '
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Spogo.co.uk.xml b/src/chrome/content/rules/Spogo.co.uk.xml
index ec03e85aaec1..fc3ce4e3ebdf 100644
--- a/src/chrome/content/rules/Spogo.co.uk.xml
+++ b/src/chrome/content/rules/Spogo.co.uk.xml
@@ -5,7 +5,7 @@ Fetch error: http://spogo.co.uk/ => https://spogo.co.uk/: (7, 'Failed to connect
 Fetch error: http://www.spogo.co.uk/ => https://www.spogo.co.uk/: (7, 'Failed to connect to www.spogo.co.uk port 443: Connection refused')
 
 -->
-<ruleset name="spogo.co.uk" default_off='failed ruleset test'>
+<ruleset name="spogo.co.uk" default_off="failed ruleset test">
 
 	<target host="spogo.co.uk" />
 	<target host="www.spogo.co.uk" />
diff --git a/src/chrome/content/rules/Spoonful.com.xml b/src/chrome/content/rules/Spoonful.com.xml
index 35a7eea012c9..b3cdb8f2c085 100644
--- a/src/chrome/content/rules/Spoonful.com.xml
+++ b/src/chrome/content/rules/Spoonful.com.xml
@@ -27,10 +27,11 @@ Fetch error: http://spoonful.com/ => https://spoonful.com/: (51, "SSL: no altern
 	* Secured by us
 
 -->
-<ruleset name="Spoonful.com" default_off='failed ruleset test'>
+<ruleset name="Spoonful.com" default_off="failed ruleset test">
 
 	<target host="spoonful.com" />
-	<target host="*.spoonful.com" />
+	<target host="static.spoonful.com" />
+	<target host="www.spoonful.com" />
 
 
 	<rule from="^http://(?:static\.|www\.)?spoonful\.com/"
diff --git a/src/chrome/content/rules/Sport-English.com.xml b/src/chrome/content/rules/Sport-English.com.xml
new file mode 100644
index 000000000000..3ed4802dd044
--- /dev/null
+++ b/src/chrome/content/rules/Sport-English.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid Certificate:
+		sport-english.com
+-->
+<ruleset name="Sport-English.com">
+	<target host="sport-english.com" />
+	<target host="www.sport-english.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://sport-english\.com/" to="https://www.sport-english.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sport1.de.xml b/src/chrome/content/rules/Sport1.de.xml
index 71b3bc52524e..42fea585d655 100644
--- a/src/chrome/content/rules/Sport1.de.xml
+++ b/src/chrome/content/rules/Sport1.de.xml
@@ -1,5 +1,99 @@
+<!--
+	Connection closed:
+		fbia
+
+	Invalid certificate:
+		extsrv01
+		hbbtv
+		imf
+		imf-rest
+		liveblog
+		newsletter
+		olympia
+		on
+		smashdown
+		spiele
+		stage
+		turniere-games
+		base.tv
+
+	Refused:
+		ticker
+
+	SSL: no alternative certificate subject name matches target host name:
+		tracking
+
+	SSL certificate problem: unable to get local issuer certificate:
+		ftp
+
+	Timeout:
+		account
+		community
+		imf-staging
+		mail10
+-->
 <ruleset name="Sport1.de">
-  <target host="tv.sport1.de" />
 
-  <rule from="^http:" to="https:" />
+	<target host="sport1.de" />
+	<target host="www.sport1.de" />
+	<target host="amp.sport1.de" />
+	<target host="amp-stage.sport1.de" />
+	<target host="api.sport1.de" />
+	<target host="api-stage.sport1.de" />
+	<target host="assets.sport1.de" />
+	<target host="behave.sport1.de" />
+	<target host="bets.sport1.de" />
+	<target host="bets-staging.sport1.de" />
+	<target host="business.sport1.de" />
+	<target host="cmsdata.sport1.de" />
+	<target host="cmsdata-staging.sport1.de" />
+	<target host="darts.sport1.de" />
+	<target host="docs.sport1.de" />
+	<target host="esports-shop.sport1.de" />
+	<target host="ezadmin.sport1.de" />
+	<target host="games.sport1.de" />
+	<target host="go.sport1.de" />
+	<target host="icc.sport1.de" />
+	<target host="images.sport1.de" />
+	<target host="insights.sport1.de" />
+	<target host="jump.sport1.de" />
+	<target host="m.sport1.de" />
+	<target host="newsletter-abmeldung.sport1.de" />
+	<target host="newsletter-anmeldung.sport1.de" />
+	<target host="newsletter-profil.sport1.de" />
+	<target host="oz.sport1.de" />
+	<target host="pmds.sport1.de" />
+	<target host="react.sport1.de" />
+	<target host="react-stage.sport1.de" />
+	<target host="reshape.sport1.de" />
+	<target host="shop.sport1.de" />
+	<target host="sportsapi.sport1.de" />
+	<target host="sportshtml.sport1.de" />
+	<target host="sportshtmlblank.sport1.de" />
+	<target host="www.stage.sport1.de" />
+	<target host="ezadmin.stage.sport1.de" />
+	<target host="m.stage.sport1.de" />
+	<target host="stage-oz.sport1.de" />
+	<target host="stage-reshape.sport1.de" />
+	<target host="stage-tv.sport1.de" />
+	<target host="status.sport1.de" />
+	<target host="streaming-event01.sport1.de" />
+	<target host="streaming-event02.sport1.de" />
+	<target host="streaming-ext1.sport1.de" />
+	<target host="streaming-ext2.sport1.de" />
+	<target host="streaming-ext3.sport1.de" />
+	<target host="streaming-s1free.sport1.de" />
+	<target host="streaming-s1plus.sport1.de" />
+	<target host="tv.sport1.de" />
+	<target host="video.sport1.de" />
+	<target host="vod.sport1.de" />
+	<target host="vod-dach.sport1.de" />
+	<target host="vod-int.sport1.de" />
+	<target host="vod-int-bu.sport1.de" />
+	<target host="vod-onefootball.sport1.de" />
+	<target host="widgets.sport1.de" />
+	<target host="widgets-stage.sport1.de" />
+
+	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Sports_Authority.xml b/src/chrome/content/rules/Sports_Authority.xml
index 9fcf24515bc6..4805f5439102 100644
--- a/src/chrome/content/rules/Sports_Authority.xml
+++ b/src/chrome/content/rules/Sports_Authority.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.sportsauthority.com/ => https://www.sportsauthority.com/
 		- stores.sportsauthority.com
 
 -->
-<ruleset name="Sports Authority (partial)" default_off='failed ruleset test'>
+<ruleset name="Sports Authority (partial)" default_off="failed ruleset test">
 
 	<target host="sportsauthority.com" />
 	<target host="www.sportsauthority.com" />
diff --git a/src/chrome/content/rules/Sportys.xml b/src/chrome/content/rules/Sportys.xml
index 7dc35488f0e5..6600e40b323b 100644
--- a/src/chrome/content/rules/Sportys.xml
+++ b/src/chrome/content/rules/Sportys.xml
@@ -1,8 +1,8 @@
 <ruleset name="Sportys">
 	<target host="sportys.com" />
 	<target host="www.sportys.com" />
-	
-	<securecookie host="^(?:.*\.)?sportys\.com$" name=".+" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Spotplanet.xml b/src/chrome/content/rules/Spotplanet.xml
index 833e508f6d61..05a4b7166259 100644
--- a/src/chrome/content/rules/Spotplanet.xml
+++ b/src/chrome/content/rules/Spotplanet.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.spotplanet.org/ => https://www.spotplanet.org/: (60, 'SS
 Disabled by https-everywhere-checker because:
 Fetch error: http://spotplanet.org/ => https://spotplanet.org/: (60, 'SSL certificate problem: self signed certificate')
 -->
-<ruleset name="Spotplanet" default_off='failed ruleset test'>
+<ruleset name="Spotplanet" default_off="failed ruleset test">
 
 	<target host="spotplanet.org" />
 	<target host="www.spotplanet.org" />
@@ -18,4 +18,4 @@ Fetch error: http://spotplanet.org/ => https://spotplanet.org/: (60, 'SSL certif
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SpreadPrivacy.com.xml b/src/chrome/content/rules/SpreadPrivacy.com.xml
new file mode 100644
index 000000000000..86db6c6f7f2d
--- /dev/null
+++ b/src/chrome/content/rules/SpreadPrivacy.com.xml
@@ -0,0 +1,15 @@
+<!--
+	This domain is related to DuckDuckGo.com (see also DuckDuckGo.xml).
+
+	Mismatched:
+		- www (CN=spread-privacy.ghst.pro)
+-->
+<ruleset name="SpreadPrivacy.com">
+
+	<target host="spreadprivacy.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Spreadshirt.xml b/src/chrome/content/rules/Spreadshirt.xml
deleted file mode 100644
index 1c490e382f4d..000000000000
--- a/src/chrome/content/rules/Spreadshirt.xml
+++ /dev/null
@@ -1,169 +0,0 @@
-<!--
-	Each customer gets their own subdomain
-
-	Invalid certificate:
-		(www.)?forum.spreadshirt.*
-		*.spreadshirt.cc
-		*.spreadshirt.li
-		*.spreadshirt.uk
-
--->
-<ruleset name="Spreadshirt">
-
-	<target host="spreadshirt.at" />
-	<target host="*.spreadshirt.at" />
-	<target host="spreadshirt.be" />
-	<target host="*.spreadshirt.be" />
-	<target host="spreadshirt.ch" />
-	<target host="*.spreadshirt.ch" />
-	<target host="spreadshirt.co.uk" />
-	<target host="*.spreadshirt.co.uk" />
-	<target host="spreadshirt.com" />
-	<target host="*.spreadshirt.com" />
-	<target host="spreadshirt.com.au" />
-	<target host="*.spreadshirt.com.au" />
-	<target host="spreadshirt.de" />
-	<target host="*.spreadshirt.de" />
-	<target host="spreadshirt.dk" />
-	<target host="*.spreadshirt.dk" />
-	<target host="spreadshirt.es" />
-	<target host="*.spreadshirt.es" />
-	<target host="spreadshirt.fi" />
-	<target host="*.spreadshirt.fi" />
-	<target host="spreadshirt.fr" />
-	<target host="*.spreadshirt.fr" />
-	<target host="spreadshirt.ie" />
-	<target host="*.spreadshirt.ie" />
-	<target host="spreadshirt.it" />
-	<target host="*.spreadshirt.it" />
-	<target host="spreadshirt.net" />
-	<target host="*.spreadshirt.net" />
-	<target host="spreadshirt.nl" />
-	<target host="*.spreadshirt.nl" />
-	<target host="spreadshirt.no" />
-	<target host="*.spreadshirt.no" />
-	<target host="spreadshirt.pl" />
-	<target host="*.spreadshirt.pl" />
-	<target host="spreadshirt.se" />
-	<target host="*.spreadshirt.se" />
-
-	<target host="image.spreadshirtmedia.net" />
-
-	<test url="http://www.spreadshirt.at/" />
-	<test url="http://forum.spreadshirt.at/" />
-	<test url="http://www.forum.spreadshirt.at/" />
-	<test url="http://shop.spreadshirt.at/" />
-	<test url="http://wikileaks.spreadshirt.at/" />
-
-	<test url="http://www.spreadshirt.be/" />
-	<test url="http://forum.spreadshirt.be/" />
-	<test url="http://www.forum.spreadshirt.be/" />
-	<test url="http://shop.spreadshirt.be/" />
-	<test url="http://wikileaks.spreadshirt.be/" />
-
-	<test url="http://www.spreadshirt.ch/" />
-	<test url="http://forum.spreadshirt.ch/" />
-	<test url="http://www.forum.spreadshirt.ch/" />
-	<test url="http://shop.spreadshirt.ch/" />
-	<test url="http://wikileaks.spreadshirt.ch/" />
-
-	<test url="http://www.spreadshirt.co.uk/" />
-	<test url="http://forum.spreadshirt.co.uk/" />
-	<test url="http://www.forum.spreadshirt.co.uk/" />
-	<test url="http://shop.spreadshirt.co.uk/" />
-	<test url="http://wikileaks.spreadshirt.co.uk/" />
-
-	<test url="http://www.spreadshirt.com/" />
-	<test url="http://forum.spreadshirt.com/" />
-	<test url="http://www.forum.spreadshirt.com/" />
-	<test url="http://shop.spreadshirt.com/" />
-	<test url="http://wikileaks.spreadshirt.com/" />
-
-	<test url="http://www.spreadshirt.com.au/" />
-	<test url="http://forum.spreadshirt.com.au/" />
-	<test url="http://www.forum.spreadshirt.com.au/" />
-	<test url="http://shop.spreadshirt.com.au/" />
-	<test url="http://wikileaks.spreadshirt.com.au/" />
-
-	<test url="http://www.spreadshirt.de/" />
-	<test url="http://forum.spreadshirt.de/" />
-	<test url="http://www.forum.spreadshirt.de/" />
-	<test url="http://shop.spreadshirt.de/" />
-	<test url="http://wikileaks.spreadshirt.de/" />
-
-	<test url="http://www.spreadshirt.dk/" />
-	<test url="http://forum.spreadshirt.dk/" />
-	<test url="http://www.forum.spreadshirt.dk/" />
-	<test url="http://shop.spreadshirt.dk/" />
-	<test url="http://wikileaks.spreadshirt.dk/" />
-
-	<test url="http://www.spreadshirt.es/" />
-	<test url="http://forum.spreadshirt.es/" />
-	<test url="http://www.forum.spreadshirt.es/" />
-	<test url="http://shop.spreadshirt.es/" />
-	<test url="http://wikileaks.spreadshirt.es/" />
-
-	<test url="http://www.spreadshirt.fi/" />
-	<test url="http://forum.spreadshirt.fi/" />
-	<test url="http://www.forum.spreadshirt.fi/" />
-	<test url="http://shop.spreadshirt.fi/" />	
-	<test url="http://wikileaks.spreadshirt.fi/" />
-
-	<test url="http://www.spreadshirt.fr/" />
-	<test url="http://forum.spreadshirt.fr/" />
-	<test url="http://www.forum.spreadshirt.fr/" />
-	<test url="http://shop.spreadshirt.fr/" />
-	<test url="http://wikileaks.spreadshirt.fr/" />
-
-	<test url="http://www.spreadshirt.ie/" />
-	<test url="http://forum.spreadshirt.ie/" />
-	<test url="http://www.forum.spreadshirt.ie/" />
-	<test url="http://shop.spreadshirt.ie/" />
-	<test url="http://wikileaks.spreadshirt.ie/" />
-
-	<test url="http://www.spreadshirt.it/" />
-	<test url="http://forum.spreadshirt.it/" />
-	<test url="http://www.forum.spreadshirt.it/" />
-	<test url="http://shop.spreadshirt.it/" />
-	<test url="http://wikileaks.spreadshirt.it/" />
-
-	<test url="http://www.spreadshirt.net/" />
-	<test url="http://forum.spreadshirt.net/" />
-	<test url="http://www.forum.spreadshirt.net/" />
-	<test url="http://shop.spreadshirt.net/" />
-	<test url="http://mobile.spreadshirt.net/" />
-	<test url="http://wikileaks.spreadshirt.net/" />
-
-	<test url="http://www.spreadshirt.nl/" />
-	<test url="http://forum.spreadshirt.nl/" />
-	<test url="http://www.forum.spreadshirt.nl/" />
-	<test url="http://shop.spreadshirt.nl/" />
-	<test url="http://wikileaks.spreadshirt.nl/" />
-
-	<test url="http://www.spreadshirt.no/" />
-	<test url="http://forum.spreadshirt.no/" />
-	<test url="http://www.forum.spreadshirt.no/" />
-	<test url="http://shop.spreadshirt.no/" />
-	<test url="http://wikileaks.spreadshirt.no/" />
-
-	<test url="http://www.spreadshirt.pl/" />
-	<test url="http://forum.spreadshirt.pl/" />
-	<test url="http://www.forum.spreadshirt.pl/" />
-	<test url="http://shop.spreadshirt.pl/" />
-	<test url="http://wikileaks.spreadshirt.pl/" />
-
-	<test url="http://www.spreadshirt.se/" />
-	<test url="http://forum.spreadshirt.se/" />
-	<test url="http://www.forum.spreadshirt.se/" />
-	<test url="http://shop.spreadshirt.se/" />
-	<test url="http://wikileaks.spreadshirt.se/" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://(www\.)?forum\.spreadshirt\.(at|be|ch|co\.uk|com|com\.au|de|dk|es|fi|fr|ie|it|net|nl|no|pl|se)/"
-		to="https://forum.spreadshirt.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sprig-of-Thyme.com.xml b/src/chrome/content/rules/Sprig-of-Thyme.com.xml
new file mode 100644
index 000000000000..1f8c282b40bd
--- /dev/null
+++ b/src/chrome/content/rules/Sprig-of-Thyme.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Sprig-of-Thyme.com">
+	<target host="sprig-of-thyme.com" />
+	<target host="www.sprig-of-thyme.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Spring-TNS.net.xml b/src/chrome/content/rules/Spring-TNS.net.xml
index c700411cbea2..f7f01b5c205f 100644
--- a/src/chrome/content/rules/Spring-TNS.net.xml
+++ b/src/chrome/content/rules/Spring-TNS.net.xml
@@ -14,7 +14,7 @@ Fetch error: http://foreca.spring-tns.net/blank.gif => https://ssl-foreca.spring
 		- nelonen	(refused)
 
 -->
-<ruleset name="Spring-TNS.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Spring-TNS.net (partial)" default_off="failed ruleset test">
 
 	<target host="*.spring-tns.net" />
 
diff --git a/src/chrome/content/rules/Springer-Medizin.de.xml b/src/chrome/content/rules/Springer-Medizin.de.xml
index ee37860b43db..5f3132733f21 100644
--- a/src/chrome/content/rules/Springer-Medizin.de.xml
+++ b/src/chrome/content/rules/Springer-Medizin.de.xml
@@ -18,7 +18,7 @@ Fetch error: http://registrierung.springer-medizin.de/ => https://registrierung.
 		- registrierung.springer-medizin.de
 
 -->
-<ruleset name="Springer Zahnmedizin.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Springer Zahnmedizin.de (partial)" default_off="failed ruleset test">
 
 	<target host="registrierung.springer-medizin.de" />
 
diff --git a/src/chrome/content/rules/Springer_Zahnmedizin.de.xml b/src/chrome/content/rules/Springer_Zahnmedizin.de.xml
index c2637de35021..f072b8fc2ae4 100644
--- a/src/chrome/content/rules/Springer_Zahnmedizin.de.xml
+++ b/src/chrome/content/rules/Springer_Zahnmedizin.de.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.springerzahnmedizin.de/ => https://www.springerzahnmediz
 		- www.springerzahnmedizin.de
 
 -->
-<ruleset name="Springer Zahnmedizin.de" default_off='failed ruleset test'>
+<ruleset name="Springer Zahnmedizin.de" default_off="failed ruleset test">
 
 	<target host="springerzahnmedizin.de"/>
 	<target host="fortbildung.springerzahnmedizin.de" />
diff --git a/src/chrome/content/rules/Sprint.com.xml b/src/chrome/content/rules/Sprint.com.xml
index 9864b6f92c5e..a459f3133494 100644
--- a/src/chrome/content/rules/Sprint.com.xml
+++ b/src/chrome/content/rules/Sprint.com.xml
@@ -1,10 +1,26 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ria.sprint.com/ => https://ria.sprint.com/: (7, 'Failed to connect to ria.sprint.com port 443: Connection refused')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://discover.sprint.com/ => https://discover.sprint.com/: (6, 'Could not resolve host: discover.sprint.com')
+Fetch error: http://image2.sprint.com/ => https://image2.sprint.com/: (6, 'Could not resolve host: image2.sprint.com')
+Fetch error: http://image3.sprint.com/ => https://image3.sprint.com/: (6, 'Could not resolve host: image3.sprint.com')
+Fetch error: http://image4.sprint.com/ => https://image4.sprint.com/: (6, 'Could not resolve host: image4.sprint.com')
+Fetch error: http://shop2.sprint.com/ => https://shop2.sprint.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://manage.sprintpcs.com/ => https://manage.sprintpcs.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 Disabled by https-everywhere-checker because:
 Fetch error: http://manage.sprintpcs.com/ => https://manage.sprintpcs.com/: (28, 'Connection timed out after 10001 milliseconds')
 	Other Sprint rulesets:
 
 		- Sprint_Buyback.com.xml
-		- Sprint_Rebates.com.xml
 
 
 	Nonfunctional:
@@ -19,8 +35,19 @@ Fetch error: http://manage.sprintpcs.com/ => https://manage.sprintpcs.com/: (28,
 <ruleset name="Sprint.com (partial)">
 
 	<target host="sprint.com" />
-	<target host="*.sprint.com" />
-	<target host="manage.sprintpcs.com" />
+	<target host="www.sprint.com" />
+	<target host="community.sprint.com" />
+	<target host="coverage.sprint.com" />
+	<!-- target host="discover.sprint.com" /-->
+	<!-- target host="image2.sprint.com" /-->
+	<!-- target host="image3.sprint.com" /-->
+	<!-- target host="image4.sprint.com" /-->
+	<target host="mysprint.sprint.com" />
+	<!-- target host="ria.sprint.com" /-->
+	<target host="shop.sprint.com" />
+	<!-- target host="shop2.sprint.com" /-->
+	<target host="support.sprint.com" />
+	<!-- target host="manage.sprintpcs.com" /-->
 
 
 	<securecookie host="^.*\.sprint(?:pcs)?\.com$" name=".+" />
@@ -29,16 +56,7 @@ Fetch error: http://manage.sprintpcs.com/ => https://manage.sprintpcs.com/: (28,
 	<rule from="^http://(?:www\.)?sprint\.com/"
 		to="https://www.sprint.com/" />
 
-	<rule from="^http://community\.sprint\.com/favicon\.ico"
-		to="https://community.sprint.com/favicon.ico" />
-
-	<rule from="^http://(coverage|discover|image[234]|mysprint|ria|shop2?)\.sprint\.com/"
-		to="https://$1.sprint.com/" />
-
-	<rule from="^http://support\.sprint\.com/(catalog/image|global/(?:cs|image))s/"
-		to="https://support.sprint.com/$1s/" />
-
-	<rule from="^http://manage\.sprintpcs\.com/"
-		to="https://manage.sprintpcs.com/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sprint_Rebates.com.xml b/src/chrome/content/rules/Sprint_Rebates.com.xml
deleted file mode 100644
index 6c7601e8f73d..000000000000
--- a/src/chrome/content/rules/Sprint_Rebates.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Sprint coverage, see Sprint.com.xml.
-
-
-	^: Cert only matches www
-
--->
-<ruleset name="Sprint Rebates.com">
-
-	<target host="sprintrebates.com" />
-	<target host="www.sprintrebates.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SpritesMods.com.xml b/src/chrome/content/rules/SpritesMods.com.xml
index 7ab959924ef1..0923c5099202 100644
--- a/src/chrome/content/rules/SpritesMods.com.xml
+++ b/src/chrome/content/rules/SpritesMods.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.spritesmods.com/ => https://www.spritesmods.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.spritesmods.com'")
 
 -->
-<ruleset name="SpritesMods.com" default_off='failed ruleset test'>
+<ruleset name="SpritesMods.com" default_off="failed ruleset test">
 
 	<target host="spritesmods.com" />
 	<target host="www.spritesmods.com" />
diff --git a/src/chrome/content/rules/Spriza.com.xml b/src/chrome/content/rules/Spriza.com.xml
deleted file mode 100644
index 8c8176c2518d..000000000000
--- a/src/chrome/content/rules/Spriza.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-Automatically by https-everywhere-checker because:
-Fetch error: http://spriza.com/ => https://www.spriza.com/: Cycle detected - URL already encountered: http://spriza.com/
-	^: Refused
-
--->
-<ruleset name="Spriza.com">
-
-	<target host="spriza.com" />
-	<target host="*.spriza.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.spriza\.com$" name="^PLAY_SESSION$" /-->
-
-	<securecookie host="^(?:www)?\.spriza\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?spriza\.com/"
-		to="https://www.spriza.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sprout.xml b/src/chrome/content/rules/Sprout.xml
index 9d0d0dcb0197..4fa1600d8c6c 100644
--- a/src/chrome/content/rules/Sprout.xml
+++ b/src/chrome/content/rules/Sprout.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.sproutinc.com/ => https://sproutinc.com/: (28, 'Connecti
 		- (www.)sproutbuilder.com
 
 -->
-<ruleset name="Sprout (partial)" default_off='failed ruleset test'>
+<ruleset name="Sprout (partial)" default_off="failed ruleset test">
 
 	<target host="sproutinc.com" />
 	<target host="www.sproutinc.com" />
diff --git a/src/chrome/content/rules/Spylog.com.xml b/src/chrome/content/rules/Spylog.com.xml
index 3a7be0d2538e..12f02661f7b9 100644
--- a/src/chrome/content/rules/Spylog.com.xml
+++ b/src/chrome/content/rules/Spylog.com.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:u\d+\.02|counter)\.spylog\.com/"
 		to="https://counter.spylog.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Square.xml b/src/chrome/content/rules/Square.xml
deleted file mode 100644
index 37e3f1128e28..000000000000
--- a/src/chrome/content/rules/Square.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Other Square rulesets:
-
-		- squarecdn.xml
-
-
-	no response:
-		- status.squareup.com
-		- issquareup.com
--->
-<ruleset name="Square">
-	<target host="square.com" />
-	<target host="www.square.com" />
-	<target host="cash.square.com" />
-	<target host="squareup.com" />
-	<target host="www.squareup.com" />
-	<target host="connect.squareup.com" />
-	<target host="corner.squareup.com" />
-	<target host="docs.connect.squareup.com" />
-	<target host="cash.me" />
-	<target host="www.cash.me" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Squarespace-clients.xml b/src/chrome/content/rules/Squarespace-clients.xml
deleted file mode 100644
index f1723cb7cc68..000000000000
--- a/src/chrome/content/rules/Squarespace-clients.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	This ruleset is for Squarespace clients which otherwise have no rules off by default.
-
--->
-<ruleset name="Squarespace clients" default_off="mismatched">
-
-	<!--	Cert: *.squarespace.com	-->
-	<target host="ohnopodcast.com" />
-	<target host="www.ohnopodcast.com" />
-
-
-	<!--	- At least the homepage redirects to http
-		- !www 301s to www
-		- universal/ can be fetched from squarespace.com,
-		  but is that worth it? Maybe deal with it later.
-					-->
-	<rule from="^http://(?:www\.)?ohnopodcast\.com/(display|layout|storage|universal)/"
-		to="https://www.ohnopodcast.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Squarespace.xml b/src/chrome/content/rules/Squarespace.xml
index 2a0b12c4e3d8..b442b47d7c0a 100644
--- a/src/chrome/content/rules/Squarespace.xml
+++ b/src/chrome/content/rules/Squarespace.xml
@@ -4,15 +4,6 @@
 		- Sqsp.com.xml
 
 
-	CDN buckets:
-
-		- s3.amazonaws.com/s3.media.squarespace.com/
-			- s3.media.squarespace.com
-
-		- squarespace.cachefly.net
-			- squarespace.cachefly.net
-
-
 	Mixed content:
 
 		- Images on (client_subdomain).squarespace.com from $self *
@@ -36,11 +27,6 @@
 		<test url="http://static1.squarespace.com/" />
 		<test url="http://www.squarespace.com/" />
 
-		<!--	Special cases:
-					-->
-		<test url="http://cachefly.squarespace.com/" />
-		<test url="http://s3.media.squarespace.com/" />
-
 		<!-- see https://github.com/EFForg/https-everywhere/issues/5622,
 		     https://github.com/EFForg/https-everywhere/issues/8752 and
 		     https://github.com/EFForg/https-everywhere/issues/14382 -->
@@ -57,20 +43,8 @@
 
 		<test url="http://sg-links.squarespace.com/wf/click?upn=randomstring" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(client_subdomain)\.squarespace\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host=".*\.squarespace\.com$" name=".+" />
-
-
-	<rule from="^http://cachefly\.squarespace\.com/"
-		to="https://squarespace.cachefly.net/" />
-
-	<rule from="^http://s3\.media\.squarespace\.com/"
-		to="https://s3.amazonaws.com/s3.media.squarespace.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Squid_Solutions.xml b/src/chrome/content/rules/Squid_Solutions.xml
deleted file mode 100644
index 97a62bc5bf44..000000000000
--- a/src/chrome/content/rules/Squid_Solutions.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)squidsolutions.com
-
--->
-<ruleset name="Squid Solutions (partial)">
-
-	<target host="aws.tracker.squidanalytics.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml b/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml
index 90aa5ab28bff..3a611b7db383 100644
--- a/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml
+++ b/src/chrome/content/rules/Squirrel-webmail.surftown.com.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://squirrel-webmail.surftown.com/ => https://squirrel-webmail.surftown.com/: (7, 'Failed to connect to squirrel-webmail.surftown.com port 443: Connection refused')
 
 -->
-<ruleset name="Squirrel-webmail.surftown.com" default_off='failed ruleset test'>
+<ruleset name="Squirrel-webmail.surftown.com" default_off="failed ruleset test">
   <target host="squirrel-webmail.surftown.com" />
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Srcclr.com.xml b/src/chrome/content/rules/Srcclr.com.xml
index 2b7c8ae42589..064f567c8fa3 100644
--- a/src/chrome/content/rules/Srcclr.com.xml
+++ b/src/chrome/content/rules/Srcclr.com.xml
@@ -6,10 +6,9 @@ Fetch error: http://app.srcclr.com/ => https://app.srcclr.com/: (60, 'SSL certif
 
 	Other SourceClear rulesets:
 
-		- Srcclr.help.xml
 
 -->
-<ruleset name="srcclr.com" default_off='failed ruleset test'>
+<ruleset name="srcclr.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Srcclr.help.xml b/src/chrome/content/rules/Srcclr.help.xml
deleted file mode 100644
index 55deb4ba3378..000000000000
--- a/src/chrome/content/rules/Srcclr.help.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	For other SourceClear coverage, see Srcclr.com.xml.
-
-
-	These altnames don't exist:
-
-		- www.srcclr.help
-
-
-	Insecure cookies are set for these hosts:
-
-		- srcclr.help
-
--->
-<ruleset name="srcclr.help">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="srcclr.help" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^srcclr\.help$" name="^(?:XSRF-TOKEN|connect\.sid)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Srcf.net.xml b/src/chrome/content/rules/Srcf.net.xml
index a11540d10594..c50be1db5b92 100644
--- a/src/chrome/content/rules/Srcf.net.xml
+++ b/src/chrome/content/rules/Srcf.net.xml
@@ -51,7 +51,7 @@
 	wiki.srcf.net            (Known to exist, but not yet tested for HTTPS support.)
 -->
 <ruleset name="Srcf.net">
-	
+
 	<target host="srcf.net" />
 	<target host="lists.srcf.net" />
 	<target host="webmail.srcf.net" />
@@ -59,5 +59,5 @@
 	<target host="cueims.soc.srcf.net" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Srware.xml b/src/chrome/content/rules/Srware.xml
index bcf5976176e0..c27f333a5be1 100644
--- a/src/chrome/content/rules/Srware.xml
+++ b/src/chrome/content/rules/Srware.xml
@@ -11,7 +11,7 @@
   <target host="srware.net"/>
   <target host="www.srware.net"/>
 
-  <securecookie host="^(?:.*\.)?srware.net$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/SsbKyh.com.xml b/src/chrome/content/rules/SsbKyh.com.xml
index 06e3280fbf14..28b6b7735892 100644
--- a/src/chrome/content/rules/SsbKyh.com.xml
+++ b/src/chrome/content/rules/SsbKyh.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://cdn\.ssbkyh\.com/"
 		to="https://djhznh41oxwef.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sslcert35.com.xml b/src/chrome/content/rules/Sslcert35.com.xml
index e25c9ccb40f8..199156f95563 100644
--- a/src/chrome/content/rules/Sslcert35.com.xml
+++ b/src/chrome/content/rules/Sslcert35.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://([\w-]+)\.sslcert35\.com/"
 		to="https://$1.sslcert35.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ssldomain.com.xml b/src/chrome/content/rules/Ssldomain.com.xml
index a7296633b1b2..18549cfcd16b 100644
--- a/src/chrome/content/rules/Ssldomain.com.xml
+++ b/src/chrome/content/rules/Ssldomain.com.xml
@@ -10,10 +10,10 @@
 		<exclusion pattern="^http://www\." />
 
 
-	<securecookie host=".+\.ssldomain\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.ssldomain\.com/"
 		to="https://$1.ssldomain.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Ssltrust.us.xml b/src/chrome/content/rules/Ssltrust.us.xml
index c823f5f0e70f..ba2c6e426dd3 100644
--- a/src/chrome/content/rules/Ssltrust.us.xml
+++ b/src/chrome/content/rules/Ssltrust.us.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://test.ssltrust.us/ => https://test.ssltrust.us/: (6, 'Could not resolve host: test.ssltrust.us')
 
 -->
-<ruleset name="ssltrust.us (partial)" default_off='failed ruleset test'>
+<ruleset name="ssltrust.us (partial)" default_off="failed ruleset test">
 
 	<target host="test.ssltrust.us" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sstest.jp.xml b/src/chrome/content/rules/Sstest.jp.xml
deleted file mode 100644
index d118f9267ab2..000000000000
--- a/src/chrome/content/rules/Sstest.jp.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	(www.)?sstest.jp doesn't exist.
-
--->
-<ruleset name="sstest.jp">
-
-	<target host="evesys11.sstest.jp" />
-
-		<test url="http://evesys11.sstest.jp/static/upload/evesys11.sstest.jp/system///seminar_base/shared/img/ubk_img/UBK_0314.gif" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/St-Andrews.ac.uk.xml b/src/chrome/content/rules/St-Andrews.ac.uk.xml
index 103e9bad5ef6..5fad8b8bbc79 100644
--- a/src/chrome/content/rules/St-Andrews.ac.uk.xml
+++ b/src/chrome/content/rules/St-Andrews.ac.uk.xml
@@ -41,7 +41,10 @@
 <ruleset name="St-Andrews.ac.uk (partial)">
 
 	<target host="st-andrews.ac.uk" />
-	<target host="*.st-andrews.ac.uk" />
+	<target host="www.st-andrews.ac.uk" />
+	<target host="risweb.st-andrews.ac.uk" />
+	<target host="sparc.st-andrews.ac.uk" />
+	<target host="www.vacancies.st-andrews.ac.uk" />
 		<!--exclusion pattern="^http://research-repository\.st-andrews\.ac\.uk/+($|community-list$|favicon\.ico|image/|print\.css|static/|styles\.css|utils\.js)" /-->
 
 
@@ -52,7 +55,6 @@
 	<rule from="^http://(?:www\.)?st-andrews\.ac\.uk/"
 		to="https://www.st-andrews.ac.uk/" />
 
-	<rule from="^http://(risweb|sparc|www\.vacancies)\.st-andrews\.ac\.uk/"
-		to="https://$1.st-andrews.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/StShrt.com.xml b/src/chrome/content/rules/StShrt.com.xml
index 741f8311a641..388151875813 100644
--- a/src/chrome/content/rules/StShrt.com.xml
+++ b/src/chrome/content/rules/StShrt.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.stshrt.com/ => https://www.stshrt.com/: (51, "SSL: no al
 		- .stshrt.com
 
 -->
-<ruleset name="stShrt.com" default_off='failed ruleset test'>
+<ruleset name="stShrt.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/St_Kitts_Zipline.xml b/src/chrome/content/rules/St_Kitts_Zipline.xml
index acbef8199b51..75a5e65c65a3 100644
--- a/src/chrome/content/rules/St_Kitts_Zipline.xml
+++ b/src/chrome/content/rules/St_Kitts_Zipline.xml
@@ -11,10 +11,11 @@ Fetch error: http://stkittszipline.com/ => http://stkittszipline.com/: (28, 'Res
 		- www		(redirects to secure, valid cert)
 
 -->
-<ruleset name="St. Kitts Zipline (partial)" default_off='failed ruleset test'>
+<ruleset name="St. Kitts Zipline (partial)" default_off="failed ruleset test">
 
 	<target host="stkittszipline.com" />
-	<target host="*.stkittszipline.com" />
+	<target host="www.stkittszipline.com" />
+	<target host="secure.stkittszipline.com" />
 
 
 	<securecookie host="^secure\.stkittszipline\.com$" name=".+" />
@@ -26,4 +27,4 @@ Fetch error: http://stkittszipline.com/ => http://stkittszipline.com/: (28, 'Res
 	<rule from="^http://secure\.stkittszipline\.com/"
 		to="https://secure.stkittszipline.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/St_L_Beacon.org.xml b/src/chrome/content/rules/St_L_Beacon.org.xml
index 604f561f1152..bfd3b65e04bd 100644
--- a/src/chrome/content/rules/St_L_Beacon.org.xml
+++ b/src/chrome/content/rules/St_L_Beacon.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.stlbeacon.org/ => https://www.stlbeacon.org/: (28, 'Conn
 
 	^: shows another domain
 -->
-<ruleset name="St L Beacon.org" default_off='failed ruleset test'>
+<ruleset name="St L Beacon.org" default_off="failed ruleset test">
 
 	<target host="stlbeacon.org" />
 	<target host="www.stlbeacon.org" />
diff --git a/src/chrome/content/rules/Stack-Exchange.xml b/src/chrome/content/rules/Stack-Exchange.xml
index 7657876dd9ac..1a2410d9833c 100644
--- a/src/chrome/content/rules/Stack-Exchange.xml
+++ b/src/chrome/content/rules/Stack-Exchange.xml
@@ -25,15 +25,15 @@
 	<target host="mathoverflow.net" />
 	<target host="www.mathoverflow.net" />
 	<target host="meta.mathoverflow.net" />
-	
+
 	<!-- Serverfault -->
 	<target host="meta.serverfault.com" />
 	<target host="serverfault.com" />
-	
+
 	<!-- Stackauth -->
 	<target host="stackauth.com" />
 	<target host="dev.stackauth.com" />
-	
+
 	<!-- Stackexchange -->
 	<target host="stackexchange.com" />
 	<target host="*.stackexchange.com" />
@@ -71,12 +71,13 @@
 	<target host="stackoverflow.blog" />
 	<target host="www.stackoverflow.blog" />
 	<target host="stackoverflow.email" />
+	<target host="sg-links.stackoverflow.email" />
 
 	<!-- Superuser -->
 	<target host="superuser.com" />
 	<target host="www.superuser.com" />
 	<target host="meta.superuser.com" />
-	
+
 	<!-- Misc -->
 	<target host="sstatic.net" />
 	<target host="cdn.sstatic.net" />
@@ -97,20 +98,20 @@
 	<!-- Mathoverflow -->
 	<securecookie host="^mathoverflow\.net$" name=".+" />
 	<securecookie host="^meta\.mathoverflow.net$" name=".+" />
-	
+
 	<!-- Serverfault -->
 	<securecookie host="^clc\.serverfault\.com$" name=".+" />
 	<securecookie host="^meta\.serverfault\.com$" name=".+" />
 	<securecookie host="^serverfault\.com$" name=".+" />
-	
+
 	<!-- Stackauth -->
 	<securecookie host="^stackauth\.com$" name=".+" />
 	<securecookie host="^dev\.stackauth\.com$" name=".+" />
-	
+
 	<!-- Stackexchange -->
 	<securecookie host="^stackexchange\.com$" name=".+" />
 	<securecookie host="^([\w-]+)\.stackexchange\.com$" name=".+" />
-	
+
 	<!-- Stackoverflow -->
 	<securecookie host="^chat\.stackoverflow\.com$" name=".+" />
 	<securecookie host="^careers\.stackoverflow\.com$" name=".+" />
@@ -122,8 +123,8 @@
 
 	<!-- Superuser -->
 	<securecookie host="^superuser\.com$" name=".+" />
-	<securecookie host="^meta\.superuser\.com$" name=".+" />	
-	
+	<securecookie host="^meta\.superuser\.com$" name=".+" />
+
 	<!-- Misc -->
 	<securecookie host="^sstatic\.net$" name=".+" />
 	<securecookie host="^cdn\.sstatic\.net$" name=".+" />
diff --git a/src/chrome/content/rules/StackEdit.io.xml b/src/chrome/content/rules/StackEdit.io.xml
new file mode 100644
index 000000000000..09b2c096176f
--- /dev/null
+++ b/src/chrome/content/rules/StackEdit.io.xml
@@ -0,0 +1,8 @@
+<ruleset name="StackEdit.io">
+	<target host="stackedit.io" />
+	<target host="community.stackedit.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StackSocial.xml b/src/chrome/content/rules/StackSocial.xml
index 887b11698f8c..d2e2af45e119 100644
--- a/src/chrome/content/rules/StackSocial.xml
+++ b/src/chrome/content/rules/StackSocial.xml
@@ -23,7 +23,7 @@ Fetch error: http://jobs.stacksocial.com/ => https://jobs.stacksocial.com/: (6,
 		- jobs
 
 -->
-<ruleset name="StackSocial.com (partial)" default_off='failed ruleset test'>
+<ruleset name="StackSocial.com (partial)" default_off="failed ruleset test">
 
 	<target host="stacksocial.com" />
 	<target host="beta.stacksocial.com" />
diff --git a/src/chrome/content/rules/Stacklet.com.xml b/src/chrome/content/rules/Stacklet.com.xml
index 730ae1c162ad..0d1eb727a2d8 100644
--- a/src/chrome/content/rules/Stacklet.com.xml
+++ b/src/chrome/content/rules/Stacklet.com.xml
@@ -14,7 +14,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Stacklet.com (partial)" default_off="missing certificate chain">
+<ruleset name="Stacklet.com (partial)" default_off="cert-chain">
 
 	<target host="stacklet.com" />
 	<target host="secure.stacklet.com" />
diff --git a/src/chrome/content/rules/Stacksity.com.xml b/src/chrome/content/rules/Stacksity.com.xml
index 4dfa2e771c0d..a97e7856d559 100644
--- a/src/chrome/content/rules/Stacksity.com.xml
+++ b/src/chrome/content/rules/Stacksity.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.stacksity.com/ => https://www.stacksity.com/: (6, 'Could
 		- .stacksity.com
 
 -->
-<ruleset name="Stacksity.com" default_off='failed ruleset test'>
+<ruleset name="Stacksity.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Stadt-bremerhaven.de.xml b/src/chrome/content/rules/Stadt-bremerhaven.de.xml
index ade726a63980..1523f67cec80 100644
--- a/src/chrome/content/rules/Stadt-bremerhaven.de.xml
+++ b/src/chrome/content/rules/Stadt-bremerhaven.de.xml
@@ -1,19 +1,7 @@
 
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://stadt-bremerhaven.de/ => https://stadt-bremerhaven.de/: Too many redirects while fetching 'https://stadt-bremerhaven.de/'
-
--->
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://stadt-bremerhaven.de/ => https://stadt-bremerhaven.de/: Too many redirects while fetching 'https://stadt-bremerhaven.de/'
-
--->
-<ruleset name="Caschys Blog" default_off='failed ruleset test'>
+<ruleset name="Stadt-Bremerhaven.de">
 <target host="stadt-bremerhaven.de"/>
-<target host="*.stadt-bremerhaven.de"/>
+<target host="www.stadt-bremerhaven.de"/>
 
-<rule from="^http://m\.stadt-bremerhaven\.de/" to="https://m.stadt-bremerhaven.de/"/>
-<rule from="^http://(?:www\.)?stadt-bremerhaven\.de/" to="https://stadt-bremerhaven.de/"/>
+<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml b/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml
index f1fcc5f3e9e8..277cb4d7fdc6 100644
--- a/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml
+++ b/src/chrome/content/rules/Stadtwerke-Ingolstadt.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://portal.sw-in.de/ => https://portal.sw-in.de/: (6, 'Could not resolve host: portal.sw-in.de')
 
 -->
-<ruleset name="Stadtwerke Ingolstadt" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Stadtwerke Ingolstadt" platform="mixedcontent" default_off="failed ruleset test">
 <target host="www.sw-i.de" />
 <target host="portal.sw-in.de" />
 
diff --git a/src/chrome/content/rules/Staffordshire.gov.uk.xml b/src/chrome/content/rules/Staffordshire.gov.uk.xml
index 7cc56c909617..545ee0b402e2 100644
--- a/src/chrome/content/rules/Staffordshire.gov.uk.xml
+++ b/src/chrome/content/rules/Staffordshire.gov.uk.xml
@@ -52,7 +52,7 @@ Fetch error: http://pcbooking.staffordshire.gov.uk/ => https://pcbooking.staffor
 	ˢ Secured by us
 
 -->
-<ruleset name="Staffordshire.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Staffordshire.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="apps.staffordshire.gov.uk" />
 	<target host="apps2.staffordshire.gov.uk" />
diff --git a/src/chrome/content/rules/Stand-for-Children.xml b/src/chrome/content/rules/Stand-for-Children.xml
index 85e71558424b..43564c3a4beb 100644
--- a/src/chrome/content/rules/Stand-for-Children.xml
+++ b/src/chrome/content/rules/Stand-for-Children.xml
@@ -6,11 +6,11 @@ Fetch error: http://greatteachersgreatschools.org/ => https://www.greatteachersg
 Disabled by https-everywhere-checker because:
 Fetch error: http://greatteachersgreatschools.org/ => https://www.greatteachersgreatschools.org/: (6, 'Could not resolve host: greatteachersgreatschools.org')
 -->
-<ruleset name="Stand for Children (partial)" default_off='failed ruleset test'>
+<ruleset name="Stand for Children (partial)" default_off="failed ruleset test">
 
 	<target host="greatteachersgreatschools.org" />
 	<!--	* for cross-domain cookie.	-->
-	<target host="*.greatteachersgreatschools.org" />
+	<target host="www.greatteachersgreatschools.org" />
 	<target host="stand.org" />
 	<target host="www.stand.org" />
 
diff --git a/src/chrome/content/rules/Stand_Up_to_Cancer.xml b/src/chrome/content/rules/Stand_Up_to_Cancer.xml
index 03e97fe43c90..ec46bbbdbf20 100644
--- a/src/chrome/content/rules/Stand_Up_to_Cancer.xml
+++ b/src/chrome/content/rules/Stand_Up_to_Cancer.xml
@@ -45,12 +45,16 @@ Fetch error: http://standup2cancer.ca/ => https://www.standup2cancer.ca/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="Stand Up to Cancer (partial)" default_off='failed ruleset test'>
+<ruleset name="Stand Up to Cancer (partial)" default_off="failed ruleset test">
 
 	<target host="standup2cancer.ca" />
-	<target host="*.standup2cancer.ca" />
+	<target host="www.standup2cancer.ca" />
 	<target host="standup2cancer.org" />
-	<target host="*.standup2cancer.org" />
+	<target host="www.standup2cancer.org" />
+	<target host="secure.standup2cancer.org" />
+	<target host="shop.standup2cancer.org" />
+	<target host="si.standup2cancer.org" />
+	<target host="su2c.standup2cancer.org" />
 		<!--
 			Avoid user-visible paths:
 							-->
diff --git a/src/chrome/content/rules/Standaard.be-mixed.xml b/src/chrome/content/rules/Standaard.be-mixed.xml
index 7c200ecd44db..6025e222a2f9 100644
--- a/src/chrome/content/rules/Standaard.be-mixed.xml
+++ b/src/chrome/content/rules/Standaard.be-mixed.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.standaard.be/ => https://www.standaard.be/: Cycle detect
 	For rules not causing neither false/broken nor valid MCB, see Standaard.be.xml.
 
 -->
-<ruleset name="Standaard.be (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Standaard.be (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="www.standaard.be" />
 
diff --git a/src/chrome/content/rules/Standaard.be.xml b/src/chrome/content/rules/Standaard.be.xml
index b63162092424..3830ca707d64 100644
--- a/src/chrome/content/rules/Standaard.be.xml
+++ b/src/chrome/content/rules/Standaard.be.xml
@@ -85,7 +85,7 @@ Fetch error: http://2.standaardcdn.be/ => https://www.standaard.be/: Cycle detec
 	² Secured by us
 
 -->
-<ruleset name="Standaard.be (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Standaard.be (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	https://sta... redirects to http://www..., so
 		we can avoid a duplicate target warning by
diff --git a/src/chrome/content/rules/Standard_Ebooks.com.xml b/src/chrome/content/rules/Standard_Ebooks.com.xml
deleted file mode 100644
index 04830a135f01..000000000000
--- a/src/chrome/content/rules/Standard_Ebooks.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Standard Ebooks.com">
-
-	<target host="standardebooks.com" />
-	<target host="www.standardebooks.com" />
-
-
-	<securecookie host="^standardebooks\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Stanford-University-problematic.xml b/src/chrome/content/rules/Stanford-University-problematic.xml
deleted file mode 100644
index 324fa8e61dd7..000000000000
--- a/src/chrome/content/rules/Stanford-University-problematic.xml
+++ /dev/null
@@ -1,97 +0,0 @@
-<!--
-	For rules that are on by default, see Stanford-University.xml.
-
--->
-<ruleset name="Stanford.edu (problematic)" default_off="expired, mismatched, missing certificate chain, self-signed">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="aacf.stanford.edu" />
-	<target host="accounts.stanford.edu" />
-	<target host="acomp.stanford.edu" />
-	<target host="ahpcrc.stanford.edu" />
-	<target host="apamsa.stanford.edu" />
-	<target host="assu-web.stanford.edu" />
-	<target host="bgm.stanford.edu" />
-	<target host="bigdata.stanford.edu" />
-	<target host="biosciences.stanford.edu" />
-	<target host="cdc-tree.stanford.edu" />
-	<target host="cisl.stanford.edu" />
-	<target host="cme.stanford.edu" />
-	<target host="communitymednews.stanford.edu" />
-	<target host="conferencecenter.stanford.edu" />
-	<target host="csl.stanford.edu" />
-	<target host="curryrice.stanford.edu" />
-	<target host="deansnewsletter.stanford.edu" />
-	<target host="engineering.stanford.edu" />
-	<target host="globalhealth.stanford.edu" />
-	<target host="gme.stanford.edu" />
-	<target host="goodmancenter.stanford.edu" />
-	<target host="hannahousetours.stanford.edu" />
-	<target host="healthlibrary.stanford.edu" />
-	<target host="icme.stanford.edu" />
-	<target host="lksc.stanford.edu" />
-	<target host="lmsa.stanford.edu" />
-	<target host="maps.stanford.edu" />
-	<target host="math.stanford.edu" />
-	<target host="medcatalog.stanford.edu" />
-	<target host="medfacilities.stanford.edu" />
-	<target host="medicine.stanford.edu" />
-	<target host="mednews.stanford.edu" />
-	<target host="pcap.stanford.edu" />
-	<target host="postdocs.stanford.edu" />
-	<target host="saisapp67.stanford.edu" />
-	<target host="securitylunch.stanford.edu" />
-	<target host="sm.stanford.edu" />
-	<target host="smili.stanford.edu" />
-	<target host="socrates.stanford.edu" />
-	<target host="spctrm.stanford.edu" />
-	<target host="stanmed.stanford.edu" />
-	<target host="suma.stanford.edu" />
-	<target host="summerinstitutes.stanford.edu" />
-	<target host="swp.stanford.edu" />
-	<target host="tasc.stanford.edu" />
-	<target host="theory.stanford.edu" />
-	<target host="thestanfordchallenge.stanford.edu" />
-	<target host="vaden.stanford.edu" />
-	<target host="waivers.stanford.edu" />
-	<target host="yuba.stanford.edu" />
-
-	<!--	Complications:
-				-->
-	<target host="foswiki.stanford.edu" />
-	<target host="soe.stanford.edu" />
-
-		<!--    /*(?!$) 404s:
-					-->
-		<exclusion pattern="^http://soe\.stanford\.edu/+(?!$)" />
-
-			<!--    +ve:
-					-->
-			<test url="http://soe.stanford.edu/home" />
-			<test url="http://soe.stanford.edu/home.htm" />
-
-			<!--    -ve:
-					-->
-			<test url="http://soe.stanford.edu//" />
-
-
-	<securecookie host="^cdc-tree\.stanford\.edu$" name=".+" />
-	<securecookie host="^\.(?:bgm|engineering|maps)\.stanford\.edu$" name=".+" />
-
-
-	<!--	- Cert: localhost.localdomain
-		- Both appear identical
-						-->
-	<rule from="^http://foswiki\.stanford\.edu/"
-		to="https://yuba.stanford.edu/" />
-
-	<rule from="^http://soe\.stanford\.edu/+$"
-		to="https://engineering.stanford.edu/" />
-
-		<test url="http://soe.stanford.edu//" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stanford-University.xml b/src/chrome/content/rules/Stanford-University.xml
deleted file mode 100644
index c510f0fc9506..000000000000
--- a/src/chrome/content/rules/Stanford-University.xml
+++ /dev/null
@@ -1,1565 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&certificateId=13886655 => https://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&certificateId=13886655: Too many redirects while fetching 'https://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&certificateId=13886655'
-Non-2xx HTTP code: http://endoflife.stanford.edu// (200) => https://palliative.stanford.edu/endoflife/ (404)
-Fetch error: http://netreg.stanford.edu// => https://rescomp.stanford.edu/iprequest/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://rcc.stanford.edu// => https://rescomp.stanford.edu/directory/rcc.php: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://acp.stanford.edu/ => https://acp.stanford.edu/: Too many redirects while fetching 'https://acp.stanford.edu/'
-Fetch error: http://apps.stanford.edu/ => https://apps.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://artsdashboard.stanford.edu/ => https://artsdashboard.stanford.edu/: (6, 'Could not resolve host: artsdashboard.stanford.edu')
-Fetch error: http://as.stanford.edu/ => https://as.stanford.edu/: Too many redirects while fetching 'https://as.stanford.edu/'
-Fetch error: http://atxpo.stanford.edu/ => https://atxpo.stanford.edu/: Too many redirects while fetching 'https://atxpo.stanford.edu/'
-Fetch error: http://classx-admin.stanford.edu/ => https://classx-admin.stanford.edu/: (6, 'Could not resolve host: classx-admin.stanford.edu')
-Fetch error: http://crowd.stanford.edu/ => https://crowd.stanford.edu/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://dge.stanford.edu/ => https://dge.stanford.edu/: (7, 'Failed to connect to dge.stanford.edu port 443: No route to host')
-Fetch error: http://ebola.stanford.edu/ => https://ebola.stanford.edu/: Too many redirects while fetching 'https://ebola.stanford.edu/'
-Fetch error: http://experts.stanford.edu/ => https://experts.stanford.edu/: Too many redirects while fetching 'https://experts.stanford.edu/'
-Fetch error: http://www.give.stanford.edu/ => https://www.give.stanford.edu/: (6, 'Could not resolve host: www.give.stanford.edu')
-Fetch error: http://givetolocal.stanford.edu/ => https://givetolocal.stanford.edu/: (6, 'Could not resolve host: givetolocal.stanford.edu')
-Fetch error: http://www.givetolocal.stanford.edu/ => https://www.givetolocal.stanford.edu/: (6, 'Could not resolve host: www.givetolocal.stanford.edu')
-Fetch error: http://gsb.stanford.edu/ => https://gsb.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://icenter.stanford.edu/ => https://icenter.stanford.edu/: Too many redirects while fetching 'https://icenter.stanford.edu/'
-Fetch error: http://ico.stanford.edu/ => https://ico.stanford.edu/: Too many redirects while fetching 'https://ico.stanford.edu/'
-Fetch error: http://janestanford.stanford.edu/ => https://janestanford.stanford.edu/: (6, 'Could not resolve host: janestanford.stanford.edu')
-Fetch error: http://mathcircle.stanford.edu/ => https://mathcircle.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'mathcircle.stanford.edu'")
-Fetch error: http://maven.stanford.edu/ => https://maven.stanford.edu/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://monitoring.stanford.edu/ => https://monitoring.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://monitoring-internal.stanford.edu/ => https://monitoring-internal.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://nagios.stanford.edu/ => https://nagios.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://news.stanford.edu/ => https://news.stanford.edu/: Too many redirects while fetching 'https://news.stanford.edu/'
-Fetch error: http://mail.ohns.stanford.edu/ => https://mail.ohns.stanford.edu/: (6, 'Could not resolve host: mail.ohns.stanford.edu')
-Fetch error: http://openflow.stanford.edu/ => https://openflow.stanford.edu/: (60, 'SSL certificate problem: certificate has expired')
-Non-2xx HTTP code: http://orderit-pmg.stanford.edu/ (200) => https://orderit-pmg.stanford.edu/ (500)
-Fetch error: http://parentsweekend.stanford.edu/ => https://parentsweekend.stanford.edu/: Too many redirects while fetching 'https://parentsweekend.stanford.edu/'
-Fetch error: http://precollegiate.stanford.edu/ => https://precollegiate.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://rescomp.stanford.edu/ => https://rescomp.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://saforms.stanford.edu/ => https://saforms.stanford.edu/: (7, 'Failed to connect to saforms.stanford.edu port 443: Connection refused')
-Fetch error: http://sciencecircle.stanford.edu/ => https://sciencecircle.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'sciencecircle.stanford.edu'")
-Fetch error: http://sdlf.stanford.edu/ => https://sdlf.stanford.edu/: Too many redirects while fetching 'https://sdlf.stanford.edu/'
-Fetch error: http://seniorgift.stanford.edu/ => https://seniorgift.stanford.edu/: Too many redirects while fetching 'https://seniorgift.stanford.edu/'
-Fetch error: http://sharedfacilities.stanford.edu/ => https://sharedfacilities.stanford.edu/: Too many redirects while fetching 'https://sharedfacilities.stanford.edu/'
-Fetch error: http://stanford25blog.stanford.edu/ => https://stanford25blog.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'stanford25blog.stanford.edu'")
-Fetch error: http://sumac.stanford.edu/ => https://sumac.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'sumac.stanford.edu'")
-Fetch error: http://summercollegeacademy.stanford.edu/ => https://summercollegeacademy.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'summercollegeacademy.stanford.edu'")
-Fetch error: http://summerhumanities.stanford.edu/ => https://summerhumanities.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'summerhumanities.stanford.edu'")
-Fetch error: http://talks.stanford.edu/ => https://talks.stanford.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vp-studentaffairs.stanford.edu/ => https://vp-studentaffairs.stanford.edu/: Too many redirects while fetching 'https://vp-studentaffairs.stanford.edu/'
-Fetch error: http://cao.stanford.edu/ => https://cao.stanford.edu/: (7, 'Failed to connect to cao.stanford.edu port 443: No route to host')
-Non-2xx HTTP code: http://endoflife.stanford.edu/ (200) => https://palliative.stanford.edu/endoflife/ (404)
-Fetch error: http://globalecology.stanford.edu/ => https://dge.stanford.edu/: (7, 'Failed to connect to dge.stanford.edu port 443: No route to host')
-Fetch error: http://netreg.stanford.edu/ => https://rescomp.stanford.edu/iprequest/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://plans-review.stanford.edu/ => https://plans-review.stanford.edu/: (7, 'Failed to connect to plans-review.stanford.edu port 443: Connection refused')
-Fetch error: http://rcc.stanford.edu/ => https://rescomp.stanford.edu/directory/rcc.php: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Stanford University
-
-	For rules causing false/broken MCB, see Stanford.edu-falsemixed.xml.
-
-	For problematic rules, see Stanford-University-problematic.xml.
-
-
-	Other Stanford University rulesets:
-
-		- Hoover_Institution.xml
-		- Stanford_Healthcare.org.xml
-		- Stanford_Hospital.org.xml
-		- Stanford_Med.org.xml
-
-
-	store-0ef21.mybigcommerce
-
-
-	Nonfunctional hosts in *stanford.edu:
-
-		- album ⁹
-		- arcade **
-		- arrogant ⁹
-		- assu			($ redirects to http; at least some paths 404)
-		- bejerano		(Shows another domain)
-		- bma ²
-		- bondholder-information(redirects to http)
-		- campusmap		(shows hannahousetours, mismatched, CN: hannahousetours.stanford.edu)
-		- cancertrialsblog	(WP Engine)
-		- cantorcollections **
-		- cees ⁵
-		- chicory **
-		- cjlab **
-		- codex ⁹
-		- coursematerials ⁶
-		- cpudb **
-		- create		Handshake fails
-		- ftp.cs ᵃ
-		- cvgl			(Shows another domain)
-		- deepdive ᵃ
-		- ecorner		(Shows default page)
-		- edf ⁷
-		- elections		("not yet configured")
-		- emergency **
-		- exploredegrees **
-		- facts ³
-		- fac-web3 ²
-		- facts ³
-		- fah-web		(cert valid; 302s to http)
-		- fairuse
-		- fims
-		- gamemaster ⁹
-		- games ⁹
-		- gin			(https differs from http)
-		- highwire **
-		- hopkinsmarinestation **
-		- humsci **
-		- infolab **
-		- ispace **
-		- irt-sdc		(Shows med.stanford.edu)
-		- jenson **
-		- jr-solardata1 ⁶
-		- large ʳ
-		- liberationtechnology **
-		- lmldb ⁶
-		- logic ⁹
-		- lytics **
-		- mobisocial ⁹
-		- multiagent		Shows another domain
-		- nayaklab ³
-		- neighbors ³
-		- nlp **
-		- ohns			(https differs from http)
-		- oli ³
-		- online ³
-		- otlportal ⁶
-		- pomi			(Shows another domain)
-		- ppl **
-		- rph ³
-		- rain			(Shows another domain)
-		- robotics ³
-		- robots **
-		- scope			(WP Engine)
-		- scpdweb ⁶
-
-		- dune.scs **
-		- ori.scs **
-		- www.scs **
-
-		- sedcl **
-		- babar-hn.slac		(rx_record_too_long)
-		- today.slac		(Handshake fails)
-		- smblog		(WP Engine)
-		- smsa			(Shows another domain)
-		- sprout **
-		- srp			(reused serial)
-		- sse			("not yet configured")
-		- sselabs		(cert: assu-web.stanford.edu; "not yet configured")
-		- stanford-online	(times out)
-		- startx		("not yet configured")
-		- store			($ redirects to http; at least some paths 404)
-		- suif ⁹
-		- sul-sfx *
-		- sunetid		(Handshake fails)
-		- suse ⁶
-		- techfinder		(Shows another domain)
-		- vis			(Shows graphics)
-		- vision		(Shows another domain)
-		- weather ³
-		- www-db **
-		- www-marine **
-		- www-sul ᵇ
-
-	² Shows hannahousetours
-	** Refused
-	³ Redirects to http
-	⁵ Shows pangea
-	⁶ Dropped
-	⁷ Shows cepa
-	⁹ Plaintext reply
-	ᵃ Shows another domain
-	ᵇ Shows swp
-	ʳ Refused
-
-
-	Problematic hosts in *stanford.edu:
-
-		- aacf ⁴
-		- accounts		Missing certificate chain
-		- acomp			Missing certificate chain
-		- ahpcrc		(Missing certificate chain)
-		- apamsa ⁴
-		- askjane		(mismatched, CN: studentaffairs.stanford.edu)
-		- assu-web		Missing cert chain
-		- arts ³
-		- bcnm			(Mismatched)
-		- bigdata		(Mismatched)
-		- biosciences ⁴
-		- brannerlibrary ⁵
-		- bgm *
-		- cdc-tree		Missing certificate chain
-		- cisl ⁴
-		- cmgm3			(Insecure renegotiation)
-		- cme ⁴
-		- coe ³			(Mismatched)
-		- communitymednews ⁴
-		- compgeo		(Shows another domain)
-		- computing **
-		- conferencecenter	(Mismatched)
-		- csl			(Expired, self-signed)
-		- curryrice		Missing certificate chain
-		- cwp ⁴
-		- dataclass **
-		- deansnewsletter ⁴
-		- dor ⁸
-		- email **
-		- engineering		(Missing certificate chain)
-		- eps ⁴
-		- ess **
-		- fingate **
-		- globalecology		(Mismatched)
-		- globalhealth		(Mismatched)
-		- gme ⁴
-		- goodmancenter ⁴
-		- alumni.gsb		Self-signed
-		- gse			(Missing certificate chain)
-		- gsehelpsu		(Shows default page)
-		- hannahousetours	(Missing certificate chain)
-		- hdlab ³
-		- healthlibrary ⁴
-		- helpcenter **
-		- hipaa *
-		- hrg ⁴
-		- icme			(Missing certificate chain)
-		- infocenter **
-		- itmetrics **
-		- itwinterclose **
-		- itwinterclosure **
-		- jarosz ³
-		- jsk ˣ
-		- knight ʰ
-		- lksc ⁴
-		- lmsa ⁴
-		- maps *
-		- math			Missing certificate chain
-		- mathematics ³
-		- medcatalog ⁴
-		- mededresearch ⁴
-		- medfacilities ⁴
-		- medicine		(Mismatched)
-		- mednews ⁴
-		- medicalgiving		(iModules)
-		- metrics ³
-		- netreg ⁹
-		- orderit **
-		- pcap ⁴
-		- pediatricsclerkshipblog ³
-		- picture ³
-		- plans-review ᵃ
-		- postdocs ⁴
-		- psychiatry ⁴
-		- rcc			(Shows another domain)
-		- refunds		Mismatched
-		- saisapp67		Missing certificate chain
-		- sao ᵃ
-		- www-ssrl.slac ³
-		- scopeblog ³
-		- search **
-		- securecomputing **
-		- securitylunch		(Missing certificate chain)
-		- shibboleth **
-		- signalblog **
-		- slac			(cert only matches www.slac)
-		- sm			(Mismatched)
-		- smili ⁴
-		- smysp ⁴
-		- socrates		Mismatched
-		- soe			(refused)
-		- sparkmed ⁴
-		- spctrm		(Mismatched)
-		- stanfordmedicine ⁴
-		- stanfordvideo ³
-		- stanmed		(Mismatched)
-		- stucomp		(Shows another domain)
-		- summa ⁴
-		- summerinstitutes	Missing
-		- sunsport ⁴
-		- swp			(Expired, missing certificate chain)
-		- tasc ⁴
-		- tba **
-		- techbriefings **
-		- theory		Missing certificate chain
-		- thestanfordchallenge	(works, mismatched, CN: ood-web1.stanford.edu)
-		- trachea ⁴
-		- tram ⁴
-		- uhr **
-		- uitcomms **
-		- vaden			Missing certificate chain
-		- vpol **
-		- vsc ⁴
-		- waivers		Missing certificate chain
-		- webdesign **
-		- webservices **
-		- winkleby ⁴
-		- worklife **
-		- www-cs		(Mismatched)
-		- www-cs-students	(mismatched, CN: xenon.stanford.edu)
-		- www-cs-faculty	Mismatched
-		- yuba			(Expired, self-signed)
-
-	³ Mixed css
-	⁴ Mismatched, CN: med.stanford.edu
-	⁵ 403
-	* Works, mismatched, CN: lbre.stanford.edu
-	** Redirects to http
-	⁸ Mismatched, CN: doresearch.stanford.edu
-	⁹ Shows rescomp
-	ᵃ Refused
-	ʰ Redirects to http
-	ˣ Mixed css
-
-
-	Partially covered hosts in *stanford.edu:
-
-		- plato *
-		- arts **
-		- scpd ³
-		- scopeblog **
-		- www-cs-students ²	(→ xenon)
-		- xenon ²
-
-	* Some pages redirect to http, others 404
-	** Avoiding false/broken MCB
-	³ Some pages redirect to http
-	² Personal dirs 404
-
-
-	oncore: Dropped over http & https
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .stanford.edu
-		- 3dqlab.stanford.edu
-		- alumni.stanford.edu
-		- alumni-gsb.stanford.edu
-		- anderson.stanford.edu
-		- .answers.stanford.edu
-		- .bewell.stanford.edu
-		- .ccrma.stanford.edu
-		- cdc-tree.stanford.edu
-		- classx.stanford.edu
-		- dams.stanford.edu
-		- eip.stanford.edu
-		- .engineering.stanford.edu
-		- epgy.stanford.edu
-		- explorecourses.stanford.edu
-		- .facultyaffairs.stanford.edu
-		- .facultyaffairs-humsci.stanford.edu
-		- give.stanford.edu
-		- givinghistory.stanford.edu
-		- .gse-it.stanford.edu
-		- hannahousetours.stanford.edu
-		- healthysteps.stanford.edu
-		- honorrolls.stanford.edu
-		- .hsdo.stanford.edu
-		- .itservices.stanford.edu
-		- lagunita.stanford.edu
-		- .lagunita.stanford.edu
-		- law.stanford.edu
-		- www.law.stanford.edu
-		- .lbre.stanford.edu
-		- .learndrupal.stanford.edu
-		- lib.stanford.edu
-		- library.stanford.edu
-		- makeagift.stanford.edu
-		- makeapledge.stanford.edu
-		- makeapledgepayment.stanford.edu
-		- .maps.stanford.edu
-		- maven.stanford.edu
-		- .mla.stanford.edu
-		- mygsb.stanford.edu
-		- mail.ohns.stanford.edu
-		- .ohsx.stanford.edu
-		- openflow.stanford.edu
-		- .openknowledge.stanford.edu
-		- owamail.stanford.edu
-		- pgnet.stanford.edu
-		- pmg-prd.stanford.edu
-		- .porterdrive.stanford.edu
-		- sallie.stanford.edu
-		- scpd.stanford.edu
-		- sdr.stanford.edu
-		- axess.sahr.stanford.edu
-		- sdr.stanford.edu
-		- searchworks.stanford.edu
-		- .siepr.stanford.edu
-		- www2.slac.stanford.edu
-		- spectrum.stanford.edu
-		- stanfordcareers.stanford.edu
-		- steppingout.stanford.edu
-		- sustainable.stanford.edu
-		- .techcommons.stanford.edu
-		- .web.stanford.edu
-		- xsearch.stanford.edu
-
-
-	Mixed content:
-
-		- iframes, on:
-
-			- admission, defaultsmblog, journalism, openknowledge, opnotes, palliativefellowship, live-bcnm-2015.pantheon from www.youtube.com *
-			- dh2011 from player.vimeo.com
-			- pediatricsclerkshipblog from www.cdc.gov
-			- theory from www.google.com *
-
-		- css, on:
-
-			- 3dqlab, admission, aging, ai, creativewriting, cyberlaw, giving, hdlab, itunes, jarosz, mathematics, openknowledge, palliative, precollegiate, primaryimmune, scholarships, stanfordcareers, stvp from fonts.googleapis.com *
-			- admission from $self *
-			- admission, picture from www *
-			- ai from netdna.bootstrapcdn.com *
-			- biosciences from $self *
-			- coe from med.stanford.edu *
-			- hdlab from $self *
-			- jarosz from $self *
-			- jsk from $self *
-			- mathematics from $self *
-			- metrics from $self *
-			- defaultsmblog, opnotes, palliativefellowship from files2.lynda.com
-			- defaultsmblog, opnotes, palliativefellowship from www.victorfont.com
-			- nayaklab from $self *
-			- scopeblog from $self *
-			- scopeblog from med *
-			- www-ssrl.slac from $self *
-			- stanfordvideo from ucomm.stanford.edu *
-			- stvp from ajax.googleapis.com *
-
-		- flash on jrbp from cdn.abclocal.go.com
-
-		- Images, on:
-
-			- 3dqlab, ctr, icenter, jrbp, litlab, parents, siwgallery, stvp, summerhumanities, youthorchestra from web.stanford.edu *
-			- admission from $self *
-			- aging, palliative from ^stanford.edu *
-			- ahpcrc, dh2011, icenter, ohsx, president, roundtable, sr, summerhumanities, xsearch from www.stanford.edu *
-			- ai from $self *
-			- anderson from $self *
-			- cislblog from $self *
-			- cislblog from somblogs.stanford.edu
-			- live-bcnm-2015.pantheon from bcnm.berkeley.edu *
-			- live-bcnm-2015.pantheon from $self *
-			- cepa from $self *
-			- comm from $self *
-			- creativewriting from $self *
-			- ed from pbs.twimg.com *
-			- engineering from blog.hubspot.com *
-			- engineering from cdn2.hubspot.net *
-			- facultyaffairs from bewell.stanford.edu *
-			- geriatrics from aging.stanford.edu *
-			- identity from sites.stanford.edu *
-			- journalism from $self *
-			- journalism from stanfordjournalism.com
-			- jrbp from $self *
-			- jrbp from news.stanford.edu *
-			- jsk from knight.stanford.edu *
-			- laneblog from ecx.images-amazon.com
-			- library from maps.googleapis.com *
-			- (www.)med from med *
-			- metrics from $self *
-			- nayaklab from $self *
-			- opacs from $self *
-			- openknowledge from $self *
-			- roadside-mba from i.vimeocdn.com
-			- scholarships from pgnet.stanford.edu *
-			- scro from researchcompliance.stanford.edu *
-			- scro from $self *
-			- sharedfacilities from tasc.stanford.edu
-			- www-ssrl.slac from $self *
-			- stanfordcareers from $self *
-			- sunwoolab from s.wordpress.com *
-			- tasc-play-room from www.lifescisoft.com
-			- tasc-play-room from $self *
-			- teruel from $self *
-			- visit from $self *
-			- www-csli from $self *
-			- www-group from home.slac.stanford.edu *
-
-		- favicons, on:
-
-			- ai from $self *
-			- financialaid, picture, visit from www.stanford.edu *
-			- janestanford from registrar.stanford.edu *
-			- www-ssrl.slac from www6.slac.stanford.edu *
-
-		- Ads/bugs, on:
-
-			- chemsysbio www.westminsterpromotions.com
-			- events from www.facebook.com *
-			- jarosz from c.statcounter.com *
-
-	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Stanford.edu (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="stanford.edu" />
-	<target host="125.stanford.edu" />
-	<target host="3dqcaseofmonth.stanford.edu" />
-	<target host="3dqlab.stanford.edu" />
-	<target host="accessories.stanford.edu" />
-	<!--target host="accounts.stanford.edu" /-->
-	<target host="achenglab.stanford.edu" />
-	<!--target host="acomp.stanford.edu" /-->
-	<target host="acp.stanford.edu" />
-	<target host="adminguide.stanford.edu" />
-	<target host="admission.stanford.edu" />
-	<target host="aging.stanford.edu" />
-	<!--target host="ahpcrc.stanford.edu" /-->
-	<target host="ai.stanford.edu" />
-	<target host="alumni.stanford.edu" />
-	<target host="alumni-gsb.stanford.edu" />
-	<target host="analytics.stanford.edu" />
-	<target host="anderson.stanford.edu" />
-	<target host="annualreport.stanford.edu" />
-	<target host="answers.stanford.edu" />
-	<target host="apps.stanford.edu" />
-	<target host="art.stanford.edu" />
-	<target host="arts.stanford.edu" />
-	<target host="artsdashboard.stanford.edu" />
-	<target host="artsinstitute.stanford.edu" />
-	<target host="arue.stanford.edu" />
-	<target host="as.stanford.edu" />
-	<target host="asdashboard.stanford.edu" />
-	<!--target host="assu-web.stanford.edu" /-->
-	<target host="asweb.stanford.edu" />
-	<target host="aswebstat.stanford.edu" />
-	<target host="ats.stanford.edu" />
-	<target host="atxpo.stanford.edu" />
-	<target host="axess.stanford.edu" />
-	<target host="babytalk.stanford.edu" />
-	<target host="basemap.stanford.edu" />
-	<target host="beam.stanford.edu" />
-	<target host="benefactor.stanford.edu" />
-	<target host="benefits.stanford.edu" />
-	<target host="benefitsu.stanford.edu" />
-	<target host="bewell.stanford.edu" />
-	<target host="beyondthebubble.stanford.edu" />
-	<target host="biox.stanford.edu" />
-	<target host="bloodcenterblog.stanford.edu" />
-	<target host="bodoni.stanford.edu" />
-	<target host="btb-preview.stanford.edu" />
-	<target host="bulletin.stanford.edu" />
-	<target host="businessaffairs.stanford.edu" />
-	<target host="cardinalatwork.stanford.edu" />
-	<target host="campus-map.stanford.edu" />
-	<target host="cancer.stanford.edu" />
-	<target host="cap.stanford.edu" />
-	<target host="ccrma.stanford.edu" />
-	<!--target host="cdc-tree.stanford.edu" /-->
-	<target host="cepa.stanford.edu" />
-	<target host="cesta.stanford.edu" />
-	<target host="cgi.stanford.edu" />
-	<target host="chemsysbio.stanford.edu" />
-	<target host="chiefsblog.stanford.edu" />
-	<target host="cislblog.stanford.edu" />
-	<target host="classx.stanford.edu" />
-	<target host="classx-admin.stanford.edu" />
-	<target host="clinicalinformatics.stanford.edu" />
-	<target host="cm-mail.stanford.edu" />
-	<target host="cm-openwebmail.stanford.edu" />
-	<target host="cmems.stanford.edu" />
-	<target host="cmgm3.stanford.edu" />
-	<target host="collections.stanford.edu" />
-	<target host="comm.stanford.edu" />
-	<target host="commencement.stanford.edu" />
-	<target host="compassionjournal.stanford.edu" />
-	<target host="continuingstudies.stanford.edu" />
-	<target host="corporate.stanford.edu" />
-	<target host="cr2c.stanford.edu" />
-	<target host="creativewriting.stanford.edu" />
-	<target host="crowd.stanford.edu" />
-	<target host="crypto.stanford.edu" />
-	<target host="cs.stanford.edu" />
-	<target host="cslipublications.stanford.edu" />
-	<target host="ctr.stanford.edu" />
-	<!--target host="curryrice.stanford.edu" /-->
-	<target host="cyberlaw.stanford.edu" />
-	<target host="dams.stanford.edu" />
-	<target host="dashboard.stanford.edu" />
-	<target host="defaultsmblog.stanford.edu" />
-	<target host="dge.stanford.edu" />
-	<target host="dh2011.stanford.edu" />
-	<target host="dhminor.stanford.edu" />
-	<target host="dish.stanford.edu" />
-	<target host="diversityandaccess.stanford.edu" />
-	<target host="dlcl.stanford.edu" />
-	<target host="docxpress.stanford.edu" />
-	<target host="doresearch.stanford.edu" />
-	<target host="drupalthemes.stanford.edu" />
-	<target host="drupaltraining.stanford.edu" />
-	<target host="e-iper.stanford.edu" />
-	<target host="earth.stanford.edu" />
-	<target host="earthsci.stanford.edu" />
-	<target host="earthsystems.stanford.edu" />
-	<target host="ebola.stanford.edu" />
-	<target host="ed.stanford.edu" />
-	<target host="ee.stanford.edu" />
-	<target host="ee-www.stanford.edu" />
-	<target host="ehs.stanford.edu" />
-	<target host="eip.stanford.edu" />
-	<target host="english.stanford.edu" />
-	<!--target host="engineering.stanford.edu" /-->
-	<target host="enttextbook.stanford.edu" />
-	<target host="epgy.stanford.edu" />
-	<target host="eprotocol.stanford.edu" />
-	<target host="ere.stanford.edu" />
-	<target host="events.stanford.edu" />
-	<target host="experts.stanford.edu" />
-	<target host="explorecourses.stanford.edu" />
-	<target host="facultyaffairs.stanford.edu" />
-	<target host="facultyaffairs-humsci.stanford.edu" />
-	<target host="facultyappts.stanford.edu" />
-	<target host="facultydevelopment.stanford.edu" />
-	<target host="facultyhandbook.stanford.edu" />
-	<target host="fah.stanford.edu" />
-	<target host="famis-sunet.stanford.edu" />
-	<target host="financialaid.stanford.edu" />
-	<target host="folding.stanford.edu" />
-	<target host="forum.stanford.edu" />
-	<target host="foryou.stanford.edu" />
-	<target host="founders.stanford.edu" />
-	<target host="gadgets.stanford.edu" />
-	<target host="gap.stanford.edu" />
-	<target host="gdp.stanford.edu" />
-	<target host="geophysics.stanford.edu" />
-	<target host="geriatrics.stanford.edu" />
-	<target host="gift.stanford.edu" />
-	<target host="gifts.stanford.edu" />
-	<target host="give.stanford.edu" />
-	<target host="www.give.stanford.edu" />
-	<target host="givetolocal.stanford.edu" />
-	<target host="www.givetolocal.stanford.edu" />
-	<target host="giving.stanford.edu" />
-	<target host="givinghistory.stanford.edu" />
-	<target host="givingtostanford.stanford.edu" />
-	<target host="global.stanford.edu" />
-	<target host="goglobal.stanford.edu" />
-	<target host="gradadmissions.stanford.edu" />
-	<target host="graphics.stanford.edu" />
-	<target host="grilletlab.stanford.edu" />
-	<target host="gsb.stanford.edu" />
-	<target host="www.gsb.stanford.edu" />
-	<target host="gse-it.stanford.edu" />
-	<target host="gus-humsci.stanford.edu" />
-	<!--target host="hannahousetours.stanford.edu" /-->
-	<target host="harass.stanford.edu" />
-	<!--target host="hdlab.stanford.edu" /-->
-	<target host="healthysteps.stanford.edu" />
-	<target host="hearinglosscure.stanford.edu" />
-	<target host="hellerlab.stanford.edu" />
-	<target host="helpsu.stanford.edu" />
-	<target host="hiplogin.stanford.edu" />
-	<target host="honorrolls.stanford.edu" />
-	<target host="hr.stanford.edu" />
-	<target host="hsdo.stanford.edu" />
-	<target host="humansubjects.stanford.edu" />
-	<target host="hydrus-prod.stanford.edu" />
-	<target host="icenter.stanford.edu" />
-	<!--target host="icme.stanford.edu" /-->
-	<target host="ico.stanford.edu" />
-	<target host="identity.stanford.edu" />
-	<target host="idp.stanford.edu" />
-	<target host="itservices.stanford.edu" />
-	<target host="itunes.stanford.edu" />
-	<target host="janestanford.stanford.edu" />
-	<!--target host="jarosz.stanford.edu" /-->
-	<target host="journalism.stanford.edu" />
-	<target host="jrbp.stanford.edu" />
-	<!--target host="jsk.stanford.edu" /-->
-	<target host="lagunita.stanford.edu" />
-	<target host="labanimals.stanford.edu" />
-	<target host="lane.stanford.edu" />
-	<target host="lane-beta.stanford.edu" />
-	<target host="lane-preprod.stanford.edu" />
-	<target host="laneblog.stanford.edu" />
-	<target host="law.stanford.edu" />
-
-	<target host="blogs.law.stanford.edu" />
-	<target host="cch.law.stanford.edu" />
-	<target host="www.law.stanford.edu" />
-
-	<target host="lbre.stanford.edu" />
-	<target host="lbre-apps.stanford.edu" />
-	<target host="lbre-internal.stanford.edu" />
-	<target host="lbrehr.stanford.edu" />
-	<target host="leadershipcircle.stanford.edu" />
-	<target host="learndrupal.stanford.edu" />
-	<target host="lib.stanford.edu" />
-	<target host="libappprod1.stanford.edu" />
-	<target host="library.stanford.edu" />
-	<target host="linguistics.stanford.edu" />
-	<target host="lists.stanford.edu" />
-	<target host="litlab.stanford.edu" />
-	<target host="live.stanford.edu" />
-	<target host="maduke.stanford.edu" />
-	<target host="mailman.stanford.edu" />
-	<target host="majors.stanford.edu" />
-	<target host="makeagift.stanford.edu" />
-	<target host="makeapledge.stanford.edu" />
-	<target host="makeapledgepayment.stanford.edu" />
-	<target host="maps-secure.stanford.edu" />
-	<target host="mast.stanford.edu" />
-	<!--target host="math.stanford.edu" /-->
-	<target host="mathcircle.stanford.edu" />
-	<!--target host="mathematics.stanford.edu" /-->
-	<target host="maven.stanford.edu" />
-	<target host="mbhd2013.stanford.edu" />
-	<target host="med.stanford.edu" />
-	<target host="www.med.stanford.edu" />
-	<target host="medwiki.stanford.edu" />
-	<target host="mentoring.stanford.edu" />
-	<!--target host="metrics.stanford.edu" /-->
-	<target host="military.stanford.edu" />
-	<target host="mla.stanford.edu" />
-	<target host="monitoring.stanford.edu" />
-	<target host="monitoring-internal.stanford.edu" />
-	<target host="museum.stanford.edu" />
-	<target host="music.stanford.edu" />
-	<target host="mustaphalab.stanford.edu" />
-	<target host="mvideos.stanford.edu" />
-	<target host="mygsb.stanford.edu" />
-	<target host="www.mygsb.stanford.edu" />
-	<target host="nagios.stanford.edu" />
-	<!--target host="nayaklab.stanford.edu" /-->
-	<target host="neuroscience.stanford.edu" />
-	<target host="news.stanford.edu" />
-	<target host="novel.stanford.edu" />
-	<target host="notalone.stanford.edu" />
-	<target host="npl.stanford.edu" />
-	<target host="oae.stanford.edu" />
-	<target host="ogc.stanford.edu" />
-	<target host="oghalailab.stanford.edu" />
-	<target host="mail.ohns.stanford.edu" />
-	<target host="ohs.stanford.edu" />
-	<target host="ohsx.stanford.edu" />
-	<target host="oia.stanford.edu" />
-	<target host="opacs.stanford.edu" />
-	<target host="opacsprd.stanford.edu" />
-	<target host="openflow.stanford.edu" />
-	<target host="openknowledge.stanford.edu" />
-	<target host="openxchange.stanford.edu" />
-	<target host="opnotes.stanford.edu" />
-	<target host="orderit-pmg.stanford.edu" />
-	<target host="osep.stanford.edu" />
-	<target host="otl.stanford.edu" />
-	<target host="otldisclosure.stanford.edu" />
-	<target host="owamail.stanford.edu" />
-	<target host="palliative.stanford.edu" />
-	<target host="palliativefellowship.stanford.edu" />
-	<target host="pangea.stanford.edu" />
-	<target host="parents.stanford.edu" />
-	<target host="parentsweekend.stanford.edu" />
-	<target host="parkinsonsblog.stanford.edu" />
-	<!--target host="pediatricsclerkshipblog.stanford.edu" /-->
-	<target host="pedsit.stanford.edu" />
-	<target host="people.stanford.edu" />
-	<target host="perimetertrail.stanford.edu" />
-	<target host="pgnet.stanford.edu" />
-	<!--target host="picture.stanford.edu" /-->
-	<target host="pidpic.stanford.edu" />
-	<target host="pilot-eip.stanford.edu" />
-	<target host="plato.stanford.edu" />
-	<target host="pmg-prd.stanford.edu" />
-	<target host="police.stanford.edu" />
-	<target host="porterdrive.stanford.edu" />
-	<target host="precollegiate.stanford.edu" />
-	<target host="president.stanford.edu" />
-	<target host="primaryimmune.stanford.edu" />
-	<target host="privacy.stanford.edu" />
-	<target host="profiles.stanford.edu" />
-	<target host="provost.stanford.edu" />
-	<target host="publicaffairs.stanford.edu" />
-	<target host="purl.stanford.edu" />
-	<target host="radoncinternal.stanford.edu" />
-	<target host="registrar.stanford.edu" />
-	<target host="rescomp.stanford.edu" />
-	<target host="remedy.stanford.edu" />
-	<target host="remedyweb.stanford.edu" />
-	<target host="researchcompliance.stanford.edu" />
-	<target host="riccilab.stanford.edu" />
-	<target host="roadside-mba.stanford.edu" />
-	<target host="roundtable.stanford.edu" />
-	<target host="safety.stanford.edu" />
-	<target host="saforms.stanford.edu" />
-	<target host="axess.sahr.stanford.edu" />
-	<!--target host="saisapp67.stanford.edu" /-->
-	<target host="sallie.stanford.edu" />
-	<target host="sallie-info.stanford.edu" />
-	<target host="scpd.stanford.edu" />
-	<target host="scholarships.stanford.edu" />
-	<target host="sciencecircle.stanford.edu" />
-	<target host="scienceconference.stanford.edu" />
-	<target host="scopeblog.stanford.edu" />
-	<target host="scro.stanford.edu" />
-	<target host="sdlf.stanford.edu" />
-	<target host="sdr.stanford.edu" />
-	<target host="searchworks.stanford.edu" />
-	<target host="seclab.stanford.edu" />
-	<target host="security.stanford.edu" />
-	<target host="securityblog.stanford.edu" />
-	<!--target host="securitylunch.stanford.edu" /-->
-	<target host="seed.stanford.edu" />
-	<target host="seniorgift.stanford.edu" />
-	<target host="sera.stanford.edu" />
-	<target host="sfs.stanford.edu" />
-	<target host="sharedfacilities.stanford.edu" />
-	<target host="sheg.stanford.edu" />
-	<target host="sheg-preview.stanford.edu" />
-	<target host="siepr.stanford.edu" />
-	<target host="sites.stanford.edu" />
-	<target host="sites-jumpstart.stanford.edu" />
-	<target host="siw.stanford.edu" />
-	<target host="siwgallery.stanford.edu" />
-
-	<target host="bbr-wiki.slac.stanford.edu" />
-	<target host="careers.slac.stanford.edu" />
-	<target host="home.slac.stanford.edu" />
-	<target host="intranet.slac.stanford.edu" />
-	<target host="news.slac.stanford.edu" />
-	<target host="oraweb.slac.stanford.edu" />
-	<target host="webauth1.slac.stanford.edu" />
-	<target host="www.slac.stanford.edu" />
-	<target host="www-conf.slac.stanford.edu" />
-	<target host="www-group.slac.stanford.edu" />
-	<target host="www-public.slac.stanford.edu" />
-	<!--target host="www-ssrl.slac.stanford.edu" /-->
-	<target host="www2.slac.stanford.edu" />
-	<target host="www6.slac.stanford.edu" />
-
-	<target host="smartpage.stanford.edu" />
-	<target host="smiliblog.stanford.edu" />
-	<target host="smstaging.stanford.edu" />
-	<target host="soap.stanford.edu" />
-	<target host="spcs.stanford.edu" />
-	<target host="spectrum.stanford.edu" />
-	<target host="sr.stanford.edu" />
-	<target host="stacks.stanford.edu" />
-	<target host="stanford25blog.stanford.edu" />
-	<target host="stanfordcareers.stanford.edu" />
-	<target host="stanfordconnects.stanford.edu" />
-	<target host="stanfordevents.stanford.edu" />
-	<target host="stanfordfund.stanford.edu" />
-	<!--target host="stanfordvideo.stanford.edu" /-->
-	<target host="stanfordwho.stanford.edu" />
-	<target host="stanfordyou.stanford.edu" />
-	<target host="steppingout.stanford.edu" />
-	<target host="studentaffairs.stanford.edu" />
-	<target host="studentservicescenter.stanford.edu" />
-	<target host="studentwellness.stanford.edu" />
-	<target host="stvp.stanford.edu" />
-	<target host="sues.stanford.edu" />
-	<target host="sumac.stanford.edu" />
-	<target host="summercollege.stanford.edu" />
-	<target host="summercollegeacademy.stanford.edu" />
-	<target host="summerhumanities.stanford.edu" />
-	<!--target host="summerinstitutes.stanford.edu" /-->
-	<target host="sunwoolab.stanford.edu" />
-	<target host="sustainable.stanford.edu" />
-	<target host="suwebmasters.stanford.edu" />
-	<target host="swsblog.stanford.edu" />
-	<target host="talks.stanford.edu" />
-	<target host="tasc-play-room.stanford.edu" />
-	<target host="teachingcommons.stanford.edu" />
-	<target host="techcommons.stanford.edu" />
-	<target host="teruel.stanford.edu" />
-	<target host="thefund.stanford.edu" />
-	<!--target host="theory.stanford.edu" /-->
-	<target host="thestanfordfund.stanford.edu" />
-	<target host="tickets.stanford.edu" />
-	<target host="titleix.stanford.edu" />
-	<target host="transportation.stanford.edu" />
-	<target host="tsf.stanford.edu" />
-	<target host="ucomm.stanford.edu" />
-	<target host="uit.stanford.edu" />
-	<target host="uitalerts.stanford.edu" />
-	<target host="undergrad.stanford.edu" />
-	<!--target host="vaden.stanford.edu" /-->
-	<target host="vadenpatient.stanford.edu" />
-	<target host="vhil.stanford.edu" />
-	<target host="visit.stanford.edu" />
-	<target host="vp-studentaffairs.stanford.edu" />
-	<target host="vpge.stanford.edu" />
-	<target host="vptl.stanford.edu" />
-	<!--target host="waivers.stanford.edu" /-->
-	<target host="wasc.stanford.edu" />
-	<target host="web.stanford.edu" />
-	<target host="weblogin.stanford.edu" />
-	<target host="webmail.stanford.edu" />
-	<target host="websense.stanford.edu" />
-	<target host="wellness.stanford.edu" />
-	<target host="woods.stanford.edu" />
-	<target host="www.stanford.edu" />
-	<target host="www-aws.stanford.edu" />
-	<target host="www-csli.stanford.edu" />
-	<target host="www-ee.stanford.edu" />
-	<target host="xenon.stanford.edu" />
-	<target host="xsearch.stanford.edu" />
-	<target host="youngalumni.stanford.edu" />
-	<target host="youthorchestra.stanford.edu" />
-
-	<!--	Complications:
-				-->
-	<target host="askjane.stanford.edu" />
-	<target host="bcnm.stanford.edu" />
-	<target host="brannerlibrary.stanford.edu" />
-	<target host="cao.stanford.edu" />
-	<target host="compgeo.stanford.edu" />
-	<target host="computing.stanford.edu" />
-	<target host="www.cs.stanford.edu" />
-	<target host="cwp.stanford.edu" />
-	<target host="dataclass.stanford.edu" />
-	<target host="dor.stanford.edu" />
-	<target host="email.stanford.edu" />
-	<target host="endoflife.stanford.edu" />
-	<target host="eps.stanford.edu" />
-	<target host="ess.stanford.edu" />
-	<target host="fingate.stanford.edu" />
-	<target host="globalecology.stanford.edu" />
-	<target host="alumni.gsb.stanford.edu" />
-	<target host="gse.stanford.edu" />
-	<target host="gsehelpsu.stanford.edu" />
-	<target host="helpcenter.stanford.edu" />
-	<target host="hipaa.stanford.edu" />
-	<target host="hrg.stanford.edu" />
-	<target host="infocenter.stanford.edu" />
-	<target host="italerts.stanford.edu" />
-	<target host="itmetrics.stanford.edu" />
-	<target host="itwinterclose.stanford.edu" />
-	<target host="itwinterclosure.stanford.edu" />
-	<!--target host="knight.stanford.edu" /-->
-	<target host="mededresearch.stanford.edu" />
-	<target host="netreg.stanford.edu" />
-	<target host="orderit.stanford.edu" />
-	<target host="plans-review.stanford.edu" />
-	<target host="psychiatry.stanford.edu" />
-	<target host="rcc.stanford.edu" />
-	<target host="refunds.stanford.edu" />
-	<target host="sao.stanford.edu" />
-	<target host="search.stanford.edu" />
-	<target host="securecomputing.stanford.edu" />
-	<target host="shibboleth.stanford.edu" />
-	<target host="signalblog.stanford.edu" />
-	<target host="slac.stanford.edu" />
-	<!--target host="soe.stanford.edu" /-->
-	<target host="sparkmed.stanford.edu" />
-	<target host="stanfordmedicine.stanford.edu" />
-	<target host="stucomp.stanford.edu" />
-	<target host="sunsport.stanford.edu" />
-	<target host="tba.stanford.edu" />
-	<target host="techbriefings.stanford.edu" />
-	<target host="trachea.stanford.edu" />
-	<target host="tram.stanford.edu" />
-	<target host="uhr.stanford.edu" />
-	<target host="uitcomms.stanford.edu" />
-	<target host="vpol.stanford.edu" />
-	<target host="webdesign.stanford.edu" />
-	<target host="webservices.stanford.edu" />
-	<target host="worklife.stanford.edu" />
-	<target host="www-cs.stanford.edu" />
-	<target host="www-cs-faculty.stanford.edu" />
-	<target host="www-cs-students.stanford.edu" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://125\.stanford\.edu/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://125\.stanford\.edu/+(?!wp-content/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://125.stanford.edu/event/thinking-big-about-learning" />
-			<test url="http://125.stanford.edu/event/thinking-big-about-learning/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://125.stanford.edu/wp-content/themes/stanford-125/css/dist/print.min.css" />
-
-		<!--	Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://arts\.stanford\.edu/+(?!wp-content/|wp-includes/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://arts.stanford.edu/for-faculty-and-staff/" />
-			<test url="http://arts.stanford.edu/for-visitors/" />
-			<test url="http://arts.stanford.edu/tag/state-of-the-arts/" />
-			<!--
-				(404):
-					-->
-			<test url="http://arts.stanford.edu/for-students/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://arts.stanford.edu/wp-content/themes/stanford-arts/i/StanfordArts_LOGO-01.png" />
-			<test url="http://arts.stanford.edu/wp-content/themes/stanford-arts/style.css" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="http://bodoni\.stanford\.edu/uhtbin/cgisirsi\?ps=[\w/]+$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://bodoni\.stanford\.edu/(?!WebCat_Local/Images/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://bodoni.stanford.edu/uhtbin/cgisirsi/?ps=DT8672w09N/GREEN/101840026/60/673/X/BLASTOFF" />
-			<test url="http://bodoni.stanford.edu/uhtbin/cgisirsi/?ps=Gjzs7D72xP/GREEN/101840026/61/672/X/BLASTOFF" />
-			<test url="http://bodoni.stanford.edu/uhtbin/cgisirsi/?ps=e2NlsnJ2MP/GREEN/101840026/36/648/X/BLASTOFF" />
-
-			<!--	-ve:
-					-->
-			<test url="http://bodoni.stanford.edu/WebCat_Local/Images/sul_logo.gif" />
-			<test url="http://bodoni.stanford.edu/WebCat_Local/Images/LIBLOGO.gif" />
-
-		<!--	Exclusion for Flashproxy:
-
-			https://trac.torproject.org/projects/tor/wiki/FlashProxyFAQ
-										-->
-		<exclusion pattern="^http://crypto\.stanford\.edu/flashproxy/embed\.html" />
-
-			<!--	+ve:
-					-->
-			<test url="http://crypto.stanford.edu/flashproxy/embed.html" />
-
-		<exclusion pattern="^http://plato\.stanford\.edu/+(?!css/|symbols/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://plato.stanford.edu/contents.html" />
-			<test url="http://plato.stanford.edu/info.html" />
-			<test url="http://plato.stanford.edu/support/sepia.html" />
-
-			<!--	+ve:
-					-->
-			<test url="http://plato.stanford.edu/css/entry.css" />
-			<test url="http://plato.stanford.edu/symbols/flags.png" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://scopeblog\.stanford\.edu/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://scopeblog\.stanford\.edu/+(?!wp-content/|wp-includes/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://scopeblog.stanford.edu/about-scope/" />
-			<test url="http://scopeblog.stanford.edu/category/technology/" />
-			<test url="http://scopeblog.stanford.edu/for-faculty-and-staff/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://scopeblog.stanford.edu/wp-content/themes/scope/images/logo.png" />
-
-		<!--	Redirect to http:
-						-->
-		<!--exclusion pattern="^http://scpd\.stanford\.edu/home$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://scpd\.stanford\.edu/+(?!css/|favicon\.ico|public/|restricted/|upload/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://scpd.stanford.edu/certificates/projectmanagement/" />
-			<test url="http://scpd.stanford.edu/courses/statistics-courses.jsp" />
-			<test url="http://scpd.stanford.edu/design" />
-			<test url="http://scpd.stanford.edu/online-engineering-courses.jsp" />
-			<test url="http://scpd.stanford.edu/public/category/courseCategoryCertificateProfile.do?method=load&amp;certificateId=13886655" />
-			<test url="http://scpd.stanford.edu/search/" />
-			<test url="http://scpd.stanford.edu/search/publicCourseSearchDetails.do?method=load&amp;courseId=6085755" />
-
-			<!--	-ve:
-					-->
-			<test url="http://scpd.stanford.edu/css/customBase.css" />
-			<test url="http://scpd.stanford.edu/favicon.ico" />
-			<test url="http://scpd.stanford.edu/restricted/css/base.css" />
-			<test url="http://scpd.stanford.edu/restricted/portal/common/studentLoginExistingUserEmbeddable.jsp" />
-			<test url="http://scpd.stanford.edu/upload/publicViewCSS/1/scpd.min.css" />
-
-		<!--	/*(?!$) 404s:
-
-			(Note: It's impossible to fill this quota)
-								-->
-		<!--exclusion pattern="^http://soe\.stanford\.edu/+(?!$)" /-->
-
-			<!--	+ve:
-					-->
-			<!--test url="http://soe.stanford.edu/home" /-->
-			<!--test url="http://soe.stanford.edu/home.htm" /-->
-
-			<!--	-ve:
-					-->
-			<!--test url="http://soe.stanford.edu//" /-->
-
-		<!--	Personal dirs 404
-					-->
-		<exclusion pattern="^http://(?:www-cs-students|xenon)\.stanford\.edu/+~" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www-cs-students.stanford.edu/~blynn/gitmagic/" />
-			<test url="http://www-cs-students.stanford.edu/~silva/" />
-			<test url="http://xenon.stanford.edu/~lswartz/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.stanford\.edu$" name="^(COOKIE_DEVICE_CLASS|SS_MID|pgn_new_browser|pgn_user2?)$" /-->
-	<!--securecookie host="^(alumni|alumni-gsb|givinghistory|honorrolls|makeagift|makeapledge|makeapledgepayment|pgnet)?\.stanford\.edu$" name="^TS[\da-f]{8}$" /-->
-	<!--securecookie host="^3dqlab\.stanford\.edu$" name="^nf_wp_session$" /-->
-	<!--securecookie host="^(?:classx|pmg-prd)\.stanford\.edu$" name="^ASP\.NET_SessionId$" /-->
-	<!--securecookie host="^(?:campus-map|give)\.stanford\.edu$" name="^(?:CFID|CFTOKEN)$" /-->
-	<!--securecookie host="^cdc-tree\.stanford\.edu$" name="^_session_id$" /-->
-	<!--securecookie host="^continuingstudies\.stanford\.edu$" name="^(?:PHPSESSID|cspci_cisession)$" /-->
-	<!--securecookie host="^doresearch\.stanford\.edu$" name="^(SimpleSAMLSessionID|simplesamlphp_auth_returnto)$" /-->
-	<!--securecookie host="^(\.answers|\.bewell|\.bgm|\.ccrma|\.engineering|\.facultyaffairs|\.facultyaffairs-humsci|\.gse-it|\.hsdo|\.law|\.lbre|\.learndrupal|\.lib|\.maps|\.mla|\.ohsx|\.openknowledge|\.porterdrive|\.siepr|\.stanfordcareers|\.techcommons|web)?\.stanford\.edu$" name="^SESS[\da-f]{32}$" /-->
-	<!--securecookie host="^epgy\.stanford\.edu$" name="^[\da-f]{32}$" /-->
-	<!--securecookie host="^(eip|hannahousetours|anderson|healthysteps|lane|mentoring|otldisclosure|pilot-eip|steppingout)\.stanford\.edu$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^(cap|explorecourses|lane|med|maven|openflow|sallie|scpd|xsearch)\.stanford\.edu$" name="^JSESSIONID$" /-->
-	<!--securecookie host="^lagunita\.stanford\.edu$" name="^(?:AWSELB|csrftoken)$" /-->
-	<!--securecookie host="^\.lagunita\.stanford\.edu$" name="^prod-edx-session-id$" /-->
-	<!--securecookie host="^(?:www\.)?law\.stanford\.edu$" name="^X-Mapping-fjhppofk$" /-->
-	<!--securecookie host="^blogs\.law\.stanford\.edu$" name="^bid$" /-->
-	<!--securecookie host="^library\.stanford\.edu$" name="^BIGipServer~SULAIR~libweb_https$" /-->
-	<!--securecookie host="^mvideos\.stanford\.edu$" name="^(ASP\.NET_SessionId|\.ASPXAUTH)$" /-->
-	<!--securecookie host="^mygsb\.stanford\.edu$" name="^(?:NO_CACHE|SimpleSAMLSessionID)$" /-->
-	<!--securecookie host="^mygsb\.stanford\.edu$" name="^(?:cadata|sessionid)$" /-->
-	<!--securecookie host="^owamail\.stanford\.edu$" name="^ClientId$" /-->
-	<!--securecookie host="^www2\.slac\.stanford\.edu$" name="^ASPSESSIONID\w+$" /-->
-	<!--securecookie host="^searchworks\.stanford\.edu$" name="^(?:_SearchWorks_session|request_method)$" /-->
-	<!--securecookie host="^(?:dams|sdr)\.stanford\.edu$" name="^_hydrus_session$" /-->
-	<!--securecookie host="^spectrum\.stanford\.edu$" name="^_refinery_session$" /-->
-	<!--securecookie host="^sustainable\.stanford\.edu$" name="^SimpleSAMLSessionID$" /-->
-
-	<securecookie host="^(?:3dqlab|adminguide|alumni|alumni-gsb|anderson|\.answers|\.bewell|campus-map|cap|classx|continuingstudies|dams|ehsappprd1|eip|epgy|explorecourses|\.facultyaffairs|\.facultyaffairs-humsci|give|givinghistory|\.gse-it|hannahousetours|healthysteps|honorrolls|\.itservices|lagunita|lane|(?:www\.)?law|(?:blogs)?\.law|\.lbre|\.learndrupal|library|makeagift|makeapledge|makeapledgepayment|maven|mentoring|\.mla|mvideos|mygsb|mail\.ohns|\.ohsx|openflow|otldisclosure|owamail|parents|pgnet|pilot-eip|\.porterdrive|sallie|\.sdlf|sdr|searchworks|\.siepr|(?:\.news|www6)\.slac\|spectrum|\.stanfordcareers|stanfordwho|steppingout|\.techcommons|weblogin|webauth1|xsearch).stanford\.edu$" name=".+" />
-
-
-	<rule from="^http://askjane\.stanford\.edu/.*"
-		to="https://studentaffairs.stanford.edu/askjane" />
-
-		<test url="http://askjane.stanford.edu/?" />
-
-	<rule from="^http://bcnm\.stanford\.edu/"
-		to="https://live-bcnm-2015.pantheon.berkeley.edu/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://brannerlibrary\.stanford\.edu/+"
-		to="https://library.stanford.edu/branner/" />
-
-		<test url="http://brannerlibrary.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://sao\.stanford\.edu/+"
-		to="https://cao.carnegiescience.edu/" />
-
-		<test url="http://sao.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://compgeo\.stanford\.edu/+"
-		to="https://pangea.stanford.edu/programs/compgeo/" />
-
-		<test url="http://compgeo.stanford.edu//" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://computing\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/computing" />
-
-		<test url="http://computing.stanford.edu//" />
-
-	<rule from="^http://www\.cs\.stanford\.edu/"
-		to="https://cs.stanford.edu/" />
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://cwp\.stanford\.edu/[^?]*"
-		to="https://med.stanford.edu/irt/teaching/cwp.html" />
-
-		<test url="http://cwp.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://dataclass\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/guide/riskclassifications" />
-
-		<test url="http://dataclass.stanford.edu//" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://dor\.stanford\.edu/"
-		to="https://doresearch.stanford.edu/" />
-
-		<test url="http://dor.stanford.edu/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://email\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/emailcalendar/email/" />
-
-		<test url="http://email.stanford.edu//" />
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://endoflife\.stanford\.edu/[^?]*"
-		to="https://palliative.stanford.edu/endoflife/" />
-
-		<test url="http://endoflife.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://eps\.stanford\.edu/+"
-		to="https://med.stanford.edu/eps/" />
-
-		<test url="http://eps.stanford.edu//" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://ess\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/ess/" />
-
-		<test url="http://ess.stanford.edu//" />
-
-	<rule from="^http://fingate\.stanford\.edu/"
-		to="https://www.stanford.edu/group/fms/fingate/" />
-
-	<rule from="^http://globalecology\.stanford\.edu/"
-		to="https://dge.stanford.edu/" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://gse\.stanford\.edu/+"
-		to="https://ed.stanford.edu/" />
-
-		<test url="http://gse.stanford.edu//" />
-
-	<!--	Rule keeps path, but not
-		args nor forward slash:
-					-->
-	<rule from="^http://gsehelpsu\.stanford\.edu/+([^?]*)(?:$|\?.*)"
-		to="https://helpsu.stanford.edu/helpsu/3.0/helpsu-form?pcat=GSEIT&amp;dept=Graduate%20School%20of%20Education$1" />
-
-		<test url="http://gsehelpsu.stanford.edu/" />
-		<test url="http://gsehelpsu.stanford.edu//" />
-		<test url="http://gsehelpsu.stanford.edu//home" />
-
-	<!--	Redirect keeps path, args,
-		and forward slash:
-					-->
-	<rule from="^http://alumni\.gsb\.stanford\.edu/"
-		to="https://www.gsb.stanford.edu/alumni/" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://helpcenter\.stanford\.edu/+"
-		to="https://cardinalatwork.stanford.edu/faculty-staff-help-center/" />
-
-		<test url="http://helpcenter.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://hipaa\.stanford\.edu/+"
-		to="https://privacy.stanford.edu/" />
-
-		<test url="http://hipaa.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://hrg\.stanford\.edu/+"
-		to="https://med.stanford.edu/hrg/" />
-
-		<test url="http://hrg.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://infocenter\.stanford\.edu/+"
-		to="https://library.stanford.edu/libraries/green/about" />
-
-		<test url="http://infocenter.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://italerts\.stanford\.edu/+"
-		to="https://uitalerts.stanford.edu/" />
-
-		<test url="http://italerts.stanford.edu//" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://itmetrics\.stanford\.edu/+"
-		to="https://dashboard.stanford.edu/" />
-
-		<test url="http://itmetrics.stanford.edu//" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://itwinterclos(?:ur)?e\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/organization/winterclosure" />
-
-		<test url="http://itwinterclose.stanford.edu//" />
-		<test url="http://itwinterclosure.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<!--rule from="^http://knight\.stanford\.edu/+"
-		to="https://jsk.stanford.edu/" /-->
-
-		<!--test url="http://knight.stanford.edu/index.htm" /-->
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://mededresearch\.stanford\.edu/+"
-		to="https://med.stanford.edu/mededresearch/" />
-
-		<test url="http://mededresearch.stanford.edu//" />
-
-	<!--	Redirects like so:
-					-->
-	<rule from="^http://netreg\.stanford\.edu/+"
-		to="https://rescomp.stanford.edu/iprequest/" />
-
-		<test url="http://netreg.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://orderit\.stanford\.edu/+"
-		to="https://pmg-prd.stanford.edu/sc/default.aspx" />
-
-		<test url="http://orderit.stanford.edu//" />
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://plans-review\.stanford\.edu/[^?]"
-		to="https://lbre-apps.stanford.edu/cfapps/prod/plansreview/" />
-
-		<test url="http://plans-review.stanford.edu//" />
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://psychiatry\.stanford\.edu/[^?]*"
-		to="https://med.stanford.edu/psychiatry.html" />
-
-		<test url="http://psychiatry.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://rcc\.stanford\.edu/+"
-		to="https://rescomp.stanford.edu/directory/rcc.php" />
-
-		<test url="http://rcc.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://refunds\.stanford\.edu/+"
-		to="https://survey.az1.qualtrics.com/jfe/form/SV_bkFFEBROps4VrrD" />
-
-		<test url="http://refunds.stanford.edu//" />
-
-	<rule from="^http://search\.stanford\.edu/"
-		to="https://www.stanford.edu/search/" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://securecomputing\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/security/" />
-
-		<test url="http://securecomputing.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://shibboleth\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/shibboleth" />
-
-		<test url="http://shibboleth.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://signalblog\.stanford\.edu/+"
-		to="https://teachingcommons.stanford.edu/teaching-talk" />
-
-		<test url="http://signalblog.stanford.edu//" />
-
-	<rule from="^http://slac\.stanford\.edu/"
-		to="https://www.slac.stanford.edu/" />
-
-	<!--rule from="^http://soe\.stanford\.edu/+$"
-		to="https://engineering.stanford.edu/" /-->
-
-		<!--test url="http://soe.stanford.edu//" /-->
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://sparkmed\.stanford\.edu/+"
-		to="https://med.stanford.edu/sparkmed/" />
-
-		<test url="http://sparkmed.stanford.edu//" />
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://stanfordmedicine\.stanford\.edu/.*"
-		to="https://med.stanford.edu/" />
-
-		<test url="http://stanfordmedicine.stanford.edu//" />
-		<test url="http://stanfordmedicine.stanford.edu/?" />
-
-	<!--	Redirect keeps args, but
-		not forward slash:
-					-->
-	<rule from="^http://stucomp\.stanford\.edu/+(?=$|\?)"
-		to="https://acomp.stanford.edu/students" />
-
-		<test url="http://stucomp.stanford.edu//" />
-		<test url="http://stucomp.stanford.edu/?" />
-
-	<rule from="^http://stucomp\.stanford\.edu/"
-		to="https://acomp.stanford.edu/" />
-
-		<test url="http://stucomp.stanford.edu/home" />
-
-	<!--	Redirect drops args and forward slash:
-							-->
-	<rule from="^http://sunsport\.stanford\.edu/+(?:$|\?.*)"
-		to="https://med.stanford.edu/sunsport.html" />
-
-		<test url="http://sunsport.stanford.edu//" />
-		<test url="http://sunsport.stanford.edu/?" />
-
-	<rule from="^http://sunsport\.stanford\.edu/"
-		to="https://med.stanford.edu/" />
-
-		<test url="http://sunsport.stanford.edu/home" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://tba\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/techtraining/byappointment" />
-
-		<test url="http://tba.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-
-		but not forward slash:
-					-->
-	<rule from="^http://techbriefings\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/techtraining/techbriefings" />
-
-		<test url="http://techbriefings.stanford.edu//" />
-
-	<!--	Redirect drops args:
-					-->
-	<rule from="^http://trachea\.stanford\.edu/+(?:$|\?.*)"
-		to="https://med.stanford.edu/ohns/education/residency/portal/" />
-
-		<test url="http://trachea.stanford.edu//" />
-		<test url="http://trachea.stanford.edu/?" />
-
-	<rule from="^http://trachea\.stanford\.edu/"
-		to="https://med.stanford.edu/" />
-
-		<test url="http://trachea.stanford.edu/home" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://tram\.stanford\.edu/+"
-		to="https://med.stanford.edu/tram/" />
-
-		<test url="http://tram.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://uhr\.stanford\.edu/+"
-		to="https://cardinalatwork.stanford.edu/" />
-
-		<test url="http://uhr.stanford.edu//" />
-
-	<!--	Redirect keeps path, but not
-		args nor forward slash:
-					-->
-	<rule from="^http://uitcomms\.stanford\.edu/+([^?]*)(?:\?.*)?"
-		to="https://helpsu.stanford.edu/helpsu/3.0/helpsu-form?pcat=uitcomm$1" />
-
-		<test url="http://uitcomms.stanford.edu//" />
-		<test url="http://uitcomms.stanford.edu/?" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://vpol\.stanford\.edu/+"
-		to="https://vptl.stanford.edu/" />
-
-		<test url="http://vpol.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://webdesign\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/web/design/" />
-
-		<test url="http://webdesign.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://webservices\.stanford\.edu/+"
-		to="https://itservices.stanford.edu/service/web/designdev" />
-
-		<test url="http://webservices.stanford.edu//" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://worklife\.stanford\.edu/+"
-		to="https://cardinalatwork.stanford.edu/benefits-rewards/worklife/" />
-
-		<test url="http://worklife.stanford.edu//" />
-
-	<rule from="^http://www-cs(?:-faculty)?\.stanford\.edu/"
-		to="https://cs.stanford.edu/" />
-
-	<rule from="^http://www-cs-students\.stanford\.edu/"
-		to="https://xenon.stanford.edu/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stanford.edu-falsemixed.xml b/src/chrome/content/rules/Stanford.edu-falsemixed.xml
deleted file mode 100644
index 3a32cc18230e..000000000000
--- a/src/chrome/content/rules/Stanford.edu-falsemixed.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://hdlab.stanford.edu/ => https://hdlab.stanford.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'hdlab.stanford.edu'")
-Fetch error: http://picture.stanford.edu/ => https://picture.stanford.edu/: Too many redirects while fetching 'https://picture.stanford.edu/'
-
-	For rules not causing false/broken MCB, see Stanford-University.xml.
-
--->
-<ruleset name="Stanford.edu (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="hdlab.stanford.edu" />
-	<target host="jarosz.stanford.edu" />
-	<target host="jsk.stanford.edu" />
-	<target host="mathematics.stanford.edu" />
-	<target host="metrics.stanford.edu" />
-	<target host="nayaklab.stanford.edu" />
-	<target host="pediatricsclerkshipblog.stanford.edu" />
-	<target host="picture.stanford.edu" />
-	<target host="www-ssrl.slac.stanford.edu" />
-	<target host="stanfordvideo.stanford.edu" />
-
-	<!--	Complications:
-				-->
-	<target host="knight.stanford.edu" />
-
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://knight\.stanford\.edu/+"
-		to="https://jsk.stanford.edu/" />
-
-		<test url="http://knight.stanford.edu/index.htm" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stanford.edu.xml b/src/chrome/content/rules/Stanford.edu.xml
new file mode 100644
index 000000000000..9f2e748eb7d4
--- /dev/null
+++ b/src/chrome/content/rules/Stanford.edu.xml
@@ -0,0 +1,201 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- aero-comlab.stanford.edu
+		- crispr-era.stanford.edu
+		- cslibrary.stanford.edu
+		- design.stanford.edu
+		- dionne.stanford.edu
+		- ee263.stanford.edu
+		- highwire.stanford.edu
+		- i.stanford.edu
+		- infolab.stanford.edu
+		- large.stanford.edu
+		- lingo.stanford.edu
+		- mendel.stanford.edu
+		- nifty.stanford.edu
+		- opera.stanford.edu
+		- orbis.stanford.edu
+		- snow.stanford.edu
+		- wordbank.stanford.edu
+		- www-ksl.stanford.edu
+
+		Timeout was reached:
+		- cantorcollection.stanford.edu
+		- okra.stanford.edu
+
+		SSL connect error:
+		- dschool-old.stanford.edu
+		- snf.stanford.edu
+		- solar-center.stanford.edu
+		- yuba.stanford.edu
+
+		SSL peer certificate was not OK:
+		- cs229.stanford.edu
+		- cs231n.stanford.edu
+		- ether.stanford.edu
+		- graeflab.stanford.edu
+		- jmc.stanford.edu
+		- make3d.stanford.edu
+		- mathcircle.stanford.edu
+		- odbook.stanford.edu
+		- securities.stanford.edu
+		- sfgf.stanford.edu
+		- ufldl.stanford.edu
+		- vis.stanford.edu
+		- vision.stanford.edu
+		- www-cs-students.stanford.edu
+
+		Incomplete certificate chain error:
+		- math.stanford.edu
+		- vibe.stanford.edu
+		- virtualmath1.stanford.edu
+
+		4xx client error:
+		- htext.stanford.edu
+
+		Redirects to HTTP:
+		- asl.stanford.edu
+		- cs236.stanford.edu
+		- metalab.stanford.edu
+		- scpd.stanford.edu
+		- speakers.stanford.edu
+
+		Different content:
+		- cvgl.stanford.edu
+		- www-formal.stanford.edu
+
+		Mixed content blocking (MCB) triggered:
+		- cepa.stanford.edu
+		- journalism.stanford.edu
+		- kananlab.stanford.edu
+		- shc.stanford.edu
+		- www-group.slac.stanford.edu
+-->
+<ruleset name="Stanford.edu">
+	<target host="stanford.edu" />
+	<target host="www.stanford.edu" />
+	<target host="ai.stanford.edu" />
+	<target host="anderson.stanford.edu" />
+	<target host="animaltrax.stanford.edu" />
+	<target host="baogroup.stanford.edu" />
+	<target host="biobankengine.stanford.edu" />
+	<target host="bioengineering.stanford.edu" />
+	<target host="bondholder-information.stanford.edu" />
+	<target host="camlab.stanford.edu" />
+	<target host="cars.stanford.edu" />
+	<target host="ceas.stanford.edu" />
+	<target host="cee.stanford.edu" />
+	<target host="cheme.stanford.edu" />
+	<target host="chemistry.stanford.edu" />
+	<target host="chuehlab.stanford.edu" />
+	<target host="collegepuzzle.stanford.edu" />
+	<target host="crustal.stanford.edu" />
+	<target host="crypto.stanford.edu" />
+	<target host="cs.stanford.edu" />
+	<target host="dawn.cs.stanford.edu" />
+	<target host="cs224d.stanford.edu" />
+	<target host="cs224u.stanford.edu" />
+	<target host="cs230.stanford.edu" />
+	<target host="culture-emotion-lab.stanford.edu" />
+	<target host="cyberlaw.stanford.edu" />
+	<target host="designimpact.stanford.edu" />
+	<target host="dish.stanford.edu" />
+	<target host="dloft.stanford.edu" />
+	<target host="dschoolcraft.stanford.edu" />
+	<target host="e145.stanford.edu" />
+	<target host="economics.stanford.edu" />
+	<target host="ed.stanford.edu" />
+	<target host="einstein.stanford.edu" />
+	<target host="energy.stanford.edu" />
+	<target host="execedportal.stanford.edu" />
+	<target host="explorecourses.stanford.edu" />
+	<target host="fairuse.stanford.edu" />
+	<target host="fanlab.stanford.edu" />
+	<target host="fingate.stanford.edu" />
+	<target host="fsi.stanford.edu" />
+	<target host="spice.fsi.stanford.edu" />
+	<target host="gapmap.stanford.edu" />
+	<target host="gcep.stanford.edu" />
+	<target host="givinghistory.stanford.edu" />
+	<target host="givingtohumsci.stanford.edu" />
+	<target host="graphics.stanford.edu" />
+	<target host="www.gsb.stanford.edu" />
+	<target host="hci.stanford.edu" />
+	<target host="healthlibrary.stanford.edu" />
+	<target host="hearinglosscure.stanford.edu" />
+	<target host="hivdb.stanford.edu" />
+	<target host="hopkinsmarinestation.stanford.edu" />
+	<target host="intranet.stanford.edu" />
+	<target host="kidsfirst.stanford.edu" />
+	<target host="apply.knight-hennessy.stanford.edu" />
+	<target host="lagunita.stanford.edu" />
+	<target host="www.launchpad.stanford.edu" />
+	<target host="law.stanford.edu" />
+	<target host="learnedhands.law.stanford.edu" />
+	<target host="nonprofitdocuments.law.stanford.edu" />
+	<target host="www-cdn.law.stanford.edu" />
+	<target host="lbre.stanford.edu" />
+	<target host="leonardodavinci.stanford.edu" />
+	<target host="litlab.stanford.edu" />
+	<target host="lsjumb.stanford.edu" />
+	<target host="makeagift.stanford.edu" />
+	<target host="mally.stanford.edu" />
+	<target host="med.stanford.edu" />
+	<target host="microimmuno.stanford.edu" />
+	<target host="mla.stanford.edu" />
+	<target host="mm-admin.stanford.edu" />
+	<target host="monkeybiz.stanford.edu" />
+	<target host="museum.stanford.edu" />
+	<target host="mygsb.stanford.edu" />
+	<target host="mylibrary.stanford.edu" />
+	<target host="ngi.stanford.edu" />
+	<target host="nlp.stanford.edu" />
+	<target host="npdp.stanford.edu" />
+	<target host="opensim.stanford.edu" />
+	<target host="pangea.stanford.edu" />
+	<target host="aauclert.people.stanford.edu" />
+	<target host="plato.stanford.edu" />
+	<target host="police.stanford.edu" />
+	<target host="policylab.stanford.edu" />
+	<target host="psb.stanford.edu" />
+	<target host="psychology.stanford.edu" />
+	<target host="puffer.stanford.edu" />
+	<target host="pyramidal.stanford.edu" />
+	<target host="quake06.stanford.edu" />
+	<target host="quakelab.stanford.edu" />
+	<target host="rde.stanford.edu" />
+	<target host="riverwalkjazz.stanford.edu" />
+	<target host="sallie.stanford.edu" />
+	<target host="scale.stanford.edu" />
+	<target host="searchworks.stanford.edu" />
+	<target host="see.stanford.edu" />
+	<target host="sherlockholmes.stanford.edu" />
+	<target host="simtk-confluence.stanford.edu" />
+	<target host="portal.slac.stanford.edu" />
+	<target host="userportal.slac.stanford.edu" />
+	<target host="www-ssrl.slac.stanford.edu" />
+	<target host="www6.slac.stanford.edu" />
+	<target host="smc.stanford.edu" />
+	<target host="socialdance.stanford.edu" />
+	<target host="sociology.stanford.edu" />
+	<target host="spcs.stanford.edu" />
+	<target host="stacks.stanford.edu" />
+	<target host="starsexpress.stanford.edu" />
+	<target host="statweb.stanford.edu" />
+	<target host="support.stanford.edu" />
+	<target host="sustainable.stanford.edu" />
+	<target host="syllabus.stanford.edu" />
+	<target host="tableau.stanford.edu" />
+	<target host="tfa.stanford.edu" />
+	<target host="theory.stanford.edu" />
+	<target host="transportation.stanford.edu" />
+	<target host="urology.stanford.edu" />
+	<target host="vhil.stanford.edu" />
+	<target host="vpts.stanford.edu" />
+	<target host="web.stanford.edu" />
+	<target host="webprotege.stanford.edu" />
+	<target host="wsl.stanford.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stanford_Med.org.xml b/src/chrome/content/rules/Stanford_Med.org.xml
index db4b63257df4..135a166f78e8 100644
--- a/src/chrome/content/rules/Stanford_Med.org.xml
+++ b/src/chrome/content/rules/Stanford_Med.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://econnect.stanfordmed.org/ => https://econnect.stanfordmed.or
 	www.stanfordmed.org: Refused
 
 -->
-<ruleset name="Stanford Med.org" default_off='failed ruleset test'>
+<ruleset name="Stanford Med.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Stanographer.com.xml b/src/chrome/content/rules/Stanographer.com.xml
new file mode 100644
index 000000000000..504813cb01b2
--- /dev/null
+++ b/src/chrome/content/rules/Stanographer.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="Stanographer.com">
+	<target host="stanographer.com" />
+	<target host="www.stanographer.com" />
+	<target host="blog.stanographer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Staples.com.xml b/src/chrome/content/rules/Staples.com.xml
deleted file mode 100644
index d3a55a449dda..000000000000
--- a/src/chrome/content/rules/Staples.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	^: cert only matches www
-
-
-	Mixed content:
-
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="Staples.com">
-
-	<target host="staples.com" />
-	<target host="*.staples.com" />
-
-
-	<!--	Some, but not all, secured by server:
-							-->
-	<securecookie host="^(?:www)?\.staples\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?staples\.com/"
-		to="https://www.staples.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/StarMoney.de.xml b/src/chrome/content/rules/StarMoney.de.xml
index 78a515f00ab5..9b82bd3d2ade 100644
--- a/src/chrome/content/rules/StarMoney.de.xml
+++ b/src/chrome/content/rules/StarMoney.de.xml
@@ -12,7 +12,8 @@
 <ruleset name="StarMoney.de">
 
 	<target host="starmoney.de" />
-	<target host="*.starmoney.de" />
+	<target host="www.starmoney.de" />
+	<target host="shop.starmoney.de" />
 
 
 	<!--	Not secured by server:
@@ -26,7 +27,6 @@
 	<rule from="^http://(?:www\.)?starmoney\.de/"
 		to="https://www.starmoney.de/" />
 
-	<rule from="^http://shop\.starmoney\.de/"
-		to="https://shop.starmoney.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/StarNet.com.xml b/src/chrome/content/rules/StarNet.com.xml
deleted file mode 100644
index 0eefb4dfeab1..000000000000
--- a/src/chrome/content/rules/StarNet.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	StarNet Communications
-
-
-	Problematic subdomains:
-
-		- (www.)	(mismatched, CN: ssl.starnet.com)
-
--->
-<ruleset name="StarNet.com (partial)">
-
-	<target host="starnet.com" />
-	<target host="*.starnet.com" />
-		<!--
-			$ 403s, some pages 404:
-						-->
-		<exclusion pattern="^http://(?:www\.)?starnet\.com/(?!css/|favicon\.ico|images/|js/|skin/)" />
-
-
-	<rule from="^http://(?:ssl\.|www\.)?starnet\.com/"
-		to="https://ssl.starnet.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StarRez.xml b/src/chrome/content/rules/StarRez.xml
index 5cd294aad3b4..20fddcfbcfe8 100644
--- a/src/chrome/content/rules/StarRez.xml
+++ b/src/chrome/content/rules/StarRez.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Star_Product_Reviews.xml b/src/chrome/content/rules/Star_Product_Reviews.xml
deleted file mode 100644
index 881d94f1989f..000000000000
--- a/src/chrome/content/rules/Star_Product_Reviews.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Web.com coverage, see Web.com.xml.
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(times out)
-
--->
-<ruleset name="Star Product Reviews (partial)">
-
-	<target host="admin.starproductreviews.com" />
-
-
-	<securecookie host="^admin\.starproductreviews\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Star_Search_Casting.com.xml b/src/chrome/content/rules/Star_Search_Casting.com.xml
deleted file mode 100644
index 7156639005e1..000000000000
--- a/src/chrome/content/rules/Star_Search_Casting.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ?.netdna-cdn.com
-
-			- cdn
-
-
-	Problematic subdomains:
-
-		- cdn *
-
-	* Works; mismatched, CN: *.netdna-ssl.com
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="Star Search Casting.com (partial)">
-
-	<target host="starsearchcasting.com" />
-	<target host="*.starsearchcasting.com" />
-		<exclusion pattern="^http://(?:www\.)?starsearchcasting\.com/+(?!favicon\.ico|Images_thumbnails/|img/)" />
-
-
-	<rule from="^http://(?:(cdn\.)|www\.)?starsearchcasting\.com/"
-		to="https://$1starsearchcasting.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Star_Trek.xml b/src/chrome/content/rules/Star_Trek.xml
index 0c6e285d56e5..3ce5446ca97e 100644
--- a/src/chrome/content/rules/Star_Trek.xml
+++ b/src/chrome/content/rules/Star_Trek.xml
@@ -11,7 +11,7 @@ Fetch error: http://store.startrek.com/ => https://store.startrek.com/: (60, 'SS
 		- www	(akamai; 503)
 
 -->
-<ruleset name="Star Trek (partial)" default_off='failed ruleset test'>
+<ruleset name="Star Trek (partial)" default_off="failed ruleset test">
 
 	<target host="store.startrek.com" />
 
@@ -21,4 +21,4 @@ Fetch error: http://store.startrek.com/ => https://store.startrek.com/: (60, 'SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Starbucks.com.xml b/src/chrome/content/rules/Starbucks.com.xml
index 449b114839dd..1a4131242fb6 100644
--- a/src/chrome/content/rules/Starbucks.com.xml
+++ b/src/chrome/content/rules/Starbucks.com.xml
@@ -43,7 +43,9 @@
 <ruleset name="Starbucks.com (partial)">
 
 	<target host="starbucks.com" />
-	<target host="*.starbucks.com" />
+	<target host="www.starbucks.com" />
+	<target host="sgsmsupplier.starbucks.com" />
+	<target host="sgsmsuppliertest.starbucks.com" />
 		<!--exclusion pattern="^http://(www\.)?starbucks\.com/([aA]ccounts($|[?/])|favicon\.ico|resources/|static/|sysiplocation/)" /-->
 
 
diff --git a/src/chrome/content/rules/Stardock.xml b/src/chrome/content/rules/Stardock.xml
index bd8afa05278b..c4feed03929a 100644
--- a/src/chrome/content/rules/Stardock.xml
+++ b/src/chrome/content/rules/Stardock.xml
@@ -34,7 +34,7 @@ Fetch error: http://stardock.com/ => https://stardock.com/: (35, 'Unknown SSL pr
 		- services.stardock.net
 
 -->
-<ruleset name="Stardock (partial)" default_off='failed ruleset test'>
+<ruleset name="Stardock (partial)" default_off="failed ruleset test">
 
 	<target host="stardock.com" />
 	<target host="*.stardock.com" />
@@ -57,4 +57,4 @@ Fetch error: http://stardock.com/ => https://stardock.com/: (35, 'Unknown SSL pr
 	<rule from="^http://services\.stardock\.net/"
 		to="https://services.stardock.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Starfield.xml b/src/chrome/content/rules/Starfield.xml
index 9e18df4f61c0..6d9564bc83b0 100644
--- a/src/chrome/content/rules/Starfield.xml
+++ b/src/chrome/content/rules/Starfield.xml
@@ -18,16 +18,19 @@ Fetch error: http://starfieldtech.com/ => https://starfieldtech.com/: (51, "SSL:
 		- seal
 
 -->
-<ruleset name="Starfield Technologies, Inc." default_off='failed ruleset test'>
+<ruleset name="Starfield Technologies, Inc." default_off="failed ruleset test">
 
 	<target host="starfieldtech.com" />
-	<target host="*.starfieldtech.com" />
+	<target host="certs.starfieldtech.com" />
+	<target host="certificates.starfieldtech.com" />
+	<target host="seal.starfieldtech.com" />
+	<target host="tracedseals.starfieldtech.com" />
+	<target host="www.starfieldtech.com" />
 
 
-	<securecookie host="^(?:.*\.)?starfieldtech\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:certs|certificates|seal|tracedseals|www)\.)?starfieldtech\.com/"
-		to="https://$1starfieldtech.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Starship.rs.xml b/src/chrome/content/rules/Starship.rs.xml
new file mode 100644
index 000000000000..33aa27cb4d2a
--- /dev/null
+++ b/src/chrome/content/rules/Starship.rs.xml
@@ -0,0 +1,7 @@
+<ruleset name="Starship.rs">
+	<target host="starship.rs" />
+	<target host="www.starship.rs" />
+	<target host="translate.starship.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Start.lgbt.xml b/src/chrome/content/rules/Start.lgbt.xml
deleted file mode 100644
index d7f6fc055a90..000000000000
--- a/src/chrome/content/rules/Start.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Start.lgbt">
-	<target host="start.lgbt" />
-	<target host="www.start.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Start.me.xml b/src/chrome/content/rules/Start.me.xml
index b73ef97fc8c6..e0f8253def55 100644
--- a/src/chrome/content/rules/Start.me.xml
+++ b/src/chrome/content/rules/Start.me.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: 
+	Remark:
 		+ *.start.me and *.favicons.start.me have a wildcard DNS record.
 		+ *.favicons.start.me with incomplete certificate chain error are omitted.
 
diff --git a/src/chrome/content/rules/StartCom.xml b/src/chrome/content/rules/StartCom.xml
index 5e1af4a7736a..4ebe9ba03815 100644
--- a/src/chrome/content/rules/StartCom.xml
+++ b/src/chrome/content/rules/StartCom.xml
@@ -8,7 +8,7 @@ Fetch error: http://startssl.eu/ => https://startssl.eu/: (6, 'Could not resolve
 Fetch error: http://startssl.us/ => https://startssl.us/: (6, 'Could not resolve host: startssl.us')
 
 -->
-<ruleset name="StartCom" default_off='failed ruleset test'>
+<ruleset name="StartCom" default_off="failed ruleset test">
   <target host="startssl.com" />
   <target host="*.startssl.com" />
   <target host="startssl.net" />
@@ -51,16 +51,16 @@ Fetch error: http://startssl.us/ => https://startssl.us/: (6, 'Could not resolve
 
   <!-- should mitigate against exploitation of the above exclusions -->
   <securecookie host=".+" name=".+" />
-  
+
   <test url="http://linux.startcom.org/" />
   <test url="http://forum.startcom.org/" />
-  
+
   <test url="http://www.startssl.com/" />
   <test url="http://www.startssl.net/" />
   <test url="http://www.startssl.org/" />
   <test url="http://www.startssl.eu/" />
   <test url="http://www.startssl.us/" />
-  
+
   <test url="http://startcom.org/" />
 
   <!-- host startcom.org responds neither on 80 nor on 443,
diff --git a/src/chrome/content/rules/StartLogic.xml b/src/chrome/content/rules/StartLogic.xml
index c03b8ca50893..c94c66d859f6 100644
--- a/src/chrome/content/rules/StartLogic.xml
+++ b/src/chrome/content/rules/StartLogic.xml
@@ -5,7 +5,7 @@
 	<target host="www.startlogic.com" />
 
 
-	<securecookie host="^(?:.*\.)?startlogic\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/StartMail.com.xml b/src/chrome/content/rules/StartMail.com.xml
deleted file mode 100644
index 62eb7731f6cd..000000000000
--- a/src/chrome/content/rules/StartMail.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Invalid certificate:
-		beta.startmail.com
-
--->
-<ruleset name="StartMail.com">
-	<target host="startmail.com" />
-	<target host="www.startmail.com" />
-	<target host="forum.startmail.com" />
-	<target host="live.startmail.com" />
-	<target host="support.startmail.com" />
-
-	<securecookie host="^(www|forum)\.startmail\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/StartingPage.com.xml b/src/chrome/content/rules/StartingPage.com.xml
index 326bf4925c8f..aa8018ac3533 100644
--- a/src/chrome/content/rules/StartingPage.com.xml
+++ b/src/chrome/content/rules/StartingPage.com.xml
@@ -1,5 +1,5 @@
-<!-- 
-	Startingpage redirects to Startpage 
+<!--
+	Startingpage redirects to Startpage
 
 -->
 <ruleset name="StartingPage.com">
diff --git a/src/chrome/content/rules/Starwood-Hotels-and-Resorts.xml b/src/chrome/content/rules/Starwood-Hotels-and-Resorts.xml
deleted file mode 100644
index 2acffed46482..000000000000
--- a/src/chrome/content/rules/Starwood-Hotels-and-Resorts.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="Starwood Hotels &amp; Resorts">
-
-	<target host="starwoodhotels.com"/>
-	<target host="www.starwoodhotels.com"/>
-	<!--	* for cross-domain cookie	-->
-	<target host="*.www.starwoodhotels.com"/>
-
-
-	<securecookie host="^\.?www\.starwoodhotels\.com$" name=".+" />
-
-
-	<!--	!www doesn't work via https.
-		Redirects to www via http.	-->
-	<rule from="^http://(?:www\.)?starwoodhotels\.com/"
-		to="https://www.starwoodhotels.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/StarwoodHotels.com.xml b/src/chrome/content/rules/StarwoodHotels.com.xml
new file mode 100644
index 000000000000..cfa27a7c5fa1
--- /dev/null
+++ b/src/chrome/content/rules/StarwoodHotels.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-functional hosts
+		Timeout:
+		- starwoodhotels.com
+-->
+<ruleset name="StarwoodHotels.com">
+
+	<target host="starwoodhotels.com"/>
+	<target host="www.starwoodhotels.com"/>
+
+	<rule from="^http://(www\.)?starwoodhotels\.com/"
+			to="https://www.starwoodhotels.com/"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/StatOwl.com.xml b/src/chrome/content/rules/StatOwl.com.xml
index 5c2b79bd2b1b..0ddc35dacfd7 100644
--- a/src/chrome/content/rules/StatOwl.com.xml
+++ b/src/chrome/content/rules/StatOwl.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://collector.statowl.com/ => https://collector.statowl.com/: (6
 		- (www.)	(404; mismatched, CN: homer.terabytemedia.com)
 
 -->
-<ruleset name="StatOwl.com (partial)" default_off='failed ruleset test'>
+<ruleset name="StatOwl.com (partial)" default_off="failed ruleset test">
 
 	<target host="collector.statowl.com" />
 
diff --git a/src/chrome/content/rules/StateFarm.xml b/src/chrome/content/rules/StateFarm.xml
index 8802ca8875c2..123adc770133 100644
--- a/src/chrome/content/rules/StateFarm.xml
+++ b/src/chrome/content/rules/StateFarm.xml
@@ -6,7 +6,7 @@ Fetch error: http://sfsecuremail.statefarm.com/ => https://sfsecuremail.statefar
 Disabled by https-everywhere-checker because:
 Fetch error: http://sfsecuremail.statefarm.com/ => https://sfsecuremail.statefarm.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="StateFarm" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="StateFarm" platform="mixedcontent" default_off="failed ruleset test">
   <target host="statefarm.com" />
   <target host="www.statefarm.com" />
   <target host="sfsecuremail.statefarm.com" />
diff --git a/src/chrome/content/rules/State_of_Delaware.xml b/src/chrome/content/rules/State_of_Delaware.xml
index 4de6a6c7c727..2e6f52c38283 100644
--- a/src/chrome/content/rules/State_of_Delaware.xml
+++ b/src/chrome/content/rules/State_of_Delaware.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://delecorp.delaware.gov/ => https://delecorp.delaware.gov/: (7, 'Failed to connect to delecorp.delaware.gov port 443: Connection refused')
 
 -->
-<ruleset name="State of Delaware (partial)" default_off='failed ruleset test'>
+<ruleset name="State of Delaware (partial)" default_off="failed ruleset test">
 
 	<target host="delecorp.delaware.gov" />
 	<target host="delaware.gov" />
diff --git a/src/chrome/content/rules/State_of_Oregon.xml b/src/chrome/content/rules/State_of_Oregon.xml
index aee05c745fa2..b0357e8e4e99 100644
--- a/src/chrome/content/rules/State_of_Oregon.xml
+++ b/src/chrome/content/rules/State_of_Oregon.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?budget\.oregon\.gov/(?:.*)"
 		to="https://www.oregon.gov/gov/priorities/pages/budget.aspx" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StaticStuff.net.xml b/src/chrome/content/rules/StaticStuff.net.xml
new file mode 100644
index 000000000000..9a4ed3568af9
--- /dev/null
+++ b/src/chrome/content/rules/StaticStuff.net.xml
@@ -0,0 +1,26 @@
+<!--
+	For other clicky rulesets, see Clicky.com.xml
+
+	Invalid certificate:
+		staticstuff.net
+		www.staticstuff.net
+		spy.staticstuff.net
+
+-->
+<ruleset name="StaticStuff.net">
+
+	<target host="staticstuff.net" />
+	<target host="www.staticstuff.net" />
+	<target host="cdn.staticstuff.net" />
+	<target host="hello.staticstuff.net" />
+	<target host="win.staticstuff.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?staticstuff\.net/"
+		to="https://win.staticstuff.net/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Static_Site_Generators.net.xml b/src/chrome/content/rules/Static_Site_Generators.net.xml
index c18fdbaf8dbd..cb98d53d7621 100644
--- a/src/chrome/content/rules/Static_Site_Generators.net.xml
+++ b/src/chrome/content/rules/Static_Site_Generators.net.xml
@@ -5,7 +5,7 @@
 <ruleset name="Static Site Generators.net">
 
 	<target host="staticsitegenerators.net" />
-	<target host="*.staticsitegenerators.net" />
+	<target host="www.staticsitegenerators.net" />
 
 
 	<securecookie host="^(?:\.|www\.)?staticsitegenerators\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Staticskynet.be.xml b/src/chrome/content/rules/Staticskynet.be.xml
index 9a63f9f941e9..82df5a82c484 100644
--- a/src/chrome/content/rules/Staticskynet.be.xml
+++ b/src/chrome/content/rules/Staticskynet.be.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://common.staticskynet.be/ => https://common.staticskynet.be/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="staticskynet.be" default_off='failed ruleset test'>
+<ruleset name="staticskynet.be" default_off="failed ruleset test">
 
 	<target host="common.staticskynet.be" />
 
diff --git a/src/chrome/content/rules/StationColdBrew.com.xml b/src/chrome/content/rules/StationColdBrew.com.xml
new file mode 100644
index 000000000000..0feb48954b48
--- /dev/null
+++ b/src/chrome/content/rules/StationColdBrew.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="StationColdBrew.com">
+	<target host="stationcoldbrew.com" />
+	<target host="www.stationcoldbrew.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Station_L_Rowing_Club.xml b/src/chrome/content/rules/Station_L_Rowing_Club.xml
index d08b97cfff03..1bca9ff97f34 100644
--- a/src/chrome/content/rules/Station_L_Rowing_Club.xml
+++ b/src/chrome/content/rules/Station_L_Rowing_Club.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Statistics.gov.uk.xml b/src/chrome/content/rules/Statistics.gov.uk.xml
index a4fedf197127..b1afa453a32f 100644
--- a/src/chrome/content/rules/Statistics.gov.uk.xml
+++ b/src/chrome/content/rules/Statistics.gov.uk.xml
@@ -32,10 +32,10 @@
 	<target host="www.statistics.gov.uk" />
 	<target host="neighbourhood.statistics.gov.uk" />
 	<target host="www.neighbourhood.statistics.gov.uk" />
-	
+
 	<rule from="^http://www\.statistics\.gov\.uk/$"
 		  	to="https://www.gov.uk/government/statistics/announcements" />
 
-	<rule from="^http://(www\.)?neighbourhood\.statistics\.gov\.uk/" 
+	<rule from="^http://(www\.)?neighbourhood\.statistics\.gov\.uk/"
 			to="https://$1neighbourhood.statistics.gov.uk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Statushub.io.xml b/src/chrome/content/rules/Statushub.io.xml
index 553f55b3d796..2e63ffc0c339 100644
--- a/src/chrome/content/rules/Statushub.io.xml
+++ b/src/chrome/content/rules/Statushub.io.xml
@@ -5,7 +5,7 @@ Fetch error: http://workspaces.statushub.io/ => https://workspaces.statushub.io/
 blog. protocol error
 mozillastatus. mismatch
 msuservicestatus. mismatch-->
-<ruleset name="Statushub.io" default_off='failed ruleset test'>
+<ruleset name="Statushub.io" default_off="failed ruleset test">
 	<target host="statushub.io" />
 	<target host="www.statushub.io" />
 	<target host="app.statushub.io" />
@@ -21,10 +21,10 @@ msuservicestatus. mismatch-->
 	<target host="fastnotes.statushub.io" />
 	<target host="mozillastatus.statushub.io" />
 	<target host="msuservicestatus.statushub.io" />
-	
+
 	<rule from="^http://mozillastatus\.statushub\.io/"
 		to="https://status.mozilla.org/" />
-	
+
 	<test url="http://mozillastatus.statushub.io/" />
 
 	<rule from="^http://msuservicestatus\.statushub\.io/"
diff --git a/src/chrome/content/rules/StayClassy.xml b/src/chrome/content/rules/StayClassy.xml
deleted file mode 100644
index bb6ac474283d..000000000000
--- a/src/chrome/content/rules/StayClassy.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="StayClassy">
-
-	<target host="stayclassy.org" />
-	<target host="www.stayclassy.org" />
-
-
-	<securecookie host="^(?:www)?\.stayclassy\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StaySmartOnline.xml b/src/chrome/content/rules/StaySmartOnline.xml
index c855b3425263..4eb4e31bc955 100644
--- a/src/chrome/content/rules/StaySmartOnline.xml
+++ b/src/chrome/content/rules/StaySmartOnline.xml
@@ -1,10 +1,12 @@
 <ruleset name="Stay Smart Online">
 	<target host="staysmartonline.gov.au" />
-	<target host="*.staysmartonline.gov.au" />
+	<target host="www.staysmartonline.gov.au" />
+	<target host="budd-e.staysmartonline.gov.au" />
+	<target host="www.budd-e.staysmartonline.gov.au" />
 
 	<rule from="^http://(?:www\.)?staysmartonline\.gov\.au/"
 		to="https://www.staysmartonline.gov.au/" />
 
 	<rule from="^http://(?:www\.)?budd-e\.staysmartonline\.gov\.au/"
 		to="https://budd-e.staysmartonline.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StayToday.com.xml b/src/chrome/content/rules/StayToday.com.xml
index 1bf691284d7f..3e7a361cf107 100644
--- a/src/chrome/content/rules/StayToday.com.xml
+++ b/src/chrome/content/rules/StayToday.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://staytoday.com/ => https://staytoday.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.staytoday.com/ => https://www.staytoday.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="StayToday.com" default_off='failed ruleset test'>
+<ruleset name="StayToday.com" default_off="failed ruleset test">
 
 	<target host="staytoday.com" />
 	<target host="www.staytoday.com" />
diff --git a/src/chrome/content/rules/Stayfriends.xml b/src/chrome/content/rules/Stayfriends.xml
index 0ffa77cdc60b..c4608147665f 100644
--- a/src/chrome/content/rules/Stayfriends.xml
+++ b/src/chrome/content/rules/Stayfriends.xml
@@ -1,17 +1,19 @@
 <ruleset name="StayFriends" platform="mixedcontent">
 
 	<target host="stayfriends.at" />
-	<target host="*.stayfriends.at" />
 	<target host="stayfriends.ch" />
-	<target host="*.stayfriends.ch" />  
 	<target host="stayfriends.de" />
-	<target host="*.stayfriends.de" />
-  
+	<target host="images.stayfriends.at" />
+	<target host="images.stayfriends.ch" />
+	<target host="images.stayfriends.de" />
+	<target host="www.stayfriends.at" />
+	<target host="www.stayfriends.ch" />
+	<target host="www.stayfriends.de" />
+
 
 	<securecookie host="^(?:www)?\.stayfriends\.(?:at|ch|de)$" name=".+" />
 
 
-	<rule from="^http://(images\.|www\.)?stayfriends\.(at|ch|de)/"
-		to="https://$1stayfriends.$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Std3.ru.xml b/src/chrome/content/rules/Std3.ru.xml
deleted file mode 100644
index 023f23eb7271..000000000000
--- a/src/chrome/content/rules/Std3.ru.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other d3 coverage, see D3.ru.xml.
-
-
-	Fully covered hosts in *.std3.ru:
-
-		- (www.)?
-		- g[1-4]
-		- v1
-
--->
-<ruleset name="std3.ru">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="std3.ru" />
-	<target host="g1.std3.ru" />
-	<target host="g2.std3.ru" />
-	<target host="g3.std3.ru" />
-	<target host="g4.std3.ru" />
-	<target host="v1.std3.ru" />
-	<target host="www.std3.ru" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Steam.xml b/src/chrome/content/rules/Steam.xml
index f4b30357f641..7bac4b2f6e0a 100644
--- a/src/chrome/content/rules/Steam.xml
+++ b/src/chrome/content/rules/Steam.xml
@@ -1,149 +1,59 @@
-<!--
-	For other Valve coverage, see Valve.xml.
+<ruleset name="Steam">
+	<target host="community.steam-api.com" />
+	<target host="partner.steam-api.com" />
 
+	<target host="steamcommunity.com" />
+	<target host="www.steamcommunity.com" />
+	<target host="api.steamcommunity.com" />
+	<target host="cdn.steamcommunity.com" />
 
-	CDN buckets:
+	<target host="steamgames.com" />
+	<target host="www.steamgames.com" />
+	<target host="partner.steamgames.com" />
 
-		- steamcdn-a.akamaihd.net
-		- steamstore-a.akamaihd.net
-
-		- akacdn.valve.com.edgesuite.net
-
-			- cdn4
-			- cloud-3
-			- repo
-
-		- content2.steampowered.com.c.footprint.net
-
-			- cloud-4
-
-		- cds.w2n5c2t7.hwcdn.net
-
-			- cloud-2.steampowered.com
-
-		- valve.vo.llnwd.net/...
-
-			- .hs. doesn't exist
-			- cdn.steampowered.com
-			- cloud.streampowered.com
-			- media.steampowered.com
-
-
-	Nonfunctional domains:
-
-		- ^ *
-		- cafe ¹
-		- cafesupport ²
-		- cdn ³
-		- cloud ³
-		- cloud-2 ⁴
-		- cloud-3 ⁵
-		- cloud-4 ¹
-		- forums ⁶
-		- media ³
-		- repo ⁷
-		- www ⁶
-
-	* 403
-	¹ Dropped
-	² 403; mismatched, CN: store.steampowered.com
-	³ 400; mismatched, CN: *.hs.llnwd.net
-	⁴ Refused
-	⁵ 404, akamai
-	⁶ 503, valid cert
-	⁷ 504, akamai
-
-
-	Problematic subdomains:
-
-		- cdn4 ²
-
-	² Works, akamai
-
-
-	Fully covered subdomains:
-
-		- api
-		- kgs
-		- partner
-		- partnerupload0
-		- partnerupload1
-		- store
-		- support
-
--->
-<ruleset name="Steam Powered.com (partial)" default_off="Breaks some games">
-
-	<!--	Direct rewrites:
-					-->
+	<target host="steampowered.com" />
+	<target host="www.steampowered.com" />
 	<target host="api.steampowered.com" />
-	<target host="kgs.steampowered.com" />
+	<target host="cdn.steampowered.com" />
+	<target host="help.steampowered.com" />
+	<target host="media.steampowered.com" />
 	<target host="partner.steampowered.com" />
-	<target host="partnerupload0.steampowered.com" />
-	<target host="partnerupload1.steampowered.com" />
 	<target host="store.steampowered.com" />
+	<target host="cdn.store.steampowered.com" />
+	<target host="storefront.steampowered.com" />
 	<target host="support.steampowered.com" />
-	<!--target host="www.steampowered.com" /-->
 
-	<!--	Special cases:
-				-->
-	<!--target host="steampowered.com" /-->
-	<!--target host="cdn.steampowered.com" /-->
-	<!--target host="cdn.store.steampowered.com" /-->
+	<target host="cdn.akamai.steamstatic.com" />
+	<target host="cdn.edgecast.steamstatic.com" />
+	<target host="community.akamai.steamstatic.com" />
+	<target host="community.edgecast.steamstatic.com" />
+	<target host="store.akamai.steamstatic.com" />
+	<target host="store.edgecast.steamstatic.com" />
 
-		<!--	Redirects to $:
-					-->
-		<!--exclusion pattern="^http://www\.steampowered\.com/steamworks/(gettingstarted\.php|images/bg_vtile\.gif|index\.php)" /-->
-		<!--
-			503:
-				-->
-		<!--exclusion pattern="^http://www\.steampowered\.com/($|steamworks(?:$|[?/]))" /-->
-		<!--exclusion pattern="^http://(?:www\.)?steampowered\.com/(?:$|status/survey\.html|steamworks(?:$|[?/]))" /-->
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://store\.steampowered\.com/(about|app/\d+|freestuff/demos|news|recommended|stats)/" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://store\.steampowered\.com/+(?!favicon\.ico|(?:join|login|psn/beginsetup|search|software)(?:$|[?/])|public/images/)" />
+	<securecookie host=".+" name=".+" />
 
-			<!--	+ve:
-					-->
-			<test url="http://store.steampowered.com/about/" />
-			<test url="http://store.steampowered.com/app/4000/" />
-			<test url="http://store.steampowered.com/app/266410/" />
-			<test url="http://store.steampowered.com/app/311560/" />
-			<test url="http://store.steampowered.com/forum/222621" />
-			<test url="http://store.steampowered.com/freestuff/demos/" />
-			<test url="http://store.steampowered.com/genre/Indie/" />
-			<test url="http://store.steampowered.com/genre/RPG/" />
-			<test url="http://store.steampowered.com/news/" />
-			<test url="http://store.steampowered.com/updated/all/" />
+	<rule from="^http://(www\.)?steamgames\.com/"
+			to="https://store.steampowered.com/" />
 
-			<!--	-ve:
-					-->
-			<test url="http://store.steampowered.com/login/" />
-			<test url="http://store.steampowered.com/favicon.ico" />
-			<test url="http://store.steampowered.com/search/?filter=popularnew" />
+	<test url="http://storefront.steampowered.com/v/gfx/apps/210950/capsule_467x181.jpg" />
+	<rule from="^http://storefront\.steampowered\.com/v/gfx/"
+			to="https://steamcdn-a.akamaihd.net/steam/" />
 
+	<rule from="^http://((cdn|storefront|www)\.)?steampowered\.com/"
+			to="https://store.steampowered.com/" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^partner\.steampowered\.com$" name="(dateEnd|dateStart|steamstatsAuth|steamworksSteamid|steamworksToken)$" /-->
+	<rule from="^http://www\.steamcommunity\.com/"
+			to="https://steamcommunity.com/" />
 
-	<securecookie host="^partner\.steampowered\.com$" name=".+" />
+	<rule from="^http://(cdn\.steamcommunity|community\.akamai\.steamstatic|community\.edgecast\.steamstatic)\.com/"
+		to="https://steamcommunity-a.akamaihd.net/" />
 
+	<rule from="^http://(media\.steampowered|cdn\.akamai\.steamstatic|cdn\.edgecast\.steamstatic)\.com/"
+		to="https://steamcdn-a.akamaihd.net/" />
 
-	<!--rule from="^http://steampowered\.com/"
-		to="https://www.steampowered.com/" /-->
-
-	<!--	Disabled per https://github.com/EFForg/https-everywhere/issues/1453
-								-->
-	<!--rule from="^http://cdn\.store\.steampowered\.com/"
-		to="https://store.steampowered.com/" /-->
+	<rule from="^http://(cdn\.store\.steampowered|store\.akamai\.steamstatic|store\.edgecast\.steamstatic)\.com/"
+		to="https://steamstore-a.akamaihd.net/" />
 
 	<rule from="^http:"
-		to="https:" />
-
+			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Steam_Community.com.xml b/src/chrome/content/rules/Steam_Community.com.xml
deleted file mode 100644
index f7cfd929c8fe..000000000000
--- a/src/chrome/content/rules/Steam_Community.com.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	For other Valve coverage, see Valve.xml.
-
-
-	Problematic subdomains:
-
-		- cdn *
-		- www *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- steamcommunity.com
-		- .steamcommunity.com
-
-
-	Mixed content:
-
-		- Image, on ^ from:
-
-			- steamcommunity-a.akamaihd.net *
-			- cdn.akamai.steamstatic.com *
-			- cloud-[24].steampowered.com ²
-
-	* Secured by us
-	² Unsecurable <= refused
-
--->
-<ruleset name="Steam Community.com (partial)">
-
-	<target host="steamcommunity.com" />
-	<target host="cdn.steamcommunity.com" />
-	<target host="www.steamcommunity.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^steamcommunity\.com$" name="^(rgTopicView_General_\d+_\d+|recentlyVisitedAppHubs|sessionid|steamCC_(\d+_){3}\d+|timezoneOffset)$" /-->
-	<!--securecookie host="^\.steamcommunity\.com$" name="^__utm\w$" /-->
-
-	<securecookie host="^steamcommunity\.com$" name=".+" />
-	<securecookie host="^\.steamcommunity\.com$" name="^__utm\w$" />
-	
-	<!-- Fix #2326 -->
-	<exclusion pattern="^http://steamcommunity\.com/broadcast/" />
-	
-	<test url="http://steamcommunity.com/broadcast/getbroadcastmpd/?steamid=76561197966726415" />
-
-	<!--	www: cert only matches ^streamcommunity.com.
-								-->
-	<rule from="^http://(?:cdn\.|www\.)?steamcommunity\.com/"
-		to="https://steamcommunity.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Steam_static.com.xml b/src/chrome/content/rules/Steam_static.com.xml
deleted file mode 100644
index 175119c19d1b..000000000000
--- a/src/chrome/content/rules/Steam_static.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Valve coverage, see Valve.xml.
-
-
-	CDN buckets:
-
-		- steamcdn-a.akamaihd.net
-		- steamstore-a.akamaihd.net
-
-		- akacdn.valve.com.edgesuite.net
-
-			- cdn.akamai.steamstatic.com
-			- store.akamai.steamstatic.com
-
--->
-<ruleset name="Steam static.com (partial)" default_off="Breaks some games">
-
-	<target host="*.akamai.steamstatic.com" />
-
-
-	<rule from="^http://cdn\.akamai\.steamstatic\.com/"
-		to="https://steamcdn-a.akamaihd.net/" />
-
-	<rule from="^http://store\.akamai\.steamstatic\.com/"
-		to="https://steamstore-a.akamaihd.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Steamgames.com.xml b/src/chrome/content/rules/Steamgames.com.xml
deleted file mode 100644
index caa224027d29..000000000000
--- a/src/chrome/content/rules/Steamgames.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Valve coverage, see Valve.xml.
-
-
-	(www.)?: 403
-
-
-	Insecure cookies are set for these hosts:
-
-		- partner.steamgames.com
-
--->
-<ruleset name="Steamgames.com (partial)" default_off="breaks some games">
-
-	<target host="partner.steamgames.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^partner\.steamgames\.com$" name="^sessionid$" /-->
-
-	<securecookie host="^partner\.steamgames\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Steaw.xml b/src/chrome/content/rules/Steaw.xml
index a1a76b743086..a79b2518c182 100644
--- a/src/chrome/content/rules/Steaw.xml
+++ b/src/chrome/content/rules/Steaw.xml
@@ -7,7 +7,7 @@ Fetch error: http://steaw.com/ => https://www.steaw.com/: (28, 'Connection timed
 	^steaw.com: Shows another domain
 
 -->
-<ruleset name="Steaw.com" default_off='failed ruleset test'>
+<ruleset name="Steaw.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Steeleye.com.xml b/src/chrome/content/rules/Steeleye.com.xml
index f1b7487baf13..9d57d3655f4e 100644
--- a/src/chrome/content/rules/Steeleye.com.xml
+++ b/src/chrome/content/rules/Steeleye.com.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Steemh.org.xml b/src/chrome/content/rules/Steemh.org.xml
new file mode 100644
index 000000000000..34033b15e5f5
--- /dev/null
+++ b/src/chrome/content/rules/Steemh.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Steemh.org">
+	<target host="steemh.org" />
+	<target host="www.steemh.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Steganos.com.xml b/src/chrome/content/rules/Steganos.com.xml
index cac1a7332910..ecd83987be0b 100644
--- a/src/chrome/content/rules/Steganos.com.xml
+++ b/src/chrome/content/rules/Steganos.com.xml
@@ -25,13 +25,14 @@
 <ruleset name="Steganos.com">
 
 	<target host="steganos.com" />
-	<target host="*.steganos.com" />
+	<target host="blog.steganos.com" />
+	<target host="securestore.steganos.com" />
+	<target host="www.steganos.com" />
 
 
 	<securecookie host=".*\.steganos\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|securestore|www)\.)?steganos\.com/"
-		to="https://$1steganos.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Stella_and_Dot.xml b/src/chrome/content/rules/Stella_and_Dot.xml
index dac9b5f43a79..80689fdcd3a8 100644
--- a/src/chrome/content/rules/Stella_and_Dot.xml
+++ b/src/chrome/content/rules/Stella_and_Dot.xml
@@ -5,7 +5,6 @@ Fetch error: http://stylewatch.stelladot.com/ => https://stylewatch.stelladot.co
 
 	Other Stella & Dot rulesets:
 
-		- stelladotcdn.com.xml
 
 
 	CDN buckets:
@@ -43,7 +42,7 @@ Fetch error: http://stylewatch.stelladot.com/ => https://stylewatch.stelladot.co
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Stella Dot.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Stella Dot.com (partial)" default_off="failed ruleset test">
 
 	<target host="stelladot.com" />
 	<target host="assets.stelladot.com" />
diff --git a/src/chrome/content/rules/Stellwerksim.de.xml b/src/chrome/content/rules/Stellwerksim.de.xml
new file mode 100644
index 000000000000..6b8123daa774
--- /dev/null
+++ b/src/chrome/content/rules/Stellwerksim.de.xml
@@ -0,0 +1,33 @@
+<!--
+	Nonfunctional hosts in *.stellwerksim.de:
+
+	certificate mismatch
+        public8.stellwerksim.de
+        public9.stellwerksim.de
+        qs.stellwerksim.de
+
+	connection refused
+        bbb.stellwerksim.de
+
+    Out of date certificate
+        doku.sandbox.stellwerksim.de
+
+	timeout on https
+        mx0.stellwerksim.de
+        mx1.stellwerksim.de
+        public6.stellwerksim.de
+        public7.stellwerksim.de
+
+    Website unavailable (Message from provider)
+        stitzdoku.stellwerksim.de
+
+-->
+<ruleset name="Stellwerksim.de">
+
+    <target host="stellwerksim.de" />
+    <target host="www.stellwerksim.de" />
+    <target host="doku.stellwerksim.de" />
+    <target host="stitz.stellwerksim.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stelter.xml b/src/chrome/content/rules/Stelter.xml
index cd4222d45e24..b9fa88a95381 100644
--- a/src/chrome/content/rules/Stelter.xml
+++ b/src/chrome/content/rules/Stelter.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.gftplns.org/ => https://www.gftplns.org/: (60, 'SSL cert
 Fetch error: http://www.plan.gs/ => https://www.gftplns.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://dashboard.stelter.com/ => https://dashboard.stelter.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Stelter (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Stelter (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gftplns.org"/>
 	<target host="www.gftplns.org"/>
diff --git a/src/chrome/content/rules/Stemulite_Fitness_Formula.xml b/src/chrome/content/rules/Stemulite_Fitness_Formula.xml
index 8335eb085490..f31382a255ed 100644
--- a/src/chrome/content/rules/Stemulite_Fitness_Formula.xml
+++ b/src/chrome/content/rules/Stemulite_Fitness_Formula.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StephenHicks.org.xml b/src/chrome/content/rules/StephenHicks.org.xml
new file mode 100644
index 000000000000..9ea52731c076
--- /dev/null
+++ b/src/chrome/content/rules/StephenHicks.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- ftp
+		- whm
+-->
+<ruleset name="StephenHicks.org">
+	<target host="stephenhicks.org" />
+	<target host="www.stephenhicks.org" />
+	<target host="autodiscover.stephenhicks.org" />
+	<target host="cpanel.stephenhicks.org" />
+	<target host="mail.stephenhicks.org" />
+	<target host="webdisk.stephenhicks.org" />
+	<target host="webmail.stephenhicks.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StephenHolyday.ca.xml b/src/chrome/content/rules/StephenHolyday.ca.xml
new file mode 100644
index 000000000000..e701286ce47e
--- /dev/null
+++ b/src/chrome/content/rules/StephenHolyday.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="StephenHolyday.ca">
+	<target host="stephenholyday.ca" />
+	<target host="www.stephenholyday.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stephenpi.com.xml b/src/chrome/content/rules/Stephenpi.com.xml
new file mode 100644
index 000000000000..eedc4d06e229
--- /dev/null
+++ b/src/chrome/content/rules/Stephenpi.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Stephenpi.com">
+	<target host="stephenpi.com" />
+	<target host="www.stephenpi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stepmaniax.com.xml b/src/chrome/content/rules/Stepmaniax.com.xml
new file mode 100644
index 000000000000..1bc6267bbcd2
--- /dev/null
+++ b/src/chrome/content/rules/Stepmaniax.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="stepmaniax.com">
+	<target host="stepmaniax.com" />
+	<target host="www.stepmaniax.com" />
+	<target host="api.stepmaniax.com" />
+	<target host="www.api.stepmaniax.com" />
+	<target host="data.stepmaniax.com" />
+	<target host="www.data.stepmaniax.com" />
+	<target host="docs.data.stepmaniax.com" />
+	<target host="www.docs.data.stepmaniax.com" />
+	<target host="host.stepmaniax.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stern.de.xml b/src/chrome/content/rules/Stern.de.xml
index c07d6c4434da..f801c1f2e9f5 100644
--- a/src/chrome/content/rules/Stern.de.xml
+++ b/src/chrome/content/rules/Stern.de.xml
@@ -1,69 +1,45 @@
 <!--
-	Connection failed:
-		a.stern.de
-		blogs.stern.de
-		insider.stern.de
-		m.stern.de
-		neon.stern.de
-		secure-m.stern.de
-
 	Invalid certificate:
 		*.1.damoh.aws.stern.de
 		*.2.damoh.aws.stern.de
 		*.3.damoh.aws.stern.de
 		www.glb.aws.stern.de
-		secure.glb.aws.stern.de
 		view.glb.aws.stern.de
-		go.stern.de
 		katalogservice.stern.de
 		pmd-brightcove-streaming.stern.de
-		view-s3.stern.de
-
-	Not found:
-		briefkasten.stern.de
-		www.briefkasten.stern.de
-		deutschland-in-bestform.stern.de
-		www.insider.stern.de
-		www.krankenkassenvergleich.stern.de
-		www.liveticker.stern.de
-		www.spiele.mobil.stern.de
-		www.reisewelten.stern.de
-		social-reader.stern.de
-		www.spiele.stern.de
-		www.upload.stern.de
-		versicherungsvergleich.stern.de
-		www.versicherungsvergleich.stern.de
-		aktest.view.stern.de
 
 	Timeout:
-		aktion.stern.de
 		cm-preview.stern.de
-		img.stern.de
+		www.int.stern.de
 		ticker.stern.de
+
+	Unable to get local issuer certificate:
+		reisewelten.stern.de
 -->
 <ruleset name="STERN.de">
 
 	<target host="stern.de" />
 	<target host="www.stern.de" />
 	<target host="aboshop.stern.de" />
+	<target host="aktion.stern.de" />
 	<target host="asset3.stern.de" />
 	<target host="ssl.1.damoh.aws.stern.de" />
 	<target host="ssl.2.damoh.aws.stern.de" />
 	<target host="ssl.3.damoh.aws.stern.de" />
+	<target host="blogs.stern.de" />
 	<target host="commsvc.stern.de" />
-	<target host="d1.stern.de" />
-	<target host="d2.stern.de" />
-	<target host="d3.stern.de" />
+	<target host="go.stern.de" />
 	<target host="image.stern.de" />
-	<target host="www.int.stern.de" />
+	<target host="insider.stern.de" />
 	<target host="krankenkassenvergleich.stern.de" />
 	<target host="liveticker.stern.de" />
+	<target host="m.stern.de" />
 	<target host="mobil.stern.de" />
 	<target host="spiele.mobil.stern.de" />
 	<target host="mobile-feed.stern.de" />
+	<target host="neon.stern.de" />
 	<target host="newsletter.stern.de" />
 	<target host="www.newsletter.stern.de" />
-	<target host="reisewelten.stern.de" />
 	<target host="secure.stern.de" />
 	<target host="serviceportal.stern.de" />
 	<target host="shop.stern.de" />
@@ -73,19 +49,13 @@
 	<target host="m.stage.stern.de" />
 	<target host="static.stage.stern.de" />
 	<target host="static.stern.de" />
-	<target host="static-secure.stern.de" />
 	<target host="tools.stern.de" />
 	<target host="upload.stern.de" />
 	<target host="view.stern.de" />
-	<target host="wahl-o-mat.stern.de" />
+	<target host="view-s3.stern.de" />
 
 	<securecookie host=".+" name=".+" />
 
-	<!-- Connection failed on https://stern.de/,
-	http://stern.de/ redirects to http://www.stern.de/ -->
-	<rule from="^http://stern\.de/"
-		to="https://www.stern.de/" />
-
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Sternkom.xml b/src/chrome/content/rules/Sternkom.xml
index aeccafce988e..7d48bf8acb52 100644
--- a/src/chrome/content/rules/Sternkom.xml
+++ b/src/chrome/content/rules/Sternkom.xml
@@ -3,6 +3,5 @@
 
 <rule from="^http:" to="https:" />
 
-<test url="http://www.sternkom.de/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Stevesie.xml b/src/chrome/content/rules/Stevesie.xml
index e4e194e28262..fffc091bc1b5 100644
--- a/src/chrome/content/rules/Stevesie.xml
+++ b/src/chrome/content/rules/Stevesie.xml
@@ -6,7 +6,7 @@ Fetch error: http://api.stevesie.com/ => https://api.stevesie.com/: (6, 'Could n
 Disabled by https-everywhere-checker because:
 Fetch error: http://stevesie.com/ => https://stevesie.com/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 -->
-<ruleset name="Stevesie" default_off='failed ruleset test'>
+<ruleset name="Stevesie" default_off="failed ruleset test">
 
 	<target host="stevesie.com" />
 	<target host="api.stevesie.com" />
@@ -15,4 +15,4 @@ Fetch error: http://stevesie.com/ => https://stevesie.com/: (35, 'error:140770FC
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StewartCalculus.com.xml b/src/chrome/content/rules/StewartCalculus.com.xml
new file mode 100644
index 000000000000..3adaf9b78cb4
--- /dev/null
+++ b/src/chrome/content/rules/StewartCalculus.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StewartCalculus.com">
+	<target host="stewartcalculus.com" />
+	<target host="www.stewartcalculus.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stgbssint.com.xml b/src/chrome/content/rules/Stgbssint.com.xml
deleted file mode 100644
index 8b59416fcab2..000000000000
--- a/src/chrome/content/rules/Stgbssint.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-Automatically by https-everywhere-checker because:
-Fetch error: http://storage.stgbssint.com/ => https://storage.stgbssint.com/: None
--->
-<ruleset name="stgbssint.com">
-
-	<target host="storage.stgbssint.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stickhet.xml b/src/chrome/content/rules/Stickhet.xml
index 4a01e933e547..a0bcfb6155fb 100644
--- a/src/chrome/content/rules/Stickhet.xml
+++ b/src/chrome/content/rules/Stickhet.xml
@@ -5,7 +5,7 @@ Fetch error: http://stickhet.com/ => https://stickhet.com/: (51, "SSL: no altern
 Fetch error: http://www.stickhet.com/ => https://www.stickhet.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.stickhet.com'")
 
 -->
-<ruleset name="Stickhet" default_off='failed ruleset test'>
+<ruleset name="Stickhet" default_off="failed ruleset test">
 
 	<target host="stickhet.com" />
 	<target host="www.stickhet.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.stickhet.com/ => https://www.stickhet.com/: (51, "SSL: n
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StockReportsPlus.com.xml b/src/chrome/content/rules/StockReportsPlus.com.xml
new file mode 100644
index 000000000000..a3a1ac5c231c
--- /dev/null
+++ b/src/chrome/content/rules/StockReportsPlus.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="StockReportsPlus.com">
+	<target host="stockreportsplus.com" />
+	<target host="www.stockreportsplus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StockTwits.com.xml b/src/chrome/content/rules/StockTwits.com.xml
new file mode 100644
index 000000000000..d96222c7b9bd
--- /dev/null
+++ b/src/chrome/content/rules/StockTwits.com.xml
@@ -0,0 +1,51 @@
+<!--
+	Invalid certificate:
+		cloudfront.stocktwits.com
+		a.twimg.stocktwits.com
+		videos.stocktwits.com
+
+	Mixed content:
+		help.stocktwits.com
+
+	No working URL known:
+		ql.stocktwits.com
+		quotes.stocktwits.com
+
+	Redirect to HTTP:
+		careers.stocktwits.com
+
+	Time out:
+		api-status.stocktwits.com
+
+-->
+<ruleset name="StockTwits.com">
+
+	<target host="stocktwits.com" />
+	<target host="www.stocktwits.com" />
+	<target host="ablinks.stocktwits.com" />
+		<test url="http://ablinks.stocktwits.com/wf/click" />
+	<target host="api.stocktwits.com" />
+		<test url="http://api.stocktwits.com/api/2/streams/suggested.json" />
+	<target host="assets.stocktwits.com" />
+		<test url="http://assets.stocktwits.com/production/discover/highlights/445/300x200-1522237652.png?1522237652" />
+	<target host="avatars.stocktwits.com" />
+		<test url="http://avatars.stocktwits.com/production/493790/large-1428450549.png" />
+	<target host="blog.stocktwits.com" />
+	<target host="charts.stocktwits.com" />
+		<test url="http://charts.stocktwits.com/production/original_117967674.png" />
+	<target host="cryptoguide.stocktwits.com" />
+	<target host="events.stocktwits.com" />
+	<target host="firehose.stocktwits.com" />
+	<target host="ipv6.stocktwits.com" />
+	<target host="moneybadger.stocktwits.com" />
+	<target host="newsletters.stocktwits.com" />
+	<target host="newswire-images.stocktwits.com" />
+		<test url="http://newswire-images.stocktwits.com/admins/password/new" />
+	<target host="orders.stocktwits.com" />
+	<target host="premium.stocktwits.com" />
+	<target host="shop.stocktwits.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/StockTwits.xml b/src/chrome/content/rules/StockTwits.xml
deleted file mode 100644
index a8dffeaf0e37..000000000000
--- a/src/chrome/content/rules/StockTwits.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- blog.stocktwits.com	(502)
-
-
-	Problematic domains:
-
-		- assets[0-3].stocktwits.net		(mismatched, CN: *.stocktwits.com)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="StockTwits (partial)">
-
-	<target host="stocktwits.com" />
-	<target host="*.stocktwits.com" />
-		<exclusion pattern="^http://(?:new\.|www\.)?stocktwits\.com/(?!assets/|sign(?:in|up)(?:$|\?|/))" />
-	<target host="*.stocktwits.net" />
-
-
-	<rule from="^http://(new\.|www\.)?stocktwits\.com/"
-		to="https://$1stocktwits.com/" />
-
-	<rule from="^http://assets\d\.stocktwits\.net/"
-		to="https://new.stocktwits.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stockton_College.xml b/src/chrome/content/rules/Stockton_College.xml
index 7b651dd99b10..ff2d67e4b107 100644
--- a/src/chrome/content/rules/Stockton_College.xml
+++ b/src/chrome/content/rules/Stockton_College.xml
@@ -75,4 +75,4 @@ www.lynda.com.ezproxy.stockton.edu
 	<rule from="^http://pssb\.stockton\.edu:9000/"
 		to="https://pssb.stockton.edu:9000/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StoneArch.net.xml b/src/chrome/content/rules/StoneArch.net.xml
new file mode 100644
index 000000000000..cdfb186364fe
--- /dev/null
+++ b/src/chrome/content/rules/StoneArch.net.xml
@@ -0,0 +1,20 @@
+<!--
+	Stone Arch related rulesets:
+		+ SemiAccurate.com.xml
+
+	Non-functional hosts in *.stonearch.net:
+		Mismatched:
+		- stonearch.net
+		- www.stonearch.net
+-->
+<ruleset name="StoneArch.net (partial)">
+	<target host="stonearch.net" />
+		<test url="http://stonearch.net/subscribe/" />
+		<test url="http://stonearch.net/tag/40nm/" />
+	<target host="www.stonearch.net" />
+		<test url="http://www.stonearch.net/fullyaccurate/" />
+		<test url="http://www.stonearch.net/tag/microsoft/" />
+
+	<rule from="^http://(www\.)?stonearch\.net/"
+		to="https://$1semiaccurate.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stoneandstone.org.xml b/src/chrome/content/rules/Stoneandstone.org.xml
new file mode 100644
index 000000000000..5f394c2d4056
--- /dev/null
+++ b/src/chrome/content/rules/Stoneandstone.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Stoneandstone.org">
+	<target host="stoneandstone.org" />
+	<target host="www.stoneandstone.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stony_Brook_University.xml b/src/chrome/content/rules/Stony_Brook_University.xml
index cf2aec1b3530..f45150ea98f6 100644
--- a/src/chrome/content/rules/Stony_Brook_University.xml
+++ b/src/chrome/content/rules/Stony_Brook_University.xml
@@ -62,7 +62,7 @@ Fetch error: http://www.cs.sunysb.edu/ => https://www.cs.sunysb.edu/: (51, "SSL:
 		- Bug on (www.)?studentaffairs from snapwidget.com
 
 -->
-<ruleset name="Stony Brook University (partial)" default_off='failed ruleset test'>
+<ruleset name="Stony Brook University (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml b/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml
index 54024e5f216b..7ccafdc6262e 100644
--- a/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml
+++ b/src/chrome/content/rules/Stop-Snoring-Mouthpiece.org.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.stop-snoring-mouthpiece.org/ => https://www.stop-snoring
 		- old	(works, CN: Parallels Panel)
 
 -->
-<ruleset name="Stop-Snoring-Mouthpiece.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Stop-Snoring-Mouthpiece.org (partial)" default_off="failed ruleset test">
 
 	<target host="stop-snoring-mouthpiece.org" />
 	<target host="www.stop-snoring-mouthpiece.org" />
diff --git a/src/chrome/content/rules/Stop-TTIP.org.xml b/src/chrome/content/rules/Stop-TTIP.org.xml
deleted file mode 100644
index ca9828c26776..000000000000
--- a/src/chrome/content/rules/Stop-TTIP.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Stop-TTIP.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="stop-ttip.org" />
-	<target host="www.stop-ttip.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stop_Cyber_Spying.com.xml b/src/chrome/content/rules/Stop_Cyber_Spying.com.xml
index 293f9ea2d167..788b2e6d4937 100644
--- a/src/chrome/content/rules/Stop_Cyber_Spying.com.xml
+++ b/src/chrome/content/rules/Stop_Cyber_Spying.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.stopcyberspying.com/ => https://www.stopcyberspying.com/
 		- www.stopcyberspying.com
 
 -->
-<ruleset name="Stop Cyber Spying.com" default_off='failed ruleset test'>
+<ruleset name="Stop Cyber Spying.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Stop_Software_Patents.xml b/src/chrome/content/rules/Stop_Software_Patents.xml
deleted file mode 100644
index b9cbbdb79555..000000000000
--- a/src/chrome/content/rules/Stop_Software_Patents.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-
-	Problematic hosts in *stopsoftwarepatents.eu:
-
-		- petition (mismatched)
-
--->
-<ruleset name="Stop Software Patents">
-
-	<target host="stopsoftwarepatents.eu" />
-	<target host="www.stopsoftwarepatents.eu" />
-	<target host="petition.stopsoftwarepatents.eu" />
-
-	<rule from="^http://petition\.stopsoftwarepatents\.eu/"
-		to="https://stopsoftwarepatents.eu/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Storage-Bin.com.xml b/src/chrome/content/rules/Storage-Bin.com.xml
index 1e09b2a34bb9..bf2a8d394aa9 100644
--- a/src/chrome/content/rules/Storage-Bin.com.xml
+++ b/src/chrome/content/rules/Storage-Bin.com.xml
@@ -1,13 +1,13 @@
 <ruleset name="Storage-Bin.com">
 
 	<target host="storage-bin.com" />
-	<target host="*.storage-bin.com" />
+	<target host="secure.storage-bin.com" />
+	<target host="www.storage-bin.com" />
 
 
 	<securecookie host="^\.storage-bin\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(secure\.)?storage-bin\.com/"
-		to="https://$1$2storage-bin.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Storebot.me.xml b/src/chrome/content/rules/Storebot.me.xml
deleted file mode 100644
index ed93401375cf..000000000000
--- a/src/chrome/content/rules/Storebot.me.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Invalid certificate:
-		dev.storebot.me
-		email.storebot.me
-		idea.storebot.me
-
-	Secure connection failed:
-		mail.storebot.me
-
--->
-<ruleset name="storebot.me">
-
-	<target host="storebot.me" />
-	<target host="www.storebot.me" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Storenvy.xml b/src/chrome/content/rules/Storenvy.xml
index 6da1fb0c6d6e..a7457c228c07 100644
--- a/src/chrome/content/rules/Storenvy.xml
+++ b/src/chrome/content/rules/Storenvy.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://([\w-]+)\.storenvy\.com/(favicon\.ico|themes/)"
 		to="https://$1.storenvy.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Storify.xml b/src/chrome/content/rules/Storify.xml
index bfe077db9500..e32f7e0de6be 100644
--- a/src/chrome/content/rules/Storify.xml
+++ b/src/chrome/content/rules/Storify.xml
@@ -6,7 +6,7 @@ Fetch error: http://manage.storify.com/ => https://manage.storify.com/: (6, 'Cou
 Fetch error: http://proxy.storify.com/ => https://proxy.storify.com/: (6, 'Could not resolve host: proxy.storify.com')
 
 -->
-<ruleset name="Storify.com" default_off='failed ruleset test'>
+<ruleset name="Storify.com" default_off="failed ruleset test">
 
 	<target host="storify.com" />
 	<target host="api.storify.com" />
diff --git a/src/chrome/content/rules/Storm-Internet.xml b/src/chrome/content/rules/Storm-Internet.xml
index 89f4cee48061..53759e01e64b 100644
--- a/src/chrome/content/rules/Storm-Internet.xml
+++ b/src/chrome/content/rules/Storm-Internet.xml
@@ -8,7 +8,7 @@ Fetch error: http://classic.storminternet.co.uk/ => https://classic.storminterne
 		- Linux_control_panel.co.uk.xml
 
 -->
-<ruleset name="Storm Internet.co.uk" default_off='failed ruleset test'>
+<ruleset name="Storm Internet.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Stormiq.com.xml b/src/chrome/content/rules/Stormiq.com.xml
deleted file mode 100644
index c2207f840fcd..000000000000
--- a/src/chrome/content/rules/Stormiq.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Web bugs.
-
-
-	(www.)?stormiq.com does not exist.
-
-
-	t1 sets the following wildcard cookies
-	on whichever domain it is loaded from:
-
-		- _#env
-		- _#lps
-		- _#sess
-		- _#srchist
-		- _#tsa
-		- _#uid
-		- _#vdf
-
--->
-<ruleset name="stormiq.com">
-
-	<target host="js.stormiq.com" />
-	<target host="t1.stormiq.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Storywrite.xml b/src/chrome/content/rules/Storywrite.xml
index bd35c59e3329..5673e67f8de9 100644
--- a/src/chrome/content/rules/Storywrite.xml
+++ b/src/chrome/content/rules/Storywrite.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?storywrite\.com/(assets/|favicon\.ico|images/|javascripts/|(?:login|store)(?:$|\?|/))"
 		to="https://$1storywrite.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stovetop.com.au.xml b/src/chrome/content/rules/Stovetop.com.au.xml
new file mode 100644
index 000000000000..949d86e28c07
--- /dev/null
+++ b/src/chrome/content/rules/Stovetop.com.au.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- stovetop.com.au, equivalent to www.stovetop.com.au
+-->
+
+<ruleset name="Stovetop.com.au">
+	<target host="stovetop.com.au" />
+	<target host="www.stovetop.com.au" />
+
+	<rule from="^http://stovetop\.com\.au/"
+		to="https://www.stovetop.com.au/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stpeter.im.xml b/src/chrome/content/rules/Stpeter.im.xml
index 6acd61db97d8..4455aa8ad495 100644
--- a/src/chrome/content/rules/Stpeter.im.xml
+++ b/src/chrome/content/rules/Stpeter.im.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.stpeter.im/ => https://stpeter.im/: (51, "SSL: no altern
 		- mailhost
 
 -->
-<ruleset name="stpeter.im (partial)" default_off='failed ruleset test'>
+<ruleset name="stpeter.im (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/StrangeWorlds.xml b/src/chrome/content/rules/StrangeWorlds.xml
index b77c72d91de8..35b1b15b851c 100644
--- a/src/chrome/content/rules/StrangeWorlds.xml
+++ b/src/chrome/content/rules/StrangeWorlds.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://strangeworlds.co.uk/ => https://strangeworlds.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="StrangeWorlds" default_off='failed ruleset test'>
+<ruleset name="StrangeWorlds" default_off="failed ruleset test">
 
 	<target host="strangeworlds.co.uk" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Strategic_Management_Society.xml b/src/chrome/content/rules/Strategic_Management_Society.xml
index ab2672a3e3b0..00135ea001f8 100644
--- a/src/chrome/content/rules/Strategic_Management_Society.xml
+++ b/src/chrome/content/rules/Strategic_Management_Society.xml
@@ -6,10 +6,10 @@ Fetch error: http://strategicmanagement.net/ => https://strategicmanagement.net/
 	www redirects to http before redirecting to !www.
 
 -->
-<ruleset name="Strategic Management Society" default_off='failed ruleset test'>
+<ruleset name="Strategic Management Society" default_off="failed ruleset test">
 
 	<target host="strategicmanagement.net" />
-	<target host="*.strategicmanagement.net" />
+	<target host="www.strategicmanagement.net" />
 
 
 	<securecookie host="^\.strategicmanagement\.net$" name=".+" />
@@ -18,4 +18,4 @@ Fetch error: http://strategicmanagement.net/ => https://strategicmanagement.net/
 	<rule from="^http://(?:www\.)?strategicmanagement\.net/"
 		to="https://strategicmanagement.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stratum_0.xml b/src/chrome/content/rules/Stratum_0.xml
index 88b096b1a091..3bb79735ab25 100644
--- a/src/chrome/content/rules/Stratum_0.xml
+++ b/src/chrome/content/rules/Stratum_0.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Strawpoll.me.xml b/src/chrome/content/rules/Strawpoll.me.xml
index d0409801eb0c..982bdf4305a4 100644
--- a/src/chrome/content/rules/Strawpoll.me.xml
+++ b/src/chrome/content/rules/Strawpoll.me.xml
@@ -13,7 +13,7 @@
 		<test url="http://strawpoll.me/login" />
 		<test url="http://strawpoll.me/register" />
 		<exclusion pattern="^http://strawpoll\.me/$" />
-	
+
 	<target host="www.strawpoll.me" />
 		<test url="http://www.strawpoll.me/1" />
 		<test url="http://www.strawpoll.me/login" />
@@ -21,13 +21,13 @@
 		<exclusion pattern="^http://www\.strawpoll\.me/$" />
 
 	<target host="support.strawpoll.me" />
-	
+
 	<!-- static-strawpoll.cursecdn.com and media-strawpoll.cursecdn.com handled by Curse.xml -->
 
 	<!-- At least polls, login and registration work over HTTPS -->
 	<rule from="^http://(www\.)?strawpoll\.me/([0-9]+|login|register)$"
 		to="https://$1strawpoll.me/$2"/>
-	
+
 	<!-- https://support.strawpoll.me/ redirects to https://strawpoll.zendesk.com/ -->
 	<rule from="^http://support\.strawpoll\.me/"
 		to="https://strawpoll.zendesk.com/"/>
diff --git a/src/chrome/content/rules/StreamGoals.com.xml b/src/chrome/content/rules/StreamGoals.com.xml
new file mode 100644
index 000000000000..812c39d5b8fb
--- /dev/null
+++ b/src/chrome/content/rules/StreamGoals.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StreamGoals.com">
+	<target host="streamgoals.com" />
+	<target host="www.streamgoals.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/StreamMyGame.xml b/src/chrome/content/rules/StreamMyGame.xml
deleted file mode 100644
index d82cf7b86222..000000000000
--- a/src/chrome/content/rules/StreamMyGame.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="StreamMyGame">
-
-	<target host="streammygame.com" />
-	<target host="www.streammygame.com" />
-
-
-	<securecookie host="^(?:www\.)?streammygame\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/StreamVI.com.xml b/src/chrome/content/rules/StreamVI.com.xml
new file mode 100644
index 000000000000..42da3f80c0c4
--- /dev/null
+++ b/src/chrome/content/rules/StreamVI.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="StreamVI.com">
+	<target host="streamvi.com" />
+	<target host="www.streamvi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Streamfarm.net.xml b/src/chrome/content/rules/Streamfarm.net.xml
index 3bda22846e5f..dbf9060f2e8e 100644
--- a/src/chrome/content/rules/Streamfarm.net.xml
+++ b/src/chrome/content/rules/Streamfarm.net.xml
@@ -4,15 +4,15 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://c17001-o.l.core.cdn.streamfarm.net/ => https://c17001-o.l.core.cdn.streamfarm.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Streamfarm.net" default_off='failed ruleset test'>
+<ruleset name="Streamfarm.net" default_off="failed ruleset test">
   <target host="*.core.cdn.streamfarm.net" />
 
-<!-- 
+<!--
 	breaks jumpradio.de
 -->
 
   <exclusion pattern="^http://c22033\-ls\.i\.core\.cdn\.streamfarm\.net/" />
-  
+
   <test url="http://c1000305-o.p.core.cdn.streamfarm.net/" />
   <test url="http://c13009-l.l.core.cdn.streamfarm.net/" />
   <test url="http://c17001-o.l.core.cdn.streamfarm.net/" />
diff --git a/src/chrome/content/rules/Streamja.com.xml b/src/chrome/content/rules/Streamja.com.xml
new file mode 100644
index 000000000000..513f77d474cc
--- /dev/null
+++ b/src/chrome/content/rules/Streamja.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Streamja.com">
+	<target host="streamja.com" />
+	<target host="www.streamja.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Streamtip.com.xml b/src/chrome/content/rules/Streamtip.com.xml
deleted file mode 100644
index cd292ea32942..000000000000
--- a/src/chrome/content/rules/Streamtip.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other NightDev coverage, see NightDev.com.xml.
-
--->
-<ruleset name="Streamtip.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="streamtip.com" />
-	<target host="www.streamtip.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Street_Moda.xml b/src/chrome/content/rules/Street_Moda.xml
index 0380f798b83d..b73b343437d2 100644
--- a/src/chrome/content/rules/Street_Moda.xml
+++ b/src/chrome/content/rules/Street_Moda.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Strelkacard.ru.xml b/src/chrome/content/rules/Strelkacard.ru.xml
index 2eb2e5f93b7a..1c60ac116dc0 100644
--- a/src/chrome/content/rules/Strelkacard.ru.xml
+++ b/src/chrome/content/rules/Strelkacard.ru.xml
@@ -3,7 +3,7 @@
 	<target host="strelkacard.ru" />
 	<target host="www.strelkacard.ru" />
 	<target host="lk.strelkacard.ru" />
-	
+
 	<rule from="^http://www\.strelkacard\.ru/"
 		to="https://strelkacard.ru/" />
 
diff --git a/src/chrome/content/rules/Stripe.com.xml b/src/chrome/content/rules/Stripe.com.xml
index 3023bb9ac370..e3f71dd89171 100644
--- a/src/chrome/content/rules/Stripe.com.xml
+++ b/src/chrome/content/rules/Stripe.com.xml
@@ -1,8 +1,4 @@
 <!--
-	Other Stripe rulesets:
-
-		- StripeCDN.com.xml
-
 	Insecure cookies are set for these domains and hosts:
 
 		- .stripe.com
diff --git a/src/chrome/content/rules/StripeCDN.com.xml b/src/chrome/content/rules/StripeCDN.com.xml
deleted file mode 100644
index 7082a8a1b0cb..000000000000
--- a/src/chrome/content/rules/StripeCDN.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Stipe coverage, see Stripe.com.xml.
-
-
-	These altnames don't exist:
-
-		- c.stripecdn.com
-		- d.stripecdn.com
-
--->
-<ruleset name="StripeCDN.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="stripecdn.com" />
-	<target host="a.stripecdn.com" />
-	<target host="b.stripecdn.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stroeerdigitalmedia.xml b/src/chrome/content/rules/Stroeerdigitalmedia.xml
index be08344efd70..130978898d59 100644
--- a/src/chrome/content/rules/Stroeerdigitalmedia.xml
+++ b/src/chrome/content/rules/Stroeerdigitalmedia.xml
@@ -2,4 +2,4 @@
 <target host="cdn.stroeerdigitalmedia.de" />
 
 <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Stuart-Robbins.xml b/src/chrome/content/rules/Stuart-Robbins.xml
deleted file mode 100644
index 2bf6af7b4713..000000000000
--- a/src/chrome/content/rules/Stuart-Robbins.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Stuart Robbins" default_off="mismatched">
-
-	<!--	Cert: *.hostmonster.com	-->
-	<target host="*.sjrdesign.net" />
-
-
-	<rule from="^http://about\.sjrdesign\.net/"
-		to="https://sjrdesign.net/~sjrdesig/about/" />
-
-	<!--	At least some files are too long to fetch via secure.hostmonster.com.	-->
-	<rule from="^http://photos\.sjrdesign\.net/"
-		to="https://sjrdesign.net/~sjrdesig/photos/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.co.uk.xml b/src/chrome/content/rules/Stubhub.co.uk.xml
new file mode 100644
index 000000000000..708ffc9bb3b2
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.co.uk.xml
@@ -0,0 +1,40 @@
+<!--
+	For other Stubhub coverage, see Stubhub.com.xml
+
+
+	Non-functional subdomains:
+
+		- blog	(t)
+		- intl	(SSL connnection error)
+		- log	(t)
+		- secure	(SSL connnection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.co.uk">
+
+	<target host="stubhub.co.uk" />
+	<target host="www.stubhub.co.uk" />
+	<target host="buy.stubhub.co.uk" />
+	<target host="data.stubhub.co.uk" />
+	<target host="iam.stubhub.co.uk" />
+	<target host="m.stubhub.co.uk" />
+	<target host="myaccount.stubhub.co.uk" />
+	<target host="pro.stubhub.co.uk" />
+	<target host="publicfeed.stubhub.co.uk" />
+	<target host="sell.stubhub.co.uk" />
+	<target host="smetrics.stubhub.co.uk" />
+	<target host="stubconnect.stubhub.co.uk" />
+	<target host="track.stubhub.co.uk" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.com.xml b/src/chrome/content/rules/Stubhub.com.xml
new file mode 100644
index 000000000000..4c46b0d4f6b3
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.com.xml
@@ -0,0 +1,127 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://cms.stubhub.com/ => https://cms.stubhub.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cms.stubhub.com'")
+Fetch error: http://engineering.stubhub.com/ => https://engineering.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://iam.stubhub.com/ => https://iam.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://pro.stubhub.com/ => https://pro.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://sonartickets.stubhub.com/ => https://sonartickets.stubhub.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://stubhub.com/ => https://stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://www.stubhub.com/ => https://www.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://blog.stubhub.com/ => https://blog.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://bugsnag.stubhub.com/ => https://bugsnag.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://buy.stubhub.com/ => https://buy.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://cat.stubhub.com/ => https://cat.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://log.stubhub.com/ => https://log.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://m.stubhub.com/ => https://m.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://myaccount.stubhub.com/ => https://myaccount.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://sell.stubhub.com/ => https://sell.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://stubconnect.stubhub.com/ => https://stubconnect.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://telluwhat.stubhub.com/ => https://telluwhat.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://tickettech.stubhub.com/ => https://tickettech.stubhub.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://track.stubhub.com/ => https://track.stubhub.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Other Stubhub rulesets:
+		- Stubhub.co.uk.xml
+		- Stubhub.ca.xml
+		- Stubhub.de.xml
+		- Stubhub.fr.xml
+		- stubhubstatic.com.xml
+
+
+	Non-functional subdomains:
+		- apipublish	(t)
+		- autobulk	(t)
+		- autodiscover	(r)
+		- www.comarena	(m)
+		- intl	(t)
+		- www.jetsauction	(m)
+		- lsp	(t)
+		- orderreview	(t)
+		- secure	(t)
+		- stubconnect2	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.com">
+
+	<!-- target host="stubhub.com" /-->
+	<!-- target host="www.stubhub.com" /-->
+	<target host="ak.stubhub.com" />
+	<target host="api.stubhub.com" />
+	<target host="apisupport.stubhub.com" />
+	<target host="benedumcenter.stubhub.com" />
+	<!-- target host="blog.stubhub.com" /-->
+	<target host="bpm.stubhub.com" />
+	<!-- target host="bugsnag.stubhub.com" /-->
+	<!-- target host="buy.stubhub.com" /-->
+	<target host="cache1.stubhub.com" />
+	<!-- target host="cat.stubhub.com" /-->
+	<target host="chargers.stubhub.com" />
+	<target host="cirque.stubhub.com" />
+	<!-- target host="cms.stubhub.com" /-->
+	<target host="concerts.stubhub.com" />
+	<target host="cowboys.stubhub.com" />
+	<target host="cyclones.stubhub.com" />
+	<target host="dailynews.stubhub.com" />
+	<target host="danpatrick.stubhub.com" />
+	<target host="data.stubhub.com" />
+	<target host="developer.stubhub.com" />
+	<target host="email.stubhub.com" />
+	<!-- target host="engineering.stubhub.com" /-->
+	<target host="forum.stubhub.com" />
+	<target host="giants.stubhub.com" />
+	<target host="gotogether.stubhub.com" />
+	<target host="httpwww.stubhub.com" />
+	<!-- target host="iam.stubhub.com" /-->
+	<target host="jetsauction.stubhub.com" />
+	<!-- target host="log.stubhub.com" /-->
+	<!-- target host="m.stubhub.com" /-->
+	<target host="mariners.stubhub.com" />
+	<target host="music.stubhub.com" />
+	<!-- target host="myaccount.stubhub.com" /-->
+	<target host="partnerfeed.stubhub.com" />
+	<target host="partnersapi.stubhub.com" />
+	<target host="patriots.stubhub.com" />
+	<target host="pe.stubhub.com" />
+	<target host="pluck.stubhub.com" />
+	<target host="pluckstage.stubhub.com" />
+	<!-- target host="pro.stubhub.com" /-->
+	<target host="publicfeed.stubhub.com" />
+	<!-- target host="sell.stubhub.com" /-->
+	<!-- target host="sonartickets.stubhub.com" /-->
+	<target host="sports.stubhub.com" />
+	<target host="srwp01gtm001.stubhub.com" />
+	<!-- target host="stubconnect.stubhub.com" /-->
+	<target host="swww.stubhub.com" />
+	<!-- target host="telluwhat.stubhub.com" /-->
+	<target host="test.stubhub.com" />
+	<!-- target host="tickettech.stubhub.com" /-->
+	<target host="touch.stubhub.com" />
+	<!-- target host="track.stubhub.com" /-->
+	<target host="tracking.stubhub.com" />
+	<target host="venues.stubhub.com" />
+	<target host="was.stubhub.com" />
+	<target host="ww.stubhub.com" />
+	<target host="wwgm.stubhub.com" />
+	<target host="www10.stubhub.com" />
+	<target host="wwww.stubhub.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.de.xml b/src/chrome/content/rules/Stubhub.de.xml
new file mode 100644
index 000000000000..385bd400b94a
--- /dev/null
+++ b/src/chrome/content/rules/Stubhub.de.xml
@@ -0,0 +1,39 @@
+<!--
+	For other Stubhub coverage, see Stubhub.com.xml
+
+
+	Non-functional subdomains:
+
+		- static	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Wildcard DNS and cert.
+-->
+<ruleset name="Stubhub.de">
+
+	<target host="stubhub.de" />
+	<target host="www.stubhub.de" />
+	<target host="apipublish.stubhub.de" />
+	<target host="buy.stubhub.de" />
+	<target host="data.stubhub.de" />
+	<target host="developer.stubhub.de" />
+	<target host="iam.stubhub.de" />
+	<target host="log.stubhub.de" />
+	<target host="m.stubhub.de" />
+	<target host="myaccount.stubhub.de" />
+	<target host="pro.stubhub.de" />
+	<target host="publicfeed.stubhub.de" />
+	<target host="sell.stubhub.de" />
+	<target host="stubconnect.stubhub.de" />
+	<target host="track.stubhub.de" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.mx.xml b/src/chrome/content/rules/Stubhub.mx.xml
deleted file mode 100644
index e6da32bcbe59..000000000000
--- a/src/chrome/content/rules/Stubhub.mx.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Stubhub coverage, see Stubhub.com.xml
-
-
-	Non-functional subdomains:
-
-		- static	(t)
-
-	e: expired certificate
-	h: http redirect
-	i: invalid certificate chain
-	m: certificate mismatch
-	r: connection refused
-	s: self-signed certificate
-	t: timeout on https
--->
-<ruleset name="Stubhub.mx">
-
-	<target host="stubhub.mx" />
-	<target host="www.stubhub.mx" />
-	<target host="iam.stubhub.mx" />
-	<target host="myaccount.stubhub.mx" />
-	<target host="sell.stubhub.mx" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.pt.xml b/src/chrome/content/rules/Stubhub.pt.xml
deleted file mode 100644
index 8ae101cca06e..000000000000
--- a/src/chrome/content/rules/Stubhub.pt.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	For other Stubhub coverage, see Stubhub.com.xml
--->
-<ruleset name="Stubhub.pt">
-
-	<target host="stubhub.pt" />
-	<target host="www.stubhub.pt" />
-	<target host="intl.stubhub.pt" />
-	<target host="secure.stubhub.pt" />
-		<test url="http://secure.stubhub.pt/robots.txt" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Stubhub.xml b/src/chrome/content/rules/Stubhub.xml
deleted file mode 100644
index 0892cfe29f09..000000000000
--- a/src/chrome/content/rules/Stubhub.xml
+++ /dev/null
@@ -1,67 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://static.stubhub.com/ => https://static.stubhub.com/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://static.stubhub.de/ => https://static.stubhub.de/: (28, 'Connection timed out after 20000 milliseconds')
-
--->
-<ruleset name="Stubhub" default_off='failed ruleset test'>
-
-	<target host="stubhub.com" />
-	<target host="www.stubhub.com" />
-	<target host="buy.stubhub.com" />
-	<target host="data.stubhub.com" />
-	<target host="m.stubhub.com" />
-	<target host="myaccount.stubhub.com" />
-	<target host="pro.stubhub.com" />
-	<target host="publicfeed.stubhub.com" />
-	<target host="sell.stubhub.com" />
-	<target host="static.stubhub.com" />
-	<target host="stubconnect.stubhub.com" />
-	<target host="track.stubhub.com" />
-
-	<target host="stubhub.de" />
-	<target host="www.stubhub.de" />
-	<target host="buy.stubhub.de" />
-	<target host="m.stubhub.de" />
-	<target host="myaccount.stubhub.de" />
-	<target host="pro.stubhub.de" />
-	<target host="publicfeed.stubhub.de" />
-	<target host="sell.stubhub.de" />
-	<target host="static.stubhub.de" />
-	<target host="stubconnect.stubhub.de" />
-
-	<target host="stubhub.co.uk" />
-	<target host="www.stubhub.co.uk" />
-	<target host="buy.stubhub.co.uk" />
-	<target host="m.stubhub.co.uk" />
-	<target host="myaccount.stubhub.co.uk" />
-	<target host="pro.stubhub.co.uk" />
-	<target host="publicfeed.stubhub.co.uk" />
-	<target host="sell.stubhub.co.uk" />
-	<target host="static.stubhub.co.uk" />
-	<target host="stubconnect.stubhub.co.uk" />
-
-
-	<target host="*.stubhubstatic.com" />
-
-
-	<test url="http://cache1.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache2.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache3.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache11.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache12.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache13.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache14.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache15.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache22.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-	<test url="http://cache33.stubhubstatic.com/resources/shape/styles/common-1.13.1/app.min.css" />
-
-
-	<securecookie host="^(?:.*\.)?stubhub\.(de|co\.uk|com)$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/StudentDoctor.net.xml b/src/chrome/content/rules/StudentDoctor.net.xml
index 1f94096f6806..5f04a50ee688 100644
--- a/src/chrome/content/rules/StudentDoctor.net.xml
+++ b/src/chrome/content/rules/StudentDoctor.net.xml
@@ -1,10 +1,11 @@
 <ruleset name="Student Doctor Network">
-	<target host="forums.studentdoctor.net" />
+	<target host="studentdoctor.net" />
 	<target host="www.studentdoctor.net" />
-	<target host="help.studentdoctor.net" />
-	<target host="schools.studentdoctor.net" />
 	<target host="dds.studentdoctor.net" />
 	<target host="experts.studentdoctor.net" />
+	<target host="forums.studentdoctor.net" />
+	<target host="help.studentdoctor.net" />
+	<target host="schools.studentdoctor.net" />
 
 	<rule from="^http:"
 			to="https:" />
diff --git a/src/chrome/content/rules/Student_Aid_Calculator.com.xml b/src/chrome/content/rules/Student_Aid_Calculator.com.xml
deleted file mode 100644
index 2cf85c77b050..000000000000
--- a/src/chrome/content/rules/Student_Aid_Calculator.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	www: refused
-
--->
-<ruleset name="Student Aid Calculator.com">
-
-	<target host="studentaidcalculator.com" />
-	<target host="*.studentaidcalculator.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^studentaidcalculator\.com$" name="^ASP\.NET_SessionId$" /-->
-	<!--securecookie host="^uoregon\.studentaidcalculator\.com$" name="^(ASP\.NET_SessionId|npc_last_access|npc_stid)$" /-->
-
-	<securecookie host="^(?:[\w-]+\.)?studentaidcalculator\.com$" name=".+" />
-
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://www\.studentaidcalculator\.com/.*"
-		to="https://studentaidcalculator.com/" />
-
-	<rule from="^http://([\w-]+\.)?studentaidcalculator\.com/"
-		to="https://$1studentaidcalculator.com/" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml b/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml
index 852a901b4ddf..188188cf13c6 100644
--- a/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml
+++ b/src/chrome/content/rules/Students_for_Sensible_Drug_Policy.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StudiesAbroad.com.xml b/src/chrome/content/rules/StudiesAbroad.com.xml
index 826b3d08e6f6..fe9ae45daa95 100644
--- a/src/chrome/content/rules/StudiesAbroad.com.xml
+++ b/src/chrome/content/rules/StudiesAbroad.com.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StudySchedule.org.xml b/src/chrome/content/rules/StudySchedule.org.xml
index ef23a8b8aa08..aa4c88ffce37 100644
--- a/src/chrome/content/rules/StudySchedule.org.xml
+++ b/src/chrome/content/rules/StudySchedule.org.xml
@@ -1,6 +1,6 @@
 <!--
 	Problematic subdomains:
-	
+
 	blog.studyschedule.org (Bad gateway)
 -->
 
diff --git a/src/chrome/content/rules/StudyinAustralia.xml b/src/chrome/content/rules/StudyinAustralia.xml
index b6b198685b9b..628c945488de 100644
--- a/src/chrome/content/rules/StudyinAustralia.xml
+++ b/src/chrome/content/rules/StudyinAustralia.xml
@@ -1,7 +1,7 @@
 <ruleset name="Study in Australia">
 	<target host="studyinaustralia.gov.au" />
-	<target host="*.studyinaustralia.gov.au" />
+	<target host="www.studyinaustralia.gov.au" />
 
 	<rule from="^http://(?:www\.)?studyinaustralia\.gov\.au/"
 		to="https://www.studyinaustralia.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/StumblingOn.com.xml b/src/chrome/content/rules/StumblingOn.com.xml
new file mode 100644
index 000000000000..60c0d8a5a973
--- /dev/null
+++ b/src/chrome/content/rules/StumblingOn.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="StumblingOn.com">
+	<target host="stumblingon.com" />
+	<target host="www.stumblingon.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Stupid.com.xml b/src/chrome/content/rules/Stupid.com.xml
index c88a8627a28e..8d6ce3520323 100644
--- a/src/chrome/content/rules/Stupid.com.xml
+++ b/src/chrome/content/rules/Stupid.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://stupid.com/ => https://stupid.com/: Too many redirects while
 Fetch error: http://www.stupid.com/ => https://www.stupid.com/: Too many redirects while fetching 'https://www.stupid.com/'
 
 -->
-<ruleset name="Stupid.com" default_off='failed ruleset test'>
+<ruleset name="Stupid.com" default_off="failed ruleset test">
 
 	<target host="stupid.com" />
 	<target host="www.stupid.com" />
diff --git a/src/chrome/content/rules/Style.com.xml b/src/chrome/content/rules/Style.com.xml
index 86f37b1edac4..c09f6bd69591 100644
--- a/src/chrome/content/rules/Style.com.xml
+++ b/src/chrome/content/rules/Style.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.style.com/ => https://www.style.com/: (60, 'SSL certific
 	For other Condé Nast coverage, see Conde-Nast.xml.
 
 -->
-<ruleset name="Style.com" default_off='failed ruleset test'>
+<ruleset name="Style.com" default_off="failed ruleset test">
 
 	<target host="style.com" />
 	<target host="bellboy.style.com" />
diff --git a/src/chrome/content/rules/StyleCaster.com.xml b/src/chrome/content/rules/StyleCaster.com.xml
new file mode 100644
index 000000000000..5274f0f4c1dd
--- /dev/null
+++ b/src/chrome/content/rules/StyleCaster.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Connection closed:
+		- thetryonstudio.stylecaster.com
+
+	Connection refused:
+		- videos.stylecaster.com
+
+	Invalid certificate:
+		- cb.stylecaster.com
+		- community.stylecaster.com, equivalent to stylecaster.com
+		- click.email.stylecaster.com
+		- pages.email.stylecaster.com
+		- view.email.stylecaster.com
+		- home.stylecaster.com, equivalent to stylecaster.com
+		- liveintent.stylecaster.com, equivalent to p.liadm.com
+		- news-cdn.stylecaster.com
+		- news.stylecaster.com, equivalent to stylecaster.com
+		- sa-cdn.stylecaster.com
+		- search.stylecaster.com
+		- shop.stylecaster.com
+		- stylestudio.stylecaster.com
+		- ua-cdn.stylecaster.com
+-->
+
+<ruleset name="StyleCaster.com">
+	<target host="stylecaster.com" />
+	<target host="www.stylecaster.com" />
+	<target host="community.stylecaster.com" />
+	<target host="home.stylecaster.com" />
+	<target host="liveintent.stylecaster.com" />
+	<target host="news.stylecaster.com" />
+
+	<rule from="^http://(community|home|news)\.stylecaster\.com/"
+		to="https://stylecaster.com/" />
+
+	<rule from="^http://liveintent\.stylecaster\.com/"
+		to="https://p.liadm.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SubDownloader.net.xml b/src/chrome/content/rules/SubDownloader.net.xml
index 8bf387b44189..adfe34a8d3f7 100644
--- a/src/chrome/content/rules/SubDownloader.net.xml
+++ b/src/chrome/content/rules/SubDownloader.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?subdownloader\.net/"
 		to="https://subdownloader.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Subeta.xml b/src/chrome/content/rules/Subeta.xml
index 964df5c73249..5a1534fd2bd3 100644
--- a/src/chrome/content/rules/Subeta.xml
+++ b/src/chrome/content/rules/Subeta.xml
@@ -15,7 +15,7 @@
 	<target host="images.subeta.net" />
 	<target host="img.subeta.net" />
 	<target host="pets.subeta.net" />
-	
+
 	<securecookie host="^\w" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Submission-Technology.xml b/src/chrome/content/rules/Submission-Technology.xml
index 2d19897e3f39..b0482b12e76b 100644
--- a/src/chrome/content/rules/Submission-Technology.xml
+++ b/src/chrome/content/rules/Submission-Technology.xml
@@ -6,13 +6,13 @@ Fetch error: http://ssl.submissiontechnology.co.uk/ => https://ssl.submissiontec
 Fetch error: http://www.submissiontechnology.co.uk/ => https://www.submissiontechnology.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Submission Technology" default_off='failed ruleset test'>
+<ruleset name="Submission Technology" default_off="failed ruleset test">
 
 	<target host="submissiontechnology.co.uk" />
 	<target host="ssl.submissiontechnology.co.uk" />
 	<target host="www.submissiontechnology.co.uk" />
 
-	<securecookie host="^(?:.*\.)?submissiontechnology\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	ssl redirects to www, cert expired	-->
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Subrosa.io.xml b/src/chrome/content/rules/Subrosa.io.xml
index ae471be34477..c3c7c14e0c44 100644
--- a/src/chrome/content/rules/Subrosa.io.xml
+++ b/src/chrome/content/rules/Subrosa.io.xml
@@ -6,7 +6,7 @@ Fetch error: http://subrosa.io/ => https://subrosa.io/: (28, 'Connection timed o
 	www.subrosa.io doesn't exist.
 
 -->
-<ruleset name="Subrosa.io" default_off='failed ruleset test'>
+<ruleset name="Subrosa.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SubscriptionGenius.com.xml b/src/chrome/content/rules/SubscriptionGenius.com.xml
index 4c7a53abfa98..11a5403ae0b2 100644
--- a/src/chrome/content/rules/SubscriptionGenius.com.xml
+++ b/src/chrome/content/rules/SubscriptionGenius.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://support.subscriptiongenius.com/ => https://support.subscript
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="SubscriptionGenius.com" default_off='failed ruleset test'>
+<ruleset name="SubscriptionGenius.com" default_off="failed ruleset test">
 
 	<target host="subscriptiongenius.com" />
 	<target host="app.subscriptiongenius.com" />
diff --git a/src/chrome/content/rules/Subway.com.xml b/src/chrome/content/rules/Subway.com.xml
index 1a6ff290803f..66471e0bf1ec 100644
--- a/src/chrome/content/rules/Subway.com.xml
+++ b/src/chrome/content/rules/Subway.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://subway.com/ => https://subway.com/: (51, "SSL: no alternativ
 	* Secured by us
 
 -->
-<ruleset name="Subway.com" default_off='failed ruleset test'>
+<ruleset name="Subway.com" default_off="failed ruleset test">
 
 	<target host="subway.com" />
 	<target host="www.subway.com" />
diff --git a/src/chrome/content/rules/SuccessFactors.xml b/src/chrome/content/rules/SuccessFactors.xml
index afae2735590f..309b19124cba 100644
--- a/src/chrome/content/rules/SuccessFactors.xml
+++ b/src/chrome/content/rules/SuccessFactors.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://(autodiscover|blogs|career\d*|community|jobs|owa|performancemanager\d*)\.successfactors\.com/"
 		to="https://$1.successfactors.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sucuri.xml b/src/chrome/content/rules/Sucuri.xml
index d62c23d4039a..df9a764a9044 100644
--- a/src/chrome/content/rules/Sucuri.xml
+++ b/src/chrome/content/rules/Sucuri.xml
@@ -15,7 +15,7 @@ Non-2xx HTTP code: http://cloudproxy.sucuri.net/ (200) => https://cloudproxy.suc
 		- .sucuri.net
 
 -->
-<ruleset name="Sucuri.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Sucuri.net (partial)" default_off="failed ruleset test">
 
 	<target host="sucuri.net" />
 	<target host="affl.sucuri.net" />
diff --git a/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml b/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml
index 61a3451a7806..332f1157debd 100644
--- a/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml
+++ b/src/chrome/content/rules/Sudbury_Neutrino_Observatory_Institute.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Sudbury Neutrino Observatory Institute">
 
-	<target host="*.snolab.ca" />
+	<target host="www.snolab.ca" />
 
 
-	<securecookie host="^\.snolab\.ca$" name=".+" />
 
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://www\.snolab\.ca/"
-		to="https://www.snolab.ca/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suddeutsche_Zeitung-problematic.xml b/src/chrome/content/rules/Suddeutsche_Zeitung-problematic.xml
deleted file mode 100644
index 3e164cccef29..000000000000
--- a/src/chrome/content/rules/Suddeutsche_Zeitung-problematic.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For rules that are on by default, see Suddeutsche_Zeitung.xml.
-
--->
-<ruleset name="Süddeutsche Zeitung (problematic)" default_off="mismatched" platform="mixedcontent">
-
-	<target host="sueddeutsche.de" />
-	<target host="englisch.sueddeutsche.de" />
-	<target host="mediadaten.sueddeutsche.de" />
-	<target host="sz-media.sueddeutsche.de" />
-	<target host="szshop.sueddeutsche.de" />
-	<target host="www.sueddeutsche.de" />
-
-
-	<securecookie host="^(?:englisch|sz-media|www)\.sueddeutsche\.de$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?sueddeutsche\.de/"
-		to="https://www.sueddeutsche.de/" />
-
-	<rule from="^http://(englisch|sz-media|szshop|www)\.sueddeutsche\.de/"
-		to="https://$1.sueddeutsche.de/" />
-
-	<rule from="^http://mediadaten\.sueddeutsche\.de/(?:home/)?(?:$|\?)"
-		to="https://sz-media.sueddeutsche.de/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Suddeutsche_Zeitung.xml b/src/chrome/content/rules/Suddeutsche_Zeitung.xml
index a9e710a9e416..b23a1b8ab21d 100644
--- a/src/chrome/content/rules/Suddeutsche_Zeitung.xml
+++ b/src/chrome/content/rules/Suddeutsche_Zeitung.xml
@@ -1,177 +1,61 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://jetzt.sueddeutsche.de/ => https://jetzt.sueddeutsche.de/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://stellenmarkt.sueddeutsche.de/ => https://stellenmarkt.sueddeutsche.de/: Too many redirects while fetching 'https://stellenmarkt.sueddeutsche.de/'
-Fetch error: http://www.sueddeutsche.de/favicon.ico => https://www.sueddeutsche.de/favicon.ico: Too many redirects while fetching 'https://www.sueddeutsche.de/favicon.ico'
-
-	For problematic rules, see Suddeutsche_Zeitung-problematic.xml.
-
-
 	Other Süddeutsche Zeitung rulesets:
 
 		- Suddeutsche_Zeitung_Tickets.xml
 
-
-	Nonfunctional domains:
-
-		- branchenbuch.sueddeutsche.de ¹
-		- finanzen.sueddeutsche.de ²
-		- international.sueddeutsche.de ³
-		- llm.sueddeutsche.de ⁴
-		- medienberufe.sueddeutsche.de ⁴
-		- pix.sueddeutsche.de ²
-		- pixfinanzen.sueddeutsche.de	(times out)
-		- reiseangebote.sueddeutsche.de ⁴
-		- sportal-cdn.sueddeutsche.de ²
-		- sportergebnisse.sueddeutsche.de ²
-		- szmobil.sueddeutsche.de ⁵
-		- sz-veranstaltungen.sueddeutsche.de ²
-		- trauer.sueddeutsche.de ⁵
-
-	¹ Redirects to login
-	² Dropped
-	³ Tumblr
-	⁴ Redirects to http
-	⁵ Refused
-
-
 	Problematic domains:
 
-		- sueddeutsche.com		(cert only matches *.sueddeutsche.com)
-		- polpix.sueddeutsche.com	(times out)
-
-		- anzeigen-buchen.sueddeutsche.de	(Insecure renegotiation
-		- archiv.sueddeutsche.de	(mismatched, CN: *.sz.de)
-		- englisch.sueddeutsche.de	(works, mismatched, CN: www.gymglish.com)
-		- ladenwelten.sueddeutsche.de		(Mismatched, CN: *.hjr-verlag.de)
-		- maps.sueddeutsche.de			(Mixed active content)
-		- mediadaten.sueddeutsche.de	(mismatched, CN: www.cfmueller.de)
-		- sz-media.sueddeutsche.de		(Mismatched, CN: *.hjr-verlag.de)
-		- szshop.sueddeutsche.de		(Mixed active content)
-		- tickets.sueddeutsche.de		(Plaintext reply)
-		- www.sueddeutsche.de			(Mixed active content)
-
-
-	Partially covered domains:
-
-		- polpix.sueddeutsche.com	(→ www.sueddeutsche.de)
-
-		- immobilienmarkt.sueddeutsche.de	($ redirects to http)
-		- maps.sueddeutsche.de			(Avoiding broken MCB)
-		- szshop.sueddeutsche.de		(Avoiding broken MCB)
-		- www.sueddeutsche.de			(Avoiding MCB)
-
-
-	Fully covered sueddeutsche.de subdomains:
-
-		- anzeigen
-		- anzeigen-buchen
-		- epaper
-		- geoservice
-		- maerkte
-		- motormarkt
-		- service
-		- stellenmarkt
-		- sz-shop
-		- weiterbildung
-
-
-	Insecure cookies are set for these domains:
-
-		- .sueddeutsche.de
-		- anzeigen-buchen.sueddeutsche.de
-		- archiv.sueddeutsche.de
-		- epaper.sueddeutsche.de
-		- id.sueddeutsche.de
-		- ladenwelten.sueddeutsche.de
-		- service.sueddeutsche.de
-		- stellenmarkt.sueddeutsche.de
-		- sz-media.sueddeutsche.de
-		- szshop.sueddeutsche.de
-		- weiterbildung.sueddeutsche.de
-		- www.sueddeutsche.de
-
-
-	Mixed content:
-
-		- iframe on www from finanzen
-
-		- css, on:
-
-			- ladenwelten from ladenwelten
-			- maps from geoservice
-			- szshop from szshop
-			- www from polpix.sueddeutsche.com
-
-		- Image on maerkte from www.tripod.de
-
+		- jetzt.sueddeutsche.de				(Timeout)
+		- sportergebnisse.sueddeutsche.de 	(Invalid certificate)
+		- sz-shop 							(Refused)
+		- tickets.sueddeutsche.de			(Plaintext reply)
 -->
-<ruleset name="Süddeutsche Zeitung (partial)" default_off='failed ruleset test'>
-
-	<target host="polpix.sueddeutsche.com" />
-	<target host="*.sueddeutsche.de" />
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.sueddeutsche\.de$" name="^creid$" /-->
-	<!--securecookie host="^anzeigen-buchen\.sueddeutsche\.de$" name="^startquery$" /-->
-	<!--securecookie host="^archiv\.sueddeutsche\.de$" name="^BIGipServerlb-redirect_80$" /-->
-	<!--securecookie host="^epaper\.sueddeutsche\.de$" name="^(BIGipServerlb-epaper-prod_app|BIGipServerlb-pay_http)$" /-->
-	<!--securecookie host="^id\.sueddeutsche\.de$" name="^(BIGipServerlb-szid_http|szid)$" /-->
-	<!--securecookie host="^ladenwelten\.sueddeutsche\.de$" name="^(BIGipServerlb-hjrnew2_http|PHPSESSID)$" /-->
-	<!--securecookie host="^service\.sueddeutsche\.de$" name="^BIGipServerszosc-app2_http$" /-->
-	<!--securecookie host="^stellenmarkt\.sueddeutsche\.de$" name="^BIGipServerlb-moslive_http$" /-->
-	<!--securecookie host="^sz-media.sueddeutsche.de$" name="^(BIGipServerlb-hjrnew2_http|ID)$" /-->
-	<!--securecookie host="^szshop\.sueddeutsche\.de$" name="^language$" /-->
-	<!--securecookie host="^weiterbildung\.sueddeutsche\.de$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^www\.sueddeutsche\.de$" name="^BIGipServerlb-phpapp_http$" /-->
-
-	<securecookie host="^(?:anzeigen-buchen|epaper|id|service|stellenmarkt|sz-shop|weiterbildung)\.sueddeutsche\.de$" name=".+" />
-
-	<rule from="^http://polpix\.sueddeutsche\.com/"
-		to="https://www.sueddeutsche.de/" />
-
-	<rule from="^http://(anzeigen(?:-buchen)?|epaper|geoservice|global|id|jetzt|maerkte|(motor|stellen)markt|service|sz-shop|weiterbildung)\.sueddeutsche\.de/"
-		to="https://$1.sueddeutsche.de/" />
-
-	<rule from="^http://immobilienmarkt\.sueddeutsche\.de/(cms/data/|cms/fileadmin/|cms/uploads/|css/|favicon\.ico|gfx/)"
-		to="https://immobilienmarkt.sueddeutsche.de/$1" />
-
-	<rule from="^http://maps\.sueddeutsche\.de/css/"
-		to="https://maps.sueddeutsche.de/css" /> <!--subdomain can be secured completely but creates false MCB -->
-
-	<rule from="^http://szshop\.sueddeutsche\.de/(favicon\.ico|out/sz/src/)"
-		to="https://szshop.sueddeutsche.de/$1" /> <!--subdomain can be secured completely but creates false MCB -->
-
-	<rule from="^http://www\.sueddeutsche\.de/favicon\.ico"
-		to="https://www.sueddeutsche.de/favicon.ico" />
-
-	<test url="http://anzeigen.sueddeutsche.de/" />
-	<test url="http://anzeigen-buchen.sueddeutsche.de/" />
-	<test url="http://epaper.sueddeutsche.de/" />
-	<test url="http://geoservice.sueddeutsche.de/" />
-	<test url="http://global.sueddeutsche.de/assets/img/header/sprite_header.png" />
-	<test url="http://id.sueddeutsche.de/" />
-	<test url="http://jetzt.sueddeutsche.de/" />
-
-	<test url="http://immobilienmarkt.sueddeutsche.de/cms/data/images/Teaser-Bild_Maier-Immobilien.jpg" />
-	<test url="http://immobilienmarkt.sueddeutsche.de/cms/fileadmin/Dateien_OIM/interhyp/Interhyp_Logo_solo.jpg" />
-	<test url="http://immobilienmarkt.sueddeutsche.de/cms/uploads/pics/Fotolia_17056764_XS_03.jpg" />
-	<test url="http://immobilienmarkt.sueddeutsche.de/css/_global.css" />
-	<test url="http://immobilienmarkt.sueddeutsche.de/favicon.ico" />
-	<test url="http://immobilienmarkt.sueddeutsche.de/gfx/white_arrow_dirRight.png" />
-	<test url="http://maps.sueddeutsche.de/css/fonts/SZSans.woff" />
-	<test url="http://maps.sueddeutsche.de/css/fonts.css" />
-	<test url="http://motormarkt.sueddeutsche.de/" />
-	<test url="http://stellenmarkt.sueddeutsche.de/" />
+<ruleset name="Süddeutsche Zeitung (partial)" >
+
+	<target host="sueddeutsche.de" />
+	<target host="www.sueddeutsche.de" />
+	<target host="anzeigen.sueddeutsche.de" />
+	<target host="anzeigen-buchen.sueddeutsche.de" />
+	<target host="archiv.sueddeutsche.de" />
+	<target host="bildung.sueddeutsche.de" />
+	<target host="englisch.sueddeutsche.de" />
+	<target host="epaper.sueddeutsche.de" />
+	<target host="finanzen.sueddeutsche.de" />
+	<target host="geoservice.sueddeutsche.de" />
+	<target host="gfx.sueddeutsche.de" />
+	<target host="global.sueddeutsche.de" />
+		<test url="http://global.sueddeutsche.de/assets/img/header/sprite_header.png" />
+	<target host="id.sueddeutsche.de" />
+	<target host="ladenwelten.sueddeutsche.de" />
+	<target host="llm.sueddeutsche.de" />
+	<target host="immobilienmarkt.sueddeutsche.de" />
+	<target host="international.sueddeutsche.de" />
+	<target host="maerkte.sueddeutsche.de" />
+		<test url="http://maerkte.sueddeutsche.de/esi/content-modul/muenchen.html" />
+	<target host="maps.sueddeutsche.de" />
+	<target host="media-cdn.sueddeutsche.de" />
+		<test url="http://media-cdn.sueddeutsche.de/globalassets/img/unsprited/placeholder_16_9.png" />
+		<test url="http://media-cdn.sueddeutsche.de/globalassets/components/szfonts/fonts/SZSans/SZSans-Bold.woff2" />
+	<target host="medienberufe.sueddeutsche.de" />
+	<target host="motormarkt.sueddeutsche.de" />
+	<target host="reiseangebote.sueddeutsche.de" />
+	<target host="paybox-ui.sueddeutsche.de" />
+		<test url="http://paybox-ui.sueddeutsche.de/assets/css/paybox.css" />
+	<target host="pix.sueddeutsche.de" />
+	<target host="projekte.sueddeutsche.de" />
+	<target host="service.sueddeutsche.de" />
+	<target host="stellenmarkt.sueddeutsche.de" />
+	<target host="sz-media.sueddeutsche.de" />
+	<target host="sz-veranstaltungen.sueddeutsche.de" />
+	<target host="szshop.sueddeutsche.de" />
+	<target host="trauer.sueddeutsche.de" />
+	<target host="weiterbildung.sueddeutsche.de" />
+
+	<target host="jetzt.de" />
+	<target host="www.jetzt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
-	<test url="http://maerkte.sueddeutsche.de/" />
-	<test url="http://service.sueddeutsche.de/" />
-	<test url="http://sz-shop.sueddeutsche.de/" />
-	<test url="http://szshop.sueddeutsche.de/favicon.ico" />
-	<test url="http://szshop.sueddeutsche.de/out/sz/src/css/libs/jscrollpane.css" />
-	<test url="http://szshop.sueddeutsche.de/out/sz/src/css/styles.css" />
-	<test url="http://weiterbildung.sueddeutsche.de/" />
-	<test url="http://www.sueddeutsche.de/favicon.ico" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sugarsync.com.xml b/src/chrome/content/rules/Sugarsync.com.xml
index 083284008e0d..fd94c4857841 100644
--- a/src/chrome/content/rules/Sugarsync.com.xml
+++ b/src/chrome/content/rules/Sugarsync.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://sugarsync.com/ => https://sugarsync.com/: (60, 'SSL certific
 	See <https://en.wikipedia.org/wiki/SugarSync>.
 
 	Not supporting HTTPS or using an invalid certificate:
-		
+
 		* betasupport.sugarsync.com
 		* blog.sugarsync.com
 		* brendapie.sugarsync.com
@@ -34,7 +34,7 @@ Fetch error: http://sugarsync.com/ => https://sugarsync.com/: (60, 'SSL certific
 		* sugar274.sugarsync.com
 		* wwwa.sugarsync.com
 -->
-<ruleset name="SugarSync" default_off='failed ruleset test'>
+<ruleset name="SugarSync" default_off="failed ruleset test">
 
 	<target host="sugarsync.com" />
 
diff --git a/src/chrome/content/rules/SuicideGirls.xml b/src/chrome/content/rules/SuicideGirls.xml
index acee6b0a9a14..e3e185cffbcf 100644
--- a/src/chrome/content/rules/SuicideGirls.xml
+++ b/src/chrome/content/rules/SuicideGirls.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suitecrm.com.xml b/src/chrome/content/rules/Suitecrm.com.xml
new file mode 100644
index 000000000000..44fda4e0aae3
--- /dev/null
+++ b/src/chrome/content/rules/Suitecrm.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Incomplete certificate chain:
+		- docs.suitecrm.com
+		- forum.suitecrm.com
+
+	Mismatched:
+		- wordpress.uat.suitecrm.com
+-->
+<ruleset name="Suitecrm.com">
+	<target host="suitecrm.com" />
+	<target host="www.suitecrm.com" />
+	<target host="marketing.suitecrm.com" />
+	<target host="portal.suitecrm.com" />
+	<target host="sodsite.staging.suitecrm.com" />
+	<target host="wpsite.staging.suitecrm.com" />
+	<target host="store.suitecrm.com" />
+	<target host="webinar.suitecrm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Suitey.com.xml b/src/chrome/content/rules/Suitey.com.xml
index c4aa1cc2ca91..b283888775a9 100644
--- a/src/chrome/content/rules/Suitey.com.xml
+++ b/src/chrome/content/rules/Suitey.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.suitey.com/ => https://www.suitey.com/: (51, "SSL: no al
 		- d1i0b14063qyxc.cloudfront.net
 
 -->
-<ruleset name="Suitey.com" default_off='failed ruleset test'>
+<ruleset name="Suitey.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/SummitPost.xml b/src/chrome/content/rules/SummitPost.xml
deleted file mode 100644
index f391dd594bb3..000000000000
--- a/src/chrome/content/rules/SummitPost.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(no https)
-
--->
-<ruleset name="SummitPost (partial)">
-
-	<target host="images.summitpost.org" />
-
-
-	<rule from="^http://images\.summitpost\.org/"
-		to="https://c278592.ssl.cf0.rackcdn.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Sumo_Logic.com.xml b/src/chrome/content/rules/Sumo_Logic.com.xml
index e8da7c90188f..4f589df87ac3 100644
--- a/src/chrome/content/rules/Sumo_Logic.com.xml
+++ b/src/chrome/content/rules/Sumo_Logic.com.xml
@@ -1,120 +1,19 @@
 <!--
-	Nonfunctional subdomains:
-
-		- go ¹
-		- help ²
-		- operations ³
-
-	¹ Handshake fails
-	² Refused
-	³ Dropped
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- mail ²
-		- status ³
-
-	¹ Dropped
-	² Handshake fails
-	³ StatusPage.io
-
-
-	Partially covered subdomains:
-
-		- operations *	(→ sumologic.statuspage.io)
-
-	* .+ doesn't redirect
-
-
-	Fully covered subdomains:
-
-		- (www.)?	(^ → www)
-		- api
-		- collectors
-		- mail		(→ mail.google.com)
-		- service
-		- status	(→ sumologic.statuspage.io)
-		- support
-
-
-	These altnames don't exist:
-
-		- analytics.sumologic.com
-		- applications.sumologic.com
-		- billing.sumologic.com
-		- blog.sumologic.com
-		- community.sumologic.com
-		- data.sumologic.com
-		- developers.sumologic.com
-		- forum.sumologic.com
-		- jobs.sumologic.com
-		- logreduce.sumologic.com
-		- plp.sumologic.com
-		- sales.sumologic.com
-		- security.sumologic.com
-		- signup.sumologic.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- api.sumologic.com
-		- collectors.sumologic.com
-		- info.sumologic.com
-
+	Connection closed:
+		- go
+		- mail
 -->
-<ruleset name="Sumo Logic.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="api.sumologic.com" />
-	<target host="collectors.sumologic.com" />
-	<target host="info.sumologic.com" />
-	<target host="service.sumologic.com" />
-	<target host="support.sumologic.com" />
-	<target host="www.sumologic.com" />
-
-	<!--	Special cases:
-				-->
-	<target host="sumologic.com" />
-	<target host="mail.sumologic.com" />
-	<target host="operations.sumologic.com" />
-	<target host="status.sumologic.com" />
-
-		<exclusion pattern="^http://operations\.sumologic\.com/(?!$)" />
-
-			<test url="http://operations.sumologic.com/?" />
-			<test url="http://operations.sumologic.com//" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(api|collectors)\.sumologic\.com$" name="^AWSELB$" /-->
-	<!--securecookie host="^info\.sumologic\.com$" name="^BIGipServer\w+-app_https$" /-->
-
-	<securecookie host="^(?:api|collectors|info)\.sumologic\.com$" name=".+" />
-
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://sumologic\.com/+"
-		to="https://www.sumologic.com/" />
-
-		<test url="http://sumologic.com/blog/" />
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://mail\.sumologic\.com/.*"
-		to="https://mail.google.com/a/sumologic.com" />
-
-		<test url="http://mail.sumologic.com/foo" />
-
-	<rule from="^http://(?:operation|statu)s\.sumologic\.com/"
-		to="https://sumologic.statuspage.io/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+<ruleset name="SumoLogic.com (partial)">
+    <target host="sumologic.com" />
+    <target host="www.sumologic.com" />
+    <target host="api.sumologic.com" />
+    <target host="collectors.sumologic.com" />
+    <target host="help.sumologic.com" />
+    <target host="info.sumologic.com" />
+    <target host="operations.sumologic.com" />
+    <target host="service.sumologic.com" />
+    <target host="status.sumologic.com" />
+    <target host="support.sumologic.com" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SunTimes.com.xml b/src/chrome/content/rules/SunTimes.com.xml
index 67ba7d7cc6ca..546f622d7306 100644
--- a/src/chrome/content/rules/SunTimes.com.xml
+++ b/src/chrome/content/rules/SunTimes.com.xml
@@ -62,17 +62,17 @@ Fetch error: http://suntimes.com/ => https://www.suntimes.com/: (51, "SSL: no al
 	* Secured by us
 
 -->
-<ruleset name="SunTimes.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SunTimes.com (partial)" default_off="failed ruleset test">
 
 	<target host="suntimes.com" />
-	<target host="*.suntimes.com" />
+	<target host="www.suntimes.com" />
+	<target host="jobs.suntimes.com" />
 		<!--exclusion pattern="^http://(beaconnews|blogs|dev|eedition|fh|iwantit|legacy|politics|scores|searchchicago|homes\.searchchicago|specialsections|splash|tv|video|voices)\.suntimes\.com/" /-->
 
 
 	<rule from="^http://(?:www\.)?suntimes\.com/"
 		to="https://www.suntimes.com/" />
 
-	<rule from="^http://jobs\.suntimes\.com/"
-		to="https://jobs.suntimes.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SunTrust.xml b/src/chrome/content/rules/SunTrust.xml
index 2b3ecc6402e9..bec2d4d0b694 100644
--- a/src/chrome/content/rules/SunTrust.xml
+++ b/src/chrome/content/rules/SunTrust.xml
@@ -1,9 +1,16 @@
 <ruleset name="SunTrust">
   <target host="suntrust.com" />
-  <target host="*.suntrust.com" />
+  <target host="answers.suntrust.com" />
+  <target host="blog.suntrust.com" />
+  <target host="esp.suntrust.com" />
+  <target host="giftcard.suntrust.com" />
+  <target host="online401k.suntrust.com" />
+  <target host="onlinecourier.suntrust.com" />
+  <target host="otm.suntrust.com" />
+  <target host="rewards.suntrust.com" />
+  <target host="www.suntrust.com" />
 
   <rule from="^http://suntrust\.com/"
           to="https://www.suntrust.com/" />
-  <rule from="^http://(answers|blog|esp|giftcard|online401k|onlinecourier|otm|rewards|www)\.suntrust\.com/"
-          to="https://$1.suntrust.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sunbeltsoftware.com.xml b/src/chrome/content/rules/Sunbeltsoftware.com.xml
index ceaad7ecc505..62e0c37f2b19 100644
--- a/src/chrome/content/rules/Sunbeltsoftware.com.xml
+++ b/src/chrome/content/rules/Sunbeltsoftware.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://sunbeltsoftware.com/ => https://sunbeltsoftware.com/: (60, '
 Fetch error: http://www.sunbeltsoftware.com/ => https://www.sunbeltsoftware.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Sunbeltsoftware.com" default_off='failed ruleset test'>
+<ruleset name="Sunbeltsoftware.com" default_off="failed ruleset test">
 
 	<target host="sunbeltsoftware.com" />
 	<target host="www.sunbeltsoftware.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.sunbeltsoftware.com/ => https://www.sunbeltsoftware.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sundance_Channel.xml b/src/chrome/content/rules/Sundance_Channel.xml
index 98194604f756..c17b9cf6fac6 100644
--- a/src/chrome/content/rules/Sundance_Channel.xml
+++ b/src/chrome/content/rules/Sundance_Channel.xml
@@ -6,16 +6,16 @@ Fetch error: http://sundancechannel.com/ => https://www.sundancechannel.com/: (7
 Disabled by https-everywhere-checker because:
 Fetch error: http://sundancechannel.com/ => https://www.sundancechannel.com/: (7, 'Failed to connect to www.sundancechannel.com port 443: Connection timed out')
 -->
-<ruleset name="Sundance Channel" default_off='failed ruleset test'>
+<ruleset name="Sundance Channel" default_off="failed ruleset test">
 
 	<target host="sundancechannel.com" />
-	<target host="*.sundancechannel.com" />
+	<target host="www.sundancechannel.com" />
+	<target host="media.sundancechannel.com" />
 
 
 	<rule from="^http://(?:www\.)?sundancechannel\.com/"
 		to="https://www.sundancechannel.com/" />
 
-	<rule from="^http://media\.sundancechannel\.com/"
-		to="https://media.sundancechannel.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sunglass_Warehouse.xml b/src/chrome/content/rules/Sunglass_Warehouse.xml
index 0e434156ae47..a316431a283b 100644
--- a/src/chrome/content/rules/Sunglass_Warehouse.xml
+++ b/src/chrome/content/rules/Sunglass_Warehouse.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sunlight-Foundation.xml b/src/chrome/content/rules/Sunlight-Foundation.xml
deleted file mode 100644
index a3119f501640..000000000000
--- a/src/chrome/content/rules/Sunlight-Foundation.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://reporting.sunlightfoundation.com/ => https://reporting.sunlightfoundation.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://tcamp.sunlightfoundation.com/ => https://tcamp.sunlightfoundation.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://transparencycamp.org/ => https://transparencycamp.org/: (28, 'Connection timed out after 20001 milliseconds')
-
-	Buckets:
-		- assets-sfcom.s3.amazonaws.com
-		- s3.amazonaws.com/assets.sunlightfoundation.com/
-		- s3.amazonaws.com/sunlight-assets/
-
-	Mismatch:
-		- congress
-		- redacted
-		- sotu
-		- training
-		- unitedstates
-		- (www.)politicaladsleuth.com
-
-	Wrong content:
-		- churnalism
-		- politicaladsleuth
-		- politwoops
-		- staffers
-		- tryit
-		- www.transparencycamp.org
--->
-<ruleset name="sunlightfoundation.com (partial)" default_off='failed ruleset test'>
-	<target host="sunlightfoundation.com"/>
-	<target host="www.sunlightfoundation.com"/>
-	<target host="assets.sunlightfoundation.com"/>
-	<target host="login.sunlightfoundation.com"/>
-	<target host="reporting.sunlightfoundation.com"/>
-	<target host="scout.sunlightfoundation.com"/>
-	<target host="sitegeist.sunlightfoundation.com"/>
-	<target host="tcamp.sunlightfoundation.com"/>
-	<target host="transparencycamp.org"/>
-
-	<rule from="^http://assets\.sunlightfoundation\.com/"
-		to="https://s3.amazonaws.com/assets.sunlightfoundation.com/"/>
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/SunlightFoundation.com.xml b/src/chrome/content/rules/SunlightFoundation.com.xml
new file mode 100644
index 000000000000..3d64e4f6dbd6
--- /dev/null
+++ b/src/chrome/content/rules/SunlightFoundation.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- reporting.sunlightfoundation.com
+		- tcamp.sunlightfoundation.com
+		- training.sunlightfoundation.com
+		- www.sunlightfoundation.com
+
+		SSL peer certificate was not OK:
+		- politicaladsleuth.sunlightfoundation.com
+		- unitedstates.sunlightfoundation.com
+
+		Incomplete certificate chain error:
+		- politwoops.sunlightfoundation.com
+-->
+<ruleset name="SunlightFoundation.com">
+	<target host="sunlightfoundation.com" />
+
+	<securecookie host=".+" name=".+" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sunnah.one.xml b/src/chrome/content/rules/Sunnah.one.xml
new file mode 100644
index 000000000000..40d750fb915d
--- /dev/null
+++ b/src/chrome/content/rules/Sunnah.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Sunnah.one">
+	<target host="sunnah.one" />
+	<target host="www.sunnah.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SunoSanuo.com.xml b/src/chrome/content/rules/SunoSanuo.com.xml
index dc42f5985d19..d7e45105f73e 100644
--- a/src/chrome/content/rules/SunoSanuo.com.xml
+++ b/src/chrome/content/rules/SunoSanuo.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://app.sunosunao.com/ => https://app.sunosunao.com/: (51, "SSL:
 		- www	(shows app; mismatched, CN: app.sunosunao.com)
 
 -->
-<ruleset name="SunoSanuo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SunoSanuo.com (partial)" default_off="failed ruleset test">
 
 	<target host="app.sunosunao.com" />
 
@@ -28,4 +28,4 @@ Fetch error: http://app.sunosunao.com/ => https://app.sunosunao.com/: (51, "SSL:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sunrise.xml b/src/chrome/content/rules/Sunrise.xml
index 66eebea0070e..34284de59d95 100644
--- a/src/chrome/content/rules/Sunrise.xml
+++ b/src/chrome/content/rules/Sunrise.xml
@@ -1,14 +1,67 @@
-<ruleset name="Sunrise">
-    <target host="sunrise.ch" />
-    <target host="*.sunrise.ch" />
+<!--
+	Nonfunctional hosts in *.sunrise.ch:
+		- b2b.sunrise.ch (m)
+		- campaign.sunrise.ch (i)
+		- corporate.sunrise.ch (m)
+		- cpbx.sunrise.ch (m)
+		- emarketing.sunrise.ch (i)
+		- itunes.sunrise.ch (m)
+		- kobik.sunrise.ch (t)
+		- m.sunrise.ch (m)
+			- business.marketing.sunrise.ch (i)
+		- mobile.sunrise.ch (s)
+			- www.mobile.sunrise.ch (s)
+		- partners.sunrise.ch (s)
+		- survey.sunrise.ch (i)
+		- speed.sunrise.ch (s)
+		- testimonials.sunrise.ch (m)
+
+	Fetch issues:
+		- codes.sunrise.ch
+		- www.partnerdeal.sunrise.ch
 
-    <!-- www. redirects to valid www1. -->
-    <exclusion pattern="^http://www\.sunrise\.ch" />
+	h: http redirect
+	i: incomplete cert chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Sunrise">
+	<target host="sunrise.ch" />
+	<target host="www.sunrise.ch" />
+	<target host="autodiscover.sunrise.ch" />
+	<target host="cct.sunrise.ch" />
+	<target host="cockpit.sunrise.ch" />
+		<target host="www.community.sunrise.ch" />
+		<target host="home.cpbx.sunrise.ch" />
+		<target host="userportal.cpbx.sunrise.ch" />
+	<target host="e-deliverymobile.sunrise.ch" />
+	<target host="ebill.sunrise.ch" />
+	<target host="esign.sunrise.ch" />
+	<target host="event1.sunrise.ch" />
+	<target host="event2.sunrise.ch" />
+	<target host="internet.sunrise.ch" />
+		<test url="http://internet.sunrise.ch/iff/index_fr.html" />
+	<target host="jobs.sunrise.ch" />
+	<target host="lss.sunrise.ch" />
+	<target host="maps.sunrise.ch" />
+	<target host="mip.sunrise.ch" />
+	<target host="mobilepbx.sunrise.ch" />
+	<target host="msm.sunrise.ch" />
+	<target host="olympus.sunrise.ch" />
+		<target host="www.recommend.sunrise.ch" />
+	<target host="salesportal.sunrise.ch" />
+	<target host="sbp.sunrise.ch" />
+	<target host="suota.sunrise.ch" />
+	<target host="travel.sunrise.ch" />
+		<target host="serviceportal.vpbx.sunrise.ch" />
+	<target host="webmail.sunrise.ch" />
+	<target host="webmail1.sunrise.ch" />
+	<target host="webmail2.sunrise.ch" />
+	<target host="www1.sunrise.ch" />
 
-    <securecookie host="^(?:.*\.)?sunrise\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^http://sunrise\.ch/"
-        to="https://www1.sunrise.ch/"/>
-    <rule from="^http://([^/:@]+)?\.sunrise\.ch/"
-        to="https://$1.sunrise.ch/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sunrise_Print_Online.xml b/src/chrome/content/rules/Sunrise_Print_Online.xml
index 6a55c40c8384..5fa4bf29ef7a 100644
--- a/src/chrome/content/rules/Sunrise_Print_Online.xml
+++ b/src/chrome/content/rules/Sunrise_Print_Online.xml
@@ -5,7 +5,7 @@ Fetch error: http://sunriseprintonline.com/ => https://sunriseprintonline.com/:
 Fetch error: http://www.sunriseprintonline.com/ => https://www.sunriseprintonline.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Sunrise Print Online" default_off='failed ruleset test'>
+<ruleset name="Sunrise Print Online" default_off="failed ruleset test">
 
 	<target host="sunriseprintonline.com" />
 	<target host="www.sunriseprintonline.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.sunriseprintonline.com/ => https://www.sunriseprintonlin
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Suntec.net.xml b/src/chrome/content/rules/Suntec.net.xml
index b6e3ecb62868..f6aa2778942c 100644
--- a/src/chrome/content/rules/Suntec.net.xml
+++ b/src/chrome/content/rules/Suntec.net.xml
@@ -13,4 +13,4 @@
 	<rule from="^http://www\.suntec\.net/(auth|resources)/"
 		to="https://www.suntec.net/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SupaDupa.xml b/src/chrome/content/rules/SupaDupa.xml
index cef004f5249e..b05c16521b3c 100644
--- a/src/chrome/content/rules/SupaDupa.xml
+++ b/src/chrome/content/rules/SupaDupa.xml
@@ -15,16 +15,17 @@
 <ruleset name="SupaDupa (partial)">
 
 	<target host="supadupa.me" />
-	<target host="*.supadupa.me" />
+	<target host="www.supadupa.me" />
+	<target host="cdn.supadupa.me" />
+	<target host="static.supadupa.me" />
 
 
 	<securecookie host="^supadupa\.me$" name=".+" />
 
 
-	<rule from="^http://(www\.)?supadupa\.me/"
-		to="https://$1supadupa.me/" />
 
 	<rule from="^http://(?:cdn|static)\.supadupa\.me/"
 		to="https://d2cgdgk0o1xu5x.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SuperGuarantee.com.xml b/src/chrome/content/rules/SuperGuarantee.com.xml
index 9b84a5e7f92d..7fd3f5ad8684 100644
--- a/src/chrome/content/rules/SuperGuarantee.com.xml
+++ b/src/chrome/content/rules/SuperGuarantee.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.superguarantee.com/ => https://www.superguarantee.com/:
 		- Bug from fls.doubleclick.net
 
 -->
-<ruleset name="SuperGuarantee.com" default_off='failed ruleset test'>
+<ruleset name="SuperGuarantee.com" default_off="failed ruleset test">
 
 	<target host="superguarantee.com"/>
 	<target host="www.superguarantee.com"/>
@@ -27,7 +27,7 @@ Fetch error: http://www.superguarantee.com/ => https://www.superguarantee.com/:
 					-->
 	<!--securecookie host="^superguarantee\.com$" name="^NSC_\w+$" /-->
 
-	<securecookie host="^(?:.*\.)?superguarantee\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/SuperMedia.xml b/src/chrome/content/rules/SuperMedia.xml
index fc8dbe99c0b1..9b5d6c175ad8 100644
--- a/src/chrome/content/rules/SuperMedia.xml
+++ b/src/chrome/content/rules/SuperMedia.xml
@@ -8,7 +8,7 @@
 		- jobs ²
 
 	¹ Redirects to http before dexmedia.com
-	² Connection refused at redirect destination 
+	² Connection refused at redirect destination
 
 -->
 <ruleset name="SuperMedia.com (partial)">
diff --git a/src/chrome/content/rules/SuperStats.com.xml b/src/chrome/content/rules/SuperStats.com.xml
index a1495e4f17b4..715f44b096cc 100644
--- a/src/chrome/content/rules/SuperStats.com.xml
+++ b/src/chrome/content/rules/SuperStats.com.xml
@@ -23,7 +23,13 @@
 <ruleset name="SuperStats.com (partial)">
 
 	<target host="superstats.com" />
-	<target host="*.superstats.com" />
+	<target host="www.superstats.com" />
+	<target host="boardserver.superstats.com" />
+	<target host="counter.superstats.com" />
+	<target host="ezpolls.superstats.com" />
+	<target host="guestbook.superstats.com" />
+	<target host="stats.superstats.com" />
+	<target host="submitwizard.superstats.com" />
 
 
 	<securecookie host="^\.superstats\.com$" name=".+" />
@@ -32,7 +38,6 @@
 	<rule from="^http://(?:www\.)?superstats\.com/"
 		to="https://www.superstats.com/" />
 
-	<rule from="^http://(boardserver|counter|ezpolls|guestbook|stats|submitwizard)\.superstats\.com/"
-		to="https://$1.superstats.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/SuperStrands.xml b/src/chrome/content/rules/SuperStrands.xml
index edb2a056739d..73cefb1279d8 100644
--- a/src/chrome/content/rules/SuperStrands.xml
+++ b/src/chrome/content/rules/SuperStrands.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Super_Pet_USA.com.xml b/src/chrome/content/rules/Super_Pet_USA.com.xml
index e2fd99676fab..77822169c05d 100644
--- a/src/chrome/content/rules/Super_Pet_USA.com.xml
+++ b/src/chrome/content/rules/Super_Pet_USA.com.xml
@@ -13,7 +13,7 @@
 <ruleset name="Super Pet USA.com" default_off="expired">
 
 	<target host="superpetusa.com" />
-	<target host="*.superpetusa.com" />
+	<target host="www.superpetusa.com" />
 
 
 	<securecookie host="^(?:www)?\.superpetusa\.com$" name=".+" />
diff --git a/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml b/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml
index 2efb25cab0e3..cb0362a53ed2 100644
--- a/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml
+++ b/src/chrome/content/rules/SuperannuationComplaintsTribunal.xml
@@ -1,7 +1,7 @@
 <ruleset name="Superannuation Complaints Tribunal">
 	<target host="sct.gov.au" />
-	<target host="*.sct.gov.au" />
+	<target host="www.sct.gov.au" />
 
 	<rule from="^http://(?:www\.)?sct\.gov\.au/"
 		to="https://www.sct.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Superblock.net.xml b/src/chrome/content/rules/Superblock.net.xml
deleted file mode 100644
index 35d32d2d3714..000000000000
--- a/src/chrome/content/rules/Superblock.net.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Other Superblock rulesets:
-
-		- Pushover.net.xml
-
--->
-<ruleset name="Superblock.net">
-
-	<target host="superblock.net" />
-	<target host="www.superblock.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Superdrug.xml b/src/chrome/content/rules/Superdrug.xml
index a6d154a2c17f..4bb5dfc1b0d2 100644
--- a/src/chrome/content/rules/Superdrug.xml
+++ b/src/chrome/content/rules/Superdrug.xml
@@ -26,7 +26,7 @@ Fetch error: http://www.superdrug.com/combined.css => https://www.superdrug.com/
 		- onlinedoctor.superdrug.com
 
 -->
-<ruleset name="Superdrug.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Superdrug.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Superfast-Openreach.co.uk.xml b/src/chrome/content/rules/Superfast-Openreach.co.uk.xml
index 3c5a2874592a..344fa466a2c0 100644
--- a/src/chrome/content/rules/Superfast-Openreach.co.uk.xml
+++ b/src/chrome/content/rules/Superfast-Openreach.co.uk.xml
@@ -10,7 +10,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Superfast-Openreach.co.uk" default_off="missing certificate chain">
+<ruleset name="Superfast-Openreach.co.uk" default_off="cert-chain">
 
 	<target host="superfast-openreach.co.uk" />
 	<target host="www.superfast-openreach.co.uk" />
diff --git a/src/chrome/content/rules/Superkuh.com.xml b/src/chrome/content/rules/Superkuh.com.xml
index 0afebe9ef308..78409f8038ab 100644
--- a/src/chrome/content/rules/Superkuh.com.xml
+++ b/src/chrome/content/rules/Superkuh.com.xml
@@ -3,7 +3,7 @@
 	www: Self-signed
 
 -->
-<ruleset name="superkuh.com" default_off='self-signed'>
+<ruleset name="superkuh.com" default_off="self-signed">
 
 	<target host="superkuh.com" />
 	<target host="www.superkuh.com" />
diff --git a/src/chrome/content/rules/Supersec.xml b/src/chrome/content/rules/Supersec.xml
index e2d6a3851486..633f2d98067e 100644
--- a/src/chrome/content/rules/Supersec.xml
+++ b/src/chrome/content/rules/Supersec.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml b/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml
index af6e575300a9..80e1aa907a0c 100644
--- a/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml
+++ b/src/chrome/content/rules/Supplies_for_Dreams.org-falsemixed.xml
@@ -5,7 +5,7 @@
 <ruleset name="Supplies for Dreams.org (false MCB)" platform="mixedcontent">
 
 	<target host="suppliesfordreams.org" />
-	<target host="*.suppliesfordreams.org" />
+	<target host="www.suppliesfordreams.org" />
 
 
 	<securecookie host="^\.suppliesfordreams\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Supplies_for_Dreams.org.xml b/src/chrome/content/rules/Supplies_for_Dreams.org.xml
index 32ad7690bf2e..a409840a70b6 100644
--- a/src/chrome/content/rules/Supplies_for_Dreams.org.xml
+++ b/src/chrome/content/rules/Supplies_for_Dreams.org.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://suppliesfordreams.org/ => https://suppliesfordreams.org/: (6, 'Could not resolve host: suppliesfordreams.org')
+
 	For rules causing false/broken MCB, see Supplies_for_Dreams.org-falsemixed.xml.
 
 
@@ -20,15 +25,13 @@
 -->
 <ruleset name="Supplies for Dreams.org (partial)">
 
-	<target host="suppliesfordreams.org" />
+	<!-- target host="suppliesfordreams.org" /-->
 	<target host="www.suppliesfordreams.org" />
 		<!--
 			Avoid false/broken MCB:
 						-->
 		<!--exclusion pattern="^http://(www\.)?suppliesfordreams\.org/(?!favicon\.ico|wp-content/|wp-includes/)" /-->
 
-
-	<rule from="^http://(?:www\.)?suppliesfordreams\.org/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://www.suppliesfordreams.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Supply_Frame.com.xml b/src/chrome/content/rules/Supply_Frame.com.xml
index 7807c1fba304..0e18e7398f81 100644
--- a/src/chrome/content/rules/Supply_Frame.com.xml
+++ b/src/chrome/content/rules/Supply_Frame.com.xml
@@ -1,6 +1,6 @@
 <!--
 	www.supplyframe.com: Akamai
-		- 
+		-
 
 	Insecure cookies are set for these domains:
 
diff --git a/src/chrome/content/rules/Supportion.org.xml b/src/chrome/content/rules/Supportion.org.xml
index 165fbddbd6fc..d6bda9357c0f 100644
--- a/src/chrome/content/rules/Supportion.org.xml
+++ b/src/chrome/content/rules/Supportion.org.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?supportion\.org/"
 		to="https://supportion.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SureSupport.xml b/src/chrome/content/rules/SureSupport.xml
index c1e12d4c7af6..62f1bee5bd35 100644
--- a/src/chrome/content/rules/SureSupport.xml
+++ b/src/chrome/content/rules/SureSupport.xml
@@ -1,13 +1,13 @@
 <ruleset name="SureSupport">
 
 	<target host="suresupport.com" />
-	<target host="*.suresupport.com" />
+	<target host="www.suresupport.com" />
+	<target host="www2.suresupport.com" />
 
 
 	<securecookie host="(?:www2)?\.suresupport\.com$" name=".+" />
 
 
-	<rule from="^http://(www2?\.)?suresupport\.com/"
-		to="https://$1suresupport.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Surfeasy.com.xml b/src/chrome/content/rules/Surfeasy.com.xml
index 4b3d7eb7694e..e77b2078a88f 100644
--- a/src/chrome/content/rules/Surfeasy.com.xml
+++ b/src/chrome/content/rules/Surfeasy.com.xml
@@ -4,7 +4,7 @@
 	<target host="support.surfeasy.com" />
 	<target host="accounts.surfeasy.com" />
 
-	<securecookie host="^.*\.?surfeasy\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Surfshark.com.xml b/src/chrome/content/rules/Surfshark.com.xml
new file mode 100644
index 000000000000..92700485f2e9
--- /dev/null
+++ b/src/chrome/content/rules/Surfshark.com.xml
@@ -0,0 +1,177 @@
+<!--
+	Could not resolve host:
+		autodiscover.surfshark.com
+		de-gun-001.test.surfshark.com
+		mail.surfshark.com
+		owa.surfshark.com
+		prod.surfshark.com
+		speed-ix.surfshark.com
+		test-nl.surfshark.com
+		test-sg.surfshark.com
+		test-us.surfshark.com
+		links.mail.surfshark.com
+		www.links.mail.surfshark.com
+
+	SSL: no alternative certificate subject name matches target host name:
+		de-gun-002.test.surfshark.com
+		de-gun.test.surfshark.com
+		get host="get.surfshark.com
+
+	Connection timed out: 
+		de-gun-003.test.surfshark.com (t)
+		dimension.surfshark.com (t)
+		dnsman.test.surfshark.com (t)
+		matrix.surfshark.com (t)
+		mm.surfshark.com (t)
+		nl-dron-trustdns001.prod.surfshark.com (t)
+		o1.ptr9686.surfshark.com (t)
+		o2.ptr5812.surfshark.com (t)
+		pt-lou-v010.prod.surfshark.com (t)
+		riot.surfshark.com (t)
+		tw-tai-v020.prod.surfshark.com (t)
+		ip6.surfshark.com (t)
+
+	Connection refused:
+		mor-ord.prod.surfshark.com (r)
+		mordor-orodruin-v001.prod.surfshark.com (r)
+		
+
+	r: connection refused
+	t: timeout on https
+-->
+<ruleset name="Surfshark.com">
+	<target host="surfshark.com" />
+	<target host="www.surfshark.com" />
+	<!-- these hosts were generated with `python3 sublist3r.py -d surfshark.com` -->
+	<target host="account.surfshark.com"/>
+	<target host="al-tia-v010.prod.surfshark.com"/>
+	<target host="and-shark-s.surfshark.com"/>
+	<target host="api.surfshark.com"/>
+	<target host="at-vie-v010.prod.surfshark.com"/>
+	<target host="at-vie-v020.prod.surfshark.com"/>
+	<target host="at-vie.prod.surfshark.com"/>
+	<target host="au-adl-v010.prod.surfshark.com"/>
+	<target host="au-bne-v010.prod.surfshark.com"/>
+	<target host="au-mel-v010.prod.surfshark.com"/>
+	<target host="au-mel.prod.surfshark.com"/>
+	<target host="au-per-v010.prod.surfshark.com"/>
+	<target host="au-per.prod.surfshark.com"/>
+	<target host="au-syd-v020.prod.surfshark.com"/>
+	<target host="ba-sjj-v010.prod.surfshark.com"/>
+	<target host="be-bru-v010.prod.surfshark.com"/>
+	<target host="bg-sof-v010.prod.surfshark.com"/>
+	<target host="br-sao.prod.surfshark.com"/>
+	<target host="ca-mon-v010.prod.surfshark.com"/>
+	<target host="ca-mon-v020.prod.surfshark.com"/>
+	<target host="ca-tor-v020.prod.surfshark.com"/>
+	<target host="ca-van-v010.prod.surfshark.com"/>
+	<target host="ca-van-v020.prod.surfshark.com"/>
+	<target host="ca-van.prod.surfshark.com"/>
+	<target host="cdn.surfshark.com"/>
+	<target host="ch-zur-v010.prod.surfshark.com"/>
+	<target host="cl-san.prod.surfshark.com"/>
+	<target host="cr-sjn.prod.surfshark.com"/>
+	<target host="cy-nic-v010.prod.surfshark.com"/>
+	<target host="cz-prg-v010.prod.surfshark.com"/>
+	<target host="de-ber-v010.prod.surfshark.com"/>
+	<target host="de-ber-v020.prod.surfshark.com"/>
+	<target host="de-fra-st001.prod.surfshark.com"/>
+	<target host="de-fra-st003.prod.surfshark.com"/>
+	<target host="de-fra-v020.prod.surfshark.com"/>
+	<target host="dk-cph-v010.prod.surfshark.com"/>
+	<target host="dk-cph-v020.prod.surfshark.com"/>
+	<target host="dns.surfshark.com"/>
+	<target host="downloads.surfshark.com"/>
+	<target host="ee-tll-v010.prod.surfshark.com"/>
+	<target host="es-bcn-v010.prod.surfshark.com"/>
+	<target host="es-mad-v010.prod.surfshark.com"/>
+	<target host="es-mad-v020.prod.surfshark.com"/>
+	<target host="es-mad.prod.surfshark.com"/>
+	<target host="es-vlc-v010.prod.surfshark.com"/>
+	<target host="fi-hel-v010.prod.surfshark.com"/>
+	<target host="fr-bod-v010.prod.surfshark.com"/>
+	<target host="fr-bod-v020.prod.surfshark.com"/>
+	<target host="fr-mrs-v010.prod.surfshark.com"/>
+	<target host="fr-par-v020.prod.surfshark.com"/>
+	<target host="fr-par.prod.surfshark.com"/>
+	<target host="go-shark-s.surfshark.com"/>
+	<target host="gr-ath-v010.prod.surfshark.com"/>
+	<target host="hu-bud-v010.prod.surfshark.com"/>
+	<target host="id-jak.prod.surfshark.com"/>
+	<target host="ie-dub-v010.prod.surfshark.com"/>
+	<target host="il-tlv.prod.surfshark.com"/>
+	<target host="in-chn-v010.prod.surfshark.com"/>
+	<target host="in-mum-v020.prod.surfshark.com"/>
+	<target host="it-mil-v010.prod.surfshark.com"/>
+	<target host="it-mil-v020.prod.surfshark.com"/>
+	<target host="it-mil.prod.surfshark.com"/>
+	<target host="it-rom-v010.prod.surfshark.com"/>
+	<target host="it-rom-v020.prod.surfshark.com"/>
+	<target host="jp-tok-v010.prod.surfshark.com"/>
+	<target host="jp-tok-v020.prod.surfshark.com"/>
+	<target host="kr-seo-v010.prod.surfshark.com"/>
+	<target host="lu-ste-v010.prod.surfshark.com"/>
+	<target host="lv-rig-v010.prod.surfshark.com"/>
+	<target host="mk-skp-v010.prod.surfshark.com"/>
+	<target host="mk-skp.prod.surfshark.com"/>
+	<target host="my-kul-v010.prod.surfshark.com"/>
+	<target host="my-kul.prod.surfshark.com"/>
+	<target host="my.surfshark.com"/>
+	<target host="no-osl-v010.prod.surfshark.com"/>
+	<target host="ocean.surfshark.com"/>
+	<target host="order.surfshark.com"/>
+	<target host="pl-waw-v010.prod.surfshark.com"/>
+	<target host="pl-waw.prod.surfshark.com"/>
+	<target host="pt-lis-v010.prod.surfshark.com"/>
+	<target host="rs-beg-v010.prod.surfshark.com"/>
+	<target host="ru-spt.prod.surfshark.com"/>
+	<target host="s.surfshark.com"/>
+	<target host="se-sto-v010.prod.surfshark.com"/>
+	<target host="se-sto-v020.prod.surfshark.com"/>
+	<target host="sg-sng.prod.surfshark.com"/>
+	<target host="shop.surfshark.com"/>
+	<target host="si-lju-v010.prod.surfshark.com"/>
+	<target host="support.surfshark.com"/>
+	<target host="tr-bur-v010.prod.surfshark.com"/>
+	<target host="tw-tai.prod.surfshark.com"/>
+	<target host="uk-gla-v010.prod.surfshark.com"/>
+	<target host="uk-gla.prod.surfshark.com"/>
+	<target host="uk-lon.prod.surfshark.com"/>
+	<target host="uk-man-v020.prod.surfshark.com"/>
+	<target host="url1242.surfshark.com"/>
+	<target host="us-atl-v010.prod.surfshark.com"/>
+	<target host="us-atl-v020.prod.surfshark.com"/>
+	<target host="us-bdn-v010.prod.surfshark.com"/>
+	<target host="us-bdn.prod.surfshark.com"/>
+	<target host="us-bos-v010.prod.surfshark.com"/>
+	<target host="us-buf-v010.prod.surfshark.com"/>
+	<target host="us-chi-v020.prod.surfshark.com"/>
+	<target host="us-clt-v010.prod.surfshark.com"/>
+	<target host="us-dal-v020.prod.surfshark.com"/>
+	<target host="us-dal.prod.surfshark.com"/>
+	<target host="us-den-v020.prod.surfshark.com"/>
+	<target host="us-dtw-v010.prod.surfshark.com"/>
+	<target host="us-dtw.prod.surfshark.com"/>
+	<target host="us-hou-v010.prod.surfshark.com"/>
+	<target host="us-kan-v010.prod.surfshark.com"/>
+	<target host="us-lax-v010.prod.surfshark.com"/>
+	<target host="us-lax.prod.surfshark.com"/>
+	<target host="us-ltm-v010.prod.surfshark.com"/>
+	<target host="us-mia-v010.prod.surfshark.com"/>
+	<target host="us-mia-v020.prod.surfshark.com"/>
+	<target host="us-mnz-v010.prod.surfshark.com"/>
+	<target host="us-nyc-v010.prod.surfshark.com"/>
+	<target host="us-nyc.prod.surfshark.com"/>
+	<target host="us-orl-v010.prod.surfshark.com"/>
+	<target host="us-sea-v010.prod.surfshark.com"/>
+	<target host="us-sea.prod.surfshark.com"/>
+	<target host="us-sfo-v020.prod.surfshark.com"/>
+	<target host="us-sfo.prod.surfshark.com"/>
+	<target host="us-slc-v010.prod.surfshark.com"/>
+	<target host="us-stl-v010.prod.surfshark.com"/>
+	<target host="us-tpa-v020.prod.surfshark.com"/>
+	<target host="vn-hcm-v010.prod.surfshark.com"/>
+	<target host="vn-hcm.prod.surfshark.com"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Surveillance_Law.org.xml b/src/chrome/content/rules/Surveillance_Law.org.xml
index 306cc738a2a1..bd010f753818 100644
--- a/src/chrome/content/rules/Surveillance_Law.org.xml
+++ b/src/chrome/content/rules/Surveillance_Law.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://surveillancelaw.org/ => https://surveillancelaw.org/: (7, 'F
 Fetch error: http://www.surveillancelaw.org/ => https://www.surveillancelaw.org/: (7, 'Failed to connect to www.surveillancelaw.org port 443: Connection refused')
 
 -->
-<ruleset name="Surveillance Law.org" default_off='failed ruleset test'>
+<ruleset name="Surveillance Law.org" default_off="failed ruleset test">
 
 	<target host="surveillancelaw.org" />
 	<target host="www.surveillancelaw.org" />
diff --git a/src/chrome/content/rules/SurveyGizmo.com.xml b/src/chrome/content/rules/SurveyGizmo.com.xml
index 478f0ceccc35..1f0ddc0e4242 100644
--- a/src/chrome/content/rules/SurveyGizmo.com.xml
+++ b/src/chrome/content/rules/SurveyGizmo.com.xml
@@ -1,9 +1,29 @@
 <ruleset name="SurveyGizmo.com">
   <target host="surveygizmo.com" />
   <target host="www.surveygizmo.com" />
-  <target host="*.sgizmo.com"/>
+  <target host="app.sgizmo.com" />
+  <target host="pro0.sgizmo.com" />
+  <target host="pro00.sgizmo.com" />
+  <target host="pro01.sgizmo.com" />
+  <target host="pro02.sgizmo.com" />
+  <target host="pro03.sgizmo.com" />
+  <target host="pro04.sgizmo.com" />
+  <target host="pro05.sgizmo.com" />
+  <target host="pro06.sgizmo.com" />
+  <target host="pro07.sgizmo.com" />
+  <target host="pro08.sgizmo.com" />
+  <target host="pro09.sgizmo.com" />
+  <target host="pro1.sgizmo.com" />
+  <target host="pro2.sgizmo.com" />
+  <target host="pro3.sgizmo.com" />
+  <target host="pro4.sgizmo.com" />
+  <target host="pro5.sgizmo.com" />
+  <target host="pro6.sgizmo.com" />
+  <target host="pro7.sgizmo.com" />
+  <target host="pro8.sgizmo.com" />
+  <target host="pro9.sgizmo.com" />
 
   <rule from="^http://(?:www\.)?surveygizmo\.com/" to="https://www.surveygizmo.com/" />
 
-  <rule from="^http://(app|pro[0-9][0-9]?)\.sgizmo\.com/" to="https://$1.sgizmo.com/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Surveydaddy.xml b/src/chrome/content/rules/Surveydaddy.xml
index 3de50d5d9d89..bb9799e95edd 100644
--- a/src/chrome/content/rules/Surveydaddy.xml
+++ b/src/chrome/content/rules/Surveydaddy.xml
@@ -6,7 +6,7 @@ Fetch error: http://surveydaddy.com/ => https://surveydaddy.com/: (51, "SSL: no
 Disabled by https-everywhere-checker because:
 Fetch error: http://surveydaddy.com/ => https://surveydaddy.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Surveydaddy" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Surveydaddy" platform="mixedcontent" default_off="failed ruleset test">
   <target host="surveydaddy.com" />
   <target host="*.surveydaddy.com" />
 
diff --git a/src/chrome/content/rules/Survive_The_Claire_Perry_Inter.net.xml b/src/chrome/content/rules/Survive_The_Claire_Perry_Inter.net.xml
deleted file mode 100644
index 3a004ed53cd3..000000000000
--- a/src/chrome/content/rules/Survive_The_Claire_Perry_Inter.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Survive the Claire Perry Inter.net">
-
-	<target host="survivetheclaireperryinter.net" />
-	<target host="www.survivetheclaireperryinter.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Susliving.xml b/src/chrome/content/rules/Susliving.xml
index 656f2173c8cc..4d6d232939f0 100644
--- a/src/chrome/content/rules/Susliving.xml
+++ b/src/chrome/content/rules/Susliving.xml
@@ -11,7 +11,7 @@ Fetch error: http://forum.susliving.org/ => https://forum.susliving.org/: (51, "
 	* Redirects to http; expired 2013-01-27, mismatched, CN: forum.susliving.org
 
 -->
-<ruleset name="Susliving (partial)" default_off='failed ruleset test'>
+<ruleset name="Susliving (partial)" default_off="failed ruleset test">
 
 	<target host="forum.susliving.org" />
 
@@ -21,4 +21,4 @@ Fetch error: http://forum.susliving.org/ => https://forum.susliving.org/: (51, "
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sussan.com.au.xml b/src/chrome/content/rules/Sussan.com.au.xml
index edc5516d448c..abc9726228ac 100644
--- a/src/chrome/content/rules/Sussan.com.au.xml
+++ b/src/chrome/content/rules/Sussan.com.au.xml
@@ -38,12 +38,10 @@
 	<securecookie host="^(?!\.sussan\.com\.au$)." name=".+" />
 
 
-	<rule from="^http://assets\.sussan\.com\.au/"
-		to="https://dcu0x19cdch9b.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 		<test url="http://assets.sussan.com.au/media/upload/2015/December/Homepages/Homepage1/css/main_3_.css" />
 
-	<rule from="^http:"
-		to="https:" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/Svbtle.com.xml b/src/chrome/content/rules/Svbtle.com.xml
index 79404e8c6e23..ef9994ec6d37 100644
--- a/src/chrome/content/rules/Svbtle.com.xml
+++ b/src/chrome/content/rules/Svbtle.com.xml
@@ -8,7 +8,7 @@
 
 	<target host="svbtle.com" />
 	<target host="*.svbtle.com" />
-	
+
 		<test url="http://testurl1.svbtle.com/" />
 		<test url="http://testurl2.svbtle.com/" />
 		<test url="http://testurl3.svbtle.com/" />
diff --git a/src/chrome/content/rules/Svenskakyrkan.se.xml b/src/chrome/content/rules/Svenskakyrkan.se.xml
index 76f178af36ee..ff9c7f15b8c2 100644
--- a/src/chrome/content/rules/Svenskakyrkan.se.xml
+++ b/src/chrome/content/rules/Svenskakyrkan.se.xml
@@ -1,7 +1,6 @@
-<ruleset name="Svenskakyrkan (broken)" default_off="https://trac.torproject.org/projects/tor/ticket/9613">
+<ruleset name="Svenskakyrkan.se">
 	<target host="svenskakyrkan.se" />
 	<target host="www.svenskakyrkan.se" />
-	<rule from="^http://svenskakyrkan\.se/" to="https://www.svenskakyrkan.se/"/>
-	<rule from="^http://www\.svenskakyrkan\.se/" to="https://www.svenskakyrkan.se/"/>
-</ruleset>
 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Svenskaspel.se.xml b/src/chrome/content/rules/Svenskaspel.se.xml
index 2ecf5253c1ea..665df8e35c87 100644
--- a/src/chrome/content/rules/Svenskaspel.se.xml
+++ b/src/chrome/content/rules/Svenskaspel.se.xml
@@ -1,5 +1,6 @@
 <ruleset name="Svenskaspel.se">
   <target host="svenskaspel.se" />
+  <target host="www.svenskaspel.se" />
   <rule from="^http://svenskaspel\.se/" to="https://svenskaspel.se/"/>
   <rule from="^http://www\.svenskaspel\.se/" to="https://svenskaspel.se/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Svtrd.com.xml b/src/chrome/content/rules/Svtrd.com.xml
index 01837dca80f5..d5f03df16572 100644
--- a/src/chrome/content/rules/Svtrd.com.xml
+++ b/src/chrome/content/rules/Svtrd.com.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://s.svtrd.com/ => https://s.svtrd.com/: (6, 'Could not resolve host: s.svtrd.com')
 
 -->
-<ruleset name="svtrd.com" default_off='failed ruleset test'>
+<ruleset name="svtrd.com" default_off="failed ruleset test">
 
 	<target host="s.svtrd.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Sw-KA.de.xml b/src/chrome/content/rules/Sw-KA.de.xml
new file mode 100644
index 000000000000..d1a22f7424e1
--- /dev/null
+++ b/src/chrome/content/rules/Sw-KA.de.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- vpn.sw-ka.de
+
+	Non-2xx HTTP code:
+		- autoload.sw-ka.de
+-->
+<ruleset name="Sw-KA.de">
+
+	<target host="sw-ka.de" />
+	<target host="www.sw-ka.de" />
+	<target host="bafoegonline.sw-ka.de" />
+	<target host="stats.sw-ka.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Swan.sk.xml b/src/chrome/content/rules/Swan.sk.xml
index 4d771ffe3d10..962ecb595ae0 100644
--- a/src/chrome/content/rules/Swan.sk.xml
+++ b/src/chrome/content/rules/Swan.sk.xml
@@ -1,19 +1,23 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://webmail.swan.sk/ => https://secure.webmail.sk/: (7, 'Failed to connect to secure.webmail.sk port 443: No route to host')
-Fetch error: http://webmail.sk/ => https://secure.webmail.sk/: (7, 'Failed to connect to secure.webmail.sk port 443: No route to host')
+    Nonfunctional hosts in *.swan.sk:
 
+    certificate mismatch:
+	- akcia.swan.sk
+	- gallery.swan.sk
+	- man.swan.sk
+	- kochanovce.swan.sk
+	- speedmeter.swan.sk
+    connection refused:
+	- legalaid.swan.sk
+	- vinica.swan.sk
+    unable to get local issuer certificate:
+	- webhosting.web.swan.sk
 -->
-<ruleset name="Swan.sk" default_off='failed ruleset test'>
+<ruleset name="Swan.sk">
   <target host="swan.sk" />
   <target host="www.swan.sk" />
-  <target host="webmail.swan.sk" />
-
-  <target host="webmail.sk" />
-  <target host="*.webmail.sk" />
+  <target host="webmail.mail.swan.sk" />
+  <target host="webbill.swan.sk" />
 
-  <rule from="^http://(?:www\.)?swan\.sk/" to="https://www.swan.sk/" />
-  <rule from="^http://webmail\.swan\.sk/" to="https://secure.webmail.sk/" />
-  <rule from="^http://(?:www\.|secure\.)?webmail\.sk/" to="https://secure.webmail.sk/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swapspace.net.xml b/src/chrome/content/rules/Swapspace.net.xml
index f197073e30e1..2de6d3eb497a 100644
--- a/src/chrome/content/rules/Swapspace.net.xml
+++ b/src/chrome/content/rules/Swapspace.net.xml
@@ -5,7 +5,7 @@
 <ruleset name="swapspace.net" default_off="expired, self-signed">
 
 	<target host="swapspace.net" />
-	<target host="*.swapspace.net" />
+	<target host="www.swapspace.net" />
 
 
 	<!--	Secured by server:
diff --git a/src/chrome/content/rules/Swedbank.lv.xml b/src/chrome/content/rules/Swedbank.lv.xml
index aae4ccc36998..609be85bf36e 100644
--- a/src/chrome/content/rules/Swedbank.lv.xml
+++ b/src/chrome/content/rules/Swedbank.lv.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.swedbank.nl/ => https://www.swedbank.nl/: (7, 'Failed to
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Swedbank.lv (partial)" default_off='failed ruleset test'>
+<ruleset name="Swedbank.lv (partial)" default_off="failed ruleset test">
 
 	<target host="swedbank.nl" />
 	<target host="ib.swedbank.nl" />
diff --git a/src/chrome/content/rules/Sweden.se.xml b/src/chrome/content/rules/Sweden.se.xml
index c5c7fe91c352..f97f166bb456 100644
--- a/src/chrome/content/rules/Sweden.se.xml
+++ b/src/chrome/content/rules/Sweden.se.xml
@@ -16,7 +16,7 @@ Non-2xx HTTP code: http://work.sweden.se/ (200) => https://work.sweden.se/ (403)
 		- www.imagebank (self signed)
 
 -->
-<ruleset name="Sweden.se" default_off='failed ruleset test'>
+<ruleset name="Sweden.se" default_off="failed ruleset test">
 	<target host="sweden.se" />
 	<target host="www.sweden.se" />
 	<target host="api.sweden.se" />
diff --git a/src/chrome/content/rules/SweetDreamsMiniDonuts.com.xml b/src/chrome/content/rules/SweetDreamsMiniDonuts.com.xml
new file mode 100644
index 000000000000..72382da27757
--- /dev/null
+++ b/src/chrome/content/rules/SweetDreamsMiniDonuts.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SweetDreamsMiniDonuts.com">
+	<target host="sweetdreamsminidonuts.com" />
+	<target host="www.sweetdreamsminidonuts.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SweetPepper.org.xml b/src/chrome/content/rules/SweetPepper.org.xml
new file mode 100644
index 000000000000..18b8f21249b3
--- /dev/null
+++ b/src/chrome/content/rules/SweetPepper.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="SweetPepper.org">
+
+	<target host="sweetpepper.org" />
+	<target host="www.sweetpepper.org" />
+	<target host="thechemistandtheacevities.sweetpepper.org" />
+	<target host="velvetsluts.sweetpepper.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Sweet_and_Sour.xml b/src/chrome/content/rules/Sweet_and_Sour.xml
index fd365e804363..dfe3cebc3ee3 100644
--- a/src/chrome/content/rules/Sweet_and_Sour.xml
+++ b/src/chrome/content/rules/Sweet_and_Sour.xml
@@ -12,7 +12,7 @@ Fetch error: http://sweetandsourstudio.com/ => https://sweetandsourstudio.com/:
 Fetch error: http://www.sweetandsourstudio.com/ => https://www.sweetandsourstudio.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Sweet &amp; Sour" default_off='failed ruleset test'>
+<ruleset name="Sweet &amp; Sour" default_off="failed ruleset test">
 
 	<target host="sweetandsourstudio.com" />
 	<target host="www.sweetandsourstudio.com" />
@@ -20,4 +20,4 @@ Fetch error: http://www.sweetandsourstudio.com/ => https://www.sweetandsourstudi
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SwetsWise.xml b/src/chrome/content/rules/SwetsWise.xml
deleted file mode 100644
index 58682b59db20..000000000000
--- a/src/chrome/content/rules/SwetsWise.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="SwetsWise">
-
-	<target host="*.swetswise.com" />
-
-
-	<securecookie host="^.*\.swetswise\.com$" name=".+" />
-
-
-	<rule from="^http://www\.swetswise\.com/"
-		to="https://www.swetswise.com/" />
-
-	<rule from="^http://shibboleth\.swetswise\.com/"
-		to="https://shibboleth.swetswise.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Swin.edu.au.xml b/src/chrome/content/rules/Swin.edu.au.xml
index 76868d051b88..4ee93cdef563 100644
--- a/src/chrome/content/rules/Swin.edu.au.xml
+++ b/src/chrome/content/rules/Swin.edu.au.xml
@@ -22,7 +22,10 @@
 <ruleset name="Swin.edu.au (partial)">
 
 	<target host="swin.edu.au" />
-	<target host="*.swin.edu.au" />
+	<target host="www.swin.edu.au" />
+	<target host="astronomy.swin.edu.au" />
+	<target host="www.astronomy.swin.edu.au" />
+	<target host="gpo.swin.edu.au" />
 
 
 	<securecookie host="^www\.swin\.edu\.au$" name=".+" />
@@ -31,7 +34,6 @@
 	<rule from="^http://(?:www\.)?swin\.edu\.au/"
 		to="https://www.swin.edu.au/" />
 
-	<rule from="^http://((?:www\.)?astronomy|gpo)\.swin\.edu\.au/"
-		to="https://$1.swin.edu.au/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swiss-Federal-Railways.xml b/src/chrome/content/rules/Swiss-Federal-Railways.xml
index b90f1e79407b..d4237dd96eae 100644
--- a/src/chrome/content/rules/Swiss-Federal-Railways.xml
+++ b/src/chrome/content/rules/Swiss-Federal-Railways.xml
@@ -4,13 +4,13 @@ Mismatch:
 	-blog
 	-geschaeftsbericht
 	-unterwegs
-	
+
 	cff.ch
 	-blog
 	-enroute
 	-int-www
 	-rapport-de-gestion
-	
+
 	ffs.ch
 	-blog
 	-inviaggio
@@ -19,10 +19,10 @@ Mismatch:
 Redirect:
 	sbb.ch
 	-fahrplan
-	
+
 	cff.ch
 	-horaire
-	
+
 	ffs.ch
 	-orario
 -->
diff --git a/src/chrome/content/rules/Swiss.xml b/src/chrome/content/rules/Swiss.xml
index 567f3193afda..113c06a65616 100644
--- a/src/chrome/content/rules/Swiss.xml
+++ b/src/chrome/content/rules/Swiss.xml
@@ -6,7 +6,7 @@ Fetch error: http://booking.swiss.com/ => https://booking.swiss.com/: (51, "SSL:
 Fetch error: http://mobile.swiss.com/ => https://mobile.swiss.com/: (51, "SSL: no alternative certificate subject name matches target host name 'mobile.swiss.com'")
 
 -->
-<ruleset name="Swiss.com" default_off='failed ruleset test'>
+<ruleset name="Swiss.com" default_off="failed ruleset test">
 	<target host="swiss.com"/>
 	<target host="www.swiss.com"/>
 	<target host="lsy-www.swiss.com"/>
@@ -14,7 +14,7 @@ Fetch error: http://mobile.swiss.com/ => https://mobile.swiss.com/: (51, "SSL: n
 	<target host="mobile.swiss.com"/>
 	<target host="my.swiss.com"/>
 
-	<securecookie host="^(?:.*\.)?swiss\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Swisscom.ch.xml b/src/chrome/content/rules/Swisscom.ch.xml
index 2349b7f51e1c..a0eb9b08cf59 100644
--- a/src/chrome/content/rules/Swisscom.ch.xml
+++ b/src/chrome/content/rules/Swisscom.ch.xml
@@ -39,7 +39,7 @@ Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swi
 					- web.tvair
 				- tvonline
 					- web.tvonline
-	
+
 			Unknown issuer:
 				- expats
 
@@ -53,14 +53,14 @@ Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swi
 				- mobileemail
 					- www.mobileemail
 				- www.mafo
-	
+
 			Refused:
 				- brandcenter
 				- documents
 				- ictquiz
 				- quiz365d
 -->
-<ruleset name="Swisscom.ch" default_off='failed ruleset test'>
+<ruleset name="Swisscom.ch" default_off="failed ruleset test">
 	<target host="swisscom.ch" />
 	<target host="www.swisscom.ch" />
 	<target host="businessapps.swisscom.ch" />
@@ -79,7 +79,7 @@ Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swi
 	<target host="tools.swisscom.ch" />
 	<target host="vidia.swisscom.ch" />
 	<target host="www2.swisscom.ch" />
-	
+
 	<target host="swisscom.com" />
 	<target host="www.swisscom.com" />
 	<target host="bfm.swisscom.com" />
@@ -96,7 +96,7 @@ Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swi
 	<target host="*.hospitality.swisscom.com" />
 	<target host="*.ds01.swisscom.com" />
 	<target host="*.ds02.swisscom.com" />
-	
+
 	<target host="www.swissdigicert.ch"/>
 
 
@@ -106,7 +106,7 @@ Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swi
 	<test url="http://promo.ds01.swisscom.com/" />
 	<test url="http://www.ds01.swisscom.com/" />
 
-	<test url="http://awk.ds02.swisscom.com/" />	
+	<test url="http://awk.ds02.swisscom.com/" />
 	<test url="http://belimo.ds02.swisscom.com/" />
 	<test url="http://ctera.ds02.swisscom.com/" />
 	<test url="http://finitia.ds02.swisscom.com/" />
@@ -131,7 +131,7 @@ Fetch error: http://services.snoopy.swisscom.com/ => https://services.snoopy.swi
 
 	<rule from="^http://o\.swisscom\.ch/"
 		to="https://swisscom-ch.122.2o7.net/" />
-		
+
 	<rule from="^http://itunes\.swisscom\.com/"
 		to="https://itunes.swisscom.ch/" />
 
diff --git a/src/chrome/content/rules/Switch.ch.xml b/src/chrome/content/rules/Switch.ch.xml
index 5b7a5e9ae7a7..743b87bbddb2 100644
--- a/src/chrome/content/rules/Switch.ch.xml
+++ b/src/chrome/content/rules/Switch.ch.xml
@@ -66,7 +66,7 @@
 		- presentation.cast-test.switch.ch
 -->
 <ruleset name="switch.ch">
-	<target host="switch.ch" />	
+	<target host="switch.ch" />
 	<target host="www.switch.ch" />
 	<target host="attribute-viewer.aai.switch.ch" />
 	<target host="attribute-viewer-test.aai.switch.ch" />
@@ -231,8 +231,8 @@
 	<securecookie host="^(cloud-id|drive|filesender|portfolio|tube)?\.switch\.ch$" name=".+" />
 
 	<!-- Rewrite for redirection pages without HTTPS support -->
-	<rule from='^http://(av\.aai|aai-viewer)\.switch\.ch/'
-		to='https://attribute-viewer.aai.switch.ch/' />
+	<rule from="^http://(av\.aai|aai-viewer)\.switch\.ch/"
+		to="https://attribute-viewer.aai.switch.ch/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Switch.co.xml b/src/chrome/content/rules/Switch.co.xml
index 02c1d2cdba0e..58749880ec58 100644
--- a/src/chrome/content/rules/Switch.co.xml
+++ b/src/chrome/content/rules/Switch.co.xml
@@ -4,13 +4,13 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://switch.co/ => https://www.switch.co/: (51, "SSL: no alternative certificate subject name matches target host name 'www.switch.co'")
 
 -->
-<ruleset name="Switch.co" default_off='failed ruleset test'>
+<ruleset name="Switch.co" default_off="failed ruleset test">
 
 	<target host="switch.co" />
-	<target host="*.switch.co" />
+	<target host="www.switch.co" />
 
 
 	<rule from="^http://(?:www\.)?switch\.co/"
 		to="https://www.switch.co/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SwitchConcepts.xml b/src/chrome/content/rules/SwitchConcepts.xml
index ce627b6f9d96..2d94e517b81b 100644
--- a/src/chrome/content/rules/SwitchConcepts.xml
+++ b/src/chrome/content/rules/SwitchConcepts.xml
@@ -13,7 +13,7 @@ Fetch error: http://support.switchconcepts.com/ => https://support.switchconcept
 
 -->
 
-<ruleset name="Switch Concepts" default_off='failed ruleset test'>
+<ruleset name="Switch Concepts" default_off="failed ruleset test">
 		<!-- not supported:
 		- switchadhub.com
 		- delivery.thg.switchadhub.com
diff --git a/src/chrome/content/rules/SwitchVPN.xml b/src/chrome/content/rules/SwitchVPN.xml
index e5eab608588e..3ae33254fe1f 100644
--- a/src/chrome/content/rules/SwitchVPN.xml
+++ b/src/chrome/content/rules/SwitchVPN.xml
@@ -21,6 +21,6 @@
 	<rule from="^http://www\.switchvpn\.net/"
 		to="https://switchvpn.net/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Switch_Networks.com.au.xml b/src/chrome/content/rules/Switch_Networks.com.au.xml
index e63fbe6bdce2..9bb91b56071e 100644
--- a/src/chrome/content/rules/Switch_Networks.com.au.xml
+++ b/src/chrome/content/rules/Switch_Networks.com.au.xml
@@ -16,10 +16,11 @@ Fetch error: http://switchnetworks.com.au/ => https://www.switchnetworks.com.au/
 		- vweb02...:2096
 
 -->
-<ruleset name="Switch Networks.com.au" default_off='failed ruleset test'>
+<ruleset name="Switch Networks.com.au" default_off="failed ruleset test">
 
 	<target host="switchnetworks.com.au" />
-	<target host="*.switchnetworks.com.au" />
+	<target host="vweb02.switchnetworks.com.au" />
+	<target host="www.switchnetworks.com.au" />
 
 		<test url="http://www.switchnetworks.com.au/" />
 
@@ -27,13 +28,10 @@ Fetch error: http://switchnetworks.com.au/ => https://www.switchnetworks.com.au/
 	<rule from="^http://switchnetworks\.com\.au/"
 		to="https://www.switchnetworks.com.au/" />
 
-	<rule from="^http://vweb02\.switchnetworks\.com\.au:20(83|96)/"
-		to="https://vweb02.switchnetworks.com.au:20$1/" />
 
 		<test url="http://vweb02.switchnetworks.com.au:2083/" />
 		<test url="http://vweb02.switchnetworks.com.au:2096/" />
 
-	<rule from="^http://www\.switchnetworks\.com\.au/"
-		to="https://www.switchnetworks.com.au/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Switchplus.ch.xml b/src/chrome/content/rules/Switchplus.ch.xml
index 3ee0b9941a5d..cedd5f22bda6 100644
--- a/src/chrome/content/rules/Switchplus.ch.xml
+++ b/src/chrome/content/rules/Switchplus.ch.xml
@@ -8,7 +8,8 @@
 <ruleset name="switchplus.ch">
 
 	<target host="switchplus.ch" />
-	<target host="*.switchplus.ch" />
+	<target host="www.switchplus.ch" />
+	<target host="app.switchplus.ch" />
 
 
 	<!--	Not secured by server:
@@ -21,7 +22,6 @@
 	<rule from="^http://(?:www\.)?switchplus\.ch/"
 		to="https://www.switchplus.ch/" />
 
-	<rule from="^http://app\.switchplus\.ch/"
-		to="https://app.switchplus.ch/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Swordfishdc.com.xml b/src/chrome/content/rules/Swordfishdc.com.xml
index 52e3f98fc281..2181ca4cdfd0 100644
--- a/src/chrome/content/rules/Swordfishdc.com.xml
+++ b/src/chrome/content/rules/Swordfishdc.com.xml
@@ -24,10 +24,10 @@ Fetch error: http://swordfishdc.com/ => https://customer.innometrics.com/: (28,
 	Ads.
 
 -->
-<ruleset name="swordfishdc.com" default_off='failed ruleset test'>
+<ruleset name="swordfishdc.com" default_off="failed ruleset test">
 
 	<target host="swordfishdc.com" />
-	<target host="*.swordfishdc.com" />
+	<target host="www.swordfishdc.com" />
 
 
 	<!--	Server does not drop path:
diff --git a/src/chrome/content/rules/Swtor.com.xml b/src/chrome/content/rules/Swtor.com.xml
index 2633b20ea7ba..bd8a45a64dc3 100644
--- a/src/chrome/content/rules/Swtor.com.xml
+++ b/src/chrome/content/rules/Swtor.com.xml
@@ -9,7 +9,8 @@
 <ruleset name="swtor.com (partial)">
 
 	<target host="swtor.com" />
-	<target host="*.swtor.com" />
+	<target host="account.swtor.com" />
+	<target host="www.swtor.com" />
 		<exclusion pattern="^http://(?:www\.)?swtor\.com/(?!user)" />
 
 
@@ -19,4 +20,4 @@
 	<rule from="^http://(?:account\.|www\.)?swtor\.com/"
 		to="https://account.swtor.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Swu.de.xml b/src/chrome/content/rules/Swu.de.xml
index b1d1d81ae69c..75fcd76b0d5e 100644
--- a/src/chrome/content/rules/Swu.de.xml
+++ b/src/chrome/content/rules/Swu.de.xml
@@ -1,7 +1,11 @@
 <ruleset name="Stadtwerke Ulm/Neu-Ulm">
-<target host="www.swu.de" />
+	<target host="swu.de" />
+	<target host="www.swu.de" />
+	<target host="echtzeit.swu.de" />
+	<target host="einkauf.swu.de" />
+	<target host="geschaeftskunden.swu.de" />
+	<target host="kundenbereich.swu.de" />
 
 <rule from="^http:" to="https:" />
 
-<test url="http://www.swu.de/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Sydney-Aquarium.xml b/src/chrome/content/rules/Sydney-Aquarium.xml
index e15eb3e60446..1987da24018f 100644
--- a/src/chrome/content/rules/Sydney-Aquarium.xml
+++ b/src/chrome/content/rules/Sydney-Aquarium.xml
@@ -9,7 +9,7 @@ Fetch error: http://secure.sydneyaquarium.com.au/ => https://secure.sydneyaquari
 		- calendar		(cert mismatch)
 
 -->
-<ruleset name="Sydney Aquarium" default_off='failed ruleset test'>
+<ruleset name="Sydney Aquarium" default_off="failed ruleset test">
 	<target host="sydneyaquarium.com.au" />
 	<target host="m.sydneyaquarium.com.au" />
 	<target host="secure.sydneyaquarium.com.au" />
diff --git a/src/chrome/content/rules/Sydney-Tower-Eye.xml b/src/chrome/content/rules/Sydney-Tower-Eye.xml
index 0188de06d922..6a5689338f4a 100644
--- a/src/chrome/content/rules/Sydney-Tower-Eye.xml
+++ b/src/chrome/content/rules/Sydney-Tower-Eye.xml
@@ -7,7 +7,7 @@ Fetch error: http://secure.sydneytowereye.com.au/ => https://secure.sydneytowere
 	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
 -->
 
-<ruleset name="Sydney Tower Eye" default_off='failed ruleset test'>
+<ruleset name="Sydney Tower Eye" default_off="failed ruleset test">
 	<target host="sydneytowereye.com.au" />
 	<target host="m.sydneytowereye.com.au" />
 	<target host="secure.sydneytowereye.com.au" />
diff --git a/src/chrome/content/rules/SydneysHardRockStory.com.xml b/src/chrome/content/rules/SydneysHardRockStory.com.xml
new file mode 100644
index 000000000000..0dda0df99df3
--- /dev/null
+++ b/src/chrome/content/rules/SydneysHardRockStory.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="SydneysHardRockStory.com">
+	<target host="sydneyshardrockstory.com" />
+	<target host="www.sydneyshardrockstory.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Sydostran.se.xml b/src/chrome/content/rules/Sydostran.se.xml
index d02ebf58f3ad..c29bfe3387a1 100644
--- a/src/chrome/content/rules/Sydostran.se.xml
+++ b/src/chrome/content/rules/Sydostran.se.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sydostran.se/ => https://www.sydostran.se/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.sydostran.se/ => https://www.sydostran.se/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Sydostran.se" default_off='failed ruleset test'>
+<ruleset name="Sydostran.se" default_off="failed ruleset test">
 <target host="sydostran.se" />
 <target host="www.sydostran.se" />
 <rule from="^http://sydostran\.se/" to="https://www.sydostran.se/"/>
diff --git a/src/chrome/content/rules/Syllabusshare-mismatches.xml b/src/chrome/content/rules/Syllabusshare-mismatches.xml
index 518080c613ab..6c8681c42b6b 100644
--- a/src/chrome/content/rules/Syllabusshare-mismatches.xml
+++ b/src/chrome/content/rules/Syllabusshare-mismatches.xml
@@ -3,7 +3,7 @@
 	<target host="syllabusshare.com"/>
 	<target host="www.syllabusshare.com"/>
 
-	<securecookie host="^(?:.*\.)?syllabusshare\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?syllabusshare\.com/"
 		to="https://syllabusshare.com/"/>
diff --git a/src/chrome/content/rules/Syllabusshare.xml b/src/chrome/content/rules/Syllabusshare.xml
index 7887616086aa..ef69d9c699ce 100644
--- a/src/chrome/content/rules/Syllabusshare.xml
+++ b/src/chrome/content/rules/Syllabusshare.xml
@@ -6,7 +6,7 @@ Fetch error: http://secure.syllabushare.com/ => https://secure.syllabushare.com/
 Disabled by https-everywhere-checker because:
 Fetch error: http://secure.syllabushare.com/ => https://secure.syllabushare.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Syllabusshare (partial)" default_off='failed ruleset test'>
+<ruleset name="Syllabusshare (partial)" default_off="failed ruleset test">
 
 	<target host="secure.syllabushare.com"/>
 
diff --git a/src/chrome/content/rules/Symantec.xml b/src/chrome/content/rules/Symantec.xml
index 1b055ac00653..49479219383d 100644
--- a/src/chrome/content/rules/Symantec.xml
+++ b/src/chrome/content/rules/Symantec.xml
@@ -1,202 +1,165 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://entsupport.symantec.com/?test (200) => https://www.symantec.com/enterprise/support/index.jsp (403)
-Non-2xx HTTP code: http://liveupdate.symantec.com/?test (200) => https://www.symantec.com/security_response/ (403)
-Fetch error: http://customercare.symantec.com/ => https://customercare.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'customersupport.symantec.com'")
-Fetch error: http://education.symantec.com/ => https://education.symantec.com/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://transfer.emea.symantec.com/ => https://transfer.emea.symantec.com/: (28, 'Connection timed out after 20009 milliseconds')
-Fetch error: http://faster.symantec.com/ => https://faster.symantec.com/: (6, 'Could not resolve host: faster.symantec.com')
-Fetch error: http://fileshare.symantec.com/ => https://fileshare.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fileshare.symantec.com'")
-Fetch error: http://locator.symantec.com/ => https://locator.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'locator.symantec.com'")
-Fetch error: http://partner.symantec.com/ => https://partner.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'partner.symantec.com'")
-Fetch error: http://partnerlocator.symantec.com/ => https://partnerlocator.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'partnerlocator.symantec.com'")
-Fetch error: http://partnervpn.symantec.com/ => https://partnervpn.symantec.com/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://productadvisor.symantec.com/ => https://productadvisor.symantec.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://renewals.symantec.com/ => https://renewals.symantec.com/: Too many redirects while fetching 'https://renewals.symantec.com/'
-Fetch error: http://solutions.symantec.com/ => https://solutions.symantec.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://store.symantec.com/ => https://store.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'store.symantec.com'")
-Fetch error: http://symaccount.symantec.com/ => https://symaccount.symantec.com/: Too many redirects while fetching 'https://symaccount.symantec.com/'
-Fetch error: http://symlms.symantec.com/ => https://symlms.symantec.com/: (28, 'Connection timed out after 20000 milliseconds')
-Non-2xx HTTP code: http://entsupport.symantec.com/ (200) => https://www.symantec.com/enterprise/support/index.jsp (403)
-Fetch error: http://customersupport.symantec.com/ => https://customersupport.symantec.com/: (51, "SSL: no alternative certificate subject name matches target host name 'customersupport.symantec.com'")
-Non-2xx HTTP code: http://liveupdate.symantec.com/ (200) => https://www.symantec.com/security_response/ (403)
-Fetch error: http://static1.symanteccloud.com/ => https://static1.symanteccloud.com/: (6, 'Could not resolve host: static1.symanteccloud.com')
-Fetch error: http://static2.symanteccloud.com/ => https://static2.symanteccloud.com/: (6, 'Could not resolve host: static2.symanteccloud.com')
-Fetch error: http://static3.symanteccloud.com/ => https://static3.symanteccloud.com/: (6, 'Could not resolve host: static3.symanteccloud.com')
-
 	Other Symantec rulesets:
-
 		- Norton.xml
 		- Norton_Online_Backup.xml
 		- Verisign.xml
 
 
-	CDN buckets:
-
-		- d1mj3xqaoh14j0.cloudfront.net
-
-
-	Nonfunctional subdomains:
-
-		- check			(redirects to app-l.marketo.com, mismatched, CN: *.marketo.com)
-		- csaweb
-		- customersupport	(redirects to http, mismatched, CN: slotmatching6.salesforce.com)
-		- entsupport		(times out)
-		- eval			(503, akamai)
-		- lcdls
-		- searchg
-
-
-	Problematic symantec.com subdomains:
-
-		- definitions 		(504, akamai)
-		- esdownload *
-		- go *
-		- investor *
-		- liveupdate *
-		- norton		(akamai)
-		- securityresponse *
-		- secure1		(works, expired)
-		- service1		(works, expired, mismatched, CN: secure1.symantec.com)
-		- sfdoccentral		(works, expired 2011-12-14)
-		- www4			(breaks blog)
-		- corp.sarcscan (mistmatched, CN: submit.symantec.com)
-		- retail.sarcscan (mistmatched, CN: submit.symantec.com)
-
-	* Works, akamai
-
-
-	Fully covered subdomains:
-
-		- bcportal
-
+	Non-functional subdomains:
+
+		- accenture	(m)
+		- apidocs	(i)
+		- careers	(SSL connection error)
+		- clicktime	(t)
+		- connect	(m)
+		- click.connect	(m)
+		- cpe	(t)
+		- customersupport	(m)
+		- dell	(SSL handshake failed)
+		- developer	(m)
+		- email	(m)
+		- enterprisesecurity	(m)
+		- entsupport	(m)
+		- seer.entsupport	(m)
+		- et	(i)
+		- esdownload	(m)
+		- eval	(m)
+		- email.everyonesocial	(t)
+		- fujitsu	(m)
+		- gsc	(SSL handshake failed)
+		- buy.norton.com.gtm	(m)
+		- help	(i)
+		- investor	(m)
+		- jp-registry	(e)
+		- know	(m)
+		- lrc	(t)
+		- mft	(i)
+		- app.mktgassets	(m)
+		- images.mktgassets	(m)
+		- mysort	(m)
+		- norton	(m)
+		- nortonshoppingguarantee	(m)
+		- safeweb.norton.com.ntn	(m)
+		- om	(m)
+		- partnerlocator	(m)
+		- app.partnermktg	(m)
+		- pcd	(m)
+		- peering	(i)
+		- psc	(t)
+		- resource	(m)
+		- safeweb	(t)
+		- securityresponse	(m)
+		- service1	(t)
+		- www.ses	(m)
+		- sfdoccentral	(m)
+		- sigs	(t)
+		- ipremoval.sms	(t)
+		- sort	(m)
+		- store	(m)
+		- techcenter	(r)
+		- threat-protection	(m)
+		- veritas	(m)
+		- http.websecurity	(m)
+		- app.website-security	(m)
+		- evcs-crl.ws	(m)
+		- sha1timestamp.ws	(t)
+		- sha256timestamp.ws	(t)
+		- ts-crl.ws	(m)
+		- ts-ocsp.ws	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="Symantec (partial)" default_off='failed ruleset test'>
+<ruleset name="Symantec">
 
 	<target host="symantec.com" />
+	<target host="www.symantec.com" />
 	<target host="bcportal.symantec.com" />
+	<target host="btsp-portal.symantec.com" />
 	<target host="buy.symantec.com" />
-	<target host="careers.symantec.com" />
-	<target host="customercare.symantec.com" />
-	<target host="education.symantec.com" />
-	<target host="transfer.emea.symantec.com" />
-	<target host="et.symantec.com" />
-	<target host="faster.symantec.com" />
+	<target host="api.connect.symantec.com" />
+	<target host="content.connect.symantec.com" />
+	<target host="cynic.symantec.com" />
+	<target host="deepsight.symantec.com" />
+	<target host="definitions.symantec.com" />
+	<target host="digitalhubshare.symantec.com" />
+	<target host="know.elq.symantec.com" />
+	<target host="resource.elq.symantec.com" />
+	<target host="www.emea.symantec.com" />
+	<target host="entced.symantec.com" />
 	<target host="fileconnect.symantec.com" />
-	<target host="fileshare.symantec.com" />
-	<target host="locator.symantec.com" />
+	<target host="go.symantec.com" />
+	<target host="itchat.symantec.com" />
+	<target host="jp-businessstore.symantec.com" />
+	<target host="k9.symantec.com" />
+	<target host="knowledge.symantec.com" />
+	<target host="lcdls.symantec.com" />
+	<target host="learn-partner.symantec.com" />
 	<target host="licensing.symantec.com" />
-	<target host="licensingprograms.symantec.com" />
+	<target host="liveupdate.symantec.com" />
+	<target host="login.symantec.com" />
+	<target host="mss.symantec.com" />
 	<target host="my.symantec.com" />
-	<target host="my-qa.symantec.com" />
-	<target host="my-uat.symantec.com" />
-	<target host="mysort.symantec.com" />
-	<target host="mysupport.symantec.com" />
-	<target host="mysymantec.symantec.com" />
-	<target host="oms.symantec.com" />
-	<target host="partner.symantec.com" />
-	<target host="partnerlocator.symantec.com" />
+	<target host="nsg.symantec.com" />
+	<target host="origin-symwisedownload.symantec.com" />
+	<target host="osgonlineordering.symantec.com" />
 	<target host="partnernet.symantec.com" />
-	<target host="partnernet-internal.symantec.com" />
-	<target host="partnernet-qa.symantec.com" />
-	<target host="partnernet-sit.symantec.com" />
-	<target host="partnernet-uat.symantec.com" />
-	<target host="partnernet-temp.symantec.com" />
-	<target host="partnervpn.symantec.com" />
+	<target host="benefits.partnernet.symantec.com" />
 	<target host="phoenix.symantec.com" />
-	<target host="productadvisor.symantec.com" />
-	<target host="renewals.symantec.com" />
+	<target host="sice.enc.protect.symantec.com" />
+	<target host="sice.stage.enc.protect.symantec.com" />
+	<target host="eu.quarantine.symantec.com" />
+	<target host="us.quarantine.symantec.com" />
+	<target host="symc.sam.symantec.com" />
+	<target host="vrts.sam.symantec.com" />
+	<target host="searchg.symantec.com" />
 	<target host="security.symantec.com" />
-	<target host="sfprep.symantec.com" />
+	<target host="securitycloud.symantec.com" />
+	<target host="sep.securitycloud.symantec.com" />
+	<target host="sepc.securitycloud.symantec.com" />
 	<target host="sitedirector.symantec.com" />
-	<target host="scm.symantec.com" />
-	<target host="solutions.symantec.com" />
-	<target host="sort.symantec.com" />
-	<target host="ssae.symantec.com" />
-	<target host="store.symantec.com" />
+	<target host="ssaw.symantec.com" />
+	<target host="status.symantec.com" />
+	<target host="email.status.symantec.com" />
 	<target host="submit.symantec.com" />
-	<target host="symaccount.symantec.com" />
+	<target host="support.symantec.com" />
 	<target host="symbeta.symantec.com" />
-	<target host="symlms.symantec.com" />
-	<target host="telemetrics.symantec.com" />
-	<target host="vias.symantec.com" />
+	<target host="symwisedownload.symantec.com" />
+	<target host="tms.symantec.com" />
+	<target host="trial.symantec.com" />
+	<target host="sso.trm.symantec.com" />
 	<target host="vip.symantec.com" />
-	<target host="desktop.vip.symantec.com" />
 	<target host="idprotect.vip.symantec.com" />
-	<target host="toolbar.vip.symantec.com" />
-	<target host="vos.symantec.com" />
-	<target host="vpn-us-west.symantec.com" />
+	<target host="manager.vip.symantec.com" />
+	<target host="vpn-us-east.symantec.com" />
 	<target host="vs.symantec.com" />
 	<target host="webdl.symantec.com" />
+	<target host="websecurity.symantec.com" />
+	<target host="www.websecurity.symantec.com" />
+	<target host="cbc.websecurity.symantec.com" />
+	<target host="cryptoreport.websecurity.symantec.com" />
+	<target host="dcv.websecurity.symantec.com" />
+	<target host="enterprise-ssl-admin.websecurity.symantec.com" />
+	<target host="enterprise-ssl-adminmanager.websecurity.symantec.com" />
+	<target host="evcs.websecurity.symantec.com" />
+	<target host="www.jp.websecurity.symantec.com" />
+	<target host="coupon.jp.websecurity.symantec.com" />
+	<target host="enterprise-ssl-admin.jp.websecurity.symantec.com" />
+	<target host="estimate.jp.websecurity.symantec.com" />
+	<target host="storefront.jp.websecurity.symantec.com" />
+	<target host="securesigning.websecurity.symantec.com" />
+	<target host="trustcenter.websecurity.symantec.com" />
+	<target host="website-security.symantec.com" />
+	<target host="wspp.symantec.com" />
 	<target host="www-secure.symantec.com" />
-	<target host="*.symanteccloud.com" />
-	<target host="*.symanteccontent.com" />
-	<target host="now.symassets.com" />
-	<target host="check.symantec.com" />
-	<target host="entsupport.symantec.com" />
-	<target host="go.symantec.com" />
-	<target host="customersupport.symantec.com" />
-	<target host="liveupdate.symantec.com" />
-	<target host="securityresponse.symantec.com" />
-
-		<!--	These redirect to http.
-						-->
-		<!--exclusion pattern="^http://www\.symantec\.com/connect/(?:$|all-connect$|articles/|blogs/|imagebrowser/view/image/|forums/)" /-->
-		<!--
-			More conservatively:
-						-->
-		<exclusion pattern="^http://www\.symantec\.com/connect/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.symantec.com/connect/" />
-			<test url="http://www.symantec.com/connect/all-connect" />
-			<test url="http://www.symantec.com/connect/articles/" />
-			<test url="http://www.symantec.com/connect/blogs/" />
-			<test url="http://www.symantec.com/connect/forums/" />
-			<test url="http://www.symantec.com/connect/imagebrowser/view/image/" />
-
-
-	<!--securecookie host="." name="." /-->
-
-	<!--	//symantec.com/.+:
-			- 404s over https
-			- Redirects to www over http
-					-->
-	<rule from="^http://symantec\.com/"
-		to="https://www.symantec.com/" />
-
-	<rule from="^http://check\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/" />
-
-		<test url="http://check.symantec.com/?test" />
-
-	<rule from="^http://entsupport\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/enterprise/support/index.jsp" />
-
-		<test url="http://entsupport.symantec.com/?test" />
-
-	<rule from="^http://go\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/index.jsp" />
-
-		<test url="http://go.symantec.com/?test" />
-
-	<rule from="^http://customersupport\.symantec\.com/(resource|servlet)/"
-		to="https://symantec1.secure.force.com/$1/" />
-
-		<test url="http://customersupport.symantec.com/resource/" />
-		<test url="http://customersupport.symantec.com/servlet/" />
-
-	<rule from="^http://liveupdate\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/security_response/" />
-
-		<test url="http://liveupdate.symantec.com/?test" />
-
-	<rule from="^http://securityresponse\.symantec\.com/(?:$|\?.*)"
-		to="https://www.symantec.com/security_response/" />
+	<target host="www4.symantec.com" />
 
-		<test url="http://securityresponse.symantec.com/?test" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Symbolab.com.xml b/src/chrome/content/rules/Symbolab.com.xml
index 32ff07ff87ff..16354f1d6e67 100644
--- a/src/chrome/content/rules/Symbolab.com.xml
+++ b/src/chrome/content/rules/Symbolab.com.xml
@@ -2,9 +2,9 @@
     Mixed content:
 	    - blog
 		    - some images loaded from blogspot.com *
-		
+
 		* secured by us
-	
+
 	Notes:
 	    - blog
 		    - Cloudflare SSL
diff --git a/src/chrome/content/rules/Symfony.com.xml b/src/chrome/content/rules/Symfony.com.xml
index 206483ab3c4e..621106457155 100644
--- a/src/chrome/content/rules/Symfony.com.xml
+++ b/src/chrome/content/rules/Symfony.com.xml
@@ -1,7 +1,6 @@
 <!--
     More SensioLabs rulesets:
 	    - Sensiolabs.com.xml
-	    - Blackfire.io.xml
 -->
 <ruleset name="Symfony.com">
     <target host="symfony.com" />
diff --git a/src/chrome/content/rules/SymlynX.xml b/src/chrome/content/rules/SymlynX.xml
index 9338d1251a38..2e38ab20421e 100644
--- a/src/chrome/content/rules/SymlynX.xml
+++ b/src/chrome/content/rules/SymlynX.xml
@@ -6,7 +6,7 @@ Fetch error: http://symlynx.com/ => https://symlynx.com/: (60, 'SSL certificate
 Disabled by https-everywhere-checker because:
 Fetch error: http://symlynx.com/ => https://symlynx.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="symlynX" default_off='failed ruleset test'>
+<ruleset name="symlynX" default_off="failed ruleset test">
 
 	<target host="symlynx.com" />
 	<target host="extra.symlynx.com" />
diff --git a/src/chrome/content/rules/Symplicity.xml b/src/chrome/content/rules/Symplicity.xml
index f469684dd4ac..3862ede9adc4 100644
--- a/src/chrome/content/rules/Symplicity.xml
+++ b/src/chrome/content/rules/Symplicity.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synacor.xml b/src/chrome/content/rules/Synacor.xml
index 3cdb123ad812..f2990bb3a3d2 100644
--- a/src/chrome/content/rules/Synacor.xml
+++ b/src/chrome/content/rules/Synacor.xml
@@ -24,4 +24,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synaptop.com.xml b/src/chrome/content/rules/Synaptop.com.xml
deleted file mode 100644
index b3c711f846dd..000000000000
--- a/src/chrome/content/rules/Synaptop.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Synaptop.com">
-  <target host="synaptop.com" />
-  <target host="www.synaptop.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/SyncBoss.xml b/src/chrome/content/rules/SyncBoss.xml
deleted file mode 100644
index 4009f7f733cf..000000000000
--- a/src/chrome/content/rules/SyncBoss.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http, valid cert)
-
-
-	Problematic subdomains:
-
-		- www.my	(shows mynomadesk.com)
-
--->
-<ruleset name="SyncBoss (partial)">
-
-	<target host="*.syncboss.com" />
-
-
-	<securecookie host="^my\.syncboss\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?my\.syncboss\.com/"
-		to="https://my.syncboss.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Synch.hu.xml b/src/chrome/content/rules/Synch.hu.xml
deleted file mode 100644
index 033c421577cf..000000000000
--- a/src/chrome/content/rules/Synch.hu.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Synch.hu (partial)">
-
-	<target host="web.synch.hu" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Synchronicer.dk.xml b/src/chrome/content/rules/Synchronicer.dk.xml
index b69cb2b97557..9da044c9fe31 100644
--- a/src/chrome/content/rules/Synchronicer.dk.xml
+++ b/src/chrome/content/rules/Synchronicer.dk.xml
@@ -1,10 +1,7 @@
-<!--
-	Mixed content problems on
-		https://www.synchronicer.dk/app?WSLOAD=TipHerlev4229fdF
--->
-<ruleset name="Synchronicer.dk (mixed content)" platform="mixedcontent">
+<ruleset name="Synchronicer.dk">
 	<target host="synchronicer.dk" />
 	<target host="www.synchronicer.dk" />
+		<test url="http://www.synchronicer.dk/app?WSLOAD=TipHerlev4229fdF" />
 
 	<securecookie host="(www\.)?synchronicer\.dk" name=".+" />
 
diff --git a/src/chrome/content/rules/Syncplicity.xml b/src/chrome/content/rules/Syncplicity.xml
index 925c889c9e94..c9b21f2d9c87 100644
--- a/src/chrome/content/rules/Syncplicity.xml
+++ b/src/chrome/content/rules/Syncplicity.xml
@@ -13,6 +13,6 @@
 
   	<securecookie host="^.*\.syncplicity\.com$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Syncthing.net.xml b/src/chrome/content/rules/Syncthing.net.xml
index bc68e18a0da4..e69eb24a4547 100644
--- a/src/chrome/content/rules/Syncthing.net.xml
+++ b/src/chrome/content/rules/Syncthing.net.xml
@@ -1,7 +1,7 @@
 <!--
 	Login required:
 		build2.syncthing.net
-        
+
 	Redirect to http:
 		relays.syncthing.net
 
diff --git a/src/chrome/content/rules/SyndeticS.com.xml b/src/chrome/content/rules/SyndeticS.com.xml
index 0b39c0290f8d..ae5a938712e7 100644
--- a/src/chrome/content/rules/SyndeticS.com.xml
+++ b/src/chrome/content/rules/SyndeticS.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.syndetics.com/ => https://secure.syndetics.com/: (56, 'S
 	www.syndetics.com: Mismatched
 
 -->
-<ruleset name="SyndeticS.com" default_off='failed ruleset test'>
+<ruleset name="SyndeticS.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Syndie.xml b/src/chrome/content/rules/Syndie.xml
index ea670481a4d7..49b49052123b 100644
--- a/src/chrome/content/rules/Syndie.xml
+++ b/src/chrome/content/rules/Syndie.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synergist_SCADA.xml b/src/chrome/content/rules/Synergist_SCADA.xml
index 966fe7f27e99..379522485ead 100644
--- a/src/chrome/content/rules/Synergist_SCADA.xml
+++ b/src/chrome/content/rules/Synergist_SCADA.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://synergistscada.com/ => https://synergistscada.com/: Too many redirects while fetching 'https://synergistscada.com/'
 
 -->
-<ruleset name="Synergist SCADA" default_off='failed ruleset test'>
+<ruleset name="Synergist SCADA" default_off="failed ruleset test">
 
 	<target host="synergistscada.com" />
 	<target host="www.synergistscada.com" />
@@ -22,4 +22,4 @@ Fetch error: http://synergistscada.com/ => https://synergistscada.com/: Too many
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synology.com.tw.xml b/src/chrome/content/rules/Synology.com.tw.xml
index 47260bd7c826..b60be5965721 100644
--- a/src/chrome/content/rules/Synology.com.tw.xml
+++ b/src/chrome/content/rules/Synology.com.tw.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Synology coverage, see 
+	For other Synology coverage, see
 
 
 	Nonfunctional domains:
diff --git a/src/chrome/content/rules/Synology.xml b/src/chrome/content/rules/Synology.xml
index 8d8c13bfa9f9..9aee7c0b6b85 100644
--- a/src/chrome/content/rules/Synology.xml
+++ b/src/chrome/content/rules/Synology.xml
@@ -27,7 +27,7 @@ Fetch error: http://synokm.synology.com/ => https://synokm.synology.com/: (6, 'C
 		- www.synology.com
 
 -->
-<ruleset name="Synology.com" default_off='failed ruleset test'>
+<ruleset name="Synology.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Synopsys.xml b/src/chrome/content/rules/Synopsys.xml
index d1ffd3e6c458..f93de60474a6 100644
--- a/src/chrome/content/rules/Synopsys.xml
+++ b/src/chrome/content/rules/Synopsys.xml
@@ -9,7 +9,10 @@
 
 	<target host="www.synopsys.co.jp" />
 	<target host="synopsys.com" />
-	<target host="*.synopsys.com" />
+	<target host="www.synopsys.com" />
+	<target host="blogs.synopsys.com" />
+	<target host="solvnet.synopsys.com" />
+	<target host="sso.synopsys.com" />
 
 
 	<!--securecookie host="^www\.synopsys\.com$" name="^(BIGipServerwww-prod-MOSS-pool|SynsLC)$" /-->
diff --git a/src/chrome/content/rules/Synovite-scripts.com.xml b/src/chrome/content/rules/Synovite-scripts.com.xml
index b8aee04b8391..8fa93274f1af 100644
--- a/src/chrome/content/rules/Synovite-scripts.com.xml
+++ b/src/chrome/content/rules/Synovite-scripts.com.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Synthetix.com.xml b/src/chrome/content/rules/Synthetix.com.xml
index 505b26f459e9..f46c906034b0 100644
--- a/src/chrome/content/rules/Synthetix.com.xml
+++ b/src/chrome/content/rules/Synthetix.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Synthetix rulesets:
 
-		- Synthetix.info.xml
 
 
 	Nonfunctional subdomains:
diff --git a/src/chrome/content/rules/Synthetix.info.xml b/src/chrome/content/rules/Synthetix.info.xml
deleted file mode 100644
index 11081f6d4c4d..000000000000
--- a/src/chrome/content/rules/Synthetix.info.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other Synthetix coverage, see Synthetix.com.xml.
-
--->
-<ruleset name="Synthetix.info">
-
-	<target host="synthetix.info" />
-	<target host="www.synthetix.info" />
-	<target host="synthetix.net" />
-	<target host="www.synthetix.net" />
-
-
-	<securecookie host="^synthetix\.(?:info|net)$" name=".+" />
-
-
-	<!--	www redirects to ^ over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://(?:www\.)?synthetix\.(info|net)/"
-		to="https://synthetix.$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Synthfont.com.xml b/src/chrome/content/rules/Synthfont.com.xml
new file mode 100644
index 000000000000..58f4d2d16443
--- /dev/null
+++ b/src/chrome/content/rules/Synthfont.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Synthfont.com">
+	<target host="synthfont.com" />
+	<target host="www.synthfont.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Syracuse_University.xml b/src/chrome/content/rules/Syracuse_University.xml
index c50b2d2b00d5..c1a441d5d0ec 100644
--- a/src/chrome/content/rules/Syracuse_University.xml
+++ b/src/chrome/content/rules/Syracuse_University.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SysCan.org.xml b/src/chrome/content/rules/SysCan.org.xml
deleted file mode 100644
index 4fff8028a2de..000000000000
--- a/src/chrome/content/rules/SysCan.org.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- syscan.org
-		- www.syscan.org
-
--->
-<ruleset name="SysCan.org">
-
-	<target host="syscan.org" />
-	<target host="www.syscan.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?syscan\.org$" name="^ci_session$" /-->
-
-	<securecookie host="^(?:www\.)?syscan\.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/SysWard.com.xml b/src/chrome/content/rules/SysWard.com.xml
index 8d211edb1cd2..68b322d06f59 100644
--- a/src/chrome/content/rules/SysWard.com.xml
+++ b/src/chrome/content/rules/SysWard.com.xml
@@ -9,7 +9,7 @@
 <ruleset name="SysWard.com">
 
 	<target host="sysward.com" />
-	<target host="*.sysward.com" />
+	<target host="www.sysward.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Syslog-ng.org.xml b/src/chrome/content/rules/Syslog-ng.org.xml
deleted file mode 100644
index fc1f868c13e9..000000000000
--- a/src/chrome/content/rules/Syslog-ng.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="syslog-ng.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="syslog-ng.org" />
-	<target host="www.syslog-ng.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Sysmex.com.xml b/src/chrome/content/rules/Sysmex.com.xml
index e80e60b2059a..78a69bb97cbe 100644
--- a/src/chrome/content/rules/Sysmex.com.xml
+++ b/src/chrome/content/rules/Sysmex.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.sysmex.com/ => https://www.sysmex.com/: (60, 'SSL certif
 		- www.sysmex.com
 
 -->
-<ruleset name="Sysmex.com" default_off='failed ruleset test'>
+<ruleset name="Sysmex.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Sysprofile.de.xml b/src/chrome/content/rules/Sysprofile.de.xml
new file mode 100644
index 000000000000..189517e156de
--- /dev/null
+++ b/src/chrome/content/rules/Sysprofile.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Sysprofile.de">
+	<target host="sysprofile.de" />
+	<target host="www.sysprofile.de" />
+	<target host="forum.sysprofile.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/SystemIntegra.ru.xml b/src/chrome/content/rules/SystemIntegra.ru.xml
index d4d6b1c32bca..ccad3aca7a73 100644
--- a/src/chrome/content/rules/SystemIntegra.ru.xml
+++ b/src/chrome/content/rules/SystemIntegra.ru.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/SystemSensor.ca.xml b/src/chrome/content/rules/SystemSensor.ca.xml
new file mode 100644
index 000000000000..9926bebb9fbb
--- /dev/null
+++ b/src/chrome/content/rules/SystemSensor.ca.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- mybusiness
+
+	Connection reset:
+		- ^
+-->
+<ruleset name="SystemSensor.ca">
+	<target host="systemsensor.ca" />
+	<target host="www.systemsensor.ca" />
+
+	<rule from="^http://systemsensor\.ca/"
+		to="https://www.systemsensor.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/System_Center_Advisor.com.xml b/src/chrome/content/rules/System_Center_Advisor.com.xml
index c6cdc81bf3ee..669c0021c7ea 100644
--- a/src/chrome/content/rules/System_Center_Advisor.com.xml
+++ b/src/chrome/content/rules/System_Center_Advisor.com.xml
@@ -18,25 +18,22 @@ Fetch error: http://systemcenteradvisor.net/ => https://systemcenteradvisor.net/
 		- (www.)systemcenteradvisor.net
 
 -->
-<ruleset name="System Center Advisor.com" default_off='failed ruleset test'>
+<ruleset name="System Center Advisor.com" default_off="failed ruleset test">
 
 	<target host="systemcenteradviser.com" />
-	<target host="*.systemcenteradviser.com" />
 	<target host="systemcenteradviser.net" />
-	<target host="*.systemcenteradviser.net" />
 	<target host="systemcenteradvisor.com" />
-	<target host="*.systemcenteradvisor.com" />
 	<target host="systemcenteradvisor.net" />
-	<target host="*.systemcenteradvisor.net" />
+	<target host="www.systemcenteradviser.com" />
+	<target host="www.systemcenteradviser.net" />
+	<target host="www.systemcenteradvisor.com" />
+	<target host="www.systemcenteradvisor.net" />
+	<target host="login.systemcenteradvisor.com" />
 
 
 	<securecookie host="^(?:www)?\.systemcenteradvis[eo]r\.(?:com|net)$" name=".+" />
 
 
-	<rule from="^http://(www\.)?systemcenteradvis(e|o)r\.(com|net)/"
-		to="https://$1systemcenteradvis$2r.$3/" />
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http://login\.systemcenteradvisor\.com/"
-		to="https://login.systemcenteradvisor.com/" />
-
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Systemausfall.org.xml b/src/chrome/content/rules/Systemausfall.org.xml
deleted file mode 100644
index 46d71c43adf7..000000000000
--- a/src/chrome/content/rules/Systemausfall.org.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.systemausfall.org/ => https://www.systemausfall.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.systemausfall.org'")
-
--->
-<ruleset name="systemausfall.org" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="systemausfall.org" />
-	<target host="www.systemausfall.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Systemspace.network.xml b/src/chrome/content/rules/Systemspace.network.xml
new file mode 100644
index 000000000000..12e90cc1921b
--- /dev/null
+++ b/src/chrome/content/rules/Systemspace.network.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- sct8
+-->
+<ruleset name="Systemspace.network">
+	<target host="systemspace.network" />
+	<target host="www.systemspace.network" />
+	<target host="ex.systemspace.network" />
+	<target host="farewell.systemspace.network" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Szm.com.xml b/src/chrome/content/rules/Szm.com.xml
deleted file mode 100644
index 62fc8d326d8b..000000000000
--- a/src/chrome/content/rules/Szm.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	www.szm.com: Shows webmail.szm.com
-
-
-	Mixed content:
-
-		- iframe on ^ from webmail.szm.com *
-
-	* Secured by us
-
--->
-<ruleset name="Szm.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-  <target host="szm.com" />
-  <target host="webmail.szm.com" />
-
-<!--	Complications:
-			-->
-  <target host="www.szm.com" />
-
-
-	<rule from="^http://www\.szm\.com/"
-		to="https://szm.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/T-Engine.org.xml b/src/chrome/content/rules/T-Engine.org.xml
index 99ae1f3abd99..6d226de52324 100644
--- a/src/chrome/content/rules/T-Engine.org.xml
+++ b/src/chrome/content/rules/T-Engine.org.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.t-engine.org/ => https://www.t-engine.org/: (60, 'SSL ce
 	** Secured by us
 
 -->
-<ruleset name="T-Engine.org (partial)" default_off='failed ruleset test'>
+<ruleset name="T-Engine.org (partial)" default_off="failed ruleset test">
 
 	<target host="t-engine.org" />
 	<target host="www.t-engine.org" />
diff --git a/src/chrome/content/rules/T-Mobile.co.uk.xml b/src/chrome/content/rules/T-Mobile.co.uk.xml
deleted file mode 100644
index f806bd9af3f7..000000000000
--- a/src/chrome/content/rules/T-Mobile.co.uk.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
-
--->
-<ruleset name="T-Mobile.co.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="t-mobile.co.uk" />
-	<target host="www.t-mobile.co.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/T-Nation.com.xml b/src/chrome/content/rules/T-Nation.com.xml
index 1cea91bb087c..f206430da062 100644
--- a/src/chrome/content/rules/T-Nation.com.xml
+++ b/src/chrome/content/rules/T-Nation.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://tnation.t-nation.com/ => https://tnation.t-nation.com/: (51,
 	* Secured by us
 
 -->
-<ruleset name="T-Nation.com" default_off='failed ruleset test'>
+<ruleset name="T-Nation.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/T-Online.xml b/src/chrome/content/rules/T-Online.xml
index 397053080e46..55d11fb2947a 100644
--- a/src/chrome/content/rules/T-Online.xml
+++ b/src/chrome/content/rules/T-Online.xml
@@ -1,107 +1,58 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://t-online.de.intellitxt.com/ => https://ln1-g003.intellitxt.com/: (6, 'Could not resolve host: ln1-g003.intellitxt.com')
-Fetch error: http://toi.ivwbox.de/ => https://toi-ssl.ivwbox.de/: (6, 'Could not resolve host: toi-ssl.ivwbox.de')
-
 	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
 
-
-	CDN buckets:
-
-		- toi.ivwbox.de
-		- toi-ssl.ivwbox.de
-
-		- telekom.tipico.com
-
-			- sportwetten
-
-
 	Nonfunctional domains:
 
-		- img.toi.de *
-
-		- t-online.de subdomains:
-
-			- (www.) *
-			- augenblicke *
-			- bilder *
-			- downloads *
-			- dsl-und-dienste *
-			- einkaufswelt *
-			- eltern *
-			- erotik *
-			- gewinnspiele *
-			- handy1 *
-			- hilfe *
-			- hilfe-und-service *
-			- horoskop		(prints "it works!"; mismatched, CN: www.viversum.de)
-			- kids *
-			- lifestyle *
-			- nachrichten *
-			- iss *
-			- partnerfragmente2010 *
-			- routenplaner **
-			- service *
-			- sportwetten	(redirects to http; mismatched, CN: *.tipico.com)
-			- stats *
-			- themen **
-			- top-themen *
-			- unterhaltung *
+		- augenblicke *
+		- downloads *
+		- dsl-und-dienste *
+		- einkaufswelt *
+		- eltern *
+		- handy1 *
+		- hilfe-und-service *
+		- horoskop ***
+		- kids *
+		- lifestyle *
+		- mediencenter **
+		- nachrichten *
+		- partnerfragmente2010 *
+		- service *
+		- sportwetten *
+		- top-themen *
+		- unterhaltung *
+		- wiga ****
 
 	* Refused
-	** Shows suche; mismatched, CN: suche.t-online.de
-
-
-	Problematic subdomains:
-
-		- freemail *
-		- sportdaten *
-
-	* Works; mismatched, CN: webservice.fussball.de
-
-
-	Partially covered subdomains:
-
-		- rezepte	($ redirects to http)
-
-
-	Fully covered subdomains:
-
-		- im.banner
-		- header.cdb
-		- email
-		- fssecure
-		- mediencenter
-		- stayfriends
-		- suche
-		- tbx
-		- wiga
-
-
-	Mixed web bug on suche from stats
-
-	Mixed images on suche from bilder
-
+	** Timeout
+	*** Unable to get local issuer certificate
+	**** Non-2xx HTTP code
 -->
-<ruleset name="T-Online (partial)" default_off='failed ruleset test'>
-
-	<target host="t-online.de.intellitxt.com" />
-	<target host="toi.ivwbox.de" />
-	<target host="*.t-online.de" />
-		<exclusion pattern="^http://rezepte\.t-online\.de/(?!sites/)" />
-
-
-	<securecookie host="^(?:\.banner|email|\.mediencenter|stayfriends|suche|tbx)\.t-online\.de$" name=".+" />
-
-
-	<rule from="^http://toi\.ivwbox\.de/"
-		to="https://toi-ssl.ivwbox.de/" />
-
-	<rule from="^http://(im\.banner|header\.cdb|email|fssecure|mediencenter|rezepte|stayfriends|suche|tbx|wiga)\.t-online\.de/"
-		to="https://$1.t-online.de/" />
-
-	<rule from="^http://t-online\.de\.intellitxt\.com/"
-		to="https://ln1-g003.intellitxt.com/" />
+<ruleset name="T-Online (partial)">
+
+	<target host="t-online.de" />
+	<target host="www.t-online.de" />
+	<target host="im.banner.t-online.de" />
+	<target host="bilder.t-online.de" />
+	<target host="header.cdb.t-online.de" />
+	<target host="email.t-online.de" />
+	<target host="erotik.t-online.de" />
+	<target host="freemail.t-online.de" />
+	<target host="fssecure.t-online.de" />
+	<target host="gewinnspiele.t-online.de" />
+	<target host="hilfe.t-online.de" />
+	<target host="iss.t-online.de" />
+	<target host="routenplaner.t-online.de" />
+	<target host="stats.t-online.de" />
+	<target host="stayfriends.t-online.de" />
+	<target host="suche.t-online.de" />
+	<target host="themen.t-online.de" />
+	<target host="wiga.t-online.de" />
+		<test url="http://wiga.t-online.de/wetter/wetterinfoapp/configAndroid.xml" />
+		<exclusion pattern="^http://wiga\.t-online\.de/$" />
+		<test url="http://wiga.t-online.de/wetter/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/T-Shirt_Mojo.xml b/src/chrome/content/rules/T-Shirt_Mojo.xml
deleted file mode 100644
index 2c4a40ae7984..000000000000
--- a/src/chrome/content/rules/T-Shirt_Mojo.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- t-shirtmojo.com
-		- www.t-shirtmojo.com
-
--->
-<ruleset name="T-Shirt Mojo.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="t-shirtmojo.com" />
-	<target host="www.t-shirtmojo.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?t-shirtmojo\.com$" name="^SID$" /-->
-
-	<securecookie host="^(?:www\.)?t-shirtmojo\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/T3.io.xml b/src/chrome/content/rules/T3.io.xml
index 17bf69c1905b..e232492b4712 100644
--- a/src/chrome/content/rules/T3.io.xml
+++ b/src/chrome/content/rules/T3.io.xml
@@ -10,7 +10,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://t3.io/ => https://t3.io/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="t3.io" default_off='failed ruleset test'>
+<ruleset name="t3.io" default_off="failed ruleset test">
 
 	<target host="t3.io" />
 	<target host="www.t3.io" />
@@ -21,4 +21,4 @@ Fetch error: http://t3.io/ => https://t3.io/: (60, 'SSL certificate problem: sel
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/T3Blog.com.xml b/src/chrome/content/rules/T3Blog.com.xml
deleted file mode 100644
index 69f1f948df0f..000000000000
--- a/src/chrome/content/rules/T3Blog.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For other TYPO3 coverage, see TYPO3.xml.
-
-
-	CN: webserver.ispgateway.de
-
-
-	Mixed content:
-
-		- css, from:
-
-			- $self *
-			- fonts.googleapis.com *
-
-		* Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="T3Blog.com" default_off="mismatched, self-signed">
-
-	<target host="t3blog.com" />
-	<target host="www.t3blog.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?t3blog\.com$" name="^(PHPSESSID|fe_typo_user)$" /-->
-
-	<securecookie host="^(?:www\.)?t3blog\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?t3blog\.com/"
-		to="https://www.t3blog.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TACAR.org.xml b/src/chrome/content/rules/TACAR.org.xml
index f94d5fc670b2..3dfe444fdc83 100644
--- a/src/chrome/content/rules/TACAR.org.xml
+++ b/src/chrome/content/rules/TACAR.org.xml
@@ -6,7 +6,7 @@
 
 		- tacar.org
 		- www.tacar.org
-		
+
 -->
 <ruleset name="TACAR.org">
 
diff --git a/src/chrome/content/rules/TAG24.de.xml b/src/chrome/content/rules/TAG24.de.xml
new file mode 100644
index 000000000000..4858da2bcebc
--- /dev/null
+++ b/src/chrome/content/rules/TAG24.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		test
+
+	Refused:
+		tag20
+-->
+<ruleset name="TAG24.de">
+
+	<target host="tag24.de" />
+	<target host="www.tag24.de" />
+	<target host="247.tag24.de" />
+	<target host="api.tag24.de" />
+	<target host="assets.tag24.de" />
+	<target host="backlog.tag24.de" />
+	<target host="campus.tag24.de" />
+	<target host="download.tag24.de" />
+	<target host="dynamic.tag24.de" />
+	<target host="fbia.tag24.de" />
+	<target host="go.tag24.de" />
+	<target host="jobs.tag24.de" />
+	<target host="media.tag24.de" />
+	<target host="mein.tag24.de" />
+	<target host="partyboot.tag24.de" />
+	<target host="pizza.tag24.de" />
+	<target host="redmine.tag24.de" />
+	<target host="staging.tag24.de" />
+	<target host="cito.staging.tag24.de" />
+	<target host="story.tag24.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TAU.ac.il.xml b/src/chrome/content/rules/TAU.ac.il.xml
index 516e9be7cd95..1add39342d50 100644
--- a/src/chrome/content/rules/TAU.ac.il.xml
+++ b/src/chrome/content/rules/TAU.ac.il.xml
@@ -29,13 +29,16 @@
 -->
 <ruleset name="TAU.ac.il (partial)">
 
-	<target host="*.tau.ac.il" />
+	<target host="cs.tau.ac.il" />
+	<target host="www.cs.tau.ac.il" />
+	<target host="course.cs.tau.ac.il" />
+	<target host="forums.cs.tau.ac.il" />
+	<target host="svn.cs.tau.ac.il" />
 
 
 	<rule from="^http://(?:www\.)?cs\.tau\.ac\.il/"
 		to="https://www.cs.tau.ac.il/" />
 
-	<rule from="^http://(course|forums|svn)\.cs\.tau\.ac\.il/"
-		to="https://$1.cs.tau.ac.il/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TCPA_Compliance.us.xml b/src/chrome/content/rules/TCPA_Compliance.us.xml
deleted file mode 100644
index ea52f2d75771..000000000000
--- a/src/chrome/content/rules/TCPA_Compliance.us.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	For other Neustar coverage, see NeuStar.xml.
-
-
-	Nonfunctional hosts:
-
-		- tcpacompliance.us *
-
-	* 500 (cf. 404 over http)
-
-
-	Fully covered hosts:
-
-		- www
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.tcpacompliance.us
-
--->
-<ruleset name="TCPA Compliance.us">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.tcpacompliance.us" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.tcpacompliance\.us$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^www\.tcpacompliance\.us$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TCPalm.com.xml b/src/chrome/content/rules/TCPalm.com.xml
index 6bc94e4d4447..104554ee28c3 100644
--- a/src/chrome/content/rules/TCPalm.com.xml
+++ b/src/chrome/content/rules/TCPalm.com.xml
@@ -49,10 +49,11 @@ Fetch error: http://tcpalm.com/ => https://www.tcpalm.com/: (51, "SSL: no altern
 	* → akamai
 
 -->
-<ruleset name="TCPalm.com (partial)" default_off='failed ruleset test'>
+<ruleset name="TCPalm.com (partial)" default_off="failed ruleset test">
 
 	<target host="tcpalm.com" />
-	<target host="*.tcpalm.com" />
+	<target host="www.tcpalm.com" />
+	<target host="jobs.tcpalm.com" />
 	<target host="tcpalmextras.com" />
 	<target host="www.tcpalmextras.com" />
 
@@ -68,7 +69,6 @@ Fetch error: http://tcpalm.com/ => https://www.tcpalm.com/: (51, "SSL: no altern
 	<rule from="^http://jobs\.tcpalm\.com/"
 		to="https://www.tcpalm.com/hotjobs" />
 
-	<rule from="^http://(www\.)?tcpalmextras\.com/"
-		to="https://$1tcpalmextras.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TC_img.net.xml b/src/chrome/content/rules/TC_img.net.xml
deleted file mode 100644
index 8ac450e4103a..000000000000
--- a/src/chrome/content/rules/TC_img.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	TrueCar
-
--->
-<ruleset name="TC img.net">
-
-	<target host="a.tcimg.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TDBank.xml b/src/chrome/content/rules/TDBank.xml
index d67ca95f600a..b6493bcaeeaf 100644
--- a/src/chrome/content/rules/TDBank.xml
+++ b/src/chrome/content/rules/TDBank.xml
@@ -2,4 +2,4 @@
   <target host="onlinebanking.tdbank.com" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TDC.dk.xml b/src/chrome/content/rules/TDC.dk.xml
index 65c684ffeed7..45585d8606cc 100644
--- a/src/chrome/content/rules/TDC.dk.xml
+++ b/src/chrome/content/rules/TDC.dk.xml
@@ -15,7 +15,6 @@ Fetch error: http://www.tdc-wholesale.com/ => https://wholesale.tdc.dk/nordic/:
 
 		- C.dk.xml
 		- TDC.no.xml
-		- TDC_online.se.xml
 		- TDC_Service_Online.com.xml
 
 
@@ -49,7 +48,7 @@ Fetch error: http://www.tdc-wholesale.com/ => https://wholesale.tdc.dk/nordic/:
 	² Secured by us <= complete coverage
 
 -->
-<ruleset name="TDC.dk (partial)" default_off='failed ruleset test'>
+<ruleset name="TDC.dk (partial)" default_off="failed ruleset test">
 
 	<target host="tdc.dk" />
 	<target host="www.tdc.dk" />
diff --git a/src/chrome/content/rules/TDC.no.xml b/src/chrome/content/rules/TDC.no.xml
index c9c02beaf582..c20ba2aef60e 100644
--- a/src/chrome/content/rules/TDC.no.xml
+++ b/src/chrome/content/rules/TDC.no.xml
@@ -19,7 +19,7 @@ Fetch error: http://henvis.tdc.no/ => https://henvis.tdc.no/: (28, 'Connection t
 
 	* Dropped
 -->
-<ruleset name="TDC.no (partial)" default_off='failed ruleset test'>
+<ruleset name="TDC.no (partial)" default_off="failed ruleset test">
 
 	<target host="io.tdc.no" />
 	<target host="kiss.tdc.no" />
diff --git a/src/chrome/content/rules/TDC_online.se.xml b/src/chrome/content/rules/TDC_online.se.xml
deleted file mode 100644
index 8e7e7974d4f7..000000000000
--- a/src/chrome/content/rules/TDC_online.se.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other TDC coverage, see TDC.dk.xml.
-
-	Mixed Content:
-		- sll
--->
-<ruleset name="TDC online.se">
-
-	<target host="botkyrka.tdconline.se" />
-	<target host="gu.tdconline.se" />
-	<target host="lansstyrelsen.tdconline.se" />
-	<target host="lkab2.tdconline.se" />
-	<target host="migrationsverket.tdconline.se" />
-	<target host="sjofartsverket.tdconline.se" />
-	<target host="slu.tdconline.se" />
-	<target host="tdc.tdconline.se" />
-	<target host="tdconline.se" />
-	<target host="vgr.tdconline.se" />
-	<target host="vmkfb.tdconline.se" />
-	<target host="www.tdconline.se" />
-
-
-	<securecookie host="^(?:tdc\.)?tdconline\.se$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TDS.net.xml b/src/chrome/content/rules/TDS.net.xml
index c9ffd7f084cd..637bd10307f2 100644
--- a/src/chrome/content/rules/TDS.net.xml
+++ b/src/chrome/content/rules/TDS.net.xml
@@ -27,4 +27,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TEAC.xml b/src/chrome/content/rules/TEAC.xml
index 8a755a633d44..7747484a7d4b 100644
--- a/src/chrome/content/rules/TEAC.xml
+++ b/src/chrome/content/rules/TEAC.xml
@@ -10,7 +10,7 @@ Fetch error: http://teac.co.jp/ => https://teac.co.jp/: (60, 'SSL certificate pr
 Fetch error: http://www.teac.co.jp/ => https://teac.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://shop.teac.com/ => https://shop.teac.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="TEAC (partial)" default_off='failed ruleset test'>
+<ruleset name="TEAC (partial)" default_off="failed ruleset test">
 
 	<target host="teac.co.jp"/>
 	<target host="www.teac.co.jp"/>
diff --git a/src/chrome/content/rules/TEHTRI-Security.com.xml b/src/chrome/content/rules/TEHTRI-Security.com.xml
index 4ff24b4aff62..46d07a547a1f 100644
--- a/src/chrome/content/rules/TEHTRI-Security.com.xml
+++ b/src/chrome/content/rules/TEHTRI-Security.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://tehtri-security.com/ => https://tehtri-security.com/: (6, 'C
 	platform should be removed with Ffx 24.
 
 -->
-<ruleset name="TEHTRI-Security.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="TEHTRI-Security.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="tehtri-security.com" />
 	<target host="www.tehtri-security.com" />
@@ -26,4 +26,4 @@ Fetch error: http://tehtri-security.com/ => https://tehtri-security.com/: (6, 'C
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TFAW.com.xml b/src/chrome/content/rules/TFAW.com.xml
index 152858979a1e..e3a1dab4600a 100644
--- a/src/chrome/content/rules/TFAW.com.xml
+++ b/src/chrome/content/rules/TFAW.com.xml
@@ -1,15 +1,15 @@
-<!--
-	Refused: tfaw.com
-		- ^ (fixed by this ruleset)
--->
-
-<ruleset name="TFAW.com">
-	<target host="tfaw.com" />
-	<target host="www.tfaw.com" />
-	<target host="blog.tfaw.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://tfaw\.com/" to="https://www.tfaw.com/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
+<!--
+	Refused: tfaw.com
+		- ^ (fixed by this ruleset)
+-->
+
+<ruleset name="TFAW.com">
+	<target host="tfaw.com" />
+	<target host="www.tfaw.com" />
+	<target host="blog.tfaw.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://tfaw\.com/" to="https://www.tfaw.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TH-Mittelhessen.de.xml b/src/chrome/content/rules/TH-Mittelhessen.de.xml
index fd02398678f6..68f38d7fb04f 100644
--- a/src/chrome/content/rules/TH-Mittelhessen.de.xml
+++ b/src/chrome/content/rules/TH-Mittelhessen.de.xml
@@ -21,7 +21,7 @@ Fetch error: http://alumni.th-mittelhessen.de/ => https://alumni.th-mittelhessen
 	* Secured by us
 
 -->
-<ruleset name="TH-Mittelhessen.de" default_off='failed ruleset test'>
+<ruleset name="TH-Mittelhessen.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/THM.de.xml b/src/chrome/content/rules/THM.de.xml
index d31dca3787ed..d869ffe22c02 100644
--- a/src/chrome/content/rules/THM.de.xml
+++ b/src/chrome/content/rules/THM.de.xml
@@ -68,7 +68,7 @@ Fetch error: http://pharus.thm.de/ => https://pharus.thm.de/: (6, 'Could not res
 	² Unsecurable <= refused
 
 -->
-<ruleset name="THM.de (partial)" default_off='failed ruleset test'>
+<ruleset name="THM.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/THR.com.xml b/src/chrome/content/rules/THR.com.xml
index 8d87ba8227e8..a1f80a8ca659 100644
--- a/src/chrome/content/rules/THR.com.xml
+++ b/src/chrome/content/rules/THR.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.thr.com/ => https://www.hollywoodreporter.com/: Too many
 	² Secured by us
 
 -->
-<ruleset name="THR.com" default_off='failed ruleset test'>
+<ruleset name="THR.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -30,7 +30,7 @@ Fetch error: http://www.thr.com/ => https://www.hollywoodreporter.com/: Too many
 	<target host="cdn3.thr.com" />
 	<target host="cdn4.thr.com" />
 	<target host="cdn5.thr.com" />
-	
+
 	<!--	Complications:
 				-->
 	<target host="thr.com" />
diff --git a/src/chrome/content/rules/THW.de.xml b/src/chrome/content/rules/THW.de.xml
new file mode 100644
index 000000000000..9916aa042344
--- /dev/null
+++ b/src/chrome/content/rules/THW.de.xml
@@ -0,0 +1,24 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Unable to get local issuer certificate:
+		- uploader.thw.de
+		- www.uploader.thw.de
+-->
+<ruleset name="THW.de (partial)">
+
+	<target host="thw.de" />
+	<target host="www.thw.de" />
+	<target host="br500.thw.de" />
+	<target host="extranet.thw.de" />
+	<target host="www.gfb-bremen.thw.de" />
+	<target host="www.gfb-hamburg.thw.de" />
+	<target host="gfb-muenchen.thw.de" />
+	<target host="www.infozentrum.thw.de" />
+	<target host="m.thw.de" />
+	<target host="www.m.thw.de" />
+	<target host="portal.thw.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TI.com-falsemixed.xml b/src/chrome/content/rules/TI.com-falsemixed.xml
deleted file mode 100644
index bb81d11e8cf5..000000000000
--- a/src/chrome/content/rules/TI.com-falsemixed.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Texas-Instruments.xml.
-
--->
-<ruleset name="TI.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.ti.com" />
-
-	<!--	Complications:
-				-->
-	<target host="ti.com" />
-
-		<!--	Breaks doc downloads:
-						-->
-		<exclusion pattern="^http://www.ti.com/(?:general/docs/)?lit/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.ti.com/general/docs/lit/getliterature.tsp?baseLiteratureNumber=spruer9&amp;fileType=pdf" />
-			<test url="http://www.ti.com/lit/ug/spruer9d/spruer9d.pdf" />
-
-
-	<rule from="^http://ti\.com/"
-		to="https://www.ti.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TIBCO.com.xml b/src/chrome/content/rules/TIBCO.com.xml
index 09b4c1a444f7..5d1eabad7d68 100644
--- a/src/chrome/content/rules/TIBCO.com.xml
+++ b/src/chrome/content/rules/TIBCO.com.xml
@@ -19,7 +19,10 @@
 -->
 <ruleset name="TIBCO.com (partial)">
 
-	<target host="*.tibco.com" />
+	<target host="docs.tibco.com" />
+	<target host="download.tibco.com" />
+	<target host="support.tibco.com" />
+	<target host="forms2.tibco.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/TICKETsage.xml b/src/chrome/content/rules/TICKETsage.xml
index 6d0ebe278e1c..a7ef68af6cd5 100644
--- a/src/chrome/content/rules/TICKETsage.xml
+++ b/src/chrome/content/rules/TICKETsage.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.ticketsage.com/ => https://www.ticketsage.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="TICKETsage" default_off='failed ruleset test'>
+<ruleset name="TICKETsage" default_off="failed ruleset test">
 
 	<target host="ticketsage.com" />
 	<target host="www.ticketsage.com" />
@@ -15,4 +15,4 @@ Fetch error: http://www.ticketsage.com/ => https://www.ticketsage.com/: (60, 'SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TIME.com.xml b/src/chrome/content/rules/TIME.com.xml
index 79dc58bce235..f316a87e7134 100644
--- a/src/chrome/content/rules/TIME.com.xml
+++ b/src/chrome/content/rules/TIME.com.xml
@@ -6,13 +6,11 @@
 			 - 100photos.time.com
 
 		SSL peer certificate was not OK:
-			 - www.time.com
 			 - 10questions.time.com
 			 - motto.time.com
 			 - thepage.time.com
 
 		Secure connection redirects to plaintext:
-			 - time.com
 			 - business.time.com
 			 - entertainment.time.com
 			 - healthland.time.com
@@ -33,14 +31,20 @@
 			 - life.time.com
 			 - lightbox.time.com
 
+		Active mixed content:
+			 - content.time.com
+				<test url="http://content.time.com/time/specials/packages/completelist/0,29569,1991915,00.html" />
+				<test url="http://content.time.com/time/specials/packages/0,28757,1940424,00.html" />
+
 -->
 <ruleset name="TIME.com (partial)">
 
+	<target host="time.com" />
+	<target host="www.time.com" />
 	<target host="assets.time.com" />
 		<test url="http://assets.time.com/scripts/brightcove-facade/1.1.0/brightcove-facade.min.js" />
 	<target host="auth.time.com" />
 	<target host="backissues.time.com" />
-	<target host="content.time.com" />
 	<target host="pages.email.time.com" />
 	<target host="shop.time.com" />
 	<target host="smetrics.time.com" />
diff --git a/src/chrome/content/rules/TKK.fi.xml b/src/chrome/content/rules/TKK.fi.xml
index e6294f127dd3..5e2499164644 100644
--- a/src/chrome/content/rules/TKK.fi.xml
+++ b/src/chrome/content/rules/TKK.fi.xml
@@ -6,7 +6,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="TKK.fi" default_off="missing certificate chain">
+<ruleset name="TKK.fi" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TLHP.cf.xml b/src/chrome/content/rules/TLHP.cf.xml
deleted file mode 100644
index ceec0e46265a..000000000000
--- a/src/chrome/content/rules/TLHP.cf.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	www.tlhp.cf: Mismatched
-
--->
-<ruleset name="TLHP.cf">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="tlhp.cf" />
-
-	<!--	Complications:
-				-->
-	<target host="www.tlhp.cf" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.tlhp\.cf/"
-		to="https://tlhp.cf/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TLS.so.xml b/src/chrome/content/rules/TLS.so.xml
deleted file mode 100644
index 08e6f621ac91..000000000000
--- a/src/chrome/content/rules/TLS.so.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .tls.so
-
--->
-<ruleset name="TLS.so">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="tls.so" />
-
-	<!--	Complications:
-				-->
-	<target host="www.tls.so" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.tls\.so$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.tls\.so$" name=".+" />
-
-
-	<rule from="^http://www\.tls\.so/"
-		to="https://tls.so/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TMBC.gov.uk.xml b/src/chrome/content/rules/TMBC.gov.uk.xml
index 9afbbc6c5c99..faac61e3fa92 100644
--- a/src/chrome/content/rules/TMBC.gov.uk.xml
+++ b/src/chrome/content/rules/TMBC.gov.uk.xml
@@ -22,7 +22,7 @@ Fetch error: http://publicaccess2.tmbc.gov.uk/ => https://publicaccess2.tmbc.gov
 		- tmbc.gov.uk
 
 -->
-<ruleset name="TMBC.gov.uk" default_off='failed ruleset test'>
+<ruleset name="TMBC.gov.uk" default_off="failed ruleset test">
 
 	<target host="bookings.tmbc.gov.uk" />
 	<target host="democracy.tmbc.gov.uk" />
diff --git a/src/chrome/content/rules/TMCH.xml b/src/chrome/content/rules/TMCH.xml
index 77218fb6e454..e546fe88dec1 100644
--- a/src/chrome/content/rules/TMCH.xml
+++ b/src/chrome/content/rules/TMCH.xml
@@ -1,7 +1,7 @@
 <!--
 	403:
 		- tda.tamedia.ch
-		
+
 	Cert expired:
 		- a-cre.tamedia.ch
 
diff --git a/src/chrome/content/rules/TMP.xml b/src/chrome/content/rules/TMP.xml
index 1a1b5a035b45..5b245395d05e 100644
--- a/src/chrome/content/rules/TMP.xml
+++ b/src/chrome/content/rules/TMP.xml
@@ -23,13 +23,13 @@
 -->
 <ruleset name="TMP.com">
 
-	<target host="*.tmp.com" />
+	<target host="autodiscover.tmp.com" />
+	<target host="webmail.tmp.com" />
 
 
 	<rule from="^http://autodiscover\.tmp\.com/"
 		to="https://autodiscover-s.outlook.com/" />
 
-	<rule from="^http://webmail\.tmp\.com/"
-		to="https://webmail.tmp.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TMPwebeng.com.xml b/src/chrome/content/rules/TMPwebeng.com.xml
index ff1d13c55a51..afc48bae2f64 100644
--- a/src/chrome/content/rules/TMPwebeng.com.xml
+++ b/src/chrome/content/rules/TMPwebeng.com.xml
@@ -18,10 +18,12 @@ Fetch error: http://tmpwebeng.com/ => https://secure.tmpwebeng.com/: (7, 'Failed
 		- services
 
 -->
-<ruleset name="TMPwebeng.com" default_off='failed ruleset test'>
+<ruleset name="TMPwebeng.com" default_off="failed ruleset test">
 
 	<target host="tmpwebeng.com" />
-	<target host="*.tmpwebeng.com" />
+	<target host="secure.tmpwebeng.com" />
+	<target host="www.tmpwebeng.com" />
+	<target host="services.tmpwebeng.com" />
 
 
 	<securecookie host="^services\.tmpwebeng\.com$" name=".+" />
@@ -30,7 +32,6 @@ Fetch error: http://tmpwebeng.com/ => https://secure.tmpwebeng.com/: (7, 'Failed
 	<rule from="^http://(?:secure\.|www\.)?tmpwebeng\.com/"
 		to="https://secure.tmpwebeng.com/" />
 
-	<rule from="^http://services\.tmpwebeng\.com/"
-		to="https://services.tmpwebeng.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TMtm.ru.xml b/src/chrome/content/rules/TMtm.ru.xml
index d2f8872f07df..16677f03f3ad 100644
--- a/src/chrome/content/rules/TMtm.ru.xml
+++ b/src/chrome/content/rules/TMtm.ru.xml
@@ -5,7 +5,6 @@
 		- Freelansim.ru.xml
 		- HabraCDN.net.xml
 		- Habrahabr.ru.xml
-		- Habrastorage.org.xml
 		- Hsto.org.xml
 		- Hstor.org.xml
 		- megamozg.ru.xml
diff --git a/src/chrome/content/rules/TNNet.xml b/src/chrome/content/rules/TNNet.xml
index a5455d68091c..8008a16ae58e 100644
--- a/src/chrome/content/rules/TNNet.xml
+++ b/src/chrome/content/rules/TNNet.xml
@@ -4,15 +4,18 @@
 	-->
 
 	<target host="tnnet.fi" />
-	<target host="*.tnnet.fi" />
+	<target host="hostcontrol.tnnet.fi" />
+	<target host="mail.tnnet.fi" />
+	<target host="oma.tnnet.fi" />
+	<target host="wm.tnnet.fi" />
+	<target host="www.tnnet.fi" />
 
 
-	<securecookie host="^(?:.*\.)?tnnet\.fi$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://tnnet\.fi/"
 		to="https://www.tnnet.fi/" />
-	<rule from="^http://((?:hostcontrol|mail|oma|wm|www)\.)?tnnet\.fi/"
-		to="https://$1tnnet.fi/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TNS-Gallup.xml b/src/chrome/content/rules/TNS-Gallup.xml
index c289e3ac1794..a3cbf7fd4673 100644
--- a/src/chrome/content/rules/TNS-Gallup.xml
+++ b/src/chrome/content/rules/TNS-Gallup.xml
@@ -15,7 +15,7 @@ Fetch error: http://statistik-gallup.net/ => https://statistik-gallup.net/: (7,
 	* Refused
 
 -->
-<ruleset name="TNS Gallup (partial)" default_off='failed ruleset test'>
+<ruleset name="TNS Gallup (partial)" default_off="failed ruleset test">
 
 	<target host="statistik-gallup.net" />
 
diff --git a/src/chrome/content/rules/TNS-Global.xml b/src/chrome/content/rules/TNS-Global.xml
index 9371a448352b..ecb8b50b1b93 100644
--- a/src/chrome/content/rules/TNS-Global.xml
+++ b/src/chrome/content/rules/TNS-Global.xml
@@ -1,10 +1,30 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://mailus.tnsglobal.com/ => https://mailus.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://gmmeocsi.tnsglobal.com/ => https://gmmeocsi.tnsglobal.com/: (28, 'Connection timed out after 20002 milliseconds')
+Fetch error: http://heinekenonequity.tnsglobal.com/ => https://heinekenonequity.tnsglobal.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://post.tnsglobal.com/ => https://post.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://rap.tnsglobal.com/ => https://rap.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://rap8.tnsglobal.com/ => https://rap8.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://reports.tnsglobal.com/ => https://reports.tnsglobal.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://surveys.tnsglobal.com/ => https://surveys.tnsglobal.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://tracker.tnsglobal.com/ => https://tracker.tnsglobal.com/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://volvogrouprex.tnsglobal.com/ => https://volvogrouprex.tnsglobal.com/: (56, 'OpenSSL SSL_read: SSL_ERROR_SYSCALL, errno 104')
+Fetch error: http://webedit.tnsglobal.com/ => https://webedit.tnsglobal.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	Other Kantar rulesets:
 		+ Kantar-Latam-Portal.xml
 		+ Kantar-Worldpanel.xml
 		+ TNS-Gallup.xml
 		+ TNS-Info.xml
-		+ TNS-Sifo.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
@@ -30,22 +50,22 @@
 <ruleset name="TNS-Global">
 	<target host="tnsglobal.com" />
 	<target host="www.tnsglobal.com" />
-	<target host="gmmeocsi.tnsglobal.com" />
-	<target host="heinekenonequity.tnsglobal.com" />
+	<!-- target host="gmmeocsi.tnsglobal.com" /-->
+	<!-- target host="heinekenonequity.tnsglobal.com" /-->
 	<target host="www.idp.tnsglobal.com" />
-	<target host="mailus.tnsglobal.com" />
-	<target host="post.tnsglobal.com" />
-	<target host="rap.tnsglobal.com" />
-	<target host="rap8.tnsglobal.com" />
-	<target host="reports.tnsglobal.com" />
-	<target host="surveys.tnsglobal.com" />
+	<!-- target host="mailus.tnsglobal.com" /-->
+	<!-- target host="post.tnsglobal.com" /-->
+	<!-- target host="rap.tnsglobal.com" /-->
+	<!-- target host="rap8.tnsglobal.com" /-->
+	<!-- target host="reports.tnsglobal.com" /-->
+	<!-- target host="surveys.tnsglobal.com" /-->
 	<target host="tnspostalplatformau.tnsglobal.com" />
 	<target host="tnspostalplatformgms.tnsglobal.com" />
 	<target host="tnspostalplatformswex.tnsglobal.com" />
 	<target host="tnspostalplatformwebapi-uat.tnsglobal.com" />
-	<target host="tracker.tnsglobal.com" />
-	<target host="volvogrouprex.tnsglobal.com" />
-	<target host="webedit.tnsglobal.com" />
+	<!-- target host="tracker.tnsglobal.com" /-->
+	<!-- target host="volvogrouprex.tnsglobal.com" /-->
+	<!-- target host="webedit.tnsglobal.com" /-->
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TNS-Info.xml b/src/chrome/content/rules/TNS-Info.xml
index cd77611a55ba..d67a518979b1 100644
--- a/src/chrome/content/rules/TNS-Info.xml
+++ b/src/chrome/content/rules/TNS-Info.xml
@@ -1,17 +1,24 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://login.tnsinfo.com/sites/usermanager/pages/tnsinfo.aspx => https://login.tnsinfo.com/sites/usermanager/pages/tnsinfo.aspx: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://tnsinfo.com/ => https://tnsinfo.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.tnsinfo.com/ => https://www.tnsinfo.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://login.tnsinfo.com/ => https://login.tnsinfo.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	See TNS-Global.xml for other TNS coverage.
+
+  Timeout:
+    control.tnsinfo.com
+    iclick.tnsinfo.com
 -->
 
 <ruleset name="TNS-Info">
-	<target host="tnsinfo.com" />
-	<target host="www.tnsinfo.com" />
-	<target host="control.tnsinfo.com" />
-		<test url="http://control.tnsinfo.com/admin/logon.aspx" />
+	<!-- target host="tnsinfo.com" /-->
+	<!-- target host="www.tnsinfo.com" /-->
 	<target host="explorer.tnsinfo.com" />
-	<target host="iclick.tnsinfo.com" />
-		<test url="http://iclick.tnsinfo.com/qlikview/login.htm" />
-	<target host="login.tnsinfo.com" />
-		<test url="http://login.tnsinfo.com/sites/usermanager/pages/tnsinfo.aspx" />
+	<!-- target host="login.tnsinfo.com" /-->
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/TNS-Sifo.xml b/src/chrome/content/rules/TNS-Sifo.xml
deleted file mode 100644
index 5497c3954bd1..000000000000
--- a/src/chrome/content/rules/TNS-Sifo.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other TNS coverage, see TNS-Global.xml.
-
-
-	Nonfunctional domains:
-
-		- (www.)tns-sifo.se	(shows login page)
-		- webbrev.tns-sifo.se
-
--->
-<ruleset name="TNS Sifo (partial)">
-
-	<target host="panel.research-int.se" />
-	<target host="ssl.sifomedia.se" />
-
-
-	<securecookie host="^panel\.research-int\.se$" name=".+" />
-	<securecookie host="^ssl\.sifomedia\.se$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TOPlist.cz-falsemixed.xml b/src/chrome/content/rules/TOPlist.cz-falsemixed.xml
deleted file mode 100644
index 1f49587f9881..000000000000
--- a/src/chrome/content/rules/TOPlist.cz-falsemixed.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see TOPlist.cz.xml.
-
--->
-<ruleset name="TOPlist.cz (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.toplist.cz" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TOPlist.cz.xml b/src/chrome/content/rules/TOPlist.cz.xml
deleted file mode 100644
index 587d0a44f8f6..000000000000
--- a/src/chrome/content/rules/TOPlist.cz.xml
+++ /dev/null
@@ -1,70 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see TOPlist.cz-falsemixed.xml.
-
-
-	Nonfunctional hosts in *toplist.cz:
-
-		- i *
-
-	* Redirects to www.toplist.cz
-
-
-	Problematic hosts in *toplist.cz:
-
-		- wiki ¹ ²
-		- www ²
-
-	¹ Mismatched
-	² Mixed css
-
-
-	Fully covered hosts in *toplist.cz:
-
-		- ^
-		- ssl
-
-
-	Mixed content:
-
-		- css, on:
-
-			- wiki from $self
-			- www from i.toplist.cz
-
-		- Images on wiki, www from i.toplist.cz
-
-		- Ads/bugs, on:
-
-			- www from nad.247media.cz
-			- www from toplist.cz
-			- www from $self
-
--->
-<ruleset name="TOPlist.cz (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="toplist.cz" />
-	<target host="ssl.toplist.cz" />
-	<target host="www.toplist.cz" />
-
-		<!--	Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://www\.toplist\.cz/+(?!favicon\.ico|images/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.toplist.cz/faq.html" />
-			<test url="http://www.toplist.cz/profi.html" />
-			<test url="http://www.toplist.cz/search.html" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.toplist.cz/favicon.ico" />
-			<test url="http://www.toplist.cz/images/counter.asp?a=bc&amp;ID=" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TPG-Capital.xml b/src/chrome/content/rules/TPG-Capital.xml
index dc4970baf67e..f0b60d0f98a4 100644
--- a/src/chrome/content/rules/TPG-Capital.xml
+++ b/src/chrome/content/rules/TPG-Capital.xml
@@ -24,7 +24,8 @@ Fetch error: http://neimanmarcus.com/ => https://www.neimanmarcus.com/: None
 	<target host="lastcall.com"/>
 	<target host="www.lastcall.com"/>
 	<target host="neimanmarcus.com"/>
-	<target host="*.neimanmarcus.com"/>
+	<target host="registry.neimanmarcus.com" />
+	<target host="www.neimanmarcus.com" />
 
 	<rule from="^http://(?:www\.)?bergdorfgoodman\.com/"
 		to="https://www.bergdorfgoodman.com/"/>
diff --git a/src/chrome/content/rules/TRUNI.sk.xml b/src/chrome/content/rules/TRUNI.sk.xml
new file mode 100644
index 000000000000..164d7324925c
--- /dev/null
+++ b/src/chrome/content/rules/TRUNI.sk.xml
@@ -0,0 +1,25 @@
+<!--
+    Trnava University
+
+    certificate chain issues:
+
+	- ff.truni.sk
+	- fzsp.truni.sk
+	- idmportal.truni.sk
+	- iuridica.truni.sk
+	- sfeu.truni.sk
+-->
+<ruleset name="TRUNI.sk">
+	<target host="truni.sk" />
+	<target host="www.truni.sk" />
+	<target host="ezp.truni.sk" />
+	<target host="mais.truni.sk" />
+	<target host="moodle.truni.sk" />
+	<target host="pdf.truni.sk" />
+	<target host="strava.truni.sk" />
+	<target host="webmail.truni.sk" />
+
+        <rule from="^http://truni\.sk/" to="https://www.truni.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TRiBot.org.xml b/src/chrome/content/rules/TRiBot.org.xml
index f8014202a549..833ece434812 100644
--- a/src/chrome/content/rules/TRiBot.org.xml
+++ b/src/chrome/content/rules/TRiBot.org.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TSHA_online.org.xml b/src/chrome/content/rules/TSHA_online.org.xml
index 649fee76675f..d6ac73450dfd 100644
--- a/src/chrome/content/rules/TSHA_online.org.xml
+++ b/src/chrome/content/rules/TSHA_online.org.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TSO.co.uk.xml b/src/chrome/content/rules/TSO.co.uk.xml
index 0db903cc31b1..8fcd851116de 100644
--- a/src/chrome/content/rules/TSO.co.uk.xml
+++ b/src/chrome/content/rules/TSO.co.uk.xml
@@ -8,10 +8,11 @@ Non-2xx HTTP code: http://tso.co.uk/ (200) => https://www.tso.co.uk/ (503)
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="TSO.co.uk" default_off='failed ruleset test'>
+<ruleset name="TSO.co.uk" default_off="failed ruleset test">
 
 	<target host="tso.co.uk" />
-	<target host="*.tso.co.uk" />
+	<target host="www.tso.co.uk" />
+	<target host="www.stats.tso.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.tso\.co\.uk$" name=".+" />
@@ -20,7 +21,6 @@ Non-2xx HTTP code: http://tso.co.uk/ (200) => https://www.tso.co.uk/ (503)
 	<rule from="^http://(?:www\.)?tso\.co\.uk/"
 		to="https://www.tso.co.uk/" />
 
-	<rule from="^http://www\.stats\.tso\.co\.uk/"
-		to="https://www.stats.tso.co.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TSOshop.co.uk.xml b/src/chrome/content/rules/TSOshop.co.uk.xml
index 05a202b6be9b..c39c6c2801e4 100644
--- a/src/chrome/content/rules/TSOshop.co.uk.xml
+++ b/src/chrome/content/rules/TSOshop.co.uk.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TSUTAYA.co.jp.xml b/src/chrome/content/rules/TSUTAYA.co.jp.xml
new file mode 100644
index 000000000000..5fb454e51506
--- /dev/null
+++ b/src/chrome/content/rules/TSUTAYA.co.jp.xml
@@ -0,0 +1,45 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- cms.tsutaya.co.jp
+		- concierge.tsutaya.co.jp
+		- ez.tsutaya.co.jp
+		- imovie.tsutaya.co.jp
+		- imusic.tsutaya.co.jp
+		- s.tsutaya.co.jp
+		- store.tsutaya.co.jp
+
+		SSL peer certificate was not OK:
+		- sp.shop.tsutaya.co.jp
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- qa.tsutaya.co.jp
+
+		Status code mismatch:
+		- www.tsutaya.co.jp
+		- sp.tsutaya.co.jp
+
+		Mixed content blocking (MCB) triggered:
+		- shop.tsutaya.co.jp
+-->
+<ruleset name="TSUTAYA.co.jp (partial)">
+	<target host="di.tsutaya.co.jp" />
+	<target host="log.tsutaya.co.jp" />
+	<target host="ssl.tsutaya.co.jp" />
+	<target host="shop.tsutaya.co.jp" />
+	<exclusion pattern="^http://shop\.tsutaya\.co\.jp/$" />
+	<test url="http://shop.tsutaya.co.jp/library/css/base.css" />
+	<test url="http://shop.tsutaya.co.jp/library/css/print.css" />
+	<test url="http://shop.tsutaya.co.jp/library/img/base/ic/btn_shoppinginfo.png" />
+	<test url="http://shop.tsutaya.co.jp/library/img/base/ic/btn_tpoint.png" />
+	<test url="http://shop.tsutaya.co.jp/library/js/globalNaviHeaderShareBlock.js" />
+	<test url="http://shop.tsutaya.co.jp/library/js/tol.js" />
+	<test url="http://shop.tsutaya.co.jp/library/shop/css/dvd/swiper_02.css" />
+	<test url="http://shop.tsutaya.co.jp/library/shop/js/bsn.Crossfader.js" />
+
+	<rule from="^http://shop\.tsutaya\.co\.jp/library/"
+		to="https://shop.tsutaya.co.jp/library/" />
+
+	<rule from="^http://(di|log|ssl)\.tsutaya\.co\.jp/"
+		to="https://$1.tsutaya.co.jp/" />
+</ruleset>
diff --git a/src/chrome/content/rules/TT.se.xml b/src/chrome/content/rules/TT.se.xml
index a0b56b1d7b63..271ce4133b44 100644
--- a/src/chrome/content/rules/TT.se.xml
+++ b/src/chrome/content/rules/TT.se.xml
@@ -1,7 +1,20 @@
+<!-- Problematic subdomains:
+
+		Incomplete certificate chain:
+
+			- text.tt.se
+-->
+
 <ruleset name="TT.se">
-<target host="tt.se" />
-<target host="www.tt.se" />
-<rule from="^http://tt\.se/" to="https://www.tt.se/"/>
-<rule from="^http://www\.tt\.se/" to="https://www.tt.se/"/>
-</ruleset>
+	<target host="tt.se" />
+	<target host="www.tt.se" />
+	<target host="adm.tt.se" />
+	<target host="api.tt.se" />
+	<target host="app.tt.se" />
+	<target host="beta.tt.se" />
+	<target host="spy.tt.se" />
+	<target host="tt.tt.se" />
+	<target host="via.tt.se" />
 
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TU-Chemnitz.de.xml b/src/chrome/content/rules/TU-Chemnitz.de.xml
index a19c73c747bf..507a69a3c7d7 100644
--- a/src/chrome/content/rules/TU-Chemnitz.de.xml
+++ b/src/chrome/content/rules/TU-Chemnitz.de.xml
@@ -22,13 +22,14 @@
 <ruleset name="TU-Chemnitz.de (partial)">
 
 	<target host="tu-chemnitz.de" />
-	<target host="*.tu-chemnitz.de" />
+	<target host="www.tu-chemnitz.de" />
+	<target host="www.bibliothek.tu-chemnitz.de" />
+	<target host="www-user.tu-chemnitz.de" />
 
 
 	<rule from="^http://(?:www\.)?tu-chemnitz\.de/"
 		to="https://www.tu-chemnitz.de/" />
 
-	<rule from="^http://(www\.bibliothek|www-user)\.tu-chemnitz\.de/"
-		to="https://$1.tu-chemnitz.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TU-Darmstadt.de.xml b/src/chrome/content/rules/TU-Darmstadt.de.xml
index b1ac6c7d59a5..62b1b9a20906 100644
--- a/src/chrome/content/rules/TU-Darmstadt.de.xml
+++ b/src/chrome/content/rules/TU-Darmstadt.de.xml
@@ -1,46 +1,285 @@
 <!--
 	Technische Universitaet Darmstadt
 
-
-	Fully covered subdomains:
-
-		- www.cs
-		- idm-bi01.hrz
-		- sso.hrz
-		- www.hrz
-		- www.idm
-		- wiki.cdc.informatik
-		- www.cdc.informatik
-		- www.informatik
-		- www.ulb
-		- www
-
-
 	^tu-darmstadt.de doesn't exist.
 
-
-	These altnames don't exist:
-
-		- cs.tu-darmstadt.de
-		- cdc.cs.tu-darmstadt.de
-		- www.cdc.cs.tu-darmstadt.de
-		- informatik.tu-darmstadt.de
-		- cdc.informatik.tu-darmstadt.de
-
+	This includes: 
+		- all manually added subdomains from 210332db950e2b4a3a89a51ba59c3629dc7c6407
+		- all subdomains from Sublist3r that returned a HTTP200 status code
 -->
-<ruleset name="TU-Darmstadt.de (partial)">
-
-	<target host="*.tu-darmstadt.de" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.cdc|www)\.informatik\.tu-darmstadt\.de$" name="^fe_typo_user$" /-->
+<ruleset name="TU-Darmstadt.de">
 
-	<securecookie host="^www\.(?:cdc\.)?www\.informatik\.tu-darmstadt\.de$" name=".+" />
+	<target host="www.tu-darmstadt.de" />
+	<target host="ai-da.tu-darmstadt.de" />
+	<target host="www.akaflieg.tu-darmstadt.de" />
+	<target host="ehemalige.akaflieg.tu-darmstadt.de" />
+	<target host="konsul.akaflieg.tu-darmstadt.de" />
+	<target host="wiki.akaflieg.tu-darmstadt.de" />
+	<target host="www.arc2019.tu-darmstadt.de" />
+	<target host="help.architektur.tu-darmstadt.de" />
+	<target host="seminarbasar.architektur.tu-darmstadt.de" />
+	<target host="toyblocks.architektur.tu-darmstadt.de" />
+	<target host="webmail.architektur.tu-darmstadt.de" />
+	<target host="auth-reload.asta.tu-darmstadt.de" />
+	<target host="mail.asta.tu-darmstadt.de" />
+	<target host="mail1.asta.tu-darmstadt.de" />
+	<target host="slmg.bauing.tu-darmstadt.de" />
+	<target host="bsprox.verkehr.bauing.tu-darmstadt.de" />
+	<target host="im.compbiol.bio.tu-darmstadt.de" />
+	<target host="office.oc.chemie.tu-darmstadt.de" />
+	<target host="cloud.theo.chemie.tu-darmstadt.de" />
+	<target host="www.cit.tu-darmstadt.de" />
+	<target host="it.crossing.tu-darmstadt.de" />
+	<target host="svn.crossing.tu-darmstadt.de" />
+	<target host="www.crossing-week-2019.tu-darmstadt.de" />
+	<target host="www.cs.tu-darmstadt.de" />
+	<target host="seemoo.cs.tu-darmstadt.de" />
+	<target host="www.seemoo.cs.tu-darmstadt.de" />
+	<target host="svn.cysec.tu-darmstadt.de" />
+	<target host="www.dads.tu-darmstadt.de" />
+	<target host="deutschlandstipendium.tu-darmstadt.de" />
+	<target host="www.dh-concepts.tu-darmstadt.de" />
+	<target host="www.digital-philology.tu-darmstadt.de" />
+	<target host="www.digitalhumanities.tu-darmstadt.de" />
+	<target host="datterich.digitalhumanities.tu-darmstadt.de" />
+	<target host="www.digitalphilology.tu-darmstadt.de" />
+	<target host="www.distributed-ledger-center.tu-darmstadt.de" />
+	<target host="blog.e-learning.tu-darmstadt.de" />
+	<target host="ost.dek.e-technik.tu-darmstadt.de" />
+	<target host="must.emk.e-technik.tu-darmstadt.de" />
+	<target host="pc229.hf.e-technik.tu-darmstadt.de" />
+	<target host="cloud.rtm.e-technik.tu-darmstadt.de" />
+	<target host="mail.rtm.e-technik.tu-darmstadt.de" />
+	<target host="www.ees.tu-darmstadt.de" />
+	<target host="www.energygov.tu-darmstadt.de" />
+	<target host="www.es.tu-darmstadt.de" />
+	<target host="evaluation.tu-darmstadt.de" />
+	<target host="www.fif.tu-darmstadt.de" />
+	<target host="www.filmkreis.tu-darmstadt.de" />
+	<target host="foren.tu-darmstadt.de" />
+	<target host="forum.tu-darmstadt.de" />
+	<target host="www.fsk.tu-darmstadt.de" />
+	<target host="www.fsr.tu-darmstadt.de" />
+	<target host="gomera.geo.tu-darmstadt.de" />
+	<target host="www.glr.tu-darmstadt.de" />
+	<target host="www.gugw.tu-darmstadt.de" />
+	<target host="247-230.gugw.tu-darmstadt.de" />
+	<target host="office.247-230.gugw.tu-darmstadt.de" />
+	<target host="247-232.gugw.tu-darmstadt.de" />
+	<target host="247-233.gugw.tu-darmstadt.de" />
+	<target host="test2.247-233.gugw.tu-darmstadt.de" />
+	<target host="test3.247-233.gugw.tu-darmstadt.de" />
+	<target host="test4.247-233.gugw.tu-darmstadt.de" />
+	<target host="cloud.gugw.tu-darmstadt.de" />
+	<target host="office.cloud.gugw.tu-darmstadt.de" />
+	<target host="fb2-pc202.gugw.tu-darmstadt.de" />
+	<target host="ifs-pc206.gugw.tu-darmstadt.de" />
+	<target host="lists.gugw.tu-darmstadt.de" />
+	<target host="mail.gugw.tu-darmstadt.de" />
+	<target host="saturn.chaos.hg.tu-darmstadt.de" />
+	<target host="uranus.chaos.hg.tu-darmstadt.de" />
+	<target host="cloud.chor.hg.tu-darmstadt.de" />
+	<target host="intern.chor.hg.tu-darmstadt.de" />
+	<target host="wiki.chor.hg.tu-darmstadt.de" />
+	<target host="server.sailingteam.hg.tu-darmstadt.de" />
+	<target host="ipa.wegerecht.hg.tu-darmstadt.de" />
+	<target host="piwigo.wegerecht.hg.tu-darmstadt.de" />
+	<target host="wgr1.wegerecht.hg.tu-darmstadt.de" />
+	<target host="www.hrz.tu-darmstadt.de" />
+	<target host="arswww.hrz.tu-darmstadt.de" />
+	<target host="arswww-dev.hrz.tu-darmstadt.de" />
+	<target host="cgi.hrz.tu-darmstadt.de" />
+	<target host="download.hrz.tu-darmstadt.de" />
+	<target host="mahara.hrz.tu-darmstadt.de" />
+	<target host="mail-control.hrz.tu-darmstadt.de" />
+	<target host="medienportal.hrz.tu-darmstadt.de" />
+	<target host="download.mmag.hrz.tu-darmstadt.de" />
+	<target host="moodle-schulung.hrz.tu-darmstadt.de" />
+	<target host="cup1.net.hrz.tu-darmstadt.de" />
+	<target host="cup2.net.hrz.tu-darmstadt.de" />
+	<target host="cup3.net.hrz.tu-darmstadt.de" />
+	<target host="cup4.net.hrz.tu-darmstadt.de" />
+	<target host="mrtg.net.hrz.tu-darmstadt.de" />
+	<target host="olw-material.hrz.tu-darmstadt.de" />
+	<target host="openlearnware.hrz.tu-darmstadt.de" />
+	<target host="testolw.hrz.tu-darmstadt.de" />
+	<target host="testolw-material.hrz.tu-darmstadt.de" />
+	<target host="ticket.hrz.tu-darmstadt.de" />
+	<target host="www-cgi.hrz.tu-darmstadt.de" />
+	<target host="www-cgi03.hrz.tu-darmstadt.de" />
+	<target host="www.idm.tu-darmstadt.de" />
+	<target host="imap.ifs.tu-darmstadt.de" />
+	<target host="development.l3ams.ifs.tu-darmstadt.de" />
+	<target host="smtp.ifs.tu-darmstadt.de" />
+	<target host="typo3.ifs.tu-darmstadt.de" />
+	<target host="www.informatik.tu-darmstadt.de" />
+	<target host="www.algo.informatik.tu-darmstadt.de" />
+	<target host="nabla.algo.informatik.tu-darmstadt.de" />
+	<target host="testing.algo.informatik.tu-darmstadt.de" />
+	<target host="cast.informatik.tu-darmstadt.de" />
+	<target host="cfp.cast.informatik.tu-darmstadt.de" />
+	<target host="www.cdc.informatik.tu-darmstadt.de" />
+	<target host="crossing-cloud.cdc.informatik.tu-darmstadt.de" />
+	<target host="longtermsecurity.cdc.informatik.tu-darmstadt.de" />
+	<target host="roundcube.cdc.informatik.tu-darmstadt.de" />
+	<target host="svn.cdc.informatik.tu-darmstadt.de" />
+	<target host="aud.cryptoplexity.informatik.tu-darmstadt.de" />
+	<target host="doku.dekanat.informatik.tu-darmstadt.de" />
+	<target host="www.esa.informatik.tu-darmstadt.de" />
+	<target host="pw.esa.informatik.tu-darmstadt.de" />
+	<target host="daswesentliche.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="glados.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="host37.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="mail.fachschaft.informatik.tu-darmstadt.de" />
+	<target host="hiwis.informatik.tu-darmstadt.de" />
+	<target host="www.ias.informatik.tu-darmstadt.de" />
+	<target host="lehre.ias.informatik.tu-darmstadt.de" />
+	<target host="mail.ias.informatik.tu-darmstadt.de" />
+	<target host="minsky.ias.informatik.tu-darmstadt.de" />
+	<target host="www.mais.informatik.tu-darmstadt.de" />
+	<target host="www.ml.informatik.tu-darmstadt.de" />
+	<target host="mon-01.informatik.tu-darmstadt.de" />
+	<target host="moodle.informatik.tu-darmstadt.de" />
+	<target host="www.parallel.informatik.tu-darmstadt.de" />
+	<target host="icinga.rbg.informatik.tu-darmstadt.de" />
+	<target host="mypage.rbg.informatik.tu-darmstadt.de" />
+	<target host="tools.rbg.informatik.tu-darmstadt.de" />
+	<target host="vm4.rbg.informatik.tu-darmstadt.de" />
+	<target host="adimat.sc.informatik.tu-darmstadt.de" />
+	<target host="scm.informatik.tu-darmstadt.de" />
+	<target host="seemoo.informatik.tu-darmstadt.de" />
+	<target host="www.seemoo.informatik.tu-darmstadt.de" />
+	<target host="share.informatik.tu-darmstadt.de" />
+	<target host="www.sit.informatik.tu-darmstadt.de" />
+	<target host="www.student.informatik.tu-darmstadt.de" />
+	<target host="coffee.tk.informatik.tu-darmstadt.de" />
+	<target host="recording.tk.informatik.tu-darmstadt.de" />
+	<target host="tupass.tk.informatik.tu-darmstadt.de" />
+	<target host="bugzilla.ukp.informatik.tu-darmstadt.de" />
+	<target host="dhconvalidator.ukp.informatik.tu-darmstadt.de" />
+	<target host="public.ukp.informatik.tu-darmstadt.de" />
+	<target host="wiki.ukp.informatik.tu-darmstadt.de" />
+	<target host="web.informatik.tu-darmstadt.de" />
+	<target host="cloud.ise.tu-darmstadt.de" />
+	<target host="survey.ise.tu-darmstadt.de" />
+	<target host="www.fachschaft.ist.tu-darmstadt.de" />
+	<target host="www.konaktiva.tu-darmstadt.de" />
+	<target host="kondb.konaktiva.tu-darmstadt.de" />
+	<target host="messe.konaktiva.tu-darmstadt.de" />
+	<target host="portal.konaktiva.tu-darmstadt.de" />
+	<target host="www.korruptionsforschung.tu-darmstadt.de" />
+	<target host="imap.kritis.tu-darmstadt.de" />
+	<target host="smtp.kritis.tu-darmstadt.de" />
+	<target host="imap.linglit.tu-darmstadt.de" />
+	<target host="smtp.linglit.tu-darmstadt.de" />
+	<target host="socialmedia.linglit.tu-darmstadt.de" />
+	<target host="lists.tu-darmstadt.de" />
+	<target host="vs04.lzm.maschinenbau.tu-darmstadt.de" />
+	<target host="mail.ptu.maschinenbau.tu-darmstadt.de" />
+	<target host="support.vkm.maschinenbau.tu-darmstadt.de" />
+	<target host="fb04142.mathematik.tu-darmstadt.de" />
+	<target host="linux.mathematik.tu-darmstadt.de" />
+	<target host="linux2.mathematik.tu-darmstadt.de" />
+	<target host="num.mathematik.tu-darmstadt.de" />
+	<target host="numawww.mathematik.tu-darmstadt.de" />
+	<target host="osm.mathematik.tu-darmstadt.de" />
+	<target host="svn.mathematik.tu-darmstadt.de" />
+	<target host="wwwdid.mathematik.tu-darmstadt.de" />
+	<target host="wwwrt.mathematik.tu-darmstadt.de" />
+	<target host="moodle.tu-darmstadt.de" />
+	<target host="www.neue-politische-literatur.tu-darmstadt.de" />
+	<target host="nicer.tu-darmstadt.de" />
+	<target host="www.nicer.tu-darmstadt.de" />
+	<target host="www.oapp.tu-darmstadt.de" />
+	<target host="olw.tu-darmstadt.de" />
+	<target host="www.olw.tu-darmstadt.de" />
+	<target host="openlearnware.tu-darmstadt.de" />
+	<target host="www.openlearnware.tu-darmstadt.de" />
+	<target host="www.owl.tu-darmstadt.de" />
+	<target host="imap.pg.tu-darmstadt.de" />
+	<target host="smtp.pg.tu-darmstadt.de" />
+	<target host="imap.phil.tu-darmstadt.de" />
+	<target host="smtp.phil.tu-darmstadt.de" />
+	<target host="www.fachschaft.physik.tu-darmstadt.de" />
+	<target host="dev.fachschaft.physik.tu-darmstadt.de" />
+	<target host="chaos3.fkp.physik.tu-darmstadt.de" />
+	<target host="element.fkp.physik.tu-darmstadt.de" />
+	<target host="ezra.fkp.physik.tu-darmstadt.de" />
+	<target host="gp-portal.physik.tu-darmstadt.de" />
+	<target host="chaos.iap.physik.tu-darmstadt.de" />
+	<target host="ernie.iap.physik.tu-darmstadt.de" />
+	<target host="mailhost.iap.physik.tu-darmstadt.de" />
+	<target host="crunch.ikp.physik.tu-darmstadt.de" />
+	<target host="lwapsr.ikp.physik.tu-darmstadt.de" />
+	<target host="targetlab.ikp.physik.tu-darmstadt.de" />
+	<target host="theorie.ikp.physik.tu-darmstadt.de" />
+	<target host="mailhost.physik.tu-darmstadt.de" />
+	<target host="olav.physik.tu-darmstadt.de" />
+	<target host="prp0.prp.physik.tu-darmstadt.de" />
+	<target host="www.pmv.tu-darmstadt.de" />
+	<target host="www.ptu.tu-darmstadt.de" />
+	<target host="www.ptw.tu-darmstadt.de" />
+	<target host="ticket.pvw.tu-darmstadt.de" />
+	<target host="www1.rmr.tu-darmstadt.de" />
+	<target host="www.rsm.tu-darmstadt.de" />
+	<target host="www1.rtm.tu-darmstadt.de" />
+	<target host="seemoo.tu-darmstadt.de" />
+	<target host="www.seemoo.tu-darmstadt.de" />
+	<target host="account.seemoo.tu-darmstadt.de" />
+	<target host="auth01.seemoo.tu-darmstadt.de" />
+	<target host="icnp.seemoo.tu-darmstadt.de" />
+	<target host="lectures.seemoo.tu-darmstadt.de" />
+	<target host="share.seemoo.tu-darmstadt.de" />
+	<target host="team.seemoo.tu-darmstadt.de" />
+	<target host="welcome.seemoo.tu-darmstadt.de" />
+	<target host="www.self-assessment.tu-darmstadt.de" />
+	<target host="analytics.self-assessment.tu-darmstadt.de" />
+	<target host="www.sfb1194.tu-darmstadt.de" />
+	<target host="www.sfb1245.tu-darmstadt.de" />
+	<target host="securitylab.sit.tu-darmstadt.de" />
+	<target host="imap.stadtforschung.tu-darmstadt.de" />
+	<target host="smtp.stadtforschung.tu-darmstadt.de" />
+	<target host="www.tdt.tu-darmstadt.de" />
+	<target host="www.tfi.tu-darmstadt.de" />
+	<target host="imap.theol.tu-darmstadt.de" />
+	<target host="smtp.theol.tu-darmstadt.de" />
+	<target host="www.theologie.tu-darmstadt.de" />
+	<target host="www.ttd.tu-darmstadt.de" />
+	<target host="www.tucan.tu-darmstadt.de" />
+	<target host="wwwvs.tucan.tu-darmstadt.de" />
+	<target host="www.tuday.tu-darmstadt.de" />
+	<target host="www.ulb.tu-darmstadt.de" />
+	<target host="astarchiv.ulb.tu-darmstadt.de" />
+	<target host="buechner.ulb.tu-darmstadt.de" />
+	<target host="hertz.ulb.tu-darmstadt.de" />
+	<target host="imd-test.ulb.tu-darmstadt.de" />
+	<target host="kompass.ulb.tu-darmstadt.de" />
+	<target host="kompass-dev.ulb.tu-darmstadt.de" />
+	<target host="kompass-hmz.ulb.tu-darmstadt.de" />
+	<target host="kompass-hmz-dev.ulb.tu-darmstadt.de" />
+	<target host="leitsystem.ulb.tu-darmstadt.de" />
+	<target host="static.ulb.tu-darmstadt.de" />
+	<target host="tickets.ulb.tu-darmstadt.de" />
+	<target host="tubama.ulb.tu-darmstadt.de" />
+	<target host="tubiblio.ulb.tu-darmstadt.de" />
+	<target host="tudata-test.ulb.tu-darmstadt.de" />
+	<target host="tudatalib.ulb.tu-darmstadt.de" />
+	<target host="tudmo.ulb.tu-darmstadt.de" />
+	<target host="tudmo-test.ulb.tu-darmstadt.de" />
+	<target host="tujournals.ulb.tu-darmstadt.de" />
+	<target host="tuprints.ulb.tu-darmstadt.de" />
+	<target host="ulbiblio.ulb.tu-darmstadt.de" />
+	<target host="zci.ulb.tu-darmstadt.de" />
+	<target host="online-anmeldung.usz.tu-darmstadt.de" />
+	<target host="www.veranstaltungskalender.tu-darmstadt.de" />
+	<target host="psgd-nas.ipg.verm.tu-darmstadt.de" />
+	<target host="www.vwl2.wi.tu-darmstadt.de" />
+	<target host="www.vwl3.wi.tu-darmstadt.de" />
+	<target host="imap.wissensordnung.tu-darmstadt.de" />
+	<target host="smtp.wissensordnung.tu-darmstadt.de" />
+	<target host="www-cgi.tu-darmstadt.de" />
 
 
-	<rule from="^http://(www\.cs|(?:idm-bi01|sso|www)\.hrz|www\.idm|(?:(?:wiki|www)\.cdc|www)\.informatik|www\.ulb|www)\.tu-darmstadt\.de/"
-		to="https://$1.tu-darmstadt.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TU-I-TAM.xml b/src/chrome/content/rules/TU-I-TAM.xml
index c79260c9ee6e..e3a9a1f2f956 100644
--- a/src/chrome/content/rules/TU-I-TAM.xml
+++ b/src/chrome/content/rules/TU-I-TAM.xml
@@ -5,12 +5,12 @@ Fetch error: http://tuitam.pl/ => https://tuitam.pl/: (60, 'SSL certificate prob
 Fetch error: http://www.tuitam.pl/ => https://www.tuitam.pl/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="TU I TAM" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="TU I TAM" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="tuitam.pl"/>
 	<target host="www.tuitam.pl"/>
 
-	<securecookie host="^(?:.*\.)?tuitam\.pl$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/TU-Ilmenau.de.xml b/src/chrome/content/rules/TU-Ilmenau.de.xml
index 26edb00c889d..a5568d363f58 100644
--- a/src/chrome/content/rules/TU-Ilmenau.de.xml
+++ b/src/chrome/content/rules/TU-Ilmenau.de.xml
@@ -13,7 +13,8 @@
 <ruleset name="TU-Ilmenau.de">
 
 	<target host="tu-ilmenau.de" />
-	<target host="*.tu-ilmenau.de" />
+	<target host="www.tu-ilmenau.de" />
+	<target host="wwwtest.tu-ilmenau.de" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/TUE.nl.xml b/src/chrome/content/rules/TUE.nl.xml
index 96fe996e5d04..4a02394730b9 100644
--- a/src/chrome/content/rules/TUE.nl.xml
+++ b/src/chrome/content/rules/TUE.nl.xml
@@ -28,7 +28,7 @@ Fetch error: http://m.ond.tue.nl/ => https://m.ond.tue.nl/: (51, "SSL: no altern
 		- www.static.tue.nl
 
 -->
-<ruleset name="TUE.nl (partial)" default_off='failed ruleset test'>
+<ruleset name="TUE.nl (partial)" default_off="failed ruleset test">
 
 	<target host="tue.nl" />
 	<target host="m.edu.tue.nl" />
diff --git a/src/chrome/content/rules/TUGraz.at.xml b/src/chrome/content/rules/TUGraz.at.xml
index 9e333c247150..6b7df774977e 100644
--- a/src/chrome/content/rules/TUGraz.at.xml
+++ b/src/chrome/content/rules/TUGraz.at.xml
@@ -69,16 +69,24 @@ Fetch error: http://online.tu-graz.ac.at/ => https://online.tu-graz.ac.at/: (51,
 	* Unsecurable <= 404
 
 -->
-<ruleset name="TUGRaz.at (partial)" default_off='failed ruleset test'>
-
-	<target host="*.tugraz.at" />
+<ruleset name="TUGRaz.at (partial)" default_off="failed ruleset test">
+
+	<target host="analytics.tugraz.at" />
+	<target host="www.campusonline.tugraz.at" />
+	<target host="dav-id.tugraz.at" />
+	<target host="donation.tugraz.at" />
+	<target host="jce.iaik.tugraz.at" />
+	<target host="online.tugraz.at" />
+	<target host="portal.tugraz.at" />
+	<target host="sso.tugraz.at" />
+	<target host="tu4u.tugraz.at" />
+	<target host="tugnet.tugraz.at" />
+	<target host="www.zid.tugraz.at" />
 		<!--exclusion pattern="^http://(campusonline|institute|lamp|presse|tugnet|(www\.)?zid|www)\.tugraz\.at/" /-->
 		<exclusion pattern="^http://portal\.tugraz\.at/+(?!tugraz/sso/login\?site2pstoretoken=)" />
 	<target host="online.tu-graz.ac.at" />
 
 
-	<rule from="^http://(analytics|www\.campusonline|dav-id|donation|jce\.iaik|online|portal|sso|tu4u)\.tugraz\.at/"
-		to="https://$1.tugraz.at/" />
 
 	<rule from="^http://tugnet\.tugraz\.at/"
 		to="https://portal.tugraz.at/portal/page/portal/zid/netzwerk/" />
@@ -86,7 +94,6 @@ Fetch error: http://online.tu-graz.ac.at/ => https://online.tu-graz.ac.at/: (51,
 	<rule from="^http://www\.zid\.tugraz\.at/"
 		to="https://portal.tugraz.at/portal/page/portal/zid/" />
 
-	<rule from="^http://online\.tu-graz\.ac\.at/"
-		to="https://online.tu-graz.ac.at/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TUHH.de.xml b/src/chrome/content/rules/TUHH.de.xml
index a63f7c99ff9c..f147ea42b13a 100644
--- a/src/chrome/content/rules/TUHH.de.xml
+++ b/src/chrome/content/rules/TUHH.de.xml
@@ -40,7 +40,7 @@
 	<target host="intranet.v.tuhh.de" />
 	<target host="www.tuhh.de" />
 		<!--exclusion pattern="^http://asta\.tu-harburg\.de/" /-->
-	
+
 		<!--exclusion pattern="^http://pdf\.v\.tuhh\.de/" /-->
 
 
diff --git a/src/chrome/content/rules/TUKE.sk.xml b/src/chrome/content/rules/TUKE.sk.xml
new file mode 100644
index 000000000000..d7c793ae45de
--- /dev/null
+++ b/src/chrome/content/rules/TUKE.sk.xml
@@ -0,0 +1,20 @@
+<!--
+    certificate chain issues:
+	- www.lib.tuke.sk
+	- kip.tuke.sk
+	- web.tuke.sk
+	- www.sdaj.tuke.sk
+-->
+<ruleset name="TUKE.sk">
+	<target host="tuke.sk" />
+	<target host="www.tuke.sk" />
+	<target host="kj.tuke.sk" />
+	<target host="uvt.tuke.sk" />
+	<target host="ktv.tuke.sk" />
+	<target host="accesscentre.tuke.sk" />
+	<target host="www.uvptechnicom.sk" />
+	<target host="eprihlaska.tuke.sk" />
+	<target host="studium.tuke.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TUT.fi.xml b/src/chrome/content/rules/TUT.fi.xml
index 4fb0f8568eb0..3d5be1a5a214 100644
--- a/src/chrome/content/rules/TUT.fi.xml
+++ b/src/chrome/content/rules/TUT.fi.xml
@@ -13,7 +13,8 @@
 -->
 <ruleset name="TUT.fi (partial)">
 
-	<target host="*.tut.fi" />
+	<target host="www.cs.tut.fi" />
+	<target host="idp.tut.fi" />
 
 
 	<!--	Secured by server:
@@ -27,7 +28,6 @@
 	<securecookie host="^idp\.tut\.fi$" name=".+" />
 
 
-	<rule from="^http://(www\.cs|idp)\.tut\.fi/"
-		to="https://$1.tut.fi/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TUZVO.sk.xml b/src/chrome/content/rules/TUZVO.sk.xml
new file mode 100644
index 000000000000..368ddf137823
--- /dev/null
+++ b/src/chrome/content/rules/TUZVO.sk.xml
@@ -0,0 +1,13 @@
+<ruleset name="TUZVO.sk">
+	<target host="tuzvo.sk" />
+	<target host="www.tuzvo.sk" />
+	<target host="dokumenty.tuzvo.sk" />
+	<target host="books.tuzvo.sk" />
+	<target host="sdj.tuzvo.sk" />
+	<target host="is.tuzvo.sk" />
+	<target host="sldk.tuzvo.sk" />
+	<target host="cdv.tuzvo.sk" />
+	<target host="cit.tuzvo.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TV2.dk-mixedcontent.xml b/src/chrome/content/rules/TV2.dk-mixedcontent.xml
index 416583719646..be5d40d6557d 100644
--- a/src/chrome/content/rules/TV2.dk-mixedcontent.xml
+++ b/src/chrome/content/rules/TV2.dk-mixedcontent.xml
@@ -8,11 +8,11 @@ Fetch error: http://mad.tv2.dk/ => https://mad.tv2.dk/: Too many redirects while
 <!--
 	See TV2.dk.xml for all comments on this rule.
 -->
-<ruleset name="TV2.dk (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="TV2.dk (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="google.tv2.dk" />
 	<target host="mad.tv2.dk" />
 	<target host="ttv.tv2.dk" />
-	
+
 	<rule from="^http:"
 		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/TV4Play.se.xml b/src/chrome/content/rules/TV4Play.se.xml
index 9174b91ca794..74f6c33b9829 100644
--- a/src/chrome/content/rules/TV4Play.se.xml
+++ b/src/chrome/content/rules/TV4Play.se.xml
@@ -27,7 +27,7 @@ Connection refused:
 	- ^
 	- api.tv4play.se
 -->
-<ruleset name="TV4play.se"  default_off='failed ruleset test'>
+<ruleset name="TV4play.se"  default_off="failed ruleset test">
 
 	<target host="account.services.tv4play.se" />
 	<target host="android.tv4play.se" />
diff --git a/src/chrome/content/rules/TVBrowser.org.xml b/src/chrome/content/rules/TVBrowser.org.xml
index b30da1665647..abbac6d1d099 100644
--- a/src/chrome/content/rules/TVBrowser.org.xml
+++ b/src/chrome/content/rules/TVBrowser.org.xml
@@ -36,7 +36,8 @@
 <ruleset name="TVBrowser.org" default_off="mismatched, self-signed" platform="mixedcontent">
 
 	<target host="tvbrowser.org" />
-	<target host="*.tvbrowser.org" />
+	<target host="hilfe.tvbrowser.org" />
+	<target host="www.tvbrowser.org" />
 
 
 	<securecookie host="^(?:\.hilfe\.)?tvbrowser\.org$" name=".+" />
@@ -45,4 +46,4 @@
 	<rule from="^http://(?:(hilfe\.)|www\.)?tvbrowser\.org/"
 		to="https://$1tvbrowser.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TVLinks.xml b/src/chrome/content/rules/TVLinks.xml
deleted file mode 100644
index 83f5c40e5a67..000000000000
--- a/src/chrome/content/rules/TVLinks.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional domains:
-
-		- (www.)tv-links.eu	(times out)
-
--->
-<ruleset name="TVLinks (partial)">
-
-	<target host="*.tvlim.com" />
-
-
-	<rule from="^http://i\.tvlim\.com/"
-		to="https://d2hhnaah6fgxxa.cloudfront.net/" />
-
-	<rule from="^http://s\.tvlim\.com/"
-		to="https://d1fv5i6aszv8fs.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TVMaze.com.xml b/src/chrome/content/rules/TVMaze.com.xml
new file mode 100644
index 000000000000..1405cc43fe76
--- /dev/null
+++ b/src/chrome/content/rules/TVMaze.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="TVmaze.com">
+		<target host="tvmaze.com" />
+        <target host="www.tvmaze.com" />
+        
+        <target host="static.tvmaze.com" />
+        <target host="api.tvmaze.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TVNZ.xml b/src/chrome/content/rules/TVNZ.xml
index 1907be3489ad..abc5542e319f 100644
--- a/src/chrome/content/rules/TVNZ.xml
+++ b/src/chrome/content/rules/TVNZ.xml
@@ -44,7 +44,7 @@
 
 	<rule from="^http://shop\.tvnz\.co\.nz/"
 		to="https://store-prbg35.mybigcommerce.com/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/TVNewsCheck.com.xml b/src/chrome/content/rules/TVNewsCheck.com.xml
index 646364441346..d46e16e83f48 100644
--- a/src/chrome/content/rules/TVNewsCheck.com.xml
+++ b/src/chrome/content/rules/TVNewsCheck.com.xml
@@ -11,11 +11,12 @@
 <ruleset name="TVNewsCheck.com (partial)">
 
 	<target host="tvnewscheck.com" />
-	<target host="*.tvnewscheck.com" />
+	<target host="assets.tvnewscheck.com" />
+	<target host="www.tvnewscheck.com" />
 		<exclusion pattern="^http://(?:www\.)?tvnewscheck\.com/(?!asset/|/?playout/wp-content/|resource/|sites/|sso/)" />
 
 
 	<rule from="^http://(?:assets\.|www\.)?tvnewscheck\.com/"
 		to="https://www.tvnewscheck.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TVTropes.org.xml b/src/chrome/content/rules/TVTropes.org.xml
new file mode 100644
index 000000000000..c26877945bee
--- /dev/null
+++ b/src/chrome/content/rules/TVTropes.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="TVTropes.org">
+
+	<target host="tvtropes.org" />
+	<target host="www.tvtropes.org" />
+	<target host="static.tvtropes.org" />
+		<test url="http://static.tvtropes.org/pmwiki/pub/images/christmas_m-ms_5132.jpg" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TV_Nutt.com.xml b/src/chrome/content/rules/TV_Nutt.com.xml
deleted file mode 100644
index 37de00bf5b92..000000000000
--- a/src/chrome/content/rules/TV_Nutt.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- tvnutt.com
-		- www.tvnutt.com
-
-
-	Mixed content:
-
-		- iframe on www.twnutt.com from www.google.com
-
-		- css, on:
-
-			- www.tvnutt.com from fonts.googleapis.com
-			- www.tvnutt.com from www.tvweeklynow.com
-
--->
-<ruleset name="TV Nutt.com (false MCB)" platform="mixedcontent">
-
-	<target host="tvnutt.com" />
-	<target host="www.tvnutt.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?tvnutt\.com$" name="^DARKSITE$" /-->
-
-	<securecookie host="^(?:www\.)?tvnutt\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TV_Tropes.xml b/src/chrome/content/rules/TV_Tropes.xml
deleted file mode 100644
index 40a79aded7aa..000000000000
--- a/src/chrome/content/rules/TV_Tropes.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	CDN buckets:
-
-		- gp1.wac.edgecastcdn.net/00A20D/
-
-			- static
-
-
-	Nonfunctional domains:
-
-		- mediatropes.info *
-		- (www.)tvtropes.org *
-
-	* Reset
-
--->
-<ruleset name="TV Tropes (partial)" default_off="webmaster request">
-
-	<target host="static.mediatropes.info" />
-	<target host="static.tvtropes.org" />
-
-
-	<rule from="^http://static\.(?:mediatropes\.info|tvtropes\.org)/"
-		to="https://gp1.wac.edgecastcdn.net/00A20D/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TWRP.xml b/src/chrome/content/rules/TWRP.xml
index 0dd2eb38a7b6..a106ac0a4ee0 100644
--- a/src/chrome/content/rules/TWRP.xml
+++ b/src/chrome/content/rules/TWRP.xml
@@ -14,6 +14,6 @@
 
 	<securecookie host="^.*\.twrp\.me$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TXT.ca.xml b/src/chrome/content/rules/TXT.ca.xml
new file mode 100644
index 000000000000..89db350b6f5d
--- /dev/null
+++ b/src/chrome/content/rules/TXT.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TXT.ca">
+	<target host="txt.ca" />
+	<target host="www.txt.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TYPO3.org-falsemixed.xml b/src/chrome/content/rules/TYPO3.org-falsemixed.xml
index e4a891b17b61..b441b954a5b4 100644
--- a/src/chrome/content/rules/TYPO3.org-falsemixed.xml
+++ b/src/chrome/content/rules/TYPO3.org-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://flow.typo3.org/ => https://flow.typo3.org/: (51, "SSL: no al
 	For rules not causing false/broken MCB, see TYPO3.xml.
 
 -->
-<ruleset name="TYPO3.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="TYPO3.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="flow.typo3.org" />
 
diff --git a/src/chrome/content/rules/TYPO3.xml b/src/chrome/content/rules/TYPO3.xml
index 986a9a2beaf9..5345a26447ad 100644
--- a/src/chrome/content/rules/TYPO3.xml
+++ b/src/chrome/content/rules/TYPO3.xml
@@ -5,11 +5,6 @@ Fetch error: http://flow.typo3.org/_Resources/Static/Packages/TYPO3.FlowTypo3Org
 
 	For rules causing false/broken MCB, see TYPO3.org-falsemixed.xml.
 
-	Other TYPO3 rulesets:
-
-		- T3Blog.com.xml
-
-
 	Nonfunctional hosts in *typo3.org:
 
 		- demo ¹
@@ -46,7 +41,7 @@ Fetch error: http://flow.typo3.org/_Resources/Static/Packages/TYPO3.FlowTypo3Org
 	⁴ Secured by us
 
 -->
-<ruleset name="TYPO3.org (partial)" default_off='failed ruleset test'>
+<ruleset name="TYPO3.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TZ.de.xml b/src/chrome/content/rules/TZ.de.xml
index 54ffead3aa78..df98030befc0 100644
--- a/src/chrome/content/rules/TZ.de.xml
+++ b/src/chrome/content/rules/TZ.de.xml
@@ -1,9 +1,26 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Covered by other rulesets:
+		on.tz.de (Bitly_branded_short_domains.xml)
+
+	Timeout:
+		media.tz.de
+-->
 <ruleset name="TZ.de">
 
-	<target host="tz.de"/>
-	<target host="www.tz.de"/>
-	<!-- mismatch for markt.tz.de & lust.tz.de -->
+	<target host="tz.de" />
+	<target host="www.tz.de" />
+	<target host="abo.tz.de" />
+	<target host="www.abo.tz.de" />
+	<target host="lust.tz.de" />
+	<target host="markt.lust.tz.de" />
+	<target host="markt.tz.de" />
+	<target host="playground.tz.de" />
+	<target host="promo.tz.de" />
+
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" to="https:"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TaDst.com.xml b/src/chrome/content/rules/TaDst.com.xml
index 6c5e60fa7cc2..507f5d574034 100644
--- a/src/chrome/content/rules/TaDst.com.xml
+++ b/src/chrome/content/rules/TaDst.com.xml
@@ -15,7 +15,8 @@
 -->
 <ruleset name="TaDst.com">
 
-	<target host="*.tadst.com" />
+	<target host="a.tadst.com" />
+	<target host="c.tadst.com" />
 
 
 	<rule from="^http://[ac]\.tadst\.com/"
diff --git a/src/chrome/content/rules/Taboola.xml b/src/chrome/content/rules/Taboola.xml
index 88cb121af500..0d4144c888d0 100644
--- a/src/chrome/content/rules/Taboola.xml
+++ b/src/chrome/content/rules/Taboola.xml
@@ -5,18 +5,17 @@
 	CDN buckets:
 		- orig-1000[23].taboola.cotcdn.net
 
-	Problematic subdomains:
-		- cannes2016	(invalid cert; mismatch)
-		- dev-www (timeout)
-		- events (invalid cert)
-		- pages (invalid cert)
-		- vrc	(expired)
+	Invalid certificate:
+		- cannes2016.taboola.com
+		- events.taboola.com
+		- pages.taboola.com
 -->
-<ruleset name="Taboola">
 
+<ruleset name="Taboola">
 	<target host="taboola.com" />
 	<target host="www.taboola.com" />
 	<target host="15.taboola.com" />
+	<target host="accessrequest.taboola.com" />
 	<target host="am-trc.taboola.com" />
 	<target host="api.taboola.com" />
 	<target host="authentication.taboola.com" />
@@ -40,6 +39,7 @@
 	<target host="gallery.taboola.com" />
 	<target host="go.taboola.com" />
 	<target host="help.taboola.com" />
+	<target host="il-vpn.taboola.com" />
 	<target host="images.taboola.com" />
 	<target host="japanese.taboola.com" />
 	<target host="jobs.taboola.com" />
@@ -48,6 +48,7 @@
 	<target host="la-trc.taboola.com" />
 	<target host="mb.taboola.com" />
 	<target host="netstorage.taboola.com" />
+	<target host="newsroom-help.taboola.com" />
 	<target host="newsroomhelp.taboola.com" />
 	<target host="nr.taboola.com" />
 	<target host="opps.taboola.com" />
@@ -64,5 +65,4 @@
 	<securecookie host="^www\.taboola\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Tactical_Tech.org.xml b/src/chrome/content/rules/Tactical_Tech.org.xml
index e09ca209f58f..5a719cef843f 100644
--- a/src/chrome/content/rules/Tactical_Tech.org.xml
+++ b/src/chrome/content/rules/Tactical_Tech.org.xml
@@ -5,7 +5,6 @@ Fetch error: http://protect.tacticaltech.org/ => https://protect.tacticaltech.or
 
 	Other Tactical Technology rulesets:
 
-		- Drawing_by_Numbers.org.xml
 		- Exposing_the_Invisible.org.xml
 		- Informationactivism.org.xml
 		- My_Shadow.com.xml
@@ -35,7 +34,7 @@ Fetch error: http://protect.tacticaltech.org/ => https://protect.tacticaltech.or
 	* Secured by us
 
 -->
-<ruleset name="Tactical Tech.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Tactical Tech.org (partial)" default_off="failed ruleset test">
 
 	<target host="tacticaltech.org" />
 	<target host="analytics.tacticaltech.org" />
diff --git a/src/chrome/content/rules/TafasirStore.com.xml b/src/chrome/content/rules/TafasirStore.com.xml
new file mode 100644
index 000000000000..dce05c286f57
--- /dev/null
+++ b/src/chrome/content/rules/TafasirStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TafasirStore.com">
+	<target host="tafasirstore.com" />
+	<target host="www.tafasirstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tafsir.one.xml b/src/chrome/content/rules/Tafsir.one.xml
new file mode 100644
index 000000000000..b7aef7dcb4d7
--- /dev/null
+++ b/src/chrome/content/rules/Tafsir.one.xml
@@ -0,0 +1,8 @@
+<ruleset name="Tafsir.one">
+	<target host="kalimah.tafsir.one" />
+	<target host="read.tafsir.one" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TafsirStore.com.xml b/src/chrome/content/rules/TafsirStore.com.xml
new file mode 100644
index 000000000000..380059c2c796
--- /dev/null
+++ b/src/chrome/content/rules/TafsirStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TafsirStore.com">
+	<target host="tafsirstore.com" />
+	<target host="www.tafsirstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TagMan.xml b/src/chrome/content/rules/TagMan.xml
index aafe8f893e3b..89f1dfd87564 100644
--- a/src/chrome/content/rules/TagMan.xml
+++ b/src/chrome/content/rules/TagMan.xml
@@ -16,7 +16,7 @@ Fetch error: http://admin.tagman.com/ => https://admin.tagman.com/: (60, 'SSL ce
 	* Refused
 
 -->
-<ruleset name="TagMan (partial)" default_off='failed ruleset test'>
+<ruleset name="TagMan (partial)" default_off="failed ruleset test">
 
 	<target host="admin.tagman.com" />
 
@@ -26,4 +26,4 @@ Fetch error: http://admin.tagman.com/ => https://admin.tagman.com/: (60, 'SSL ce
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tagasauris.com.xml b/src/chrome/content/rules/Tagasauris.com.xml
index 746b2a541b06..ace413bc7c0a 100644
--- a/src/chrome/content/rules/Tagasauris.com.xml
+++ b/src/chrome/content/rules/Tagasauris.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://photo.tagasauris.com/ => https://photo.tagasauris.com/: Too
 	* Secured by us
 
 -->
-<ruleset name="Tagasauris.com" default_off='failed ruleset test'>
+<ruleset name="Tagasauris.com" default_off="failed ruleset test">
 
 	<target host="tagasauris.com" />
 	<target host="photo.tagasauris.com" />
diff --git a/src/chrome/content/rules/Tagesanzeiger.ch.xml b/src/chrome/content/rules/Tagesanzeiger.ch.xml
index 4482c2c9f705..80cfe58210ec 100644
--- a/src/chrome/content/rules/Tagesanzeiger.ch.xml
+++ b/src/chrome/content/rules/Tagesanzeiger.ch.xml
@@ -3,7 +3,7 @@
 
 	Cert expired:
 		- staging.mobile.tagesanzeiger.ch
-		
+
 	Cert mismatch:
 		- www.1zu12.tagesanzeiger.ch
 		- www.abo.tagesanzeiger.ch
diff --git a/src/chrome/content/rules/Tagesspiegel.de.xml b/src/chrome/content/rules/Tagesspiegel.de.xml
new file mode 100644
index 000000000000..cc37ad658d78
--- /dev/null
+++ b/src/chrome/content/rules/Tagesspiegel.de.xml
@@ -0,0 +1,79 @@
+<!--
+	Mismatch:
+		anzeigenportal.tagesspiegel.de
+-->
+<ruleset name="Tagesspiegel.de (partial)">
+
+	<target host="tagesspiegel.de" />
+	<target host="www.tagesspiegel.de" />
+	<target host="1928.tagesspiegel.de" />
+	<target host="390gramm.tagesspiegel.de" />
+	<target host="abo.tagesspiegel.de" />
+	<target host="aboservice.tagesspiegel.de" />
+	<target host="access.tagesspiegel.de" />
+	<target host="adfrend.tagesspiegel.de" />
+	<target host="adlershof.tagesspiegel.de" />
+	<target host="anzeigen.tagesspiegel.de" />
+	<target host="anzeigeneingabe.tagesspiegel.de" />
+	<target host="anzeigenmarkt.tagesspiegel.de" />
+	<target host="anzeigenpreise.tagesspiegel.de" />
+	<target host="www.anzeigenpreise.tagesspiegel.de" />
+	<target host="apps.tagesspiegel.de" />
+	<target host="auktion.tagesspiegel.de" />
+	<target host="background.tagesspiegel.de" />
+	<target host="beilagen.tagesspiegel.de" />
+	<target host="blutgraetsche.tagesspiegel.de" />
+	<target host="brand.tagesspiegel.de" />
+	<target host="www.brand.tagesspiegel.de" />
+	<target host="causa.tagesspiegel.de" />
+	<target host="ccs.tagesspiegel.de" />
+	<target host="checkpoint.tagesspiegel.de" />
+	<target host="data.tagesspiegel.de" />
+	<target host="digitalpresent.tagesspiegel.de" />
+	<target host="ehrensache.tagesspiegel.de" />
+	<target host="epaper.tagesspiegel.de" />
+	<target host="fieldtrip.tagesspiegel.de" />
+	<target host="golf.tagesspiegel.de" />
+	<target host="gutscheine.tagesspiegel.de" />
+	<target host="hausnummern.tagesspiegel.de" />
+	<target host="hugo.tagesspiegel.de" />
+	<target host="ifa.tagesspiegel.de" />
+	<target host="italien.tagesspiegel.de" />
+	<target host="jobs.tagesspiegel.de" />
+	<target host="karriere.tagesspiegel.de" />
+	<target host="leserreisen.tagesspiegel.de" />
+	<target host="leute.tagesspiegel.de" />
+	<target host="mahjong.tagesspiegel.de" />
+	<target host="malwettbewerb.tagesspiegel.de" />
+	<target host="mein.tagesspiegel.de" />
+	<target host="nl.tagesspiegel.de" />
+	<target host="ostern.tagesspiegel.de" />
+	<target host="queer.tagesspiegel.de" />
+	<target host="reiseauktion.tagesspiegel.de" />
+	<target host="reisen.tagesspiegel.de" />
+	<target host="service.tagesspiegel.de" />
+	<target host="shop.tagesspiegel.de" />
+	<target host="smartmagazines.tagesspiegel.de" />
+	<target host="sonderthemen.tagesspiegel.de" />
+	<target host="specials.tagesspiegel.de" />
+	<target host="sudoku.tagesspiegel.de" />
+	<target host="tippspiel.tagesspiegel.de" />
+	<target host="trauer.tagesspiegel.de" />
+	<target host="urban-running.tagesspiegel.de" />
+	<target host="veranstaltungen.tagesspiegel.de" />
+	<target host="verbraucher.tagesspiegel.de" />
+	<target host="vergleich.tagesspiegel.de" />
+	<target host="verkehrsluecken.tagesspiegel.de" />
+	<target host="verlagsjobs.tagesspiegel.de" />
+	<target host="versicherungsvergleich.tagesspiegel.de" />
+	<target host="video.tagesspiegel.de" />
+	<target host="wahl.tagesspiegel.de" />
+	<target host="weihnachten.tagesspiegel.de" />
+	<target host="wetter.tagesspiegel.de" />
+	<target host="wieklingtberlin.tagesspiegel.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tahmil-KutubPDF.com.xml b/src/chrome/content/rules/Tahmil-KutubPDF.com.xml
deleted file mode 100644
index 9f2207e98f89..000000000000
--- a/src/chrome/content/rules/Tahmil-KutubPDF.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Tahmil-KutubPDF.com">
-	<target host="tahmil-kutubpdf.com" />
-	<target host="www.tahmil-kutubpdf.com" />
-
-	<target host="tahmil-kutub-pdf.info" />
-	<target host="www.tahmil-kutub-pdf.info" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Taimiah.org.xml b/src/chrome/content/rules/Taimiah.org.xml
new file mode 100644
index 000000000000..748509161e9b
--- /dev/null
+++ b/src/chrome/content/rules/Taimiah.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="Taimiah.org">
+	<target host="taimiah.org" />
+	<target host="www.taimiah.org" />
+	<target host="halakat.taimiah.org" />
+	<target host="library.taimiah.org" />
+	<target host="libraryold.taimiah.org" />
+	<target host="mosabaqat.taimiah.org" />
+	<target host="tadrib.taimiah.org" />
+	<target host="webmail.taimiah.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Take_Control_Ebooks.xml b/src/chrome/content/rules/Take_Control_Ebooks.xml
index 270b09792a0f..106b3610e93a 100644
--- a/src/chrome/content/rules/Take_Control_Ebooks.xml
+++ b/src/chrome/content/rules/Take_Control_Ebooks.xml
@@ -4,9 +4,9 @@
 	<target host="www.takecontrolbooks.com" />
 
 
-	<securecookie host="^(?:.*\.)?takecontrolbooks\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Takw.in.xml b/src/chrome/content/rules/Takw.in.xml
new file mode 100644
index 000000000000..e121fdd237b8
--- /dev/null
+++ b/src/chrome/content/rules/Takw.in.xml
@@ -0,0 +1,8 @@
+<ruleset name="Takw.in">
+	<target host="takw.in" />
+	<target host="www.takw.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Taleo.xml b/src/chrome/content/rules/Taleo.xml
index 9141504a6ab7..1f220f058827 100644
--- a/src/chrome/content/rules/Taleo.xml
+++ b/src/chrome/content/rules/Taleo.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.taleo.com/ => https://www.oracle.com/us/products/applica
 	(www.)?taleo.com: Redirects to http
 
 -->
-<ruleset name="Taleo.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Taleo.com (partial)" default_off="failed ruleset test">
 
 	<target host="taleo.com"/>
 	<target host="www.taleo.com"/>
diff --git a/src/chrome/content/rules/Talk-Active.xml b/src/chrome/content/rules/Talk-Active.xml
deleted file mode 100644
index 89b40a8d942b..000000000000
--- a/src/chrome/content/rules/Talk-Active.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For problematic rules, see Talk-Active-mismatches.xml.
-
-
-	Nonfunctional domains:
-
-		- web10.net:
-
-			- de		(cert: web12.talkactive.net, self-signed;
-					shows CloudLinux test page)
-			- fi		(ditto)
-			- uk		(ditto)
-
-		- (www.)web10.nl	(ditto)
-		- (www.)web10.nu	(ditto)
-		- (www.)web10.se	(ditto)
-
-
-	Problematic subdomains:
-
-		- (www.)	(works, expired, mismatched, self-signed)
-
--->
-<ruleset name="Talk Active (partial)">
-
-	<target host="*.talkactive.net" />
-
-
-	<securecookie host="^webmail\.talkactive\.net$" name=".+" />
-
-
-	<rule from="^http://web(12|mail)\.talkactive\.net/"
-		to="https://web$1.talkactive.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TalkTalk-mismatches.xml b/src/chrome/content/rules/TalkTalk-mismatches.xml
index f386b4b4dda9..f6fe0287b531 100644
--- a/src/chrome/content/rules/TalkTalk-mismatches.xml
+++ b/src/chrome/content/rules/TalkTalk-mismatches.xml
@@ -3,7 +3,7 @@
 	<target host="talktalktechnology.com"/>
 	<target host="www.talktalktechnology.com"/>
 
-	<securecookie host="^(?:.*\.)?talktalktechnology\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?talktalktechnology\.com/"
 		to="https://www.talktalktechnology.com/"/>
diff --git a/src/chrome/content/rules/TalkTalk.xml b/src/chrome/content/rules/TalkTalk.xml
index 77f8298e0cbe..b8d3e3069f63 100644
--- a/src/chrome/content/rules/TalkTalk.xml
+++ b/src/chrome/content/rules/TalkTalk.xml
@@ -56,7 +56,7 @@ Fetch error: http://my.talktalk.co.uk/ => https://my.talktalk.co.uk/: (7, 'Faile
 	* Secured by us
 
 -->
-<ruleset name="TalkTalk.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="TalkTalk.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TalkTalk_Business.co.uk.xml b/src/chrome/content/rules/TalkTalk_Business.co.uk.xml
index 1dc65d925cd5..0c0996d074b2 100644
--- a/src/chrome/content/rules/TalkTalk_Business.co.uk.xml
+++ b/src/chrome/content/rules/TalkTalk_Business.co.uk.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.talktalkbusiness.co.uk/ => https://www.talktalkbusiness.
 		- www.talktalkbusiness.co.uk
 
 -->
-<ruleset name="TalkTalk Business.co.uk" default_off='failed ruleset test'>
+<ruleset name="TalkTalk Business.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Talkhealth_partnership.com.xml b/src/chrome/content/rules/Talkhealth_partnership.com.xml
index a53714e7ada6..4d358a3bd0d4 100644
--- a/src/chrome/content/rules/Talkhealth_partnership.com.xml
+++ b/src/chrome/content/rules/Talkhealth_partnership.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.talkhealthpartnership.com/ => https://www.talkhealthpart
 		- www.talkhealthpartnership.com
 
 -->
-<ruleset name="talkhealth partnership.com" default_off='failed ruleset test'>
+<ruleset name="talkhealth partnership.com" default_off="failed ruleset test">
 
 	<target host="talkhealthpartnership.com" />
 	<target host="www.talkhealthpartnership.com" />
diff --git a/src/chrome/content/rules/Talking_Points_Memo.com.xml b/src/chrome/content/rules/Talking_Points_Memo.com.xml
index 525e463e3a28..d9af449cccde 100644
--- a/src/chrome/content/rules/Talking_Points_Memo.com.xml
+++ b/src/chrome/content/rules/Talking_Points_Memo.com.xml
@@ -34,7 +34,6 @@
 	<target host="cdn1.talkingpointsmemo.com" />
 
 
-	<rule from="^http://cdn1\.talkingpointsmemo\.com/"
-		to="https://d2lix3jnlp95fq.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Talky.io.xml b/src/chrome/content/rules/Talky.io.xml
index d361acedea30..d8534101e0c8 100644
--- a/src/chrome/content/rules/Talky.io.xml
+++ b/src/chrome/content/rules/Talky.io.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://beta.talky.io/ => https://beta.talky.io/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Talky.io" default_off='failed ruleset test'>
+<ruleset name="Talky.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tampermonkey.xml b/src/chrome/content/rules/Tampermonkey.xml
index 7e635122386b..d6e6b5d1aef2 100644
--- a/src/chrome/content/rules/Tampermonkey.xml
+++ b/src/chrome/content/rules/Tampermonkey.xml
@@ -16,9 +16,9 @@
 	<target host="www.tampermonkey.net" />
 	<target host="forum.tampermonkey.net" />
 	<target host="safari.tampermonkey.net" />
-	
+
 	<rule from="^http:"
 			to="https:" />
 
 	<securecookie host="^forum\.tampermonkey\.net$" name=".+" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tandem_Calendar.xml b/src/chrome/content/rules/Tandem_Calendar.xml
index 897861cb8451..daec148bc4cd 100644
--- a/src/chrome/content/rules/Tandem_Calendar.xml
+++ b/src/chrome/content/rules/Tandem_Calendar.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tanger.ma.xml b/src/chrome/content/rules/Tanger.ma.xml
new file mode 100644
index 000000000000..e40ba58c166c
--- /dev/null
+++ b/src/chrome/content/rules/Tanger.ma.xml
@@ -0,0 +1,34 @@
+<!--
+	Not publicly accessible:
+		benimakada.tanger.ma
+		www.benimakada.tanger.ma
+		cpanel.tanger.ma
+		mail.tanger.ma
+		cpanel.medina.tanger.ma
+		mail.medina.tanger.ma
+		webdisk.medina.tanger.ma
+		webmail.medina.tanger.ma
+		mghoga.tanger.ma
+		www.mghoga.tanger.ma
+		rdv.tanger.ma
+		www.rdv.tanger.ma
+		souani.tanger.ma
+		www.souani.tanger.ma
+		webdisk.tanger.ma
+		webmail.tanger.ma
+
+	Expired certificate:
+		r.tanger.ma
+		www.r.tanger.ma
+
+-->
+<ruleset name="Tanger.ma">
+	<target host="tanger.ma" />
+	<target host="www.tanger.ma" />
+	<target host="medina.tanger.ma" />
+	<target host="www.medina.tanger.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tangerine-Bank.xml b/src/chrome/content/rules/Tangerine-Bank.xml
index 7c751aa2a31d..861fdbc2092d 100644
--- a/src/chrome/content/rules/Tangerine-Bank.xml
+++ b/src/chrome/content/rules/Tangerine-Bank.xml
@@ -24,7 +24,6 @@
 	<target host="tangerine.com" />
 	<target host="www.tangerine.com" />
 
-	<test url="http://tangerine.com/" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Tango.me.xml b/src/chrome/content/rules/Tango.me.xml
index 40e565d07bbd..09b8c8171bea 100644
--- a/src/chrome/content/rules/Tango.me.xml
+++ b/src/chrome/content/rules/Tango.me.xml
@@ -24,7 +24,7 @@ Fetch error: http://media.tango.me/ => https://media.tango.me/: (28, 'Operation
 	* Secured by us
 
 -->
-<ruleset name="Tango.me (partial)" default_off='failed ruleset test'>
+<ruleset name="Tango.me (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TankaFetast.com.xml b/src/chrome/content/rules/TankaFetast.com.xml
index 1a57e7c19feb..e284af3e887c 100644
--- a/src/chrome/content/rules/TankaFetast.com.xml
+++ b/src/chrome/content/rules/TankaFetast.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.tankafetast.com/ => https://www.tankafetast.com/: (35, '
 		- .tankafetast.com
 
 -->
-<ruleset name="TankaFetast.com" default_off='failed ruleset test'>
+<ruleset name="TankaFetast.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tanzschule-wernecke.de.xml b/src/chrome/content/rules/Tanzschule-wernecke.de.xml
new file mode 100644
index 000000000000..207a76f07b04
--- /dev/null
+++ b/src/chrome/content/rules/Tanzschule-wernecke.de.xml
@@ -0,0 +1,9 @@
+<ruleset name="Tanzschule-wernecke.de">
+	<target host="tanzschule-wernecke.de" />
+	<target host="www.tanzschule-wernecke.de" />
+	<target host="cdn.tanzschule-wernecke.de" />
+	<target host="contao4-assets.tanzschule-wernecke.de" />
+	<target host="contao4-files.tanzschule-wernecke.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tapatalk.com.xml b/src/chrome/content/rules/Tapatalk.com.xml
new file mode 100644
index 000000000000..b4360d3fc0cc
--- /dev/null
+++ b/src/chrome/content/rules/Tapatalk.com.xml
@@ -0,0 +1,106 @@
+<!--
+	Connection timed out:
+		- activate
+		- db
+		- devserver
+		- email-gateway
+		- email-gateway-1
+		- email-gateway-2
+		- glog
+		- groups
+		- m
+		- mail-182-92
+		- mail-182-93
+		- mail-182-94
+		- share
+		- wwwtest
+	
+	Mismatched:
+		- s2.db
+		- s2.dev
+		- s2.directory
+		- link2
+		- s2.logos
+		- ox-i
+		- redirect
+		- redirect2
+		- s2directory
+	
+	Expired:
+		- cdn
+		- images
+		- img
+		- img-2011-12
+		- img-2013
+		- rest
+		- support-dev
+	
+	Connection refused:
+		- int-noc
+		- push2
+		- testblog
+		- vpn
+	
+	Connection closed:
+		- mail
+	
+	Unsupported SSL version
+		- ning
+	
+	Incomplete certificate chain:
+		- s2.support
+	
+	SSL handshake failure:
+		- tapstream
+-->
+<ruleset name="Tapatalk.com">
+	<target host="tapatalk.com" />
+	<target host="www.tapatalk.com" />
+	<target host="api.tapatalk.com" />
+	<target host="apis.tapatalk.com" />
+	<target host="blog.tapatalk.com" />
+	<target host="cache.tapatalk.com" />
+	<target host="cloud.tapatalk.com" />
+	<target host="customdomain.tapatalk.com" />
+	<target host="dev.tapatalk.com" />
+	<target host="directory.tapatalk.com" />
+	<target host="directory1.tapatalk.com" />
+	<target host="directory3.tapatalk.com" />
+	<target host="jwt.tapatalk.com" />
+	<target host="link.tapatalk.com" />
+	<target host="log.tapatalk.com" />
+	<target host="log2.tapatalk.com" />
+	<target host="logos.tapatalk.com" />
+	<target host="market.tapatalk.com" />
+	<target host="new.tapatalk.com" />
+	<target host="piwik.tapatalk.com" />
+	<target host="piwik1.tapatalk.com" />
+	<target host="piwik2.tapatalk.com" />
+	<target host="pt.tapatalk.com" />
+	<target host="push.tapatalk.com" />
+	<target host="r.tapatalk.com" />
+	<target host="redir.tapatalk.com" />
+	<target host="rss.tapatalk.com" />
+	<target host="rss-spider.tapatalk.com" />
+	<target host="s2.tapatalk.com" />
+	<target host="search.tapatalk.com" />
+	<target host="search-log.tapatalk.com" />
+	<target host="search-log-1.tapatalk.com" />
+	<target host="search2.tapatalk.com" />
+	<target host="siteowners.tapatalk.com" />
+	<target host="siteowners-dev.tapatalk.com" />
+	<target host="siteowners-stage.tapatalk.com" />
+	<target host="sso.tapatalk.com" />
+	<target host="stage.tapatalk.com" />
+	<target host="stage1.tapatalk.com" />
+	<target host="support.tapatalk.com" />
+	<target host="support2.tapatalk.com" />
+	<target host="track.tapatalk.com" />
+	<target host="upload.tapatalk.com" />
+	<target host="vb5demo.tapatalk.com" />
+	<target host="verify.tapatalk.com" />
+	<target host="vww.tapatalk.com" />
+	<target host="web.tapatalk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tapatalk.xml b/src/chrome/content/rules/Tapatalk.xml
deleted file mode 100644
index 4a64bfaba7d9..000000000000
--- a/src/chrome/content/rules/Tapatalk.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Problematic hosts in *tapatalk.com:
-
-		- img *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- tapatalk.com
-
--->
-<ruleset name="Tapatalk.com">
-
-	<target host="tapatalk.com" />
-	<target host="blog.tapatalk.com" />
-	<!--target host="img.tapatalk.com" /-->
-	<target host="support.tapatalk.com" />
-	<target host="www.tapatalk.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^tapatalk\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^tapatalk\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tape.tv.xml b/src/chrome/content/rules/Tape.tv.xml
index dc8fcc419886..637a50a3255d 100644
--- a/src/chrome/content/rules/Tape.tv.xml
+++ b/src/chrome/content/rules/Tape.tv.xml
@@ -9,7 +9,7 @@ Fetch error: http://web202.tape.tv/ => https://web202.tape.tv/: (6, 'Could not r
 Fetch error: http://tapetv-slowjam.de/ => https://tapetv-slowjam.de/: (6, 'Could not resolve host: tapetv-slowjam.de')
 
 -->
-<ruleset name="Tape.tv" default_off='failed ruleset test'>
+<ruleset name="Tape.tv" default_off="failed ruleset test">
 
 	<target host="blog.tape.tv"/>
 	<target host="connect.tape.tv"/>
diff --git a/src/chrome/content/rules/Tapgage.xml b/src/chrome/content/rules/Tapgage.xml
index 3c3ff2dead3a..a16812f02e71 100644
--- a/src/chrome/content/rules/Tapgage.xml
+++ b/src/chrome/content/rules/Tapgage.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.tapgage.net/ => https://www.tapgage.net/: (60, 'SSL cert
 	!www: self-signed
 
 -->
-<ruleset name="Tapgage" default_off='failed ruleset test'>
+<ruleset name="Tapgage" default_off="failed ruleset test">
 
 	<target host="tapgage.net" />
 	<target host="www.tapgage.net" />
@@ -21,4 +21,4 @@ Fetch error: http://www.tapgage.net/ => https://www.tapgage.net/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tapiture.com.xml b/src/chrome/content/rules/Tapiture.com.xml
index 5cf0501480b4..7b4608501d48 100644
--- a/src/chrome/content/rules/Tapiture.com.xml
+++ b/src/chrome/content/rules/Tapiture.com.xml
@@ -36,7 +36,7 @@ Fetch error: http://www.tapiture.com/ => https://www.tapiture.com/: (28, 'Connec
 		- Image from s3-live.tapcdn.com
 
 -->
-<ruleset name="Tapiture.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Tapiture.com (partial)" default_off="failed ruleset test">
 
 	<target host="tapiture.com" />
 	<target host="www.tapiture.com" />
diff --git a/src/chrome/content/rules/Taranis.news.xml b/src/chrome/content/rules/Taranis.news.xml
new file mode 100644
index 000000000000..60c8d5b85f17
--- /dev/null
+++ b/src/chrome/content/rules/Taranis.news.xml
@@ -0,0 +1,8 @@
+<ruleset name="Taranis.news">
+
+	<target host="taranis.news" />
+	<target host="www.taranis.news" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tarasic.com.tw.xml b/src/chrome/content/rules/Tarasic.com.tw.xml
index 548f2b8cfd9c..029e5a3f3bb9 100644
--- a/src/chrome/content/rules/Tarasic.com.tw.xml
+++ b/src/chrome/content/rules/Tarasic.com.tw.xml
@@ -30,4 +30,4 @@
 	<rule from="^http://(?:www\.)?terasic\.com\.tw/"
 		to="https://www.terasic.com.tw/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Target.com.au.xml b/src/chrome/content/rules/Target.com.au.xml
new file mode 100644
index 000000000000..014283e18c50
--- /dev/null
+++ b/src/chrome/content/rules/Target.com.au.xml
@@ -0,0 +1,75 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- access	(t)
+		- as4g	(SSL connection error)
+		- b2b	(SSL connection error)
+		- b2b-test	(r)
+		- careers	(m)
+		- catalogues	(m)
+		- www.catalogues	(m)
+		- connect	(i)
+		- email	(s)
+		- ess	(t)
+		- essuat	(i)
+		- fe-qat	(t)
+		- fe-stg	(i)
+		- fe-uat	(t)
+		- ftd	(t)
+		- guest	(t)
+		- internalcareers	(m)
+		- legacy	(t)
+		- mail	(m)
+		- mail1	(t)
+		- mixandmatch	(t)
+		- mybenefits	(r)
+		- onlineshopping	(m)
+		- orig-shop	(t)
+		- portal	(m)
+		- preprod-www	(t)
+		- qa	(t)
+		- rah	(i)
+		- socialmedia	(t)
+		- subscriptions	(r)
+		- supplier	(SSL connection error)
+		- supplierawards	(r)
+		- targart	(t)
+		- testcatalogue		(m)
+		- traps		(t)
+		- twptrmdmzweb1vth	(t)
+		- twptrmdmzweb2vto	(t)
+		- webmeeting	(i)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Target Australia">
+
+	<target host="target.com.au" />
+	<target host="www.target.com.au" />
+	<target host="app.target.com.au" />
+	<target host="staging.app.target.com.au" />
+	<target host="as3g.target.com.au" />
+	<target host="autodiscover.target.com.au" />
+	<target host="hampers.target.com.au" />
+	<target host="hybrid.target.com.au" />
+	<target host="jabber.target.com.au" />
+	<target host="jbgexpe1.target.com.au" />
+	<target host="jbgexpe2.target.com.au" />
+	<target host="mdm.target.com.au" />
+	<target host="preprod-app.target.com.au" />
+	<target host="shop.target.com.au" />
+	<target host="staging.target.com.au" />
+	<target host="transfers.target.com.au" />
+	<target host="webmail.target.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Target_Performance.xml b/src/chrome/content/rules/Target_Performance.xml
index 56b5ca67d213..4b1ff59712b0 100644
--- a/src/chrome/content/rules/Target_Performance.xml
+++ b/src/chrome/content/rules/Target_Performance.xml
@@ -1,6 +1,15 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://n2.ad.ad-srv.net/ => https://n2.ad.ad-srv.net/: (6, 'Could not resolve host: n2.ad.ad-srv.net')
+Fetch error: http://n34.ad.ad-srv.net/ => https://n34.ad.ad-srv.net/: (6, 'Could not resolve host: n34.ad.ad-srv.net')
+
+-->
 <ruleset name="Targeting Performance">
-<target host="*.ad-srv.net"/>
+<target host="ad.ad-srv.net" />
+<!-- target host="n2.ad.ad-srv.net" /-->
+<!-- target host="n34.ad.ad-srv.net" /-->
 
-<rule from="^http://ad\.ad-srv\.net/" to="https://ad.ad-srv.net/"/>
-<rule from="^http://(n2|n34)\.ad\.ad-srv\.net/" to="https://$1.ad-srv.net/"/>
+<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Targeted_Threats.net.xml b/src/chrome/content/rules/Targeted_Threats.net.xml
index 20abca67f7bc..4c740baa00fa 100644
--- a/src/chrome/content/rules/Targeted_Threats.net.xml
+++ b/src/chrome/content/rules/Targeted_Threats.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://targetedthreats.net/ => https://targetedthreats.net/: (28, '
 Fetch error: http://www.targetedthreats.net/ => https://www.targetedthreats.net/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Targeted Threats.net" default_off='failed ruleset test'>
+<ruleset name="Targeted Threats.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tarlogic.com.xml b/src/chrome/content/rules/Tarlogic.com.xml
index 73a8e2676ee9..9d8f4fbe0914 100644
--- a/src/chrome/content/rules/Tarlogic.com.xml
+++ b/src/chrome/content/rules/Tarlogic.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://tarlogic.com/ => https://tarlogic.com/: (51, "SSL: no altern
 	* Secured by us
 
 -->
-<ruleset name="Tarlogic.com" default_off='failed ruleset test'>
+<ruleset name="Tarlogic.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Task_Force_on_Shale_Gas.uk.xml b/src/chrome/content/rules/Task_Force_on_Shale_Gas.uk.xml
deleted file mode 100644
index aad0faf2430b..000000000000
--- a/src/chrome/content/rules/Task_Force_on_Shale_Gas.uk.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
--->
-<ruleset name="Task Force on Shale Gas.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="taskforceonshalegas.uk" />
-	<target host="darkroom.taskforceonshalegas.uk" />
-	<target host="www.taskforceonshalegas.uk" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.taskforceonshalegas\.uk$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name="" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tate_Publishing.com.xml b/src/chrome/content/rules/Tate_Publishing.com.xml
deleted file mode 100644
index 7d869d033cc0..000000000000
--- a/src/chrome/content/rules/Tate_Publishing.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Tate Publishing.com">
-
-	<target host="tatepublishing.com" />
-	<target host="www.tatepublishing.com" />
-
-
-	<securecookie host="^(?:www\.)?tatepublishing\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tatrabanka.sk.xml b/src/chrome/content/rules/Tatrabanka.sk.xml
new file mode 100644
index 000000000000..825a14e82d24
--- /dev/null
+++ b/src/chrome/content/rules/Tatrabanka.sk.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		priip.tatrabanka.sk
+-->
+<ruleset name="Tatrabanka.sk">
+	<target host="tatrabanka.sk" />
+	<target host="www.tatrabanka.sk" />
+	<target host="3dsecure.tatrabanka.sk" />
+	<target host="business.tatrabanka.sk" />
+	<target host="byod.tatrabanka.sk" />
+	<target host="developer.tatrabanka.sk" />
+	<target host="dialog.tatrabanka.sk" />
+	<target host="kariera.tatrabanka.sk" />
+	<target host="kontakt.tatrabanka.sk" />
+	<target host="lms.tatrabanka.sk" />
+	<target host="mkt-cdn.tatrabanka.sk" />
+	<target host="moja.tatrabanka.sk" />
+	<target host="nuance.tatrabanka.sk" />
+	<target host="secure.tatrabanka.sk" />
+	<target host="vportal.tatrabanka.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TauCeti.org.au.xml b/src/chrome/content/rules/TauCeti.org.au.xml
index bf19feba4f7b..3987d0e82390 100644
--- a/src/chrome/content/rules/TauCeti.org.au.xml
+++ b/src/chrome/content/rules/TauCeti.org.au.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TawkTo.xml b/src/chrome/content/rules/TawkTo.xml
index cc002a3b7eef..1b2e8b8d9253 100644
--- a/src/chrome/content/rules/TawkTo.xml
+++ b/src/chrome/content/rules/TawkTo.xml
@@ -3,9 +3,9 @@
 	<target host="tawk.to" />
 	<target host="www.tawk.to" />
 	<target host="dashboard.tawk.to" />
-	
+
 	<securecookie host=".+" name=".+" />
-  
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/TaxAct.xml b/src/chrome/content/rules/TaxAct.xml
index b070dd5c3b61..13323a76adaa 100644
--- a/src/chrome/content/rules/TaxAct.xml
+++ b/src/chrome/content/rules/TaxAct.xml
@@ -17,7 +17,7 @@ Fetch error: http://www2.taxactonline.com/ => https://www2.taxactonline.com/: (6
 
 		¹ hostname mismatch
 -->
-<ruleset name="TaxAct (partial)" default_off='failed ruleset test'>
+<ruleset name="TaxAct (partial)" default_off="failed ruleset test">
 	<target host="taxact.com" />
 	<target host="cdn.taxact.com" />
 	<target host="www.taxact.com" />
diff --git a/src/chrome/content/rules/TaxChopper.ca.xml b/src/chrome/content/rules/TaxChopper.ca.xml
new file mode 100644
index 000000000000..180ac4d4d66b
--- /dev/null
+++ b/src/chrome/content/rules/TaxChopper.ca.xml
@@ -0,0 +1,12 @@
+<!--
+	Timeout:
+		- mail.taxchopper.ca
+		- ns1.taxchopper.ca
+		- ns2.taxchopper.ca
+-->
+<ruleset name="TaxChopper.ca">
+	<target host="taxchopper.ca" />
+	<target host="www.taxchopper.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TaxPayers_Alliance.xml b/src/chrome/content/rules/TaxPayers_Alliance.xml
index 5dc9bea0fd16..0745ca0bebd0 100644
--- a/src/chrome/content/rules/TaxPayers_Alliance.xml
+++ b/src/chrome/content/rules/TaxPayers_Alliance.xml
@@ -8,10 +8,10 @@ Non-2xx HTTP code: http://taxpayersalliance.com/ (200) => https://www.taxpayersa
 	^: Expired 2013-05-13
 
 -->
-<ruleset name="TaxPayers' Alliance" default_off='failed ruleset test'>
+<ruleset name="TaxPayers' Alliance" default_off="failed ruleset test">
 
 	<target host="taxpayersalliance.com" />
-	<target host="*.taxpayersalliance.com" />
+	<target host="www.taxpayersalliance.com" />
 
 
 	<securecookie host="(?:www)?\.taxpayersalliance\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Taxify.eu.xml b/src/chrome/content/rules/Taxify.eu.xml
new file mode 100644
index 000000000000..eb562a8bed75
--- /dev/null
+++ b/src/chrome/content/rules/Taxify.eu.xml
@@ -0,0 +1,23 @@
+<ruleset name="Taxify">
+
+	<target host="taxify.eu" />
+	<target host="www.taxify.eu" />
+	<target host="blog.taxify.eu" />
+	<target host="business.taxify.eu" />
+	<target host="button.taxify.eu" />
+	<target host="dispatcher.taxify.eu" />
+	<target host="drivers.taxify.eu" />
+	<target host="fleets.taxify.eu" />
+	<target host="help.taxify.eu" />
+	<target host="invoice.taxify.eu" />
+	<target host="m.taxify.eu" />
+	<target host="partners.taxify.eu" />
+	<target host="s2.taxify.eu" />
+	<target host="summersummit2018.taxify.eu" />
+	<target host="support.taxify.eu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tchibo.xml b/src/chrome/content/rules/Tchibo.xml
index 3e4eaac365e5..92288bed6d3a 100644
--- a/src/chrome/content/rules/Tchibo.xml
+++ b/src/chrome/content/rules/Tchibo.xml
@@ -14,7 +14,7 @@ Problematic domains:
 	- radoscodkrywania.tchibo.pl
 	- *tchibo.com
 -->
-<ruleset name="Tchibo" default_off='failed ruleset test'>
+<ruleset name="Tchibo" default_off="failed ruleset test">
 	<target host="tchibo.de"/>
 	<target host="www.tchibo.de"/>
 	<target host="blumen.tchibo.de"/>
diff --git a/src/chrome/content/rules/Tcpdump.org.xml b/src/chrome/content/rules/Tcpdump.org.xml
new file mode 100644
index 000000000000..1488137fdb38
--- /dev/null
+++ b/src/chrome/content/rules/Tcpdump.org.xml
@@ -0,0 +1,25 @@
+<!--
+	^ does not exist
+
+	Mismatched:
+		- bpf.tcpdump.org
+		- www.ca1.tcpdump.org
+		- www4.ca1.tcpdump.org
+		- www6.ca1.tcpdump.org
+		- lists.tcpdump.org
+		- master.tcpdump.org
+		- www6.us.tcpdump.org
+-->
+<ruleset name="Tcpdump.org">
+	<target host="www.tcpdump.org" />
+	<target host="www4.tcpdump.org" />
+	<target host="www6.tcpdump.org" />
+	<target host="www.ca.tcpdump.org" />
+	<target host="www4.ca.tcpdump.org" />
+	<target host="www6.ca.tcpdump.org" />
+	<target host="www.us.tcpdump.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tdesktop.com.xml b/src/chrome/content/rules/Tdesktop.com.xml
index 0e8dfe3c887b..25b10c59108c 100644
--- a/src/chrome/content/rules/Tdesktop.com.xml
+++ b/src/chrome/content/rules/Tdesktop.com.xml
@@ -3,7 +3,7 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://update.tdesktop.com/ => https://update.tdesktop.com/: (51, "SSL: no alternative certificate subject name matches target host name 'update.tdesktop.com'")
 
-	For other Telegram coverage, see Telegram.org.xml.
+	For other Telegram coverage, see Telegram.me.xml.
 
 
 	These altnames don't exist:
@@ -11,7 +11,7 @@ Fetch error: http://update.tdesktop.com/ => https://update.tdesktop.com/: (51, "
 		- www.updates.tdesktop.com
 
 -->
-<ruleset name="Tdesktop.com" default_off='failed ruleset test'>
+<ruleset name="Tdesktop.com" default_off="failed ruleset test">
 
 	<target host="tdesktop.com" />
 	<target host="update.tdesktop.com" />
diff --git a/src/chrome/content/rules/Tdnam.com.xml b/src/chrome/content/rules/Tdnam.com.xml
deleted file mode 100644
index e4ca7fbfbac5..000000000000
--- a/src/chrome/content/rules/Tdnam.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other GoDaddy coverage, see GoDaddy.xml.
-
--->
-<ruleset name="tdnam.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="tdnam.com" />
-	<target host="www.tdnam.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TeacherCast.net.xml b/src/chrome/content/rules/TeacherCast.net.xml
new file mode 100644
index 000000000000..f7a37a2b89df
--- /dev/null
+++ b/src/chrome/content/rules/TeacherCast.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="TeacherCast.net">
+	<target host="teachercast.net" />
+	<target host="www.teachercast.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Teachers_Assurance.xml b/src/chrome/content/rules/Teachers_Assurance.xml
index 6f26a9e6dba2..9715caf00a3e 100644
--- a/src/chrome/content/rules/Teachers_Assurance.xml
+++ b/src/chrome/content/rules/Teachers_Assurance.xml
@@ -33,4 +33,4 @@
 	<rule from="^http://(customer|securevpn|www)\.teachersassurance\.co\.uk/"
 		to="https://$1.teachersassurance.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tealium.com.xml b/src/chrome/content/rules/Tealium.com.xml
index f55fbd0f07c1..4659293279d9 100644
--- a/src/chrome/content/rules/Tealium.com.xml
+++ b/src/chrome/content/rules/Tealium.com.xml
@@ -22,7 +22,7 @@
 
 	TLS-error:
 		- mail.tealium.com
-	
+
 	Redirects to plain-text:
 		- support.tealiumiq.com
 -->
diff --git a/src/chrome/content/rules/Team-share.net.xml b/src/chrome/content/rules/Team-share.net.xml
deleted file mode 100644
index 782645f43657..000000000000
--- a/src/chrome/content/rules/Team-share.net.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- team-share.net
-		- www.team-share.net
-
--->
-<ruleset name="team-share.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="team-share.net" />
-	<target host="www.team-share.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?team-share\.net$" name="^(?:ASP\.NET_SessionId$|BIGipServer)" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TeamLiquid.net.xml b/src/chrome/content/rules/TeamLiquid.net.xml
new file mode 100644
index 000000000000..1f8e699ddd57
--- /dev/null
+++ b/src/chrome/content/rules/TeamLiquid.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="TeamLiquid.net">
+
+	<target host="teamliquid.net" />
+	<target host="www.teamliquid.net" />
+	<target host="wiki.teamliquid.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Team_Cymru.xml b/src/chrome/content/rules/Team_Cymru.xml
index ba27eeea3cc5..6996b3310ddd 100644
--- a/src/chrome/content/rules/Team_Cymru.xml
+++ b/src/chrome/content/rules/Team_Cymru.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Team_UNICEF.org.xml b/src/chrome/content/rules/Team_UNICEF.org.xml
deleted file mode 100644
index 9f3d59c804c4..000000000000
--- a/src/chrome/content/rules/Team_UNICEF.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For more UNICEF.org related ruleset, see UNICEF.org.xml
-
--->
-<ruleset name="Team UNICEF.org">
-	<target host="teamunicef.org" />
-	<target host="www.teamunicef.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Team_in_Training.org.xml b/src/chrome/content/rules/Team_in_Training.org.xml
index b3f71968e454..91587e7c6ccd 100644
--- a/src/chrome/content/rules/Team_in_Training.org.xml
+++ b/src/chrome/content/rules/Team_in_Training.org.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.teamintraining.org/ => https://www.teamintraining.org/:
 		- ^	(works; mismatched, CN: *.lls.org)
 
 -->
-<ruleset name="Team in Training.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Team in Training.org (partial)" default_off="failed ruleset test">
 
 	<target host="teamintraining.org" />
 	<target host="www.teamintraining.org" />
@@ -26,4 +26,4 @@ Fetch error: http://www.teamintraining.org/ => https://www.teamintraining.org/:
 	<rule from="^http://(?:www\.)?teamintraining\.org/"
 		to="https://www.teamintraining.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teamviewer.xml b/src/chrome/content/rules/Teamviewer.xml
index b106065ff8eb..9c1a661c05bf 100644
--- a/src/chrome/content/rules/Teamviewer.xml
+++ b/src/chrome/content/rules/Teamviewer.xml
@@ -1,5 +1,5 @@
 <!--
-	Mismatched: 
+	Mismatched:
 	- mailings (*.inxmail.com)
 -->
 
diff --git a/src/chrome/content/rules/Teanglann.ie.xml b/src/chrome/content/rules/Teanglann.ie.xml
new file mode 100644
index 000000000000..5531450060c7
--- /dev/null
+++ b/src/chrome/content/rules/Teanglann.ie.xml
@@ -0,0 +1,6 @@
+<ruleset name="Teanglann.ie">
+	<target host="teanglann.ie"/>
+	<target host="www.teanglann.ie"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TeardownIQ.com.xml b/src/chrome/content/rules/TeardownIQ.com.xml
deleted file mode 100644
index 4fcd58e6e401..000000000000
--- a/src/chrome/content/rules/TeardownIQ.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other ABI Research coverage, see ABI_Research.xml.
-
--->
-<ruleset name="TeardownIQ.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="teardowniq.com" />
-	<target host="www.teardowniq.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TechHouse.xml b/src/chrome/content/rules/TechHouse.xml
index 60de3dea2444..bde8eab45d42 100644
--- a/src/chrome/content/rules/TechHouse.xml
+++ b/src/chrome/content/rules/TechHouse.xml
@@ -2,7 +2,7 @@
   <target host="techhouse.org" />
   <target host="www.techhouse.org" />
 
-  <securecookie host="^(?:.+\.)?techhouse\.org$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TechRepublic.com-problematic.xml b/src/chrome/content/rules/TechRepublic.com-problematic.xml
deleted file mode 100644
index a60f7a65522d..000000000000
--- a/src/chrome/content/rules/TechRepublic.com-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see TechRepublic.xml.
-
--->
-<ruleset name="TechRepublic.com (problematic)" default_off="mismatched">
-
-	<target host="www.techrepublic.com" />
-
-
-	<securecookie host="^www\.techrepublic\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TechRepublic.com.xml b/src/chrome/content/rules/TechRepublic.com.xml
new file mode 100644
index 000000000000..186a269b37cc
--- /dev/null
+++ b/src/chrome/content/rules/TechRepublic.com.xml
@@ -0,0 +1,43 @@
+<!--
+	For other CBS coverage, see CBS.xml.
+
+	Invalid certificate:
+		android-streaming.techrepublic.com
+		dw.techrepublic.com
+		ipad-streaming.techrepublic.com
+		li.techrepublic.com
+
+	Different content HTTP/HTTPS:
+		blogs.techrepublic.com
+		downloads.techrepublic.com
+		itdojo.techrepublic.com
+		policies.techrepublic.com
+		techbooks.techrepublic.com
+		whitepapers.techrepublic.com
+
+	No working URL known:
+		cdn-origin01.techrepublic.com
+		urs.techrepublic.com
+
+	Login required:
+		enews.techrepublic.com
+
+	Time out:
+		itpapers.techrepublic.com
+
+-->
+<ruleset name="TechRepublic.com (partial)">
+
+	<target host="techrepublic.com" />
+	<target host="academy.techrepublic.com" />
+	<target host="cms.techrepublic.com" />
+	<target host="japan.techrepublic.com" />
+	<target host="m.techrepublic.com" />
+	<target host="secure.techrepublic.com" />
+
+	<securecookie host="^secure\.techrepublic\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechRepublic.xml b/src/chrome/content/rules/TechRepublic.xml
deleted file mode 100644
index 248b1def8de0..000000000000
--- a/src/chrome/content/rules/TechRepublic.xml
+++ /dev/null
@@ -1,98 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://www.techrepublic.com/bundles/techrepubliccore/images/base/header-bg.png (200) => https://techrepublic-a.akamaihd.net/bundles/techrepubliccore/images/base/header-bg.png (400)
-Non-2xx HTTP code: http://www.techrepublic.com/favicon.ico (200) => https://techrepublic-a.akamaihd.net/favicon.ico (400)
-
--->
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.techrepublic.com/favicon.ico => https://techrepublic-a.akamaihd.net/favicon.ico: Too many redirects while fetching 'https://techrepublic-a.akamaihd.net/favicon.ico'
-
-	For problematic rules, see TechRepublic.com-problematic.xml.
-
-	For other CBS coverage, see CBS.xml.
-
-
-	CDN buckets:
-
-		- techrepublic-a.akamaihd.net
-
-
-	Nonfunctional domains:
-
-
-		- techrepublic.com.com		(cert: www.techrepublic.com; 301s there)
-		- i.techrepublic.com.com	(Akamai; 504)
-		- techrepublic.com		(301s to http)
-		- \w+.trstatic.com		(Akamai, "An error occurred")
-
-
-	Problematic domains:
-
-		- www.techrepublic.com *
-
-	* Works, akamai
-
-
-	Partially covered sudomains:
-
-		- www *		(→ techrepublic-a.akamaihd.net)
-
-	* Avoiding user-visible paths
-
-
-	Fully covered subdomains:
-
-		- ^
-		- secure
-
-
-	Mixed content:
-
-		- Images on secure and www from b2b.cbsimg.net *
-		- Images on www from tpr1.cbsistatic.com **
-
-	* Unsecurable <= 504
-	** Secured by us
-
--->
-<ruleset name="TechRepublic.com (partial)" default_off='failed ruleset test'>
-
-	<target host="techrepublic.com" />
-	<target host="secure.techrepublic.com" />
-	<target host="www.techrepublic.com" />
-
-		<exclusion pattern="^http://www\.techrepublic\.com/(?!.+\.(?:ico|jpg|png)(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.techrepublic.com/1.8.20/bundles/techrepubliccore/css/main.css" />
-			<test url="http://www.techrepublic.com/about/" />
-			<test url="http://www.techrepublic.com/blog/" />
-			<test url="http://www.techrepublic.com/pictures/" />
-			<test url="http://www.techrepublic.com/resource-library/downloads/" />
-			<test url="http://www.techrepublic.com/site-map/" />
-			<test url="http://www.techrepublic.com/videos/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.techrepublic.com/bundles/techrepubliccore/images/base/header-bg.png" />
-			<test url="http://www.techrepublic.com/favicon.ico" />
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.techrepublic\.com$" name="^(PHPSESSID|fly_device|fly_edition|fly_geo)$" /-->
-	<!--securecookie host="^(secure|www)\.techrepublic\.com$" name="^techrepublic_ad$" /-->
-
-	<securecookie host="^secure\.techrepublic\.com$" name=".+" />
-
-
-	<rule from="^http://www\.techrepublic\.com/"
-		to="https://techrepublic-a.akamaihd.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TechSay.com.xml b/src/chrome/content/rules/TechSay.com.xml
index 422c900b392d..e33ec8fc4d5d 100644
--- a/src/chrome/content/rules/TechSay.com.xml
+++ b/src/chrome/content/rules/TechSay.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://techsay.com/ => https://techsay.com/: (51, "SSL: no alternat
 		- www.techsay.com
 
 -->
-<ruleset name="TechSay.com" default_off='failed ruleset test'>
+<ruleset name="TechSay.com" default_off="failed ruleset test">
 
 	<target host="techsay.com" />
 	<target host="www.techsay.com" />
diff --git a/src/chrome/content/rules/TechStage.de.xml b/src/chrome/content/rules/TechStage.de.xml
new file mode 100644
index 000000000000..1ccf16507454
--- /dev/null
+++ b/src/chrome/content/rules/TechStage.de.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- live.techstage.de
+-->
+<ruleset name="TechStage.de">
+
+	<target host="techstage.de" />
+	<target host="www.techstage.de" />
+	<target host="preisvergleich.techstage.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TechVerse.xml b/src/chrome/content/rules/TechVerse.xml
index fccec383db55..0b82c67fb6f7 100644
--- a/src/chrome/content/rules/TechVerse.xml
+++ b/src/chrome/content/rules/TechVerse.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?techverse\.com\.au/(chat/|images/|index\.php\?(?:.+&amp;)?_a=(?:login|reg)|language/|skins/)"
 		to="https://techverse.com.au/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TechWeb.xml b/src/chrome/content/rules/TechWeb.xml
index 90f433b88fba..d1794776d7a7 100644
--- a/src/chrome/content/rules/TechWeb.xml
+++ b/src/chrome/content/rules/TechWeb.xml
@@ -36,7 +36,7 @@ Fetch error: http://techwebonlineevents.com/ => https://www.techwebonlineevents.
 			- ng
 
 -->
-<ruleset name="TechWeb (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="TechWeb (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="store.drdobbs.com" />
 	<target host="gamasutra.com" />
@@ -65,7 +65,7 @@ Fetch error: http://techwebonlineevents.com/ => https://www.techwebonlineevents.
 	<!--	darkreading/ data are also available in i.cmpnet.com/infoweek/security/darkreading/seo/
 					-->
 	<rule from="^http://img\.lightreading\.com/"
-		to="https://d2x7anl33w5mmo.cloudfront.net/" />
+		to="https://img.lightreading.com/" />
 
 	<rule from="^http://payment\.lightreading\.com/"
 		to="https://payment.lightreading.com/" />
diff --git a/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml b/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml
index 9f91c977a0a2..b0314a8a9d32 100644
--- a/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml
+++ b/src/chrome/content/rules/Tech_Tools_for_Activism.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://techtoolsforactivism.org/ => https://techtoolsforactivism.or
 Fetch error: http://www.techtoolsforactivism.org/ => https://www.techtoolsforactivism.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.techtoolsforactivism.org'")
 
 -->
-<ruleset name="Tech Tools for Activism.org" default_off='failed ruleset test'>
+<ruleset name="Tech Tools for Activism.org" default_off="failed ruleset test">
 
 	<target host="techtoolsforactivism.org" />
 	<target host="www.techtoolsforactivism.org" />
diff --git a/src/chrome/content/rules/Techendo.com.xml b/src/chrome/content/rules/Techendo.com.xml
index 98bedb9eff00..979c2c4f6f99 100644
--- a/src/chrome/content/rules/Techendo.com.xml
+++ b/src/chrome/content/rules/Techendo.com.xml
@@ -5,7 +5,9 @@
 <ruleset name="Techendo.com">
 
 	<target host="techendo.com" />
-	<target host="*.techendo.com" />
+	<target host="www.techendo.com" />
+	<target host="beta.techendo.com" />
+	<target host="store.techendo.com" />
 
 
 	<!--	Not secured by server:
@@ -18,7 +20,6 @@
 	<rule from="^http://(?:www\.)?techendo\.com/"
 		to="https://www.techendo.com/" />
 
-	<rule from="^http://(beta|store)\.techendo\.com/"
-		to="https://$1.techendo.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Techmeme.com.xml b/src/chrome/content/rules/Techmeme.com.xml
index c6951e3c6823..cef137c68a7f 100644
--- a/src/chrome/content/rules/Techmeme.com.xml
+++ b/src/chrome/content/rules/Techmeme.com.xml
@@ -5,16 +5,16 @@
 			 - ftp.techmeme.com
 			 - mail.techmeme.com
 			 - news.techmeme.com
-			 - search.techmeme.com 
+			 - search.techmeme.com
 -->
 <ruleset name="Techmeme.com">
 	<target host="techmeme.com" />
 	<target host="www.techmeme.com" />
 	<target host="search.techmeme.com" />
-	
+
 	<rule from="^http://search\.techmeme\.com/"
 		  	to="https://www.techmeme.com/search/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Technical-University-of-Denmark.xml b/src/chrome/content/rules/Technical-University-of-Denmark.xml
index abfd9b9b5766..bf4b105ccfc3 100644
--- a/src/chrome/content/rules/Technical-University-of-Denmark.xml
+++ b/src/chrome/content/rules/Technical-University-of-Denmark.xml
@@ -41,7 +41,7 @@ Fetch error: http://www.portalen.dtu.dk/ => https://portalen.dtu.dk/: (7, 'Faile
 		- www.portalen.dtu.dk
 
 -->
-<ruleset name="DTU.dk (partial)" default_off='failed ruleset test'>
+<ruleset name="DTU.dk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Technical-University-of-Lisbon.xml b/src/chrome/content/rules/Technical-University-of-Lisbon.xml
index 9b7d0b3d9783..a6bf979ebe3d 100644
--- a/src/chrome/content/rules/Technical-University-of-Lisbon.xml
+++ b/src/chrome/content/rules/Technical-University-of-Lisbon.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://utl.pt/ => https://www.utl.pt/: (6, 'Could not resolve host: utl.pt')
 Non-2xx HTTP code: http://www.utl.pt/ (200) => https://www.utl.pt/ (401)
 -->
-<ruleset name="Technical University of Lisbon" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Technical University of Lisbon" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="utl.pt" />
 	<target host="ist.utl.pt" />
diff --git a/src/chrome/content/rules/Technical.ly.xml b/src/chrome/content/rules/Technical.ly.xml
index a95a9907b587..49bd09c47cfc 100644
--- a/src/chrome/content/rules/Technical.ly.xml
+++ b/src/chrome/content/rules/Technical.ly.xml
@@ -7,12 +7,12 @@ Fetch error: http://www.technical.ly/organization/accessmd-com/ => https://www.t
 Fetch error: http://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/ => https://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/: Too many redirects while fetching 'https://www.technical.ly/philly/2016/03/11/federal-open-source-policy-philadelphia/'
 
 -->
-<ruleset name="Technical.ly (partial)" default_off='failed ruleset test'>
+<ruleset name="Technical.ly (partial)" default_off="failed ruleset test">
 	<target host="technical.ly" />
 	<target host="www.technical.ly" />
 	<target host="rise.technical.ly" />
 
-	<!-- 
+	<!--
 	These paths redirect to http:
 		- $
 		- 2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/$
@@ -27,7 +27,7 @@ Fetch error: http://www.technical.ly/philly/2016/03/11/federal-open-source-polic
 		- post-a-job/$
 	-->
 	<exclusion pattern="^http://(www\.)?technical\.ly/(\?|\d{4}/\d\d/\d\d/|about/|advertising/|category/|contact-us/|directory/|ethics/|jobs/|organization/|post-a-job/)?$" />
-	
+
 	<test url="http://technical.ly/" />
 	<test url="http://technical.ly/2013/03/12/founder-institute-boasts-helping-to-launch-750-startups-in-40-cities-infographic/" />
 	<test url="http://technical.ly/about/" />
diff --git a/src/chrome/content/rules/Technical_Community.com.xml b/src/chrome/content/rules/Technical_Community.com.xml
deleted file mode 100644
index ebdd3baa255a..000000000000
--- a/src/chrome/content/rules/Technical_Community.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	^technicalcommunity.com: Dropped
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.technicalcommunity.com
-
--->
-<ruleset name="Technical Community.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.technicalcommunity.com" />
-
-	<!--	Complications:
-				-->
-	<target host="technicalcommunity.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.technicalcommunity\.com$" name="^(ASP\.NET_SessionId|returnurl)$" /-->
-
-	<securecookie host="^www\.technicalcommunity\.com$" name=".+" />
-
-
-	<rule from="^http://technicalcommunity\.com/"
-		to="https://www.technicalcommunity.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Technical_University_Munich.xml b/src/chrome/content/rules/Technical_University_Munich.xml
index 7c16b97c8be1..d24b125ba067 100644
--- a/src/chrome/content/rules/Technical_University_Munich.xml
+++ b/src/chrome/content/rules/Technical_University_Munich.xml
@@ -50,11 +50,23 @@ Fetch error: http://ias.cs.tum.edu/ => https://ias.cs.tum.edu/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="Technical University Munich (partial)" default_off='failed ruleset test'>
-
-	<target host="*.tum.de" />
+<ruleset name="Technical University Munich (partial)" default_off="failed ruleset test">
+
+	<target host="www.tum.de" />
+	<target host="www.lehre.tum.de" />
+	<target host="www.lehren.tum.de" />
+	<target host="www.piwik.tum.de" />
+	<target host="in.tum.de" />
+	<target host="ias.in.tum.de" />
+	<target host="sec.in.tum.de" />
+	<target host="www.in.tum.de" />
+	<target host="www21.in.tum.de" />
+	<target host="mediatum.ub.tum.de" />
 	<target host="ias.cs.tum.edu" />
-	<target host="*.tu-muenchen.de" />
+	<target host="ias.informatik.tu-muenchen.de" />
+	<target host="mailmanbroy.informatik.tu-muenchen.de" />
+	<target host="www.tu-muenchen.de" />
+	<target host="isabelle.in.tum.de" />
 
 
 	<!--	Not secured by server:
@@ -67,19 +79,6 @@ Fetch error: http://ias.cs.tum.edu/ => https://ias.cs.tum.edu/: (60, 'SSL certif
 	<securecookie host="^(?:www|ias\.informatik)\.tu-muenchen\.de$" name=".+" />
 
 
-	<rule from="^http://www(\.lehren?|\.piwik)?\.tum\.de/"
-		to="https://www$1.tum.de/" />
-
-	<rule from="^http://((?:(?:ias|sec|www|www21)\.)?in|mediatum\.ub)\.tum\.de/"
-		to="https://$1.tum.de/" />
-
-	<rule from="^http://ias\.cs\.tum\.edu/"
-		to="https://ias.cs.tum.edu/" />
-
-	<rule from="^http://((?:ias|mailmanbroy)\.informatik|www)\.tu-muenchen\.de/"
-		to="https://$1.tu-muenchen.de/" />
-
-	<rule from="^http://isabelle\.in\.tum\.de/"
-		to="https://isabelle.in.tum.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Technik.cafe.xml b/src/chrome/content/rules/Technik.cafe.xml
new file mode 100644
index 000000000000..64bfdef59363
--- /dev/null
+++ b/src/chrome/content/rules/Technik.cafe.xml
@@ -0,0 +1,8 @@
+<ruleset name="Technik.cafe" default_off="cert-chain">
+	<target host="technik.cafe" />
+	<target host="www.technik.cafe" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Technische_Universitat_Berlin.xml b/src/chrome/content/rules/Technische_Universitat_Berlin.xml
index c570f4f4e0a5..8a8d1a5a9bf0 100644
--- a/src/chrome/content/rules/Technische_Universitat_Berlin.xml
+++ b/src/chrome/content/rules/Technische_Universitat_Berlin.xml
@@ -177,4 +177,4 @@
 	<rule from="^http://autodiscover\.tu-berlin\.de/"
 		to="https://exchange.tu-berlin.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Techopedia.com.xml b/src/chrome/content/rules/Techopedia.com.xml
index 715362edf7e3..5578ce0409a6 100644
--- a/src/chrome/content/rules/Techopedia.com.xml
+++ b/src/chrome/content/rules/Techopedia.com.xml
@@ -18,7 +18,8 @@ Fetch error: http://techopedia.com/ => https://www.techopedia.com/: (28, 'Connec
 <ruleset name="Techopedia.com">
 
 	<target host="techopedia.com" />
-	<target host="*.techopedia.com" />
+	<target host="www.techopedia.com" />
+	<target host="cms.techopedia.com" />
 
 
 	<securecookie host="^(?:cms|www)?\.techopedia\.com$" name=".+" />
@@ -27,7 +28,6 @@ Fetch error: http://techopedia.com/ => https://www.techopedia.com/: (28, 'Connec
 	<rule from="^http://(?:www\.)?techopedia\.com/"
 		to="https://www.techopedia.com/" />
 
-	<rule from="^http://cms\.techopedia\.com/"
-		to="https://cms.techopedia.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Techquila.co.in.xml b/src/chrome/content/rules/Techquila.co.in.xml
new file mode 100644
index 000000000000..cfa818699228
--- /dev/null
+++ b/src/chrome/content/rules/Techquila.co.in.xml
@@ -0,0 +1,9 @@
+<ruleset name="Techquila.co.in">
+	<target host="techquila.co.in" />
+	<target host="www.techquila.co.in" />
+	<target host="team.techquila.co.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Techreport.com.xml b/src/chrome/content/rules/Techreport.com.xml
index 2344e27ba42d..26a8f609423a 100644
--- a/src/chrome/content/rules/Techreport.com.xml
+++ b/src/chrome/content/rules/Techreport.com.xml
@@ -36,5 +36,5 @@
 
 
 	<rule from="^http:" to="https:" />
-  
+
 </ruleset>
diff --git a/src/chrome/content/rules/Techstats.net.xml b/src/chrome/content/rules/Techstats.net.xml
deleted file mode 100644
index accf637b0003..000000000000
--- a/src/chrome/content/rules/Techstats.net.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="techstats.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="affiliate.techstats.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Teddy_Online_Judge.net.xml b/src/chrome/content/rules/Teddy_Online_Judge.net.xml
index 62800eca99b8..207c47770498 100644
--- a/src/chrome/content/rules/Teddy_Online_Judge.net.xml
+++ b/src/chrome/content/rules/Teddy_Online_Judge.net.xml
@@ -8,7 +8,7 @@
 		- www.teddyonlinejudge.net
 
 -->
-<ruleset name="Teddy Online Judge.net" default_off="missing certificate chain">
+<ruleset name="Teddy Online Judge.net" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TeenDriverSource.org.xml b/src/chrome/content/rules/TeenDriverSource.org.xml
index f3a4b27b7d97..0ed09385492e 100644
--- a/src/chrome/content/rules/TeenDriverSource.org.xml
+++ b/src/chrome/content/rules/TeenDriverSource.org.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://teendriversource.org/ => https://teendriversource.org/: Cycle detected - URL already encountered: https://www.teendriversource.org/
 Fetch error: http://www.teendriversource.org/ => https://www.teendriversource.org/: Cycle detected - URL already encountered: https://www.teendriversource.org/
 -->
-<ruleset name="TeenDriverSource.org" default_off='failed ruleset test'>
+<ruleset name="TeenDriverSource.org" default_off="failed ruleset test">
 
 	<target host="teendriversource.org" />
 	<target host="www.teendriversource.org" />
@@ -19,4 +19,4 @@ Fetch error: http://www.teendriversource.org/ => https://www.teendriversource.or
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teen_Revenue.com.xml b/src/chrome/content/rules/Teen_Revenue.com.xml
index 09e7936a3470..7545f2f274d0 100644
--- a/src/chrome/content/rules/Teen_Revenue.com.xml
+++ b/src/chrome/content/rules/Teen_Revenue.com.xml
@@ -8,7 +8,8 @@
 <ruleset name="Teen Revenue.com" default_off="mismatched">
 
 	<target host="teenrevenue.com" />
-	<target host="*.teenrevenue.com" />
+	<target host="nats.teenrevenue.com" />
+	<target host="www.teenrevenue.com" />
 
 
 	<securecookie host="^nats\.teenrevenue\.com$" name=".+" />
@@ -17,4 +18,4 @@
 	<rule from="^http://(?:nats\.|www\.)?teenrevenue\.com/"
 		to="https://nats.teenrevenue.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teevox.com.xml b/src/chrome/content/rules/Teevox.com.xml
index 2917251664ee..caef61ce41c3 100644
--- a/src/chrome/content/rules/Teevox.com.xml
+++ b/src/chrome/content/rules/Teevox.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.teevox.com/ => https://www.teevox.com/: (51, "SSL: no al
 	ˢ Secured by us
 
 -->
-<ruleset name="Teevox.com" default_off='failed ruleset test'>
+<ruleset name="Teevox.com" default_off="failed ruleset test">
 
 	<target host="teevox.com" />
 	<target host="www.teevox.com" />
diff --git a/src/chrome/content/rules/Tek_Syndicate.com.xml b/src/chrome/content/rules/Tek_Syndicate.com.xml
index 2afe57ef4edc..61ecc76a9f7d 100644
--- a/src/chrome/content/rules/Tek_Syndicate.com.xml
+++ b/src/chrome/content/rules/Tek_Syndicate.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://newton.teksyndicate.com/ => https://newton.teksyndicate.com/
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Tek Syndicate.com" default_off='failed ruleset test'>
+<ruleset name="Tek Syndicate.com" default_off="failed ruleset test">
 
 	<target host="teksyndicate.com" />
 	<target host="forum.teksyndicate.com" />
diff --git a/src/chrome/content/rules/TelMasters.xml b/src/chrome/content/rules/TelMasters.xml
index 3f7e7f795b75..96e9e0623177 100644
--- a/src/chrome/content/rules/TelMasters.xml
+++ b/src/chrome/content/rules/TelMasters.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://telmasters.com/ => https://telmasters.com/: (51, "SSL: no alternative certificate subject name matches target host name 'telmasters.com'")
 
 -->
-<ruleset name="TelMasters" default_off='failed ruleset test'>
+<ruleset name="TelMasters" default_off="failed ruleset test">
 
 	<target host="telmasters.com" />
 	<target host="www.telmasters.com" />
diff --git a/src/chrome/content/rules/Tele-TASK.xml b/src/chrome/content/rules/Tele-TASK.xml
index b340c561f5de..5ec0ca597194 100644
--- a/src/chrome/content/rules/Tele-TASK.xml
+++ b/src/chrome/content/rules/Tele-TASK.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://www\.tele-task\.de/"
 		to="https://www.tele-task.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tele2.lt.xml b/src/chrome/content/rules/Tele2.lt.xml
index 8c05eee2b38b..95101f5b1cd8 100644
--- a/src/chrome/content/rules/Tele2.lt.xml
+++ b/src/chrome/content/rules/Tele2.lt.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://loyaloop.tele2.lt/ => https://loyaloop.tele2.lt/: (7, 'Failed to connect to loyaloop.tele2.lt port 443: No route to host')
 
 	Unsupported subdomains:
-		
+
 		- pagalba.tele2.lt *
 		- narsyk.tele2.lt *
 		- pyptonas.tele2.lt **
@@ -16,19 +16,19 @@ Fetch error: http://loyaloop.tele2.lt/ => https://loyaloop.tele2.lt/: (7, 'Faile
 		- parkuok.tele2.lt ***
 		- internetas.tele2.lt ***
 		- editorial.tele2.lt ***
-		
+
 	* 404s on HTTPS
 	** Connection fails, times out, or is refused on HTTPS
 	*** Invalid certificate
 -->
-<ruleset name="Tele2.lt" default_off='failed ruleset test'>
+<ruleset name="Tele2.lt" default_off="failed ruleset test">
 	<target host="www.tele2.lt" />
 	<target host="tele2.lt" />
 	<target host="cdn.tele2.lt" />
 	<target host="mano.tele2.lt" />
 	<target host="loyaloop.tele2.lt" />
-	
-		
+
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Telebrands.xml b/src/chrome/content/rules/Telebrands.xml
index c1502417d416..8af43a4164d0 100644
--- a/src/chrome/content/rules/Telebrands.xml
+++ b/src/chrome/content/rules/Telebrands.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telecolumbus.com.xml b/src/chrome/content/rules/Telecolumbus.com.xml
index a460e3cbba56..d143b8634f92 100644
--- a/src/chrome/content/rules/Telecolumbus.com.xml
+++ b/src/chrome/content/rules/Telecolumbus.com.xml
@@ -2,11 +2,11 @@
     <target host="telecolumbus.com" />
     <target host="www.telecolumbus.com" />
     <target host="ir.telecolumbus.com" />
-    
+
     <target host="telecolumbus.de" />
     <target host="www.telecolumbus.de" />
     <target host="wohnungsunternehmen.telecolumbus.de" />
-    
+
     <target host="service.telecolumbus.net" />
     <target host="webmailer.telecolumbus.net" />
 
diff --git a/src/chrome/content/rules/Telecommunications-Industry-Ombudsman-mixedcontent.xml b/src/chrome/content/rules/Telecommunications-Industry-Ombudsman-mixedcontent.xml
deleted file mode 100644
index c3e81c101aea..000000000000
--- a/src/chrome/content/rules/Telecommunications-Industry-Ombudsman-mixedcontent.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!--
-	For non-mixed content rules, see Telecommunications-Industry-Ombudsman.xml.
--->
-<ruleset name="Telecommunications Industry Ombudsman (mixed content)" platform="mixedcontent">
-
-	<target host="members.tio.com.au" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Telefonica.xml b/src/chrome/content/rules/Telefonica.xml
index e549475052ef..170a2633e0a5 100644
--- a/src/chrome/content/rules/Telefonica.xml
+++ b/src/chrome/content/rules/Telefonica.xml
@@ -1,36 +1,5 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://i.o2active.cz/ => https://i.o2active.cz/: (51, "SSL: no alternative certificate subject name matches target host name 'i.o2active.cz'")
-Fetch error: http://mail.o2active.cz/ => https://mail.o2active.cz/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://o2extra.cz/ => https://www.o2extra2.cz/: (6, 'Could not resolve host: www.o2extra2.cz')
-Fetch error: http://www.o2extra.cz/ => https://www.o2extra2.cz/: (6, 'Could not resolve host: www.o2extra2.cz')
-Fetch error: http://o2shop.cz/ => https://www.o2shop2.cz/: (6, 'Could not resolve host: www.o2shop2.cz')
-Fetch error: http://www.o2shop.cz/ => https://www.o2shop2.cz/: (6, 'Could not resolve host: www.o2shop2.cz')
-Fetch error: http://o2tv.cz/ => https://www.o22.cz/: (6, 'Could not resolve host: www.o22.cz')
-Fetch error: http://www.o2tv.cz/ => https://www.o22.cz/: (6, 'Could not resolve host: www.o22.cz')
-Fetch error: http://o2-tv.cz/ => https://www.o22.cz/: (6, 'Could not resolve host: www.o22.cz')
-Fetch error: http://www.o2-tv.cz/ => https://www.o22.cz/: (6, 'Could not resolve host: www.o22.cz')
-Fetch error: http://telefonica.cz/ => https://www.telefonica.cz/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.telefonica.cz/ => https://www.telefonica.cz/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://bethere.co.uk/ => https://www.bethere.co.uk/: (7, 'Failed to connect to www.bethere.co.uk port 443: Connection timed out')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://i.o2active.cz/ => https://i.o2active.cz/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://o2extra.cz/ => https://www.o2extra2.cz/: (6, 'Could not resolve host: www.o2extra2.cz')
-Fetch error: http://www.o2extra.cz/ => https://www.o2extra2.cz/: (6, 'Could not resolve host: www.o2extra2.cz')
-Fetch error: http://o2shop.cz/ => https://www.o2shop2.cz/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.o2shop.cz/ => https://www.o2shop2.cz/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://o2tv.cz/ => https://www.o22.cz/: (28, 'Connection timed out after 10001 milliseconds')
-Fetch error: http://www.o2tv.cz/ => https://www.o22.cz/: (28, 'Connection timed out after 10001 milliseconds')
-Fetch error: http://o2-tv.cz/ => https://www.o22.cz/: (28, 'Connection timed out after 10001 milliseconds')
-Fetch error: http://www.o2-tv.cz/ => https://www.o22.cz/: (28, 'Connection timed out after 10000 milliseconds')
-Fetch error: http://bethere.co.uk/ => https://www.bethere.co.uk/: (7, 'Failed to connect to bethere.co.uk port 80: Connection timed out')
-Fetch error: http://o2.sk/ => https://www.o2.sk/: (18, 'transfer closed with 69 bytes remaining to read')
-Fetch error: http://www.o2.sk/ => https://www.o2.sk/: (18, 'transfer closed with 69 bytes remaining to read')
-	For problematic rules, see Telefonica-mismatches.xml.
-
-
 	Other Telefónica rulesets:
 
 		- O2_online.de.xml
@@ -50,81 +19,39 @@ Fetch error: http://www.o2.sk/ => https://www.o2.sk/: (18, 'transfer closed with
 		- static2.o2.de
 
 -->
-<ruleset name="Telefónica (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Telefónica (partial)" platform="mixedcontent">
 
 	<target host="chcidoo2.cz"/>
 	<target host="www.chcidoo2.cz"/>
-	<target host="cz.o2.com"/>
-	<target host="www.cz.o2.com"/>
+	<target host="kariera.o2.cz"/>
 	<target host="o2.cz"/>
-	<target host="*.o2.cz"/>
-	<target host="*.o2.de" />
-	<target host="i.o2active.cz"/>
-	<target host="mail.o2active.cz"/>
-	<target host="o2extra.cz"/>
-	<target host="www.o2extra.cz"/>
-	<target host="o2shop.cz"/>
-	<target host="www.o2shop.cz"/>
+	<target host="moje.o2.cz" />
+	<target host="www.o2.cz" />
+	<target host="static.o2.de" />
+	<target host="static2.o2.de" />
+	<target host="o2extravyhody.cz"/>
+	<target host="www.o2extravyhody.cz"/>
+	<target host="o2knihovna.cz"/>
+	<target host="www.o2knihovna.cz"/>
+	<target host="o2vyhody.cz"/>
+	<target host="www.o2vyhody.cz"/>
 	<target host="o2tv.cz"/>
 	<target host="www.o2tv.cz"/>
-	<target host="o2-tv.cz"/>
-	<target host="www.o2-tv.cz"/>
 	<target host="odmenazadobiti.cz"/>
 	<target host="www.odmenazadobiti.cz"/>
-	<target host="telefonica.cz"/>
-	<target host="www.telefonica.cz"/>
 
-	<target host="bethere.co.uk"/>
-	<target host="*.bethere.co.uk"/>
-	<target host="windows.mouselike.org"/>
 	<target host="o2.co.uk"/>
 	<target host="www.o2.co.uk"/>
 
 	<target host="o2.sk" />
 	<target host="www.o2.sk" />
 
-	<securecookie host="^(?:.*\.)?bethere\.co\.uk$" name=".+" />
-	<securecookie host="^www\.(?:chcidoo2|telefonica)\.cz$" name=".+" />
-	<securecookie host="^(?:moje|sso|\.?www)?\.o2\.cz$" name=".+" />
-	<securecookie host="^mail\.o2active\.cz$" name=".+" />
-	<securecookie host="^www\.o2(?:extra|shop|tv)\.cz$" name=".+" />
+	<securecookie host="^www\.(?:chcidoo2)\.cz$" name=".+" />
+	<securecookie host="^(?:moje|\.?www)?\.o2\.cz$" name=".+" />
+	<securecookie host="^www\.o2(?:extravyhody|tv)\.cz$" name=".+" />
 	<securecookie host="^(?:www\.)?odmenazabobiti\.cz$" name=".+" />
 
-
-	<rule from="^http://bethere\.co\.uk/"
-		to="https://www.bethere.co.uk/"/>
-
-	<rule from="^http://(avatar|help|www)\.bethere\.co\.uk/"
-		to="https://$1.bethere.co.uk/"/>
-
-	<rule from="^http://(?:www\.)?(chcidoo2|telefonica)\.cz/"
-		to="https://www.$1.cz/"/>
-
-	<rule from="^http://windows\.mouselike\.org/"
-		to="https://windows.mouselike.org/"/>
-
-	<rule from="^http://(?:(?:www\.)?cz\.o2\.com|o2\.cz)/"
-		to="https://www.o2.cz/"/>
-
-	<rule from="^http://(moje|www)\.o2\.cz/"
-		to="https://$1.o2.cz/"/>
-
-	<rule from="^http://static(2)?\.o2\.de/"
-		to="https://static$1.o2.de/" />
-
-	<rule from="^http://(i|mail)\.o2active\.cz/"
-		to="https://$1.o2active.cz/"/>
-
-	<rule from="^http://(?:www\.)?o2(?:(extra|shop)|(?:-)?(tv))\.cz/"
-		to="https://www.o2$12.cz/"/>
-
-	<rule from="^http://(www\.)?odmenazadobiti\.cz/"
-		to="https://$1odmenazadobiti.cz/"/>
-
-
-	<rule from="^http://(?:www\.)?o2\.co\.uk/favicon\.ico"
-		to="https://www.o2.co.uk/favicon.ico"/>
-
-	<rule from="^http://(?:www\.)?o2\.sk/" to="https://www.o2.sk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telegr.am.xml b/src/chrome/content/rules/Telegr.am.xml
index 5bb90927a31b..1c3c337bcd54 100644
--- a/src/chrome/content/rules/Telegr.am.xml
+++ b/src/chrome/content/rules/Telegr.am.xml
@@ -1,7 +1,9 @@
 <ruleset name="Telegr.am">
 
 	<target host="telegr.am" />
-	<target host="*.telegr.am" />
+	<target host="blog.telegr.am" />
+	<target host="howto.telegr.am" />
+	<target host="www.telegr.am" />
 
 
 	<!--	Not secured by server:
@@ -11,7 +13,6 @@
 	<securecookie host="^telegr\.am$" name=".+" />
 
 
-	<rule from="^http://((?:blog|howto|www)\.)?telegr\.am/"
-		to="https://$1telegr.am/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telegram.com.xml b/src/chrome/content/rules/Telegram.com.xml
index 804970640b39..b4e1e4bb63d2 100644
--- a/src/chrome/content/rules/Telegram.com.xml
+++ b/src/chrome/content/rules/Telegram.com.xml
@@ -7,7 +7,8 @@
 <ruleset name="Telegram.com (partial)">
 
 	<target host="telegram.com" />
-	<target host="*.telegram.com" />
+	<target host="www.telegram.com" />
+	<target host="home.telegram.com" />
 
 
 	<securecookie host="^home\.telegram\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Telegram.me.xml b/src/chrome/content/rules/Telegram.me.xml
index 2af9236ae5f0..7f6acf845553 100644
--- a/src/chrome/content/rules/Telegram.me.xml
+++ b/src/chrome/content/rules/Telegram.me.xml
@@ -1,5 +1,8 @@
 <!--
-	For other Telegram coverage, see Telegram.org.xml.
+	Other Telegram rulesets:
+		- Tdesktop.com.xml
+		- t.me.xml
+		- Telegram.wiki.xml
 
 -->
 <ruleset name="Telegram.me">
diff --git a/src/chrome/content/rules/Telegram.org.xml b/src/chrome/content/rules/Telegram.org.xml
deleted file mode 100644
index 432c6023d761..000000000000
--- a/src/chrome/content/rules/Telegram.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Other Telegram rulesets:
-
-		- Tdesktop.com.xml
-		- Telegram.me.xml
-		- Telegram.wiki.xml
-
--->
-<ruleset name="Telegram.org">
-	<target host="telegram.org" />
-	<target host="www.telegram.org" />
-	<target host="core.telegram.org" />
-	<target host="desktop.telegram.org" />
-	<target host="web.telegram.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"	to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Telegram.wiki.xml b/src/chrome/content/rules/Telegram.wiki.xml
index 1a9d65d0b1f5..f81e4c1a29ca 100644
--- a/src/chrome/content/rules/Telegram.wiki.xml
+++ b/src/chrome/content/rules/Telegram.wiki.xml
@@ -1,17 +1,17 @@
-<!--
-	For other Telegram coverage, see Telegram.org.xml.
-
-	Mismatch:
-		ip
-		data
-		www
--->
-<ruleset name="Telegram Wiki">
-	<target host="telegram.wiki" />
-	<target host="www.telegram.wiki" />
-
-	<rule from="^http://www\.telegram\.wiki/"
-		to="https://telegram.wiki/" />
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
+<!--
+	For other Telegram coverage, see Telegram.me.xml.
+
+	Mismatch:
+		ip
+		data
+		www
+-->
+<ruleset name="Telegram Wiki">
+	<target host="telegram.wiki" />
+	<target host="www.telegram.wiki" />
+
+	<rule from="^http://www\.telegram\.wiki/"
+		to="https://telegram.wiki/" />
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telegraph-Media-Group.xml b/src/chrome/content/rules/Telegraph-Media-Group.xml
index b124440e2053..e2b455747305 100644
--- a/src/chrome/content/rules/Telegraph-Media-Group.xml
+++ b/src/chrome/content/rules/Telegraph-Media-Group.xml
@@ -1,8 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co.uk/: (6, 'Could not resolve host: webtrends.telegraph.co.uk')
-
 	Telegraph Media Group
 
 	For problematic rules, see Telegraph-Media-Group-mismatches.xml.
@@ -10,10 +6,6 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 
 	CDN buckets:
 
-		- telegraph.webtrends.akadns.net
-
-			- webtrends.telegraph.co.uk
-
 		- (wac.437a|gs1.wac).edgecastcdn.net/00437A/telegraph/fantasycricket/
 
 			- i.fantasyfootball.telegraph.co.uk
@@ -38,7 +30,6 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 
 	Nonfunctional domains:
 
-		- ^ ¹
 		- blogs *
 		- courses ʳ
 		- dating **
@@ -53,7 +44,6 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 		- shares	(refused)
 		- subscriber *
 		- tickets	(tixdaq.com)
-		- www ***
 
 	¹ 503, Akamai
 	* 504, akamai
@@ -64,8 +54,11 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 
 	Problematic subdomains:
 
+		- i.fantasycricket (mismatched)
+		- i.fantasyracing  (mismatched)
 		- fantasygames ¹
 		- fashionshop	(works; mismatched, CN: shop.look.co.uk)
+		- fbapp (mismatched)
 		- m ³
 		- s ³
 		- blogs.uat ³
@@ -85,7 +78,6 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 		- announcements.telegraph.co.uk
 		- fantasyracing.telegraph.co.uk
 		- reporting.shop.telegraph.co.uk
-		- webtrends.telegraph.co.uk
 
 
 	Mixed content:
@@ -95,60 +87,24 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 	* Secured by us
 
 -->
-<ruleset name="Telegraph.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Telegraph.co.uk (partial)">
 
 	<!--	Direct rewrites:
 				-->
+	<target host="telegraph.co.uk" />
+	<target host="www.telegraph.co.uk" />
 	<target host="announcements.telegraph.co.uk" />
 	<target host="auth.telegraph.co.uk" />
-	<target host="fbapp.telegraph.co.uk" />
-	<target host="fbapp.uat.telegraph.co.uk" />
 	<target host="fantasycricket.telegraph.co.uk" />
-	<target host="i.fantasycricket.telegraph.co.uk" />
 	<target host="fantasyfootball.telegraph.co.uk" />
 	<target host="i.fantasyfootball.telegraph.co.uk" />
 	<!--target host="fantasygames.telegraph.co.uk" /-->
 	<target host="fantasyracing.telegraph.co.uk" />
-	<target host="i.fantasyracing.telegraph.co.uk" />
 	<target host="secure.i.telegraph.co.uk" />
 	<target host="jobs.telegraph.co.uk" />
 	<target host="recruiters.jobs.telegraph.co.uk" />
 	<target host="secure.s.telegraph.co.uk" />
 	<target host="shop.telegraph.co.uk" />
-	<target host="reporting.shop.telegraph.co.uk" />
-	<target host="secure.i.uat1.telegraph.co.uk" />
-	<target host="webtrends.telegraph.co.uk" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://shop\.telegraph\.co\.uk/telegraph-index\.cfm" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://shop\.telegraph\.co\.uk/+(?!$|_imagesDM/|_images[TX]/|DNTEMP/Photos/|account_login\.cfm|feefo/xmltoxsl/|telegraph\.css)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://shop.telegraph.co.uk/buy/miscellaneous/aluminium-wallet/80/no/100121" />
-			<test url="http://shop.telegraph.co.uk/shop/sw-jumpers/cashmere-mix/80/8488" />
-			<test url="http://shop.telegraph.co.uk/telegraph-contactus.cfm" />
-			<test url="http://shop.telegraph.co.uk/telegraph-delivery.cfm" />
-			<test url="http://shop.telegraph.co.uk/telegraph-faq.cfm" />
-			<test url="http://shop.telegraph.co.uk/telegraph-gifts.cfm" />
-			<test url="http://shop.telegraph.co.uk/telegraph-index.cfm" />
-			<test url="http://shop.telegraph.co.uk/telegraph-mobility.cfm" />
-			<test url="http://shop.telegraph.co.uk/telegraph-reviews.cfm" />
-			<test url="http://shop.telegraph.co.uk/viewcart.cfm" />
-
-			<!--	-ve:
-					-->
-			<test url="http://shop.telegraph.co.uk/_imagesDM/feefo-grey.png" />
-			<test url="http://shop.telegraph.co.uk/_imagesT/telegraph_logo.png" />
-			<test url="http://shop.telegraph.co.uk/_imagesX/plus.png" />
-			<test url="http://shop.telegraph.co.uk/account_login.cfm" />
-			<test url="http://shop.telegraph.co.uk/feefo/xmltoxsl/plus.gif" />
-			<test url="http://shop.telegraph.co.uk/telegraph.css" />
-
 
 	<!--	Not secured by server:
 					-->
@@ -161,7 +117,7 @@ Fetch error: http://webtrends.telegraph.co.uk/ => https://webtrends.telegraph.co
 	<!--	Tracking cookies:
 					-->
 	<securecookie host="^\.(?:\w+\.)?telegraph\.co\.uk$" name="^(?:tmg_web_trends|__utm\w)$" />
-	<securecookie host="^(?:announcements|fantasyracing|jobs|recruiters\.jobs|reporting\.shop|webtrends)\.telegraph\.co\.uk$" name=".+" />
+	<securecookie host="^(?:announcements|jobs|recruiters\.jobs)\.telegraph\.co\.uk$" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Telekom-Malaysia.xml b/src/chrome/content/rules/Telekom-Malaysia.xml
index 336b8aaab898..fa15e32c5545 100644
--- a/src/chrome/content/rules/Telekom-Malaysia.xml
+++ b/src/chrome/content/rules/Telekom-Malaysia.xml
@@ -11,7 +11,7 @@ Fetch error: http://tmshop.tm.com.my/ => https://tmshop.tm.com.my/: Too many red
 		- securevpn	(self-signed)
 
 -->
-<ruleset name="Telekom Malaysia" default_off='failed ruleset test'>
+<ruleset name="Telekom Malaysia" default_off="failed ruleset test">
 	<target host=            "tm.com.my" />
 	<target host=        "www.tm.com.my" />
 	<target host=       "cams.tm.com.my" />
diff --git a/src/chrome/content/rules/Telekom-Partnerwelt.de.xml b/src/chrome/content/rules/Telekom-Partnerwelt.de.xml
index 43fe06e7dec3..e0eb8df945f7 100644
--- a/src/chrome/content/rules/Telekom-Partnerwelt.de.xml
+++ b/src/chrome/content/rules/Telekom-Partnerwelt.de.xml
@@ -27,7 +27,7 @@ Fetch error: http://telekom-partnerwelt.de/ => https://www.telekom-partnerwelt.d
 	* Secured by us
 
 -->
-<ruleset name="Telekom-Partnerwelt.de" default_off='failed ruleset test'>
+<ruleset name="Telekom-Partnerwelt.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Telekom.sk.xml b/src/chrome/content/rules/Telekom.sk.xml
index 180728a3f5f6..02817bd7b96a 100644
--- a/src/chrome/content/rules/Telekom.sk.xml
+++ b/src/chrome/content/rules/Telekom.sk.xml
@@ -13,6 +13,7 @@
   <target host="zona.t-com.sk" />
 
   <target host="mail.telekom.sk" />
+  <target host="mail.telecom.sk" />
   <target host="mail.t-com.sk" />
 
   <rule from="^http://(?:www\.)?(?:telekom|telecom|t-com)\.sk/"
diff --git a/src/chrome/content/rules/Telemetry.xml b/src/chrome/content/rules/Telemetry.xml
deleted file mode 100644
index fa999a4e47af..000000000000
--- a/src/chrome/content/rules/Telemetry.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Mixed content:
-
-		- Image from www.telemetry.com
-
--->
-<ruleset name="Telemetry (partial)" platform="mixedcontent">
-
-	<target host="telemetryverification.net" />
-	<target host="*.telemetryverification.net" />
-
-
-	<!--	- !www doesn't work over https
-		- redirects to www over http
-			-->
-	<rule from="^http://telemetryverification\.net/"
-		to="https://www.telemetryverification.net/" />
-
-	<!--	Clients have unique subdomains.		-->
-	<rule from="^http://([\w\-]+)\.telemetryverification\.net/"
-		to="https://$1.telemetryverification.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Telenor-banka.xml b/src/chrome/content/rules/Telenor-banka.xml
new file mode 100644
index 000000000000..da8706bfb33f
--- /dev/null
+++ b/src/chrome/content/rules/Telenor-banka.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		telenorbanka.rs
+		www.telenorbanka.rs
+-->
+<ruleset name="Telenor banka">
+
+	<target host="online.telenorbanka.rs" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Telenor.se.xml b/src/chrome/content/rules/Telenor.se.xml
index 798e11511394..b772a23f3941 100644
--- a/src/chrome/content/rules/Telenor.se.xml
+++ b/src/chrome/content/rules/Telenor.se.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.euromail.se/ => https://www.euromail.se/: (28, 'Connecti
 		- minasidor.telenor.se
 
 -->
-<ruleset name="Telenor.se (partial)" default_off='failed ruleset test'>
+<ruleset name="Telenor.se (partial)" default_off="failed ruleset test">
 
 	<target host="www.euromail.se" />
 	<target host="telenor.se" />
@@ -39,4 +39,4 @@ Fetch error: http://www.euromail.se/ => https://www.euromail.se/: (28, 'Connecti
 	<rule from="^http://(minasidor\.|www\.)?telenor\.se/"
 		to="https://$1telenor.se/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telepigeon.com.xml b/src/chrome/content/rules/Telepigeon.com.xml
index f9109ca92c37..9895ba603903 100644
--- a/src/chrome/content/rules/Telepigeon.com.xml
+++ b/src/chrome/content/rules/Telepigeon.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.telepigeon.com/ => https://www.telepigeon.com/: (28, 'Co
 		- www.telepigeon.com
 
 -->
-<ruleset name="Telepigeon.com" default_off='failed ruleset test'>
+<ruleset name="Telepigeon.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Telerik.com.xml b/src/chrome/content/rules/Telerik.com.xml
index 63cc671f4e64..e31ed461afd3 100644
--- a/src/chrome/content/rules/Telerik.com.xml
+++ b/src/chrome/content/rules/Telerik.com.xml
@@ -32,7 +32,11 @@
 <ruleset name="Telerik.com (partial)">
 
 	<target host="telerik.com" />
-	<target host="*.telerik.com" />
+	<target host="blogs.telerik.com" />
+	<target host="identity.telerik.com" />
+	<target host="platform.telerik.com" />
+	<target host="tfis.telerik.com" />
+	<target host="www.telerik.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -52,7 +56,6 @@
 	<securecookie host="^(?:platform|tfis)\.telerik\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blogs|identity|licenseapi|platform|tfis|www)\.)?telerik\.com/"
-		to="https://$1telerik.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telex.xml b/src/chrome/content/rules/Telex.xml
index fe042bb82f45..7e852dd221d2 100644
--- a/src/chrome/content/rules/Telex.xml
+++ b/src/chrome/content/rules/Telex.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://notblocked.telex.cc/ => https://notblocked.telex.cc/: (6, 'Could not resolve host: notblocked.telex.cc')
 
 -->
-<ruleset name="Telex" default_off='failed ruleset test'>
+<ruleset name="Telex" default_off="failed ruleset test">
 
 	<target host="telex.cc" />
 	<target host="notblocked.telex.cc" />
@@ -13,4 +13,4 @@ Fetch error: http://notblocked.telex.cc/ => https://notblocked.telex.cc/: (6, 'C
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Telfort.nl.xml b/src/chrome/content/rules/Telfort.nl.xml
index 09b109034287..1325b852c587 100644
--- a/src/chrome/content/rules/Telfort.nl.xml
+++ b/src/chrome/content/rules/Telfort.nl.xml
@@ -16,7 +16,12 @@
 <ruleset name="Telfort (partial)">
 
 	<target host="telfort.nl" />
-	<target host="*.telfort.nl" />
+	<target host="forum.telfort.nl" />
+	<target host="internet.telfort.nl" />
+	<target host="orderstatus.telfort.nl" />
+	<target host="shop.telfort.nl" />
+	<target host="webmail.telfort.nl" />
+	<target host="www.telfort.nl" />
 		<!--
 			At least some pages redirect to http:
 								-->
@@ -28,10 +33,9 @@
 	<securecookie host="^(?!internet\.).*\.telfort\.nl$" name=".+" />
 
 
-	<rule from="^http://((?:forum|internet|orderstatus|shop|webmail|www)\.)?telfort\.nl/"
-		to="https://$1telfort.nl/" />
 
 	<rule from="^http://(?:www\.)?tiscali\.nl/"
 		to="https://www.telfort.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Telia.se.xml b/src/chrome/content/rules/Telia.se.xml
index f9189624ce8d..adc7fe9d5ccf 100644
--- a/src/chrome/content/rules/Telia.se.xml
+++ b/src/chrome/content/rules/Telia.se.xml
@@ -1,7 +1,7 @@
 <ruleset name="Telia.se" platform="mixedcontent">
   <target host="telia.se" />
-  <target host="*.telia.se" />
+  <target host="www.telia.se" />
   <rule from="^http://telia\.se/" to="https://www.telia.se/"/>
-  <rule from="^http://www\.telia\.se/" to="https://www.telia.se/"/>
+  <rule from="^http:" to="https:" />
 </ruleset>
 
diff --git a/src/chrome/content/rules/Telnic.xml b/src/chrome/content/rules/Telnic.xml
index db421cbe8b0d..3777aeeb56b8 100644
--- a/src/chrome/content/rules/Telnic.xml
+++ b/src/chrome/content/rules/Telnic.xml
@@ -14,7 +14,7 @@ Fetch error: http://nic.tel/ => https://www.telnic.org/: (6, 'Could not resolve
 		- dev.telnic.org	(ssl_error_rx_record_too_long)
 
 -->
-<ruleset name="Telnic" default_off='failed ruleset test'>
+<ruleset name="Telnic" default_off="failed ruleset test">
 
 	<target host="nic.tel" />
 	<target host="a0.webproxy.nic.tel" />
diff --git a/src/chrome/content/rules/Telphin.ru.xml b/src/chrome/content/rules/Telphin.ru.xml
index abd15c6e4c98..a556c5721dad 100644
--- a/src/chrome/content/rules/Telphin.ru.xml
+++ b/src/chrome/content/rules/Telphin.ru.xml
@@ -12,7 +12,7 @@ test-pbx.telphin.ru ³
 ² refused
 ³ timed out
 -->
-<ruleset name="telphin.ru" default_off='failed ruleset test'>
+<ruleset name="telphin.ru" default_off="failed ruleset test">
 	<target host="telphin.ru" />
 	<target host="www.telphin.ru" />
 	<target host="account.telphin.ru" />
diff --git a/src/chrome/content/rules/Telstra-Corporation.xml b/src/chrome/content/rules/Telstra-Corporation.xml
index dadfae5952f3..b157e8c9f61e 100644
--- a/src/chrome/content/rules/Telstra-Corporation.xml
+++ b/src/chrome/content/rules/Telstra-Corporation.xml
@@ -13,11 +13,11 @@ Fetch error: http://sockassist.com.au/ => https://sockassist.com.au/: (60, 'SSL
 
 	See Telstra-Corporation-mismatches.xml for problematic rules.
 -->
-<ruleset name="Telstra Corporation (partial)" default_off='failed ruleset test'>
+<ruleset name="Telstra Corporation (partial)" default_off="failed ruleset test">
 
 	<target host="medrx.sensis.com.au"/>
 	<target host="sockassist.com.au"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Telstra.com.au.xml b/src/chrome/content/rules/Telstra.com.au.xml
new file mode 100644
index 000000000000..52dbc48b22c2
--- /dev/null
+++ b/src/chrome/content/rules/Telstra.com.au.xml
@@ -0,0 +1,320 @@
+<!--
+
+	For other Telstra coverage, see Telstra.com.xml
+
+	Non-functional subdomains:
+		- (www.)2014superoffer		(t)
+		- adonis	(m)
+		- advocacy	(t)
+		- connect.air	(m)
+		- (www.)avu	(t)
+		- (www.)billplay	(t)
+		- clientssl	(t)
+		- cloudcontact	(t)
+		- cners		(t)
+		- cnhrs		(t)
+		- cnmsp		(e)
+		- cnmsps	(e)
+		- col	(e)
+		- configure	(t)
+		- connectapp	(t)
+		- countmein	(t)
+		- staging.countmein	(t)
+		- cpmf		(m)
+		- ischeduler.ehtest	(e)
+		- selfcare.epod		(e)
+		- selfcare-pp.epod		(e)
+		- www.exchange		(t)
+		- experiencetrial	(t)
+		- subscription.services.fn1	(r)
+		- foxtel	(s)
+		- dev1.foxtel		(m)
+		- giftedservices	(e)
+		- dev1.giftedservices	(t)
+		- uat1.giftedservices	(t)
+		- go	(connection error)
+		- gw	(e)
+		- dev1.hub	(SSL connection error)
+		- uat1.hub	(t)
+		- wa1.id		(m)
+		- wa2.id		(m)
+		- wa3.id		(m)
+		- info		(m)
+		- ipportal	(t)
+		- ipportal-staff	(t)
+		- linxonlineordering-integration	(s)
+		- linxonlineordering-staging	(s)
+		- lms-ex	(e)
+		- m	(t)
+		- authorhf.media	(SSL connection error)
+		- (www.)dev1.media	(t)
+		- adis01.dev1.media	(t)
+		- auth01.dev1.media	(t)
+		- author.dev1.media	(t)
+		- authorhf.dev1.media	(m)
+		- pdis01.dev1.media	(t)
+		- publ01.dev1.media	(t)
+		- wa1(.www).dev1.media	(t)
+		- wa2(.www).dev1.media	(t)
+		- wa3(.www).dev1.media	(t)
+		- publ01.dev1.media	(t)
+		- (www.)dev2.media	(s)
+		- author.dev2.media	(s)
+		- wa1(.www).dev2.media	(s)
+		- wa2(.www).dev2.media	(s)
+		- wa3(.www).dev2.media	(s)
+		- go1.nrlclubs.media	(m)
+		- search.media		(e)
+		- (www.)uat1.media	(t)
+		- auth01.uat1.media	(t)
+		- auth02.uat1.media	(t)
+		- author.uat1.media	(t)
+		- pdis01.uat1.media	(t)
+		- pdis02.uat1.media	(t)
+		- publ01.uat1.media	(t)
+		- publ02.uat1.media	(t)
+		- wa1(.www).uat1.media	(t)
+		- wa2(.www).uat1.media	(t)
+		- wa3(.www).uat1.media	(t)
+		- (www.)uat2.media	(s)
+		- author.uat2.media	(s)
+		- wa1(.www).uat2.media	(s)
+		- wa2(.www).uat2.media	(s)
+		- wa3(.www).uat2.media	(s)
+		- wa1.www.media		(HTTP 404 error)
+		- mnc		(t)
+		- mobilesupport		(m)
+		- www.mobius		(t)
+		- www.pre-prod.mobius	(t)
+		- www.staging.mobius	(t)
+		- agd1-ibmail1.msng	(t)
+		- dibp-ibmail1.msng	(t)
+		- dibp-ibmail2.msng	(t)
+		- icga-ibmail1.msng	(t)
+		- m.my		(t)
+		- wa1.www.my		(e)
+		- wa2.www.my		(e)
+		- wa3.www.my		(e)
+		- myacct		(e)
+		- wa1.myacct		(e)(m)
+		- wa2.myacct		(e)(m)
+		- wa3.myacct		(e)(m)
+		- nsa.v.ivc-xx06.nexus		(i)
+		- activesync.m.nexus		(e)(m)
+		- mdm.m.nexus		(t)
+		- mdm02.m.nexus		(m)
+		- myrna.m.nexus		(e)
+		- myrnaf.m.nexus	(SSL connection error)
+		- segactivesync.m.nexus		(SSL handshake failed)
+		- segactivesync02.m.nexus	(m)
+		- inco.n.nexus		(m)
+		- rna.m.nsa.nexus	(e)
+		- nsa.n.teleperf.nexus		(t)
+		- nsa.v.teleperf.nexus		(t)
+		- nsa.n.teletech.nexus		(t)
+		- nsa.v.teletech.nexus		(t)
+		- inco.v.nexus		(m)
+		- ourvalues	(t)
+		- api.outages		(SSL handshake failed)
+		- (www.)partners		(e)(m)
+		- pre-stage		(t)
+		- (www.)protecthceck		(r)
+		- (www.)redeemtickets		(t)
+		- register	(SSL connection error)
+		- register2	(t)
+		- rp		(t)
+		- safesw	(t)
+		- sdnreporting		(t)
+		- shopfront3		(r)
+		- shopfront4		(t)
+		- signon2		(t)
+		- signonit		(m)
+		- connect.smart		(t)
+		- relay.smart		(e)
+		- ipportal.smart	(t)
+		- ipportal-staff.smart		(t)
+		- ipportal.staging		(t)
+		- www.stayconnected		(m)
+		- (www.)store-locator		(m)
+		- ipavo.tcif		(t)
+		- ipbno.tcif		(t)
+		- ipbvo.tcif		(t)
+		- ipxano.tcif		(t)
+		- ipxavo.tcif		(t)
+		- ipxbno.tcif		(t)
+		- ipxbvo.tcif		(t)
+		- ipxcno.tcif		(t)
+		- ipxcvo.tcif		(t)
+		- tconnect		(r)
+		- www.tcps		(t)
+		- telstrab2bportal	(t)
+		- adreporting.tmedia	(e)
+		- contentmgr.tmedia	(e)
+		- insights.tmedia	(SSL handshake failed)
+		- pcr.tmedia	(e)
+		- reporting.tmedia	(e)
+		- rmr.tmedia	(e)
+		- trev.tmedia	(e)
+		- trade-in		(SSL connection error)
+		- dev1.tv		(m)
+		- metadata.tv		(r)
+		- uat1.tv		(m)
+		- tvideods		(SSL connection error)
+		- tvideods-pp		(SSL connection error)
+		- www.uat		(HTTP error 503)
+		- vantage	(m)
+		- vmr		(t)
+		- www.vtcif	(e)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Telstra.com.au">
+
+	<target host="telstra.com.au" />
+	<target host="www.telstra.com.au" />
+	<target host="accessories.telstra.com.au" />
+	<target host="api.connect.air.telstra.com.au" />
+	<target host="alumni.telstra.com.au" />
+	<target host="ask.telstra.com.au" />
+	<target host="blackbird.telstra.com.au" />
+	<target host="blmo.telstra.com.au" />
+	<target host="business.telstra.com.au" />
+	<target host="cms.cat.telstra.com.au" />
+	<target host="retail.cat.telstra.com.au" />
+	<target host="cner.telstra.com.au" />
+	<target host="cnhr.telstra.com.au" />
+	<target host="crowdsupport.telstra.com.au" />
+	<target host="stage.crowdsupport.telstra.com.au" />
+	<target host="customnetcontrol.telstra.com.au" />
+	<target host="dvn2.telstra.com.au" />
+	<target host="enterprise-support.telstra.com.au" />
+	<target host="es.telstra.com.au" />
+	<target host="exchange.telstra.com.au" />
+	<target host="fastfix.telstra.com.au" />
+	<target host="feedback.telstra.com.au" />
+	<target host="gcm.telstra.com.au" />
+	<target host="staging.gcm.telstra.com.au" />
+	<target host="staging.go.telstra.com.au" />
+	<target host="hub.telstra.com.au" />
+	<target host="api.hub.telstra.com.au" />
+	<target host="modapi.hub.telstra.com.au" />
+	<target host="stgapi.hub.telstra.com.au" />
+	<target host="id.telstra.com.au" />
+	<target host="staging.id.telstra.com.au" />
+	<target host="infos.telstra.com.au" />
+	<target host="mobileexperiencemonitor.inside.telstra.com.au" />
+	<target host="insight.telstra.com.au" />
+	<target host="linxonlineordering.telstra.com.au" />
+	<target host="media.telstra.com.au" />
+	<target host="www.media.telstra.com.au" />
+	<target host="author.media.telstra.com.au" />
+	<target host="wa1.media.telstra.com.au" />
+	<target host="wa2.media.telstra.com.au" />
+	<target host="wa3.media.telstra.com.au" />
+	<target host="wa2.www.media.telstra.com.au" />
+	<target host="wa3.www.media.telstra.com.au" />
+	<target host="medrx.telstra.com.au" />
+	<target host="my.telstra.com.au" />
+	<target host="www.my.telstra.com.au" />
+	<target host="preprod.www.my.telstra.com.au" />
+	<target host="staging.www.my.telstra.com.au" />
+	<target host="nsa.n.bill-xx03.nexus.telstra.com.au" />
+	<target host="nsa.v.bill-xx03.nexus.telstra.com.au" />
+	<target host="ctof.nexus.telstra.com.au" />
+	<target host="nsa.n.ibm.nexus.telstra.com.au" />
+	<target host="nsa.v.ibm.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc-xx04.nexus.telstra.com.au" />
+	<target host="nsa.v.ivc-xx04.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc-xx05.nexus.telstra.com.au" />
+	<target host="nsa.v.ivc-xx05.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc-xx06.nexus.telstra.com.au" />
+	<target host="nsa.n.ivc01.nexus.telstra.com.au" />
+	<target host="nsa.v.ivc01.nexus.telstra.com.au" />
+	<target host="myrna.nexus.telstra.com.au" />
+	<target host="ctof.n.nexus.telstra.com.au" />
+	<target host="myrna.n.nexus.telstra.com.au" />
+	<target host="rna.n.nsa.nexus.telstra.com.au" />
+	<target host="rna.nsa.nexus.telstra.com.au" />
+	<target host="rna.v.nsa.nexus.telstra.com.au" />
+	<target host="nsa.v.oth-xv01.nexus.telstra.com.au" />
+	<target host="nsa.n.oth-xx02.nexus.telstra.com.au" />
+	<target host="nsa.v.oth-xx02.nexus.telstra.com.au" />
+	<target host="nsa.n.ptr-xx03.nexus.telstra.com.au" />
+	<target host="nsa.v.ptr-xx03.nexus.telstra.com.au" />
+	<target host="nsa.n.ptr-xx04.nexus.telstra.com.au" />
+	<target host="nsa.v.ptr-xx04.nexus.telstra.com.au" />
+	<target host="nsa.n.ptr01.nexus.telstra.com.au" />
+	<target host="nsa.v.ptr01.nexus.telstra.com.au" />
+	<target host="myrna.m.ssl.nexus.telstra.com.au" />
+	<target host="nsa.n.tcs.nexus.telstra.com.au" />
+	<target host="nsa.v.tcs.nexus.telstra.com.au" />
+	<target host="nsa.n.tlr.nexus.telstra.com.au" />
+	<target host="nsa.v.tlr.nexus.telstra.com.au" />
+	<target host="ctof.v.nexus.telstra.com.au" />
+	<target host="myrna.v.nexus.telstra.com.au" />
+	<target host="nsa.n.xn01.nexus.telstra.com.au" />
+	<target host="onlinebilling.telstra.com.au" />
+	<target host="onlineshop.telstra.com.au" />
+	<target host="staging.onlineshop.telstra.com.au" />
+	<target host="orderexpress.telstra.com.au" />
+	<target host="ordertracker.telstra.com.au" />
+	<target host="www.ordertracker.telstra.com.au" />
+	<target host="outages.telstra.com.au" />
+	<target host="order.paperless.telstra.com.au" />
+	<target host="prm.telstra.com.au" />
+	<target host="protect.telstra.com.au" />
+	<target host="www.protect.telstra.com.au" />
+	<target host="protectsw.telstra.com.au" />
+	<target host="go.retail.telstra.com.au" />
+	<target host="satellite.telstra.com.au" />
+	<target host="say.telstra.com.au" />
+	<target host="olb.int.sdf.telstra.com.au" />
+	<target host="payment.sdfcust.telstra.com.au" />
+	<target host="selfserve.telstra.com.au" />
+	<target host="www.selfserve.telstra.com.au" />
+	<target host="service.telstra.com.au" />
+	<target host="prm.service.telstra.com.au" />
+	<target host="retail.service.telstra.com.au" />
+	<target host="services.telstra.com.au" />
+	<target host="subscription.services.telstra.com.au" />
+	<target host="serviceweb.telstra.com.au" />
+	<target host="shopfront.telstra.com.au" />
+	<target host="signon.telstra.com.au" />
+	<target host="signon-fn1.telstra.com.au" />
+	<target host="signon-fn2.telstra.com.au" />
+	<target host="signon-fn3.telstra.com.au" />
+	<target host="signon-fn4.telstra.com.au" />
+	<target host="signon-svt.telstra.com.au" />
+	<target host="signonssl.telstra.com.au" />
+	<target host="smallbusiness.telstra.com.au" />
+	<target host="smarter.telstra.com.au" />
+	<target host="www.smarter.telstra.com.au" />
+	<target host="smarterbusiness.telstra.com.au" />
+	<target host="www.smarterbusiness.telstra.com.au" />
+	<target host="stayconnected.telstra.com.au" />
+	<target host="servicerequest.stayconnected.telstra.com.au" />
+	<target host="uploader.stayconnected.telstra.com.au" />
+	<target host="yourservicerequest.stayconnected.telstra.com.au" />
+	<target host="store.telstra.com.au" />
+	<target host="support.telstra.com.au" />
+	<target host="tcsspublic.telstra.com.au" />
+	<target host="techtalks.telstra.com.au" />
+	<target host="www.techtalks.telstra.com.au" />
+	<target host="tee.telstra.com.au" />
+	<target host="tv.telstra.com.au" />
+	<target host="api.tv.telstra.com.au" />
+	<target host="logger.tv.telstra.com.au" />
+	<target host="qos.tv.telstra.com.au" />
+	<target host="unlock.telstra.com.au" />
+
+  	<securecookie host="^www\.telstra\.com\.au$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Telstra.com.xml b/src/chrome/content/rules/Telstra.com.xml
new file mode 100644
index 000000000000..1ecb951a5aa4
--- /dev/null
+++ b/src/chrome/content/rules/Telstra.com.xml
@@ -0,0 +1,674 @@
+<!--
+	Other related ruleset:
+		- Telstra.com.au.xml
+
+
+	Non-functional subdomains:
+		- account	(t)
+		- wa1.account	(t)
+		- wa2.account	(t)
+		- wa3.account	(t)
+		- activefun	(m)
+		- www.activequotes	(m)
+		- advocacy	(r)
+		- agentassist	(e)
+		- connect.air	(m)
+		- prm.app	(e)
+		- retail.app	(e)
+		- staff.apps	(t)
+		- staff.support.apps	(t)
+		- staff.transition.apps	(t)
+		- dealer.uat.apps	(e)
+		- staff.uat.apps	(t)
+		- austarfoh	(t)
+		- awcm	(e)
+		- receiver.b2b	(t)
+		- bap.billpay	(r)
+		- images.businessnews	(m)
+		- businesswomensawards	(m)
+		- www.businesswomensawards	(m)
+		- www.careers	(m)
+		- careersearch	(m)
+		- ccezwebrfvs001.cce	(r)
+		- chats	(m)
+		- sa.access.cloud	(s)
+		- admin.c57.apps	(r)
+		- autodiscover.c57.apps	(r)
+		- communities.c57.apps	(r)
+		- custowasfarm1.c57.apps	(r)
+		- custowasfarm2.c57.apps	(r)
+		- custweb-ext.c57.apps	(r)
+		- dev.c57.apps	(r)
+		- ews.c57.apps	(r)
+		- mail.c57.apps	(r)
+		- my.c57.apps	(r)
+		- portal.c57.apps	(r)
+		- sip.c57.apps	(r)
+		- spadmin.c57.apps	(r)
+		- sts.c57.apps	(r)
+		- teams.c57.apps	(r)
+		- webconf.c57.apps	(r)
+		- autodiscover.mt1.apps	(r)
+		- custowasfarm1.mt1.apps	(r)
+		- custowasfarm2.mt1.apps	(r)
+		- ews.mt1.apps	(r)
+		- mail.mt1.apps	(r)
+		- portal.mt1.apps	(r)
+		- portal-a.mt1.apps	(r)
+		- sts.mt1.apps	(r)
+		- Passwordregistration.ngd.apps	(r)
+		- Passwordreset.ngd.apps	(r)
+		- admin.ngd.apps	(r)
+		- autodiscover.ngd.apps	(r)
+		- communities.ngd.apps	(r)
+		- custowasfarm1.ngd.apps	(r)
+		- custowasfarm2.ngd.apps	(r)
+		- custweb-ext.ngd.apps	(r)
+		- dev.ngd.apps	(r)
+		- ews.ngd.apps	(r)
+		- mail.ngd.apps	(r)
+		- my.ngd.apps	(r)
+		- passwordregistration.ngd.apps	(r)
+		- passwordreset.ngd.apps	(r)
+		- portal.ngd.apps	(r)
+		- sip.ngd.apps.cloud	(t)
+		- spadmin.ngd.apps	(r)
+		- sts.ngd.apps	(r)
+		- teams.ngd.apps	(r)
+		- webconf.ngd.apps.cloud	(t)
+		- admin.svt.apps	(r)
+		- autodiscover.svt.apps	(r)
+		- communities.svt.apps	(r)
+		- custowasfarm1.svt.apps	(r)
+		- custowasfarm2.svt.apps	(r)
+		- custweb-ext.svt.apps	(r)
+		- dev.svt.apps	(r)
+		- ews.svt.apps	(r)
+		- lync.svt.apps	(r)
+		- lyncdiscover.svt.apps	(r)
+		- mail.svt.apps	(r)
+		- my.svt.apps	(r)
+		- portal.svt.apps	(r)
+		- sip.svt.apps	(r)
+		- smtp.svt.apps.cloud	(t)
+		- spadmin.svt.apps	(r)
+		- sts.svt.apps	(r)
+		- teams.svt.apps	(r)
+		- webconf.svt.apps	(r)
+		- webconf.tld.apps	(r)
+		- beta-sapi	(HTTP 404 error)
+		- ccezwebrfns001.cce	(t)
+		- chat	(e)
+		- cliq	(i)
+		- admin.tld.apps.cloud	(e)
+		- autodiscover.tld.apps	(r)
+		- communities.tld.apps.cloud	(e)
+		- custowasfarm1.tld.apps.cloud	(r)
+		- custowasfarm2.tld.apps.cloud	(r)
+		- custweb-ext.tld.apps.cloud	(e)
+		- dev.tld.apps.cloud	(e)
+		- ews.tld.apps	(r)
+		- mail.tld.apps.cloud	(e)
+		- my.tld.apps.cloud	(e)
+		- portal.tld.apps.cloud	(e)
+		- sip.tld.apps	(r)
+		- spadmin.tld.apps.cloud	(e)
+		- sts.tld.apps	(r)
+		- teams.tld.apps.cloud	(e)
+		- bss-oss-facade.dev.cloud	(t)
+		- bss-oss-facade.p-1.cloud	(t)
+		- bss-oss-facade.p-2.cloud	(t)
+		- bss-oss-facade.p-3.cloud	(t)
+		- tcif-dns-portal.cloud	(t)
+		- o2monitoring.cmi	(s)
+		- mail.collab	(r)
+		- portal.collab	(r)
+		- portal-a.collab	(r)
+		- www.cobs	(t)
+		- mobileordering.cobs	(invalid redirect)
+		- portal4.cobs	(s)
+		- www.cobs1	(t)
+		- conferencing	(t)
+		- selfcare.connect	(e)
+		- cpmf	(m)
+		- crowdsupport	(m)
+		- smarthome.cto	(t)
+		- fb.ctones	(t)
+		- ctonesfoh	(s)
+		- daas	(t)
+		- dep	(m)
+		- epdg.epc.devmobile	(t)
+		- btbc-mod.digitalbusiness	(m)
+		- dms.model.digitalbusiness	(t)
+		- polydms.model.digitalbusiness	(t)
+		- file.dvn	(e)
+		- ecoportal	(e)
+		- ecsmc	(r)
+		- b2b.ecsmc	(s)
+		- b2b.sit.ecsmc	(r)
+		- edd	(s)
+		- efm	(t)
+		- cla-bpe-f5.email	(t)
+		- devconsole.ess	(t)
+		- hmsdev-n-nsw.ess	(t)
+		- hmsdev-n-vic.ess	(r)
+		- hmsdev-nplus1-nsw.ess	(t)
+		- hmsdev-nplus1-vic.ess	(r)
+		- everyone	(t)
+		- evolution	(s)
+		- exchange	(m)
+		- www.exchange	(m)
+		- exfiles	(s)
+		- fb	(s)
+		- subscription.services.fn1	(r)
+		- tgqnslev01cxe.gcc	(t)
+		- hk.gms	(t)
+		- uk.gms	(r)
+		- us.gms	(r)
+		- buy.govcloud	(s)
+		- heromessage	(e)
+		- pitt7-chi-dec-ipc01.hosting	(t)
+		- rtb.icall-lab	(t)
+		- exhi.idcservmgmt	(s)
+		- imap	(t)
+		- chat2-imn-ive.imnmgmt	(s)
+		- exhi4-imn-ive.imnmgmt	(s)
+		- custportal.inframvsstg.in	(s)
+		- calling.innovation	(r)
+		- drive.innovation	(t)
+		- tet.innovation	(t)
+		- careerready.inside	(t)
+		- fms1.classroom.inside	(r)
+		- fms2.classroom.inside	(r)
+		- fms3.classroom.inside	(r)
+		- fm.inside	(s)
+		- indigenousexperience.inside	(r)
+		- www.indigenousexperience.inside	(r)
+		- nbnconnectedhome.inside	(m)
+		- home-stg.news.inside	(r)
+		- api.home-stg.news.inside	(r)
+		- web.home-stg.news.inside	(r)
+		- v2srating.inside	(r)
+		- rna.vpn.inside	(r)
+		- insight	(m)
+		- internalcareers	(m)
+		- intl	(t)
+		- autodiscover.intl	(e)
+		- cloud.intl	(r)
+		- oab.intl	(t)
+		- um-edge1.intl	(r)
+		- webmail.intl	(e)
+		- svt.stage.ipss	(s)
+		- svt.ipss	(s)
+		- ipvc	(e)
+		- desktopclient.ipvc	(s)
+		- desktopclient.ipvcstaging	(t)
+		- cpp.keystone	(r)
+		- lanes	(s)
+		- leadership	(e)
+		- m	(t)
+		- www.m	(t)
+		- mail	(m)
+		- manage-tcloud	(s)
+		- www.marketinghub	(m)
+		- www.marketplace	(e)
+		- dev.marketplace	(t)
+		- jama.mbc	(t)
+		- mdm	(t)
+		- mdn	(r)
+		- search.media	(e)
+		- mlm	(r)
+		- mlmmodel	(r)
+		- dm2.mobile	(t)
+		- mpmweb.mobile	(t)
+		- foh.mobilescvm	(t)
+		- mobiletv	(m)
+		- mobilitypartner	(e)
+		- www.mobilitypartner	(e)
+		- model-tsdpwebservices	(s)
+		- onlinesms.msg	(s)
+		- pc2mobile.msg	(e)
+		- wow.msg	(s)
+		- www.mss	(t)
+		- modelvm2e.mymessages	(t)
+		- myprepaid	(t)
+		- myprepaidmod	(m)
+		- mysync	(e)
+		- aqua.prod.security.nbnb2b-gw	(t)
+		- nessus.prod.security.nbnb2b-gw	(t)
+		- svt.nbndaportal	(e)
+		- uat-a.nbndaportal	(r)
+		- uat-b.nbndaportal	(r)
+		- uat-c.nbndaportal	(r)
+		- nbnthanks	(e)
+		- afllivehlsjit346.ngcdn	(t)
+		- bpmultihlslive2258.ngcdn	(s)
+		- bpmultihlsvod3257.ngcdn	(r)
+		- bpmultiwoc253.ngcdn	(s)
+		- bponlinewoc6264.ngcdn	(r)
+		- bptvpd.ngcdn	(r)
+		- cht-cdn220-is-3.se.bptvpd.ngcdn	(m)
+		- win-cdn220-is-2.se.bptvpd.ngcdn	(m)
+		- win-cdn220-is-3.se.bptvpd.ngcdn	(m)
+		- lon-cdn220-is-3.se.bptvvod.ngcdn	(s)
+		- cedexisudnsffdl844.ngcdn	(r)
+		- fairfaxiosffdl734.ngcdn	(s)
+		- haydc-cdn220-pe-1.se.fairfaxiosffdl734.ngcdn	(s)
+		- ken-cdn220-is-1.se.fairfaxiosffdl734.ngcdn	(s)
+		- ken-cdn220-is-12.se.fairfaxiosffdl734.ngcdn	(s)
+		- lon-cdn220-is-10.se.fairfaxiosffdl734.ngcdn	(s)
+		- lon-cdn220-is-3.se.fairfaxiosffdl734.ngcdn	(s)
+		- win-cdn220-is-10.se.fairfaxiosffdl734.ngcdn	(s)
+		- telstraonlinewoc763.ngcdn03	(s)
+		- npmantbtest	(s)
+		- npmantegtest	(s)
+		- npmantwtest	(s)
+		- cause.one	(t)
+		- partnerapps-v2	(s)
+		- cp.pen	(m)
+		- www.deskcontrol.pm	(m)
+		- www.missioncontrol.pm	(m)
+		- smtp-pitt.pm	(s)
+		- api.pn	(m)
+		- group-mgmt.pn	(m)
+		- openam.pn	(t)
+		- pen.pn	(m)
+		- pen-dashboard.pn	(t)
+		- penadmin.pn	(t)
+		- penapi.pn	(m)
+		- pricing1.pn	(m)
+		- pricingrs1.pn	(m)
+		- pocketnews	(t)
+		- www.pocketnews	(r)
+		- admin.pocketnews	(t)
+		- pop	(t)
+		- vas.int.portal	(t)
+		- www.prm-apps	(r)
+		- prm-v2	(r)
+		- prmrifdi	(r)
+		- prmsit3	(s)
+		- pulsegw	(t)
+		- redeemtickets	(t)
+		- www.redeemtickets	(t)
+		- netops.rms	(t)
+		- int.sdf	(t)
+		- messaging.int.sdf	(e)
+		- osm.int.sdf	(t)
+		- sapi	(HTTP 404 error)
+		- say.int.sdf	(t)
+		- signon.int.sdf	(t)
+		- uma.int.sdf	(t)
+		- demoapi.security	(t)
+		- devapi.security	(t)
+		- labapi.security	(t)
+		- preprodapi.security	(t)
+		- servicesit	(m)
+		- shop	(e)
+		- signon2	(t)
+		- signonit	(m)
+		- skt1eprod	(r)
+		- sllprm	(s)
+		- connect.smart	(t)
+		- hub.dev.smart	(m)
+		- stream1.dev.smart	(r)
+		- relay.smart	(e)
+		- stream1.trl.smart	(r)
+		- relay1.smarthome	(t)
+		- relay6.smarthome	(r)
+		- stream1.smarthome	(r)
+		- stream2.smarthome	(r)
+		- stream3.smarthome	(r)
+		- stream4.smarthome	(r)
+		- stream5.smarthome	(r)
+		- stream6.smarthome	(r)
+		- smtp	(t)
+		- speedtest	(r)
+		- staging	(t)
+		- www.staging	(t)
+		- shop.staging	(t)
+		- web02.staging	(r)
+		- www.stockquotes	(m)
+		- symphony	(t)
+		- symphony-p2	(t)
+		- store.t-suite	(t)
+		- net365.admin.t-suite	(e)
+		- testadmin.t-suite	(t)
+		- net365.testadmin.t-suite	(e)
+		- teststore.t-suite	(t)
+		- testsuperadmin.t-suite	(t)
+		- talknow	(t)
+		- talknowfoh	(t)
+		- tapi	(HTTP 404 error)
+		- tapp	(r)
+		- deskcontrol.tbn	(i)
+		- Missioncontrol.tbn	(e)
+		- missioncontrol.tbn	(e)
+		- tghnslev11expe.tcc	(t)
+		- tghvcltv11expe.tcc	(t)
+		- telstrabc	(e)
+		- tlu4.tcc	(t)
+		- tlu4nslev01cxe.tcc	(t)
+		- txlgw.tcc	(t)
+		- txlnslev11cxe.tcc	(t)
+		- txlnslev12cxe.tcc	(t)
+		- txlnslev13cxe.tcc	(t)
+		- txlvcltv11cxe.tcc	(t)
+		- txlvcltv12cxe.tcc	(t)
+		- txlvcltv13cxe.tcc	(t)
+		- admin.dev.team	(s)
+		- autodiscover.dev.team	(t)
+		- communities.dev.team	(s)
+		- dev.dev.team	(s)
+		- lync.dev.team	(s)
+		- lyncdiscover.dev.team	(s)
+		- mail.dev.team	(s)
+		- my.dev.team	(s)
+		- portal.dev.team	(s)
+		- spadmin.dev.team	(s)
+		- teams.dev.team	(s)
+		- Lyncdire1.test.team	(r)
+		- Lyncwebe1.test.team	(r)
+		- lync.test.team	(r)
+		- lyncdiscover.test.team	(r)
+		- officewebapps01.test.team	(r)
+		- telstraassistancefund	(m)
+		- www.telstraassistancefund	(m)
+		- telstrabusinessawards	(m)
+		- www.telstrabusinessawards	(m)
+		- teos	(t)
+		- teosquality	(t)
+		- theproject	(m)
+		- rrds.thor	(m)
+		- admin.mdm.thyra	(t)
+		- ds.mdm.thyra	(t)
+		- myrna.mdm.thyra	(HTTP 404 error)
+		- myrna.ssl.thyra	(e)
+		- admin.testmdm.thyra	(t)
+		- ds.testmdm.thyra	(t)
+		- eis.testmdm.thyra	(t)
+		- seg.testmdm.thyra	(m)
+		- tim4.tim	(r)
+		- tim6.tim	(r)
+		- callcentre.tipt	(t)
+		- dms-mod.tipt	(m)
+		- ews.tipt	(t)
+		- ews-exhi.tipt	(t)
+		- ews-stld.tipt	(t)
+		- ewsint.tipt	(t)
+		- ewsint-exhi.tipt	(t)
+		- mireception.tipt	(t)
+		- www.tiptcgatool	(t)
+		- tmvs	(e)
+		- tribe	(m)
+		- tsdpwebservices	(r)
+		- tvideods	(e)
+		- tvideods-pp	(e)
+		- rvo.uk	(t)
+		- st.uk	(t)
+		- st3-app.uk	(t)
+		- videomonitoring	(t)
+		- vmr	(t)
+		- s1.vmr	(t)
+		- wap	(t)
+		- waprd	(t)
+		- configure.wdms	(t)
+		- web02		(HTTP 500 error)
+		- web02foh	(t)
+		- www.web02foh	(t)
+		- webedge	(e)
+		- webedge2	(e)
+		- webmail	(e)
+		- webmail2	(e)
+		- www.webquotes	(m)
+		- yourcdn	(e)
+		- collab.pprd.yourtelstratools	(r)
+		- svt.stage.yourtelstratools	(s)
+		- svt.yourtelstratools	(s)
+		- collab.uat-a.yourtelstratools	(r)
+		- rrds.uat-a.yourtelstratools	(r)
+		- collab.uat-b.yourtelstratools	(r)
+		- rrds.uat-b.yourtelstratools	(r)
+		- collab.uat-c.yourtelstratools	(r)
+		- rrds.uat-c.yourtelstratools	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Telstra.com">
+
+	<target host="telstra.com" />
+	<target host="www.telstra.com" />
+	<target host="accessories.telstra.com" />
+	<target host="activation.telstra.com" />
+	<target host="api.telstra.com" />
+	<target host="beta.api.telstra.com" />
+	<target host="sandbox.api.telstra.com" />
+	<target host="staging.api.telstra.com" />
+	<target host="apps.telstra.com" />
+	<target host="dealer.apps.telstra.com" />
+	<target host="support.apps.telstra.com" />
+	<target host="dealer.support.apps.telstra.com" />
+	<target host="training-uat.apps.telstra.com" />
+	<target host="transition.apps.telstra.com" />
+	<target host="dealer.transition.apps.telstra.com" />
+	<target host="uat1.apps.telstra.com" />
+	<target host="uat2.apps.telstra.com" />
+	<target host="uat3.apps.telstra.com" />
+	<target host="apps-uat.telstra.com" />
+	<target host="autoconfig.telstra.com" />
+	<target host="awr.telstra.com" />
+	<target host="billing.telstra.com" />
+	<target host="www.billing.telstra.com" />
+	<target host="ebapweb.billpay.telstra.com" />
+	<target host="ebapwebsm.billpay.telstra.com" />
+	<target host="bookmentoring.telstra.com" />
+	<target host="brand.telstra.com" />
+	<target host="staging.brand.telstra.com" />
+	<target host="buycloud.telstra.com" />
+	<target host="buyiot.telstra.com" />
+	<target host="calendar.telstra.com" />
+	<target host="careers.telstra.com" />
+	<target host="cat2prm.telstra.com" />
+	<target host="ccezwebrfas001.cce.telstra.com" />
+	<target host="cliq-yammer.telstra.com" />
+	<target host="cloud.telstra.com" />
+	<target host="www.cloud.telstra.com" />
+	<target host="git.ci.cloud.telstra.com" />
+	<target host="jenkins.ci.cloud.telstra.com" />
+	<target host="cloudcontact.telstra.com" />
+	<target host="cloudcontact-csr.telstra.com" />
+	<target host="cloudcontact-reporting.telstra.com" />
+	<target host="nswmeet.cmi.telstra.com" />
+	<target host="vicmeet.cmi.telstra.com" />
+	<target host="mbrs.cobs.telstra.com" />
+	<target host="portal.cobs.telstra.com" />
+	<target host="portal2.cobs.telstra.com" />
+	<target host="conferencing1.telstra.com" />
+	<target host="contacts.telstra.com" />
+	<target host="cto.telstra.com" />
+	<target host="id.cto.telstra.com" />
+	<target host="ctones.telstra.com" />
+	<target host="datait.telstra.com" />
+	<target host="dev.telstra.com" />
+	<target host="cb.test.dev.telstra.com" />
+	<target host="its-sandpit.cb.test.dev.telstra.com" />
+	<target host="qa.cb.test.dev.telstra.com" />
+	<target host="slot1.cb.test.dev.telstra.com" />
+	<target host="slot2.cb.test.dev.telstra.com" />
+	<target host="slot3.cb.test.dev.telstra.com" />
+	<target host="slot4.cb.test.dev.telstra.com" />
+	<target host="slot5.cb.test.dev.telstra.com" />
+	<target host="slot6.cb.test.dev.telstra.com" />
+	<target host="slot7.cb.test.dev.telstra.com" />
+	<target host="slot8.cb.test.dev.telstra.com" />
+	<target host="slot9.cb.test.dev.telstra.com" />
+	<target host="dev-smarthome.telstra.com" />
+	<target host="developer.telstra.com" />
+	<target host="messaging.devicecare.telstra.com" />
+	<target host="btbc.digitalbusiness.telstra.com" />
+	<target host="dms.digitalbusiness.telstra.com" />
+	<target host="dms-mod.digitalbusiness.telstra.com" />
+	<target host="ews.digitalbusiness.telstra.com" />
+	<target host="ews-mod.digitalbusiness.telstra.com" />
+	<target host="polydms.digitalbusiness.telstra.com" />
+	<target host="polydms-mod.digitalbusiness.telstra.com" />
+	<target host="portal.digitalbusiness.telstra.com" />
+	<target host="portal-mod.digitalbusiness.telstra.com" />
+	<target host="e.telstra.com" />
+	<target host="emailupdate.telstra.com" />
+	<target host="enrol.telstra.com" />
+	<target host="enterprise.telstra.com" />
+	<target host="enterprise-support.telstra.com" />
+	<target host="forms.enterprisenews.telstra.com" />
+	<target host="es.telstra.com" />
+	<target host="hmsdev.ess.telstra.com" />
+	<target host="hmsdev-n.ess.telstra.com" />
+	<target host="hmsdev-nplus1.ess.telstra.com" />
+	<target host="fastfix.telstra.com" />
+	<target host="federatesso.telstra.com" />
+	<target host="feedback.telstra.com" />
+	<target host="fix.telstra.com" />
+	<target host="api.fix.telstra.com" />
+	<target host="gateway.telstra.com" />
+	<target host="infos.telstra.com" />
+	<target host="innovation.telstra.com" />
+	<target host="brilliantbasics.inside.telstra.com" />
+	<target host="ccr.inside.telstra.com" />
+	<target host="classroom.inside.telstra.com" />
+	<target host="author.classroom.inside.telstra.com" />
+	<target host="publish.classroom.inside.telstra.com" />
+	<target host="getstarted.inside.telstra.com" />
+	<target host="hrdirect.inside.telstra.com" />
+	<target host="insightacademy.inside.telstra.com" />
+	<target host="mobileexperiencemonitor.inside.telstra.com" />
+	<target host="myrewards.inside.telstra.com" />
+	<target host="telstraleaderprogram.inside.telstra.com" />
+	<target host="telstrasam.inside.telstra.com" />
+	<target host="thrive.inside.telstra.com" />
+	<target host="www.thrive.inside.telstra.com" />
+	<target host="test.thrive.inside.telstra.com" />
+	<target host="iot.telstra.com" />
+	<target host="coj.iot.telstra.com" />
+	<target host="ipss.telstra.com" />
+	<target host="www.ipss.telstra.com" />
+	<target host="stage.ipss.telstra.com" />
+	<target host="labs.telstra.com" />
+	<target host="livechat.telstra.com" />
+	<target host="marketinghub.telstra.com" />
+	<target host="marketplace.telstra.com" />
+	<target host="jb.marketplace.telstra.com" />
+	<target host="test.jb.marketplace.telstra.com" />
+	<target host="test.marketplace.telstra.com" />
+	<target host="hi4a.messagebank.telstra.com" />
+	<target host="wi4a.messagebank.telstra.com" />
+	<target host="mmod.telstra.com" />
+	<target host="mm7.mms.telstra.com" />
+	<target host="mob.telstra.com" />
+	<target host="mobileservices.telstra.com" />
+	<target host="staging.mobileservices.telstra.com" />
+	<target host="mss.telstra.com" />
+	<target host="myaccount.telstra.com" />
+	<target host="myacct.telstra.com" />
+	<target host="api.mycalling.telstra.com" />
+	<target host="api-c.mycalling.telstra.com" />
+	<target host="api-s.mycalling.telstra.com" />
+	<target host="portal.mycalling.telstra.com" />
+	<target host="portal-c.mycalling.telstra.com" />
+	<target host="portal-s.mycalling.telstra.com" />
+	<target host="wapi.mycalling.telstra.com" />
+	<target host="wapi-c.mycalling.telstra.com" />
+	<target host="wapi-s.mycalling.telstra.com" />
+	<target host="wsale.mycalling.telstra.com" />
+	<target host="wsale-c.mycalling.telstra.com" />
+	<target host="wsale-s.mycalling.telstra.com" />
+	<target host="mycloud.telstra.com" />
+	<target host="myiot.telstra.com" />
+	<target host="mymessages.telstra.com" />
+	<target host="mymessages-1.mymessages.telstra.com" />
+	<target host="voicemail.mymessages.telstra.com" />
+	<target host="mynetwork.telstra.com" />
+	<target host="nbndaportal.telstra.com" />
+	<target host="neqce.telstra.com" />
+	<target host="news.telstra.com" />
+	<target host="portal.ngcdn.telstra.com" />
+	<target host="npmantb.telstra.com" />
+	<target host="npmanteg.telstra.com" />
+	<target host="npmantw.telstra.com" />
+	<target host="onlinesms.telstra.com" />
+	<target host="outages.telstra.com" />
+	<target host="partnerapps.telstra.com" />
+	<target host="mail.pen.telstra.com" />
+	<target host="portal.pen.telstra.com" />
+	<target host="www.pn.telstra.com" />
+	<target host="cp.pn.telstra.com" />
+	<target host="mail.pn.telstra.com" />
+	<target host="prepaidrecharge.telstra.com" />
+	<target host="www.prepaidrecharge.telstra.com" />
+	<target host="sdev.telstra.com" />
+	<target host="ext.sdf.telstra.com" />
+	<target host="identitymanagement.ext.sdf.telstra.com" />
+	<target host="osm.ext.sdf.telstra.com" />
+	<target host="signon.ext.sdf.telstra.com" />
+	<target host="uma.ext.sdf.telstra.com" />
+	<target host="signon.sdf.telstra.com" />
+	<target host="payment.sdfcust.telstra.com" />
+	<target host="security.telstra.com" />
+	<target host="services.telstra.com" />
+	<target host="servicestatus.telstra.com" />
+	<target host="signon.telstra.com" />
+	<target host="signon-fn1.telstra.com" />
+	<target host="signon-fn2.telstra.com" />
+	<target host="signon-fn3.telstra.com" />
+	<target host="signon-fn4.telstra.com" />
+	<target host="signon-svt.telstra.com" />
+	<target host="smallbusiness.telstra.com" />
+	<target host="bundle.dev.smart.telstra.com" />
+	<target host="relay.dev.smart.telstra.com" />
+	<target host="relay1.dev.smart.telstra.com" />
+	<target host="connected.trl.smart.telstra.com" />
+	<target host="relay.trl.smart.telstra.com" />
+	<target host="relay1.trl.smart.telstra.com" />
+	<target host="smartcontrols.telstra.com" />
+	<target host="forms.smarterbusiness.telstra.com" />
+	<target host="smarthome.telstra.com" />
+	<target host="bundle.smarthome.telstra.com" />
+	<target host="relay.smarthome.telstra.com" />
+	<target host="relay2.smarthome.telstra.com" />
+	<target host="relay3.smarthome.telstra.com" />
+	<target host="relay4.smarthome.telstra.com" />
+	<target host="relay5.smarthome.telstra.com" />
+	<target host="ssoinit.telstra.com" />
+	<target host="stayconnected.telstra.com" />
+	<target host="servicerequest.stayconnected.telstra.com" />
+	<target host="yourservicerequest.stayconnected.telstra.com" />
+	<target host="www.supplychain.telstra.com" />
+	<target host="tba.telstra.com" />
+	<target host="tbwa.telstra.com" />
+	<target host="teos-i.telstra.com" />
+	<target host="teosquality-i.telstra.com" />
+	<target host="api.thanks.telstra.com" />
+	<target host="www.thor.telstra.com" />
+	<target host="sa.auth.thyra.telstra.com" />
+	<target host="seg.mdm.thyra.telstra.com" />
+	<target host="sa.thyra.telstra.com" />
+	<target host="enterpriseenrollment.testmdm.thyra.telstra.com" />
+	<target host="myrna.testmdm.thyra.telstra.com" />
+	<target host="cmanager.tipt.telstra.com" />
+	<target host="dms.tipt.telstra.com" />
+	<target host="trade-in.telstra.com" />
+	<target host="unlock.telstra.com" />
+	<target host="yourtelstratools.telstra.com" />
+	<target host="collab.yourtelstratools.telstra.com" />
+	<target host="rrds.yourtelstratools.telstra.com" />
+	<target host="staging.yourtelstratools.telstra.com" />
+
+  	<securecookie host="^www\.telstra\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Teltarif.xml b/src/chrome/content/rules/Teltarif.xml
index 2208f93c1853..11bf0c526471 100644
--- a/src/chrome/content/rules/Teltarif.xml
+++ b/src/chrome/content/rules/Teltarif.xml
@@ -1,15 +1,15 @@
 <ruleset name="Teltarif">
-	
+
 	<target host="teltarif.de"/>
 	<target host="m.teltarif.de"/>
 	<target host="mobil.teltarif.de"/>
 	<target host="www.mobil.teltarif.de"/>
 	<target host="www.teltarif.de"/>
-	
+
         <target host="www.0180.info" />
         <target host="mobil.0180.info" />
         <target host="0180.info"/>
-        
+
 	<securecookie host="^\.teltarif\.de$" name=".+" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Telus.xml b/src/chrome/content/rules/Telus.xml
index 6362eecae43f..0cd284c9e349 100644
--- a/src/chrome/content/rules/Telus.xml
+++ b/src/chrome/content/rules/Telus.xml
@@ -1,42 +1,34 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://msg.telus.com/ => https://msg.telus.com/: (7, 'Failed to connect to msg.telus.com port 443: Connection refused')
-Fetch error: http://telushealth.com/ => https://telushealth.com/: (51, "SSL: no alternative certificate subject name matches target host name 'telushealth.com'")
-Fetch error: http://telusmobility.com/ => https://telusmobility.com/: (51, "SSL: no alternative certificate subject name matches target host name 'telusmobility.com'")
+	Non-functional hosts
+		Couldn't connect to server:
+		- msg.telus.com
+
+		SSL peer certificate was not OK:
+		- telushealth.com
+		- telusmobility.com
 
+		Incomplete certificate chain error:
+		- mobileidentity.telus.com
 -->
-<ruleset name="Telus (partial)" default_off='failed ruleset test'>
-    <target host="telus.com" />
-    <target host="www.telus.com" />
-    <target host="static.telus.com" />
-    <target host="shop.telus.com" />
-    <target host="mobility.telus.com" />
-    <target host="msg.telus.com" />
-    <target host="mobileidentity.telus.com" />
-    <target host="webmail.telus.net" />
-    <target host="b.telus.com" />
-    <target host="telushealth.co" />
-    <target host="www.telushealth.co" />
-    <target host="telushealth.com" />
-    <target host="www.telushealth.com" />
-    <target host="telusmobility.com" />
-    <target host="www.telusmobility.com" />
-    <target host="telusinternational.com" />
-    <target host="www.telusinternational.com" />
-
-    <test url="https://telushealth.com/" />
-    <test url="https://telusmobility.com/" />
-
-    <securecookie host="^(?:\.)?(?:www|mobility|mobileidentity|msg|shop)?(?:\.)?telus\.com$" name=".+" />
-    <securecookie host="^www\.telushealth\.co$" name=".+" />
-    <securecookie host="^webmail\.telus\.net$" name=".+" />
-    <securecookie host="^(?:www)?(?:\.)?telusinternational\.com$" name=".+" />
-
-    <rule from="^https://telushealth\.com/"
-            to="https://www.telushealth.com/" />
-    <rule from="^https://telusmobility\.com/"
-            to="https://www.telusmobility.com/" />
-    <rule from="^http:"
-            to="https:" />
+<ruleset name="Telus (partial)">
+	<target host="telushealth.co" />
+	<target host="www.telushealth.co" />
+
+	<target host="telus.com" />
+	<target host="www.telus.com" />
+	<target host="b.telus.com" />
+	<target host="mobility.telus.com" />
+	<target host="shop.telus.com" />
+	<target host="static.telus.com" />
+
+	<target host="www.telushealth.com" />
+
+	<target host="telusinternational.com" />
+	<target host="www.telusinternational.com" />
+
+	<target host="www.telusmobility.com" />
+
+	<target host="webmail.telus.net" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Temando.com.xml b/src/chrome/content/rules/Temando.com.xml
deleted file mode 100644
index 652bf84e33a7..000000000000
--- a/src/chrome/content/rules/Temando.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Temando.com">
-
-	<target host="temando.com" />
-	<target host="dashboard.temando.com" />
-	<target host="www.temando.com" />
-
-
-	<securecookie host="^dashboard\.temando\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Temp-Mail.xml b/src/chrome/content/rules/Temp-Mail.xml
index bcea5b0a3515..6602282e3035 100644
--- a/src/chrome/content/rules/Temp-Mail.xml
+++ b/src/chrome/content/rules/Temp-Mail.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.temp-mail.ru/ => https://www.temp-mail.ru/: (6, 'Could n
 	¹: Timeout
 
 -->
-<ruleset name="Temp Mail" default_off='failed ruleset test'>
+<ruleset name="Temp Mail" default_off="failed ruleset test">
 
 	<target host="temp-mail.org" />
 	<target host="www.temp-mail.org" />
diff --git a/src/chrome/content/rules/Template_Monster.com.xml b/src/chrome/content/rules/Template_Monster.com.xml
index e8396bd46c1d..8fbc2f317946 100644
--- a/src/chrome/content/rules/Template_Monster.com.xml
+++ b/src/chrome/content/rules/Template_Monster.com.xml
@@ -58,10 +58,15 @@
 <ruleset name="Template Monster.com (partial)">
 
 	<target host="templatemonster.com" />
-	<target host="*.templatemonster.com" />
+	<target host="secure.templatemonster.com" />
+	<target host="www.templatemonster.com" />
+	<target host="scr.templatemonster.com" />
+	<target host="wac.templatemonster.com" />
 		<!--exclusion pattern="^http://(www\.)?templatemonster\.com/($|\?|main\.js)" /-->
 		<exclusion pattern="^http://(?:www\.)?templatemonster\.com/(?!cart\.php|favicon\.ico|images/|js/|themes/)" />
-	<target host="*.tmimgcdn.com" />
+	<target host="i.tmimgcdn.com" />
+	<target host="j.tmimgcdn.com" />
+	<target host="t.tmimgcdn.com" />
 
 
 	<!--	Tracking cookies:
@@ -76,8 +81,6 @@
 	<rule from="^http://scr\.templatemonster\.com/"
 		to="https://scrtm-templatemonster.netdna-ssl.com/" />
 
-	<rule from="^http://wac\.templatemonster\.com/"
-		to="https://wac.templatemonster.com/" />
 
 	<rule from="^http://i\.tmimgcdn\.com/"
 		to="https://secure.templatemonster.com/images/" />
@@ -88,4 +91,5 @@
 	<rule from="^http://t\.tmimgcdn\.com/"
 		to="https://themestm-templatemonster.netdna-ssl.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TenMarks.com.xml b/src/chrome/content/rules/TenMarks.com.xml
deleted file mode 100644
index d1106fa80309..000000000000
--- a/src/chrome/content/rules/TenMarks.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
-
-	Fully covered hosts in *tenmarks.com
-
-		- (www.)?
-		- help
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.tenmarks.com
-
--->
-<ruleset name="TenMarks.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="tenmarks.com" />
-	<target host="help.tenmarks.com" />
-	<target host="www.tenmarks.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.tenmarks\.com$" name="^(csrftoken|ftu_flow|tmcookie)$" /-->
-
-	<securecookie host="^www\.tenmarks\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tendatta.com.xml b/src/chrome/content/rules/Tendatta.com.xml
deleted file mode 100644
index 26a40c9161c3..000000000000
--- a/src/chrome/content/rules/Tendatta.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Web bugs.
-
-
-	Fully covered subdomains:
-
-		- ^
-		- go
-
-
-	www.tendatta.com doesn't exist.
-
--->
-<ruleset name="tendatta.com">
-
-	<target host="tendatta.com" />
-	<target host="go.tendatta.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tenhou.net.xml b/src/chrome/content/rules/Tenhou.net.xml
new file mode 100644
index 000000000000..56bdafe13a32
--- /dev/null
+++ b/src/chrome/content/rules/Tenhou.net.xml
@@ -0,0 +1,12 @@
+<!--
+	mismatch: blog.tenhou.net
+-->
+
+<ruleset name="Tenhou.net">
+	<target host="tenhou.net" />
+	<target host="cdn.tenhou.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tenon.com.xml b/src/chrome/content/rules/Tenon.com.xml
index 766667304f85..d93ee27f7088 100644
--- a/src/chrome/content/rules/Tenon.com.xml
+++ b/src/chrome/content/rules/Tenon.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.tenon.com/ => https://www.tenon.com/: (28, 'Connection t
 	^: cert only matches www
 
 -->
-<ruleset name="Tenon.com" default_off='failed ruleset test'>
+<ruleset name="Tenon.com" default_off="failed ruleset test">
 
 	<target host="tenon.com" />
 	<target host="www.tenon.com" />
diff --git a/src/chrome/content/rules/Tenpay.com-falsemixed.xml b/src/chrome/content/rules/Tenpay.com-falsemixed.xml
deleted file mode 100644
index 74bbc957c134..000000000000
--- a/src/chrome/content/rules/Tenpay.com-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Tenpay.com.xml.
-
--->
-<ruleset name="Tenpay.com (false MCB)" platform="mixedcontent">
-
-	<target host="life.tenpay.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tenpay.com.xml b/src/chrome/content/rules/Tenpay.com.xml
index 564fbdd75390..307de0be02ad 100644
--- a/src/chrome/content/rules/Tenpay.com.xml
+++ b/src/chrome/content/rules/Tenpay.com.xml
@@ -12,7 +12,7 @@
 		- open		200 redirects to error.shtml
 		- sdc		Blank page
 		- union		Dropped
-	
+
 
 	Problematic hosts in *tenpay.com:
 
diff --git a/src/chrome/content/rules/Tent.is.xml b/src/chrome/content/rules/Tent.is.xml
index 38e522cbed70..976f83b9bde4 100644
--- a/src/chrome/content/rules/Tent.is.xml
+++ b/src/chrome/content/rules/Tent.is.xml
@@ -18,7 +18,7 @@ Fetch error: http://tent.is/ => https://tent.is/: (6, 'Could not resolve host: t
 		- *	(user subdomains)
 
 -->
-<ruleset name="Tent.is" default_off='failed ruleset test'>
+<ruleset name="Tent.is" default_off="failed ruleset test">
 
 	<target host="tent.is" />
 	<target host="*.tent.is" />
@@ -27,4 +27,4 @@ Fetch error: http://tent.is/ => https://tent.is/: (6, 'Could not resolve host: t
 	<rule from="^http://([\w-]+\.)?tent\.is/"
 		to="https://$1tent.is/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Teo.xml b/src/chrome/content/rules/Teo.xml
index 40bfeabac93f..2ae5878d23f6 100644
--- a/src/chrome/content/rules/Teo.xml
+++ b/src/chrome/content/rules/Teo.xml
@@ -1,7 +1,7 @@
 <ruleset name="Teo">
 	<target host="teo.lt" />
 	<target host="www.teo.lt" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tequipment.NET.xml b/src/chrome/content/rules/Tequipment.NET.xml
index 74c7ab0ae3fe..372c3d399f43 100644
--- a/src/chrome/content/rules/Tequipment.NET.xml
+++ b/src/chrome/content/rules/Tequipment.NET.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Terena.org.xml b/src/chrome/content/rules/Terena.org.xml
index 0458294d40e5..320fab5bc1ab 100644
--- a/src/chrome/content/rules/Terena.org.xml
+++ b/src/chrome/content/rules/Terena.org.xml
@@ -86,7 +86,7 @@ Non-2xx HTTP code: http://tnc2006.terena.org/ (200) => https://www.terena.org/ev
 		- www.terena.org
 
 -->
-<ruleset name="Terena.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Terena.org (partial)" default_off="failed ruleset test">
 
 	<target host="terena.org" />
 	<target host="*.terena.org" />
diff --git a/src/chrome/content/rules/Terminal.com.xml b/src/chrome/content/rules/Terminal.com.xml
index 66ebe81ff1c8..b4824fa0994f 100644
--- a/src/chrome/content/rules/Terminal.com.xml
+++ b/src/chrome/content/rules/Terminal.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.terminal.com/ => https://www.terminal.com/: (7, 'Failed
 		- www.terminal.com
 
 -->
-<ruleset name="Terminal.com" default_off='failed ruleset test'>
+<ruleset name="Terminal.com" default_off="failed ruleset test">
 
 	<target host="terminal.com" />
 	<target host="blog.terminal.com" />
diff --git a/src/chrome/content/rules/Terminatio.org.xml b/src/chrome/content/rules/Terminatio.org.xml
deleted file mode 100644
index e0ad4a8440de..000000000000
--- a/src/chrome/content/rules/Terminatio.org.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- Images from terminatio.org *
-
-	* Secured by us
-
--->
-<ruleset name="Terminatio.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="terminatio.org" />
-	<target host="www.terminatio.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TerraMailMX.xml b/src/chrome/content/rules/TerraMailMX.xml
deleted file mode 100644
index ce0657115525..000000000000
--- a/src/chrome/content/rules/TerraMailMX.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<ruleset name="Terra Mail (MX)">
-	<target host="correo.terra.com.mx" />
-	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TerraUserCentralMX.xml b/src/chrome/content/rules/TerraUserCentralMX.xml
index 0ba79ae32404..ce380eaec0dd 100644
--- a/src/chrome/content/rules/TerraUserCentralMX.xml
+++ b/src/chrome/content/rules/TerraUserCentralMX.xml
@@ -1,4 +1,4 @@
 <ruleset name="Terra User Central (MX)" default_off="Breaks site">
 	<target host="central.terra.com.mx" />
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Terra_Bank.ru.xml b/src/chrome/content/rules/Terra_Bank.ru.xml
deleted file mode 100644
index b80f2754448b..000000000000
--- a/src/chrome/content/rules/Terra_Bank.ru.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	www: cert only matches ^terrabank.ru
-
-
-	Mixed content:
-
-		- Bugs from www.megastock.ru *
-
-	* Not secured by us <= self-signed
-
--->
-<ruleset name="Terra Bank.ru">
-
-	<target host="terrabank.ru" />
-	<target host="www.terrabank.ru" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Terres_Oubliees.com.xml b/src/chrome/content/rules/Terres_Oubliees.com.xml
index 9a1c08f6d3ea..4741abc25e2b 100644
--- a/src/chrome/content/rules/Terres_Oubliees.com.xml
+++ b/src/chrome/content/rules/Terres_Oubliees.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="Terres Oubliees.com">
 
 	<target host="terresoubliees.com" />
-	<target host="*.terresoubliees.com" />
+	<target host="www.terresoubliees.com" />
+	<target host="erp.terresoubliees.com" />
 
 
 	<securecookie host="^(?:w*\.)?terresoubliees\.com$" name=".+" />
@@ -13,7 +14,6 @@
 	<rule from="^http://(?:www\.)?terresoubliees\.com/"
 		to="https://www.terresoubliees.com/" />
 
-	<rule from="^http://erp\.terresoubliees\.com/"
-		to="https://erp.terresoubliees.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tesco_Compare.com.xml b/src/chrome/content/rules/Tesco_Compare.com.xml
index 3cc5bee914b0..81d6b6976dca 100644
--- a/src/chrome/content/rules/Tesco_Compare.com.xml
+++ b/src/chrome/content/rules/Tesco_Compare.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.tescocompare.com/ => https://www.tescocompare.com/: (7,
 	Cert only matches www.
 
 -->
-<ruleset name="Tesco Compare.com" default_off='failed ruleset test'>
+<ruleset name="Tesco Compare.com" default_off="failed ruleset test">
 
 	<target host="tescocompare.com" />
 	<target host="www.tescocompare.com" />
diff --git a/src/chrome/content/rules/Tesco_Diets.com.xml b/src/chrome/content/rules/Tesco_Diets.com.xml
index b4a4eac6f54b..924e46b4a113 100644
--- a/src/chrome/content/rules/Tesco_Diets.com.xml
+++ b/src/chrome/content/rules/Tesco_Diets.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.tescodiets.com/ => https://www.tescodiets.com/: (51, "SS
 	* Secured by us
 
 -->
-<ruleset name="Tesco Diets.com" default_off='failed ruleset test'>
+<ruleset name="Tesco Diets.com" default_off="failed ruleset test">
 
 	<target host="tescodiets.com" />
 	<target host="www.tescodiets.com" />
diff --git a/src/chrome/content/rules/Test-IPv6.cz.xml b/src/chrome/content/rules/Test-IPv6.cz.xml
deleted file mode 100644
index 40e8a5601130..000000000000
--- a/src/chrome/content/rules/Test-IPv6.cz.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Invalid certificate:
-		badsig.dnssec.test-ipv6.cz
-
--->
-<ruleset name="Test-IPv6.cz">
-
-	<target host="test-ipv6.cz" />
-	<target host="www.test-ipv6.cz" />
-	<target host="a.test-ipv6.cz" />
-	<target host="aaaa.test-ipv6.cz" />
-	<target host="ds.test-ipv6.cz" />
-	<target host="ipv4.test-ipv6.cz" />
-	<target host="ipv6.test-ipv6.cz" />
-	<target host="mtu1280.test-ipv6.cz" />
-	<target host="v4.test-ipv6.cz" />
-	<target host="v6.test-ipv6.cz" />
-	<target host="ds.v6ns.test-ipv6.cz" />
-	<target host="www4.test-ipv6.cz" />
-	<target host="www6.test-ipv6.cz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Test-IPv6.xml b/src/chrome/content/rules/Test-IPv6.xml
new file mode 100644
index 000000000000..abdd2f73626c
--- /dev/null
+++ b/src/chrome/content/rules/Test-IPv6.xml
@@ -0,0 +1,457 @@
+<!--
+	Mirrors:
+		https://test-ipv6.com/mirrors.html
+
+	Invalid certificate:
+		badsig.dnssec.test-ipv6.cz
+		a.test-ipv6.com
+		aaaa.test-ipv6.com
+		v4.test-ipv6.com
+		v6.test-ipv6.com
+		www4.test-ipv6.com
+		www6.test-ipv6.com
+		www.testipv6.de
+		a.testipv6.de
+		aaaa.testipv6.de
+		mtu1280.testipv6.de
+		v4.testipv6.de
+		v6.testipv6.de
+		www4.testipv6.de
+		www6.testipv6.de
+		test-ipv6.cmd.net.br
+		www.test-ipv6.cmd.net.br
+		a.test-ipv6.cmd.net.br
+		aaaa.test-ipv6.cmd.net.br
+		ds.test-ipv6.cmd.net.br
+		ipv4.test-ipv6.cmd.net.br
+		ipv6.test-ipv6.cmd.net.br
+		mtu1280.test-ipv6.cmd.net.br
+		v4.test-ipv6.cmd.net.br
+		v6.test-ipv6.cmd.net.br
+		ds.v6ns.test-ipv6.cmd.net.br
+		www4.test-ipv6.cmd.net.br
+		www6.test-ipv6.cmd.net.br
+		www.ipv6ready.me
+		a.ipv6ready.me
+		aaaa.ipv6ready.me
+		v4.ipv6ready.me
+		v6.ipv6ready.me
+		www4.ipv6ready.me
+		www6.ipv6ready.me
+		a.test-ipv6-vm3.comcast.net
+		aaaa.test-ipv6-vm3.comcast.net
+		ipv6.test-ipv6-vm3.comcast.net
+		mtu1280.test-ipv6-vm3.comcast.net
+		v4.test-ipv6-vm3.comcast.net
+		v6.test-ipv6-vm3.comcast.net
+		www4.test-ipv6-vm3.comcast.net
+		www6.test-ipv6-vm3.comcast.net
+		test-ipv6.nl
+		www.test-ipv6.nl
+		a.test-ipv6.nl
+		aaaa.test-ipv6.nl
+		ds.test-ipv6.nl
+		ipv4.test-ipv6.nl
+		ipv6.test-ipv6.nl
+		mtu1280.test-ipv6.nl
+		v4.test-ipv6.nl
+		v6.test-ipv6.nl
+		ds.v6ns.test-ipv6.nl
+		www4.test-ipv6.nl
+		www6.test-ipv6.nl
+		ds.v6ns.test-ipv6.polkam.go.id
+		www.test-ipv6.com.au
+		a.test-ipv6.com.au
+		aaaa.test-ipv6.com.au
+		v4.test-ipv6.com.au
+		v6.test-ipv6.com.au
+		www4.test-ipv6.com.au
+		www6.test-ipv6.com.au
+		test-ipv6.ernet.in
+		www.test-ipv6.ernet.in
+		a.test-ipv6.ernet.in
+		aaaa.test-ipv6.ernet.in
+		ds.test-ipv6.ernet.in
+		ipv4.test-ipv6.ernet.in
+		ipv6.test-ipv6.ernet.in
+		mtu1280.test-ipv6.ernet.in
+		v4.test-ipv6.ernet.in
+		v6.test-ipv6.ernet.in
+		ds.v6ns.test-ipv6.ernet.in
+		www4.test-ipv6.ernet.in
+		www6.test-ipv6.ernet.in
+		a.test-ipv6.ams.vr.org
+		aaaa.test-ipv6.ams.vr.org
+		ipv6.test-ipv6.ams.vr.org
+		mtu1280.test-ipv6.ams.vr.org
+		v4.test-ipv6.ams.vr.org
+		v6.test-ipv6.ams.vr.org
+		www4.test-ipv6.ams.vr.org
+		www6.test-ipv6.ams.vr.org
+		a.test-ipv6.jp
+		aaaa.test-ipv6.jp
+		v4.test-ipv6.jp
+		v6.test-ipv6.jp
+		www4.test-ipv6.jp
+		www6.test-ipv6.jp
+		www.ipv6-test.pl
+		a.ipv6-test.pl
+		aaaa.ipv6-test.pl
+		mtu1280.ipv6-test.pl
+		v4.ipv6-test.pl
+		v6.ipv6-test.pl
+		www4.ipv6-test.pl
+		www6.ipv6-test.pl
+		a.test-ipv6-vm4.comcast.net
+		aaaa.test-ipv6-vm4.comcast.net
+		ipv6.test-ipv6-vm4.comcast.net
+		mtu1280.test-ipv6-vm4.comcast.net
+		v4.test-ipv6-vm4.comcast.net
+		v6.test-ipv6-vm4.comcast.net
+		www4.test-ipv6-vm4.comcast.net
+		www6.test-ipv6-vm4.comcast.net
+		a.test-ipv6.go6.si
+		aaaa.test-ipv6.go6.si
+		ipv6.test-ipv6.go6.si
+		mtu1280.test-ipv6.go6.si
+		v4.test-ipv6.go6.si
+		v6.test-ipv6.go6.si
+		ds.v6ns.test-ipv6.go6.si
+		www4.test-ipv6.go6.si
+		www6.test-ipv6.go6.si
+		a.test-ipv6.hkg.vr.org
+		aaaa.test-ipv6.hkg.vr.org
+		v4.test-ipv6.hkg.vr.org
+		v6.test-ipv6.hkg.vr.org
+		www4.test-ipv6.hkg.vr.org
+		www6.test-ipv6.hkg.vr.org
+		www.test-ipv6.csclub.uwaterloo.ca
+		a.test-ipv6.csclub.uwaterloo.ca
+		aaaa.test-ipv6.csclub.uwaterloo.ca
+		v4.test-ipv6.csclub.uwaterloo.ca
+		v6.test-ipv6.csclub.uwaterloo.ca
+		www4.test-ipv6.csclub.uwaterloo.ca
+		www6.test-ipv6.csclub.uwaterloo.ca
+		aaaa.test-ipv6.vyncke.org
+		ipv6.test-ipv6.vyncke.org
+		mtu1280.test-ipv6.vyncke.org
+		v4.test-ipv6.vyncke.org
+		v6.test-ipv6.vyncke.org
+		www4.test-ipv6.vyncke.org
+		www6.test-ipv6.vyncke.org
+		www.test-ipv6.carnet.hr
+		a.test-ipv6.carnet.hr
+		aaaa.test-ipv6.carnet.hr
+		ipv6.test-ipv6.carnet.hr
+		mtu1280.test-ipv6.carnet.hr
+		v4.test-ipv6.carnet.hr
+		v6.test-ipv6.carnet.hr
+		www4.test-ipv6.carnet.hr
+		www6.test-ipv6.carnet.hr
+		a.test-ipv6.cl
+		aaaa.test-ipv6.cl
+		ipv6.test-ipv6.cl
+		mtu1280.test-ipv6.cl
+		v4.test-ipv6.cl
+		v6.test-ipv6.cl
+		www4.test-ipv6.cl
+		www6.test-ipv6.cl
+		a.test-ipv6.zw.liquidtelecom.net
+		aaaa.test-ipv6.zw.liquidtelecom.net
+		ipv6.test-ipv6.zw.liquidtelecom.net
+		v4.test-ipv6.zw.liquidtelecom.net
+		v6.test-ipv6.zw.liquidtelecom.net
+		www4.test-ipv6.zw.liquidtelecom.net
+		www6.test-ipv6.zw.liquidtelecom.net
+		a.test-ipv6.si
+		aaaa.test-ipv6.si
+		v4.test-ipv6.si
+		v6.test-ipv6.si
+		www4.test-ipv6.si
+		www6.test-ipv6.si
+		www.test-ipv6.showmyip.ca
+		a.test-ipv6.showmyip.ca
+		aaaa.test-ipv6.showmyip.ca
+		v4.test-ipv6.showmyip.ca
+		v6.test-ipv6.showmyip.ca
+		www4.test-ipv6.showmyip.ca
+		www6.test-ipv6.showmyip.ca
+		a.test-ipv6.roedu.net
+		aaaa.test-ipv6.roedu.net
+		ipv6.test-ipv6.roedu.net
+		v4.test-ipv6.roedu.net
+		v6.test-ipv6.roedu.net
+		www4.test-ipv6.roedu.net
+		www6.test-ipv6.roedu.net
+		www.test-ipv6.sin.vr.org
+		a.test-ipv6.sin.vr.org
+		aaaa.test-ipv6.sin.vr.org
+		v4.test-ipv6.sin.vr.org
+		v6.test-ipv6.sin.vr.org
+		www4.test-ipv6.sin.vr.org
+		www6.test-ipv6.sin.vr.org
+		a.test-ipv6.noroutetohost.net
+		aaaa.test-ipv6.noroutetohost.net
+		v4.test-ipv6.noroutetohost.net
+		v6.test-ipv6.noroutetohost.net
+		www4.test-ipv6.noroutetohost.net
+		www6.test-ipv6.noroutetohost.net
+		a.test-ipv6.epic.network
+		aaaa.test-ipv6.epic.network
+		v4.test-ipv6.epic.network
+		v6.test-ipv6.epic.network
+		www4.test-ipv6.epic.network
+		www6.test-ipv6.epic.network
+		a.test-ipv6.se
+		aaaa.test-ipv6.se
+		v4.test-ipv6.se
+		v6.test-ipv6.se
+		www4.test-ipv6.se
+		www6.test-ipv6.se
+		www.test-ipv6.alpinedc.ch
+		a.test-ipv6.alpinedc.ch
+		aaaa.test-ipv6.alpinedc.ch
+		v4.test-ipv6.alpinedc.ch
+		v6.test-ipv6.alpinedc.ch
+		www4.test-ipv6.alpinedc.ch
+		www6.test-ipv6.alpinedc.ch
+		a.test-ipv6.arauc.br
+		aaaa.test-ipv6.arauc.br
+		v4.test-ipv6.arauc.br
+		v6.test-ipv6.arauc.br
+		www4.test-ipv6.arauc.br
+		www6.test-ipv6.arauc.br
+		a.test-ipv6.ke.liquidtelecom.net
+		aaaa.test-ipv6.ke.liquidtelecom.net
+		v4.test-ipv6.ke.liquidtelecom.net
+		v6.test-ipv6.ke.liquidtelecom.net
+		www4.test-ipv6.ke.liquidtelecom.net
+		www6.test-ipv6.ke.liquidtelecom.net
+		www.test-ipv6.fratec.net
+		a.test-ipv6.fratec.net
+		aaaa.test-ipv6.fratec.net
+		v4.test-ipv6.fratec.net
+		v6.test-ipv6.fratec.net
+		www4.test-ipv6.fratec.net
+		www6.test-ipv6.fratec.net
+-->
+<ruleset name="Test-IPv6">
+
+	<target host="test-ipv6.com" />
+	<target host="www.test-ipv6.com" />
+	<target host="ds.test-ipv6.com" />
+	<target host="ipv4.test-ipv6.com" />
+	<target host="ipv6.test-ipv6.com" />
+	<target host="mtu1280.test-ipv6.com" />
+	<target host="ds.v6ns.test-ipv6.com" />
+
+	<target host="test-ipv6.cz" />
+	<target host="www.test-ipv6.cz" />
+	<target host="a.test-ipv6.cz" />
+	<target host="aaaa.test-ipv6.cz" />
+	<target host="ds.test-ipv6.cz" />
+	<target host="ipv4.test-ipv6.cz" />
+	<target host="ipv6.test-ipv6.cz" />
+	<target host="mtu1280.test-ipv6.cz" />
+	<target host="v4.test-ipv6.cz" />
+	<target host="v6.test-ipv6.cz" />
+	<target host="ds.v6ns.test-ipv6.cz" />
+	<target host="www4.test-ipv6.cz" />
+	<target host="www6.test-ipv6.cz" />
+
+	<target host="testipv6.de" />
+	<target host="ds.testipv6.de" />
+	<target host="ipv4.testipv6.de" />
+	<target host="ipv6.testipv6.de" />
+	<target host="ds.v6ns.testipv6.de" />
+
+	<target host="ipv6ready.me" />
+	<target host="ds.ipv6ready.me" />
+	<target host="ipv4.ipv6ready.me" />
+	<target host="ipv6.ipv6ready.me" />
+	<target host="mtu1280.ipv6ready.me" />
+	<target host="ds.v6ns.ipv6ready.me" />
+
+	<target host="test-ipv6-vm3.comcast.net" />
+	<target host="www.test-ipv6-vm3.comcast.net" />
+	<target host="ds.test-ipv6-vm3.comcast.net" />
+	<target host="ipv4.test-ipv6-vm3.comcast.net" />
+	<target host="ds.v6ns.test-ipv6-vm3.comcast.net" />
+
+	<target host="test-ipv6.polkam.go.id" />
+	<target host="www.test-ipv6.polkam.go.id" />
+	<target host="a.test-ipv6.polkam.go.id" />
+	<target host="aaaa.test-ipv6.polkam.go.id" />
+	<target host="ipv4.test-ipv6.polkam.go.id" />
+	<target host="ipv6.test-ipv6.polkam.go.id" />
+	<target host="mtu1280.test-ipv6.polkam.go.id" />
+	<target host="v4.test-ipv6.polkam.go.id" />
+	<target host="v6.test-ipv6.polkam.go.id" />
+	<target host="www4.test-ipv6.polkam.go.id" />
+	<target host="www6.test-ipv6.polkam.go.id" />
+
+	<target host="test-ipv6.com.au" />
+	<target host="ds.test-ipv6.com.au" />
+	<target host="ipv4.test-ipv6.com.au" />
+	<target host="ipv6.test-ipv6.com.au" />
+	<target host="mtu1280.test-ipv6.com.au" />
+	<target host="ds.v6ns.test-ipv6.com.au" />
+
+	<target host="test-ipv6.ams.vr.org" />
+	<target host="www.test-ipv6.ams.vr.org" />
+	<target host="ds.test-ipv6.ams.vr.org" />
+	<target host="ipv4.test-ipv6.ams.vr.org" />
+	<target host="ds.v6ns.test-ipv6.ams.vr.org" />
+
+	<target host="test-ipv6.jp" />
+	<target host="www.test-ipv6.jp" />
+	<target host="ds.test-ipv6.jp" />
+	<target host="ipv4.test-ipv6.jp" />
+	<target host="ipv6.test-ipv6.jp" />
+	<target host="mtu1280.test-ipv6.jp" />
+	<target host="ds.v6ns.test-ipv6.jp" />
+
+	<target host="ipv6-test.pl" />
+	<target host="ds.ipv6-test.pl" />
+	<target host="ipv4.ipv6-test.pl" />
+	<target host="ipv6.ipv6-test.pl" />
+	<target host="ds.v6ns.ipv6-test.pl" />
+
+	<target host="test-ipv6-vm4.comcast.net" />
+	<target host="www.test-ipv6-vm4.comcast.net" />
+	<target host="ds.test-ipv6-vm4.comcast.net" />
+	<target host="ipv4.test-ipv6-vm4.comcast.net" />
+	<target host="ds.v6ns.test-ipv6-vm4.comcast.net" />
+
+	<target host="test-ipv6.go6.si" />
+	<target host="www.test-ipv6.go6.si" />
+	<target host="ds.test-ipv6.go6.si" />
+	<target host="ipv4.test-ipv6.go6.si" />
+
+	<target host="test-ipv6.hkg.vr.org" />
+	<target host="www.test-ipv6.hkg.vr.org" />
+	<target host="ds.test-ipv6.hkg.vr.org" />
+	<target host="ipv4.test-ipv6.hkg.vr.org" />
+	<target host="ipv6.test-ipv6.hkg.vr.org" />
+	<target host="mtu1280.test-ipv6.hkg.vr.org" />
+	<target host="ds.v6ns.test-ipv6.hkg.vr.org" />
+
+	<target host="test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ds.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ipv4.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ipv6.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="mtu1280.test-ipv6.csclub.uwaterloo.ca" />
+	<target host="ds.v6ns.test-ipv6.csclub.uwaterloo.ca" />
+
+	<target host="test-ipv6.vyncke.org" />
+	<target host="www.test-ipv6.vyncke.org" />
+	<target host="a.test-ipv6.vyncke.org" />
+	<target host="ds.test-ipv6.vyncke.org" />
+	<target host="ipv4.test-ipv6.vyncke.org" />
+	<target host="ds.v6ns.test-ipv6.vyncke.org" />
+
+	<target host="test-ipv6.carnet.hr" />
+	<target host="ds.test-ipv6.carnet.hr" />
+	<target host="ipv4.test-ipv6.carnet.hr" />
+	<target host="ds.v6ns.test-ipv6.carnet.hr" />
+
+	<target host="test-ipv6.cl" />
+	<target host="www.test-ipv6.cl" />
+	<target host="ds.test-ipv6.cl" />
+	<target host="ipv4.test-ipv6.cl" />
+	<target host="ds.v6ns.test-ipv6.cl" />
+
+	<target host="test-ipv6.zw.liquidtelecom.net" />
+	<target host="www.test-ipv6.zw.liquidtelecom.net" />
+	<target host="ds.test-ipv6.zw.liquidtelecom.net" />
+	<target host="ipv4.test-ipv6.zw.liquidtelecom.net" />
+	<target host="mtu1280.test-ipv6.zw.liquidtelecom.net" />
+	<target host="ds.v6ns.test-ipv6.zw.liquidtelecom.net" />
+
+	<target host="test-ipv6.si" />
+	<target host="www.test-ipv6.si" />
+	<target host="ds.test-ipv6.si" />
+	<target host="ipv4.test-ipv6.si" />
+	<target host="ipv6.test-ipv6.si" />
+	<target host="mtu1280.test-ipv6.si" />
+	<target host="ds.v6ns.test-ipv6.si" />
+
+	<target host="test-ipv6.showmyip.ca" />
+	<target host="ds.test-ipv6.showmyip.ca" />
+	<target host="ipv4.test-ipv6.showmyip.ca" />
+	<target host="ipv6.test-ipv6.showmyip.ca" />
+	<target host="mtu1280.test-ipv6.showmyip.ca" />
+	<target host="ds.v6ns.test-ipv6.showmyip.ca" />
+
+	<target host="test-ipv6.roedu.net" />
+	<target host="www.test-ipv6.roedu.net" />
+	<target host="ds.test-ipv6.roedu.net" />
+	<target host="ipv4.test-ipv6.roedu.net" />
+	<target host="mtu1280.test-ipv6.roedu.net" />
+	<target host="ds.v6ns.test-ipv6.roedu.net" />
+
+	<target host="test-ipv6.sin.vr.org" />
+	<target host="ds.test-ipv6.sin.vr.org" />
+	<target host="ipv4.test-ipv6.sin.vr.org" />
+	<target host="ipv6.test-ipv6.sin.vr.org" />
+	<target host="mtu1280.test-ipv6.sin.vr.org" />
+	<target host="ds.v6ns.test-ipv6.sin.vr.org" />
+
+	<target host="test-ipv6.noroutetohost.net" />
+	<target host="www.test-ipv6.noroutetohost.net" />
+	<target host="ds.test-ipv6.noroutetohost.net" />
+	<target host="ipv4.test-ipv6.noroutetohost.net" />
+	<target host="ipv6.test-ipv6.noroutetohost.net" />
+	<target host="mtu1280.test-ipv6.noroutetohost.net" />
+	<target host="ds.v6ns.test-ipv6.noroutetohost.net" />
+
+	<target host="test-ipv6.epic.network" />
+	<target host="www.test-ipv6.epic.network" />
+	<target host="ds.test-ipv6.epic.network" />
+	<target host="ipv4.test-ipv6.epic.network" />
+	<target host="ipv6.test-ipv6.epic.network" />
+	<target host="mtu1280.test-ipv6.epic.network" />
+	<target host="ds.v6ns.test-ipv6.epic.network" />
+
+	<target host="test-ipv6.se" />
+	<target host="www.test-ipv6.se" />
+	<target host="ds.test-ipv6.se" />
+	<target host="ipv4.test-ipv6.se" />
+	<target host="ipv6.test-ipv6.se" />
+	<target host="mtu1280.test-ipv6.se" />
+	<target host="ds.v6ns.test-ipv6.se" />
+
+	<target host="test-ipv6.alpinedc.ch" />
+	<target host="ds.test-ipv6.alpinedc.ch" />
+	<target host="ipv4.test-ipv6.alpinedc.ch" />
+	<target host="ipv6.test-ipv6.alpinedc.ch" />
+	<target host="mtu1280.test-ipv6.alpinedc.ch" />
+	<target host="ds.v6ns.test-ipv6.alpinedc.ch" />
+
+	<target host="test-ipv6.arauc.br" />
+	<target host="www.test-ipv6.arauc.br" />
+	<target host="ds.test-ipv6.arauc.br" />
+	<target host="ipv4.test-ipv6.arauc.br" />
+	<target host="ipv6.test-ipv6.arauc.br" />
+	<target host="mtu1280.test-ipv6.arauc.br" />
+	<target host="ds.v6ns.test-ipv6.arauc.br" />
+
+	<target host="test-ipv6.ke.liquidtelecom.net" />
+	<target host="www.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ds.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ipv4.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ipv6.test-ipv6.ke.liquidtelecom.net" />
+	<target host="mtu1280.test-ipv6.ke.liquidtelecom.net" />
+	<target host="ds.v6ns.test-ipv6.ke.liquidtelecom.net" />
+
+	<target host="test-ipv6.fratec.net" />
+	<target host="ds.test-ipv6.fratec.net" />
+	<target host="ipv4.test-ipv6.fratec.net" />
+	<target host="ipv6.test-ipv6.fratec.net" />
+	<target host="mtu1280.test-ipv6.fratec.net" />
+	<target host="ds.v6ns.test-ipv6.fratec.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TestCloud.io.xml b/src/chrome/content/rules/TestCloud.io.xml
index d7f9811ffe36..6d2f9d7e0f35 100644
--- a/src/chrome/content/rules/TestCloud.io.xml
+++ b/src/chrome/content/rules/TestCloud.io.xml
@@ -28,7 +28,7 @@ Fetch error: http://testcloud.io/ => https://testcloud.io/: (7, 'Failed to conne
 		- app.thetestcloud.com
 
 -->
-<ruleset name="testCloud.io (partial)" default_off='failed ruleset test'>
+<ruleset name="testCloud.io (partial)" default_off="failed ruleset test">
 
 	<target host="testcloud.de" />
 	<target host="*.testcloud.de" />
diff --git a/src/chrome/content/rules/TestPolitique.fr.xml b/src/chrome/content/rules/TestPolitique.fr.xml
index 3f648c87f7a5..88f36788e88d 100644
--- a/src/chrome/content/rules/TestPolitique.fr.xml
+++ b/src/chrome/content/rules/TestPolitique.fr.xml
@@ -11,7 +11,7 @@
 	<rule from="^http://www\.testpolitique\.fr/"
 		to="https://testpolitique.fr/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Test_Equipment_Depot.xml b/src/chrome/content/rules/Test_Equipment_Depot.xml
index 77c1e1c4dd7e..e876027c7d2a 100644
--- a/src/chrome/content/rules/Test_Equipment_Depot.xml
+++ b/src/chrome/content/rules/Test_Equipment_Depot.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TetherReport.com.xml b/src/chrome/content/rules/TetherReport.com.xml
new file mode 100644
index 000000000000..87afb7239c75
--- /dev/null
+++ b/src/chrome/content/rules/TetherReport.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TetherReport.com">
+	<target host="tetherreport.com" />
+	<target host="www.tetherreport.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tetu.com.xml b/src/chrome/content/rules/Tetu.com.xml
index 3bb25866f28b..1f15bc728104 100644
--- a/src/chrome/content/rules/Tetu.com.xml
+++ b/src/chrome/content/rules/Tetu.com.xml
@@ -19,7 +19,7 @@
 	<target host="tetu.com" />
 	<target host="www.tetu.com" />
 
-	<securecookie host="^(?:.+\.)?tetu\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Texas-Association-of-School-Boards.xml b/src/chrome/content/rules/Texas-Association-of-School-Boards.xml
index c80f56529629..baf7575a3579 100644
--- a/src/chrome/content/rules/Texas-Association-of-School-Boards.xml
+++ b/src/chrome/content/rules/Texas-Association-of-School-Boards.xml
@@ -1,9 +1,10 @@
 <ruleset name="Texas Association of Schoolboards">
 
 	<target host="tasb.org"/>
-	<target host="*.tasb.org"/>
+	<target host="www.tasb.org" />
+	<target host="store.tasb.org" />
 
-	<securecookie host="^(?:.*\.)?tasb\.org$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://(?:www\.)?tasb\.org/"
 		to="https://www.tasb.org/"/>
diff --git a/src/chrome/content/rules/Texas-Department-of-State-Health-Services.xml b/src/chrome/content/rules/Texas-Department-of-State-Health-Services.xml
deleted file mode 100644
index 804a0897a519..000000000000
--- a/src/chrome/content/rules/Texas-Department-of-State-Health-Services.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-
--->
-<ruleset name="Texas Department of State Health Services">
-
-	<target host="dshs.state.tx.us" />
-	<target host="www.dshs.state.tx.us" />
-
-
-	<securecookie host="^www\.dshs\.state\.tx\.us$" name=".+" />
-
-
-	<!--	!www times out.
-				-->
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Texas-Instruments.xml b/src/chrome/content/rules/Texas-Instruments.xml
index 3e1fab8ac346..69853f08f389 100644
--- a/src/chrome/content/rules/Texas-Instruments.xml
+++ b/src/chrome/content/rules/Texas-Instruments.xml
@@ -1,241 +1,59 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm (200) => https://www.ti.com/ww/en/pic/PIC-Asia.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm (200) => https://www.ti.com/ww/en/pic/PIC-Japan.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm? (200) => https://www.ti.com/ww/en/pic/PIC-Asia.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm?f (200) => https://www.ti.com/ww/en/pic/PIC-Asia.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm?o (200) => https://www.ti.com/ww/en/pic/PIC-Asia.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm? (200) => https://www.ti.com/ww/en/pic/PIC-Japan.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm?f (200) => https://www.ti.com/ww/en/pic/PIC-Japan.html (404)
-Non-2xx HTTP code: http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm?o (200) => https://www.ti.com/ww/en/pic/PIC-Japan.html (404)
-Fetch error: http://videos.ti.com/cn => https://focus.ti.com/general/docs/video/Portal.tsp: Too many redirects while fetching 'https://focus.ti.com/general/docs/video/Portal.tsp'
-Fetch error: http://videos.ti.com/cn? => https://focus.ti.com/general/docs/video/Portal.tsp?: Too many redirects while fetching 'https://focus.ti.com/general/docs/video/Portal.tsp?'
-Fetch error: http://videos.ti.com/cn?f => https://focus.ti.com/general/docs/video/Portal.tsp?f: Too many redirects while fetching 'https://focus.ti.com/general/docs/video/Portal.tsp?f'
-Fetch error: http://videos.ti.com/ => https://focus.ti.com/general/docs/video/Portal.tsp: Too many redirects while fetching 'https://focus.ti.com/general/docs/video/Portal.tsp'
-
-	Texas Instruments
-
-	For rules causing false/broken MCB, see TI.com-falsemixed.xml.
-
-
-	Nonfunctional domains:
-
-		- careers	(shows default Media Temple page, CN: plesk)
-		- education	(403/404, valid cert)
-		- investor *
-		- m		(redirects to www, valid cert)
-		- newscenter *
-		- reviews	(akamai)
-		- processors.wiki	(503, Akamai)
-		- www2		(shows RHEL Apache test page, CN: dqhgl02)
-
-	* Times out
-
-
-	Problematic subdomains:
-
-		- ^			(cert only matches www)
-		- e2e-uat ²
-		- www-k.ext		(times out)
-		- trainingcenter	(mismatched, CN: *.vsearch2.net)
-		- videos		(redirects to www; mismatched, CN: www.ti.com)
-		- www			Blocks Tor users
-
-	² Self-signed, mismatched, CN: 515969-UAT1.saas.telligent.com
-
-
-	Partially covered subdomains:
-
-		- www-k.ext	(→ www)
-		- www ² * ³
-
-	² Excluded doc downloads per https://github.com/EFForg/https-everywhere/issues/1467
-	* Excluded product per https://github.com/EFForg/https-everywhere/issues/3179
-	³ Excluded tools/ per https://github.com/EFForg/https-everywhere/issues/1611
-
-
-	Fully covered domains:
+	Timeout:
+		ti.com
+		reviews.ti.com
+		trainingcenter.ti.com
+		videos.ti.com
+		www-s.ti.com
+		commerce.ti.com (504 gateway timeout)
 
-		- (www.)national.com	(→ www.ti.com)
+	Invalid certificate:
+		www-k.ext.ti.com
 
-		- ti.com subdomains:
+	Service unavailable (503):
+		processors.wiki.ti.com
 
-			- e2e
-			- e2e-uat	(→ e2e)
-			- fedid.ext
+	Mixed content issues:
+		m.ti.com
 
-
-	Insecure cookies are set for these hosts:
-
-		- e2e.ti.com
-
-
-	Mixed content:
-
-		- css on processors.wiki from $self *
-
-		- Images, on:
-
-			- e2e from www.ti.com *
-			- processors.wiki from $self *
-			- processors.wiki from e2e-uat *
-			- www from focus *
-
-	Mixed images from reviews.ti.com on www.ti.com
-
-		- Web bugs on processors.wiki from i.creativecommons.org *
-
-	* Secured by us
+	Redirect issues:
+		focus.ti.com
 
 -->
-<ruleset name="TI.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="commerce.ti.com" />
-	<target host="e2e.ti.com" />
-	<target host="estore.ti.com" />
-	<target host="fedid.ext.ti.com" />
-	<target host="focus.ti.com" />
-	<target host="my.ti.com" />
-	<target host="myportal.ti.com" />
-	<!--target host="processors.wiki.ti.com" /-->
-	<target host="www.ti.com" />
 
-	<!--	Complications:
-				-->
-	<target host="national.com" />
-	<target host="www.national.com" />
+<ruleset name="TI.com (partial)">
 
 	<target host="ti.com" />
-	<target host="e2e-uat.ti.com" />
-	<target host="www-k.ext.ti.com" />
-	<target host="reviews.ti.com" />
-	<target host="videos.ti.com" />
-
-		<exclusion pattern="^http://www-k\.ext\.ti\.com/(?!sc/technical-support/pic/asia\.htm|sc/technical-support/pic/japan\.htm)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www-k.ext.ti.com/sc/technical-support/email-tech-support.asp" />
-			<test url="http://www-k.ext.ti.com/sc/technical-support/knowledgebase/analog/analog_help.htm" />
-			<test url="http://www-k.ext.ti.com/sc/technical-support/pic/americas.htm" />
-			<test url="http://www-k.ext.ti.com/sc/technical_support/product_information_centers.htm" />
-			<test url="http://www-k.ext.ti.com/sc/technical-support/tools/dsp/ftp/00index.htm" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm" />
-			<test url="http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm" />
-
-		<exclusion pattern="http://reviews\.ti\.com/(?!$|\?)" />
-
-			<test url="http://reviews.ti.com/8594/19300/reviews.htm" />
-			<test url="http://reviews.ti.com/8594/19437/reviews.htm" />
-			<test url="http://reviews.ti.com/8594/230839/reviews.htm" />
-			<test url="http://reviews.ti.com/8594/37187/reviews.htm" />
-
-		<!--	Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://processors\.wiki\.ti\.com/+(?!extensions/|images/|load\.php|skins/)" /-->
-
-		<!--	Breaks doc downloads:
-						-->
-		<exclusion pattern="^http://www.ti.com/(?:general/docs/)?lit/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.ti.com/general/docs/lit/getliterature.tsp?baseLiteratureNumber=spruer9&amp;fileType=pdf" />
-			<test url="http://www.ti.com/lit/ug/spruer9d/spruer9d.pdf" />
-
-		<!--	https://github.com/EFForg/https-everywhere/issues/3179
-
-			Apparently some subset of product/* triggers MCB:
-									-->
-		<exclusion pattern="^http://(?:www\.)?ti\.com/product(?:$|[?/])" />
-
-			<!--	+ve:
-					-->
-			<test url="http://ti.com/product/tps3511" />
-			<test url="http://www.ti.com/product/am3358" />
-			<test url="http://www.ti.com/product/cc3000" />
-			<test url="http://www.ti.com/product/tps3511" />
-
-		<!--	https://github.com/EFForg/https-everywhere/issues/1611
-								-->
-		<exclusion pattern="^http://www.ti.com/tool/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.ti.com/tool/pmp9754" />
-
-		<test url="http://e2e.ti.com/cfs-file/__key/communityserver-components-sitefiles/images-blog_2D00_headers/powerhouse.gif" />
-		<test url="http://e2e.ti.com/support/omap/" />
-		<test url="http://e2e.ti.com/support/other_analog/default.aspx" />
+	<target host="www.ti.com" />
 
+		<exclusion pattern="^http://www\.ti\.com/corp/" />
+			<test url="http://www.ti.com/corp/docs/legal/copyright.shtml" />
+			<test url="http://www.ti.com/corp/docs/company/home.html" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^e2e\.ti\.com$" name="^(AuthorizationCookie|BIGipServer[\w.-]+)$" /-->
+	<target host="careers.ti.com" />
 
-	<!--	Cookie domains:
+	<target host="education.ti.com" />
 
-			- .
-			- estore
-			- focus
-			- myportal
-			- www
+	<target host="estore.ti.com" />
 
-		Set by myportal, might be used as login
-		on e2e or othe unsecurable subdomains:
+	<target host="e2e.ti.com" />
+	<target host="e2e-uat.ti.com" />
 
-	<securecookie host="^\.ti\.com$" name="^iatc$" /-->
+	<target host="fedid.ext.ti.com" />
 
-	<securecookie host=".+\.ti\.com$" name=".+" />
+	<target host="investor.ti.com" />
 
+	<target host="my.ti.com" />
+	<target host="myportal.ti.com" />
 
-	<!--	Server drops path:
-					-->
-	<rule from="^http://(?:www\.)?national\.com/.*"
-		to="https://www.ti.com/" />
+	<target host="news.ti.com" />
+	<target host="newscenter.ti.com" />
 
-		<test url="http://www.national.com//" />
+	<target host="training.ti.com" />
 
 	<rule from="^http://ti\.com/"
 		to="https://www.ti.com/" />
 
-	<rule from="^http://e2e-uat\.ti\.com/"
-		to="https://e2e.ti.com/" />
-
-	<rule from="^http://www-k\.ext\.ti\.com/sc/technical-support/pic/asia\.htm(?:\?.*)?$"
-		to="https://www.ti.com/ww/en/pic/PIC-Asia.html" />
-
-		<test url="http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm?" />
-		<test url="http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm?f" />
-		<test url="http://www-k.ext.ti.com/sc/technical-support/pic/asia.htm?o" />
-
-	<rule from="^http://www-k\.ext\.ti\.com/sc/technical-support/pic/japan\.htm(?:\?.*)?$"
-		to="https://www.ti.com/ww/en/pic/PIC-Japan.html" />
-
-		<test url="http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm?" />
-		<test url="http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm?f" />
-		<test url="http://www-k.ext.ti.com/sc/technical-support/pic/japan.htm?o" />
-
-	<rule from="^http://reviews\.ti\.com/(?:\?.*)?$"
-		to="https://focus.ti.com/" />
-
-		<test url="http://reviews.ti.com/?" />
-		<test url="http://reviews.ti.com/?f" />
-		<test url="http://reviews.ti.com/?o" />
-
-	<rule from="^http://videos\.ti\.com/[^?]*"
-		to="https://focus.ti.com/general/docs/video/Portal.tsp" />
-
-		<test url="http://videos.ti.com/cn" />
-		<test url="http://videos.ti.com/cn?" />
-		<test url="http://videos.ti.com/cn?f" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml b/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml
index e8e0dbb900b2..f9e68f0bcae7 100644
--- a/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml
+++ b/src/chrome/content/rules/Texas-State-Library-and-Archives-Commission.xml
@@ -1,13 +1,13 @@
 <ruleset name="Texas State Library and Archives Commission">
 
 	<target host="tsl.state.tx.us" />
-	<target host="*.tsl.state.tx.us" />
+	<target host="www.tsl.state.tx.us" />
 
 
 	<securecookie host="^\.tsl\.state\.tx\.us$" name=".+" />
 
 
-	<!--	!www: 
+	<!--	!www:
 			- presents valid cert
 			- shows RHEL Apache test page via https
 			- 302s to www via http
diff --git a/src/chrome/content/rules/Texas_A_and_M_University.xml b/src/chrome/content/rules/Texas_A_and_M_University.xml
index 7933ec91edae..be2a4c6fb10f 100644
--- a/src/chrome/content/rules/Texas_A_and_M_University.xml
+++ b/src/chrome/content/rules/Texas_A_and_M_University.xml
@@ -169,4 +169,4 @@
 	<rule from="^http://(?:www\.)?t(ransport|ti)\.tamu\.edu/"
 		to="https://t$1.tamu.edu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Texas_Center_for_Community_Journalism.xml b/src/chrome/content/rules/Texas_Center_for_Community_Journalism.xml
deleted file mode 100644
index 617ef299c367..000000000000
--- a/src/chrome/content/rules/Texas_Center_for_Community_Journalism.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Texas Center for Community Journalism
-
-
-	(www.)?community-journalism.net: Refused
-
-
-	Insecure cookies are set for these domains:
-
-		- .community-journalism.net
-
--->
-<ruleset name="Community-Journalism.net (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="digital.community-journalism.net" />
-
-
-	<!--securecookie host="^\.community-journalism\.net$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.community-journalism\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Texas_Tribune.org.xml b/src/chrome/content/rules/Texas_Tribune.org.xml
index 39180ce14969..dd29b0028a7d 100644
--- a/src/chrome/content/rules/Texas_Tribune.org.xml
+++ b/src/chrome/content/rules/Texas_Tribune.org.xml
@@ -19,7 +19,8 @@
 <ruleset name="Texas Tribune.org">
 
 	<target host="texastribune.org" />
-	<target host="*.texastribune.org" />
+	<target host="www.texastribune.org" />
+	<target host="static.texastribune.org" />
 
 
 	<securecookie host="^\.?texastribune\.org$" name=".+" />
@@ -28,7 +29,6 @@
 	<rule from="^http://(?:www\.)?texastribune\.org/"
 		to="https://www.texastribune.org/" />
 
-	<rule from="^http://static\.texastribune\.org/"
-		to="https://static.texastribune.org/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Texblog.org.xml b/src/chrome/content/rules/Texblog.org.xml
new file mode 100644
index 000000000000..1dc7330148ea
--- /dev/null
+++ b/src/chrome/content/rules/Texblog.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		mail.texblog.org
+
+-->
+<ruleset name="Texblog.org">
+
+	<target host="texblog.org" />
+	<target host="www.texblog.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/TextFixer.com.xml b/src/chrome/content/rules/TextFixer.com.xml
index d9bd7227061d..daafe150e634 100644
--- a/src/chrome/content/rules/TextFixer.com.xml
+++ b/src/chrome/content/rules/TextFixer.com.xml
@@ -7,4 +7,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TextMagic.com.xml b/src/chrome/content/rules/TextMagic.com.xml
index 77cdcbdca818..d3c1c9b19e4c 100644
--- a/src/chrome/content/rules/TextMagic.com.xml
+++ b/src/chrome/content/rules/TextMagic.com.xml
@@ -34,7 +34,7 @@
 	<!--securecookie host="^my\.textmagic\.com$" name="^PHPSESSID$" /-->
 	<!--securecookie host="^\.support\.textmagic\.com$" name="EP-LastViewedPosts$" /-->
 
-	<securecookie host=".*\.textmagic\.com$" name="" />
+	<securecookie host=".*\.textmagic\.com$" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Textbooks.com.xml b/src/chrome/content/rules/Textbooks.com.xml
index 9ad6d76bccd7..21a858f981fc 100644
--- a/src/chrome/content/rules/Textbooks.com.xml
+++ b/src/chrome/content/rules/Textbooks.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="Textbooks.com" platform="mixedcontent">
 
 	<target host="textbooks.com" />
-	<target host="*.textbooks.com" />
+	<target host="www.textbooks.com" />
+	<target host="images.textbooks.com" />
 	<!--	* for cross-domain cookie	-->
 
 
@@ -12,7 +13,6 @@
 	<rule from="^http://(?:www\.)?textbooks\.com/"
 		to="https://www.textbooks.com/" />
 
-	<rule from="^http://images\.textbooks\.com/"
-		to="https://images.textbooks.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Textracer.dk.xml b/src/chrome/content/rules/Textracer.dk.xml
index f018bbf74086..3a405c7e0faa 100644
--- a/src/chrome/content/rules/Textracer.dk.xml
+++ b/src/chrome/content/rules/Textracer.dk.xml
@@ -5,7 +5,7 @@ Fetch error: http://textracer.dk/ => https://textracer.dk/: (7, 'Failed to conne
 Fetch error: http://www.textracer.dk/ => https://www.textracer.dk/: (7, 'Failed to connect to www.textracer.dk port 443: Connection refused')
 
 -->
-<ruleset name="Textracer.dk" default_off='failed ruleset test'>
+<ruleset name="Textracer.dk" default_off="failed ruleset test">
 
     <target host="textracer.dk" />
     <target host="www.textracer.dk" />
diff --git a/src/chrome/content/rules/Tfb.ru.xml b/src/chrome/content/rules/Tfb.ru.xml
index 17d5ee30aba4..3c458d12d7ea 100644
--- a/src/chrome/content/rules/Tfb.ru.xml
+++ b/src/chrome/content/rules/Tfb.ru.xml
@@ -24,7 +24,7 @@ voip-e.tfb.ru ³
 ² refused
 ³ timed out
 -->
-<ruleset name="tfb.ru" default_off='failed ruleset test'>
+<ruleset name="tfb.ru" default_off="failed ruleset test">
 	<target host="tfb.ru" />
 	<target host="www.tfb.ru" />
 	<target host="acs.tfb.ru" />
diff --git a/src/chrome/content/rules/Th-nuernberg.de.xml b/src/chrome/content/rules/Th-nuernberg.de.xml
deleted file mode 100644
index b34f50a1d4c9..000000000000
--- a/src/chrome/content/rules/Th-nuernberg.de.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	Certificate only has entry for www., not the default domain.
-	
-	Invalid certificate:
-		- www.fh-nuernberg.de
-		- www.efi.fh-nuernberg.de
-		- fachschaften.fh-nuernberg.de
-		- seeyou.informatik.fh-nuernberg.de
-		- studiengangstest.th-nuernberg.de
-		- fh-nuernberg.eu
-		- www.fh-nuernberg.eu
-		- th-nuernberg.eu
-		- www.th-nuernberg.eu
-	
-	Refused:
-		- fh-nuernberg.de
-		- hfmbib.ads1.fh-nuernberg.de
-		- db0fhn.efi.fh-nuernberg.de
-		- oso.informatik.fh-nuernberg.de
-	
-	Timeout:
-		- quadra.ar.fh-nuernberg.de
-		- schorsch.efi.fh-nuernberg.de
-		- zuse1.efi.fh-nuernberg.de
-		- jobboerse.fh-nuernberg.de
-		- informatik.fh-nuernberg.de
-		- jobboerse.informatik.fh-nuernberg.de
-		- jobboerse.th-nuernberg.de
-		- d.th-nuernberg.de
-	
-	Other HTTPS failure:
-		- quadra.ar.fh-nuernberg.de
-		- webradio.informatik.fh-nuernberg.de
-		
-	Self signed:
-		- studiengangstest.th-nuernberg.de
-	
-	Invalid-certificate chain:
-		- asta.th-nuernberg.de
-		- fachschaft.bw.th-nuernberg.de
-		- fachschaft.efi.th-nuernberg.de
-		- www.efi.th-nuernberg.de
-		- fachschaften.th-nuernberg.de
-		- fachschaft.mb.th-nuernberg.de
--->
-<ruleset name="TH Nürnberg">
-	<target host="bwc188113.bw.fh-nuernberg.de"/>
-	<target host="vpnssl3.cs.fh-nuernberg.de"/>
-	<target host="www.informatik.fh-nuernberg.de"/>
-	<target host="cryptography.informatik.fh-nuernberg.de"/>
-	<target host="fachschaft.informatik.fh-nuernberg.de"/>
-	<target host="fbi.informatik.fh-nuernberg.de"/>
-	<target host="git.informatik.fh-nuernberg.de"/>
-	
-	<target host="studiengangstest.de"/>
-	<target host="www.studiengangstest.de"/>
-	
-	<target host="th-nuernberg.de"/>
-	<target host="www.th-nuernberg.de"/>
-	<target host="blendedlearning.th-nuernberg.de"/>
-	<target host="seeyou.th-nuernberg.de"/>
-	<target host="me.efi.th-nuernberg.de"/>
-	<target host="medinf.efi.th-nuernberg.de"/>
-	<target host="www.in.th-nuernberg.de"/>
-	<target host="fachschaft.in.th-nuernberg.de"/>
-	
-	<rule from="^http://th-nuernberg\.de/" to="https://www.th-nuernberg.de/"/>
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Thales-Communications.xml b/src/chrome/content/rules/Thales-Communications.xml
index a889b7482f8d..9ecf62440d72 100644
--- a/src/chrome/content/rules/Thales-Communications.xml
+++ b/src/chrome/content/rules/Thales-Communications.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://thalescomminc.com/ => https://www.thalescomminc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thalescomminc.com'")
 Fetch error: http://www.thalescomminc.com/ => https://www.thalescomminc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thalescomminc.com'")
 -->
-<ruleset name="Thales Communications" default_off='failed ruleset test'>
+<ruleset name="Thales Communications" default_off="failed ruleset test">
 
 	<target host="thalescomminc.com" />
 	<target host="www.thalescomminc.com" />
diff --git a/src/chrome/content/rules/Thalia_Holding.xml b/src/chrome/content/rules/Thalia_Holding.xml
index e0a01b9d3fad..bfdffbfd73f9 100644
--- a/src/chrome/content/rules/Thalia_Holding.xml
+++ b/src/chrome/content/rules/Thalia_Holding.xml
@@ -11,7 +11,7 @@
 		- blog.buch.de
 		- unternehmen.thalia.de
 		- ^buch.de
-		
+
 
 	Wrong content:
 		- ^thalia.ch
diff --git a/src/chrome/content/rules/Thalys.xml b/src/chrome/content/rules/Thalys.xml
index fe4b1a364ec6..eb09c48623fd 100644
--- a/src/chrome/content/rules/Thalys.xml
+++ b/src/chrome/content/rules/Thalys.xml
@@ -8,7 +8,7 @@ Fetch error: http://portal.thalysnet.com/ => https://portal.thalysnet.com/: (6,
 		- Bug on (www.)?thalysthecard.com from logi\d+.xiti.com
 
 -->
-<ruleset name="Thalys" default_off='failed ruleset test'>
+<ruleset name="Thalys" default_off="failed ruleset test">
     <target host="thalys.com" />
     <target host="www.thalys.com" />
     <target host="thalysthecard.com" />
@@ -21,7 +21,7 @@ Fetch error: http://portal.thalysnet.com/ => https://portal.thalysnet.com/: (6,
 					-->
 	<!--securecookie host="^\.thalysthecard\.com$" name="^SESS[\da-f]{32}$" /-->
 
-    <securecookie host="^(?:.*\.)?thalys(?:net|thecard)?\.com$" name=".+" />
+    <securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Thawte.xml b/src/chrome/content/rules/Thawte.xml
index 65cbf7c5402f..daeb1cdaa4d9 100644
--- a/src/chrome/content/rules/Thawte.xml
+++ b/src/chrome/content/rules/Thawte.xml
@@ -2,7 +2,7 @@
 		- ocsp.thawte.com
 -->
 <ruleset name="Thawte">
- <target host="www.thawte.com" /> 
+ <target host="www.thawte.com" />
  <target host="thawte.com" />
 
  <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/The-ACLU-of-Idaho.xml b/src/chrome/content/rules/The-ACLU-of-Idaho.xml
index 2d83a958d174..6933b0259ae0 100644
--- a/src/chrome/content/rules/The-ACLU-of-Idaho.xml
+++ b/src/chrome/content/rules/The-ACLU-of-Idaho.xml
@@ -8,4 +8,4 @@
 		to="https://acluidaho.org/" />
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The-Art-Institutes.xml b/src/chrome/content/rules/The-Art-Institutes.xml
index 0b07507b2e64..4992ccd31d69 100644
--- a/src/chrome/content/rules/The-Art-Institutes.xml
+++ b/src/chrome/content/rules/The-Art-Institutes.xml
@@ -14,7 +14,8 @@
 <ruleset name="The Art Institutes (partial)">
 
 	<target host="artinstitutes.edu"/>
-	<target host="*.artinstitutes.edu"/>
+	<target host="www.artinstitutes.edu" />
+	<target host="content.artinstitutes.edu" />
 
 
 	<rule from="^http://artinstitutes\.edu/"
diff --git a/src/chrome/content/rules/The-Business-Journals.xml b/src/chrome/content/rules/The-Business-Journals.xml
index db22436c0237..98e6ff368ce1 100644
--- a/src/chrome/content/rules/The-Business-Journals.xml
+++ b/src/chrome/content/rules/The-Business-Journals.xml
@@ -46,7 +46,7 @@
 
 			- ^		(cert only matches www)
 			- assets *
-			- metric	(2o7.net)	
+			- metric	(2o7.net)
 
 	* Works, akamai
 
diff --git a/src/chrome/content/rules/The-Conversation.xml b/src/chrome/content/rules/The-Conversation.xml
new file mode 100644
index 000000000000..4b452aae2ca7
--- /dev/null
+++ b/src/chrome/content/rules/The-Conversation.xml
@@ -0,0 +1,13 @@
+<ruleset name="The Conversation">
+	<!-- theconversation.edu.au -->
+	<target host="theconversation.edu.au" />
+	<target host="www.theconversation.edu.au" />
+	<target host="counter.theconversation.edu.au" />
+	<target host="donate.theconversation.edu.au" />
+	<target host="jobs.theconversation.edu.au" />
+
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml b/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml
index f0f63577c286..5a435345c1c7 100644
--- a/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml
+++ b/src/chrome/content/rules/The-Cutest-Site-on-the-Block.xml
@@ -6,13 +6,13 @@ Fetch error: http://thecutestsiteontheblock.com/ => https://www.thecutestsiteont
 Disabled by https-everywhere-checker because:
 Fetch error: http://thecutestsiteontheblock.com/ => https://www.thecutestsiteontheblock.com/: (7, 'Failed to connect to www.thecutestsiteontheblock.com port 443: Connection refused')
 -->
-<ruleset name="The Cutest Site on the Block" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="The Cutest Site on the Block" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="thecutestsiteontheblock.com" />
-	<target host="*.thecutestsiteontheblock.com" />
+	<target host="www.thecutestsiteontheblock.com" />
 
 
-	<securecookie host="^(?:.*\.)?thecutestsiteontheblock\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?thecutestsiteontheblock\.com/"
diff --git a/src/chrome/content/rules/The-Diplomat.xml b/src/chrome/content/rules/The-Diplomat.xml
deleted file mode 100644
index 87c556eb7119..000000000000
--- a/src/chrome/content/rules/The-Diplomat.xml
+++ /dev/null
@@ -1,69 +0,0 @@
-<!--
-	For rules covering resources which do not secure
-	mixed content, see thediplomat.org-resources.xml.
-
-
-	Nonfunctional hosts in *thediplomat.com:
-
-		- magazine ʰ
-
-	ʰ Redirects to http
-
--->
-<ruleset name="The Diplomat.com (partial)">
-
-	<target host="thediplomat.com" />
-	<target host="www.thediplomat.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://thediplomat\.com/(?:$|\?mcsf_action=main_css|\d{4}/\d\d/[\w-]+/$|(?:authors|category|regions|tag|topics)/[\w-]+/?$|dpl_counter\.php|privacy-policy/$|the-diplomat/$)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://(?:www\.)?thediplomat\.com/(?!/*(?:ads/|(?:contact-us|subscriptions|write-for-us)(?:$|[?/])|dpl-web/|favicon\.ico|wp-content/|wp-includes/))" /-->
-		<!--
-			Avoid increasing non-Tor distinguishability:
-									-->
-		<exclusion pattern="^http://(?:www\.)?thediplomat\.com/(?!/*(?:contact-us|subscriptions|write-for-us)(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://thediplomat.com/?mcsf_action=main_css" />
-			<test url="http://thediplomat.com/2016/06/kashmir-is-slipping-away-from-india/" />
-			<test url="http://thediplomat.com/authors/prashanth-parameswaran/" />
-			<test url="http://thediplomat.com/category/blogs/" />
-			<test url="http://thediplomat.com/category/photo-essays/" />
-			<test url="http://thediplomat.com/dipl_counter.php?p=&amp;t=" />
-			<test url="http://thediplomat.com/privacy-policy/" />
-			<test url="http://thediplomat.com/tag/ea-18g-growler-airborne-electronic-attack-aircraft-in-philippines/" />
-			<test url="http://thediplomat.com/the-diplomat/" />
-			<test url="http://thediplomat.com/topics/security/" />
-
-			<!--	-ve:
-					-->
-			<!--
-			<test url="http://thediplomat.com/ads/subscription/dpl_paywall_ad_300x300_v3.gif" />
-			-->
-			<test url="http://thediplomat.com/contact-us" />
-			<!--
-			<test url="http://thediplomat.com/dpl-web/build-1466471631759/css/dpl-web-overrides.css" />
-			<test url="http://thediplomat.com/favicon.ico" />
-			-->
-			<test url="http://thediplomat.com/subscriptions" />
-			<!--
-			<test url="http://thediplomat.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/compact-wp-audio-player/css/flashblock.css,wp-content/plugins/compact-wp-audio-player/css/player.css,wp-content/plugins/captcha/css/style_wp_before_3.8.css,wp-content/plugins/contact-form-7/includes/css/styles.css,wp-content/plugins/wp-pro-quiz/css/wpProQuiz_front.min.css,wp-content/themes/the_diplomat_v2/css/diplomat_20150805_1800.css,wp-content/themes/the_diplomat_v2/css/td-ads.css,wp-content/themes/the_diplomat_v2/css/print.css" />
-			<test url="http://thediplomat.com/wp-content/themes/the_diplomat_v2/css/img/line-h.gif" />
-			<test url="http://thediplomat.com/wp-content/uploads/2013/09/207717_464772720245631_371482571_n-120x85.jpg" />
-			<test url="http://thediplomat.com/wp-includes/css/dashicons.min.css" />
-			-->
-			<test url="http://thediplomat.com/write-for-us/" />
-
-
-	<securecookie host="^\." name="^(?:_gat?$|_gat_)" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-FCA.org.uk.xml b/src/chrome/content/rules/The-FCA.org.uk.xml
deleted file mode 100644
index aa80bcab4f9f..000000000000
--- a/src/chrome/content/rules/The-FCA.org.uk.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Financial Conduct Authority coverage, see FCA.org.uk.xml.
-
--->
-<ruleset name="The-FCA.org.uk">
-
-	<target host="the-fca.org.uk" />
-	<target host="www.the-fca.org.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Flirble-Organisation.xml b/src/chrome/content/rules/The-Flirble-Organisation.xml
index f335e12fedfa..0fbb9687cd63 100644
--- a/src/chrome/content/rules/The-Flirble-Organisation.xml
+++ b/src/chrome/content/rules/The-Flirble-Organisation.xml
@@ -19,7 +19,7 @@ Fetch error: http://wiki.flirble.org/ => https://wiki.flirble.org/: (6, 'Could n
 		- www.flirble.org
 
 -->
-<ruleset name="The Flirble Organisation" default_off='failed ruleset test'>
+<ruleset name="The Flirble Organisation" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -39,7 +39,7 @@ Fetch error: http://wiki.flirble.org/ => https://wiki.flirble.org/: (6, 'Could n
 	<!--securecookie host="wiki\.flirble\.org$" name="^TWIKISID$" /-->
 	<!--securecookie host="www\.flirble\.org$" name="^SQMSESSID$" /-->
 
-	<securecookie host=".*\.flirble\.org$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://domreg\.flirble\.org/"
diff --git a/src/chrome/content/rules/The-Iconic.com.au.xml b/src/chrome/content/rules/The-Iconic.com.au.xml
new file mode 100644
index 000000000000..86fee073ed29
--- /dev/null
+++ b/src/chrome/content/rules/The-Iconic.com.au.xml
@@ -0,0 +1,38 @@
+<!--
+	Non-functional subdomains:
+		- assets.subscription.mars.stagingv1.staging.aws	(m)
+		- email.email	(t)
+		- marketplace	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="The Iconic.com.au">
+
+	<target host="theiconic.com.au" />
+	<target host="www.theiconic.com.au" />
+	<target host="email.app.theiconic.com.au" />
+	<target host="www.orange.aws.theiconic.com.au" />
+	<target host="thumbor.production.productionv1.production.aws.theiconic.com.au" />
+	<target host="shadowit.toolbox.techv1.toolbox.aws.theiconic.com.au" />
+	<target host="collector2.theiconic.com.au" />
+	<target host="crmdata.theiconic.com.au" />
+	<target host="edition.theiconic.com.au" />
+	<target host="img1.theiconic.com.au" />
+	<target host="img2.theiconic.com.au" />
+	<target host="m.theiconic.com.au" />
+	<target host="mediaonsite.theiconic.com.au" />
+	<target host="sellercenter.theiconic.com.au" />
+	<target host="static.theiconic.com.au" />
+	<target host="static1.theiconic.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The-Inspiration-Room.xml b/src/chrome/content/rules/The-Inspiration-Room.xml
index 0f637c015d2b..088d789d2978 100644
--- a/src/chrome/content/rules/The-Inspiration-Room.xml
+++ b/src/chrome/content/rules/The-Inspiration-Room.xml
@@ -3,7 +3,7 @@
 	<target host="theinspirationroom.com"/>
 	<target host="www.theinspirationroom.com"/>
 
-	<securecookie host="^(?:.*\.)?theinspirationroom\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?theinspirationroom\.com/"
 		to="https://theinspirationroom.com/"/>
diff --git a/src/chrome/content/rules/The-Nation.xml b/src/chrome/content/rules/The-Nation.xml
index 5d9ce686dbe4..bafb365ad04c 100644
--- a/src/chrome/content/rules/The-Nation.xml
+++ b/src/chrome/content/rules/The-Nation.xml
@@ -46,7 +46,7 @@ Fetch error: http://nationbuilders.thenation.com/ => https://donate.thenation.co
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="The Nation.com" default_off='failed ruleset test'>
+<ruleset name="The Nation.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/The-National-Academies-Press.xml b/src/chrome/content/rules/The-National-Academies-Press.xml
index a21f32d1c70c..733076401b04 100644
--- a/src/chrome/content/rules/The-National-Academies-Press.xml
+++ b/src/chrome/content/rules/The-National-Academies-Press.xml
@@ -22,7 +22,11 @@
 <ruleset name="The National Academies Press (partial)" default_off="broken">
 
 	<target host="nap.edu" />
-	<target host="*.nap.edu" />
+	<target host="cart.nap.edu" />
+	<target host="images.nap.edu" />
+	<target host="www.nap.edu" />
+	<target host="download.nap.edu" />
+	<target host="secure.nap.edu" />
 
 
 	<securecookie host="^download\.nap\.edu$" name=".+" />
@@ -33,7 +37,6 @@
 	<rule from="^http://(?:cart\.|images\.|www\.)?nap\.edu/"
 		to="https://cart.nap.edu/" />
 
-	<rule from="^http://(download|secure)\.nap\.edu/"
-		to="https://$1.nap.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/The-Next-Web.xml b/src/chrome/content/rules/The-Next-Web.xml
index 96929871a38d..07d1e29f7bbb 100644
--- a/src/chrome/content/rules/The-Next-Web.xml
+++ b/src/chrome/content/rules/The-Next-Web.xml
@@ -30,7 +30,15 @@
 <ruleset name="The Next Web.com (partial)">
 
 	<target host="thenextweb.com" />
-	<target host="*.thenextweb.com" />
+	<target host="fr.thenextweb.com" />
+	<target host="nl.thenextweb.com" />
+	<target host="pl.thenextweb.com" />
+	<target host="ru.thenextweb.com" />
+	<target host="www.thenextweb.com" />
+	<target host="cdn.thenextweb.com" />
+	<target host="deals.thenextweb.com" />
+	<target host="guides.thenextweb.com" />
+	<target host="jobs.thenextweb.com" />
 
 
 	<!--	At least some pages redirect to http.
diff --git a/src/chrome/content/rules/The-Open-Group.xml b/src/chrome/content/rules/The-Open-Group.xml
deleted file mode 100644
index 3f01ba86919d..000000000000
--- a/src/chrome/content/rules/The-Open-Group.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- $	(redirects to www3)
-		- pubs	(redirects to http)
-		- www	($ redirects to https://www2.opengroup.org/josso/signon/login.do...)
-		- www3	(ditto)
-
-
-	Problematic subdomains:
-
-		- blog	(wordpress)
-
-
-	Fully covered subdomains:
-
-		- sso
-		- www6
-
--->
-<ruleset name="The Open Group (partial)">
-
-	<target host="opengroup.org" />
-	<target host="*.opengroup.org" />
-		<!--
-			See above
-					-->
-		<exclusion pattern="^http://(?:www3?\.)?opengroup\.org/+(?!austin(?:$|[?/])|images/|onlinepubs/|sites/|stylesheets/)" />
-
-
-	<securecookie host="^(?:sso|www2)\.opengroup\.org$" name=".+" />
-
-
-	<rule from="^http://(sso\.|www[236]?\.)?opengroup\.org/"
-		to="https://$1opengroup.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Public-Index.xml b/src/chrome/content/rules/The-Public-Index.xml
index 2326ca7333db..410880e7f917 100644
--- a/src/chrome/content/rules/The-Public-Index.xml
+++ b/src/chrome/content/rules/The-Public-Index.xml
@@ -2,7 +2,8 @@
 
 	<!--	Cert:	LiquidNet Ltd	-->
 	<target host="thepublicindex.org" />
-	<target host="*.thepublicindex.org" />
+	<target host="blog.thepublicindex.org" />
+	<target host="www.thepublicindex.org" />
 
 
 	<!--	www 301s to !www	-->
diff --git a/src/chrome/content/rules/The-Republic.xml b/src/chrome/content/rules/The-Republic.xml
index a6c3810bd3d3..d299424f04bd 100644
--- a/src/chrome/content/rules/The-Republic.xml
+++ b/src/chrome/content/rules/The-Republic.xml
@@ -14,7 +14,7 @@
 
 
 	<!--	Akamai, 403	-->
-	<rule from="^http://cdn\.therepublic\.com/"
+	<rule from="^http://cdn1\.therepublic\.com/"
 		to="https://c348471.ssl.cf1.rackcdn.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The-Skynet-Project.xml b/src/chrome/content/rules/The-Skynet-Project.xml
index 01ecddb327f5..48d4bb770ff4 100644
--- a/src/chrome/content/rules/The-Skynet-Project.xml
+++ b/src/chrome/content/rules/The-Skynet-Project.xml
@@ -30,7 +30,7 @@ Fetch error: http://www.skynet.ie/ => https://www.skynet.ie/: (60, 'SSL certific
 		- wiki
 
 -->
-<ruleset name="Skynet.ie" default_off='failed ruleset test'>
+<ruleset name="Skynet.ie" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/The-Washington-Examiner.xml b/src/chrome/content/rules/The-Washington-Examiner.xml
deleted file mode 100644
index 0176c214a002..000000000000
--- a/src/chrome/content/rules/The-Washington-Examiner.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d1j4hw6rcy3g1h.cloudfront.net
-
-			- cdn.washingtonexaminer.biz
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- campaign2012 *
-		- events		(shows amstarcinemas.com; mismatched, CN: thegrandtheatre.com)
-
-	* Times out
-
-
-	Problematic domains:
-
-		- community.washingtonexaminer.com	(wpengine)
-		- newsletters.washingtonexaminer.com *
-
-	* wpengine
-
--->
-<ruleset name="The Washington Examiner (partial)">
-
-	<target host="cdn.washingtonexaminer.biz" />
-
-
-	<rule from="^http://cdn\.washingtonexaminer\.biz/"
-		to="https://d1j4hw6rcy3g1h.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The-Wrap.xml b/src/chrome/content/rules/The-Wrap.xml
index a1cccc6717df..bc258593288e 100644
--- a/src/chrome/content/rules/The-Wrap.xml
+++ b/src/chrome/content/rules/The-Wrap.xml
@@ -28,7 +28,8 @@ Fetch error: http://thewrap.com/ => https://www.thewrap.com/: (51, "SSL: no alte
 <ruleset name="The Wrap (partial) ">
 
 	<target host="thewrap.com"/>
-	<target host="*.thewrap.com"/>
+	<target host="drupal.thewrap.com" />
+	<target host="www.thewrap.com" />
 
 
 	<!--	Tracking cookies:
diff --git a/src/chrome/content/rules/The-digital-picture.com.xml b/src/chrome/content/rules/The-digital-picture.com.xml
new file mode 100644
index 000000000000..4e1ac3357816
--- /dev/null
+++ b/src/chrome/content/rules/The-digital-picture.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="The-digital-picture.com">
+	<target host="the-digital-picture.com" />
+	<target host="www.the-digital-picture.com" />
+
+	<target host="community.the-digital-picture.com" />
+	<target host="media.the-digital-picture.com" />
+	<target host="rs-stripe.the-digital-picture.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The.Ismaili.xml b/src/chrome/content/rules/The.Ismaili.xml
new file mode 100644
index 000000000000..1362111c9ca0
--- /dev/null
+++ b/src/chrome/content/rules/The.Ismaili.xml
@@ -0,0 +1,9 @@
+<!--
+	See also TheIsmaili.org.xml
+
+-->
+<ruleset name="The.Ismaili">
+	<target host="the.ismaili" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheAnarchistLibrary.org.xml b/src/chrome/content/rules/TheAnarchistLibrary.org.xml
index 946c5c1e1b6c..0590d807499e 100644
--- a/src/chrome/content/rules/TheAnarchistLibrary.org.xml
+++ b/src/chrome/content/rules/TheAnarchistLibrary.org.xml
@@ -1,9 +1,9 @@
 <!--
 	Problematic subdomains:
-	 
+
 	- sr.theanarchistlibrary.org *
 	- mk.theanarchistlibrary.org *
-	
+
 	* Mismatched
 -->
 <ruleset name="TheAnarchistLibrary.org">
diff --git a/src/chrome/content/rules/TheArchive.me.xml b/src/chrome/content/rules/TheArchive.me.xml
index 01fb8a431f79..5b3d61d7cb04 100644
--- a/src/chrome/content/rules/TheArchive.me.xml
+++ b/src/chrome/content/rules/TheArchive.me.xml
@@ -3,6 +3,6 @@
     <target host="www.thearchive.me" />
 
 	<securecookie host=".+" name=".+" />
-  
+
     <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TheBabushkasOfChernobyl.com.xml b/src/chrome/content/rules/TheBabushkasOfChernobyl.com.xml
new file mode 100644
index 000000000000..ec5b775242a6
--- /dev/null
+++ b/src/chrome/content/rules/TheBabushkasOfChernobyl.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheBabushkasOfChernobyl.com">
+	<target host="thebabushkasofchernobyl.com" />
+	<target host="www.thebabushkasofchernobyl.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheBanners.uk.xml b/src/chrome/content/rules/TheBanners.uk.xml
new file mode 100644
index 000000000000..71af903075fb
--- /dev/null
+++ b/src/chrome/content/rules/TheBanners.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheBanners.uk">
+	<target host="thebanners.uk" />
+	<target host="www.thebanners.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheBookPeople.xml b/src/chrome/content/rules/TheBookPeople.xml
index 377d0a9e94b8..e218421b2ced 100644
--- a/src/chrome/content/rules/TheBookPeople.xml
+++ b/src/chrome/content/rules/TheBookPeople.xml
@@ -5,4 +5,4 @@
 
   <rule from="^http://(?:www\.)?thebookpeople\.co\.uk/" to="https://www.thebookpeople.co.uk/" />
   <rule from="^http://images\.thebookpeople\.co\.uk/" to="https://images.thebookpeople.co.uk/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheChronicleHerald.ca.xml b/src/chrome/content/rules/TheChronicleHerald.ca.xml
new file mode 100644
index 000000000000..1fcd1c2afd20
--- /dev/null
+++ b/src/chrome/content/rules/TheChronicleHerald.ca.xml
@@ -0,0 +1,21 @@
+<!--
+	Connection refused:
+		- cream.thechronicleherald.ca
+		- navigatens.thechronicleherald.ca
+
+	Invalid certificate:
+		- local.thechronicleherald.ca
+		- m.thechronicleherald.ca
+		- weatherbyday.thechronicleherald.ca
+-->
+
+<ruleset name="TheChronicleHerald.ca" platform="mixedcontent">
+	<target host="thechronicleherald.ca" />
+	<target host="www.thechronicleherald.ca" />
+	<target host="accountservices.thechronicleherald.ca" />
+	<target host="enewsletter.thechronicleherald.ca" />
+	<target host="myherald.thechronicleherald.ca" />
+	<target host="shop.thechronicleherald.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheCityUK.xml b/src/chrome/content/rules/TheCityUK.xml
index 72b9c397947b..021558ee7dc7 100644
--- a/src/chrome/content/rules/TheCityUK.xml
+++ b/src/chrome/content/rules/TheCityUK.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheClaroGroup.com.xml b/src/chrome/content/rules/TheClaroGroup.com.xml
new file mode 100644
index 000000000000..5df0e50519d5
--- /dev/null
+++ b/src/chrome/content/rules/TheClaroGroup.com.xml
@@ -0,0 +1,27 @@
+<!--
+	^.theclarogroup.com does not exist.
+
+	Refused:
+		- autodiscover
+
+	Connection reset:
+		- webserver
+
+	Connection closed:
+		- ftp
+
+	Mismatched:
+		- ironport
+
+	Self-signed:
+		- sqlserver
+
+	Incomplete certificate chain:
+		- cameo
+-->
+<ruleset name="TheClaroGroup.com (partial)">
+	<target host="www.theclarogroup.com" />
+	<target host="adfs.theclarogroup.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheDailyWTF.com.xml b/src/chrome/content/rules/TheDailyWTF.com.xml
new file mode 100644
index 000000000000..df6df8a023fb
--- /dev/null
+++ b/src/chrome/content/rules/TheDailyWTF.com.xml
@@ -0,0 +1,26 @@
+<!--
+	Timeout:
+		- live
+
+	Mismatched:
+		- www (fixed by this ruleset)
+		- forums (fixed by this ruleset)
+		- img
+		- omg
+		- cms.omg2
+-->
+<ruleset name="TheDailyWTF.com">
+	<target host="thedailywtf.com" />
+	<target host="www.thedailywtf.com" />
+	<target host="forums.thedailywtf.com" />
+	<target host="omg2.thedailywtf.com" />
+	<target host="what.thedailywtf.com" />
+
+	<rule from="^http://forums\.thedailywtf\.com/"
+		to="https://what.thedailywtf.com/" />
+
+	<rule from="^http://www\.thedailywtf\.com/"
+		to="https://thedailywtf.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheDiplomat.com.xml b/src/chrome/content/rules/TheDiplomat.com.xml
new file mode 100644
index 000000000000..32b85a72c6a8
--- /dev/null
+++ b/src/chrome/content/rules/TheDiplomat.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="The Diplomat.com">
+	<target host="thediplomat.com" />
+	<target host="www.thediplomat.com" />
+	<target host="apac2020.thediplomat.com" />
+	<target host="magazine.thediplomat.com" />
+	<target host="manage.thediplomat.com" />
+	<target host="sv1.thediplomat.com" />
+	<target host="sv2.thediplomat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheDogBowl.ca.xml b/src/chrome/content/rules/TheDogBowl.ca.xml
new file mode 100644
index 000000000000..597526754863
--- /dev/null
+++ b/src/chrome/content/rules/TheDogBowl.ca.xml
@@ -0,0 +1,12 @@
+<ruleset name="TheDogBowl.ca">
+	<target host="thedogbowl.ca" />
+	<target host="www.thedogbowl.ca" />
+	<target host="cpanel.thedogbowl.ca" />
+	<target host="mail.thedogbowl.ca" />
+	<target host="solyogaretreats.thedogbowl.ca" />
+	<target host="webdisk.thedogbowl.ca" />
+	<target host="webmail.thedogbowl.ca" />
+	<target host="www.solyogaretreats.thedogbowl.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheEpochTimes.com.xml b/src/chrome/content/rules/TheEpochTimes.com.xml
new file mode 100644
index 000000000000..9fbb88843f92
--- /dev/null
+++ b/src/chrome/content/rules/TheEpochTimes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other Epoch Times releated rulesets:
+		+ EpochTimes.com.xml
+-->
+<ruleset name="TheEpochTimes.com (partial)">
+	<target host="theepochtimes.com" />
+	<target host="www.theepochtimes.com" />
+	<target host="es.theepochtimes.com" />
+	<target host="img.theepochtimes.com" />
+	<test url="http://img.theepochtimes.com/assets/uploads/2019/12/14/wang-yi-205x123.jpg" />
+	<target host="kr.theepochtimes.com" />
+	<target host="kr-mb.theepochtimes.com" />
+	<target host="m.theepochtimes.com" />
+	<target host="subscribe.theepochtimes.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFader.com.xml b/src/chrome/content/rules/TheFader.com.xml
new file mode 100644
index 000000000000..2dfa08a2a677
--- /dev/null
+++ b/src/chrome/content/rules/TheFader.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Timeout:
+		- mailer
+
+	Mismatched:
+		- advertising
+		- creative
+		- email
+		- images
+
+	HTTP authentication required:
+		- staging
+		- v4
+-->
+<ruleset name="TheFader.com (partial)">
+	<target host="thefader.com" />
+	<target host="www.thefader.com" />
+	<target host="amp.thefader.com" />
+	<target host="amp-staging.thefader.com" />
+	<target host="cms.thefader.com" />
+	<target host="cms-staging.thefader.com" />
+	<target host="shop.thefader.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFappening2015.com.xml b/src/chrome/content/rules/TheFappening2015.com.xml
new file mode 100644
index 000000000000..5ded32bf4cac
--- /dev/null
+++ b/src/chrome/content/rules/TheFappening2015.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TheFappening2015.com" platform="mixedcontent">
+	<target host="thefappening2015.com" />
+	<target host="www.thefappening2015.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFappeningBlog.com.xml b/src/chrome/content/rules/TheFappeningBlog.com.xml
new file mode 100644
index 000000000000..171cce8f2343
--- /dev/null
+++ b/src/chrome/content/rules/TheFappeningBlog.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="TheFappeningBlog.com" platform="mixedcontent">
+	<target host="thefappeningblog.com" />
+	<target host="www.thefappeningblog.com" />
+
+	<target host="thefappening.so" />
+	<target host="www.thefappening.so" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFashionLaw.com.xml b/src/chrome/content/rules/TheFashionLaw.com.xml
new file mode 100644
index 000000000000..0c7b0a547878
--- /dev/null
+++ b/src/chrome/content/rules/TheFashionLaw.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheFashionLaw.com">
+	<target host="thefashionlaw.com" />
+	<target host="www.thefashionlaw.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFederalistPapers.org.xml b/src/chrome/content/rules/TheFederalistPapers.org.xml
new file mode 100644
index 000000000000..e78f75909370
--- /dev/null
+++ b/src/chrome/content/rules/TheFederalistPapers.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="The Federalist Papers.org">
+	<target host="thefederalistpapers.org" />
+	<target host="www.thefederalistpapers.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheFreeDictionary.com.xml b/src/chrome/content/rules/TheFreeDictionary.com.xml
index 279e8ec7c5e0..cb70c668f7cb 100644
--- a/src/chrome/content/rules/TheFreeDictionary.com.xml
+++ b/src/chrome/content/rules/TheFreeDictionary.com.xml
@@ -1,4 +1,7 @@
 <!--
+	Other related ruleset:
+		- FreeThesaurus.com.xml
+
 
 	Nonfunctional subdomain:
 		- c	(t)
@@ -39,9 +42,9 @@
 
   	<securecookie host="^www\.thefreedictionary\.com$" name=".+" />
   	<securecookie host="^www\.tfd\.com$" name=".+" />
-	
+
 	<exclusion pattern="http://c\.thefreedictionary\.com/" />
-	
+
 		<test url="http://c.thefreedictionary.com/" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/TheGrandTheatre.com.xml b/src/chrome/content/rules/TheGrandTheatre.com.xml
new file mode 100644
index 000000000000..2cc3fc31d2a4
--- /dev/null
+++ b/src/chrome/content/rules/TheGrandTheatre.com.xml
@@ -0,0 +1,16 @@
+<!--
+	SSL failed:
+		espanol.thegrandtheatre.com
+		ftp.thegrandtheatre.com
+	Unable to Connect:
+		autodiscover.thegrandtheatre.com
+-->
+<ruleset name="TheGrandTheatre.com">
+	<target host="thegrandtheatre.com" />
+	<target host="www.thegrandtheatre.com" />
+	<target host="m.thegrandtheatre.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheGrio.com.xml b/src/chrome/content/rules/TheGrio.com.xml
deleted file mode 100644
index 53f5446f2710..000000000000
--- a/src/chrome/content/rules/TheGrio.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	on.thegrio.com is secured in Bitly_branded_short_domains.xml
-
--->
-<ruleset name="The Grio">
-
-	<target host="thegrio.com" />
-	<target host="www.thegrio.com" />
-	<target host="staging.thegrio.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TheGroceryOutlet.ca.xml b/src/chrome/content/rules/TheGroceryOutlet.ca.xml
new file mode 100644
index 000000000000..3f318be7358a
--- /dev/null
+++ b/src/chrome/content/rules/TheGroceryOutlet.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheGroceryOutlet.ca">
+	<target host="thegroceryoutlet.ca" />
+	<target host="www.thegroceryoutlet.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheGuardian.pe.ca.xml b/src/chrome/content/rules/TheGuardian.pe.ca.xml
new file mode 100644
index 000000000000..37d6e74aafc9
--- /dev/null
+++ b/src/chrome/content/rules/TheGuardian.pe.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TheGuardian.pe.ca">
+	<target host="theguardian.pe.ca" />
+	<target host="www.theguardian.pe.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheMadinanWay.com.xml b/src/chrome/content/rules/TheMadinanWay.com.xml
deleted file mode 100644
index 949e0e2f82ad..000000000000
--- a/src/chrome/content/rules/TheMadinanWay.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="TheMadinanWay.com" >
-	<target host="themadinanway.com" />
-	<target host="www.themadinanway.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/TheMuslimahDiaries.com.xml b/src/chrome/content/rules/TheMuslimahDiaries.com.xml
deleted file mode 100644
index cfd132a3dfb0..000000000000
--- a/src/chrome/content/rules/TheMuslimahDiaries.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="TheMuslimahDiaries.com">
-	<target host="themuslimahdiaries.com" />
-	<target host="www.themuslimahdiaries.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/TheNewsLens.com.xml b/src/chrome/content/rules/TheNewsLens.com.xml
index ac2bdc2b7519..62f2eee5d56c 100644
--- a/src/chrome/content/rules/TheNewsLens.com.xml
+++ b/src/chrome/content/rules/TheNewsLens.com.xml
@@ -48,7 +48,7 @@ Non-2xx HTTP code: http://superpost.thenewslens.com/ (200) => https://superpost.
 		Mixed content blocking (MCB) tiggered:
 			 - test.thenewslens.com
 -->
-<ruleset name="TheNewsLens.com" default_off='failed ruleset test'>
+<ruleset name="TheNewsLens.com" default_off="failed ruleset test">
 	<target host="thenewslens.com" />
 	<target host="www.thenewslens.com" />
 	<target host="admin.thenewslens.com" />
diff --git a/src/chrome/content/rules/TheOJ.org.xml b/src/chrome/content/rules/TheOJ.org.xml
new file mode 100644
index 000000000000..5764889c1b98
--- /dev/null
+++ b/src/chrome/content/rules/TheOJ.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Secure connection failed:
+		blog.joss.theoj.org
+
+-->
+<ruleset name="TheOJ.org">
+
+	<target host="theoj.org" />
+	<target host="www.theoj.org" />
+	<target host="astro.theoj.org" />
+	<target host="jose.theoj.org" />
+	<target host="joss.theoj.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ThePermitStore.com.xml b/src/chrome/content/rules/ThePermitStore.com.xml
index b14503a84bc7..912f3de2ff1f 100644
--- a/src/chrome/content/rules/ThePermitStore.com.xml
+++ b/src/chrome/content/rules/ThePermitStore.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.thepermitstore.com/ => https://www.thepermitstore.com/:
 Fetch error: http://thepermitstore.com/ => https://thepermitstore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="ThePermitStore.com" default_off='failed ruleset test'>
+<ruleset name="ThePermitStore.com" default_off="failed ruleset test">
 	<target host="thepermitstore.com" />
 	<target host="*.thepermitstore.com" />
 	<test url="http://www.thepermitstore.com/" />
diff --git a/src/chrome/content/rules/ThePirateBay.xml b/src/chrome/content/rules/ThePirateBay.xml
index 387af8db18b8..14b947b4c800 100644
--- a/src/chrome/content/rules/ThePirateBay.xml
+++ b/src/chrome/content/rules/ThePirateBay.xml
@@ -1,29 +1,38 @@
 <!--
-	Other The Pirate Bay rulesets:
-		+ thepiratebay-legacy.xml
-		+ thephoenixbay.com.xml
-		+ proxyportal.org.xml
-		+ tpblist.xyz.xml
-		+ proxybay.pl.xml
-
-	Non-functional hosts
-		Timeout was reached:
-			 - kanyebay.com
-			 - www.kanyebay.com
-			 - oldpiratebay.org
-			 - www.oldpiratebay.org
-			 - pirates-forum.org
-			 - www.pirates-forum.org
+	Other related rulesets:
+		thepiratebay-legacy.xml
+		thephoenixbay.com.xml
+		proxyportal.org.xml
+		tpblist.xyz.xml
+		proxybay.pl.xml
+
+	Mismatch:
+		tpb.run
+		www.tpb.run
+
+	Unable to Connect:
+		thepiratebay.se
+		www.thepiratebay.se
+
+	Timeout:
+		kanyebay.com
+		www.kanyebay.com
+		oldpiratebay.org
+		www.oldpiratebay.org
+
+	Invalid redirect:
+		m		(redirects to invalid thepiratebay.se in non-mobile)
 -->
 <ruleset name="The Pirate Bay">
 	<target host="thepiratebay.org" />
 	<target host="www.thepiratebay.org" />
+	<target host="m.thepiratebay.org" />
+
 	<target host="thepiratebay-proxylist.org" />
 	<target host="www.thepiratebay-proxylist.org" />
-	<target host="tpb.run" />
-	<target host="www.tpb.run" />
-	<target host="thepiratebay.se" />
-	<target host="www.thepiratebay.se" />
+
+	<target host="pirates-forum.org" />
+	<target host="www.pirates-forum.org" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/ThePlatform.xml b/src/chrome/content/rules/ThePlatform.xml
index a8b32dc73481..1623982c4e33 100644
--- a/src/chrome/content/rules/ThePlatform.xml
+++ b/src/chrome/content/rules/ThePlatform.xml
@@ -39,7 +39,7 @@ Fetch error: http://uploads.www.theplatform.com/ => https://uploads.www.theplatf
 		- mps.theplatform.com
 
 -->
-<ruleset name="thePlatform.com (partial)" default_off='failed ruleset test'>
+<ruleset name="thePlatform.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -55,7 +55,7 @@ Fetch error: http://uploads.www.theplatform.com/ => https://uploads.www.theplatf
 	<!--	Complications:
 				-->
 	<target host="support.theplatform.com" />
-		
+
 
 	<!--	Not secured by server:
 					-->
diff --git a/src/chrome/content/rules/TheRealTalk.org.xml b/src/chrome/content/rules/TheRealTalk.org.xml
index 10176a365f57..a6068f9a2a72 100644
--- a/src/chrome/content/rules/TheRealTalk.org.xml
+++ b/src/chrome/content/rules/TheRealTalk.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.therealtalk.org/ => https://www.therealtalk.org/: (28, '
 	* Secured by us
 
 -->
-<ruleset name="TheRealTalk.org" default_off='failed ruleset test'>
+<ruleset name="TheRealTalk.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TheResumator.com.xml b/src/chrome/content/rules/TheResumator.com.xml
index 776581d39ffa..ee7a38ee52ea 100644
--- a/src/chrome/content/rules/TheResumator.com.xml
+++ b/src/chrome/content/rules/TheResumator.com.xml
@@ -21,7 +21,7 @@
 		to="https://$1theresumator.com/" />
 
 	<rule from="^http://assets\.theresumator\.com/"
-		to="https://d1o2i4ti2oga3l.cloudfront.net/" />
+		to="https://assets.theresumator.com/" />
 
 	<!--	Unique pages for each client.  Pages redirect to http.
 					-->
diff --git a/src/chrome/content/rules/TheRoot.com.xml b/src/chrome/content/rules/TheRoot.com.xml
index 874874eaf7ee..71a2d8785ed8 100644
--- a/src/chrome/content/rules/TheRoot.com.xml
+++ b/src/chrome/content/rules/TheRoot.com.xml
@@ -14,7 +14,7 @@
 
 	<target host="theroot.com" />
 	<target host="*.theroot.com" />
-	
+
 		<!-- Regular subdomains -->
 		<test url="http://www.theroot.com/" />
 		<test url="http://login.theroot.com/" />
diff --git a/src/chrome/content/rules/TheSafety.US.xml b/src/chrome/content/rules/TheSafety.US.xml
index cab6e3b4e9c4..78204a7a708f 100644
--- a/src/chrome/content/rules/TheSafety.US.xml
+++ b/src/chrome/content/rules/TheSafety.US.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheSims3.com.xml b/src/chrome/content/rules/TheSims3.com.xml
new file mode 100644
index 000000000000..372d81162fcc
--- /dev/null
+++ b/src/chrome/content/rules/TheSims3.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- thesims3.com, equivalent to www.thesims3.com
+-->
+
+<ruleset name="TheSims3.com">
+	<target host="thesims3.com"/>
+	<target host="*.thesims3.com"/>
+		<test url="http://www.thesims3.com/" />
+		<test url="http://ca.thesims3.com/" />
+		<test url="http://forum.thesims3.com/" />
+
+	<rule from="^http://thesims3\.com/"
+		to="https://www.thesims3.com/" />
+
+	<!--	\w\w:	country codes	-->
+	<rule from="^http://(www|forum|\w\w)\.thesims3\.com/"
+		to="https://$1.thesims3.com/"/>
+</ruleset>
diff --git a/src/chrome/content/rules/TheSixthAxis.com.xml b/src/chrome/content/rules/TheSixthAxis.com.xml
index 4cdd74655885..e9fdb8c9c455 100644
--- a/src/chrome/content/rules/TheSixthAxis.com.xml
+++ b/src/chrome/content/rules/TheSixthAxis.com.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TheStandNews.com.xml b/src/chrome/content/rules/TheStandNews.com.xml
index 492138211a95..f74faae46440 100644
--- a/src/chrome/content/rules/TheStandNews.com.xml
+++ b/src/chrome/content/rules/TheStandNews.com.xml
@@ -2,12 +2,20 @@
 	<target host="thestandnews.com" />
 	<target host="www.thestandnews.com" />
 	<target host="64.thestandnews.com" />
+	<target host="928.thestandnews.com" />
 	<target host="api.thestandnews.com" />
 	<target host="atv.thestandnews.com" />
 	<target host="cdn.thestandnews.com" />
 	<target host="dce2015.thestandnews.com" />
+	<target host="dce2019.thestandnews.com" />
+	<target host="kwest2018.thestandnews.com" />
+	<target host="legco2020.thestandnews.com" />
 	<target host="legcobe2016.thestandnews.com" />
+	<target host="legcobe2018.thestandnews.com" />
+	<target host="live.thestandnews.com" />
 	<target host="mystand.thestandnews.com" />
+	<target host="polyu.thestandnews.com" />
+	<target host="yuchengchung.thestandnews.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/TheStar.com.my.xml b/src/chrome/content/rules/TheStar.com.my.xml
index 5fa4d83c486c..81bf48e7bd60 100644
--- a/src/chrome/content/rules/TheStar.com.my.xml
+++ b/src/chrome/content/rules/TheStar.com.my.xml
@@ -28,7 +28,7 @@
 		- trek	(t)
 		- videos	(m)
 		- winwithwords	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	m: certificate mismatch
diff --git a/src/chrome/content/rules/TheSwanSanctuary.org.uk.xml b/src/chrome/content/rules/TheSwanSanctuary.org.uk.xml
new file mode 100644
index 000000000000..63bb91bc01ba
--- /dev/null
+++ b/src/chrome/content/rules/TheSwanSanctuary.org.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.theswansanctuary.org.uk, e.g. www.theswansanctuary.org.uk/cause/wandsworth-family-returned-home/
+-->
+
+<ruleset name="TheSwanSanctuary.org.uk" platform="mixedcontent">
+	<target host="theswansanctuary.org.uk" />
+	<target host="www.theswansanctuary.org.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TheThinkingVegan.com.xml b/src/chrome/content/rules/TheThinkingVegan.com.xml
deleted file mode 100644
index ca033729f820..000000000000
--- a/src/chrome/content/rules/TheThinkingVegan.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="TheThinkingVegan.com">
-
-	<target host="thethinkingvegan.com" />
-	<target host="www.thethinkingvegan.com" />
-	<target host="mail.thethinkingvegan.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_109.xml b/src/chrome/content/rules/The_109.xml
index 76f834acec7a..341adee06990 100644
--- a/src/chrome/content/rules/The_109.xml
+++ b/src/chrome/content/rules/The_109.xml
@@ -11,7 +11,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://the109.org/ => https://the109.org/: (7, 'Failed to connect to the109.org port 443: Connection refused')
 
 -->
-<ruleset name="The 109" default_off='failed ruleset test'>
+<ruleset name="The 109" default_off="failed ruleset test">
 
 	<target host="the109.org" />
 	<target host="www.the109.org" />
@@ -22,4 +22,4 @@ Fetch error: http://the109.org/ => https://the109.org/: (7, 'Failed to connect t
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_American_Prospect.xml b/src/chrome/content/rules/The_American_Prospect.xml
index fb82f0ef682f..ae5b29556945 100644
--- a/src/chrome/content/rules/The_American_Prospect.xml
+++ b/src/chrome/content/rules/The_American_Prospect.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.prospect.org/ => https://prospect.org/: (60, 'SSL certif
 		- www	(cert only matches ^prospect.org)
 
 -->
-<ruleset name="The American Prospect" default_off='failed ruleset test'>
+<ruleset name="The American Prospect" default_off="failed ruleset test">
 
 	<target host="prospect.org" />
 	<target host="www.prospect.org" />
diff --git a/src/chrome/content/rules/The_Appendix.net.xml b/src/chrome/content/rules/The_Appendix.net.xml
index fca0defba99d..b8f6694b4303 100644
--- a/src/chrome/content/rules/The_Appendix.net.xml
+++ b/src/chrome/content/rules/The_Appendix.net.xml
@@ -33,7 +33,7 @@ Fetch error: http://www.theappendix.net/ => https://theappendix.net/: (51, "SSL:
 	* Secured by us
 
 -->
-<ruleset name="The Appendix.net (partial)" default_off='failed ruleset test'>
+<ruleset name="The Appendix.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/The_ArtStack.com.xml b/src/chrome/content/rules/The_ArtStack.com.xml
deleted file mode 100644
index 5547cbece3f1..000000000000
--- a/src/chrome/content/rules/The_ArtStack.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="The ArtStack.com">
-
-	<target host="theartstack.com" />
-	<target host="www.theartstack.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Baffler.xml b/src/chrome/content/rules/The_Baffler.xml
index 4e0050dc3098..55e3a98186c8 100644
--- a/src/chrome/content/rules/The_Baffler.xml
+++ b/src/chrome/content/rules/The_Baffler.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Blue_Sky_Life.com.xml b/src/chrome/content/rules/The_Blue_Sky_Life.com.xml
index 86326fd162e6..20f0d2a79a13 100644
--- a/src/chrome/content/rules/The_Blue_Sky_Life.com.xml
+++ b/src/chrome/content/rules/The_Blue_Sky_Life.com.xml
@@ -1,4 +1,4 @@
-<ruleset name="The Blue Sky Life.com" default_off='expired'>
+<ruleset name="The Blue Sky Life.com" default_off="expired">
 
 	<target host="theblueskylife.com" />
 	<target host="www.theblueskylife.com" />
diff --git a/src/chrome/content/rules/The_Body_Shop.co.uk.xml b/src/chrome/content/rules/The_Body_Shop.co.uk.xml
index 6269ce2515ea..38ff663a75da 100644
--- a/src/chrome/content/rules/The_Body_Shop.co.uk.xml
+++ b/src/chrome/content/rules/The_Body_Shop.co.uk.xml
@@ -55,7 +55,7 @@ Fetch error: http://secure.thebodyshop.co.uk/ => https://secure.thebodyshop.co.u
 	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="The Body Shop.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="The Body Shop.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/The_Changelog.com.xml b/src/chrome/content/rules/The_Changelog.com.xml
index d79d19a43d99..d6ae807874d4 100644
--- a/src/chrome/content/rules/The_Changelog.com.xml
+++ b/src/chrome/content/rules/The_Changelog.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://thechangelog.com/ => https://thechangelog.com/: (60, 'SSL ce
 Fetch error: http://www.thechangelog.com/ => https://www.thechangelog.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="The Changelog.com" default_off='failed ruleset test'>
+<ruleset name="The Changelog.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/The_Conversation.xml b/src/chrome/content/rules/The_Conversation.xml
deleted file mode 100644
index 1f62d0ada0fe..000000000000
--- a/src/chrome/content/rules/The_Conversation.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c479107.ssl.cf2.rackcdn.com
-
--->
-<ruleset name="The Conversation">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="theconversation.com" />
-	<target host="www.theconversation.com" />
-	<target host="theconversation.edu.au" />
-	<target host="counter.theconversation.edu.au" />
-	<target host="www.theconversation.edu.au" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_DMA.org.xml b/src/chrome/content/rules/The_DMA.org.xml
index c2fde86e12cf..0692584d44f0 100644
--- a/src/chrome/content/rules/The_DMA.org.xml
+++ b/src/chrome/content/rules/The_DMA.org.xml
@@ -33,7 +33,7 @@ Fetch error: http://www.thedma.org/ => https://www.thedma.org/: (60, 'SSL certif
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="The DMA.org (partial)" default_off='failed ruleset test'>
+<ruleset name="The DMA.org (partial)" default_off="failed ruleset test">
 
 	<target host="thedma.org" />
 	<target host="dmachoice.thedma.org" />
diff --git a/src/chrome/content/rules/The_Dark_Mod.com.xml b/src/chrome/content/rules/The_Dark_Mod.com.xml
deleted file mode 100644
index 6d5967332c14..000000000000
--- a/src/chrome/content/rules/The_Dark_Mod.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) ¹
-		- forums ²
-
-	¹ Shows svn; mismatched, CN: svn.thedarkmod.com
-	² http reply
-
--->
-<ruleset name="The Dark Mod.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="svn.thedarkmod.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Explorer_Card.com.xml b/src/chrome/content/rules/The_Explorer_Card.com.xml
deleted file mode 100644
index afe23c2e9043..000000000000
--- a/src/chrome/content/rules/The_Explorer_Card.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other JPMorgan Chase coverage, see Chase.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.theexplorercard.com
-
--->
-<ruleset name="The Explorer Card.com">
-
-	<target host="theexplorercard.com" />
-	<target host="www.theexplorercard.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.theexplorercard\.com$" name="^(ASP\.NET_SessionID|cookiecheck)$" /-->
-
-	<securecookie host="^www\.theexplorercard\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_FADER.com.xml b/src/chrome/content/rules/The_FADER.com.xml
deleted file mode 100644
index 83cc0fcc9822..000000000000
--- a/src/chrome/content/rules/The_FADER.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Invalid certificate:
-		- advertising.thefader.com
-		- apps.thefader.com
-		- cdn.thefader.com
-		- email.thefader.com
-		- images.thefader.com
-		- link.thefader.com
-		- media.thefader.com
-		- spotify.thefader.com
-
-	Timeout has been reached:
-		- thefader.com
-
-	Unable to connect:
-		- mailer.thefader.com
-		- mailer2.thefader.com
--->
-<ruleset name="The FADER.com">
-	<target host="www.thefader.com" />
-	<target host="cms.thefader.com" />
-	<target host="shop.thefader.com" />
-	<target host="staging.thefader.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/The_Federalist_Papers.org-falsemixed.xml b/src/chrome/content/rules/The_Federalist_Papers.org-falsemixed.xml
deleted file mode 100644
index 6bbab52dec73..000000000000
--- a/src/chrome/content/rules/The_Federalist_Papers.org-falsemixed.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://thefederalistpapers.org/ => https://thefederalistpapers.org/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://www.thefederalistpapers.org/ => https://www.thefederalistpapers.org/: (60, 'SSL certificate problem: certificate has expired')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://thefederalistpapers.org/ => https://thefederalistpapers.org/: (51, "SSL: no alternative certificate subject name matches target host name 'thefederalistpapers.org'")
-	For rules not causing false/broken MCB, see The_Federalist_Papers.org.xml.
-
--->
-<ruleset name="The Federalist Papers.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="thefederalistpapers.org" />
-	<target host="www.thefederalistpapers.org" />
-
-
-	<securecookie host="^\.thefederalistpapers\.org$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Federalist_Papers.org.xml b/src/chrome/content/rules/The_Federalist_Papers.org.xml
deleted file mode 100644
index 22f9197b4057..000000000000
--- a/src/chrome/content/rules/The_Federalist_Papers.org.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.thefederalistpapers.org/ => http://www.thefederalistpapers.org/: (60, 'SSL certificate problem: certificate has expired')
-
-	For rules causing false/broken MCB, see The_Federalist_Papers.org-falsemixed.xml.
-
-
-	Mixed content:
-
-		- css, from:
-
-			- $self *
-			- www.google.com *
-
-		- Images from $self *
-
-	* Secured by us
-
--->
-<ruleset name="The Federalist Papers.org (partial)" default_off='failed ruleset test'>
-
-	<target host="thefederalistpapers.org" />
-	<target host="www.thefederalistpapers.org" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://(www\.)?thefederalistpapers\.org/+(?!favicon\.ico|wp-content/|wp-includes/)" /-->
-
-
-	<rule from="^http://(www\.)?thefederalistpapers\.org/(?=favicon\.ico|wp-content/|wp-includes/)"
-		to="https://$1thefederalistpapers.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_G_Cloud.com.xml b/src/chrome/content/rules/The_G_Cloud.com.xml
index 6827d9184d75..6c28618d5f33 100644
--- a/src/chrome/content/rules/The_G_Cloud.com.xml
+++ b/src/chrome/content/rules/The_G_Cloud.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://thegcloud.com/ => https://thegcloud.com/: (60, 'SSL certific
 	www: expired 2008-12-05, self-signed, CN: mainsites.gigenet.com
 
 -->
-<ruleset name="The G Cloud.com (partial)" default_off='failed ruleset test'>
+<ruleset name="The G Cloud.com (partial)" default_off="failed ruleset test">
 
 	<target host="thegcloud.com" />
 	<target host="*.thegcloud.com" />
diff --git a/src/chrome/content/rules/The_Grand.xml b/src/chrome/content/rules/The_Grand.xml
deleted file mode 100644
index 021de6459aa1..000000000000
--- a/src/chrome/content/rules/The_Grand.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://thegrandtheatre.com/ => https://thegrandtheatre.com/: (51, "SSL: no alternative certificate subject name matches target host name 'thegrandtheatre.com'")
-Fetch error: http://www.thegrandtheatre.com/ => https://thegrandtheatre.com/: (51, "SSL: no alternative certificate subject name matches target host name 'thegrandtheatre.com'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://thegrandtheatre.com/ => https://thegrandtheatre.com/: (51, "SSL: no alternative certificate subject name matches target host name 'thegrandtheatre.com'")
-Fetch error: http://www.thegrandtheatre.com/ => https://thegrandtheatre.com/: (51, "SSL: no alternative certificate subject name matches target host name 'thegrandtheatre.com'")
-	!www: cert only matches ^thegrandtheatre.com
-
--->
-<ruleset name="The Grand" default_off='failed ruleset test'>
-
-	<target host="thegrandtheatre.com" />
-	<target host="www.thegrandtheatre.com" />
-
-
-	<securecookie host="^thegrandtheatre\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?thegrandtheatre\.com/"
-		to="https://thegrandtheatre.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/The_Great_Courses_Plus.com.xml b/src/chrome/content/rules/The_Great_Courses_Plus.com.xml
index e3ea2f6b73f8..dc20c0100350 100644
--- a/src/chrome/content/rules/The_Great_Courses_Plus.com.xml
+++ b/src/chrome/content/rules/The_Great_Courses_Plus.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://release.thegreatcoursesplus.com/ => https://release.thegreat
 		- Image on dev from cdn.snagfilms.com
 
 -->
-<ruleset name="The Great Courses Plus.com" default_off='failed ruleset test'>
+<ruleset name="The Great Courses Plus.com" default_off="failed ruleset test">
 
 	<target host="thegreatcoursesplus.com" />
 	<target host="dev.thegreatcoursesplus.com" />
diff --git a/src/chrome/content/rules/The_Group.xml b/src/chrome/content/rules/The_Group.xml
index 83618cd7e49a..7163653138d2 100644
--- a/src/chrome/content/rules/The_Group.xml
+++ b/src/chrome/content/rules/The_Group.xml
@@ -8,7 +8,8 @@
 <ruleset name="The Group" default_off="refused">
 
 	<target host="the-group.net" />
-	<target host="*.the-group.net" />
+	<target host="www.the-group.net" />
+	<target host="om.the-group.net" />
 
 
 	<securecookie host="^\.the-group\.net$" name=".+" />
diff --git a/src/chrome/content/rules/The_Guardian.com.xml b/src/chrome/content/rules/The_Guardian.com.xml
index 9201ee3e6dda..3e653c89ac71 100644
--- a/src/chrome/content/rules/The_Guardian.com.xml
+++ b/src/chrome/content/rules/The_Guardian.com.xml
@@ -6,7 +6,6 @@
 		- guardianapps.co.uk.xml
 		- Guardian_Escapes.com.xml
 		- Guardian_Offers.co.uk.xml
-		- Guardian_Subscriptions.co.uk.xml
 
 
 	CDN buckets:
@@ -50,6 +49,7 @@
 		- next ¹
 		- m.jobs ¹
 		- oas ¹
+		- register ¹
 
 	¹ Mismatched
 
@@ -91,9 +91,6 @@
 	<target host="bookshop.theguardian.com" />
 	<target host="www.bookshop.theguardian.com" />
 	<target host="contribute.theguardian.com" />
-	<target host="courseadmin.theguardian.com" />
-	<target host="courseapi.theguardian.com" />
-	<target host="courseproviders.theguardian.com" />
 	<target host="courses.theguardian.com" />
 	<target host="discussion.theguardian.com" />
 	<target host="embed.theguardian.com" />
@@ -102,12 +99,11 @@
 	<target host="jobs.theguardian.com" />
 	<target host="membership.theguardian.com" />
 	<target host="profile.theguardian.com" />
-	<target host="register.theguardian.com" />
 	<target host="securedrop.theguardian.com" />
 	<target host="soulmates.theguardian.com" />
 	<target host="subscribe.theguardian.com" />
 	<target host="witness.theguardian.com" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"	to="https:" />
diff --git a/src/chrome/content/rules/The_Hill.com.xml b/src/chrome/content/rules/The_Hill.com.xml
index 3c9d8c758b00..525ec8c0b952 100644
--- a/src/chrome/content/rules/The_Hill.com.xml
+++ b/src/chrome/content/rules/The_Hill.com.xml
@@ -30,7 +30,7 @@ Fetch error: http://thehill.com/ => https://thehill.com/: (60, 'SSL certificate
 	³ Unsecurable <= refused
 
 -->
-<ruleset name="The Hill.com" default_off='failed ruleset test'>
+<ruleset name="The Hill.com" default_off="failed ruleset test">
 
 	<target host="thehill.com" />
 	<target host="mobile.thehill.com" />
diff --git a/src/chrome/content/rules/The_Hoxton.com.xml b/src/chrome/content/rules/The_Hoxton.com.xml
index fd6059c66dd2..bec4bc0ecf14 100644
--- a/src/chrome/content/rules/The_Hoxton.com.xml
+++ b/src/chrome/content/rules/The_Hoxton.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.thehoxton.com/ => https://www.thehoxton.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thehoxton.com'")
 
 -->
-<ruleset name="The Hoxton.com" default_off='failed ruleset test'>
+<ruleset name="The Hoxton.com" default_off="failed ruleset test">
 
 	<target host="thehoxton.com" />
 	<target host="www.thehoxton.com" />
diff --git a/src/chrome/content/rules/The_Iconic.com.au.xml b/src/chrome/content/rules/The_Iconic.com.au.xml
deleted file mode 100644
index 590508b90596..000000000000
--- a/src/chrome/content/rules/The_Iconic.com.au.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^ *
-		- static1 *
-
-	* Mismatched, CN: www.theiconic.com.au
-
-
-	Some pages redirect to http.
-
-	Rule breaks critical site functionality due to CORS
-
--->
-<ruleset name="The Iconic.com.au (partial)" default_off="can't add items to cart">
-
-	<target host="theiconic.com.au" />
-	<target host="www.theiconic.com.au" />
-	<target host="static.theiconic.com.au" />
-	<target host="static1.theiconic.com.au" />
-		<!--
-			Redirect to http:
-							-->
-		<!--exclusion pattern="^http://(www\.)?theiconic\.com\.au/+($|\?|(customer|customer/saveditems|trust-policy)/*($|\?))" /-->
-		<!--exclusion pattern="^http://(www\.)?theiconic\.com\.au/+(?!(cart|customer/account)($|[?/])|favicon\.ico)" /-->
-
-
-	<rule from="^http://(?:www\.)?theiconic\.com\.au/(?=(?:cart|customer/account)(?:$|[?/])|favicon\.ico)"
-		to="https://www.theiconic.com.au/" />
-
-	<rule from="^http://static1?\.theiconic\.com\.au/"
-		to="https://static.theiconic.com.au/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Johns_Hopkins_University.xml b/src/chrome/content/rules/The_Johns_Hopkins_University.xml
index 64230794640e..2bf5d5307985 100644
--- a/src/chrome/content/rules/The_Johns_Hopkins_University.xml
+++ b/src/chrome/content/rules/The_Johns_Hopkins_University.xml
@@ -181,7 +181,7 @@ Fetch error: http://wiki.pha.jhu.edu/ => https://wiki.pha.jhu.edu/: (60, 'SSL ce
 	ˢ Secured by us
 
 -->
-<ruleset name="JHU.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="JHU.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/The_Newsmarket.xml b/src/chrome/content/rules/The_Newsmarket.xml
index 4a3a1389e2ce..0347072bc706 100644
--- a/src/chrome/content/rules/The_Newsmarket.xml
+++ b/src/chrome/content/rules/The_Newsmarket.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Next_Web-problematic.xml b/src/chrome/content/rules/The_Next_Web-problematic.xml
index eea957f95495..7a973ff284d5 100644
--- a/src/chrome/content/rules/The_Next_Web-problematic.xml
+++ b/src/chrome/content/rules/The_Next_Web-problematic.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Outnet.xml b/src/chrome/content/rules/The_Outnet.xml
index a962621b71c8..f991c527bd56 100644
--- a/src/chrome/content/rules/The_Outnet.xml
+++ b/src/chrome/content/rules/The_Outnet.xml
@@ -13,10 +13,12 @@ Non-2xx HTTP code: http://theoutnet.com/ (200) => https://www.theoutnet.com/ (40
 		- cache
 
 -->
-<ruleset name="The Outnet" default_off='failed ruleset test'>
+<ruleset name="The Outnet" default_off="failed ruleset test">
 
 	<target host="theoutnet.com" />
-	<target host="*.theoutnet.com" />
+	<target host="www.theoutnet.com" />
+	<target host="cache.theoutnet.com" />
+	<target host="www-lt.theoutnet.com" />
 
 
 	<securecookie host="^\.?www\.theoutnet\.com$" name=".+" />
@@ -25,7 +27,6 @@ Non-2xx HTTP code: http://theoutnet.com/ (200) => https://www.theoutnet.com/ (40
 	<rule from="^http://(?:www\.)?theoutnet\.com/"
 		to="https://www.theoutnet.com/" />
 
-	<rule from="^http://(cache|www-lt)\.theoutnet\.com/"
-		to="https://$1.theoutnet.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/The_Patriot_Post.xml b/src/chrome/content/rules/The_Patriot_Post.xml
deleted file mode 100644
index 96c65dfcee75..000000000000
--- a/src/chrome/content/rules/The_Patriot_Post.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	CDN buckets:
-
-		- assets.patriotpost.com.s3.amazonaws.com
-		- media.patriotpost.us.s3.amazonaws.com
-
-
-	Problematic domains:
-
-		- www.patriotpost.us	(cert only matches ^patriotpost.us)
-
--->
-<ruleset name="The Patriot Post">
-
-	<target host="assets.patriotpost.com" />
-	<target host="patriotpost.us" />
-	<target host="*.patriotpost.us" />
-
-
-	<securecookie host="^patriotpost\.us$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?patriotpost\.us/"
-		to="https://patriotpost.us/" />
-
-	<rule from="^http://(assets\.patriotpost\.com|media\.patriotpost\.us)/"
-		to="https://s3.amazonaws.com/$1/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Satanic_Temple.com.xml b/src/chrome/content/rules/The_Satanic_Temple.com.xml
index 1e12835637eb..a414f5cec72b 100644
--- a/src/chrome/content/rules/The_Satanic_Temple.com.xml
+++ b/src/chrome/content/rules/The_Satanic_Temple.com.xml
@@ -12,7 +12,7 @@
 <ruleset name="The Satanic Temple.com (false MCB)" default_off="mismatched" platform="mixedcontent">
 
 	<target host="thesatanictemple.com" />
-	<target host="*.thesatanictemple.com" />
+	<target host="www.thesatanictemple.com" />
 	<target host="thesatanictemple.org" />
 	<target host="www.thesatanictemple.org" />
 
diff --git a/src/chrome/content/rules/The_Security_Practice.com.xml b/src/chrome/content/rules/The_Security_Practice.com.xml
index edb0a22c19c6..595576166c1f 100644
--- a/src/chrome/content/rules/The_Security_Practice.com.xml
+++ b/src/chrome/content/rules/The_Security_Practice.com.xml
@@ -14,13 +14,10 @@
 -->
 <ruleset name="The Security Practice.com" default_off="mismatched">
 
-	<target host="*.thesecuritypractice.com" />
+	<target host="www.thesecuritypractice.com" />
 
 
-	<securecookie host="^\.thesecuritypractice\.com$" name=".+" />
 
-
-	<rule from="^http://www\.thesecuritypractice\.com/"
-		to="https://www.thesecuritypractice.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/The_TFP.xml b/src/chrome/content/rules/The_TFP.xml
index 552ff3922c51..1d7abbd94a34 100644
--- a/src/chrome/content/rules/The_TFP.xml
+++ b/src/chrome/content/rules/The_TFP.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_Tin_Hat.com.xml b/src/chrome/content/rules/The_Tin_Hat.com.xml
index e6807254907b..3d135567260d 100644
--- a/src/chrome/content/rules/The_Tin_Hat.com.xml
+++ b/src/chrome/content/rules/The_Tin_Hat.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.thetinhat.com/ => https://www.thetinhat.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.thetinhat.com'")
 
 -->
-<ruleset name="The Tin Hat.com" default_off='failed ruleset test'>
+<ruleset name="The Tin Hat.com" default_off="failed ruleset test">
 
 	<target host="thetinhat.com" />
 	<target host="www.thetinhat.com" />
diff --git a/src/chrome/content/rules/The_Watershed.xml b/src/chrome/content/rules/The_Watershed.xml
deleted file mode 100644
index 6026e423e722..000000000000
--- a/src/chrome/content/rules/The_Watershed.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- chat	(mismatched)
-
--->
-<ruleset name="The Watershed">
-
-	<target host="thewatershed.com" />
-	<target host="*.thewatershed.com" />
-
-
-	<securecookie host=".+\.thewatershed\.com$" name=".+" />
-
-
-	<rule from="^http://((?:cdn|lp|wsmail|www)\.)?thewatershed\.com/"
-		to="https://$1thewatershed.com/" />
-
-	<rule from="^http://chat\.thewatershed\.com/(?:\?.*)?$"
-		to="https://addictionhelpchat.com/webchatasp/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/The_Watershed_Residence.xml b/src/chrome/content/rules/The_Watershed_Residence.xml
index ae39e3894b56..e6cd17cb7339 100644
--- a/src/chrome/content/rules/The_Watershed_Residence.xml
+++ b/src/chrome/content/rules/The_Watershed_Residence.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.thewatershedresidence.com/ => https://thewatershedreside
 	www: mismatched
 
 -->
-<ruleset name="The Watershed Residence" default_off='failed ruleset test'>
+<ruleset name="The Watershed Residence" default_off="failed ruleset test">
 
 	<target host="thewatershedresidence.com" />
 	<target host="www.thewatershedresidence.com" />
diff --git a/src/chrome/content/rules/The_Web_Index.org.xml b/src/chrome/content/rules/The_Web_Index.org.xml
index 98d70c575a0a..b600ac9a7b0c 100644
--- a/src/chrome/content/rules/The_Web_Index.org.xml
+++ b/src/chrome/content/rules/The_Web_Index.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.thewebindex.org/ => https://www.thewebindex.org/: (51, "
 		- beta	(mismatched, CN: thewebindex.org)
 
 -->
-<ruleset name="The Web Index.org" default_off='failed ruleset test'>
+<ruleset name="The Web Index.org" default_off="failed ruleset test">
 
 	<target host="thewebindex.org" />
 	<target host="www.thewebindex.org" />
diff --git a/src/chrome/content/rules/The_Western_World.xml b/src/chrome/content/rules/The_Western_World.xml
index dab396690a8d..7f89f142c51a 100644
--- a/src/chrome/content/rules/The_Western_World.xml
+++ b/src/chrome/content/rules/The_Western_World.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.thewesternworld.com/ => https://www.thewesternworld.com/
 	The above three appear to serve images only.
 
 -->
-<ruleset name="The Western World (partial)" default_off='failed ruleset test'>
+<ruleset name="The Western World (partial)" default_off="failed ruleset test">
 
 	<target host="thewesternworld.com" />
 	<target host="www.thewesternworld.com" />
@@ -30,4 +30,4 @@ Fetch error: http://www.thewesternworld.com/ => https://www.thewesternworld.com/
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/The_World_According_to_Nouns.xml b/src/chrome/content/rules/The_World_According_to_Nouns.xml
index 774b1ded6df9..9dc26e0e677a 100644
--- a/src/chrome/content/rules/The_World_According_to_Nouns.xml
+++ b/src/chrome/content/rules/The_World_According_to_Nouns.xml
@@ -1,7 +1,7 @@
 <ruleset name="The World According to Nouns">
 
 	<target host="danzappone.com" />
-	<target host="*.danzappone.com" />
+	<target host="www.danzappone.com" />
 
 
 	<securecookie host="^(?:www)?\.danzappone\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Theadex.xml b/src/chrome/content/rules/Theadex.xml
index 4bf073a1edcd..219935b66e6c 100644
--- a/src/chrome/content/rules/Theadex.xml
+++ b/src/chrome/content/rules/Theadex.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Theads.me.xml b/src/chrome/content/rules/Theads.me.xml
index 1ddd6dc6a7dd..222af250f7fa 100644
--- a/src/chrome/content/rules/Theads.me.xml
+++ b/src/chrome/content/rules/Theads.me.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.theads.me/ => https://www.theads.me/: (28, 'Operation ti
 		- code.theads.me
 
 -->
-<ruleset name="theads.me" default_off='failed ruleset test'>
+<ruleset name="theads.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Thecanadaline.com.xml b/src/chrome/content/rules/Thecanadaline.com.xml
new file mode 100644
index 000000000000..982d34230a24
--- /dev/null
+++ b/src/chrome/content/rules/Thecanadaline.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thecanadaline.com">
+	<target host="thecanadaline.com" />
+	<target host="www.thecanadaline.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thecthulhu.com.xml b/src/chrome/content/rules/Thecthulhu.com.xml
index 2a526d6c5d22..d8fbe76b9def 100644
--- a/src/chrome/content/rules/Thecthulhu.com.xml
+++ b/src/chrome/content/rules/Thecthulhu.com.xml
@@ -37,7 +37,7 @@ Fetch error: http://www.thecthulhu.com/ => https://www.thecthulhu.com/: (6, 'Cou
 	* Temporarily down
 -->
 
-<ruleset name="Thecthulhu.com" default_off='failed ruleset test'>
+<ruleset name="Thecthulhu.com" default_off="failed ruleset test">
 
 	<target host="thecthulhu.com" />
 	<target host="000webhost.thecthulhu.com" />
diff --git a/src/chrome/content/rules/Thefind.xml b/src/chrome/content/rules/Thefind.xml
index dcce07da9f0a..31316004dafb 100644
--- a/src/chrome/content/rules/Thefind.xml
+++ b/src/chrome/content/rules/Thefind.xml
@@ -12,11 +12,15 @@ Fetch error: http://s.tfcdn.com/ => https://www.thefind.com/: (60, 'SSL certific
 Fetch error: http://thefind.com/ => https://thefind.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="TheFind" default_off='failed ruleset test'>
+<ruleset name="TheFind" default_off="failed ruleset test">
 
 	<target host="s.tfcdn.com" />
 	<target host="thefind.com" />
-	<target host="*.thefind.com" />
+	<target host="blog.thefind.com" />
+	<target host="img.thefind.com" />
+	<target host="local.thefind.com" />
+	<target host="upfront.thefind.com" />
+	<target host="www.thefind.com" />
 
 
 	<securecookie host="^.*\.thefind\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Thehabbos.org.xml b/src/chrome/content/rules/Thehabbos.org.xml
index 85f82524763e..c01fd07cc878 100644
--- a/src/chrome/content/rules/Thehabbos.org.xml
+++ b/src/chrome/content/rules/Thehabbos.org.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thehackernews.com.xml b/src/chrome/content/rules/Thehackernews.com.xml
index 238a5dfc24b5..a04bd2a38de9 100644
--- a/src/chrome/content/rules/Thehackernews.com.xml
+++ b/src/chrome/content/rules/Thehackernews.com.xml
@@ -17,5 +17,5 @@
 
 	<rule from="^http:"
 		to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Themacro.com.xml b/src/chrome/content/rules/Themacro.com.xml
deleted file mode 100644
index 17b380315f9a..000000000000
--- a/src/chrome/content/rules/Themacro.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Themacro.com">
-	<target host="themacro.com" />
-	<target host="www.themacro.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ThemeParkReview.com.xml b/src/chrome/content/rules/ThemeParkReview.com.xml
new file mode 100644
index 000000000000..50c879b4dda6
--- /dev/null
+++ b/src/chrome/content/rules/ThemeParkReview.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Connection closed:
+		- mail.themeparkreview.com
+
+	Invalid certificate:
+		- ftp.themeparkreview.com
+		- ns1.themeparkreview.com
+		- ns2.themeparkreview.com
+		- server2.themeparkreview.com
+		- www.web1.themeparkreview.com
+
+	Refused:
+		- mailinglist.themeparkreview.com
+		- www.mailinglist.themeparkreview.com
+-->
+<ruleset name="ThemeParkReview.com">
+
+	<target host="themeparkreview.com" />
+	<target host="www.themeparkreview.com" />
+	<target host="cpanel.themeparkreview.com" />
+	<target host="web1.themeparkreview.com" />
+	<target host="webdisk.themeparkreview.com" />
+	<target host="webmail.themeparkreview.com" />
+	<target host="whm.themeparkreview.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+	
+</ruleset>
diff --git a/src/chrome/content/rules/Themes_and_Co.com.xml b/src/chrome/content/rules/Themes_and_Co.com.xml
deleted file mode 100644
index 905adbe2cf9a..000000000000
--- a/src/chrome/content/rules/Themes_and_Co.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.themesandco.com/ => https://www.themesandco.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.themesandco.com'")
-
-	Problematic subdomains:
-
-		- demo *
-
-	* Self-signed
-
--->
-<ruleset name="Themes and Co.com">
-
-	<target host="themesandco.com" />
-	<target host="www.themesandco.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="http://themesandco\.com/($|account/$|contact/$)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="http://themesandco\.com/(?!wp-content/|wp-includes/)" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thephone.coop.xml b/src/chrome/content/rules/Thephone.coop.xml
index 097838441747..9fa697682ea3 100644
--- a/src/chrome/content/rules/Thephone.coop.xml
+++ b/src/chrome/content/rules/Thephone.coop.xml
@@ -12,7 +12,7 @@ Fetch error: http://plesk2.thephone.coop/ => https://plesk2.thephone.coop/: (60,
 		- Phone.coop.xml
 
 -->
-<ruleset name="thephone.coop" default_off='failed ruleset test'>
+<ruleset name="thephone.coop" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Thermitic.net.xml b/src/chrome/content/rules/Thermitic.net.xml
index f6c09e599ad2..b4ba9aef9833 100644
--- a/src/chrome/content/rules/Thermitic.net.xml
+++ b/src/chrome/content/rules/Thermitic.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://stats.thermitic.net/ => https://stats.thermitic.net/: (60, '
 	^: shows stats, valid cert
 
 -->
-<ruleset name="Thermitic.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Thermitic.net (partial)" default_off="failed ruleset test">
 
 	<target host="stats.thermitic.net" />
 
diff --git a/src/chrome/content/rules/Thermo_Scientific.com.xml b/src/chrome/content/rules/Thermo_Scientific.com.xml
index 7765daeab952..9e418b3110bf 100644
--- a/src/chrome/content/rules/Thermo_Scientific.com.xml
+++ b/src/chrome/content/rules/Thermo_Scientific.com.xml
@@ -31,7 +31,7 @@ Non-2xx HTTP code: http://thermoscientific.com/ (200) => https://www.thermoscien
 	* Secured by us
 
 -->
-<ruleset name="Thermo Scientific.com" default_off='failed ruleset test'>
+<ruleset name="Thermo Scientific.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Thesn.net.xml b/src/chrome/content/rules/Thesn.net.xml
index 75396253ffde..142f81e96558 100644
--- a/src/chrome/content/rules/Thesn.net.xml
+++ b/src/chrome/content/rules/Thesn.net.xml
@@ -14,7 +14,6 @@
 	<target host="cdn.thesn.net" />
 
 
-	<rule from="^http://cdn\.thesn\.net/"
-		to="https://ddrm6oy8thgk7.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Thing.net-falsemixed.xml b/src/chrome/content/rules/Thing.net-falsemixed.xml
deleted file mode 100644
index 6ffba70831b8..000000000000
--- a/src/chrome/content/rules/Thing.net-falsemixed.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Thing.net.xml.
-
--->
-<ruleset name="thing.net (false MCB)" platform="mixedcontent">
-
-	<target host="editions.thing.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thing.net.xml b/src/chrome/content/rules/Thing.net.xml
index 35bbdb6796ea..f09a3906cffc 100644
--- a/src/chrome/content/rules/Thing.net.xml
+++ b/src/chrome/content/rules/Thing.net.xml
@@ -1,54 +1,23 @@
 <!--
-	For rules causing false/broken MCB, see Thing.net-falsemixed.xml.
-
-
-	Partially covered subdomains:
-
-		- editions *
-
-	* Avoiding false/broken MCB
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- isp
-		- mailman
-		- the
-		- thingist
-		- webmail
-
-
-	Mixed content:
-
-		- css on editions from $self ¹
-
-		- Images, on:
-
-			- editions from $self ¹
-			- isp from $self ¹
-			- post from $self ¹
-			- post from www.jamesfuentes.com ²
-
-	¹ Secured by us
-	² Unsecurable <= interrupted
+	Invalid certificate:
+		thingist.thing.net
 
 -->
 <ruleset name="thing.net (partial)">
 
 	<target host="thing.net" />
+	<target host="www.thing.net" />
+	<target host="archive.thing.net" />
+	<target host="auction.thing.net" />
+	<target host="calc.thing.net" />
 	<target host="editions.thing.net" />
 	<target host="isp.thing.net" />
 	<target host="mailman.thing.net" />
+	<target host="pad.thing.net" />
+	<target host="post.thing.net" />
 	<target host="the.thing.net" />
-	<target host="thingist.thing.net" />
+	<target host="tools.thing.net" />
 	<target host="webmail.thing.net" />
-	<target host="www.thing.net" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<!--exclusion pattern="^http://editions\.thing\.net/+(?!editions\.css|images/|thumb/)" /-->
-
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/ThinkFaster.co.xml b/src/chrome/content/rules/ThinkFaster.co.xml
index 3c24785c635f..ae6fe830a560 100644
--- a/src/chrome/content/rules/ThinkFaster.co.xml
+++ b/src/chrome/content/rules/ThinkFaster.co.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.thinkfaster.co/ => https://www.thinkfaster.co/: (6, 'Could not resolve host: www.thinkfaster.co')
 
 -->
-<ruleset name="ThinkFaster.co" default_off='failed ruleset test'>
+<ruleset name="ThinkFaster.co" default_off="failed ruleset test">
 
 	<target host="thinkfaster.co" />
 	<target host="www.thinkfaster.co" />
diff --git a/src/chrome/content/rules/ThinkGeek.xml b/src/chrome/content/rules/ThinkGeek.xml
deleted file mode 100644
index ac789b425074..000000000000
--- a/src/chrome/content/rules/ThinkGeek.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ThinkGeek">
-        <target host="thinkgeek.com" />
-        <target host="*.thinkgeek.com" />
-
-        <rule from="^http://(?:www\.)?thinkgeek\.com/" to="https://www.thinkgeek.com/"/>
-        <securecookie host="^(?:.*\.)?thinkgeek\.com$" name=".+" />
-</ruleset>
diff --git a/src/chrome/content/rules/ThinkingDiver.com.xml b/src/chrome/content/rules/ThinkingDiver.com.xml
new file mode 100644
index 000000000000..fe94ca7c9819
--- /dev/null
+++ b/src/chrome/content/rules/ThinkingDiver.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ThinkingDiver.com">
+	<target host="thinkingdiver.com" />
+	<target host="www.thinkingdiver.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thinking_Christian.xml b/src/chrome/content/rules/Thinking_Christian.xml
index ba1c2b55d027..67c6bcfc48cc 100644
--- a/src/chrome/content/rules/Thinking_Christian.xml
+++ b/src/chrome/content/rules/Thinking_Christian.xml
@@ -5,7 +5,7 @@
 <ruleset name="Thinking Christian">
 
 	<target host="thinkingchristian.net" />
-	<target host="*.thinkingchristian.net" />
+	<target host="www.thinkingchristian.net" />
 
 
 	<securecookie host="^(?:\.?www)?\.thinkingchristian\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Thinkwiki.org.xml b/src/chrome/content/rules/Thinkwiki.org.xml
new file mode 100644
index 000000000000..a9dc1658529a
--- /dev/null
+++ b/src/chrome/content/rules/Thinkwiki.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="Thinkwiki.org">
+	<target host="thinkwiki.org" />
+	<target host="www.thinkwiki.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThirdAge.xml b/src/chrome/content/rules/ThirdAge.xml
index 5bfd918832ef..b2e55021fba5 100644
--- a/src/chrome/content/rules/ThirdAge.xml
+++ b/src/chrome/content/rules/ThirdAge.xml
@@ -24,16 +24,17 @@ Fetch error: http://thirdage.com/ => https://thirdage.com/: (7, 'Failed to conne
 		- videos	(cert: *.onescreen.net; 403)
 
 -->
-<ruleset name="ThirdAge (partial)" default_off='failed ruleset test'>
+<ruleset name="ThirdAge (partial)" default_off="failed ruleset test">
 
 	<target host="thirdage.com" />
-	<target host="*.thirdage.com" />
+	<target host="www.thirdage.com" />
+	<target host="ww3.thirdage.com" />
+	<target host="cast.thirdage.com" />
 
 
-	<rule from="^http://(ww[w3]\.)?thirdage\.com/"
-		to="https://$1thirdage.com/" />
 
 	<rule from="^http://cast\.thirdage\.com/"
 		to="https://www.thirdage.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ThirdPresence.com.xml b/src/chrome/content/rules/ThirdPresence.com.xml
index 80df03e7610f..e0f7ef044dc5 100644
--- a/src/chrome/content/rules/ThirdPresence.com.xml
+++ b/src/chrome/content/rules/ThirdPresence.com.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://files\.thirdpresence\.com/"
 		to="https://s3-eu-west-1.amazonaws.com/files.thirdpresence.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ThisCatDoesNotExist.com.xml b/src/chrome/content/rules/ThisCatDoesNotExist.com.xml
new file mode 100644
index 000000000000..3f5aec9dd963
--- /dev/null
+++ b/src/chrome/content/rules/ThisCatDoesNotExist.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ThisCatDoesNotExist.com">
+	<target host="thiscatdoesnotexist.com" />
+	<target host="www.thiscatdoesnotexist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThisCrazyTrain.com.xml b/src/chrome/content/rules/ThisCrazyTrain.com.xml
new file mode 100644
index 000000000000..d5ee85668542
--- /dev/null
+++ b/src/chrome/content/rules/ThisCrazyTrain.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ThisCrazyTrain.com">
+	<target host="thiscrazytrain.com" />
+	<target host="www.thiscrazytrain.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThisPersonDoesNotExist.com.xml b/src/chrome/content/rules/ThisPersonDoesNotExist.com.xml
new file mode 100644
index 000000000000..f15ba00e0355
--- /dev/null
+++ b/src/chrome/content/rules/ThisPersonDoesNotExist.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ThisPersonDoesNotExist.com">
+	<target host="thispersondoesnotexist.com" />
+	<target host="www.thispersondoesnotexist.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThisWebHost.xml b/src/chrome/content/rules/ThisWebHost.xml
index 1d387a0221ed..7c155b05d45f 100644
--- a/src/chrome/content/rules/ThisWebHost.xml
+++ b/src/chrome/content/rules/ThisWebHost.xml
@@ -2,7 +2,7 @@
   <target host="thiswebhost.com" />
   <target host="www.thiswebhost.com" />
 
-  <securecookie host="^(?:.+\.)?thiswebhost\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ThisisColossal.com.xml b/src/chrome/content/rules/ThisisColossal.com.xml
index bae0b2212ad7..51b2c1fd32cd 100644
--- a/src/chrome/content/rules/ThisisColossal.com.xml
+++ b/src/chrome/content/rules/ThisisColossal.com.xml
@@ -9,7 +9,7 @@
 <ruleset name="ThisisColossal.com" default_off="refused">
 
 	<target host="colossal.com" />
-	<target host="*.colossal.com" />
+	<target host="www.colossal.com" />
 
 
 	<securecookie host="^\.colossal\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Thomas-Krenn.com.xml b/src/chrome/content/rules/Thomas-Krenn.com.xml
index 575bf6baea98..4dd234ccf4b8 100644
--- a/src/chrome/content/rules/Thomas-Krenn.com.xml
+++ b/src/chrome/content/rules/Thomas-Krenn.com.xml
@@ -11,7 +11,7 @@
 <ruleset name="Thomas-Krenn.com">
 
 	<target host="thomas-krenn.com" />
-	<target host="*.thomas-krenn.com" />
+	<target host="www.thomas-krenn.com" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/Thompson.com.xml b/src/chrome/content/rules/Thompson.com.xml
index 87e046b42452..ce65b4b6d0f3 100644
--- a/src/chrome/content/rules/Thompson.com.xml
+++ b/src/chrome/content/rules/Thompson.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml b/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml
index da05fdd0a843..57bc69fbb0b0 100644
--- a/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml
+++ b/src/chrome/content/rules/Thompson_Hotels.com-falsemixed.xml
@@ -12,10 +12,10 @@ Fetch error: http://thompsonhotels.com/ => https://www.thompsonhotels.com/: (52,
 	For rules not causing false/broken MCB, see Thompson_Hotels.com.xml.
 
 -->
-<ruleset name="Thompson Hotels.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Thompson Hotels.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="thompsonhotels.com" />
-	<target host="*.thompsonhotels.com" />
+	<target host="www.thompsonhotels.com" />
 
 
 	<rule from="^http://(?:www\.)?thompsonhotels\.com/"
diff --git a/src/chrome/content/rules/Thomson-Reuters.xml b/src/chrome/content/rules/Thomson-Reuters.xml
index 36464f7ff88a..6fdd5dd0e24f 100644
--- a/src/chrome/content/rules/Thomson-Reuters.xml
+++ b/src/chrome/content/rules/Thomson-Reuters.xml
@@ -22,7 +22,6 @@ Fetch error: http://admin.checkpoint.thomsonreuters.com/ => https://admin.checkp
 		- Thomson.com.xml
 		- thomsoninnovation.com.xml
 		- thomsonreuters.com.ar.xml
-		- Thomson_Reuters_Life_Sciences.com.xml
 		- Web_of_Knowledge.xml
 		- Westlaw.com.xml
 
@@ -150,7 +149,7 @@ Fetch error: http://admin.checkpoint.thomsonreuters.com/ => https://admin.checkp
 	³ Unsecurable <= refused
 
 -->
-<ruleset name="Thomson Reuters.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Thomson Reuters.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Thomson_Reuters_Life_Sciences.com.xml b/src/chrome/content/rules/Thomson_Reuters_Life_Sciences.com.xml
deleted file mode 100644
index a6a736e67eec..000000000000
--- a/src/chrome/content/rules/Thomson_Reuters_Life_Sciences.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Thomson Reuters coverage, see Thomson-Reuters.xml.
-
-
-	(www.)? doesn't exist.
-
--->
-<ruleset name="Thomson Reuters Life Sciences.com">
-
-	<target host="cortellis.thomsonreuterslifesciences.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thp.io.xml b/src/chrome/content/rules/Thp.io.xml
index f5cbac3cd0a3..701077e24c52 100644
--- a/src/chrome/content/rules/Thp.io.xml
+++ b/src/chrome/content/rules/Thp.io.xml
@@ -1,16 +1,20 @@
 <!--
-	Problematic subdomains:
-
-		- www	(cert only matches ^thp.io)
+	Invalid certificate:
+		www.thp.io
+		o.thp.io
+		sulu.thp.io
 
 -->
 <ruleset name="thp.io">
 
 	<target host="thp.io" />
 	<target host="www.thp.io" />
+	<target host="i.thp.io" />
 
-
-	<rule from="^http://(?:www\.)?thp\.io/"
+	<rule from="^http://www\.thp\.io/"
 		to="https://thp.io/" />
 
+	<rule from="^http:"
+		to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/ThreadReaderApp.com.xml b/src/chrome/content/rules/ThreadReaderApp.com.xml
new file mode 100644
index 000000000000..0e3a1fd7ae2f
--- /dev/null
+++ b/src/chrome/content/rules/ThreadReaderApp.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ThreadReaderApp.com">
+	<target host="threadreaderapp.com" />
+	<target host="www.threadreaderapp.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Threading-Building-Blocks.xml b/src/chrome/content/rules/Threading-Building-Blocks.xml
index c6ebe7773f2e..8a3292203668 100644
--- a/src/chrome/content/rules/Threading-Building-Blocks.xml
+++ b/src/chrome/content/rules/Threading-Building-Blocks.xml
@@ -6,7 +6,7 @@ Fetch error: http://threadingbuildingblocks.org/ => https://threadingbuildingblo
 	For other Intel coverage, see Intel.xml.
 
 -->
-<ruleset name="Threading Building Blocks.org" default_off='failed ruleset test'>
+<ruleset name="Threading Building Blocks.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Threat2Alert.com.xml b/src/chrome/content/rules/Threat2Alert.com.xml
index 4867754aebce..994031b2c32d 100644
--- a/src/chrome/content/rules/Threat2Alert.com.xml
+++ b/src/chrome/content/rules/Threat2Alert.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://threat2alert.com/ => https://threat2alert.com/: (6, 'Could n
 		- www.threat2alert.com
 
 -->
-<ruleset name="Threat2Alert.com" default_off='failed ruleset test'>
+<ruleset name="Threat2Alert.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ThreatTrack_Security.com.xml b/src/chrome/content/rules/ThreatTrack_Security.com.xml
index b089a22f6457..491e2b68e44c 100644
--- a/src/chrome/content/rules/ThreatTrack_Security.com.xml
+++ b/src/chrome/content/rules/ThreatTrack_Security.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://threattracksecurity.com/ => https://threattracksecurity.com/: Cycle detected - URL already encountered: https://www.threattracksecurity.com/
 Fetch error: http://www.threattracksecurity.com/ => https://www.threattracksecurity.com/: Cycle detected - URL already encountered: https://www.threattracksecurity.com/
 -->
-<ruleset name="ThreatTrack Security.com" default_off='failed ruleset test'>
+<ruleset name="ThreatTrack Security.com" default_off="failed ruleset test">
 
 	<target host="threattracksecurity.com" />
 	<target host="www.threattracksecurity.com" />
diff --git a/src/chrome/content/rules/Three.xml b/src/chrome/content/rules/Three.xml
index 42f43acea689..b8e0b25c6006 100644
--- a/src/chrome/content/rules/Three.xml
+++ b/src/chrome/content/rules/Three.xml
@@ -8,7 +8,7 @@ Fetch error: http://threestore.three.co.uk/ => https://threestore.three.co.uk/:
 Disabled by https-everywhere-checker because:
 Fetch error: http://threestore.three.co.uk/ => https://threestore.three.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'threestore.three.co.uk'")
 -->
-<ruleset name="Three" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Three" platform="mixedcontent" default_off="failed ruleset test">
   <target host="three.ie" />
   <target host="www.three.ie" />
   <target host="threestore.three.co.uk" />
diff --git a/src/chrome/content/rules/Threema.xml b/src/chrome/content/rules/Threema.xml
index 4e7f27cf8c1b..0383e34014a4 100644
--- a/src/chrome/content/rules/Threema.xml
+++ b/src/chrome/content/rules/Threema.xml
@@ -1,31 +1,11 @@
 <ruleset name="Threema">
-    <target host="threema.ch" />
-    <target host="www.threema.ch" />
-    <target host="gateway.threema.ch" />
-    <target host="shop.threema.ch" />
-    <target host="myid.threema.ch" />
-    <target host="avatar.threema.ch" />
-    <target host="work.threema.ch" />
-    <target host="three.ma" />
-    <target host="web.threema.ch" />
-    <target host="web-beta.threema.ch" />
+	<target host="three.ma" />
+	<target host="www.three.ma" />
 
-    <test url="http://threema.ch/en/whats-new" />
-    <test url="http://www.threema.ch/" />
-    <test url="http://gateway.threema.ch/en/developer/api" />
-    <test url="http://shop.threema.ch/download" />
-    <test url="http://myid.threema.ch/revoke" />
-    <test url="http://myid.threema.ch/unlink" />
-    <test url="http://avatar.threema.ch/*THREEMA" />
-    <test url="http://avatar.threema.ch/" />
-    <test url="http://web.threema.ch/" />
-    <test url="http://web-beta.threema.ch/" />
-    
-    <!-- The main page serves a 403 reply -->
-    <exclusion pattern="http://avatar\.threema\.ch/?$" />
+	<target host="threema.id" />
+	<target host="www.threema.id" />
 
-    <securecookie host="^(www.|gateway.|work.|shop\.|myid.|web.|web-beta.)?threema\.ch" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-    <rule from="^http:"
-            to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Thrifty.be.xml b/src/chrome/content/rules/Thrifty.be.xml
new file mode 100644
index 000000000000..dd0fc32966ae
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.be.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.be">
+
+	<target host="thrifty.be" />
+	<target host="www.thrifty.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.be/"
+		to="https://www.thrifty.be/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.ch.xml b/src/chrome/content/rules/Thrifty.ch.xml
new file mode 100644
index 000000000000..1795fad219c7
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.ch.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.ch">
+
+	<target host="thrifty.ch" />
+	<target host="www.thrifty.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.ch/"
+		to="https://www.thrifty.ch/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.kr.xml b/src/chrome/content/rules/Thrifty.co.kr.xml
new file mode 100644
index 000000000000..58ff0f3f399e
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.kr.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.co.kr">
+
+	<target host="thrifty.co.kr" />
+	<target host="www.thrifty.co.kr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.co\.kr/"
+		to="https://www.thrifty.co.kr/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.nz.xml b/src/chrome/content/rules/Thrifty.co.nz.xml
new file mode 100644
index 000000000000..12a83d4a3cff
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.nz.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- e		(http 403 error)
+		- m		(ssl connection error)
+		- mcms		(ssl connection error)
+
+-->
+<ruleset name="Thrifty.co.nz">
+
+	<target host="thrifty.co.nz" />
+	<target host="www.thrifty.co.nz" />
+	<target host="autodiscover.thrifty.co.nz" />
+	<target host="lyncdiscover.thrifty.co.nz" />
+	<target host="sip.thrifty.co.nz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.uk.xml b/src/chrome/content/rules/Thrifty.co.uk.xml
new file mode 100644
index 000000000000..2ff1bba30b67
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.uk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- dollar	(m)
+		- (www.)prepaid	(e)
+		- savings	(redirect to unresponsive host)
+		- support	(r)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.co.uk">
+
+	<target host="thrifty.co.uk" />
+	<target host="www.thrifty.co.uk" />
+	<target host="ffncs.thrifty.co.uk" />
+	<target host="mail.thrifty.co.uk" />
+	<target host="olb.thrifty.co.uk" />
+	<target host="refresh.thrifty.co.uk" />
+	<target host="secure.thrifty.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.co\.uk/"
+		to="https://www.thrifty.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.co.za.xml b/src/chrome/content/rules/Thrifty.co.za.xml
new file mode 100644
index 000000000000..b294c6e9c536
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.co.za.xml
@@ -0,0 +1,34 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- af	(ssl connection error)
+		- api	(ssl connection error)
+		- helpdesk	(s)
+		- m		(r)
+		- nmp	(h)
+		- www.nmp	(http 500 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.co.za">
+
+	<target host="thrifty.co.za" />
+	<target host="www.thrifty.co.za" />
+	<target host="connect.thrifty.co.za" />
+	<target host="oldsite.thrifty.co.za" />
+	<target host="www.oldsite.thrifty.co.za" />
+	<target host="partner.thrifty.co.za" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.au.xml b/src/chrome/content/rules/Thrifty.com.au.xml
new file mode 100644
index 000000000000..8347a9089dbe
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.au.xml
@@ -0,0 +1,54 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(t)
+		- autodiscover		(ssl connection error)
+		- blue	(e)
+		- corpwebmail		(ssl connection error)
+		- eradr	(e)
+		- erauat	(e)
+		- exstandby	(t)
+		- identity	(t)
+		- mcms	(e)
+		- sit	(e)
+		- sitidentity	(t)
+		- cm.sitecore.prod.svc	(m)
+		- www.uat	(i)
+		- uatidentity	(t)
+		- uatwww	(t)
+		- webmail		(ssl connection error)
+		- white02	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.com.au">
+
+	<target host="thrifty.com.au" />
+	<target host="www.thrifty.com.au" />
+	<target host="apps.thrifty.com.au" />
+	<target host="bluechip.thrifty.com.au" />
+	<target host="image.email.thrifty.com.au" />
+	<target host="pages.email.thrifty.com.au" />
+	<target host="era.thrifty.com.au" />
+	<target host="invoices.thrifty.com.au" />
+	<target host="lyncdiscover.thrifty.com.au" />
+	<target host="m.thrifty.com.au" />
+	<target host="sip.thrifty.com.au" />
+	<target host="cd-prod01.sitecore.prod.svc.thrifty.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.com\.au/"
+		to="https://www.thrifty.com.au/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.br.xml b/src/chrome/content/rules/Thrifty.com.br.xml
new file mode 100644
index 000000000000..295725cf4311
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.br.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+-->
+<ruleset name="Thrifty.com.br">
+
+	<target host="thrifty.com.br" />
+	<target host="www.thrifty.com.br" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.ph.xml b/src/chrome/content/rules/Thrifty.com.ph.xml
new file mode 100644
index 000000000000..356a03cb0617
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.ph.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+-->
+<ruleset name="Thrifty.com.au">
+
+	<target host="thrifty.com.ph" />
+	<target host="www.thrifty.com.ph" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.com.xml b/src/chrome/content/rules/Thrifty.com.xml
new file mode 100644
index 000000000000..ac8640a0bdfe
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.com.xml
@@ -0,0 +1,62 @@
+<!--
+	Other related rulesets:
+		- Thrifty.be.xml
+		- Thrifty.ch.xml
+		- Thrifty.co.kr.xml
+		- Thrifty.co.nz.xml
+		- Thrifty.co.uk.xml
+		- Thrifty.co.za.xml
+		- Thrifty.com.au.xml
+		- Thrifty.com.br.xml
+		- Thrifty.com.ph.xml
+		- Thrifty.de.xml
+		- Thrifty.ie.xml
+		- Thrifty.ma.xml
+		- Thrifty.nl.xml
+		- Thrifty.no.xml
+		- ThriftyCanada.ca.xml
+		- ThriftySingapore.com.xml
+
+
+	Non-functional subdomains:
+		- dblog	(t)
+		- click.emails	(m)
+		- image.emails	(m)
+		- pub.emails	(m)
+		- htcstaging	(i)
+		- lac	(i)
+		- rms	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.com">
+
+	<target host="thrifty.com" />
+	<target host="www.thrifty.com" />
+	<target host="cf.thrifty.com" />
+	<target host="m.thrifty.com" />
+	<target host="mobile.thrifty.com" />
+	<target host="mstaging.thrifty.com" />
+	<target host="okea.thrifty.com" />
+	<target host="ota.thrifty.com" />
+	<target host="pblog.thrifty.com" />
+	<target host="prepay.thrifty.com" />
+	<target host="register.thrifty.com" />
+	<target host="sblog.thrifty.com" />
+	<target host="staging.thrifty.com" />
+	<target host="stagingm.thrifty.com" />
+	<target host="worldwide.thrifty.com" />
+	<target host="ww2.thrifty.com" />
+	<target host="www2.thrifty.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.de.xml b/src/chrome/content/rules/Thrifty.de.xml
new file mode 100644
index 000000000000..795e9f32cfa5
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.de.xml
@@ -0,0 +1,29 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+		- prepaid		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.de">
+
+	<target host="thrifty.de" />
+	<target host="www.thrifty.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.de/"
+		to="https://www.thrifty.de/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.ie.xml b/src/chrome/content/rules/Thrifty.ie.xml
new file mode 100644
index 000000000000..4d961b011baf
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.ie.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.ie">
+
+	<target host="thrifty.ie" />
+	<target host="www.thrifty.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.ie/"
+		to="https://www.thrifty.ie/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.ma.xml b/src/chrome/content/rules/Thrifty.ma.xml
new file mode 100644
index 000000000000..5311d1e26d41
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.ma.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+-->
+<ruleset name="Thrifty.ma">
+
+	<target host="thrifty.ma" />
+	<target host="www.thrifty.ma" />
+	<target host="en.thrifty.ma" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.nl.xml b/src/chrome/content/rules/Thrifty.nl.xml
new file mode 100644
index 000000000000..4cf5e08f4b61
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.nl.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.nl">
+
+	<target host="thrifty.nl" />
+	<target host="www.thrifty.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.nl/"
+		to="https://www.thrifty.nl/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thrifty.no.xml b/src/chrome/content/rules/Thrifty.no.xml
new file mode 100644
index 000000000000..28026ade2f8c
--- /dev/null
+++ b/src/chrome/content/rules/Thrifty.no.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty.no">
+
+	<target host="thrifty.no" />
+	<target host="www.thrifty.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thrifty\.no/"
+		to="https://www.thrifty.no/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThriftyCanada.ca.xml b/src/chrome/content/rules/ThriftyCanada.ca.xml
new file mode 100644
index 000000000000..19ec335f3fed
--- /dev/null
+++ b/src/chrome/content/rules/ThriftyCanada.ca.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty Canada.ca">
+
+	<target host="thriftycanada.ca" />
+	<target host="www.thriftycanada.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thriftycanada\.ca/"
+		to="https://www.thriftycanada.ca/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ThriftySingapore.com.xml b/src/chrome/content/rules/ThriftySingapore.com.xml
new file mode 100644
index 000000000000..4dc86f49a7cd
--- /dev/null
+++ b/src/chrome/content/rules/ThriftySingapore.com.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Thrifty coverage, see Thrifty.com.xml
+
+
+	Non-functional subdomains:
+		- $host		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Thrifty Singapore.com">
+
+	<target host="thriftysingapore.com" />
+	<target host="www.thriftysingapore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://thriftysingapore\.com/"
+		to="https://www.thriftysingapore.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Thumbshots.xml b/src/chrome/content/rules/Thumbshots.xml
index 1ab762317ada..83fa73b2a1c7 100644
--- a/src/chrome/content/rules/Thumbshots.xml
+++ b/src/chrome/content/rules/Thumbshots.xml
@@ -31,7 +31,7 @@
 
 	<rule from="^http://(www\.)?thumbshots\.(com|org)/(DesktopModules/|[pP]ortals/)"
 		to="https://$1thumbshots.com/$3"/>
-	
+
 		<test url="http://www.thumbshots.com/portals/0/Images/IncreaseTraffic.png" />
 		<test url="http://www.thumbshots.com/portals/0/Images/BBCLogo.png" />
 		<test url="http://www.thumbshots.com/Portals/0/favicon.ico" />
diff --git a/src/chrome/content/rules/Thunderbird.net.xml b/src/chrome/content/rules/Thunderbird.net.xml
index 30c6743180bb..558516910d85 100644
--- a/src/chrome/content/rules/Thunderbird.net.xml
+++ b/src/chrome/content/rules/Thunderbird.net.xml
@@ -1,8 +1,8 @@
 <ruleset name="Thunderbird.net" >
 
 	<target host="thunderbird.net" />
-	<target host="www.thunderbird.net" />	
-	
+	<target host="www.thunderbird.net" />
+
 	<target host="addons.thunderbird.net" />
 	<target host="autoconfig-stage.thunderbird.net" />
 	<target host="autoconfig.thunderbird.net" />
diff --git a/src/chrome/content/rules/Thunderclap.it.xml b/src/chrome/content/rules/Thunderclap.it.xml
deleted file mode 100644
index f207670be278..000000000000
--- a/src/chrome/content/rules/Thunderclap.it.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/thunderclap-production/
-		- d3enntrj2q0c71.cloudfront.net
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.thunderclap.it
-
--->
-<ruleset name="Thunderclap.it">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="thunderclap.it" />
-	<target host="www.thunderclap.it" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.thunderclap\.it$" name="^thunderclap-session-production$" /-->
-
-	<securecookie host="^www\.thunderclap\.it$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Thunderkick.xml b/src/chrome/content/rules/Thunderkick.xml
index 2c6c61d5ac48..581d0d2da23a 100644
--- a/src/chrome/content/rules/Thunderkick.xml
+++ b/src/chrome/content/rules/Thunderkick.xml
@@ -6,7 +6,7 @@ Fetch error: http://thunderkick.com/ => https://thunderkick.com/: (60, 'SSL cert
 Disabled by https-everywhere-checker because:
 Fetch error: http://thunderkick.com/ => https://thunderkick.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Thunderkick" default_off='failed ruleset test'>
+<ruleset name="Thunderkick" default_off="failed ruleset test">
 
 	<target host="thunderkick.com" />
 	<target host="content.thunderkick.com" />
@@ -15,4 +15,4 @@ Fetch error: http://thunderkick.com/ => https://thunderkick.com/: (60, 'SSL cert
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Thuvien.lgbt.xml b/src/chrome/content/rules/Thuvien.lgbt.xml
new file mode 100644
index 000000000000..badac978a37a
--- /dev/null
+++ b/src/chrome/content/rules/Thuvien.lgbt.xml
@@ -0,0 +1,8 @@
+<ruleset name="Thuvien.lgbt">
+	<target host="thuvien.lgbt" />
+	<target host="www.thuvien.lgbt" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TiMos.me.xml b/src/chrome/content/rules/TiMos.me.xml
index bb9ed90ef0e0..bde694e91053 100644
--- a/src/chrome/content/rules/TiMos.me.xml
+++ b/src/chrome/content/rules/TiMos.me.xml
@@ -6,7 +6,7 @@ Fetch error: http://timos.me/ => https://timos.me/: (28, 'Connection timed out a
 	www.timos.me doesn't exist.
 
 -->
-<ruleset name="TiMos.me" default_off='failed ruleset test'>
+<ruleset name="TiMos.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ticaretsicil.gov.tr.xml b/src/chrome/content/rules/Ticaretsicil.gov.tr.xml
new file mode 100644
index 000000000000..26e5f0f76b6f
--- /dev/null
+++ b/src/chrome/content/rules/Ticaretsicil.gov.tr.xml
@@ -0,0 +1,7 @@
+<ruleset name="Turkish Trade Registry Gazette">
+	<target host="ticaretsicil.gov.tr" />
+	<target host="www.ticaretsicil.gov.tr" />
+
+	<securecookie host=".+" name="^PHPSESSID$" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TickerTech.com.xml b/src/chrome/content/rules/TickerTech.com.xml
index 587009b6b298..54009d92b129 100644
--- a/src/chrome/content/rules/TickerTech.com.xml
+++ b/src/chrome/content/rules/TickerTech.com.xml
@@ -7,10 +7,11 @@
 <ruleset name="TickerTech.com">
 
 	<target host="tickertech.com" />
-	<target host="*.tickertech.com" />
+	<target host="secure.tickertech.com" />
+	<target host="www.tickertech.com" />
 
 
 	<rule from="^http://(?:secure\.|www\.)?tickertech\.com/"
 		to="https://secure.tickertech.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TicketOne.xml b/src/chrome/content/rules/TicketOne.xml
index 1512656b3763..fba7d174cf83 100644
--- a/src/chrome/content/rules/TicketOne.xml
+++ b/src/chrome/content/rules/TicketOne.xml
@@ -6,10 +6,11 @@ Non-2xx HTTP code: http://ticketone.it/ (200) => https://www.ticketone.it/ (403)
 	^ticketone.it doesn't work.
 
 -->
-<ruleset name="TicketOne" default_off='failed ruleset test'>
+<ruleset name="TicketOne" default_off="failed ruleset test">
 
 	<target host="ticketone.it" />
-	<target host="*.ticketone.it" />
+	<target host="www.ticketone.it" />
+	<target host="secure.ticketone.it" />
 
 
 	<securecookie host="^.+\.ticketone\.it$" name=".+" />
@@ -18,7 +19,6 @@ Non-2xx HTTP code: http://ticketone.it/ (200) => https://www.ticketone.it/ (403)
 	<rule from="^http://(?:www\.)?ticketone\.it/"
 		to="https://www.ticketone.it/" />
 
-	<rule from="^http://secure\.ticketone\.it/"
-		to="https://secure.ticketone.it/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ticket_Driver.xml b/src/chrome/content/rules/Ticket_Driver.xml
deleted file mode 100644
index 86f7c541a495..000000000000
--- a/src/chrome/content/rules/Ticket_Driver.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Ticket Driver">
-
-	<target host="ticketdriver.com" />
-	<target host="www.ticketdriver.com" />
-
-
-	<securecookie host="^(?:w*\.)?ticketdriver\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Ticket_Online.xml b/src/chrome/content/rules/Ticket_Online.xml
index dba8513fad85..7dd583f248ee 100644
--- a/src/chrome/content/rules/Ticket_Online.xml
+++ b/src/chrome/content/rules/Ticket_Online.xml
@@ -8,10 +8,11 @@ Non-2xx HTTP code: http://ticketonline.de/ (200) => https://www.ticketonline.de/
 		- ticketonline.de	(times out)
 
 -->
-<ruleset name="Ticket Online" default_off='failed ruleset test'>
+<ruleset name="Ticket Online" default_off="failed ruleset test">
 
 	<target host="ticketonline.de" />
-	<target host="*.ticketonline.de" />
+	<target host="www.ticketonline.de" />
+	<target host="secure.ticketonline.de" />
 
 
 	<securecookie host="^.*\.ticketonline\.de$" name=".+" />
@@ -20,7 +21,6 @@ Non-2xx HTTP code: http://ticketonline.de/ (200) => https://www.ticketonline.de/
 	<rule from="^http://(?:www\.)?ticketonline\.de/"
 		to="https://www.ticketonline.de/" />
 
-	<rule from="^http://secure\.ticketonline\.de/"
-		to="https://secure.ticketonline.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TicketingNetworkEastMidlands.xml b/src/chrome/content/rules/TicketingNetworkEastMidlands.xml
index 5d040d73d4cd..31f32c69c88f 100644
--- a/src/chrome/content/rules/TicketingNetworkEastMidlands.xml
+++ b/src/chrome/content/rules/TicketingNetworkEastMidlands.xml
@@ -9,12 +9,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ticketingnetworkeastmidlands.co.uk/ => https://ticketingnetworkeastmidlands.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
 Fetch error: http://www.ticketingnetworkeastmidlands.co.uk/ => https://www.ticketingnetworkeastmidlands.co.uk/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="TicketingNetworkEastMidlands" default_off='failed ruleset test'>
+<ruleset name="TicketingNetworkEastMidlands" default_off="failed ruleset test">
   <target host="ticketingnetworkeastmidlands.co.uk" />
   <target host="www.ticketingnetworkeastmidlands.co.uk" />
   <target host="ticketing.trch.co.uk" />
 
-  <securecookie host="^(?:.+\.)?(?:ticketingnetworkeastmidlands|ticketing\.trch)\.co\.uk$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.ae.xml b/src/chrome/content/rules/Ticketmaster.ae.xml
new file mode 100644
index 000000000000..93c2a3f38dda
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.ae.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.ae (partial)">
+	<target host="ticketmaster.ae" />
+	<target host="www.ticketmaster.ae" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.at.xml b/src/chrome/content/rules/Ticketmaster.at.xml
new file mode 100644
index 000000000000..506ced89e6e1
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.at.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.at (partial)">
+	<target host="ticketmaster.at" />
+	<target host="www.ticketmaster.at" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.be.xml b/src/chrome/content/rules/Ticketmaster.be.xml
new file mode 100644
index 000000000000..37be670df049
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.be.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.be (partial)">
+	<target host="ticketmaster.be" />
+	<target host="www.ticketmaster.be" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.ch.xml b/src/chrome/content/rules/Ticketmaster.ch.xml
new file mode 100644
index 000000000000..c48059653738
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.ch (partial)">
+	<target host="ticketmaster.ch" />
+	<target host="www.ticketmaster.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.co.nz.xml b/src/chrome/content/rules/Ticketmaster.co.nz.xml
new file mode 100644
index 000000000000..769f3f110a60
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.co.nz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.co.nz (partial)">
+	<target host="ticketmaster.co.nz" />
+	<target host="www.ticketmaster.co.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.co.uk.xml b/src/chrome/content/rules/Ticketmaster.co.uk.xml
new file mode 100644
index 000000000000..11897fb2cb07
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="Ticketmaster.co.uk (partial)">
+	<target host="ticketmaster.co.uk" />
+	<target host="www.ticketmaster.co.uk" />
+	<target host="media.ticketmaster.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.com.au.xml b/src/chrome/content/rules/Ticketmaster.com.au.xml
new file mode 100644
index 000000000000..4785441336c5
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.com.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.com.au (partial)">
+	<target host="ticketmaster.com.au" />
+	<target host="www.ticketmaster.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.com.mx.xml b/src/chrome/content/rules/Ticketmaster.com.mx.xml
new file mode 100644
index 000000000000..b661094f6f14
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.com.mx.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.com.mx (partial)">
+	<target host="ticketmaster.com.mx" />
+	<target host="www.ticketmaster.com.mx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.cz.xml b/src/chrome/content/rules/Ticketmaster.cz.xml
new file mode 100644
index 000000000000..08cc23f9f393
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.cz (partial)">
+	<target host="ticketmaster.cz" />
+	<target host="www.ticketmaster.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.de.xml b/src/chrome/content/rules/Ticketmaster.de.xml
new file mode 100644
index 000000000000..8c81674a7b84
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.de (partial)">
+	<target host="ticketmaster.de" />
+	<target host="www.ticketmaster.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.dk.xml b/src/chrome/content/rules/Ticketmaster.dk.xml
new file mode 100644
index 000000000000..583e67f45d7e
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.dk (partial)">
+	<target host="ticketmaster.dk" />
+	<target host="www.ticketmaster.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.es.xml b/src/chrome/content/rules/Ticketmaster.es.xml
new file mode 100644
index 000000000000..e5a79d639ecd
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.es.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.es (partial)">
+	<target host="ticketmaster.es" />
+	<target host="www.ticketmaster.es" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.eu.xml b/src/chrome/content/rules/Ticketmaster.eu.xml
new file mode 100644
index 000000000000..99fadcc72eac
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts:
+		Timeout:
+		- ticketmaster.eu
+-->
+<ruleset name="Ticketmaster.eu (partial)">
+	<target host="www.ticketmaster.eu" />
+	<target host="media.ticketmaster.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.fi.xml b/src/chrome/content/rules/Ticketmaster.fi.xml
new file mode 100644
index 000000000000..1121e05773d5
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.fi.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.fi (partial)">
+	<target host="ticketmaster.fi" />
+	<target host="www.ticketmaster.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.fr.xml b/src/chrome/content/rules/Ticketmaster.fr.xml
new file mode 100644
index 000000000000..cc0ded4254d9
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.fr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.fr (partial)">
+	<target host="ticketmaster.fr" />
+	<target host="www.ticketmaster.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.gr.xml b/src/chrome/content/rules/Ticketmaster.gr.xml
new file mode 100644
index 000000000000..a0a0d30c1ded
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.gr.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.gr (partial)">
+	<target host="ticketmaster.gr" />
+	<target host="www.ticketmaster.gr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.ie.xml b/src/chrome/content/rules/Ticketmaster.ie.xml
new file mode 100644
index 000000000000..c9cbcd41422f
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.ie.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.ie (partial)">
+	<target host="ticketmaster.ie" />
+	<target host="www.ticketmaster.ie" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.it.xml b/src/chrome/content/rules/Ticketmaster.it.xml
new file mode 100644
index 000000000000..94815a2b327f
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.it.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.it (partial)">
+	<target host="ticketmaster.it" />
+	<target host="www.ticketmaster.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.nl.xml b/src/chrome/content/rules/Ticketmaster.nl.xml
new file mode 100644
index 000000000000..4c4d9bdde637
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.nl.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.nl (partial)">
+	<target host="ticketmaster.nl" />
+	<target host="www.ticketmaster.nl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.no.xml b/src/chrome/content/rules/Ticketmaster.no.xml
new file mode 100644
index 000000000000..02b692ce57bb
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.no.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.no (partial)">
+	<target host="ticketmaster.no" />
+	<target host="www.ticketmaster.no" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.pl.xml b/src/chrome/content/rules/Ticketmaster.pl.xml
new file mode 100644
index 000000000000..1b1dc3f7eb78
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.pl.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.pl (partial)">
+	<target host="ticketmaster.pl" />
+	<target host="www.ticketmaster.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.se.xml b/src/chrome/content/rules/Ticketmaster.se.xml
new file mode 100644
index 000000000000..1e17b5975a7c
--- /dev/null
+++ b/src/chrome/content/rules/Ticketmaster.se.xml
@@ -0,0 +1,6 @@
+<ruleset name="Ticketmaster.se (partial)">
+	<target host="ticketmaster.se" />
+	<target host="www.ticketmaster.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketmaster.xml b/src/chrome/content/rules/Ticketmaster.xml
index f48dc08e661e..137ce45d44ab 100644
--- a/src/chrome/content/rules/Ticketmaster.xml
+++ b/src/chrome/content/rules/Ticketmaster.xml
@@ -1,140 +1,43 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ticketmaster.co.uk/ => https://www.ticketmaster.co.uk/section/: Too many redirects while fetching 'https://www.ticketmaster.co.uk/section/'
-
-	For other Live Nation coverage, see LiveNation.com.xml
+	For other Live Nation coverage, see 
+		+ LiveNation.com.xml
 
 	Other ticketmaster rulesets:
-		BilletNet.dk.xml
-		ETicketing.co.uk.xml
-
-	CDN buckets:
-
-		- ads.ticketmaster1st.akadns.net
-
-			 - ads.tmcs.ticketmaster.com
-			 - ads.as4x.tmcs.ticketmaster.com
-
-		- ticketmaster.ugc.bazaarvoice.com
-
-			- reviews.ticketmaster.co.uk
-
-		- ticketmaster.com.d2.sc.omtrdc.net
-
-			- metrics.ticketmaster.com
-
-
-	Problematic domains:
-
-		- (www.)billetnet.es			(redirects to billetnet.fr)
-		- (www.)billetnet.fr			(shows default Parallels Panel page)
-		- ticketmaster.com			(only matches www)
-		- media.ticketmaster.com *
-		- media.ticketmaster.co.uk *
-		- metrics.ticketmaster.com		(mismatched, CN: *.d2.sc.omtrdc.net)
-		- reviews.ticketmaster.co.uk *
-		- ads.tmcs.ticketmaster.com **
-		- ads.as4x.tmcs.ticketmaster.com **
-		- ticketmaster.co.uk			(cert only matches media)
-		- ticketmaster.es ***
-		- i.ticketweb.com **
-		- (www.)tmdeals.co.uk
-
-	* Akamai
-	** CN: de.ticketmaster.com, works.
-	*** Cert only matches www
-
-
-	Partially covered domains:
-
-		- (www.)ticketmaster.com *
-		- ticketsnow.ticketmaster.com *
-		- reviews.ticketmaster.co.uk *
-		- (www.)ticketmaster.de *
-		- (www.)ticketmaster.nl *
-
-	* At least some pages redirect to http.
-
-
-	Fully covered domains:
-
-		- (www.)ticketmaster.co.uk	(^ → www)
-		- secure.store.ticketmaster.com
-		- de.ticketmaster.com
-		- (www.)ticketmaster.es		(^ → www)
+		+ ETicketing.co.uk.xml
+		+ Ticketmaster.ae.xml
+		+ Ticketmaster.at.xml
+		+ Ticketmaster.be.xml
+		+ Ticketmaster.ch.xml
+		+ Ticketmaster.co.nz.xml
+		+ Ticketmaster.co.uk.xml
+		+ Ticketmaster.com.au.xml
+		+ Ticketmaster.com.mx.xml
+		+ Ticketmaster.cz.xml
+		+ Ticketmaster.de.xml
+		+ Ticketmaster.dk.xml
+		+ Ticketmaster.es.xml
+		+ Ticketmaster.eu.xml
+		+ Ticketmaster.fi.xml
+		+ Ticketmaster.fr.xml
+		+ Ticketmaster.gr.xml
+		+ Ticketmaster.ie.xml
+		+ Ticketmaster.it.xml
+		+ Ticketmaster.nl.xml
+		+ Ticketmaster.no.xml
+		+ Ticketmaster.pl.xml
+		+ Ticketmaster.se.xml
 
 -->
-<ruleset name="Ticketmaster (partial)" default_off='failed ruleset test'>
-
-	<target host="ticketmaster.*" />
-	<target host="www.ticketmaster.*" />
-	<target host="*.ticketmaster.com" />
-	<target host="ticketmaster.co.uk" />
-	<target host="*.ticketmaster.co.uk" />
-	<target host="ticketweb.*" />
-	<target host="*.ticketweb.com" />
-	<target host="www.ticketweb.co.uk" />
-
-
-	<!--
-		Omniture cookies:
-					-->
-	<securecookie host="^\.ticketmaster\.com$" name="^s_vi$" />
-	<securecookie host="^de\.ticketmaster\.com$" name=".+" />
-
-	<rule from="^http://(?:www\.)?ticket(?:ek|master)\.cl/"
-		to="https://www.ticketek.cl/" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.(ca|com\.(?:au|nz|mx)|ie)/favicon-rebrand\.ico"
-		to="https://www.ticketmaster.$1/favicon-rebrand.ico" />
-
-	<rule from="^http://(?:www\.)?ticketmaster\.com/(app/|checkout/|h/|json/|member(?:$|\?|/))"
-		to="https://www.ticketmaster.com/$1" />
-
-
-	<rule from="^http://(ds|mm|secure\.store)\.ticketmaster\.com/"
-		to="https://$1.ticketmaster.com/" />
-
-	<rule from="^http://metrics\.ticketmaster\.com/"
-		to="https://ticketmaster-com.d2.sc.omtrdc.net/" />
-
-	<rule from="^http://ticketsnow\.ticketmaster\.com/(DataProviders/|Scripts/|TopCitiesDropDownListGenerator\.aspx|UI/)"
-		to="https://ticketsnow.ticketmaster.com/$1" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.co\.uk/(?:section)?(\?.*)?$"
-		to="https://www.ticketmaster.co.uk/section/$1" />
-
-	<rule from="^http://(?:www\.)?ticketmaster\.co\.uk/"
-		to="https://www.ticketmaster.co.uk/" />
-
-	<rule from="^http://reviews\.ticketmaster\.co\.uk/(logging(?:$|\?)|\d+-\w\w_\w\w/\d+/reviews\.htm\?.*format=embedded|static/)"
-		to="https://ticketmaster.ugc.bazaarvoice.com/$1" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.(de|es|nl)/"
-		to="https://www.ticketmaster.$1/" />
-
-
-	<rule from="^http://(?:www\.)?ticketmaster\.dk/"
-		to="https://www.billetnet.dk/" />
-
-
-	<rule from="^http://media\.ticketmaster\.eu/"
-		to="https://media.ticketmaster.eu/" />
-
-
-	<rule from="^http://(?:www\.)?ticketnet\.fr/(assets|static)/"
-		to="https://www.ticketnet.fr/$1/" />
-
-
-	<rule from="^http://(?:www\.)?ticketweb\.com/"
-		to="https://www.ticketweb.com/" />
-
-
-	<rule from="^http://(?:www\.)?ticketweb\.co\.uk/(images/|INFO/|giftcards|member|partners/|section/|styles\.css|twpurple\.html|ukcontent\.css|user/gb_northeast/order/|venuepages/|[\w\./-]+\.html$|[\w-]+/artist/\d+)"
-		to="https://www.ticketweb.co.uk/$1" />
-
+<ruleset name="Ticketmaster.com (partial)">
+	<target host="ticketmaster.com" />
+	<target host="media.ticketmaster.com" />
+	<test url="http://media.ticketmaster.com/en-au/img/static/pdf/AIDA_guide.pdf" />
+	<test url="http://media.ticketmaster.com/en-au/img/static/pdf/WA_SchoolsList_2016.pdf" />
+	<test url="http://media.ticketmaster.com/en-nz/img/static/pdf/tmnz_aga_pds.pdf" />
+	<target host="ticketsnow.ticketmaster.com" />
+	<target host="www.ticketmaster.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ticketpro.xml b/src/chrome/content/rules/Ticketpro.xml
deleted file mode 100644
index f25374701dd4..000000000000
--- a/src/chrome/content/rules/Ticketpro.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Ticketpro (partial)">
-
-	<target host="shop.ticketpro.hu" />
-
-
-	<securecookie host="^shop\.ticketpro\.hu$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tickets.com.xml b/src/chrome/content/rules/Tickets.com.xml
index 1be7758d87d5..53b574acf471 100644
--- a/src/chrome/content/rules/Tickets.com.xml
+++ b/src/chrome/content/rules/Tickets.com.xml
@@ -1,9 +1,14 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://ourchase.tickets.com/ => https://ourchase.tickets.com/: (6, 'Could not resolve host: ourchase.tickets.com')
+Fetch error: http://broadcaster.email-tickets.com/ => https://broadcaster.email-tickets.com/: (28, 'Connection timed out after 20001 milliseconds')
+
 Disabled by https-everywhere-checker because:
 Fetch error: http://broadcaster.email-tickets.com/ => https://broadcaster.email-tickets.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 	Other Tickets.com rulesets:
 
-		- ProVenue.net.xml
 
 
 	CDN buckets:
@@ -32,31 +37,25 @@ Fetch error: http://broadcaster.email-tickets.com/ => https://broadcaster.email-
 -->
 <ruleset name="Tickets.com (partial)">
 
-	<target host="broadcaster.email-tickets.com" />
+	<!-- target host="broadcaster.email-tickets.com" /-->
 	<target host="tickets.com" />
 	<target host="*.tickets.com" />
-
+    <test url="http://intra.tickets.com/" />
+    <test url="http://provenue.tickets.com/au/" />
+    <test url="http://onsale.tickets.com/" />
 
 	<securecookie host="^broadcaster\.email-tickets\.com$" name=".+" />
 	<securecookie host="^purchasecdn\.tickets\.com$" name=".+" />
 
-
-	<rule from="^http://broadcaster\.email-tickets\.com/"
-		to="https://broadcaster.email-tickets.com/" />
-
-	<rule from="^http://(?:www\.)?tickets\.com/(images/|user(?:$|[?/]))"
-		to="https://www.tickets.com/$1" />
-
-	<rule from="^http://facebook\.tickets\.com/[^?]*(\?.*)?"
+	<!--
+    403
+    <rule from="^http://facebook\.tickets\.com/[^?]*(\?.*)?"
 		to="https://www.facebook.com/pages/Ticketscom/43749304172$1" />
 
-	<rule from="^http://(?:frontline\.)?images\.tickets\.com/"
-		to="https://images.tickets.com/" />
-
-	<rule from="^http://purchasecdn\.tickets\.com/"
-		to="https://purchasecdn.tickets.com/" />
-
-	<rule from="^http://youtube\.tickets\.com/[^?]*(\?.*)?"
+    <rule from="^http://youtube\.tickets\.com/[^?]*(\?.*)?"
 		to="https://www.youtube.com/gototicketsdotcom$1" />
+  -->
+
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tickets.gwr.com.xml b/src/chrome/content/rules/Tickets.gwr.com.xml
index 8b84b60330b3..48913593a91f 100644
--- a/src/chrome/content/rules/Tickets.gwr.com.xml
+++ b/src/chrome/content/rules/Tickets.gwr.com.xml
@@ -1,7 +1,6 @@
 <ruleset name="Tickets.gwr.com">
 	<target host="tickets.gwr.com" />
 
-	<test url="http://tickets.gwr.com/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TicketsNow.xml b/src/chrome/content/rules/TicketsNow.xml
index 1e6ef17aa3f9..411354d7f758 100644
--- a/src/chrome/content/rules/TicketsNow.xml
+++ b/src/chrome/content/rules/TicketsNow.xml
@@ -46,6 +46,6 @@
 	<rule from="^http://content\.ticketsnow\.com/"
 			to="https://securecontent.ticketsnow.com/" />
 
-		<rule from="^http:" 
+		<rule from="^http:"
 				to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ticketweb.co.uk.xml b/src/chrome/content/rules/Ticketweb.co.uk.xml
new file mode 100644
index 000000000000..1f7456f99aaa
--- /dev/null
+++ b/src/chrome/content/rules/Ticketweb.co.uk.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Ticketmaster related rulesets, see
+		+ Ticketmaster.xml
+-->
+<ruleset name="Ticketweb.co.uk (partial)">
+	<target host="ticketweb.co.uk" />
+	<target host="www.ticketweb.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ticketweb.com.xml b/src/chrome/content/rules/Ticketweb.com.xml
new file mode 100644
index 000000000000..668ab22b8b37
--- /dev/null
+++ b/src/chrome/content/rules/Ticketweb.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other Ticketmaster related rulesets, see
+		+ Ticketmaster.xml
+-->
+<ruleset name="Ticketweb.com (partial)">
+	<target host="ticketweb.com" />
+	<target host="www.ticketweb.com" />
+	<target host="i.ticketweb.com" />
+	<test url="http://i.ticketweb.com//i/00/14/57/15/11_Home.png?v=14571511" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tictail.com.xml b/src/chrome/content/rules/Tictail.com.xml
index 30e80a767dd1..76ad370aa337 100644
--- a/src/chrome/content/rules/Tictail.com.xml
+++ b/src/chrome/content/rules/Tictail.com.xml
@@ -49,7 +49,11 @@
 <ruleset name="Tictail.com (partial)">
 
 	<target host="tictail.com" />
-	<target host="*.tictail.com" />
+	<target host="api.tictail.com" />
+	<target host="www.tictail.com" />
+	<target host="blogassets.tictail.com" />
+	<target host="external.static.tictail.com" />
+	<target host="help.tictail.com" />
 		<!--exclusion pattern="^http://blog\.tictail\.com/" /-->
 
 
diff --git a/src/chrome/content/rules/TidBITS.xml b/src/chrome/content/rules/TidBITS.xml
index 05c61553ee48..6716ab03ea3b 100644
--- a/src/chrome/content/rules/TidBITS.xml
+++ b/src/chrome/content/rules/TidBITS.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tidal_HiFi.com.xml b/src/chrome/content/rules/Tidal_HiFi.com.xml
index 17cc1dcefa00..cc46e57aaab7 100644
--- a/src/chrome/content/rules/Tidal_HiFi.com.xml
+++ b/src/chrome/content/rules/Tidal_HiFi.com.xml
@@ -16,7 +16,9 @@
 <ruleset name="Tidal HiFi.com">
 
 	<target host="tidalhifi.com" />
-	<target host="*.tidalhifi.com" />
+	<target host="go.tidalhifi.com" />
+	<target host="tracking.tidalhifi.com" />
+	<target host="www.tidalhifi.com" />
 
 
 	<!--	Not secured by server:
@@ -27,7 +29,6 @@
 	<securecookie host="^(?:go\.|www\.)?tidalhifi\.com$" name=".+" />
 
 
-	<rule from="^http://((?:go|tracking|www)\.)?tidalhifi\.com/"
-		to="https://$1tidalhifi.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tidningsnatet.se.xml b/src/chrome/content/rules/Tidningsnatet.se.xml
deleted file mode 100644
index a790e8decb71..000000000000
--- a/src/chrome/content/rules/Tidningsnatet.se.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		(www.)		(shows nysk; mismatched, CN: nysk.mediekompaniet.com)
-
--->
-<ruleset name="Tidningsnatet.se (partial)">
-
-	<target host="sifomedia.tidningsnatet.se" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.tidningsnatet\.se$" name="(?:NXCLICK2|OAX)$" />
-
-
-	<rule from="^http://sifomedia\.tidningsnatet\.se/"
-		to="https://oasc07.247realmedia.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TieTuKu.xml b/src/chrome/content/rules/TieTuKu.xml
index aca41267ed5b..04393440a400 100644
--- a/src/chrome/content/rules/TieTuKu.xml
+++ b/src/chrome/content/rules/TieTuKu.xml
@@ -30,7 +30,7 @@ Fetch error: http://i2.piimg.com/ => https://i2.piimg.com/: (28, 'Connection tim
 		i7.buimg.com
 		i7.piimg.com
 -->
-<ruleset name="TieTuKu (partial)" default_off='failed ruleset test'>
+<ruleset name="TieTuKu (partial)" default_off="failed ruleset test">
 
 	<target host="buimg.com" />
 	<target host="www.buimg.com" />
diff --git a/src/chrome/content/rules/Tieto.com.xml b/src/chrome/content/rules/Tieto.com.xml
index cefa73be2d09..64c46137609d 100644
--- a/src/chrome/content/rules/Tieto.com.xml
+++ b/src/chrome/content/rules/Tieto.com.xml
@@ -1,15 +1,11 @@
 <!--
 	Other Tieto rulesets:
 
-		- Tietoenator.com.xml
-
-
-	Nonfunctional subdomains:
+  Most subdomains nonfunctional
 
 		- novasupport			(dropped)
 		- leansystemcommunity.portal	(refused)
 
-
 	Problematic subdomains:
 
 		- ^		(works; mismatched, CN: acquia-sites.com)
@@ -36,21 +32,13 @@
 <ruleset name="Tieto.com (partial)">
 
 	<target host="tieto.com" />
-	<target host="*.tieto.com" />
-		<exclusion pattern="^http://leansystemcommunity\.portal\." />
-
 
 	<securecookie host="^\.tieto\.com$" name="^__utm\w$" />
 	<securecookie host="^\w+\.portal\.tieto\.com$" name=".+" />
 
 
-	<rule from="^http://(?:www\.)?tieto\.com/(?=customer-area(?:$|[?/])|misc/|profiles/\w+/modules/|sites/)"
-		to="https://www.tieto.com/" />
-
-	<rule from="^http://easyedi\.tieto\.com/"
-		to="https://easyedi.tietoenator.com/" />
+	<rule from="^http:"
+		to="https:" />
 
-	<rule from="^http://(\w+)\.portal\.tieto\.com/"
-		to="https://$1.portal.tieto.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tietoenator.com.xml b/src/chrome/content/rules/Tietoenator.com.xml
deleted file mode 100644
index 25485b6c118b..000000000000
--- a/src/chrome/content/rules/Tietoenator.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other Tieto coverage, see Tieto.com.xml.
-
--->
-<ruleset name="Tietoenator.com (partial)">
-
-	<target host="easyedi.tietoenator.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tiger-Airways.xml b/src/chrome/content/rules/Tiger-Airways.xml
index 6dce0a6c2b1a..6b5dc5c5e740 100644
--- a/src/chrome/content/rules/Tiger-Airways.xml
+++ b/src/chrome/content/rules/Tiger-Airways.xml
@@ -25,7 +25,7 @@ Fetch error: http://groups.tigerair.com/ => https://groups.tigerair.com/: (51, "
 	¹ timeout
 	² cert mismatch
 -->
-<ruleset name="Tiger Airways (partial)" default_off='failed ruleset test'>
+<ruleset name="Tiger Airways (partial)" default_off="failed ruleset test">
 	<target host=         "tigerair.com.au" />
 	<target host=     "www.tigerair.com.au" />
 	<target host= "booking.tigerair.com.au" />
@@ -39,4 +39,4 @@ Fetch error: http://groups.tigerair.com/ => https://groups.tigerair.com/: (51, "
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TigerDirect.xml b/src/chrome/content/rules/TigerDirect.xml
index f8033bda973f..0126088acaa4 100644
--- a/src/chrome/content/rules/TigerDirect.xml
+++ b/src/chrome/content/rules/TigerDirect.xml
@@ -18,7 +18,7 @@ Fetch error: http://biz.tigerdirect.com/ => https://biz.tigerdirect.com/: (60, '
 		- Image on biz from i\d+.geccdn.net
 
 -->
-<ruleset name="TigerDirect.com (partial)" default_off='failed ruleset test'>
+<ruleset name="TigerDirect.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tigertronics.com.xml b/src/chrome/content/rules/Tigertronics.com.xml
new file mode 100644
index 000000000000..56fa29031f46
--- /dev/null
+++ b/src/chrome/content/rules/Tigertronics.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Connection reset:
+		- ftp.tigertronics.com
+		- sucuriip.tigertronics.com
+
+	Mismatched:
+		- email.tigertronics.com
+		- e.tigertronics.com
+		- mobilemail.tigertronics.com
+		- pda.tigertronics.com
+		- webmail.tigertronics.com
+-->
+<ruleset name="Tigertronics.com">
+	<target host="tigertronics.com" />
+	<target host="www.tigertronics.com" />
+	<target host="shop.tigertronics.com" />
+	<target host="www.shop.tigertronics.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TiggersWelt.net.xml b/src/chrome/content/rules/TiggersWelt.net.xml
index 5c0ffb0d609d..d63e0de39273 100644
--- a/src/chrome/content/rules/TiggersWelt.net.xml
+++ b/src/chrome/content/rules/TiggersWelt.net.xml
@@ -17,12 +17,12 @@ Non-2xx HTTP code: http://ssl.tiggerswelt.net/ (200) => https://ssl.tiggerswelt.
 		- webmail	(→ ssl)
 
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- ssl
 
 -->
-<ruleset name="tiggersWelt.net" default_off='failed ruleset test'>
+<ruleset name="tiggersWelt.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TikTok.xml b/src/chrome/content/rules/TikTok.xml
new file mode 100644
index 000000000000..72a95709636a
--- /dev/null
+++ b/src/chrome/content/rules/TikTok.xml
@@ -0,0 +1,36 @@
+<!--
+	tiktok.com itself is preloaded.
+
+	Nonfunctional hosts in *.tiktok.com:
+		Mismatch:
+			+ tiktok.com
+
+	CDN subdomains are frequently changing.
+-->
+<ruleset name="TikTok">
+	<target host="*.tiktokcdn.com" />
+		<test url="http://s16.tiktokcdn.com/musical/resource/mtact/static/pwa/icon_512x512.png" />
+		<test url="http://s20.tiktokcdn.com/tiktok/common/init.js" />
+		<test url="http://v19.tiktokcdn.com/" />
+		<test url="http://v51.tiktokcdn.com/" />
+		<test url="http://v53.tiktokcdn.com/" />
+		<test url="http://v77.tiktokcdn.com/" />
+		<test url="http://sf53-va.tiktokcdn.com/" />
+		<test url="http://sf53-sg.tiktokcdn.com/" />
+		<test url="http://p77-va.tiktokcdn.com/" />
+		<test url="http://sf77-sg.tiktokcdn.com/" />
+		<test url="http://sf77-va.tiktokcdn.com/" />
+		<test url="http://sf77-webcast.tiktokcdn.com/" />
+		<test url="http://p77-webcast.tiktokcdn.com/" />
+		<test url="http://p16-sign-va.tiktokcdn.com/" />
+		<test url="http://p16-sign-sg.tiktokcdn.com/" />
+
+	<target host="tiktokv.com" />
+	<target host="*.tiktokv.com" />
+		<test url="http://api.tiktokv.com/" />
+		<test url="http://api16.tiktokv.com/" />
+		<test url="http://mcs-sg.tiktokv.com/" />
+		<test url="http://mcs-va.tiktokv.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tilastokeskus.fi.xml b/src/chrome/content/rules/Tilastokeskus.fi.xml
new file mode 100644
index 000000000000..351399038c3f
--- /dev/null
+++ b/src/chrome/content/rules/Tilastokeskus.fi.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		- autodiscover.tilastokeskus.fi
+
+	Mismatched:
+		- link.tilastokeskus.fi
+		- lyncdiscover.tilastokeskus.fi
+		- web.tilastokeskus.fi
+-->
+<ruleset name="Tilastokeskus.fi">
+	<target host="tilastokeskus.fi" />
+	<target host="www.tilastokeskus.fi" />
+	<target host="securemail.tilastokeskus.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tilburg_University.xml b/src/chrome/content/rules/Tilburg_University.xml
index 32cfae740cb4..50a7d51e4b87 100644
--- a/src/chrome/content/rules/Tilburg_University.xml
+++ b/src/chrome/content/rules/Tilburg_University.xml
@@ -9,7 +9,7 @@ Fetch error: http://stuwww.uvt.nl/ => https://stuwww.uvt.nl/: (28, 'Connection t
 		- www.tilburguniversity.edu
 
 -->
-<ruleset name="Tilburg University" default_off='failed ruleset test'>
+<ruleset name="Tilburg University" default_off="failed ruleset test">
 
 	<target host="kub.nl" />
 	<target host="www.kub.nl" />
diff --git a/src/chrome/content/rules/Tilt.com.xml b/src/chrome/content/rules/Tilt.com.xml
deleted file mode 100644
index 4d290c2ee087..000000000000
--- a/src/chrome/content/rules/Tilt.com.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-
-	Fully covered domains:
-
-		- tilt.com
-
-		- [\w-]+.tilt.com:
-
-			- blog
-			- open
-			- questions
-			- www
-			- [\w-] *
-
-	* Per-account domains
-
-	Insecure cookies are set for these domains:
-
-		- .tilt.com
-
--->
-<ruleset name="Tilt.com">
-
-	<target host="tilt.com" />
-	<target host="*.tilt.com" />
-
-		<exclusion pattern="^http://(?:blog|engineering|ambassador|stories|policies)\.tilt\.com" />
-
-			<test url="http://blog.tilt.com/" />
-			<test url="http://engineering.tilt.com/" />
-			<test url="http://ambassador.tilt.com/" />
-			<test url="http://stories.tilt.com/" />
-			<test url="http://policies.tilt.com/" />
-
-		<test url="http://open.tilt.com/" />
-		<test url="http://www.tilt.com/" />
-
-	<rule from="^http://([\w-]+\.)?tilt\.com/"
-		to="https://$1tilt.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tim.it.xml b/src/chrome/content/rules/Tim.it.xml
new file mode 100644
index 000000000000..750eab225f59
--- /dev/null
+++ b/src/chrome/content/rules/Tim.it.xml
@@ -0,0 +1,19 @@
+<ruleset name="Tim.it (partial)">
+	<target host="tim.it" />
+	<target host="www.tim.it" />
+	<target host="area51.tim.it" />
+	<target host="antivirus.tim.it" />
+	<target host="authwifi.tim.it" />
+	<target host="community.tim.it" />
+	<target host="helpme.tim.it" />
+	<target host="iam.tim.it" />
+	<target host="mail.tim.it" />
+	<target host="m.mail.tim.it" />
+	<target host="mobimail.tim.it" />
+	<target host="webmail.pc.tim.it" />
+	<target host="www.timparty.tim.it" />
+	<target host="wap.tim.it" />
+	<target host="wcap.tim.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TimHortons.com.xml b/src/chrome/content/rules/TimHortons.com.xml
new file mode 100644
index 000000000000..989087dfd56c
--- /dev/null
+++ b/src/chrome/content/rules/TimHortons.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection timed out:
+		- jobs.timhortons.com
+
+	Expired certificate:
+		- scholarship.timhortons.com
+
+	Wrong server:
+		- rapportdurabilite.timhortons.com
+		- sustainabilityreport.timhortons.com
+-->
+
+<ruleset name="TimHortons.com">
+	<target host="timhortons.com" />
+	<target host="www.timhortons.com" />
+	<target host="apps.timhortons.com" />
+	<target host="auth.timhortons.com" />
+	<target host="c2w.timhortons.com" />
+	<target host="locations.timhortons.com" />
+	<target host="m.timhortons.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tim_Minchin.com.xml b/src/chrome/content/rules/Tim_Minchin.com.xml
index 0a1a1e20225c..bc0b06308c88 100644
--- a/src/chrome/content/rules/Tim_Minchin.com.xml
+++ b/src/chrome/content/rules/Tim_Minchin.com.xml
@@ -1,23 +1,10 @@
-<!--
-	CDN buckets:
-
-		- d1g9yotx740lzx.cloudfront.net
-
-			- cdn1
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(dropped)
-
--->
 <ruleset name="Tim Minchin.com (partial)">
 
+	<target host="timminchin.com" />
+	<target host="www.timminchin.com" />
 	<target host="cdn1.timminchin.com" />
 
 
-	<rule from="^http://cdn1\.timminchin\.com/"
-		to="https://d1g9yotx740lzx.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TimeTrade.xml b/src/chrome/content/rules/TimeTrade.xml
deleted file mode 100644
index 25ff538bfc56..000000000000
--- a/src/chrome/content/rules/TimeTrade.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<!--
-	Nonfunctional hosts in *timetrade.com:
-
-		- blog *
-
-	* Plaintext reply
-
--->
-<ruleset name="TimeTrade.com (partial)">
-
-	<target host="timetrade.com" />
-	<target host="cdn.timetrade.com" />
-	<target host="schedule.timetrade.com" />
-	<target host="www.timetrade.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.timetrade\.com/(?:$|contact-timetrade$|get-started$|privacy-statement$|products/business-edition$|sites/)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.timetrade\.com/(?!app/|book/|files/|td(?:$|[?/])|token/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.timetrade.com/about-us" />
-			<test url="http://www.timetrade.com/contact-timetrade" />
-			<test url="http://www.timetrade.com/get-started" />
-			<test url="http://www.timetrade.com/news-events/events-view" />
-			<test url="http://www.timetrade.com/privacy-statement" />
-			<test url="http://www.timetrade.com/products" />
-			<test url="http://www.timetrade.com/products/business-edition" />
-			<test url="http://www.timetrade.com/sites/all/themes/timetrade/TT_Logo-gray-medium.png" />
-			<test url="http://www.timetrade.com/solutions" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.timetrade.com/files/content_slide/banking-by-appointment.jpg" />
-			<test url="http://www.timetrade.com/token/" />
-
-
-	<securecookie host="^\." name="^_ga(?:t?$|t_)" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TimeWeb.xml b/src/chrome/content/rules/TimeWeb.xml
index 1e1cb8622beb..a56979a8e437 100644
--- a/src/chrome/content/rules/TimeWeb.xml
+++ b/src/chrome/content/rules/TimeWeb.xml
@@ -12,7 +12,7 @@
 	<target host="www.timeweb.ru" />
 
 
-	<securecookie host="^(?:.*\.)?timeweb\.ru$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Time_Inc.xml b/src/chrome/content/rules/Time_Inc.xml
index 8bb037499c58..a53ff03c6d75 100644
--- a/src/chrome/content/rules/Time_Inc.xml
+++ b/src/chrome/content/rules/Time_Inc.xml
@@ -1,12 +1,25 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://amp.timeinc.net/time/4753419/time-100-gala-biggest-moments/?source=dam => https://amp.timeinc.net/time/4753419/time-100-gala-biggest-moments/?source=dam: (6, 'Could not resolve host: amp.timeinc.net')
+Fetch error: http://amp.timeinc.net/ => https://amp.timeinc.net/: (6, 'Could not resolve host: amp.timeinc.net')
+
+-->
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cgi.timeinc.net/ => https://cgi.timeinc.net/: (6, 'Could not resolve host: www.pathfinder.com')
+Fetch error: http://invest.timeinc.com/ => https://invest.timeinc.com/: (51, "SSL: no alternative certificate subject name matches target host name 'invest.timeinc.com'")
+
 	Other Time Inc rulesets:
 
 		- TIME.com.xml
-		- Customersvc.com.xml
 		- Entertainment_Weekly.xml
 		- Fortune.com.xml
 		- People.com.xml
-	
+
 
 	Non-functional hosts in *.timeinc.net
 
@@ -27,9 +40,7 @@
 	<!--  *.timeinc.net -->
 	<target host="www.timeinc.net" />
 		<test url="http://www.timeinc.net/subs/newsstand/main.html" />
-	<target host="amp.timeinc.net" />
-		<test url="http://amp.timeinc.net/time/4753419/time-100-gala-biggest-moments/?source=dam" />
-	<target host="cgi.timeinc.net" />
+	<!-- target host="cgi.timeinc.net" /-->
 	<target host="fonts.timeinc.net" />
 		<test url="http://fonts.timeinc.net/ti/fortune/webfonts.css?ver=1.0.00" />
 	<target host="git.timeinc.net" />
@@ -48,11 +59,11 @@
 	<!-- *.timeinc.com -->
 	<target host="timeinc.com" />
 	<target host="www.timeinc.com" />
-	<target host="invest.timeinc.com" />
+	<!-- target host="invest.timeinc.com" /-->
 	<target host="subscription.timeinc.com" />
 	<target host="subscription-assets.timeinc.com" />
 		<test url="http://subscription-assets.timeinc.com/prod/assets/themes/magazines/SUBS/templates/velocity/site/mm-newsstand/lp.html" />
-	
+
 	<securecookie host="^subscription\.timeinc\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Times_Record_News.xml b/src/chrome/content/rules/Times_Record_News.xml
index 268dc39fe001..302d303b97af 100644
--- a/src/chrome/content/rules/Times_Record_News.xml
+++ b/src/chrome/content/rules/Times_Record_News.xml
@@ -33,7 +33,8 @@ Fetch error: http://timesrecordnews.com/ => https://www.timesrecordnews.com/: (5
 <ruleset name="Times Record News (partial)">
 
 	<target host="timesrecordnews.com" />
-	<target host="*.timesrecordnews.com" />
+	<target host="www.timesrecordnews.com" />
+	<target host="media.timesrecordnews.com" />
 
 
 	<rule from="^http://(?:www\.)?timesrecordnews\.com/"
diff --git a/src/chrome/content/rules/TimesofMoney.xml b/src/chrome/content/rules/TimesofMoney.xml
index 8bfb43b99737..90dad328c52e 100644
--- a/src/chrome/content/rules/TimesofMoney.xml
+++ b/src/chrome/content/rules/TimesofMoney.xml
@@ -10,4 +10,4 @@
 	<rule from="^http://(?:www\.)?timesofmoney\.com/"
 		to="https://www.timesofmoney.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Timex.xml b/src/chrome/content/rules/Timex.xml
index c1db26e01cd1..47160102f312 100644
--- a/src/chrome/content/rules/Timex.xml
+++ b/src/chrome/content/rules/Timex.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://timex.com/ => https://timex.com/: (51, "SSL: no alternative certificate subject name matches target host name 'timex.com'")
 
 -->
-<ruleset name="Timex" default_off='failed ruleset test'>
+<ruleset name="Timex" default_off="failed ruleset test">
 
 	<target host="timex.com" />
 	<target host="www.timex.com" />
@@ -15,4 +15,4 @@ Fetch error: http://timex.com/ => https://timex.com/: (51, "SSL: no alternative
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tinc-vpn.org.xml b/src/chrome/content/rules/Tinc-vpn.org.xml
new file mode 100644
index 000000000000..8662eaa2ce2c
--- /dev/null
+++ b/src/chrome/content/rules/Tinc-vpn.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Tinc-vpn.org">
+	<target host="tinc-vpn.org" />
+	<target host="www.tinc-vpn.org" />
+	<target host="git.tinc-vpn.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ting.com.xml b/src/chrome/content/rules/Ting.com.xml
index 4555feb72f0f..87069e776e61 100644
--- a/src/chrome/content/rules/Ting.com.xml
+++ b/src/chrome/content/rules/Ting.com.xml
@@ -24,13 +24,15 @@
 <ruleset name="Ting.com">
 
 	<target host="ting.com" />
-	<target host="*.ting.com" />
+	<target host="help.ting.com" />
+	<target host="static.ting.com" />
+	<target host="www.ting.com" />
 
 
-	<securecookie host="^(?:.*\.)?ting\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:(help\.|static\.)|www\.)?ting\.com/"
 		to="https://$1ting.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TinkerSoup.de.xml b/src/chrome/content/rules/TinkerSoup.de.xml
index f51dcfb2d4ac..47d5c8484343 100644
--- a/src/chrome/content/rules/TinkerSoup.de.xml
+++ b/src/chrome/content/rules/TinkerSoup.de.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.tinkersoup.de/ => https://www.tinkersoup.de/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="TinkerSoup.de" default_off='failed ruleset test'>
+<ruleset name="TinkerSoup.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tinkerforge.com.xml b/src/chrome/content/rules/Tinkerforge.com.xml
index 18cfce69a0b9..ab42090aae37 100644
--- a/src/chrome/content/rules/Tinkerforge.com.xml
+++ b/src/chrome/content/rules/Tinkerforge.com.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(www\.)?tinkerforge\.com/(?=shop(?:$|[?/])|static/)"
 		to="https://$1tinkerforge.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TinyBites.xml b/src/chrome/content/rules/TinyBites.xml
deleted file mode 100644
index 626ef1787baa..000000000000
--- a/src/chrome/content/rules/TinyBites.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="TinyBites">
-
-	<target host="tinybytes.me" />
-	<target host="www.tinybytes.me" />
-
-
-	<securecookie host="^\.tinybytes\.me$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TinyChat.xml b/src/chrome/content/rules/TinyChat.xml
index 94859445da85..63aa9f52571d 100644
--- a/src/chrome/content/rules/TinyChat.xml
+++ b/src/chrome/content/rules/TinyChat.xml
@@ -7,8 +7,8 @@ Fetch error: http://www.tinychat.com/ => https://tinychat.com/: (60, 'SSL certif
   <target host="tinychat.com" />
   <target host="www.tinychat.com" />
 
-  <!-- 
-   https://trac.torproject.org/projects/tor/ticket/8848 
+  <!--
+   https://trac.torproject.org/projects/tor/ticket/8848
   <securecookie host="^(.+\.)?tinychat\.com$" name=".+" />
   -->
   <exclusion pattern="^http://(?:www\.)?tinychat\.com/nsfw" />
diff --git a/src/chrome/content/rules/TinyDL.com.xml b/src/chrome/content/rules/TinyDL.com.xml
deleted file mode 100644
index f79f9286b141..000000000000
--- a/src/chrome/content/rules/TinyDL.com.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="TinyDL.com" platform="mixedcontent">
-
-	<target host="tinydl.com" />
-	<target host="www.tinydl.com" />
-
-	<securecookie host="^www\.tinydl\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TinyURL.xml b/src/chrome/content/rules/TinyURL.xml
deleted file mode 100644
index d8ba57fd80a0..000000000000
--- a/src/chrome/content/rules/TinyURL.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Mixed content:
-
-		- Ads/web bugs, from:
-
-			- loadus.exelator.com ¹
-			- tags.expo9.exponential.com ²
-			- cdn.komoona.com ¹
-
-	¹ Secured by us
-	² Rule disabled by default <= mismatched cert
-
--->
-<ruleset name="TinyURL.com">
-	<target host="tinyurl.com" />
-	<target host="www.tinyurl.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Tinypass.com-falsemixed.xml b/src/chrome/content/rules/Tinypass.com-falsemixed.xml
deleted file mode 100644
index 5e7925ae565c..000000000000
--- a/src/chrome/content/rules/Tinypass.com-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Tinypass.com.xml.
-
--->
-<ruleset name="Tinypass.com (false MCB)" platform="mixedcontent">
-
-	<target host="*.tinypass.com" />
-
-
-	<securecookie host="^\.tinypass\.com$" name=".+" />
-
-
-	<rule from="^http://(publisher|www)\.tinypass\.com/"
-		to="https://$1.tinypass.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tinypass.com.xml b/src/chrome/content/rules/Tinypass.com.xml
index 6e7be9e62890..48b54db922ed 100644
--- a/src/chrome/content/rules/Tinypass.com.xml
+++ b/src/chrome/content/rules/Tinypass.com.xml
@@ -1,54 +1,40 @@
 <!--
-	For rules causing false/broken MCB, see Tinypass.com-falsemixed.xml.
-
-
-	Nonfunctional subdomains:
-
-		- developer *
-		- market **
-
-	* Refused
-	** Shows dashboard
-
-
-	Fully covered subdomains:
-
-		- cdn
-
-
-	Mixed content:
-
-		- iframe on publisher from tinypass.zendesk.com *
-
-		- css on publisher from $self *
-		- css on www from $self *
-
-		- Images, on:
-
-			- publisher from $self *
-			- publisher from www *
-			- www from $self *
-
-		- Bug on publisher from cloud.webtype.com *
-
-	* Secured by us
-
+	Invalid certificate:
+		assets.tinypass.com
+		jobs.tinypass.com
+
+	Timeout:
+		bc.tinypass.com
+		demo.tinypass.com
+		dev.tinypass.com
+		ew-demo.tinypass.com
+		github.tinypass.com
+		qa0.tinypass.com
+		qa1.tinypass.com
+		sw.tinypass.com
 -->
-<ruleset name="Tinypass.com (partial)">
+<ruleset name="Tinypass.com">
 
 	<target host="tinypass.com" />
+	<target host="www.tinypass.com" />
+	<target host="api.tinypass.com" />
+	<target host="api-v3.tinypass.com" />
+	<target host="buy.tinypass.com" />
 	<target host="cdn.tinypass.com" />
+	<target host="cnbc-dev.tinypass.com" />
+	<target host="cnbc-sandbox.tinypass.com" />
 	<target host="code.tinypass.com" />
 	<target host="dashboard.tinypass.com" />
+	<target host="developer.tinypass.com" />
+	<target host="experience.tinypass.com" />
+	<target host="fonts.tinypass.com" />
+	<target host="id.tinypass.com" />
+	<target host="market.tinypass.com" />
+	<target host="media.tinypass.com" />
+	<target host="play.tinypass.com" />
+	<target host="pmauth-sandbox.tinypass.com" />
 	<target host="publisher.tinypass.com" />
-	<target host="www.tinypass.com" />
-		<!--exclusion pattern="^http://(developer|market)\.tinypass\.com/" /-->
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://publisher\.tinypass\.com/+(?!guide/(?:assets|media|plugins)/)" />
-		<exclusion pattern="^http://www\.tinypass\.com/+(?!favicon\.ico|wp-content/|wp-includes/)" />
-
+	<target host="sandbox.tinypass.com" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Tinyteenpass.com.xml b/src/chrome/content/rules/Tinyteenpass.com.xml
index 1ae6df7409a4..23e1c52ff061 100644
--- a/src/chrome/content/rules/Tinyteenpass.com.xml
+++ b/src/chrome/content/rules/Tinyteenpass.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tinyteenpass.com/ => https://tinyteenpass.com/: (7, 'Failed to connect to tinyteenpass.com port 443: No route to host')
 Fetch error: http://www.tinyteenpass.com/ => https://www.tinyteenpass.com/: (7, 'Failed to connect to www.tinyteenpass.com port 443: No route to host')
 -->
-<ruleset name="tinyteenpass.com" default_off='failed ruleset test'>
+<ruleset name="tinyteenpass.com" default_off="failed ruleset test">
 
 	<target host="tinyteenpass.com" />
 	<target host="www.tinyteenpass.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.tinyteenpass.com/ => https://www.tinyteenpass.com/: (7,
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tipico.de.xml b/src/chrome/content/rules/Tipico.de.xml
index ef4572ae922d..83a08957f8de 100644
--- a/src/chrome/content/rules/Tipico.de.xml
+++ b/src/chrome/content/rules/Tipico.de.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tirerack.com.xml b/src/chrome/content/rules/Tirerack.com.xml
deleted file mode 100644
index 3acb50702749..000000000000
--- a/src/chrome/content/rules/Tirerack.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Tirerack">
-  <target host="www.tirerack.com"/>
-  <target host="tirerack.com"/>
-
-  <rule from="^http:" to="https:" />
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.77 -->
diff --git a/src/chrome/content/rules/TitanPad.com.xml b/src/chrome/content/rules/TitanPad.com.xml
deleted file mode 100644
index 02c54f32ce65..000000000000
--- a/src/chrome/content/rules/TitanPad.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Mixed content:
-
-		- Ad from diebold.amd.co.at *
-
-	* Secured by us
-
--->
-<ruleset name="TitanPad.com">
-
-	<target host="titanpad.com" />
-	<target host="www.titanpad.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.titanpad\.com$" name="^(ES|ET)$" /-->
-
-	<securecookie host="^\.titanpad\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tizen.org.xml b/src/chrome/content/rules/Tizen.org.xml
index 658867eb8d05..209740f2f421 100644
--- a/src/chrome/content/rules/Tizen.org.xml
+++ b/src/chrome/content/rules/Tizen.org.xml
@@ -16,7 +16,7 @@ Fetch error: http://tizen.org/ => https://tizen.org/: (51, "SSL: no alternative
 		- wiki
 
 -->
-<ruleset name="Tizen.org" default_off='failed ruleset test'>
+<ruleset name="Tizen.org" default_off="failed ruleset test">
 
 	<target host="tizen.org" />
 	<target host="bugs.tizen.org" />
diff --git a/src/chrome/content/rules/Tjoos.xml b/src/chrome/content/rules/Tjoos.xml
index b909fa2f5e51..96b47e45936f 100644
--- a/src/chrome/content/rules/Tjoos.xml
+++ b/src/chrome/content/rules/Tjoos.xml
@@ -5,7 +5,11 @@
 <ruleset name="Tjoos (partial)">
 
 	<target host="tjoos.com" />
-	<target host="*.tjoos.com" />
+	<target host="www.tjoos.com" />
+	<target host="store.img0.tjoos.com" />
+	<target host="store.img1.tjoos.com" />
+	<target host="store.img2.tjoos.com" />
+	<target host="store.img3.tjoos.com" />
 
 
 	<rule from="^http://(www\.)?tjoos\.com/([iI])mg/"
diff --git a/src/chrome/content/rules/Tjournal.ru.xml b/src/chrome/content/rules/Tjournal.ru.xml
index c472ea3f0800..c8dd6573becb 100644
--- a/src/chrome/content/rules/Tjournal.ru.xml
+++ b/src/chrome/content/rules/Tjournal.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.tjournal.ru/ => https://www.tjournal.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.tjournal.ru'")
 
 -->
-<ruleset name="Tjournal.ru" default_off='failed ruleset test'>
+<ruleset name="Tjournal.ru" default_off="failed ruleset test">
 	<target host="tjournal.ru" />
 	<target host="www.tjournal.ru" />
 
diff --git a/src/chrome/content/rules/Tkbbank.ru.xml b/src/chrome/content/rules/Tkbbank.ru.xml
index e4610627355f..de13ebf5b426 100644
--- a/src/chrome/content/rules/Tkbbank.ru.xml
+++ b/src/chrome/content/rules/Tkbbank.ru.xml
@@ -10,7 +10,7 @@ sfera.tkbbank.ru ³
 ¹ mismatch
 ³ timed out
 -->
-<ruleset name="tkbbank.ru" default_off='failed ruleset test'>
+<ruleset name="tkbbank.ru" default_off="failed ruleset test">
 	<target host="tkbbank.ru" />
 	<target host="www.tkbbank.ru" />
 	<target host="b2card.tkbbank.ru" />
diff --git a/src/chrome/content/rules/Tls.li.xml b/src/chrome/content/rules/Tls.li.xml
index fe3323337241..58fe6324dc37 100644
--- a/src/chrome/content/rules/Tls.li.xml
+++ b/src/chrome/content/rules/Tls.li.xml
@@ -8,7 +8,7 @@ Fetch error: http://tls.li/ => https://tls.li/: (28, 'Connection timed out after
 		- www.tls.li
 
 -->
-<ruleset name="tls.li" default_off='failed ruleset test'>
+<ruleset name="tls.li" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tmcnet.com.xml b/src/chrome/content/rules/Tmcnet.com.xml
index 53aa8e267089..f90a14f5bd98 100644
--- a/src/chrome/content/rules/Tmcnet.com.xml
+++ b/src/chrome/content/rules/Tmcnet.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.tmcnet.com/ => https://www.tmcnet.com/: Cycle detected -
 	** 404, CN: www.tmcnet.com
 
 -->
-<ruleset name="Tmcnet.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Tmcnet.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="tmcnet.com" />
 	<target host="www.tmcnet.com" />
@@ -28,4 +28,4 @@ Fetch error: http://www.tmcnet.com/ => https://www.tmcnet.com/: Cycle detected -
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tmsz.com.xml b/src/chrome/content/rules/Tmsz.com.xml
index b7960b28de79..59d217eeba12 100644
--- a/src/chrome/content/rules/Tmsz.com.xml
+++ b/src/chrome/content/rules/Tmsz.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.tmsz.com/ => https://www.tmsz.com/: (7, 'Failed to conne
 	Mixed images from various domains
 
 -->
-<ruleset name="tmsz.com" default_off='failed ruleset test'>
+<ruleset name="tmsz.com" default_off="failed ruleset test">
 
 	<target host="tmsz.com" />
 	<target host="www.tmsz.com" />
diff --git a/src/chrome/content/rules/ToFOUR.net.xml b/src/chrome/content/rules/ToFOUR.net.xml
index 241e69980921..114d0b7e0d0f 100644
--- a/src/chrome/content/rules/ToFOUR.net.xml
+++ b/src/chrome/content/rules/ToFOUR.net.xml
@@ -1,13 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://cdn.tofour.net/ => https://cdn.tofour.net/: (6, 'Could not resolve host: cdn.tofour.net')
+
 	Other toFOUR rulesets:
 
-		- Picload.org.xml
 
 -->
 <ruleset name="toFOUR.net">
 
 	<target host="tofour.net" />
-	<target host="cdn.tofour.net" />
+	<!-- target host="cdn.tofour.net" /-->
 	<target host="static.tofour.net" />
 	<target host="www.tofour.net" />
 
diff --git a/src/chrome/content/rules/ToLearnEnglish.com.xml b/src/chrome/content/rules/ToLearnEnglish.com.xml
new file mode 100644
index 000000000000..640104d3a9c1
--- /dev/null
+++ b/src/chrome/content/rules/ToLearnEnglish.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="ToLearnEnglish.com">
+	<target host="tolearnenglish.com" />
+	<target host="www.tolearnenglish.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Toad_Fly.xml b/src/chrome/content/rules/Toad_Fly.xml
index bce3b4d33730..1a2ec78f491c 100644
--- a/src/chrome/content/rules/Toad_Fly.xml
+++ b/src/chrome/content/rules/Toad_Fly.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?thetoadfly\.com/(favicon\.ico|(?:my-account|order-tracking)(?:$|\?|/)|wp-content/|wp-includes/)"
 		to="https://$1thetoadfly.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toastmasters.org.xml b/src/chrome/content/rules/Toastmasters.org.xml
new file mode 100644
index 000000000000..6b75d412a405
--- /dev/null
+++ b/src/chrome/content/rules/Toastmasters.org.xml
@@ -0,0 +1,36 @@
+<!--
+	Mismatched:
+		- ^
+		- magazines
+
+	Connection refused:
+		- autodiscover
+		- ecommerce
+		- reports
+
+	Expired:
+		- california
+		- cdcentral
+		- convention
+
+	Time out:
+		- dashboards
+		- remote
+		- vpn
+		- webmail
+-->
+<ruleset name="Toastmasters International">
+	<target host="toastmasters.org" />
+	<target host="www.toastmasters.org" />
+	<target host="mediacenter.toastmasters.org" />
+	<target host="reports2.toastmasters.org" />
+	<target host="secure.toastmasters.org" />
+	<target host="themeetingroom.toastmasters.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://toastmasters\.org/"
+		to="https://www.toastmasters.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Todo_en_Tinta.xml b/src/chrome/content/rules/Todo_en_Tinta.xml
index ee664e867dc5..6fd44f8e2239 100644
--- a/src/chrome/content/rules/Todo_en_Tinta.xml
+++ b/src/chrome/content/rules/Todo_en_Tinta.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.ahorroentinta.com/ => https://www.ahorroentinta.com/: (6
 Disabled by https-everywhere-checker because:
 Fetch error: http://ahorroentinta.com/ => https://ahorroentinta.com/: Redirect for 'http://peplogar.com/' missing Location
 -->
-<ruleset name="Todo en Tinta" default_off='failed ruleset test'>
+<ruleset name="Todo en Tinta" default_off="failed ruleset test">
 
 	<target host="ahorroentinta.com" />
 	<target host="www.ahorroentinta.com" />
@@ -18,4 +18,4 @@ Fetch error: http://ahorroentinta.com/ => https://ahorroentinta.com/: Redirect f
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Todoly.xml b/src/chrome/content/rules/Todoly.xml
index c056af1a18fa..f34dc53a3247 100644
--- a/src/chrome/content/rules/Todoly.xml
+++ b/src/chrome/content/rules/Todoly.xml
@@ -2,7 +2,7 @@
   <target host="todo.ly"/>
   <target host="www.todo.ly"/>
 
-  <securecookie host="^(?:.+\.)?todo\.ly$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http://(?:www\.)?todo\.ly/" to="https://todo.ly/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Toga_Hotels.xml b/src/chrome/content/rules/Toga_Hotels.xml
index 722bf8248206..2826b4e3139f 100644
--- a/src/chrome/content/rules/Toga_Hotels.xml
+++ b/src/chrome/content/rules/Toga_Hotels.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?togahotels\.com/(asset|template)s/"
 		to="https://$1togahotels.com/$2s/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toko_Bitcoin.com.xml b/src/chrome/content/rules/Toko_Bitcoin.com.xml
deleted file mode 100644
index 40fbdf30bc03..000000000000
--- a/src/chrome/content/rules/Toko_Bitcoin.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- tokobitcoin.com
-		- .tokobitcoin.com
-		- www.tokobitcoin.com
-
--->
-<ruleset name="Toko Bitcoin.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="tokobitcoin.com" />
-	<target host="www.tokobitcoin.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?tokobitcoin\.com$" name="^ci_session$" /-->
-	<!--securecookie host="^\.tokobitcoin\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?tokobitcoin\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tokopedia.com.xml b/src/chrome/content/rules/Tokopedia.com.xml
new file mode 100644
index 000000000000..b233b8c0a1b3
--- /dev/null
+++ b/src/chrome/content/rules/Tokopedia.com.xml
@@ -0,0 +1,18 @@
+<ruleset name="Tokopedia.com">
+	<target host="tokopedia.com" />
+	<target host="www.tokopedia.com" />
+	<target host="accounts.tokopedia.com" />
+	<target host="ace.tokopedia.com" />
+	<target host="ecs.tokopedia.com" />
+	<target host="goldmerchant.tokopedia.com" />
+	<target host="gql.tokopedia.com" />
+	<target host="kota.tokopedia.com" />
+	<target host="m.tokopedia.com" />
+	<target host="mojito.tokopedia.com" />
+	<target host="pulsa.tokopedia.com" />
+	<target host="seller.tokopedia.com" />
+	<target host="ta.tokopedia.com" />
+	<target host="tiket.tokopedia.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tokyo-Broadcasting-System-Television.xml b/src/chrome/content/rules/Tokyo-Broadcasting-System-Television.xml
new file mode 100644
index 000000000000..05965a9c87e5
--- /dev/null
+++ b/src/chrome/content/rules/Tokyo-Broadcasting-System-Television.xml
@@ -0,0 +1,5 @@
+<ruleset name="Tokyo Broadcasting System Television">
+	<target host="www.tbs.co.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml b/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml
index 414912d8e275..8524aefb4779 100644
--- a/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml
+++ b/src/chrome/content/rules/Tokyo-Linux-Users-Group.xml
@@ -7,12 +7,12 @@
 <ruleset name="Tokyo Linux Users Group" default_off="self-signed">
 
 	<target host="tlug.jp" />
-	<target host="*.tlug.jp" />
+	<target host="www.tlug.jp" />
+	<target host="lists.tlug.jp" />
 
 	<rule from="^http://(?:www\.)?tlug\.jp/"
 		to="https://tlug.jp/" />
 
-	<rule from="^http://lists\.tlug\.jp/"
-		to="https://lists.tlug.jp/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tokyo_University_of_Science.xml b/src/chrome/content/rules/Tokyo_University_of_Science.xml
index bf2d5db6f740..45de56d6744d 100644
--- a/src/chrome/content/rules/Tokyo_University_of_Science.xml
+++ b/src/chrome/content/rules/Tokyo_University_of_Science.xml
@@ -7,4 +7,4 @@
 						-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TomPawlak.org.xml b/src/chrome/content/rules/TomPawlak.org.xml
deleted file mode 100644
index ae7f943f95ae..000000000000
--- a/src/chrome/content/rules/TomPawlak.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	^ doesn't exist.
-	www is a test page (404).
--->
-
-<ruleset name="TomPawlak.org">
-	<target host="blog.tompawlak.org" />
-	<target host="static.tompawlak.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/TomTom-International.xml b/src/chrome/content/rules/TomTom-International.xml
index 5e37257b5478..4f914fbaa428 100644
--- a/src/chrome/content/rules/TomTom-International.xml
+++ b/src/chrome/content/rules/TomTom-International.xml
@@ -14,10 +14,10 @@ Fetch error: http://www.tomtomrunningrace.com/ => https://www.tomtomrunningrace.
 		- lbs
 		- livetraffic
 		- download *
-		
+
 	* bad cert domain
 -->
-<ruleset name="TomTom.com (partial)" default_off='failed ruleset test'>
+<ruleset name="TomTom.com (partial)" default_off="failed ruleset test">
 
 	<target host="tomtom.com" />
 	<target host="www.tomtom.com" />
@@ -25,7 +25,7 @@ Fetch error: http://www.tomtomrunningrace.com/ => https://www.tomtomrunningrace.
 	<target host="mysports.tomtom.com" />
 	<target host="business.tomtom.com" />
 	<target host="places.tomtom.com" />
-	
+
 	<target host="es.support.tomtom.com" />
 	<target host="fr.support.tomtom.com" />
 	<target host="uk.support.tomtom.com" />
@@ -47,20 +47,20 @@ Fetch error: http://www.tomtomrunningrace.com/ => https://www.tomtomrunningrace.
 	<target host="us.support.tomtom.com" />
 	<target host="pt.support.tomtom.com" />
 	<target host="gr.support.tomtom.com" />
-	
+
 	<target host="en.discussions.tomtom.com" />
 	<target host="de.discussions.tomtom.com" />
 	<target host="fr.discussions.tomtom.com" />
-	
+
 	<target host="tomtomrunningrace.com" />
 	<target host="www.tomtomrunningrace.com" />
-	
-	
+
+
 	<securecookie host="^tomtom\.com$" name=".+" />
 	<securecookie host="^(?:mydrive|mysport|business|places)?\.tomtom\.com$" name=".+" />
 	<securecookie host="^(?:es|fr|uk|nl|ru|fi|cz|au|de|se|dk|it|hu|no|tr|in|br|pl|us|pt|gr)?\.support\.tomtom\.com$" name=".+" />
-	
-	
+
+
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Toms-of-Maine.xml b/src/chrome/content/rules/Toms-of-Maine.xml
index ecd6d0e59fd6..4f5d151ad1c7 100644
--- a/src/chrome/content/rules/Toms-of-Maine.xml
+++ b/src/chrome/content/rules/Toms-of-Maine.xml
@@ -6,7 +6,7 @@ Fetch error: http://images.tomsofmainestore.com/ => https://images.tomsofmainest
 Disabled by https-everywhere-checker because:
 Fetch error: http://images.tomsofmainestore.com/ => https://images.tomsofmainestore.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Tom's of Maine (partial)" default_off='failed ruleset test'>
+<ruleset name="Tom's of Maine (partial)" default_off="failed ruleset test">
 
 	<target host="tomsofmainestore.com"/>
 	<target host="images.tomsofmainestore.com"/>
diff --git a/src/chrome/content/rules/TomsHardware.com.xml b/src/chrome/content/rules/TomsHardware.com.xml
new file mode 100644
index 000000000000..77297018663d
--- /dev/null
+++ b/src/chrome/content/rules/TomsHardware.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Certificate mismatch:
+		- tomshardware.com
+		- feedbacks.tomshardware.com
+		- img.tomshardware.com
+
+	Expired certificate:
+		- gb.tomshardware.com
+		- dld.tomshardware.com
+		- business.tomshardware.com
+		- channel.tomshardware.com
+		- community.tomshardware.com
+		- graphics.tomshardware.com
+		- images.tomshardware.com
+		- tracking.tomshardware.com
+-->
+<ruleset name="TomsHardware.com">
+	<target host="tomshardware.com" />
+	<target host="www.tomshardware.com" />
+	<target host="stores.tomshardware.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://tomshardware\.com/" to="https://www.tomshardware.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TonerGiant.xml b/src/chrome/content/rules/TonerGiant.xml
index 194a90702c01..0d16bb210095 100644
--- a/src/chrome/content/rules/TonerGiant.xml
+++ b/src/chrome/content/rules/TonerGiant.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?tonergiant\.co\.uk/(css/|favicon\.ico|includes/|login\.asp|media/|version9/|viewBasket\.asp)"
 		to="https://$1tonergiant.co.uk/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TonyBianco.xml b/src/chrome/content/rules/TonyBianco.xml
index a6e362f5676f..f7d8626c7fd3 100644
--- a/src/chrome/content/rules/TonyBianco.xml
+++ b/src/chrome/content/rules/TonyBianco.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TonyZTan.xml b/src/chrome/content/rules/TonyZTan.xml
index d98dabe71128..12b15f5b4c3c 100644
--- a/src/chrome/content/rules/TonyZTan.xml
+++ b/src/chrome/content/rules/TonyZTan.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ztan.tk/ => https://ztan.tk/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Tony Zhaocheng Tan" default_off='failed ruleset test'>
+<ruleset name="Tony Zhaocheng Tan" default_off="failed ruleset test">
 
 	<target host="ztan.tk" />
 	<target host="*.ztan.tk" />
-	
+
 	<!-- ztan.tk redirects to tonytan.io, but it is also used for URL shortening -->
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Toogl.com.xml b/src/chrome/content/rules/Toogl.com.xml
index 72682471fb78..60eb8db82707 100644
--- a/src/chrome/content/rules/Toogl.com.xml
+++ b/src/chrome/content/rules/Toogl.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://toogl.com/ => https://toogl.com/: (35, 'Unknown SSL protocol
 		- quiz
 
 -->
-<ruleset name="Toogl.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Toogl.com (partial)" default_off="failed ruleset test">
 
 	<target host="toogl.com" />
 	<target host="quiz.toogl.com" />
diff --git a/src/chrome/content/rules/Toolbox.com.xml b/src/chrome/content/rules/Toolbox.com.xml
new file mode 100644
index 000000000000..a8c88393bc1e
--- /dev/null
+++ b/src/chrome/content/rules/Toolbox.com.xml
@@ -0,0 +1,23 @@
+<!--
+	404s:
+		- toolbox.com, equivalent to it.toolbox.com
+
+	Invalid certificate:
+		- login.toolbox.com
+-->
+
+<ruleset name="Toolbox.com">
+	<target host="toolbox.com" />
+	<target host="www.toolbox.com" />
+	<target host="assets.toolbox.com" />
+	<target host="finance.toolbox.com" />
+	<target host="hosteddocs.toolbox.com" />
+	<target host="hr.toolbox.com" />
+	<target host="it.toolbox.com" />
+	<target host="marketing.toolbox.com" />
+
+	<rule from="^http://toolbox\.com/"
+		to="https://it.toolbox.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ToontownRewritten.xml b/src/chrome/content/rules/ToontownRewritten.xml
deleted file mode 100644
index 1202ec297138..000000000000
--- a/src/chrome/content/rules/ToontownRewritten.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-		Invalid certificate:
-			support.toontownrewritten.com (incomplete certificate chain)
--->
-<ruleset name="Toontown Rewritten">
-	<target host="toontownrewritten.com" />
-	<target host="www.toontownrewritten.com" />
-	<target host="cdn.toontownrewritten.com" />
-	<target host="cp.toontownrewritten.com" />
-	<target host="download.toontownrewritten.com" />
-	<target host="git.toontownrewritten.com" />
-	<target host="synergy.toontownrewritten.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-			to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Top.de.xml b/src/chrome/content/rules/Top.de.xml
index f97d2e97b662..d06aedede095 100644
--- a/src/chrome/content/rules/Top.de.xml
+++ b/src/chrome/content/rules/Top.de.xml
@@ -40,7 +40,7 @@ Fetch error: http://sec-i.top.de/ => https://sec-i.top.de/: (6, 'Could not resol
 	* Secured by us
 
 -->
-<ruleset name="top.de" default_off='failed ruleset test'>
+<ruleset name="top.de" default_off="failed ruleset test">
 
 	<target host="top.de" />
 	<target host="sec-i.top.de" />
diff --git a/src/chrome/content/rules/TopBuy.com.au.xml b/src/chrome/content/rules/TopBuy.com.au.xml
index c90b82d21a4b..871664292422 100644
--- a/src/chrome/content/rules/TopBuy.com.au.xml
+++ b/src/chrome/content/rules/TopBuy.com.au.xml
@@ -4,16 +4,16 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://groupbuy.topbuy.com.au/ => https://groupbuy.topbuy.com.au/: (28, 'Connection timed out after 20006 milliseconds')
 
 -->
-<ruleset name="TopBuy.com.au" default_off='failed ruleset test'>
+<ruleset name="TopBuy.com.au" default_off="failed ruleset test">
 
 	<target host="topbuy.com.au" />
 	<target host="groupbuy.topbuy.com.au" />
 	<target host="www.topbuy.com.au" />
 
 
-	<securecookie host="^(?:.*\.)?topbuy\.com\.au$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TopCoder.xml b/src/chrome/content/rules/TopCoder.xml
index 5ae1c9ee5901..663d3d5c5ab7 100644
--- a/src/chrome/content/rules/TopCoder.xml
+++ b/src/chrome/content/rules/TopCoder.xml
@@ -36,7 +36,7 @@
 	<!--securecookie host="^(app|community|software|studio|www)\.topcoder\.com$" name="^JSESSIONID$" /-->
 	<!--securecookie host="^www\.topcoder\.com$" name="^PHPSESSID$"/-->
 
-	<securecookie host="^(?:.*\.)?topcoder\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--	each client has a unique subdomain.	-->
diff --git a/src/chrome/content/rules/TopOption.com.xml b/src/chrome/content/rules/TopOption.com.xml
index a38baadcc093..98556091834f 100644
--- a/src/chrome/content/rules/TopOption.com.xml
+++ b/src/chrome/content/rules/TopOption.com.xml
@@ -36,7 +36,9 @@
 <ruleset name="TopOption.com (partial)">
 
 	<target host="topoption.com" />
-	<target host="*.topoption.com" />
+	<target host="myaccount.topoption.com" />
+	<target host="widgets.topoption.com" />
+	<target host="www.topoption.com" />
 		<!--exclusion pattern="^http://landing\.topoption\.com/" /-->
 		<!--
 			Redirect to http:
@@ -61,7 +63,6 @@
 	<!--securecookie host="^\.topoption\.com$" name="^(incap_ses_[\d_]+|nlbi_\d+|spotsession_\d+|___utmv\w+|visid_incap_\d+)$" /-->
 
 
-	<rule from="^http://((?:myaccount|widgets|www)\.)?topoption\.com/"
-		to="https://$1topoption.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TopatoCo.xml b/src/chrome/content/rules/TopatoCo.xml
index ea5db714bc3b..66a78d71f7b7 100644
--- a/src/chrome/content/rules/TopatoCo.xml
+++ b/src/chrome/content/rules/TopatoCo.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Topky.sk.xml b/src/chrome/content/rules/Topky.sk.xml
new file mode 100644
index 000000000000..c30e61be463a
--- /dev/null
+++ b/src/chrome/content/rules/Topky.sk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Topky.sk">
+	<target host="topky.sk" />
+	<target host="www.topky.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Toppers.jp.xml b/src/chrome/content/rules/Toppers.jp.xml
new file mode 100644
index 000000000000..d486b15bb889
--- /dev/null
+++ b/src/chrome/content/rules/Toppers.jp.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- spica.toppers.jp
+-->
+<ruleset name="Toppers.jp">
+	<target host="toppers.jp" />
+	<target host="www.toppers.jp" />
+	<target host="dev.toppers.jp" />
+	<target host="swest.toppers.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tor2Web.xml b/src/chrome/content/rules/Tor2Web.xml
index 90f4b14cd11d..5196d85957a7 100644
--- a/src/chrome/content/rules/Tor2Web.xml
+++ b/src/chrome/content/rules/Tor2Web.xml
@@ -11,7 +11,7 @@ Fetch error: http://torlink.co/ => https://torlink.co/: (6, 'Could not resolve h
 Fetch error: http://onion.ink/ => https://onion.ink/: (6, 'Could not resolve host: onion.ink')
 
 -->
-<ruleset name="tor2Web" default_off='failed ruleset test'>
+<ruleset name="tor2Web" default_off="failed ruleset test">
 	<target host="*.tor2web.com" />
 	<target host="torlink.co" />
 	<target host="*.torlink.co" />
diff --git a/src/chrome/content/rules/TorLock.com.xml b/src/chrome/content/rules/TorLock.com.xml
deleted file mode 100644
index 1ce291c82f11..000000000000
--- a/src/chrome/content/rules/TorLock.com.xml
+++ /dev/null
@@ -1,57 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cdn.torlock.com/ => https://tlock-16e3.kxcdn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tlock-16e3.kxcdn.com'")
-
-	CDN buckets:
-
-		- tlock-16e3.kxcdn.com
-
-
-	Problematic hosts in *torlock.com:
-
-		- cdn *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .torlock.com
-
-
-	Mixed content:
-
-		- Images from cdn.torlock.com *
-		- Bug from sstatic1.histats.com *
-
-	* Secured by us
-
--->
-<ruleset name="TorLock.com" default_off='failed ruleset test'>
-
-	<target host="torlock.com" />
-	<target host="www.torlock.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cdn.torlock.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.torlock\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:w*\.)?torlock\.com$" name=".+" />
-
-
-	<!--	!www redirects to www over http,
-		so copy that behavior:
-					-->
-	<rule from="^http://cdn\.torlock\.com/"
-		to="https://tlock-16e3.kxcdn.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Torcache.xml b/src/chrome/content/rules/Torcache.xml
index 53c4cc21270c..9777986e2456 100644
--- a/src/chrome/content/rules/Torcache.xml
+++ b/src/chrome/content/rules/Torcache.xml
@@ -5,7 +5,7 @@ Fetch error: http://torcache.net/ => https://torcache.net/: (28, 'Connection tim
 Fetch error: http://www.torcache.net/ => https://www.torcache.net/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Torcache.net" default_off='failed ruleset test'>
+<ruleset name="Torcache.net" default_off="failed ruleset test">
 	<target host="torcache.net"/>
 	<target host="www.torcache.net"/>
 
diff --git a/src/chrome/content/rules/TornadoWeb.org.xml b/src/chrome/content/rules/TornadoWeb.org.xml
new file mode 100644
index 000000000000..8b46c644adf4
--- /dev/null
+++ b/src/chrome/content/rules/TornadoWeb.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		tornadoweb.org
+
+-->
+<ruleset name="TornadoWeb.org">
+
+	<target host="tornadoweb.org" />
+	<target host="www.tornadoweb.org" />
+
+	<rule from="^http://tornadoweb\.org/"
+		to="https://www.tornadoweb.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Tornado_Web.org.xml b/src/chrome/content/rules/Tornado_Web.org.xml
deleted file mode 100644
index aefb641f909b..000000000000
--- a/src/chrome/content/rules/Tornado_Web.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	^: interrupted
-
-
-	CN: *.readthedocs.org
-
--->
-<ruleset name="Tornado Web.org" default_off="mismatched">
-
-	<target host="tornadoweb.org" />
-	<target host="www.tornadoweb.org" />
-
-
-	<rule from="^http://(?:www\.)?tornadoweb\.org/"
-		to="https://www.tornadoweb.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Toronto-Star.xml b/src/chrome/content/rules/Toronto-Star.xml
index 15f3c1a5a811..cc446d316c9b 100644
--- a/src/chrome/content/rules/Toronto-Star.xml
+++ b/src/chrome/content/rules/Toronto-Star.xml
@@ -37,7 +37,7 @@ Fetch error: http://emarketing.thestar.com/ => https://emarketing.thestar.com/:
 	ˢ Secured by us
 
 -->
-<ruleset name="The Star.com (partial)" default_off='failed ruleset test'>
+<ruleset name="The Star.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TorontoHydro.com.xml b/src/chrome/content/rules/TorontoHydro.com.xml
new file mode 100644
index 000000000000..a70e9eb022ba
--- /dev/null
+++ b/src/chrome/content/rules/TorontoHydro.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Chain issue (missing intermediate):
+	- cf.torontohydro.com
+	- css.torontohydro.com
+  	- myusage.torontohydro.com
+	- outagereport.torontohydro.com
+  	- outlook.torontohydro.com
+  	- powerlens.torontohydro.com
+	- powerlensbusiness.torontohydro.com
+-->
+
+<ruleset name="TorontoHydro.com">
+	<target host="torontohydro.com" />
+	<target host="www.torontohydro.com" />
+	<target host="jobs.torontohydro.com" />
+	<target host="www.newsroom.torontohydro.com" />
+  	<target host="outages.torontohydro.com" />
+  	<target host="ss.torontohydro.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TorontoPolice.on.ca.xml b/src/chrome/content/rules/TorontoPolice.on.ca.xml
index 74c039d1e1b1..2d9f7739eb66 100644
--- a/src/chrome/content/rules/TorontoPolice.on.ca.xml
+++ b/src/chrome/content/rules/TorontoPolice.on.ca.xml
@@ -1,18 +1,18 @@
 <!--
 	Other TPS (Toronto police) rulesets:
-		Tpsmedia.ca.xml
-		Tpsnet.ca.xml
-		Tpsnews.ca.xml
-		Tpsnews.ca-mixedcontent.xml
+		- Tpsmedia.ca.xml
+		- Tpsnet.ca.xml
+		- Tpsnews.ca.xml
+		- Tpsnews.ca-mixedcontent.xml
 
-	Invalid certificate:
-		data.torontopolice.on.ca
-		maps.torontopolice.on.ca
-
-	Mixed content blocking:
-		c4s.torontopolice.on.ca
+	Active mixed content:
+		- c4s.torontopolice.on.ca
 
+	Invalid certificate:
+		- data.torontopolice.on.ca
+		- maps.torontopolice.on.ca
 -->
+
 <ruleset name="TorontoPolice.on.ca">
 	<target host="torontopolice.on.ca" />
 	<target host="www.torontopolice.on.ca" />
@@ -20,8 +20,15 @@
 	<target host="careers.torontopolice.on.ca" />
 	<target host="clearance.torontopolice.on.ca" />
 	<target host="core.torontopolice.on.ca" />
+	<target host="highclass.torontopolice.on.ca" />
+	<target host="lyncdiscover.torontopolice.on.ca" />
+	<target host="lyncweb.torontopolice.on.ca" />
+	<target host="projectseconds.torontopolice.on.ca" />
+	<target host="prybar.torontopolice.on.ca" />
+	<target host="psp.torontopolice.on.ca" />
 	<target host="secure.torontopolice.on.ca" />
+	<target host="trnpsp.torontopolice.on.ca" />
+	<target host="ybird.torontopolice.on.ca" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Torontohydro.com.xml b/src/chrome/content/rules/Torontohydro.com.xml
deleted file mode 100644
index b1635d132373..000000000000
--- a/src/chrome/content/rules/Torontohydro.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Chain issue (missing intermediate):
-	- cf.torontohydro.com
-	- powerlensbusiness.torontohydro.com
-
-	Invalid certificate:
-	- sp.test.torontohydro.com
-
-	Unsupported protocol:
-	- www.newsroom.torontohydro.com
--->
-
-<ruleset name="Torontohydro.com">
-	<target host="torontohydro.com" />
-	<target host="www.torontohydro.com" />
-	<target host="css.torontohydro.com" />
-	<target host="jobs.torontohydro.com" />
-  	<target host="myusage.torontohydro.com" />
-	<target host="outagereport.torontohydro.com" />
-  	<target host="outages.torontohydro.com" />
-  	<target host="outlook.torontohydro.com" />
-  	<target host="powerlens.torontohydro.com" />
-  	<target host="ss.torontohydro.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Torrent.tm.xml b/src/chrome/content/rules/Torrent.tm.xml
deleted file mode 100644
index 181591b3dfbd..000000000000
--- a/src/chrome/content/rules/Torrent.tm.xml
+++ /dev/null
@@ -1,52 +0,0 @@
-<!--
-	Problematic hosts in *torrent.tm:
-
-		- cdn *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .torrent.tm
-
-
-	Mixed content:
-
-		- css from cdn.torrent.tm ¹
-
-		- Images, from:
-
-			- torrent.tm ¹
-			- cdn.torrent.tm ¹
-
-	¹ Not secured by us <= mismatched
-	¹ Secured by us
-
--->
-<ruleset name="Torrent.tm (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="torrent.tm" />
-	<target host="www.torrent.tm" />
-
-	<!--	Complications:
-				-->
-	<!--target host="cdn.torrent.tm" /-->
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.torrent\.tm$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.torrent\.tm$" name=".+" />
-
-
-	<!--rule from="^http://cdn\.torrent\.tm/"
-		to="https://???.kxcdn.com/" /-->
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TorrentButler.xml b/src/chrome/content/rules/TorrentButler.xml
index 8c9658e8d740..f9ba7e93a180 100644
--- a/src/chrome/content/rules/TorrentButler.xml
+++ b/src/chrome/content/rules/TorrentButler.xml
@@ -1,7 +1,7 @@
 <ruleset name="TorrentButler">
 	<target host="torrentbutler.eu" />
 	<target host="www.torrentbutler.eu" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TorrentDay.com.xml b/src/chrome/content/rules/TorrentDay.com.xml
index ac97b4067074..24d42d398639 100644
--- a/src/chrome/content/rules/TorrentDay.com.xml
+++ b/src/chrome/content/rules/TorrentDay.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://editor.torrentday.com/ => https://editor.torrentday.com/: (6
 		announce.torrentday.com
 		irc.torrentday.com
 -->
-<ruleset name="Torrent Day" default_off='failed ruleset test'>
+<ruleset name="Torrent Day" default_off="failed ruleset test">
 
 	<target host="torrentday.com" />
 	<target host="www.torrentday.com" />
diff --git a/src/chrome/content/rules/TorrentFunk.com.xml b/src/chrome/content/rules/TorrentFunk.com.xml
deleted file mode 100644
index 74bdb07aacfd..000000000000
--- a/src/chrome/content/rules/TorrentFunk.com.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cdn.torrentfunk.com/ => https://tfunk-16e3.kxcdn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tfunk-16e3.kxcdn.com'")
-
-	Problematic hosts in *torrentfunk.com:
-
-		- cdn *
-
-	* Mismatched
-
-
-	Mixed content:
-
-		- Images from cdn.torrentfunk.com *
-
-	* Secured by us
-
--->
-<ruleset name="TorrentFunk.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="torrentfunk.com" />
-	<target host="www.torrentfunk.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cdn.torrentfunk.com" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.torrentfunk\.com$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.torrentfunk\.com$" name="" />
-
-
-	<rule from="^http://cdn\.torrentfunk\.com/"
-		to="https://tfunk-16e3.kxcdn.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Torrentleech.org.xml b/src/chrome/content/rules/Torrentleech.org.xml
index 36cc896313c0..0d6a2ffbc626 100644
--- a/src/chrome/content/rules/Torrentleech.org.xml
+++ b/src/chrome/content/rules/Torrentleech.org.xml
@@ -1,28 +1,19 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- torrentleech.org
-		- .torrentleech.org
-		- www.torrentleech.org
-
--->
-<ruleset name="torrentleechdotorg">
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="torrentleech.org.xml">
 	<target host="torrentleech.org" />
 	<target host="www.torrentleech.org" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?torrentleech\.org$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^\.torrentleech\.org$" name="^__cfduid$" /-->
-
-	<securecookie host="^(?:.*\.)?torrentleech.org$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<target host="classic.torrentleech.org" />
+	<target host="forums.torrentleech.org" />
+	<target host="imageservice.torrentleech.org" />
+	<target host="rss.torrentleech.org" />
+	<target host="rss24h.torrentleech.org" />
+	<target host="static.torrentleech.org" />
+	<target host="tracker.torrentleech.org" />
+	<target host="v4.torrentleech.org" />
+	<target host="wiki.torrentleech.org" />
+	
+	<test url="http://www.torrentleech.org/user/account/signup" />
+	<test url="http://v4.torrentleech.org/user/account/lostpassword" />
+	<rule from="^http:" to="https:" />
+        
 </ruleset>
+
diff --git a/src/chrome/content/rules/Torrentproject.com.xml b/src/chrome/content/rules/Torrentproject.com.xml
deleted file mode 100644
index 496636181de0..000000000000
--- a/src/chrome/content/rules/Torrentproject.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--(www.)?torrentproject.com mismatch-->
-<ruleset name="Torrentproject.com">
-	<target host="torrentproject.com" />
-	<target host="www.torrentproject.com" />
-	<target host="torrentproject.se" />
-	<target host="www.torrentproject.se" />
-	
-	<rule from="^http://(www\.)?torrentproject\.com/"
-		to="https://$1torrentproject.se/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Torrentsmirror.xml b/src/chrome/content/rules/Torrentsmirror.xml
deleted file mode 100644
index d647211f894a..000000000000
--- a/src/chrome/content/rules/Torrentsmirror.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Torrentz coverage, see Torrentz.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- torrentsmirror.com
-		- www.torrentsmirror.com
-
--->
-<ruleset name="Torrentsmirror.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="torrentsmirror.com" />
-	<target host="www.torrentsmirror.com" />
-
-
-	<!--	not secured by server:
-					-->
-	<!--securecookie host="(?:www\.)?torrentsmirror\.com$" name="^sess$" /-->
-
-	<securecookie host="(?:www\.)?torrentsmirror\.com$" name=".+" />
-
-	
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Torrentz-Proxy.xml b/src/chrome/content/rules/Torrentz-Proxy.xml
deleted file mode 100644
index 836f8a5480c3..000000000000
--- a/src/chrome/content/rules/Torrentz-Proxy.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Torrentz coverage, see Torrentz.xml.
--->
-<ruleset name="Torrentz-Proxy.com">
-
-	<target host="torrentz-proxy.com" />
-	<target host="www.torrentz-proxy.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Torrentz.xml b/src/chrome/content/rules/Torrentz.xml
deleted file mode 100644
index 59292ef8baae..000000000000
--- a/src/chrome/content/rules/Torrentz.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Other Torrentz rulesets:
-		- Torrentsmirror.xml
-		- Torrentz-Proxy.xml
--->
-<ruleset name="Torrentz">
-
-	<target host="torrentz.ch" />
-	<target host="www.torrentz.ch" />
-	<target host="torrentz.com" />
-	<target host="www.torrentz.com" />
-	<target host="torrentz.eu" />
-	<target host="www.torrentz.eu" />
-	<target host="torrentz.in" />
-	<target host="www.torrentz.in" />
-	<target host="torrentz.me" />
-	<target host="www.torrentz.me" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TorreyCommerce.net.xml b/src/chrome/content/rules/TorreyCommerce.net.xml
index 5da7937cd8c1..eaa6513c03b3 100644
--- a/src/chrome/content/rules/TorreyCommerce.net.xml
+++ b/src/chrome/content/rules/TorreyCommerce.net.xml
@@ -9,7 +9,7 @@ Fetch error: http://torreycommerce.net/ => https://torreycommerce.net/: Redirect
 	For other TorreyCommerce coverage, see TorreyCommerce.xml.
 
 -->
-<ruleset name="TorreyCommerce.net" default_off='failed ruleset test'>
+<ruleset name="TorreyCommerce.net" default_off="failed ruleset test">
 
 	<target host="torreycommerce.net" />
 	<target host="www.torreycommerce.net" />
diff --git a/src/chrome/content/rules/Torus_Knot.com.xml b/src/chrome/content/rules/Torus_Knot.com.xml
index 8d707839a344..4b9e18753c51 100644
--- a/src/chrome/content/rules/Torus_Knot.com.xml
+++ b/src/chrome/content/rules/Torus_Knot.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?torusknot\.com/"
 		to="https://torusknot.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toshiba.co.jp.xml b/src/chrome/content/rules/Toshiba.co.jp.xml
index 0c9d580f6836..15686e336886 100644
--- a/src/chrome/content/rules/Toshiba.co.jp.xml
+++ b/src/chrome/content/rules/Toshiba.co.jp.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TotalBarcode.com.xml b/src/chrome/content/rules/TotalBarcode.com.xml
index 463117742c45..8acc39cfe2c2 100644
--- a/src/chrome/content/rules/TotalBarcode.com.xml
+++ b/src/chrome/content/rules/TotalBarcode.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TotalProSports.com.xml b/src/chrome/content/rules/TotalProSports.com.xml
new file mode 100644
index 000000000000..920dfa63d051
--- /dev/null
+++ b/src/chrome/content/rules/TotalProSports.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Connection refused:
+		- beta.totalprosports.com
+-->
+
+<ruleset name="TotalProSports.com">
+	<target host="totalprosports.com" />
+	<target host="www.totalprosports.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Boox.xml b/src/chrome/content/rules/Total_Boox.xml
index f3e3093bfb2e..f97b0d36f276 100644
--- a/src/chrome/content/rules/Total_Boox.xml
+++ b/src/chrome/content/rules/Total_Boox.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://totalboox.com/ => https://totalboox.com/: (6, 'Could not resolve host: totalboox.com')
 
 -->
-<ruleset name="Total Boox" default_off='failed ruleset test'>
+<ruleset name="Total Boox" default_off="failed ruleset test">
 
 	<target host="totalboox.com" />
 	<target host="www.totalboox.com" />
@@ -15,4 +15,4 @@ Fetch error: http://totalboox.com/ => https://totalboox.com/: (6, 'Could not res
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Eyecare.xml b/src/chrome/content/rules/Total_Eyecare.xml
index c56b8bfd2bef..11634f20244a 100644
--- a/src/chrome/content/rules/Total_Eyecare.xml
+++ b/src/chrome/content/rules/Total_Eyecare.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Fan_Shop.net.xml b/src/chrome/content/rules/Total_Fan_Shop.net.xml
index e69cb34996fe..ad5c2550e0fc 100644
--- a/src/chrome/content/rules/Total_Fan_Shop.net.xml
+++ b/src/chrome/content/rules/Total_Fan_Shop.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.totalfanshop.net/ => https://www.totalfanshop.net/: (28,
 Disabled by https-everywhere-checker because:
 Fetch error: http://totalfanshop.net/ => https://totalfanshop.net/: (35, 'error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure')
 -->
-<ruleset name="Total Fan Shop.net" default_off='failed ruleset test'>
+<ruleset name="Total Fan Shop.net" default_off="failed ruleset test">
 
 	<target host="totalfanshop.net" />
 	<target host="www.totalfanshop.net" />
@@ -18,4 +18,4 @@ Fetch error: http://totalfanshop.net/ => https://totalfanshop.net/: (35, 'error:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Total_Investor.xml b/src/chrome/content/rules/Total_Investor.xml
index c8688996cc89..e4f6f51203d5 100644
--- a/src/chrome/content/rules/Total_Investor.xml
+++ b/src/chrome/content/rules/Total_Investor.xml
@@ -24,7 +24,10 @@ Fetch error: http://totalinvestor.co.uk/ => https://www.totalinvestor.co.uk/: (7
 <ruleset name="Total Investor">
 
 	<target host="totalinvestor.co.uk" />
-	<target host="*.totalinvestor.co.uk" />
+	<target host="www.totalinvestor.co.uk" />
+	<target host="userfiles-m.totalinvestor.co.uk" />
+	<target host="userfiles-s.totalinvestor.co.uk" />
+	<target host="userfiles-xs.totalinvestor.co.uk" />
 
 
 	<securecookie host="^(?:www)?\.totalinvestor\.co\.uk$" name=".+" />
diff --git a/src/chrome/content/rules/Total_Web_Solutions.xml b/src/chrome/content/rules/Total_Web_Solutions.xml
index f0a537fb5385..a1326e5702d7 100644
--- a/src/chrome/content/rules/Total_Web_Solutions.xml
+++ b/src/chrome/content/rules/Total_Web_Solutions.xml
@@ -16,10 +16,16 @@ Fetch error: http://store.totalwebsolutions.com/ => https://store.totalwebsoluti
 	* Shows order.totalwebsecure.com; mismatched, CN: *.totalwebsecure.com
 
 -->
-<ruleset name="Total Web Solutions (partial)" default_off='failed ruleset test'>
-
-	<target host="*.totalhostingplus.com" />
-	<target host="*.totalwebsecure.com" />
+<ruleset name="Total Web Solutions (partial)" default_off="failed ruleset test">
+
+	<target host="vps-unixweb1.totalhostingplus.com" />
+	<target host="vps-unixweb2.totalhostingplus.com" />
+	<target host="vps-unixweb3.totalhostingplus.com" />
+	<target host="vps-unixweb4.totalhostingplus.com" />
+	<target host="vps-unixweb5.totalhostingplus.com" />
+	<target host="vps-unixweb6.totalhostingplus.com" />
+	<target host="merchant.totalwebsecure.com" />
+	<target host="order.totalwebsecure.com" />
 	<target host="store.totalwebsolutions.com" />
 
 
@@ -27,13 +33,8 @@ Fetch error: http://store.totalwebsolutions.com/ => https://store.totalwebsoluti
 	<securecookie host="^store\.totalwebsolutions\.com$" name=".+" />
 
 
-	<rule from="^http://vps-unixweb([1-6])\.totalhostingplus\.com/"
-		to="https://vps-unixweb$1.totalhostingplus.com/" />
 
-	<rule from="^http://(merchant|order)\.totalwebsecure\.com/"
-		to="https://$1.totalwebsecure.com/" />
 
-	<rule from="^http://store\.totalwebsolutions\.com/"
-		to="https://store.totalwebsolutions.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Totem.xml b/src/chrome/content/rules/Totem.xml
index 52fb72debd04..1b287aca2a7f 100644
--- a/src/chrome/content/rules/Totem.xml
+++ b/src/chrome/content/rules/Totem.xml
@@ -25,7 +25,7 @@
 		<test url="http://codeproof.totemapp.com/" />
 		<test url="http://gnupg.totemapp.com/" />
 		<test url="http://ingredientmatcher.totemapp.com/" />
-	
+
 	<!-- Invalid certificate
 		<test url="http://www.fracture.totemapp.com/" />
 	-->
diff --git a/src/chrome/content/rules/TouClick.xml b/src/chrome/content/rules/TouClick.xml
index 045781285103..25b24fe1c3da 100644
--- a/src/chrome/content/rules/TouClick.xml
+++ b/src/chrome/content/rules/TouClick.xml
@@ -2,20 +2,20 @@
 <!--
 Disabled by https-everywhere-checker because:
 Fetch error: http://admin.touclick.com/ => https://admin.touclick.com/: (35, 'error:14082174:SSL routines:ssl3_check_cert_and_algorithm:dh key too small')
-	
+
 	Redirect to http:
 	- ecs.touclick.com
 	- request.touclick.com
 	- test.touclick.com
 	- wt.touclick.com
-	- www.touclick.com 
+	- www.touclick.com
 	- xiaowangzi.touclick.com
-	
+
 	Broken:
 	- adc.touclick.com
 -->
 
-<ruleset name="TouClick" default_off='failed ruleset test'>
+<ruleset name="TouClick" default_off="failed ruleset test">
 
 	<target host="admin.touclick.com" />
 	<target host="captcha-static.touclick.com" />
@@ -23,5 +23,5 @@ Fetch error: http://admin.touclick.com/ => https://admin.touclick.com/: (35, 'er
 	<target host="js.touclick.com" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/TouTiao.xml b/src/chrome/content/rules/TouTiao.xml
index 4b0bee57cf79..987cc913d0ed 100644
--- a/src/chrome/content/rules/TouTiao.xml
+++ b/src/chrome/content/rules/TouTiao.xml
@@ -1,40 +1,34 @@
 <!--
-	404:
-		space.toutiao.com	(Redirect to 404error page)
-
-	MCB:
-		app.toutiao.com
-		m.toutiao.com
-
 	Mismatch:
-		(www.)?pstatp.com
-		i.pstatp.com
 		m.pstatp.com
+		s5.pstatp.com
 		v(0|1|2|4|5|6|7|9|10).pstatp.com
-		s[4-5].pstatp.com
 		(p|v)[0-10].statp.com
 -->
-
 <ruleset name="TouTiao (partial)">
-
 	<!-- Complications: -->
-	<target host="s4.pstatp.com" />
 	<target host="s5.pstatp.com" />
-	<rule from="^http://s(4|5)\.pstatp\.com/" to="https://s6.pstatp.com/" />
-		<test url="http://s4.pstatp.com/toutiao/resource/ntoutiao_web/static/image/logo_201f80d.png" />
+	<rule from="^http://s5\.pstatp\.com/" to="https://s6.pstatp.com/" />
 		<test url="http://s5.pstatp.com/toutiao/resource/ntoutiao_web/static/image/logo_201f80d.png" />
 
 	<!-- Directly: -->
 	<target host="toutiao.com" />
 	<target host="www.toutiao.com" />
-		<test url="http://www.toutiao.com/a6361374475379998978/" />
-		<test url="http://www.toutiao.com/i6360544217684509186/" />
 		<test url="http://www.toutiao.com/i6371298813642015233/" />
-
+	<target host="ad.toutiao.com" />
+	<target host="app.toutiao.com" />
+	<target host="m.toutiao.com" />
 	<target host="mp.toutiao.com" />
 	<target host="partner.toutiao.com" />
+	<target host="space.toutiao.com" />
 	<target host="web.toutiao.com" />
 
+	<target host="m.toutiaocdn.com" />
+		<test url="http://m.toutiaocdn.com/i6371298813642015233/" />
+	<target host="m.toutiaocdn.cn" />
+
+	<target host="pstatp.com" />
+	<target host="i.pstatp.com" />
 	<target host="p0.pstatp.com" />
 	<target host="p1.pstatp.com" />
 	<target host="p2.pstatp.com" />
@@ -55,6 +49,7 @@
 	<target host="s3.pstatp.com" />
 	<target host="s3a.pstatp.com" />
 	<target host="s3b.pstatp.com" />
+	<target host="s4.pstatp.com" />
 	<target host="s6.pstatp.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/TouchCommerce.xml b/src/chrome/content/rules/TouchCommerce.xml
deleted file mode 100644
index bbf861bda0c4..000000000000
--- a/src/chrome/content/rules/TouchCommerce.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	CDN buckets:
-
-		- touch-commerce-880c4ca5.s3.amazonaws.com
-
-
-	Nonfunctional domains:
-
-		- (www.)inq.com			(times out)
-		- touchcommerce.com		(cert: *.webvanta.com; 302s to www)
-		- www.touchcommerce.com		(times out)
-
--->
-<ruleset name="TouchCommerce (partial)">
-
-	<target host="*.inq.com" />
-		<!--
-			301s to www.touchcommerce.com.
-							-->
-		<exclusion pattern="^http://www\." />
-	<target host="go.touchcommerce.com" />
-
-
-	<!--	Clients have unique subdomains.
-						-->
-	<rule from="^http://([\w\-]+)\.inq\.com/"
-		to="https://$1.inq.com/" />
-
-	<!--	- $ 302s to app-j.market.com
-		- Pages 404
-						-->
-	<rule from="^http://go\.touchcommerce\.com/(cs|image|r)s/"
-		to="https://na-j.marketo.com/$1s/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TouchNet_Information_Systems.xml b/src/chrome/content/rules/TouchNet_Information_Systems.xml
index a8f05e2d7654..7674cf07937e 100644
--- a/src/chrome/content/rules/TouchNet_Information_Systems.xml
+++ b/src/chrome/content/rules/TouchNet_Information_Systems.xml
@@ -8,4 +8,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Touchandtravel.de.xml b/src/chrome/content/rules/Touchandtravel.de.xml
index b5b3cda3b6fb..89b203fa7dcb 100644
--- a/src/chrome/content/rules/Touchandtravel.de.xml
+++ b/src/chrome/content/rules/Touchandtravel.de.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.touchandtravel.de/ => https://www.touchandtravel.de/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Touchandtravel.de" default_off='failed ruleset test'>
+<ruleset name="Touchandtravel.de" default_off="failed ruleset test">
   <target host="www.touchandtravel.de" />
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Tourism_and_Events_Queensland.xml b/src/chrome/content/rules/Tourism_and_Events_Queensland.xml
index 7d86a4a08395..b16c0a79abda 100644
--- a/src/chrome/content/rules/Tourism_and_Events_Queensland.xml
+++ b/src/chrome/content/rules/Tourism_and_Events_Queensland.xml
@@ -11,7 +11,7 @@ Fetch error: http://atdw.tq.com.au/ => https://atdw.tq.com.au/: (51, "SSL: no al
 		- paypoint	(expired 2012-04-22)
 
 -->
-<ruleset name="Tourism and Events Queensland (partial)" default_off='failed ruleset test'>
+<ruleset name="Tourism and Events Queensland (partial)" default_off="failed ruleset test">
 
 	<target host="atdw.tq.com.au" />
 
@@ -21,4 +21,4 @@ Fetch error: http://atdw.tq.com.au/ => https://atdw.tq.com.au/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TousLesCours.com.xml b/src/chrome/content/rules/TousLesCours.com.xml
new file mode 100644
index 000000000000..b979e819452a
--- /dev/null
+++ b/src/chrome/content/rules/TousLesCours.com.xml
@@ -0,0 +1,11 @@
+<!--
+	See for related rulesets: FrancaisFacile.com.xml
+-->
+<ruleset name="TousLesCours.com">
+	<target host="touslescours.com" />
+	<target host="www.touslescours.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TowersTimes.co.uk.xml b/src/chrome/content/rules/TowersTimes.co.uk.xml
new file mode 100644
index 000000000000..2019280fff3e
--- /dev/null
+++ b/src/chrome/content/rules/TowersTimes.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		forum.towerstimes.co.uk
+		old.towerstimes.co.uk
+-->
+<ruleset name="TowersTimes.co.uk">
+
+	<target host="towerstimes.co.uk" />
+	<target host="www.towerstimes.co.uk" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Toyota.es.xml b/src/chrome/content/rules/Toyota.es.xml
index 51d8d63a35ff..1ce4a2b43c9c 100644
--- a/src/chrome/content/rules/Toyota.es.xml
+++ b/src/chrome/content/rules/Toyota.es.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Toys_R_Us.com.xml b/src/chrome/content/rules/Toys_R_Us.com.xml
deleted file mode 100644
index af1a91465148..000000000000
--- a/src/chrome/content/rules/Toys_R_Us.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<ruleset name="Toys R Us.com (partial)">
-
-	<target host="toysrus.com" />
-	<target host="www.toysrus.com" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.toysrus\.com/shop/index\.jsp" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.toysrus\.com/+(?!cms_widgets/|css/|favicon\.ico|graphics/|images/|include/|min-cat/|onlineopinionV5/|product/index\.jsp|regCookie\.jsp)" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?toysrus\.com$" name="^StackLocation$" /-->
-	<!--securecookie host="^\.toysrus\.com$" name="^rwValues$" /-->
-	<!--securecookie host="^www\.toysrus\.com$" name="^(JSESSIONID|browser_id)$" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tpaste.us.xml b/src/chrome/content/rules/Tpaste.us.xml
new file mode 100644
index 000000000000..44ddeb9da095
--- /dev/null
+++ b/src/chrome/content/rules/Tpaste.us.xml
@@ -0,0 +1,9 @@
+<!--
+	Mismatch:
+		- www.tpaste.us (not the same as tpaste.us)
+-->
+<ruleset name="Tpaste.us">
+	<target host="tpaste.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TracFone_Wireless.com.xml b/src/chrome/content/rules/TracFone_Wireless.com.xml
deleted file mode 100644
index bbc88263cf36..000000000000
--- a/src/chrome/content/rules/TracFone_Wireless.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Other TracFone Wireless rulesets:
-
-		- TracFone.com.xml
-
--->
-<ruleset name="TracFone Wireless.com (partial)">
-
-	<target host="media.tracfonewireless.com" />
-
-
-	<!--	Could we secure either of these safely?
-							-->
-	<!--securecookie host="^\.tracfonewireless\.com$" name="^(CSList|PrefID)$" /-->
-	<securecookie host="^media\.tracfonewireless\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trace_Register.xml b/src/chrome/content/rules/Trace_Register.xml
index dda75eaadced..50cfa904dcb4 100644
--- a/src/chrome/content/rules/Trace_Register.xml
+++ b/src/chrome/content/rules/Trace_Register.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trachtenshop24.de.xml b/src/chrome/content/rules/Trachtenshop24.de.xml
deleted file mode 100644
index c5297d4d9b3e..000000000000
--- a/src/chrome/content/rules/Trachtenshop24.de.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Trachtenshop24.de">
-<target host="www.trachtenshop24.de" />
-
-<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Traction-Digital.com.xml b/src/chrome/content/rules/Traction-Digital.com.xml
index df99a938d0e2..f107d8393784 100644
--- a/src/chrome/content/rules/Traction-Digital.com.xml
+++ b/src/chrome/content/rules/Traction-Digital.com.xml
@@ -1,33 +1,15 @@
 <!--
-	For rules causing false/broken MCB, see Traction-Digital.com-falsemixed.xml.
-
-
 	Other Traction Digital rulesets:
 
 		- Ecm74.com.xml
 
-
-	CDN buckets:
-
-		- dujdlx1yovuet.cloudfront.net
-
-			- cdn
-
-
-	(www.): plaintext reply
-
 -->
-<ruleset name="Traction-Digital.com (partial)">
-
-	<target host="*.traction-digital.com" />
-
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^\.traction-digital\.com$" name="^__utm\w+$" />
+<ruleset name="Traction-Digital.com">
 
+	<target host="traction-digital.com" />
+	<target host="www.traction-digital.com" />
+	<target host="info.traction-digital.com" />
 
-	<rule from="^http://cdn\.transaction-digital\.com/"
-		to="https://dujdlx1yovuet.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TradeLeaks.com.xml b/src/chrome/content/rules/TradeLeaks.com.xml
index 05c3b0e2fff5..9c2005d5384e 100644
--- a/src/chrome/content/rules/TradeLeaks.com.xml
+++ b/src/chrome/content/rules/TradeLeaks.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.tradeleaks.com/ => https://www.tradeleaks.com/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="TradeLeaks.com" default_off='failed ruleset test'>
+<ruleset name="TradeLeaks.com" default_off="failed ruleset test">
 
 	<target host="tradeleaks.com" />
 	<target host="www.tradeleaks.com" />
diff --git a/src/chrome/content/rules/TradeNetworks.xml b/src/chrome/content/rules/TradeNetworks.xml
index 905fc94ae04a..91ba92586429 100644
--- a/src/chrome/content/rules/TradeNetworks.xml
+++ b/src/chrome/content/rules/TradeNetworks.xml
@@ -20,4 +20,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tradeinchecker.com.xml b/src/chrome/content/rules/Tradeinchecker.com.xml
deleted file mode 100644
index 28ac3c5293a5..000000000000
--- a/src/chrome/content/rules/Tradeinchecker.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="tradeinchecker.com">
-
-	<target host="tradeinchecker.com" />
-	<target host="www.tradeinchecker.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tradelab.xml b/src/chrome/content/rules/Tradelab.xml
index ef61d84765cd..687f73712aea 100644
--- a/src/chrome/content/rules/Tradelab.xml
+++ b/src/chrome/content/rules/Tradelab.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TrafficHolder.com.xml b/src/chrome/content/rules/TrafficHolder.com.xml
deleted file mode 100644
index a45dc7ddc9d6..000000000000
--- a/src/chrome/content/rules/TrafficHolder.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Refused:
-		click.trafficholder.com
-		hit.trafficholder.com
-		track.trafficholder.com
-
--->
-<ruleset name="Traffic Holder">
-
-	<target host="trafficholder.com" />
-	<target host="www.trafficholder.com" />
-	<target host="fr.trafficholder.com" />
-	<target host="new.trafficholder.com" />
-	<target host="secure.trafficholder.com" />
-	<target host="support.trafficholder.com" />
-	<target host="ticket.trafficholder.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TrafficPrivacy.xml b/src/chrome/content/rules/TrafficPrivacy.xml
index 03a53dbd82f0..724e7fb5d979 100644
--- a/src/chrome/content/rules/TrafficPrivacy.xml
+++ b/src/chrome/content/rules/TrafficPrivacy.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.trafficprivacy.com/ => https://trafficprivacy.com/: (60,
 		- trafficprivacy.com
 
 -->
-<ruleset name="TrafficPrivacy.com" default_off='failed ruleset test'>
+<ruleset name="TrafficPrivacy.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Traffic_Safety_Marketing.gov.xml b/src/chrome/content/rules/Traffic_Safety_Marketing.gov.xml
deleted file mode 100644
index bf5e3edede9e..000000000000
--- a/src/chrome/content/rules/Traffic_Safety_Marketing.gov.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Traffic Safety Marketing.gov">
-	<target host="trafficsafetymarketing.gov" />
-	<target host="www.trafficsafetymarketing.gov" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Trafficfacts.com.xml b/src/chrome/content/rules/Trafficfacts.com.xml
index 313e7f95add6..50e3fd20a5eb 100644
--- a/src/chrome/content/rules/Trafficfacts.com.xml
+++ b/src/chrome/content/rules/Trafficfacts.com.xml
@@ -6,8 +6,8 @@ Fetch error: http://rt.trafficfacts.com/ => https://rt.trafficfacts.com/: (6, 'C
 Disabled by https-everywhere-checker because:
 Fetch error: http://rt.trafficfacts.com/ => https://rt.trafficfacts.com/: (6, 'Could not resolve host: rt.trafficfacts.com')
 -->
-<ruleset name="Trafficfacts.com" default_off='failed ruleset test'>
+<ruleset name="Trafficfacts.com" default_off="failed ruleset test">
 	<target host="rt.trafficfacts.com" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trafficmaxx.xml b/src/chrome/content/rules/Trafficmaxx.xml
index 8da071eafe0a..1fed66484962 100644
--- a/src/chrome/content/rules/Trafficmaxx.xml
+++ b/src/chrome/content/rules/Trafficmaxx.xml
@@ -8,14 +8,14 @@ Fetch error: http://s3.trafficmaxx.de/ => https://s3.trafficmaxx.de/: (28, 'Conn
 		- (www.)trafficmaxx.com	(cert: *.trafficmaxx.de; redirects there)
 
 -->
-<ruleset name="trafficmaxx (partial)" default_off='failed ruleset test'>
+<ruleset name="trafficmaxx (partial)" default_off="failed ruleset test">
 
 	<target host="trafficmaxx.de" />
 	<target host="s3.trafficmaxx.de" />
 	<target host="www.trafficmaxx.de" />
 
 
-	<securecookie host="^.*\.traffixmaxx\.de$" name=".+" />
+	<securecookie host="^.*\.trafficmaxx\.de$" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Trails.com.xml b/src/chrome/content/rules/Trails.com.xml
new file mode 100644
index 000000000000..4107a429a2e9
--- /dev/null
+++ b/src/chrome/content/rules/Trails.com.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+-->
+<ruleset name="Trails.com (partial)">
+	<target host="trails.com" />
+	<target host="www.trails.com" />
+	<target host="api.trails.com" />
+	<target host="cdn-www.trails.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trakehner-nord-west.de.xml b/src/chrome/content/rules/Trakehner-nord-west.de.xml
deleted file mode 100644
index 0bffaec21d90..000000000000
--- a/src/chrome/content/rules/Trakehner-nord-west.de.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Trakehner-nord-west.de">
-	<target host="www.trakehner-nord-west.de" />
-	<target host="trakehner-nord-west.de" />
-
-	<securecookie host="^(www\.)?trakehner-nord-west\.de$" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/TransLink.ca.xml b/src/chrome/content/rules/TransLink.ca.xml
new file mode 100644
index 000000000000..6ca2c820a856
--- /dev/null
+++ b/src/chrome/content/rules/TransLink.ca.xml
@@ -0,0 +1,48 @@
+<!--
+	Invalid certificate:
+		translink.bc.ca
+		www.translink.bc.ca
+		nextbus.translink.bc.ca
+		www.alerts.translink.ca
+
+	Time out:
+		infomaps.translink.ca
+		mbltripplanning.translink.bc.ca
+
+	Server sends no certificate chain, see https://whatsmychaincert.com:
+		buzzer.translink.ca
+		employee.translink.ca
+		infraction.translink.ca
+-->
+<ruleset name="TransLink.ca">
+	<target host="careers.translink.bc.ca" />
+	<target host="empsupport.translink.bc.ca" />
+	<target host="compasscard.ca" />
+	<target host="www.compasscard.ca" />
+	<target host="translink.ca" />
+	<target host="*.translink.ca" />
+		<test url="http://www.translink.ca/" />
+		<test url="http://10yearvision.translink.ca/" />
+		<test url="http://developer.translink.ca/" />
+		<test url="http://fav.translink.ca/" />
+		<test url="http://feedback.translink.ca/" />
+		<test url="http://m.translink.ca/" />
+		<test url="http://mfb.translink.ca/" />
+		<test url="http://msft.translink.ca/" />
+		<test url="http://myaccess.translink.ca/" />
+		<test url="http://nb.translink.ca/" />
+		<test url="http://tenyearvision.translink.ca/" />
+		<test url="http://tp.translink.ca/" />
+		<test url="http://tripplanning.translink.ca/" />
+		<test url="http://upassbc.translink.ca/" />
+	<target host="translinklistens.ca" />
+	<target host="www.translinklistens.ca" />
+	<target host="join.translinklistens.ca" />
+	<target host="translinkstore.ca" />
+	<target host="www.translinkstore.ca" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TransTravels.lgbt.xml b/src/chrome/content/rules/TransTravels.lgbt.xml
deleted file mode 100644
index 3c45987967d9..000000000000
--- a/src/chrome/content/rules/TransTravels.lgbt.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="TransTravels.lgbt">
-	<target host="transtravels.lgbt" />
-	<target host="www.transtravels.lgbt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Trans_Marine.xml b/src/chrome/content/rules/Trans_Marine.xml
index bb426055cf6b..8f67595961f7 100644
--- a/src/chrome/content/rules/Trans_Marine.xml
+++ b/src/chrome/content/rules/Trans_Marine.xml
@@ -5,7 +5,7 @@ Fetch error: http://transmarine.org/ => https://transmarine.org/: (60, 'SSL cert
 Fetch error: http://www.transmarine.org/ => https://www.transmarine.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Trans Marine" default_off='failed ruleset test'>
+<ruleset name="Trans Marine" default_off="failed ruleset test">
 
 	<target host="transmarine.org" />
 	<target host="www.transmarine.org" />
@@ -16,4 +16,4 @@ Fetch error: http://www.transmarine.org/ => https://www.transmarine.org/: (60, '
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TransferWise.com.xml b/src/chrome/content/rules/TransferWise.com.xml
index c969e59bf4c8..8f0e3304aa63 100644
--- a/src/chrome/content/rules/TransferWise.com.xml
+++ b/src/chrome/content/rules/TransferWise.com.xml
@@ -1,32 +1,32 @@
 <!--
-	Problematic hosts in *transferwise.com:
-
-		- swift-bic ᴴ ᵐ
-
-	ᴴ Herokuapp
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- transferwise.com
-
+	Non-functional subdomains:
+		- document-store	(m)
+		- links		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="TransferWise.com (partial)">
+<ruleset name="TransferWise.com">
 
 	<target host="transferwise.com" />
 	<target host="www.transferwise.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^transferwise\.com$" name="^(?:exp|gid|localeData)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-	<securecookie host="^\." name="^_gat?$" />
-
+	<target host="api.transferwise.com" />
+	<target host="api-docs.transferwise.com" />
+	<target host="api-sandbox.transferwise.com" />
+	<target host="bootstrap.transferwise.com" />
+	<target host="bot.transferwise.com" />
+	<target host="brand.transferwise.com" />
+	<target host="jobs.transferwise.com" />
+	<target host="tech.transferwise.com" />
+	<target host="vpn.transferwise.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Transformationmadeeasy.com.xml b/src/chrome/content/rules/Transformationmadeeasy.com.xml
index 38532c51c7b0..8f63d5775112 100644
--- a/src/chrome/content/rules/Transformationmadeeasy.com.xml
+++ b/src/chrome/content/rules/Transformationmadeeasy.com.xml
@@ -29,4 +29,4 @@
 	<rule from="^http://(?:www\.)?(?:ask-inc|transformationmadeeasy)\.com/"
 		to="https://www.transformationmadeeasy.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Transformative_Works.org.xml b/src/chrome/content/rules/Transformative_Works.org.xml
index 58b4a4e33b5e..a323e2d23f0b 100644
--- a/src/chrome/content/rules/Transformative_Works.org.xml
+++ b/src/chrome/content/rules/Transformative_Works.org.xml
@@ -31,7 +31,7 @@ Fetch error: http://www.transformativeworks.org/ => https://transformativeworks.
 	² Secured in -problematic
 
 -->
-<ruleset name="Transformative Works.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Transformative Works.org (partial)" default_off="failed ruleset test">
 
 	<target host="transformativeworks.org" />
 	<target host="www.transformativeworks.org" />
diff --git a/src/chrome/content/rules/TranslateHouse.org.xml b/src/chrome/content/rules/TranslateHouse.org.xml
new file mode 100644
index 000000000000..f9f5348fb274
--- /dev/null
+++ b/src/chrome/content/rules/TranslateHouse.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Mismatch:
+		translatehouse.org
+		docs.translatehouse.org
+-->
+<ruleset name="TranslateHouse.org">
+	<target host="amagama.translatehouse.org" />
+	<target host="pootle.translatehouse.org" />
+	<target host="toolkit.translatehouse.org" />
+	<target host="virtaal.translatehouse.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TranslateThi.is.xml b/src/chrome/content/rules/TranslateThi.is.xml
index 02fcafcbf510..f5ffc76f4481 100644
--- a/src/chrome/content/rules/TranslateThi.is.xml
+++ b/src/chrome/content/rules/TranslateThi.is.xml
@@ -13,12 +13,11 @@ Non-2xx HTTP code: http://x.translateth.is/ (200) => https://s3.amazonaws.com/x.
 		- (www.)	(prints "dashd", invalid cert)
 
 -->
-<ruleset name="TranslateThi.is (partial)" default_off='failed ruleset test'>
+<ruleset name="TranslateThi.is (partial)" default_off="failed ruleset test">
 
 	<target host="x.translateth.is" />
 
 
-	<rule from="^http://x\.translateth\.is/"
-		to="https://s3.amazonaws.com/x.translateth.is/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Translatewiki.net.xml b/src/chrome/content/rules/Translatewiki.net.xml
index e543ad0f4f93..f5a607b27686 100644
--- a/src/chrome/content/rules/Translatewiki.net.xml
+++ b/src/chrome/content/rules/Translatewiki.net.xml
@@ -3,4 +3,4 @@
   <target host="www.translatewiki.net" />
 
   <rule from="^http://(?:www\.)?translatewiki\.net/" to="https://translatewiki.net/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Translink.xml b/src/chrome/content/rules/Translink.xml
index b121eafd6500..52877bed8196 100644
--- a/src/chrome/content/rules/Translink.xml
+++ b/src/chrome/content/rules/Translink.xml
@@ -6,7 +6,7 @@
 <ruleset name="Translink">
 
 	<target host="translink.co.uk" />
-	<target host="*.translink.co.uk" />
+	<target host="www.translink.co.uk" />
 
 
 	<securecookie host="^w*\.translink.co.uk$" name=".+" />
diff --git a/src/chrome/content/rules/TransmissionZero.co.uk.xml b/src/chrome/content/rules/TransmissionZero.co.uk.xml
new file mode 100644
index 000000000000..0422718260b7
--- /dev/null
+++ b/src/chrome/content/rules/TransmissionZero.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	Unable to connect:
+		transmissionzero.co.uk
+-->
+<ruleset name="TransmissionZero.co.uk">
+	<target host="transmissionzero.co.uk" />
+	<target host="www.transmissionzero.co.uk" />
+	<target host="files.transmissionzero.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://transmissionzero\.co\.uk/" to="https://www.transmissionzero.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Transmode.se.xml b/src/chrome/content/rules/Transmode.se.xml
index 2f8f8e5517c7..9d4ffda77505 100644
--- a/src/chrome/content/rules/Transmode.se.xml
+++ b/src/chrome/content/rules/Transmode.se.xml
@@ -9,7 +9,7 @@ Fetch error: http://transmode.se/ => https://www.transmode.com/: (7, 'Failed to
 	(www.): mismatched
 
 -->
-<ruleset name="Transmode.se" default_off='failed ruleset test'>
+<ruleset name="Transmode.se" default_off="failed ruleset test">
 
 	<target host="transmode.se" />
 	<target host="*.transmode.se" />
diff --git a/src/chrome/content/rules/Transmode.xml b/src/chrome/content/rules/Transmode.xml
index 2c1ef0a40f4a..5683d4e8db83 100644
--- a/src/chrome/content/rules/Transmode.xml
+++ b/src/chrome/content/rules/Transmode.xml
@@ -16,12 +16,12 @@ Fetch error: http://www.transmode.com/ => https://www.transmode.com/: (7, 'Faile
 	* Secured by us
 
 -->
-<ruleset name="Transmode" default_off='failed ruleset test'>
+<ruleset name="Transmode" default_off="failed ruleset test">
 
 	<target host="transmode.com"/>
 	<target host="www.transmode.com"/>
 
-	<securecookie host="^(?:.*\.)?transmode\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Transparency_Toolkit.org.xml b/src/chrome/content/rules/Transparency_Toolkit.org.xml
index fafd5ac0481d..c1b1ddbd77ae 100644
--- a/src/chrome/content/rules/Transparency_Toolkit.org.xml
+++ b/src/chrome/content/rules/Transparency_Toolkit.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://htwiki.transparencytoolkit.org/ => https://htwiki.transparen
 		- .transparencytoolkit.org
 
 -->
-<ruleset name="Transparency Toolkit.org" default_off='failed ruleset test'>
+<ruleset name="Transparency Toolkit.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Trapologyboston.com.xml b/src/chrome/content/rules/Trapologyboston.com.xml
new file mode 100644
index 000000000000..93b7cef3362e
--- /dev/null
+++ b/src/chrome/content/rules/Trapologyboston.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Trapologyboston.com">
+	<target host="trapologyboston.com" />
+	<target host="www.trapologyboston.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trash-Mail.com.xml b/src/chrome/content/rules/Trash-Mail.com.xml
deleted file mode 100644
index caa25aa88d4c..000000000000
--- a/src/chrome/content/rules/Trash-Mail.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Trash-Mail.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="trash-mail.com" />
-	<target host="www.trash-mail.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trauer.de.xml b/src/chrome/content/rules/Trauer.de.xml
index deaab097b3b4..9911e2cbc5ce 100644
--- a/src/chrome/content/rules/Trauer.de.xml
+++ b/src/chrome/content/rules/Trauer.de.xml
@@ -5,13 +5,13 @@
 <ruleset name="Trauer.de">
 
 	<target host="trauer.de" />
-	<target host="*.trauer.de" />
+	<target host="www.trauer.de" />
+	<target host="forum.trauer.de" />
 
 
 	<rule from="^http://(?:www\.)?trauer\.de/"
 		to="https://www.trauer.de/" />
 
-	<rule from="^http://forum\.trauer\.de/"
-		to="https://forum.trauer.de/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TravelBlog.xml b/src/chrome/content/rules/TravelBlog.xml
index 8a7f6b3fed2f..835e2edb6898 100644
--- a/src/chrome/content/rules/TravelBlog.xml
+++ b/src/chrome/content/rules/TravelBlog.xml
@@ -3,7 +3,7 @@
 	<target host="photos.travelblog.org" />
 	<target host=   "www.travelblog.org" />
 
-	<securecookie host="^.*\.?travelblog\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/TravelDoctor.xml b/src/chrome/content/rules/TravelDoctor.xml
index 71fad445718d..5045bf52c2ac 100644
--- a/src/chrome/content/rules/TravelDoctor.xml
+++ b/src/chrome/content/rules/TravelDoctor.xml
@@ -1,7 +1,7 @@
 <ruleset name="Travel Doctor">
 	<target host="traveldoctor.com.au" />
-	<target host="*.traveldoctor.com.au" />
+	<target host="www.traveldoctor.com.au" />
 
 	<rule from="^http://(?:www\.)?traveldoctor\.com\.au/"
 		to="https://www.traveldoctor.com.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TravelNow.xml b/src/chrome/content/rules/TravelNow.xml
index 35f8fdea7c29..513ac4da2ae2 100644
--- a/src/chrome/content/rules/TravelNow.xml
+++ b/src/chrome/content/rules/TravelNow.xml
@@ -16,7 +16,7 @@ Fetch error: http://dg.travelnow.com/ => https://dg.travelnow.com/: (6, 'Could n
 		- .www.travelnow.com
 
 -->
-<ruleset name="TravelNow.com (partial)" default_off='failed ruleset test'>
+<ruleset name="TravelNow.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TravelPod.xml b/src/chrome/content/rules/TravelPod.xml
deleted file mode 100644
index d0735459b0a7..000000000000
--- a/src/chrome/content/rules/TravelPod.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(redirects to http)
-
--->
-<ruleset name="TravelPod (partial)">
-
-	<target host="images.travelpod.com" />
-
-
-	<rule from="^http://images\.travelpod\.com/(?!cgi-bin/|users/)"
-		to="https://images.travelpod.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Travel_Plan.xml b/src/chrome/content/rules/Travel_Plan.xml
index 827b00269503..e5fd9a0a5b73 100644
--- a/src/chrome/content/rules/Travel_Plan.xml
+++ b/src/chrome/content/rules/Travel_Plan.xml
@@ -8,7 +8,7 @@ Automatically by https-everywhere-checker because:
 Fetch error: http://travelplan.gr/ => https://travelplan.gr/: Cycle detected - URL already encountered: https://travelplan.gr/
 Fetch error: http://www.travelplan.gr/ => https://www.travelplan.gr/: Cycle detected - URL already encountered: https://www.travelplan.gr/
 -->
-<ruleset name="Travel Plan" default_off='failed ruleset test'>
+<ruleset name="Travel Plan" default_off="failed ruleset test">
 
 	<target host="travelplan.gr" />
 	<target host="www.travelplan.gr" />
@@ -19,4 +19,4 @@ Fetch error: http://www.travelplan.gr/ => https://www.travelplan.gr/: Cycle dete
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travelingnuker.com.xml b/src/chrome/content/rules/Travelingnuker.com.xml
index 4e5f230956d6..36e14d307180 100644
--- a/src/chrome/content/rules/Travelingnuker.com.xml
+++ b/src/chrome/content/rules/Travelingnuker.com.xml
@@ -22,7 +22,7 @@
 <ruleset name="Travelingnuker.com (partial)">
 
 	<target host="travelingnuker.com" />
-	<target host="*.travelingnuker.com" />
+	<target host="www.travelingnuker.com" />
 
 
 	<securecookie host="^(?:www)?\.travelingnuker\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Travelmarket.com.xml b/src/chrome/content/rules/Travelmarket.com.xml
index e8bed68b8e11..53b6e82fc704 100644
--- a/src/chrome/content/rules/Travelmarket.com.xml
+++ b/src/chrome/content/rules/Travelmarket.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://tmcomponents.travelmarket.com/ => https://tmcomponents.trave
 	* Refused
 
 -->
-<ruleset name="Travelmarket.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Travelmarket.com (partial)" default_off="failed ruleset test">
 
 	<target host="tmcomponents.travelmarket.com" />
 
@@ -21,4 +21,4 @@ Fetch error: http://tmcomponents.travelmarket.com/ => https://tmcomponents.trave
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Travelocity.xml b/src/chrome/content/rules/Travelocity.xml
index 8a38e96fa94a..bad884ee8c31 100644
--- a/src/chrome/content/rules/Travelocity.xml
+++ b/src/chrome/content/rules/Travelocity.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://travelocity.com/ (200) => https://www.travelocity.com/ (403)
 
 -->
-<ruleset name="Travelocity" default_off='failed ruleset test'>
+<ruleset name="Travelocity" default_off="failed ruleset test">
 	<target host=    "travelocity.com" />
 	<target host="www.travelocity.com" />
 	<target host=    "travelocity.ca" />
diff --git a/src/chrome/content/rules/Travelspecialistsite.com.xml b/src/chrome/content/rules/Travelspecialistsite.com.xml
index 71379139b405..f63c24a2ca8f 100644
--- a/src/chrome/content/rules/Travelspecialistsite.com.xml
+++ b/src/chrome/content/rules/Travelspecialistsite.com.xml
@@ -16,7 +16,7 @@
 		- www.manager.travelspecialistsite.com
 
 -->
-<ruleset name="travelspecialistsite.com" default_off="missing certificate chain">
+<ruleset name="travelspecialistsite.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Travelzoo.com.xml b/src/chrome/content/rules/Travelzoo.com.xml
index 8aecbc5fe0c3..290ce2e978c5 100644
--- a/src/chrome/content/rules/Travelzoo.com.xml
+++ b/src/chrome/content/rules/Travelzoo.com.xml
@@ -44,9 +44,13 @@
 -->
 <ruleset name="Travelzoo.com (partial)">
 
-	<target host="*.tzoo-img.com" />
+	<target host="ssl.tzoo-img.com" />
+	<target host="www.tzoo-img.com" />
 	<target host="travelzoo.com" />
-	<target host="*.travelzoo.com" />
+	<target host="ssl.travelzoo.com" />
+	<target host="www.travelzoo.com" />
+	<target host="oascentral.travelzoo.com" />
+	<target host="cache.travelzoo.com" />
 
 
 	<securecookie host="^ssl\.travelzoo\.com$" name=".+" />
@@ -61,4 +65,4 @@
 	<rule from="^http://(?:cache\.travelzoo|(?:ssl|www)\.tzoo-img)\.com/"
 		to="https://ssl.tzoo-img.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Treasury.gov.xml b/src/chrome/content/rules/Treasury.gov.xml
index c0d10cce5c88..2ec2bf2392f5 100644
--- a/src/chrome/content/rules/Treasury.gov.xml
+++ b/src/chrome/content/rules/Treasury.gov.xml
@@ -39,7 +39,7 @@ Fetch error: http://m.treasury.gov/ => https://m.treasury.gov/: (51, "SSL: no al
 	* Secured by us
 
 -->
-<ruleset name="Treasury.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="Treasury.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Trefis.xml b/src/chrome/content/rules/Trefis.xml
index 2a5a1e2e7f30..c664d1009dc2 100644
--- a/src/chrome/content/rules/Trefis.xml
+++ b/src/chrome/content/rules/Trefis.xml
@@ -14,7 +14,8 @@ Fetch error: http://trefis.com/ => https://www.trefis.com/: Cycle detected - URL
 <ruleset name="Trefis">
 
 	<target host="trefis.com" />
-	<target host="*.trefis.com" />
+	<target host="www.trefis.com" />
+	<target host="cdn.trefis.com" />
 
 
 	<securecookie host="^www\.trefis\.com$" name=".+" />
@@ -23,7 +24,6 @@ Fetch error: http://trefis.com/ => https://www.trefis.com/: Cycle detected - URL
 	<rule from="^http://(?:www\.)?trefis\.com/"
 		to="https://www.trefis.com/" />
 
-	<rule from="^http://cdn\.trefis\.com/"
-		to="https://cdn.trefis.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Trekaroo.xml b/src/chrome/content/rules/Trekaroo.xml
deleted file mode 100644
index 3204a9229749..000000000000
--- a/src/chrome/content/rules/Trekaroo.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- cdn[12]	(502)
-
-
-	Problematic subdomains:
-
-		- ^	(502)
-
--->
-<ruleset name="Trekaroo (partial)">
-
-	<target host="trekaroo.com" />
-	<target host="*.trekaroo.com" />
-		<exclusion pattern="^http://(?:www\.)?trekaroo\.com/(?!img/|images/|photos/|stylesheets/)" />
-
-
-	<rule from="^http://(?:cdn[12]\.|www\.)?trekaroo\.com/"
-		to="https://www.trekaroo.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tremor_Video.com.xml b/src/chrome/content/rules/Tremor_Video.com.xml
index 50c6fd6df583..e24d6bf44451 100644
--- a/src/chrome/content/rules/Tremor_Video.com.xml
+++ b/src/chrome/content/rules/Tremor_Video.com.xml
@@ -36,4 +36,4 @@
 	<rule from="^http://investor\.tremorvideo\.com/(modul|sit)es/"
 		to="https://tremorvideo.investorhq.businesswire.com/$1es/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TrendWeight.xml b/src/chrome/content/rules/TrendWeight.xml
index d6a887e4871e..c11669d47f14 100644
--- a/src/chrome/content/rules/TrendWeight.xml
+++ b/src/chrome/content/rules/TrendWeight.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trend_Micro.eu.xml b/src/chrome/content/rules/Trend_Micro.eu.xml
index 35335651ef76..75788e4c0517 100644
--- a/src/chrome/content/rules/Trend_Micro.eu.xml
+++ b/src/chrome/content/rules/Trend_Micro.eu.xml
@@ -15,7 +15,7 @@
 
 		- countermeasures ¹
 		- eeur ²
-		
+
 	¹ Mixed css
 	² Akamai
 
diff --git a/src/chrome/content/rules/Trgt.eu.xml b/src/chrome/content/rules/Trgt.eu.xml
index 3c96f49cf7a9..9e374b41b19b 100644
--- a/src/chrome/content/rules/Trgt.eu.xml
+++ b/src/chrome/content/rules/Trgt.eu.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cdn.trgt.eu/ => https://cdn.trgt.eu/: (6, 'Could not resolve host: cdn.trgt.eu')
 
 -->
-<ruleset name="trgt.eu" default_off='failed ruleset test'>
+<ruleset name="trgt.eu" default_off="failed ruleset test">
 
 	<target host="cdn.trgt.eu" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tri-CUE.xml b/src/chrome/content/rules/Tri-CUE.xml
index 77914d7093e5..2154776d2b7c 100644
--- a/src/chrome/content/rules/Tri-CUE.xml
+++ b/src/chrome/content/rules/Tri-CUE.xml
@@ -8,9 +8,9 @@
 	<target host="www.tricue.com" />
 
 
-	<securecookie host="^www\.tricue\.com$" name=".+" />	
+	<securecookie host="^www\.tricue\.com$" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TriDeci.xml b/src/chrome/content/rules/TriDeci.xml
deleted file mode 100644
index 51ebf22e3472..000000000000
--- a/src/chrome/content/rules/TriDeci.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="TriDeci">
-
-	<target host="trideci.com" />
-	<target host="www.trideci.com" />
-
-
-	<securecookie host="^(?:www\.)?trideci\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TrialFunder.com.xml b/src/chrome/content/rules/TrialFunder.com.xml
deleted file mode 100644
index 8fa89b61d7cf..000000000000
--- a/src/chrome/content/rules/TrialFunder.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="TrialFunder.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="trialfunder.com" />
-	<target host="www.trialfunder.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TrialPay.xml b/src/chrome/content/rules/TrialPay.xml
index b920d4ab0ec6..541ec3f2ba90 100644
--- a/src/chrome/content/rules/TrialPay.xml
+++ b/src/chrome/content/rules/TrialPay.xml
@@ -9,7 +9,8 @@
 <ruleset name="TrialPay (partial)" platform="mixedcontent">
 
 	<target host="trialpay.com" />
-	<target host="*.trialpay.com" />
+	<target host="www.trialpay.com" />
+	<target host="assets.trialpay.com" />
 		<!--
 			Redirects to http:
 						-->
@@ -22,7 +23,6 @@
 	<rule from="^http://(?:www\.)?trialpay\.com/"
 		to="https://www.trialpay.com/" />
 
-	<rule from="^http://assets\.trialpay\.com/"
-		to="https://d2n8p8eh14pae1.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tribalhosting.net.xml b/src/chrome/content/rules/Tribalhosting.net.xml
deleted file mode 100644
index 4534fca77373..000000000000
--- a/src/chrome/content/rules/Tribalhosting.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="tribalhosting.net">
-
-	<target host="tribalhosting.net" />
-	<target host="assets.tribalhosting.net" />
-	<target host="www.tribalhosting.net" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tribune.xml b/src/chrome/content/rules/Tribune.xml
index 14887fb571dd..ba3c621ff9cd 100644
--- a/src/chrome/content/rules/Tribune.xml
+++ b/src/chrome/content/rules/Tribune.xml
@@ -13,7 +13,7 @@
 
 		- s3.amazonaws.com/MG2_Tribune/
 
-		-  trb.edgesuite.net 
+		-  trb.edgesuite.net
 
 			- www.trbimg.com
 
diff --git a/src/chrome/content/rules/Tricolumbia.org.xml b/src/chrome/content/rules/Tricolumbia.org.xml
index b301916cf507..00bb1399e238 100644
--- a/src/chrome/content/rules/Tricolumbia.org.xml
+++ b/src/chrome/content/rules/Tricolumbia.org.xml
@@ -6,10 +6,10 @@ Fetch error: http://tricolumbia.org/ => https://www.tricolumbia.org/: (28, 'Conn
 Disabled by https-everywhere-checker because:
 Fetch error: http://tricolumbia.org/ => https://www.tricolumbia.org/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Tricolumbia.org" default_off='failed ruleset test'>
+<ruleset name="Tricolumbia.org" default_off="failed ruleset test">
 
 	<target host="tricolumbia.org" />
-	<target host="*.tricolumbia.org" />
+	<target host="www.tricolumbia.org" />
 
 
 	<securecookie host="^(?:www)?\.tricolumbia\.org$" name=".+" />
diff --git a/src/chrome/content/rules/Triggit.com.xml b/src/chrome/content/rules/Triggit.com.xml
index ee7917df928f..50a16a9f3364 100644
--- a/src/chrome/content/rules/Triggit.com.xml
+++ b/src/chrome/content/rules/Triggit.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://portal.triggit.com/ => https://portal.triggit.com/: (28, 'Co
 		- Images on ^ from i.imgur.com
 
 -->
-<ruleset name="Triggit.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Triggit.com (partial)" default_off="failed ruleset test">
 
 	<target host="a.triggit.com" />
 	<target host="portal.triggit.com" />
diff --git a/src/chrome/content/rules/Trillian.im.xml b/src/chrome/content/rules/Trillian.im.xml
deleted file mode 100644
index be06fdef1833..000000000000
--- a/src/chrome/content/rules/Trillian.im.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog	(refused)
-
--->
-<ruleset name="Trillian.im (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="trillian.im" />
-	<target host="www.trillian.im" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TripHip.xml b/src/chrome/content/rules/TripHip.xml
index cf4a7db129c7..bf656988be2e 100644
--- a/src/chrome/content/rules/TripHip.xml
+++ b/src/chrome/content/rules/TripHip.xml
@@ -5,7 +5,7 @@ Fetch error: http://triphip.com/ => https://triphip.com/: (28, 'Connection timed
 Fetch error: http://www.triphip.com/ => https://www.triphip.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="TripHip" default_off='failed ruleset test'>
+<ruleset name="TripHip" default_off="failed ruleset test">
 
 	<target host="triphip.com" />
 	<target host="www.triphip.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.triphip.com/ => https://www.triphip.com/: (28, 'Connecti
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/TripIt.com.xml b/src/chrome/content/rules/TripIt.com.xml
index b65782cafe61..edb433205640 100644
--- a/src/chrome/content/rules/TripIt.com.xml
+++ b/src/chrome/content/rules/TripIt.com.xml
@@ -9,7 +9,9 @@
 <ruleset name="TripIt.com">
 
 	<target host="tripit.com" />
-	<target host="*.tripit.com" />
+	<target host="careers.tripit.com" />
+	<target host="www.tripit.com" />
+	<target host="help.tripit.com" />
 
 
 	<!--	Secured by server:
@@ -23,10 +25,9 @@
 	<securecookie host="^(?:careers\.|www\.)?tripit\.com$" name=".+" />
 
 
-	<rule from="^http://(careers\.|www\.)?tripit\.com/"
-		to="https://$1tripit.com/" />
 
 	<rule from="^http://help\.tripit\.com/"
 		to="https://tripit.zendesk.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tripodo.de.xml b/src/chrome/content/rules/Tripodo.de.xml
index dcc286c06247..4d1c4906e170 100644
--- a/src/chrome/content/rules/Tripodo.de.xml
+++ b/src/chrome/content/rules/Tripodo.de.xml
@@ -16,7 +16,9 @@
 <ruleset name="Tripodo.de (partial)">
 
 	<target host="tripodo.de" />
-	<target host="*.tripodo.de" />
+	<target host="www.tripodo.de" />
+	<target host="bilder-cdn.tripodo.de" />
+	<target host="static.tripodo.de" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Tripwire.com-falsemixed.xml b/src/chrome/content/rules/Tripwire.com-falsemixed.xml
deleted file mode 100644
index 508d57dcd0b4..000000000000
--- a/src/chrome/content/rules/Tripwire.com-falsemixed.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Tripwire.com.xml.
-
--->
-<ruleset name="Tripwire.com (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.tripwire.com" />
-
-	<!--	Complications:
-				-->
-	<target host="tripwire.com" />
-
-
-	<securecookie host="^www\.tripwire\.com$" name=".+" />
-
-
-	<rule from="^http://tripwire\.com/"
-		to="https://www.tripwire.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tripwire.com.xml b/src/chrome/content/rules/Tripwire.com.xml
index 1306fdf8a06d..abb1c734d44c 100644
--- a/src/chrome/content/rules/Tripwire.com.xml
+++ b/src/chrome/content/rules/Tripwire.com.xml
@@ -1,52 +1,6 @@
-<!--
-	For rules causing false/broken MCB, see Tripwire.com-falsemixed.xml.
-
-
-	^: cert only matches www
-
-
-	Mixed content:
-
-		- css from $self *
-
-		- Images from $self *
-
-	* Secured by us
-
--->
 <ruleset name="Tripwire.com (partial)">
-
 	<target host="tripwire.com" />
 	<target host="www.tripwire.com" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?tripwire\.com/+state-of-security(?!/wp-content/|wp-includes/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://tripwire.com/state-of-security/" />
-			<test url="http://www.tripwire.com/state-of-security/" />
-			<test url="http://tripwire.com/state-of-security/contributors/" />
-			<test url="http://www.tripwire.com/state-of-security/contributors/" />
-			<test url="http://www.tripwire.com/state-of-security/topics/security-slice-podcast/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.tripwire.com/state-of-security/wp-content/themes/tw-base/assets/img/logo/logo-tripwire.svg" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.tripwire\.com$" name="^(CFID|CFTOKEN|JSESSIONID|MOBILEFORMAT|ORIGINALURLTOKEN|Set_Me)$" /-->
-
-	<securecookie host="^www\.tripwire\.com$" name=".+" />
-
-
-	<rule from="^http://tripwire\.com/"
-		to="https://www.tripwire.com/" />
-
-	<rule from="^http:"
-		to="https:" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Triumph-Adler.de.xml b/src/chrome/content/rules/Triumph-Adler.de.xml
index c818a6bece81..a8b168b5a48b 100644
--- a/src/chrome/content/rules/Triumph-Adler.de.xml
+++ b/src/chrome/content/rules/Triumph-Adler.de.xml
@@ -9,4 +9,4 @@
 						-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Trkclk.net.xml b/src/chrome/content/rules/Trkclk.net.xml
deleted file mode 100644
index 974ab9a51607..000000000000
--- a/src/chrome/content/rules/Trkclk.net.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3vg9hiogk70qz.cloudfront.net
-
-			- cdn
-
-
-	Problematic subdomains:
-
-		- ads	(works; mismatched, CN: ads.adk2.com)
-
--->
-<ruleset name="trkclk.net">
-
-	<target host="*.trkclk.net" />
-
-
-	<rule from="^http://ads\.trkclk\.net/"
-		to="https://ads.adk2.com/" />
-
-	<rule from="^http://cdn\.trkclk\.net/"
-		to="https://d3vg9hiogk70qz.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Tros.nl.xml b/src/chrome/content/rules/Tros.nl.xml
index 9db99cd3f384..8eabd59237df 100644
--- a/src/chrome/content/rules/Tros.nl.xml
+++ b/src/chrome/content/rules/Tros.nl.xml
@@ -5,7 +5,7 @@ Fetch error: http://tros.nl/ => https://tros.nl/: (60, 'SSL certificate problem:
 Fetch error: http://www.tros.nl/ => https://www.tros.nl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="tros.nl" default_off='failed ruleset test'>
+<ruleset name="tros.nl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Trove.com.xml b/src/chrome/content/rules/Trove.com.xml
index 1d89bb6e8a99..719a7f067d87 100644
--- a/src/chrome/content/rules/Trove.com.xml
+++ b/src/chrome/content/rules/Trove.com.xml
@@ -1,48 +1,12 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://id.trove.com/ => https://id.trove.com/: (6, 'Could not resolve host: id.trove.com')
-Fetch error: http://moneta.trove.com/ => https://moneta.trove.com/: (6, 'Could not resolve host: moneta.trove.com')
-Fetch error: http://id.trove-stg.com/ => https://id.trove-stg.com/: (6, 'Could not resolve host: id.trove-stg.com')
-
-	Other Trove rulesets:
-
-		- Social_Reader.com.xml
-
-
-	Nonfunctional domains:
-
-		- blog.trove.com *
-		- info.trove.com *
-
-	* tumblr
-
-
-	Insecure cookies are set for these domains:
-
-		- .trove.com
-
--->
-<ruleset name="Trove.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Trove.com">
 	<target host="trove.com" />
-	<target host="id.trove.com" />
-	<target host="moneta.trove.com" />
 	<target host="www.trove.com" />
-
-	<target host="id.trove-stg.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.trove\.com$" name="^(treatment|wapo_sess_id)$" /-->
-
-	<securecookie host="^(?:id)?\.trove\.com$" name=".+" />
-
+	<target host="api.trove.com" />
+	<target host="app.trove.com" />
+	<target host="blog.trove.com" />
+	<target host="help.trove.com" />
+	<target host="status.trove.com" />
 
 	<rule from="^http:"
-		to="https:" />
-
+		    to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Troy_Hunt.xml b/src/chrome/content/rules/Troy_Hunt.xml
deleted file mode 100644
index 91c5e5ad4d6e..000000000000
--- a/src/chrome/content/rules/Troy_Hunt.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- awesomeplaces.troyhunt.com *
-		- bloghelpers.troyhunt.com ¹
-		- attacker.hackyourselffirst.troyhunt.com *
-		- secure.hackyourselffirst.troyhunt.com *
-		- learntocodesecurely.troyhunt.com *
-
-	* Mismatched (*.azurewebsites.net)
-	¹ No working URL known
--->
-
-<ruleset name="Troy Hunt">
-	<target host="troyhunt.com" />
-	<target host="www.troyhunt.com" />
-	<target host="files.troyhunt.com" />
-	<target host="hackyourselffirst.troyhunt.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/TruckingUnlimited.com.xml b/src/chrome/content/rules/TruckingUnlimited.com.xml
index 5ef4dca0f0b4..f3592f9d98e3 100644
--- a/src/chrome/content/rules/TruckingUnlimited.com.xml
+++ b/src/chrome/content/rules/TruckingUnlimited.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://static.truckingunlimited.com/ => https://www.truckingunlimit
 		- static	(akamai)
 
 -->
-<ruleset name="TruckingUnlimited.com (partial)" default_off='failed ruleset test'>
+<ruleset name="TruckingUnlimited.com (partial)" default_off="failed ruleset test">
 
 	<target host="static.truckingunlimited.com" />
 
diff --git a/src/chrome/content/rules/TrueCrypt.ch.xml b/src/chrome/content/rules/TrueCrypt.ch.xml
index 66af4ab6f334..22f554b1df16 100644
--- a/src/chrome/content/rules/TrueCrypt.ch.xml
+++ b/src/chrome/content/rules/TrueCrypt.ch.xml
@@ -1,21 +1,12 @@
-<!--
-	www: mismatched
-
--->
 <ruleset name="TrueCrypt.ch">
 
 	<target host="truecrypt.ch" />
-	<target host="*.truecrypt.ch" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^forum\.truecrypt\.ch$" name="^_forum_session$" /-->
-
-	<securecookie host="^forum\.truecrypt\.ch$" name=".+" />
+	<target host="www.truecrypt.ch" />
+	<target host="download.truecrypt.ch" />
+	<target host="forum.truecrypt.ch" />
 
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(?:((?:download|forum|wdc)\.)|www\.)?truecrypt\.ch/"
-		to="https://$1truecrypt.ch/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TrueLife.com-problematic.xml b/src/chrome/content/rules/TrueLife.com-problematic.xml
index 1a55618eef39..1d86d02ed06d 100644
--- a/src/chrome/content/rules/TrueLife.com-problematic.xml
+++ b/src/chrome/content/rules/TrueLife.com-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see TrueLife.com.xml.
 
 -->
-<ruleset name="TrueLife.com (expired)" default_off='expired'>
+<ruleset name="TrueLife.com (expired)" default_off="expired">
 
 	<target host="login.truelife.com"/>
 
diff --git a/src/chrome/content/rules/Trueachievements.com.xml b/src/chrome/content/rules/Trueachievements.com.xml
deleted file mode 100644
index a2ed2e993f2b..000000000000
--- a/src/chrome/content/rules/Trueachievements.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Trueachievements.com">
-  <target host="trueachievements.com" />
-  <target host="www.trueachievements.com" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Truenudists.com.xml b/src/chrome/content/rules/Truenudists.com.xml
index 442da771b85b..46898aeaabfd 100644
--- a/src/chrome/content/rules/Truenudists.com.xml
+++ b/src/chrome/content/rules/Truenudists.com.xml
@@ -3,7 +3,7 @@
 		a.truenudists.com
 		g.truenudists.com
 		m.truenudists.com
-		
+
 -->
 <ruleset name="truenudists.com">
 
@@ -17,7 +17,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Trump.com.xml b/src/chrome/content/rules/Trump.com.xml
new file mode 100644
index 000000000000..e14ddc248bdf
--- /dev/null
+++ b/src/chrome/content/rules/Trump.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Trump.com">
+	<target host="trump.com" />
+	<target host="www.trump.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpGolf.com.xml b/src/chrome/content/rules/TrumpGolf.com.xml
new file mode 100644
index 000000000000..cea8689da98d
--- /dev/null
+++ b/src/chrome/content/rules/TrumpGolf.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpGolf.com">
+	<target host="trumpgolf.com" />
+	<target host="www.trumpgolf.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpGolfCount.com.xml b/src/chrome/content/rules/TrumpGolfCount.com.xml
new file mode 100644
index 000000000000..a2f6b76f8f65
--- /dev/null
+++ b/src/chrome/content/rules/TrumpGolfCount.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpGolfCount.com">
+	<target host="trumpgolfcount.com" />
+	<target host="www.trumpgolfcount.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpHotels.com.xml b/src/chrome/content/rules/TrumpHotels.com.xml
new file mode 100644
index 000000000000..0cf83e66926b
--- /dev/null
+++ b/src/chrome/content/rules/TrumpHotels.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Does not connect:
+		remote.trumphotels.com
+		tbygp.trumphotels.com
+		tchgp.trumphotels.com
+		twagp.trumphotels.com
+-->
+<ruleset name="TrumpHotels.com">
+	<target host="trumphotels.com" />
+	<target host="www.trumphotels.com" />
+	<target host="trumpadmin.trumphotels.com" />
+	<target host="trumpcard.trumphotels.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpInternationalRealty.com.xml b/src/chrome/content/rules/TrumpInternationalRealty.com.xml
new file mode 100644
index 000000000000..9422e4b73ffd
--- /dev/null
+++ b/src/chrome/content/rules/TrumpInternationalRealty.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="TrumpInternationalRealty.com">
+	<target host="trumpinternationalrealty.com" />
+	<target host="www.trumpinternationalrealty.com" />
+	<target host="charlotte.trumpinternationalrealty.com" />
+	<target host="gardenstate.trumpinternationalrealty.com" />
+	<target host="jerseycity.trumpinternationalrealty.com" />
+	<target host="jerseyshore.trumpinternationalrealty.com" />
+	<target host="jupiter.trumpinternationalrealty.com" />
+	<target host="lasvegas.trumpinternationalrealty.com" />
+	<target host="miami.trumpinternationalrealty.com" />
+	<target host="northernjersey.trumpinternationalrealty.com" />
+	<target host="palmbeach.trumpinternationalrealty.com" />
+	<target host="virginia.trumpinternationalrealty.com" />
+	<target host="westchester.trumpinternationalrealty.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpStore.com.xml b/src/chrome/content/rules/TrumpStore.com.xml
new file mode 100644
index 000000000000..aa5fb1e5f271
--- /dev/null
+++ b/src/chrome/content/rules/TrumpStore.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpStore.com">
+	<target host="trumpstore.com" />
+	<target host="www.trumpstore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TrumpWinery.com.xml b/src/chrome/content/rules/TrumpWinery.com.xml
new file mode 100644
index 000000000000..260299be624b
--- /dev/null
+++ b/src/chrome/content/rules/TrumpWinery.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="TrumpWinery.com">
+	<target host="trumpwinery.com" />
+	<target host="www.trumpwinery.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Trumpia.com.xml b/src/chrome/content/rules/Trumpia.com.xml
deleted file mode 100644
index 70cde47c86cc..000000000000
--- a/src/chrome/content/rules/Trumpia.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Mixed content:
-
-		- Web bug on ^ from s7.addthis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Trumpia.com">
-
-	<target host="trumpia.com" />
-	<target host="www.trumpia.com" />
-
-
-	<securecookie host="^(?:www\.)?trumpia\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TrustKeeper.xml b/src/chrome/content/rules/TrustKeeper.xml
index 3d3eedbdb964..8a7afad774c4 100644
--- a/src/chrome/content/rules/TrustKeeper.xml
+++ b/src/chrome/content/rules/TrustKeeper.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.trustkeeper.net/ => https://www.trustkeeper.net/: (28, '
 		- www.trustkeeper.net
 
 -->
-<ruleset name="TrustKeeper.net" default_off='failed ruleset test'>
+<ruleset name="TrustKeeper.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/TrustSign.com.br.xml b/src/chrome/content/rules/TrustSign.com.br.xml
index d4c47bf60875..39ab68b89a2e 100644
--- a/src/chrome/content/rules/TrustSign.com.br.xml
+++ b/src/chrome/content/rules/TrustSign.com.br.xml
@@ -12,7 +12,7 @@ Fetch error: http://security.trustsign.com.br/ => https://security.trustsign.com
 		- www.trustsign.com.br
 
 -->
-<ruleset name="TrustSign.com.br" default_off='failed ruleset test'>
+<ruleset name="TrustSign.com.br" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Trust_Dale.com.xml b/src/chrome/content/rules/Trust_Dale.com.xml
deleted file mode 100644
index 8d8e8d7ea140..000000000000
--- a/src/chrome/content/rules/Trust_Dale.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d25v41r9zzznmn.cloudfront.net
-
-			- static
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-
-	* 503
-
--->
-<ruleset name="Trust Dale.com (partial)">
-
-	<target host="static.trustdale.com" />
-
-
-	<rule from="^http://static\.trustdale\.com/"
-		to="https://d25v41r9zzznmn.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Trusted_CS.com.xml b/src/chrome/content/rules/Trusted_CS.com.xml
index 735a5f53e114..d8dbb6a4f3e1 100644
--- a/src/chrome/content/rules/Trusted_CS.com.xml
+++ b/src/chrome/content/rules/Trusted_CS.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.trustedcs.com/ => https://www.trustedcs.com/: (28, 'Conn
 	^: cert only matches www
 
 -->
-<ruleset name="Trusted CS.com" default_off='failed ruleset test'>
+<ruleset name="Trusted CS.com" default_off="failed ruleset test">
 
 	<target host="trustedcs.com" />
 	<target host="www.trustedcs.com" />
diff --git a/src/chrome/content/rules/Trustwave.xml b/src/chrome/content/rules/Trustwave.xml
index 7d2200e0a053..5486800ccb23 100644
--- a/src/chrome/content/rules/Trustwave.xml
+++ b/src/chrome/content/rules/Trustwave.xml
@@ -1,8 +1,11 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://mailmax.trustwave.com/ => https://mailmax.trustwave.com/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	Other Trustwave rulesets:
 
-		- MySecureConnect.com.xml
-		- SecureConnect.com.xml
 		- Securetrust.com.xml
 		- TrustKeeper.xml
 		- Xramp.com.xml
@@ -18,7 +21,7 @@
 				-->
 	<target host="trustwave.com" />
 	<target host="login.trustwave.com" />
-	<target host="mailmax.trustwave.com" />
+	<!-- target host="mailmax.trustwave.com" /-->
 	<target host="pci.trustwave.com" />
 	<target host="scanmail.trustwave.com" />
 	<target host="sealserver.trustwave.com" />
diff --git a/src/chrome/content/rules/Truth_in_Advertising.xml b/src/chrome/content/rules/Truth_in_Advertising.xml
index ebe89c3f72d0..c5898dbd45e1 100644
--- a/src/chrome/content/rules/Truth_in_Advertising.xml
+++ b/src/chrome/content/rules/Truth_in_Advertising.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Truthdig.xml b/src/chrome/content/rules/Truthdig.xml
index 0a0913ef65b0..37a81b853019 100644
--- a/src/chrome/content/rules/Truthdig.xml
+++ b/src/chrome/content/rules/Truthdig.xml
@@ -3,7 +3,7 @@
 	<target host="truthdig.com"/>
 	<target host="www.truthdig.com"/>
 
-	<securecookie host="^(?:.*\.)?truthdig\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/TryMagPop.ca.xml b/src/chrome/content/rules/TryMagPop.ca.xml
new file mode 100644
index 000000000000..6d60f3292845
--- /dev/null
+++ b/src/chrome/content/rules/TryMagPop.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="TryMagPop.ca">
+	<target host="trymagpop.ca" />
+	<target host="www.trymagpop.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Try_Zen99.com.xml b/src/chrome/content/rules/Try_Zen99.com.xml
index 2c13bc9b48f3..918901f47d58 100644
--- a/src/chrome/content/rules/Try_Zen99.com.xml
+++ b/src/chrome/content/rules/Try_Zen99.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tryzen99.com/ => https://tryzen99.com/: (51, "SSL: no alternative certificate subject name matches target host name 'tryzen99.com'")
 
 -->
-<ruleset name="try Zen99.com" default_off='failed ruleset test'>
+<ruleset name="try Zen99.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tryton.org.xml b/src/chrome/content/rules/Tryton.org.xml
new file mode 100644
index 000000000000..6e2631e0eb14
--- /dev/null
+++ b/src/chrome/content/rules/Tryton.org.xml
@@ -0,0 +1,35 @@
+<!--
+	Mismatched:
+		- demo*.tryton.org (subdomain for each version, e.g. demo5.0.tryton.org)
+		- doc.tryton.org
+		- tub2013.tryton.org
+		- tub2016.tryton.org
+		- tuba2015.tryton.org
+		- tul2014.tryton.org
+		- videos.tryton.org
+		- debian.tryton.org
+-->
+<ruleset name="Tryton.org">
+	<target host="tryton.org" />
+	<target host="www.tryton.org" />
+	<target host="amagama.tryton.org" />
+	<target host="bugs.tryton.org" />
+	<target host="codereview.tryton.org" />
+	<target host="discuss.tryton.org" />
+	<target host="doc.tryton.org" />
+	<target host="docs.tryton.org" />
+	<target host="downloads.tryton.org" />
+	<target host="drone.tryton.org" />
+	<target host="git.tryton.org" />
+	<target host="goocalendar.tryton.org" />
+	<target host="hg.tryton.org" />
+	<target host="pootle.tryton.org" />
+	<target host="python-sql.tryton.org" />
+	<target host="relatorio.tryton.org" />
+	<target host="trydevpi.tryton.org" />
+	<target host="trypod.tryton.org" />
+	<target host="tul2017.tryton.org" />
+
+	<rule from="^http://doc\.tryton\.org/" to="https://docs.tryton.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tsgstatic.com.xml b/src/chrome/content/rules/Tsgstatic.com.xml
index 8be1421230fc..dbf42bc2b4bd 100644
--- a/src/chrome/content/rules/Tsgstatic.com.xml
+++ b/src/chrome/content/rules/Tsgstatic.com.xml
@@ -22,7 +22,9 @@
 -->
 <ruleset name="tsgstatic.com (partial)">
 
-	<target host="*.tsgstatic.com" />
+	<target host="a.tsgstatic.com" />
+	<target host="b.tsgstatic.com" />
+	<target host="c.tsgstatic.com" />
 
 
 	<rule from="^http://[a-c]\.tsgstatic\.com/"
diff --git a/src/chrome/content/rules/Tsumino.com.xml b/src/chrome/content/rules/Tsumino.com.xml
new file mode 100644
index 000000000000..32b9613ea4c5
--- /dev/null
+++ b/src/chrome/content/rules/Tsumino.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		r34.tsumino.com
+-->
+
+<ruleset name="Tsumino.com">
+	<target host="tsumino.com" />
+	<target host="www.tsumino.com" />
+	<target host="ga.tsumino.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TuXingSun.net.xml b/src/chrome/content/rules/TuXingSun.net.xml
index ef430192ecad..e635c328b270 100644
--- a/src/chrome/content/rules/TuXingSun.net.xml
+++ b/src/chrome/content/rules/TuXingSun.net.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.tuxingsun.net/ => https://www.tuxingsun.net/: (6, 'Could
 		- www.tuxingsun.net
 
 -->
-<ruleset name="TuXingSun.net" default_off='failed ruleset test'>
+<ruleset name="TuXingSun.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tub.ee.xml b/src/chrome/content/rules/Tub.ee.xml
new file mode 100644
index 000000000000..ee0e3c2a52c8
--- /dev/null
+++ b/src/chrome/content/rules/Tub.ee.xml
@@ -0,0 +1,25 @@
+<!--
+	HTTP redirects to NXDOMAIN:
+		- mail.meanings.eu
+		- mail.tub.ee
+		- mail.unscramble.eu
+-->
+<ruleset name="Tub.ee">
+	<!-- tub.ee -->
+	<target host="tub.ee" />
+	<target host="www.tub.ee" />
+	<target host="meanings.tub.ee" />
+	<target host="www.meanings.tub.ee" />
+	<target host="meaningseu.tub.ee" />
+	<target host="www.meaningseu.tub.ee" />
+	<target host="unscramble.tub.ee" />
+	<target host="www.unscramble.tub.ee" />
+
+	<!-- unscramble.eu -->
+	<target host="unscramble.eu" />
+	<target host="www.unscramble.eu" />
+	<target host="autodiscover.unscramble.eu" />
+	<target host="webdisk.unscramble.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tube4.me.xml b/src/chrome/content/rules/Tube4.me.xml
index 19b7dce64085..482b527d9717 100644
--- a/src/chrome/content/rules/Tube4.me.xml
+++ b/src/chrome/content/rules/Tube4.me.xml
@@ -17,7 +17,7 @@ Fetch error: http://tube4.me/ => https://tube4.me/: (60, 'SSL certificate proble
 	* Secured by us
 
 -->
-<ruleset name="Tube4.me" default_off='failed ruleset test'>
+<ruleset name="Tube4.me" default_off="failed ruleset test">
 
 	<target host="tube4.me" />
 	<target host="www.tube4.me" />
diff --git a/src/chrome/content/rules/Tucows.xml b/src/chrome/content/rules/Tucows.xml
index 23ae0204bcbe..7ad9853bec9a 100644
--- a/src/chrome/content/rules/Tucows.xml
+++ b/src/chrome/content/rules/Tucows.xml
@@ -28,7 +28,7 @@ Fetch error: http://contact-privacy.com/ => http://contact-privacy.com/: (28, 'R
 	² Refused
 
 -->
-<ruleset name="Tucows (partial)" default_off='failed ruleset test'>
+<ruleset name="Tucows (partial)" default_off="failed ruleset test">
 
 	<target host="contact-privacy.com" />
 	<target host="support.ispbilling.com" />
diff --git a/src/chrome/content/rules/Tufts.edu.xml b/src/chrome/content/rules/Tufts.edu.xml
index e80835adfca7..c7c0292b6164 100644
--- a/src/chrome/content/rules/Tufts.edu.xml
+++ b/src/chrome/content/rules/Tufts.edu.xml
@@ -129,7 +129,7 @@
 			Avoid false/broken MCB:
 						-->
 		<exclusion pattern="^http://(?:directory|whitepages)\.tufts\.edu/+(?!css/|favicon\.ico|images/|main\.css)" />
-		
+
 
 
 	<!--	Secured by server:
diff --git a/src/chrome/content/rules/Tugg.com.xml b/src/chrome/content/rules/Tugg.com.xml
index 1c76812e6465..4e8202fb5513 100644
--- a/src/chrome/content/rules/Tugg.com.xml
+++ b/src/chrome/content/rules/Tugg.com.xml
@@ -5,7 +5,7 @@
 <ruleset name="Tugg.com (partial)">
 
 	<target host="tugg.com" />
-	<target host="*.tugg.com" />
+	<target host="www.tugg.com" />
 		<!--exclusion pattern="^http://(www\.)?tugg\.com/titles/" /-->
 
 
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:www\.)?tugg\.com/(assets|system)/"
 		to="https://www.tugg.com/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tulemar.xml b/src/chrome/content/rules/Tulemar.xml
new file mode 100644
index 000000000000..def1c8927ac4
--- /dev/null
+++ b/src/chrome/content/rules/Tulemar.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatched:
+		- 4tulemar.com
+		- www.4tulemar.com
+-->
+<ruleset name="Tulemar">
+	<target host="tulemar.com" />
+	<target host="www.tulemar.com" />
+
+	<target host="4tulemar.com" />
+	<target host="www.4tulemar.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?4tulemar\.com/" to="https://tulemar.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Tum.de.xml b/src/chrome/content/rules/Tum.de.xml
index c87136c7431a..3ccaff21e24f 100644
--- a/src/chrome/content/rules/Tum.de.xml
+++ b/src/chrome/content/rules/Tum.de.xml
@@ -9,6 +9,6 @@ Technical University Munich
 	<target host="ub.tum.de" />
 	<target host="www.ub.tum.de" />
 	<target host="opac.ub.tum.de" />
-	
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Tumblr.com_blogs.xml b/src/chrome/content/rules/Tumblr.com_blogs.xml
deleted file mode 100644
index 25bf8ab8795b..000000000000
--- a/src/chrome/content/rules/Tumblr.com_blogs.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-<!--
-	For other Yahoo coverage, see Yahoo.xml.
-
-
-	Not all blogs currently support tls.
-
-
-	Mixed content:
-
-		- css on grugq from fonts.googleapis.com ˢ
-
-		- Images, on:
-
-			- victorinox-japan, yahoo from static.tumblr.com ˢ
-			- yahoo from cfc.polyvoreimg.com
-			- yahooresearch from webscope.sandbox.yahoo.com
-			- yahoosearch from media.giphy.com ˢ
-
-		- favicon on yahooaccessibility, yahooaviate from l.yimg.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Tumblr.com blogs (partial)">
-
-	<target host="defaultnamehere.tumblr.com" />
-	<target host="flickr.tumblr.com" />
-	<target host="grugq.tumblr.com" />
-	<target host="httpshaming.tumblr.com" />
-	<target host="liebach.tumblr.com" />
-	<target host="lifeatyahoo.tumblr.com" />
-	<target host="marcheswoo.tumblr.com" />
-	<target host="montereybayaquarium.tumblr.com" />
-	<target host="natawhat.tumblr.com" />
-	<target host="nathanwentworth.tumblr.com" />
-	<target host="puxlit.tumblr.com" />
-	<target host="victorinox-japan.tumblr.com" />
-	<target host="wongmjane.tumblr.com" />
-	<target host="xpnsec.tumblr.com" />
-	<target host="yahoo-security.tumblr.com" />
-	<target host="yahoo.tumblr.com" />
-	<target host="yahooaccessibility.tumblr.com" />
-	<target host="yahooadvertising.tumblr.com" />
-	<target host="yahooanswers.tumblr.com" />
-	<target host="yahooaviate.tumblr.com" />
-	<target host="yahoomail.tumblr.com" />
-	<target host="yahoomessenger.tumblr.com" />
-	<target host="yahoopolicy.tumblr.com" />
-	<target host="yahooresearch.tumblr.com" />
-	<target host="yahoosearch.tumblr.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Tumblr.xml b/src/chrome/content/rules/Tumblr.xml
deleted file mode 100644
index 6f9d1ef214c5..000000000000
--- a/src/chrome/content/rules/Tumblr.xml
+++ /dev/null
@@ -1,77 +0,0 @@
-<!--
-	Every user has it's own subdomain which is redirected to http.
-
-	Other Tumblr rulesets:
-
-		+ Tmblr.co.xml
-		+ Txmblr.com.xml
-
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - data.tumblr.com
-
-		Secure connection redirects to plaintext:
-			 - developers.tumblr.com
-
-	Users should enable tls support in tumblr settings:
-
-		https://staff.tumblr.com/post/75482980993/you-can-now-take-extra-precaution-against-hackers
-
-	Unfortunately, per-user subdomains don't support https either, so users
-	are still vulnerable whenever they browse blogs while logged in. :(
-
--->
-<ruleset name="Tumblr.com (partial)">
-	<target host="tumblr.com" />
-	<target host="www.tumblr.com" />
-	<target host="a.tumblr.com" />
-		<test url="http://a.tumblr.com/tumblr_mss09owW141rdplduo1.mp3" />
-	<target host="assets.tumblr.com" />
-		<test url="http://assets.tumblr.com/assets/scripts/" />
-		<test url="http://assets.tumblr.com/assets/scripts/dashboard.js" />
-		<test url="http://assets.tumblr.com/assets/scripts/polyfills.js" />
-		<test url="http://assets.tumblr.com/assets/scripts/posting.js" />
-		<test url="http://assets.tumblr.com/assets/scripts/vendor/jquery_backbone_lodash.js" />
-		<test url="http://assets.tumblr.com/assets/scripts/vendor/tiny_mce_3_5_10/tiny_mce.js" />
-	<target host="secure.assets.tumblr.com" />
-		<test url="http://secure.assets.tumblr.com/images/reads_program.pdf" />
-	<target host="embed.tumblr.com" />
-		<test url="http://embed.tumblr.com/embed/post/NX56sHYxMxsNiYMhM3gx8A/139221102643" />
-	<target host="engineering.tumblr.com" />
-	<target host="media.tumblr.com" />
-		<test url="http://media.tumblr.com/tumblr_ly6fs5CdtS1qhcsyw.jpg" />
-	<target host="*.media.tumblr.com" />
-		<test url="http://37.media.tumblr.com/b7b007141713201d3692f6c2fae605e7/tumblr_mvoi8uOMTH1rnf5opo2_r1_250.gif" />
-		<test url="http://66.media.tumblr.com/3beca4f8c1e028a29e87394de17c86b1/tumblr_o2qh8ztGAt1r7hrego2_1280.jpg" />
-		<test url="http://68.media.tumblr.com/eb21f58707fa8f80d6f35979261e7a62/tumblr_oghnajATtI1uiqvf8o1_500.jpg" />
-	<target host="platform.tumblr.com" />
-		<test url="http://platform.tumblr.com/v1/follow_button.html" />
-	<target host="px.srvcs.tumblr.com" />
-		<test url="http://px.srvcs.tumblr.com/impixu" />
-	<target host="staff.tumblr.com" />
-	<target host="static.tumblr.com" />
-		<test url="http://static.tumblr.com/i21wc39/5sxmn9bjr/paperstacks_theme.css" />
-	<target host="secure.static.tumblr.com" />
-		<test url="http://secure.static.tumblr.com/tkqqpe9/4J6n0jyt7/bhrp_programguide_cairo_v9_press_secure.pdf" />
-	<target host="tm319.tumblr.com" />
-	<target host="v.tumblr.com" />
-		<test url="http://v.tumblr.com/tumblr_m5hdfrQdSp1r1bcej_r1.mov" />
-	<target host="vt.tumblr.com" />
-		<test url="http://vt.tumblr.com/tumblr_mrhbqiTyqB1r8cz1x.mp4" />
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.tumblr\.com$" name="^(?:__cfduid|cf_clearance|language|logged_in)$" /-->
-	<!--securecookie host="^\.srvcs\.tumblr\.com$" name="^anon_id$" /-->
-	<!--securecookie host="^www\.tumblr\.com$" name="^(capture|devicePixelRatio|documentWidth|last_toast|pfe|pfp|pfu|tmgioct)$" /-->
-
-	<!--	Tracking cookies:
-					-->
-	<securecookie host="^(?:secure\.assets|www)\.tumblr\.com$" name="^__utmf$" />
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\.srvcs\.tumblr\.com$" name=".+" />
-	<securecookie host="^www\.tumblr\.com$" name="^d(?:evicePixelRatio|ocumentWidth)$" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Tunespeak.com.xml b/src/chrome/content/rules/Tunespeak.com.xml
index 19db8a9d65ca..0696dbe49f07 100644
--- a/src/chrome/content/rules/Tunespeak.com.xml
+++ b/src/chrome/content/rules/Tunespeak.com.xml
@@ -1,15 +1,14 @@
 <ruleset name="Tunespeak.com">
 
 	<target host="stagingspeak.com" />
-	<target host="*.stagingspeak.com" />
 	<target host="tunespeak.com" />
-	<target host="*.tunespeak.com" />
+	<target host="www.stagingspeak.com" />
+	<target host="www.tunespeak.com" />
 
 
 	<securecookie host="^\.(?:staging|tune)speak\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(staging|tune)speak\.com/"
-		to="https://$1$2speak.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tuning_World.xml b/src/chrome/content/rules/Tuning_World.xml
deleted file mode 100644
index 65b64b4e598b..000000000000
--- a/src/chrome/content/rules/Tuning_World.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Tuning World">
-
-	<target host="tuningworld.com.au" />
-	<target host="www.tuningworld.com.au" />
-
-
-	<securecookie host="^(?:www\.)?tuningworld\.com\.au$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/TunnelBear.com.xml b/src/chrome/content/rules/TunnelBear.com.xml
deleted file mode 100644
index cfab114e10f9..000000000000
--- a/src/chrome/content/rules/TunnelBear.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="TunnelBear.com">
-	<target host="tunnelbear.com" />
-	<target host="www.tunnelbear.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/TunnelBroker.xml b/src/chrome/content/rules/TunnelBroker.xml
index 1daadfd7b853..615f4b82e31a 100644
--- a/src/chrome/content/rules/TunnelBroker.xml
+++ b/src/chrome/content/rules/TunnelBroker.xml
@@ -8,7 +8,7 @@ Fetch error: http://ipv6.tunnelbroker.net/ => https://ipv6.tunnelbroker.net/: (7
 	For other Hurricane Electric coverage, see HurricaneElectric.xml.
 
 -->
-<ruleset name="HE Tunnel Broker" default_off='failed ruleset test'>
+<ruleset name="HE Tunnel Broker" default_off="failed ruleset test">
 
 	<target host="tunnelbroker.com" />
 	<target host="www.tunnelbroker.com" />
diff --git a/src/chrome/content/rules/Turath.co.uk.xml b/src/chrome/content/rules/Turath.co.uk.xml
new file mode 100644
index 000000000000..6aa6e44b9bbf
--- /dev/null
+++ b/src/chrome/content/rules/Turath.co.uk.xml
@@ -0,0 +1,8 @@
+<ruleset name="Turath.co.uk">
+	<target host="turath.co.uk" />
+	<target host="www.turath.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Turbine.com.xml b/src/chrome/content/rules/Turbine.com.xml
deleted file mode 100644
index 0eb93ce2c907..000000000000
--- a/src/chrome/content/rules/Turbine.com.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Problematic hosts in *turbine.com:
-
-		- ^ *
-		- support *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .trial.turbine.com
-
--->
-<ruleset name="Turbine.com">
-
-	<!--	Direct rewrites:
-				-->
-	<!--target host="support.turbine.com" /-->
-	<target host="trial.turbine.com" />
-
-	<!--	Complications:
-				-->
-	<!--target host="turbine.com" /-->
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.turbine\.com/$" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.trial\.turbine\.com$" name="^FTCookieSessionID$" /-->
-
-	<securecookie host="^\.trial\.turbine\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/TurboSquid.xml b/src/chrome/content/rules/TurboSquid.xml
index 489e8972c607..2c6333ed02a8 100644
--- a/src/chrome/content/rules/TurboSquid.xml
+++ b/src/chrome/content/rules/TurboSquid.xml
@@ -9,17 +9,15 @@ Fetch error: http://turbosquid.com/ => https://turbosquid.com/: Cycle detected -
 <ruleset name="TurboSquid (partial)">
 
 	<target host="turbosquid.com" />
-	<target host="*.turbosquid.com" />
+	<target host="support.turbosquid.com" />
+	<target host="www.turbosquid.com" />
+	<target host="sitefiles.turbosquid.com" />
 		<exclusion pattern="^http://support\.turbosquid\.com/(?!generated/)" />
 
 
 	<securecookie host="^\.(?:www\.)?turbosquid\.com$" name=".+" />
 
 
-	<rule from="^http://(support\.|www\.)?turbosquid\.com/"
-		to="https://$1turbosquid.com/" />
-
-	<rule from="^http://sitefiles\.turbosquid\.com/"
-		to="https://d3vuj04fwiko4o.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TurboTax.com.xml b/src/chrome/content/rules/TurboTax.com.xml
new file mode 100644
index 000000000000..a66009b734f5
--- /dev/null
+++ b/src/chrome/content/rules/TurboTax.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="TurboTax.com">
+	<target host="turbotax.com" />
+	<target host="www.turbotax.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Turbobytes.com.xml b/src/chrome/content/rules/Turbobytes.com.xml
index ae9ca104b018..a51e63c0be3a 100644
--- a/src/chrome/content/rules/Turbobytes.com.xml
+++ b/src/chrome/content/rules/Turbobytes.com.xml
@@ -19,4 +19,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turbobytes.net.xml b/src/chrome/content/rules/Turbobytes.net.xml
index f4329d7c3647..57e663b2eb90 100644
--- a/src/chrome/content/rules/Turbobytes.net.xml
+++ b/src/chrome/content/rules/Turbobytes.net.xml
@@ -11,11 +11,11 @@ Fetch error: http://az.turbobytes.net/ => https://az.turbobytes.net/: (6, 'Could
 	az serves ads.
 
 -->
-<ruleset name="Turbobytes.net" default_off='failed ruleset test'>
+<ruleset name="Turbobytes.net" default_off="failed ruleset test">
 
 	<target host="az.turbobytes.net" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turkiye.gov.tr.xml b/src/chrome/content/rules/Turkiye.gov.tr.xml
new file mode 100644
index 000000000000..4fc6c557a8b7
--- /dev/null
+++ b/src/chrome/content/rules/Turkiye.gov.tr.xml
@@ -0,0 +1,13 @@
+<ruleset name="Türkiye.gov.tr">
+	<target host="turkiye.gov.tr" />
+	<target host="www.turkiye.gov.tr" />
+	<target host="giris.turkiye.gov.tr" />
+	<target host="kamu.turkiye.gov.tr" />
+	<target host="mobil.turkiye.gov.tr" />
+	<target host="static.turkiye.gov.tr" />
+		<test url="http://static.turkiye.gov.tr/themes/mobil/main.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Turn.com.xml b/src/chrome/content/rules/Turn.com.xml
index bf6ca801bf17..11196149e984 100644
--- a/src/chrome/content/rules/Turn.com.xml
+++ b/src/chrome/content/rules/Turn.com.xml
@@ -1,97 +1,73 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://analytics.turn.com/ => https://analytics.turn.com/: (60, 'SSL certificate problem: self signed certificate')
-
-	CDN buckets:
-
-		- trust.turn.com.edgesuite.net
-		- www.turn.com.edgesuite.net
-
-
-	Nonfunctional subdomains:
-
-		- static *
-
-	* Shows www
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- e *
-		- trust ²
-
-	¹ Fastly
-	* Eloqua
-	² Works, akamai
-
-
-	Partially covered subdomains:
-
-		- turn *	(→ a248.e.akamai.net)
-
-	* Avoiding user-visible paths
-
-
-	Fully covered subdomains:
-
-		- (www.)?	(^ → www)
-		- analytics
-		- akamai
-		- analytics
-		- console
-		- d
-		- r
-
-
-	Insecure cookies are set for these domains:
-
-		- .turn.com
-
-
-	Mixed content:
-
-		- Images on console, www from static ¹
-
-		- Web bugs, on www from:
-
-			- d ²
-			- t3.trackalyzer.com ²
-
-	¹ Unsecurable <= 404
-	² Secured by us
-
+	Chain issues:
+		- mag.sjc2.turn.com
+		- ra01.sjc2.turn.com
+
+	Connection refused:
+		- info.turn.com
+
+	Self-signed cert:
+		- analytics.turn.com
+		- bomgar.turn.com
+		- corp1.sjc2.turn.com
+
+	Timeout:
+		- mag.atl1.turn.com
+		- ra01.atl1.turn.com
+		- bid-spotxchange-sjc2.turn.com
+		- ftp2.turn.com
+
+	TLS error:
+		- bid-atl1.turn.com
+		- bid-sjc2.turn.com
+		- bid.turn.com
+
+	Cert mismatch:
+		- turn.com
+		- www.turn.com
+		- ak.ad.turn.com
+		- ad2.turn.com
+		- akamai.turn.com
+		- emb.akamai.turn.com
+		- blog.turn.com
+		- cdn.turn.com
+		- developer.turn.com
+		- e.turn.com
+		- img.turn.com
+		- metrics.turn.com
+		- pages.turn.com
+		- static.turn.com
+		- status.turn.com
+		- trust.turn.com
 -->
-<ruleset name="Turn.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Turn.com (partial)" >
 
-	<target host="turn.com" />
-	<target host="www.turn.com" />
-	<target host="analytics.turn.com" />
+	<target host="ad.turn.com" />
+	<target host="ad2.cdns.turn.com" />
 	<target host="console.turn.com" />
+	<target host="creative-preview.turn.com" />
+	<target host="d-atl1.turn.com" />
+	<target host="d-hkg1.turn.com" />
 	<target host="d.turn.com" />
+	<target host="img.cdns.turn.com" />
+	<target host="origin-cdn.turn.com" />
+	<target host="presentation-ams1.turn.com" />
+	<target host="presentation-atl1.turn.com" />
+	<target host="presentation-hkg1.turn.com" />
+	<target host="presentation-sjc2.turn.com" />
+	<target host="preview.turn.com" />
 	<target host="r.turn.com" />
-		<!--
-			Avoid user-visible paths:
-							-->
-		<!--exclusion pattern="^http://trust\.turn\.com/+(?!bootstrap/|favicon\.ico|includes/|sites/)" /-->
-		<!--
-			References images relative to root:
-								-->
-		<!--exclusion pattern="^http://trust\.turn\.com/includes/trust\.css" /-->
-		<!--
-			Reference images relative to self:
-								-->
-		<!--exclusion pattern="^http://turn\.turn\.com/bootstrap/css/(?!bootstrap(-responsive)?\.min\.css)" /-->
-
-
-	<!--	Set by d, not secured by server:
-						-->
-	<securecookie host="^\.turn\.com$" name="^uid$" />
-
-
-	<rule from="^http://turn\.com/"
-		to="https://www.turn.com/" />
+	<target host="redbull-as.turn.com" />
+	<target host="redbull.turn.com" />
+	<target host="rwcvpn1.turn.com" />
+	<target host="sd.turn.com" />
+	<target host="sr.turn.com" />
+	<target host="tb-prd.turn.com" />
+	<target host="tb.turn.com" />
+	<target host="vid1.cdns.turn.com" />
+	<target host="vidyo.turn.com" />
+
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Turn_Game_Studios.xml b/src/chrome/content/rules/Turn_Game_Studios.xml
index 9f971b83711e..66e4fb020c4b 100644
--- a/src/chrome/content/rules/Turn_Game_Studios.xml
+++ b/src/chrome/content/rules/Turn_Game_Studios.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Turner.com.xml b/src/chrome/content/rules/Turner.com.xml
index 0811ccd57a21..9e8b61c7582a 100644
--- a/src/chrome/content/rules/Turner.com.xml
+++ b/src/chrome/content/rules/Turner.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Other Turner rulesets:
 
-		- adultswim.xml
+		- AdultSwim.com.xml
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/TusFiles.xml b/src/chrome/content/rules/TusFiles.xml
index bb13e31624d1..c7a787495fa2 100644
--- a/src/chrome/content/rules/TusFiles.xml
+++ b/src/chrome/content/rules/TusFiles.xml
@@ -16,7 +16,7 @@ Fetch error: http://support.tusfiles.net/ => https://support.tusfiles.net/: (6,
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="TusFiles.net" default_off='failed ruleset test'>
+<ruleset name="TusFiles.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Tutanota.de.xml b/src/chrome/content/rules/Tutanota.de.xml
deleted file mode 100644
index 0feb3e1cad19..000000000000
--- a/src/chrome/content/rules/Tutanota.de.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Tutanota.de">
-	<target host="tutanota.de" />
-	<target host="www.tutanota.de" />
-	<target host="app.tutanota.de" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Tutor.com.xml b/src/chrome/content/rules/Tutor.com.xml
index 5b405c62ade8..25a059076be9 100644
--- a/src/chrome/content/rules/Tutor.com.xml
+++ b/src/chrome/content/rules/Tutor.com.xml
@@ -11,10 +11,11 @@ Fetch error: http://tutor.com/ => http://tutor.com/: (60, 'SSL certificate probl
 	Some pages redirect to http.
 
 -->
-<ruleset name="Tutor.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Tutor.com (partial)" default_off="failed ruleset test">
 
 	<target host="tutor.com" />
-	<target host="*.tutor.com" />
+	<target host="www.tutor.com" />
+	<target host="media.tutor.com" />
 
 
 	<rule from="^http://(?:www\.)?tutor\.com/(contact-forms/|favicon\.ico|get-started(?:$|[?/])|images/|(?:Script|Web)Resource\.axd|scripts/|styles/)"
@@ -23,4 +24,4 @@ Fetch error: http://tutor.com/ => http://tutor.com/: (60, 'SSL certificate probl
 	<rule from="^http://media\.tutor\.com/"
 		to="https://media.tutor.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Tutorialspoint.xml b/src/chrome/content/rules/Tutorialspoint.xml
index a92ed90d7ce8..24e47a23f60d 100644
--- a/src/chrome/content/rules/Tutorialspoint.xml
+++ b/src/chrome/content/rules/Tutorialspoint.xml
@@ -3,10 +3,10 @@
 
 -->
 <ruleset name="Tutorialspoint (partial)">
-	
+
 	<target host="tutorialspoint.com"/>
 	<target host="www.tutorialspoint.com"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/TutsPlus.com.xml b/src/chrome/content/rules/TutsPlus.com.xml
index 919390d8f5b1..d5f175f850b5 100644
--- a/src/chrome/content/rules/TutsPlus.com.xml
+++ b/src/chrome/content/rules/TutsPlus.com.xml
@@ -23,7 +23,14 @@
 <ruleset name="TutsPlus.com (partial)">
 
 	<target host="tutsplus.com" />
-	<target host="*.tutsplus.com" />
+	<target host="business.tutsplus.com" />
+	<target host="cms-assets.tutsplus.com" />
+	<target host="code.tutsplus.com" />
+	<target host="design.tutsplus.com" />
+	<target host="jobs.tutsplus.com" />
+	<target host="static.tutsplus.com" />
+	<target host="support.tutsplus.com" />
+	<target host="www.tutsplus.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -44,7 +51,6 @@
 	<!--securecookie host="^(?:w*\.)?tutsplus\.com$" name=".+" /-->
 
 
-	<rule from="^http://((?:business|cms-assets|code|design|jobs|static|support|www)\.)?tutsplus\.com/"
-		to="https://$1tutsplus.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tux.Org.xml b/src/chrome/content/rules/Tux.Org.xml
index 3609be1eedeb..14af635b7b67 100644
--- a/src/chrome/content/rules/Tux.Org.xml
+++ b/src/chrome/content/rules/Tux.Org.xml
@@ -12,7 +12,7 @@
 
 	<target host="tux.org" />
 	<target host="www.tux.org" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/TuxFamily.org.xml b/src/chrome/content/rules/TuxFamily.org.xml
index bdc91483d5b2..49c1b551fe24 100644
--- a/src/chrome/content/rules/TuxFamily.org.xml
+++ b/src/chrome/content/rules/TuxFamily.org.xml
@@ -175,7 +175,7 @@ pics.glx-dock.org ³
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="TuxFamily.org (partial)" default_off='failed ruleset test'>
+<ruleset name="TuxFamily.org (partial)" default_off="failed ruleset test">
 
 	<target host="tuxfamily.org" />
 	<target host="*.tuxfamily.org" />
diff --git a/src/chrome/content/rules/Tvp.pl.xml b/src/chrome/content/rules/Tvp.pl.xml
new file mode 100644
index 000000000000..306843e24f22
--- /dev/null
+++ b/src/chrome/content/rules/Tvp.pl.xml
@@ -0,0 +1,155 @@
+<!--
+	Active mixed content:
+		- abc.tvp.pl
+		- bawsieslowami.tvp.pl
+		- chopin2015.tvp.pl
+		- festiwalopole.tvp.pl
+		- halopolonia.tvp.pl
+		- krotkahistoria.tvp.pl
+		- magazynzameryki.tvp.pl
+		- magazynzwysp.tvp.pl
+		- oczywoczy.tvp.pl
+		- polonia24.tvp.pl
+		- racjastanu.tvp.pl
+		- rozmowapolonii.tvp.pl
+		- seriale.tvp.pl
+		- tvpkultura.tvp.pl
+		- tvp1.tvp.pl
+		- zziajani.tvp.pl
+		- wilnoteka.tvp.pl
+
+	Connection refused:
+		- ww21.tvp.pl
+
+	Invalid certificate:
+		- ciechocinek.tvp.pl
+		- manager.tvp.pl
+		- menedzer.tvp.pl
+		- sarnowek.tvp.pl
+		- telegazeta.tvp.pl
+
+	Redirects to HTTP:
+		- sport.tvp.pl
+
+	Wildcard certificate and DNS:
+		- *.tvp.pl: All work over HTTPS except for those listed above
+		- *.*.tvp.pl: None work over HTTPS except for www.vod.tvp.pl
+-->
+
+<ruleset name="Tvp.pl">
+	<target host="tvp.pl" />
+	<target host="www.tvp.pl" />
+	<target host="50plus.tvp.pl" />
+	<target host="60latlodz.tvp.pl" />
+	<target host="abonament.tvp.pl" />
+	<target host="agencitarczy.tvp.pl" />
+	<target host="akademia.tvp.pl" />
+	<target host="avod.tvp.pl" />
+	<target host="bakeoff.tvp.pl" />
+	<target host="beta.tvp.pl" />
+	<target host="bialystok.tvp.pl" />
+	<target host="bydgoszcz.tvp.pl" />
+	<target host="centruminformacji.tvp.pl" />
+	<target host="dladzieci.tvp.pl" />
+	<target host="dniotwarte.tvp.pl" />
+	<target host="dwateatry.tvp.pl" />
+	<target host="dystrybucja.tvp.pl" />
+	<target host="dziendobrypolsko.tvp.pl" />
+	<target host="edu.tvp.pl" />
+	<target host="ekoagent.tvp.pl" />
+	<target host="euro2012.tvp.pl" />
+	<target host="eurowizja.tvp.pl" />
+	<target host="extratime.tvp.pl" />
+	<target host="festiwalromow.tvp.pl" />
+	<target host="filmoteka.tvp.pl" />
+	<target host="fryderyki.tvp.pl" />
+	<target host="gdansk.tvp.pl" />
+	<target host="gorzow.tvp.pl" />
+	<target host="hd.tvp.pl" />
+	<target host="historia.tvp.pl" />
+	<target host="hithithurra.tvp.pl" />
+	<target host="iteatr.tvp.pl" />
+	<target host="jaknasodbierac.tvp.pl" />
+	<target host="kabaretop.tvp.pl" />
+	<target host="kabarety.tvp.pl" />
+	<target host="katowice.tvp.pl" />
+	<target host="kielce.tvp.pl" />
+	<target host="kliper.tvp.pl" />
+	<target host="kochamciepolsko.tvp.pl" />
+	<target host="komediowascenadwojki.tvp.pl" />
+	<target host="komunikaty.tvp.pl" />
+	<target host="krakow.tvp.pl" />
+	<target host="licencje.tvp.pl" />
+	<target host="lodz.tvp.pl" />
+	<target host="londyn2012.tvp.pl" />
+	<target host="lublin.tvp.pl" />
+	<target host="magazynekspresureporterow.tvp.pl" />
+	<target host="maklowiczwpodrozy.tvp.pl" />
+	<target host="mjakmilosc.tvp.pl" />
+	<target host="mundial2014.tvp.pl" />
+	<target host="nadobre.tvp.pl" />
+	<target host="nasygnale.tvp.pl" />
+	<target host="niepodleglapolska.tvp.pl" />
+	<target host="ojciecmateusz.tvp.pl" />
+	<target host="olsztyn.tvp.pl" />
+	<target host="omniesieniemartw.tvp.pl" />
+	<target host="opole.tvp.pl" />
+	<target host="panorama.tvp.pl" />
+	<target host="paraolimpiada2016.tvp.pl" />
+	<target host="playoutautomation.tvp.pl" />
+	<target host="polacypolakom.tvp.pl" />
+	<target host="polonia.tvp.pl" />
+	<target host="polskapomaga.tvp.pl" />
+	<target host="poznan.tvp.pl" />
+	<target host="przepisdnia.tvp.pl" />
+	<target host="przetargi.tvp.pl" />
+	<target host="psn.tvp.pl" />
+	<target host="pvr-152.tvp.pl" />
+	<target host="pytanienasniadanie.tvp.pl" />
+	<target host="ranczo.tvp.pl" />
+	<target host="reklamadzieciom.tvp.pl" />
+	<target host="rodzinka.tvp.pl" />
+	<target host="rolnikszukazony.tvp.pl" />
+	<target host="ropat.tvp.pl" />
+	<target host="rozrywka.tvp.pl" />
+	<target host="rsdt-waw201-67.tvp.pl" />
+	<target host="rsdt-waw301-163.tvp.pl" />
+	<target host="rzeszow.tvp.pl" />
+	<target host="s.tvp.pl" />
+	<target host="sales.tvp.pl" />
+	<target host="sdt-plix33-21.tvp.pl" />
+	<target host="sdt-plix43-43.tvp.pl" />
+	<target host="sklep.tvp.pl" />
+	<target host="slodkoiwytrawnie.tvp.pl" />
+	<target host="smolensk.tvp.pl" />
+	<target host="sportmikrocms.tvp.pl" />
+	<target host="strefaigrzyska.tvp.pl" />
+	<target host="swieta.tvp.pl" />
+	<target host="sylwester.tvp.pl" />
+	<target host="szczecin.tvp.pl" />
+	<target host="tanczacyznatura.tvp.pl" />
+	<target host="teleexpress.tvp.pl" />
+	<target host="tvp2.tvp.pl" />
+	<target host="tvp3.tvp.pl" />
+	<target host="tvprozrywka.tvp.pl" />
+	<target host="tvpstream.tvp.pl" />
+	<target host="tygodnik.tvp.pl" />
+	<target host="vod.tvp.pl" />
+	<target host="www.vod.tvp.pl" />
+	<target host="voice.tvp.pl" />
+	<target host="voicekids.tvp.pl" />
+	<target host="warszawa.tvp.pl" />
+	<target host="wiadomosci.tvp.pl" />
+	<target host="wiedza.tvp.pl" />
+	<target host="wielkietesty.tvp.pl" />
+	<target host="wielkitest.tvp.pl" />
+	<target host="wielkitestozdrowiu.tvp.pl" />
+	<target host="wielkitestzhistorii.tvp.pl" />
+	<target host="wieniawski2016.tvp.pl" />
+	<target host="wroclaw.tvp.pl" />
+	<target host="zatrzymajchwile.tvp.pl" />
+	<target host="zusbezgranic.tvp.pl" />
+	<target host="zycieodkuchni.tvp.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Twattle.net.xml b/src/chrome/content/rules/Twattle.net.xml
index 2920f0585b93..3a707c57d88f 100644
--- a/src/chrome/content/rules/Twattle.net.xml
+++ b/src/chrome/content/rules/Twattle.net.xml
@@ -11,7 +11,7 @@
 		- (www.)?	(www → ^)
 
 
-	Insecure cookies are set for these 
+	Insecure cookies are set for these
 
 		- twattle.net
 
diff --git a/src/chrome/content/rules/Tweakers.net.xml b/src/chrome/content/rules/Tweakers.net.xml
index b80eb422437f..f89ddad1f7cc 100644
--- a/src/chrome/content/rules/Tweakers.net.xml
+++ b/src/chrome/content/rules/Tweakers.net.xml
@@ -20,7 +20,9 @@
 <ruleset name="Tweakers.net">
 
 	<target host="tweakimg.net" />
-	<target host="*.tweakimg.net" />
+	<target host="ic.tweakimg.net" />
+	<target host="www.tweakimg.net" />
+	<target host="www.ic.tweakimg.net" />
 		<!--
 			https://trac.torproject.org/projects/tor/ticket/8340
 										-->
diff --git a/src/chrome/content/rules/TweetAdder.com.xml b/src/chrome/content/rules/TweetAdder.com.xml
index 98d94c476de2..ec689f8717c2 100644
--- a/src/chrome/content/rules/TweetAdder.com.xml
+++ b/src/chrome/content/rules/TweetAdder.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.tweetadder.com/ => https://www.tweetadder.com/: (51, "SS
 		- www.tweetadder.com
 
 -->
-<ruleset name="TweetAdder.com (partial)" default_off='failed ruleset test'>
+<ruleset name="TweetAdder.com (partial)" default_off="failed ruleset test">
 
 	<target host="tweetadder.com" />
 	<!--target host="support.tweetadder.com" /-->
diff --git a/src/chrome/content/rules/TweetSave.com.xml b/src/chrome/content/rules/TweetSave.com.xml
deleted file mode 100644
index 3070db33e59c..000000000000
--- a/src/chrome/content/rules/TweetSave.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="TweetSave.com">
-	<target host="tweetsave.com" />
-	<target host="www.tweetsave.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Twenga.com-falsemixed.xml b/src/chrome/content/rules/Twenga.com-falsemixed.xml
index 10acd050dad6..54f15fc8b6ee 100644
--- a/src/chrome/content/rules/Twenga.com-falsemixed.xml
+++ b/src/chrome/content/rules/Twenga.com-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://blog.twenga.com/ => https://blog.twenga.com/: (28, 'Connecti
 	For rules not causing false/broken MCB, see Twenga.com.xml.
 
 -->
-<ruleset name="Twenga.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Twenga.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="blog.twenga.com" />
 
diff --git a/src/chrome/content/rules/Twenga.com.xml b/src/chrome/content/rules/Twenga.com.xml
index b628c2b74448..728ae35834a1 100644
--- a/src/chrome/content/rules/Twenga.com.xml
+++ b/src/chrome/content/rules/Twenga.com.xml
@@ -49,10 +49,10 @@
 					-->
 			<test url="http://blog.twenga.com/" />
 			<test url="http://blog.twenga.com/css.php" />
-			<test url="http://blog.twenga.com/wp-login.php" />
+			<test url="http://blog.twenga.com/css.php?ts=20180318" />
 			<test url="http://blog.twenga.com/wp-login.php" />
 
-		<test url="http://dynstatic.twenga.com/ressource/url/image/?k=424_0_0&amp;e=&amp;d=http%3A%2F%2Fwww.twenga.com" />
+		<test url="http://dynstatic.twenga.com/" /><!-- 403 Forbidden on Travis -->
 		<test url="http://i00.twenga.com/cms/img_75577.jpg" />
 		<test url="http://i20.twenga.com/jewelry/earrings/detachable-10-components-earrings-tp_2387598266290741051b.jpg" />
 		<test url="http://i21.twenga.com/jewelry/earrings/george-kovacs-earring-mini-tp_8713335219619646942b.jpg" />
diff --git a/src/chrome/content/rules/Twiago.com.xml b/src/chrome/content/rules/Twiago.com.xml
new file mode 100644
index 000000000000..6e08a6139ed3
--- /dev/null
+++ b/src/chrome/content/rules/Twiago.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="Twiago.com">
+
+	<target host="twiago.com" />
+	<target host="www.twiago.com" />
+	<target host="a.twiago.com" />
+	<target host="b.twiago.com" />
+	<target host="cdn.twiago.com" />
+	<target host="control.twiago.com" />
+	<target host="reco.twiago.com" />
+	<target host="sbtool.twiago.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Twingly.xml b/src/chrome/content/rules/Twingly.xml
index 67bcdcd548b4..dfe78c9aec07 100644
--- a/src/chrome/content/rules/Twingly.xml
+++ b/src/chrome/content/rules/Twingly.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Twinprime.com.xml b/src/chrome/content/rules/Twinprime.com.xml
index 59b4d0de1ccd..0f498dfba573 100644
--- a/src/chrome/content/rules/Twinprime.com.xml
+++ b/src/chrome/content/rules/Twinprime.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://support.twinprime.com/ => https://support.twinprime.com/: (2
 		- go.twinprime.com (certificate mismatch)
 
 -->
-<ruleset name="Twinprime.com" default_off='failed ruleset test'>
+<ruleset name="Twinprime.com" default_off="failed ruleset test">
 	<target host="twinprime.com" />
 	<target host="www.twinprime.com" />
 
diff --git a/src/chrome/content/rules/TwinsOrNot.Net.xml b/src/chrome/content/rules/TwinsOrNot.Net.xml
index c48c7dd3d658..72357511b5b3 100644
--- a/src/chrome/content/rules/TwinsOrNot.Net.xml
+++ b/src/chrome/content/rules/TwinsOrNot.Net.xml
@@ -6,7 +6,7 @@ Fetch error: http://twinsornot.net/ => https://twinsornot.net/: (7, 'Failed to c
 	For other Microsoft coverage, see Microsoft.xml.
 -->
 
-<ruleset name="TwinsOrNot.Net" default_off='failed ruleset test'>
+<ruleset name="TwinsOrNot.Net" default_off="failed ruleset test">
 	<target host=    "twinsornot.net" />
 	<target host="www.twinsornot.net" />
 
diff --git a/src/chrome/content/rules/Twistage.xml b/src/chrome/content/rules/Twistage.xml
index 36e8ea879fa6..d8ad3995befd 100644
--- a/src/chrome/content/rules/Twistage.xml
+++ b/src/chrome/content/rules/Twistage.xml
@@ -26,4 +26,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Twisted4Life.xml b/src/chrome/content/rules/Twisted4Life.xml
index 312243beaef0..67df068aacb1 100644
--- a/src/chrome/content/rules/Twisted4Life.xml
+++ b/src/chrome/content/rules/Twisted4Life.xml
@@ -5,11 +5,11 @@ Fetch error: http://twisted4life.com/ => https://twisted4life.com/: (60, 'SSL ce
 Fetch error: http://www.twisted4life.com/ => https://www.twisted4life.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Twisted4Life" default_off='failed ruleset test'>
+<ruleset name="Twisted4Life" default_off="failed ruleset test">
   <target host="twisted4life.com" />
   <target host="www.twisted4life.com" />
 
-  <securecookie host="^(?:.+\.)?twisted4life\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/TwistedMatrix.xml b/src/chrome/content/rules/TwistedMatrix.xml
index 0cfb643f05b9..1f2070188392 100644
--- a/src/chrome/content/rules/TwistedMatrix.xml
+++ b/src/chrome/content/rules/TwistedMatrix.xml
@@ -41,7 +41,7 @@ Fetch error: http://speed.twistedmatrix.com/ => https://speed.twistedmatrix.com/
 	* Mismatched, CN: www.twistedmatrix.com
 
 -->
-<ruleset name="TwistedMatrix.com" default_off='failed ruleset test'>
+<ruleset name="TwistedMatrix.com" default_off="failed ruleset test">
 
 	<target host="twistedmatrix.com" />
 	<target host="glyph.twistedmatrix.com" />
diff --git a/src/chrome/content/rules/TwitCasting.tv.xml b/src/chrome/content/rules/TwitCasting.tv.xml
new file mode 100644
index 000000000000..a7c81bd3d206
--- /dev/null
+++ b/src/chrome/content/rules/TwitCasting.tv.xml
@@ -0,0 +1,20 @@
+<!--
+	Note: *.twitcasting.tv has a wildcard DNS record and certificate.
+
+	Non-functional hosts:
+		Refused:
+		- movie.twitcasting.tv
+-->
+<ruleset name="TwitCasting.tv">
+	<target host="twitcasting.tv" />
+	<target host="www.twitcasting.tv" />
+	<target host="en.twitcasting.tv" />
+	<target host="es.twitcasting.tv" />
+	<target host="ja.twitcasting.tv" />
+	<target host="pt.twitcasting.tv" />
+	<target host="ssl.twitcasting.tv" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TwitCasting.xml b/src/chrome/content/rules/TwitCasting.xml
deleted file mode 100644
index 690d5bb876b3..000000000000
--- a/src/chrome/content/rules/TwitCasting.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://twitcasting.tv/ => http://twitcasting.tv/: invalid group reference at position 13 ^http://(?:movie|ssl)\.twitcasting\.tv/
-
--->
-<ruleset name="TwitCasting (partial)" default_off='failed ruleset test'>
-
-	<target host="twitcasting.tv" />
-	<target host="*.twitcasting.tv" />
-
-
-	<!--	(www.), and cc don't match cert,
-		but these data are on ssl.	-->
-	<rule from="^http://(?:en\.|ja\.|pt\.|www\.)?twitcasting\.tv/(css|img|swf)/"
-		to="https://ssl.twitcasting.tv/$1/" />
-
-	<!--	Same story for movie.	-->
-	<rule from="^http://(?:movie|ssl)\.twitcasting\.tv/"
-		to="https://$1.twitcasting.tv/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Twitch.tv.xml b/src/chrome/content/rules/Twitch.tv.xml
index 5e91ede809e8..9f95382f71f9 100644
--- a/src/chrome/content/rules/Twitch.tv.xml
+++ b/src/chrome/content/rules/Twitch.tv.xml
@@ -25,7 +25,7 @@
 		<test url="http://vod.edgecast.hls.ttvnw.net/" />
 		<test url="http://vod.l3.hls.ttvnw.net/" />
 	<target host="usher.ttvnw.net" />
-	
+
 	<!-- *twitch.tv -->
 	<target host="twitch.tv" />
 	<target host="www.twitch.tv" />
@@ -45,6 +45,6 @@
 	<target host="secure.twitch.tv" />
 	<target host="spade.twitch.tv" />
 	<target host="tmi.twitch.tv" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Twitter-Counter.xml b/src/chrome/content/rules/Twitter-Counter.xml
index af838959d95c..c8c4e5f2f889 100644
--- a/src/chrome/content/rules/Twitter-Counter.xml
+++ b/src/chrome/content/rules/Twitter-Counter.xml
@@ -1,10 +1,10 @@
 <!--
  	Problematic hosts in *twittercounter.com:
- 
+
  		- help ᵐ
 		- press ᵐ
 		- styleguide ³
- 
+
 	ᵐ Mismatched
 	³: Serves different content on http/https
 
diff --git a/src/chrome/content/rules/Two-Seasons.xml b/src/chrome/content/rules/Two-Seasons.xml
index 3f76a397a2e3..88ffdba6f604 100644
--- a/src/chrome/content/rules/Two-Seasons.xml
+++ b/src/chrome/content/rules/Two-Seasons.xml
@@ -3,7 +3,7 @@
 	<target host="twoseasons.co.uk"/>
 	<target host="www.twoseasons.co.uk"/>
 
-	<securecookie host="^(?:.*\.)?twoseasons\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?twoseasons\.co\.uk/"
 		to="https://www.twoseasons.co.uk/"/>
diff --git a/src/chrome/content/rules/Two_Roads.xml b/src/chrome/content/rules/Two_Roads.xml
index 306beff1b05d..9f2eaf4f4e90 100644
--- a/src/chrome/content/rules/Two_Roads.xml
+++ b/src/chrome/content/rules/Two_Roads.xml
@@ -1,13 +1,14 @@
 <ruleset name="Two Roads">
 
 	<target host="2roads.com" />
-	<target host="*.2roads.com" />
+	<target host="fiber.2roads.com" />
+	<target host="news.2roads.com" />
+	<target host="www.2roads.com" />
 
 
 	<securecookie host="^\.2roads\.com$" name=".+" />
 
 
-	<rule from="^http://((?:fiber|news|www)\.)?2roads\.com/"
-		to="https://$12roads.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Two_Sigma.com.xml b/src/chrome/content/rules/Two_Sigma.com.xml
index deea716107f0..2549baba0637 100644
--- a/src/chrome/content/rules/Two_Sigma.com.xml
+++ b/src/chrome/content/rules/Two_Sigma.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://twosigma.com/ => https://twosigma.com/: (6, 'Could not resolve host: twosigma.com')
 
 -->
-<ruleset name="Two Sigma.com" default_off='failed ruleset test'>
+<ruleset name="Two Sigma.com" default_off="failed ruleset test">
 
 	<target host="twosigma.com" />
 	<target host="www.twosigma.com" />
diff --git a/src/chrome/content/rules/Twtpoll.com.xml b/src/chrome/content/rules/Twtpoll.com.xml
index 93db581a7f52..99ee76f7dd5c 100644
--- a/src/chrome/content/rules/Twtpoll.com.xml
+++ b/src/chrome/content/rules/Twtpoll.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://twtpoll.com/ => https://twtpoll.com/: (51, "SSL: no alternat
 	* Secured by us
 
 -->
-<ruleset name="Twtpoll.com" default_off='failed ruleset test'>
+<ruleset name="Twtpoll.com" default_off="failed ruleset test">
 
 	<target host="twtpoll.com" />
 	<target host="www.twtpoll.com" />
diff --git a/src/chrome/content/rules/Twylah.com.xml b/src/chrome/content/rules/Twylah.com.xml
index b609ddd04306..24e334676f7c 100644
--- a/src/chrome/content/rules/Twylah.com.xml
+++ b/src/chrome/content/rules/Twylah.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.twylah.com/ => https://www.twylah.com/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="Twylah.com" default_off='failed ruleset test'>
+<ruleset name="Twylah.com" default_off="failed ruleset test">
 
 	<target host="twylah.com" />
 	<target host="www.twylah.com" />
diff --git a/src/chrome/content/rules/Tyndall.ie.xml b/src/chrome/content/rules/Tyndall.ie.xml
index 5ffbd24eb844..a46ea5282ee0 100644
--- a/src/chrome/content/rules/Tyndall.ie.xml
+++ b/src/chrome/content/rules/Tyndall.ie.xml
@@ -4,13 +4,10 @@
 -->
 <ruleset name="Tyndall.ie">
 
-	<target host="*.tyndall.ie" />
+	<target host="www.tyndall.ie" />
 
 
-	<securecookie host="^\.tyndall\.ie$" name=".+" />
 
-
-	<rule from="^http://www\.tyndall\.ie/"
-		to="https://www.tyndall.ie/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml b/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml
index e582794f1b1c..b73a404d781d 100644
--- a/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml
+++ b/src/chrome/content/rules/Tyo-ja-elinkeinoministerio.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://tem.fi/ (200) => https://www.tem.fi/ (404)
 Non-2xx HTTP code: http://www.tem.fi/ (200) => https://www.tem.fi/ (404)
 
 -->
-<ruleset name="Ty&#246;- ja elinkeinoministeri&#246;" default_off='failed ruleset test'>
+<ruleset name="Ty&#246;- ja elinkeinoministeri&#246;" default_off="failed ruleset test">
 	<target host="tem.fi"/>
 	<target host="www.tem.fi"/>
 
diff --git a/src/chrome/content/rules/Typ.io.xml b/src/chrome/content/rules/Typ.io.xml
new file mode 100644
index 000000000000..fd866d9263e9
--- /dev/null
+++ b/src/chrome/content/rules/Typ.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="Typ.io">
+	<target host="typ.io" />
+	<target host="www.typ.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/TypeRacer.com.xml b/src/chrome/content/rules/TypeRacer.com.xml
new file mode 100644
index 000000000000..4941614280cc
--- /dev/null
+++ b/src/chrome/content/rules/TypeRacer.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="TypeRacer.com">
+	<target host="typeracer.com" />
+	<target host="www.typeracer.com" />
+	<target host="blog.typeracer.com" />
+	<target host="data.typeracer.com" />
+	<target host="play.typeracer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Typography.com.xml b/src/chrome/content/rules/Typography.com.xml
index 1dd04039ccea..09945070a1e6 100644
--- a/src/chrome/content/rules/Typography.com.xml
+++ b/src/chrome/content/rules/Typography.com.xml
@@ -15,7 +15,10 @@
 <ruleset name="Typography.com (partial)">
 
 	<target host="typography.com" />
-	<target host="*.typography.com" />
+	<target host="www.typography.com" />
+	<target host="cloud.typography.com" />
+	<target host="secure.typography.com" />
+	<target host="ssl.typography.com" />
 
 
 	<securecookie host="^\.typography\.com$" name="^__utm\w+$" />
diff --git a/src/chrome/content/rules/Typora.io.xml b/src/chrome/content/rules/Typora.io.xml
new file mode 100644
index 000000000000..092b47aea5cb
--- /dev/null
+++ b/src/chrome/content/rules/Typora.io.xml
@@ -0,0 +1,11 @@
+<ruleset name="Typora.io">
+
+	<target host="typora.io" />
+	<target host="www.typora.io" />
+	<target host="support.typora.io" />
+	<target host="theme.typora.io" />
+	<target host="typeweb.typora.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Typora.xml b/src/chrome/content/rules/Typora.xml
deleted file mode 100644
index 1f2fdbfd2f6a..000000000000
--- a/src/chrome/content/rules/Typora.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Typora">
-	
-	<target host="typora.io" />
-	<target host="www.typora.io" />
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Typotheque.xml b/src/chrome/content/rules/Typotheque.xml
index 91858ec68f75..eebffc174b9f 100644
--- a/src/chrome/content/rules/Typotheque.xml
+++ b/src/chrome/content/rules/Typotheque.xml
@@ -1,45 +1,16 @@
 <!--
 	Other Typotheque rulesets:
 
-		- TPTQ-Arabic.com.xml
-		- Works_That_Work.com.xml
-
-
-	CDN buckets:
-
-		- s3-eu-west-1.amazonaws.com/fonts-ireland.typotheque.com
-		- tptqimages.s3.amazonaws.com
-
-			- equivalent to d39zsn48xaymk0.cloudfront.net
-
-		- d2jttos6a7myat.cloudfront.net
-
+		+ TPTQ-Arabic.com.xml
+		+ Works_That_Work.com.xml
 -->
 <ruleset name="Typotheque.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
 	<target host="typotheque.com" />
+	<target host="www.typotheque.com" />
 	<target host="fonts.typotheque.com" />
 	<target host="wf.typotheque.com" />
-	<target host="www.typotheque.com" />
-
-	<!--	Complications:
-				-->
-	<target host="im.typotheque.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.typotheque\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://im\.typotheque\.com/"
-		to="https://tptqimages.s3.amazonaws.com/" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/U-Tokyo.ac.jp.xml b/src/chrome/content/rules/U-Tokyo.ac.jp.xml
index 659371ace188..11b623b2e56a 100644
--- a/src/chrome/content/rules/U-Tokyo.ac.jp.xml
+++ b/src/chrome/content/rules/U-Tokyo.ac.jp.xml
@@ -70,7 +70,20 @@
 -->
 <ruleset name="U-Tokyo.ac.jp (partial)">
 
-	<target host="*.u-tokyo.ac.jp" />
+	<target host="davm.ecc.u-tokyo.ac.jp" />
+	<target host="davw.ecc.u-tokyo.ac.jp" />
+	<target host="itc-lms.ecc.u-tokyo.ac.jp" />
+	<target host="lecture.ecc.u-tokyo.ac.jp" />
+	<target host="ms.ecc.u-tokyo.ac.jp" />
+	<target host="ras.ecc.u-tokyo.ac.jp" />
+	<target host="secure.ecc.u-tokyo.ac.jp" />
+	<target host="mbc.dl.itc.u-tokyo.ac.jp" />
+	<target host="opac.dl.itc.u-tokyo.ac.jp" />
+	<target host="gateway.itc.u-tokyo.ac.jp" />
+	<target host="kiku.itc.u-tokyo.ac.jp" />
+	<target host="park-ssl.itc.u-tokyo.ac.jp" />
+	<target host="www.nc.u-tokyo.ac.jp" />
+	<target host="payment.utf.u-tokyo.ac.jp" />
 
 
 	<!--	Not secured by server:
@@ -83,7 +96,6 @@
 	<securecookie host="^(?:dav[mw]|itc-lms|lecture)\.ecc\.u-tokyo\.ac\.jp$" name=".+" />
 
 
-	<rule from="^http://((?:dav[mw]|itc-lms|lecture|ms|ras|secure)\.ecc|(?:mbc\.dl|opac\.dl|gateway|kiku|park-ssl)\.itc|www\.nc|payment\.utf)\.u-tokyo\.ac\.jp/"
-		to="https://$1.u-tokyo.ac.jp/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/U-by-Kotex-Australia.xml b/src/chrome/content/rules/U-by-Kotex-Australia.xml
index c73d5e8aaf76..d1f021d70310 100644
--- a/src/chrome/content/rules/U-by-Kotex-Australia.xml
+++ b/src/chrome/content/rules/U-by-Kotex-Australia.xml
@@ -5,4 +5,4 @@
 	<securecookie host="^www\.ubykotex\.com\.au$" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UA.edu-falsemixed.xml b/src/chrome/content/rules/UA.edu-falsemixed.xml
index ea2bb7abba32..69406743ec47 100644
--- a/src/chrome/content/rules/UA.edu-falsemixed.xml
+++ b/src/chrome/content/rules/UA.edu-falsemixed.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.as.au.edu/ => https://www.as.eu.edu/: (6, 'Could not res
 	For rules not causing false/broken MCB, see UA.edu.xml.
 
 -->
-<ruleset name="UA.edu (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="UA.edu (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="as.au.edu" />
 	<target host="www.as.au.edu" />
diff --git a/src/chrome/content/rules/UAB.edu.xml b/src/chrome/content/rules/UAB.edu.xml
new file mode 100644
index 000000000000..8a0045d6bc55
--- /dev/null
+++ b/src/chrome/content/rules/UAB.edu.xml
@@ -0,0 +1,215 @@
+<!--
+	For subdomains other than www, this ruleset only covers domains which do not redirect.
+	This is due to the fact that many old domains redirect to some location on www.uab.edu,
+	but there may be content still on the subdomain. For example, http://www.music.uab.edu/
+	redirects to https://www.uab.edu/cas/music/, but http://www.music.uab.edu/Studio.html
+	still exists and is not available on www.uab.edu.
+-->
+<ruleset name="UAB.edu (Partial)">
+	<!-- Main site -->
+	<target host="uab.edu" />
+	<target host="www.uab.edu" />
+	<target host="m.uab.edu" />
+
+	<!-- ad.uab.edu -->
+	<target host="irap-apps.ad.uab.edu" />
+	<target host="irapreports.ad.uab.edu" />
+	<target host="itisadglcy.ad.uab.edu" />
+	<target host="itisapps.ad.uab.edu" />
+	<target host="itislcy.ad.uab.edu" />
+	<target host="profiles-extras.ad.uab.edu" />
+	<target host="soncadb.ad.uab.edu" />
+	<target host="surplus.ad.uab.edu" />
+
+	<!-- anesthesiology.uab.edu -->
+	<target host="anes-nextcloud.anesthesiology.uab.edu" />
+	<target host="anes-owncloud.anesthesiology.uab.edu" />
+	<target host="anes-prtg.anesthesiology.uab.edu" />
+	<target host="anes-prtg2.anesthesiology.uab.edu" />
+	<target host="anes-rocket.anesthesiology.uab.edu" />
+	<target host="anes-sccm.anesthesiology.uab.edu" />
+	<target host="anes-vcenter.anesthesiology.uab.edu" />
+	<target host="anes-wiki.anesthesiology.uab.edu" />
+
+	<!-- business.uab.edu -->
+	<target host="ipeer.business.uab.edu" />
+	<target host="sales.business.uab.edu" />
+	<target host="www.business.uab.edu" />
+
+	<!-- cas.uab.edu -->
+	<target host="cas.uab.edu" />
+	<target host="cloud.cas.uab.edu" />
+	<target host="people.cas.uab.edu" />
+	<target host="remote.cas.uab.edu" />
+
+	<!-- cis.uab.edu -->
+	<target host="acm.cis.uab.edu" />
+	<target host="gitlab.cis.uab.edu" />
+	<target host="registry.gitlab.cis.uab.edu" />
+	<target host="info.cis.uab.edu" />
+
+	<!-- cme.uab.edu -->
+	<target host="www.ccts.cme.uab.edu" />
+	<target host="courses.cme.uab.edu" />
+	<target host="fmapp.cme.uab.edu" />
+
+	<!-- cs.uab.edu -->
+	<target host="acm.cs.uab.edu" />
+	<target host="ccl.cs.uab.edu" />
+	<target host="gitlab.cs.uab.edu" />
+	<target host="registry.gitlab.cs.uab.edu" />
+	<target host="info.cs.uab.edu" />
+	<target host="vorlon.cs.uab.edu" />
+
+	<!-- dom.uab.edu -->
+	<target host="apps.dom.uab.edu" />
+	<target host="dmsrv.dom.uab.edu" />
+	<target host="dopm-redcap.dom.uab.edu" />
+	<target host="metrics.dom.uab.edu" />
+	<target host="rctest.dom.uab.edu" />
+	<target host="redcap.dom.uab.edu" />
+	<target host="redcapdev.dom.uab.edu" />
+	<target host="support.dom.uab.edu" />
+	<target host="uablf.dom.uab.edu" />
+
+	<!-- dopm.uab.edu -->
+	<target host="www.cardia.dopm.uab.edu" />
+	<target host="crowdsource.dopm.uab.edu" />
+	<target host="mhrcprojects.dopm.uab.edu" />
+	<target host="dev.mhrcprojects.dopm.uab.edu" />
+
+	<!-- dpo.uab.edu -->
+	<target host="758vpndpo1.dpo.uab.edu" />
+	<target host="758vpndpo2.dpo.uab.edu" />
+	<target host="arkromeo.dpo.uab.edu" />
+	<target host="dropbox.dpo.uab.edu" />
+	<target host="hatteras.dpo.uab.edu" />
+	<target host="padlock.dpo.uab.edu" />
+	<target host="shib.dpo.uab.edu" />
+	<target host="shibdev.dpo.uab.edu" />
+	<target host="vpndpo.dpo.uab.edu" />
+	<target host="www.dpo.uab.edu" />
+
+	<!-- eyes.uab.edu -->
+	<target host="support.eyes.uab.edu" />
+	<target host="survey.eyes.uab.edu" />
+
+	<!-- genome.uab.edu -->
+	<target host="cartwheel.genome.uab.edu" />
+	<target host="galaxy.genome.uab.edu" />
+	<target host="galaxydev.genome.uab.edu" />
+	<target host="wiki.genome.uab.edu" />
+
+	<!-- hs.uab.edu -->
+	<target host="webmail.ad.hs.uab.edu" />
+	<target host="ambassador.hs.uab.edu" />
+	<target host="contact.hs.uab.edu" />
+	<target host="mytoken.hs.uab.edu" />
+	<target host="vpnuabmed.hs.uab.edu" />
+	<target host="webmail.hs.uab.edu" />
+
+	<!-- idm.uab.edu -->
+	<target host="idm.uab.edu" />
+	<target host="apps.idm.uab.edu" />
+	<target host="blazerhubdev.idm.uab.edu" />
+	<target host="idm-shbprdas01.idm.uab.edu" />
+	<target host="padlock.idm.uab.edu" />
+
+	<!-- it.uab.edu -->
+	<target host="ask.it.uab.edu" />
+	<target host="askblaze.it.uab.edu" />
+	<target host="www.askblaze.it.uab.edu" />
+	<target host="lists.it.uab.edu" />
+	<target host="lsv.it.uab.edu" />
+	<target host="remote.it.uab.edu" />
+
+	<!-- lhl.uab.edu -->
+	<target host="dl1.lhl.uab.edu" />
+	<target host="login.ezproxy3.lhl.uab.edu" />
+	<target host="www-clinicalkey-com.ezproxy3.lhl.uab.edu" />
+	<target host="www-uptodate-com.ezproxy3.lhl.uab.edu" />
+	<target host="www.lhl.uab.edu" />
+
+	<!-- library.uab.edu -->
+	<target host="library.uab.edu" />
+	<target host="askus.library.uab.edu" />
+	<target host="libcal.library.uab.edu" />
+	<target host="www.library.uab.edu" />
+
+	<!-- medicine.uab.edu -->
+	<target host="apps.medicine.uab.edu" />
+	<target host="jackie.medicine.uab.edu" />
+	<target host="somvideos.medicine.uab.edu" />
+
+	<!-- peds.uab.edu -->
+	<target host="diagvirolab.peds.uab.edu" />
+	<target host="mail.peds.uab.edu" />
+	<target host="pedsview.peds.uab.edu" />
+	<target host="redcap.peds.uab.edu" />
+	<target host="www.residency.peds.uab.edu" />
+
+	<!-- rc.uab.edu -->
+	<target host="ps-sd.rc.uab.edu" />
+	<target host="torana.rc.uab.edu" />
+	<target host="vislab.rc.uab.edu" />
+	<target host="xnat.rc.uab.edu" />
+
+	<!-- som.uab.edu -->
+	<target host="som.uab.edu" />
+	<target host="admissions.som.uab.edu" />
+	<target host="cmecourses.som.uab.edu" />
+	<target host="specialapp.som.uab.edu" />
+
+	<!-- soph.uab.edu -->
+	<target host="biostat.soph.uab.edu" />
+	<target host="media.soph.uab.edu" />
+	<target host="redcap.soph.uab.edu" />
+	<target host="serve.soph.uab.edu" />
+	<target host="thebeathive.soph.uab.edu" />
+
+	<!-- uabgrid.uab.edu -->
+	<target host="dev.uabgrid.uab.edu" />
+	<target host="docs.uabgrid.uab.edu" />
+	<target host="galaxy.uabgrid.uab.edu" />
+	<target host="projects.uabgrid.uab.edu" />
+	<target host="trac.uabgrid.uab.edu" />
+
+	<!-- Everything else -->
+	<target host="webpearls.aging.uab.edu" />
+	<target host="bb.uab.edu" />
+	<target host="fermentation.bmg.uab.edu" />
+	<target host="businessdegrees.uab.edu" />
+	<target host="calendar.uab.edu" />
+	<target host="voicemail.comm.uab.edu" />
+	<target host="educationabroad.uab.edu" />
+	<target host="go.uab.edu" />
+	<target host="bioitx.informatics.uab.edu" />
+	<target host="discovery.informatics.uab.edu" />
+	<target host="www.ipf.uab.edu" />
+	<target host="irap.uab.edu" />
+	<target host="labs.uab.edu" />
+	<target host="listserv.uab.edu" />
+	<target host="images.main.uab.edu" />
+	<target host="www.medgrad.uab.edu" />
+	<target host="mediaspace.uab.edu" />
+	<target host="www.mycoplasma.uab.edu" />
+	<target host="norc.uab.edu" />
+	<target host="www.norc.uab.edu" />
+	<target host="offcampushousing.uab.edu" />
+	<target host="www.opt.uab.edu" />
+	<target host="www.paging.uab.edu" />
+	<target host="ttpresearchgroup.path.uab.edu" />
+	<target host="profiles.uab.edu" />
+	<target host="prostudies.uab.edu" />
+	<target host="shockcenter.uab.edu" />
+	<target host="sites.uab.edu" />
+	<target host="ssg4.ssg.uab.edu" />
+	<target host="status.uab.edu" />
+	<target host="studentorgs.uab.edu" />
+	<target host="studentwellness.uab.edu" />
+	<target host="portal.uasomh.uab.edu" />
+	<target host="swhelpdesk.uasomh.uab.edu" />
+	<target host="www.vaccine.uab.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UBS.xml b/src/chrome/content/rules/UBS.xml
index 0bea4d89022f..5b36363d275e 100644
--- a/src/chrome/content/rules/UBS.xml
+++ b/src/chrome/content/rules/UBS.xml
@@ -1,157 +1,120 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://keyinvest.ibb.ubs.com/images/domicile/ubs_logo_investment_research.gif => https://keyinvest.ibb.ubs.com/images/domicile/ubs_logo_investment_research.gif: (35, 'Unknown SSL protocol error in connection to keyinvest.ibb.ubs.com:443 ')
-Fetch error: http://assetgateway.ubs.com/ => https://assetgateway.ubs.com/: (35, 'Unknown SSL protocol error in connection to assetgateway.ubs.com:443 ')
-Fetch error: http://ebanking-asia1.ubs.com/ => https://ebanking-asia1.ubs.com/: (35, 'Unknown SSL protocol error in connection to ebanking-asia1.ubs.com:443 ')
-Fetch error: http://grs.ubs.com/ => https://grs.ubs.com/: (35, 'Unknown SSL protocol error in connection to grs.ubs.com:443 ')
-
-	Nonfunctional ubs.com subdomains:
-
-		- connect ³
-		- financialservicesinc		(times out)
-		- (www.)ibb			(reset)
-		- www1 ³
-		- www2 ³
-	³ Refused
-
-
-	Problematic ubs.com subdomains:
-
-		- ^
-		- ebanking-us *
-
-	* Mismatched
-
-
-	Partially covered ubs.com subdomains:
-
-		- keyinvest.ibb			(some pages-but not all-404)
-
-
-	Fully covered domains:
-
-		- ubs.com subdomains:
-
-			- ^			(→ www)
-			- apps
-			- apps[12]
-			- assetgateway
-			- connect-ch
-			- connect-ch[12]
-			- clientlogin.ibb
-			- clientportal.ibb
-
-			- ebanking-\w+
-
-				- ebanking-asia1
-				- ebanking-au
-				- ebanking-ch
-				- ebanking-de
-				- ebanking-de1
-				- ebanking-es
-				- ebanking-es[12]?
-				- ebanking-it
-				- ebanking-it[12]?
-
-			- grs
-			- jobs
-			- m
-			- neo
-			- onlineservices
-			- privatebank-us
-			- quotes-global
-			- quotes-global2
-			- quotes-public
-			- quotes-public1
-			- realty
-			- sbms
-			- sbms[12]
-			- secure
-			- www
-
-		- www.ubs-static.com		(^ doesn't exist)
-
-
-	Insecure cookies are set for these domains:
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- ubs.com
+		- connect.ubs.com
+		- realty.ubs.com
+		- www1.ubs.com
+		- www2.ubs.com
+
+		SSL connect error:
+		- apps.ubs.com
 		- apps1.ubs.com
-		- ebanking-ch2.ubs.com
-		- www.ubs.com
-
+		- apps2.ubs.com
+		- assetgateway.ubs.com
+		- fusion.ubs.com
+		- grs.ubs.com
+		- clientlogin.ibb.ubs.com
+		- eqi.ibb.ubs.com
+		- liquidalpha.ibb.ubs.com
+		- skc.ibb.ubs.com
+		- swiskey.ibb.ubs.com
+		- swiskey-certificates.ibb.ubs.com
+		- sbms.ubs.com
+		- sbms1.ubs.com
+		- sbms2.ubs.com
+
+		SSL peer certificate was not OK:
+		- financialservices.ubs.com
+		- portfolio.ibb.ubs.com
+		- topsy.ubs.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- uhnw-gfo.ubs.com
+		- young.ubs.com
+
+		Incomplete certificate chain error:
+		- ibol61.ibb.ubs.com
+		- itanywhere.ibb.ubs.com
+		- keyinvest.ibb.ubs.com
+		- research.ibb.ubs.com
+		- selfservice.ibb.ubs.com
+		- marketsurvey.ubs.com
+		- newsletter-pictures.ubs.com
+
+		Site uses weak encryption (TLSv1.1 or earlier):
+		- cfs.ubs.com
+
+		4xx client error:
+		- janap1.ubs.com
+		- jobs.ubs.com
+		- marketingcentral.ubs.com
+		- microsites.ubs.com
 -->
-<ruleset name="UBS.com (partial)" default_off='failed ruleset test'>
+<ruleset name="UBS.com (partial)">
 	<target host="ubs.com" />
-	<target host="*.ubs.com" />
-
-		<exclusion pattern="^http://ebanking-us\.ubs\.com/" />
-
-			<test url="http://ebanking-us.ubs.com/" />
-
-		<exclusion pattern="^http://keyinvest\.ibb\.ubs\.com/(?!images/|styles/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://keyinvest.ibb.ubs.com/k2/DE/de/tiles/overview.ki?1=overview" />
-			<test url="http://keyinvest.ibb.ubs.com/k2/ES/en/tiles/overview.ki?1=overview" />
-
-			<!--	-ve:
-					-->
-			<test url="http://keyinvest.ibb.ubs.com/images/domicile/ubs_logo_investment_research.gif" />
-
-	<test url="http://ubs.com/" />
-	<test url="http://www.ubs.com/" />
-	<test url="http://ubs.com/" />
-	<test url="http://apps.ubs.com/" />
-	<test url="http://apps1.ubs.com/" />
-	<test url="http://apps2.ubs.com/" />
-	<test url="http://assetgateway.ubs.com/" />
-	<test url="http://connect-ch.ubs.com/" />
-	<test url="http://connect-ch1.ubs.com/" />
-	<test url="http://connect-ch2.ubs.com/" />
-	<test url="http://ebanking-asia1.ubs.com/" />
-	<test url="http://ebanking-au.ubs.com/" />
-	<test url="http://ebanking-ch.ubs.com/" />
-	<test url="http://ebanking-de.ubs.com/" />
-	<test url="http://ebanking-de1.ubs.com/" />
-	<test url="http://ebanking-es.ubs.com/" />
-	<test url="http://ebanking-es1.ubs.com/" />
-	<test url="http://ebanking-es2.ubs.com/" />
-	<test url="http://ebanking-it.ubs.com/" />
-	<test url="http://ebanking-it1.ubs.com/" />
-	<test url="http://ebanking-it2.ubs.com/" />
-	<test url="http://grs.ubs.com/" />
-	<test url="http://clientlogin.ibb.ubs.com/" />
-	<test url="http://clientportal.ibb.ubs.com/" />
-	<test url="http://keyinvest.ibb.ubs.com/" />
-	<test url="http://jobs.ubs.com/" />
-	<test url="http://m.ubs.com/" />
-	<test url="http://neo.ubs.com/" />
-	<test url="http://onlineservices.ubs.com/" />
-	<test url="http://privatebank-us.ubs.com/" />
-	<test url="http://quotes-global.ubs.com/" />
-	<test url="http://quotes-global2.ubs.com/" />
-	<test url="http://quotes-public.ubs.com/" />
-	<test url="http://quotes-public1.ubs.com/" />
-	<test url="http://realty.ubs.com/" />
-	<test url="http://sbms.ubs.com/" />
-	<test url="http://sbms1.ubs.com/" />
-	<test url="http://sbms2.ubs.com/" />
-	<test url="http://secure.ubs.com/" />
-	<test url="http://www.ubs.com/" />
+	<target host="www.ubs.com" />
+	<target host="adviceadvantage.ubs.com" />
+	<target host="ais-transport.ubs.com" />
+	<target host="connect-ch.ubs.com" />
+	<target host="connect-ch1.ubs.com" />
+	<target host="connect-ch2.ubs.com" />
+	<target host="donoradvisedfund.ubs.com" />
+	<target host="ebanking-asia1.ubs.com" />
+	<target host="ebanking-ch.ubs.com" />
+	<target host="ebanking-ch2.ubs.com" />
+	<target host="ebanking-de.ubs.com" />
+	<target host="ebanking-de1.ubs.com" />
+	<target host="ebanking-es.ubs.com" />
+	<target host="ebanking-es1.ubs.com" />
+	<target host="ebanking-es2.ubs.com" />
+	<target host="ebanking-it.ubs.com" />
+	<target host="ebanking-it1.ubs.com" />
+	<target host="ebanking-it2.ubs.com" />
+	<target host="emidas.ubs.com" />
+	<target host="etracs.ubs.com" />
+	<target host="eventlounge.ubs.com" />
+	<target host="financialservicesinc.ubs.com" />
+	<target host="forum.ubs.com" />
+	<target host="frame-keyinvest-ch.ubs.com" />
+	<target host="frame-keyinvest-de.ubs.com" />
+	<target host="fundgate.ubs.com" />
+	<target host="delta.ibb.ubs.com" />
+	<target host="investments-au.ubs.com" />
+	<target host="japan1.ubs.com" />
+	<target host="keyinvest-ch.ubs.com" />
+	<target host="keyinvest-ch-en.ubs.com" />
+	<target host="keyinvest-ch-fr.ubs.com" />
+	<target host="keyinvest-de.ubs.com" />
+	<target host="keyinvest-eu.ubs.com" />
+	<target host="keyinvest-it.ubs.com" />
+	<target host="keyinvest-za.ubs.com" />
+	<target host="m.ubs.com" />
+	<target host="microsites.ubs.com" />
+		<test url="http://microsites.ubs.com/iso/fr/" />
+	<target host="mychoicerewards.ubs.com" />
+	<target host="myhomeloan.ubs.com" />
+	<target host="neo.ubs.com" />
+	<target host="onlineservices.ubs.com" />
+	<target host="privatebank-us.ubs.com" />
+	<target host="quotes-global.ubs.com" />
+	<target host="quotes-global1.ubs.com" />
+	<target host="quotes-global2.ubs.com" />
+	<target host="secure.ubs.com" />
+	<target host="echannel.ubssecuritieschina.ubs.com" />
+	<target host="unique-community.ubs.com" />
+	<target host="warrants.ubs.com" />
+	<target host="www1.ubs.com" />
+	<target host="www2.ubs.com" />
+	<target host="xs2a-devportal.ubs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www[12]\.)?ubs\.com/"
+			to="https://www.ubs.com/" />
 	
+	<rule from="^http://japan1\.ubs\.com/"
+		  	to="https://www.ubs.com/jp/ja.html" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^apps1\.ubs\.com$" name="^ClntPRF1$" /-->
-	<!--securecookie host="^ebanking-ch2\.ubs\.com$" name="^ClntPRU4$" /-->
-	<!--securecookie host="^www\.ubs\.com$" name="^(NavLB_APPS_PROD|NavLB_COCH|NavLB_EBCH|NavLB_PQ|NavLB_QG|language)$" /-->
-
-	<securecookie host="^.*\.ubs\.com$" name=".+" />
-
-	<rule from="^http://ubs\.com/"
-		to="https://www.ubs.com/" />
-
-	<rule from="^http://(apps[12]?|assetgateway|connect-ch[12]?|ebanking-\w+|grs|(?:client(?:login|portal)|keyinvest)\.ibb|jobs|m|neo|onlineservices|privatebank-us|quotes-global2?|quotes-public1?|realty|sbms[12]?|secure|www)\.ubs\.com/"
-		to="https://$1.ubs.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UC.xml b/src/chrome/content/rules/UC.xml
index 0df2efb5f214..9b3ae8297ad4 100644
--- a/src/chrome/content/rules/UC.xml
+++ b/src/chrome/content/rules/UC.xml
@@ -20,7 +20,7 @@
 		m.down2.uc.cn
 		ibooks.uc.cn
 		school.uc.cn
-		union.uc.cn	
+		union.uc.cn
 -->
 <ruleset name="UC (partial)">
 	<target host="bbs.uc.cn" />
diff --git a/src/chrome/content/rules/UCAR.edu.xml b/src/chrome/content/rules/UCAR.edu.xml
index e5fdff713e6d..44526f22334d 100644
--- a/src/chrome/content/rules/UCAR.edu.xml
+++ b/src/chrome/content/rules/UCAR.edu.xml
@@ -31,13 +31,18 @@
 -->
 <ruleset name="UCAR.edu">
 
-	<target host="*.ucar.edu" />
+	<target host="abuse.ucar.edu" />
+	<target host="www.eol.ucar.edu" />
+	<target host="ncar.ucar.edu" />
+	<target host="www.ncar.ucar.edu" />
+	<target host="security.ucar.edu" />
+	<target host="www.unidata.ucar.edu" />
+	<target host="www.ucar.edu" />
 
 
 	<securecookie host="^(?:www\.eol|\.ncar|www\.unidata)\.ucar\.edu$" name=".+" />
 
 
-	<rule from="^http://(abuse|www\.eol|(?:www\.)?ncar|security|www\.unidata|www2?)\.ucar\.edu/"
-		to="https://$1.ucar.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UCC.ie.xml b/src/chrome/content/rules/UCC.ie.xml
index 682b49f74358..9178c1039899 100644
--- a/src/chrome/content/rules/UCC.ie.xml
+++ b/src/chrome/content/rules/UCC.ie.xml
@@ -23,7 +23,7 @@ Fetch error: http://yosemite.ucc.ie/ => https://yosemite.ucc.ie/: (28, 'Connecti
 	* Secured by us
 
 -->
-<ruleset name="UCC.ie (partial)" default_off='failed ruleset test'>
+<ruleset name="UCC.ie (partial)" default_off="failed ruleset test">
 
 	<target host="booleweb.ucc.ie" />
 	<target host="careersfdr.ucc.ie" />
diff --git a/src/chrome/content/rules/UCLA_Health.xml b/src/chrome/content/rules/UCLA_Health.xml
index a77a32811d25..6c754e44af91 100644
--- a/src/chrome/content/rules/UCLA_Health.xml
+++ b/src/chrome/content/rules/UCLA_Health.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UC_Hastings.edu-falsemixed.xml b/src/chrome/content/rules/UC_Hastings.edu-falsemixed.xml
deleted file mode 100644
index 5a52f8fabc36..000000000000
--- a/src/chrome/content/rules/UC_Hastings.edu-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see UC_Hastings.edu.xml.
-
--->
-<ruleset name="UC Hastings.edu (false MCB)" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="events.uchastings.edu" />
-
-
-	<securecookie host="^events\.uchastings\.edu$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UC_Hastings.edu-problematic.xml b/src/chrome/content/rules/UC_Hastings.edu-problematic.xml
index d5d825d4eee8..a5032d150891 100644
--- a/src/chrome/content/rules/UC_Hastings.edu-problematic.xml
+++ b/src/chrome/content/rules/UC_Hastings.edu-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see UC_Hastings.edu.xml.
 
 -->
-<ruleset name="UC Hastings.edu (problematic)" default_off="missing certificate chain">
+<ruleset name="UC Hastings.edu (problematic)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UC_Hastings.edu.xml b/src/chrome/content/rules/UC_Hastings.edu.xml
index dd9ed75a6df8..b46845238005 100644
--- a/src/chrome/content/rules/UC_Hastings.edu.xml
+++ b/src/chrome/content/rules/UC_Hastings.edu.xml
@@ -43,7 +43,7 @@ Fetch error: http://webadvisor.uchastings.edu/ => https://webadvisor.uchastings.
 	² Rule disabled by default <= missing certificate chain
 
 -->
-<ruleset name="UC Hastings.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UC Hastings.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UCalgary_Mag.ca.xml b/src/chrome/content/rules/UCalgary_Mag.ca.xml
index f1d34844fb53..d3e47762d54a 100644
--- a/src/chrome/content/rules/UCalgary_Mag.ca.xml
+++ b/src/chrome/content/rules/UCalgary_Mag.ca.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.ucalgarymag.ca/ => https://www.ucalgarymag.ca/: (60, 'SS
 	* Secured by us
 
 -->
-<ruleset name="UCalgary Mag.ca" default_off='failed ruleset test'>
+<ruleset name="UCalgary Mag.ca" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UClinics.xml b/src/chrome/content/rules/UClinics.xml
deleted file mode 100644
index 12f3e4bc867f..000000000000
--- a/src/chrome/content/rules/UClinics.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="uClinics">
-
-	<target host="uclinics.com" />
-	<target host="app.uclinics.com" />
-	<target host="static.uclinics.com" />
-	<target host="www.uclinics.com" />
-
-
-	<securecookie host="^(?:app)?\.uclinics\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/UDK.com.xml b/src/chrome/content/rules/UDK.com.xml
index 60acdc8db377..06b2ee4a1564 100644
--- a/src/chrome/content/rules/UDK.com.xml
+++ b/src/chrome/content/rules/UDK.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://udk.com/ => https://udk.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.udk.com/ => https://udk.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Unreal Development Kit" default_off='failed ruleset test'>
+<ruleset name="Unreal Development Kit" default_off="failed ruleset test">
 	<target host="udk.com" />
 	<target host="www.udk.com" />
 	<rule from="^http://(?:www\.)?udk\.com/" to="https://udk.com/"/>
diff --git a/src/chrome/content/rules/UDN.xml b/src/chrome/content/rules/UDN.xml
index cdc9d5dffad6..27a0ac556906 100644
--- a/src/chrome/content/rules/UDN.xml
+++ b/src/chrome/content/rules/UDN.xml
@@ -1,22 +1,8 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://paper.udn.com/ => https://paper.udn.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-
-	503：
-		g.udn.com.tw
-
-	MCB:
-		^udn.com	( https://udn.com/UDN/copyright.htm )
+	Service Unavailable:
 		debate.udn.com
-		event.udn.com	( https://event.udn.com/index/index.html )
-		fund.udn.com
-		house.udn.com	( http://house.udn.com/house/story/5925/2203183 )
-		nba.udn.com
-		topic.udn.com
 
 	Invalid certificate:
-		www.udn.com	( equal to ^ )
 		act.udn.com
 		album.udn.com
 		blog.udn.com
@@ -32,24 +18,28 @@ Fetch error: http://paper.udn.com/ => https://paper.udn.com/: (28, 'Operation ti
 		ugood.udn.com
 		vote2016.udn.com
 
+		cir2b.udngroup.com
 		openup.udngroup.com
 
 		uts.udn.com.tw
 		www.udn.com.tw
 
-	Outdated SSL:
+	Expired:
 		fund.udngroup.com
 
 	Redirects to http:
 		educoco.udn.com
 
-		cir2b.udngroup.com
+		www.udngroup.com
 		m.udngroup.com
 		edwstr.udngroup.com
-		www.udngroup.com
 -->
-
-<ruleset name="UDN (partial)" default_off='failed ruleset test'>
+<ruleset name="UDN (partial)">
+	<target host="udn.com" />
+	<target host="www.udn.com" />
+		<exclusion pattern="^http://(www\.)?udn\.com/UDN/copyright\.htm" />
+		<test url="http://udn.com/UDN/copyright.htm" />
+		<test url="http://www.udn.com/UDN/copyright.htm" />
 	<target host="a.udn.com" />
 		<exclusion pattern="^http://a\.udn\.com/$" />
 		<test url="http://a.udn.com/focus/2016/12/25/26599/index.html" />
@@ -61,8 +51,13 @@ Fetch error: http://paper.udn.com/ => https://paper.udn.com/: (28, 'Operation ti
 	<target host="autos.udn.com" />
 	<target host="cdn.udn.com" />
 	<target host="co.udn.com" />
+	<target host="event.udn.com" />
+		<test url="http://event.udn.com/index/index.html" />
+	<target host="fund.udn.com" />
 	<target host="global.udn.com" />
 	<target host="health.udn.com" />
+	<target host="house.udn.com" />
+		<test url="http://house.udn.com/house/story/5925/2203183" />
 	<target host="img.udn.com" />
 		<test url="http://img.udn.com/art/201308invoice/index3.html" />
 	<target host="m.udn.com" />
@@ -74,6 +69,7 @@ Fetch error: http://paper.udn.com/ => https://paper.udn.com/: (28, 'Operation ti
 	<target host="member.udn.com" />
 	<target host="mobile.udn.com" />
 	<target host="money.udn.com" />
+	<target host="nba.udn.com" />
 	<target host="novel.udn.com" />
 	<target host="oops.udn.com" />
 	<target host="opinion.udn.com" />
@@ -90,11 +86,14 @@ Fetch error: http://paper.udn.com/ => https://paper.udn.com/: (28, 'Operation ti
 	<target host="style.udn.com" />
 	<target host="theme.udn.com" />
 	<target host="tickets.udn.com" />
+	<target host="topic.udn.com" />
 	<target host="udntalks.udn.com" />
 	<target host="utravel.udn.com" />
 	<target host="video.udn.com" />
 	<target host="vision.udn.com" />
 
+	<target host="g.udn.com.tw" />
+		<test url="http://g.udn.com.tw/community/img/PSN_MAIN/%20f_yenlinhuang40_2.gif" />
 	<target host="j.udn.com.tw" />
 	<target host="m.udn.com.tw" />
 	<target host="p.udn.com.tw" />
@@ -110,7 +109,6 @@ Fetch error: http://paper.udn.com/ => https://paper.udn.com/: (28, 'Operation ti
 	<target host="ehrd.udngroup.com" />
 	<target host="eip.udngroup.com" />
 	<target host="mail.udngroup.com" />
-	<target host="mail2k.udngroup.com" />
 	<target host="newssmith.udngroup.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/UESP.net.xml b/src/chrome/content/rules/UESP.net.xml
new file mode 100644
index 000000000000..42b820e873e4
--- /dev/null
+++ b/src/chrome/content/rules/UESP.net.xml
@@ -0,0 +1,62 @@
+<!--
+	Incomplete certificate chain:
+		- dumps
+		- esobuilds-static
+		- esofiles
+		- esoicons
+		- esolog-static
+		- files1
+		- images
+		- legends
+		- maps
+		- skins
+
+	403 over HTTPS:
+		- dungeonhack (HTTP redirects to dungeonhack.sourceforge.net, which does not support HTTPS)
+		- tamrielrebuilt
+-->
+<ruleset name="UESP.net">
+	<target host="uesp.net" />
+	<target host="www.uesp.net" />
+	<target host="beyondskyrim.uesp.net" />
+	<target host="blog.uesp.net" />
+	<target host="chat.uesp.net" />
+	<target host="content1.uesp.net" />
+	<target host="content2.uesp.net" />
+	<target host="content3.uesp.net" />
+	<target host="cs.uesp.net" />
+	<target host="dave.uesp.net" />
+	<target host="dbmap.uesp.net" />
+	<target host="en.uesp.net" />
+	<target host="eqwiki.uesp.net" />
+	<target host="esoapi.uesp.net" />
+	<target host="esobuilds.uesp.net" />
+	<target host="esochars.uesp.net" />
+	<target host="esoclock.uesp.net" />
+	<target host="esodata.uesp.net" />
+	<target host="esoitem.uesp.net" />
+	<target host="esolog.uesp.net" />
+	<target host="esomap.uesp.net" />
+	<target host="esosales.uesp.net" />
+	<target host="forum.uesp.net" />
+	<target host="forums.uesp.net" />
+	<target host="ftp.uesp.net" />
+	<target host="irc.uesp.net" />
+	<target host="m.uesp.net" />
+	<target host="content3.m.uesp.net" />
+	<target host="en.m.uesp.net" />
+	<target host="monitor.uesp.net" />
+	<target host="mwmap.uesp.net" />
+	<target host="obmap.uesp.net" />
+	<target host="ocp.uesp.net" />
+	<target host="pt.uesp.net" />
+	<target host="search.uesp.net" />
+	<target host="simap.uesp.net" />
+	<target host="squid1.uesp.net" />
+	<target host="srmap.uesp.net" />
+	<target host="ts.uesp.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UFC_Fit.xml b/src/chrome/content/rules/UFC_Fit.xml
index 8015e778005a..ae3cefa08701 100644
--- a/src/chrome/content/rules/UFC_Fit.xml
+++ b/src/chrome/content/rules/UFC_Fit.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.ufcfit.com/ => https://www.ufcfit.com/: (28, 'Operation
 Disabled by https-everywhere-checker because:
 Fetch error: http://ufcfit.com/ => https://ufcfit.com/: (7, 'Failed to connect to ufcfit.com port 443: Connection refused')
 -->
-<ruleset name="UFC Fit" default_off='failed ruleset test'>
+<ruleset name="UFC Fit" default_off="failed ruleset test">
 
 	<target host="ufcfit.com" />
 	<target host="launchpad.ufcfit.com" />
@@ -20,4 +20,4 @@ Fetch error: http://ufcfit.com/ => https://ufcfit.com/: (7, 'Failed to connect t
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UFies.org.xml b/src/chrome/content/rules/UFies.org.xml
index 5d00034c5265..ca49dd81eb1f 100644
--- a/src/chrome/content/rules/UFies.org.xml
+++ b/src/chrome/content/rules/UFies.org.xml
@@ -30,4 +30,4 @@ Fetch error: http://ufies.org/ => https://ufies.org/: (60, 'SSL certificate prob
 	<rule from="^http://mail\.ufies\.org/[^?]*(\?.*)?"
 		to="https://ufies.org/mail/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UHH-Informatik.xml b/src/chrome/content/rules/UHH-Informatik.xml
index 442849e94b5f..c5939458b8bc 100644
--- a/src/chrome/content/rules/UHH-Informatik.xml
+++ b/src/chrome/content/rules/UHH-Informatik.xml
@@ -27,7 +27,7 @@ Fetch error: http://surfmail.rrz.uni-hamburg.de/ => https://surfmail.rrz.uni-ham
 	* Secured by us
 
 -->
-<ruleset name="Uni-Hamburg.de" default_off='failed ruleset test'>
+<ruleset name="Uni-Hamburg.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UIE.xml b/src/chrome/content/rules/UIE.xml
index 97a907c38805..557072f12dbb 100644
--- a/src/chrome/content/rules/UIE.xml
+++ b/src/chrome/content/rules/UIE.xml
@@ -2,7 +2,7 @@
   <target host="uie.com" />
   <target host="www.uie.com" />
 
-  <securecookie host="^(?:.+\.)?uie\.com$" name=".+" />
+  <securecookie host=".+" name=".+" />
 
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UIUC.edu.xml b/src/chrome/content/rules/UIUC.edu.xml
index e39978c0ff20..b10eaca823e3 100644
--- a/src/chrome/content/rules/UIUC.edu.xml
+++ b/src/chrome/content/rules/UIUC.edu.xml
@@ -46,7 +46,7 @@ Fetch error: http://www.uiuc.edu/ => https://illinois.edu/: Too many redirects w
 	* Secured by us
 
 -->
-<ruleset name="UIUC.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UIUC.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UIllinois.edu-falsemixed.xml b/src/chrome/content/rules/UIllinois.edu-falsemixed.xml
deleted file mode 100644
index 2776d2610962..000000000000
--- a/src/chrome/content/rules/UIllinois.edu-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see UIllinois.edu.xml.
-
--->
-<ruleset name="UIllinois.edu (false MCB)" platform="mixedcontent">
-
-	<target host="eddie.ds.uillinois.edu" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UIllinois.edu.xml b/src/chrome/content/rules/UIllinois.edu.xml
index bc154ea5630c..8f5cd188f58a 100644
--- a/src/chrome/content/rules/UIllinois.edu.xml
+++ b/src/chrome/content/rules/UIllinois.edu.xml
@@ -77,7 +77,7 @@ Non-2xx HTTP code: http://uofi.uillinois.edu/ (200) => https://uofi.uillinois.ed
 	* Secured by us
 
 -->
-<ruleset name="UIllinois.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UIllinois.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UImserv.net.xml b/src/chrome/content/rules/UImserv.net.xml
index a07ca32e3d29..82d43aeb1f3b 100644
--- a/src/chrome/content/rules/UImserv.net.xml
+++ b/src/chrome/content/rules/UImserv.net.xml
@@ -16,15 +16,18 @@
 -->
 <ruleset name="UImserv.net">
 
-	<target host="*.uimserv.net" />
+	<target host="adclient.uimserv.net" />
+	<target host="adimg.uimserv.net" />
+	<target host="advideo.uimserv.net" />
+	<target host="pixelbox.uimserv.net" />
+	<target host="r.uimserv.net" />
+	<target host="uidbox.uimserv.net" />
+	<target host="uir.uimserv.net" />
 
 
 	<!--	name="^(fc1|UserID1)$"
 					-->
-	<securecookie host="^\.uimserv\.net$" name=".+" />
 
-
-	<rule from="^http://(adclient|adimg|advideo|pixelbox|r|uidbox|uir|logout\.webde)\.uimserv\.net/"
-		to="https://$1.uimserv.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/UJF-Grenoble.fr.xml b/src/chrome/content/rules/UJF-Grenoble.fr.xml
deleted file mode 100644
index d4fe91e908de..000000000000
--- a/src/chrome/content/rules/UJF-Grenoble.fr.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- developpementdurable
-		- liens
-		- www
-
--->
-<ruleset name="UJF-Grenoble.fr">
-
-	<target host="developpementdurable.ujf-grenoble.fr" />
-	<target host="liens.ujf-grenoble.fr" />
-	<target host="www.ujf-grenoble.fr" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UK-2.xml b/src/chrome/content/rules/UK-2.xml
index 8b61f1906126..6047347646f3 100644
--- a/src/chrome/content/rules/UK-2.xml
+++ b/src/chrome/content/rules/UK-2.xml
@@ -35,10 +35,17 @@ Fetch error: http://www.uk2img.net/ => https://www.uk2img.net/: (60, 'SSL certif
 		- (www.)uk2img.net
 
 -->
-<ruleset name="UK-2 (partial)" default_off='failed ruleset test'>
+<ruleset name="UK-2 (partial)" default_off="failed ruleset test">
 
 	<target host="uk2.net" />
-	<target host="*.uk2.net" />
+	<target host="controlpanel.uk2.net" />
+	<target host="static.controlpanel.uk2.net" />
+	<target host="kb.uk2.net" />
+	<target host="support.uk2.net" />
+	<target host="www.uk2.net" />
+	<target host="blog.uk2.net" />
+	<target host="mail.uk2.net" />
+	<target host="www.mail.uk2.net" />
 	<target host="uk2img.net" />
 	<target host="www.uk2img.net" />
 
@@ -47,8 +54,6 @@ Fetch error: http://www.uk2img.net/ => https://www.uk2img.net/: (60, 'SSL certif
 	<securecookie host="^(?:mail|support)\.uk2\.net$" name=".+" />
 
 
-	<rule from="^http://((?:(?:static\.)?controlpanel|kb|support|www)\.)?uk2\.net/"
-		to="https://$1uk2.net/" />
 
 	<rule from="^http://blog\.uk2\.net/"
 		to="https://www.uk2.net/blog/" />
@@ -56,7 +61,6 @@ Fetch error: http://www.uk2img.net/ => https://www.uk2img.net/: (60, 'SSL certif
 	<rule from="^http://(?:www\.)?mail\.uk2\.net/"
 		to="https://mail.uk2.net/" />
 
-	<rule from="^http://(www\.)?uk2img\.net/"
-		to="https://$1uk2img.net/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml b/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml
index 972ec6ebf6bf..0c911daae9c3 100644
--- a/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml
+++ b/src/chrome/content/rules/UK-Department-for-Business-Innovation-and-Skills.xml
@@ -50,7 +50,7 @@ Fetch error: http://www.edrs.sfa.bis.gov.uk/ => https://edrs.sfa.bis.gov.uk/: (6
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="BIS.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="BIS.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UK-Free-Software-Network.xml b/src/chrome/content/rules/UK-Free-Software-Network.xml
index 7b08eca0bed4..5c2fd2ca4f4d 100644
--- a/src/chrome/content/rules/UK-Free-Software-Network.xml
+++ b/src/chrome/content/rules/UK-Free-Software-Network.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.ukfsn.org/ => https://www.ukfsn.org/: (60, 'SSL certific
 Disabled by https-everywhere-checker because:
 Fetch error: http://ukfsn.org/ => https://ukfsn.org/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="UK Free Software Network (partial)" default_off='failed ruleset test'>
+<ruleset name="UK Free Software Network (partial)" default_off="failed ruleset test">
 
 	<target host="ukfsn.org" />
 	<target host="manage.ukfsn.org" />
diff --git a/src/chrome/content/rules/UK_Ministry_of_Defence.xml b/src/chrome/content/rules/UK_Ministry_of_Defence.xml
index 263878470294..652bc699520c 100644
--- a/src/chrome/content/rules/UK_Ministry_of_Defence.xml
+++ b/src/chrome/content/rules/UK_Ministry_of_Defence.xml
@@ -1,13 +1,15 @@
 <!--
     For other UK Government coverage, see GOV.UK.xml.
+
+	Non-functional hosts:
+		Certificate mismatched:
+		- defenceimagery.mod.uk
 -->
 
 <ruleset name="UK Ministry of Defence">
-    <target host="defenceimagery.mod.uk" />
-    <target host="www.defenceimagery.mod.uk" />
+	<target host="defenceimagery.mod.uk" />
+	<target host="www.defenceimagery.mod.uk" />
 
-    <rule from="^http://defenceimagery\.mod\.uk/"
-        to="https://www.defenceimagery.mod.uk/"/>
-    <rule from="^http://([^/:@]+)?\.defenceimagery\.mod\.uk/"
-        to="https://$1.defenceimagery.mod.uk/" />
+	<rule from="^http://(www\.)?defenceimagery\.mod\.uk/"
+			to="https://www.defenceimagery.mod.uk/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/UL.ie-falsemixed.xml b/src/chrome/content/rules/UL.ie-falsemixed.xml
index 2fa27a4cce0b..d06c6ac4a4eb 100644
--- a/src/chrome/content/rules/UL.ie-falsemixed.xml
+++ b/src/chrome/content/rules/UL.ie-falsemixed.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.ul.ie/ => https://www.ul.ie/: (60, 'SSL certificate prob
 	For rules not causing false/broken MCB, see UL.ie.xml.
 
 -->
-<ruleset name="UL.ie (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="UL.ie (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="ul.ie" />
 	<target host="www.ul.ie" />
diff --git a/src/chrome/content/rules/UL.ie.xml b/src/chrome/content/rules/UL.ie.xml
index 14ec107c4c35..c3182f76a6b1 100644
--- a/src/chrome/content/rules/UL.ie.xml
+++ b/src/chrome/content/rules/UL.ie.xml
@@ -27,10 +27,10 @@ Fetch error: http://ul.ie/ => http://ul.ie/: (60, 'SSL certificate problem: unab
 	* Secured by us
 
 -->
-<ruleset name="UL.ie (partial)" default_off='failed ruleset test'>
+<ruleset name="UL.ie (partial)" default_off="failed ruleset test">
 
 	<target host="ul.ie" />
-	<target host="*.ul.ie" />
+	<target host="www.ul.ie" />
 
 
 	<securecookie host="^\.ul\.ie$" name="^__utm\w$" />
diff --git a/src/chrome/content/rules/ULAKBIM.gov.tr.xml b/src/chrome/content/rules/ULAKBIM.gov.tr.xml
index 315e8b498274..1ba784137b85 100644
--- a/src/chrome/content/rules/ULAKBIM.gov.tr.xml
+++ b/src/chrome/content/rules/ULAKBIM.gov.tr.xml
@@ -22,7 +22,10 @@
 <ruleset name="ULAKBIM.gov.tr (partial)" default_off="self-signed">
 
 	<target host="ulakbim.gov.tr" />
-	<target host="*.ulakbim.gov.tr" />
+	<target host="www.ulakbim.gov.tr" />
+	<target host="ekual.ulakbim.gov.tr" />
+	<target host="istatistik.ulakbim.gov.tr" />
+	<target host="stat.ulakbim.gov.tr" />
 
 
 	<securecookie host="^(?:istatistik|stat)\.ulakbim\.gov\.tr$" name=".+" />
@@ -31,7 +34,6 @@
 	<rule from="^http://(?:www\.)?ulakbim\.gov\.tr/"
 		to="https://www.ulakbim.gov.tr/" />
 
-	<rule from="^http://(ekual|istatistik|stat)\.ulakbim\.gov\.tr/"
-		to="https://$1.ulakbim.gov.tr/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UMBC.edu.xml b/src/chrome/content/rules/UMBC.edu.xml
index 2fb3459bfa36..334b7f99364c 100644
--- a/src/chrome/content/rules/UMBC.edu.xml
+++ b/src/chrome/content/rules/UMBC.edu.xml
@@ -18,7 +18,13 @@
 -->
 <ruleset name="UMBC.edu (partial)">
 
-	<target host="*.umbc.edu" />
+	<target host="assets1-my.umbc.edu" />
+	<target host="assets2-my.umbc.edu" />
+	<target host="assets3-my.umbc.edu" />
+	<target host="assets4-my.umbc.edu" />
+	<target host="publications.csee.umbc.edu" />
+	<target host="csee.umbc.edu" />
+	<target host="www.csee.umbc.edu" />
 
 
 	<!--	Not secured by server:
@@ -28,10 +34,9 @@
 	<securecookie host="^publications\.csee\.umbc\.edu$" name=".+" />
 
 
-	<rule from="^http://(assets[1-4]-my|publications\.csee)\.umbc\.edu/"
-		to="https://$1.umbc.edu/" />
 
 	<rule from="^http://(?:www\.)?csee\.umbc\.edu/"
 		to="https://www.csee.umbc.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UMonitor.xml b/src/chrome/content/rules/UMonitor.xml
index dba0eb9c9e32..9bdfd8c91f9c 100644
--- a/src/chrome/content/rules/UMonitor.xml
+++ b/src/chrome/content/rules/UMonitor.xml
@@ -5,7 +5,8 @@ Fetch error: http://umonitor.com/ => https://www.umonitor.com/: (28, 'Connection
 <ruleset name="uMonitor">
 
 	<target host="umonitor.com" />
-	<target host="*.umonitor.com" />
+	<target host="www.umonitor.com" />
+	<target host="onelink.umonitor.com" />
 
 
 	<securecookie host="^.*\.umonitor\.com$" name=".+" />
@@ -16,7 +17,6 @@ Fetch error: http://umonitor.com/ => https://www.umonitor.com/: (28, 'Connection
 		to="https://www.umonitor.com/" />
 
 	<!--	onelink is used by clients.	-->
-	<rule from="^http://onelink\.umonitor\.com/"
-		to="https://onelink.umonitor.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UN.org.xml b/src/chrome/content/rules/UN.org.xml
index 992dbca10763..a02501f1bcc6 100644
--- a/src/chrome/content/rules/UN.org.xml
+++ b/src/chrome/content/rules/UN.org.xml
@@ -109,7 +109,7 @@ Timeout:
 	peacemaker.un.org
 	repository.un.org
 -->
-<ruleset name="UN.org" default_off='failed ruleset test'>
+<ruleset name="UN.org" default_off="failed ruleset test">
 	<target host="un.org"/>
 	<target host="www.un.org"/>
 	<target host="academicimpact.un.org"/>
diff --git a/src/chrome/content/rules/UNC.edu-mixedcontent.xml b/src/chrome/content/rules/UNC.edu-mixedcontent.xml
deleted file mode 100644
index 7588ff6bc3b6..000000000000
--- a/src/chrome/content/rules/UNC.edu-mixedcontent.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.library.unc.edu/ => https://www.library.unc.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'www.library.unc.edu'")
-
-	For rules not causing (valid) MCB, see UNC.edu.xml.
-
--->
-<ruleset name="UNC.edu (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="library.unc.edu" />
-	<target host="www.library.unc.edu" />
-
-
-	<securecookie host="^(?:www\.)?library\.unc\.edu$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UNC.edu.xml b/src/chrome/content/rules/UNC.edu.xml
index 08da460c54c8..45bc3004012f 100644
--- a/src/chrome/content/rules/UNC.edu.xml
+++ b/src/chrome/content/rules/UNC.edu.xml
@@ -1,148 +1,63 @@
 <!--
-	For rules causing (valid) MCB, see UNC.edu-mixedcontent.xml.
-
 	Other University of North Carolina at Chapel Hill rulesets:
+		+ UNC_Lineberger.org.xml
 
-		- UNC_Lineberger.org.xml
-
-
-	Nonfunctional subdomains:
-
-		- heelmail ¹
-		- hrconnect ²
-		- studentcentral ³
-
-	¹ Dropped
-	² 404, valid cert
-	³ Redirects to a nonexistent domain
-
-
-	Problematic subdomains:
-
-		- calendar.lib *
-
-	* Works; mismatched, CN: *.libcal.com
-
-
-	Partially covered subdomains:
-
-		- ^ ¹
-		- ccinfo ¹
-		- cmsp ¹
-		- cs ¹
-		- diversity ¹
-		- events ¹
-		- financeadmin ¹
-		- global ¹
-		- help ¹
-		- hr ¹
-		- its ¹
-		- its-commons ¹
-		- (www.)library ²
-		- www.onecard ¹
-		- www.pid ¹
-		- research ¹
-
-	¹ At least some pages redirect to http
-	² Avoiding false/broken MCB
-
-
-	Fully covered subdomains:
-
-		- ccpa
-		- connectcarolina
-		- dir
-		- directory
-		- infoporte
-		- itsapps
-		- obi
-		- onecard
-		- onyen
-		- pid
-		- search
-		- selfservice
-
-		- sites subdomains:
-
-			- cs
-			- events
-			- global
-			- help
-			- its2
-			- its-commons
-
-		- sso
-		- webservices
-		- diversity.web
-		- www
-
-
-	These altnames don't exist:
+	Non-functional hosts
+		Timeout was reached:
+		- itsapps.unc.edu
 
+		SSL peer certificate was not OK:
 		- www.financeadmin.unc.edu
-		- www.itsapps.unc.edu
-
-
-	Mixed content:
-
-		- iframe on library from calendar.lib ¹
-
-		- css, on:
+		- www.library.unc.edu
+		- www.onecard.unc.edu
+		- www.pid.unc.edu
+-->
+<ruleset name="UNC.edu (partial)">
+	<target host="unc.edu" />
+	<target host="www.unc.edu" />
 
-			- library from $self ²
-			- library from autosuggest.trln.org ³
+	<target host="ccinfo.unc.edu" />
+	<target host="cmsp.unc.edu" />
+	<target host="connectcarolina.unc.edu" />
+	<target host="cs.unc.edu" />
 
-		- Images, on:
+	<target host="dir.unc.edu" />
+	<target host="directory.unc.edu" />
+	<target host="diversity.unc.edu" />
+	
+	<target host="enterprises.unc.edu" />
+	<target host="events.unc.edu" />
 
-			- library from $self ²
-			- library from blogs.lib ²
+	<target host="financeadmin.unc.edu" />
 
-	¹ Unsecurable <= redirects back from unc.libcal.com
-	² Secured by us
-	³ Unsecurable <= redirects to another domain
+	<target host="global.unc.edu" />
 
--->
-<ruleset name="UNC.edu (partial)">
+	<target host="heelmail.unc.edu" />
+	<target host="help.unc.edu" />
+	<target host="hr.unc.edu" />
 
-	<target host="*.unc.edu" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="^http://((cmsp|cs|events|financeadmin|global|help|hr|its|its-commons|www\.pid|research)\.)?unc\.edu/+($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:(?:cmsp|cs|events|global|help|hr|its|its-commons|research)\.)?unc\.edu/+(?!favicon\.ico|files/|wp-content/|wp-includes/)" />
-		<exclusion pattern="^http://(?:financeadmin|www\.(?:onecard|pid))\.unc\.edu/+(?!DesktopModules/|[Pp]ortals/|UNCImages/|favicon\.ico|images/|uncimages/|spacer\.gif)" />
-		<!--
-			Avoid valid MCB:
-						-->
-		<exclusion pattern="^http://library\.unc\.edu/+(?!favicon\.ico|wp-content/|wp-includes/)" />
+	<target host="infoporte.unc.edu" />
+	<target host="its.unc.edu" />
+	<target host="its-commons.unc.edu" />
 
+	<target host="calendar.lib.unc.edu" />
+	<target host="library.unc.edu" />
 
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^sso\.unc\.edu$" name="^(JSESSIONID|_idp_authn_lc_key)" /-->
-	<!--
-		Not secured by server:
-					-->
-	<!--securecookie host="^(\.ccpa|connectcarolina|my)\.unc\.edu$" name="^BIGipServerERPweb-pplsoft-Prod$" /-->
-	<!--securecookie host="^(dir|directory|obi)\.unc\.edu$" name="^BIGipServerERPweb-companion-Prod$" /-->
-	<!--securecookie host="^infoporte\.unc\.edu$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^itsapps\.unc\.edu$" name="^(BIGipServer~Middleware~itsapps_80|JSESSIONID)$" /-->
-	<!--securecookie host="^(www\.)?library\.unc\.edu$" name="^(PHPSESSID|bb2_screener_)" /-->
-	<!--securecookie host="^(www\.)?(onecard|pid)\.unc\.edu$" name="^dnn_IsMobile$" /-->
-	<!--securecookie host="^onyen\.unc\.edu$" name="^BIGipServer~Middleware~onyen_prod_81$" /-->
-	<!--securecookie host="^(search|(events|global|help|its2|its-commons)\.sites|diversity\.web|webservices)\.unc\.edu$" name="^BIGipServer~Middleware~sitesprod_80$" /-->
-	<!--securecookie host="^selfservice\.unc\.edu$" name="^BIGipServermyad_http_pool$" /-->
+	<target host="onecard.unc.edu" />
+	<target host="onyen.unc.edu" />
 
-	<securecookie host="^(?:connectcarolina|dir|directory|infoporte|itsapps|onecard|onyen|pid|search|selfservice|(?:events|global|help|its2|its-commons)\.sites|diversity\.web|webservices)\.unc\.edu$" name=".+" />
+	<target host="pid.unc.edu" />
 
+	<target host="research.unc.edu" />
 
-	<rule from="^http://((?:ccinfo|ccpa|cmsp|connectcarolina(?:www\.)?cs|dir|directory|diversity|financeadmin|help|hr|infoporte|its|itsapps|its-commons|blogs\.lib|(?:www\.)?library|my|obi|(?:www\.)?onecard|onyen|(?:www\.)?pid|research|search|selfservice|(?:cs|events|global|help|its2|its-commons)\.sites|sso|diversity\.web|webservices|www)\.)?unc\.edu/"
-		to="https://$1unc.edu/" />
+	<target host="search.unc.edu" />
+	<target host="selfservice.unc.edu" />
+	<target host="sso.unc.edu" />
 
-	<rule from="^http://calendar\.lib\.unc\.edu/(?=css\d+|images/)"
-		to="https://unc.libcal.com/" />
+	<target host="diversity.web.unc.edu" />
+	<target host="webservices.unc.edu" />
+	
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNC_Lineberger.org.xml b/src/chrome/content/rules/UNC_Lineberger.org.xml
index 5e5df4585c56..8528a396c048 100644
--- a/src/chrome/content/rules/UNC_Lineberger.org.xml
+++ b/src/chrome/content/rules/UNC_Lineberger.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.unclineberger.org/ => https://www.unclineberger.org/: (6
 	For other University of North Carolina at Chapel Hill coverage, see UNC.edu.xml.
 
 -->
-<ruleset name="UNC Lineberger.org" default_off='failed ruleset test'>
+<ruleset name="UNC Lineberger.org" default_off="failed ruleset test">
 
 	<target host="unclineberger.org" />
 	<target host="www.unclineberger.org" />
diff --git a/src/chrome/content/rules/UNFPA.org.xml b/src/chrome/content/rules/UNFPA.org.xml
index d1d8318f21b0..c516260027a8 100644
--- a/src/chrome/content/rules/UNFPA.org.xml
+++ b/src/chrome/content/rules/UNFPA.org.xml
@@ -153,6 +153,6 @@
 	<rule from="^http://unfpa\.org/"
 			to="https://www.unfpa.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNIBA.sk.xml b/src/chrome/content/rules/UNIBA.sk.xml
new file mode 100644
index 000000000000..7597189abc95
--- /dev/null
+++ b/src/chrome/content/rules/UNIBA.sk.xml
@@ -0,0 +1,25 @@
+<ruleset name="UNIBA.sk">
+
+	<target host="cdv.uniba.sk" />
+	<target host="druzba.uniba.sk" />
+	<target host="mlyny.uniba.sk" />
+	<target host="moja.uniba.sk" />
+	<target host="uniba.sk" />
+	<target host="www.uniba.sk" />
+	<target host="www.cusp.uniba.sk" />
+	<target host="www.fedu.uniba.sk" />
+	<target host="www.fevth.uniba.sk" />
+	<target host="www.flaw.uniba.sk" />
+	<target host="www.fmed.uniba.sk" />
+	<target host="www.fmph.uniba.sk" />
+	<target host="www.fm.uniba.sk" />
+	<target host="www.fns.uniba.sk" />
+	<target host="www.fpharm.uniba.sk" />
+	<target host="www.fphil.uniba.sk" />
+	<target host="www.frcth.uniba.sk" />
+	<target host="www.fses.uniba.sk" />
+	<target host="www.fsport.uniba.sk" />
+	<target host="www.jfmed.uniba.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNICEF-IRC.org.xml b/src/chrome/content/rules/UNICEF-IRC.org.xml
index c9e721622585..c032e0b377b7 100644
--- a/src/chrome/content/rules/UNICEF-IRC.org.xml
+++ b/src/chrome/content/rules/UNICEF-IRC.org.xml
@@ -22,6 +22,6 @@
 	<target host="www.unicef-irc.org" />
 	<target host="news.unicef-irc.org" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNICEF.fi.xml b/src/chrome/content/rules/UNICEF.fi.xml
index d08555fb807a..f7882a84f42a 100644
--- a/src/chrome/content/rules/UNICEF.fi.xml
+++ b/src/chrome/content/rules/UNICEF.fi.xml
@@ -1,30 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://vpn.unicef.fi/ => https://vpn.unicef.fi/: (60, 'SSL certificate problem: certificate has expired')
 
 	For more UNICEF.org related ruleset, see UNICEF.org.xml
 
-
-	Non-functional hosts
-		Couldn't connect to server:
-			 - summit.unicef.fi
-
-		Timeout was reached:
-			 - mail.unicef.fi
-
-		SSL connect error:
-			 - oma.unicef.fi
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - kampanja.unicef.fi
 -->
-<ruleset name="UNICEF.fi" default_off='failed ruleset test'>
+<ruleset name="UNICEF.fi" >
 	<target host="unicef.fi" />
 	<target host="www.unicef.fi" />
-	<target host="vpn.unicef.fi" />
+	<target host="kampanja.unicef.fi" />
+	<target host="oma.unicef.fi" />
 
-	<securecookie host="^(www\.)?unicef\.fi$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNICEF.or.jp.xml b/src/chrome/content/rules/UNICEF.or.jp.xml
index 9da4a1dda932..420484867878 100644
--- a/src/chrome/content/rules/UNICEF.or.jp.xml
+++ b/src/chrome/content/rules/UNICEF.or.jp.xml
@@ -19,7 +19,7 @@ Fetch error: http://appdev.unicef.or.jp/ => https://appdev.unicef.or.jp/: (60, '
 			 - google.com on https://www.unicef.or.jp/
 			 - mixi.jp on https://www.unicef.or.jp/news/2017/0075.html
 -->
-<ruleset name="UNICEF.or.jp (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="UNICEF.or.jp (partial)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="unicef.or.jp" />
 	<target host="www.unicef.or.jp" />
 	<target host="appdev.unicef.or.jp" />
@@ -31,6 +31,6 @@ Fetch error: http://appdev.unicef.or.jp/ => https://appdev.unicef.or.jp/: (60, '
 	<rule from="^http://unicef\.or\.jp/"
 			to="https://www.unicef.or.jp/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNICEF.org.uk.xml b/src/chrome/content/rules/UNICEF.org.uk.xml
index 08b5d3a60648..093a4526981d 100644
--- a/src/chrome/content/rules/UNICEF.org.uk.xml
+++ b/src/chrome/content/rules/UNICEF.org.uk.xml
@@ -86,6 +86,6 @@
 	<rule from="^http://unicef\.org\.uk/"
 			to="https://www.unicef.org.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNICEF.org.xml b/src/chrome/content/rules/UNICEF.org.xml
index 637ee0bbd7db..cf424184a22b 100644
--- a/src/chrome/content/rules/UNICEF.org.xml
+++ b/src/chrome/content/rules/UNICEF.org.xml
@@ -1,6 +1,28 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://case.unicef.org/ => https://case.unicef.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://case1.unicef.org/ => https://case1.unicef.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://huna.citrix.unicef.org/ => https://huna.citrix.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://indk.citrix.unicef.org/ => https://indk.citrix.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://indq.citrix.unicef.org/ => https://indq.citrix.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://fmp.unicef.org/ => https://fmp.unicef.org/: (7, 'Failed to connect to fmp.unicef.org port 443: No route to host')
+Fetch error: http://geneva.unicef.org/ => https://geneva.unicef.org/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://www.geneva.unicef.org/ => https://www.geneva.unicef.org/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://ilearn.unicef.org/ => https://ilearn.unicef.org/: (6, 'Could not resolve host: ilearn.unicef.org')
+Fetch error: http://mediaportal.unicef.org/ => https://mediaportal.unicef.org/: (6, 'Could not resolve host: mediaportal.unicef.org')
+Fetch error: http://origin-www.unicef.org/ => https://origin-www.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://origin2-www.unicef.org/ => https://origin2-www.unicef.org/: (6, 'Could not resolve host: origin2-www.unicef.org')
+Fetch error: http://qa-www.unicef.org/ => https://qa-www.unicef.org/: (6, 'Could not resolve host: qa-www.unicef.org')
+Fetch error: http://scrm.unicef.org/ => https://scrm.unicef.org/: (51, "SSL: no alternative certificate subject name matches target host name 'scrm.unicef.org'")
+Fetch error: http://uaticon.unicef.org/ => https://uaticon.unicef.org/: (6, 'Could not resolve host: uaticon.unicef.org')
+Fetch error: http://wcmsprd.unicef.org/ => https://wcmsprd.unicef.org/: (6, 'Could not resolve host: wcmsprd.unicef.org')
+Fetch error: http://wcmsqa.unicef.org/ => https://wcmsqa.unicef.org/: (6, 'Could not resolve host: wcmsqa.unicef.org')
+Fetch error: http://www2.unicef.org/ => https://www2.unicef.org/: (7, 'Failed to connect to www2.unicef.org port 443: Connection refused')
+Fetch error: http://www9.unicef.org/ => https://www9.unicef.org/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+
 	UNICEF.org related ruleset:
-		- Team_UNICEF.org.xml
 		- UNICEF-IRC.org.xml
 		- UNICEF.fi.xml
 		- UNICEF.or.jp.xml
@@ -30,6 +52,7 @@
 			 - rosatraveler.unicef.org
 			 - swzatraveler.unicef.org
 			 - wcarotraveler.unicef.org
+       - dialin.unicef.org
 
 		Timeout was reached:
 			 - addvpn.unicef.org
@@ -79,6 +102,7 @@
 			 - smtpout.unicef.org
 			 - snozy.unicef.org
 			 - sowc2015.unicef.org
+       - supply.unicef.org
 			 - thltraveler.unicef.org
 			 - traveler.unicef.org
 			 - webcms.unicef.org
@@ -196,54 +220,54 @@
 	<target host="bidev.unicef.org" />
 	<target host="bkkvpn.unicef.org" />
 	<target host="blogs.unicef.org" />
-	<target host="case.unicef.org" />
-	<target host="case1.unicef.org" />
+	<!-- target host="case.unicef.org" /-->
+	<!-- target host="case1.unicef.org" /-->
 	<target host="citrix.unicef.org" />
-	<target host="huna.citrix.unicef.org" />
-	<target host="indk.citrix.unicef.org" />
-	<target host="indq.citrix.unicef.org" />
+	<!-- target host="huna.citrix.unicef.org" /-->
+	<!-- target host="indk.citrix.unicef.org" /-->
+	<!-- target host="indq.citrix.unicef.org" /-->
 	<target host="cphvpn.unicef.org" />
 	<target host="dakvpn.unicef.org" />
 	<target host="data.unicef.org" />
-	<target host="dialin.unicef.org" />
+	<!-- <target host="dialin.unicef.org" /> -->
 	<target host="donate.unicef.org" />
 	<target host="etools.unicef.org" />
 	<target host="etools-dev.unicef.org" />
 	<target host="etools-staging.unicef.org" />
-	<target host="fmp.unicef.org" />
-	<target host="geneva.unicef.org" />
-	<target host="www.geneva.unicef.org" />
+	<!-- target host="fmp.unicef.org" /-->
+	<!-- target host="geneva.unicef.org" /-->
+	<!-- target host="www.geneva.unicef.org" /-->
 	<target host="gvavpn.unicef.org" />
 	<target host="icon.unicef.org" />
-	<target host="ilearn.unicef.org" />
+	<!-- target host="ilearn.unicef.org" /-->
 	<target host="intranet.unicef.org" />
 	<target host="lyncdiscover.unicef.org" />
 	<target host="mappsprd.unicef.org" />
 	<target host="mappstst.unicef.org" />
-	<target host="mediaportal.unicef.org" />
+	<!-- target host="mediaportal.unicef.org" /-->
 	<target host="meet.unicef.org" />
 	<target host="nycvpn.unicef.org" />
 	<target host="nycvpn2.unicef.org" />
-	<target host="origin-www.unicef.org" />
-	<target host="origin2-www.unicef.org" />
-	<target host="qa-www.unicef.org" />
+	<!-- target host="origin-www.unicef.org" /-->
+	<!-- target host="origin2-www.unicef.org" /-->
+	<!-- target host="qa-www.unicef.org" /-->
 	<target host="resetmypassword.unicef.org" />
-	<target host="scrm.unicef.org" />
+	<!-- target host="scrm.unicef.org" /-->
 	<target host="sip.unicef.org" />
-	<target host="supply.unicef.org" />
+	<!-- <target host="supply.unicef.org" /> -->
 	<target host="support.unicef.org" />
 	<target host="swzaccess.unicef.org" />
 	<target host="teams.unicef.org" />
-	<target host="uaticon.unicef.org" />
-	<target host="wcmsprd.unicef.org" />
-	<target host="wcmsqa.unicef.org" />
+	<!-- target host="uaticon.unicef.org" /-->
+	<!-- target host="wcmsprd.unicef.org" /-->
+	<!-- target host="wcmsqa.unicef.org" /-->
 	<target host="weshare.unicef.org" />
-	<target host="www2.unicef.org" />
-	<target host="www9.unicef.org" />
+	<!-- target host="www2.unicef.org" /-->
+	<!-- target host="www9.unicef.org" /-->
 
 	<rule from="^http://unicef\.org/"
 			to="https://www.unicef.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNICEF_USA.org.xml b/src/chrome/content/rules/UNICEF_USA.org.xml
index a789c7c37a03..1c59d2bab02d 100644
--- a/src/chrome/content/rules/UNICEF_USA.org.xml
+++ b/src/chrome/content/rules/UNICEF_USA.org.xml
@@ -59,7 +59,7 @@ Fetch error: http://globalaction.unicefusa.org/ => https://globalaction.unicefus
 			 - tapproject.unicefusa.org
 			 - vem.unicefusa.org
 -->
-<ruleset name="UNICEF USA.org (partial)" default_off='failed ruleset test'>
+<ruleset name="UNICEF USA.org (partial)" default_off="failed ruleset test">
 	<target host="unicefusa.org" />
 	<target host="www.unicefusa.org" />
 	<target host="actioncenter.unicefusa.org" />
@@ -94,6 +94,6 @@ Fetch error: http://globalaction.unicefusa.org/ => https://globalaction.unicefus
 	<rule from="^http://unicefusa\.org/"
 			to="https://www.unicefusa.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UNIPO.sk.xml b/src/chrome/content/rules/UNIPO.sk.xml
new file mode 100644
index 000000000000..3a3f71e3a5bf
--- /dev/null
+++ b/src/chrome/content/rules/UNIPO.sk.xml
@@ -0,0 +1,24 @@
+<!--
+
+    University of Presov
+
+    Nonfunctional hosts:
+
+    connection refused:
+        - upc.unipo.sk
+    certificate chain issues:
+        - napulze.unipo.sk
+-->
+
+
+<ruleset name="UNIPO.sk">
+	<target host="unipo.sk" />
+	<target host="www.unipo.sk" />
+	<target host="elearning.unipo.sk" />
+	<target host="moodle.unipo.sk" />
+	<target host="unipacik.unipo.sk" />
+
+	<rule from="^http://unipo\.sk/" to="https://www.unipo.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNIZA.sk.xml b/src/chrome/content/rules/UNIZA.sk.xml
new file mode 100644
index 000000000000..e8c131e97b3c
--- /dev/null
+++ b/src/chrome/content/rules/UNIZA.sk.xml
@@ -0,0 +1,12 @@
+<ruleset name="UNIZA.sk">
+	<target host="uniza.sk" />
+	<target host="www.uniza.sk" />
+	<target host="vzdelavanie.uniza.sk" />
+	<target host="karty.uniza.sk" />
+	<target host="strava.uniza.sk" />
+	<target host="ikt.uniza.sk" />
+	<target host="helpdesk.uniza.sk" />
+	<target host="doch3.uniza.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNM.edu-falsemixed.xml b/src/chrome/content/rules/UNM.edu-falsemixed.xml
deleted file mode 100644
index 6dd0751c9e72..000000000000
--- a/src/chrome/content/rules/UNM.edu-falsemixed.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see UNM.edu.xml.
-
--->
-<ruleset name="UNM.edu (false MCB)" platform="mixedcontent">
-
-	<target host="unm.edu" />
-	<target host="directory.unm.edu" />
-	<target host="www.unm.edu" />
-
-
-	<rule from="^http://(?:www\.)?unm\.edu/"
-		to="https://www.unm.edu/" />
-
-	<rule from="^http://directory\.unm\.edu/"
-		to="https://directory.unm.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UNM.edu-problematic.xml b/src/chrome/content/rules/UNM.edu-problematic.xml
deleted file mode 100644
index 59502f8f4351..000000000000
--- a/src/chrome/content/rules/UNM.edu-problematic.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules that are on by default, see UNM.xml.
-
--->
-<ruleset name="UNM.edu (problematic)" default_off="expired, mismatched, self-signed">
-
-	<target host="as2.unm.edu" />
-	<target host="cars.unm.edu" />
-	<target host="www.cars.unm.edu" />
-	<target host="ece.unm.edu" />
-	<target host="www.ece.unm.edu" />
-
-
-	<rule from="^http://as2\.unm\.edu/"
-		to="https://as2.unm.edu/" />
-
-	<rule from="^http://(?:www\.)?(cars|ece)\.unm\.edu/"
-		to="https://www.$1.unm.edu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UNM.edu.xml b/src/chrome/content/rules/UNM.edu.xml
new file mode 100644
index 000000000000..190e48f168a3
--- /dev/null
+++ b/src/chrome/content/rules/UNM.edu.xml
@@ -0,0 +1,67 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- www.cars.unm.edu
+		- mail.cs.unm.edu
+		- directory.unm.edu
+		- ecc.unm.edu
+
+		SSL peer certificate was not OK:
+		- unm.edu
+		- cs.unm.edu
+		- www.ece.unm.edu
+		- www.soe.unm.edu
+
+		Incomplete certificate chain error:
+		- as2.unm.edu
+
+		Redirect to HTTP:
+		- my.unm.edu
+
+		Mixed content blocking (MCB) triggered:
+		- ece.unm.edu
+		- emanage.unm.edu
+		- it.unm.edu
+		- mitigationplan.unm.edu
+-->
+<ruleset name="UNM.edu (partial)">
+	<target host="unm.edu" />
+	<target host="www.unm.edu" />
+	<target host="abqg.unm.edu" />
+	<target host="at.unm.edu" />
+	<target host="cars.unm.edu" />
+	<target host="cascade.unm.edu" />
+	<target host="cio.unm.edu" />
+	<target host="www.cs.unm.edu" />
+	<target host="fastinfo.unm.edu" />
+	<target host="learningcentral.health.unm.edu" />
+	<target host="help.unm.edu" />
+	<target host="hsc.unm.edu" />
+	<target host="hscapp.unm.edu" />
+	<target host="hscssl.unm.edu" />
+	<target host="iservicedesk.unm.edu" />
+	<target host="loboalerts.unm.edu" />
+	<target host="login.unm.edu" />
+	<test url="http://login.unm.edu/cas/login/" />
+	<target host="lynda.unm.edu" />
+	<target host="help.people.unm.edu" />
+	<target host="police.unm.edu" />
+	<target host="portalchannels.unm.edu" />
+	<target host="search.unm.edu" />
+	<target host="shac.unm.edu" />
+	<target host="shea.unm.edu" />
+	<target host="soe.unm.edu" />
+	<target host="soemep.unm.edu" />
+	<target host="srs.unm.edu" />
+	<target host="studentinfo.unm.edu" />
+	<target host="unmevents.unm.edu" />
+	<target host="unmjobs.unm.edu" />
+	<target host="webcore.unm.edu" />
+	<target host="webmaster.unm.edu" />
+
+	<rule from="^http://unm\.edu/"
+		to="https://www.unm.edu/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UNM.xml b/src/chrome/content/rules/UNM.xml
deleted file mode 100644
index 76d270773f15..000000000000
--- a/src/chrome/content/rules/UNM.xml
+++ /dev/null
@@ -1,161 +0,0 @@
-<!--
-	University of New Mexico
-
-	For rules causing false/broken MCB, see UNM.edu-mixedcontent.xml.
-
-	For problematic rules, see UNM.edu-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- mail.cs ¹
-		- ecc ²
-		- hsc ¹
-		- hscapp ³
-		- iservicedesk ²
-		- mitigationplan ⁴
-		- unmevents ⁵
-
-	¹ Refused
-	² Dropped
-	³ Shows hscssl
-	⁴ Shows RHEL test page
-	⁵ Reset
-
-
-	Problematic subdomains:
-
-		- ^ ¹
-		- as2 ²
-		- cars ³
-		- www.cars ⁴
-		- cs ⁵
-		- directory ⁶
-		- ece ⁵
-		- www.ece ⁷
-		- shea ⁸
-		- www.soe ¹
-		- www ⁶
-
-	¹ Cert only matches *.unm.edu
-	² Expired 2010, self-signed
-	³ Shows admin interface
-	⁴ Mismatched, CN: luria.cars.unm.edu
-	⁵ Cert only matches www.foo
-	⁶ Mixed css
-	⁷ Expired 2014
-	⁸ Mismatched, CN: srs.unm.edu
-
-
-	Partially covered subdomains:
-
-		- (www.)? *	(^ → www)
-		- directory *
-
-	* Avoiding broken MCB
-
-
-	Fully covered subdomains:
-
-		- abqg
-		- at
-		- cascade
-		- cio
-		- (www.)?cs	(^ → www)
-		- emanage
-		- fastinfo
-		- learningcentral.health
-		- help
-		- hscssl
-		- it
-		- loboalerts
-		- login
-		- lynda
-		- my
-		- help.people
-		- pinnacle
-		- police
-		- portalchannels
-		- search
-		- shac
-		- shea		(→ srs)
-		- (www.)?soe	(www → ^)
-		- soemep
-		- srs
-		- studentinfo
-		- unmjobs
-		- webcore
-		- webmaster
-
-
-	These altnames don't exist:
-
-		- luria.cars.unm.edu
-
-
-	Mixed content:
-
-		- iframe on soe from www.youtube.com ¹
-
-		- css, on:
-
-			- cio, www from webcore ¹
-			- directory from search ¹
-			- ne from fonts.googleapis.com ¹
-
-		- Images, on:
-
-			- at, directory, loboalerts, search, www from webcore ¹
-			- emanage from www ¹
-			- emanage from www.adobe.com ¹
-			- search from $self ¹
-			- shac, soemep from www ¹
-			- soe from $self ¹
-			- webmaster from $self ¹
-
-		- Bugs, on:
-
-			- as2 from jigsaw.w3.org ²
-			- as2 from www.w3.org ²
-
-	¹ Secured by us
-	² Unsecurable
-
--->
-<ruleset name="UNM.edu (partial)">
-
-	<target host="unm.edu" />
-	<target host="*.unm.edu" />
-		<!--
-			Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://(?:directory\.|www\.)?unm\.edu/+(?!~emanage/|common/|favicon\.ico|images_nl/)" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://hospitals\.unm\.edu/($|_includes/|CarePages/|favicon\.ico|images/|index\.shtml)" /-->
-
-
-	<rule from="^http://(?:www\.)?unm\.edu/"
-		to="https://www.unm.edu/" />
-
-	<!--	Domains for which both !www and www exist,
-		but only www works without caveat:
-							-->
-	<rule from="^http://(?:www\.)?cs\.unm\.edu/"
-		to="https://www.cs.unm.edu/" />
-
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://shea\.unm\.edu/+"
-		to="https://srs.unm.edu/" />
-
-	<!--	Domains for which both !www and www exist,
-		but only !www works without caveat:
-							-->
-	<rule from="^http://(?:www\.)?soe\.unm\.edu/"
-		to="https://soe.unm.edu/" />
-
-	<rule from="^http://(abqg|cascade|cio|directory|emanage|fastinfo|learningcentral\.health|help|hscssl|it|loboalerts|login|lynda|my|netid|help\.people|pinnacle|police|portalchannels|search|shac|srs|studentinfo|unmjobs|webcore|webmaster)\.unm\.edu/"
-		to="https://$1.unm.edu/" />
-</ruleset>
diff --git a/src/chrome/content/rules/UNODC.org.xml b/src/chrome/content/rules/UNODC.org.xml
index 1b36479cb5d9..642c3a6dbb8e 100644
--- a/src/chrome/content/rules/UNODC.org.xml
+++ b/src/chrome/content/rules/UNODC.org.xml
@@ -16,16 +16,16 @@
 		profi.unodc.org
 		staffingtable.unodc.org
 		wiki.unodc.org
-		
+
 	No working URL known:
 		cns.unodc.org
 		services2.unodc.org
 		static.unodc.org
 		trackservices.unodc.org
-	
+
 	Invalid certificate:
 		www.track.unodc.org
-	
+
 -->
 <ruleset name="UNODC.org">
 
diff --git a/src/chrome/content/rules/UN_Multimedia.org.xml b/src/chrome/content/rules/UN_Multimedia.org.xml
index a73ff8aa4ad1..8fd8ccff5178 100644
--- a/src/chrome/content/rules/UN_Multimedia.org.xml
+++ b/src/chrome/content/rules/UN_Multimedia.org.xml
@@ -1,34 +1,16 @@
 <!--
 	For other United Nations coverage, see UN.org.xml.
 
+	Non-functional hosts
+		Timeout was reached:
+		- control.unmultimedia.org
 
-	CDN buckets:
-
-		- downloads.unmultimedia.org.s3.amazonaws.com
-
-
-	Mixed content:
-
-		- Images, on control and www from:
-
-			- downloads *
-			- www *
-			- brightcove01.brightcove.com *
-			- brightcove04.o.brightcove.com
-
-	* Secured by us
-
+		SSL peer certificate was not OK:
+		- downloads.unmultimedia.org
 -->
 <ruleset name="UN Multimedia.org">
-
 	<target host="unmultimedia.org" />
-	<target host="*.unmultimedia.org" />
-
-
-	<rule from="^http://(control\.|www\.)?unmultimedia\.org/"
-		to="https://$1unmultimedia.org/" />
-
-	<rule from="^http://downloads\.unmultimedia\.org/"
-		to="https://s3.amazonaws.com/downloads.unmultimedia.org/" />
+	<target host="www.unmultimedia.org" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UOL.xml b/src/chrome/content/rules/UOL.xml
index 3f8e5a800ee4..1dce059af37f 100644
--- a/src/chrome/content/rules/UOL.xml
+++ b/src/chrome/content/rules/UOL.xml
@@ -1,10 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://user.img.todaoferta.uol.com.br/ => https://user.img.todaoferta.uol.com.br/: (6, 'Could not resolve host: user.img.todaoferta.uol.com.br')
-Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
-
-
 	Other UOL rulesets:
 
 		- ImgUOL.com.xml
@@ -30,6 +24,7 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 		- www.bol ¹
 		- combatarms ²
 		- convergenciadigital ¹
+		- denuncia (cert-chain)
 		- edmotta ²
 		- email ¹
 		- esporte ¹
@@ -50,6 +45,7 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 		- regras ¹
 		- shopping ²
 		- central.shopping ⁴
+		- tts (500)
 		- comprar.todaoferta ⁵
 		- ed.img.todaoferta ⁶
 		- tudodownloads ²
@@ -68,7 +64,6 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 
 	Problematic subdomains:
 
-		- click ¹		(Dropped)
 		- mais ²
 		- todaoferta ²
 
@@ -82,7 +77,6 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 		- visitante.acesso
 		- cadastro
 		- pagseguro.captcha
-		- denuncia
 		- go4gold
 		- thumb.mais
 
@@ -98,8 +92,6 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 		- sac
 		- simg
 		- p.simg
-		- user.img.todaoferta
-		- tts
 		- verifica
 
 
@@ -112,7 +104,6 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 
 		- .uol.com.br
 		- cadastro.uol.com.br
-		- denuncia.uol.com.br
 		- pagseguro.uol.com.br
 		- .pagseguro.uol.com.br
 		- sandbox.pagseguro.uol.com.br
@@ -132,22 +123,19 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 			- mais from thumb.mais.uol.com.br
 			- todaoferta from todaoferta.imguol.com
 			- todaoferta from ed.img.todaoferta.uol.com.br
-			- todaoferta from user.img.todaoferta.uol.com.br
 
 		- favicon on mais from home.img.uol.com.br
 
 		- Ads on todaoferta from www.googleadservices.com
 
 -->
-<ruleset name="UOL.com.br (partial)" default_off='failed ruleset test'>
+<ruleset name="UOL.com.br (partial)">
 
-	<!--	Direct rewrites:
-					-->
 	<target host="acesso.uol.com.br" />
 	<target host="visitante.acesso.uol.com.br" />
 	<target host="cadastro.uol.com.br" />
+	<target host="click.uol.com.br" />
 	<target host="pagseguro.captcha.uol.com.br" />
-	<target host="denuncia.uol.com.br" />
 	<target host="go4gold.uol.com.br" />
 	<target host="mais.uol.com.br" />
 	<target host="thumb.mais.uol.com.br" />
@@ -162,13 +150,6 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 	<target host="sac.uol.com.br" />
 	<target host="simg.uol.com.br" />
 	<target host="p.simg.uol.com.br" />
-	<!--target host="todaoferta.uol.com.br" /-->
-	<target host="user.img.todaoferta.uol.com.br" />
-	<target host="tts.uol.com.br" />
-
-	<!--	Special cases:
-				-->
-	<!--target host="click.uol.com.br" /-->
 
 		<!--	Avoid broken MCB:
 						-->
@@ -185,23 +166,10 @@ Non-2xx HTTP code: http://tts.uol.com.br/ (200) => https://tts.uol.com.br/ (500)
 			<test url="http://mais.uol.com.br/stc/mais/c/thickbox.css" />
 
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.uol\.com\.br$" name="^(RMTRK\.ID|auction_uol_id)$" /-->
-	<!--securecookie host="^cadastro\.uol\.com\.br$" name="^SIGNUP_SESSION$" /-->
-	<!--securecookie host="^(sandbox\.)?pagseguro\.uol\.com\.br$" name="^csrfId$" /-->
-	<!--securecookie host="^\.?pagseguro\.uol\.com\.br$" name="^TS[\da-f]{8}$" /-->
-	<!--securecookie host="^\.pagseguro\.uol\.com\.br$" name="^LAST_SERVER_HIT$" /-->
-	<!--securecookie host="^(cadastro|denuncia|(sandbox.)?pagseguro)\.uol\.com\.br$" name="^JSESSIONID$" /-->
-
 	<securecookie host="^\.uol\.com\.br$" name="^RMTRK\.ID$" />
-	<securecookie host="^(?:cadastro|denuncia|(?:sandbox\.)?pagseguro)\.uol\.com\.br$" name=".+" />
+	<securecookie host="^(?:cadastro|(?:sandbox\.)?pagseguro)\.uol\.com\.br$" name=".+" />
 	<securecookie host="^\.pagseguro\.uol\.com\.br$" name="^(?:LAST_SERVER_HIT|TS\w+)$" />
 
-
-	<!--rule from="^http://click\.uol\.com\.br/"
-		to="https://clicklogger.rm.uol.com.br/" /-->
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/UOregon.xml b/src/chrome/content/rules/UOregon.xml
index 6ae8e0ff7dcf..b6fccec36ecb 100644
--- a/src/chrome/content/rules/UOregon.xml
+++ b/src/chrome/content/rules/UOregon.xml
@@ -341,6 +341,6 @@
 						-->
 	<rule from="^http://vpsa\.uoregon\.edu/[^?]*"
 		to="https://studentlife.uoregon.edu/" />
-          
+
 </ruleset>
 
diff --git a/src/chrome/content/rules/UPC.cz.xml b/src/chrome/content/rules/UPC.cz.xml
index 1c7d0aafdbb4..7be2334d0de6 100644
--- a/src/chrome/content/rules/UPC.cz.xml
+++ b/src/chrome/content/rules/UPC.cz.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tvprogram.upc.cz/ => https://tvprogram.upc.cz/: (28, 'Connection timed out after 20004 milliseconds')
 
 -->
-<ruleset name="UPC Česká republika s.r.o." default_off='failed ruleset test'>
+<ruleset name="UPC Česká republika s.r.o." default_off="failed ruleset test">
     <target host="upc.cz" />
     <target host="www.upc.cz" />
     <target host="tvprogram.upc.cz" />
diff --git a/src/chrome/content/rules/UPC.edu.xml b/src/chrome/content/rules/UPC.edu.xml
new file mode 100644
index 000000000000..2abcf04e6812
--- /dev/null
+++ b/src/chrome/content/rules/UPC.edu.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.cdei.upc.edu
+		- citm.upc.edu
+		- talent.upc.edu
+
+		Incomplete certificate chain error:
+		- de-etseib.upc.edu
+-->
+<ruleset name="UPC.edu (partial)">
+	<target host="upc.edu" />
+	<target host="www.upc.edu" />
+	<target host="cit.upc.edu" />
+	<target host="www.citcea.upc.edu" />
+	<target host="www.citm.upc.edu" />
+	<target host="futur.upc.edu" />
+	<target host="futurcivilcamins.upc.edu" />
+	<target host="www.iri.upc.edu" />
+	<target host="maps.upc.edu" />
+	<target host="prisma-nou.upc.edu" />
+	<target host="www.talent.upc.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UPC.es.xml b/src/chrome/content/rules/UPC.es.xml
new file mode 100644
index 000000000000..26916597433c
--- /dev/null
+++ b/src/chrome/content/rules/UPC.es.xml
@@ -0,0 +1,106 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- aqua.upc.es
+		- bauma.upc.es
+		- ceo-bcn.upc.es
+		- dijkstra.upc.es
+		- alggen.lsi.upc.es
+		- newg1.upc.es
+		- soft0.upc.es
+		- taupres.upc.es
+
+		Timeout was reached:
+		- arrier.upc.es
+		- cafes.cimne.upc.es
+		- hoyoh.cimne.upc.es
+		- dfa.upc.es
+		- disbauxes.upc.es
+		- distorsio.upc.es
+		- sorap.epsevg.upc.es
+		- esf.upc.es
+		- gebrada.upc.es
+		- ieb-srv1.upc.es
+		- jaumetor.upc.es
+		- lewis.upc.es
+		- petrus.upc.es
+		- www-cpsv.upc.es
+		- www-fa.upc.es
+		- www-fen.upc.es
+		- eragon.upc.es:3000
+
+		SSL connect error:
+		- aransa.upc.es
+		- collbaix.upc.es
+		- ctvg.upc.es
+		- www.eupm.upc.es
+		- www-assig.fib.upc.es
+		- www-pagines.fib.upc.es
+		- www.ioc.upc.es
+		- lacova.upc.es
+		- webmail.lsi.upc.es
+		- mitra.upc.es
+		- plus.upc.es
+		- senna.upc.es
+		- www-entel.upc.es
+		- www-eupm.upc.es
+		- ben.upc.es:8080
+
+		SSL peer certificate was not OK:
+		- investigacion.ac.upc.es
+		- research.ac.upc.es
+		- studies.ac.upc.es
+		- biblioteques.upc.es
+		- congress.cimne.upc.es
+		- digsys.upc.es
+		- eragon.upc.es
+		- www.etsav.upc.es
+		- forumtelecos.upc.es
+		- ieee.upc.es
+		- telecogresca.upc.es
+		- www.urus.upc.es
+		- www-etsav.upc.es
+		- www-fnb.upc.es
+		- www-iri.upc.es
+		- zua.upc.es
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- context.upc.es
+		- www.lab.upc.es
+		- maite29.upc.es
+		- nmg.upc.es
+
+		Incomplete certificate chain error:
+		- cartesius.upc.es
+		- cttc.upc.es
+		- faxtcm.upc.es
+		- learnsql.fib.upc.es
+		- www.jcee.upc.es
+
+		Different content:
+		- mie.esab.upc.es
+
+		Mixed content blocking (MCB) triggered:
+		- ceo.upc.es
+-->
+<ruleset name="UPC.es (partial)">
+	<target host="docencia.ac.upc.es" />
+	<target host="people.ac.upc.es" />
+	<target host="personals.ac.upc.es" />
+	<target host="aess.upc.es" />
+	<target host="www.ccaba.upc.es" />
+	<target host="citmalumnes.upc.es" />
+	<target host="www.cresca.upc.es" />
+	<target host="ct-aules.upc.es" />
+	<target host="www.eel-ct.upc.es" />
+	<target host="everest-ist.upc.es" />
+	<target host="www.laict.upc.es" />
+	<target host="leam.upc.es" />
+	<target host="salesvirtuals.upc.es" />
+	<target host="www.terrassa.upc.es" />
+	<target host="txt.upc.es" />
+	<target host="www-eio.upc.es" />
+	<target host="zelda.upc.es" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UPC.ie.xml b/src/chrome/content/rules/UPC.ie.xml
index 92dee65d9b45..63ec435259c3 100644
--- a/src/chrome/content/rules/UPC.ie.xml
+++ b/src/chrome/content/rules/UPC.ie.xml
@@ -27,7 +27,7 @@ Fetch error: http://as.upc.ie/ => https://as.upc.ie/: (60, 'SSL certificate prob
 		- mail.upc.ie
 
 -->
-<ruleset name="UPC.ie (partial)" default_off='failed ruleset test'>
+<ruleset name="UPC.ie (partial)" default_off="failed ruleset test">
 
 	<target host="upc.ie" />
 	<target host="as.upc.ie" />
diff --git a/src/chrome/content/rules/UPC.nl.xml b/src/chrome/content/rules/UPC.nl.xml
index 1f56207d2020..cafb8dde1e76 100644
--- a/src/chrome/content/rules/UPC.nl.xml
+++ b/src/chrome/content/rules/UPC.nl.xml
@@ -23,7 +23,7 @@ Fetch error: http://service.upc.nl/ => https://service.upc.nl/: (60, 'SSL certif
 	ᵐ Mismatched
 
 -->
-<ruleset name="UPC.nl (partial)" default_off='failed ruleset test'>
+<ruleset name="UPC.nl (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UPC_Business.nl.xml b/src/chrome/content/rules/UPC_Business.nl.xml
index 3894aff10662..7436f36b74a1 100644
--- a/src/chrome/content/rules/UPC_Business.nl.xml
+++ b/src/chrome/content/rules/UPC_Business.nl.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://origin.www.upcbusiness.nl/ => https://origin.www.upcbusiness.nl/: (7, 'Failed to connect to origin.www.upcbusiness.nl port 443: No route to host')
 
 -->
-<ruleset name="UPC Business.nl" default_off='failed ruleset test'>
+<ruleset name="UPC Business.nl" default_off="failed ruleset test">
 
 	<target host="upcbusiness.nl" />
 	<target host="www.upcbusiness.nl" />
diff --git a/src/chrome/content/rules/UPV.cz.xml b/src/chrome/content/rules/UPV.cz.xml
index 6bc22c0439b3..edf97cead6fc 100644
--- a/src/chrome/content/rules/UPV.cz.xml
+++ b/src/chrome/content/rules/UPV.cz.xml
@@ -5,7 +5,7 @@ Fetch error: http://upv.cz/ => https://upv.cz/: (60, 'SSL certificate problem: u
 Fetch error: http://www.upv.cz/ => https://www.upv.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Úřad průmyslového vlastnictví" default_off='failed ruleset test'>
+<ruleset name="Úřad průmyslového vlastnictví" default_off="failed ruleset test">
 
 	<target host="upv.cz" />
 	<target host="www.upv.cz" />
diff --git a/src/chrome/content/rules/UPatient.xml b/src/chrome/content/rules/UPatient.xml
deleted file mode 100644
index 81a87589bde7..000000000000
--- a/src/chrome/content/rules/UPatient.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="uPatient">
-
-	<target host="upatient.com" />
-	<target host="app.upatient.com" />
-	<target host="www.upatient.com" />
-
-
-	<securecookie host="^(?:app)?\.upatient\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/UProd.biz.xml b/src/chrome/content/rules/UProd.biz.xml
index b89dce1f54fe..91e68289e336 100644
--- a/src/chrome/content/rules/UProd.biz.xml
+++ b/src/chrome/content/rules/UProd.biz.xml
@@ -4,7 +4,7 @@
 	* See https://whatsmychaincert.com
 
 -->
-<ruleset name="uProd.biz" default_off="missing certificate chain">
+<ruleset name="uProd.biz" default_off="cert-chain">
 
 	<target host="uprod.biz" />
 	<target host="www.uprod.biz" />
diff --git a/src/chrome/content/rules/UQWiMAX.xml b/src/chrome/content/rules/UQWiMAX.xml
index 2f03e4ce2c61..1a8dce7ed1c6 100644
--- a/src/chrome/content/rules/UQWiMAX.xml
+++ b/src/chrome/content/rules/UQWiMAX.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.uqwimax.jp/ => https://www.uqwimax.jp/: Too many redirec
 Disabled by https-everywhere-checker because:
 Fetch error: http://uqwimax.jp/ => https://www.uqwimax.jp/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="UQ WiMAX" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="UQ WiMAX" platform="mixedcontent" default_off="failed ruleset test">
   <target host="uqwimax.jp"/>
   <target host="www.uqwimax.jp"/>
 
diff --git a/src/chrome/content/rules/URX.com.xml b/src/chrome/content/rules/URX.com.xml
index 077c224a4d4d..c58f72f87230 100644
--- a/src/chrome/content/rules/URX.com.xml
+++ b/src/chrome/content/rules/URX.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.urx.com/ => https://www.urx.com/: (6, 'Could not resolve
 	* Squarespace
 
 -->
-<ruleset name="URX.com (partial)" default_off='failed ruleset test'>
+<ruleset name="URX.com (partial)" default_off="failed ruleset test">
 
 	<target host="urx.com" />
 	<target host="developers.urx.com" />
diff --git a/src/chrome/content/rules/US-Dept-of-Veterans-Affairs.xml b/src/chrome/content/rules/US-Dept-of-Veterans-Affairs.xml
deleted file mode 100644
index 66c6a73ca967..000000000000
--- a/src/chrome/content/rules/US-Dept-of-Veterans-Affairs.xml
+++ /dev/null
@@ -1,158 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.vis.fsc.va.gov/ => https://www.vis.fsc.va.gov/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
-Fetch error: http://www.pay.va.gov/ => https://www.pay.va.gov/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
-Fetch error: http://www.tms.va.gov/ => https://www.tms.va.gov/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
-Fetch error: http://iris.va.gov/ => https://iris.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://uploads.va.gov/ => https://uploads.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www4.va.gov/ => https://www4.va.gov/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
-Fetch error: http://fasttrack.va.gov/ => https://www.fasttrack.va.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fasttrack.va.gov'")
-Fetch error: http://www.fasttrack.va.gov/ => https://www.fasttrack.va.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fasttrack.va.gov'")
-Fetch error: http://move.va.gov/ => https://www.move.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.move.va.gov/ => https://www.move.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vacanteen.va.gov/ => https://www.vacanteen.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.vacanteen.va.gov/ => https://www.vacanteen.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vaforvets.va.gov/ => https://vaforvets.va.gov/: (51, "SSL: no alternative certificate subject name matches target host name 'vaforvets.va.gov'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.ebenefits.va.gov/ => https://www.ebenefits.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.vendorportal.ecms.va.gov/ => https://www.vendorportal.ecms.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.vis.fsc.va.gov/ => https://www.vis.fsc.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.1010ez.med.va.gov/ => https://www.1010ez.med.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.myhealth.va.gov/ => https://www.myhealth.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.pay.va.gov/ => https://www.pay.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.tms.va.gov/ => https://www.tms.va.gov/: (60, 'SSL certificate problem: self signed certificate in certificate chain')
-Fetch error: http://www.valu.va.gov/ => https://www.valu.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.visn2.va.gov/ => https://www.visn2.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.visn23.va.gov/ => https://www.visn23.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://iris.va.gov/ => https://iris.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://uploads.va.gov/ => https://uploads.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www1.va.gov/ => https://www.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www4.va.gov/ => https://www4.va.gov/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
-Fetch error: http://fasttrack.va.gov/ => https://www.fasttrack.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.fasttrack.va.gov/ => https://www.fasttrack.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://gibill.va.gov/ => https://www.gibill.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.gibill.va.gov/ => https://www.gibill.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://move.va.gov/ => https://www.move.va.gov/: (6, 'Could not resolve host: move.va.gov')
-Fetch error: http://www.move.va.gov/ => https://www.move.va.gov/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
-Fetch error: http://vacanteen.va.gov/ => https://www.vacanteen.va.gov/: (6, 'Could not resolve host: vacanteen.va.gov')
-Fetch error: http://www.vacanteen.va.gov/ => https://www.vacanteen.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vacareers.va.gov/ => https://www.vacareers.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.vacareers.va.gov/ => https://www.vacareers.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://voa.va.gov/ => https://www.voa.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.voa.va.gov/ => https://www.voa.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vip.vetbiz.gov/ => https://www.vip.vetbiz.gov/: (6, 'Could not resolve host: vip.vetbiz.gov')
-Fetch error: http://www.vip.vetbiz.gov/ => https://www.vip.vetbiz.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://insurance.va.gov/ => https://insurance.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.insurance.va.gov/ => https://insurance.va.gov/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vaforvets.va.gov/ => https://vaforvets.va.gov/: (7, 'Failed to connect to vaforvets.va.gov port 443: Connection refused')
-Fetch error: http://va.gov/ => http://va.gov/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
-Fetch error: http://www.va.gov/ => https://www.va.gov/: (28, 'Operation timed out after 15001 milliseconds with 0 bytes received')
-
--->
-<ruleset name="US Department of Veterans Affairs" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<!--	Subdomains in the situation where there is a
-		www. prefix and the prefix should be left in place
-		(The www.vba.va.gov domain is in this category
-		but is covered by the *.vba.va.gov subdomain
-		that appears in a target host tag further down)	-->
-	<target host="www.ebenefits.va.gov" />
-	<target host="www.vendorportal.ecms.va.gov" />
-	<target host="www.vis.fsc.va.gov" />
-	<target host="www.1010ez.med.va.gov" />
-	<target host="www.myhealth.va.gov" />
-	<target host="www.pay.va.gov" />
-	<target host="www.tms.va.gov" />
-	<target host="www.valu.va.gov" />
-	<target host="www.visn2.va.gov" />
-	<target host="www.visn23.va.gov" />
-
-	<!--	Subdomains in the situation
-		where there is no www. prefix
-		and none should be added	-->
-	<target host="iris.va.gov" />
-	<target host="uploads.va.gov" />
-	<target host="www1.va.gov" />
-	<target host="www4.va.gov" />
-
-	<!--	Subdomains in the situation
-		where a www. prefix should be
-		added if one is not present	-->
-	<target host="fasttrack.va.gov" />
-	<target host="www.fasttrack.va.gov" />
-	<target host="gibill.va.gov" />
-	<target host="www.gibill.va.gov" />
-	<target host="move.va.gov" />
-	<target host="www.move.va.gov" />
-	<target host="vacanteen.va.gov" />
-	<target host="www.vacanteen.va.gov" />
-	<target host="vacareers.va.gov" />
-	<target host="www.vacareers.va.gov" />
-	<target host="voa.va.gov" />
-	<target host="www.voa.va.gov" />
-	<target host="vip.vetbiz.gov" />
-	<target host="www.vip.vetbiz.gov" />
-
-	<!--	Subdomains in the situation where a single
-		www. prefix should be removed if one is present.	-->
-	<target host="insurance.va.gov" />
-	<target host="www.insurance.va.gov" />
-	<target host="vaforvets.va.gov" />
-	<target host="*.vaforvets.va.gov" />
-	<target host="*.vba.va.gov" />
-
-	<target host="va.gov" />
-	<target host="www.va.gov" />
-
-	<!--	The game at http://www.va.gov/kids/k-5/drawer.asp
-		does not appear to work when HTTPS is used	-->
-	<exclusion pattern="^http://www\.va\.gov/kids(?:$|/)" />
-
-	<!--	The jobsearch.vaforvets.va.gov subdomain (among other possible subdomains) does not support HTTPS as of now.
-		Because of subdomains such as this, secure cookies are not applied to the vaforvets.va.gov subdomain or the
-		vba.va.gov subdomain or the va.gov domain. At the same time, secure cookies are applied to certain subdomains
-		of the vaforvets.va.gov subdomain and the vba.va.gov subdomain, such as login.vaforvets.va.gov and tas.vba.va.gov	-->
-	<securecookie host="^www\.(?:ebenefits|vendorportal\.ecms|vis\.fsc|1010ez\.med|myhealth|pay|tms|valu|vba|visn23?)\.va\.gov$" name=".+" />
-	<securecookie host="^\.?(?:(?:pki|register)\.eauth|iris|uploads|www4)\.va\.gov$" name=".+" />
-	<securecookie host="^(?:\.|www\.)?(?:fasttrack|gibill|move|vacanteen|vacareers|voa)\.va\.gov$" name=".+" />
-	<securecookie host="^www\.vip\.vetbiz\.gov$" name=".+" />
-	<securecookie host="^(?:\.|www\.)?insurance|(?:tas|vabenefits|vaonce|vip)\.vba\.va\.gov$" name=".+" />
-	<securecookie host="^(?:\.|www\.)?(?:assessments|login|mst|my|users|vct)\.aforvets\.va\.gov$" name=".+" />
-	<securecookie host="^www\.va\.gov$" name=".+" />
-
-	<!--	Some "This URL has moved" pages may not automatically redirect
-		when HTTPS is used, so do a redirect via the ruleset	-->
-	<rule from="^https?://(?:www\.)?va\.gov/opa/fact/index\.asp(?:$|\?)"
-		to="https://www.va.gov/opa/publications/factsheets.asp" />
-
-	<rule from="^https?://(?:www\.)?va\.gov/(?:cbo|CBO)/rates\.asp(?:$|\?)"
-		to="https://www.va.gov/CBO/apps/rates/index.asp" />
-
-	<!--	Handle the situation where a subdomain has a www.
-		prefix and the prefix should be left in place	-->
-	<rule from="^http://www\.(ebenefits|vendorportal\.ecms|vis\.fsc|1010ez\.med|myhealth|pay|tms|valu|vba|visn23?)\.va\.gov/"
-		to="https://www.$1.va.gov/" />
-
-	<!--	Handle the situation where a subdomain has no
-		www. prefix and no such prefix should be added	-->
-	<rule from="^http://(iris|uploads|www4)\.va\.gov/"
-		to="https://$1.va.gov/" />
-
-	<!--	Handle the situation where a subdomain might have a www. prefix
-		and such a prefix should be added if not already present	-->
-	<rule from="^http://(?:www\.)?(fasttrack|gibill|move|vacanteen|vacareers|voa)\.va\.gov/"
-		to="https://www.$1.va.gov/" />
-	<rule from="^http://(?:www\.)?vip\.vetbiz\.gov/"
-		to="https://www.vip.vetbiz.gov/" />
-
-	<!--	Handle the situation where a subdomain might have a www.
-		prefix and such a prefix should be removed if present	-->
-	<rule from="^http://(?:www\.)?(insurance|(?:(?:assessments|login|mst|my|users|vct)\.)?vaforvets|(?:tas|vabenefits|vaonce|vip)\.vba)\.va\.gov/"
-		to="https://$1.va.gov/" />
-
-	<rule from="^http://(?:www1?)\.va\.gov/"
-		to="https://www.va.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US-Internet-Crime-Complaint-Ctr.xml b/src/chrome/content/rules/US-Internet-Crime-Complaint-Ctr.xml
deleted file mode 100644
index ab251c131086..000000000000
--- a/src/chrome/content/rules/US-Internet-Crime-Complaint-Ctr.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	US Internet Crime Complaint Center
-
-
-
-	Insecure cookies are set for these hosts:
-
-		- complaint.ic3.gov
-
--->
-<ruleset name="IC3.gov">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ic3.gov" />
-	<target host="complaint.ic3.gov" />
-	<target host="www.ic3.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="complaint\.ic3\.gov$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host=".\.ic3\.gov$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US-News.com.xml b/src/chrome/content/rules/US-News.com.xml
index 079585b09e7e..ee4c303aa6db 100644
--- a/src/chrome/content/rules/US-News.com.xml
+++ b/src/chrome/content/rules/US-News.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Non-functional subdomains:
-	
+
 		- articles.bestlawfirms	(m)
 		- link.biz-messaging	(m)
 		- jobs	(m)
diff --git a/src/chrome/content/rules/US-Securities-and-Exchange-Commission.xml b/src/chrome/content/rules/US-Securities-and-Exchange-Commission.xml
deleted file mode 100644
index 1669243d7bef..000000000000
--- a/src/chrome/content/rules/US-Securities-and-Exchange-Commission.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<!--
-	U.S. Securities and Exchange Commission
-
-
-
-	Nonfunctional hosts in *sec.gov:
-
-		- search ¹
-		- xbrl ²
-
-	¹ Dropped
-	² Refused
-
-
-	Problematic hosts in *sec.gov:
-
-		- datapreview *
-
-	* Server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	These altnames don't exist:
-
-		- tcr.sec.gov
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.sec.gov
-
-
-	Mixed content:
-
-		- css on www, www-test from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="SEC.gov">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="sec.gov" />
-	<!--target host="datapreview.sec.gov" /-->
-	<target host="www.onlineforms.edgarfiling.sec.gov" />
-	<target host="www.edgarfiling.sec.gov" />
-	<target host="searchwww.sec.gov" />
-	<target host="www.sec.gov" />
-	<target host="www-test.sec.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.sec\.gov$" name="^datacenter$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US-Selective-Service-System.xml b/src/chrome/content/rules/US-Selective-Service-System.xml
index a880acebf650..6d50f37d9a21 100644
--- a/src/chrome/content/rules/US-Selective-Service-System.xml
+++ b/src/chrome/content/rules/US-Selective-Service-System.xml
@@ -2,7 +2,7 @@
 	<target host="sss.gov" />
 	<target host="www.sss.gov" />
 
-	<securecookie host="^(?:.*\.)?sss\.gov$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://sss\.gov/"
 		to="https://www.sss.gov/" />
diff --git a/src/chrome/content/rules/US-Social-Forum.xml b/src/chrome/content/rules/US-Social-Forum.xml
index d47603f92ae3..43858684c7e0 100644
--- a/src/chrome/content/rules/US-Social-Forum.xml
+++ b/src/chrome/content/rules/US-Social-Forum.xml
@@ -8,7 +8,7 @@ Fetch error: http://community.ussf2010.org/ => https://community.ussf2010.org/:
 		- (www.)	(cert: community.ussf2010.org; 404)
 		- ict		(cert: june.mayfirst.org)
 -->
-<ruleset name="US Social Forum (partial)" default_off='failed ruleset test'>
+<ruleset name="US Social Forum (partial)" default_off="failed ruleset test">
 
 	<target host="community.ussf2010.org"/>
 
diff --git a/src/chrome/content/rules/USA.gov.xml b/src/chrome/content/rules/USA.gov.xml
deleted file mode 100644
index 573e0d0e43a8..000000000000
--- a/src/chrome/content/rules/USA.gov.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--
-	1.usa.gov is handled in Bit.ly_vanity_domains.xml.
-
-
-
-	Problematic hosts in *usa.gov:
-
-		- answers *
-
-	* Akamai / mismatched
-
-
-	These altnames don't exist:
-
-		- beta.business.usa.gov
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- admin-survey.usa.gov
-		- .go.usa.gov
-		- kids.usa.gov
-		- publications.usa.gov
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on business, feedback, participation from fonts.googleapis.com *
-		- Images on feedback from sites.usa.gov *
-
-	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="USA.gov (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="usa.gov" />
-	<target host="admin-survey.usa.gov" />
-	<target host="apps.usa.gov" />
-	<target host="beta.usa.gov" />
-	<target host="blog.usa.gov" />
-	<target host="business.usa.gov" />
-	<target host="www.business.usa.gov" />
-	<target host="go.usa.gov" />
-	<target host="gobierno.usa.gov" />
-	<target host="kids.usa.gov" />
-	<target host="www.kids.usa.gov" />
-	<target host="participation.usa.gov" />
-	<target host="publications.usa.gov" />
-	<target host="search.usa.gov" />
-	<target host="sites.usa.gov" />
-	<target host="*.sites.usa.gov" />
-	<target host="survey.usa.gov" />
-	<target host="vote.usa.gov" />
-	<target host="www.usa.gov" />
-
-		<test url="http://ethics.sites.usa.gov/files/2014/07/showcase-ethics-bg.jpg" />
-		<test url="http://fedramp.sites.usa.gov/files/2015/02/news_bg.png" />
-		<test url="http://newtech4fedlib.sites.usa.gov/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^admin-survey\.usa\.gov$" name="^(?:_comment_tool_app_session|rack\.session)$" /-->
-	<!--securecookie host="^\.go\.usa\.gov$" name="^SESS[\da-f]{32}$" /-->
-	<!--securecookie host="^kids\.usa\.gov$" name="^AWSELB$" /-->
-	<!--securecookie host="^publications\.usa\.gov$" name="^(?:PHPSESSID|cookies)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/USA_Today.xml b/src/chrome/content/rules/USA_Today.xml
index ac50836eb8b4..464341595ca7 100644
--- a/src/chrome/content/rules/USA_Today.xml
+++ b/src/chrome/content/rules/USA_Today.xml
@@ -31,8 +31,6 @@
 	<target host="video-network.usatoday.com" />
 	<target host="videos.usatoday.com" />
 
-	<target host="usatodayw7vu5egc.onion" />
-
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://usatoday\.com/" to="https://www.usatoday.com/" />
diff --git a/src/chrome/content/rules/USAlliance.xml b/src/chrome/content/rules/USAlliance.xml
index 1e6199c25215..7e465d7fccc2 100644
--- a/src/chrome/content/rules/USAlliance.xml
+++ b/src/chrome/content/rules/USAlliance.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/USAspending.gov.xml b/src/chrome/content/rules/USAspending.gov.xml
index f5d806c3ec3a..e2f3438cbffa 100644
--- a/src/chrome/content/rules/USAspending.gov.xml
+++ b/src/chrome/content/rules/USAspending.gov.xml
@@ -18,7 +18,7 @@ Fetch error: http://openbeta-comm.usaspending.gov/ => https://openbeta-comm.usas
 		- openbeta-comm.usaspending.gov
 
 -->
-<ruleset name="USAspending.gov" default_off='failed ruleset test'>
+<ruleset name="USAspending.gov" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/USBank.xml b/src/chrome/content/rules/USBank.xml
index afad2e0a64c2..db0de92b24e0 100644
--- a/src/chrome/content/rules/USBank.xml
+++ b/src/chrome/content/rules/USBank.xml
@@ -35,7 +35,15 @@
 <ruleset name="USBank">
 
 	<target host="usbank.com" />
-	<target host="*.usbank.com" />
+	<target host="access.usbank.com" />
+	<target host="m.usbank.com" />
+	<target host="mm.usbank.com" />
+	<target host="ms.usbank.com" />
+	<target host="ms2.usbank.com" />
+	<target host="onlinebanking.usbank.com" />
+	<target host="trustnowessentials.usbank.com" />
+	<target host="www.usbank.com" />
+	<target host="wwws.usbank.com" />
 
 
 	<!--	Not secured by server:
@@ -53,7 +61,6 @@
 	<securecookie host="^(?:(?:access|mm?|ms2?|onlinebanking|trustnowessentials|wwws?)\.)?usbank\.com$" name=".+" />
 
 
-	<rule from="^http://((?:access|espanol|mm?|ms2?|onlinebanking|trustnowessentials|wwws?)\.)?usbank\.com/"
-		to="https://$1usbank.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/USConstitution.net.xml b/src/chrome/content/rules/USConstitution.net.xml
index 619428818614..6192044fda5f 100644
--- a/src/chrome/content/rules/USConstitution.net.xml
+++ b/src/chrome/content/rules/USConstitution.net.xml
@@ -16,7 +16,8 @@
 -->
 <ruleset name="USConstitution.net (partial)">
 
-	<target host="*.usconstitution.net" />
+	<target host="cdn.usconstitution.net" />
+	<target host="cdn-7.usconstitution.net" />
 
 
 	<rule from="^http://cdn(?:-7)?\.usconstitution\.net/"
diff --git a/src/chrome/content/rules/USDA-ARS.xml b/src/chrome/content/rules/USDA-ARS.xml
index 68f5c56cdf71..4ef3735f3745 100644
--- a/src/chrome/content/rules/USDA-ARS.xml
+++ b/src/chrome/content/rules/USDA-ARS.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see United-States-Department-of-Agriculture.xml.
 
 -->
-<ruleset name="USDA-ARS" default_off="missing certificate chain">
+<ruleset name="USDA-ARS" default_off="cert-chain">
 
 	<target host="www.ars.usda.gov" />
 
diff --git a/src/chrome/content/rules/USFSP.edu.xml b/src/chrome/content/rules/USFSP.edu.xml
new file mode 100644
index 000000000000..7857492e3a0d
--- /dev/null
+++ b/src/chrome/content/rules/USFSP.edu.xml
@@ -0,0 +1,17 @@
+<!--
+	For University of South Florida in Tampa see University-of-South-Florida.xml
+
+	Mismatched:
+		- ^
+
+	Incomplete certificate chain:
+		- vpn
+-->
+<ruleset name="USFSP.edu">
+	<target host="usfsp.edu" />
+	<target host="www.usfsp.edu" />
+	<target host="sharemypc.usfsp.edu" />
+
+	<rule from="^http://usfsp\.edu/" to="https://www.usfsp.edu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/USF_CA.edu.xml b/src/chrome/content/rules/USF_CA.edu.xml
index 379d0f5217ea..42b4adfb92d6 100644
--- a/src/chrome/content/rules/USF_CA.edu.xml
+++ b/src/chrome/content/rules/USF_CA.edu.xml
@@ -31,7 +31,9 @@ Fetch error: http://usfca.edu/ => https://usfca.edu/: (28, 'Connection timed out
 <ruleset name="USF CA.edu (partial)">
 
 	<target host="usfca.edu" />
-	<target host="*.usfca.edu" />
+	<target host="web.usfca.edu" />
+	<target host="www.usfca.edu" />
+	<target host="hashtag.usfca.edu" />
 
 
 	<securecookie host="^(?:web\.|www\.)?usfca\.edu$" name=".+" />
diff --git a/src/chrome/content/rules/USFreeads.xml b/src/chrome/content/rules/USFreeads.xml
index a89ea3ffc565..f6beacdd1549 100644
--- a/src/chrome/content/rules/USFreeads.xml
+++ b/src/chrome/content/rules/USFreeads.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?usfreeads\.com/(favicon\.ico|files/|modules/|uploads/)"
 		to="https://$1usfreeads.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/USPS.xml b/src/chrome/content/rules/USPS.xml
index c74a67ff2406..057a8ea70c06 100644
--- a/src/chrome/content/rules/USPS.xml
+++ b/src/chrome/content/rules/USPS.xml
@@ -49,16 +49,27 @@ Fetch error: http://usps.com/ => https://www.usps.com/: Cycle detected - URL alr
 <ruleset name="USPS.com">
 
 	<target host="usps.com" />
-	<target host="*.usps.com" />
+	<target host="www.usps.com" />
+	<target host="about.usps.com" />
+	<target host="cns.usps.com" />
+	<target host="fast.usps.com" />
+	<target host="gateway.usps.com" />
+	<target host="gateway-cat.usps.com" />
+	<target host="moversguide.usps.com" />
+	<target host="my.usps.com" />
+	<target host="poboxes.usps.com" />
+	<target host="sdc.usps.com" />
+	<target host="shop.usps.com" />
+	<target host="store.usps.com" />
+	<target host="tools.usps.com" />
 
 
-	<securecookie host="^(?:.*\.)?usps\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?usps\.com/"
 		to="https://www.usps.com/" />
 
-	<rule from="^http://(about|cns|fast|gateway|gateway-cat|moversguide|my|poboxes|sdc|shop|store|tools)\.usps\.com/"
-		to="https://$1.usps.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/USRowing.xml b/src/chrome/content/rules/USRowing.xml
index b14ea8e4e90f..751a8979de0a 100644
--- a/src/chrome/content/rules/USRowing.xml
+++ b/src/chrome/content/rules/USRowing.xml
@@ -3,7 +3,7 @@
 	- Some pages redirect to http
 
 -->
-<ruleset name="USRowing (partial)">
+<ruleset name="USRowing (partial)" default_off="refused">
 
 	<target host="usrowing.org" />
 	<target host="www.usrowing.org" />
@@ -12,4 +12,4 @@
 	<rule from="^http://(?:www\.)?usrowing\.org/(App_Themes/|jquery-1.4.2\.js|Libraries/|PopCalendar2008/CSS/|(?:Script|Web)Resource\.axd|[sS]itefinity/)"
 		to="https://www.usrowing.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/UST.hk.xml b/src/chrome/content/rules/UST.hk.xml
index 287bfa0bdf08..b8d4e2b8d827 100644
--- a/src/chrome/content/rules/UST.hk.xml
+++ b/src/chrome/content/rules/UST.hk.xml
@@ -1,107 +1,185 @@
 <!--
+	Other UST.hk related rulesets:
+		+ HKUST.edu.cn.xml
+		+ HKUST-GZ.edu.cn.xml
+		+ HKUST.edu.hk.xml
+
 	Non-functional hosts:
-		Invalid Certificates:
-			- arr.ust.hk
-			- connect.ust.hk
-			- ias.ust.hk
-			- lists.ust.hk
-			- o365.ust.hk
-			- algebra.math.ust.hk
-			- hrmsxprod.psft.ust.hk
-			- sqmail.ust.hk
-			- sci.success.ust.hk
-		
-		Unable to get local issuer certificate:
-			- w7.ab.ust.hk
-			- w8.ab.ust.hk
-			- admission.ust.hk
-			- alumni.ust.hk
-			- home.cse.ust.hk
-			- library.ust.hk
-			- search.ust.hk
-			- ss.ust.hk
-			- www.ust.hk
-
-		Timeout:
-			- www.bm.ust.hk
-			- teaching.ust.hk
-			- ustlib.ust.hk
-			- w9.ust.hk
-
-		MCB:
-			- home.cse.ust.hk
-			- home.ust.hk
-			- ihome.ust.hk
+		Timeout was reached:
+		- w7.ab.ust.hk
+		- w8.ab.ust.hk
+		- admission.ust.hk
+		- www.bm.ust.hk
+		- ielm.ust.hk
+		- itsm.ust.hk
+		- lbdb.ust.hk
+		- intranet.math.ust.hk
+		- ustlib.ust.hk
+
+		SSL connect error (TLSv1 or TLSv1.1 earlier):
+		- alum.ust.hk
+
+		SSL connect error:
+		- search.ust.hk
+
+		SSL peer certificate was not OK:
+		- algebra.math.ust.hk
+		- hrmsxprod.psft.ust.hk
+		- sqmail.ust.hk
+		- sci.success.ust.hk
+		- ucalendar.ust.hk
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- ias.ust.hk
+		- www.sengpp.ust.hk
+
+		Incomplete certificate chain error:
+		- alumni.ust.hk
+		- connect.ust.hk
+		- epst.ust.hk
+		- kt.ust.hk
+		- sfao.ust.hk
+		- ss.ust.hk
+		- tle.seng.ust.hk
+
+		Status code mismatch:
+		- bigdata.cse.ust.hk
+
+		Mixed Content Blocking (MCB) tiggered:
+		- home.cse.ust.hk
+		- home.ust.hk
+		- ihome.ust.hk
+
 -->
 <ruleset name="UST.hk (partial)">
-	<target host="w3.ab.ust.hk" />
 	<target host="w5.ab.ust.hk" />
 	<test url="http://w5.ab.ust.hk/wcq/cgi-bin/1620/" />
 	<target host="w6.ab.ust.hk" />
 	<test url="http://w6.ab.ust.hk/fbs/" />
 	<target host="www.ab.ust.hk" />
 	<target host="access.ust.hk" />
+	<target host="alumgiving.ust.hk" />
+	<target host="archives.ust.hk" />
+	<target host="arr.ust.hk" />
 	<target host="asset.ust.hk" />
 
+	<target host="bdi.ust.hk" />
 	<target host="bme.ust.hk" />
-	
+	<target host="booking.ust.hk" />
+	<target host="www.bri.ust.hk" />
+
 	<target host="cas.ust.hk" />
+	<target host="calendar.ust.hk" />
 	<target host="canvas.ust.hk" />
 	<target host="career.ust.hk" />
+	<target host="catalog.ust.hk" />
 	<target host="cbe.ust.hk" />
+	<target host="www.cdgt.ust.hk" />
+	<target host="citars.ust.hk" />
+	<target host="cle.ust.hk" />
+	<target host="cantalk.cle.ust.hk" />
 	<target host="adfs.connect.ust.hk" />
-	<target host="bigdata.cse.ust.hk" />
+	<target host="congregation.ust.hk" />
 	<target host="course.cse.ust.hk" />
 	<test url="http://course.cse.ust.hk/comp3711/03subarray.pdf" />
+	<target host="counsel.ust.hk" />
+	<test url="http://counsel.ust.hk/uploads/page/43/6f46d8803747383d2efab4249a12b9d8.JPG" />
+	<target host="covid19info.ust.hk" />
 	<target host="cssystem.cse.ust.hk" />
-	<target host="ftp.cse.ust.hk" />
 	<target host="www.cse.ust.hk" />
+	<target host="cso.ust.hk" />
 
+	<target host="dao.ust.hk" />
+	<target host="datahub.ust.hk" />
+	<target host="dataprivacy.ust.hk" />
+	<target host="dataspace.ust.hk" />
+	<target host="digitalimages.ust.hk" />
 	<target host="download.ust.hk" />
 
-	<target host="epst.ust.hk" />
+	<target host="www.ec.ust.hk" />
+	<target host="ecenter.ust.hk" />
+	<target host="engage.ust.hk" />
 	<target host="owa.exchange.ust.hk" />
+	<target host="lib.ezproxy.ust.hk" />
+	<target host="login.lib.ezproxy.ust.hk" />
+	
+	<target host="facultyprofiles.ust.hk" />
+
+	<target host="giving.ust.hk" />
+	<target host="gz.ust.hk" />
+	
+	<target host="hseo.ust.hk" />
 
-	<target host="ielm.ust.hk" />
-	<target host="www.ielm.ust.hk" />
+	<target host="iao.ust.hk" />
+	<target host="idp.ust.hk" />
+	<test url="http://idp.ust.hk/idp/images/logo.png" />
+	<target host="iis.ust.hk" />
+	<test url="http://iis.ust.hk/phonebk/dept.asp" />
 	<target host="illiad.ust.hk" />
+	<target host="iso.ust.hk" />
 	<target host="itsc.ust.hk" />
 	<target host="itscapps.ust.hk" />
-	<target host="itsm.ust.hk" />
+	
+	<target host="hkustcareers.ust.hk" />
 
 	<target host="join.ust.hk" />
 
 	<target host="lbapps.ust.hk" />
+	<target host="lbams.ust.hk" />
 	<target host="lbbooking.ust.hk" />
+	<target host="lbcone.ust.hk" />
+	<test url="http://lbcone.ust.hk/booktalk/" />
 	<target host="lbcube.ust.hk" />
-	<target host="lbdb.ust.hk" />
-	<test url="http://lbdb.ust.hk/ce/" />
+	<target host="lbdata.ust.hk" />
 	<target host="lbdiscover.ust.hk" />
 	<target host="lbezone.ust.hk" />
-	<target host="lbstaff.ust.hk" />
 	<target host="lbjcrs.ust.hk" />
+	<target host="lbpics.ust.hk" />
+	<target host="lbsearch.ust.hk" />
+	<target host="lbsphere.ust.hk" />
+	<target host="lbstaff.ust.hk" />
+	<target host="libguides.ust.hk" />
+	<target host="library.ust.hk" />
+	<target host="lists.ust.hk" />
 
-	<target host="intranet.math.ust.hk" />
 	<target host="webwork.math.ust.hk" />
 	<target host="www.math.ust.hk" />
+	<target host="mtpc.ust.hk" />
+	<target host="mtpcnews.ust.hk" />
+	<test url="http://mtpcnews.ust.hk/issue1/feature/" />
+	<target host="my.ust.hk" />
+	<target host="my-ai.ust.hk" />
 	<target host="myaccount.ust.hk" />
 	<target host="mystudyabroad.ust.hk" />
+	
+	<target host="news.ust.hk" />
+
+	<target host="o365.ust.hk" />
+	<target host="onemilliondollar.ust.hk" />
 
 	<target host="pg.ust.hk" />
 	<target host="login.psft.ust.hk" />
 	<target host="sisprod.psft.ust.hk" />
 	<test url="http://sisprod.psft.ust.hk/psp/SISPROD/" />
+	
+	<target host="repository.ust.hk" />
 
 	<target host="sao.ust.hk" />
 	<target host="sdb.science.ust.hk" />
 	<test url="http://sdb.science.ust.hk/mySCI/" />
-	<target host="tle.seng.ust.hk" />
-	<target host="www.sengpp.ust.hk" />
 	<target host="souvenir.ust.hk" />
 
+	<target host="transcript.ust.hk" />
+
+	<target host="uce.ust.hk" />
 	<target host="urop.ust.hk" />
+	<!-- target host="ucalendar.ust.hk" />
+	<test url="http://ucalendar.ust.hk/cgi-bin/cas_login.php" / -->
 
 	<target host="video.ust.hk" />
+	<target host="vprd.ust.hk" />
+
+	<target host="www.ust.hk" />
 
 	<securecookie host="access\.ust\.hk$" name=".+" />
 	<securecookie host="cas\.ust\.hk$" name=".+" />
@@ -111,6 +189,6 @@
 	<securecookie host="myaccount\.ust\.hk$" name=".+" />
 	<securecookie host="psft\.ust\.hk$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/USTC.edu.cn.xml b/src/chrome/content/rules/USTC.edu.cn.xml
index 9bd567f13f62..ea4cc4e6e3f6 100644
--- a/src/chrome/content/rules/USTC.edu.cn.xml
+++ b/src/chrome/content/rules/USTC.edu.cn.xml
@@ -1,36 +1,115 @@
 <!--
-	Nonfunctional subdomains:
+	Redirect to HTTP:
+		biotech.ustc.edu.cn
+		www.job.ustc.edu.cn
 
-		- (www.) *
-		- en *
-		- gradschool
-		- wlkt
+	Refused:
+		cloud.ustc.edu.cn
+		vpn.ustc.edu.cn
 
-	* Refused
-
-
-	Fully covered subdomains:
-
-		- bbs
-		- servers.blog
-
-		- lug
-		- fonts.lug
-		- fonts-gstatic.lug
-
-		- mirrors
+	Time out:
+		home.ustc.edu.cn
+		lib.ustc.edu.cn
+		staff.ustc.edu.cn
+		video.cmet.ustc.edu.cn
+		wlkt.ustc.edu.cn
+		wlt.ustc.edu.cn
+		zbh.ustc.edu.cn
 
+	Mixed content:
+		ahips.ustc.edu.cn
+		math.ustc.edu.cn
+		rec.ustc.edu.cn
 -->
 <ruleset name="USTC.edu.cn (partial)">
-
+	<target host="www.ustc.edu.cn" />
+	<target host="12ddh.ustc.edu.cn" />
+	<target host="arch.ustc.edu.cn" />
+	<target host="auto.ustc.edu.cn" />
 	<target host="bbs.ustc.edu.cn" />
-	<target host="servers.blog.ustc.edu.cn" />
+	<target host="biox.ustc.edu.cn" />
+	<target host="blackip.ustc.edu.cn" />
+	<target host="bs.ustc.edu.cn" />
+	<target host="business.ustc.edu.cn" />
+	<target host="cpst.ustc.edu.cn" />
+	<target host="cs.ustc.edu.cn" />
+	<target host="cswiki.ustc.edu.cn" />
+	<target host="cybersec.ustc.edu.cn" />
+	<target host="djyszw.ustc.edu.cn" />
+	<target host="drstone.ustc.edu.cn" />
+	<target host="dsxt.ustc.edu.cn" />
+	<target host="email.ustc.edu.cn" />
+	<target host="employment.ustc.edu.cn" />
+	<target host="en.ustc.edu.cn" />
+	<target host="en.ess.ustc.edu.cn" />
+	<target host="env.ustc.edu.cn" />
+	<target host="esetc.ustc.edu.cn" />
+	<target host="ess.ustc.edu.cn" />
+	<target host="fc.ustc.edu.cn" />
+	<target host="fgy.ustc.edu.cn" />
+	<target host="finance.ustc.edu.cn" />
+	<target host="gong.ustc.edu.cn" />
+	<target host="gradschool.ustc.edu.cn" />
+	<target host="hr.ustc.edu.cn" />
+	<target host="hsss.ustc.edu.cn" />
+	<target host="i.ustc.edu.cn" />
+	<target host="iat.ustc.edu.cn" />
+	<target host="icqd.ustc.edu.cn" />
+	<target host="linux.ustc.edu.cn" />
+	<target host="lmmr.ustc.edu.cn" />
+	<target host="lswhw.ustc.edu.cn" />
+	<target host="mba.ustc.edu.cn" />
+	<target host="mcg.ustc.edu.cn" />
+	<target host="mf.ustc.edu.cn" />
+	<target host="mis.sse.ustc.edu.cn" />
+	<target host="nanomedicine.ustc.edu.cn" />
+	<target host="netfee.ustc.edu.cn" />
+	<target host="news.ustc.edu.cn" />
+	<target host="nsti.ustc.edu.cn" />
+	<target host="owc.ustc.edu.cn" />
+	<target host="pas.ustc.edu.cn" />
+	<target host="passport.ustc.edu.cn" />
+	<target host="physics.ustc.edu.cn" />
+	<target host="qybx.ustc.edu.cn" />
+	<target host="rec2.ustc.edu.cn" />
+	<target host="rss.ustc.edu.cn" />
+	<target host="safetyse.ustc.edu.cn" />
+	<target host="scc.ustc.edu.cn" />
+	<target host="scgy.ustc.edu.cn" />
+	<target host="scms.ustc.edu.cn" />
+	<target host="sds.ustc.edu.cn" />
+	<target host="ses.ustc.edu.cn" />
+	<target host="sias.ustc.edu.cn" />
+	<target host="sist.ustc.edu.cn" />
+	<target host="sme.ustc.edu.cn" />
+	<target host="sse.ustc.edu.cn" />
+	<target host="step.ustc.edu.cn" />
+	<target host="studyabroad.ustc.edu.cn" />
+	<target host="ustcnet.ustc.edu.cn" />
+	<target host="ustcnet1.ustc.edu.cn" />
+	<target host="www.hfnl.ustc.edu.cn" />
+	<target host="www.snst.ustc.edu.cn" />
+	<target host="www.teach.ustc.edu.cn" />
+	<target host="www2.ustc.edu.cn" />
+	<target host="xxgk.ustc.edu.cn" />
+	<target host="young.ustc.edu.cn" />
+	<target host="yz.ustc.edu.cn" />
+	<target host="zsb.ustc.edu.cn" />
+	<!--USTCLUG Mirrors begin-->
 	<target host="lug.ustc.edu.cn" />
+	<target host="git.lug.ustc.edu.cn" />
+	<target host="mirrors.ustc.edu.cn" />
+	<target host="cernet.mirrors.ustc.edu.cn" />
+	<target host="chinanet.mirrors.ustc.edu.cn" />
+	<target host="cmcc.mirrors.ustc.edu.cn" />
+	<target host="ipv4.mirrors.ustc.edu.cn" />
+	<target host="ipv6.mirrors.ustc.edu.cn" />
+	<target host="unicom.mirrors.ustc.edu.cn" />
+	<target host="pgp.ustc.edu.cn" />
+	<!--USTCLUG reverse proxy begin-->
+	<target host="docker.mirrors.ustc.edu.cn" />
 	<target host="fonts.lug.ustc.edu.cn" />
 	<target host="fonts-gstatic.lug.ustc.edu.cn" />
-	<target host="mirrors.ustc.edu.cn" />
-
 
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/USUHS.edu.xml b/src/chrome/content/rules/USUHS.edu.xml
index da2ca59dfa2c..2e8ee8899007 100644
--- a/src/chrome/content/rules/USUHS.edu.xml
+++ b/src/chrome/content/rules/USUHS.edu.xml
@@ -42,7 +42,7 @@
 	<!--securecookie host="^(?:er|rcs28)\.lrc\.usuhs\.edu$" name="^PHPSESSID$" /-->
 
 	<securecookie host=".+" name=".+" />
-	
+
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/US_Citizenship_and_Immigration_Services.xml b/src/chrome/content/rules/US_Citizenship_and_Immigration_Services.xml
deleted file mode 100644
index 8b3a9bd2b69a..000000000000
--- a/src/chrome/content/rules/US_Citizenship_and_Immigration_Services.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	For other U.S. government coverage, see US-government.xml.
-
-
-
-	Nonfunctional subdomains:
-
-		- ^	(times out)
-		- blog	(interrupted)
-		- www	(403, akamai)
-
-
-	Partially covered subdomains:
-
-		- infopass	($ redirects to http, css/infopass2.css 404s)
-
--->
-<ruleset name="U.S. Citizenship and Immigration Services (partial)">
-
-	<target host="*.uscis.gov" />
-		<exclusion pattern="^http://infopass\.uscis\.gov/(?:$|css/infopass2\.css)" />
-
-
-	<rule from="^http://blog\.uscis\.gov/favicon\.ico"	
-		to="https://www.blogger.com/favicon.ico" />
-
-	<rule from="^http://(egov|infopass)\.uscis\.gov/"
-		to="https://$1.uscis.gov/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US_Currency.gov.xml b/src/chrome/content/rules/US_Currency.gov.xml
deleted file mode 100644
index bb34595bff86..000000000000
--- a/src/chrome/content/rules/US_Currency.gov.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-
--->
-<ruleset name="US Currency.gov">
-
-	<target host="uscurrency.gov" />
-	<target host="www.uscurrency.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/US_Cyber_Challenge.org.xml b/src/chrome/content/rules/US_Cyber_Challenge.org.xml
index 3a36c608efab..65fbfdaa0cc1 100644
--- a/src/chrome/content/rules/US_Cyber_Challenge.org.xml
+++ b/src/chrome/content/rules/US_Cyber_Challenge.org.xml
@@ -7,9 +7,9 @@
 	<target host="uscyberchallenge.org" />
 	<target host="www.uscyberchallenge.org" />
 
-	<rule from="^http://uscyberchallenge\.org/" 
+	<rule from="^http://uscyberchallenge\.org/"
 		  	to="https://www.uscyberchallenge.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/US_Fish_and_Wildlife_Service.xml b/src/chrome/content/rules/US_Fish_and_Wildlife_Service.xml
deleted file mode 100644
index 03d97bb43e1a..000000000000
--- a/src/chrome/content/rules/US_Fish_and_Wildlife_Service.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-
-
-	Nonfunctional subdomains:
-
-		- digitalmedia	(no https)
-		- library *
-		- wsfrprograms *
-
-	* Times out
-
-
-	!www: no https
-
--->
-<ruleset name="U.S. Fish and Wildlife Service (partial)">
-
-	<target host="fws.gov" />
-	<target host="www.fws.gov" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/US_Geological_Survey.xml b/src/chrome/content/rules/US_Geological_Survey.xml
index dc8da00e9527..faebe01fbf8a 100644
--- a/src/chrome/content/rules/US_Geological_Survey.xml
+++ b/src/chrome/content/rules/US_Geological_Survey.xml
@@ -35,4 +35,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/US_Nautic.xml b/src/chrome/content/rules/US_Nautic.xml
index 990cf3ef87cd..b3f1b7da3bb1 100644
--- a/src/chrome/content/rules/US_Nautic.xml
+++ b/src/chrome/content/rules/US_Nautic.xml
@@ -5,10 +5,10 @@
 <ruleset name="US Nautic (partial)">
 
 	<target host="usnautic.com" />
-	<target host="*.usnautic.com" />
+	<target host="www.usnautic.com" />
 
 
 	<rule from="^http://(www\.)?usnautic\.com/([cC]ontent/|en/customer/info|en/login|Plugins/|Themes/)"
 		to="https://$1usnautic.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml b/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml
index a5fbdd0c5d0e..0e2665474fde 100644
--- a/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml
+++ b/src/chrome/content/rules/US_Patent_and_Trademark_Office.xml
@@ -44,7 +44,7 @@
 	<target host="*.uspto.gov" />
 
 
-	<securecookie host="^.+\.uspto\.gov$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(efs|oedci|ramps|tsdr)\.uspto\.gov/"
diff --git a/src/chrome/content/rules/US_State_Department.xml b/src/chrome/content/rules/US_State_Department.xml
index 6eacf35715d7..90643e846e94 100644
--- a/src/chrome/content/rules/US_State_Department.xml
+++ b/src/chrome/content/rules/US_State_Department.xml
@@ -184,7 +184,7 @@ Fetch error: http://uk.state.gov/ => https://uk.state.gov/: (35, 'Unknown SSL pr
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="State.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="State.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/US_UK_ITA.org.xml b/src/chrome/content/rules/US_UK_ITA.org.xml
deleted file mode 100644
index 21e95a46550c..000000000000
--- a/src/chrome/content/rules/US_UK_ITA.org.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="US UK ITA.org">
-
-	<target host="usukita.org" />
-	<target host="www.usukita.org" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UT.ee.xml b/src/chrome/content/rules/UT.ee.xml
index 7edb400b24ca..ca1753c60182 100644
--- a/src/chrome/content/rules/UT.ee.xml
+++ b/src/chrome/content/rules/UT.ee.xml
@@ -96,7 +96,7 @@ Fetch error: http://cs.ut.ee/ => https://cs.ut.ee/: (51, "SSL: no alternative ce
 	* Secured by us
 
 -->
-<ruleset name="UT.ee (partial)" default_off='failed ruleset test'>
+<ruleset name="UT.ee (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UTSanDiego.com.xml b/src/chrome/content/rules/UTSanDiego.com.xml
index 5ed073332952..622790060a3f 100644
--- a/src/chrome/content/rules/UTSanDiego.com.xml
+++ b/src/chrome/content/rules/UTSanDiego.com.xml
@@ -13,7 +13,9 @@ Fetch error: http://iservice.uniontrib.com/ => https://iservice.uniontrib.com/:
 
 	<target host="iservice.uniontrib.com" />
 	<target host="utsandiego.com" />
-	<target host="*.utsandiego.com" />
+	<target host="www.utsandiego.com" />
+	<target host="dealmedia.utsandiego.com" />
+	<target host="media.utsandiego.com" />
 
 
 	<securecookie host="^iservice\.uniontrib\.com$" name=".+" />
diff --git a/src/chrome/content/rules/UU.nl.xml b/src/chrome/content/rules/UU.nl.xml
index f4152c25ebbd..1600193db87c 100644
--- a/src/chrome/content/rules/UU.nl.xml
+++ b/src/chrome/content/rules/UU.nl.xml
@@ -94,16 +94,32 @@
 -->
 <ruleset name="UU.nl (partial)">
 
-	<target host="*.uu.nl" />
+	<target host="caracal.uu.nl" />
+	<target host="wwwsec.cs.uu.nl" />
+	<target host="4thfloor.science.uu.nl" />
+	<target host="babaji.science.uu.nl" />
+	<target host="betaplanner.science.uu.nl" />
+	<target host="betaplannerstage.science.uu.nl" />
+	<target host="caracal.science.uu.nl" />
+	<target host="caracalstage.science.uu.nl" />
+	<target host="fa203.science.uu.nl" />
+	<target host="www.projects.science.uu.nl" />
+	<target host="testweb.science.uu.nl" />
+	<target host="upper.science.uu.nl" />
+	<target host="uppersurvey.science.uu.nl" />
+	<target host="webfarm.science.uu.nl" />
+	<target host="webstats.science.uu.nl" />
+	<target host="web.science.uu.nl" />
+	<target host="webstage.science.uu.nl" />
+	<target host="www.science.uu.nl" />
 
 
 	<securecookie host="^(?:caracal|(?:4thfloor|betaplanner|betaplannerstage|caracal|caracalstage|www\.projects|uppersurvey|webfarm)\.science)\.uu\.nl$" name=".+" />
 
 
-	<rule from="^http://(caracal|wwwsec\.cs|(?:4thfloor|babaji|betaplanner|betaplannerstage|caracal|caracalstage|fa203|www\.projects|testweb|upper|uppersurvey|webfarm|webstats)\.science)\.uu\.nl/"
-		to="https://$1.uu.nl/" />
 
 	<rule from="^http://w(?:eb|ebstage|ww)\.science\.uu\.nl/"
 		to="https://www.science.uu.nl/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UU.se.xml b/src/chrome/content/rules/UU.se.xml
index 494a187e51ef..d8c1b3ccaa74 100644
--- a/src/chrome/content/rules/UU.se.xml
+++ b/src/chrome/content/rules/UU.se.xml
@@ -65,7 +65,7 @@ Fetch error: http://www-hotel.uu.se/ => https://www-hotel.uu.se/: (6, 'Could not
 		- www.it
 
 -->
-<ruleset name="UU.se" default_off='failed ruleset test'>
+<ruleset name="UU.se" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UVM.edu.xml b/src/chrome/content/rules/UVM.edu.xml
index 62ed0266ff8f..bac8f6e23eb9 100644
--- a/src/chrome/content/rules/UVM.edu.xml
+++ b/src/chrome/content/rules/UVM.edu.xml
@@ -29,7 +29,7 @@ Fetch error: http://login.ezproxy.uvm.edu/ => https://login.ezproxy.uvm.edu/: (6
 		- Images on library, scholarworks from $self
 
 -->
-<ruleset name="UVM.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UVM.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UVic.ca.xml b/src/chrome/content/rules/UVic.ca.xml
index d9a53760f15d..a4845723b996 100644
--- a/src/chrome/content/rules/UVic.ca.xml
+++ b/src/chrome/content/rules/UVic.ca.xml
@@ -13,7 +13,9 @@
 <ruleset name="UVic.ca (partial)">
 
 	<target host="uvic.ca" />
-	<target host="*.uvic.ca" />
+	<target host="www.uvic.ca" />
+	<target host="ece.uvic.ca" />
+	<target host="www.ece.uvic.ca" />
 		<!--exclusion pattern="^http://(www\.)?ece\.uvic\.ca/(?!~)" /-->
 
 
diff --git a/src/chrome/content/rules/UWB.edu.xml b/src/chrome/content/rules/UWB.edu.xml
index c2151d83c5f4..b289a82eebae 100644
--- a/src/chrome/content/rules/UWB.edu.xml
+++ b/src/chrome/content/rules/UWB.edu.xml
@@ -35,7 +35,7 @@ Fetch error: http://library.uwb.edu/ => https://library.uwb.edu/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="UWB.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UWB.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/U_Mag.ca.xml b/src/chrome/content/rules/U_Mag.ca.xml
index c663985cad2b..fe01b18b7b95 100644
--- a/src/chrome/content/rules/U_Mag.ca.xml
+++ b/src/chrome/content/rules/U_Mag.ca.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.umag.ca/ => https://www.ucalgarymag.ca/: (60, 'SSL certi
 	(www.)?umag.ca: 404
 
 -->
-<ruleset name="U Mag.ca" default_off='failed ruleset test'>
+<ruleset name="U Mag.ca" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Ua-hosting.com.ua.xml b/src/chrome/content/rules/Ua-hosting.com.ua.xml
index 87ea73038b32..f9dc540d1587 100644
--- a/src/chrome/content/rules/Ua-hosting.com.ua.xml
+++ b/src/chrome/content/rules/Ua-hosting.com.ua.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.ua-hosting.com.ua/ => https://ua-hosting.com.ua/: (60, '
 	www: cert only matches ^ua-hosting.com.ua
 
 -->
-<ruleset name="ua-hosting.com.ua" default_off='failed ruleset test'>
+<ruleset name="ua-hosting.com.ua" default_off="failed ruleset test">
 
 	<target host="ua-hosting.com.ua" />
 	<target host="www.ua-hosting.com.ua" />
diff --git a/src/chrome/content/rules/Ual.es.xml b/src/chrome/content/rules/Ual.es.xml
index 4b4702a531a5..1cc6d1908afe 100644
--- a/src/chrome/content/rules/Ual.es.xml
+++ b/src/chrome/content/rules/Ual.es.xml
@@ -81,7 +81,7 @@ Fetch error: http://www2.ual.es/ => https://www2.ual.es/: (60, 'SSL certificate
 		* www.ieei.ual.es
 		* www.indirural.ual.es
 -->
-<ruleset name="Universidad de Almería" default_off='failed ruleset test'>
+<ruleset name="Universidad de Almería" default_off="failed ruleset test">
 
 	<target host="alfresco.ual.es" />
 	<target host="b32cronos.ual.es" />
diff --git a/src/chrome/content/rules/UbCDN.co.xml b/src/chrome/content/rules/UbCDN.co.xml
deleted file mode 100644
index 815f6f7a6321..000000000000
--- a/src/chrome/content/rules/UbCDN.co.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Ubiquiti Networks coverage, see UbCDN.co.xml.
-
--->
-<ruleset name="UbCDN.co">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ubcdn.co" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UbNt.com.xml b/src/chrome/content/rules/UbNt.com.xml
index a62496ffbeaa..200cf88775b0 100644
--- a/src/chrome/content/rules/UbNt.com.xml
+++ b/src/chrome/content/rules/UbNt.com.xml
@@ -2,7 +2,6 @@
 	Other Ubiquiti Networks rulesets:
 
 		- Go_Ubiquiti.com.xml
-		- UbCDN.co.xml
 
 
 	Nonfunctional hosts in *ubnt.com:
diff --git a/src/chrome/content/rules/UberMedia.com.xml b/src/chrome/content/rules/UberMedia.com.xml
index 734540c853bf..db1657c4e8d7 100644
--- a/src/chrome/content/rules/UberMedia.com.xml
+++ b/src/chrome/content/rules/UberMedia.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://ubermedia.com/ => https://ubermedia.com/: (7, 'Failed to con
 Fetch error: http://www.ubermedia.com/ => https://www.ubermedia.com/: (7, 'Failed to connect to www.ubermedia.com port 443: Connection refused')
 
 -->
-<ruleset name="UberMedia.com" default_off='failed ruleset test'>
+<ruleset name="UberMedia.com" default_off="failed ruleset test">
 
 	<target host="ubermedia.com" />
 	<target host="www.ubermedia.com" />
diff --git a/src/chrome/content/rules/UberTags-mismatches.xml b/src/chrome/content/rules/UberTags-mismatches.xml
deleted file mode 100644
index c5719a7ac3d0..000000000000
--- a/src/chrome/content/rules/UberTags-mismatches.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="UberTags (mismatches)" default_off="mismatched">
-
-	<target host="usertags.jeremybieger.com"/>
-	<target host="www.usertags.jeremybieger.com"/>
-	<target host="usertags.com"/>
-	<target host="cdn.usertags.com"/>
-	<target host="www.usertags.com"/>
-
-	<!--	cert: *.hostmonster.com
-		retrieving index.php like so triggers recursive redirection.	-->
-	<rule from="^http://(?:www\.)?usertags(?:\.jeremybieger)\.com/(images|wp-content)/"
-		to="https://ubertags.jeremybieger.com/~jeremybi/ubertags/$1/"/>
-
-	<!--	cert: cdn.volunteer2.com, shows that domain's 404 page	-->
-	<rule from="^http://cdn\.usertags\.com/"
-		to="https://ubertags.jeremybieger.com/~jeremybi/ubertags/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/UberTags.xml b/src/chrome/content/rules/UberTags.xml
deleted file mode 100644
index 90b5d1481b13..000000000000
--- a/src/chrome/content/rules/UberTags.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--	See UberTags-mismatches for problematic rules.
--->
-<ruleset name="UberTags (partial)">
-
-	<target host="app.ubertags.com"/>
-	<target host="console.ubertags.com"/>
-
-	<securecookie host="^console\.ubertags\.com$" name=".+" />
-
-	<rule from="^http://(\w+)\.ubertags\.com/"
-		to="https://$1.ubertags.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Uber_Technologies.xml b/src/chrome/content/rules/Uber_Technologies.xml
index ac17c022af9f..2b5e5c6640e5 100644
--- a/src/chrome/content/rules/Uber_Technologies.xml
+++ b/src/chrome/content/rules/Uber_Technologies.xml
@@ -1,5 +1,5 @@
 <!--
-	Uber Technologies 
+	Uber Technologies
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/Ubian.sk.xml b/src/chrome/content/rules/Ubian.sk.xml
new file mode 100644
index 000000000000..11c141857dbc
--- /dev/null
+++ b/src/chrome/content/rules/Ubian.sk.xml
@@ -0,0 +1,9 @@
+<ruleset name="Ubian.sk">
+	<target host="ubian.sk" />
+	<target host="www.ubian.sk" />
+	<target host="dopravnakarta.sk" />
+	<target host="www.dopravnakarta.sk" />
+	<target host="eshop.dopravnakarta.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubisoft-Entertainment.xml b/src/chrome/content/rules/Ubisoft-Entertainment.xml
index 36070ffbad04..602f002faabd 100644
--- a/src/chrome/content/rules/Ubisoft-Entertainment.xml
+++ b/src/chrome/content/rules/Ubisoft-Entertainment.xml
@@ -1,131 +1,62 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://static13.cdn.ubi.com/ => https://ubistatic13-a.akamaihd.net/: (6, 'Could not resolve host: ubistatic13-a.akamaihd.net')
-Fetch error: http://static16.ubi.com/ => https://s3.amazonaws.com/static16.ubi.com/: Redirect for 'https://s3.amazonaws.com/static16.ubi.com/' missing location header
-
-	For other Ubisoft Group coverage, see Ubisoft_Group.com.xml.
-
-
-	CDN buckets:
-
-		- Possible bucket at s3.amazonaws.com/ubi/
-
-		- static7.ubi.com.s3.amazonaws.com
-
-			- static7.ubi.com
-
-		- ubisoft.hs.llnwd.net
-
-			- static[79].cdn.ubi.com
-
-
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- forums *
-		- thesettlers.uk *
-
-	* Refused
-
-
-	Problematic subdomains:
-
-		- static7	(amazonws)
-		- video.us	(works; mismatched, CN: *.ubi.com)
-
-
-	Fully covered subdomains:
-
-		- static\d.cdn
-		- cs
-		- engineroom
-		- ghost-recon
-		- hbe
-		- secure
-		- static(?!7)\d
-		- static7	(→ s3.amazonaws.com)
-		- support
-		- tools
-		- ubibar
-		- uts
-
-
-	ToDo: Secure shop pages that don't redirect to http.
-
-
-	Mixed content:
-
-		- Flash:
-
-			- on uplay from www.youtube.com *
-
-		- Javascript:
-
-			- on uplay from static2.cdn *
-			- on uplay from ajax.googleapis.com *
-			- on uplay from www.youtube.com *
-			- on uplay from s.ytimg.com *
-
-		- css:
-
-			- on uplay from static2.cdn *
-
-		- Images:
-
-			- on uplay from static2.cdn *
-			- on uplay from img.youtube.com *
-
-		- Web bugs:
-
-			- on uplay from adserver.adtech.com *
-
-	* Secured by us
-
+	For other Ubisoft Group coverage, see Ubisoft-Group.com.xml.
+
+	Non-functional hosts
+		Timeout was reached:
+		- static12.ubi.com
+
+		SSL connect error:
+		- www.uplay.ubi.com
+
+		SSL peer certificate was not OK:
+		- static.cdn.ubi.com
+		- static10.cdn.ubi.com
+		- static11.cdn.ubi.com
+		- static14.cdn.ubi.com
+		- static17.cdn.ubi.com
+		- static19.cdn.ubi.com
+		- static7.cdn.ubi.com
+		- static9.cdn.ubi.com
+		- static15.ubi.com
+		- static16.ubi.com
+		- static7.ubi.com
 -->
-<ruleset name="Ubisoft Entertainment (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="*.ubi.com" />
-		<exclusion pattern="^http://(?:forums|www)\." />
-
-
-	<securecookie host=".*\.ubi\.com$" name=".+" />
-
-
-	<test url="http://static1.cdn.ubi.com/" />
-	<test url="http://static3.cdn.ubi.com/" />
-	<test url="http://static4.cdn.ubi.com/" />
-	<test url="http://static6.cdn.ubi.com/" />
-	<test url="http://static7.cdn.ubi.com/" />
-	<test url="http://static9.cdn.ubi.com/" />
-	<test url="http://static10.cdn.ubi.com/" />
-	<test url="http://static11.cdn.ubi.com/" />
-	<test url="http://static13.cdn.ubi.com/" />
-	<test url="http://static14.cdn.ubi.com/" />
-	<test url="http://static17.cdn.ubi.com/" />
-	
-	<rule from="^http://static(1|3|4|6|7|9|10|11|13|14|17)\.cdn\.ubi\.com/"
-		to="https://ubistatic$1-a.akamaihd.net/" />
-
-	<test url="http://static7.ubi.com/" />
-	<test url="http://static15.ubi.com/" />
-	<test url="http://static16.ubi.com/" />
-		
-	<rule from="^http://static(7|15|16)\.ubi\.com/"
-		to="https://s3.amazonaws.com/static$1.ubi.com/" />
-
-	<test url="http://cs.ubi.com/" />
-	<test url="http://engineroom.ubi.com/" />
-	<test url="http://hbe.ubi.com/" />
-	<test url="http://secure.ubi.com/" />
-	<test url="http://support.ubi.com/" />
-	<test url="http://tools.ubi.com/" />
-	<test url="http://ubibar.ubi.com/" />
-	<test url="http://uplay.ubi.com/" />
-	<test url="http://uts.ubi.com/" />
-	<test url="http://legal.ubi.com/" />
-		
-	<rule from="^http://(cs|engineroom|hbe|secure|static\d(?:\.cdn)?|support|tools|ubibar|uplay|uts|legal)\.ubi\.com/"
-		to="https://$1.ubi.com/" />
-
+<ruleset name="Ubisoft Entertainment">
+	<target host="ubi.com" />
+	<target host="www.ubi.com" />
+	<target host="static2.cdn.ubi.com" />
+	<target host="static3.cdn.ubi.com" />
+	<target host="static5.cdn.ubi.com" />
+	<target host="cs.ubi.com" />
+	<target host="engineroom.ubi.com" />
+	<target host="forums.ubi.com" />
+	<target host="hbe.ubi.com" />
+	<target host="legal.ubi.com" />
+	<target host="secure.ubi.com" />
+	<target host="static1.ubi.com" />
+	<target host="static11.ubi.com" />
+	<target host="static17.ubi.com" />
+	<target host="static19.ubi.com" />
+	<target host="static2.ubi.com" />
+	<target host="static3.ubi.com" />
+	<target host="static4.ubi.com" />
+	<target host="static5.ubi.com" />
+	<target host="static6.ubi.com" />
+	<target host="static8.cdn.ubi.com" />
+	<target host="static8.ubi.com" />
+	<target host="static9.ubi.com" />
+	<target host="store.ubi.com" />
+	<target host="support.ubi.com" />
+	<target host="tools.ubi.com" />
+	<target host="ubibar.ubi.com" />
+	<target host="uplay.ubi.com" />
+	<target host="www.uplay.ubi.com" />
+	<target host="uts.ubi.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.uplay\.ubi\.com/"
+			to="https://uplay.ubi.com/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ubisoft_Group.com.xml b/src/chrome/content/rules/Ubisoft_Group.com.xml
deleted file mode 100644
index c0df0aa450e7..000000000000
--- a/src/chrome/content/rules/Ubisoft_Group.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ubisoftgroup.com/ => https://ubisoftgroup.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
-
-	Other Ubisoft Group rulesets:
-
-		- Ubisoft-Entertainment.xml
-
-
-	Problematic subdomains:
-
-		- common	(works; mismatched, CN: www.ubisoftgroup.com)
-
--->
-<ruleset name="Ubisoft Group" default_off='failed ruleset test'>
-
-	<target host="ubisoftgroup.com" />
-	<target host="*.ubisoftgroup.com" />
-
-
-	<securecookie host="^\.ubisoftgroup\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ubisoftgroup\.com/"
-		to="https://$1ubisoftgroup.com/" />
-
-	<rule from="^http://common\.ubisoftgroup\.com/"
-		to="https://www.ubisoftgroup.com/comsite_common/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ubrr.ru.xml b/src/chrome/content/rules/Ubrr.ru.xml
index 15f30bbe32a2..93e5c4609363 100644
--- a/src/chrome/content/rules/Ubrr.ru.xml
+++ b/src/chrome/content/rules/Ubrr.ru.xml
@@ -62,7 +62,7 @@ tbinfo.ubrr.ru different content
 ³ timed out
 ⁶ redirect
 -->
-<ruleset name="ubrr.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="ubrr.ru (partial)" default_off="failed ruleset test">
 	<target host="3ds.ubrr.ru" />
 	<target host="card.ubrr.ru" />
 	<target host="demotb.ubrr.ru" />
diff --git a/src/chrome/content/rules/Ubuntu-CN.xml b/src/chrome/content/rules/Ubuntu-CN.xml
deleted file mode 100644
index 5e6111c349f7..000000000000
--- a/src/chrome/content/rules/Ubuntu-CN.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	Other Ubuntu rulesets:
-		- Ubuntu.xml
-
-	Invalid certificate and equal to .com.cn :
-		^(www.)?ubuntu.org.cn
-		forum.ubuntu.org.cn
-		linux.ubuntu.org.cn 
-		paste.ubuntu.org.cn 
-		wiki.ubuntu.org.cn 
-		
-	MCB:
-		linux.ubuntu.com.cn/$	(break the menu to the left)
--->
-
-<ruleset name="Ubuntu-CN">
-
-	<target host="ubuntu.com.cn" />
-	<target host="www.ubuntu.com.cn" />
-	<target host="forum.ubuntu.com.cn" />
-	<target host="linux.ubuntu.com.cn" />
-	<target host="paste.ubuntu.com.cn" />
-	<target host="wiki.ubuntu.com.cn" />
-
-	<target host="ubuntu.org.cn" />
-	<target host="www.ubuntu.org.cn" />
-	<target host="forum.ubuntu.org.cn" />
-	<target host="linux.ubuntu.org.cn" />
-	<target host="paste.ubuntu.org.cn" />
-	<target host="wiki.ubuntu.org.cn" />
-
-	<exclusion pattern="^http://linux\.ubuntu\.(com|org)\.cn/$" />
-		<!-- Not excluded -->
-		<test url="http://linux.ubuntu.com.cn/news/392498.html" />
-		<test url="http://linux.ubuntu.org.cn/news/392498.html" />
-
-	<rule from="^http://(www\.|forum\.|linux\.|paste\.|wiki\.)?ubuntu\.org\.cn/" to="https://$1ubuntu.com.cn/" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu.com.cn.xml b/src/chrome/content/rules/Ubuntu.com.cn.xml
new file mode 100644
index 000000000000..43dc6c22cdf2
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu.com.cn.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Ubuntu.com related rulesets, see
+		+ Ubuntu.xml
+-->
+<ruleset name="Ubuntu.com.cn">
+	<target host="ubuntu.com.cn" />
+	<target host="forum.ubuntu.com.cn" />
+	<target host="linux.ubuntu.com.cn" />
+	<target host="paste.ubuntu.com.cn" />
+	<target host="wiki.ubuntu.com.cn" />
+	<target host="www.ubuntu.com.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu.org.cn.xml b/src/chrome/content/rules/Ubuntu.org.cn.xml
new file mode 100644
index 000000000000..b60528f4f7b6
--- /dev/null
+++ b/src/chrome/content/rules/Ubuntu.org.cn.xml
@@ -0,0 +1,14 @@
+<!--
+	For other Ubuntu.com related rulesets, see
+		+ Ubuntu.xml
+-->
+<ruleset name="Ubuntu.org.cn">
+	<target host="ubuntu.org.cn" />
+	<target host="forum.ubuntu.org.cn" />
+	<target host="linux.ubuntu.org.cn" />
+	<target host="paste.ubuntu.org.cn" />
+	<target host="wiki.ubuntu.org.cn" />
+	<target host="www.ubuntu.org.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ubuntu.xml b/src/chrome/content/rules/Ubuntu.xml
index 8adcab3fac6a..5d914972270a 100644
--- a/src/chrome/content/rules/Ubuntu.xml
+++ b/src/chrome/content/rules/Ubuntu.xml
@@ -1,55 +1,37 @@
 <!--
 	Other Ubuntu rulesets:
-		+ Ubuntu-CN.xml
+		+ Ubuntu.com.cn.xml
+		+ Ubuntu.org.cn.xml
 
-	Preloaded hosts
+	HSTS preloaded:
 		- login.ubuntu.com
 
 	Non-functional hosts
 		Couldn't connect to server:
-			 - archive.ubuntu.com
-			 - cdimage.ubuntu.com
-			 - font.ubuntu.com
-			 - manpages.ubuntu.com
-			 - old-releases.ubuntu.com
-			 - one.ubuntu.com
-			 - releases.ubuntu.com
-			 - screenshots.ubuntu.com
-			 - security.ubuntu.com
-			 - tour.ubuntu.com
-			 - upstart.ubuntu.com
+		- archive.ubuntu.com
+		- cdimage.ubuntu.com
+		- old-releases.ubuntu.com
+		- security.ubuntu.com
 
 		Timeout was reached:
-			 - brainstorm.ubuntu.com
-			 - bugs.ubuntu.com
-			 - cloud.ubuntu.com
-			 - jobs.ubuntu.com
-			 - kernel.ubuntu.com
-			 - people.ubuntu.com
-			 - phablet.ubuntu.com
-			 - planet.ubuntu.com
-			 - popcon.ubuntu.com
-			 - reports.qa.ubuntu.com
-			 - women.ubuntu.com
+		- reports.qa.ubuntu.com
+		- women.ubuntu.com
 
 		SSL connect error:
-			 - loco.ubuntu.com
-			 - iso.qa.ubuntu.com
-			 - testcases.qa.ubuntu.com
+		- status.ubuntu.com
+		- summit.ubuntu.com
 
 		SSL peer certificate was not OK:
-			 - pad.ubuntu.com
-			 - status.ubuntu.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - ask.ubuntu.com
-			 - packaging.ubuntu.com
+		- ask.ubuntu.com
+		- brainstorm.ubuntu.com
+		- bugs.ubuntu.com
+		- upstart.ubuntu.com
 
 		Mixed content blocking (MCB) triggered:
-			 - lists.ubuntu.com
-			 - odm.ubuntu.com
-			 - summit.ubuntu.com
-			 - uds.ubuntu.com
+		- lists.ubuntu.com
+		- odm.ubuntu.com
+		- iso.qa.ubuntu.com
+		- testcases.qa.ubuntu.com
 -->
 <ruleset name="Ubuntu.com (partial)">
 	<target host="ubuntu.com" />
@@ -59,6 +41,8 @@
 		<test url="http://assets.ubuntu.com/v1/0df231d4-core-print.css" />
 	<target host="buy.ubuntu.com" />
 	<target host="certification.ubuntu.com" />
+	<target host="changelogs.ubuntu.com" />
+	<target host="cloud.ubuntu.com" />
 	<target host="cloud-images.ubuntu.com" />
 	<target host="community.ubuntu.com" />
 	<target host="design.ubuntu.com" />
@@ -66,24 +50,35 @@
 	<target host="myapps.developer.ubuntu.com" />
 	<target host="entropy.ubuntu.com" />
 	<target host="errors.ubuntu.com" />
+	<target host="font.ubuntu.com" />
 	<target host="fridge.ubuntu.com" />
 	<target host="help.ubuntu.com" />
 	<target host="insights.ubuntu.com" />
 	<target host="irclogs.ubuntu.com" />
+	<target host="jobs.ubuntu.com" />
 	<target host="juju.ubuntu.com" />
+	<target host="kernel.ubuntu.com" />
 	<target host="keyserver.ubuntu.com" />
-		<!-- HTTPS doesn't work on port 11371 -->
-		<exclusion pattern="^http://keyserver\.ubuntu\.com:11371/" />
-			<test url="http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&amp;search=extension-devs%40eff.org&amp;fingerprint=on" />
+	<!-- HTTPS doesn't work on port 11371 -->
+	<exclusion pattern="^http://keyserver\.ubuntu\.com:11371/" />
+		<test url="http://keyserver.ubuntu.com:11371/pks/lookup?op=vindex&amp;search=extension-devs%40eff.org&amp;fingerprint=on" />
+	<target host="loco.ubuntu.com" />
 	<target host="maas.ubuntu.com" />
+	<target host="manpages.ubuntu.com" />
 	<target host="merges.ubuntu.com" />
 	<target host="packages.ubuntu.com" />
+	<target host="packaging.ubuntu.com" />
+	<target host="pad.ubuntu.com" />
 	<target host="partners.ubuntu.com" />
 	<target host="paste.ubuntu.com" />
 	<target host="pastebin.ubuntu.com" />
 	<target host="patches.ubuntu.com" />
-	<target host="jenkins.qa.ubuntu.com" />
-	<target host="shop.ubuntu.com" />
+	<target host="people.ubuntu.com" />
+	<target host="planet.ubuntu.com" />
+	<target host="popcon.ubuntu.com" />
+	<target host="releases.ubuntu.com" />
+		<test url="http://releases.ubuntu.com/19.10/SHA256SUMS.gpg" />
+	<target host="tour.ubuntu.com" />
 	<target host="tutorials.ubuntu.com" />
 	<target host="uec-images.ubuntu.com" />
 	<target host="wiki.ubuntu.com" />
diff --git a/src/chrome/content/rules/UbuntuUsers.de.xml b/src/chrome/content/rules/UbuntuUsers.de.xml
index 398fb9f951fc..f7fd3f26718c 100644
--- a/src/chrome/content/rules/UbuntuUsers.de.xml
+++ b/src/chrome/content/rules/UbuntuUsers.de.xml
@@ -51,7 +51,7 @@
 	<!--securecookie host="^(?:(?:forum|ikhaya|planet|wiki)\.)?ubuntuusers\.de$" name="^csrftoken$" /-->
 	<!--securecookie host="^\.ubuntuusers\.de$" name="^session$" /-->
 
-	<securecookie host="^(?:.*\.)?ubuntuusers\.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Ubuntu_Forums.org.xml b/src/chrome/content/rules/Ubuntu_Forums.org.xml
index b839a6f7ac60..1baef69a41b2 100644
--- a/src/chrome/content/rules/Ubuntu_Forums.org.xml
+++ b/src/chrome/content/rules/Ubuntu_Forums.org.xml
@@ -47,6 +47,6 @@
 	<rule from="^http://www\.ubuntuforums\.org/"
 			to="https://ubuntuforums.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Uclibc-ng.org.xml b/src/chrome/content/rules/Uclibc-ng.org.xml
new file mode 100644
index 000000000000..c9d794fbb514
--- /dev/null
+++ b/src/chrome/content/rules/Uclibc-ng.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="Uclibc-ng.org">
+	<target host="uclibc-ng.org" />
+	<target host="www.uclibc-ng.org" />
+	<target host="cgit.uclibc-ng.org" />
+	<target host="downloads.uclibc-ng.org" />
+	<target host="git.uclibc-ng.org" />
+	<target host="mailman.uclibc-ng.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Uclibc.org.xml b/src/chrome/content/rules/Uclibc.org.xml
new file mode 100644
index 000000000000..ac6814569609
--- /dev/null
+++ b/src/chrome/content/rules/Uclibc.org.xml
@@ -0,0 +1,21 @@
+<!--
+	Nonfunctional hosts in *.uclibc.org:
+		- lists.uclibc.org (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Uclibc.org">
+	<target host="uclibc.org" />
+	<target host="www.uclibc.org" />
+	<target host="bugs.uclibc.org" />
+	<target host="buildroot.uclibc.org" />
+	<target host="cxx.uclibc.org" />
+	<target host="git.uclibc.org" />
+	<target host="sources.uclibc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Udacity.com.xml b/src/chrome/content/rules/Udacity.com.xml
index 3cfe2967d99a..4efb0c5515fe 100644
--- a/src/chrome/content/rules/Udacity.com.xml
+++ b/src/chrome/content/rules/Udacity.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://email.udacity.com/ => https://email.udacity.com/: (6, 'Could
 		- labs 	(refused)
 
 -->
-<ruleset name="Udacity.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Udacity.com (partial)" default_off="failed ruleset test">
 
 	<target host="udacity.com" />
 	<target host="ar.udacity.com" />
diff --git a/src/chrome/content/rules/Udistrital.xml b/src/chrome/content/rules/Udistrital.xml
index a9ce4fbb22b2..04cbf6100275 100644
--- a/src/chrome/content/rules/Udistrital.xml
+++ b/src/chrome/content/rules/Udistrital.xml
@@ -44,7 +44,7 @@ Fetch error: http://oas.udistrital.edu.co/ => https://oas.udistrital.edu.co/: (2
 		- herbario.udistrital.edu.co
 		- idexud.udistrital.edu.co
 -->
-<ruleset name="Universidad Distrital (partial)" default_off='failed ruleset test'>
+<ruleset name="Universidad Distrital (partial)" default_off="failed ruleset test">
 
 	<target host="udistrital.edu.co" />
 	<target host="www.udistrital.edu.co" />
diff --git a/src/chrome/content/rules/Ugandan-government.xml b/src/chrome/content/rules/Ugandan-government.xml
index e71583e445a2..a42ae69e99b3 100644
--- a/src/chrome/content/rules/Ugandan-government.xml
+++ b/src/chrome/content/rules/Ugandan-government.xml
@@ -3,7 +3,7 @@
 	<target host="jlos.go.ug"/>
 	<target host="www.jlos.go.ug"/>
 
-	<securecookie host="^(?:.*\.)?jlos\.go\.ug$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?jlos\.go\.ug/"
 		to="https://jlos.go.ug/"/>
diff --git a/src/chrome/content/rules/Uhhospitals.org.xml b/src/chrome/content/rules/Uhhospitals.org.xml
index 246bcda5e8a4..95d537d3c0bc 100644
--- a/src/chrome/content/rules/Uhhospitals.org.xml
+++ b/src/chrome/content/rules/Uhhospitals.org.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(www\.)?uhhospitals\.org/(_cassette/|favicon\.ico|(?:.+/)?~/media/)"
 		to="https://$1uhhospitals.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uhrzeit.org.xml b/src/chrome/content/rules/Uhrzeit.org.xml
index 5b5521bde902..39342c1bc5ab 100644
--- a/src/chrome/content/rules/Uhrzeit.org.xml
+++ b/src/chrome/content/rules/Uhrzeit.org.xml
@@ -8,16 +8,17 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://atomic-clock.org.uk/ => https://www.atomic-clock.org.uk/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://la-hora.org/ => https://www.la-hora.org/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="Uhrzeit.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Uhrzeit.org (partial)" default_off="failed ruleset test">
 
 	<!--	* for cross-domain cookie	-->
 	<target host="atomic-clock.org.uk"/>
-	<target host="*.atomic-clock.org.uk"/>
+	<target host="www.atomic-clock.org.uk" />
 	<target host="la-hora.org"/>
 	<!--	ditto	-->
-	<target host="*.la-hora.org"/>
+	<target host="www.la-hora.org" />
 	<target host="uhrzeit.org"/>
-	<target host="*.uhrzeit.org"/>
+	<target host="www.uhrzeit.org" />
+	<target host="watches.uhrzeit.org" />
 		<!--
 			Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/Ukash.com.xml b/src/chrome/content/rules/Ukash.com.xml
index 230295a66840..e0c045cf9104 100644
--- a/src/chrome/content/rules/Ukash.com.xml
+++ b/src/chrome/content/rules/Ukash.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.ukash.com/ => https://www.ukash.com/: (7, 'Failed to con
 		- www.ukash.com
 
 -->
-<ruleset name="Ukash.com" default_off='failed ruleset test'>
+<ruleset name="Ukash.com" default_off="failed ruleset test">
 
 	<target host="ukash.com" />
 	<target host="direct.ukash.com" />
diff --git a/src/chrome/content/rules/UkiahDailyJournal.com.xml b/src/chrome/content/rules/UkiahDailyJournal.com.xml
new file mode 100644
index 000000000000..d6ed122fcef9
--- /dev/null
+++ b/src/chrome/content/rules/UkiahDailyJournal.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Active mixed content:
+		- www.ukiahdailyjournal.com
+
+	Connection refused:
+		- image.ukiahdailyjournal.com
+
+	Invalid certificate:
+		- ukiahdailyjournal.com, equivalent to www.ukiahdailyjournal.com
+		- newsvideo.ukiahdailyjournal.com
+		- photos.ukiahdailyjournal.com
+
+	Redirects to HTTP:
+		- classifieds.ukiahdailyjournal.com
+-->
+
+<ruleset name="UkiahDailyJournal.com" platform="mixedcontent">
+	<target host="ukiahdailyjournal.com" />
+	<target host="www.ukiahdailyjournal.com" />
+	<target host="businessdirectory.ukiahdailyjournal.com" />
+	<target host="checkout.ukiahdailyjournal.com" />
+	<target host="extras.ukiahdailyjournal.com" />
+	<target host="myaccount.ukiahdailyjournal.com" />
+	<target host="mylocal.ukiahdailyjournal.com" />
+
+	<rule from="^http://ukiahdailyjournal\.com/"
+		to="https://www.ukiahdailyjournal.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ukrnames.com.xml b/src/chrome/content/rules/Ukrnames.com.xml
index 630f0e685e31..68e51e74a153 100644
--- a/src/chrome/content/rules/Ukrnames.com.xml
+++ b/src/chrome/content/rules/Ukrnames.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://s.ukrnames.com/ => https://s.ukrnames.com/: (28, 'Connection
 		- support.ukrnames.com
 
 -->
-<ruleset name="Ukrnames.com" default_off='failed ruleset test'>
+<ruleset name="Ukrnames.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Uksrv.co.uk.xml b/src/chrome/content/rules/Uksrv.co.uk.xml
index 22d0610c9fea..7f8b3394f493 100644
--- a/src/chrome/content/rules/Uksrv.co.uk.xml
+++ b/src/chrome/content/rules/Uksrv.co.uk.xml
@@ -1,18 +1,15 @@
 <ruleset name="uksrv.co.uk">
 
-	<target host="*.uksrv.co.uk" />
+	<target host="ceres.uksrv.co.uk" />
+	<target host="eris.uksrv.co.uk" />
+	<target host="pluto.uksrv.co.uk" />
 
 
-	<securecookie host=".+\.uksrv\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://ceres\.uksrv\.co\.uk(:2087)?/"
-		to="https://ceres.uksrv.co.uk$1/" />
 
-	<rule from="^http://eris\.uksrv\.co\.uk(:2096)?/"
-		to="https://eris.uksrv.co.uk$1/" />
 
-	<rule from="^http://pluto\.uksrv\.co\.uk/"
-		to="https://pluto.uksrv.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ulpgc.es.xml b/src/chrome/content/rules/Ulpgc.es.xml
index b7142f78f52b..0259058140cc 100644
--- a/src/chrome/content/rules/Ulpgc.es.xml
+++ b/src/chrome/content/rules/Ulpgc.es.xml
@@ -417,7 +417,7 @@ Fetch error: http://www4.ulpgc.es/ => https://www4.ulpgc.es/: (6, 'Could not res
 		* www.www.ccbb.ulpgc.es
 		* www.www.dim.ulpgc.es
 -->
-<ruleset name="ULPGC.es" default_off='failed ruleset test'>
+<ruleset name="ULPGC.es" default_off="failed ruleset test">
 
 	<target host="ulpgc.es" />
 
diff --git a/src/chrome/content/rules/Ulteo.com.xml b/src/chrome/content/rules/Ulteo.com.xml
index bdc1aa9735be..a7f13c2ff6de 100644
--- a/src/chrome/content/rules/Ulteo.com.xml
+++ b/src/chrome/content/rules/Ulteo.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.ulteo.com/ => https://www.ulteo.com/: (51, "SSL: no alte
 		spoon.ulteo.com
 
 -->
-<ruleset name="Ulteo.com" default_off='failed ruleset test'>
+<ruleset name="Ulteo.com" default_off="failed ruleset test">
 	<target host="www.ulteo.com" />
 	<target host="code.ulteo.com" />
 	<target host="docs.ulteo.com" />
diff --git a/src/chrome/content/rules/Ultimate_Boot_CD.com.xml b/src/chrome/content/rules/Ultimate_Boot_CD.com.xml
index f538577efd2a..418e926292fb 100644
--- a/src/chrome/content/rules/Ultimate_Boot_CD.com.xml
+++ b/src/chrome/content/rules/Ultimate_Boot_CD.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.ultimatebootcd.com/ => https://www.ultimatebootcd.com/:
 	* Shows www
 
 -->
-<ruleset name="Ultimate Boot CD.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Ultimate Boot CD.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UltraTools.com.xml b/src/chrome/content/rules/UltraTools.com.xml
index da199102d31e..2c1e373a7f5f 100644
--- a/src/chrome/content/rules/UltraTools.com.xml
+++ b/src/chrome/content/rules/UltraTools.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://ultratools.com/ => https://ultratools.com/: (51, "SSL: no al
 		- www.ultratools.com
 
 -->
-<ruleset name="UltraTools.com" default_off='failed ruleset test'>
+<ruleset name="UltraTools.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ultrabug.fr.xml b/src/chrome/content/rules/Ultrabug.fr.xml
new file mode 100644
index 000000000000..923be7121b23
--- /dev/null
+++ b/src/chrome/content/rules/Ultrabug.fr.xml
@@ -0,0 +1,11 @@
+<ruleset name="Ultrabug.fr">
+
+	<target host="ultrabug.fr" />
+	<target host="www.ultrabug.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ultrabug.xml b/src/chrome/content/rules/Ultrabug.xml
deleted file mode 100644
index c1bab3511538..000000000000
--- a/src/chrome/content/rules/Ultrabug.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts: ᶜ
-
-		- ultrabug.fr
-		- www.ultrabug.fr
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on www from www ˢ
-
-		- Images on www, from:
-
-			- www ˢ
-			- api.flattr.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Ultrabug.fr (false MCB)" platform="mixedcontent">
-
-	<target host="ultrabug.fr" />
-	<target host="www.ultrabug.fr" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?ultrabug\.fr$" name="^(?:PHPSESSID|start|startBAK)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ultrasawt.com.xml b/src/chrome/content/rules/Ultrasawt.com.xml
new file mode 100644
index 000000000000..2f3861be103a
--- /dev/null
+++ b/src/chrome/content/rules/Ultrasawt.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Ultrasawt.com">
+	<target host="ultrasawt.com" />
+	<target host="www.ultrasawt.com" />
+	<target host="ultrapal.ultrasawt.com" />
+	<target host="ultratunisia.ultrasawt.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Ultrasurf.us.xml b/src/chrome/content/rules/Ultrasurf.us.xml
index e772e61239d0..303854eeeefc 100644
--- a/src/chrome/content/rules/Ultrasurf.us.xml
+++ b/src/chrome/content/rules/Ultrasurf.us.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Uma.es.xml b/src/chrome/content/rules/Uma.es.xml
deleted file mode 100644
index ea83153afb5c..000000000000
--- a/src/chrome/content/rules/Uma.es.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Uma.es">
-  <target host="*.cv.uma.es" />
-  <target host="www.sci.uma.es" />
-  <target host="web.satd.uma.es" />
-
-  <rule from="^http://(?:www\.)?([^/:@\.]*)\.cv\.uma\.es/" to="https://$1.cv.uma.es/" />
-  <rule from="^http://www\.sci\.uma\.es/" to="https://www.sci.uma.es/" />
-  <rule from="^http://web\.satd\.uma\.es/" to="https://web.satd.uma.es/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Umano.me.xml b/src/chrome/content/rules/Umano.me.xml
index dd3f6020157f..7232173e01ee 100644
--- a/src/chrome/content/rules/Umano.me.xml
+++ b/src/chrome/content/rules/Umano.me.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.umano.me/ => https://www.umano.me/: (28, 'Connection tim
 		- www.umano.me
 
 -->
-<ruleset name="Umano.me" default_off='failed ruleset test'>
+<ruleset name="Umano.me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Umea_University.xml b/src/chrome/content/rules/Umea_University.xml
index 553118f2c75a..2e4d98cde996 100644
--- a/src/chrome/content/rules/Umea_University.xml
+++ b/src/chrome/content/rules/Umea_University.xml
@@ -1,51 +1,47 @@
 <!--
-	Nonfunctional subdomains:
-
-		- ftp.acc	(refused)
-		- dp.foark *
-		- www.foark *
-		- support.its **
-		- (www.)ub **
-		- ovik.ub **
-
-	* Shows RHEL test page; self-signed, CN: localhost.localdomain
-	** Dropped
-
-
-	Partially covered subdomains:
-
-		- (www.) *
-		- (www.)student *
-
-	* Some pages redirect to http
-
-
-	Fully covered subdomains:
-
-		- (www.)anstalld
-		- www.cambro
-		- cas
-		- (www.)servicedesk.its
-		- intra.ub
-
+	Non-functional hosts
+		Couldn't connect to server:
+		- dp.foark.umu.se
+
+		Timeout was reached:
+		- www.anstalld.umu.se
+		- intra.ub.umu.se
+
+		SSL peer certificate was not OK:
+		- its.umu.se
+		- student.umu.se
+		- www.student.umu.se
 -->
 <ruleset name="Umeå University (partial)">
-
 	<target host="umu.se" />
-	<target host="*.umu.se" />
-		<exclusion pattern="^http://(?:www\.)?(?:student\.)?umu\.se/(?!digitalAssets/|DownloadAsset\.action(?:$|\?)|static/)" />
-
-
-	<securecookie host="^(?:(?:www\.)?anstalld|www\.cambro|cas|(?:www\.)?servicedesk\.its)\.umu\.se$" name=".+" />
-
-
-	<rule from="^http://((?:www\.cambro|cas|intra\.ub|www)\.?)umu\.se/"
-		to="https://$1umu.se/" />
-
-	<!--	Domains for which both ^foo and www.foo
-		exist, and both work without caveat:
-							-->
-	<rule from="^http://(www\.)?(anstalld|servicesdesk\.its|student)\.umu\.se/"
-		to="https://$1$2.umu.se/" />
-
-</ruleset>
\ No newline at end of file
+	<target host="www.umu.se" />
+	
+	<target host="ftp.acc.umu.se" />
+	<target host="adfs.umu.se" />
+	
+	<target host="www.cambro.umu.se" />
+	<target host="cas.umu.se" />
+	<target host="cs.umu.se" />
+	<target host="people.cs.umu.se" />
+	<test url="http://people.cs.umu.se/virginia/" />
+	<target host="support.cs.umu.se" />
+	<target host="webapps.cs.umu.se" />
+	<target host="www.cs.umu.se" />
+	
+	<target host="foark.umu.se" />
+	<target host="www.foark.umu.se" />
+	
+	<target host="infocenter.umu.se" />
+	<target host="www.infocenter.umu.se" />
+	
+	<target host="servicedesk.its.umu.se" />
+	<target host="www.servicedesk.its.umu.se" />
+	
+	<target host="ub.umu.se" />
+	<target host="ovik.ub.umu.se" />
+	<target host="www.ub.umu.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Umsmash.com.xml b/src/chrome/content/rules/Umsmash.com.xml
new file mode 100644
index 000000000000..a0b63dce0336
--- /dev/null
+++ b/src/chrome/content/rules/Umsmash.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="Umsmash.com">
+	<target host="umsmash.com" />
+	<target host="www.umsmash.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UnRealWorld.fi.xml b/src/chrome/content/rules/UnRealWorld.fi.xml
new file mode 100644
index 000000000000..67f1a8357f69
--- /dev/null
+++ b/src/chrome/content/rules/UnRealWorld.fi.xml
@@ -0,0 +1,20 @@
+<!--
+	Mismatched:
+	- _jabber._tcp
+	- _xmpp-client._tcp
+	- _xmpp-server._tcp
+	- _sip._udp
+	- imp
+	- jabber
+	- mail
+	- pop3
+	- smtp
+	- squirrel
+	- vpn
+-->
+<ruleset name="UnRealWorld.fi">
+	<target host="unrealworld.fi" />
+	<target host="www.unrealworld.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unbit.it.xml b/src/chrome/content/rules/Unbit.it.xml
index 2ded92da4fa1..bfe3efca8763 100644
--- a/src/chrome/content/rules/Unbit.it.xml
+++ b/src/chrome/content/rules/Unbit.it.xml
@@ -5,7 +5,7 @@ Fetch error: http://wiki.unbit.it/ => https://wiki.unbit.it/: (60, 'SSL certific
 Fetch error: http://www.wiki.unbit.it/ => https://wiki.unbit.it/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Unbit.it (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Unbit.it (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -31,7 +31,7 @@ Fetch error: http://www.wiki.unbit.it/ => https://wiki.unbit.it/: (60, 'SSL cert
 		<!--	timeout		-->
 		<!--exclusion pattern="^http://(?:www\.)?packages\.unbit\.it/"/-->
 
-	<securecookie host=".+\.unbit\.it$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http://www\.(projects|wiki)\.unbit\.it/"
 		to="https://$1.unbit.it/"/>
diff --git a/src/chrome/content/rules/Unblocked.xml b/src/chrome/content/rules/Unblocked.xml
index 3ed6745c4dc1..a1334e686ee9 100644
--- a/src/chrome/content/rules/Unblocked.xml
+++ b/src/chrome/content/rules/Unblocked.xml
@@ -2,7 +2,7 @@
 	Other domains:
 		unblocked.pub
 		unblckd.biz
-		
+
 -->
 <ruleset name="Unblocked">
 
diff --git a/src/chrome/content/rules/Unblu.com.xml b/src/chrome/content/rules/Unblu.com.xml
index 176ec3e01d6b..d0bd3d8cd077 100644
--- a/src/chrome/content/rules/Unblu.com.xml
+++ b/src/chrome/content/rules/Unblu.com.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unbounce.xml b/src/chrome/content/rules/Unbounce.xml
index 27c0060ac8a9..005576e563eb 100644
--- a/src/chrome/content/rules/Unbounce.xml
+++ b/src/chrome/content/rules/Unbounce.xml
@@ -58,7 +58,7 @@ Fetch error: http://ubounce.wpengine.netdna-cdn.com/ => https://ubounce.wpengine
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Unbounce.com" default_off='failed ruleset test'>
+<ruleset name="Unbounce.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Uned.es.xml b/src/chrome/content/rules/Uned.es.xml
index 3595fce3f3d5..843aba3c043a 100644
--- a/src/chrome/content/rules/Uned.es.xml
+++ b/src/chrome/content/rules/Uned.es.xml
@@ -3,9 +3,9 @@
 	See <https://en.wikipedia.org/wiki/National_University_of_Distance_Education>.
 
 	Not supporting HTTPS or using an invalid certificate:
-	
+
 		* uned.es
-	
+
 		* 2013.cursosvirtuales.uned.es
 		* acacia.intecca.uned.es
 		* adenu.ia.uned.es
diff --git a/src/chrome/content/rules/Uneddit.xml b/src/chrome/content/rules/Uneddit.xml
index 955af0d38763..f72a77fd9b53 100644
--- a/src/chrome/content/rules/Uneddit.xml
+++ b/src/chrome/content/rules/Uneddit.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.uneddit.com/ => https://www.uneddit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.uneddit.com'")
 
 -->
-<ruleset name="Uneddit" default_off='failed ruleset test'>
+<ruleset name="Uneddit" default_off="failed ruleset test">
 	<target host="uneddit.com" />
 	<target host="www.uneddit.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ungleich.ch.xml b/src/chrome/content/rules/Ungleich.ch.xml
new file mode 100644
index 000000000000..a684a740f319
--- /dev/null
+++ b/src/chrome/content/rules/Ungleich.ch.xml
@@ -0,0 +1,13 @@
+<ruleset name="Ungleich.ch">
+	<target host="ungleich.ch" />
+	<target host="www.ungleich.ch" />
+	<target host="blog.ungleich.ch" />
+	<target host="comic.ungleich.ch" />
+	<target host="digitalebildung.ungleich.ch" />
+	<target host="redmine.ungleich.ch" />
+	<target host="shop.ungleich.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unhosted.xml b/src/chrome/content/rules/Unhosted.xml
index c49d4982bd66..c0fd0e222399 100644
--- a/src/chrome/content/rules/Unhosted.xml
+++ b/src/chrome/content/rules/Unhosted.xml
@@ -8,7 +8,7 @@ Fetch error: http://apps.unhosted.org/ => https://apps.unhosted.org/: (6, 'Could
 		- www		(self-signed)
 
 -->
-<ruleset name="Unhosted" default_off='failed ruleset test'>
+<ruleset name="Unhosted" default_off="failed ruleset test">
 
 	<target host="unhosted.org" />
 	<target host="www.unhosted.org" />
@@ -19,7 +19,7 @@ Fetch error: http://apps.unhosted.org/ => https://apps.unhosted.org/: (6, 'Could
 
 		<test url="http://unhosted.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Uni-Saarland.de.xml b/src/chrome/content/rules/Uni-Saarland.de.xml
index 79a1bee540e0..24991402094f 100644
--- a/src/chrome/content/rules/Uni-Saarland.de.xml
+++ b/src/chrome/content/rules/Uni-Saarland.de.xml
@@ -57,7 +57,34 @@
 <ruleset name="Uni-Saarland.de (partial)">
 
 	<target host="uni-saarland.de" />
-	<target host="*.uni-saarland.de" />
+	<target host="mmci.uni-saarland.de" />
+	<target host="www.uni-saarland.de" />
+	<target host="www.mmci.uni-saarland.de" />
+	<target host="www-int.coli.uni-saarland.de" />
+	<target host="epica.cs.uni-saarland.de" />
+	<target host="www-infsec.cs.uni-saarland.de" />
+	<target host="www-wjp.cs.uni-saarland.de" />
+	<target host="datscha.uni-saarland.de" />
+	<target host="www.lsf.uni-saarland.de" />
+	<target host="www.lsv.uni-saarland.de" />
+	<target host="cispa.uni-saarland.de" />
+	<target host="cs.uni-saarland.de" />
+	<target host="crypto.cs.uni-saarland.de" />
+	<target host="csl.cs.uni-saarland.de" />
+	<target host="cybersicherheit.cs.uni-saarland.de" />
+	<target host="infsec.cs.uni-saarland.de" />
+	<target host="lbs.cs.uni-saarland.de" />
+	<target host="sps.cs.uni-saarland.de" />
+	<target host="cybersicherheit.uni-saarland.de" />
+	<target host="www.cispa.uni-saarland.de" />
+	<target host="www.cs.uni-saarland.de" />
+	<target host="www.crypto.cs.uni-saarland.de" />
+	<target host="www.csl.cs.uni-saarland.de" />
+	<target host="www.cybersicherheit.cs.uni-saarland.de" />
+	<target host="www.infsec.cs.uni-saarland.de" />
+	<target host="www.lbs.cs.uni-saarland.de" />
+	<target host="www.sps.cs.uni-saarland.de" />
+	<target host="www.cybersicherheit.uni-saarland.de" />
 		<!--
 			Redirect to http:
 						-->
@@ -83,14 +110,11 @@
 	<rule from="^http://(?:www\.)?(mmci\.)?uni-saarland\.de/"
 		to="https://www.$1uni-saarland.de/" />
 
-	<rule from="^http://(www-int\.coli|(?:epica|www-infsec|www-wjp)\.cs|datscha|www\.ls[fv])\.uni-saarland\.de/"
-		to="https://$1.uni-saarland.de/" />
 
 	<!--	Domains for which both !www and www exist,
 		and both work unproblematically:
 						-->
-	<rule from="^http://(www\.)?(cispa|cs|(?:crypto|csl|cybersicherheit|infsec|lbs|sps)\.cs|cybersicherheit)\.uni-saarland\.de/"
-		to="https://$1$2.uni-saarland.de/" />
 
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Uni-Wuerzburg.de.xml b/src/chrome/content/rules/Uni-Wuerzburg.de.xml
index 4285b5ce938b..66bbf9d1114f 100644
--- a/src/chrome/content/rules/Uni-Wuerzburg.de.xml
+++ b/src/chrome/content/rules/Uni-Wuerzburg.de.xml
@@ -23,7 +23,8 @@
 -->
 <ruleset name="Uni-Wuerzburg.de (partial)">
 
-	<target host="*.uni-wuerzburg.de" />
+	<target host="mathematik.uni-wuerzburg.de" />
+	<target host="www.mathematik.uni-wuerzburg.de" />
 
 
 	<rule from="^http://(?:www\.)?mathematik\.uni-wuerzburg\.de/"
diff --git a/src/chrome/content/rules/Uni-heidelberg.de.xml b/src/chrome/content/rules/Uni-heidelberg.de.xml
index 0dd9e97afa01..523ed68e2dea 100644
--- a/src/chrome/content/rules/Uni-heidelberg.de.xml
+++ b/src/chrome/content/rules/Uni-heidelberg.de.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
   Problematic subdomains:
     -www.rzuser, see https://github.com/EFForg/https-everywhere/pull/3194
 -->
diff --git a/src/chrome/content/rules/Uni.Lu.xml b/src/chrome/content/rules/Uni.Lu.xml
index 96c1d4a17743..d007595be4d2 100644
--- a/src/chrome/content/rules/Uni.Lu.xml
+++ b/src/chrome/content/rules/Uni.Lu.xml
@@ -1,46 +1,17 @@
 <!--
-	Nonfunctional subdomains:
-
-		- (www.)? *
-		- recruitment *
-		- wwwde *
-		- wwwen *
-		- wwwfr *
-
-	* Redirects to http
-
-
-	Problematic subdomains:
-
-		- orbilu *
-
-	* Self-signed
-
-
-	Fully covered subdomains:
-
-		- hpc
-		- piwik
-
-
-	These altnames don't exist:
-
-		- orbi.uni.lu
-
-
-	Mixed content:
-
-		- Bug on orbilu from i.creativecommons.org *
-
-	* Secured by us
-
+	Non-functional hosts:
+		Incomplete certificate chain error:
+		- hpc.uni.lu
 -->
 <ruleset name="Uni.Lu (partial)">
-
-	<target host="*.uni.lui" />
-
-
-	<rule from="^http://(hpc|piwik)\.uni\.lu/"
-		to="https://$1.uni.lu/" />
-
+	<target host="uni.lu" />
+	<target host="www.uni.lu" />
+	<target host="orbilu.uni.lu" />
+	<target host="piwik.uni.lu" />
+	<target host="recruitment.uni.lu" />
+	<target host="wwwde.uni.lu" />
+	<target host="wwwen.uni.lu" />
+	<target host="wwwfr.uni.lu" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UniTech.net.xml b/src/chrome/content/rules/UniTech.net.xml
deleted file mode 100644
index 043386930c69..000000000000
--- a/src/chrome/content/rules/UniTech.net.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-			 - sso.unitech.net
-
-		Timeout was reached:
-			 - extra.unitech.net
-			 - ns.unitech.net
-			 - ns01.unitech.net
-			 - ns02.unitech.net
-			 - ns2.unitech.net
-
-		SSL connect error:
-			 - blogs.btplc.bt.unitech.net
-			 - www.irw.unitech.net
-
-		SSL peer certificate was not OK:
-			 - btbrand.bt.unitech.net
-			 - btplc.bt.unitech.net
-
-		Incomplete certificate chain error:
-			 - abs-staging.unitech.net
-
-		Different content:
-			 - stats.unitech.net
-
-		Mixed content blocking (MCB) tiggered:
-			 - btplc.unitech.net
--->
-<ruleset name="UniTech.net (partial)">
-	<target host="unitech.net" />
-	<target host="www.unitech.net" />
-	<target host="btbrand.unitech.net" />
-	<target host="mailservice.unitech.net" />
-	<target host="ucmsv2.unitech.net" />
-	<target host="ucmsv2qa.unitech.net" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Unibet_Australia.xml b/src/chrome/content/rules/Unibet_Australia.xml
index be2eec02a657..531f306b25fb 100644
--- a/src/chrome/content/rules/Unibet_Australia.xml
+++ b/src/chrome/content/rules/Unibet_Australia.xml
@@ -12,7 +12,7 @@ Fetch error: http://m.unibet.com.au/ => https://m.unibet.com.au/: (6, 'Could not
 		- .www.unibet.com.au
 
 -->
-<ruleset name="Unibet.com.au" default_off='failed ruleset test'>
+<ruleset name="Unibet.com.au" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Uniblue.xml b/src/chrome/content/rules/Uniblue.xml
deleted file mode 100644
index b9d0bcfd8bba..000000000000
--- a/src/chrome/content/rules/Uniblue.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Uniblue">
-
-	<target host="uniblue.com"/>
-	<target host="www.uniblue.com"/>
-
-	<rule from="^http://(?:www\.)?uniblue\.com/"
-		to="https://d2iq4cp2qrughe.cloudfront.net/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Unicorn-engine.org.xml b/src/chrome/content/rules/Unicorn-engine.org.xml
new file mode 100644
index 000000000000..add3abf7ee0e
--- /dev/null
+++ b/src/chrome/content/rules/Unicorn-engine.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- unicorn-engine.org, equivalent to www.unicorn-engine.org
+-->
+
+<ruleset name="Unicorn-engine.org">
+	<target host="unicorn-engine.org" />
+	<target host="www.unicorn-engine.org" />
+
+	<rule from="^http://unicorn-engine\.org/"
+		to="https://www.unicorn-engine.org/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Unified_Social.com.xml b/src/chrome/content/rules/Unified_Social.com.xml
index 9edecf3bc862..f1049edde523 100644
--- a/src/chrome/content/rules/Unified_Social.com.xml
+++ b/src/chrome/content/rules/Unified_Social.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://login.unifiedsocial.com/ => https://login.unifiedsocial.com/
 		- login.unifiedsocial.com
 
 -->
-<ruleset name="Unified Social.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Unified Social.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Unifiedtracking.com.xml b/src/chrome/content/rules/Unifiedtracking.com.xml
index 75d5fe731cc6..f318a3f81a33 100644
--- a/src/chrome/content/rules/Unifiedtracking.com.xml
+++ b/src/chrome/content/rules/Unifiedtracking.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://unifiedtracking.com/ => https://www.unifiedtracking.com/: (2
 	^unifiedtracking.com: Mismatched
 
 -->
-<ruleset name="unifiedtracking.com" default_off='failed ruleset test'>
+<ruleset name="unifiedtracking.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Unigine.xml b/src/chrome/content/rules/Unigine.xml
index 7fdaadf4833c..270d38f2310b 100644
--- a/src/chrome/content/rules/Unigine.xml
+++ b/src/chrome/content/rules/Unigine.xml
@@ -1,13 +1,14 @@
 <ruleset name="Unigine">
 
 	<target host="unigine.com" />
-	<target host="*.unigine.com" />
+	<target host="developer.unigine.com" />
+	<target host="eu4.unigine.com" />
+	<target host="www.unigine.com" />
 
 
-	<securecookie host="^(?:.*\.)?unigine\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:developer|eu4|www)\.)?unigine\.com/"
-		to="https://$1unigine.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Unikernel.org.xml b/src/chrome/content/rules/Unikernel.org.xml
deleted file mode 100644
index dc9cff1ccb3b..000000000000
--- a/src/chrome/content/rules/Unikernel.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	(www.)?unikernel.org: Dropped
-
--->
-<ruleset name="Unikernel.org (partial)">
-
-	<target host="devel.unikernel.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Unilever.xml b/src/chrome/content/rules/Unilever.xml
index cd24213f097c..fb483eb275e4 100644
--- a/src/chrome/content/rules/Unilever.xml
+++ b/src/chrome/content/rules/Unilever.xml
@@ -2,14 +2,14 @@
 
 	<!--	Akamai	-->
 	<target host="unilever.com" />
-	<target host="*.unilever.com" />
+	<target host="www.unilever.com" />
+	<target host="uimg.unilever.com" />
 
 
 	<!--	!www times out.	-->
 	<rule from="^http://(?:www\.)?unilever\.com/"
 		to="https://www.unilever.com/" />
 
-	<rule from="^http://uimg\.unilever\.com/"
-		to="https://uimg.unilever.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Uninett.xml b/src/chrome/content/rules/Uninett.xml
index d28c4817f6fc..85f94ca54f21 100644
--- a/src/chrome/content/rules/Uninett.xml
+++ b/src/chrome/content/rules/Uninett.xml
@@ -53,7 +53,7 @@ Fetch error: http://www.gn3campus.uninett.no/ => https://ow.feide.no/geantcampus
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Uninett.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Uninett.no (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UnionPay.com.xml b/src/chrome/content/rules/UnionPay.com.xml
index 9d010ceea636..aefe25bf5b4e 100644
--- a/src/chrome/content/rules/UnionPay.com.xml
+++ b/src/chrome/content/rules/UnionPay.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://ums.unionpaysecure.com/ => https://ums.unionpaysecure.com/:
 		- goldenweek.unionpayintl.com
 		- m.unionpayintl.com
 -->
-<ruleset name="UnionPay.com (partial)" default_off='failed ruleset test'>
+<ruleset name="UnionPay.com (partial)" default_off="failed ruleset test">
 	<target host="unionpay.com" />
 	<target host="www.unionpay.com" />
 
diff --git a/src/chrome/content/rules/Unique_Vintage.xml b/src/chrome/content/rules/Unique_Vintage.xml
index 3aeeed8318b1..934afd92aa32 100644
--- a/src/chrome/content/rules/Unique_Vintage.xml
+++ b/src/chrome/content/rules/Unique_Vintage.xml
@@ -1,7 +1,7 @@
 <ruleset name="Unique Vintage">
 
 	<target host="unique-vintage.com" />
-	<target host="*.unique-vintage.com" />
+	<target host="www.unique-vintage.com" />
 
 
 	<securecookie host="^\.unique-vintage\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Unisend.com.mx.xml b/src/chrome/content/rules/Unisend.com.mx.xml
deleted file mode 100644
index 7fd7a4e89cc1..000000000000
--- a/src/chrome/content/rules/Unisend.com.mx.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- .unisend.com.mx
-
--->
-<ruleset name="Unisend.com.mx">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="unisend.com.mx" />
-	<target host="www.unisend.com.mx" />
-
-
-	<!--	CloudFlare cookies:
-					-->
-	<!--securecookie host="^\.unisend\.com\.mx$" name="^(?:__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.unisend\.com\.mx$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Unister.xml b/src/chrome/content/rules/Unister.xml
deleted file mode 100644
index ed79cfad5b29..000000000000
--- a/src/chrome/content/rules/Unister.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Unister">
-<target host="m.unister-adservices.com" />
-<target host="static.unister-adservices.com" />
-<target host="w.unister-adservices.com" />
-
-<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Unisys.com.xml b/src/chrome/content/rules/Unisys.com.xml
index 022ebcdc034a..51084b077e45 100644
--- a/src/chrome/content/rules/Unisys.com.xml
+++ b/src/chrome/content/rules/Unisys.com.xml
@@ -18,14 +18,15 @@
 -->
 <ruleset name="Unisys.com (partial)">
 
-	<target host="*.unisys.com" />
+	<target host="www.app3.unisys.com" />
+	<!--target host="infoselect.unisys.com" /-->
+	<target host="www.support.unisys.com" />
 		<!--exclusion pattern="^http://(blogs|public\.support|webcast|www)\.unisys\.com/" /-->
 
 
 	<securecookie host="^www\.support\.unisys\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.app3|infoselect|www\.support)\.unisys\.com/"
-		to="https://$1.unisys.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United-Internet.xml b/src/chrome/content/rules/United-Internet.xml
index d6d19e498128..604f3deb75aa 100644
--- a/src/chrome/content/rules/United-Internet.xml
+++ b/src/chrome/content/rules/United-Internet.xml
@@ -10,6 +10,7 @@
 		- Corpimages.de.xml
 		- GMX.xml
 		- initial-website.com.xml
+		- oneandone.net.xml
 		- perfora.net
 		- tifbs.net.xml
 		- Top.de.xml
diff --git a/src/chrome/content/rules/United-Nuclear-Scientific.xml b/src/chrome/content/rules/United-Nuclear-Scientific.xml
index 2f6174ca52c7..c4a78ec305d6 100644
--- a/src/chrome/content/rules/United-Nuclear-Scientific.xml
+++ b/src/chrome/content/rules/United-Nuclear-Scientific.xml
@@ -3,10 +3,10 @@
 	<target host="unitednuclear.com" />
 	<target host="www.unitednuclear.com" />
 	<!--	* for cross-domain cookies.	-->
-	
 
 
-	<securecookie host="^(?:.*\.)?unitednuclear\.com$" name=".+" />
+
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/United-San-Antonio-Fed-Credit-Union.xml b/src/chrome/content/rules/United-San-Antonio-Fed-Credit-Union.xml
deleted file mode 100644
index 31ee060d8bed..000000000000
--- a/src/chrome/content/rules/United-San-Antonio-Fed-Credit-Union.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="United San Antonio Federal Credit Union">
-
-	<target host="unitedsafcu.org" />
-	<target host="*.unitedsafcu.org" />
-
-
-	<securecookie host="^\.?unitedsafcu\.org$" name=".+" />
-
-
-	<!--	Accessing https://unitedsafcu.org/ does not seem to work.	-->
-	<rule from="^http://unitedsafcu\.org/"
-		to="https://www.unitedsafcu.org/" />
-
-	<rule from="^http://([\w\-]+)\.unitedsafcu\.org/"
-		to="https://$1.unitedsafcu.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/United-States-Department-of-Agriculture.xml b/src/chrome/content/rules/United-States-Department-of-Agriculture.xml
index 7b71282798d5..4ec6ac7eb5cb 100644
--- a/src/chrome/content/rules/United-States-Department-of-Agriculture.xml
+++ b/src/chrome/content/rules/United-States-Department-of-Agriculture.xml
@@ -99,7 +99,7 @@ Fetch error: http://my.usda.gov/ => https://my.usda.gov/: (35, 'Unknown SSL prot
 	* Secured by us
 
 -->
-<ruleset name="USDA.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="USDA.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/United-States-Department-of-Energy.xml b/src/chrome/content/rules/United-States-Department-of-Energy.xml
index eb5a23f06174..dc5e95bdca62 100644
--- a/src/chrome/content/rules/United-States-Department-of-Energy.xml
+++ b/src/chrome/content/rules/United-States-Department-of-Energy.xml
@@ -11,7 +11,10 @@
 -->
 <ruleset name="United States Department of Energy (partial)">
 
-	<target host="*.doe.gov" />
+	<target host="directives.doe.gov" />
+	<target host="www.directives.doe.gov" />
+	<target host="hss.doe.gov" />
+	<target host="www.hss.doe.gov" />
 
 
 	<securecookie host="^(?:www\.)?directives\.doe\.gov$" name=".+" />
diff --git a/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml b/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml
index 02fada26172b..6ece8e3a1376 100644
--- a/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml
+++ b/src/chrome/content/rules/United-States-Nuclear-Regulatory-Commission.xml
@@ -17,7 +17,7 @@
 	ᵐ Mismatched
 
 -->
-<ruleset name="NRC.gov" default_off="missing certificate chain">
+<ruleset name="NRC.gov" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/United_Acquisition_Services.xml b/src/chrome/content/rules/United_Acquisition_Services.xml
index 9f8e0f4cc8e2..3e7616748c88 100644
--- a/src/chrome/content/rules/United_Acquisition_Services.xml
+++ b/src/chrome/content/rules/United_Acquisition_Services.xml
@@ -10,11 +10,11 @@ Fetch error: http://mail.uas.biz/ => https://mail.uas.biz/: (28, 'Connection tim
 		- (www.)	(shows mail; mismatched, CN: mail.uas.biz)
 
 -->
-<ruleset name="United Acquisition Services (partial)" default_off='failed ruleset test'>
+<ruleset name="United Acquisition Services (partial)" default_off="failed ruleset test">
 
 	<target host="mail.uas.biz" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml b/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml
index 07cd5a63ca52..ceee64676c22 100644
--- a/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml
+++ b/src/chrome/content/rules/United_Nations_Office_at_Vienna.xml
@@ -22,4 +22,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Republic.xml b/src/chrome/content/rules/United_Republic.xml
index 3392d1cb0755..bd6f862f2116 100644
--- a/src/chrome/content/rules/United_Republic.xml
+++ b/src/chrome/content/rules/United_Republic.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://(www\.)?unitedrepublic\.org/(donate(?:$|\?|/)|wp-content/)"
 		to="https://$1unitedrepublic.org/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/United_Stationers.xml b/src/chrome/content/rules/United_Stationers.xml
index 8d8a075a272e..38bdfc99fdc8 100644
--- a/src/chrome/content/rules/United_Stationers.xml
+++ b/src/chrome/content/rules/United_Stationers.xml
@@ -1,23 +1,24 @@
 <ruleset name="United Stationers (partial)">
 
 	<target host="oppictures.com" />
-	<target host="*.oppictures.com" />
+	<target host="content.oppictures.com" />
+	<target host="marketingassets.oppictures.com" />
+	<target host="www.oppictures.com" />
 	<target host="ussco.com" />
-	<target host="*.ussco.com" />
+	<target host="www.ussco.com" />
+	<target host="login.ussco.com" />
+	<target host="sso.ussco.com" />
 
 
 	<securecookie host="^.+\.ussco\.com$" name=".+" />
 
 
-	<rule from="^http://(content\.|marketingassets\.|www\.)?oppictures\.com/"
-		to="https://$1oppictures.com/" />
 
 	<!--	Cert only matches www.
 					-->
 	<rule from="^http://(?:www\.)?ussco\.com/"
 		to="https://www.ussco.com/" />
 
-	<rule from="^http://(login|sso)\.ussco\.com/"
-		to="https://$1.ussco.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Unitn.it.xml b/src/chrome/content/rules/Unitn.it.xml
index abfe5f6c0c35..754116f5713b 100644
--- a/src/chrome/content/rules/Unitn.it.xml
+++ b/src/chrome/content/rules/Unitn.it.xml
@@ -26,4 +26,4 @@
 
 	<rule from="^http://(cimec\.|economia\.)?unitn\.it/" to="https://www.$1unitn.it/" />
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Univ-Montp3.fr.xml b/src/chrome/content/rules/Univ-Montp3.fr.xml
index 08fe2d8b7f04..6e0359a451c2 100644
--- a/src/chrome/content/rules/Univ-Montp3.fr.xml
+++ b/src/chrome/content/rules/Univ-Montp3.fr.xml
@@ -19,9 +19,9 @@ Fetch error: http://gt5-jres2015.univ-montp3.fr/ => https://gt5-jres2015.univ-mo
 		- css on gt5-jres2015 from fonts.googleapis.com *
 
 	* Secured by us
-	
+
 -->
-<ruleset name="Univ-Montp3.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="Univ-Montp3.fr (partial)" default_off="failed ruleset test">
 
 	<target host="gt5-jres2015.univ-montp3.fr" />
 
diff --git a/src/chrome/content/rules/Univention.de.xml b/src/chrome/content/rules/Univention.de.xml
index 817d33ad94e6..8965b60f8e30 100644
--- a/src/chrome/content/rules/Univention.de.xml
+++ b/src/chrome/content/rules/Univention.de.xml
@@ -45,13 +45,13 @@
 
 	<rule from="^http://piwik\.univention\.de/"
 		to="https://www.piwik.univention.de/" />
-		
+
 	<rule from="^http://forge\.univention\.de/"
 		to="https://forge.univention.org/" />
-	
+
 	<rule from="^http://apt\.univention\.de/"
 		to="https://updates.software-univention.de/" />
-	
+
 	<rule from="^http://download\.univention\.de/"
 		to="https://updates.software-univention.de/" />
 
diff --git a/src/chrome/content/rules/UniversalSubtitles.xml b/src/chrome/content/rules/UniversalSubtitles.xml
deleted file mode 100644
index b16fd89c2afd..000000000000
--- a/src/chrome/content/rules/UniversalSubtitles.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://universalsubtitles.org/ => https://www.universalsubtitles.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.universalsubtitles.org'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://universalsubtitles.org/ => https://www.universalsubtitles.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.universalsubtitles.org'")
--->
-<ruleset name="Universal Subtitles" default_off='failed ruleset test'>
-  <target host="universalsubtitles.org" />
-  <target host="*.universalsubtitles.org" />
-
-  <rule from="^http://universalsubtitles\.org/"
-          to="https://www.universalsubtitles.org/" />
-  <rule from="^http://(blog|www)\.universalsubtitles\.org/"
-          to="https://$1.universalsubtitles.org/" />
-  <rule from="^http://s3\.www\.universalsubtitles\.org/"
-	  to="https://s3.amazonaws.com/s3.www.universalsubtitles.org/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Universite_Laval.xml b/src/chrome/content/rules/Universite_Laval.xml
index acabc74eb57c..aa75feddd6c1 100644
--- a/src/chrome/content/rules/Universite_Laval.xml
+++ b/src/chrome/content/rules/Universite_Laval.xml
@@ -69,18 +69,18 @@ Fetch error: http://www.viraj.ulaval.ca/ => https://www.viraj.ulaval.ca/: (60, '
 	² Expired
 
 -->
-<ruleset name="Universit&#233; Laval (partial)" default_off='failed ruleset test'>
+<ruleset name="Universit&#233; Laval (partial)" default_off="failed ruleset test">
 	<target host="ulaval.ca" />
 	<target host="www.ulaval.ca" />
 	<target host="www2.ulaval.ca" />
-  
+
 <!-- Subdomains - A to Z -->
-  
+
 	<!-- act -->
-	<target host="www.act.ulaval.ca" /> 
+	<target host="www.act.ulaval.ca" />
 
 	<!-- aide -->
-	<!--target host="www.aide.ulaval.ca" /-->  
+	<!--target host="www.aide.ulaval.ca" /-->
 
 	<!-- ant -->
 	<target host="www.ant.ulaval.ca" />
@@ -106,29 +106,29 @@ Fetch error: http://www.viraj.ulaval.ca/ => https://www.viraj.ulaval.ca/: (60, '
 	<target host="www.bve.ulaval.ca" />
 	<target host="www.galerievirtuelle.bve.ulaval.ca" />
 
-	<!-- capsuleweb --> 
+	<!-- capsuleweb -->
 	<target host="capsuleweb.ulaval.ca" />
 
-	<!-- connect -->  
+	<!-- connect -->
 	<target host="connect.ulaval.ca" />
 
-	<!-- dti --> 
+	<!-- dti -->
 	<target host="www.dti.ulaval.ca" />
 
-	<!-- ecn--> 
+	<!-- ecn-->
 	<!--target host="leel.ecn.ulaval.ca" /-->
 	<target host="questionnaires.ecn.ulaval.ca" />
 	<target host="www.ecn.ulaval.ca" />
 	<target host="www.questionnaires.ecn.ulaval.ca" />
 
-	<!-- esad --> 
-	<target host="esad.ulaval.ca" /> 
+	<!-- esad -->
+	<target host="esad.ulaval.ca" />
 	<target host="www.esad.ulaval.ca" />
 
-	<!-- exchange --> 
-	<target host="exchange.ulaval.ca" /> 
+	<!-- exchange -->
+	<target host="exchange.ulaval.ca" />
 
-	<!-- fd -->  
+	<!-- fd -->
 	<target host="fd.ulaval.ca" />
 	<target host="modules.fd.ulaval.ca" />
 	<target host="www.cahiersdedroit.fd.ulaval.ca" />
@@ -136,23 +136,23 @@ Fetch error: http://www.viraj.ulaval.ca/ => https://www.viraj.ulaval.ca/: (60, '
 	<target host="www.fd.ulaval.ca" />
 	<!--target host="www.modules.fd.ulaval.ca" /-->
 
-	<!-- fesp--> 
+	<!-- fesp-->
 	<!--target host="fesp.ulaval.ca" /-->
 	<!--target host="www.fesp.ulaval.ca" /-->
 
-	<!-- ffgg --> 
+	<!-- ffgg -->
 	<target host="ffgg.ulaval.ca" />
 	<target host="www.ffgg.ulaval.ca" />
 
 	<!-- fmed - js and css do not load on main site but some subdomains work-->
-	<target host="extranet.fmed.ulaval.ca" /> 
+	<target host="extranet.fmed.ulaval.ca" />
 	<target host="infocritique.fmed.ulaval.ca" />
 	<target host="www.intranet.fmed.ulaval.ca" />
-	
+
 	<!-- fsaa - self signed certificate on main site but some subdomains work-->
 	<target host="phytopedia.fsaa.ulaval.ca" />
 	<target host="simulab.fsaa.ulaval.ca" />
-	
+
 	<!-- fsg -->
 	<target host="pixel.fsg.ulaval.ca" />
 	<target host="www.fsg.ulaval.ca" />
@@ -176,25 +176,25 @@ Fetch error: http://www.viraj.ulaval.ca/ => https://www.viraj.ulaval.ca/: (60, '
 	<target host="monarc.ift.ulaval.ca" />
 	<target host="www.ift.ulaval.ca" />
 
-	<!-- oraweb --> 
+	<!-- oraweb -->
 	<target host="oraweb.ulaval.ca" />
 
-	<!-- pha --> 
+	<!-- pha -->
 	<target host="pha.ulaval.ca" />
 	<target host="pharmacievirtuelle.pha.ulaval.ca" />
 	<target host="www.pha.ulaval.ca" />
 	<target host="www.pharmacievirtuelle.pha.ulaval.ca" />
 
-	<!-- pol --> 
+	<!-- pol -->
 	<target host="www.map.pol.ulaval.ca" />
 	<target host="www.perfeval.pol.ulaval.ca" />
 	<target host="www.pol.ulaval.ca" />
 
-	<!-- portaildescours --> 
+	<!-- portaildescours -->
 	<target host="portaildescours.ulaval.ca" />
 	<target host="www.portaildescours.ulaval.ca" />
 
-	<!-- psy --> 
+	<!-- psy -->
 	<target host="www.perception.psy.ulaval.ca" />
 	<target host="www.psy.ulaval.ca" />
 	<target host="www.tfp-quebec.psy.ulaval.ca" />
@@ -222,15 +222,15 @@ Fetch error: http://www.viraj.ulaval.ca/ => https://www.viraj.ulaval.ca/: (60, '
 
 	<!-- svs -->
 	<target host="www.svs.ulaval.ca" />
-	<target host="www.protocolesevaluation.svs.ulaval.ca" /> 
+	<target host="www.protocolesevaluation.svs.ulaval.ca" />
 
 	<!-- viraj -->
 	<!--target host="viraj.ulaval.ca" /-->
-	<target host="www.viraj.ulaval.ca" /> 
-  
-  
-	<!-- 	Secure cookies seem to cause issues on some sub-domains 
-	(such as pages not loading) but more testing is needed to see what 
+	<target host="www.viraj.ulaval.ca" />
+
+
+	<!-- 	Secure cookies seem to cause issues on some sub-domains
+	(such as pages not loading) but more testing is needed to see what
 	sub-domains are affected.
 	-->
 	<securecookie host="authentification\.ulaval\.ca$" name=".+" />
diff --git a/src/chrome/content/rules/Universite_catholique_de_Louvain.xml b/src/chrome/content/rules/Universite_catholique_de_Louvain.xml
index a9e42136f068..d0793c60d746 100644
--- a/src/chrome/content/rules/Universite_catholique_de_Louvain.xml
+++ b/src/chrome/content/rules/Universite_catholique_de_Louvain.xml
@@ -36,24 +36,28 @@
 -->
 <ruleset name="Université catholique de Louvain">
 
-	<target host="*.sipr.ucl.ac.be" />
+	<target host="listes-1.sipr.ucl.ac.be" />
+	<target host="listes-2.sipr.ucl.ac.be" />
+	<target host="listes-3.sipr.ucl.ac.be" />
 	<target host="uclouvain.be" />
-	<target host="*.uclouvain.be" />
+	<target host="www.uclouvain.be" />
+	<target host="mysqladm.uclouvain.be" />
+	<target host="perso.uclouvain.be" />
+	<target host="sites.uclouvain.be" />
+	<target host="tools.uclouvain.be" />
+	<target host="webhost-test.uclouvain.be" />
 
 
 	<securecookie host="^listes-[123]\.sipr\.ucl\.ac\.be$" name=".+" />
 	<securecookie host="^(?:mysqladm|www)\.uclouvain\.be$" name=".+" />
 
 
-	<rule from="^http://listes-([123])\.sipr\.ucl\.ac\.be/"
-		to="https://listes-$1.sipr.ucl.ac.be/" />
 
 	<!--	Cert only matches www.
 					-->
 	<rule from="^http://(?:www\.)?uclouvain\.be/"
 		to="https://www.uclouvain.be/" />
 
-	<rule from="^http://(mysqladm|perso|sites|tools|webhost-test)\.uclouvain\.be/"
-		to="https://$1.uclouvain.be/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-Illinois-at-Chicago.xml b/src/chrome/content/rules/University-Illinois-at-Chicago.xml
index e8d050c71e23..2af7f5f03cd1 100644
--- a/src/chrome/content/rules/University-Illinois-at-Chicago.xml
+++ b/src/chrome/content/rules/University-Illinois-at-Chicago.xml
@@ -68,7 +68,7 @@ Fetch error: http://www2.uic.edu/ => https://www2.uic.edu/: (60, 'SSL certificat
 	* Secured by us
 
 -->
-<ruleset name="UIC.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UIC.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University-of-Alaska-Anchorage.xml b/src/chrome/content/rules/University-of-Alaska-Anchorage.xml
deleted file mode 100644
index 987b0dca0124..000000000000
--- a/src/chrome/content/rules/University-of-Alaska-Anchorage.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Unsupported subdomains:
-		bookstore	(times out)
-		callcenter	(no public access)
-		edit		(cannot connect to server)
-		elive		(cannot connect to server)
-		greenandgold	(Mismatch)
-		lib		(Mismatch)
-		math	(self-signed cert is for spangolite.ua.ad.alaska.edu)
-		phb		(cannot connect to server)
-		student	(403)
-		techsupport.uaa.alaska.edu	(Mismatch)
-		webaccess.uaa.alaska.edu	(Mismatch)
-		webmail		(different HTTP vs HTTPS content)
-		edit.www.uaa.alaska.edu		(cannot connect to server)
--->
-<ruleset name="University-of-Alaska-Anchorage (partial)">
-	<target host="classes.uaa.alaska.edu" />
-	<target host="coe.uaa.alaska.edu" />
-	<target host="fpgis.uaa.alaska.edu" />
-	<target host="hosting.uaa.alaska.edu" />
-	<target host="kb.uaa.alaska.edu" />
-	<target host="me.uaa.alaska.edu" />
-	<target host="moodle.uaa.alaska.edu" />
-	<target host="owa.uaa.alaska.edu" />
-	<target host="technology.uaa.alaska.edu" />
-	<target host="womens.uaa.alaska.edu" />
-	<target host="www.uaa.alaska.edu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Alaska.xml b/src/chrome/content/rules/University-of-Alaska.xml
deleted file mode 100644
index 04c6f52e4fed..000000000000
--- a/src/chrome/content/rules/University-of-Alaska.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://biotech.inbre.alaska.edu/ => https://biotech.inbre.alaska.edu/: (60, 'SSL certificate problem: certificate has expired')
-
-	Nonfunctional subdomains:
-
-		- greenandgold.uaa	(record_too_long)
-		- krua.uaa *
-		- lib.uaa		(mismatched, CN: *.consortiumlibrary.org)
-		- technology.uaa	(shows www.uaa)
-		- webmail.uaa *
-
-	* Prints "Welcome to the Technology Site"
-
-
-	Problematic subdomains:
-
-		- uaa		(cert only matches *.uaa)
-		- www.uas	(works, expired, self-signed)
-
--->
-<ruleset name="University of Alaska (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="alaska.edu" />
-	<target host="*.alaska.edu" />
-
-
-	<securecookie host="^www\.uaa\.alaska\.edu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?(uaa\.)?alaska\.edu/"
-		to="https://www.$1alaska.edu/" />
-
-	<rule from="^http://(authserv|(?:www\.)?(avo|uaonline)|cirt|edir|elmo|email|biotech\.inbre|lists|service|(?:swf|uaf)-1\.vpn|yukon)\.alaska\.edu/"
-		to="https://$1.alaska.edu/" />
-
-	<rule from="^http://lib\.uaa\.alaska\.edu/"
-		to="https://consortiumlibrary.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml b/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml
index 8644dd64548f..d550f5bb9753 100644
--- a/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml
+++ b/src/chrome/content/rules/University-of-Applied-Sciences-Rapperswil.xml
@@ -5,7 +5,8 @@
 <ruleset name="University of Applied Sciences Rapperswil">
 
 	<target host="hsr.ch" />
-	<target host="*.hsr.ch" />
+	<target host="www.hsr.ch" />
+	<target host="log.hsr.ch" />
 
 
 	<securecookie host="^www\.hsr\.ch$" name=".+" />
@@ -15,7 +16,6 @@
 	<rule from="^http://(?:www\.)?hsr\.ch/"
 		to="https://www.hsr.ch/" />
 
-	<rule from="^http://log\.hsr\.ch/"
-		to="https://log.hsr.ch/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Bern.xml b/src/chrome/content/rules/University-of-Bern.xml
index f5b62bd1ed5c..4414caee5460 100644
--- a/src/chrome/content/rules/University-of-Bern.xml
+++ b/src/chrome/content/rules/University-of-Bern.xml
@@ -12,16 +12,34 @@
 -->
 <ruleset name="University of Bern (partial)">
 
-	<target host="*.unibe.ch" />
-
-
-	<securecookie host="^.*\.unibe\.ch$" name=".+" />
+	<target host="cmslive3.unibe.ch" />
+	<target host="www.kommunikation.unibe.ch" />
+	<target host="www.philhist.unibe.ch" />
+	<target host="www.philhum.unibe.ch" />
+	<target host="www.philnat.unibe.ch" />
+	<target host="www.psy.unibe.ch" />
+	<target host="www.rechtswissenschaft.unibe.ch" />
+	<target host="www.risiko.unibe.ch" />
+	<target host="www.uniaktuell.unibe.ch" />
+	<target host="www.vetsuisse.unibe.ch" />
+	<target host="www.wiso.unibe.ch" />
+	<target host="www.zuw.unibe.ch" />
+	<target host="id.unibe.ch" />
+	<target host="medizin.unibe.ch" />
+	<target host="ub.unibe.ch" />
+	<target host="www.id.unibe.ch" />
+	<target host="www.medizin.unibe.ch" />
+	<target host="www.ub.unibe.ch" />
+	<target host="www.medienmitteilungen.unibe.ch" />
+	<target host="www.unilink.unibe.ch" />
+	<target host="www.unipress.unibe.ch" />
+
+
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	For domains within this nested atom, !www doesn't exist.
 			-->
-	<rule from="^http://(cmslive3|www\.(?:kommunikation|phil(?:hist|hum|nat)|psy|rechtswissenschaft|risiko|uniaktuell|vetsuisse|wiso|zuw))\.unibe\.ch/"
-		to="https://$1.unibe.ch/" />
 
 	<!--
 		//id & //medizin:
@@ -53,4 +71,5 @@
 	<rule from="^http://www\.uni(link|press)\.unibe\.ch/"
 		to="https://www.kommunikation.unibe.ch/content/publikationen/uni$1/index_ger.html" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-California-Berkeley.xml b/src/chrome/content/rules/University-of-California-Berkeley.xml
index a9c1f95e26e1..88be89d5e368 100644
--- a/src/chrome/content/rules/University-of-California-Berkeley.xml
+++ b/src/chrome/content/rules/University-of-California-Berkeley.xml
@@ -10,33 +10,24 @@
 		- blog.admissions	Redirects to www.ocf.berkeley.edu
 		- bdrive		    Handshake fails
 		- beartracks-new  ¹
-		- calparents		200 "No access to the calparents SSL site available"
 		- e-news		    Shows www.berkeley.edu
+		- icsi            ¹, equivalent to www.icsi
 		- mailman.icsi    ¹
 		- ls			    200 "Site not found"
-		- puppet          ²
-		- puppet.ocf      ²
 		- research		    Shows blank tree
-		- urshare-prod1.urel ²
-		- visit ³
-		- visitors ³
-		- wikihub-new     ¹
+		- visit           ²
+		- visitors        ²
 
 	¹ Refused
-	² Dropped
-	³ Redirects to HTTP
+	² Redirects to HTTP
 
 	Problematic hosts in *berkeley.edu:
 		- asterix       *
 		- beartalk      ᴵ
-		- diversity     *
 		- www.give      *
 		- www.givetocal *
-		- haasawards    *
 		- journalism    ᴵ
 		- newstudents   *
-		- or            *
-		- pt            *
 		- students      *
 		- visitors      *
 
@@ -51,7 +42,7 @@
 
 	Mixed content:
 
-		- css on (www.)?notary.icsi, news, visit from fonts.googleapis.com *
+		- css on news, visit from fonts.googleapis.com *
 
 		- Images, on:
 
@@ -61,87 +52,125 @@
 		- Bug on events from s7.addthis.com *
 
 	* Secured by us
-
 -->
+
 <ruleset name="Berkeley.edu (partial)">
 
-	<!--	Direct rewrites:
-				-->
+	<!-- Direct rewrites -->
+	
 	<target host="berkeley.edu" />
+	<target host="www.berkeley.edu" />
+	<target host="admissions.berkeley.edu" />
 	<target host="apply.berkeley.edu" />
-	<target host="atcal.berkeley.edu" />
-	<target host="auth-key.berkeley.edu" />
 	<target host="auth.berkeley.edu" />
-	<target host="beartracks-new.berkeley.edu" />
-	<target host="beartracks.berkeley.edu" />
-	<target host="blu.berkeley.edu" />
-	<target host="blu.is.berkeley.edu" />
+	<target host="awards.berkeley.edu" />
+	<target host="bids.berkeley.edu" />
+	<target host="bitn.berkeley.edu" />
 	<target host="boinc.berkeley.edu" />
 	<target host="bconnected.berkeley.edu" />
 	<target host="bcourses.berkeley.edu" />
-	<target host="bspace.berkeley.edu" />
+	<target host="bioeng.berkeley.edu" />
 	<target host="cal.berkeley.edu" />
+	<target host="cal1card.berkeley.edu" />
 	<target host="calcentral.berkeley.edu" />
 	<target host="calfutures.berkeley.edu" />
 	<target host="callink.berkeley.edu" />
 	<target host="calmail.berkeley.edu" />
 	<target host="calmessages.berkeley.edu" />
 	<target host="calnet.berkeley.edu" />
+	<target host="calparents.berkeley.edu" />
 	<target host="career.berkeley.edu" />
+	<target host="comfort.cbe.berkeley.edu" />
 	<target host="ccc.berkeley.edu" />
 	<target host="commencement.berkeley.edu" />
-	<target host="convio.berkeley.edu" />
+	<target host="course.berkeley.edu" />
+	<target host="datascience.berkeley.edu" />
 	<target host="developer.berkeley.edu" />
+	<target host="diversity.berkeley.edu" />
+	<target host="econ.berkeley.edu" />
+	<target host="www.econ.berkeley.edu" />
+	<target host="eps.berkeley.edu" />
+	<target host="eop.berkeley.edu" />
 	<target host="eureka.berkeley.edu" />
 	<target host="events.berkeley.edu" />
+	<target host="extension.berkeley.edu" />
 	<target host="fellowship.berkeley.edu" />
 	<target host="foundation.berkeley.edu" />
+	<target host="financialaid.berkeley.edu" />
+	<target host="greatergood.berkeley.edu" />
 	<target host="give.berkeley.edu" />
+	<target host="www.give.berkeley.edu" />
 	<target host="givetocal.berkeley.edu" />
+	<target host="ghes.berkeley.edu" />
+	<target host="graduation.berkeley.edu" />
 	<target host="gspp.berkeley.edu" />
+	<target host="kalx.berkeley.edu" />
+	<target host="www.kalx.berkeley.edu" />
+	<target host="haas.berkeley.edu" />
+	<target host="housing.berkeley.edu" />
+	<target host="ist.berkeley.edu" />
+	<target host="law.berkeley.edu" />
+	<target host="www.law.berkeley.edu" />
+	<target host="loyal.berkeley.edu" />
+	<target host="ls.berkeley.edu" />
+	<target host="mba.haas.berkeley.edu" />
+	<target host="me.berkeley.edu" />
+	<target host="met.berkeley.edu" />
+	<target host="myshake.berkeley.edu" />
+	<target host="or.berkeley.edu" />
+	<target host="pt.berkeley.edu" />
+	<target host="recsports.berkeley.edu" />
+	<target host="registrar.berkeley.edu" />
+	<target host="research.berkeley.edu" />
+	<target host="sa.berkeley.edu" />
 	<target host="setiathome.berkeley.edu" />
-
-	<target host="notary.icsi.berkeley.edu" />
-	<target host="www.notary.icsi.berkeley.edu" />
-	<target host="www.icsi.berkeley.edu" />
-
+	<target host="simons.berkeley.edu" />
+	<target host="skydeck.berkeley.edu" />
+	<target host="shift.berkeley.edu" />
+	<target host="stories.lib.berkeley.edu" />
+	<target host="svsh.berkeley.edu" />
+	<target host="ies.berkeley.edu" />
 	<target host="ihouseonline.berkeley.edu" />
-	<target host="inews.berkeley.edu" />
 	<target host="international.berkeley.edu" />
-	<target host="kb.berkeley.edu" />
+	<target host="miller.berkeley.edu" />
 	<target host="nature.berkeley.edu" />
 	<target host="netreg.berkeley.edu" />
-	<target host="static.ocf.berkeley.edu" />
+	<target host="news.berkeley.edu" />
 	<target host="oskicatp.berkeley.edu" />
+	<target host="publichealth.berkeley.edu" />
 	<target host="scholarship.berkeley.edu" />
+	<target host="security.berkeley.edu" />
 	<target host="seniors.berkeley.edu" />
 	<target host="services.housing.berkeley.edu" />
-	<target host="wikihub-new.berkeley.edu" />
+	<target host="teaching.berkeley.edu" />
 	<target host="wikihub.berkeley.edu" />
-	<target host="www.berkeley.edu" />
+
+	<!-- International Computer Science Institute -->
+	<target host="www.icsi.berkeley.edu" />
+	<target host="notary.icsi.berkeley.edu" />
+	<target host="www.notary.icsi.berkeley.edu" />
 
 	<!-- Open Computing Facility -->
+	<target host="ocf.berkeley.edu" />
+	<target host="www.ocf.berkeley.edu" />
 	<target host="accounts.ocf.berkeley.edu" />
 	<target host="docs.ocf.berkeley.edu" />
 	<target host="mirrors.ocf.berkeley.edu" />
 	<target host="pma.ocf.berkeley.edu" />
+	<target host="puppet.ocf.berkeley.edu" />
 	<target host="rt.ocf.berkeley.edu" />
 	<target host="ssh.ocf.berkeley.edu" />
+	<target host="static.ocf.berkeley.edu" />
 	<target host="wiki.ocf.berkeley.edu" />
-	<target host="www.ocf.berkeley.edu" />
-
-	<!-- Security -->
-	<target host="security.berkeley.edu" />
-
-	<!-- IST -->
-	<target host="ist.berkeley.edu" />
-
 
 	<!-- University Relations -->
+	<target host="urel.berkeley.edu" />
+	<target host="cd.urel.berkeley.edu" />
 	<target host="wiki.urel.berkeley.edu" />
 
 	<!-- Department of Agriculture and Resource Economics -->
 	<target host="are.berkeley.edu" />
+	<target host="www.are.berkeley.edu" />
 
 	<!-- College of Natural Resources -->
 	<target host="cnr.berkeley.edu" />
@@ -149,74 +178,23 @@
 	<target host="www.cnr.berkeley.edu" />
 
 	<!-- EECS and CS -->
+	<target host="cs.berkeley.edu" />
+	<target host="www.cs.berkeley.edu" />
 	<target host="autoconfig.cs.berkeley.edu" />
-	<target host="autoconfig.eecs.berkeley.edu" />
 	<target host="autodiscover.cs.berkeley.edu" />
+	<target host="eecs.berkeley.edu" />
+	<target host="www.eecs.berkeley.edu" />
+	<target host="autoconfig.eecs.berkeley.edu" />
 	<target host="autodiscover.eecs.berkeley.edu" />
 	<target host="buffy.eecs.berkeley.edu" />
 	<target host="chisel.eecs.berkeley.edu" />
 	<target host="hkn.eecs.berkeley.edu" />
-	<target host="www.cs.berkeley.edu" />
-	<target host="www.eecs.berkeley.edu" />
 
-	<!--	Complications:
-				-->
-	<target host="www.are.berkeley.edu" />
+	<!-- Complications -->
 	<target host="bmail.berkeley.edu" />
-	<target host="cal1card.berkeley.edu" />
 	<target host="callcenter.berkeley.edu" />
-	<target host="cs.berkeley.edu" />
-	<target host="eecs.berkeley.edu" />
-	<target host="www.give.berkeley.edu" />
-	<target host="graduation.berkeley.edu" />
+	<target host="icsi.berkeley.edu" />
 	<target host="mirrors.berkeley.edu" />
-	<target host="ocf.berkeley.edu" />
-
-		<!--	Only the root of these subdomains is guaranteed compatible
-			with a HTTPS redirect, so we exclude other paths:
-									-->
-		<exclusion pattern="^http://(www\.)?(c|eec)s\.berkeley\.edu/.+" />
-
-			<!--	+ve:
-						-->
-			<test url="http://cs.berkeley.edu/?hello" />
-			<test url="http://cs.berkeley.edu/no/path/is/matched" />
-			<test url="http://eecs.berkeley.edu/no/path/is/matched" />
-			<test url="http://eecs.berkeley.edu/~cs70/" />
-
-		<exclusion pattern="^http://graduation\.berkeley\.edu/.+" />
-
-			<!--	+ve:
-					-->
-			<test url="http://graduation.berkeley.edu/no/path/is/matched" />
-			<test url="http://graduation.berkeley.edu/?some+query+string" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.berkeley\.edu/(?:$|map$)" /-->
-		<!--
-			404:
-				-->
-		<!--exclusion pattern="^http://www\.berkeley\.edu/(?:directory$|faculty-staff$|students$|twitter/index/lv_twitter_feed_UCBerkeley)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.berkeley\.edu/+(?!favicon\.ico|images/|news2/|pdf/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.berkeley.edu/directory" />
-			<test url="http://www.berkeley.edu/faculty-staff" />
-			<test url="http://www.berkeley.edu/map" />
-			<test url="http://www.berkeley.edu/students" />
-			<test url="http://www.berkeley.edu/twitter/index/lv_twitter_feed_UCBerkeley" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.berkeley.edu/favicon.ico" />
-			<test url="http://www.berkeley.edu/images/uploads/logo-ucberkeley.png" />
-			<test url="http://www.berkeley.edu/news2/bitn/default.png" />
-			<test url="http://www.berkeley.edu/pdf/scmap.pdf" />
 
 
 	<!--	Not secured by server:
@@ -227,11 +205,6 @@
 	<securecookie host="^((?!www\.berkeley\.edu$)\w.*|\.events|(\.fortuna)?\.security)\.berkeley\.edu$" name=".+" />
 
 
-	<!-- These domains must *not* redirect to the www. version -->
-
-	<rule from="^http://www\.(are|give)\.berkeley\.edu/"
-		to="https://$1.berkeley.edu/" />
-
 	<!--	Redirect drops forward slash, path, and args:
 								-->
 	<rule from="^http://bmail\.berkeley\.edu/.*"
@@ -239,28 +212,13 @@
 
 		<test url="http://bmail.berkeley.edu/path/is/dropped" />
 
-	<!--	Redirect drops forward slash and args, but not path:
-									-->
-	<rule from="^http://cal1card\.berkeley\.edu/+([^?]*).*"
-		to="https://services.housing.berkeley.edu/c1c/$1" />
-
-		<test url="http://cal1card.berkeley.edu//?bar" />
-		<test url="http://cal1card.berkeley.edu//?foo" />
-		<test url="http://cal1card.berkeley.edu/?bar" />
-		<test url="http://cal1card.berkeley.edu/?foo" />
-		<test url="http://cal1card.berkeley.edu/has/a/path?query-string-dropped" />
-
 	<rule from="^http://callcenter\.berkeley\.edu/$"
 		to="https://give.berkeley.edu/browse/index.cfm?u=191" />
 
-	<!-- These domains must redirect to the www. version -->
-	<rule from="^http://(cs|eecs|ocf)\.berkeley\.edu/"
-		to="https://www.$1.berkeley.edu/" />
-
-	<rule from="^http://graduation\.berkeley\.edu/$"
-		to="https://commencement.berkeley.edu/" />
+	<rule from="^http://icsi\.berkeley\.edu/"
+		  to="https://www.icsi.berkeley.edu/" />
 
-	<rule from="^http://mirrors\.berkeley\.edu/$"
+	<rule from="^http://mirrors\.berkeley\.edu/"
 		to="https://mirrors.ocf.berkeley.edu/" />
 
 	<rule from="^http:"	to="https:" />
diff --git a/src/chrome/content/rules/University-of-California-San-Diego.xml b/src/chrome/content/rules/University-of-California-San-Diego.xml
index 160999323cef..67f2b1f4c1d6 100644
--- a/src/chrome/content/rules/University-of-California-San-Diego.xml
+++ b/src/chrome/content/rules/University-of-California-San-Diego.xml
@@ -1,204 +1,170 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-		- chancellor.ucsd.edu
-		- communication.ucsd.edu
-		- founders.ucsd.edu
-		- universitycenters.ucsd.edu
-
-		Timeout was reached:
-		- alumni.ucsd.edu
-		- myucsdchart.ucsd.edu
-
-		SSL connect error:
-		- athletics.ucsd.edu
-
-		SSL peer certificate was not OK:
-		- www.alumni.ucsd.edu
-		- giftplanning.ucsd.edu
-		- www.giftplanning.ucsd.edu
-		- ogs-calendar.ucsd.edu
-		- www.studentsupport.ucsd.edu
-		- vac.ucsd.edu
-
-		Peer certificate cannot be authenticated with given CA certificates:
-		- campaign.ucsd.edu
-		- giving.ucsd.edu
-		- nanoengineering.ucsd.edu
-
-		Incomplete certificate chain error:
-		- as.ucsd.edu
-
-		4xx client error:
-		- desktop.ucsd.edu
-		- saber.ucsd.edu
-		- sysstaff.ucsd.edu
-
-		Mixed content blocking (MCB) triggered:
-		- m.ucsd.edu
--->
-<ruleset name="University of California San Diego (partial)">
-	<target host="ucsd.edu" />
-	<target host="www.ucsd.edu" />
-
-	<target host="a.ucsd.edu" />
-	<target host="a4.ucsd.edu" />
-	<target host="academicconnections.ucsd.edu" />
-	<target host="acms.ucsd.edu" />
-	<target host="acs-webmail.ucsd.edu" />
-	<target host="act.ucsd.edu" />
-	<target host="admissions.ucsd.edu" />
-	<target host="apol-recruit.ucsd.edu" />
-	<target host="aquarium.ucsd.edu" />
-	<target host="artsandhumanities.ucsd.edu" />
-	<target host="assets.ucsd.edu" />
-
-	<target host="biology.ucsd.edu" />
-	<target host="blink.ucsd.edu" />
-
-	<target host="caesar.ucsd.edu" />
-	<target host="calendar.ucsd.edu" />
-	<target host="career.ucsd.edu" />
-	<target host="cfr.ucsd.edu" />
-	<target host="cgs.ucsd.edu" />
-	<target host="chd.ucsd.edu" />
-	<target host="chemistry.ucsd.edu" />
-	<target host="cilas.ucsd.edu" />
-	<target host="cinfo.ucsd.edu" />
-	<target host="commons.ucsd.edu" />
-	<target host="courses.ucsd.edu" />
-	<target host="create.ucsd.edu" />
-	<target host="crlpsandiego.ucsd.edu" />
-	<target host="cse.ucsd.edu" />
-	<target host="cseweb.ucsd.edu" />
-	<target host="csp.ucsd.edu" />
-	<target host="cwo.ucsd.edu" />
-
-	<target host="dah.ucsd.edu" />
-	<target host="dbsportal.ucsd.edu" />
-	<target host="developer.ucsd.edu" />
-	<target host="disabilities.ucsd.edu" />
-	<target host="divelog.ucsd.edu" />
-	<target host="diversity.ucsd.edu" />
-	<target host="doctors.ucsd.edu" />
-
-	<target host="eaop.ucsd.edu" />
-	<target host="economics.ucsd.edu" />
-	<target host="ethnicstudies.ucsd.edu" />
-	<target host="extension.ucsd.edu" />
-
-	<target host="facilities.ucsd.edu" />
-	<target host="facultydiversity.ucsd.edu" />
-	<target host="foundation.ucsd.edu" />
-
-	<target host="git.ucsd.edu" />
-	<target host="globalhealthprogram.ucsd.edu" />
-	<target host="grad.ucsd.edu" />
-	<target host="apply.grad.ucsd.edu" />
-
-	<target host="hdh.ucsd.edu" />
-	<target host="hds.ucsd.edu" />
-	<target host="health.ucsd.edu" />
-	<target host="healthbeat.ucsd.edu" />
-	<target host="healthsciences.ucsd.edu" />
-	<target host="history.ucsd.edu" />
-	<target host="hsreservations.ucsd.edu" />
-
-	<target host="igpp.ucsd.edu" />
-	<target host="igppticket.ucsd.edu" />
-	<target host="igppwiki.ucsd.edu" />
-	<target host="isp.ucsd.edu" />
-	<target host="iwdc.ucsd.edu" />
-
-	<target host="jobs.ucsd.edu" />
-
-	<target host="libguides.ucsd.edu" />
-	<target host="libraries.ucsd.edu" />
-	<target host="library.ucsd.edu" />
-	<target host="lists.ucsd.edu" />
-	<target host="mailman.ucsd.edu" />
-	<target host="maps.ucsd.edu" />
-	<target host="marketplace.ucsd.edu" />
-	<target host="math.ucsd.edu" />
-	<target host="mathlink.ucsd.edu" />
-	<target host="mathlink2.ucsd.edu" />
-	<target host="meded.ucsd.edu" />
-	<target host="mentorship.ucsd.edu" />
-	<target host="mobile.ucsd.edu" />
-	<target host="myextension.ucsd.edu" />
-	<target host="myosd.ucsd.edu" />
-	<target host="mytritonlink.ucsd.edu" />
-
-	<target host="ocfr.ucsd.edu" />
-	<target host="ocga.ucsd.edu" />
-	<target host="onthego.ucsd.edu" />
-
-	<target host="pao.ucsd.edu" />
-	<target host="parents.ucsd.edu" />
-	<target host="pharmacy.ucsd.edu" />
-	<target host="physics.ucsd.edu" />
-	<target host="plandesignbuild.ucsd.edu" />
-	<target host="podcast.ucsd.edu" />
-	<target host="polisci.ucsd.edu" />
-	<target host="preuss.ucsd.edu" />
-	<target host="profiles.ucsd.edu" />
-	<target host="provost.ucsd.edu" />
-	<target host="providers.ucsd.edu" />
-	<target host="psychology.ucsd.edu" />
-
-	<target host="recreation.ucsd.edu" />
-	<target host="resnet.ucsd.edu" />
-	<target host="rmp.ucsd.edu" />
-	<target host="roger.ucsd.edu" />
-	<target host="roosevelt.ucsd.edu" />
-
-	<target host="sarc.ucsd.edu" />
-	<target host="sciencestudies.ucsd.edu" />
-	<target host="scripps.ucsd.edu" />
-	<target host="sdacs.ucsd.edu" />
-	<target host="sdawp.ucsd.edu" />
-	<target host="se.ucsd.edu" />
-	<target host="ships.ucsd.edu" />
-	<target host="shs.ucsd.edu" />
-	<target host="socialsciences.ucsd.edu" />
-	<target host="software.ucsd.edu" />
-	<target host="structures.ucsd.edu" />
-	<target host="www.structures.ucsd.edu" />
-	<target host="student.ucsd.edu" />
-	<target host="studentparents.ucsd.edu" />
-	<target host="students.ucsd.edu" />
-	<target host="studentsupport.ucsd.edu" />
-	<target host="sustainability.ucsd.edu" />
-
-	<target host="ted.ucsd.edu" />
-	<target host="transportation.ucsd.edu" />
-	<target host="trio.ucsd.edu" />
-	<target host="tritoned.ucsd.edu" />
-	<target host="tritonlink.ucsd.edu" />
-
-	<target host="uclearning.ucsd.edu" />
-	<target host="ucsdbkst.ucsd.edu" />
-	<target host="ucsdfoundation.ucsd.edu" />
-	<target host="ucsdnews.ucsd.edu" />
-	<target host="ugcbo.ucsd.edu" />
-	<target host="ui.ucsd.edu" />
-	<target host="unex-shibboleth.ucsd.edu" />
-	<target host="usmex.ucsd.edu" />
-	<target host="usp.ucsd.edu" />
-
-	<target host="wellness.ucsd.edu" />
-	<target host="women.ucsd.edu" />
-	<target host="wts.ucsd.edu" />
-	<target host="www-acs.ucsd.edu" />
-	<target host="www-act.ucsd.edu" />
-	<target host="www-er.ucsd.edu" />
-	<target host="www-structures.ucsd.edu" />
-
-	<target host="yankelovichcenter.ucsd.edu" />
-
-	<rule from="^http://provost\.ucsd\.edu/"
-			to="https://ugcbo.ucsd.edu/" />
-
-	<rule from="^http:"
-			to="https:" />
+<ruleset name="University of California San Diego (partial)"> 
+  <target host="a.ucsd.edu"/>
+  <target host="academicconnections.ucsd.edu"/>
+  <target host="academicintegrity.ucsd.edu"/>
+  <target host="acms.ucsd.edu"/>
+  <target host="act.ucsd.edu"/>
+  <target host="admissions.ucsd.edu"/>
+  <target host="aip.ucsd.edu"/>
+  <target host="apol-recruit.ucsd.edu"/>
+  <target host="apply.grad.ucsd.edu"/>
+  <target host="aquarium.ucsd.edu"/>
+  <target host="artsandhumanities.ucsd.edu"/>
+  <target host="biology.ucsd.edu"/>
+  <target host="blink.ucsd.edu"/>
+  <target host="caesar.ucsd.edu"/>
+  <target host="calendar.ucsd.edu"/>
+  <target host="career.ucsd.edu"/>
+  <target host="ccis.ucsd.edu"/>
+  <target host="cer.ucsd.edu"/>
+  <target host="cfr.ucsd.edu"/>
+  <target host="cgs.ucsd.edu"/>
+  <target host="chancellor.ucsd.edu"/>
+  <target host="chd.ucsd.edu"/>
+  <target host="chemistry.ucsd.edu"/>
+  <target host="china.ucsd.edu"/>
+  <target host="chinesestudies.ucsd.edu"/>
+  <target host="cilas.ucsd.edu"/>
+  <target host="cinfo.ucsd.edu"/>
+  <target host="cmrr.ucsd.edu"/>
+  <target host="commons.ucsd.edu"/>
+  <target host="coronavirus.ucsd.edu"/>
+  <target host="courses.ucsd.edu"/>
+  <target host="create.ucsd.edu"/>
+  <target host="cse.ucsd.edu"/>
+  <target host="cseweb.ucsd.edu"/>
+  <target host="csp.ucsd.edu"/>
+  <target host="cwo.ucsd.edu"/>
+  <target host="dah.ucsd.edu"/>
+  <target host="dbsportal.ucsd.edu"/>
+  <target host="deepdecarbon.ucsd.edu"/>
+  <target host="developer.ucsd.edu"/>
+  <target host="disabilities.ucsd.edu"/>
+  <target host="divelog.ucsd.edu"/>
+  <target host="diversity.ucsd.edu"/>
+  <target host="doctors.ucsd.edu"/>
+  <target host="eaop.ucsd.edu"/>
+  <target host="economics.ucsd.edu"/>
+  <target host="empathyandcompassion.ucsd.edu"/>
+  <target host="ethnicstudies.ucsd.edu"/>
+  <target host="extension.ucsd.edu"/>
+  <target host="facilities.ucsd.edu"/>
+  <target host="facultydiversity.ucsd.edu"/>
+  <target host="foundation.ucsd.edu"/>
+  <target host="giftplanning.ucsd.edu"/>
+  <target host="git.ucsd.edu"/>
+  <target host="globalhealthprogram.ucsd.edu"/>
+  <target host="globalties.ucsd.edu"/>
+  <target host="grad.ucsd.edu"/>
+  <target host="gradlife.ucsd.edu"/>
+  <target host="hdh.ucsd.edu"/>
+  <target host="hds.ucsd.edu"/>
+  <target host="health.ucsd.edu"/>
+  <target host="healthbeat.ucsd.edu"/>
+  <target host="healthsciences.ucsd.edu"/>
+  <target host="history.ucsd.edu"/>
+  <target host="hsreservations.ucsd.edu"/>
+  <target host="igpp.ucsd.edu"/>
+  <target host="igppticket.ucsd.edu"/>
+  <target host="igppwiki.ucsd.edu"/>
+  <target host="isp.ucsd.edu"/>
+  <target host="itrc.ucsd.edu"/>
+  <target host="iwdc.ucsd.edu"/>
+  <target host="japan.ucsd.edu"/>
+  <target host="jobs.ucsd.edu"/>
+  <target host="las.ucsd.edu"/>
+  <target host="lgbt.ucsd.edu"/>
+  <target host="libguides.ucsd.edu"/>
+  <target host="libraries.ucsd.edu"/>
+  <target host="library.ucsd.edu"/>
+  <target host="maps.ucsd.edu"/>
+  <target host="marketplace.ucsd.edu"/>
+  <target host="marshall.ucsd.edu"/>
+  <target host="math.ucsd.edu"/>
+  <target host="mathlink.ucsd.edu"/>
+  <target host="mathlink2.ucsd.edu"/>
+  <target host="meded.ucsd.edu"/>
+  <target host="mentorship.ucsd.edu"/>
+  <target host="mobile.ucsd.edu"/>
+  <target host="muir.ucsd.edu"/>
+  <target host="myextension.ucsd.edu"/>
+  <target host="myosd.ucsd.edu"/>
+  <target host="mytritonlink.ucsd.edu"/>
+  <target host="ncmir.ucsd.edu"/>
+  <target host="ocfr.ucsd.edu"/>
+  <target host="ocga.ucsd.edu"/>
+  <target host="onthego.ucsd.edu"/>
+  <target host="pao.ucsd.edu"/>
+  <target host="parents.ucsd.edu"/>
+  <target host="pharmacy.ucsd.edu"/>
+  <target host="physicalsciences.ucsd.edu"/>
+  <target host="physics.ucsd.edu"/>
+  <target host="podcast.ucsd.edu"/>
+  <target host="polar.ucsd.edu"/>
+  <target host="police.ucsd.edu"/>
+  <target host="polisci.ucsd.edu"/>
+  <target host="preuss.ucsd.edu"/>
+  <target host="profiles.ucsd.edu"/>
+  <target host="providers.ucsd.edu"/>
+  <target host="provost.ucsd.edu"/>
+  <target host="psychology.ucsd.edu"/>
+  <target host="rady.ucsd.edu"/>
+  <target host="recreation.ucsd.edu"/>
+  <target host="research.ucsd.edu"/>
+  <target host="resnet.ucsd.edu"/>
+  <target host="rmp.ucsd.edu"/>
+  <target host="roger.ucsd.edu"/>
+  <target host="roosevelt.ucsd.edu"/>
+  <target host="sarc.ucsd.edu"/>
+  <target host="sciencestudies.ucsd.edu"/>
+  <target host="scripps.ucsd.edu"/>
+  <target host="sdacs.ucsd.edu"/>
+  <target host="sdawp.ucsd.edu"/>
+  <target host="se.ucsd.edu"/>
+  <target host="seventh.ucsd.edu"/>
+  <target host="ships.ucsd.edu"/>
+  <target host="shs.ucsd.edu"/>
+  <target host="sixth.ucsd.edu"/>
+  <target host="socialsciences.ucsd.edu"/>
+  <target host="software.ucsd.edu"/>
+  <target host="structures.ucsd.edu"/>
+  <target host="student.ucsd.edu"/>
+  <target host="studentparents.ucsd.edu"/>
+  <target host="students.ucsd.edu"/>
+  <target host="studentsupport.ucsd.edu"/>
+  <target host="studyabroad.ucsd.edu"/>
+  <target host="sustainability.ucsd.edu"/>
+  <target host="ted.ucsd.edu"/>
+  <target host="transferstudents.ucsd.edu"/>
+  <target host="transportation.ucsd.edu"/>
+  <target host="trio.ucsd.edu"/>
+  <target host="tritoned.ucsd.edu"/>
+  <target host="tritonlink.ucsd.edu"/>
+  <target host="uclearning.ucsd.edu"/>
+  <target host="ucsd.edu"/>
+  <target host="ucsdbkst.ucsd.edu"/>
+  <target host="ucsdfoundation.ucsd.edu"/>
+  <target host="ucsdnews.ucsd.edu"/>
+  <target host="ugcbo.ucsd.edu"/>
+  <target host="ui.ucsd.edu"/>
+  <target host="unex-shibboleth.ucsd.edu"/>
+  <target host="usmex.ucsd.edu"/>
+  <target host="usp.ucsd.edu"/>
+  <target host="vcsa.ucsd.edu"/>
+  <target host="warren.ucsd.edu"/>
+  <target host="wellness.ucsd.edu"/>
+  <target host="women.ucsd.edu"/>
+  <target host="writinghub.ucsd.edu"/>
+  <target host="wts.ucsd.edu"/>
+  <target host="www-acs.ucsd.edu"/>
+  <target host="www-act.ucsd.edu"/>
+  <target host="www-er.ucsd.edu"/>
+  <target host="www-structures.ucsd.edu"/>
+  <target host="www.mod.ucsd.edu"/>
+  <target host="www.structures.ucsd.edu"/>
+  <target host="www.ucsd.edu"/>
+  <target host="yankelovichcenter.ucsd.edu"/>
+
+  <rule from="^http://provost\.ucsd\.edu/" to="https://ugcbo.ucsd.edu/"/>  
+  <rule from="^http:" to="https:"/>  
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Cambridge.xml b/src/chrome/content/rules/University-of-Cambridge.xml
index 1eeb2b2792c2..89fa52d56576 100644
--- a/src/chrome/content/rules/University-of-Cambridge.xml
+++ b/src/chrome/content/rules/University-of-Cambridge.xml
@@ -1,5 +1,5 @@
 <!--
-	For a list of University of Cambridge subdomains, please 
+	For a list of University of Cambridge subdomains, please
 		refer to https://www.cam.ac.uk/university-a-z/
 
 	Other University of Cambridge rulesets:
@@ -8,14 +8,18 @@
 	Non-functional hosts
 		Couldn't connect to server:
 		- www-cryst.bioc.cam.ac.uk
+		- www.casp.cam.ac.uk
+		- research-institute.conservation.cam.ac.uk
 		- www.csap.cam.ac.uk
 		- www.dow.cam.ac.uk
 		- www.eng.cam.ac.uk
 		- bullard.esc.cam.ac.uk
 		- www.itg.cam.ac.uk
+		- account.jesus.cam.ac.uk
 		- www.kings.cam.ac.uk
 		- www.magd.cam.ac.uk
 		- www.mrc-epid.cam.ac.uk
+		- outreach.mus.cam.ac.uk
 		- data.plantsci.cam.ac.uk
 		- www.pom.cam.ac.uk
 		- www.srl.cam.ac.uk
@@ -30,6 +34,7 @@
 		- www-hki.fitzmuseum.cam.ac.uk
 		- lconline.langcen.cam.ac.uk
 		- www.langcen.cam.ac.uk
+		- www.mrao.cam.ac.uk
 		- www.mrc-mbu.cam.ac.uk
 		- www.neurosurg.cam.ac.uk
 		- www.pem.cam.ac.uk
@@ -99,6 +104,8 @@
 		- www.cihrm.jbs.cam.ac.uk
 		- www.india.jbs.cam.ac.uk
 		- cflpp.law.cam.ac.uk
+		- specialcollections.blog.lib.cam.ac.uk
+		- towerproject.blog.lib.cam.ac.uk
 		- moore.libraries.cam.ac.uk
 		- www.martynmission.cam.ac.uk
 		- www.metabolism.cam.ac.uk
@@ -213,7 +220,6 @@
 	<target host="www.camsis.cam.ac.uk" />
 	<target host="camtools.cam.ac.uk" />
 	<target host="www.careers.cam.ac.uk" />
-	<target host="www.casp.cam.ac.uk" />
 	<target host="www.caths.cam.ac.uk" />
 	<target host="www.cbr.cam.ac.uk" />
 	<target host="www.ccdc.cam.ac.uk" />
@@ -230,7 +236,6 @@
 	<target host="www.clarehall.cam.ac.uk" />
 	<target host="www.classics.cam.ac.uk" />
 	<target host="www.communications.cam.ac.uk" />
-	<target host="research-institute.conservation.cam.ac.uk" />
 	<target host="www.construction.cam.ac.uk" />
 	<target host="www.corpus.cam.ac.uk" />
 	<target host="www.counselling.cam.ac.uk" />
@@ -265,6 +270,7 @@
 	<target host="www.emma.cam.ac.uk" />
 	<target host="www.energy.cam.ac.uk" />
 	<target host="www.ifm.eng.cam.ac.uk" />
+	<target host="mi.eng.cam.ac.uk" />
 	<target host="www-csd.eng.cam.ac.uk" />
 	<target host="www-diva.eng.cam.ac.uk" />
 	<target host="www-structures.eng.cam.ac.uk" />
@@ -303,7 +309,6 @@
 	<target host="www.infectiousdisease.cam.ac.uk" />
 	<target host="www.internationalstudents.cam.ac.uk" />
 	<target host="www.jbs.cam.ac.uk" />
-	<target host="account.jesus.cam.ac.uk" />
 	<target host="conference.jesus.cam.ac.uk" />
 	<target host="www.jesus.cam.ac.uk" />
 	<target host="www.kicc.cam.ac.uk" />
@@ -317,8 +322,6 @@
 	<target host="www.ctl.law.cam.ac.uk" />
 	<target host="www.squire.law.cam.ac.uk" />
 	<target host="www.law.cam.ac.uk" />
-	<target host="specialcollections.blog.lib.cam.ac.uk" />
-	<target host="towerproject.blog.lib.cam.ac.uk" />
 	<target host="exhibitions.lib.cam.ac.uk" />
 	<target host="bbsrcdtp.lifesci.cam.ac.uk" />
 	<target host="www.gradschl.lifesci.cam.ac.uk" />
@@ -337,14 +340,12 @@
 	<target host="surgery.medschl.cam.ac.uk" />
 	<target host="www.medschl.cam.ac.uk" />
 	<target host="www-neurosciences.medschl.cam.ac.uk" />
-	<target host="www.mrao.cam.ac.uk" />
 	<target host="www.mrc-bsu.cam.ac.uk" />
 	<target host="www.mrc-cbu.cam.ac.uk" />
 	<target host="www.mrc-cu.cam.ac.uk" />
 	<target host="www2.mrc-lmb.cam.ac.uk" />
 	<target host="www.msm.cam.ac.uk" />
 	<target host="www.murrayedwards.cam.ac.uk" />
-	<target host="outreach.mus.cam.ac.uk" />
 	<target host="www.mus.cam.ac.uk" />
 	<target host="www.museums.cam.ac.uk" />
 	<target host="www.nanodtc.cam.ac.uk" />
diff --git a/src/chrome/content/rules/University-of-Central-Florida.xml b/src/chrome/content/rules/University-of-Central-Florida.xml
index 21acc3dcbb0e..301b4696f740 100644
--- a/src/chrome/content/rules/University-of-Central-Florida.xml
+++ b/src/chrome/content/rules/University-of-Central-Florida.xml
@@ -15,16 +15,26 @@ Fetch error: http://ucf.edu/ => https://ucf.edu/: (7, 'Failed to connect to ucf.
 		- portal-help		(times out)
 
 -->
-<ruleset name="University of Central Florida (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Central Florida (partial)" default_off="failed ruleset test">
 
 	<target host="ucf.edu" />
-	<target host="*.ucf.edu" />
+	<target host="admissions.ucf.edu" />
+	<target host="bot.ucf.edu" />
+	<target host="brand.ucf.edu" />
+	<target host="cdn.ucf.edu" />
+	<target host="communityrelations.ucf.edu" />
+	<target host="fsi.ucf.edu" />
+	<target host="hospitality.ucf.edu" />
+	<target host="my.ucf.edu" />
+	<target host="today.ucf.edu" />
+	<target host="smca.ucf.edu" />
+	<target host="universityheader.ucf.edu" />
+	<target host="www.ucf.edu" />
 
 
 	<securecookie host="^(?:admissions|bot|brand|cdn|communityrelations|fsi|hospitality|my|smca|today|universityheader)\.ucf\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:admissions|bot|brand|cdn|communityrelations|fsi|hospitality|my|today|smca|universityheader|www)\.)?ucf\.edu/"
-		to="https://$1ucf.edu/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Chicago.xml b/src/chrome/content/rules/University-of-Chicago.xml
index 6940c351105b..d57aff861bb5 100644
--- a/src/chrome/content/rules/University-of-Chicago.xml
+++ b/src/chrome/content/rules/University-of-Chicago.xml
@@ -41,6 +41,6 @@
 	<rule from="^http://proxy\.uchicago\.edu/"
 			to="https://www.proxy.uchicago.edu/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml b/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml
index 4d5a9db884b6..95396da59157 100644
--- a/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml
+++ b/src/chrome/content/rules/University-of-Colorado-at-Boulder.xml
@@ -52,7 +52,11 @@ Fetch error: http://colorado.edu/ => http://colorado.edu/: Redirect for 'http://
 <ruleset name="Colorado.edu (partial)">
 
 	<target host="colorado.edu" />
-	<target host="*.colorado.edu" />
+	<target host="www.colorado.edu" />
+	<target host="fiske.colorado.edu" />
+	<target host="jila.colorado.edu" />
+	<target host="laspwebmail.colorado.edu" />
+	<target host="oceanus.colorado.edu" />
 
 
 	<securecookie host="^laspwebmail\.colorado\.edu$" name=".+" />
diff --git a/src/chrome/content/rules/University-of-Delaware.xml b/src/chrome/content/rules/University-of-Delaware.xml
index 9a3e860205ec..b403b33ba2cd 100644
--- a/src/chrome/content/rules/University-of-Delaware.xml
+++ b/src/chrome/content/rules/University-of-Delaware.xml
@@ -22,4 +22,4 @@
 	<rule from="^http://www\.facilities\.udel\.edu/(App_Themes|[dD]ata|Secure)/"
 		to="https://www.facilities.udel.edu/$1/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University-of-Eastern-Finland.xml b/src/chrome/content/rules/University-of-Eastern-Finland.xml
index c294c36f01fb..081e69718db4 100644
--- a/src/chrome/content/rules/University-of-Eastern-Finland.xml
+++ b/src/chrome/content/rules/University-of-Eastern-Finland.xml
@@ -5,7 +5,7 @@ Fetch error: http://cs.joensuu.fi/ => https://cs.joensuu.fi/: (60, 'SSL certific
 	!functional:
 		- aducate.uef.fi	(valid cert, shows RHEL test page)
 -->
-<ruleset name="University of Eastern Finland (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Eastern Finland (partial)" default_off="failed ruleset test">
 
 	<target host="cs.joensuu.fi"/>
 	<target host="uef.fi"/>
diff --git a/src/chrome/content/rules/University-of-Exeter.xml b/src/chrome/content/rules/University-of-Exeter.xml
index abe8ca63e48d..6a6299b82931 100644
--- a/src/chrome/content/rules/University-of-Exeter.xml
+++ b/src/chrome/content/rules/University-of-Exeter.xml
@@ -1,74 +1,48 @@
 <!--
-	Nonfunctional subdomains:
+	Non-functional hosts in *.exeter.ac.uk
+		Timeout:
+		- owa.exeter.ac.uk
 
-		- psychology	(redirects to as)
-		- sshs		(redirects to as)
+		Couldn't connect to server:
+		- gosling.exeter.ac.uk
 
+		Incomplete certificate chain error:
+		- evisit.exeter.ac.uk
 
-	Fully covered domains:
-
-		- newton.ex.ac.uk
-
-		- *.exeter.ac.uk:
-
-			- emps
-
+		Mixed content blocking (MCB) triggered:
+		- apps.exeter.ac.uk
+		- ceder.exeter.ac.uk
+		- education.exeter.ac.uk
+		- sshs.exeter.ac.uk
 -->
 <ruleset name="University of Exeter (partial)">
-
-	<target host="ex.ac.uk" />
-	<target host="*.ex.ac.uk" />
-
-		<test url="http://empslocal.ex.ac.uk/" />
-
 	<target host="exeter.ac.uk" />
-	<target host="*.exeter.ac.uk" />
-		<exclusion pattern="^http://(?:www\.)?(?:psychology|sshs)\." />
-
-
-	<securecookie host="^(?:.*\.)?exeter\.ac\.uk$" name=".+" />
-
-
-	<!--
-		Cert only matches empslocal.ex.ac.uk, so rewrite to ex.ac.uk
-		instead of the exeter.ac.uk used for all other subdomains.
-	-->
-	<rule from="^http://empslocal\.ex(?:eter)?\.ac\.uk/"
-		to="https://empslocal.ex.ac.uk/" />
-
-	<!--	Observed subdomains:
-
-			- apps
-			- as
-			- biosciences
-			- business-school
-			- education
-			- emps
-			- evisit	(stats beacon)
-			- geography
-			- gosling
-			- humanities
-			- intranet
-			- lib
-			- lifesciences
-			- my
-			- mysso
-			- newton
-			- owa
-			- projects
-			- sid
-			- socialsciences
-			- srs
-			- www
-
-	Cert only matches exeter
-				-->
-	<rule from="^http://([\w-]+\.)?ex(?:eter)?\.ac\.uk/"
-		to="https://$1exeter.ac.uk/" />
-
-	<!--	Cert only matches //*.exeter
-						-->
-	<rule from="^http://(?:www\.)?([\w-]+\.)ex(?:eter)?\.ac\.uk/"
-		to="https://$1exeter.ac.uk/" />
-
+	<target host="www.exeter.ac.uk" />
+	<target host="as.exeter.ac.uk" />
+	<target host="biosciences.exeter.ac.uk" />
+	<target host="blogs.exeter.ac.uk" />
+	<target host="business-school.exeter.ac.uk" />
+	<target host="directory.exeter.ac.uk" />
+	<target host="emps.exeter.ac.uk" />
+	<target host="empslocal.ex.ac.uk" />
+	<target host="geography.exeter.ac.uk" />
+	<target host="humanities.exeter.ac.uk" />
+	<target host="intranet.exeter.ac.uk" />
+	<target host="lib.exeter.ac.uk" />
+	<target host="libguides.exeter.ac.uk" />
+	<target host="lifesciences.exeter.ac.uk" />
+	<target host="medicine.exeter.ac.uk" />
+	<target host="my.exeter.ac.uk" />
+	<target host="oao.exeter.ac.uk" />
+	<target host="online.exeter.ac.uk" />
+	<target host="projects.exeter.ac.uk" />
+	<target host="psychology.exeter.ac.uk" />
+	<target host="sid.exeter.ac.uk" />
+	<target host="socialsciences.exeter.ac.uk" />
+	<target host="srs.exeter.ac.uk" />
+	<target host="tarc.exeter.ac.uk" />
+	<target host="tentors.exeter.ac.uk" />
+	<target host="vle.exeter.ac.uk" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Florida.xml b/src/chrome/content/rules/University-of-Florida.xml
index ad7e04703d95..aa20fa166606 100644
--- a/src/chrome/content/rules/University-of-Florida.xml
+++ b/src/chrome/content/rules/University-of-Florida.xml
@@ -49,7 +49,7 @@ Fetch error: http://www.shands.org/ => https://www.shands.org/: (51, "SSL: no al
 		- www			(refused)
 
 -->
-<ruleset name="University of Florida (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Florida (partial)" default_off="failed ruleset test">
 
 	<target host="www.shands.org" />
 	<target host="*.ufl.edu" />
diff --git a/src/chrome/content/rules/University-of-Groningen.xml b/src/chrome/content/rules/University-of-Groningen.xml
index 3fa2bf4d470f..01be299ad688 100644
--- a/src/chrome/content/rules/University-of-Groningen.xml
+++ b/src/chrome/content/rules/University-of-Groningen.xml
@@ -5,7 +5,9 @@ Fetch error: http://www.astro.rug.nl/ => https://www.astro.rug.nl/: (60, 'SSL ce
 <ruleset name="University of Groningen (partial)">
 
 	<target host="rug.nl"/>
-	<target host="*.rug.nl"/>
+	<target host="www.rug.nl" />
+	<target host="astro.rug.nl" />
+	<target host="www.astro.rug.nl" />
 
 	<rule from="^http://(www\.)?rug\.nl/(_definition/|sterrenkunde/([!_]css|_shared/|onderwijs/index!login))"
 		to="https://$1rug.nl/$2"/>
diff --git a/src/chrome/content/rules/University-of-Helsinki.xml b/src/chrome/content/rules/University-of-Helsinki.xml
index d01fdb772568..356984a4da87 100644
--- a/src/chrome/content/rules/University-of-Helsinki.xml
+++ b/src/chrome/content/rules/University-of-Helsinki.xml
@@ -26,7 +26,13 @@
 <ruleset name="University of Helsinki (partial)">
 
 	<target host="helsinki.fi" />
-	<target host="*.helsinki.fi" />
+	<target host="www.helsinki.fi" />
+	<target host="alma.helsinki.fi" />
+	<target host="alumniverkosto.helsinki.fi" />
+	<target host="blogs.helsinki.fi" />
+	<target host="www-db2.helsinki.fi" />
+	<target host="cs.helsinki.fi" />
+	<target host="www.cs.helsinki.fi" />
 
 
 	<!--securecookie host="^\.cs\.helsinki\.fi$" name="^SESS\w{32}$" /-->
diff --git a/src/chrome/content/rules/University-of-Idaho.xml b/src/chrome/content/rules/University-of-Idaho.xml
index e38ed6760acf..8e859fe046b1 100644
--- a/src/chrome/content/rules/University-of-Idaho.xml
+++ b/src/chrome/content/rules/University-of-Idaho.xml
@@ -22,10 +22,19 @@ Fetch error: http://www2.sites.uidaho.edu/ => https://www2.sites.uidaho.edu/: (6
 		- www.webs	(cert: www.sci.uidaho.edu; 302s to www.webpages)
 
 -->
-<ruleset name="University of Idaho (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Idaho (partial)" default_off="failed ruleset test">
 
 	<target host="uidaho.edu" />
-	<target host="*.uidaho.edu" />
+	<target host="sitecore.uidaho.edu" />
+	<target host="vandalweb.uidaho.edu" />
+	<target host="www.dfa.uidaho.edu" />
+	<target host="www.sci.uidaho.edu" />
+	<target host="www.uiweb.uidaho.edu" />
+	<target host="www.webedit.uidaho.edu" />
+	<target host="www.sites.uidaho.edu" />
+	<target host="www2.sites.uidaho.edu" />
+	<target host="www.uidaho.edu" />
+	<target host="www.its.uidaho.edu" />
 	<!--
 		^dfa, ^its, ^sci, ^sites, ^uiweb, & ^webedit don't exist.
 					-->
diff --git a/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml b/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml
index 5164cf43aa6b..4717d8870206 100644
--- a/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml
+++ b/src/chrome/content/rules/University-of-Illinois-at-Urbana-Champaign.xml
@@ -159,7 +159,7 @@ Fetch error: http://police.illinois.edu/ => https://dps.illinois.edu/: (51, "SSL
 	* Secured by us
 
 -->
-<ruleset name="Illinois.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Illinois.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University-of-Manitoba.xml b/src/chrome/content/rules/University-of-Manitoba.xml
index cc07a5b1f62a..ab1e9c2cbffe 100644
--- a/src/chrome/content/rules/University-of-Manitoba.xml
+++ b/src/chrome/content/rules/University-of-Manitoba.xml
@@ -2,7 +2,7 @@
 	Nonfunctional domains:
 
 
-		- umanitoba.ca subdomains: 
+		- umanitoba.ca subdomains:
 
 			- crscalprod1.cc
 			- fasprod.cc		(interrupted)
diff --git a/src/chrome/content/rules/University-of-Maryland.xml b/src/chrome/content/rules/University-of-Maryland.xml
index 399606e63a40..deacfe7cc02c 100644
--- a/src/chrome/content/rules/University-of-Maryland.xml
+++ b/src/chrome/content/rules/University-of-Maryland.xml
@@ -135,7 +135,7 @@ Fetch error: http://www.urhome.umd.edu/ => https://www.urhome.umd.edu/: (51, "SS
 	* Secured by us
 
 -->
-<ruleset name="UMd.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UMd.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml b/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml
index 99c27ab23769..53daf1996b8a 100644
--- a/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml
+++ b/src/chrome/content/rules/University-of-Massachusetts-Amherst.xml
@@ -23,7 +23,20 @@
 
 	<target host="umassathletics.cstv.com" />
 	<target host="umass.edu" />
-	<target host="*.umass.edu" />
+	<target host="blogs.umass.edu" />
+	<target host="moodle.umass.edu" />
+	<target host="oit.umass.edu" />
+	<target host="hds.oit.umass.edu" />
+	<target host="hds05.oit.umass.edu" />
+	<target host="spark.oit.umass.edu" />
+	<target host="udrive.oit.umass.edu" />
+	<target host="umail.oit.umass.edu" />
+	<target host="umweb-3.oit.umass.edu" />
+	<target host="www.oit.umass.edu" />
+	<target host="webapp.spire.umass.edu" />
+	<target host="www.spire.umass.edu" />
+	<target host="umii.umass.edu" />
+	<target host="www.umii.umass.edu" />
 	<!--	* for cross-domain cookie.	-->
 	<target host="umassulearn.net" />
 	<target host="www.umassulearn.net" />
@@ -33,13 +46,8 @@
 	<securecookie host="^www\.umassulearn\.net$" name=".+" />
 
 
-	<rule from="^http://umassathletics\.cstv\.com/"
-		to="https://umassathletics.cstv.com/" />
 
-	<rule from="^http://((?:blogs|moodle|(?:(?:hds|hds05|spark|udrive|umail|umweb-3|www)\.)?oit|(?:webapp|www)\.spire|umii|www\.umii)\.)?umass\.edu/"
-		to="https://$1umass.edu/" />
 
-	<rule from="^http://(www\.)?umassulearn\.net/"
-		to="https://$1umassulearn.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Minnesota.xml b/src/chrome/content/rules/University-of-Minnesota.xml
index 549459b1c6f6..d51cba3733fc 100644
--- a/src/chrome/content/rules/University-of-Minnesota.xml
+++ b/src/chrome/content/rules/University-of-Minnesota.xml
@@ -44,7 +44,7 @@ Non-2xx HTTP code: http://www1.umn.edu/ (200) => https://www1.umn.edu/ (404)
 	* Secured by us
 
 -->
-<ruleset name="UMN.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UMN.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University-of-Ottawa.xml b/src/chrome/content/rules/University-of-Ottawa.xml
index 4952ba1e699e..5abb5362fb1d 100644
--- a/src/chrome/content/rules/University-of-Ottawa.xml
+++ b/src/chrome/content/rules/University-of-Ottawa.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://web5.uottawa.ca/ => https://web5.uottawa.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="University of Ottawa (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Ottawa (partial)" default_off="failed ruleset test">
 
 	<target host="web5.uottawa.ca" />
 
diff --git a/src/chrome/content/rules/University-of-Oxford.xml b/src/chrome/content/rules/University-of-Oxford.xml
index a78a504d84e5..74c3da840575 100644
--- a/src/chrome/content/rules/University-of-Oxford.xml
+++ b/src/chrome/content/rules/University-of-Oxford.xml
@@ -106,7 +106,6 @@ Fetch error: http://mail.bfriars.ox.ac.uk/ => https://www.bfriars.ox.ac.uk/horde
 		- medieval.history		("Site Maintenance")
 		- www.history		Mixed css
 		- www.issf ᵃ
-		- www2.maths ³
 		- tools.ndm ³
 		- nqit		Mismatched
 		- www.torch	Mismatched
@@ -191,7 +190,7 @@ Fetch error: http://mail.bfriars.ox.ac.uk/ => https://www.bfriars.ox.ac.uk/horde
 	* Secured by us
 
 -->
-<ruleset name="Ox.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Ox.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -251,7 +250,11 @@ Fetch error: http://mail.bfriars.ox.ac.uk/ => https://www.bfriars.ox.ac.uk/horde
 	<target host="www.maths.ox.ac.uk" />
 	<target host="www0.maths.ox.ac.uk" />
 	<target host="www1.maths.ox.ac.uk" />
-	<!--target host="www2.maths.ox.ac.uk" /-->
+	<target host="www2.maths.ox.ac.uk" />
+	<target host="rap.maths.ox.ac.uk" />
+	<target host="minerva.maths.ox.ac.uk" />
+	<target host="owncloud.maths.ox.ac.uk" />
+	<target host="zimbra.maths.ox.ac.uk" />
 
 	<target host="www.medawar.ox.ac.uk" />
 	<target host="webedit.medsci.ox.ac.uk" />
diff --git a/src/chrome/content/rules/University-of-Pennsylvania.xml b/src/chrome/content/rules/University-of-Pennsylvania.xml
index f5fba50f3517..5412fcdc0754 100644
--- a/src/chrome/content/rules/University-of-Pennsylvania.xml
+++ b/src/chrome/content/rules/University-of-Pennsylvania.xml
@@ -29,7 +29,16 @@
 -->
 <ruleset name="UPenn.edu (partial)">
 
-	<target host="*.upenn.edu"/>
+	<target host="cis.upenn.edu" />
+	<target host="www.cis.upenn.edu" />
+	<target host="www.college.upenn.edu" />
+	<target host="medley.isc-seo.upenn.edu" />
+	<target host="www.library.upenn.edu" />
+	<target host="weblogin.pennkey.upenn.edu" />
+	<target host="fission.sas.upenn.edu" />
+	<target host="www.sas.upenn.edu" />
+	<target host="webmail.seas.upenn.edu" />
+	<target host="www.seas.upenn.edu" />
 		<exclusion pattern="^http://www\.library\.upenn\.edu/(?!images/|styles/)" />
 
 
@@ -37,7 +46,6 @@
 	<securecookie host="^(?:weblogin\.pennkey|\.www\.sas)\.upenn\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:www\.)?cis|www\.college|medley\.isc-seo|www\.library|weblogin\.pennkey|(?:fission|www)\.sas|w(?:ebmail|ww)\.seas)\.upenn\.edu/"
-		to="https://$1.upenn.edu/"/>
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-South-Florida-mismatches.xml b/src/chrome/content/rules/University-of-South-Florida-mismatches.xml
deleted file mode 100644
index 09e599711e46..000000000000
--- a/src/chrome/content/rules/University-of-South-Florida-mismatches.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules that are on by default, see University-of-South-Florida.xml.
-
--->
-<ruleset name="University of South Florida (mismatches)" default_off="expired, mismatch, self-signed">
-
-	<!--	Cert: *.usf.edu, expired, self-signed	-->
-	<target host="brs.blog.usf.edu" />
-	<target host="rc.blog.usf.edu" />
-	<target host="scholarcommons.usf.edu" />
-	<target host="wusfnews.wusf.usf.edu" />
-	<!--	Cert: *.bepress.com	-->
-	
-	<!--	Cert: *.drupal.publicbroadcasting.net	-->
-	
-
-
-	<!--	Cookies are handled in University-of-South-Florida.xml.	-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/University-of-South-Florida.xml b/src/chrome/content/rules/University-of-South-Florida.xml
index c2cb4e08b475..1e10d021c95e 100644
--- a/src/chrome/content/rules/University-of-South-Florida.xml
+++ b/src/chrome/content/rules/University-of-South-Florida.xml
@@ -1,58 +1,46 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://usfsp.edu/ => https://usfsp.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'usfsp.edu'")
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://usfsp.edu/ => https://usfsp.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'usfsp.edu'")
-	For problematic rules, see University-of-South-Florida-mismatches.xml.
-
-
-	Nonfunctional usf.edu subdomains:
+	For University of South Florida Saint Petersburg see USFSP.edu.xml
 
-		- (www.)		(times out)
-		- directory.acomp	(cert: netid.usf.edu; redirects there)
-		- it			(expired, self-signed; 301s to rc.blog.usf.edu/domain-not-found/)
-		- guides.lib		(cert: libguides.com; 404)
-		- (www.)nelson
-		- news
-		- (www.)research
+	Mismatched:
+		- directory.acomp
+		- it
 		- system
-		- tap			(expired, self-signed; 301s to rc.blog.usf.edu/domain-not-found/)
-
--->
-<ruleset name="University of South Florida (partial)" default_off='failed ruleset test'>
-
-	<target host="*.usf.edu" />
-	<target host="usfsp.edu" />
-	<target host="*.usfsp.edu" />
 
+	Refused:
+		- news
 
-	<!--	Not handling cross-domain cookies as a precaution.	-->
-	<securecookie host="^(?:\w.*\.)?usf(?:sp)?\.edu$" name=".+" />
-
-
-	<!--	Cert only matches www.lib.
-						-->
-	<rule from="^http://(?:www\.)?lib\.usf\.edu/"
-		to="https://www.lib.usf.edu/" />
-
-	<rule from="^http://(my|mysites|netid|usfsts|usfweb2|webauth)\.usf\.edu/"
-		to="https://$1.usf.edu/" />
-
-	<!--	- Cert doesn't match
-		- Redirects like so
-				-->
-	<rule from="^http://(?:www\.)?stpete\.usf\.edu/"
-		to="https://www.usfsp.edu/" />
-
-	<rule from="^http://((?:dev|vpn|www)\.)?usfsp\.edu/"
-		to="https://$1usfsp.edu/" />
+	Timeout:
+		- tap
 
-	<!--	- Cert only matches sharemypc.stpete.usf
-		- Data appear identical
-				-->
-	<rule from="^http://sharemypc\.(?:stpete\.usf|usfsp)\.edu/"
-		to="https://sharemypc.stpete.usf.edu/" />
+	Incomplete certificate chain:
+		- lib
 
+	SSL configuration error:
+		- usfweb2 (see https://www.ssllabs.com/ssltest/analyze.html?d=usfweb2.usf.edu)
+-->
+<ruleset name="University of South Florida (partial)">
+	<target host="usf.edu" />
+	<target host="www.usf.edu" />
+	<target host="it.usf.edu" />
+	<target host="lib.usf.edu" />
+	<target host="www.lib.usf.edu" />
+	<target host="guides.lib.usf.edu" />
+	<target host="my.usf.edu" />
+	<target host="mysites.usf.edu" />
+	<target host="netid.usf.edu" />
+	<target host="news.usf.edu" />
+	<target host="research.usf.edu" />
+	<target host="www.research.usf.edu" />
+	<target host="system.usf.edu" />
+	<target host="webauth.usf.edu" />
+
+	<!-- .* removes the path to match website's own 301 redirect -->
+	<rule from="^http://(it|news|system)\.usf\.edu/.*" to="https://www.usf.edu/$1" />
+	<test url="http://it.usf.edu/abcdef" />
+	<test url="http://news.usf.edu/abcdef" />
+	<test url="http://system.usf.edu/abcdef" />
+
+	<rule from="^http://lib\.usf\.edu/" to="https://www.lib.usf.edu/" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Southampton.xml b/src/chrome/content/rules/University-of-Southampton.xml
index 8dedd9efe1d8..ce42ea5e427b 100644
--- a/src/chrome/content/rules/University-of-Southampton.xml
+++ b/src/chrome/content/rules/University-of-Southampton.xml
@@ -10,9 +10,16 @@
 	<!--
 		* for cross-domain cookie.
 					-->
-	<target host="*.noc.ac.uk" />
+	<target host="www.noc.ac.uk" />
 	<target host="soton.ac.uk" />
-	<target host="*.soton.ac.uk" />
+	<target host="www.soton.ac.uk" />
+	<target host="secure.ecs.soton.ac.uk" />
+	<target host="jobs.soton.ac.uk" />
+	<target host="www.jobs.soton.ac.uk" />
+	<target host="noc.soton.ac.uk" />
+	<target host="www.noc.soton.ac.uk" />
+	<target host="sussed.soton.ac.uk" />
+	<target host="www.sussed.soton.ac.uk" />
 	<target host="www.southampton.ac.uk" />
 
 
@@ -28,15 +35,10 @@
 	<rule from="^http://(?:www\.)?soton\.ac\.uk/"
 		to="https://www.soton.ac.uk/" />
 
-	<rule from="^http://secure\.ecs\.soton\.ac\.uk/"
-		to="https://secure.ecs.soton.ac.uk/" />
 
-	<test url="http://secure.ecs.soton.ac.uk/" />
 	<test url="http://secure.ecs.soton.ac.uk/mail/" />
 	<test url="http://secure.ecs.soton.ac.uk/login/" />
 
-	<rule from="^http://(www\.)?jobs\.soton\.ac\.uk/"
-		to="https://$1jobs.soton.ac.uk/" />
 
 	<test url="http://www.jobs.soton.ac.uk/display.aspx?Id=1253&amp;pid=0" />
 
@@ -55,4 +57,5 @@
 	<rule from="^http://www\.southampton\.ac\.uk(?:\:443)?/"
 		to="https://www.southampton.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Southern-California.xml b/src/chrome/content/rules/University-of-Southern-California.xml
index b1acfdd31e9b..a764dd09e9dc 100644
--- a/src/chrome/content/rules/University-of-Southern-California.xml
+++ b/src/chrome/content/rules/University-of-Southern-California.xml
@@ -171,7 +171,7 @@ Fetch error: http://policies.usc.edu/ => https://policy.usc.edu/: (28, 'Connecti
 	* Secured by us
 
 -->
-<ruleset name="USC.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="USC.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University-of-Strathclyde.xml b/src/chrome/content/rules/University-of-Strathclyde.xml
index db6bc4f6fe2f..25755f3ed196 100644
--- a/src/chrome/content/rules/University-of-Strathclyde.xml
+++ b/src/chrome/content/rules/University-of-Strathclyde.xml
@@ -1,7 +1,37 @@
+<!--
+	Problematic hosts in *.strath.ac.uk:
+
+		- aimarem.eee.strath.ac.uk
+		- lists.strath.ac.uk
+		- moss.strath.ac.uk
+
+	https://cis.strath.ac.uk has certificate valid only
+	for www.cis.strath.ac.uk
+	http://cis.strath.ac.uk redirects to https://www.cis.strath.ac.uk
+-->
+
 <ruleset name="University of Strathclyde (partial)">
 
+	<target host="ben.mis.strath.ac.uk"/>
+	<target host="but.mis.strath.ac.uk"/>
+	<target host="cis.strath.ac.uk"/>
+	<target host="classes.myplace.strath.ac.uk"/>
+	<target host="ewds.strath.ac.uk"/>
+	<target host="pegasus.strath.ac.uk"/>
+	<target host="personal.cis.strath.ac.uk"/>
+	<target host="phys.strath.ac.uk"/>
+	<target host="pols.phys.strath.ac.uk"/>
+	<target host="pureportal.strath.ac.uk"/>
+	<target host="pure.strath.ac.uk"/>
+	<target host="servicecatalogue.strath.ac.uk"/>
+	<target host="status.strath.ac.uk"/>
+	<target host="teledir.strath.ac.uk"/>
+	<target host="www.cis.strath.ac.uk"/>
 	<target host="www.strath.ac.uk"/>
 
+	<rule from="^http://cis\.strath\.ac\.uk/"
+		to="https://www.cis.strath.ac.uk/" />
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Texas-System.xml b/src/chrome/content/rules/University-of-Texas-System.xml
index 2a4258bf5f26..b584db987694 100644
--- a/src/chrome/content/rules/University-of-Texas-System.xml
+++ b/src/chrome/content/rules/University-of-Texas-System.xml
@@ -6,7 +6,7 @@ Fetch error: http://data.utsystem.edu/ => https://data.utsystem.edu/: (7, 'Faile
 Disabled by https-everywhere-checker because:
 Fetch error: http://utsystem.edu/ => https://utsystem.edu/: (51, "SSL: no alternative certificate subject name matches target host name 'utsystem.edu'")
 -->
-<ruleset name="University of Texas System" default_off='failed ruleset test'>
+<ruleset name="University of Texas System" default_off="failed ruleset test">
 
 	<target host="utsystem.edu" />
 	<target host="data.utsystem.edu" />
@@ -14,7 +14,7 @@ Fetch error: http://utsystem.edu/ => https://utsystem.edu/: (51, "SSL: no altern
 	<target host="www.utsystem.edu" />
 
 
-	<securecookie host="^(?:.*\.)?utsystem\.edu$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml b/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml
index 936931c2598e..ae36ef6084c1 100644
--- a/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml
+++ b/src/chrome/content/rules/University-of-Texas-at-Austin-mismatches.xml
@@ -4,14 +4,14 @@
 -->
 <ruleset name="University of Texas at Austin (mismatches)" default_off="mismatch, self-signed">
 
-	<target host="*.as.utexas.edu" />
+	<target host="affirmed.as.utexas.edu" />
+	<target host="www.as.utexas.edu" />
 	<target host="www.cpge.utexas.edu" />
 
 
 	<rule from="^http://(?:affirmed|www)\.as\.utexas\.edu/"
 		to="https://affirmed.as.utexas.edu/" />
 
-	<rule from="^http://www\.cpge\.utexas\.edu/"
-		to="https://www.cpge.utexas.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Texas-at-Dallas.xml b/src/chrome/content/rules/University-of-Texas-at-Dallas.xml
index c79a79ef7cb3..d6c33dfe3587 100644
--- a/src/chrome/content/rules/University-of-Texas-at-Dallas.xml
+++ b/src/chrome/content/rules/University-of-Texas-at-Dallas.xml
@@ -70,7 +70,33 @@
 -->
 <ruleset name="University of Texas at Dallas (partial)">
 	<target host="utdallas.edu" />
-	<target host="*.utdallas.edu" />
+	<target host="www.utdallas.edu" />
+	<target host="autodiscover.utdallas.edu" />
+	<target host="coursebook.utdallas.edu" />
+	<target host="dali.utdallas.edu" />
+	<target host="dox.utdallas.edu" />
+	<target host="eforms.utdallas.edu" />
+	<target host="elearning.utdallas.edu" />
+	<target host="elearningpilot.utdallas.edu" />
+	<target host="elearningstaging.utdallas.edu" />
+	<target host="elearningtest.utdallas.edu" />
+	<target host="eval.utdallas.edu" />
+	<target host="galaxy.utdallas.edu" />
+	<target host="go.utdallas.edu" />
+	<target host="goto.utdallas.edu" />
+	<target host="input.utdallas.edu" />
+	<target host="oue.utdallas.edu" />
+	<target host="pages.utdallas.edu" />
+	<target host="policy.utdallas.edu" />
+	<target host="provost.utdallas.edu" />
+	<target host="ptg.utdallas.edu" />
+	<target host="qep.utdallas.edu" />
+	<target host="rodin.utdallas.edu" />
+	<target host="sis-portal-prod.utdallas.edu" />
+	<target host="v.utdallas.edu" />
+	<target host="webmail.utdallas.edu" />
+	<target host="sacs.utdallas.edu" />
+	<target host="sacscoc.utdallas.edu" />
 
 
 	<!--	Secured by server:
@@ -95,9 +121,8 @@
 									-->
 	<rule from="^http://(?:www\.)?utdallas\.edu/" to="https://www.utdallas.edu/" />
 
-	<rule from="^http://(autodiscover|coursebook|dali|dox|eforms|elearning(?:pilot|staging|test)?|eval|galaxy|go|goto|input|oue|pages|policy|provost|ptg|qep|rodin|sis-portal-prod|v|webmail)\.utdallas\.edu/"
-		to="https://$1.utdallas.edu/" />
 
 	<rule from="^http://sacs(?:coc)?\.utdallas\.edu/"
 		to="https://sacs.utdallas.edu/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Utah.xml b/src/chrome/content/rules/University-of-Utah.xml
index f5ca33fafb8d..f6e3e08968fc 100644
--- a/src/chrome/content/rules/University-of-Utah.xml
+++ b/src/chrome/content/rules/University-of-Utah.xml
@@ -51,7 +51,7 @@ Fetch error: http://www.gradschool.utah.edu/ => https://www.gradschool.utah.edu/
 	² Expired
 
 -->
-<ruleset name="Utah.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Utah.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University-of-Virginia.xml b/src/chrome/content/rules/University-of-Virginia.xml
index 40763740a9fa..7d7c408d1411 100644
--- a/src/chrome/content/rules/University-of-Virginia.xml
+++ b/src/chrome/content/rules/University-of-Virginia.xml
@@ -70,7 +70,24 @@
 -->
 <ruleset name="University of Virginia (partial)">
 
-	<target host="*.virginia.edu" />
+	<target host="sisuva.admin.virginia.edu" />
+	<target host="www.cs.virginia.edu" />
+	<target host="mail.eservices.virginia.edu" />
+	<target host="gwis.virginia.edu" />
+	<target host="collab.itc.virginia.edu" />
+	<target host="eventcal.itc.virginia.edu" />
+	<target host="www.its.virginia.edu" />
+	<target host="lists.virginia.edu" />
+	<target host="www.mail.virginia.edu" />
+	<target host="netbadge.virginia.edu" />
+	<target host="news.virginia.edu" />
+	<target host="admin.people.virginia.edu" />
+	<target host="rabi.phys.virginia.edu" />
+	<target host="standard.pki.virginia.edu" />
+	<target host="uvaemergency.virginia.edu" />
+	<target host="itc.virginia.edu" />
+	<target host="www.itc.virginia.edu" />
+	<target host="its.virginia.edu" />
 
 
 	<!--	Not secured by server:
diff --git a/src/chrome/content/rules/University-of-Waterloo.xml b/src/chrome/content/rules/University-of-Waterloo.xml
index 8935745fe176..6759f4445f9a 100644
--- a/src/chrome/content/rules/University-of-Waterloo.xml
+++ b/src/chrome/content/rules/University-of-Waterloo.xml
@@ -1,4 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://cecspilot.cecssys.uwaterloo.ca/ => https://cecspilot.cecssys.uwaterloo.ca/: (35, 'error:1425F102:SSL routines:ssl_choose_client_version:unsupported protocol')
+Fetch error: http://digital.library.uwaterloo.ca/ => https://digital.library.uwaterloo.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://nexusmail.uwaterloo.ca/ => https://nexusmail.uwaterloo.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://www.nexusmail.uwaterloo.ca/ => https://www.nexusmail.uwaterloo.ca/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://uwspace.uwaterloo.ca/ => https://uwspace.uwaterloo.ca/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Different HTTP/HTTPS content:
 		development.uwaterloo.ca
 		info.uwaterloo.ca
@@ -7,36 +16,41 @@
 	Invalid certificate:
 		cacr.uwaterloo.ca
 		cecs.uwaterloo.ca
+		mirror.cs.uwaterloo.ca
 		hr.uwaterloo.ca
+		mirror.uwaterloo.ca
 
 -->
 <ruleset name="University of Waterloo (partial)">
 	<target host="uwaterloo.ca" />
 	<target host="www.uwaterloo.ca" />
-	<target host="cecspilot.cecssys.uwaterloo.ca" />
+	<!-- target host="cecspilot.cecssys.uwaterloo.ca" /-->
 	<target host="www.civil.uwaterloo.ca" />
 	<target host="crysp.uwaterloo.ca" />
 	<target host="cs.uwaterloo.ca" />
 	<target host="www.cs.uwaterloo.ca" />
+	<target host="mirror.cs.uwaterloo.ca" />
 	<target host="csclub.uwaterloo.ca" />
 	<target host="mirror.csclub.uwaterloo.ca" />
 	<target host="bookings.lib.uwaterloo.ca" />
 	<target host="www.lib.uwaterloo.ca" />
-	<target host="digital.library.uwaterloo.ca" />
-	<target host="mailservices.uwaterloo.ca" />	
+	<!-- target host="digital.library.uwaterloo.ca" /-->
+	<target host="mailservices.uwaterloo.ca" />
 	<target host="math.uwaterloo.ca" />
 	<target host="cemc.math.uwaterloo.ca" />
 	<target host="www.math.uwaterloo.ca" />
 		<!-- 404 with HTTPS -->
 		<exclusion pattern="^http://www.math.uwaterloo.ca/tsp/" />
-		<test url="http://www.math.uwaterloo.ca/tsp/" />
-	<target host="nexusmail.uwaterloo.ca" />
-	<target host="www.nexusmail.uwaterloo.ca" />
+		  <test url="http://www.math.uwaterloo.ca/tsp/" />
+	<target host="mirror.uwaterloo.ca" />
+	<!-- target host="nexusmail.uwaterloo.ca" /-->
+	<!-- target host="www.nexusmail.uwaterloo.ca" /-->
 	<target host="www.reserves.uwaterloo.ca" />
 	<target host="ripple.uwaterloo.ca" />
-	<target host="uwspace.uwaterloo.ca" />
+	<!-- target host="uwspace.uwaterloo.ca" /-->
 	<target host="wise.uwaterloo.ca" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http://mirror\.uwaterloo\.ca/" to="https://mirror.csclub.uwaterloo.ca/" />
+	<rule from="^http://mirror\.cs\.uwaterloo\.ca/" to="https://mirror.csclub.uwaterloo.ca/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University-of-Western-Australia.xml b/src/chrome/content/rules/University-of-Western-Australia.xml
index b999a6061d95..1ad390903f39 100644
--- a/src/chrome/content/rules/University-of-Western-Australia.xml
+++ b/src/chrome/content/rules/University-of-Western-Australia.xml
@@ -2,7 +2,7 @@
 	Nonfunctional subdomains:
 
 		- (www.)
-		- websites.psychology	(times out)	
+		- websites.psychology	(times out)
 		- www.news		(rx_record_too_long)
 
 
diff --git a/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml b/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml
index 38891af1c4c5..6d1e8b9d19d9 100644
--- a/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml
+++ b/src/chrome/content/rules/University-of-Wisconsin-Milwaukee.xml
@@ -38,7 +38,7 @@ Fetch error: http://roomscheduling.uwm.edu/ => https://roomscheduling.uwm.edu/:
 		apps.uwm.edu
 		techmallshop.uwm.edu
 -->
-<ruleset name="University of Wisconsin–Milwaukee (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Wisconsin–Milwaukee (partial)" default_off="failed ruleset test">
 
 	<target host="www.uwm.edu" />
 	<target host="uwm.edu" />
diff --git a/src/chrome/content/rules/University_Computer_Club.xml b/src/chrome/content/rules/University_Computer_Club.xml
index b8f55eef8765..5b7f425452f1 100644
--- a/src/chrome/content/rules/University_Computer_Club.xml
+++ b/src/chrome/content/rules/University_Computer_Club.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_at_Buffalo.xml b/src/chrome/content/rules/University_at_Buffalo.xml
index 36f53985c450..284536762aad 100644
--- a/src/chrome/content/rules/University_at_Buffalo.xml
+++ b/src/chrome/content/rules/University_at_Buffalo.xml
@@ -16,7 +16,6 @@ Non-2xx HTTP code: http://www.ubfoundation.buffalo.edu/ (200) => https://ubfound
 
 	Other University at Buffalo rulesets:
 
-		- BioXFEL.org.xml
 
 
 	Nonfunctional hosts in *buffalo.edu:
@@ -113,7 +112,7 @@ Non-2xx HTTP code: http://www.ubfoundation.buffalo.edu/ (200) => https://ubfound
 	* Secured by us
 
 -->
-<ruleset name="Buffalo.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Buffalo.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -122,7 +121,9 @@ Non-2xx HTTP code: http://www.ubfoundation.buffalo.edu/ (200) => https://ubfound
 	<target host="www.alumni.buffalo.edu" />
 	<target host="coeus.buffalo.edu" />
 	<target host="wiki.cse.buffalo.edu" />
-	<!--target host="www.cse.buffalo.edu" /-->
+	<target host="ftp.cse.buffalo.edu" />
+	<target host="www.cse.buffalo.edu" />
+	<target host="engineering.buffalo.edu" />
 	<target host="prv-web.eng.buffalo.edu" />
 	<!--target host="www.eng.buffalo.edu" /-->
 	<target host="myub.buffalo.edu" />
diff --git a/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml b/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml
index 2dc30c9ee3ce..b0c44410556a 100644
--- a/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml
+++ b/src/chrome/content/rules/University_of_Applied_Sciences_Kiel.xml
@@ -1,19 +1,30 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- hrzsophos.hrz.isc.fh-kiel.de
+		- module.fh-kiel.de
+		- vpn.fh-kiel.de
+
+		SSL peer certificate was not OK:
+		- fh-kiel.de
+		- www.student.fh-kiel.de
+-->
 <ruleset name="University of Applied Sciences Kiel">
-
 	<target host="fh-kiel.de" />
-	<target host="*.fh-kiel.de" />
-
+	<target host="www.fh-kiel.de" />
+	<target host="email.fh-kiel.de" />
+	<target host="ida.fh-kiel.de" />
+	<target host="modulanmeldung.fh-kiel.de" />
+	<target host="student.fh-kiel.de" />
+	<target host="www.student.fh-kiel.de" />
 
-	<securecookie host="^(?:(?:(?:www)?|(?:www\.)?(?:email|student)|hrzsophos\.hrz\.isc|ida|modulanmeldung|module|vpn)\.)?fh-kiel.de$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-
-	<rule from="^http://(?:www\.)?fh-kiel\.de/"
+	<rule from="^http://fh-kiel\.de/"
 		to="https://www.fh-kiel.de/" />
 
-	<rule from="^http://(?:www\.)?(email|student)\.fh-kiel\.de/"
-		to="https://$1.fh-kiel.de/" />
-
-	<rule from="^http://(ida|hrzsophos\.hrz\.isc|modulanmeldung|module|vpn)\.fh-kiel\.de/"
-		to="https://$1.fh-kiel.de/" />
+	<rule from="^http://www\.student\.fh-kiel\.de/"
+		to="https://student.fh-kiel.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Bath.xml b/src/chrome/content/rules/University_of_Bath.xml
index 1e1079d99d40..278fe7f466ca 100644
--- a/src/chrome/content/rules/University_of_Bath.xml
+++ b/src/chrome/content/rules/University_of_Bath.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(?:www\.)?bath\.ac\.uk/(assets/|common/|external/|favicon\.ico|graphics/|news/system/|system/)"
 		to="https://www.bath.ac.uk/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Bristol.xml b/src/chrome/content/rules/University_of_Bristol.xml
index d18f389942d8..77570f9c0ed5 100644
--- a/src/chrome/content/rules/University_of_Bristol.xml
+++ b/src/chrome/content/rules/University_of_Bristol.xml
@@ -26,7 +26,10 @@
 -->
 <ruleset name="Bris.ac.uk (partial)">
 
-	<target host="*.bris.ac.uk" />
+	<target host="survey.bris.ac.uk" />
+	<target host="www.survey.bris.ac.uk" />
+	<target host="www.alumni.bris.ac.uk" />
+	<target host="shop.bris.ac.uk" />
 		<!--
 			Redirects to http:
 						-->
@@ -50,7 +53,6 @@
 	<rule from="^http://(?:www\.)?survey\.bris\.ac\.uk/"
 		to="https://www.survey.bris.ac.uk/" />
 
-	<rule from="^http://(www\.alumni|shop)\.bris\.ac\.uk/"
-		to="https://$1.bris.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml b/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml
index aaceedb28d10..d0af4422f83e 100644
--- a/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml
+++ b/src/chrome/content/rules/University_of_California_San_Francisco-problematic.xml
@@ -5,14 +5,12 @@
 <ruleset name="University of California, San Francisco (problematic)" default_off="mismatched">
 
 	<target host="postdocs.ucsf.edu" />
-	<target host="*.postdocs.ucsf.edu" />
 	<target host="support.ucsf.edu" />
 
 
 	<securecookie host="^\.postdocs\.ucsf\.edu$" name=".+" />
 
 
-	<rule from="^http://(postdocs|support)\.ucsf\.edu/"
-		to="https://$1.ucsf.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_San_Francisco.xml b/src/chrome/content/rules/University_of_California_San_Francisco.xml
index 9af10e193b98..667423220696 100644
--- a/src/chrome/content/rules/University_of_California_San_Francisco.xml
+++ b/src/chrome/content/rules/University_of_California_San_Francisco.xml
@@ -18,6 +18,8 @@ vx28.ucsf.edu
 		- brightideas	(redirects to http; mismatched, CN: slotmatching14.salesforce.com)
 		- calendar *
 		- directory *
+		- elsamadlab (no https)
+		- floorlab	(no https)
 		- osl		(shows campuslifeservices)
 		- synapse	(no https)
 
@@ -62,31 +64,88 @@ vx28.ucsf.edu
 		- (www.)warnme		(www → ^)
 
 -->
+
 <ruleset name="University of California, San Francisco (partial)">
 
 	<target host="ucsf.edu" />
-	<target host="*.ucsf.edu" />
-
+	<target host="advancedpractice.ucsf.edu" />
+	<target host="alumni.ucsf.edu" />
+	<target host="amecenter.ucsf.edu" />
+	<target host="anchor.ucsf.edu" />
+	<target host="anesthesia.ucsf.edu" />
+	<target host="aprecruit.ucsf.edu" />
+	<target host="bakarinstitute.ucsf.edu" />
+	<target host="biophysics.ucsf.edu" />
+	<target host="blackburnlab.ucsf.edu" />
+	<target host="bmi.ucsf.edu" />
+	<target host="calendar.ucsf.edu" />
+	<target host="campuslifeservices.ucsf.edu" />
+	<target host="career.ucsf.edu" />
+	<target host="cchp.ucsf.edu" />
+	<target host="chancellor.ucsf.edu" />
+	<target host="changlab.ucsf.edu" />
+	<target host="chc.ucsf.edu" />
+	<target host="clinicaltrials.ucsf.edu" />
+	<target host="cores.ucsf.edu" />
+	<target host="coronavirus.ucsf.edu" />
+	<target host="ctsi.ucsf.edu" />
+	<target host="dp.ucsf.edu" />
+	<target host="dyslexia.ucsf.edu" />
+	<target host="eastbaysurgery.ucsf.edu" />
+	<target host="edtech.ucsf.edu" />
+	<target host="finaid.ucsf.edu" />
+	<target host="gastroenterology.ucsf.edu" />
+	<target host="genomics.ucsf.edu" />
+	<target host="giving.ucsf.edu" />
+	<target host="globalhealthsciences.ucsf.edu" />
+	<target host="graduate.ucsf.edu" />
+	<target host="grinberglab.ucsf.edu" />
+	<target host="hividgm.ucsf.edu" />
+	<target host="insideguide.ucsf.edu" />
+	<target host="interprofessional.ucsf.edu" />
+	<target host="ipqb.ucsf.edu" />
+	<target host="isso.ucsf.edu" />
+	<target host="it.ucsf.edu" />
+	<target host="learn.ucsf.edu" />
+	<target host="legal.ucsf.edu" />
+	<target host="meded.ucsf.edu" />
+	<target host="medicine.ucsf.edu" />
+	<target host="medschool.ucsf.edu" />
+	<target host="myaccess.ucsf.edu" />
+	<target host="neuroscape.ucsf.edu" />
+	<target host="oem.ucsf.edu" />
+	<target host="oir.ucsf.edu" />
+	<target host="osher.ucsf.edu" />
+	<target host="pedsurg.ucsf.edu" />
+	<target host="pharmacy.ucsf.edu" />
+	<target host="police.ucsf.edu" />
+	<target host="precisionmedicine.ucsf.edu" />
+	<target host="priority.ucsf.edu" />
+	<target host="psych.ucsf.edu" />
+	<target host="psychiatry.ucsf.edu" />
+	<target host="registrar.ucsf.edu" />
+	<target host="research.ucsf.edu" />
+	<target host="rrp.ucsf.edu" />
+	<target host="saa.ucsf.edu" />
+	<target host="sds.ucsf.edu" />
+	<target host="studenthealth.ucsf.edu" />
+	<target host="studentlife.ucsf.edu" />
+	<target host="surgicalinnovations.ucsf.edu" />
+	<target host="tobacco.ucsf.edu" />
+	<target host="transcare.ucsf.edu" />
+	<target host="ucoracles.ucsf.edu" />
+	<target host="ucsflife.ucsf.edu" />
+	<target host="vr.ucsf.edu" />
+	<target host="warnme.ucsf.edu" />
+	<target host="websites.ucsf.edu" />
+	<target host="weill.ucsf.edu" />
+	<target host="www.currytbcenter.ucsf.edu" />
+	<target host="www.fresno.ucsf.edu" />
+	<target host="www.library.ucsf.edu" />
+	<target host="www.ucsf.edu" />
+	<target host="www.ucsfhealth.org" />
 
 	<securecookie host="^(?:\.asuc|\.career|dp|\.edtech|\.finaid|\.graduate|\.gsa|\.insideguide|\.interprofessional|\.isso|\.?it|\.learn|makeagift|\.oir|\.registrar|\.?saa|\.sac|\.sds|\.ssmb|studenthealth|www)\.ucsf\.edu$" name=".+" />
 
-
-	<rule from="^http://ucsf\.edu/"
-		to="https://www.ucsf.edu/" />
-
-	<!--	These paths redirect to http first:
-
-			- $
-			- site/PageServer$
-			- site/PageServer?pagename=page_not_found
-						-->
-	<rule from="^http://makeagift\.ucsf\.edu/(?:site/PageServer)?(?:\?pagename=page_not_found)?$"
-		to="https://makeagift.ucsf.edu/site/PageServer?pagename=A1_API_GeneralGivingForm" />
-
-	<rule from="^http://(asuc|career|dp|edtech|finaid|graduate|gsa|insideguide|interprofessional|isso|it|learn|makeagift|myaccess|oir|registrar|saa|sac|sds|ssmb|studenthealth|warnme|www)\.ucsf\.edu/"
-		to="https://$1.ucsf.edu/" />
-
-	<rule from="^http://www\.(career|warnme)\.ucsf\.edu/"
-		to="https://$1.ucsf.edu/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:"	to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml b/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml
index 965e241f09cf..38248a1b2ede 100644
--- a/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml
+++ b/src/chrome/content/rules/University_of_California_Santa_Cruz-problematic.xml
@@ -1,5 +1,5 @@
 <!--
-	For rules that are on by default, see 
+	For rules that are on by default, see
 
 -->
 <ruleset name="University of California, Santa Cruz (problematic)" default_off="expired, self-signed">
@@ -7,13 +7,11 @@
 	<target host="archaea.ucsc.edu" />
 	<target host="keys.pbsci.ucsc.edu" />
 	<target host="physicalsecurity.ucsc.edu" />
-	<target host="*.physicalsecurity.ucsc.edu" />
 
 
 	<securecookie host="^\.physicalsecurity\.ucsc\.edu$" name=".+" />
 
 
-	<rule from="^http://(archaea|keys\.pbsci|physicalsecurity)\.ucsc\.edu/"
-		to="https://$1.ucsc.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_California_Santa_Cruz.xml b/src/chrome/content/rules/University_of_California_Santa_Cruz.xml
index 5e91eea45d19..b2e015b049e1 100644
--- a/src/chrome/content/rules/University_of_California_Santa_Cruz.xml
+++ b/src/chrome/content/rules/University_of_California_Santa_Cruz.xml
@@ -102,7 +102,7 @@ Fetch error: http://its-proposals-dev.ucsc.edu/ => https://its-proposals-dev.ucs
 	ˢ Secured by us
 
 -->
-<ruleset name="UCSC.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="UCSC.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University_of_Cape_Town.xml b/src/chrome/content/rules/University_of_Cape_Town.xml
index 3005de4fcf24..2ecfa6e320c8 100644
--- a/src/chrome/content/rules/University_of_Cape_Town.xml
+++ b/src/chrome/content/rules/University_of_Cape_Town.xml
@@ -46,7 +46,7 @@ Fetch error: http://uct.ac.za/ => https://www.uct.ac.za/: (60, 'SSL certificate
 	^staff doesn't exist
 
 -->
-<ruleset name="University of Cape Town (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Cape Town (partial)" default_off="failed ruleset test">
 
 	<target host="uct.ac.za" />
 	<target host="*.uct.ac.za" />
@@ -83,4 +83,4 @@ Fetch error: http://uct.ac.za/ => https://www.uct.ac.za/: (60, 'SSL certificate
 	<rule from="^http://www\.vula\.uct\.ac\.za/(?:\?.*)$"
 		to="https://vula.uct.ac.za/portal" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Central_Lancashire.xml b/src/chrome/content/rules/University_of_Central_Lancashire.xml
index 3b7c56a49366..8e75c4ba5c97 100644
--- a/src/chrome/content/rules/University_of_Central_Lancashire.xml
+++ b/src/chrome/content/rules/University_of_Central_Lancashire.xml
@@ -6,7 +6,7 @@ Fetch error: http://staff.uclan.ac.uk/ => https://staff.uclan.ac.uk/: (28, 'Conn
 Disabled by https-everywhere-checker because:
 Fetch error: http://uclan.ac.uk/ => https://uclan.ac.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'uclan.ac.uk'")
 -->
-<ruleset name="University of Central Lancashire" default_off='failed ruleset test'>
+<ruleset name="University of Central Lancashire" default_off="failed ruleset test">
 
 	<target host="uclan.ac.uk" />
 	<target host="staff.uclan.ac.uk" />
@@ -15,4 +15,4 @@ Fetch error: http://uclan.ac.uk/ => https://uclan.ac.uk/: (51, "SSL: no alternat
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Cincinatti.xml b/src/chrome/content/rules/University_of_Cincinatti.xml
index 041104354698..3a5907ca8a40 100644
--- a/src/chrome/content/rules/University_of_Cincinatti.xml
+++ b/src/chrome/content/rules/University_of_Cincinatti.xml
@@ -26,7 +26,20 @@
 <ruleset name="University of Cincinatti (partial)">
 
 	<target host="uc.edu" />
-	<target host="*.uc.edu" />
+	<target host="www.uc.edu" />
+	<target host="admissions.uc.edu" />
+	<target host="health.uc.edu" />
+	<target host="med.uc.edu" />
+	<target host="medcenter.uc.edu" />
+	<target host="pharmacy.uc.edu" />
+	<target host="researchcompliance.uc.edu" />
+	<target host="www.health.uc.edu" />
+	<target host="www.med.uc.edu" />
+	<target host="www.medcenter.uc.edu" />
+	<target host="www.pharmacy.uc.edu" />
+	<target host="www.researchcompliance.uc.edu" />
+	<target host="intmed.uc.edu" />
+	<target host="ucdirectory.uc.edu" />
 		<exclusion pattern="^http://(?:www\.)?(?:intmed|med|researchcompliance)\.uc\.edu/(?!App_(?:Master|Themes)/|Libraries/|[sS]itefinity/|WebResource\.axd)" />
 
 
@@ -36,7 +49,6 @@
 	<rule from="^http://(?:www\.)?uc\.edu/"
 		to="https://www.uc.edu/" />
 
-	<rule from="^http://(admissions|(?:www\.)?(?:health|med|medcenter|pharmacy|researchcompliance)|intmed|ucdirectory)\.uc\.edu/"
-		to="https://$1.uc.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Derby.xml b/src/chrome/content/rules/University_of_Derby.xml
index 1d7538a0915b..57ceb6c5dca2 100644
--- a/src/chrome/content/rules/University_of_Derby.xml
+++ b/src/chrome/content/rules/University_of_Derby.xml
@@ -9,16 +9,19 @@
 -->
 <ruleset name="University of Derby (partial)">
 
-	<target host="*.derby.ac.uk" />
+	<target host="erecruitment.derby.ac.uk" />
+	<target host="password.derby.ac.uk" />
+	<target host="pssprd.derby.ac.uk" />
+	<target host="students.derby.ac.uk" />
+	<target host="udo.derby.ac.uk" />
 
 
-	<securecookie host="^.+\.derby\.ac\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<!--		www.../enrolment$ points to pssprd...8030,
 		which works with or without port appended.
 								-->
-	<rule from="^http://(erecruitment|password|pssprd|students|udo)\.derby\.ac\.uk(:8030)?/"
-		to="https://$1.derby.ac.uk$2/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Georgia.xml b/src/chrome/content/rules/University_of_Georgia.xml
index e34eedf12936..8d465177e131 100644
--- a/src/chrome/content/rules/University_of_Georgia.xml
+++ b/src/chrome/content/rules/University_of_Georgia.xml
@@ -5,4 +5,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Greifswald.xml b/src/chrome/content/rules/University_of_Greifswald.xml
deleted file mode 100644
index 408381977c4d..000000000000
--- a/src/chrome/content/rules/University_of_Greifswald.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- www.rz *
-		- www *
-
-	* Shows t3cl-hgw.rz; mismatched, CN: t3cl-hgw.rz.uni-greifswald.de
-
-
-	Fully covered subdomains:
-
-		- ilias
-		- t3cl-hgw.rz.uni-greifswald.de
-		- typo3cluster.rz.uni-greifswald.de
-
-
-	^uni-greifswald.de doesn't exist.
-
-
-	Observed cookie domains:
-
-		- ilias
-		- www.rz
-		- www
-
--->
-<ruleset name="University of Greifswald (partial)">
-
-	<target host="*.uni-greifswald.de" />
-
-
-	<securecookie host="^ilias\.uni-greifswald\.de$" name=".+" />
-
-
-	<rule from="^http://(ilias|t3cl-hgw\.rz|typo3cluster\.rz)\.uni-greifswald\.de/"
-		to="https://$1.uni-greifswald.de/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University_of_Grenada.xml b/src/chrome/content/rules/University_of_Grenada.xml
index f7966673c6cd..ef2e0b96d3b7 100644
--- a/src/chrome/content/rules/University_of_Grenada.xml
+++ b/src/chrome/content/rules/University_of_Grenada.xml
@@ -10,13 +10,12 @@
 -->
 <ruleset name="University of Grenada (partial)">
 
-	<target host="*.ugr.es" />
+	<target host="cruetic.ugr.es" />
 
 
 	<securecookie host="^\.?cruetic\.ugr\.es$" name=".+" />
 
 
-	<rule from="^http://cruetic\.ugr\.es/"
-		to="https://cruetic.ugr.es/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Houston.xml b/src/chrome/content/rules/University_of_Houston.xml
index be26209ee53d..752c8c695d69 100644
--- a/src/chrome/content/rules/University_of_Houston.xml
+++ b/src/chrome/content/rules/University_of_Houston.xml
@@ -1,69 +1,53 @@
 <!--
-	Nonfunctional subdomains:
-
-		- bauerticker
-		- distance
-		- orientation.distance	(reset)
-		- www.hrm		(CN: *.contentactive.com; 404)
-		- m.law			(reset)
-		- www.uhsa		(SN: ssl.uh.edu; redirects there)
-		- weekendu		(reset)
-
-
-	Problematic subdomains:
-
-		- www.arch			(CN: ssl.uh.edu; 
-		- eto				(expired; works)
-		- researchstores.nsm.uh.edu	(CN: nsm.uh.edu; works)
-		- www.sw			(CN: ssl.uh.edu;
-
-
-	Fully covered subdomains:
-
-		- ^
-		- accessuh
-		- (www.)bauer
-		- (www.)coe
-		- (www.)egr
-		- (www.)law
-		- fp.my
-		- myuh
-		- nsm
-		- forms.nsm
-		- mail.nsm
-		- mynsm.nsm
-		- mynsmstore.nsm
-		- nsmit.nsm
-		- www.nsm
-		- www.opt
-		- ssl
-		- (www.)tech
-		- vnet
-		- www
-
+	Non-functional hosts
+		Timeout was reached:
+		- bauerticker.uh.edu
+		- orientation.distance.uh.edu
+		- eto.uh.edu
+		- nsm.uh.edu
+		- forms.nsm.uh.edu
+		- nsmit.nsm.uh.edu
+		- researchstores.nsm.uh.edu
+		- www.nsm.uh.edu
+
+		SSL connect error:
+		- m.law.uh.edu
+
+		SSL peer certificate was not OK:
+		- www.arch.uh.edu
+		- bauer.uh.edu
+		- coe.uh.edu
+		- distance.uh.edu
+		- egr.uh.edu
+		- www.hrm.uh.edu
+		- law.uh.edu
+		- mail.nsm.uh.edu
+		- www.sw.uh.edu
+		- www.uhsa.uh.edu
+		- weekendu.uh.edu
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- myuh.uh.edu
+
+		Incomplete certificate chain error:
+		- tech.uh.edu
+		- www.tech.uh.edu
+		- vnet.uh.edu
+
+		Mixed content blocking (MCB) triggered:
+		- www.law.uh.edu
 -->
 <ruleset name="University of Houston (partial)">
-
-	<target host="*.uh.edu" />
-
-
-	<securecookie host="^.+\.uh\.edu$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?uh\.edu/"
-		to="https://ssl.uh.edu/" />
-
-	<rule from="^http://(accessuh|fp\.mh|myuh|(?:forms|mail|mynsm|mynsmstore|nsmit)\.nsm|www\.opt|ssl|vnet)\.uh\.edu/"
-		to="https://$1.uh.edu/" />
-
-	<!--	Certs don't match www.
-					-->
-	<rule from="^http://(?:www\.)?nsm\.uh\.edu/"
-		to="https://nsm.uh.edu/" />
-
-	<!--	Certs don't match !www.
-					-->
-	<rule from="^http://(?:www\.)?(bauer|coe|egr|law|tech)\.uh\.edu/"
-		to="https://www.$1.uh.edu/" />
-
+	<target host="uh.edu" />
+	<target host="www.uh.edu" />
+	<target host="accessuh.uh.edu" />
+	<target host="www.bauer.uh.edu" />
+	<target host="www.coe.uh.edu" />
+	<target host="www.egr.uh.edu" />
+	<target host="www.opt.uh.edu" />
+	<target host="ssl.uh.edu" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Kent.xml b/src/chrome/content/rules/University_of_Kent.xml
index 5437b7f5cf27..d8df7f5fc471 100644
--- a/src/chrome/content/rules/University_of_Kent.xml
+++ b/src/chrome/content/rules/University_of_Kent.xml
@@ -18,7 +18,7 @@ Fetch error: http://sds-staff.kent.ac.uk/ => https://sds-staff.kent.ac.uk/: (28,
 		- .kent.ac.uk
 
 -->
-<ruleset name="Kent.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Kent.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University_of_Leeds.xml b/src/chrome/content/rules/University_of_Leeds.xml
index 41904a6d36cd..327fbee9a577 100644
--- a/src/chrome/content/rules/University_of_Leeds.xml
+++ b/src/chrome/content/rules/University_of_Leeds.xml
@@ -157,7 +157,7 @@ Fetch error: http://pvac.leeds.ac.uk/ => https://www.pvac.leeds.ac.uk/: (51, "SS
 	* Secured by us
 
 -->
-<ruleset name="Leeds.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Leeds.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/University_of_Leicester.xml b/src/chrome/content/rules/University_of_Leicester.xml
index db9bb578663f..f8c962c3aa5d 100644
--- a/src/chrome/content/rules/University_of_Leicester.xml
+++ b/src/chrome/content/rules/University_of_Leicester.xml
@@ -23,7 +23,13 @@
 <ruleset name="University of Leicester (partial)">
 
 	<target host="le.ac.uk" />
-	<target host="*.le.ac.uk" />
+	<target host="www.le.ac.uk" />
+	<target host="myleicester.le.ac.uk" />
+	<target host="www.myleicester.le.ac.uk" />
+	<target host="www2.le.ac.uk" />
+	<target host="swww2.le.ac.uk" />
+	<target host="physics.le.ac.uk" />
+	<target host="www.physics.le.ac.uk" />
 
 
 	<securecookie host="^physics\.le\.ac\.uk" name=".+" />
@@ -32,10 +38,9 @@
 	<rule from="^http://(?:www\.)?le\.ac\.uk/"
 		to="https://www.le.ac.uk/" />
 
-	<rule from="^http://((?:www\.)?myleicester|s?www2)\.le\.ac\.uk/"
-		to="https://$1.le.ac.uk/" />
 
 	<rule from="^http://(?:www\.)?physics\.le\.ac\.uk/"
 		to="https://physics.le.ac.uk/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Mainz-falsemixed.xml b/src/chrome/content/rules/University_of_Mainz-falsemixed.xml
index 226013dd8b05..51b6f5daf470 100644
--- a/src/chrome/content/rules/University_of_Mainz-falsemixed.xml
+++ b/src/chrome/content/rules/University_of_Mainz-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.zdv.uni-mainz.de/ => https://www.zdv.uni-mainz.de/: (60,
 	For rules not causing false/broken MCB, see University_of_Mainz.xml.
 
 -->
-<ruleset name="Uni-Mainz.de (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Uni-Mainz.de (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="www.zdv.uni-mainz.de" />
 
diff --git a/src/chrome/content/rules/University_of_Mainz.xml b/src/chrome/content/rules/University_of_Mainz.xml
index 4380d66fe616..bcef5f2261aa 100644
--- a/src/chrome/content/rules/University_of_Mainz.xml
+++ b/src/chrome/content/rules/University_of_Mainz.xml
@@ -110,32 +110,32 @@ Fetch error: http://zdv.uni-mainz.de/ => https://www.$uni-mainz.de/: (6, 'Could
 	ᵘ Unsecurable, doesn't trip MCB
 
 -->
-<ruleset name="Uni-Mainz.de (partial)" default_off='failed ruleset test'>
+<ruleset name="Uni-Mainz.de (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
-	<target host="www.blogs.uni-mainz.de" />	
+	<target host="www.blogs.uni-mainz.de" />
 	<target host="www.campusradio.uni-mainz.de" />
 	<target host="www.cs.uni-mainz.de" />
 	<target host="www.elearning.uni-mainz.de" />
 	<target host="ilias.uni-mainz.de" />
 	<target host="www.international.uni-mainz.de" />
 	<target host="www.international-office.uni-mainz.de" />
-	<target host="jogustine.uni-mainz.de" />	
-	<target host="login.uni-mainz.de" />		
-	<target host="www.medienzentrum.uni-mainz.de" />	
-	<target host="moodle.uni-mainz.de" />	
-	<target host="moodle-test.uni-mainz.de" />	
+	<target host="jogustine.uni-mainz.de" />
+	<target host="login.uni-mainz.de" />
+	<target host="www.medienzentrum.uni-mainz.de" />
+	<target host="moodle.uni-mainz.de" />
+	<target host="moodle-test.uni-mainz.de" />
 	<target host="www.pruefungsamt.jura.uni-mainz.de" />
-	<target host="reader.uni-mainz.de" />	
-	<target host="www.sfz.uni-mainz.de" />	
-	<target host="sport.uni-mainz.de" />	
+	<target host="reader.uni-mainz.de" />
+	<target host="www.sfz.uni-mainz.de" />
+	<target host="sport.uni-mainz.de" />
 	<target host="www.sport.uni-mainz.de" />
 	<target host="www.staff.uni-mainz.de" />
 	<target host="www.students.uni-mainz.de" />
-	<target host="www.studium.uni-mainz.de" />	
+	<target host="www.studium.uni-mainz.de" />
 
-	<target host="katalogportalmainz.ub.uni-mainz.de" />	
+	<target host="katalogportalmainz.ub.uni-mainz.de" />
 	<target host="lokalsystem.ub.uni-mainz.de" />
 	<target host="lokalsystem-test.ub.uni-mainz.de" />
 	<target host="opac.ub.uni-mainz.de" />
@@ -144,9 +144,9 @@ Fetch error: http://zdv.uni-mainz.de/ => https://www.$uni-mainz.de/: (6, 'Could
 	<target host="pica71.ub.uni-mainz.de" />
 	<target host="pica8.ub.uni-mainz.de" />
 	<target host="pica81.ub.uni-mainz.de" />
-	<target host="www.ub.uni-mainz.de" />	
+	<target host="www.ub.uni-mainz.de" />
 
-	<target host="univis.uni-mainz.de" />	
+	<target host="univis.uni-mainz.de" />
 	<target host="pa.wiwi.uni-mainz.de" />
 	<target host="www.uni-mainz.de" />
 
diff --git a/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml b/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml
index ca401b20be11..eccf1c8ff613 100644
--- a/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml
+++ b/src/chrome/content/rules/University_of_North_Carolina_at_Greensboro.xml
@@ -61,4 +61,4 @@
 	<rule from="^http://inspirechange\.uncg\.edu/(\?.*)?$"
 		to="https://ure.uncg.edu/features/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Notre_Dame.xml b/src/chrome/content/rules/University_of_Notre_Dame.xml
index b18d1724e6c7..ca980f2d6d06 100644
--- a/src/chrome/content/rules/University_of_Notre_Dame.xml
+++ b/src/chrome/content/rules/University_of_Notre_Dame.xml
@@ -380,7 +380,7 @@ Fetch error: http://nd.edu/ => https://nd.edu/: (60, 'SSL certificate problem: u
 	³ Unsecurable
 
 -->
-<ruleset name="University of Notre Dame (partial)" default_off='failed ruleset test'>
+<ruleset name="University of Notre Dame (partial)" default_off="failed ruleset test">
 
 	<target host="nd.edu" />
 	<target host="*.nd.edu" />
diff --git a/src/chrome/content/rules/University_of_Oslo.xml b/src/chrome/content/rules/University_of_Oslo.xml
index b9b9d1098ea5..f2dbadb31280 100644
--- a/src/chrome/content/rules/University_of_Oslo.xml
+++ b/src/chrome/content/rules/University_of_Oslo.xml
@@ -32,7 +32,7 @@ Fetch error: http://www.diskusjonsforum.uio.no/ => https://www.diskusjonsforum.u
 		- (www.)ub
 
 -->
-<ruleset name="University of Oslo" default_off='failed ruleset test'>
+<ruleset name="University of Oslo" default_off="failed ruleset test">
 
 	<target host="apollon.uio.no" />
 	<target host="biotek.uio.no" />
diff --git a/src/chrome/content/rules/University_of_Passau.xml b/src/chrome/content/rules/University_of_Passau.xml
index 02be9e787bc9..bd8ebddd5f60 100644
--- a/src/chrome/content/rules/University_of_Passau.xml
+++ b/src/chrome/content/rules/University_of_Passau.xml
@@ -55,4 +55,4 @@
 	<rule from="^http://(?:www\.)?students\.uni-passau\.de/(\?.*)?$"
 		to="https:///www.uni-passau.de/hochschulgruppen.html$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Pittsburgh.xml b/src/chrome/content/rules/University_of_Pittsburgh.xml
index a04d69259c89..e35e6bd020c0 100644
--- a/src/chrome/content/rules/University_of_Pittsburgh.xml
+++ b/src/chrome/content/rules/University_of_Pittsburgh.xml
@@ -27,17 +27,25 @@
 <ruleset name="University of Pittsburgh (partial)">
 
 	<target host="pitt.edu" />
-	<target host="*.pitt.edu" />
+	<target host="cs.pitt.edu" />
+	<target host="people.cs.pitt.edu" />
+	<target host="web.cs.pitt.edu" />
+	<target host="www.cs.pitt.edu" />
+	<target host="my.pitt.edu" />
+	<target host="www.my.pitt.edu" />
+	<target host="pre.pitt.edu" />
+	<target host="www.pitt.edu" />
+	<target host="accounts.pitt.edu" />
+	<target host="www.accounts.pitt.edu" />
 
 
 	<!--securecookie host="^\.pitt\.edu$" name="^SESS\w{32}$" /-->
 	<securecookie host="^(?:(?:www\.)?(?:cs|my)|web\.cs)\.pitt\.edu$" name=".+" />
 
 
-	<rule from="^http://((?:(?:people\.|web\.|www\.)?cs|(?:www\.)?my|pre|www)\.)?pitt\.edu/"
-		to="https://$1pitt.edu/" />
 
 	<rule from="^http://(?:www\.)?accounts\.pitt\.edu/"
 		to="https://accounts.pitt.edu/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Reading.xml b/src/chrome/content/rules/University_of_Reading.xml
deleted file mode 100644
index aae636d400c8..000000000000
--- a/src/chrome/content/rules/University_of_Reading.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Cert only matches www
-
--->
-<ruleset name="University of Reading">
-
-	<target host="reading.ac.uk" />
-	<target host="www.reading.ac.uk" />
-
-
-	<securecookie host="^www\.reading\.ac\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/University_of_Rostock.xml b/src/chrome/content/rules/University_of_Rostock.xml
index 41172178d6e5..f929c5f82110 100644
--- a/src/chrome/content/rules/University_of_Rostock.xml
+++ b/src/chrome/content/rules/University_of_Rostock.xml
@@ -33,14 +33,19 @@
 -->
 <ruleset name="University of Rostock (partial)">
 
-	<target host="*.uni-rostock.de" />
+	<target host="autodiscover.uni-rostock.de" />
+	<target host="lsf.uni-rostock.de" />
+	<target host="aktivierung.rz.uni-rostock.de" />
+	<target host="passwd.rz.uni-rostock.de" />
+	<target host="pwd.rz.uni-rostock.de" />
+	<target host="studip.uni-rostock.de" />
+	<target host="webapp.uni-rostock.de" />
 		<!--exclusion pattern="^http://(bax\.comlab|www\.itmz|www)\." /-->
 
 
 	<securecookie host="^(?:email|lsf|studip|webapp)\.uni-rostock\.de$" name=".+" />
 
 
-	<rule from="^http://(autodiscover|email|lsf|mail|aktivierung\.rz|passwd\.rz|pwd\.rz|studip|webapp)\.uni-rostock\.de/"
-		to="https://$1.uni-rostock.de/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Salford.xml b/src/chrome/content/rules/University_of_Salford.xml
index 6fa667bd479a..f4e5c78f46e0 100644
--- a/src/chrome/content/rules/University_of_Salford.xml
+++ b/src/chrome/content/rules/University_of_Salford.xml
@@ -12,13 +12,14 @@
 -->
 <ruleset name="University of Salford (partial)">
 
-	<target host="*.salford.ac.uk" />
+	<target host="usir.salford.ac.uk" />
+	<target host="webhost.salford.ac.uk" />
+	<target host="www.salford.ac.uk" />
 
 
 	<securecookie host="^\.www\.salford\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://(usir|webhost|www)\.salford\.ac\.uk/"
-		to="https://$1.salford.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Saskatchewan.xml b/src/chrome/content/rules/University_of_Saskatchewan.xml
index c3d99770d1ca..23bd019e07e0 100644
--- a/src/chrome/content/rules/University_of_Saskatchewan.xml
+++ b/src/chrome/content/rules/University_of_Saskatchewan.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Sheffield.xml b/src/chrome/content/rules/University_of_Sheffield.xml
index 8f25adc44cb2..746fed45eea2 100644
--- a/src/chrome/content/rules/University_of_Sheffield.xml
+++ b/src/chrome/content/rules/University_of_Sheffield.xml
@@ -27,22 +27,23 @@
 <ruleset name="University of Sheffield (partial)">
 
 	<target host="shef.ac.uk" />
-	<target host="*.shef.ac.uk" />
+	<target host="guide.dcs.shef.ac.uk" />
+	<target host="onlineshop.shef.ac.uk" />
+	<target host="portal.shef.ac.uk" />
+	<target host="www.shef.ac.uk" />
 	<target host="sheffield.ac.uk" />
-	<target host="*.sheffield.ac.uk" />
+	<target host="www.sheffield.ac.uk" />
+	<target host="portal.sheffield.ac.uk" />
 
 
 	<!--securecookie host="^\.shef\.ac\.uk$" name="^(?:fos\.web\.secure|fos\.web\.server|runId)$" /-->
 	<securecookie host="^(?:onlineshop|portal)\.shef\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:guide\.dcs|onlineshop|portal|www)\.)?shef\.ac\.uk/"
-		to="https://$1shef.ac.uk/" />
 
-	<rule from="^http://(www\.)?sheffield\.ac\.uk/"
-		to="https://$1sheffield.ac.uk/" />
 
 	<rule from="^http://portal\.sheffield\.ac\.uk/"
 		to="https://portal.shef.ac.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tampa.xml b/src/chrome/content/rules/University_of_Tampa.xml
index e82c4f0aa748..4b0fc84bde2c 100644
--- a/src/chrome/content/rules/University_of_Tampa.xml
+++ b/src/chrome/content/rules/University_of_Tampa.xml
@@ -7,7 +7,10 @@
 <ruleset name="University of Tampa">
 
 	<target host="ut.edu" />
-	<target host="*.ut.edu" />
+	<target host="www.ut.edu" />
+	<target host="jobs.ut.edu" />
+	<target host="sfs.ut.edu" />
+	<target host="spartanweb.ut.edu" />
 
 
 	<securecookie host="^.+\.ut\.edu$" name=".+" />
@@ -16,7 +19,6 @@
 	<rule from="^http://(?:www\.)?ut\.edu/"
 		to="https://www.ut.edu/" />
 
-	<rule from="^http://(jobs|sfs|spartanweb)\.ut\.edu/"
-		to="https://$1.ut.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/University_of_Tennessee_System.xml b/src/chrome/content/rules/University_of_Tennessee_System.xml
index 96667c90602b..ba59f1d00274 100644
--- a/src/chrome/content/rules/University_of_Tennessee_System.xml
+++ b/src/chrome/content/rules/University_of_Tennessee_System.xml
@@ -26,16 +26,20 @@
 		- security
 		- utap1
 
---> 
+-->
 <ruleset name="University of Tennessee System (partial)">
 
-	<target host="*.tennessee.edu" />
+	<target host="andi.tennessee.edu" />
+	<!--target host="autodiscover.tennessee.edu" /-->
+	<target host="irisweb.tennessee.edu" />
+	<target host="its.tennessee.edu" />
+	<target host="security.tennessee.edu" />
+	<target host="utap1.tennessee.edu" />
 
 
 	<securecookie host="^(?:autodiscover|irisweb|my)\.tennessee\.edu$" name=".+" />
 
 
-	<rule from="^http://(andi|autodiscover|irisweb|its|my|security|utap1)\.tennessee\.edu/"
-		to="https://$1.tennessee.edu/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml b/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml
index e9891f819f5e..0f680f0791ce 100644
--- a/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml
+++ b/src/chrome/content/rules/University_of_Tennessee_at_Martin.xml
@@ -5,28 +5,28 @@ Fetch error: http://legacy.utm.edu/ => https://legacy.utm.edu/: (51, "SSL: no al
 Fetch error: http://primes.utm.edu/ => https://primes.utm.edu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 	See <https://en.wikipedia.org/wiki/University_of_Tennessee_at_Martin>.
-	
+
 	HTTP only:
 		eviprod.utm.edu
-	
+
 	Refused:
 		twister.utm.edu
-	
+
 	Mismatch:
 		www.iep.utm.edu
 		www.philfilms.utm.edu
-	
+
 	Expired:
 		stem.utm.edu
-	
+
 	Self-signed:
 		catalog.utm.edu
 		ns9200.utm.edu
-	
+
 	Mixed content:
 		utmgive.wpengine.com
 
---><ruleset name="University of Tennessee at Martin" default_off='failed ruleset test'>
+--><ruleset name="University of Tennessee at Martin" default_off="failed ruleset test">
 
 	<target host="utm.edu" />
 
diff --git a/src/chrome/content/rules/University_of_Tuebingen-problematic.xml b/src/chrome/content/rules/University_of_Tuebingen-problematic.xml
index 77d98a7d961b..c2bf9d58bc15 100644
--- a/src/chrome/content/rules/University_of_Tuebingen-problematic.xml
+++ b/src/chrome/content/rules/University_of_Tuebingen-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Tuebingen.xml b/src/chrome/content/rules/University_of_Tuebingen.xml
index a3056867b5fc..23992aa40d6b 100644
--- a/src/chrome/content/rules/University_of_Tuebingen.xml
+++ b/src/chrome/content/rules/University_of_Tuebingen.xml
@@ -30,7 +30,10 @@
 <ruleset name="University of Tübingen (partial)">
 
 	<target host="uni-tuebingen.de" />
-	<target host="*.uni-tuebingen.de" />
+	<target host="zdv.uni-tuebingen.de" />
+	<target host="www.uni-tuebingen.de" />
+	<target host="campus.verwaltung.uni-tuebingen.de" />
+	<target host="epv-welt.uni-tuebingen.de" />
 
 
 	<securecookie host="^\.uni-tuebingen\.de$" name="^fe_typo_user$" />
@@ -41,7 +44,6 @@
 	<rule from="^http://(?:zdv\.|www\.)?uni-tuebingen\.de/"
 		to="https://www.uni-tuebingen.de/" />
 
-	<rule from="^http://(campus\.verwaltung|epv-welt)\.uni-tuebingen\.de/"
-		to="https://$1.uni-tuebingen.de/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Waikato.xml b/src/chrome/content/rules/University_of_Waikato.xml
index be5d57077c53..f52f12c89074 100644
--- a/src/chrome/content/rules/University_of_Waikato.xml
+++ b/src/chrome/content/rules/University_of_Waikato.xml
@@ -31,7 +31,12 @@
 <ruleset name="University of Waikato (partial)">
 
 	<target host="waikato.ac.nz" />
-	<target host="*.waikato.ac.nz" />
+	<target host="www.waikato.ac.nz" />
+	<target host="cookie.waikato.ac.nz" />
+	<target host="tools.its.waikato.ac.nz" />
+	<target host="mngt.waikato.ac.nz" />
+	<target host="www.mngt.waikato.ac.nz" />
+	<target host="research.waikato.ac.nz" />
 
 
 	<securecookie host="^.+\.waikato\.ac\.nz$" name=".+" />
diff --git a/src/chrome/content/rules/University_of_Warwick.xml b/src/chrome/content/rules/University_of_Warwick.xml
index 3feae7ba1ab3..54c0f072da7a 100644
--- a/src/chrome/content/rules/University_of_Warwick.xml
+++ b/src/chrome/content/rules/University_of_Warwick.xml
@@ -18,14 +18,18 @@
 <ruleset name="University of Warwick (partial)">
 
 	<target host="warwick.ac.uk" />
-	<target host="*.warwick.ac.uk" />
+	<target host="go.warwick.ac.uk" />
+	<target host="idp.warwick.ac.uk" />
+	<target host="onlinepayment.warwick.ac.uk" />
+	<target host="websignon.warwick.ac.uk" />
+	<target host="www.warwick.ac.uk" />
+	<target host="www2.warwick.ac.uk" />
 		<exclusion pattern="^http://www2\.warwick\.ac\.uk/(?!.+\.(?:gif|jpg|png)|brands/|static_war/)" />
 
 
 	<securecookie host="^(?:idp|onlinepayment)\.warwick\.ac\.uk$" name=".+" />
 
 
-	<rule from="^http://((?:go|idp|onlinepayment|websignon|www2?)\.)?warwick\.ac\.uk/"
-		to="https://$1warwick.ac.uk/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/University_of_Wisconsin-Madison.xml b/src/chrome/content/rules/University_of_Wisconsin-Madison.xml
index 50f23b5be8ce..4b5646b2d289 100644
--- a/src/chrome/content/rules/University_of_Wisconsin-Madison.xml
+++ b/src/chrome/content/rules/University_of_Wisconsin-Madison.xml
@@ -75,16 +75,38 @@ Fetch error: http://wayf.wisc.edu/ => https://wayf.wisc.edu/: (6, 'Could not res
 	* Secured by us
 
 -->
-<ruleset name="University of Wisconsin-Madison" default_off='failed ruleset test'>
-
-	<target host="*.wisc.edu" />
+<ruleset name="University of Wisconsin-Madison" default_off="failed ruleset test">
+
+	<target host="condor-wiki.cs.wisc.edu" />
+	<target host="htcondor-wiki.cs.wisc.edu" />
+	<target host="pages.cs.wisc.edu" />
+	<target host="research.cs.wisc.edu" />
+	<target host="discovery.wisc.edu" />
+	<target host="doit.wisc.edu" />
+	<target host="www.doit.wisc.edu" />
+	<target host="go.wisc.edu" />
+	<target host="kb.wisc.edu" />
+	<target host="learnuw.wisc.edu" />
+	<target host="ecs.library.wisc.edu" />
+	<target host="search.library.wisc.edu" />
+	<target host="login.wisc.edu" />
+	<target host="my.wisc.edu" />
+	<target host="mywebspace.wisc.edu" />
+	<target host="wayf.wisc.edu" />
+	<target host="wiscmail.wisc.edu" />
+	<target host="cs.wisc.edu" />
+	<target host="housing.wisc.edu" />
+	<target host="library.wisc.edu" />
+	<target host="math.wisc.edu" />
+	<target host="www.cs.wisc.edu" />
+	<target host="www.housing.wisc.edu" />
+	<target host="www.library.wisc.edu" />
+	<target host="www.math.wisc.edu" />
 
 	<!-- 404: Individual users must enable SSL for their personal pages. -->
 	<exclusion pattern="^http://pages\.cs\.wisc\.edu/+~" />
 	<test url="http://pages.cs.wisc.edu/~hartzheim" />
 
-	<rule from="^http://((?:condor-wiki|htcondor-wiki|pages|research)\.cs|discovery|(www\.)?doit|go|kb|learnuw|(ecs|search)\.library|login|my|mywebspace|wayf|wiscmail)\.wisc\.edu/"
-	to="https://$1.wisc.edu/" />
 
 	<test url="http://condor-wiki.cs.wisc.edu/" />
 	<test url="http://htcondor-wiki.cs.wisc.edu/" />
@@ -113,4 +135,5 @@ Fetch error: http://wayf.wisc.edu/ => https://wayf.wisc.edu/: (6, 'Could not res
 	<test url="http://www.library.wisc.edu/" />
 	<test url="http://math.wisc.edu/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Universityadmissions.se.xml b/src/chrome/content/rules/Universityadmissions.se.xml
index 0957f19d4324..eeb6fd9f867d 100644
--- a/src/chrome/content/rules/Universityadmissions.se.xml
+++ b/src/chrome/content/rules/Universityadmissions.se.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Univie.ac.at.xml b/src/chrome/content/rules/Univie.ac.at.xml
index 1419232cb2ac..17c38ad63654 100644
--- a/src/chrome/content/rules/Univie.ac.at.xml
+++ b/src/chrome/content/rules/Univie.ac.at.xml
@@ -70,7 +70,31 @@
 <ruleset name="Univie.ac.at (partial)">
 
 	<target host="univie.ac.at" />
-	<target host="*.univie.ac.at" />
+	<target host="aufnahmeverfahren.univie.ac.at" />
+	<target host="bibliothek.univie.ac.at" />
+	<target host="blog.univie.ac.at" />
+	<target host="www.bpc.univie.ac.at" />
+	<target host="cs.univie.ac.at" />
+	<target host="ctl.univie.ac.at" />
+	<target host="data.univie.ac.at" />
+	<target host="forschungsnewsletter.univie.ac.at" />
+	<target host="informatik.univie.ac.at" />
+	<target host="international.univie.ac.at" />
+	<target host="intra.univie.ac.at" />
+	<target host="kalender.univie.ac.at" />
+	<target host="medienportal.univie.ac.at" />
+	<target host="online.univie.ac.at" />
+	<target host="public.univie.ac.at" />
+	<target host="sbterminals.univie.ac.at" />
+	<target host="studentpoint.univie.ac.at" />
+	<target host="studien-lehrwesen.univie.ac.at" />
+	<target host="studienservice-lehrwesen.univie.ac.at" />
+	<target host="www.tbi.univie.ac.at" />
+	<target host="univis.univie.ac.at" />
+	<target host="weblogin.univie.ac.at" />
+	<target host="webmail.univie.ac.at" />
+	<target host="www.univie.ac.at" />
+	<target host="zid.univie.ac.at" />
 		<!--
 			Avoid false/broken MCB:
 						-->
diff --git a/src/chrome/content/rules/Unizar.es.xml b/src/chrome/content/rules/Unizar.es.xml
index 34f3453b83b5..82c9ba80a8a9 100644
--- a/src/chrome/content/rules/Unizar.es.xml
+++ b/src/chrome/content/rules/Unizar.es.xml
@@ -9,13 +9,13 @@ Fetch error: http://mularroya10.cps.unizar.es/ => https://mularroya10.cps.unizar
 
 	Ruleset for unizar.es, the University of Zaragoza website.
 	See <https://en.wikipedia.org/wiki/University_of_Zaragoza>.
-	
+
 	Known issues:
 		* mixed content issues on:
 			- cursosextraordinarios.unizar.es
 			- ocw.unizar.es
 		* incomplete certificate chain on sede.unizar.es.
-	
+
 	Known subdomains that does not support HTTPS or have a wrongly
 	configured certificate (incomplete list):
 		* aize.unizar.es
@@ -38,7 +38,7 @@ Fetch error: http://mularroya10.cps.unizar.es/ => https://mularroya10.cps.unizar
 		* aulavet11.unizar.es
 		* babel.unizar.es
 		* bash.unizar.es
-		
+
 		* bifi.unizar.es
 		* 3gbifi.bifi.unizar.es
 		* analyzer1.bifi.unizar.es
@@ -373,7 +373,7 @@ Fetch error: http://mularroya10.cps.unizar.es/ => https://mularroya10.cps.unizar
 		* zenon.unizar.es
 		* zuriza.unizar.es
 -->
-<ruleset name="Universidad de Zaragoza" default_off='failed ruleset test'>
+<ruleset name="Universidad de Zaragoza" default_off="failed ruleset test">
 
 	<target host="unizar.es" />
 	<target host="www.unizar.es" />
diff --git a/src/chrome/content/rules/UnlimitedHost.xml b/src/chrome/content/rules/UnlimitedHost.xml
deleted file mode 100644
index 4c4fa094a594..000000000000
--- a/src/chrome/content/rules/UnlimitedHost.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.) *
-		- client *
-
-	* http reply
-
--->
-<ruleset name="UnlimitedHost (partial)">
-
-	<target host="apollo.unlimitedhost.asia" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Uno.im.xml b/src/chrome/content/rules/Uno.im.xml
index 703dff89e487..9e030ac24964 100644
--- a/src/chrome/content/rules/Uno.im.xml
+++ b/src/chrome/content/rules/Uno.im.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.uno.im/ => https://www.uno.im/: (6, 'Could not resolve h
 		- .www.uno.im
 
 -->
-<ruleset name="Uno.im" default_off='failed ruleset test'>
+<ruleset name="Uno.im" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/UnoEuro.com.xml b/src/chrome/content/rules/UnoEuro.com.xml
index 5b9a746db3bc..11af8ccbb8f9 100644
--- a/src/chrome/content/rules/UnoEuro.com.xml
+++ b/src/chrome/content/rules/UnoEuro.com.xml
@@ -18,13 +18,18 @@
 <ruleset name="UnoEuro.com (partial)">
 
 	<target host="unoeuro.com" />
-	<target host="*.unoeuro.com" />
+	<target host="de.unoeuro.com" />
+	<target host="en.unoeuro.com" />
+	<target host="lu.unoeuro.com" />
+	<target host="no.unoeuro.com" />
+	<target host="static.unoeuro.com" />
+	<target host="sv.unoeuro.com" />
+	<target host="www.unoeuro.com" />
 
 
 	<securecookie host="^\.unoeuro\.com$" name=".+" />
 
 
-	<rule from="^http://((?:de|en|lu|no|static|sv|www)\.)?unoeuro\.com/"
-		to="https://$1unoeuro.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Unpaywall.org.xml b/src/chrome/content/rules/Unpaywall.org.xml
new file mode 100644
index 000000000000..cf22855bf86a
--- /dev/null
+++ b/src/chrome/content/rules/Unpaywall.org.xml
@@ -0,0 +1,13 @@
+<!--
+	For related rules, see OADOI.org.xml
+
+-->
+<ruleset name="Unpaywall.org">
+
+	<target host="unpaywall.org" />
+	<target host="api.unpaywall.org" />
+	<target host="search.unpaywall.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Unsplash.com.xml b/src/chrome/content/rules/Unsplash.com.xml
new file mode 100644
index 000000000000..044651a931fb
--- /dev/null
+++ b/src/chrome/content/rules/Unsplash.com.xml
@@ -0,0 +1,43 @@
+<!--
+	Non-functional subdomains:
+		- chat		(SSL connection error)
+		- community	(t)
+		- email		(t)
+		- tumblr	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Unsplash.com">
+
+	<target host="unsplash.com" />
+	<target host="www.unsplash.com" />
+	<target host="1095.unsplash.com" />
+	<target host="1460.unsplash.com" />
+	<target host="730.unsplash.com" />
+	<target host="api.unsplash.com" />
+	<target host="awards.unsplash.com" />
+	<target host="book.unsplash.com" />
+	<target host="changelog.unsplash.com" />
+	<target host="download.unsplash.com" />
+		<test url="http://download.unsplash.com/7/girl-flowers.jpg" />
+	<target host="hd.unsplash.com" />
+	<target host="images.unsplash.com" />
+	<target host="instant.unsplash.com" />
+	<target host="madewith.unsplash.com" />
+	<target host="makeday.unsplash.com" />
+	<target host="pages.unsplash.com" />
+	<target host="slack.unsplash.com" />
+	<target host="source.unsplash.com" />
+	<target host="status.unsplash.com" />
+	<target host="store.unsplash.com" />
+	<target host="tv.unsplash.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Untangle.com.xml b/src/chrome/content/rules/Untangle.com.xml
index 3b88f9349c17..3e229b26362e 100644
--- a/src/chrome/content/rules/Untangle.com.xml
+++ b/src/chrome/content/rules/Untangle.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://promo.untangle.com/ => https://promo.untangle.com/: (51, "SS
 	ˢ Secured by us
 
 -->
-<ruleset name="Untangle.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Untangle.com (partial)" default_off="failed ruleset test">
 
 	<target host="untangle.com" />
 	<target host="bugzilla.untangle.com" />
diff --git a/src/chrome/content/rules/Unthem.xml b/src/chrome/content/rules/Unthem.xml
index 5b1a2eac5c4f..3039ede91e39 100644
--- a/src/chrome/content/rules/Unthem.xml
+++ b/src/chrome/content/rules/Unthem.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Unvanquished.net.xml b/src/chrome/content/rules/Unvanquished.net.xml
index e1d340b3a0ea..9486ed075020 100644
--- a/src/chrome/content/rules/Unvanquished.net.xml
+++ b/src/chrome/content/rules/Unvanquished.net.xml
@@ -7,7 +7,8 @@
 <ruleset name="Unvanquished.net" default_off="self-signed">
 
 	<target host="unvanquished.net" />
-	<target host="*.unvanquished.net" />
+	<target host="www.unvanquished.net" />
+	<target host="forum.unvanquished.net" />
 
 
 	<securecookie host="^\.unvanquished\.net$" name=".+" />
diff --git a/src/chrome/content/rules/Unwire.hk.xml b/src/chrome/content/rules/Unwire.hk.xml
index c3f1b5715bb5..2a5780c96ba5 100644
--- a/src/chrome/content/rules/Unwire.hk.xml
+++ b/src/chrome/content/rules/Unwire.hk.xml
@@ -1,33 +1,32 @@
 <!--
 	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - career.unwire.hk
-			 - cdn.unwire.hk
-			 - event.unwire.hk
-			 - link.unwire.hk
-			 - static.unwire.hk
+		Timeout was reached:
+		- sapp.unwire.hk
 
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - edm.unwire.hk
+		SSL peer certificate was not OK:
+		- career.unwire.hk
+		- event.unwire.hk
+		- link.unwire.hk
+		- static.unwire.hk
 
-		Status code mismatch:
-			 - test.unwire.hk
+		Redirects to HTTP:
+		- ad.unwire.hk
 
-		4xx client error:
-			 - jobs.unwire.hk
+		Different content:
+		- test.unwire.hk
 -->
 <ruleset name="Unwire.hk">
 	<target host="unwire.hk" />
 	<target host="www.unwire.hk" />
-	<target host="ad.unwire.hk" />
 	<target host="cache.unwire.hk" />
-	<target host="css.unwire.hk" />
-	<target host="js1.unwire.hk" />
-	<target host="js2.unwire.hk" />
-	<target host="js3.unwire.hk" />
+	<target host="cdn.unwire.hk" />
+	<target host="check.unwire.hk" />
+	<target host="edm.unwire.hk" />
 	<target host="preview.unwire.hk" />
-	<target host="sapp.unwire.hk" />
+	<target host="startfintech.unwire.hk" />
 	<target host="store.unwire.hk" />
 
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Unwire.xml b/src/chrome/content/rules/Unwire.xml
deleted file mode 100644
index 68712b1878de..000000000000
--- a/src/chrome/content/rules/Unwire.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Not covered here:
-
-		- unwire.dk *
-		- editor.portal.unwire.com *
-		- unwire.com **
-
-	 * Bad certificate
-	** Serves https but style sheets fail to load on "mixedcontent" platforms.
--->
-<ruleset name="Unwire">
-
-	<target host="portal.unwire.dk" />
-	<target host="image.unwire.com" />
-
-	<securecookie host="^portal\.unwire\.dk$" name=".+" />
-
-	<rule from="^http:"
-		to="https:"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/UnwiredLtd.com.xml b/src/chrome/content/rules/UnwiredLtd.com.xml
new file mode 100644
index 000000000000..562f42df321d
--- /dev/null
+++ b/src/chrome/content/rules/UnwiredLtd.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="UnwiredLtd.com">
+	<target host="unwiredltd.com" />
+	<target host="www.unwiredltd.com" />
+	<target host="lg.unwiredltd.com" />
+	<target host="svr02-jls.unwiredltd.com" />
+	<target host="svr03-365.unwiredltd.com" />
+	<target host="webmail.unwiredltd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/UpScore.com.xml b/src/chrome/content/rules/UpScore.com.xml
new file mode 100644
index 000000000000..0be4e6aa6a81
--- /dev/null
+++ b/src/chrome/content/rules/UpScore.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Connection closed:
+		data
+-->
+<ruleset name="UpScore.com">
+
+	<target host="upscore.com" />
+	<target host="www.upscore.com" />
+	<target host="content.upscore.com" />
+	<target host="files.upscore.com" />
+		<test url="http://files.upscore.com/async/upScore.js" />
+	<target host="hit-error.upscore.com" />
+	<target host="hit-pool.upscore.com" />
+	<target host="hit-pool-2.upscore.com" />
+	<target host="positions.upscore.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Upaiyun.com.xml b/src/chrome/content/rules/Upaiyun.com.xml
index 7cbafaa964e2..ec65cb6f7022 100644
--- a/src/chrome/content/rules/Upaiyun.com.xml
+++ b/src/chrome/content/rules/Upaiyun.com.xml
@@ -4,27 +4,22 @@
 	Invalid certificate:
 		- upaiyun.com
 		- www.upaiyun.com
-
 -->
 <ruleset name="Upaiyun.com">
+	<target host="upaiyun.com" />
 	<target host="www.upaiyun.com" />
 	<target host="*.b0.upaiyun.com" />
+		<test url="http://apprcn.b0.upaiyun.com/AppleDNS-GUI.png" />
+		<test url="http://honggc.b0.upaiyun.com/romantic-words/" />
+		<test url="http://jbcdn2.b0.upaiyun.com/2017/09/e41e73992d65b40d4d856f068e9d8d62.png" />
 		<test url="http://ko-avatar.b0.upaiyun.com/default/17.png" />
 		<test url="http://ko-avatar.b0.upaiyun.com/default/18.png" />
 		<test url="http://ko-site-cdn.b0.upaiyun.com/" />
 		<test url="http://making-photos.b0.upaiyun.com/photos/c114e153bd2bedbc7594801ddc10ce28.jpg" />
 		<test url="http://mgpyh.b0.upaiyun.com/post_image/a78ea44062d5ee10bc3ef862f8078f9e.jpg" />
-
-	<!--	Refused:	-->
-	<exclusion pattern="^http://(apprcn|honggc|jbcdn2|wxrss)\.b0\.upaiyun\.com/" />
-		<test url="http://apprcn.b0.upaiyun.com/AppleDNS-GUI.png" />
-		<test url="http://honggc.b0.upaiyun.com/romantic-words/" />
-		<test url="http://jbcdn2.b0.upaiyun.com/2017/09/e41e73992d65b40d4d856f068e9d8d62.png" />
-		<test url="http://wxrss.b0.upaiyun.com/14866062155YniKI.jpg" />
-	<!--	Secure connection failed:	-->
-	<exclusion pattern="^http://u77img\.b0\.upaiyun\.com/" />
 		<test url="http://u77img.b0.upaiyun.com/upload/201711/0312092782.jpg" />
 
-	<rule from="^http://www\.upaiyun\.com/" to="https://www.upyun.com/" />
+	<rule from="^http://(www\.)?upaiyun\.com/" to="https://www.upyun.com/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Upay.co.uk.xml b/src/chrome/content/rules/Upay.co.uk.xml
index cc78368e1665..9ed4278ca6a1 100644
--- a/src/chrome/content/rules/Upay.co.uk.xml
+++ b/src/chrome/content/rules/Upay.co.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.upaymobile.co.uk/ => https://www.upaymobile.co.uk/: (51,
 Disabled by https-everywhere-checker because:
 Fetch error: http://upay.co.uk/ => https://www.upay.co.uk/: (6, 'Could not resolve host: upay.co.uk')
 -->
-<ruleset name="Upay" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Upay" platform="mixedcontent" default_off="failed ruleset test">
   <target host="upay.co.uk" />
   <target host="www.upay.co.uk" />
   <target host="upaymobile.co.uk" />
diff --git a/src/chrome/content/rules/Update_Framework.com.xml b/src/chrome/content/rules/Update_Framework.com.xml
deleted file mode 100644
index e6054547b5d6..000000000000
--- a/src/chrome/content/rules/Update_Framework.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Update Framework.com">
-
-	<target host="updateframework.com" />
-	<target host="www.updateframework.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Upf.edu.xml b/src/chrome/content/rules/Upf.edu.xml
index ffbf5420e281..ca014861b81a 100644
--- a/src/chrome/content/rules/Upf.edu.xml
+++ b/src/chrome/content/rules/Upf.edu.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.iula.upf.edu/ => https://www.iula.upf.edu/: (28, 'Connec
 
 	Ruleset for upf.edu, the Pompeu Fabra University website.
 	See <https://en.wikipedia.org/wiki/Pompeu_Fabra_University>.
-	
+
 	Not supporting HTTPS or using an invalid certificate:
 		* aaa.idec.upf.edu
 		* abacdiscoverer.upf.edu
@@ -92,7 +92,7 @@ Fetch error: http://www.iula.upf.edu/ => https://www.iula.upf.edu/: (28, 'Connec
 		* videowork-linux-2.gti.upf.edu
 		* vinson2.upf.edu
 -->
-<ruleset name="Universitat Pompeu Fabra" default_off='failed ruleset test'>
+<ruleset name="Universitat Pompeu Fabra" default_off="failed ruleset test">
 
 	<target host="upf.edu" />
 
diff --git a/src/chrome/content/rules/Upic.me.xml b/src/chrome/content/rules/Upic.me.xml
deleted file mode 100644
index d33767f1a05b..000000000000
--- a/src/chrome/content/rules/Upic.me.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
-
-	Problematic subdomains:
-
-		- th	(works; mismatched, CN: upic.me)
-
--->
-<ruleset name="upic.me (partial)">
-
-	<target host="upic.me" />
-	<target host="*.upic.me" />
-		<!--
-			Redirect to http:
-						-->
-		<!--exclusion pattern="http://upic\.me/+(myuploads)?($|\?)" /-->
-		<!--
-			Exceptions:
-						-->
-		<exclusion pattern="^http://upic\.me/+(?!count/|favicon\.ico|i/|images/|js/|jsgzip/|skins/|t/|tw/i/)" />
-
-
-	<securecookie host="^\.upic\.me$" name="^__utm\w" />
-
-
-	<rule from="^http://(?:th\.|(www\.))?upic\.me/"
-		to="https://$1upic.me/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Upickem.net.xml b/src/chrome/content/rules/Upickem.net.xml
index 881b3ff28da9..7fda3b7efa7c 100644
--- a/src/chrome/content/rules/Upickem.net.xml
+++ b/src/chrome/content/rules/Upickem.net.xml
@@ -48,7 +48,7 @@
 	* Secured by us
 
 -->
-<ruleset name="upickem.net (partial)" default_off="missing certificate chain" platform="mixedcontent">
+<ruleset name="upickem.net (partial)" default_off="cert-chain" platform="mixedcontent">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Uplay.ubi.com.xml b/src/chrome/content/rules/Uplay.ubi.com.xml
deleted file mode 100644
index dfbe5efc5055..000000000000
--- a/src/chrome/content/rules/Uplay.ubi.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://uplay.ubi.com/ => https://www.uplay.ubi.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
-Fetch error: http://www.uplay.ubi.com/ => https://www.uplay.ubi.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://uplay.ubi.com/ => https://www.uplay.ubi.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
-Fetch error: http://www.uplay.ubi.com/ => https://www.uplay.ubi.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
--->
-<ruleset name="Uplay.ubi.com" default_off='failed ruleset test'>
-  <target host="uplay.ubi.com" />
-  <target host="www.uplay.ubi.com" />
-
-  <rule from="^http://(?:www\.)?uplay\.ubi\.com/" to="https://www.uplay.ubi.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/Uploading.com.xml b/src/chrome/content/rules/Uploading.com.xml
index 61ff1fff3e55..ecb2994065c8 100644
--- a/src/chrome/content/rules/Uploading.com.xml
+++ b/src/chrome/content/rules/Uploading.com.xml
@@ -8,10 +8,11 @@ Fetch error: http://uploading.com/ => https://uploading.com/: (60, 'SSL certific
 	Cert doesn't match www.
 
 -->
-<ruleset name="Uploading.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Uploading.com (partial)" default_off="failed ruleset test">
 
 	<target host="uploading.com" />
-	<target host="*.uploading.com" />
+	<target host="api.uploading.com" />
+	<target host="www.uploading.com" />
 
 
 	<securecookie host="^\.uploading\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Upo.es.xml b/src/chrome/content/rules/Upo.es.xml
index 20123e61301f..a6fb99f5fbbf 100644
--- a/src/chrome/content/rules/Upo.es.xml
+++ b/src/chrome/content/rules/Upo.es.xml
@@ -32,7 +32,7 @@ Fetch error: http://riemann.upo.es/ => https://riemann.upo.es/: (51, "SSL: no al
 		* www1.upo.es
 		* www.bioinfocabd.upo.es
 -->
-<ruleset name="Universidad Pablo de Olavide" default_off='failed ruleset test'>
+<ruleset name="Universidad Pablo de Olavide" default_off="failed ruleset test">
 
 	<target host="agenda.upo.es" />
 	<target host="archivo.upo.es" />
diff --git a/src/chrome/content/rules/UpsideOut.com.xml b/src/chrome/content/rules/UpsideOut.com.xml
deleted file mode 100644
index 43ddf6f1347a..000000000000
--- a/src/chrome/content/rules/UpsideOut.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(prints "There is no website configured at this address", valid cert)
-
-
-	Fully covered subdomains:
-
-		- tally		(web bugs)
-
--->
-<ruleset name="UpsideOut.com (partial)">
-
-	<target host="tally.upsideout.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Upstart.xml b/src/chrome/content/rules/Upstart.xml
deleted file mode 100644
index 505626e01bb3..000000000000
--- a/src/chrome/content/rules/Upstart.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d12jwea8dfj5qq.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(times out)
-
--->
-<ruleset name="Upstart">
-
-	<target host="upstart.com" />
-	<target host="*.upstart.com" />
-
-
-	<securecookie host="^(?:www)?\.upstart\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?upstart\.com/"
-		to="https://www.upstart.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Uptilo.xml b/src/chrome/content/rules/Uptilo.xml
index 7dc74715c1a4..7a15785293eb 100644
--- a/src/chrome/content/rules/Uptilo.xml
+++ b/src/chrome/content/rules/Uptilo.xml
@@ -9,16 +9,17 @@
 <ruleset name="Uptilo">
 
 	<target host="uptilo.com" />
-	<target host="*.uptilo.com" />
+	<target host="esm.uptilo.com" />
+	<target host="www.uptilo.com" />
+	<target host="assets.uptilo.com" />
 
 
-	<securecookie host="^(?:.*\.)?uptilo\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(esm\.|www\.)?uptilo\.com/"
-		to="https://$1uptilo.com/" />
 
 	<rule from="^http://assets\.uptilo\.com/"
 		to="https://d3rvd86gsdneth.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Upxth.com.xml b/src/chrome/content/rules/Upxth.com.xml
index cc8f87bd0ab3..a06716e32353 100644
--- a/src/chrome/content/rules/Upxth.com.xml
+++ b/src/chrome/content/rules/Upxth.com.xml
@@ -15,7 +15,7 @@
 <ruleset name="upxth.com (false MCB)" default_off="expired, mismatched, self-signed" platform="mixedcontent">
 
 	<target host="upxth.com" />
-	<target host="*.upxth.com" />
+	<target host="www.upxth.com" />
 
 
 	<securecookie host="^(?:www)?\.upxth\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Ur.se.xml b/src/chrome/content/rules/Ur.se.xml
new file mode 100644
index 000000000000..0c19ef52445c
--- /dev/null
+++ b/src/chrome/content/rules/Ur.se.xml
@@ -0,0 +1,64 @@
+<!--
+	Cert expired:
+		- eplikt-media.ur.se
+		- pod.ur.se
+
+	Cert mismatch:
+		- lyncdiscover.ur.se
+		- msoid.ur.se
+		- sip.ur.se
+		- vpn.ur.se
+		- webbshop.ur.se
+
+	Chain issues:
+		- diagnostics1.ur.se
+
+	Redirect to plain:
+		- bloggar.ur.se
+
+	Timeout:
+		- streaming3.ur.se
+		- transfer.ur.se
+		- www4.ur.se
+-->
+<ruleset name="Ur.se">
+
+	<target host="ur.se" />
+	<target host="www.ur.se" />
+
+	<target host="adfs.ur.se" />
+	<target host="appdata.ur.se" />
+	<target host="assets.ur.se" />
+	<target host="autodiscover.ur.se" />
+	<target host="backstage.ur.se" />
+	<target host="barn.ur.se" />
+	<target host="beta.ur.se" />
+	<target host="embed.ur.se" />
+	<target host="epost.ur.se" />
+	<target host="feeds.ur.se" />
+	<target host="gt.ur.se" />
+	<target host="loadbalancer-1112.ur.se" />
+	<target host="m.ur.se" />
+	<target host="mail.ur.se" />
+	<target host="mediator.ur.se" />
+	<target host="metadata.ur.se" />
+	<target host="portal.ur.se" />
+	<target host="services.ur.se" />
+	<target host="some-assets.ur.se" />
+	<target host="start.ur.se" />
+	<target host="streaming-loadbalancer.ur.se" />
+	<target host="streaming4.ur.se" />
+	<target host="trk01.ur.se" />
+	<target host="undertexter-loadbalancer.ur.se" />
+	<target host="undertexter.ur.se" />
+	<target host="valet.ur.se" />
+	<target host="vip96.ur.se" />
+	<target host="webmail.ur.se" />
+	<target host="wpcms.ur.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Uralfd.ru.xml b/src/chrome/content/rules/Uralfd.ru.xml
deleted file mode 100644
index 6d5a0e4ab9bb..000000000000
--- a/src/chrome/content/rules/Uralfd.ru.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<!--(www.)? refused
-m. mismatch-->
-<ruleset name="Uralfd.ru">
-	<target host="online.uralfd.ru" />
-	<target host="dbo.uralfd.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Urban-Media.xml b/src/chrome/content/rules/Urban-Media.xml
index ffc8f1804304..1ddc3c0acd89 100644
--- a/src/chrome/content/rules/Urban-Media.xml
+++ b/src/chrome/content/rules/Urban-Media.xml
@@ -39,7 +39,7 @@
 
 	<rule from="^http:"
 		to="https:" />
- 
+
 </ruleset>
 
 
diff --git a/src/chrome/content/rules/Urban_Villa.nl.xml b/src/chrome/content/rules/Urban_Villa.nl.xml
index 9156aab88a1c..2f67cba75e05 100644
--- a/src/chrome/content/rules/Urban_Villa.nl.xml
+++ b/src/chrome/content/rules/Urban_Villa.nl.xml
@@ -5,7 +5,7 @@ Fetch error: http://urbanvilla.nl/ => https://urbanvilla.nl/: (60, 'SSL certific
 Fetch error: http://www.urbanvilla.nl/ => https://www.urbanvilla.nl/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="Urban Villa.nl" default_off='failed ruleset test'>
+<ruleset name="Urban Villa.nl" default_off="failed ruleset test">
 
 	<target host="urbanvilla.nl" />
 	<target host="www.urbanvilla.nl" />
diff --git a/src/chrome/content/rules/Urbanartcloud.com.xml b/src/chrome/content/rules/Urbanartcloud.com.xml
deleted file mode 100644
index 01d28c175485..000000000000
--- a/src/chrome/content/rules/Urbanartcloud.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Urbanartcloud">
-<target host="www.urbanartcloud.com"/>
-<target host="urbanartcloud.com"/>
-
-<rule from="^http:" to="https:" />
-
-<test url="http://www.urbanartcloud.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UrlTrends.xml b/src/chrome/content/rules/UrlTrends.xml
index 2a1b19abebf3..82adfcffb673 100644
--- a/src/chrome/content/rules/UrlTrends.xml
+++ b/src/chrome/content/rules/UrlTrends.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Urospace.xml b/src/chrome/content/rules/Urospace.xml
index 86d1117a6dbb..bf6b62729e9b 100644
--- a/src/chrome/content/rules/Urospace.xml
+++ b/src/chrome/content/rules/Urospace.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.urospace.de/ => https://urospace.de/: (60, 'SSL certific
 		- www.urospace.de	(cert only matches ^urospace.de)
 
 -->
-<ruleset name="Urospace (partial)" default_off='failed ruleset test'>
+<ruleset name="Urospace (partial)" default_off="failed ruleset test">
 
 	<target host="urospace.de" />
 	<target host="www.urospace.de" />
@@ -33,4 +33,4 @@ Fetch error: http://www.urospace.de/ => https://urospace.de/: (60, 'SSL certific
 	<rule from="^http://prima\.urospace\.net:2083/"
 		to="https://prima.urospace.net:2083/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Us-cert.gov.xml b/src/chrome/content/rules/Us-cert.gov.xml
index 9b4b9696f818..93915c736fa0 100644
--- a/src/chrome/content/rules/Us-cert.gov.xml
+++ b/src/chrome/content/rules/Us-cert.gov.xml
@@ -5,7 +5,7 @@ Fetch error: http://preview.buildsecurityin.us-cert.gov/ => https://preview.buil
 
 
 -->
-<ruleset name="US-Cert.gov" default_off='failed ruleset test'>
+<ruleset name="US-Cert.gov" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Us.es.xml b/src/chrome/content/rules/Us.es.xml
index 622df9487eca..bfa4a290fd49 100644
--- a/src/chrome/content/rules/Us.es.xml
+++ b/src/chrome/content/rules/Us.es.xml
@@ -95,7 +95,7 @@ Fetch error: http://www.lsi.us.es/ => https://www.lsi.us.es/: (60, 'SSL certific
 		* www.sav.us.es
 		* www.us.es
 -->
-<ruleset name="us.es" default_off='failed ruleset test'>
+<ruleset name="us.es" default_off="failed ruleset test">
 
 	<target host="bellasartes.us.es" />
 	<target host="bicicletas.us.es" />
diff --git a/src/chrome/content/rules/Us_Weekly_subscriptions.com.xml b/src/chrome/content/rules/Us_Weekly_subscriptions.com.xml
deleted file mode 100644
index 89911ac4eaf2..000000000000
--- a/src/chrome/content/rules/Us_Weekly_subscriptions.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other Us Weekly coverage, see Us_Magazine.com.xml.
-
-
-	^: mismatched, CN: www.oxmoorhouse.com
-
-
-	Mixed content:
-
-		- favicon from www.usmagazine.com *
-
-	* Secured by us
-
--->
-<ruleset name="US Weekly subscriptions.com">
-
-	<target host="usweeklysubscriptions.com" />
-	<target host="www.usweeklysubscriptions.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.usweeklysubscriptions\.com$" name="^(JSESSIONID|TI_SPLIT_RANDOM|customerSessionGuid)$" /-->
-
-	<securecookie host="^www\.usweeklysubscriptions\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?usweeklysubscriptions\.com/"
-		to="https://www.usweeklysubscriptions.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Uschovna.cz.xml b/src/chrome/content/rules/Uschovna.cz.xml
new file mode 100644
index 000000000000..198f62d259c4
--- /dev/null
+++ b/src/chrome/content/rules/Uschovna.cz.xml
@@ -0,0 +1,8 @@
+<ruleset name="Uschovna.cz">
+	<target host="uschovna.cz" />
+	<target host="www.uschovna.cz" />
+	<target host="sms.uschovna.cz" />
+	<target host="plus.uschovna.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Use-Enco.com.xml b/src/chrome/content/rules/Use-Enco.com.xml
index d90fa52fa8dd..c4385021501c 100644
--- a/src/chrome/content/rules/Use-Enco.com.xml
+++ b/src/chrome/content/rules/Use-Enco.com.xml
@@ -8,10 +8,10 @@ Fetch error: http://use-enco.com/ => https://www.use-enco.com/: (28, 'Connection
 	Cert only matches www.
 
 -->
-<ruleset name="Use-Enco.com" default_off='failed ruleset test'>
+<ruleset name="Use-Enco.com" default_off="failed ruleset test">
 
 	<target host="use-enco.com" />
-	<target host="*.use-enco.com" />
+	<target host="www.use-enco.com" />
 
 
 	<securecookie host="^(?:www)?\.use-enco\.com$" name=".+" />
diff --git a/src/chrome/content/rules/UsenetServer.xml b/src/chrome/content/rules/UsenetServer.xml
index 70694a6e5a36..295e957d92fa 100644
--- a/src/chrome/content/rules/UsenetServer.xml
+++ b/src/chrome/content/rules/UsenetServer.xml
@@ -1,13 +1,14 @@
 <ruleset name="UsenetServer">
 
 	<target host="usenetserver.com" />
-	<target host="*.usenetserver.com" />
+	<target host="accounts.usenetserver.com" />
+	<target host="globalsearch.usenetserver.com" />
+	<target host="www.usenetserver.com" />
 
 
 	<securecookie host="^.*\.usenetserver\.com$" name=".+" />
 
 
-	<rule from="^http://((?:accounts|globalsearch|www)\.)?usenetserver\.com/"
-		to="https://$1usenetserver.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/UserScape.xml b/src/chrome/content/rules/UserScape.xml
index a317c7acf99a..4b7773b99866 100644
--- a/src/chrome/content/rules/UserScape.xml
+++ b/src/chrome/content/rules/UserScape.xml
@@ -14,7 +14,7 @@ Fetch error: http://drop.userscape.com/ => https://www.userscape.com/: Too many
 	¹: Serves 404s on all requests
 	²: Mismatch
 -->
-<ruleset name="UserScape" default_off='failed ruleset test'>
+<ruleset name="UserScape" default_off="failed ruleset test">
 
 	<target host="userscape.com" />
 	<target host="www.userscape.com" />
diff --git a/src/chrome/content/rules/Userfox.xml b/src/chrome/content/rules/Userfox.xml
index 54124229cd5b..ac799a210a66 100644
--- a/src/chrome/content/rules/Userfox.xml
+++ b/src/chrome/content/rules/Userfox.xml
@@ -34,10 +34,13 @@ Fetch error: http://userfox.com/ => https://www.userfox.com/: (6, 'Could not res
 		- static	(→ d2y71mjhnajxcg.cloudfront.net)
 
 -->
-<ruleset name="userfox" default_off='failed ruleset test'>
+<ruleset name="userfox" default_off="failed ruleset test">
 
 	<target host="userfox.com" />
-	<target host="*.userfox.com" />
+	<target host="www.userfox.com" />
+	<target host="app.userfox.com" />
+	<target host="manage.userfox.com" />
+	<target host="static.userfox.com" />
 
 
 	<!--	Secured by server:
@@ -50,10 +53,9 @@ Fetch error: http://userfox.com/ => https://www.userfox.com/: (6, 'Could not res
 	<rule from="^http://(?:www\.)?userfox\.com/"
 		to="https://www.userfox.com/" />
 
-	<rule from="^http://(app|manage)\.userfox\.com/"
-		to="https://$1.userfox.com/" />
 
 	<rule from="^http://static\.userfox\.com/"
 		to="https://d2y71mjhnajxcg.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Userium.com.xml b/src/chrome/content/rules/Userium.com.xml
index a6ffb3185a6d..d3de3d1f2174 100644
--- a/src/chrome/content/rules/Userium.com.xml
+++ b/src/chrome/content/rules/Userium.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://userium.com/ => https://userium.com/: (60, 'SSL certificate
 Fetch error: http://www.userium.com/ => https://www.userium.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Userium.com" default_off='failed ruleset test'>
+<ruleset name="Userium.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Userscontent.net.xml b/src/chrome/content/rules/Userscontent.net.xml
index 031c8beb014c..037d2cd0609f 100644
--- a/src/chrome/content/rules/Userscontent.net.xml
+++ b/src/chrome/content/rules/Userscontent.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://cdn-eu-i1.userscontent.net/thumbs/662/662020/153_m.jpg => ht
 Fetch error: http://cdn-eu-i1.userscontent.net/ => https://cdn-eu-i1.userscontent.net/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="userscontent.net" default_off='failed ruleset test'>
+<ruleset name="userscontent.net" default_off="failed ruleset test">
 
 	<target host="cdn-eu-i1.userscontent.net" />
 	<target host="img1.userscontent.net" />
diff --git a/src/chrome/content/rules/Uservoice.xml b/src/chrome/content/rules/Uservoice.xml
index 2da33bec7252..6838f86ed208 100644
--- a/src/chrome/content/rules/Uservoice.xml
+++ b/src/chrome/content/rules/Uservoice.xml
@@ -36,7 +36,6 @@
 
 	<securecookie host="^(?!email\.|email\.feedback-poweredby\.|www6\.)\w" name=".+" />
 
-	<test url="http://uservoice.com/" />
 	<test url="http://app.uservoice.com/" />
 	<test url="http://blog.uservoice.com/" />
 	<test url="http://by.uservoice.com/" />
diff --git a/src/chrome/content/rules/Usesthis.com.xml b/src/chrome/content/rules/Usesthis.com.xml
index 28045454c8ad..41e618d21c88 100644
--- a/src/chrome/content/rules/Usesthis.com.xml
+++ b/src/chrome/content/rules/Usesthis.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.usesthis.com/ => https://www.usesthis.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.usesthis.com'")
 
 -->
-<ruleset name="usesthis.com" default_off='failed ruleset test'>
+<ruleset name="usesthis.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ushahidi.com.xml b/src/chrome/content/rules/Ushahidi.com.xml
deleted file mode 100644
index 7a74281975dc..000000000000
--- a/src/chrome/content/rules/Ushahidi.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	(www.)?ushahidi.com: Redirects to team.ushahidi.com
-
--->
-<ruleset name="Ushahidi.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="team.ushahidi.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/UsrJoy.xml b/src/chrome/content/rules/UsrJoy.xml
deleted file mode 100644
index b8f478a90be4..000000000000
--- a/src/chrome/content/rules/UsrJoy.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="UsrJoy">
-  <target host="usrjoy.com" />
-  <target host="www.usrjoy.com" />
-
-  <securecookie host="^(?:.+\.)?usrjoy\.com$" name=".+" />
-
-  <rule from="^http://(?:www\.)?usrjoy\.com/" to="https://www.usrjoy.com/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/Utah-Education-Network.xml b/src/chrome/content/rules/Utah-Education-Network.xml
index 944e2ff3f45e..122da7f6ea16 100644
--- a/src/chrome/content/rules/Utah-Education-Network.xml
+++ b/src/chrome/content/rules/Utah-Education-Network.xml
@@ -12,7 +12,7 @@ Fetch error: http://uen.org/ => https://www.eun.org/: (28, 'Connection timed out
 		- uen.org/^(css|images)+/.+
 		- pioneer.uen.org
 -->
-<ruleset name="Utah Education Network (partial)" default_off='failed ruleset test'>
+<ruleset name="Utah Education Network (partial)" default_off="failed ruleset test">
 
 	<target host="uen.org"/>
 	<target host="online.uen.org"/>
diff --git a/src/chrome/content/rules/Uv.es.xml b/src/chrome/content/rules/Uv.es.xml
index b72b0f1da6c7..85d92d402745 100644
--- a/src/chrome/content/rules/Uv.es.xml
+++ b/src/chrome/content/rules/Uv.es.xml
@@ -8,7 +8,7 @@ Fetch error: http://tresor.uv.es/ => https://tresor.uv.es/: (6, 'Could not resol
 	See <https://en.wikipedia.org/wiki/University_of_Valencia>.
 
 	Not supporting HTTPS or using an invalid certificate:
-	
+
 		* acceso.uv.es
 		* anglogermanica.uv.es
 		* aposta.uv.es
@@ -73,7 +73,7 @@ Fetch error: http://tresor.uv.es/ => https://tresor.uv.es/: (6, 'Could not resol
 		* uvx.uv.es
 		* webific.ific.uv.es
 -->
-<ruleset name="Universitat de Val&#232;ncia" default_off='failed ruleset test'>
+<ruleset name="Universitat de Val&#232;ncia" default_off="failed ruleset test">
 
 	<!-- special case for http://uv.es, as https://uv.es does not exist -->
 	<target host="uv.es" />
diff --git a/src/chrome/content/rules/Uvnc.com.xml b/src/chrome/content/rules/Uvnc.com.xml
new file mode 100644
index 000000000000..030d63cd4fa8
--- /dev/null
+++ b/src/chrome/content/rules/Uvnc.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		forum.uvnc.com
+		www.mail.uvnc.com
+		sponsor4.uvnc.com
+	Time out:
+		forum2.uvnc.com
+		mail.uvnc.com
+		support4.uvnc.com
+-->
+<ruleset name="Uvnc.com">
+	<target host="uvnc.com" />
+	<target host="www.uvnc.com" />
+	<target host="support1.uvnc.com" />
+
+	<rule from="^http://uvnc\.com/" to="https://www.uvnc.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/V-identity.com.xml b/src/chrome/content/rules/V-identity.com.xml
index d56af7bc5d52..7bc4db531052 100644
--- a/src/chrome/content/rules/V-identity.com.xml
+++ b/src/chrome/content/rules/V-identity.com.xml
@@ -8,16 +8,16 @@ Fetch error: http://v-identity.com/ => https://www.v-identity.com/: (6, 'Could n
 		- ^	(404)
 
 -->
-<ruleset name="v-identity.com" default_off='failed ruleset test'>
+<ruleset name="v-identity.com" default_off="failed ruleset test">
 
 	<target host="v-identity.com" />
-	<target host="*.v-identity.com" />
+	<target host="www.v-identity.com" />
+	<target host="cdn.v-identity.com" />
 
 
 	<rule from="^http://(?:www\.)?v-identity\.com/"
 		to="https://www.v-identity.com/" />
 
-	<rule from="^http://cdn\.v-identity\.com/"
-		to="https://cdn.v-identity.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/V2-Cigs.xml b/src/chrome/content/rules/V2-Cigs.xml
deleted file mode 100644
index 4d251202839e..000000000000
--- a/src/chrome/content/rules/V2-Cigs.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- whoson-gw.v2cigs.com
-
--->
-<ruleset name="V2 Cigs (partial)">
-
-	<target host="v2cigs.com" />
-	<target host="*.v2cigs.com" />
-
-
-	<securecookie host="^money\.v2cigs\.com$" name=".+" />
-
-
-	<!--	- Cert only matches www
-		- Some (most?) pages 301 to http
-							-->
-	<rule from="^http://(?:www\.)?v2cigs\.com/$"
-		to="https://www.v2cigs.com/index.php" />
-
-	<rule from="^http://(?:www\.)?v2cigs\.com/(addons/|javascript/|lib/|prefetcher/|(?:(?:account|cart|giftcertificates|index|login)\.php|security\.html)(?:$|\?)|templates/)"
-		to="https://www.v2cigs.com/$1" />
-
-	<rule from="^http://(money|whoson-gw)\.v2cigs\.com/"
-		to="https://$1.v2cigs.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/V3.co.uk.xml b/src/chrome/content/rules/V3.co.uk.xml
index 2c80d2f32d59..a7d9c2633fa1 100644
--- a/src/chrome/content/rules/V3.co.uk.xml
+++ b/src/chrome/content/rules/V3.co.uk.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://(?:www\.)?v3\.co\.uk/(images/loading\.gif|IMG/)"
 		to="https://incmai.incisivemedia.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VA_Loan_Captain.xml b/src/chrome/content/rules/VA_Loan_Captain.xml
index dc88af7a2a3c..6e794fef4081 100644
--- a/src/chrome/content/rules/VA_Loan_Captain.xml
+++ b/src/chrome/content/rules/VA_Loan_Captain.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VBSEO.xml b/src/chrome/content/rules/VBSEO.xml
index fd7ae3353d15..13fff2e23368 100644
--- a/src/chrome/content/rules/VBSEO.xml
+++ b/src/chrome/content/rules/VBSEO.xml
@@ -20,4 +20,4 @@
 	<rule from="^http://(?:cdn\.|(www\.))?vbseo\.com/"
 		to="https://$1vbseo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VB_static.co.xml b/src/chrome/content/rules/VB_static.co.xml
index afa38346cc64..9b8eeaed6f8e 100644
--- a/src/chrome/content/rules/VB_static.co.xml
+++ b/src/chrome/content/rules/VB_static.co.xml
@@ -9,7 +9,7 @@ Fetch error: http://curate.vbstatic.co/ => https://curate.vbstatic.co/: (60, 'SS
 	www.vbstatic.co doesn't exist.
 
 -->
-<ruleset name="VB static.co" default_off='failed ruleset test'>
+<ruleset name="VB static.co" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/VBulletin.xml b/src/chrome/content/rules/VBulletin.xml
index b8f1ae37677a..1ed56cd29287 100644
--- a/src/chrome/content/rules/VBulletin.xml
+++ b/src/chrome/content/rules/VBulletin.xml
@@ -6,7 +6,7 @@
 	<target host="www.vbulletin.com" />
 
 
-	<securecookie host="^(?:.*\.)?vbulletin\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/VC-Server.xml b/src/chrome/content/rules/VC-Server.xml
index 0573e729e9f7..d821d4058ca8 100644
--- a/src/chrome/content/rules/VC-Server.xml
+++ b/src/chrome/content/rules/VC-Server.xml
@@ -10,7 +10,7 @@
 	<target host="vc-server.de" />
 	<target host="www.vc-server.de" />
 	<target host="vpsmanager.vc-server.de" />
-	
+
 	<target host="vc-kundencenter.de" />
 	<target host="www.vc-kundencenter.de" />
 
diff --git a/src/chrome/content/rules/VCAB.com.xml b/src/chrome/content/rules/VCAB.com.xml
index c34ee9399afd..9dadf63f34fb 100644
--- a/src/chrome/content/rules/VCAB.com.xml
+++ b/src/chrome/content/rules/VCAB.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://secure.vcab.com/ => https://secure.vcab.com/: (60, 'SSL cert
 	* Works; mismatched, CN: secure.vcab.com
 
 -->
-<ruleset name="VCAB.com (partial)" default_off='failed ruleset test'>
+<ruleset name="VCAB.com (partial)" default_off="failed ruleset test">
 
 	<target host="secure.vcab.com" />
 
diff --git a/src/chrome/content/rules/VCD.org.xml b/src/chrome/content/rules/VCD.org.xml
index bd7c4a5aa17d..29676b5d52f0 100644
--- a/src/chrome/content/rules/VCD.org.xml
+++ b/src/chrome/content/rules/VCD.org.xml
@@ -14,10 +14,10 @@ Fetch error: http://bildungsservice.vcd.org/ => https://bildungsservice.vcd.org/
   ¹: Redirects to www.vcd.org
   ²: Mismatch
 -->
-<ruleset name="VCD.org" default_off='failed ruleset test'>
+<ruleset name="VCD.org" default_off="failed ruleset test">
   <target host=                   "vcd.org" />
   <target host=               "www.vcd.org" />
-  <target host=            "60plus.vcd.org" />	
+  <target host=            "60plus.vcd.org" />
   <target host=        "www.60plus.vcd.org" />
   <target host=      "aktivenforum.vcd.org" />
   <target host=   "bildungsservice.vcd.org" />
diff --git a/src/chrome/content/rules/VCE.com.xml b/src/chrome/content/rules/VCE.com.xml
index 5ac16de6badb..7b65aa0ee2be 100644
--- a/src/chrome/content/rules/VCE.com.xml
+++ b/src/chrome/content/rules/VCE.com.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://support\.vce\.com/"
 		to="https://vce.secure.force.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VClock.com.xml b/src/chrome/content/rules/VClock.com.xml
new file mode 100644
index 000000000000..e822547af189
--- /dev/null
+++ b/src/chrome/content/rules/VClock.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="VClock.com">
+	<target host="vclock.com" />
+	<target host="www.vclock.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VE7SCC.org.xml b/src/chrome/content/rules/VE7SCC.org.xml
new file mode 100644
index 000000000000..918005765d36
--- /dev/null
+++ b/src/chrome/content/rules/VE7SCC.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Timeout:
+		- club.ve7scc.org
+
+	SSL error:
+		- forum.ve7scc.org
+		- new.ve7scc.org
+
+	Refused:
+		- members.ve7scc.org
+		- members2.ve7scc.org
+-->
+<ruleset name="VE7SCC.org">
+	<target host="ve7scc.org" />
+	<target host="www.ve7scc.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VEVO.xml b/src/chrome/content/rules/VEVO.xml
index bbe1df6a6954..195b255a901d 100644
--- a/src/chrome/content/rules/VEVO.xml
+++ b/src/chrome/content/rules/VEVO.xml
@@ -34,27 +34,11 @@
 	<target host="scache.vevo.com" />
 	<target host="www.vevo.com" />
 	<target host="aws-cache.vevocdn.com" />
-
+		<test url="http://aws-cache.vevocdn.com/assets/images/57598f48-11cc-47c0-9496-0c3c0a0b0d7b.png?width=281&amp;height=159&amp;resize=fill" />
 	<test url="http://scache.vevo.com/Content/VevoImages/artist/62AE5CCE473B998AFD2DB55B659E23E32013167114452900.jpg?width=98&amp;height=98&amp;resize=round" />
 
 	<rule from="^http://cache\.vevo\.com/"
 		to="https://scache.vevo.com/" />
 
-	<!-- www.vevo.com makes relative references to //img.cache.vevo.com/ -->
-	<rule from="^https?://img\.cache\.vevo\.com/"
-		to="https://scache.vevo.com/" />
-
-		<test url="https://img.cache.vevo.com/" />
-		<test url="http://img.cache.vevo.com/Content/VevoImages/artist/62AE5CCE473B998AFD2DB55B659E23E32013167114452900.jpg?width=98&amp;height=98&amp;resize=round" />
-		<test url="https://img.cache.vevo.com/Content/VevoImages/artist/62AE5CCE473B998AFD2DB55B659E23E32013167114452900.jpg?width=98&amp;height=98&amp;resize=round" />
-
-	<!-- www.vevo.com makes relative references to //aws-cache.vevocdn.com/ -->
-	<rule from="^https?://aws-cache\.vevocdn\.com/"
-		to="https://aws-cache.vevo.com/" />
-
-		<test url="https://aws-cache.vevocdn.com/" />
-		<test url="http://aws-cache.vevocdn.com/assets/images/57598f48-11cc-47c0-9496-0c3c0a0b0d7b.png?width=281&amp;height=159&amp;resize=fill" />
-		<test url="https://aws-cache.vevocdn.com/assets/images/57598f48-11cc-47c0-9496-0c3c0a0b0d7b.png?width=281&amp;height=159&amp;resize=fill" />
-
 	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VGO_Com.com.xml b/src/chrome/content/rules/VGO_Com.com.xml
deleted file mode 100644
index cae09a9aac39..000000000000
--- a/src/chrome/content/rules/VGO_Com.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	www: refused
-
--->
-<ruleset name="VGO Com.com (partial)">
-
-	<target host="vgocom.com" />
-	<target host="controlpanel.vgocom.com" />
-		<!--exclusion pattern="^http://www\." /-->
-
-
-	<!--securecookie host="^\.vgocom\.com$" name="^SESS[0-9a-f]{32}$" /-->
-	<securecookie host="^controlpanel\.vgocom\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VIM-Adventures.com.xml b/src/chrome/content/rules/VIM-Adventures.com.xml
new file mode 100644
index 000000000000..407aa6ded6bf
--- /dev/null
+++ b/src/chrome/content/rules/VIM-Adventures.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="VIM-Adventures.com">
+	<target host="vim-adventures.com" />
+	<target host="www.vim-adventures.com" />
+	<target host="beta.vim-adventures.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VIOFO.com.xml b/src/chrome/content/rules/VIOFO.com.xml
new file mode 100644
index 000000000000..76f55bcfa07a
--- /dev/null
+++ b/src/chrome/content/rules/VIOFO.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="VIOFO.com">
+
+	<target host="viofo.com" />
+	<target host="www.viofo.com" />
+	<target host="support.viofo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VIP.de.xml b/src/chrome/content/rules/VIP.de.xml
deleted file mode 100644
index f26a60a6e637..000000000000
--- a/src/chrome/content/rules/VIP.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional hosts in *.vip.de:
-
-	connection refused:
-		- ssl.1.damoh.vip.de
-		- ssl.2.damoh.vip.de
-		- ssl.3.damoh.vip.de
-		- fashion24.vip.de
--->
-<ruleset name="VIP.de">
-	<target host="vip.de" />
-	<target host="www.vip.de" />
-	<target host="ais.vip.de" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/VIPLeague.cc.xml b/src/chrome/content/rules/VIPLeague.cc.xml
new file mode 100644
index 000000000000..3b6c6a402bfc
--- /dev/null
+++ b/src/chrome/content/rules/VIPLeague.cc.xml
@@ -0,0 +1,14 @@
+<ruleset name="VIPLeague.cc">
+	<target host="vipleague.cc" />
+	<target host="www.vipleague.cc" />
+	<target host="ar.vipleague.cc" />
+	<target host="de.vipleague.cc" />
+	<target host="es.vipleague.cc" />
+	<target host="fr.vipleague.cc" />
+	<target host="it.vipleague.cc" />
+	<target host="ja.vipleague.cc" />
+	<target host="nl.vipleague.cc" />
+	<target host="pt.vipleague.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VIRURL.xml b/src/chrome/content/rules/VIRURL.xml
index f18be618cda4..62b91909c0b0 100644
--- a/src/chrome/content/rules/VIRURL.xml
+++ b/src/chrome/content/rules/VIRURL.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.virurl.com/ => https://www.virurl.com/: (6, 'Could not r
 Automatically by https-everywhere-checker because:
 Fetch error: http://spn.sr/ => https://spn.sr/: (6, 'Could not resolve host: revv.nu')
 -->
-<ruleset name="VIRURL" default_off='failed ruleset test'>
+<ruleset name="VIRURL" default_off="failed ruleset test">
 
 	<target host="spn.sr" />
 	<target host="virurl.com" />
@@ -21,4 +21,4 @@ Fetch error: http://spn.sr/ => https://spn.sr/: (6, 'Could not resolve host: rev
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VIVE.com.xml b/src/chrome/content/rules/VIVE.com.xml
new file mode 100644
index 000000000000..621cd4c84796
--- /dev/null
+++ b/src/chrome/content/rules/VIVE.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		- image.email.vive.com
+		- locator.vive.com, equivalent to htcvive.zenlocator.com
+		- sl.vive.com
+
+	Timed out:
+		- pages.email.vive.com
+-->
+
+<ruleset name="VIVE.com">
+	<target host="vive.com" />
+	<target host="www.vive.com" />
+	<target host="store.ap.vive.com" />
+	<target host="arts.vive.com" />
+	<target host="blog.vive.com" />
+	<target host="booking.vive.com" />
+	<target host="community.vive.com" />
+	<target host="customer-api.vive.com" />
+	<target host="developer.vive.com" />
+	<target host="discover.vive.com" />
+	<target host="dl.vive.com" />
+	<target host="enterprise.vive.com" />
+	<target host="store.eu.vive.com" />
+	<target host="hub.vive.com" />
+	<target host="lab.vive.com" />
+	<target host="link.vive.com" />
+	<target host="locator.vive.com" />
+	<target host="stage-hub.vive.com" />
+	<target host="stage-store.vive.com" />
+	<target host="stage-web.vive.com" />
+	<target host="store.vive.com" />
+	<target host="summit.vive.com" />
+	<target host="store.us.vive.com" />
+	<target host="vivex.vive.com" />
+	<target host="vr-hwdl.vive.com" />
+
+	<rule from="^http://locator\.vive\.com/"
+		to="https://htcvive.zenlocator.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VK.se.xml b/src/chrome/content/rules/VK.se.xml
index b77bd740b434..bee3ab532a6c 100644
--- a/src/chrome/content/rules/VK.se.xml
+++ b/src/chrome/content/rules/VK.se.xml
@@ -27,16 +27,16 @@
 -->
 <ruleset name="VK.se (partial)">
 
-	<target host="*.vk.se" />
+	<target host="etidning.vk.se" />
+	<target host="sifomedia.vk.se" />
 
 
 	<securecookie host="^etidning\.vk\.se$" name=".+" />
 
 
-	<rule from="^http://etidning\.vk\.se/"
-		to="https://etidning.vk.se/" />
 
 	<rule from="^http://sifomedia\.vk\.se/"
 		to="https://oasc07.247realmedia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VMware.xml b/src/chrome/content/rules/VMware.xml
index 4a8347658528..b75777aa0538 100644
--- a/src/chrome/content/rules/VMware.xml
+++ b/src/chrome/content/rules/VMware.xml
@@ -1,7 +1,6 @@
 <!--
 	Other VMware rulesets:
 
-		- VMware_Blogs.com.xml
 
 
 	CDN buckets:
diff --git a/src/chrome/content/rules/VMware_Blogs.com.xml b/src/chrome/content/rules/VMware_Blogs.com.xml
deleted file mode 100644
index 29ff04f0a6bc..000000000000
--- a/src/chrome/content/rules/VMware_Blogs.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For other VMware coverage, see VMware.xml.
-
-
-	^vmwareblogs.com: Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.vmwareblogs.com
-
--->
-<ruleset name="VMware Blogs.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.vmwareblogs.com" />
-
-	<!--	Complications:
-				-->
-	<target host="vmwareblogs.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.vmwareblogs\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^www\.vmwareblogs\.com$" name=".+" />
-
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://vmwareblogs\.com/+"
-		to="https://www.vmwareblogs.com/" />
-
-		<test url="http://vmwareblogs.com/planet" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VOA_Chinese.com.xml b/src/chrome/content/rules/VOA_Chinese.com.xml
index cfaacdfeab22..d1d663521f84 100644
--- a/src/chrome/content/rules/VOA_Chinese.com.xml
+++ b/src/chrome/content/rules/VOA_Chinese.com.xml
@@ -1,12 +1,7 @@
-<!--
-	Mismatch:
-		^
-		m
--->
 <ruleset name="VOA_Chinese.com">
 	<target host="voachinese.com" />
 	<target host="m.voachinese.com" />
 	<target host="www.voachinese.com" />
 
-	<rule from="^http://(www\.|m\.)?voachinese\.com/" to="https://www.voachinese.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VPAC.org.xml b/src/chrome/content/rules/VPAC.org.xml
index 57463b0486b3..9873fb553ead 100644
--- a/src/chrome/content/rules/VPAC.org.xml
+++ b/src/chrome/content/rules/VPAC.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://vpac.org/ => https://vpac.org/: (28, 'Connection timed out a
 Fetch error: http://www.vpac.org/ => https://www.vpac.org/: (7, 'Failed to connect to www.vpac.org port 443: Connection refused')
 
 -->
-<ruleset name="VPAC.org" default_off='failed ruleset test'>
+<ruleset name="VPAC.org" default_off="failed ruleset test">
 
 	<target host="vpac.org" />
 	<target host="www.vpac.org" />
diff --git a/src/chrome/content/rules/VPN4ALL.xml b/src/chrome/content/rules/VPN4ALL.xml
index e6ee760edb0f..2c528f414310 100644
--- a/src/chrome/content/rules/VPN4ALL.xml
+++ b/src/chrome/content/rules/VPN4ALL.xml
@@ -5,7 +5,7 @@ Fetch error: http://vpn4all.com/ => https://vpn4all.com/: (60, 'SSL certificate
 Fetch error: http://www.vpn4all.com/ => https://www.vpn4all.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="VPN4ALL" default_off='failed ruleset test'>
+<ruleset name="VPN4ALL" default_off="failed ruleset test">
 	<target host="vpn4all.com" />
 	<target host="www.vpn4all.com" />
 
diff --git a/src/chrome/content/rules/VPNGate.net.xml b/src/chrome/content/rules/VPNGate.net.xml
new file mode 100644
index 000000000000..92286065cac8
--- /dev/null
+++ b/src/chrome/content/rules/VPNGate.net.xml
@@ -0,0 +1,39 @@
+<!--
+	Mismatched:
+		- vpngate.net
+		- list-server-tmp-2.vpngate.net
+
+	Self-signed:
+		- api.vpngate.net
+		- d.vpngate.net
+		- list-server-tmp-3.vpngate.net
+
+	Timeout:
+		- list-server-tmp-1.vpngate.net
+		- nsj.vpngate.net
+		- nsk.vpngate.net
+		- public-nat-a.vpngate.net
+		- public-nat-b.vpngate.net
+		- public-nat-broadcast.vpngate.net
+		- public-nat-c.vpngate.net
+		- public-nat-d.vpngate.net
+		- public-nat-e.vpngate.net
+		- public-nat-gw.vpngate.net
+		- public-nat-network.vpngate.net
+		- public-nat-z.vpngate.net
+		- public-proxy-a.vpngate.net
+		- public-proxy-b.vpngate.net
+		- public-proxy-c.vpngate.net
+		- public-proxy-d.vpngate.net
+
+	Refused:
+		- vgmail.vpngate.net
+-->
+<ruleset name="VPNGate.net">
+	<target host="vpngate.net" />
+	<target host="www.vpngate.net" />
+	<target host="forum.vpngate.net" />
+
+	<rule from="^http://vpngate\.net/" to="https://www.vpngate.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPNGlobe.com.xml b/src/chrome/content/rules/VPNGlobe.com.xml
index 010590111bc6..9bfc7f312bd0 100644
--- a/src/chrome/content/rules/VPNGlobe.com.xml
+++ b/src/chrome/content/rules/VPNGlobe.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://my.vpnglobe.com/ => https://my.vpnglobe.com/: Too many redirects while fetching 'https://my.vpnglobe.com/'
 
 -->
-<ruleset name="VPNGlobe.com" default_off='failed ruleset test'>
+<ruleset name="VPNGlobe.com" default_off="failed ruleset test">
 
 	<target host="vpnglobe.com" />
 	<target host="my.vpnglobe.com" />
diff --git a/src/chrome/content/rules/VPNOverDNS.com.xml b/src/chrome/content/rules/VPNOverDNS.com.xml
new file mode 100644
index 000000000000..3109fac5ba0a
--- /dev/null
+++ b/src/chrome/content/rules/VPNOverDNS.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		- ns1.vpnoverdns.com
+-->
+
+<ruleset name="VPNOverDNS.com">
+	<target host="vpnoverdns.com" />
+	<target host="www.vpnoverdns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VPNReactor.xml b/src/chrome/content/rules/VPNReactor.xml
index 51770ce669fc..7e25bdb557e6 100644
--- a/src/chrome/content/rules/VPNReactor.xml
+++ b/src/chrome/content/rules/VPNReactor.xml
@@ -4,7 +4,7 @@
 	<target host="members.vpnreactor.com" />
 	<target host="www.vpnreactor.com" />
 
-	<securecookie host="^(?:.*\.)?vpnreactor\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/VPN_Reviewer.com.xml b/src/chrome/content/rules/VPN_Reviewer.com.xml
index 3af606984a14..c5ce580d89cb 100644
--- a/src/chrome/content/rules/VPN_Reviewer.com.xml
+++ b/src/chrome/content/rules/VPN_Reviewer.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.vpnreviewer.com/ => https://www.vpnreviewer.com/: (52, 'Empty reply from server')
 
 -->
-<ruleset name="VPN Reviewer.com" default_off='failed ruleset test'>
+<ruleset name="VPN Reviewer.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/VPS.net-problematic.xml b/src/chrome/content/rules/VPS.net-problematic.xml
index 82b31992359d..531ea96c573e 100644
--- a/src/chrome/content/rules/VPS.net-problematic.xml
+++ b/src/chrome/content/rules/VPS.net-problematic.xml
@@ -2,7 +2,7 @@
 	For rules that are on by default, see VPS.net.xml.
 
 -->
-<ruleset name="VPS.net (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="VPS.net (missing certificate chain)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/VSCo.co.xml b/src/chrome/content/rules/VSCo.co.xml
index 094a5ee6df26..b0a66884cead 100644
--- a/src/chrome/content/rules/VSCo.co.xml
+++ b/src/chrome/content/rules/VSCo.co.xml
@@ -47,4 +47,4 @@
 	<rule from="^http://static\d\.vsco\.co/"
 		to="https://d1484tg77u0d9i.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VSHosting.xml b/src/chrome/content/rules/VSHosting.xml
index a6ef8360b229..709112fa919f 100644
--- a/src/chrome/content/rules/VSHosting.xml
+++ b/src/chrome/content/rules/VSHosting.xml
@@ -9,6 +9,6 @@
 	<target host="www.vshosting.cz" />
 	<target host="soutez.vshosting.cz" />
 	<target host="posta2.vshosting.cz" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VSIP_Program.com.xml b/src/chrome/content/rules/VSIP_Program.com.xml
deleted file mode 100644
index 61a0256b26cf..000000000000
--- a/src/chrome/content/rules/VSIP_Program.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- vsipprogram.com
-
--->
-<ruleset name="VSIP Program.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="vsipprogram.com" />
-	<target host="www.vsipprogram.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^vsipprogram\.com$" name="^(__RequestVerificationToken|ASP\.NET_SessionId)" /-->
-
-	<securecookie host="^vsipprogram\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VSIXGallery.com.xml b/src/chrome/content/rules/VSIXGallery.com.xml
new file mode 100644
index 000000000000..24a47c9da1e7
--- /dev/null
+++ b/src/chrome/content/rules/VSIXGallery.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="VSIXGallery.com">
+	<target host="vsixgallery.com" />
+	<target host="www.vsixgallery.com" />
+
+	<rule from="^http://vsixgallery\.com/" to="https://www.vsixgallery.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VTB.com.xml b/src/chrome/content/rules/VTB.com.xml
index c9ba2bd03df8..aaf0155bcd5d 100644
--- a/src/chrome/content/rules/VTB.com.xml
+++ b/src/chrome/content/rules/VTB.com.xml
@@ -34,7 +34,7 @@
 	<!--securecookie host="^\.m\.vtb\.ru$" name="^CITY_IP$" /-->
 	<!--securecookie host="^(?:www\.)?vtb\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="(?:.*\.)?vtb\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/VTCSec.ru.xml b/src/chrome/content/rules/VTCSec.ru.xml
index 671f74c3fc35..fb852e46e6fe 100644
--- a/src/chrome/content/rules/VTCSec.ru.xml
+++ b/src/chrome/content/rules/VTCSec.ru.xml
@@ -6,10 +6,10 @@ Fetch error: http://vtcsec.ru/ => https://vtcsec.ru/: (6, 'Could not resolve hos
 	www: mismatched, CN: wargame.vtcsec.ru
 
 -->
-<ruleset name="VTCSec.ru" default_off='failed ruleset test'>
+<ruleset name="VTCSec.ru" default_off="failed ruleset test">
 
 	<target host="vtcsec.ru" />
-	<target host="*.vtcsec.ru" />
+	<target host="www.vtcsec.ru" />
 
 
 	<rule from="^http://(?:www\.)?vtcsec\.ru/"
diff --git a/src/chrome/content/rules/VTLUUG.org.xml b/src/chrome/content/rules/VTLUUG.org.xml
index bda1686c7099..72528a925992 100644
--- a/src/chrome/content/rules/VTLUUG.org.xml
+++ b/src/chrome/content/rules/VTLUUG.org.xml
@@ -5,7 +5,8 @@
 <ruleset name="VTLUUG.org">
 
 	<target host="vtluug.org" />
-	<target host="*.vtluug.org" />
+	<target host="milton.vtluug.org" />
+	<target host="www.vtluug.org" />
 
 
 	<rule from="^http://(?:(milton\.)|www\.)?vtluug\.org/"
diff --git a/src/chrome/content/rules/VTunnel.xml b/src/chrome/content/rules/VTunnel.xml
index 9a1e0cf5399e..153269e1df4a 100644
--- a/src/chrome/content/rules/VTunnel.xml
+++ b/src/chrome/content/rules/VTunnel.xml
@@ -15,13 +15,13 @@ Fetch error: http://www.vtunnel.com/ => https://www.vtunnel.com/: (7, 'Failed to
 	* Secured by us
 
 -->
-<ruleset name="VTunnel" default_off='failed ruleset test'>
+<ruleset name="VTunnel" default_off="failed ruleset test">
 
 	<target host="vtunnel.com" />
 	<target host="www.vtunnel.com" />
 
 
-	<securecookie host="^(?:.*\.)?vtunnel\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/VU.nl.xml b/src/chrome/content/rules/VU.nl.xml
index 2169f36d0097..62519c658c74 100644
--- a/src/chrome/content/rules/VU.nl.xml
+++ b/src/chrome/content/rules/VU.nl.xml
@@ -37,7 +37,7 @@ Fetch error: http://fbw.vu.nl/ => https://www.fbw.vu.nl/: (51, "SSL: no alternat
 	ᵐ Mismatched
 
 -->
-<ruleset name="VU.nl (partial)" default_off='failed ruleset test'>
+<ruleset name="VU.nl (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/VUTBr.cz.xml b/src/chrome/content/rules/VUTBr.cz.xml
index 4340f8a135b1..608de7d342bc 100644
--- a/src/chrome/content/rules/VUTBr.cz.xml
+++ b/src/chrome/content/rules/VUTBr.cz.xml
@@ -72,7 +72,7 @@ Fetch error: http://wiki.ro.vutbr.cz/ => https://wiki.ro.vutbr.cz/: (60, 'SSL ce
 		- knihovna.fme	Untrusted root
 		- www.tst.fme	Untrusted root
 
-		- best.kn	Expired, mixed css, mismatched, self-signed	
+		- best.kn	Expired, mixed css, mismatched, self-signed
 		- aleph.lib	Mixed css
 		- lists		Mismatched, untrusted root
 		- www.lli	Expired
@@ -150,7 +150,7 @@ Fetch error: http://wiki.ro.vutbr.cz/ => https://wiki.ro.vutbr.cz/: (60, 'SSL ce
 		- Bug on www.feec from c1.navrcholu.cz	Unsecurable <= refused
 
 -->
-<ruleset name="VUTBr.cz (partial)" default_off='failed ruleset test'>
+<ruleset name="VUTBr.cz (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/VacationRoost.xml b/src/chrome/content/rules/VacationRoost.xml
index d968ab014cc5..4a382e498598 100644
--- a/src/chrome/content/rules/VacationRoost.xml
+++ b/src/chrome/content/rules/VacationRoost.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ajax.vacationroost.com/ => https://ajax.vacationroost.com/: (6, 'Could not resolve host: ajax.vacationroost.com')
 
 -->
-<ruleset name="VacationRoost" default_off='failed ruleset test'>
+<ruleset name="VacationRoost" default_off="failed ruleset test">
 
 	<target host="ajax.vacationroost.com" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vacenza.com.xml b/src/chrome/content/rules/Vacenza.com.xml
deleted file mode 100644
index 116bb82b1214..000000000000
--- a/src/chrome/content/rules/Vacenza.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d3q4fknzlydddz.cloudfront.net
-		- depg6u1djjhl9.cloudfront.net
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
-
-	Some pages redirect to http.
-
--->
-<ruleset name="vacenza.com (partial)">
-
-	<target host="vacenza.com" />
-	<target host="*.vacenza.com" />
-
-
-	<rule from="^http://(?:www\.)?vacenza\.com/([cC]ontent/|account/signin)"
-		to="https://www.vacenza.com/$1" />
-
-	<rule from="^http://tracking\.vacenza\.com/"
-		to="https://tracking.vacenza.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ValerieAurora.org.xml b/src/chrome/content/rules/ValerieAurora.org.xml
new file mode 100644
index 000000000000..a145ee0b9623
--- /dev/null
+++ b/src/chrome/content/rules/ValerieAurora.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="ValerieAurora.org">
+	<target host="valerieaurora.org" />
+	<target host="www.valerieaurora.org" />
+	<target host="blog.valerieaurora.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ValidCreditCardNumber.com.xml b/src/chrome/content/rules/ValidCreditCardNumber.com.xml
new file mode 100644
index 000000000000..6f0642a41d2a
--- /dev/null
+++ b/src/chrome/content/rules/ValidCreditCardNumber.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ValidCreditCardNumber.com">
+	<target host="validcreditcardnumber.com" />
+	<target host="www.validcreditcardnumber.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Valley-First-Credit-Union.xml b/src/chrome/content/rules/Valley-First-Credit-Union.xml
index 124c069ecb21..f0954d4c7373 100644
--- a/src/chrome/content/rules/Valley-First-Credit-Union.xml
+++ b/src/chrome/content/rules/Valley-First-Credit-Union.xml
@@ -7,7 +7,7 @@ Fetch error: http://insurance.valleyfirst.com/ => https://insurance.valleyfirst.
 		- dashband.valleyfirst.com
 -->
 
-<ruleset name="Valley First Credit Union" default_off='failed ruleset test'>
+<ruleset name="Valley First Credit Union" default_off="failed ruleset test">
 	<target host="valleyfirst.com" />
 	<target host="www.valleyfirst.com" />
 	<target host="autodiscover.valleyfirst.com" />
diff --git a/src/chrome/content/rules/Valley_First_CU.org.xml b/src/chrome/content/rules/Valley_First_CU.org.xml
index 77d29759616f..a8eea0b0827a 100644
--- a/src/chrome/content/rules/Valley_First_CU.org.xml
+++ b/src/chrome/content/rules/Valley_First_CU.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://hb.valleyfirstcu.org/ => https://hb.valleyfirstcu.org/: (28, 'Connection timed out after 20004 milliseconds')
 
 -->
-<ruleset name="Valley First CU.org" default_off='failed ruleset test'>
+<ruleset name="Valley First CU.org" default_off="failed ruleset test">
 
 	<target host="valleyfirstcu.org" />
 	<target host="hb.valleyfirstcu.org" />
diff --git a/src/chrome/content/rules/Valtiolle.fi-problematic.xml b/src/chrome/content/rules/Valtiolle.fi-problematic.xml
index 84d2c4a9e4c2..08e75f928535 100644
--- a/src/chrome/content/rules/Valtiolle.fi-problematic.xml
+++ b/src/chrome/content/rules/Valtiolle.fi-problematic.xml
@@ -1,8 +1,8 @@
 <!--
 	For rules that are on by default, see Valtiolle.fi.xml.
-	
+
 -->
-<ruleset name="Valtiolle.fi (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="Valtiolle.fi (missing certificate chain)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Valtiolle.fi.xml b/src/chrome/content/rules/Valtiolle.fi.xml
index 558ff59ac66a..d1276fa5c02b 100644
--- a/src/chrome/content/rules/Valtiolle.fi.xml
+++ b/src/chrome/content/rules/Valtiolle.fi.xml
@@ -15,7 +15,7 @@
 
 		- valtiolle.fi
 		- www.valtiolle.fi
-	
+
 -->
 <ruleset name="Valtiolle.fi (partial)">
 
diff --git a/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml b/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml
index 14ed6c4bbb8a..92bdaadb9499 100644
--- a/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml
+++ b/src/chrome/content/rules/Valtion-taloudellinen-tutkimuskeskus.xml
@@ -5,7 +5,7 @@ Fetch error: http://vatt.fi/ => https://vatt.fi/: (28, 'Connection timed out aft
 Fetch error: http://www.vatt.fi/ => https://www.vatt.fi/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Valtion taloudellinen tutkimuskeskus" default_off='failed ruleset test'>
+<ruleset name="Valtion taloudellinen tutkimuskeskus" default_off="failed ruleset test">
 	<target host="vatt.fi"/>
 	<target host="www.vatt.fi"/>
 
diff --git a/src/chrome/content/rules/Value-Applications.xml b/src/chrome/content/rules/Value-Applications.xml
index 5a5d1df34ad6..b67f93216e93 100644
--- a/src/chrome/content/rules/Value-Applications.xml
+++ b/src/chrome/content/rules/Value-Applications.xml
@@ -5,13 +5,13 @@ Fetch error: http://valueapplications.com/ => https://www.valueapplications.com/
 Fetch error: http://www.valueapplications.com/ => https://www.valueapplications.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Value Applications" default_off='failed ruleset test'>
+<ruleset name="Value Applications" default_off="failed ruleset test">
 
 	<target host="valueapplications.com" />
 	<target host="www.valueapplications.com" />
 
 
-	<securecookie host="^(?:.*\.)?valueapplications\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://(?:www\.)?valueapplications\.com/"
diff --git a/src/chrome/content/rules/ValueClick-mismatches.xml b/src/chrome/content/rules/ValueClick-mismatches.xml
index 1b361117895c..6a00e37afc4a 100644
--- a/src/chrome/content/rules/ValueClick-mismatches.xml
+++ b/src/chrome/content/rules/ValueClick-mismatches.xml
@@ -7,11 +7,11 @@
 	<!--	Akamai
 			-->
 	<target host="adrxmedia.com" />
-	<target host="*.adrxmedia.com" />
+	<target host="www.adrxmedia.com" />
 	<target host="modernlivingmedia.com" />
-	<target host="*.modernlivingmedia.com" />
+	<target host="www.modernlivingmedia.com" />
 	<target host="momsmedia.com" />
-	<target host="*.momsmedia.com" />
+	<target host="www.momsmedia.com" />
 	<target host="gocart.valueclickmedia.com" />
 	<target host="cdn-origin.snv.vcmedia.com" />
 
@@ -24,10 +24,7 @@
 	<rule from="^http://(?:www\.)?(adrx|modernliving|moms)media\.com/"
 		to="https://www.$1media.com/"/>
 
-	<rule from="^http://gocart\.valueclickmedia\.com/"
-		to="https://gocart.valueclickmedia.com/"/>
 
-	<rule from="^http://cdn-origin\.snv\.vcmedia\.com/"
-		to="https://cdn-origin.snv.vcmedia.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ValueClick.xml b/src/chrome/content/rules/ValueClick.xml
index d757844f70d6..a949ab649289 100644
--- a/src/chrome/content/rules/ValueClick.xml
+++ b/src/chrome/content/rules/ValueClick.xml
@@ -52,7 +52,7 @@ Non-2xx HTTP code: http://valueclickmedia.com/ (200) => https://www.valueclickme
 	** Akamai
 
 -->
-<ruleset name="ValueClick (partial)" default_off='failed ruleset test'>
+<ruleset name="ValueClick (partial)" default_off="failed ruleset test">
 
 	<target host="*.apmebf.com" />
 	<target host="fastclick.com" />
diff --git a/src/chrome/content/rules/Valued_Opinions.xml b/src/chrome/content/rules/Valued_Opinions.xml
deleted file mode 100644
index 1e3904260068..000000000000
--- a/src/chrome/content/rules/Valued_Opinions.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-
--->
-<ruleset name="Valued Opinions">
-
-	<target host="valuedopinions.co.uk" />
-	<target host="*.valuedopinions.co.uk" />
-
-
-	<rule from="^http://(?:www\.)?valuedopinions\.co\.uk/"
-		to="https://www.valuedopinions.co.uk/" />
-
-	<rule from="^http://adtracker\.valuedopinions\.co\.uk/"
-		to="https://adtracker.valuedopinions.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Valve-mismatches.xml b/src/chrome/content/rules/Valve-mismatches.xml
deleted file mode 100644
index 24e035ac3123..000000000000
--- a/src/chrome/content/rules/Valve-mismatches.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Valve (expired)" default_off="expired">
-
-	<target host="storefront.steampowered.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ValveSoftware.com.xml b/src/chrome/content/rules/ValveSoftware.com.xml
index 093d5114f339..bf65fee57cba 100644
--- a/src/chrome/content/rules/ValveSoftware.com.xml
+++ b/src/chrome/content/rules/ValveSoftware.com.xml
@@ -2,9 +2,6 @@
 	Other Valve rulesets:
 		+ Dota_2.com.xml
 		+ Steam.xml
-		+ Steam_Community.com.xml
-		+ Steam_static.com.xml
-		+ Steamgames.com.xml
 
 	Redirect to HTTP:
 		- ^
diff --git a/src/chrome/content/rules/Vanco-Asiapac.com.xml b/src/chrome/content/rules/Vanco-Asiapac.com.xml
index 38019accf794..adaef4d43223 100644
--- a/src/chrome/content/rules/Vanco-Asiapac.com.xml
+++ b/src/chrome/content/rules/Vanco-Asiapac.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://o-zone.vanco-asiapac.com/ => https://o-zone.vanco-asiapac.co
 	(www.): broken redirect
 
 -->
-<ruleset name="Vanco-Asiapac.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Vanco-Asiapac.com (partial)" default_off="failed ruleset test">
 
 	<target host="o-zone.vanco-asiapac.com" />
 
diff --git a/src/chrome/content/rules/Vanco.co.uk.xml b/src/chrome/content/rules/Vanco.co.uk.xml
deleted file mode 100644
index cfcc02f7eb42..000000000000
--- a/src/chrome/content/rules/Vanco.co.uk.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	(www.): dropped
-
--->
-<ruleset name="Vanco.co.uk (partial)">
-
-	<target host="o-zone.vanco.co.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^o-zone\.vanco\.co\.uk$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^o-zone\.vanco\.co\.uk$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VancouverInternationalAutoShow.com.xml b/src/chrome/content/rules/VancouverInternationalAutoShow.com.xml
new file mode 100644
index 000000000000..6adfa36c787d
--- /dev/null
+++ b/src/chrome/content/rules/VancouverInternationalAutoShow.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="VancouverInternationalAutoShow.com">
+	<target host="vancouverinternationalautoshow.com" />
+	<target host="www.vancouverinternationalautoshow.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vanderbilt.org.xml b/src/chrome/content/rules/Vanderbilt.org.xml
index 6a2d5465a79d..3c7ddd079f96 100644
--- a/src/chrome/content/rules/Vanderbilt.org.xml
+++ b/src/chrome/content/rules/Vanderbilt.org.xml
@@ -3,7 +3,7 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://sitemason.vanderbilt.edu/ => https://sitemason.vanderbilt.edu/: (7, 'Failed to connect to sitemason.vanderbilt.edu port 443: No route to host')
  see Vanderbilt.org-falsemixed.xml for other rules -->
-<ruleset name="Vanderbilt.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="Vanderbilt.edu (partial)" default_off="failed ruleset test">
 	<target host=            "hr.vanderbilt.edu" />
 	<target host=        "www.mc.vanderbilt.edu" />
 	<target host=            "mc.vanderbilt.edu" />
diff --git a/src/chrome/content/rules/Vanilla-Forums.xml b/src/chrome/content/rules/Vanilla-Forums.xml
deleted file mode 100644
index 523f2b783a16..000000000000
--- a/src/chrome/content/rules/Vanilla-Forums.xml
+++ /dev/null
@@ -1,50 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c3409409.r9.cf0.rackcdn.com
-			- cdn.vanillaforums.com
-			- cdn.vni.la
-
-
-	vanillaforums.totemapp.com
-
-
-	Nonfunctional subdomains:
-
-		- cdn	(Akamai; 401)
-
--->
-<ruleset name="Vanilla Forums (partial)">
-
-	<target host="vanillaforums.com" />
-	<target host="*.vanillaforums.com" />
-		<!--	These paths redirect to http.	-->
-		<exclusion pattern="^http://(?:www\.)?vanillaforums\.com/(?:$|info(?:$|/))" />
-	<target host="*.vanilladev.com" />
-	<target host="cdn.vni.la" />
-
-
-	<rule from="^http://autostatic\.vanilladev\.com/"
-		to="https://autostatic.vanilladev.com/" />
-
-	<!--	Some pages redirect to http.
-
-		Those in the commented out rule have been verified as not doing so.
-		
-	<rule from="^http://(www\.)?vanillaforums\.com/((?:account|applications|blog|entry|features|migrate-your-community|plans|resources|themes|tour)(?:$|/))">
-			-->
-	<rule from="^http://(www\.)?vanillaforums\.com/"
-		to="https://$1vanillaforums.com/" />
-
-	<rule from="^http://cdn\.v(?:anillaforums\.com|ni\.la)/"
-		to="https://c3409409.ssl.cf0.rackcdn.com/" />
-
-	<!--	- Doesn't work over https
-		- Included on clients' websites
-
-		NB: revisit this, is it working as-is now?
-				-->
-	<rule from="^http://autostatic-cl1\.vanilladev\.com/(\w+)\.vanillaforums\.com/"
-		to="https://$1.vanillaforums.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VanillaMastercard.com.xml b/src/chrome/content/rules/VanillaMastercard.com.xml
deleted file mode 100644
index ad82187a6069..000000000000
--- a/src/chrome/content/rules/VanillaMastercard.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="VanillaMastercard">
-
-	<target host="vanillamastercard.com" />
-	<target host="www.vanillamastercard.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vanity-Fair.xml b/src/chrome/content/rules/Vanity-Fair.xml
index 9d117046cd17..b321755475f7 100644
--- a/src/chrome/content/rules/Vanity-Fair.xml
+++ b/src/chrome/content/rules/Vanity-Fair.xml
@@ -1,30 +1,20 @@
 <!--
 	For other Conde Nast coverage, see Conde-Nast.xml.
 
+	Non-functional host:
+		Timeout:
+		- stats.vanityfair.com
 
-	CDN buckets:
-
-		- stag.vanityfair.com.edgesuite.net
-		- www.vanityfair.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- promotions.vf.com
-
+		Mismatched:
+		- stats2.vanityfair.com
 -->
 <ruleset name="Vanity Fair (partial)">
 
-	<target host="*.vanityfair.com" />
-
-
-	<securecookie host="^.*\.vanityfair\.com$" name=".+" />
-
-
-	<rule from="^http://secure\.vanityfair\.com/"
-		to="https://secure.vanityfair.com/" />
+	<target host="vanityfair.com" />
+	<target host="www.vanityfair.com" />
+	<target host="stag.vanityfair.com" />
 
-	<rule from="^http://stats2\.vanityfair\.com/"
-		to="https://vanityfair-com.122.2o7.net/" />
+	<securecookie host=".+" name=".+"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vara.nl.xml b/src/chrome/content/rules/Vara.nl.xml
index d73bd042b588..f56b3c7a8096 100644
--- a/src/chrome/content/rules/Vara.nl.xml
+++ b/src/chrome/content/rules/Vara.nl.xml
@@ -47,7 +47,13 @@
 -->
 <ruleset name="Vara.nl (partial)">
 
-	<target host="*.vara.nl" />
+	<target host="humortv.vara.nl" />
+	<target host="media-service.vara.nl" />
+	<target host="omroep.vara.nl" />
+	<target host="shop.vara.nl" />
+	<target host="static.vara.nl" />
+	<target host="tickets.vara.nl" />
+	<target host="www.vara.nl" />
 		<!--
 			Avoid false/broken MCB:
 						-->
@@ -70,7 +76,6 @@
 	<securecookie host="^\.(?:shop|tickets)\.vara\.nl$" name="^frontend$" />
 
 
-	<rule from="^http://(humortv|media-service|omroep|shop|static|tickets|www)\.vara\.nl/"
-		to="https://$1.vara.nl/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Variety.xml b/src/chrome/content/rules/Variety.xml
index 5d7813ce27da..aff3f4f8d03a 100644
--- a/src/chrome/content/rules/Variety.xml
+++ b/src/chrome/content/rules/Variety.xml
@@ -27,7 +27,7 @@ Fetch error: http://haas.variety.com/ => https://haas.reedbusiness.nl/: (28, 'Co
 	² Expired
 
 -->
-<ruleset name="Variety.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Variety.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Variety_Latino.com.xml b/src/chrome/content/rules/Variety_Latino.com.xml
deleted file mode 100644
index 83c9b45c0479..000000000000
--- a/src/chrome/content/rules/Variety_Latino.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	www.varietylatino.com: Cert only matches ^varietylatino.com
-
--->
-<ruleset name="Variety Latino.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="varietylatino.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.varietylatino.com" />
-
-
-	<rule from="^http://www\.varietylatino\.com/"
-		to="https://varietylatino.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Variomedia.de.xml b/src/chrome/content/rules/Variomedia.de.xml
deleted file mode 100644
index 8d88bbcc1784..000000000000
--- a/src/chrome/content/rules/Variomedia.de.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	Other Variomedia rulesets:
-
-		- Vm.ag.xml
-
-
-	Nonfunctional hosts in *variomedia.de:
-
-		- blog *
-
-	* Refused
-
-
-	Insecure cookies are set for these domains:
-
-		- .variomedia.de
-		- .ntlds.variomedia.de
-
--->
-<ruleset name="Variomedia.de">
-
-	<target host="variomedia.de" />
-	<target host="my.variomedia.de" />
-	<target host="my-beta.variomedia.de" />
-	<target host="mysql.variomedia.de" />
-	<target host="ntlds.variomedia.de" />
-	<target host="webmail.variomedia.de" />
-	<target host="www.variomedia.de" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.variomedia\.de$" name="^sessid$" /-->
-	<!--securecookie host="^\.ntlds\.variomedia\.de$" name="^sid$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vast.xml b/src/chrome/content/rules/Vast.xml
index 8c93c981f814..d20ecb8a9d42 100644
--- a/src/chrome/content/rules/Vast.xml
+++ b/src/chrome/content/rules/Vast.xml
@@ -6,20 +6,20 @@ Fetch error: http://www.staticv.net/ => https://www.vast.com/: (51, "SSL: no alt
 Fetch error: http://vast.com/ => https://www.vast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vast.com'")
 
 -->
-<ruleset name="Vast (partial)" default_off='failed ruleset test'>
+<ruleset name="Vast (partial)" default_off="failed ruleset test">
 
 	<!--	mismatch	-->
 	<target host="staticv.net"/>
 	<target host="www.staticv.net"/>
 	<target host="vast.com"/>
-	<target host="*.vast.com"/>
+	<target host="www.vast.com" />
+	<target host="img.vast.com" />
 
 	<securecookie host="^(?:.*\.)?vast\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?(?:staticv\.net|vast\.com)/"
 		to="https://www.vast.com/"/>
 
-	<rule from="^http://img\.vast\.com/"
-		to="https://img.vast.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vast_Interactive.xml b/src/chrome/content/rules/Vast_Interactive.xml
index 9a7fedfc5941..841272d433e0 100644
--- a/src/chrome/content/rules/Vast_Interactive.xml
+++ b/src/chrome/content/rules/Vast_Interactive.xml
@@ -13,7 +13,7 @@ Fetch error: http://dsply.com/ => https://dsply.com/: (51, "SSL: no alternative
 		- www.dsply.com
 
 -->
-<ruleset name="dsply.com" default_off='failed ruleset test'>
+<ruleset name="dsply.com" default_off="failed ruleset test">
 
 	<target host="dsply.com" />
 	<target host="www.dsply.com" />
diff --git a/src/chrome/content/rules/Vaultize.com.xml b/src/chrome/content/rules/Vaultize.com.xml
new file mode 100644
index 000000000000..d1a364196daa
--- /dev/null
+++ b/src/chrome/content/rules/Vaultize.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Nonfunctional hosts in *.vaultize.com:
+
+	No publicly-trusted certificate issued:
+		portal.vaultize.com
+		resolve-to.wiki.vaultize.com
+		resolve-to.www.wiki.vaultize.com
+		resources.vaultize.com
+		tech.vaultize.com
+
+	Do not resolve:
+		api.vaultize.com
+		demo.vaultize.com
+		dloplus.vaultize.com
+		intranet.vaultize.com
+		ldaps.vaultize.com
+		offers.vaultize.com
+		trial.vaultize.com
+		try.vaultize.com
+		www.api.vaultize.com
+		www.aws.vaultize.com
+		www.awstest.vaultize.com
+		www.demo.vaultize.com
+		www.dloplus.vaultize.com
+		www.login.vaultize.com
+		www.logintest.vaultize.com
+		www.pune.vaultize.com
+		www.try.vaultize.com
+
+	Invalid certificate:
+		my.vaultize.com
+		www.my.vaultize.com
+
+	Refused:
+		socgen.vaultize.com
+
+-->
+<ruleset name="Vaultize.com">
+	<target host="aws.vaultize.com" />
+	<target host="awstest.vaultize.com" />
+	<target host="login.vaultize.com" />
+	<target host="logintest.vaultize.com" />
+	<target host="pune.vaultize.com" />
+	<target host="support.vaultize.com" />
+	<target host="vaultize.com" />
+	<target host="wiki.vaultize.com" />
+	<target host="www.vaultize.com" />
+	<target host="www.wiki.vaultize.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vayabe.com.xml b/src/chrome/content/rules/Vayabe.com.xml
index 567592f26853..e670d362b362 100644
--- a/src/chrome/content/rules/Vayabe.com.xml
+++ b/src/chrome/content/rules/Vayabe.com.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://(?:www\.)?vayable\.com/"
 		to="https://www.vayable.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vc.ru.xml b/src/chrome/content/rules/Vc.ru.xml
index 6919a475e907..b4a39c638970 100644
--- a/src/chrome/content/rules/Vc.ru.xml
+++ b/src/chrome/content/rules/Vc.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.vc.ru/ => https://www.vc.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vc.ru'")
 
 -->
-<ruleset name="vc.ru" default_off='failed ruleset test'>
+<ruleset name="vc.ru" default_off="failed ruleset test">
 
 	<target host="vc.ru" />
 	<target host="www.vc.ru" />
diff --git a/src/chrome/content/rules/Vcommerce.com.xml b/src/chrome/content/rules/Vcommerce.com.xml
new file mode 100644
index 000000000000..b173c4997062
--- /dev/null
+++ b/src/chrome/content/rules/Vcommerce.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- uw2a-net01.vcommerce.com
+		- uw2b-net02.vcommerce.com
+		- b2bgis.vcommerce.com
+
+		SSL peer certificate was not OK:
+		- dodgeprojects.construction.com.vcommerce.com
+
+		4xx client error:
+		- services.vcommerce.com
+		- dodgeprojects.construction.com.staging.vcommerce.com
+-->
+<ruleset name="Vcommerce.com">
+	<target host="vcommerce.com" />
+	<target host="www.vcommerce.com" />
+	<target host="mhcpoe.vcomshop.com.staging.vcommerce.com" />
+	<target host="staging.vcommerce.com" />
+	<target host="services.staging.vcommerce.com" />
+	<target host="confluence.vcommerce.com" />
+	<target host="ontrack.vcommerce.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vcommerce.xml b/src/chrome/content/rules/Vcommerce.xml
deleted file mode 100644
index bd788a0c7e35..000000000000
--- a/src/chrome/content/rules/Vcommerce.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/content.vcommerce.com/
-
-
-	Problematic subdomains:
-
-		- ^		(cert only matches *.vcommerce.com)
-		- content	(403; mismatched, CN: ssl2.cdngc.net)
-
--->
-<ruleset name="Vcommerce (partial)">
-
-	<target host="vcommerce.com" />
-	<target host="*.vcommerce.com" />
-
-
-	<securecookie host="^www\.vcommerce\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?vcommerce\.com/"
-		to="https://www.vcommerce.com/" />
-
-	<rule from="^http://content\.vcommerce\.com/"
-		to="https://s3.amazonaws.com/content.vcommerce.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vdio.xml b/src/chrome/content/rules/Vdio.xml
index 1fe5a0c1bb5a..e42840275e0c 100644
--- a/src/chrome/content/rules/Vdio.xml
+++ b/src/chrome/content/rules/Vdio.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.vdio.com/ => https://www.rdio.com/: (7, 'Failed to conne
 	(www.)?vdio.com: Refused
 
 -->
-<ruleset name="Vdio.com" default_off='failed ruleset test'>
+<ruleset name="Vdio.com" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Vdopia.xml b/src/chrome/content/rules/Vdopia.xml
index 7ce29b5a93b8..ce9f9187c800 100644
--- a/src/chrome/content/rules/Vdopia.xml
+++ b/src/chrome/content/rules/Vdopia.xml
@@ -43,12 +43,19 @@ Fetch error: http://mobile.sb.vdopia.com/ => https://mobile.sb.vdopia.com/: (28,
 	* Seems identical to www
 
 -->
-<ruleset name="Vdopia" default_off='failed ruleset test'>
+<ruleset name="Vdopia" default_off="failed ruleset test">
 
 	<target host="ivdopia.com" />
 	<target host="www.ivdopia.com" />
 	<target host="vdopia.com" />
-	<target host="*.vdopia.com" />
+	<target host="i2.vdopia.com" />
+	<target host="serve.vdopia.com" />
+	<target host="online.vdopia.com" />
+	<target host="sb.vdopia.com" />
+	<target host="www.vdopia.com" />
+	<target host="cdn.vdopia.com" />
+	<target host="mobile.vdopia.com" />
+	<target host="mobile.sb.vdopia.com" />
 		<exclusion pattern="^http://i2\.vdopia\.com/(?!js/)" />
 
 
diff --git a/src/chrome/content/rules/Vdoth.com.xml b/src/chrome/content/rules/Vdoth.com.xml
index 63b4194f029e..ff60fa1646fa 100644
--- a/src/chrome/content/rules/Vdoth.com.xml
+++ b/src/chrome/content/rules/Vdoth.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://www.clipth.net/ => https://www.vdoth.com/: (28, 'Connection
 	** Unsecurable
 
 -->
-<ruleset name="Vdoth.com" default_off='failed ruleset test'>
+<ruleset name="Vdoth.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ve_Interactive.xml b/src/chrome/content/rules/Ve_Interactive.xml
index 747189bca8e4..39f5065b646e 100644
--- a/src/chrome/content/rules/Ve_Interactive.xml
+++ b/src/chrome/content/rules/Ve_Interactive.xml
@@ -21,13 +21,19 @@
 -->
 <ruleset name="Ve Interactive.com (partial)">
 
-	<target host="*.veinteractive.com" />
+	<target host="cdsusa.veinteractive.com" />
+	<target host="config1.veinteractive.com" />
+	<target host="configusa.veinteractive.com" />
+	<target host="drs2.veinteractive.com" />
+	<target host="mail.veinteractive.com" />
+	<target host="rcs.veinteractive.com" />
+	<target host="vecapture.veinteractive.com" />
+	<target host="vemerchant.veinteractive.com" />
 
 
 	<securecookie host="^(?:mail|vecapture|vecontact|vemerchant)\.veinteractive\.com$" name=".+" />
 
 
-	<rule from="^http://(cdsusa|config1|configusa|drs2|mail|rcs|vecapture|vecontact|vemerchant)\.veinteractive\.com/"
-		to="https://$1.veinteractive.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Veber.co.uk.xml b/src/chrome/content/rules/Veber.co.uk.xml
index 590076973edf..dec7e52bd472 100644
--- a/src/chrome/content/rules/Veber.co.uk.xml
+++ b/src/chrome/content/rules/Veber.co.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://blog.veber.co.uk/ => https://blog.veber.co.uk/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Veber.co.uk" default_off='failed ruleset test'>
+<ruleset name="Veber.co.uk" default_off="failed ruleset test">
 
 	<target host="veber.co.uk" />
 	<target host="blog.veber.co.uk" />
diff --git a/src/chrome/content/rules/Veeseo.xml b/src/chrome/content/rules/Veeseo.xml
deleted file mode 100644
index 8006ba7d4108..000000000000
--- a/src/chrome/content/rules/Veeseo.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="VSEO GmbH" >
-
-	<!-- www subdomain times out -->
-	<!-- content.rce.veeseo.com times out -->
-	<!-- push.rce.veeseo.com	mismatched akamai cdn -->
-	<!-- rce.veeseo.com			mismatched akamai cdn -->
-	
-	<target host="ssp-rce.veeseo.com" />
-	<target host="tracking-rce.veeseo.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VegasInc.com.xml b/src/chrome/content/rules/VegasInc.com.xml
index 8e39ea4d7a3f..6aea0e0e5057 100644
--- a/src/chrome/content/rules/VegasInc.com.xml
+++ b/src/chrome/content/rules/VegasInc.com.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://www.vegasinc.com/ (200) => https://www.vegasinc.com/ (
 		Mixed content blocking (MCB) tiggered:
 			 - m.vegasinc.com
 -->
-<ruleset name="VegasInc.com" default_off='failed ruleset test'>
+<ruleset name="VegasInc.com" default_off="failed ruleset test">
 	<target host="vegasinc.com" />
 	<target host="www.vegasinc.com" />
 	<target host="asset.vegasinc.com" />
diff --git a/src/chrome/content/rules/Vegas_Partner_Lounge.xml b/src/chrome/content/rules/Vegas_Partner_Lounge.xml
index 1ec47fb2c8c5..e1422d5f3268 100644
--- a/src/chrome/content/rules/Vegas_Partner_Lounge.xml
+++ b/src/chrome/content/rules/Vegas_Partner_Lounge.xml
@@ -10,16 +10,17 @@ Non-2xx HTTP code: http://vegaspartnerlounge.com/ (200) => https://vegaspartnerl
 		- starpartner
 
 -->
-<ruleset name="Vegas Partner Lounge" default_off='failed ruleset test'>
+<ruleset name="Vegas Partner Lounge" default_off="failed ruleset test">
 
 	<target host="vegaspartnerlounge.com" />
-	<target host="*.vegaspartnerlounge.com" />
+	<target host="secure.vegaspartnerlounge.com" />
+	<target host="starpartner.vegaspartnerlounge.com" />
+	<target host="www.vegaspartnerlounge.com" />
 
 
-	<securecookie host="^(?:.+\.)?vegaspartnerlounge\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:secure|starpartner|www)\.)?vegaspartnerlounge\.com/"
-		to="https://$1vegaspartnerlounge.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Velaro.xml b/src/chrome/content/rules/Velaro.xml
index 80937b67574e..dd9090bf4b12 100644
--- a/src/chrome/content/rules/Velaro.xml
+++ b/src/chrome/content/rules/Velaro.xml
@@ -11,7 +11,7 @@
 	<target host="service.velaro.com"/>
 	<target host="sp.velaro.com"/>
 
-	<securecookie host=".*\.velaro.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Velleman-Group.xml b/src/chrome/content/rules/Velleman-Group.xml
index ed506a5a0910..c6df45b51b85 100644
--- a/src/chrome/content/rules/Velleman-Group.xml
+++ b/src/chrome/content/rules/Velleman-Group.xml
@@ -1,4 +1,14 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Non-2xx HTTP code: http://portal.velleman.be/shops (200) => https://portal.velleman.eu/ServicePortal/shops (404)
+Non-2xx HTTP code: http://portal.velleman.be/support (200) => https://portal.velleman.eu/ServicePortal/support (404)
+Fetch error: http://perel.eu/ => https://www.perel.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://www.perel.eu/ => https://www.perel.eu/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://vellemanusa.com/ => https://www.vellemanusa.com/: (6, 'Could not resolve host: www.vellemanusa.com')
+Fetch error: http://www.vellemanusa.com/ => https://www.vellemanusa.com/: (6, 'Could not resolve host: www.vellemanusa.com')
+
 Disabled by https-everywhere-checker because:
 Fetch error: http://perel.eu/ => https://www.perel.eu/: (6, 'Could not resolve host: perel.eu')
 	Unsupported domains (non-exhaustive list):
@@ -24,27 +34,17 @@ Fetch error: http://perel.eu/ => https://www.perel.eu/: (6, 'Could not resolve h
 -->
 <ruleset name="Velleman Group (partial)">
 	<target host="hqpower.eu" />
-	<target host="www.hqpower.eu" />
 
 	<securecookie host="^www\.hqpower\.eu$" name=".+" />
 
 	<rule from="^http://(?:www\.)?hqpower\.eu/"
 		to="https://www.hqpower.eu/" />
 
-	<target host="perel.eu" />
-	<target host="www.perel.eu" />
-
 	<securecookie host="^www\.perel\.eu$" name=".+" />
 
 	<rule from="^http://(?:www\.)?perel\.eu/"
 		to="https://www.perel.eu/" />
 
-	<target host="velleman.be" />
-	<target host="portal.velleman.be" />
-	<target host="www.velleman.be" />
-
-	<rule from="^http://(?:www\.)?velleman\.be/"
-		to="https://www.velleman.eu/" />
 	<!--
 		By default, requests for http://portal.velleman.be/ (where there is nothing after the final slash)
 		seem to redirect to https://portal.velleman.be/ServicePortal/ which gives an error about the SSL
@@ -52,11 +52,7 @@ Fetch error: http://perel.eu/ => https://www.perel.eu/: (6, 'Could not resolve h
 		requests to the https://portal.velleman.eu/ServicePortal/ URL. Other HTTP and HTTPS requests in the
 		portal.velleman.be domain are redirected to the equivalent URL in the portal.velleman.eu domain
 		(August 30, 2013.)
-	--> 
-	<rule from="^http://portal\.velleman\.be/$"
-		to="https://portal.velleman.eu/ServicePortal/" />
-	<rule from="^http://portal\.velleman\.be/(.+)"
-		to="https://portal.velleman.eu/$1" />
+	-->
 
 	<target host="velleman.eu" />
 	<target host="portal.velleman.eu" />
@@ -72,17 +68,16 @@ Fetch error: http://perel.eu/ => https://www.perel.eu/: (6, 'Could not resolve h
 		gives an error about the SSL certificate only being valid for the portal.velleman.eu domain. As such,
 		this ruleset redirects such requests to the https://portal.velleman.eu/ServicePortal/ URL
 		(August 30, 2013.)
-	--> 
+	-->
 	<rule from="^http://portal\.velleman\.eu/$"
 		to="https://portal.velleman.eu/ServicePortal/" />
-	<rule from="^http://portal\.velleman\.eu/(.+)"
-		to="https://portal.velleman.eu/$1" />
 
-	<target host="vellemanusa.com" />
-	<target host="www.vellemanusa.com" />
+	<!-- target host="vellemanusa.com" /-->
+	<!-- target host="www.vellemanusa.com" /-->
 
 	<securecookie host="^www\.vellemanusa\.com$" name=".+" />
 
 	<rule from="^http://(?:www\.)?vellemanusa\.com/"
 		to="https://www.vellemanusa.com/" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/Velmedia.net.xml b/src/chrome/content/rules/Velmedia.net.xml
index 60bc519c6621..a54716bf052e 100644
--- a/src/chrome/content/rules/Velmedia.net.xml
+++ b/src/chrome/content/rules/Velmedia.net.xml
@@ -10,7 +10,8 @@
 <ruleset name="velmedia.net (partial)" default_off="self-signed">
 
 	<target host="velmedia.net" />
-	<target host="*.velmedia.net" />
+	<target host="ad.velmedia.net" />
+	<target host="www.velmedia.net" />
 
 
 	<securecookie host="^ad\.velmedia\.net$" name=".+" />
@@ -19,4 +20,4 @@
 	<rule from="^http://(?:(ad\.)|www\.)?velmedia\.net/"
 		to="https://$1velmedia.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VelocityFrequentFlyer.com.xml b/src/chrome/content/rules/VelocityFrequentFlyer.com.xml
new file mode 100644
index 000000000000..2c590cb26459
--- /dev/null
+++ b/src/chrome/content/rules/VelocityFrequentFlyer.com.xml
@@ -0,0 +1,47 @@
+<!--
+	For other Virgin Australia coverage, see VirginAustralia.com.xml
+
+
+	Nonfunctional subdomains:
+
+		- velocityfrequentflyer.com
+			- birthday	(m)
+			- bp	(m)
+			- m.e	(m)
+			- t.e	(m)
+			- aeom.go	(t)
+			- accounts.gtmns	(m)
+
+		- velocityrewards.com.au
+			- hotels	(m)
+			- shops	(m)
+			- ww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Velocity Frequent Flyer">
+
+	<target host="velocityfrequentflyer.com" />
+	<target host="www.velocityfrequentflyer.com" />
+	<target host="accounts.velocityfrequentflyer.com" />
+	<target host="daily.velocityfrequentflyer.com" />
+	<target host="estore.velocityfrequentflyer.com" />
+	<target host="experience.velocityfrequentflyer.com" />
+	<target host="go.velocityfrequentflyer.com" />
+	<target host="view.velocityfrequentflyer.com" />
+
+	<target host="velocityrewards.com.au" />
+	<target host="www.velocityrewards.com.au" />
+
+	<securecookie host="^www\.velocityfrequentflyer\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Velox-Project.eu.xml b/src/chrome/content/rules/Velox-Project.eu.xml
deleted file mode 100644
index 577fac51ed3b..000000000000
--- a/src/chrome/content/rules/Velox-Project.eu.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	^: mismatched
-
--->
-<ruleset name="Velox-Project.eu">
-
-	<target host="velox-project.eu" />
-	<target host="www.velox-project.eu" />
-
-
-	<rule from="^http://(?:www\.)?velox-project\.eu/"
-		to="https://www.velox-project.eu/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Velvet_Cache.org.xml b/src/chrome/content/rules/Velvet_Cache.org.xml
index 9b42dafd032e..7170fe464a30 100644
--- a/src/chrome/content/rules/Velvet_Cache.org.xml
+++ b/src/chrome/content/rules/Velvet_Cache.org.xml
@@ -12,7 +12,6 @@
 	<target host="static.velvetcache.org" />
 
 
-	<rule from="^http://static\.velvetcache\.org/"
-		to="https://s3.amazonaws.com/static.velvetcache.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vendercom.xml b/src/chrome/content/rules/Vendercom.xml
index 54fb138b150c..d1c36a9f0317 100644
--- a/src/chrome/content/rules/Vendercom.xml
+++ b/src/chrome/content/rules/Vendercom.xml
@@ -13,4 +13,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vendetta-Online.xml b/src/chrome/content/rules/Vendetta-Online.xml
index 19135b67a9f1..06db29e0655d 100644
--- a/src/chrome/content/rules/Vendetta-Online.xml
+++ b/src/chrome/content/rules/Vendetta-Online.xml
@@ -16,14 +16,14 @@
 <ruleset name="Vendetta Online (partial)" platform="mixedcontent">
 
 	<target host="vendetta-online.com"/>
-	<target host="*.vendetta-online.com"/>
+	<target host="www.vendetta-online.com" />
+	<target host="images.vendetta-online.com" />
 
-	<securecookie host="^(?:.*\.)?vendetta-online\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
-	<rule from="^http://(www\.)?vendetta-online\.com/"
-		to="https://$1vendetta-online.com/"/>
 
 	<rule from="^http://images\.vendetta-online\.com/"
 		to="https://vendetta-online.com/"/>
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vendo-Services.xml b/src/chrome/content/rules/Vendo-Services.xml
index e932f075f96a..1bc82307c487 100644
--- a/src/chrome/content/rules/Vendo-Services.xml
+++ b/src/chrome/content/rules/Vendo-Services.xml
@@ -12,7 +12,7 @@ Fetch error: http://cdn1.vendocdn.com/ => https://cdn1.vendocdn.com/: (51, "SSL:
 		- start.vendoservices.com
 
 -->
-<ruleset name="Vendo Services (partial)" default_off='failed ruleset test'>
+<ruleset name="Vendo Services (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Ventivmedia.com.xml b/src/chrome/content/rules/Ventivmedia.com.xml
index e092f07d9848..711ee4e28e58 100644
--- a/src/chrome/content/rules/Ventivmedia.com.xml
+++ b/src/chrome/content/rules/Ventivmedia.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://ads.ventivmedia.com/www/delivery/lg.php?bannerid=&campaignid
 Fetch error: http://ads.ventivmedia.com/ => https://ads.ventivmedia.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="ventivmedia.com" default_off='failed ruleset test'>
+<ruleset name="ventivmedia.com" default_off="failed ruleset test">
 
 	<target host="ads.ventivmedia.com" />
 
diff --git a/src/chrome/content/rules/Verbling.com.xml b/src/chrome/content/rules/Verbling.com.xml
index 267df17a2076..c8da64305d61 100644
--- a/src/chrome/content/rules/Verbling.com.xml
+++ b/src/chrome/content/rules/Verbling.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://pt.verbling.com/ => https://pt.verbling.com/: (6, 'Could not
 		- .www.verbling.com
 
 -->
-<ruleset name="Verbling.com" default_off='failed ruleset test'>
+<ruleset name="Verbling.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Verbraucher-Sicher-Online.xml b/src/chrome/content/rules/Verbraucher-Sicher-Online.xml
deleted file mode 100644
index 5d44b359664b..000000000000
--- a/src/chrome/content/rules/Verbraucher-Sicher-Online.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Verbraucher-sicher-online.de">
-<target host="verbraucher-sicher-online.de" />
-<target host="www.verbraucher-sicher-online.de" />
-    <rule from="^http://(?:www\.)?verbraucher-sicher-online\.de/" to="https://www.verbraucher-sicher-online.de/" />
-</ruleset>
-
diff --git a/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml b/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml
index ab175a9a1903..89701fac0906 100644
--- a/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml
+++ b/src/chrome/content/rules/Verbraucherzentrale_Nordrhein-Westfalen.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.vz-nrw.de/ => https://www.vz-nrw.de/: (60, 'SSL certific
 	^meine-verbraucherzentrale.de doesn't exist.
 
 -->
-<ruleset name="Verbraucherzentrale Nordrhein-Westfalen" default_off='failed ruleset test'>
+<ruleset name="Verbraucherzentrale Nordrhein-Westfalen" default_off="failed ruleset test">
 
 	<target host="www.meine-verbraucherzentrale.de" />
 	<target host="ratgeber-verbraucherzentrale.de" />
@@ -22,4 +22,4 @@ Fetch error: http://www.vz-nrw.de/ => https://www.vz-nrw.de/: (60, 'SSL certific
 	<rule from="^http://(www\.)?vz-nrw\.de/"
 		to="https://$1vz-nrw.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Verdad_Media.xml b/src/chrome/content/rules/Verdad_Media.xml
deleted file mode 100644
index b8aeab04b1ea..000000000000
--- a/src/chrome/content/rules/Verdad_Media.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	!www: cert only matches *.verdadmedia.com
-
--->
-<ruleset name="Verdad Media">
-
-	<target host="verdadmedia.com" />
-	<target host="www.verdadmedia.com" />
-
-
-	<rule from="^http://(?:www\.)?verdadmedia\.com/"
-		to="https://www.verdadmedia.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vereinigte-IKK.xml b/src/chrome/content/rules/Vereinigte-IKK.xml
index f1dfe890dcf8..5cf1259ccc15 100644
--- a/src/chrome/content/rules/Vereinigte-IKK.xml
+++ b/src/chrome/content/rules/Vereinigte-IKK.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.vereinigte-ikk.de/ => https://www.vereinigte-ikk.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vereinigte-ikk.de'")
 Fetch error: http://vereinigte-ikk.de/ => https://www.vereinigte-ikk.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.vereinigte-ikk.de'")
 -->
-<ruleset name="Vereinigte IKK" default_off='failed ruleset test'>
+<ruleset name="Vereinigte IKK" default_off="failed ruleset test">
 <target host="www.vereinigte-ikk.de" />
 <target host="vereinigte-ikk.de" />
 <rule from="^http://(?:www\.)?vereinigte-ikk\.de/" to="https://www.vereinigte-ikk.de/"/>
diff --git a/src/chrome/content/rules/Verigames.com.xml b/src/chrome/content/rules/Verigames.com.xml
index 33a79441b336..5b40b5360f8b 100644
--- a/src/chrome/content/rules/Verigames.com.xml
+++ b/src/chrome/content/rules/Verigames.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.verigames.com/ => https://www.verigames.com/: (7, 'Faile
 	* Unsecurable
 
 -->
-<ruleset name="Verigames.com" default_off='failed ruleset test'>
+<ruleset name="Verigames.com" default_off="failed ruleset test">
 
 	<target host="verigames.com" />
 	<target host="www.verigames.com" />
diff --git a/src/chrome/content/rules/Verisign-Inc.com.xml b/src/chrome/content/rules/Verisign-Inc.com.xml
new file mode 100644
index 000000000000..08c1597dd59c
--- /dev/null
+++ b/src/chrome/content/rules/Verisign-Inc.com.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- apis	(t)
+		- apisote	(m)
+		- brn1lxvipp	(t)
+		- cpms-gateway	(t)
+		- forms	(m)
+		- investor	(m)
+		- labs	(m)
+		- m	(m)
+		- portal	(i)
+		- prodinta-pds	(i)
+		- prodinta-portal	(n)
+		- qa-trial	(t)
+		- qa1-trial	(t)
+		- qa3-trial	(t)
+		- registrarprograms	(t)
+		- support	(t)
+		- vcsexp	(n)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign-Inc.com">
+
+	<target host="verisigninc.com" />
+	<target host="www.verisigninc.com" />
+	<target host="blogs.verisigninc.com" />
+	<target host="cap.verisigninc.com" />
+	<target host="pds.verisigninc.com" />
+	<target host="rirs.verisigninc.com" />
+	<target host="support-otp.verisigninc.com" />
+	<target host="trial.verisigninc.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign-Labs.com.xml b/src/chrome/content/rules/Verisign-Labs.com.xml
new file mode 100644
index 000000000000..b90038939207
--- /dev/null
+++ b/src/chrome/content/rules/Verisign-Labs.com.xml
@@ -0,0 +1,58 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- community	(t)
+		- ddn	(t)
+		- jabber	(HTTP 401 error)
+		- mail	(HTTP 401 error)
+		- nodetolink	(t)
+		- pdn	(i)
+		- porttest	(r)
+		- pslam	(t)
+		- qr	(t)
+		- secspider	(r)
+		- vva	(n)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign Labs.com">
+
+	<target host="verisignlabs.com" />
+	<target host="www.verisignlabs.com" />
+	<target host="dnssec-analyzer.verisignlabs.com" />
+	<target host="dnssec-analyzer-json.verisignlabs.com" />
+	<target host="dnssec-debugger.verisignlabs.com" />
+	<target host="dnssec-debugger-json.verisignlabs.com" />
+	<target host="keysizetest.verisignlabs.com" />
+	<target host="keytool.verisignlabs.com" />
+	<target host="lists.verisignlabs.com" />
+	<target host="rdap.verisignlabs.com" />
+	<target host="testprovider.rdap.verisignlabs.com" />
+	<target host="rdap-pilot.verisignlabs.com" />
+	<target host="registrarrdap.verisignlabs.com" />
+	<target host="scoreboard.verisignlabs.com" />
+	<target host="svn.verisignlabs.com" />
+	<target host="techreports.verisignlabs.com" />
+	<target host="tools.verisignlabs.com" />
+	<target host="trans-trust.verisignlabs.com" />
+	<target host="validator-search.verisignlabs.com" />
+	<target host="vtrdap.verisignlabs.com" />
+	<target host="yazvs.verisignlabs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign-grs.com.xml b/src/chrome/content/rules/Verisign-grs.com.xml
new file mode 100644
index 000000000000..c610d2d53065
--- /dev/null
+++ b/src/chrome/content/rules/Verisign-grs.com.xml
@@ -0,0 +1,131 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- api-domainscore	(t)
+		- argus	(t)
+		- argus-brn1	(n)
+		- argus-ilg1	(t)
+		- argusstack1-brn1	(n)
+		- argusstack1-ilg1	(t)
+		- argusstack2-brn1	(n)
+		- argusstack2-ilg1	(t)
+		- ccwhois	(t)
+		- csr	(t)
+		- csr-akms	(t)
+		- csr-domainscore	(t)
+		- csrote	(t)
+		- domainscore	(t)
+		- download	(m)
+		- enhancedsuggestions-beta	(t)
+		- epp	(t)
+		- ipv4.epp	(t)
+		- ipv6.epp	(n)
+		- epp-auto	(t)
+		- ipv4.epp-auto	(t)
+		- ipv6.epp-auto	(n)
+		- epp-ote	(t)
+		- ipv4.epp-ote	(t)
+		- ipv6.epp-ote	(n)
+		- epptool	(t)
+		- hud	(t)
+		- hud-ilg1	(t)
+		- hudstack1-brn1	(t)
+		- hudstack1-ilg1	(t)
+		- hudstack2-brn1	(t)
+		- hudstack2-ilg1	(t)
+		- iargus	(r)
+		- mct	(m)
+		- mctapi	(t)
+		- mdns1	(t)
+		- namelocalizer	(t)
+		- namestore	(t)
+		- namestoreftp	(t)
+		- ipv6.namestoreote	(n)
+		- ipv6.namestoreote-otp	(n)
+		- namestoressl	(t)
+		- ipv4.namestoressl	(t)
+		- ipv6.namestoressl	(n)
+		- nameweb	(n)
+		- ns1	(t)
+		- nsmanager	(t)
+		- ipv4.nsmanager	(t)
+		- ipv6.nsmanager	(n)
+		- ipv6.nsmanager-otp	(n)
+		- ote-akms	(t)
+		- ote-nswapi	(m)
+		- ote-sugapi-vdps	(t)
+		- ote-sugepp	(t)
+		- ote-zms-web	(t)
+		- otessl	(t)
+		- ipv4.otessl	(t)
+		- ipv6.otessl	(n)
+		- pacemaker	(t)
+		- paypal-qa-dotgov	(n)
+		- qa-akms	(n)
+		- qa-auth-spa	(r)
+		- qa-csr-akms	(n)
+		- qa-domaindiscovery	(n)
+		- qa-domaindiscovery-admin	(n)
+		- qa-mbv-api	(n)
+		- qa-mbv-builder	(i)
+		- qa-mbv-csrtool	(n)
+		- qa-mbv-mobileview	(i)
+		- qa-mbv-webtool	(t)
+		- qa-mobiledirect	(i)
+		- qa-mobileviewreseller	(i)
+		- qa-namesuggestion	(t)
+		- qa-nsug	(t)
+		- qa-widget	(t)
+		- rzms-kex	(t)
+		- rzms-kex-ote	(SSL handshake failed)
+		- rzms-ote	(t)
+		- rzname	(t)
+		- srsftp	(n)
+		- sugepp	(n)
+		- tvwhois	(t)
+		- vcc-reports	(t)
+		- vscc-cm-brn	(t)
+		- vscc-dacust	(t)
+		- vscc-dacust-brn	(t)
+		- vscc-dacust-ilg	(t)
+		- vscc-hue1-brn	(t)
+		- vscc-rm-ilg	(t)
+		- whois	(t)
+		- whois2	(t)
+		- zms-web	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign-grs.com">
+
+	<target host="akms.verisign-grs.com" />
+	<target host="auth-whois.verisign-grs.com" />
+	<target host="epptool-ctld.verisign-grs.com" />
+	<target host="ipsapi.verisign-grs.com" />
+	<target host="knowledge.verisign-grs.com" />
+	<target host="namestoreote.verisign-grs.com" />
+	<target host="ipv4.namestoreote.verisign-grs.com" />
+	<target host="namestoreote-otp.verisign-grs.com" />
+	<target host="ipv4.namestoreote-otp.verisign-grs.com" />
+	<target host="naming.verisign-grs.com" />
+	<target host="nsmanager-otp.verisign-grs.com" />
+	<target host="ipv4.nsmanager-otp.verisign-grs.com" />
+	<target host="ote-sugapi.verisign-grs.com" />
+	<target host="registrar.verisign-grs.com" />
+	<target host="sugapi.verisign-grs.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.au.xml b/src/chrome/content/rules/Verisign.com.au.xml
new file mode 100644
index 000000000000..e67807eece1f
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.au.xml
@@ -0,0 +1,49 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- crl	(t)
+		- crl-pilot	(t)
+		- knowledge	(i)
+		- mygatekeeper	(t)
+		- ocsp-pilot	(m)
+		- personalid	(t)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- pki-admin-pilot	(m)
+		- pki-pilot	(m)
+		- query	(ssl handshake failed)
+		- register	(i)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- sslcheck	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.au">
+
+	<target host="verisign.com.au" />
+	<target host="www.verisign.com.au" />
+	<target host="ocsp.verisign.com.au" />
+	<target host="pki.verisign.com.au" />
+	<target host="pki-admin.verisign.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.br.xml b/src/chrome/content/rules/Verisign.com.br.xml
new file mode 100644
index 000000000000..c17422983e26
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.br.xml
@@ -0,0 +1,28 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- query		(SSL handshake failed)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.br">
+
+	<target host="verisign.com.br"/>
+	<target host="www.verisign.com.br"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.hk.xml b/src/chrome/content/rules/Verisign.com.hk.xml
new file mode 100644
index 000000000000..e2d8f52be001
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.hk.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.hk">
+
+	<target host="verisign.com.hk" />
+	<target host="www.verisign.com.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.sg.xml b/src/chrome/content/rules/Verisign.com.sg.xml
new file mode 100644
index 000000000000..b8ea68c4ad7f
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.sg.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.sg">
+
+	<target host="verisign.com.sg" />
+	<target host="www.verisign.com.sg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.com.tw.xml b/src/chrome/content/rules/Verisign.com.tw.xml
new file mode 100644
index 000000000000..68d773dbdeef
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.com.tw.xml
@@ -0,0 +1,35 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.com.tw">
+
+	<target host="verisign.com.tw" />
+	<target host="www.verisign.com.tw" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.dk.xml b/src/chrome/content/rules/Verisign.dk.xml
new file mode 100644
index 000000000000..5ae3681d1a1c
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.dk.xml
@@ -0,0 +1,36 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(SSL handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(SSL handshake failed)
+		- pilot-trust-center	(SSL handshake failed)
+		- query	(SSL handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.dk">
+
+	<target host="verisign.dk" />
+	<target host="www.verisign.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.fr.xml b/src/chrome/content/rules/Verisign.fr.xml
new file mode 100644
index 000000000000..6efac6f441c9
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.fr.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- ispcenter	(SSL handshake failed)
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(SSL handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(SSL handshake failed)
+		- pilot-trust-center	(SSL handshake failed)
+		- query	(SSL handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.fr">
+
+	<target host="verisign.fr" />
+	<target host="www.verisign.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.se.xml b/src/chrome/content/rules/Verisign.se.xml
new file mode 100644
index 000000000000..b32a04213009
--- /dev/null
+++ b/src/chrome/content/rules/Verisign.se.xml
@@ -0,0 +1,37 @@
+<!--
+	For other Verisign coverage, see Verisign.xml
+
+
+	For other Symantec coverage, see Symantec.xml
+
+
+	Non-functional subdomains:
+		- knowledge	(i)
+		- pilot-ssl-certificate-center	(ssl handshake failed)
+		- pilot-ssl-certificate-center-enterprise	(ssl handshake failed)
+		- pilot-trust-center	(ssl handshake failed)
+		- query	(ssl handshake failed)
+		- ssl-certificate-center	(t)
+		- ssl-certificate-center-enterprise	(t)
+		- tracking	(ssl handshake failed)
+		- trust-center	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Verisign.se">
+
+	<target host="verisign.se" />
+	<target host="www.verisign.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verisign.xml b/src/chrome/content/rules/Verisign.xml
index fbc5d0e542d3..b2294fd96eb3 100644
--- a/src/chrome/content/rules/Verisign.xml
+++ b/src/chrome/content/rules/Verisign.xml
@@ -1,137 +1,253 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://www.verisign.com/ (200) => https://www.verisign.com/ (400)
-Fetch error: http://tracking.verisign.com.au/ => https://tracking.verisign.com.au/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://tracking.verisign.com.hk/ => https://tracking.verisign.com.hk/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://tracking.verisign.com.tw/ => https://tracking.verisign.com.tw/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://tracking.verisign.co.nz/ => https://tracking.verisign.co.nz/: (60, 'SSL certificate problem: certificate has expired')
-
-	Problematic domains:
-		Mismatch
-		- forms.verisign.com
-		- www.verisign.be
-		- verisign.co.nz
-		- www.verisign.co.nz
-		- verisign.de
-		- www.verisign.de
-		- verisign.it
-		- www.verisign.it
-		- verisign.nl
-		- www.verisign.nl
-
-		Timeout
-		- mygatekeeper.verisign.com.au
-
-		Expired:
-		- knowledge.verisign.ch
-		- labs.verisign.com
-		- knowledge.verisign.com.au
-		- knowledge.verisign.com.hk
-		- knowledge.verisign.com.sg
-		- knowledge.verisign.com.tw
-		- knowledge.verisign.co.nz
-		- knowledge.verisign.co.uk
-		- knowledge.verisign.dk
-		- knowledge.verisign.de
-		- knowledge.verisign.es
-		- knowledge.verisign.fr
-		- knowledge.verisign.se
-
-		Protocol error
-		- ssl-certificate-center.verisign.ch
-		- trust-center.verisign.ch
-		- ssl-certificate-center.verisign.com.au
-		- trust-center.verisign.com.au
-		- ssl-certificate-center.verisign.com.hk
-		- trust-center.verisign.com.sg
-		- ssl-certificate-center.verisign.com.sg
-		- trust-center.verisign.com.tw
-		- ssl-certificate-center.verisign.com.tw
-		- trust-center.verisign.co.uk
-		- ssl-certificate-center.verisign.co.uk
-		- trust-center.verisign.dk
-		- ssl-certificate-center.verisign.dk
-		- trust-center.verisign.de
-		- ssl-certificate-center.verisign.de
-		- trust-center.verisign.es
-		- ssl-certificate-center.verisign.es
-		- trust-center.verisign.fr
-		- ssl-certificate-center.verisign.fr
-		- trust-center.verisign.se
-		- ssl-certificate-center.verisign.se
-
-	Other Symantec rulesets:
-
-		- Symantec.xml
-		- Verisign_Labs.com.xml
-
+	For other Symantec coverage, see Symantec.xml
+
+
+	Other Verisign rulesets:
+
+
+	Non-functional subdomains:
+		- access	(t)
+		- access.corparch	(t)
+		- accountsdr	(t)
+		- accountsdr-otp	(t)
+		- accountstatus	(t)
+		- activesync	(t)
+		- autodiscover	(t)
+		- autodiscover.corparch	(t)
+		- av	(t)
+		- av.corparch	(t)
+		- avedge	(ssl handshake failed)
+		- avedge-dr	(ssl handshake failed)
+		- avedge.corparch	(n)
+		- brl1lxsfmaildev01	(n)
+		- brn1lxmailin01	(t)
+		- brn1lxmailin02	(t)
+		- brn1lxmailout01	(n)
+		- brn1lxmailout02	(n)
+		- brn1lxsfmail01	(t)
+		- brn1mailers	(n)
+		- buyerauth	(ssl handshake failed)
+		- buyerauth-post	(t)
+		- c42	(n)
+		- careers	(ssl handshake failed)
+		- cboportal	(t)
+		- certmanager-webservices	(ssl handshake failed)
+		- cic	(m)
+		- cicsensor	(m)
+		- connect-ban	(m)
+		- connect-ilg	(i)
+		- connect-qa	(t)
+		- connect-sfo	(t)
+		- mdm.corparch	(t)
+		- cr-payflow	(t)
+		- crl	(m)
+		- csc3-2010-crl	(m)
+		- cxml-xmlpay	(t)
+		- dnssecforum	(t)
+		- e-lync-dir	(m)
+		- ecasconnector	(ssl handshake failed)
+		- forms	(m)
+		- ibm-enroll	(t)
+		- ibm-krs	(t)
+		- images.payflowlink	(m)
+		- infosecgrc	(n)
+		- investor	(i)
+		- ios	(r)
+		- ips	(t)
+		- ispcenter	(ssl handshake failed)
+		- ispcenter-admin	(ssl handshake failed)
+		- ispcenter-enroll	(ssl handshake failed)
+		- jamf	(i)
+		- join.corparch	(t)
+		- labs	(ssl handshake failed)
+		- legacy	(t)
+		- legacy.corparch	(t)
+		- logindr	(t)
+		- logindr-otp	(t)
+		- lwas	(r)
+		- lws-ext.corparch	(t)
+		- lyncdiscover.corparch	(t)
+		- lyncedge-ext.corparch	(r)
+		- lyncrp	(m)
+		- mail1	(n)
+		- mail2	(n)
+		- mail3	(n)
+		- mail4	(n)
+		- mail5	(n)
+		- mail6	(n)
+		- mdmuat	(ssl handshake failed)
+		- meetings-webex	(n)
+		- mmadmin	(ssl handshake failed)
+		- mmadmin-enroll	(m)
+		- mmadmin-manager	(ssl handshake failed)
+		- mmsmonitor-demo	(t)
+		- mobile.corparch	(t)
+		- mydevice	(r)
+		- netexch.clearing	(t)
+		- ocsp	(m)
+		- ocwa	(t)
+		- onlinecontracts-security-services	(t)
+		- onsite-ocsp	(ssl handshake failed)
+		- ote-accountsdr	(t)
+		- ote-accountsdr-otp	(t)
+		- ote-logindr	(t)
+		- ote-logindr-otp	(t)
+		- owas	(t)
+		- payflow	(t)
+		- payflowpro	(t)
+		- payments	(t)
+		- pciscanning.mss	(t)
+		- pic	(t)
+		- pilot-buyerauth	(t)
+		- pilot-buyerauth-post	(t)
+		- pilot-cboportal	(t)
+		- pilot-certmanager-webservices	(ssl handshake failed)
+		- pilot-cxml-xmlpay	(t)
+		- pilot-eca	(ssl handshake failed)
+		- pilot-eca-krs2048	(ssl handshake failed)
+		- pilot-eca2048	(ssl handshake failed)
+		- pilot-ocsp	(ssl handshake failed)
+		- pilot-payflowpro	(t)
+		- pilot-pkiservices	(ssl handshake failed)
+		- pilot-rms	(t)
+		- pilot-vipservices-auth	(ssl handshake failed)
+		- pilot-vipuserservices-auth	(ssl handshake failed)
+		- pilot-vps-psc	(t)
+		- pilotadmin-manager	(ssl handshake failed)
+		- pilotpayments	(t)
+		- pkiservices	(ssl handshake failed)
+		- pmg-acg-users	(m)
+		- pmg2	(t)
+		- qa-namestudio	(n)
+		- qa.domainscope	(n)
+		- qaweb	(r)
+		- query	(ssl handshake failed)
+		- rms	(t)
+		- salesconference09	(m)
+		- sentinel	(t)
+		- sip.corparch	(t)
+		- sipaccess.corparch	(r)
+		- sipexternal	(t)
+		- spark	(n)
+		- sso	(m)
+		- status	(n)
+		- statuschange-test	(n)
+		- test-admin.contentportal	(t)
+		- test-ssev	(ssl handshake failed)
+		- test-sspev	(ssl handshake failed)
+		- test-wap1.contentportal	(t)
+		- test-web1.contentportal	(t)
+		- ued	(ssl handshake failed)
+		- v-lync	(m)
+		- vdpsreports	(t)
+		- verified-domains	(ssl handshake failed)
+		- verify	(m)
+		- vip-fin	(ssl handshake failed)
+		- vps-psc	(t)
+		- vsc	(t)
+		- vulnerabilityscanning.mss	(t)
+		- webcon	(t)
+		- webcon.corparch	(n)
+		- webconf	(ssl connection error)
+		- webconf-dr	(ssl connection error)
+		- webconf.corparch	(i)
+		- webmail	(t)
+		- webmail.corparch	(t)
+		- webproxydr	(t)
+		- webproxydr-otp	(t)
+		- xml-reg	(t)
+		- xmpp	(n)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	n: no route to host
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
-<ruleset name="VeriSign (partial)" default_off='failed ruleset test'>
-	<target host="verisign.ch"/>
-	<target host="www.verisign.ch"/>
+<ruleset name="VeriSign">
 
-	<target host="verisign.com"/>
+	<target host="verisign.com" />
 	<target host="www.verisign.com" />
-	<!-- Incomplete certificate chain
-		target host="blogs.verisign.com" /-->
+	<target host="accounts-otp.verisign.com" />
+	<target host="admin-manager.verisign.com" />
+	<target host="alertus.verisign.com" />
+	<target host="authentication.verisign.com" />
+	<target host="blog.verisign.com" />
+	<target host="blogs.verisign.com" />
+	<target host="certmanager.verisign.com" />
+	<target host="connect.verisign.com" />
+	<target host="connect-asa.verisign.com" />
+	<target host="connect-brn.verisign.com" />
+	<target host="connect-fri.verisign.com" />
+	<target host="connect-mel.verisign.com" />
+	<target host="developer.verisign.com" />
+	<target host="device.verisign.com" />
+	<target host="device-admin.verisign.com" />
+	<target host="device-admin-enroll.verisign.com" />
+	<target host="device-admin-manager.verisign.com" />
+	<target host="ote-m.domainscope.verisign.com" />
+	<target host="epki-admin.verisign.com" />
 	<target host="extended-validation-ssl.verisign.com" />
 	<target host="idprotect.verisign.com" />
-	<target host="idefense.verisign.com" />
-	<target host="investor.verisign.com" />
+	<target host="join.verisign.com" />
+	<target host="login.verisign.com" />
+	<target host="login-otp.verisign.com" />
+	<target host="lws-ext.verisign.com" />
+	<target host="lws-ext-dr.verisign.com" />
+	<target host="lyncdiscover.verisign.com" />
+	<target host="mdm1.verisign.com" />
 	<target host="mdns.verisign.com" />
+	<target host="mybetter.verisign.com" />
+	<target host="onsite.verisign.com" />
+	<target host="onsite-admin.verisign.com" />
+	<target host="ote-accounts.verisign.com" />
+	<target host="ote-accounts-otp.verisign.com" />
+	<target host="ote-domainscope.verisign.com" />
+	<target host="ote-login.verisign.com" />
+	<target host="ote-login-otp.verisign.com" />
+	<target host="pilot-authentication.verisign.com" />
+	<target host="pilot-epki-admin.verisign.com" />
+	<target host="pilot-ua.verisign.com" />
+	<target host="pilot-vipmanager.verisign.com" />
+	<target host="pilot-vipservices.verisign.com" />
+	<target host="pilot-vipuserservices.verisign.com" />
+	<target host="pilotonsite.verisign.com" />
+	<target host="pilotonsite-admin.verisign.com" />
+	<target host="pilotsc-admin-enroll.verisign.com" />
+	<target host="publicdnsforum.verisign.com" />
+	<target host="regprofile.verisign.com" />
+	<target host="ro-otp.verisign.com" />
+	<target host="sc-admin-enroll.verisign.com" />
 	<target host="seal.verisign.com" />
 	<target host="sealinfo.verisign.com" />
+	<target host="sip.verisign.com" />
+	<target host="sipaccess.verisign.com" />
+	<target host="sipaccess-dr.verisign.com" />
+	<target host="startonline.verisign.com" />
+	<target host="styleguide.verisign.com" />
+	<target host="toolbar.verisign.com" />
+	<target host="trustseal.verisign.com" />
 	<target host="trustsealinfo.verisign.com" />
-		<test url="http://trustsealinfo.verisign.com/splash?form_file=fdf/splash.fdf&amp;dn=" />
+	<target host="ua.verisign.com" />
+	<target host="usertesting.verisign.com" />
 	<target host="vidn.verisign.com" />
+	<target host="vip-ssp.verisign.com" />
+	<target host="vipdesktop.verisign.com" />
+	<target host="vipmobile.verisign.com" />
+	<target host="vipservices.verisign.com" />
+	<target host="viptoolbar.verisign.com" />
+	<target host="vipuserservices.verisign.com" />
+	<target host="votreidee.verisign.com" />
+	<target host="vpn.verisign.com" />
+	<target host="vpn-brn.verisign.com" />
+	<target host="vpn-fri.verisign.com" />
+	<target host="vpn-ilg.verisign.com" />
+	<target host="vpn-mel.verisign.com" />
+
+	<rule from="^http:"
+		to="https:" />
 
-	<target host="verisign.com.au"/>
-	<target host="tracking.verisign.com.au"/>
-	<target host="www.verisign.com.au"/>
-
-	<target host="verisign.com.br"/>
-	<target host="www.verisign.com.br"/>
-
-	<target host="verisign.com.hk"/>
-	<target host="tracking.verisign.com.hk"/>
-	<target host="www.verisign.com.hk"/>
-
-	<target host="verisign.com.sg"/>
-	<target host="www.verisign.com.sg"/>
-
-	<target host="verisign.com.tw"/>
-	<target host="tracking.verisign.com.tw"/>
-	<target host="www.verisign.com.tw"/>
-
-	<target host="verisign.co.jp"/>
-	<target host="www.verisign.co.jp"/>
-
-	<target host="tracking.verisign.co.nz"/>
-
-	<target host="verisign.co.uk"/>
-	<target host="www.verisign.co.uk"/>
-
-	<target host="verisign.dk"/>
-	<target host="www.verisign.dk"/>
-
-	<target host="verisign.es"/>
-	<target host="www.verisign.es"/>
-
-	<target host="verisign.fr"/>
-	<target host="www.verisign.fr"/>
-
-	<target host="verisign.se"/>
-	<target host="www.verisign.se"/>
-
-	<target host="knowledge.verisign-grs.com"/>
-
-	<target host="verisigninc.com"/>
-	<target host="www.verisigninc.com"/>
-
-	<target host="www.verisign-japan-domain.com"/>
-
-	<securecookie host="^(?:.*\.)?verisign(?:inc)?\.com$" name=".+" />
-
-	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Verisign_Labs.com.xml b/src/chrome/content/rules/Verisign_Labs.com.xml
deleted file mode 100644
index 7ced974d69cb..000000000000
--- a/src/chrome/content/rules/Verisign_Labs.com.xml
+++ /dev/null
@@ -1,59 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://good.dane.verisignlabs.com/ => https://good.dane.verisignlabs.com/: (6, 'Could not resolve host: good.dane.verisignlabs.com')
-
-	For other Verisign coverage, see Verisign.xml.
-
-
-	Nonfunctional hosts in *verisignlabs.com:
-
-		- dane ¹
-		- dnssec-debugger ¹
-		- keytool ¹
-		- jabber ¹
-		- mail ¹
-		- scoreboard ¹
-		- secspider ²
-		- tld-mon ¹
-		- trans-trust ¹
-		- yazvs ¹
-
-	¹ Shows ^
-	² Refused
-
-
-	Fully covered subdomains:
-
-		- (www.)
-
-		- *.dane:
-
-			- bad-hash
-			- bad-params
-			- good
-
-		- lists
-		- svn
-		- tools
-
--->
-<ruleset name="Verisign Labs.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="verisignlabs.com" />
-	<target host="*.dane.verisignlabs.com" />
-	<target host="lists.verisignlabs.com" />
-	<target host="pip.verisignlabs.com" />
-	<target host="svn.verisignlabs.com" />
-	<target host="tools.verisignlabs.com" />
-	<target host="www.verisignlabs.com" />
-
-		<test url="http://good.dane.verisignlabs.com/" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Verivox.xml b/src/chrome/content/rules/Verivox.xml
index a43f4fed039b..51786cc7a2f6 100644
--- a/src/chrome/content/rules/Verivox.xml
+++ b/src/chrome/content/rules/Verivox.xml
@@ -13,7 +13,8 @@
 
 	<target host="verivox.de" />
 	<target host="www.verivox.de" />
-	<target host="*.vxcdn.com" />
+	<target host="css.vxcdn.com" />
+	<target host="img.vxcdn.com" />
 	<target host="partner.vxcp.de" />
 
 
diff --git a/src/chrome/content/rules/Verizon-Enterprise.xml b/src/chrome/content/rules/Verizon-Enterprise.xml
new file mode 100644
index 000000000000..7e0ad0befc92
--- /dev/null
+++ b/src/chrome/content/rules/Verizon-Enterprise.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Verizon coverage, see Verizon.xml.
+
+	- !www: mismatched, CN: www.verizonbusiness.com
+	- Some paths redirect to http
+-->
+
+<ruleset name="Verizon Enterprise (partial)">
+	<target host="verizonenterprise.com" />
+	<target host="www.verizonenterprise.com" />
+
+	<!-- Explicitly exclude all but those that match custom rule to pass CI builds -->
+	<exclusion pattern="^http://(www\.)?verizonenterprise\.com/(?!.*gfx|.*templates)" />
+		<test url="http://verizonenterprise.com/about/" />
+		<test url="http://verizonenterprise.com/industry/" />
+		<test url="http://verizonenterprise.com/vdms/" />
+		<test url="http://www.verizonenterprise.com/about/" />
+		<test url="http://www.verizonenterprise.com/industry/" />
+		<test url="http://www.verizonenterprise.com/vdms/" />
+
+	<rule from="^http://(www\.)?verizonenterprise\.com/(gfx|templates)/"
+		to="https://www.verizonenterprise.com/$2/" />
+		<test url="http://verizonenterprise.com/gfx/" />
+		<test url="http://verizonenterprise.com/templates/" />
+		<test url="http://www.verizonenterprise.com/gfx/" />
+		<test url="http://www.verizonenterprise.com/templates/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verizon-Wireless.xml b/src/chrome/content/rules/Verizon-Wireless.xml
new file mode 100644
index 000000000000..a29ace856828
--- /dev/null
+++ b/src/chrome/content/rules/Verizon-Wireless.xml
@@ -0,0 +1,138 @@
+<!--
+	For other Verizon coverage, see Verizon.xml.
+
+
+	CDN buckets:
+
+		- cache.vzw.com.edgesuite.net
+
+		- ehg-35vzw.1p.hitbox.com
+
+			- www35.vzw.com
+
+
+	Nonfunctional domains:
+
+		- devices.verizonwireless.com		(503)
+		- droiddoes.verizonwireless.com		(redirects to www.droiddoes, akamai)
+		- network4g.verizonwireless.com		(503, akamai)
+
+
+	Problematic domains:
+
+		- verizonwireless.com
+		- analytics.verizonwireless.com		(mismatched, CN: *.112.2o7.net)
+		- community.verizonwireless.com, chain issue (missing intermediate)
+		- m.verizonwireless.com, equivalent to www.verizonwireless.com
+		- vzwworkshops.verizonwireless.com, expired certificate
+		- (www.)vzw.com				(cert only matches verizonwireless.com)
+		- aboutus.vzw.com			(invalid certificate, equivalent to aboutus.verizonwireless.com)
+		- cache.vzw.com				(akamai)
+		- espanol2.vzw.com			(invalid certificate, equivalent to es.verizonwireless.com)
+		- (www.)lte.vzw.com			(times out)
+		- picture.vzw.com, connection refused
+		- s7.vzw.com				(akamai)
+		- www35.vzw.com				(not vital: web bugs; expired 2012-03-03)
+
+
+	Fully covered domains:
+
+		- verizonwireless.com subdomains:
+			- (www.)
+			- aboutus
+			- b2b
+			- billpaysvc
+			- businessportals
+			- login
+			- mblogin
+			- mediastore
+			- myaccount
+			- news
+			- opennetwork
+			- products
+			- psearch
+			- ringtones
+			- sanalytics
+			- videos
+			- wbillpay
+
+		vzw.com subdomains:
+			- (www.)
+			- b2b
+			- cache
+			- ecache
+			- espanol
+			- mediaimages
+			- scache
+			- ss7
+			- text
+			- trade-in
+			- www.trade-in
+-->
+<ruleset name="Verizon Wireless">
+
+	<target host="verizonwireless.com" />
+	<target host="www.verizonwireless.com" />
+	<target host="m.verizonwireless.com" />
+	<target host="aboutus.verizonwireless.com" />
+	<target host="b2b.verizonwireless.com" />
+	<target host="billpaysvc.verizonwireless.com" />
+	<target host="businessportals.verizonwireless.com" />
+	<target host="login.verizonwireless.com" />
+	<target host="mblogin.verizonwireless.com" />
+	<target host="mediastore.verizonwireless.com" />
+	<target host="myaccount.verizonwireless.com" />
+	<target host="news.verizonwireless.com" />
+	<target host="opennetwork.verizonwireless.com" />
+	<target host="products.verizonwireless.com" />
+	<target host="psearch.verizonwireless.com" />
+	<target host="ringtones.verizonwireless.com" />
+	<target host="sanalytics.verizonwireless.com" />
+	<target host="support.verizonwireless.com" />
+	<target host="videos.verizonwireless.com" />
+	<target host="wbillpay.verizonwireless.com" />
+	<target host="analytics.verizonwireless.com" />
+	<target host="vzw.com" />
+	<target host="www.vzw.com" />
+	<target host="aboutus.vzw.com" />
+	<target host="espanol2.vzw.com" />
+	<target host="b2b.vzw.com" />
+	<target host="ecache.vzw.com" />
+	<target host="espanol.vzw.com" />
+	<target host="mediaimages.vzw.com" />
+	<target host="scache.vzw.com" />
+	<target host="text.vzw.com" />
+	<target host="trade-in.vzw.com" />
+	<target host="www.trade-in.vzw.com" />
+
+	<!-- mixed content from scene7.com -->
+	<exclusion pattern="http://www\.verizonwireless\.com/landingpages/verizon-messages/" />
+
+	<!-- breaks video on https://www.verizonwireless.com/wcms/myverizon/smart-rewards.html and
+		http://www.verizonwireless.com/landingpages/verizon-messages/
+		See https://github.com/EFForg/https-everywhere/issues/2430 -->
+	<exclusion pattern="http://s7.vzw.com/" />
+
+	<securecookie host="^.*\.verizonwireless\.com$" name=".+" />
+	<securecookie host="^.*\.vzw\.com$" name=".+" />
+
+
+	<!--	vzw.com redirects like so.
+						-->
+	<rule from="^http://(www\.)?(verizonwireless|vzw)\.com/"
+		to="https://www.verizonwireless.com/" />
+
+	<rule from="^http://m\.verizonwireless\.com/"
+		to="https://www.verizonwireless.com/" />
+
+	<rule from="^http://aboutus\.vzw\.com/"
+		to="https://aboutus.verizonwireless.com/" />
+
+	<rule from="^http://espanol2\.vzw\.com/"
+		  to="https://es.verizonwireless.com/" />
+
+	<rule from="^http://analytics\.verizonwireless\.com/"
+		to="https://verizonwireless.112.2o7.net/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Verizon.xml b/src/chrome/content/rules/Verizon.xml
index 8d08d06805e8..773409eaa2a4 100644
--- a/src/chrome/content/rules/Verizon.xml
+++ b/src/chrome/content/rules/Verizon.xml
@@ -4,8 +4,8 @@
 		- Share_the_Network.xml
 		- verizon.net.xml
 		- verizonbusiness.com.xml
-		- Verizon_Enterprise.xml
-		- Verizon_Wireless.xml
+		- Verizon-Enterprise.xml
+		- Verizon-Wireless.xml
 
 
 	CDN buckets:
@@ -56,7 +56,7 @@
 
 	** ?lid=//global//residential redirects
 
-	* See: 
+	* See:
 		- https://lists.eff.org/pipermail/https-everywhere/2011-November/001237.html
 		- https://lists.eff.org/pipermail/https-everywhere-rules/2012-February/001003.html
 
diff --git a/src/chrome/content/rules/Verizon_Enterprise.xml b/src/chrome/content/rules/Verizon_Enterprise.xml
deleted file mode 100644
index c06803512404..000000000000
--- a/src/chrome/content/rules/Verizon_Enterprise.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Verizon coverage, see Verizon.xml.
-
-
-	- !www: mismatched, CN: www.verizonbusiness.com
-	- Some paths redirect to http
-
--->
-<ruleset name="Verizon Enterprise (partial)">
-
-	<target host="verizonenterprise.com" />
-	<target host="www.verizonenterprise.com" />
-
-
-	<!--	Redirects to http first:
-						-->
-	<rule from="^http://(?:www\.)?verizonenterprise\.com/Support(?:\?.*)?$"
-		to="https://www.verizonenterprise.com/Support/" />
-
-	<rule from="^http://(?:www\.)?verizonenterprise\.com/(gfx|Support|templates)/"
-		to="https://www.verizonenterprise.com/$1/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Verizon_Wireless.xml b/src/chrome/content/rules/Verizon_Wireless.xml
deleted file mode 100644
index 377714c9eeb6..000000000000
--- a/src/chrome/content/rules/Verizon_Wireless.xml
+++ /dev/null
@@ -1,124 +0,0 @@
-<!--
-	For other Verizon coverage, see Verizon.xml.
-
-
-	CDN buckets:
-
-		- cache.vzw.com.edgesuite.net
-
-		- ehg-35vzw.1p.hitbox.com
-
-			- www35.vzw.com
-
-
-	Nonfunctional domains:
-
-		- devices.verizonwireless.com		(503)
-		- droiddoes.verizonwireless.com		(redirects to www.droiddoes, akamai)
-		- network4g.verizonwireless.com		(503, akamai)
-
-
-	Problematic domains:
-
-		- verizonwireless.com
-		- analytics.verizonwireless.com		(mismatched, CN: *.112.2o7.net)
-		- (www.)vzw.com				(cert only matches verizonwireless.com)
-		- cache.vzw.com				(akamai)
-		- lte.vzw.com				(cert only matches www.lte.wzw.com
-		- trade-in.vzw.com			(cert only matches www.trade-in)
-		- s7.vzw.com				(akamai)
-		- www35.vzw.com				(not vital: web bugs; expired 2012-03-03)
-
-
-	Fully covered domains:
-
-		- verizonwireless.com subdomains:
-
-			- (www.)
-			- aboutus
-			- b2b
-			- billpaysvc
-			- businessportals
-			- community
-			- login
-			- m
-			- mblogin
-			- mediastore
-			- myaccount
-			- news
-			- opennetwork
-			- products
-			- psearch
-			- ringtones
-			- sanalytics
-			- videos
-			- wbillpay
-			- wizard
-			- vzwworkshops
-
-		vzw.com subdomains:
-
-			- (www.)
-			- aboutus
-			- alerts
-			- b2b
-			- cache
-			- ecache
-			- espanol
-			- espanol2
-			- lte		(→ www.lte.vzw.com)
-			- www.lte
-			- mediaimages
-			- picture
-			- scache
-			- ss7
-			- text
-			- www.trade-in
-			- wallpaper
-
-
-	Wildcard cookies:
-
-		- *.picture.vzw.com
-
--->
-<ruleset name="Verizon Wireless">
-
-	<target host="verizonwireless.com" />
-	<target host="*.verizonwireless.com" />
-	<target host="vzw.com" />
-	<target host="*.vzw.com" />
-
-	<!-- mixed content from scene7.com -->
-	<exclusion pattern="http://www\.verizonwireless\.com/landingpages/verizon-messages/" />
-
-	<!-- breaks video on https://www.verizonwireless.com/wcms/myverizon/smart-rewards.html and
-		http://www.verizonwireless.com/landingpages/verizon-messages/ 
-		See https://github.com/EFForg/https-everywhere/issues/2430 -->
-	<exclusion pattern="http://s7.vzw.com/" />
-
-	<securecookie host="^.*\.verizonwireless\.com$" name=".+" />
-	<securecookie host="^.*\.vzw\.com$" name=".+" />
-
-
-	<!--	vzw.com redirects like so.
-						-->
-	<rule from="^http://(?:www\.)?v(?:erizonwireless|zw)\.com/"
-		to="https://www.verizonwireless.com/" />
-
-	<rule from="^http://(aboutus|b2b|billpaysvc|businessportals|community|login|m|mblogin|mediastore|myaccount|news|opennetwork|products|psearch|ringtones|sanalytics|support|videos|wbillpay|wizard|vzwworkshops)\.verizonwireless\.com/"
-		to="https://$1.verizonwireless.com/" />
-
-	<rule from="^http://analytics\.verizonwireless\.com/"
-		to="https://verizonwireless.112.2o7.net/" />
-
-	<rule from="^http://(aboutus|alerts|b2b|ecache|espanol2?|mediaimages|picture|text|wallpaper)\.vzw\.com/"
-		to="https://$1.vzw.com/" />
-
-	<rule from="^http://(?:www\.)?(lte|trade-in)\.vzw\.com/"
-		to="https://www.$1.vzw.com/" />
-
-	<rule from="^http://scache\.vzw\.com/"
-		to="https://scache.vzw.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Verkkomaksut.fi.xml b/src/chrome/content/rules/Verkkomaksut.fi.xml
index f7b968aab11c..d68c2e481440 100644
--- a/src/chrome/content/rules/Verkkomaksut.fi.xml
+++ b/src/chrome/content/rules/Verkkomaksut.fi.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VeronikaMaine.xml b/src/chrome/content/rules/VeronikaMaine.xml
index c4ebef6d39ca..3bb7c9fe5e60 100644
--- a/src/chrome/content/rules/VeronikaMaine.xml
+++ b/src/chrome/content/rules/VeronikaMaine.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VersaCart_Systems.xml b/src/chrome/content/rules/VersaCart_Systems.xml
index 94d9e5501c6b..6053894f1dc9 100644
--- a/src/chrome/content/rules/VersaCart_Systems.xml
+++ b/src/chrome/content/rules/VersaCart_Systems.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Versus-Technologies.xml b/src/chrome/content/rules/Versus-Technologies.xml
index 73f600192686..653725c9d657 100644
--- a/src/chrome/content/rules/Versus-Technologies.xml
+++ b/src/chrome/content/rules/Versus-Technologies.xml
@@ -7,7 +7,7 @@ Fetch error: http://vstech.net/ => https://vstech.net/: Cycle detected - URL alr
 	<target host="vstech.net"/>
 	<target host="*.vstech.net"/>
 
-	<securecookie host="^(?:.*\.)?vstech\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(\w+\.)?vstech\.net/"
 		to="https://$1vstech.net/"/>
diff --git a/src/chrome/content/rules/Vertical-Media.xml b/src/chrome/content/rules/Vertical-Media.xml
index de8a9575e867..453c32e5474a 100644
--- a/src/chrome/content/rules/Vertical-Media.xml
+++ b/src/chrome/content/rules/Vertical-Media.xml
@@ -9,7 +9,7 @@ Fetch error: http://mail.verticalmedia.com/ => https://mail.verticalmedia.com/:
 		- (www.)verticalmedia.com	(cert: *.securesites.net; redirects to www.alltrips.com over http,
 						shows Vertical Media logo and "vmcorp1.serverpros.com" over https)
 -->
-<ruleset name="Vertical Media (partial)" default_off='failed ruleset test'>
+<ruleset name="Vertical Media (partial)" default_off="failed ruleset test">
 
 	<target host="mail.verticalmedia.com"/>
 
diff --git a/src/chrome/content/rules/Vertical-Web-Media.xml b/src/chrome/content/rules/Vertical-Web-Media.xml
index 3695a4161a27..52beacfa05b1 100644
--- a/src/chrome/content/rules/Vertical-Web-Media.xml
+++ b/src/chrome/content/rules/Vertical-Web-Media.xml
@@ -2,9 +2,9 @@
 
 	<target host="internetretailer.com"/>
 	<!--	* for cross-domain cookie	-->
-	<target host="*.internetretailer.com"/>
+	<target host="www.internetretailer.com" />
 
-	<securecookie host="^(?:.*\.)?internetretailer\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	cert !valid for !www	-->
 	<rule from="^http://(?:www\.)?internetretailer\.com/"
diff --git a/src/chrome/content/rules/Vertriebsassistent.de.xml b/src/chrome/content/rules/Vertriebsassistent.de.xml
index c2a4592ed7ac..e7e29373fe38 100644
--- a/src/chrome/content/rules/Vertriebsassistent.de.xml
+++ b/src/chrome/content/rules/Vertriebsassistent.de.xml
@@ -24,4 +24,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vertx.com.xml b/src/chrome/content/rules/Vertx.com.xml
new file mode 100644
index 000000000000..dd32c649dc40
--- /dev/null
+++ b/src/chrome/content/rules/Vertx.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="Vertx.com">
+	<target host="vertx.com" />
+	<target host="www.vertx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Veruta.com.xml b/src/chrome/content/rules/Veruta.com.xml
deleted file mode 100644
index 40d593fadec3..000000000000
--- a/src/chrome/content/rules/Veruta.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Fully covered subdomains:
-
-		- adserver
-		- w.p
-
--->
-<ruleset name="Veruta.com">
-
-	<target host="adserver.veruta.com" />
-	<target host="w.p.veruta.com" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Verwaltung_Online.xml b/src/chrome/content/rules/Verwaltung_Online.xml
index 5f72bd81aa4c..4c7ce8aecaac 100644
--- a/src/chrome/content/rules/Verwaltung_Online.xml
+++ b/src/chrome/content/rules/Verwaltung_Online.xml
@@ -1,6 +1,7 @@
 <!--
 	Other bund.de rulesets:
 	- badv.bund.de.xml
+	- baf.bund.de.xml
 	- bag.bund.de.xml
 	- bakoev.bund.de.xml
 	- baks.bund.de.xml
@@ -10,9 +11,15 @@
 	- bbsr.bund.de.xml
 	- BDBOS.bund.de.xml
 	- bescha.bund.de.xml
+	- BEV.bund.de.xml
 	- bfe.bund.de.xml
+	- BfDI.bund.de.xml
+	- BfR.bund.de.xml
 	- BGR.bund.de.xml
+	- BiB.bund.de.xml
 	- BMVg.de.xml
+	- BSH.de.xml
+	- bstu.bund.de.xml
 	- Bundesamt_fuer_Kartographie_und_Geodaesie.xml
 	- Bundesamt_fuer_Strahlenschutz.xml
 	- Bundesministerium_des_Innern.xml
@@ -20,6 +27,7 @@
 	- bvl.bund.de.xml
 	- Federal-Office-for-Information-Security.xml
 	- Federal_Office_of_Administration.xml
+	- KKR.bund.de.xml
 	- lernplattform-bakoev.bund.de.xml
 	- Umweltbundesamt.de.xml
 -->
diff --git a/src/chrome/content/rules/Verzekeringssite.nl.xml b/src/chrome/content/rules/Verzekeringssite.nl.xml
index e3b7cef22461..80af66ce5555 100644
--- a/src/chrome/content/rules/Verzekeringssite.nl.xml
+++ b/src/chrome/content/rules/Verzekeringssite.nl.xml
@@ -9,7 +9,7 @@ Fetch error: http://verzekeringssite.nl/ => https://www.verzekeringssite.nl/: (5
 	- blog 404s
 
 -->
-<ruleset name="Verzekeringssite.nl (partial)" default_off='failed ruleset test'>
+<ruleset name="Verzekeringssite.nl (partial)" default_off="failed ruleset test">
 
 	<target host="verzekeringssite.nl" />
 	<target host="*.verzekeringssite.nl" />
diff --git a/src/chrome/content/rules/Vesess.xml b/src/chrome/content/rules/Vesess.xml
index f5ee327aeb85..560458b12aa7 100644
--- a/src/chrome/content/rules/Vesess.xml
+++ b/src/chrome/content/rules/Vesess.xml
@@ -14,7 +14,7 @@
 	* Shows default page
 
 -->
-<ruleset name="CurdBee.com (partial)" default_off="untrusted root">
+<ruleset name="CurdBee.com (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vessel.xml b/src/chrome/content/rules/Vessel.xml
index 0c692d9ec397..9ffa8b55e51b 100644
--- a/src/chrome/content/rules/Vessel.xml
+++ b/src/chrome/content/rules/Vessel.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Veuwer.xml b/src/chrome/content/rules/Veuwer.xml
index d985825a6218..5fed9d30639c 100644
--- a/src/chrome/content/rules/Veuwer.xml
+++ b/src/chrome/content/rules/Veuwer.xml
@@ -6,7 +6,7 @@ Fetch error: http://veuwer.com/ => https://veuwer.com/: (7, 'Failed to connect t
 Fetch error: http://www.veuwer.com/ => https://veuwer.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Veuwer" default_off='failed ruleset test'>
+<ruleset name="Veuwer" default_off="failed ruleset test">
 	<target host=    "veuwer.com" />
 	<target host="www.veuwer.com" />
 
diff --git a/src/chrome/content/rules/Vhs-lkr-ansbach.de.xml b/src/chrome/content/rules/Vhs-lkr-ansbach.de.xml
new file mode 100644
index 000000000000..7f19e5b5db09
--- /dev/null
+++ b/src/chrome/content/rules/Vhs-lkr-ansbach.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Vhs-lkr-ansbach.de">
+	<target host="vhs-lkr-ansbach.de" />
+	<target host="www.vhs-lkr-ansbach.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Viacom.xml b/src/chrome/content/rules/Viacom.xml
index 1d5b5c225fbc..0fb14c8a5cb7 100644
--- a/src/chrome/content/rules/Viacom.xml
+++ b/src/chrome/content/rules/Viacom.xml
@@ -21,7 +21,7 @@ Fetch error: http://specials.mtvnn.com/ => https://specials.mtvnn.com/: (60, 'SS
 		- mtvplay.tv
 		- www.mtvplay.tv
 -->
-<ruleset name="Viacom" default_off='failed ruleset test'>
+<ruleset name="Viacom" default_off="failed ruleset test">
 	<target host="secure.iphone.mtvn.com" />
 	<target host="api.mtvnn.com" />
 	<target host="specials.mtvnn.com" />
diff --git a/src/chrome/content/rules/Viaduct.io.xml b/src/chrome/content/rules/Viaduct.io.xml
index 389df7cf4948..7172ac9ff817 100644
--- a/src/chrome/content/rules/Viaduct.io.xml
+++ b/src/chrome/content/rules/Viaduct.io.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.viaduct.io/ => https://www.viaduct.io/: (51, "SSL: no al
 		- status.viaduct.io
 
 -->
-<ruleset name="Viaduct.io" default_off='failed ruleset test'>
+<ruleset name="Viaduct.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Viazul.com.xml b/src/chrome/content/rules/Viazul.com.xml
new file mode 100644
index 000000000000..9063cc0d21ce
--- /dev/null
+++ b/src/chrome/content/rules/Viazul.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Nonfunctional hosts in *.viazul.com:
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Viazul.com">
+	<target host="viazul.com" />
+	<target host="www.viazul.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Viber.xml b/src/chrome/content/rules/Viber.xml
index be6a576a001e..348508d20086 100644
--- a/src/chrome/content/rules/Viber.xml
+++ b/src/chrome/content/rules/Viber.xml
@@ -40,7 +40,7 @@ Non-2xx HTTP code: http://helpme.viber.com/ (200) => https://viber.kayako.com/ (
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Viber.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Viber.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vibrant.xml b/src/chrome/content/rules/Vibrant.xml
index bbf7bf84a49b..c68f76421cdf 100644
--- a/src/chrome/content/rules/Vibrant.xml
+++ b/src/chrome/content/rules/Vibrant.xml
@@ -9,7 +9,7 @@ Fetch error: http://vibrantmedia.com/ => https://vibrantmedia.com/: (60, 'SSL ce
 		- *.us.intellitxt.com	(times out; where * is a unique subdomain for each client)
 
 -->
-<ruleset name="Vibrant" default_off='failed ruleset test'>
+<ruleset name="Vibrant" default_off="failed ruleset test">
 
 	<target host="vibrantmedia.com" />
 	<target host="www.vibrantmedia.com" />
diff --git a/src/chrome/content/rules/Vice-problematic.xml b/src/chrome/content/rules/Vice-problematic.xml
deleted file mode 100644
index f62bdf0dde83..000000000000
--- a/src/chrome/content/rules/Vice-problematic.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules that are on by default, see Vice.xml.
-
--->
-<ruleset name="Vice.com (problematic)" default_off="expired, mismatched">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="shop.vice.com" />
-	<target host="socials.vice.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vice.xml b/src/chrome/content/rules/Vice.xml
index 6861d7a955a2..3b5f662ff7fc 100644
--- a/src/chrome/content/rules/Vice.xml
+++ b/src/chrome/content/rules/Vice.xml
@@ -1,7 +1,4 @@
 <!--
-	For problematic rules, see Vice-problematic.xml.
-
-
 	Other Vice Media rulesets:
 
 		- Motherboard.tv.xml
@@ -9,49 +6,14 @@
 		- viceland.com.xml
 
 
-	Nonfunctional domains:
-
-		- (www.)?noisey.cn
-
-
-	CDN buckets:
-
-
-		- ec2-184-73-100-150.compute-1.amazonaws.com
-		- scs-assets.s3.amazonaws.com
-		- d19o6jcqbnxtyy.cloudfront.net
-
-		- d1qzzfctbfyh6r.cloudfront.net
-
-			- assets.vice.com
-
-		- d1ymkg0yqrfr5q.cloudfront.net
-		- df5qbu832tmne.cloudfront.net
-
-			- assets.thumb.vice.com
-
-		- motherboard.vice.com.edgesuite.net
-		- motherboard-cdn-assets.vice.com.edgesuite.net
-
-
-	Problematic hosts in *vice.com:
-
-		- assets ¹
-		- link ¹
-		- shop ³ ⁴
-		- assets.thump ¹
-		- socials.uk ⁵
-
-	¹ cloudfront
-	¹ Mismatched
-	³ Expired
-	⁴ Self-signed
-	⁵ Revoked
-
+	Non-functional hosts:
 
-	Insecure cookies are set for these hosts:
+		Timeout:
+		- socials.uk.vice.com
 
-		- manage.vice.com
+		Certificate mismatched:
+		- link.vice.com
+		- assets.thump.vice.com
 
 
 	Mixed content:
@@ -76,9 +38,10 @@
 -->
 <ruleset name="Vice.com (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="vice.com" />
+	<target host="www.vice.com" />
+	<test url="http://www.vice.com/stuff" />
+	<target host="assets.vice.com" />
 	<target host="assets2.vice.com" />
 	<target host="assets-news.vice.com" />
 	<target host="assets-sports.vice.com" />
@@ -94,58 +57,22 @@
 	<target host="motherboard-images.vice.com" />
 	<target host="munchies.vice.com" />
 	<target host="news.vice.com" />
+	<test url="http://news.vice.com/shows" />
 	<target host="news-images.vice.com" />
 	<target host="noisey.vice.com" />
 	<target host="scs-assets-cdn.vice.com" />
+	<target host="shop.vice.com" />
 	<target host="sports.vice.com" />
 	<target host="sports-images.vice.com" />
 	<target host="staging-assets-news.vice.com" />
+	<target host="store.vice.com" />
 	<target host="thecreatorsproject.vice.com" />
 	<target host="thecreatorsproject-images.vice.com" />
 	<target host="thump.vice.com" />
 	<target host="vice-sundry-assets-cdn.vice.com" />
-	<target host="www.vice.com" />
-
-	<!--	Complications:
-				-->
-	<target host="assets.vice.com" />
-	<target host="link.vice.com" />
-	<target host="assets.thump.vice.com" />
-
-		<!--exclusion pattern="^http://(?:shop|social)\.vice\.com/" /-->
-
-		<test url="http://news.vice.com/shows" />
-		<test url="http://www.vice.com/stuff" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^manage\.vice\.com$" name="^(_lang|PHPSESSID)$" /-->
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://assets\.vice\.com/"
-		to="https://d1qzzfctbfyh6r.cloudfront.net/" />
-
-	<rule from="^http://link\.vice\.com/+(?=$|\?)"
-		to="https://vice.com/" />
-
-		<test url="http://link.vice.com/?f" />
-		<test url="http://link.vice.com/?o" />
-		<test url="http://link.vice.com//" />
-		<test url="http://link.vice.com//?o" />
-
-	<rule from="^http://link\.vice\.com/"
-		to="https://cb.sailthru.com/" />
-
-		<test url="http://link.vice.com/join/3nh/viceussignup" />
-
-	<!--rule from="^http://store\.vice\.com/"
-		to="https://vice.myshopify.com/" /-->
-
-	<rule from="^http://assets\.thump\.vice\.com/"
-		to="https://df5qbu832tmne.cloudfront.net/" />
-
-	<rule from="^http:"	to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VicinityRewards.ca.xml b/src/chrome/content/rules/VicinityRewards.ca.xml
new file mode 100644
index 000000000000..8dbb090a3868
--- /dev/null
+++ b/src/chrome/content/rules/VicinityRewards.ca.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		- go.vicinityrewards.ca
+		- start.vicinityrewards.ca
+
+	Timed out:
+		- vicinityrewards.ca, equivalent to www.vicinityrewards.ca
+-->
+
+<ruleset name="VicinityRewards.ca.xml">
+	<target host="vicinityrewards.ca" />
+	<target host="www.vicinityrewards.ca" />
+	<target host="dashboard.vicinityrewards.ca" />
+
+	<rule from="^http://vicinityrewards\.ca/"
+		  to="https://www.vicinityrewards.ca/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Victi.ms.xml b/src/chrome/content/rules/Victi.ms.xml
index b9728cf36b60..8f9aef9324ec 100644
--- a/src/chrome/content/rules/Victi.ms.xml
+++ b/src/chrome/content/rules/Victi.ms.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.victi.ms/ => https://www.victi.ms/: (60, 'SSL certificat
 	* Mismatched, CN: *.rhcloud.com
 
 -->
-<ruleset name="Victi.ms (partial)" default_off='failed ruleset test'>
+<ruleset name="Victi.ms (partial)" default_off="failed ruleset test">
 
 	<target host="victi.ms" />
 	<target host="www.victi.ms" />
diff --git a/src/chrome/content/rules/Victor-Chandler.xml b/src/chrome/content/rules/Victor-Chandler.xml
index 1e5331e05275..94a4121fa3fd 100644
--- a/src/chrome/content/rules/Victor-Chandler.xml
+++ b/src/chrome/content/rules/Victor-Chandler.xml
@@ -6,7 +6,7 @@ Fetch error: http://vcint.com/ => https://vcint.com/: (28, 'Connection timed out
 Disabled by https-everywhere-checker because:
 Fetch error: http://vcint.com/ => https://vcint.com/: (28, 'Connection timed out after 10000 milliseconds')
 -->
-<ruleset name="Victor Chandler International" default_off='failed ruleset test'>
+<ruleset name="Victor Chandler International" default_off="failed ruleset test">
 
 	<target host="betvictor.com"/>
 	<target host="www.betvictor.com"/>
diff --git a/src/chrome/content/rules/Victorias_Secret.xml b/src/chrome/content/rules/Victorias_Secret.xml
index 7cc188a2baad..ec8883cc5837 100644
--- a/src/chrome/content/rules/Victorias_Secret.xml
+++ b/src/chrome/content/rules/Victorias_Secret.xml
@@ -1,9 +1,20 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://espanol.victoriassecret.com// => https://www.victoriassecret.com/: (6, 'Could not resolve host: .victoriassecret.com')
+Fetch error: http://secure.victoriassecret.com/ => https://secure.victoriassecret.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://secure-media.victoriassecret.com/ => https://secure-media.victoriassecret.com/: (6, 'Could not resolve host: secure-media.victoriassecret.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.victoriassecret.com/ => https://www.victoriassecret.com/: (6, 'Could not resolve host: .victoriassecret.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://espanol.victoriassecret.com/ => https://www.victoriassecret.com/: (6, 'Could not resolve host: .victoriassecret.com')
+
 	Victoria's Secret
 
 	Other Victoria's Secret rulesets:
 
-		- Victorias_Secret_Canada.ca.xml
 
 
 	Nonfunctional subdomains:
@@ -36,13 +47,13 @@
 				-->
 	<target host="victoriassecret.com" />
 	<!--target host="dm.victoriassecret.com" /-->
-	<target host="secure.victoriassecret.com" />
-	<target host="secure-media.victoriassecret.com" />
-	<target host="www.victoriassecret.com" />
+	<!-- target host="secure.victoriassecret.com" /-->
+	<!-- target host="secure-media.victoriassecret.com" /-->
+	<!-- target host="www.victoriassecret.com" /-->
 
 	<!--	Complications:
 				-->
-	<target host="espanol.victoriassecret.com" />
+	<!-- target host="espanol.victoriassecret.com" /-->
 
 
 	<!--	Not secured by server:
@@ -53,14 +64,6 @@
 
 	<securecookie host=".+" name=".+" />
 
-
-	<!--	Redirect drops path and args:
-						-->
-	<rule from="^http://espanol\.victoriassecret\.com/.*"
-		to="https://www.victoriassecret.com/" />
-
-		<test url="http://espanol.victoriassecret.com//" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Victorias_Secret_Canada.ca.xml b/src/chrome/content/rules/Victorias_Secret_Canada.ca.xml
deleted file mode 100644
index 16059d4607c2..000000000000
--- a/src/chrome/content/rules/Victorias_Secret_Canada.ca.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other Victoria's Secret coverage, see Victorias_Secret.xml.
-
-
-	^victoriassecretcanada.ca: Mismatched
-
--->
-<ruleset name="Victorias Secret Canada.ca">
-
-	<target host="victoriassecretcanada.ca" />
-	<target host="www.victoriassecretcanada.ca" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?victoriassecretcanada\.ca$" name="^VS\d+GUID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://victoriassecretcanada\.ca/"
-		to="https://www.victoriassecretcanada.ca/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Victorinox.xml b/src/chrome/content/rules/Victorinox.xml
index 5e025749fa3b..c01869d26594 100644
--- a/src/chrome/content/rules/Victorinox.xml
+++ b/src/chrome/content/rules/Victorinox.xml
@@ -18,7 +18,7 @@ Fetch error: http://static.victorinox.com/ => https://static.victorinox.com/: (6
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Victorinox.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Victorinox.com (partial)" default_off="failed ruleset test">
 
     <target host="victorinox.com" />
 	<target host="assets.victorinox.com" />
diff --git a/src/chrome/content/rules/Vid.ly.xml b/src/chrome/content/rules/Vid.ly.xml
index 4e1704191f32..c3655ee24d60 100644
--- a/src/chrome/content/rules/Vid.ly.xml
+++ b/src/chrome/content/rules/Vid.ly.xml
@@ -20,7 +20,10 @@
 <ruleset name="Vid.ly (partial)">
 
 	<target host="vid.ly" />
-	<target host="*.vid.ly" />
+	<target host="m.vid.ly" />
+	<target host="www.vid.ly" />
+	<target host="cf.cdn.vid.ly" />
+	<target host="s.vid.ly" />
 
 
 	<!--	Not secured by server:
@@ -33,10 +36,7 @@
 	<rule from="^http://(?:(m\.)|www\.)?vid\.ly/"
 		to="https://$1vid.ly/" />
 
-	<rule from="^http://cf\.cdn\.vid\.ly/"
-		to="https://d3fenhwk93s16g.cloudfront.net/" />
 
-	<rule from="^http://s\.vid\.ly/"
-		to="https://d132d9vcg4o0oh.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VidStore.xml b/src/chrome/content/rules/VidStore.xml
index f2c1fbb50564..62dbf47a1c16 100644
--- a/src/chrome/content/rules/VidStore.xml
+++ b/src/chrome/content/rules/VidStore.xml
@@ -14,4 +14,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vida_y_Salud.com.xml b/src/chrome/content/rules/Vida_y_Salud.com.xml
index 3b1d3682eeaa..60333fc4801d 100644
--- a/src/chrome/content/rules/Vida_y_Salud.com.xml
+++ b/src/chrome/content/rules/Vida_y_Salud.com.xml
@@ -23,4 +23,4 @@
 	<rule from="^http://(?:www\.)?vidaysalud\.com/wp-content/"
 		to="https://www.vidaysalud.com/wp-content/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidahost.xml b/src/chrome/content/rules/Vidahost.xml
index 81b1397061aa..4b3d9935b0fe 100644
--- a/src/chrome/content/rules/Vidahost.xml
+++ b/src/chrome/content/rules/Vidahost.xml
@@ -21,4 +21,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vidarholen.net.xml b/src/chrome/content/rules/Vidarholen.net.xml
index 7638de732b6f..a5fed4c33cf9 100644
--- a/src/chrome/content/rules/Vidarholen.net.xml
+++ b/src/chrome/content/rules/Vidarholen.net.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?vidarholen\.net/"
 		to="https://vidarholen.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Videa.hu.xml b/src/chrome/content/rules/Videa.hu.xml
index 22c83c160678..a2671451070c 100644
--- a/src/chrome/content/rules/Videa.hu.xml
+++ b/src/chrome/content/rules/Videa.hu.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.videa.hu/ => https://www.videa.hu/: (51, "SSL: no altern
 	Assets loaded via HTTP:
 	images (static.origos.hu)
 -->
-<ruleset name="Videa.hu" default_off='failed ruleset test'>
+<ruleset name="Videa.hu" default_off="failed ruleset test">
 	<target host="www.videa.hu" />
 	<target host="videa.hu" />
 
diff --git a/src/chrome/content/rules/VideoBloom.com.xml b/src/chrome/content/rules/VideoBloom.com.xml
deleted file mode 100644
index b6770ee63f34..000000000000
--- a/src/chrome/content/rules/VideoBloom.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(http reply)
-
-
-	Fully covered subdomains:
-
-		- my
-
--->
-<ruleset name="VideoBloom.com (partial)">
-
-	<target host="my.videobloom.com" />
-
-
-	<!--	Is this cookie used on more than my?
-							-->
-	<!--securecookie host="^\.videobloom\.com$" name="SESS\w{32}" /-->
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/VideoLAN.org.xml b/src/chrome/content/rules/VideoLAN.org.xml
index ab0cf6c9a20f..46ddde5d8b1a 100644
--- a/src/chrome/content/rules/VideoLAN.org.xml
+++ b/src/chrome/content/rules/VideoLAN.org.xml
@@ -1,70 +1,79 @@
 <!--
+	Bad gateway:
+		translate.videolan.org
+
 	Invalid certificate:
 		api.addons.videolan.org
-		get.dc2.videolan.org
-		get.dc3.videolan.org
-		download2.videolan.org
-		fingerprint.videolan.org
-		ganesh2.videolan.org
+		albiero.videolan.org
+		crash.videolan.org
+		developers.videolan.org
+		freedb.videolan.org
+		ftp.videolan.org
+		goldeneye.videolan.org
 		goldeneye2.videolan.org
 		top-ix.mirror.videolan.org
 		natalya.videolan.org
 		nightly.videolan.org
-		www2.videolan.org
-
-	Secure connection failed:
-		altair.videolan.org
-		update.videolan.org
-
-	Time out:
-		buildbot.videolan.org
-
-	Refused:
-		freedb.videolan.org
+		ns0.videolan.org
+		ns1.videolan.org
+		oddjob.videolan.org
 
 	Different content http/https:
 		hg.videolan.org
+		lists.videolan.org
 		mailstats.videolan.org
-		www3.videolan.org
-
-	No working URL known:
-		people.videolan.org
-		registry.videolan.org
 
 	Mixed content:
 		planet.videolan.org
 
+	Refused:
+		win.crashes.videolan.org
+
+	Timeout:
+		irc.videolan.org
 -->
 <ruleset name="VideoLAN.org">
 
 	<target host="videolan.org" />
 	<target host="www.videolan.org" />
-	<target host="addons.videolan.org" /><!-- openDesktop subdomain -->
-	<target host="albiero.videolan.org" /><!-- Needs test url -->
+	<target host="addons.videolan.org" />
+	<target host="api.addons.videolan.org" />
+	<target host="alerts.videolan.org" />
+	<target host="anonsvn.videolan.org" />
+	<target host="api-addons.videolan.org" />
+	<target host="artifacts.videolan.org" />
 	<target host="code.videolan.org" />
+	<target host="crashes.videolan.org" />
+	<target host="get.dc2.videolan.org" />
+	<target host="get.dc3.videolan.org" />
 	<target host="download.videolan.org" />
-	<target host="download4.videolan.org" />
 	<target host="downloads.videolan.org" />
+	<target host="fingerprint.videolan.org" />
 	<target host="forum.videolan.org" />
 	<target host="get.videolan.org" />
+	<target host="get-dc2.videolan.org" />
+	<target host="get-dc3.videolan.org" />
 	<target host="git.videolan.org" />
 	<target host="images.videolan.org" />
-	<target host="images1.videolan.org" />
-	<target host="images4.videolan.org" />
 	<target host="jenkins.videolan.org" />
 	<target host="mailman.videolan.org" />
+	<target host="mb.videolan.org" />
 	<target host="munin.videolan.org" />
 	<target host="nightlies.videolan.org" />
 	<target host="patches.videolan.org" />
+	<target host="people.videolan.org" />
+	<target host="registry.videolan.org" />
 	<target host="streams.videolan.org" />
 	<target host="svn.videolan.org" />
 	<target host="trac.videolan.org" />
+	<target host="update.videolan.org" />
+	<target host="update-test.videolan.org" />
 	<target host="vdd.videolan.org" />
 	<target host="wiki.videolan.org" />
+	<target host="zorin.videolan.org" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Video_Aided_Instruction.xml b/src/chrome/content/rules/Video_Aided_Instruction.xml
index fe02398f4827..3dc4490bda10 100644
--- a/src/chrome/content/rules/Video_Aided_Instruction.xml
+++ b/src/chrome/content/rules/Video_Aided_Instruction.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Video_Dean.xml b/src/chrome/content/rules/Video_Dean.xml
index 2acbb2aebe78..1ed20e7f66b4 100644
--- a/src/chrome/content/rules/Video_Dean.xml
+++ b/src/chrome/content/rules/Video_Dean.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.video-dean.com/ => https://www.video-dean.com/: (28, 'Co
 Disabled by https-everywhere-checker because:
 Fetch error: http://video-dean.com/ => https://video-dean.com/: (51, "SSL: no alternative certificate subject name matches target host name 'video-dean.com'")
 -->
-<ruleset name="Video Dean" default_off='failed ruleset test'>
+<ruleset name="Video Dean" default_off="failed ruleset test">
 
 	<target host="video-dean.com" />
 	<target host="www.video-dean.com" />
@@ -18,4 +18,4 @@ Fetch error: http://video-dean.com/ => https://video-dean.com/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Video_Interchange.xml b/src/chrome/content/rules/Video_Interchange.xml
index ad4973005178..88c25ea9f688 100644
--- a/src/chrome/content/rules/Video_Interchange.xml
+++ b/src/chrome/content/rules/Video_Interchange.xml
@@ -11,4 +11,4 @@
 	<rule from="^http://(?:www\.)?videointerchange\.com/"
 		to="https://videointerchange.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Videoemail.com.xml b/src/chrome/content/rules/Videoemail.com.xml
index 5331382b375a..1a1409002d49 100644
--- a/src/chrome/content/rules/Videoemail.com.xml
+++ b/src/chrome/content/rules/Videoemail.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://sc.videoemail.com/ => https://sc.videoemail.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Videoemail.com" default_off='failed ruleset test'>
+<ruleset name="Videoemail.com" default_off="failed ruleset test">
 
 	<target host="sc.videoemail.com" />
 
diff --git a/src/chrome/content/rules/Videogamer.com.xml b/src/chrome/content/rules/Videogamer.com.xml
deleted file mode 100644
index 9c644a265568..000000000000
--- a/src/chrome/content/rules/Videogamer.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Nonfunctional hosts in *.videogamer.com:
-	    test.virginmedia.videogamer.com (Server not found)
--->
-<ruleset name="Videogamer">
-
-	<target host="videogamer.com" />
-	<target host="www.videogamer.com" />
-	<target host="feeds.videogamer.com" />
-	<target host="it.videogamer.com" />
-	<target host="pt.videogamer.com" />
-	<target host="www1.videogamer.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Videojs.com.xml b/src/chrome/content/rules/Videojs.com.xml
new file mode 100644
index 000000000000..692699d448aa
--- /dev/null
+++ b/src/chrome/content/rules/Videojs.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- slack.videojs.com
+		- www1.videojs.com
+		- www2.videojs.com
+-->
+
+<ruleset name="Videojs.com">
+	<target host="videojs.com" />
+	<target host="www.videojs.com" />
+	<target host="blog.videojs.com" />
+	<target host="docs.videojs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Videoplaza.tv.xml b/src/chrome/content/rules/Videoplaza.tv.xml
index 760619e07b6c..5d24f06cd7ef 100644
--- a/src/chrome/content/rules/Videoplaza.tv.xml
+++ b/src/chrome/content/rules/Videoplaza.tv.xml
@@ -1,42 +1,94 @@
 <!--
-	Nonfunctional subdomains:
-
-		- cdn *
-		- fr-m6
-		- de-dev2-ipd
-		- th-otv.a
-		- hk-nextmedia
-		- cdn
-		- de-ipd.cdn
-		- fr-groupe01.cdn
-		- in-star.cdn
-		- no-vg.cdn
-		- uk-werinteractive.vp
-		- de-videovalis.vp
-		- www.origin.vp
-		- k.80bola.com-ekstrabladet.vp
-		- es-mediaset.vp
-		- m.vp
-		- no-mno.vp
-		- service.vp
-		- se-bambuser.vp
-		- se-expressen.vp
-
-	* 504, akamai
+	Cert mismatch:
+		- a.videoplaza.tv
+		- de-ipd.a.videoplaza.tv
+		- nl-sanoma.a.videoplaza.tv
+		- uk-dev-stv.a.videoplaza.tv
+		- (*.)cdn.videoplaza.tv
+		- in-starlive.videoplaza.tv
+		- se-tv4.llnw.videoplaza.tv
 
 -->
 <ruleset name="Videoplaza.tv (partial)">
 
-
-
-
-	<target host="de-ipd.videoplaza.tv"/>
-	<target host="proxy.videoplaza.tv"/>
-	<target host="service.videoplaza.tv"/>
-
-	<target host="vp.videoplaza.tv"/>
 	<target host="www.videoplaza.tv" />
 
+	<target host="asia-pixelmedia.videoplaza.tv" />
+	<target host="asia-pixelslimited.videoplaza.tv" />
+	<target host="be-rtl.videoplaza.tv" />
+	<target host="bv-eldeber.videoplaza.tv" />
+	<target host="core.videoplaza.tv" />
+	<target host="de-dev-ipd.videoplaza.tv" />
+	<target host="de-ipd.videoplaza.tv" />
+	<target host="de-videovalis.videoplaza.tv" />
+	<target host="dk-berlingske.videoplaza.tv" />
+	<target host="dk-jyllandsposten.videoplaza.tv" />
+	<target host="dk-politiken.videoplaza.tv" />
+	<target host="es-antena3.videoplaza.tv" />
+	<target host="es-aunia.videoplaza.tv" />
+	<target host="es-elconfidencial.videoplaza.tv" />
+	<target host="es-grupogodo.videoplaza.tv" />
+	<target host="es-mediaset.videoplaza.tv" />
+	<target host="es-movistartest.videoplaza.tv" />
+	<target host="es-netsonic.videoplaza.tv" />
+	<target host="es-plus.videoplaza.tv" />
+	<target host="es-spotbid.videoplaza.tv" />
+	<target host="es-suncopperland.videoplaza.tv" />
+	<target host="es-sunicontent.videoplaza.tv" />
+	<target host="es-suntaringa.videoplaza.tv" />
+	<target host="es-vocento.videoplaza.tv" />
+	<target host="fi-mtv.videoplaza.tv" />
+	<target host="fi-mtv3.videoplaza.tv" />
+	<target host="fr-canalplus.videoplaza.tv" />
+	<target host="fr-groupe01.videoplaza.tv" />
+	<target host="fr-m6.videoplaza.tv" />
+	<target host="geo-intermedia.videoplaza.tv" />
+	<target host="hk-nextmedia.videoplaza.tv" />
+	<target host="ie-tv3.videoplaza.tv" />
+	<target host="in-star.videoplaza.tv" />
+	<target host="in-starint.videoplaza.tv" />
+	<target host="in-starlive-preroll.videoplaza.tv" />
+	<target host="in-viacom18.videoplaza.tv" />
+	<target host="mx-sunmedia.videoplaza.tv" />
+	<target host="nl-sanoma.videoplaza.tv" />
+	<target host="nl-sbs.videoplaza.tv" />
+	<target host="no-vg.videoplaza.tv" />
+	<target host="origin.videoplaza.tv" />
+	<target host="pa-tvnpanama.videoplaza.tv" />
+	<target host="proxy.videoplaza.tv" />
+	<target host="pt-controlinveste.videoplaza.tv" />
+	<target host="pulse-demo.videoplaza.tv" />
+	<target host="se-aftonbladet.videoplaza.tv" />
+	<target host="se-mk.videoplaza.tv" />
+	<target host="se-tv4.videoplaza.tv" />
+	<target host="service.videoplaza.tv" />
+	<target host="sg-mediacorp.videoplaza.tv" />
+	<target host="ssp.videoplaza.tv" />
+	<target host="th-nation.videoplaza.tv" />
+	<target host="th-otv.videoplaza.tv" />
+	<target host="tr-vidyoda.videoplaza.tv" />
+	<target host="uk-extreme.videoplaza.tv" />
+	<target host="uk-mhd.videoplaza.tv" />
+	<target host="us-beet.videoplaza.tv" />
+	<target host="us-breitbart.videoplaza.tv" />
+	<target host="us-byu.videoplaza.tv" />
+	<target host="us-byutvi.videoplaza.tv" />
+	<target host="us-defymedia.videoplaza.tv" />
+	<target host="us-haymon.videoplaza.tv" />
+	<target host="us-runnerspace.videoplaza.tv" />
+	<target host="us-theberrics.videoplaza.tv" />
+	<target host="us-theonion.videoplaza.tv" />
+	<target host="us-transportnation.videoplaza.tv" />
+	<target host="us-videum.videoplaza.tv" />
+	<target host="vp.videoplaza.tv" />
+	<target host="fr-groupe01.vp.videoplaza.tv" />
+	<target host="vp-akhilesh.videoplaza.tv" />
+	<target host="vp-federico.videoplaza.tv" />
+	<target host="vp-nabvalue.videoplaza.tv" />
+	<target host="vp-uriel1.videoplaza.tv" />
+	<target host="vp-validation.videoplaza.tv" />
+	<target host="x-traffic-director.videoplaza.tv" />
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vidplay.net.xml b/src/chrome/content/rules/Vidplay.net.xml
index f966007b92bd..1cc551e48864 100644
--- a/src/chrome/content/rules/Vidplay.net.xml
+++ b/src/chrome/content/rules/Vidplay.net.xml
@@ -20,7 +20,6 @@
 <ruleset name="vidplay.net" default_off="self-signed">
 
 	<target host="vidplay.net" />
-	<target host="*.vidplay.net" />
 
 
 	<!--	Not secured by server:
@@ -28,7 +27,6 @@
 	<securecookie host="^\.vidplay\.net$" name=".+" />
 
 
-	<rule from="^http://vidplay\.net/"
-		to="https://vidplay.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vidup.me-falsemixed.xml b/src/chrome/content/rules/Vidup.me-falsemixed.xml
index dd576b34eeb3..c7042a974764 100644
--- a/src/chrome/content/rules/Vidup.me-falsemixed.xml
+++ b/src/chrome/content/rules/Vidup.me-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://beta.vidup.me/ => https://beta.vidup.me/: Too many redirects
 	For rules not causing false/broken MCB, see Vidup.me.xml.
 
 -->
-<ruleset name="Vidup.me (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Vidup.me (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vidup.me.xml b/src/chrome/content/rules/Vidup.me.xml
index aef19dfec92e..b17eece3dd0f 100644
--- a/src/chrome/content/rules/Vidup.me.xml
+++ b/src/chrome/content/rules/Vidup.me.xml
@@ -48,7 +48,7 @@ Fetch error: http://vidup.me/ => https://www.vidup.me/: Too many redirects while
 	* Secured by us
 
 -->
-<ruleset name="Vidup.me (partial)" default_off='failed ruleset test'>
+<ruleset name="Vidup.me (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vie_Pratique.fr.xml b/src/chrome/content/rules/Vie_Pratique.fr.xml
index 28655c8a6b8a..cefc0b624a78 100644
--- a/src/chrome/content/rules/Vie_Pratique.fr.xml
+++ b/src/chrome/content/rules/Vie_Pratique.fr.xml
@@ -34,7 +34,7 @@ Non-2xx HTTP code: http://viepratique.fr/ (200) => https://www.viepratique.fr/ (
 	* Secured by us
 
 -->
-<ruleset name="Vie Pratique.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="Vie Pratique.fr (partial)" default_off="failed ruleset test">
 
 	<target host="viepratique.fr" />
 	<target host="*.viepratique.fr" />
diff --git a/src/chrome/content/rules/Vienna_University_of_Technology.xml b/src/chrome/content/rules/Vienna_University_of_Technology.xml
index 9ce9789c5587..e031500461b6 100644
--- a/src/chrome/content/rules/Vienna_University_of_Technology.xml
+++ b/src/chrome/content/rules/Vienna_University_of_Technology.xml
@@ -32,7 +32,15 @@
 <ruleset name="Vienna University of Technology (partial)">
 
 	<target host="tuwien.ac.at" />
-	<target host="*.tuwien.ac.at" />
+	<target host="www.tuwien.ac.at" />
+	<target host="mail.tuwien.ac.at" />
+	<target host="pop.tuwien.ac.at" />
+	<target host="mail.student.tuwien.ac.at" />
+	<target host="webmail.tuwien.ac.at" />
+	<target host="ui.zid.tuwien.ac.at" />
+	<target host="www.zid.tuwien.ac.at" />
+	<target host="mail.zserv.tuwien.ac.at" />
+	<target host="webstats.zserv.tuwien.ac.at" />
 		<!--exclusion pattern="^http://www\.zid\.tuwien\.ac\.at/(?:$|campussoftware/|impressum/|systempflege/|webmail/)" /-->
 		<!--exclusion pattern="^http://www.zid\.tuwien\.ac\.at/sts/(?:$|\?|it_beratung/|sts/quick_links/)" /-->
 		<exclusion pattern="^http://www.zid\.tuwien\.ac\.at/sts/(?!campussoftware|studentensoftware)" />
@@ -44,7 +52,6 @@
 	<rule from="^http://(?:www\.)?tuwien\.ac\.at/"
 		to="https://www.tuwien.ac.at/" />
 
-	<rule from="^http://(mail|pop|mail\.student|webmail|(?:ui|www)\.zid|(?:mail|webstats)\.zserv)\.tuwien\.ac\.at/"
-		to="https://$1.tuwien.ac.at/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/View_Central.com.xml b/src/chrome/content/rules/View_Central.com.xml
index 519c54d4436f..4c523d5aa03d 100644
--- a/src/chrome/content/rules/View_Central.com.xml
+++ b/src/chrome/content/rules/View_Central.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Villas.com.xml b/src/chrome/content/rules/Villas.com.xml
index f096ac3a29fe..7e12cdba6a55 100644
--- a/src/chrome/content/rules/Villas.com.xml
+++ b/src/chrome/content/rules/Villas.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://r-ec.vcomstatic.com/ => https://r-ec.vcomstatic.com/: (6, 'C
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Villas.com" default_off='failed ruleset test'>
+<ruleset name="Villas.com" default_off="failed ruleset test">
 
 	<target host="villas.com" />
 	<target host="*.villas.com" />
diff --git a/src/chrome/content/rules/Vim.org.xml b/src/chrome/content/rules/Vim.org.xml
new file mode 100644
index 000000000000..e5dfb3f9ea05
--- /dev/null
+++ b/src/chrome/content/rules/Vim.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Vim.org (partial)">
+
+	<target host="www.vim.org" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Vin-DiCarlo.xml b/src/chrome/content/rules/Vin-DiCarlo.xml
index 317942436a9d..4ec3ec8943b7 100644
--- a/src/chrome/content/rules/Vin-DiCarlo.xml
+++ b/src/chrome/content/rules/Vin-DiCarlo.xml
@@ -3,7 +3,7 @@
 	<target host="3questionsgetthegirl.com"/>
 	<target host="www.3questionsgetthegirl.com"/>
 
-	<securecookie host="^(?:.*\.)?3questionsgetthegirl\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Vindico_suite.com.xml b/src/chrome/content/rules/Vindico_suite.com.xml
index 797dfcd8c780..8d9b94408bbe 100644
--- a/src/chrome/content/rules/Vindico_suite.com.xml
+++ b/src/chrome/content/rules/Vindico_suite.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.vindicosuite.com/ => https://www.vindicosuite.com/: (28,
 		- .vindicosuite.com
 
 -->
-<ruleset name="Vindico suite.com" default_off='failed ruleset test'>
+<ruleset name="Vindico suite.com" default_off="failed ruleset test">
 
 	<target host="mpp.vindicosuite.com" />
 	<target host="mpp2.vindicosuite.com" />
diff --git a/src/chrome/content/rules/Vineyard_Vines.com.xml b/src/chrome/content/rules/Vineyard_Vines.com.xml
index 1239a5280df4..e8fff37bf6ff 100644
--- a/src/chrome/content/rules/Vineyard_Vines.com.xml
+++ b/src/chrome/content/rules/Vineyard_Vines.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://m.vineyardvines.com/ => https://m.vineyardvines.com/: (51, "
 	* Secured by us
 
 -->
-<ruleset name="Vineyard Vines.com" default_off='failed ruleset test'>
+<ruleset name="Vineyard Vines.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vinilox.eu.xml b/src/chrome/content/rules/Vinilox.eu.xml
index 315aa99a9c4e..ab84994ccd69 100644
--- a/src/chrome/content/rules/Vinilox.eu.xml
+++ b/src/chrome/content/rules/Vinilox.eu.xml
@@ -31,7 +31,7 @@ Fetch error: http://wiki.vinilox.eu/ => https://wiki.vinilox.eu/: (51, "SSL: no
 		4xx client error:
 			 - mail.vinilox.eu
 -->
-<ruleset name="Vinilox.eu" default_off='failed ruleset test'>
+<ruleset name="Vinilox.eu" default_off="failed ruleset test">
 	<target host="vinilox.eu" />
 	<target host="cloud.vinilox.eu" />
 	<target host="conference.vinilox.eu" />
diff --git a/src/chrome/content/rules/VintageCellars.com.au.xml b/src/chrome/content/rules/VintageCellars.com.au.xml
new file mode 100644
index 000000000000..8b8df60c56d0
--- /dev/null
+++ b/src/chrome/content/rules/VintageCellars.com.au.xml
@@ -0,0 +1,23 @@
+<!--
+	For other Coles coverage, see Coles.com.au.xml
+
+
+	Non-functional subdomains:
+		- beta		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Vintage Cellars">
+
+	<target host="vintagecellars.com.au" />
+	<target host="www.vintagecellars.com.au" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vinumeris.com.xml b/src/chrome/content/rules/Vinumeris.com.xml
index b374b4cf5b5e..df7c2b5af6fa 100644
--- a/src/chrome/content/rules/Vinumeris.com.xml
+++ b/src/chrome/content/rules/Vinumeris.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.vinumeris.com/ => https://www.vinumeris.com/: (7, 'Faile
 		- www.vinumeris.com
 
 -->
-<ruleset name="Vinumeris.com" default_off='failed ruleset test'>
+<ruleset name="Vinumeris.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Violet_Darkling.com.xml b/src/chrome/content/rules/Violet_Darkling.com.xml
index d437c0a5ff24..b8dee00ef730 100644
--- a/src/chrome/content/rules/Violet_Darkling.com.xml
+++ b/src/chrome/content/rules/Violet_Darkling.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://violetdarkling.com/ => https://violetdarkling.com/: (7, 'Fai
 Fetch error: http://www.violetdarkling.com/ => https://www.violetdarkling.com/: (7, 'Failed to connect to www.violetdarkling.com port 443: Connection refused')
 
 -->
-<ruleset name="Violet Darkling.com" default_off='failed ruleset test'>
+<ruleset name="Violet Darkling.com" default_off="failed ruleset test">
 
 	<target host="violetdarkling.com" />
 	<target host="www.violetdarkling.com" />
diff --git a/src/chrome/content/rules/Violet_Indigo.xml b/src/chrome/content/rules/Violet_Indigo.xml
index ed2bf9244617..0978c53e849b 100644
--- a/src/chrome/content/rules/Violet_Indigo.xml
+++ b/src/chrome/content/rules/Violet_Indigo.xml
@@ -7,7 +7,9 @@
 <ruleset name="Violet Indigo">
 
 	<target host="violetindigo.com.au" />
-	<target host="*.violetindigo.com.au" />
+	<target host="static.violetindigo.com.au" />
+	<target host="static2.violetindigo.com.au" />
+	<target host="www.violetindigo.com.au" />
 
 
 	<securecookie host="^(?:www)?\.violetindigo\.com\.au$" name=".+" />
diff --git a/src/chrome/content/rules/VipMobile.rs.xml b/src/chrome/content/rules/VipMobile.rs.xml
new file mode 100644
index 000000000000..dcc598a97aa2
--- /dev/null
+++ b/src/chrome/content/rules/VipMobile.rs.xml
@@ -0,0 +1,14 @@
+<!--
+	Incomplete certificate chain:
+		- cdn
+-->
+<ruleset name="VipMobile.rs (partial)">
+	<target host="vipmobile.rs" />
+	<target host="www.vipmobile.rs" />
+	<target host="automanager.vipmobile.rs" />
+	<target host="asmp.vipmobile.rs" />
+	<target host="drugeprice.vipmobile.rs" />
+	<target host="vipdrop.vipmobile.rs" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vippy.co.xml b/src/chrome/content/rules/Vippy.co.xml
index 7ebcb951ee56..8d2fcb296f88 100644
--- a/src/chrome/content/rules/Vippy.co.xml
+++ b/src/chrome/content/rules/Vippy.co.xml
@@ -27,7 +27,11 @@
 <ruleset name="Vippy.co">
 
 	<target host="vippy.co" />
-	<target host="*.vippy.co" />
+	<target host="www.vippy.co" />
+	<target host="cdn1.vippy.co" />
+	<target host="cdn2.vippy.co" />
+	<target host="cdn3.vippy.co" />
+	<target host="cdn4.vippy.co" />
 
 
 	<securecookie host="^\.?vippy\.co$" name=".+" />
@@ -48,4 +52,4 @@
 	<rule from="^http://cdn4\.vippy\.co/"
 		to="https://dfe23o0oezpl4.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virgin-mismatches.xml b/src/chrome/content/rules/Virgin-mismatches.xml
index 8a0afb09458f..8f5de9b33d60 100644
--- a/src/chrome/content/rules/Virgin-mismatches.xml
+++ b/src/chrome/content/rules/Virgin-mismatches.xml
@@ -19,4 +19,4 @@
 						-->
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VirginAustralia.xml b/src/chrome/content/rules/VirginAustralia.xml
index c782f534175f..f2fa04cd6c20 100644
--- a/src/chrome/content/rules/VirginAustralia.xml
+++ b/src/chrome/content/rules/VirginAustralia.xml
@@ -1,9 +1,135 @@
+<!--
+	Other Virgin Australia rulesets:
+		- VelocityFrequentFlyer.com.xml
+
+	Nonfunctional subdomains:
+
+		- agent		(HTTP 503 error)
+		- agents		(HTTP 503 error)
+		- cert.agents		(HTTP 403 error)
+		- av		(SSL handshake failed)
+		- aviatorsclub		(m)
+		- aviatorsclub		(m)
+		- conf		(SSL connection error)
+		- connect	(m)
+		- corporate	(t)
+		- m.e	(m)
+		- t.e	(m)
+		- flightchanges		(m)
+		- cert.fly		(SSL connection error)
+		- fs.gtmns		(m)
+		- hbaportal.gtmns	(m)
+		- lyncweb.gtmns		(m)
+		- gtmns1	(t)
+		- gtmns2	(t)
+		- hermeswebmessenger	(t)
+		- hire-cars	(connection error)
+		- hotels	(m)
+		- ved.iseek	(t)
+		- learningedge	(t)
+		- meet	(t)
+		- nanalytics		(m)
+		- newsroom		(m)
+		- northernterritory	(e)
+		- northernterritory-prd		(m)
+		- ns1		(t)
+		- ns1		(t)
+		- ourexperience		(e)
+		- prp	(t)
+		- sentry	(SSL handshake failed)
+		- services-mssl	(SSL handshake failed)
+		- sts	(t)
+		- tasmania		(m)
+		- webapp	(SSL connection error)
+		- ws	(t)
+		- wwww		(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
 <ruleset name="Virgin Australia">
-  <target host="virginaustralia.com" />
-  <target host="*.virginaustralia.com" />
-
-  <rule from="^http://virginaustralia\.com/"
-          to="https://www.virginaustralia.com/" />
-  <rule from="^http://(insurance|www)\.virginaustralia\.com/"
-          to="https://$1.virginaustralia.com/" />
-</ruleset>
\ No newline at end of file
+	<target host="virginaustralia.com" />
+	<target host="www.virginaustralia.com" />
+	<target host="access.virginaustralia.com" />
+	<target host="activate.virginaustralia.com" />
+	<target host="agency.virginaustralia.com" />
+	<target host="analytics.virginaustralia.com" />
+	<target host="apps.virginaustralia.com" />
+	<target host="apps-test.virginaustralia.com" />
+	<target host="as.virginaustralia.com" />
+	<target host="autodiscover.virginaustralia.com" />
+	<target host="blog.virginaustralia.com" />
+	<target host="businesslogin.virginaustralia.com" />
+	<target host="businesslogintest.virginaustralia.com" />
+	<target host="cap.virginaustralia.com" />
+	<target host="cartrawler.virginaustralia.com" />
+	<target host="charter.virginaustralia.com" />
+	<target host="check-in.virginaustralia.com" />
+	<target host="check-testin.virginaustralia.com" />
+	<target host="checkin.virginaustralia.com" />
+	<target host="club.virginaustralia.com" />
+	<target host="club-test.virginaustralia.com" />
+	<target host="connected.virginaustralia.com" />
+	<target host="covermore.virginaustralia.com" />
+	<target host="developer.virginaustralia.com" />
+	<target host="dialin.virginaustralia.com" />
+	<target host="flights.virginaustralia.com" />
+	<target host="flightstatus.virginaustralia.com" />
+	<target host="fly.virginaustralia.com" />
+	<target host="cn.fly.virginaustralia.com" />
+	<target host="zh.fly.virginaustralia.com" />
+	<target host="fs.virginaustralia.com" />
+	<target host="gso.virginaustralia.com" />
+	<target host="happyhour.virginaustralia.com" />
+	<target host="happyhour-test.virginaustralia.com" />
+	<target host="idp.virginaustralia.com" />
+	<target host="img.virginaustralia.com" />
+	<target host="info.virginaustralia.com" />
+	<target host="intranet.virginaustralia.com" />
+	<target host="intranet-test.virginaustralia.com" />
+	<target host="login.virginaustralia.com" />
+	<target host="lyncdiscover.virginaustralia.com" />
+	<target host="lyncweb.virginaustralia.com" />
+	<target host="mail.virginaustralia.com" />
+	<target host="mail2.virginaustralia.com" />
+	<target host="mdm.virginaustralia.com" />
+	<target host="mobile.virginaustralia.com" />
+	<target host="mobile-test.virginaustralia.com" />
+	<target host="mysterybreaks.virginaustralia.com" />
+	<target host="portal.virginaustralia.com" />
+	<target host="publications.virginaustralia.com" />
+	<target host="reservations.virginaustralia.com" />
+	<target host="services.virginaustralia.com" />
+	<target host="services-prodsupport.virginaustralia.com" />
+	<target host="sharepoint.virginaustralia.com" />
+	<target host="sip.virginaustralia.com" />
+	<target host="smtp.virginaustralia.com" />
+	<target host="soaing.virginaustralia.com" />
+	<target host="soatest1.virginaustralia.com" />
+	<target host="soatest1-mssl.virginaustralia.com" />
+	<target host="soatest2.virginaustralia.com" />
+	<target host="soatst4.virginaustralia.com" />
+	<target host="specials.virginaustralia.com" />
+	<target host="specials-test.virginaustralia.com" />
+	<target host="sso.virginaustralia.com" />
+	<target host="subscribers.virginaustralia.com" />
+	<target host="travel.virginaustralia.com" />
+	<target host="travelbank.virginaustralia.com" />
+	<target host="vaffa.virginaustralia.com" />
+	<target host="vaffa-test.virginaustralia.com" />
+	<target host="videos.virginaustralia.com" />
+	<target host="www-test.virginaustralia.com" />
+
+	<target host="va.aero" />
+
+	<securecookie host="^www\.virginaustralia\.com$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/VirginMobile.xml b/src/chrome/content/rules/VirginMobile.xml
index 279f014ea9d7..fbed419a08ec 100644
--- a/src/chrome/content/rules/VirginMobile.xml
+++ b/src/chrome/content/rules/VirginMobile.xml
@@ -13,7 +13,12 @@
 <ruleset name="Virgin Mobile">
 
 	<target host="virginmobileusa.com" />
-	<target host="*.virginmobileusa.com" />
+	<target host="www.virginmobileusa.com" />
+	<target host="www1.virginmobileusa.com" />
+	<target host="espanol.virginmobileusa.com" />
+	<target host="origin-www-ls.virginmobileusa.com" />
+	<target host="shop.virginmobileusa.com" />
+	<target host="newsroom.virginmobileusa.com" />
 	<target host="www.virginmobile.com.au" />
 
 
diff --git a/src/chrome/content/rules/Virgin_Media.com.xml b/src/chrome/content/rules/Virgin_Media.com.xml
index f2ceeb1c0ce1..64e8a1080ceb 100644
--- a/src/chrome/content/rules/Virgin_Media.com.xml
+++ b/src/chrome/content/rules/Virgin_Media.com.xml
@@ -103,7 +103,7 @@ Fetch error: http://myphotos4.virginmedia.com/ => https://myphotos4.virginmedia.
 
 		- assets
 		- cablemystreet
-		- community 
+		- community
 		- da
 		- ebill2
 		- help		(requires assets rule to prevent mixed-content)
@@ -120,7 +120,7 @@ Fetch error: http://myphotos4.virginmedia.com/ => https://myphotos4.virginmedia.
 		- national
 
 -->
-<ruleset name="Virgin Media.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Virgin Media.com (partial)" default_off="failed ruleset test">
 
 	<target host="identity.virginmedia.com" />
 	<target host="national.virginmedia.com" />
diff --git a/src/chrome/content/rules/Virginia-Mason-Hospital.xml b/src/chrome/content/rules/Virginia-Mason-Hospital.xml
index 3efc6b94215a..41a295847e1d 100644
--- a/src/chrome/content/rules/Virginia-Mason-Hospital.xml
+++ b/src/chrome/content/rules/Virginia-Mason-Hospital.xml
@@ -4,7 +4,7 @@
 	<target host="www.virginiamason.org" />
 
 
-	<securecookie host="^(?:.*\.)?virginiamason\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml b/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml
index 6e2600da0968..47a13daf3940 100644
--- a/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml
+++ b/src/chrome/content/rules/Virginia-Polytechnic-Institute-and-State-University.xml
@@ -97,7 +97,7 @@ Fetch error: http://www.unirel.vt.edu/ => https://www.unirel.vt.edu/: (51, "SSL:
 		- (www.)vtnews
 
 -->
-<ruleset name="VT.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="VT.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Virool.com.xml b/src/chrome/content/rules/Virool.com.xml
index 82e7198cd5f6..523287b7176f 100644
--- a/src/chrome/content/rules/Virool.com.xml
+++ b/src/chrome/content/rules/Virool.com.xml
@@ -16,7 +16,7 @@
 <ruleset name="Virool.com (partial)">
 
 	<target host="virool.com" />
-	<target host="*.virool.com" />
+	<target host="www.virool.com" />
 
 
 	<!--	Not secured by server:
@@ -27,7 +27,6 @@
 	<securecookie host="^(?:channel|tools)?\.virool\.com$" name=".+" />
 
 
-	<rule from="^http://((?:channel|tools|www)\.)?virool\.com/"
-		to="https://$1virool.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VirtKick.io.xml b/src/chrome/content/rules/VirtKick.io.xml
index b37a6146aa7c..ac3b6860d9e7 100644
--- a/src/chrome/content/rules/VirtKick.io.xml
+++ b/src/chrome/content/rules/VirtKick.io.xml
@@ -32,7 +32,7 @@ Fetch error: http://press.virtkick.io/ => https://press.virtkick.io/: (6, 'Could
 		- .virtkick.io
 
 -->
-<ruleset name="Virtkick.io" default_off='failed ruleset test'>
+<ruleset name="Virtkick.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Virtual-Server.org.xml b/src/chrome/content/rules/Virtual-Server.org.xml
deleted file mode 100644
index 9e8b6ecc382f..000000000000
--- a/src/chrome/content/rules/Virtual-Server.org.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other Rose Web Services coverage, see RoseHosting.com.xml.
-
--->
-<ruleset name="Virtual-Server.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="virtual-server.org" />
-	<target host="www.virtual-server.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VirtualBox.org.xml b/src/chrome/content/rules/VirtualBox.org.xml
index 5530f45f7f10..27b15fe1f56d 100644
--- a/src/chrome/content/rules/VirtualBox.org.xml
+++ b/src/chrome/content/rules/VirtualBox.org.xml
@@ -1,19 +1,22 @@
 <!--
-	Mismatched:
-		- download (CN: a248.e.akamai.net)
-		- forum (CN: www.virtualbox.org, fixed by this ruleset)
-		- registration (CN: www.virtualbox.org)
--->
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- forum.virtualbox.org
+		- registration.virtualbox.org
 
+-->
 <ruleset name="VirtualBox.org">
 	<target host="virtualbox.org" />
 	<target host="www.virtualbox.org" />
-	<target host="forums.virtualbox.org" />
+	<target host="download.virtualbox.org" />
 	<target host="forum.virtualbox.org" />
+	<target host="forums.virtualbox.org" />
 	<target host="update.virtualbox.org" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://forum\.virtualbox\.org/" to="https://forums.virtualbox.org/" />
+	<rule from="^http://forum\.virtualbox\.org/"
+		to="https://forums.virtualbox.org/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VirtualQube.com.xml b/src/chrome/content/rules/VirtualQube.com.xml
index 07a016b69721..bd2ed39aafe9 100644
--- a/src/chrome/content/rules/VirtualQube.com.xml
+++ b/src/chrome/content/rules/VirtualQube.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.virtualqube.com/ => https://www.virtualqube.com/: (28, '
 		- www.virtualqube.com
 
 -->
-<ruleset name="VirtualQube.com" default_off='failed ruleset test'>
+<ruleset name="VirtualQube.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Virtual_Spirits.xml b/src/chrome/content/rules/Virtual_Spirits.xml
index bfbfc91dc9bd..4c26bf6a70b1 100644
--- a/src/chrome/content/rules/Virtual_Spirits.xml
+++ b/src/chrome/content/rules/Virtual_Spirits.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://virtualspirits.com/ => https://virtualspirits.com/: Cycle detected - URL already encountered: https://virtualspirits.com/Default.aspx
 Fetch error: http://www.virtualspirits.com/ => https://www.virtualspirits.com/: Cycle detected - URL already encountered: https://www.virtualspirits.com/Default.aspx
 -->
-<ruleset name="Virtual Sprits" default_off='failed ruleset test'>
+<ruleset name="Virtual Sprits" default_off="failed ruleset test">
 
 	<target host="virtualspirits.com" />
 	<target host="www.virtualspirits.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.virtualspirits.com/ => https://www.virtualspirits.com/:
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virtualearth.net.xml b/src/chrome/content/rules/Virtualearth.net.xml
index 8b690826b7d4..4d9294bd999f 100644
--- a/src/chrome/content/rules/Virtualearth.net.xml
+++ b/src/chrome/content/rules/Virtualearth.net.xml
@@ -6,7 +6,7 @@
 
 		- (www.)? *
 		- fb.ecn.api.tiles *
-		
+
 	* Mismatched
 
 -->
diff --git a/src/chrome/content/rules/VirtusOnline.org.xml b/src/chrome/content/rules/VirtusOnline.org.xml
index 21d7b2b27f25..7813981089af 100644
--- a/src/chrome/content/rules/VirtusOnline.org.xml
+++ b/src/chrome/content/rules/VirtusOnline.org.xml
@@ -5,4 +5,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Virus_Tracker.net.xml b/src/chrome/content/rules/Virus_Tracker.net.xml
index 98bb8aaddb89..dd8a3283484a 100644
--- a/src/chrome/content/rules/Virus_Tracker.net.xml
+++ b/src/chrome/content/rules/Virus_Tracker.net.xml
@@ -14,7 +14,7 @@ Fetch error: http://map.virustracker.net/ => https://map.virustracker.net/: (60,
 		- virustracker.net
 
 -->
-<ruleset name="Virus Tracker.net" default_off='failed ruleset test'>
+<ruleset name="Virus Tracker.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Virusec.com.xml b/src/chrome/content/rules/Virusec.com.xml
index 8f90b7e0d40b..44f06662fc00 100644
--- a/src/chrome/content/rules/Virusec.com.xml
+++ b/src/chrome/content/rules/Virusec.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.escan.com/ => https://www.virusec.com/: (60, 'SSL certif
 Fetch error: http://escan.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate')
 Fetch error: http://www.virusec.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate')
 Fetch error: http://virusec.com/ => https://www.virusec.com/: (60, 'SSL certificate problem: self signed certificate') Av vendor. -->
-<ruleset name="Virusec.com" default_off='failed ruleset test'>
+<ruleset name="Virusec.com" default_off="failed ruleset test">
 	<target host="www.escan.com" />
 	<target host="escan.com" />
 	<target host="www.virusec.com" />
diff --git a/src/chrome/content/rules/Visa.com.xml b/src/chrome/content/rules/Visa.com.xml
index 0bceeba718d0..bdfed44db04c 100644
--- a/src/chrome/content/rules/Visa.com.xml
+++ b/src/chrome/content/rules/Visa.com.xml
@@ -33,7 +33,7 @@ Non-2xx HTTP code: http://developer.visa.com/ (200) => https://developer.visa.co
 		jobs.visa.com
 -->
 
-<ruleset name="Visa.com" default_off='failed ruleset test'>
+<ruleset name="Visa.com" default_off="failed ruleset test">
 	<target host="visa.com" />
 	<target host="www.visa.com" />
 	<target host="aw.visa.com" />
diff --git a/src/chrome/content/rules/Visa_Buxx.com.xml b/src/chrome/content/rules/Visa_Buxx.com.xml
index acdfb642e314..59d74a44b064 100644
--- a/src/chrome/content/rules/Visa_Buxx.com.xml
+++ b/src/chrome/content/rules/Visa_Buxx.com.xml
@@ -1,25 +1,28 @@
+
 <!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Fetch error: http://visabuxx.com/ => https://visabuxx.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://www.visabuxx.com/ => https://www.visabuxx.com/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://usbank.visabuxx.com/ => https://usbank.visabuxx.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	For other Visa coverage, see Visa.xml.
 
 
 	(www.): refused
 
 -->
-<ruleset name="Visa Buxx.com (partial)">
+<ruleset name="Visa Buxx.com (partial)" default_off="failed ruleset test">
 
 	<target host="visabuxx.com" />
-	<target host="*.visabuxx.com" />
-
+	<target host="www.visabuxx.com" />
+	<target host="usbank.visabuxx.com" />
 
 	<securecookie host="^usbank\.visabuxx\.com$" name=".+" />
 
+	<!--	302 to 400 on redirected page-->
+	<!-- <rule from="^http://(?:www\.)?visabuxx\.com/$"
+		to="https://usa.visa.com/personal/cards/prepaid/visa_buxx.html" /> -->
 
-	<!--	.+ 404s:
-				-->
-	<rule from="^http://(?:www\.)?visabuxx\.com/$"
-		to="https://usa.visa.com/personal/cards/prepaid/visa_buxx.html" />
-
-	<rule from="^http://usbank\.visabuxx\.com/"
-		to="https://usbank.visabuxx.com/" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Visa_to_Vietnam.xml b/src/chrome/content/rules/Visa_to_Vietnam.xml
index 2723a5b30adb..2f1668dde35f 100644
--- a/src/chrome/content/rules/Visa_to_Vietnam.xml
+++ b/src/chrome/content/rules/Visa_to_Vietnam.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Visalia_Times-Delta.xml b/src/chrome/content/rules/Visalia_Times-Delta.xml
index 6ea737b6ddbe..717d975f2661 100644
--- a/src/chrome/content/rules/Visalia_Times-Delta.xml
+++ b/src/chrome/content/rules/Visalia_Times-Delta.xml
@@ -1,7 +1,7 @@
 <!--
 Disabled by https-everywhere-checker because:
 Fetch error: http://visaliatimesdelta.com/ => https://www.visaliatimesdelta.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.visaliatimesdelta.com'")
-	For other Gannett Company coverage, see Gannett-Company.xml.	
+	For other Gannett Company coverage, see Gannett-Company.xml.
 
 
 	Nonfunctional domains:
@@ -25,7 +25,10 @@ Fetch error: http://visaliatimesdelta.com/ => https://www.visaliatimesdelta.com/
 <ruleset name="Visalia Times-Delta">
 
 	<target host="visaliatimesdelta.com" />
-	<target host="*.visaliatimesdelta.com" />
+	<target host="cmsimg.visaliatimesdelta.com" />
+	<target host="www.visaliatimesdelta.com" />
+	<target host="advertise.visaliatimesdelta.com" />
+	<target host="deals.visaliatimesdelta.com" />
 
 
 	<!--	Cookie domains:
@@ -39,10 +42,9 @@ Fetch error: http://visaliatimesdelta.com/ => https://www.visaliatimesdelta.com/
 	<rule from="^http://(?:cmsimg\.|www\.)?visaliatimesdelta\.com/"
 		to="https://www.visaliatimesdelta.com/" />
 
-	<rule from="^http://advertise\.visaliatimesdelta\.com/"
-		to="https://advertise.visaliatimesdelta.com/" />
 
 	<rule from="^http://deals\.visaliatimesdelta\.com/"
 		to="https://visalia.planetdiscover.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VisiStat.com.xml b/src/chrome/content/rules/VisiStat.com.xml
index 7d23b7db6d76..a53693ff7cf9 100644
--- a/src/chrome/content/rules/VisiStat.com.xml
+++ b/src/chrome/content/rules/VisiStat.com.xml
@@ -31,7 +31,10 @@ Fetch error: http://visistat.com/ => https://visistat.com/: (60, 'SSL certificat
 	<target host="sa-as.com" />
 	<target host="www.sa-as.com" />
 	<target host="visistat.com" />
-	<target host="*.visistat.com" />
+	<target host="sniff.visistat.com" />
+	<target host="www.visistat.com" />
+	<target host="stats.visistat.com" />
+	<target host="demo.visistat.com" />
 
 
 	<securecookie host="^(?:www\.)?visistat\.com$" name=".+" />
@@ -49,4 +52,4 @@ Fetch error: http://visistat.com/ => https://visistat.com/: (60, 'SSL certificat
 	<rule from="^http://demo\.visistat\.com/"
 		to="https://www.visistat.com/demo-login.php" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VisibleGains.com.xml b/src/chrome/content/rules/VisibleGains.com.xml
deleted file mode 100644
index bff3b267b6f5..000000000000
--- a/src/chrome/content/rules/VisibleGains.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-		- blog		(dropped)
-
-
-	Fully covered subdomains:
-
-		- my
-		- player
-
--->
-<ruleset name="VisibleGains.com (partial)">
-
-	<target host="*.visiblegains.com" />
-
-
-	<securecookie host="^my\.visiblegains\.com$" name=".+" />
-
-
-	<rule from="^http://(my|player)\.visiblegains\.com/"
-		to="https://$1.visiblegains.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Visible_Technologies.xml b/src/chrome/content/rules/Visible_Technologies.xml
index 4df9a08f81a0..48a0477b365f 100644
--- a/src/chrome/content/rules/Visible_Technologies.xml
+++ b/src/chrome/content/rules/Visible_Technologies.xml
@@ -5,7 +5,7 @@ Fetch error: http://visibletechnologies.com/ => https://visibletechnologies.com/
 Fetch error: http://www.visibletechnologies.com/ => https://www.visibletechnologies.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.visibletechnologies.com'")
 
 -->
-<ruleset name="Visible Technologies" default_off='failed ruleset test'>
+<ruleset name="Visible Technologies" default_off="failed ruleset test">
 
 	<target host="visibletechnologies.com" />
 	<target host="www.visibletechnologies.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.visibletechnologies.com/ => https://www.visibletechnolog
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Visiblebody.com.xml b/src/chrome/content/rules/Visiblebody.com.xml
index 789283c67ca5..0a2b13378173 100644
--- a/src/chrome/content/rules/Visiblebody.com.xml
+++ b/src/chrome/content/rules/Visiblebody.com.xml
@@ -22,6 +22,6 @@
 	<target host="m.visiblebody.com" />
 	<target host="shop.visiblebody.com" />
 	<target host="support.visiblebody.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VisionAirlines.xml b/src/chrome/content/rules/VisionAirlines.xml
index 0c73cdf47ddd..66588c669dda 100644
--- a/src/chrome/content/rules/VisionAirlines.xml
+++ b/src/chrome/content/rules/VisionAirlines.xml
@@ -8,10 +8,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://visionairlines.com/ => https://www.visionairlines.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.visionairlines.com/ => https://www.visionairlines.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Vision Airlines" default_off='failed ruleset test'>
+<ruleset name="Vision Airlines" default_off="failed ruleset test">
   <target host="visionairlines.com" />
   <target host="www.visionairlines.com" />
 
   <rule from="^http://(?:www\.)?visionairlines\.com/"
           to="https://www.visionairlines.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vision_Art_Forum.com.xml b/src/chrome/content/rules/Vision_Art_Forum.com.xml
index 08d5c7e5bb89..8a3a2da975ac 100644
--- a/src/chrome/content/rules/Vision_Art_Forum.com.xml
+++ b/src/chrome/content/rules/Vision_Art_Forum.com.xml
@@ -12,4 +12,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vision_Critical.com.xml b/src/chrome/content/rules/Vision_Critical.com.xml
index 3322b1231242..e2884558880f 100644
--- a/src/chrome/content/rules/Vision_Critical.com.xml
+++ b/src/chrome/content/rules/Vision_Critical.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://fr.visioncritical.com/ => https://fr.visioncritical.com/: (5
 	ᵐ Mismatched
 
 -->
-<ruleset name="Vision Critical.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Vision Critical.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vision_Critical_Panels.com.xml b/src/chrome/content/rules/Vision_Critical_Panels.com.xml
index 24edef4604a2..6a0bd572ec97 100644
--- a/src/chrome/content/rules/Vision_Critical_Panels.com.xml
+++ b/src/chrome/content/rules/Vision_Critical_Panels.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://logos.visioncriticalpanels.com/ => https://logos.visioncriti
 	(www.)?visioncriticalpanels.com does not exist.
 
 -->
-<ruleset name="Vision Critical Panels.com" default_off='failed ruleset test'>
+<ruleset name="Vision Critical Panels.com" default_off="failed ruleset test">
 
 	<target host="logos.visioncriticalpanels.com" />
 
diff --git a/src/chrome/content/rules/Visitestonia.com.xml b/src/chrome/content/rules/Visitestonia.com.xml
index 290b77d3b8e1..c185c59545f9 100644
--- a/src/chrome/content/rules/Visitestonia.com.xml
+++ b/src/chrome/content/rules/Visitestonia.com.xml
@@ -41,14 +41,14 @@
 <ruleset name="Visitestonia.com (partial)">
 
 	<target host="visitestonia.com" />
-	<target host="*.visitestonia.com" />
+	<target host="prelive.visitestonia.com" />
+	<target host="www.visitestonia.com" />
+	<target host="cache.visitestonia.com" />
+	<target host="static1.visitestonia.com" />
+	<target host="static2.visitestonia.com" />
 
 
-	<rule from="^http://(prelive\.|www\.)?visitestonia\.com/"
-		to="https://$1visitestonia.com/" />
 
-	<rule from="^http://cache\.visitestonia\.com/"
-		to="https://d1y50j8vst3j8d.cloudfront.net/" />
 
 	<!--rule from="^http://camp\.visitestonia\.com/"
 		to="https://???.cloudfront.net/" /-->
@@ -56,4 +56,5 @@
 	<rule from="^http://static[12]\.visitestonia\.com/"
 		to="https://d3otexg1kysjv4.cloudfront.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vispa.net.uk.xml b/src/chrome/content/rules/Vispa.net.uk.xml
new file mode 100644
index 000000000000..2abe125ef233
--- /dev/null
+++ b/src/chrome/content/rules/Vispa.net.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Non-functional hosts:
+		Incomplete certificate chain:
+		- mx.vispa.net.uk
+
+		Different content:
+		- vispa.net.uk
+-->
+<ruleset name="Vispa.net.uk (partial)">
+	<target host="cp.vispa.net.uk" />
+	<target host="engage.vispa.net.uk" />
+	<target host="secure.vispa.net.uk"/>
+	<target host="signup.vispa.net.uk" />
+	<target host="support.vispa.net.uk" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vispa.xml b/src/chrome/content/rules/Vispa.xml
deleted file mode 100644
index 02fd2545a9fb..000000000000
--- a/src/chrome/content/rules/Vispa.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.vispahost.com/ => https://www.vispahost.com/: (6, 'Could not resolve host: www.vispahost.com')
-Fetch error: http://vispashop.com/ => https://vispashop.com/: (6, 'Could not resolve host: vispashop.com')
-Fetch error: http://www.vispashop.com/ => https://www.vispashop.com/: (6, 'Could not resolve host: www.vispashop.com')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.vispahost.com/ => https://www.vispahost.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://vispashop.com/ => https://vispashop.com/: (28, 'Connection timed out after 10001 milliseconds')
-Fetch error: http://www.vispashop.com/ => https://www.vispashop.com/: (28, 'Connection timed out after 10000 milliseconds')
-	Nonfunctional domains:
-
-		- helpdesk.vispa.net
-
--->
-<ruleset name="Vispa (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="secure.vispa.net.uk"/>
-	<target host="www.vispahost.com"/>
-	<target host="vispashop.com"/>
-	<target host="www.vispashop.com"/>
-	<target host="*.www.vispashop.com"/>
-
-	<securecookie host="^secure\.vispa\.net\.uk$" name=".+" />
-	<securecookie host="^(?:.*\.)?vispa(?:host|shop)\.com$" name=".+" />
-
-	<rule from="^http://secure\.vispa\.net\.uk/"
-		to="https://secure.vispa.net.uk/"/>
-
-	<!--	!www doesn't exist.	-->
-	<rule from="^http://www\.vispahost\.com/"
-		to="https://www.vispahost.com/" />
-
-	<rule from="^http://(www\.)?vispashop\.com/"
-		to="https://$1vispashop.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vistech-Communications.xml b/src/chrome/content/rules/Vistech-Communications.xml
index 19c1438ee311..45c17f660d3f 100644
--- a/src/chrome/content/rules/Vistech-Communications.xml
+++ b/src/chrome/content/rules/Vistech-Communications.xml
@@ -1,9 +1,10 @@
 <ruleset name="Vistech Communications" platform="mixedcontent">
 
 	<target host="vistech.net"/>
-	<target host="*.vistech.net"/>
+	<target host="bundy.vistech.net" />
+	<target host="www.vistech.net" />
 
-	<securecookie host="^(?:.*\.)?vistech\.net$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	data appear the same
 		cert only valid for bundy	-->
diff --git a/src/chrome/content/rules/VisualNews.com.xml b/src/chrome/content/rules/VisualNews.com.xml
deleted file mode 100644
index 3562a4e38d91..000000000000
--- a/src/chrome/content/rules/VisualNews.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Visual News">
-
-	<target host="visualnews.com" />
-	<target host="www.visualnews.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VisualWebsiteOptimizer.xml b/src/chrome/content/rules/VisualWebsiteOptimizer.xml
index b4aa4ecb2f76..285b07851023 100644
--- a/src/chrome/content/rules/VisualWebsiteOptimizer.xml
+++ b/src/chrome/content/rules/VisualWebsiteOptimizer.xml
@@ -1,7 +1,9 @@
 <ruleset name="Visual Website Optimizer (partial)">
 
 	<target host="visualwebsiteoptimizer.com" />
-	<target host="*.visualwebsiteoptimizer.com" />
+	<target host="dev.visualwebsiteoptimizer.com" />
+	<target host="v2.visualwebsiteoptimizer.com" />
+	<target host="www.visualwebsiteoptimizer.com" />
 		<!--
 			These paths 301 to http:
 
diff --git a/src/chrome/content/rules/Visual_Revenue.xml b/src/chrome/content/rules/Visual_Revenue.xml
index f155073092ad..40d6213ec95c 100644
--- a/src/chrome/content/rules/Visual_Revenue.xml
+++ b/src/chrome/content/rules/Visual_Revenue.xml
@@ -42,13 +42,12 @@
 -->
 <ruleset name="Visual Revenue (partial)">
 
-	<target host="*.visualrevenue.com" />
+	<target host="platform.visualrevenue.com" />
 
 
 	<securecookie host="^\.platform\.visualrevenue\.com$" name=".+" />
 
 
-	<rule from="^http://platform\.visualrevenue\.com/"
-		to="https://platform.visualrevenue.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/VisualizingPalestine.org.xml b/src/chrome/content/rules/VisualizingPalestine.org.xml
new file mode 100644
index 000000000000..1410dc50789a
--- /dev/null
+++ b/src/chrome/content/rules/VisualizingPalestine.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="VisualizingPalestine.org">
+	<target host="visualizingpalestine.org" />
+	<target host="www.visualizingpalestine.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VitalAds.xml b/src/chrome/content/rules/VitalAds.xml
index 44ddab5415a3..e2252a816c33 100644
--- a/src/chrome/content/rules/VitalAds.xml
+++ b/src/chrome/content/rules/VitalAds.xml
@@ -8,12 +8,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://vitalads.com/ => https://vitalads.com/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.vitalads.com/ => https://www.vitalads.com/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="VitalAds (partial)" default_off='failed ruleset test'>
+<ruleset name="VitalAds (partial)" default_off="failed ruleset test">
 
 	<target host="vitalads.com"/>
 	<target host="www.vitalads.com"/>
 
-	<securecookie host="^(?:.*\.)?vitalads\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/Vitalwerks.xml b/src/chrome/content/rules/Vitalwerks.xml
index c0b86b92bdf6..4350308ca187 100644
--- a/src/chrome/content/rules/Vitalwerks.xml
+++ b/src/chrome/content/rules/Vitalwerks.xml
@@ -5,10 +5,11 @@
 	<target host="no-ip.com"/>
 	<target host="*.no-ip.com"/>
 
-	<rule from="^http://cdn\.no-ip\.com/"
-		to="https://noipcdn.s3.amazonaws.com/"/>
+	<test url="http://blog.no-ip.com/" />
+	<test url="http://cdn.no-ip.com/" />
+	<test url="http://www.no-ip.com/" />
 
-	<rule from="^http://(?:www\.)?no-ip\.com/(client/|company/[^$]|favicon\.ico|images/|login|(?:1click|newUser)\.php)"
-		to="https://www.no-ip.com/$1"/>
+	<rule from="^http:"
+		to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vitamin_D_Council.xml b/src/chrome/content/rules/Vitamin_D_Council.xml
index 63c8785f0fd4..2ba6ad62eff9 100644
--- a/src/chrome/content/rules/Vitamin_D_Council.xml
+++ b/src/chrome/content/rules/Vitamin_D_Council.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vitamin_Shoppe.xml b/src/chrome/content/rules/Vitamin_Shoppe.xml
index e39b9e284dc3..8c22e23e3be7 100644
--- a/src/chrome/content/rules/Vitamin_Shoppe.xml
+++ b/src/chrome/content/rules/Vitamin_Shoppe.xml
@@ -33,7 +33,8 @@ Fetch error: http://vitaminshoppe.com/ => https://www.vitaminshoppe.com/: Too ma
 <ruleset name="Vitamin Shoppe.com (partial)">
 
 	<target host="vitaminshoppe.com" />
-	<target host="*.vitaminshoppe.com" />
+	<target host="www.vitaminshoppe.com" />
+	<target host="m.vitaminshoppe.com" />
 
 
 	<!--	Not secured by server:
@@ -44,7 +45,6 @@ Fetch error: http://vitaminshoppe.com/ => https://www.vitaminshoppe.com/: Too ma
 	<rule from="^http://(?:www\.)?vitaminshoppe\.com/"
 		to="https://www.vitaminshoppe.com/" />
 
-	<rule from="^http://m\.vitaminshoppe\.com/"
-		to="https://m.vitaminshoppe.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vivaldi.net.xml b/src/chrome/content/rules/Vivaldi.net.xml
deleted file mode 100644
index a5797bca9785..000000000000
--- a/src/chrome/content/rules/Vivaldi.net.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Fully covered hosts in *vivaldi.net:
-
-		- (www.)?
-
-
-	Insecure cookies are set for these domains and hosts
-
-		- vivaldi.net
-		- .vivaldi.net
-
--->
-<ruleset name="Vivaldi.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="vivaldi.net" />
-	<target host="www.vivaldi.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^vivaldi\.net$" name="^(_pk_cvar\.1\.[\da-f]+|_pk_id\.1\.[\da-f]+|_pk_ses\.1\.[\da-f]+|[\da-f]{32})$" /-->
-	<!--securecookie host="^\.vivaldi\.net$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^\.?vivaldi\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Viviscal.xml b/src/chrome/content/rules/Viviscal.xml
index 75527773de8f..dec4b8a89f1c 100644
--- a/src/chrome/content/rules/Viviscal.xml
+++ b/src/chrome/content/rules/Viviscal.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://viviscal.co.uk/ => https://viviscal.co.uk/: Cycle detected - URL already encountered: https://viviscal.co.uk/
 Fetch error: http://www.viviscal.co.uk/ => https://www.viviscal.co.uk/: Cycle detected - URL already encountered: https://www.viviscal.co.uk/
 -->
-<ruleset name="Viviscal" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Viviscal" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="viviscal.co.uk" />
 	<target host="www.viviscal.co.uk" />
diff --git a/src/chrome/content/rules/Vm.ag.xml b/src/chrome/content/rules/Vm.ag.xml
index e6b58f1ccbfa..ecf5a4240b1d 100644
--- a/src/chrome/content/rules/Vm.ag.xml
+++ b/src/chrome/content/rules/Vm.ag.xml
@@ -1,15 +1,10 @@
-<!--
-	For other Variomedia coverage, see Variomedia.de.xml.
-
--->
 <ruleset name="Vm.ag">
 
 	<target host="vm.ag" />
-	<target host="piwik.vm.ag" />
 	<target host="www.vm.ag" />
+	<target host="piwik.vm.ag" />
 
-
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Vmail.me.xml b/src/chrome/content/rules/Vmail.me.xml
deleted file mode 100644
index 205328aad10f..000000000000
--- a/src/chrome/content/rules/Vmail.me.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Vmail.me">
-  <target host="vmail.me" />
-  <target host="www.vmail.me" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Vmmpxl.com.xml b/src/chrome/content/rules/Vmmpxl.com.xml
deleted file mode 100644
index 4e9bf5b620b7..000000000000
--- a/src/chrome/content/rules/Vmmpxl.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Fully covered hosts in *vmmpxl.com:
-
-		- secimg
-
-
-	Insecure cookies are set for these 
-
-		- secimg.vmmpxl.com
-
--->
-<ruleset name="vmmpxl.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secimg.vmmpxl.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^secimg\.vmmpxl\.com$" name="^VMM_ID_\w+$" /-->
-
-	<securecookie host="^secimg\.vmmpxl\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/VoDLocker.to.xml b/src/chrome/content/rules/VoDLocker.to.xml
new file mode 100644
index 000000000000..7377d66d41a4
--- /dev/null
+++ b/src/chrome/content/rules/VoDLocker.to.xml
@@ -0,0 +1,12 @@
+<!--
+	Redirects to HTTP:
+		- dl.vodlocker.to
+-->
+<ruleset name="VoDLocker.to">
+	<target host="vodlocker.to" />
+	<target host="www.vodlocker.to" />
+	<target host="api.vodlocker.to" />
+	<target host="cdn.vodlocker.to" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/VoIPDistributor.net.xml b/src/chrome/content/rules/VoIPDistributor.net.xml
deleted file mode 100644
index e995f8b30d15..000000000000
--- a/src/chrome/content/rules/VoIPDistributor.net.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="VoIPDistributor.net">
-
-	<target host="voipdistributor.net" />
-	<target host="www.voipdistributor.net" />
-
-
-	<securecookie host="^\.?voipdistributor\.net$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Vocativ.com.xml b/src/chrome/content/rules/Vocativ.com.xml
index 7c22b16aedf5..5cd79630a43d 100644
--- a/src/chrome/content/rules/Vocativ.com.xml
+++ b/src/chrome/content/rules/Vocativ.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.vocativ.com/content/themes/vocativ/images/vocativ-logo-2
 	* Secured by us
 
 -->
-<ruleset name="Vocativ.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Vocativ.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vodafone.co.nz.xml b/src/chrome/content/rules/Vodafone.co.nz.xml
index 312f9fb9a2af..eed058777288 100644
--- a/src/chrome/content/rules/Vodafone.co.nz.xml
+++ b/src/chrome/content/rules/Vodafone.co.nz.xml
@@ -57,7 +57,7 @@ Fetch error: http://wholesale.vodafone.co.nz/ => https://wholesale.vodafone.co.n
 	* Secured by us
 
 -->
-<ruleset name="Vodafone.co.nz (partial)" default_off='failed ruleset test'>
+<ruleset name="Vodafone.co.nz (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -100,7 +100,7 @@ Fetch error: http://wholesale.vodafone.co.nz/ => https://wholesale.vodafone.co.n
 	<!--securecookie host="^m\.vodafone\.co\.nz$" name="^(?:BIGipServer\w+|JSESSIONID)$" /-->
 	<!--securecookie host="^\.wholesale\.vodafone\.co\.nz$" name="^(?:ANON|VIS)ID\d+$" /-->
 
-	<securecookie host="^(?:.*\.)?vodafone\.co\.nz$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<!--	Redirect keeps path and args,
diff --git a/src/chrome/content/rules/Vodafone.co.uk.xml b/src/chrome/content/rules/Vodafone.co.uk.xml
index 9c9212cb2098..ad5eda59e1f2 100644
--- a/src/chrome/content/rules/Vodafone.co.uk.xml
+++ b/src/chrome/content/rules/Vodafone.co.uk.xml
@@ -60,7 +60,7 @@ Fetch error: http://vip.vodafone.co.uk/ => https://vip.vodafone.co.uk/: (6, 'Cou
 	* Secured by us
 
 -->
-<ruleset name="Vodafone.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Vodafone.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vodafone.ie.xml b/src/chrome/content/rules/Vodafone.ie.xml
index 8df0f2e911df..0ba85778e69f 100644
--- a/src/chrome/content/rules/Vodafone.ie.xml
+++ b/src/chrome/content/rules/Vodafone.ie.xml
@@ -48,7 +48,7 @@
 	<!--securecookie host="^support\.vodafone\.ie$" name="^(?:AJUDACLUSTER|eGain_eService_JSESSIONID)$" /-->
 	<!--securecookie host="^www\.vodafone\.ie$" name="^(?:JSESSIONID|SITESELECTION)$" /-->
 
-	<securecookie host="^(?:.+\.)?vodafone\.ie$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Vodafone.pt.xml b/src/chrome/content/rules/Vodafone.pt.xml
index e6d4f500d4b5..7c305348a2e7 100644
--- a/src/chrome/content/rules/Vodafone.pt.xml
+++ b/src/chrome/content/rules/Vodafone.pt.xml
@@ -1,17 +1,8 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://vodafonecontactos.vodafone.pt/ => https://vodafonecontactos.vodafone.pt/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://webvodafonemail.vodafone.pt/ => https://webvodafonemail.vodafone.pt/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Imcomplete chain:
-	mail.vodafone.pt
--->
-
-<ruleset name="Vodafone.pt" default_off='failed ruleset test'>
+<ruleset name="Vodafone.pt">
+	<target host="www.vodafone.pt" />
+	<target host="vodafone.pt" />
 	<target host="ajuda.vodafone.pt" />
 	<target host="loja.vodafone.pt" />
-	<target host="vodafonecontactos.vodafone.pt" />
 	<target host="onenetuk.vodafone.pt" />
 	<target host="negocios.vodafone.pt" />
 	<target host="onenet.vodafone.pt" />
@@ -22,13 +13,12 @@ Fetch error: http://webvodafonemail.vodafone.pt/ => https://webvodafonemail.voda
 	<target host="www.facturanahora.vodafone.pt" />
 	<target host="rbtweb.vodafone.pt" />
 	<target host="sms.vodafone.pt" />
-	<target host="www.agente.vodafone.pt" />
 	<target host="webfecs.vodafone.pt" />
 	<target host="webgen.vodafone.pt" />
-	<target host="webvodafonemail.vodafone.pt" />
 	<target host="admin.net.vodafone.pt" />
 	<target host="at.vodafone.pt" />
 	<target host="my.vodafone.pt" />
+	<target host="mail.vodafone.pt" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vodafone.xml b/src/chrome/content/rules/Vodafone.xml
index 9ccb80912c35..0623ce5e9a08 100644
--- a/src/chrome/content/rules/Vodafone.xml
+++ b/src/chrome/content/rules/Vodafone.xml
@@ -1,8 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://developer.vodafone.com/ => https://developer.vodafone.com/: (6, 'Could not resolve host: developer.vodafone.com')
-
 	Other Vodafone rulesets:
 
 		- Firsts.com.xml
@@ -11,57 +7,19 @@ Fetch error: http://developer.vodafone.com/ => https://developer.vodafone.com/:
 		- Vodafone.de.xml
 		- Vodafone.ie.xml
 
-
-	- vodafonegroup.122.2o7.net
-	- vodafone.ivwbox.de
-	- vodafone01.secure.lithium.com
-
-
 	Nonfunctional hosts in *vodafone.com:
 
-		- cms-vp *
-
-	* Plaintext reply
-
-
-	(www.)?vodafone.com: Shows firsts.com
-
+		- ^ (mismatched)
+		- cms-vp (timeout)
 
-	Insecure cookies are set for these hosts:
-
-		- developer.vodafone.com
 
 -->
-<ruleset name="Vodafone.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="developer.vodafone.com" />
+<ruleset name="Vodafone.com (partial)">
 
-	<!--	Complications:
-				-->
 	<target host="vodafone.com" />
 	<target host="www.vodafone.com" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^developer\.vodafone\.com$" name="^csrftoken$" /-->
-
-	<securecookie host="^developer\.vodafone\.com$" name=".+" />
-
-
-	<!--	Redirect keeps args but not forward slash:
-								-->
-	<rule from="^http://(?:www\.)?vodafone\.com/+(?=$|\?)"
-		to="https://www.vodafone.com/content/index.html" />
-
-		<test url="http://vodafone.com/?" />
-		<test url="http://www.vodafone.com/?" />
-		<test url="http://vodafone.com//" />
-		<test url="http://www.vodafone.com//" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http://(www\.)?vodafone\.com/"
+		to="https://www.vodafone.com/" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Voffka.xml b/src/chrome/content/rules/Voffka.xml
index 08914b60dddb..3777ac1fbf2e 100644
--- a/src/chrome/content/rules/Voffka.xml
+++ b/src/chrome/content/rules/Voffka.xml
@@ -1,38 +1,67 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.voffka.com/ => https://www.voffka.com/: (60, 'SSL certificate problem: certificate has expired')
-
-	Nonfunctional subdomains:
-
-		- i	(403/404)
-
-
-	Problematic subdomains:
-
-		- mail		(works, expired, mismatched, CN: id.kapranoff.ru)
-
-
-	i serves images only.
-
-
-	Mixed content:
-
-		- Images, from:
-
-			- voffka.com
-			- vwp.su
-
+	Invalid certificate:
+		ad.voffka.com
+		chat.voffka.com
+		www.chat.voffka.com
+		duo.voffka.com
+		j1.duo.voffka.com
+		j2.duo.voffka.com
+		j3.duo.voffka.com
+		j4.duo.voffka.com
+		mailer.duo.voffka.com
+		mysql.duo.voffka.com
+		forum.voffka.com
+		www.forum.voffka.com
+		forum-pda.voffka.com
+		gcore.voffka.com
+		i.voffka.com
+		imap-old.voffka.com
+		img.voffka.com
+		love.voffka.com
+		top.love.voffka.com
+		mail.voffka.com
+		mailer.voffka.com
+		maillist.voffka.com
+		monitoring.voffka.com
+		mx.voffka.com
+		ns.voffka.com
+		photo.voffka.com
+		www.photo.voffka.com
+		mail.photo.voffka.com
+		pop3-old.voffka.com
+		s05.voffka.com
+		s06.voffka.com
+		smtp-old.voffka.com
+		top.voffka.com
+		img.vozer.voffka.com
+		vref.voffka.com
+		xeon.voffka.com
+		j2.xeon.voffka.com
+		j3.xeon.voffka.com
+		j4.xeon.voffka.com
+	Refused:
+		mx1.voffka.com
+		mx2.voffka.com
+		mx3.voffka.com
+		ns2.voffka.com
+		old.voffka.com
+	Time out:
+		home.voffka.com
+		imap.voffka.com
+		pop3.voffka.com
+		smtp.voffka.com
+		stat.voffka.com
 -->
-<ruleset name="Voffka.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="voffka.com">
 	<target host="voffka.com" />
 	<target host="www.voffka.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<target host="admin.voffka.com" />
+	<target host="mt.voffka.com" />
+	<target host="export.voffka.com" />
+	<target host="vozer.voffka.com" />
+	<target host="i.vozer.voffka.com" />
+	<target host="vozer2.voffka.com" />
+
+	<rule from="^http://www\.voffka\.com/" to="https://voffka.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vogel.de.xml b/src/chrome/content/rules/Vogel.de.xml
index e96cd462984b..dc108df1dfe9 100644
--- a/src/chrome/content/rules/Vogel.de.xml
+++ b/src/chrome/content/rules/Vogel.de.xml
@@ -9,7 +9,9 @@
 <ruleset name="Vogel.de">
 
 	<target host="vogel.de" />
-	<target host="*.vogel.de" />
+	<target host="files.vogel.de" />
+	<target host="images.vogel.de" />
+	<target host="www.vogel.de" />
 
 
 	<!--	Not secured by server:
@@ -17,7 +19,6 @@
 	<securecookie host="^(?:www\.)?vogel\.de$" name=".+" />
 
 
-	<rule from="^http://((?:files|images|www)\.)?vogel\.de/"
-		to="https://$1vogel.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Voice.fi.xml b/src/chrome/content/rules/Voice.fi.xml
index 15e3da86a7ee..d9b13788f989 100644
--- a/src/chrome/content/rules/Voice.fi.xml
+++ b/src/chrome/content/rules/Voice.fi.xml
@@ -13,7 +13,7 @@
 
 	<rule from="^http://voice\.fi/"
 		  	to="https://www.voice.fi/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VoiceFive.xml b/src/chrome/content/rules/VoiceFive.xml
index 286521df099e..130ee20148d7 100644
--- a/src/chrome/content/rules/VoiceFive.xml
+++ b/src/chrome/content/rules/VoiceFive.xml
@@ -1,18 +1,20 @@
 <ruleset name="VoiceFive">
 
 	<target host="voicefive.com" />
-	<target host="*.voicefive.com" />
+	<target host="ar.voicefive.com" />
+	<target host="www.voicefive.com" />
+	<target host="b.voicefive.com" />
+	<target host="sb.voicefive.com" />
 
 
-	<securecookie host="^(?:.*\.)?voicefive\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(ar\.|www\.)?voicefive\.com/"
-		to="https://$1voicefive.com/" />
 
 	<!--	This is what the server does.
 						-->
 	<rule from="^http://s?b\.voicefive\.com/"
 		to="https://sb.voicefive.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/VoidLinux.org.xml b/src/chrome/content/rules/VoidLinux.org.xml
new file mode 100644
index 000000000000..64a3b8cb9e06
--- /dev/null
+++ b/src/chrome/content/rules/VoidLinux.org.xml
@@ -0,0 +1,26 @@
+<!--
+	HTTP ≠ HTTPS:
+		- auto
+		- alpha.de.repo
+		- vm2.a-lej-de.m
+-->
+<ruleset name="VoidLinux.org.xml">
+	<target host="voidlinux.org" />
+	<target host="www.voidlinux.org" />
+	<target host="build.voidlinux.org" />
+	<target host="docs.voidlinux.org" />
+	<target host="infradocs.voidlinux.org" />
+	<target host="a-hel-fi.m.voidlinux.org" />
+	<target host="vm1.a-lej-de.m.voidlinux.org" />
+	<target host="man.voidlinux.org" />
+	<target host="monitoring.voidlinux.org" />
+	<target host="beta.de.repo.voidlinux.org" />
+	<target host="sources.voidlinux.org" />
+	<target host="terraform.voidlinux.org" />
+	<target host="wiki.voidlinux.org" />
+	<target host="xq-api.voidlinux.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Volatile_Systems.com-problematic.xml b/src/chrome/content/rules/Volatile_Systems.com-problematic.xml
index 58c6a6f2d785..88ffbf203c4b 100644
--- a/src/chrome/content/rules/Volatile_Systems.com-problematic.xml
+++ b/src/chrome/content/rules/Volatile_Systems.com-problematic.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Volatile_Systems.com.xml b/src/chrome/content/rules/Volatile_Systems.com.xml
index 3ff48bce27a0..bec9cef9c502 100644
--- a/src/chrome/content/rules/Volatile_Systems.com.xml
+++ b/src/chrome/content/rules/Volatile_Systems.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.volatilesystems.com/ => https://www.volatilesystems.com/
 		- lists		(works; expired 2008-12-15, mismatched, CN: www.volatilesystems.com)
 
 -->
-<ruleset name="Volatile Systems.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Volatile Systems.com (partial)" default_off="failed ruleset test">
 
 	<target host="volatilesystems.com" />
 	<target host="www.volatilesystems.com" />
@@ -30,4 +30,4 @@ Fetch error: http://www.volatilesystems.com/ => https://www.volatilesystems.com/
 	<rule from="^http://(?:www\.)?volatilesystems\.com/"
 		to="https://www.volatilesystems.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VolkswagenBank.xml b/src/chrome/content/rules/VolkswagenBank.xml
index 404053727a38..43f269aa55c2 100644
--- a/src/chrome/content/rules/VolkswagenBank.xml
+++ b/src/chrome/content/rules/VolkswagenBank.xml
@@ -1,7 +1,8 @@
 <ruleset name="Volkswagen Bank" platform="mixedcontent">
-  <target host="*.volkswagenbank.de" />
+  <target host="www.volkswagenbank.de" />
+  <target host="online-banking.volkswagenbank.de" />
   <target host="volkswagenbank.de" />
 
   <rule from="^http://(?:www\.)?volkswagenbank\.de/" to="https://www.volkswagenbank.de/" />
-  <rule from="^http://online-banking\.volkswagenbank\.de/" to="https://online-banking.volkswagenbank.de/" />
+  <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Volotea.com.xml b/src/chrome/content/rules/Volotea.com.xml
index 0710a0489e76..3eb045d44658 100644
--- a/src/chrome/content/rules/Volotea.com.xml
+++ b/src/chrome/content/rules/Volotea.com.xml
@@ -13,13 +13,18 @@
 <ruleset name="Volotea.com">
 
 	<target host="volotea.com" />
-	<target host="*.volotea.com" />
+	<target host="auto.volotea.com" />
+	<target host="cars.volotea.com" />
+	<target host="coches.volotea.com" />
+	<target host="media.volotea.com" />
+	<target host="static.volotea.com" />
+	<target host="voitures.volotea.com" />
+	<target host="www.volotea.com" />
 
 
 	<securecookie host="^(?:www)?\.volotea\.com$" name=".+" />
 
 
-	<rule from="^http://((?:auto|cars|coches|media|static|voitures|www)\.)?volotea\.com/"
-		to="https://$1volotea.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Voltage.com.xml b/src/chrome/content/rules/Voltage.com.xml
deleted file mode 100644
index 7f1cb730f2c3..000000000000
--- a/src/chrome/content/rules/Voltage.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Other Hewlett Packard rulesets:
-		- Compaq.com.xml
-		- Hewlett-Packard.xml 
-		- HP_Cloud.com.xml
-		- Optimost.xml
-		- Palm.com.xml
-
-	Non-functional subdomain:
-		- info		(hostname mismatch, CN: *.marketo.com, marketo.com)
--->
-<ruleset name="HP Security Voltage">
-	<target host=    "voltage.com" />
-	<target host="www.voltage.com" />
-
-  	<securecookie host="^www\.voltage\.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Volunteer2.xml b/src/chrome/content/rules/Volunteer2.xml
index 0d88ec32de7d..0d4c7f414431 100644
--- a/src/chrome/content/rules/Volunteer2.xml
+++ b/src/chrome/content/rules/Volunteer2.xml
@@ -5,14 +5,14 @@
 -->
 <ruleset name="Volunteer² (partial)">
 
-	<target host="*.volunteer2.com"/>
+	<target host="app.volunteer2.com" />
+	<target host="cdn.volunteer2.com" />
 	<target host="myvolunteerpage.com"/>
 	<target host="www.myvolunteerpage.com"/>
 
 	<rule from="^http://(?:app\.volunteer2|(?:www\.)?myvolunteerpage)\.com/"
 		to="https://app.volunteer2.com/"/>
 
-	<rule from="^http://cdn\.volunteer2\.com/"
-		to="https://cdn.volunteer2.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml b/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml
index e2a39c3e64d7..713c5e690fc8 100644
--- a/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml
+++ b/src/chrome/content/rules/Volunteer_Centers_of_Michigan.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(?:www\.)?mivolunteers\.org/"
 		to="https://mivolunteers.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Volusion.xml b/src/chrome/content/rules/Volusion.xml
index 51436d760e74..2476b2ca6c12 100644
--- a/src/chrome/content/rules/Volusion.xml
+++ b/src/chrome/content/rules/Volusion.xml
@@ -43,21 +43,24 @@
 <ruleset name="Volusion (partial)">
 
 	<target host="volusion.co.uk" />
-	<target host="*.volusion.co.uk" />
+	<target host="store.volusion.co.uk" />
+	<target host="www.volusion.co.uk" />
 	<target host="volusion.com" />
-	<target host="*.volusion.com" />
+	<target host="cdn3.volusion.com" />
+	<target host="forums.volusion.com" />
+	<target host="my.volusion.com" />
+	<target host="store.volusion.com" />
+	<target host="vchangedesign.volusion.com" />
+	<target host="www.volusion.com" />
 
 
-	<securecookie host="^(?:.*\.)?volusion\.co(?:\.uk|m)$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
-	<rule from="^http://(store\.|www\.)?volusion\.co\.uk/"
-		to="https://$1volusion.co.uk/" />
 
 	<rule from="^http://volusion\.com/"
 		to="https://www.volusion.com/" />
 
-	<rule from="^http://(cdn3|forums|my|store|vchangedesign|www)\.volusion\.com/"
-		to="https://$1.volusion.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Voodoo.com.xml b/src/chrome/content/rules/Voodoo.com.xml
index ffdc5b010a21..a6ce3f415847 100644
--- a/src/chrome/content/rules/Voodoo.com.xml
+++ b/src/chrome/content/rules/Voodoo.com.xml
@@ -12,7 +12,8 @@
 <ruleset name="Voodoo.com (partial)">
 
 	<target host="voodoo.com" />
-	<target host="*.voodoo.com" />
+	<target host="secure.voodoo.com" />
+	<target host="www.voodoo.com" />
 
 
 	<securecookie host="^\.voodoo\.com$" name=".+" />
@@ -21,4 +22,4 @@
 	<rule from="^http://(?:secure\.|www\.)?voodoo\.com/"
 		to="https://secure.voodoo.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Voost.xml b/src/chrome/content/rules/Voost.xml
index 7f33f088a8ac..d0755f564a54 100644
--- a/src/chrome/content/rules/Voost.xml
+++ b/src/chrome/content/rules/Voost.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vooxe.com.xml b/src/chrome/content/rules/Vooxe.com.xml
index ae5fd3fad675..62723b65240a 100644
--- a/src/chrome/content/rules/Vooxe.com.xml
+++ b/src/chrome/content/rules/Vooxe.com.xml
@@ -11,7 +11,7 @@
 		- cdn.static.vooxe.com
 		- svcone1.vooxe.com
 		- testweb.vooxe.com
-		
+
 	Chain issues:
 		- webapi.reports.vooxe.com
 		- system.vooxe.com
diff --git a/src/chrome/content/rules/Vorpal.io.xml b/src/chrome/content/rules/Vorpal.io.xml
index dc10832ff3df..5647108a93e4 100644
--- a/src/chrome/content/rules/Vorpal.io.xml
+++ b/src/chrome/content/rules/Vorpal.io.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.vorpal.io/ => https://www.vorpal.io/: (60, 'SSL certific
 		- c929457.ssl.cf2.rackcdn.com
 
 -->
-<ruleset name="Vorpal.io" default_off='failed ruleset test'>
+<ruleset name="Vorpal.io" default_off="failed ruleset test">
 
 	<target host="vorpal.io" />
 	<target host="www.vorpal.io" />
diff --git a/src/chrome/content/rules/VoteWatch.eu.xml b/src/chrome/content/rules/VoteWatch.eu.xml
index 25c8d4e7ffa2..de6e3f6e3b3f 100644
--- a/src/chrome/content/rules/VoteWatch.eu.xml
+++ b/src/chrome/content/rules/VoteWatch.eu.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://votewatch.eu/ => https://www.votewatch.eu/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://www.votewatch.eu/ => https://www.votewatch.eu/: (60, 'SSL certificate problem: certificate has expired')
 -->
-<ruleset name="VoteWatch.eu" default_off='failed ruleset test'>
+<ruleset name="VoteWatch.eu" default_off="failed ruleset test">
 
 	<target host="votewatch.eu" />
 	<target host="www.votewatch.eu" />
diff --git a/src/chrome/content/rules/VoterVOICE.xml b/src/chrome/content/rules/VoterVOICE.xml
index bf42288176ea..9fc078c94538 100644
--- a/src/chrome/content/rules/VoterVOICE.xml
+++ b/src/chrome/content/rules/VoterVOICE.xml
@@ -3,4 +3,4 @@
 	<target host="www.votervoice.net" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/VouchedFor.co.uk.xml b/src/chrome/content/rules/VouchedFor.co.uk.xml
index 45f3d0d42ba9..805c2b97bbd1 100644
--- a/src/chrome/content/rules/VouchedFor.co.uk.xml
+++ b/src/chrome/content/rules/VouchedFor.co.uk.xml
@@ -14,7 +14,7 @@ Fetch error: http://partners.vouchedfor.co.uk/ => https://partners.vouchedfor.co
 		- .vouchedfor.co.uk
 
 -->
-<ruleset name="VouchedFor.co.uk" default_off='failed ruleset test'>
+<ruleset name="VouchedFor.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vovici.com.xml b/src/chrome/content/rules/Vovici.com.xml
index e40ee203e6fd..3d77ad8a1acc 100644
--- a/src/chrome/content/rules/Vovici.com.xml
+++ b/src/chrome/content/rules/Vovici.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://desktop.vovici.com/ => https://desktop.vovici.com/: (28, 'Op
 Fetch error: http://system.vovici.com/ => https://system.vovici.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 Fetch error: http://www.vovici.com/ => https://vovici.com/: (28, 'Operation timed out after 0 milliseconds with 0 out of 0 bytes received')
 -->
-<ruleset name="Vovici.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Vovici.com (partial)" default_off="failed ruleset test">
 
 	<target host="vovici.com" />
 	<target host="desktop.vovici.com" />
diff --git a/src/chrome/content/rules/Vox.com.xml b/src/chrome/content/rules/Vox.com.xml
index 99b2fa5487f0..e636dfa5b91f 100644
--- a/src/chrome/content/rules/Vox.com.xml
+++ b/src/chrome/content/rules/Vox.com.xml
@@ -18,38 +18,14 @@
 
 	ʳ Refused
 
-
-	^vox.com: Refused
-
 -->
-<ruleset name="Vox.com" default_off="redirects to http">
+<ruleset name="Vox.com">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="www.vox.com" />
-
-	<!--	Complications:
-				-->
 	<target host="vox.com" />
+	<target host="www.vox.com" />
 
-		<!--	Redirects to http:
-						-->
-		<exclusion pattern="^http://www\.vox\.com/(?:$|\?|\d{4}/(?:\d\d?/){2}\d+/[\w-]+(?:$|\?))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.vox.com/2016/1/7/10726296/wheres-rey-star-wars-monopoly" />
-
-
-	<!--	Possible trackers (untested):
-						-->
-	<securecookie host="^\." name="^__[qu].*" />
-
-
-	<rule from="^http://vox\.com/"
-		to="https://www.vox.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Voxel.xml b/src/chrome/content/rules/Voxel.xml
index 17fa3f6b56f8..f2aa6e268377 100644
--- a/src/chrome/content/rules/Voxel.xml
+++ b/src/chrome/content/rules/Voxel.xml
@@ -5,7 +5,7 @@
 	<target host="*.voxcdn.com"/>
 
 
-	<securecookie host="^(?:.*\.)?vox(?:cdn\.com|el\.net)$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(www\.|portal\.)?voxel\.net/"
diff --git a/src/chrome/content/rules/Voxer.xml b/src/chrome/content/rules/Voxer.xml
index 28414204d6d9..63ff55f1c4f7 100644
--- a/src/chrome/content/rules/Voxer.xml
+++ b/src/chrome/content/rules/Voxer.xml
@@ -46,7 +46,12 @@
 <ruleset name="Voxer (partial)">
 
 	<target host="voxer.com" />
-	<target host="*.voxer.com" />
+	<target host="business.voxer.com" />
+	<target host="one.voxer.com" />
+	<target host="support.voxer.com" />
+	<target host="web.voxer.com" />
+	<target host="www.voxer.com" />
+	<target host="dev-10.voxer.com" />
 		<!--
 			Some paths may be different(?):
 								-->
diff --git a/src/chrome/content/rules/Voyage_Group.com.xml b/src/chrome/content/rules/Voyage_Group.com.xml
index e0d5d92278e1..d6e55f59b059 100644
--- a/src/chrome/content/rules/Voyage_Group.com.xml
+++ b/src/chrome/content/rules/Voyage_Group.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://boat.voyagegroup.com/ => https://boat.voyagegroup.com/: (28,
 	www.voyagegroup.com: Mismatched
 
 -->
-<ruleset name="Voyage Group.com" default_off='failed ruleset test'>
+<ruleset name="Voyage Group.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Vozpopuli.com.xml b/src/chrome/content/rules/Vozpopuli.com.xml
index 03b256006c58..313cddec6e17 100644
--- a/src/chrome/content/rules/Vozpopuli.com.xml
+++ b/src/chrome/content/rules/Vozpopuli.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://tendencias.vozpopuli.com/ => https://tendencias.vozpopuli.co
 	* gestion.vozpopuli.com
 	* bolsa.vozpopuli.com
 -->
-<ruleset name="Vozpopuli.com" default_off='failed ruleset test'>
+<ruleset name="Vozpopuli.com" default_off="failed ruleset test">
 
 	<target host="vozpopuli.com" />
 	<target host="www.vozpopuli.com" />
diff --git a/src/chrome/content/rules/Vpnbook.com.xml b/src/chrome/content/rules/Vpnbook.com.xml
index 3d7549ac6675..65b13721403e 100644
--- a/src/chrome/content/rules/Vpnbook.com.xml
+++ b/src/chrome/content/rules/Vpnbook.com.xml
@@ -1,7 +1,8 @@
 <ruleset name="vpnbook.com">
 
 	<target host="vpnbook.com" />
-	<target host="*.vpnbook.com" />
+	<target host="www.vpnbook.com" />
+	<target host="webproxy.vpnbook.com" />
 
 
 	<securecookie host="^(?:webproxy)?\.vpnbook\.com$" name=".+" />
@@ -13,7 +14,6 @@
 	<rule from="^http://(?:www\.)?vpnbook\.com/"
 		to="https://www.vpnbook.com/" />
 
-	<rule from="^http://webproxy\.vpnbook\.com/"
-		to="https://webproxy.vpnbook.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vr-mfr.de.xml b/src/chrome/content/rules/Vr-mfr.de.xml
new file mode 100644
index 000000000000..60bd4b529bc6
--- /dev/null
+++ b/src/chrome/content/rules/Vr-mfr.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="Vr-mfr.de">
+	<target host="vr-mfr.de" />
+	<target host="www.vr-mfr.de" />
+	<target host="kontofinder.vr-mfr.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vrt.be.xml b/src/chrome/content/rules/Vrt.be.xml
index ab8337b3498d..fb05eeade4f7 100644
--- a/src/chrome/content/rules/Vrt.be.xml
+++ b/src/chrome/content/rules/Vrt.be.xml
@@ -13,6 +13,8 @@
 		pers.vrt.be
         Mixed Content:
                 radiospotcel.vrt.be (Missing CSS)
+  Timeout
+    css.vrt.be
 -->
 <ruleset name="VRT.be">
     <target host="vrt.be" />
@@ -21,8 +23,7 @@
     <target host="bigband.vrt.be" />
     <target host="communicatie.vrt.be" />
     <target host="communicatieradio.vrt.be" />
-    <target host="css.vrt.be" />
-        <test url="http://css.vrt.be/vrt/p_sn_li.aspx" />
+    <!-- <target host="css.vrt.be" /> -->
     <target host="images.vrt.be" />
     <target host="innovatie.vrt.be" />
     <target host="sandbox.vrt.be" />
diff --git a/src/chrome/content/rules/Vsexshop.ru.xml b/src/chrome/content/rules/Vsexshop.ru.xml
index 5eab7c8bea91..5971aab5c0d8 100644
--- a/src/chrome/content/rules/Vsexshop.ru.xml
+++ b/src/chrome/content/rules/Vsexshop.ru.xml
@@ -4,11 +4,12 @@
 -->
 <ruleset name="vsexshop.ru (partial)">
 
-	<target host="*.vimgs.ru" />
+	<target host="l.vimgs.ru" />
+	<target host="m.vimgs.ru" />
 	<target host="vsexshop.ru" />
 
 
 	<rule from="^http://(?:[lm]\.vimgs|vsexshop)\.ru/images/"
 		to="https://vsexshop.ru/images/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Vtiger.com.xml b/src/chrome/content/rules/Vtiger.com.xml
index 98110f2f3fa6..84c883992906 100644
--- a/src/chrome/content/rules/Vtiger.com.xml
+++ b/src/chrome/content/rules/Vtiger.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://blogs.vtiger.com/ => https://blogs.vtiger.com/: (7, 'Failed
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Vtiger.com" default_off='failed ruleset test'>
+<ruleset name="Vtiger.com" default_off="failed ruleset test">
 
 	<target host="vtiger.com" />
 	<target host="blogs.vtiger.com" />
diff --git a/src/chrome/content/rules/VuFind.org.xml b/src/chrome/content/rules/VuFind.org.xml
index b66093364923..5482a62a80d9 100644
--- a/src/chrome/content/rules/VuFind.org.xml
+++ b/src/chrome/content/rules/VuFind.org.xml
@@ -12,6 +12,6 @@
 	<rule from="^http://www\.vufind\.org/"
 			to="https://vufind.org/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Vueling.xml b/src/chrome/content/rules/Vueling.xml
index 1203b3ac14f1..3d301a00cbd1 100644
--- a/src/chrome/content/rules/Vueling.xml
+++ b/src/chrome/content/rules/Vueling.xml
@@ -1,7 +1,7 @@
 <ruleset name="Vueling">
   <target host="vueling.com" />
   <target host="*.vueling.com" />
-  
+
   <rule from="^http://vueling\.com/" to="https://vueling.com/"/>
   <rule from="^http://([^/:@\.]+)\.vueling\.com/" to="https://$1.vueling.com/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Vulture.com.xml b/src/chrome/content/rules/Vulture.com.xml
deleted file mode 100644
index bd70913e3f89..000000000000
--- a/src/chrome/content/rules/Vulture.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-		- vulture.com.112.2o7.net
-
-			- stats
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(dropped)
-
--->
-<ruleset name="Vulture.com (partial)">
-
-	<target host="*.vulture.com" />
-
-
-	<!--	Omniture tracking cookies:
-						-->
-	<securecookie host="^\.vulture\.com$" name="^s_\w+$" />
-
-
-	<rule from="^http://stats\.vulture\.com/"
-		to="https://vulture-com.112.2o7.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Vumanity.net.xml b/src/chrome/content/rules/Vumanity.net.xml
index e0b460bf5352..7e87c6e8b6a3 100644
--- a/src/chrome/content/rules/Vumanity.net.xml
+++ b/src/chrome/content/rules/Vumanity.net.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.vumanity.net/ => https://www.vumanity.net/: (28, 'Connec
 		- help	(dropped)
 
 -->
-<ruleset name="Vumanity.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Vumanity.net (partial)" default_off="failed ruleset test">
 
 	<target host="vumanity.net" />
 	<target host="www.vumanity.net" />
diff --git a/src/chrome/content/rules/Vungle.com-falsemixed.xml b/src/chrome/content/rules/Vungle.com-falsemixed.xml
index b080dba44b04..368af0cc1ba2 100644
--- a/src/chrome/content/rules/Vungle.com-falsemixed.xml
+++ b/src/chrome/content/rules/Vungle.com-falsemixed.xml
@@ -4,13 +4,11 @@
 -->
 <ruleset name="Vungle.com (false MCB)" platform="mixedcontent">
 
-	<target host="*.vungle.com" />
+	<target host="blog.vungle.com" />
+	<target host="www.vungle.com" />
 
 
-	<securecookie host="^\.vungle\.com$" name=".+" />
 
-
-	<rule from="^http://(blog|www)\.vungle\.com/"
-		to="https://$1.vungle.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Vuze.xml b/src/chrome/content/rules/Vuze.xml
index 6b1b37f15a95..b8667cfb5e7a 100644
--- a/src/chrome/content/rules/Vuze.xml
+++ b/src/chrome/content/rules/Vuze.xml
@@ -4,7 +4,7 @@
 
 	CDN buckets:
 
-		- web-www-1660276444.us-east-1.elb.amazonaws.com 
+		- web-www-1660276444.us-east-1.elb.amazonaws.com
 		- d1ov8b9v5fwdrf.cloudfront.net
 
 		- d2ojrr2o5sghfq.cloudfront.net
diff --git a/src/chrome/content/rules/VyprVPN.com.xml b/src/chrome/content/rules/VyprVPN.com.xml
new file mode 100644
index 000000000000..b005a7013da9
--- /dev/null
+++ b/src/chrome/content/rules/VyprVPN.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="VyprVPN.com (partial)">
+	<target host="vyprvpn.com" />
+	<target host="www.vyprvpn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Vzaar.xml b/src/chrome/content/rules/Vzaar.xml
index 62b91103a830..2677035c1884 100644
--- a/src/chrome/content/rules/Vzaar.xml
+++ b/src/chrome/content/rules/Vzaar.xml
@@ -1,47 +1,18 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://mtoza.vzaar.com/ => https://mtoza.vzaar.com/: (6, 'Could not resolve host: mtoza.vzaar.com')
-
-	Insecure cookies are set for these hosts:
-
-		- vzaar.com
-		- view.vzaar.com
-
--->
-<ruleset name="vzaar.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="vzaar.com (partial)">
 	<target host="vzaar.com" />
+	<target host="www.vzaar.com" />
 	<target host="assets1.vzaar.com" />
 	<target host="assets2.vzaar.com" />
 	<target host="download.vzaar.com" />
 	<target host="framegrabs.vzaar.com" />
-	<target host="mtoza.vzaar.com" />
 	<target host="player.vzaar.com" />
 	<target host="resources.vzaar.com" />
+	<target host="static.vzaar.com" />
 	<target host="video.vzaar.com" />
 	<target host="view.vzaar.com" />
-	<target host="www.vzaar.com" />
-
-	<!--	Complications:
-				-->
-	<target host="static.vzaar.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^vzaar\.com$" name="^(?:_vzaar-app_session-R4|visits)$" /-->
-	<!--securecookie host="^view\.vzaar\.com$" name="^_video-distributor-2_session$" /-->
-
-	<securecookie host="^view\.vzaar\.com$" name=".+" />
-
 
-	<rule from="^http://static\.vzaar\.com/"
-		to="https://s3.amazonaws.com/static.vzaar.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/W00tads.com.xml b/src/chrome/content/rules/W00tads.com.xml
index 71ea196eb847..87e0c2415232 100644
--- a/src/chrome/content/rules/W00tads.com.xml
+++ b/src/chrome/content/rules/W00tads.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://delivery.w00tads.com/ => https://delivery.w00tads.com/: (28,
 Fetch error: http://www.w00tads.com/ => https://www.w00tads.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="w00tads.com" default_off='failed ruleset test'>
+<ruleset name="w00tads.com" default_off="failed ruleset test">
 
 	<target host="w00tads.com" />
 	<target host="delivery.w00tads.com" />
diff --git a/src/chrome/content/rules/W3C-Test.org.xml b/src/chrome/content/rules/W3C-Test.org.xml
new file mode 100644
index 000000000000..6ae6a5285743
--- /dev/null
+++ b/src/chrome/content/rules/W3C-Test.org.xml
@@ -0,0 +1,28 @@
+<!--
+	Mismatch:
+		www2.w3c-test.org
+	Punycode:
+		lve-6lad => élève
+		n8j6ds53lwwkrqhv28a => 天気の良い日
+	Non-Standard HTTP Port:
+		n8j6ds53lwwkrqhv28a.www2.w3c-test.org:82
+	Note:
+		Double dash not allowed in XML comment; punycode prefix removed.
+	Related:
+		W3C.xml
+-->
+<ruleset name="W3C-test.org">
+	<target host="w3c-test.org" />
+	<target host="www.w3c-test.org" />
+	<target host="www1.w3c-test.org" />
+	<target host="www2.w3c-test.org" />
+	<target host="xn--lve-6lad.w3c-test.org" />
+	<target host="xn--n8j6ds53lwwkrqhv28a.w3c-test.org" />
+		<test url="http://xn--n8j6ds53lwwkrqhv28a.w3c-test.org:82/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www2\.w3c-test\.org/" to="https://www.w3c-test.org/" />
+	<rule from="^http://xn--n8j6ds53lwwkrqhv28a\.w3c-test\.org:82/" to="https://xn--n8j6ds53lwwkrqhv28a.w3c-test.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/W3C.xml b/src/chrome/content/rules/W3C.xml
index b07eb63ab093..6e612d5fa1ff 100644
--- a/src/chrome/content/rules/W3C.xml
+++ b/src/chrome/content/rules/W3C.xml
@@ -6,9 +6,12 @@
 		- flanders (mismatch)
 		- herman (timeout)
 		- irc (401)
-		- people (mismatch)
+		- people (mixed content)
 		- services (mixed content)
 		- test (no longer exists on server)
+
+	Related:
+		W3C-Test.org.xml
 -->
 <ruleset name="W3.org">
 
diff --git a/src/chrome/content/rules/W4a.fr.xml b/src/chrome/content/rules/W4a.fr.xml
deleted file mode 100644
index 8cf5886ca007..000000000000
--- a/src/chrome/content/rules/W4a.fr.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For other Web4all coverage, see Web4all.fr.xml.
-
--->
-<ruleset name="W4a.fr">
-
-	<target host="ressources.w4a.fr" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WAPY.xml b/src/chrome/content/rules/WAPY.xml
index 6d436e427005..e82dafdffeaa 100644
--- a/src/chrome/content/rules/WAPY.xml
+++ b/src/chrome/content/rules/WAPY.xml
@@ -2,7 +2,8 @@
 
 	<!--	Cert: localhost.localdomain	-->
 	<target host="wapy.com" />
-	<target host="*.wapy.com" />
+	<target host="dev1.wapy.com" />
+	<target host="www.wapy.com" />
 
 
 	<!--	- dev1 presents the same cert
diff --git a/src/chrome/content/rules/WAYF.dk.xml b/src/chrome/content/rules/WAYF.dk.xml
index e3433cfea6ee..2d3a25a8586a 100644
--- a/src/chrome/content/rules/WAYF.dk.xml
+++ b/src/chrome/content/rules/WAYF.dk.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://janus.wayf.dk/module.php/multiauth/selectsource.php?Au
 
 		- blog ¹
 		- www ²
-	
+
 	¹ Shows www.wayf.dk
 	² Redirects to http
 
@@ -17,7 +17,7 @@ Non-2xx HTTP code: http://janus.wayf.dk/module.php/multiauth/selectsource.php?Au
 		- janus.wayf.dk
 
 -->
-<ruleset name="WAYF.dk (partial)" default_off='failed ruleset test'>
+<ruleset name="WAYF.dk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WDWS.xml b/src/chrome/content/rules/WDWS.xml
index 3f42aea9d8af..dd01bf0b3e52 100644
--- a/src/chrome/content/rules/WDWS.xml
+++ b/src/chrome/content/rules/WDWS.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?wdws\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.wdws.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WEBxMedia.xml b/src/chrome/content/rules/WEBxMedia.xml
index 5db1edb8e22a..d8b3fa62d8f1 100644
--- a/src/chrome/content/rules/WEBxMedia.xml
+++ b/src/chrome/content/rules/WEBxMedia.xml
@@ -5,7 +5,7 @@ Fetch error: http://webxmedia.co.uk/ => https://webxmedia.co.uk/: (51, "SSL: no
 Fetch error: http://www.webxmedia.co.uk/ => https://www.webxmedia.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.webxmedia.co.uk'")
 
 -->
-<ruleset name="WEBxMedia" default_off='failed ruleset test'>
+<ruleset name="WEBxMedia" default_off="failed ruleset test">
 
 	<target host="webxmedia.co.uk" />
 	<target host="www.webxmedia.co.uk" />
@@ -16,4 +16,4 @@ Fetch error: http://www.webxmedia.co.uk/ => https://www.webxmedia.co.uk/: (51, "
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WEDOS.xml b/src/chrome/content/rules/WEDOS.xml
index 5ce1307e5166..96a0c2beffc7 100644
--- a/src/chrome/content/rules/WEDOS.xml
+++ b/src/chrome/content/rules/WEDOS.xml
@@ -8,7 +8,7 @@
 	- dod.wedos.com
 	- webpagetest.wedos.com
 	- *.wedos.ws
-	
+
 	Redirect loop:
 	- www.wedos.com
 -->
diff --git a/src/chrome/content/rules/WHI_CDN.com.xml b/src/chrome/content/rules/WHI_CDN.com.xml
deleted file mode 100644
index 7c994c5a8bb2..000000000000
--- a/src/chrome/content/rules/WHI_CDN.com.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://assets.whicdn.com/ => https://assets.whicdn.com/: Too many redirects while fetching 'https://assets.whicdn.com/'
-Fetch error: http://data2.whicdn.com/ => https://data2.whicdn.com/: (6, 'Could not resolve host: data2.whicdn.com')
-Fetch error: http://data3.whicdn.com/ => https://data3.whicdn.com/: (6, 'Could not resolve host: data3.whicdn.com')
-
-	For other We Heart It coverage, see We-Heart-It.xml.
-
-
-	CDN buckets:
-
-		- cs95.wac.edgecastcdn.net/...
-			- assets.whicdn.com
-			- data.whicdn.com
-			- stats.whicdn.com
-
-		- assets & data show AWS 403 message
-
--->
-<ruleset name="WHI CDN.com" default_off='failed ruleset test'>
-
-	<target host="assets.whicdn.com" />
-	<target host="data.whicdn.com" />
-	<target host="data2.whicdn.com" />
-	<target host="data3.whicdn.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WHIcdn.com.xml b/src/chrome/content/rules/WHIcdn.com.xml
new file mode 100644
index 000000000000..232b39782dbe
--- /dev/null
+++ b/src/chrome/content/rules/WHIcdn.com.xml
@@ -0,0 +1,15 @@
+<!--
+	For other WeHeartIt.com related rulesets, see WeHeartIt.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- whicdn.com
+-->
+<ruleset name="WHIcdn.com">
+	<target host="assets.whicdn.com" />
+	<target host="data.whicdn.com" />
+		<test url="http://data.whicdn.com/images/338953799/superthumb.jpg" />
+		<test url="http://data.whicdn.com/images/338956271/superthumb.jpg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WHMCS.xml b/src/chrome/content/rules/WHMCS.xml
index 459cd85a3b6c..2b4208d4d2d0 100644
--- a/src/chrome/content/rules/WHMCS.xml
+++ b/src/chrome/content/rules/WHMCS.xml
@@ -52,7 +52,7 @@
 					-->
 	<!--securecookie host="^\.whmcs\.com$" name="^(?:__cfduid|bb_sessionhash|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?whmcs\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/WHMS-FM.xml b/src/chrome/content/rules/WHMS-FM.xml
index 96ed4b262f8d..d4746af05b08 100644
--- a/src/chrome/content/rules/WHMS-FM.xml
+++ b/src/chrome/content/rules/WHMS-FM.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?whms\.com/(misc/|sites/|user(?:$|\?|/))"
 		to="https://www.whms.com/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WHYY.org.xml b/src/chrome/content/rules/WHYY.org.xml
index 6bb3c28844f6..dda0dc1aff83 100644
--- a/src/chrome/content/rules/WHYY.org.xml
+++ b/src/chrome/content/rules/WHYY.org.xml
@@ -21,7 +21,7 @@
 <ruleset name="WHYY.org">
 
 	<target host="whyy.org" />
-	<target host="*.whyy.org" />
+	<target host="www.whyy.org" />
 
 
 	<securecookie host="^\.whyy\.org$" name=".+" />
diff --git a/src/chrome/content/rules/WIMM.com.xml b/src/chrome/content/rules/WIMM.com.xml
deleted file mode 100644
index a891aa5d02fe..000000000000
--- a/src/chrome/content/rules/WIMM.com.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/store.wimm.com/
-
-
-	Nonfunctional subdomains:
-
-		- (www.)	(refused)
-
--->
-<ruleset name="WIMM.com (partial)">
-
-	<target host="*.wimm.com" />
-
-
-	<securecookie host="^\.?my\.wimm\.com$" name=".+" />
-
-
-	<rule from="^http://my\.wimm\.com/"
-		to="https://my.wimm.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WIPO.int.xml b/src/chrome/content/rules/WIPO.int.xml
new file mode 100644
index 000000000000..9b6f17ec1502
--- /dev/null
+++ b/src/chrome/content/rules/WIPO.int.xml
@@ -0,0 +1,16 @@
+<!--
+	Mismatched:
+		- wipo.int
+-->
+<ruleset name="WIPO.int (partial)">
+	<target host="wipo.int" />
+	<target host="www.wipo.int" />
+	<target host="www3.wipo.int" />
+	<target host="webcomponents.wipo.int" />
+	<target host="wipolex.wipo.int" />
+
+	<rule from="^http://wipo\.int/"
+		to="https://www.wipo.int/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WLxrs.com.xml b/src/chrome/content/rules/WLxrs.com.xml
index c6ca7f59675f..a9b10b3c42a6 100644
--- a/src/chrome/content/rules/WLxrs.com.xml
+++ b/src/chrome/content/rules/WLxrs.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://secure.wlxrs.com/ => https://secure.wlxrs.com/: (51, "SSL: n
 			- secure
 
 -->
-<ruleset name="WLxrs.com" default_off='failed ruleset test'>
+<ruleset name="WLxrs.com" default_off="failed ruleset test">
 
 	<target host="*.wlxrs.com" />
 
diff --git a/src/chrome/content/rules/WM_Jobs.co.uk.xml b/src/chrome/content/rules/WM_Jobs.co.uk.xml
index 2856ec8ba03e..133753f73f25 100644
--- a/src/chrome/content/rules/WM_Jobs.co.uk.xml
+++ b/src/chrome/content/rules/WM_Jobs.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://wmjobs.co.uk/ => https://wmjobs.co.uk/: (60, 'SSL certificat
 	ˢ Secured by us
 
 -->
-<ruleset name="WM Jobs.co.uk" default_off='failed ruleset test'>
+<ruleset name="WM Jobs.co.uk" default_off="failed ruleset test">
 
 	<target host="wmjobs.co.uk" />
 	<target host="www.wmjobs.co.uk" />
diff --git a/src/chrome/content/rules/WP-Engine.xml b/src/chrome/content/rules/WP-Engine.xml
index ea0739a52696..f7630719288f 100644
--- a/src/chrome/content/rules/WP-Engine.xml
+++ b/src/chrome/content/rules/WP-Engine.xml
@@ -15,7 +15,6 @@
 	Problematic subdomains:
 
 		- cdn			(404; mismatched, CN: *.netdna-ssl.com)
-		- press			(mismatched, CN: *.heroku.com)
 		- *.*.wpengine.com	(mismatched, CN: *.wpengine.com)
 
 
@@ -25,7 +24,7 @@
 		- cdn		(→ ^)
 		- devbox
 		- my
-		- press		(→ wpengine.totemapp.com)
+		- press
 		- signup
 		- support
 		- \w+ *
@@ -60,7 +59,6 @@
 	<target host="wpengine.com" />
 	<target host="*.wpengine.com" />
 
-		<test url="http://wpengine.com/" />
 		<test url="http://cdn.wpengine.com/" />
 		<test url="http://devbox.wpengine.com/" />
 		<test url="http://my.wpengine.com/" />
@@ -83,15 +81,12 @@
 	<!--securecookie host="^\.wpengine\.com$" name="^(__cfduid|cf_clearance)$" /-->
 	<!--securecookie host="^signup\.wpengine\.com$" name="^PHPSESSID$" /-->
 
-	<securecookie host="^(?:.*\.)?wpengine\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://cdn\.wpengine\.com/"
 		to="https://wpengine.com/" />
 
-	<rule from="^http://press\.wpengine\.com/"
-		to="https://wpengine.totemapp.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/WP.pl-problematic.xml b/src/chrome/content/rules/WP.pl-problematic.xml
deleted file mode 100644
index 318c29540c92..000000000000
--- a/src/chrome/content/rules/WP.pl-problematic.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For rules that are on by default, see WP.pl.xml.
-
--->
-<ruleset name="WP.pl (problematic)" default_off="mismatched">
-
-	<target host="diety.wp.pl" />
-
-
-	<securecookie host="^diety\.wp\.pl$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WP.pl.xml b/src/chrome/content/rules/WP.pl.xml
index 6fe0da210b91..3262b3b08093 100644
--- a/src/chrome/content/rules/WP.pl.xml
+++ b/src/chrome/content/rules/WP.pl.xml
@@ -1,153 +1,87 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://banki.wp.pl/ => https://banki.wp.pl/: (7, 'Failed to connect to banki.wp.pl port 443: Connection refused')
-
 	Wirtualna Polska SA
 
-	For problematic rules, see WP.pl-problematic.xml.
-
 	Other Wirtualna Polska rulesets:
 
 		- businessclick.com.xml
 		- wpimg.pl.xml
 
+	Non-functional hosts
+		Couldn't connect to server:
+		- kontakty.wp.pl
+		- muzyka.wp.pl
+		- outbox.wp.pl
 
-	CDN buckets:
-
-		- wp.ebrokerpartner.pl
-
-			- finansomat.wp.pl
-
-		- calisto.netpr.pl
-
-			- dlaprasy.wp.pl
-
-
-	Nonfunctional hosts in *wp.pl:
-
-		- ^ *
-		- agito *
-		- biznes *
-		- dlaprasy	(shows secure.netpr.pl; mismatched, CN: secure.netpr.pl)
-		- dzieci *
-		- ebiznes *
-		- ekstraklasa *
-		- erotyka *
-		- euro *
-		- facet *
-		- fantasyliga *
-		- i.fantasyliga *
-		- film *
-		- finansomat	(shows panel.cod.org.pl; mismatched, CN: panel.cod.org.pl)
-		- fitness **
-		- i.fitness **
-		- gielda *
-		- gry **
-		- i.gry **
-		- horoskop *
-		- kalendarz *
-		- kobieta *
-		- kontakty *
-		- info.mini *
-		- mobilna *
-		- moto *
-		- muzyka *
-		- newsletter *
-		- ogloszenia *
-		- onas *
-		- outbox *
-		- poczta	(redirects to profil, valid cert)
-		- pogoda *
-		- pomoc *
-		- prawnikonline *
-		- przewodnik *
-		- reklama **
-		- i.reklama **
-		- rekrutacja *
-		- rss *
-		- rtvagd *
-		- sport *
-		- biznes.szukaj *
-		- tech *
-		- topnews *
-		- turystyka *
-		- tv *
-		- twojeip *
-		- wiadomosci *
-		- wikipedia *
-		- get-2.wpapi *
-		- www ʰ
-
-	ʰ Redirects to http
-	* Refused
-	** Dropped
-
-
-	Problematic hosts in *wp.pl:
-
-		- agrobiznes ⁴
-		- diety	(works; mismatched, CN: *.vitalia.pl)
-		- finanse ˣ
-
-	⁴ >=1 path 404s
-	ˣ Mixed css
-
-
-	Partially covered hosts in *wp.pl:
-
-		- profil *
-
-	* Some pages redirect to http
-
-
-	Fully covered hosts in *wp.pl:
-
-		- m.poczta
-		- adv.reklama
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .wp.pl
-		- finanse.wp.pl
-		- .finanse.wp.pl
-		- .pasazfin.wp.pl
-		- .www.wp.pl
-		- ticket.www.wp.pl
-
+		SSL peer certificate was not OK:
+		- fantasyliga.wp.pl
+		- i.fantasyliga.wp.pl
+		- info.mini.wp.pl
+		- i.reklama.wp.pl
 
-	Mixed content:
+		Status code mismatch:
+		- twojeip.wp.pl
 
-		- iframe on finanse from newsletter.wp.pl ʳ
+		Mixed content blocking (MCB) triggered:
+		- reklama.wp.pl
 
-		- css, on
-
-			- finanse from fonts.googpleapis.com *
-
-		- Images, on:
-
-			- finanse, ticket.www from i.wp.pl *
-			- finanse from a.wpimg.pl ᵐ
-			- finanse from money.wpimg.pl ᵐ
-
-	ᵐ Not secured by us <= mismatched
-	ʳ Unsecurable <= refused
-	* Secured by us
+		Some pages redirect to http:
+		- profil.wp.pl
 
 -->
-<ruleset name="WP.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="WP.pl (partial)">
 
+	<target host="wp.pl" />
+	<target host="www.wp.pl" />
+	<target host="agito.wp.pl" />
 	<target host="banki.wp.pl" />
-	<!--target host="finanse.wp.pl" /-->
+	<target host="biznes.wp.pl" />
+	<target host="diety.wp.pl" />
+	<target host="dlaprasy.wp.pl" />
+	<target host="dzieci.wp.pl" />
+	<target host="ebiznes.wp.pl" />
+	<target host="ekstraklasa.wp.pl" />
+	<target host="erotyka.wp.pl" />
+	<target host="euro.wp.pl" />
+	<target host="facet.wp.pl" />
+	<target host="film.wp.pl" />
+	<target host="finanse.wp.pl" />
+	<target host="finansomat.wp.pl" />
+	<target host="fitness.wp.pl" />
+	<target host="i.fitness.wp.pl" />
+	<target host="get-2.wpapi.wp.pl" />
+	<target host="gielda.wp.pl" />
+	<target host="gry.wp.pl" />
+	<target host="horoskop.wp.pl" />
 	<target host="i.wp.pl" />
 	<target host="ir.i.wp.pl" />
+	<target host="kalendarz.wp.pl" />
+	<target host="kobieta.wp.pl" />
+	<target host="mobilna.wp.pl" />
+	<target host="moto.wp.pl" />
+	<target host="newsletter.wp.pl" />
+	<target host="ogloszenia.wp.pl" />
+	<target host="onas.wp.pl" />
 	<target host="pasazfin.wp.pl" />
+	<target host="poczta.wp.pl" />
 	<target host="m.poczta.wp.pl" />
+	<target host="pogoda.wp.pl" />
+	<target host="pomoc.wp.pl" />
+	<target host="prawnikonline.wp.pl" />
 	<target host="profil.wp.pl" />
+	<target host="przewodnik.wp.pl" />
 	<target host="adv.reklama.wp.pl" />
+	<target host="rekrutacja.wp.pl" />
+	<target host="rss.wp.pl" />
+	<target host="rtvagd.wp.pl" />
 	<target host="si.wp.pl" />
+	<target host="sport.wp.pl" />
+	<target host="tech.wp.pl" />
 	<target host="ticket.www.wp.pl" />
+	<target host="topnews.wp.pl" />
+	<target host="turystyka.wp.pl" />
+	<target host="tv.wp.pl" />
+	<target host="wiadomosci.wp.pl" />
+	<target host="wikipedia.wp.pl" />
 
 		<!--	Redirect to http:
 						-->
diff --git a/src/chrome/content/rules/WPML.org.xml b/src/chrome/content/rules/WPML.org.xml
deleted file mode 100644
index d6f84ae1900d..000000000000
--- a/src/chrome/content/rules/WPML.org.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	www.wpml.org: Mismatched
-
--->
-<ruleset name="WPML.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wpml.org" />
-	<target host="tp.wpml.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.wpml.org" />
-
-
-	<rule from="^http://www\.wpml\.org/"
-		to="https://wpml.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WP_Software.net.xml b/src/chrome/content/rules/WP_Software.net.xml
deleted file mode 100644
index 173d16f44ec2..000000000000
--- a/src/chrome/content/rules/WP_Software.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="WP Software.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wpsoftware.net" />
-	<target host="download.wpsoftware.net" />
-	<target host="www.wpsoftware.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WP_VulnDB.com.xml b/src/chrome/content/rules/WP_VulnDB.com.xml
deleted file mode 100644
index 2f50a39033e2..000000000000
--- a/src/chrome/content/rules/WP_VulnDB.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	www: mismatched
-
-
-	These altnames don't exist:
-
-		- blog.wpvulndb.com
-
--->
-<ruleset name="WP VulnDB.com">
-
-	<target host="wpvulndb.com" />
-	<target host="*.wpvulndb.com" />
-
-
-	<rule from="^http://(?:www\.)?wpvulndb\.com/"
-		to="https://wpvulndb.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WP_digital.net.xml b/src/chrome/content/rules/WP_digital.net.xml
index 773330e7d31b..2dcae0256bd9 100644
--- a/src/chrome/content/rules/WP_digital.net.xml
+++ b/src/chrome/content/rules/WP_digital.net.xml
@@ -39,7 +39,8 @@
 -->
 <ruleset name="WP digital.net (partial)">
 
-	<target host="*.wpdigital.net" />
+	<target host="css.wpdigital.net" />
+	<target host="echoapi.wpdigital.net" />
 
 
 	<rule from="^http://css\.wpdigital\.net/"
diff --git a/src/chrome/content/rules/WPdev.ms.xml b/src/chrome/content/rules/WPdev.ms.xml
deleted file mode 100644
index 011aa740e2e5..000000000000
--- a/src/chrome/content/rules/WPdev.ms.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other Microsoft coverage, see Microsoft.xml.
-
-
-	^wpdev.ms: Dropped
-
--->
-<ruleset name="WPdev.ms (partial)">
-
-	<!--	Complications:
-				-->
-	<target host="wpdev.ms" />
-
-
-	<!--	$ redirects like so.
-					-->
-	<rule from="^http://wpdev\.ms/$"
-		to="https://bitly.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WRAL.com.xml b/src/chrome/content/rules/WRAL.com.xml
index 93bc1e75ece7..bdaa473b58df 100644
--- a/src/chrome/content/rules/WRAL.com.xml
+++ b/src/chrome/content/rules/WRAL.com.xml
@@ -10,19 +10,19 @@ Fetch error: http://wral.com/ => https://wral.com/: Cycle detected - URL already
 		- wwwcache	(akamai)
 
 -->
-<ruleset name="WRAL.com" default_off='failed ruleset test'>
+<ruleset name="WRAL.com" default_off="failed ruleset test">
 
 	<target host="wral.com" />
-	<target host="*.wral.com" />
+	<target host="www.wral.com" />
+	<target host="wwwcache.wral.com" />
 
 
 	<securecookie host="^\.wral\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?wral\.com/"
-		to="https://$1wral.com/" />
 
 	<rule from="^http://wwwcache\.wral\.com/"
 		to="https://www.wral.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WSJ.net.xml b/src/chrome/content/rules/WSJ.net.xml
index 480cedb48066..3d777d77c323 100644
--- a/src/chrome/content/rules/WSJ.net.xml
+++ b/src/chrome/content/rules/WSJ.net.xml
@@ -8,70 +8,60 @@
 		- sc.wsj.net.edgesuite.net
 
 	403:
-		stvquotes.wsj.net
-
-	Different http/https content:
-		s.wsj.net/video/	http://s.wsj.net/video/public/videocenter.min-a269c50b.css
+		- stvquotes.wsj.net
 
 	Mismatched:
-		^wsj.net
-		www.wsj.net
-		images.conferences.wsj.net
+		- wsj.net
+		- www.wsj.net
+		- barrons.wsj.net
+		- ereader.wsj.net
+		- images.conferences.wsj.net
 -->
 
 <ruleset name="WSJ.net">
-	<!--	Direct rewrites:	-->
 	<target host="art-secure.wsj.net" />
-	<target host="asset.wsj.net" />
-	<target host="fonts.wsj.net" />
-	<target host="m.wsj.net" />
-	<target host="m-secure.wsj.net" />
-	<target host="ore.wsj.net" />
-	<target host="s1.wsj.net" />
-	<target host="s2.wsj.net" />
-	<target host="s3.wsj.net" />
-	<target host="s4.wsj.net" />
-	<target host="sc.wsj.net" />
-	<target host="sfonts.wsj.net" />
-	<target host="si.wsj.net" />
-	<target host="cdn.store.wsj.net" />
-	<target host="sts3.wsj.net" />
-	<target host="vir.wsj.net" />
-	<target host="wsjstream.wsj.net" />
-
 		<test url="http://art-secure.wsj.net/api/photos/aee4b61b3d4d4ed6b56e6f42c50312ac/fit?width=78" />
+	<target host="asset.wsj.net" />
 		<test url="http://asset.wsj.net/public/snippet.production-3d262e16.css" />
+	<target host="fonts.wsj.net" />
 		<test url="http://fonts.wsj.net/HCo_Whitney/font_HCo_Whitney.css" />
+	<target host="m.wsj.net" />
 		<test url="http://m.wsj.net/video/20120612/061212nfl/061212nfl_115x65.jpg" />
+	<target host="m-secure.wsj.net" />
 		<test url="http://m-secure.wsj.net/video/" />
+	<target host="ore.wsj.net" />
 		<test url="http://ore.wsj.net/fp/assets/fonts/wsj-fonts.css" />
+	<target host="refer.wsj.net" />
+	<target host="s.wsj.net" />
+		<test url="http://s.wsj.net/blogs/swf/professor.swf" />
+		<test url="http://s.wsj.net/media/swf/main.swf" />
+		<test url="http://s.wsj.net/static_html_files/pushdownAd.css" />
+		<test url="http://s.wsj.net/video/public/vendor.min-c9c585e0.js" />
+		<test url="http://s.wsj.net/video/public/videocenter.min-a269c50b.css" />
+	<target host="s1.wsj.net" />
 		<test url="http://s1.wsj.net/img/orange_bullet.gif" />
+	<target host="s2.wsj.net" />
 		<test url="http://s2.wsj.net/img/hightlights_dottedLine.gif" />
+	<target host="s3.wsj.net" />
 		<test url="http://s3.wsj.net/img/blue_dotted_strip.gif" />
+	<target host="s4.wsj.net" />
 		<test url="http://s4.wsj.net/img/icon_entry.gif" />
+	<target host="sc.wsj.net" />
 		<test url="http://sc.wsj.net/css/standalone_partner_hat.css" />
+	<target host="sfonts.wsj.net" />
 		<test url="http://sfonts.wsj.net/HCo_Whitney/font_HCo_Whitney.css" />
+	<target host="si.wsj.net" />
 		<test url="http://si.wsj.net/public/resources/images/BN-OA783_sugar0_Z120_20160516145348.jpg" />
+	<target host="sj.wsj.net" />
+	<target host="cdn.store.wsj.net" />
 		<test url="http://cdn.store.wsj.net/252743668dc493935bcf6328389bd1006b03d211/img/000000-0.png" />
+	<target host="sts3.wsj.net" />
 		<test url="http://sts3.wsj.net/identity/lifp-files/static/promo/20160404/14372-WSJ-US-AprilSale-LoginScrim-598x106-25June16.jpg" />
+	<target host="vir.wsj.net" />
 		<test url="http://vir.wsj.net/fp/assets/app-b3f3f98a.js" />
+	<target host="wsjstream.wsj.net" />
 		<test url="http://wsjstream.wsj.net/bg/api/connect.ashx" />
 
-	<!--	Complications:	-->
-	<target host="images.conferences.wsj.net" />
-	<rule from="^http://images\.conferences\.wsj\.net/"
-		to="https://s3.amazonaws.com/images.conferences.wsj.net/" />
-		<test url="http://images.conferences.wsj.net/cionetwork/wp-content/uploads/sites/3/2016/01/Deloitte_Web_180x80.png" />
-
-	<!--	Different http/https content:	-->
-	<target host="s.wsj.net" />
-		<exclusion pattern="^http://s\.wsj\.net/video/" />
-		<test url="http://s.wsj.net/video/public/videocenter.min-a269c50b.css" />
-		<test url="http://s.wsj.net/video/public/vendor.min-c9c585e0.js" />
-		<test url="http://s.wsj.net/blogs/swf/professor.swf" />
-		<test url="http://s.wsj.net/media/swf/main.swf" />
-		<test url="http://s.wsj.net/static_html_files/pushdownAd.css" />
-
 	<securecookie host="^\w" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/WSO2.com.xml b/src/chrome/content/rules/WSO2.com.xml
index d52ee30f0eb3..4036cc877d49 100644
--- a/src/chrome/content/rules/WSO2.com.xml
+++ b/src/chrome/content/rules/WSO2.com.xml
@@ -11,7 +11,7 @@
 
 		- Images, on:
 
-			- ^ from connect * 
+			- ^ from connect *
 			- ^ from \d.content *
 
 	* Secured by us
diff --git a/src/chrome/content/rules/WSPRnet.org.xml b/src/chrome/content/rules/WSPRnet.org.xml
new file mode 100644
index 000000000000..02bc23509a74
--- /dev/null
+++ b/src/chrome/content/rules/WSPRnet.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched
+		- www.wsprnet.org
+		- dev.wsprnet.org
+		- ftp.wsprnet.org
+-->
+<ruleset name="WSPRnet.org">
+	<target host="wsprnet.org" />
+	<target host="www.wsprnet.org" />
+
+	<rule from="^http://www\.wsprnet\.org/" to="https://wsprnet.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WURFUL.xml b/src/chrome/content/rules/WURFUL.xml
index 81138a4f824a..95ac55a67cc1 100644
--- a/src/chrome/content/rules/WURFUL.xml
+++ b/src/chrome/content/rules/WURFUL.xml
@@ -1,5 +1,5 @@
 <ruleset name="WURFL">
-	
+
 	<target host="wurfl.io" />
 	<target host="data.wurfl.io" />
 	<target host="demo.wurfl.io" />
diff --git a/src/chrome/content/rules/WVU.edu.xml b/src/chrome/content/rules/WVU.edu.xml
new file mode 100644
index 000000000000..17cdcd3be922
--- /dev/null
+++ b/src/chrome/content/rules/WVU.edu.xml
@@ -0,0 +1,96 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- wvu.edu
+		- catalog.wvu.edu
+		- hr.wvu.edu
+
+	Incomplete certificate chain error:
+		- www.math.wvu.edu
+-->
+<ruleset name="WVU.edu (partial)">
+	<target host="wvu.edu" />
+	<target host="www.wvu.edu" />
+
+	<target host="admissions.wvu.edu" />
+	<target host="appstatus.wvu.edu" />
+
+	<target host="biology.wvu.edu" />
+	<target host="bog.wvu.edu" />
+
+	<target host="calendar.wvu.edu" />
+	<target host="campusmap.wvu.edu" />
+	<target host="careers.wvu.edu" />
+	<target host="cehs.wvu.edu" />
+	<target host="consumerinformation.wvu.edu" />
+
+	<target host="diningservices.wvu.edu" />
+	<target host="directory.wvu.edu" />
+
+	<target host="eberly.wvu.edu" />
+	<target host="ecampus.wvu.edu" />
+	<target host="emergency.wvu.edu" />
+	<target host="energy.wvu.edu" />
+	<target host="extension.wvu.edu" />
+
+	<target host="financialaid.wvu.edu" />
+
+	<target host="give.wvu.edu" />
+	<target host="graduateadmissions.wvu.edu" />
+
+	<target host="housing.wvu.edu" />
+	<target host="benefits.hr.wvu.edu" />
+	<target host="employmentservices.hr.wvu.edu" />
+
+	<target host="isc.wvu.edu" />
+	<target host="it.wvu.edu" />
+
+	<target host="lib.wvu.edu" />
+	<target host="onview.lib.wvu.edu" />
+	<target host="libguides.wvu.edu" />
+	<target host="library.wvu.edu" />
+	<target host="login.wvu.edu" />
+	
+	<target host="math.wvu.edu" />
+	<target host="www.math.wvu.edu" />
+	<target host="control.math.wvu.edu" />
+	<target host="myprinting.wvu.edu" />
+
+	<target host="office365.wvu.edu" />
+	<target host="online.wvu.edu" />
+
+	<target host="patterns.wvu.edu" />
+	<target host="photos.wvu.edu" />
+	<target host="portal.wvu.edu" />
+	<target host="provost.wvu.edu" />
+	<target host="prtstatus.wvu.edu" />
+
+	<target host="rba.wvu.edu" />
+	<target host="registrar.wvu.edu" />
+	<target host="research.wvu.edu" />
+
+	<target host="search.wvu.edu" />
+	<target host="star.wvu.edu" />
+	<target host="static.wvu.edu" />
+	<target host="stemcenter.wvu.edu" />
+	<target host="studentaccounts.wvu.edu" />
+
+	<target host="talentandculture.wvu.edu" />
+	<target host="titleix.wvu.edu" />
+	<target host="tour.wvu.edu" />
+
+	<target host="visit.wvu.edu" />
+
+	<target host="webstandards.wvu.edu" />
+	<target host="wvutoday.wvu.edu" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://wvu\.edu/"
+		  to="https://www.wvu.edu/" />
+	
+	<rule from="^http://www\.math\.wvu\.edu/"
+		  to="https://math.wvu.edu/" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WWTE.xml b/src/chrome/content/rules/WWTE.xml
index 07b8ab002958..646e775312fc 100644
--- a/src/chrome/content/rules/WWTE.xml
+++ b/src/chrome/content/rules/WWTE.xml
@@ -48,7 +48,7 @@ Fetch error: http://www.wwte14.com/ => https://travel.wwte1.com/pubspec/scripts/
 	* Mismatched, CN: *.wwte1.com
 
 -->
-<ruleset name="WWTE (partial)" default_off='failed ruleset test'>
+<ruleset name="WWTE (partial)" default_off="failed ruleset test">
 
 	<target host="media.wwte.com" />
 	<target host="wwte1.com" />
diff --git a/src/chrome/content/rules/WaBi.com.xml b/src/chrome/content/rules/WaBi.com.xml
deleted file mode 100644
index 28fbb376d4fd..000000000000
--- a/src/chrome/content/rules/WaBi.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="WaBi.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wabi.com" />
-	<target host="home.wabi.com" />
-	<target host="www.wabi.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WaPo_Labs.com.xml b/src/chrome/content/rules/WaPo_Labs.com.xml
deleted file mode 100644
index 36af32ba7823..000000000000
--- a/src/chrome/content/rules/WaPo_Labs.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	For other Washington Post Company coverage, see Washington-Post-Company.xml.
-
-
-	CDN buckets:
-
-		- d2pe20ur0h0p8p.cloudfront.net
-
-			- bunsen
-
-
-	Nonfunctional subdomains:
-
-		- ^	(refused)
-		- www	(dropped)
-
--->
-<ruleset name="WaPo Labs.com (partial)">
-
-	<target host="bunsen.wapolabs.com" />
-
-
-	<rule from="^http://bunsen\.wapolabs\.com/"
-		to="https://d2pe20ur0h0p8p.cloudfront.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Wachovia.xml b/src/chrome/content/rules/Wachovia.xml
index 0eb66a3050e7..3590f9ff3f00 100644
--- a/src/chrome/content/rules/Wachovia.xml
+++ b/src/chrome/content/rules/Wachovia.xml
@@ -10,7 +10,7 @@
 		- myed.wachovia.com
 
 -->
-<ruleset name="Wachovia.com (partial)">
+<ruleset name="Wachovia.com (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
@@ -23,7 +23,7 @@
 					-->
 	<!--securecookie host="^myed\.wachovia\.com$" name="^(?:ASP\.NET_SessionId|MyEDModeV2)$" /-->
 
-	<securecookie host="^myed\.wachovia\.com$" name="" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Waeckerlin.org.xml b/src/chrome/content/rules/Waeckerlin.org.xml
index bd9424f52a33..9b5e100bfefe 100644
--- a/src/chrome/content/rules/Waeckerlin.org.xml
+++ b/src/chrome/content/rules/Waeckerlin.org.xml
@@ -5,7 +5,8 @@
 <ruleset name="Waeckerlin.org">
 
 	<target host="waeckerlin.org" />
-	<target host="*.waeckerlin.org" />
+	<target host="marc.waeckerlin.org" />
+	<target host="www.waeckerlin.org" />
 
 
 	<rule from="^http://(?:marc\.|www\.)?waeckerlin\.org/"
diff --git a/src/chrome/content/rules/Waffle.io.xml b/src/chrome/content/rules/Waffle.io.xml
deleted file mode 100644
index 0444a2b082ee..000000000000
--- a/src/chrome/content/rules/Waffle.io.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Waffle.io">
-
-	<target host="waffle.io" />
-	<target host="badge.waffle.io" />
-	<target host="www.waffle.io" />
-
-
-	<securecookie host="^\.?waffle\.io$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Waffles.fm.xml b/src/chrome/content/rules/Waffles.fm.xml
index c8a5f59059a6..97aa8b3023de 100644
--- a/src/chrome/content/rules/Waffles.fm.xml
+++ b/src/chrome/content/rules/Waffles.fm.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.waffles.fm/ => https://www.waffles.fm/: (28, 'Connection
 	* Secured by us, site redirects to https without us
 
 -->
-<ruleset name="Waffles.fm" default_off='failed ruleset test'>
+<ruleset name="Waffles.fm" default_off="failed ruleset test">
 	<target host="waffles.fm" />
 	<target host="www.waffles.fm" />
 	<rule from="^http:" to="https:"/>
diff --git a/src/chrome/content/rules/Waitrose_Direct.com.xml b/src/chrome/content/rules/Waitrose_Direct.com.xml
index 21159ddedc25..3540085c2818 100644
--- a/src/chrome/content/rules/Waitrose_Direct.com.xml
+++ b/src/chrome/content/rules/Waitrose_Direct.com.xml
@@ -21,7 +21,8 @@
 <ruleset name="Waitrose Direct.com (partial)">
 
 	<target host="waitrosedirect.com" />
-	<target host="*.waitrosedirect.com" />
+	<target host="images.waitrosedirect.com" />
+	<target host="www.waitrosedirect.com" />
 		<!--
 			Redirect to http
 						-->
diff --git a/src/chrome/content/rules/Wakelet.com.xml b/src/chrome/content/rules/Wakelet.com.xml
index d94a248f9af0..d23e0b25b686 100644
--- a/src/chrome/content/rules/Wakelet.com.xml
+++ b/src/chrome/content/rules/Wakelet.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://img3.wakelet.com/ => https://img3.wakelet.com/: (6, 'Could n
 		- wakelet.com
 
 -->
-<ruleset name="Wakelet.com" default_off='failed ruleset test'>
+<ruleset name="Wakelet.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Wales.gov.uk.xml b/src/chrome/content/rules/Wales.gov.uk.xml
index 9e496efe4a82..79a15483bc05 100644
--- a/src/chrome/content/rules/Wales.gov.uk.xml
+++ b/src/chrome/content/rules/Wales.gov.uk.xml
@@ -32,7 +32,7 @@ Fetch error: http://cssiw.wales.gov.uk/ => https://cssiw.wales.gov.uk/: (51, "SS
 		- statswales.wales.gov.uk
 
 -->
-<ruleset name="Wales.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Wales.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="adfs.wales.gov.uk" />
 	<target host="bcomm.wales.gov.uk" />
diff --git a/src/chrome/content/rules/Walgreens.xml b/src/chrome/content/rules/Walgreens.xml
index 69d3403d0008..d02e3cf7c1c4 100644
--- a/src/chrome/content/rules/Walgreens.xml
+++ b/src/chrome/content/rules/Walgreens.xml
@@ -13,7 +13,9 @@
 <ruleset name="Walgreens (partial)">
 
 	<target host="walgreens.com" />
-	<target host="*.walgreens.com" />
+	<target host="img2.walgreens.com" />
+	<target host="news.walgreens.com" />
+	<target host="www.walgreens.com" />
 		<exclusion pattern="^http://(?:www\.)?walgreens\.com/(?!common/|images/)" />
 
 
@@ -22,7 +24,6 @@
 	<securecookie host="^\.walgreens\.com$" name="^s_\w\w$" />
 
 
-	<rule from="^http://((?:img2|news|www)\.)?walgreens\.com/"
-		to="https://$1walgreens.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Walking_Men.xml b/src/chrome/content/rules/Walking_Men.xml
index 3991ae5bc442..d2fd059ac497 100644
--- a/src/chrome/content/rules/Walking_Men.xml
+++ b/src/chrome/content/rules/Walking_Men.xml
@@ -14,7 +14,7 @@
 <ruleset name="Walking Men">
 
 	<target host="walkingmen.com" />
-	<target host="*.walkingmen.com" />
+	<target host="www.walkingmen.com" />
 
 
 	<securecookie host="^\.walkingmen\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Wall-Street-Journal.xml b/src/chrome/content/rules/Wall-Street-Journal.xml
new file mode 100644
index 000000000000..9c9f4e2da194
--- /dev/null
+++ b/src/chrome/content/rules/Wall-Street-Journal.xml
@@ -0,0 +1,125 @@
+<!--
+	For other News Corporation coverage, see News-Corporation.xml.
+
+	Nonfunctional hosts in *wsj.com:
+		- blogs ᵃ (e.g. http://blogs.wsj.com/wtk/)
+		- cfonetwork ʳ
+		- cionetwork ʳ
+		- dj ᵈ
+		- europesubs ⁴
+		- guides ² (e.g. http://guides.wsj.com/wine/)
+		- help ʰ
+		- info ʳ
+		- peac ʳ
+		- portfolio ʳ
+		- projects ᵃ (e.g. https://projects.wsj.com/buzzwords2014/)
+		- realtime ʰ
+		- (www.)?stepahead ⁴
+		- admin.stream ³
+		- student ³
+		- synccontent
+		- wn ᵗ
+		- womenin ʳ
+		- wsjdconference ᵈ
+	ᵃ Active mixed content
+	² 502
+	³ 503
+	⁴ 404
+	⁵ 504
+	ᵈ Dropped
+	ʰ Redirects to http
+	ʳ Refused
+	ᵗ Timeout
+
+	Problematic hosts in *wsj.com:
+		- cn ᵐ
+		- m.cn ᵐ
+		- djx ᶜ
+		- indo ᵐ
+		- m.jp ᵐ
+		- kr ᵐ
+		- live ᵐ
+		- m ᵐ
+		- now ᵐ
+		- projoin.origin ᵐ
+		- stream ᵐ
+		- www.subscribe ᵗ
+		- topics ᵐ
+		- uk ᵐ
+		- ore.www ᵐ
+		- vir.www ᵐ
+	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
+	ᵐ Mismatched
+	ᵗ Timeout
+
+	Problematic hosts in *wsje.com:
+		- ^ ᵐ
+		- www ᵐ
+	ᵐ Mismatched
+
+	Insecure cookies are set for these domains and hosts: ᶜ
+		- .wsj.com
+		- blue-store.wsj.com
+		- customercenter.wsj.com
+		- .customercenter.wsj.com
+		- services.wsj.com
+		- store.wsj.com
+	ᶜ See https://owasp.org/index.php/SecureFlag
+
+	Mixed content:
+		- Image on customercenter from s2.wsj.net ˢ
+		- Bug on classified, classifieds from dowjones.122.2o7.net ˢ
+	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
+-->
+
+<ruleset name="Wall Street Journal (partial)">
+	<!-- dowjones.com -->
+	<target host="djrc.portal.dowjones.com" />
+
+	<!-- wsj.com -->
+	<target host="wsj.com" />
+	<target host="www.wsj.com" />
+	<target host="blue-store.wsj.com" />
+	<target host="buy.wsj.com" />
+		<test url="http://buy.wsj.com/maywsjus/" />
+	<target host="cbuy.wsj.com" />
+	<target host="city.wsj.com" />
+	<target host="classified.wsj.com" />
+	<target host="classifieds.wsj.com" />
+	<target host="conferences.wsj.com" />
+	<target host="converge.wsj.com" />
+	<target host="customercenter.wsj.com" />
+	<target host="deloitte.wsj.com" />
+	<target host="dlive.wsj.com" />
+	<target host="education.wsj.com" />
+	<target host="graphics.wsj.com" />
+	<target host="graphicsweb.wsj.com" />
+	<target host="id.wsj.com" />
+	<target host="jp.wsj.com" />
+	<target host="online.wsj.com" />
+	<target host="professor.wsj.com" />
+	<target host="quotes.wsj.com" />
+	<target host="services.wsj.com" />
+	<target host="signin.wsj.com" />
+	<target host="store.wsj.com" />
+	<target host="subscribe.wsj.com" />
+	<target host="subscription.wsj.com" />
+	<target host="video-api.wsj.com" />
+		<test url="http://video-api.wsj.com/api-video/player/v2/css/play_btn_50.png" />
+	<target host="wsjdlive.wsj.com" />
+
+
+	<!-- Not secured by server -->
+	<!--securecookie host="^\.wsj\.com$" name="^(LPLogin|djcs_route|wsjregion)$" /-->
+	<!--securecookie host="^(blue-)?store\.wsj\.com$" name="^AWSELB$" /-->
+	<!--securecookie host="^customercenter\.wsj\.com$" name="^(defaultLocale|slanguage|slocale)$" /-->
+	<!--securecookie host="^\.customercenter\.wsj\.com$" name="^djcs_int$" /-->
+	<!--securecookie host="^services\.wsj\.com$" name="^JSESSIONID$" /-->
+
+	<securecookie host="^\." name="^(_gat?$|_gat_|s_v)" />
+	<securecookie host="^\.customercenter\." name=".+" />
+	<securecookie host="^\w" name=".+" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wallabag.org.xml b/src/chrome/content/rules/Wallabag.org.xml
deleted file mode 100644
index 16a611b6f52f..000000000000
--- a/src/chrome/content/rules/Wallabag.org.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Invalid certificate:
-		v2.wallabag.org
-
-	This website had a wildcard DNS.
-
--->
-<ruleset name="wallabag.org">
-
-	<target host="wallabag.org" />
-	<target host="www.wallabag.org" />
-	<target host="community.wallabag.org" />
-	<target host="doc.wallabag.org" />
-	<target host="static.wallabag.org" />
-
-	<securecookie host="^\.wallabag\.org$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wallet.La.xml b/src/chrome/content/rules/Wallet.La.xml
index 56b5cf295d6b..6a17b7ebaf14 100644
--- a/src/chrome/content/rules/Wallet.La.xml
+++ b/src/chrome/content/rules/Wallet.La.xml
@@ -5,7 +5,7 @@ Fetch error: http://wallet.la/ => https://wallet.la/: (28, 'Connection timed out
 Fetch error: http://www.wallet.la/ => https://www.wallet.la/: (7, '')
 
 -->
-<ruleset name="Wallet.La" default_off='failed ruleset test'>
+<ruleset name="Wallet.La" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WalletGenerator.net.xml b/src/chrome/content/rules/WalletGenerator.net.xml
index a55debba05cd..f9f06273712a 100644
--- a/src/chrome/content/rules/WalletGenerator.net.xml
+++ b/src/chrome/content/rules/WalletGenerator.net.xml
@@ -5,7 +5,7 @@
 	www.walletgenerator.net: Shows default page
 
 -->
-<ruleset name="WalletGenerator.net" default_off="missing certificate chain">
+<ruleset name="WalletGenerator.net" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Walmart.com-falsemixed.xml b/src/chrome/content/rules/Walmart.com-falsemixed.xml
deleted file mode 100644
index 341e9d03ff6e..000000000000
--- a/src/chrome/content/rules/Walmart.com-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see Walmart.com.xml.
-
--->
-<ruleset name="Walmart.com (false MCB)" platform="mixedcontent">
-
-	<target host="help.walmart.com" />
-
-
-	<securecookie host="^help\.walmart\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Walmart.com.xml b/src/chrome/content/rules/Walmart.com.xml
index 2fb7b625eaec..1e006740a7ef 100644
--- a/src/chrome/content/rules/Walmart.com.xml
+++ b/src/chrome/content/rules/Walmart.com.xml
@@ -1,21 +1,5 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://accionistas.walmart.com/ => https://accionistas.walmart.com/: (51, "SSL: no alternative certificate subject name matches target host name 'accionistas.walmart.com'")
-Fetch error: http://corporativo.walmart.com/ => https://corporativo.walmart.com/: (51, "SSL: no alternative certificate subject name matches target host name 'corporativo.walmart.com'")
-Non-2xx HTTP code: http://es.foundation.walmart.com/ (200) => https://es.foundation.walmart.com/ (404)
-Fetch error: http://fundacion.walmart.com/ => https://fundacion.walmart.com/: (51, "SSL: no alternative certificate subject name matches target host name 'fundacion.walmart.com'")
-Non-2xx HTTP code: http://es.news.walmart.com/ (200) => https://es.news.walmart.com/ (404)
-Fetch error: http://noticias.walmart.com/ => https://noticias.walmart.com/: (6, 'Could not resolve host: noticias.walmart.com')
-Fetch error: http://beacon.stage.walmart.com/ => https://beacon.stage.walmart.com/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://stock.walmart.com/ => https://stock.walmart.com/: (51, "SSL: no alternative certificate subject name matches target host name 'stock.walmart.com'")
-Fetch error: http://suppliercenter.walmart.com/ => https://suppliercenter.walmart.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
-
-	For rules causing false/broken MCB, see Walmart.com-falsemixed.xml.
-
-
 	Other Wal-Mart rulesets:
-
 		- ASDA.xml
 		- asdacalltime.com.xml
 		- asdagoodliving.co.uk.xml
@@ -24,234 +8,69 @@ Fetch error: http://suppliercenter.walmart.com/ => https://suppliercenter.walmar
 		- toyou.co.uk.xml
 		- Walmart_images.com.xml
 
-
-	CDN buckets:
-
-		- p13n-assets.walmart.com.edgesuite.net
-
-
-	Nonfunctional hosts in *walmart.com:
-
-		- blog ¹
-		- careers ²
-		- learn *
-		- mobile ³
-
-	¹ Mismatched, CN: corporate.walmart.com
-	² 404
-	* 500
-	³ 403
-
-
-	Problematic hosts in *walmart.com:
-
-		- ^ ¹
-		- affil ²
-		- beacon.affil ²
-		- affiliates ²
-		- beacon ²
-		- beacon.beta ²
-		- beacon.classrooms ²
-		- help ³
-		- localad ⁴
-		- p13n-assets ⁴
-		- beacon.stage ²
-		- beacon.savingscatcher ²
-		- weeklyad ⁴
-		- wm13 ⁴
-		- wm15 ⁴
-
-	¹ Cert only matches www
-	² Insecure renegotiation
-	³ Mixed css
-	⁴ Akamai
-
-
-	Partially covered hosts in *walmart.com:
-
-		- help *
-
-	* Avoiding broken MCB
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .walmart.com
-		- accionistas.walmart.com
-		- beacon.affil.walmart.com
-		- affiliates.walmart.com
-		- beacon.walmart.com
-		- beacon.beta.walmart.com
-		- blog.walmart.com
-		- beacon.classrooms.walmart.com
-		- corporate.walmart.com
-		- cms.corporate.walmart.com
-		- es.corporate.walmart.com
-		- corporativo.walmart.com
-		- foundation.walmart.com
-		- es.foundation.walmart.com
-		- fundacion.walmart.com
-		- help.walmart.com
-		- news.walmart.com
-		- es.news.walmart.com
-		- noticias.walmart.com
-		- beacon.savingscatcher.walmart.com
+	Non-functional hosts
+		Timeout was reached:
 		- beacon.stage.walmart.com
-		- stock.walmart.com
-		- es.stock.walmart.com
-		- suppliercenter.walmart.com
-		- weeklyad.walmart.com
-		- wm13.walmart.com
-		- www.walmart.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
 
+		SSL peer certificate was not OK:
+		- localad.walmart.com
+		- weeklyad.walmart.com
 
-	These altnames don't exist:
+		Status code mismatched:
+		- es.foundation.walmart.com
 
+		5xx server error:
 		- cartservice.walmart.com
-
-
-	Mixed content:
-
-		- css on help and wm13 from i2.walmartimages.com *
-
-		- Images on help from i2.walmartimages.com *
-		- Images on savingscatcher from learn.walmart.com ²
-
-	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-	² Unsecurable <= 500
-
+		- suppliercenter.walmart.com
 -->
-<ruleset name="Walmart.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Walmart.com (partial)">
+	<target host="walmart.com" />
+	<target host="www.walmart.com" />
 
-	<!--	Direct rewrites:
-				-->
-	<target host="beacon.walmart.com" />
 	<target host="accionistas.walmart.com" />
 	<target host="affil.walmart.com" />
-	<target host="c.affil.walmart.com" />
 	<target host="beacon.affil.walmart.com" />
+	<target host="c.affil.walmart.com" />
 	<target host="affiliates.walmart.com" />
+
+	<target host="beacon.walmart.com" />
 	<target host="beacon.beta.walmart.com" />
+	<target host="blog.walmart.com" />
+
+	<target host="careers.walmart.com" />
 	<target host="beacon.classrooms.walmart.com" />
 	<target host="corporate.walmart.com" />
-
 	<target host="cdn.corporate.walmart.com" />
 	<target host="cms.corporate.walmart.com" />
 	<target host="es.corporate.walmart.com" />
-
 	<target host="corporativo.walmart.com" />
+
 	<target host="fonts.walmart.com" />
 	<target host="foundation.walmart.com" />
-	<target host="es.foundation.walmart.com" />
 	<target host="fundacion.walmart.com" />
+
 	<target host="help.walmart.com" />
+
+	<target host="learn.walmart.com" />
+
+	<target host="mobile.walmart.com" />
+
 	<target host="news.walmart.com" />
 	<target host="es.news.walmart.com" />
-	<target host="noticias.walmart.com" />
+
+	<target host="p13n-assets.walmart.com" />
 	<target host="partner.walmart.com" />
+
 	<target host="savingscatcher.walmart.com" />
 	<target host="beacon.savingscatcher.walmart.com" />
-	<target host="beacon.stage.walmart.com" />
 	<target host="stock.walmart.com" />
 	<target host="es.stock.walmart.com" />
-	<target host="suppliercenter.walmart.com" />
-	<target host="www.walmart.com" />
 
-	<!--	Complications:
-				-->
-	<target host="walmart.com" />
-	<!-- <target host="localad.walmart.com" /> -->
-
-		<!-- 	Redirect to http:
-						-->
-		<!--exclusion pattern="^http://www\.walmart\.com/+($|\?)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://www\.walmart\.com/(?!/*(?:client_side_redirect\.gsp|(?:account|cservice)(?:$|[?/])|favicon\.ico|i/|logout\.do))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.walmart.com/Value-of-the-Day" />
-			<test url="http://www.walmart.com/cart" />
-			<test url="http://www.walmart.com/instantcredit" />
-			<test url="http://www.walmart.com/store" />
-			<test url="http://www.walmart.com/store" />
-			<test url="http://www.walmart.com/store/finder" />
-			<test url="http://www.walmart.com/store/weekly-ads" />
-			<test url="http://www.walmart.com/weddingstationery" />
-			<test url="http://www.walmart.com/wishlist" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.walmart.com/account/trackorder" />
-			<test url="http://www.walmart.com/cservice/li_trackorder.gsp" />
-			<test url="http://www.walmart.com/favicon.ico" />
-			<test url="http://www.walmart.com/logout.do" />
-
-		<!--	Avoid broken MCB:
-						-->
-		<exclusion pattern="^http://help\.walmart\.com/(?!/*(?:euf/(?:assets|rightnow)/|favicon\.ico))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://help.walmart.com/app/account/profile" />
-			<test url="http://help.walmart.com/app/answers/detail/a_id/1" />
-			<test url="http://help.walmart.com/app/answers/list" />
-			<test url="http://help.walmart.com/app/ask" />
-
-			<!--	-ve:
-					-->
-			<test url="http://help.walmart.com/euf/assets/images/BTN_search_75x30.png" />
-			<test url="http://help.walmart.com/favicon.ico" />
-
-		<!--
-		<exclusion pattern="^http://localad\.walmart\.com/+(?!$|\?)" />
-		-->
-
-			<!--	+ve:
-					-->
-		<!--
-			<test url="http://localad.walmart.com/f" />
-			<test url="http://localad.walmart.com/o" />
-			<test url="http://localad.walmart.com//o" />
-			<test url="http://localad.walmart.com/b" />
-			<test url="http://localad.walmart.com/a" />
-		-->
+	<target host="wm13.walmart.com" />
+	<target host="wm15.walmart.com" />
 
-			<!--	-ve:
-					-->
-			<!-- <test url="http://localad.walmart.com//" /> -->
-
-		<test url="http://beacon.walmart.com/tap.gif?tap=" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(accionistas|blog|corporate|cms\.corporate|es\.corporate|corporativo|foundation|es\.foundation|fundacion|news|es\.news|noticias|stock|es\.stock)\.walmart\.com$" name="^(JSESSIONID|walmart_locale)$" /-->
-	<!--securecookie host="^affiliates\.walmart\.com$" name="^(CUSTOM_SESSION|LONG_LIVED_SESSION)$" /-->
-	<!--securecookie host="^beacon(\.(beta|classrooms|affil|savingscatcher|stage))?\.walmart\.com$" name="^(_tap-aiq|_tap_path|b\d+msc|bsc|btc)$" /-->
-	<!--securecookie host="^help\.walmart\.com$" name="^cp_session$" /-->
-	<!--securecookie host="^savingscatcher\.walmart\.com$" name="^(?:akaau_P1|iron|returnTo)$" /-->
-	<!--securecookie host="^suppliercenter\.walmart\.com$" name="^crumb$" /-->
-	<!--securecookie host="^weeklyad\.walmart\.com$" name="^(SC_Persistent|SC_Session)$" /-->
-	<!--securecookie host="^wm13\.walmart\.com$" name="^(EkAnalytics|EktGUID|ecm)$" /-->
-	<!--securecookie host="^www\.walmart\.com$" name="^akaau_P0$" /-->
-
-	<securecookie host="^(?:accionistas|beacon\.affil|affiliates|beacon\.(?:beta|classrooms)|corporate|(?:cms|es)\.corporate|corporativo|foundation|es\.foundation|fundacion|news|es\.news|noticias|savingscatcher|beacon\.s(?:avingscatcher|tage)|stock|es\.stock|suppliercenter)\.walmart\.com$" name=".+" />
-
-
-	<rule from="^http://walmart\.com/"
-		to="https://www.walmart.com/" />
-
-	<!--	Redirect keeps args:
-					-->
-	<!-- <rule from="^http://localad\.walmart\.com/+"
-		to="https://weeklyad.walmart.com/walmart/" /> -->
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/Walmart_images.com.xml b/src/chrome/content/rules/Walmart_images.com.xml
index 175adc27da87..677dc63f3bdf 100644
--- a/src/chrome/content/rules/Walmart_images.com.xml
+++ b/src/chrome/content/rules/Walmart_images.com.xml
@@ -1,4 +1,13 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://i2.walmartimages.com/css/global_ie6.css => https://i-secure.walmartimages.com/css/global_ie6.css: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://i-secure.walmartimages.com/ => https://i-secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://secure.walmartimages.com/ => https://secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://i.walmartimages.com/ => https://i-secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://i2.walmartimages.com/ => https://i-secure.walmartimages.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
 	For other Walmart coverage, see Walmart.com.xml.
 
 
@@ -16,17 +25,16 @@
 
 	<!--	Direct rewrites:
 				-->
-	<target host="i-secure.walmartimages.com" />
+	<!-- target host="i-secure.walmartimages.com" /-->
 	<target host="i5.walmartimages.com" />
 	<target host="i6.walmartimages.com" />
 	<target host="i7.walmartimages.com" />
-	<target host="secure.walmartimages.com" />
+	<!-- target host="secure.walmartimages.com" /-->
 
 	<!--	Complications:
 				-->
-	<target host="i.walmartimages.com" />
-	<target host="i2.walmartimages.com" />
-
+	<!-- target host="i.walmartimages.com" /-->
+	<!-- target host="i2.walmartimages.com" /-->
 
 	<!--	Not secured by server:
 					-->
@@ -34,10 +42,6 @@
 
 	<securecookie host="^secure\.walmartimages\.com$" name=".+" />
 
-
-	<rule from="^http://i2?\.walmartimages\.com/"
-		to="https://i-secure.walmartimages.com/" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/Wamba.com.xml b/src/chrome/content/rules/Wamba.com.xml
index a22f50795f10..d3ce4c99e9bc 100644
--- a/src/chrome/content/rules/Wamba.com.xml
+++ b/src/chrome/content/rules/Wamba.com.xml
@@ -14,7 +14,6 @@
 
 	<rule from="^http:" to="https:" />
 
-	<test url="http://wamba.com/" />
 	<test url="http://www.wamba.com/" />
 	<test url="http://corp.wamba.com/" />
 	<test url="http://partner.wamba.com/" />
diff --git a/src/chrome/content/rules/Wand.com.xml b/src/chrome/content/rules/Wand.com.xml
index e2fea1fe8c91..ae3b1ab4507d 100644
--- a/src/chrome/content/rules/Wand.com.xml
+++ b/src/chrome/content/rules/Wand.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.wand.com/ => https://www.wand.com/: (28, 'Connection tim
 		- www.wand.com
 
 -->
-<ruleset name="Wand.com" default_off='failed ruleset test'>
+<ruleset name="Wand.com" default_off="failed ruleset test">
 
 	<target host="wand.com" />
 	<target host="www.wand.com" />
diff --git a/src/chrome/content/rules/Wandoujia.xml b/src/chrome/content/rules/Wandoujia.xml
index f1538d5a6db2..47b18eb1802d 100644
--- a/src/chrome/content/rules/Wandoujia.xml
+++ b/src/chrome/content/rules/Wandoujia.xml
@@ -36,7 +36,6 @@
 
 	<target host="apps.wandoujia.com" />
 	<exclusion pattern="^http://apps.wandoujia.com/(?!api/)" />
-		<test url="http://apps.wandoujia.com/" />
 		<test url="http://apps.wandoujia.com/tag/" />
 		<test url="http://apps.wandoujia.com/api/v1/apps?type=weeklytopgame" />
 
diff --git a/src/chrome/content/rules/Wanglibao.com.xml b/src/chrome/content/rules/Wanglibao.com.xml
deleted file mode 100644
index 1666e73c23c9..000000000000
--- a/src/chrome/content/rules/Wanglibao.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="Wanglibao.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wanglibao.com" />
-	<target host="www.wanglibao.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Waqi.info.xml b/src/chrome/content/rules/Waqi.info.xml
new file mode 100644
index 000000000000..7eaf24d3358e
--- /dev/null
+++ b/src/chrome/content/rules/Waqi.info.xml
@@ -0,0 +1,53 @@
+<!--
+	Other related ruleset:
+		- Aqicn.org.xml
+
+	Mismatched:
+		- www
+		- cwop2
+		- data
+		- feed
+		- img
+		- jp1n
+		- jp2
+		- jp3
+		- mail
+		- sg1
+		- static
+		- sw3
+		- test
+
+	Connection error:
+		- api
+		- epi
+		- ipi
+
+	Connection refused:
+		- cwop1
+		- mapqb
+		- online
+		- stat
+		- sw-wind
+		- sw2
+
+	Expired:
+		- git
+		- jp1
+		- tiles2
+-->
+<ruleset name="Waqi.info">
+	<target host="waqi.info" />
+	<target host="www.waqi.info" />
+	<target host="cwop.waqi.info" />
+	<target host="forecast.waqi.info" />
+	<target host="tiles.waqi.info" />
+	<target host="widgets.waqi.info" />
+	<target host="wind.waqi.info" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://www\.waqi\.info/"
+		to="https://waqi.info/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WardahBooks.com.xml b/src/chrome/content/rules/WardahBooks.com.xml
new file mode 100644
index 000000000000..b7318cf74945
--- /dev/null
+++ b/src/chrome/content/rules/WardahBooks.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="WardahBooks.com">
+	<target host="wardahbooks.com" />
+	<target host="www.wardahbooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wargaming.net.xml b/src/chrome/content/rules/Wargaming.net.xml
deleted file mode 100644
index 163dc1ea1213..000000000000
--- a/src/chrome/content/rules/Wargaming.net.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://wargaming.com/ => https://wargaming.com/: Too many redirects while fetching 'https://wargaming.com/'
-Fetch error: http://www.wargaming.com/ => https://wargaming.com/: Too many redirects while fetching 'https://wargaming.com/'
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://wargaming.net/ => https://wargaming.net/: Cycle detected - URL already encountered: https://na.wargaming.net/
-	Other Wargaming.net rulesets:
-
-		- World_of_Warships.xml
-
-
-	Problematic domains:
-
-		- www.wargaming.com	(mismatched)
-
--->
-<ruleset name="Wargaming.net" default_off='failed ruleset test'>
-
-	<target host="wargaming.com" />
-	<target host="www.wargaming.com" />
-	<target host="wargaming.net" />
-	<target host="*.wargaming.net" />
-
-
-	<securecookie host="^wargaming\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?wargaming\.com/"
-		to="https://wargaming.com/" />
-
-	<rule from="^http://((?:eu|na|ru|sea|www)\.)?wargaming\.net/"
-		to="https://$1wargaming.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wargaming.xml b/src/chrome/content/rules/Wargaming.xml
new file mode 100644
index 000000000000..5b3e16bd3267
--- /dev/null
+++ b/src/chrome/content/rules/Wargaming.xml
@@ -0,0 +1,93 @@
+<!--
+	Other Wargaming rulesets:
+		- World-of-Warships.xml
+
+	wargaming.com:
+		Invalid certificate:
+			- press.wargaming.com, equivalent to wargaming.assetbank-server.com
+
+		Redirects to HTTP:
+			- dava.wargaming.net
+			- davaus.wargaming.net
+			- gotocyprus.wargaming.com
+			- wglc.wargaming.net
+
+		Wrong server:
+			- gotominsk.wargaming.com
+
+
+	wargaming.net:
+		Connection refused:
+			- dba.wargaming.net
+
+		Invalid certificate:
+			- cdn-frm-eu.wargaming.net
+			- cdn-frm-sg.wargaming.net
+			- cdn-frm-us.wargaming.net
+			- content.wargaming.net
+			- dl-support.wargaming.net
+			- dl-wot-gc.wargaming.net
+			- dl-wows-gc.wargaming.net
+			- legal.kr.wargaming.net
+			- link-eu.wargaming.net
+			- link-na.wargaming.net
+			- link-ru.wargaming.net
+			- survey.wargaming.net
+			- wds-gc.wargaming.net
+-->
+
+<ruleset name="Wargaming">
+	<!-- wargaming.com -->
+	<target host="wargaming.com" />
+	<target host="www.wargaming.com" />
+	<target host="affiliate.wargaming.com" />
+	<target host="press.wargaming.com" />
+	<target host="wgforge.wargaming.com" />
+
+	<rule from="^http://press\.wargaming\.com/"
+		to="https://wargaming.assetbank-server.com/" />
+
+
+	<!-- wargaming.net -->
+	<target host="wargaming.net" />
+	<target host="www.wargaming.net" />
+	<target host="asia.wargaming.net" />
+	<target host="legal.asia.wargaming.net" />
+	<target host="bugs.wargaming.net" />
+	<target host="cds.wargaming.net" />
+	<target host="cm-ru.wargaming.net" />
+	<target host="cm-sg.wargaming.net" />
+	<target host="cm-us.wargaming.net" />
+	<target host="cpm.wargaming.net" />
+	<target host="ct.wargaming.net" />
+	<target host="developers.wargaming.net" />
+	<target host="eu.wargaming.net" />
+	<target host="legal.eu.wargaming.net" />
+	<target host="kr.wargaming.net" />
+	<target host="na.wargaming.net" />
+	<target host="legal.na.wargaming.net" />
+	<target host="red.wargaming.net" />
+	<target host="redir.wargaming.net" />
+	<target host="ru.wargaming.net" />
+	<target host="lc.wargaming.net" />
+	<target host="legal.ru.wargaming.net" />
+	<target host="redirect.wargaming.net" />
+	<target host="share.wargaming.net" />
+	<target host="sso.wargaming.net" />
+	<target host="st1.wargaming.net" />
+	<target host="st13.wargaming.net" />
+	<target host="st30.wargaming.net" />
+	<target host="st31.wargaming.net" />
+	<target host="surveys.wargaming.net" />
+	<target host="tgs2017eng.wargaming.net" />
+	<target host="tgs2017jp.wargaming.net" />
+	<target host="vitrina.wargaming.net" />
+	<target host="wgdg.wargaming.net" />
+	<target host="wgie.wargaming.net" />
+	<target host="wgsh-wotru.wargaming.net" />
+	<target host="wgsh-wotus.wargaming.net" />
+	<target host="wiki.wargaming.net" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Warner_Bros.com.xml b/src/chrome/content/rules/Warner_Bros.com.xml
index 3839c41c39c8..0d0eb70b23cf 100644
--- a/src/chrome/content/rules/Warner_Bros.com.xml
+++ b/src/chrome/content/rules/Warner_Bros.com.xml
@@ -5,7 +5,6 @@ Fetch error: http://registration.warnerbros.com/ => https://registration.warnerb
 
 	Other Warner Bros rulesets:
 
-		- Batman_Arkham_Knight.com.xml
 		- Community.wbgames.com.xml
 		- Shadow_of_Mordor.com.xml
 		- WB_Play.com.xml
@@ -21,7 +20,7 @@ Fetch error: http://registration.warnerbros.com/ => https://registration.warnerb
 	² Redirects to http
 
 -->
-<ruleset name="Warner Bros.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Warner Bros.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Warwick-Castle.xml b/src/chrome/content/rules/Warwick-Castle.xml
index f92ac576ea73..6014d33f2dc4 100644
--- a/src/chrome/content/rules/Warwick-Castle.xml
+++ b/src/chrome/content/rules/Warwick-Castle.xml
@@ -5,7 +5,7 @@ Fetch error: http://warwick-castle.com/ => https://warwick-castle.com/: (28, 'Co
 
 	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
 -->
-<ruleset name="Warwick Castle" default_off='failed ruleset test'>
+<ruleset name="Warwick Castle" default_off="failed ruleset test">
 	<target host="warwick-castle.com" />
 	<target host="secure.warwick-castle.com" />
 	<target host="www.warwick-castle.com" />
diff --git a/src/chrome/content/rules/Warzone2100.xml b/src/chrome/content/rules/Warzone2100.xml
deleted file mode 100644
index b72014a1e029..000000000000
--- a/src/chrome/content/rules/Warzone2100.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.wz2100.net/ => https://www.wz2100.net/: (60, 'SSL certificate problem: self signed certificate')
-
-	Warzone2100
-
-
-	Nonfunctional hosts in *wz2100.net:
-
-		- addons *
-		- developer *
-
-	* Shows forums.wz2100.net
-
-
-	Problematic hosts in *wz2100.net:
-
-		- forums *
-
-	* Mismatched
-
-
-	Insecure cookies are set for these domains:
-
-		- .wz2100.net
-
--->
-<ruleset name="Wz2100.net (partial)" default_off='failed ruleset test'>
-
-	<target host="wz2100.net" />
-	<!--target host="forums.wz2100.net" /-->
-	<target host="www.wz2100.net" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.wz2100\.net$" name="^wz2100_forums2_(?:k|sid|u)$" /-->
-
-  <securecookie host="^(?:.*\.)?wz2100\.net$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wash_Post.com.xml b/src/chrome/content/rules/Wash_Post.com.xml
index ba736da22e03..3f77835bbefe 100644
--- a/src/chrome/content/rules/Wash_Post.com.xml
+++ b/src/chrome/content/rules/Wash_Post.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://media.washpost.com/ => https://media.washpost.com/: (28, 'Co
 	^washpost.com doesn't exist
 
 -->
-<ruleset name="Wash Post.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Wash Post.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Washington-Post-Company.xml b/src/chrome/content/rules/Washington-Post-Company.xml
index fd155691546a..1cf8d14bafa0 100644
--- a/src/chrome/content/rules/Washington-Post-Company.xml
+++ b/src/chrome/content/rules/Washington-Post-Company.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://wordpressmultisite.washingtonpost.com/ => https://wordpressmultisite.washingtonpost.com/: (60, 'SSL certificate problem: certificate has expired')
+
 	For rules causing false/broken MCB, see washingtonpost.com-falsemixed.xml.
 
 	For problematic rules, see Washington-Post-Company-mismatches.xml.
@@ -8,8 +13,6 @@
 
 	Other Washington Post Company rulesets:
 
-		- PostPoints_Rewards.com.xml
-		- WaPo_Labs.com.xml
 		- Wash_Post.com.xml
 		- WP_digital.net.xml
 
@@ -141,7 +144,7 @@
 	<target host="ssl1.washingtonpost.com" />
 	<target host="subscribe.washingtonpost.com" />
 	<target host="syndication.washingtonpost.com" />
-	<target host="wordpressmultisite.washingtonpost.com" />
+	<!-- target host="wordpressmultisite.washingtonpost.com" /-->
 
 	<!--	Complications:
 				-->
@@ -182,14 +185,14 @@
 	<!--securecookie host="^www\.washingtonpost\.com$" name="^(JROUTE|JSESSIONID|backplane-channel|photoJSONAdConfig|wpni_poe)$" /-->
 
 	<!--securecookie host="." name="." /-->
-	
+
 	<!-- CORS -->
 	<exclusion pattern="^http://www\.washingtonpost\.com/wp-srv/graphics/templates/mobile/" />
 		<test url="http://www.washingtonpost.com/wp-srv/graphics/templates/mobile/assets/fonts/webtype/Franklin-ITC-Pro-Bold/e9e4c4dc-e548-4fef-9aa1-80c9cd0f02ce-3.woff" />
 	<!-- Fix #4891 -->
 	<exclusion pattern="^http://js\.washingtonpost\.com/video/static/js/posttv/vendor/jw/jwplayer\.flash\.swf" />
 		<test url="http://js.washingtonpost.com/video/static/js/posttv/vendor/jw/jwplayer.flash.swf" />
-	
+
 	<securecookie host="^\w" name=".+" />
 
 
diff --git a/src/chrome/content/rules/Washington_University_in_St_Louis.xml b/src/chrome/content/rules/Washington_University_in_St_Louis.xml
index b9da042c58d0..f4ca98576f96 100644
--- a/src/chrome/content/rules/Washington_University_in_St_Louis.xml
+++ b/src/chrome/content/rules/Washington_University_in_St_Louis.xml
@@ -320,7 +320,7 @@ Fetch error: http://www.insurance.wustl.edu/ => https://www.insurance.wustl.edu/
 	* Secured by us
 
 -->
-<ruleset name="WUStL.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="WUStL.edu (partial)" default_off="failed ruleset test">
 
 	<target host="wustl.edu" />
 	<target host="acadinfo.wustl.edu" />
diff --git a/src/chrome/content/rules/Water-Challenge.com.xml b/src/chrome/content/rules/Water-Challenge.com.xml
index 0a55bc180a33..e0c28329a096 100644
--- a/src/chrome/content/rules/Water-Challenge.com.xml
+++ b/src/chrome/content/rules/Water-Challenge.com.xml
@@ -14,4 +14,4 @@
 	<rule from="^http://(www\.)?water-challenge\.com/(image\.axd|Styles/|themes/)"
 		to="https://$1water-challenge.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Water.org.xml b/src/chrome/content/rules/Water.org.xml
index ea6562f1046a..4d39542f071b 100644
--- a/src/chrome/content/rules/Water.org.xml
+++ b/src/chrome/content/rules/Water.org.xml
@@ -10,7 +10,9 @@
 <ruleset name="Water.org (partial)">
 
 	<target host="water.org" />
-	<target host="*.water.org" />
+	<target host="www.water.org" />
+	<target host="contribute.water.org" />
+	<target host="give.water.org" />
 		<exclusion pattern="^http://(?:give\.|www\.)?water\.org/(?!favicon\.ico|media/|static/)" />
 
 
@@ -20,7 +22,6 @@
 	<rule from="^http://(?:www\.)?water\.org/"
 		to="https://water.org/" />
 
-	<rule from="^http://(contribut|giv)e\.water\.org/"
-		to="https://$1e.water.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Water_Marquee.xml b/src/chrome/content/rules/Water_Marquee.xml
index b7158463740c..dda9df8bb8cb 100644
--- a/src/chrome/content/rules/Water_Marquee.xml
+++ b/src/chrome/content/rules/Water_Marquee.xml
@@ -4,9 +4,9 @@
 	<target host="www.watermarquee.com" />
 
 
-	<securecookie host="^(?:.*\.)?watermarquee\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Watershed.xml b/src/chrome/content/rules/Watershed.xml
index c3a55782f13a..0e3401ac47b5 100644
--- a/src/chrome/content/rules/Watershed.xml
+++ b/src/chrome/content/rules/Watershed.xml
@@ -10,16 +10,16 @@ Fetch error: http://watershed.co.uk/ => https://www.watershed.co.uk/: Cycle dete
 		- ^	(redirects to http)
 
 -->
-<ruleset name="Watershed" default_off='failed ruleset test'>
+<ruleset name="Watershed" default_off="failed ruleset test">
 
 	<target host="watershed.co.uk" />
-	<target host="*.watershed.co.uk" />
+	<target host="www.watershed.co.uk" />
+	<target host="piwik.watershed.co.uk" />
 
 
 	<rule from="^http://(?:www\.)?watershed\.co\.uk/"
 		to="https://www.watershed.co.uk/" />
 
-	<rule from="^http://piwik\.watershed\.co\.uk/"
-		to="https://piwik.watershed.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Watkins.edu.xml b/src/chrome/content/rules/Watkins.edu.xml
index c436fca3a98b..3189e8b527c4 100644
--- a/src/chrome/content/rules/Watkins.edu.xml
+++ b/src/chrome/content/rules/Watkins.edu.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.watkins.edu/ => https://www.watkins.edu/: (51, "SSL: no
 	* Secured by us
 
 -->
-<ruleset name="Watkins.edu" default_off='failed ruleset test'>
+<ruleset name="Watkins.edu" default_off="failed ruleset test">
 
 	<target host="watkins.edu" />
 	<target host="www.watkins.edu" />
diff --git a/src/chrome/content/rules/Watson_Institute.org.xml b/src/chrome/content/rules/Watson_Institute.org.xml
index fc55e63493c6..c708c6e6636b 100644
--- a/src/chrome/content/rules/Watson_Institute.org.xml
+++ b/src/chrome/content/rules/Watson_Institute.org.xml
@@ -25,4 +25,4 @@
 	<rule from="^http://(?:www\.)?watsoninstitute\.org/"
 		to="https://watsoninstitute.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Watsons.com.hk.xml b/src/chrome/content/rules/Watsons.com.hk.xml
new file mode 100644
index 000000000000..7ea68c527c34
--- /dev/null
+++ b/src/chrome/content/rules/Watsons.com.hk.xml
@@ -0,0 +1,37 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- m.watsons.com.hk
+		- stagem.watsons.com.hk
+
+		Timeout was reached:
+		- sit.m.watsons.com.hk
+		- uat.watsons.com.hk
+		- uatm.watsons.com.hk
+
+		SSL connect error:
+		- prodm.watsons.com.hk
+
+		SSL peer certificate was not OK:
+		- game.watsons.com.hk
+
+		Incomplete certificate chain error:
+		- dev.watsons.com.hk
+		- preview.watsons.com.hk
+
+		4xx client error:
+		- qiakqr1.watsons.com.hk
+-->
+<ruleset name="Watsons.com.hk">
+	<target host="watsons.com.hk" />
+	<target host="www.watsons.com.hk" />
+	<target host="interactive.watsons.com.hk" />
+	<test url="http://interactive.watsons.com.hk/watsbagclawmachine" />
+	<target host="mcms.watsons.com.hk" />
+	<target host="mshare.watsons.com.hk" />
+	<target host="queue.watsons.com.hk" />
+	<target host="reg.watsons.com.hk" />
+	<target host="supplierportal.watsons.com.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wauland.de.xml b/src/chrome/content/rules/Wauland.de.xml
deleted file mode 100644
index 468d136ceddb..000000000000
--- a/src/chrome/content/rules/Wauland.de.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Wauland.de">
-	<target host="wauland.de" />
-	<target host="www.wauland.de" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wavpin.xml b/src/chrome/content/rules/Wavpin.xml
index 4f765200425d..dfdea6c2d7f9 100644
--- a/src/chrome/content/rules/Wavpin.xml
+++ b/src/chrome/content/rules/Wavpin.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.wavpin.com/ => https://www.wavpin.com/: (7, 'Failed to c
 	Mixed images from 3rd-party news websites.
 
 -->
-<ruleset name="Wavpin" default_off='failed ruleset test'>
+<ruleset name="Wavpin" default_off="failed ruleset test">
 
 	<target host="wavpin.com" />
 	<target host="www.wavpin.com" />
@@ -18,4 +18,4 @@ Fetch error: http://www.wavpin.com/ => https://www.wavpin.com/: (7, 'Failed to c
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Way2Allah.com.xml b/src/chrome/content/rules/Way2Allah.com.xml
new file mode 100644
index 000000000000..6ac18d139c5f
--- /dev/null
+++ b/src/chrome/content/rules/Way2Allah.com.xml
@@ -0,0 +1,14 @@
+<!--
+	401 Unauthorized
+		e3jaz.way2allah.com
+-->
+<ruleset name="Way2Allah.com" >
+	<target host="way2allah.com" />
+	<target host="www.way2allah.com" />
+	<target host="forums.way2allah.com" />
+	<target host="montage.way2allah.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Waymoot.org.xml b/src/chrome/content/rules/Waymoot.org.xml
index 3116514ecec6..4f82a9db7607 100644
--- a/src/chrome/content/rules/Waymoot.org.xml
+++ b/src/chrome/content/rules/Waymoot.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.waymoot.org/ => https://www.waymoot.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.waymoot.org'")
 
 -->
-<ruleset name="waymoot.org" default_off='failed ruleset test'>
+<ruleset name="waymoot.org" default_off="failed ruleset test">
 
 	<target host="waymoot.org" />
 	<target host="www.waymoot.org" />
diff --git a/src/chrome/content/rules/Wayneashworthart.com.xml b/src/chrome/content/rules/Wayneashworthart.com.xml
new file mode 100644
index 000000000000..1c45cdbd2567
--- /dev/null
+++ b/src/chrome/content/rules/Wayneashworthart.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wayneashworthart.com">
+    <target host="wayneashworthart.com" />
+    <target host="www.wayneashworthart.com" />
+
+    <securecookie host=".+" name=".+" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wayskinny.com.xml b/src/chrome/content/rules/Wayskinny.com.xml
deleted file mode 100644
index 12e35f385a41..000000000000
--- a/src/chrome/content/rules/Wayskinny.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- s3.amazonaws.com/conceptweb/vaperxs/
-
--->
-<ruleset name="wayskinny.com">
-
-	<target host="wayskinny.com" />
-	<target host="www.wayskinny.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^\.?wayskinny\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wccftech.com.xml b/src/chrome/content/rules/Wccftech.com.xml
new file mode 100644
index 000000000000..424a7caaec0f
--- /dev/null
+++ b/src/chrome/content/rules/Wccftech.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wccftech.com">
+	<target host="wccftech.com" />
+	<target host="www.wccftech.com" />
+	<target host="cdn.wccftech.com" />
+	<target host="deals.wccftech.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wdr.de.xml b/src/chrome/content/rules/Wdr.de.xml
index 170e4b0d3455..4f281c719889 100644
--- a/src/chrome/content/rules/Wdr.de.xml
+++ b/src/chrome/content/rules/Wdr.de.xml
@@ -1,6 +1,8 @@
 <!--
-	No valid Cert for:
+	Connection closed:
+		- www.wintersport.sportschau.de
 
+	No valid Cert for:
 		- adaptiv.wdr.de
 		- podcast.wdr.de
 		- print.wdr.de
@@ -11,22 +13,38 @@
 		- www.lindenstrasse.de
 		- www.wdrmaus.de
 		- ^wdr.de
+		- barcelona.sportschau.de
+		- (www.)?berlin.sportschau.de
+		- (www.)?bundesligaplaner.sportschau.de
+		- clipassets-[i|p].sportschau.de
+		- clipsapi.sportschau.de
+		- livestreamapi.sportschau.de
+		- m.sportschau.de
+		- (www.)multicam.sportschau.de
+		- www.multimedia.sportschau.de
+		- www.rio.sportschau.de
+		- (cdni.|cdnv.)?secondscreen.sportschau.de
+		- sportsfreund.sportschau.de
+		- ssltest.sportschau.de
+		- (livemain|vod)?-i.umsp.sportschau.de
+		- (www.)?wmplaner.sportschau.de
 
 	certificatechain broken on:
 		- freundeskreis.einslive.de
 
-	Non-resolvable host:
-		- static.freundeskreis.einslive.de
-
 	Redirect to plain http on:
 		- www.einsfestival.de
 		- wdrmaus.de
 
+	Refused:
+		- (www.)?tourtipp.sportschau.de
+
 	Time-out on:
 		- dom360.wdr.de
 		- klangkiste.wdr.de
 		- lindenstrasse.de
 		- neuneinhalb.wdr.de
+		- (www.)?europlaner.sportschau.de
 -->
 <ruleset name="Westdeutscher Rundfunk">
 
@@ -71,25 +89,38 @@
 	<target host="presse.wdr.de" />
 	<target host="reportage.wdr.de" />
 	<target host="superkuehe.wdr.de" />
-	
+
 	<target host="www.einslive.de" />
 	<target host="www.funkhauseuropa.de" />
-	
+
 	<target host="planet-wissen.de" />
 	<target host="www.planet-wissen.de" />
-	
+
+	<target host="sportschau.de" />
 	<target host="www.sportschau.de" />
-	<target host="www1.sportschau.de" />
+	<target host="ecs.sportschau.de" />
+	<target host="fifafrauenwm.sportschau.de" />
+	<target host="laem.sportschau.de" />
+	<target host="lawm.sportschau.de" />
+	<target host="multimedia.sportschau.de" />
+	<target host="orig.sportschau.de" />
+	<target host="recherche.sportschau.de" />
 	<target host="rio.sportschau.de" />
-	
+	<target host="spielerzeugnis.sportschau.de" />
+	<target host="ticker.sportschau.de" />
+	<target host="tokio.sportschau.de" />
+	<target host="uefafrauenem.sportschau.de" />
+	<target host="wa.sportschau.de" />
+	<target host="wintersport.sportschau.de" />
+	<target host="www1.sportschau.de" />
+
 	<target host="www.wdr2.de" />
 	<target host="www.wdr3.de" />
 	<target host="www.wdr4.de" />
 	<target host="www.wdr5.de" />
-	
+
 	<target host="www.wdrmaus.de" />
-	
-	<rule from="^http:"
-		to="https:" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/We-Heart-It.xml b/src/chrome/content/rules/We-Heart-It.xml
deleted file mode 100644
index cf474d01abc9..000000000000
--- a/src/chrome/content/rules/We-Heart-It.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://weheartit.com/ => https://weheartit.com/: Too many redirects while fetching 'https://weheartit.com/'
-Fetch error: http://m.weheartit.com/ => https://m.weheartit.com/: Too many redirects while fetching 'https://m.weheartit.com/'
-Fetch error: http://www.weheartit.com/ => https://www.weheartit.com/: Too many redirects while fetching 'https://www.weheartit.com/'
-
-	Other We Heart It rulesets:
-
-		- WHI_CDN.com.xml
-
-
-	CDN buckets:
-
-		- cs95.wac.edgecastcdn.net/...
-			- assets.whicdn.com
-			- data.whicdn.com
-			- stats.whicdn.com
-
-		- assets & data show AWS 403 message
-
-
-	Mixed content:
-
-		- Images from data2 *
-
-	* Secured by us
-
--->
-<ruleset name="We Heart It.com" default_off='failed ruleset test'>
-
-	<target host="weheartit.com" />
-	<target host="m.weheartit.com" />
-	<target host="www.weheartit.com" />
-
-
-	<securecookie host="^\.?weheartit\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WeChat.xml b/src/chrome/content/rules/WeChat.xml
index 2d7cc5d84ab9..897e462feb8f 100644
--- a/src/chrome/content/rules/WeChat.xml
+++ b/src/chrome/content/rules/WeChat.xml
@@ -7,7 +7,7 @@
 			 - file2.wechat.com
 
 		Secure connection redirects to plaintext:
-			 - 
+			 -
 -->
 <ruleset name="WeChat (partial)">
 	<target host="wechat.com" />
@@ -27,6 +27,6 @@
 	<target host="webpush2.wechat.com" />
 
 	<securecookie host="^(www\.|admin\.|login\.)?wechat\.com$" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WeHeartIt.com.xml b/src/chrome/content/rules/WeHeartIt.com.xml
new file mode 100644
index 000000000000..6320356b7ea5
--- /dev/null
+++ b/src/chrome/content/rules/WeHeartIt.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Other WeHeartIt.com related rulesets:
+		+ WHIcdn.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- help.weheartit.com
+-->
+<ruleset name="WeHeartIt.com">
+	<target host="weheartit.com" />
+	<target host="www.weheartit.com" />
+	<target host="m.weheartit.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeMonIt.de.xml b/src/chrome/content/rules/WeMonIt.de.xml
deleted file mode 100644
index b3898fcb1bb2..000000000000
--- a/src/chrome/content/rules/WeMonIt.de.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Insecure cookies are set for these domains:
-
-		- wemonit.de
-		- www.wemonit.de
-
--->
-<ruleset name="WeMonIt.de">
-
-	<target host="wemonit.de" />
-	<target host="www.wemonit.de" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?wemonit\.de$" name="^_wemonit_session$" /-->
-
-	<securecookie host="^(?:www\.)?wemonit\.de$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WePay.xml b/src/chrome/content/rules/WePay.xml
index af821ec6704c..9aaaff46ee3c 100644
--- a/src/chrome/content/rules/WePay.xml
+++ b/src/chrome/content/rules/WePay.xml
@@ -12,13 +12,16 @@
 <ruleset name="WePay (partial)">
 
 	<target host="wepay.com" />
-	<target host="*.wepay.com" />
+	<target host="stage.wepay.com" />
+	<target host="static.wepay.com" />
+	<target host="support.wepay.com" />
+	<target host="t.wepay.com" />
+	<target host="www.wepay.com" />
 
 
 	<securecookie host="^.+\.wepay\.com$" name=".+" />
 
 
-	<rule from="^http://((?:stage|static|support|t|www)\.)?wepay\.com/"
-		to="https://$1wepay.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WeRoSys.de.xml b/src/chrome/content/rules/WeRoSys.de.xml
deleted file mode 100644
index 49f9bd2743be..000000000000
--- a/src/chrome/content/rules/WeRoSys.de.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	(www.)?werosys.de: Refused
-
--->
-<ruleset name="WeRoSys.de (partial)">
-
-	<target host="piwik.werosys.de" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WeTransfer.xml b/src/chrome/content/rules/WeTransfer.xml
index 1c5acfd9c1c3..74cb04d2d12f 100644
--- a/src/chrome/content/rules/WeTransfer.xml
+++ b/src/chrome/content/rules/WeTransfer.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WeUseCoins.xml b/src/chrome/content/rules/WeUseCoins.xml
index 3ccd48f06e25..d4c75b944017 100644
--- a/src/chrome/content/rules/WeUseCoins.xml
+++ b/src/chrome/content/rules/WeUseCoins.xml
@@ -12,7 +12,7 @@
 
 	<!--	CloudFlare cookies:
 					-->
-	<!--securecookie host="^\.weusecoins\.com$" name="^(__cfuid|cf_clearance)$" /-->
+	<!--securecookie host="^\.weusecoins\.com$" name="^cf_clearance$" /-->
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/We_Are_Wizards.io.xml b/src/chrome/content/rules/We_Are_Wizards.io.xml
index e94ab43fbb5c..f8310b6fba57 100644
--- a/src/chrome/content/rules/We_Are_Wizards.io.xml
+++ b/src/chrome/content/rules/We_Are_Wizards.io.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.wearewizards.io/ => https://www.wearewizards.io/: (51, "
 		- www.blog.wearewizards.io
 
 -->
-<ruleset name="We Are Wizards.io" default_off='failed ruleset test'>
+<ruleset name="We Are Wizards.io" default_off="failed ruleset test">
 
 	<target host="wearewizards.io" />
 	<target host="blog.wearewizards.io" />
diff --git a/src/chrome/content/rules/Weather-Underground.xml b/src/chrome/content/rules/Weather-Underground.xml
deleted file mode 100644
index 706b8be509b3..000000000000
--- a/src/chrome/content/rules/Weather-Underground.xml
+++ /dev/null
@@ -1,49 +0,0 @@
-<!--
-	CDN buckets:
-
-		- icons-ak.wxug.com.edgesuite.net/...
-			- icons.wxug.com
-			- icons-ak.wxug.com
-
-
-	Nonfunctional domains:
-
-		- banners.wunderground.com	(times out)
-		- weathersticker.wunderground.com
-		- wublast.wunderground.com	
-
--->
-<ruleset name="Weather Underground (buggy)" default_off="breaks storm reports">
-
-	<target host="wunderground.com" />
-	<target host="*.wunderground.com" />
-	<target host="icons.wxug.com" />
-	<target host="icons-ak.wxug.com" />
-
-
-		<!--
-			These paths 302s to http:
-
-				- $
-				- autoasp/
-				- autobrand/
-				- blog$
-				- blog/
-				- data/wximagenew/
-				- graphics/
-				- hurricane/\d{5}/\w+.jpg$
-				- i/
-				- metgraphics/
-
-			These paths don't:
-
-				- css/
-				- i/w/
-				- i/wu/
-				- login.asp
-				- members/signup.asp
-					-->
-	<rule from="^http://(?:icons(?:-ak)?\.|www\.)?w(?:underground|xug)\.com/(css/|i/wu?/|(?:login|members/signup)\.asp(?:$|\?))"
-		to="https://www.wunderground.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Weather.com.xml b/src/chrome/content/rules/Weather.com.xml
index c7b44e06982b..6ddbd32fc696 100644
--- a/src/chrome/content/rules/Weather.com.xml
+++ b/src/chrome/content/rules/Weather.com.xml
@@ -1,39 +1,17 @@
-<!--
-	Problematic subdomains:
-
-		- ^ ¹
-		- forecastfactor ²
-		- press ²
-		- preview ²
-		- www ²
-
-	¹ Refused
-	² Akamai
-
-
-	Fully covered subdomains:
-
-		- careers
-		- profile
-
-
-	Mixed content:
-
-		- Images on www from s.w-x.co *
-
-		- favicons, on:
-
-			- careers from $self *
-			- feedback from www *
-
-	* Secured by us
-
--->
 <ruleset name="Weather.com (partial)">
 
-	<target host="profile.weather.com" />
+	<target host="weather.com" />
+	<target host="www.weather.com" />
 	<target host="careers.weather.com" />
-	<rule from="^http:"
-		to="https:" />
+	<target host="feedback.weather.com" />
+	<target host="forecastfactor.weather.com" />
+	<target host="press.weather.com" />
+	<target host="preview.weather.com" />
+	<target host="profile.weather.com" />
+	<target host="redirector.weather.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"	to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Weather.gov.xml b/src/chrome/content/rules/Weather.gov.xml
index 9aca06fd30a4..89755d323380 100644
--- a/src/chrome/content/rules/Weather.gov.xml
+++ b/src/chrome/content/rules/Weather.gov.xml
@@ -61,7 +61,7 @@ Non-2xx HTTP code: http://nws.weather.gov/nthmp/ (200) => https://nws.weather.go
 		- ocwws.weather.gov
 
 -->
-<ruleset name="Weather.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="Weather.gov (partial)" default_off="failed ruleset test">
 
 	<!--target host="alerts.weather.gov" /-->
 	<target host="nwschat.weather.gov" />
diff --git a/src/chrome/content/rules/Weatherzone.xml b/src/chrome/content/rules/Weatherzone.xml
index de6dcf778eaa..943c6fd0ab98 100644
--- a/src/chrome/content/rules/Weatherzone.xml
+++ b/src/chrome/content/rules/Weatherzone.xml
@@ -19,7 +19,8 @@
 <ruleset name="Weatherzone (partial)">
 
 	<target host="weatherzone.com.au" />
-	<target host="*.weatherzone.com.au" />
+	<target host="www.weatherzone.com.au" />
+	<target host="resources.weatherzone.com.au" />
 		<!--	wz/images/ads/ & wz/images/openx don't
 			follow the pattern described below.	-->
 		<exclusion pattern="^http://resources\.weatherzone\.com\.au/(?:images/widgets/graphics|wz/images/(?:ads|openx|widgets/graphics))/" />
diff --git a/src/chrome/content/rules/Web-Hosting-Talk.xml b/src/chrome/content/rules/Web-Hosting-Talk.xml
index c9d01b67b026..7a1c769541c1 100644
--- a/src/chrome/content/rules/Web-Hosting-Talk.xml
+++ b/src/chrome/content/rules/Web-Hosting-Talk.xml
@@ -19,7 +19,7 @@
 	<target host="webhostingtalk.com" />
 	<target host="www.webhostingtalk.com" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 		<!--exclusion pattern="^http://(helpdesk|research)\.webhostingtalk\.com/" /-->
 
 
diff --git a/src/chrome/content/rules/Web-Reservations-International.xml b/src/chrome/content/rules/Web-Reservations-International.xml
index 70fd3bf0b34a..c98d0e9749d6 100644
--- a/src/chrome/content/rules/Web-Reservations-International.xml
+++ b/src/chrome/content/rules/Web-Reservations-International.xml
@@ -21,9 +21,18 @@
 
 	<target host="secure.bookhostels.com" />
 	<target host="images.hostels.com" />
-	<target host="*.hostelworld.com" />
-	<target host="*.hwstatic.com" />
-	<target host="*.webresint.com" />
+	<target host="images.hostelworld.com" />
+	<target host="vsecure.hostelworld.com" />
+	<target host="www.hostelworld.com" />
+	<target host="ccd.hwstatic.com" />
+	<target host="scd.hwstatic.com" />
+	<target host="shccd.hwstatic.com" />
+	<target host="icd.hwstatic.com" />
+	<target host="ihccd.hwstatic.com" />
+	<target host="ucd.hwstatic.com" />
+	<target host="images.webresint.com" />
+	<target host="static.webresint.com" />
+	<target host="secure.webresint.com" />
 
 
 	<securecookie host="^secure\.bookhostels\.com$" name=".+" />
@@ -31,8 +40,6 @@
 	<securecookie host="^secure\.webresint\.com$" name=".+" />
 
 
-	<rule from="^http://secure\.bookhostels\.com/"
-		to="https://secure.bookhostels.com/" />
 
 	<!--	- images.hostels.com cert: static.webresint.com
 		- images.hostelworld.com times out
@@ -56,10 +63,7 @@
 	<rule from="^http://shccd\.hwstatic\.com/"
 		to="https://ihccd.hwstatic.com/" />
 
-	<rule from="^http://(icd|ihccd|ucd)\.hwstatic\.com/"
-		to="https://$1.hwstatic.com/" />
 
-	<rule from="^http://secure\.webresint\.com/"
-		to="https://secure.webresint.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Web-Stat.net.xml b/src/chrome/content/rules/Web-Stat.net.xml
index 303d53b122d3..451180f25936 100644
--- a/src/chrome/content/rules/Web-Stat.net.xml
+++ b/src/chrome/content/rules/Web-Stat.net.xml
@@ -19,7 +19,7 @@
 <ruleset name="Web-Stat.net">
 
 	<target host="web-stat.net" />
-	<target host="*.web-stat.net" />
+	<target host="www.web-stat.net" />
 
 
 	<securecookie host="^\.web-stat\.net$" name=".+" />
@@ -28,4 +28,4 @@
 	<rule from="^http://(?:www\.)?web-stat\.net/"
 		to="https://www.web-stat.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web-hosting.com.xml b/src/chrome/content/rules/Web-hosting.com.xml
index a886ddf04c36..9b2a8cf4182b 100644
--- a/src/chrome/content/rules/Web-hosting.com.xml
+++ b/src/chrome/content/rules/Web-hosting.com.xml
@@ -40,7 +40,7 @@ Fetch error: http://www.web-hosting.com/ => https://www.web-hosting.com/: (7, 'F
 	* Secured by us
 
 -->
-<ruleset name="web-hosting.com (partial)" default_off='failed ruleset test'>
+<ruleset name="web-hosting.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Web-registry.com.xml b/src/chrome/content/rules/Web-registry.com.xml
index 8f81ddbcd0bd..211fb93bb33f 100644
--- a/src/chrome/content/rules/Web-registry.com.xml
+++ b/src/chrome/content/rules/Web-registry.com.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://web-registry.com/ => https://web-registry.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.web-registry.com/ => https://web-registry.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="web-registry.com" default_off='failed ruleset test'>
+<ruleset name="web-registry.com" default_off="failed ruleset test">
 
 	<target host="web-registry.com"/>
 	<target host="www.web-registry.com"/>
diff --git a/src/chrome/content/rules/Web-servers.com.au.xml b/src/chrome/content/rules/Web-servers.com.au.xml
index 37de292aa9a2..de27800e006d 100644
--- a/src/chrome/content/rules/Web-servers.com.au.xml
+++ b/src/chrome/content/rules/Web-servers.com.au.xml
@@ -3,10 +3,10 @@
 	<target host="*.web-servers.com.au" />
 
 
-	<securecookie host=".*\.web-servers\.com\.au$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://s(\d+)\.web-servers\.com\.au/"
 		to="https://s$1.web-servers.com.au/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web.com.xml b/src/chrome/content/rules/Web.com.xml
index b3e61cc441ae..810e039136e4 100644
--- a/src/chrome/content/rules/Web.com.xml
+++ b/src/chrome/content/rules/Web.com.xml
@@ -10,13 +10,10 @@
 	Other Web.com rulesets:
 
 		- Cactus_Complete_Commerce.xml
-		- LogoYes.xml
 		- Mcssl.com.xml
 		- Myregisteredsite.com.xml
-		- Renovation_Experts.xml
 		- Securepurchaseserver.com.xml
 		- Solid_Cactus.xml
-		- Star_Product_Reviews.xml
 
 
 	ne.edgecastcdn.net/00016B/
@@ -26,6 +23,7 @@
 	Nonfunctional subdomains:
 
 		- ir	(times out)
+    - wpc.016b.edgecastcdn.net
 
 
 	^: cert only matches www
@@ -47,10 +45,11 @@
 -->
 <ruleset name="Web.com (partial)">
 
-	<target host="wpc.016b.edgecastcdn.net" />
+	<!-- <target host="wpc.016b.edgecastcdn.net" /> -->
 	<target host="web.com" />
-	<target host="*.web.com" />
-
+	<target host="www.web.com" />
+	<target host="support.web.com" />
+	<target host="webmail.web.com" />
 
 	<!--	Secured by server:
 					-->
@@ -63,15 +62,10 @@
 
 	<securecookie host="^(?:.*\.)?web\.com$" name=".+" />
 
-
 	<!--	Cert only matches www.	-->
 	<rule from="^http://(?:www\.)?web\.com/"
 		to="https://www.web.com/" />
 
-	<rule from="^http://(support|webmail)\.web\.com/"
-		to="https://$1.web.com/" />
-
-	<rule from="^http://wpc\.016b\.edgecastcdn\.net/00016B/"
-		to="https://ne1.wpc.edgecastcdn.net/00016B/" />
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web4all.fr.xml b/src/chrome/content/rules/Web4all.fr.xml
index 33af3243cbd5..0de484ac3e48 100644
--- a/src/chrome/content/rules/Web4all.fr.xml
+++ b/src/chrome/content/rules/Web4all.fr.xml
@@ -1,7 +1,19 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://faq.web4all.fr/ => https://faq.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://forums.web4all.fr/ => https://forums.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://guides.web4all.fr/ => https://guides.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://manager.web4all.fr/ => https://manager.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://pma.web4all.fr/ => https://pma.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://push.web4all.fr/ => https://push.web4all.fr/: (51, "SSL: no alternative certificate subject name matches target host name 'push.web4all.fr'")
+Fetch error: http://stats.web4all.fr/ => https://stats.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://travaux.web4all.fr/ => https://travaux.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+Fetch error: http://webmail.web4all.fr/ => https://webmail.web4all.fr/: (35, 'error:14094458:SSL routines:ssl3_read_bytes:tlsv1 unrecognized name')
+
 	Other Web4all rulesets:
 
-		- W4a.fr.xml
 
 
 	Insecure cookies are set for these domains and hosts:
@@ -31,15 +43,15 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="web4all.fr" />
-	<target host="faq.web4all.fr" />
-	<target host="forums.web4all.fr" />
-	<target host="guides.web4all.fr" />
-	<target host="manager.web4all.fr" />
-	<target host="pma.web4all.fr" />
-	<target host="push.web4all.fr" />
-	<target host="stats.web4all.fr" />
-	<target host="travaux.web4all.fr" />
-	<target host="webmail.web4all.fr" />
+	<!-- target host="faq.web4all.fr" /-->
+	<!-- target host="forums.web4all.fr" /-->
+	<!-- target host="guides.web4all.fr" /-->
+	<!-- target host="manager.web4all.fr" /-->
+	<!-- target host="pma.web4all.fr" /-->
+	<!-- target host="push.web4all.fr" /-->
+	<!-- target host="stats.web4all.fr" /-->
+	<!-- target host="travaux.web4all.fr" /-->
+	<!-- target host="webmail.web4all.fr" /-->
 	<target host="www.web4all.fr" />
 
 
diff --git a/src/chrome/content/rules/WebAssembly.studio.xml b/src/chrome/content/rules/WebAssembly.studio.xml
new file mode 100644
index 000000000000..047b05b85995
--- /dev/null
+++ b/src/chrome/content/rules/WebAssembly.studio.xml
@@ -0,0 +1,6 @@
+<ruleset name="WebAssembly.studio">
+	<target host="webassembly.studio" />
+	<target host="www.webassembly.studio" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebAssign.xml b/src/chrome/content/rules/WebAssign.xml
index d4106f1d15a5..1709a6432200 100644
--- a/src/chrome/content/rules/WebAssign.xml
+++ b/src/chrome/content/rules/WebAssign.xml
@@ -1,7 +1,7 @@
 <!--
 	Connection refused:
 	- waug.webassign.com
-	
+
 	Invalid certificate:
 	- feedback.webassign.net
 -->
diff --git a/src/chrome/content/rules/WebChuck_hosting.com.xml b/src/chrome/content/rules/WebChuck_hosting.com.xml
index b0717263a577..6778e0c5b81a 100644
--- a/src/chrome/content/rules/WebChuck_hosting.com.xml
+++ b/src/chrome/content/rules/WebChuck_hosting.com.xml
@@ -9,13 +9,12 @@
 -->
 <ruleset name="WebChuck hosting.com (partial)" default_off="expired, self-signed">
 
-	<target host="*.webchuckhosting.com" />
+	<target host="apps.webchuckhosting.com" />
 
 
 	<securecookie host="^\.apps\.webchuckhosting\.com$" name=".+" />
 
 
-	<rule from="^http://apps\.webchuckhosting\.com/"
-		to="https://apps.webchuckhosting.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebCitz.xml b/src/chrome/content/rules/WebCitz.xml
index 338ee34b7d3a..e8f32e557ce4 100644
--- a/src/chrome/content/rules/WebCitz.xml
+++ b/src/chrome/content/rules/WebCitz.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebD.AM.xml b/src/chrome/content/rules/WebD.AM.xml
deleted file mode 100644
index 9240d93a4277..000000000000
--- a/src/chrome/content/rules/WebD.AM.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d10w0pvim185fa.cloudfront.net
-
-			- static[1-4].webd.am
-
-
-	(www.)? doesn't exist.
-
--->
-<ruleset name="WebD.AM">
-
-	<target host="*.webd.am" />
-
-
-	<rule from="^http://static[1-4]\.webd\.am/"
-		to="https://d10w0pvim185fa.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WebDAM_DB.com.xml b/src/chrome/content/rules/WebDAM_DB.com.xml
index 1dc70b513ff8..33aac92f54fb 100644
--- a/src/chrome/content/rules/WebDAM_DB.com.xml
+++ b/src/chrome/content/rules/WebDAM_DB.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://webdam.com/ => https://webdam.com/: (35, 'error:140770FC:SSL
 		- secure
 
 -->
-<ruleset name="WebDAM DB.com" default_off='failed ruleset test'>
+<ruleset name="WebDAM DB.com" default_off="failed ruleset test">
 
 	<target host="webdam.com" />
 	<target host="secure.webdam.com" />
diff --git a/src/chrome/content/rules/WebDevStudios.xml b/src/chrome/content/rules/WebDevStudios.xml
index c81b17849a52..b60c79c02611 100644
--- a/src/chrome/content/rules/WebDevStudios.xml
+++ b/src/chrome/content/rules/WebDevStudios.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.webdevstudios.com/ => https://www.webdevstudios.com/: To
 		 - www.webdevstudios.com
 
 -->
-<ruleset name="WebDevStudios.com" default_off='failed ruleset test'>
+<ruleset name="WebDevStudios.com" default_off="failed ruleset test">
 
 	<target host="webdevstudios.com" />
 	<target host="www.webdevstudios.com" />
diff --git a/src/chrome/content/rules/WebDiplomacy.net.xml b/src/chrome/content/rules/WebDiplomacy.net.xml
new file mode 100644
index 000000000000..d7f43017923c
--- /dev/null
+++ b/src/chrome/content/rules/WebDiplomacy.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Mismatched:
+		- forum
+
+	SSL error:
+		- tournaments
+-->
+<ruleset name="WebDiplomacy.net">
+	<target host="webdiplomacy.net" />
+	<target host="www.webdiplomacy.net" />
+	<target host="mysql.webdiplomacy.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebEx-Communications.xml b/src/chrome/content/rules/WebEx-Communications.xml
deleted file mode 100644
index afde2d987ebb..000000000000
--- a/src/chrome/content/rules/WebEx-Communications.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="WebEx Communications">
-
-	<target host="*.webex.com" />
-		<!--	Neither /web... nor www exist.	-->
-		<exclusion pattern="^http://www\." />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^client_domain\.webx\.com$" name="^(JSESSIONID|nebulaht-e-tc)$" /-->
-
-	<securecookie host="^.*\.webex\.com$" name=".+" />
-
-
-	<!--	Clients have unique subdomains, e.g.
-			ebscotraining.webex.com		-->
-	<rule from="^http://(\w+\.)?webex\.com/"
-		to="https://$1webex.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WebGo.xml b/src/chrome/content/rules/WebGo.xml
index bd7ee3e6a709..2c2cdbd18691 100644
--- a/src/chrome/content/rules/WebGo.xml
+++ b/src/chrome/content/rules/WebGo.xml
@@ -19,14 +19,14 @@ Fetch error: http://www.website.webgo.de/ => https://www.website.webgo.de/: (6,
 		- support
 
 -->
-<ruleset name="WebGo.de" default_off='failed ruleset test'>
+<ruleset name="WebGo.de" default_off="failed ruleset test">
 	<target host="www.webgo.de" />
 	<target host="website.webgo.de" />
 	<target host="www.website.webgo.de" />
-	<target host="login.webgo.de" />	
+	<target host="login.webgo.de" />
 	<target host="support.webgo.de" />
 	<!-- <target host="www.support.webgo.de" /> -->
-	
+
 	<securecookie host="^(www\.|website\.|www\.website|login\.|support\.)?webgo\.de$" name=".+" />
 
     <rule from="^http:"
diff --git a/src/chrome/content/rules/WebGo24.de.xml b/src/chrome/content/rules/WebGo24.de.xml
index f5ba4dac7d8d..bad8abde3dc5 100644
--- a/src/chrome/content/rules/WebGo24.de.xml
+++ b/src/chrome/content/rules/WebGo24.de.xml
@@ -23,7 +23,7 @@ Fetch error: http://login.webgo24.de/ => https://login.webgo24.de/: (51, "SSL: n
 	² Unsecurable
 
 -->
-<ruleset name="WebGo24.de" default_off='failed ruleset test'>
+<ruleset name="WebGo24.de" default_off="failed ruleset test">
 
 	<target host="webgo24.de" />
 	<target host="www.webgo24.de" />
@@ -36,7 +36,7 @@ Fetch error: http://login.webgo24.de/ => https://login.webgo24.de/: (51, "SSL: n
 		Server sets Secure for:
 					-->
 	<!--securecookie host="^login\.webgo24\.de$" name=".+" /-->
-	
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WebINK.com.xml b/src/chrome/content/rules/WebINK.com.xml
index 6efe24a1285a..d9ceed94c9ca 100644
--- a/src/chrome/content/rules/WebINK.com.xml
+++ b/src/chrome/content/rules/WebINK.com.xml
@@ -41,7 +41,7 @@ Fetch error: http://www.webink.com/ => https://www.webink.com/: (51, "SSL: no al
 	* Secured by us
 
 -->
-<ruleset name="WebINK.com (partial)" default_off='failed ruleset test'>
+<ruleset name="WebINK.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WebKite.com.xml b/src/chrome/content/rules/WebKite.com.xml
index c4ea23709ea5..74e47b6e1135 100644
--- a/src/chrome/content/rules/WebKite.com.xml
+++ b/src/chrome/content/rules/WebKite.com.xml
@@ -15,13 +15,18 @@
 <ruleset name="WebKite.com (partial)">
 
 	<target host="webkite.com" />
-	<target host="*.webkite.com" />
+	<target host="auth.webkite.com" />
+	<target host="errors.webkite.com" />
+	<target host="fb.webkite.com" />
+	<target host="iago.webkite.com" />
+	<target host="jafar.webkite.com" />
+	<target host="results.webkite.com" />
+	<target host="www.webkite.com" />
 
 
 	<securecookie host="^\.admin\.webkite\.com$" name=".+" />
 
 
-	<rule from="^http://((?:admin|auth|errors|fb|iago|jafar|results|www)\.)?webkite\.com/"
-		to="https://$1webkite.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebMD.xml b/src/chrome/content/rules/WebMD.xml
index be10b1039703..d63b40c87d1d 100644
--- a/src/chrome/content/rules/WebMD.xml
+++ b/src/chrome/content/rules/WebMD.xml
@@ -1,58 +1,65 @@
 <!--
 	Other WebMD rulesets:
-
 		- MedicineNet.com.xml
 		- WebMD_Health.xml
 		- WebMD_Health_Services.xml
 
+	Non-functional hosts
+		Timeout was reached:
+		- www.m.webmd.com
 
-	Nonfunctional subdomains:
-
-		- (www.)	(some [all?] pages redirect to 404)
-		- answers *
-		- blogs *
-		- diabetes **
-		- dictionary **
-		- exchanges *
-		- firstaid **
-		- men **
-		- symptoms **
-
-	* Refused
-	** Shows www; mismatched, CN: www.webmd.com
-
-
-	Problematic subdomains:
-
-		- ls		(mismatched)
-		- std.o		(2o7.net)
-
-
-	Fully covered subdomains:
+		SSL peer certificate was not OK:
+		- www.exchanges.webmd.com
+		- www.iad1.webmd.com
+		- doctor.iad1.webmd.com
+		- click.messages.webmd.com
+		- pages.messages.webmd.com
 
-		- as
-		- css
-		- doctor
-		- healthmanager
-		- img
-		- member
+		Status code mismatch:
+		- firstaid.webmd.com
 
+		Mixed content blocking (MCB) triggered:
+		- mediakit.webmd.com
+		- origin-mediakit.webmd.com
 -->
 <ruleset name="WebMD (partial)">
-
-	<target host="*.webmd.com" />
-
-
-	<securecookie host="^(?:as|doctor|healthmanager|member)\.webmd\.com$" name=".+" />
-
-
-	<rule from="^http://(as|css|doctor|healthmanager|img|member)\.webmd\.com/"
-		to="https://$1.webmd.com/" />
-
-	<rule from="^http://ls\.turn\.com/"
-		to="https://oasc18.247realmedia.com/" />
-
-	<rule from="^http://std\.o\.webmd\.com/"
-		to="https://webmdglobal.122.2o7.net/" />
-
+	<target host="webmd.com" />
+	<target host="www.webmd.com" />
+	<target host="answers.webmd.com" />
+	<target host="arthritis.webmd.com" />
+	<target host="blogs.webmd.com" />
+	<target host="children.webmd.com" />
+	<target host="customercare.webmd.com" />
+	<target host="data.webmd.com" />
+		<test url="http://data.webmd.com/sdclive/sdcform.aspx?formid=l2uRegistration" />
+	<target host="dentalsavings.webmd.com" />
+	<target host="diabetes.webmd.com" />
+	<target host="dictionary.webmd.com" />
+	<target host="doctor.webmd.com" />
+	<target host="education.webmd.com" />
+	<target host="exchanges.webmd.com" />
+	<target host="fit.webmd.com" />
+	<target host="forums.webmd.com" />
+	<target host="foxnews.webmd.com" />
+	<target host="healthboards.webmd.com" />
+	<target host="img.webmd.com" />
+		<test url="http://img.webmd.com/dtmcms/live/webmd/consumer_assets/site_images/magazine/digital_issues_pdf/webmd_diabetes_sept_13.pdf" />
+	<target host="member.webmd.com" />
+	<target host="men.webmd.com" />
+	<target host="messageboards.webmd.com" />
+	<target host="pets.webmd.com" />
+	<target host="psychologytoday.webmd.com" />
+	<target host="rss.webmd.com" />
+	<target host="rssfeeds.webmd.com" />
+	<target host="img.staging.webmd.com" />
+		<test url="http://img.staging.webmd.com/dtmcms/staging/webmd/consumer_assets/site_images/magazine/digital_issues_pdf/webmd_diabetes_november_2013.pdf" />
+	<target host="symptomchecker.webmd.com" />
+	<target host="symptoms.webmd.com" />
+	<target host="symptomsbeta.webmd.com" />
+	<target host="teens.webmd.com" />
+	<target host="women.webmd.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WebMD_Health.xml b/src/chrome/content/rules/WebMD_Health.xml
index 30d37ff4107f..75af262c8213 100644
--- a/src/chrome/content/rules/WebMD_Health.xml
+++ b/src/chrome/content/rules/WebMD_Health.xml
@@ -10,7 +10,7 @@
 <ruleset name="WebMD Health">
 
 	<target host="webmdhealth.com" />
-	<target host="*.webmdhealth.com" />
+	<target host="www.webmdhealth.com" />
 
 
 	<securecookie host="^(?:www)?\.webmdhealth\.com$" name=".+" />
@@ -19,4 +19,4 @@
 	<rule from="^http://(?:www\.)?webmdhealth\.com/"
 		to="https://www.webmdhealth.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebMD_Health_Services.xml b/src/chrome/content/rules/WebMD_Health_Services.xml
index 6c3247e3720e..f9f1ff410f16 100644
--- a/src/chrome/content/rules/WebMD_Health_Services.xml
+++ b/src/chrome/content/rules/WebMD_Health_Services.xml
@@ -10,7 +10,8 @@
 <ruleset name="WebMD Health Services">
 
 	<target host="webmdhealthservices.com" />
-	<target host="*.webmdhealthservices.com" />
+	<target host="www.webmdhealthservices.com" />
+	<target host="insights.webmdhealthservices.com" />
 
 
 	<securecookie host="^(?:insights|www)\.webmdhealthservices\.com$" name=".+" />
@@ -19,7 +20,6 @@
 	<rule from="^http://(?:www\.)?webmdhealthservices\.com/"
 		to="https://www.webmdhealthservices.com/" />
 
-	<rule from="^http://insights\.webmdhealthservices\.com/"
-		to="https://insights.webmdhealthservices.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebMediaBrands.xml b/src/chrome/content/rules/WebMediaBrands.xml
index 0e9fb81f486a..5e41a0ed815b 100644
--- a/src/chrome/content/rules/WebMediaBrands.xml
+++ b/src/chrome/content/rules/WebMediaBrands.xml
@@ -9,7 +9,8 @@
 <ruleset name="WebMediaBrands (partial)" default_off="broken">
 
 	<target host="devx.com"/>
-	<target host="*.devx.com"/>
+	<target host="www.devx.com" />
+	<target host="assets.devx.com" />
 
 	<!--	assets/ are on assets.devx, too.	-->
 	<rule from="^http://(?:www\.)?devx\.com/(assets/|icom_includes/|styles/)"
diff --git a/src/chrome/content/rules/WebOas.is.xml b/src/chrome/content/rules/WebOas.is.xml
new file mode 100644
index 000000000000..b33316e2dee2
--- /dev/null
+++ b/src/chrome/content/rules/WebOas.is.xml
@@ -0,0 +1,6 @@
+<ruleset name="WebOas.is">
+	<target host="weboas.is" />
+	<target host="www.weboas.is" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WebProspector.xml b/src/chrome/content/rules/WebProspector.xml
index ac0c39d10af8..e03f3fabe4c7 100644
--- a/src/chrome/content/rules/WebProspector.xml
+++ b/src/chrome/content/rules/WebProspector.xml
@@ -16,4 +16,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebRTC-Experiment.com.xml b/src/chrome/content/rules/WebRTC-Experiment.com.xml
index f37b968b6e3e..a4cd87746496 100644
--- a/src/chrome/content/rules/WebRTC-Experiment.com.xml
+++ b/src/chrome/content/rules/WebRTC-Experiment.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.cdn.webrtc-experiment.com/ => https://www.cdn.webrtc-exp
 		- (www.)?cdn
 
 -->
-<ruleset name="WebRTC-Experiment.com" default_off='failed ruleset test'>
+<ruleset name="WebRTC-Experiment.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WebSharks-Inc.com.xml b/src/chrome/content/rules/WebSharks-Inc.com.xml
deleted file mode 100644
index 4377298ef2da..000000000000
--- a/src/chrome/content/rules/WebSharks-Inc.com.xml
+++ /dev/null
@@ -1,43 +0,0 @@
-<!--
-	Other WebSharks rulesets:
-
-		- WebSharks-Inc.com.xml
-
-
-	Insecure cookies are set for these hosts:
-
-		- affiliates.websharks-inc.com
-
-
-	Mixed content:
-
-		- images on www from s-plugins.wordpress.org *
-
-	* Unsecurable <= 404
-
--->
-<ruleset name="WebSharks-Inc.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="websharks-inc.com" />
-	<target host="affiliates.websharks-inc.com" />
-	<target host="cdn.websharks-inc.com" />
-	<target host="www.websharks-inc.com" />
-
-		<!--	Mixed images:
-					-->
-		<test url="http://www.websharks-inc.com/product/s2member/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^affiliates\.websharks-inc\.com$" name="^_s$" /-->
-
-	<securecookie host="^affiliates\.websharks-inc\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WebShopRevolution.com.xml b/src/chrome/content/rules/WebShopRevolution.com.xml
index ced300aa09ee..a1d442f6f573 100644
--- a/src/chrome/content/rules/WebShopRevolution.com.xml
+++ b/src/chrome/content/rules/WebShopRevolution.com.xml
@@ -5,14 +5,14 @@ Fetch error: http://webshoprevolution.com/ => https://webshoprevolution.com/: (6
 
 -->
 <ruleset name="WebShop Revolution">
-    
+
     <!-- WebShop Revolution Sites and Client Shops -->
     <target host="webshoprevolution.com" />
     <target host="*.webshoprevolution.com" />
 
     <!-- Rule for no subdomain - http://webshoprevolution.com -->
     <rule from="^http://webshoprevolution\.com/" to="https://webshoprevolution.com/" />
-    
+
     <!-- Rule for any subdomain - http://*.webshoprevolution.com -->
     <rule from="^http://([\w-]+)\.webshoprevolution\.com/" to="https://$1.webshoprevolution.com/" />
 
diff --git a/src/chrome/content/rules/WebSocial.ly.xml b/src/chrome/content/rules/WebSocial.ly.xml
index f03d8c8b6587..8816cf3735eb 100644
--- a/src/chrome/content/rules/WebSocial.ly.xml
+++ b/src/chrome/content/rules/WebSocial.ly.xml
@@ -12,4 +12,4 @@
 	<rule from="^http://([\w-]+\.)?websocially\.com/(assets/|sign-up(?:$|\?|/)|wp-content/)"
 		to="https://$1websocially.com/$2" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebSpectator.com.xml b/src/chrome/content/rules/WebSpectator.com.xml
index 45de132a2004..9fdcf45b8d22 100644
--- a/src/chrome/content/rules/WebSpectator.com.xml
+++ b/src/chrome/content/rules/WebSpectator.com.xml
@@ -25,13 +25,14 @@
 <ruleset name="WebSpectator.com">
 
 	<target host="webspectator.com" />
-	<target host="*.webspectator.com" />
+	<target host="scripts.webspectator.com" />
+	<target host="services.webspectator.com" />
+	<target host="www.webspectator.com" />
 
 
 	<securecookie host="^\.webspectator\.com$" name=".+" />
 
 
-	<rule from="^http://((?:scripts|services|www)\.)?webspectator\.com/"
-		to="https://$1webspectator.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebStarts.xml b/src/chrome/content/rules/WebStarts.xml
index 5200226953d6..00b21cd282a3 100644
--- a/src/chrome/content/rules/WebStarts.xml
+++ b/src/chrome/content/rules/WebStarts.xml
@@ -7,7 +7,8 @@
 <ruleset name="WebStarts">
 
 	<target host="webstarts.com" />
-	<target host="*.webstarts.com" />
+	<target host="static.webstarts.com" />
+	<target host="www.webstarts.com" />
 
 
 	<securecookie host="^(?:www\.)?webstarts\.com$" name=".+" />
diff --git a/src/chrome/content/rules/WebTrust.xml b/src/chrome/content/rules/WebTrust.xml
index b99ef6690190..15d4f33b31e9 100644
--- a/src/chrome/content/rules/WebTrust.xml
+++ b/src/chrome/content/rules/WebTrust.xml
@@ -1,36 +1,22 @@
+
 <!--
+Entire ruleset disabled at 2020-09-25 16:20:22
+
+Fetch error: http://cert.webtrust.org/ => https://cert.webtrust.org/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
 	Nonfunctional subdomains:
 
 		- (www.) *
+    - entrust
 
 	* Reset
 
 -->
-<ruleset name="WebTrust.org (partial)">
+<ruleset name="WebTrust.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="cert.webtrust.org" />
-	<target host="entrust.webtrust.org" />
-
-		<!--	403:
-				-->
-		<exclusion pattern="^http://(?:cert|entrust)\.webtrust\.org/(?:$|\?)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://cert.webtrust.org/?" />
-			<test url="http://cert.webtrust.org//" />
-
-			<test url="http://entrust.webtrust.org/?" />
-			<test url="http://entrust.webtrust.org//" />
-
-			<!--	-ve:
-					-->
-			<test url="http://cert.webtrust.org/ViewSeal?id=1565" />
-
-			<test url="http://entrust.webtrust.org/SealFile?seal=328" />
-
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/WebUrbanist.com.xml b/src/chrome/content/rules/WebUrbanist.com.xml
index c62255740098..c2469d07fe5d 100644
--- a/src/chrome/content/rules/WebUrbanist.com.xml
+++ b/src/chrome/content/rules/WebUrbanist.com.xml
@@ -19,11 +19,12 @@
 <ruleset name="WebUrbanist.com (partial)" default_off="self-signed">
 
 	<target host="weburbanist.com" />
-	<target host="*.weburbanist.com" />
+	<target host="img.weburbanist.com" />
+	<target host="www.weburbanist.com" />
 		<exclusion pattern="^http://(?:www\.)?weburbanist\.com/(?!wp-content/)" />
 
 
 	<rule from="^http://(?:img\.|www\.)?weburbanist\.com/"
 		to="https://weburbanist.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WebXakep.Net.xml b/src/chrome/content/rules/WebXakep.Net.xml
index 9e9e98a4f00b..d91772e0f526 100644
--- a/src/chrome/content/rules/WebXakep.Net.xml
+++ b/src/chrome/content/rules/WebXakep.Net.xml
@@ -11,18 +11,17 @@ Fetch error: http://infotech-team.com/ => https://infotech-team.com/: (6, 'Could
 		- Web bug from hit\d+.hotlog.ru
 
 -->
-<ruleset name="WebXakep.Net" default_off='failed ruleset test'>
+<ruleset name="WebXakep.Net" default_off="failed ruleset test">
 
 	<target host="infotech-team.com" />
-	<target host="*.infotech-team.com" />
 	<target host="webxakep.net" />
-	<target host="*.webxakep.net" />
+	<target host="www.infotech-team.com" />
+	<target host="www.webxakep.net" />
 
 
 	<securecookie host="^\.(?:infotech-team\.com|webxakep\.net)$" name=".+" />
 
 
-	<rule from="^http://(www\.)?(infotech-team\.com|webxakep\.net)/"
-		to="https://$1$2/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Web_Design_Marketing.xml b/src/chrome/content/rules/Web_Design_Marketing.xml
index 49b627d42551..61826abfc426 100644
--- a/src/chrome/content/rules/Web_Design_Marketing.xml
+++ b/src/chrome/content/rules/Web_Design_Marketing.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Forest.eu.xml b/src/chrome/content/rules/Web_Forest.eu.xml
index 1259fb63b956..01aaa79e980b 100644
--- a/src/chrome/content/rules/Web_Forest.eu.xml
+++ b/src/chrome/content/rules/Web_Forest.eu.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Foundation.org.xml b/src/chrome/content/rules/Web_Foundation.org.xml
index 2e3e5de60e30..8af16631e41e 100644
--- a/src/chrome/content/rules/Web_Foundation.org.xml
+++ b/src/chrome/content/rules/Web_Foundation.org.xml
@@ -15,7 +15,7 @@ Fetch error: http://labs.webfoundation.org/ => https://labs.webfoundation.org/:
 		- data
 		- mlabs
 -->
-<ruleset name="WebFoundation.org (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="WebFoundation.org (partial)" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="public.webfoundation.org" />
 	<target host="labs.webfoundation.org" />
 
diff --git a/src/chrome/content/rules/Web_Hosting_Geeks.com.xml b/src/chrome/content/rules/Web_Hosting_Geeks.com.xml
index cfff669fe63f..7e55396579d7 100644
--- a/src/chrome/content/rules/Web_Hosting_Geeks.com.xml
+++ b/src/chrome/content/rules/Web_Hosting_Geeks.com.xml
@@ -23,7 +23,8 @@
 <ruleset name="Web Hosting Geeks.com">
 
 	<target host="webhostinggeeks.com" />
-	<target host="*.webhostinggeeks.com" />
+	<target host="www.webhostinggeeks.com" />
+	<target host="acf.webhostinggeeks.com" />
 
 
 	<securecookie host="^webhostinggeeks\.com$" name=".+" />
@@ -35,4 +36,4 @@
 	<rule from="^http://acf\.webhostinggeeks\.com/"
 		to="https://d2qa8wpyt2chna.cloudfront.net/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Hosting_Pad.xml b/src/chrome/content/rules/Web_Hosting_Pad.xml
index 80752f15dc9e..ff4b94e05df8 100644
--- a/src/chrome/content/rules/Web_Hosting_Pad.xml
+++ b/src/chrome/content/rules/Web_Hosting_Pad.xml
@@ -5,14 +5,16 @@
 <ruleset name="Web Hosting Pad (partial)">
 
 	<target host="webhostingpad.com" />
-	<target host="*.webhostingpad.com" />
+	<target host="livesupport.webhostingpad.com" />
+	<target host="secure.webhostingpad.com" />
+	<target host="support.webhostingpad.com" />
+	<target host="www.webhostingpad.com" />
 		<exclusion pattern="^http://(?:www\.)?webhostingpad\.com/(?!\w+\.css$|images/)" />
 
 
 	<securecookie host="^s(?:ecure|upport)\.webhostingpad\.com$" name=".+" />
 
 
-	<rule from="^http://((?:livesupport|secure|support|www)\.)?webhostingpad\.com/"
-		to="https://$1webhostingpad.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Service_Award.xml b/src/chrome/content/rules/Web_Service_Award.xml
index f505842a786c..24daabe01d2e 100644
--- a/src/chrome/content/rules/Web_Service_Award.xml
+++ b/src/chrome/content/rules/Web_Service_Award.xml
@@ -11,4 +11,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Web_Tune_Factory.xml b/src/chrome/content/rules/Web_Tune_Factory.xml
index c793c50d170d..47676533bccb 100644
--- a/src/chrome/content/rules/Web_Tune_Factory.xml
+++ b/src/chrome/content/rules/Web_Tune_Factory.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.w-tune.com/ => https://www.w-tune.com/: (6, 'Could not r
 	!www: cert only matches www
 
 -->
-<ruleset name="Web Tune Factory" default_off='failed ruleset test'>
+<ruleset name="Web Tune Factory" default_off="failed ruleset test">
 
 	<target host="w-tune.com" />
 	<target host="www.w-tune.com" />
diff --git a/src/chrome/content/rules/Web_of_Knowledge.xml b/src/chrome/content/rules/Web_of_Knowledge.xml
index 1c96c43a0d90..e7b580faff35 100644
--- a/src/chrome/content/rules/Web_of_Knowledge.xml
+++ b/src/chrome/content/rules/Web_of_Knowledge.xml
@@ -14,16 +14,19 @@ Fetch error: http://www.isiknowledge.com/ => https://www.isiknowledge.com/: (51,
 	<target host="isiknowledge.com" />
 	<target host="www.isiknowledge.com" />
 	<target host="webofknowledge.com" />
-	<target host="*.webofknowledge.com" />
+	<target host="apps.webofknowledge.com" />
+	<target host="cm.webofknowledge.com" />
+	<target host="ets.webofknowledge.com" />
+	<target host="images.webofknowledge.com" />
+	<target host="sub3.webofknowledge.com" />
+	<target host="wcs.webofknowledge.com" />
+	<target host="www.webofknowledge.com" />
 
 
 	<securecookie host="^.*\.webofknowledge\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?isiknowledge\.com/"
-		to="https://$1isiknowledge.com/" />
 
-	<rule from="^http://((?:apps|cm|ets|images|sub3|wcs|www)\.)?webofknowledge\.com/"
-		to="https://$1webofknowledge.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Webby-Awards.xml b/src/chrome/content/rules/Webby-Awards.xml
index e7d0ec466c34..0cd66f6cc485 100644
--- a/src/chrome/content/rules/Webby-Awards.xml
+++ b/src/chrome/content/rules/Webby-Awards.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.webbyawards.com/ => https://www.webbyawards.com/: (7, 'F
 		- (www.)netted.net
 		- pv.webbyawards.com	(timeout)
 -->
-<ruleset name="Webby Awards (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Webby Awards (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="webbyawards.com"/>
 	<target host="www.webbyawards.com"/>
diff --git a/src/chrome/content/rules/Webcontrolcenter.com.xml b/src/chrome/content/rules/Webcontrolcenter.com.xml
deleted file mode 100644
index 7403be7b84c8..000000000000
--- a/src/chrome/content/rules/Webcontrolcenter.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	Observed subdomains:
-
-		- piwik
-
--->
-<ruleset name="webcontrolcenter.com">
-
-	<target host="webcontrolcenter.com" />
-	<target host="*.webcontrolcenter.com" />
-
-
-	<securecookie host="^(?:.+\.)?webcontrolcenter\.com$" name=".+" />
-
-
-	<rule from="^http://([\w-]+\.)?webcontrolcenter\.com/"
-		to="https://$1webcontrolcenter.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Webcruiter.xml b/src/chrome/content/rules/Webcruiter.xml
index 4d16cc203c83..27a2d40848a1 100644
--- a/src/chrome/content/rules/Webcruiter.xml
+++ b/src/chrome/content/rules/Webcruiter.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webento.xml b/src/chrome/content/rules/Webento.xml
index cef31038fd28..a5a7e5137a6d 100644
--- a/src/chrome/content/rules/Webento.xml
+++ b/src/chrome/content/rules/Webento.xml
@@ -11,15 +11,15 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://webento.com/ => https://webento.com/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
 
 -->
-<ruleset name="Webento" default_off='failed ruleset test'>
+<ruleset name="Webento" default_off="failed ruleset test">
 
 	<target host="webento.com" />
 	<target host="www.webento.com" />
 
 
-	<securecookie host="^(?:.*\.)?webento\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webex.com.xml b/src/chrome/content/rules/Webex.com.xml
new file mode 100644
index 000000000000..d32b107b390d
--- /dev/null
+++ b/src/chrome/content/rules/Webex.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Refused:
+		lg.webex.com
+
+-->
+<ruleset name="Webex.com">
+
+	<target host="webex.com" />
+	<target host="*.webex.com" />
+		<exclusion pattern="^http://lg\.webex\.com/" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!--	Clients have unique subdomains	-->
+	<rule from="^http://(\w+\.)?webex\.com/"
+		to="https://$1webex.com/" />
+
+		<test url="http://www.webex.com/" />
+		<test url="http://ebscotraining.webex.com/" />
+		<test url="http://signin.webex.com/collabs/auth" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Webfusion.xml b/src/chrome/content/rules/Webfusion.xml
deleted file mode 100644
index 152ad5ae5ca7..000000000000
--- a/src/chrome/content/rules/Webfusion.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="webfusion (partial)">
-
-	<target host="webfusion.co.uk" />
-	<target host="www.webfusion.co.uk" />
-	<target host="fusion.webfusion-secure.co.uk" />
-	<target host="webfusion-support.co.uk" />
-	<target host="www.webfusion-support.co.uk" />
-
-
-	<securecookie host="^www\.webfusion\.co\.uk$" name=".+" />
-
-
-	<rule from="^http://(www\.)?webfusion(-support)?\.co\.uk/"
-		to="https://$1webfusion$2.co.uk/" />
-
-	<rule from="^http://fusion\.webfusion-secure\.co\.uk/"
-		to="https://fusion.webfusion-secure.co.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webgility.xml b/src/chrome/content/rules/Webgility.xml
index d7cab6b668f6..72784a4b4fc8 100644
--- a/src/chrome/content/rules/Webgility.xml
+++ b/src/chrome/content/rules/Webgility.xml
@@ -9,7 +9,7 @@ Fetch error: http://webgility.com/ => https://webgility.com/: Cycle detected - U
 Fetch error: http://portal.webgility.com/ => https://portal.webgility.com/: Redirect for 'http://portal.webgility.com/' missing Location
 Fetch error: http://www.webgility.com/ => https://webgility.com/: Cycle detected - URL already encountered: https://webgility.com/
 -->
-<ruleset name="Webgility (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Webgility (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="webgility.com"/>
 	<target host="portal.webgility.com"/>
diff --git a/src/chrome/content/rules/Webhostlist.de.xml b/src/chrome/content/rules/Webhostlist.de.xml
deleted file mode 100644
index 069972d939a2..000000000000
--- a/src/chrome/content/rules/Webhostlist.de.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d11hqfd01dzvm8.cloudfront.net
-		- d29imb9ewfvgco.cloudfront.net
-
-
-	Mixed content:
-
-		- Images on www from:
-
-			- d11hqfd01dzvm8.cloudfront.net *
-			- www.providertarife.de **
-
-	* Secured by us
-	** Unsecurable
-
--->
-<ruleset name="webhostlist.de">
-
-	<target host="webhostlist.de" />
-	<target host="www.webhostlist.de" />
-
-
-	<securecookie host="^(?:www)?\.webhostlist\.de$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webhungary.hu.xml b/src/chrome/content/rules/Webhungary.hu.xml
deleted file mode 100644
index 5930c3078ec4..000000000000
--- a/src/chrome/content/rules/Webhungary.hu.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Webhungary.hu">
-
-	<target host="webhungary.hu" />
-	<target host="www.webhungary.hu" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webjet.xml b/src/chrome/content/rules/Webjet.xml
index 74b0bbbb4719..22f718b2d453 100644
--- a/src/chrome/content/rules/Webjet.xml
+++ b/src/chrome/content/rules/Webjet.xml
@@ -33,6 +33,6 @@
 	<rule from="^http://webjet\.(com\.au|co\.nz)/"
 		to="https://www.webjet.$1/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Webkitgtk.org.xml b/src/chrome/content/rules/Webkitgtk.org.xml
new file mode 100644
index 000000000000..6d351a7586fb
--- /dev/null
+++ b/src/chrome/content/rules/Webkitgtk.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="Webkitgtk.org">
+	<target host="webkitgtk.org" />
+	<target host="www.webkitgtk.org" />
+	<target host="planet.webkitgtk.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weblog_Awards.xml b/src/chrome/content/rules/Weblog_Awards.xml
index aa4a77db9cb8..b8ab859c599c 100644
--- a/src/chrome/content/rules/Weblog_Awards.xml
+++ b/src/chrome/content/rules/Weblog_Awards.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webmail-Loxinfo.xml b/src/chrome/content/rules/Webmail-Loxinfo.xml
deleted file mode 100644
index f685a0edc095..000000000000
--- a/src/chrome/content/rules/Webmail-Loxinfo.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Webmail.loxinfo.co.th">
-  <target host="webmail.loxinfo.co.th" />
-
-  <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Webmasterplan.com.xml b/src/chrome/content/rules/Webmasterplan.com.xml
deleted file mode 100644
index 550615712093..000000000000
--- a/src/chrome/content/rules/Webmasterplan.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Webmasterplan.com">
-
-	<target host="banners.webmasterplan.com" />
-	<target host="partners.webmasterplan.com" />
-
-
-	<securecookie host="^\." name="^affili_" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webmon.com.xml b/src/chrome/content/rules/Webmon.com.xml
deleted file mode 100644
index 142c3e1d05cf..000000000000
--- a/src/chrome/content/rules/Webmon.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- webmon.com
-
--->
-<ruleset name="Webmon.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="webmon.com" />
-	<target host="www.webmon.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^webmon\.com$" name="^csrftoken$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Weboolu.xml b/src/chrome/content/rules/Weboolu.xml
index 4d655603cbf9..b51f5938e8b6 100644
--- a/src/chrome/content/rules/Weboolu.xml
+++ b/src/chrome/content/rules/Weboolu.xml
@@ -18,7 +18,7 @@ Fetch error: http://weboolu.com/ => https://weboolu.com/: (7, 'Failed to connect
 		- developer.weboolu.com
 
 -->
-<ruleset name="Weboolu (partial)" default_off='failed ruleset test'>
+<ruleset name="Weboolu (partial)" default_off="failed ruleset test">
 
 	<target host="weboolu.com" />
 	<target host="publisher.weboolu.com" />
@@ -32,4 +32,4 @@ Fetch error: http://weboolu.com/ => https://weboolu.com/: (7, 'Failed to connect
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Weborama.xml b/src/chrome/content/rules/Weborama.xml
index fae067d139f5..0968f85877d8 100644
--- a/src/chrome/content/rules/Weborama.xml
+++ b/src/chrome/content/rules/Weborama.xml
@@ -9,7 +9,7 @@ Fetch error: http://static.weborama.fr/ => https://ssl.weborama.fr/: (7, 'Failed
 
 	(www.)weborama.fr doesn't work
 -->
-<ruleset name="Weborama.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="Weborama.fr (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Webroot.com.xml b/src/chrome/content/rules/Webroot.com.xml
index 1a6baa7673a1..9b044a4cff6d 100644
--- a/src/chrome/content/rules/Webroot.com.xml
+++ b/src/chrome/content/rules/Webroot.com.xml
@@ -16,7 +16,9 @@ Fetch error: http://webroot.com/ => https://webroot.com/: (28, 'Resolving timed
 <ruleset name="Webroot.com (partial)">
 
 	<target host="webroot.com" />
-	<target host="*.webroot.com" />
+	<target host="blog.webroot.com" />
+	<target host="community.webroot.com" />
+	<target host="www.webroot.com" />
 		<exclusion pattern="^http://www\.webroot\.com/(?!favicon\.ico|shared/)" />
 
 
@@ -27,7 +29,6 @@ Fetch error: http://webroot.com/ => https://webroot.com/: (28, 'Resolving timed
 	<securecookie host="^community\.webroot\.com$" name=".+" />
 
 
-	<rule from="^http://((?:blog|community|www)\.)?webroot\.com/"
-		to="https://$1webroot.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebrtcHacks.com.xml b/src/chrome/content/rules/WebrtcHacks.com.xml
index 710d2d89b78c..209a6f753d50 100644
--- a/src/chrome/content/rules/WebrtcHacks.com.xml
+++ b/src/chrome/content/rules/WebrtcHacks.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.webrtchacks.com/ => https://www.webrtchacks.com/: Too ma
 		- .webrtchacks.com
 
 -->
-<ruleset name="webrtcHacks.com" default_off='failed ruleset test'>
+<ruleset name="webrtcHacks.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Webs-MixedContent.xml b/src/chrome/content/rules/Webs-MixedContent.xml
deleted file mode 100644
index 9514e20b41ed..000000000000
--- a/src/chrome/content/rules/Webs-MixedContent.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	See Webs.xml for domain information
-
-	This file contains resources that are problematic with a Mixed Content Blocker
--->
-<ruleset name="Webs (Mixed Content)" platform="mixedcontent">
-
-	<target host="members.webs.com" />
-
-	<securecookie host="^members\.webs\.com$" name=".+" />
-
-	<rule from="^http:"
-	        to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webs.com.xml b/src/chrome/content/rules/Webs.com.xml
new file mode 100644
index 000000000000..60109d963180
--- /dev/null
+++ b/src/chrome/content/rules/Webs.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Other Webs.com related rulesets:
+		+ Websimages.com.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- stats.webs.com
+-->
+<ruleset name="Webs.com (partial)">
+	<target host="webs.com" />
+	<target host="www.webs.com" />
+	<target host="blogs.webs.com" />
+	<target host="images.webs.com" />
+	<target host="members.webs.com" />
+	<target host="premium.members.webs.com" />
+	<target host="thumbs.webs.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Webs.xml b/src/chrome/content/rules/Webs.xml
deleted file mode 100644
index 7e6f529ac2c6..000000000000
--- a/src/chrome/content/rules/Webs.xml
+++ /dev/null
@@ -1,74 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://origin.images.webs.com/ => https://origin.images.webs.com/: (6, 'Could not resolve host: origin.images.webs.com')
-Fetch error: http://es.premium.members.webs.com/ => https://es.premium.members.webs.com/: (6, 'Could not resolve host: es.premium.members.webs.com')
-
-	CDN buckets:
-
-		- static.webs.com.edgesuite.net
-
-			- a1129.g.akamai.net
-			- images.freewebs.com
-			- images.webs.com
-			- static.websimages.com
-
-		- www.webs.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- staticthumbs.freewebs.com *
-
-		- webs.com subdomains:
-
-			- ^ *
-			- blog		(refused)
-			- collector.stats *
-			- thumbs *
-			- www		("Webs is temporarily unavailable", akamai)
-			- \w+ *		(per-client subdomains)
-
-	* Dropped
-
-
-	Problematic domains:
-
-		- images.freewebs.com *
-		- images.webs.com *
-		- static.websimages.com *
-
-	* Works, akamai
-
-
-	Fully covered domains:
-
-		- images.freewebs.com *
-
-		- webs.com subdomains:
-
-			- images *
-			- members
-
-		- static.websimages.com *
-
-	* → akamai
-
--->
-<ruleset name="Webs (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="origin.images.webs.com" />
-
-	<target host="members.webs.com" />
-	<target host="premium.members.webs.com" />
-	<target host="es.premium.members.webs.com" />
-
-	<target host="secure.websimages.com" />
-
-
-	<rule from="^http:"
-	        to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Websec_Weekly.org.xml b/src/chrome/content/rules/Websec_Weekly.org.xml
index 854baca36d09..6afa256a62ad 100644
--- a/src/chrome/content/rules/Websec_Weekly.org.xml
+++ b/src/chrome/content/rules/Websec_Weekly.org.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.websecweekly.org/ => https://www.websecweekly.org/: (28,
 		- .websecweekly.org
 
 -->
-<ruleset name="Websec Weekly.org" default_off='failed ruleset test'>
+<ruleset name="Websec Weekly.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Websecurify.com.xml b/src/chrome/content/rules/Websecurify.com.xml
index 0a7478245c98..1c6d55215c94 100644
--- a/src/chrome/content/rules/Websecurify.com.xml
+++ b/src/chrome/content/rules/Websecurify.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://learn.websecurify.com/ => https://learn.websecurify.com/: (6
 Fetch error: http://suite.websecurify.com/ => https://suite.websecurify.com/: (6, 'Could not resolve host: suite.websecurify.com')
 
 -->
-<ruleset name="Websecurify.com" default_off='failed ruleset test'>
+<ruleset name="Websecurify.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Websimages.com.xml b/src/chrome/content/rules/Websimages.com.xml
new file mode 100644
index 000000000000..2d2fb4105299
--- /dev/null
+++ b/src/chrome/content/rules/Websimages.com.xml
@@ -0,0 +1,10 @@
+<!--
+	For other Webs.com related rulesets, see Webs.com.xml
+-->
+<ruleset name="Websimages.com (partial)">
+	<target host="websimages.com" />
+	<target host="www.websimages.com" />
+	<target host="secure.websimages.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Website-start.de.xml b/src/chrome/content/rules/Website-start.de.xml
index e5960c8d8b36..a8e281ac92ce 100644
--- a/src/chrome/content/rules/Website-start.de.xml
+++ b/src/chrome/content/rules/Website-start.de.xml
@@ -12,7 +12,8 @@
 -->
 <ruleset name="website-start.de">
 
-	<target host="*.website-start.de" />
+	<target host="cdn.website-start.de" />
+	<target host="cms01.website-start.de" />
 
 
 	<!--	Not secured by server:
@@ -22,7 +23,6 @@
 	<securecookie host="^cms01\.website-start\.de$" name=".+" />
 
 
-	<rule from="^http://c(dn|ms01)\.website-start\.de/"
-		to="https://c$1.website-start.de/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WebsiteAlive.xml b/src/chrome/content/rules/WebsiteAlive.xml
index 8f830129ed27..de8958c1e3e0 100644
--- a/src/chrome/content/rules/WebsiteAlive.xml
+++ b/src/chrome/content/rules/WebsiteAlive.xml
@@ -19,7 +19,7 @@ Fetch error: http://team.websitealive.com/ => https://team.websitealive.com/: (2
 	* Works; mismatched, CN: secure.websitealive.com
 
 -->
-<ruleset name="WebsiteAlive (partial)" default_off='failed ruleset test'>
+<ruleset name="WebsiteAlive (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WebsiteGrowers.com.xml b/src/chrome/content/rules/WebsiteGrowers.com.xml
index 94cd17cb9c70..1d2492ba9736 100644
--- a/src/chrome/content/rules/WebsiteGrowers.com.xml
+++ b/src/chrome/content/rules/WebsiteGrowers.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Website_Pipeline.xml b/src/chrome/content/rules/Website_Pipeline.xml
index 1bb75d894e71..c2ccdc086971 100644
--- a/src/chrome/content/rules/Website_Pipeline.xml
+++ b/src/chrome/content/rules/Website_Pipeline.xml
@@ -9,7 +9,7 @@ Fetch error: http://gweb03.webstorepackage.com/ => https://gweb03.webstorepackag
 		- (www.)webstorepackage.com	(redirects to www.websitepipeline.com; expired 2013-03-09, mismatched, CN: www.ebiz4idiots.com)
 
 -->
-<ruleset name="Website Pipeline (partial)" default_off='failed ruleset test'>
+<ruleset name="Website Pipeline (partial)" default_off="failed ruleset test">
 
 	<target host="extranet.websitepipeline.com" />
 	<target host="gweb03.webstorepackage.com" />
@@ -21,4 +21,4 @@ Fetch error: http://gweb03.webstorepackage.com/ => https://gweb03.webstorepackag
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Websitesettings.com.xml b/src/chrome/content/rules/Websitesettings.com.xml
index e9c76ba643f4..b8ae910b1657 100644
--- a/src/chrome/content/rules/Websitesettings.com.xml
+++ b/src/chrome/content/rules/Websitesettings.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webspace4All.xml b/src/chrome/content/rules/Webspace4All.xml
index 00504244ee73..5e48619913a8 100644
--- a/src/chrome/content/rules/Webspace4All.xml
+++ b/src/chrome/content/rules/Webspace4All.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?webspace4all\.eu/"
 		to="https://www.webspace4all.eu/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webspace4Clans.de.xml b/src/chrome/content/rules/Webspace4Clans.de.xml
index bef5ac21fcaf..06bfd915c7c9 100644
--- a/src/chrome/content/rules/Webspace4Clans.de.xml
+++ b/src/chrome/content/rules/Webspace4Clans.de.xml
@@ -24,4 +24,4 @@
 	<rule from="^http://(?:www\.)?webspace4clans\.de/(?=components/|favicon\.ico|images/|index\.php\?option=com_aicontactsafe&amp;sTask=captcha&amp;task=captcha&amp;pf=1&amp;r_id=\d+&amp;lang=\w\w&amp;format=raw|index\.php/(?:domainparking|hosting|only-mail)(?:$|[?/]|\.html)|modules/|plugins/|templates/|ticketsystem(?:$|[?/]))"
 		to="https://webspace4clans.de/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Webstat.com.xml b/src/chrome/content/rules/Webstat.com.xml
index fcc48a256cbd..9cfced6ae104 100644
--- a/src/chrome/content/rules/Webstat.com.xml
+++ b/src/chrome/content/rules/Webstat.com.xml
@@ -12,7 +12,8 @@
 -->
 <ruleset name="webstat.com">
 
-	<target host="*.webstat.com" />
+	<target host="hv3.webstat.com" />
+	<target host="secure.webstat.com" />
 
 
 	<rule from="^http://(?:hv3|secure)\.webstat\.com/"
diff --git a/src/chrome/content/rules/Webstaurant_Store.xml b/src/chrome/content/rules/Webstaurant_Store.xml
index 9ebc5a662d4d..f5ff009c2b90 100644
--- a/src/chrome/content/rules/Webstaurant_Store.xml
+++ b/src/chrome/content/rules/Webstaurant_Store.xml
@@ -1,17 +1,14 @@
+<!--
+  Nonfunctional CDN references:
+    403
+    - cdnimg[1-3].webstaurantstore.com
+ -->
 <ruleset name="The Webstaurant Store">
 
 	<target host="webstaurantstore.com" />
 	<target host="www.webstaurantstore.com" />
 	<target host="cdn.webstaurantstore.com" />
 	<target host="cdnimg.webstaurantstore.com" />
-	<target host="cdnimg1.webstaurantstore.com" />
-	<target host="cdnimg2.webstaurantstore.com" />
-	<target host="cdnimg3.webstaurantstore.com" />
-		<exclusion pattern="^http://cdnimg\d?\.webstaurantstore\.com/$" />
-		<test url="http://cdnimg.webstaurantstore.com/uploads/design/2014/1/webstaurantstore-logo.png" />
-		<test url="http://cdnimg1.webstaurantstore.com/uploads/design/2014/1/webstaurantstore-logo.png" />
-		<test url="http://cdnimg2.webstaurantstore.com/uploads/design/2014/1/webstaurantstore-logo.png" />
-		<test url="http://cdnimg3.webstaurantstore.com/uploads/design/2014/1/webstaurantstore-logo.png" />
 	<target host="chat.webstaurantstore.com" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Webstyle.ch.xml b/src/chrome/content/rules/Webstyle.ch.xml
index 1ad7db32678f..7f281bca24ac 100644
--- a/src/chrome/content/rules/Webstyle.ch.xml
+++ b/src/chrome/content/rules/Webstyle.ch.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://zimbra.webstyle.ch/ => https://zimbra.webstyle.ch/: (6, 'Could not resolve host: zimbra.webstyle.ch')
 
 -->
-<ruleset name="webstyle.ch" default_off='failed ruleset test'>
+<ruleset name="webstyle.ch" default_off="failed ruleset test">
 	<target host="webstyle.ch" />
 	<target host="www.webstyle.ch" />
 	<target host="webmail.webstyle.ch" />
diff --git a/src/chrome/content/rules/Webthumbnail.org.xml b/src/chrome/content/rules/Webthumbnail.org.xml
deleted file mode 100644
index 99d47ff6c771..000000000000
--- a/src/chrome/content/rules/Webthumbnail.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Webthumbnail.org">
-
-	<target host="webthumbnail.org" />
-	<target host="www.webthumbnail.org" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Webtracker.jp.xml b/src/chrome/content/rules/Webtracker.jp.xml
index 172fe5687d42..249c9c35a0d4 100644
--- a/src/chrome/content/rules/Webtracker.jp.xml
+++ b/src/chrome/content/rules/Webtracker.jp.xml
@@ -26,7 +26,7 @@ Fetch error: http://t.webtracker.jp/ => https://t.webtracker.jp/: (7, 'Failed to
 	(www.)?: Dropped over http & https
 
 -->
-<ruleset name="Webtracker.jp" default_off='failed ruleset test'>
+<ruleset name="Webtracker.jp" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WebtraffIQ.com.xml b/src/chrome/content/rules/WebtraffIQ.com.xml
index 41df0a7f6980..0a9083661aec 100644
--- a/src/chrome/content/rules/WebtraffIQ.com.xml
+++ b/src/chrome/content/rules/WebtraffIQ.com.xml
@@ -21,7 +21,9 @@
 <ruleset name="WebtraffIQ.com (partial)">
 
 	<target host="webtraffiq.com" />
-	<target host="*.webtraffiq.com" />
+	<target host="secure.webtraffiq.com" />
+	<target host="dev.secure.webtraffiq.com" />
+	<target host="www.webtraffiq.com" />
 		<exclusion pattern="^http://(?:www\.)?webtraffiq\.com/(?!images/|styles/)" />
 
 
diff --git a/src/chrome/content/rules/Webtraffic.se.xml b/src/chrome/content/rules/Webtraffic.se.xml
index c93abbfe75ad..cdd4d7816ddc 100644
--- a/src/chrome/content/rules/Webtraffic.se.xml
+++ b/src/chrome/content/rules/Webtraffic.se.xml
@@ -8,7 +8,7 @@ Fetch error: http://dyn.webtraffic.se/ => https://dyn.webtraffic.se/: (60, 'SSL
 		 - (www.)	(403; mismatched, CN; dyn.webtraffic.se)
 
 -->
-<ruleset name="Webtraffic.se (partial)" default_off='failed ruleset test'>
+<ruleset name="Webtraffic.se (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Webtrekk.net.xml b/src/chrome/content/rules/Webtrekk.net.xml
index 22c811c2745d..383a504b84cb 100644
--- a/src/chrome/content/rules/Webtrekk.net.xml
+++ b/src/chrome/content/rules/Webtrekk.net.xml
@@ -37,7 +37,6 @@
 		<test url="http://flixbusweb01.wt-eu02.net/" />
 		<test url="http://fotoservicebenl01.wt-eu02.net/" />
 		<test url="http://fotoservicech01.wt-eu02.net/" />
-		<test url="http://responder.wt-safetag.com/" />
 
 		<!--	Sets cookie without Secure:
 							-->
diff --git a/src/chrome/content/rules/Webtrends.com.xml b/src/chrome/content/rules/Webtrends.com.xml
index d052ae440617..9acfe47adf75 100644
--- a/src/chrome/content/rules/Webtrends.com.xml
+++ b/src/chrome/content/rules/Webtrends.com.xml
@@ -89,7 +89,7 @@ Fetch error: http://m.webtrends.com/ => https://m.webtrends.com/: (6, 'Could not
 		- .www.webtrends.com
 
 -->
-<ruleset name="Webtrends.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Webtrends.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Webyog.com.xml b/src/chrome/content/rules/Webyog.com.xml
index cd0b297c9569..a55c39ccc54b 100644
--- a/src/chrome/content/rules/Webyog.com.xml
+++ b/src/chrome/content/rules/Webyog.com.xml
@@ -14,6 +14,6 @@
 
   	<securecookie host="^www\.webyog\.com$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wed.is.xml b/src/chrome/content/rules/Wed.is.xml
deleted file mode 100644
index 68b385881199..000000000000
--- a/src/chrome/content/rules/Wed.is.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Wed.is">
-
-	<target host="wed.is" />
-	<target host="www.wed.is" />
-
-
-	<securecookie host="^\.?wed\.is$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Week_Plan.xml b/src/chrome/content/rules/Week_Plan.xml
index 7570bc00352b..29378c5dedee 100644
--- a/src/chrome/content/rules/Week_Plan.xml
+++ b/src/chrome/content/rules/Week_Plan.xml
@@ -5,7 +5,7 @@ Fetch error: http://weekplan.net/ => https://weekplan.net/: Too many redirects w
 Fetch error: http://www.weekplan.net/ => https://www.weekplan.net/: Too many redirects while fetching 'https://www.weekplan.net/'
 
 -->
-<ruleset name="Week Plan" default_off='failed ruleset test'>
+<ruleset name="Week Plan" default_off="failed ruleset test">
 
 	<target host="weekplan.net" />
 	<target host="app.weekplan.net" />
@@ -17,4 +17,4 @@ Fetch error: http://www.weekplan.net/ => https://www.weekplan.net/: Too many red
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Weeklyosm.eu.xml b/src/chrome/content/rules/Weeklyosm.eu.xml
new file mode 100644
index 000000000000..2bf93500df07
--- /dev/null
+++ b/src/chrome/content/rules/Weeklyosm.eu.xml
@@ -0,0 +1,7 @@
+<ruleset name="Weeklyosm.eu">
+	<target host="weeklyosm.eu" />
+	<target host="www.weeklyosm.eu" />
+	<target host="beta.weeklyosm.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wego_Health.com.xml b/src/chrome/content/rules/Wego_Health.com.xml
index d283f5709341..b3450803e4b4 100644
--- a/src/chrome/content/rules/Wego_Health.com.xml
+++ b/src/chrome/content/rules/Wego_Health.com.xml
@@ -62,10 +62,12 @@ Fetch error: http://wegohealth.com/ => https://wegohealth.com/: (60, 'SSL certif
 	* Secured by us
 
 -->
-<ruleset name="Wego Health.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Wego Health.com (partial)" default_off="failed ruleset test">
 
 	<target host="wegohealth.com" />
-	<target host="*.wegohealth.com" />
+	<target host="awards.wegohealth.com" />
+	<target host="tv.wegohealth.com" />
+	<target host="www.wegohealth.com" />
 		<!--
 			Redirect to http:
 						-->
@@ -85,7 +87,6 @@ Fetch error: http://wegohealth.com/ => https://wegohealth.com/: (60, 'SSL certif
 	<securecookie host="^\.wegohealth\.com$" name=".+" />
 
 
-	<rule from="^http://((?:awards|tv|www)\.)?wegohealth\.com/"
-		to="https://$1wegohealth.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Weho.st.xml b/src/chrome/content/rules/Weho.st.xml
new file mode 100644
index 000000000000..39afcda9d21c
--- /dev/null
+++ b/src/chrome/content/rules/Weho.st.xml
@@ -0,0 +1,16 @@
+<ruleset name="Weho.st">
+	<target host="weho.st" />
+	<target host="cloud.weho.st" />
+	<target host="chat.weho.st" />
+	<target host="search.weho.st" />
+	<target host="pad.weho.st" />
+	<target host="calc.weho.st" />
+	<target host="git.weho.st" />
+	<target host="cryptpad.weho.st" />
+	<target host="social.weho.st" />
+	<target host="draw.weho.st" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Weibo.cn.xml b/src/chrome/content/rules/Weibo.cn.xml
index b3086b87979a..61a07a8e6dc7 100644
--- a/src/chrome/content/rules/Weibo.cn.xml
+++ b/src/chrome/content/rules/Weibo.cn.xml
@@ -1,34 +1,27 @@
 <!--
 	For other Weibo coverage, see Weibo.com.xml.
 
-	MCB:
-		c.weibo.cn
-		music.weibo.cn
+	sslv3 alert handshake failure:
+		tpssl.weibo.cn		http://tpssl.weibo.cn/3244140934/50/5714990600/0
 
-	Invalid certificate:
-		gouwu.weibo.cn
-		manhua.weibo.cn
-		place.weibo.cn
-
-		CDN buckets:
-			img([1-5])?.app.wcdn.cn
+	CDN buckets:
+		img([1-5])?.app.wcdn.cn
 -->
-
 <ruleset name="Weibo.cn">
 	<target host="weibo.cn" />
 	<target host="www.weibo.cn" />
+	<target host="c.weibo.cn" />
 	<target host="m.weibo.cn" />
+	<target host="manhua.weibo.cn" />
 	<target host="media.weibo.cn" />
-		<test url="http://media.weibo.cn/article?id=2309614055824556255473" />
+	<target host="music.weibo.cn" />
 	<target host="open.weibo.cn" />
 		<test url="http://open.weibo.cn/oauth2/authorize" />
 	<target host="passport.weibo.cn" />
 		<test url="http://passport.weibo.cn/signin/login" />
+	<target host="place.weibo.cn" />
 	<target host="toutiao.weibo.cn" />
-	<target host="tpssl.weibo.cn" />
-		<test url="http://tpssl.weibo.cn/3244140934/50/5714990600/0" />
 	<target host="tvassl.weibo.cn" />
-		<test url="http://tvassl.weibo.cn/crop.0.21.685.685.1024/6b84272bgw1euxxzxrndpj20k00k0adc.jpg" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Weibo.com-mixedcontent.xml b/src/chrome/content/rules/Weibo.com-mixedcontent.xml
deleted file mode 100644
index 8e54baf7d7f2..000000000000
--- a/src/chrome/content/rules/Weibo.com-mixedcontent.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules not causing mixed content, see Weibo.com.xml.
--->
-
-<ruleset name="Weibo.com (mixed content)" platform="mixedcontent">
-
-	<target host="gouwu.weibo.com" />
-	<target host="s.weibo.com" />
-	
-	<securecookie host="^\w" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Weibo.com.xml b/src/chrome/content/rules/Weibo.com.xml
index caf1d600832e..6b852d6a0bdd 100644
--- a/src/chrome/content/rules/Weibo.com.xml
+++ b/src/chrome/content/rules/Weibo.com.xml
@@ -1,62 +1,45 @@
 <!--
 	Other Weibo coverage:
 		Weibo.cn.xml
-		Weibo.com-mixedcontent.xml
 		WeiboPay.com.xml
 
-	Insecure cookies are set for these domains and hosts:
-		.weibo.com
-		game.weibo.com
-		sg2.game.weibo.com
-		yahoo.tw.weibo.com
-
-	Expired:
-		vdisk.weibo.com
-
 	MCB:
-		chart.weibo.com		( Too many redirects )
 		game.weibo.com
-		gouwu.weibo.com
-		s.weibo.com
 
-	Invalid certificate:
-		www.weibo.com	( Mismatched by some strange CDNs. Equal to ^.)
-		app.weibo.com
-		book.weibo.com
+	not enough values to unpack:
+		captcha.weibo.com	https://travis-ci.org/github/EFForg/https-everywhere/jobs/686172096#L343
+
+	Redirect to http:
 		static.book.weibo.com
-		caipiao.weibo.com
 		sg2.game.weibo.com
-		help.weibo.com
-		hr.weibo.com
 		manhua.weibo.com
-		open.weibo.com
-		rm2015.tv.weibo.com
-		service.weibo.com
-		vgirl.weibo.com
-		x.weibo.com
+
+	Timeout:
+		app.weibo.com		https://travis-ci.org/github/EFForg/https-everywhere/jobs/686176000#L341
 -->
 <ruleset name="Weibo.com">
 	<target host="weibo.com" />
 	<target host="www.weibo.com" />
 	<target host="api.weibo.com" />
-		<exclusion pattern="http://api\.weibo\.com/chat/" />
-		<test url="http://api.weibo.com/chat/#/main" />
+		<test url="http://api.weibo.com/chat/#/" />
 	<target host="rm.api.weibo.com" />
-		<test url="http://rm.api.weibo.com/2/remind/unread_count.json?source=1654744673" />
+		<test url="http://rm.api.weibo.com/2/remind/unread_count.json" />
 	<target host="upload.api.weibo.com" />
 		<test url="http://upload.api.weibo.com/2/statuses/upload.json" />
-	<target host="captcha.weibo.com" />
-		<test url="http://captcha.weibo.com/static/js/patternLock.min.js" />
+	<target host="book.weibo.com" />
 	<target host="e.weibo.com" />
+	<target host="help.weibo.com" />
+	<target host="open.weibo.com" />
 	<target host="passport.weibo.com" />
+	<target host="s.weibo.com" />
 	<target host="security.weibo.com" />
 		<test url="http://security.weibo.com/app/js/v1/apps/account/jQuery1.7.1.js" />
-	<target host="yahoo.tw.weibo.com" />
+	<target host="vdisk.weibo.com" />
+	<target host="video.weibo.com" />
+		<test url="http://video.weibo.com/show?fid=1034:4312779088411554" />
 	<target host="widget.weibo.com" />
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://www\.weibo\.com/" to="https://weibo.com/" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Weiss-Research.xml b/src/chrome/content/rules/Weiss-Research.xml
index b40a96533394..dd6da9a8e367 100644
--- a/src/chrome/content/rules/Weiss-Research.xml
+++ b/src/chrome/content/rules/Weiss-Research.xml
@@ -9,18 +9,17 @@ Fetch error: http://moneyandmarkets.com/ => https://moneyandmarkets.com/: (60, '
 <ruleset name="Weiss Research">
 
 	<target host="moneyandmarkets.com" />
-	<target host="*.moneyandmarkets.com" />
+	<target host="www.moneyandmarkets.com" />
 	<target host="weissinc.com" />
-	<target host="*.weissinc.com" />
+	<target host="cdn.weissinc.com" />
+	<target host="images.weissinc.com" />
+	<target host="www.weissinc.com" />
 
 
 	<securecookie host="^.*\.moneyandmarkets\.com$" name=".+" />
 
 
-	<rule from="^http://(www\.)?moneyandmarkets\.com/"
-		to="https://$1moneyandmarkets.com/" />
 
-	<rule from="^http://((?:cdn|images|www)\.)?weissinc\.com/"
-		to="https://$1weissinc.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WelcomeCottages.com.xml b/src/chrome/content/rules/WelcomeCottages.com.xml
index 55859db9dc47..e01bd9750078 100644
--- a/src/chrome/content/rules/WelcomeCottages.com.xml
+++ b/src/chrome/content/rules/WelcomeCottages.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
@@ -13,6 +13,6 @@
 	<rule from="^http://welcomecottages\.com/"
 		to="https://www.welcomecottages.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Welcome_to_MetLife.com.xml b/src/chrome/content/rules/Welcome_to_MetLife.com.xml
deleted file mode 100644
index ef9a7017609e..000000000000
--- a/src/chrome/content/rules/Welcome_to_MetLife.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	www: Cert only matches ^welcometometlife.com
-
--->
-<ruleset name="Welcome to MetLife.com">
-
-	<target host="welcometometlife.com" />
-	<target host="www.welcometometlife.com" />
-
-
-	<rule from="^http://(?:www\.)?welcometometlife\.com/"
-		to="https://welcometometlife.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Welect.de.xml b/src/chrome/content/rules/Welect.de.xml
new file mode 100644
index 000000000000..a69f26f77b25
--- /dev/null
+++ b/src/chrome/content/rules/Welect.de.xml
@@ -0,0 +1,32 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		www.s
+-->
+<ruleset name="Welect.de">
+
+	<target host="welect.de" />
+	<target host="www.welect.de" />
+	<target host="ssl.1.damoh.welect.de" />
+	<target host="ssl.2.damoh.welect.de" />
+	<target host="ssl.3.damoh.welect.de" />
+	<target host="de.welect.de" />
+	<target host="www.de.welect.de" />
+	<target host="example.welect.de" />
+	<target host="go.welect.de" />
+	<target host="go-staging.welect.de" />
+	<target host="integrator.welect.de" />
+	<target host="internal.welect.de" />
+	<target host="noserver.welect.de" />
+	<target host="production.welect.de" />
+	<target host="redirect-staging.welect.de" />
+	<target host="s.welect.de" />
+	<target host="staging.welect.de" />
+	<target host="static.welect.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wellbid.com.xml b/src/chrome/content/rules/Wellbid.com.xml
index e066495b9529..67577524c7ef 100644
--- a/src/chrome/content/rules/Wellbid.com.xml
+++ b/src/chrome/content/rules/Wellbid.com.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wellcome-HK-Lucky-Draws.xml b/src/chrome/content/rules/Wellcome-HK-Lucky-Draws.xml
new file mode 100644
index 000000000000..47988e1dbff6
--- /dev/null
+++ b/src/chrome/content/rules/Wellcome-HK-Lucky-Draws.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		No content on HTTPS:
+		- wellcomehappystamp.com
+		- www.wellcomehappystamp.com
+		- worldwinefairluckydraw.com
+		- www.worldwinefairluckydraw.com
+-->
+<ruleset name="Wellcome HK Lucky Draws">
+	<target host="easy2winluckydraw.com" />
+	<target host="www.easy2winluckydraw.com" />
+	<target host="summercoolluckydraw.com" />
+	<target host="www.summercoolluckydraw.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wello.com.xml b/src/chrome/content/rules/Wello.com.xml
index c5a3e1ef734b..b3ed09f6ec4f 100644
--- a/src/chrome/content/rules/Wello.com.xml
+++ b/src/chrome/content/rules/Wello.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://wello.com/ => https://wello.com/: (7, 'Failed to connect to
 Fetch error: http://www.wello.com/ => https://www.wello.com/: (7, 'Failed to connect to www.wello.com port 443: Connection refused')
 
 -->
-<ruleset name="Wello.com" default_off='failed ruleset test'>
+<ruleset name="Wello.com" default_off="failed ruleset test">
 
 	<target host="wello.com" />
 	<target host="www.wello.com" />
diff --git a/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml b/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml
index 1691df9ca79e..c07457f0f3d5 100644
--- a/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml
+++ b/src/chrome/content/rules/Welsh-Country-Cottages.co.uk.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/Welt.de.xml b/src/chrome/content/rules/Welt.de.xml
index b3937e67256f..7dbd0fae49e2 100644
--- a/src/chrome/content/rules/Welt.de.xml
+++ b/src/chrome/content/rules/Welt.de.xml
@@ -1,46 +1,35 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://epaper.apps.welt.de/ => https://epaper.apps.welt.de/: (7, 'Failed to connect to epaper.apps.welt.de port 443: Connection refused')
-Fetch error: http://mobiepaper.apps.welt.de/ => https://mobiepaper.apps.welt.de/: (6, 'Could not resolve host: mobiepaper.apps.welt.de')
+	Connection closed:
+		- welt.de
+		- wetter.welt.de
 
-	Mismatch:
-		- apps.welt.de
+	Invalid certificate:
+		- biowetter.welt.de
 		- bundle.welt.de
-		- classiqs.welt.de
-		- gutscheine.welt.de
-		- iqtest.apps.welt.de
+		- klassiker.welt.de
+		- kompakt.welt.de
+		- kosmos.welt.de
 		- liveticker.welt.de
 		- m.liveticker.welt.de
+		- luxusautos.welt.de
+		- luxusuhren.welt.de
 		- m.welt.de
-		- mba.welt.de
+		- reisewetter.welt.de
+		- schmid.welt.de
 		- service.welt.de
-		- tv.welt.de
+		- to.welt.de
 
-	Incomplete certificate chain:
-		- stepstone.welt.de
+	Mismatch:
+		- apps.welt.de
 
 	Refused:
-		- biowetter.welt.de
+		- epaper.apps.welt.de
 		- donnerunddoria.welt.de
-		- drakensang.welt.de
+		- epaper.welt.de
 		- freie.welt.de
-		- investigativ.welt.de
-		- klassiker.welt.de
-		- kompakt.welt.de
-		- kosmos.welt.de
-		- luxus.welt.de
-		- luxusautos.welt.de
-		- luxusuhren.welt.de
 		- medien.welt.de
-		- ps.welt.de
-		- reisewetter.welt.de
-		- schmid.welt.de
-		- to.welt.de
-		- wetter.welt.de
 -->
-<ruleset name="Welt.de" default_off='failed ruleset test'>
-	<target host="welt.de" />
+<ruleset name="Welt.de (Partial)">
 	<target host="www.welt.de" />
 		<!-- HTTP redirect -->
 		<exclusion pattern="^http://www\.welt\.de/((article)?\d{9}|icon|lesestueck|storytorial)/" />
@@ -50,19 +39,24 @@ Fetch error: http://mobiepaper.apps.welt.de/ => https://mobiepaper.apps.welt.de/
 		<test url="http://www.welt.de/lesestueck/" />
 		<test url="http://www.welt.de/storytorial/escada/" />
 	<target host="abo.welt.de" />
-	<target host="beta.welt.de" />
 	<target host="codewidget.welt.de" />
 	<target host="css.welt.de" />
+	<target host="gutscheine.welt.de" />
 	<target host="img.welt.de" />
+	<target host="investigativ.welt.de" />
+	<target host="jobs.welt.de" />
 	<target host="js.welt.de" />
-	<target host="n24.welt.de" />
-	<target host="online.welt.de" />
-	<target host="zeitung.welt.de" />
+	<target host="resources-production.la.welt.de" />
+		<test url="http://resources-production.la.welt.de/loader/la-loader-default.js" />
+	<target host="luxus.welt.de" />
 	<target host="mobil.welt.de" />
 	<target host="mobile.welt.de" />
+	<target host="online.welt.de" />
+	<target host="stepstone.welt.de" />
+	<target host="tv.welt.de" />
+	<target host="zeitung.welt.de" />
 	<!-- *.apps.welt.de -->
-		<target host="epaper.apps.welt.de" />
-		<target host="mobiepaper.apps.welt.de" />
+		<target host="iqtest.apps.welt.de" />
 		<target host="static.apps.welt.de" />
 			<!-- serves wrong content (404 pages also look different, but that's trivial -->
 			<exclusion pattern="^http://static\.apps\.welt\.de/lesestueck/" />
@@ -80,4 +74,5 @@ Fetch error: http://mobiepaper.apps.welt.de/ => https://mobiepaper.apps.welt.de/
 	<test url="http://img.welt.de/img/config_master_header/orig149433181/3270004236/welt-logo-trans.png" />
 
 	<rule from="^http:" to="https:" />
+	
 </ruleset>
diff --git a/src/chrome/content/rules/Weltbild.ch.xml b/src/chrome/content/rules/Weltbild.ch.xml
index 6a56a20ca824..9b022b1b3357 100644
--- a/src/chrome/content/rules/Weltbild.ch.xml
+++ b/src/chrome/content/rules/Weltbild.ch.xml
@@ -2,7 +2,7 @@
 	<target host="weltbild.ch" />
 	<target host="www.weltbild.ch" />
 
-	<securecookie host="^(?:.*\.)?weltbild\.ch$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wemadethis.co.uk.xml b/src/chrome/content/rules/Wemadethis.co.uk.xml
new file mode 100644
index 000000000000..e0c87d5f956e
--- /dev/null
+++ b/src/chrome/content/rules/Wemadethis.co.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="Wemadethis.co.uk">
+	<target host="wemadethis.co.uk" />
+	<target host="www.wemadethis.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wemfbox.ch.xml b/src/chrome/content/rules/Wemfbox.ch.xml
index 2b4db1058709..6db5a9763fa5 100644
--- a/src/chrome/content/rules/Wemfbox.ch.xml
+++ b/src/chrome/content/rules/Wemfbox.ch.xml
@@ -1,4 +1,11 @@
-<!-- Connection refused:
+<!--
+	For other NET-Metrix coverage, see Net-metrix.ch.xml.
+
+	Note:	Customer get their own subdomains, but not all of them support HTTPS.
+		Most of them use an alias for HTTPS support (most common is *-ssl.wemfbox.ch).
+
+	Connection refused:
+		- ^
 		- 24heures.wemfbox.ch
 		- baz.wemfbox.ch
 		- actinnoc.wemfbox.ch
@@ -153,18 +160,42 @@
 		- zattoo.wemfbox.ch
 		- zsz.wemfbox.ch
 		- zuonline.wemfbox.ch
-
-		-->
+-->
 <ruleset name="wemfbox.ch (partial)">
 
 	<target host="www.wemfbox.ch" />
+
+	<target host="20minde.wemfbox.ch" />
+	<target host="20minde-ssl.wemfbox.ch" />
+
+	<target host="20minro.wemfbox.ch" />
 	<target host="20minro-ssl.wemfbox.ch" />
-	<target host="arci-ssl.wemfbox.ch" />
+
+	<target host="24heures.wemfbox.ch" />
+	<target host="24heures-ssl.wemfbox.ch" />
+
+	<target host="annabe.wemfbox.ch" />
+	<target host="anna-ssl.wemfbox.ch" />
+
 	<target host="arcinfo.wemfbox.ch" />
-	<target host="asct-ssl.wemfbox.ch" />
+	<target host="arci-ssl.wemfbox.ch" />
+
 	<target host="autosct.wemfbox.ch" />
+	<target host="asct-ssl.wemfbox.ch" />
 	<target host="baaonl-ssl.wemfbox.ch" />
 
+	<target host="anibis.wemfbox.ch" />
+	<target host="anib-ssl.wemfbox.ch" />
+
+	<target host="argovia.wemfbox.ch" />
+	<target host="argovia-ssl.wemfbox.ch" />
+
+	<target host="aznetz.wemfbox.ch" />
+	<target host="az-ssl.wemfbox.ch" />
+
+	<target host="baz.wemfbox.ch" />
+	<target host="baz-ssl.wemfbox.ch" />
+
 	<target host="blickonl.wemfbox.ch" />
 	<target host="blickonl-ssl.wemfbox.ch" />
 
@@ -179,6 +210,9 @@
 	<target host="cinema.wemfbox.ch" />
 	<target host="cinema-ssl.wemfbox.ch" />
 
+	<target host="cineman.wemfbox.ch" />
+	<target host="cineman-ssl.wemfbox.ch" />
+
 	<target host="coop.wemfbox.ch" />
 	<target host="coop-ssl.wemfbox.ch" />
 	<target host="coopz.wemfbox.ch" />
@@ -186,10 +220,12 @@
 
 	<target host="dood-ssl.wemfbox.ch" />
 
+	<target host="derbund.wemfbox.ch" />
+	<target host="derbund-ssl.wemfbox.ch" />
+
 	<target host="energyzh.wemfbox.ch" />
 	<target host="engy-ssl.wemfbox.ch" />
 
-
 	<target host="finan-ssl.wemfbox.ch" />
 	<target host="finanzen.wemfbox.ch" />
 	<target host="fininfo.wemfbox.ch" />
@@ -199,12 +235,19 @@
 
 	<target host="gmx-ssl.wemfbox.ch" />
 	<target host="gmxch.wemfbox.ch" />
+
 	<target host="golf-ssl.wemfbox.ch" />
 	<target host="golfs.wemfbox.ch" />
 
 	<target host="hebd-ssl.wemfbox.ch" />
 	<target host="hebdo.wemfbox.ch" />
 
+	<target host="help.wemfbox.ch" />
+	<target host="help-ssl.wemfbox.ch" />
+
+	<target host="illustre.wemfbox.ch" />
+	<target host="illu-ssl.wemfbox.ch" />
+
 	<target host="ippi-ssl.wemfbox.ch" />
 	<target host="isct-ssl.wemfbox.ch" />
 
@@ -218,7 +261,8 @@
 
 	<target host="migmag.wemfbox.ch" />
 	<target host="mima-ssl.wemfbox.ch" />
-	<target host="mobpro-ssl.wemfbox.ch" />	
+	<target host="mobpro-ssl.wemfbox.ch" />
+
 	<target host="moneyh.wemfbox.ch" />
 	<target host="monh-ssl.wemfbox.ch" />
 
@@ -228,20 +272,28 @@
 	<target host="newhome.wemfbox.ch" />
 	<target host="nhom-ssl.wemfbox.ch" />
 
+	<target host="newsnetz.wemfbox.ch" />
+	<target host="newsnetz-ssl.wemfbox.ch" />
+
 	<target host="nzz.wemfbox.ch" />
 	<target host="nzz-ssl.wemfbox.ch" />
 	<target host="olki-ssl.wemfbox.ch" />
 
+	<target host="partygui.wemfbox.ch" />
+	<target host="pgui-ssl.wemfbox.ch" />
+
 	<target host="pilatus-ssl.wemfbox.ch" />
+
 	<target host="qs.wemfbox.ch" />
 	<target host="qs-ssl.wemfbox.ch" />
 
 	<target host="regione.wemfbox.ch" />
 	<target host="regione-ssl.wemfbox.ch" />
 
-
 	<target host="rro.wemfbox.ch" />
 	<target host="rro-ssl.wemfbox.ch" />
+
+	<target host="rtn.wemfbox.ch" />
 	<target host="rtn-ssl.wemfbox.ch" />
 
 	<target host="rts.wemfbox.ch" />
@@ -253,6 +305,9 @@
 	<target host="search.wemfbox.ch" />
 	<target host="search-ssl.wemfbox.ch" />
 
+	<target host="sftv.wemfbox.ch" />
+	<target host="sftv-ssl.wemfbox.ch" />
+
 	<target host="sinf-ssl.wemfbox.ch" />
 
 	<target host="smilk.wemfbox.ch" />
@@ -265,124 +320,134 @@
 
 	<target host="sued-ssl.wemfbox.ch" />
 	<target host="survey.wemfbox.ch" />
-	
+
 	<target host="swissmom.wemfbox.ch" />
 	<target host="swissmom-ssl.wemfbox.ch" />
 	<target host="tag-ssl.wemfbox.ch" /> <!-- not clear which plain domain belongs to this -->
 
+	<target host="tagesw.wemfbox.ch" />
+	<target host="tagesw-ssl.wemfbox.ch" />
+
+	<target host="tagesanz.wemfbox.ch" />
+	<target host="tagi-ssl.wemfbox.ch" />
+
 	<target host="teleboy.wemfbox.ch" />
 	<target host="teleboy-ssl.wemfbox.ch" />
 
 	<target host="temp-ssl.wemfbox.ch" />
 	<target host="tempslib.wemfbox.ch" />
 
+	<target host="tdg.wemfbox.ch" />
+	<target host="tdg-ssl.wemfbox.ch" />
+
 	<target host="ticinonl.wemfbox.ch" />
 	<target host="ticinonl-ssl.wemfbox.ch" />
 
-
 	<target host="tutt-ssl.wemfbox.ch" />
 	<target host="tvsvizz-ssl.wemfbox.ch" />
 
+	<target host="usgang.wemfbox.ch" />
+	<target host="usgang-ssl.wemfbox.ch" />
+
 	<target host="vate-ssl.wemfbox.ch" />
 	<target host="vice-ssl.wemfbox.ch" />
 
+	<target host="watson.wemfbox.ch" />
+	<target host="watson-ssl.wemfbox.ch" />
+
+	<target host="wirelter.wemfbox.ch" />
 	<target host="we-ssl.wemfbox.ch" />
-	<target host="wetter.wemfbox.ch" />
+
 	<target host="wildeis.wemfbox.ch" />
 	<target host="wildeis-ssl.wemfbox.ch" />
 
+	<target host="wilmaa.wemfbox.ch" />
+	<target host="wilm-ssl.wemfbox.ch" />
+
 	<target host="woz.wemfbox.ch" />
 	<target host="woz-ssl.wemfbox.ch" />
 
 	<target host="zip.wemfbox.ch" />
 	<target host="zip-ssl.wemfbox.ch" />
 
+	<target host="zsz.wemfbox.ch" />
+	<target host="zsz-ssl.wemfbox.ch" />
+
 	<target host="zurinet-ssl.wemfbox.ch" />
 
 	<securecookie host="^\.wemfbox\.ch$" name="^i00$" />
 	<securecookie host="^\w+-ssl\.wemfbox\.ch$" name=".+" />
 
-	<test url="http://arcinfo.wemfbox.ch/" />
-	<test url="http://autosct.wemfbox.ch/" />
-	<test url="http://chbauer.wemfbox.ch/" />
-	<test url="http://energyzh.wemfbox.ch/" />
-	<test url="http://finanzen.wemfbox.ch/" />
-	<test url="http://gmxch.wemfbox.ch/" />
-	<test url="http://golfs.wemfbox.ch/" />
-	<test url="http://hebdo.wemfbox.ch/" />
-	<test url="http://migmag.wemfbox.ch/" />
-	<test url="http://moneyh.wemfbox.ch/" />
-	<test url="http://newhome.wemfbox.ch/" />
-	<test url="http://netmx.wemfbox.ch/" />
-	<test url="http://tempslib.wemfbox.ch/" />
-	<test url="http://wetter.wemfbox.ch/" />
-
-	<test url="http://blickonl.wemfbox.ch/" /> 
-	<test url="http://cash.wemfbox.ch/" /> 
-	<test url="http://cinema.wemfbox.ch/" /> 
-	<test url="http://coop.wemfbox.ch/" /> 
-	<test url="http://coopz.wemfbox.ch/" /> 
-	<test url="http://fininfo.wemfbox.ch/" /> 
-	<test url="http://qs.wemfbox.ch/" /> 
-	<test url="http://nzz.wemfbox.ch/" /> 
-	<test url="http://regione.wemfbox.ch/" /> 
-	<test url="http://rro.wemfbox.ch/" /> 
-	<test url="http://rts.wemfbox.ch/" /> 
-	<test url="http://sbb.wemfbox.ch/" /> 
-	<test url="http://search.wemfbox.ch/" /> 
-	<test url="http://smilk.wemfbox.ch/" /> 
-	<test url="http://sportal.wemfbox.ch/" /> 
-	<test url="http://swissmom.wemfbox.ch/" /> 
-	<test url="http://teleboy.wemfbox.ch/" /> 
-	<test url="http://ticinonl.wemfbox.ch/" /> 
-	<test url="http://wildeis.wemfbox.ch/" /> 
-	<test url="http://woz.wemfbox.ch/" /> 
-	<test url="http://zip.wemfbox.ch/" /> 
+		<rule from="^http://annabe\.wemfbox\.ch/"
+			to="https://anna-ssl.wemfbox.ch/" />
+
+		<rule from="^http://anibis\.wemfbox\.ch/"
+			to="https://anib-ssl.wemfbox.ch/" />
 
 		<rule from="^http://arcinfo\.wemfbox\.ch/"
-		to="https://arci-ssl.wemfbox.ch/" />
+			to="https://arci-ssl.wemfbox.ch/" />
 
 		<rule from="^http://autosct\.wemfbox\.ch/"
-		to="https://asct-ssl.wemfbox.ch/" />
+			to="https://asct-ssl.wemfbox.ch/" />
+
+		<rule from="^http://aznetz\.wemfbox\.ch/"
+			to="https://az-ssl.wemfbox.ch/" />
 
 		<rule from="^http://chbauer\.wemfbox\.ch/"
-		to="https://chba-ssl.wemfbox.ch/" />
+			to="https://chba-ssl.wemfbox.ch/" />
 
 		<rule from="^http://energyzh\.wemfbox\.ch/"
-		to="https://engy-ssl.wemfbox.ch/" />
+			to="https://engy-ssl.wemfbox.ch/" />
 
 		<rule from="^http://finanzen\.wemfbox\.ch/"
-		to="https://finan-ssl.wemfbox.ch/" />
+			to="https://finan-ssl.wemfbox.ch/" />
 
 		<rule from="^http://gmxch\.wemfbox\.ch/"
-		to="https://gmx-ssl.wemfbox.ch/" />
+			to="https://gmx-ssl.wemfbox.ch/" />
 
 		<rule from="^http://golfs\.wemfbox\.ch/"
-		to="https://golf-ssl.wemfbox.ch/" />
+			to="https://golf-ssl.wemfbox.ch/" />
 
 		<rule from="^http://hebdo\.wemfbox\.ch/"
-		to="https://hebd-ssl.wemfbox.ch/" />
+			to="https://hebd-ssl.wemfbox.ch/" />
+
+		<rule from="^http://illustre\.wemfbox\.ch/"
+			to="https://illu-ssl.wemfbox.ch/" />
 
 		<rule from="^http://migmag\.wemfbox\.ch/"
-		to="https://mima-ssl.wemfbox.ch/" />
+			to="https://mima-ssl.wemfbox.ch/" />
 
 		<rule from="^http://moneyh\.wemfbox\.ch/"
-		to="https://monh-ssl.wemfbox.ch/" />
+			to="https://monh-ssl.wemfbox.ch/" />
 
 		<rule from="^http://newhome\.wemfbox\.ch/"
-		to="https://nhom-ssl.wemfbox.ch/" />
+			to="https://nhom-ssl.wemfbox.ch/" />
 
 		<rule from="^http://netmx\.wemfbox\.ch/"
-		to="https://netmetrix-ssl.wemfbox.ch/" />
+			to="https://netmetrix-ssl.wemfbox.ch/" />
+
+		<rule from="^http://partygui\.wemfbox\.ch/"
+			to="https://pgui-ssl.wemfbox.ch/" />
+
+		<!-- Note 2018-02-24: qs-ssl.wemfbox.ch serves an incomplete cert chain. -->
+		<rule from="^http://qs-ssl\.wemfbox\.ch/"
+			to="https://qs.wemfbox.ch/" />
+
+		<rule from="^http://tagesanz\.wemfbox\.ch/"
+			to="https://tagi-ssl.wemfbox.ch/" />
 
 		<rule from="^http://tempslib\.wemfbox\.ch/"
-		to="https://temp-ssl.wemfbox.ch/" />
+			to="https://temp-ssl.wemfbox.ch/" />
+
+		<rule from="^http://wirelter\.wemfbox\.ch/"
+			to="https://we-ssl.wemfbox.ch/" />
 
-		<rule from="^http://wetter\.wemfbox\.ch/"
-		to="https://we-ssl.wemfbox.ch/" />
+		<rule from="^http://wilmaa\.wemfbox\.ch/"
+			to="https://wilm-ssl.wemfbox.ch/" />
 
-		<rule from="^http://(argovia|blickonl|cash|cinema|coop|coopz|fininfo|qs|nzz|regione|rro|rtn|rts|sbb|search|smilk|sportal|swissmom|teleboy|ticinonl|wildeis|woz|zip)\.wemfbox\.ch/"
-		to="https://$1-ssl.wemfbox.ch/" />
+		<!-- Refused without "*-ssl" suffix -->
+		<rule from="^http://(20minde|20minro|24heures|argovia|baz|blickonl|cash|cinema|cineman|coop|coopz|derbund|fininfo|help|newsnetz|nzz|regione|rro|rtn|rts|sbb|search|sftv|smilk|sportal|swissmom|tagesw|teleboy|tdg|ticinonl|usgang|watson|wildeis|woz|zip|zsz)\.wemfbox\.ch/"
+			to="https://$1-ssl.wemfbox.ch/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Wennect.info.xml b/src/chrome/content/rules/Wennect.info.xml
index 5adee4b1d7af..cbe620325a6e 100644
--- a/src/chrome/content/rules/Wennect.info.xml
+++ b/src/chrome/content/rules/Wennect.info.xml
@@ -5,7 +5,8 @@
 <ruleset name="Wennect.info">
 
 	<target host="wennect.info" />
-	<target host="*.wennect.info" />
+	<target host="admin.wennect.info" />
+	<target host="www.wennect.info" />
 
 
 	<rule from="^http://(?:(admin\.)|www\.)?wennect\.info/"
diff --git a/src/chrome/content/rules/WestJet.xml b/src/chrome/content/rules/WestJet.xml
index c4357b79280a..6a1ebd8a141d 100644
--- a/src/chrome/content/rules/WestJet.xml
+++ b/src/chrome/content/rules/WestJet.xml
@@ -1,9 +1,9 @@
 <ruleset name="West Jet">
   <target host="westjet.com" />
-  <target host="*.westjet.com" />
+  <target host="hg.westjet.com" />
+  <target host="www.westjet.com" />
 
   <rule from="^http://westjet\.com/"
           to="https://www.westjet.com/" />
-  <rule from="^http://(hg|www)\.westjet\.com/"
-          to="https://$1.westjet.com/" />
-</ruleset>
\ No newline at end of file
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/West_Devon.gov.uk.xml b/src/chrome/content/rules/West_Devon.gov.uk.xml
index cee9a7d94edd..cbdb7fe4f27e 100644
--- a/src/chrome/content/rules/West_Devon.gov.uk.xml
+++ b/src/chrome/content/rules/West_Devon.gov.uk.xml
@@ -14,7 +14,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="West Devon.gov.uk (partial)" default_off="missing certificate chain">
+<ruleset name="West Devon.gov.uk (partial)" default_off="cert-chain">
 
 	<target host="westdevon.gov.uk" />
 	<target host="www.westdevon.gov.uk" />
diff --git a/src/chrome/content/rules/West_Orange_History.xml b/src/chrome/content/rules/West_Orange_History.xml
index 45d39c04b2fd..0429d895d2df 100644
--- a/src/chrome/content/rules/West_Orange_History.xml
+++ b/src/chrome/content/rules/West_Orange_History.xml
@@ -17,4 +17,4 @@
 	<rule from="^http://(?:www\.)?westorangehistory\.com/"
 		to="https://westorangehistory.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/West_Virginia_University-problematic.xml b/src/chrome/content/rules/West_Virginia_University-problematic.xml
deleted file mode 100644
index 18bcf504d2af..000000000000
--- a/src/chrome/content/rules/West_Virginia_University-problematic.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For rules that are on by default, see West_Virginia_University.xml.
-
--->
-<ruleset name="West Virginia University (problematic)" default_off="mismatched">
-
-	<target host="beta.campusmap.wvu.edu" />
-	<target host="*.hr.wvu.edu" />
-	<target host="simpleforms.scripts.wvu.edu" />
-	<target host="*.slate.wvu.edu" />
-		<!--
-			Handled in West_Virginia_University.xml:
-								-->
-		<exclusion pattern="^http://(?:www\.)?assets\.slate\.wvu\.edu/resources/" />
-	<target host="*.ur.wvu.edu" />
-
-
-	<securecookie host="^(?:beta\.campusmap|(?:benefits(?:admin)?|classcomp|employee(?:relation|wellnes)s|employmentservices|medicalmanagement|mountaineertemps|studentemployment|tnd)\.hr|(?:oric|osp)\.research|simpleforms\.scripts|assets\.slate|web\.ur)\.wvu\.edu$" name=".+" />
-
-
-	<rule from="^http://(beta\.campusmap|employmentservices\.hr|simpleforms\.scripts)\.wvu\.edu/"
-		to="https://$1.wvu.edu/" />
-
-	<rule from="^http://(?:www\.)?((?:benefits(?:admin)?|classcomp|employee(?:relation|wellnes)s|employment|medicalmanagement|mountaineertemps|studentemployment|tnd)\.hr|(?:oric|osp)\.research|assets\.slate|web\.ur)\.wvu\.edu/"
-		to="https://$1.wvu.edu/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/West_Virginia_University.xml b/src/chrome/content/rules/West_Virginia_University.xml
deleted file mode 100644
index f34c58b49689..000000000000
--- a/src/chrome/content/rules/West_Virginia_University.xml
+++ /dev/null
@@ -1,205 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://wvu.edu/ => https://wvu.edu/: (7, 'Failed to connect to wvu.edu port 443: Connection refused')
-
-	For problematic rules, see West_Virginia_University-problematic.xml.
-
-
-	Nonfunctional subdomains:
-
-		- www.ce *
-		- directory	(http reply)
-		- fom **
-		- (www.)health *
-
-		- hsc subdomains:
-
-			- dentistry *
-			- directory	(reset)
-			- home *
-			- nursing *
-			- pharmacy *
-			- publichealth *
-
-		- kuali ***
-
-		- lib subdomains:
-
-			- agnic **
-			- findingaids **
-			- iai **
-			- illiad ***
-			- mountainlynx **
-			- wvrhc		(shows enginecms.lib; mismatched, CN: enginecms.lib.wvu.edu)
-
-		- search
-		- idquery.wvu-ad ***
-
-	* Shows www.hsc; mismatched, CN: www.hsc.wvu.edu
-	** Refused
-	*** Dropped
-
-
-	Problematic domains:
-
-		- www.admissions *
-		- beta.campusmap *
-		- www.eberly *
-		- www.emergency *
-		- www.finaid *
-
-		- hr subdomains:
-
-			- (www.)benefits *
-			- (www.)benefitsadmin *
-			- (www.)classcomp *
-			- (www.)employeerelations *
-			- (www.)employeewellness *
-			- (www.)employment *
-			- employmentservices *
-			- (www.)medicalmanagement *
-			- (www.)mountaineertemps *
-			- (www.)studentemployment *
-			- (www.)tnd *
-			- www *
-
-		- hsc		(\w+ 404s, valid cert)
-		- medicine.hsc	(shows www.hsc)
-		- www.itunes *
-		- www.law *
-		- libguides	(mismatched, CN: *.libguides.com)
-		- libraries	(cert only matches www.libraries)
-		- www.mix *
-		- www.oit *
-		- www.protected *
-		- (www.)oric.research *
-		- (www.)osp.research *
-		- www.research *
-		- (www.)simpleforms.scripts *
-		- (www.)assets.slate *
-		- www.slate
-		- www.slatecms *
-		- (www.)web.ur *
-		- www.wvutoday *
-
-	* Works, cert only matches *.wvu.edu
-
-
-	Partially covered subdomains:
-
-		- medicine.hsc		(→ www.hsc)
-		- libguides			(→ libguides.com, $ redirects to http)
-		- www.simpleforms.scripts	(→ www)
-		- (www.)assets.slate		(→ slate)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- about
-		- (www.)admissions	(www → ^)
-		- apply
-		- brand
-		- cal
-		- calendar
-		- careerservices
-		- cas
-		- connect
-		- (www.)eberly		(www → ^)
-		- facebook
-		- (www.)finaid		(www → ^)
-		- financialaid
-		- (www.)emergency	(www → ^)
-		- ferpa
-		- grad
-		- (www.)hr		(www → ^)
-
-		- hsc subdomains:
-
-			- autodiscover
-			- exweb
-			- sole
-			- www
-
-		- (www.)itunes		(www → ^)
-		- kc
-		- (www.)law		(www → ^)
-
-		- lib subdomains:
-
-			- enginecms
-			- mediasite
-			- mediasitehscmed
-			- reserves
-			- systems
-
-		- (www.)libraries	(^ → www)
-		- map
-		- (www.)mix		(www → ^)
-		- mixinfo
-		- myaccess
-		- myapps
-		- myid
-		- nanosafe
-		- (www.)oit		(www → ^)
-		- (www.)protected	(www → ^)
-		- (www.)research	(www → ^)
-		- researchoffice
-		- sharedresearchfacilities
-		- (www.)slate		(www → ^)
-		- (www.)slatecms	(www → ^)
-		- studentaccounts
-		- tour
-		- twitter
-		- webservices
-		- wvudownloads
-		- wvugw
-		- (www.)wvutoday	(www → ^)
-
--->
-<ruleset name="West Virginia University (partial)" default_off='failed ruleset test'>
-
-	<target host="wvu.edu" />
-	<target host="*.wvu.edu" />
-
-
-	<!--securecookie host="^\.wvu\.edu$" name="^fos\.web\.server$" /-->
-	<securecookie host="^\.wvu\.edu$" name="^(?:fos\.secure\.web\.server|slate_\w{32}|_wvutodaystaging_1\.0\.0)$" />
-	<securecookie host="^(?:about|admissions|apply|brand|cal|calendar|careerservices|cas|connect|eberly|emergency|facebook|ferpa|finaid|financialaid|grad|hr|(?:exweb|www)\.hsc|itunes|kc|law|(?:enginecms|mediasite(?:hscmed)?|reserves|systems)\.lib|www\.libraries|map|mix|mixinfo|myapps|myid|nanosafe|research(?:office)?|sharedresearchfacilities|slate|slatecms|studentaccounts|tour|twitter|webservices|wvudownloads|wvugw|wvutoday|www)\.wvu\.edu$" name=".+" />
-
-
-	<rule from="^http://((?:about|apply|brand|cal|calendar|careerservices|cas|connect|facebook|ferpa|financialaid|grad|(?:autodiscover|exweb|sole|www)\.hsc|kc|(?:enginecms|mediasite(?:hscmed)?|reserves|systems)\.lib|map|mixinfo|myaccess|myapps|myid|nanosafe|researchoffice|sharedresearchfacilities|tour|twitter|webservices|wvudownloads|wvugw|www)\.)?wvu\.edu/"
-		to="https://$1wvu.edu/" />
-
-	<!--	Domains for which both ^ & www exist, but cert is only valid for ^:
-											-->
-	<rule from="^http://(?:www\.)?(admissions|eberly|emergency|finaid|hr|itunes|law|mix|oit|protected|research|slate|slatecms|studentaccounts|wvutoday)\.wvu\.edu/"
-		to="https://$1.wvu.edu/" />
-
-	<rule from="^http://libguides\.wvu\.edu/(css\d*/|data/|favicon\.ico|images/|include/|js\d*/)"
-		to="https://libguides.com/$1" />
-
-	<rule from="^http://(?:www\.)?libraries\.wvu\.edu/"
-		to="https://www.libraries.wvu.edu/" />
-
-	<rule from="^http://medicine\.hsc\.wvu\.edu/(?:\?.*)$"
-		to="https://www.hsc.wvu.edu/som" />
-
-	<!--	Everything but $ redirects like so:
-							-->
-	<rule from="^http://www\.simpleforms\.scripts\.wvu\.edu/(?!\?).+"
-		to="https://www.wvu.edu/error/404.html" />
-
-	<!--	This avoids some mixed images on connect, ferpa, financialaid, grad, hr, law, map, nanosafe, research, & slatecms.
-		Note that assets.slate.../$ and slate.../$ are not identical.
-									-->
-	<rule from="^http://(?:www\.)?assets\.slate\.wvu\.edu/resources/"
-		to="https://slate.wvu.edu/resources/" />
-
-	<!--	Server drops path:
-					-->
-	<rule from="^http://www\.slate\.wvu\.edu/[^?]*(\?.*)?"
-		to="https://slate.wvu.edu/$1" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml b/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml
index e7fe2afb0e59..357ca5d1c50b 100644
--- a/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml
+++ b/src/chrome/content/rules/West_Yorkshire_Observatory.org.xml
@@ -28,7 +28,7 @@ Fetch error: http://www.westyorkshireobservatory.org/ => https://westyorkshireob
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="West Yorkshire Observatory.org" default_off='failed ruleset test'>
+<ruleset name="West Yorkshire Observatory.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Westconsin_Credit_Union.xml b/src/chrome/content/rules/Westconsin_Credit_Union.xml
index 195d1810b7e6..b3d6da049874 100644
--- a/src/chrome/content/rules/Westconsin_Credit_Union.xml
+++ b/src/chrome/content/rules/Westconsin_Credit_Union.xml
@@ -7,7 +7,7 @@
 <ruleset name="Westconsin Credit Union">
 
 	<target host="westconsincu.org" />
-	<target host="*.westconsincu.org" />
+	<target host="www.westconsincu.org" />
 	<target host="westconsincuhb.org" />
 	<target host="www.westconsincuhb.org" />
 
@@ -16,10 +16,9 @@
 	<securecookie host="^www\.westconsincuhb\.org$" name=".+" />
 
 
-	<rule from="^http://(www\.)?westconsincu\.org/"
-		to="https://$1westconsincu.org/" />
 
 	<rule from="^http://(?:www\.)?westconsincuhb\.org/"
 		to="https://www.westconsincuhb.org/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Western_Union.xml b/src/chrome/content/rules/Western_Union.xml
index 5a622536ffbc..0018789531cc 100644
--- a/src/chrome/content/rules/Western_Union.xml
+++ b/src/chrome/content/rules/Western_Union.xml
@@ -51,7 +51,7 @@ Non-2xx HTTP code: http://westernunion.com/ (200) => https://westernunion.com/ (
 		- agentportal.westernunion.com
 
 -->
-<ruleset name="Western Union.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Western Union.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WestlandUtrecht.xml b/src/chrome/content/rules/WestlandUtrecht.xml
index ce8efa190b2f..6cf2588156fd 100644
--- a/src/chrome/content/rules/WestlandUtrecht.xml
+++ b/src/chrome/content/rules/WestlandUtrecht.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.mijnwestlandutrecht.nl/ => https://mijnwestlandutrecht.n
 Fetch error: http://mijnwestlandutrecht.nl/ => https://mijnwestlandutrecht.nl/: (7, 'Failed to connect to mijnwestlandutrecht.nl port 443: Connection refused')
 
 -->
-<ruleset name="WestlandUtrecht Bank" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="WestlandUtrecht Bank" platform="mixedcontent" default_off="failed ruleset test">
   <!-- Rule created by Jeroen van der Gun -->
 
   <target host="www.westlandutrecht.nl" />
diff --git a/src/chrome/content/rules/Westlaw.com.xml b/src/chrome/content/rules/Westlaw.com.xml
index 3fb55d04bd1f..692d141e01df 100644
--- a/src/chrome/content/rules/Westlaw.com.xml
+++ b/src/chrome/content/rules/Westlaw.com.xml
@@ -3,7 +3,7 @@
 
 
 	Problematic hosts in *westlaw.com:
- 
+
 		- ^ *
 		- store *
 
diff --git a/src/chrome/content/rules/Westminster.gov.uk.xml b/src/chrome/content/rules/Westminster.gov.uk.xml
index caf044f2d4d6..80e8a97fef85 100644
--- a/src/chrome/content/rules/Westminster.gov.uk.xml
+++ b/src/chrome/content/rules/Westminster.gov.uk.xml
@@ -57,14 +57,14 @@ Fetch error: http://partnerweb.westminster.gov.uk/ => https://partnerweb.westmin
 		- css on openforum from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- cleanstreets from $self
 			- elibrary from trib.ent.sirsidynix.net.uk ˢ
 
 	ˢ Secured by us
 
 -->
-<ruleset name="Westminster.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Westminster.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Westpac.com.au.xml b/src/chrome/content/rules/Westpac.com.au.xml
index 19b0262fe237..305ad8b161aa 100644
--- a/src/chrome/content/rules/Westpac.com.au.xml
+++ b/src/chrome/content/rules/Westpac.com.au.xml
@@ -167,7 +167,7 @@
 		- xylofx	(r)
 		- yellow	(t)
 		- www.yourbankyoursay	(m)
-		
+
 	e: expired certificate
 	h: http redirect
 	m: certificate mismatch
diff --git a/src/chrome/content/rules/Wetter.de.xml b/src/chrome/content/rules/Wetter.de.xml
deleted file mode 100644
index 61a9d3a17ae8..000000000000
--- a/src/chrome/content/rules/Wetter.de.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Refused:
-		- ^wetter.de
-		- ori.wetter.de
--->
-<ruleset name="Wetter.de">
-	<target host="wetter.de" />
-	<target host="www.wetter.de" />
-	<target host="ais.wetter.de" />
-	<target host="api.wetter.de" />
-
-	<rule from="^http://wetter\.de/"
-		to="https://www.wetter.de/" />
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wettergefahren.de.xml b/src/chrome/content/rules/Wettergefahren.de.xml
new file mode 100644
index 000000000000..3dd3ab94e6ba
--- /dev/null
+++ b/src/chrome/content/rules/Wettergefahren.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="Wettergefahren.de">
+
+	<target host="wettergefahren.de" />
+	<target host="www.wettergefahren.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wg_cdn.net.xml b/src/chrome/content/rules/Wg_cdn.net.xml
deleted file mode 100644
index a78af6db847a..000000000000
--- a/src/chrome/content/rules/Wg_cdn.net.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Other Wengo rulesets:
-
-		- Astrocentro.com.xml
-
-
-	Problematic subdomains:
-
-		- www[12] *
-
-	* 403; mismatched, CN: secure.wengo.com
-
--->
-<ruleset name="Wg cdn.net">
-
-	<target host="*.wgcdn.net" />
-
-
-	<rule from="^http://(?:www\d|secure)\.wgcdn\.net/"
-		to="https://secure.wgcdn.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WhatCanIDoForMozilla.org.xml b/src/chrome/content/rules/WhatCanIDoForMozilla.org.xml
new file mode 100644
index 000000000000..355d396e1b15
--- /dev/null
+++ b/src/chrome/content/rules/WhatCanIDoForMozilla.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="WhatCanIDoForMozilla.org">
+	<target host="whatcanidoformozilla.org" />
+	<target host="www.whatcanidoformozilla.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhatPulse.org.xml b/src/chrome/content/rules/WhatPulse.org.xml
index d2e9ada4f874..2d81c5514a1a 100644
--- a/src/chrome/content/rules/WhatPulse.org.xml
+++ b/src/chrome/content/rules/WhatPulse.org.xml
@@ -13,7 +13,7 @@ Fetch error: http://api.whatpulse.org/ => https://api.whatpulse.org/: (60, 'SSL
 		- developer.whatpulse.org (https://github.com/EFForg/https-everywhere/pull/4882)
 
 -->
-<ruleset name="WhatPulse.org" default_off='failed ruleset test'>
+<ruleset name="WhatPulse.org" default_off="failed ruleset test">
 	<target host="whatpulse.org" />
 	<target host="api.whatpulse.org" />
 
diff --git a/src/chrome/content/rules/WhatReallyHappened.com.xml b/src/chrome/content/rules/WhatReallyHappened.com.xml
new file mode 100644
index 000000000000..fba7a6159ba9
--- /dev/null
+++ b/src/chrome/content/rules/WhatReallyHappened.com.xml
@@ -0,0 +1,12 @@
+<!-- whatreallyhappened.com has both a wildcard DNS record and a wildcard certificate. Any subdomain is valid, but all have same content. -->
+<ruleset name="WhatReallyHappened.com">
+	<target host="whatreallyhappened.com" />
+	<target host="*.whatreallyhappened.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.whatreallyhappened.com/" />
+	<test url="http://yzyhzsu6sn6ckav9.whatreallyhappened.com/" />
+	<test url="http://ypuouw3c3v84zsdr.whatreallyhappened.com/" />
+	<test url="http://x1gygz1l79oaecia.whatreallyhappened.com/" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhatsApp.com.xml b/src/chrome/content/rules/WhatsApp.com.xml
deleted file mode 100644
index 63e07d0938f6..000000000000
--- a/src/chrome/content/rules/WhatsApp.com.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-	Other WhatsApp rulesets:
-
-		- whatsappbrand.com.xml
-
-
-	STS header includes includeSubdomains.
-
--->
-<ruleset name="WhatsApp.com">
-
-	<target host="whatsapp.com" />
-	<target host="*.whatsapp.com" />
-
-		<!--	STS header applies to one level only, so:
-								-->
-		<exclusion pattern="^http://(?:[^./]+\.){2,}whatsapp\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.whatsapp.com/" />
-			<test url="http://exists.not.whatsapp.com/" />
-
-		<test url="http://blog.whatsapp.com/" />
-		<test url="http://media.whatsapp.com/" />
-		<test url="http://translate.whatsapp.com/" />
-		<test url="http://web.whatsapp.com/" />
-		<test url="http://www.whatsapp.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Whatsbroadcast.com.xml b/src/chrome/content/rules/Whatsbroadcast.com.xml
index c2c3093715e4..a5019bd05996 100644
--- a/src/chrome/content/rules/Whatsbroadcast.com.xml
+++ b/src/chrome/content/rules/Whatsbroadcast.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.widget.whatsbroadcast.com/ => https://www.widget.whatsbr
 Fetch error: http://www2.whatsbroadcast.com/ => https://www2.whatsbroadcast.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www2.whatsbroadcast.com'")
 
 -->
-<ruleset name="Whatsbroadcast" default_off='failed ruleset test'>
+<ruleset name="Whatsbroadcast" default_off="failed ruleset test">
 
 	<target host="whatsbroadcast.com"/>
 	<target host="api.whatsbroadcast.com"/>
diff --git a/src/chrome/content/rules/Where.com.xml b/src/chrome/content/rules/Where.com.xml
index 563a8bc6bd4a..f31afa724e67 100644
--- a/src/chrome/content/rules/Where.com.xml
+++ b/src/chrome/content/rules/Where.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://upstream.where.com/ => https://upstream.where.com/: (7, 'Fai
 		- .where.com
 
 -->
-<ruleset name="Where.com" default_off='failed ruleset test'>
+<ruleset name="Where.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WhippleHill.com.xml b/src/chrome/content/rules/WhippleHill.com.xml
new file mode 100644
index 000000000000..1855bf92a110
--- /dev/null
+++ b/src/chrome/content/rules/WhippleHill.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- whipplehill.com
+		- www.whipplehill.com
+
+		SSL peer certificate was not OK:
+		- content.whipplehill.com
+		- videos.whipplehill.com
+		- www2.whipplehill.com
+-->
+<ruleset name="WhippleHill.com">
+	<target host="webservice.whipplehill.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhippleHill.xml b/src/chrome/content/rules/WhippleHill.xml
deleted file mode 100644
index adf0e23ad97c..000000000000
--- a/src/chrome/content/rules/WhippleHill.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- schoolpress.cdn.whipplehill.net.s3.amazonaws.com
-
-
-	Problematic domains:
-
-		- www2.whipplehill.com		(works; mismatched, CN: *.pardot.com)
-
-
-	Nonfunctional domains:
-
-		- (www.)whipplehill.com		(refused)
-
--->
-<ruleset name="WilliamHill (partial)">
-
-	<target host="www2.whipplehill.com" />
-		<!--
-			Redirects to www:
-						-->
-		<exclusion pattern="^http://www2\.whipplehill\.com/(?:\?.*)?$" />
-	<target host="schoolpress.cdn.whipplehill.net" />
-
-
-	<rule from="^http://www2\.whipplehill\.com/"
-		to="https://go.pardot.com/" />
-
-	<rule from="^http://schoolpress\.cdn\.whipplehill\.net/"
-		to="https://s3.amazonaws.com/schoolpress.cdn.whipplehill.net/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Whirlpool.xml b/src/chrome/content/rules/Whirlpool.xml
deleted file mode 100644
index d3ac2f6be151..000000000000
--- a/src/chrome/content/rules/Whirlpool.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<ruleset name="Whirlpool">
-
-	<target host="whirlpool.net.au" />
-	<target host="www.whirlpool.net.au" />
-	<target host="bc.whirlpool.net.au" />
-	<target host="forums.whirlpool.net.au" />
-
-    <test url="http://whirlpool.net.au/" />
-    <test url="http://forums.whirlpool.net.au/" />
-    <test url="http://bc.whirlpool.net.au/" />
-
-	<securecookie host="^\.whirlpool\.net\.au$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Whiskey-Media.xml b/src/chrome/content/rules/Whiskey-Media.xml
deleted file mode 100644
index f69887479bdc..000000000000
--- a/src/chrome/content/rules/Whiskey-Media.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://auth.whiskeymedia.com/ => https://auth.whiskeymedia.com/: (6, 'Could not resolve host: auth.whiskeymedia.com')
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://media.screened.com/ => https://s3.amazonaws.com/media.screened.com/: (6, 'Could not resolve host: media.screened.com')
-Fetch error: http://auth.whiskeymedia.com/ => https://auth.whiskeymedia.com/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://media.corp.whiskeymedia.com/ => https://s3.amazonaws.com/media.corp.whiskeymedia.com/: (6, 'Could not resolve host: media.corp.whiskeymedia.com')
-	CDN buckets:
-
-		- ddjhyz888xk1m.cloudfront.net
-		- dh3vbjnk0bnfa.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- comicvine.com		(cert: auth.whiskeymedia.com; redirects there)
-		- www.comicvine.com	(ditto)
-		- giantbomb.com		(cert: auth.whiskeymedia.com; redirects there)
-		- store.giantbomb.com	(cert: *.myshopify.com; redirects to http)
-		- www.giantbomb.com	(cert: auth.whiskeymedia.com; redirects there)
-		- tested.com
-		- www.tested.com
-		- whiskeymedia.com	(cert: auth.whiskeymedia.com; redirects there)
-		- www.whiskeymedia.com	(ssl_error_rx_record_too_long)
-
--->
-<ruleset name="Whiskey Media (partial)" default_off='failed ruleset test'>
-
-	<target host="*.comicvine.com" />
-	<target host="media.screened.com" />
-	<target host="files.tested.com" />
-	<target host="auth.whiskeymedia.com" />
-	<target host="media.corp.whiskeymedia.com" />
-
-	<rule from="^http://auth\.(comicvine|whiskeymedia)\.com/"
-		to="https://auth.$1.com/" />
-
-	<rule from="^http://media\.(comicvine|screened|corp\.whiskeymedia)\.com/"
-		to="https://s3.amazonaws.com/media.$1.com/" />
-
-	<rule from="^http://files\.tested\.com/"
-		to="https://ddjhyz888xk1m.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Whisper-Gifts.xml b/src/chrome/content/rules/Whisper-Gifts.xml
index a10eeb944f1d..f53c911e6a9d 100644
--- a/src/chrome/content/rules/Whisper-Gifts.xml
+++ b/src/chrome/content/rules/Whisper-Gifts.xml
@@ -1,16 +1,17 @@
+<!--
+	Nonfunctional subdomains:
+		- whispergifts.com	(invalid cert)
+-->
 <ruleset name="Whisper Gifts (partial)">
 
 	<target host="whispergifts.com" />
 	<target host="www.whispergifts.com" />
 
 
-	<!--	Unsupported paths redirect to www, so this is safe.	-->
 	<rule from="^http://whispergifts\.com/"
-		to="https://whispergifts.com/" />
+		to="https://www.whispergifts.com/" />
 
-	<!--	There may be more paths than are
-		handled here that don't redirect to http.	-->
-	<rule from="^http://www\.whispergifts/(media/|whisper/(?:login|manage|signup))"
-		to="https://www.whispergifts/$1" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Whisper.sh.xml b/src/chrome/content/rules/Whisper.sh.xml
index bd832aa266ee..7ab5d0d9862f 100644
--- a/src/chrome/content/rules/Whisper.sh.xml
+++ b/src/chrome/content/rules/Whisper.sh.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.whisper.sh/ => https://www.whisper.sh/: Too many redirec
 		- support		(hostname mismatch, CN: *.desk.com, desk.com)
 		- your-voice.org        (connection refused)
 -->
-<ruleset name="Whisper.sh (partial)" default_off='failed ruleset test'>
+<ruleset name="Whisper.sh (partial)" default_off="failed ruleset test">
 	<target host=    "whisper.sh" />
 	<target host="www.whisper.sh" />
 
diff --git a/src/chrome/content/rules/WhiteFence.com.xml b/src/chrome/content/rules/WhiteFence.com.xml
deleted file mode 100644
index 2c4fb9e2a8a5..000000000000
--- a/src/chrome/content/rules/WhiteFence.com.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://whitefence.com/ => https://www.whitefence.com/: Cycle detected - URL already encountered: https://www.whitefence.com/
-	Nonfunctional subdomains:
-
-		- affiliateprogram *
-		- b2b			(redirects to 404; mismatched, CN: www.whitefence.com)
-		- energy *
-		- green **
-		- information *
-		- partners **
-		- savings *
-		- wfindex *
-
-	* Shows ordersearch; mismatched, CN: ordersearch.whitefence.com
-	** Shows connectmyphone.com; mismatched, CN: www.connectmyphone.com
-
-
-	Problematic subdomains:
-
-		- ^	(cert only matches www)
-		- www2	(works, expired 2010-10-24)
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- ox-d
-
--->
-<ruleset name="WhiteFence.com (partial)">
-
-	<target host="whitefence.com" />
-	<target host="*.whitefence.com" />
-
-
-	<securecookie host="^ox-d\.whitefence\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?whitefence\.com/"
-		to="https://www.whitefence.com/" />
-
-	<rule from="^http://ox-d\.whitefence\.com/"
-		to="https://ox-d.whitefence.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WhiteThreadInstitute.org.xml b/src/chrome/content/rules/WhiteThreadInstitute.org.xml
new file mode 100644
index 000000000000..74d9ef2bde38
--- /dev/null
+++ b/src/chrome/content/rules/WhiteThreadInstitute.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhiteThreadInstitute.org">
+	<target host="whitethreadinstitute.org" />
+	<target host="www.whitethreadinstitute.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhiteThreadPress.com.xml b/src/chrome/content/rules/WhiteThreadPress.com.xml
new file mode 100644
index 000000000000..b485ceec7338
--- /dev/null
+++ b/src/chrome/content/rules/WhiteThreadPress.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhiteThreadPress.com">
+	<target host="whitethreadpress.com" />
+	<target host="www.whitethreadpress.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/White_Lisbon.com.xml b/src/chrome/content/rules/White_Lisbon.com.xml
index a5aef19b974a..34c907b22f7a 100644
--- a/src/chrome/content/rules/White_Lisbon.com.xml
+++ b/src/chrome/content/rules/White_Lisbon.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://mail.whitelisbon.com/ => https://mail.whitelisbon.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="White Lisbon.com" default_off='failed ruleset test'>
+<ruleset name="White Lisbon.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Whiteout.io.xml b/src/chrome/content/rules/Whiteout.io.xml
deleted file mode 100644
index 192bf8f31e15..000000000000
--- a/src/chrome/content/rules/Whiteout.io.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="Whiteout.io">
-
-	<target host="whiteout.io" />
-	<target host="blog.whiteout.io" />
-	<target host="www.whiteout.io" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WhitneyWisconsinFans.com.xml b/src/chrome/content/rules/WhitneyWisconsinFans.com.xml
new file mode 100644
index 000000000000..082a47ea9c17
--- /dev/null
+++ b/src/chrome/content/rules/WhitneyWisconsinFans.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhitneyWisconsinFans.com">
+	<target host="whitneywisconsinfans.com" />
+	<target host="www.whitneywisconsinfans.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Who.is.xml b/src/chrome/content/rules/Who.is.xml
index cd7c29f28636..c5dac804a631 100644
--- a/src/chrome/content/rules/Who.is.xml
+++ b/src/chrome/content/rules/Who.is.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WhoIsJuan.me.xml b/src/chrome/content/rules/WhoIsJuan.me.xml
new file mode 100644
index 000000000000..8e9814f7f2a8
--- /dev/null
+++ b/src/chrome/content/rules/WhoIsJuan.me.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		- whoisjuan.me, equivalent to www.whoisjuan.me
+-->
+
+<ruleset name="WhoIsJuan.me">
+	<target host="whoisjuan.me" />
+	<target host="www.whoisjuan.me" />
+
+	<rule from="^http://whoisjuan\.me/"
+		to="https://www.whoisjuan.me/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WhoSampled.com.xml b/src/chrome/content/rules/WhoSampled.com.xml
index 8bddda069df5..4bca801186a9 100644
--- a/src/chrome/content/rules/WhoSampled.com.xml
+++ b/src/chrome/content/rules/WhoSampled.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.whosampled.com/ => http://www.whosampled.com/: (7, 'Fail
 	* Secured by us
 
 -->
-<ruleset name="WhoSampled.com (partial)" default_off='failed ruleset test'>
+<ruleset name="WhoSampled.com (partial)" default_off="failed ruleset test">
 
 	<target host="whosampled.com" />
 	<target host="www.whosampled.com" />
diff --git a/src/chrome/content/rules/WhoSpendsMoney.com.xml b/src/chrome/content/rules/WhoSpendsMoney.com.xml
new file mode 100644
index 000000000000..39a4d01d1077
--- /dev/null
+++ b/src/chrome/content/rules/WhoSpendsMoney.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="WhoSpendsMoney.com">
+	<target host="whospendsmoney.com" />
+	<target host="www.whospendsmoney.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Whoer.net.xml b/src/chrome/content/rules/Whoer.net.xml
new file mode 100644
index 000000000000..5debae8b0753
--- /dev/null
+++ b/src/chrome/content/rules/Whoer.net.xml
@@ -0,0 +1,72 @@
+<!--
+	Could not resolve host:
+		gkskm1438867.br.whoer.net
+		rbysz1438864.br.whoer.net
+		nl3-speed.whoer.net
+		www.tcp.whoer.net
+		tcp9.whoer.net
+		ua3-speed.whoer.net
+		uk2-speed.whoer.net
+
+	OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to:
+		ca1-speed.whoer.net
+		ca2-speed.whoer.net
+		ch1-speed.whoer.net
+		ch2-speed.whoer.net
+		de1-speed.whoer.net
+		de2-speed.whoer.net
+		de3-speed.whoer.net
+		es1-speed.whoer.net
+		fr1-speed.whoer.net
+		fr2-speed.whoer.net
+		fr3-speed.whoer.net
+		hk1-speed.whoer.net
+		it1-speed.whoer.net
+		nl1-speed.whoer.net
+		nl2-speed.whoer.net
+		nl88-speed.whoer.net
+		nl99-speed.whoer.net
+		pl1-speed.whoer.net
+		ro1-speed.whoer.net
+		ru1-speed.whoer.net
+		ru2-speed.whoer.net
+		ru3-speed.whoer.net
+		ru4-speed.whoer.net
+		se1-speed.whoer.net
+		se2-speed.whoer.net
+		sg1-speed.whoer.net
+		tcp.whoer.net
+		tr1-speed.whoer.net
+		ua1-speed.whoer.net
+		ua2-speed.whoer.net
+		uk1-speed.whoer.net
+		us1-speed.whoer.net
+		us2-speed.whoer.net
+		us3-speed.whoer.net
+		us4-speed.whoer.net
+
+	Connnection Refused:
+		mail.whoer.net (r)
+		nl33-speed.whoer.net
+		nl44-speed.whoer.net
+		nl55-speed.whoer.net
+		nl66-speed.whoer.net
+
+	Connnection timed out:
+		nl4-speed.whoer.net
+		nl5-speed.whoer.net
+
+	Failed to connect, No route to host:
+		us5-speed.whoer.net
+
+	r: connection refused
+-->
+<ruleset name="Whoer.net">
+	<target host="whoer.net" />
+	<target host="www.whoer.net" />
+	<!-- hosts referenced here were enumerated by `python3 sublist3r.py -d whoer.net` -->
+	<target host="vpnapi.whoer.net"/>
+	<target host="wime.whoer.net"/>
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml b/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml
index 292044adb206..1fb1d0ed78c9 100644
--- a/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml
+++ b/src/chrome/content/rules/Whole_Earth_Lectronic_Link.xml
@@ -1,7 +1,9 @@
 <ruleset name="Whole Earth 'Lectronic Link (partial)">
 
 	<target host="well.com" />
-	<target host="*.well.com" />
+	<target host="www.well.com" />
+	<target host="iris.well.com" />
+	<target host="user.well.com" />
 
 
 	<securecookie host="^(?:iris|user)\.well\.com$" name=".+" />
diff --git a/src/chrome/content/rules/WiMP_Music.com.xml b/src/chrome/content/rules/WiMP_Music.com.xml
index 1eb07ce15763..2465a3982c24 100644
--- a/src/chrome/content/rules/WiMP_Music.com.xml
+++ b/src/chrome/content/rules/WiMP_Music.com.xml
@@ -37,7 +37,9 @@
 <ruleset name="WiMP Music.com (partial)">
 
 	<target host="wimpmusic.com" />
-	<target host="*.wimpmusic.com" />
+	<target host="images.wimpmusic.com" />
+	<target host="play.wimpmusic.com" />
+	<target host="www.wimpmusic.com" />
 
 
 	<!--	Not secured by server:
@@ -48,7 +50,6 @@
 	<securecookie host="^(?:www\.)?wimpmusic\.com$" name=".+" />
 
 
-	<rule from="^http://((?:images|play|www)\.)?wimpmusic\.com/"
-		to="https://$1wimpmusic.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/WiTopia.net.xml b/src/chrome/content/rules/WiTopia.net.xml
index a03ef39af712..dc592b53b2d6 100644
--- a/src/chrome/content/rules/WiTopia.net.xml
+++ b/src/chrome/content/rules/WiTopia.net.xml
@@ -10,7 +10,8 @@
 <ruleset name="WiTopia.net">
 
 	<target host="witopia.net" />
-	<target host="*.witopia.net" />
+	<target host="www.witopia.net" />
+	<target host="my.witopia.net" />
 
 
 	<securecookie host="^my\.witopia\.net$" name=".+" />
@@ -19,7 +20,6 @@
 	<rule from="^http://(?:www\.)?witopia\.net/"
 		to="https://www.witopia.net/" />
 
-	<rule from="^http://my\.witopia\.net/"
-		to="https://my.witopia.net/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WiWo.de.xml b/src/chrome/content/rules/WiWo.de.xml
index 91d3378fde98..bfc7d19b7976 100644
--- a/src/chrome/content/rules/WiWo.de.xml
+++ b/src/chrome/content/rules/WiWo.de.xml
@@ -1,151 +1,136 @@
 <!--
-	Chain issues:
-		- beratung.wiwo.de
-
 	Cert mismatch:
-		- apps.wiwo.de
-		- arbeitgeberaward.wiwo.de
-		- www.award.wiwo.de
-		- awards.wiwo.de
-		- jury.awards.wiwo.de
-		- questionnaire.awards.wiwo.de
-		- blog.wiwo.de
-		- www.blog.wiwo.de
-		- boersetest.wiwo.de
+		- beratung.wiwo.de
 		- www.club.wiwo.de
-		- clubnews.wiwo.de
-		- digitalchampionsaward.wiwo.de
-		- gasrechner.wiwo.de
 		- www.green.wiwo.de
-		- gruendermail.wiwo.de
-		- herz.wiwo.de
-		- info.wiwo.de
-		- info-angebot.wiwo.de
+		- jobturbo.green.wiwo.de
 		- images.info-angebot.wiwo.de
-		- info-boersenwoche.wiwo.de
 		- images.info-boersenwoche.wiwo.de
-		- mailservice.wiwo.de
 		- images.mailservice.wiwo.de
-		- maklerempfehlung.wiwo.de
-		- mittelstands-archiv.wiwo.de
-		- angebot.rechner.wiwo.de
-		- anlage.rechner.wiwo.de
-		- auszahlplan.rechner.wiwo.de
-		- autofinanz.rechner.wiwo.de
-		- bauspar.rechner.wiwo.de
-		- bundesschatzbrief.rechner.wiwo.de
-		- effektivzins.rechner.wiwo.de
-		- fdarlehen.rechner.wiwo.de
-		- festgeld.rechner.wiwo.de
-		- forward.rechner.wiwo.de
-		- geldanlage.rechner.wiwo.de
-		- giro.rechner.wiwo.de
-		- grundbuch.rechner.wiwo.de
-		- hypotheken.rechner.wiwo.de
-		- kassensturz.rechner.wiwo.de
-		- kredit.rechner.wiwo.de
-		- ratenkredit.rechner.wiwo.de
-		- rendite.rechner.wiwo.de
-		- renten.rechner.wiwo.de
-		- riester.rechner.wiwo.de
-		- sparbrief.rechner.wiwo.de
-		- sparplan.rechner.wiwo.de
-		- studenten.rechner.wiwo.de
-		- tagesgeld.rechner.wiwo.de
-		- tilgung.rechner.wiwo.de
-		- wertpapier.rechner.wiwo.de
+		- lead.wiwo.de
+		- personalmarkt.wiwo.de
 		- software.wiwo.de
-		- startuptour.wiwo.de
-		- stromrechner.wiwo.de
 		- www.tool.wiwo.de
 		- wetter.wiwo.de
 		- wikifolio.wiwo.de
+		- qa.wikifolio.wiwo.de
 		- www1.wiwo.de
 
+	Connection closed:
+		- bauspar.rechner.wiwo.de
+
 	Connection refused:
-		- dailychallenge.wiwo.de
-		- jobturbo.green.wiwo.de
-		- jobs.wiwo.de
+		- arztsuche.wiwo.de
 		- krankenkassenvergleich.wiwo.de
-		- lead.wiwo.de
-		- tools.wiwo.de
+		- managementcup.wiwo.de
+		- m.managementcup.wiwo.de
+		- pda.wiwo.de
+		- shop.wiwo.de
+		- wap.wiwo.de
+		- www2.wiwo.de
 
 	Redirect loop:
-		- club.wiwo.de
-
-	Self-signed cert
-		- seniorenheimsuche.wiwo.de
+		- advent.wiwo.de
 
 	Timeout:
-		- arztsuche.wiwo.de
 		- bc1.wiwo.de
-		- blogtest.wiwo.de
 		- cms.wiwo.de
 		- epaper.wiwo.de
 		- feeds.wiwo.de
-		- go.wiwo.de
 		- gwp.wiwo.de
 		- lb.wiwo.de
 		- livetest-quiz.wiwo.de
-		- managementcup.wiwo.de
-		- m.managementcup.wiwo.de
 		- news.wiwo.de
 		- partner.wiwo.de
-		- pda.wiwo.de
-		- shop.wiwo.de
 		- static.wiwo.de
 		- static1.wiwo.de
 		- static2.wiwo.de
 		- static3.wiwo.de
 		- template.wiwo.de
 		- test-green.wiwo.de
-		- wap.wiwo.de
+		- tools.wiwo.de
 		- whitepaperdb.wiwo.de
-		- www2.wiwo.de
 
-	TLS errors:
-		- jobagent.wiwo.de
+	Unable to get local issuer certificate:
+		- maklerempfehlung.wiwo.de
 -->
-<ruleset name="WiWo.de" platform="mixedcontent">
+<ruleset name="WiWo.de">
 
 	<target host="wiwo.de"/>
 	<target host="www.wiwo.de"/>
-
 	<target host="abo.wiwo.de"/>
-	<target host="advent.wiwo.de"/>
 	<target host="amp.wiwo.de"/>
 	<target host="angebot.wiwo.de"/>
 	<target host="app.wiwo.de"/>
+	<target host="apps.wiwo.de"/>
 	<target host="archiv.wiwo.de"/>
 	<target host="arvato-cm.wiwo.de"/>
 	<target host="assign.wiwo.de"/>
 	<target host="award.wiwo.de"/>
+	<target host="awards.wiwo.de"/>
 	<target host="beta.wiwo.de"/>
+	<target host="blog.wiwo.de"/>
 	<target host="boerse.wiwo.de"/>
+	<target host="boersetest.wiwo.de"/>
 	<target host="cdn-origin.wiwo.de"/>
+	<target host="club.wiwo.de"/>
+	<target host="clubnews.wiwo.de"/>
 	<target host="cme2e.wiwo.de"/>
 	<target host="community.wiwo.de"/>
+	<target host="dailychallenge.wiwo.de" />
 	<target host="dev-www.wiwo.de"/>
-	<target host="e2e-community.wiwo.de"/>
-	<target host="e2e-gruender.wiwo.de"/>
+	<target host="digitalchampionsaward.wiwo.de"/>
 	<target host="emagazin.wiwo.de"/>
+	<target host="go.wiwo.de"/>
 	<target host="green.wiwo.de"/>
 	<target host="gruender.wiwo.de"/>
+	<target host="gruendermail.wiwo.de"/>
+	<target host="herz.wiwo.de"/>
+	<target host="info.wiwo.de"/>
+	<target host="info-angebot.wiwo.de"/>
+	<target host="info-boersenwoche.wiwo.de"/>
+	<target host="jobagent.wiwo.de"/>
+	<target host="jobs.wiwo.de" />
 	<target host="kunde.wiwo.de"/>
+	<target host="mailservice.wiwo.de"/>
+	<target host="mittelstands-archiv.wiwo.de"/>
 	<target host="mobil.wiwo.de"/>
 	<target host="mobile.wiwo.de"/>
 	<target host="newsletter.wiwo.de"/>
 	<target host="offer.wiwo.de"/>
-	<target host="personalmarkt.wiwo.de"/>
 	<target host="preview-www.wiwo.de"/>
-	<target host="pro.wiwo.de"/>
 	<target host="quiz.wiwo.de"/>
+	<target host="angebot.rechner.wiwo.de"/>
+	<target host="anlage.rechner.wiwo.de"/>
+	<target host="auszahlplan.rechner.wiwo.de"/>
+	<target host="autofinanz.rechner.wiwo.de"/>
+	<target host="bundesschatzbrief.rechner.wiwo.de"/>
+	<target host="effektivzins.rechner.wiwo.de"/>
+	<target host="fdarlehen.rechner.wiwo.de"/>
+	<target host="festgeld.rechner.wiwo.de"/>
+	<target host="forward.rechner.wiwo.de"/>
+	<target host="geldanlage.rechner.wiwo.de"/>
+	<target host="giro.rechner.wiwo.de"/>
+	<target host="grundbuch.rechner.wiwo.de"/>
+	<target host="hypotheken.rechner.wiwo.de"/>
+	<target host="kassensturz.rechner.wiwo.de"/>
+	<target host="kredit.rechner.wiwo.de"/>
+	<target host="ratenkredit.rechner.wiwo.de"/>
+	<target host="rendite.rechner.wiwo.de"/>
+	<target host="renten.rechner.wiwo.de"/>
+	<target host="riester.rechner.wiwo.de"/>
+	<target host="sparbrief.rechner.wiwo.de"/>
+	<target host="sparplan.rechner.wiwo.de"/>
+	<target host="studenten.rechner.wiwo.de"/>
+	<target host="tagesgeld.rechner.wiwo.de"/>
+	<target host="tilgung.rechner.wiwo.de"/>
+	<target host="wertpapier.rechner.wiwo.de"/>
 	<target host="reisen.wiwo.de"/>
 	<target host="secure.wiwo.de"/>
+	<target host="seniorenheimsuche.wiwo.de"/>
 	<target host="signup.wiwo.de"/>
 	<target host="test-www.wiwo.de"/>
 	<target host="tool.wiwo.de"/>
-	<target host="qa.wikifolio.wiwo.de"/>
 
 	<rule from="^http:" to="https:"/>
 
diff --git a/src/chrome/content/rules/Wicked-Lasers.xml b/src/chrome/content/rules/Wicked-Lasers.xml
index a6407fef0505..241a3ae4d34e 100644
--- a/src/chrome/content/rules/Wicked-Lasers.xml
+++ b/src/chrome/content/rules/Wicked-Lasers.xml
@@ -8,12 +8,12 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://wickedlasers.com/ => https://wickedlasers.com/: (7, 'Failed to connect to wickedlasers.com port 443: Connection refused')
 Fetch error: http://www.wickedlasers.com/ => https://www.wickedlasers.com/: (7, 'Failed to connect to www.wickedlasers.com port 443: Connection refused')
 -->
-<ruleset name="Wicked Lasers" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Wicked Lasers" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="wickedlasers.com" />
 	<target host="www.wickedlasers.com" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 
 
 	<securecookie host="^\.?www\.wickedlasers\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Wicked_Fiber.xml b/src/chrome/content/rules/Wicked_Fiber.xml
index 7699f2e7e64a..d8d74051f80a 100644
--- a/src/chrome/content/rules/Wicked_Fiber.xml
+++ b/src/chrome/content/rules/Wicked_Fiber.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://wickedfiber.com/ => https://wickedfiber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.wickedfiber.com/ => https://www.wickedfiber.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="Wicked Fiber" default_off='failed ruleset test'>
+<ruleset name="Wicked Fiber" default_off="failed ruleset test">
 
 	<target host="wickedfiber.com" />
 	<target host="www.wickedfiber.com" />
@@ -19,4 +19,4 @@ Fetch error: http://www.wickedfiber.com/ => https://www.wickedfiber.com/: (60, '
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WiebeTech.com.xml b/src/chrome/content/rules/WiebeTech.com.xml
index 5520bea76f1e..6c2734c827be 100644
--- a/src/chrome/content/rules/WiebeTech.com.xml
+++ b/src/chrome/content/rules/WiebeTech.com.xml
@@ -9,7 +9,7 @@ Non-2xx HTTP code: http://www.wiebetech.com/default.aspx (200) => https://www.cr
 	(www.)?wiebetech.com: Mismatched
 
 -->
-<ruleset name="WiebeTech.com" default_off='failed ruleset test'>
+<ruleset name="WiebeTech.com" default_off="failed ruleset test">
 
 	<target host="wiebetech.com" />
 	<target host="www.wiebetech.com" />
diff --git a/src/chrome/content/rules/Wien-IT.xml b/src/chrome/content/rules/Wien-IT.xml
index 0a7ad899f694..6059207bb251 100644
--- a/src/chrome/content/rules/Wien-IT.xml
+++ b/src/chrome/content/rules/Wien-IT.xml
@@ -7,7 +7,7 @@ Fetch error: http://extranet.fernwaermewien.at/ => https://extranet.fernwaermewi
 Fetch error: http://www.fernwaerme-partner.at/ => https://www.fernwaerme-partner.at/: (51, "SSL: no alternative certificate subject name matches target host name 'www.fernwaerme-partner.at'")
 
 -->
-<ruleset name="WienIT EDV Dienstleistungsgesellschaft mbH" default_off='failed ruleset test'>
+<ruleset name="WienIT EDV Dienstleistungsgesellschaft mbH" default_off="failed ruleset test">
 
 	<target host="api.wienenergie.at" />
 	<target host="api.wienerstadtwerke.at" />
diff --git a/src/chrome/content/rules/WifiLib.xml b/src/chrome/content/rules/WifiLib.xml
deleted file mode 100644
index d79ff5902563..000000000000
--- a/src/chrome/content/rules/WifiLib.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Login required:
-		extranet.wifilib.com
-		mib.wifilib.com
-		mib2.wifilib.com
-
-	No working URL known:
-		rss.wifilib.com
-
--->
-<ruleset name="WifiLib">
-
-	<target host="wifilib.com" />
-	<target host="www.wifilib.com" />
-	<target host="api.wifilib.com" />
-	<target host="expi.wifilib.com" />
-	<target host="next.wifilib.com" />
-	<target host="portail.wifilib.com" />
-
-	<target host="wifilib.fr" />
-	<target host="www.wifilib.fr" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WifiWX.com.xml b/src/chrome/content/rules/WifiWX.com.xml
index 450ea0313d58..f35bf2a8e69c 100644
--- a/src/chrome/content/rules/WifiWX.com.xml
+++ b/src/chrome/content/rules/WifiWX.com.xml
@@ -1,13 +1,13 @@
 <!--
 403:
-        app.wifiwx.com     
+        app.wifiwx.com
         (
         Broke apk download.
         Test:
         http://app.wifiwx.com/download/android.php?ver=3.0
         http://app.wifiwx.com/js/stat.js
         )
-        
+
 404:
         event
         fapi.
@@ -18,11 +18,11 @@
 -->
 
 <ruleset name="WifiWX.com (partial)">
-        
+
         <target host="wifiwx.com" />
         <target host="event.wifiwx.com" />
         <target host="www.wifiwx.com" />
 
         <rule from="^http:" to="https:" />
-        
+
 </ruleset>
diff --git a/src/chrome/content/rules/Wigan.gov.uk.xml b/src/chrome/content/rules/Wigan.gov.uk.xml
index 6fec372ae8d0..546c584b5866 100644
--- a/src/chrome/content/rules/Wigan.gov.uk.xml
+++ b/src/chrome/content/rules/Wigan.gov.uk.xml
@@ -40,7 +40,7 @@ Fetch error: http://rylands.wigan.gov.uk/ => https://rylands.wigan.gov.uk/: (7,
 		- www.wigan.gov.uk
 
 -->
-<ruleset name="Wigan.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Wigan.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Wiggle.xml b/src/chrome/content/rules/Wiggle.xml
index 85196fb0d552..e5ef599079f6 100644
--- a/src/chrome/content/rules/Wiggle.xml
+++ b/src/chrome/content/rules/Wiggle.xml
@@ -11,7 +11,10 @@
 <ruleset name="Wiggle (partial)">
 
 	<target host="wiggle.co.uk" />
-	<target host="*.wiggle.co.uk" />
+	<target host="www.wiggle.co.uk" />
+	<target host="ajax.wiggle.co.uk" />
+	<target host="s.wiggle.co.uk" />
+	<target host="s-dyni.wiggle.co.uk" />
 	<target host="www.wigglestatic.com" />
 
 
diff --git a/src/chrome/content/rules/Wiiings.com.xml b/src/chrome/content/rules/Wiiings.com.xml
index a383aa1cdc98..335ea068270d 100644
--- a/src/chrome/content/rules/Wiiings.com.xml
+++ b/src/chrome/content/rules/Wiiings.com.xml
@@ -26,7 +26,7 @@ Fetch error: http://wiiings.com/ => https://www.wiiings.com/: invalid group refe
 		- stage-mas
 
 -->
-<ruleset name="Wiiings.com" default_off='failed ruleset test'>
+<ruleset name="Wiiings.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WikiFur.xml b/src/chrome/content/rules/WikiFur.xml
index 46b8d43ccd63..7f9d45e8fb9d 100644
--- a/src/chrome/content/rules/WikiFur.xml
+++ b/src/chrome/content/rules/WikiFur.xml
@@ -1,8 +1,38 @@
 <ruleset name="WikiFur">
-  <target host="wikifur.com" />
-  <target host="*.wikifur.com" />
-
-  <securecookie host="^(?:[a-z][a-z]\.)?wikifur\.com$" name=".+" />
-
-  <rule from="^http://([a-z][a-z]\.)?wikifur\.com/" to="https://$1wikifur.com/" />
+	<target host="wikifur.com" />
+	<target host="www.wikifur.com" />
+	<target host="be.wikifur.com" />
+	<target host="be-tarask.wikifur.com" />
+	<target host="board.wikifur.com" />
+	<target host="by.wikifur.com" />
+	<target host="cs.wikifur.com" />
+	<target host="da.wikifur.com" />
+	<target host="de.wikifur.com" />
+	<target host="dk.wikifur.com" />
+	<target host="dumps.wikifur.com" />
+	<target host="en.wikifur.com" />
+	<target host="eo.wikifur.com" />
+	<target host="es.wikifur.com" />
+	<target host="et.wikifur.com" />
+	<target host="fr.wikifur.com" />
+	<target host="fursuit.wikifur.com" />
+	<target host="hu.wikifur.com" />
+	<target host="it.wikifur.com" />
+	<target host="ja.wikifur.com" />
+	<target host="ko.wikifur.com" />
+	<target host="nb.wikifur.com" />
+	<target host="nl.wikifur.com" />
+	<target host="no.wikifur.com" />
+	<target host="ny.wikifur.com" />
+	<target host="pl.wikifur.com" />
+	<target host="pool.wikifur.com" />
+	<target host="pt.wikifur.com" />
+	<target host="ru.wikifur.com" />
+	<target host="stats.wikifur.com" />
+	<target host="tl.wikifur.com" />
+	<target host="uk.wikifur.com" />
+	<target host="zh.wikifur.com" />
+  
+	<securecookie host=".+" name=".+"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wikidot.xml b/src/chrome/content/rules/Wikidot.xml
deleted file mode 100644
index b6936b2cc8ab..000000000000
--- a/src/chrome/content/rules/Wikidot.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--	d2qhngyckgiutd.cloudfront.net	←	avatar bucket
--->
-<ruleset name="Wikidot (partial)" platform="mixedcontent">
-
-	<target host="wdfiles.com"/>
-	<target host="*.wdfiles.com"/>
-	<target host="wikidot.com"/>
-	<target host="*.wikidot.com"/>
-		<exclusion pattern="^http://blog\.wikidot\.com/(?:$|blog:.+[^/].*)"/>
-		<exclusion pattern="^http://snippets\.wikidot\.com/(?:$|.+[^:].*)"/>
-
-
-	<rule from="^http://([\w\-_]+\.)?wdfiles\.com/"
-		to="https://$1wdfiles.com/"/>
-
-	<rule from="^http://(?:\d)\.([\w\-_]+)\.wdfiles\.com/"
-		to="https://$1.wdfiles.com/"/>
-
-	<rule from="^http://wikidot\.com/"
-		to="https://www.wikidot.com/"/>
-
-	<rule from="^http://([\w\-_]+)\.wikidot\.com/local-"
-		to="https://$1.wikidot.com/local-"/>
-
-	<rule from="^http://(blog|snippets|static(-\d)?|www)\.wikidot\.com/"
-		to="https://$1.wikidot.com/"/>
-
-
-	<securecookie host=".*\.wdfiles\.com$" name=".+" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wikimedia.xml b/src/chrome/content/rules/Wikimedia.xml
index bef96291e83e..ffe6947c6540 100644
--- a/src/chrome/content/rules/Wikimedia.xml
+++ b/src/chrome/content/rules/Wikimedia.xml
@@ -24,12 +24,15 @@
 	<target host="enwp.org" />
 	<target host="frwp.org" />
 
-
 	<!-- Wikimedia Tool Labs -->
-	<target host="tools.wmflabs.org" />
-	<target host="accounts.wmflabs.org" />
-	<target host="quarry.wmflabs.org" />
-	<target host="reportcard.wmflabs.org" />
+	<target host="*.wmflabs.org" />
+	<target host="wmflabs.org" />
+		<test url="http://accounts-dev.wmflabs.org/" />
+		<test url="http://tools.wmflabs.org/" />
+		<test url="http://paws.wmflabs.org/" />
+		<test url="http://utrs.wmflabs.org/" />
+		<test url="http://xtools.wmflabs.org/" />
+		<test url="http://en.wikipedia.beta.wmflabs.org/" />
 
 	<!-- Wikimedia chapters that support HTTPS, incomplete list -->
 
@@ -64,10 +67,12 @@
 		<!-- mismatch on tools.wikimedia.de -->
 		<exclusion pattern="^http://tools\.wikimedia\.de/" />
 			<test url="http://tools.wikimedia.de/" />
+		<!-- incomplete cert chain on civicrm.wikimedia.de -->
+		<exclusion pattern="^http://civicrm\.wikimedia\.de/" />
+			<test url="http://civicrm.wikimedia.de/" />
 		<test url="http://www.wikimedia.de/" />
 		<test url="http://spenden.wikimedia.de/" />
 		<test url="http://test.wikimedia.de/" />
-		<test url="http://civicrm.wikimedia.de/" />
 		<test url="http://backend.wikimedia.de/" />
 		<test url="http://ffw.wikimedia.de/" />
 		<test url="http://wke.wikimedia.de/" />
@@ -83,7 +88,7 @@
 	<target host="wikilov.es" />
 	<target host="www.wikilov.es" />
 
-	<!-- (www.)wikimedia.or.id uses invalid certificate 
+	<!-- (www.)wikimedia.or.id uses invalid certificate
 	<target host="wikimedia.or.id" />
 	<target host="www.wikimedia.or.id" />
 	-->
@@ -131,7 +136,7 @@
 
 	<rule from="^http://wikimedia\.cz/"
 		to="https://www.wikimedia.cz/" />
-	
+
 	<rule from="^http://www\.wikimedia\.org\.uk/"
 		to="https://wikimedia.org.uk/" />
 
diff --git a/src/chrome/content/rules/Wikimonde.com.xml b/src/chrome/content/rules/Wikimonde.com.xml
new file mode 100644
index 000000000000..8e7a4e038190
--- /dev/null
+++ b/src/chrome/content/rules/Wikimonde.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		mail.wikimonde.com
+		mobile.wikimonde.com
+		www.plus.wikimonde.com
+
+-->
+<ruleset name="Wikimonde.com">
+
+	<target host="wikimonde.com" />
+	<target host="www.wikimonde.com" />
+	<target host="plus.wikimonde.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wikinvest.xml b/src/chrome/content/rules/Wikinvest.xml
index 2c60db202b0f..b11b20f1d0cd 100644
--- a/src/chrome/content/rules/Wikinvest.xml
+++ b/src/chrome/content/rules/Wikinvest.xml
@@ -1,7 +1,9 @@
 <ruleset name="Wikinvest">
 
 	<target host="wikinvest.com" />
-	<target host="*.wikinvest.com" />
+	<target host="ad.wikinvest.com" />
+	<target host="cdn.wikinvest.com" />
+	<target host="www.wikinvest.com" />
 
 
 	<securecookie host="^\.www\.wikinvest\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Wikiscan.xml b/src/chrome/content/rules/Wikiscan.xml
new file mode 100644
index 000000000000..b94fd1f6545f
--- /dev/null
+++ b/src/chrome/content/rules/Wikiscan.xml
@@ -0,0 +1,13 @@
+<!--
+	wikiscan.org has both a wildcard DNS record and a wildcard certificate.
+-->
+<ruleset name="Wikiscan">
+	<target host="wikiscan.org" />
+	<target host="*.wikiscan.org" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://en.wikiscan.org/" />
+	<test url="http://frwiktionary.wikiscan.org/" />
+	<test url="http://eswikisource.wikiscan.org/" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wikisimpsons.xml b/src/chrome/content/rules/Wikisimpsons.xml
new file mode 100644
index 000000000000..45d0e6b85e24
--- /dev/null
+++ b/src/chrome/content/rules/Wikisimpsons.xml
@@ -0,0 +1,13 @@
+<!--
+	Nonfunctional domains:
+	www.simpsonwiki.com (Mismatched certificate)
+-->
+<ruleset name="Wikisimpsons">
+	<target host="simpsonswiki.com" />
+	<target host="sv.simpsonswiki.com" />
+	<target host="static.simpsonswiki.com" />
+	<target host="answers.simpsonswiki.com" />
+	<target host="news.simpsonswiki.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wikispooks.xml b/src/chrome/content/rules/Wikispooks.xml
index f1dc4c39333a..27a6ebc98cd8 100644
--- a/src/chrome/content/rules/Wikispooks.xml
+++ b/src/chrome/content/rules/Wikispooks.xml
@@ -4,7 +4,7 @@
 	<target host="*.wikispooks.com" />
 
 
-	<securecookie host="^(?:.*\.)?wikispooks\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([^/:@]+\.)?wikispooks\.com/"
diff --git a/src/chrome/content/rules/Wild-West-Domains.xml b/src/chrome/content/rules/Wild-West-Domains.xml
deleted file mode 100644
index 1e377e27a976..000000000000
--- a/src/chrome/content/rules/Wild-West-Domains.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cart.wildwestdomains.com/ => https://cart.wildwestdomains.com/: (6, 'Could not resolve host: cart.wildwestdomains.com')
-Fetch error: http://img.wildwestdomains.com/ => https://img.wildwestdomains.com/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://who.wildwestdomains.com/ => https://who.wildwestdomains.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .wildwestdomains.com
-		- www.wildwestdomains.com
-
--->
-<ruleset name="Wild West Domains.com" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wildwestdomains.com" />
-	<target host="cart.wildwestdomains.com" />
-	<target host="img.wildwestdomains.com" />
-	<target host="who.wildwestdomains.com" />
-	<target host="www.wildwestdomains.com" />
-
-	<!--	Complications:
-				-->
-	<target host="email.wildwestdomains.com" />
-	<target host="webmail.wildwestdomains.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="\.wildwestdomains\.com$" name="^(?:language\d+|market)$" /-->
-	<!--securecookie host="www\.wildwestdomains\.com$" name="^ASP\.NET_SessionId" /-->
-
-	<securecookie host=".*\.wildwestdomains\.com$" name=".+" />
-
-
-	<!--	- Cert for both: email.secureserver.net
-		- Redirect like so
-						-->
-	<rule from="^http://(e|web)mail\.wildwestdomains\.com/"
-		to="https://login.secureserver.net/index.php?app=wbe&amp;domain=$1mail.wildwestdomains.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WildArchives.com.xml b/src/chrome/content/rules/WildArchives.com.xml
deleted file mode 100644
index edf5c2e5008c..000000000000
--- a/src/chrome/content/rules/WildArchives.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="WildArchives.com">
-
-	<target host="wildarchives.com" />
-	<target host="www.wildarchives.com" />
-
-
-	<securecookie host="^\.wildarchives\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WildLeaks.org.xml b/src/chrome/content/rules/WildLeaks.org.xml
new file mode 100644
index 000000000000..6289ea37725c
--- /dev/null
+++ b/src/chrome/content/rules/WildLeaks.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="WildLeaks.org">
+
+	<target host="wildleaks.org" />
+	<target host="www.wildleaks.org" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Wild_Apricot.org.xml b/src/chrome/content/rules/Wild_Apricot.org.xml
index 03b90b23df90..42820ae3dcb6 100644
--- a/src/chrome/content/rules/Wild_Apricot.org.xml
+++ b/src/chrome/content/rules/Wild_Apricot.org.xml
@@ -7,7 +7,8 @@
 <ruleset name="Wild Apricot.org">
 
 	<target host="wildapricot.org" />
-	<target host="*.wildapricot.org" />
+	<target host="f.wildapricot.org" />
+	<target host="www.wildapricot.org" />
 
 
 	<!--securecookie host="^\.wildpricot\.org$" name="^ARF$" /-->
@@ -17,4 +18,4 @@
 	<rule from="^http://(?:(f\.)|www\.)?wildapricot\.org/"
 		to="https://$1wildapricot.org/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wildcard_Corp.com.xml b/src/chrome/content/rules/Wildcard_Corp.com.xml
deleted file mode 100644
index 54cea5051e7e..000000000000
--- a/src/chrome/content/rules/Wildcard_Corp.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Other Wildcard Corp rulesets:
-
-		- Cdig.me.xml
-
-
-	Mixed content:
-
-		- css, on:
-
-			- www.wildcardcorp.com from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Wildcard Corp.com">
-
-	<target host="wildcardcorp.com" />
-	<target host="www.wildcardcorp.com" />
-
-
-	<securecookie host="^\.wildcardcorp\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml b/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml
index f3e7ff2bda94..8f692bd19876 100644
--- a/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml
+++ b/src/chrome/content/rules/Wilde_Beuger_Solmecke.xml
@@ -4,7 +4,7 @@
 
 	Problematic subdomains:
 
-		- ^	(self-signed, mismatched; CN: 17833.whserv.de)		
+		- ^	(self-signed, mismatched; CN: 17833.whserv.de)
 
 -->
 <ruleset name="WBS-law.de">
diff --git a/src/chrome/content/rules/Wildfiregames.com.xml b/src/chrome/content/rules/Wildfiregames.com.xml
index 6829f87d398e..f4fd98c1d6e6 100644
--- a/src/chrome/content/rules/Wildfiregames.com.xml
+++ b/src/chrome/content/rules/Wildfiregames.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://releases.wildfiregames.com/ => https://releases.wildfiregame
     Other rulesets for related sites:
         - Play0ad.com.xml
 -->
-<ruleset name="Wildfiregames.com" default_off='failed ruleset test'>
+<ruleset name="Wildfiregames.com" default_off="failed ruleset test">
     <target host="wildfiregames.com" />
     <target host="www.wildfiregames.com" />
     <target host="releases.wildfiregames.com" />
diff --git a/src/chrome/content/rules/Wildlifesydney.com.au.xml b/src/chrome/content/rules/Wildlifesydney.com.au.xml
index 8e8e0b9add9c..dac8fd9a5866 100644
--- a/src/chrome/content/rules/Wildlifesydney.com.au.xml
+++ b/src/chrome/content/rules/Wildlifesydney.com.au.xml
@@ -8,7 +8,7 @@ Fetch error: http://secure.wildlifesydney.com.au/ => https://secure.wildlifesydn
 	Nonfunctional subdomains:
 		- calendar		(cert mismatch)
 -->
-<ruleset name="WILD LIFE Sydney Zoo" default_off='failed ruleset test'>
+<ruleset name="WILD LIFE Sydney Zoo" default_off="failed ruleset test">
 	<target host="wildlifesydney.com.au" />
 	<target host="m.wildlifesydney.com.au" />
 	<target host="secure.wildlifesydney.com.au" />
diff --git a/src/chrome/content/rules/Wildwestdomains.com.xml b/src/chrome/content/rules/Wildwestdomains.com.xml
new file mode 100644
index 000000000000..06663eef6616
--- /dev/null
+++ b/src/chrome/content/rules/Wildwestdomains.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Chain issue (missing intermediate):
+		- who.wildwestdomains.com
+
+	Invalid certificate:
+		- email.wildwestdomains.com
+		- webmail.wildwestdomains.com
+-->
+
+<ruleset name="Wildwestdomains.com">
+	<target host="wildwestdomains.com" />
+	<target host="www.wildwestdomains.com" />
+	<target host="api.wildwestdomains.com" />
+	<target host="api.ote.wildwestdomains.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wilhelm-gym.net.xml b/src/chrome/content/rules/Wilhelm-gym.net.xml
index 76fc86b07474..f45b083af105 100644
--- a/src/chrome/content/rules/Wilhelm-gym.net.xml
+++ b/src/chrome/content/rules/Wilhelm-gym.net.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Will_Leather_Goods.xml b/src/chrome/content/rules/Will_Leather_Goods.xml
index c4a6f424a2d9..5c21ee606432 100644
--- a/src/chrome/content/rules/Will_Leather_Goods.xml
+++ b/src/chrome/content/rules/Will_Leather_Goods.xml
@@ -4,9 +4,9 @@
 	<target host="www.willleathergoods.com" />
 
 
-	<securecookie host="^(?:.*\.)?willleathergoods\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Willamette_Week.xml b/src/chrome/content/rules/Willamette_Week.xml
index 1925abf5cb2d..a28b5ff48257 100644
--- a/src/chrome/content/rules/Willamette_Week.xml
+++ b/src/chrome/content/rules/Willamette_Week.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?wweek\.com/"
 		to="https://www.wweek.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/William-Hill.xml b/src/chrome/content/rules/William-Hill.xml
index aa398470b858..8629a3aecc7a 100644
--- a/src/chrome/content/rules/William-Hill.xml
+++ b/src/chrome/content/rules/William-Hill.xml
@@ -56,7 +56,7 @@ Fetch error: http://cacheserve.williamhill.com/ => https://serve.williamhill.com
 	* Secured by us
 
 -->
-<ruleset name="William Hill.com (partial)" default_off='failed ruleset test'>
+<ruleset name="William Hill.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Williams-College.xml b/src/chrome/content/rules/Williams-College.xml
index 66e28383df2c..7001fda7a265 100644
--- a/src/chrome/content/rules/Williams-College.xml
+++ b/src/chrome/content/rules/Williams-College.xml
@@ -49,10 +49,10 @@
 
 	<rule from="^http://williams\.edu/"
 			to="https://www.williams.edu/" />
-	
+
 	<rule from="^http://people\.williams\.edu/"
 			to="https://sites.williams.edu/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Willow-Garage.xml b/src/chrome/content/rules/Willow-Garage.xml
index 46d7f6551e17..f4256f04878f 100644
--- a/src/chrome/content/rules/Willow-Garage.xml
+++ b/src/chrome/content/rules/Willow-Garage.xml
@@ -16,10 +16,10 @@ Fetch error: http://willowgarage.com/ => https://www.willowgarage.com/: (28, 'Co
 		- ^	(cert only matches www)
 
 -->
-<ruleset name="Willow Garage (partial)" default_off='failed ruleset test'>
+<ruleset name="Willow Garage (partial)" default_off="failed ruleset test">
 
 	<target host="willowgarage.com" />
-	<target host="*.willowgarage.com" />
+	<target host="www.willowgarage.com" />
 
 
 	<securecookie host="^(?:www)?\.willowgarage\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Willy-Brandt.de.xml b/src/chrome/content/rules/Willy-Brandt.de.xml
new file mode 100644
index 000000000000..51585a8a9ae3
--- /dev/null
+++ b/src/chrome/content/rules/Willy-Brandt.de.xml
@@ -0,0 +1,12 @@
+<ruleset name="Willy-Brandt.de">
+	<!-- Federal Chancellor Willy Brandt Foundation -->
+
+	<target host="willy-brandt.de" />
+	<target host="www.willy-brandt.de" />
+	<target host="statistik.willy-brandt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WilsonTimes.com.xml b/src/chrome/content/rules/WilsonTimes.com.xml
new file mode 100644
index 000000000000..1783c91631dc
--- /dev/null
+++ b/src/chrome/content/rules/WilsonTimes.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="WilsonTimes.com">
+	<target host="wilsontimes.com" />
+	<target host="www.wilsontimes.com" />
+	<target host="wheels.wilsontimes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Win-is.com.xml b/src/chrome/content/rules/Win-is.com.xml
deleted file mode 100644
index 737606c8328f..000000000000
--- a/src/chrome/content/rules/Win-is.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other GMO coverage, see GMO_Internet.xml.
-
-
-	(www.) doesn't exist.
-
--->
-<ruleset name="Win-is.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cp.win-is.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^cp\.win-is\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^cp\.win-is\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WinRAR.xml b/src/chrome/content/rules/WinRAR.xml
index 2939192c27fc..05e2eaeda7bd 100644
--- a/src/chrome/content/rules/WinRAR.xml
+++ b/src/chrome/content/rules/WinRAR.xml
@@ -1,6 +1,5 @@
 <!--
 	Other WinRAR.com related rulesets:
-		+ RARLab.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/WinSCP.xml b/src/chrome/content/rules/WinSCP.xml
index c8ffae92a65b..bf67e2dcb0d8 100644
--- a/src/chrome/content/rules/WinSCP.xml
+++ b/src/chrome/content/rules/WinSCP.xml
@@ -8,4 +8,4 @@
 		to="https://winscp.net/" />
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WinSuperSite.com.xml b/src/chrome/content/rules/WinSuperSite.com.xml
deleted file mode 100644
index ca19f804a9c5..000000000000
--- a/src/chrome/content/rules/WinSuperSite.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	- Cert only matches ^winsupersite.com
-	- Some pages redirect to http
-
--->
-<ruleset name="WinSuperSite.com (partial)">
-
-	<target host="winsupersite.com" />
-	<target host="www.winsupersite.com" />
-
-
-	<rule from="^http://(?:www\.)?winsupersite\.com/(?=site-files/|sites/)"
-		to="https://winsupersite.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WinZip.com.xml b/src/chrome/content/rules/WinZip.com.xml
index 4aee1928d632..18735152c0c7 100644
--- a/src/chrome/content/rules/WinZip.com.xml
+++ b/src/chrome/content/rules/WinZip.com.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: www redirects to plaintext with JavaScript, 
+	Remark: www redirects to plaintext with JavaScript,
 		e.g. https://www.winzip.com/win/en/
 
 	Non-functional hosts
diff --git a/src/chrome/content/rules/Wind.com.gr.xml b/src/chrome/content/rules/Wind.com.gr.xml
index ec9c9c91eb68..ae74343ae26e 100644
--- a/src/chrome/content/rules/Wind.com.gr.xml
+++ b/src/chrome/content/rules/Wind.com.gr.xml
@@ -7,7 +7,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.wind.com.gr/ => https://www.wind.com.gr/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wind.com.gr'") This ruleset is experimental. If you experience problems please
 	 open an issue at https://github.com/kargig/https-everywhere-greek-rules -->
 
-<ruleset name="Wind" default_off='failed ruleset test'>
+<ruleset name="Wind" default_off="failed ruleset test">
   <target host="www.wind.com.gr" />
 
 	<securecookie host="^www\.wind\.com\.gr$" name=".+" />
diff --git a/src/chrome/content/rules/Wind.it.xml b/src/chrome/content/rules/Wind.it.xml
new file mode 100644
index 000000000000..8d5d7e66109c
--- /dev/null
+++ b/src/chrome/content/rules/Wind.it.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wind.it (partial)">
+	<target host="wind.it" />
+	<target host="www.wind.it" />
+	<target host="mdm.wind.it" />
+	<target host="start.wind.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wind_River.com-problematic.xml b/src/chrome/content/rules/Wind_River.com-problematic.xml
index ca5b714da952..a0239d23e517 100644
--- a/src/chrome/content/rules/Wind_River.com-problematic.xml
+++ b/src/chrome/content/rules/Wind_River.com-problematic.xml
@@ -5,7 +5,8 @@
 <ruleset name="Wind River.com (problematic)" default_off="expired, mismatched">
 
 	<target host="windriver.com" />
-	<target host="*.windriver.com" />
+	<target host="secure.windriver.com" />
+	<target host="www.windriver.com" />
 
 
 	<securecookie host="^windriver\.com$" name="^PHPSESSID$" />
diff --git a/src/chrome/content/rules/Wind_River.com.xml b/src/chrome/content/rules/Wind_River.com.xml
index edff5a44a29d..7445e0f60daf 100644
--- a/src/chrome/content/rules/Wind_River.com.xml
+++ b/src/chrome/content/rules/Wind_River.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://developer.windriver.com/ => https://developer.windriver.com/
 		- developer.windriver.com
 
 -->
-<ruleset name="Wind River.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Wind River.com (partial)" default_off="failed ruleset test">
 
 	<target host="developer.windriver.com" />
 
diff --git a/src/chrome/content/rules/Windows_IT_Pro.xml b/src/chrome/content/rules/Windows_IT_Pro.xml
deleted file mode 100644
index 3e47db301ff0..000000000000
--- a/src/chrome/content/rules/Windows_IT_Pro.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Penton Media coverage, see Penton_Media.xml.
-
-
-	Problematic subdomains:
-
-		- forms		(works; mismatched, CN: secure.eloqua.com)
-		- www		(cert only matches ^windowsitpro.com)
-
-
-	Some pages redirect to http, including login and registration pages.
-
--->
-<ruleset name="Windows IT Pro (partial)">
-
-	<target host="windowsitpro.com" />
-	<target host="www.windowsitpro.com" />
-
-
-	<rule from="^http://(?:www\.)?windowsitpro\.com/(cart/checkout(?:$|\?|/)|site-files/|sites/)"
-		to="https://windowsitpro.com/$1" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Windstream_Communications.xml b/src/chrome/content/rules/Windstream_Communications.xml
index c9085d6e6ea3..31ef1e686460 100644
--- a/src/chrome/content/rules/Windstream_Communications.xml
+++ b/src/chrome/content/rules/Windstream_Communications.xml
@@ -32,4 +32,4 @@
 	<rule from="^http://rebates\.windstream\.com/.*"
 		to="https://rebates.windstream.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/WineAustraliaCorporation.xml b/src/chrome/content/rules/WineAustraliaCorporation.xml
index 0a24898e0c44..7cfd3e1b13b8 100644
--- a/src/chrome/content/rules/WineAustraliaCorporation.xml
+++ b/src/chrome/content/rules/WineAustraliaCorporation.xml
@@ -1,7 +1,7 @@
 <ruleset name="Wine Australia Corporation">
 	<target host="wineaustralia.com" />
-	<target host="*.wineaustralia.com" />
+	<target host="www.wineaustralia.com" />
 
 	<rule from="^http://(?:www\.)?wineaustralia\.com/"
 		to="https://www.wineaustralia.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Winhawille.edu.hel.fi.xml b/src/chrome/content/rules/Winhawille.edu.hel.fi.xml
deleted file mode 100644
index 6963d7d67e6e..000000000000
--- a/src/chrome/content/rules/Winhawille.edu.hel.fi.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="Winhawille.edu.hel.fi">
-  <target host="winhawille.edu.hel.fi"/>
-  <rule from="^http:" to="https:" />
-</ruleset>
-<!-- Rule generated by HTTPS Finder 0.85 -->
diff --git a/src/chrome/content/rules/Winner.com.xml b/src/chrome/content/rules/Winner.com.xml
index d2164e21f92a..0c9c091c5ed5 100644
--- a/src/chrome/content/rules/Winner.com.xml
+++ b/src/chrome/content/rules/Winner.com.xml
@@ -55,12 +55,33 @@
 		- securelivecasino
 		- securemobile
 		- service
-		- wap		
+		- wap
 
 -->
 <ruleset name="Winner.com (partial)">
 
-	<target host="*.winner.com" />
+	<target host="casino.winner.com" />
+	<target host="bannercasino.winner.com" />
+	<target host="chat-winnercasino.winner.com" />
+	<target host="mcasino.winner.com" />
+	<target host="cdn-bingo.winner.com" />
+	<target host="login.winner.com" />
+	<target host="m.winner.com" />
+	<target host="mbingo.winner.com" />
+	<target host="poker.winner.com" />
+	<target host="secure.winner.com" />
+	<target host="service.winner.com" />
+	<target host="static.winner.com" />
+	<target host="wap.winner.com" />
+	<target host="bingo.winner.com" />
+	<target host="games.winner.com" />
+	<target host="livecasino.winner.com" />
+	<target host="mobile.winner.com" />
+	<target host="securebingo.winner.com" />
+	<target host="securegames.winner.com" />
+	<target host="securelivecasino.winner.com" />
+	<target host="securemobile.winner.com" />
+	<target host="cachepoker.winner.com" />
 		<exclusion pattern="^http://casino\.winner\.com/(?!media/)" />
 		<exclusion pattern="^http://poker\.winner\.com/(?!style/|tpl/)" />
 		<exclusion pattern="^http://static\.winner\.com/www/" />
@@ -70,8 +91,6 @@
 	<securecookie host=".+\.winner\.com$" name=".+" />
 
 
-	<rule from="^http://((?:banner|chat-winner|m)?casino|cdn-bingo|login|m|mbingo|poker|secure|service|static|wap)\.winner\.com/"
-		to="https://$1.winner.com/" />
 
 	<rule from="^http://(?:secure)?(bingo|games|livecasino|mobile)\.winner\.com/"
 		to="https://secure$1.winner.com/" />
@@ -79,4 +98,5 @@
 	<rule from="^http://cachepoker\.winner\.com/"
 		to="https://poker.winner.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Winoptions.com.xml b/src/chrome/content/rules/Winoptions.com.xml
deleted file mode 100644
index d57f7fbdcf16..000000000000
--- a/src/chrome/content/rules/Winoptions.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Mixed content:
-		lp.winoptions.com
-		myaccount.winoptions.com
-
-	No working URL known:
-		spotplatform.winoptions.com
-
--->
-<ruleset name="Winoptions.com">
-
-	<target host="winoptions.com" />
-	<target host="www.winoptions.com" />
-	<target host="api.winoptions.com" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wintotal.de.xml b/src/chrome/content/rules/Wintotal.de.xml
index 02c31e3f6f48..f0f2f31a6c46 100644
--- a/src/chrome/content/rules/Wintotal.de.xml
+++ b/src/chrome/content/rules/Wintotal.de.xml
@@ -1,6 +1,6 @@
 <!--  certificate mismatch:
-			- community.wintotal.de 
-			- wintotal.de 
+			- community.wintotal.de
+			- wintotal.de
 	-->
 <ruleset name="Wintotal.de">
 
diff --git a/src/chrome/content/rules/Wire.com.xml b/src/chrome/content/rules/Wire.com.xml
deleted file mode 100644
index 66e836c9b2be..000000000000
--- a/src/chrome/content/rules/Wire.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<ruleset name="Wire.com">
-
-	<target host="wire.com" />
-	<target host="*.wire.com" />
-	<target host="wire.innocraft.cloud" />
-
-	<test url="http://account.wire.com/" />
-	<test url="http://app.wire.com/" />
-	<test url="http://blog.wire.com/" />
-	<test url="http://get.wire.com/" />
-	<test url="http://prod-assets.wire.com/" />
-	<test url="http://prod-nginz-https.wire.com/" />
-	<test url="http://prod-nginz-ssl.wire.com/" />
-	<test url="http://support.wire.com/" />
-	<test url="http://www.wire.com/" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wire.innocraft.cloud.xml b/src/chrome/content/rules/Wire.innocraft.cloud.xml
new file mode 100644
index 000000000000..e3a3ca8c2485
--- /dev/null
+++ b/src/chrome/content/rules/Wire.innocraft.cloud.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wire.innocraft.cloud">
+
+	<target host="wire.innocraft.cloud" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WireEdit.com.xml b/src/chrome/content/rules/WireEdit.com.xml
index c75d1d1523e9..9e69fe0a264c 100644
--- a/src/chrome/content/rules/WireEdit.com.xml
+++ b/src/chrome/content/rules/WireEdit.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.wireedit.com/ => https://www.wireedit.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wireedit.com'")
 
 -->
-<ruleset name="WireEdit.com" default_off='failed ruleset test'>
+<ruleset name="WireEdit.com" default_off="failed ruleset test">
 
 	<target host="wireedit.com" />
 	<target host="www.wireedit.com" />
diff --git a/src/chrome/content/rules/Wired.com.xml b/src/chrome/content/rules/Wired.com.xml
index e8393c45c9b0..1746f106f363 100644
--- a/src/chrome/content/rules/Wired.com.xml
+++ b/src/chrome/content/rules/Wired.com.xml
@@ -5,7 +5,7 @@
 		- insights.wired.com
 		- www.insights.wired.com
 		- stats.wired.com
-		
+
 	Refused:
 		- feeds.wired.com
 		- howto.wired.com
@@ -20,12 +20,12 @@
 	<target host="archive.wired.com" />
 	<target host="assets.wired.com" />
 		<test url="http://assets.wired.com/photos/w_373,h_210/wp-content/uploads/2017/01/GettyImages-631335270-1-600x338.jpg" />
-		<test url="http://assets.wired.com/photos/w_163,h_163/wp-content/uploads/2017/01/GettyImages-631431762-500x500.jpg" />	
+		<test url="http://assets.wired.com/photos/w_163,h_163/wp-content/uploads/2017/01/GettyImages-631431762-500x500.jpg" />
 	<target host="awsbeta.wired.com" />
 	<target host="beta.wired.com" />
 	<target host="blog.wired.com" />
 	<target host="downloads.wired.com" />
-		<test url="http://downloads.wired.com/podcasts/xml/geekdads.xml" />	
+		<test url="http://downloads.wired.com/podcasts/xml/geekdads.xml" />
 	<target host="live.wired.com" />
 	<target host="sstats.wired.com" />
 	<target host="stag2.wired.com" />
diff --git a/src/chrome/content/rules/WiredMinds.xml b/src/chrome/content/rules/WiredMinds.xml
index 8e77fba1bc77..c40787ab2337 100644
--- a/src/chrome/content/rules/WiredMinds.xml
+++ b/src/chrome/content/rules/WiredMinds.xml
@@ -1,4 +1,9 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://st1.wiredminsds.de/ => https://st1.wiredminsds.de/: (6, 'Could not resolve host: st1.wiredminsds.de')
+
 	Partially covered subdomains:
 
 		- (www.)	(some pages redirect to http)
@@ -15,15 +20,14 @@
 <ruleset name="WiredMinds (partial)">
 
 	<target host="wiredminds.de" />
-	<target host="*.wiredminds.de" />
-		<exclusion pattern="^http://(?:www\.)?wiredminds\.de/(?!/?assets/|favicon\.ico)" />
-
+  <target host="www.wiredminds.de" />
+	<!-- target host="st1.wiredminsds.de" /-->
+	<target host="test.wiredminds.de" />
+	<target host="wm.wiredminds.de" />
+	<target host="wmapp.wiredminds.de" />
 
 	<securecookie host="\.wiredminds\.de$" name="^WMSESSNAME$" />
 	<securecookie host="^(?:st1|test|wm)\.wiredminds\.de$" name=".+" />
 
-
-	<rule from="^http://((?:st1|test|wm|wmapp|www)\.)?wiredminds\.de/"
-		to="https://$1wiredminds.de/" />
-
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WiredSafety.org.xml b/src/chrome/content/rules/WiredSafety.org.xml
index 26173470cb2d..19a8f1cb6eb0 100644
--- a/src/chrome/content/rules/WiredSafety.org.xml
+++ b/src/chrome/content/rules/WiredSafety.org.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.wiredsafety.org/ => https://www.wiredsafety.org/: Too ma
 		- www.wiredsafety.org
 
 -->
-<ruleset name="WiredSafety.org" default_off='failed ruleset test'>
+<ruleset name="WiredSafety.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Wiredjs.com.xml b/src/chrome/content/rules/Wiredjs.com.xml
new file mode 100644
index 000000000000..628887ece194
--- /dev/null
+++ b/src/chrome/content/rules/Wiredjs.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Wiredjs.com">
+	<target host="wiredjs.com" />
+	<target host="www.wiredjs.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml b/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml
index d37f0578944f..eae3cd90d304 100644
--- a/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml
+++ b/src/chrome/content/rules/Wirral.gov.uk-falsemixed.xml
@@ -7,7 +7,7 @@ Fetch error: http://democracy.wirral.gov.uk/ => https://democracy.wirral.gov.uk/
 	For rules not causing false/broken MCB, see Wirral.gov.uk.xml.
 
 -->
-<ruleset name="Wirral.gov.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Wirral.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/Wirral.gov.uk.xml b/src/chrome/content/rules/Wirral.gov.uk.xml
index 919525210298..fd15d8e8573e 100644
--- a/src/chrome/content/rules/Wirral.gov.uk.xml
+++ b/src/chrome/content/rules/Wirral.gov.uk.xml
@@ -17,7 +17,7 @@
 	Problematic hosts in *wirral.gov.uk:
 
 		- democracy * ˣ
-	
+
 	* s:.../$ redirects to p:...:443/
 	ˣ Mixed css
 
diff --git a/src/chrome/content/rules/Wishabi.xml b/src/chrome/content/rules/Wishabi.xml
deleted file mode 100644
index 56530a5413ee..000000000000
--- a/src/chrome/content/rules/Wishabi.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-	Other Wishabi rulesets:
-
-		- Circular_Hub.xml
-
-
-	CDN buckets:
-
-		- f.wishabi.ca.s3.amazonaws.com
-			- f.wishabi.ca
-
-		- d2e0sxz09bo7k2.cloudfront.net
-
-			- f1.wishabi.ca
-
-
-	Nonfunctional domains:
-
-		- (www.)wishabi.ca *
-		- (www.)wishabi.com *
-
-	* Refused
-
-
-	Fully covered wishabi.ca subdomains:
-
-		- analytics
-		- f		(→ s3.amazonaws.com)
-		- f1		(→ d2e0sxz09bo7k2.cloudfront.net)
-		- merchants
-		- editorials.merchants
-
--->
-<ruleset name="Wishabi">
-
-	<target host="*.wishabi.ca" />
-
-
-	<securecookie host="^\.merchants\.wishabi\.ca$" name=".+" />
-
-
-	<rule from="^http://f\.wishabi\.ca/"
-		to="https://s3.amazonaws.com/f.wishabi.ca/" />
-
-	<rule from="^http://f1\.wishabi\.ca/"
-		to="https://d2e0sxz09bo7k2.cloudfront.net/" />
-
-	<rule from="^http://(analytic|(?:editorials\.)?merchant)s\.wishabi\.ca/"
-		to="https://$1s.wishabi.ca/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wishlist_Granted.com.xml b/src/chrome/content/rules/Wishlist_Granted.com.xml
index 332ab71452a8..5c06e1861591 100644
--- a/src/chrome/content/rules/Wishlist_Granted.com.xml
+++ b/src/chrome/content/rules/Wishlist_Granted.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.wishlistgranted.com/ => https://wishlistgranted.com/: (6
 	www: cert only matches ^wishlistgranted.com
 
 -->
-<ruleset name="Wishlist Granted.com" default_off='failed ruleset test'>
+<ruleset name="Wishlist Granted.com" default_off="failed ruleset test">
 
 	<target host="wishlistgranted.com" />
 	<target host="www.wishlistgranted.com" />
diff --git a/src/chrome/content/rules/Wishpot.com.xml b/src/chrome/content/rules/Wishpot.com.xml
index cd16575ac40a..75b0ce87803f 100644
--- a/src/chrome/content/rules/Wishpot.com.xml
+++ b/src/chrome/content/rules/Wishpot.com.xml
@@ -11,10 +11,12 @@ Fetch error: http://wishpot.com/ => https://www.wishpot.com/: (28, 'Operation ti
 	^: 404
 
 -->
-<ruleset name="Wishpot.com" default_off='failed ruleset test'>
+<ruleset name="Wishpot.com" default_off="failed ruleset test">
 
 	<target host="wishpot.com" />
-	<target host="*.wishpot.com" />
+	<target host="www.wishpot.com" />
+	<target host="it.wishpot.com" />
+	<target host="uk.wishpot.com" />
 
 
 	<!--	Not secured by server:
@@ -28,7 +30,6 @@ Fetch error: http://wishpot.com/ => https://www.wishpot.com/: (28, 'Operation ti
 	<rule from="^http://(?:www\.)?wishpot\.com/"
 		to="https://www.wishpot.com/" />
 
-	<rule from="^http://(it|uk)\.wishpot\.com/"
-		to="https://$1.wishpot.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wiss.ch.xml b/src/chrome/content/rules/Wiss.ch.xml
deleted file mode 100644
index cfc2dea00c39..000000000000
--- a/src/chrome/content/rules/Wiss.ch.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="WISS">
-	<target host="lms.wiss.ch" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wistia.xml b/src/chrome/content/rules/Wistia.xml
index 3b0fe27b4324..846085fd904e 100644
--- a/src/chrome/content/rules/Wistia.xml
+++ b/src/chrome/content/rules/Wistia.xml
@@ -42,7 +42,7 @@ Fetch error: http://fast.wistia.com/ => https://fast.wistia.com/: Too many redir
 			- prime
 
 -->
-<ruleset name="Wistia.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Wistia.com (partial)" default_off="failed ruleset test">
 
 	<target host="app.wistia.com" />
 	<target host="buy.wistia.com" />
diff --git a/src/chrome/content/rules/Wit.ai.xml b/src/chrome/content/rules/Wit.ai.xml
deleted file mode 100644
index 9fe44853bff9..000000000000
--- a/src/chrome/content/rules/Wit.ai.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="Wit.ai">
-
-	<target host="wit.ai" />
-	<target host="www.wit.ai" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/WithSIX.xml b/src/chrome/content/rules/WithSIX.xml
deleted file mode 100644
index 870fd7bf2f9f..000000000000
--- a/src/chrome/content/rules/WithSIX.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<!--
-	Nonfunctional hosts in *withsix.com:
-
-		- play *
-
-	* Redirects to http
-
--->
-<ruleset name="WithSIX.com (Partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="withsix.com" />
-	<target host="auth.withsix.com" />
-  <target host="connect.withsix.com" />
-  <target host="dev.withsix.com" />
-	<target host="www.withsix.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://withsix\.com/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://withsix\.com/+(?!gopremium(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://withsix.com/blog" />
-			<test url="http://withsix.com/changelog" />
-			<test url="http://withsix.com/community" />
-			<test url="http://withsix.com/download" />
-			<test url="http://withsix.com/getting-started" />
-
-			<!--	-ve:
-					-->
-			<test url="http://withsix.com/gopremium" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://connect\.withsix\.com/$" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://connect\.withsix\.com/+(?!(?:login|register)(?:$|[?/])|me/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://connect.withsix.com/home" />
-			<test url="http://connect.withsix.com/home.asp" />
-			<test url="http://connect.withsix.com/index" />
-			<test url="http://connect.withsix.com/index.asp" />
-			<test url="http://connect.withsix.com/index.aspx" />
-			<test url="http://connect.withsix.com/index.htm" />
-			<test url="http://connect.withsix.com/index.html" />
-			<test url="http://connect.withsix.com/index.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://connect.withsix.com/login" />
-			<test url="http://connect.withsix.com/me/" />
-			<test url="http://connect.withsix.com/register" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^dev\.withsix\.com$" name="^_devheaven_rm_session$" /-->
-
-	<securecookie host="^dev\.withsix\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wix.xml b/src/chrome/content/rules/Wix.xml
index 62c9e6aa3785..0cdde3705751 100644
--- a/src/chrome/content/rules/Wix.xml
+++ b/src/chrome/content/rules/Wix.xml
@@ -13,7 +13,7 @@
 		- archive (unknown SSL protocol error)
 		- arena ¹
 		- beat (interrupted)
-		- dns.lc 
+		- dns.lc
 		- investors ²
 		- jobs (cert: dns.lc.wix.com; 403)
 
@@ -34,6 +34,7 @@
 	<target host="frog.wix.com" />
 	<target host="editor.wix.com" />
 	<target host="media.wix.com" />
+	<target host="shoutout.wix.com" />
 	<target host="sslstatic.wix.com" />
 	<target host="static.wix.com" />
 	<target host="tracking.wix.com" />
diff --git a/src/chrome/content/rules/Wiz.cn.xml b/src/chrome/content/rules/Wiz.cn.xml
index 841c2350b4cd..981569b041c1 100644
--- a/src/chrome/content/rules/Wiz.cn.xml
+++ b/src/chrome/content/rules/Wiz.cn.xml
@@ -1,11 +1,11 @@
 <!--
+	Timeout:
+		^	https://travis-ci.org/EFForg/https-everywhere/jobs/418257579#L599
+
 	Different http/https content:
 		app.wiz.cn
-		bbs.wiz.cn
-		s1.wiz.cn
 
 	Mismatch:
-		cdn2.wiz.cn
 		release.wiz.cn
 		upgrade.wiz.cn
 
@@ -14,6 +14,9 @@
 -->
 <ruleset name="Wiz.cn">
 	<!--Complications:-->
+	<target host="wiz.cn" />
+	<rule from="^http://wiz\.cn/" to="https://www.wiz.cn/" />
+
 	<target host="note.wiz.cn" />
 	<exclusion pattern="^http://note\.wiz\.cn/\S+\.html" />
 		<test url="http://note.wiz.cn/pages/updateYourClient.html" />
@@ -21,16 +24,15 @@
 		<test url="http://note.wiz.cn/url2wiz" />
 
 	<!--Directly:-->
-	<target host="wiz.cn" />
 	<target host="www.wiz.cn" />
 	<target host="api.wiz.cn" />
 	<target host="as.wiz.cn" />
 		<test url="http://as.wiz.cn/wizas/xmlrpc" />
+	<target host="bbs.wiz.cn" />
 	<target host="blog.wiz.cn" />
 	<target host="cdn.wiz.cn" />
-	<target host="get.wiz.cn" />
-	<!-- Find get.wiz.cn tests at: https://www.wiz.cn/downloads-windows.html -->
-	<target host="s2.wiz.cn" />
+	<target host="cdn2.wiz.cn" />
+	<target host="get.wiz.cn" /><!-- Find get.wiz.cn tests at: https://www.wiz.cn/downloads-windows.html -->
 	<target host="url.wiz.cn" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Wizard-Internet-Services.xml b/src/chrome/content/rules/Wizard-Internet-Services.xml
index bbe7d5961e3f..ee229eb963b3 100644
--- a/src/chrome/content/rules/Wizard-Internet-Services.xml
+++ b/src/chrome/content/rules/Wizard-Internet-Services.xml
@@ -1,26 +1,20 @@
 <!--
 	Other Wizard Internet Services rulesets:
 
-		- City-Mail.xml
+		+ CityEmail.com.xml
 
 
 	Nonfunctional subdomains:
 
-		- (www.)
-		- hosting	(rx_record_too_long)
+		- wizard.ca
+		- www.wizard.ca
+		- mail.wizard.ca
 
 -->
 <ruleset name="Wizard Internet Services (partial)">
 
-	<target host="*.wizard.ca" />
-
-
-	<!--	Cert mismatch, redirects like so.
-							-->
-	<rule from="^http://mail\.wizard\.ca/"
-		to="https://www.cityemail.com/" />
-
-	<rule from="^http://secure\.wizard\.ca/"
-		to="https://secure.wizard.ca/" />
+	<target host="secure.wizard.ca" />
+	<target host="hosting.wizard.ca" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wizards.com.xml b/src/chrome/content/rules/Wizards.com.xml
index a09e38659461..29733628825f 100644
--- a/src/chrome/content/rules/Wizards.com.xml
+++ b/src/chrome/content/rules/Wizards.com.xml
@@ -20,7 +20,7 @@
 
 		Mixed content blocking (MCB) triggered:
 		- dnd.wizards.com
-	
+
 -->
 <ruleset name="Wizards.com (partial)">
 
diff --git a/src/chrome/content/rules/Wizbang.xml b/src/chrome/content/rules/Wizbang.xml
index 6cc3477c82ec..f5c9eeea5aee 100644
--- a/src/chrome/content/rules/Wizbang.xml
+++ b/src/chrome/content/rules/Wizbang.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wizbang_Pop.xml b/src/chrome/content/rules/Wizbang_Pop.xml
deleted file mode 100644
index 0a7d595cba89..000000000000
--- a/src/chrome/content/rules/Wizbang_Pop.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Wizbang Pop">
-
-	<target host="wizbangpop.com" />
-	<target host="www.wizbangpop.com" />
-
-
-	<securecookie host="^\.wizbangpop\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/WoSign.cn.xml b/src/chrome/content/rules/WoSign.cn.xml
index d186db166cef..fa10cc4ae1af 100644
--- a/src/chrome/content/rules/WoSign.cn.xml
+++ b/src/chrome/content/rules/WoSign.cn.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.wosign.cn/ => https://www.wosign.cn/: (51, "SSL: no alte
 	For other WoSign coverage, see WoSign.com.xml.
 
 -->
-<ruleset name="WoSign.cn" default_off='failed ruleset test'>
+<ruleset name="WoSign.cn" default_off="failed ruleset test">
 
 	<target host="wosign.cn" />
 	<target host="www.wosign.cn" />
diff --git a/src/chrome/content/rules/WoSign.com.xml b/src/chrome/content/rules/WoSign.com.xml
index cb8265b3b465..d743b488279f 100644
--- a/src/chrome/content/rules/WoSign.com.xml
+++ b/src/chrome/content/rules/WoSign.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://support.wosign.com/ => https://support.wosign.com/: (6, 'Cou
 	² Invalid certificate
 	⁴ 404
 -->
-<ruleset name="WoSign.com" default_off='failed ruleset test'>
+<ruleset name="WoSign.com" default_off="failed ruleset test">
 	<target host="wosign.com" />
 	<target host="www.wosign.com" />
 	<target host="api.wosign.com" />
diff --git a/src/chrome/content/rules/WolfeBransonZipline.com.xml b/src/chrome/content/rules/WolfeBransonZipline.com.xml
new file mode 100644
index 000000000000..36cf83c5eefd
--- /dev/null
+++ b/src/chrome/content/rules/WolfeBransonZipline.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="Branson Zipline at Wolfe Mountain">
+	<target host="wolfemountainbranson.com" />
+	<target host="www.wolfemountainbranson.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wolfire-Games.xml b/src/chrome/content/rules/Wolfire-Games.xml
index 8e0c333b35b7..4b59670a2485 100644
--- a/src/chrome/content/rules/Wolfire-Games.xml
+++ b/src/chrome/content/rules/Wolfire-Games.xml
@@ -15,7 +15,7 @@ Fetch error: http://discourse.wolfire.com/ => https://discourse.wolfire.com/: (7
 		- legacy.wolfire.com (self-signed)
 		- wiki.wolfire.com (self-signed)
 -->
-<ruleset name="Wolfire Games (partial)" default_off='failed ruleset test'>
+<ruleset name="Wolfire Games (partial)" default_off="failed ruleset test">
 	<target host="wolfire.com" />
 	<target host="cdn.wolfire.com" />
 		<test url="http://cdn.wolfire.com/blog/discord.png" />
diff --git a/src/chrome/content/rules/Wolfram.com.xml b/src/chrome/content/rules/Wolfram.com.xml
index da8b2a1c6978..a58cf764f810 100644
--- a/src/chrome/content/rules/Wolfram.com.xml
+++ b/src/chrome/content/rules/Wolfram.com.xml
@@ -28,6 +28,7 @@
 	<target host="account.wolfram.com" />
 	<target host="amoeba.wolfram.com" />
 	<target host="billing.wolfram.com" />
+	<target host="blog.wolfram.com" />
 	<target host="community.wolfram.com" />
 	<target host="education.wolfram.com" />
 	<target host="reference.wolfram.com" />
diff --git a/src/chrome/content/rules/WolframAlpha.com.xml b/src/chrome/content/rules/WolframAlpha.com.xml
index 8e0823fe29c5..811835fab63f 100644
--- a/src/chrome/content/rules/WolframAlpha.com.xml
+++ b/src/chrome/content/rules/WolframAlpha.com.xml
@@ -52,6 +52,9 @@
 		<test url="http://www5a.wolframalpha.com/Calculate/MSP/MSP22951ebg8ah1a34673c800000gg7999a909270gg?MSPStoreType=image%2Fgif&amp;s=41&amp;w=62.&amp;h=18." />
 	<target host="www5b.wolframalpha.com" />
 
+	<exclusion pattern="http://www\.wolframalpha\.com/widgets/view\.jsp" />
+		<test url="http://www.wolframalpha.com/widgets/view.jsp?id=4b64c77d42179cb4d37d342045ddd836" />
+
 	<rule from="^http://wolframalpha\.com/"
 		to="https://www.wolframalpha.com/" />
 
diff --git a/src/chrome/content/rules/Wolverhampton.gov.uk.xml b/src/chrome/content/rules/Wolverhampton.gov.uk.xml
index a8e0d172b6c7..733caae05416 100644
--- a/src/chrome/content/rules/Wolverhampton.gov.uk.xml
+++ b/src/chrome/content/rules/Wolverhampton.gov.uk.xml
@@ -75,7 +75,6 @@
 					-->
 			<test url="http://m.wolverhampton.gov.uk/article/1165/Contact-form" />
 			<test url="http://m.wolverhampton.gov.uk/article/2614/Request-a-new-bin" />
-			<test url="http://m.wolverhampton.gov.uk/article/2614/Request-a-new-bin" />
 			<test url="http://m.wolverhampton.gov.uk/article/4771/Report-a-missed-bin" />
 			<test url="http://m.wolverhampton.gov.uk/article/5115/Website-feedback" />
 			<test url="http://m.wolverhampton.gov.uk/article/6/Login" />
diff --git a/src/chrome/content/rules/WolverineWorldwide.com.xml b/src/chrome/content/rules/WolverineWorldwide.com.xml
new file mode 100644
index 000000000000..1e5f79cd72fc
--- /dev/null
+++ b/src/chrome/content/rules/WolverineWorldwide.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Timed out:
+		- img.wolverineworld.com, equivalent to wolverine-o.scene7.com
+-->
+
+<ruleset name="WolverineWorldwide.com">
+	<target host="wolverineworldwide.com" />
+	<target host="www.wolverineworldwide.com" />
+	<target host="img.wolverineworldwide.com" />
+
+	<rule from="^http://img\.wolverineworldwide\.com/"
+		to="https://wolverine-o.scene7.com/" />
+		<test url="http://img.wolverineworldwide.com/is/image/WolverineWorldWide/WBS-R-F11-1K-1000Mile_Tan-11" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Women_on_Web.xml b/src/chrome/content/rules/Women_on_Web.xml
index 4dd6770532c7..2f346ea5a225 100644
--- a/src/chrome/content/rules/Women_on_Web.xml
+++ b/src/chrome/content/rules/Women_on_Web.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://womenonweb.org/ => https://womenonweb.org/: (51, "SSL: no alternative certificate subject name matches target host name 'womenonweb.org'")
 
 -->
-<ruleset name="Women on Web" default_off='failed ruleset test'>
+<ruleset name="Women on Web" default_off="failed ruleset test">
 
 	<target host="womenonweb.org" />
 	<target host="www.womenonweb.org" />
@@ -15,4 +15,4 @@ Fetch error: http://womenonweb.org/ => https://womenonweb.org/: (51, "SSL: no al
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Womens-Aid.xml b/src/chrome/content/rules/Womens-Aid.xml
index eba63ae6a6c7..fb68654142b3 100644
--- a/src/chrome/content/rules/Womens-Aid.xml
+++ b/src/chrome/content/rules/Womens-Aid.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://womensaid.ie/ => https://womensaid.ie/: (51, "SSL: no alternative certificate subject name matches target host name 'womensaid.ie'")
 
 -->
-<ruleset name="Womens Aid.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Womens Aid.com (partial)" default_off="failed ruleset test">
 
 	<target host="womensaid.ie" />
 	<target host="www.womensaid.ie" />
diff --git a/src/chrome/content/rules/Womens_Health_Specialists.xml b/src/chrome/content/rules/Womens_Health_Specialists.xml
index c70d57092b43..7d44a6de043a 100644
--- a/src/chrome/content/rules/Womens_Health_Specialists.xml
+++ b/src/chrome/content/rules/Womens_Health_Specialists.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://(?:www\.)?womenshealthspecialists\.org/(app/|css/|images/|scripts/|.+\?type=pdf)"
 		to="https://www.womenshealthspecialists.org/$1" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Womenshealth.de.xml b/src/chrome/content/rules/Womenshealth.de.xml
index c1529dc07509..5a457b7d803d 100644
--- a/src/chrome/content/rules/Womenshealth.de.xml
+++ b/src/chrome/content/rules/Womenshealth.de.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.womenshealth.de/ => https://www.womenshealth.de/: (51, "SSL: no alternative certificate subject name matches target host name 'www.womenshealth.de'")
 
 -->
-<ruleset name="Womenshealth.de" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Womenshealth.de" platform="mixedcontent" default_off="failed ruleset test">
 <target host="www.womenshealth.de"/>
 <target host="images.womenshealth.de"/>
 <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/Wonderlandmovies.xml b/src/chrome/content/rules/Wonderlandmovies.xml
index 6017033c3c09..bf168c1b9c2c 100644
--- a/src/chrome/content/rules/Wonderlandmovies.xml
+++ b/src/chrome/content/rules/Wonderlandmovies.xml
@@ -5,7 +5,7 @@
 <ruleset name="Wonderlandmovies">
 
 	<target host="wonderlandmovies.de" />
-	<target host="*.wonderlandmovies.de" />
+	<target host="www.wonderlandmovies.de" />
 
 
 	<securecookie host="^(?:www)?\.wonderlandmovies\.de$" name=".+" />
diff --git a/src/chrome/content/rules/Wonga.com.xml b/src/chrome/content/rules/Wonga.com.xml
index 5293e6741889..77a2e1779bd1 100644
--- a/src/chrome/content/rules/Wonga.com.xml
+++ b/src/chrome/content/rules/Wonga.com.xml
@@ -15,4 +15,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wood_Green.org.uk.xml b/src/chrome/content/rules/Wood_Green.org.uk.xml
index 772c235d271f..894fc1ccc5d9 100644
--- a/src/chrome/content/rules/Wood_Green.org.uk.xml
+++ b/src/chrome/content/rules/Wood_Green.org.uk.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Wood Green rulesets:
 
-		- Wood_Green_Shop.org.uk.xml
 
 
 	^: cert only matches www
@@ -23,8 +22,7 @@
 					-->
 		<!--exclusion pattern="^http://www\.woodgreen\.org\.uk/+(?!assets/|favicon\.ico|images/|stylesheets/)" /-->
 
-
-	<rule from="^http://(?:www\.)?woodgreen\.org\.uk/(?=assets/|favicon\.ico|images/|stylesheets/)"
-		to="https://www.woodgreen.org.uk/" />
+	<rule from="^http:"
+		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Wood_Green_Shop.org.uk.xml b/src/chrome/content/rules/Wood_Green_Shop.org.uk.xml
deleted file mode 100644
index d2f37ee2ad2e..000000000000
--- a/src/chrome/content/rules/Wood_Green_Shop.org.uk.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For other Wood Green coverage, see Wood_Green.org.uk.xml.
-
-
-	(www.): mismatched, CN: secure.woodgreenshop.org.uk
-
-
-	Mixed content:
-
-		- Images from www.woodgreen.org.uk *
-
-	* Secured by us
-
--->
-<ruleset name="Wood Green Shop.org.uk">
-
-	<target host="woodgreenshop.org.uk" />
-	<target host="*.woodgreenshop.org.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<securecookie host="^secure\.woodgreenshop\.org\.uk$" name=".+" />
-
-
-	<rule from="^http://(?:secure\.|www\.)?woodgreenshop\.org\.uk/"
-		to="https://secure.woodgreenshop.org.uk/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wood_Tree_Swings.xml b/src/chrome/content/rules/Wood_Tree_Swings.xml
index 54720e81b02a..1fe752462343 100644
--- a/src/chrome/content/rules/Wood_Tree_Swings.xml
+++ b/src/chrome/content/rules/Wood_Tree_Swings.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wooga.xml b/src/chrome/content/rules/Wooga.xml
index 1fc90ecd9ff0..af8d78e7c812 100644
--- a/src/chrome/content/rules/Wooga.xml
+++ b/src/chrome/content/rules/Wooga.xml
@@ -8,7 +8,8 @@
 -->
 <ruleset name="Wooga (partial)">
 
-	<target host="*.wooga.com" />
+	<target host="cdn12.wooga.com" />
+	<target host="cdn-mkt.wooga.com" />
 
 
 	<rule from="^http://cdn(?:12|-mkt)\.wooga\.com/"
diff --git a/src/chrome/content/rules/Woolworths.com.au.xml b/src/chrome/content/rules/Woolworths.com.au.xml
index 2c8cd0881b8a..58f12ed6b67f 100644
--- a/src/chrome/content/rules/Woolworths.com.au.xml
+++ b/src/chrome/content/rules/Woolworths.com.au.xml
@@ -1,17 +1,43 @@
 <!--
+The following targets have been disabled at 2020-10-14 19:04:33:
+
+Fetch error: http://webchatau.woolworths.com.au/ => https://webchatau.woolworths.com.au/: (7, 'Failed to connect to webchatau.woolworths.com.au port 443: Connection refused')
+Fetch error: http://webchatnz.woolworths.com.au/ => https://webchatnz.woolworths.com.au/: (7, 'Failed to connect to webchatnz.woolworths.com.au port 443: Connection refused')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://emailonline.woolworths.com.au/ => https://emailonline.woolworths.com.au/: (60, 'SSL certificate problem: certificate has expired')
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://apply-carloans.woolworths.com.au/ => https://apply-carloans.woolworths.com.au/: (60, 'SSL certificate problem: certificate has expired')
+Fetch error: http://cobrowseau.woolworths.com.au/ => https://cobrowseau.woolworths.com.au/: (7, 'Failed to connect to cobrowseau.woolworths.com.au port 443: Connection refused')
+Fetch error: http://corporate-vpn-ec.woolworths.com.au/ => https://corporate-vpn-ec.woolworths.com.au/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://corporate-vpn-nw.woolworths.com.au/ => https://corporate-vpn-nw.woolworths.com.au/: (35, 'error:14171102:SSL routines:tls_process_server_hello:unsupported protocol')
+Fetch error: http://ftp.woolworths.com.au/ => https://ftp.woolworths.com.au/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://uat.ftp.woolworths.com.au/ => https://uat.ftp.woolworths.com.au/: (28, 'Connection timed out after 20001 milliseconds')
+Fetch error: http://i.woolworths.com.au/ => https://i.woolworths.com.au/: (6, 'Could not resolve host: i.woolworths.com.au')
+Fetch error: http://msite.woolworths.com.au/ => https://msite.woolworths.com.au/: (6, 'Could not resolve host: msite.woolworths.com.au')
+Fetch error: http://partner-vpn-ec.woolworths.com.au/ => https://partner-vpn-ec.woolworths.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://partner-vpn-nw.woolworths.com.au/ => https://partner-vpn-nw.woolworths.com.au/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+Fetch error: http://shoutout.woolworths.com.au/ => https://shoutout.woolworths.com.au/: (60, 'SSL certificate problem: certificate has expired')
+
 	Other related rulesets:
 		- bigw.com.au.xml
 		- bws.com.au.xml
 		- Cellarmasters.com.au.xml
 		- Countdown.co.nz.xml
 		- danmurphys.com.au.xml
+		- EverydayGiftCards.com.au.xml
 		- EziBuy.com.xml
 		- Langtons.com.au.xml
-		- LastStopShop.co.nz.xml
-		- LastStopShop.com.au.xml
 		- Masters.com.au.xml
-		- nzwinesociety.co.nz.xml
-		- WoolworthsFlowers.com.au.xml
 		- WoolworthsMobile.com.au.xml
 		- WoolworthsPetrol.com.au.xml
 		- WoolworthsPay.com.au.xml
@@ -19,99 +45,106 @@
 
 
 	Non-functional domains:
-		- (www.)woolworthsglobalroaming.com.au		(redirects to http)
-		- (www.)woolworthslimited.com.au		(connection refused)
+		- (www.)woolworthsglobalroaming.com.au		(h)
+		- (www.)woolworthslimited.com.au		(r)
 
 
 	Non-functional subdomains:
 
 		- woolworths.com.au
-			- appsplus	(connection refused)
-			- email.bunch	¹
-			- catalogue	(mismatch hostname, CN: *.chtah.com)
-			- ebm.catalogue		(mismatch hostname, CN:  *.cheetahmail.com)
-			- f.catalogue	(mismatch hostname, CN: *.chtah.com)
-			- e-services	¹
-			- click.e-services	(mismatch hostname, CN: *.s6.exacttarget.com)
-			- image.e-services	(mismatch hostname, CN: a248.e.akamai.net)
-			- view.e-services	(mismatch hostname, CN: *.s6.exacttarget.com)
-			- ebiz	(self-signed cert)
-			- ebusiness	(self-signed cert)
-			- ecri	¹
-			- fabcot	²
-			- foodie	²
+			- appsplus	(r)
+			- email.bunch	(t)
+			- catalogue	(m)
+			- ebm.catalogue		(m)
+			- f.catalogue	(m)
+			- e-services	(t)
+			- click.e-services	(m)
+			- image.e-services	(m)
+			- view.e-services	(m)
+			- ebiz	(s)
+			- ebusiness	(s)
+			- ecri	(t)
+			- fabcot	(e)
+			- foodie	(e)
 			- getconnected	(SSL connection failed)
-			- heroes	²
-			- m.heroes	²
-			- uat.heroes	²
-			- devwebpay.intdns	(invalid certificate chain)
+			- heroes	(e)
+			- m.heroes	(e)
+			- uat.heroes	(e)
+			- devwebpay.intdns	(i)
 			- gfsconnect.intdns	(HTTP 404 error)
-			- uatwebpay.intdns	(invalid certificate chain)
-			- uatwoolworthsmoney.intdns	(invalid certificate chain)
-			- wowconnect.intdns	(mismatch hostname, CN: gfsconnect.intdns.woolworths.com.au)
-			- letsgoshopping	²
-			- magazine	(mismatch hostname, CN: *.salefinder.com.au)
-			- mail1		¹
-			- meetingrooms		¹
-			- bunch.mobile-api	(mismatch hostname, CN: *.cloudfront.net)
-			- static-uat.mobile-api	(mismatch hostname, CN: *.cloudfront.net)
-			- fuel.prod.v2.mobile-api	(connection refused)
-			- mts		¹
-			- mts2		¹
-			- online		¹
-			- producepilot		¹
+			- ssmt.intdns	(t)
+			- webpay.intdns	(t)
+			- uatwebpay.intdns	(i)
+			- uatwoolworthsmoney.intdns	(i)
+			- wowconnect.intdns	(m)
+			- letsgoshopping	(e)
+			- magazine	(m)
+			- mail1		(t)
+			- meetingrooms		(t)
+			- bunch.mobile-api	(m)
+			- static-uat.mobile-api	(m)
+			- fuel.prod.v2.mobile-api	(r)
+			- mts		(t)
+			- mts2		(t)
+			- mwowremote	(e)
+			- online		(t)
+			- producepilot		(t)
 			- sfftppro	(SSL connection failed)
-			- sftpuat	(self-signed cert)
+			- sftpuat	(s)
 			- telcobilling	(SSL connection failed)
 			- woweas	(SSL handshake failed)
-			- wowesm	(invalid certificate chain)
-			- wowlink	(mismatch hostname, CN: www.wowlink.com.au)
-			- tms.wowlink	(invalid certificate chain)
-			- wowlinklogin	(mismatch hostname, CN: www.wowlink.com.au)
-			- wowremote1	(mismatch hostname, CN: wowremote.woolworths.com.au)
-			- wowsfemail	¹
-			- wqacert	²
+			- wowesm	(i)
+			- wowlink	(m)
+			- tms.wowlink	(i)
+			- wowlinklogin	(m)
+			- wowremote1	(m)
+			- wowsfemail	(t)
+			- wqacert	(e)
 
 		-woolworthsonline.com.au
-			- catalogues	(mismatch hostname, CN: *.salefinder.com.au)
-			- games	(mismatch hostname, CN: a248.e.akamai.net)
-			- magazines	(mismatch hostname, CN: *.dynamiccatalogue.com.au)
-			- promotions	(², mismatch hostname, CN: *.3030.com.au)
+			- catalogues	(m)
+			- games	(m)
+			- magazines	(m)
+			- promotions	(e,m)
+
+	(t) Timeout
+	(e) Expired cert
 
-	¹ Timeout
-	² Expired cert
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
 -->
 <ruleset name="Woolworths.com.au">
 	<target host="woolworths.com.au" />
 	<target host="www.woolworths.com.au" />
 	<target host="api.woolworths.com.au" />
-	<target host="apply-carloans.woolworths.com.au" />
+	<!-- target host="apply-carloans.woolworths.com.au" /-->
 	<target host="appsplus1.woolworths.com.au" />
 	<target host="appsplusdev2.woolworths.com.au" />
 	<target host="appsplusuat.woolworths.com.au" />
 	<target host="bunch.woolworths.com.au" />
 	<target host="cards.woolworths.com.au" />
 	<target host="www.cards.woolworths.com.au" />
-	<target host="cobrowseau.woolworths.com.au" />
+	<!-- target host="cobrowseau.woolworths.com.au" /-->
 	<target host="contact.woolworths.com.au" />
-	<target host="corporate-vpn-ec.woolworths.com.au" />
-	<target host="corporate-vpn-nw.woolworths.com.au" />
+	<!-- target host="corporate-vpn-ec.woolworths.com.au" /-->
+	<!-- target host="corporate-vpn-nw.woolworths.com.au" /-->
 	<target host="developer.woolworths.com.au" />
 	<target host="devwebpay.woolworths.com.au" />
 	<target host="dr.woolworths.com.au" />
-	<target host="emailonline.woolworths.com.au" />
-	<target host="ftp.woolworths.com.au" />
-	<target host="uat.ftp.woolworths.com.au" />
+	<!-- target host="emailonline.woolworths.com.au" /-->
+	<!-- target host="ftp.woolworths.com.au" /-->
+	<!-- target host="uat.ftp.woolworths.com.au" /-->
 	<target host="help.woolworths.com.au" />
 	<target host="homelogin.woolworths.com.au" />
-	<target host="i.woolworths.com.au" />
+	<!-- target host="i.woolworths.com.au" /-->
 	<target host="images.woolworths.com.au" />
 	<target host="insurance.woolworths.com.au" />
 	<target host="www.insurance.woolworths.com.au" />
-	<target host="ssmt.intdns.woolworths.com.au" />
-		<!-- prevent timeout -->
-		<test url="http://ssmt.intdns.woolworths.com.au/public/images/grey_button_gradient.png" />
-	<target host="webpay.intdns.woolworths.com.au" />
 	<target host="listeningtoyou.woolworths.com.au" />
 	<target host="m.woolworths.com.au" />
 	<target host="media1.woolworths.com.au" />
@@ -125,14 +158,13 @@
 	<target host="prod.mobile-api.woolworths.com.au" />
 	<target host="test.mobile-api.woolworths.com.au" />
 	<target host="uat.mobile-api.woolworths.com.au" />
-	<target host="msite.woolworths.com.au" />
-	<target host="mwowremote.woolworths.com.au" />
-	<target host="partner-vpn-ec.woolworths.com.au" />
-	<target host="partner-vpn-nw.woolworths.com.au" />
+	<!-- target host="msite.woolworths.com.au" /-->
+	<!-- target host="partner-vpn-ec.woolworths.com.au" /-->
+	<!-- target host="partner-vpn-nw.woolworths.com.au" /-->
 	<target host="pies-apiuat.woolworths.com.au" />
 	<target host="services.woolworths.com.au" />
 	<target host="www.services.woolworths.com.au" />
-	<target host="shoutout.woolworths.com.au" />
+	<!-- target host="shoutout.woolworths.com.au" /-->
 	<target host="talk.woolworths.com.au" />
 	<target host="www.talk.woolworths.com.au" />
 	<target host="tms.woolworths.com.au" />
@@ -151,8 +183,8 @@
 	<target host="uat2app.woolworths.com.au" />
 	<target host="uatcontact.woolworths.com.au" />
 	<target host="uatwebpay.woolworths.com.au" />
-	<target host="webchatau.woolworths.com.au" />
-	<target host="webchatnz.woolworths.com.au" />
+	<!-- target host="webchatau.woolworths.com.au" /-->
+	<!-- target host="webchatnz.woolworths.com.au" /-->
 	<target host="webpay.woolworths.com.au" />
 	<target host="wowpeople.woolworths.com.au" />
 	<target host="wowremote.woolworths.com.au" />
diff --git a/src/chrome/content/rules/WoolworthsFlowers.com.au.xml b/src/chrome/content/rules/WoolworthsFlowers.com.au.xml
deleted file mode 100644
index 503fd19bb24b..000000000000
--- a/src/chrome/content/rules/WoolworthsFlowers.com.au.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other Woolworths coverage, see Woolworths.com.au.xml
-
-
-	Mixed content:
-		Images from freshflowers.com.au *
-
-	* Secured by us
--->
-<ruleset name="Woolworths Flowers">
-
-	<target host="woolworthsflowers.com.au" />
-	<target host="www.woolworthsflowers.com.au" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/WoolworthsMobile.com.au.xml b/src/chrome/content/rules/WoolworthsMobile.com.au.xml
index e766ed11b2a5..14dae60497ee 100644
--- a/src/chrome/content/rules/WoolworthsMobile.com.au.xml
+++ b/src/chrome/content/rules/WoolworthsMobile.com.au.xml
@@ -3,7 +3,7 @@
 
 
 	Nonfunctional subdomains:
-		
+
 		- woolworthsmobile.com.au
 			- it	(connection refused)
 			- shoutout	(mismatch hostname, CN: shoutout.woolworths.com.au)
diff --git a/src/chrome/content/rules/Woot.com.xml b/src/chrome/content/rules/Woot.com.xml
new file mode 100644
index 000000000000..12bafacfedd7
--- /dev/null
+++ b/src/chrome/content/rules/Woot.com.xml
@@ -0,0 +1,33 @@
+<ruleset name="Woot.com (partial)">
+	<target host="woot.com" />
+	<target host="www.woot.com" />
+	<target host="accessories.woot.com" />
+	<target host="account.woot.com" />
+	<target host="apipanda.woot.com" />
+	<target host="auth.woot.com" />
+	<target host="bidet.woot.com" />
+	<target host="computers.woot.com" />
+	<target host="deals.woot.com" />
+	<target host="debug.woot.com" />
+	<target host="developer.woot.com" />
+	<target host="electronics.woot.com" />
+	<target host="error.woot.com" />
+	<target host="games.woot.com" />
+	<target host="holiday.woot.com" />
+	<target host="home.woot.com" />
+	<target host="kids.woot.com" />
+	<target host="moofi.woot.com" />
+	<target host="optinside.woot.com" />
+	<target host="pizza.woot.com" />
+	<target host="production.woot.com" />
+	<target host="r.woot.com" />
+	<target host="sellout.woot.com" />
+	<target host="shirt.woot.com" />
+	<target host="sport.woot.com" />
+	<target host="survey.woot.com" />
+	<target host="tools.woot.com" />
+	<target host="vendorportal.woot.com" />
+	<target host="wine.woot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Woot.xml b/src/chrome/content/rules/Woot.xml
deleted file mode 100644
index bab364002f33..000000000000
--- a/src/chrome/content/rules/Woot.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://images.deals.woot.com/ (200) => https://s3.amazonaws.com/images.deals.woot.com/ (403)
-
-	s3.amazonaws.com/images.deals.woot.com/
-	s3.amazonaws.com/image.w00t.com/
-		- Equivalent to d15xkf1ye01a0m.cloudfront.net
-	s3.amazonaws.com/gzip.static.woot.com/
-	s3.amazonaws.com/wootblogimages/
-
--->
-<ruleset name="Woot (partial)" default_off='failed ruleset test'>
-
-	<target host="w00t.com" />
-	<target host="*.w00t.com" />
-	<target host="woot.com" />
-	<target host="*.woot.com" />
-		<!--exclusion pattern="^http://www\.woot\.com/(forums|(jobs|recalls|sponsorus|terms|writeus)\.aspx|User)" /-->
-
-
-	<!--	403s :(
-	<rule from="^http://image(?:cache)?\.w00t\.com/"
-		to="https://s3.amazonaws.com/image.w00t.com/" />
-
-	
-		These paths redirect to http:
-
-			- blog
-			- forums
-			- jobs.aspx
-			- recalls.aspx
-			- sponsorus.aspx
-			- terms.aspx
-			- User
-			- writeus.aspx
-
-		These paths don't redirect to http (shh!):
-
-			- account/login?
-			- App_Themes
-			- Blog
-			- blog/rss.aspx
-			- Forums
-			- images
-			- Images
-			- Jobs.aspx
-			- Recalls.aspx
-			- Search
-			- SponsorUs.aspx
-			- Terms.aspx
-			- wantone
-			- WhatIsWoot.aspx
-			- WriteUs.aspx
-
-
-		Cert only matches *.woot.com.
-					-->
-	<rule from="^http://(?:www\.)?w[0o]{2}t\.com/((?:account|App_Themes|Blog|Forums|[iI]mages|Search)(?:$|/)|(?:blog/rss|Jobs|Recalls|SponsorUs|Terms|WhatIsWoot|WriteUs)\.aspx)"
-		to="https://www.woot.com/$1" />
-
-	<rule from="^http://(account|members)\.woot\.com/"
-		to="https://$1.woot.com/" />
-
-	<rule from="^http://(avatar|images\.deals|(?:gzip\.)?static)\.woot\.com/"
-		to="https://s3.amazonaws.com/$1.woot.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wooting.nl.xml b/src/chrome/content/rules/Wooting.nl.xml
new file mode 100644
index 000000000000..868353fbe018
--- /dev/null
+++ b/src/chrome/content/rules/Wooting.nl.xml
@@ -0,0 +1,9 @@
+<ruleset name="Wooting.nl">
+	<target host="wooting.nl" />
+	<target host="www.wooting.nl" />
+	<target host="blog.wooting.nl" />
+	<target host="shopint.wooting.nl" />
+	<target host="shopna.wooting.nl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WordPress-blogs.xml b/src/chrome/content/rules/WordPress-blogs.xml
index 661afb6abd84..2d6529b342cd 100644
--- a/src/chrome/content/rules/WordPress-blogs.xml
+++ b/src/chrome/content/rules/WordPress-blogs.xml
@@ -3,10 +3,8 @@
 -->
 
 <ruleset name="WordPress blogs">
-	<target host="dictionaryblog.cambridge.org" />
 	<target host="news.efinancialcareers.com" />
 	<target host="blog.nanigans.com" />
-	<target host="blog.opengroup.org" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/WordPress.tv.xml b/src/chrome/content/rules/WordPress.tv.xml
index 06305b1c4b3c..7af416568d07 100644
--- a/src/chrome/content/rules/WordPress.tv.xml
+++ b/src/chrome/content/rules/WordPress.tv.xml
@@ -1,6 +1,6 @@
 <!--
 	Wildcard DNS but without wildcard certificate.
-	
+
 	All other subdomains are mismatched.
 
 -->
diff --git a/src/chrome/content/rules/WordPress.xml b/src/chrome/content/rules/WordPress.xml
index a253d795a154..137f3c553130 100644
--- a/src/chrome/content/rules/WordPress.xml
+++ b/src/chrome/content/rules/WordPress.xml
@@ -28,7 +28,7 @@
 		<test url="http://www.wp.com/music" />
 		<test url="http://get.wp.com/" />
 
-	<securecookie host=".+" name=".+" />
+	<securecookie host=".+" name="^(?!wordpress_logged_in$).+" />
 
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/WordRider.net.xml b/src/chrome/content/rules/WordRider.net.xml
new file mode 100644
index 000000000000..9823fefc8a3c
--- /dev/null
+++ b/src/chrome/content/rules/WordRider.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- bugtracker
+		- svn
+-->
+<ruleset name="WordRider.net">
+	<target host="wordrider.net" />
+	<target host="www.wordrider.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Word_Pro.xml b/src/chrome/content/rules/Word_Pro.xml
index f52c9533da63..8da88e2ff618 100644
--- a/src/chrome/content/rules/Word_Pro.xml
+++ b/src/chrome/content/rules/Word_Pro.xml
@@ -13,7 +13,7 @@
 <ruleset name="The Word Pro">
 
 	<target host="thewordpro.com" />
-	<target host="*.thewordpro.com" />
+	<target host="www.thewordpro.com" />
 
 
 	<securecookie host="^\.thewordpro\.com$" name=".+" />
@@ -22,4 +22,4 @@
 	<rule from="^http://(?:www\.)?thewordpro\.com/"
 		to="https://www.thewordpro.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wordentropy.org.xml b/src/chrome/content/rules/Wordentropy.org.xml
index e45c50a15801..66eeb95ab6c1 100644
--- a/src/chrome/content/rules/Wordentropy.org.xml
+++ b/src/chrome/content/rules/Wordentropy.org.xml
@@ -5,10 +5,10 @@ Fetch error: http://wordentropy.org/ => https://wordentropy.org/: (28, 'Operatio
 Fetch error: http://www.wordentropy.org/ => https://www.wordentropy.org/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="Wordentropy.org" default_off='failed ruleset test'>
+<ruleset name="Wordentropy.org" default_off="failed ruleset test">
 	<target host="wordentropy.org" />
 	<target host="www.wordentropy.org" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wordnik.xml b/src/chrome/content/rules/Wordnik.xml
index f237070797bf..2fa17582e2cd 100644
--- a/src/chrome/content/rules/Wordnik.xml
+++ b/src/chrome/content/rules/Wordnik.xml
@@ -3,7 +3,7 @@
 	<target host="wordnik.com" />
 	<target host="www.wordnik.com" />
 	<!--	* for cross-domain cookie.	-->
-	
+
 
 
 	<securecookie host="^(?:www)?\.wordnik\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Work4_Labs.xml b/src/chrome/content/rules/Work4_Labs.xml
index 50cfedc275a6..10ae25d96826 100644
--- a/src/chrome/content/rules/Work4_Labs.xml
+++ b/src/chrome/content/rules/Work4_Labs.xml
@@ -10,4 +10,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Workaround.org.xml b/src/chrome/content/rules/Workaround.org.xml
index 6f17f4c7e53e..76bac1759d70 100644
--- a/src/chrome/content/rules/Workaround.org.xml
+++ b/src/chrome/content/rules/Workaround.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://fry.workaround.org/ => https://fry.workaround.org/: (51, "SS
 Fetch error: http://www.workaround.org/ => https://www.workaround.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.workaround.org'")
 
 -->
-<ruleset name="workaround.org" default_off='failed ruleset test'>
+<ruleset name="workaround.org" default_off="failed ruleset test">
 
 	<target host="workaround.org" />
 	<target host="fry.workaround.org" />
diff --git a/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml b/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml
index a2cf27f5f833..9eb0cf95b438 100644
--- a/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml
+++ b/src/chrome/content/rules/WorkplaceGenderEqualityAgency.xml
@@ -1,7 +1,7 @@
 <ruleset name="Workplace Gender Equality Agency">
 	<target host="wgea.gov.au" />
-	<target host="*.wgea.gov.au" />
+	<target host="www.wgea.gov.au" />
 
 	<rule from="^http://(?:www\.)?wgea\.gov\.au/"
 		to="https://www.wgea.gov.au/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Workzeitung.ch.xml b/src/chrome/content/rules/Workzeitung.ch.xml
new file mode 100644
index 000000000000..d1d98fc2a338
--- /dev/null
+++ b/src/chrome/content/rules/Workzeitung.ch.xml
@@ -0,0 +1,6 @@
+<ruleset name="Workzeitung.ch">
+	<target host="workzeitung.ch" />
+	<target host="www.workzeitung.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/World-Nuclear-News.org.xml b/src/chrome/content/rules/World-Nuclear-News.org.xml
new file mode 100644
index 000000000000..263a0a96b959
--- /dev/null
+++ b/src/chrome/content/rules/World-Nuclear-News.org.xml
@@ -0,0 +1,13 @@
+<!--
+	Connection closed:
+		- track
+
+	Mismatched:
+		- wbsnhes
+-->
+<ruleset name="World-Nuclear-News.org">
+	<target host="world-nuclear-news.org" />
+	<target host="www.world-nuclear-news.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/World-of-Warships.xml b/src/chrome/content/rules/World-of-Warships.xml
new file mode 100644
index 000000000000..f0601fbcefac
--- /dev/null
+++ b/src/chrome/content/rules/World-of-Warships.xml
@@ -0,0 +1,91 @@
+<!--
+	For other Wargaming.net coverage, see Wargaming.xml.
+
+	Invalid certificate:
+		asus.worldofwarships.com
+		eu.worldofwarships.com
+		gigabyte.worldofwarships.com
+		ru.worldofwarships.com
+		static-upd-v4r4h10x.worldofwarships.com
+		static-wguscs.worldofwarships.com
+
+		cdn.worldofwarships.ru
+
+	Different content http/https:
+		forum-eu.worldofwarships.com
+		forum-na.worldofwarships.com
+		forum-ru.worldofwarships.com
+		santa.worldofwarships.com
+		teams.worldofwarships.com
+
+		santa.worldofwarships.eu
+		teams.worldofwarships.eu
+
+		auth-pt.worldofwarships.ru
+		teams.worldofwarships.ru
+
+	Redirect to http:
+		update.worldofwarships.com
+		update-v4r4h10x.worldofwarships.com
+
+		update.worldofwarships.eu
+		update-v4r4h10x.worldofwarships.eu
+
+		update.worldofwarships.ru
+		update-v4r4h10x.worldofwarships.ru
+
+	No working URL known:
+		wguscs.worldofwarships.com
+
+		wguscs.worldofwarships.eu
+
+		csis-wowspt.worldofwarships.ru
+		hole.worldofwarships.ru
+
+	Secure connection failed:
+		obt.worldofwarships.eu
+
+	Login required:
+		bugs-st.worldofwarships.ru
+-->
+
+<ruleset name="World of Warships">
+	<!-- worldofwarships.com -->
+	<target host="worldofwarships.com" />
+	<target host="www.worldofwarships.com" />
+	<target host="api.worldofwarships.com" />
+	<target host="auth.worldofwarships.com" />
+	<target host="blog.worldofwarships.com" />
+	<target host="forum.worldofwarships.com" />
+	<target host="playtogether.worldofwarships.com" />
+	<target host="vortex.worldofwarships.com" />
+	<target host="warehouse.worldofwarships.com" />
+
+	<!-- worldofwarships.eu -->
+	<target host="worldofwarships.eu" />
+	<target host="www.worldofwarships.eu" />
+	<target host="api.worldofwarships.eu" />
+	<target host="auth.worldofwarships.eu" />
+	<target host="blog.worldofwarships.eu" />
+	<target host="forum.worldofwarships.eu" />
+	<target host="playtogether.worldofwarships.eu" />
+	<target host="vortex.worldofwarships.eu" />
+
+	<!-- worldofwarships.ru -->
+	<target host="worldofwarships.ru" />
+	<target host="www.worldofwarships.ru" />
+	<target host="api.worldofwarships.ru" />
+	<target host="auth.worldofwarships.ru" />
+	<target host="blog.worldofwarships.ru" />
+	<target host="forum.worldofwarships.ru" />
+	<target host="forum-new.worldofwarships.ru" />
+	<target host="playtogether.worldofwarships.ru" />
+	<target host="portal-pt.worldofwarships.ru" />
+	<target host="pt.worldofwarships.ru" />
+	<target host="st.worldofwarships.ru" />
+	<target host="vortex.worldofwarships.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldMate.com.xml b/src/chrome/content/rules/WorldMate.com.xml
index b9b498e6ef18..56e4347174e2 100644
--- a/src/chrome/content/rules/WorldMate.com.xml
+++ b/src/chrome/content/rules/WorldMate.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="WorldMate.com">
 
 	<target host="worldmate.com" />
-	<target host="*.worldmate.com" />
+	<target host="www.worldmate.com" />
+	<target host="cdn.worldmate.com" />
 
 
 	<!--	Secured by server:
@@ -16,7 +17,6 @@
 	<rule from="^http://(?:www\.)?worldmate\.com/"
 		to="https://www.worldmate.com/" />
 
-	<rule from="^http://cdn\.worldmate\.com/"
-		to="https://cdn.worldmate.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/WorldOfGothic.com.xml b/src/chrome/content/rules/WorldOfGothic.com.xml
new file mode 100644
index 000000000000..92175ba1763a
--- /dev/null
+++ b/src/chrome/content/rules/WorldOfGothic.com.xml
@@ -0,0 +1,32 @@
+<!--
+	Mismatched:
+		- exodus
+		- ignis
+		- khorana
+
+	SSL handshake error:
+		- alix
+		- almanach
+		- ftp
+		- imap
+		- legendofahssun
+		- legendofkataris
+		- mail
+		- modstar
+		- odysseemodteam
+		- oparilames
+		- openmod
+		- pop
+		- relay
+		- smtp
+		- soulfire
+		- varus
+		- velaya
+		- wiki
+-->
+<ruleset name="WorldOfGothic.com">
+	<target host="worldofgothic.com" />
+	<target host="www.worldofgothic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldOfPlayers.ru.xml b/src/chrome/content/rules/WorldOfPlayers.ru.xml
new file mode 100644
index 000000000000..61877374142a
--- /dev/null
+++ b/src/chrome/content/rules/WorldOfPlayers.ru.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatched:
+		- www
+		- dl
+		- dl1
+		- forum
+		- media
+		- nv
+		- old
+		- s
+		- wiki
+
+	Connection reset:
+		- mail
+-->
+<ruleset name="WorldOfPlayers.ru">
+	<target host="worldofplayers.ru" />
+	<target host="www.worldofplayers.ru" />
+	<target host="forum.worldofplayers.ru" />
+
+	<rule from="^http://(www|forum)\.worldofplayers\.ru/" to="https://worldofplayers.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorldRemit.com.xml b/src/chrome/content/rules/WorldRemit.com.xml
index 908fd3db38ee..648b0d82ef6c 100644
--- a/src/chrome/content/rules/WorldRemit.com.xml
+++ b/src/chrome/content/rules/WorldRemit.com.xml
@@ -5,7 +5,8 @@
 <ruleset name="WorldRemit.com">
 
 	<target host="worldremit.com" />
-	<target host="*.worldremit.com" />
+	<target host="www.worldremit.com" />
+	<target host="agents.worldremit.com" />
 
 
 	<!--	Not secured by server:
@@ -18,7 +19,6 @@
 	<rule from="^http://(?:www\.)?worldremit\.com/"
 		to="https://www.worldremit.com/" />
 
-	<rule from="^http://agents\.worldremit\.com/"
-		to="https://agents.worldremit.com/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/World_Development_Movement.xml b/src/chrome/content/rules/World_Development_Movement.xml
index dcb5bfc95885..3387a28a3b63 100644
--- a/src/chrome/content/rules/World_Development_Movement.xml
+++ b/src/chrome/content/rules/World_Development_Movement.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Food_Prize.xml b/src/chrome/content/rules/World_Food_Prize.xml
index e986860c403d..8aa1611879a3 100644
--- a/src/chrome/content/rules/World_Food_Prize.xml
+++ b/src/chrome/content/rules/World_Food_Prize.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://worldfoodprize.org/ => https://worldfoodprize.org/: (51, "SSL: no alternative certificate subject name matches target host name 'worldfoodprize.org'")
 
 -->
-<ruleset name="The World Food Prize" default_off='failed ruleset test'>
+<ruleset name="The World Food Prize" default_off="failed ruleset test">
 
 	<target host="worldfoodprize.org" />
 	<target host="www.worldfoodprize.org" />
@@ -15,4 +15,4 @@ Fetch error: http://worldfoodprize.org/ => https://worldfoodprize.org/: (51, "SS
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Landscape_Architecture.xml b/src/chrome/content/rules/World_Landscape_Architecture.xml
index 2cc08e0991c1..8fdcf91679d4 100644
--- a/src/chrome/content/rules/World_Landscape_Architecture.xml
+++ b/src/chrome/content/rules/World_Landscape_Architecture.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Precision_Instruments.xml b/src/chrome/content/rules/World_Precision_Instruments.xml
index 55b099092569..35b37ed707df 100644
--- a/src/chrome/content/rules/World_Precision_Instruments.xml
+++ b/src/chrome/content/rules/World_Precision_Instruments.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_Television.xml b/src/chrome/content/rules/World_Television.xml
index 7c959967b052..b8af9e5787fb 100644
--- a/src/chrome/content/rules/World_Television.xml
+++ b/src/chrome/content/rules/World_Television.xml
@@ -14,13 +14,13 @@
 -->
 <ruleset name="World Television">
 
-	<target host="*.world-television.com" />
+	<target host="doddsegrads.world-television.com" />
+	<target host="streamstudio.world-television.com" />
 
 
 	<securecookie host="^streamstudio\.world-television\.com$" name=".+" />
 
 
-	<rule from="^http://(doddsegrads|streamstudio)\.world-television\.com/"
-		to="https://$1.world-television.com/" />
+	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_e-ID_Congress.xml b/src/chrome/content/rules/World_e-ID_Congress.xml
index 0fb53fefc971..80bbd4c09d76 100644
--- a/src/chrome/content/rules/World_e-ID_Congress.xml
+++ b/src/chrome/content/rules/World_e-ID_Congress.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?worlde-idcongress\.com/"
 		to="https://www.worlde-idcongress.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/World_of_Warships.xml b/src/chrome/content/rules/World_of_Warships.xml
deleted file mode 100644
index b5f8807c8811..000000000000
--- a/src/chrome/content/rules/World_of_Warships.xml
+++ /dev/null
@@ -1,93 +0,0 @@
-<!--
-	For other Wargaming.net coverage, see Wargaming.net.xml.
-
-	Invalid certificate:
-		asus.worldofwarships.com
-		eu.worldofwarships.com
-		gigabyte.worldofwarships.com
-		ru.worldofwarships.com
-		static-upd-v4r4h10x.worldofwarships.com
-		static-wguscs.worldofwarships.com
-
-		cdn.worldofwarships.ru
-
-	Different content http/https:
-		forum-eu.worldofwarships.com
-		forum-na.worldofwarships.com
-		forum-ru.worldofwarships.com
-		santa.worldofwarships.com
-		teams.worldofwarships.com
-
-		santa.worldofwarships.eu
-		teams.worldofwarships.eu
-
-		auth-pt.worldofwarships.ru
-		teams.worldofwarships.ru
-
-	Redirect to http:
-		update.worldofwarships.com
-		update-v4r4h10x.worldofwarships.com
-
-		update.worldofwarships.eu
-		update-v4r4h10x.worldofwarships.eu
-
-		update.worldofwarships.ru
-		update-v4r4h10x.worldofwarships.ru
-
-	No working URL known:
-		wguscs.worldofwarships.com
-
-		wguscs.worldofwarships.eu
-
-		csis-wowspt.worldofwarships.ru
-		hole.worldofwarships.ru
-
-	Secure connection failed:
-		obt.worldofwarships.eu
-
-	Login required:
-		bugs-st.worldofwarships.ru
--->
-<ruleset name="World of Warships">
-
-	<target host="worldofwarships.com" />
-	<target host="www.worldofwarships.com" />
-	<target host="api.worldofwarships.com" />
-	<target host="auth.worldofwarships.com" />
-	<target host="blog.worldofwarships.com" />
-	<target host="elements.worldofwarships.com" />
-	<target host="forum.worldofwarships.com" />
-	<target host="playtogether.worldofwarships.com" />
-	<target host="vortex.worldofwarships.com" />
-	<target host="warehouse.worldofwarships.com" />
-
-	<target host="worldofwarships.eu" />
-	<target host="www.worldofwarships.eu" />
-	<target host="api.worldofwarships.eu" />
-	<target host="auth.worldofwarships.eu" />
-	<target host="blog.worldofwarships.eu" />
-	<target host="elements.worldofwarships.eu" />
-	<target host="forum.worldofwarships.eu" />
-	<target host="playtogether.worldofwarships.eu" />
-	<target host="vortex.worldofwarships.eu" />
-
-	<target host="worldofwarships.ru" />
-	<target host="www.worldofwarships.ru" />
-	<target host="api.worldofwarships.ru" />
-	<target host="auth.worldofwarships.ru" />
-	<target host="blog.worldofwarships.ru" />
-	<target host="elements.worldofwarships.ru" />
-	<target host="forum.worldofwarships.ru" />
-	<target host="forum-new.worldofwarships.ru" />
-	<target host="playtogether.worldofwarships.ru" />
-	<target host="portal-pt.worldofwarships.ru" />
-	<target host="pt.worldofwarships.ru" />
-	<target host="st.worldofwarships.ru" />
-	<target host="vortex.worldofwarships.ru" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Worldometers.info.xml b/src/chrome/content/rules/Worldometers.info.xml
new file mode 100644
index 000000000000..14f4f21b92ad
--- /dev/null
+++ b/src/chrome/content/rules/Worldometers.info.xml
@@ -0,0 +1,21 @@
+<ruleset name="Worldometers.info">
+	<target host="worldometers.info" />
+	<target host="www.worldometers.info" />
+	<target host="autodiscover.worldometers.info" />
+	<target host="cpanel.worldometers.info" />
+	<target host="ftp.worldometers.info" />
+	<target host="host2.worldometers.info" />
+	<target host="host3.worldometers.info" />
+	<target host="host4.worldometers.info" />
+	<target host="host5.worldometers.info" />
+	<target host="host6.worldometers.info" />
+	<target host="ipv6.worldometers.info" />
+	<target host="m.worldometers.info" />
+	<target host="mail.worldometers.info" />
+	<target host="ns.worldometers.info" />
+	<target host="srv1.worldometers.info" />
+	<target host="webdisk.worldometers.info" />
+	<target host="webmail.worldometers.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Worldtimebuddy.com.xml b/src/chrome/content/rules/Worldtimebuddy.com.xml
new file mode 100644
index 000000000000..98ef8951f272
--- /dev/null
+++ b/src/chrome/content/rules/Worldtimebuddy.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="World Time Buddy">
+	<target host="worldtimebuddy.com" />
+	<target host="www.worldtimebuddy.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WorstPills.org.xml b/src/chrome/content/rules/WorstPills.org.xml
index e74c7ec9e2c1..6850e13f1d54 100644
--- a/src/chrome/content/rules/WorstPills.org.xml
+++ b/src/chrome/content/rules/WorstPills.org.xml
@@ -3,4 +3,4 @@
 	<target host="www.worstpills.org" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wpveda.com.xml b/src/chrome/content/rules/Wpveda.com.xml
index 215d6231e432..bd176cd4d733 100644
--- a/src/chrome/content/rules/Wpveda.com.xml
+++ b/src/chrome/content/rules/Wpveda.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.wpveda.com/ => https://www.wpveda.com/: (6, 'Could not r
 		- .wpveda.com
 
 -->
-<ruleset name="wpveda.com" default_off='failed ruleset test'>
+<ruleset name="wpveda.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Wqf.me.xml b/src/chrome/content/rules/Wqf.me.xml
deleted file mode 100644
index 81f20db1f1e8..000000000000
--- a/src/chrome/content/rules/Wqf.me.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Wqf.me" platform="mixedcontent">
-	<target host="wqf.me" />
-	<target host="www.wqf.me" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Wrapadviser.co.uk.xml b/src/chrome/content/rules/Wrapadviser.co.uk.xml
index cfdadebebcd8..fc56eab730e0 100644
--- a/src/chrome/content/rules/Wrapadviser.co.uk.xml
+++ b/src/chrome/content/rules/Wrapadviser.co.uk.xml
@@ -3,10 +3,10 @@
 	<target host="*.wrapadviser.co.uk" />
 
 
-	<securecookie host=".+\.wrapadviser\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http://([\w-]+)\.wrapadviser\.co\.uk/"
 		to="https://$1.wrapadviser.co.uk/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wrating.com.xml b/src/chrome/content/rules/Wrating.com.xml
index 7fa92fbc1ce4..0365c2fdf96e 100644
--- a/src/chrome/content/rules/Wrating.com.xml
+++ b/src/chrome/content/rules/Wrating.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://sohu.wrating.com/ => https://dsl.wrating.com/: (60, 'SSL cer
 		- .wrating.com
 
 -->
-<ruleset name="wrating.com" default_off='failed ruleset test'>
+<ruleset name="wrating.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/WriteTheDocs.org.xml b/src/chrome/content/rules/WriteTheDocs.org.xml
new file mode 100644
index 000000000000..aeed976fcde8
--- /dev/null
+++ b/src/chrome/content/rules/WriteTheDocs.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		docs.writethedocs.org
+		slack.writethedocs.org
+
+	Time out:
+		writethedocs.org
+		eutickets.writethedocs.org
+		natickets.writethedocs.org
+
+	Refused:
+		videos.writethedocs.org
+
+-->
+<ruleset name="WriteTheDocs.org">
+
+	<target host="writethedocs.org" />
+	<target host="www.writethedocs.org" />
+	<target host="conf.writethedocs.org" />
+	<target host="forum.writethedocs.org" />
+	<target host="jobs.writethedocs.org" />
+	<target host="podcast.writethedocs.org" />
+
+	<rule from="^http://writethedocs\.org/"
+		  to="https://www.writethedocs.org/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/WritingStreak.io.xml b/src/chrome/content/rules/WritingStreak.io.xml
new file mode 100644
index 000000000000..8e173e6a5d0f
--- /dev/null
+++ b/src/chrome/content/rules/WritingStreak.io.xml
@@ -0,0 +1,10 @@
+<!--
+	www doesn't exist.
+-->
+<ruleset name="WritingStreak.io">
+	<target host="writingstreak.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wrzuta.pl.xml b/src/chrome/content/rules/Wrzuta.pl.xml
index 277b38b08e5f..96ac7035f979 100644
--- a/src/chrome/content/rules/Wrzuta.pl.xml
+++ b/src/chrome/content/rules/Wrzuta.pl.xml
@@ -15,10 +15,11 @@ Fetch error: http://ssl.wrzuta.pl/static/opensearch/search.xml => https://ssl.wr
 		- (www.)	(mismatched, CN: ssl.wrzuta.pl)
 
 -->
-<ruleset name="Wrzuta.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="Wrzuta.pl (partial)" default_off="failed ruleset test">
 
 	<target host="wrzuta.pl" />
-	<target host="*.wrzuta.pl" />
+	<target host="ssl.wrzuta.pl" />
+	<target host="www.wrzuta.pl" />
 		<exclusion pattern="^http://(?:www\.)?wrzuta\.pl/(?!static/)" />
 
 
diff --git a/src/chrome/content/rules/Wservices.ch.xml b/src/chrome/content/rules/Wservices.ch.xml
index 4f6f0dfa1787..7fb60462a3a0 100644
--- a/src/chrome/content/rules/Wservices.ch.xml
+++ b/src/chrome/content/rules/Wservices.ch.xml
@@ -18,4 +18,4 @@
 	<rule from="^http://([\w-]+\.)?wservices\.ch/"
 		to="https://$1wservices.ch/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wtpx-Telekom.com.xml b/src/chrome/content/rules/Wtpx-Telekom.com.xml
deleted file mode 100644
index 9aa17bc9d0b5..000000000000
--- a/src/chrome/content/rules/Wtpx-Telekom.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Deutsche Telekom coverage, see Deutsche_Telekom.xml.
-
-
-	^wtpx-telekom.com doesn't exist.
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.wtpx-telekom.com
-
--->
-<ruleset name="wtpx-Telekom.com">
-
-	<target host="www.wtpx-telekom.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.wtpx-telekom\.com$" name="^www\.wtpx-telekom\.com$" /-->
-
-	<securecookie host="^www\.wtpx-telekom\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Wuala.xml b/src/chrome/content/rules/Wuala.xml
index d5e4fd1270fc..949927ce36e9 100644
--- a/src/chrome/content/rules/Wuala.xml
+++ b/src/chrome/content/rules/Wuala.xml
@@ -1,14 +1,6 @@
-<ruleset name="wuala">
-  <target host="wuala.com" />
-  <target host="*.wuala.com" />
+<ruleset name="Wuala.com">
+	<target host="wuala.com" />
+	<target host="www.wuala.com" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^support\.wuala\.com$" name="^_icl_current_language$" /-->
-	<!--securecookie host="^www\.wuala\.com$" name="^PHPSESSID$" /-->
-
-  <securecookie host="^(?:(?:www|forum|stats|support|thumb\d+)\.)?wuala\.com$" name=".+" />
-
-  <rule from="^http://wuala\.com/" to="https://wuala.com/"/>
-  <rule from="^http://(www|cdn|forum|stats|support|thumb\d+)\.wuala\.com/" to="https://$1.wuala.com/"/>
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Wunderground.com.xml b/src/chrome/content/rules/Wunderground.com.xml
new file mode 100644
index 000000000000..09fdb312f028
--- /dev/null
+++ b/src/chrome/content/rules/Wunderground.com.xml
@@ -0,0 +1,44 @@
+<!--
+	Weather Underground rulesets:
+		+ Wxug.com.xml
+
+	Non-functional hosts
+		5xx server error:
+		- newspaper-edit.wunderground.com
+		- newspaper-server.wunderground.com
+-->
+<ruleset name="Wunderground.com">
+	<target host="wunderground.com" />
+	<target host="www.wunderground.com" />
+	<target host="amex.wunderground.com" />
+	<target host="api.wunderground.com" />
+	<target host="api-ak.wunderground.com" />
+	<target host="api-ak-aws.wunderground.com" />
+	<target host="api-ak1.wunderground.com" />
+	<target host="api-ak2.wunderground.com" />
+	<target host="api-ak3.wunderground.com" />
+	<target host="api-origin-sf.wunderground.com" />
+	<target host="apicommunity.wunderground.com" />
+	<target host="apissl.wunderground.com" />
+	<target host="autobrand.wunderground.com" />
+	<target host="czech.wunderground.com" />
+	<target host="espanol.wunderground.com" />
+	<target host="estonian.wunderground.com" />
+	<target host="french.wunderground.com" />
+	<target host="horizon.wunderground.com" />
+	<target host="hungarian.wunderground.com" />
+	<target host="ical.wunderground.com" />
+	<target host="macedonian.wunderground.com" />
+	<target host="maps.wunderground.com" />
+	<target host="marine.wunderground.com" />
+	<target host="mobile.wunderground.com" />
+	<target host="nihongo.wunderground.com" />
+	<target host="pashto.wunderground.com" />
+	<target host="portuguese.wunderground.com" />
+	<target host="punjabi.wunderground.com" />
+	<target host="resize.wunderground.com" />
+	<target host="weathersnoop.wunderground.com" />
+	<target host="www-ak.wunderground.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wxug.com.xml b/src/chrome/content/rules/Wxug.com.xml
new file mode 100644
index 000000000000..2ac3ec5c179f
--- /dev/null
+++ b/src/chrome/content/rules/Wxug.com.xml
@@ -0,0 +1,13 @@
+<!--
+	For other Weather Underground rulesets, see
+		+ Wunderground.com.xml
+-->
+<ruleset name="Wxug.com">
+	<target host="wxug.com" />
+	<target host="www.wxug.com" />
+	<target host="api.wxug.com" />
+	<target host="icons.wxug.com" />
+	<target host="icons-ak.wxug.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Wykop.pl.xml b/src/chrome/content/rules/Wykop.pl.xml
index 90cfd38200ef..5c498f422567 100644
--- a/src/chrome/content/rules/Wykop.pl.xml
+++ b/src/chrome/content/rules/Wykop.pl.xml
@@ -21,4 +21,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Wyndham.xml b/src/chrome/content/rules/Wyndham.xml
deleted file mode 100644
index a3955adcdb4b..000000000000
--- a/src/chrome/content/rules/Wyndham.xml
+++ /dev/null
@@ -1,79 +0,0 @@
-<!--
-	Other Wyndham related rulesets:
-	+ CanvasHolidays.co.uk.xml
-	+ Cheznous.com.xml
-	+ CompetitionsByWyndham.com.au.xml
-	+ Cottages.com.xml
-	+ Cottages4you.co.uk.xml
-	+ Cottagesdirect.co.uk.xml
-	+ English-Country-Cottages.co.uk.xml
-	+ French-Country-Cottages.co.uk.xml
-	+ Hoseasons.co.uk.xml
-	+ Irish-Country-Cottages.co.uk.xml
-	+ Italian-Country-Cottages.co.uk.xml
-	+ JamesVillas.co.uk.xml
-	+ Ovscruise.com.xml
-	+ RCI.com.xml
-	+ RCITravelStore.co.uk.xml
-	+ Scottish-Country-Cottages.co.uk.xml
-	+ WelcomeCottages.com.xml
-	+ Welsh-Country-Cottages.co.uk.xml
-	+ WyndhamJobs.com.xml
-	+ WyndhamVacationRentals.com.xml
-	+ Wyndhamvrap.com.xml
-	+ Landal.xml
-	+ landalskilife.be.xml
-	+ landalskilife.ch.xml
-	+ landalskilife.com.xml
-	+ landalskilife.cz.xml
-	+ landalskilife.de.xml
-	+ landalskilife.fr.xml
-	+ landalskilife.nl.xml
-
-	Nonfunctional:
-		- www.blakes.co.uk		(shows howseasons.co.uk)
-		- dales-holiday-cottages.com	(404)
-		- dansommer.d[ek]		(timeout)
-		- holidaycottagesgroup.com	(redirects to thehoseasonsgroup.co.uk)
-		- static.landal.com		(cert: redhotminute.com, listing denied)
-		- novasol.(d[ek]|n[lo])		(timeout)
-		- www.resortquest.com		(cert: www.resortrequestsecure.com, shows that domain's data)
-		- thehoseasonsgroup.co.uk	(timeout)
-		- wmowners.com			(cert: *.accountservergroup.com, shows site5 page)
-		- worldmapsp			(cert: wyndhamvrap.com, "It Works!")
-		- wyndhamvrap.com		(cert: secure1.onthenet.net, "It Works!")
-		- www.wyndhamworldwide.com
-
-	wyndhamjobs.com	(cert: *.careerbuilder.com)
--->
-<ruleset name="Wyndham (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="landalcampings.be"/>
-	<target host="www.landalcampings.be"/>
-	<target host="landalcampings.nl"/>
-	<target host="www.landalcampings.nl"/>
-	<target host="villas4you.co.uk"/>
-	<target host="www.villas4you.co.uk"/>
-	<target host="wyndham.com"/>
-	<target host="*.wyndham.com"/>
-
-	<rule from="^http://(?:www\.)?villas4you\.co\.uk/"
-		to="https://www.villas4you.co.uk/"/>
-
-	<!--	webshop only for be & nl	-->
-	<rule from="^http://landal(campings|parkshop)\.([bd]e|nl)/"
-		to="https://www.landal$1.$2/"/>
-
-	<rule from="^http://www\.landacampings\.(be|nl)/(css|favicons|img)/"
-		to="https://www.landalcampings.$1/$2/"/>
-
-	<rule from="^http://wyndham\.com/"
-		to="https://www.wyndham.com/"/>
-
-	<rule from="^http://www\.wyndham\.com/(cms_content|hotels/images|resources)"
-		to="https://www.wyndham.com/$1/"/>
-
-	<rule from="^http://wynres\.wyndham\.com/"
-		to="https://wynres.wyndham.com/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/WyndhamHotels.com.xml b/src/chrome/content/rules/WyndhamHotels.com.xml
new file mode 100644
index 000000000000..581ae3a540de
--- /dev/null
+++ b/src/chrome/content/rules/WyndhamHotels.com.xml
@@ -0,0 +1,77 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://pulse.wyndhamhotels.com/ => https://pulse.wyndhamhotels.com/: (51, "SSL: no alternative certificate subject name matches target host name 'pulse.wyndhamhotels.com'")
+
+-->
+
+<!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://dev4.wyndhamhotels.com/ => https://dev4.wyndhamhotels.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+Fetch error: http://fqa.wyndhamhotels.com/ => https://fqa.wyndhamhotels.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
+
+	Other Wyndham related rulesets:
+		+ CanvasHolidays.co.uk.xml
+		+ Cheznous.com.xml
+		+ CompetitionsByWyndham.com.au.xml
+		+ Cottages.com.xml
+		+ Cottages4you.co.uk.xml
+		+ Cottagesdirect.co.uk.xml
+		+ English-Country-Cottages.co.uk.xml
+		+ French-Country-Cottages.co.uk.xml
+		+ Hoseasons.co.uk.xml
+		+ Irish-Country-Cottages.co.uk.xml
+		+ Italian-Country-Cottages.co.uk.xml
+		+ JamesVillas.co.uk.xml
+		+ Ovscruise.com.xml
+		+ RCI.com.xml
+		+ Scottish-Country-Cottages.co.uk.xml
+		+ WelcomeCottages.com.xml
+		+ Welsh-Country-Cottages.co.uk.xml
+		+ WyndhamJobs.com.xml
+		+ WyndhamVacationRentals.com.xml
+		+ Wyndhamvrap.com.xml
+		+ Landal.xml
+		+ landalskilife.be.xml
+		+ landalskilife.ch.xml
+		+ landalskilife.com.xml
+		+ landalskilife.cz.xml
+		+ landalskilife.de.xml
+		+ landalskilife.fr.xml
+		+ landalskilife.nl.xml
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- wyndhamhotels.com
+		- mi.wyndhamhotels.com
+		- origin-www.wyndhamhotels.com
+
+		Status code mismatch:
+		- rqax.wyndhamhotels.com
+
+		4xx client error:
+		- preview.wyndhamhotels.com
+		- previewx.wyndhamhotels.com
+
+-->
+<ruleset name="WyndhamHotels.com">
+	<target host="wyndhamhotels.com" />
+	<target host="www.wyndhamhotels.com" />
+	<target host="dev2.wyndhamhotels.com" />
+	<target host="dev3.wyndhamhotels.com" />
+	<!-- target host="dev4.wyndhamhotels.com" /-->
+	<target host="devx.wyndhamhotels.com" />
+	<!-- target host="fqa.wyndhamhotels.com" /-->
+	<target host="fqax.wyndhamhotels.com" />
+	<!-- target host="pulse.wyndhamhotels.com" /-->
+	<target host="rqa.wyndhamhotels.com" />
+	<target host="smetrics.wyndhamhotels.com" />
+
+	<rule from="^http://wyndhamhotels\.com/"
+			to="https://www.wyndhamhotels.com/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/WyndhamJobs.com.xml b/src/chrome/content/rules/WyndhamJobs.com.xml
index 92c193f566bf..f0b40a980284 100644
--- a/src/chrome/content/rules/WyndhamJobs.com.xml
+++ b/src/chrome/content/rules/WyndhamJobs.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
diff --git a/src/chrome/content/rules/WyndhamVacationRentals.com.xml b/src/chrome/content/rules/WyndhamVacationRentals.com.xml
index a27699b7be0b..dc868dc3ccba 100644
--- a/src/chrome/content/rules/WyndhamVacationRentals.com.xml
+++ b/src/chrome/content/rules/WyndhamVacationRentals.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Couldn't connect to server:
diff --git a/src/chrome/content/rules/Wyndhamvrap.com.xml b/src/chrome/content/rules/Wyndhamvrap.com.xml
index 867354082297..08e00fb05ba1 100644
--- a/src/chrome/content/rules/Wyndhamvrap.com.xml
+++ b/src/chrome/content/rules/Wyndhamvrap.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		Timeout was reached:
@@ -23,6 +23,7 @@
 		- newsletters.wyndhamvrap.com
 		- pitstop.wyndhamvrap.com
 		- pr.wyndhamvrap.com
+		- shop.wyndhamvrap.com
 
 		4xx client error:
 		- lync.wyndhamvrap.com
@@ -34,7 +35,6 @@
 	<target host="new.wyndhamvrap.com" />
 	<target host="office.wyndhamvrap.com" />
 	<target host="secure.wyndhamvrap.com" />
-	<target host="shop.wyndhamvrap.com" />
 	<target host="upgrades.wyndhamvrap.com" />
 	<target host="webservice.wyndhamvrap.com" />
 
diff --git a/src/chrome/content/rules/WyzerMe.xml b/src/chrome/content/rules/WyzerMe.xml
index ccb81ad2e532..47cb0cebb889 100644
--- a/src/chrome/content/rules/WyzerMe.xml
+++ b/src/chrome/content/rules/WyzerMe.xml
@@ -5,7 +5,7 @@ Fetch error: http://wyzerme.com/ => https://wyzerme.com/: (51, "SSL: no alternat
 Fetch error: http://www.wyzerme.com/ => https://www.wyzerme.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.wyzerme.com'")
 
 -->
-<ruleset name="WyzerMe" default_off='failed ruleset test'>
+<ruleset name="WyzerMe" default_off="failed ruleset test">
 	<target host="wyzerme.com" />
 	<target host="www.wyzerme.com" />
 
diff --git a/src/chrome/content/rules/X-lift.jp.xml b/src/chrome/content/rules/X-lift.jp.xml
deleted file mode 100644
index 332fe947a1be..000000000000
--- a/src/chrome/content/rules/X-lift.jp.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-
-	Nonfunctional subdomains:
-
-		- bc	(400)
-
-	Fully covered subdomains:
-
-		- www
-
--->
-<ruleset name="X-lift.jp (partial)">
-
-	<target host="cdn.x-lift.jp" />
-	<target host="rec.x-lift.jp" />
-	<target host="www.x-lift.jp" />
-
-	<test url="http://cdn.x-lift.jp/resources/infoseek.js" />
-	<test url="http://rec.x-lift.jp/rcm" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/X.Org.xml b/src/chrome/content/rules/X.Org.xml
new file mode 100644
index 000000000000..b3991fcb64c3
--- /dev/null
+++ b/src/chrome/content/rules/X.Org.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		ns1.x.org
+
+	Refused:
+		ns2.x.org
+		ns3.x.org
+		tinderbox.x.org
+-->
+<ruleset name="X.Org">
+
+	<target host="x.org" />
+	<target host="www.x.org" />
+	<target host="foundation.x.org" />
+	<target host="ftp.x.org" />
+	<target host="lists.x.org" />
+	<target host="members.x.org" />
+	<target host="planet.x.org" />
+	<target host="wiki.x.org" />
+	<target host="xdc2018.x.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/X2Go.org.xml b/src/chrome/content/rules/X2Go.org.xml
index 82d9bcf25303..caa3ea4bf289 100644
--- a/src/chrome/content/rules/X2Go.org.xml
+++ b/src/chrome/content/rules/X2Go.org.xml
@@ -15,7 +15,7 @@
 	² Mismatched
 
 -->
-<ruleset name="X2Go.org" default_off="untrusted root">
+<ruleset name="X2Go.org" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XAGYL.us.xml b/src/chrome/content/rules/XAGYL.us.xml
index 6c299236fb93..898d938b835b 100644
--- a/src/chrome/content/rules/XAGYL.us.xml
+++ b/src/chrome/content/rules/XAGYL.us.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.xagyl.us/ => https://www.xagyl.us/: (60, 'SSL certificat
 	For other XAGYL Communications coverage, see XAGYL.com.xml.
 
 -->
-<ruleset name="XAGYL.us" default_off='failed ruleset test'>
+<ruleset name="XAGYL.us" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XCAT.nl.xml b/src/chrome/content/rules/XCAT.nl.xml
index aea2f2da414e..d9a7eca7e422 100644
--- a/src/chrome/content/rules/XCAT.nl.xml
+++ b/src/chrome/content/rules/XCAT.nl.xml
@@ -1,7 +1,6 @@
 <!--
 	Other xCAT rulesets:
 
-		- DatacentrumGids.nl.xml
 		- ISPam.nl.xml
 		- ISPID.nl.xml
 		- KralenStart.nl.xml
diff --git a/src/chrome/content/rules/XChatData.net.xml b/src/chrome/content/rules/XChatData.net.xml
index 4a9e284fb775..5519442bb357 100644
--- a/src/chrome/content/rules/XChatData.net.xml
+++ b/src/chrome/content/rules/XChatData.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://xchatdata.net/ => https://xchatdata.net/: (51, "SSL: no alte
 Fetch error: http://www.xchatdata.net/ => https://www.xchatdata.net/: (51, "SSL: no alternative certificate subject name matches target host name 'www.xchatdata.net'")
 
 -->
-<ruleset name="XChatData.net" default_off='failed ruleset test'>
+<ruleset name="XChatData.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XDA-Developers.com.xml b/src/chrome/content/rules/XDA-Developers.com.xml
index 6b9025b8f96f..ec1b7659bc19 100644
--- a/src/chrome/content/rules/XDA-Developers.com.xml
+++ b/src/chrome/content/rules/XDA-Developers.com.xml
@@ -9,6 +9,7 @@
 	Invalid certificate:
 		ns2.xda-developers.com
 		sites.xda-developers.com
+    media.xda-developers.com
 
 	Non-2xx HTTP code:
 		http://api.xda-developers.com/ (200) => https://api.xda-developers.com/ (404)
@@ -42,8 +43,6 @@
 		<test url="http://forum.xda-developers.com/showthread.php?t=3034811" />
 	<target host="labs.xda-developers.com" />
 		<test url="http://labs.xda-developers.com/static/css/main.css" />
-	<target host="media.xda-developers.com" />
-		<test url="http://media.xda-developers.com/subscription.php" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/XEU.com.xml b/src/chrome/content/rules/XEU.com.xml
index 9d8e9c7b98d6..24f244e62b1a 100644
--- a/src/chrome/content/rules/XEU.com.xml
+++ b/src/chrome/content/rules/XEU.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://shop.xeu.com/ => https://shop.xeu.com/: (51, "SSL: no altern
 		- www.shop.xeu.com
 
 -->
-<ruleset name="XEU.com (partial)" default_off='failed ruleset test'>
+<ruleset name="XEU.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XFCE.org.xml b/src/chrome/content/rules/XFCE.org.xml
index c4c5d00fc6c1..f1796233799c 100644
--- a/src/chrome/content/rules/XFCE.org.xml
+++ b/src/chrome/content/rules/XFCE.org.xml
@@ -1,54 +1,55 @@
 <!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-			 - archive.al-us.xfce.org
-			 - archive.xfce.org
-			 - archive.be.xfce.org
-			 - bugs.xfce.org
-			 - buildbot.xfce.org
-			 - foundation.xfce.org
-			 - geoip.xfce.org
-			 - i18n.xfce.org
-			 - installit.xfce.org
-			 - ns1.xfce.org
-			 - ns2.xfce.org
-			 - ns4.xfce.org
-			 - pyxfce.xfce.org
-			 - squeeze.xfce.org
-			 - svn.xfce.org
-			 - thunar.xfce.org
-			 - translations.xfce.org
-			 - www.tx-us.xfce.org
-			 - www.us.xfce.org
-			 - users.xfce.org
-			 - www-test.xfce.org
-			 - xfc.xfce.org
+	This domain contains a wildcard DNS record.
 
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - archive.be2.xfce.org
-			 - earlgrey.xfce.org
-
-		Different content:
-			 - releases.xfce.org
-
-		Mixed content blocking (MCB) tiggered:
-			 - from ajax.googleapis.com on blog.xfce.org
+	Invalid certificate:
+		archive.be2.xfce.org
+		bugs.xfce.org
+		buildbot.xfce.org
+		doc.xfce.org
+		earlgrey.xfce.org
+		everywhere.xfce.org
+		foundation.xfce.org
+		i18n.xfce.org
+		installit.xfce.org
+		mocha.xfce.org
+		ns[1-4].xfce.org
+		pyxfce.xfce.org
+		squeeze.xfce.org
+		svn.xfce.org
+		thunar.xfce.org
+		translations.xfce.org
+		users.xfce.org
+		www-test.xfce.org
+		www.tx-us.xfce.org
+		www.us.xfce.org
+		xarchiver.xfce.org
+		xfc.xfce.org
 -->
-<ruleset name="XFCE.org (partial)">
+<ruleset name="Xfce.org (partial)">
+
 	<target host="xfce.org" />
 	<target host="www.xfce.org" />
+	<target host="archive.al-us.xfce.org" />
+	<target host="archive.xfce.org" />
+	<target host="archive.be.xfce.org" />
+	<target host="blog.xfce.org" />
 	<target host="bug-attachment.xfce.org" />
 	<target host="bugzilla.xfce.org" />
 	<target host="cdn.xfce.org" />
 	<target host="docs.xfce.org" />
 	<target host="forum.xfce.org" />
+	<target host="geoip.xfce.org" />
 	<target host="git.xfce.org" />
+	<target host="gitlab.xfce.org" />
 	<target host="goodies.xfce.org" />
 	<target host="mail.xfce.org" />
+	<target host="releases.xfce.org" />
+	<target host="static.xfce.org" />
 	<target host="tibeti.xfce.org" />
 	<target host="wiki.xfce.org" />
 
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/XHamster_Premium_Pass.com.xml b/src/chrome/content/rules/XHamster_Premium_Pass.com.xml
index 6d542eb667cb..04b78eb5001c 100644
--- a/src/chrome/content/rules/XHamster_Premium_Pass.com.xml
+++ b/src/chrome/content/rules/XHamster_Premium_Pass.com.xml
@@ -35,7 +35,7 @@ Fetch error: http://e19.xhamsterpremiumpass.com/ => https://e19.xhamsterpremiump
 	* Mismatched
 
 -->
-<ruleset name="xHamster Premium Pass.com (partial)" default_off='failed ruleset test'>
+<ruleset name="xHamster Premium Pass.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XILO-Communications.xml b/src/chrome/content/rules/XILO-Communications.xml
deleted file mode 100644
index 9c00be071287..000000000000
--- a/src/chrome/content/rules/XILO-Communications.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://discuss.xilo.net/ => https://discuss.xilo.net/: (51, "SSL: no alternative certificate subject name matches target host name 'discuss.xilo.net'")
-
--->
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://discuss.xilo.net/ => https://discuss.xilo.net/: (51, "SSL: no alternative certificate subject name matches target host name 'discuss.xilo.net'")
-
-	XILO Communications
-
-
-	CDN buckets:
-
-		- contentdn.net/x/
-		- contentdn.net/nx/
-
-
-	Problematic subdomains:
-
-		- (www.)	(weak cipher)
-
-
-	Fully covered subdomains:
-
-		- discuss
-		- login		(→ my.xilo.net)
-		- my
-
--->
-<ruleset name="XILO.net (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="discuss.xilo.net" />
-	<target host="my.xilo.net" />
-
-	<!--	Complications:
-				-->
-	<target host="login.xilo.net" />
-
-
-	<securecookie host="^discuss\.xilo\.net$" name=".+" />
-
-
-	<!--	Redirects like so.
-					-->
-	<rule from="^http://login\.xilo\.net/"
-		to="https://my.xilo.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XM-CDN.com.xml b/src/chrome/content/rules/XM-CDN.com.xml
index 9a12a00194e2..e4756fde72d1 100644
--- a/src/chrome/content/rules/XM-CDN.com.xml
+++ b/src/chrome/content/rules/XM-CDN.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://static.xm-cdn.com/ => https://static.xm-cdn.com/: (6, 'Could
 	For other XEMarkets coverage, see XM.com.xml.
 
 -->
-<ruleset name="XM-CDN.com" default_off='failed ruleset test'>
+<ruleset name="XM-CDN.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XM.com.xml b/src/chrome/content/rules/XM.com.xml
index 8da398727d12..e76ea8b3b297 100644
--- a/src/chrome/content/rules/XM.com.xml
+++ b/src/chrome/content/rules/XM.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://bo.xm.com/ => https://bo.xm.com/: (28, 'Connection timed out
 		- .xm.com
 
 -->
-<ruleset name="XM.com" default_off='failed ruleset test'>
+<ruleset name="XM.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XMLGold.eu.xml b/src/chrome/content/rules/XMLGold.eu.xml
deleted file mode 100644
index 35d777604982..000000000000
--- a/src/chrome/content/rules/XMLGold.eu.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- xmlgold.eu
-		- .xmlgold.eu
-		- www.xmlgold.eu
-
--->
-<ruleset name="XMLGold.eu">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="xmlgold.eu" />
-	<target host="www.xmlgold.eu" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^xmlgold\.eu$" name="^SRV$" /-->
-	<!--securecookie host="^\.xmlgold\.eu$" name="^(?:__cfduid|cf_clearance)$" /-->
-	<!--securecookie host="^www\.xmlgold\.eu$" name="^(?:PHPSESSID|SRV|YII_CSRF_TOKEN|lang)$" /-->
-
-	<securecookie host="^(?:www\.|\.)?xmlgold\.eu$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XMPP.net.xml b/src/chrome/content/rules/XMPP.net.xml
deleted file mode 100644
index 9c1b27881bb0..000000000000
--- a/src/chrome/content/rules/XMPP.net.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://xmpp.net/ => https://xmpp.net/: (7, 'Failed to connect to xmpp.net port 443: Connection refused')
-Fetch error: http://beta.xmpp.net/ => https://beta.xmpp.net/: (28, 'Connection timed out after 20000 milliseconds')
-Fetch error: http://www.xmpp.net/ => https://xmpp.net/: (7, 'Failed to connect to xmpp.net port 443: Connection refused')
-
-	www: mismatched, CN: beta.xmpp.net
-
--->
-<ruleset name="XMPP.net" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="xmpp.net" />
-	<target host="beta.xmpp.net" />
-
-	<!--	Complications:
-				-->
-	<target host="www.xmpp.net" />
-
-
-	<rule from="^http://www\.xmpp\.net/"
-		to="https://xmpp.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/XMission.com-problematic.xml b/src/chrome/content/rules/XMission.com-problematic.xml
index 55f9cca7cf97..b57e6617430f 100644
--- a/src/chrome/content/rules/XMission.com-problematic.xml
+++ b/src/chrome/content/rules/XMission.com-problematic.xml
@@ -7,7 +7,7 @@
 	* see https://whatsmychaincert.com
 
 -->
-<ruleset name="XMission.com (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="XMission.com (missing certificate chain)" default_off="cert-chain">
 
 	<target host="accounting.xmission.com" />
 	<target host="asset.xmission.com" />
diff --git a/src/chrome/content/rules/XMission.xml b/src/chrome/content/rules/XMission.xml
index 176a57e30284..e64056b8bfce 100644
--- a/src/chrome/content/rules/XMission.xml
+++ b/src/chrome/content/rules/XMission.xml
@@ -70,7 +70,7 @@
 	<!--securecookie host="^\.(mail|webmail)\.comxmission\.com$" name="^Horde$" /-->
 	<!--securecookie host="^wiki\.xmission\.com$" name="^pubwiki2_session$" /-->
 
-	<securecookie host="^(?:.*\.)?xmission\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/XNET.cz.xml b/src/chrome/content/rules/XNET.cz.xml
index 76808cbb6924..e05d926d18bf 100644
--- a/src/chrome/content/rules/XNET.cz.xml
+++ b/src/chrome/content/rules/XNET.cz.xml
@@ -3,7 +3,7 @@
     - www.xnet.cz
     - wiki.xnet.cz
     - blog.xnet.cz
-    
+
     Refused
     - webftp.xnet.cz
     - redirect.xnet.cz
diff --git a/src/chrome/content/rules/XPic_only.xml b/src/chrome/content/rules/XPic_only.xml
index 2727cabcbcaf..f301de43daef 100644
--- a/src/chrome/content/rules/XPic_only.xml
+++ b/src/chrome/content/rules/XPic_only.xml
@@ -5,7 +5,7 @@ Fetch error: http://xpiconly.com/ => https://xpiconly.com/: (28, 'Operation time
 Fetch error: http://www.xpiconly.com/ => https://www.xpiconly.com/: (28, 'Operation timed out after 30002 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="XPic only.com" default_off='failed ruleset test'>
+<ruleset name="XPic only.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XS4ALL.xml b/src/chrome/content/rules/XS4ALL.xml
index 4be32b9e5356..cc214626b34b 100644
--- a/src/chrome/content/rules/XS4ALL.xml
+++ b/src/chrome/content/rules/XS4ALL.xml
@@ -13,6 +13,7 @@
 	<target host="xs4all.nl" />
 	<target host="blog.xs4all.nl" />
 	<target host="cdn.xs4all.nl" />
+	<target host="download.xs4all.nl" />
 	<target host="service.xs4all.nl" />
 	<target host="wachtwoord.xs4all.nl" />
 	<target host="webmail.xs4all.nl" />
diff --git a/src/chrome/content/rules/XSSposed.org.xml b/src/chrome/content/rules/XSSposed.org.xml
index f55d693cce0b..b87fb9755b05 100644
--- a/src/chrome/content/rules/XSSposed.org.xml
+++ b/src/chrome/content/rules/XSSposed.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://xssposed.org/ => https://xssposed.org/: (60, 'SSL certificat
 Fetch error: http://www.xssposed.org/ => https://www.xssposed.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="XSSposed.org" default_off='failed ruleset test'>
+<ruleset name="XSSposed.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Xakep.ru.xml b/src/chrome/content/rules/Xakep.ru.xml
index 0cf6e8009cbf..3fe3a8b24db7 100644
--- a/src/chrome/content/rules/Xakep.ru.xml
+++ b/src/chrome/content/rules/Xakep.ru.xml
@@ -6,7 +6,7 @@ Fetch error: http://forum.xakep.ru/ => https://forum.xakep.ru/: (60, 'SSL certif
 Fetch error: http://group.xakep.ru/ => https://group.xakep.ru/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Xakep.ru" default_off='failed ruleset test'>
+<ruleset name="Xakep.ru" default_off="failed ruleset test">
 
 	<target host="xakep.ru" />
 	<target host="dvd.xakep.ru" />
diff --git a/src/chrome/content/rules/Xamarin.com.xml b/src/chrome/content/rules/Xamarin.com.xml
index c155efc98019..0a18f4c02d53 100644
--- a/src/chrome/content/rules/Xamarin.com.xml
+++ b/src/chrome/content/rules/Xamarin.com.xml
@@ -32,7 +32,7 @@
 	Mixed content:
 
 		- iframes, on:
-		
+
 			- planet from app.stitcher.com
 			- planet from www.youtube.com ¹
 
diff --git a/src/chrome/content/rules/Xavisys.xml b/src/chrome/content/rules/Xavisys.xml
index bcaa1b46d0ad..7b0b89275eeb 100644
--- a/src/chrome/content/rules/Xavisys.xml
+++ b/src/chrome/content/rules/Xavisys.xml
@@ -12,7 +12,7 @@ Fetch error: http://xavisys.com/ => https://xavisys.com/: (60, 'SSL certificate
 		- xavisys.com
 
 -->
-<ruleset name="Xavisys.com" default_off='failed ruleset test'>
+<ruleset name="Xavisys.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Xbox.xml b/src/chrome/content/rules/Xbox.xml
index 23edba8cbf28..a737015635bc 100644
--- a/src/chrome/content/rules/Xbox.xml
+++ b/src/chrome/content/rules/Xbox.xml
@@ -1,10 +1,4 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://help.xbox.com/ => https://help.xbox.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://s.xbox.com/ => https://s.xbox.com/: (6, 'Could not resolve host: s.xbox.com')
-Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connection timed out after 20001 milliseconds')
-
 	For other Microsoft coverage, see Microsoft.xml.
 
 
@@ -21,8 +15,10 @@ Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connec
 			- forums **
 			- gamercard *
 			- gearsofwar
+			- help (timeout)
 			- marketplace **
 			- news *
+			- service (timeout)
 			- sonos ⁴
 			- tiles *
 			- www **
@@ -37,7 +33,9 @@ Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connec
 	Problematic hosts in *xbox.com:
 
 		- compass ¹
-		- feedback ²
+		- feedback (timeout)
+		- feedbacklogin (mismatched)
+		- myservice (mismatched)
 		- nxeassets *
 		- o		(mismatched, CN: *.112.2o7.net)
 		- piflc		(works, mismatched, CN: *.xboxlive.com)
@@ -60,14 +58,9 @@ Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connec
 		- c
 		- compass	(→ compass-ssl.xbox.com)
 		- compass-ssl
-		- feedback	(→ feedbacklogin.xbox.com)
-		- feedbacklogin
 		- halo
-		- help
 		- live
-		- music
 		- music-cache
-		- musictemp
 		- myservice
 		- nxeassets	(→ nxeassets-ssl.xbox.com)
 		- nxeassets-ssl
@@ -93,45 +86,30 @@ Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connec
 	* Secured by us
 
 -->
-<ruleset name="Xbox.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Xbox.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="account.xbox.com" />
 	<target host="c.xbox.com" />
 	<target host="compass-ssl.xbox.com" />
-	<target host="feedbacklogin.xbox.com" />
 	<target host="halo.xbox.com" />
-	<target host="help.xbox.com" />
 	<target host="live.xbox.com" />
-	<target host="music.xbox.com" />
 	<target host="music-cache.xbox.com" />
-	<target host="musictemp.xbox.com" />
-	<target host="myservice.xbox.com" />
 	<target host="nxeassets-ssl.xbox.com" />
 	<target host="rewards.xbox.com" />
-	<target host="s.xbox.com" />
-	<target host="service.xbox.com" />
 	<target host="support.xbox.com" />
 
 	<!--	Complications:
 				-->
 	<target host="compass.xbox.com" />
-	<target host="feedback.xbox.com" />
 	<target host="nxeassets.xbox.com" />
 	<target host="o.xbox.com" />
 	<target host="piflc.xbox.com" />
 
-		<!--	Redirects to http:
-					-->
-		<!--exclusion pattern="^http://forums\.xbox\.com/($|\?|shell/)" /-->
-		<!--exclusion pattern="^http://marketplace.xbox.com/((en-US/)?($|\?)|Product/[\w-]+/[\da-f-]+/|Shell/)" /-->
-		<!--exclusion pattern="^http://rewards\.xbox\.com/($|\?)" /-->
-		<!--exclusion pattern="^http://www\.xbox\.com/((en-US/)?($|\?)|Content/|en-US/global-resources/css/|shell/)" /-->
-
 		<!--	Exceptions:
 					-->
-		<exclusion pattern="^http://rewards\.xbox\.com/(?!css/|favicon\.ico|join-now|(?:localized_)?media/)" />
+		<exclusion pattern="^http://rewards\.xbox\.com/(?!css/|favicon\.ico|(?:localized_)?media/)" />
 
 			<!--	+ve:
 					-->
@@ -145,16 +123,12 @@ Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connec
 			<test url="http://rewards.xbox.com/dynamic/css/welcome.css/" />
 			<test url="http://rewards.xbox.com/favicon.ico" />
 			<test url="http://rewards.xbox.com/media/images/img_header_logo.png" />
-			<test url="http://rewards.xbox.com/join-now/" />
 
 		<test url="http://support.xbox.com/en-US/" />
 
 
 	<!--	Not secured by server:
 					-->
-	<!--securecookie host="^\.xbox\.com$" name="^(ASP\.NET_SessionId|s_vi)$" /-->
-	<!--securecookie host="^music\.xbox\.com$" name="^XBXWebMusicSessionId$" /-->
-
 	<securecookie host="^\.xbox\.com$" name="^s_vi$" />
 	<securecookie host="^(?:help|live|music|myservice)\.xbox\.com$" name=".+" />
 
@@ -162,9 +136,6 @@ Fetch error: http://service.xbox.com/ => https://service.xbox.com/: (28, 'Connec
 	<rule from="^http://(compas|nxeasset)s\.xbox\.com/"
 		to="https://$1s-ssl.xbox.com/" />
 
-	<rule from="^http://feedback\.xbox\.com/"
-		to="https://feedbacklogin.xbox.com/" />
-
 	<rule from="^http://o\.xbox\.com/"
 		to="https://xbox-com.112.2o7.net/" />
 
diff --git a/src/chrome/content/rules/Xbox_Live.com.xml b/src/chrome/content/rules/Xbox_Live.com.xml
index 3aaf0ca7da9f..1cf1ea9198b2 100644
--- a/src/chrome/content/rules/Xbox_Live.com.xml
+++ b/src/chrome/content/rules/Xbox_Live.com.xml
@@ -16,7 +16,7 @@
 		- avatar	(→ avatar-ssl.xboxlive.com)
 		- avatar-ssl
 		- compass	(→ compass-ssl.xboxlive.com)
-		- compass-ssl	
+		- compass-ssl
 		- piflc
 
 -->
diff --git a/src/chrome/content/rules/Xchan.xml b/src/chrome/content/rules/Xchan.xml
index 337f6004f679..ea2c4f92ae6f 100644
--- a/src/chrome/content/rules/Xchan.xml
+++ b/src/chrome/content/rules/Xchan.xml
@@ -4,11 +4,11 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://old.xchan.pw/ => https://old.xchan.pw/: (6, 'Could not resolve host: old.xchan.pw')
 
 -->
-<ruleset name="Xchan" default_off='failed ruleset test'>
-	<target host="xchan.pw" />
-	<target host="www.xchan.pw" />
-	<target host="old.xchan.pw" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
+<ruleset name="Xchan" default_off="failed ruleset test">
+	<target host="xchan.pw" />
+	<target host="www.xchan.pw" />
+	<target host="old.xchan.pw" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xdebug.org.xml b/src/chrome/content/rules/Xdebug.org.xml
index 6fb502ace231..57f3903707a2 100644
--- a/src/chrome/content/rules/Xdebug.org.xml
+++ b/src/chrome/content/rules/Xdebug.org.xml
@@ -11,7 +11,7 @@
 
     <rule from="^http://www\.xdebug\.org/"
             to="https://xdebug.org/" />
-    
+
     <rule from="^http:"
             to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Xeneris.net.xml b/src/chrome/content/rules/Xeneris.net.xml
index 1f6588a16051..8970069131b2 100644
--- a/src/chrome/content/rules/Xeneris.net.xml
+++ b/src/chrome/content/rules/Xeneris.net.xml
@@ -26,7 +26,7 @@ Fetch error: http://mail.xeneris.net/ => https://mail.xeneris.net/: (60, 'SSL ce
 		- kronix.xeneris.net:8443
 
 -->
-<ruleset name="Xeneris.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Xeneris.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/XenoNode.com.xml b/src/chrome/content/rules/XenoNode.com.xml
new file mode 100644
index 000000000000..6a9801bc78ab
--- /dev/null
+++ b/src/chrome/content/rules/XenoNode.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="XenoNode.com (partial)">
+	<target host="xenonode.com" />
+	<target host="www.xenonode.com" />
+	<target host="my.xenonode.com" />
+
+	<securecookie host=".+" name=".+"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/Xeno_Gamers.org.xml b/src/chrome/content/rules/Xeno_Gamers.org.xml
deleted file mode 100644
index 4de189ea936f..000000000000
--- a/src/chrome/content/rules/Xeno_Gamers.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Xeno Gamers.org">
-
-	<target host="xenogamers.org" />
-	<target host="*.xenogamers.org" />
-
-
-	<securecookie host="^\.?xenogamers\.org$" name=".+" />
-
-
-	<rule from="^http://(img\d\.|www\.)?xenogamers\.org/"
-		to="https://$1xenogamers.org/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xenobite.eu.xml b/src/chrome/content/rules/Xenobite.eu.xml
index cd1f9a6e08bf..2452c46bb4f0 100644
--- a/src/chrome/content/rules/Xenobite.eu.xml
+++ b/src/chrome/content/rules/Xenobite.eu.xml
@@ -6,7 +6,7 @@ Fetch error: http://xenobite.eu/ => https://xenobite.eu/: (51, "SSL: no alternat
 	www doesn't exist.
 
 -->
-<ruleset name="Xenobite.eu" default_off='failed ruleset test'>
+<ruleset name="Xenobite.eu" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Xfire.xml b/src/chrome/content/rules/Xfire.xml
index bf9979e55c75..b97f3f5a1c3e 100644
--- a/src/chrome/content/rules/Xfire.xml
+++ b/src/chrome/content/rules/Xfire.xml
@@ -30,7 +30,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Xfire.com (partial)" default_off="missing certificate chain">
+<ruleset name="Xfire.com (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Xg4ken.com.xml b/src/chrome/content/rules/Xg4ken.com.xml
index ca9ddf9db864..7b3eccf4b429 100644
--- a/src/chrome/content/rules/Xg4ken.com.xml
+++ b/src/chrome/content/rules/Xg4ken.com.xml
@@ -19,4 +19,4 @@
 	<rule from="^http://(\d\d)\.xg4ken\.com/"
 		to="https://$1.xg4ken.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/XiTi.com.xml b/src/chrome/content/rules/XiTi.com.xml
index e8744c29d3e0..c7197ff87daf 100644
--- a/src/chrome/content/rules/XiTi.com.xml
+++ b/src/chrome/content/rules/XiTi.com.xml
@@ -51,7 +51,7 @@ Fetch error: http://logs142.xiti.com/hit.xiti?s= => https://logs142.xiti.com/hit
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="XiTi.com (partial)" default_off='failed ruleset test'>
+<ruleset name="XiTi.com (partial)" default_off="failed ruleset test">
 
 	<target host="*.xiti.com" />
 
diff --git a/src/chrome/content/rules/Xiami.xml b/src/chrome/content/rules/Xiami.xml
index 02ceadaa9534..c1741e67a151 100644
--- a/src/chrome/content/rules/Xiami.xml
+++ b/src/chrome/content/rules/Xiami.xml
@@ -13,7 +13,7 @@
     <target host="act.xiami.com" />
     <target host="h.xiami.com" />
         <test url="http://h.xiami.com/favicon.ico" />
-    
+
     <!-- Xiami.net rules -->
     <target host="img.xiami.net" />
         <test url="http://img.xiami.net/favicon.ico" />
@@ -22,6 +22,6 @@
     <target host="m320.xiami.net" />
     <target host="pic.xiami.net" />
         <test url="http://pic.xiami.net/favicon.ico" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Xiaomi.cn.xml b/src/chrome/content/rules/Xiaomi.cn.xml
index 40dc9acf5b2a..8fde3cfa66f3 100644
--- a/src/chrome/content/rules/Xiaomi.cn.xml
+++ b/src/chrome/content/rules/Xiaomi.cn.xml
@@ -1,8 +1,5 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://m.xiaomi.cn/ => https://m.xiaomi.cn/: (6, 'Could not resolve host: m.xiaomi.cn')
-
 	For other domains belong to xiaomi, see Xiaomi.com.xml
 
 	Break content:
@@ -11,7 +8,6 @@ Fetch error: http://m.xiaomi.cn/ => https://m.xiaomi.cn/: (6, 'Could not resolve
 	MCB:
 		bbs.xiaomi.cn
 		hd.xiaomi.cn	( test : http://hd.xiaomi.cn/mipop/2016dl/ )
-		mipop.xiaomi.cn (test : http://mipop.xiaomi.cn/default/activity/key/20151114 )
 		rom.xiaomi.cn
 		static.xiaomi.cn
 
@@ -27,17 +23,8 @@ Fetch error: http://m.xiaomi.cn/ => https://m.xiaomi.cn/: (6, 'Could not resolve
 		home.xiaomi.cn
 -->
 
-<ruleset name="Xiaomi.cn" default_off='failed ruleset test'>
-
+<ruleset name="Xiaomi.cn">
 	<target host="xiaomi.cn" />
-	<rule from="^http://xiaomi\.cn/" to="https://www.xiaomi.cn/" />
-
-	<target host="static.xiaomi.cn" />
-	<exclusion pattern="^http://static\.xiaomi\.cn/(?!xiaomicms/)" />
-		<test url="http://static.xiaomi.cn/xiaomicms/statics/css/v3/default_v3.min.css" />
-		<test url="http://static.xiaomi.cn/xiaomicms/uploadfile/2012/0809/20120809020546414.png" />
-		<test url="http://static.xiaomi.cn/115" />
-
 	<target host="www.xiaomi.cn" />
 	<target host="city.xiaomi.cn" />
 	<target host="down.xiaomi.cn" />
@@ -48,5 +35,13 @@ Fetch error: http://m.xiaomi.cn/ => https://m.xiaomi.cn/: (6, 'Could not resolve
 	<target host="wan.xiaomi.cn" />
 	<target host="xue.xiaomi.cn" />
 
+	<target host="static.xiaomi.cn" />
+	<exclusion pattern="^http://static\.xiaomi\.cn/(?!xiaomicms/)" />
+		<test url="http://static.xiaomi.cn/xiaomicms/statics/css/v3/default_v3.min.css" />
+		<test url="http://static.xiaomi.cn/xiaomicms/uploadfile/2012/0809/20120809020546414.png" />
+		<test url="http://static.xiaomi.cn/115" />
+
+	<rule from="^http://xiaomi\.cn/" to="https://www.xiaomi.cn/" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Xignite.xml b/src/chrome/content/rules/Xignite.xml
index 69eaff27283b..810fc91d20cd 100644
--- a/src/chrome/content/rules/Xignite.xml
+++ b/src/chrome/content/rules/Xignite.xml
@@ -64,10 +64,6 @@
 	<!--securecookie host="^(?:www\.)?xignite\.com$" name=".+" /-->
 
 
-	<rule from="^http://cdn\.xignite\.com/"
-		to="https://d238gk3mw72oe2.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Xiscosoft.es.xml b/src/chrome/content/rules/Xiscosoft.es.xml
index f12dddb0ab39..dd49640a0266 100644
--- a/src/chrome/content/rules/Xiscosoft.es.xml
+++ b/src/chrome/content/rules/Xiscosoft.es.xml
@@ -30,7 +30,7 @@
 	* Secured by us, doesn't trip MCB
 
 -->
-<ruleset name="Xiscosoft.es" default_off="missing certificate chain">
+<ruleset name="Xiscosoft.es" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Xively.com.xml b/src/chrome/content/rules/Xively.com.xml
deleted file mode 100644
index 4cad63521c4e..000000000000
--- a/src/chrome/content/rules/Xively.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	For other LogMeIn coverage, see LogMeIn_Inc.com.xml.
-
-
-	Fully covered hosts in *xively.com:
-
-		- (www.)?
-		- personal
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- xively.com
-		- .personal.xively.com
-		- www.xively.com
-
--->
-<ruleset name="Xively.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="xively.com" />
-	<target host="personal.xively.com" />
-	<target host="www.xively.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?xively\.com$" name="^X-Mapping-\w+$" /-->
-	<!--securecookie host="^\.personal\.xively\.com$" name="^_goldfinch_app_session$" /-->
-
-	<securecookie host="^(?:\.personal\.|www\.)?xively\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xmarks.xml b/src/chrome/content/rules/Xmarks.xml
deleted file mode 100644
index caa756f3553f..000000000000
--- a/src/chrome/content/rules/Xmarks.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog *
-
-	* Blogger
-
-
-	Fully covered subdomains:
-
-		- (www.)?
-		- buy
-		- download
-		- helpdesk
-		- login
-		- mobile
-		- my
-		- share
-		- static
-		- thumbs
-
--->
-<ruleset name="Xmarks.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="xmarks.com"/>
-	<target host="buy.xmarks.com"/>
-	<target host="download.xmarks.com"/>
-	<target host="helpdesk.xmarks.com"/>
-	<target host="login.xmarks.com"/>
-	<target host="mobile.xmarks.com"/>
-	<target host="my.xmarks.com"/>
-	<target host="share.xmarks.com"/>
-	<target host="static.xmarks.com"/>
-	<target host="thumbs.xmarks.com"/>
-	<target host="www.xmarks.com"/>
-
-	<securecookie host="^(?:.*\.)?xmarks.com$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xnxx-cdn.com.xml b/src/chrome/content/rules/Xnxx-cdn.com.xml
index 9b60f8f66825..ddcc9b38deea 100644
--- a/src/chrome/content/rules/Xnxx-cdn.com.xml
+++ b/src/chrome/content/rules/Xnxx-cdn.com.xml
@@ -19,4 +19,4 @@
 	<target host="video-hw.xnxx-cdn.com" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xonotic.org.xml b/src/chrome/content/rules/Xonotic.org.xml
new file mode 100644
index 000000000000..567f29d97f9b
--- /dev/null
+++ b/src/chrome/content/rules/Xonotic.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="Xonotic.org">
+	<target host="xonotic.org" />
+	<target host="www.xonotic.org" />
+	<target host="dl.xonotic.org" />
+	<target host="stats.xonotic.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xroxy.com.xml b/src/chrome/content/rules/Xroxy.com.xml
index 16679f006807..b23a6939b3fe 100644
--- a/src/chrome/content/rules/Xroxy.com.xml
+++ b/src/chrome/content/rules/Xroxy.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.xroxy.com/ => https://www.xroxy.com/: (60, 'SSL certific
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="xroxy.com" default_off='failed ruleset test'>
+<ruleset name="xroxy.com" default_off="failed ruleset test">
 
 	<target host="xroxy.com" />
 	<target host="www.xroxy.com" />
diff --git a/src/chrome/content/rules/Xserver.xml b/src/chrome/content/rules/Xserver.xml
index 4233b45ba3a2..def959d11697 100644
--- a/src/chrome/content/rules/Xserver.xml
+++ b/src/chrome/content/rules/Xserver.xml
@@ -18,4 +18,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xtendmedia.com.xml b/src/chrome/content/rules/Xtendmedia.com.xml
deleted file mode 100644
index edca6bac52ea..000000000000
--- a/src/chrome/content/rules/Xtendmedia.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	For other Matomy Media coverage, see Matomy-Media.xml.
-
-
-	Problematic subdomains:
-
-		- creative	(works, akamai)
-
--->
-<ruleset name="xtendmedia.com">
-
-	<target host="ad.xtendmedia.com" />
-
-
-	<!--	- Cert doesn't match
-		- Data seem identical
-				-->
-	<rule from="^http://ad\.xtendmedia\.com/"
-		to="https://ad.rmxads.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xtenit.xml b/src/chrome/content/rules/Xtenit.xml
index 5718d4834ae5..e0b166cab53d 100644
--- a/src/chrome/content/rules/Xtenit.xml
+++ b/src/chrome/content/rules/Xtenit.xml
@@ -21,4 +21,4 @@
 	<rule from="^http://([\w-]+)\.secure\.xtenit\.com/"
 		to="https://$1.secure.xtenit.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Xtnetwork.fr.xml b/src/chrome/content/rules/Xtnetwork.fr.xml
index f0c028ea0509..de4a452a6b7c 100644
--- a/src/chrome/content/rules/Xtnetwork.fr.xml
+++ b/src/chrome/content/rules/Xtnetwork.fr.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cdn.realdebrid.xtnetwork.fr/ => https://cdn.realdebrid.xtnetwork.fr/: (35, 'error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error')
 
 -->
-<ruleset name="xtnetwork.fr" default_off='failed ruleset test'>
+<ruleset name="xtnetwork.fr" default_off="failed ruleset test">
 
 	<target host="cdn.realdebrid.xtnetwork.fr" />
 
diff --git a/src/chrome/content/rules/Xwiki.org.xml b/src/chrome/content/rules/Xwiki.org.xml
new file mode 100644
index 000000000000..991fda3aafeb
--- /dev/null
+++ b/src/chrome/content/rules/Xwiki.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Plaintext response:
+		- lists.xwiki.org
+
+	Host has wildcard DNS but no wildcard cert.
+-->
+<ruleset name="Xwiki.org">
+	<target host="xwiki.org" />
+	<target host="www.xwiki.org" />
+	<target host="commons.xwiki.org" />
+	<target host="design.xwiki.org" />
+	<target host="dev.xwiki.org" />
+	<target host="enterprise.xwiki.org" />
+	<target host="extensions.xwiki.org" />
+	<target host="forum.xwiki.org" />
+	<target host="jira.xwiki.org" />
+	<target host="manager.xwiki.org" />
+	<target host="maven.xwiki.org" />
+	<target host="nexus.xwiki.org" />
+	<target host="platform.xwiki.org" />
+	<target host="playground.xwiki.org" />
+	<target host="playgroundtemplate.xwiki.org" />
+	<target host="rendering.xwiki.org" />
+	<target host="snippets.xwiki.org" />
+	<target host="test.xwiki.org" />
+	<target host="xclams.xwiki.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Xxxbunker.com.xml b/src/chrome/content/rules/Xxxbunker.com.xml
deleted file mode 100644
index 4dd4392dae3b..000000000000
--- a/src/chrome/content/rules/Xxxbunker.com.xml
+++ /dev/null
@@ -1,99 +0,0 @@
-<!--
-	CDN buckets:
-
-		- xxxbunker.cachefly.net
-		- 759425240.r.cdn77.net
-
-
-	Nonfunctional hosts in *xxxbunker.com:
-
-		- cdn *
-		- m *
-		- thumbs
-
-	* Redirects to ^xxxbunker.com
-
-
-	Problematic hosts in *xxxbunker.com:
-
-		- flash *
-
-	* Expired
-
-
-	Many pages redirect to http, others 404
-
-
-	These altnames don't exist:
-
-		- www.relayurl.xxxbunker.com
-
--->
-<ruleset name="xxxbunker.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cf.prefetch.xxxbunker.com" />
-	<target host="relayurl.xxxbunker.com" />
-	<target host="static.xxxbunker.com" />
-	<target host="cf.static.xxxbunker.com" />
-	<target host="cf.thumbs.xxxbunker.com" />
-
-	<!--	Complications:
-				-->
-	<target host="109.201.146.247" />
-	<target host="759425240.r.cdn77.net" />
-	<target host="xxxbunker.com" />
-	<target host="www.xxxbunker.com" />
-
-		<exclusion pattern="^http://759425240\.r\.cdn77\.net/(?:css/|images/tbc_|js/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://759425240.r.cdn77.net/css/" />
-			<test url="http://759425240.r.cdn77.net/images/tbc_" />
-			<test url="http://759425240.r.cdn77.net/js/" />
-
-		<exclusion pattern="^http://(?:www\.)?xxxbunker\.com/(?!\w{8,}(?:-\d)?\.jpg|css/|(?:ajaxCommand|dmca|download|forgotPassword|iframePlayer|joinUs|privacy|video(?:List|Player|Vote))\.php|favicon\.ico|js/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://xxxbunker.com/bad_beauty_swallows_big_cock" />
-			<test url="http://xxxbunker.com/big_boobs_brunette_cum_swallow" />
-			<test url="http://xxxbunker.com/black_azz_amateur_orgy" />
-			<test url="http://xxxbunker.com/bound_sub_strapon_fucked" />
-			<test url="http://xxxbunker.com/categories/trannies" />
-			<test url="http://xxxbunker.com/community" />
-			<test url="http://xxxbunker.com/ebony_ssbbw_gigantically_huge_tits/" />
-			<test url="http://xxxbunker.com/femdom_babes_toy_slave" />
-			<test url="http://xxxbunker.com/fill_my_hole_with_your_big_cock" />
-			<test url="http://xxxbunker.com/newest/page-2" />
-			<test url="http://xxxbunker.com/rss/latest" />
-			<test url="http://xxxbunker.com/signup" />
-			<test url="http://xxxbunker.com/tags" />
-			<test url="http://xxxbunker.com/toprated" />
-
-			<!--	-ve:
-					-->
-			<test url="http://xxxbunker.com/15421696B.jpg" />
-			<test url="http://xxxbunker.com/css/static_0498.css" />
-			<test url="http://xxxbunker.com/dmca.php?videoid=" />
-			<test url="http://xxxbunker.com/favicon.ico" />
-			<test url="http://xxxbunker.com/forgotPassword.php" />
-			<test url="http://xxxbunker.com/joinUs.php" />
-			<test url="http://xxxbunker.com/privacy.php" />
-			<test url="http://xxxbunker.com/tos.php" />
-
-
-	<rule from="^http://(?:109\.201\.146\.247|759425240\.r\.cdn77\.net)/"
-		to="https://xxxbunker.com/" />
-
-	<!--	404s on www:
-				-->
-	<rule from="^http://(?:www\.)?xxxbunker\.com/js/functions_(\d{4})\.js"
-		to="https://xxxbunker.cachefly.net/js/functions_$1.js" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Xyratex.com.xml b/src/chrome/content/rules/Xyratex.com.xml
index 0bb27f838e2f..2302a24c4d1a 100644
--- a/src/chrome/content/rules/Xyratex.com.xml
+++ b/src/chrome/content/rules/Xyratex.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.xyratex.com/ => https://www.xyratex.com/: (51, "SSL: no
 	For other Seagate coverage, see Seagate.com.xml.
 
 -->
-<ruleset name="Xyratex.com" default_off='failed ruleset test'>
+<ruleset name="Xyratex.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Y6xjgkgwj47us5ca.onion.xml b/src/chrome/content/rules/Y6xjgkgwj47us5ca.onion.xml
deleted file mode 100644
index 398da03f6224..000000000000
--- a/src/chrome/content/rules/Y6xjgkgwj47us5ca.onion.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-
-<!--
-
-	For other Intercept coverage, see First_Look.org.xml.
-
--->
-<ruleset name="y6xjgkgwj47us5ca.onion">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="y6xjgkgwj47us5ca.onion" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YBitcoin.com.xml b/src/chrome/content/rules/YBitcoin.com.xml
deleted file mode 100644
index 4680eb046816..000000000000
--- a/src/chrome/content/rules/YBitcoin.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other BTC Media coverage, see BTC_Media.org.xml.
-
-
-	Insecure cookies are set for these domains and hosts:
-
-		- ybitcoin.com
-		- .ybitcoin.com
-		- www.ybitcoin.com
-
--->
-<ruleset name="yBitcoin.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ybitcoin.com" />
-	<target host="www.ybitcoin.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?ybitcoin\.com$" name="^X-Mapping-fjhppofk$" /-->
-	<!--securecookie host="^\.ybitcoin\.com$" name="^(__cfduid|cf_clearance)$" /-->
-
-	<securecookie host="^(?:\.|www\.)?ybitcoin\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YEAH.xml b/src/chrome/content/rules/YEAH.xml
index 97fd9bfb5ddb..5e0aa949ca6d 100644
--- a/src/chrome/content/rules/YEAH.xml
+++ b/src/chrome/content/rules/YEAH.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.yeahtv.com/ => https://www.yeahtv.com/: (28, 'Connection
 	!www times out.
 
 -->
-<ruleset name="YEAH!" default_off='failed ruleset test'>
+<ruleset name="YEAH!" default_off="failed ruleset test">
 
 	<target host="yeahtv.com" />
 	<target host="www.yeahtv.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.yeahtv.com/ => https://www.yeahtv.com/: (28, 'Connection
 	<rule from="^http://(?:www\.)?yeahtv\.com/"
 		to="https://www.yeahtv.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/YFS.ca.xml b/src/chrome/content/rules/YFS.ca.xml
new file mode 100644
index 000000000000..a9fc890f2798
--- /dev/null
+++ b/src/chrome/content/rules/YFS.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="YFS.ca">
+	<target host="yfs.ca" />
+	<target host="www.yfs.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YGTech.Tools.xml b/src/chrome/content/rules/YGTech.Tools.xml
index 28d5ec114884..9130385325f7 100644
--- a/src/chrome/content/rules/YGTech.Tools.xml
+++ b/src/chrome/content/rules/YGTech.Tools.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.ygtech.tools/ => https://www.ygtech.tools/: (28, 'Connec
 		- (www.)?
 
 -->
-<ruleset name="YGTech.Tools" default_off='failed ruleset test'>
+<ruleset name="YGTech.Tools" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml b/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml
index 23bc75de86c5..61d539257189 100644
--- a/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml
+++ b/src/chrome/content/rules/YMCA_of_Greater_St_Louis.xml
@@ -5,7 +5,7 @@
 	^ymcastlouis.org: Cert only matches www.ymcastlouis.org
 
 -->
-<ruleset name="YMCA of Greater St. Louis" default_off="missing certificate chain">
+<ruleset name="YMCA of Greater St. Louis" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/YMcdn.com.xml b/src/chrome/content/rules/YMcdn.com.xml
deleted file mode 100644
index b24afa6c1460..000000000000
--- a/src/chrome/content/rules/YMcdn.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="YMcdn.com">
-	<target host="c.ymcdn.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/YP_bot.net.xml b/src/chrome/content/rules/YP_bot.net.xml
index 9afbb9f71136..4680cdb2b567 100644
--- a/src/chrome/content/rules/YP_bot.net.xml
+++ b/src/chrome/content/rules/YP_bot.net.xml
@@ -24,7 +24,9 @@
 <ruleset name="YP bot.net (partial)">
 
 	<target host="static.solfoinc.netdna-cdn.com" />
-	<target host="*.ypbot.net" />
+	<target host="st.ypbot.net" />
+	<target host="st1.ypbot.net" />
+	<target host="st2.ypbot.net" />
 		<exclusion pattern="^http://media-cache\.ypbot\.net/" />
 
 
diff --git a/src/chrome/content/rules/YT_Channel_Embed.com.xml b/src/chrome/content/rules/YT_Channel_Embed.com.xml
deleted file mode 100644
index cbc4f63faa8d..000000000000
--- a/src/chrome/content/rules/YT_Channel_Embed.com.xml
+++ /dev/null
@@ -1,45 +0,0 @@
-<!--
-	www.ytchannelembed.com: Internal error
-
--->
-<ruleset name="YT Channel Embed.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ytchannelembed.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.ytchannelembed.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://ytchannelembed\.com/(?:$|wp-login\.php)" /-->
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://ytchannelembed\.com/+(?!favicon\.ico|wp-content/|ytce-gallery\.php)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://ytchannelembed.com/account/" />
-			<test url="http://ytchannelembed.com/account/membership-invoice/" />
-			<test url="http://ytchannelembed.com/contact/" />
-			<test url="http://ytchannelembed.com/create-your-free-youtube-widget/" />
-			<test url="http://ytchannelembed.com/levels/" />
-			<test url="http://ytchannelembed.com/wp-login.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://ytchannelembed.com/favicon.ico" />
-			<test url="http://ytchannelembed.com/wp-content/uploads/2014/04/logo-yt.png" />
-			<test url="http://ytchannelembed.com/ytce-gallery.php?user=RuptlyTV&amp;rows=3&amp;ratio=&amp;width=&amp;margin=&amp;desc=&amp;desc_color=&amp;title=&amp;title_color=000000&amp;https=0&amp;duration=1&amp;views=&amp;likes=&amp;dislikes=&amp;fav=&amp;cols=" />
-
-
-	<rule from="^http://www\.ytchannelembed\.com/"
-		to="https://ytchannelembed.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ya.ru.xml b/src/chrome/content/rules/Ya.ru.xml
index 267691c88391..263f5e31da66 100644
--- a/src/chrome/content/rules/Ya.ru.xml
+++ b/src/chrome/content/rules/Ya.ru.xml
@@ -97,7 +97,7 @@ Fetch error: http://realty.ya.ru/ => https://realty.ya.ru/: (51, "SSL: no altern
 	* Secured by us
 
 -->
-<ruleset name="Ya.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="Ya.ru (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yabause.org.xml b/src/chrome/content/rules/Yabause.org.xml
deleted file mode 100644
index 015c2b0d923a..000000000000
--- a/src/chrome/content/rules/Yabause.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Yabause.org">
-	<target host="yabause.org" />
-	<target host="www.yabause.org" />
-	<target host="forums.yabause.org" />
-	<target host="wiki.yabause.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Yacuna.com.xml b/src/chrome/content/rules/Yacuna.com.xml
index f5844c0a88c5..30311a2cbdf1 100644
--- a/src/chrome/content/rules/Yacuna.com.xml
+++ b/src/chrome/content/rules/Yacuna.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.yacuna.com/ => https://www.yacuna.com/: (6, 'Could not r
 	* Secured by us
 
 -->
-<ruleset name="Yacuna.com" default_off='failed ruleset test'>
+<ruleset name="Yacuna.com" default_off="failed ruleset test">
 
 	<target host="yacuna.com" />
 	<target host="analytics.yacuna.com" />
diff --git a/src/chrome/content/rules/Yadro.ru.xml b/src/chrome/content/rules/Yadro.ru.xml
index 11506980c9e5..20ee84a10020 100644
--- a/src/chrome/content/rules/Yadro.ru.xml
+++ b/src/chrome/content/rules/Yadro.ru.xml
@@ -1,37 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://sticker.yadro.ru/ad/240x400.html?place= => https://sticker.yadro.ru/ad/240x400.html?place=: (51, "SSL: no alternative certificate subject name matches target host name 'sticker.yadro.ru'")
-Fetch error: http://sticker.yadro.ru/go?url= => https://sticker.yadro.ru/go?url=: (51, "SSL: no alternative certificate subject name matches target host name 'sticker.yadro.ru'")
-Fetch error: http://sticker.yadro.ru/i/logo_small.gif => https://sticker.yadro.ru/i/logo_small.gif: (51, "SSL: no alternative certificate subject name matches target host name 'sticker.yadro.ru'")
-Fetch error: http://sticker.yadro.ru/ => https://sticker.yadro.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'sticker.yadro.ru'")
-
-	For other LiveInternet coverage, see LiveInternet.xml.
-
-
-	Nonfunctional subdomains:
-
-		- slinks	(dropped)
+	For other LiveInternet coverage, see LiveInternet.ru.xml.
 
+	Dropped:
+		- slinks
 -->
-<ruleset name="Yadro.ru (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Yadro.ru">
 	<target host="counter.yadro.ru" />
 	<target host="sticker.yadro.ru" />
-
-		<test url="http://sticker.yadro.ru/ad/240x400.html?place=" />
-		<test url="http://sticker.yadro.ru/go?url=" />
 		<test url="http://sticker.yadro.ru/i/logo_small.gif" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	name="^(FTID|VID)$"
-					-->
-	<securecookie host="^\.yadro\.ru$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Yakala.co.xml b/src/chrome/content/rules/Yakala.co.xml
index 2bf61f34ba8c..66783f6c4e5e 100644
--- a/src/chrome/content/rules/Yakala.co.xml
+++ b/src/chrome/content/rules/Yakala.co.xml
@@ -38,7 +38,7 @@
 					-->
 	<!--securecookie host="^www\.yakala\.co$" name="^(?:LastSelectedCity|Nop\.customer|NSC_[a-z]+-[a-z]+)$" /-->
 
-	<securecookie host="^(?:.*\.)?yakala\.co$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://yakala\.co/"
diff --git a/src/chrome/content/rules/Yale.edu.xml b/src/chrome/content/rules/Yale.edu.xml
index b4f428604b9c..df9ef1c0a4d9 100644
--- a/src/chrome/content/rules/Yale.edu.xml
+++ b/src/chrome/content/rules/Yale.edu.xml
@@ -34,7 +34,7 @@
 	<target host="e360.yale.edu" />
 
 	<target host="eeb.yale.edu" />
-	
+
 	<target host="affiliate.law.yale.edu" />
 	<target host="fa.law.yale.edu" />
 	<target host="inside.law.yale.edu" />
diff --git a/src/chrome/content/rules/Yam.xml b/src/chrome/content/rules/Yam.xml
index a1f1f6f683b0..2a5b1d2a5403 100644
--- a/src/chrome/content/rules/Yam.xml
+++ b/src/chrome/content/rules/Yam.xml
@@ -8,7 +8,7 @@ Fetch error: http://s1-world.yamedia.tw/ => https://s1-world.yamedia.tw/: (35, '
 	Invalid certificate:
 		love.yam.com
 		member.yam.com
-		
+
 		p1-josho.yamedia.tw
 		p1-kids.yamedia.tw
 		p1-money.yamedia.tw
@@ -37,7 +37,7 @@ Fetch error: http://s1-world.yamedia.tw/ => https://s1-world.yamedia.tw/: (35, '
 		profile.yamedia.tw	(http://profile.yamedia.tw/n/i/nigili5/sindex.jpg)
 -->
 
-<ruleset name="Yam (partial)" default_off='failed ruleset test'>
+<ruleset name="Yam (partial)" default_off="failed ruleset test">
 
 	<target host="yam.com" />
 	<target host="admd.yam.com" />
@@ -50,13 +50,13 @@ Fetch error: http://s1-world.yamedia.tw/ => https://s1-world.yamedia.tw/: (35, '
 	<target host="travel.yam.com" />
 	<target host="world.yam.com" />
 	<target host="www.yam.com" />
-	
+
 	<target host="s1-josho.yamedia.tw" />
 	<target host="s1-news.yamedia.tw" />
 	<target host="s1-money.yamedia.tw" />
 	<target host="s1-world.yamedia.tw" />
 	<target host="s1-www.yamedia.tw" />
-	
+
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/Yamgo.com.xml b/src/chrome/content/rules/Yamgo.com.xml
deleted file mode 100644
index 72909c21b2fa..000000000000
--- a/src/chrome/content/rules/Yamgo.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="Yamgo.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="yamgo.com" />
-	<target host="www.yamgo.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^yamgo\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^yamgo\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yammer.xml b/src/chrome/content/rules/Yammer.xml
index 6f4f0b28fbf1..e99976b91a49 100644
--- a/src/chrome/content/rules/Yammer.xml
+++ b/src/chrome/content/rules/Yammer.xml
@@ -45,7 +45,7 @@ Fetch error: http://eng.staging.yammer.com/ => https://eng.staging.yammer.com/:
 		- devices.yammer.com
 
 -->
-<ruleset name="Yammer.com" default_off='failed ruleset test'>
+<ruleset name="Yammer.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yandex.by.xml b/src/chrome/content/rules/Yandex.by.xml
index 5fdc553cc95e..515398b9b163 100644
--- a/src/chrome/content/rules/Yandex.by.xml
+++ b/src/chrome/content/rules/Yandex.by.xml
@@ -202,7 +202,7 @@ Fetch error: http://suggests.rasp.yandex.by/ => https://suggests.rasp.yandex.by/
 	² Unsecurable <= dropped
 
 -->
-<ruleset name="Yandex.by (partial)" default_off='failed ruleset test'>
+<ruleset name="Yandex.by (partial)" default_off="failed ruleset test">
 
 	<target host="yandex.by" />
 	<target host="advertising.yandex.by" />
diff --git a/src/chrome/content/rules/Yandex.com.tr.xml b/src/chrome/content/rules/Yandex.com.tr.xml
index aa193816c0e0..c3b40b6e7ecd 100644
--- a/src/chrome/content/rules/Yandex.com.tr.xml
+++ b/src/chrome/content/rules/Yandex.com.tr.xml
@@ -273,9 +273,9 @@ Fetch error: http://gazeta.yandex.com.tr/ => https://haber.yandex.com.tr/mynews:
 			- pda.haber from www.tns-counter.ru *
 
 	* Secured by us
- 
+
 -->
-<ruleset name="Yandex.com.tr (partial)" default_off='failed ruleset test'>
+<ruleset name="Yandex.com.tr (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yandex.com.ua.xml b/src/chrome/content/rules/Yandex.com.ua.xml
index 068727e70622..019784508277 100644
--- a/src/chrome/content/rules/Yandex.com.ua.xml
+++ b/src/chrome/content/rules/Yandex.com.ua.xml
@@ -57,7 +57,7 @@ Fetch error: http://www.taras.yandex.com.ua/ => https://taras.yandex.com.ua/: (5
 		- mail.yandex.com.ua
 
 -->
-<ruleset name="Yandex.com.ua (partial)" default_off='failed ruleset test'>
+<ruleset name="Yandex.com.ua (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yandex.kz.xml b/src/chrome/content/rules/Yandex.kz.xml
index dc001a19d565..5a2433a44e1a 100644
--- a/src/chrome/content/rules/Yandex.kz.xml
+++ b/src/chrome/content/rules/Yandex.kz.xml
@@ -198,7 +198,7 @@ Fetch error: http://suggests.rasp.yandex.kz/ => https://suggests.rasp.yandex.kz/
 	² Unsecurable <= dropped
 
 -->
-<ruleset name="Yandex.kz (partial)" default_off='failed ruleset test'>
+<ruleset name="Yandex.kz (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yandex.mobi.xml b/src/chrome/content/rules/Yandex.mobi.xml
deleted file mode 100644
index f8843ce0f18c..000000000000
--- a/src/chrome/content/rules/Yandex.mobi.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Yandex coverage, see Yandex.xml.
-
-
-	Fully covered subdomains:
-
-		- maps
-
--->
-<ruleset name="Yandex.mobi">
-
-	<target host="maps.yandex.mobi" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Yandex.net.xml b/src/chrome/content/rules/Yandex.net.xml
index 9008eee5b2b3..c1a5cadb467d 100644
--- a/src/chrome/content/rules/Yandex.net.xml
+++ b/src/chrome/content/rules/Yandex.net.xml
@@ -1,18 +1,3 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://api-yaru.yandex.net/ => https://api-yaru.yandex.net/: (51, "SSL: no alternative certificate subject name matches target host name 'api-yaru.yandex.net'")
-Fetch error: http://browser.yandex.net/ => https://browser.yandex.net/: (6, 'Could not resolve host: browser.yandex.net')
-Fetch error: http://www.browser.yandex.net/ => https://browser.yandex.net/: (6, 'Could not resolve host: browser.yandex.net')
-Fetch error: http://a.captcha.yandex.net/ => https://a.captcha.yandex.net/: (6, 'Could not resolve host: a.captcha.yandex.net')
-Fetch error: http://tv-front.content.yandex.net/ => https://tv-front.content.yandex.net/: (51, "SSL: no alternative certificate subject name matches target host name 'tv-front.content.yandex.net'")
-Fetch error: http://hotels-proxy.yandex.net/ => https://hotels-proxy.yandex.net/: (6, 'Could not resolve host: hotels-proxy.yandex.net')
-Fetch error: http://review-api-external.http.yandex.net/ => https://review-api-external.http.yandex.net/: (6, 'Could not resolve host: review-api-external.http.yandex.net')
-Fetch error: http://mdata.yandex.net/ => https://mdata.yandex.net/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to connect to xss.yandex.net port 443: Connection timed out')
-
--->
-
 <!--
 	For other Yandex coverage, see Yandex.xml.
 
@@ -27,16 +12,21 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 
 	Problematic subdomains:
 
-		- (www.)? ²
-		- www.browser ¹
+		- api-yaru ¹
+		- pix.blogs ¹
+		- pix2.blogs ¹
+		- download-cdn ⁴
+		- tv-front.content ¹
 		- direct **
 		- element ²
 		- elements ***
 		- img.encyc *
+		- msoffice.maps ¹
+		- vec.maps ***
 		- vec0[1-4].maps ⁴
 		- static.video ⁵
 
-	¹ 404
+	¹ Invalid certificate
 	² Mismatched
 	** Redirect destination doesn't exist => makes fetch checker complain
 	*** Mismatched cert for redirect destination
@@ -47,14 +37,12 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 
 	Fully covered subdomains:
 
-		- (www.)?	(→ yandex.ru)
 		- internetometr.download.cdn
 		- sandbox.api.maps
 		- 0\d.pvec.maps		([1-4])
 
 		- ((www.)?[^.]+|[^.]+.[^.]+): *	(www → ^)
 
-			- api-yaru
 			- awaps
 
 			- avatars
@@ -63,33 +51,21 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 
 			- avatars-fast
 			- ba
-			- pix.blogs
-			- pix2.blogs
-			- (www.)?browser
 
 			- captcha
-			- a.captcha
-			- s.captcha
 
 			- cache-ams0[13-6].cdn
 			- cache-default04e.cdn
 			- cache-default05h.cdn
-			- cache-default06f.cdn
-			- download.cdn
-			- kp.cdn
 			- sba.cdn
 
 			- ceviri
-			- tv-front.content
 			- resizer.corba
-			- \d.cs-ellpic
 			- css
 			- disk
 			- downloader
 			- favicon
 			- img-css.friends
-			- hotels-proxy
-			- review-api-external.http
 			- img
 			- img-fotki
 			- img\d-fotki
@@ -100,9 +76,7 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 			- audio.lingvo
 			- webattach.mail
 			- mailstatic
-			- msoffice.maps
 			- vec.maps
-			- mdata
 			- money
 			- resizer-mobile.photo
 
@@ -124,7 +98,6 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 			- wfarm
 			- wi
 			- wimg
-			- xss
 
 	* Except where excluded below
 
@@ -154,7 +127,7 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 	* Secured by us
 
 -->
-<ruleset name="Yandex.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Yandex.net (partial)">
 
 	<target host="yandex.net" />
 	<target host="*.yandex.net" />
@@ -204,56 +177,39 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 		<!--
 			Miscellaneous:
 					-->
-		<exclusion pattern="^http://(?:direct|elements?|mobile\.photo|pythonbp)\.yandex\.net/" />
+		<exclusion pattern="^http://(?:api-yaru|direct|elements?|mobile\.photo|pythonbp)\.yandex\.net/" />
 
+			<test url="http://api-yaru.yandex.net/" />
 			<test url="http://direct.yandex.net/" />
 			<test url="http://element.yandex.net/" />
 			<test url="http://elements.yandex.net/" />
 			<test url="http://mobile.photo.yandex.net/" />
 			<test url="http://pythonbp.yandex.net/" />
 
-		<test url="http://api-yaru.yandex.net/" />
 		<test url="http://awaps.yandex.net/" />
 		<test url="http://avatars.yandex.net/" />
 		<test url="http://1.avatars.yandex.net/" />
 		<test url="http://default.avatars.yandex.net/" />
 		<test url="http://avatars-fast.yandex.net/" />
 		<test url="http://ba.yandex.net/" />
-		<test url="http://pix.blogs.yandex.net/" />
-		<test url="http://pix2.blogs.yandex.net/" />
-		<test url="http://browser.yandex.net/" />
-		<test url="http://www.browser.yandex.net/" />
 		<test url="http://captcha.yandex.net/" />
-		<test url="http://a.captcha.yandex.net/" />
-		<test url="http://s.captcha.yandex.net/" />
-		<test url="http://cache-default06f.cdn.yandex.net/" />
-		<test url="http://download.cdn.yandex.net/" />
-		<test url="http://kp.cdn.yandex.net/" />
+		<test url="http://download.cdn.yandex.net/browser/yandex/ru/beta/Yandex.deb" />
 		<test url="http://sba.cdn.yandex.net/" />
 		<test url="http://ceviri.yandex.net/" />
-		<test url="http://tv-front.content.yandex.net/" />
 		<test url="http://resizer.corba.yandex.net/" />
-		<test url="http://1.cs-ellpic.yandex.net/" />
 		<test url="http://css.yandex.net/" />
 		<test url="http://disk.yandex.net/" />
 		<test url="http://downloader.yandex.net/" />
 		<test url="http://favicon.yandex.net/" />
 		<test url="http://img-css.friends.yandex.net/" />
-		<test url="http://hotels-proxy.yandex.net/" />
-		<test url="http://review-api-external.http.yandex.net/" />
 		<test url="http://img.yandex.net/" />
 		<test url="http://img-fotki.yandex.net/" />
 		<test url="http://img1-fotki.yandex.net/" />
-		<test url="http://img.yandex.net/" />
-		<test url="http://img1-fotki.yandex.net/" />
 		<test url="http://imgl.yandex.net/" />
 		<test url="http://st.kp.yandex.net/" />
 		<test url="http://audio.lingvo.yandex.net/" />
 		<test url="http://webattach.mail.yandex.net/" />
 		<test url="http://mailstatic.yandex.net/" />
-		<test url="http://msoffice.maps.yandex.net/" />
-		<test url="http://vec.maps.yandex.net/" />
-		<test url="http://mdata.yandex.net/" />
 		<test url="http://money.yandex.net/" />
 		<test url="http://resizer-mobile.photo.yandex.net/" />
 		<test url="http://api.rasp.yandex.net/" />
@@ -273,23 +229,11 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 		<test url="http://wfarm.yandex.net/" />
 		<test url="http://wi.yandex.net/" />
 		<test url="http://wimg.yandex.net/" />
-		<test url="http://xss.yandex.net/" />
-		<test url="http://www.yandex.net/" />
 
 		<test url="http://internetometr.download.cdn.yandex.net/" />
 		<test url="http://sandbox.api.maps.yandex.net/" />
 		<test url="http://01.pvec.maps.yandex.net/" />
 
-
-	<!--	Redirect keeps path, args, but not forward slash:
-								-->
-	<rule from="^http://(?:www\.)?yandex\.net/+"
-		to="https://yandex.ru/" />
-
-			<test url="http://yandex.net//" />
-			<test url="http://yandex.net/favicon.ico" />
-			<test url="http://www.yandex.net//" />
-
 	<rule from="^http://(?:www\.)?([^.]+)\.yandex\.net/"
 		to="https://$1.yandex.net/" />
 
@@ -304,4 +248,7 @@ Fetch error: http://xss.yandex.net/ => https://xss.yandex.net/: (7, 'Failed to c
 						-->
 	<rule from="^http://([^.]+)\.([^.]+)\.yandex\.net/"
 		to="https://$1.$2.yandex.net/" />
+
+	<rule from="^http://yandex\.net/"
+		to="https://yandex.ru/" />
 </ruleset>
diff --git a/src/chrome/content/rules/Yandex.xml b/src/chrome/content/rules/Yandex.xml
index 09b8ef85296b..ac75c7cc143d 100644
--- a/src/chrome/content/rules/Yandex.xml
+++ b/src/chrome/content/rules/Yandex.xml
@@ -1,4 +1,9 @@
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www.maps.yandex.ru/ => https://maps.yandex.ru/: (6, 'Could not resolve host: www.maps.yandex.ru')
+
 	Other Yandex rulesets:
 
 		- BEM.info.xml
@@ -10,7 +15,6 @@
 		- Yandex.com.ua.xml
 		- Yandex.com.tr.xml
 		- Yandex.kz.xml
-		- Yandex.mobi.xml
 		- Yandex.net.xml
 		- Yandex.st.xml
 		- Yandex.ua.xml
@@ -44,6 +48,7 @@
 		- copy ³
 		- dns ³
 		- encyclopedia *
+    - ewent
 		- family ¹
 		- b.feedback ³
 		- gazeta ³
@@ -293,7 +298,7 @@
 			- m.legal
 			- mail
 			- pda.mail
-	
+
 			- har.maps
 			- mpro.maps
 			- mtquality.maps
@@ -482,163 +487,33 @@
 
 	<target host="yandex.ru" />
 	<target host="*.yandex.ru" />
-		<!--
-			Redirects to http:
-						-->
-		<!--exclusion pattern="^http://(android-us\.apps|us\.apps|m\.auto|family|interactive-answers|op)\.yandex\.ru/$" /-->
-		<!--exclusion pattern="^http://market\.yandex\.ru/($|\?clid=|search\.xml)" /-->
-		<exclusion pattern="^http://uslugi\.yandex\.ru/($|arr\.png|index\.css)" />
-		<!--
-			Rather than enumerating domains that support SSL,
-			we enable SSL for all services and then exclude those
-			which become broken:
-
-
-			1. Public services without HTTPS support (or with broken support):
-												-->
-		<exclusion pattern="^http://(?:bar-widgets|cards|cs-ellpic|cs-thumb|dzen|encyclopedia|lingvo|ll|mirror|newmoscow|news|openid|presocial|wdgt)\.yandex\.ru/" />
-		<!--
-			Needed for Yandex video player to work:
-								-->
-		<exclusion pattern="^http://video\.yandex\.ru/iframe/" />
-		<exclusion pattern="^http://streaming\.video\.yandex\.ru/" />
-		<exclusion pattern="^http://[^.]+\.video\.yandex\.ru/q-upload/" />
-		<!--
-			3. Narod.ru.
-w
-		Narod.ru doesn't use auth data from Yandex,
-		so we don't need to encrypt its pages.
-		The only exception is Narod.Disk, but it doesn't provide HTTPS
-							-->
-		<exclusion pattern="^http://narod\d*\.yandex\.ru/" />
-		<!--
-			4. Search suggestions:
-						-->
-		<exclusion pattern="^http://suggest(?!-maps\.)(?:-[a-z]+)?\.yandex\.ru/" />
-		<!--
-			5. Webmaster:
-					-->
-		<exclusion pattern="^http://content\.webmaster\.yandex\.ru/" />
-		<!--
-			6. Mobile services:
-						-->
-		<exclusion pattern="^http://m\.yandex\.ru/" />
-		<!--
-			8. Various click counters and content stores:
-									-->
-		<exclusion pattern="^http://(?:copy|hghltd|print|market-click\d+|wrz)\.yandex\.ru/" />
-		<!--
-			9. Data clusters for Maps and Video:
-								-->
-		<exclusion pattern="^http://panoramas\.api-maps\.yandex\.ru" />
-		<exclusion pattern="^http://(?:jgo|vec\d+|stv\d+)\.maps\.yandex\.ru/" />
-		<exclusion pattern="^http://[^.]+-tub(?:-[^.]+)?\.yandex\.ru/" />
-		<!--
-			10. More subdomains without SSL from Aleksey Kosterin:
-										-->
-		<exclusion pattern="^http://(?:business|collection|kapersky|large|market|nahodki|navigator|online|punto|zakladki)\.yandex\.ru/" />
-		<!--
-			11. Some cert warnings:
-						-->
-		<exclusion pattern="^http://soft\.yandex\.ru/" />
-		<!--
-			Miscellaneous:
-					-->
-		<exclusion pattern="http://(?:apps|(?:android-)?us\.apps|appsearch|bm|contact2?|dns|family|gazeta|interactive-answers|m\.internet|islands|kaspersky|labs|(?:m|www)\.market|(?:m|pda)\.money|(?:m|pda|www)\.news|notanymore|op|prestable-pogoda|api\.rasp|repo|shad|static-maps|terms|uslugi|webcal|interactive-answers\.webmaster)\.yandex\.ru/" />
-
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.yandex\.ru$" name="^(Cookie_check|fuid01|my|yandexuid|yp|ys)$" /-->
-	<!--securecookie host="^(academy|events|startups|tech|developer\.tech)\.yandex\.ru$" name="^(express:sess:|express:sess\.sig)$" /-->
-	<!--securecookie host="^afisha\.yandex\.ru$" name="^ys$" /-->
-	<!--securecookie host="^(auto|pda\.auto|display|gorod|partner\.market|(www\.)?master|rabota|m\.rabota|realty|partner\.realty|slovari|stat)\.yandex\.ru$" name="^uid$" /-->
-	<!--securecookie host="^(bs|mc)\.yandex\.ru$" name="^yabs-sid$" /-->
-	<!--securecookie host="^(intern\.|shad\.)?contest\.yandex\.ru$" name="^CONTEST_LANG$" /-->
-	<!--securecookie host="^feedback2\.yandex\.ru$" name="^feedback2-sid$" /-->
-	<!--securecookie host="^\.fotki\.yandex\.ru$" name="^FSession_id$" /-->
-	<!--securecookie host="^\.?(captcha|hw|suggests\.rasp)\.yandex\.ru$" name="^yp$" /-->
-	<!--securecookie host="^(ipv[46]\.)?internet\.yandex\.ru$" name="^(csrftoken|test)$" /-->
-	<!--securecookie host="^(pda\.)?mail\.yandex\.ru$" name="^ni$" /-->
-	<!--securecookie host="^mobile\.yandex\.ru$" name="^family$" /-->
-	<!--securecookie host="^pass\.yandex\.ru$" name="^M_\w+_yandex_\w\w$" /-->
-	<!--securecookie host="^pogoda\.yandex\.ru$" name="^yw_lc$" /-->
-	<!--securecookie host="^realty\.yandex\.ru$" name="^from$" /-->
-	<!--securecookie host="^slovari\.yandex\.ru$" name="^slovari-state$" /-->
-	<!--securecookie host="^translate\.yandex\.ru$" name="^(first_visit_src|stoken)$" /-->
-
-	<securecookie host="(?:academy|afisha|auto|pda\.auto|bs|\.?captcha|(?:intern\.|shad\.)?contest|display|events|feedback2|\.?hw|(?:ipv[46]\.)?internet|mail|pda\.mail|partner\.market|(?:www\.)?master|mc|mobile|pass|pogoda|rabota|m\.rabota|\.?suggests\.rasp|realty|partner\.realty|slovari|startups|stat|(?:developer\.)?tech|translate|\.video)\.yandex\.ru$" name=".+" />
-
-
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://dict\.yandex\.ru/+"
-		to="https://slovari.yandex.ru/" />
-
-	<!--	Domains for which www exists, but !www
-		doesn't, or doesn't work over http:
-							-->
-	<rule from="^http://www\.ewent\.yandex\.ru/"
-		to="https://www.ewent.yandex.ru/" />
-
-	<rule from="^http://favicon\.yandex\.ru/"
-		to="https://favicon.yandex.net/" />
-
-	<!--	Redirect drops path and args:
-						-->
-	<!--rule from="^http://gazeta\.yandex\.ru/.*"
-		to="https://news.yandex.ru/mynews" /-->
-
-	<!--	Redirect drops path but not args:
-							-->
-	<rule from="^http://(?:www\.)?m\.metro\.yandex\.ru/[^?]*"
-		to="https://m.soft.yandex.ru/metro/" />
-
-	<rule from="^http://mobile-feedback\.yandex\.ru/"
-		to="https://m.feedback.yandex.ru/" />
-
-	<!--	Redirect keeps path and args:
-						-->
-	<rule from="^http://skype\.yandex\.ru/+"
-		to="https://yandex.ru/promo/skype/" />
-
-	<rule from="^http://twitter\.yandex\.ru/+"
-		to="https://www.yandex.ru/" />
-
-	<rule from="^http://upics\.yandex\.ru/"
-		to="https://upics.yandex.net/" />
-
-	<!--	Domains for which both !www and www
-		exist, and both work without caveat:
-							-->
-	<rule from="^http://(www\.)?(academy|adresa|atlas|ewents|[ei]vents?|export|fotki|internet|karti|maps|(?:beta|constructor|m|n|router-quality)\.maps|master|metro|mshad|music|maps\.pda|pogoda|prefetch-maps|probki|research|site|startups|tech|tv|video|weather|yaca)\.yandex\.ru/"
-		to="https://$1$2.yandex.ru/" />
-
-	<rule from="^http://((?:\d\.downloader\.disk|sandbox\.api\.maps|www)\.)?yandex\.ru/"
-		to="https://$1yandex.ru/" />
+    <test url="http://audience.yandex.ru/" />
+    <test url="http://disk.yandex.ru/" />
+    <test url="http://download.yandex.ru/" />
+    <test url="http://academy.yandex.ru/" />
+    <test url="http://video.yandex.ru/" />
+    <test url="http://events.yandex.ru/" />
 
 	<rule from="^http://(?:www\.)?([^.]+)\.yandex\.ru/"
 		to="https://$1.yandex.ru/" />
+    <test url="http://www.disk.yandex.ru/" />
+    <test url="http://www.webmaster.yandex.ru/" />
+    <test url="http://www.kassa.yandex.ru/" />
 
 	<!--	Here we can enable 4+ level domains with a single regexp,
 		but I've never seen any domains more that 4 levels deep
 		in Yandex network, so I wouldn't enable them now -
-		it may be inconvenient and may broke some services.
+		it may be inconvenient and may brake some services.
 		Only 4-level domains match.
 						-->
 	<rule from="^http://([^.]+)\.([^.]+)\.yandex\.ru/"
 		to="https://$1.$2.yandex.ru/" />
+    <test url="http://points.maps.yandex.ru/" />
+    <test url="http://beta.dialogs.yandex.ru/" />
+    <test url="http://shad.contest.yandex.ru/" />
 
+  <securecookie host=".+" name=".+" />
 
-	<!--	"<error><status>401</status><message>Unauthorized</message><cause>Incorrect referer</cause></error>"
-
-		https doesn't give a referrer, so images don't load.
-
-		Example:	https://market.yandex.ru/search.xml?text=draytek&hid=91083&srnum=233
-		List:		https://mail1.eff.org/pipermail/https-everywhere-rules/2012-April/001094.html
-							-->
-	<!--rule from="^https://static-maps\.yandex\.ru/"
-		to="http://static-maps.yandex.ru/" downgrade="1" /-->
+  <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Yard_Digital.com.xml b/src/chrome/content/rules/Yard_Digital.com.xml
index 7f4e91f75976..3dff4e69a5b3 100644
--- a/src/chrome/content/rules/Yard_Digital.com.xml
+++ b/src/chrome/content/rules/Yard_Digital.com.xml
@@ -15,4 +15,4 @@
 	<rule from="^http://(?:www\.)?yarddigital\.com/"
 		to="https://yarddigital.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yellow-Pages-IMA.xml b/src/chrome/content/rules/Yellow-Pages-IMA.xml
index 8e202d7d215d..e63ffc56e2f6 100644
--- a/src/chrome/content/rules/Yellow-Pages-IMA.xml
+++ b/src/chrome/content/rules/Yellow-Pages-IMA.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.ypassociation.org/ => https://localsearchassociation.org
 		- Yellow_Pages_Opt_Out.com.xml
 
 -->
-<ruleset name="Yellow Pages IMA (partial)" default_off='failed ruleset test'>
+<ruleset name="Yellow Pages IMA (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml b/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml
index 24297820ab90..5313da688293 100644
--- a/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml
+++ b/src/chrome/content/rules/Yellow_Pages_Opt_Out.com.xml
@@ -25,7 +25,7 @@
 					-->
 	<!--securecookie host="^www\.yellowpagesoptout\.com$" name="^SESS[\da-f]$" /-->
 
-	<securecookie host="^(?:.*\.)?yellowpagesoptout\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://yellowpagesoptout\.com/"
diff --git a/src/chrome/content/rules/YeniAkit.com.tr.xml b/src/chrome/content/rules/YeniAkit.com.tr.xml
new file mode 100644
index 000000000000..e77e797b7a44
--- /dev/null
+++ b/src/chrome/content/rules/YeniAkit.com.tr.xml
@@ -0,0 +1,9 @@
+<ruleset name="YeniAkit.com.tr">
+	<target host="yeniakit.com.tr" />
+	<target host="www.yeniakit.com.tr" />
+	<target host="m.yeniakit.com.tr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yeshiva.xml b/src/chrome/content/rules/Yeshiva.xml
index 952f35998a68..ad10abc01f36 100644
--- a/src/chrome/content/rules/Yeshiva.xml
+++ b/src/chrome/content/rules/Yeshiva.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.yu.edu/ => https://yu.edu/: Too many redirects while fet
 Fetch error: http://yu.edu/ => https://yu.edu/: Too many redirects while fetching 'https://yu.edu/'
 
 -->
-<ruleset name="Yeshiva University" default_off='failed ruleset test'>
+<ruleset name="Yeshiva University" default_off="failed ruleset test">
   <target host="www.yu.edu" />
   <target host="yu.edu" />
 
diff --git a/src/chrome/content/rules/Yesss.at.xml b/src/chrome/content/rules/Yesss.at.xml
index c777546cbec8..4ce702cb3885 100644
--- a/src/chrome/content/rules/Yesss.at.xml
+++ b/src/chrome/content/rules/Yesss.at.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nulleuro.yesss.at/ => https://nulleuro.yesss.at/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Yesss.at" default_off='failed ruleset test'>
+<ruleset name="Yesss.at" default_off="failed ruleset test">
 	<target host="yesss.at" />
 	<target host="www.yesss.at" />
 	<target host="nulleuro.yesss.at" />
diff --git a/src/chrome/content/rules/Ygnition.xml b/src/chrome/content/rules/Ygnition.xml
index 9b7684e9d9d0..bffca910dba5 100644
--- a/src/chrome/content/rules/Ygnition.xml
+++ b/src/chrome/content/rules/Ygnition.xml
@@ -11,14 +11,14 @@ Fetch error: http://yoda.ygnition.com/ => https://yoda.ygnition.com/: (28, 'Conn
 		- yoda02			(refused)
 
 -->
-<ruleset name="Ygnition (partial)" default_off='failed ruleset test'>
+<ruleset name="Ygnition (partial)" default_off="failed ruleset test">
 
 	<target host="ygnition.com" />
 	<target host="www.ygnition.com" />
 	<target host="yoda.ygnition.com" />
 
 
-	<securecookie host="^(?:.*\.)?ygnition\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/YieldSelect.com.xml b/src/chrome/content/rules/YieldSelect.com.xml
index 13bae1027a73..082e8af1a6cd 100644
--- a/src/chrome/content/rules/YieldSelect.com.xml
+++ b/src/chrome/content/rules/YieldSelect.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.yieldselect.com/ => https://www.yieldselect.com/: (60, '
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="YieldSelect.com" default_off='failed ruleset test'>
+<ruleset name="YieldSelect.com" default_off="failed ruleset test">
 
 	<target host="yieldselect.com" />
 	<target host="ads-by.yieldselect.com" />
diff --git a/src/chrome/content/rules/Yieldbot.xml b/src/chrome/content/rules/Yieldbot.xml
index fc18c8058a6e..957fd06d8911 100644
--- a/src/chrome/content/rules/Yieldbot.xml
+++ b/src/chrome/content/rules/Yieldbot.xml
@@ -27,4 +27,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yieldlab.de.xml b/src/chrome/content/rules/Yieldlab.de.xml
index 4bde011eed23..6c84807fead5 100644
--- a/src/chrome/content/rules/Yieldlab.de.xml
+++ b/src/chrome/content/rules/Yieldlab.de.xml
@@ -11,7 +11,7 @@
 	Mixed content:
 
 		- Images from $self
-		- Bug from www.facebook.com 
+		- Bug from www.facebook.com
 
 -->
 <ruleset name="Yieldlab.de" default_off="expired, self-signed">
diff --git a/src/chrome/content/rules/Yieldlove.com.xml b/src/chrome/content/rules/Yieldlove.com.xml
new file mode 100644
index 000000000000..ca5e84352d61
--- /dev/null
+++ b/src/chrome/content/rules/Yieldlove.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="Yieldlove.com">
+
+	<target host="yieldlove.com" />
+	<target host="www.yieldlove.com" />
+	<target host="cdn-a.yieldlove.com" />
+	<target host="cdn-abc.yieldlove.com" />
+	<target host="cdn-xxx.yieldlove.com" />
+	<target host="dashboard.yieldlove.com" />
+	<target host="dbaord-frontend.dev.yieldlove.com" />
+	<target host="pbs.dev.yieldlove.com" />
+	<target host="opt.yieldlove.com" />
+	<target host="passbolt.yieldlove.com" />
+	<target host="platform.yieldlove.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Yimg.com.xml b/src/chrome/content/rules/Yimg.com.xml
index cc8045de2e46..1121df877aa4 100644
--- a/src/chrome/content/rules/Yimg.com.xml
+++ b/src/chrome/content/rules/Yimg.com.xml
@@ -1,112 +1,39 @@
 <!--
 	For other Yahoo! coverage, see Yahoo.xml.
 
+	Non-functional hosts
+		Timeout:
+		- yimg.com
 
-	CDN buckets:
-
-		- a248.e.akamai.net/sec.yimg.com/i/
-
-		- www.movienewsletters.net
-
-			- movienewsletters.o
-
-
-	Undiscovered:
-
-		- ei/
-		- d.yimg.com/nl/
-		- d.yimg.com/hn/p/i/bcst/yp/cnbc2/
-		- d.yimg.com/oq/
-		- ec.yimg.com/ec?url=
-		- l.yimg.com/vf/
-		- sm-a[1-4].yimg.com
-		- thm-a0[1-4].yimg.com
-
-
-	Nonfunctional domains:
-
-		- cn.yimg.com ¹
-		- ybinst3.ec.yimg.com	(CN: *.l.yimg.com; 404)
-		- tw.ent3 ²
-		- tw.news2 ³
-		- xp.yimg.com		(404, not on sxp; mismatched, CN: s.yimg.com)
-
-	¹ Dropped
-	³ Refused
-
-
-	Problematic domains:
-
-		- ep.yimg.com
-		- movienewsletters.o ³
-		- xh ²
-		- xp.yimg.com ¹
-
-	¹ 404, valid cert
-	² Dropped
-	³ Works; mismatched, CN: *.movienewsletters.net
-
-
-	Fully covered domains:
-
-		- yimg.com subdomains:
-
-			- tw.bid
-			- tw.buy
-			- ci-[\da-f]{10}-\d{8}.http.atlas.cdn
-			- ec
-			- ep		(→ sep)
-			- ext
-			- tw.m
-			- s
-			- s[123]
-			- sep
-			- sec
-			- sp
-			- tw
-			- xh	(→ sxh)
-			- xp	(→ sxp)
-			- sxh
-			- sxp
-			- qos.video
-
+		SSL connect error:
+		- movienewsletters.o.yimg.com
 
+		SSL peer certificate was not OK:
+		- tw.ent3.yimg.com
 -->
 <ruleset name="Yimg.com (partial)">
 
-	<target host="*.yimg.com" />
-
-
-	<securecookie host="^\.s\.yimg\.com$" name=".+" />
-
-
-	<rule from="^http://ads\.yimg\.com/"
-		to="https://s.yimg.com/" />
-
-	<!--	- l1 to l7 exist.
-		- a appears equivalent to l, except hosted on Akamai.
-			-->
-	<rule from="^http://(?:d\d?|(?:a\.)?l\d?|us\.(?:a2|i1|js2?))\.yimg\.com/(?:a|d|us(?:\.js)?\.yimg\.com)/"
-		to="https://s.yimg.com/lq/" />
-
-	<rule from="^http://(?:d\d?|au\.i1|(?:a\.)?l\d?|mail)\.yimg\.com/(ao|bm|ck|cv|dh|ea|ep|f|fv|fz|iu|jc|kj|kx|lo|mi|mq|na|nt|ok|pj|pp|pu|qa|qj|qk|qo|rb|rf|rq|rx|rz|sr|ss|tu|ugcwidgets|zz|aunz\.yimg\.com)/"
-		to="https://s.yimg.com/$1/" />
-
-	<rule from="^http://(?:d\d?|(?:a\.)?l\d?|us\.(?:a1|js1?)|mail|xa)\.yimg\.com/(bb|bt|dg|(?:eur|us)\.yimg\.com|fg|fp|[ghijqt]|gh|ho|j[ghn]|kq|lh|lm|ml|nn|nq|os|pb|pv|qb|qw|qx|qz|r[luw]|sc|ts)/"
-		to="https://s.yimg.com/zz/$1/" />
-
-	<rule from="^http://(tw\.bid|tw\.buy|ci-[\da-f]{10}-\d{8}\.http\.atlas\.cdn|ec|ext|tw\.m|s(?:1|2|3|ec|p)?|tw|qos\.video)\.yimg\.com/"
-		to="https://$1.yimg.com/" />
-
-	<rule from="^http://s?(ep|xh|xp)\.yimg\.com/"
-		to="https://s$1.yimg.com/" />
-
-	<rule from="^http://movienewsletters\.o\.yimg\.com/"
-		to="https://www.movienewsletters.net/" />
-
-	<!--	s://developer. breakage
-					-->
-	<rule from="^https://s\.yimg\.com/common/img/"
-		to="https://s.yimg.com/kj/ydn/common/img/" />
-
+	<target host="ec.yimg.com" />
+	<target host="ybinst3.ec.yimg.com" />
+	<target host="ep.yimg.com" />
+	<target host="ext.yimg.com" />
+	<target host="l.yimg.com" />
+	<target host="tw.news2.yimg.com" />
+	<target host="s.yimg.com" />
+	<target host="s1.yimg.com" />
+	<target host="s2.yimg.com" />
+	<target host="s3.yimg.com" />
+	<target host="sec.yimg.com" />
+	<target host="sep.yimg.com" />
+	<target host="sp.yimg.com" />
+	<target host="sxh.yimg.com" />
+	<target host="sxp.yimg.com" />
+	<target host="tw.yimg.com" />
+	<target host="xa.yimg.com" />
+	<target host="xh.yimg.com" />
+	<target host="xp.yimg.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Ynet.io.xml b/src/chrome/content/rules/Ynet.io.xml
index 53166caab96d..909e9b65d8f6 100644
--- a/src/chrome/content/rules/Ynet.io.xml
+++ b/src/chrome/content/rules/Ynet.io.xml
@@ -16,7 +16,7 @@ Fetch error: http://s.ynet.io/ => https://s.ynet.io/: (28, 'Connection timed out
 		- .ynet.io
 
 -->
-<ruleset name="Ynet.io" default_off='failed ruleset test'>
+<ruleset name="Ynet.io" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Yocto_Project.org.xml b/src/chrome/content/rules/Yocto_Project.org.xml
index d9e608cf67bc..f30d1ab3b761 100644
--- a/src/chrome/content/rules/Yocto_Project.org.xml
+++ b/src/chrome/content/rules/Yocto_Project.org.xml
@@ -31,7 +31,12 @@
 <ruleset name="Yocto Project.org (partial)">
 
 	<target host="yoctoproject.org" />
-	<target host="*.yoctoproject.org" />
+	<target host="bugzilla.yoctoproject.org" />
+	<target host="eula-downloads.yoctoproject.org" />
+	<target host="git.yoctoproject.org" />
+	<target host="lists.yoctoproject.org" />
+	<target host="wiki.yoctoproject.org" />
+	<target host="www.yoctoproject.org" />
 
 
 	<!--	Secured by server:
@@ -43,10 +48,9 @@
 	<!--securecookie host="^bugzilla\.yoctoproject\.org$" name="^DEFAULTFORMAT$" /-->
 	<!--securecookie host="^\.eula-downloads.yoctoproject.org$" name="^SESS[\da-f]{32}$" /-->
 
-	<securecookie host="^(?:.*\.)?yoctoproject\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://((?:bugzilla|eula-downloads|git|lists|wiki|www)\.)?yoctoproject\.org/"
-		to="https://$1yoctoproject.org/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/YogaDNS.com.xml b/src/chrome/content/rules/YogaDNS.com.xml
new file mode 100644
index 000000000000..69ec2c6f7f08
--- /dev/null
+++ b/src/chrome/content/rules/YogaDNS.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="YogaDNS.com">
+	<target host="yogadns.com" />
+	<target host="www.yogadns.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Yokl.com.xml b/src/chrome/content/rules/Yokl.com.xml
index 697c24bc656d..b8727b46745f 100644
--- a/src/chrome/content/rules/Yokl.com.xml
+++ b/src/chrome/content/rules/Yokl.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.yokl.com/ => https://yokl.com/: (60, 'SSL certificate pr
 		- yokl.com
 
 -->
-<ruleset name="Yokl.com" default_off='failed ruleset test'>
+<ruleset name="Yokl.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/YoklAPI.com.xml b/src/chrome/content/rules/YoklAPI.com.xml
index c43201ef5d38..e634f46e7f23 100644
--- a/src/chrome/content/rules/YoklAPI.com.xml
+++ b/src/chrome/content/rules/YoklAPI.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://yoklapi.com/ => https://api.yokl.com/: (60, 'SSL certificate
 	* Not secured by us <= mismatched
 
 -->
-<ruleset name="YoklAPI.com" default_off='failed ruleset test'>
+<ruleset name="YoklAPI.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/York.edu.xml b/src/chrome/content/rules/York.edu.xml
index 6686c40b0827..d82d52a1e760 100644
--- a/src/chrome/content/rules/York.edu.xml
+++ b/src/chrome/content/rules/York.edu.xml
@@ -25,7 +25,7 @@
 	<target host="smtp.york.edu" />
 	<target host="yorkjics-test.york.edu" />
 
-	<rule from="^http://york\.edu/" 
+	<rule from="^http://york\.edu/"
 		to="https://www.york.edu/"/>
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/York_Fitness.xml b/src/chrome/content/rules/York_Fitness.xml
index bcad83d7c10a..6963b1bc48b0 100644
--- a/src/chrome/content/rules/York_Fitness.xml
+++ b/src/chrome/content/rules/York_Fitness.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yospace.com.xml b/src/chrome/content/rules/Yospace.com.xml
index bb4788b883df..8506fac50895 100644
--- a/src/chrome/content/rules/Yospace.com.xml
+++ b/src/chrome/content/rules/Yospace.com.xml
@@ -17,4 +17,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yottaa.xml b/src/chrome/content/rules/Yottaa.xml
index 9fae84174bb7..3e9bedf7c0d9 100644
--- a/src/chrome/content/rules/Yottaa.xml
+++ b/src/chrome/content/rules/Yottaa.xml
@@ -28,13 +28,17 @@
 -->
 <ruleset name="Yottaa (partial)">
 
-	<target host="*.yottaa.com" />
+	<target host="api.yottaa.com" />
+	<target host="api-dev.yottaa.com" />
+	<target host="api-dev-new.yottaa.com" />
+	<target host="apps.yottaa.com" />
+	<target host="apps-dev.yottaa.com" />
+	<target host="apps-dev-new.yottaa.com" />
 
 
 	<securecookie host="^apps(?:-dev|-dev-new)?\.yottaa\.com$" name=".+" />
 
 
-	<rule from="^http://ap(i|ps)(-dev|-dev-new)?\.yottaa\.com/"
-		to="https://ap$1$2.yottaa.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/YouCanBook.Me.xml b/src/chrome/content/rules/YouCanBook.Me.xml
index 7cd12ca5a338..923801724e67 100644
--- a/src/chrome/content/rules/YouCanBook.Me.xml
+++ b/src/chrome/content/rules/YouCanBook.Me.xml
@@ -10,7 +10,7 @@ Fetch error: http://fwd.youcanbook.me/ => https://fwd.youcanbook.me/: (60, 'SSL
 		- upload.youcanbook.me
 
 -->
-<ruleset name="YouCanBook.Me" default_off='failed ruleset test'>
+<ruleset name="YouCanBook.Me" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/YouSendIt.xml b/src/chrome/content/rules/YouSendIt.xml
index 52bac8a71211..8ccc39cc769d 100644
--- a/src/chrome/content/rules/YouSendIt.xml
+++ b/src/chrome/content/rules/YouSendIt.xml
@@ -8,7 +8,7 @@ Fetch error: http://a15.ysicdo002.com/ => https://a15.ysicdo002.com/: (51, "SSL:
 	Cert only matches *.yousendit.com
 
 -->
-<ruleset name="YouSendIt" default_off='failed ruleset test'>
+<ruleset name="YouSendIt" default_off="failed ruleset test">
 
 	<target host="yousendit.com" />
 	<target host="www.yousendit.com" />
diff --git a/src/chrome/content/rules/YouVersion.com.xml b/src/chrome/content/rules/YouVersion.com.xml
new file mode 100644
index 000000000000..8ef0fbe12f54
--- /dev/null
+++ b/src/chrome/content/rules/YouVersion.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- bibleseries.youversion.com
+		- web-assets.youversion.com
+
+		SSL connect error:
+		- essential100.youversion.com
+		- featuredplans.youversion.com
+		- focusonthefamily.youversion.com
+		- oneyearbible.youversion.com
+		- relentless.youversion.com
+		- sharethebible.youversion.com
+		- thistlebend.youversion.com
+
+		SSL peer certificate was not OK:
+		- webcast.youversion.com
+
+		Mixed content blocking (MCB) triggered:
+		- blog.youversion.com
+-->
+<ruleset name="YouVersion.com">
+	<target host="youversion.com" />
+	<target host="www.youversion.com" />
+	<target host="analytics.youversion.com" />
+	<target host="help.youversion.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YouVersion.xml b/src/chrome/content/rules/YouVersion.xml
deleted file mode 100644
index 3b0d4ce834cc..000000000000
--- a/src/chrome/content/rules/YouVersion.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	Problematic domains:
-
-		- bible.com *
-		- youversion.com *
-
-	* Times out
-
--->
-<ruleset name="YouVersion">
-
-	<target host="bible.com" />
-	<target host="*.bible.com" />
-	<target host="*.biblesociety.co.za" />
-	<target host="youversion.com" />
-	<target host="*.youversion.com" />
-
-
-	<securecookie host="^(?:www)?\.(?:bible|youversion)\.com$" name=".+" />
-	<securecookie host="^\.biblesociety\.co\.za$" name="^_youversion-web_session$" />
-
-
-	<rule from="^http?://(?:www\.)?(bible|yourversion)\.com/"
-		to="https://www.$1.com/" />
-
-	<rule from="^http://bibles\.biblesociety\.co\.za/"
-		to="https://bibles.biblesociety.co.za/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/YouVisit.com.xml b/src/chrome/content/rules/YouVisit.com.xml
index f507f7190337..747f72ed1464 100644
--- a/src/chrome/content/rules/YouVisit.com.xml
+++ b/src/chrome/content/rules/YouVisit.com.xml
@@ -9,4 +9,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Youmix.xml b/src/chrome/content/rules/Youmix.xml
deleted file mode 100644
index 781438455981..000000000000
--- a/src/chrome/content/rules/Youmix.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://t.album.youmix.co.uk/ (200) => https://s3.amazonaws.com/t.album.youmix.co.uk/ (403)
-Non-2xx HTTP code: http://static.youmix.co.uk/ (200) => https://s3.amazonaws.com/static.youmix.co.uk/ (403)
-Non-2xx HTTP code: http://t.track.youmix.co.uk/ (200) => https://s3.amazonaws.com/t.track.youmix.co.uk/ (403)
-
-Disabled by https-everywhere-checker because:
-Fetch error: http://t.album.youmix.co.uk/ => https://s3.amazonaws.com/t.album.youmix.co.uk/: (28, 'Resolving timed out after 10519 milliseconds')
-Fetch error: http://static.youmix.co.uk/ => https://s3.amazonaws.com/static.youmix.co.uk/: (28, 'Resolving timed out after 10520 milliseconds')
-Fetch error: http://t.track.youmix.co.uk/ => https://s3.amazonaws.com/t.track.youmix.co.uk/: (28, 'Resolving timed out after 10519 milliseconds')
--->
-<ruleset name="Youmix (partial)" default_off='failed ruleset test'>
-
-	<target host="t.album.youmix.co.uk"/>
-	<target host="static.youmix.co.uk"/>
-	<target host="t.track.youmix.co.uk"/>
-
-	<rule from="^http://(t\.(album|track)|static)\.youmix\.co\.uk/"
-		to="https://s3.amazonaws.com/$1.youmix.co.uk/"/>
-
-</ruleset>
diff --git a/src/chrome/content/rules/Young-Pirates.Eu.xml b/src/chrome/content/rules/Young-Pirates.Eu.xml
index 44ba136b79b8..05ec6522c103 100644
--- a/src/chrome/content/rules/Young-Pirates.Eu.xml
+++ b/src/chrome/content/rules/Young-Pirates.Eu.xml
@@ -18,7 +18,7 @@ Fetch error: http://wiki.young-pirates.eu/ => https://wiki.young-pirates.eu/: (6
 	ˢ Secured by us
 
 -->
-<ruleset name="Young-Pirates.Eu" default_off='failed ruleset test'>
+<ruleset name="Young-Pirates.Eu" default_off="failed ruleset test">
 
 	<target host="young-pirates.eu" />
 	<target host="forum.young-pirates.eu" />
diff --git a/src/chrome/content/rules/Young_Rewired_State.org.xml b/src/chrome/content/rules/Young_Rewired_State.org.xml
index d564fcc1c828..cea0d760666e 100644
--- a/src/chrome/content/rules/Young_Rewired_State.org.xml
+++ b/src/chrome/content/rules/Young_Rewired_State.org.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.youngrewiredstate.org/ => https://youngrewiredstate.org/
 		- .youngrewiredstate.org
 
 -->
-<ruleset name="Young Rewired State.org" default_off='failed ruleset test'>
+<ruleset name="Young Rewired State.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Younited.com.xml b/src/chrome/content/rules/Younited.com.xml
deleted file mode 100644
index 0d238191a641..000000000000
--- a/src/chrome/content/rules/Younited.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Problematic subdomains:
-
-		- blog *
-
-	* wordpress
-
--->
-<ruleset name="younited.com (partial)">
-
-	<target host="younited.com" />
-	<target host="*.younited.com" />
-		<!--exclusion pattern="^http://blog\.younited\.com/" /-->
-
-
-	<!--	Secured by server:
-					-->
-	<!--securecookie host="^account\.younited\.com$" name="^(JSESSIONID|PF)$" /-->
-
-
-	<securecookie host="^\.younited\.com$" name=".+" />
-
-
-	<rule from="^http://((?:account|app|community|ticket|www)\.)?younited\.com/"
-		to="https://$1younited.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Your-File-System.com.xml b/src/chrome/content/rules/Your-File-System.com.xml
index a082d5e51e59..7d1ecba8bf17 100644
--- a/src/chrome/content/rules/Your-File-System.com.xml
+++ b/src/chrome/content/rules/Your-File-System.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://your-file-system.com/ => https://your-file-system.com/: (7,
 Fetch error: http://www.your-file-system.com/ => https://www.your-file-system.com/: (7, 'Failed to connect to www.your-file-system.com port 443: Connection refused')
 
 -->
-<ruleset name="Your-File-System.com" default_off='failed ruleset test'>
+<ruleset name="Your-File-System.com" default_off="failed ruleset test">
 
 	<target host="your-file-system.com" />
 	<target host="www.your-file-system.com" />
diff --git a/src/chrome/content/rules/Your-Mailing-List-Provider.xml b/src/chrome/content/rules/Your-Mailing-List-Provider.xml
index ee6ff761a47d..ec339dfe77b9 100644
--- a/src/chrome/content/rules/Your-Mailing-List-Provider.xml
+++ b/src/chrome/content/rules/Your-Mailing-List-Provider.xml
@@ -1,24 +1,11 @@
-<!--
-	Nonfunctional domains:
-
-		- img.ymlp.com *
-
-	* 404, valid cert
-
--->
 <ruleset name="Your Mailing List Provider">
 	<target host="ymlp.com" />
-	<target host="chiclet.ymlp.com" />
 	<target host="www.ymlp.com" />
+	<target host="chiclet.ymlp.com" />
+	<target host="img.ymlp.com" />
+
 	<target host="yourmailinglistprovider.com" />
 	<target host="www.yourmailinglistprovider.com" />
 
-	<securecookie host="^(?:chiclet|www)\.ymlp\.com$" name=".+" />
-
-	<rule from="^(?:https://|http://(?:www\.)?)ymlp\.com/"
-		to="https://www.ymlp.com/" />
-	<rule from="^http://chiclet\.ymlp\.com/"
-		to="https://chiclet.ymlp.com/" />
-	<rule from="^http://(?:www\.)?yourmailinglistprovider\.com/"
-		to="https://www.ymlp.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/YourBittorrent.xml b/src/chrome/content/rules/YourBittorrent.xml
deleted file mode 100644
index 0d55ada3392e..000000000000
--- a/src/chrome/content/rules/YourBittorrent.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	CDN buckets:
-
-		- ybt.cdn.netdna-cdn.com
-
-			- -ssl doesn't exist
-			- i.yourbittorrent.com
-
-
-	Problematic subdomains:
-
-		- www (certificate name mismatch)
-		- i	(404)
-
--->
-<ruleset name="YourBittorrent.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="yourbittorrent.com" />
-
-	<!--	Complications:
-				-->
-	<!--target host="i.yourbittorrent.com" /-->
-	<target host="www.yourbittorrent.com" />
-
-
-	<securecookie host="^\.yourbittorrent\.com$" name=".+" />
-
-
-	<!--rule from="^http://i\.yourbittorrent\.com/"
-		to="https://yourbittorrent.com/images/" /-->
-
-	<rule from="^http://www\.yourbittorrent\.com/"
-		to="https://yourbittorrent.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-
-</ruleset>
diff --git a/src/chrome/content/rules/YourMembership.com.xml b/src/chrome/content/rules/YourMembership.com.xml
index a99acde54790..e68d80b0bcb9 100644
--- a/src/chrome/content/rules/YourMembership.com.xml
+++ b/src/chrome/content/rules/YourMembership.com.xml
@@ -12,7 +12,7 @@
 	* Secured by us
 
 -->
-<ruleset name="YourMembership.com" default_off="missing certificate chain">
+<ruleset name="YourMembership.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/YourPSHome.net.xml b/src/chrome/content/rules/YourPSHome.net.xml
index 025f533a9789..69aafdb4cdf2 100644
--- a/src/chrome/content/rules/YourPSHome.net.xml
+++ b/src/chrome/content/rules/YourPSHome.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cdn.yourpshome.net/ => https://cdn.yourpshome.net/: (6, 'Could not resolve host: cdn.yourpshome.net')
 
 -->
-<ruleset name="YourPSHome.net" default_off='failed ruleset test'>
+<ruleset name="YourPSHome.net" default_off="failed ruleset test">
 
 	<target host="yourpshome.net" />
 	<target host="cdn.yourpshome.net" />
diff --git a/src/chrome/content/rules/YourWorldOfText.com.xml b/src/chrome/content/rules/YourWorldOfText.com.xml
new file mode 100644
index 000000000000..dd495bd32059
--- /dev/null
+++ b/src/chrome/content/rules/YourWorldOfText.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="YourWorldOfText.com">
+	<target host="yourworldoftext.com" />
+	<target host="www.yourworldoftext.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/YourYU.ca.xml b/src/chrome/content/rules/YourYU.ca.xml
new file mode 100644
index 000000000000..fe6c227e0399
--- /dev/null
+++ b/src/chrome/content/rules/YourYU.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="YourYU.ca">
+	<target host="youryu.ca" />
+	<target host="www.youryu.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Date_Link.xml b/src/chrome/content/rules/Your_Date_Link.xml
index 4bc490dbdffd..4e27526ae715 100644
--- a/src/chrome/content/rules/Your_Date_Link.xml
+++ b/src/chrome/content/rules/Your_Date_Link.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.yourdatelink.com/ => https://www.yourdatelink.com/: (51,
 Disabled by https-everywhere-checker because:
 Fetch error: http://yourdatelink.com/ => https://yourdatelink.com/: (51, "SSL: no alternative certificate subject name matches target host name 'yourdatelink.com'")
 -->
-<ruleset name="Your Date Link" default_off='failed ruleset test'>
+<ruleset name="Your Date Link" default_off="failed ruleset test">
 
 	<target host="yourdatelink.com" />
 	<target host="www.yourdatelink.com" />
@@ -18,4 +18,4 @@ Fetch error: http://yourdatelink.com/ => https://yourdatelink.com/: (51, "SSL: n
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Local_Edge.com.xml b/src/chrome/content/rules/Your_Local_Edge.com.xml
index 7b8aeed2fed1..0ef7842abb46 100644
--- a/src/chrome/content/rules/Your_Local_Edge.com.xml
+++ b/src/chrome/content/rules/Your_Local_Edge.com.xml
@@ -17,10 +17,10 @@ Fetch error: http://yourlocaledge.com/ => https://yourlocaledge.com/: (28, 'Conn
 	* Secured by us
 
 -->
-<ruleset name="Your Local Edge.com" default_off='failed ruleset test'>
+<ruleset name="Your Local Edge.com" default_off="failed ruleset test">
 
 	<target host="yourlocaledge.com" />
-	<target host="*.yourlocaledge.com" />
+	<target host="www.yourlocaledge.com" />
 
 
 	<securecookie host="^\.yourlocaledge\.com$" name=".+" />
@@ -29,4 +29,4 @@ Fetch error: http://yourlocaledge.com/ => https://yourlocaledge.com/: (28, 'Conn
 	<rule from="^http://(?:www\.)?yourlocaledge\.com/"
 		to="https://yourlocaledge.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Your_Video_Host.com.xml b/src/chrome/content/rules/Your_Video_Host.com.xml
index fa0c1a281606..fa4903df03cc 100644
--- a/src/chrome/content/rules/Your_Video_Host.com.xml
+++ b/src/chrome/content/rules/Your_Video_Host.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.yourvideohost.com/ => https://www.yourvideohost.com/: (2
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Your Video Host.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Your Video Host.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="yourvideohost.com" />
 	<target host="www.yourvideohost.com" />
diff --git a/src/chrome/content/rules/Yourcounciljobs.co.uk.xml b/src/chrome/content/rules/Yourcounciljobs.co.uk.xml
index 3d5dc274be3a..8e0c75387af4 100644
--- a/src/chrome/content/rules/Yourcounciljobs.co.uk.xml
+++ b/src/chrome/content/rules/Yourcounciljobs.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.yourcounciljobs.co.uk/ => https://www.yourcounciljobs.co
 		- www.yourcounciljobs.co.uk
 
 -->
-<ruleset name="yourcounciljobs.co.uk" default_off='failed ruleset test'>
+<ruleset name="yourcounciljobs.co.uk" default_off="failed ruleset test">
 
 	<target host="yourcounciljobs.co.uk" />
 	<target host="www.yourcounciljobs.co.uk" />
diff --git a/src/chrome/content/rules/Yourfone.de.xml b/src/chrome/content/rules/Yourfone.de.xml
index d5e566375285..cf852f80f5a3 100644
--- a/src/chrome/content/rules/Yourfone.de.xml
+++ b/src/chrome/content/rules/Yourfone.de.xml
@@ -15,7 +15,13 @@
 <ruleset name="yourfone.de">
 
 	<target host="yourfone.de" />
-	<target host="*.yourfone.de" />
+	<target host="www.yourfone.de" />
+	<target host="gfx.yourfone.de" />
+	<target host="handyshop.yourfone.de" />
+	<target host="hilfe.yourfone.de" />
+	<target host="www.gfx.yourfone.de" />
+	<target host="www.handyshop.yourfone.de" />
+	<target host="www.hilfe.yourfone.de" />
 
 
 	<securecookie host="^.*\.yourfone\.de$" name=".+" />
diff --git a/src/chrome/content/rules/YoursAV.com.xml b/src/chrome/content/rules/YoursAV.com.xml
index f47479c5b905..a94cfa382212 100644
--- a/src/chrome/content/rules/YoursAV.com.xml
+++ b/src/chrome/content/rules/YoursAV.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://yoursav.com/ => https://yoursav.com/: (51, "SSL: no alternat
 Fetch error: http://www.yoursav.com/ => https://www.yoursav.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.yoursav.com'")
 
 -->
-<ruleset name="YoursAV.com" default_off='failed ruleset test'>
+<ruleset name="YoursAV.com" default_off="failed ruleset test">
 
 	<target host="yoursav.com" />
 	<target host="www.yoursav.com" />
diff --git a/src/chrome/content/rules/YoutubeUnblocks.com.xml b/src/chrome/content/rules/YoutubeUnblocks.com.xml
deleted file mode 100644
index 0197a4b5a6b5..000000000000
--- a/src/chrome/content/rules/YoutubeUnblocks.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="YoutubeUnblocks.com">
-	<target host="youtubeunblocks.com" />
-	<target host="www.youtubeunblocks.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Yt-dl.org.xml b/src/chrome/content/rules/Yt-dl.org.xml
index 6cc05430fd97..bcc468f9f59a 100644
--- a/src/chrome/content/rules/Yt-dl.org.xml
+++ b/src/chrome/content/rules/Yt-dl.org.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Yuku.xml b/src/chrome/content/rules/Yuku.xml
deleted file mode 100644
index 78182757bedf..000000000000
--- a/src/chrome/content/rules/Yuku.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- (www.)
-		- $member
-
--->
-<ruleset name="Yuku (partial)">
-
-	<target host="*.yuku.com" />
-
-	<rule from="^http://(images|static)\.yuku\.com/"
-		to="https://s3.amazonaws.com/$1.yuku.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/YunoHost.org.xml b/src/chrome/content/rules/YunoHost.org.xml
index c534d103be59..b1e4b1cab0e0 100644
--- a/src/chrome/content/rules/YunoHost.org.xml
+++ b/src/chrome/content/rules/YunoHost.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://doc.yunohost.org/ => https://doc.yunohost.org/: (51, "SSL: n
 		- forum.yunohost.org
 
 -->
-<ruleset name="YunoHost.org" default_off='failed ruleset test'>
+<ruleset name="YunoHost.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ZDbb.net.xml b/src/chrome/content/rules/ZDbb.net.xml
index 019e6a2a453a..69ab3479a002 100644
--- a/src/chrome/content/rules/ZDbb.net.xml
+++ b/src/chrome/content/rules/ZDbb.net.xml
@@ -29,10 +29,6 @@
 	<securecookie host="^\.zdbb\.net$" name=".+" />
 
 
-	<rule from="^http://static\.zdbb\.net/"
-		to="https://d8r7hw7bvlsxi.cloudfront.net/" />
-
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ZDmcirc.com.xml b/src/chrome/content/rules/ZDmcirc.com.xml
index cbd141ed60b1..ec40a2a33dad 100644
--- a/src/chrome/content/rules/ZDmcirc.com.xml
+++ b/src/chrome/content/rules/ZDmcirc.com.xml
@@ -12,7 +12,7 @@
 	* Secured by us
 
 -->
-<ruleset name="ZDmcirc.com" default_off="missing certificate chain">
+<ruleset name="ZDmcirc.com" default_off="cert-chain">
 
 	<target host="zdmcirc.com" />
 	<target host="www.zdmcirc.com" />
diff --git a/src/chrome/content/rules/ZKM.de.xml b/src/chrome/content/rules/ZKM.de.xml
new file mode 100644
index 000000000000..1c282ae2daea
--- /dev/null
+++ b/src/chrome/content/rules/ZKM.de.xml
@@ -0,0 +1,148 @@
+<!--
+	Invalid certificate:
+		- aaa.zkm.de
+		- basic-research.zkm.de
+		- container.zkm.de
+		- copyme.zkm.de
+		- dumbmail.zkm.de
+		- eu-koordination.zkm.de
+		- facebook.zkm.de
+		- fmserv.zkm.de
+		- www.foerdere.zkm.de
+		- ima.zkm.de
+		- www.ima.zkm.de
+		- interviewstream.zkm.de
+		- jtb.zkm.de
+		- lac.zkm.de
+		- mail2.zkm.de
+		- mailhost.zkm.de
+		- maptory.zkm.de
+		- mobile.zkm.de
+		- moments.zkm.de
+		- muskom-wiki.zkm.de
+		- rorty.zkm.de
+		- salon-digital.zkm.de
+		- shop.zkm.de
+		- www.shop.zkm.de
+		- signatur.zkm.de
+		- smtp1.zkm.de
+		- social.zkm.de
+		- soonmail.zkm.de
+		- testmail.zkm.de
+		- veranst.zkm.de
+		- vpn.zkm.de
+		- webform.zkm.de
+		- www0[1|2|3|7].zkm.de
+		- www1.zkm.de
+		- zkmp3.zkm.de
+		- zkmserv3.zkm.de
+
+	Refused:
+		- animalfarm.zkm.de
+		- aoys.zkm.de
+		- at.zkm.de
+		- m.at.zkm.de
+		- biblio.zkm.de
+		- blog.zkm.de
+		- blurting-in.zkm.de
+		- codechain.zkm.de:3000 (https://codechain.zkm.de/ redirects to http://codechain.zkm.de:3000)
+		- ctrl-space.zkm.de
+		- ctrlspace.zkm.de
+		- flick.zkm.de
+		- flickka.zkm.de
+		- hosting.zkm.de
+		- icie.zkm.de
+		- ijie.zkm.de
+		- intermaps.zkm.de
+		- itunesu.zkm.de
+		- mkn.zkm.de
+		- molecules.zkm.de
+		- moon.zkm.de
+		- msmk.zkm.de
+		- multiplechoices.zkm.de
+		- mycity-mysounds.zkm.de
+		- next-city-sounds.zkm.de
+		- orbit.zkm.de
+		- www.orbit.zkm.de
+		- mobile.orbit.zkm.de
+		- soundart.zkm.de
+		- spaceplace.zkm.de
+		- unmovie.zkm.de
+		- vm-moon.zkm.de
+		- www06.zkm.de
+		- yourcity.zkm.de
+
+	Timeout:
+		- 2009.zkm.de
+		- benu.zkm.de
+		- digitalbody.zkm.de
+		- farm3.zkm.de
+		- gam2.zkm.de
+		- history.zkm.de
+		- lac2005.zkm.de
+		- mail1.zkm.de
+		- makingthingspublic.zkm.de
+		- mediaserver.zkm.de
+		- medienkunstpreis.zkm.de
+		- mtp.zkm.de
+		- net.zkm.de
+		- net-i.zkm.de
+		- oasis.zkm.de
+		- ova.zkm.de
+		- prtg.zkm.de
+		- qilin.zkm.de
+		- radio-c.zkm.de
+		- reddit.zkm.de
+		- remoteatzkm.zkm.de
+		- roundearth.zkm.de
+		- tartaros.zkm.de
+		- vm-bild-1.zkm.de
+		- vm-musik.zkm.de
+		- www[2|3].zkm.de
+		- youniverse.zkm.de
+
+	Unable to get local issuer certificate:
+		- dam2cms.zkm.de
+		- obelix.zkm.de
+		- occ.zkm.de
+-->
+<ruleset name="ZKM.de">
+
+	<target host="zkm.de" />
+	<target host="www.zkm.de" />
+	<target host="bild.zkm.de" />
+	<target host="cloud.zkm.de" />
+	<target host="coding-culture.zkm.de" />
+	<target host="dct.zkm.de" />
+	<target host="demoshop.zkm.de" />
+	<target host="digital-culture-techniques.zkm.de" />
+	<target host="europa.zkm.de" />
+	<target host="genesis.zkm.de" />
+	<target host="helpdesk.zkm.de" />
+	<target host="hertz-gitlab.zkm.de" />
+	<target host="ical.zkm.de" />
+	<target host="kirin.zkm.de" />
+	<target host="mail.zkm.de" />
+	<target host="mailer.zkm.de" />
+	<target host="mars.zkm.de" />
+	<target host="mfg.zkm.de" />
+	<target host="motionpicture.zkm.de" />
+	<target host="motionpicture2.zkm.de" />
+	<target host="mp2.zkm.de" />
+	<target host="newsletter.zkm.de" />
+	<target host="open-codes.zkm.de" />
+	<target host="opencodes.zkm.de" />
+	<target host="phoenix.zkm.de" />
+	<target host="status.zkm.de" />
+	<target host="tickets.zkm.de" />
+	<target host="wawi.zkm.de" />
+	<target host="wawi-demo.zkm.de" />
+	<target host="web-residencies.zkm.de" />
+	<target host="webshop-demo.zkm.de" />
+	<target host="xmas.zkm.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ZNC.in.xml b/src/chrome/content/rules/ZNC.in.xml
new file mode 100644
index 000000000000..330fe519be5d
--- /dev/null
+++ b/src/chrome/content/rules/ZNC.in.xml
@@ -0,0 +1,13 @@
+<!--
+	Timeout:
+		- people
+-->
+<ruleset name="ZNC.im">
+	<target host="znc.in" />
+	<target host="www.znc.in" />
+	<target host="docs.znc.in" />
+	<target host="jenkins.znc.in" />
+	<target host="wiki.znc.in" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZONZA.tv.xml b/src/chrome/content/rules/ZONZA.tv.xml
deleted file mode 100644
index f993b4b61adc..000000000000
--- a/src/chrome/content/rules/ZONZA.tv.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="ZONZA.tv">
-
-	<target host="zonza.tv" />
-	<target host="*.zonza.tv" />
-
-		<test url="http://www.zonza.tv/" />
-
-
-	<!--securecookie host="^\.zonza\.tv$" name="^__utm\w$" /-->
-	<securecookie host="^[.w]" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ZOUM.xml b/src/chrome/content/rules/ZOUM.xml
index dc3d67494e44..53e5a11b1a24 100644
--- a/src/chrome/content/rules/ZOUM.xml
+++ b/src/chrome/content/rules/ZOUM.xml
@@ -5,7 +5,7 @@ Fetch error: http://zoum.ca/ => https://zoum.ca/: (60, 'SSL certificate problem:
 Fetch error: http://www.zoum.ca/ => https://www.zoum.ca/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="ZOUM.ca" default_off='failed ruleset test'>
+<ruleset name="ZOUM.ca" default_off="failed ruleset test">
 
 	<target host="zoum.ca" />
 	<target host="www.zoum.ca" />
diff --git a/src/chrome/content/rules/ZSR.sk.xml b/src/chrome/content/rules/ZSR.sk.xml
new file mode 100644
index 000000000000..cb30d94bee4b
--- /dev/null
+++ b/src/chrome/content/rules/ZSR.sk.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		zsr.sk
+
+	http://zsr.sk redirects to http://www.zsr.sk
+-->
+
+<ruleset name="ZSR.sk">
+	<target host="zsr.sk" />
+	<target host="www.zsr.sk" />
+
+	<rule from="^http://zsr\.sk/"
+		to="https://www.zsr.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZUNO.eu.xml b/src/chrome/content/rules/ZUNO.eu.xml
deleted file mode 100644
index f5a1210c82ac..000000000000
--- a/src/chrome/content/rules/ZUNO.eu.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Other ZUNO.eu rulesets:
-		- ZUNO.sk.xml
--->
-<ruleset name="ZUNO.eu">
-	<target host="zuno.eu" />
-	<target host="app.zuno.eu" />
-	<target host="www.zuno.eu" />
-	<target host="xwim1.zuno.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ZUNO.sk.xml b/src/chrome/content/rules/ZUNO.sk.xml
index c0b3ec69ba66..eae82281a292 100644
--- a/src/chrome/content/rules/ZUNO.sk.xml
+++ b/src/chrome/content/rules/ZUNO.sk.xml
@@ -9,7 +9,7 @@ Fetch error: http://m.zuno.sk/ => https://m.zuno.sk/: (6, 'Could not resolve hos
 		- moje.zuno.sk
 		- www.zuno.sk
 -->
-<ruleset name="ZUNO.sk" default_off='failed ruleset test'>
+<ruleset name="ZUNO.sk" default_off="failed ruleset test">
 	<target host="zuno.sk" />
 	<target host="chat.zuno.sk" />
 	<target host="m.zuno.sk" />
diff --git a/src/chrome/content/rules/ZUS.pl.xml b/src/chrome/content/rules/ZUS.pl.xml
index 8d34530907a3..f0c06d8eda54 100644
--- a/src/chrome/content/rules/ZUS.pl.xml
+++ b/src/chrome/content/rules/ZUS.pl.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ssl.zus.pl/ => https://ssl.zus.pl/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="ZUS.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="ZUS.pl (partial)" default_off="failed ruleset test">
 
 	<target host="ssl.zus.pl" />
 	<target host="pue.zus.pl" />
diff --git a/src/chrome/content/rules/ZX2C4.com.xml b/src/chrome/content/rules/ZX2C4.com.xml
new file mode 100644
index 000000000000..9e9caf2c29ac
--- /dev/null
+++ b/src/chrome/content/rules/ZX2C4.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- old
+		- software.old
+		- webdesign.old
+-->
+<ruleset name="ZX2C4.com">
+	<target host="zx2c4.com" />
+	<target host="www.zx2c4.com" />
+	<target host="blog.zx2c4.com" />
+	<target host="data.zx2c4.com" />
+	<target host="git.zx2c4.com" />
+	<target host="golang.zx2c4.com" />
+	<target host="lists.zx2c4.com" />
+	<target host="music.zx2c4.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ZXIDP.org.xml b/src/chrome/content/rules/ZXIDP.org.xml
index 93cd721faf38..071a6c82f89c 100644
--- a/src/chrome/content/rules/ZXIDP.org.xml
+++ b/src/chrome/content/rules/ZXIDP.org.xml
@@ -4,7 +4,7 @@
 	www.zxidp.org: cert only matches ^zxidp.org
 
 -->
-<ruleset name="ZXIDP.org" default_off="missing certificate chain">
+<ruleset name="ZXIDP.org" default_off="cert-chain">
 
 	<target host="zxidp.org" />
 	<target host="www.zxidp.org" />
diff --git a/src/chrome/content/rules/ZYVOXassist.com.xml b/src/chrome/content/rules/ZYVOXassist.com.xml
deleted file mode 100644
index 38ac4e710006..000000000000
--- a/src/chrome/content/rules/ZYVOXassist.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other Pfizer coverage, see Pfizer.xml.
-
-
-	^zyvoxassist.com: Mismatched
-
--->
-<ruleset name="ZYVOXassist.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.zyvoxassist.com" />
-
-	<!--	Complications:
-				-->
-	<target host="zyvoxassist.com" />
-
-
-	<rule from="^http://zyvoxassist\.com/"
-		to="https://www.zyvoxassist.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ZZounds.com.xml b/src/chrome/content/rules/ZZounds.com.xml
index 175befec7731..5339a86bbbbd 100644
--- a/src/chrome/content/rules/ZZounds.com.xml
+++ b/src/chrome/content/rules/ZZounds.com.xml
@@ -40,7 +40,7 @@ Fetch error: http://c0.zzounds.com/ => https://c0.zzounds.com/: (60, 'SSL certif
 		- delivery
 
 -->
-<ruleset name="zZounds.com" default_off='failed ruleset test'>
+<ruleset name="zZounds.com" default_off="failed ruleset test">
 
 	<target host="zzounds.com" />
 	<target host="*.zzounds.com" />
diff --git a/src/chrome/content/rules/Zabbix.com.xml b/src/chrome/content/rules/Zabbix.com.xml
new file mode 100644
index 000000000000..e1268127d447
--- /dev/null
+++ b/src/chrome/content/rules/Zabbix.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- svn.zabbix.com
+
+		Different content:
+		- assets.zabbix.com
+-->
+<ruleset name="Zabbix.com">
+	<target host="zabbix.com" />
+	<target host="www.zabbix.com" />
+	<target host="blog.zabbix.com" />
+	<target host="repo.zabbix.com" />
+	<target host="share.zabbix.com" />
+	<target host="support.zabbix.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zabbix.xml b/src/chrome/content/rules/Zabbix.xml
deleted file mode 100644
index c56b70c6c3ff..000000000000
--- a/src/chrome/content/rules/Zabbix.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	Nonfunctional subdomains:
-
-		- blog		(Redirects to http)
-
-
-	(www.)?: Some (most)? pages redirect to http
-
-
-	These altnames don't exist:
-
-		- www.support.zabbix.com
-
-
-	Insecure cookies are set for these hosts:
-
-		- zabbix.com
-		- www.zabbix.com
-
-
-	Mixed content:
-
-		- Images on www from www *
-
-	* Unsecurable <= redirects to http
-
--->
-<ruleset name="Zabbix.com (partial)">
-
-	<target host="zabbix.com"/>
-	<target host="support.zabbix.com"/>
-	<target host="www.zabbix.com"/>
-
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.zabbix\.com/($|css/|favicon\.ico|img/)" /-->
-
-		<!--
-			Exceptions:
-					-->
-		<exclusion pattern="^http://(?:www\.)?zabbix\.com/(?!forum(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://zabbix.com/favicon.ico" />
-			<test url="http://zabbix.com/img/zabbix1.png" />
-			<test url="http://www.zabbix.com/partner_program.php" />
-			<test url="http://www.zabbix.com/support.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://zabbix.com/forum" />
-			<test url="http://www.zabbix.com/forum/images/buttons/collapse_thead.gif" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www\.)?zabbix\.com$" name="^bbsessionhash$" /-->
-
-	<securecookie host="^(?:www\.)?zabbix\.com$" name="^bbsessionhash$" />
-	<securecookie host="^support\.zabbix\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zacks_Investment_Research.xml b/src/chrome/content/rules/Zacks_Investment_Research.xml
index f7218842a9cf..3bec4ad3f5b3 100644
--- a/src/chrome/content/rules/Zacks_Investment_Research.xml
+++ b/src/chrome/content/rules/Zacks_Investment_Research.xml
@@ -44,4 +44,4 @@
 	<rule from="^http://cloud\.staticzacks\.net/"
 		to="https://b7d61a7c6b8c307bf531-a92a66b9587e2a0aa805bd4e70b98407.ssl.cf2.rackcdn.com/" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zadolba.li.xml b/src/chrome/content/rules/Zadolba.li.xml
new file mode 100644
index 000000000000..ef26e1d69b96
--- /dev/null
+++ b/src/chrome/content/rules/Zadolba.li.xml
@@ -0,0 +1,9 @@
+<ruleset name="Zadolba.li">
+	<target host="zadolba.li" />
+	<target host="www.zadolba.li" />
+	<target host="oni.zadolba.li" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zaehlwerk.net.xml b/src/chrome/content/rules/Zaehlwerk.net.xml
index a32d01864d40..f55073f37ac2 100644
--- a/src/chrome/content/rules/Zaehlwerk.net.xml
+++ b/src/chrome/content/rules/Zaehlwerk.net.xml
@@ -8,7 +8,7 @@ Fetch error: http://mail.zaehlwerk.net/ => https://mail.zaehlwerk.net/: (51, "SS
 		- Zwmail.de.xml
 
 -->
-<ruleset name="Zaehlwerk.net" default_off='failed ruleset test'>
+<ruleset name="Zaehlwerk.net" default_off="failed ruleset test">
 
 	<target host="zaehlwerk.net" />
 	<target host="cloud.zaehlwerk.net" />
diff --git a/src/chrome/content/rules/Zagony.ru.xml b/src/chrome/content/rules/Zagony.ru.xml
index c31717461508..8409d0d905ff 100644
--- a/src/chrome/content/rules/Zagony.ru.xml
+++ b/src/chrome/content/rules/Zagony.ru.xml
@@ -18,7 +18,7 @@
 <ruleset name="zagony.ru" default_off="self-signed">
 
 	<target host="zagony.ru" />
-	<target host="*.zagony.ru" />
+	<target host="www.zagony.ru" />
 
 
 	<securecookie host="^\.?zagony\.ru$" name=".+" />
diff --git a/src/chrome/content/rules/Zahnarzt-herrieden.de.xml b/src/chrome/content/rules/Zahnarzt-herrieden.de.xml
new file mode 100644
index 000000000000..eb7d8b7b41ee
--- /dev/null
+++ b/src/chrome/content/rules/Zahnarzt-herrieden.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="Zahnarzt-herrieden.de">
+	<target host="zahnarzt-herrieden.de" />
+	<target host="www.zahnarzt-herrieden.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zakonypreludi.sk.xml b/src/chrome/content/rules/Zakonypreludi.sk.xml
new file mode 100644
index 000000000000..cf4454dafbc3
--- /dev/null
+++ b/src/chrome/content/rules/Zakonypreludi.sk.xml
@@ -0,0 +1,24 @@
+<!--
+	Nonfunctional hosts in *.zakonypreludi.sk:
+
+	certificate mismatch:
+	    - zakonypreludi.sk
+	    - mobile.zakonypreludi.sk
+	Wildcard DNS but without wildcard certificate:
+	    - m.zakonypreludi.sk
+
+https://zakonypreludi.sk has certificate mismatch, but
+http://zakonypreludi.sk redirects to http://www.zakonypreludi.sk
+https://www.zakonypreludi.sk has correct certificate
+
+-->
+<ruleset name="Zakonypreludi.sk">
+	<target host="zakonypreludi.sk" />
+	<target host="www.zakonypreludi.sk" />
+	<target host="beta.zakonypreludi.sk" />
+
+	<rule from="^http://zakonypreludi\.sk/"
+		to="https://www.zakonypreludi.sk/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zam.xml b/src/chrome/content/rules/Zam.xml
index ad93507ec483..307a2224a569 100644
--- a/src/chrome/content/rules/Zam.xml
+++ b/src/chrome/content/rules/Zam.xml
@@ -76,12 +76,11 @@
 	<rule from="^http:"
 	to="https:" />
 		<exclusion pattern="^http://lkimg\.zamimg\.com/$" />
-		
+
 	<test url="http://tu9srvbirvvtmtikawiuywruehmuy29t.g00.zam.com/" />
 	<test url="http://tu9srvbirvvtmtikbgf4ms1pyi5hzg54cy5jb200.g00.zam.com/" />
 	<test url="http://tu9srvbirvvtmtikbwf0y2gudgfib29sys5jb200.g00.zam.com/" />
 
-	<test url="http://lkimg.zamimg.com/" />
 	<test url="http://lkimg.zamimg.com/images/lkfish.png" />
 	<test url="http://lkimg.zamimg.com/images/v2/header/logo-text.png" />
 	<test url="http://lkimg.zamimg.com/images/v2/header/logo-urf-circle.png" />
diff --git a/src/chrome/content/rules/Zanbase.com.xml b/src/chrome/content/rules/Zanbase.com.xml
new file mode 100644
index 000000000000..233f85512ec8
--- /dev/null
+++ b/src/chrome/content/rules/Zanbase.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Zanbase.com">
+
+	<target host="zanbase.com" />
+	<target host="www.zanbase.com" />
+	<target host="cart.zanbase.com" />
+	<target host="css.zanbase.com" />
+	<target host="support.zanbase.com" />
+	<target host="uidesign.zanbase.com" />
+	<target host="user.zanbase.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zanox.xml b/src/chrome/content/rules/Zanox.xml
index c3fe3af5498d..95233dc77d54 100644
--- a/src/chrome/content/rules/Zanox.xml
+++ b/src/chrome/content/rules/Zanox.xml
@@ -33,7 +33,7 @@ Fetch error: http://ad.zanox.com/ => https://ad.zanox.com/: (60, 'SSL certificat
 	* Secured by us
 
 -->
-<ruleset name="Zanox.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zanox.com (partial)" default_off="failed ruleset test">
 
 	<target host="zanox.com" />
 	<target host="ad.zanox.com" />
diff --git a/src/chrome/content/rules/ZapChain.com.xml b/src/chrome/content/rules/ZapChain.com.xml
index 6d431d4fdf62..3f0d1c09c820 100644
--- a/src/chrome/content/rules/ZapChain.com.xml
+++ b/src/chrome/content/rules/ZapChain.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://zapchain.com/ => https://www.zapchain.com/: (6, 'Could not r
 	* Not secured by us <= mismatched
 
 -->
-<ruleset name="ZapChain.com" default_off='failed ruleset test'>
+<ruleset name="ZapChain.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zap_Lab.xml b/src/chrome/content/rules/Zap_Lab.xml
index fe107c978a81..c529109b22b1 100644
--- a/src/chrome/content/rules/Zap_Lab.xml
+++ b/src/chrome/content/rules/Zap_Lab.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.thezaplab.com/ => https://www.thezaplab.com/: (28, 'Conn
 		- .thezaplab.com
 
 -->
-<ruleset name="The Zap Lab.com" default_off='failed ruleset test'>
+<ruleset name="The Zap Lab.com" default_off="failed ruleset test">
 
 	<target host="thezaplab.com" />
 	<target host="www.thezaplab.com" />
@@ -34,7 +34,7 @@ Fetch error: http://www.thezaplab.com/ => https://www.thezaplab.com/: (28, 'Conn
 					-->
 	<!--securecookie host="^\.thezaplab\.com$" name="^(__cfduid|cf_clearance)$" /-->
 
-	<securecookie host="^(?:.*\.)?thezaplab\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Zaption.xml b/src/chrome/content/rules/Zaption.xml
index 12f49dd0d711..f752afdd3001 100644
--- a/src/chrome/content/rules/Zaption.xml
+++ b/src/chrome/content/rules/Zaption.xml
@@ -5,7 +5,7 @@ Fetch error: http://zaption.com/ => https://zaption.com/: (51, "SSL: no alternat
 Fetch error: http://www.zaption.com/ => https://www.zaption.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zaption.com'")
 
 -->
-<ruleset name="Zaption" default_off='failed ruleset test'>
+<ruleset name="Zaption" default_off="failed ruleset test">
 
 	<target host="zaption.com" />
 	<target host="www.zaption.com" />
@@ -16,4 +16,4 @@ Fetch error: http://www.zaption.com/ => https://www.zaption.com/: (51, "SSL: no
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/Zapunited.xml b/src/chrome/content/rules/Zapunited.xml
deleted file mode 100644
index 8bd0a8422c7f..000000000000
--- a/src/chrome/content/rules/Zapunited.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	At least some pages redirect to http.
-
-
-	Problematic subdomains:
-
-		- www.media	(mismatched, CN: zapunited.com)
-
--->
-<ruleset name="zapunited (partial)">
-
-	<target host="zapunited.com" />
-	<target host="*.zapunited.com" />
-
-
-	<rule from="^http://(www\.)?zapunited\.com/(w/)"
-		to="https://$1zapunited.com/$2" />
-
-	<rule from="^http://(?:www\.)?media\.zapunited\.com/"
-		to="https://media.zapunited.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zayo.com.xml b/src/chrome/content/rules/Zayo.com.xml
index 6d1c0c77ef2d..dca2784c0082 100644
--- a/src/chrome/content/rules/Zayo.com.xml
+++ b/src/chrome/content/rules/Zayo.com.xml
@@ -28,7 +28,7 @@ Fetch error: http://www.zayo.com/ => https://www.zayo.com/: Too many redirects w
 	* Secured by us
 
 -->
-<ruleset name="Zayo.com (mixed content)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Zayo.com (mixed content)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="zayo.com" />
 	<target host="www.zayo.com" />
diff --git a/src/chrome/content/rules/Zazzle-mismatches.xml b/src/chrome/content/rules/Zazzle-mismatches.xml
index 5cebfb492ced..ebb5ac41e544 100644
--- a/src/chrome/content/rules/Zazzle-mismatches.xml
+++ b/src/chrome/content/rules/Zazzle-mismatches.xml
@@ -2,9 +2,9 @@
 
 	<!--	worldsecuresystems.com (Adobe)	-->
 	<target host="artsprojekt.com"/>
-	<target host="*.artsprojekt.com"/>
+	<target host="www.artsprojekt.com" />
 
-	<securecookie host="^(?:.*\.)?artsprojekt\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://(?:www\.)?artsprojekt\.com/"
 		to="https://www.artsprojekt.com/"/>
diff --git a/src/chrome/content/rules/Zeit.de.xml b/src/chrome/content/rules/Zeit.de.xml
index 31f8fc35e848..0eae628dd75d 100644
--- a/src/chrome/content/rules/Zeit.de.xml
+++ b/src/chrome/content/rules/Zeit.de.xml
@@ -1,121 +1,216 @@
 <!--
-	Mixed content:
-
-		- css on jobs from css ¹
-
-		- Images on jobs from images ²
-		- Images on shop from $self ²
-
-	¹ Unsecurable <= dropped
-	² Secured by us
-
-	for more Zeit-Online rules  see Ze.tt.xml
+	Connection refused:
+		- a2.zeit.de
+		- alumni.zeit.de
+		- api.zeit.de
+		- apollo.zeit.de
+		- archiv.zeit.de
+		- www.archiv.zeit.de
+		- arztsuche.zeit.de
+		- audio.zeit.de
+		- buch.zeit.de
+		- cc01.zeit.de
+		- ccreport.zeit.de
+		- cmsdev.zeit.de
+		- community01.zeit.de
+		- counter.zeit.de
+		- www.debatte.zeit.de
+		- developer.zeit.de
+		- fb.zeit.de
+		- freepda.zeit.de
+		- frenzy.zeit.de
+		- hermes.zeit.de
+		- horchen.zeit.de
+		- ipadbe-stage.zeit.de
+		- hangman.k8s.zeit.de
+		- images.k8s.zeit.de
+		- master.k8s.zeit.de
+		- nixnginx.k8s.zeit.de
+		- prometheus.k8s.zeit.de
+		- prometheus-alerts.k8s.zeit.de
+		- prometheus-pushgw.k8s.zeit.de
+		- puzzle.k8s.zeit.de
+		- puzzle-staging.k8s.zeit.de
+		- rancher.k8s.zeit.de
+		- registry.k8s.zeit.de
+		- zeus.k8s.zeit.de
+		- leto.zeit.de
+		- leto2.zeit.de
+		- m.zeit.de
+		- ma.zeit.de
+		- mail-gw.zeit.de
+		- mailing.zeit.de
+		- media.zeit.de
+		- medien.zeit.de
+		- meinestartseite.zeit.de
+		- member.zeit.de
+		- minos.zeit.de
+		- mobil.zeit.de
+		- mobile.zeit.de
+		- news.zeit.de
+		- www.news.zeit.de
+		- newsletter.zeit.de
+		- onlineftp.zeit.de
+		- ns3.zeit.de
+		- partnersuche.zeit.de
+		- payment.zeit.de
+		- pdf.zeit.de
+		- pdfarchiv.zeit.de
+		- phpscripts.zeit.de
+		- presse.zeit.de
+		- service.zeit.de
+		- reach.zeit.de
+		- redirects.zeit.de
+		- rezensionen.zeit.de
+		- www.rezensionen.zeit.de
+		- schach-alt.zeit.de
+		- schule.zeit.de
+		- shoptest.zeit.de
+		- spiele.zeit.de
+		- tc-angebote.zeit.de
+		- studium.zeit.de
+		- veranstaltungen.zeit.de
+		- vertigo.zeit.de
+		- videoxfer.zeit.de
+		- xml.zeit.de
+		- zeitverlag.zeit.de
 
-	Cert expired:
-		- community.zeit.de
-		- hades2.zeit.de
-		- kommentare.zeit.de
-		- video.zeit.de
-		- webapp.zeit.de
+	Self-signed cert:
+		- a4-ilo.zeit.de
+		- cds.zeit.de
+		- cds2.zeit.de
+		- e1.zeit.de
+		- ftp.zeit.de
+		- id.zeit.de
+		- mail01.zeit.de
+		- www.mut-zur-nachhaltigkeit.zeit.de
+		- openvpn.zeit.de
+		- remotezv.zeit.de
+		- senioren.zeit.de
 
 	Cert mismatch:
-		- zeit.de
 		- altesblog.zeit.de
 		- angebote.zeit.de
 		- automarkt.zeit.de
-		- blog.zeit.de
 		- hire.boa.zeit.de
+		- cuk.zeit.de
 		- filemaker12.zeit.de
-		- interessentest.zeit.de
 		- ipadbe2.zeit.de
-		- newblog.zeit.de
-		- opendata.zeit.de
+		- kunst.zeit.de
+		- mdm.zeit.de
+		- rawrengage.zeit.de
 		- www.premium.zeit.de
 		- premium01.zeit.de
 		- www.ranking.zeit.de
 		- ranking2.zeit.de
-		- rawrengage.zeit.de
-		- boa.staging.zeit.de
-		- hire.boa.staging.zeit.de
+		- studenten.zeit.de
+		- studiengaenge2.zeit.de
 		- uni.zeit.de
 		- veranstaltung.zeit.de
-		- zeitreisen.zeit.de
-		www.zeitreisen.zeit.de
-		www.zuender.zeit.de
-
-	Chain incomplete:
-		- editor.zeit.de
-		- editor-2.zeit.de
-		- studiengaenge.zeit.de
-		- studiengaenge2.zeit.de
-		- webgate.zeit.de
+		- video.zeit.de
+		- www.zeitreisen.zeit.de
 
-	Connection refused:
-		- interactive.zeit.de
-		- www.zeit.de
-		- xml.zeit.de
+	Cert expired:
+		- newblog.zeit.de
+		- schach-test.zeit.de
+		- talk.zeit.de
+		- webapp.zeit.de
 
-	Redirect loop:
-		- marktplatz.zeit.de
+	Timeout:
+		- anzeigen.zeit.de
+		- cs-prod.zeit.de
+		- cs-prod-test.zeit.de
+		- immobilien.zeit.de
+		- logging.zeit.de
+		- mantis.zeit.de
+		- services.zeit.de
+		- vivi.zeit.de
+		- web1.zeit.de
+		- webmail3.zeit.de
+		- zip6.zeit.de
 
-	Self-Signed Cert:
-		- e1.zeit.de
-		- ftp.zeit.de
-		- mail01.zeit.de
-		- www.mut-zur-nachhaltigkeit.zeit.de
-		- senioren.zeit.de
+	Chain issues:
+		- editor.zeit.de
+		- editor-2.zeit.de
 
-	TLS errors:
+	TLS error:
 		- c4.zeit.de
-		- ferienhaus.zeit.de
 		- ferienwohnungen.zeit.de
 		- immowelt.zeit.de
 -->
 <ruleset name="Zeit.de (partial)">
 
-	<target host="abo.zeit.de"/>
-	<target host="audev.zeit.de"/>
-	<target host="austroman.zeit.de"/>
-	<target host="boa.zeit.de"/>
-	<target host="community-admin.zeit.de"/>
-	<target host="community-api.zeit.de"/>
-	<target host="epaper.zeit.de"/>
-	<target host="fbia.zeit.de"/>
-	<target host="herstellung.zeit.de"/>
-	<target host="hsm.zeit.de"/>
-	<target host="images.zeit.de"/>
-	<target host="img.zeit.de"/>
-	<target host="inserieren.zeit.de"/>
-	<target host="ipadbe.zeit.de"/>
-	<target host="jobs.zeit.de"/>
-	<target host="www.jobs.zeit.de"/>
-	<target host="mobil.jobs.zeit.de"/>
-	<target host="leserservice.zeit.de"/>
-	<target host="mailarchiv.zeit.de"/>
-	<target host="mailserverbdcas.zeit.de"/>
-	<target host="mailserverhhcas.zeit.de"/>
-	<target host="meine.zeit.de"/>
-	<target host="newsfeed.zeit.de"/>
-	<target host="newsletterversand.zeit.de"/>
-	<target host="openvpnas.zeit.de"/>
-	<target host="premium.zeit.de"/>
-	<target host="push.zeit.de"/>
-	<target host="ranking.zeit.de"/>
-	<target host="schulen.zeit.de"/>
-	<target host="scripts.zeit.de"/>
-	<target host="shop.zeit.de"/>
-	<target host="www.shop.zeit.de"/>
-	<target host="ssl.zeit.de"/>
-	<target host="static.zeit.de"/>
-	<target host="stiftungsnewsletter.zeit.de"/>
-	<target host="t.zeit.de"/>
-	<target host="www2.zeit.de"/>
-	<target host="z2x.zeit.de"/>
-	<target host="zeitakademie.zeit.de"/>
-	<target host="zsm.zeit.de"/>
-	<target host="zuender.zeit.de"/>
+	<target host="zeit.de" />
+	<target host="www.zeit.de" />
 
-		<!--exclusion pattern="^http://(automarkt|community|css|jobs|marktplatz|ranking|services|studiengaenge|www|zeitreisen)\.zeit\.de/" /-->
+	<target host="abo.zeit.de" />
+	<target host="wiki.adpoint.zeit.de" />
+	<target host="autodiscover.zeit.de" />
+	<target host="bitpoll.zeit.de" />
+	<target host="boa.zeit.de" />
+	<target host="blog.zeit.de" />
+	<target host="community.zeit.de" />
+	<target host="community-admin.zeit.de" />
+	<target host="community-api.zeit.de" />
+	<target host="devsudoku.zeit.de" />
+	<target host="epaper.zeit.de" />
+	<target host="fbia.zeit.de" />
+	<target host="hades2.zeit.de" />
+	<target host="hsm.zeit.de" />
+	<target host="herstellung.zeit.de" />
+	<target host="images.zeit.de" />
+	<target host="img.zeit.de" />
+	<target host="inserieren.zeit.de" />
+	<target host="interactive.zeit.de" />
+	<target host="interessentest.zeit.de" />
+	<target host="ipadbe.zeit.de" />
+	<target host="jobs.zeit.de" />
+	<target host="www.jobs.zeit.de" />
+	<target host="mobil.jobs.zeit.de" />
+	<target host="kickerticker.zeit.de" />
+	<target host="kommentare.zeit.de" />
+	<target host="leserservice.zeit.de" />
+	<target host="likes.zeit.de" />
+	<target host="live0.zeit.de" />
+	<target host="mail.zeit.de" />
+	<target host="mailarchiv.zeit.de" />
+	<target host="mailjet.zeit.de" />
+	<target host="marktplatz.zeit.de" />
+	<target host="mailserverbdcas.zeit.de" />
+	<target host="mailserverhhcas.zeit.de" />
+	<target host="meine.zeit.de" />
+	<target host="newsfeed.zeit.de" />
+	<target host="newsletterversand.zeit.de" />
+	<target host="opendata.zeit.de" />
+	<target host="premium.zeit.de" />
+	<target host="push.zeit.de" />
+	<target host="quiz.zeit.de" />
+	<target host="ranking.zeit.de" />
+	<target host="schach.zeit.de" />
+	<target host="schulen.zeit.de" />
+	<target host="share.zeit.de" />
+	<target host="shop.zeit.de" />
+	<target host="www.shop.zeit.de" />
+	<target host="ssl.zeit.de" />
+	<target host="ssl-proxy.zeit.de" />
+	<target host="srv-mail-hhcas.zeit.de" />
+	<target host="static.zeit.de" />
+	<target host="strassennamen.zeit.de" />
+	<target host="stiftungsnewsletter.zeit.de" />
+	<target host="studienfuehrer-test.zeit.de" />
+	<target host="studiengaenge.zeit.de" />
+	<target host="sudoku.zeit.de" />
+	<target host="sudoku-services.zeit.de" />
+	<target host="t.zeit.de" />
+	<target host="verlag.zeit.de" />
+	<target host="verlag-dev.zeit.de" />
+	<target host="z2x.zeit.de" />
+	<target host="zeitreisen.zeit.de" />
+	<target host="zeitakademie.zeit.de" />
+	<target host="zeus.zeit.de" />
+	<target host="zsm.zeit.de" />
+	<target host="zuender.zeit.de" />
+	<target host="www.zuender.zeit.de" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/Zello.com.xml b/src/chrome/content/rules/Zello.com.xml
new file mode 100644
index 000000000000..1cb8f071c424
--- /dev/null
+++ b/src/chrome/content/rules/Zello.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Non-functional subdomains:
+		- a	(HTTP 403 error)
+		- buratino	(e)
+		- i	(HTTP 403 error)
+		- secure	(r)
+		- translate	(HTTP 403 error)
+		- zelloserver65	(t)
+		- zelloserver66	(s)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Zello.com">
+
+	<target host="zello.com" />
+	<target host="www.zello.com" />
+	<target host="blog.zello.com" />
+	<target host="cms-admin.zello.com" />
+	<target host="support.zello.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zemanta.xml b/src/chrome/content/rules/Zemanta.xml
index 6d4bc1322a84..bc6cb8706f2e 100644
--- a/src/chrome/content/rules/Zemanta.xml
+++ b/src/chrome/content/rules/Zemanta.xml
@@ -1,89 +1,51 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://img.zemanta.com/pixy.gif?x-id= => https://img.zemanta.com/pixy.gif?x-id=: (6, 'Could not resolve host: img.zemanta.com')
-Fetch error: http://wprp.zemanta.com/static/js/loader.js => https://wprp.zemanta.com/static/js/loader.js: (6, 'Could not resolve host: wprp.zemanta.com')
-Fetch error: http://zemanta.com/ => https://zemanta.com/: Too many redirects while fetching 'https://zemanta.com/'
-Fetch error: http://img.zemanta.com/ => https://img.zemanta.com/: (6, 'Could not resolve host: img.zemanta.com')
-Fetch error: http://prefs.zemanta.com/ => https://prefs.zemanta.com/: (51, "SSL: no alternative certificate subject name matches target host name 'prefs.zemanta.com'")
-Fetch error: http://rp.zemanta.com/ => https://rp.zemanta.com/: (6, 'Could not resolve host: rp.zemanta.com')
-Fetch error: http://wprp.zemanta.com/ => https://wprp.zemanta.com/: (6, 'Could not resolve host: wprp.zemanta.com')
-Fetch error: http://www.zemanta.com/ => https://www.zemanta.com/: Too many redirects while fetching 'https://www.zemanta.com/'
-
-	CDN buckets:
-
-		- img.zemanta.com.s3.amazonaws.com
-		- s3.amazonaws.com/z1-static/
-		- s3.amazonaws.com/zstyle/
-
-		- d1r7mnnsvydqxs.cloudfront.net
-
-			- i.zemanta.com
-
-		- wac.bab2.edgecastcdn.net
-
-			- rp.zamenta.com
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .zemanta.com
-		- one.zemanta.com
+	Cert mismatch:
+		- content.zemanta.com
+		- help.zemanta.com
 		- prefs.zemanta.com
-		- www.zemanta.com
+		- reports.zemanta.com
+		- rsscloud.zemanta.com
 
-	ᶜ See https://owasp.org/index.php/SecureFlag
+	Redirect to plain:
+		- (www.)zemanta.com
 
+	Timeout:
+		- dev.zemanta.com
 
-	Mixed content:
-
-		- css on prefs from fonts.googleapis.com *
-		- Images on www from static1.squarespace.com *
-
-	* Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+	TLS error:
+		- ada.zemanta.com
+		- adoops.zemanta.com
+		- edward.zemanta.com
 -->
-<ruleset name="Zemanta.com" default_off='failed ruleset test'>
-
-	<target host="zemanta.com" />
-	<target host="content.zemanta.com" />
+<ruleset name="Zemanta.com">
+
+	<target host="api.zemanta.com" />
+	<target host="b1-apac1.zemanta.com" />
+	<target host="b1-euc1.zemanta.com" />
+	<target host="b1-lsw-euc1.zemanta.com" />
+	<target host="b1-lsw-use1.zemanta.com" />
+	<target host="b1-us-west-1.zemanta.com" />
+	<target host="b1-use1.zemanta.com" />
+	<target host="b1-use2.zemanta.com" />
+	<target host="b1-usw1.zemanta.com" />
+	<target host="b1.zemanta.com" />
+	<target host="b1t-use1.zemanta.com" />
+	<target host="cookiepixie.zemanta.com" />
+	<target host="fstatic.zemanta.com" />
 	<target host="i.zemanta.com" />
-	<target host="img.zemanta.com" />
+	<target host="images2.zemanta.com" />
 	<target host="one.zemanta.com" />
+	<target host="oneapi.zemanta.com" />
 	<target host="p1.zemanta.com" />
 	<target host="paid.zemanta.com" />
-	<target host="prefs.zemanta.com" />
 	<target host="r1.zemanta.com" />
-	<target host="rp.zemanta.com" />
-	<target host="wprp.zemanta.com" />
-	<target host="www.zemanta.com" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://p1.zemanta.com/p/261/onelanding/" /-->
-
-		<!--	$ 403s, so:
-					-->
-		<test url="http://content.zemanta.com/static/js/pageview.js" />
-		<test url="http://i.zemanta.com/339807482_80_80.jpg" />
-		<test url="http://img.zemanta.com/pixy.gif?x-id=" />
-		<test url="http://wprp.zemanta.com/static/js/loader.js" />
-
-		<!--	$ 404s, so:
-					-->
-		<test url="http://r1.zemanta.com/r/u1bo2zclvhmo/yahoo/1035/95659/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.zemanta\.com$" name="^(?:SS_MID|zcl|zuid)$" /-->
-	<!--securecookie host="^one\.zemanta\.com$" name="^csrftoken$" /-->
-	<!--securecookie host="^prefs\.zemanta\.com$" name="^(?:csrftoken|sessionid)$" /-->
-	<!--securecookie host="^www\.zemanta\.com$" name="^crumb$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid$|_gat?$|_gat_|SS_MID|cf_clearance|zcl)$" />
-	<securecookie host="^\w" name=".+" />
+	<target host="sapi.zemanta.com" />
+	<target host="static.zemanta.com" />
+	<target host="testr1.zemanta.com" />
+	<target host="thumbs.zemanta.com" />
+	<target host="videos.zemanta.com" />
 
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/Zen-Internet.xml b/src/chrome/content/rules/Zen-Internet.xml
index 9cbbbbfeaa26..4a65d5b8d16b 100644
--- a/src/chrome/content/rules/Zen-Internet.xml
+++ b/src/chrome/content/rules/Zen-Internet.xml
@@ -35,7 +35,7 @@
 
 	<!--securecookie host="^\.zen\.co\.uk$" name="^__utm\w$" /-->
 
-	<securecookie host="(?:.*\.)?zen\.co\.uk$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Zencoder.xml b/src/chrome/content/rules/Zencoder.xml
index 2684a109dc8f..d0ddd31f75ab 100644
--- a/src/chrome/content/rules/Zencoder.xml
+++ b/src/chrome/content/rules/Zencoder.xml
@@ -21,7 +21,7 @@ Fetch error: http://blog.zencoder.com/ => https://blog.zencoder.com/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="Zencoder.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zencoder.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zend.xml b/src/chrome/content/rules/Zend.xml
index 501af0a6f27f..2f8dd5f46ee3 100644
--- a/src/chrome/content/rules/Zend.xml
+++ b/src/chrome/content/rules/Zend.xml
@@ -46,7 +46,7 @@ Fetch error: http://support.zend.com/ => https://support.zend.com/: (60, 'SSL ce
 		- www.pages.zend.com
 
 -->
-<ruleset name="Zend.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zend.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zendy_Labs.xml b/src/chrome/content/rules/Zendy_Labs.xml
deleted file mode 100644
index 9a820a50467a..000000000000
--- a/src/chrome/content/rules/Zendy_Labs.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Zendy Labs">
-
-	<target host="zendylabs.com" />
-	<target host="www.zendylabs.com" />
-
-
-	<securecookie host="^(?:w*\.)?zendylabs\.com$" name=".+" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zenfolio.xml b/src/chrome/content/rules/Zenfolio.xml
index 4a7e2ddb1bf3..213bc332b659 100644
--- a/src/chrome/content/rules/Zenfolio.xml
+++ b/src/chrome/content/rules/Zenfolio.xml
@@ -16,7 +16,7 @@
 	<rule from="^http://cdn\.zenfolio\.net/"
 		to="https://secure.zenfolio.com/" />
 
-	
+
 	<rule from="^http://(?:www\.)?zenfolio\.com/zf/(?=css/|img/|login\.aspx)"
 		to="https://secure.zenfolio.com/zf/" />
 
diff --git a/src/chrome/content/rules/ZeniMax.com.xml b/src/chrome/content/rules/ZeniMax.com.xml
index dab8d8d41afc..14408de6f152 100644
--- a/src/chrome/content/rules/ZeniMax.com.xml
+++ b/src/chrome/content/rules/ZeniMax.com.xml
@@ -8,13 +8,14 @@
 		- Dishonored.com.xml
 		- ZeniMaxOnline.com.xml
 
+	Timeout:
+		dialin.zenimax.com
 
 	Login required:
 		ausvpn.zenimax.com
 
 	Invalid certificate:
 		cdn.zenimax.com
-		static.zenimax.com
 
 	No working URL known:
 		lyncwebext.zenimax.com
@@ -25,7 +26,6 @@
 
 	<target host="zenimax.com" />
 	<target host="www.zenimax.com" />
-	<target host="dialin.zenimax.com" />
 	<target host="download.zenimax.com" />
 	<target host="jobs.zenimax.com" />
 	<target host="static.zenimax.com" />
@@ -33,9 +33,6 @@
 		<test url="http://static.zenimax.com/forums.bethsoft.com/public/style_emoticons/default/tes.gif" />
 		<test url="http://static.zenimax.com/bethblog/oldcontent/Akaviri_banner.jpg" />
 
-	<rule from="^http://static\.zenimax\.com/"
-		to="https://d1z7bw3wiqzsm4.cloudfront.net/" />
-
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/ZenithMedia.net.xml b/src/chrome/content/rules/ZenithMedia.net.xml
new file mode 100644
index 000000000000..fe4929c73ff6
--- /dev/null
+++ b/src/chrome/content/rules/ZenithMedia.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="ZenithMedia.net">
+	<target host="zenithmedia.net" />
+	<target host="www.zenithmedia.net" />
+	<target host="analytics.zenithmedia.net" />
+	<target host="baltazar.zenithmedia.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zentyal.com.xml b/src/chrome/content/rules/Zentyal.com.xml
index e0817b026e7b..dfd0d1ae2385 100644
--- a/src/chrome/content/rules/Zentyal.com.xml
+++ b/src/chrome/content/rules/Zentyal.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://store.zentyal.com/ => https://store.zentyal.com/: (60, 'SSL
 
 	This ruleset is otherwise entirely and woefully incomplete.
 -->
-<ruleset name="Zentyal.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zentyal.com (partial)" default_off="failed ruleset test">
 
 	<target host="store.zentyal.com" />
 
diff --git a/src/chrome/content/rules/Zentyal.org.xml b/src/chrome/content/rules/Zentyal.org.xml
index d46818534b29..195e64a9bc15 100644
--- a/src/chrome/content/rules/Zentyal.org.xml
+++ b/src/chrome/content/rules/Zentyal.org.xml
@@ -27,7 +27,7 @@ Fetch error: http://wiki.zentyal.org/ => https://wiki.zentyal.org/: (60, 'SSL ce
 		- wiki.zentyal.org
 
 -->
-<ruleset name="Zentyal.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Zentyal.org (partial)" default_off="failed ruleset test">
 
 	<target host="forum.zentyal.org" />
 	<target host="tracker.zentyal.org" />
diff --git a/src/chrome/content/rules/Zerigo.com.xml b/src/chrome/content/rules/Zerigo.com.xml
index a396c56da015..270c33636ee3 100644
--- a/src/chrome/content/rules/Zerigo.com.xml
+++ b/src/chrome/content/rules/Zerigo.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.zerigo.com/ => https://www.zerigo.com/: (6, 'Could not r
 		- manage
 
 -->
-<ruleset name="Zerigo.com" default_off='failed ruleset test'>
+<ruleset name="Zerigo.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zero-Robotics.xml b/src/chrome/content/rules/Zero-Robotics.xml
index f40a2b79a8e0..7c3b3e1c2b7c 100644
--- a/src/chrome/content/rules/Zero-Robotics.xml
+++ b/src/chrome/content/rules/Zero-Robotics.xml
@@ -7,12 +7,12 @@ Fetch error: http://www.zerorobotics.org/ => https://www.zerorobotics.org/: (28,
 Disabled by https-everywhere-checker because:
 Fetch error: http://zerorobotics.org/ => https://zerorobotics.org/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="Zero Robotics" default_off='failed ruleset test'>
+<ruleset name="Zero Robotics" default_off="failed ruleset test">
 
 	<target host="zerorobotics.org" />
 	<target host="www.zerorobotics.org" />
 
-	<securecookie host="^(?:.*\.)?zerorobotics\.org$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/ZeroBin.net.xml b/src/chrome/content/rules/ZeroBin.net.xml
index aa217501fa4e..2ed93c804848 100644
--- a/src/chrome/content/rules/ZeroBin.net.xml
+++ b/src/chrome/content/rules/ZeroBin.net.xml
@@ -6,4 +6,4 @@
 
 	<rule from="^http:" to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/ZeroBlock.com.xml b/src/chrome/content/rules/ZeroBlock.com.xml
deleted file mode 100644
index ad67cb7a2747..000000000000
--- a/src/chrome/content/rules/ZeroBlock.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	www.zeroblock.com: Dropped
-
--->
-<ruleset name="ZeroBlock.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="zeroblock.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.zeroblock.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://www\.zeroblock\.com/"
-		to="https://zeroblock.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zero_Day_Initiative.com.xml b/src/chrome/content/rules/Zero_Day_Initiative.com.xml
index 5648b7c46981..61c089ba808d 100644
--- a/src/chrome/content/rules/Zero_Day_Initiative.com.xml
+++ b/src/chrome/content/rules/Zero_Day_Initiative.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Trend Micro coverage, see Trend_Micro.xml. 
+	For other Trend Micro coverage, see Trend_Micro.xml.
 -->
 
 <ruleset name="Zero Day Initiative.com">
diff --git a/src/chrome/content/rules/Zerowater.com.xml b/src/chrome/content/rules/Zerowater.com.xml
index 11cbd28b1976..494fa1ed3ddd 100644
--- a/src/chrome/content/rules/Zerowater.com.xml
+++ b/src/chrome/content/rules/Zerowater.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://help-flint-mi.zerowater.com/ => https://help-flint-mi.zerowa
 		- consumerinfo (issue with cert chain)
 
 -->
-<ruleset name="Zerowater.com" default_off='failed ruleset test'>
+<ruleset name="Zerowater.com" default_off="failed ruleset test">
 	<target host="zerowater.com" />
 	<target host="www.zerowater.com" />
 	<target host="help-flint-mi.zerowater.com" />
diff --git a/src/chrome/content/rules/Zerve.xml b/src/chrome/content/rules/Zerve.xml
deleted file mode 100644
index e94ba45961a5..000000000000
--- a/src/chrome/content/rules/Zerve.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Expired certificate:
-		zerve.com
-		www.zerve.com
-		qa.zerve.com
-
--->
-<ruleset name="Zerve">
-
-	<target host="img-static.cdn.zerve.com" />
-
-	<rule from="^http://img-static\.cdn\.zerve\.com/"
-		to="https://d3ks0ua4wrpv20.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zeta.Systems.xml b/src/chrome/content/rules/Zeta.Systems.xml
deleted file mode 100644
index ce78b217a83b..000000000000
--- a/src/chrome/content/rules/Zeta.Systems.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	(www.)?zeta.systems: Redirects to secure.zeta.systems
-
-
-	Insecure cookies are set for these hosts:
-
-		- secure.zeta.systems
-
--->
-<ruleset name="Zeta.Systems (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="secure.zeta.systems" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^secure\.zeta\.systems$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^secure\.zeta\.systems$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zetel.de.xml b/src/chrome/content/rules/Zetel.de.xml
index 009a3286a360..bf120732b3f8 100644
--- a/src/chrome/content/rules/Zetel.de.xml
+++ b/src/chrome/content/rules/Zetel.de.xml
@@ -11,7 +11,7 @@ Fetch error: http://intranet.zetel.de/ => https://intranet.zetel.de/: (51, "SSL:
 
 
 -->
-<ruleset name="Zetel.de" default_off='failed ruleset test'>
+<ruleset name="Zetel.de" default_off="failed ruleset test">
 	<target host="zetel.de" />
 	<target host="www.zetel.de" />
 	<target host="intranet.zetel.de" />
diff --git a/src/chrome/content/rules/ZeusHash.com.xml b/src/chrome/content/rules/ZeusHash.com.xml
deleted file mode 100644
index beed27f85480..000000000000
--- a/src/chrome/content/rules/ZeusHash.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<ruleset name="ZeusHash.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="zeushash.com" />
-	<target host="www.zeushash.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zeusclicks.com.xml b/src/chrome/content/rules/Zeusclicks.com.xml
index 3ed9f7e7f149..1fea83690c14 100644
--- a/src/chrome/content/rules/Zeusclicks.com.xml
+++ b/src/chrome/content/rules/Zeusclicks.com.xml
@@ -32,7 +32,7 @@
 		- Images on (www.)? from ^zeusclicks.com
 
 -->
-<ruleset name="ZeusClicks.com (partial)" default_off="missing certificate chain">
+<ruleset name="ZeusClicks.com (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zhaw.ch.xml b/src/chrome/content/rules/Zhaw.ch.xml
index 98429860610d..14ee4c254b10 100644
--- a/src/chrome/content/rules/Zhaw.ch.xml
+++ b/src/chrome/content/rules/Zhaw.ch.xml
@@ -32,7 +32,7 @@ unable to get local issuer certificate:
 	<target host="english-training.sml.zhaw.ch" />
 	<target host="gpmpublic.zhaw.ch" />
 	<target host="adressverzeichnis.sozialearbeit.zhaw.ch" />
-	
+
 	<!-- Internal tools -->
 	<target host="intra.zhaw.ch" />
 	<target host="moodle.zhaw.ch" />
@@ -54,7 +54,6 @@ unable to get local issuer certificate:
 	<target host="ras.zhaw.ch" />
 	<target host="eportfolio.zhaw.ch" />
 	<target host="zec.zhaw.ch" />
-	<target host="zhaw.doodle.com" />
 
 	<!-- Department redirection pages -->
 	<target host="gesundheit.zhaw.ch" />
@@ -66,7 +65,7 @@ unable to get local issuer certificate:
 	<target host="sozialearbeit.zhaw.ch" />
 	<target host="www.sozialearbeit.zhaw.ch" />
 
-	<!-- Institute redirection subdomains --> 
+	<!-- Institute redirection subdomains -->
 	<target host="ines.zhaw.ch" />
 	<target host="init.zhaw.ch" />
 	<target host="iamp.zhaw.ch" />
diff --git a/src/chrome/content/rules/Zhihu.xml b/src/chrome/content/rules/Zhihu.xml
index cb46d57a6c44..3e26724c64ed 100644
--- a/src/chrome/content/rules/Zhihu.xml
+++ b/src/chrome/content/rules/Zhihu.xml
@@ -11,8 +11,6 @@
 	Mixcontent but no function issue:
 		daily.zhihu.com
 		news-at.zhihu.com
-
-	Redirect to http:
 		worldcup2014.zhihu.com
 -->
 
@@ -32,17 +30,15 @@
 	<target host="news-at.zhihu.com" />
 	<target host="static.zhihu.com" />
 	<target host="sugar.zhihu.com" />
+	<target host="worldcup2014.zhihu.com" />
 	<target host="zhihu-web-analytics.zhihu.com" />
 	<target host="zhstatic.zhihu.com" />
 	<target host="zhuanlan.zhihu.com" />
 
-	<target host="pic.zhimg.com" />
 	<target host="pic1.zhimg.com" />
 	<target host="pic2.zhimg.com" />
 	<target host="pic3.zhimg.com" />
 	<target host="pic4.zhimg.com" />
-	<target host="z1.zhimg.com" />
-		<test url="http://z1.zhimg.com/scripts/c76214ae.scripts.js" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Zierer.com.xml b/src/chrome/content/rules/Zierer.com.xml
new file mode 100644
index 000000000000..3fff40a351d9
--- /dev/null
+++ b/src/chrome/content/rules/Zierer.com.xml
@@ -0,0 +1,15 @@
+<ruleset name="Zierer.com">
+
+	<target host="zierer.com" />
+	<target host="www.zierer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Invalid certificate on https://zierer.com/,
+	http://zierer.com/ redirects to http://www.zierer.com/.-->
+	<rule from="^http://zierer\.com/"
+			to="https://www.zierer.com/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/Ziff-Davis-mismatches.xml b/src/chrome/content/rules/Ziff-Davis-mismatches.xml
deleted file mode 100644
index 6aaa82d2d2f3..000000000000
--- a/src/chrome/content/rules/Ziff-Davis-mismatches.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	For rules that are on by default, see Ziff-Davis.xml.
-
-
-	ToDo: Find Akamai buckets
-
--->
-<ruleset name="Ziff Davis (mismatches)" default_off="mismatched">
-
-	<target host="extremetech.com" />
-	<target host="www.extremetech.com" />
-		<!--
-			Handled in Extreme_Tech.com.xml:
-							-->
-		<!--exclusion pattern="^http://(www\.)?extremetech\.com/(cobrand_header|wp-content|wp-includes)/" /-->
-
-
-	<securecookie host="^www\.extremetech\.com$" name=".+" />
-
-
-	<rule from="^http://(?:www\.)?extremetech\.com/"
-		to="https://www.extremetech.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Ziff-Davis.xml b/src/chrome/content/rules/Ziff-Davis.xml
index 3c026fdd149c..d2fc5aa6b7d0 100644
--- a/src/chrome/content/rules/Ziff-Davis.xml
+++ b/src/chrome/content/rules/Ziff-Davis.xml
@@ -1,10 +1,7 @@
 <!--
-	For problematic rules, see Ziff-Davis-mismatches.xml.
-
-
 	Other Ziff Davis rulesets:
 
-		- Extreme_Tech.com.xml
+		- ExtremeTech.com.xml
 		- Geek.com.xml
 		- IT_Toolbox.com.xml
 		- ZDbb.net.xml
@@ -85,16 +82,12 @@
 	<target host="static.ziffdavis.com" />
 
 
-	<rule from="^http://static\.adziff\.com/"
-		to="https://d3dd6h0gw79f7z.cloudfront.net/" />
-
 	<rule from="^http://metrics\.geek\.com/"
 		to="https://geek-com.122.2o7.net/"/>
 
 	<rule from="^http://metrics\.pcmag\.com/"
 		to="https://ziffdavis-com.112.2o7.net/" />
 
-	<rule from="^http://static\.ziffdavis\.com/"
-		to="https://static.ziffdavis.com/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/Ziggo.com.xml b/src/chrome/content/rules/Ziggo.com.xml
deleted file mode 100644
index 387dd6cb06ca..000000000000
--- a/src/chrome/content/rules/Ziggo.com.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	For other Ziggo coverage, see Ziggo.xml.
-
--->
-<ruleset name="Ziggo.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ziggo.com" />
-	<target host="www.ziggo.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Ziggo.xml b/src/chrome/content/rules/Ziggo.xml
index ba53adb1b198..a1f8cbd77263 100644
--- a/src/chrome/content/rules/Ziggo.xml
+++ b/src/chrome/content/rules/Ziggo.xml
@@ -1,7 +1,6 @@
 <!--
 	Other Ziggo rulesets:
 
-		- Ziggo.com.xml
 		- Ziggo_Zakelijk.nl.xml
 
 
diff --git a/src/chrome/content/rules/Zillow-problematic.xml b/src/chrome/content/rules/Zillow-problematic.xml
deleted file mode 100644
index 20a53704056a..000000000000
--- a/src/chrome/content/rules/Zillow-problematic.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	For rules that are on by default, see Zillow.xml
-
--->
-<ruleset name="Zillow (problematic)" default_off="mismatched">
-
-	<target host="rentalpro.zillow.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zillow.com.xml b/src/chrome/content/rules/Zillow.com.xml
new file mode 100644
index 000000000000..bd3d7c25d8a4
--- /dev/null
+++ b/src/chrome/content/rules/Zillow.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- engineering.zillow.com
+
+		Certificate mismatched:
+		- investors.zillow.com
+
+		Status code mismatch:
+		- mortgageapi.zillow.com
+-->
+<ruleset name="Zillow.com (partial)">
+	<target host="zillow.com" />
+	<target host="www.zillow.com" />
+	<target host="info.zillow.com" />
+	<target host="premieragent.zillow.com" />
+	<target host="photos1.zillow.com" />
+	<target host="photos2.zillow.com" />
+	<target host="photos3.zillow.com" />
+		<test url="http://photos1.zillow.com/i_g/ISatx8mbaxt0v7.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zillow.xml b/src/chrome/content/rules/Zillow.xml
deleted file mode 100644
index 5ac83f231eef..000000000000
--- a/src/chrome/content/rules/Zillow.xml
+++ /dev/null
@@ -1,105 +0,0 @@
-<!--
-	Disbaled because it breaks overlay on pages like http://www.zillow.com/homes/for_sale/San-Francisco-CA/San-Francisco-CA_rb/
-	See https://github.com/EFForg/https-everywhere/issues/1353
-
-	For problematic rules, see Zillow-problematic.xml
-
-
-	CDN buckets:
-
-		- d14mm2ttxradcn.cloudfront.net	← photos[1-3].zillowstatic.com
-		- d155excyarmp3n.cloudfront.net
-		- rentjuice.desk.com
-
-
-	Nonfunctional domains:
-
-		- rentalshelp.zillow.com	(redirects to http, mismatched, CN: *.desk.com)
-
-
-	Problematic domains:
-
-		- (www.)?zillow.com ¹
-		- photos[123].zillow.com	(akamai)
-		- rentalpro.zillow.com		(works, mismatched, CN: *.rentalapp.zillow.com)
-
-		- photos[1-3].zillowstatic.com	Cloudfront
-
-	¹ Tor users blocked
-
-
-	Partially covered domains:
-
-		- (www.)zillow.com
-
-			These paths redirect to http:
-
-				- $
-				- blog$
-				- ca
-				- facelift
-				- homedetails
-				- homes
-				- profile
-				- reviews
-				- wikipages
-
-			- These paths 404:
-
-				- blog/
-
-
-	Fully covered domains:
-
-		- zillow.com subdomains:
-
-			- engineering
-			- mortgageapi
-			- photos
-			- photos\d		(→ photos)
-			- rentalapp
-
-		- (www.)zillowstatic.com
-
-
-	Mixed content:
-
-		- Images on www from www.zillowstatic.com *
-
-	* Secured by us, doesn't trip MCB anyway
-
--->
-<ruleset name="Zillow (partial)" default_off="Breaks overlays">
-
-	<target host="zillow.com" />
-	<target host="*.zillow.com" />
-		<!--exclusion pattern="^http://(www\.)?zillow\.com/(facelift|homes)($|[?/])" /-->
-		<exclusion pattern="^http://(?:www\.)?zillow\.com/(?!.*\$LoginLink|favicon\.ico|(?:advertising|advice(?:pages|-thread)|agents|app|corp|directory|fhs-loan|foreclosures|for-sale-by-owner|help|home-(?:equity-loan|improvement-dueling-digs)|howto|imaging|learnmore|local-info|make-me-move|mobile|mortgage-(?:calculator|glossary|rates)|post-re(?:al-estate|ntal)-listings|refinance|search|static|visuals|webtools)(?:$|\?|/))" />
-	<target host="zillowstatic.com" />
-	<target host="www.zillowstatic.com" />
-
-	<!--    Complications:
-				-->
-	<target host="photos1.zillowstatic.com" />
-	<target host="photos2.zillowstatic.com" />
-	<target host="photos3.zillowstatic.com" />
-
-
-	<securecookie host="^engineering\.zillow\.com$" name=".+" />
-
-
-	<rule from="^http://((?:engineering|mortgageapi|rentalapp|www)\.)?zillow\.com/"
-		to="https://$1zillow.com/" />
-
-	<rule from="^http://photos\d?\.zillow\.com/"
-		to="https://photos.zillow.com/" />
-
-	<rule from="^http://photos\d\.zillowstatic\.com/"
-		to="https://d14mm2ttxradcn.cloudfront.net/" />
-
-		<test url="http://photos1.zillowstatic.com/i_g/ISatx8mbaxt0v7.jpg" />
-
-	<rule from="^http://(www\.)?zillowstatic\.com/"
-		to="https://$1zillowstatic.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zillowstatic.com.xml b/src/chrome/content/rules/Zillowstatic.com.xml
new file mode 100644
index 000000000000..e3a8212df0f6
--- /dev/null
+++ b/src/chrome/content/rules/Zillowstatic.com.xml
@@ -0,0 +1,25 @@
+<!--
+  Host not resolved:
+    iss.zillowstatic.com
+ -->
+
+<ruleset name="Zillowstatic.com">
+	<target host="zillowstatic.com" />
+	<target host="www.zillowstatic.com" />
+	<!-- <target host="iss.zillowstatic.com" /> -->
+	<target host="photos.zillowstatic.com" />
+	<target host="photos1.zillowstatic.com" />
+	<target host="photos2.zillowstatic.com" />
+	<target host="photos3.zillowstatic.com" />
+		<test url="http://photos1.zillowstatic.com/i_g/ISatx8mbaxt0v7.jpg" />
+	<target host="s.zillowstatic.com" />
+		<test url="http://s.zillowstatic.com/homepage/71ea6cf/_next/fb2c2732-cd15-4dfb-823c-0c0a1dd29e4a/page/sell.js" />
+	<target host="videos.zillowstatic.com" />
+		<test url="http://videos.zillowstatic.com/homepage/video_buy_20170503_1800.mp4" />
+	<target host="wp.zillowstatic.com" />
+		<test url="http://wp.zillowstatic.com/1/vert-one-resized-169851.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zilog.com.xml b/src/chrome/content/rules/Zilog.com.xml
deleted file mode 100644
index eb288a51920a..000000000000
--- a/src/chrome/content/rules/Zilog.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- zilog.com
-		- www.zilog.com
-
--->
-<ruleset name="Zilog.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="zilog.com" />
-	<target host="modelnprod.zilog.com" />
-	<target host="www.zilog.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?zilog\.com$" name="^[\da-f]{32}$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zimbatm.com.xml b/src/chrome/content/rules/Zimbatm.com.xml
index 87e8a2a3d063..f5ea3716346b 100644
--- a/src/chrome/content/rules/Zimbatm.com.xml
+++ b/src/chrome/content/rules/Zimbatm.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.zimbatm.com/ => https://www.zimbatm.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.zimbatm.com'")
 
 -->
-<ruleset name="zimbatm.com" default_off='failed ruleset test'>
+<ruleset name="zimbatm.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zimbra.com.xml b/src/chrome/content/rules/Zimbra.com.xml
new file mode 100644
index 000000000000..7301987b4899
--- /dev/null
+++ b/src/chrome/content/rules/Zimbra.com.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- docs.zimbra.com
+
+		SSL peer certificate was not OK:
+		- forums.zimbra.com
+
+		Status code mismatch:
+		- mail.zimbra.com
+		- stg-www.zimbra.com
+-->
+<ruleset name="Zimbra.com">
+	<target host="zimbra.com" />
+	<target host="www.zimbra.com" />
+	<target host="blog.zimbra.com" />
+	<target host="bugzilla.zimbra.com" />
+	<target host="demox.zimbra.com" />
+	<target host="downloads.zimbra.com" />
+	<target host="edge01e.zimbra.com" />
+	<target host="edge02e.zimbra.com" />
+	<target host="edge04e.zimbra.com" />
+	<target host="files.zimbra.com" />
+	<target host="files2.zimbra.com" />
+	<target host="gallery.zimbra.com" />
+	<target host="help.zimbra.com" />
+	<target host="info.zimbra.com" />
+	<target host="repo.zimbra.com" />
+	<target host="support.zimbra.com" />
+	<target host="wiki.zimbra.com" />
+	
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zimbra.xml b/src/chrome/content/rules/Zimbra.xml
deleted file mode 100644
index ac65b6b5acde..000000000000
--- a/src/chrome/content/rules/Zimbra.xml
+++ /dev/null
@@ -1,90 +0,0 @@
-<!--
-	CDN buckets:
-
-		- files.zimbra.com.s3.amazonaws.com
-
-		- files2.zimbra.com.edgesuite.net
-
-			- a1843.g.akamai.net
-
-
-	Problematic domains:
-
-		- zimbra.com subdomains:
-
-			- files		(amazonws)
-			- files2	(works, akamai)
-
-		- (www.)zimbrablog.com	(works; mismatched, CN: *.zimbra.com)
-
-
-	Fully covered domains:
-
-		- *.zimbra.com:
-
-			- (www.)
-			- blog
-			- files *
-			- files2 *
-			- gallery
-			- help
-
-		- (www.)zimbrablog.com	(→ blog.zimbra.com)
-
-	* → s3.amazonaws.com/files.zimbra.com/
-
-
-	Mixed content:
-
-		- Scripts:
-
-			- On blog from www.google.com *
-			- On help from www.google.com *
-			- On www from www *
-			- On www from www.google.com *
-
-		- css:
-
-			- On blog from blog *
-			- On blog from www.google.com *
-			- On www from www *
-			- On www from www.google.com *
-
-		- Images, on www from:
-
-			- www *
-			- feeds2.feedburner.com **
-
-		- Web bug on www from munchkin.marketo.net *
-
-	* Secured by us
-	** Unsecurable, doesn't trip MCB anyway
-
-
-	NB: We secure all resources, and thus
-	platform should be removed with Ffx 24.
-
--->
-<ruleset name="Zimbra (false MCB)" platform="mixedcontent">
-
-	<target host="zimbra.com" />
-	<target host="*.zimbra.com" />
-	<target host="zimbrablog.com" />
-	<target host="www.zimbrablog.com" />
-
-
-	<!--securecookie host="^\.zimbra\.com$" name="^(_mkto_trk|optimizely\w+|__utm\w)$" /-->
-	<securecookie host="^(?:.*\.)?zimbra\.com$" name=".+" />
-
-
-	<rule from="^http://files2?\.zimbra\.com/"
-		to="https://s3.amazonaws.com/files.zimbra.com/" />
-
-	<rule from="^http://([^/:@\.]+\.)?zimbra\.com/"
-		to="https://$1zimbra.com/" />
-
-	<rule from="^http://(?:www\.)?zimbrablog\.com/"
-		to="https://blog.zimbra.com/" />
-
-</ruleset>
-
diff --git a/src/chrome/content/rules/Zimperium.xml b/src/chrome/content/rules/Zimperium.xml
index b574ec788c90..2193dc37f794 100644
--- a/src/chrome/content/rules/Zimperium.xml
+++ b/src/chrome/content/rules/Zimperium.xml
@@ -2,7 +2,7 @@
 	<target host="zimperium.com" />
 	<target host="www.zimperium.com" />
 	<target host="blog.zimperium.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/Zing_Checkout.com-problematic.xml b/src/chrome/content/rules/Zing_Checkout.com-problematic.xml
index f93f0cc9d986..d87bdfd014d1 100644
--- a/src/chrome/content/rules/Zing_Checkout.com-problematic.xml
+++ b/src/chrome/content/rules/Zing_Checkout.com-problematic.xml
@@ -5,7 +5,7 @@
 <ruleset name="Zing Checkout.com (broken)" default_off="refused">
 
 	<target host="zingcheckout.com" />
-	<target host="*.zingcheckout.com" />
+	<target host="www.zingcheckout.com" />
 
 
 	<securecookie host="^\.zingcheckout\.com$" name=".+" />
diff --git a/src/chrome/content/rules/Zing_Checkout.com.xml b/src/chrome/content/rules/Zing_Checkout.com.xml
index b23c61074a56..2c0bf747b355 100644
--- a/src/chrome/content/rules/Zing_Checkout.com.xml
+++ b/src/chrome/content/rules/Zing_Checkout.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://app.zingcheckout.com/ => https://app.zingcheckout.com/: (28,
 	* Secured by us
 
 -->
-<ruleset name="Zing Checkout.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zing Checkout.com (partial)" default_off="failed ruleset test">
 
 	<target host="app.zingcheckout.com" />
 
diff --git a/src/chrome/content/rules/Zipcar.xml b/src/chrome/content/rules/Zipcar.xml
index 9c405f1e666e..81f3aa8e9025 100644
--- a/src/chrome/content/rules/Zipcar.xml
+++ b/src/chrome/content/rules/Zipcar.xml
@@ -19,7 +19,7 @@
 	* Secured by us
 
 -->
-<ruleset name="Zipcar.com" default_off='failed ruleset test'>
+<ruleset name="Zipcar.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zipy.co.il.xml b/src/chrome/content/rules/Zipy.co.il.xml
index c11baad46a08..8a30dd6e4f52 100644
--- a/src/chrome/content/rules/Zipy.co.il.xml
+++ b/src/chrome/content/rules/Zipy.co.il.xml
@@ -19,7 +19,7 @@ Fetch error: http://m.zipy.co.il/ => https://m.zipy.co.il/: (51, "SSL: no altern
 	ˢ Secured by us
 
 -->
-<ruleset name="Zipy.co.il" default_off='failed ruleset test'>
+<ruleset name="Zipy.co.il" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zissousecure.com.xml b/src/chrome/content/rules/Zissousecure.com.xml
index 36d4cd717d37..03d0b9e7c7b0 100644
--- a/src/chrome/content/rules/Zissousecure.com.xml
+++ b/src/chrome/content/rules/Zissousecure.com.xml
@@ -10,7 +10,7 @@
 		<test url="http://givegreen.zissousecure.com/" />
 
 
-	<securecookie host=".+\.zissousecure\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Zkb.ch.xml b/src/chrome/content/rules/Zkb.ch.xml
new file mode 100644
index 000000000000..acc23d0c32ce
--- /dev/null
+++ b/src/chrome/content/rules/Zkb.ch.xml
@@ -0,0 +1,18 @@
+<!--
+	Incomplete certificate chain:
+		- edl.zkb.ch
+-->
+<ruleset name="Zkb.ch">
+	<target host="zkb.ch" />
+	<target host="www.zkb.ch" />
+	<target host="2020.zkb.ch" />
+	<target host="etradingpro.zkb.ch" />
+	<target host="kundenzufriedenheit.zkb.ch" />
+	<target host="onba.zkb.ch" />
+	<target host="testplattform.zkb.ch" />
+	<target host="webmail.zkb.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zoho.jp.xml b/src/chrome/content/rules/Zoho.jp.xml
index 934103a07d4b..df2cc56b6211 100644
--- a/src/chrome/content/rules/Zoho.jp.xml
+++ b/src/chrome/content/rules/Zoho.jp.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.zoho.co.jp/ => https://www.zoho.co.jp/: (51, "SSL: no al
 	* Secured by us
 
 -->
-<ruleset name="Zoho.jp" default_off='failed ruleset test'>
+<ruleset name="Zoho.jp" default_off="failed ruleset test">
 
 	<target host="zoho.jp" />
 	<target host="blogs.zoho.jp" />
diff --git a/src/chrome/content/rules/Zoklet.net.xml b/src/chrome/content/rules/Zoklet.net.xml
index a7ac14e25ff3..5a74108c42ec 100644
--- a/src/chrome/content/rules/Zoklet.net.xml
+++ b/src/chrome/content/rules/Zoklet.net.xml
@@ -1,6 +1,6 @@
 <ruleset name="Zoklet.net" default_off="refused">
   <target host="www.zoklet.net"/>
   <target host="zoklet.net"/>
-  <securecookie host="^(?:.*\.)?zoklet\.net$" name=".+" />
+  <securecookie host=".+" name=".+" />
   <rule from="^http://(?:www\.)?zoklet\.net/" to="https://www.zoklet.net/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/Zones.com.xml b/src/chrome/content/rules/Zones.com.xml
new file mode 100644
index 000000000000..0ac7ba1ad85e
--- /dev/null
+++ b/src/chrome/content/rules/Zones.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		- blog.zones.com
+		- careers.zones.com
+-->
+
+<ruleset name="Zones.com">
+	<target host="zones.com" />
+	<target host="www.zones.com" />
+	<target host="media.zones.com" />
+	<target host="test.zones.com" />
+	<target host="uk.zones.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zong.xml b/src/chrome/content/rules/Zong.xml
deleted file mode 100644
index 784a8c4f24f1..000000000000
--- a/src/chrome/content/rules/Zong.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d12ssnlxl22ufg.cloudfront.net
-
--->
-<ruleset name="Zong.com (partial)">
-
-	<target host="pay02.zong.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zooku.xml b/src/chrome/content/rules/Zooku.xml
index b0becfd73629..6b9ffdad0131 100644
--- a/src/chrome/content/rules/Zooku.xml
+++ b/src/chrome/content/rules/Zooku.xml
@@ -5,7 +5,7 @@
 	<target host="www.zooku.ro" />
 
 
-	<securecookie host="^(?:.+\.)?zooku\.ro$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/Zoom.us.xml b/src/chrome/content/rules/Zoom.us.xml
new file mode 100644
index 000000000000..726cda656433
--- /dev/null
+++ b/src/chrome/content/rules/Zoom.us.xml
@@ -0,0 +1,38 @@
+<!--
+	Remark: Zoom.us uses a wildcard certificate to serve the corporate URL
+	To avoid critical breakage, a wildcard target not is used during the
+	time of SARS-CoV-2 coronavirus global pandemic.
+
+	Non-functional hosts:
+		Mixed content blocking (MCB) triggered:
+		- csun.zoom.us
+		- oracle.zoom.us
+		- tamu.zoom.us
+-->
+<ruleset name="Zoom.us (partial)">
+	<target host="zoom.us" />
+	<target host="www.zoom.us" />
+	<target host="adelaide.zoom.us" />
+	<target host="auckland.zoom.us" />
+	<target host="bryant.zoom.us" />
+	<target host="dcc.zoom.us" />
+	<target host="deloitte.zoom.us" />
+	<target host="ecu.zoom.us" />
+	<target host="hkust.zoom.us" />
+	<target host="jhjhm.zoom.us" />
+	<target host="jhubluejays.zoom.us" />
+	<target host="ksu.zoom.us" />
+	<target host="lemoyne.zoom.us" />
+	<target host="msu.zoom.us" />
+	<target host="operative.zoom.us" />
+	<target host="roosevelt.zoom.us" />
+	<target host="seattleu.zoom.us" />
+	<target host="transifex.zoom.us" />
+	<target host="ufl.zoom.us" />
+	<target host="uncsph.zoom.us" />
+	<target host="unsw.zoom.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zoomerang.xml b/src/chrome/content/rules/Zoomerang.xml
index a80183406c1f..0ea175b7c8bf 100644
--- a/src/chrome/content/rules/Zoomerang.xml
+++ b/src/chrome/content/rules/Zoomerang.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.zoomerang.com/ => https://www.zoomerang.com/: (60, 'SSL
 	mark this ruleset as mixedcontent.
 
 -->
-<ruleset name="Zoomerang.com" default_off='failed ruleset test'>
+<ruleset name="Zoomerang.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zoomshare.xml b/src/chrome/content/rules/Zoomshare.xml
index 9ecffacfc540..f37b544a2d9b 100644
--- a/src/chrome/content/rules/Zoomshare.xml
+++ b/src/chrome/content/rules/Zoomshare.xml
@@ -11,7 +11,7 @@
 	* Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Zoomshare.com (partial)" default_off="missing certificate chain">
+<ruleset name="Zoomshare.com (partial)" default_off="cert-chain">
 
 	<target host="ssl.zoomshare.com" />
 
diff --git a/src/chrome/content/rules/Zoosk.com.xml b/src/chrome/content/rules/Zoosk.com.xml
index 10f390fe8393..113957ea7bac 100644
--- a/src/chrome/content/rules/Zoosk.com.xml
+++ b/src/chrome/content/rules/Zoosk.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://zoosk.com/ (200) => https://zoosk.com/ (403)
 
 -->
-<ruleset name="Zoosk.com" default_off='failed ruleset test'>
+<ruleset name="Zoosk.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zopa.xml b/src/chrome/content/rules/Zopa.xml
deleted file mode 100644
index 4610ac12d8c0..000000000000
--- a/src/chrome/content/rules/Zopa.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Zopa (partial)">
-
-	<target host="zopa.com"/>
-	<target host="uk.zopa.com"/>
-	<target host="www.zopa.com"/>
-
-	<rule from="^http://(?:uk\.|www\.)?zopa\.com/"
-		to="https://uk.zopa.com/"/>
-
-	<securecookie host="^\.zopa\.com$" name=".+" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zopim.com.xml b/src/chrome/content/rules/Zopim.com.xml
new file mode 100644
index 000000000000..859a080bdfc5
--- /dev/null
+++ b/src/chrome/content/rules/Zopim.com.xml
@@ -0,0 +1,29 @@
+<ruleset name="Zopim.com">
+	<target host="zopim.com" />
+	<target host="www.zopim.com" />
+	<target host="account.zopim.com" />
+	<target host="accounts.zopim.com" />
+	<target host="api.zopim.com" />
+	<target host="blog.zopim.com" />
+	<target host="cdn.zopim.com" />
+	<target host="classic.zopim.com" />
+	<target host="dashboard.zopim.com" />
+	<target host="de.zopim.com" />
+	<target host="de04.zopim.com" />
+	<target host="es.zopim.com" />
+	<target host="fr.zopim.com" />
+	<target host="message.zopim.com" />
+	<target host="reseller.zopim.com" />
+	<target host="ru.zopim.com" />
+	<target host="status.zopim.com" />
+	<target host="tickets.zopim.com" />
+	<target host="tr.zopim.com" />
+	<target host="translate.zopim.com" />
+	<target host="us10.zopim.com" />
+	<target host="us14.zopim.com" />
+	<target host="v2.zopim.com" />
+	<target host="www2.zopim.com" />
+	<target host="zendesk.zopim.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zopim.xml b/src/chrome/content/rules/Zopim.xml
deleted file mode 100644
index 3d01e223c279..000000000000
--- a/src/chrome/content/rules/Zopim.xml
+++ /dev/null
@@ -1,44 +0,0 @@
-<!--
-	zopim.zendesk.com
-
-
-	Fully covered subdomains:
-
-		- (www.)
-		- api
-		- blog
-		- cdn
-		- classic
-		- dashboard
-
-		- de\d\d:
-
-			- de04
-
-		- status
-		- status
-		- status0[12]
-		- tickets
-		- translate
-		- v2
-
-		- us\d\d:
-
-			- us1[04]
-
-		- wiki
-
--->
-<ruleset name="Zopim">
-
-	<target host="zopim.com" />
-	<target host="*.zopim.com" />
-
-
-	<securecookie host="^.*\.zopim\.com$" name=".+" />
-
-
-	<rule from="^http://((?:api|blog|cdn|classic|dashboard|de\d\d|status\d*|tickets|us\d\d|v2|wiki|www)\.)?zopim\.com/"
-		to="https://$1zopim.com/" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/Zorpia.xml b/src/chrome/content/rules/Zorpia.xml
index d5936e1f7381..66d8ba0d1a6f 100644
--- a/src/chrome/content/rules/Zorpia.xml
+++ b/src/chrome/content/rules/Zorpia.xml
@@ -120,16 +120,31 @@
 <ruleset name="Zorpia (false MCB)" platform="mixedcontent">
 
 	<target host="zorpia.com" />
-	<target host="*.zorpia.com" />
-	<target host="*.zpcdn.com" />
+	<target host="en.zorpia.com" />
+	<target host="h150.zorpia.com" />
+	<target host="lrg131.zorpia.com" />
+	<target host="me.zorpia.com" />
+	<target host="mini.zorpia.com" />
+	<target host="search.zorpia.com" />
+	<target host="ths.zorpia.com" />
+	<target host="tns.zorpia.com" />
+	<target host="www.zorpia.com" />
+	<target host="static.zorpia.com" />
+	<target host="static.zpcdn.com" />
+	<target host="ec.static.zpcdn.com" />
+	<target host="h150.zpcdn.com" />
+	<target host="ths.zpcdn.com" />
+	<target host="tns.zpcdn.com" />
+	<target host="ec.h150.zpcdn.com" />
+	<target host="ec.ths.zpcdn.com" />
+	<target host="ec.tns.zpcdn.com" />
+	<target host="lrg131.zpcdn.com" />
 
 
 	<!--securecookie host="^\.zorpia\.com$" name="^(switch_to_en|timezone|zorpia_session)$" /-->
 	<securecookie host=".*\.zorpia\.com$" name=".+" />
 
 
-	<rule from="^http://((?:en|h150|lrg131|me|mini|search|t[hn]s|www)\.)?zorpia\.com/"
-		to="https://$1zorpia.com/" />
 
 	<rule from="^http://(?:static\.zorpia|(?:ec\.)?static\.zpcdn)\.com/"
 		to="https://zorpia.com/" />
@@ -140,4 +155,5 @@
 	<rule from="^http://lrg131\.zpcdn\.com/"
 		to="https://lrg131.zorpia.com/" />
 
-</ruleset>
\ No newline at end of file
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/Zoznam.sk.xml b/src/chrome/content/rules/Zoznam.sk.xml
new file mode 100644
index 000000000000..7f06af353017
--- /dev/null
+++ b/src/chrome/content/rules/Zoznam.sk.xml
@@ -0,0 +1,64 @@
+<!--
+    certificate chain issues:
+	- farmerama.pauzicka.zoznam.sk
+	- khanwars.pauzicka.zoznam.sk
+	- piratestorm.pauzicka.zoznam.sk
+
+-->
+
+<ruleset name="Zoznam.sk">
+	<target host="zoznam.sk" />
+	<target host="www.zoznam.sk" />
+	<target host="20rokov.zoznam.sk" />
+	<target host="androidportal.zoznam.sk" />
+	<target host="bleskovky.zoznam.sk" />
+	<target host="calendar.zoznam.sk" />
+	<target host="cdn.magazines.zoznam.sk" />
+	<target host="coolmobil.zoznam.sk" />
+	<target host="dlznik.zoznam.sk" />
+	<target host="downloads.zoznam.sk" />
+	<target host="dromedar.zoznam.sk" />
+	<target host="feminity.zoznam.sk" />
+	<target host="free.zoznam.sk" />
+	<target host="gamesite.zoznam.sk" />
+	<target host="glob.zoznam.sk" />
+	<target host="hashtag.zoznam.sk" />
+	<target host="hudba.zoznam.sk" />
+	<target host="karierainfo.zoznam.sk" />
+	<target host="kariera.zoznam.sk" />
+	<target host="mail.zoznam.sk" />
+	<target host="mapa.zoznam.sk" />
+	<target host="media.zoznam.sk" />
+	<target host="mojasvadba.zoznam.sk" />
+	<target host="mojdom.zoznam.sk" />
+	<target host="m.zoznam.sk" />
+	<target host="openiazoch.zoznam.sk" />
+	<target host="pauzicka.zoznam.sk" />
+	<target host="bigfarm.pauzicka.zoznam.sk" />
+	<target host="empire.pauzicka.zoznam.sk" />
+	<target host="pc.zoznam.sk" />
+	<target host="player.zoznam.sk" />
+	<target host="plnielanu.zoznam.sk" />
+	<target host="podkapotou.zoznam.sk" />
+	<target host="predpredaj.zoznam.sk" />
+	<target host="projektyrd.zoznam.sk" />
+	<target host="recycle.zoznam.sk" />
+	<target host="rexik.zoznam.sk" />
+	<target host="sibyla.zoznam.sk" />
+	<target host="smsbrana.zoznam.sk" />
+	<target host="sportky.zoznam.sk" />
+	<target host="sportoviska.zoznam.sk" />
+	<target host="spuntik.zoznam.sk" />
+	<target host="stary.zoznam.sk" />
+	<target host="static-images.zoznam.sk" />
+	<target host="telefonny.zoznam.sk" />
+	<target host="telkac.zoznam.sk" />
+	<target host="tv.zoznam.sk" />
+	<target host="urobsisam.zoznam.sk" />
+	<target host="uschovna.zoznam.sk" />
+	<target host="vysetrenie.zoznam.sk" />
+	<target host="webslovnik.zoznam.sk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
+
diff --git a/src/chrome/content/rules/Zscaler.xml b/src/chrome/content/rules/Zscaler.xml
index cf3358b1fb83..c73f9f4985bc 100644
--- a/src/chrome/content/rules/Zscaler.xml
+++ b/src/chrome/content/rules/Zscaler.xml
@@ -42,7 +42,7 @@ Non-2xx HTTP code: http://info.zscaler.com/images/forms/backRequiredGray.gif (20
 	ᵐ Not secured by us <= mismatched
 
 -->
-<ruleset name="Zscaler.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zscaler.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zt03.net.xml b/src/chrome/content/rules/Zt03.net.xml
index 842178c242b8..f6f58ee5137b 100644
--- a/src/chrome/content/rules/Zt03.net.xml
+++ b/src/chrome/content/rules/Zt03.net.xml
@@ -11,7 +11,7 @@ Fetch error: http://secure.zt03.net/ => https://secure.zt03.net/: (60, 'SSL cert
 		- www.secure.zt03.net
 
 -->
-<ruleset name="zt03.net (partial)" default_off='failed ruleset test'>
+<ruleset name="zt03.net (partial)" default_off="failed ruleset test">
 
 	<target host="secure.zt03.net" />
 
diff --git a/src/chrome/content/rules/Zuhah.com.xml b/src/chrome/content/rules/Zuhah.com.xml
index 7d27ab8d4a47..8f920d11c80a 100644
--- a/src/chrome/content/rules/Zuhah.com.xml
+++ b/src/chrome/content/rules/Zuhah.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://cdn.zuhah.com/ => https://cdn.zuhah.com/: (60, 'SSL certific
 Fetch error: http://www.zuhah.com/ => https://www.zuhah.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Zuhah.com" default_off='failed ruleset test'>
+<ruleset name="Zuhah.com" default_off="failed ruleset test">
 
 	<target host="zuhah.com" />
 	<target host="cdn.zuhah.com" />
diff --git a/src/chrome/content/rules/Zuji.com.hk.xml b/src/chrome/content/rules/Zuji.com.hk.xml
deleted file mode 100644
index 29407c627e34..000000000000
--- a/src/chrome/content/rules/Zuji.com.hk.xml
+++ /dev/null
@@ -1,40 +0,0 @@
-<!--
-	Non-functional hosts
-		Couldn't connect to server:
-		- mytrip.zuji.com.hk
-
-		SSL peer certificate was not OK:
-		- m.zuji.com.hk
-
-		Peer certificate cannot be authenticated with given CA certificates:
-		- analytics.zuji.com.hk
--->
-<ruleset name="Zuji HK (partial)">
-	<target host="zuji.com.hk" />
-	<target host="www.zuji.com.hk" />
-	<target host="admin.zuji.com.hk" />
-	<target host="affiliates.zuji.com.hk" />
-	<target host="api.zuji.com.hk" />
-	<target host="autodiscover.zuji.com.hk" />
-	<target host="cars.zuji.com.hk" />
-	<target host="cmsmedia.zuji.com.hk" />
-		<test url="http://cmsmedia.zuji.com.hk/zuhk-cms-media/1823/3-days-katherine.pdf" />
-		<test url="http://cmsmedia.zuji.com.hk/zuhk-cms-media/1819/3-days-in-darwin.pdf" />
-	<target host="flights.zuji.com.hk" />
-	<target host="gateway.zuji.com.hk" />
-	<target host="hotelimages.zuji.com.hk" />
-	<target host="hotels.zuji.com.hk" />
-	<target host="media.zuji.com.hk" />
-		<test url="http://media.zuji.com.hk/travel/offer/" />
-		<test url="http://media.zuji.com.hk/travel/ireland/" />
-	<target host="news.zuji.com.hk" />
-	<target host="packages.zuji.com.hk" />
-	<target host="packagesapi.zuji.com.hk" />
-	<target host="packagesearch.zuji.com.hk" />
-	<target host="securepay.zuji.com.hk" />
-	<target host="securepayapi.zuji.com.hk" />
-	<target host="securepaymasterpass.zuji.com.hk" />
-	<target host="securepayvisa.zuji.com.hk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/Zumzi.xml b/src/chrome/content/rules/Zumzi.xml
deleted file mode 100644
index bceeedc3057a..000000000000
--- a/src/chrome/content/rules/Zumzi.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts:
-
-		- .zumzi.com
-		- biz.zumzi.com
-		- .biz.zumzi.com
-		- www.zumzi.com
-
-
-	Mixed content:
-
-		- css on biz from fonts.googleapis.com *
-
-	* Secured by us
-
--->
-<ruleset name="Zumzi.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="zumzi.com" />
-	<target host="biz.zumzi.com" />
-	<target host="img.zumzi.com" />
-	<target host="s.zumzi.com" />
-	<target host="ss.zumzi.com" />
-	<target host="www.zumzi.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(www)?\.zumzi\.com$" name="^(zum_country|zimzi_city|zumzi2)" /-->
-	<!--securecookie host="^\.?biz\.zumzi\.com$" name="^country$" /-->
-	<!--securecookie host="^\.biz\.zumzi\.com$" name="^pzumzi2$" /-->
-	<!--securecookie host="^www\.zumzi\.com$" name="^country_geoip$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zyado.com.xml b/src/chrome/content/rules/Zyado.com.xml
deleted file mode 100644
index 9ea7210902e1..000000000000
--- a/src/chrome/content/rules/Zyado.com.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="Zyado.com">
-
-	<target host="zyado.com" />
-	<target host="www.zyado.com" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zylom.com.xml b/src/chrome/content/rules/Zylom.com.xml
index 5920ded0fda1..a29845df4a22 100644
--- a/src/chrome/content/rules/Zylom.com.xml
+++ b/src/chrome/content/rules/Zylom.com.xml
@@ -36,7 +36,7 @@ Fetch error: http://cdn.media.zylom.com/ => https://media.zylom.com/: (60, 'SSL
 	* Secured by us
 
 -->
-<ruleset name="Zylom.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Zylom.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/Zylon.net-falsemixed.xml b/src/chrome/content/rules/Zylon.net-falsemixed.xml
deleted file mode 100644
index c5cf5741c99e..000000000000
--- a/src/chrome/content/rules/Zylon.net-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://zylon.net/ => https://zylon.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.zylon.net/ => https://www.zylon.net/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	For rules not causing false/broken MCB, see Zylon.net.xml
-
--->
-<ruleset name="Zylon.net (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="zylon.net" />
-	<target host="www.zylon.net" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/Zylon.net.xml b/src/chrome/content/rules/Zylon.net.xml
index 9de0ad78862e..21001c0a8d4d 100644
--- a/src/chrome/content/rules/Zylon.net.xml
+++ b/src/chrome/content/rules/Zylon.net.xml
@@ -1,48 +1,6 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.zylon.net/default.css => https://www.zylon.net/default.css: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.zylon.net/favicon.ico => https://www.zylon.net/favicon.ico: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.zylon.net/images/linetop.gif => https://www.zylon.net/images/linetop.gif: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	Zylon Internet Services
-
-	For rules causing false/broken MCB, see Zylon.net-falsemixed.xml
-
-
-	Mixed content:
-
-		- css on (www.) from www *
-
-		- Images on (www.) from www *
-
-	* Secured by us
-
--->
-<ruleset name="Zylon.net (partial)" default_off='failed ruleset test'>
-
+<ruleset name="Zylon.net (partial)">
 	<target host="zylon.net" />
 	<target host="www.zylon.net" />
-		<!--
-			Avoid false/broken MCB:
-						-->
-		<exclusion pattern="^http://(?:www\.)?zylon\.net/+(?!default\.css|favicon\.ico|images/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.zylon.net/index.php" />
-			<test url="http://www.zylon.net/sitemap.php" />
-			<test url="http://www.zylon.net/over_zis/adres.php" />
-			<test url="http://www.zylon.net/support/support.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.zylon.net/default.css" />
-			<test url="http://www.zylon.net/favicon.ico" />
-			<test url="http://www.zylon.net/images/linetop.gif" />
-
-
-	<rule from="^http:"
-		to="https:" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/aarresaari.net.xml b/src/chrome/content/rules/aarresaari.net.xml
new file mode 100644
index 000000000000..3145438c4be5
--- /dev/null
+++ b/src/chrome/content/rules/aarresaari.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="aarresaari.net">
+	<target host="aarresaari.net" />
+	<target host="www.aarresaari.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aastocks.com.xml b/src/chrome/content/rules/aastocks.com.xml
deleted file mode 100644
index 1817837a7748..000000000000
--- a/src/chrome/content/rules/aastocks.com.xml
+++ /dev/null
@@ -1,147 +0,0 @@
-<!--
-	Non-functional hosts
-		No working 200/3XX URL(s):
-			 - dl.aastocks.com
-			 - dpdata1.aastocks.com
-			 - icbc-web.aastocks.com
-			 - ims.aastocks.com
-			 - product3.aastocks.com
-			 - services5.aastocks.com
-			 - stanjson.aastocks.com
-			 - stanjson-uat.aastocks.com
-
-		Couldn't resolve host name:
-			 - sccharts.aastocks.com
-			 - sccharts-uat.aastocks.com
-			 - standardchartered.aastocks.com
-			 - standardchartered-uat.aastocks.com
-
-		Couldn't connect to server:
-			 - mail.cn.aastocks.com
-			 - smtp.cn.aastocks.com
-			 - smtp1.cn.aastocks.com
-
-		Timeout was reached:
-			 - bb.aastocks.com
-			 - bochk.aastocks.com
-			 - cms.aastocks.com
-			 - cncharts.aastocks.com
-			 - cniis.aastocks.com
-			 - download-hk.aastocks.com
-			 - fdl.aastocks.com
-			 - fund.aastocks.com
-			 - fx.aastocks.com
-			 - payment.aastocks.com
-			 - smtp.aastocks.com
-			 - smtp2.aastocks.com
-			 - tldata.aastocks.com
-			 - ws2.aastocks.com
-			 - wss-uat.aastocks.com
-			 - wss1.aastocks.com
-			 - wss4.aastocks.com
-			 - wssf1.aastocks.com
-
-		SSL connect error:
-			 - uat1ntt.aastocks.com:8090
-			 - uat2.aastocks.com:8090
-
-		SSL peer certificate or SSH remote key was not OK:
-			 - ad.aastocks.com
-			 - cbproduct.aastocks.com
-			 - chartservices2.aastocks.com
-			 - cn.aastocks.com
-			 - corp.aastocks.com
-			 - data-uat.aastocks.com
-			 - freequote.aastocks.com
-			 - logon-uat.aastocks.com
-			 - my.aastocks.com
-			 - product2.aastocks.com
-			 - product2-uat.aastocks.com
-			 - services1-uat.aastocks.com
-			 - services2.aastocks.com
-			 - services3.aastocks.com
-			 - www.us.aastocks.com
-			 - wwwhk.aastocks.com
-
-		Peer certificate cannot be authenticated with given CA certificates:
-			 - iis.aastocks.com
-			 - comm1.internet.aastocks.com
-			 - mail.aastocks.com
-			 - preview.aastocks.com
-			 - pushweb2.aastocks.com
-			 - qs.aastocks.com
-			 - stat.aastocks.com
-			 - wss2.aastocks.com
-			 
-		CORS Blocking:
-			- fdata.aastocks.com on www.aastocks.com
-			- wdata.aastocks.com on www.aastocks.com
-
--->
-<ruleset name="AASTOCKS.com (partial)">
-	<target host="www.aastocks.com" />
-	<exclusion pattern="^http://www\.aastocks\.com/(tc|sc|en)/.+\.as[hp]x" />
-	<test url="http://www.aastocks.com/sc/default.aspx" />
-	<test url="http://www.aastocks.com/tc/ltp/rtquote.aspx?symbol=00005" />
-	<test url="http://www.aastocks.com/en/stocks/quote/detail-quote.aspx?symbol=02822" />
-	<test url="http://www.aastocks.com/en/datafeed/getstockhistory.ashx" />
-
-	<target host="accounts.aastocks.com" />
-	<test url="http://accounts.aastocks.com/tc/mainsite/registration.aspx" />
-	
-	<target host="charts.aastocks.com" />
-	<target host="data1.aastocks.com" />
-	<test url="http://data1.aastocks.com/bkrIDEng.htm" />
-
-	<target host="fcadata.aastocks.com" />
-	<target host="fcsdata.aastocks.com" />
-	<target host="fctdata.aastocks.com" />
-	<target host="fpdata.aastocks.com" />
-	<target host="fxcharts.aastocks.com" />
-	<target host="chartdata1.internet.aastocks.com" />
-	
-	<target host="hkg.aastocks.com" />
-	<target host="hkg1.aastocks.com" />
-	<target host="hkg3.aastocks.com" />
-	<target host="hkg8.aastocks.com" />
-	<test url="http://hkg.aastocks.com/cms/commentary/commentator_photo_chi_69.JPG" />
-	<test url="http://hkg1.aastocks.com/ad/images/5938/banner.htm" />
-	<test url="http://hkg3.aastocks.com/ad/imagesbanner/script/rvfl.js" />
-	<test url="http://hkg8.aastocks.com/ad/delivery/spc.php" />
-	
-	<target host="logon.aastocks.com" />
-	<test url="http://logon.aastocks.com/payment/tc/termsconditions.aspx" />
-	
-	<target host="m.aastocks.com" />
-	<target host="mpdata.aastocks.com" />
-	
-	<target host="plib.aastocks.com" />
-	<test url="http://plib.aastocks.com/aafnnews/image/20150327111120156_s.jpg" />
-	
-	<target host="product1.aastocks.com" />
-	<test url="http://product1.aastocks.com/snapshot/mebr/Portfolio.aspx?IsDelay=1" />
-	
-	<target host="product1-uat.aastocks.com" />
-	<test url="http://product1-uat.aastocks.com/Snapshot/MEBR/MDetailQuote.aspx?symbol=00941" />
-	
-	<target host="services1.aastocks.com" />
-	<test url="http://services1.aastocks.com/bchk/main.aspx?aalanguage=eng" />
-	
-	<target host="webchart.aastocks.com" />
-	<test url="http://webchart.aastocks.com/chart/indices/indexdailychart.aspx" />
-
-	<target host="pdata1.aastocks.com" />
-	<target host="secure.aastocks.com" />
-	<target host="st.aastocks.com" />
-	<target host="uat2.aastocks.com" />
-
-	<securecookie host="hkg\.aastocks\.com" name=".+" />
-	<securecookie host="hkg1\.aastocks\.com" name=".+" />
-	<securecookie host="hkg3\.aastocks\.com" name=".+" />
-	<securecookie host="hkg8\.aastocks\.com" name=".+" />
-
-	<securecookie host="logon\.aastocks\.com" name=".+" />
-	<securecookie host="secure\.aastocks.com" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/abbott.com.xml b/src/chrome/content/rules/abbott.com.xml
new file mode 100644
index 000000000000..bd998af4df45
--- /dev/null
+++ b/src/chrome/content/rules/abbott.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		^
+-->
+<ruleset name="abbott.com (partial)">
+	<target host="www.abbott.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aberystwythartscentre.co.uk.xml b/src/chrome/content/rules/aberystwythartscentre.co.uk.xml
index a2d07c23444e..ee63769c3014 100644
--- a/src/chrome/content/rules/aberystwythartscentre.co.uk.xml
+++ b/src/chrome/content/rules/aberystwythartscentre.co.uk.xml
@@ -1,22 +1,8 @@
-<!--
-	Mixed content:
-
-		- css from www.aberystwythartscentre.co.uk ˢ
-		- Bug from graph.facebook.com ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Aberystwyth Arts Centre.co.uk" platform="mixedcontent">
-
+<ruleset name="Aberystwyth Arts Centre.co.uk">
 	<target host="aberystwythartscentre.co.uk" />
 	<target host="www.aberystwythartscentre.co.uk" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/abload.de.xml b/src/chrome/content/rules/abload.de.xml
index 10d597f28a56..9450eaba594f 100644
--- a/src/chrome/content/rules/abload.de.xml
+++ b/src/chrome/content/rules/abload.de.xml
@@ -27,7 +27,7 @@
 		<test url="http://www.abload.de/thumb/128px-https_everywherwps4q.png" />
 		<test url="http://www.abload.de/res/styles/main.css" />
 		<exclusion pattern="^http://www\.abload\.de/$" />
-	
+
 	<!-- most files within root directory (index.php, dateien.php, tool.php,
 	blog.php, hilfe.php, contact.php, legal.php, team.php, partner.php,
 	embedding.php, partner.php and jobs.php) redirect to http -->
diff --git a/src/chrome/content/rules/abma.de.xml b/src/chrome/content/rules/abma.de.xml
index 8dd94632bc27..2099e621b990 100644
--- a/src/chrome/content/rules/abma.de.xml
+++ b/src/chrome/content/rules/abma.de.xml
@@ -19,6 +19,6 @@
 	<rule from="^http://(www\.|ssl\.)abma\.de/"
 			to="https://abma.de/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/about.com.xml b/src/chrome/content/rules/about.com.xml
index 50e58c7b49c7..e373ebfabb63 100644
--- a/src/chrome/content/rules/about.com.xml
+++ b/src/chrome/content/rules/about.com.xml
@@ -8,7 +8,7 @@
 	Problematic hosts in *about.com:
 
 		- index ᵐ
-		
+
 	ᵐ Mismatched
 
 
diff --git a/src/chrome/content/rules/abpchina.org.xml b/src/chrome/content/rules/abpchina.org.xml
new file mode 100644
index 000000000000..2c83a7ae36cb
--- /dev/null
+++ b/src/chrome/content/rules/abpchina.org.xml
@@ -0,0 +1,12 @@
+<ruleset name="abpchina.org" platform="mixedcontent">
+	<target host="abpchina.org" />
+	<target host="www.abpchina.org" />
+
+	<!-- Redirect to http: -->
+	<exclusion pattern="^http://abpchina\.org/forum/portal\.php\?mod=list&amp;catid=\d+" />
+		<test url="http://abpchina.org/forum/portal.php?mod=list&amp;catid=3" />
+		<test url="http://abpchina.org/forum/portal.php?mod=list&amp;catid=5" />
+		<test url="http://abpchina.org/forum/portal.php?mod=list&amp;catid=6" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/abuse.net.xml b/src/chrome/content/rules/abuse.net.xml
index 531ebb9ea52c..6cf6a3f1c865 100644
--- a/src/chrome/content/rules/abuse.net.xml
+++ b/src/chrome/content/rules/abuse.net.xml
@@ -3,6 +3,6 @@
   <target host="www.abuse.net"/>
   <target host="verify.abuse.net"/><!-- used for links in confirmation emails after submitting database updates -->
 
-  <rule from="^http://abuse\.net/" to="https://www.abuse.net/"/>  
+  <rule from="^http://abuse\.net/" to="https://www.abuse.net/"/>
   <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/abw.blue.xml b/src/chrome/content/rules/abw.blue.xml
new file mode 100644
index 000000000000..b0d2ef9a955f
--- /dev/null
+++ b/src/chrome/content/rules/abw.blue.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		ftp.abw.blue
+		imap.abw.blue
+		mail.abw.blue
+		pop3.abw.blue
+		smtp.abw.blue
+	
+	Refused:
+		autodiscover.abw.blue
+-->
+<ruleset name="abw.blue">
+	<target host="abw.blue" />
+	<target host="www.abw.blue" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/academ.info.xml b/src/chrome/content/rules/academ.info.xml
new file mode 100644
index 000000000000..4b744e886d2a
--- /dev/null
+++ b/src/chrome/content/rules/academ.info.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		dev.academ.info
+		dev2.academ.info
+		storage.academ.info
+
+	Time out:
+		stat.academ.info
+-->
+<ruleset name="academ.info">
+	<target host="academ.info" />
+	<target host="www.academ.info" />
+	<target host="academbanner.academ.info" />
+	<target host="www.academbanner.academ.info" />
+	<target host="banner1.academ.info" />
+	<target host="forum.academ.info" />
+	<target host="www.forum.academ.info" />
+	<target host="job.academ.info" />
+	<target host="www.job.academ.info" />
+	<target host="ladies.academ.info" />
+	<target host="m.ladies.academ.info" />
+	<target host="www.ladies.academ.info" />
+	<target host="lao.academ.info" />
+	<target host="m.academ.info" />
+	<target host="navigline.academ.info" />
+	<target host="www.navigline.academ.info" />
+	<target host="pets.academ.info" />
+	<target host="www.pets.academ.info" />
+	<target host="phpma.academ.info" />
+	<target host="pix.academ.info" />
+	<target host="www.pix.academ.info" />
+	<target host="reklama.academ.info" />
+	<target host="www.reklama.academ.info" />
+	<target host="wl.academ.info" />
+	<target host="yadro.academ.info" />
+	<target host="www.yadro.academ.info" />
+
+	<rule from="^http://www\.academ\.info/" to="https://academ.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/acast.com.xml b/src/chrome/content/rules/acast.com.xml
index 938ee742f7c2..d3a8950da1ae 100644
--- a/src/chrome/content/rules/acast.com.xml
+++ b/src/chrome/content/rules/acast.com.xml
@@ -1,64 +1,24 @@
 <!--
-	CDN buckets:
+	Timeout:
+		- ^
 
-		- az801177.vo.msecnd.net
-		- acastprod.blob.core.windows.net
-
-
-	Problematic hosts in *acast.com:
-
-		- ^ ᵈ
-		- status ᵐ
-
-	ᵈ Dropped; preemptable redirect
-	ᵐ StatusPage.io/mismatched
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- rss.acast.com
-		- .rss.acast.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
+	Mismatched:
+		- status
 
+	HTTP != HTTPS (due to link signatures):
+		- stitcher
 -->
 <ruleset name="acast.com">
-
-	<!--	Direct rewrites:
-				-->
+	<target host="acast.com" />
+	<target host="www.acast.com" />
 	<target host="ads-creative-cdn.acast.com" />
 	<target host="embed.acast.com" />
+	<target host="flex.acast.com" />
 	<target host="media.acast.com" />
 	<target host="rss.acast.com" />
-	<target host="stitcher.acast.com" />
-	<target host="www.acast.com" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://rss.acast.com/historyofthepapacy" /-->
-
-	<!--	Complications:
-				-->
-	<target host="acast.com" />
-	<target host="status.acast.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^rss\.acast\.com$" name="^acastRss$" /-->
-	<!--securecookie host="^\.rss\.acast\.com$" name="^TiPMix$" /-->
-
-	<securecookie host="^\.rss\." name=".+" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://acast\.com/"
-		to="https://www.acast.com/" />
-
-	<rule from="^http://status\.acast\.com/"
-		to="https://acast.statuspage.io/" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://acast\.com/" to="https://www.acast.com/" />
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/accessedge.com.xml b/src/chrome/content/rules/accessedge.com.xml
index f321a7f36c38..ebba144c0157 100644
--- a/src/chrome/content/rules/accessedge.com.xml
+++ b/src/chrome/content/rules/accessedge.com.xml
@@ -18,7 +18,7 @@
 		- www2.accessedge.com
 
 -->
-<ruleset name="AccessEdge.com" default_off="missing certificate chain">
+<ruleset name="AccessEdge.com" default_off="cert-chain">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/accessify.com.xml b/src/chrome/content/rules/accessify.com.xml
index 882dbc96e85d..676a2fb4bcc5 100644
--- a/src/chrome/content/rules/accessify.com.xml
+++ b/src/chrome/content/rules/accessify.com.xml
@@ -1,37 +1,15 @@
-<!--
-	CDN buckets:
+<ruleset name="accessify.com">
 
-		- dsgo3s8m15t6d.cloudfront.net	← pic
-
-
-	(www.)?accessify.com: Dropped
-
-
-	Problematic hosts in *accessify.com:
-
-		- pic ᵐ
-
-	ᵐ Cloudfront / mismatched
-
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
--->
-<ruleset name="accessify.com" platform="mixedcontent">
-
-	<!--	Complications:
-				-->
+	<target host="accessify.com" />
+	<target host="www.accessify.com" />
 	<target host="pic.accessify.com" />
 
 		<test url="http://pic.accessify.com/thumbnails/320x245/s/soapspoiler.de.png" />
 
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://pic\.accessify\.com/"
-		to="https://dsgo3s8m15t6d.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/accesspiratebay.co.uk.xml b/src/chrome/content/rules/accesspiratebay.co.uk.xml
deleted file mode 100644
index 90ffdedc3e43..000000000000
--- a/src/chrome/content/rules/accesspiratebay.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="accesspiratebay.co.uk">
-	<target host="accesspiratebay.co.uk" />
-	<target host="www.accesspiratebay.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/acme.com.xml b/src/chrome/content/rules/acme.com.xml
new file mode 100644
index 000000000000..f62d818b7f5f
--- /dev/null
+++ b/src/chrome/content/rules/acme.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Disabled by https-everywhere-checker because:
+		Fetch error: http://rr.acme.com/ => https://rr.acme.com/: (6, 'Could not resolve host: rr.acme.com')
+		Fetch error: http://mail.rr.acme.com/ => https://mail.rr.acme.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+		Fetch error: http://www.rr.acme.com/ => https://www.rr.acme.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
+
+	Invalid certificate:
+		burner.acme.com
+		patton.acme.com
+		ftp.patton.acme.com
+		mail.patton.acme.com
+		www.patton.acme.com
+
+	Refused:
+		beepbeep.acme.com
+		broadcast.acme.com
+		music.acme.com
+		www.music.acme.com
+
+	Time out:
+		dns1-charta.acme.com
+		watches.acme.com
+
+	Unreachable:
+		gate6.acme.com
+-->
+<ruleset name="acme.com">
+	<target host="acme.com" />
+	<target host="www.acme.com" />
+	<target host="root.acme.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/acmp.ru.xml b/src/chrome/content/rules/acmp.ru.xml
new file mode 100644
index 000000000000..f824f1ac2b1a
--- /dev/null
+++ b/src/chrome/content/rules/acmp.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	Mismatched:
+		- bsn
+		- c
+		- chat
+		- d
+		- dp
+		- julia
+		- m
+
+	HTTP =/= HTTPS:
+		- www
+-->
+<ruleset name="acmp.ru">
+	<target host="acmp.ru" />
+	<target host="www.acmp.ru" />
+	<target host="w.acmp.ru" />
+
+	<rule from="^http://www\.acmp\.ru/" to="https://acmp.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/act-on.co.uk.xml b/src/chrome/content/rules/act-on.co.uk.xml
index 452628e55f77..11ecc9ef160f 100644
--- a/src/chrome/content/rules/act-on.co.uk.xml
+++ b/src/chrome/content/rules/act-on.co.uk.xml
@@ -6,7 +6,7 @@ Fetch error: http://act-on.co.uk/ => https://act-on.co.uk/: (28, 'Connection tim
 	For other Act-On Software coverage, see act-on.com.xml.
 
 -->
-<ruleset name="Act-On.co.uk" default_off='failed ruleset test'>
+<ruleset name="Act-On.co.uk" default_off="failed ruleset test">
 
 	<target host="act-on.co.uk" />
 	<target host="www.act-on.co.uk" />
diff --git a/src/chrome/content/rules/act-on.com-mixedcontent.xml b/src/chrome/content/rules/act-on.com-mixedcontent.xml
deleted file mode 100644
index d48e7696d755..000000000000
--- a/src/chrome/content/rules/act-on.com-mixedcontent.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing MCB, see act-on.com.xml.
-
--->
-<ruleset name="Act-On.com (MCB)" platform="mixedcontent">
-
-	<target host="mktg.act-on.com" />
-
-
-	<securecookie host="^\." name="^(?:_gat?$|_gat_|wp248$)" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/act-on.com.xml b/src/chrome/content/rules/act-on.com.xml
deleted file mode 100644
index eafec1c249d3..000000000000
--- a/src/chrome/content/rules/act-on.com.xml
+++ /dev/null
@@ -1,119 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://beta.act-on.com/ => https://beta.act-on.com/: (28, 'Connection timed out after 20001 milliseconds')
-Fetch error: http://gamma.act-on.com/ => https://gamma.act-on.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gamma.act-on.com'")
-
-	For rules causing MCB, see act-on.com-mixedcontent.xml.
-
-	Other Act-On Software rulesets:
-
-		- Act-On-Software.xml
-
-
-	Nonfunctional hosts in *act-on.com:
-
-		- press ²
-		- video ʳ
-
-	² 200 "requested URL was rejected"
-	ʳ Refused
-
-
-	Problematic hosts in *act-on.com:
-
-		- au ᶜ
-		- de ᶜ
-		- es ᶜ
-		- interactive ᵐ
-		- mktg ˣ
-		- nl ᶜ
-		- uk ᵐ
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-	ᵐ Mismatched
-	ˣ Mixed css, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .act-on.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css, on:
-
-			- mktg from mktg.actonsoftware.com ˢ
-			- mktg from anv.mik.ua ⁴
-
-		- Images on mktg from mktg.actonsoftware.com ˢ
-
-	⁴ Unsecurable <= 404
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Act-On.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="act-on.com" />
-	<!--target host="au.act-on.com" /-->
-	<target host="beta.act-on.com" />
-	<target host="blog.act-on.com" />
-	<!--target host="de.act-on.com" /-->
-	<target host="developer.act-on.com" />
-	<!--target host="es.act-on.com" /-->
-	<target host="gamma.act-on.com" />
-	<!--target host="mktg.act-on.com" /-->
-	<!--target host="nl.act-on.com" /-->
-	<target host="success.act-on.com" />
-	<target host="www.act-on.com" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://mktg.act-on.com/acton/fs/blocks/showLandingPage/a/248/p/p-0817/t/page/fm/0?namesource=menu_featured_item&amp;channel=Website&amp;ao_campid=1" /-->
-
-	<!--	Complications:
-				-->
-	<target host="interactive.act-on.com" />
-	<target host="uk.act-on.com" />
-
-		<exclusion pattern="^http://interactive\.act-on\.com/(?!/*(?:$|\?))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://interactive.act-on.com/Director.aspx" />
-			<test url="http://interactive.act-on.com/Global/UxPlugins/sticky_container/ixp-sticky_container.min.css" />
-			<test url="http://interactive.act-on.com/KeyGrip.ashx" />
-			<test url="http://interactive.act-on.com/Templates/ixp-microthemes.min.css" />
-			<test url="http://interactive.act-on.com/assessment/inbound-vs-outbound" />
-			<test url="http://interactive.act-on.com/press/rethink-marketing-automation" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.act-on\.com$" name="^wp248$" /-->
-
-	<securecookie host="^\." name="^(?:_gat?$|_gat_|optimizely)" />
-	<securecookie host="^(?!interactive\.)\w" name=".+" />
-
-
-	<!--	Redirect drops args and forward slash:
-							-->
-	<rule from="^http://interactive\.act-on\.com/.*"
-		to="https://www.act-on.com/" />
-
-		<test url="http://interactive.act-on.com/?" />
-
-	<!--	Redirect keeps all:
-					-->
-	<rule from="^http://uk\.act-on\.com/"
-		to="https://www.act-on.co.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/act.org.xml b/src/chrome/content/rules/act.org.xml
new file mode 100644
index 000000000000..3c49bddadef2
--- /dev/null
+++ b/src/chrome/content/rules/act.org.xml
@@ -0,0 +1,205 @@
+<!--
+	Invalid certificate:
+		email.act.org
+		go.act.org
+		hfms.act.org
+		www.hfms.act.org
+		hfms-dev.act.org
+		hfms-test.act.org
+		intl.act.org
+		media.act.org
+		pages.operations.act.org
+		research.act.org
+		share.act.org
+		signin.act.org
+		statetesting.act.org
+		success-dev.act.org
+		success-test.act.org
+		success-stress.act.org
+		webmail.rumpire.wisdomweb.ru
+
+	Redirect to HTTP:
+		forms.act.org
+		pages.act.org
+		services.act.org
+
+	Refused:
+		www.act-remote.act.org
+		acthighered.act.org
+		actrs10.act.org
+		actrs11.act.org
+		api.act.org
+		api-stress.act.org
+		applications-stress.act.org
+		assessmentplanner.act.org
+		autodiscover.act.org
+		commonscoring.act.org
+		csservices-stress.act.org
+		ebsprd1-fin.act.org
+		engage.act.org
+		ewk-stress.act.org
+		forms-stress.act.org
+		g3test.act.org
+		internalapps.act.org
+		internalapps-test.act.org
+		internalapps-stress.act.org
+		leadershipblog.act.org
+		list.act.org
+		localhost.operations.act.org
+		prubs001.act.org
+		publisher.act.org
+		www.readiness.act.org
+		www.readiness-stress.act.org
+		www.remote.act.org
+		rsp-stress.act.org
+		skillprostress.act.org
+		scoringservices-stress.act.org
+		stubs001.act.org
+		teubs001.act.org
+		www.tutorcertification.act.org
+		validus.act.org
+		vtc-stress.act.org
+		vtcinternal.act.org
+		vtcinternal-stress.act.org
+		vtcpublishingstress.act.org
+
+	Time out:
+		acs.act.org
+		actappsstress.act.org
+		acs-stress.act.org
+		actwebsys21.act.org
+		api-dev.act.org
+		api-test.act.org
+		csapis-stress.act.org
+		ebsstr1-fin.act.org
+		ebsstr1-sws.act.org
+		email.onlineprep.act.org
+		ewk.act.org
+		firepass.act.org
+		ftp04.act.org
+		g3stress.act.org
+		inusmtp01.act.org
+		inusmtp02.act.org
+		inusmtp03.act.org
+		inusmtp04.act.org
+		inwav06.act.org
+		operations.act.org
+		click.operations.act.org
+		mta.operations.act.org
+		my-dev.act.org
+		myworkkeysstress.act.org
+		pse-stress2.act.org
+		scorestress.act.org
+		sftp.act.org
+		skillpro-test.act.org
+		skillprotest.act.org
+		smtp01.act.org
+		smtp02.act.org
+		srps-stress.act.org
+		storefront.act.org
+		support.act.org
+		taa-dev.act.org
+		tcm-dev.act.org
+		tess.act.org
+		testadministration-stress.act.org
+		testregistration-stress.act.org
+
+	Unsupported protocol:
+		smtp.act.org
+-->
+<ruleset name="act.org">
+	<target host="act.org" />
+	<target host="www.act.org" />
+	<target host="academy.act.org" />
+	<target host="accgwy.act.org" />
+	<target host="ace.act.org" />
+	<target host="act-remote.act.org" />
+	<target host="actacademy.act.org" />
+	<target host="actapps.act.org" />
+	<target host="actiam.act.org" />
+	<target host="actiam-stress.act.org" />
+	<target host="tn.actonline.act.org" />
+	<target host="training.actonline.act.org" />
+	<target host="agile.act.org" />
+	<target host="agile-np.act.org" />
+	<target host="api-tn.actonline.act.org" />
+	<target host="analytics.act.org" />
+	<target host="analytics-stress.act.org" />
+	<target host="api2.act.org" />
+	<target host="api2-dev.act.org" />
+	<target host="api2-test.act.org" />
+	<target host="api2-stress.act.org" />
+	<target host="api3.act.org" />
+	<target host="api3-dev.act.org" />
+	<target host="api3-test.act.org" />
+	<target host="api3-stress.act.org" />
+	<target host="api4.act.org" />
+	<target host="api4-dev.act.org" />
+	<target host="api4-stress.act.org" />
+	<target host="api5.act.org" />
+	<target host="api5-dev.act.org" />
+	<target host="api5-sandbox.act.org" />
+	<target host="api5-stress.act.org" />
+	<target host="api5-test.act.org" />
+	<target host="applications.act.org" />
+	<target host="aspire.act.org" />
+	<target host="training.aspire.act.org" />
+	<target host="author-prod.act.org" />
+	<target host="commonscoring-stress.act.org" />
+	<target host="content.act.org" />
+	<target host="csapis.act.org" />
+	<target host="discoverer.act.org" />
+	<target host="equityinlearning.act.org" />
+	<target host="forms.act.org" />
+	<target host="frameworks.act.org" />
+	<target host="frameworks-staging.act.org" />
+	<target host="identity.act.org" />
+	<target host="identity-stress.act.org" />
+	<target host="knowledge.act.org" />
+	<target host="mftweb-np.act.org" />
+	<target host="www.my.act.org" />
+	<target host="my.act.org" />
+	<target host="mysuccess.act.org" />
+	<target host="myworkkeys.act.org" />
+	<target host="nextgen.act.org" />
+	<target host="nextgen-stress.act.org" />
+	<target host="onlineprep.act.org" />
+	<target host="order.act.org" />
+	<target host="pages2.act.org" />
+	<target host="pse.act.org" />
+	<target host="pse-stress.act.org" />
+	<target host="pse2.act.org" />
+	<target host="publisher-stress.act.org" />
+	<target host="readiness.act.org" />
+	<target host="readiness-stress.act.org" />
+	<target host="recommends.act.org" />
+	<target host="remote.act.org" />
+	<target host="rsp.act.org" />
+	<target host="score.act.org" />
+	<target host="scoringservices.act.org" />
+	<target host="skillpro.act.org" />
+	<target host="sso.act.org" />
+	<target host="success.act.org" />
+	<target host="srps.act.org" />
+	<target host="taa.act.org" />
+	<target host="tableau.act.org" />
+	<target host="tableau-stress.act.org" />
+	<target host="tableauprototypes.act.org" />
+	<target host="tableauprototypes-stress.act.org" />
+	<target host="tcm.act.org" />
+	<target host="testadmin.act.org" />
+	<target host="training.testadmin.act.org" />
+	<target host="uat.testadmin.act.org" />
+	<target host="tutorcertification.act.org" />
+	<target host="vault.act.org" />
+	<target host="vdimfa.act.org" />
+	<target host="vtc.act.org" />
+	<target host="vtcpublishing.act.org" />
+	<target host="vtcsupport-stress.act.org" />
+	<target host="workforce.act.org" />
+	<target host="workkeyscurriculum.act.org" />
+	<target host="wse.act.org" />
+	<target host="wse-dev.act.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/actionfraud.police.uk.xml b/src/chrome/content/rules/actionfraud.police.uk.xml
deleted file mode 100644
index 4e8e425dc366..000000000000
--- a/src/chrome/content/rules/actionfraud.police.uk.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	(www.)?actionfraud.police.uk: Mismatched
-
--->
-<ruleset name="Action Fraud.Police.uk (partial)">
-
-	<target host="app03.actionfraud.police.uk" />
-
-		<!--	$ 403s, so:
-					-->
-		<test url="http://app03.actionfraud.police.uk/report/Account" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/active24.com.xml b/src/chrome/content/rules/active24.com.xml
index a67c506316ba..15deb5944a64 100644
--- a/src/chrome/content/rules/active24.com.xml
+++ b/src/chrome/content/rules/active24.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://my.active24.com/ => https://my.active24.com/: (6, 'Could not
 	Self signed:
 		- exchange.active24.com
 -->
-<ruleset name="Active24.com" default_off='failed ruleset test'>
+<ruleset name="Active24.com" default_off="failed ruleset test">
 	<target host="webmail.active24.com" />
 	<target host="webftp.active24.com" />
 	<target host="mysql.active24.com" />
diff --git a/src/chrome/content/rules/actor.im.xml b/src/chrome/content/rules/actor.im.xml
index 7f1dc384b111..83dcec70e47b 100644
--- a/src/chrome/content/rules/actor.im.xml
+++ b/src/chrome/content/rules/actor.im.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.actor.im/ => https://www.actor.im/: (28, 'Operation time
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Actor.im" default_off='failed ruleset test'>
+<ruleset name="Actor.im" default_off="failed ruleset test">
 
 	<target host="actor.im" />
 	<target host="app.actor.im" />
diff --git a/src/chrome/content/rules/acxiom.com.xml b/src/chrome/content/rules/acxiom.com.xml
index 9ae01652a83c..88cd2605e46a 100644
--- a/src/chrome/content/rules/acxiom.com.xml
+++ b/src/chrome/content/rules/acxiom.com.xml
@@ -1,8 +1,26 @@
+
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://acxsc.acxiom.com/ => https://acxsc.acxiom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'acxsc.acxiom.com'")
+Fetch error: http://aeopdevvip.acxiom.com/ => https://aeopdevvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeopdevvip.acxiom.com:443 ')
+Fetch error: http://aeopprodvip.acxiom.com/ => https://aeopprodvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeopprodvip.acxiom.com:443 ')
+Fetch error: http://aeraisedevvip.acxiom.com/ => https://aeraisedevvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeraisedevvip.acxiom.com:443 ')
+Fetch error: http://aeraiseprodvip.acxiom.com/ => https://aeraiseprodvip.acxiom.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to aeraiseprodvip.acxiom.com:443 ')
+Fetch error: http://catcher.acxiom.com/ => https://catcher.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://cert-services.acxiom.com/ => https://cert-services.acxiom.com/: (6, 'Could not resolve host: cert-services.acxiom.com')
+Fetch error: http://cipix.acxiom.com/ => https://cipix.acxiom.com/: (51, "SSL: no alternative certificate subject name matches target host name 'cipix.acxiom.com'")
+Fetch error: http://fts2sfg.acxiom.com/ => https://fts2sfg.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://investors.acxiom.com/ => https://investors.acxiom.com/: (6, 'Could not resolve host: investors.acxiom.com')
+Fetch error: http://owa.acxiom.com/ => https://owa.acxiom.com/: (6, 'Could not resolve host: owa.acxiom.com')
+Fetch error: http://services.acxiom.com/ => https://services.acxiom.com/: (6, 'Could not resolve host: services.acxiom.com')
+Fetch error: http://sspwreset.acxiom.com/ => https://sspwreset.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://thrivent.acxiom.com/ => https://thrivent.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+Fetch error: http://vmb1.eu.acxiom.com/ => https://vmb1.eu.acxiom.com/: (28, 'Connection timed out after 20000 milliseconds')
+
 	Other Acxiom coverage:
 
 		- About_the_Data.com.xml
-		- Acxiom-online.com.xml
 
 	Problematic hosts in *acxiom.com:
 
@@ -37,36 +55,36 @@
 	<target host="www.acxiom.com" />
 	<target host="acxmapi.acxiom.com" />
 	<target host="acxreset.acxiom.com" />
-	<target host="acxsc.acxiom.com" />
-	<target host="aeopdevvip.acxiom.com" />
-	<target host="aeopprodvip.acxiom.com" />
-	<target host="aeraisedevvip.acxiom.com" />
-	<target host="aeraiseprodvip.acxiom.com" />
+	<!-- target host="acxsc.acxiom.com" /-->
+	<!-- target host="aeopdevvip.acxiom.com" /-->
+	<!-- target host="aeopprodvip.acxiom.com" /-->
+	<!-- target host="aeraisedevvip.acxiom.com" /-->
+	<!-- target host="aeraiseprodvip.acxiom.com" /-->
 	<target host="api.acxiom.com" />
-	<target host="catcher.acxiom.com" />
-	<target host="cert-services.acxiom.com" />
-	<target host="cipix.acxiom.com" />
+	<!-- target host="catcher.acxiom.com" /-->
+	<!-- target host="cert-services.acxiom.com" /-->
+	<!-- target host="cipix.acxiom.com" /-->
 	<target host="collaborate.acxiom.com" />
 	<target host="developer.acxiom.com" />
 	<target host="eu-interactive.acxiom.com" />
-	<target host="fts2sfg.acxiom.com" />
+	<!-- target host="fts2sfg.acxiom.com" /-->
 	<target host="gmrecall.acxiom.com" />
 	<target host="heathrow1.eu.acxiom.com" />
 	<target host="id.acxiom.com" />
 	<target host="idstage.acxiom.com" />
 	<target host="interactivedelivery.acxiom.com" />
-	<target host="investors.acxiom.com" />
+	<!-- target host="investors.acxiom.com" /-->
 	<target host="marketing.acxiom.com" />
-	<target host="owa.acxiom.com" />
+	<!-- target host="owa.acxiom.com" /-->
 	<target host="passwordstation.acxiom.com" />
 	<target host="qa.benefitbuilder.acxiom.com" />
 	<target host="schwabdnc.acxiom.com" />
-	<target host="services.acxiom.com" />
-	<target host="sspwreset.acxiom.com" />
+	<!-- target host="services.acxiom.com" /-->
+	<!-- target host="sspwreset.acxiom.com" /-->
 	<target host="test.acxmapi.acxiom.com" />
 	<target host="test.api.acxiom.com" />
-	<target host="thrivent.acxiom.com" />
-	<target host="vmb1.eu.acxiom.com" />
+	<!-- target host="thrivent.acxiom.com" /-->
+	<!-- target host="vmb1.eu.acxiom.com" /-->
 
 	<securecookie host="^\w" name=".+" />
 
diff --git a/src/chrome/content/rules/ad-m.asia.xml b/src/chrome/content/rules/ad-m.asia.xml
index 3596084738d9..f39e1b2db5f5 100644
--- a/src/chrome/content/rules/ad-m.asia.xml
+++ b/src/chrome/content/rules/ad-m.asia.xml
@@ -5,4 +5,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/adamcod.es.xml b/src/chrome/content/rules/adamcod.es.xml
deleted file mode 100644
index 7e07034b5c7c..000000000000
--- a/src/chrome/content/rules/adamcod.es.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="adamcod.es">
-
-	<target host="adamcod.es" />
-	<target host="www.adamcod.es" />
-
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/adc-srv.net.xml b/src/chrome/content/rules/adc-srv.net.xml
index 92dc0d8b0d4b..22f1ceaea22e 100644
--- a/src/chrome/content/rules/adc-srv.net.xml
+++ b/src/chrome/content/rules/adc-srv.net.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.adc-srv.net/ => https://www.adc-srv.net/: (51, "SSL: no
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="ADC-srv.net" default_off='failed ruleset test'>
+<ruleset name="ADC-srv.net" default_off="failed ruleset test">
 
 	<target host="adc-srv.net" />
 	<target host="ad.adc-srv.net" />
diff --git a/src/chrome/content/rules/additifs-alimentaires.net.xml b/src/chrome/content/rules/additifs-alimentaires.net.xml
new file mode 100644
index 000000000000..48d84848c6dd
--- /dev/null
+++ b/src/chrome/content/rules/additifs-alimentaires.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="additifs-alimentaires.net">
+	<target host="additifs-alimentaires.net" />
+	<target host="www.additifs-alimentaires.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/adfoc.us-mixedcontent.xml b/src/chrome/content/rules/adfoc.us-mixedcontent.xml
deleted file mode 100644
index 7dc6de9c72f2..000000000000
--- a/src/chrome/content/rules/adfoc.us-mixedcontent.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-
-     For rules not causing mixed content, see adfoc.us.xml
-
--->
-<ruleset name="AdFoc.us (mixed content)" platform="mixedcontent">
-
-	<target host="forum.adfoc.us" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/adfoc.us.xml b/src/chrome/content/rules/adfoc.us.xml
index 6291b9e1311f..0eea88adfa4e 100644
--- a/src/chrome/content/rules/adfoc.us.xml
+++ b/src/chrome/content/rules/adfoc.us.xml
@@ -1,15 +1,10 @@
-<!--
-
-	For rules causing mixed content, see adfoc.us-mixedcontent.xml
-
--->
 <ruleset name="AdFoc.us">
-
 	<target host="adfoc.us" />
+	<target host="www.adfoc.us" />
 	<target host="cdn.adfoc.us" />
-	<target host="www.adfoc.us" />	
+	<target host="forum.adfoc.us" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/adlantis.jp.xml b/src/chrome/content/rules/adlantis.jp.xml
deleted file mode 100644
index 0a4257b838ae..000000000000
--- a/src/chrome/content/rules/adlantis.jp.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-
-	Nonfunctional domains:
-
-		- click	(times out)
-		- tn	(connection closed)
-
-	Problematic subdomains:
-
-		- blog	(cert invalid)
-		- status	(cert invalid)
-
--->
-<ruleset name="adlantis.jp">
-
-	<target host="static.adlantis.jp" />
-	<target host="www.adlantis.jp" />
-
-	<test url="http://static.adlantis.jp/javascripts/AdLantisLoader.js?20090519" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/administrator.de.xml b/src/chrome/content/rules/administrator.de.xml
deleted file mode 100644
index d32aa2412085..000000000000
--- a/src/chrome/content/rules/administrator.de.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- www.administrator.de
-
--->
-<ruleset name="administrator.de">
-
-	<target host="administrator.de" />
-	<target host="www.administrator.de" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.administrator\.de$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/adnet.pro.xml b/src/chrome/content/rules/adnet.pro.xml
index 1242cf96c005..ffdb43dac379 100644
--- a/src/chrome/content/rules/adnet.pro.xml
+++ b/src/chrome/content/rules/adnet.pro.xml
@@ -10,7 +10,7 @@
 
 	<target host="adimages.adnet.pro" />
 	<target host="adnetdelivery.adnet.pro" />
-	
+
 		<!--	Sets cookies without Secure:
 							-->
 		<!--test url="http://adnetdelivery.adnet.pro/avw.php?zoneid=&amp;cb=&amp;n=" /-->
diff --git a/src/chrome/content/rules/adnetexpress.net.xml b/src/chrome/content/rules/adnetexpress.net.xml
index 7321ba8b80e4..e71ccf633216 100644
--- a/src/chrome/content/rules/adnetexpress.net.xml
+++ b/src/chrome/content/rules/adnetexpress.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://adnetexpress.net/ => https://adnetexpress.net/: (28, 'Operat
 Fetch error: http://www.adnetexpress.net/ => https://www.adnetexpress.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="adnetexpress.net" default_off='failed ruleset test'>
+<ruleset name="adnetexpress.net" default_off="failed ruleset test">
 
 	<target host="adnetexpress.net" />
 	<target host="www.adnetexpress.net" />
diff --git a/src/chrome/content/rules/adr.org.xml b/src/chrome/content/rules/adr.org.xml
index f2c76ec25e43..02029187bd7c 100644
--- a/src/chrome/content/rules/adr.org.xml
+++ b/src/chrome/content/rules/adr.org.xml
@@ -38,7 +38,7 @@ Fetch error: http://services.adr.org/ => https://services.adr.org/: (28, 'Connec
 		- www.adr.org
 
 -->
-<ruleset name="ADR.org (partial)" default_off='failed ruleset test'>
+<ruleset name="ADR.org (partial)" default_off="failed ruleset test">
 
 	<target host="adr.org" />
 	<target host="apps.adr.org" />
diff --git a/src/chrome/content/rules/adreclaim.com.xml b/src/chrome/content/rules/adreclaim.com.xml
index a0544f4ce89a..54e2ed2b88c4 100644
--- a/src/chrome/content/rules/adreclaim.com.xml
+++ b/src/chrome/content/rules/adreclaim.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://adreclaim.com/ => https://adreclaim.com/: (51, "SSL: no alternative certificate subject name matches target host name 'adreclaim.com'")
 
 -->
-<ruleset name="AdReclaim.com" default_off='failed ruleset test'>
+<ruleset name="AdReclaim.com" default_off="failed ruleset test">
 
 	<target host="adreclaim.com" />
 	<target host="cdn.adreclaim.com" />
diff --git a/src/chrome/content/rules/adsl.by.xml b/src/chrome/content/rules/adsl.by.xml
deleted file mode 100644
index 419a34d341e3..000000000000
--- a/src/chrome/content/rules/adsl.by.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-www.adsl.by non-2xx http code
-promo.adsl.by mismatch
-help.adsl.by expired
-feedback.adsl.by mismatch
-linux.adsl.by protocol error
-radio.adsl.by timed out
--->
-<ruleset name="adsl.by">
-	<target host="adsl.by" />
-	<target host="www.adsl.by" />
-	
-	<rule from="^http://www\.adsl\.by/"
-		to="https://adsl.by/" />
-	
-	<test url="http://www.adsl.by/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/adsnative.com.xml b/src/chrome/content/rules/adsnative.com.xml
index 5011a1302022..6a7714faf659 100644
--- a/src/chrome/content/rules/adsnative.com.xml
+++ b/src/chrome/content/rules/adsnative.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://adsnative.com/ => https://www.adsnative.com/: (28, 'Connecti
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="AdsNative.com" default_off='failed ruleset test'>
+<ruleset name="AdsNative.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/adultswim.xml b/src/chrome/content/rules/adultswim.xml
deleted file mode 100644
index f2495ba6548e..000000000000
--- a/src/chrome/content/rules/adultswim.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For other Turner coverage, see Turner.com.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.adultswim.com
-
-
-	Mixed content:
-
-		- css from i.cdn.turner.com *
-		- Image from i.cdn.turner.com *
-
-	* Ruleset disabled by default <= needs tests
-
--->
-<ruleset name="Adult Swim.com" platform="mixedcontent">
-
-	<!--	Direct rewrites:
-				-->
- 	<target host="www.adultswim.com" />
-	<target host="adultswim.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.adultswim\.com$" name="^CG$" /-->
-
-	<securecookie host="^www\.adultswim\.com$" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/advision-adnw.jp.xml b/src/chrome/content/rules/advision-adnw.jp.xml
index 9c21f5503c33..194f6e0584e3 100644
--- a/src/chrome/content/rules/advision-adnw.jp.xml
+++ b/src/chrome/content/rules/advision-adnw.jp.xml
@@ -5,4 +5,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/afisha.ru.xml b/src/chrome/content/rules/afisha.ru.xml
index 15f1a7e06de4..db8d16c78e03 100644
--- a/src/chrome/content/rules/afisha.ru.xml
+++ b/src/chrome/content/rules/afisha.ru.xml
@@ -186,7 +186,7 @@ zodakguide.afisha.ru different content
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="afisha.ru" default_off='failed ruleset test'>
+<ruleset name="afisha.ru" default_off="failed ruleset test">
 	<target host="afisha.ru" />
 	<target host="www.afisha.ru" />
 	<target host="api.afisha.ru" />
diff --git a/src/chrome/content/rules/agoradesk.com.xml b/src/chrome/content/rules/agoradesk.com.xml
new file mode 100644
index 000000000000..4f1616b1c0cf
--- /dev/null
+++ b/src/chrome/content/rules/agoradesk.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="agoradesk.com">
+	<target host="agoradesk.com" />
+	<target host="www.agoradesk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ahcdn.com-falsemixed.xml b/src/chrome/content/rules/ahcdn.com-falsemixed.xml
deleted file mode 100644
index d06d5c65e492..000000000000
--- a/src/chrome/content/rules/ahcdn.com-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see ahcdn.com.xml.
-
-
-	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="ahcdn.com (false MCB)" platform="mixedcontent">
-
-	<target host="ahcdn.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ahcdn.com.xml b/src/chrome/content/rules/ahcdn.com.xml
index 6e141d190296..9045b2687fc0 100644
--- a/src/chrome/content/rules/ahcdn.com.xml
+++ b/src/chrome/content/rules/ahcdn.com.xml
@@ -1,55 +1,21 @@
 <!--
-	For rules causing false/broken MCB, see ahcdn.com-falsemixed.xml.
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .ahcdn.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on ^ from $self ˢ
-		- Images on ^ from $self ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+	Non-functional hosts
+		Timeout was reached:
+		- mon.ahcdn.com
 -->
-<ruleset name="ahcdn.com (partial)">
-
-	<target host="*.ahcdn.com" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}ahcdn\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.ahcdn.com/" />
-			<test url="http://exists.not.ahcdn.com/" />
-
-		<test url="http://ip19664247.ahcdn.com/" />
-		<test url="http://www.ahcdn.com/" />
-
-		<!--	Avoid potential flash policy problems:
-								-->
-		<exclusion pattern="/crossdomain\.xml(?:$|\?)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.ahcdn.com/crossdomain.xml" />
-			<test url="http://www.ahcdn.com/bar/crossdomain.xml" />
-			<test url="http://www.ahcdn.com/foo/crossdomain.xml" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.ahcdn\.com$" name="^S2SIDCDNSITE$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+<ruleset name="ahcdn.com">
+	<target host="ahcdn.com" />
+	<target host="www.ahcdn.com" />
+	<target host="cp.ahcdn.com" />
+	<target host="dev.ahcdn.com" />
+	<target host="pixcp.ahcdn.com" />
+	<target host="ip51437333.ahcdn.com" />
+	<target host="ip53801869.ahcdn.com" />
+	<target host="ip53816682.ahcdn.com" />
+	<target host="ip54664429.ahcdn.com" />
+	<target host="ip88783927.ahcdn.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ahead.org.xml b/src/chrome/content/rules/ahead.org.xml
index 6bf49ab0fce3..a79e4736665b 100644
--- a/src/chrome/content/rules/ahead.org.xml
+++ b/src/chrome/content/rules/ahead.org.xml
@@ -2,7 +2,7 @@
 	Mixed content:
 
 		- Image on www from $self ˢ
-	
+
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
diff --git a/src/chrome/content/rules/ahoy.re.xml b/src/chrome/content/rules/ahoy.re.xml
deleted file mode 100644
index 3ab9936aeab5..000000000000
--- a/src/chrome/content/rules/ahoy.re.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ahoy.re">
-	<target host="ahoy.re" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ahyasalam.com.xml b/src/chrome/content/rules/ahyasalam.com.xml
deleted file mode 100644
index 1f5b21d66027..000000000000
--- a/src/chrome/content/rules/ahyasalam.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ahyasalam.com">
-	<target host="ahyasalam.com" />
-	<target host="www.ahyasalam.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/aimp.ru.xml b/src/chrome/content/rules/aimp.ru.xml
new file mode 100644
index 000000000000..72a70290d3ab
--- /dev/null
+++ b/src/chrome/content/rules/aimp.ru.xml
@@ -0,0 +1,9 @@
+<ruleset name="aimp.ru">
+	<target host="aimp.ru" />
+	<target host="www.aimp.ru" />
+	<target host="blog.aimp.ru" />
+	<target host="forum.aimp.ru" />
+	<target host="mail.aimp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/airbites.net.ua.xml b/src/chrome/content/rules/airbites.net.ua.xml
index 9a0d7277fc73..6d53aeefb03a 100644
--- a/src/chrome/content/rules/airbites.net.ua.xml
+++ b/src/chrome/content/rules/airbites.net.ua.xml
@@ -47,7 +47,7 @@ speedtest-lv.airbites.net.ua different content
 ³ timed out
 ⁵ expired
 -->
-<ruleset name="airbites.net.ua" default_off='failed ruleset test'>
+<ruleset name="airbites.net.ua" default_off="failed ruleset test">
 	<target host="airbites.net.ua" />
 	<target host="www.airbites.net.ua" />
 	<target host="api.airbites.net.ua" />
diff --git a/src/chrome/content/rules/aircrack-ng.org-mixedcontent.xml b/src/chrome/content/rules/aircrack-ng.org-mixedcontent.xml
deleted file mode 100644
index 4bf92e7a14ee..000000000000
--- a/src/chrome/content/rules/aircrack-ng.org-mixedcontent.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-
-	For non-mixed content rules, see aircrack-ng.org.xml.
-
--->
-<ruleset name="aircrack-ng.org (mixed content)" platform="mixedcontent">
-
-	<target host="photos.aircrack-ng.org" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/aircrack-ng.org.xml b/src/chrome/content/rules/aircrack-ng.org.xml
index df9dab6010f8..95549bbe1cf5 100644
--- a/src/chrome/content/rules/aircrack-ng.org.xml
+++ b/src/chrome/content/rules/aircrack-ng.org.xml
@@ -1,15 +1,9 @@
 <!--
-
-	For mixed content rules, see aircrack-ng.org-mixedcontent.xml.
-
-	Mismatched hosts in *aircrack-ng.org:
-
+	Mismatched:
 		- blog
 		- twitter
-
 -->
 <ruleset name="aircrack-ng.org">
-
 	<target host="aircrack-ng.org" />
 	<target host="www.aircrack-ng.org" />
 	<target host="airoscript.aircrack-ng.org" />
@@ -24,9 +18,6 @@
 	<target host="pictures.aircrack-ng.org" />
 	<target host="securitytube.aircrack-ng.org" />
 	<target host="storage.aircrack-ng.org" />
-	<target host="svn.aircrack-ng.org" />
-	<target host="svn.mdk3.aircrack-ng.org" />
-	<target host="trac.aircrack-ng.org" />
 	<target host="video.aircrack-ng.org" />
 	<target host="videos.aircrack-ng.org" />
 	<target host="vmware.aircrack-ng.org" />
@@ -38,7 +29,5 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/airelf.com.tw.xml b/src/chrome/content/rules/airelf.com.tw.xml
deleted file mode 100644
index f9fa495f2556..000000000000
--- a/src/chrome/content/rules/airelf.com.tw.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="airelf.com.tw">
-	<target host="airelf.com.tw" />
-	<target host="www.airelf.com.tw" />
-	<target host="168.airelf.com.tw" />
-
-	<securecookie host="^\.airelf\.com\.tw$" name=".+" />
-
-	<!-- airelf.com.tw and chat.airelf.com.tw doesn't support https -->
-	<rule from="^http://airelf\.com\.tw/"
-		to="https://www.airelf.com.tw/" />
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/airesume.com.xml b/src/chrome/content/rules/airesume.com.xml
deleted file mode 100644
index 8e74094204b0..000000000000
--- a/src/chrome/content/rules/airesume.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="airesume.com">
-	<target host="airesume.com" />
-	<target host="www.airesume.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/aironetsp.ru.xml b/src/chrome/content/rules/aironetsp.ru.xml
deleted file mode 100644
index 994b5f7421ee..000000000000
--- a/src/chrome/content/rules/aironetsp.ru.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!--
-aironetsp.ru mismatch
-www.aironetsp.ru mismatch
--->
-<ruleset name="aironetsp.ru (partial)">
-	<target host="bill.aironetsp.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/airsoftclubnederland.nl.xml b/src/chrome/content/rules/airsoftclubnederland.nl.xml
new file mode 100644
index 000000000000..43cc26a21468
--- /dev/null
+++ b/src/chrome/content/rules/airsoftclubnederland.nl.xml
@@ -0,0 +1,8 @@
+<ruleset name="airsoftclubnederland.nl">
+
+	<target host="airsoftclubnederland.nl" />
+	<target host="www.airsoftclubnederland.nl" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/akbars.ru.xml b/src/chrome/content/rules/akbars.ru.xml
index 5c65d222ab56..f62a5cb62eb8 100644
--- a/src/chrome/content/rules/akbars.ru.xml
+++ b/src/chrome/content/rules/akbars.ru.xml
@@ -8,7 +8,7 @@ quickweb.akbars.ru ³
 
 ³ timed out
 -->
-<ruleset name="akbars.ru" default_off='failed ruleset test'>
+<ruleset name="akbars.ru" default_off="failed ruleset test">
 	<target host="akbars.ru" />
 	<target host="www.akbars.ru" />
 	<target host="ibank.akbars.ru" />
diff --git a/src/chrome/content/rules/akixi.com.xml b/src/chrome/content/rules/akixi.com.xml
index 9150c82885e4..e53a2ab1e2a9 100644
--- a/src/chrome/content/rules/akixi.com.xml
+++ b/src/chrome/content/rules/akixi.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://alto.akixi.com/ => https://alto.akixi.com/: (28, 'Connection
 		- stratus.akixi.com
 		- svn.akixi.com
 -->
-<ruleset name="akixi.com" default_off='failed ruleset test'>
+<ruleset name="akixi.com" default_off="failed ruleset test">
 	<target host="alto.akixi.com" />
 	<target host="broadconnect.akixi.com" />
 	<target host="cirrus.akixi.com" />
diff --git a/src/chrome/content/rules/alArabiya.net.xml b/src/chrome/content/rules/alArabiya.net.xml
index 0631254a6f13..3e5817f50f9b 100644
--- a/src/chrome/content/rules/alArabiya.net.xml
+++ b/src/chrome/content/rules/alArabiya.net.xml
@@ -20,14 +20,14 @@
 	Refused:
 		survey.alarabiya.net
 
-	Time out: 
+	Time out:
 		alarabiya.net
 		anaara.alarabiya.net
 		apisaic.alarabiya.net
 		api.cal.alarabiya.net
 		www.english.alarabiya.net
 		saic.alarabiya.net
-		api.saic.alarabiya.net 
+		api.saic.alarabiya.net
 -->
 <ruleset name="Al Arabiya.net">
 	<target host="www.alarabiya.net" />
@@ -38,11 +38,11 @@
 	<target host="mubasher.alarabiya.net" />
 	<target host="spectator.alarabiya.net" />
 	<target host="static.alarabiya.net" />
-	<target host="urdu.alarabiya.net" /> 
+	<target host="urdu.alarabiya.net" />
 	<target host="vid.alarabiya.net" />
-	<target host="webapps.alarabiya.net" /> 
+	<target host="webapps.alarabiya.net" />
 
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset> 
+</ruleset>
diff --git a/src/chrome/content/rules/alaMaula.com.xml b/src/chrome/content/rules/alaMaula.com.xml
new file mode 100644
index 000000000000..a8ad0339e7f1
--- /dev/null
+++ b/src/chrome/content/rules/alaMaula.com.xml
@@ -0,0 +1,124 @@
+<!--
+	Non-functional subdomains:
+
+		- 094	(t)
+		- 124	(t)
+		- 12nianouzhoubeijuesaishipin	(t)
+		- 1311	(t)
+		- 138	(t)
+		- 140203	(t)
+		- 168bocai	(t)
+		- 1737qipaiyouxipingtai	(t)
+		- 18187870	(t)
+		- 183-dsl	(t)
+		- 188betzhuce	(t)
+		- 188jinbaobodailipingtai	(t)
+		- 1998nianouzhoubeipaiming	(t)
+		- 2012ouzhoubeimaiqiu	(t)
+		- 2012ouzhoubeizuixinzhankuang	(t)
+		- 2013bocaizhucesongcaijin	(t)
+		- 2022	(t)
+		- 204	(t)
+		- 21diangubao	(t)
+		- 261	(t)
+		- 29yyyy	(t)
+		- 321quanxunwang	(t)
+		- 329	(t)
+		- 33217321	(t)
+		- 3344555comxinquanxunwang	(t)
+		- 360doudizhu	(t)
+		- 360shishicai	(t)
+		- 365-days-of-christmas	(t)
+		- 365tiyutouzhu	(t)
+		- 38rn	(t)
+		- 3dtouzhuwang	(t)
+		- 3dzoushitu	(t)
+		- 3uyulechengkaihu	(t)
+		- 3uyulechengxianjinkaihu	(t)
+		- 50yuancunkuandebocaigongsi	(t)
+		- 56didi	(t)
+		- 579ii	(t)
+		- 5x50	(t)
+		- 6644	(r)
+		- admin	(t)
+		- alpha	(t)
+		- app	(t)
+		- autoconfig	(t)
+		- autodiscover	(t)
+		- b	(t)
+		- blog	(t)
+		- clients	(t)
+		- console	(t)
+		- corp	(t)
+		- demo	(t)
+		- dev	(t)
+		- development	(t)
+		- docs	(t)
+		- ecg-api-partners	(r)
+		- ecg-apis-partners	(r)
+		- events	(t)
+		- f	(t)
+		- files	(t)
+		- ftp	(t)
+		- gamma	(t)
+		- git	(t)
+		- help	(t)
+		- homepage	(t)
+		- imap	(t)
+		- img	(t)
+		- info	(t)
+		- int	(t)
+		- internal	(t)
+		- intra	(t)
+		- kb	(t)
+		- lists	(t)
+		- m	(t)
+		- mail	(t)
+		- media	(t)
+		- members	(t)
+		- mktg	(t)
+		- my	(t)
+		- news	(t)
+		- newsletter	(t)
+		- photos	(t)
+		- pic	(t)
+		- pics	(t)
+		- pop	(t)
+		- pre	(t)
+		- prelive	(t)
+		- release	(t)
+		- resources	(t)
+		- search	(t)
+		- secure	(t)
+		- server	(t)
+		- services	(t)
+		- smtp	(t)
+		- staging	(t)
+		- store	(t)
+		- test	(t)
+		- vpn	(t)
+		- web	(t)
+		- webdisk	(t)
+		- webmail	(t)
+		- wiki	(t)
+		- www-staging	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="alaMaula">
+
+	<target host="alamaula.com" />
+	<target host="www.alamaula.com" />
+	<target host="ayuda.alamaula.com" />
+	<target host="ecg-api.alamaula.com" />
+	<target host="ecg-apis.alamaula.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alau.kz.xml b/src/chrome/content/rules/alau.kz.xml
index 80f9e1d5955f..1208635611ba 100644
--- a/src/chrome/content/rules/alau.kz.xml
+++ b/src/chrome/content/rules/alau.kz.xml
@@ -5,7 +5,7 @@ Fetch error: http://alau.kz/ => https://alau.kz/: (7, 'Failed to connect to alau
 Fetch error: http://www.alau.kz/ => https://www.alau.kz/: (7, 'Failed to connect to www.alau.kz port 443: Connection refused')
 
 -->
-<ruleset name="alau.kz" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="alau.kz" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="alau.kz" />
 	<target host="www.alau.kz" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/alayam24.com.xml b/src/chrome/content/rules/alayam24.com.xml
index b926c3b8fcaa..9615a1d939cc 100644
--- a/src/chrome/content/rules/alayam24.com.xml
+++ b/src/chrome/content/rules/alayam24.com.xml
@@ -1,9 +1,23 @@
-<ruleset name="alayam24.com" platform="mixedcontent">
+<!--
+	Mismatched:
+		- mail
+
+	SSL handshake failure:
+		- images.ads
+
+	Timeout:
+		- ads
+
+	Redirects to dev, dev is NXDOMAIN:
+		- mobile
+-->
+<ruleset name="alayam24.com">
 	<target host="alayam24.com" />
 	<target host="www.alayam24.com" />
+	<target host="api.alayam24.com" />
 	<target host="m.alayam24.com" />
+	<target host="preprod.alayam24.com" />
 	<target host="static.alayam24.com" />
-		<test url="http://static.alayam24.com/assets/plugins/slider/jquery.bxslider.css?201505181141/" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/alcohol-soft.com.xml b/src/chrome/content/rules/alcohol-soft.com.xml
new file mode 100644
index 000000000000..48b928f384e8
--- /dev/null
+++ b/src/chrome/content/rules/alcohol-soft.com.xml
@@ -0,0 +1,53 @@
+<!--
+	Invalid certificate:
+		callback.alcohol-soft.com
+		www.callback.alcohol-soft.com
+		control.alcohol-soft.com
+		www.control.alcohol-soft.com
+		dns.alcohol-soft.com
+		dns3.alcohol-soft.com
+		ftp.forum.alcohol-soft.com
+		mail.forum.alcohol-soft.com
+		smtp.forum.alcohol-soft.com
+		pop.forum.alcohol-soft.com
+		www.images.alcohol-soft.com
+		ns1.alcohol-soft.com
+		ns2.alcohol-soft.com
+		serial.alcohol-soft.com
+		www.serial.alcohol-soft.com
+		www.shop.alcohol-soft.com
+		www.support.alcohol-soft.com
+		www.trial.alcohol-soft.com
+		www.users.alcohol-soft.com
+		www.vodka2.alcohol-soft.com
+		ftp.vodka2.alcohol-soft.com
+		mail.vodka2.alcohol-soft.com
+		pop.vodka2.alcohol-soft.com
+		smtp.vodka2.alcohol-soft.com
+
+	Redirect to HTTP:
+		trial.alcohol-soft.com
+
+	Refused:
+		localhost.alcohol-soft.com
+		localhost.forum.alcohol-soft.com
+		localhost.vodka2.alcohol-soft.com
+-->
+<ruleset name="alcohol-soft.com">
+	<target host="alcohol-soft.com" />
+	<target host="www.alcohol-soft.com" />
+	<target host="forum.alcohol-soft.com" />
+	<target host="www.forum.alcohol-soft.com" />
+	<target host="ftp.alcohol-soft.com" />
+	<target host="images.alcohol-soft.com" />
+	<target host="ma01.alcohol-soft.com" />
+	<target host="mail.alcohol-soft.com" />
+	<target host="pop.alcohol-soft.com" />
+	<target host="shop.alcohol-soft.com" />
+	<target host="smtp.alcohol-soft.com" />
+	<target host="support.alcohol-soft.com" />
+	<target host="users.alcohol-soft.com" />
+	<target host="vodka2.alcohol-soft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aldeparty.eu.xml b/src/chrome/content/rules/aldeparty.eu.xml
index 65a73b2768d1..98a4eef85a2e 100644
--- a/src/chrome/content/rules/aldeparty.eu.xml
+++ b/src/chrome/content/rules/aldeparty.eu.xml
@@ -1,12 +1,8 @@
-<!--
-policycentre.aldeparty.eu ¹
-
-
-¹ mismatch
--->
-<ruleset name="aldeparty.eu" platform="mixedcontent">
+<ruleset name="aldeparty.eu">
 	<target host="aldeparty.eu" />
 	<target host="www.aldeparty.eu" />
 
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/alf.nu.xml b/src/chrome/content/rules/alf.nu.xml
new file mode 100644
index 000000000000..d5abbc23127a
--- /dev/null
+++ b/src/chrome/content/rules/alf.nu.xml
@@ -0,0 +1,436 @@
+<!--
+	Invalid certificate:
+		c-10-app.alf.nu
+		c-10-email.alf.nu
+		c-10-pl.alf.nu
+		c-10-qa.alf.nu
+		c-10-team.alf.nu
+		c-7-email.alf.nu
+		c-7-pl.alf.nu
+		c-accounts-app.alf.nu
+		c-accounts-com.alf.nu
+		c-accounts-email.alf.nu
+		c-accounts-games.alf.nu
+		c-accounts-kr.alf.nu
+		c-accounts-net.alf.nu
+		c-accounts-org.alf.nu
+		c-accounts-support.alf.nu
+		c-accounts-pl.alf.nu
+		c-accounts-promo.alf.nu
+		c-billing-nl.alf.nu
+		c-admin-app.alf.nu
+		c-admin-ci.alf.nu
+		c-admin-dev.alf.nu
+		c-admin-email.alf.nu
+		c-admin-eu.alf.nu
+		c-admin-pl.alf.nu
+		c-administrator-eu.alf.nu
+		c-administrator-pl.alf.nu
+		c-administrator-org.alf.nu
+		c-app-com.alf.nu
+		c-app-email.alf.nu
+		c-app-engineering.alf.nu
+		c-app-events.alf.nu
+		c-app-games.alf.nu
+		c-app-net.alf.nu
+		c-app-nl.alf.nu
+		c-app-pl.alf.nu
+		c-app-support.alf.nu
+		c-backend-cf.alf.nu
+		c-backend-cn.alf.nu
+		c-backend-email.alf.nu
+		c-backend-eu.alf.nu
+		c-backend-games.alf.nu
+		c-backend-kr.alf.nu
+		c-backend-pl.alf.nu
+		c-backend-nl.alf.nu
+		c-billing-email.alf.nu
+		c-billing-team.alf.nu
+		c-client-app.alf.nu
+		c-client-com.alf.nu
+		c-client-email.alf.nu
+		c-client-events.alf.nu
+		c-client-nl.alf.nu
+		c-client-pl.alf.nu
+		c-client-qa.alf.nu
+		c-client-team.alf.nu
+		c-confluence-com.alf.nu
+		c-confluence-eu.alf.nu
+		c-confluence-events.alf.nu
+		c-confluence-kr.alf.nu
+		c-confluence-nl.alf.nu
+		c-confluence-org.alf.nu
+		c-confluence-pl.alf.nu
+		c-confluence-support.alf.nu
+		c-data-ci.alf.nu
+		c-data-eu.alf.nu
+		c-data-new.alf.nu
+		c-data-org.alf.nu
+		c-data-pl.alf.nu
+		c-data-reviews.alf.nu
+		c-devops-app.alf.nu
+		c-devops-com.alf.nu
+		c-devops-events.alf.nu
+		c-devops-global.alf.nu
+		c-devops-nl.alf.nu
+		c-devops-pl.alf.nu
+		c-devops-promo.alf.nu
+		c-devops-reviews.alf.nu
+		c-devops-team.alf.nu
+		c-docker-ci.alf.nu
+		c-docker-com.alf.nu
+		c-docker-pl.alf.nu
+		c-docker-eu.alf.nu
+		c-docker-email.alf.nu
+		c-docker-kr.alf.nu
+		c-docker-net.alf.nu
+		c-docker-nl.alf.nu
+		c-docker-oceania.alf.nu
+		c-eng-cn.alf.nu
+		c-eng-email.alf.nu
+		c-eng-nl.alf.nu
+		c-eng-pl.alf.nu
+		c-eng-pub.alf.nu
+		c-feb-ci.alf.nu
+		c-feb-nl.alf.nu
+		c-feb-org.alf.nu
+		c-feb-pl.alf.nu
+		c-ftp-email.alf.nu
+		c-ftp-eu.alf.nu
+		c-hkg-cn.alf.nu
+		c-hkg-eu.alf.nu
+		c-hkg-events.alf.nu
+		c-hkg-pl.alf.nu
+		c-hw-com.alf.nu
+		c-k-email.alf.nu
+		c-k-pl.alf.nu
+		c-las-kr.alf.nu
+		c-las-pl.alf.nu
+		c-latin-app.alf.nu
+		c-latin-email.alf.nu
+		c-latin-events.alf.nu
+		c-latin-net.alf.nu
+		c-latin-pl.alf.nu
+		c-latinamerica-nl.alf.nu
+		c-local-email.alf.nu
+		c-local-global.alf.nu
+		c-local-nl.alf.nu
+		c-local-org.alf.nu
+		c-local-pl.alf.nu
+		c-m-email.alf.nu
+		c-m-pl.alf.nu
+		c-new-events.alf.nu
+		c-new-nl.alf.nu
+		c-new-org.alf.nu
+		c-new-pl.alf.nu
+		c-new-qa.alf.nu
+		c-new-team.alf.nu
+		c-o-pl.alf.nu
+		c-o-team.alf.nu
+		c-oceania-app.alf.nu
+		c-oceania-nl.alf.nu
+		c-oceania-pl.alf.nu
+		c-ops-app.alf.nu
+		c-ops-ci.alf.nu
+		c-ops-email.alf.nu
+		c-ops-events.alf.nu
+		c-ops-net.alf.nu
+		c-ops-nl.alf.nu
+		c-ops-pl.alf.nu
+		c-ops-team.alf.nu
+		c-origin-net.alf.nu
+		c-origin-com.alf.nu
+		c-origin-cn.alf.nu
+		c-origin-pl.alf.nu
+		c-origin-qa.alf.nu
+		c-origin-kr.alf.nu
+		c-origin-dev.alf.nu
+		c-pay-com.alf.nu
+		c-pay-email.alf.nu
+		c-pay-games.alf.nu
+		c-pay-net.alf.nu
+		c-pay-pl.alf.nu
+		c-pay-support.alf.nu
+		c-priv-app.alf.nu
+		c-priv-net.alf.nu
+		c-prod-net.alf.nu
+		c-prod-pl.alf.nu
+		c-prod-support.alf.nu
+		c-prod-team.alf.nu
+		c-promo-app.alf.nu
+		c-promo-ci.alf.nu
+		c-promo-com.alf.nu
+		c-promo-kr.alf.nu
+		c-promo-nl.alf.nu
+		c-promo-page.alf.nu
+		c-promo-pl.alf.nu
+		c-promotion-pl.alf.nu
+		c-promotion-team.alf.nu
+		c-promotion-email.alf.nu
+		c-promotion-com.alf.nu
+		c-promotion-events.alf.nu
+		c-pub-app.alf.nu
+		c-pub-dev.alf.nu
+		c-pub-eu.alf.nu
+		c-pub-email.alf.nu
+		c-pub-games.alf.nu
+		c-pub-net.alf.nu
+		c-pub-nl.alf.nu
+		c-pub-pl.alf.nu
+		c-secure-eu.alf.nu
+		c-secure-cf.alf.nu
+		c-secure-cn.alf.nu
+		c-secure-engineering.alf.nu
+		c-secure-events.alf.nu
+		c-secure-nl.alf.nu
+		c-secure-vi.alf.nu 
+		c-security-com.alf.nu
+		c-security-pl.alf.nu
+		c-security-eu.alf.nu
+		c-security-engineering.alf.nu
+		c-sept-eu.alf.nu
+		c-sept-kr.alf.nu
+		c-sept-nl.alf.nu
+		c-sept-pl.alf.nu
+		c-sept-team.alf.nu
+		c-soa-net.alf.nu
+		c-ssl-com.alf.nu
+		c-ssl-email.alf.nu
+		c-ssl-nl.alf.nu
+		c-ssl-pl.alf.nu
+		c-ssl-team.alf.nu
+		c-staging-email.alf.nu
+		c-staging-eu.alf.nu
+		c-staging-games.alf.nu
+		c-staging-kr.alf.nu
+		c-staging-nl.alf.nu
+		c-staging-org.alf.nu
+		c-staging-pl.alf.nu
+		c-staging-support.alf.nu
+		c-system-cf.alf.nu
+		c-system-dev.alf.nu
+		c-system-events.alf.nu
+		c-system-games.alf.nu
+		c-system-net.alf.nu
+		c-system-pl.alf.nu
+		c-system-reviews.alf.nu
+		c-system-support.alf.nu
+		c-system-nl.alf.nu
+		c-t-email.alf.nu
+		c-t-events.alf.nu
+		c-t-pl.alf.nu
+		c-tdns-com.alf.nu
+		c-tdns-eu.alf.nu
+		c-tdns-nl.alf.nu
+		c-tdns-org.alf.nu
+		c-tdns-pl.alf.nu
+		c-tdns1-com.alf.nu
+		c-tdns2-1-email.alf.nu
+		c-tdns2-4-email.alf.nu
+		c-tdns2-18-email.alf.nu
+		c-tdns2-18-pl.alf.nu
+		c-tdns2-com.alf.nu
+		c-tdns2-oct-cn.alf.nu
+		c-tdns2-oct-com.alf.nu
+		c-tdns2-oct-org.alf.nu
+		c-tdns2-mirror-pl.alf.nu
+		c-tdns2-mirror-reviews.alf.nu
+		c-trial-com.alf.nu
+		c-tdns2-oct-pl.alf.nu
+		c-trial-org.alf.nu
+		c-trial-pl.alf.nu
+		c-trial-promo.alf.nu
+		c-trial-support.alf.nu
+		c-users-org.alf.nu
+		c-users-pl.alf.nu
+		c-v2-engineering.alf.nu
+		c-v2-eu.alf.nu
+		c-v2-cn.alf.nu
+		c-v2-nl.alf.nu
+		c-v2-org.alf.nu
+		c-webapp-nl.alf.nu
+		c-webapp-pl.alf.nu
+
+	Refused:
+		local.alf.nu
+		c-7-app.alf.nu
+		c-7-events.alf.nu
+		c-10-nl.alf.nu
+		c-16-com.alf.nu
+		c-accounts-nl.alf.nu
+		c-accounts-qa.alf.nu
+		c-accounts-team.alf.nu
+		c-admin-cf.alf.nu
+		c-admin-events.alf.nu
+		c-admin-org.alf.nu
+		c-administrator-app.alf.nu
+		c-administrator-events.alf.nu
+		c-administrator-dev.alf.nu
+		c-administrator-support.alf.nu
+		c-backend-app.alf.nu
+		c-backend-net.alf.nu
+		c-billing-net.alf.nu
+		c-c-app.alf.nu
+		c-client-dev.alf.nu
+		c-client-cn.alf.nu
+		c-data-email.alf.nu
+		c-data-page.alf.nu
+		c-data-support.alf.nu
+		c-eng-app.alf.nu
+		c-eng-kr.alf.nu
+		c-ftp-events.alf.nu
+		c-ftp-pl.alf.nu
+		c-k-cn.alf.nu
+		c-las-nl.alf.nu
+		c-latin-com.alf.nu
+		c-local-app.alf.nu
+		c-new-games.alf.nu
+		c-new-kr.alf.nu
+		c-o-app.alf.nu
+		c-oceania-dev.alf.nu
+		c-oceania-eu.alf.nu
+		c-pay-kr.alf.nu
+		c-pay-page.alf.nu
+		c-priv-com.alf.nu
+		c-prod-cf.alf.nu
+		c-prod-cn.alf.nu
+		c-prod-email.alf.nu
+		c-promo-email.alf.nu
+		c-secure-promo.alf.nu
+		c-secure-reviews.alf.nu
+		c-secure-support.alf.nu
+		c-security-email.alf.nu
+		c-security-games.alf.nu
+		c-security-support.alf.nu
+		c-security-vi.alf.nu
+		c-sept-net.alf.nu
+		c-soa-app.alf.nu
+		c-soa-com.alf.nu
+		c-soa-global.alf.nu
+		c-soa-nl.alf.nu
+		c-soa-team.alf.nu
+		c-ssl-events.alf.nu
+		c-ssl-promo.alf.nu
+		c-staging-cf.alf.nu
+		c-system-org.alf.nu
+		c-tdns-app.alf.nu
+		c-tdns-cn.alf.nu
+		c-tdns-email.alf.nu
+		c-tdns2-0-email.alf.nu
+		c-trial-eu.alf.nu
+		c-trial-net.alf.nu
+		c-v2-email.alf.nu
+		c-v2-net.alf.nu
+		c-v2-pl.alf.nu
+		c-webapp-com.alf.nu
+
+	Time out:
+		c-7-team.alf.nu
+		c-10-org.alf.nu
+		c-16-eu.alf.nu
+		c-16-net.alf.nu
+		c-accounts-eu.alf.nu
+		c-admin-games.alf.nu
+		c-admin-cn.alf.nu
+		c-admin-nl.alf.nu
+		c-admin-support.alf.nu
+		c-administrator-team.alf.nu
+		c-app-qa.alf.nu
+		c-app-security.alf.nu
+		c-billing-app.alf.nu
+		c-billing-dev.alf.nu
+		c-billing-pl.alf.nu
+		c-c-security.alf.nu
+		c-client-eu.alf.nu
+		c-confluence-app.alf.nu
+		c-confluence-dev.alf.nu
+		c-confluence-team.alf.nu
+		c-data-com.alf.nu
+		c-data-kr.alf.nu
+		c-data-security.alf.nu
+		c-data-cf.alf.nu
+		c-devops-kr.alf.nu
+		c-eng-eu.alf.nu
+		c-eng-net.alf.nu
+		c-f-team.alf.nu
+		c-feb-eu.alf.nu
+		c-ftp-cn.alf.nu
+		c-hkg-nl.alf.nu
+		c-hkg-org.alf.nu
+		c-latin-games.alf.nu
+		c-latinamerica-dev.alf.nu
+		c-latinamerica-kr.alf.nu
+		c-latinamerica-pl.alf.nu
+		c-local-games.alf.nu
+		c-local-eu.alf.nu
+		c-local-ci.alf.nu
+		c-local-kr.alf.nu
+		c-m-cn.alf.nu
+		c-new-eu.alf.nu
+		c-o-cn.alf.nu
+		c-ops-eu.alf.nu
+		c-pay-ci.alf.nu
+		c-priv-org.alf.nu
+		c-promo-eu.alf.nu
+		c-promo-qa.alf.nu
+		c-promotion-eu.alf.nu
+		c-promotion-nl.alf.nu
+		c-secure-net.alf.nu
+		c-secure-page.alf.nu
+		c-secure-pl.alf.nu
+		c-soa-eu.alf.nu
+		c-ssl-org.alf.nu
+		c-ssl-ci.alf.nu
+		c-ssl-cn.alf.nu
+		c-system-app.alf.nu
+		c-trial-dev.alf.nu
+		c-trial-nl.alf.nu
+		c-trial-pub.alf.nu
+		c-trial-reviews.alf.nu
+		c-users-eu.alf.nu
+		c-users-com.alf.nu
+
+	Unreachable:
+		c-administrator-cn.alf.nu
+		c-administrator-nl.alf.nu
+		c-app-eu.alf.nu
+		c-data-engineering.alf.nu
+		c-f-app.alf.nu
+		c-local-cn.alf.nu
+		c-local-net.alf.nu
+		c-new-engineering.alf.nu
+		c-new-promo.alf.nu
+		c-prod-nl.alf.nu
+		c-promo-pub.alf.nu
+		c-promotion-net.alf.nu
+		c-secure-email.alf.nu
+		c-t-org.alf.nu
+		c-trial-team.alf.nu
+
+	Unsupported protocol:
+		c-7-cn.alf.nu
+		c-feb-app.alf.nu
+		c-feb-engineering.alf.nu
+		c-latinamerica-com.alf.nu
+		c-m-events.alf.nu
+		c-new-dev.alf.nu
+		c-new-email.alf.nu
+		c-oceania-org.alf.nu
+		c-secure-app.alf.nu
+		c-secure-com.alf.nu
+		c-secure-team.alf.nu
+		c-users-kr.alf.nu
+		c-users-support.alf.nu
+		c-webapp-eu.alf.nu
+-->
+<ruleset name="alf.nu">
+	<target host="alf.nu" />
+	<target host="www.alf.nu" />
+	<target host="escape.alf.nu" />
+	<target host="regex.alf.nu" />
+	<target host="soa.alf.nu" />
+	<target host="tdns1.alf.nu" />
+	<target host="tdns2.alf.nu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alibaba-inc.com-falsemixed.xml b/src/chrome/content/rules/alibaba-inc.com-falsemixed.xml
deleted file mode 100644
index b16cbeb6b6d0..000000000000
--- a/src/chrome/content/rules/alibaba-inc.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see alibaba-inc.com.xml.
-
--->
-<ruleset name="Alibaba-Inc.com (false MCB)" platform="mixedcontent">
-
-	<!--	Complications:
-				-->
-	<target host="thx.alibaba-inc.com" />
-
-
-	<!--	Redirect keeps all:
-					-->
-	<rule from="^http://thx\.alibaba-inc\.com/"
-		to="https://thx.github.io/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/alibaba-inc.com.xml b/src/chrome/content/rules/alibaba-inc.com.xml
index d2b0f4415d98..a807630c7afd 100644
--- a/src/chrome/content/rules/alibaba-inc.com.xml
+++ b/src/chrome/content/rules/alibaba-inc.com.xml
@@ -1,71 +1,27 @@
 <!--
-	For rules causing false/broken MCB, see alibaba-inc.com-falsemixed.xml.
+	^ does not exist.
 
+	Dropped:
+		- cms.cn
+		- d2forum
 
-	Nonfunctional hosts in *alibaba-inc.com:
-
-		- cms.cn ᵈ
-		- d2forum ᵈ
-		- dataweek ᵃ
-		- jwb ᵈ
-		- megrez ᵈ
-		- mf ᵈ
-
-	ᵃ Shows another domain
-	ᵈ Dropped
-
-
-	Problematic hosts in *alibaba-inc.com:
-
-		- crm-eve.b2b ᵐ
-		- thx * ᵈ
-
-	* Mixed css at redirect destination
-	ᵈ Dropped, preemptable redirect
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- login.alibaba-inc.com
-		- login-ca.alibaba-inc.com
-
+	Mismatched:
+		- crm-eve.b2b
+		- dataweek
 -->
 <ruleset name="Alibaba-Inc.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
+	<target host="www.alibaba-inc.com" />
 	<target host="acl.alibaba-inc.com" />
 	<target host="alilang.alibaba-inc.com" />
 	<target host="ehr.alibaba-inc.com" />
-	<target host="hr.alibaba-inc.com" />
 	<target host="login.alibaba-inc.com" />
 	<target host="login-ca.alibaba-inc.com" />
 	<target host="pay.alibaba-inc.com" />
 	<target host="webmail.alibaba-inc.com" />
 	<target host="wlc.alibaba-inc.com" />
 	<target host="work.alibaba-inc.com" />
-	<target host="www.alibaba-inc.com" />
-
-	<!--	Complications:
-				-->
-	<!--target host="thx.alibaba-inc.com" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^login\.alibaba-inc\.com$" name="(?:JSESSIONID|^auth_type)$" /-->
-	<!--securecookie host="^login-ca\.alibaba-inc\.com$" name="JSESSIONID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	Redirect keeps all:
-					-->
-	<!--rule from="^http://thx\.alibaba-inc\.com/"
-		to="https://thx.github.io/" /-->
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/aliexpress.com-mixedcontent.xml b/src/chrome/content/rules/aliexpress.com-mixedcontent.xml
index da0f4a6490bb..9f0a57295989 100644
--- a/src/chrome/content/rules/aliexpress.com-mixedcontent.xml
+++ b/src/chrome/content/rules/aliexpress.com-mixedcontent.xml
@@ -2,18 +2,13 @@
 	For rules not causing MCB, see AliExpress.com.xml.
 -->
 <ruleset name="AliExpress.com (MCB)" platform="mixedcontent">
+	<target host="aliexpress.com" />
+	<target host="www.aliexpress.com" />
 	<target host="activities.aliexpress.com" />
-	<target host="collections.aliexpress.com" />
 	<target host="daxue.aliexpress.com" />
 	<target host="fulfillment.aliexpress.com" />
-	<target host="fuwu.aliexpress.com" />
-	<target host="group.aliexpress.com" />
-	<target host="id.aliexpress.com" />
-	<target host="mai.aliexpress.com" />
 	<target host="open.aliexpress.com" />
-	<target host="page.aliexpress.com" />
 	<target host="seller.aliexpress.com" />
-	<target host="superdeals.aliexpress.com" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/all4joomla.com.xml b/src/chrome/content/rules/all4joomla.com.xml
new file mode 100644
index 000000000000..59fb4b29cdb8
--- /dev/null
+++ b/src/chrome/content/rules/all4joomla.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Refused:
+		demo.all4joomla.com
+-->
+<ruleset name="all4joomla.com">
+	<target host="all4joomla.com" />
+	<target host="www.all4joomla.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alliance-media.org.uk.xml b/src/chrome/content/rules/alliance-media.org.uk.xml
index 80fbf2e65c92..862cd85950a2 100644
--- a/src/chrome/content/rules/alliance-media.org.uk.xml
+++ b/src/chrome/content/rules/alliance-media.org.uk.xml
@@ -2,7 +2,7 @@
 	NB: server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Alliance-Media.org.uk" default_off="missing certificate chain">
+<ruleset name="Alliance-Media.org.uk" default_off="cert-chain">
 
 	<target host="alliance-media.org.uk" />
 	<target host="www.alliance-media.org.uk" />
diff --git a/src/chrome/content/rules/allianz.com.xml b/src/chrome/content/rules/allianz.com.xml
index e3e0c6b1f229..4558c01fab54 100644
--- a/src/chrome/content/rules/allianz.com.xml
+++ b/src/chrome/content/rules/allianz.com.xml
@@ -72,7 +72,7 @@ Fetch error: http://www.azt.allianz.com/ => https://azt.allianz.com/: (6, 'Could
 	ˢ Secured by us
 
 -->
-<ruleset name="Allianz.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Allianz.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/allinvestments.ru.xml b/src/chrome/content/rules/allinvestments.ru.xml
index 6cc703a9e423..0fc79416a169 100644
--- a/src/chrome/content/rules/allinvestments.ru.xml
+++ b/src/chrome/content/rules/allinvestments.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.allinvestments.ru/ => https://www.allinvestments.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.allinvestments.ru'")
 
 -->
-<ruleset name="allinvestments.ru" default_off='failed ruleset test'>
+<ruleset name="allinvestments.ru" default_off="failed ruleset test">
 	<target host="allinvestments.ru" />
 	<target host="www.allinvestments.ru" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/almayadeen.net.xml b/src/chrome/content/rules/almayadeen.net.xml
index 9b8062b90db9..5d937858d094 100644
--- a/src/chrome/content/rules/almayadeen.net.xml
+++ b/src/chrome/content/rules/almayadeen.net.xml
@@ -7,14 +7,14 @@ Invalid certificate:
 	hubs-es.almayadeen.net
 	upload.almayadeen.net
 
-Timeout: 
+Timeout:
 	careers.almayadeen.net
 	media-g.almayadeen.net
 -->
-<ruleset name="Al Mayadeen" default_off='failed ruleset test'>    
+<ruleset name="Al Mayadeen" default_off="failed ruleset test">
 	<target host="almayadeen.net" />
-	<target host="www.almayadeen.net" />      
-	<target host="api.almayadeen.net" />  
+	<target host="www.almayadeen.net" />
+	<target host="api.almayadeen.net" />
 	<target host="cdn.almayadeen.net" />
 	<target host="cdnm.almayadeen.net" />
 	<target host="cms-es.almayadeen.net" />
diff --git a/src/chrome/content/rules/almeshkat.net.xml b/src/chrome/content/rules/almeshkat.net.xml
index ef936283420b..bc1655a1063c 100644
--- a/src/chrome/content/rules/almeshkat.net.xml
+++ b/src/chrome/content/rules/almeshkat.net.xml
@@ -2,6 +2,6 @@
 	<target host="almeshkat.net" />
 	<target host="www.almeshkat.net" />
 	<target host="mail.almeshkat.net" />
-	
+
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/alpharatio.cc.xml b/src/chrome/content/rules/alpharatio.cc.xml
index 60614f826f12..993fcd558bff 100644
--- a/src/chrome/content/rules/alpharatio.cc.xml
+++ b/src/chrome/content/rules/alpharatio.cc.xml
@@ -1,6 +1,6 @@
 <ruleset name="AlphaRatio">
 	<target host="alpharatio.cc" />
 	<target host="www.alpharatio.cc" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/alsace-lait.com.xml b/src/chrome/content/rules/alsace-lait.com.xml
new file mode 100644
index 000000000000..b25b019d7cad
--- /dev/null
+++ b/src/chrome/content/rules/alsace-lait.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="alsace-lait.com">
+	<target host="alsace-lait.com" />
+	<target host="www.alsace-lait.com" />
+	<target host="producteurs.alsace-lait.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alt-usage-english.org.xml b/src/chrome/content/rules/alt-usage-english.org.xml
new file mode 100644
index 000000000000..ff6303d9b0d4
--- /dev/null
+++ b/src/chrome/content/rules/alt-usage-english.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="alt-usage-english.org">
+	<target host="alt-usage-english.org" />
+	<target host="www.alt-usage-english.org" />
+
+	<rule from="^http://alt-usage-english\.org/" to="https://www.alt-usage-english.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alternacare.ca.xml b/src/chrome/content/rules/alternacare.ca.xml
new file mode 100644
index 000000000000..f2f005a60bd3
--- /dev/null
+++ b/src/chrome/content/rules/alternacare.ca.xml
@@ -0,0 +1,13 @@
+<ruleset name="alternacare.ca">
+<!--
+        Redirect to HTTP:
+                employees.alternacare.ca
+-->	
+	
+	<target host="alternacare.ca" />
+	<target host="www.alternacare.ca" />
+	<target host="services.alternacare.ca" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/alwadifa-club.com.xml b/src/chrome/content/rules/alwadifa-club.com.xml
deleted file mode 100644
index 29edf0fd9668..000000000000
--- a/src/chrome/content/rules/alwadifa-club.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="alwadifa-club.com" platform="mixedcontent">
-	<target host="alwadifa-club.com" />
-	<target host="www.alwadifa-club.com" />
-	<target host="m.alwadifa-club.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/amap-mixedcontent.xml b/src/chrome/content/rules/amap-mixedcontent.xml
deleted file mode 100644
index fc8e85d4f844..000000000000
--- a/src/chrome/content/rules/amap-mixedcontent.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-No mixedcontent: amap.xml
--->
-
-<ruleset name="amap-mixedcontent">
-
-	<!--Complication-->
-
-	<target host="ditu.amap.com" />
-		<exclusion pattern="http://ditu.amap.com/$" />
-		<rule from="^http://ditu\.amap\.com/(favicon\.ico|assets)/" to="https://ditu.amap.com/$1/" />
-		<test url="http://ditu.amap.com/favicon.ico/" />
-		<test url="http://ditu.amap.com/assets/img/loc_fail.png" />
-
-	<target host="lbs.amap.com" />
-		<exclusion pattern="http://lbs.amap.com/$" />
-		<rule from="^http://lbs\.amap\.com/Public" to="https://lbs.amap.com/Public" />
-		<test url="http://lbs.amap.com/Public/images/favicon.ico" />
-		<test url="http://lbs.amap.com/Publicimages/favicon.ico" />
-
-	<target host="m.amap.com" />
-		<exclusion pattern="http://m.amap.com/$" />
-		<rule from="^http://m\.amap\.com/navi/" to="https://m.amap.com/navi/" />
-		<test url="http://m.amap.com/navi/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/amap.com.xml b/src/chrome/content/rules/amap.com.xml
new file mode 100644
index 000000000000..1eba40ad2025
--- /dev/null
+++ b/src/chrome/content/rules/amap.com.xml
@@ -0,0 +1,27 @@
+<ruleset name="amap.com">
+	<target host="amap.com" />
+	<target host="www.amap.com" />
+	<target host="a.amap.com" />
+	<target host="auto.amap.com" />
+	<target host="cache.amap.com" />
+	<target host="detail.amap.com" />
+	<target host="developer.amap.com" />
+	<target host="ditu.amap.com" />
+	<target host="gxd.amap.com" />
+	<target host="i.amap.com" />
+	<target host="id.amap.com" />
+	<target host="indoorreaper.amap.com" />
+	<target host="lbs.amap.com" />
+	<target host="lbsbbs.amap.com" />
+	<target host="m.amap.com" />
+	<target host="map.amap.com" />
+	<target host="mobile.amap.com" />
+	<target host="report.amap.com" />
+	<target host="restapi.amap.com" />
+	<target host="vdata.amap.com" />
+	<target host="wap.amap.com" />
+	<target host="webapi.amap.com" />
+	<target host="zifei.amap.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/amap.xml b/src/chrome/content/rules/amap.xml
deleted file mode 100644
index f5fdd83afb87..000000000000
--- a/src/chrome/content/rules/amap.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-Time out:
-	detail.
-	mobile.
-
-Broken:
-	(www.)
-	api.
-	mo.
-	wb.
-	
-Redirect to http:
-	auto.
-	developer
-	indoorreaper.
-	lbsbbs.
-	business.view.
-	yungouboss.
-	
-mismatch:
-	a.
-	cache.
-	xunbao.
-	
-MCB: amap-mixedcontent.xml
-	ditu.
-	lbs.
-	m.
-	
--->
-
-<ruleset name="amap (partial)">
-
-	<!--Directly-->
-	
-	<target host="gxd.amap.com" />
-	<target host="i.amap.com" />
-	<target host="id.amap.com" />
-	<target host="map.amap.com" />
-	<target host="report.amap.com" />
-	<target host="restapi.amap.com" />
-	<target host="vdata.amap.com" />
-	<target host="wap.amap.com" />
-	<target host="webapi.amap.com" />
-	<target host="yuntu.amap.com" />
-	<target host="yuntuapi.amap.com" />
-	<target host="zifei.amap.com" />
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/amazon.cn.xml b/src/chrome/content/rules/amazon.cn.xml
index 0b3bf8a78067..4b4d7bfd5118 100644
--- a/src/chrome/content/rules/amazon.cn.xml
+++ b/src/chrome/content/rules/amazon.cn.xml
@@ -1,20 +1,9 @@
 <!--
 	For other Amazon coverage, see Amazon.xml.
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .amazon.cn
-		- .www.amazon.cn
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
 -->
-<ruleset name="Amazon.cn">
-
+<ruleset name="amazon.cn">
 	<target host="amazon.cn" />
 	<target host="associates.amazon.cn" />
-	<target host="daxue.amazon.cn" />
 	<target host="fls-cn.amazon.cn" />
 	<target host="haimai.amazon.cn" />
 	<target host="kaidian.amazon.cn" />
@@ -22,17 +11,9 @@
 	<target host="tui.amazon.cn" />
 	<target host="widgets.amazon.cn" />
 
+	<target host="z.cn" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.amazon\.cn$" name="^(?:session-id|session-id-time|session-token|ubid-acbcn|x-wl-uid)$" /-->
-	<!--securecookie host="^\.www\.amazon\.cn$" name="^(?:UserPref|at-main|session-id|session-id-time|session-token|ubid-acbcn|x-acncn)$" /-->
-
-	<securecookie host=".+" name="^aps-trtmnt$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/amazon.co.jp.xml b/src/chrome/content/rules/amazon.co.jp.xml
index 294c65cee02f..f458948034d0 100644
--- a/src/chrome/content/rules/amazon.co.jp.xml
+++ b/src/chrome/content/rules/amazon.co.jp.xml
@@ -15,7 +15,7 @@
 	<target host="affiliate.amazon.co.jp" />
 	<target host="associates.amazon.co.jp" />
 	<exclusion pattern="^http://associates\.amazon\.co\.jp/$" />
-		<test url="http://associates.amazon.co.jp/gp/associates/network/help/t5/" /> 
+		<test url="http://associates.amazon.co.jp/gp/associates/network/help/t5/" />
 	<target host="astore.amazon.co.jp" />
 	<target host="authorcentral.amazon.co.jp" />
 	<target host="fls-fe.amazon.co.jp" />
diff --git a/src/chrome/content/rules/ambercutie.com.xml b/src/chrome/content/rules/ambercutie.com.xml
index dc1068a4ca11..9dfa46e4f253 100644
--- a/src/chrome/content/rules/ambercutie.com.xml
+++ b/src/chrome/content/rules/ambercutie.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://profiles.ambercutie.com/ => https://profiles.ambercutie.com/
 	⁵ 522, preemptable redirect
 
 -->
-<ruleset name="AmberCutie.com" default_off='failed ruleset test'>
+<ruleset name="AmberCutie.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/amd-osx.com.xml b/src/chrome/content/rules/amd-osx.com.xml
index d5bfec7302a7..f0817aa595b3 100644
--- a/src/chrome/content/rules/amd-osx.com.xml
+++ b/src/chrome/content/rules/amd-osx.com.xml
@@ -5,9 +5,6 @@
 
 	<securecookie host="^([\w.-]+)\.amd-osx\.com$" name=".+" />
 
-	<test url="http://amd-osx.com/" />
-	<test url="http://www.amd-osx.com/" />
-	<test url="http://forum.amd-osx.com/" />
 	<test url="http://forum.amd-osx.com/search.php?search_id=active_topics" />
 	<test url="http://forum.amd-osx.com/memberlist.php?mode=contactadmin/" />
 
diff --git a/src/chrome/content/rules/americanrifleman.org.xml b/src/chrome/content/rules/americanrifleman.org.xml
index c12344677bdc..e36944427153 100644
--- a/src/chrome/content/rules/americanrifleman.org.xml
+++ b/src/chrome/content/rules/americanrifleman.org.xml
@@ -13,7 +13,7 @@ Fetch error: http://wmp.americanrifleman.org/ => https://wmp.americanrifleman.or
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="American Rifleman.org" default_off='failed ruleset test'>
+<ruleset name="American Rifleman.org" default_off="failed ruleset test">
 
 	<target host="americanrifleman.org" />
 	<target host="assets.americanrifleman.org" />
diff --git a/src/chrome/content/rules/americas1stfreedom.org.xml b/src/chrome/content/rules/americas1stfreedom.org.xml
index 7de4beabccb9..619d8d99e1b4 100644
--- a/src/chrome/content/rules/americas1stfreedom.org.xml
+++ b/src/chrome/content/rules/americas1stfreedom.org.xml
@@ -10,14 +10,14 @@ Fetch error: http://wmp.americas1stfreedom.org/ => https://wmp.americas1stfreedo
 	Mixed content:
 
 		- Bugs, from:
-		
+
 			- b.scorecardresearch.com ˢ
 			- sb.scorecardresearch.com ˢ
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Americas 1st Freedom.org" default_off='failed ruleset test'>
+<ruleset name="Americas 1st Freedom.org" default_off="failed ruleset test">
 
 	<target host="americas1stfreedom.org" />
 	<target host="assets.americas1stfreedom.org" />
diff --git a/src/chrome/content/rules/ampproject.org.xml b/src/chrome/content/rules/ampproject.org.xml
deleted file mode 100644
index dc2223b7dcff..000000000000
--- a/src/chrome/content/rules/ampproject.org.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="AMP Project.org">
-
-	<target host="ampproject.org" />
-	<target host="cdn.ampproject.org" />
-	<target host="www.ampproject.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/amule.org.xml b/src/chrome/content/rules/amule.org.xml
new file mode 100644
index 000000000000..d8cd31520b4b
--- /dev/null
+++ b/src/chrome/content/rules/amule.org.xml
@@ -0,0 +1,19 @@
+<!--
+	Fetch error: http://ftp.amule.org/ => https://ftp.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'ftp.amule.org'")
+	Fetch error: http://imap.amule.org/ => https://imap.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'imap.amule.org'")
+	Fetch error: http://mail.amule.org/ => https://mail.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'mail.amule.org'")
+	Fetch error: http://smtp.amule.org/ => https://smtp.amule.org/: (51, "SSL: no alternative certificate subject name matches target host name 'smtp.amule.org'")
+
+	Mixed content:
+		forum.amule.org
+		test.amule.org
+		wiki.amule.org
+-->
+<ruleset name="amule.org">
+	<target host="amule.org" />
+	<target host="www.amule.org" />
+	<target host="bugs.amule.org" />
+	<target host="webmail.amule.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/analog.com.xml b/src/chrome/content/rules/analog.com.xml
new file mode 100644
index 000000000000..7270d064c117
--- /dev/null
+++ b/src/chrome/content/rules/analog.com.xml
@@ -0,0 +1,322 @@
+<!--
+	Invalid certificate:
+		app-ez.analog.com
+		app-ezchina.analog.com
+		automotive.analog.com
+		www.blog.analog.com
+		building-technology.analog.com
+		communications.analog.com
+		consumer.analog.com
+		designtools.analog.com
+		adisimrf.download.analog.com
+		compass.download.analog.com
+		dspcollaborative.analog.com
+		ebm.analog.com
+		eforms.analog.com
+		elq.analog.com
+		energy.analog.com
+		eq.analog.com
+		eztest.analog.com
+		f.analog.com
+		app.h.analog.com
+		images.h.analog.com
+		forms.analog.com
+		healthcare.analog.com
+		m.analog.com
+		mil-aero.analog.com
+		motorcontrol.analog.com
+		nwd2ns1.analog.com
+		processcontrol.analog.com
+		mobile.prxapps.analog.com
+		r.analog.com
+		reg.analog.com
+		s.analog.com
+		search.analog.com
+		testf.analog.com
+		testm.analog.com
+		tests.analog.com
+		videos.analog.com
+		entsearch-dev.web.analog.com
+		docuportal.web.analog.com
+		wm.analog.com
+		wm-test.analog.com
+
+	Refused:
+		adgtlyncext.analog.com
+		adgtwacext.analog.com
+		adgwc.analog.com
+		conference.analog.com
+		info.analog.com
+		r196.info.analog.com
+		r197.info.analog.com
+		r198.info.analog.com
+		r199.info.analog.com
+		info2.analog.com
+		limklyncext.analog.com
+		limwc.analog.com
+		sclav.analog.com
+		sclwc.analog.com
+		wilav.analog.com
+		wilwc.analog.com
+
+	Time out:
+		adfs.analog.com
+		adgtav.analog.com
+		adi.analog.com
+		adias2-test.analog.com
+		adinet.analog.com
+		adisearch.analog.com
+		analogitlab.analog.com
+		sts.analogitlab.analog.com
+		as.analog.com
+		apps.analog.com
+		ashbftp.analog.com
+		ashqasip.analog.com
+		ashqawacext.analog.com
+		ashqawc.analog.com
+		ashskypeqaext.analog.com
+		astest.analog.com
+		autodiscover.analog.com
+		b.analog.com
+		benefits.analog.com
+		bitbucket-ext.analog.com
+		mx.c.analog.com
+		www.cldnet.analog.com
+		www-dev.cldnet.analog.com
+		www-qa.cldnet.analog.com
+		collaborate.analog.com
+		commerce.analog.com
+		content.analog.com
+		connections.corpnt.analog.com
+		connectionsqa.corpnt.analog.com
+		my.corpnt.analog.com
+		myqa.corpnt.analog.com
+		search.corpnt.analog.com
+		signals.corpnt.analog.com
+		te.corpnt.analog.com
+		teams.corpnt.analog.com
+		teams2.corpnt.analog.com
+		www-dev.corpnt.analog.com
+		cwa.analog.com
+		as.cwa.analog.com
+		download.cwa.analog.com
+		deviceapps.analog.com
+		devicemail.analog.com
+		devicemail-qa.analog.com
+		dialogp.analog.com
+		distiportalsso.analog.com
+		dweb.analog.com
+		ecns.analog.com
+		email.analog.com
+		employee.analog.com
+		ews.analog.com
+		autodiscover.exchange.analog.com
+		eztest-demo.analog.com
+		eztest-stage.analog.com
+		ftp.analog.com
+		ftp2.analog.com
+		wcus.glob.analog.com
+		hybrid1.analog.com
+		hybrid2.analog.com
+		hybrid3.analog.com
+		im.analog.com
+		res.info2.analog.com
+		instrumentation.analog.com
+		japan.analog.com
+		adrv9009.rv.labs.analog.com
+		license.analog.com
+		lim2ces1.analog.com
+		mail01.h.analog.com
+		mail02.h.analog.com
+		mail03.h.analog.com
+		mdm.analog.com
+		mdm-qa.analog.com
+		meetingplace.analog.com
+		meetingplace2.analog.com
+		mobile.analog.com
+		my2.analog.com
+		nwd2ces1.analog.com
+		nwd2dg.analog.com
+		nwd2ew1.analog.com
+		nwd2ftp1.analog.com
+		nwd2gtw1.analog.com
+		nwd2gtw2.analog.com
+		nwd2mail10.analog.com
+		nwd2mail11.analog.com
+		nwd2mail12.analog.com
+		nwd2mail13.analog.com
+		nwd2mail3.analog.com
+		nwd2mime1.analog.com
+		nwd2mpwebe2.analog.com
+		nwd2mpwebi2.analog.com
+		nwd2mta1.analog.com
+		nwd2mta2.analog.com
+		nwd2mta3.analog.com
+		nwd2mta4.analog.com
+		nwd2ns1s.analog.com
+		nwd2www1.analog.com
+		o365hybrid.analog.com
+		ocs.analog.com
+		ocsav.analog.com
+		ocsext.analog.com
+		ocswc.analog.com
+		opportunity.analog.com
+		origin-automotive.analog.com
+		origin-building-technology.analog.com
+		origin-communications.analog.com
+		origin-consumer.analog.com
+		origin-energy.analog.com
+		origin-form.analog.com
+		origin-forms.analog.com
+		origin-healthcare.analog.com
+		origin-instrumentation.analog.com
+		origin-mil-aero.analog.com
+		origin-motorcontrol.analog.com
+		origin-my.analog.com
+		origin-processcontrol.analog.com
+		origin-search.analog.com 
+		origin-security-surveillance.analog.com
+		owa.analog.com
+		owatest.analog.com
+		passwordreset.analog.com
+		processcontrolp.analog.com
+		scla1ces1.analog.com
+		searchservice.analog.com
+		search2.analog.com
+		secureftp.analog.com
+		secureftp-dev.analog.com
+		secureftp-qa.analog.com
+		security-surveillance.analog.com
+		seeit.analog.com
+		sentry.analog.com
+		sftp.analog.com
+		sftp2.analog.com
+		sj.analog.com
+		enterprise.sso.analog.com
+		login.sso.analog.com
+		tucson.analog.com
+		uwm.analog.com
+		watchdox.analog.com
+		adijama.web.analog.com
+		communities.web.analog.com
+		hr.web.analog.com
+		projects.web.analog.com
+		search.web.analog.com
+		spowa.web.analog.com
+		wiki.web.analog.com
+		webex.analog.com
+		webservices.analog.com
+		www.wiki.analog.com
+		wilmav.analog.com
+		wilmsip.analog.com
+		wilmwacext.analog.com
+		wilmwc.analog.com
+		wilmlyncext.analog.com
+		wm-qa.analog.com
+		www-corp.analog.com
+
+	Unreachable:
+		adgtsip.analog.com
+		adgtwc.analog.com
+		adias2.analog.com
+		limkav.analog.com
+		limksip.analog.com
+		limkwc.analog.com
+-->
+<ruleset name="analog.com">
+	<target host="analog.com" />
+	<target host="www.analog.com" />
+	<target host="aa.analog.com" />
+	<target host="adgsip.analog.com" />
+	<target host="adgtextoos.analog.com" />
+	<target host="adgtskypeext.analog.com" />
+	<target host="akamai-limkswssl1.analog.com" />
+	<target host="alliances.analog.com" />
+	<target host="assets.analog.com" />
+	<target host="bangswssl1.analog.com" />
+	<target host="beta-tools.analog.com" />
+	<target host="auth.hclqa.care.analog.com" />
+	<target host="cpm.hclqa.care.analog.com" />
+	<target host="auth.perf.care.analog.com" />
+	<target host="cpm.perf.care.analog.com" />
+	<target host="auth.qa.care.analog.com" />
+	<target host="cpm.qa.care.analog.com" />
+	<target host="careers.analog.com" />
+	<target host="remotedevapp-dev.cldnet.analog.com" />
+	<target host="wcm-dev.cldnet.analog.com" />
+	<target host="wcm-qa.cldnet.analog.com" />
+	<target host="wcm-dev.corpnt.analog.com" />
+	<target host="wcm-qa.corpnt.analog.com" />
+	<target host="dialin.analog.com" />
+	<target host="distributor.analog.com" />
+	<target host="download.analog.com" />
+	<target host="ez.analog.com" />
+	<target host="ezchina.analog.com" />
+	<target host="failover.analog.com" />
+	<target host="fastlink.analog.com" />
+	<target host="form.analog.com" />
+	<target host="geo.analog.com" />
+	<target host="m.info.analog.com" />
+	<target host="m.info2.analog.com" />
+	<target host="t.info.analog.com" />
+	<target host="t.info2.analog.com" />
+	<target host="investor.analog.com" />
+	<target host="istg.analog.com" />
+	<target host="jira.analog.com" />
+	<target host="labs.analog.com" />
+	<target host="limextoos.analog.com" />
+	<target host="limkswssl1.analog.com" />
+	<target host="limkswssl2.analog.com" />
+	<target host="limkwacext.analog.com" />
+	<target host="limsip.analog.com" />
+	<target host="limskypeext.analog.com" />
+	<target host="ltpowercad.analog.com" />
+	<target host="ltpowerplay.analog.com" />
+	<target host="ltspice.analog.com" />
+	<target host="lyncdiscover.analog.com" />
+	<target host="meet.analog.com" />
+	<target host="my.analog.com" />
+	<target host="nwd2avpn1.analog.com" />
+	<target host="nwd2avpn2.analog.com" />
+	<target host="nwd2swssl1.analog.com" />
+	<target host="nwd2swssl2.analog.com" />
+	<target host="playground.analog.com" />
+	<target host="registration.analog.com" />
+	<target host="quality.analog.com" />
+	<target host="samples.analog.com" />
+	<target host="schedule.analog.com" />
+	<target host="sclsip.analog.com" />
+	<target host="sclskypeext.analog.com" />
+	<target host="sclwacext.analog.com" />
+	<target host="sdk.analog.com" />
+	<target host="sell.analog.com" />
+	<target host="sell-staging.analog.com" />
+	<target host="shoppingcart.analog.com" />
+	<target host="ebiz.sso.analog.com" />
+	<target host="sts.analog.com" />
+	<target host="svs.analog.com" />
+	<target host="swdownloads.analog.com" />
+	<target host="tools.analog.com" />
+	<target host="vpn.analog.com" />
+	<target host="entsearch.web.analog.com" />
+	<target host="entsearch-qa.web.analog.com" />
+	<target host="events.web.analog.com" />
+	<target host="help.web.analog.com" />
+	<target host="thecircuit.web.analog.com" />
+	<target host="thecircuit-dev.web.analog.com" />
+	<target host="thecircuit-qa.web.analog.com" />
+	<target host="vgtc.web.analog.com" />
+	<target host="webtier.analog.com" />
+	<target host="wiki.analog.com" />
+	<target host="wiki-stage.analog.com" />
+	<target host="wilsip.analog.com" />
+	<target host="wilskypeext.analog.com" />
+	<target host="wilskypelmext.analog.com" />
+	<target host="wilwacext.analog.com" />
+	<target host="workplace.analog.com" />
+	<target host="wwwnocnaccl.analog.com" />
+	<target host="wwwnocnaccl-stage.analog.com" />
+
+	<rule from="^http://analog\.com/" to="https://www.analog.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/anapirana.com.xml b/src/chrome/content/rules/anapirana.com.xml
deleted file mode 100644
index 20752e49269a..000000000000
--- a/src/chrome/content/rules/anapirana.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="anapirana.com">
-
-	<target host="anapirana.com" />
-	<target host="www.anapirana.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/anderslernen.at.xml b/src/chrome/content/rules/anderslernen.at.xml
new file mode 100644
index 000000000000..cdf42b90501b
--- /dev/null
+++ b/src/chrome/content/rules/anderslernen.at.xml
@@ -0,0 +1,7 @@
+<ruleset name="anderslernen.at">
+	<target host="anderslernen.at" />
+	<target host="www.anderslernen.at" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/andreapaiola.name.xml b/src/chrome/content/rules/andreapaiola.name.xml
deleted file mode 100644
index 68448e60020f..000000000000
--- a/src/chrome/content/rules/andreapaiola.name.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="andreapaiola.name">
-	<target host="andreapaiola.name" />
-	<target host="www.andreapaiola.name" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/angband.pl.xml b/src/chrome/content/rules/angband.pl.xml
new file mode 100644
index 000000000000..111be59e8468
--- /dev/null
+++ b/src/chrome/content/rules/angband.pl.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		dns1.angband.pl
+		maildns.angband.pl
+		tartarus.angband.pl
+		w2.angband.pl
+
+	Refused:
+		vpn.angband.pl
+
+	Time out:
+		dis1.angband.pl
+		dns0.angband.pl
+		tartarus1.angband.pl
+
+	Unreachable:
+		dis.angband.pl
+		dis2.angband.pl
+		dns1.angband.pl
+		kholdan.angband.pl
+		mordor.angband.pl
+		ntp.angband.pl
+		rhun.angband.pl
+-->
+<ruleset name="angband.pl">
+	<target host="angband.pl" />
+	<target host="www.angband.pl" />
+	<target host="mail.angband.pl" />
+	<target host="pmdk.angband.pl" />
+	<target host="pmdk-dev.angband.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/angr.io.xml b/src/chrome/content/rules/angr.io.xml
new file mode 100644
index 000000000000..73712a349120
--- /dev/null
+++ b/src/chrome/content/rules/angr.io.xml
@@ -0,0 +1,13 @@
+<!--
+        Time out:
+                api.angr.io
+                ci.angr.io
+-->
+<ruleset name="angr.io">
+	<target host="angr.io" />
+	<target host="www.angr.io" />
+	<target host="docs.angr.io" />
+
+	<rule from="^http://www\.angr\.io/" to="https://angr.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/animenewsnetwork.xml b/src/chrome/content/rules/animenewsnetwork.xml
index 9f9f2cec0111..f6aea1eba083 100644
--- a/src/chrome/content/rules/animenewsnetwork.xml
+++ b/src/chrome/content/rules/animenewsnetwork.xml
@@ -1,7 +1,7 @@
 <!--
 	SSL provided by CloudFlare
-	
-	Causes some minor passive mixed content, 
+
+	Causes some minor passive mixed content,
 	but it doesn't seem to break the site if blocked anyway.
 -->
 
@@ -15,13 +15,13 @@
   <target host="cdn02.animenewsnetwork.com" />
   <target host="cdn03.animenewsnetwork.com" />
   <target host="m.animenewsnetwork.com" />
-  
+
   <!--
-	Disable securecookie for (.)animenewsnetwork.com to avoid login problems, 
+	Disable securecookie for (.)animenewsnetwork.com to avoid login problems,
 	as per https://github.com/EFForg/https-everywhere/issues/1584
 		<securecookie host="^(\.)?animenewsnetwork\.com$" name=".+" />
   -->
-  
+
   <securecookie host="^www\.animenewsnetwork\.com$" name=".+" />
   <securecookie host="^fast\.animenewsnetwork\.com$" name=".+" />
   <securecookie host="^admin\.animenewsnetwork\.com$" name=".+" />
@@ -30,6 +30,6 @@
   <securecookie host="^cdn02\.animenewsnetwork\.com$" name=".+" />
   <securecookie host="^cdn03\.animenewsnetwork\.com$" name=".+" />
   <securecookie host="^m\.animenewsnetwork\.com$" name=".+" />
-  
+
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/annotum.org.xml b/src/chrome/content/rules/annotum.org.xml
index 4718f9f8430d..3baf4ccf9ead 100644
--- a/src/chrome/content/rules/annotum.org.xml
+++ b/src/chrome/content/rules/annotum.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://annotum.org/ => https://annotum.org/: (51, "SSL: no alternat
 Fetch error: http://www.annotum.org/ => https://www.annotum.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.annotum.org'")
 
 -->
-<ruleset name="Annotum.org" default_off='failed ruleset test'>
+<ruleset name="Annotum.org" default_off="failed ruleset test">
 
 	<target host="annotum.org" />
 	<target host="www.annotum.org" />
diff --git a/src/chrome/content/rules/anthem.com.xml b/src/chrome/content/rules/anthem.com.xml
index b074c34a0af7..11259621258a 100644
--- a/src/chrome/content/rules/anthem.com.xml
+++ b/src/chrome/content/rules/anthem.com.xml
@@ -113,7 +113,7 @@ Fetch error: http://www21.anthem.com/ => https://www21.anthem.com/: (60, 'SSL ce
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Anthem.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Anthem.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/apichangelog.com.xml b/src/chrome/content/rules/apichangelog.com.xml
index 48a390752fba..f6a90abfd804 100644
--- a/src/chrome/content/rules/apichangelog.com.xml
+++ b/src/chrome/content/rules/apichangelog.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://blog.apichangelog.com/ => https://blog.apichangelog.com/: (7, 'Failed to connect to blog.apichangelog.com port 443: Connection refused')
 
 -->
-<ruleset name="apichangelog.com" default_off='failed ruleset test'>
+<ruleset name="apichangelog.com" default_off="failed ruleset test">
 	<target host="apichangelog.com" />
 	<target host="www.apichangelog.com" />
 	<target host="blog.apichangelog.com" />
diff --git a/src/chrome/content/rules/apikabu.ru.xml b/src/chrome/content/rules/apikabu.ru.xml
new file mode 100644
index 000000000000..4f1cdbf832c3
--- /dev/null
+++ b/src/chrome/content/rules/apikabu.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.apikabu.ru
+-->
+<ruleset name="apikabu.ru">
+	<target host="apikabu.ru" />
+	<target host="www.apikabu.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apk-dl.com.xml b/src/chrome/content/rules/apk-dl.com.xml
index 51eec769e990..f0bb48fe3374 100644
--- a/src/chrome/content/rules/apk-dl.com.xml
+++ b/src/chrome/content/rules/apk-dl.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dl3.apk-dl.com/ => https://dl3.apk-dl.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="apk-dl.com" default_off='failed ruleset test'>
+<ruleset name="apk-dl.com" default_off="failed ruleset test">
 
 	<target host="apk-dl.com" />
 	<target host="www.apk-dl.com" />
@@ -12,7 +12,7 @@ Fetch error: http://dl3.apk-dl.com/ => https://dl3.apk-dl.com/: (60, 'SSL certif
 
 	<rule from="^http://(?:www\.)?apk-dl\.com/"
 			to="https://apk-dl.com/" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/applegate.com.xml b/src/chrome/content/rules/applegate.com.xml
new file mode 100644
index 000000000000..1f96459ffc49
--- /dev/null
+++ b/src/chrome/content/rules/applegate.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		ask.applegate.com
+		e.applegate.com
+		email.applegate.com
+		locator.applegate.com
+		mobilemail.applegate.com
+		webmail.applegate.com
+-->
+<ruleset name="applegate.com">
+	<target host="applegate.com" />
+	<target host="www.applegate.com" />
+	<target host="autodiscover.applegate.com" />
+	<target host="ftp.applegate.com" />
+	<target host="help.applegate.com" />
+	<target host="mail.applegate.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/apply55gx.com.xml b/src/chrome/content/rules/apply55gx.com.xml
deleted file mode 100644
index f1c7208489ac..000000000000
--- a/src/chrome/content/rules/apply55gx.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="apply55gx.com">
-        <target host="apply55gx.com" />
-        <target host="www.apply55gx.com" />
-        <target host="searx.apply55gx.com" />
-        <target host="paste.apply55gx.com" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/apps-cms.jp.xml b/src/chrome/content/rules/apps-cms.jp.xml
index ac2448afbe28..a3c103553208 100644
--- a/src/chrome/content/rules/apps-cms.jp.xml
+++ b/src/chrome/content/rules/apps-cms.jp.xml
@@ -5,4 +5,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/apricityos.com.xml b/src/chrome/content/rules/apricityos.com.xml
index 9bdb305d8237..2dabe98db38a 100644
--- a/src/chrome/content/rules/apricityos.com.xml
+++ b/src/chrome/content/rules/apricityos.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.apricityos.com/ => https://www.apricityos.com/: (35, 'Un
 Fetch error: http://static.apricityos.com/ => https://static.apricityos.com/: (35, 'Unknown SSL protocol error in connection to static.apricityos.com:443 ')
 
 -->
-<ruleset name="apricityos.com" default_off='failed ruleset test'>
+<ruleset name="apricityos.com" default_off="failed ruleset test">
 	<target host="apricityos.com"/>
 	<target host="www.apricityos.com"/>
 	<target host="static.apricityos.com"/>
diff --git a/src/chrome/content/rules/aqmen.ac.uk.xml b/src/chrome/content/rules/aqmen.ac.uk.xml
deleted file mode 100644
index 4f8fa591c7ab..000000000000
--- a/src/chrome/content/rules/aqmen.ac.uk.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	^aqmen.ac.uk: Mismatched
-
--->
-<ruleset name="AQMeN.ac.uk">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.aqmen.ac.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="aqmen.ac.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://aqmen\.ac\.uk/"
-		to="https://www.aqmen.ac.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/arashanhoney.xml b/src/chrome/content/rules/arashanhoney.xml
new file mode 100644
index 000000000000..85a103bf9b9f
--- /dev/null
+++ b/src/chrome/content/rules/arashanhoney.xml
@@ -0,0 +1,6 @@
+<ruleset name="arashanhoney">
+	<target host="arashanhoney.com" />
+	<target host="www.arashanhoney.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aravot.am.xml b/src/chrome/content/rules/aravot.am.xml
index 255d27cdefae..b6a4472f9dff 100644
--- a/src/chrome/content/rules/aravot.am.xml
+++ b/src/chrome/content/rules/aravot.am.xml
@@ -11,7 +11,7 @@ archive.aravot.am ⁴
 
 ⁴ self signed
 -->
-<ruleset name="aravot.am" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="aravot.am" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="aravot.am" />
 	<target host="www.aravot.am" />
 	<target host="en.aravot.am" />
diff --git a/src/chrome/content/rules/arcor.de.xml b/src/chrome/content/rules/arcor.de.xml
new file mode 100644
index 000000000000..645880c8bca5
--- /dev/null
+++ b/src/chrome/content/rules/arcor.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="arcor.de (partial)">
+	<target host="arcor.de" />
+	<target host="www.arcor.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/arewee10syet.com.xml b/src/chrome/content/rules/arewee10syet.com.xml
deleted file mode 100644
index 55bd1abf27a5..000000000000
--- a/src/chrome/content/rules/arewee10syet.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Are we e10s yet.com">
-
-	<target host="arewee10syet.com" />
-	<target host="www.arewee10syet.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/arewewebextensionsyet.com.xml b/src/chrome/content/rules/arewewebextensionsyet.com.xml
deleted file mode 100644
index 3c6b414d0b63..000000000000
--- a/src/chrome/content/rules/arewewebextensionsyet.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="arewewebextensionsyet.com">
-	<target host="arewewebextensionsyet.com" />
-	<target host="www.arewewebextensionsyet.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/arhivach.org.xml b/src/chrome/content/rules/arhivach.org.xml
deleted file mode 100644
index 98d3d05180a1..000000000000
--- a/src/chrome/content/rules/arhivach.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="Arhivach.org">
-	<target host="arhivach.org" />
-	<target host="www.arhivach.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/arrr.xyz.xml b/src/chrome/content/rules/arrr.xyz.xml
deleted file mode 100644
index 1830f838db0f..000000000000
--- a/src/chrome/content/rules/arrr.xyz.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="arrr.xyz">
-	<target host="arrr.xyz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/arte.xml b/src/chrome/content/rules/arte.xml
index 198d0b3fed4a..0815f56d4922 100644
--- a/src/chrome/content/rules/arte.xml
+++ b/src/chrome/content/rules/arte.xml
@@ -1,79 +1,53 @@
-
 <!--
-	Mismatched:
-		- alma
-		- audioblog.arteradio.com
-		- download.arteradio.com
-		- prisonvalley
-
-	Refused:
-		- checkin
-		- easycomingout
-		- planetecorps
-		- planetmensch
-		- thedevilstoy
+	Content mismatch:
+		- peakyblinders
+		- tset
+		- wanted18
 
-	Timeout:
-		- afrique
-		- bielutine
-		- brusselsbusiness
-		- cartoons
-		- cinemacity
-		- cuisine
+	Invalid certificate:
+		- alma
 		- ddc
-		- download.pro
-		- ecologiesonore
 		- empfangswege
-		- europe
-		- europe-debat.blog
-		- gensol
-		- irak
-		- loveyourneighbour
-		- magellan
-		- moderncouple
-		- nyminute
-		- nyminute.blog
+		- hotel
 		- partner
 		- php4
-		- presse
-		- pro
-		- roadtrip
-		- royaldinner
-		- sales
+		- prisonvalley
 		- superhigh
-		- syria
-		- thebloodytruth
-		- tracks
-		- urbangardening
 		- worldbrain
-		- wp
-
-	404:
-		- californium
-		- hotel
-		- peakyblinders
-		- tset
-		- wanted18
 
-	Wrong content:
+	Timeout:
+		- checkin
+		- moderncouple
+		- europe-debat.blog
+		- nyminute.blog
+		- pro
+		- download.pro
 		- forums.arteradio.com
-
-	Redirect to HTTP:
-		- cinema.arte.tv
-		- future.arte.tv
-		- info.arte.tv
 -->
 <ruleset name="arte (partial)" >
+
 	<target host="arte.tv" />
 	<target host="www.arte.tv" />
 	<target host="boutique.arte.tv" />
+	<target host="californium.arte.tv" />
+	<target host="cinema.arte.tv" />
 	<target host="club.arte.tv" />
 	<target host="concert.arte.tv" />
+	<target host="distribution.arte.tv" />
+	<target host="future.arte.tv" />
+	<target host="info.arte.tv" />
+	<target host="presse.arte.tv" />
+	<target host="sales.arte.tv" />
+	<target host="tracks.arte.tv" />
+	<target host="wp.arte.tv" />
 
 	<target host="arteradio.com" />
 	<target host="www.arteradio.com" />
+	<target host="audioblog.arteradio.com" />
+	<target host="download.arteradio.com" />
 
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"	to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/artefact.org.xml b/src/chrome/content/rules/artefact.org.xml
new file mode 100644
index 000000000000..d7befb43b289
--- /dev/null
+++ b/src/chrome/content/rules/artefact.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="artefact.org">
+	<target host="artefact.org" />
+	<target host="www.artefact.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/artvillage.club.xml b/src/chrome/content/rules/artvillage.club.xml
index 50e9fa668328..fda63e3cc4ed 100644
--- a/src/chrome/content/rules/artvillage.club.xml
+++ b/src/chrome/content/rules/artvillage.club.xml
@@ -8,7 +8,7 @@ dev.artvillage.club ¹
 
 ¹ mismatch
 -->
-<ruleset name="artvillage.club" default_off='failed ruleset test'>
+<ruleset name="artvillage.club" default_off="failed ruleset test">
 	<target host="artvillage.club" />
 	<target host="www.artvillage.club" />
 
diff --git a/src/chrome/content/rules/arukas.io.xml b/src/chrome/content/rules/arukas.io.xml
index 30f569aa4818..cbed9fe65577 100644
--- a/src/chrome/content/rules/arukas.io.xml
+++ b/src/chrome/content/rules/arukas.io.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.arukas.io/ => https://www.arukas.io/: (6, 'Could not res
 	for ^, app
 
 -->
-<ruleset name="Arukas.io" default_off='failed ruleset test'>
+<ruleset name="Arukas.io" default_off="failed ruleset test">
 
 	<target host="arukas.io" />
 	<target host="*.arukas.io" />
diff --git a/src/chrome/content/rules/arun.gov.uk-mixedcontent.xml b/src/chrome/content/rules/arun.gov.uk-mixedcontent.xml
deleted file mode 100644
index af12229267dd..000000000000
--- a/src/chrome/content/rules/arun.gov.uk-mixedcontent.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	For rules not causing MCB, see arun.gov.uk.xml.
-
--->
-<ruleset name="Arun.gov.uk (MCB)" platform="mixedcontent">
-
-	<target host="www1.arun.gov.uk" />
-		
-		<exclusion pattern="^http://www1\.arun\.gov\.uk/(?!/*cgi-bin(?:$|[?/]))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www1.arun.gov.uk/css/arun.css" />
-			<test url="http://www1.arun.gov.uk/css/styles.css" />
-			<test url="http://www1.arun.gov.uk/images/btnplus.gif" />
-			<test url="http://www1.arun.gov.uk/parkingchallenge/Default.aspx" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www1.arun.gov.uk/cgi-bin/aruncllrs.pl?ward=all" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/events.pl" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/orglist.pl?action=show&amp;id=33" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/ptclerks.pl" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/arun.gov.uk.xml b/src/chrome/content/rules/arun.gov.uk.xml
deleted file mode 100644
index 46db9b1115ce..000000000000
--- a/src/chrome/content/rules/arun.gov.uk.xml
+++ /dev/null
@@ -1,118 +0,0 @@
-<!--
-	Arun District Council
-
-	For rules causing MCB, see arun.gov.uk-mixedcontent.xml.
-
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	Nonfunctional hosts in *arun.gov.uk:
-
-		- aldingbourne ᶠ
-		- barnham ᶠ
-		- burpham ᶠ
-		- clapham ᶠ
-		- claphamandpatching ᶠ
-		- eastergate ᶠ
-		- eastpreston ᶠ
-		- ferring ᶠ
-		- findon ᶠ
-		- ford ᶠ
-		- walberton ᶠ
-		- www ᵈ
-
-	ᵈ Dropped
-	ᶠ Handshake fails
-
-
-	Partially covered hosts in *arun.gov.uk:
-
-		- www1 ⁴
-
-	⁴ >= 1 path 404s
-
-
-	^arun.gov.uk does not exist
-
-
-	Insecure cookies are set for these hosts:
-
-		- www1.arun.gov.uk
-
-
-	Mixed content:
-
-		- css, on:
-
-			- www1 from www.arun.gov.uk ᵈ
-			- www1 from $self ˢ
-			- www1 from fonts.googleapis.com ˢ
-
-		- Images on www1 from www.arun.gov.uk ᵈ
-
-	ᵈ Unsecurable <= dropped
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Arun.gov.uk (partial)">
-
-	<target host="www1.arun.gov.uk" />
-		
-		<!--	404:
-				-->
-		<!--exclusion pattern="^http://www1\.arun\.gov\.uk/parkingchallenge/Default\.aspx" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://www1\.arun\.gov\.uk/(?!/*(?:$|\?|(?:aplanning|cgi-bin|officeforms|webapps2)(?:$|[?/])|css/|images/))" /-->
-		<!--
-			Mixed css:
-					-->
-		<!--exclusion pattern="^http://www1\.arun\.gov\.uk/cgi-bin/(?:aruncllrs|events|orglist|ptclerks)\.pl" /-->
-		<!--
-			In sum:
-					-->
-		<exclusion pattern="^http://www1\.arun\.gov\.uk/(?!/*(?:$|\?|(?:aplanning|officeforms|webapps2)(?:$|[?/])|css/|images/))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www1.arun.gov.uk/Default.aspx" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/aruncllrs.pl?ward=all" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/events.pl" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/orglist.pl?action=show&amp;id=33" />
-			<test url="http://www1.arun.gov.uk/cgi-bin/ptclerks.pl" />
-			<test url="http://www1.arun.gov.uk/default.aspx" />
-			<test url="http://www1.arun.gov.uk/favicon.ico" />
-			<test url="http://www1.arun.gov.uk/index.htm" />
-			<test url="http://www1.arun.gov.uk/index.html" />
-			<test url="http://www1.arun.gov.uk/index.jsp" />
-			<test url="http://www1.arun.gov.uk/index.php" />
-			<test url="http://www1.arun.gov.uk/parkingchallenge/Default.aspx" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www1.arun.gov.uk/aplanning/OcellaWeb/officerDetails?officer=ARG" />
-			<test url="http://www1.arun.gov.uk/aplanning/OcellaWeb/planningDetails?reference=WA/12/16/DOC" />
-			<test url="http://www1.arun.gov.uk/aplanning/OcellaWeb/planningLatestList?days=14&amp;area=AL" />
-			<test url="http://www1.arun.gov.uk/css/arun.css" />
-			<test url="http://www1.arun.gov.uk/css/styles.css" />
-			<test url="http://www1.arun.gov.uk/images/btnplus.gif" />
-			<test url="http://www1.arun.gov.uk/images/calendar/calendar.gif" />
-			<test url="http://www1.arun.gov.uk/officeforms/Apply.ofml" />
-			<test url="http://www1.arun.gov.uk/officeforms/EventformV2.ofml" />
-			<test url="http://www1.arun.gov.uk/officeforms/FlyTippingV3.ofml?id=" />
-			<test url="http://www1.arun.gov.uk/officeforms/Report_It.ofml" />
-			<test url="http://www1.arun.gov.uk/webapps2/ihousingcbl/viewproperties.asp" />
-			<test url="http://www1.arun.gov.uk/webapps2/ihousingcbl/welcome.asp" />
-			<test url="http://www1.arun.gov.uk/webapps2/webmaplayers/" /><!--	sets cookie without Secure -->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www1\.arun\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/as250.net.xml b/src/chrome/content/rules/as250.net.xml
new file mode 100644
index 000000000000..2d7447342316
--- /dev/null
+++ b/src/chrome/content/rules/as250.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Connection failed:
+		netzpolitik.cdn.as250.net
+		chao.as250.net
+		dns.as250.net
+		imap.as250.net
+		mail.as250.net
+		smtp.as250.net
+		sync.as250.net
+
+	Invalid certificate:
+		0zapftis.cdn.as250.net
+		cryptofax2tweet.cdn.as250.net
+		drop.as250.net
+		mirrors.as250.net
+		ccc.mirrors.as250.net
+		publications.ccc.mirrors.as250.net
+		fernsehen.mirrors.as250.net
+		webdav.as250.net
+
+	Not found:
+		web.as250.net
+
+	Timeout:
+		dav.as250.net
+		eris.as250.net
+		eu.mirrors.as250.net
+		zabbix.as250.net
+-->
+<ruleset name="AS250.net">
+
+	<target host="as250.net" />
+	<target host="www.as250.net" />
+	<target host="alternativlos.cdn.as250.net" />
+	<target host="centos.mirrors.as250.net" />
+	<target host="pads.as250.net" />
+	<target host="stats.as250.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/as3gamegears.com.xml b/src/chrome/content/rules/as3gamegears.com.xml
new file mode 100644
index 000000000000..1440abe0c463
--- /dev/null
+++ b/src/chrome/content/rules/as3gamegears.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		api.as3gamegears.com
+		e.as3gamegears.com
+		static.as3gamegears.com
+-->
+<ruleset name="as3gamegears.com">
+	<target host="as3gamegears.com" />
+	<target host="www.as3gamegears.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/asa.org.uk.xml b/src/chrome/content/rules/asa.org.uk.xml
index 845a4d5773b3..5bfc2c6a2f35 100644
--- a/src/chrome/content/rules/asa.org.uk.xml
+++ b/src/chrome/content/rules/asa.org.uk.xml
@@ -1,6 +1,6 @@
 <!--
 	Advertising Standards Authority
-	
+
 
 	Insecure cookies are set for these hosts: ᶜ
 
diff --git a/src/chrome/content/rules/asadcdn.com.xml b/src/chrome/content/rules/asadcdn.com.xml
new file mode 100644
index 000000000000..3e7a558153e2
--- /dev/null
+++ b/src/chrome/content/rules/asadcdn.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="asadcdn.com">
+
+	<target host="www.asadcdn.com" />
+		<test url="http://www.asadcdn.com/adlib/pages/bz-berlin.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/asciimation.co.nz.xml b/src/chrome/content/rules/asciimation.co.nz.xml
new file mode 100644
index 000000000000..f2fcd4663a69
--- /dev/null
+++ b/src/chrome/content/rules/asciimation.co.nz.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ftp.asciimation.co.nz
+
+	Refused:
+		localhost.asciimation.co.nz
+-->
+<ruleset name="asciimation.co.nz">
+	<target host="asciimation.co.nz" />
+	<target host="www.asciimation.co.nz" />
+	<target host="autodiscover.asciimation.co.nz" />
+	<target host="cpanel.asciimation.co.nz" />
+	<target host="mail.asciimation.co.nz" />
+	<target host="webdisk.asciimation.co.nz" />
+	<target host="webmail.asciimation.co.nz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/asfera.info.xml b/src/chrome/content/rules/asfera.info.xml
index b0babde3d36e..6dff52cdb254 100644
--- a/src/chrome/content/rules/asfera.info.xml
+++ b/src/chrome/content/rules/asfera.info.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://asfera.info/ (200) => https://asfera.info/ (521)
 Non-2xx HTTP code: http://www.asfera.info/ (200) => https://www.asfera.info/ (521)
 
 -->
-<ruleset name="asfera.info" default_off='failed ruleset test'>
+<ruleset name="asfera.info" default_off="failed ruleset test">
 	<target host="asfera.info" />
 	<target host="www.asfera.info" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/ashford.gov.uk.xml b/src/chrome/content/rules/ashford.gov.uk.xml
index d4548731f009..48425c48be31 100644
--- a/src/chrome/content/rules/ashford.gov.uk.xml
+++ b/src/chrome/content/rules/ashford.gov.uk.xml
@@ -29,6 +29,6 @@
 	<rule from="^http://ashford\.gov\.uk/"
 			to="https://www.ashford.gov.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/ashops.co.il.xml b/src/chrome/content/rules/ashops.co.il.xml
index 9aac3cbcb49b..5e6ae0b3091f 100644
--- a/src/chrome/content/rules/ashops.co.il.xml
+++ b/src/chrome/content/rules/ashops.co.il.xml
@@ -7,7 +7,7 @@
 	Mixed content:
 
 		- Images from $self ˢ
-	
+
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
diff --git a/src/chrome/content/rules/asio.ooo.xml b/src/chrome/content/rules/asio.ooo.xml
deleted file mode 100644
index 903343398d1e..000000000000
--- a/src/chrome/content/rules/asio.ooo.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="asio.ooo">
-	<target host="asio.ooo" />
-	<target host="www.asio.ooo" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/askvg.com.xml b/src/chrome/content/rules/askvg.com.xml
deleted file mode 100644
index afa49c250461..000000000000
--- a/src/chrome/content/rules/askvg.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="askvg.com">
-	<target host="askvg.com" />
-	<target host="www.askvg.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/assured.se.xml b/src/chrome/content/rules/assured.se.xml
deleted file mode 100644
index 36b13a8f3855..000000000000
--- a/src/chrome/content/rules/assured.se.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="assured">
-         <target host="assured.se" />
-         <target host="www.assured.se" />
- 
-         <rule from="^http:" to="https:" />
- </ruleset>
diff --git a/src/chrome/content/rules/astrobl.ru.xml b/src/chrome/content/rules/astrobl.ru.xml
index fc94b9171214..c0018a77df81 100644
--- a/src/chrome/content/rules/astrobl.ru.xml
+++ b/src/chrome/content/rules/astrobl.ru.xml
@@ -63,7 +63,7 @@ voting.astrobl.ru ⁶
 ⁴ self signed
 ⁶ redirect
 -->
-<ruleset name="astrobl.ru" default_off='failed ruleset test'>
+<ruleset name="astrobl.ru" default_off="failed ruleset test">
 	<target host="astrobl.ru" />
 	<target host="www.astrobl.ru" />
 	<target host="300.astrobl.ru" />
diff --git a/src/chrome/content/rules/at-home.ru.xml b/src/chrome/content/rules/at-home.ru.xml
deleted file mode 100644
index f12dd5c774a8..000000000000
--- a/src/chrome/content/rules/at-home.ru.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-at-home.ru timed out
-www.at-home.ru timed out
-b2b.at-home.ru timed out
--->
-<ruleset name="at-home.ru (partial)">
-	<target host="billing.at-home.ru" />
-	<target host="im.at-home.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/atfonline.gov.xml b/src/chrome/content/rules/atfonline.gov.xml
index e9b454803b6d..b6448297d53e 100644
--- a/src/chrome/content/rules/atfonline.gov.xml
+++ b/src/chrome/content/rules/atfonline.gov.xml
@@ -9,7 +9,7 @@ Fetch error: http://atfonline.gov/ => https://www.atfonline.gov/: (60, 'SSL cert
 	^atfonline.gov: Mismatched
 
 -->
-<ruleset name="ATF Online.gov" default_off='failed ruleset test'>
+<ruleset name="ATF Online.gov" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/atgfw.org.xml b/src/chrome/content/rules/atgfw.org.xml
index e15f769142e1..32f1428095a1 100644
--- a/src/chrome/content/rules/atgfw.org.xml
+++ b/src/chrome/content/rules/atgfw.org.xml
@@ -1,8 +1,8 @@
 <ruleset name="atgfw.org">
-	
+
 	<target host="atgfw.org" />
 	<target host="www.atgfw.org" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/audioboom.com.xml b/src/chrome/content/rules/audioboom.com.xml
deleted file mode 100644
index 7b398d332929..000000000000
--- a/src/chrome/content/rules/audioboom.com.xml
+++ /dev/null
@@ -1,68 +0,0 @@
-<!--
-	CDN buckets:
-
-		- d15mj6e6qmt1na.cloudfront.net
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- audioboom.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-	
-	Cert mismatch:
-		- support.audioboom.com
-		- beta1.audioboom.com
-		- www.blog.audioboom.com
-	
-	Connection refused:
-		- choose.audioboom.com
-		- gateway.audioboom.com
-		- git.audioboom.com
-
-	No route to host:
-		- htchoose.audioboom.com
-
-	Timeout:
-		- jenkins.audioboom.com
-		- waves.audioboom.com
-
-	TLS errors:
-		- cdn.audioboom.com
-
--->
-<ruleset name="Audioboom.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="audioboom.com" />
-	<target host="www.audioboom.com" />
-
-	<target host="api.audioboom.com" />
-	<target host="assets.audioboom.com" />
-	<target host="blog.audioboom.com" />
-	<target host="embeds.audioboom.com" />
-	<target host="mbeds.audioboom.com" />
-	<target host="sss.audioboom.com" />
-	<target host="staging.audioboom.com" />
-
-
-	<!--	Complications:
-				-->
-	<target host="support.audioboom.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^audioboom\.com$" name="^(?:__profilin|test_cookie)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://support\.audioboom\.com/"
-		to="https://audioboom.zendesk.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/audit.wales.xml b/src/chrome/content/rules/audit.wales.xml
index 9d23e1f133db..0e61023738ac 100644
--- a/src/chrome/content/rules/audit.wales.xml
+++ b/src/chrome/content/rules/audit.wales.xml
@@ -29,7 +29,7 @@ Fetch error: http://autodiscover.audit.wales/ => https://email.wao.gov.uk/owa: (
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Audit.Wales" default_off='failed ruleset test'>
+<ruleset name="Audit.Wales" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/autistica.org.uk.xml b/src/chrome/content/rules/autistica.org.uk.xml
index 8c6b16390fb7..bd2579df59ed 100644
--- a/src/chrome/content/rules/autistica.org.uk.xml
+++ b/src/chrome/content/rules/autistica.org.uk.xml
@@ -5,7 +5,7 @@ Fetch error: http://autistica.org.uk/ => https://autistica.org.uk/: (60, 'SSL ce
 Fetch error: http://www.autistica.org.uk/ => https://www.autistica.org.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Autistica.org.uk" default_off='failed ruleset test'>
+<ruleset name="Autistica.org.uk" default_off="failed ruleset test">
 
 	<target host="autistica.org.uk" />
 	<target host="www.autistica.org.uk" />
diff --git a/src/chrome/content/rules/autotrader.co.uk.xml b/src/chrome/content/rules/autotrader.co.uk.xml
index 909db4581007..aae01d060b34 100644
--- a/src/chrome/content/rules/autotrader.co.uk.xml
+++ b/src/chrome/content/rules/autotrader.co.uk.xml
@@ -44,13 +44,13 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- advertising from fast.fonts.net ˢ
 			- farm, plant from trucks.autotrader.co.uk ˢ
 			- trucks from $self ˢ
 
 		- Images, on:
-		
+
 			- advertising, promotions, trucks from $self ˢ
 			- farm, plant, trucks from i.autotrader.co.uk ⁴
 			- farm, plant, trucks from merlin-images.autotrader.co.uk ˢ
diff --git a/src/chrome/content/rules/autotrader.ie.xml b/src/chrome/content/rules/autotrader.ie.xml
index 4379fe49f5d3..788f98e374c3 100644
--- a/src/chrome/content/rules/autotrader.ie.xml
+++ b/src/chrome/content/rules/autotrader.ie.xml
@@ -23,7 +23,7 @@
 		- Images on www from www.carzone.ie ᵐ
 
 		- Bugs, on:
-		
+
 			- m from metrics.carzone.ie ᵐ
 			- www from metrics.autotrader.ie ˢ
 
diff --git a/src/chrome/content/rules/autotravel.ru.xml b/src/chrome/content/rules/autotravel.ru.xml
new file mode 100644
index 000000000000..843fe99752ab
--- /dev/null
+++ b/src/chrome/content/rules/autotravel.ru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		forum3.autotravel.ru
+		host.autotravel.ru
+		ru.autotravel.ru
+-->
+<ruleset name="autotravel.ru">
+	<target host="autotravel.ru" />
+	<target host="www.autotravel.ru" />
+	<target host="forum.autotravel.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/aviationweather.gov.xml b/src/chrome/content/rules/aviationweather.gov.xml
deleted file mode 100644
index 39d847c8b699..000000000000
--- a/src/chrome/content/rules/aviationweather.gov.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-
-
-	Problematic hosts in *aviationweather.gov:
-
-		-  svn ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- aviationweather.gov
-		- bcaws.aviationweather.gov
-		- new.aviationweather.gov
-		- testbed.aviationweather.gov
-		- www.aviationweather.gov
-
--->
-<ruleset name="Aviation Weather.gov (partial)">
-
-	<target host="aviationweather.gov" />
-	<target host="bcaws.aviationweather.gov" />
-	<target host="nam.aviationweather.gov" />
-	<target host="new.aviationweather.gov" />
-	<target host="shiftlog.aviationweather.gov" />
-	<target host="testbed.aviationweather.gov" />
-	<target host="www.aviationweather.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:(?:bcaws|new|testbed|www)\.)?aviationweather\.gov$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/avoinyliopisto.xml b/src/chrome/content/rules/avoinyliopisto.xml
index 60f44ecf2566..d4a75bf734d6 100644
--- a/src/chrome/content/rules/avoinyliopisto.xml
+++ b/src/chrome/content/rules/avoinyliopisto.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.avoinyliopisto.fi/ => https://www.avoinyliopisto.fi/: (5
 Fetch error: http://avoinyliopisto.fi/ => https://www.avoinyliopisto.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.avoinyliopisto.fi'")
 
 -->
-<ruleset name="avoinyliopisto.fi" default_off='failed ruleset test'>
+<ruleset name="avoinyliopisto.fi" default_off="failed ruleset test">
   <target host="www.avoinyliopisto.fi" />
   <target host="avoinyliopisto.fi" />
 
diff --git a/src/chrome/content/rules/ayyo.ru.xml b/src/chrome/content/rules/ayyo.ru.xml
index e1f538ec4dc4..3959e38be160 100644
--- a/src/chrome/content/rules/ayyo.ru.xml
+++ b/src/chrome/content/rules/ayyo.ru.xml
@@ -29,7 +29,7 @@ wanted.ayyo.ru ²
 ¹ mismatch
 ² refused
 -->
-<ruleset name="ayyo.ru" default_off='failed ruleset test'>
+<ruleset name="ayyo.ru" default_off="failed ruleset test">
 	<target host="ayyo.ru" />
 	<target host="www.ayyo.ru" />
 	<target host="about.ayyo.ru" />
diff --git a/src/chrome/content/rules/babator.com.xml b/src/chrome/content/rules/babator.com.xml
deleted file mode 100644
index 7a84bcaba543..000000000000
--- a/src/chrome/content/rules/babator.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<ruleset name="BABATOR.com">
-
-	<target host="babator.com" />
-	<target host="www.babator.com" />
-	<target host="babator-stg-cdn.babator.com" />
-	<target host="cdn.babator.com" />
-	<target host="dev-services.babator.com" />
-	<target host="eu-services.babator.com" />
-	<target host="portal.babator.com" />
-	<target host="services.babator.com" />
-	<target host="stg-services.babator.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/babr24.com.xml b/src/chrome/content/rules/babr24.com.xml
new file mode 100644
index 000000000000..3e2b384a50e5
--- /dev/null
+++ b/src/chrome/content/rules/babr24.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="babr24.com">
+	<target host="babr24.com" />
+	<target host="www.babr24.com" />
+	<target host="m.babr24.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bacontent.de.xml b/src/chrome/content/rules/bacontent.de.xml
new file mode 100644
index 000000000000..5f3400024f43
--- /dev/null
+++ b/src/chrome/content/rules/bacontent.de.xml
@@ -0,0 +1,17 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="bacontent.de">
+
+	<target host="c.bacontent.de" />
+		<test url="http://c.bacontent.de/d/init" />
+	<target host="d.bacontent.de" />
+		<test url="http://d.bacontent.de/d/init" />
+	<target host="t.bacontent.de" />
+		<test url="http://t.bacontent.de/d/init" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/bad-dragon.com.xml b/src/chrome/content/rules/bad-dragon.com.xml
index 2e774e91aebb..7fecad735430 100644
--- a/src/chrome/content/rules/bad-dragon.com.xml
+++ b/src/chrome/content/rules/bad-dragon.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.bad-dragon.com/ => https://www.bad-dragon.com/: Too many
 		- .bad-dragon.com
 
 -->
-<ruleset name="Bad Dragon.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Bad Dragon.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/badil.info.xml b/src/chrome/content/rules/badil.info.xml
deleted file mode 100644
index 2f690d032829..000000000000
--- a/src/chrome/content/rules/badil.info.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Badil.info">
-	<target host="badil.info" />
-	<target host="www.badil.info" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/baf.bund.de.xml b/src/chrome/content/rules/baf.bund.de.xml
new file mode 100644
index 000000000000..b8521e36340c
--- /dev/null
+++ b/src/chrome/content/rules/baf.bund.de.xml
@@ -0,0 +1,12 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BAF.bund.de">
+
+	<target host="www.baf.bund.de" />
+	<target host="www.anlagenschutz.baf.bund.de" />
+	<target host="test.anlagenschutz.baf.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/baidustatic.com.xml b/src/chrome/content/rules/baidustatic.com.xml
index 7d80d020476f..d370ff0b9024 100644
--- a/src/chrome/content/rules/baidustatic.com.xml
+++ b/src/chrome/content/rules/baidustatic.com.xml
@@ -1,7 +1,7 @@
 <!--
 	Related:
 		Baidu.xml
-	
+
 	Mismatched:
 		^
 -->
diff --git a/src/chrome/content/rules/baifendian.xml b/src/chrome/content/rules/baifendian.xml
index a059854bb79f..ba1da6e2f69e 100644
--- a/src/chrome/content/rules/baifendian.xml
+++ b/src/chrome/content/rules/baifendian.xml
@@ -33,7 +33,7 @@
 		<test url="http://ssl-rec5-api.baifendian.com/" />
 		<test url="http://ssl-static.baifendian.com/" />
 		<test url="http://ssl-static5.baifendian.com/" />
-	
+
 	<rule from="^http://passport\.baifendian\.com/"
 		to="https://passport.baifendian.com/" />
 		<test url="http://passport.baifendian.com/" />
diff --git a/src/chrome/content/rules/baltika.fm.xml b/src/chrome/content/rules/baltika.fm.xml
deleted file mode 100644
index 0c892e3da8ea..000000000000
--- a/src/chrome/content/rules/baltika.fm.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="baltika.fm">
-	<target host="baltika.fm" />
-	<target host="www.baltika.fm" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/bankcomat.com.xml b/src/chrome/content/rules/bankcomat.com.xml
index 115f171a8741..0f5a39182700 100644
--- a/src/chrome/content/rules/bankcomat.com.xml
+++ b/src/chrome/content/rules/bankcomat.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://bankcomat.com/ => https://bankcomat.com/: (60, 'SSL certific
 Fetch error: http://www.bankcomat.com/ => https://www.bankcomat.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="bankcomat.com" default_off='failed ruleset test'>
+<ruleset name="bankcomat.com" default_off="failed ruleset test">
 	<target host="bankcomat.com" />
 	<target host="www.bankcomat.com" />
 
diff --git a/src/chrome/content/rules/bankid.com.xml b/src/chrome/content/rules/bankid.com.xml
new file mode 100644
index 000000000000..20e852e63837
--- /dev/null
+++ b/src/chrome/content/rules/bankid.com.xml
@@ -0,0 +1,37 @@
+<!-- 
+	Unknown CA:
+
+		- appapi.bankid.com   
+		- appapi2.bankid.com
+		- bamse.bankid.com
+		- cavainternal.bankid.com
+		- appapi.dev.bankid.com
+		- cavainternal.dev.bankid.com
+		- appapi.test.bankid.com
+		- cuapi.test.bankid.com
+		- cureg.test.bankid.com
+-->
+
+<ruleset name="bankid.com">
+	<target host="bankid.com" />
+	<target host="www.bankid.com" />
+	<target host="alert.bankid.com" />
+	<target host="app.bankid.com" />
+	<target host="cu.bankid.com" />
+	<target host="demo.bankid.com" />
+	<target host="help.bankid.com" />
+	<target host="install.bankid.com" />
+	<target host="www.install.bankid.com" />
+	<target host="m.bankid.com" />
+	<target host="mexx.bankid.com" />
+	<target host="vks.bankid.com" />
+	<target host="support.bankid.com" />
+	<target host="www.support.bankid.com" />
+	<target host="test.bankid.com" />
+	<target host="www.test.bankid.com" />
+	<target host="cu.test.bankid.com" />
+	<target host="mexx.test.bankid.com" />
+	<target host="otp.test.bankid.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/banned.video.xml b/src/chrome/content/rules/banned.video.xml
new file mode 100644
index 000000000000..332cf716234a
--- /dev/null
+++ b/src/chrome/content/rules/banned.video.xml
@@ -0,0 +1,11 @@
+<ruleset name="banned.video">
+	<target host="banned.video" />
+	<target host="www.banned.video" />
+	<target host="api.banned.video" />
+	<target host="api-admin.banned.video" />
+	<target host="chat.banned.video" />
+	<target host="chat-staging.banned.video" />
+	<target host="downloads.banned.video" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/barnardos.org.uk.xml b/src/chrome/content/rules/barnardos.org.uk.xml
index d1d484cfd988..4027fa74d713 100644
--- a/src/chrome/content/rules/barnardos.org.uk.xml
+++ b/src/chrome/content/rules/barnardos.org.uk.xml
@@ -24,7 +24,7 @@ Fetch error: http://testllwcmlw.barnardos.org.uk/ => https://testllwcmlw.barnard
 		- www.barnardos.org.uk
 
 -->
-<ruleset name="Barnardos.org.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Barnardos.org.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/basekit.com.xml b/src/chrome/content/rules/basekit.com.xml
index 5cecc1ad2217..86e3edc7a1cf 100644
--- a/src/chrome/content/rules/basekit.com.xml
+++ b/src/chrome/content/rules/basekit.com.xml
@@ -1,4 +1,7 @@
 <!--
+	2018 Update:
+	custom-css.basekit.com redirects to basekit.com
+
 	Invalid certificate:
 		custom-css.basekit.com
 		docs.basekit.com
@@ -24,13 +27,12 @@
 
 		<test url="http://apidocs.basekit.com/" />
 		<test url="http://developers.basekit.com/" />
-		<test url="http://partners.basekit.com/" />
 		<test url="http://resellers.basekit.com/" />
 		<test url="http://scottishculture.basekit.com/" />
 		<test url="http://support.basekit.com/" />
 		<test url="http://trivia.basekit.com/" />
 		<test url="http://try.basekit.com/" />
-	
+
 		<exclusion pattern="^http://(docs|resources|knowledge)\.basekit\.com/" />
 
 			<test url="http://docs.basekit.com/" />
@@ -39,15 +41,6 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<!--	s? for protocol-relative inclusion
-		on 'resellers', 'try':
-						-->
-	<rule from="^https?://custom-css\.basekit\.com/"
-		to="https://d282ykz6vx01th.cloudfront.net/" />
-
-		<test url="http://custom-css.basekit.com/" />
-		<test url="https://custom-css.basekit.com/live292640_site_41.css" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/basildon.gov.uk.xml b/src/chrome/content/rules/basildon.gov.uk.xml
index e1be729141f0..d7e4e9fd85fd 100644
--- a/src/chrome/content/rules/basildon.gov.uk.xml
+++ b/src/chrome/content/rules/basildon.gov.uk.xml
@@ -34,7 +34,7 @@
 			Exceptions:
 					-->
 		<exclusion pattern="^http://www\.basildon\.gov\.uk/+(?!\w+/(?:css|images|template)/|CHttpHandler\.ashx|media/)" />
-		
+
 			<!--	+ve:
 					-->
 			<test url="http://www.basildon.gov.uk/article/1945/Contact-Us" />
@@ -44,7 +44,7 @@
 			<test url="http://www.basildon.gov.uk/home" />
 			<test url="http://www.basildon.gov.uk/housing" />
 			<test url="http://www.basildon.gov.uk/leisure" />
-		
+
 			<!--	-ve:
 					-->
 			<test url="http://www.basildon.gov.uk/basildon/images/listbullet.gif" />
diff --git a/src/chrome/content/rules/bataysk-gorod.ru.xml b/src/chrome/content/rules/bataysk-gorod.ru.xml
index fa2516098d6b..13a3c5d5e8fc 100644
--- a/src/chrome/content/rules/bataysk-gorod.ru.xml
+++ b/src/chrome/content/rules/bataysk-gorod.ru.xml
@@ -5,7 +5,7 @@ Fetch error: http://bataysk-gorod.ru/ => https://bataysk-gorod.ru/: (7, 'Failed
 Fetch error: http://www.bataysk-gorod.ru/ => https://www.bataysk-gorod.ru/: (7, 'Failed to connect to www.bataysk-gorod.ru port 443: Connection refused')
 Fetch error: http://rss.bataysk-gorod.ru/ => https://rss.bataysk-gorod.ru/: (7, 'Failed to connect to rss.bataysk-gorod.ru port 443: Connection refused')
  old. refused -->
-<ruleset name="bataysk-gorod.ru" default_off='failed ruleset test'>
+<ruleset name="bataysk-gorod.ru" default_off="failed ruleset test">
 	<target host="bataysk-gorod.ru" />
 	<target host="www.bataysk-gorod.ru" />
 	<target host="rss.bataysk-gorod.ru" />
diff --git a/src/chrome/content/rules/bato.to.xml b/src/chrome/content/rules/bato.to.xml
index 0b88aab1ff90..bf27fed1a8cf 100644
--- a/src/chrome/content/rules/bato.to.xml
+++ b/src/chrome/content/rules/bato.to.xml
@@ -1,7 +1,7 @@
 <ruleset name="bato.to">
 	<target host="www.bato.to"/>
 	<target host="bato.to"/>
-	
+
 	<rule from="^http:"
 		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/bauercreative.net.xml b/src/chrome/content/rules/bauercreative.net.xml
index 5efe9c7e04c8..32a1bfea9914 100644
--- a/src/chrome/content/rules/bauercreative.net.xml
+++ b/src/chrome/content/rules/bauercreative.net.xml
@@ -1,37 +1,15 @@
 <!--
 	For other Bauer Media coverage, see bauermedia.co.uk.xml.
 
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
-
-	CDN buckets:
-
-		- d2n06l7rwk07dh.cloudfront.net	← static
-
-
-	Problematic hosts in *bauercreative.net:
-
-		- static ᵐ
-
-	ᵐ Cloudfront / mismatched
-
 -->
-<ruleset name="Bauer creative.net" platform="mixedcontent">
+<ruleset name="Bauer creative.net">
 
-	<!--	Complications:
-				-->
 	<target host="static.bauercreative.net" />
+		<test url="http://static.bauercreative.net/zombie/css/index.css" />
 
+	<securecookie host=".+" name=".+" />
 
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://static\.bauercreative\.net/"
-		to="https://d2n06l7rwk07dh.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
-		<test url="http://static.bauercreative.net/zombie/css/index.css" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/bauermedia.co.uk.xml b/src/chrome/content/rules/bauermedia.co.uk.xml
index 18f47a27b7e3..5c95d0a1d2dd 100644
--- a/src/chrome/content/rules/bauermedia.co.uk.xml
+++ b/src/chrome/content/rules/bauermedia.co.uk.xml
@@ -39,7 +39,7 @@ Fetch error: http://bauermedia.co.uk/ => https://bauermedia.co.uk/: (7, 'Failed
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Bauer Media.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bauer Media.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="bauermedia.co.uk" />
 	<!--target host="mediastorage-lls.bauermedia.co.uk" /-->
diff --git a/src/chrome/content/rules/bay12games.com.xml b/src/chrome/content/rules/bay12games.com.xml
new file mode 100644
index 000000000000..0089429227ca
--- /dev/null
+++ b/src/chrome/content/rules/bay12games.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Refused:
+		- dffd.bay12games.com
+
+	Mismatched:
+		- ftp.bay12games.com
+		- lists.bay12games.com
+		- mail.bay12games.com
+		- ns1.bay12games.com
+		- ns2.bay12games.com
+		- vps.bay12games.com
+
+	Self-signed:
+		- webmail.bay12games.com
+-->
+<ruleset name="bay12games.com">
+	<target host="bay12games.com" />
+	<target host="www.bay12games.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bbc.co.uk-resources.xml b/src/chrome/content/rules/bbc.co.uk-resources.xml
deleted file mode 100644
index 24b91b16e5f9..000000000000
--- a/src/chrome/content/rules/bbc.co.uk-resources.xml
+++ /dev/null
@@ -1,62 +0,0 @@
-<!--
-	For rules covering more than resources, see BBC.xml.
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
--->
-<ruleset name="BBC.co.uk (resources)" platform="mixedcontent">
-
-	<target host="bbc.co.uk" />
-	<target host="downloads.bbc.co.uk" />
-	<target host="open.live.bbc.co.uk" />
-	<target host="www.live.bbc.co.uk" />
-	<target host="newsimg.bbc.co.uk" />
-	<target host="polling.bbc.co.uk" />
-	<target host="static.bbc.co.uk" />
-	<target host="www.bbc.co.uk" />
-
-		<test url="http://downloads.bbc.co.uk/errors/btm.gif" />
-		<test url="http://newsimg.bbc.co.uk/shared/img/v4/skip_to_top_arrow.gif" />
-		<test url="http://static.bbc.co.uk/id/0.34.96/img/bbcid_orb_signin_light.png" />
-
-		<exclusion pattern="^http://(?:www\.)?bbc\.co\.uk/(?!/*favicon\.ico)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.bbc.co.uk/arts" />
-			<test url="http://www.bbc.co.uk/blogs/internet/entries/f6f50d1f-a879-4999-bc6d-6634a71e2e60" />
-			<test url="http://www.bbc.co.uk/blogs/tv/" />
-			<test url="http://www.bbc.co.uk/contact" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.bbc.co.uk/favicon.ico" />
-
-		<!--	Avoid potential XHR or flash policy problems:
-									-->
-		<exclusion pattern="^http://(?!.+\.(?:bmp|css|gifv?|ico|jpe?g|pdf|png|svg|tiff?|ttf|woff)(?:$|\?))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://downloads.bbc.co.uk/default.aspx" />
-			<test url="http://open.live.bbc.co.uk/crossdomain.xml" />
-			<test url="http://open.live.bbc.co.uk/default.aspx" />
-			<test url="http://open.live.bbc.co.uk/weather/feeds/en/2650225/3dayforecast.rss" />
-			<test url="http://polling.bbc.co.uk/appconfig/iplayerradio/tablet/android/2.0.0/info.html" />
-			<test url="http://polling.bbc.co.uk/default.aspx" />
-			<test url="http://polling.bbc.co.uk/index.html" />
-			<test url="http://static.bbc.co.uk/default.aspx" />
-			<test url="http://static.bbci.co.uk/frameworks/jquery/0.3.0/sharedmodules/jquery-1.9.1" />
-			<test url="http://static.bbci.co.uk/frameworks/relay/0.2.6/sharedmodules/relay-1" />
-			<test url="http://www.live.bbc.co.uk/crossdomain.xml" /><!--	secure="false" -->
-			<test url="http://www.live.bbc.co.uk/default.aspx" />
-			<test url="http://www.live.bbc.co.uk/index.html" />
-			<test url="http://www.live.bbc.co.uk/index.php" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/bbk.bund.de.xml b/src/chrome/content/rules/bbk.bund.de.xml
index cea2fcdd5d92..3fb04263ea6c 100644
--- a/src/chrome/content/rules/bbk.bund.de.xml
+++ b/src/chrome/content/rules/bbk.bund.de.xml
@@ -11,7 +11,7 @@
 	<target host="www.bbk.bund.de" />
 	<target host="austausch.bbk.bund.de" />
 	<target host="warnung.bund.de" />
-	
+
 	<!-- Invalid certificate on https://bbk.bund.de/
  		 http://bbk.bund.de/ redirects to http://www.bbk.bund.de/ -->
 	<rule from="^http://bbk\.bund\.de/" to="https://www.bbk.bund.de/"/>
diff --git a/src/chrome/content/rules/bdstatic.com.xml b/src/chrome/content/rules/bdstatic.com.xml
index 23e758506b3a..1c79221392d2 100644
--- a/src/chrome/content/rules/bdstatic.com.xml
+++ b/src/chrome/content/rules/bdstatic.com.xml
@@ -38,17 +38,17 @@
 	<target host="imgt9.bdstatic.com" />
 
 	<target host="sjws.bdstatic.com" />
-	
+
 	<target host="ss0.bdstatic.com" />
 	<target host="ss1.bdstatic.com" />
 	<target host="ss2.bdstatic.com" />
 	<target host="ss3.bdstatic.com" />
 	<target host="tb1.bdstatic.com" />
 	<target host="tb2.bdstatic.com" />
-	
+
 	<target host="vs5.bdstatic.com" />
 	<target host="vs6.bdstatic.com" />
-	
+
 	<target host="zz.bdstatic.com" />
 
 		<test url="http://gss0.bdstatic.com/8r1VfDn-KggZnd_b8IqT0jB-xx1xbK/static/common/img/iot/arrow-down_3d94809.png" />
diff --git a/src/chrome/content/rules/bedford.gov.uk.xml b/src/chrome/content/rules/bedford.gov.uk.xml
index 2c5eee377b4d..a147ed3e5e9b 100644
--- a/src/chrome/content/rules/bedford.gov.uk.xml
+++ b/src/chrome/content/rules/bedford.gov.uk.xml
@@ -44,7 +44,7 @@ Fetch error: http://www.athleticstadium.bedford.gov.uk/ => https://www.bedford.g
 	ˢ Secured by us
 
 -->
-<ruleset name="Bedford.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bedford.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/beirel.ru.xml b/src/chrome/content/rules/beirel.ru.xml
deleted file mode 100644
index d0e6cd1f3f20..000000000000
--- a/src/chrome/content/rules/beirel.ru.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-games.beirel.ru timed out
-radio.beirel.ru timed out
--->
-<ruleset name="beirel.ru (partial)">
-	<target host="beirel.ru" />
-	<target host="www.beirel.ru" />
-	<target host="forum.beirel.ru" />
-	<target host="lk.beirel.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/belaruswith.me.xml b/src/chrome/content/rules/belaruswith.me.xml
new file mode 100644
index 000000000000..24aa2c709d91
--- /dev/null
+++ b/src/chrome/content/rules/belaruswith.me.xml
@@ -0,0 +1,6 @@
+<ruleset name="belaruswith.me">
+    <target host="belaruswith.me" />
+    <target host="www.belaruswith.me" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/belive.ru.xml b/src/chrome/content/rules/belive.ru.xml
deleted file mode 100644
index fb95bb73afd5..000000000000
--- a/src/chrome/content/rules/belive.ru.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="belive.ru" platform="mixedcontent">
-	<target host="belive.ru" />
-	<target host="www.belive.ru" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/benj.cloud.xml b/src/chrome/content/rules/benj.cloud.xml
new file mode 100644
index 000000000000..e1d9d5e46952
--- /dev/null
+++ b/src/chrome/content/rules/benj.cloud.xml
@@ -0,0 +1,8 @@
+<ruleset name="benj.cloud">
+	<target host="benj.cloud" />
+	<target host="office.benj.cloud" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bezeq.co.il.xml b/src/chrome/content/rules/bezeq.co.il.xml
index 1d2074588ab4..58fc7b9ea0ec 100644
--- a/src/chrome/content/rules/bezeq.co.il.xml
+++ b/src/chrome/content/rules/bezeq.co.il.xml
@@ -36,7 +36,7 @@ Fetch error: http://music.bezeq.co.il/ => https://music.bezeq.co.il/: (6, 'Could
 	Mixed content:
 
 		- Images, on:
-		
+
 			- bsupport, m from www02.bezeq.co.il ˢ
 			- m from www.bezeq.co.il ˢ
 
@@ -45,7 +45,7 @@ Fetch error: http://music.bezeq.co.il/ => https://music.bezeq.co.il/: (6, 'Could
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Bezeq.co.il (partial)" default_off='failed ruleset test'>
+<ruleset name="Bezeq.co.il (partial)" default_off="failed ruleset test">
 
 	<target host="bezeq.co.il" />
 	<target host="b-home.bezeq.co.il" />
diff --git a/src/chrome/content/rules/bezopasnik.org.xml b/src/chrome/content/rules/bezopasnik.org.xml
deleted file mode 100644
index 0ba3fb9a8240..000000000000
--- a/src/chrome/content/rules/bezopasnik.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-Invalid certificate:
-	ftp.bezopasnik.org
--->
-<ruleset name="bezopasnik.org">
-	<target host="bezopasnik.org"/>
-	<target host="www.bezopasnik.org"/>
-	<target host="mail.bezopasnik.org" />
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/bgslinc.com.xml b/src/chrome/content/rules/bgslinc.com.xml
new file mode 100644
index 000000000000..f46a0c819211
--- /dev/null
+++ b/src/chrome/content/rules/bgslinc.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		ftp.bgslinc.com
+		imap.bgslinc.com
+		localhost.bgslinc.com
+		members.bgslinc.com
+		webmail.bgslinc.com
+
+	Refused:
+		localhost.bgslinc.com
+
+	Time out:
+		calendar.bgslinc.com
+-->
+<ruleset name="bgslinc.com">
+	<target host="bgslinc.com" />
+	<target host="www.bgslinc.com" />
+	<target host="mail.bgslinc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bicomsystems.com.xml b/src/chrome/content/rules/bicomsystems.com.xml
index 81745af7bd42..5d1602b8f3b9 100644
--- a/src/chrome/content/rules/bicomsystems.com.xml
+++ b/src/chrome/content/rules/bicomsystems.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://wiki.bicomsystems.com/ => https://wiki.bicomsystems.com/: (6
 
 blog.bicomsystems.com expired
 -->
-<ruleset name="bicomsystems.com" default_off='failed ruleset test'>
+<ruleset name="bicomsystems.com" default_off="failed ruleset test">
 	<target host="bicomsystems.com" />
 	<target host="www.bicomsystems.com" />
 	<target host="wiki.bicomsystems.com" />
diff --git a/src/chrome/content/rules/birmingham.gov.uk.xml b/src/chrome/content/rules/birmingham.gov.uk.xml
index c3581f4d6fce..7f415e9296e1 100644
--- a/src/chrome/content/rules/birmingham.gov.uk.xml
+++ b/src/chrome/content/rules/birmingham.gov.uk.xml
@@ -55,7 +55,7 @@ Fetch error: http://lsblaw.birmingham.gov.uk/ => https://lsblaw.birmingham.gov.u
 	Mixed content:
 
 		- css, on:
-		
+
 			- lsblaw from fonts.googleapis.com ˢ
 			- property from $self ˢ
 
@@ -64,7 +64,7 @@ Fetch error: http://lsblaw.birmingham.gov.uk/ => https://lsblaw.birmingham.gov.u
 	ˢ Secured by us
 
 -->
-<ruleset name="Birmingham.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Birmingham.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="birmingham.gov.uk" />
 	<target host="bikenorth.birmingham.gov.uk" />
@@ -101,7 +101,7 @@ Fetch error: http://lsblaw.birmingham.gov.uk/ => https://lsblaw.birmingham.gov.u
 	<!--securecookie host="^bikenorth\.birmingham\.gov\.uk$" name="^(?:PHPSESSID|wfvt_[\d-]+)$" /-->
 	<!--securecookie host="^consult\.birmingham\.gov\.uk$" name="^(?:JSESSION|Server)ID$" /-->
 	<!--securecookie host="^disruption\.birmingham\.gov\.uk$" name="^(?:PHPSESSID|wfvt_[\d-]+)$" /-->
-	<!--securecookie host="^(?:localview|online)\.birmingham\.gov\.uk$" name="^(?:JSESSIONID|customerfirst\.birmingham\.gov\.uk)$" /--> 
+	<!--securecookie host="^(?:localview|online)\.birmingham\.gov\.uk$" name="^(?:JSESSIONID|customerfirst\.birmingham\.gov\.uk)$" /-->
 	<!--securecookie host="^lsblaw\.birmingham\.gov\.uk$" name="^wmp_load_app$" /-->
 	<!--securecookie host="^pcn\.birmingham\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|pcn\.birmingham\.gov\.uk)$" /-->
 	<!--securecookie host="^property\.birmingham\.gov\.uk$" name="^PHPSESSID$" /-->
diff --git a/src/chrome/content/rules/bis.gov.uk-falsemixed.xml b/src/chrome/content/rules/bis.gov.uk-falsemixed.xml
index 7c7ed6ace09a..6012472b5e12 100644
--- a/src/chrome/content/rules/bis.gov.uk-falsemixed.xml
+++ b/src/chrome/content/rules/bis.gov.uk-falsemixed.xml
@@ -9,7 +9,7 @@ Fetch error: http://feconnect.sfa.bis.gov.uk/ => https://feconnect.sfa.bis.gov.u
 	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="BIS.gov.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="BIS.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="feconnect.sfa.bis.gov.uk" />
 
diff --git a/src/chrome/content/rules/bitclubnetwork.com.xml b/src/chrome/content/rules/bitclubnetwork.com.xml
deleted file mode 100644
index d9f551ffe673..000000000000
--- a/src/chrome/content/rules/bitclubnetwork.com.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- bitclubnetwork.com
-
--->
-<ruleset name="BitClub Network.com">
-
-	<target host="bitclubnetwork.com" />
-	<target host="www.bitclubnetwork.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^bitclubnetwork\.com$" name="^PHPSESSID$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/bitcoinknots.org.xml b/src/chrome/content/rules/bitcoinknots.org.xml
index 0d623f6a7db7..0a2cd49d21de 100644
--- a/src/chrome/content/rules/bitcoinknots.org.xml
+++ b/src/chrome/content/rules/bitcoinknots.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.bitcoinknots.org/ => https://www.bitcoinknots.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.bitcoinknots.org'")
 
 -->
-<ruleset name="bitcoinknots.org" default_off='failed ruleset test'>
+<ruleset name="bitcoinknots.org" default_off="failed ruleset test">
 	<target host="bitcoinknots.org" />
 	<target host="www.bitcoinknots.org" />
 
diff --git a/src/chrome/content/rules/bither.net.xml b/src/chrome/content/rules/bither.net.xml
deleted file mode 100644
index c105eb2964a6..000000000000
--- a/src/chrome/content/rules/bither.net.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-www.bither.net ⁴
-bc.bither.net ²
-hdm.bither.net ⁴
-
-
-² refused
-⁴ self signed
--->
-<ruleset name="bither.net">
-	<target host="bither.net" />
-
-	<target host="www.bither.net" />
-
-	<rule from="^http://www\.bither\.net/"
-		to="https://bither.net/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/bitlaunch.io.xml b/src/chrome/content/rules/bitlaunch.io.xml
new file mode 100644
index 000000000000..82fbd35dd275
--- /dev/null
+++ b/src/chrome/content/rules/bitlaunch.io.xml
@@ -0,0 +1,12 @@
+<ruleset name="BitLaunch.io">
+	<target host="bitlaunch.io" />
+	<target host="www.bitlaunch.io" />
+	<target host="affiliates.bitlaunch.io" />
+	<target host="analytics.bitlaunch.io" />
+	<target host="app.bitlaunch.io" />
+	<target host="blacklist.bitlaunch.io" />
+	<target host="developers.bitlaunch.io" />
+	<target host="pay.bitlaunch.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bitrise.io.xml b/src/chrome/content/rules/bitrise.io.xml
index e5f8114d7a5b..167de5b77623 100644
--- a/src/chrome/content/rules/bitrise.io.xml
+++ b/src/chrome/content/rules/bitrise.io.xml
@@ -8,7 +8,7 @@ chat.bitrise.io timed out
 devcenter.bitrise.io mismatch
 status.bitrise.io mismatch
 -->
-<ruleset name="bitrise.io" default_off='failed ruleset test'>
+<ruleset name="bitrise.io" default_off="failed ruleset test">
 	<target host="bitrise.io" />
 	<target host="www.bitrise.io" />
 	<target host="tech.bitrise.io" />
diff --git a/src/chrome/content/rules/bjoernkarmann.dk.xml b/src/chrome/content/rules/bjoernkarmann.dk.xml
new file mode 100644
index 000000000000..81f14daf8e7f
--- /dev/null
+++ b/src/chrome/content/rules/bjoernkarmann.dk.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+		mail.bjoernkarmann.dk
+		mysql.bjoernkarmann.dk
+		smtp.bjoernkarmann.dk
+-->
+<ruleset name="bjoernkarmann.dk">
+	<target host="bjoernkarmann.dk" />
+	<target host="www.bjoernkarmann.dk" />
+	<target host="pouljohansen.bjoernkarmann.dk" />
+	<target host="www.pouljohansen.bjoernkarmann.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bk55.ru.xml b/src/chrome/content/rules/bk55.ru.xml
index c92e072f722c..b7d475e09d04 100644
--- a/src/chrome/content/rules/bk55.ru.xml
+++ b/src/chrome/content/rules/bk55.ru.xml
@@ -8,7 +8,7 @@ Fetch error: http://m.bk55.ru/ => https://m.bk55.ru/: Too many redirects while f
 Fetch error: http://blog.bk55.ru/ => https://blog.bk55.ru/: Too many redirects while fetching 'https://blog.bk55.ru/'
 
 -->
-<ruleset name="bk55.ru" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="bk55.ru" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="bk55.ru" />
 	<target host="www.bk55.ru" />
 	<target host="mc.bk55.ru" />
diff --git a/src/chrome/content/rules/blackarrowsoftware.com.xml b/src/chrome/content/rules/blackarrowsoftware.com.xml
deleted file mode 100644
index 4e18ff222a67..000000000000
--- a/src/chrome/content/rules/blackarrowsoftware.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="blackarrowsoftware.com">
-	<target host="blackarrowsoftware.com"/>
-	<target host="www.blackarrowsoftware.com"/>
-
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/blackburn.gov.uk.xml b/src/chrome/content/rules/blackburn.gov.uk.xml
index 40967e3e178b..7cc5c5b38a57 100644
--- a/src/chrome/content/rules/blackburn.gov.uk.xml
+++ b/src/chrome/content/rules/blackburn.gov.uk.xml
@@ -33,7 +33,7 @@ Fetch error: http://revenuesbenefits.blackburn.gov.uk/ => https://revenuesbenefi
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Blackburn.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Blackburn.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="blackburn.gov.uk" />
 	<target host="mybwd.blackburn.gov.uk" />
diff --git a/src/chrome/content/rules/bleepingcomputer.com.xml b/src/chrome/content/rules/bleepingcomputer.com.xml
index 619a133f9d5f..1b553716720e 100644
--- a/src/chrome/content/rules/bleepingcomputer.com.xml
+++ b/src/chrome/content/rules/bleepingcomputer.com.xml
@@ -8,10 +8,10 @@
 	<target host="www.bleepingcomputer.com"/>
 	<target host="deals.bleepingcomputer.com"/>
 	<target host="download.bleepingcomputer.com"/>
-	
+
 	<target host="bleepstatic.com"/>
 	<target host="www.bleepstatic.com"/>
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
diff --git a/src/chrome/content/rules/blinkt.de.xml b/src/chrome/content/rules/blinkt.de.xml
new file mode 100644
index 000000000000..8d9903cdaad9
--- /dev/null
+++ b/src/chrome/content/rules/blinkt.de.xml
@@ -0,0 +1,61 @@
+<!--
+	Invalid certificate:
+		blinkt.de
+		www.blinkt.de
+		apache.blinkt.de
+		dns2.blinkt.de
+		dyndns.blinkt.de
+		exchange.blinkt.de
+		schweden.blinkt.de
+		seafile.blinkt.de
+		skiron.dyndns.blinkt.de
+
+	Refused:
+		_autodiscover._tcp.blinkt.de
+		_kerberos._tcp.blinkt.de
+		_kerberos._udp.blinkt.de
+		_kpasswd._tcp.blinkt.de
+		_kpasswd._udp.blinkt.de
+		_ldap._tcp.blinkt.de
+		bellatrix.blinkt.de
+		beteigeuze.blinkt.de
+		dns.blinkt.de
+		gw.blinkt.de
+		gw-0.blinkt.de
+		gw-1.blinkt.de
+		hades.blinkt.de
+		home.blinkt.de
+		hermes.blinkt.de
+		mail.blinkt.de
+		mail4.blinkt.de
+		op.blinkt.de
+		openvpn.blinkt.de
+		openvpn4.blinkt.de
+		pan.blinkt.de
+		pbackup.blinkt.de
+		stheno.blinkt.de
+
+	Time out:
+		acra.blinkt.de
+		bellatrix-lom.blinkt.de
+		beteigeuze-lom.blinkt.de
+		eris.blinkt.de
+		heap.blinkt.de
+		hekate.blinkt.de
+		ifolder.blinkt.de
+		naghmey.blinkt.de
+		portal.blinkt.de
+		tetris.blinkt.de
+-->
+<ruleset name="blinkt.de (partial)">
+	<target host="cloud.blinkt.de" />
+	<target host="git.blinkt.de" />
+	<target host="hg.blinkt.de" />
+	<target host="ics-openvpn.blinkt.de" />
+	<target host="kamera.blinkt.de" />
+	<target host="svn.blinkt.de" />
+	<target host="webmail.blinkt.de" />
+	<target host="wiki.blinkt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blogimg.jp.xml b/src/chrome/content/rules/blogimg.jp.xml
new file mode 100644
index 000000000000..6390a9dd51eb
--- /dev/null
+++ b/src/chrome/content/rules/blogimg.jp.xml
@@ -0,0 +1,10 @@
+<!--
+	Related rules:
+	- DLsite.com.xml
+-->
+
+<ruleset name="blogimg.jp">
+	<target host="dlsite.blogimg.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/blogsmithmedia.com.xml b/src/chrome/content/rules/blogsmithmedia.com.xml
index 2c214f8a34b5..b53ad4e8bccb 100644
--- a/src/chrome/content/rules/blogsmithmedia.com.xml
+++ b/src/chrome/content/rules/blogsmithmedia.com.xml
@@ -16,7 +16,7 @@
 			- www.blogcdn.com
 			- www.blogsmithcdn.com
 			- www.blogsmithmedia.com
-	
+
 	^blogsmithmedia.com: 503, Akamai
 
 -->
diff --git a/src/chrome/content/rules/bloomsky.com.xml b/src/chrome/content/rules/bloomsky.com.xml
index f36e20ce51de..5c37734aba96 100644
--- a/src/chrome/content/rules/bloomsky.com.xml
+++ b/src/chrome/content/rules/bloomsky.com.xml
@@ -11,13 +11,13 @@ Fetch error: http://maps.bloomsky.com/ => https://maps.bloomsky.com/: (60, 'SSL
 		- weatherlution.com	(handshake failure)
 
 	Mixed content:
-	
+
 		- video from storage.googleapis.com *
 
 	* Secured by us.
 
 -->
-<ruleset name="Bloomsky (partial)" default_off='failed ruleset test'>
+<ruleset name="Bloomsky (partial)" default_off="failed ruleset test">
 
 	<target host=          "bloomsky.com" />
 	<target host="dashboard.bloomsky.com" />
diff --git a/src/chrome/content/rules/blueonyx.it.xml b/src/chrome/content/rules/blueonyx.it.xml
index bd473a8007c9..e276e27cbc93 100644
--- a/src/chrome/content/rules/blueonyx.it.xml
+++ b/src/chrome/content/rules/blueonyx.it.xml
@@ -10,9 +10,9 @@ mobile.blueonyx.it mismatch
 	<target host="www.blueonyx.it" />
 	<target host="wiki.blueonyx.it" />
 	<target host="mail.blueonyx.it" />
-	
+
 	<rule from="^http://blueonyx\.it/"
 		to="https://www.blueonyx.it/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/bmf1.dk.xml b/src/chrome/content/rules/bmf1.dk.xml
new file mode 100644
index 000000000000..ee0168b5ea9b
--- /dev/null
+++ b/src/chrome/content/rules/bmf1.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="bmf1.dk">
+	<target host="bmf1.dk" />
+	<target host="www.bmf1.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bnl.gov.xml b/src/chrome/content/rules/bnl.gov.xml
index e2a0a50c250b..ee2e1123b95b 100644
--- a/src/chrome/content/rules/bnl.gov.xml
+++ b/src/chrome/content/rules/bnl.gov.xml
@@ -92,7 +92,7 @@ Fetch error: http://wiki.bnl.gov/ => https://wiki.bnl.gov/: (6, 'Could not resol
 	ˢ Secured by us
 
 -->
-<ruleset name="BNL.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="BNL.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/bnymellon.com.xml b/src/chrome/content/rules/bnymellon.com.xml
index 61729a8458aa..512bda2d3855 100644
--- a/src/chrome/content/rules/bnymellon.com.xml
+++ b/src/chrome/content/rules/bnymellon.com.xml
@@ -49,7 +49,7 @@ Fetch error: http://talentcommunity.bnymellon.com/ => https://talentcommunity.bn
 		- jobs.bnymellon.com
 
 -->
-<ruleset name="BNY Mellon.com (partial)" default_off='failed ruleset test'>
+<ruleset name="BNY Mellon.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/bnymellonim.com.xml b/src/chrome/content/rules/bnymellonim.com.xml
index 4a1a68ad241e..b8be8ee7f553 100644
--- a/src/chrome/content/rules/bnymellonim.com.xml
+++ b/src/chrome/content/rules/bnymellonim.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://bnymellonim.com/ => https://www.bnymellonim.com/: (60, 'SSL
 	^bnymellonim.com: Dropped
 
 -->
-<ruleset name="BNY Mellonim.com" default_off='failed ruleset test'>
+<ruleset name="BNY Mellonim.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/boardreader.com.xml b/src/chrome/content/rules/boardreader.com.xml
new file mode 100644
index 000000000000..2acfbe0ac0f5
--- /dev/null
+++ b/src/chrome/content/rules/boardreader.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Non-functional domains:
+		devtools.boardreader.com (issue with certificate chain)
+
+	Redirect to HTTP:
+		support.boardreader.com
+
+	Time out:
+		clients.boardreader.com
+		dev01.boardreader.com
+		forum.boardreader.com
+		spider5.boardreader.com
+-->
+<ruleset name="boardreader.com">
+	<target host="boardreader.com" />
+	<target host="www.boardreader.com" />
+	<target host="api.boardreader.com" />
+	<target host="apidemo.boardreader.com" />
+	<target host="icons.boardreader.com" />
+	<target host="manage.boardreader.com" />
+	<target host="zabbix.boardreader.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/boerse.to.xml b/src/chrome/content/rules/boerse.to.xml
index 3904077499af..ab962dfa1956 100644
--- a/src/chrome/content/rules/boerse.to.xml
+++ b/src/chrome/content/rules/boerse.to.xml
@@ -2,7 +2,7 @@
 
     <target host="boerse.to"/>
     <target host="www.boerse.to"/>
-    
+
     <securecookie host="^(www\.)?boerse\.to" name=".+" />
 
     <rule from="^http:" to="https:"/>
diff --git a/src/chrome/content/rules/boincstats.com.xml b/src/chrome/content/rules/boincstats.com.xml
new file mode 100644
index 000000000000..4668b79e6f8c
--- /dev/null
+++ b/src/chrome/content/rules/boincstats.com.xml
@@ -0,0 +1,39 @@
+<!--
+	Invalid certificate:
+		am.boincstats.com
+		cn.boincstats.com
+		de.boincstats.com
+		fi.boincstats.com
+		lt.boincstats.com
+		ct.boincstats.com
+		cz.boincstats.com
+		de.boincstats.com
+		es.boincstats.com
+		www.es.boincstats.com
+		fi.boincstats.com
+		www.fi.boincstats.com
+		fr.boincstats.com
+		it.boincstats.com
+		jp.boincstats.com
+		kr.boincstats.com
+		www.lt.boincstats.com
+		mobile.boincstats.com
+		nl.boincstats.com
+		pizza.boincstats.com
+		www.pl.boincstats.com
+		ro.boincstats.com
+		ru.boincstats.com
+		se.boincstats.com
+		tr.boincstats.com
+		tw.boincstats.com
+		www.tw.boincstats.com
+-->
+<ruleset name="boincstats.com (partial)">
+
+	<target host="boincstats.com"/>
+	<target host="www.boincstats.com"/>
+	<target host="bam.boincstats.com"/>
+	<target host="classic.boincstats.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/bookware3000.ca.xml b/src/chrome/content/rules/bookware3000.ca.xml
index 9a683cad1312..69c7e2384367 100644
--- a/src/chrome/content/rules/bookware3000.ca.xml
+++ b/src/chrome/content/rules/bookware3000.ca.xml
@@ -4,7 +4,7 @@
 	<securecookie host="^([\w-]+)\.bookware3000\.ca$" name=".+" />
 
 	<test url="http://www.bookware3000.ca/" />
-	<test url="http://conestoga.bookware3000.ca/" />	
+	<test url="http://conestoga.bookware3000.ca/" />
 	<test url="http://mun.bookware3000.ca/" />
 	<test url="http://baconandhughes.bookware3000.ca/" />
 	<test url="http://lakehead.bookware3000.ca/" />
@@ -17,4 +17,4 @@
 
 	<!-- Invalid common name, certificate from *.fastlanepos.ca. -->
 	<exclusion pattern="^http://canbead\.bookware3000\.ca/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/boomstarter.ru.xml b/src/chrome/content/rules/boomstarter.ru.xml
index c3d7d67ea2a7..9502f188a398 100644
--- a/src/chrome/content/rules/boomstarter.ru.xml
+++ b/src/chrome/content/rules/boomstarter.ru.xml
@@ -7,7 +7,7 @@ gifts.boomstarter.ru nonexist
 
 
 -->
-<ruleset name="boomstarter.ru" default_off='failed ruleset test'>
+<ruleset name="boomstarter.ru" default_off="failed ruleset test">
 	<target host="boomstarter.ru" />
 	<target host="www.boomstarter.ru" />
 	<target host="ipo.boomstarter.ru" />
diff --git a/src/chrome/content/rules/bosfera.ru.xml b/src/chrome/content/rules/bosfera.ru.xml
index a888c2277bd4..7fc11b61beaa 100644
--- a/src/chrome/content/rules/bosfera.ru.xml
+++ b/src/chrome/content/rules/bosfera.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://bosfera.bosfera.ru/ => https://bosfera.bosfera.ru/: (6, 'Could not resolve host: bosfera.bosfera.ru')
 
 -->
-<ruleset name="bosfera.ru" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="bosfera.ru" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="bosfera.ru" />
 	<target host="www.bosfera.ru" />
 	<target host="bosfera.bosfera.ru" />
diff --git a/src/chrome/content/rules/bostonfed.org.xml b/src/chrome/content/rules/bostonfed.org.xml
deleted file mode 100644
index 808476c5b47a..000000000000
--- a/src/chrome/content/rules/bostonfed.org.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	Federal Reserve Bank of Boston
-
-
-
-	^bostonfed.org: Mismatched
-	www.bostonfed.org: Server sends no certificate chain, see https://whatsmychaincert.com
-
--->
-<ruleset name="Boston Fed.org (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="forms.bostonfed.org" />
-	<!--target host="www.bostonfed.org" /-->
-
-	<!--	Complcations:
-				-->
-	<!--target host="bostonfed.org" /-->
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--rule from="^http://bostonfed\.org/"
-		to="https://www.bostonfed.org/" /-->
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/boxun.com.xml b/src/chrome/content/rules/boxun.com.xml
index e862425a0b72..8e2933105d6f 100644
--- a/src/chrome/content/rules/boxun.com.xml
+++ b/src/chrome/content/rules/boxun.com.xml
@@ -1,6 +1,6 @@
 <!--
 	MCB:
-		- en 
+		- en
 -->
 
 <ruleset name="boxun.com">
diff --git a/src/chrome/content/rules/bplaced.xml b/src/chrome/content/rules/bplaced.xml
index e652773c548e..101479eec8ce 100644
--- a/src/chrome/content/rules/bplaced.xml
+++ b/src/chrome/content/rules/bplaced.xml
@@ -15,7 +15,6 @@
 	<rule from="^http://bplaced\.net/"
 		to="https://www.bplaced.net/" />
 
-		<test url="http://www.bplaced.net/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/bpsshop.org.uk.xml b/src/chrome/content/rules/bpsshop.org.uk.xml
index 9ba645867f5d..2ad77e651295 100644
--- a/src/chrome/content/rules/bpsshop.org.uk.xml
+++ b/src/chrome/content/rules/bpsshop.org.uk.xml
@@ -3,7 +3,7 @@
 
 
 	(www.)?bpsshop.org.uk: refused
-	
+
 -->
 <ruleset name="BPS Shop.org.uk">
 
diff --git a/src/chrome/content/rules/brandhk.gov.hk.xml b/src/chrome/content/rules/brandhk.gov.hk.xml
index 80fe2fb0e3dd..1f6b90a92431 100644
--- a/src/chrome/content/rules/brandhk.gov.hk.xml
+++ b/src/chrome/content/rules/brandhk.gov.hk.xml
@@ -7,7 +7,7 @@
 <ruleset name="brandhk.gov.hk">
 	<target host="brandhk.gov.hk" />
 	<target host="www.brandhk.gov.hk" />
-	
+
 	<rule from="^http://(www\.)?brandhk\.gov\.hk/"
 		to="https://www.brandhk.gov.hk/" />
 </ruleset>
diff --git a/src/chrome/content/rules/bristol.gov.uk.xml b/src/chrome/content/rules/bristol.gov.uk.xml
index 931bd2b9f62b..ed413e1c5c99 100644
--- a/src/chrome/content/rules/bristol.gov.uk.xml
+++ b/src/chrome/content/rules/bristol.gov.uk.xml
@@ -55,7 +55,7 @@ Fetch error: http://www2.bristol.gov.uk/ => https://www2.bristol.gov.uk/: (60, '
 		- www2 ʰ
 
 	ʰ Some pages redirect to http
-	
+
 
 	Insecure cookies are set for these domains and hosts: ᶜ
 
@@ -80,7 +80,7 @@ Fetch error: http://www2.bristol.gov.uk/ => https://www2.bristol.gov.uk/: (60, '
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Bristol.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bristol.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/broadagesports.com.xml b/src/chrome/content/rules/broadagesports.com.xml
index f9edcb147536..c4a15dde41a8 100644
--- a/src/chrome/content/rules/broadagesports.com.xml
+++ b/src/chrome/content/rules/broadagesports.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://widgets-script.broadagesports.com/content/bage.main.bundle.m
 Fetch error: http://widgets-script.broadagesports.com/ => https://widgets-script.broadagesports.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="broadagesports.com" default_off='failed ruleset test'>
+<ruleset name="broadagesports.com" default_off="failed ruleset test">
 
 	<target host="widgets-script.broadagesports.com" />
 
diff --git a/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml b/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml
index 9d3f478ccfe7..097c5212e692 100644
--- a/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml
+++ b/src/chrome/content/rules/broadland.gov.uk-falsemixed.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://www.broadland.gov.uk/ (200) => https://secure.broadlan
 	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Broadland.gov.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Broadland.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/brucefwebster.xml b/src/chrome/content/rules/brucefwebster.xml
new file mode 100644
index 000000000000..b23b1fd1d465
--- /dev/null
+++ b/src/chrome/content/rules/brucefwebster.xml
@@ -0,0 +1,18 @@
+<!--
+Nonfunctional domains:
+	Certificate mismatch:
+		- brucewebster.com
+		- mail.brucefwebster.com
+-->
+
+<ruleset name="brucefwebster">
+	<target host="bfwa.com" />
+	<target host="mail.bfwa.com" />
+	<target host="www.bfwa.com" />
+	
+	<target host="mail.brucewebster.com" />
+	<target host="brucefwebster.com" />
+	<target host="www.brucefwebster.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/brzoo.org.xml b/src/chrome/content/rules/brzoo.org.xml
new file mode 100644
index 000000000000..7295f756571f
--- /dev/null
+++ b/src/chrome/content/rules/brzoo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		email.brzoo.org
+		ftp.brzoo.org
+		imap.brzoo.org
+		mail.brzoo.org
+		mobilemail.brzoo.org
+		pop.brzoo.org
+		smtp.brzoo.org
+
+	Refused:
+		autodiscover.brzoo.org
+
+	Time out:
+		mail1.brzoo.org
+-->
+<ruleset name="brzoo.org">
+	<target host="brzoo.org" />
+	<target host="www.brzoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/bstu.bund.de.xml b/src/chrome/content/rules/bstu.bund.de.xml
new file mode 100644
index 000000000000..bbcfc76bad82
--- /dev/null
+++ b/src/chrome/content/rules/bstu.bund.de.xml
@@ -0,0 +1,11 @@
+<!--
+	For other bund.de coverages, see Verwaltung_Online.xml.
+-->
+<ruleset name="BStU.bund.de">
+
+	<target host="bstu.bund.de" />
+	<target host="www.bstu.bund.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/btcgpu.org.xml b/src/chrome/content/rules/btcgpu.org.xml
deleted file mode 100644
index f7328c4c54cb..000000000000
--- a/src/chrome/content/rules/btcgpu.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="btcgpu.org">
-	<target host="btcgpu.org" />
-	<target host="www.btcgpu.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/buaa.edu.cn.xml b/src/chrome/content/rules/buaa.edu.cn.xml
new file mode 100644
index 000000000000..9d0b9d2b0110
--- /dev/null
+++ b/src/chrome/content/rules/buaa.edu.cn.xml
@@ -0,0 +1,88 @@
+<!--
+	^.buaa.edu.cn does not exist.
+
+	Certificate expired:
+		- mooc
+		- www.mooc
+		- files.mooc
+		- insights.mooc
+		- network-lab.mooc
+		- preview.mooc
+		- studio.mooc
+		- admire.nlsde
+		- dmmooc.nlsde
+		- fad.nlsde
+		- ftp.nlsde
+		- ipv6.nlsde
+		- pl.nlsde
+		- r.nlsde
+		- sccse.nlsde
+		- sites.nlsde
+		- www-old.nlsde
+
+	Incomplete certificate chain:
+		- mail.act
+		- mx1.dxt
+		- mx2.dxt
+		- imap
+		- mail
+		- imap.nlsde
+		- smtp.nlsde
+		- pop3
+		- smtp
+		- vpn1
+
+	Self-signed certificate:
+		- gsmis.graduate
+		- hkxb
+		- mall
+		- mce
+		- contest.mooc
+		- wap.nlsde
+		- proxy
+		- summer
+		- vpn
+		- yx
+
+	Mismatched certificate:
+		- pay
+		- pay.icw
+
+	HTTP =/= HTTPS:
+		- vpn.nlsde
+
+	SSL handshake error:
+		- ucs
+
+	Connection reset:
+		- mx3.dxt
+
+	Connection timed out:
+		- wap-rdg.nlsde
+-->
+<ruleset name="buaa.edu.cn (partial)">
+	<target host="www.buaa.edu.cn" />
+	<target host="ring.act.buaa.edu.cn" />
+	<target host="app.buaa.edu.cn" />
+	<target host="call-number.buaa.edu.cn" />
+	<target host="img.call-number.buaa.edu.cn" />
+	<target host="card.buaa.edu.cn" />
+	<target host="cwc.buaa.edu.cn" />
+	<target host="e.buaa.edu.cn" />
+	<target host="buaabt-cn.e.buaa.edu.cn" />
+	<target host="course.e.buaa.edu.cn" />
+	<target host="lib.e.buaa.edu.cn" />
+	<target host="ev.buaa.edu.cn" />
+	<target host="icw.buaa.edu.cn" />
+	<target host="imgapp.buaa.edu.cn" />
+	<target host="imgwx.buaa.edu.cn" />
+	<target host="jointcup.buaa.edu.cn" />
+	<target host="news.buaa.edu.cn" />
+	<target host="saed.buaa.edu.cn" />
+	<target host="sso.buaa.edu.cn" />
+	<target host="ucapp.buaa.edu.cn" />
+	<target host="weixin.buaa.edu.cn" />
+	<target host="wv.buaa.edu.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/buckscc.gov.uk.xml b/src/chrome/content/rules/buckscc.gov.uk.xml
index 08de9d8621bf..4e885cc97a22 100644
--- a/src/chrome/content/rules/buckscc.gov.uk.xml
+++ b/src/chrome/content/rules/buckscc.gov.uk.xml
@@ -44,7 +44,7 @@ Fetch error: http://udp.buckscc.gov.uk/ => https://udp.buckscc.gov.uk/: (6, 'Cou
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Bucks CC.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Bucks CC.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="buckscc.gov.uk" />
 	<target host="account.buckscc.gov.uk" />
diff --git a/src/chrome/content/rules/bullzip.com.xml b/src/chrome/content/rules/bullzip.com.xml
new file mode 100644
index 000000000000..5b7c1ed3c95e
--- /dev/null
+++ b/src/chrome/content/rules/bullzip.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		cdn.bullzip.com
+		support.bullzip.com
+
+	Refused:
+		wiki.bullzip.com
+
+	Time out:
+		ftp.bullzip.com
+		imap.bullzip.com
+		mail.bullzip.com
+		pop.bullzip.com
+		ssh.bullzip.com
+-->
+<ruleset name="bullzip.com">
+	<target host="bullzip.com" />
+	<target host="www.bullzip.com" />
+	<target host="update.bullzip.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/business.gov.au.xml b/src/chrome/content/rules/business.gov.au.xml
new file mode 100644
index 000000000000..9a9422fd24e8
--- /dev/null
+++ b/src/chrome/content/rules/business.gov.au.xml
@@ -0,0 +1,36 @@
+<!--
+	Non-functional hosts
+		SSL connect error:
+		- www.register.business.gov.au
+
+		SSL peer certificate was not OK:
+		- ats.business.gov.au
+		- www.ats.business.gov.au
+
+		Incomplete certificate chain error:
+		- ablisfiles.business.gov.au
+		- vanguard.business.gov.au
+		- www.vanguard.business.gov.au
+-->
+<ruleset name="business.gov.au">
+	<target host="business.gov.au" />
+	<target host="ablis.business.gov.au" />
+	<target host="abn.business.gov.au" />
+	<target host="www.abn.business.gov.au" />
+	<target host="abr.business.gov.au" />
+	<target host="www.abr.business.gov.au" />
+	<target host="authorisation.business.gov.au" />
+	<target host="consultation.business.gov.au" />
+	<target host="www.consultation.business.gov.au" />
+	<target host="forms.business.gov.au" />
+		<test url="http://forms.business.gov.au/smartforms/diisr-sa/rsp/" />
+		<test url="http://forms.business.gov.au/aba/servlet/SmartForm.pdf?formCode=DAFF-WAS" />
+	<target host="portal.business.gov.au" />
+	<target host="randdsnapshot.business.gov.au" />
+	<target host="www.randdsnapshot.business.gov.au" />
+	<target host="register.business.gov.au" />
+	<target host="start.business.gov.au" />
+	<target host="www.business.gov.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/busnavi-okinawa.com.xml b/src/chrome/content/rules/busnavi-okinawa.com.xml
new file mode 100644
index 000000000000..7ad9106d53ac
--- /dev/null
+++ b/src/chrome/content/rules/busnavi-okinawa.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="busnavi-okinawa">
+	<target host="www.busnavi-okinawa.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cackle.me.xml b/src/chrome/content/rules/cackle.me.xml
new file mode 100644
index 000000000000..6856e90ed763
--- /dev/null
+++ b/src/chrome/content/rules/cackle.me.xml
@@ -0,0 +1,36 @@
+<!--
+	Invalid certificate:
+		d.cackle.me
+		cms.cackle.me
+
+	Redirect to HTTP:
+		media.cackle.me
+
+	Refused:
+		f.cackle.me
+		forum.cackle.me
+
+	Time out:
+		e.cackle.me
+		g.cackle.me
+		pop3.cackle.me
+		smtp.cackle.me
+		test.cackle.me
+-->
+<ruleset name="cackle.me">
+	<target host="cackle.me" />
+	<target host="www.cackle.me" />
+	<target host="admin.cackle.me" />
+	<target host="blog.cackle.me" />
+	<target host="h.cackle.me" />
+	<target host="i.cackle.me" />
+	<target host="j.cackle.me" />
+	<target host="rt3.cackle.me" />
+	<target host="rt4.cackle.me" />
+	<target host="rt5.cackle.me" />
+	<target host="ru.cackle.me" />
+	<target host="test2.cackle.me" />
+	<target host="widget.cackle.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cacti.net.xml b/src/chrome/content/rules/cacti.net.xml
index 67bd7eb0e507..831feba76ad5 100644
--- a/src/chrome/content/rules/cacti.net.xml
+++ b/src/chrome/content/rules/cacti.net.xml
@@ -3,7 +3,7 @@
 	<target host="cacti.net" />
 	<target host="docs.cacti.net" />
 	<target host="forums.cacti.net" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/callrail.com.xml b/src/chrome/content/rules/callrail.com.xml
index 32693ab1b5fd..b32c613b2e03 100644
--- a/src/chrome/content/rules/callrail.com.xml
+++ b/src/chrome/content/rules/callrail.com.xml
@@ -2,7 +2,7 @@
 	CDN buckets:
 
 		- s3.amazonaws.com/calltrk-production/
-	
+
 
 	Nonfunctional hosts in *callrail.com:
 
diff --git a/src/chrome/content/rules/camopedia.org.xml b/src/chrome/content/rules/camopedia.org.xml
new file mode 100644
index 000000000000..32afba0491b4
--- /dev/null
+++ b/src/chrome/content/rules/camopedia.org.xml
@@ -0,0 +1,20 @@
+<ruleset name="camopedia.org">
+	<target host="camopedia.org" />
+	<target host="www.camopedia.org" />
+	<target host="autodiscover.camopedia.org" />
+	<target host="camouflageindex.camopedia.org" />
+	<target host="www.camouflageindex.camopedia.org" />
+	<target host="camouflagesociety.camopedia.org" />
+	<target host="cpanel.camopedia.org" />
+	<target host="cpcalendars.camopedia.org" />
+	<target host="cpcontacts.camopedia.org" />
+	<target host="forum.camopedia.org" />
+	<target host="www.forum.camopedia.org" />
+	<target host="mail.camopedia.org" />
+	<target host="smf.camopedia.org" />
+	<target host="www.smf.camopedia.org" />
+	<target host="webdisk.camopedia.org" />
+	<target host="webmail.camopedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cancerresearchuk.org.xml b/src/chrome/content/rules/cancerresearchuk.org.xml
index f02709e515a7..1e4c16be7b4d 100644
--- a/src/chrome/content/rules/cancerresearchuk.org.xml
+++ b/src/chrome/content/rules/cancerresearchuk.org.xml
@@ -54,7 +54,7 @@ Fetch error: http://survey.cancerresearchuk.org/ => https://survey.cancerresearc
 	ˢ Secured by us
 
 -->
-<ruleset name="Cancer Research UK.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Cancer Research UK.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/candelatech.com.xml b/src/chrome/content/rules/candelatech.com.xml
new file mode 100644
index 000000000000..5b28e7d28382
--- /dev/null
+++ b/src/chrome/content/rules/candelatech.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="candelatech.com">
+	<target host="candelatech.com" />
+	<rule from="^http://candelatech\.com/" to="https://www.candelatech.com/" /> <!-- mismatch -->
+
+	<target host="www.candelatech.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/captora.com.xml b/src/chrome/content/rules/captora.com.xml
index 028f316db9ee..187390b87c37 100644
--- a/src/chrome/content/rules/captora.com.xml
+++ b/src/chrome/content/rules/captora.com.xml
@@ -21,14 +21,14 @@ Non-2xx HTTP code: http://digitalmarketing.captora.com/rs/719-TVA-959/images/arr
 	Mixed content:
 
 		- Images, on:
-		
+
 			- blog, www from www.captora.com ˢ
 			- blog from blakebrysha.com
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Captora.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Captora.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/cardiff.gov.uk.xml b/src/chrome/content/rules/cardiff.gov.uk.xml
index 8aa4f70e1349..3b19f6cddd1a 100644
--- a/src/chrome/content/rules/cardiff.gov.uk.xml
+++ b/src/chrome/content/rules/cardiff.gov.uk.xml
@@ -51,7 +51,7 @@ Fetch error: http://active.cardiff.gov.uk/ => https://active.cardiff.gov.uk/: (6
 		- www.cardiff.gov.uk
 
 -->
-<ruleset name="Cardiff.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Cardiff.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="cardiff.gov.uk" />
 	<target host="active.cardiff.gov.uk" />
diff --git a/src/chrome/content/rules/carecareersdevon.org.uk.xml b/src/chrome/content/rules/carecareersdevon.org.uk.xml
index edf85ec69103..3a054f8c41e9 100644
--- a/src/chrome/content/rules/carecareersdevon.org.uk.xml
+++ b/src/chrome/content/rules/carecareersdevon.org.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.carecareersdevon.org.uk/ => https://www.carecareersdevon
 	For other UK government coverage, see GOV.UK.xml.
 
 -->
-<ruleset name="Care Careers Devon.org.uk" default_off='failed ruleset test'>
+<ruleset name="Care Careers Devon.org.uk" default_off="failed ruleset test">
 
 	<target host="carecareersdevon.org.uk" />
 	<target host="www.carecareersdevon.org.uk" />
diff --git a/src/chrome/content/rules/careerbuilder.no.xml b/src/chrome/content/rules/careerbuilder.no.xml
index 33c1c7b552df..1fb4fef5002a 100644
--- a/src/chrome/content/rules/careerbuilder.no.xml
+++ b/src/chrome/content/rules/careerbuilder.no.xml
@@ -28,7 +28,7 @@ Non-2xx HTTP code: http://api.careerbuilder.no/ (200) => https://api.careerbuild
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="CareerBuilder.no" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="CareerBuilder.no" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/careinternational.org.uk.xml b/src/chrome/content/rules/careinternational.org.uk.xml
index 3c93e759b5e9..fc5d35cb6f47 100644
--- a/src/chrome/content/rules/careinternational.org.uk.xml
+++ b/src/chrome/content/rules/careinternational.org.uk.xml
@@ -19,7 +19,7 @@ Fetch error: http://walkinhershoes.careinternational.org.uk/ => https://walkinhe
 		- walkinhershoes.careinternational.org.uk
 
 -->
-<ruleset name="Care International.org.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Care International.org.uk (partial)" default_off="failed ruleset test">
 
 	<target host="action.careinternational.org.uk" />
 	<target host="donate.careinternational.org.uk" />
diff --git a/src/chrome/content/rules/carnegiehub.org.xml b/src/chrome/content/rules/carnegiehub.org.xml
new file mode 100644
index 000000000000..cf6e8745b3a7
--- /dev/null
+++ b/src/chrome/content/rules/carnegiehub.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Incomplete certificate chain:
+		filedrop.carnegiehub.org
+
+	Invalid certificate:
+		fax.carnegiehub.org
+		files.carnegiehub.org
+
+	Refused:
+		carnegiehub.org
+		www.carnegiehub.org
+		calendar.carnegiehub.org
+		docs.carnegiehub.org
+		fsp.carnegiehub.org
+		groups.carnegiehub.org
+		intranet.carnegiehub.org
+		isp.carnegiehub.org
+		mail.carnegiehub.org
+-->
+<ruleset name="carnegiehub.org (partial)">
+	<target host="help.carnegiehub.org" />
+	<target host="surveys.carnegiehub.org" />
+	<target host="surveys2.carnegiehub.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/carsales.com.au.xml b/src/chrome/content/rules/carsales.com.au.xml
new file mode 100644
index 000000000000..664e920c8291
--- /dev/null
+++ b/src/chrome/content/rules/carsales.com.au.xml
@@ -0,0 +1,60 @@
+<!--
+	Non-functional subdomains:
+		- analytics		(t)
+		- www.autonews	(m)
+		- berwickcomms	(m)
+		- app.communication	(m)
+		- dataconnect	(t)
+		- www.editorial	(m)
+		- secure.liveimages.editorial	(r)
+		- ergportal		(r)
+		- helpcentre	(r)
+		- www.holdenused	(m)
+		- hondaused		(m)
+		- secure.liveimages	(r)
+		- northernmotorgroup	(t)
+		- retailapi		(t)
+		- sell	(t)
+		- sfb.carsales.com.au/ (404)
+		- shareholder	(r)
+		- ssl	(m)
+		- volkswagen	(m)
+		- www.volkswagen	(m)
+		- vpn	(i)
+		- vpn3	(i)
+		- webconf	(ssl connection error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+
+	Timeout:	
+		<target host="carsales.com.au" />
+		<target host="www.carsales.com.au" />
+		<target host="authservice.carsales.com.au" />
+		<target host="buynow.carsales.com.au" />
+		<target host="carpool.carsales.com.au" />
+		<target host="dealer-services.carsales.com.au" />
+		<target host="member.carsales.com.au" />
+		<target host="owner-reviews.carsales.com.au" />
+		<target host="yahoo.carsales.com.au" />
+-->
+<ruleset name="carsales.com.au">
+	<target host="dialin.carsales.com.au" />
+	<target host="email.carsales.com.au" />
+	<target host="help.carsales.com.au" />
+	<target host="loop.carsales.com.au" />
+	<target host="lyncdiscover.carsales.com.au" />
+	<target host="mail3.carsales.com.au" />
+	<target host="mail5.carsales.com.au" />
+	<target host="meet.carsales.com.au" />
+	<target host="webext.carsales.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/catchdigital.com.xml b/src/chrome/content/rules/catchdigital.com.xml
index cfa32431936c..9103fe0497a2 100644
--- a/src/chrome/content/rules/catchdigital.com.xml
+++ b/src/chrome/content/rules/catchdigital.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://secure.catchdigital.com/ => https://secure.catchdigital.com/
 	(www.)?catchdigital.com: Plaintext reply
 
 -->
-<ruleset name="Catch Digital.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Catch Digital.com (partial)" default_off="failed ruleset test">
 
 	<target host="cineworld.catchdigital.com" />
 	<target host="secure.catchdigital.com" />
diff --git a/src/chrome/content/rules/cbor.io.xml b/src/chrome/content/rules/cbor.io.xml
new file mode 100644
index 000000000000..61f351bb68ac
--- /dev/null
+++ b/src/chrome/content/rules/cbor.io.xml
@@ -0,0 +1,11 @@
+<!--
+	Time out:
+		rd.cbor.io
+-->
+<ruleset name="cbor.io">
+	<target host="cbor.io" />
+	<target host="www.cbor.io" />
+
+	<rule from="^http://www\.cbor\.io/" to="https://cbor.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ccc-ch.ch.xml b/src/chrome/content/rules/ccc-ch.ch.xml
deleted file mode 100644
index 42a980e08a18..000000000000
--- a/src/chrome/content/rules/ccc-ch.ch.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="CCC-CH.ch">
-
-	<target host="ccc-ch.ch" />
-	<target host="www.ccc-ch.ch" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ccxmedia.org.xml b/src/chrome/content/rules/ccxmedia.org.xml
new file mode 100644
index 000000000000..c9046b8d58da
--- /dev/null
+++ b/src/chrome/content/rules/ccxmedia.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="ccxmedia.org">
+	<target host="ccxmedia.org" />
+	<target host="www.ccxmedia.org" />
+	<target host="store.ccxmedia.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cdngc.net.xml b/src/chrome/content/rules/cdngc.net.xml
index 4f88c47ff070..c28896da3c2f 100644
--- a/src/chrome/content/rules/cdngc.net.xml
+++ b/src/chrome/content/rules/cdngc.net.xml
@@ -11,17 +11,9 @@
 <ruleset name="cdngc.net">
 	<target host="ssl.cdngc.net" />
 	<target host="ssl2.cdngc.net" />
-	<target host="clicktalecdn.sslcs.cdngc.net" />
 	<target host="lagentprofailover.sslcs.cdngc.net" />
 	<target host="luxa.sslcs.cdngc.net" />
-	<target host="netaporterll3.sslcs.cdngc.net" />
-	<target host="stylemoi.sslcs.cdngc.net" />
 	<target host="voyagin.sslcs.cdngc.net" />
 
-	<target host="upupgame.sslcs.cdngc.net.sslcs.cdngc.net" />
-		<test url="http://upupgame.sslcs.cdngc.net/dev/ddz/game_lobby.swf" />
-		<!--	Could not resolve host:	-->
-		<exclusion pattern="^http://upupgame\.sslcs\.cdngc\.net\.sslcs\.cdngc\.net/$" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/cdnmaster.xml b/src/chrome/content/rules/cdnmaster.xml
index 1329912ab13c..3dc03e630dc8 100644
--- a/src/chrome/content/rules/cdnmaster.xml
+++ b/src/chrome/content/rules/cdnmaster.xml
@@ -4,7 +4,7 @@
 	-->
 	<target host="cdnmaster.com"/>
 	<target host="tag.cdnmaster.com"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/cdntrf.com.xml b/src/chrome/content/rules/cdntrf.com.xml
new file mode 100644
index 000000000000..3ccf826233b0
--- /dev/null
+++ b/src/chrome/content/rules/cdntrf.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Timeout:
+		adb
+-->
+<ruleset name="cdntrf.com">
+
+	<target host="cdntrf.com" />
+		<test url="http://cdntrf.com/trfAdSetup.js" />
+	<target host="cmp.cdntrf.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/censornet.com.xml b/src/chrome/content/rules/censornet.com.xml
index 2169860ee19a..188de356358e 100644
--- a/src/chrome/content/rules/censornet.com.xml
+++ b/src/chrome/content/rules/censornet.com.xml
@@ -14,7 +14,7 @@ secure.censornet.com different content
 ¹ mismatch
 ⁴ self signed
 -->
-<ruleset name="censornet.com" default_off='failed ruleset test'>
+<ruleset name="censornet.com" default_off="failed ruleset test">
 	<target host="censornet.com" />
 	<target host="www.censornet.com" />
 	<target host="cdn.censornet.com" />
diff --git a/src/chrome/content/rules/centennialbulb.org.xml b/src/chrome/content/rules/centennialbulb.org.xml
new file mode 100644
index 000000000000..8a280157ce97
--- /dev/null
+++ b/src/chrome/content/rules/centennialbulb.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		email.centennialbulb.org
+		ftp.centennialbulb.org
+-->
+<ruleset name="centennialbulb.org">
+	<target host="centennialbulb.org" />
+	<target host="www.centennialbulb.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/central-lincs.org.uk.xml b/src/chrome/content/rules/central-lincs.org.uk.xml
index 4075f0876afa..82684560df9c 100644
--- a/src/chrome/content/rules/central-lincs.org.uk.xml
+++ b/src/chrome/content/rules/central-lincs.org.uk.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://www.central-lincs.org.uk/ (200) => https://www.lincoln
 	(www.)?central-lincs.org.uk: Refused
 
 -->
-<ruleset name="Central-Lincs.org.uk" default_off='failed ruleset test'>
+<ruleset name="Central-Lincs.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/centralindex.com.xml b/src/chrome/content/rules/centralindex.com.xml
index 043ed5d9d938..5c7951596426 100644
--- a/src/chrome/content/rules/centralindex.com.xml
+++ b/src/chrome/content/rules/centralindex.com.xml
@@ -24,8 +24,7 @@
 	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://assets\.centralindex\.com/"
-		to="https://dkthlrncwzdcx.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 		<test url="http://assets.centralindex.com/J/37/45232bb37600ae948dc5f1748b06f75f.png" />
 
diff --git a/src/chrome/content/rules/centrum.cz.xml b/src/chrome/content/rules/centrum.cz.xml
index ef874b8f5035..cbcf29616582 100644
--- a/src/chrome/content/rules/centrum.cz.xml
+++ b/src/chrome/content/rules/centrum.cz.xml
@@ -19,6 +19,7 @@
 		- slovniky.centrum.cz
 		- stahuj.centrum.cz
 		- svatky.centrum.cz
+    - sw.centrum..cz
 		- tvprogram.centrum.cz
 		- user.stahuj.centrum.cz
 		- www.stahuj.centrum.cz
@@ -52,8 +53,6 @@
 	<target host="najisto.centrum.cz" />
 	<target host="pusers.centrum.cz" />
 	<target host="reg.centrum.cz" />
-	<target host="sw.centrum.cz" />
-	<target host="www.sw.centrum.cz" />
 	<target host="user.centrum.cz" />
 	<target host="userhr.centrum.cz" />
 	<target host="xchat.centrum.cz" />
@@ -61,7 +60,6 @@
 
 	<rule from="^http://aktualne\.centrum\.cz/" to="https://www.aktualne.cz/" />
 	<rule from="^http://fotoalba\.centrum\.cz/" to="https://fotoalba.xchat.cz/" />
-	<rule from="^http://sw\.centrum\.cz/" to="https://www.sw.centrum.cz/" />
 	<rule from="^http://xchat\.centrum\.cz/" to="https://www.xchat.cz/" />
 	<rule from="^http://zena\.centrum\.cz/" to="https://www.zena.cz/" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/cesky-hosting.cz.xml b/src/chrome/content/rules/cesky-hosting.cz.xml
index 933d6beb5dba..28557f917d73 100644
--- a/src/chrome/content/rules/cesky-hosting.cz.xml
+++ b/src/chrome/content/rules/cesky-hosting.cz.xml
@@ -15,7 +15,7 @@ Fetch error: http://mysql2.cesky-hosting.cz/ => https://mysql2.cesky-hosting.cz/
 	- opensource.cesky-hosting.cz
 
 -->
-<ruleset name="Český hosting" default_off='failed ruleset test'>
+<ruleset name="Český hosting" default_off="failed ruleset test">
 	<target host="cesky-hosting.cz" />
 	<target host="www.cesky-hosting.cz" />
 	<target host="webmail.cesky-hosting.cz" />
diff --git a/src/chrome/content/rules/cgames.de.xml b/src/chrome/content/rules/cgames.de.xml
new file mode 100644
index 000000000000..cf212a7328dc
--- /dev/null
+++ b/src/chrome/content/rules/cgames.de.xml
@@ -0,0 +1,40 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		- (www.)?cgames.de
+		- imaces.cgames.de
+-->
+<ruleset name="cgames.de">
+
+	<target host="10images.cgames.de" />
+		<test url="http://10images.cgames.de/images/gsgp/256/resident-evil-3-remake-testvideo-zum-n%C3%A4chsten-horror-highlight_6095999.jpg" />
+	<target host="1images.cgames.de" />
+		<test url="http://1images.cgames.de/images/gsgp/256/the-elder-scrolls-online-greymoor_6095900.jpg" />
+	<target host="2images.cgames.de" />
+		<test url="http://2images.cgames.de/images/gsgp/256/lamar-gta-5_6093651.jpg" />
+	<target host="3images.cgames.de" />
+		<test url="http://3images.cgames.de/images/gsgp/256/gaming-vors%C3%A4tze-f%C3%BCr-2020_6088052.jpg" />
+	<target host="4images.cgames.de" />
+		<test url="http://4images.cgames.de/images/gsgp/210/highlightbild-warum-eso-perfekt-ist-um-die-zeit-bis-elder-scrolls-6-zu-%C3%BCberbr%C3%BCcken_6096103.jpg" />
+	<target host="5images.cgames.de" />
+		<test url="http://5images.cgames.de/images/gsgp/256/captain-tsubasa_6089644.jpg" />
+	<target host="6images.cgames.de" />
+		<test url="http://6images.cgames.de/images/gsgp/256/itta_6096025.jpg" />
+	<target host="7images.cgames.de" />
+		<test url="http://7images.cgames.de/images/gsgp/256/resident-evil-3_6095896.jpg" />
+	<target host="8images.cgames.de" />
+		<test url="http://8images.cgames.de/images/gsgp/256/highlightbild-nier-automata-wirr-seltsam-deshalb-so-besonders_2787877.jpg" />
+	<target host="9images.cgames.de" />
+		<test url="http://9images.cgames.de/images/gsgp/256/neuer-final-fantasy-8-trailer-verr%C3%A4t-releasetermin-bald-gehts-los_6075988.jpg" />
+	<target host="files-gamez.cgames.de" />
+	<target host="images.cgames.de" />
+		<test url="http://images.cgames.de/images/gamepro/eCtixUeFx59ow41whleh_59344x66488.jpg" />
+	<target host="static.cgames.de" />
+		<test url="http://static.cgames.de/gp_cb/assets/core/js/jquery.event.swipe.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/chainfire.eu.xml b/src/chrome/content/rules/chainfire.eu.xml
index ba11f4f01f1c..a833e2511f2c 100644
--- a/src/chrome/content/rules/chainfire.eu.xml
+++ b/src/chrome/content/rules/chainfire.eu.xml
@@ -14,7 +14,7 @@ www.usbhost.chainfire.eu ¹
 ¹ mismatch
 ⁴ self signed
 -->
-<ruleset name="chainfire.eu" default_off='failed ruleset test'>
+<ruleset name="chainfire.eu" default_off="failed ruleset test">
 	<target host="chainfire.eu" />
 	<target host="www.chainfire.eu" />
 	<target host="admin.chainfire.eu" />
diff --git a/src/chrome/content/rules/chcoc.gov.xml b/src/chrome/content/rules/chcoc.gov.xml
deleted file mode 100644
index f70a2fc7017d..000000000000
--- a/src/chrome/content/rules/chcoc.gov.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-
-
-	STS header includes includeSubdomains.
-
--->
-<ruleset name="CHCOC.gov">
-
-	<target host="chcoc.gov" />
-	<target host="*.chcoc.gov" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="^http://(?:[^./]+\.){2,}chcoc\.gov/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.chcoc.gov/" />
-			<test url="http://exists.not.chcoc.gov/" />
-
-		<test url="http://www.chcoc.gov/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/cheapies.nz.xml b/src/chrome/content/rules/cheapies.nz.xml
index 0ea316ed7207..8087a6a2ff74 100644
--- a/src/chrome/content/rules/cheapies.nz.xml
+++ b/src/chrome/content/rules/cheapies.nz.xml
@@ -22,4 +22,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/cheat.sh.xml b/src/chrome/content/rules/cheat.sh.xml
new file mode 100644
index 000000000000..f3ab9f0503da
--- /dev/null
+++ b/src/chrome/content/rules/cheat.sh.xml
@@ -0,0 +1,10 @@
+<ruleset name="cheat.sh">
+	<target host="cheat.sh" />
+	<target host="*.cheat.sh" />
+		<test url="http://valid.cheat.sh/curl" />
+		<test url="http://example.cheat.sh/wget" />
+		<test url="http://test.cheat.sh/rpm" />
+		<test url="http://cheat.sh/apt" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cheetosmuseum.com.xml b/src/chrome/content/rules/cheetosmuseum.com.xml
deleted file mode 100644
index d3bcbba2c093..000000000000
--- a/src/chrome/content/rules/cheetosmuseum.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	^cheetosmuseum.com: Mismatched
-
--->
-<ruleset name="Cheatos Museum.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.cheetosmuseum.com" />
-
-	<!--	Complications:
-				-->
-	<target host="cheetosmuseum.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://cheetosmuseum\.com/"
-		to="https://www.cheetosmuseum.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/cherwell.gov.uk-resources.xml b/src/chrome/content/rules/cherwell.gov.uk-resources.xml
deleted file mode 100644
index 31a1da33ca34..000000000000
--- a/src/chrome/content/rules/cherwell.gov.uk-resources.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For rules covering more than resources, see Cherwell.gov.uk.xml.
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-
--->
-<ruleset name="Cherwell.gov.uk (resources)" platform="mixedcontent">
-
-	<target host="www.cherwell.gov.uk" />
-
-		<exclusion pattern="http://www\.cherwell\.gov\.uk/(?!/*(?:css|images|media)/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.cherwell.gov.uk/index.cfm" />
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=10715" />
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=4" />
-			<test url="http://www.cherwell.gov.uk/index.cfm?articleid=8063" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www.cherwell.gov.uk/css/layout0/cherwelldc/smartfaqquestion.css" />
-			<test url="http://www.cherwell.gov.uk/images/cherwelldc/common/corners.gif" />
-			<test url="http://www.cherwell.gov.uk/media/homeicon1/t/b/street_light.png" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/cheshirewestandchester.gov.uk-falsemixed.xml b/src/chrome/content/rules/cheshirewestandchester.gov.uk-falsemixed.xml
deleted file mode 100644
index f10adcd05dec..000000000000
--- a/src/chrome/content/rules/cheshirewestandchester.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see cheshirewestandchester.gov.uk.xml.
-
-
-	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Cheshire West and Chester.gov.uk (false MCB)" platform="mixedcontent">
-
-	<target host="apps.cheshirewestandchester.gov.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/chichester.gov.uk.xml b/src/chrome/content/rules/chichester.gov.uk.xml
index 95dd6b5de3ef..07d2bd96be78 100644
--- a/src/chrome/content/rules/chichester.gov.uk.xml
+++ b/src/chrome/content/rules/chichester.gov.uk.xml
@@ -27,7 +27,7 @@ Fetch error: http://www.westgateleisure.chichester.gov.uk/ => https://www.westga
 
 
 	These altnames do not exist:
-	
+
 		- chichester.gov.uk
 
 
@@ -48,7 +48,7 @@ Fetch error: http://www.westgateleisure.chichester.gov.uk/ => https://www.westga
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Chichester.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Chichester.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="eforms.chichester.gov.uk" />
 	<target host="jobs.chichester.gov.uk" />
diff --git a/src/chrome/content/rules/chinafile.com.xml b/src/chrome/content/rules/chinafile.com.xml
index 291d4e0f76bb..71025c5fcd16 100644
--- a/src/chrome/content/rules/chinafile.com.xml
+++ b/src/chrome/content/rules/chinafile.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.chinafile.com/ => https://www.chinafile.com/: Too many r
 	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="ChinaFile.com (partial)" default_off='failed ruleset test'>
+<ruleset name="ChinaFile.com (partial)" default_off="failed ruleset test">
 
 	<target host="chinafile.com" />
 	<!--target host="anticorruption.chinafile.com" /-->
diff --git a/src/chrome/content/rules/chomikuj.pl.xml b/src/chrome/content/rules/chomikuj.pl.xml
new file mode 100644
index 000000000000..bf7be888b331
--- /dev/null
+++ b/src/chrome/content/rules/chomikuj.pl.xml
@@ -0,0 +1,57 @@
+<!--
+	For other Chomikuj coverage, see static-chomikuj.pl.xml.
+
+	Invalid certificate:
+		download.box.chomikuj.pl
+		darkorbit.chomikuj.pl
+		deepolis.chomikuj.pl
+		farmerama.chomikuj.pl
+		gangsofcrime.chomikuj.pl
+		gladiators.chomikuj.pl
+		mafia.chomikuj.pl
+		mailgate.chomikuj.pl
+
+	Time out:
+		beta.chomikuj.pl
+		bts.box.chomikuj.pl
+		dev-mobile.chomikuj.pl
+		imgsms.chomikuj.pl
+		s1.imgsms.chomikuj.pl
+		s2.imgsms.chomikuj.pl
+		mail.chomikuj.pl
+		music.chomikuj.pl
+		smtp.chomikuj.pl
+		smtp2.chomikuj.pl
+
+	Too many redirects:
+		crm.chomikuj.pl
+-->
+<ruleset name="chomikuj.pl">
+	<target host="chomikuj.pl" />
+	<target host="www.chomikuj.pl" />
+	<target host="box.chomikuj.pl" />
+	<target host="docs1.chomikuj.pl" />
+	<target host="docs10.chomikuj.pl" />
+	<target host="docs11.chomikuj.pl" />
+	<target host="docs12.chomikuj.pl" />
+	<target host="docs13.chomikuj.pl" />
+	<target host="docs14.chomikuj.pl" />
+	<target host="docs15.chomikuj.pl" />
+	<target host="docs16.chomikuj.pl" />
+	<target host="docs17.chomikuj.pl" />
+	<target host="docs18.chomikuj.pl" />
+	<target host="docs2.chomikuj.pl" />
+	<target host="docs3.chomikuj.pl" />
+	<target host="docs4.chomikuj.pl" />
+	<target host="docs5.chomikuj.pl" />
+	<target host="docs6.chomikuj.pl" />
+	<target host="docs7.chomikuj.pl" />
+	<target host="docs8.chomikuj.pl" />
+	<target host="docs9.chomikuj.pl" />
+	<target host="images.chomikuj.pl" />
+	<target host="mobile.chomikuj.pl" />
+	<target host="simg.chomikuj.pl" />
+	<target host="support.chomikuj.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chronox.de.xml b/src/chrome/content/rules/chronox.de.xml
new file mode 100644
index 000000000000..ad0cd725e5f5
--- /dev/null
+++ b/src/chrome/content/rules/chronox.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="chronox.de">
+	<target host="chronox.de" />
+	<target host="www.chronox.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/chuapp.com.xml b/src/chrome/content/rules/chuapp.com.xml
new file mode 100644
index 000000000000..68fab885c5e3
--- /dev/null
+++ b/src/chrome/content/rules/chuapp.com.xml
@@ -0,0 +1,22 @@
+<!--
+	MCB:
+		www.chuapp.com
+		(No function broken.
+		https://github.com/gloomy-ghost/UpgradeMixedContent may help you get font and js all.)
+
+	Invalid certificate:
+		img.chuapp.com  equal to www.chuapp.com
+		baodao.chuapp.com
+		m.chuapp.com
+		ypw.chuapp.com
+-->
+<ruleset name="chuapp.com (partial)">
+	<target host="chuapp.com" />
+	<target host="www.chuapp.com" />
+	<target host="img.chuapp.com" />
+		<test url="http://img.chuapp.com/Public/Home/images/logo90x40.jpg" />
+
+	<rule from="^http://img\.chuapp\.com/" to="https://www.chuapp.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cihan.com.tr.xml b/src/chrome/content/rules/cihan.com.tr.xml
index bf9c7ec44b67..0ebafccc3af4 100644
--- a/src/chrome/content/rules/cihan.com.tr.xml
+++ b/src/chrome/content/rules/cihan.com.tr.xml
@@ -32,7 +32,7 @@ Fetch error: http://www.cihan.com.tr/ => https://www.cihan.com.tr/: (28, 'Operat
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cihan.com.tr (partial)" default_off='failed ruleset test'>
+<ruleset name="Cihan.com.tr (partial)" default_off="failed ruleset test">
 
 	<target host="cihan.com.tr" />
 	<target host="medya.cihan.com.tr" />
diff --git a/src/chrome/content/rules/cincinnatizoo.org.xml b/src/chrome/content/rules/cincinnatizoo.org.xml
new file mode 100644
index 000000000000..32f3c84008d9
--- /dev/null
+++ b/src/chrome/content/rules/cincinnatizoo.org.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		sip.cincinnatizoo.org
+
+	Time out:
+		email.cincinnatizoo.org
+		membership.cincinnatizoo.org
+		portal.cincinnatizoo.org
+-->
+<ruleset name="cincinnatizoo.org">
+	<target host="cincinnatizoo.org" />
+	<target host="www.cincinnatizoo.org" />
+	<target host="autodiscover.cincinnatizoo.org" />
+	<target host="blog.cincinnatizoo.org" />
+	<target host="dragons.cincinnatizoo.org" />
+	<target host="host.cincinnatizoo.org" />
+	<target host="remotemail.cincinnatizoo.org" />
+	<target host="projectsavingspecies.cincinnatizoo.org" />
+	<target host="rews.cincinnatizoo.org" />
+	<target host="staging.cincinnatizoo.org" />
+	<target host="store.cincinnatizoo.org" />
+	<target host="tickets.cincinnatizoo.org" />
+	<target host="ticketstore.cincinnatizoo.org" />
+	<target host="volunteers.cincinnatizoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/citizensadvice.org.uk-falsemixed.xml b/src/chrome/content/rules/citizensadvice.org.uk-falsemixed.xml
deleted file mode 100644
index fa67c213cd2c..000000000000
--- a/src/chrome/content/rules/citizensadvice.org.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see citizensadvice.org.uk.xml.
-
--->
-<ruleset name="Citizens Advice.org.uk (false MCB)" platform="mixedcontent">
-
-	<target host="alphablog.citizensadvice.org.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/citizensadvice.org.uk.xml b/src/chrome/content/rules/citizensadvice.org.uk.xml
index 4a357a390467..0bcaf7abdf71 100644
--- a/src/chrome/content/rules/citizensadvice.org.uk.xml
+++ b/src/chrome/content/rules/citizensadvice.org.uk.xml
@@ -47,7 +47,7 @@ Fetch error: http://citizensadvice.org.uk/ => https://citizensadvice.org.uk/: (2
 	ˢ Secured by us
 
 -->
-<ruleset name="Citizens Advice.org.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Citizens Advice.org.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/civilservice.gov.uk.xml b/src/chrome/content/rules/civilservice.gov.uk.xml
index aa1585ef199a..a528e4169de1 100644
--- a/src/chrome/content/rules/civilservice.gov.uk.xml
+++ b/src/chrome/content/rules/civilservice.gov.uk.xml
@@ -51,7 +51,7 @@ Fetch error: http://www.faststream.civilservice.gov.uk/ => https://www.faststrea
 		- www.gss.civilservice.gov.uk
 
 -->
-<ruleset name="Civil Service.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Civil Service.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/classistatic.com.xml b/src/chrome/content/rules/classistatic.com.xml
new file mode 100644
index 000000000000..0d95dc4e1625
--- /dev/null
+++ b/src/chrome/content/rules/classistatic.com.xml
@@ -0,0 +1,49 @@
+<!--
+	Non-functional subdomains:
+		- classistatic.com	(r)
+		- ac	(m)
+		- api	(r)
+		- api-am	(r)
+		- api-p	(r)
+		- api-pdr	(r)
+		- ext	(m)
+		- gumtree	(m)
+		- img1	(m)
+		- imgc	(m)
+		- include	(m)
+		- inc.latam	(m)
+		- origin-static.m	(i)
+		- static.m	(m)
+		- img.mp	(r)
+		- origin-secureinclude	(r)
+		- origin-securem	(i)
+		- origin-securepic	(r)
+		- pic	(m)
+		- polaris	(r)
+		- secureinclude	(m)
+		- securem	(m)
+		- securepic	(m)
+		- inc.t9	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="classistatic.com">
+
+	<target host="ca.classistatic.com" />
+	<target host="ca-lp2.classistatic.com" />
+	<target host="img.classistatic.com" />
+	<target host="origin-ca.classistatic.com" />
+	<target host="securelatam.classistatic.com" />
+	<target host="securet9.classistatic.com" />
+	<target host="ssl-gumtree.classistatic.com" />
+		<test url="http://ssl-gumtree.classistatic.com/cached/img/svg/google-play.svg" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clicknupload.link.xml b/src/chrome/content/rules/clicknupload.link.xml
index 4158cd500096..55fd08c83cbd 100644
--- a/src/chrome/content/rules/clicknupload.link.xml
+++ b/src/chrome/content/rules/clicknupload.link.xml
@@ -5,7 +5,7 @@ Fetch error: http://clicknupload.link/ => https://clicknupload.link/: Too many r
 Fetch error: http://www.clicknupload.link/ => https://www.clicknupload.link/: Too many redirects while fetching 'https://www.clicknupload.link/'
 
 -->
-<ruleset name="Clicknupload.link" default_off='failed ruleset test'>
+<ruleset name="Clicknupload.link" default_off="failed ruleset test">
 
 	<target host="clicknupload.link" />
 	<target host="www.clicknupload.link" />
diff --git a/src/chrome/content/rules/clippings.com.xml b/src/chrome/content/rules/clippings.com.xml
deleted file mode 100644
index 21a93badd29c..000000000000
--- a/src/chrome/content/rules/clippings.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	CDN buckets:
-
-		- c532063.ssl.cf3.rackcdn.com
-
-
-	STS header includes includeSubdomains.
-
--->
-<ruleset name="Clippings.com">
-
-	<target host="clippings.com" />
-	<target host="*.clippings.com" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="^http://(?:[^./]+\.){2,}clippings\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.clippings.com/" />
-			<test url="http://exists.not.clippings.com/" />
-
-		<test url="http://www.clippings.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/clojure.org.xml b/src/chrome/content/rules/clojure.org.xml
new file mode 100644
index 000000000000..a633214b335c
--- /dev/null
+++ b/src/chrome/content/rules/clojure.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="clojure.org">
+	<target host="clojure.org" />
+	<target host="www.clojure.org" />
+	
+	<target host="download.clojure.org" />
+	<test url="http://download.clojure.org/papers/clojure-hopl-iv-final.pdf" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/clonezilla.org.xml b/src/chrome/content/rules/clonezilla.org.xml
new file mode 100644
index 000000000000..e40fc80adca0
--- /dev/null
+++ b/src/chrome/content/rules/clonezilla.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		hm.clonezilla.org
+		osdn.clonezilla.org
+
+	Unreachable:
+		events.clonezilla.org
+-->
+<ruleset name="clonezilla.org">
+	<target host="clonezilla.org" />
+	<target host="www.clonezilla.org" />
+	<target host="mail.clonezilla.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cloud66.com.xml b/src/chrome/content/rules/cloud66.com.xml
index 804648104480..2262a4bb208d 100644
--- a/src/chrome/content/rules/cloud66.com.xml
+++ b/src/chrome/content/rules/cloud66.com.xml
@@ -6,20 +6,18 @@ realscale.cloud66.com mismatch
 status.cloud66.com mismatch
 uptime.cloud66.com timed out
 developers.cloud66.com timed out
-birdseye.cloud66.com mixed content font, image
+birdseye.cloud66.com mixed content font, image, expired
 help.cloud66.com mixed content image
 -->
 <ruleset name="cloud66.com">
 	<target host="cloud66.com" />
 	<target host="www.cloud66.com" />
 	<target host="app.cloud66.com" />
-	<target host="birdseye.cloud66.com" />
 	<target host="help.cloud66.com" />
-	
+
 	<rule from="^http://cloud66\.com/"
 		to="https://www.cloud66.com/" />
 
-	<test url="http://cloud66.com/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/cloudcma.com.xml b/src/chrome/content/rules/cloudcma.com.xml
new file mode 100644
index 000000000000..bb9ad72cbdf5
--- /dev/null
+++ b/src/chrome/content/rules/cloudcma.com.xml
@@ -0,0 +1,29 @@
+<!--
+	Wildcard DNS but without wildcard certificate.
+
+	Invalid certificate:
+		www.agent.cloudcma.com
+		www.partner.cloudcma.com
+		www.powerpack.cloudcma.com
+		www.retech.cloudcma.com
+		www.tomferry.cloudcma.com
+		webinar.cloudcma.com
+		www.webinar.cloudcma.com
+		www.ztc.cloudcma.com
+-->
+<ruleset name="cloudcma.com">
+	<target host="cloudcma.com" />
+	<target host="www.cloudcma.com" />
+	<target host="agent.cloudcma.com" />
+	<target host="blog.cloudcma.com" />
+	<target host="partner.cloudcma.com" />
+	<target host="powerpack.cloudcma.com" />
+	<target host="reports3.cloudcma.com" />
+	<target host="retech.cloudcma.com" />
+	<target host="staging.cloudcma.com" />
+	<target host="support.cloudcma.com" />
+	<target host="tomferry.cloudcma.com" />
+	<target host="ztc.cloudcma.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cmpxchg8b.com.xml b/src/chrome/content/rules/cmpxchg8b.com.xml
new file mode 100644
index 000000000000..33ffff90e2f9
--- /dev/null
+++ b/src/chrome/content/rules/cmpxchg8b.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- cmpxchg8b.com
+		- www.cmpxchg8b.com
+-->
+<ruleset name="cmpxchg8b.com (partial)">
+	<target host="blog.cmpxchg8b.com" />
+	<target host="lock.cmpxchg8b.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cms.gov.xml b/src/chrome/content/rules/cms.gov.xml
index 5b76e3161314..f2701fba98db 100644
--- a/src/chrome/content/rules/cms.gov.xml
+++ b/src/chrome/content/rules/cms.gov.xml
@@ -71,7 +71,7 @@ Non-2xx HTTP code: http://innovation.cms.gov/ (200) => https://innovation.cms.go
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="CMS.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="CMS.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/cnblogs.com.xml b/src/chrome/content/rules/cnblogs.com.xml
index 9a673a543528..59be90ed8a05 100644
--- a/src/chrome/content/rules/cnblogs.com.xml
+++ b/src/chrome/content/rules/cnblogs.com.xml
@@ -1,23 +1,20 @@
 <!--
+	Expired:
+		aliyun.cnblogs.com
+
 	MCB：
-		www.cnblogs.com/zhaoqingqing/
-		space.cnblogs.com	(break the login and logout button. )
+		space.cnblogs.com	(redirect to https by server and break the login + logout button. )
 
 	Invalid cert:
 		api.ad.cnblogs.com	( equal to ad-api.cnblogs.com )
 		api.kb.cnblogs.com
-		files.cnblogs.com	( https://files.cnblogs.com/files/zhaoqingqing/o_o_toTop.gif )
-
-	Redirect to http:
-		aliyun.cnblogs.com
-		dotnet.cnblogs.com
 		sorry.cnblogs.com
-		zt.cnblogs.com
 -->
-
 <ruleset name="cnblogs.com (partial)">
 	<!--Directly:-->
 	<target host="cnblogs.com" />
+	<target host="www.cnblogs.com" />
+		<test url="http://www.cnblogs.com/zhaoqingqing/p/5959831.html" />
 	<target host="ad.cnblogs.com" />
 	<target host="ad-api.cnblogs.com" />
 		<test url="http://ad-api.cnblogs.com/adunits/image/C1/creative" />
@@ -25,8 +22,11 @@
 	<target host="cdn.cnblogs.com" />
 	<target host="common.cnblogs.com" />
 	<target host="counter.cnblogs.com" />
+	<target host="dotnet.cnblogs.com" />
 	<target host="dotnot.cnblogs.com" />
 	<target host="fils.cnblogs.com" />
+	<target host="files.cnblogs.com" />
+		<test url="http://files.cnblogs.com/files/zhaoqingqing/o_o_toTop.gif" />
 	<target host="group.cnblogs.com" />
 	<target host="home.cnblogs.com" />
 	<target host="images.cnblogs.com" />
@@ -45,34 +45,15 @@
 	<target host="pic.cnblogs.com" />
 	<target host="pic002.cnblogs.com" />
 	<target host="q.cnblogs.com" />
+	<target host="space.cnblogs.com" />
 	<target host="static.cnblogs.com" />
 	<target host="yuntian.cnblogs.com" />
 	<target host="zzk.cnblogs.com" />
 
 	<!--Complications:-->
-	<target host="www.cnblogs.com" />
-		<exclusion pattern="^http://www\.cnblogs\.com/zhaoqingqing/" />
-		<test url="http://www.cnblogs.com/zhaoqingqing/p/5959831.html" />
-
 	<target host="api.ad.cnblogs.com" />
 		<rule from="^http://api\.ad\.cnblogs\.com/" to="https://ad-api.cnblogs.com/" />
 		<test url="http://api.ad.cnblogs.com/adunits/image/C1/creative" />
 
-	<target host="space.cnblogs.com" />
-		<exclusion pattern="^http://space\.cnblogs\.com/(?!city/|common/|(news\/)?images/|pic/|script/)" />
-		<test url="http://space.cnblogs.com/city/usa/" />
-		<test url="http://space.cnblogs.com/common/screen_base_news.css" />
-		<test url="http://space.cnblogs.com/images/logo.gif" />
-		<test url="http://space.cnblogs.com/news/images/upup.gif" />
-		<test url="http://space.cnblogs.com/pic/group/g100207.jpg" />
-		<test url="http://space.cnblogs.com/script/detail_mini.js" />
-
-		<test url="http://space.cnblogs.com/news/detail.aspx?id=69061" />
-		<test url="http://space.cnblogs.com/news/detail.aspx?id=69062" />
-		<test url="http://space.cnblogs.com/news/detail.aspx?id=69063" />
-		<test url="http://space.cnblogs.com/news/detail.aspx?id=69064" />
-		<test url="http://space.cnblogs.com/news/detail.aspx?id=69065" />
-		<test url="http://space.cnblogs.com/news/detail.aspx?id=69066" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/cncf.io.xml b/src/chrome/content/rules/cncf.io.xml
new file mode 100644
index 000000000000..85c5855ef46d
--- /dev/null
+++ b/src/chrome/content/rules/cncf.io.xml
@@ -0,0 +1,46 @@
+<!--
+	Invalid certificate:
+		cncf.devstats.cncf.io
+-->
+<ruleset name="cncf.io">
+
+	<target host="cncf.io" />
+	<target host="www.cncf.io" />
+	<target host="contribute.cncf.io" />
+	<target host="devstats.cncf.io" />
+	<target host="all.devstats.cncf.io" />
+	<target host="cni.devstats.cncf.io" />
+	<target host="containerd.devstats.cncf.io" />
+	<target host="coredns.devstats.cncf.io" />
+	<target host="envoy.devstats.cncf.io" />
+	<target host="fluentd.devstats.cncf.io" />
+	<target host="grpc.devstats.cncf.io" />
+	<target host="jaeger.devstats.cncf.io" />
+	<target host="k8s.devstats.cncf.io" />
+	<target host="linkerd.devstats.cncf.io" />
+	<target host="nats.devstats.cncf.io" />
+	<target host="notary.devstats.cncf.io" />
+	<target host="opa.devstats.cncf.io" />
+	<target host="opentracing.devstats.cncf.io" />
+	<target host="prometheus.devstats.cncf.io" />
+	<target host="rkt.devstats.cncf.io" />
+	<target host="rook.devstats.cncf.io" />
+	<target host="tuf.devstats.cncf.io" />
+	<target host="vitess.devstats.cncf.io" />
+	<target host="discuss.cncf.io" />
+	<target host="envoyslack.cncf.io" />
+	<target host="l.cncf.io" />
+	<target host="landscape.cncf.io" />
+	<target host="lists.cncf.io" />
+	<target host="meetups.cncf.io" />
+	<target host="membership.cncf.io" />
+	<target host="s.cncf.io" />
+	<target host="serverless.cncf.io" />
+	<target host="servicedesk.cncf.io" />
+	<target host="slack.cncf.io" />
+	<target host="store.cncf.io" />
+	<target host="training.cncf.io" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cnv.com.xml b/src/chrome/content/rules/cnv.com.xml
index 84c62b257b80..8e314f35ba38 100644
--- a/src/chrome/content/rules/cnv.com.xml
+++ b/src/chrome/content/rules/cnv.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other CNV.com rulesets:
 
-		- AdultShopping.com.xml
 		- sextoyclub.com.xml
 
 
diff --git a/src/chrome/content/rules/co.cumberland.nc.us.xml b/src/chrome/content/rules/co.cumberland.nc.us.xml
new file mode 100644
index 000000000000..9830cfcacbd4
--- /dev/null
+++ b/src/chrome/content/rules/co.cumberland.nc.us.xml
@@ -0,0 +1,18 @@
+<!--
+	Mismatched:
+		- co.cumberland.nc.us
+-->
+<ruleset name="co.cumberland.nc.us">
+	<target host="co.cumberland.nc.us" />
+	<target host="www.co.cumberland.nc.us" />
+	<target host="animal.co.cumberland.nc.us" />
+	<target host="ccasa.co.cumberland.nc.us" />
+	<target host="dssasa.co.cumberland.nc.us" />
+	<target host="opendata.co.cumberland.nc.us" />
+	<target host="pub.co.cumberland.nc.us" />
+	<target host="taxpwa.co.cumberland.nc.us" />
+	<target host="webserver.co.cumberland.nc.us" />
+
+	<rule from="^http://co\.cumberland\.nc\.us/" to="https://www.co.cumberland.nc.us/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cogentco.com.xml b/src/chrome/content/rules/cogentco.com.xml
new file mode 100644
index 000000000000..e7048aee60dc
--- /dev/null
+++ b/src/chrome/content/rules/cogentco.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="cogentco.com">
+	<target host="www.cogentco.com" />
+	<target host="cogentco.com" />
+	<target host="ecogent.cogentco.com" />
+	<target host="status.cogentco.com" />
+	<target host="mirror.cogentco.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/coin-have.com.xml b/src/chrome/content/rules/coin-have.com.xml
deleted file mode 100644
index fe6e50af8287..000000000000
--- a/src/chrome/content/rules/coin-have.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="coin-have.com">
-	<target host="coin-have.com" />
-	<target host="www.coin-have.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/coin.space.xml b/src/chrome/content/rules/coin.space.xml
index e3ca0cb670a1..02ecb5771bbd 100644
--- a/src/chrome/content/rules/coin.space.xml
+++ b/src/chrome/content/rules/coin.space.xml
@@ -1,16 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ru.coin.space/ => https://ru.coin.space/: (6, 'Could not resolve host: ru.coin.space')
-
+	coin.space uses a subdomain for every cryptocurrency
+	so it is required the wildcard rule.
+	Subdomains can be added and removed at any time
+	for example in case of emergency fork of cryptocurrency.
 -->
-<ruleset name="coin.space" default_off='failed ruleset test'>
+<ruleset name="coin.space">
 	<target host="coin.space" />
-	<target host="www.coin.space" />
-	<target host="db.coin.space" />
-	<target host="live.coin.space" />
-	<target host="proxy.coin.space" />
-	<target host="ru.coin.space" />
+	<target host="*.coin.space" />
+	<test url="http://www.coin.space/" />
+	<test url="http://xrp.coin.space/api/v1/" />
+	<test url="http://xlm.coin.space/api/v1/" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/coinblind.com.xml b/src/chrome/content/rules/coinblind.com.xml
deleted file mode 100644
index 7da8de966106..000000000000
--- a/src/chrome/content/rules/coinblind.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="coinblind.com">
-	<target host="coinblind.com" />
-	<target host="www.coinblind.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/coinhive.com.xml b/src/chrome/content/rules/coinhive.com.xml
deleted file mode 100644
index c1239051163c..000000000000
--- a/src/chrome/content/rules/coinhive.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	Remark: *.coinhive.com have a wildcard DNS Record.
-
-	Insecure Connection:
-		www.coinhive.com
-		www.authedmine.com
-	400:
-		www.coin-hive.com
--->
-<ruleset name="coinhive.com">
-	<target host="coinhive.com" />
-	<target host="www.coinhive.com" />
-
-	<target host="coin-hive.com" />
-	<target host="www.coin-hive.com" />
-	<target host="api.coin-hive.com" />
-
-	<target host="cnhv.co" />
-
-	<target host="authedmine.com" />
-	<target host="www.authedmine.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	
-	<rule from="^http://www\.coinhive\.com/" to="https://coinhive.com/" />
-
-	<rule from="^http://www\.coin-hive\.com/" to="https://coin-hive.com/" />
-
-	<rule from="^http://www\.authedmine\.com/" to="https://authedmine.com/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/coinnebula.com.xml b/src/chrome/content/rules/coinnebula.com.xml
deleted file mode 100644
index 8a62a40e7ff6..000000000000
--- a/src/chrome/content/rules/coinnebula.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="coinnebula.com">
-	<target host="coinnebula.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/cointelgraph.com.xml b/src/chrome/content/rules/cointelgraph.com.xml
index 50a08a4f954e..08f90af3933e 100644
--- a/src/chrome/content/rules/cointelgraph.com.xml
+++ b/src/chrome/content/rules/cointelgraph.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.cointelgraph.com/ => https://www.cointelgraph.com/: (28,
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="cointelgraph.com" default_off='failed ruleset test'>
+<ruleset name="cointelgraph.com" default_off="failed ruleset test">
 
 	<target host="cointelgraph.com" />
 	<target host="jp.cointelgraph.com" />
diff --git a/src/chrome/content/rules/com.com.xml b/src/chrome/content/rules/com.com.xml
new file mode 100644
index 000000000000..ea4e751ad12c
--- /dev/null
+++ b/src/chrome/content/rules/com.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Note: *.com.com has a wildcard DNS record
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- i.i.com.com
+		- origin.i.com.com
+		- image.com.com
+
+		Peer certificate cannot be authenticated with given CA certificates:
+		- assets.com.com
+-->
+<ruleset name="com.com">
+	<target host="com.com" />
+	<target host="www.com.com" />
+	<target host="adlog.com.com" />
+	<target host="ads.com.com" />
+	<target host="dw.com.com" />
+	<target host="img.com.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/comicvine.com.xml b/src/chrome/content/rules/comicvine.com.xml
new file mode 100644
index 000000000000..73ef97252477
--- /dev/null
+++ b/src/chrome/content/rules/comicvine.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="comicvine.com">
+	<target host="comicvine.com" />
+	<target host="www.comicvine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/communities.gov.uk.xml b/src/chrome/content/rules/communities.gov.uk.xml
index 4627e5587c24..0d46070ba3f6 100644
--- a/src/chrome/content/rules/communities.gov.uk.xml
+++ b/src/chrome/content/rules/communities.gov.uk.xml
@@ -32,6 +32,8 @@
 		Status code mismatch:
 		- mcis.erdf.communities.gov.uk
 		- reporting.erdf.communities.gov.uk
+		- maps.communities.gov.uk
+			Example URL: http://maps.communities.gov.uk/geoserver/dclg_inspire/ows?service=WFS&version=2.0.0&request=GetFeature&typeName=dclg_inspire:Local_Authority_Greenbelt_boundaries_2017-18&outputFormat=shape-zip&srsName=EPSG:4326
 
 		4xx client error:
 		- logasnet.communities.gov.uk
@@ -47,7 +49,6 @@
 	<target host="delta.communities.gov.uk" />
 	<target host="eclaims.communities.gov.uk" />
 	<target host="intranet.communities.gov.uk" />
-	<target host="maps.communities.gov.uk" />
 	<target host="reporting.communities.gov.uk" />
 	<target host="tfam.communities.gov.uk" />
 
diff --git a/src/chrome/content/rules/communitycrimemap.xml b/src/chrome/content/rules/communitycrimemap.xml
new file mode 100644
index 000000000000..f54c0cfe5a3d
--- /dev/null
+++ b/src/chrome/content/rules/communitycrimemap.xml
@@ -0,0 +1,7 @@
+<ruleset name="communitycrimemap.com">
+	<target host="communitycrimemap.com"/>
+	<target host="www.communitycrimemap.com"/>
+
+	<rule from="^http:"
+		to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/companic.nl.xml b/src/chrome/content/rules/companic.nl.xml
index 4867ffad4831..2a787d8db7b3 100644
--- a/src/chrome/content/rules/companic.nl.xml
+++ b/src/chrome/content/rules/companic.nl.xml
@@ -7,7 +7,7 @@
 		- .companic.nl
 
 -->
-<ruleset name="Companic.nl" default_off="missing certificate chain">
+<ruleset name="Companic.nl" default_off="cert-chain">
 
 	<target host="companic.nl" />
 	<target host="www.companic.nl" />
diff --git a/src/chrome/content/rules/companieshouse.gi.xml b/src/chrome/content/rules/companieshouse.gi.xml
index f738e57b8fe1..ddb0edcf092f 100644
--- a/src/chrome/content/rules/companieshouse.gi.xml
+++ b/src/chrome/content/rules/companieshouse.gi.xml
@@ -7,7 +7,7 @@
 		- companieshouse.gi
 
 -->
-<ruleset name="Companies House.gi" default_off="missing certificate chain">
+<ruleset name="Companies House.gi" default_off="cert-chain">
 
 	<target host="www.companieshouse.gi" />
 
diff --git a/src/chrome/content/rules/complinet.com.xml b/src/chrome/content/rules/complinet.com.xml
index e06606e201d6..939a840b5110 100644
--- a/src/chrome/content/rules/complinet.com.xml
+++ b/src/chrome/content/rules/complinet.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://complinet.com/ => https://complinet.com/: (51, "SSL: no alte
 Fetch error: http://www.complinet.com/ => https://www.complinet.com/: Too many redirects while fetching 'https://www.complinet.com/'
 
 -->
-<ruleset name="complinet.com" default_off='failed ruleset test'>
+<ruleset name="complinet.com" default_off="failed ruleset test">
 
 	<target host="complinet.com" />
 	<target host="www.complinet.com" />
diff --git a/src/chrome/content/rules/computerbild.de.xml b/src/chrome/content/rules/computerbild.de.xml
index 04bf918c7a20..81b78426d415 100644
--- a/src/chrome/content/rules/computerbild.de.xml
+++ b/src/chrome/content/rules/computerbild.de.xml
@@ -1,44 +1,39 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://computerbild.de/ => https://computerbild.de/: Too many redirects while fetching 'https://computerbild.de/'
-Fetch error: http://www.computerbild.de/ => https://www.computerbild.de/: Too many redirects while fetching 'https://www.computerbild.de/'
-Fetch error: http://computer-bild.de/ => https://computerbild.de/: Too many redirects while fetching 'https://computerbild.de/'
-Fetch error: http://www.computer-bild.de/ => https://www.computerbild.de/: Too many redirects while fetching 'https://www.computerbild.de/'
-
 	Refused:
 		- forum
-
-	Redirect:
-		- dsl-speedtest
-
-	Mismatch:
-		- intenium
-		- d
 		- levelr
-		- newsletter
-		- video
 
-	Timeout:
+	Invalid certificate:
 		- gameduell
-		- r2
+		- intenium
 -->
-<ruleset name="ComputerBild.de" default_off='failed ruleset test'>
+<ruleset name="ComputerBild.de (partial)">
+
 	<target host="computerbild.de"/>
 	<target host="www.computerbild.de"/>
-	<target host="shop.computerbild.de"/>
+	<target host="d.computerbild.de" />
+	<target host="dsl-speedtest.computerbild.de" />
 	<target host="i.computerbild.de"/>
 	<target host="img.computerbild.de"/>
+	<target host="newsletter.computerbild.de" />
+	<target host="r2.computerbild.de" />
+	<target host="shop.computerbild.de"/>
+	<target host="speedtest.computerbild.de" />
+	<target host="video.computerbild.de" />
+
 	<target host="computer-bild.de"/>
 	<target host="www.computer-bild.de"/>
 	<target host="i.computer-bild.de"/>
 
 	<rule from="^http://computer-bild\.de/"
 		to="https://computerbild.de/"/>
+
 	<rule from="^http://www\.computer-bild\.de/"
 		to="https://www.computerbild.de/"/>
+
 	<rule from="^http://i\.computer-bild\.de/"
 		to="https://i.computerbild.de/"/>
-	<rule from="^http:"
-		to="https:"/>
+
+	<rule from="^http:"	to="https:"/>
+
 </ruleset>
diff --git a/src/chrome/content/rules/conan.io.xml b/src/chrome/content/rules/conan.io.xml
new file mode 100644
index 000000000000..17655016ec73
--- /dev/null
+++ b/src/chrome/content/rules/conan.io.xml
@@ -0,0 +1,11 @@
+<ruleset name="conan.io">
+	<target host="conan.io" />
+	<target host="*.conan.io" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://www.conan.io/" />
+	<test url="http://conan.io/center/" />
+	<test url="http://blog.conan.io/" />
+	<test url="http://docs.conan.io/en/latest/" />
+</ruleset>
diff --git a/src/chrome/content/rules/concourse.ci.xml b/src/chrome/content/rules/concourse.ci.xml
deleted file mode 100644
index 0e1b29d2ca38..000000000000
--- a/src/chrome/content/rules/concourse.ci.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Invalid certificate:
-		www.concourse.ci
-		slack.concourse.ci
-		telemetry.concourse.ci
-
--->
-<ruleset name="Concourse.ci">
-
-	<target host="concourse.ci" />
-	<target host="www.concourse.ci" />
-	<target host="ci.concourse.ci" />
-	<target host="discuss.concourse.ci" />
-	<target host="metrics.concourse.ci" />
-	<target host="wings.concourse.ci" />
-	
-	<rule from="^http://www\.concourse\.ci/"
-		to="https://concourse.ci/" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/connect.de.xml b/src/chrome/content/rules/connect.de.xml
new file mode 100644
index 000000000000..563bf72fe84f
--- /dev/null
+++ b/src/chrome/content/rules/connect.de.xml
@@ -0,0 +1,40 @@
+<!--
+	Invalid certificate:
+		digitalexperte.connect.de
+		img[1-4].connect.de
+		www.img4.connect.de
+		mobilexperte.connect.de
+		mobilfunkexperte.connect.de
+		www.speedtest.connect.de
+
+	Refused:
+		telfish.connect.de
+
+	Timeout:
+		next.connect.de
+		whitepaperdb.connect.de
+-->
+<ruleset name="connect.de">
+
+	<target host="connect.de" />
+	<target host="www.connect.de" />
+	<target host="abo.connect.de" />
+	<target host="aktionen.connect.de" />
+	<target host="fotoquiz.connect.de" />
+	<target host="jobboerse.connect.de" />
+	<target host="marketing.connect.de" />
+	<target host="newsletter.connect.de" />
+	<target host="playground.connect.de" />
+	<target host="speedtest.connect.de" />
+	<target host="server1.speedtest.connect.de" />
+	<target host="server2.speedtest.connect.de" />
+	<target host="spezial.connect.de" />
+	<target host="spiele.connect.de" />
+	<target host="tarifrechner.connect.de" />
+	<target host="web.connect.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/connectingcredentials.org.xml b/src/chrome/content/rules/connectingcredentials.org.xml
new file mode 100644
index 000000000000..3b3044be35fd
--- /dev/null
+++ b/src/chrome/content/rules/connectingcredentials.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="connectingcredentials.org">
+	<target host="connectingcredentials.org" />
+	<target host="www.connectingcredentials.org" />
+	<target host="mail.connectingcredentials.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cookiepedia.co.uk.xml b/src/chrome/content/rules/cookiepedia.co.uk.xml
deleted file mode 100644
index 7cdbaaff2d75..000000000000
--- a/src/chrome/content/rules/cookiepedia.co.uk.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cookiepedia.co.uk/ => https://cookiepedia.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-Fetch error: http://www.cookiepedia.co.uk/ => https://cookiepedia.co.uk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
-
-	www.cookiepedia.co.uk: Mismatched
-
--->
-<ruleset name="Cookiepedia.co.uk" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="cookiepedia.co.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="www.cookiepedia.co.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.cookiepedia\.co\.uk/"
-		to="https://cookiepedia.co.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/cool18.com.xml b/src/chrome/content/rules/cool18.com.xml
new file mode 100644
index 000000000000..d3e0fc3e35a8
--- /dev/null
+++ b/src/chrome/content/rules/cool18.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="cool18.com">
+	<target host="cool18.com" />
+	<target host="www.cool18.com" />
+	<target host="wap.cool18.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/copeland.gov.uk.xml b/src/chrome/content/rules/copeland.gov.uk.xml
index a85e562e66ee..e603da006dbe 100644
--- a/src/chrome/content/rules/copeland.gov.uk.xml
+++ b/src/chrome/content/rules/copeland.gov.uk.xml
@@ -12,7 +12,7 @@ Fetch error: http://erb.copeland.gov.uk/ => https://erb.copeland.gov.uk/: (60, '
 	(www.)?copeland.gov.uk: Refused
 
 -->
-<ruleset name="Copeland.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Copeland.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="eforms.copeland.gov.uk" />
 	<target host="erb.copeland.gov.uk" />
diff --git a/src/chrome/content/rules/copy.me.xml b/src/chrome/content/rules/copy.me.xml
index 9bfba78c971d..1beca7b6b198 100644
--- a/src/chrome/content/rules/copy.me.xml
+++ b/src/chrome/content/rules/copy.me.xml
@@ -16,4 +16,4 @@
 	<rule from="^http://copy\.me/"
 		to="https://www.etoro.com/people/" />
 
-</ruleset>	
+</ruleset>
diff --git a/src/chrome/content/rules/coralproject.net.xml b/src/chrome/content/rules/coralproject.net.xml
index f9595f8915a9..d739c880c446 100644
--- a/src/chrome/content/rules/coralproject.net.xml
+++ b/src/chrome/content/rules/coralproject.net.xml
@@ -4,4 +4,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/coronavirus.gov.hk.xml b/src/chrome/content/rules/coronavirus.gov.hk.xml
new file mode 100644
index 000000000000..5386391c1ab2
--- /dev/null
+++ b/src/chrome/content/rules/coronavirus.gov.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts:
+		Certificate mismatched:
+		- www0.coronavirus.gov.hk
+-->
+<ruleset name="coronavirus.gov.hk">
+	<target host="coronavirus.gov.hk" />
+	<target host="www.coronavirus.gov.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/corrupcia.net.xml b/src/chrome/content/rules/corrupcia.net.xml
index 4f05f0b055b0..1c1d5df77ab5 100644
--- a/src/chrome/content/rules/corrupcia.net.xml
+++ b/src/chrome/content/rules/corrupcia.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://corrupcia.net/ => https://corrupcia.net/: (28, 'Operation ti
 Fetch error: http://www.corrupcia.net/ => https://www.corrupcia.net/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="corrupcia.net" default_off='failed ruleset test'>
+<ruleset name="corrupcia.net" default_off="failed ruleset test">
 	<target host="corrupcia.net" />
 	<target host="www.corrupcia.net" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/cosmonova.net.xml b/src/chrome/content/rules/cosmonova.net.xml
index 12b5584c7c69..63f5fa731bb1 100644
--- a/src/chrome/content/rules/cosmonova.net.xml
+++ b/src/chrome/content/rules/cosmonova.net.xml
@@ -10,7 +10,7 @@ mobapp.cosmonova.net ⁷
 <ruleset name="cosmonova.net">
 	<target host="cosmonova.net" />
 	<target host="www.cosmonova.net" />
-	
+
 	<rule from="^http://www\.cosmonova\.net/"
 		to="https://cosmonova.net/" />
 
diff --git a/src/chrome/content/rules/cotswold.gov.uk.xml b/src/chrome/content/rules/cotswold.gov.uk.xml
index 4914b0fc2880..831a7940a3a3 100644
--- a/src/chrome/content/rules/cotswold.gov.uk.xml
+++ b/src/chrome/content/rules/cotswold.gov.uk.xml
@@ -16,6 +16,6 @@
 -->
 <ruleset name="cotswold.gov.uk (partial)">
 	<target host="www.cotswold.gov.uk" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/counterpath.com.xml b/src/chrome/content/rules/counterpath.com.xml
index 0637e7ba32d9..a20141e286a4 100644
--- a/src/chrome/content/rules/counterpath.com.xml
+++ b/src/chrome/content/rules/counterpath.com.xml
@@ -8,7 +8,7 @@ counterpath.com redirect
 www.counterpath.com redirect
 blog.counterpath.com mixed content
 -->
-<ruleset name="counterpath.com (partial)" default_off='failed ruleset test'>
+<ruleset name="counterpath.com (partial)" default_off="failed ruleset test">
 	<target host="jira.counterpath.com" />
 	<target host="secure.counterpath.com" />
 	<target host="support.counterpath.com" />
diff --git a/src/chrome/content/rules/countle.com.xml b/src/chrome/content/rules/countle.com.xml
new file mode 100644
index 000000000000..7794d85c7f59
--- /dev/null
+++ b/src/chrome/content/rules/countle.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Countle">
+  <target host="countle.com" />
+  <target host="www.countle.com" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cpaste.xml b/src/chrome/content/rules/cpaste.xml
index 639dd5b8a27b..1644a8817b11 100644
--- a/src/chrome/content/rules/cpaste.xml
+++ b/src/chrome/content/rules/cpaste.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.cpaste.org/ => https://www.cpaste.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cpaste.org'")
 
 -->
-<ruleset name="cpaste" default_off='failed ruleset test'>
+<ruleset name="cpaste" default_off="failed ruleset test">
 
 	<target host="cpaste.org" />
 	<target host="www.cpaste.org" />
diff --git a/src/chrome/content/rules/cpcwiki.eu.xml b/src/chrome/content/rules/cpcwiki.eu.xml
new file mode 100644
index 000000000000..4202cd093ed0
--- /dev/null
+++ b/src/chrome/content/rules/cpcwiki.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		mail.cpcwiki.eu
+-->
+<ruleset name="cpcwiki.eu">
+	<target host="cpcwiki.eu" />
+	<target host="www.cpcwiki.eu" />
+
+	<rule from="^http://cpcwiki\.eu/" to="https://www.cpcwiki.eu/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cpiz.net.xml b/src/chrome/content/rules/cpiz.net.xml
index ea02897f376a..22d4da540b0a 100644
--- a/src/chrome/content/rules/cpiz.net.xml
+++ b/src/chrome/content/rules/cpiz.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.cpiz.net/ => https://www.cpiz.net/: (60, 'SSL certificat
 Fetch error: http://annie.cpiz.net/ => https://annie.cpiz.net/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="cpiz.net" default_off='failed ruleset test'>
+<ruleset name="cpiz.net" default_off="failed ruleset test">
 	<target host="cpiz.net" />
 	<target host="www.cpiz.net" />
 	<target host="annie.cpiz.net" />
diff --git a/src/chrome/content/rules/cppc.ca.xml b/src/chrome/content/rules/cppc.ca.xml
new file mode 100644
index 000000000000..98515ac13af9
--- /dev/null
+++ b/src/chrome/content/rules/cppc.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="cppc.ca">
+		<target host="cppc.ca" />
+		<target host="www.cppc.ca" />
+
+		<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cppreference.com.xml b/src/chrome/content/rules/cppreference.com.xml
new file mode 100644
index 000000000000..e4341018909f
--- /dev/null
+++ b/src/chrome/content/rules/cppreference.com.xml
@@ -0,0 +1,29 @@
+<ruleset name="cppreference.com">
+	<target host="cppreference.com" />
+	<target host="www.cppreference.com" />
+	<target host="ar.cppreference.com" />
+	<target host="cn.cppreference.com" />
+	<target host="cs.cppreference.com" />
+	<target host="de.cppreference.com" />
+	<target host="en.cppreference.com" />
+	<target host="es.cppreference.com" />
+	<target host="fr.cppreference.com" />
+	<target host="iiwww.cppreference.com" />
+	<target host="ipv6.cppreference.com" />
+	<target host="it.cppreference.com" />
+	<target host="ja.cppreference.com" />
+	<target host="ko.cppreference.com" />
+	<target host="lv.cppreference.com" />
+	<target host="pl.cppreference.com" />
+	<target host="pt.cppreference.com" />
+	<target host="ru.cppreference.com" />
+	<target host="sq.cppreference.com" />
+	<target host="tr.cppreference.com" />
+	<target host="upload.cppreference.com" />
+	<target host="ww.cppreference.com" />
+	<target host="zh.cppreference.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/craftilldawn.com.xml b/src/chrome/content/rules/craftilldawn.com.xml
deleted file mode 100644
index ed4b78307280..000000000000
--- a/src/chrome/content/rules/craftilldawn.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="Craftilldawn.com">
-        <target host="craftilldawn.com" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/crazespaces.pw.xml b/src/chrome/content/rules/crazespaces.pw.xml
index ac84b2d51330..788cf2ada326 100644
--- a/src/chrome/content/rules/crazespaces.pw.xml
+++ b/src/chrome/content/rules/crazespaces.pw.xml
@@ -5,7 +5,7 @@ Fetch error: http://crazespaces.pw/ => https://crazespaces.pw/: (28, 'Connection
 Fetch error: http://www.crazespaces.pw/ => https://www.crazespaces.pw/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="crazespaces.pw" default_off='failed ruleset test'>
+<ruleset name="crazespaces.pw" default_off="failed ruleset test">
 	<target host=    "crazespaces.pw" />
 	<target host="www.crazespaces.pw" />
 
diff --git a/src/chrome/content/rules/crick.ac.uk.xml b/src/chrome/content/rules/crick.ac.uk.xml
index b4d884b82aed..ace45dddd8bf 100644
--- a/src/chrome/content/rules/crick.ac.uk.xml
+++ b/src/chrome/content/rules/crick.ac.uk.xml
@@ -36,7 +36,7 @@
 		- Image on (www.)? from pbs.twimg.com ˢ
 
 		- favicons, on:
-		
+
 			- (www.)? from www.crick.ac.uk ˢ
 			- (www.)? from hts.cancerresearchuk.org
 
diff --git a/src/chrome/content/rules/crimestoppers-uk.org.xml b/src/chrome/content/rules/crimestoppers-uk.org.xml
index ed2cf09a1692..d064c2b36896 100644
--- a/src/chrome/content/rules/crimestoppers-uk.org.xml
+++ b/src/chrome/content/rules/crimestoppers-uk.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://arms.crimestoppers-uk.org/ => https://arms.crimestoppers-uk.org/: (6, 'Could not resolve host: arms.crimestoppers-uk.org')
 
 -->
-<ruleset name="Crimestoppers-UK.org" default_off='failed ruleset test'>
+<ruleset name="Crimestoppers-UK.org" default_off="failed ruleset test">
 
 	<target host="crimestoppers-uk.org" />
 	<target host="arms.crimestoppers-uk.org" />
diff --git a/src/chrome/content/rules/crondash.com.xml b/src/chrome/content/rules/crondash.com.xml
index c86bd00376d3..c36bd6379926 100644
--- a/src/chrome/content/rules/crondash.com.xml
+++ b/src/chrome/content/rules/crondash.com.xml
@@ -9,7 +9,7 @@ c.crondash.com ¹
 
 ¹ mismatch
 -->
-<ruleset name="crondash.com" default_off='failed ruleset test'>
+<ruleset name="crondash.com" default_off="failed ruleset test">
 	<target host="crondash.com" />
 	<target host="www.crondash.com" />
 
diff --git a/src/chrome/content/rules/crossorigin.me.xml b/src/chrome/content/rules/crossorigin.me.xml
deleted file mode 100644
index 327a6ea721cb..000000000000
--- a/src/chrome/content/rules/crossorigin.me.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="crossorigin.me">
-	<target host="crossorigin.me" />
-	<target host="www.crossorigin.me" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/cryptostore.ru.xml b/src/chrome/content/rules/cryptostore.ru.xml
index 02e8bc80c56c..b0f5b73b51a8 100644
--- a/src/chrome/content/rules/cryptostore.ru.xml
+++ b/src/chrome/content/rules/cryptostore.ru.xml
@@ -6,7 +6,7 @@ www.cryptostore.ru non-2xx http code
 <ruleset name="cryptostore.ru">
 	<target host="cryptostore.ru" />
 	<target host="www.cryptostore.ru" />
-	
+
 	<rule from="^http://www\.cryptostore\.ru/"
 		to="https://cryptostore.ru/" />
 
diff --git a/src/chrome/content/rules/cryptovpn.me.xml b/src/chrome/content/rules/cryptovpn.me.xml
deleted file mode 100644
index 1cc00ce068a6..000000000000
--- a/src/chrome/content/rules/cryptovpn.me.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	Mismatch:
-		- support
--->
-<ruleset name="cryptovpn.me">
-	<target host="cryptovpn.me" />
-	<target host="www.cryptovpn.me" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/cubeupload.com.xml b/src/chrome/content/rules/cubeupload.com.xml
index 9820c2864928..a29e50f6cae0 100644
--- a/src/chrome/content/rules/cubeupload.com.xml
+++ b/src/chrome/content/rules/cubeupload.com.xml
@@ -1,13 +1,13 @@
 <!--
 	cubeupload Image Hosting (cubeupload.com)
-	
+
 -->
 <ruleset name="cubeupload">
 	<target host="cubeupload.com" />
 	<target host="www.cubeupload.com" />
 	<target host="u.cubeupload.com" />
 	<target host="blog.cubeupload.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/cublinux.com.xml b/src/chrome/content/rules/cublinux.com.xml
index 9b4f2bc4a6a5..018d18750bd5 100644
--- a/src/chrome/content/rules/cublinux.com.xml
+++ b/src/chrome/content/rules/cublinux.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://cublinux.com/ => https://cublinux.com/: (51, "SSL: no altern
 Fetch error: http://www.cublinux.com/ => https://www.cublinux.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.cublinux.com'")
 
 -->
-<ruleset name="cublinux.com" default_off='failed ruleset test'>
+<ruleset name="cublinux.com" default_off="failed ruleset test">
 	<target host="cublinux.com" />
 	<target host="www.cublinux.com" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/cumbria.gov.uk.xml b/src/chrome/content/rules/cumbria.gov.uk.xml
index 8f778333c241..71ae69e2acd4 100644
--- a/src/chrome/content/rules/cumbria.gov.uk.xml
+++ b/src/chrome/content/rules/cumbria.gov.uk.xml
@@ -42,7 +42,7 @@ Fetch error: http://cumbria.gov.uk/ => https://www.cumbria.gov.uk/: (60, 'SSL ce
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Cumbria.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Cumbria.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/curve.co.uk.xml b/src/chrome/content/rules/curve.co.uk.xml
new file mode 100644
index 000000000000..253cd32babcb
--- /dev/null
+++ b/src/chrome/content/rules/curve.co.uk.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		autoconfig.curve.co.uk
+-->
+<ruleset name="curve.co.uk">
+	<target host="curve.co.uk" />
+	<target host="www.curve.co.uk" />
+	<target host="autodiscover.curve.co.uk" />
+	<target host="cpanel.curve.co.uk" />
+	<target host="mail.curve.co.uk" />
+	<target host="webdisk.curve.co.uk" />
+	<target host="webmail.curve.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cuteness.com.xml b/src/chrome/content/rules/cuteness.com.xml
index cf1dfb458b03..b2d9a8e55f52 100644
--- a/src/chrome/content/rules/cuteness.com.xml
+++ b/src/chrome/content/rules/cuteness.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://support.cuteness.com/ => https://support.cuteness.com/: (6,
 	^cuteness.com: Refused
 
 -->
-<ruleset name="Cuteness.com" default_off='failed ruleset test'>
+<ruleset name="Cuteness.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/cwc.im.xml b/src/chrome/content/rules/cwc.im.xml
new file mode 100644
index 000000000000..529d42fe28bb
--- /dev/null
+++ b/src/chrome/content/rules/cwc.im.xml
@@ -0,0 +1,8 @@
+<ruleset name="cwc.im">
+
+	<target host="cwc.im" />
+	<target host="www.cwc.im" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cwgv.com.tw.xml b/src/chrome/content/rules/cwgv.com.tw.xml
new file mode 100644
index 000000000000..be82c7736481
--- /dev/null
+++ b/src/chrome/content/rules/cwgv.com.tw.xml
@@ -0,0 +1,54 @@
+<!--
+	NXDOMAIN:
+		^cwgv.com.tw
+
+	Expired:
+		test.cwgv.com.tw
+		video.cwgv.com.tw
+		webftp.cwgv.com.tw
+
+	Mismatched:
+		s1.cwgv.com.tw
+		s2.cwgv.com.tw
+		server09.cwgv.com.tw
+
+	Too many redirects:
+		autodiscover.cwgv.com.tw
+		server28.cwgv.com.tw
+		webmail.cwgv.com.tw
+
+	Timeout:
+		ec.cwgv.com.tw
+		fp.cwgv.com.tw
+		ftp.cwgv.com.tw
+		goldftp.cwgv.com.tw
+		hr.cwgv.com.tw
+		live.cwgv.com.tw
+		ma.cwgv.com.tw
+		mail.cwgv.com.tw
+		owa.cwgv.com.tw
+		proxy.cwgv.com.tw
+		reading.cwgv.com.tw
+		reg.cwgv.com.tw
+		ts.cwgv.com.tw
+-->
+<ruleset name="cwgv.com.tw">
+	<target host="www.cwgv.com.tw" />
+	<target host="2016isport.cwgv.com.tw" />
+	<target host="50plus.cwgv.com.tw" />
+	<target host="api.cwgv.com.tw" />
+	<target host="bookzone.cwgv.com.tw" />
+	<target host="future.cwgv.com.tw" />
+	<target host="gfamily.cwgv.com.tw" />
+	<target host="gkids.cwgv.com.tw" />
+	<target host="gvsrc.cwgv.com.tw" />
+	<target host="hbrshop.cwgv.com.tw" />
+	<target host="junior.cwgv.com.tw" />
+	<target host="member.cwgv.com.tw" />
+	<target host="rs.cwgv.com.tw" />
+	<target host="rsapp.cwgv.com.tw" />
+	<target host="shop.cwgv.com.tw" />
+	<target host="tmcc.cwgv.com.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cyberbits.eu.xml b/src/chrome/content/rules/cyberbits.eu.xml
new file mode 100644
index 000000000000..962e55ab1355
--- /dev/null
+++ b/src/chrome/content/rules/cyberbits.eu.xml
@@ -0,0 +1,12 @@
+<ruleset name="cyberbits.eu">
+	<target host="cyberbits.eu" />
+	<target host="deb.cyberbits.eu" />
+	<target host="status.cyberbits.eu" />
+	<target host="coronavirus.cyberbits.eu" />
+	<target host="mirror.cyberbits.eu" />
+	<target host="ntp.cyberbits.eu" />
+	<target host="speedtest.cyberbits.eu" />
+	<target host="torrent.cyberbits.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/cyberciti.biz.xml b/src/chrome/content/rules/cyberciti.biz.xml
new file mode 100644
index 000000000000..c4771b853ee1
--- /dev/null
+++ b/src/chrome/content/rules/cyberciti.biz.xml
@@ -0,0 +1,21 @@
+<!--
+	Refused:
+		feeds.cyberciti.biz
+
+	Timeout:
+		rhel8.cyberciti.biz
+-->
+<ruleset name="cyberciti.biz">
+
+	<target host="cyberciti.biz" />
+	<target host="www.cyberciti.biz" />
+	<target host="bash.cyberciti.biz" />
+	<target host="cms.cyberciti.biz" />
+	<target host="newsletter.cyberciti.biz" />
+	<target host="server1.cyberciti.biz" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/cybrary.it.xml b/src/chrome/content/rules/cybrary.it.xml
deleted file mode 100644
index b098d4a3a644..000000000000
--- a/src/chrome/content/rules/cybrary.it.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- cybrary.it
-		- www.cybrary.it
-		- .www.cybrary.it
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Cybrary.it">
-
-	<target host="cybrary.it" />
-	<target host="www.cybrary.it" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?cybrary\.it$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^\.www\.cybrary\.it$" name="^site_referer$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\.www\." name=".+" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/d3js.org.xml b/src/chrome/content/rules/d3js.org.xml
index 1f89769492b6..ad5b66b151aa 100644
--- a/src/chrome/content/rules/d3js.org.xml
+++ b/src/chrome/content/rules/d3js.org.xml
@@ -9,6 +9,6 @@
 	<target host="d3js.org" />
 	<!-- Perma redirect to non www domain -->
 	<target host="www.d3js.org" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/daemonology.net.xml b/src/chrome/content/rules/daemonology.net.xml
new file mode 100644
index 000000000000..f3e422a44742
--- /dev/null
+++ b/src/chrome/content/rules/daemonology.net.xml
@@ -0,0 +1,5 @@
+<ruleset name="daemonology.net">
+	<target host="daemonology.net" />
+	<target host="www.daemonology.net" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dailystavropol.ru.xml b/src/chrome/content/rules/dailystavropol.ru.xml
deleted file mode 100644
index fac4b60c5351..000000000000
--- a/src/chrome/content/rules/dailystavropol.ru.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<!-- ktulhu. timed out -->
-<ruleset name="dailystavropol.ru">
-	<target host="dailystavropol.ru" />
-	<target host="www.dailystavropol.ru" />
-	<target host="uploads.dailystavropol.ru" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/darebee.com.xml b/src/chrome/content/rules/darebee.com.xml
index 0c66254984de..5b4d6aa687f6 100644
--- a/src/chrome/content/rules/darebee.com.xml
+++ b/src/chrome/content/rules/darebee.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://mail.darebee.com/ => https://mail.darebee.com/: (51, "SSL: n
 		webmail.darebee.com
 
 -->
-<ruleset name="darebee.com" default_off='failed ruleset test'>
+<ruleset name="darebee.com" default_off="failed ruleset test">
 
 	<target host="darebee.com" />
 	<target host="www.darebee.com" />
diff --git a/src/chrome/content/rules/darkwebnews.com.xml b/src/chrome/content/rules/darkwebnews.com.xml
deleted file mode 100644
index a6b0857ea9da..000000000000
--- a/src/chrome/content/rules/darkwebnews.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="darkwebnews.com">
-	<target host="darkwebnews.com" />
-	<target host="www.darkwebnews.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/darlinghq.org.xml b/src/chrome/content/rules/darlinghq.org.xml
new file mode 100644
index 000000000000..4e6882df85dc
--- /dev/null
+++ b/src/chrome/content/rules/darlinghq.org.xml
@@ -0,0 +1,16 @@
+<!--
+        Invalid certificate:
+                packages.darlinghq.org
+
+        Refused:
+                blog.darlinghq.org
+-->
+<ruleset name="darlinghq.org">
+	<target host="darlinghq.org" />
+	<target host="www.darlinghq.org" />
+	<target host="appdb.darlinghq.org" />
+	<target host="swdistcache.darlinghq.org" />
+	<target host="wiki.darlinghq.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/data.gov.au.xml b/src/chrome/content/rules/data.gov.au.xml
index 1d7ae5244e8f..cfa432ebbc21 100644
--- a/src/chrome/content/rules/data.gov.au.xml
+++ b/src/chrome/content/rules/data.gov.au.xml
@@ -9,7 +9,7 @@
 
 -->
 <ruleset name="data.gov.au">
-	
+
 	<target host="data.gov.au" />
 	<target host="www.data.gov.au" />
 	<target host="blog.data.gov.au" />
diff --git a/src/chrome/content/rules/data.gov.hk.xml b/src/chrome/content/rules/data.gov.hk.xml
index 8885a63d529b..2d8d69b88d75 100644
--- a/src/chrome/content/rules/data.gov.hk.xml
+++ b/src/chrome/content/rules/data.gov.hk.xml
@@ -12,7 +12,7 @@
 
 	<rule from="^http://www\.data\.gov\.hk/"
 	to="https://data.gov.hk/" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/data.gov.uk.xml b/src/chrome/content/rules/data.gov.uk.xml
index 888cc923c784..3f5e0d051003 100644
--- a/src/chrome/content/rules/data.gov.uk.xml
+++ b/src/chrome/content/rules/data.gov.uk.xml
@@ -12,7 +12,7 @@
 		- reference ʳ
 		- statistics ᵃ
 		- transport ʳ
-	
+
 	ᵃ Shows another domain
 	ʰ Redirects to http
 	ʳ Refused
diff --git a/src/chrome/content/rules/datadryad.org.xml b/src/chrome/content/rules/datadryad.org.xml
index 7e85cc50cf0e..ec42dabf4881 100644
--- a/src/chrome/content/rules/datadryad.org.xml
+++ b/src/chrome/content/rules/datadryad.org.xml
@@ -2,15 +2,15 @@
 	Refused:
 		api.datadryad.org
 		secundus.datadryad.org
-		
+
 	No working URL known:
 		online.datadryad.org (403)
 		list.datadryad.org (timeout)
 		mailams.datadryad.org (timeout)
-		
+
 	Bad certificate:
 		wiki.datadryad.org
-		
+
 -->
 <ruleset name="Dryad Digital Repository">
 
diff --git a/src/chrome/content/rules/datafile.com-resources.xml b/src/chrome/content/rules/datafile.com-resources.xml
deleted file mode 100644
index 84d530a17bd1..000000000000
--- a/src/chrome/content/rules/datafile.com-resources.xml
+++ /dev/null
@@ -1,41 +0,0 @@
-<!--
-	For rules covering more than resources, see datafiles.com.xml.
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
--->
-<ruleset name="DataFile.com (resources)" platform="mixedcontent">
-
-	<target host="datafile.com" />
-	<target host="www.datafile.com" />
-
-		<exclusion pattern="^http://(?:www\.)?datafile\.com/(?!/*(?:css/|favicon\.ico|fonts/|images/|stylesheet/))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.datafile.com/affiliates.html" />
-			<test url="http://www.datafile.com/help.html" />
-			<test url="http://www.datafile.com/help/contact.html" />
-			<test url="http://www.datafile.com/linkchecker.html" />
-			<test url="http://www.datafile.com/privacy.html" />
-			<test url="http://www.datafile.com/profile/referrals.html" />
-			<!--
-			<test url="http://www.datafile.com/registration.html" />
-			<test url="http://www.datafile.com/resellers.html" />
-			-->
-
-			<!--	-ve:
-					-->
-			<test url="http://www.datafile.com/css/getpremium_new.css" />
-			<test url="http://www.datafile.com/favicon.ico" />
-			<test url="http://www.datafile.com/fonts/helveticaneue-bold/HelveticaNeueCyrBold-webfont.eot" />
-			<test url="http://www.datafile.com/images/icons/recaptcha/captcha_speak.png" />
-			<test url="http://www.datafile.com/stylesheet/bundle_b68b43925235522902d187865fd2888a.css" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/datafile.com.xml b/src/chrome/content/rules/datafile.com.xml
deleted file mode 100644
index 716414165d1d..000000000000
--- a/src/chrome/content/rules/datafile.com.xml
+++ /dev/null
@@ -1,56 +0,0 @@
-<!--
-	For rules covering resources which do not secure
-	mixed content, see datafile.com-resources.xml.
-
--->
-<ruleset name="DataFile.com (partial)">
-
-	<target host="datafile.com" />
-	<target host="www.datafile.com" />
-
-		<!--	Redirects to http:
-						-->
-		<!--exclusion pattern="^http://www\.datafile\.com/(?:$|(?:affiliates|help|help/contact|linkchecker|profile/referrals|registration|resellers)\.html)" /-->
-		<!--
-			Exceptions:
-					-->
-		<!--exclusion pattern="^http://(?:www\.)?datafile\.com/(?!/*(?:css/|favicon\.ico|fonts/|(?:getpremium|login)\.html|images/|stylesheet/))" /-->
-		<!--
-			Reduce non-Tor distinguishability:
-								-->
-		<exclusion pattern="^http://(?:www\.)?datafile\.com/(?!/*(?:getpremium|login)\.html)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www.datafile.com/affiliates.html" />
-			<test url="http://www.datafile.com/help.html" />
-			<test url="http://www.datafile.com/help/contact.html" />
-			<!--
-			<test url="http://www.datafile.com/linkchecker.html" />
-			<test url="http://www.datafile.com/privacy.html" />
-			<test url="http://www.datafile.com/profile/referrals.html" />
-			<test url="http://www.datafile.com/registration.html" />
-			<test url="http://www.datafile.com/resellers.html" />
-			-->
-
-			<!--	-ve:
-					-->
-			<!--
-			<test url="http://www.datafile.com/css/getpremium_new.css" />
-			<test url="http://www.datafile.com/favicon.ico" />
-			<test url="http://www.datafile.com/fonts/helveticaneue-bold/HelveticaNeueCyrBold-webfont.eot" />
-			-->
-			<test url="http://www.datafile.com/getpremium.html" />
-			<!--
-			<test url="http://www.datafile.com/images/icons/recaptcha/captcha_speak.png" />
-			-->
-			<test url="http://www.datafile.com/login.html" />
-			<!--
-			<test url="http://www.datafile.com/stylesheet/bundle_b68b43925235522902d187865fd2888a.css" />
-			-->
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/datamotion.com.xml b/src/chrome/content/rules/datamotion.com.xml
index 4f620cdf5cae..ba2cb9f8adb2 100644
--- a/src/chrome/content/rules/datamotion.com.xml
+++ b/src/chrome/content/rules/datamotion.com.xml
@@ -23,7 +23,7 @@ Fetch error: http://testing.datamotion.com/ => https://testing.datamotion.com/:
 		- testing.datamotion.com
 
 -->
-<ruleset name="DataMotion.com (partial)" default_off='failed ruleset test'>
+<ruleset name="DataMotion.com (partial)" default_off="failed ruleset test">
 
 	<target host="monitoring.datamotion.com" />
 	<target host="otrs.datamotion.com" />
diff --git a/src/chrome/content/rules/datinglab.net.xml b/src/chrome/content/rules/datinglab.net.xml
index b4d3a50c5c2c..6c8731422002 100644
--- a/src/chrome/content/rules/datinglab.net.xml
+++ b/src/chrome/content/rules/datinglab.net.xml
@@ -13,12 +13,12 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- secure from $self ˢ
 			- secure2 from is.i2.datinglab.net ˢ
 
 		- Images, on:
-		
+
 			- (www.)? from www.datinglab.net
 			- secure from $self ˢ
 			- secure2 from is.i2.datinglab.net ˢ
@@ -40,7 +40,7 @@
 		<!--	Not all paths are equivalent.
 							-->
 		<exclusion pattern="^http://is\.i2\.datinglab\.net/(?!/*(?:css|pht/\d+|pics)/)" />
-	
+
 			<!--	+ve:
 					-->
 			<test url="http://is.i2.datinglab.net/js/functions.r20597.js" />
@@ -49,7 +49,7 @@
 			<test url="http://is.i2.datinglab.net/js/vendor/modernizr/modernizr-latest.min.js" />
 			<test url="http://is.i2.datinglab.net/js/vendor/ng-responsive-tables/ng_responsive_tables.js" />
 			<test url="http://is.i2.datinglab.net/js/vendor/select2/select2.min.js" />
-	
+
 			<!--	-ve:
 					-->
 			<test url="http://is.i2.datinglab.net/css/i2/14.r22706.css" />
diff --git a/src/chrome/content/rules/daum.net.xml b/src/chrome/content/rules/daum.net.xml
new file mode 100644
index 000000000000..d1db3abee24f
--- /dev/null
+++ b/src/chrome/content/rules/daum.net.xml
@@ -0,0 +1,44 @@
+<!--
+	daum.net
+
+	Other Daum rulesets:
+
+		- DaumCDN.net.xml
+-->
+<ruleset name="daum.net">
+
+	<target host="daum.net"/>
+	<target host="search.daum.net"/>
+	<target host="m.search.daum.net"/>
+	<target host="v.daum.net"/>
+	<target host="www.daum.net"/>
+	<target host="m.daum.net"/>
+	<target host="m.mail.daum.net"/>
+	<target host="cafe.daum.net"/>
+	<target host="top.cafe.daum.net"/>
+	<target host="m.cafe.daum.net"/>
+	<target host="news.daum.net"/>
+	<target host="news.v.daum.net"/>
+	<target host="entertain.daum.net"/>
+	<target host="entertain.v.daum.net"/>
+	<target host="sports.daum.net"/>
+	<target host="sports.v.daum.net"/>
+	<target host="auto.daum.net"/>
+	<target host="auto.v.daum.net"/>
+	<target host="logins.daum.net"/>
+	<target host="finance.daum.net"/>
+	<target host="m.finance.daum.net"/>
+	<target host="blog.daum.net"/>
+	<target host="dic.daum.net"/>
+	<target host="pathofexile.game.daum.net"/>
+	<target host="elyon.game.daum.net"/>
+	<target host="pubg.game.daum.net"/>
+	<target host="realty.daum.net"/>
+	<target host="m.realty.daum.net"/>
+	<target host="100.daum.net"/>
+	<target host="wordbook.daum.net"/>
+	<target host="track.tiara.daum.net"/>
+
+	<rule from="^http:" to="https:"/>
+
+</ruleset>
diff --git a/src/chrome/content/rules/david-dm.org.xml b/src/chrome/content/rules/david-dm.org.xml
index 0bc9d0d03dd8..17ca29fe7187 100644
--- a/src/chrome/content/rules/david-dm.org.xml
+++ b/src/chrome/content/rules/david-dm.org.xml
@@ -4,7 +4,7 @@ www.david-dm.org mismatch
 <ruleset name="david-dm.org">
 	<target host="david-dm.org" />
 	<target host="www.david-dm.org" />
-	
+
 	<rule from="^http://www\.david-dm\.org/"
 		to="https://david-dm.org/" />
 
diff --git a/src/chrome/content/rules/davidperkinsphotography.com.xml b/src/chrome/content/rules/davidperkinsphotography.com.xml
new file mode 100644
index 000000000000..69cc693b3477
--- /dev/null
+++ b/src/chrome/content/rules/davidperkinsphotography.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Invalid certificate:
+		apps.davidperkinsphotography.com
+		blog.davidperkinsphotography.com
+		ftp.davidperkinsphotography.com
+		mail.davidperkinsphotography.com
+		p39je7f36m9ddeeeewb6.davidperkinsphotography.com
+		prints.davidperkinsphotography.com
+-->
+<ruleset name="davidperkinsphotography.com">
+	<target host="davidperkinsphotography.com" />
+	<target host="www.davidperkinsphotography.com" />
+	<target host="cpanel.davidperkinsphotography.com" />
+	<target host="cpcalendars.davidperkinsphotography.com" />
+	<target host="cpcontacts.davidperkinsphotography.com" />
+	<target host="webdisk.davidperkinsphotography.com" />
+
+	<rule from="^http://davidperkinsphotography\.com/" to="https://www.davidperkinsphotography.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dbq.edu.xml b/src/chrome/content/rules/dbq.edu.xml
new file mode 100644
index 000000000000..4ccf18b73c8c
--- /dev/null
+++ b/src/chrome/content/rules/dbq.edu.xml
@@ -0,0 +1,93 @@
+<!--
+	HTTPS != HTTP:
+		dbq.edu
+
+	Invalid certificate:
+		alumni.dbq.edu
+		cpanel.dbq.edu
+		email.dbq.edu
+		enterpriseenrollment.dbq.edu
+		enterpriseregistration.dbq.edu
+		idp.dbq.edu
+		lyncdiscover.dbq.edu
+		msoid.dbq.edu
+		mycampus.dbq.edu
+		pac1.dbq.edu
+		pac2.dbq.edu
+		sip.dbq.edu
+		udgoldmine.dbq.edu
+
+	Non-2xx HTTP code:
+		maxient.dbq.edu
+
+	Refused:
+		_sip._tls.dbq.edu
+		am.dbq.edu
+		ats.dbq.edu
+		autodiscover.dbq.edu
+		bookstore.dbq.edu
+		cgimdata.dbq.edu
+		cgim.dbq.edu
+		dart.dbq.edu
+		facdata.dbq.edu
+		hlc.dbq.edu
+		studata.dbq.edu
+		autodiscover.test.dbq.edu
+		uddata.dbq.edu
+
+	Time out:
+		adc.dbq.edu
+		app3.dbq.edu
+		application3.dbq.edu
+		application4.dbq.edu
+		cis.dbq.edu
+		cmedia.dbq.edu
+		fed2.dbq.edu
+		fedora.dbq.edu
+		firewall.dbq.edu
+		gve.dbq.edu
+		mailfilter.dbq.edu
+		mailfilter2.dbq.edu
+		ns1.dbq.edu
+		pop3.dbq.edu
+		pressbooks.dbq.edu
+		rw.dbq.edu
+		scan.dbq.edu
+		smtp.dbq.edu
+		smtp2.dbq.edu
+		spam.dbq.edu
+		udwindir.dbq.edu
+		video.dbq.edu
+		vpn.dbq.edu
+		webhost.dbq.edu
+
+	Unable to get local issuer certificate:
+		ezproxy.dbq.edu
+		www.ezproxy.dbq.edu
+		mobile.dbq.edu
+-->
+<ruleset name="dbq.edu">
+	<target host="www.dbq.edu" />
+	<target host="cp2.dbq.edu" />
+	<target host="data.dbq.edu" />
+	<target host="digitalud.dbq.edu" />
+	<target host="digitalud-cp.dbq.edu" />
+	<target host="digitalud-dev.dbq.edu" />
+	<target host="ensuringthefuture.dbq.edu" />
+	<target host="intranet.dbq.edu" />
+	<target host="libguides.dbq.edu" />
+	<target host="library.dbq.edu" />
+	<target host="lifeahead.dbq.edu" />
+	<target host="lifeaheadcr.dbq.edu" />
+	<target host="media.dbq.edu" />
+	<target host="my.dbq.edu" />
+	<target host="pfaids.dbq.edu" />
+	<target host="people.dbq.edu" />
+	<target host="tempe.dbq.edu" />
+	<target host="www.tempe.dbq.edu" />
+	<target host="udonline.dbq.edu" />
+	<target host="udts.dbq.edu" />
+	<target host="wendt.dbq.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dc121677.com.xml b/src/chrome/content/rules/dc121677.com.xml
deleted file mode 100644
index cf5fab678a42..000000000000
--- a/src/chrome/content/rules/dc121677.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="dc121677.com">
-
-	<target host="d.dc121677.com" />
-
-		<!--	$ 403s, so:
-					-->
-		<test url="http://d.dc121677.com/js/pub.js" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/dcerpc.org.xml b/src/chrome/content/rules/dcerpc.org.xml
index 0ee51e93d769..f66853eb5da2 100644
--- a/src/chrome/content/rules/dcerpc.org.xml
+++ b/src/chrome/content/rules/dcerpc.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.dcerpc.org/ => https://www.dcerpc.org/: (51, "SSL: no al
 Fetch error: http://dcerpc.org/ => https://www.dcerpc.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.dcerpc.org'")
 
 -->
-<ruleset name="DCERPC" default_off='failed ruleset test'>
+<ruleset name="DCERPC" default_off="failed ruleset test">
   <target host="www.dcerpc.org" />
   <target host="dcerpc.org" />
 
diff --git a/src/chrome/content/rules/dcmuseum.co.uk.xml b/src/chrome/content/rules/dcmuseum.co.uk.xml
new file mode 100644
index 000000000000..20584946813a
--- /dev/null
+++ b/src/chrome/content/rules/dcmuseum.co.uk.xml
@@ -0,0 +1,7 @@
+<ruleset name="dcmuseum.co.uk">
+	<target host="dcmuseum.co.uk" />
+	<target host="www.dcmuseum.co.uk" />
+
+	<rule from="^http://www\.dcmuseum\.co\.uk/" to="https://dcmuseum.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dct.org.uk.xml b/src/chrome/content/rules/dct.org.uk.xml
deleted file mode 100644
index f4028e737a07..000000000000
--- a/src/chrome/content/rules/dct.org.uk.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	Insecure cookies are set for these hosts:
-
-		- dct.org.uk
-		- www.dct.org.uk
-
--->
-<ruleset name="DCT.org.uk">
-
-	<target host="dct.org.uk" />
-	<target host="www.dct.org.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?dct\.org\.uk$" name="^(?:ASP\.NET_SessionId|AuthCookie)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ddcdn.xml b/src/chrome/content/rules/ddcdn.xml
index dd3d56e8761a..e21e43bf737b 100644
--- a/src/chrome/content/rules/ddcdn.xml
+++ b/src/chrome/content/rules/ddcdn.xml
@@ -4,7 +4,7 @@
 	-->
 	<target host="cc.ddcdn.com"/>
 	<target host="ccm.ddcdn.com"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/deSEC.xml b/src/chrome/content/rules/deSEC.xml
index 935cf51eee5a..4e4be36f26a0 100644
--- a/src/chrome/content/rules/deSEC.xml
+++ b/src/chrome/content/rules/deSEC.xml
@@ -10,7 +10,7 @@ Fetch error: http://checkip6.dedyn.io/ => https://checkip6.dedyn.io/: (6, 'Could
     * *.dedyn.io are user-generated domains with user content, so they do not
       have to support HTTPS there.
 -->
-<ruleset name="deSEC" default_off='failed ruleset test'>
+<ruleset name="deSEC" default_off="failed ruleset test">
   <target host="dedyn.io" />
   <target host="www.dedyn.io" />
   <target host="update.dedyn.io" />
diff --git a/src/chrome/content/rules/dealinteractive.com.xml b/src/chrome/content/rules/dealinteractive.com.xml
index 402d98445f40..1c85df777f39 100644
--- a/src/chrome/content/rules/dealinteractive.com.xml
+++ b/src/chrome/content/rules/dealinteractive.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://securetrial.dealinteractive.com/ => https://securetrial.deal
 	(www.)?dealinteractive.com: server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Deal Interactive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Deal Interactive.com (partial)" default_off="failed ruleset test">
 
 	<!--target host="dealinteractive.com" /-->
 	<target host="secure.dealinteractive.com" />
diff --git a/src/chrome/content/rules/debenhams.com.xml b/src/chrome/content/rules/debenhams.com.xml
index 4dad1ca7b0a2..693b58252be1 100644
--- a/src/chrome/content/rules/debenhams.com.xml
+++ b/src/chrome/content/rules/debenhams.com.xml
@@ -51,7 +51,7 @@ Fetch error: http://images.e.debenhams.com/ => https://images.e.debenhams.com/:
 		- css on www from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- pages.e from image.e.debenhams.com ˢ
 			- www from $self ˢ
 			- www from debenhams.scene7.com
@@ -59,7 +59,7 @@ Fetch error: http://images.e.debenhams.com/ => https://images.e.debenhams.com/:
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Debenhams.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Debenhams.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/deborahrfowler.com.xml b/src/chrome/content/rules/deborahrfowler.com.xml
new file mode 100644
index 000000000000..c314a7b8faf1
--- /dev/null
+++ b/src/chrome/content/rules/deborahrfowler.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ftp.deborahrfowler.com
+
+	Refused:
+		localhost.deborahrfowler.com
+-->
+<ruleset name="deborahrfowler.com">
+	<target host="deborahrfowler.com" />
+	<target host="www.deborahrfowler.com" />
+	<target host="autodiscover.deborahrfowler.com" />
+	<target host="cpanel.deborahrfowler.com" />
+	<target host="mail.deborahrfowler.com" />
+	<target host="webdisk.deborahrfowler.com" />
+	<target host="webmail.deborahrfowler.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/debugconnection.xml b/src/chrome/content/rules/debugconnection.xml
new file mode 100644
index 000000000000..487cf0c829e3
--- /dev/null
+++ b/src/chrome/content/rules/debugconnection.xml
@@ -0,0 +1,6 @@
+<ruleset name="debugconnection.com">
+        <target host="debugconnection.com" />
+        <target host="www.debugconnection.com" />
+
+        <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/decc.gov.uk.xml b/src/chrome/content/rules/decc.gov.uk.xml
index e6ef8aae2ee8..183ea1247483 100644
--- a/src/chrome/content/rules/decc.gov.uk.xml
+++ b/src/chrome/content/rules/decc.gov.uk.xml
@@ -76,7 +76,7 @@ Fetch error: http://econsultation.decc.gov.uk/ => https://econsultation.decc.gov
 		- gdorb.decc.gov.uk
 
 -->
-<ruleset name="DECC.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="DECC.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/dei.gr.xml b/src/chrome/content/rules/dei.gr.xml
index 8378494414c1..8f3f3def010a 100644
--- a/src/chrome/content/rules/dei.gr.xml
+++ b/src/chrome/content/rules/dei.gr.xml
@@ -2,7 +2,7 @@
 	<target host="elearning.dei.gr" />
 	<target host="sapwasrmprd.dei.gr" />
 	<target host="www.dei.gr" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/dellin.ru.xml b/src/chrome/content/rules/dellin.ru.xml
index dfcd8fac103f..772dd746097d 100644
--- a/src/chrome/content/rules/dellin.ru.xml
+++ b/src/chrome/content/rules/dellin.ru.xml
@@ -3,15 +3,14 @@
 	<target host="*.dellin.ru" />
 	<securecookie host="(.+\.)?dellin\.ru$" name=".+" />
 	<rule from="^http:" to="https:" />
-	
+
 	<exclusion pattern="^http://m\.dellin\.ru/.*" />
-	
-	<test url="http://dellin.ru/" />
+
 	<test url="http://www.dellin.ru/" />
-	
+
 	<test url="http://m.dellin.ru/" />
 	<test url="http://m.dellin.ru/tracker" />
-	
+
 	<test url="http://abakan.dellin.ru/" />
 	<test url="http://adler.dellin.ru/" />
 	<test url="http://angarsk.dellin.ru/" />
diff --git a/src/chrome/content/rules/democracyclub.org.uk.xml b/src/chrome/content/rules/democracyclub.org.uk.xml
index f3d4046aec4b..41d27edbf17a 100644
--- a/src/chrome/content/rules/democracyclub.org.uk.xml
+++ b/src/chrome/content/rules/democracyclub.org.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.democracyclub.org.uk/ => https://www.democracyclub.org.uk/: (52, 'Empty reply from server')
 
 -->
-<ruleset name="Democracy Club.org.uk" default_off='failed ruleset test'>
+<ruleset name="Democracy Club.org.uk" default_off="failed ruleset test">
 
 	<target host="democracyclub.org.uk" />
 	<target host="candidates.democracyclub.org.uk" />
diff --git a/src/chrome/content/rules/democracyos.org.xml b/src/chrome/content/rules/democracyos.org.xml
index b8a50e254fc3..13d24b2e4f90 100644
--- a/src/chrome/content/rules/democracyos.org.xml
+++ b/src/chrome/content/rules/democracyos.org.xml
@@ -11,7 +11,7 @@ docs.democracyos.org ¹
 
 ¹ mismatch
 -->
-<ruleset name="democracyos.org (partial)" default_off='failed ruleset test'>
+<ruleset name="democracyos.org (partial)" default_off="failed ruleset test">
 	<target host="app.democracyos.org" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/demonoid.cc.xml b/src/chrome/content/rules/demonoid.cc.xml
index 74f83e73d20b..26fcd9c0c75b 100644
--- a/src/chrome/content/rules/demonoid.cc.xml
+++ b/src/chrome/content/rules/demonoid.cc.xml
@@ -10,7 +10,7 @@ inferno.demonoid.cc ²
 
 ² refused
 -->
-<ruleset name="demonoid.cc" default_off='failed ruleset test'>
+<ruleset name="demonoid.cc" default_off="failed ruleset test">
 	<target host="demonoid.cc" />
 	<target host="www.demonoid.cc" />
 	<target host="fora.demonoid.cc" />
diff --git a/src/chrome/content/rules/deploybot.com.xml b/src/chrome/content/rules/deploybot.com.xml
index c575a8c744de..d11c9aac786c 100644
--- a/src/chrome/content/rules/deploybot.com.xml
+++ b/src/chrome/content/rules/deploybot.com.xml
@@ -11,14 +11,14 @@ dploy.io/: (52, 'Empty reply from server')
 support.dploy.io mismatch
 blog.dploy.io mismatch
 -->
-<ruleset name="deploybot.com" default_off='failed ruleset test'>
+<ruleset name="deploybot.com" default_off="failed ruleset test">
 	<target host="deploybot.com" />
 	<target host="www.deploybot.com" />
 	<target host="login.deploybot.com" />
 	<target host="signup.deploybot.com" />
 	<target host="dploy.io" />
 	<target host="www.dploy.io" />
-	
+
 	<rule from="^http://dploy\.io/"
 		to="https://www.dploy.io/" />
 
diff --git a/src/chrome/content/rules/derstandard.at.xml b/src/chrome/content/rules/derstandard.at.xml
index 59aae490036d..c35bc5777c47 100644
--- a/src/chrome/content/rules/derstandard.at.xml
+++ b/src/chrome/content/rules/derstandard.at.xml
@@ -15,7 +15,7 @@
 
 	<rule from="^http:"
 		to="https:" />
-	
+
 	<test url="http://derstandard.at/ajax/bottomnavinfo.ashx" />
 	<test url="http://mobil.derstandard.at/ajax/bottomnavinfo.ashx" />
 	<test url="http://www.derstandard.at/ajax/bottomnavinfo.ashx" />
diff --git a/src/chrome/content/rules/detini.gov.uk.xml b/src/chrome/content/rules/detini.gov.uk.xml
index d18439db451d..ac43c05c2b21 100644
--- a/src/chrome/content/rules/detini.gov.uk.xml
+++ b/src/chrome/content/rules/detini.gov.uk.xml
@@ -20,7 +20,7 @@ Fetch error: http://detini.gov.uk/ => https://www.detini.gov.uk/: (7, 'Failed to
 
 		- ^ ᶠ
 		- www.business ᵉ
-	
+
 	ᵉ Expired
 	ᶠ Handshake fails; preemptable redirect
 
@@ -31,7 +31,7 @@ Fetch error: http://detini.gov.uk/ => https://www.detini.gov.uk/: (7, 'Failed to
 		- insolvency.detini.gov.uk
 
 -->
-<ruleset name="DETI NI.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="DETI NI.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/deutschland-spielt.de.xml b/src/chrome/content/rules/deutschland-spielt.de.xml
index 54225b32227f..e966132b7432 100644
--- a/src/chrome/content/rules/deutschland-spielt.de.xml
+++ b/src/chrome/content/rules/deutschland-spielt.de.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.deutschland-spielt.de/ => https://www.deutschland-spielt
 	Refused:
 		- download.deutschland-spielt.de
 -->
-<ruleset name="deutschland-spielt.de" default_off='failed ruleset test'>
+<ruleset name="deutschland-spielt.de" default_off="failed ruleset test">
 	<target host="deutschland-spielt.de"/>
 	<target host="www.deutschland-spielt.de"/>
 
diff --git a/src/chrome/content/rules/dev47apps.com.xml b/src/chrome/content/rules/dev47apps.com.xml
new file mode 100644
index 000000000000..251cd0574827
--- /dev/null
+++ b/src/chrome/content/rules/dev47apps.com.xml
@@ -0,0 +1,46 @@
+<!--
+	Fetch error: http://araratauto.dev47apps.com/ => https://araratauto.dev47apps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'araratauto.dev47apps.com'")
+	Fetch error: http://gevorgcpa.dev47apps.com/ => https://gevorgcpa.dev47apps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'gevorgcpa.dev47apps.com'")
+	Fetch error: http://jan.dev47apps.com/ => https://jan.dev47apps.com/: (51, "SSL: no alternative certificate subject name matches target host name 'jan.dev47apps.com'")
+
+	Invalid certificate:
+		www.araratauto.dev47apps.com
+		autodiscover.araratauto.dev47apps.com
+		webmail.araratauto.dev47apps.com
+		autodiscover.dev47apps.com
+		www.dev47appsnet.dev47apps.com
+		autodiscover.dev47appsnet.dev47apps.com
+		webmail.dev47appsnet.dev47apps.com
+		ftp.dev47apps.com
+		www.gevorgcpa.dev47apps.com
+		webmail.gevorgcpa.dev47apps.com
+		www.jan.dev47apps.com
+		autodiscover.jan.dev47apps.com
+		webmail.jan.dev47apps.com
+		www.translate.dev47apps.com
+		autodiscover.translate.dev47apps.com
+		webmail.translate.dev47apps.com
+		www.ufixit.dev47apps.com
+		autodiscover.ufixit.dev47apps.com
+		webmail.ufixit.dev47apps.com
+
+	Refused:
+		localhost.dev47apps.com
+
+	Redirect to HTTP:
+		dev47appsnet.dev47apps.com
+		ufixit.dev47apps.com
+-->
+<ruleset name="dev47apps.com">
+	<target host="dev47apps.com" />
+	<target host="www.dev47apps.com" />
+	<target host="cpanel.dev47apps.com" />
+	<target host="mail.dev47apps.com" />
+	<target host="cpcalendars.dev47apps.com" />
+	<target host="cpcontacts.dev47apps.com" />
+	<target host="translate.dev47apps.com" />
+	<target host="webdisk.dev47apps.com" />
+	<target host="webmail.dev47apps.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/devalate.com.xml b/src/chrome/content/rules/devalate.com.xml
index 708661f2f54a..7c79dcfed39a 100644
--- a/src/chrome/content/rules/devalate.com.xml
+++ b/src/chrome/content/rules/devalate.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.devalate.com/ => https://www.devalate.com/: (28, 'Connec
 		- www.devalate.com
 
 -->
-<ruleset name="Devalate.com" default_off='failed ruleset test'>
+<ruleset name="Devalate.com" default_off="failed ruleset test">
 
 	<target host="devalate.com" />
 	<target host="www.devalate.com" />
diff --git a/src/chrome/content/rules/develop100.com.xml b/src/chrome/content/rules/develop100.com.xml
deleted file mode 100644
index 432c7fcf7691..000000000000
--- a/src/chrome/content/rules/develop100.com.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	For other NewsBay Media coverage, see Intent-Media.xml.
-
-
-	(www.)?develop100.com: Shows default page
-
--->
-<ruleset name="Develop 100.com">
-
-	<target host="develop100.com" />
-	<target host="www.develop100.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<!--	Redirect drops path and forward
-		slash, but not args:
-					-->
-	<rule from="^http://(?:www\.)?develop100\.com/[^?]*"
-		to="https://www.develop-online.net/develop-100" />
-
-		<test url="http://www.develop100.com/index.htm" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/dhbw-mannheim.de.xml b/src/chrome/content/rules/dhbw-mannheim.de.xml
index a1af54a624e4..2333e24e7a92 100644
--- a/src/chrome/content/rules/dhbw-mannheim.de.xml
+++ b/src/chrome/content/rules/dhbw-mannheim.de.xml
@@ -59,7 +59,7 @@
 	<target host="studgate.dhbw-mannheim.de"/>
 	<target host="studyup.dhbw-mannheim.de"/>
 	<target host="vorlesungsplan.dhbw-mannheim.de"/>
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
diff --git a/src/chrome/content/rules/dhi-scotland.com.xml b/src/chrome/content/rules/dhi-scotland.com.xml
index 8302db472445..24f2a1745f54 100644
--- a/src/chrome/content/rules/dhi-scotland.com.xml
+++ b/src/chrome/content/rules/dhi-scotland.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://www.dhi-scotland.com/ => https://www.dhi-scotland.com/: (51,
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="DHI-scotland.com" default_off='failed ruleset test'>
+<ruleset name="DHI-scotland.com" default_off="failed ruleset test">
 
 	<target host="dhi-scotland.com" />
 	<target host="*.dhi-scotland.com" />
diff --git a/src/chrome/content/rules/dhsspsni.gov.uk.xml b/src/chrome/content/rules/dhsspsni.gov.uk.xml
index 0b6c15e8eb44..d92e106a7b0e 100644
--- a/src/chrome/content/rules/dhsspsni.gov.uk.xml
+++ b/src/chrome/content/rules/dhsspsni.gov.uk.xml
@@ -24,7 +24,7 @@ Fetch error: http://dhsspsni.gov.uk/ => https://www.dhsspsni.gov.uk/: (7, 'Faile
 		- .dhsspsni.gov.uk
 
 -->
-<ruleset name="DHSSPS NI.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="DHSSPS NI.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/dianping.com.xml b/src/chrome/content/rules/dianping.com.xml
index d601cc81c949..f0c367cad6fb 100644
--- a/src/chrome/content/rules/dianping.com.xml
+++ b/src/chrome/content/rules/dianping.com.xml
@@ -1,40 +1,33 @@
 <!--
-
 	Related:	dpfile.com.xml
 
 	Mismatch:
-		^
-		android
 		blog	( redirect to weibo.com/dzdp )
 		campus
 		careers
 		dpindex
-		jh
-		join
-		maoyan
-		tpl
-		
-		^dpurl.cn
-
-	MCB:
-		www	（break to pop up http://map.qq.com/api/ ）
-		h5
-		m
-		
 -->
-
 <ruleset name="dianping.com (partial)">
-
+	<target host="dianping.com" />
+	<target host="www.dianping.com" />
+	<target host="android.dianping.com" />
 	<target host="b.dianping.com" />
 	<target host="e.dianping.com" />
 	<target host="events.dianping.com" />
+	<target host="h5.dianping.com" />
 	<target host="hls.dianping.com" />
+	<target host="jh.dianping.com" />
+	<target host="join.dianping.com" />
 	<target host="kf.dianping.com" />
+	<target host="m.dianping.com" />
+	<target host="maoyan.dianping.com" />
 	<target host="mlog.dianping.com" />
 	<target host="nugget.dianping.com" />
 	<target host="s.dianping.com" />
 	<target host="t.dianping.com" />
+	<target host="tpl.dianping.com" />
 
-	<rule from="^http:" to="https:" />
+	<target host="dpurl.cn" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/die-neue-welle.de.xml b/src/chrome/content/rules/die-neue-welle.de.xml
new file mode 100644
index 000000000000..c0f0df33517e
--- /dev/null
+++ b/src/chrome/content/rules/die-neue-welle.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Connection closed:
+		www.jobs.die-neue-welle.de
+		xyz.die-neue-welle.de
+
+	Invalid certificate:
+		2015.die-neue-welle.de
+		live.die-neue-welle.de
+
+	Timeout:
+		owa.die-neue-welle.de
+-->
+<ruleset name="die-neue-welle.de">
+
+	<target host="die-neue-welle.de" />
+	<target host="www.die-neue-welle.de" />
+	<target host="jobs.die-neue-welle.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/difficulties.de.xml b/src/chrome/content/rules/difficulties.de.xml
deleted file mode 100644
index f109c38a4fce..000000000000
--- a/src/chrome/content/rules/difficulties.de.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="difficulties.de">
-
-	<target host="difficulties.de" />
-	<target host="www.difficulties.de" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/digidip.net.xml b/src/chrome/content/rules/digidip.net.xml
new file mode 100644
index 000000000000..18e0ed9574f8
--- /dev/null
+++ b/src/chrome/content/rules/digidip.net.xml
@@ -0,0 +1,134 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Non-2xx HTTP code:
+		- puppet5.digidip.net
+
+	SSL: no alternative certificate subject name matches target host name:
+		- www.files.digidip.net
+		- ftp.digidip.net
+		- www.ftp.digidip.net
+		- www.premium.digidip.net
+		- www.static.digidip.net
+
+	Timeout:
+		- db.backup.publisher.digidip.net
+-->
+<ruleset name="digidip.net">
+
+	<target host="digidip.net" />
+	<target host="4ic.digidip.net" />
+	<target host="amazedmag.digidip.net" />
+	<target host="androidpit-br.digidip.net" />
+	<target host="androidpit-es.digidip.net" />
+	<target host="androidpit-fr.digidip.net" />
+	<target host="audio.digidip.net" />
+	<target host="bekleidet.digidip.net" />
+	<target host="beta1.digidip.net" />
+	<target host="beta2.digidip.net" />
+	<target host="beta3.digidip.net" />
+	<target host="bild.digidip.net" />
+	<target host="br.digidip.net" />
+	<target host="bronzingeyes.digidip.net" />
+	<target host="ccm.digidip.net" />
+	<target host="cheaperia.digidip.net" />
+	<target host="chillmo.digidip.net" />
+	<target host="chip.digidip.net" />
+	<target host="chollo-to.digidip.net" />
+	<target host="chollometro.digidip.net" />
+	<target host="colorfoto.digidip.net" />
+	<target host="commentcamarche.digidip.net" />
+	<target host="computerbild-forum.digidip.net" />
+	<target host="computeridee.digidip.net" />
+	<target host="computertotaal.digidip.net" />
+	<target host="connect.digidip.net" />
+	<target host="connectedhome.digidip.net" />
+	<target host="couponchief.digidip.net" />
+	<target host="de-ccm.digidip.net" />
+	<target host="dealabs.digidip.net" />
+	<target host="elastic.digidip.net" />
+	<target host="elitepvpers.digidip.net" />
+	<target host="elle-fr.digidip.net" />
+	<target host="es-ccm.digidip.net" />
+	<target host="files.digidip.net" />
+	<target host="finnkupongkoder.digidip.net" />
+	<target host="flynous.digidip.net" />
+	<target host="fok.digidip.net" />
+	<target host="forum.digidip.net" />
+	<target host="forum-fok.digidip.net" />
+	<target host="forumde.digidip.net" />
+	<target host="forums-futura-sciences.digidip.net" />
+	<target host="forumscnetfrance.digidip.net" />
+	<target host="fotocommunity.digidip.net" />
+	<target host="gentside.digidip.net" />
+	<target host="gutefrage.digidip.net" />
+	<target host="hardware.digidip.net" />
+	<target host="hauptstadtmuttide.digidip.net" />
+	<target host="holidaypirates.digidip.net" />
+	<target host="hotukdeals.digidip.net" />
+	<target host="importer-beta.digidip.net" />
+	<target host="informatiweb.digidip.net" />
+	<target host="jetzt.digidip.net" />
+	<target host="jeuxvideo.digidip.net" />
+	<target host="journaldunet.digidip.net" />
+	<target host="kleiderkreisel.digidip.net" />
+	<target host="ledemondujeu.digidip.net" />
+	<target host="lefigaro-fr.digidip.net" />
+	<target host="link-checker.digidip.net" />
+	<target host="linternaute.digidip.net" />
+	<target host="linternautefr.digidip.net" />
+	<target host="m3-idg.digidip.net" />
+	<target host="marieclaire-fr.digidip.net" />
+	<target host="mashasedgwick.digidip.net" />
+	<target host="michollo.digidip.net" />
+	<target host="moins-depenser.digidip.net" />
+	<target host="motor-talk.digidip.net" />
+	<target host="mountainbike.digidip.net" />
+	<target host="mydealz.digidip.net" />
+	<target host="netzwelt.digidip.net" />
+	<target host="nl-pepper.digidip.net" />
+	<target host="pc-infopratique.digidip.net" />
+	<target host="pcmagazin.digidip.net" />
+	<target host="pcworld-couponcodes.digidip.net" />
+	<target host="pcworld-es.digidip.net" />
+	<target host="pelando.digidip.net" />
+	<target host="pg.digidip.net" />
+	<target host="pgstatic.digidip.net" />
+	<target host="phonandroid.digidip.net" />
+	<target host="piratinviaggio.digidip.net" />
+	<target host="piucodicisconto.digidip.net" />
+	<target host="pl-pepper.digidip.net" />
+	<target host="planetenumerique.digidip.net" />
+	<target host="playpennies.digidip.net" />
+	<target host="pocketpc.digidip.net" />
+	<target host="premium.digidip.net" />
+	<target host="promodescuentos.digidip.net" />
+	<target host="qa-sonarqube.digidip.net" />
+	<target host="rtt-hook.digidip.net" />
+	<target host="schieb.digidip.net" />
+	<target host="search.digidip.net" />
+	<target host="smart-shopping.digidip.net" />
+	<target host="sparheld.digidip.net" />
+	<target host="stadtbremerhaven.digidip.net" />
+	<target host="static.digidip.net" />
+	<target host="symbaloo.digidip.net" />
+	<target host="talk.digidip.net" />
+	<target host="tomshw.digidip.net" />
+	<target host="up-trustedreviews.digidip.net" />
+	<target host="urlaubspiraten.digidip.net" />
+	<target host="vakantiepiraten.digidip.net" />
+	<target host="video.digidip.net" />
+	<target host="vinted.digidip.net" />
+	<target host="visit.digidip.net" />
+	<target host="voucherbox.digidip.net" />
+	<target host="webgears.digidip.net" />
+	<target host="winfuture.digidip.net" />
+	<target host="winfuture-forum.digidip.net" />
+	<target host="wmp-forumde.digidip.net" />
+	<target host="wykop.digidip.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/digip.org.xml b/src/chrome/content/rules/digip.org.xml
new file mode 100644
index 000000000000..6a30817e2351
--- /dev/null
+++ b/src/chrome/content/rules/digip.org.xml
@@ -0,0 +1,5 @@
+<ruleset name="digip.org">
+	<target host="digip.org" />
+	<target host="www.digip.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dinglisch.net.xml b/src/chrome/content/rules/dinglisch.net.xml
index 27d626cccf2a..625631eb34ee 100644
--- a/src/chrome/content/rules/dinglisch.net.xml
+++ b/src/chrome/content/rules/dinglisch.net.xml
@@ -1,5 +1,5 @@
 <!--
-	Remark: *.dinglisch.net has a expired certificate as of Feb 2017
+	Remark: *.dinglisch.net has an expired certificate as of Feb 2017
 -->
 <ruleset name="dinglisch.net" default_off="expired">
 	<target host="dinglisch.net" />
diff --git a/src/chrome/content/rules/dinside.no.xml b/src/chrome/content/rules/dinside.no.xml
index caad13424955..22597aff74dd 100644
--- a/src/chrome/content/rules/dinside.no.xml
+++ b/src/chrome/content/rules/dinside.no.xml
@@ -21,12 +21,12 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- testpilot from $self ˢ
 			- testpilot, www from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- testpilot from $self ˢ
 			- www from gfx.dagbladet.no ˢ
 			- www from bilde.dinside.no ʳ
diff --git a/src/chrome/content/rules/dionyziz.com.xml b/src/chrome/content/rules/dionyziz.com.xml
index 9cf3f32288be..d5f57782e3e1 100644
--- a/src/chrome/content/rules/dionyziz.com.xml
+++ b/src/chrome/content/rules/dionyziz.com.xml
@@ -1,7 +1,7 @@
 <ruleset name="dionyziz.com">
 	<target host="dionyziz.com" />
 	<target host="www.dionyziz.com" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/direxion.xml b/src/chrome/content/rules/direxion.xml
new file mode 100644
index 000000000000..824f584a1cc1
--- /dev/null
+++ b/src/chrome/content/rules/direxion.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional domains:
+	 - www.files.direxionfunds.com  (nxdomain)
+	 
+	 Certificate mismatch:
+	 - direxionfunds.com
+	 - www.direxionfunds.com
+-->
+
+<ruleset name="Direxion">
+	<target host="direxion.com" />
+	<target host="direxioninvestments.com" />
+	<target host="www.direxion.com" />
+	<target host="www.direxioninvestments.com" />
+	
+	<target host="files.direxionfunds.com" />
+	<test url="http://files.direxionfunds.com/DirexionWebsiteFiles/holdings_tecl.csv" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/divShare.xml b/src/chrome/content/rules/divShare.xml
index bcd04e5475a7..0e1dd0c6c3ce 100644
--- a/src/chrome/content/rules/divShare.xml
+++ b/src/chrome/content/rules/divShare.xml
@@ -24,7 +24,7 @@ Fetch error: http://divshare.com/ => https://www.divshare.com/: (28, 'Connection
 	* Secured by us
 
 -->
-<ruleset name="divShare.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="divShare.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -39,7 +39,7 @@ Fetch error: http://divshare.com/ => https://www.divshare.com/: (28, 'Connection
 					-->
 	<!--securecookie host="^www\.divshare\.com$" name="^(PHPSESSID|cntHeaderMessages|ds_list_viewed_spotlights)$" /-->
 
-	<securecookie host="^(?:.*\.)?divshare\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://divshare\.com/"
diff --git a/src/chrome/content/rules/diversitymemo.com.xml b/src/chrome/content/rules/diversitymemo.com.xml
deleted file mode 100644
index a3bc7bb37911..000000000000
--- a/src/chrome/content/rules/diversitymemo.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid Certificate:
-		www.diversitymemo.com
--->
-<ruleset name="diversitymemo.com">
-	<target host="diversitymemo.com" />
-	<target host="www.diversitymemo.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.diversitymemo\.com/" to="https://diversitymemo.com/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/diymealbox.com.xml b/src/chrome/content/rules/diymealbox.com.xml
deleted file mode 100644
index f5e35fb66b91..000000000000
--- a/src/chrome/content/rules/diymealbox.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="diymealbox.com">
-	<target host="diymealbox.com" />
-	<target host="www.diymealbox.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/dltags.com.xml b/src/chrome/content/rules/dltags.com.xml
index cd07659fb976..6a756550e631 100644
--- a/src/chrome/content/rules/dltags.com.xml
+++ b/src/chrome/content/rules/dltags.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://dltags.com/ => https://dltags.com/: (7, 'Failed to connect t
 Fetch error: http://www.dltags.com/ => https://www.dltags.com/: (7, 'Failed to connect to www.dltags.com port 443: Connection refused')
 
 -->
-<ruleset name="dltags.com" default_off='failed ruleset test'>
+<ruleset name="dltags.com" default_off="failed ruleset test">
 
 	<target host="dltags.com" />
 	<target host="www.dltags.com" />
diff --git a/src/chrome/content/rules/dlvr.it.xml b/src/chrome/content/rules/dlvr.it.xml
index 7fab4250f6c5..23e046734d04 100644
--- a/src/chrome/content/rules/dlvr.it.xml
+++ b/src/chrome/content/rules/dlvr.it.xml
@@ -42,8 +42,8 @@
 
 	<rule from="^http://www\.dlvrit\.com/"
 		to="https://dlvrit.com/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/dmalloc.com.xml b/src/chrome/content/rules/dmalloc.com.xml
new file mode 100644
index 000000000000..5a7df759c2c3
--- /dev/null
+++ b/src/chrome/content/rules/dmalloc.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="dmalloc.com">
+	<target host="dmalloc.com" />
+	<target host="www.dmalloc.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dniester.ru.xml b/src/chrome/content/rules/dniester.ru.xml
deleted file mode 100644
index 18d22ff603fe..000000000000
--- a/src/chrome/content/rules/dniester.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<!-- mail. mismatch -->
-<ruleset name="dniester.ru">
-	<target host="dniester.ru" />
-	<target host="www.dniester.ru" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/dns-shop.ru.xml b/src/chrome/content/rules/dns-shop.ru.xml
deleted file mode 100644
index 7c1b64c6f0dd..000000000000
--- a/src/chrome/content/rules/dns-shop.ru.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Nonfunctional hosts in *dns-shop.ru:
-
-		- (www.)? ᵈ
-		- club ʳ
-		- ftp ʳ
-
-	ᵈ Dropped
-	ʳ Refused
-
-
-	Insecure cookies are set for these hosts:
-
-		- accounts.dns-shop.ru
-
--->
-<ruleset name="DNS-Shop.ru (partial)">
-
-	<target host="accounts.dns-shop.ru" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^accounts\.dns-shop\.ru$" name="^foo$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml b/src/chrome/content/rules/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml
new file mode 100644
index 000000000000..5f5a99d478e6
--- /dev/null
+++ b/src/chrome/content/rules/dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml
@@ -0,0 +1,14 @@
+<!--
+	Other Cloudflare rulesets:
+		- Cloudflare.com.xml
+
+	Onion service can't be accessed over unencrypted HTTP connections.
+-->
+
+<ruleset name="dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion">
+	<target host="dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/docin.xml b/src/chrome/content/rules/docin.xml
new file mode 100644
index 000000000000..d5d6ebc02f2d
--- /dev/null
+++ b/src/chrome/content/rules/docin.xml
@@ -0,0 +1,45 @@
+<!--
+	Mismatched:
+		edu.docin.com
+
+		v.douding.cn
+
+	not enough values to unpack:
+		m.docin.com		https://travis-ci.org/EFForg/https-everywhere/jobs/470813317#L596
+		tm.docin.com	https://travis-ci.org/EFForg/https-everywhere/jobs/470813317#L597
+
+	Refused:
+		ayou.docin.com
+-->
+<ruleset name="docin">
+	<target host="docin.com"/>
+	<target host="www.docin.com"/>
+	<target host="admin.docin.com"/>
+	<target host="api.docin.com"/>
+	<target host="baogao.docin.com"/>
+	<target host="blog.docin.com"/>
+	<target host="bookshelf.docin.com"/>
+	<target host="docstore.docin.com"/>
+	<target host="hetong.docin.com"/>
+	<target host="huiyi.docin.com"/>
+	<target host="img.docin.com"/>
+	<target host="jz.docin.com"/>
+	<target host="manhua.docin.com"/>
+	<target host="shequ.docin.com"/>
+	<target host="shufang.docin.com"/>
+	<target host="stat.docin.com"/>
+	<target host="t.docin.com"/>
+	<target host="tbaogao.docin.com"/>
+	<target host="ttushu.docin.com"/>
+	<target host="tushu.docin.com"/>
+	<target host="tv.docin.com"/>
+	<target host="v.docin.com"/>
+	<target host="yiliao.docin.com"/>
+	<target host="zazhi.docin.com"/>
+
+	<target host="img1.douding.cn"/>
+	<target host="page.douding.cn"/>
+	<target host="st.douding.cn"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/dods.co.uk.xml b/src/chrome/content/rules/dods.co.uk.xml
index 528b8e9b58c8..d43117d87f1c 100644
--- a/src/chrome/content/rules/dods.co.uk.xml
+++ b/src/chrome/content/rules/dods.co.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://media.dods.co.uk/ => https://media.dods.co.uk/: (60, 'SSL ce
 	www.dods.co.uk: dropped
 
 -->
-<ruleset name="Dods.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Dods.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="media.dods.co.uk" />
 
diff --git a/src/chrome/content/rules/dof.gob.mx.xml b/src/chrome/content/rules/dof.gob.mx.xml
new file mode 100644
index 000000000000..6bf36db4a77d
--- /dev/null
+++ b/src/chrome/content/rules/dof.gob.mx.xml
@@ -0,0 +1,6 @@
+<ruleset name="dof.gob.mx">
+	<target host="dof.gob.mx" />
+	<target host="www.dof.gob.mx" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dol.gov.xml b/src/chrome/content/rules/dol.gov.xml
index 5a132d2dc3ed..bf2ddc5f5f8d 100644
--- a/src/chrome/content/rules/dol.gov.xml
+++ b/src/chrome/content/rules/dol.gov.xml
@@ -41,12 +41,12 @@ Fetch error: http://jobcorps.dol.gov/ => https://jobcorps.dol.gov/: (60, 'SSL ce
 	Mixed content:
 
 		- css, on:
-		
+
 			- developer from fonts.googleapis.com ˢ
 			- webapps from www.dol.gov ˢ
 
 		- Images, on:
-		
+
 			- api, savingmatters from www.dol.gov ˢ
 			- www.oalj, www from $self ˢ
 
@@ -56,7 +56,7 @@ Fetch error: http://jobcorps.dol.gov/ => https://jobcorps.dol.gov/: (60, 'SSL ce
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="DoL.gov" default_off='failed ruleset test'>
+<ruleset name="DoL.gov" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/domainsite.com.xml b/src/chrome/content/rules/domainsite.com.xml
index 24e6b4ea0a4f..917c92b95c1e 100644
--- a/src/chrome/content/rules/domainsite.com.xml
+++ b/src/chrome/content/rules/domainsite.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.domainsite.com/ => https://www.domainsite.com/: (60, 'SS
 	For other Name.com coverage, see Name.com.xml.
 
 -->
-<ruleset name="DomainSite.com" default_off='failed ruleset test'>
+<ruleset name="DomainSite.com" default_off="failed ruleset test">
 
 	<target host="domainsite.com" />
 	<target host="www.domainsite.com" />
diff --git a/src/chrome/content/rules/domtele.com.xml b/src/chrome/content/rules/domtele.com.xml
index 3316e1df51af..919276dadc32 100644
--- a/src/chrome/content/rules/domtele.com.xml
+++ b/src/chrome/content/rules/domtele.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.domtele.com/ => https://www.domtele.com/: (60, 'SSL cert
 
 dev.domtele.com mismatch
 -->
-<ruleset name="domtele.com" default_off='failed ruleset test'>
+<ruleset name="domtele.com" default_off="failed ruleset test">
 	<target host="domtele.com" />
 	<target host="www.domtele.com" />
 	<target host="my.domtele.com" />
diff --git a/src/chrome/content/rules/dongleauth.info.xml b/src/chrome/content/rules/dongleauth.info.xml
new file mode 100644
index 000000000000..405cd249b33b
--- /dev/null
+++ b/src/chrome/content/rules/dongleauth.info.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid Certificate:
+		dongleauth.info
+-->
+<ruleset name="dongleauth.info">
+	<target host="dongleauth.info" />
+	<target host="www.dongleauth.info" />
+
+	<rule from="^http://dongleauth\.info/" to="https://www.dongleauth.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/donmai.us.xml b/src/chrome/content/rules/donmai.us.xml
index 8bddc96bcea0..d319c43a837f 100644
--- a/src/chrome/content/rules/donmai.us.xml
+++ b/src/chrome/content/rules/donmai.us.xml
@@ -1,4 +1,4 @@
-<!-- 
+<!--
   Redirect (www.)donmai.us to danbooru.donmai.us for HTTPS coverage.
   It's technically the same site, but the former gives a bad cert domain error.
   The cookies weren't secured either by the server.
@@ -11,7 +11,7 @@
   <target host="safebooru.donmai.us" />
 
   <securecookie host="^(?:danbooru|safebooru)?\.donmai\.us$" name=".+" />
-  
+
   <rule from="^http://(www\.)?donmai\.us/" to="https://danbooru.donmai.us/" />
   <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/donttrack.us.xml b/src/chrome/content/rules/donttrack.us.xml
new file mode 100644
index 000000000000..dbb77ef4171f
--- /dev/null
+++ b/src/chrome/content/rules/donttrack.us.xml
@@ -0,0 +1,11 @@
+<!-- This domain is related to DuckDuckGo.com (see also DuckDuckGo.xml). -->
+<ruleset name="donttrack.us">
+
+	<target host="donttrack.us" />
+	<target host="www.donttrack.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/dosbox.xml b/src/chrome/content/rules/dosbox.xml
index 862ae1bfda4a..a582869c6bbc 100644
--- a/src/chrome/content/rules/dosbox.xml
+++ b/src/chrome/content/rules/dosbox.xml
@@ -5,11 +5,8 @@
 	<target host="www.vogons.org"/>
 	<target host="gkpatches.vogons.org"/>
 	<!--source.dosbox.com times out-->
-	<test url="http://www.dosbox.com/"/>
 	<test url="http://www.dosbox.com/download.php?main=1/"/>
 	<test url="http://www.dosbox.com/wiki/"/>
-	<test url="http://www.vogons.org/"/>
-	<test url="http://gkpatches.vogons.org/"/>
 	<securecookie host=".+" name=".+" />
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/douban.fm.xml b/src/chrome/content/rules/douban.fm.xml
index 426296eb285f..4f413b987248 100644
--- a/src/chrome/content/rules/douban.fm.xml
+++ b/src/chrome/content/rules/douban.fm.xml
@@ -1,36 +1,14 @@
 <!--
-	www.douban.fm: Mismatched
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .douban.fm
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
+	Mismatched:
+		www.douban.fm
 -->
 <ruleset name="Douban.fm">
-
-	<!--	Direct rewrites:
-				-->
 	<target host="douban.fm" />
-
-	<!--	Complications:
-				-->
 	<target host="www.douban.fm" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.douban\.fm$" name="^(?:ac|bid|flag)$" /-->
-
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.douban\.fm/" to="https://douban.fm/" />
 
-	<rule from="^http://www\.douban\.fm/"
-		to="https://douban.fm/" />
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/doubanio.com.xml b/src/chrome/content/rules/doubanio.com.xml
index 014ba3367419..a05ca720e07c 100644
--- a/src/chrome/content/rules/doubanio.com.xml
+++ b/src/chrome/content/rules/doubanio.com.xml
@@ -1,32 +1,25 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://img6.doubanio.com/ => https://img6.doubanio.com/: (60, 'SSL certificate problem: certificate has expired')
-
 	Protocol Error:
 		- intowow.doubanio.com
 
-	Invaild Response:
-		- mr1.doubanio.com
-
 	Mismatch:
 		- *.boomerang.doubanio.com
 -->
-<ruleset name="Doubanio.com" default_off='failed ruleset test'>
+<ruleset name="Doubanio.com">
 	<target host="bs3.doubanio.com" />
 	<target host="ga.doubanio.com" />
 	<target host="mr3.doubanio.com" />
 	<target host="img1.doubanio.com" />
+		<test url="http://img1.doubanio.com/view/site/small/public/a02c1738a42d38a.jpg" />
 	<target host="img3.doubanio.com" />
-	<target host="img6.doubanio.com" />
+		<test url="http://img3.doubanio.com/f/shire/a1fdee122b95748d81cee426d717c05b5174fe96/pics/blank.gif" />
+	<target host="mr1.doubanio.com" />
 	<target host="pypi.doubanio.com" />
 	<target host="qnypy.doubanio.com" />
-		<test url="http://img1.doubanio.com/view/site/small/public/a02c1738a42d38a.jpg" />
-		<test url="http://img3.doubanio.com/f/shire/a1fdee122b95748d81cee426d717c05b5174fe96/pics/blank.gif" />
 		<test url="http://qnypy.doubanio.com/201603251646582012__m" />
 	<target host="s.doubanio.com" />
 
-	<securecookie host="^\w" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/dpfile.com.xml b/src/chrome/content/rules/dpfile.com.xml
index 759aa3b69e8d..7b78a763ea07 100644
--- a/src/chrome/content/rules/dpfile.com.xml
+++ b/src/chrome/content/rules/dpfile.com.xml
@@ -18,11 +18,11 @@
 		<test url="http://www.dpfile.com/sc/image/31010502000052.png" />
 
 	<target host="*.dpfile.com" />
-	
+
 	<rule from="^http://(i|j|m|si|t)(\d+)\.(s1\.|s2\.|s3\.)?dpfile\.com/" to="https://i2.dpfile.com/" />
 	<exclusion pattern="^http://m\d+\.dpfile\.com/" />
 	<exclusion pattern="^http://si\d+\.dpfile\.com/" />
-	
+
 		<test url="http://i1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://j1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://m1.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
@@ -40,11 +40,11 @@
 		<test url="http://m1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://si1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://t1.s2.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
-	
+
 		<test url="http://i1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://j1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://m1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://si1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
 		<test url="http://t1.s3.dpfile.com/s/res/gongshang.73ce6165acedcdd46fa558bcf59aa974.gif" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/draisberghof.de.xml b/src/chrome/content/rules/draisberghof.de.xml
new file mode 100644
index 000000000000..b4a2b030083f
--- /dev/null
+++ b/src/chrome/content/rules/draisberghof.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="draisberghof.de">
+	<target host="www.draisberghof.de" />
+	<target host="draisberghof.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dreambox.com.xml b/src/chrome/content/rules/dreambox.com.xml
index 166767438f78..cd32c11128a7 100644
--- a/src/chrome/content/rules/dreambox.com.xml
+++ b/src/chrome/content/rules/dreambox.com.xml
@@ -20,7 +20,7 @@
 	Mixed content:
 
 		- Images, on:
-		
+
 			- www, www2 from $self ˢ
 			- www2 from storage.pardot.com ˢ
 
diff --git a/src/chrome/content/rules/dreampoint.co.uk.xml b/src/chrome/content/rules/dreampoint.co.uk.xml
new file mode 100644
index 000000000000..4040d3d1e3c5
--- /dev/null
+++ b/src/chrome/content/rules/dreampoint.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		ftp.dreampoint.co.uk
+-->
+<ruleset name="dreampoint.co.uk">
+	<target host="dreampoint.co.uk" />
+	<target host="www.dreampoint.co.uk" />
+	<target host="mail.dreampoint.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dribper.com.xml b/src/chrome/content/rules/dribper.com.xml
deleted file mode 100644
index 6a831cc271e5..000000000000
--- a/src/chrome/content/rules/dribper.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://dribper.com/ => https://dribper.com/: (6, 'Could not resolve host: dribper.com')
-Fetch error: http://www.dribper.com/ => https://www.dribper.com/: (6, 'Could not resolve host: www.dribper.com')
-
--->
-<ruleset name="dribper.com" default_off='failed ruleset test'>
-	<target host="dribper.com" />
-	<target host="www.dribper.com" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/driving.co.uk.xml b/src/chrome/content/rules/driving.co.uk.xml
index 0b6f233e2bce..070413360b06 100644
--- a/src/chrome/content/rules/driving.co.uk.xml
+++ b/src/chrome/content/rules/driving.co.uk.xml
@@ -13,7 +13,7 @@ Non-2xx HTTP code: http://www.driving.co.uk/ (200) => https://www.driving.co.uk/
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Driving.co.uk" default_off='failed ruleset test'>
+<ruleset name="Driving.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/drmemory.org.xml b/src/chrome/content/rules/drmemory.org.xml
new file mode 100644
index 000000000000..136dbf808f60
--- /dev/null
+++ b/src/chrome/content/rules/drmemory.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="drmemory.org">
+	<target host="drmemory.org" />
+	<target host="www.drmemory.org" />
+	<target host="autodiscover.drmemory.org" />
+	<target host="webdisk.drmemory.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/duapp.com.xml b/src/chrome/content/rules/duapp.com.xml
deleted file mode 100644
index c61650dbb2d6..000000000000
--- a/src/chrome/content/rules/duapp.com.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For other Baidu coverage, see Baidu.xml.
-
-	Redirect to baidu.com:
-		www.duapp.com
-
-	MCB:	Too much to list them all
-		dopoca.duapp.com
-		easymemo.duapp.com
-		helpjs.duapp.com
-		iyou1314.duapp.com
-		musicapi.duapp.com
-		walfred.duapp.com
-		woaiseo.duapp.com
-		xinyuan.duapp.com
-		zclassic.duapp.com
--->
-
-<ruleset name="duapp.com">
-	<!-- Too much to list all subdomains. -->
-	<target host="bdltest.duapp.com" />
-	<target host="bwrelease.duapp.com" />
-	<target host="digwtx.duapp.com" />
-	<target host="haoyunsoon.duapp.com" />
-	<target host="hebrew.duapp.com" />
-	<target host="minirick.duapp.com" />
-	<target host="particleground.duapp.com" />
-	<target host="pythondoc.duapp.com" />
-	<target host="radiance.duapp.com" />
-	<target host="resource.duapp.com" />
-	<target host="sfzcxgg.duapp.com" />
-	<target host="sugarball.duapp.com" />
-	<target host="thinkgis.duapp.com" />
-	<target host="ueditor.duapp.com" />
-	<target host="weitiandi.duapp.com" />
-	<target host="yuedun.duapp.com" />
-	<target host="zhihuhu.duapp.com" />
-
-	<securecookie host="^\w" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/duoshuo.com.xml b/src/chrome/content/rules/duoshuo.com.xml
index c70ee85ea1ec..e33f0e17e02e 100644
--- a/src/chrome/content/rules/duoshuo.com.xml
+++ b/src/chrome/content/rules/duoshuo.com.xml
@@ -29,11 +29,11 @@ Fetch error: http://weishanghuoyuan.duoshuo.com/ => https://weishanghuoyuan.duos
 		dev
 -->
 
-<ruleset name="duoshuo.com" default_off='failed ruleset test'>
+<ruleset name="duoshuo.com" default_off="failed ruleset test">
 
 	<target host="duoshuo.com" />
 	<target host="www.duoshuo.com" />
-	
+
 	<target host="12345679.duoshuo.com" />
 	<target host="17goon.duoshuo.com" />
 	<target host="4linuxfun.duoshuo.com" />
@@ -55,7 +55,7 @@ Fetch error: http://weishanghuoyuan.duoshuo.com/ => https://weishanghuoyuan.duos
 	<target host="static.duoshuo.com" />
 	<target host="vxcom.duoshuo.com" />
 	<target host="weishanghuoyuan.duoshuo.com" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/dvalert.org.au.xml b/src/chrome/content/rules/dvalert.org.au.xml
index 16ae61fcc6cd..d0a7b2b05291 100644
--- a/src/chrome/content/rules/dvalert.org.au.xml
+++ b/src/chrome/content/rules/dvalert.org.au.xml
@@ -1,4 +1,4 @@
-<ruleset name="dvalert.org.au">	
+<ruleset name="dvalert.org.au">
 	<target host="dvalert.org.au" />
 	<target host="www.dvalert.org.au" />
 
diff --git a/src/chrome/content/rules/dvdsreleasedates.com.xml b/src/chrome/content/rules/dvdsreleasedates.com.xml
index aa098d08073f..7079a27781fd 100644
--- a/src/chrome/content/rules/dvdsreleasedates.com.xml
+++ b/src/chrome/content/rules/dvdsreleasedates.com.xml
@@ -3,7 +3,7 @@
 		- $self		(certificate mismatch)
 		- s0		(certificate mismatch)
 		- s1		(certificate mismatch)
-			
+
 -->
 <ruleset name="DVDs Release Dates">
 
@@ -15,7 +15,7 @@
 	<!-- certificate mismatch -->
 	<rule from="^http://dvdsreleasedates\.com/"
 		to="https://www.dvdsreleasedates.com/" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/dwnews.com-mixedcontent.xml b/src/chrome/content/rules/dwnews.com-mixedcontent.xml
new file mode 100644
index 000000000000..a309640827d9
--- /dev/null
+++ b/src/chrome/content/rules/dwnews.com-mixedcontent.xml
@@ -0,0 +1,25 @@
+<!--
+	Related:
+		dwnews.net.xml
+
+	Mismathced:
+		^dwnews.com
+		culture.dwnews.com
+		uc-api.dwnews.com	https://uc-api.dwnews.com/images/noavatar_middle.gif
+-->
+
+<ruleset name="dwnews.com (MCB)" platform="mixedcontent">
+
+	<target host="dwnews.com" />
+	<target host="www.dwnews.com" />
+	<target host="blog.dwnews.com" />
+	<target host="duoweicn.dwnews.com" />
+	<target host="economics.dwnews.com" />
+	<target host="news.dwnews.com" />
+	<target host="tag.dwnews.com" />
+	<target host="talk.dwnews.com" />
+
+	<rule from="^http://dwnews\.com/" to="https://www.dwnews.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dwnews.net.xml b/src/chrome/content/rules/dwnews.net.xml
new file mode 100644
index 000000000000..2b2f6bbd72b9
--- /dev/null
+++ b/src/chrome/content/rules/dwnews.net.xml
@@ -0,0 +1,43 @@
+<!--
+	Related:
+		dwnews.com-mixedcontent.xml
+
+	Unable to connect to the server:
+		http://g.dwnews.net/dwnews.fjs
+-->
+
+<ruleset name="dwnews.net">
+
+	<target host="attach0.dwnews.net" />
+	<target host="attach1.dwnews.net" />
+	<target host="attach2.dwnews.net" />
+	<target host="attach3.dwnews.net" />
+	<target host="attach4.dwnews.net" />
+	<target host="attach5.dwnews.net" />
+	<target host="attach6.dwnews.net" />
+	<target host="attach7.dwnews.net" />
+	<target host="attach8.dwnews.net" />
+	<target host="attach9.dwnews.net" />
+	<target host="pic0.dwnews.net" />
+	<target host="pic1.dwnews.net" />
+	<target host="pic2.dwnews.net" />
+	<target host="pic3.dwnews.net" />
+	<target host="pic4.dwnews.net" />
+	<target host="pic5.dwnews.net" />
+	<target host="pic6.dwnews.net" />
+	<target host="pic7.dwnews.net" />
+	<target host="pic8.dwnews.net" />
+	<target host="pic9.dwnews.net" />
+	<target host="s0.dwnews.net" />
+	<target host="s1.dwnews.net" />
+	<target host="s2.dwnews.net" />
+	<target host="s3.dwnews.net" />
+	<target host="s4.dwnews.net" />
+	<target host="s5.dwnews.net" />
+	<target host="s6.dwnews.net" />
+	<target host="s7.dwnews.net" />
+	<target host="s8.dwnews.net" />
+	<target host="s9.dwnews.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/dxy.com.xml b/src/chrome/content/rules/dxy.com.xml
index f9847141ee50..e5c46611d389 100644
--- a/src/chrome/content/rules/dxy.com.xml
+++ b/src/chrome/content/rules/dxy.com.xml
@@ -1,20 +1,17 @@
 <!--
 	Invalid cert:
-		www.dxy.com
 		bbs.dxy.com
 		i.dxy.com
 		yao.dxy.com
 
-	Refused:
+	Timeout:
 		hz.dxy.com
 -->
-
 <ruleset name="dxy.com">
-	<target host="www.dxy.com" />
-	<rule from="^http://www\.dxy\.com/" to="https://dxy.com/" />
-
 	<target host="dxy.com" />
+	<target host="www.dxy.com" />
 	<target host="ask.dxy.com" />
+		<test url="http://ask.dxy.com/ama/index#/find" />
 	<target host="clinic.dxy.com" />
 	<target host="m.dxy.com" />
 
diff --git a/src/chrome/content/rules/dynamic1001.eu.xml b/src/chrome/content/rules/dynamic1001.eu.xml
index 551ec03465d9..110e7dc98288 100644
--- a/src/chrome/content/rules/dynamic1001.eu.xml
+++ b/src/chrome/content/rules/dynamic1001.eu.xml
@@ -21,7 +21,7 @@ Fetch error: http://www.customercenter.dynamic1001.eu/ => https://www.customerce
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Dynamic 1001.eu (partial)" default_off='failed ruleset test'>
+<ruleset name="Dynamic 1001.eu (partial)" default_off="failed ruleset test">
 
 	<target host="customercenter.dynamic1001.eu" />
 	<target host="www.customercenter.dynamic1001.eu" />
diff --git a/src/chrome/content/rules/dyncdn.me.xml b/src/chrome/content/rules/dyncdn.me.xml
deleted file mode 100644
index 3bd63465300a..000000000000
--- a/src/chrome/content/rules/dyncdn.me.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="dyncdn.me">
-
-	<target host="dyncdn.me" />
-
-		<test url="http://dyncdn.me/static/20/img/bknd_body.jpg" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/e17-stuff.org.xml b/src/chrome/content/rules/e17-stuff.org.xml
deleted file mode 100644
index d9192579d8a2..000000000000
--- a/src/chrome/content/rules/e17-stuff.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For other openDesktop rules, see openDesktop.org.xml
-
--->
-<ruleset name="e17-stuff.org">
-
-	<target host="e17-stuff.org" />
-	<target host="www.e17-stuff.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/eGenix.xml b/src/chrome/content/rules/eGenix.xml
index 8a5cea3a95a7..e4df73d4985e 100644
--- a/src/chrome/content/rules/eGenix.xml
+++ b/src/chrome/content/rules/eGenix.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://lists.egenix.com/ => https://lists.egenix.com/: (51, "SSL: no alternative certificate subject name matches target host name 'lists.egenix.com'")
 
 -->
-<ruleset name="eGenix.com" default_off='failed ruleset test'>
+<ruleset name="eGenix.com" default_off="failed ruleset test">
 
 	<target host="egenix.com" />
 	<target host="downloads.egenix.com" />
diff --git a/src/chrome/content/rules/eHarmony.xml b/src/chrome/content/rules/eHarmony.xml
index 568fc0b48920..3ee11efc2bbd 100644
--- a/src/chrome/content/rules/eHarmony.xml
+++ b/src/chrome/content/rules/eHarmony.xml
@@ -20,7 +20,7 @@
 	<test url="http://static.eharmony.com/" />
 
 	<!--	encountered:	.eharmony.com $client.eharmony.com	-->
-	<securecookie host="^(?:.*\.)?eharmony\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<!--	affiliates have unique subdomains	-->
 	<rule from="^http://([\w\-]+)\.eharmony\.com/"
diff --git a/src/chrome/content/rules/eHow.xml b/src/chrome/content/rules/eHow.xml
deleted file mode 100644
index 857951c8b276..000000000000
--- a/src/chrome/content/rules/eHow.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	CDN buckets:
-
-		- www.ehow.com.ipi.demand.akadns.net
-		- blog.ehow.com.edgesuite.net
-		- www.ehow.com.edgesuite.net
-		- www.ehow.co.uk.edgesuite.net
-		- img.ehowcdn.com.edgesuite.net
-		- v5-static.ehowcdn.com.edgesuite.net
-
-
-	Nonfunctional domains:
-
-		- ehow-com.blog.ehow.com	(Akamai; 503)
-		- www.ehow.co.uk		(ditto)
-
-
-	Problematic domains:
-
-		- img.ehow.com *
-		- preprod-www.ehow.com		(works, akamai)
-		- v5-static.ehow.com		(redirects to www.ehow.com)
-		- img.ehowcdn.com *
-		- test8-img.ehowcdn.com *
-		- test8-v5-static.ehowcdn.com *
-		- v5-static.ehowcdn.com *
-
-	*Akamai, 503
-
--->
-<ruleset name="eHow (partial)" platform="mixedcontent">
-
-	<target host="ehow.com" />
-	<target host="*.ehow.com" />
-	<target host="*.ehowcdn.com" />
-
-
-	<securecookie host="^www\.ehow\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ehow\.com/"
-		to="https://$1ehow.com/" />
-
-	<rule from="^http://(?:test\d-)?(?:img|v5-static)\.ehow(?:cdn)?\.com/"
-		to="https://www.ehow.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/eNovance.xml b/src/chrome/content/rules/eNovance.xml
index 34d8338d61c4..a2fe6d0ed97f 100644
--- a/src/chrome/content/rules/eNovance.xml
+++ b/src/chrome/content/rules/eNovance.xml
@@ -38,7 +38,7 @@ Fetch error: http://www.enocloud.com/ => https://www.enovance.com/: (60, 'SSL ce
 	² Unsecurable <= redirects to http
 
 -->
-<ruleset name="eNovance" default_off='failed ruleset test'>
+<ruleset name="eNovance" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -51,7 +51,7 @@ Fetch error: http://www.enocloud.com/ => https://www.enovance.com/: (60, 'SSL ce
 	<target host="www.enocloud.com" />
 
 
-	<securecookie host="^(?:.*\.)?eno(?:cloud|vance)\.com$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 
 	<rule from="^http://(?:www\.)?enocloud\.com/"
diff --git a/src/chrome/content/rules/eStruxture.com.xml b/src/chrome/content/rules/eStruxture.com.xml
new file mode 100644
index 000000000000..c3ad26da2976
--- /dev/null
+++ b/src/chrome/content/rules/eStruxture.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Chain issue, missing intermediate:
+		- estruxture.com
+		- www.estruxture.com
+		- iam.estruxture.com
+
+	Invalid certificate:
+		- mtl3.estruxture.com
+		- www.mtl3.estruxture.com
+-->
+
+<ruleset name="eStruxture.com">
+	<target host="abuse.estruxture.com" />
+	<target host="mtl2.estruxture.com" />
+	<target host="www.mtl2.estruxture.com" />
+	<target host="pm.estruxture.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/earlychildhoodcolorado.org.xml b/src/chrome/content/rules/earlychildhoodcolorado.org.xml
new file mode 100644
index 000000000000..3f560e0596fe
--- /dev/null
+++ b/src/chrome/content/rules/earlychildhoodcolorado.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="earlychildhoodcolorado.org">
+	<target host="earlychildhoodcolorado.org" />
+	<target host="www.earlychildhoodcolorado.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/east.ru.xml b/src/chrome/content/rules/east.ru.xml
index 2a523fef43ee..0cf165ea1442 100644
--- a/src/chrome/content/rules/east.ru.xml
+++ b/src/chrome/content/rules/east.ru.xml
@@ -12,7 +12,7 @@ mspk.east.ru self signed
 skazka.east.ru self signed
 vok.east.ru self signed
 -->
-<ruleset name="east.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="east.ru (partial)" default_off="failed ruleset test">
 	<target host="debet.east.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/ebay.at.xml b/src/chrome/content/rules/ebay.at.xml
index dbd964d36b02..da9c794171c9 100644
--- a/src/chrome/content/rules/ebay.at.xml
+++ b/src/chrome/content/rules/ebay.at.xml
@@ -1,8 +1,8 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomain:
 
 		- ebay.at	(h)
diff --git a/src/chrome/content/rules/ebay.be.xml b/src/chrome/content/rules/ebay.be.xml
index c69db74c2ff4..da65de242fcb 100644
--- a/src/chrome/content/rules/ebay.be.xml
+++ b/src/chrome/content/rules/ebay.be.xml
@@ -1,8 +1,8 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
 
 		- ebay.be	(h)
@@ -115,7 +115,7 @@
 		- www.proxy	(HTTP 404 error)
 		- fedsignin.sandbox	(HTTP 503 error)
 		- signin.sandbox	(t)
-		
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.ca.xml b/src/chrome/content/rules/ebay.ca.xml
index 6f06a1e5efde..e71edeeb85a9 100644
--- a/src/chrome/content/rules/ebay.ca.xml
+++ b/src/chrome/content/rules/ebay.ca.xml
@@ -1,10 +1,10 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
-	
+
 		- ebay.ca	(h)
 		- arribada	(t)
 		- buyvrfn	(m)
@@ -103,7 +103,7 @@
 		- stores	(h)
 		- test-pages	(g)
 		- touch	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.ch.xml b/src/chrome/content/rules/ebay.ch.xml
index 23018f3002ea..fdbf5fb4feac 100644
--- a/src/chrome/content/rules/ebay.ch.xml
+++ b/src/chrome/content/rules/ebay.ch.xml
@@ -1,10 +1,10 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
-	
+
 		- ebay.ch	(h)
 		- arribada	(t)
 		- artist-index	(m)
@@ -79,7 +79,7 @@
 		- testberichte	(r)
 		- search.testberichte	(r)
 		- weltweit	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.co.uk.xml b/src/chrome/content/rules/ebay.co.uk.xml
new file mode 100644
index 000000000000..be545f534080
--- /dev/null
+++ b/src/chrome/content/rules/ebay.co.uk.xml
@@ -0,0 +1,333 @@
+<!--
+
+	For other eBay coverage, see ebay.com.xml
+
+
+	Non-functional subdomains:
+
+		- ebay.co.uk	(h)
+		- adcmd	(m)
+		- affiliates	(r)
+		- arribada	(t)
+		- artist	(r)
+		- artist-index	(m)
+		- baby-toddler	(r)
+		- bmsgs	(r)
+		- pages.bt	(m)
+		- buyvrfn	(m)
+		- cancel	(r)
+		- category-keyword	(m)
+		- cgi1	(r)
+		- cgi2	(r)
+		- cgi4	(r)
+		- comm	(r)
+		- commerceapps	(t)
+		- cs	(t)
+		- deals	(r)
+		- dealseu	(r)
+		- donations	(t)
+		- dsa	(m)
+		- ebaycup	(r)
+		- esssl	(r)
+		- www.express	(m)
+		- item.express	(m)
+		- scgi.express	(m)
+		- signin.express	(m)
+		- ext-syi	(m)
+		- from	(m)
+		- m.g	(m)
+		- h3g	(m)
+		- inspiration	(r)
+		- console.internationalselling	(r)
+		- invite	(r)
+		- item		(invalid redirect)
+		- k2b-bulk	(i)
+		- k2b-email	(i)
+		- k2b-fbdk	(i)
+		- k2b-print	(i)
+		- lbv	(e)
+		- life4less	(r)
+		- listings	(m)
+		- art.listings	(m)
+		- baby.listings	(m)
+		- books.listings	(m)
+		- clothes.listings	(m)
+		- home.listings	(m)
+		- home-garden.listings	(m)
+		- toys.listings	(m)
+		- local	(r)
+		- m1	(t)
+		- mail	(m)
+		- members	(m)
+		- mesgmy	(r)
+		- messages	(m)
+		- motors	(m)
+		- my	(r)
+		- myworld	(r)
+		- neighbourhood	(m)
+		- notifyweb	(SSL error)
+		- o2imode	(m)
+		- o2wap	(m)
+		- orange	(m)
+		- partner	(h)
+		- partsfinder	(m)
+		- pictures	(r)
+		- playground	(m)
+		- popular	(r)
+		- portal	(r)
+		- portal2	(r)
+		- postageestimator	(r)
+		- pressconsole	(r)
+		- previewitem	(r)
+		- product	(r)
+		- promotions	(r)
+		- www.proxy	(HTTP 404 error)
+		- returns	(m)
+		- reviews	(r)
+		- www.rsvp	(t)
+		- rtm	(m)
+		- s	(t)
+		- www.sandbox	(r)
+		- cgi.sandbox	(r)
+		- checkout.sandbox	(t)
+		- fedsignin.sandbox	(HTTP 503 error)
+		- merchant.sandbox	(t)
+		- www.mipapplication.sandbox	(r)
+		- my.sandbox	(r)
+		- offer.sandbox	(t)
+		- pages.sandbox	(r)
+		- payments.sandbox	(m)
+		- reg.sandbox	(r)
+		- electronics.shop.sandbox	(r)
+		- hub.shop.sandbox	(r)
+		- phones.shop.sandbox	(r)
+		- securepromo	(t)
+		- selfserveads	(t)
+		- sell	(m)
+		- shop	(r)
+		- antiques.shop	(r)
+		- art.shop	(r)
+		- baby.shop	(m)
+		- business.shop	(r)
+		- clothes.shop	(r)
+		- coins.shop	(r)
+		- collectables.shop	(r)
+		- desc.shop	(r)
+		- dolls.shop	(r)
+		- health-beauty.shop	(r)
+		- hub.shop	(r)
+		- jewellery-watches.shop	(r)
+		- motors.shop	(r)
+		- motors-parts.shop	(r)
+		- music.shop	(r)
+		- musical-instruments.shop	(r)
+		- pottery.shop	(r)
+		- property.shop	(r)
+		- sports.shop	(r)
+		- stamps.shop	(r)
+		- stores.shop	(m)
+		- antiques.stores.shop	(m)
+		- art.stores.shop	(m)
+		- baby.stores.shop	(m)
+		- clothes.stores.shop	(m)
+		- coins.stores.shop	(m)
+		- collectables.stores.shop	(m)
+		- computers.stores.shop	(m)
+		- dvd-video.stores.shop	(m)
+		- electronics.stores.shop	(m)
+		- health-beauty.stores.shop	(m)
+		- home-garden.stores.shop	(m)
+		- jewellery-watches.stores.shop	(m)
+		- motors.stores.shop	(m)
+		- music.stores.shop	(m)
+		- musical-instruments.stores.shop	(m)
+		- pet-supplies.stores.shop	(m)
+		- phones.stores.shop	(m)
+		- photography.stores.shop	(m)
+		- property.stores.shop	(m)
+		- sports.stores.shop	(m)
+		- sports-memorabilia.stores.shop	(m)
+		- stamps.stores.shop	(m)
+		- tickets.stores.shop	(m)
+		- video-games.stores.shop	(m)
+		- wholesale.stores.shop	(m)
+		- tickets.shop	(m)
+		- toys.shop	(r)
+		- shopfront	(m)
+		- shopupgrade	(t)
+		- solutions	(m)
+		- stage-partner	(t)
+		- store-index	(m)
+		- stores	(h)
+		- www.stores	(m)
+		- coins.stores	(m)
+		- motors.stores	(m)
+		- search.stores	(m)
+		- sports.stores	(m)
+		- success	(t)
+		- tmo	(m)
+		- tmobile	(t)
+		- touch	(m)
+		- www.touch	(m)
+		- upload	(r)
+		- vflive	(m)
+		- virgin	(m)
+		- www.wantitnow	(m)
+		- wap	(m)
+		- win	(r)
+		- wwww	(m)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="eBay.co.uk">
+
+	<target host="ebay.co.uk" />
+	<target host="www.ebay.co.uk" />
+		<test url="http://www.ebay.co.uk/sch/ebayadvsearch" />
+	<target host="advertising.ebay.co.uk" />
+	<target host="anywhere.ebay.co.uk" />
+	<target host="applications.ebay.co.uk" />
+	<target host="arbd.ebay.co.uk" />
+	<target host="auth.ebay.co.uk" />
+	<target host="www.billing.ebay.co.uk" />
+	<target host="www.bizpolicy.ebay.co.uk" />
+	<target host="www.bizvrfn.ebay.co.uk" />
+	<target host="msa-b1.cgi3.bt.ebay.co.uk" />
+	<target host="msa-b1.cgi5.bt.ebay.co.uk" />
+	<target host="contact.bt.ebay.co.uk" />
+	<target host="dispute-resolution.bt.ebay.co.uk" />
+	<target host="feedback.bt.ebay.co.uk" />
+	<target host="rebulk.bt.ebay.co.uk" />
+	<target host="wantitnow.bt.ebay.co.uk" />
+	<target host="bulkedit.ebay.co.uk" />
+	<target host="bulksell.ebay.co.uk" />
+	<target host="www.buyvrfn.ebay.co.uk" />
+	<target host="c.ebay.co.uk" />
+	<target host="cart.ebay.co.uk" />
+	<target host="cgi.ebay.co.uk" />
+	<target host="cgi3.ebay.co.uk" />
+	<target host="msa-b1.cgi3.ebay.co.uk" />
+	<target host="cgi5.ebay.co.uk" />
+	<target host="msa-b1.cgi5.ebay.co.uk" />
+	<target host="cgi6.ebay.co.uk" />
+	<target host="charity.ebay.co.uk" />
+	<target host="www.charity.ebay.co.uk" />
+	<target host="checkout.ebay.co.uk" />
+	<target host="checkoutweb.ebay.co.uk" />
+	<target host="community.ebay.co.uk" />
+	<target host="connect.ebay.co.uk" />
+	<target host="contact.ebay.co.uk" />
+	<target host="csr.ebay.co.uk" />
+	<target host="dispute-resolution.ebay.co.uk" />
+	<target host="donation.ebay.co.uk" />
+	<target host="www.donation.ebay.co.uk" />
+	<target host="epn.ebay.co.uk" />
+	<target host="epnt.ebay.co.uk" />
+	<target host="epsvc.ebay.co.uk" />
+	<target host="fedauth.ebay.co.uk" />
+	<target host="fedsignin.ebay.co.uk" />
+	<target host="www.feectr.ebay.co.uk" />
+	<target host="feedback.ebay.co.uk" />
+	<target host="www.fees.ebay.co.uk" />
+	<target host="frame.ebay.co.uk" />
+	<target host="fundinginstrument.ebay.co.uk" />
+	<target host="fyp.ebay.co.uk" />
+	<target host="fyp2.ebay.co.uk" />
+	<target host="garden.ebay.co.uk" />
+	<target host="gha.ebay.co.uk" />
+	<target host="gslblui.ebay.co.uk" />
+	<target host="www.ilvrfn.ebay.co.uk" />
+	<target host="influencernetwork.ebay.co.uk" />
+	<target host="invoice.ebay.co.uk" />
+	<target host="www.kgvrfn.ebay.co.uk" />
+	<target host="m.ebay.co.uk" />
+	<target host="www.m.ebay.co.uk" />
+	<target host="reg.m.ebay.co.uk" />
+	<target host="scgi.m.ebay.co.uk" />
+	<target host="signin.m.ebay.co.uk" />
+	<target host="marketing.ebay.co.uk" />
+	<target host="mbuy.ebay.co.uk" />
+	<target host="merchant.ebay.co.uk" />
+	<target host="mesg.ebay.co.uk" />
+	<target host="www.mip.ebay.co.uk" />
+	<target host="www.mipapplication.ebay.co.uk" />
+	<target host="ocs.ebay.co.uk" />
+	<target host="ocsnext.ebay.co.uk" />
+	<target host="ocsrest.ebay.co.uk" />
+	<target host="ocswf.ebay.co.uk" />
+	<target host="offer.ebay.co.uk" />
+	<target host="ofr.ebay.co.uk" />
+	<target host="pages.ebay.co.uk" />
+		<test url="http://pages.ebay.co.uk/sitemap.html" />
+	<target host="paisapay.ebay.co.uk" />
+	<target host="partnernetwork.ebay.co.uk" />
+	<target host="pay.ebay.co.uk" />
+	<target host="payments.ebay.co.uk" />
+	<target host="apps.payments.ebay.co.uk" />
+	<target host="cart.payments.ebay.co.uk" />
+	<target host="checkout.payments.ebay.co.uk" />
+	<target host="guestcheckout.payments.ebay.co.uk" />
+	<target host="paymentscmd.ebay.co.uk" />
+	<target host="www.picupload.ebay.co.uk" />
+	<target host="pls.ebay.co.uk" />
+	<target host="postage.ebay.co.uk" />
+	<target host="postorder.ebay.co.uk" />
+	<target host="nw.pp.ebay.co.uk" />
+	<target host="www.nw.pp.ebay.co.uk" />
+	<target host="ppm1.ebay.co.uk" />
+	<target host="ppm3.ebay.co.uk" />
+	<target host="prefs.ebay.co.uk" />
+	<target host="pulsar.ebay.co.uk" />
+	<target host="qu.ebay.co.uk" />
+	<target host="rebulk.ebay.co.uk" />
+	<target host="reg.ebay.co.uk" />
+	<target host="res.ebay.co.uk" />
+	<target host="resolutioncentre.ebay.co.uk" />
+	<target host="reward.ebay.co.uk" />
+	<target host="rewards.ebay.co.uk" />
+	<target host="rover.ebay.co.uk" />
+	<target host="www.bizpolicy.sandbox.ebay.co.uk" />
+	<target host="community.sandbox.ebay.co.uk" />
+	<target host="fedauth.sandbox.ebay.co.uk" />
+	<target host="mesg.sandbox.ebay.co.uk" />
+	<target host="www.mip.sandbox.ebay.co.uk" />
+	<target host="resolutioncentre.sandbox.ebay.co.uk" />
+	<target host="scgi.sandbox.ebay.co.uk" />
+	<target host="signin.sandbox.ebay.co.uk" />
+	<target host="scgi.ebay.co.uk" />
+	<target host="securefeedback.ebay.co.uk" />
+	<target host="secureportal.ebay.co.uk" />
+	<target host="secureregistration.ebay.co.uk" />
+	<target host="sellercentre.ebay.co.uk" />
+	<target host="sellerstandards.ebay.co.uk" />
+	<target host="sellerupdate.ebay.co.uk" />
+	<target host="sellvrfn.ebay.co.uk" />
+	<target host="www.sellvrfn.ebay.co.uk" />
+	<target host="settings.ebay.co.uk" />
+	<target host="shipping.ebay.co.uk" />
+	<target host="shiptrack.ebay.co.uk" />
+	<target host="signin.ebay.co.uk" />
+	<target host="signinalert.ebay.co.uk" />
+	<target host="sofe.ebay.co.uk" />
+	<target host="spd.ebay.co.uk" />
+	<target host="www.sps.ebay.co.uk" />
+	<target host="srtm.ebay.co.uk" />
+	<target host="www.subs.ebay.co.uk" />
+	<target host="viv.ebay.co.uk" />
+	<target host="vod.ebay.co.uk" />
+	<target host="wantitnow.ebay.co.uk" />
+
+	<!-- fix http redirect -->
+	<rule from="^http://ebay\.co\.uk/"
+		to="https://www.ebay.co.uk/" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/ebay.com.au.xml b/src/chrome/content/rules/ebay.com.au.xml
index 7193154627e6..137200d77d11 100644
--- a/src/chrome/content/rules/ebay.com.au.xml
+++ b/src/chrome/content/rules/ebay.com.au.xml
@@ -1,10 +1,10 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
-	
+
 		- ebay.com.au	(h)
 		- affiliates	(m)
 		- arribada	(t)
@@ -122,7 +122,7 @@
 		- wap	(m)
 		- wwww	(m)
 		- xmas	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.com.my.xml b/src/chrome/content/rules/ebay.com.my.xml
index 23110b014593..3f2e2d371912 100644
--- a/src/chrome/content/rules/ebay.com.my.xml
+++ b/src/chrome/content/rules/ebay.com.my.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomains:
 
 		- ebay.com.my	(h)
diff --git a/src/chrome/content/rules/ebay.com.sg.xml b/src/chrome/content/rules/ebay.com.sg.xml
index 1e5002954213..996b3b5c8474 100644
--- a/src/chrome/content/rules/ebay.com.sg.xml
+++ b/src/chrome/content/rules/ebay.com.sg.xml
@@ -1,10 +1,10 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
-	
+
 		- ebay.com.sg	(h)
 		- affiliates	(m)
 		- arribada	(t)
diff --git a/src/chrome/content/rules/ebay.com.xml b/src/chrome/content/rules/ebay.com.xml
index e1309c57b4b6..4e7b88c3d084 100644
--- a/src/chrome/content/rules/ebay.com.xml
+++ b/src/chrome/content/rules/ebay.com.xml
@@ -1,4 +1,9 @@
 <!--
+The following targets have been disabled at 2020-04-17 18:38:06:
+
+Fetch error: http://forums.ebay.com/ => https://forums.ebay.com/: not enough values to unpack (expected 2, got 1)
+Fetch error: http://shopbot.ebay.com/ => https://shopbot.ebay.com/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to shopbot.ebay.com:443 ')
+
 
 	Other eBay rulesets:
 
@@ -6,9 +11,11 @@
 		- ebay.be.xml
 		- ebay.ca.xml
 		- ebay.ch.xml
+		- ebay.co.uk.xml
 		- ebay.com.au.xml
 		- ebay.com.hk.xml
 		- ebay.com.my.xml
+		- ebay.com.sg.xml
 		- ebay.de.xml
 		- ebay.es.xml
 		- ebay.fr.xml
@@ -19,8 +26,8 @@
 		- ebay.ph.xml
 		- ebay.pl.xml
 		- ebay.ru.xml
-		- ebaycommercenetwork.com.xml
 		- ebayimg.com.xml
+		- ebayrtm.com.xml
 		- ebaystatic.com.xml
 
 
@@ -39,6 +46,7 @@
 		- rtm	(m)
 		- shop	(m)
 		- stores	(h)
+    - community (t)
 
 	e: expired certificate
 	h: http redirect
@@ -55,36 +63,36 @@
 	<target host="anywhere.ebay.com" />
 	<target host="cgi.ebay.com" />
 	<target host="charity.ebay.com" />
-	<target host="community.ebay.com" />
+	<!-- <target host="community.ebay.com" /> -->
 	<target host="developer.ebay.com" />
 	<target host="donation.ebay.com" />
 	<target host="explore.ebay.com" />
-	<target host="feedback.ebay.com" />
+	<!-- target host="feedback.ebay.com" /-->
 	<target host="forums.developer.ebay.com" />
-	<target host="forums.ebay.com" />
+	<!-- target host="forums.ebay.com" /-->
 	<target host="frame.ebay.com" />
 	<target host="giftcertificates.ebay.com" />
 	<target host="givingworks.ebay.com" />
 	<target host="go.developer.ebay.com" />
-	<target host="ocs.ebay.com" />
+	<!-- target host="ocs.ebay.com" /-->
 	<target host="ocsnext.ebay.com" />
 	<target host="pages.ebay.com" />
 	<target host="partnernetwork.ebay.com" />
 	<target host="payments.ebay.com" />
-	<target host="qu.ebay.com" />
+	<!-- target host="qu.ebay.com" /-->
 	<target host="reco.ebay.com" />
 	<target host="resolutioncenter.ebay.com" />
-	<target host="rover.ebay.com" />
+	<!-- target host="rover.ebay.com" /-->
 	<target host="scgi.ebay.com" />
-	<target host="securethumbs.ebay.com" />
+	<!-- target host="securethumbs.ebay.com" /-->
 	<target host="sellforme.ebay.com" />
-	<target host="shopbot.ebay.com" />
+	<!-- target host="shopbot.ebay.com" /-->
 	<target host="signin.ebay.com" />
 	<target host="spages.half.ebay.com" />
 	<target host="srtm.ebay.com" />
 	<target host="svcs.ebay.com" />
 	<target host="thumbs.ebay.com" />
-	<target host="viv.ebay.com" />
+	<!-- <target host="viv.ebay.com" /> -->
 
 	<!-- fix http redirect -->
 	<rule from="^http://ebay\.com/"
diff --git a/src/chrome/content/rules/ebay.de.xml b/src/chrome/content/rules/ebay.de.xml
index d1cd772443bc..769a18810748 100644
--- a/src/chrome/content/rules/ebay.de.xml
+++ b/src/chrome/content/rules/ebay.de.xml
@@ -1,19 +1,21 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomains:
-	
+
 		- ebay.de	(h)
 		- aetka	(m)
 		- arribada	(t)
+		- autodiscover (r)
 		- autoservice	(r)
 		- axa	(h)
 		- blogs	(m)
 		- buyvrfn	(m)
 		- cancel	(r)
 		- cgi1	(m)
+		- msa-b1.cgi3 (i)
 		- cgi4	(r)
 		- comm	(r)
 		- community-legacy	(m)
@@ -28,6 +30,7 @@
 		- dsa	(m)
 		- einkaufstipps	(r)
 		- einladen	(r)
+		- elektronik-ankauf (e)
 		- entwickler	(m)
 		- epluswap	(m)
 		- scgi.express	(m)
@@ -37,11 +40,14 @@
 		- heute	(m)
 		- hrs	(h)
 		- hub	(m)
+		- influencernetwork (e)
 		- inspiriert	(r)
 		- internationalverkaufen	(r)
+		- item (h)
 		- console.internationalverkaufen	(r)
 		- www.kleinanzeigen	(m)
 		- lego	(m)
+		- lers (m)
 		- mail	(r)
 		- members	(m)
 		- mesgmy	(r)
@@ -57,11 +63,14 @@
 		- presse	(m)
 		- presseconsole	(t)
 		- previewitem	(r)
+		- programm (t)
 		- www.proxy	(HTTP 404 error)
 		- recommendations	(r)
 		- returns	(m)
+		- feedback.rtl (m)
 		- www.sandbox	(r)
 		- fedsignin.sandbox	(HTTP 503 error)
+		- merchant.sandbox (t)
 		- www.mipapplication.sandbox	(r)
 		- my.sandbox	(r)
 		- payments.sandbox	(m)
@@ -74,6 +83,7 @@
 		- scat	(r)
 		- search-completed	(r)
 		- seat	(m)
+		- securepromo (t)
 		- selfiecup	(r)
 		- sell	(m)
 		- shop	(r)
@@ -108,6 +118,7 @@
 		- wohnen.stores.shop	(m)
 		- sm	(r)
 		- www.sm	(r)
+		- sofortverkauf (e)
 		- specials	(h)
 		- spielplatz	(m)
 		- stage-partner	(t)
@@ -127,6 +138,7 @@
 		- upload	(r)
 		- vattenfall	(h)
 		- verimonitor	(r)
+		- versand (t)
 		- versand-staging	(t)
 		- volkswagen	(m)
 		- wap	(m)
@@ -150,7 +162,6 @@
 	<target host="applications.ebay.de" />
 	<target host="arbd.ebay.de" />
 	<target host="auth.ebay.de" />
-	<target host="autodiscover.ebay.de" />
 	<target host="www.billing.ebay.de" />
 	<target host="www.bizpolicy.ebay.de" />
 	<target host="www.bizvrfn.ebay.de" />
@@ -161,11 +172,9 @@
 	<target host="cart.ebay.de" />
 	<target host="cgi.ebay.de" />
 	<target host="cgi3.ebay.de" />
-	<target host="msa-b1.cgi3.ebay.de" />
 	<target host="cgi5.ebay.de" />
 	<target host="msa-b1.cgi5.ebay.de" />
 	<target host="cgi6.ebay.de" />
-	<target host="checkout.ebay.de" />
 	<target host="checkoutweb.ebay.de" />
 	<target host="community.ebay.de" />
 	<target host="connect.ebay.de" />
@@ -175,7 +184,6 @@
 	<target host="donation.ebay.de" />
 	<target host="www.donation.ebay.de" />
 	<target host="www.signup.ebayplus.ebay.de" />
-	<target host="elektronik-ankauf.ebay.de" />
 	<target host="epn.ebay.de" />
 	<target host="epnt.ebay.de" />
 	<target host="epsvc.ebay.de" />
@@ -189,18 +197,15 @@
 	<target host="fundinginstrument.ebay.de" />
 	<target host="fyp.ebay.de" />
 	<target host="fyp2.ebay.de" />
-	<target host="gewinnen.ebay.de" />
 	<target host="gha.ebay.de" />
 	<target host="gslblui.ebay.de" />
 	<target host="www.ilvrfn.ebay.de" />
-	<target host="influencernetwork.ebay.de" />
 	<target host="invoice.ebay.de" />
-	<target host="item.ebay.de" />
+	<target host="k2b-bulk.ebay.de" />
 	<target host="www.kgvrfn.ebay.de" />
 	<target host="kleinanzeigen.ebay.de" />
 	<target host="m.kleinanzeigen.ebay.de" />
 	<target host="komfort.ebay.de" />
-	<target host="lers.ebay.de" />
 	<target host="m.ebay.de" />
 	<target host="www.m.ebay.de" />
 	<target host="reg.m.ebay.de" />
@@ -216,7 +221,6 @@
 	<target host="www.mipapplication.ebay.de" />
 	<target host="namechange.ebay.de" />
 	<target host="news.ebay.de" />
-	<target host="notifyweb.ebay.de" />
 	<target host="ocs.ebay.de" />
 	<target host="ocsnext.ebay.de" />
 	<target host="ocsrest.ebay.de" />
@@ -224,7 +228,6 @@
 	<target host="offer.ebay.de" />
 	<target host="ofr.ebay.de" />
 	<target host="pages.ebay.de" />
-	<target host="paisapay.ebay.de" />
 	<target host="partnernetwork.ebay.de" />
 	<target host="pay.ebay.de" />
 	<target host="payments.ebay.de" />
@@ -235,16 +238,13 @@
 	<target host="paymentscmd.ebay.de" />
 	<target host="www.picupload.ebay.de" />
 	<target host="pls.ebay.de" />
-	<target host="plusbeimverkaufen.ebay.de" />
 	<target host="postage.ebay.de" />
 	<target host="nw.pp.ebay.de" />
 	<target host="www.nw.pp.ebay.de" />
 	<target host="ppm1.ebay.de" />
 	<target host="ppm3.ebay.de" />
 	<target host="prefs.ebay.de" />
-	<target host="privatretouren.ebay.de" />
 	<target host="profisuche.ebay.de" />
-	<target host="programm.ebay.de" />
 	<target host="pulsar.ebay.de" />
 	<target host="qu.ebay.de" />
 	<target host="rebulk.ebay.de" />
@@ -255,12 +255,10 @@
 	<target host="rewards.ebay.de" />
 	<target host="rover.ebay.de" />
 	<target host="www.rsvp.ebay.de" />
-	<target host="feedback.rtl.ebay.de" />
 	<target host="www.bizpolicy.sandbox.ebay.de" />
 	<target host="checkout.sandbox.ebay.de" />
 	<target host="community.sandbox.ebay.de" />
 	<target host="fedauth.sandbox.ebay.de" />
-	<target host="merchant.sandbox.ebay.de" />
 	<target host="mesg.sandbox.ebay.de" />
 	<target host="www.mip.sandbox.ebay.de" />
 	<target host="resolutioncenter.sandbox.ebay.de" />
@@ -268,29 +266,20 @@
 	<target host="signin.sandbox.ebay.de" />
 	<target host="saturn.ebay.de" />
 	<target host="scgi.ebay.de" />
-	<target host="securefeedback.ebay.de" />
 	<target host="secureportal.ebay.de" />
-	<target host="securepromo.ebay.de" />
-	<target host="secureregistration.ebay.de" />
 	<target host="sellerstandards.ebay.de" />
 	<target host="sellerupdate.ebay.de" />
 	<target host="sellvrfn.ebay.de" />
 	<target host="www.sellvrfn.ebay.de" />
-	<target host="settings.ebay.de" />
 	<target host="shipping.ebay.de" />
 	<target host="shiptrack.ebay.de" />
 	<target host="signin.ebay.de" />
-	<target host="signinalert.ebay.de" />
-	<target host="socialapp.ebay.de" />
 	<target host="sofe.ebay.de" />
-	<target host="sofortverkauf.ebay.de" />
 	<target host="spd.ebay.de" />
 	<target host="www.sps.ebay.de" />
 	<target host="srtm.ebay.de" />
 	<target host="www.subs.ebay.de" />
 	<target host="verkaeuferportal.ebay.de" />
-	<target host="versand.ebay.de" />
-	<target host="versandetikett.ebay.de" />
 	<target host="viv.ebay.de" />
 	<target host="vod.ebay.de" />
 	<target host="wantitnow.ebay.de" />
diff --git a/src/chrome/content/rules/ebay.es.xml b/src/chrome/content/rules/ebay.es.xml
index 27c2d35673ce..4505e566f8b9 100644
--- a/src/chrome/content/rules/ebay.es.xml
+++ b/src/chrome/content/rules/ebay.es.xml
@@ -1,10 +1,10 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomain:
-	
+
 		- ebay.es	(h)
 		- ecgapi.anuncios	(t)
 		- secure.anuncios	(m)
@@ -88,7 +88,7 @@
 		- upload	(r)
 		- vflive	(m)
 		- wap	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.fr.xml b/src/chrome/content/rules/ebay.fr.xml
index 69940599d131..28378983c9c4 100644
--- a/src/chrome/content/rules/ebay.fr.xml
+++ b/src/chrome/content/rules/ebay.fr.xml
@@ -1,10 +1,10 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomain:
-	
+
 		- ebay.fr	(h)
 		- actualites	(mixed-content)
 		- annonces	(m)
diff --git a/src/chrome/content/rules/ebay.ie.xml b/src/chrome/content/rules/ebay.ie.xml
index 223271515570..ba1627696907 100644
--- a/src/chrome/content/rules/ebay.ie.xml
+++ b/src/chrome/content/rules/ebay.ie.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomains:
 
 		- ebay.ie	(h)
@@ -93,8 +93,8 @@
 		- upload	(r)
 		- vflive	(m)
 		- www.wantitnow	(m)
-		- wap	(m)	
-	
+		- wap	(m)
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.in.xml b/src/chrome/content/rules/ebay.in.xml
index 27d279343086..6cb928c2cb6a 100644
--- a/src/chrome/content/rules/ebay.in.xml
+++ b/src/chrome/content/rules/ebay.in.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomain:
 
 		- ebay.in	(h)
@@ -81,7 +81,7 @@
 		- stores	(h)
 		- www.stores	(m)
 		- wwww	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.nl.xml b/src/chrome/content/rules/ebay.nl.xml
index bf06cecccff3..6d59ffe6cc04 100644
--- a/src/chrome/content/rules/ebay.nl.xml
+++ b/src/chrome/content/rules/ebay.nl.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomain:
 
 		- ebay.nl	(h)
@@ -82,7 +82,7 @@
 		- www.stores	(m)
 		- svcs	(m)
 		- upload	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.ph.xml b/src/chrome/content/rules/ebay.ph.xml
index 658e64111e76..584fcda0138f 100644
--- a/src/chrome/content/rules/ebay.ph.xml
+++ b/src/chrome/content/rules/ebay.ph.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomain:
 
 		- affiliates	(m)
@@ -69,7 +69,7 @@
 		- www.stores	(m)
 		- svcs	(m)
 		- tradingassistant	(m)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebay.pl.xml b/src/chrome/content/rules/ebay.pl.xml
index 79eb1b6027de..805f646646d0 100644
--- a/src/chrome/content/rules/ebay.pl.xml
+++ b/src/chrome/content/rules/ebay.pl.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomains:
 
 		- ebay.pl	(h)
diff --git a/src/chrome/content/rules/ebay.ru.xml b/src/chrome/content/rules/ebay.ru.xml
index 9f4df400325a..45be4e87f758 100644
--- a/src/chrome/content/rules/ebay.ru.xml
+++ b/src/chrome/content/rules/ebay.ru.xml
@@ -1,8 +1,8 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
-	
+
+
 	Non-functional subdomain:
 
 		- ebay.ru	(h)
@@ -17,7 +17,7 @@
 		- viewitem.eim	(m)
 		- rover	(m)
 		- my.sandbox	(r)
-	
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebaycommercenetwork.com.xml b/src/chrome/content/rules/ebaycommercenetwork.com.xml
deleted file mode 100644
index 5c4133340fcd..000000000000
--- a/src/chrome/content/rules/ebaycommercenetwork.com.xml
+++ /dev/null
@@ -1,35 +0,0 @@
-<!--
-	For other Ebay coverage, see ebay.com.xml.
-
-	Invalid certificate:
-		sandbox.api.ebaycommercenetwork.com
-
-	No working URL known:
-		productads.ebaycommercenetwork.com
-
-	Refused:
-		ebaycommercenetwork.com
-		www.ebaycommercenetwork.com
-		ads.ebaycommercenetwork.com
-
--->
-<ruleset name="EbayCommerceNetwork.com">
-	<target host="api.ebaycommercenetwork.com" />
-	<target host="aumerchant.ebaycommercenetwork.com" />
-	<target host="betamerchant.ebaycommercenetwork.com" />
-	<target host="developer.ebaycommercenetwork.com" />
-	<target host="haendler.ebaycommercenetwork.com" />
-	<target host="macfe.ebaycommercenetwork.com" />
-	<target host="marchand.ebaycommercenetwork.com" />
-	<target host="merchant.ebaycommercenetwork.com" />
-	<target host="merchants.ebaycommercenetwork.com" />
-	<target host="merchantsupport.ebaycommercenetwork.com" />
-	<target host="merchantsupportintl.ebaycommercenetwork.com" />
-	<target host="mfe.ebaycommercenetwork.com" />
-	<target host="publisher.ebaycommercenetwork.com" />
-	<target host="publishers.ebaycommercenetwork.com" />
-	<target host="sc.ebaycommercenetwork.com" />
-	<target host="ukmerchant.ebaycommercenetwork.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ebayimg.com.xml b/src/chrome/content/rules/ebayimg.com.xml
index e06408ff7dc2..7df6d6bba496 100644
--- a/src/chrome/content/rules/ebayimg.com.xml
+++ b/src/chrome/content/rules/ebayimg.com.xml
@@ -1,7 +1,7 @@
 <!--
 
 	For other eBay coverage, see ebay.com.xml
-	
+
 
 	Non-functional subdomain:
 
diff --git a/src/chrome/content/rules/ebayrtm.com.xml b/src/chrome/content/rules/ebayrtm.com.xml
index a73ba94bbc5b..895d3d7e1dff 100644
--- a/src/chrome/content/rules/ebayrtm.com.xml
+++ b/src/chrome/content/rules/ebayrtm.com.xml
@@ -1,10 +1,10 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
-	
+
 		- srx.at	(m)
 		- srx.au	(m)
 		- srx.befr	(m)
@@ -42,7 +42,7 @@
 		- srx.uk	(m)
 		- srv.main.vip	(t)
 		- srx.za	(m)
-		
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/ebaystatic.com.xml b/src/chrome/content/rules/ebaystatic.com.xml
index 265a6d2f20ad..56d2f2a003d6 100644
--- a/src/chrome/content/rules/ebaystatic.com.xml
+++ b/src/chrome/content/rules/ebaystatic.com.xml
@@ -1,10 +1,10 @@
 <!--
 
-	For other eBay coverage, see ebay.com.xml	
-	
-	
+	For other eBay coverage, see ebay.com.xml
+
+
 	Non-functional subdomains:
-	
+
 		- av	(m)
 		- include	(m)
 		- secureir.latest	(t)
@@ -29,7 +29,7 @@
 		- securepics.uk.mobileweb004.qa	(t)
 		- include.sandbox	(r)
 		- rs.sandbox	(m)
-		
+
 	e: expired certificate
 	h: http redirect
 	i: invalid certificate chain
diff --git a/src/chrome/content/rules/echo24.cz.xml b/src/chrome/content/rules/echo24.cz.xml
index 401fc7f294e1..ea9217d00ee6 100644
--- a/src/chrome/content/rules/echo24.cz.xml
+++ b/src/chrome/content/rules/echo24.cz.xml
@@ -5,7 +5,7 @@ Fetch error: http://tydenik.echo24.cz/ => https://tydenik.echo24.cz/: (51, "SSL:
 Fetch error: http://echomedia.cz/ => https://echomedia.cz/: (6, 'Could not resolve host: echomedia.cz')
 
 -->
-<ruleset name="Echo24.cz" default_off='failed ruleset test'>
+<ruleset name="Echo24.cz" default_off="failed ruleset test">
     <target host="echo24.cz" />
     <target host="www.echo24.cz" />
     <target host="tydenik.echo24.cz" />
diff --git a/src/chrome/content/rules/ecoast.com.tw.xml b/src/chrome/content/rules/ecoast.com.tw.xml
new file mode 100644
index 000000000000..0a4f2f6acde4
--- /dev/null
+++ b/src/chrome/content/rules/ecoast.com.tw.xml
@@ -0,0 +1,7 @@
+<ruleset name="ecoast.com.tw">
+
+	<target host="ecoast.com.tw" />
+	<target host="www.ecoast.com.tw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/edens.com.xml b/src/chrome/content/rules/edens.com.xml
new file mode 100644
index 000000000000..0f83f928b470
--- /dev/null
+++ b/src/chrome/content/rules/edens.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="edens.com">
+	<target host="edens.com" />
+	<target host="*.edens.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<test url="http://properties.edens.com/cre/properties/" />
+	<test url="http://properties.edens.com/p/shopping-center-commercial-real-estate/Princeton-NJ-08540/princetonshoppingcenter" />
+	<test url="http://properties.edens.com/property/capsule_data/739/property/sitemap_image/611.png" />
+</ruleset>
diff --git a/src/chrome/content/rules/edgefonts.net.xml b/src/chrome/content/rules/edgefonts.net.xml
new file mode 100644
index 000000000000..d4106e6f4860
--- /dev/null
+++ b/src/chrome/content/rules/edgefonts.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="edgefonts.net">
+		<target host="use.edgefonts.net" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/edina.ac.uk.xml b/src/chrome/content/rules/edina.ac.uk.xml
index 3e81b02e8a37..b67cddde3df4 100644
--- a/src/chrome/content/rules/edina.ac.uk.xml
+++ b/src/chrome/content/rules/edina.ac.uk.xml
@@ -25,7 +25,7 @@ Fetch error: http://census.edina.ac.uk/ => https://census.edina.ac.uk/: (51, "SS
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="edina.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="edina.ac.uk (partial)" default_off="failed ruleset test">
 
 	<target host="census.edina.ac.uk" />
 	<target host="ess.edina.ac.uk" />
diff --git a/src/chrome/content/rules/education.gov.uk.xml b/src/chrome/content/rules/education.gov.uk.xml
index 09aa95f7afb9..26f09743761c 100644
--- a/src/chrome/content/rules/education.gov.uk.xml
+++ b/src/chrome/content/rules/education.gov.uk.xml
@@ -65,7 +65,7 @@ Fetch error: http://tableschecking.education.gov.uk/ => https://tableschecking.e
 	ˢ Secured by us
 
 -->
-<ruleset name="Education.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Education.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/educationusa.info.xml b/src/chrome/content/rules/educationusa.info.xml
deleted file mode 100644
index 2a26ff4ad0ad..000000000000
--- a/src/chrome/content/rules/educationusa.info.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="EducationUSA.info">
-
-	<target host="educationusa.info" />
-	<target host="www.educationusa.info" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/eduserv.org.uk.xml b/src/chrome/content/rules/eduserv.org.uk.xml
index 200a18e0ffa6..0b2215ea878c 100644
--- a/src/chrome/content/rules/eduserv.org.uk.xml
+++ b/src/chrome/content/rules/eduserv.org.uk.xml
@@ -8,7 +8,7 @@
 		- swalive ᵐ
 
 	ᵐ Mismatched
-	
+
 
 	Insecure cookies are set for these domains and hosts: ᶜ
 
@@ -23,7 +23,7 @@
 
 		- css on (www.)? from fonts.googleapis.com ˢ
 		- Bug on (www.)? from www.final-azr-01.com ᵐ
-	
+
 	ᵐ Not secured by us <= mismatched
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
diff --git a/src/chrome/content/rules/edustore.fi.xml b/src/chrome/content/rules/edustore.fi.xml
new file mode 100644
index 000000000000..f952485ae15a
--- /dev/null
+++ b/src/chrome/content/rules/edustore.fi.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- ^
+
+	Mixed content (scripts do not load):
+		- www
+-->
+<ruleset name="edustore.fi (partial)">
+		<target host="id.edustore.fi" />
+		<target host="oma.edustore.fi" />
+
+		<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eforms.gov.ie.xml b/src/chrome/content/rules/eforms.gov.ie.xml
deleted file mode 100644
index b393ac5d7d57..000000000000
--- a/src/chrome/content/rules/eforms.gov.ie.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="EForms.gov.ie">
-
-	<target host="eforms.gov.ie" />
-	<target host="www.eforms.gov.ie" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/efsyn.gr.xml b/src/chrome/content/rules/efsyn.gr.xml
index 5884daa6679e..dbbe486b563e 100644
--- a/src/chrome/content/rules/efsyn.gr.xml
+++ b/src/chrome/content/rules/efsyn.gr.xml
@@ -10,7 +10,7 @@ Fetch error: http://efsyn.gr/ => https://efsyn.gr/: (51, "SSL: no alternative ce
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Efsyn.gr" default_off='failed ruleset test'>
+<ruleset name="Efsyn.gr" default_off="failed ruleset test">
 
 	<target host="efsyn.gr" />
 	<target host="www.efsyn.gr" />
diff --git a/src/chrome/content/rules/egl.lv.xml b/src/chrome/content/rules/egl.lv.xml
new file mode 100644
index 000000000000..1621e07ebc58
--- /dev/null
+++ b/src/chrome/content/rules/egl.lv.xml
@@ -0,0 +1,6 @@
+<ruleset name="egl.lv">
+  <target host="egl.lv" />
+  <target host="www.egl.lv" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eigenLab.xml b/src/chrome/content/rules/eigenLab.xml
index c0a65f871bec..5a90bf16c1de 100644
--- a/src/chrome/content/rules/eigenLab.xml
+++ b/src/chrome/content/rules/eigenLab.xml
@@ -1,8 +1,8 @@
 <!--
 	Expired:
 		- owncloud
-	
-	503: 
+
+	503:
 		- git
 -->
 <ruleset name="eigenLab">
diff --git a/src/chrome/content/rules/ejtaal.net.xml b/src/chrome/content/rules/ejtaal.net.xml
index ec1e9c5246dc..1900aea46f14 100644
--- a/src/chrome/content/rules/ejtaal.net.xml
+++ b/src/chrome/content/rules/ejtaal.net.xml
@@ -1,8 +1,8 @@
 <!--
-Timeout: 
+Timeout:
 	home.ejtaal.net
 
-Refused connection: 
+Refused connection:
 	ceres.ejtaal.net
 	dev.ejtaal.net
 	test.ejtaal.net
@@ -11,6 +11,6 @@ Refused connection:
 <ruleset name="Ejtaal.net">
 	<target host="ejtaal.net"/>
 	<target host="www.ejtaal.net"/>
-	
+
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/elec.ru.xml b/src/chrome/content/rules/elec.ru.xml
index 5eded1c3ef6b..033ed390ef50 100644
--- a/src/chrome/content/rules/elec.ru.xml
+++ b/src/chrome/content/rules/elec.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://market.elec.ru/ => https://market.elec.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
  advert. mismatch
 www.advert. mismatch -->
-<ruleset name="elec.ru" default_off='failed ruleset test'>
+<ruleset name="elec.ru" default_off="failed ruleset test">
 	<target host="elec.ru" />
 	<target host="www.elec.ru" />
 	<target host="market.elec.ru" />
diff --git a/src/chrome/content/rules/elections.bc.ca.xml b/src/chrome/content/rules/elections.bc.ca.xml
new file mode 100644
index 000000000000..403b915c1c5b
--- /dev/null
+++ b/src/chrome/content/rules/elections.bc.ca.xml
@@ -0,0 +1,15 @@
+<ruleset name="elections.bc.ca">
+	<target host="elections.bc.ca" />
+	<target host="www.elections.bc.ca" />
+	<target host="results.elections.bc.ca" />
+  <target host="votebymail.elections.bc.ca" />
+	<target host="votebymailbp.elections.bc.ca" />
+	<target host="votebymailnz.elections.bc.ca" />
+	<target host="votebymailxh.elections.bc.ca" />
+	<target host="votebymailym.elections.bc.ca" />
+	<target host="votebymailzf.elections.bc.ca" />
+	<target host="wheretovote.elections.bc.ca" />
+	<target host="www3.elections.bc.ca" />
+  
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/electric-cloud.com.xml b/src/chrome/content/rules/electric-cloud.com.xml
index 73ba0a19ba6d..f0110987ecd0 100644
--- a/src/chrome/content/rules/electric-cloud.com.xml
+++ b/src/chrome/content/rules/electric-cloud.com.xml
@@ -7,7 +7,7 @@ cdn.electric-cloud.com mismatch
 docs.electric-cloud.com mismatch
 downloads.electric-cloud.com mismatch
 -->
-<ruleset name="electric-cloud.com" default_off='failed ruleset test'>
+<ruleset name="electric-cloud.com" default_off="failed ruleset test">
 	<target host="electric-cloud.com" />
 	<target host="www.electric-cloud.com" />
 	<target host="ask.electric-cloud.com" />
diff --git a/src/chrome/content/rules/electroneum.com.xml b/src/chrome/content/rules/electroneum.com.xml
new file mode 100644
index 000000000000..70aa9efbc113
--- /dev/null
+++ b/src/chrome/content/rules/electroneum.com.xml
@@ -0,0 +1,15 @@
+
+<ruleset name="electroneum.com">
+
+	<target host="electroneum.com" />
+	<target host="www.electroneum.com" />
+	<target host="blockexplorer.electroneum.com" />
+	<target host="downloads.electroneum.com" />
+	<target host="my.electroneum.com" />
+	<target host="support.electroneum.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/elgoog.im.xml b/src/chrome/content/rules/elgoog.im.xml
deleted file mode 100644
index 02eb214eb0ee..000000000000
--- a/src/chrome/content/rules/elgoog.im.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-	Non-functional hosts
-		SSL peer certificate was not OK:
-		- cdn.elgoog.im
-		- s.elgoog.im
--->
-<ruleset name="elgoog.im">
-	<target host="elgoog.im" />
-	<target host="www.elgoog.im" />
-	<target host="netlify.elgoog.im" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/elkosmasgr.xml b/src/chrome/content/rules/elkosmasgr.xml
index 3cba3ad88d85..96ac9029a035 100644
--- a/src/chrome/content/rules/elkosmasgr.xml
+++ b/src/chrome/content/rules/elkosmasgr.xml
@@ -8,7 +8,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.elkosmas.gr/ => https://elkosmas.gr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://elkosmas.gr/ => https://elkosmas.gr/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 -->
-<ruleset name="elkosmas.gr" default_off='failed ruleset test'>
+<ruleset name="elkosmas.gr" default_off="failed ruleset test">
   <target host="www.elkosmas.gr" />
   <target host="elkosmas.gr" />
 
diff --git a/src/chrome/content/rules/elm-lang.org.xml b/src/chrome/content/rules/elm-lang.org.xml
new file mode 100644
index 000000000000..e32dea5a7b1c
--- /dev/null
+++ b/src/chrome/content/rules/elm-lang.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Connection refused:
+		- mail
+-->
+<ruleset name="elm-lang.org">
+	<target host="elm-lang.org" />
+	<target host="www.elm-lang.org" />
+	<target host="discourse.elm-lang.org" />
+	<target host="foundation.elm-lang.org" />
+	<target host="guide.elm-lang.org" />
+	<target host="package.elm-lang.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/elrippoisland.net.xml b/src/chrome/content/rules/elrippoisland.net.xml
index eddd723008df..d67a13230c16 100644
--- a/src/chrome/content/rules/elrippoisland.net.xml
+++ b/src/chrome/content/rules/elrippoisland.net.xml
@@ -2,7 +2,7 @@
 	NB: Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="elrippoisland.net" default_off="missing certificate chain">
+<ruleset name="elrippoisland.net" default_off="cert-chain">
 
 	<target host="elrippoisland.net" />
 	<target host="www.elrippoisland.net" />
diff --git a/src/chrome/content/rules/email-comparethemarket.com.xml b/src/chrome/content/rules/email-comparethemarket.com.xml
index 300b616237ca..a64903e8b1f1 100644
--- a/src/chrome/content/rules/email-comparethemarket.com.xml
+++ b/src/chrome/content/rules/email-comparethemarket.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://email-comparethemarket.com/ => https://email-comparethemarke
 		- email-comparethemarket.com
 
 -->
-<ruleset name="Email-Compare the Market.com" default_off='failed ruleset test'>
+<ruleset name="Email-Compare the Market.com" default_off="failed ruleset test">
 
 	<target host="email-comparethemarket.com" />
 
diff --git a/src/chrome/content/rules/emailarchivestaskforce.org.xml b/src/chrome/content/rules/emailarchivestaskforce.org.xml
new file mode 100644
index 000000000000..67b82ac84d95
--- /dev/null
+++ b/src/chrome/content/rules/emailarchivestaskforce.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		autodiscover.emailarchivestaskforce.org
+		ftp.emailarchivestaskforce.org
+		imap.emailarchivestaskforce.org
+		pop.emailarchivestaskforce.org
+		smtp.emailarchivestaskforce.org
+-->
+<ruleset name="emailarchivestaskforce.org">
+	<target host="emailarchivestaskforce.org" />
+	<target host="www.emailarchivestaskforce.org" />
+	<target host="mail.emailarchivestaskforce.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eme.moe.xml b/src/chrome/content/rules/eme.moe.xml
deleted file mode 100644
index fda768347190..000000000000
--- a/src/chrome/content/rules/eme.moe.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="eme.moe">
-	<target host="eme.moe" />
-	<target host="www.eme.moe" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/emfcamp.org.xml b/src/chrome/content/rules/emfcamp.org.xml
index 02dab52e391f..a0db9534a2ae 100644
--- a/src/chrome/content/rules/emfcamp.org.xml
+++ b/src/chrome/content/rules/emfcamp.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://wiki-archive.emfcamp.org/ => https://wiki-archive.emfcamp.org/: (51, "SSL: no alternative certificate subject name matches target host name 'wiki-archive.emfcamp.org'")
 
 -->
-<ruleset name="EMF camp.org" default_off='failed ruleset test'>
+<ruleset name="EMF camp.org" default_off="failed ruleset test">
 
 	<target host="emfcamp.org" />
 	<target host="wiki.emfcamp.org" />
diff --git a/src/chrome/content/rules/empireblue.com.xml b/src/chrome/content/rules/empireblue.com.xml
index 1e753a146179..06249b051aeb 100644
--- a/src/chrome/content/rules/empireblue.com.xml
+++ b/src/chrome/content/rules/empireblue.com.xml
@@ -56,11 +56,11 @@ Fetch error: http://enrollment-info.empireblue.com/ => https://enrollment-info.e
 
 			- transformationcentral from transformation-central.com
 			- transformationcentral from www.transformation-central.com
-	
+
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Empire Blue.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Empire Blue.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/emssoftware.com.xml b/src/chrome/content/rules/emssoftware.com.xml
index a1ebbb3c8a6d..78bb7dbc609d 100644
--- a/src/chrome/content/rules/emssoftware.com.xml
+++ b/src/chrome/content/rules/emssoftware.com.xml
@@ -21,7 +21,7 @@ Non-2xx HTTP code: http://pages.emssoftware.com/rs/486-ESV-129/images/download-n
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="EMS Software.com (partial)" default_off='failed ruleset test'>
+<ruleset name="EMS Software.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/emucr.com.xml b/src/chrome/content/rules/emucr.com.xml
new file mode 100644
index 000000000000..fc301165696c
--- /dev/null
+++ b/src/chrome/content/rules/emucr.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		m.emucr.com
+
+	Redirect to HTTP:
+		down.emucr.com
+
+	Refused:
+		feeds.emucr.com
+		ghs.emucr.com
+-->
+<ruleset name="emucr.com">
+	<target host="emucr.com" />
+	<target host="www.emucr.com" />
+	<target host="files.emucr.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emule-rus.net.xml b/src/chrome/content/rules/emule-rus.net.xml
new file mode 100644
index 000000000000..6dc4147f5185
--- /dev/null
+++ b/src/chrome/content/rules/emule-rus.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ftp.emule-rus.net
+		webmail.emule-rus.net
+-->
+<ruleset name="emule-rus.net">
+	<target host="emule-rus.net" />
+	<target host="www.emule-rus.net" />
+	<target host="forum.emule-rus.net" />
+	<target host="www.forum.emule-rus.net" />
+	<target host="mail.emule-rus.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/emule-security.org.xml b/src/chrome/content/rules/emule-security.org.xml
index 9d8ca276d847..0388c21f1f90 100644
--- a/src/chrome/content/rules/emule-security.org.xml
+++ b/src/chrome/content/rules/emule-security.org.xml
@@ -1,14 +1,16 @@
 <!--
-emule-security.org ⁶
-www.emule-security.org ⁶
-mail.emule-security.org ⁶
-
-
-⁶ redirect
+	Refused:
+		localhost.emule-security.org
 -->
-<ruleset name="emule-security.org (partial)">
+<ruleset name="emule-security.org">
+	<target host="emule-security.org" />
+	<target host="www.emule-security.org" />
+	<target host="autodiscover.emule-security.org" />
 	<target host="files.emule-security.org" />
+	<target host="ftp.emule-security.org" />
+	<target host="mail.emule-security.org" />
 	<target host="upd.emule-security.org" />
+	<target host="webmail.emule-security.org" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/emuvr.net.xml b/src/chrome/content/rules/emuvr.net.xml
new file mode 100644
index 000000000000..059ddd4ff960
--- /dev/null
+++ b/src/chrome/content/rules/emuvr.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		admin.emuvr.net
+		ftp.emuvr.net
+		mail.emuvr.net
+		webmail.emuvr.net
+
+	Time out:
+		imap.emuvr.net
+		pop.emuvr.net
+		smtp.emuvr.net
+-->
+<ruleset name="emuvr.net">
+	<target host="emuvr.net" />
+	<target host="www.emuvr.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/endgame.com.xml b/src/chrome/content/rules/endgame.com.xml
index 2121adb7dee5..d12ef8ea17ec 100644
--- a/src/chrome/content/rules/endgame.com.xml
+++ b/src/chrome/content/rules/endgame.com.xml
@@ -11,7 +11,7 @@ Non-2xx HTTP code: http://pages.endgame.com/rs/endgame/images/f-logo.png (200) =
 	ᵃ Marketo / shows another domain
 
 -->
-<ruleset name="Endgame.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Endgame.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/enterbrain.co.jp.xml b/src/chrome/content/rules/enterbrain.co.jp.xml
index ea3000ddd954..ebf885e29caa 100644
--- a/src/chrome/content/rules/enterbrain.co.jp.xml
+++ b/src/chrome/content/rules/enterbrain.co.jp.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.enterbrain.co.jp/ => https://www.enterbrain.co.jp/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="enterbrain.co.jp" default_off='failed ruleset test'>
+<ruleset name="enterbrain.co.jp" default_off="failed ruleset test">
 
 	<target host="enterbrain.co.jp" />
 	<target host="www.enterbrain.co.jp" />
diff --git a/src/chrome/content/rules/environment-agency.gov.uk.xml b/src/chrome/content/rules/environment-agency.gov.uk.xml
index 78af615107d6..5fd32bb606b6 100644
--- a/src/chrome/content/rules/environment-agency.gov.uk.xml
+++ b/src/chrome/content/rules/environment-agency.gov.uk.xml
@@ -61,7 +61,7 @@ Fetch error: http://learning.environment-agency.gov.uk/ => https://learning.envi
 		- piedc.environment-agency.gov.uk
 
 -->
-<ruleset name="Environment-Agency.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Environment-Agency.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/epsxe.com.xml b/src/chrome/content/rules/epsxe.com.xml
new file mode 100644
index 000000000000..346f38b90d69
--- /dev/null
+++ b/src/chrome/content/rules/epsxe.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		mail.epsxe.com
+	Refused:
+		gerrit.epsxe.com
+		www.gerrit.epsxe.com
+		webmail.epsxe.com
+-->
+<ruleset name="epsxe.com">
+	<target host="epsxe.com" />
+	<target host="www.epsxe.com" />
+	<target host="cpanel.epsxe.com" />
+	<target host="greenimp.epsxe.com" />
+	<target host="www.greenimp.epsxe.com" />
+	<target host="webdisk.epsxe.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eschools.co.uk.xml b/src/chrome/content/rules/eschools.co.uk.xml
index 9738c3717c88..d6dd20845cb7 100644
--- a/src/chrome/content/rules/eschools.co.uk.xml
+++ b/src/chrome/content/rules/eschools.co.uk.xml
@@ -33,14 +33,14 @@ Fetch error: http://www.eschools.co.uk/ => https://www.eschools.co.uk/: (51, "SS
 		- css on 360, 457-northumberland, new-brighton from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- castle-hill from i\d+.photobucket.com ˢ
 			- new-brighton from www.computingatschool.org.uk
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="eSchools.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="eSchools.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="eschools.co.uk" />
 	<target host="www.eschools.co.uk" />
diff --git a/src/chrome/content/rules/esp8266.com.xml b/src/chrome/content/rules/esp8266.com.xml
new file mode 100644
index 000000000000..6924907921c7
--- /dev/null
+++ b/src/chrome/content/rules/esp8266.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		mail.esp8266.com
+
+	Refused:
+		arduino-old.esp8266.com
+		autodiscover.esp8266.com
+		email.esp8266.com
+-->
+<ruleset name="esp8266.com">
+	<target host="esp8266.com" />
+	<target host="www.esp8266.com" />
+	<target host="arduino.esp8266.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/espiv.net-falsemixed.xml b/src/chrome/content/rules/espiv.net-falsemixed.xml
deleted file mode 100644
index 5118d61ea6aa..000000000000
--- a/src/chrome/content/rules/espiv.net-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see espiv.net.xml.
-
-
-	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="espiv.net (false MCB)" platform="mixedcontent">
-
-	<target host="vogliamotutto.espiv.net" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/espiv.net.xml b/src/chrome/content/rules/espiv.net.xml
index 677698dcc09e..795025b36de0 100644
--- a/src/chrome/content/rules/espiv.net.xml
+++ b/src/chrome/content/rules/espiv.net.xml
@@ -33,12 +33,12 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- saltadoroi, thersitis from fonts.googleapis.com ˢ
 			- skya from $self
 
 		- Images, on:
-		
+
 			- adelante from adelante.espivblogs.net
 			- adelante from athens.indymedia.org ˢ
 			- adelante from ia.media-imdb.com
diff --git a/src/chrome/content/rules/espivblogs.net-falsemixed.xml b/src/chrome/content/rules/espivblogs.net-falsemixed.xml
deleted file mode 100644
index 656761f02ef2..000000000000
--- a/src/chrome/content/rules/espivblogs.net-falsemixed.xml
+++ /dev/null
@@ -1,78 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see espivblogs.net.xml.
-
-
-	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Espivblogs.net (false MCB)" platform="mixedcontent">
-
-	<target host="*.espivblogs.net" />
-
-		<exclusion pattern="^http://(?:[^./]+\.){2,}espivblogs\.net/" />
-
-			<test url="http://a.s.g.espivblogs.net/" />
-			<test url="http://this.host.espivblogs.net/" />
-			<test url="http://exists.not.espivblogs.net/" />
-
-		<exclusion pattern="^http://(?:adelante|burntheboredom|espeir|insideout|mperntes|saltadoroi|skya)\.espivblogs\.net/" />
-
-			<test url="http://adelante.espivblogs.net/" />
-			<test url="http://burntheboredom.espivblogs.net/" />
-			<test url="http://espeir.espivblogs.net/" />
-			<test url="http://insideout.espivblogs.net/" />
-			<test url="http://mperntes.espivblogs.net/" />
-			<test url="http://saltadoroi.espivblogs.net/" />
-			<test url="http://skya.espivblogs.net/" />
-
-		<test url="http://adespoto-sinafi.espivblogs.net/" />
-		<test url="http://aestia.espivblogs.net/" />
-		<test url="http://aithrio.espivblogs.net/" />
-		<test url="http://ajde.espivblogs.net/" />
-		<test url="http://aneyarxon.espivblogs.net/" />
-		<test url="http://anokatopatision.espivblogs.net/" />
-		<test url="http://anwthrwskw.espivblogs.net/" />
-		<test url="http://asyrmatos.espivblogs.net/" />
-		<test url="http://autodiaxirizomenosyros.espivblogs.net/" />
-		<test url="http://bastards.espivblogs.net/" />
-		<test url="http://diamedia.espivblogs.net/" />
-		<test url="http://espapei.espivblogs.net/" />
-		<test url="http://freedomtrekking.espivblogs.net/" />
-		<test url="http://immigrants-asoee.espivblogs.net/" />
-		<test url="http://kaiussparilus.espivblogs.net/" />
-		<test url="http://katalipsi-virwnos-3.espivblogs.net/" />
-		<test url="http://katalipsianalipsis.espivblogs.net/" />
-		<test url="http://koinonikoiatreionfnx.espivblogs.net/" />
-		<test url="http://kpapasotiriou.espivblogs.net/" />
-		<test url="http://mavroprasino.espivblogs.net/" />
-		<test url="http://musaferat.espivblogs.net/" />
-		<test url="http://nogoldthess.espivblogs.net/" />
-		<test url="http://nolagerthess.espivblogs.net/" />
-		<test url="http://oikodiktyo.espivblogs.net/" />
-		<test url="http://olikiarnisi.espivblogs.net/" />
-		<test url="http://paidikostekiftoukselefteria.espivblogs.net/" />
-		<test url="http://peiratikokafeneio.espivblogs.net/" />
-		<test url="http://proledialers.espivblogs.net/" />
-		<test url="http://prosfygika.espivblogs.net/" />
-		<test url="http://psalidi.espivblogs.net/" />
-		<test url="http://rioters.espivblogs.net/" />
-		<test url="http://saher.espivblogs.net/" />
-		<test url="http://sakana.espivblogs.net/" />
-		<test url="http://sasta.espivblogs.net/" />
-		<test url="http://stekiantipnoia.espivblogs.net/" />
-		<test url="http://stepanyantsp.espivblogs.net/" />
-		<test url="http://strouga.espivblogs.net/" />
-		<test url="http://syl-kat-exarcheion.espivblogs.net/" />
-		<test url="http://syneleusivolos.espivblogs.net/" />
-		<test url="http://syntonistikokyriakes.espivblogs.net/" />
-		<test url="http://vogliamotutto.espivblogs.net/" />
-		<test url="http://zsol.espivblogs.net/" />
-
-
-	<securecookie host="^(?!\.espivblogs\.net$)." name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/espivblogs.net.xml b/src/chrome/content/rules/espivblogs.net.xml
index b9f75a253179..11b96682d543 100644
--- a/src/chrome/content/rules/espivblogs.net.xml
+++ b/src/chrome/content/rules/espivblogs.net.xml
@@ -88,14 +88,14 @@
 	Mixed content:
 
 		- iframes, on:
-		
+
 			- adn, agros, anotherdemocracy, apallotriwsh, farmazapatista, pastanaka from www.youtube.com ˢ
 			- ajde, nogoldthess from static.issuu.com ˢ
 			- psalidi from radiopsalidi.fs-dl.net ᵘ
 			- synerga-re from player.vimeo.com ˢ
 
 		- css, on:
-		
+
 			- adespoto-sinafi, aestia, aithrio, anarxikoigalatsiou, aneyarxon, anokatopatision, anwthrwskw, asyrmatos, autodiaxirizomenosyros, bastards, diamedia, espapei, freedomtrekking, immigrants-asoee, kaiussparilus, katalipsi-virwnos-3, katalipsianalipsis, kentauros, koinonikoiatreionfnx, kpapasotiriou, musaferat, nogoldthess, nolagerthess, oikodiktyo, olikiarnisi, paidikostekiftoukselefteria, peiratikokafeneio, proledialers, prosfygika, psalidi, radiofragmata, rioters, saher, sakana, sasta, stekiantipnoia, stepanyantsp, strouga, syl-kat-exarcheion, syneleusivolos, vogliamotutto, zsol from $self ˢ
 			- akay, antifaprotsamou, autonomomath, ekpaideysi, espapei, katalipsi-virwnos-3, katalipsimithe, sinialo, syl-kat-exarcheion, xanadu from fonts.googleapis.com ˢ
 			- alliotikosxoleio, antifa-ngt, antinertia, atakton, autonomohmmy from $self * ˢ
@@ -184,7 +184,6 @@
 			<test url="http://freedomtrekking.espivblogs.net/" />
 			<test url="http://immigrants-asoee.espivblogs.net/" />
 			<test url="http://insideout.espivblogs.net/" />
-			<test url="http://kaiussparilus.espivblogs.net/" />
 			<test url="http://katalipsi-virwnos-3.espivblogs.net/" />
 			<test url="http://katalipsianalipsis.espivblogs.net/" />
 			<test url="http://koinonikoiatreionfnx.espivblogs.net/" />
@@ -200,7 +199,6 @@
 			<test url="http://peiratikokafeneio.espivblogs.net/" />
 			<test url="http://proledialers.espivblogs.net/" />
 			<test url="http://prosfygika.espivblogs.net/" />
-			<test url="http://psalidi.espivblogs.net/" />
 			<test url="http://rioters.espivblogs.net/" />
 			<test url="http://saher.espivblogs.net/" />
 			<test url="http://sakana.espivblogs.net/" />
@@ -303,7 +301,6 @@
 		<test url="http://efimerida-oaed.espivblogs.net/" />
 		<test url="http://ekpaideysi.espivblogs.net/" />
 		<test url="http://eleftheriaki-strouga.espivblogs.net/" />
-		<test url="http://eleftheriako-giro-giro.espivblogs.net/" />
 		<test url="http://eleuantas.espivblogs.net/" />
 		<test url="http://elsxip.espivblogs.net/" />
 		<test url="http://epanoikeiopoiisi.espivblogs.net/" />
diff --git a/src/chrome/content/rules/espn.com.xml b/src/chrome/content/rules/espn.com.xml
index 7395bc9ae309..f8d47348fdf8 100644
--- a/src/chrome/content/rules/espn.com.xml
+++ b/src/chrome/content/rules/espn.com.xml
@@ -22,7 +22,7 @@
 		- css on espndeportes, xgames from a.espncdn.com ᵐ
 
 		- Images, on:
-		
+
 			- espndeportes, xgames from a[1-4]?.espncdn.com ᵐ
 			- xgames from pbs.twimg.com ˢ
 
diff --git a/src/chrome/content/rules/etmirror.com.xml b/src/chrome/content/rules/etmirror.com.xml
index 87fab623a48e..820844f68adf 100644
--- a/src/chrome/content/rules/etmirror.com.xml
+++ b/src/chrome/content/rules/etmirror.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://etmirror.com/ => https://etmirror.com/: (28, 'Operation time
 Fetch error: http://www.etmirror.com/ => https://www.etmirror.com/: (28, 'Operation timed out after 30006 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="ETmirror.com" default_off='failed ruleset test'>
+<ruleset name="ETmirror.com" default_off="failed ruleset test">
 
 	<target host="etmirror.com" />
 	<target host="www.etmirror.com" />
diff --git a/src/chrome/content/rules/etoro.com-falsemixed.xml b/src/chrome/content/rules/etoro.com-falsemixed.xml
deleted file mode 100644
index 46de4dd58257..000000000000
--- a/src/chrome/content/rules/etoro.com-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see EToro.xml.
-
--->
-<ruleset name="eToro.com (false MCB)" platform="mixedcontent">
-
-	<target host="help.etoro.com" />
-
-
-	<securecookie host="^\.help\." name=".+" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>	
diff --git a/src/chrome/content/rules/etorostatic.com.xml b/src/chrome/content/rules/etorostatic.com.xml
index e9ebdac31049..9e8c076d31d9 100644
--- a/src/chrome/content/rules/etorostatic.com.xml
+++ b/src/chrome/content/rules/etorostatic.com.xml
@@ -1,9 +1,11 @@
 <!--
-	For other eToro coverage, see EToro.xml.
-
+	For other eToro.com coverage, see EToro.xml.
 -->
-<ruleset name="eToro static.com">
+<ruleset name="etorostatic.com">
 
+	<target host="api.etorostatic.com" />
+	<target host="cdn.etorostatic.com" />
+	<target host="etoro-cdn.etorostatic.com" />
 	<target host="marketing.etorostatic.com" />
 
 		<test url="http://marketing.etorostatic.com/homepage/images/cfd-icn.png" />
diff --git a/src/chrome/content/rules/etransfer.com.xml b/src/chrome/content/rules/etransfer.com.xml
new file mode 100644
index 000000000000..bdea3668b8d1
--- /dev/null
+++ b/src/chrome/content/rules/etransfer.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="etransfer.com">
+	<target host="etransfer.com" />
+	<target host="www.etransfer.com" />
+	<target host="secure.etransfer.com" />
+	<target host="vault.etransfer.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/europe-miniatures.com.xml b/src/chrome/content/rules/europe-miniatures.com.xml
new file mode 100644
index 000000000000..449b24bfdf99
--- /dev/null
+++ b/src/chrome/content/rules/europe-miniatures.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="europe-miniatures.com">
+	<target host="europe-miniatures.com" />
+	<target host="www.europe-miniatures.com" />
+
+	<rule from="^http://europe-miniatures\.com/" to="https://www.europe-miniatures.com/" /> <!-- SSL: no alternative certificate subject name matches target host name 'europe-miniatures.com -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/europe1.fr.xml b/src/chrome/content/rules/europe1.fr.xml
index bc4603e113f9..82b5b3c8ba92 100644
--- a/src/chrome/content/rules/europe1.fr.xml
+++ b/src/chrome/content/rules/europe1.fr.xml
@@ -35,13 +35,13 @@ Non-2xx HTTP code: http://blog.europe1.fr/ (200) => https://blog.europe1.fr/ (40
 		club-news.europe1.fr
 		planiweb.europe1.fr (self-signed)
 		rencontres.europe1.fr
-		
+
 	Secure connection failed:
 		avantages.europe1.fr
 		bienvenueauclub.europe1.fr
 		elections.europe1.fr
 		generationseurope1.europe1.fr
-		
+
 	Bad redirection:
 		club.europe1.fr
 		festival-de-cannes.europe1.fr
@@ -54,7 +54,7 @@ Non-2xx HTTP code: http://blog.europe1.fr/ (200) => https://blog.europe1.fr/ (40
 		sport.europe1.fr
 		webradio.europe1.fr
 -->
-<ruleset name="Europe1.fr (partial)" default_off='failed ruleset test'>
+<ruleset name="Europe1.fr (partial)" default_off="failed ruleset test">
 
 	<target host="aphatie.europe1.fr" />
 	<target host="blog.europe1.fr" />
@@ -62,10 +62,10 @@ Non-2xx HTTP code: http://blog.europe1.fr/ (200) => https://blog.europe1.fr/ (40
 	<target host="clube1.europe1.fr" />
 	<target host="lelab.europe1.fr" />
 	<target host="profile.europe1.fr" />
-	
+
 	<rule from="^http://club\.europe1\.fr/"
 			to="https://clube1.europe1.fr/" />
-			
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/europeana.eu.xml b/src/chrome/content/rules/europeana.eu.xml
index ea667156eaa8..d50430e042bf 100644
--- a/src/chrome/content/rules/europeana.eu.xml
+++ b/src/chrome/content/rules/europeana.eu.xml
@@ -36,7 +36,7 @@ Fetch error: http://www.europeana.eu/ => https://www.europeana.eu/: Too many red
 	ˢ Secured by us
 
 -->
-<ruleset name="Europeana.eu (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Europeana.eu (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="europeana.eu" />
 	<target host="www.europeana.eu" />
diff --git a/src/chrome/content/rules/evangelische-jugend.de.xml b/src/chrome/content/rules/evangelische-jugend.de.xml
new file mode 100644
index 000000000000..2cfff1a55844
--- /dev/null
+++ b/src/chrome/content/rules/evangelische-jugend.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		www.jugendkreuzweg.evangelische-jugend.de
+		neu.evangelische-jugend.de
+		www.neu.evangelische-jugend.de
+		wp.evangelische-jugend.de
+-->
+<ruleset name="evangelische-jugend.de">
+
+	<target host="evangelische-jugend.de" />
+	<target host="www.evangelische-jugend.de" />
+	<target host="portal.evangelische-jugend.de" />
+	<target host="www.portal.evangelische-jugend.de" />
+	<target host="synex.evangelische-jugend.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/eveonline.com.xml b/src/chrome/content/rules/eveonline.com.xml
deleted file mode 100644
index 1fc471789abb..000000000000
--- a/src/chrome/content/rules/eveonline.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	eveonline.com
-
-
-	Nonfunctional subdomains:
-		- fanfest		(HTTP Error 404)
-
-
-	Fully covered subdomains:
-
-		- www
-		- forums
-		- community
-		- truestory
-		- wiki
-		- secure
-		- gate
-		- support
-
--->
-<ruleset name="eveonline.com (partial)">
-
-	<target host="eveonline.com" />
-	<target host="*.eveonline.com" />
-
-	<exclusion pattern="^http://(?:fanfest)\.eveonline\.com/" />
-
-	<rule from="^http://(?:www\.)?eveonline\.com/"
-		to="https://www.eveonline.com/" />
-
-	<rule from="^http://(forums|community|truestory|wiki|secure|gate|support)\.eveonline\.com/"
-		to="https://$1.eveonline.com/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/evolutionofsmooth.com.xml b/src/chrome/content/rules/evolutionofsmooth.com.xml
new file mode 100644
index 000000000000..3762bcacda26
--- /dev/null
+++ b/src/chrome/content/rules/evolutionofsmooth.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		admin.evolutionofsmooth.com
+		customer.evolutionofsmooth.com
+		po.evolutionofsmooth.com
+		www.po.evolutionofsmooth.com
+		sales.evolutionofsmooth.com
+		www.sales.evolutionofsmooth.com
+		store.evolutionofsmooth.com
+		wholesale.evolutionofsmooth.com
+-->
+<ruleset name="evolutionofsmooth.com">
+	<target host="evolutionofsmooth.com" />
+	<target host="www.evolutionofsmooth.com" />
+	<target host="rds.evolutionofsmooth.com" />
+	<target host="support.evolutionofsmooth.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/eweiqi.com.xml b/src/chrome/content/rules/eweiqi.com.xml
index b1c2a119ae4d..1bbc673a4a53 100644
--- a/src/chrome/content/rules/eweiqi.com.xml
+++ b/src/chrome/content/rules/eweiqi.com.xml
@@ -52,6 +52,6 @@
 <ruleset name="eweiqi (partial)">
 	<target host="apitygem.eweiqi.com" />
 	<target host="shop.eweiqi.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/explainshell.com.xml b/src/chrome/content/rules/explainshell.com.xml
new file mode 100644
index 000000000000..c1b1c98d4e99
--- /dev/null
+++ b/src/chrome/content/rules/explainshell.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="explainshell.com">
+	<target host="explainshell.com" />
+	<target host="www.explainshell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/expreview.com.xml b/src/chrome/content/rules/expreview.com.xml
new file mode 100644
index 000000000000..d17ac6a08009
--- /dev/null
+++ b/src/chrome/content/rules/expreview.com.xml
@@ -0,0 +1,13 @@
+<ruleset name="expreview.com">
+	<target host="expreview.com" />
+	<target host="www.expreview.com" />
+	<target host="cj.expreview.com" />
+		<test url="http://cj.expreview.com/exp_new/static/exp4/css/style_index.css" />
+		<test url="http://cj.expreview.com/exp_new/static/exp4/css/basic_pic.css" />
+	<target host="img.expreview.com" />
+	<target host="m.expreview.com" />
+	<target host="topic.expreview.com" />
+	<target host="uc.expreview.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/extra.to.xml b/src/chrome/content/rules/extra.to.xml
deleted file mode 100644
index 6e47ab365026..000000000000
--- a/src/chrome/content/rules/extra.to.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="extra.to">
-	<target host="extra.to" />
-	<target host="www.extra.to" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/extratorrentlive.com.xml b/src/chrome/content/rules/extratorrentlive.com.xml
index 67ecbf406d3e..f0efe0ec737f 100644
--- a/src/chrome/content/rules/extratorrentlive.com.xml
+++ b/src/chrome/content/rules/extratorrentlive.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.extratorrentlive.com/ => https://www.extratorrentlive.co
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ExtraTorrent live.com" default_off='failed ruleset test'>
+<ruleset name="ExtraTorrent live.com" default_off="failed ruleset test">
 
 	<target host="extratorrentlive.com" />
 	<target host="www.extratorrentlive.com" />
diff --git a/src/chrome/content/rules/eydap.gr.xml b/src/chrome/content/rules/eydap.gr.xml
index 307d262fc7b4..f55b2952d951 100644
--- a/src/chrome/content/rules/eydap.gr.xml
+++ b/src/chrome/content/rules/eydap.gr.xml
@@ -1,6 +1,6 @@
 <ruleset name="eydap.gr">
 	<target host="www.eydap.gr" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/facebook.net.xml b/src/chrome/content/rules/facebook.net.xml
new file mode 100644
index 000000000000..0bf3d7253ffe
--- /dev/null
+++ b/src/chrome/content/rules/facebook.net.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		mirror
+		*.mirror
+		mirror-ext
+		presence
+		silfra
+		a.ns.t
+		b.ns.t
+-->
+<ruleset name="facebook.net">
+
+	<target host="beta.facebook.net" />
+	<target host="www.beta.facebook.net" />
+	<target host="connect.beta.facebook.net" />
+	<target host="mabasic.beta.facebook.net" />
+	<target host="bunnylol.facebook.net" />
+	<target host="developer.facebook.net" />
+	<target host="developers.facebook.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fact.group.xml b/src/chrome/content/rules/fact.group.xml
index 35ca7c1f8d6f..70cea7425392 100644
--- a/src/chrome/content/rules/fact.group.xml
+++ b/src/chrome/content/rules/fact.group.xml
@@ -5,10 +5,10 @@ Fetch error: http://fact.group/ => https://fact.group/: (60, 'SSL certificate pr
 Fetch error: http://www.fact.group/ => https://www.fact.group/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="FACTgroup" default_off='failed ruleset test'>
+<ruleset name="FACTgroup" default_off="failed ruleset test">
     <target host="fact.group" />
     <target host="www.fact.group" />
-                                                      
+
     <rule from="^http:"
         to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/factor.io.xml b/src/chrome/content/rules/factor.io.xml
index 634e4f9c5676..d9b8de6b0332 100644
--- a/src/chrome/content/rules/factor.io.xml
+++ b/src/chrome/content/rules/factor.io.xml
@@ -8,10 +8,10 @@ Fetch error: http://www.factor.io/ => https://factor.io/: (6, 'Could not resolve
 www.factor.io timed out
 docs.factor.io timed out
 -->
-<ruleset name="factor.io" default_off='failed ruleset test'>
+<ruleset name="factor.io" default_off="failed ruleset test">
 	<target host="factor.io" />
 	<target host="www.factor.io" />
-	
+
 	<rule from="^http://www\.factor\.io/"
 		to="https://factor.io/" />
 
diff --git a/src/chrome/content/rules/fairoa.org.xml b/src/chrome/content/rules/fairoa.org.xml
deleted file mode 100644
index fae891c25c75..000000000000
--- a/src/chrome/content/rules/fairoa.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="fairoa.org">
-	<target host="fairoa.org" />
-	<target host="www.fairoa.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/familycouncil.gov.hk.xml b/src/chrome/content/rules/familycouncil.gov.hk.xml
new file mode 100644
index 000000000000..e34c8ae7e050
--- /dev/null
+++ b/src/chrome/content/rules/familycouncil.gov.hk.xml
@@ -0,0 +1,9 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Family Council">
+	<target host="event.familycouncil.gov.hk" />
+	<target host="www.familycouncil.gov.hk" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/fatiguescience.com.xml b/src/chrome/content/rules/fatiguescience.com.xml
new file mode 100644
index 000000000000..61f0254767f5
--- /dev/null
+++ b/src/chrome/content/rules/fatiguescience.com.xml
@@ -0,0 +1,36 @@
+<!--
+	Problematic subdomains:
+		fatiguescience.com (certificate mismatch)
+
+	Invalid certificate:
+		ftp.fatiguescience.com
+		marketing.fatiguescience.com
+		www.app.fatiguescience.com
+		www.qa-app.fatiguescience.com
+		www.cat.fatiguescience.com
+
+	Refused:
+		board.fatiguescience.com
+		calendar.fatiguescience.com
+		drive.fatiguescience.com
+		intranet.fatiguescience.com
+		mail.fatiguescience.com
+		sites.fatiguescience.com
+		unify.fatiguescience.com
+-->
+<ruleset name="fatiguescience.com">
+	<target host="fatiguescience.com" />
+	<target host="www.fatiguescience.com" />
+	<target host="app.fatiguescience.com" />
+	<target host="cat.fatiguescience.com" />
+	<target host="desk.fatiguescience.com" />
+	<target host="guide.fatiguescience.com" />
+	<target host="help.fatiguescience.com" />
+	<target host="ops.fatiguescience.com" />
+	<target host="qa-app.fatiguescience.com" />
+	<target host="readiband.fatiguescience.com" />
+	<target host="staging-app.fatiguescience.com" />
+
+	<rule from="^http://fatiguescience\.com/" to="https://www.fatiguescience.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fbreader.org.xml b/src/chrome/content/rules/fbreader.org.xml
new file mode 100644
index 000000000000..cd9a2aa56be5
--- /dev/null
+++ b/src/chrome/content/rules/fbreader.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="fbreader.org">
+	<target host="fbreader.org" />
+	<target host="www.fbreader.org" />
+	<target host="books.fbreader.org" />
+	<target host="data.fbreader.org" />
+	<target host="demo.fbreader.org" />
+	<target host="mail.fbreader.org" />
+	<target host="ru.fbreader.org" />
+	<target host="sdk.fbreader.org" />
+	<target host="sources.fbreader.org" />
+
+	<rule from="^http://www\.fbreader\.org/" to="https://fbreader.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fczbkk.com.xml b/src/chrome/content/rules/fczbkk.com.xml
new file mode 100644
index 000000000000..4c29578dd6c1
--- /dev/null
+++ b/src/chrome/content/rules/fczbkk.com.xml
@@ -0,0 +1,58 @@
+<!--
+	Invalid certificate:
+		ftp.fczbkk.com
+		autodiscover.xbox.fczbkk.com
+		autodiscover.content.fczbkk.com
+		autodiscover.epicentrum.fczbkk.com
+
+	Refused:
+		acidlog.fczbkk.com
+		www.acidlog.fczbkk.com
+		prohibiter.fczbkk.com
+		www.prohibiter.fczbkk.com
+-->
+<ruleset name="fczbkk.com">
+	<target host="fczbkk.com" />
+	<target host="www.fczbkk.com" />
+	<target host="api.fczbkk.com" />
+	<target host="www.api.fczbkk.com" />
+	<target host="autodiscover.fczbkk.com" />
+	<target host="bordel.fczbkk.com" />
+	<target host="www.bordel.fczbkk.com" />
+	<target host="content.fczbkk.com" />
+	<target host="www.content.fczbkk.com" />
+	<target host="dataproxy.fczbkk.com" />
+	<target host="www.dataproxy.fczbkk.com" />
+	<target host="dev.fczbkk.com" />
+	<target host="epicentrum.fczbkk.com" />
+	<target host="www.epicentrum.fczbkk.com" />
+	<target host="firefox-releases.fczbkk.com" />
+	<target host="www.firefox-releases.fczbkk.com" />
+	<target host="kindle.fczbkk.com" />
+	<target host="www.kindle.fczbkk.com" />
+	<target host="login.fczbkk.com" />
+	<target host="www.login.fczbkk.com" />
+	<target host="mail.fczbkk.com" />
+	<target host="placeholder.fczbkk.com" />
+	<target host="www.placeholder.fczbkk.com" />
+	<target host="projects.fczbkk.com" />
+	<target host="www.projects.fczbkk.com" />
+	<target host="punkconsumer.fczbkk.com" />
+	<target host="www.punkconsumer.fczbkk.com" />
+	<target host="radar.fczbkk.com" />
+	<target host="www.radar.fczbkk.com" />
+	<target host="silk.fczbkk.com" />
+	<target host="www.silk.fczbkk.com" />
+	<target host="ski.fczbkk.com" />
+	<target host="www.ski.fczbkk.com" />
+	<target host="tvchat.fczbkk.com" />
+	<target host="www.tvchat.fczbkk.com" />
+	<target host="uninstall.fczbkk.com" />
+	<target host="www.uninstall.fczbkk.com" />
+	<target host="webdisk.fczbkk.com" />
+	<target host="webmail.fczbkk.com" />
+	<target host="xbox.fczbkk.com" />
+	<target host="www.xbox.fczbkk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fedshirevets.gov.xml b/src/chrome/content/rules/fedshirevets.gov.xml
deleted file mode 100644
index 5d77b1c264f9..000000000000
--- a/src/chrome/content/rules/fedshirevets.gov.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- fedshirevets.gov
-		- www.fedshirevets.gov
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Feds Hire Vets.gov">
-
-	<target host="fedshirevets.gov" />
-	<target host="www.fedshirevets.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?fedshirevets\.gov$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/fgdc.gov.xml b/src/chrome/content/rules/fgdc.gov.xml
deleted file mode 100644
index 3240f9e32a10..000000000000
--- a/src/chrome/content/rules/fgdc.gov.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- statuschecker.fgdc.gov
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="FGDC.gov">
-
-	<target host="fgdc.gov" />
-	<target host="statuschecker.fgdc.gov" />
-	<target host="www.fgdc.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^statuschecker\.fgdc\.gov$" name="laravel_session$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/fh-nuernberg.de.xml b/src/chrome/content/rules/fh-nuernberg.de.xml
new file mode 100644
index 000000000000..5794d00d042b
--- /dev/null
+++ b/src/chrome/content/rules/fh-nuernberg.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- hfmbib.ads1.fh-nuernberg.de
+		- db0fhn.efi.fh-nuernberg.de
+		- zuse1.efi.fh-nuernberg.de
+
+		Timeout was reached:
+		- fh-nuernberg.de
+		- quadra.ar.fh-nuernberg.de
+		- schorsch.efi.fh-nuernberg.de
+		- informatik.fh-nuernberg.de
+
+		SSL connect error:
+		- bwc188113.bw.fh-nuernberg.de
+		- cryptography.informatik.fh-nuernberg.de
+		- fbi.informatik.fh-nuernberg.de
+		- www.informatik.fh-nuernberg.de
+
+		SSL peer certificate was not OK:
+		- fachschaften.fh-nuernberg.de
+		- fachschaft.informatik.fh-nuernberg.de
+		- jobboerse.informatik.fh-nuernberg.de
+		- seeyou.informatik.fh-nuernberg.de
+		- www.fh-nuernberg.de
+-->
+<ruleset name="fh-nuernberg.de">
+	<target host="www.efi.fh-nuernberg.de" />
+	<target host="git.informatik.fh-nuernberg.de" />
+	<target host="jobboerse.fh-nuernberg.de" />
+	<target host="studiengangstest.de" />
+	<target host="www.studiengangstest.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fh-nuernberg.eu.xml b/src/chrome/content/rules/fh-nuernberg.eu.xml
new file mode 100644
index 000000000000..5e55c21f11a7
--- /dev/null
+++ b/src/chrome/content/rules/fh-nuernberg.eu.xml
@@ -0,0 +1,11 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- fh-nuernberg.eu
+-->
+<ruleset name="fh-nuernberg.eu">
+	<target host="th-nuernberg.eu" />
+	<target host="www.th-nuernberg.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/filecrypt.cc.xml b/src/chrome/content/rules/filecrypt.cc.xml
index c09f4bf434f3..2e174b4c4105 100644
--- a/src/chrome/content/rules/filecrypt.cc.xml
+++ b/src/chrome/content/rules/filecrypt.cc.xml
@@ -2,7 +2,7 @@
 
     <target host="filecrypt.cc"/>
     <target host="www.filecrypt.cc"/>
-    
+
     <securecookie host="^(www\.)?filecrypt\.cc" name=".+" />
 
     <test url="http://filecrypt.cc/helper.html"/>
diff --git a/src/chrome/content/rules/filecrypt.co.xml b/src/chrome/content/rules/filecrypt.co.xml
new file mode 100644
index 000000000000..97e19e6ee02d
--- /dev/null
+++ b/src/chrome/content/rules/filecrypt.co.xml
@@ -0,0 +1,6 @@
+<ruleset name="filecrypt.co">
+	<target host="filecrypt.co" />
+	<target host="www.filecrypt.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/filediva.com.xml b/src/chrome/content/rules/filediva.com.xml
new file mode 100644
index 000000000000..ff390bec538e
--- /dev/null
+++ b/src/chrome/content/rules/filediva.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="filediva.com">
+	<target host="filediva.com" />
+	<target host="www.filediva.com" />
+
+	<rule from="^http://filediva\.com/" to="https://www.filediva.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/finlex.xml b/src/chrome/content/rules/finlex.xml
index 35008adaa66d..82620611b91e 100644
--- a/src/chrome/content/rules/finlex.xml
+++ b/src/chrome/content/rules/finlex.xml
@@ -5,9 +5,9 @@ Fetch error: http://finlex.fi/ => https://www.finlex.fi/: (60, 'SSL certificate
 Fetch error: http://www.finlex.fi/ => https://www.finlex.fi/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Finlex" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Finlex" platform="mixedcontent" default_off="failed ruleset test">
   <target host="finlex.fi" />
   <target host="www.finlex.fi" />
-  
+
 <rule from="^http://(?:www\.)?finlex\.fi/" to="https://www.finlex.fi/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/fir.im.xml b/src/chrome/content/rules/fir.im.xml
index 6d35e18e622e..39947285dd42 100644
--- a/src/chrome/content/rules/fir.im.xml
+++ b/src/chrome/content/rules/fir.im.xml
@@ -8,12 +8,12 @@ Fetch error: http://tweb.fir.im/ => https://tweb.fir.im/: (28, 'Operation timed
 		firicon.fir.im
 		firimg.fir.im
 		pkg3.fir.im
-	
+
 	Break load forum avatar images in https://firimg.fir.im/ :
 		club.fir.im
 -->
 
-<ruleset name="fir.im (partial)" default_off='failed ruleset test'>
+<ruleset name="fir.im (partial)" default_off="failed ruleset test">
 
 	<target host="fir.im" />
 	<target host="www.fir.im" />
diff --git a/src/chrome/content/rules/firealpaca.com.xml b/src/chrome/content/rules/firealpaca.com.xml
new file mode 100644
index 000000000000..688997313ef2
--- /dev/null
+++ b/src/chrome/content/rules/firealpaca.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="firealpaca.com">
+	<target host="firealpaca.com" />
+	<target host="www.firealpaca.com" />
+
+	<rule from="^http://www\.firealpaca\.com/" to="https://firealpaca.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/firmstep.com-mixedcontent.xml b/src/chrome/content/rules/firmstep.com-mixedcontent.xml
index e7970d90ff8c..09ff996a526d 100644
--- a/src/chrome/content/rules/firmstep.com-mixedcontent.xml
+++ b/src/chrome/content/rules/firmstep.com-mixedcontent.xml
@@ -7,7 +7,7 @@ Fetch error: http://richmondshire.firmstep.com/ => https://richmondshire.firmste
 	For rules not causing MCB, see firmstep.com.xml.
 
 -->
-<ruleset name="Firmstep.com (MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Firmstep.com (MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/firmstep.com.xml b/src/chrome/content/rules/firmstep.com.xml
index 8eaedf577c94..a7e006276849 100644
--- a/src/chrome/content/rules/firmstep.com.xml
+++ b/src/chrome/content/rules/firmstep.com.xml
@@ -20,7 +20,7 @@
 		- blog ᵀ ʳ
 		- chelmsfordawards ʳ
 		- mindtouch ʳ
-	
+
 	ʳ Refused
 	ᵀ Tumblr
 
@@ -63,7 +63,7 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- charnwood from www.charnwood.gov.uk
 			- charnwood, northlincolnshire, waverly from fonts.googleapis.com ˢ
 			- corbycam, douglas, lancashire from fs-filestore-eu.s3.amazonaws.com ˢ
@@ -79,7 +79,7 @@
 			- waverley from www.waverlay.gov.uk
 
 		- Images, on:
-		
+
 			- richmondshire from assets.govplatform.firmstep.com ᵐ
 			- corbycam from www.firmstep.com ˢ
 			- douglas from douglas.co.im
diff --git a/src/chrome/content/rules/firstdirect.com.xml b/src/chrome/content/rules/firstdirect.com.xml
index f59a30972735..b5073e3e24e1 100644
--- a/src/chrome/content/rules/firstdirect.com.xml
+++ b/src/chrome/content/rules/firstdirect.com.xml
@@ -49,7 +49,7 @@ Fetch error: http://www.lifeinsurance.firstdirect.com/ => https://www.lifeinsura
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="First Direct.com (partial)" default_off='failed ruleset test'>
+<ruleset name="First Direct.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/fixstars.com.xml b/src/chrome/content/rules/fixstars.com.xml
index 64bbdc52a016..b2a9c6d0e325 100644
--- a/src/chrome/content/rules/fixstars.com.xml
+++ b/src/chrome/content/rules/fixstars.com.xml
@@ -13,7 +13,7 @@ www.fixstars.com redirects to http
 ⁶ redirect
 ⁷ protocol error
 -->
-<ruleset name="fixstars.com (partial)" default_off='failed ruleset test'>
+<ruleset name="fixstars.com (partial)" default_off="failed ruleset test">
 	<target host="fixstars.com" />
 	<target host="cell.fixstars.com" />
 
diff --git a/src/chrome/content/rules/flinkster.xml b/src/chrome/content/rules/flinkster.xml
index 80c806f8b750..992673328d5c 100644
--- a/src/chrome/content/rules/flinkster.xml
+++ b/src/chrome/content/rules/flinkster.xml
@@ -2,4 +2,4 @@
   <target host="www.flinkster.de" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/fliphtml5.com.xml b/src/chrome/content/rules/fliphtml5.com.xml
new file mode 100644
index 000000000000..758e7e142636
--- /dev/null
+++ b/src/chrome/content/rules/fliphtml5.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Redirect to HTTP:
+		www.fliphtml5.com
+		custom-domain.fliphtml5.com
+		custom-domain2.fliphtml5.com
+		site.fliphtml5.com
+		stat.fliphtml5.com
+-->
+<ruleset name="fliphtml5.com">
+	<target host="fliphtml5.com" />
+	<target host="mail.fliphtml5.com" />
+	<target host="newstat.fliphtml5.com" />
+	<target host="panel.fliphtml5.com" />
+	<target host="static.fliphtml5.com" />
+	<target host="support.fliphtml5.com" />
+	<target host="test.fliphtml5.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flippfly.com.xml b/src/chrome/content/rules/flippfly.com.xml
new file mode 100644
index 000000000000..1d98782baea9
--- /dev/null
+++ b/src/chrome/content/rules/flippfly.com.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		autoconfig.flippfly.com
+		ftp.flippfly.com
+		autodiscover.home.flippfly.com
+		webmail.home.flippfly.com
+		ns1.flippfly.com
+		ns2.flippfly.com
+		autodiscover.test.flippfly.com
+		webmail.test.flippfly.com
+		whm.flippfly.com
+
+	Redirect to HTTP:
+		home.flippfly.com
+		www.home.flippfly.com
+
+	Refused:
+		localhost.flippfly.com
+-->
+<ruleset name="flippfly.com">
+	<target host="flippfly.com" />
+	<target host="www.flippfly.com" />
+	<target host="autodiscover.flippfly.com" />
+	<target host="cpanel.flippfly.com" />
+	<target host="mail.flippfly.com" />
+	<target host="tech.flippfly.com" />
+	<target host="test.flippfly.com" />
+	<target host="www.test.flippfly.com" />
+	<target host="webdisk.flippfly.com" />
+	<target host="webmail.flippfly.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flowersofindia.net.xml b/src/chrome/content/rules/flowersofindia.net.xml
new file mode 100644
index 000000000000..ba2ebf56db1a
--- /dev/null
+++ b/src/chrome/content/rules/flowersofindia.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.flowersofindia.net
+		cpcontacts.forum.flowersofindia.net
+		cpanel.m.flowersofindia.net
+-->
+<ruleset name="flowersofindia.net">
+	<target host="flowersofindia.net" />
+	<target host="www.flowersofindia.net" />
+	<target host="cpanel.flowersofindia.net" />
+	<target host="forum.flowersofindia.net" />
+	<target host="webdisk.flowersofindia.net" />
+	<target host="webmail.flowersofindia.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flyingwith.us.xml b/src/chrome/content/rules/flyingwith.us.xml
new file mode 100644
index 000000000000..2f23601794e6
--- /dev/null
+++ b/src/chrome/content/rules/flyingwith.us.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		node.flyingwith.us
+-->
+<ruleset name="flyingwith.us">
+	<target host="flyingwith.us" />
+	<target host="www.flyingwith.us" />
+	<target host="new.flyingwith.us" />
+	<target host="o.flyingwith.us" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/flyspray.org.xml b/src/chrome/content/rules/flyspray.org.xml
deleted file mode 100644
index 42773993443c..000000000000
--- a/src/chrome/content/rules/flyspray.org.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	^flyspray.org: Dropped
-	www.flyspray.org: Mismatched
-
--->
-<ruleset name="Flyspray.org (partial)">
-
-	<target host="bugs.flyspray.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/fmu.br.xml b/src/chrome/content/rules/fmu.br.xml
new file mode 100644
index 000000000000..4513148d97f5
--- /dev/null
+++ b/src/chrome/content/rules/fmu.br.xml
@@ -0,0 +1,13 @@
+<ruleset name="fmu.br">
+
+	<target host="fmu.br" />
+	<target host="www.fmu.br" />
+  <target host="lp.fmu.br" />
+  <target host="extranet.fmu.br" />
+  <target host="movemais.fmu.br" />
+  <target host="semipresencial.fmu.br" />
+
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fmworld.net.xml b/src/chrome/content/rules/fmworld.net.xml
new file mode 100644
index 000000000000..77b98d7779d4
--- /dev/null
+++ b/src/chrome/content/rules/fmworld.net.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Fujitsu related rulesets, see Fujitsu.xml
+
+	Non-functional hosts in *.fmworld.net:
+		Certificate mismatched:
+		- fmworld.net
+
+		Redirect to HTTP:
+		- azby.fmworld.net
+-->
+<ruleset name="fmworld.net (partial)" platform="mixedcontent">
+	<target host="fmworld.net" />
+	<target host="www.fmworld.net" />
+	
+	<rule from="^http://(www\.)?fmworld\.net/"
+		to="https://www.fmworld.net/" />
+</ruleset>
diff --git a/src/chrome/content/rules/fofa.so.xml b/src/chrome/content/rules/fofa.so.xml
new file mode 100644
index 000000000000..ab2dc3624494
--- /dev/null
+++ b/src/chrome/content/rules/fofa.so.xml
@@ -0,0 +1,11 @@
+<!--
+	Nonfunctional hosts:
+		- beta.fofa.so (certificate expired)
+-->
+<ruleset name="fofa.so">
+	<target host="fofa.so" />
+	<target host="www.fofa.so" />
+
+	<rule from="^http:"
+		  to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fontanka.ru.xml b/src/chrome/content/rules/fontanka.ru.xml
new file mode 100644
index 000000000000..2837f9ee5610
--- /dev/null
+++ b/src/chrome/content/rules/fontanka.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="fontanka.ru (partial)">
+    <target host="fontanka.ru" />
+    <target host="www.fontanka.ru" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^fontanka\.ru$" name=".+" />
+    <securecookie host="^www\.fontanka\.ru$" name=".+" />
+    <securecookie host="^statistic\.fontanka\.ru$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/foobar2000.com.xml b/src/chrome/content/rules/foobar2000.com.xml
new file mode 100644
index 000000000000..462704e4208c
--- /dev/null
+++ b/src/chrome/content/rules/foobar2000.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="foobar2000.com">
+	<target host="foobar2000.com" />
+	<target host="www.foobar2000.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/foobar2000.xml b/src/chrome/content/rules/foobar2000.xml
index 458512cde261..19798306ea2b 100644
--- a/src/chrome/content/rules/foobar2000.xml
+++ b/src/chrome/content/rules/foobar2000.xml
@@ -2,7 +2,7 @@
 
 	<target host="foobar2000.org"/>
 	<target host="www.foobar2000.org"/>
-	
+
 	<!--  Broken
 	bogus.
 	foosion.
@@ -10,7 +10,7 @@
 	help.
 	kede54.
 	-->
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/formsite.com.xml b/src/chrome/content/rules/formsite.com.xml
index 8142b2fff695..189d28b58e5a 100644
--- a/src/chrome/content/rules/formsite.com.xml
+++ b/src/chrome/content/rules/formsite.com.xml
@@ -18,7 +18,7 @@ Fetch error: http://formsite.com/ => https://formsite.com/: (60, 'SSL certificat
 		- www.formsite.com
 
 -->
-<ruleset name="Formsite.com" default_off='failed ruleset test'>
+<ruleset name="Formsite.com" default_off="failed ruleset test">
 
 	<target host="formsite.com" />
 	<target host="a1.formsite.com" />
diff --git a/src/chrome/content/rules/forum.gigabyte.ru.xml b/src/chrome/content/rules/forum.gigabyte.ru.xml
new file mode 100644
index 000000000000..5d4582fe245d
--- /dev/null
+++ b/src/chrome/content/rules/forum.gigabyte.ru.xml
@@ -0,0 +1,8 @@
+<ruleset name="forum.gigabyte.ru">
+	<target host="forum.gigabyte.ru" />
+	<target host="www.forum.gigabyte.ru" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fosshub.xml b/src/chrome/content/rules/fosshub.xml
index 964edac025b1..2b059b6dde42 100644
--- a/src/chrome/content/rules/fosshub.xml
+++ b/src/chrome/content/rules/fosshub.xml
@@ -1,8 +1,8 @@
-<ruleset name="fosshub.com">
-<target host="fosshub.com"/>
-<target host="www.fosshub.com"/>
-<target host="download.fosshub.com"/>
-<target host="app.fosshub.com"/>
-<securecookie host=".+" name=".+" />
-<rule from="^http:" to="https:"/>
-</ruleset>
+<ruleset name="fosshub.com">
+<target host="fosshub.com"/>
+<target host="www.fosshub.com"/>
+<target host="download.fosshub.com"/>
+<target host="app.fosshub.com"/>
+<securecookie host=".+" name=".+" />
+<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/foundry.com.xml b/src/chrome/content/rules/foundry.com.xml
new file mode 100644
index 000000000000..2c5e07c8d0d5
--- /dev/null
+++ b/src/chrome/content/rules/foundry.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		www.support.foundry.com
+
+	Non-2xx HTTP code:
+		http://licenceapi.foundry.com/
+
+	Refused:
+		calendar.foundry.com
+		mail.foundry.com
+-->
+<ruleset name="foundry.com">
+	<target host="foundry.com" />
+	<target host="www.foundry.com" />
+	<target host="colorway.foundry.com" />
+	<target host="community.foundry.com" />
+	<target host="community-service.foundry.com" />
+	<target host="imagine.foundry.com" />
+	<target host="learn.foundry.com" />
+	<target host="modosplash.foundry.com" />
+	<target host="subscriptions.foundry.com" />
+	<target host="support.foundry.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fpslreb-crtespf.gc.ca.xml b/src/chrome/content/rules/fpslreb-crtespf.gc.ca.xml
new file mode 100644
index 000000000000..a730bae336f6
--- /dev/null
+++ b/src/chrome/content/rules/fpslreb-crtespf.gc.ca.xml
@@ -0,0 +1,17 @@
+<ruleset name="fpslreb-crtespf.gc.ca">
+	<target host="crtefp.gc.ca" />
+	<target host="www.crtefp.gc.ca" />
+	<target host="crtefp-pslreb.gc.ca" />
+	<target host="www.crtefp-pslreb.gc.ca" />
+	<target host="fpslreb-crtespf.gc.ca" />
+	<target host="decisions.fpslreb-crtespf.gc.ca" />
+	<target host="www.fpslreb-crtespf.gc.ca" />
+	<target host="fpslreb.gc.ca" />
+	<target host="www.fpslreb.gc.ca" />
+	<target host="pslreb.gc.ca" />
+	<target host="www.pslreb.gc.ca" />
+	<target host="pslreb-crtefp.gc.ca" />
+	<target host="www.pslreb-crtefp.gc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fraedom.com.xml b/src/chrome/content/rules/fraedom.com.xml
index f78478a14561..179f456dcdb0 100644
--- a/src/chrome/content/rules/fraedom.com.xml
+++ b/src/chrome/content/rules/fraedom.com.xml
@@ -1,8 +1,17 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www2.fraedom.com/? => https://www.fraedom.com/: (6, 'Could not resolve host: www2.fraedom.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www2.fraedom.com/l/97782/2015-09-17/5r76f => https://pi.pardot.com/l/97782/2015-09-17/5r76f: (6, 'Could not resolve host: www2.fraedom.com')
+Time: 2020-09-25 16:20:22
+ Fetch error: http://www2.fraedom.com/ => https://www.fraedom.com/: (6, 'Could not resolve host: www2.fraedom.com')
+
 	Other Fraedom rulesets:
 
 		- fraedom-cdn.com.xml
-		- spendvision.com.xml
 
 
 	Problematic hosts in *fraedom.com:
@@ -14,7 +23,7 @@
 
 	Partially covered hosts in *fraedom.com:
 
-		- www2 
+		- www2
 
 
 	Insecure cookies are set for these hosts:
@@ -33,7 +42,7 @@
 
 	<!--	Complications:
 				-->
-	<target host="www2.fraedom.com" />
+	<!-- target host="www2.fraedom.com" /-->
 
 
 	<!--	Not secured by server:
@@ -43,31 +52,6 @@
 	<securecookie host="^\." name="^_gat?$" />
 	<securecookie host="^\w" name=".+" />
 
-
-	<!--	Redirect drops forward slash and args:
-							-->
-	<rule from="^http://www2\.fraedom\.com/+(?:\?.*)?$"
-		to="https://www.fraedom.com/" />
-
-	<rule from="^http://www2\.fraedom\.com/"
-		to="https://pi.pardot.com/" />
-
-		<exclusion pattern="^http://www2\.fraedom\.com/+(?!$|\?|l/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://www2.fraedom.com/default.aspx" />
-			<test url="http://www2.fraedom.com/index.cgi" />
-			<test url="http://www2.fraedom.com/index.htm" />
-			<test url="http://www2.fraedom.com/index.html" />
-			<test url="http://www2.fraedom.com/index.jsp" />
-			<test url="http://www2.fraedom.com/index.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://www2.fraedom.com/?" />
-			<test url="http://www2.fraedom.com/l/97782/2015-09-17/5r76f" />
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/frankfurt-university.de.xml b/src/chrome/content/rules/frankfurt-university.de.xml
new file mode 100644
index 000000000000..375144e52fc8
--- /dev/null
+++ b/src/chrome/content/rules/frankfurt-university.de.xml
@@ -0,0 +1,13 @@
+<ruleset name="frankfurt-university.de">
+	<target host="frankfurt-university.de" />
+	<target host="*.frankfurt-university.de" />
+    	<test url="http://idm.frankfurt-university.de/" />
+    	<test url="http://webmail.frankfurt-university.de/" />
+    	<test url="http://intranet.frankfurt-university.de/" />
+
+	<exclusion pattern="^http://sea-[0-9][0-9]\.cit\.frankfurt-university\.de:32224/" />
+    	<test url="http://sea-01.cit.frankfurt-university.de:32224/" />
+    	<test url="http://sea-02.cit.frankfurt-university.de:32224/" />
+    
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fraudmetrix.cn.xml b/src/chrome/content/rules/fraudmetrix.cn.xml
index 872111cbe22e..9c27c3e64858 100644
--- a/src/chrome/content/rules/fraudmetrix.cn.xml
+++ b/src/chrome/content/rules/fraudmetrix.cn.xml
@@ -11,6 +11,6 @@
 	<target host="static.fraudmetrix.cn" />
 		<test url="http://static.fraudmetrix.cn/clear.swf" />
 	<target host="statictest.fraudmetrix.cn" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/freeactionscript.com.xml b/src/chrome/content/rules/freeactionscript.com.xml
new file mode 100644
index 000000000000..2643ad8314fb
--- /dev/null
+++ b/src/chrome/content/rules/freeactionscript.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="freeactionscript.com">
+	<target host="freeactionscript.com" />
+	<target host="www.freeactionscript.com" />
+	<target host="autodiscover.freeactionscript.com" />
+	<target host="cpanel.freeactionscript.com" />
+	<target host="webdisk.freeactionscript.com" />
+	<target host="webmail.freeactionscript.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freeboard.io.xml b/src/chrome/content/rules/freeboard.io.xml
index 1de94fd9f697..a40de175f113 100644
--- a/src/chrome/content/rules/freeboard.io.xml
+++ b/src/chrome/content/rules/freeboard.io.xml
@@ -12,7 +12,7 @@
 	<target host="alpha.freeboard.io" />
 	<target host="openxc.freeboard.io" />
 	<target host="thingproxy.freeboard.io" />
-	
+
 	<rule from="^http://www\.freeboard\.io/"
 		to="https://freeboard.io/" />
 
diff --git a/src/chrome/content/rules/freech.net.xml b/src/chrome/content/rules/freech.net.xml
deleted file mode 100644
index 5e6367e09f0b..000000000000
--- a/src/chrome/content/rules/freech.net.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	www.freech.net: Mismatched
-
--->
-<ruleset name="freech.net">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="freech.net" />
-	<target host="bbs.freech.net" />
-	<target host="josh.freech.net" />
-
-	<!--	Complications:
-				-->
-	<target host="www.freech.net" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.freech\.net/"
-		to="https://freech.net/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/freecode.club.xml b/src/chrome/content/rules/freecode.club.xml
index b8144401dcfc..947c64a197d0 100644
--- a/src/chrome/content/rules/freecode.club.xml
+++ b/src/chrome/content/rules/freecode.club.xml
@@ -5,7 +5,7 @@ Fetch error: http://freecode.club/ => https://freecode.club/: (51, "SSL: no alte
 Fetch error: http://www.freecode.club/ => https://www.freecode.club/: (51, "SSL: no alternative certificate subject name matches target host name 'www.freecode.club'")
 
 -->
-<ruleset name="freecode.club" default_off='failed ruleset test'>
+<ruleset name="freecode.club" default_off="failed ruleset test">
 
 	<target host="freecode.club" />
 	<target host="www.freecode.club" />
diff --git a/src/chrome/content/rules/freedos.org.xml b/src/chrome/content/rules/freedos.org.xml
new file mode 100644
index 000000000000..aa21fcae0745
--- /dev/null
+++ b/src/chrome/content/rules/freedos.org.xml
@@ -0,0 +1,12 @@
+<!--
+        Refused:
+                wiki.freedos.org
+-->
+<ruleset name="freedos.org">
+	<target host="freedos.org" />
+	<target host="www.freedos.org" />
+	<target host="personal.freedos.org" />
+	<target host="test.freedos.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/freeovi.com.xml b/src/chrome/content/rules/freeovi.com.xml
index 9147d0598c74..c19bb504c553 100644
--- a/src/chrome/content/rules/freeovi.com.xml
+++ b/src/chrome/content/rules/freeovi.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://freeovi.com/ => https://www.freeovi.com/: (51, "SSL: no alte
 	^freeovi.com: Refused
 
 -->
-<ruleset name="free OVI.com" default_off='failed ruleset test'>
+<ruleset name="free OVI.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/freerunet.ru.xml b/src/chrome/content/rules/freerunet.ru.xml
index e2e1604fa321..0ccfca26678f 100644
--- a/src/chrome/content/rules/freerunet.ru.xml
+++ b/src/chrome/content/rules/freerunet.ru.xml
@@ -4,7 +4,7 @@ www.freerunet.ru self signed
 <ruleset name="freerunet.ru" platform="mixedcontent">
 	<target host="freerunet.ru" />
 	<target host="www.freerunet.ru" />
-	
+
 	<rule from="^http://www\.freerunet\.ru/"
 		to="https://freerunet.ru/" />
 
diff --git a/src/chrome/content/rules/freifunk-rhein-neckar.de.xml b/src/chrome/content/rules/freifunk-rhein-neckar.de.xml
index 5c846c7ff8c9..d1f3d44fec4c 100644
--- a/src/chrome/content/rules/freifunk-rhein-neckar.de.xml
+++ b/src/chrome/content/rules/freifunk-rhein-neckar.de.xml
@@ -8,7 +8,7 @@
 		ffrn-c46e1fa11d8a.nodes.ffrn.de
 		survey.ffrn.de
 		webirc.ffrn.de
-	
+
 	Redirect loop:
 		netcheck.ffrn.de
 
diff --git a/src/chrome/content/rules/freshmeat.club.xml b/src/chrome/content/rules/freshmeat.club.xml
index 8f4be74badf6..3131046d2fba 100644
--- a/src/chrome/content/rules/freshmeat.club.xml
+++ b/src/chrome/content/rules/freshmeat.club.xml
@@ -5,7 +5,7 @@ Fetch error: http://freshmeat.club/ => https://freshmeat.club/: (6, 'Could not r
 Fetch error: http://www.freshmeat.club/ => https://www.freshmeat.club/: (6, 'Could not resolve host: www.freshmeat.club')
 
 -->
-<ruleset name="freshmeat.club" default_off='failed ruleset test'>
+<ruleset name="freshmeat.club" default_off="failed ruleset test">
 
 	<target host="freshmeat.club" />
 	<target host="www.freshmeat.club" />
diff --git a/src/chrome/content/rules/from-ua.com.xml b/src/chrome/content/rules/from-ua.com.xml
deleted file mode 100644
index c7a16f346c9a..000000000000
--- a/src/chrome/content/rules/from-ua.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="from-ua.com" platform="mixedcontent">
-	<target host="from-ua.com" />
-	<target host="www.from-ua.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/fsrar.ru.xml b/src/chrome/content/rules/fsrar.ru.xml
index c72e6addf7cd..c4429293dadc 100644
--- a/src/chrome/content/rules/fsrar.ru.xml
+++ b/src/chrome/content/rules/fsrar.ru.xml
@@ -26,7 +26,7 @@ askp.fsrar.ru ³
 ² refused
 ³ timed out
 -->
-<ruleset name="fsrar.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="fsrar.ru (partial)" default_off="failed ruleset test">
 	<target host="service.fsrar.ru" />
 	<target host="check1.fsrar.ru" />
 
diff --git a/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml b/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml
index 73b282e91322..a8f29b0f4a48 100644
--- a/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml
+++ b/src/chrome/content/rules/ftp.rnl.tecnico.ulisboa.pt.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.ftp.rnl.tecnico.ulisboa.pt/ => https://www.ftp.rnl.tecni
   Software mirror provided by
   the Department of Computer Science and Engineering of Tecnico Lisboa.
 -->
-<ruleset name="ftp.rnl.tecnico.ulisboa.pt" default_off='failed ruleset test'>
+<ruleset name="ftp.rnl.tecnico.ulisboa.pt" default_off="failed ruleset test">
   <target host="ftp.rnl.tecnico.ulisboa.pt" />
   <target host="www.ftp.rnl.tecnico.ulisboa.pt" />
 
diff --git a/src/chrome/content/rules/ftsafe.com.xml b/src/chrome/content/rules/ftsafe.com.xml
new file mode 100644
index 000000000000..905fd4a40ebe
--- /dev/null
+++ b/src/chrome/content/rules/ftsafe.com.xml
@@ -0,0 +1,19 @@
+<!--
+		Invalid certificate:
+			ftsafe.com.cn (unable to get local issuer certificate)
+			appdemo.ftsafe.com (unable to get local issuer certificate)
+			cn.ftsafe.com (unable to get local issuer certificate)
+-->
+<ruleset name="ftsafe.com">
+	<target host="ftsafe.com" />
+	<target host="www.ftsafe.com" />
+	<target host="demo.ftsafe.com" />
+	<target host="download.ftsafe.com" />
+	<target host="en.ftsafe.com" />
+	<target host="u2fdemo.ftsafe.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fujitsu-webmart.com.xml b/src/chrome/content/rules/fujitsu-webmart.com.xml
new file mode 100644
index 000000000000..1f066964b4af
--- /dev/null
+++ b/src/chrome/content/rules/fujitsu-webmart.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Fujitsu related rulesets, see Fujitsu.xml
+
+	Non-functional hosts in *.fujitsu-webmart.com:
+		Certificate mismatched:
+		- fujitsu-webmart.com
+		- www.fujitsu-webmart.com
+		- webmnt.fujitsu-webmart.com
+-->
+<ruleset name="Fujitsu (partial)" default_off="cert-invalid">
+	<target host="fujitsu-webmart.com" />
+	<target host="www.fujitsu-webmart.com" />
+	<target host="webmnt.fujitsu-webmart.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/funke.press.xml b/src/chrome/content/rules/funke.press.xml
new file mode 100644
index 000000000000..20f38d657901
--- /dev/null
+++ b/src/chrome/content/rules/funke.press.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		stage.server.video
+-->
+<ruleset name="funke.press">
+
+	<target host="content.video.funke.press" />
+	<target host="front.video.funke.press" />
+	<target host="stage.front.video.funke.press" />
+	<target host="server.video.funke.press" />
+	<target host="vod.video.funke.press" />
+	<target host="stage.vod.video.funke.press" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/funktionstjanster.se.xml b/src/chrome/content/rules/funktionstjanster.se.xml
new file mode 100644
index 000000000000..a9275cddbbd2
--- /dev/null
+++ b/src/chrome/content/rules/funktionstjanster.se.xml
@@ -0,0 +1,34 @@
+<!--
+	^funktionstjanster.se is NXDOMAIN.
+-->
+<ruleset name="funktionstjanster.se">
+	<target host="www.funktionstjanster.se" />
+	<target host="doc.funktionstjanster.se" />
+	<target host="eformular.funktionstjanster.se" />
+	<target host="etp.funktionstjanster.se" />
+	<target host="me.funktionstjanster.se" />
+	<target host="habo.me.funktionstjanster.se" />
+	<target host="mefiles.funktionstjanster.se" />
+	<target host="m00-mg-local.idp.funktionstjanster.se" />
+	<target host="m01-mg-local.idp.funktionstjanster.se" />
+	<target host="m02-mg-local.idp.funktionstjanster.se" />
+	<target host="m03-mg-local.idp.funktionstjanster.se" />
+	<target host="m04-mg-local.idp.funktionstjanster.se" />
+	<target host="m05-mg-local.idp.funktionstjanster.se" />
+	<target host="m06-mg-local.idp.funktionstjanster.se" />
+	<target host="m07-mg-local.idp.funktionstjanster.se" />
+	<target host="m08-mg-local.idp.funktionstjanster.se" />
+	<target host="m09-mg-local.idp.funktionstjanster.se" />
+	<target host="m00-mg-local.idpat.funktionstjanster.se" />
+	<target host="m05-mg-local.idpat.funktionstjanster.se" />
+	<target host="m06-mg-local.idpat.funktionstjanster.se" />
+	<target host="m00-mg-local.idpst.funktionstjanster.se" />
+	<target host="m05-mg-local.idpst.funktionstjanster.se" />
+	<target host="m00-mg-local.testidp.funktionstjanster.se" />
+	<target host="m01-mg-local.testidp.funktionstjanster.se" />
+	<target host="m02-mg-local.testidp.funktionstjanster.se" />
+	<target host="m03-mg-local.testidp.funktionstjanster.se" />
+	<target host="m04-mg-local.testidp.funktionstjanster.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/futurezone.de.xml b/src/chrome/content/rules/futurezone.de.xml
new file mode 100644
index 000000000000..0e80859b1048
--- /dev/null
+++ b/src/chrome/content/rules/futurezone.de.xml
@@ -0,0 +1,30 @@
+<!--
+	Connection closed:
+		games.futurezone.de
+		nl.futurezone.de
+
+	Invalid certificate:
+		cue.aws.futurezone.de
+		dev5.aws.futurezone.de
+
+	Non-2xx HTTP code:
+		img.futurezone.de
+
+	Timeout:
+		dev[1-4].aws.futurezone.de
+		talk-dev.aws.futurezone.de
+-->
+<ruleset name="futurezone.de">
+
+	<target host="futurezone.de" />
+	<target host="www.futurezone.de" />
+	<target host="talk.aws.futurezone.de" />
+	<target host="beta.futurezone.de" />
+	<target host="go.futurezone.de" />
+	<target host="prod.futurezone.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/fuzeqna.com.xml b/src/chrome/content/rules/fuzeqna.com.xml
new file mode 100644
index 000000000000..4d4741663a5f
--- /dev/null
+++ b/src/chrome/content/rules/fuzeqna.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="fuzeqna.com (partial)">
+	<target host="www.fuzeqna.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/fvap.gov.xml b/src/chrome/content/rules/fvap.gov.xml
deleted file mode 100644
index a953eef9f89c..000000000000
--- a/src/chrome/content/rules/fvap.gov.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Federal Voting Assistance Program
-
-
--->
-<ruleset name="FVAP.gov">
-
-	<target host="fvap.gov" />
-	<target host="www.fvap.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/fvz.io.xml b/src/chrome/content/rules/fvz.io.xml
deleted file mode 100644
index 909334d9a095..000000000000
--- a/src/chrome/content/rules/fvz.io.xml
+++ /dev/null
@@ -1,25 +0,0 @@
-<!--
-	Cert mismatch:
-		- status.fvz.io
-
-	Connection refused:
-		- influx.fvz.io
-		- ptr2.fvz.io
-	
-	Self-signed cert:
-		- graphite.fvz.i
-		- xl.fvz.io
-
-	Timeout:
-		- chef.fvz.io
--->
-<ruleset name="Fvz.io">
-
-	<target host="grafana.fvz.io" />
-	<target host="mirror.fvz.io" />
-	<target host="repo.fvz.io" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/g4s.com.xml b/src/chrome/content/rules/g4s.com.xml
index 6cef66a0c2cb..aefdd3f44ea2 100644
--- a/src/chrome/content/rules/g4s.com.xml
+++ b/src/chrome/content/rules/g4s.com.xml
@@ -88,7 +88,7 @@ Fetch error: http://www.careers.g4s.com/ => https://www.careers.g4s.com/: (51, "
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="G4S.com (partial)" default_off='failed ruleset test'>
+<ruleset name="G4S.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/gamecraft.cz.xml b/src/chrome/content/rules/gamecraft.cz.xml
index 816662dc098c..c0cc36ae746c 100644
--- a/src/chrome/content/rules/gamecraft.cz.xml
+++ b/src/chrome/content/rules/gamecraft.cz.xml
@@ -5,7 +5,7 @@ Fetch error: http://gamecraft.cz/ => https://gamecraft.cz/: (60, 'SSL certificat
 Fetch error: http://www.gamecraft.cz/ => https://gamecraft.cz/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="GAMECRAFT.CZ" default_off='failed ruleset test'>
+<ruleset name="GAMECRAFT.CZ" default_off="failed ruleset test">
     <target host="gamecraft.cz" />
     <target host="www.gamecraft.cz" />
 
diff --git a/src/chrome/content/rules/gamedev.ru.xml b/src/chrome/content/rules/gamedev.ru.xml
new file mode 100644
index 000000000000..0c700858f0bb
--- /dev/null
+++ b/src/chrome/content/rules/gamedev.ru.xml
@@ -0,0 +1,47 @@
+<!--
+	Invalid certificate:
+		casual.gamedev.ru
+		www.casual.gamedev.ru
+		directx.gamedev.ru
+		www.directx.gamedev.ru
+		iphone.gamedev.ru
+		www.iphone.gamedev.ru
+		my.gamedev.ru
+		www.my.gamedev.ru
+		sergio.gamedev.ru
+		www.sergio.gamedev.ru
+		top.gamedev.ru
+		www.top.gamedev.ru
+		wat.gamedev.ru
+		www.wat.gamedev.ru
+		xna.gamedev.ru
+		www.xna.gamedev.ru
+
+	Refused:
+		mail.casual.gamedev.ru
+		mail.directx.gamedev.ru
+		mail.gamedev.ru
+		mail.iphone.gamedev.ru
+		mail.my.gamedev.ru
+		mail.sergio.gamedev.ru
+		mail.top.gamedev.ru
+		mail.wat.gamedev.ru
+		mail.xna.gamedev.ru
+
+	Time out:
+		home.casual.gamedev.ru
+		home.gamedev.ru
+		home.directx.gamedev.ru
+		home.iphone.gamedev.ru
+		home.my.gamedev.ru
+		home.sergio.gamedev.ru
+		home.top.gamedev.ru
+		home.wat.gamedev.ru
+		home.xna.gamedev.ru
+-->
+<ruleset name="gamedev.ru">
+	<target host="gamedev.ru" />
+	<target host="www.gamedev.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gamingpastime.com.xml b/src/chrome/content/rules/gamingpastime.com.xml
new file mode 100644
index 000000000000..915c6ebc2f82
--- /dev/null
+++ b/src/chrome/content/rules/gamingpastime.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="gamingpastime.com">
+	<target host="gamingpastime.com" />
+	<target host="www.gamingpastime.com" />
+	<target host="cpanel.gamingpastime.com" />
+	<target host="webdisk.gamingpastime.com" />
+	<target host="webmail.gamingpastime.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gardners.com.xml b/src/chrome/content/rules/gardners.com.xml
index d23bfbac4280..174d9ff1c69c 100644
--- a/src/chrome/content/rules/gardners.com.xml
+++ b/src/chrome/content/rules/gardners.com.xml
@@ -6,7 +6,7 @@
 	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="gardners.com" default_off="missing certificate chain">
+<ruleset name="gardners.com" default_off="cert-chain">
 
 	<target host="jackets.gardners.com" />
 
diff --git a/src/chrome/content/rules/gargoyle.xml b/src/chrome/content/rules/gargoyle.xml
index 7daa317ea954..3820c409c925 100644
--- a/src/chrome/content/rules/gargoyle.xml
+++ b/src/chrome/content/rules/gargoyle.xml
@@ -11,7 +11,7 @@ Fetch error: http://gargoyle-router.com/ => https://gargoyle-router.com/: (51, "
 		- .gargoyle-router.com
 
 -->
-<ruleset name="Gargoyle-Router.com" default_off='failed ruleset test'>
+<ruleset name="Gargoyle-Router.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml b/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml
index a41b00c1050c..436547659ddd 100644
--- a/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml
+++ b/src/chrome/content/rules/gatewaytohomechoice.org.uk.xml
@@ -22,7 +22,7 @@ Fetch error: http://test1.gatewaytohomechoice.org.uk/ => https://test1.gatewayto
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Gateway to Home Choice.org.uk" default_off='failed ruleset test'>
+<ruleset name="Gateway to Home Choice.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/gawkermediagroup.com.xml b/src/chrome/content/rules/gawkermediagroup.com.xml
index 6a0b36be3075..77b204888df9 100644
--- a/src/chrome/content/rules/gawkermediagroup.com.xml
+++ b/src/chrome/content/rules/gawkermediagroup.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://gawkermediagroup.com/ => https://gawkermediagroup.com/: (60,
 	www.gawkermediagroup.com: Mismatched
 
 -->
-<ruleset name="Gawker Media Group.com" default_off='failed ruleset test'>
+<ruleset name="Gawker Media Group.com" default_off="failed ruleset test">
 
 	<target host="gawkermediagroup.com" />
 	<target host="*.gawkermediagroup.com" />
diff --git a/src/chrome/content/rules/gazellegames.xml b/src/chrome/content/rules/gazellegames.xml
index cc6138f9f64c..5d7a5b14f092 100644
--- a/src/chrome/content/rules/gazellegames.xml
+++ b/src/chrome/content/rules/gazellegames.xml
@@ -1,6 +1,6 @@
 <ruleset name="gazellegames.net">
   <target host="gazellegames.net" />
   <target host="www.gazellegames.net" />
-  
+
 <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/geacron.com.xml b/src/chrome/content/rules/geacron.com.xml
new file mode 100644
index 000000000000..a7070b9c4b13
--- /dev/null
+++ b/src/chrome/content/rules/geacron.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		cdn.geacron.com
+		ftp.geacron.com
+		mail.geacron.com
+		ns.geacron.com
+-->
+<ruleset name="geacron.com">
+	<target host="geacron.com" />
+	<target host="www.geacron.com" />
+	<target host="sus.geacron.com" />
+	<target host="webmail.geacron.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/genua.de.xml b/src/chrome/content/rules/genua.de.xml
index c125dfe82629..90e97bc93692 100644
--- a/src/chrome/content/rules/genua.de.xml
+++ b/src/chrome/content/rules/genua.de.xml
@@ -3,6 +3,6 @@
 	<target host= "www.genua.de" />
 	<target host="blog.genua.de" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/geoedge.be.xml b/src/chrome/content/rules/geoedge.be.xml
new file mode 100644
index 000000000000..465f1a814953
--- /dev/null
+++ b/src/chrome/content/rules/geoedge.be.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		pangeo
+		publisher
+
+	Refused:
+		gateway
+
+	Timeout:
+		jenkins
+-->
+<ruleset name="geoedge.be">
+
+	<target host="gw.geoedge.be" />
+	<target host="protect.geoedge.be" />
+	<target host="rumcdn.geoedge.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/geokrety.org.xml b/src/chrome/content/rules/geokrety.org.xml
index 84846fc980f2..5bec375aaf81 100644
--- a/src/chrome/content/rules/geokrety.org.xml
+++ b/src/chrome/content/rules/geokrety.org.xml
@@ -1,15 +1,15 @@
 <!--
 	Main pages support https
-	
+
 	Related page: geokretymap.org
 	Related ruleset: geokretymap.org.xml
-	
+
 	Latest test date: 05.09.2016
 -->
 <ruleset name="geokrety.org">
 	<!-- Main page -->
 	<target host="geokrety.org" />
 	<target host="www.geokrety.org" />
-	
+
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/geokretymap.org.xml b/src/chrome/content/rules/geokretymap.org.xml
index 1d1232ad413c..a30bc7577d9c 100644
--- a/src/chrome/content/rules/geokretymap.org.xml
+++ b/src/chrome/content/rules/geokretymap.org.xml
@@ -1,11 +1,11 @@
 <!--
 	Main and api page support https
-	
+
 	Related page: geokrety.org
 	Related ruleset: geokrety.org.xml
-	
+
 	Latest test date: 05.09.2016
-	
+
 	Return 404 for http and https:
 	www.geokretymap.org
 	cgeo.geokretymap.org
@@ -13,9 +13,9 @@
 <ruleset name="geokretymap.org">
 	<!-- Main page -->
 	<target host="geokretymap.org" />
-	
+
 	<!-- API -->
 	<target host="api.geokretymap.org" />
-	
+
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/get.no.xml b/src/chrome/content/rules/get.no.xml
index f057244cfe9d..79c1b83d639d 100644
--- a/src/chrome/content/rules/get.no.xml
+++ b/src/chrome/content/rules/get.no.xml
@@ -37,7 +37,7 @@ Fetch error: http://zendesk.get.no/ => https://zendesk.get.no/: Too many redirec
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Get.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Get.no (partial)" default_off="failed ruleset test">
 
 	<target host="get.no" />
 	<target host="app.get.no" />
diff --git a/src/chrome/content/rules/ghosthousecreative.com.xml b/src/chrome/content/rules/ghosthousecreative.com.xml
new file mode 100644
index 000000000000..6cb7207c4233
--- /dev/null
+++ b/src/chrome/content/rules/ghosthousecreative.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="ghosthousecreative.com">
+	<target host="ghosthousecreative.com" />
+	<target host="www.ghosthousecreative.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gigablast.com.xml b/src/chrome/content/rules/gigablast.com.xml
new file mode 100644
index 000000000000..131f8bb13c85
--- /dev/null
+++ b/src/chrome/content/rules/gigablast.com.xml
@@ -0,0 +1,8 @@
+<!-- Wildcard dns. Certificate only valid for root and www. -->
+
+<ruleset name="gigablast.com">
+	<target host="gigablast.com" />
+	<target host="www.gigablast.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gimp.org.xml b/src/chrome/content/rules/gimp.org.xml
index 6d6a65778ac4..e9c203236b6c 100644
--- a/src/chrome/content/rules/gimp.org.xml
+++ b/src/chrome/content/rules/gimp.org.xml
@@ -1,28 +1,30 @@
 <!--
-	Problematic subdomains:
-	(Work, Invalid certificate)
-		- ftp
-		- gui
-		- irc
-		- irc.eu
-		- registry
-	(Refused)
-		- pippin
-		- www.it
+	Invalid certificate:
+		- registry.gimp.org
+
+	Refused:
+		- www.it.gimp.org
+		- irc.gimp.org
+
+	Timeout:
+		- irc.eu.gimp.org
 -->
 
 <ruleset name="GIMP">
-        <target host="gimp.org" />
-        <target host="www.gimp.org" />
-        <target host="developer.gimp.org" />
-        <target host="docs.gimp.org" />
-        <target host="download.gimp.org" />
-        <target host="static.gimp.org" />
-        <target host="testing.gimp.org" />
-        <target host="wiki.gimp.org" />
-        
-        <securecookie host=".+" name=".+" />
-        
-        <rule from="^http:"
-                to="https:" />
+	<target host="gimp.org" />
+	<target host="www.gimp.org" />
+	<target host="developer.gimp.org" />
+	<target host="docs.gimp.org" />
+	<target host="download.gimp.org" />
+	<target host="ftp.gimp.org" />
+	<target host="gui.gimp.org" />
+	<target host="static.gimp.org" />
+	<target host="testing.gimp.org" />
+	<target host="pippin.gimp.org" />
+	<target host="wiki.gimp.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/gitea.com.xml b/src/chrome/content/rules/gitea.com.xml
new file mode 100644
index 000000000000..d83a7e62dde8
--- /dev/null
+++ b/src/chrome/content/rules/gitea.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="gitea.com">
+
+	<target host="gitea.com" />
+	<target host="www.gitea.com" />
+	<target host="drone.gitea.com" />
+	<target host="s.gitea.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/githost.io.xml b/src/chrome/content/rules/githost.io.xml
index 90fd96ecf492..3ad0b472f881 100644
--- a/src/chrome/content/rules/githost.io.xml
+++ b/src/chrome/content/rules/githost.io.xml
@@ -6,7 +6,7 @@ Fetch error: http://guard.githost.io/ => https://guard.githost.io/: (6, 'Could n
 gnu.githost.io mismatch
 jfryelocaltest02.githost.io expired
 -->
-<ruleset name="githost.io" default_off='failed ruleset test'>
+<ruleset name="githost.io" default_off="failed ruleset test">
 	<target host="githost.io" />
 	<target host="www.githost.io" />
 	<target host="paclab.githost.io" />
diff --git a/src/chrome/content/rules/githubassets.com.xml b/src/chrome/content/rules/githubassets.com.xml
new file mode 100644
index 000000000000..a3ba1cbf9316
--- /dev/null
+++ b/src/chrome/content/rules/githubassets.com.xml
@@ -0,0 +1,16 @@
+<!--
+	For other GitHub coverage, see GitHub.xml.
+
+	This domain contains a wildcard DNS record and a wildcard certificate.
+-->
+<ruleset name="githubassets.com">
+
+	<target host="github.githubassets.com" />
+		<test url="http://github.githubassets.com/assets/frameworks-5abe724ecf200f8d9bbf52e5e4a2d7af.css" />
+	<target host="help.githubassets.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/gkovacs.com.xml b/src/chrome/content/rules/gkovacs.com.xml
new file mode 100644
index 000000000000..ed6115cd97d4
--- /dev/null
+++ b/src/chrome/content/rules/gkovacs.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="gkovacs.com">
+	<target host="gkovacs.com" />
+	<target host="www.gkovacs.com" />
+
+	<rule from="^http://gkovacs\.com/" to="https://www.gkovacs.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glazdik.ru.xml b/src/chrome/content/rules/glazdik.ru.xml
new file mode 100644
index 000000000000..5a3ad752927b
--- /dev/null
+++ b/src/chrome/content/rules/glazdik.ru.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		demo.glazdik.ru
+		www.demo.glazdik.ru
+		key-servis.glazdik.ru
+		www.key-servis.glazdik.ru
+		kn.glazdik.ru
+		www.kn.glazdik.ru
+		mail.glazdik.ru
+		medicalc.glazdik.ru
+		www.medicalc.glazdik.ru
+		oc.glazdik.ru
+		www.oc.glazdik.ru
+-->
+<ruleset name="glazdik.ru">
+	<target host="glazdik.ru" />
+	<target host="www.glazdik.ru" />
+	<target host="2kg.glazdik.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glen-l.com.xml b/src/chrome/content/rules/glen-l.com.xml
index cfad99292730..cf4dd65df166 100644
--- a/src/chrome/content/rules/glen-l.com.xml
+++ b/src/chrome/content/rules/glen-l.com.xml
@@ -11,7 +11,7 @@
 		- css from www.glen-l.com ˢ
 
 		- Images, from:
-		
+
 			- glen-l.com ˢ
 			- www.glen-l.com ˢ
 
diff --git a/src/chrome/content/rules/glest.org.xml b/src/chrome/content/rules/glest.org.xml
new file mode 100644
index 000000000000..015fb8f2a5c1
--- /dev/null
+++ b/src/chrome/content/rules/glest.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Time out:
+		ftp.glest.org
+		imap.glest.org
+		pop.glest.org
+		sftp.glest.org
+		ssh.glest.org
+-->
+<ruleset name="glest.org">
+	<target host="glest.org" />
+	<target host="www.glest.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glimg.net.xml b/src/chrome/content/rules/glimg.net.xml
new file mode 100644
index 000000000000..ddeceffd0551
--- /dev/null
+++ b/src/chrome/content/rules/glimg.net.xml
@@ -0,0 +1,15 @@
+<!--
+	For other Demand Media coverage, see Demand-Media.xml.
+
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- glimg.net
+		- www.glimg.net
+-->
+<ruleset name="glimg.net (partial)">
+	<target host="i.glimg.net" />
+	<target host="ui.glimg.net" />
+	<target host="staging.glimg.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/globbersthemes.com.xml b/src/chrome/content/rules/globbersthemes.com.xml
new file mode 100644
index 000000000000..2f9d49b43a2e
--- /dev/null
+++ b/src/chrome/content/rules/globbersthemes.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		mail.globbersthemes.com
+		pop3.globbersthemes.com
+		smtp.globbersthemes.com
+
+	Refused:
+		ftp.globbersthemes.com
+		ftp2.globbersthemes.com
+
+	Time out:
+		vpn.globbersthemes.com
+-->
+<ruleset name="globbersthemes.com">
+	<target host="globbersthemes.com" />
+	<target host="www.globbersthemes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/glomex.com.xml b/src/chrome/content/rules/glomex.com.xml
new file mode 100644
index 000000000000..c91ed533f2f4
--- /dev/null
+++ b/src/chrome/content/rules/glomex.com.xml
@@ -0,0 +1,67 @@
+<!--
+	Connection closed:
+		demo.glomex.com
+
+	Invalid certificate:
+		entertainment.glomex.com
+		explore.glomex.com
+		join.glomex.com
+		news.glomex.com
+		*.player.glomex.com
+		progressive-ac-mds.glomex.com
+		signup.glomex.com
+		vod-lite-mds.glomex.com
+
+	Timeout:
+		ak-ads-mds.glomex.com
+		pfsense.glomex.com
+		support.glomex.com
+		upload.glomex.com
+		vpn.glomex.com
+
+	Too many redirects:
+		ovpn.glomex.com
+-->
+<ruleset name="glomex.com">
+
+	<target host="glomex.com" />
+	<target host="www.glomex.com" />
+	<target host="addemo.glomex.com" />
+	<target host="afeb7c34e087fb19b89505f.glomex.com" />
+	<target host="ap-health-vvs.glomex.com" />
+	<target host="component-vvs.glomex.com" />
+	<target host="config-vvs.glomex.com" />
+	<target host="cpc.glomex.com" />
+	<target host="db04ac130328ddea8d724cf.glomex.com" />
+	<target host="demo.de.glomex.com" />
+	<target host="dvsd-stream.glomex.com" />
+	<target host="exchange.glomex.com" />
+	<target host="i1thumbs.glomex.com" />
+	<target host="i2thumbs.glomex.com" />
+	<target host="i3thumbs.glomex.com" />
+	<target host="i4thumbs.glomex.com" />
+	<target host="imageservicethumbs.glomex.com" />
+	<target host="imthumbs.glomex.com" />
+	<target host="isthumbs.glomex.com" />
+	<target host="jira.glomex.com" />
+	<target host="ac-vod-0002.mds.glomex.com" />
+	<target host="ac-vod-0003.mds.glomex.com" />
+	<target host="ac-vod-0004.mds.glomex.com" />
+	<target host="ac-vod-0012.mds.glomex.com" />
+	<target host="player.glomex.com" />
+	<target host="player-abcd.glomex.com" />
+	<target host="player-feedback-mds.glomex.com" />
+	<target host="player-feedback-v1.glomex.com" />
+	<target host="player-test.glomex.com" />
+	<target host="stage-www.glomex.com" />
+	<target host="www.stage-www.glomex.com" />
+	<target host="static-mds.glomex.com" />
+	<target host="support-docs.glomex.com" />
+	<target host="vas-live-mdp.glomex.com" />
+	<target host="video.glomex.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/glowingbear.org.xml b/src/chrome/content/rules/glowingbear.org.xml
new file mode 100644
index 000000000000..45d79c60f38a
--- /dev/null
+++ b/src/chrome/content/rules/glowingbear.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="glowingbear.org">
+	<target host="glowingbear.org" />
+	<target host="www.glowingbear.org" />
+	<target host="latest.glowingbear.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gmodmp.jp.xml b/src/chrome/content/rules/gmodmp.jp.xml
index ab2ae1a6aee5..3a070fe36c71 100644
--- a/src/chrome/content/rules/gmodmp.jp.xml
+++ b/src/chrome/content/rules/gmodmp.jp.xml
@@ -19,4 +19,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/go4go.net.xml b/src/chrome/content/rules/go4go.net.xml
new file mode 100644
index 000000000000..ee7abfe297b4
--- /dev/null
+++ b/src/chrome/content/rules/go4go.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="go4go.net">
+	<target host="go4go.net" />
+	<target host="www.go4go.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/goMokulele.xml b/src/chrome/content/rules/goMokulele.xml
index 28c61e99ab05..7083f0c522f3 100644
--- a/src/chrome/content/rules/goMokulele.xml
+++ b/src/chrome/content/rules/goMokulele.xml
@@ -8,10 +8,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://iflygo.com/ => https://www.iflygo.com/: (28, 'Connection timed out after 10000 milliseconds')
 Fetch error: http://www.iflygo.com/ => https://www.iflygo.com/: (28, 'Connection timed out after 10001 milliseconds')
 -->
-<ruleset name="go!Mokulele" default_off='failed ruleset test'>
+<ruleset name="go!Mokulele" default_off="failed ruleset test">
   <target host="iflygo.com" />
   <target host="www.iflygo.com" />
 
   <rule from="^http://(?:www\.)?iflygo\.com/"
           to="https://www.iflygo.com/" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/goldenpass.xml b/src/chrome/content/rules/goldenpass.xml
deleted file mode 100644
index 1eca07a4f26b..000000000000
--- a/src/chrome/content/rules/goldenpass.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	404:
-		- ^
-		- birthday
-		- tickets
-		- rambertia
-		- rss
-
-	Refused:
-		- yourtes
-
-	Mismatch:
-		- (www.)goldenpassline.ch
--->
-<ruleset name="goldenpass.ch">
-	<target host="goldenpass.ch"/>
-	<target host="www.goldenpass.ch"/>
-
-	<rule from="^http://goldenpass\.ch/"
-		to="https://www.goldenpass.ch/"/>
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/goldesel.to.xml b/src/chrome/content/rules/goldesel.to.xml
index 6691a556b16e..bd432d47778e 100644
--- a/src/chrome/content/rules/goldesel.to.xml
+++ b/src/chrome/content/rules/goldesel.to.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://board.goldesel.to/ => https://board.goldesel.to/: Too many redirects while fetching 'https://board.goldesel.to/'
 
 -->
-<ruleset name="goldesel.to" default_off='failed ruleset test'>
+<ruleset name="goldesel.to" default_off="failed ruleset test">
   <target host="board.goldesel.to" />
 
   <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/goodolddays.net.xml b/src/chrome/content/rules/goodolddays.net.xml
new file mode 100644
index 000000000000..97e8edc993db
--- /dev/null
+++ b/src/chrome/content/rules/goodolddays.net.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		21ct.goodolddays.net
+		mail.goodolddays.net
+		penguides.goodolddays.net
+-->
+<ruleset name="goodolddays.net">
+	<target host="goodolddays.net" />
+	<target host="www.goodolddays.net" />
+	<target host="files.goodolddays.net" />
+	<target host="m.goodolddays.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/goodweave.org.xml b/src/chrome/content/rules/goodweave.org.xml
new file mode 100644
index 000000000000..95fc885d486e
--- /dev/null
+++ b/src/chrome/content/rules/goodweave.org.xml
@@ -0,0 +1,9 @@
+<ruleset name="goodweave.org">
+	<target host="goodweave.org" />
+	<target host="www.goodweave.org" />
+	<target host="facesoffreedom.goodweave.org" />
+	<target host="www.facesoffreedom.goodweave.org" />
+	<target host="server.goodweave.org" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gorcom.ru.xml b/src/chrome/content/rules/gorcom.ru.xml
deleted file mode 100644
index 55ce0e8fe7e4..000000000000
--- a/src/chrome/content/rules/gorcom.ru.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-gorcom.ru timed out
-www.gorcom.ru timed out
-forum.gorcom.ru timed out
-podpiska.gorcom.ru mismatch
--->
-<ruleset name="gorcom.ru (partial)">
-	<target host="stat.gorcom.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/goud.ma.xml b/src/chrome/content/rules/goud.ma.xml
deleted file mode 100644
index 7f18b4c3f423..000000000000
--- a/src/chrome/content/rules/goud.ma.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="goud.ma" platform="mixedcontent">
-	<target host="goud.ma" />
-	<target host="www.goud.ma" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/gov-murman.ru.xml b/src/chrome/content/rules/gov-murman.ru.xml
index 8241e3e74c8f..14e99b28f916 100644
--- a/src/chrome/content/rules/gov-murman.ru.xml
+++ b/src/chrome/content/rules/gov-murman.ru.xml
@@ -42,7 +42,7 @@ utr.gov-murman.ru different content
 ⁶ redirect
 ⁷ protocol error
 -->
-<ruleset name="gov-murman.ru" default_off='failed ruleset test'>
+<ruleset name="gov-murman.ru" default_off="failed ruleset test">
 	<target host="gov-murman.ru" />
 	<target host="www.gov-murman.ru" />
 	<target host="akolr.gov-murman.ru" />
diff --git a/src/chrome/content/rules/govdelivery.com-falsemixed.xml b/src/chrome/content/rules/govdelivery.com-falsemixed.xml
deleted file mode 100644
index 655b46d4b51d..000000000000
--- a/src/chrome/content/rules/govdelivery.com-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see GovDelivery.xml.
-
-
-	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="GovDelivery.com (false MCB)" platform="mixedcontent">
-
-	<target host="usodep.blogs.govdelivery.com"/>
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/gpuinfo.org.xml b/src/chrome/content/rules/gpuinfo.org.xml
new file mode 100644
index 000000000000..9af67d635acf
--- /dev/null
+++ b/src/chrome/content/rules/gpuinfo.org.xml
@@ -0,0 +1,14 @@
+<ruleset name="gpuinfo.org">
+	<target host="gpuinfo.org" />
+	<target host="www.gpuinfo.org" />
+	<target host="android.gpuinfo.org" />
+	<target host="www.android.gpuinfo.org" />
+	<target host="opengl.gpuinfo.org" />
+	<target host="www.opengl.gpuinfo.org" />
+	<target host="opengles.gpuinfo.org" />
+	<target host="www.opengles.gpuinfo.org" />
+	<target host="vulkan.gpuinfo.org" />
+	<target host="www.vulkan.gpuinfo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gpupowered.org.xml b/src/chrome/content/rules/gpupowered.org.xml
new file mode 100644
index 000000000000..45bf082c2e6a
--- /dev/null
+++ b/src/chrome/content/rules/gpupowered.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="gpupowered.org">
+	<target host="gpupowered.org" />
+	<target host="www.gpupowered.org" />
+	<target host="autodiscover.gpupowered.org" />
+	<target host="cpanel.gpupowered.org" />
+	<target host="mail.gpupowered.org" />
+	<target host="webdisk.gpupowered.org" />
+	<target host="webmail.gpupowered.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/grafica.app.xml b/src/chrome/content/rules/grafica.app.xml
new file mode 100644
index 000000000000..190d4c6ded90
--- /dev/null
+++ b/src/chrome/content/rules/grafica.app.xml
@@ -0,0 +1,8 @@
+<!--
+	NXDOMAIN: www
+-->
+<ruleset name="grafica.app">
+	<target host="grafica.app" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/granularproject.org.xml b/src/chrome/content/rules/granularproject.org.xml
deleted file mode 100644
index 7214b2fe677f..000000000000
--- a/src/chrome/content/rules/granularproject.org.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="granularproject.org">
-	<target host="granularproject.org" />
-	<target host="www.granularproject.org" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/grape.ru.xml b/src/chrome/content/rules/grape.ru.xml
index a4b6dffc70cb..66416b911e68 100644
--- a/src/chrome/content/rules/grape.ru.xml
+++ b/src/chrome/content/rules/grape.ru.xml
@@ -23,7 +23,7 @@ zdraivery.pro.grape.ru ¹
 ² refused
 ⁴ self signed
 -->
-<ruleset name="grape.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="grape.ru (partial)" default_off="failed ruleset test">
 	<target host="htcmaraphon.grape.ru" />
 	<target host="smm.grape.ru" />
 	<target host="dmc2014pro.grape.ru" />
diff --git a/src/chrome/content/rules/graylady3jvrrxbe.onion.xml b/src/chrome/content/rules/graylady3jvrrxbe.onion.xml
new file mode 100644
index 000000000000..eb30c9b32224
--- /dev/null
+++ b/src/chrome/content/rules/graylady3jvrrxbe.onion.xml
@@ -0,0 +1,20 @@
+<!--
+	For more NY Times ruleset, see NYTimes.xml
+
+-->
+<ruleset name="graylady3jvrrxbe.onion">
+
+	<target host="graylady3jvrrxbe.onion" />
+	<target host="www.graylady3jvrrxbe.onion" />
+	<target host="a1.graylady3jvrrxbe.onion" />
+		<test url="http://a1.graylady3jvrrxbe.onion/fonts/family/cheltenham/cheltenham-normal-400.ttf" />
+	<target host="typeface.graylady3jvrrxbe.onion" />
+		<test url="http://typeface.graylady3jvrrxbe.onion/fonts/nyt-cheltenham-extra-condensed-bold-700-normal.woff" />
+	<target host="int.graylady3jvrrxbe.onion" />
+		<test url="http://int.graylady3jvrrxbe.onion/applications/portals/assets/blank.gif" />
+	<target host="static01.graylady3jvrrxbe.onion" />
+		<test url="http://static01.graylady3jvrrxbe.onion/images/2017/10/28/business/28ECON1/27ECON1-largeHorizontalJumbo.jpg" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/greatplacetowork.com.xml b/src/chrome/content/rules/greatplacetowork.com.xml
new file mode 100644
index 000000000000..f2d05f695c27
--- /dev/null
+++ b/src/chrome/content/rules/greatplacetowork.com.xml
@@ -0,0 +1,54 @@
+<!--
+	Invalid certificate:
+		ciq.greatplacetowork.com
+		createyours.greatplacetowork.com
+		dev-www.greatplacetowork.com
+		engage.greatplacetowork.com
+		fortunelist2015.greatplacetowork.com
+		learn.greatplacetowork.com
+		listparticipation.greatplacetowork.com
+		lyncdiscover.greatplacetowork.com
+		lyncdiscoverinternal.greatplacetowork.com
+		sa.greatplacetowork.com
+		saen.greatplacetowork.com
+
+	Refused:
+		get.greatplacetowork.com
+		team.greatplacetowork.com
+
+	Time out:
+		reviews.greatplacetowork.com
+
+	Unreachable:
+		autodiscover.greatplacetowork.com
+
+	Incomplete certificate chain:
+		culturesurvey.greatplacetowork.com
+-->
+<ruleset name="greatplacetowork.com">
+	<target host="greatplacetowork.com" />
+	<target host="www.greatplacetowork.com" />
+	<target host="clientcenter.greatplacetowork.com" />
+	<target host="clients.greatplacetowork.com" />
+	<target host="cq.greatplacetowork.com" />
+	<target host="dev-cmp.greatplacetowork.com" />
+	<target host="dev-cmpapi.greatplacetowork.com" />
+	<target host="dev-cq.greatplacetowork.com" />
+	<target host="dev-my.greatplacetowork.com" />
+	<target host="dev-reporting.greatplacetowork.com" />
+	<target host="elk.greatplacetowork.com" />
+	<target host="fs.greatplacetowork.com" />
+	<target host="my.greatplacetowork.com" />
+	<target host="qa-cmp.greatplacetowork.com" />
+	<target host="qa-cmpapi.greatplacetowork.com" />
+	<target host="qa-cq.greatplacetowork.com" />
+	<target host="qa-my.greatplacetowork.com" />
+	<target host="qa-reporting.greatplacetowork.com" />
+	<target host="reporting.greatplacetowork.com" />
+	<target host="reset.greatplacetowork.com" />
+	<target host="support.greatplacetowork.com" />
+	<target host="www2.greatplacetowork.com" />
+
+	<rule from="^http://greatplacetowork\.com/" to="https://www.greatplacetowork.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/greenhouseci.com.xml b/src/chrome/content/rules/greenhouseci.com.xml
deleted file mode 100644
index 07de2854dd71..000000000000
--- a/src/chrome/content/rules/greenhouseci.com.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-www.greenhouseci.com timed out
-blog.greenhouseci.com mismatch
-docs.greenhouseci.com mismatch
--->
-<ruleset name="greenhouseci.com">
-	<target host="greenhouseci.com" />
-	<target host="www.greenhouseci.com" />
-	<target host="app.greenhouseci.com" />
-	
-	<rule from="^http://www\.greenhouseci\.com/"
-		to="https://greenhouseci.com/" />
-
-	<test url="http://www.greenhouseci.com/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/gregzaal.com.xml b/src/chrome/content/rules/gregzaal.com.xml
new file mode 100644
index 000000000000..891e698250e2
--- /dev/null
+++ b/src/chrome/content/rules/gregzaal.com.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		ftp.gregzaal.com
+		mysql.gregzaal.com
+		ssh.gregzaal.com
+
+	Time out:
+		mail.gregzaal.com
+		webmail.gregzaal.com
+
+	Unsupported protocol:
+		www.webmail.gregzaal.com
+-->
+<ruleset name="gregzaal.com">
+	<target host="gregzaal.com" />
+	<target host="www.gregzaal.com" />
+	<target host="blog.gregzaal.com" />
+	<target host="portfolio.gregzaal.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/grist.org.xml b/src/chrome/content/rules/grist.org.xml
index a17e57e68511..a7f162af3fb6 100644
--- a/src/chrome/content/rules/grist.org.xml
+++ b/src/chrome/content/rules/grist.org.xml
@@ -2,7 +2,7 @@
 	Mixed content:
 
 		- Bug from b.scorecardresearch.com ˢ
-	
+
 	ˢ Secured by us
 
 -->
diff --git a/src/chrome/content/rules/growerscup.coffee.xml b/src/chrome/content/rules/growerscup.coffee.xml
index 2f27faa48382..ce2c0e59ebcb 100644
--- a/src/chrome/content/rules/growerscup.coffee.xml
+++ b/src/chrome/content/rules/growerscup.coffee.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.growerscup.coffee/ => https://www.growerscup.coffee/: (51, "SSL: no alternative certificate subject name matches target host name 'www.growerscup.coffee'")
 
 -->
-<ruleset name="growerscup.coffee" default_off='failed ruleset test'>
+<ruleset name="growerscup.coffee" default_off="failed ruleset test">
 	<target host="www.growerscup.coffee" />
 	<target host="growerscup.coffee" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/gsmmap.org.xml b/src/chrome/content/rules/gsmmap.org.xml
index 1aecde618cc6..6dd0485420f8 100644
--- a/src/chrome/content/rules/gsmmap.org.xml
+++ b/src/chrome/content/rules/gsmmap.org.xml
@@ -2,7 +2,7 @@
 	Mismatch on www.
 -->
 <ruleset name="GSM Security Map">
-	
+
 	<target host="gsmmap.org" />
 	<target host="www.gsmmap.org" />
 
diff --git a/src/chrome/content/rules/gsspat.jp.xml b/src/chrome/content/rules/gsspat.jp.xml
index a0d5ba749699..67c919fa3b15 100644
--- a/src/chrome/content/rules/gsspat.jp.xml
+++ b/src/chrome/content/rules/gsspat.jp.xml
@@ -5,4 +5,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/gtrk.tv.xml b/src/chrome/content/rules/gtrk.tv.xml
deleted file mode 100644
index 984ff04395c1..000000000000
--- a/src/chrome/content/rules/gtrk.tv.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="gtrk.tv" platform="mixedcontent">
-	<target host="gtrk.tv" />
-	<target host="www.gtrk.tv" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/gu.spb.ru.xml b/src/chrome/content/rules/gu.spb.ru.xml
new file mode 100644
index 000000000000..eb86c4546845
--- /dev/null
+++ b/src/chrome/content/rules/gu.spb.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="gu.spb.ru">
+    <target host="gu.spb.ru" />
+    <target host="www.gu.spb.ru" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^gu\.spb\.ru$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/gulli.com.xml b/src/chrome/content/rules/gulli.com.xml
index 5e9ffd4b3524..dcb79e183d8c 100644
--- a/src/chrome/content/rules/gulli.com.xml
+++ b/src/chrome/content/rules/gulli.com.xml
@@ -1,21 +1,9 @@
-<!--
-not working:
-videos.gulli.com
-board.gulli.com
-ansichtssache.gulli.com
-newspresso.gulli.com
-www.gullipics.com
--->
-<ruleset name="gulli.com (partial)" platform="mixedcontent">
-
-	<target host="gulli.com"/>
-	<target host="*.gulli.com"/>
-	<target host="gullipics.com"/>
-	<target host="*.gullipics.com"/>
-
-	<rule from="^http://(?:www\.)?gulli\.com/"
-		to="https://www.gulli.com/"/>
-	<rule from="^http://(apps|login|static)\.gulli\.com/"
-		to="https://$1.gulli.com/"/>
+<ruleset name="gulli.com (partial)">
+	<target host="gulli.com" />
+	<target host="www.gulli.com" />
+ 	<target host="board.gulli.com" />
+	
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/guoshipartners.com.xml b/src/chrome/content/rules/guoshipartners.com.xml
index 7d438787040e..89bc8ee140c6 100644
--- a/src/chrome/content/rules/guoshipartners.com.xml
+++ b/src/chrome/content/rules/guoshipartners.com.xml
@@ -5,9 +5,9 @@ Mismatch:
 -->
 
 <ruleset name="guoshipartners.com (partial)">
-	
+
 	<target host="ad-specs.guoshipartners.com" />
-	
+
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/gvt1.com.xml b/src/chrome/content/rules/gvt1.com.xml
new file mode 100644
index 000000000000..31a174f94ec9
--- /dev/null
+++ b/src/chrome/content/rules/gvt1.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="gvt1.com (partial)">
+	<target host="redirector.gvt1.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/gwdang.xml b/src/chrome/content/rules/gwdang.xml
index 034ecd6c1489..9535244a2612 100644
--- a/src/chrome/content/rules/gwdang.xml
+++ b/src/chrome/content/rules/gwdang.xml
@@ -15,5 +15,5 @@
 	<target host="www.gwdang.com" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/halton.gov.uk-falsemixed.xml b/src/chrome/content/rules/halton.gov.uk-falsemixed.xml
index 121cc3ee3e64..dd7465daf2fa 100644
--- a/src/chrome/content/rules/halton.gov.uk-falsemixed.xml
+++ b/src/chrome/content/rules/halton.gov.uk-falsemixed.xml
@@ -6,7 +6,7 @@ Fetch error: http://kohalibrary.halton.gov.uk/ => https://kohalibrary.halton.gov
 	For rules not causing false/broken MCB, see halton.gov.uk.xml.
 
 -->
-<ruleset name="Halton.gov.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Halton.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="kohalibrary.halton.gov.uk" />
 
diff --git a/src/chrome/content/rules/halton.gov.uk.xml b/src/chrome/content/rules/halton.gov.uk.xml
index 8cf6b0ae9d85..0d3fe98837db 100644
--- a/src/chrome/content/rules/halton.gov.uk.xml
+++ b/src/chrome/content/rules/halton.gov.uk.xml
@@ -49,7 +49,7 @@ Fetch error: http://www2.halton.gov.uk/ => https://www2.halton.gov.uk/: (6, 'Cou
 
 		- iframe on careandsupportforyou from www.youtube.com
 		- css, on:
-		
+
 			- councillors, moderngov from www.halton.gov.uk
 			- kohalibrary from $self
 
@@ -66,7 +66,7 @@ Fetch error: http://www2.halton.gov.uk/ => https://www2.halton.gov.uk/: (6, 'Cou
 	ᵈ Unsecurable <= dropped
 
 -->
-<ruleset name="Halton.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Halton.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--target host="halton.gov.uk" /-->
 	<target host="careandsupportforyou.halton.gov.uk" />
diff --git a/src/chrome/content/rules/hamnetdb.net.xml b/src/chrome/content/rules/hamnetdb.net.xml
new file mode 100644
index 000000000000..eab7a65d1bb0
--- /dev/null
+++ b/src/chrome/content/rules/hamnetdb.net.xml
@@ -0,0 +1,12 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="hamnetdb.net">
+
+	<target host="hamnetdb.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/handelsbanken.se.xml b/src/chrome/content/rules/handelsbanken.se.xml
new file mode 100644
index 000000000000..fe23920bd4c1
--- /dev/null
+++ b/src/chrome/content/rules/handelsbanken.se.xml
@@ -0,0 +1,57 @@
+<!--
+    Mismatched:
+        - affarsnyttigt.handelsbanken.se
+        - event.handelsbanken.se
+        - aw.handelsbanken.se
+        - www.forskningsstiftelserna.handelsbanken.se
+        - hcm.handelsbanken.se
+        - link01.handelsbanken.se
+        - mob.handelsbanken.se
+        - newsletter.handelsbanken.se
+        - tv.handelsbanken.se
+        - w3c.handelsbanken.se
+
+    Incomplete certificate chain:
+        - extranet.handelsbanken.se
+        - ow.handelsbanken.se
+        - ssl.handelsbanken.se
+
+    Connection reset:
+        - m.handelsbanken.se
+
+    SSL handshake failure:
+        - mol-stp.handelsbanken.se
+
+    Expired:
+        - rem4ft.handelsbanken.se
+
+    Self-signed:
+		- rema5.handelsbanken.se
+
+	Distrusted CA (Symantec):
+		- da.handelsbanken.se
+		- davpn.handelsbanken.se
+-->
+<ruleset name="handelsbanken.se">
+	<target host="handelsbanken.se" />
+	<target host="www.handelsbanken.se" />
+	<target host="awe.handelsbanken.se" />
+	<target host="awe-pt.handelsbanken.se" />
+	<target host="borsrum.handelsbanken.se" />
+	<target host="d01.handelsbanken.se" />
+	<target host="da-pt.handelsbanken.se" />
+	<target host="dalux.handelsbanken.se" />
+	<target host="daus.handelsbanken.se" />
+	<target host="embed.handelsbanken.se" />
+	<target host="fmc.handelsbanken.se" />
+	<target host="fmc-pt.handelsbanken.se" />
+	<target host="lag.handelsbanken.se" />
+	<target host="m2.handelsbanken.se" />
+	<target host="mino.handelsbanken.se" />
+	<target host="research.handelsbanken.se" />
+	<target host="saljfinans.handelsbanken.se" />
+	<target host="test.saljfinans.handelsbanken.se" />
+	<target host="secure.handelsbanken.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/handylinux.org.xml b/src/chrome/content/rules/handylinux.org.xml
deleted file mode 100644
index 7d5ec3cf9a4d..000000000000
--- a/src/chrome/content/rules/handylinux.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<!--blog. mismatch-->
-<ruleset name="handylinux.org">
-	<target host="handylinux.org" />
-	<target host="www.handylinux.org" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hannahmageerd.com.xml b/src/chrome/content/rules/hannahmageerd.com.xml
new file mode 100644
index 000000000000..6944e921220d
--- /dev/null
+++ b/src/chrome/content/rules/hannahmageerd.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="hannahmageerd.com">
+	<target host="hannahmageerd.com" />
+	<target host="www.hannahmageerd.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hardware.fr.xml b/src/chrome/content/rules/hardware.fr.xml
index a9fc0514dd43..1dabcafeab6e 100644
--- a/src/chrome/content/rules/hardware.fr.xml
+++ b/src/chrome/content/rules/hardware.fr.xml
@@ -19,10 +19,10 @@
 	<target host="shop.hardware.fr" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http://hardware\.fr/"
 		to="https://www.hardware.fr/" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/hardwareluxx.ru.xml b/src/chrome/content/rules/hardwareluxx.ru.xml
deleted file mode 100644
index f17d41f5c24e..000000000000
--- a/src/chrome/content/rules/hardwareluxx.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="hardwareluxx.ru" platform="mixedcontent">      
-   <target host="hardwareluxx.ru" />
-   <target host="www.hardwareluxx.ru" />
-
-   <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hashkiller.co.uk.xml b/src/chrome/content/rules/hashkiller.co.uk.xml
deleted file mode 100644
index 63f12afaf822..000000000000
--- a/src/chrome/content/rules/hashkiller.co.uk.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="hashkiller.co.uk">
-	<target host="hashkiller.co.uk" />
-	<target host="www.hashkiller.co.uk" />
-	<target host="forum.hashkiller.co.uk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/havant.gov.uk.xml b/src/chrome/content/rules/havant.gov.uk.xml
index c9833d6a64e2..1a3a7a7a0e15 100644
--- a/src/chrome/content/rules/havant.gov.uk.xml
+++ b/src/chrome/content/rules/havant.gov.uk.xml
@@ -37,7 +37,7 @@ Fetch error: http://www3.havant.gov.uk/ => https://www3.havant.gov.uk/: (28, 'Co
 	ˢ Secured by us
 
 -->
-<ruleset name="Havant.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Havant.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="havant.gov.uk" />
 	<target host="accounts.havant.gov.uk" />
diff --git a/src/chrome/content/rules/hayloft-plants.co.uk.xml b/src/chrome/content/rules/hayloft-plants.co.uk.xml
index 2ef03cc02c40..79e59de67909 100644
--- a/src/chrome/content/rules/hayloft-plants.co.uk.xml
+++ b/src/chrome/content/rules/hayloft-plants.co.uk.xml
@@ -2,7 +2,7 @@
 	Problematic hosts in *hayloft-plants.co.uk:
 
 		- support ᵐ
-	
+
 	ᵐ Mismatched
 
 
diff --git a/src/chrome/content/rules/hazro.com.xml b/src/chrome/content/rules/hazro.com.xml
index e2d2cb0a38bb..97ed311aa68f 100644
--- a/src/chrome/content/rules/hazro.com.xml
+++ b/src/chrome/content/rules/hazro.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://hazro.com/ => https://hazro.com/: (60, 'SSL certificate prob
 Fetch error: http://www.hazro.com/ => https://www.hazro.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Hazro.com" default_off='failed ruleset test'>
+<ruleset name="Hazro.com" default_off="failed ruleset test">
   <target host="hazro.com" />
   <target host="www.hazro.com" />
 
diff --git a/src/chrome/content/rules/hcstx.org.xml b/src/chrome/content/rules/hcstx.org.xml
index d856cb1507df..084e03e25e15 100644
--- a/src/chrome/content/rules/hcstx.org.xml
+++ b/src/chrome/content/rules/hcstx.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.hcstx.org/ => https://www.hcstx.org/: (7, 'Failed to con
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="HCStx.org" default_off='failed ruleset test'>
+<ruleset name="HCStx.org" default_off="failed ruleset test">
 
 	<target host="hcstx.org" />
 	<target host="www.hcstx.org" />
diff --git a/src/chrome/content/rules/hdclub.org.xml b/src/chrome/content/rules/hdclub.org.xml
deleted file mode 100644
index 21e60cce59a3..000000000000
--- a/src/chrome/content/rules/hdclub.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="HDClub">       
-   <target host="hdclub.org" />       
-   <target host="www.hdclub.org" />             
-       
-   <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hddguru.com.xml b/src/chrome/content/rules/hddguru.com.xml
new file mode 100644
index 000000000000..dd68dea7deaa
--- /dev/null
+++ b/src/chrome/content/rules/hddguru.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		www.files.hddguru.com
+		www.forum.hddguru.com
+-->
+<ruleset name="hddguru.com">
+	<target host="hddguru.com" />
+	<target host="www.hddguru.com" />
+	<target host="files.hddguru.com" />
+	<target host="forum.hddguru.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hdvest.com.xml b/src/chrome/content/rules/hdvest.com.xml
index b0c1f4e59826..5fb46fd3e5db 100644
--- a/src/chrome/content/rules/hdvest.com.xml
+++ b/src/chrome/content/rules/hdvest.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://bcp.hdvlink.com/ => https://bcp.hdvlink.com/: (60, 'SSL cert
 		- my.hdvest.com			(incomplete cert chain)
 		- (my|www).myhdvest.com		(incomplete cert chain)
 -->
-<ruleset name="HD Vest" default_off='failed ruleset test'>
+<ruleset name="HD Vest" default_off="failed ruleset test">
 	<target host=    "hdvest.com" />
 	<target host="www.hdvest.com" />
 	<target host="why.hdvest.com" />
diff --git a/src/chrome/content/rules/headline24.de.xml b/src/chrome/content/rules/headline24.de.xml
index f313ca520671..7b083eb0b226 100644
--- a/src/chrome/content/rules/headline24.de.xml
+++ b/src/chrome/content/rules/headline24.de.xml
@@ -5,20 +5,20 @@
 	<target host="www.mannheim24.de"/>
 	<target host="lust.mannheim24.de"/>
 	<target host="play.mannheim24.de"/>
-	
+
 	<!-- *Heidelberg24.de -->
 	<target host="heidelberg24.de"/>
 	<target host="www.heidelberg24.de"/>
 	<target host="lust.heidelberg24.de"/>
 	<target host="play.heidelberg24.de"/>
-	
+
 	<!-- *Ludwigshafen24.de -->
 	<target host="ludwigshafen24.de"/>
 	<target host="www.ludwigshafen24.de"/>
 	<target host="lust.ludwigshafen24.de"/>
 	<target host="play.ludwigshafen24.de"/>
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/healthnet.com.xml b/src/chrome/content/rules/healthnet.com.xml
index 6cfd11ec396f..d59421d57add 100644
--- a/src/chrome/content/rules/healthnet.com.xml
+++ b/src/chrome/content/rules/healthnet.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://jobs.healthnet.com/ => https://jobs.healthnet.com/: (51, "SS
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Health Net.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Health Net.com (partial)" default_off="failed ruleset test">
 
 	<target host="healthnet.com" />
 	<target host="hrlink.healthnet.com" />
diff --git a/src/chrome/content/rules/hebdo.ch.xml b/src/chrome/content/rules/hebdo.ch.xml
index 5a24b71f672d..47cff1d285e1 100644
--- a/src/chrome/content/rules/hebdo.ch.xml
+++ b/src/chrome/content/rules/hebdo.ch.xml
@@ -5,7 +5,7 @@ Fetch error: http://hebdo.ch/ => https://hebdo.ch/: Too many redirects while fet
 Fetch error: http://www.hebdo.ch/ => https://www.hebdo.ch/: Too many redirects while fetching 'https://www.hebdo.ch/'
 
 -->
-<ruleset name="hebdo.ch" default_off='failed ruleset test'>
+<ruleset name="hebdo.ch" default_off="failed ruleset test">
 	<target host="hebdo.ch"/>
 	<target host="www.hebdo.ch"/>
 
diff --git a/src/chrome/content/rules/heidilatskydance.org.xml b/src/chrome/content/rules/heidilatskydance.org.xml
new file mode 100644
index 000000000000..daa9e3fe0cd3
--- /dev/null
+++ b/src/chrome/content/rules/heidilatskydance.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		calendar.heidilatskydance.org
+		docs.heidilatskydance.org
+		mail.heidilatskydance.org
+-->
+<ruleset name="heidilatskydance.org">
+	<target host="heidilatskydance.org" />
+	<target host="www.heidilatskydance.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hekasoft.com.xml b/src/chrome/content/rules/hekasoft.com.xml
new file mode 100644
index 000000000000..7086c7f2e9bf
--- /dev/null
+++ b/src/chrome/content/rules/hekasoft.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Non-2xx HTTP code:
+		blog.hekasoft.com
+
+	Refused:
+		admin.hekasoft.com
+		webmail.hekasoft.com
+-->
+<ruleset name="hekasoft.com">
+	<target host="hekasoft.com" />
+	<target host="www.hekasoft.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/helptorrents.com.xml b/src/chrome/content/rules/helptorrents.com.xml
deleted file mode 100644
index f8031f5217e0..000000000000
--- a/src/chrome/content/rules/helptorrents.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="helptorrents.com">
-	<target host="helptorrents.com" />
-	<target host="www.helptorrents.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hengxinli.com.xml b/src/chrome/content/rules/hengxinli.com.xml
index de6fdd5faf6a..01d928eeb278 100644
--- a/src/chrome/content/rules/hengxinli.com.xml
+++ b/src/chrome/content/rules/hengxinli.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://hengxinli.com/ => https://hengxinli.com/: (28, 'Connection t
 Fetch error: http://www.hengxinli.com/ => https://www.hengxinli.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="Hengxinli.com" default_off='failed ruleset test'>
+<ruleset name="Hengxinli.com" default_off="failed ruleset test">
 
 	<target host="hengxinli.com" />
 	<target host="www.hengxinli.com" />
diff --git a/src/chrome/content/rules/henrikc.dk.xml b/src/chrome/content/rules/henrikc.dk.xml
new file mode 100644
index 000000000000..216a1e4bab03
--- /dev/null
+++ b/src/chrome/content/rules/henrikc.dk.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		test2.henrikc.dk
+
+	Refused:
+		localhost.henrikc.dk
+
+	Time out:
+		ask.henrikc.dk
+		dynip.henrikc.dk
+		mail.henrikc.dk
+		old.henrikc.dk
+		test.henrikc.dk
+
+	Unreachable:
+		camo.henrikc.dk
+		militaryvehicles.henrikc.dk
+-->
+<ruleset name="henrikc.dk">
+	<target host="henrikc.dk" />
+	<target host="www.henrikc.dk" />
+	<target host="cpanel.henrikc.dk" />
+	<target host="cpcalendars.henrikc.dk" />
+	<target host="cpcontacts.henrikc.dk" />
+	<target host="webdisk.henrikc.dk" />
+	<target host="webmail.henrikc.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hessenschau.de.xml b/src/chrome/content/rules/hessenschau.de.xml
new file mode 100644
index 000000000000..fe94eb5ee49b
--- /dev/null
+++ b/src/chrome/content/rules/hessenschau.de.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		www.hessencheck.hessenschau.de
+		reportage.hessenschau.de
+-->
+<ruleset name="hessenschau.de">
+
+	<target host="hessenschau.de" />
+	<target host="www.hessenschau.de" />
+	<target host="app.hessenschau.de" />
+	<target host="www.app.hessenschau.de" />
+	<target host="blog.hessenschau.de" />
+	<target host="download.hessenschau.de" />
+		<test url="http://download.hessenschau.de/kultur/documenta/documenta-lageplan-100.pdf" />
+	<target host="www.ironman.hessenschau.de" />
+	<target host="www.marathon.hessenschau.de" />
+	<target host="www.radrennen.hessenschau.de" />
+	<target host="www.schulausfall.hessenschau.de" />
+	<target host="wahlergebnisse.hessenschau.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/heute.at.xml b/src/chrome/content/rules/heute.at.xml
new file mode 100644
index 000000000000..5037b0342107
--- /dev/null
+++ b/src/chrome/content/rules/heute.at.xml
@@ -0,0 +1,36 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="heute.at (partial)">
+
+	<target host="heute.at" />
+	<target host="www.heute.at" />
+	<target host="adventskalender.heute.at" />
+	<target host="amp.heute.at" />
+	<target host="api.heute.at" />
+	<target host="epaper.heute.at" />
+	<target host="events.heute.at" />
+	<target host="horoskop.heute.at" />
+	<target host="inform.heute.at" />
+	<target host="kino.heute.at" />
+	<target host="legacy.heute.at" />
+	<target host="login.heute.at" />
+	<target host="m.heute.at" />
+	<target host="mail.heute.at" />
+	<target host="php.heute.at" />
+	<target host="showroom-chili.heute.at" />
+	<target host="static01.heute.at" />
+	<target host="story.heute.at" />
+	<target host="tierisch.heute.at" />
+	<target host="tirol.heute.at" />
+	<target host="tv.heute.at" />
+	<target host="videos.heute.at" />
+	<target host="vorarlberg.heute.at" />
+	<target host="wetter.heute.at" />
+	<target host="wmtippspiel.heute.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/highways.gov.uk.xml b/src/chrome/content/rules/highways.gov.uk.xml
deleted file mode 100644
index 777ca17c5f15..000000000000
--- a/src/chrome/content/rules/highways.gov.uk.xml
+++ /dev/null
@@ -1,87 +0,0 @@
-<!--
-	Highways Agency
-
-	For other UK government coverage, see GOV.UK.xml.
-
-
-	CDN buckets:
-
-		- assets.highways.gov.uk.s3.amazonaws.com
-		- data.highways.gov.uk.s3.amazonaws.com
-
-
-	(www.)?highways.gov.uk: Refused
-
-
-	Problematic hosts in *highways.gov.uk:
-
-		- aka ᵐ
-		- assets ᵐ
-		- data ᵐ
-
-	ᵐ Mismatched
-
-
-	Partially covered hosts in *highways.gov.uk:
-
-		- (www.)? *
-		- aka *
-
-	* Not all paths redirect predictably
-
-
-	Insecure cookies are set for these hosts:
-
-		- recruitment.highways.gov.uk
-
--->
-<ruleset name="Highways.gov.uk (partial)">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="m.highways.gov.uk" />
-	<target host="recruitment.highways.gov.uk" />
-
-	<!--	Complications:
-				-->
-	<target host="highways.gov.uk" />
-	<target host="aka.highways.gov.uk" />
-	<target host="assets.highways.gov.uk" />
-	<target host="data.highways.gov.uk" />
-	<target host="www.highways.gov.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^recruitment\.highways\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^\." name="^__utm" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<!--	Redirect drops forward slash and args:
-							-->
-	<rule from="^http://(?:aka\.|www\.)?highways\.gov\.uk/.*"
-		to="https://www.gov.uk/government/organisations/highways-england" />
-
-		<!--	/*\w does not redirect:
-						-->
-		<exclusion pattern="^http://(?:aka\.|www\.)?highways\.gov\.uk/+(?!$|\?)" />
-
-			<!--	ve:
-					-->
-			<test url="http://highways.gov.uk/default.aspx" />
-			<test url="http://highways.gov.uk/favicon.ico" />
-			<test url="http://aka.highways.gov.uk/home" />
-			<test url="http://aka.highways.gov.uk/index.htm" />
-			<test url="http://www.highways.gov.uk/index.html" />
-			<test url="http://www.highways.gov.uk/index.jsp" />
-			<test url="http://www.highways.gov.uk/index.php" />
-
-	<rule from="^http://(assets|data)\.highways\.gov\.uk/"
-		to="https://s3.amazonaws.com/$1.highways.gov.uk/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/hiking.gov.hk.xml b/src/chrome/content/rules/hiking.gov.hk.xml
new file mode 100644
index 000000000000..11ad990311d7
--- /dev/null
+++ b/src/chrome/content/rules/hiking.gov.hk.xml
@@ -0,0 +1,13 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	No alternative certificate subject name matches target host name:
+		- hiking.gov.hk
+-->
+<ruleset name="hiking.gov.hk">
+	<target host="hiking.gov.hk" />
+	<target host="www.hiking.gov.hk" />
+
+	<rule from="^http://(www\.)?hiking\.gov\.hk/"
+		to="https://www.hiking.gov.hk/" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkcnews.com.xml b/src/chrome/content/rules/hkcnews.com.xml
new file mode 100644
index 000000000000..ab54ff13c2a5
--- /dev/null
+++ b/src/chrome/content/rules/hkcnews.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="hkcnews.com">
+	<target host="hkcnews.com" />
+	<target host="www.hkcnews.com" />
+	<target host="slgfg.hkcnews.com" />
+	<target host="www1.hkcnews.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkex.com.hk.xml b/src/chrome/content/rules/hkex.com.hk.xml
index 711c2d349d17..7eae35a02f32 100644
--- a/src/chrome/content/rules/hkex.com.hk.xml
+++ b/src/chrome/content/rules/hkex.com.hk.xml
@@ -1,16 +1,16 @@
 <!--
+	Other HKEX related rulesets:
+		+ hkexgroup.com.xml
+		+ lme.com.xml
+		+ hkexnews.hk.xml
+
 	Invalid certificate:
 		en-rules.hkex.com.hk
 		www.iporesults.hkex.com.hk
 
-	Error 404:
-		sdinotice.hkex.com.hk
-
 	Time out:
 		hkex.com.hk
-		csm.hkex.com.hk
 		m.hkex.com.hk
-		search.hkex.com.hk
 -->
 <ruleset name="Hong Kong Exchanges and Clearing Limited">
 
@@ -19,10 +19,12 @@
 	<target host="www.ecp.hkex.com.hk" />
 	<target host="www.esubmission.hkex.com.hk" />
 	<target host="sc.hkex.com.hk" />
+	<target host="sdinotice.hkex.com.hk" />
+		<test url="http://sdinotice.hkex.com.hk/Home/Login" />
 
-	<securecookie host="^www\.hkex\.com\.hk$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http://(www\.)?hkex\.com\.hk/"
+	<rule from="^http://hkex\.com\.hk/"
 		to="https://www.hkex.com.hk/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/hkexgroup.com.xml b/src/chrome/content/rules/hkexgroup.com.xml
new file mode 100644
index 000000000000..7adc252d11a1
--- /dev/null
+++ b/src/chrome/content/rules/hkexgroup.com.xml
@@ -0,0 +1,18 @@
+<!--
+	For other HKEX related rulesets, see hkex.com.hk.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- hkexgroup.com
+-->
+<ruleset name="HKEXGroup.com">
+	<target host="hkexgroup.com" />
+	<target host="www.hkexgroup.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hkexgroup\.com/"
+			to="https://www.hkexgroup.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkexnews.hk.xml b/src/chrome/content/rules/hkexnews.hk.xml
new file mode 100644
index 000000000000..1c138e7a1008
--- /dev/null
+++ b/src/chrome/content/rules/hkexnews.hk.xml
@@ -0,0 +1,17 @@
+<!--
+	For other HKEX related rulesets, see hkex.com.hk.xml.
+
+	Non-functional hosts
+		SSL error:
+		- www3.hkexnews.hk
+-->
+<ruleset name="HKEXnews.hk">
+	<target host="sc.hkexnews.hk" />
+	<target host="www.hkexnews.hk" />
+	<target host="www1.hkexnews.hk" />
+	<target host="www2.hkexnews.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkicl.com.hk.xml b/src/chrome/content/rules/hkicl.com.hk.xml
index 05238e15c447..7d2e69a87a19 100644
--- a/src/chrome/content/rules/hkicl.com.hk.xml
+++ b/src/chrome/content/rules/hkicl.com.hk.xml
@@ -50,6 +50,6 @@
 	<rule from="^http://hkicl\.com\.hk/"
 			to="https://www.hkicl.com.hk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/hkjc.com.xml b/src/chrome/content/rules/hkjc.com.xml
index 0a5b1b37fe7d..2522a33d271b 100644
--- a/src/chrome/content/rules/hkjc.com.xml
+++ b/src/chrome/content/rules/hkjc.com.xml
@@ -102,13 +102,13 @@
 <ruleset name="HKJC Lotteries Limited">
 	<target host="android.hkjc.com" />
 	<target host="booking.hkjc.com" />
-	
+
 	<target host="campaign.hkjc.com" />
 	<test url="http://campaign.hkjc.com/en/hkir/history.aspx" />
-	
+
 	<target host="ccwebchat.hkjc.com" />
 	<test url="http://ccwebchat.hkjc.com/WebChat/HelpMenu.aspx" />
-	
+
 	<target host="www.bookingrc.hkjc.com" />
 	<target host="elogin.hkjc.com" />
 	<target host="elogin01.hkjc.com" />
@@ -123,10 +123,10 @@
 	<target host="ibuttxn01.hkjc.com" />
 	<target host="ibuttxn02.hkjc.com" />
 	<target host="icrn.hkjc.com" />
-	
+
 	<target host="is.hkjc.com" />
 	<test url="http://is.hkjc.com/baoa_mobile/entry/en/" />
-	
+
 	<target host="iosbsinfo.hkjc.com" />
 	<target host="iosbsinfo01.hkjc.com" />
 	<target host="iosbsinfo02.hkjc.com" />
@@ -139,17 +139,17 @@
 	<target host="mcjctxn.hkjc.com" />
 	<target host="mcjctxn01.hkjc.com" />
 	<target host="mcjctxn02.hkjc.com" />
-	
+
 	<target host="mtp.hkjc.com" />
 	<test url="http://mtp.hkjc.com/application" />
-	
+
 	<target host="mwcip.hkjc.com" />
 	<target host="mwcip01.hkjc.com" />
 	<target host="mwcip02.hkjc.com" />
-	
+
 	<target host="special.hkjc.com" />
 	<test url="http://special.hkjc.com/infomenu/en/images/hkjc_logo.png" />
-	
+
 	<target host="txn01.hkjc.com" />
 	<exclusion pattern="^http://txn01\.hkjc\.com/BetSlip/index\.aspx" />
 	<test url="http://txn01.hkjc.com/BetSlip/index.aspx" />
diff --git a/src/chrome/content/rules/hko.gov.hk.xml b/src/chrome/content/rules/hko.gov.hk.xml
new file mode 100644
index 000000000000..4c58b6000da4
--- /dev/null
+++ b/src/chrome/content/rules/hko.gov.hk.xml
@@ -0,0 +1,42 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Non-functional hosts in *.hko.gov.hk
+		Couldn't connect to server:
+		- gbm.hko.gov.hk
+
+		SSL peer certificate was not OK:
+		- kids.hko.gov.hk
+		- pda.hko.gov.hk
+		- wap.hko.gov.hk
+
+		Incomplete certificate chain error:
+		- m.hko.gov.hk
+
+	Non-functional hosts in *.weather.gov.hk:
+		Incomplete certificate chain error:
+		- m.weather.gov.hk (sometimes)
+
+-->
+<ruleset name="Hong Kong Observatory">
+	<!-- *.hko.gov.hk -->
+	<target host="www.hko.gov.hk" />
+	<target host="avrdp.hko.gov.hk" />
+	<target host="elderly.hko.gov.hk" />
+	<target host="maps.hko.gov.hk" />
+	<target host="my.hko.gov.hk" />
+
+	<!-- *.weather.gov.hk -->
+	<target host="www.weather.gov.hk" />
+	<target host="data.weather.gov.hk" />
+	<target host="elderly.weather.gov.hk" />
+	<target host="gb.weather.gov.hk" />
+	<target host="gowise2.weather.gov.hk" />
+	<target host="kids.weather.gov.hk" />
+	<target host="maps.weather.gov.hk" />
+	<target host="my.weather.gov.hk" />
+	<target host="rss.weather.gov.hk" />
+	<test url="http://rss.weather.gov.hk/img/pic62.png" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hkstockadr.com.xml b/src/chrome/content/rules/hkstockadr.com.xml
new file mode 100644
index 000000000000..5eadb2999d97
--- /dev/null
+++ b/src/chrome/content/rules/hkstockadr.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="hkstockadr.com">
+	<target host="hkstockadr.com" />
+	<target host="www.hkstockadr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hku.hk.xml b/src/chrome/content/rules/hku.hk.xml
index 01428d6038db..2ebc79dc4cb0 100644
--- a/src/chrome/content/rules/hku.hk.xml
+++ b/src/chrome/content/rules/hku.hk.xml
@@ -9,7 +9,7 @@ Fetch error: http://acs.law.hku.hk/ => https://acs.law.hku.hk/: (28, 'Connection
 Fetch error: http://www.talentedapp.hku.hk/ => https://www.talentedapp.hku.hk/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 	Problematic domains:
-	
+
 	Invalid certs:
 	 	- www.aal.hku.hk
 	 	- www.als.hku.hk
@@ -181,11 +181,11 @@ Fetch error: http://www.talentedapp.hku.hk/ => https://www.talentedapp.hku.hk/:
 		- sis-eportal.hku.hk
 		- paed.hku.hk
 -->
-<ruleset name="The University of Hong Kong" default_off='failed ruleset test'>
+<ruleset name="The University of Hong Kong" default_off="failed ruleset test">
 
 	<target host="hku.hk" />
 	<target host="www.hku.hk" />
-	
+
 	<target host="100.hku.hk" />
 	<target host="www.alumni.hku.hk" />
 	<target host="printserver.ad.arch.hku.hk" />
@@ -339,6 +339,6 @@ Fetch error: http://www.talentedapp.hku.hk/ => https://www.talentedapp.hku.hk/:
 	<rule from="^http://ppaweb\.hku\.hk/" to="https://www.ppaweb.hku.hk/" />
 	<rule from="^http://www\.sites\.sociology\.hku\.hk/" to="https://sites.sociology.hku.hk/" />
 	<rule from="^http://versitech\.hku\.hk/" to="https://www.versitech.hku.hk/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/hoehrmann.de.xml b/src/chrome/content/rules/hoehrmann.de.xml
new file mode 100644
index 000000000000..833331f608df
--- /dev/null
+++ b/src/chrome/content/rules/hoehrmann.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		ftp.bjoern.hoehrmann.de
+		mail.bjoern.hoehrmann.de
+		ssh.bjoern.hoehrmann.de
+		webmail.bjoern.hoehrmann.de
+		ftp.hoehrmann.de
+		ssh.hoehrmann.de
+		stephan.hoehrmann.de
+		ftp.stephan.hoehrmann.de
+		ssh.stephan.hoehrmann.de
+		www.stephan.hoehrmann.de
+		webmail.hoehrmann.de
+
+	Refused:
+		mail.hoehrmann.de
+-->
+<ruleset name="hoehrmann.de">
+	<target host="hoehrmann.de" />
+	<target host="www.hoehrmann.de" />
+	<target host="bjoern.hoehrmann.de" />
+	<target host="www.bjoern.hoehrmann.de" />
+
+	<rule from="^http://hoehrmann\.de/" to="https://www.hoehrmann.de/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/holyrood.com.xml b/src/chrome/content/rules/holyrood.com.xml
index 2b1ffaa1f137..c742f35e31cc 100644
--- a/src/chrome/content/rules/holyrood.com.xml
+++ b/src/chrome/content/rules/holyrood.com.xml
@@ -6,14 +6,14 @@ Fetch error: http://holyrood.com/ => https://holyrood.com/: (28, 'Connection tim
 	Mixed content:
 
 		- Image, on:
-		
+
 			- assetmanagement, bigdata, bim, brexitexplained, briefings, channelshift, childprotection, childrensinfosharing, cloud, colleges, connect, connectawards, connectdata, cybersecurity, digitaljustice, earlyyears, femaleoffenders, foi, healthandsocialcare, ltt, mobileworking, olderpeople, referendum, scotlandsuniversities, scottishpublicserviceawards, stem, swan, telehealthcare from media.dods.co.uk ˢ
 			- www from $self ˢ
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Holyrood.com" default_off='failed ruleset test'>
+<ruleset name="Holyrood.com" default_off="failed ruleset test">
 
 	<target host="holyrood.com" />
 	<target host="assetmanagement.holyrood.com" />
diff --git a/src/chrome/content/rules/homeaway.com.xml b/src/chrome/content/rules/homeaway.com.xml
index e897e259c794..3e5195700c8a 100644
--- a/src/chrome/content/rules/homeaway.com.xml
+++ b/src/chrome/content/rules/homeaway.com.xml
@@ -65,7 +65,7 @@ Fetch error: http://book.homeaway.com/ => https://book.homeaway.com/: (7, 'Faile
 		- css on mailaway from images.mailaway.homeaway.com ˢ
 
 		- Images, on:
-		
+
 			- blog, productupdates from static1.squarespace.com ˢ
 			- blog from pbs.twimg.com ˢ
 			- mailaway from images.mailaway.homeaway.com ˢ
@@ -73,7 +73,7 @@ Fetch error: http://book.homeaway.com/ => https://book.homeaway.com/: (7, 'Faile
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="HomeAway.com (partial)" default_off='failed ruleset test'>
+<ruleset name="HomeAway.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/homebid.org.uk.xml b/src/chrome/content/rules/homebid.org.uk.xml
index 41b894a99d98..393b9424f1ef 100644
--- a/src/chrome/content/rules/homebid.org.uk.xml
+++ b/src/chrome/content/rules/homebid.org.uk.xml
@@ -12,7 +12,7 @@
 		- Image from homeconnections.org.uk
 
 -->
-<ruleset name="Homebid.org.uk" default_off="missing certificate chain">
+<ruleset name="Homebid.org.uk" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/homeoffice.gov.uk.xml b/src/chrome/content/rules/homeoffice.gov.uk.xml
index 47b74db878eb..b95b5caf222b 100644
--- a/src/chrome/content/rules/homeoffice.gov.uk.xml
+++ b/src/chrome/content/rules/homeoffice.gov.uk.xml
@@ -62,7 +62,7 @@ Fetch error: http://elearning.homeoffice.gov.uk/ => https://www.elearning.homeof
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Home Office.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Home Office.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -152,7 +152,7 @@ Fetch error: http://elearning.homeoffice.gov.uk/ => https://www.elearning.homeof
 							-->
 	<rule from="^http://(?:www\.)?apc\.homeoffice\.gov\.uk/.*"
 		to="https://www.gov.uk/government/organisations/animals-in-science-committee" />
-	
+
 	<!--	Redirect drops forward slash and args:
 							-->
 	<rule from="^http://(?:www\.)?bia(?:preview)?\.homeoffice\.gov\.uk/.*"
diff --git a/src/chrome/content/rules/honeynet.org.xml b/src/chrome/content/rules/honeynet.org.xml
index 9cdcdc3c0d54..02a299684873 100644
--- a/src/chrome/content/rules/honeynet.org.xml
+++ b/src/chrome/content/rules/honeynet.org.xml
@@ -5,13 +5,13 @@ Fetch error: http://public.honeynet.org/ => https://public.honeynet.org/: (60, '
 
 
 	Problematic subdomains:
-	
+
 		- pl. mismatch
 
 	ˢ Secured by us
 
 -->
-<ruleset name="Honeynet.org" default_off='failed ruleset test'>
+<ruleset name="Honeynet.org" default_off="failed ruleset test">
 
 	<target host="honeynet.org" />
 	<target host="www.honeynet.org" />
diff --git a/src/chrome/content/rules/host4coins.net.xml b/src/chrome/content/rules/host4coins.net.xml
new file mode 100644
index 000000000000..68705b03b9eb
--- /dev/null
+++ b/src/chrome/content/rules/host4coins.net.xml
@@ -0,0 +1,13 @@
+<!--
+	Mismatched:
+		- pay.host4coins.net
+-->
+<ruleset name="host4coins.net">
+	<target host="host4coins.net" />
+	<target host="www.host4coins.net" />
+	<target host="dev.host4coins.net" />
+	<target host="docs.host4coins.net" />
+	<target host="preview.host4coins.net" />
+ 
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hosted-ci.com.xml b/src/chrome/content/rules/hosted-ci.com.xml
index cc819edf9dc8..8af4e6efb881 100644
--- a/src/chrome/content/rules/hosted-ci.com.xml
+++ b/src/chrome/content/rules/hosted-ci.com.xml
@@ -7,10 +7,10 @@ Fetch error: http://www.hosted-ci.com/ => https://hosted-ci.com/: (60, 'SSL cert
 
 www.hosted-ci.com mismatch
 -->
-<ruleset name="hosted-ci.com" default_off='failed ruleset test'>
+<ruleset name="hosted-ci.com" default_off="failed ruleset test">
 	<target host="hosted-ci.com" />
 	<target host="www.hosted-ci.com" />
-	
+
 	<rule from="^http://www\.hosted-ci\.com/"
 		to="https://hosted-ci.com/" />
 
diff --git a/src/chrome/content/rules/hosting.com.xml b/src/chrome/content/rules/hosting.com.xml
deleted file mode 100644
index dc38248c55db..000000000000
--- a/src/chrome/content/rules/hosting.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Hosting (partial)">
-	<target host="hosting.com" />
-	<target host="www.hosting.com" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hotel.ch.xml b/src/chrome/content/rules/hotel.ch.xml
index 5537d6d5440a..373839b0ead3 100644
--- a/src/chrome/content/rules/hotel.ch.xml
+++ b/src/chrome/content/rules/hotel.ch.xml
@@ -5,7 +5,7 @@ Fetch error: http://hotel.ch/ => https://www.hotel.ch/: (28, 'Connection timed o
 Fetch error: http://www.hotel.ch/ => https://www.hotel.ch/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="hotel.ch" default_off='failed ruleset test'>
+<ruleset name="hotel.ch" default_off="failed ruleset test">
 	<target host="hotel.ch"/>
 	<target host="www.hotel.ch"/>
 
diff --git a/src/chrome/content/rules/hotelchantelle.com.xml b/src/chrome/content/rules/hotelchantelle.com.xml
new file mode 100644
index 000000000000..bac9026b6326
--- /dev/null
+++ b/src/chrome/content/rules/hotelchantelle.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		email.hotelchantelle.com
+		ftp.hotelchantelle.com
+-->
+<ruleset name="hotelchantelle.com">
+	<target host="hotelchantelle.com" />
+	<target host="www.hotelchantelle.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hotelmetropolitan.co.il.xml b/src/chrome/content/rules/hotelmetropolitan.co.il.xml
new file mode 100644
index 000000000000..0398f8b3ee96
--- /dev/null
+++ b/src/chrome/content/rules/hotelmetropolitan.co.il.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		autodiscover.hotelmetropolitan.co.il
+		mail.hotelmetropolitan.co.il
+-->
+<ruleset name="hotelmetropolitan.co.il">
+	<target host="hotelmetropolitan.co.il" />
+	<target host="www.hotelmetropolitan.co.il" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/howard-cottage.co.uk.xml b/src/chrome/content/rules/howard-cottage.co.uk.xml
index 4dfc187fe3c2..b91c8d4f83a8 100644
--- a/src/chrome/content/rules/howard-cottage.co.uk.xml
+++ b/src/chrome/content/rules/howard-cottage.co.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://howard-cottage.co.uk/ => https://www.howard-cottage.co.uk/:
 	^howard-cottage.co.uk: Handshake fails
 
 -->
-<ruleset name="Howard-Cottage.co.uk" default_off='failed ruleset test'>
+<ruleset name="Howard-Cottage.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/hr-fernsehen.de.xml b/src/chrome/content/rules/hr-fernsehen.de.xml
new file mode 100644
index 000000000000..66000c2299e4
--- /dev/null
+++ b/src/chrome/content/rules/hr-fernsehen.de.xml
@@ -0,0 +1,23 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Empty reply from server:
+		www.special.hr-fernsehen.de
+-->
+<ruleset name="hr-fernsehen.de">
+
+	<target host="hr-fernsehen.de" />
+	<target host="www.hr-fernsehen.de" />
+	<target host="download.hr-fernsehen.de" />
+		<test url="http://download.hr-fernsehen.de/sendungen-a-z/hallo-hessen/rezepte/beeren-schnitte-100.pdf" />
+	<target host="fs-produktion.hr-fernsehen.de" />
+	<target host="hr-text.hr-fernsehen.de" />
+	<target host="www.hr-text.hr-fernsehen.de" />
+	<target host="www.sommerbilanz.hr-fernsehen.de" />
+	<target host="ugc.hr-fernsehen.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/hs-mannheim.de.xml b/src/chrome/content/rules/hs-mannheim.de.xml
index eb54aaa6a71f..5daeea23c23f 100644
--- a/src/chrome/content/rules/hs-mannheim.de.xml
+++ b/src/chrome/content/rules/hs-mannheim.de.xml
@@ -9,10 +9,10 @@
 		www.kve.hs-mannheim.de
 		www.mechatronik.hs-mannheim.de
 		www.pvs.hs-mannheim.de
-	
+
 	Time Out:
 		www.gestaltung.hs-mannheim.de
-		
+
 	Certificate Mismatch:
 	The non-www version of the targets
 -->
@@ -71,7 +71,7 @@
 	<target host="www.wing.hs-mannheim.de"/>
 	<target host="www.wrm.hs-mannheim.de"/>
 	<target host="www.wsp.hs-mannheim.de"/>
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
diff --git a/src/chrome/content/rules/hsbc.co.in.xml b/src/chrome/content/rules/hsbc.co.in.xml
index 29118b16eb7f..4e969fd0a688 100644
--- a/src/chrome/content/rules/hsbc.co.in.xml
+++ b/src/chrome/content/rules/hsbc.co.in.xml
@@ -29,7 +29,7 @@
 	Mixed content:
 
 		- Bugs, on:
-		
+
 			- services.assetmanagement from www1.member-hsbc-group.com ˢ
 			- www from ad.doubleclick.net
 
diff --git a/src/chrome/content/rules/hsbc.com.hk.xml b/src/chrome/content/rules/hsbc.com.hk.xml
index 6199fdc2ad28..fbdbafa5774b 100644
--- a/src/chrome/content/rules/hsbc.com.hk.xml
+++ b/src/chrome/content/rules/hsbc.com.hk.xml
@@ -1,87 +1,82 @@
 <!--
-	For other HSBC Holdings coverage, see HSBC.xml.
-
-
-	Nonfunctional hosts in *hsbc.com.hk:
-
-		- www.about *
-		- www.business *
-		- mail ᵈ
-		- www.warrants ᵈ
-
-	* Unrecognized name
-	ᵈ Dropped
-
-
-	Problematic hosts in *hsbc.com.hk:
-
-		- www.broking ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- hsbc.com.hk
-		- .hsbc.com.hk
-		- services.assetmanagement.hsbc.com.hk
-		- broking.hsbc.com.hk
-		- www.broking.hsbc.com.hk
-		- www.commercial.hsbc.com.hk
-		- www.digitalcounterservices.hsbc.com.hk
-		- www.ebanking.hsbc.com.hk
-		- www1.ebanking.hsbc.com.hk
-		- www.ebroking.hsbc.com.hk
-		- mbib.hsbc.com.hk
-		- www.personal.hsbc.com.hk
-		- www.hsbc.com.hk
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- Bugs, on:
-		
-			- services.assetmanagement, www.broking, www.digitalcounterservices, www.ebanking, www1.ebanking, www.ebroking, mbib, www.personal, www.redhotoffers from www1.member-hsbc-group.com ˢ
-			- www.commercial from \d+.fls.doubleclick.net
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
+	For other HSBC Holdings coverage, see
+		+ HSBC.xml
+
+	Non-functional hosts
+		Timeout was reached:
+		- about.hsbc.com.hk
+		- assetmanagement.hsbc.com.hk
+		- business.hsbc.com.hk
+		- messaging.hsbc.com.hk
+
+		Incomplete certificate chain:
+		- bestserviceawards.hsbc.com.hk
+		- www.bestserviceawards.hsbc.com.hk
 -->
 <ruleset name="HSBC.com.hk (partial)">
-
 	<target host="hsbc.com.hk" />
+
+	<target host="about.hsbc.com.hk" />
+	<target host="www.about.hsbc.com.hk" />
+	<target host="assetmanagement.hsbc.com.hk" />
 	<target host="services.assetmanagement.hsbc.com.hk" />
+	<target host="www.assetmanagement.hsbc.com.hk" />
+
+	<target host="www.broking.hsbc.com.hk" />
+	<target host="business.hsbc.com.hk" />
+	<target host="www.business.hsbc.com.hk" />
+
+	<target host="cdn.hsbc.com.hk" />
+	<test url="http://cdn.hsbc.com.hk/content/dam/hsbc/hk/images/hk_broking.jpg" />
+	<test url="http://cdn.hsbc.com.hk/etc/designs/dpws/common/favicons/favicon-16x16.png" />
 	<target host="www.commercial.hsbc.com.hk" />
+	<test url="http://www.commercial.hsbc.com.hk/1/2/commercial/promo/account" />
+	<test url="http://www.commercial.hsbc.com.hk/1/2/directadvice" />
+	<test url="http://www.commercial.hsbc.com.hk/1/2/estatement" />
+
 	<target host="www.digitalcounterservices.hsbc.com.hk" />
+
+	<target host="payme.hsbc.com.hk" />
+	<target host="www1.personal.ebanking.hsbc.com.hk" />
+	<target host="www2.personal.ebanking.hsbc.com.hk" />
 	<target host="www.ebanking.hsbc.com.hk" />
 	<target host="www1.ebanking.hsbc.com.hk" />
+	<target host="www2.ebanking.hsbc.com.hk" />
 	<target host="www.ebroking.hsbc.com.hk" />
-	<target host="mbib.hsbc.com.hk" />
+
+	<target host="www.fundexpress.hsbc.com.hk" />
+	<test url="http://www.fundexpress.hsbc.com.hk/HSBCSite/main.aspx" />
+	
+	<target host="insurance.hsbc.com.hk" />
+	<target host="www.isstprod.hsbc.com.hk" />
+
+	<target host="click.messaging.hsbc.com.hk" />
+
+	<target host="www.file.online-banking.hsbc.com.hk" />
+	<target host="www.security.online-banking.hsbc.com.hk" />
+	<target host="static.services.online-banking.hsbc.com.hk" />
+	<target host="www.services.online-banking.hsbc.com.hk" />
+
 	<target host="www.personal.hsbc.com.hk" />
+
 	<target host="www.redhotoffers.hsbc.com.hk" />
-	<target host="www.hsbc.com.hk" />
+	<target host="retailbank.hsbc.com.hk" />
 
-		<!--	Mixed bugs, sets cookie without Secure:
-								-->
-		<!--test url="http://www.commercial.hsbc.com.hk/1/2/wisebusiness" /-->
+	<target host="warrants.hsbc.com.hk" />
+	<target host="www.warrants.hsbc.com.hk" />
+	<target host="www.hsbc.com.hk" />
 
+	<securecookie host=".+" name=".+" />
 
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?hsbc\.com\.hk$" name="^HKWGTK$" /-->
-	<!--securecookie host="^\.hsbc\.com\.hk$" name="^HSBC_CLIENT_COOKIE$" /-->
-	<!--securecookie host="^services\.assetmanagement\.hsbc\.com\.hk$" name="^(?:JSESSIONID|locale)$" /-->
-	<!--securecookie host="^www\.commercial\.hsbc\.com\.hk$" name="^(?:HKBTK|JSESSIONID)$" /-->
-	<!--securecookie host="^www\.digitalcounterservices\.hsbc\.com\.hk$" name="^(?:__RequestVerificationToken|ASP\.NET_SessionId|FromIndex2)$" /-->
-	<!--securecookie host="^www1?\.ebanking\.hsbc\.com\.hk$" name="^(?:JSESSIONID|LB_COOKIE_1)$" /-->
-	<!--securecookie host="^(?:www\.e?broking|mbib|www\.personal).hsbc\.com\.hk$" name="^(?:JSESSIONID|[A-Z]+TK)$" /-->
+	<rule from="^http://about\.hsbc\.com\.hk/"
+		to="https://www.about.hsbc.com.hk/" />
 
-	<securecookie host="^\w" name=".+" />
+	<rule from="^http://assetmanagement\.hsbc\.com\.hk/"
+		to="https://www.assetmanagement.hsbc.com.hk/" />
 
+	<rule from="^http://business\.hsbc\.com\.hk/"
+		to="https://www.business.hsbc.com.hk/" />
 
 	<rule from="^http:"
 		to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/hscic.gov.uk.xml b/src/chrome/content/rules/hscic.gov.uk.xml
index 4a3d67f6d872..bd41d0b85502 100644
--- a/src/chrome/content/rules/hscic.gov.uk.xml
+++ b/src/chrome/content/rules/hscic.gov.uk.xml
@@ -50,6 +50,6 @@
 	<rule from="^http://www\.hscic\.gov\.uk/"
 			to="https://hscic.gov.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/https.cat.xml b/src/chrome/content/rules/https.cat.xml
deleted file mode 100644
index b28e0bedbe24..000000000000
--- a/src/chrome/content/rules/https.cat.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="https.cat">
-	<target host="https.cat" />
-	<target host="www.https.cat" />
-	<target host="api.https.cat" />
-	<target host="lab.https.cat" />
-	<target host="wiki.https.cat" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/humankode.com.xml b/src/chrome/content/rules/humankode.com.xml
index 8b005ffe1498..5b41e47b188f 100644
--- a/src/chrome/content/rules/humankode.com.xml
+++ b/src/chrome/content/rules/humankode.com.xml
@@ -6,4 +6,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/hungryhowies.com.xml b/src/chrome/content/rules/hungryhowies.com.xml
deleted file mode 100644
index 2237d8c6a2cc..000000000000
--- a/src/chrome/content/rules/hungryhowies.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="hungryhowies.com">
-        <target host="hungryhowies.com" />
-        <target host="www.hungryhowies.com" />
-        <target host="franchising.hungryhowies.com" />
-        <target host="home.hungryhowies.com" />
-        
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hurl.it.xml b/src/chrome/content/rules/hurl.it.xml
deleted file mode 100644
index b9001aa72204..000000000000
--- a/src/chrome/content/rules/hurl.it.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-	Timed Out:
-		hurl.it
--->
-<ruleset name="hurl.it">
-	<target host="hurl.it" />
-	<target host="www.hurl.it" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://hurl\.it/" to="https://www.hurl.it/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/huuto.net-resources.xml b/src/chrome/content/rules/huuto.net-resources.xml
index 1b1afdd4d02e..3c717bab8e86 100644
--- a/src/chrome/content/rules/huuto.net-resources.xml
+++ b/src/chrome/content/rules/huuto.net-resources.xml
@@ -10,7 +10,7 @@ Fetch error: http://kuvat2.huuto.net/ => https://kuvat2.huuto.net/: (35, 'error:
 	and no mixed content secured.
 
 -->
-<ruleset name="Huuto.net (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Huuto.net (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="huuto.net" />
 	<target host="kuvat.huuto.net" />
diff --git a/src/chrome/content/rules/huuto.net.xml b/src/chrome/content/rules/huuto.net.xml
index 0615f8520d28..113508509163 100644
--- a/src/chrome/content/rules/huuto.net.xml
+++ b/src/chrome/content/rules/huuto.net.xml
@@ -114,7 +114,7 @@
 
 	<securecookie host="^\." name="^_ga" />
 
-  
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/hyb.pw.xml b/src/chrome/content/rules/hyb.pw.xml
deleted file mode 100644
index 5b9ef2a94d99..000000000000
--- a/src/chrome/content/rules/hyb.pw.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="Hybrid -- Cryptocurrency Combined" default_off="expired">
-	<target host="hyb.pw" />
-	<target host="www.hyb.pw" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/hydro.gov.hk.xml b/src/chrome/content/rules/hydro.gov.hk.xml
new file mode 100644
index 000000000000..3cd0e6c741d1
--- /dev/null
+++ b/src/chrome/content/rules/hydro.gov.hk.xml
@@ -0,0 +1,10 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Hydrographic Office">
+	<target host="current.hydro.gov.hk" />
+	<target host="tide1.hydro.gov.hk" />
+	<target host="www.hydro.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hyperrealm.com.xml b/src/chrome/content/rules/hyperrealm.com.xml
new file mode 100644
index 000000000000..691c159c8635
--- /dev/null
+++ b/src/chrome/content/rules/hyperrealm.com.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		ftp.hyperrealm.com
+		imap.hyperrealm.com
+		autodiscover.markl.hyperrealm.com
+		webmail.markl.hyperrealm.com
+		pop.hyperrealm.com
+		smtp.hyperrealm.com
+
+	Refused:
+		localhost.hyperrealm.com
+-->
+<ruleset name="hyperrealm.com">
+	<target host="hyperrealm.com" />
+	<target host="www.hyperrealm.com" />
+	<target host="autodiscover.hyperrealm.com" />
+	<target host="cpanel.hyperrealm.com" />
+	<target host="mail.hyperrealm.com" />
+	<target host="markl.hyperrealm.com" />
+	<target host="www.markl.hyperrealm.com" />
+	<target host="webdisk.hyperrealm.com" />
+	<target host="webmail.hyperrealm.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/hypestat.com.xml b/src/chrome/content/rules/hypestat.com.xml
index 145f775c116a..a8726298b9d4 100644
--- a/src/chrome/content/rules/hypestat.com.xml
+++ b/src/chrome/content/rules/hypestat.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://static.hypestat.com/ => https://static.hypestat.com/: Too ma
 Fetch error: http://www.hypestat.com/ => https://www.hypestat.com/: Too many redirects while fetching 'https://www.hypestat.com/'
 
 -->
-<ruleset name="HypeStat.com" default_off='failed ruleset test'>
+<ruleset name="HypeStat.com" default_off="failed ruleset test">
 
 	<target host="hypestat.com" />
 	<target host="static.hypestat.com" />
diff --git a/src/chrome/content/rules/hzqx.com.xml b/src/chrome/content/rules/hzqx.com.xml
new file mode 100644
index 000000000000..9dcb593e6b79
--- /dev/null
+++ b/src/chrome/content/rules/hzqx.com.xml
@@ -0,0 +1,8 @@
+<!--
+    Time out: zhfy.hzqx.com
+-->
+<ruleset name="hzqx.com">
+	<target host="www.hzqx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/i4wifi.cz.xml b/src/chrome/content/rules/i4wifi.cz.xml
index 60180c9ba869..e299bdc8d584 100644
--- a/src/chrome/content/rules/i4wifi.cz.xml
+++ b/src/chrome/content/rules/i4wifi.cz.xml
@@ -14,7 +14,7 @@ Fetch error: http://files.i4wifi.cz/ => https://files.i4wifi.cz/: (60, 'SSL cert
 	Time out:
 		- old.i4wifi.cz
 -->
-<ruleset name="i4wifi.cz" default_off='failed ruleset test'>
+<ruleset name="i4wifi.cz" default_off="failed ruleset test">
 	<target host="i4wifi.cz" />
 	<target host="www.i4wifi.cz" />
 	<target host="edocs.i4wifi.cz" />
diff --git a/src/chrome/content/rules/iCloud.com.xml b/src/chrome/content/rules/iCloud.com.xml
deleted file mode 100644
index 4d445e3c7b47..000000000000
--- a/src/chrome/content/rules/iCloud.com.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!--
-	For other Apple coverage, see Apple.com.xml.
--->
-<ruleset name="iCloud.com">
-	<target host="icloud.com" />
-	<target host="www.icloud.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/iDreamx.com.xml b/src/chrome/content/rules/iDreamx.com.xml
new file mode 100644
index 000000000000..e3882c66cba1
--- /dev/null
+++ b/src/chrome/content/rules/iDreamx.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Active mixed content:
+		- www.idreamx.com, from discuz.gtimg.cn
+-->
+
+<ruleset name="iDreamx.com" platform="mixedcontent">
+	<target host="idreamx.com" />
+	<target host="www.idreamx.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iEntry.com.xml b/src/chrome/content/rules/iEntry.com.xml
new file mode 100644
index 000000000000..201094bd5842
--- /dev/null
+++ b/src/chrome/content/rules/iEntry.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="iEntry (partial)">
+	<target host="ientry.com" />
+	<target host="www.ientry.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iEntry.xml b/src/chrome/content/rules/iEntry.xml
deleted file mode 100644
index 060f6f1fce09..000000000000
--- a/src/chrome/content/rules/iEntry.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://ientry.com/ => https://ientry.com/: (60, 'SSL certificate problem: certificate has expired')
-	CDN buckets:
-
-		- Possible bucket at s3.amazonaws.com/ientry/
-		- d195lklsc86qb5.cloudfront.net
-
-
-	Nonfunctional domains:
-
-		- images.ientrymail.com
-		- images1.ientrymail.com
-
--->
-<ruleset name="iEntry (partial)" platform="mixedcontent">
-
-	<target host="ientry.com" />
-	<target host="*.ientry.com" />
-
-
-	<securecookie host="^www\.ientry\.com$" name=".+" />
-
-
-	<rule from="^http://(www\.)?ientry\.com/"
-		to="https://$1ientry.com/" />
-
-	<rule from="^http://cdn\.ientry\.com/"
-		to="https://d195lklsc86qb5.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/iHub_-Nairobi.xml b/src/chrome/content/rules/iHub_-Nairobi.xml
index 128657481a9e..eb79d6802eac 100644
--- a/src/chrome/content/rules/iHub_-Nairobi.xml
+++ b/src/chrome/content/rules/iHub_-Nairobi.xml
@@ -1,12 +1,14 @@
 <!--
-	- Expired 2013-07-19	
+	- Expired 2013-07-19
 	- CN: Parallels Panel
 
 -->
 <ruleset name="iHub_ Nairobi" default_off="expired, self-signed">
 
 	<target host="ihub.co.ke" />
-	<target host="*.ihub.co.ke" />
+	<target host="research.ihub.co.ke" />
+	<target host="www.ihub.co.ke" />
+	<target host="www.research.ihub.co.ke" />
 
 
 	<securecookie host="^ihub\.co\.ke$" name=".+" />
diff --git a/src/chrome/content/rules/iMapEnterprises.com.xml b/src/chrome/content/rules/iMapEnterprises.com.xml
new file mode 100644
index 000000000000..f8597f2744e7
--- /dev/null
+++ b/src/chrome/content/rules/iMapEnterprises.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="iMapEnterprises.com">
+	<target host="imapenterprises.com" />
+	<target host="www.imapenterprises.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iPay88.com.xml b/src/chrome/content/rules/iPay88.com.xml
new file mode 100644
index 000000000000..a37b573b0b46
--- /dev/null
+++ b/src/chrome/content/rules/iPay88.com.xml
@@ -0,0 +1,44 @@
+<!--
+	For other coverage, see Mobile88.com.xml
+
+
+	Non-functional subdomains:
+
+		- ipay88.com	(m)
+			- bancnet	(m)
+			- blog	(t)
+			- dvl3-vn	(t)
+			- m		(m)
+			- mobile-svr2	(t)
+			- pmon10	(t)
+			- tfs	(t)
+			- uat-mobile-payment	(t)
+
+		- ipay88.com.my	(t)
+			- emailapi	(m)
+			- emailapi2	(m)
+			- o1.emailapi2	(t)
+			- shopify	(HTTP 403 error)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="iPay88.com">
+
+	<target host="ipay88.com" />
+	<target host="www.ipay88.com" />
+	<target host="dvl3.ipay88.com" />
+	<target host="payment.ipay88.com" />
+	<target host="vas.ipay88.com" />
+
+	<rule from="^http://ipay88\.com/"
+		to="https://www.ipay88.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iStockphoto.com.xml b/src/chrome/content/rules/iStockphoto.com.xml
new file mode 100644
index 000000000000..bfcbe2214319
--- /dev/null
+++ b/src/chrome/content/rules/iStockphoto.com.xml
@@ -0,0 +1,61 @@
+<!--
+	Non-functional hosts
+		Timeout was reached:
+		- communication.istockphoto.com
+		- content.istockphoto.com
+		- content1.istockphoto.com
+		- mail01.e.istockphoto.com
+		- mail02.e.istockphoto.com
+		- mail03.e.istockphoto.com
+		- hq-vpn.istockphoto.com
+
+		SSL connect error:
+		- discover.istockphoto.com
+		- press.istockphoto.com
+		- br.press.istockphoto.com
+		- de.press.istockphoto.com
+		- es.press.istockphoto.com
+		- fr.press.istockphoto.com
+		- it.press.istockphoto.com
+		- jp.press.istockphoto.com
+
+		SSL peer certificate was not OK:
+		- e.istockphoto.com
+		- app.e.istockphoto.com
+		- images.e.istockphoto.com
+		- engage.istockphoto.com
+		- e.espanol.istockphoto.com
+		- login.feast.istockphoto.com
+		- e.francais.istockphoto.com
+		- omni.istockphoto.com
+
+		4xx client error:
+		- static.istockphoto.com
+
+		Mixed content blocking (MCB) triggered:
+		- fuel.istockphoto.com
+-->
+<ruleset name="iStockphoto.com">
+	<target host="istockphoto.com" />
+	<target host="www.istockphoto.com" />
+	<target host="deutsch.istockphoto.com" />
+	<target host="espanol.istockphoto.com" />
+	<target host="francais.istockphoto.com" />
+	<target host="hangul.istockphoto.com" />
+	<target host="italiano.istockphoto.com" />
+	<target host="jezykpolski.istockphoto.com" />
+	<target host="marketing.istockphoto.com" />
+	<target host="media.istockphoto.com" />
+		<test url="http://media.istockphoto.com/vectors/merry-christmas-and-happy-new-year-text-xmas-tree-with-decoration-vector-id875339836" />
+	<target host="nd.istockphoto.com" />
+	<target host="nihongo.istockphoto.com" />
+	<target host="portugues.istockphoto.com" />
+	<target host="portuguesbrasileiro.istockphoto.com" />
+	<target host="refer.istockphoto.com" />
+	<target host="russki.istockphoto.com" />
+	<target host="secure.istockphoto.com" />
+	<target host="somni.istockphoto.com" />
+	<target host="workwithus.istockphoto.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iTerm2.xml b/src/chrome/content/rules/iTerm2.xml
index d9b7359ce788..2fb0d7c46d70 100644
--- a/src/chrome/content/rules/iTerm2.xml
+++ b/src/chrome/content/rules/iTerm2.xml
@@ -12,7 +12,7 @@
 <ruleset name="iTerm2">
 	<target host="iterm2.com" />
 	<target host="www.iterm2.com" />
-	
+
 	<rule from="^http:"
 			to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/iWork.com.xml b/src/chrome/content/rules/iWork.com.xml
index 0f1b70e09f93..5f868c8f0156 100644
--- a/src/chrome/content/rules/iWork.com.xml
+++ b/src/chrome/content/rules/iWork.com.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.iwork.com/ => https://www.iwork.com/: (28, 'Connection t
 	Mismatch:
 		- iwork.com	(cert only matches www)
 -->
-<ruleset name="iWork.com" default_off='failed ruleset test'>
+<ruleset name="iWork.com" default_off="failed ruleset test">
 	<target host="iwork.com" />
 	<target host="www.iwork.com" />
 
diff --git a/src/chrome/content/rules/ibiblio.org.xml b/src/chrome/content/rules/ibiblio.org.xml
new file mode 100644
index 000000000000..aa68112f9c51
--- /dev/null
+++ b/src/chrome/content/rules/ibiblio.org.xml
@@ -0,0 +1,47 @@
+<!--
+	Incomplete certificate chain:
+		distro.ibiblio.org
+		rt.ibiblio.org
+
+	Mismatched:
+		gutenberg.ibiblio.org
+		music.ibiblio.org
+
+	Invalid certificate:
+		answers1.ibiblio.org
+		centos6.ibiblio.org
+		vm3.fedora.ibiblio.org
+		garp.ibiblio.org
+		honey.ibiblio.org
+		internal.ibiblio.org
+		internal1.ibiblio.org
+		mailman1.ibiblio.org
+		google.mirrors.ibiblio.org
+		radiostats.ibiblio.org
+		radiostats1.ibiblio.org
+		radioreports1.ibiblio.org
+		rt1.ibiblio.org
+		test.snickers.ibiblio.org
+		webmail.ibiblio.org
+
+	Redirect to HTTP:
+		grass.ibiblio.org
+		torrent.ibiblio.org
+
+	Refused:
+		etree.ibiblio.org
+		groklaw.ibiblio.org
+		mirrors.ibiblio.org
+		wncwappweb1.ibiblio.org
+-->
+<ruleset name="ibiblio.org">
+	<target host="ibiblio.org" />
+	<target host="www.ibiblio.org" />
+	<target host="answers.ibiblio.org" />
+	<target host="edam.ibiblio.org" />
+	<target host="lists.ibiblio.org" />
+	<target host="radioreports.ibiblio.org" />
+	<target host="snickers.ibiblio.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ibutsu.org.xml b/src/chrome/content/rules/ibutsu.org.xml
deleted file mode 100644
index 6deab948afa8..000000000000
--- a/src/chrome/content/rules/ibutsu.org.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	www.ibutsu.org: Mismatched
-
--->
-<ruleset name="ibutsu.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="ibutsu.org" />
-	<target host="blog.ibutsu.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.ibutsu.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.ibutsu\.org/"
-		to="https://ibutsu.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ibx.com.xml b/src/chrome/content/rules/ibx.com.xml
index ec2f140a3e70..58d317d7038f 100644
--- a/src/chrome/content/rules/ibx.com.xml
+++ b/src/chrome/content/rules/ibx.com.xml
@@ -49,7 +49,7 @@ Fetch error: http://ibx.com/ => https://ibx.com/: (7, 'Failed to connect to ibx.
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="IBX.com (partial)" default_off='failed ruleset test'>
+<ruleset name="IBX.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/icabanken.se.xml b/src/chrome/content/rules/icabanken.se.xml
new file mode 100644
index 000000000000..4a4649fb92c1
--- /dev/null
+++ b/src/chrome/content/rules/icabanken.se.xml
@@ -0,0 +1,11 @@
+<ruleset name="icabanken.se">
+	<target host="icabanken.se" />
+	<target host="www.icabanken.se" />
+	<target host="appserver.icabanken.se" />
+	<target host="dialog.icabanken.se" />
+	<target host="kontantkort.icabanken.se" />
+	<target host="www.kontantkort.icabanken.se" />
+	<target host="admin.kontantkort.icabanken.se" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/iconarchive.com.xml b/src/chrome/content/rules/iconarchive.com.xml
new file mode 100644
index 000000000000..c9a786086ad9
--- /dev/null
+++ b/src/chrome/content/rules/iconarchive.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		icons2.iconarchive.com
+
+	Refused:
+		de1.iconarchive.com
+
+	Time out:
+		help.iconarchive.com
+-->
+<ruleset name="iconarchive.com">
+	<target host="iconarchive.com" />
+	<target host="www.iconarchive.com" />
+	<target host="icons.iconarchive.com" />
+	<target host="static.iconarchive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ictv.ua.xml b/src/chrome/content/rules/ictv.ua.xml
index 3b6b3e5e7bb5..a5218e349427 100644
--- a/src/chrome/content/rules/ictv.ua.xml
+++ b/src/chrome/content/rules/ictv.ua.xml
@@ -105,7 +105,7 @@ zeki.ictv.ua ⁴
 ³ timed out
 ⁴ self signed
 -->
-<ruleset name="ictv.ua (partial)" default_off='failed ruleset test'>
+<ruleset name="ictv.ua (partial)" default_off="failed ruleset test">
 	<target host="autodiscover.ictv.ua" />
 	<target host="des.ictv.ua" />
 	<target host="eurofood.ictv.ua" />
diff --git a/src/chrome/content/rules/iddh.org.br.xml b/src/chrome/content/rules/iddh.org.br.xml
new file mode 100644
index 000000000000..2f99d74fc41c
--- /dev/null
+++ b/src/chrome/content/rules/iddh.org.br.xml
@@ -0,0 +1,10 @@
+<ruleset name="iddh.org.br">
+	<target host="iddh.org.br" />
+	<target host="www.iddh.org.br" />
+	<target host="cpanel.iddh.org.br" />
+	<target host="plataformarpu.iddh.org.br" />
+	<target host="www.plataformarpu.iddh.org.br" />
+	<target host="webdisk.iddh.org.br" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ideal-collaboration.net.xml b/src/chrome/content/rules/ideal-collaboration.net.xml
new file mode 100644
index 000000000000..440c17eca9d8
--- /dev/null
+++ b/src/chrome/content/rules/ideal-collaboration.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="ideal-collaboration.net">
+	<target host="ideal-collaboration.net" />
+	<target host="www.ideal-collaboration.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/idms-linux.org.xml b/src/chrome/content/rules/idms-linux.org.xml
index 6e293b08437c..99a64adeab22 100644
--- a/src/chrome/content/rules/idms-linux.org.xml
+++ b/src/chrome/content/rules/idms-linux.org.xml
@@ -10,7 +10,7 @@ cdn.idms-linux.org ³
 
 ³ timed out
 -->
-<ruleset name="idms-linux.org" default_off='failed ruleset test'>
+<ruleset name="idms-linux.org" default_off="failed ruleset test">
 	<target host="idms-linux.org" />
 	<target host="www.idms-linux.org" />
 	<target host="lists.idms-linux.org" />
diff --git a/src/chrome/content/rules/idnes-cz.xml b/src/chrome/content/rules/idnes-cz.xml
index d2129cf99d50..70ae3a75a24c 100644
--- a/src/chrome/content/rules/idnes-cz.xml
+++ b/src/chrome/content/rules/idnes-cz.xml
@@ -71,7 +71,7 @@
 	<target host="wiki.idnes.cz" />
 	<target host="zlin.idnes.cz" />
 	<target host="zpravy.idnes.cz" />
-	
+
 	<test url="http://www.rajce.idnes.cz/" />
 	<test url="http://martac.rajce.idnes.cz/" />
 	<test url="http://iffine.rajce.idnes.cz/" />
diff --git a/src/chrome/content/rules/ifec.org.hk.xml b/src/chrome/content/rules/ifec.org.hk.xml
new file mode 100644
index 000000000000..e6a3885b0abb
--- /dev/null
+++ b/src/chrome/content/rules/ifec.org.hk.xml
@@ -0,0 +1,20 @@
+<!--
+	The Investor and Financial Education Council
+-->
+<ruleset name="ifec.org.hk">
+	<target host="ifec.org.hk" />
+	<target host="www.ifec.org.hk" />
+	<target host="mld.ifec.org.hk" />
+	<target host="subscription.ifec.org.hk" />
+	<test url="http://subscription.ifec.org.hk/subscription.jsp?lang=tc" />
+	<target host="tool-budget.ifec.org.hk" />
+	<target host="tool-cutback.ifec.org.hk" />
+	<target host="tool-debt.ifec.org.hk" />
+	<target host="tool-fhc.ifec.org.hk" />
+	<target host="tool-laisee.ifec.org.hk" />
+	<target host="tool-retirement.ifec.org.hk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifeng.com.xml b/src/chrome/content/rules/ifeng.com.xml
new file mode 100644
index 000000000000..726b3076103d
--- /dev/null
+++ b/src/chrome/content/rules/ifeng.com.xml
@@ -0,0 +1,18 @@
+<!--
+    Related: ifengimg.com.xml
+
+    There are too much webs to test them all of ifeng.com.
+    enable the most popular just now.
+
+    INET_E_RESOURCE_NOT_FOUND:
+        ^ifeng.com    equal to www.ifeng.com
+-->
+<ruleset name="ifeng.com">
+	<target host="ifeng.com" />
+	<target host="www.ifeng.com" />
+	<target host="news.ifeng.com" />
+
+	<rule from="^http://ifeng\.com/" to="https://www.ifeng.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ifos-bund.de.xml b/src/chrome/content/rules/ifos-bund.de.xml
deleted file mode 100644
index 4153adf7dac5..000000000000
--- a/src/chrome/content/rules/ifos-bund.de.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="IFOS-BUND.de">
-
-	<target host="ifos-bund.de" />
-	<target host="www.ifos-bund.de" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/iga.net.xml b/src/chrome/content/rules/iga.net.xml
new file mode 100644
index 000000000000..60b8fc2cc989
--- /dev/null
+++ b/src/chrome/content/rules/iga.net.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		consentement.iga.net
+		infolettres.iga.net
+		www-uat.iga.net
+		amenagement.iga.net
+		blogue.iga.net
+		buffets.iga.net
+		concours.iga.net
+		consentement.iga.net
+		emplois.iga.net
+		infolettres.iga.net
+		misc.iga.net
+		sftp.iga.net
+		traiteur.iga.net
+		vivelajob.iga.net
+		wikibouffe.iga.net
+		www-uat.iga.net
+
+	Redirect to HTTP:
+		m.iga.net
+-->
+<ruleset name="IGA.net (partial)">
+
+	<target host="iga.net"/>
+	<target host="www.iga.net"/>
+	<target host="circulaire.iga.net"/>
+	<target host="essentiels.iga.net"/>
+	<target host="flyer.iga.net"/>
+	<target host="flyers.iga.net"/>
+	<target host="foodiseverything.iga.net"/>
+	<target host="gigya.iga.net"/>
+	<target host="magasin.iga.net"/>
+	<target host="queue.iga.net"/>
+	<target host="vivelabouffe.iga.net"/>
+  
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/ijg.org.xml b/src/chrome/content/rules/ijg.org.xml
new file mode 100644
index 000000000000..d3b1b89c53dc
--- /dev/null
+++ b/src/chrome/content/rules/ijg.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		dc-6027be0b7522.ijg.org
+-->
+<ruleset name="ijg.org">
+	<target host="ijg.org" />
+	<target host="www.ijg.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ilca.ru.xml b/src/chrome/content/rules/ilca.ru.xml
deleted file mode 100644
index 7ba43f62f2f9..000000000000
--- a/src/chrome/content/rules/ilca.ru.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-ilca.ru mismatch
-www.ilca.ru mismatch
-support.ilca.ru mismatch
-forum.ilca.ru mixed content
--->
-<ruleset name="ilca.ru (partial)">
-	<target host="bill.ilca.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/iliad.it.xml b/src/chrome/content/rules/iliad.it.xml
new file mode 100644
index 000000000000..5306825095fe
--- /dev/null
+++ b/src/chrome/content/rules/iliad.it.xml
@@ -0,0 +1,22 @@
+<!--
+	All other subdomains are either internal or test pages (they give
+	403 error or SSL_ERROR_BAD_CERT_DOMAIN error because of their test
+	certificate).
+-->
+<ruleset name="iliad.it">
+	<target host="iliad.it" />
+	<target host="www.iliad.it" />
+	<target host="asset.corp.iliad.it" />
+	<target host="intranet.corp.iliad.it" />
+	<target host="logistic.corp.iliad.it" />
+	<target host="corporate.iliad.it" />
+	<target host="www.local.iliad.it" />
+	<target host="logistic.local.iliad.it" />
+	<target host="mi.iliad.it" />
+	<target host="www.mi.iliad.it" />
+	<target host="registrazione.iliad.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/illuminateed.com.xml b/src/chrome/content/rules/illuminateed.com.xml
index 71f9cf68b942..1ea0a7de4300 100644
--- a/src/chrome/content/rules/illuminateed.com.xml
+++ b/src/chrome/content/rules/illuminateed.com.xml
@@ -19,7 +19,7 @@
 	Mixed content:
 
 		- Images, on:
-		
+
 			- go from $self ˢ
 			- go from storage.pardot.com ˢ
 
diff --git a/src/chrome/content/rules/illustre.ch.xml b/src/chrome/content/rules/illustre.ch.xml
index 8cbc5367a088..92ffe6016da4 100644
--- a/src/chrome/content/rules/illustre.ch.xml
+++ b/src/chrome/content/rules/illustre.ch.xml
@@ -5,7 +5,7 @@ Fetch error: http://illustre.ch/ => https://illustre.ch/: (28, 'Connection timed
 Fetch error: http://www.illustre.ch/ => https://www.illustre.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'www.illustre.ch'")
 
 -->
-<ruleset name="illustre.ch" default_off='failed ruleset test'>
+<ruleset name="illustre.ch" default_off="failed ruleset test">
 	<target host="illustre.ch"/>
 	<target host="www.illustre.ch"/>
 
diff --git a/src/chrome/content/rules/im9.eu.xml b/src/chrome/content/rules/im9.eu.xml
deleted file mode 100644
index 0e5605a94795..000000000000
--- a/src/chrome/content/rules/im9.eu.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-Invalid certificate:
-	api.im9.eu
-	me.im9.eu
--->
-<ruleset name="im9.eu">
-	<target host="im9.eu" />
-	<target host="www.im9.eu" />
-	<target host="a.im9.eu" />
-	<target host="lp.im9.eu"  />
-	<target host="p.im9.eu" />
-	<target host="t.im9.eu" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/imagecurl.com.xml b/src/chrome/content/rules/imagecurl.com.xml
deleted file mode 100644
index 3922286ffcfc..000000000000
--- a/src/chrome/content/rules/imagecurl.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="imagecurl">
-	<target host="imagecurl.com" />
-	<target host="cdn.imagecurl.com" />
-	<target host="www.imagecurl.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/imagelayers.io.xml b/src/chrome/content/rules/imagelayers.io.xml
index f09580c3f990..c073c6028151 100644
--- a/src/chrome/content/rules/imagelayers.io.xml
+++ b/src/chrome/content/rules/imagelayers.io.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.imagelayers.io/ => https://www.imagelayers.io/: (6, 'Could not resolve host: www.imagelayers.io')
 
 -->
-<ruleset name="imagelayers.io" default_off='failed ruleset test'>
+<ruleset name="imagelayers.io" default_off="failed ruleset test">
 	<target host="imagelayers.io" />
 	<target host="www.imagelayers.io" />
 
diff --git a/src/chrome/content/rules/imercer.com.xml b/src/chrome/content/rules/imercer.com.xml
index 1786e6b2d51d..2ecde00a69d6 100644
--- a/src/chrome/content/rules/imercer.com.xml
+++ b/src/chrome/content/rules/imercer.com.xml
@@ -43,7 +43,7 @@ tmp-dr-www.imercer.com ³
 ⁵ expired
 ⁷ protocol error
 -->
-<ruleset name="imercer.com" default_off='failed ruleset test'>
+<ruleset name="imercer.com" default_off="failed ruleset test">
 	<target host="imercer.com" />
 	<target host="www.imercer.com" />
 	<target host="hcsurveys.imercer.com" />
diff --git a/src/chrome/content/rules/img.ifcdn.com.xml b/src/chrome/content/rules/img.ifcdn.com.xml
index 0346a383c324..dbb362f40af5 100644
--- a/src/chrome/content/rules/img.ifcdn.com.xml
+++ b/src/chrome/content/rules/img.ifcdn.com.xml
@@ -1,6 +1,6 @@
 <ruleset name="img.ifcdn.com">
 	<target host="img.ifcdn.com" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/imgburn.com.xml b/src/chrome/content/rules/imgburn.com.xml
new file mode 100644
index 000000000000..bea664a79a64
--- /dev/null
+++ b/src/chrome/content/rules/imgburn.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		cdn.imgburn.com
+		guides.imgburn.com
+		mail.imgburn.com
+		translations.imgburn.com
+		update1.imgburn.com
+		update2.imgburn.com
+
+	Time out:
+		beta.imgburn.com
+		home.imgburn.com
+		update3.imgburn.com
+		www2.imgburn.com
+
+	Unreachable:
+		autodiscover.imgburn.com
+-->
+<ruleset name="imgburn.com">
+	<target host="imgburn.com" />
+	<target host="www.imgburn.com" />
+	<target host="download.imgburn.com" />
+	<target host="forum.imgburn.com" />
+	<target host="update.imgburn.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/imgoat.com.xml b/src/chrome/content/rules/imgoat.com.xml
deleted file mode 100644
index 20ce446d7679..000000000000
--- a/src/chrome/content/rules/imgoat.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="imgoat.com">
-	<target host="imgoat.com" />
-	<target host="www.imgoat.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/imgops.com.xml b/src/chrome/content/rules/imgops.com.xml
index 8e4f48b3f598..4bc58be5ce06 100644
--- a/src/chrome/content/rules/imgops.com.xml
+++ b/src/chrome/content/rules/imgops.com.xml
@@ -1,6 +1,6 @@
 <ruleset name="imgops.com">
 	<target host="imgops.com"/>
 	<target host="www.imgops.com"/>
-	
+
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/inetcom.ru.xml b/src/chrome/content/rules/inetcom.ru.xml
deleted file mode 100644
index a1295984bee8..000000000000
--- a/src/chrome/content/rules/inetcom.ru.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-inetcom.ru mismatch
-www.inetcom.ru mismatch
-mail.inetcom.ru self signed
-tv.inetcom.ru mismatch
-speedtest.inetcom.ru mismatch
-help.inetcom.ru mismatch
-pptp.inetcom.ru timed out
--->
-<ruleset name="inetcom.ru (partial)">
-	<target host="stat.inetcom.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/inetvl.ru.xml b/src/chrome/content/rules/inetvl.ru.xml
index 5d831f635056..61ba0b600790 100644
--- a/src/chrome/content/rules/inetvl.ru.xml
+++ b/src/chrome/content/rules/inetvl.ru.xml
@@ -32,7 +32,7 @@ w-host-52.inetvl.ru ³
 ³ timed out
 ⁴ self signed
 -->
-<ruleset name="inetvl.ru" default_off='failed ruleset test'>
+<ruleset name="inetvl.ru" default_off="failed ruleset test">
 	<target host="inetvl.ru" />
 	<target host="www.inetvl.ru" />
 	<target host="baza.inetvl.ru" />
diff --git a/src/chrome/content/rules/infinum.co.xml b/src/chrome/content/rules/infinum.co.xml
index 52f827014a73..c5cf14fd5c38 100644
--- a/src/chrome/content/rules/infinum.co.xml
+++ b/src/chrome/content/rules/infinum.co.xml
@@ -14,7 +14,7 @@ presence.infinum.co mixed content
 ¹ mismatch
 ² refused
 -->
-<ruleset name="infinum.co" default_off='failed ruleset test'>
+<ruleset name="infinum.co" default_off="failed ruleset test">
 	<target host="infinum.co" />
 	<target host="www.infinum.co" />
 	<target host="accounts.infinum.co" />
diff --git a/src/chrome/content/rules/info.gov.hk.xml b/src/chrome/content/rules/info.gov.hk.xml
new file mode 100644
index 000000000000..8e50fc6f154d
--- /dev/null
+++ b/src/chrome/content/rules/info.gov.hk.xml
@@ -0,0 +1,32 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Nonfunctional hosts in *.info.gov.hk:
+		- info.gov.hk (r)
+		- gia.info.gov.hk (m)
+		- cloud-sc-news.3dns.info.gov.hk (r)
+		- cloud-www-news.3dns.info.gov.hk (m)
+		- www-bookstore.3dns.info.gov.hk (m)
+		- www-censtatd.3dns.info.gov.hk (m)
+		- www-effo.3dns.info.gov.hk (m)
+		- www-eform.3dns.info.gov.hk (m)
+		- www-elegislation.3dns.info.gov.hk (m)
+		- www-infocloud.3dns.info.gov.hk (m)
+		- www-legis.3dns.info.gov.hk (t)
+		- www-map.3dns.info.gov.hk (m)
+		- www-sie.3dns.info.gov.hk (m)
+		- www-youth.3dns.info.gov.hk (m)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="info.gov.hk">
+	<target host="secure1.info.gov.hk" />
+	<target host="webcast.info.gov.hk" />
+	<target host="www.info.gov.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/infolan.by.xml b/src/chrome/content/rules/infolan.by.xml
index 8c101af89edc..5e683dfdd4dd 100644
--- a/src/chrome/content/rules/infolan.by.xml
+++ b/src/chrome/content/rules/infolan.by.xml
@@ -7,13 +7,13 @@ Fetch error: http://www.infolan.by/ => https://infolan.by/: (51, "SSL: no altern
 
 www.infolan.by self signed
 -->
-<ruleset name="infolan.by" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="infolan.by" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="infolan.by" />
 	<target host="www.infolan.by" />
-	
+
 	<rule from="^http://www\.infolan\.by/"
 		to="https://infolan.by/" />
-	
+
 	<test url="http://www.infolan.by/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/infosactu.com.xml b/src/chrome/content/rules/infosactu.com.xml
deleted file mode 100644
index 412c7f590d48..000000000000
--- a/src/chrome/content/rules/infosactu.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="infosactu.com">
-        <target host="infosactu.com" />
-        <target host="www.infosactu.com" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ingtes.ch.xml b/src/chrome/content/rules/ingtes.ch.xml
new file mode 100644
index 000000000000..625c831da8b4
--- /dev/null
+++ b/src/chrome/content/rules/ingtes.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="ingtes.ch">
+	<target host="ingtes.ch" />
+	<target host="www.ingtes.ch" />
+	<target host="mail.ingtes.ch" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/init.sh.xml b/src/chrome/content/rules/init.sh.xml
index 2463a54420cb..dea24532a48f 100644
--- a/src/chrome/content/rules/init.sh.xml
+++ b/src/chrome/content/rules/init.sh.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.init.sh/ => https://www.init.sh/: (60, 'SSL certificate
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="init.sh" default_off='failed ruleset test'>
+<ruleset name="init.sh" default_off="failed ruleset test">
 
 	<target host="init.sh" />
 	<target host="www.init.sh" />
diff --git a/src/chrome/content/rules/iniy.org.xml b/src/chrome/content/rules/iniy.org.xml
index 37457589d4d6..e662b939b910 100644
--- a/src/chrome/content/rules/iniy.org.xml
+++ b/src/chrome/content/rules/iniy.org.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.iniy.org/ => https://iniy.org/: (60, 'SSL certificate pr
 		- iniy.org
 
 -->
-<ruleset name="iniy.org" default_off='failed ruleset test'>
+<ruleset name="iniy.org" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/inl.gov.xml b/src/chrome/content/rules/inl.gov.xml
index f9c226b83514..906092be1d5b 100644
--- a/src/chrome/content/rules/inl.gov.xml
+++ b/src/chrome/content/rules/inl.gov.xml
@@ -64,7 +64,7 @@ Fetch error: http://nuclear.inl.gov/ => https://inlportal.inl.gov/portal/server.
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="INL.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="INL.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/inmediahk.net.xml b/src/chrome/content/rules/inmediahk.net.xml
new file mode 100644
index 000000000000..31142880ce93
--- /dev/null
+++ b/src/chrome/content/rules/inmediahk.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="inmediahk.net">
+	<target host="inmediahk.net" />
+	<target host="www.inmediahk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/intagme.com.xml b/src/chrome/content/rules/intagme.com.xml
index 997f076861af..774483916470 100644
--- a/src/chrome/content/rules/intagme.com.xml
+++ b/src/chrome/content/rules/intagme.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.intagme.com/ => https://www.intagme.com/: (28, 'Operatio
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Intagme.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Intagme.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="intagme.com" />
 	<target host="www.intagme.com" />
diff --git a/src/chrome/content/rules/intec.edu.za.xml b/src/chrome/content/rules/intec.edu.za.xml
new file mode 100644
index 000000000000..82cea871b0bf
--- /dev/null
+++ b/src/chrome/content/rules/intec.edu.za.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		www.virtual.intec.edu.za
+		www.myclass.intec.edu.za
+
+	Refused:
+		autodiscover.intec.edu.za
+		ftp.intec.edu.za
+		news.intec.edu.za
+		localhost.intec.edu.za
+
+	Time out:
+		www.fais.intec.edu.za
+		insurance.intec.edu.za
+		www.insurance.intec.edu.za
+		mail.intec.edu.za
+		studentportal.intec.edu.za
+		promos.intec.edu.za
+-->
+<ruleset name="intec.edu.za">
+	<target host="intec.edu.za" />
+	<target host="www.intec.edu.za" />
+	<target host="myclass.intec.edu.za" />
+
+	<rule from="^http://intec\.edu\.za/" to="https://www.intec.edu.za/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/integrityglobal.com.xml b/src/chrome/content/rules/integrityglobal.com.xml
deleted file mode 100644
index 372840cfe7bb..000000000000
--- a/src/chrome/content/rules/integrityglobal.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Integrity Global.com">
-
-	<target host="integrityglobal.com" />
-	<target host="www.integrityglobal.com" />
-
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/intellipoker.bg.xml b/src/chrome/content/rules/intellipoker.bg.xml
index 05bf8005bb4e..f74b3538c814 100644
--- a/src/chrome/content/rules/intellipoker.bg.xml
+++ b/src/chrome/content/rules/intellipoker.bg.xml
@@ -8,7 +8,7 @@ Fetch error: http://media.intellipoker.bg/ => https://media.intellipoker.bg/: (5
 		- .intellipoker.bg
 
 -->
-<ruleset name="IntelliPoker.bg" default_off='failed ruleset test'>
+<ruleset name="IntelliPoker.bg" default_off="failed ruleset test">
 
 	<target host="intellipoker.bg" />
 	<target host="media.intellipoker.bg" />
diff --git a/src/chrome/content/rules/intellnews.net.xml b/src/chrome/content/rules/intellnews.net.xml
index 2d93a2c2f538..d6f1a39da537 100644
--- a/src/chrome/content/rules/intellnews.net.xml
+++ b/src/chrome/content/rules/intellnews.net.xml
@@ -22,7 +22,7 @@ Fetch error: http://intellnews.net/ => https://www.intellnews.net/: (60, 'SSL ce
 	ˢ Secured by us
 
 -->
-<ruleset name="IntellNews.net" default_off='failed ruleset test'>
+<ruleset name="IntellNews.net" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/interactivepasts.com.xml b/src/chrome/content/rules/interactivepasts.com.xml
new file mode 100644
index 000000000000..93005660ec6f
--- /dev/null
+++ b/src/chrome/content/rules/interactivepasts.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="interactivepasts.com">
+	<target host="interactivepasts.com" />
+	<target host="www.interactivepasts.com" />
+	<target host="autodiscover.interactivepasts.com" />
+	<target host="cpanel.interactivepasts.com" />
+	<target host="ipv6.interactivepasts.com" />
+	<target host="mail.interactivepasts.com" />
+	<target host="webdisk.interactivepasts.com" />
+	<target host="webmail.interactivepasts.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/interactivepython.org.xml b/src/chrome/content/rules/interactivepython.org.xml
deleted file mode 100644
index 90a34d2ce4dc..000000000000
--- a/src/chrome/content/rules/interactivepython.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="interactivepython.org">
-	<target host="interactivepython.org" />
-	<target host="www.interactivepython.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/internetessentials.com.xml b/src/chrome/content/rules/internetessentials.com.xml
index 5819cd65a9e1..6cf369d889a0 100644
--- a/src/chrome/content/rules/internetessentials.com.xml
+++ b/src/chrome/content/rules/internetessentials.com.xml
@@ -16,7 +16,7 @@ Fetch error: http://learning.internetessentials.com/ => https://learning.interne
 		- partner.internetessentials.com
 
 -->
-<ruleset name="Internet Essentials.com" default_off='failed ruleset test'>
+<ruleset name="Internet Essentials.com" default_off="failed ruleset test">
 
 	<target host="internetessentials.com" />
 	<target host="aplicar.internetessentials.com" />
diff --git a/src/chrome/content/rules/internetua.com.xml b/src/chrome/content/rules/internetua.com.xml
new file mode 100644
index 000000000000..dbe7efd6c5c0
--- /dev/null
+++ b/src/chrome/content/rules/internetua.com.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		awards.internetua.com
+		blogs.internetua.com
+		magazine.internetua.com
+		news.internetua.com
+		office.internetua.com
+		old.internetua.com
+		projects.internetua.com
+		test.internetua.com
+-->
+<ruleset name="internetua.com">
+	<target host="internetua.com" />
+	<target host="www.internetua.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/intertelecom.ru.com.xml b/src/chrome/content/rules/intertelecom.ru.com.xml
index d0738fc67edd..b5194b281db5 100644
--- a/src/chrome/content/rules/intertelecom.ru.com.xml
+++ b/src/chrome/content/rules/intertelecom.ru.com.xml
@@ -7,7 +7,7 @@ intertelecom.ru.com revoked
 www.intertelecom.ru.com revoked
 old.intertelecom.ru.com revoked
 -->
-<ruleset name="intertelecom.ru.com (partial)" default_off='failed ruleset test'>
+<ruleset name="intertelecom.ru.com (partial)" default_off="failed ruleset test">
 	<target host="assa.intertelecom.ru.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/intsig.com.xml b/src/chrome/content/rules/intsig.com.xml
index f074b468bda9..79622a457921 100644
--- a/src/chrome/content/rules/intsig.com.xml
+++ b/src/chrome/content/rules/intsig.com.xml
@@ -31,7 +31,7 @@ Fetch error: http://www.intsig.com/ => https://www.intsig.com/: Too many redirec
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="IntSig.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="IntSig.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/intsig.net.xml b/src/chrome/content/rules/intsig.net.xml
index 7c163890987a..b561e9cc730d 100644
--- a/src/chrome/content/rules/intsig.net.xml
+++ b/src/chrome/content/rules/intsig.net.xml
@@ -23,7 +23,7 @@ Fetch error: http://www.intsig.net/ => https://www.intsig.net/: Too many redirec
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="IntSig.net (partial)" default_off='failed ruleset test'>
+<ruleset name="IntSig.net (partial)" default_off="failed ruleset test">
 
 	<target host="intsig.net" />
 	<target host="download.intsig.net" />
diff --git a/src/chrome/content/rules/invincealabs.com.xml b/src/chrome/content/rules/invincealabs.com.xml
deleted file mode 100644
index 940f6739140d..000000000000
--- a/src/chrome/content/rules/invincealabs.com.xml
+++ /dev/null
@@ -1,29 +0,0 @@
-<!--
-	STS header includes includeSubdomains
-	for ^, www 
-
--->
-<ruleset name="Invincea Labs.com">
-
-	<target host="invincealabs.com" />
-	<target host="*.invincealabs.com" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="^http://(?:[^./]+\.){2,}invincealabs\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.invincealabs.com/" />
-			<test url="http://exists.not.invincealabs.com/" />
-
-		<test url="http://www.invincealabs.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ipic.su.xml b/src/chrome/content/rules/ipic.su.xml
new file mode 100644
index 000000000000..8f604d9dc980
--- /dev/null
+++ b/src/chrome/content/rules/ipic.su.xml
@@ -0,0 +1,12 @@
+<!--
+	Refused:
+		d.ipic.su
+		dc-5c88388338a2.ipic.su
+		mail.ipic.su
+-->
+<ruleset name="ipic.su">
+	<target host="ipic.su" />
+	<target host="www.ipic.su" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/iplocation.net.xml b/src/chrome/content/rules/iplocation.net.xml
index 0f3df941c606..6dc3704ec8f8 100644
--- a/src/chrome/content/rules/iplocation.net.xml
+++ b/src/chrome/content/rules/iplocation.net.xml
@@ -14,5 +14,5 @@
 
 	<rule from="^http:"
 		to="https:" />
-		
+
 </ruleset>
diff --git a/src/chrome/content/rules/iqdb.xml b/src/chrome/content/rules/iqdb.xml
index b8fc1c63b9ed..6d060170300c 100644
--- a/src/chrome/content/rules/iqdb.xml
+++ b/src/chrome/content/rules/iqdb.xml
@@ -5,7 +5,7 @@
 
 <ruleset name="iqdb">
 	<target host="iqdb.org" />
-	<target host="3d.iqdb.org" />	
+	<target host="3d.iqdb.org" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/iqoption.com.xml b/src/chrome/content/rules/iqoption.com.xml
new file mode 100644
index 000000000000..78ad03d49b35
--- /dev/null
+++ b/src/chrome/content/rules/iqoption.com.xml
@@ -0,0 +1,19 @@
+<ruleset name="iq option.com">
+	<target host="iqoption.com" />
+	<target host="www.iqoption.com" />
+	<target host="affiliate.iqoption.com" />
+	<target host="blog.iqoption.com" />
+	<target host="cpa.iqoption.com" />
+	<target host="track.cpa.iqoption.com" />
+	<target host="eu.iqoption.com" />
+	<target host="fsms.iqoption.com" />
+	<test url="http://fsms.iqoption.com/storage/public/5e/2e/df8a006181j5g7f9e9.html" />
+	<test url="http://fsms.iqoption.com/storage/public/5e/31/b06e97d037b2a9c0d1.html" />
+	<target host="ib.iqoption.com" />
+	<target host="job.iqoption.com" />
+	<target host="updates.iqoption.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/irc.lc.xml b/src/chrome/content/rules/irc.lc.xml
index 0fda010b8772..d2efc68eabd3 100644
--- a/src/chrome/content/rules/irc.lc.xml
+++ b/src/chrome/content/rules/irc.lc.xml
@@ -9,7 +9,7 @@ Fetch error: http://dev.irc.lc/ => https://dev.irc.lc/: (51, "SSL: no alternativ
 	Refused:
 		- pad.irc.lc
 -->
-<ruleset name="irc.lc" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="irc.lc" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="irc.lc" />
 	<target host="www.irc.lc" />
 	<target host="dev.irc.lc" />
diff --git a/src/chrome/content/rules/ireceivesmsonline.com.xml b/src/chrome/content/rules/ireceivesmsonline.com.xml
deleted file mode 100644
index c25c39d120f6..000000000000
--- a/src/chrome/content/rules/ireceivesmsonline.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="ireceivesmsonline.com">
-	<target host="ireceivesmsonline.com" />
-	<target host="www.ireceivesmsonline.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/irfree.com.xml b/src/chrome/content/rules/irfree.com.xml
deleted file mode 100644
index 0c1b1858f459..000000000000
--- a/src/chrome/content/rules/irfree.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="IRfree.com">
-
-	<target host="irfree.com" />
-	<target host="www.irfree.com" />
-
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/irrlab.com.xml b/src/chrome/content/rules/irrlab.com.xml
index cb9e4407101a..ef9f7d424d26 100644
--- a/src/chrome/content/rules/irrlab.com.xml
+++ b/src/chrome/content/rules/irrlab.com.xml
@@ -1,6 +1,6 @@
 <!--
 	Wildcard DNS but without wildcard certificate.
-	
+
 	All other subdomains are mismatched.
 
 -->
diff --git a/src/chrome/content/rules/is74.ru.xml b/src/chrome/content/rules/is74.ru.xml
index a592dca8b57b..0221ded5099e 100644
--- a/src/chrome/content/rules/is74.ru.xml
+++ b/src/chrome/content/rules/is74.ru.xml
@@ -14,7 +14,7 @@ pomni.is74.ru different content
 pjreo.is74.ru different content
 lk.is74.ru different content
 -->
-<ruleset name="is74.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="is74.ru (partial)" default_off="failed ruleset test">
 	<target host="mail.is74.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/islandhealth.ca.xml b/src/chrome/content/rules/islandhealth.ca.xml
new file mode 100644
index 000000000000..5d165fa38a0d
--- /dev/null
+++ b/src/chrome/content/rules/islandhealth.ca.xml
@@ -0,0 +1,17 @@
+<ruleset name="islandhealth.ca">
+
+	<target host="islandhealth.ca" />
+	<target host="www.islandhealth.ca" />
+  <target host="communitygrants.islandhealth.ca" />
+  <target host="gateway.islandhealth.ca" />
+  <target host="info.islandhealth.ca" />
+  <target host="ihealtharchive.islandhealth.ca" />
+  <target host="medicalstaff.islandhealth.ca" />
+  <target host="msr-review.islandhealth.ca" />
+  <target host="myhealth.islandhealth.ca" />
+  <target host="nihp.islandhealth.ca" />
+  <target host="spark.islandhealth.ca" />
+  
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/istockimg.com.xml b/src/chrome/content/rules/istockimg.com.xml
deleted file mode 100644
index 8c2310e693eb..000000000000
--- a/src/chrome/content/rules/istockimg.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For other iStockphoto coverage, see IStock_photo.com.xml.
-
--->
-<ruleset name="iStock img.com">
-
-	<target host="i.istockimg.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/istockphoto.com.xml b/src/chrome/content/rules/istockphoto.com.xml
deleted file mode 100644
index f459d08fdc97..000000000000
--- a/src/chrome/content/rules/istockphoto.com.xml
+++ /dev/null
@@ -1,155 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://istockphoto.com/ => https://istockphoto.com/: Too many redirects while fetching 'https://istockphoto.com/'
-Fetch error: http://refer.istockphoto.com/ => https://refer.istockphoto.com/: Too many redirects while fetching 'https://refer.istockphoto.com/'
-
-	Nonfunctional hosts in istockphoto.com:
-
-		- content ᵈ
-		- fuel ᵀ
-		- www1 ⁵
-		- www2 ⁴
-
-	⁴ 504
-	⁵ 500
-	ᵈ Dropped
-	ᵀ Tumblr/refused
-
-
-	Problematic hosts in istockphoto.com:
-
-		- deutsch ᴬ
-		- espanol ᴬ
-		- francais ᴬ
-		- hangul ᴬ
-		- italiano ᴬ
-		- jezykpolski ᴬ
-		- nihongo ᴬ
-		- portugues ᴬ
-		- portuguesbrasileiro ᴬ
-		- russki ᴬ
-
-	ᴬ Akamai/mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- .istockphoto.com
-
--->
-<ruleset name="iStockphoto.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="istockphoto.com" />
-	<target host="refer.istockphoto.com" />
-	<target host="secure.istockphoto.com" />
-	<target host="www.istockphoto.com" />
-	<target host="xmlrpc.istockphoto.com" />
-
-	<!--	Complications:
-				-->
-	<target host="deutsch.istockphoto.com" />
-	<target host="espanol.istockphoto.com" />
-	<target host="francais.istockphoto.com" />
-	<target host="hangul.istockphoto.com" />
-	<target host="italiano.istockphoto.com" />
-	<target host="jezykpolski.istockphoto.com" />
-	<target host="nihongo.istockphoto.com" />
-	<target host="portugues.istockphoto.com" />
-	<target host="portuguesbrasileiro.istockphoto.com" />
-	<target host="russki.istockphoto.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.istockphoto\.com$" name="^(?:IS_MARIN_UUID|MemberHash|iStockSession|istockconv|u_s)$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://deutsch\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/de/" />
-
-		<test url="http://deutsch.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://espanol\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/es/" />
-
-		<test url="http://espanol.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://francais\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/fr/" />
-
-		<test url="http://francais.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://hangul\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/kr/" />
-
-		<test url="http://hangul.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://italiano\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/it/" />
-
-		<test url="http://italiano.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://jezykpolski\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/pl/" />
-
-		<test url="http://jezykpolski.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://nihongo\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/jp/" />
-
-		<test url="http://nihongo.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://portugues\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/pt/" />
-
-		<test url="http://portugues.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://portuguesbrasileiro\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/br/" />
-
-		<test url="http://portuguesbrasileiro.istockphoto.com/home.php" />
-
-	<!--	Redirect keeps path and args,
-		but not forward slash:
-					-->
-	<rule from="^http://russki\.istockphoto\.com/+"
-		to="https://www.istockphoto.com/ru/" />
-
-		<test url="http://russki.istockphoto.com/home.php" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/itex.ru.xml b/src/chrome/content/rules/itex.ru.xml
index 669917450a01..265c25cfea76 100644
--- a/src/chrome/content/rules/itex.ru.xml
+++ b/src/chrome/content/rules/itex.ru.xml
@@ -12,7 +12,7 @@ git.itex.ru ²
 
 ² refused
 -->
-<ruleset name="itex.ru" default_off='failed ruleset test'>
+<ruleset name="itex.ru" default_off="failed ruleset test">
 	<target host="itex.ru" />
 	<target host="www.itex.ru" />
 
diff --git a/src/chrome/content/rules/ius.io.xml b/src/chrome/content/rules/ius.io.xml
index 56130f0db055..e1c851632eea 100644
--- a/src/chrome/content/rules/ius.io.xml
+++ b/src/chrome/content/rules/ius.io.xml
@@ -1,4 +1,9 @@
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://www.ius.io/ => https://www.ius.io/: (6, 'Could not resolve host: www.ius.io')
+Fetch error: http://web01.ius.io/ => https://web01.ius.io/: (35, 'error:14094438:SSL routines:ssl3_read_bytes:tlsv1 alert internal error')
+
 	STS header includes includeSubdomains.
 
 -->
@@ -16,12 +21,12 @@
 			<test url="http://this.host.ius.io/" />
 			<test url="http://exists.not.ius.io/" />
 
-		<test url="http://www.ius.io/" />
-
+		<test url="http://setup.ius.io/" />
+    <test url="http://repo.ius.io/" />
+    <test url="http://old.ius.io/" />
 
 	<securecookie host=".+" name=".+" />
 
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/ivsezaodnogo.ru.xml b/src/chrome/content/rules/ivsezaodnogo.ru.xml
index 41e8f5fa2e34..a9d51e4a520d 100644
--- a/src/chrome/content/rules/ivsezaodnogo.ru.xml
+++ b/src/chrome/content/rules/ivsezaodnogo.ru.xml
@@ -8,7 +8,7 @@
 		- www.ivsezaodnogo.ru
 
 -->
-<ruleset name="ivsezaodnogo.ru" default_off="missing certificate chain">
+<ruleset name="ivsezaodnogo.ru" default_off="cert-chain">
 
 	<target host="ivsezaodnogo.ru" />
 	<target host="www.ivsezaodnogo.ru" />
diff --git a/src/chrome/content/rules/iweb.co.uk.xml b/src/chrome/content/rules/iweb.co.uk.xml
index 24dc3a075404..1aef232b1f8b 100644
--- a/src/chrome/content/rules/iweb.co.uk.xml
+++ b/src/chrome/content/rules/iweb.co.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://dfblog.iweb.co.uk/ => https://dfblog.iweb.co.uk/: (35, 'error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol')
 
 -->
-<ruleset name="iWeb.co.uk" default_off='failed ruleset test'>
+<ruleset name="iWeb.co.uk" default_off="failed ruleset test">
 
 	<target host="iweb.co.uk" />
 	<target host="dfblog.iweb.co.uk" />
diff --git a/src/chrome/content/rules/iwi-i.xml b/src/chrome/content/rules/iwi-i.xml
deleted file mode 100644
index 103cb3439317..000000000000
--- a/src/chrome/content/rules/iwi-i.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="IWI-I-Info Studenten App">
-
-	<target host="iwi-i.info" />
-	<target host="www.iwi-i.info" />
-	<target host="pebbleconfig.iwi-i.info" />
-	<target host="www.pebbleconfig.iwi-i.info" />
-	<target host="piwik.iwi-i.info" />
-	<target host="www.piwik.iwi-i.info" />
-	<target host="smartclassroom.iwi-i.info" />
-	<target host="www.smartclassroom.iwi-i.info" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/jacklmoore.com.xml b/src/chrome/content/rules/jacklmoore.com.xml
new file mode 100644
index 000000000000..60e947cadba3
--- /dev/null
+++ b/src/chrome/content/rules/jacklmoore.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Problematic subdomains:
+		jacklmoore.com (certificate mismatch)
+-->
+<ruleset name="jacklmoore.com">
+	<target host="jacklmoore.com" />
+	<target host="www.jacklmoore.com" />
+
+	<rule from="^http://jacklmoore\.com/" to="https://www.jacklmoore.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jacksonzoo.org.xml b/src/chrome/content/rules/jacksonzoo.org.xml
new file mode 100644
index 000000000000..00bb54271d28
--- /dev/null
+++ b/src/chrome/content/rules/jacksonzoo.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		ftp.jacksonzoo.org
+		mail.jacksonzoo.org
+		webmail.jacksonzoo.org
+-->
+<ruleset name="jacksonzoo.org">
+	<target host="jacksonzoo.org" />
+	<target host="www.jacksonzoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jacktrammellmusic.com.xml b/src/chrome/content/rules/jacktrammellmusic.com.xml
new file mode 100644
index 000000000000..a48099f3f830
--- /dev/null
+++ b/src/chrome/content/rules/jacktrammellmusic.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="jacktrammellmusic.com">
+	<target host="jacktrammellmusic.com" />
+	<target host="www.jacktrammellmusic.com" />
+	<target host="autodiscover.jacktrammellmusic.com" />
+	<target host="cpanel.jacktrammellmusic.com" />
+	<target host="webdisk.jacktrammellmusic.com" />
+	<target host="webmail.jacktrammellmusic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jaist.ac.jp.xml b/src/chrome/content/rules/jaist.ac.jp.xml
new file mode 100644
index 000000000000..40806789b0c9
--- /dev/null
+++ b/src/chrome/content/rules/jaist.ac.jp.xml
@@ -0,0 +1,10 @@
+<ruleset name="jaist.ac.jp">
+	<target host="jaist.ac.jp" />
+	<target host="www.jaist.ac.jp" />
+	<target host="fp.jaist.ac.jp" />
+	<target host="ftp.jaist.ac.jp" />
+	<target host="dspace.jaist.ac.jp" />
+	<target host="auth.jaist.ac.jp" />
+	<target host="web-mail.jaist.ac.jp" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jaoa.org.xml b/src/chrome/content/rules/jaoa.org.xml
index dd2aafd0f97e..e455d999616b 100644
--- a/src/chrome/content/rules/jaoa.org.xml
+++ b/src/chrome/content/rules/jaoa.org.xml
@@ -1,9 +1,9 @@
 <!--
 	Refused:
 		sitemaster.jaoa.org
-		
+
 -->
-<ruleset name="Journal of American Osteopathic Association" default_off="missing certificate chain">
+<ruleset name="Journal of American Osteopathic Association" default_off="cert-chain">
 
 	<target host="jaoa.org" />
 	<target host="www.jaoa.org" />
diff --git a/src/chrome/content/rules/javaops.ru.xml b/src/chrome/content/rules/javaops.ru.xml
new file mode 100644
index 000000000000..978162303799
--- /dev/null
+++ b/src/chrome/content/rules/javaops.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.javaops.ru
+-->
+<ruleset name="javaops.ru">
+	<target host="javaops.ru" />
+	<target host="www.javaops.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jeman.de.xml b/src/chrome/content/rules/jeman.de.xml
index 1b2301b423bb..505c81a1a118 100644
--- a/src/chrome/content/rules/jeman.de.xml
+++ b/src/chrome/content/rules/jeman.de.xml
@@ -4,9 +4,9 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://jeman.de/ => https://jeman.de/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="jeman.de" default_off='failed ruleset test'>
+<ruleset name="jeman.de" default_off="failed ruleset test">
         <target host="jeman.de" />
 
         <rule from="^http:"
                 to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/jenkins.io.xml b/src/chrome/content/rules/jenkins.io.xml
index c9cbb7719cf8..be5a521c2803 100644
--- a/src/chrome/content/rules/jenkins.io.xml
+++ b/src/chrome/content/rules/jenkins.io.xml
@@ -1,28 +1,41 @@
 <!--
 	Invalid certificate:
-	  beta.jenkins.io
-	  javadoc.jenkins.io
-	  l10n.jenkins.io
+	  nginx.azure.jenkins.io
+	  azure.ci.jenkins.io
+	  lettuce.jenkins.io
 	  mirrors.jenkins.io
-	  puppet.jenkins.io
-	  reports.jenkins.io
-	  stats.jenkins.io
+
+	Refused:
+	  release.ci.jenkins.io
+	  release.repo.jenkins.io
+
+	Timeout:
+	  ldap.jenkins.io
 -->
 <ruleset name="jenkins.io">
+
 	<target host="jenkins.io" />
 	<target host="www.jenkins.io" />
 	<target host="accounts.jenkins.io" />
-	<target host="beta.accounts.jenkins.io" />
-	<target host="plugins.azure.jenkins.io" />
 	<target host="repo.azure.jenkins.io" />
+	<target host="updates.azure.jenkins.io" />
 	<target host="ci.jenkins.io" />
+	<target host="evergreen.jenkins.io" />
+	<target host="issues.jenkins.io" />
+	<target host="javadoc.jenkins.io" />
 	<target host="pkg.jenkins.io" />
 	<target host="plugins.jenkins.io" />
 	<target host="rating.jenkins.io" />
 		<test url="http://rating.jenkins.io/rate/result.php" />
+	<target host="reports.jenkins.io" />
+	<target host="stats.jenkins.io" />
 	<target host="updates.jenkins.io" />
+	<target host="uplink.jenkins.io" />
 	<target host="usage.jenkins.io" />
 	<target host="wiki.jenkins.io" />
 
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/jeremyheminger.com.xml b/src/chrome/content/rules/jeremyheminger.com.xml
new file mode 100644
index 000000000000..491086d1036e
--- /dev/null
+++ b/src/chrome/content/rules/jeremyheminger.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		adftw.jeremyheminger.com
+-->
+<ruleset name="jeremyheminger.com">
+	<target host="jeremyheminger.com" />
+	<target host="www.jeremyheminger.com" />
+	<target host="autodiscover.jeremyheminger.com" />
+	<target host="cpanel.jeremyheminger.com" />
+	<target host="demo.jeremyheminger.com" />
+	<target host="www.demo.jeremyheminger.com" />
+	<target host="phone.jeremyheminger.com" />
+	<target host="www.phone.jeremyheminger.com" />
+	<target host="tst.jeremyheminger.com" />
+	<target host="www.tst.jeremyheminger.com" />
+	<target host="ug.jeremyheminger.com" />
+	<target host="webdisk.jeremyheminger.com" />
+	<target host="webmail.jeremyheminger.com" />
+	<target host="wesmantooth.jeremyheminger.com" />
+	<target host="www.wesmantooth.jeremyheminger.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jibbed.org.xml b/src/chrome/content/rules/jibbed.org.xml
index 484f15148116..577d8e4e3c65 100644
--- a/src/chrome/content/rules/jibbed.org.xml
+++ b/src/chrome/content/rules/jibbed.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://jibbed.org/ => https://jibbed.org/: (60, 'SSL certificate pr
 Fetch error: http://dus.jibbed.org/ => https://dus.jibbed.org/: (7, 'Failed to connect to dus.jibbed.org port 443: Connection timed out')
 
 -->
-<ruleset name="jibbed.org" default_off='failed ruleset test'>
+<ruleset name="jibbed.org" default_off="failed ruleset test">
 	<target host="jibbed.org" />
 	<target host="www.jibbed.org" />
 	<target host="dus.jibbed.org" />
diff --git a/src/chrome/content/rules/jiri-dvorak.cz.xml b/src/chrome/content/rules/jiri-dvorak.cz.xml
new file mode 100644
index 000000000000..1d8c1a53c388
--- /dev/null
+++ b/src/chrome/content/rules/jiri-dvorak.cz.xml
@@ -0,0 +1,18 @@
+<!--
+	Redirect to HTTP:
+		subdomeny.jiri-dvorak.cz
+		www.subdomeny.jiri-dvorak.cz
+
+	Time out:
+		mail.jiri-dvorak.cz
+-->
+<ruleset name="jiri-dvorak.cz">
+	<target host="jiri-dvorak.cz" />
+	<target host="www.jiri-dvorak.cz" />
+	<target host="experiment.jiri-dvorak.cz" />
+	<target host="www.experiment.jiri-dvorak.cz" />
+	<target host="virtuallab.jiri-dvorak.cz" />
+	<target host="www.virtuallab.jiri-dvorak.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jklakshmicement.com.xml b/src/chrome/content/rules/jklakshmicement.com.xml
new file mode 100644
index 000000000000..2c1fa7914a2f
--- /dev/null
+++ b/src/chrome/content/rules/jklakshmicement.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		ftp.jklakshmicement.com
+-->
+<ruleset name="jklakshmicement.com">
+	<target host="jklakshmicement.com" />
+	<target host="www.jklakshmicement.com" />
+	<target host="mail.jklakshmicement.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jm.com.xml b/src/chrome/content/rules/jm.com.xml
index 9534e228447b..9e75053ae018 100644
--- a/src/chrome/content/rules/jm.com.xml
+++ b/src/chrome/content/rules/jm.com.xml
@@ -7,7 +7,6 @@ Fetch error: http://e-commerce.jm.com/ => https://e-commerce.jm.com/: (60, 'SSL
 
 	Other Johns Manville rulesets:
 
-		- jmconnexus.com.xml
 
 
 	^jm.com: Dropped
@@ -26,7 +25,7 @@ Fetch error: http://e-commerce.jm.com/ => https://e-commerce.jm.com/: (60, 'SSL
 	ᵐ Pardot / mismatched
 
 -->
-<ruleset name="JM.com (partial)" default_off='failed ruleset test'>
+<ruleset name="JM.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/jma.go.jp.xml b/src/chrome/content/rules/jma.go.jp.xml
new file mode 100644
index 000000000000..ee73030747e1
--- /dev/null
+++ b/src/chrome/content/rules/jma.go.jp.xml
@@ -0,0 +1,7 @@
+<ruleset name="Japan Meteorological Agency">
+	<target host="www.jma.go.jp" />
+	<target host="www.data.jma.go.jp" />
+	<target host="ds.data.jma.go.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jmconnexus.com.xml b/src/chrome/content/rules/jmconnexus.com.xml
deleted file mode 100644
index a1a4b045b72d..000000000000
--- a/src/chrome/content/rules/jmconnexus.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Johns Manville coverage, see jm.com.xml.
-
-
-	^jmconnexus.com: Shows another domain
-
--->
-<ruleset name="JMConnexus.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.jmconnexus.com" />
-
-	<!--	Complications:
-				-->
-	<target host="jmconnexus.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://jmconnexus\.com/"
-		to="https://www.jmconnexus.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/jmd4you.de.xml b/src/chrome/content/rules/jmd4you.de.xml
new file mode 100644
index 000000000000..b10c89a2ba93
--- /dev/null
+++ b/src/chrome/content/rules/jmd4you.de.xml
@@ -0,0 +1,17 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		pop.jmd4you.de
+		preview.jmd4you.de
+		ww.jmd4you.de
+-->
+<ruleset name="jmd4you.de">
+
+	<target host="jmd4you.de" />
+	<target host="www.jmd4you.de" />
+	<target host="livechat.jmd4you.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/jmsustainability.com.xml b/src/chrome/content/rules/jmsustainability.com.xml
new file mode 100644
index 000000000000..1d393d1d638f
--- /dev/null
+++ b/src/chrome/content/rules/jmsustainability.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="jmsustainability.com">
+  <target host="jmsustainability.com" />
+	<target host="www.jmsustainability.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joanganzcooneycenter.org.xml b/src/chrome/content/rules/joanganzcooneycenter.org.xml
new file mode 100644
index 000000000000..a65290932f84
--- /dev/null
+++ b/src/chrome/content/rules/joanganzcooneycenter.org.xml
@@ -0,0 +1,10 @@
+<!--
+	Time out:
+		old.joanganzcooneycenter.org
+-->
+<ruleset name="joanganzcooneycenter.org">
+	<target host="joanganzcooneycenter.org" />
+	<target host="www.joanganzcooneycenter.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jobcorps.gov-resources.xml b/src/chrome/content/rules/jobcorps.gov-resources.xml
index 3f623154c1eb..5c56e574da12 100644
--- a/src/chrome/content/rules/jobcorps.gov-resources.xml
+++ b/src/chrome/content/rules/jobcorps.gov-resources.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.jobcorps.gov/favicon.ico => https://www.jobcorps.gov/fav
 	and no mixed content secured.
 
 -->
-<ruleset name="Job Corps.gov (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Job Corps.gov (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="jobcorps.gov" />
 	<target host="www.jobcorps.gov" />
diff --git a/src/chrome/content/rules/jobs.ch.xml b/src/chrome/content/rules/jobs.ch.xml
deleted file mode 100644
index 01dcb863936a..000000000000
--- a/src/chrome/content/rules/jobs.ch.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="jobs.ch">
-	<target host="jobcloud.ch"/>
-	<target host="*.jobcloud.ch"/>
-
-	<rule from="^http://([^/:@]*\.)?jobcloud\.ch/"
-			to="https://$1jobcloud.ch/"/>
-</ruleset>
diff --git a/src/chrome/content/rules/jobs.gov.hk.xml b/src/chrome/content/rules/jobs.gov.hk.xml
index 34ae547e131a..e325739d01d0 100644
--- a/src/chrome/content/rules/jobs.gov.hk.xml
+++ b/src/chrome/content/rules/jobs.gov.hk.xml
@@ -14,7 +14,7 @@
 	<target host="www2.jobs.gov.hk" />
 
 	<securecookie host=".+" name=".+" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 	      	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/joejulian.name.xml b/src/chrome/content/rules/joejulian.name.xml
index 65110e4ec095..8a8e5305bcbd 100644
--- a/src/chrome/content/rules/joejulian.name.xml
+++ b/src/chrome/content/rules/joejulian.name.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://www.joejulian.name/ (200) => https://www.joejulian.name/ (400)
 
 -->
-<ruleset name="Joe Julian.name" default_off='failed ruleset test'>
+<ruleset name="Joe Julian.name" default_off="failed ruleset test">
 
 	<target host="joejulian.name" />
 	<target host="www.joejulian.name" />
diff --git a/src/chrome/content/rules/jomsocial.com.xml b/src/chrome/content/rules/jomsocial.com.xml
new file mode 100644
index 000000000000..1a28a0422a30
--- /dev/null
+++ b/src/chrome/content/rules/jomsocial.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		news.jomsocial.com
+		www.demo.jomsocial.com
+
+	Refused:
+		localhost.jomsocial.com
+
+	Time out:
+		webmail.jomsocial.com
+-->
+<ruleset name="jomsocial.com">
+	<target host="jomsocial.com" />
+	<target host="www.jomsocial.com" />
+	<target host="demo.jomsocial.com" />
+	<target host="autodiscover.demo.jomsocial.com" />
+	<target host="cpanel.demo.jomsocial.com" />
+	<target host="js-socialize.demo.jomsocial.com" />
+	<target host="mail.demo.jomsocial.com" />
+	<target host="webdisk.demo.jomsocial.com" />
+	<target host="webmail.demo.jomsocial.com" />
+	<target host="documentation.jomsocial.com" />
+	<target host="ref.jomsocial.com" />
+	<target host="socialize.jomsocial.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joxi.net.xml b/src/chrome/content/rules/joxi.net.xml
new file mode 100644
index 000000000000..16dbf205fb13
--- /dev/null
+++ b/src/chrome/content/rules/joxi.net.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		mail.joxi.net
+-->
+<ruleset name="joxi.net">
+	<target host="joxi.net" />
+	<target host="www.joxi.net" />
+	<target host="api.joxi.net" />
+	<target host="dl1.joxi.net" />
+	<target host="dl2.joxi.net" />
+	<target host="dl3.joxi.net" />
+	<target host="dl4.joxi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/joycasino.com.xml b/src/chrome/content/rules/joycasino.com.xml
index 00631468576c..805a872754b0 100644
--- a/src/chrome/content/rules/joycasino.com.xml
+++ b/src/chrome/content/rules/joycasino.com.xml
@@ -41,7 +41,7 @@ www.joy-kazino.com 520
 www.joycazino.com mismatch
 www.joykazino.com 520
 www.joycasino9.com 522-->
-<ruleset name="joycasino.com" default_off='failed ruleset test'>
+<ruleset name="joycasino.com" default_off="failed ruleset test">
 	<target host="10joycasino.com" />
 	<target host="11joycasino.com" />
 	<target host="12joycasino.com" />
@@ -114,9 +114,9 @@ www.joycasino9.com 522-->
 	<target host="www.joycasino9.com" />
 	<target host="www.joycazino.com" />
 	<target host="www.joykazino.com" />
-	
+
 	<rule from="^http://www\.(joy-cazino\.com|joy-kazino\.com|joycazino\.com|joykazino\.com|joycasino9\.com)/"
 		to="https://$1/" />
-	
+
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/js1k.com.xml b/src/chrome/content/rules/js1k.com.xml
new file mode 100644
index 000000000000..bfea1e78b3a3
--- /dev/null
+++ b/src/chrome/content/rules/js1k.com.xml
@@ -0,0 +1,12 @@
+<!--
+	Invalid certificate:
+		ftp.js1k.com
+		ssh.js1k.com
+-->
+<ruleset name="js1k.com">
+	<target host="js1k.com" />
+	<target host="www.js1k.com" />
+
+	<rule from="^http://www\.js1k\.com/" to="https://js1k.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/jsbin.com.xml b/src/chrome/content/rules/jsbin.com.xml
index 34a8c318859e..246cc5e41066 100644
--- a/src/chrome/content/rules/jsbin.com.xml
+++ b/src/chrome/content/rules/jsbin.com.xml
@@ -1,36 +1,24 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://chetharrison.jsbin.com/ => https://chetharrison.jsbin.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-Fetch error: http://simevidas.jsbin.com/ => https://simevidas.jsbin.com/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
-
-	Different HTTP/HTTPS response:
-		learn.jsbin.com
-
 	Invalid certificate:
-		status.jsbin.com
-
-	No working URL known:
-		origin-static.jsbin.com
+		old.jsbin.com
+		share.jsbin.com
+		stats.jsbin.com
 
+	Time out:
+		apps.jsbin.com
 -->
-<ruleset name="jsbin.com" default_off='failed ruleset test'>
+<ruleset name="jsbin.com">
 	<target host="jsbin.com" />
 	<target host="www.jsbin.com" />
-	<target host="chetharrison.jsbin.com" />
-	<target host="dave.jsbin.com" />
-	<target host="emberjs.jsbin.com" />
-	<target host="justinbmeyer.jsbin.com" />
-	<target host="metasean.jsbin.com" />
-	<target host="null.jsbin.com" />
+	<target host="4.jsbin.com" />
+	<target host="api.jsbin.com" />
+	<target host="bsa.jsbin.com" />
+	<target host="help.jsbin.com" />
 	<target host="output.jsbin.com" />
-	<target host="react.jsbin.com" />
-	<target host="rem.jsbin.com" />
-	<target host="simevidas.jsbin.com" />
-	<target host="static.jsbin.com" />
-		<test url="http://static.jsbin.com/images/favicon.svg" />
-	<target host="thatemil.jsbin.com" />
-	<target host="thomasburleson.jsbin.com" />
+	<target host="post.jsbin.com" />
+	<target host="v5.jsbin.com" />
+	<target host="v5-runner.jsbin.com" />
 
+	<rule from="^http://www\.jsbin\.com/" to="https://jsbin.com/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/jsdelivr.com.xml b/src/chrome/content/rules/jsdelivr.com.xml
deleted file mode 100644
index 3ad67883b5ca..000000000000
--- a/src/chrome/content/rules/jsdelivr.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="jsDelivr.com">
-
-	<target host="www.jsdelivr.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/jsrdn.com.xml b/src/chrome/content/rules/jsrdn.com.xml
index 39a0e06bcaea..ebd864c07896 100644
--- a/src/chrome/content/rules/jsrdn.com.xml
+++ b/src/chrome/content/rules/jsrdn.com.xml
@@ -1,32 +1,28 @@
 <!--
-	These altnames do not exist:
+	Chain issues:
+		- heroku.jsrdn.com
 
-		- www.c.jsrdn.com
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .jsrdn.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
+	Timeout:
+		- metrics.jsrdn.com
 
+	Cert mismatch:
+		- assets.jsrdn.com
+		- r53.jsrdn.com
+		- s3.jsrdn.com
+		- s3-us-west-2.jsrdn.com
 -->
 <ruleset name="jsrdn.com">
 
+	<target host="a.jsrdn.com" />
+	<target host="admin2.jsrdn.com" />
 	<target host="c.jsrdn.com" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://c.jsrdn.com/i/1.gif" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.jsrdn\.com$" name="^u$" /-->
+	<target host="i.jsrdn.com" />
+	<target host="portal2.jsrdn.com" />
+	<target host="s.jsrdn.com" />
+	<target host="v.jsrdn.com" />
 
 	<securecookie host=".+" name=".+" />
 
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/juick.com.xml b/src/chrome/content/rules/juick.com.xml
index 31ddde2f4f14..80bd09dc94e0 100644
--- a/src/chrome/content/rules/juick.com.xml
+++ b/src/chrome/content/rules/juick.com.xml
@@ -4,11 +4,10 @@ www.juick.com mismatch
 <ruleset name="juick.com">
 	<target host="juick.com" />
 	<target host="www.juick.com" />
-	
+
 	<rule from="^http://www\.juick\.com/"
 		to="https://juick.com/" />
-	
-	<test url="http://www.juick.com/" />
+
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/justeat.xml b/src/chrome/content/rules/justeat.xml
index b4c24e6bb4bd..800b7b5795d1 100644
--- a/src/chrome/content/rules/justeat.xml
+++ b/src/chrome/content/rules/justeat.xml
@@ -36,7 +36,7 @@ Fetch error: http://partner.justeat.nl/ => https://partner.justeat.nl/: (6, 'Cou
 		- www.plusdecommandes.fr
 		- www.eatonline.fr
 -->
-<ruleset name="Just Eat" default_off='failed ruleset test'>
+<ruleset name="Just Eat" default_off="failed ruleset test">
 
 	<!-- Global -->
 	<target host="just-eat.com" />
diff --git a/src/chrome/content/rules/justseedit.xml b/src/chrome/content/rules/justseedit.xml
index 2f2a5100c80e..a6c379b32611 100644
--- a/src/chrome/content/rules/justseedit.xml
+++ b/src/chrome/content/rules/justseedit.xml
@@ -1,7 +1,7 @@
 <ruleset name="justseed.it">
   <target host="justseed.it" />
   <target host="www.justseed.it" />
-  
+
   <rule from="^http:"
           to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/jwz.org.xml b/src/chrome/content/rules/jwz.org.xml
deleted file mode 100644
index e9617a3ff4b9..000000000000
--- a/src/chrome/content/rules/jwz.org.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="jwz.org">
-
-	<target host="jwz.org" />
-	<target host="www.jwz.org" />
-
-	<securecookie host="(^|\.)www\.jwz\.org$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/jydoll.cn.xml b/src/chrome/content/rules/jydoll.cn.xml
new file mode 100644
index 000000000000..24a980e7e51d
--- /dev/null
+++ b/src/chrome/content/rules/jydoll.cn.xml
@@ -0,0 +1,9 @@
+<ruleset name="jydoll.cn">
+	<target host="jydoll.cn" />
+	<target host="www.jydoll.cn" />
+	<target host="m.jydoll.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kabelbw.xml b/src/chrome/content/rules/kabelbw.xml
index d1b2b3e906cc..0b0d6c799225 100644
--- a/src/chrome/content/rules/kabelbw.xml
+++ b/src/chrome/content/rules/kabelbw.xml
@@ -2,4 +2,4 @@
   <target host="www.kabelbw.de" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/kancloud.cn.xml b/src/chrome/content/rules/kancloud.cn.xml
index 222116354237..c9741f8a3d02 100644
--- a/src/chrome/content/rules/kancloud.cn.xml
+++ b/src/chrome/content/rules/kancloud.cn.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://kancloud.cn/ (200) => https://kancloud.cn/ (404)
 	Different HTTP/HTTPS content:
 		git.kancloud.cn
 		release.kancloud.cn
-		
+
 	Invalid certificate:
 		help.kancloud.cn
 
@@ -14,8 +14,8 @@ Non-2xx HTTP code: http://kancloud.cn/ (200) => https://kancloud.cn/ (404)
 		box.kancloud.cn
 -->
 
-<ruleset name="kancloud.cn" default_off='failed ruleset test'>
-	
+<ruleset name="kancloud.cn" default_off="failed ruleset test">
+
 	<target host="box.kancloud.cn" />
 		<exclusion pattern="^http://box\.kancloud\.cn/(?!cover)" />
 		<test url="http://box.kancloud.cn/cover/dragonflyxyz/omxplayer-dbus-raspberrypi.jpg?imageMogr2/thumbnail/300x400!/interlace/1/quality/100" />
diff --git a/src/chrome/content/rules/kantonalbanken.xml b/src/chrome/content/rules/kantonalbanken.xml
index 6fbc41e97afc..a7543409aa47 100644
--- a/src/chrome/content/rules/kantonalbanken.xml
+++ b/src/chrome/content/rules/kantonalbanken.xml
@@ -10,7 +10,6 @@ Fetch error: http://advent.sgkb.ch/ => https://advent.sgkb.ch/: (60, 'SSL certif
 Fetch error: http://fxnet.sgkb.ch/ => https://fxnet.sgkb.ch/: (28, 'Connection timed out after 20001 milliseconds')
 Fetch error: http://tabs.sgkb.ch/ => https://tabs.sgkb.ch/: (60, 'SSL certificate problem: certificate has expired')
 Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'tradedirect.ch'")
-Fetch error: http://fxnet.zkb.ch/ => https://fxnet.zkb.ch/: (6, 'Could not resolve host: fxnet.zkb.ch')
 Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'tradedirect.ch'")
 
 	Problematic hosts:
@@ -20,9 +19,7 @@ Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no al
 	Not supported:
 	- newhome.ch
 -->
-<ruleset name="Schweizer Kantonalbanken" default_off='failed ruleset test'>
-	<target host="bancastato.ch"/>
-	<target host="*.bancastato.ch"/>
+<ruleset name="Schweizer Kantonalbanken" default_off="failed ruleset test">
 	<target host="bcf.ch"/>
 	<target host="*.bcf.ch"/>
 	<target host="bcge.ch"/>
@@ -63,14 +60,9 @@ Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no al
 	<target host="*.urkb.ch"/>
 	<target host="yourmoney.ch"/>
 	<target host="*.yourmoney.ch"/>
-	<target host="zkb.ch"/>
-	<target host="*.zkb.ch"/>
 	<target host="zugerkb.ch"/>
 	<target host="*.zugerkb.ch"/>
 
-	<test url="http://bancastato.ch/" />
-	<test url="http://www.bancastato.ch/" />
-	<test url="http://chart.bancastato.ch/" />
 	<test url="http://bcf.ch/" />
 	<test url="http://www.bcf.ch/" />
 	<test url="http://de.bcf.ch/" />
@@ -163,16 +155,12 @@ Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no al
 	<test url="http://yourmoney.ch/" />
 	<test url="http://www.yourmoney.ch/" />
 	<test url="http://mail.yourmoney.ch/" />
-	<test url="http://zkb.ch/" />
-	<test url="http://www.zkb.ch/" />
-	<test url="http://fxnet.zkb.ch/" />
 	<test url="http://zugerkb.ch/" />
 	<test url="http://www.zugerkb.ch/" />
 
 	<exclusion pattern="http://(www\.)?mobilebanking\.blkb\.ch"/>
 	<exclusion pattern="http://(blog|gb)\.blkb\.ch/"/>
 	<exclusion pattern="http://gb\.bkb\.ch/"/>
-	<exclusion pattern="http://chart\.bancastato\.ch"/>
 	<exclusion pattern="http://test\.bcf\.ch"/>
 	<exclusion pattern="http://structures\.bvc\.ch"/>
 	<exclusion pattern="http://grow\.gkb\.ch/"/>
@@ -184,9 +172,9 @@ Fetch error: http://tradedirect.ch/ => https://tradedirect.ch/: (51, "SSL: no al
 	<exclusion pattern="http://kredit\.tkb\.ch/"/>
 	<exclusion pattern="http://mail\.yourmoney\.ch"/>
 
-	<securecookie host="^(?:.*\.)?(bancastato|bcf|bcge|bcj|bcn|bcv|bekb|bkb|blkb|gkb|glkb|lukb|nkb|owkb|sgkb|shkb|szkb|tkb|urkb|yourmoney|zkb|zugerkb).ch$" name=".+" />
+	<securecookie host="^(?:.*\.)?(bcf|bcge|bcj|bcn|bcv|bekb|bkb|blkb|gkb|glkb|lukb|nkb|owkb|sgkb|shkb|szkb|tkb|urkb|yourmoney|zugerkb).ch$" name=".+" />
 
-	<rule from="^http://(bancastato|bcf|bcge|bcj|bcn|bcv|bekb|bkb|blkb|gkb|glkb|lukb|nkb|owkb|sgkb|shkb|szkb|tkb|urkb|yourmoney|zkb|zugerkb)\.ch/"
+	<rule from="^http://(bcf|bcge|bcj|bcn|bcv|bekb|bkb|blkb|gkb|glkb|lukb|nkb|owkb|sgkb|shkb|szkb|tkb|urkb|yourmoney|zugerkb)\.ch/"
 		to="https://www.$1.ch/"/>
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/kanyebay.co.uk.xml b/src/chrome/content/rules/kanyebay.co.uk.xml
deleted file mode 100644
index 5b7f90afd609..000000000000
--- a/src/chrome/content/rules/kanyebay.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="kanyebay.co.uk">
-	<target host="kanyebay.co.uk" />
-	<target host="www.kanyebay.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/kapital.kz.xml b/src/chrome/content/rules/kapital.kz.xml
deleted file mode 100644
index a5c011bd77c0..000000000000
--- a/src/chrome/content/rules/kapital.kz.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.kapital.kz/ => https://www.kapital.kz/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kapital.kz'")
-
--->
-<ruleset name="kapital.kz" default_off='failed ruleset test'>
-	<target host="kapital.kz" />
-	<target host="www.kapital.kz" />
-	<target host="m.kapital.kz" />
-	<target host="i.kapital.kz" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/kaprica.com.xml b/src/chrome/content/rules/kaprica.com.xml
index 04b314013c92..40188ba8e501 100644
--- a/src/chrome/content/rules/kaprica.com.xml
+++ b/src/chrome/content/rules/kaprica.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://kaprica.com/ => https://kaprica.com/: (60, 'SSL certificate
 Fetch error: http://www.kaprica.com/ => https://www.kaprica.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Kaprica.com" default_off='failed ruleset test'>
+<ruleset name="Kaprica.com" default_off="failed ruleset test">
 
 	<target host="kaprica.com" />
 	<target host="www.kaprica.com" />
diff --git a/src/chrome/content/rules/karlsruhe.freifunk.net.xml b/src/chrome/content/rules/karlsruhe.freifunk.net.xml
index c10651a9ff64..d3b3d212c327 100644
--- a/src/chrome/content/rules/karlsruhe.freifunk.net.xml
+++ b/src/chrome/content/rules/karlsruhe.freifunk.net.xml
@@ -1,16 +1,31 @@
 <!--
 	Invalid certificate:
-		stats.karlsruhe.freifunk.net
+		autoconfig.karlsruhe.freifunk.net
+		autodiscover.karlsruhe.freifunk.net
+		mail.karlsruhe.freifunk.net
+		0.updates.services.karlsruhe.freifunk.net
+		1.updates.services.karlsruhe.freifunk.net
+
+	Timeout:
+		build1.karlsruhe.freifunk.net
+		lists.karlsruhe.freifunk.net
 -->
 <ruleset name="Freifunk Karlsruhe">
 
-	<target host="karlsruhe.freifunk.net"/>
-	<target host="api.karlsruhe.freifunk.net"/>
-	<target host="firmware.karlsruhe.freifunk.net"/>
-	<target host="map.karlsruhe.freifunk.net"/>
-	<target host="1.updates.services.karlsruhe.freifunk.net"/>
+	<target host="karlsruhe.freifunk.net" />
+	<target host="www.karlsruhe.freifunk.net" />
+	<target host="api.karlsruhe.freifunk.net" />
+	<target host="docs.karlsruhe.freifunk.net" />
+	<target host="firmware.karlsruhe.freifunk.net" />
+	<target host="forum.karlsruhe.freifunk.net" />
+	<target host="www.forum.karlsruhe.freifunk.net" />
+	<target host="git.karlsruhe.freifunk.net" />
+	<target host="gitlab.karlsruhe.freifunk.net" />
+	<target host="hackmd.karlsruhe.freifunk.net" />
+	<target host="map.karlsruhe.freifunk.net" />
+	<target host="pads.karlsruhe.freifunk.net" />
+	<target host="stats.karlsruhe.freifunk.net" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/keep4u.ru.xml b/src/chrome/content/rules/keep4u.ru.xml
new file mode 100644
index 000000000000..f240681f1b75
--- /dev/null
+++ b/src/chrome/content/rules/keep4u.ru.xml
@@ -0,0 +1,6 @@
+<ruleset name="keep4u.ru">
+	<target host="keep4u.ru" />
+	<target host="www.keep4u.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kennedy-center.org.xml b/src/chrome/content/rules/kennedy-center.org.xml
index 9f345fc332f9..a92e0e80896b 100644
--- a/src/chrome/content/rules/kennedy-center.org.xml
+++ b/src/chrome/content/rules/kennedy-center.org.xml
@@ -26,7 +26,7 @@ Fetch error: http://www.artsedge.kennedy-center.org/ => https://artsedge.kennedy
 	These altnames do not exist:
 
 		- www.blogs.kennedy-center.org
-	
+
 
 	Insecure cookies are set for these domains and hosts:
 
@@ -46,7 +46,7 @@ Fetch error: http://www.artsedge.kennedy-center.org/ => https://artsedge.kennedy
 	ˢ Secured by us
 
 -->
-<ruleset name="Kennedy-Center.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Kennedy-Center.org (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/kernsec.org.xml b/src/chrome/content/rules/kernsec.org.xml
new file mode 100644
index 000000000000..b5b138f9f632
--- /dev/null
+++ b/src/chrome/content/rules/kernsec.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+        www.kernsec.org
+-->
+<ruleset name="kernsec.org">
+  <target host="kernsec.org" />
+  <target host="www.kernsec.org" />
+	
+  <rule from="^http://www\.kernsec\.org/" to="https://kernsec.org/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/kf5.com.xml b/src/chrome/content/rules/kf5.com.xml
index 9ff5beb08a97..dc5853a202bb 100644
--- a/src/chrome/content/rules/kf5.com.xml
+++ b/src/chrome/content/rules/kf5.com.xml
@@ -4,13 +4,13 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://assetscdn.kf5.com/ => https://assetscdn.kf5.com/: (60, 'SSL certificate problem: certificate has expired')
 
 	kf5.com is an open site, so there are lots of *.kf5.com sites. Lucky, all of them support https.
-	 
+
 	Mismatch:
 		- agents
 		- d
 -->
 
-<ruleset name="kf5.com" default_off='failed ruleset test'>
+<ruleset name="kf5.com" default_off="failed ruleset test">
 
 	<target host="kf5.com" />
 
diff --git a/src/chrome/content/rules/kik.com-falsemixed.xml b/src/chrome/content/rules/kik.com-falsemixed.xml
deleted file mode 100644
index 62ff6c7ea242..000000000000
--- a/src/chrome/content/rules/kik.com-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see kik.com.xml.
-
--->
-<ruleset name="Kik.com (false MCB)" platform="mixedcontent">
-
-	<target host="blog.kik.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/kikisso.com.xml b/src/chrome/content/rules/kikisso.com.xml
index dda028677f5b..f6a686175603 100644
--- a/src/chrome/content/rules/kikisso.com.xml
+++ b/src/chrome/content/rules/kikisso.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.kikisso.com/ => https://www.kikisso.com/: (6, 'Could not
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Kikisso.com" default_off='failed ruleset test'>
+<ruleset name="Kikisso.com" default_off="failed ruleset test">
 
 	<target host="kikisso.com" />
 	<target host="m.kikisso.com" />
diff --git a/src/chrome/content/rules/kinogo.co.xml b/src/chrome/content/rules/kinogo.co.xml
index 88e3b0fbefcc..96b047f97b37 100644
--- a/src/chrome/content/rules/kinogo.co.xml
+++ b/src/chrome/content/rules/kinogo.co.xml
@@ -26,7 +26,7 @@ Fetch error: http://www.kinogo.co/ => https://www.kinogo.co/: Too many redirects
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Kinogo.co" default_off='failed ruleset test'>
+<ruleset name="Kinogo.co" default_off="failed ruleset test">
 
 	<target host="kinogo.co" />
 	<target host="www.kinogo.co" />
diff --git a/src/chrome/content/rules/kinogo.net.xml b/src/chrome/content/rules/kinogo.net.xml
index 3538c9cb6f14..dba37ba2bfd6 100644
--- a/src/chrome/content/rules/kinogo.net.xml
+++ b/src/chrome/content/rules/kinogo.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.kinogo.net/ => https://www.kinogo.net/: Too many redirec
 	For other kinogo coverage, see kinogo.co.xml.
 
 -->
-<ruleset name="Kinogo.net" default_off='failed ruleset test'>
+<ruleset name="Kinogo.net" default_off="failed ruleset test">
 
 	<target host="kinogo.net" />
 	<target host="www.kinogo.net" />
diff --git a/src/chrome/content/rules/klick2contact.com.xml b/src/chrome/content/rules/klick2contact.com.xml
index f85e65cb89d0..63afc27e262a 100644
--- a/src/chrome/content/rules/klick2contact.com.xml
+++ b/src/chrome/content/rules/klick2contact.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://klick2contact.com/ => https://klick2contact.com/: (51, "SSL:
 Fetch error: http://www.klick2contact.com/ => https://www.klick2contact.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.klick2contactsales.com'")
 
 -->
-<ruleset name="Klick2Contact.com" default_off='failed ruleset test'>
+<ruleset name="Klick2Contact.com" default_off="failed ruleset test">
 
 	<target host="klick2contact.com" />
 	<target host="www.klick2contact.com" />
diff --git a/src/chrome/content/rules/klick2contactsales.com.xml b/src/chrome/content/rules/klick2contactsales.com.xml
index efa077e70102..1165d14884d3 100644
--- a/src/chrome/content/rules/klick2contactsales.com.xml
+++ b/src/chrome/content/rules/klick2contactsales.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.klick2contactsales.com/ => https://www.klick2contactsale
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Klick2Contact sales.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Klick2Contact sales.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="klick2contactsales.com" />
 	<target host="www.klick2contactsales.com" />
diff --git a/src/chrome/content/rules/klikki.fi.xml b/src/chrome/content/rules/klikki.fi.xml
index 07a97fbd2eee..d66d873a34b3 100644
--- a/src/chrome/content/rules/klikki.fi.xml
+++ b/src/chrome/content/rules/klikki.fi.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.klikki.fi/ => https://www.klikki.fi/: (51, "SSL: no alternative certificate subject name matches target host name 'www.klikki.fi'")
 
 -->
-<ruleset name="Klikki.fi" default_off='failed ruleset test'>
+<ruleset name="Klikki.fi" default_off="failed ruleset test">
 
 	<target host="klikki.fi" />
 	<target host="www.klikki.fi" />
diff --git a/src/chrome/content/rules/klikr.org.xml b/src/chrome/content/rules/klikr.org.xml
new file mode 100644
index 000000000000..2e3d44281b25
--- /dev/null
+++ b/src/chrome/content/rules/klikr.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="klikr.org">
+	<target host="klikr.org" />
+	<target host="www.klikr.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/klikr.pw.xml b/src/chrome/content/rules/klikr.pw.xml
new file mode 100644
index 000000000000..69f829f02d1d
--- /dev/null
+++ b/src/chrome/content/rules/klikr.pw.xml
@@ -0,0 +1,6 @@
+<ruleset name="klikr.pw">
+	<target host="klikr.pw" />
+	<target host="www.klikr.pw" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/klilu.de.xml b/src/chrome/content/rules/klilu.de.xml
index e9c7564e7d32..1520e65b0989 100644
--- a/src/chrome/content/rules/klilu.de.xml
+++ b/src/chrome/content/rules/klilu.de.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://groupwise.klilu.de/ (200) => https://groupwise.klilu.d
 	Refused:
 	  mtaschule.klilu.de
 -->
-<ruleset name="Klinikum Ludwigshafen" default_off='failed ruleset test'>
+<ruleset name="Klinikum Ludwigshafen" default_off="failed ruleset test">
 
 	<target host="www.klilu.de" />
 	<target host="extranet.klilu.de" />
diff --git a/src/chrome/content/rules/klops.ru.xml b/src/chrome/content/rules/klops.ru.xml
index bc85cc6f6f02..2be6885e6b49 100644
--- a/src/chrome/content/rules/klops.ru.xml
+++ b/src/chrome/content/rules/klops.ru.xml
@@ -37,7 +37,7 @@ velo.klops.ru ¹
 ² refused
 ³ timed out
 -->
-<ruleset name="klops.ru" default_off='failed ruleset test'>
+<ruleset name="klops.ru" default_off="failed ruleset test">
 	<target host="klops.ru" />
 	<target host="www.klops.ru" />
 	<target host="afisha.klops.ru" />
diff --git a/src/chrome/content/rules/kmd.dk-resources.xml b/src/chrome/content/rules/kmd.dk-resources.xml
deleted file mode 100644
index 017922f26d6a..000000000000
--- a/src/chrome/content/rules/kmd.dk-resources.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For rules covering more than resources, see kmd.dk.xml.
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
--->
-<ruleset name="KMD.dk (resources)" platform="mixedcontent">
-
-	<target host="event.kmd.dk" />
-
-		<exclusion pattern="^http://event\.kmd\.dk/(?!(?!.+\.js(?:$|\?))/*(?:css/|favicon\.ico|js/))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://event.kmd.dk/faaindsigtmeddata1/program.html" />
-			<test url="http://event.kmd.dk/kmdhindsgavlslot" />
-			<test url="http://event.kmd.dk/kmdhindsgavlslot/aarskonference-paa-hindsgavl-slot.html" />
-			<test url="http://event.kmd.dk/kmdhindsgavlslot/program.html" />
-			<test url="http://event.kmd.dk/momentum1" />
-			<test url="http://event.kmd.dk/momentum1/arrangementet.html" />
-			<test url="http://event.kmd.dk/momentum1/download-materiale.html" />
-			<test url="http://event.kmd.dk/momentum1/program.html" />
-
-			<!--	-ve:
-					-->
-			<test url="http://event.kmd.dk/css/tabletMediaQuery-cmv9.0.6.css" />
-			<test url="http://event.kmd.dk/favicon.ico" />
-			<test url="http://event.kmd.dk/js/jquery/ui/smoothness/jquery.ui.theme.css" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/knigafund.ru.xml b/src/chrome/content/rules/knigafund.ru.xml
index 196dfaafb3b9..f38a9b8bcf41 100644
--- a/src/chrome/content/rules/knigafund.ru.xml
+++ b/src/chrome/content/rules/knigafund.ru.xml
@@ -7,7 +7,7 @@ demo. mismatch
 api. mismatch
 vuz. mismatch
 library. mismatch-->
-<ruleset name="knigafund.ru" default_off='failed ruleset test'>
+<ruleset name="knigafund.ru" default_off="failed ruleset test">
 	<target host="knigafund.ru" />
 	<target host="www.knigafund.ru" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/komi-news.ru.xml b/src/chrome/content/rules/komi-news.ru.xml
index d91a9fc9bdbd..21dea0964014 100644
--- a/src/chrome/content/rules/komi-news.ru.xml
+++ b/src/chrome/content/rules/komi-news.ru.xml
@@ -10,7 +10,7 @@ stories.komi-news.ru/: (52, 'Empty reply from server')
 
 ⁴ self signed
 -->
-<ruleset name="komi-news.ru" default_off='failed ruleset test'>
+<ruleset name="komi-news.ru" default_off="failed ruleset test">
 	<target host="komi-news.ru" />
 	<target host="www.komi-news.ru" />
 
diff --git a/src/chrome/content/rules/koptevo.net.xml b/src/chrome/content/rules/koptevo.net.xml
index bca2bd35f67d..a57d424ea752 100644
--- a/src/chrome/content/rules/koptevo.net.xml
+++ b/src/chrome/content/rules/koptevo.net.xml
@@ -30,7 +30,7 @@ x-zone.koptevo.net ⁴
 ⁴ self signed
 ⁷ protocol error
 -->
-<ruleset name="koptevo.net (partial)" default_off='failed ruleset test'>
+<ruleset name="koptevo.net (partial)" default_off="failed ruleset test">
 	<target host="cp.koptevo.net" />
 	<target host="cp2.koptevo.net" />
 	<target host="img.koptevo.net" />
diff --git a/src/chrome/content/rules/krasnodar.ru.xml b/src/chrome/content/rules/krasnodar.ru.xml
index 23f43710bb0e..fa353d85de5f 100644
--- a/src/chrome/content/rules/krasnodar.ru.xml
+++ b/src/chrome/content/rules/krasnodar.ru.xml
@@ -91,7 +91,7 @@ www.vin.krasnodar.ru ¹
 ⁴ self signed
 ⁷ protocol error
 -->
-<ruleset name="krasnodar.ru" default_off='failed ruleset test'>
+<ruleset name="krasnodar.ru" default_off="failed ruleset test">
 	<target host="krasnodar.ru" />
 	<target host="www.krasnodar.ru" />
 	<target host="admkrai.krasnodar.ru" />
diff --git a/src/chrome/content/rules/kremlinpress.ru.xml b/src/chrome/content/rules/kremlinpress.ru.xml
deleted file mode 100644
index 1caeb2609786..000000000000
--- a/src/chrome/content/rules/kremlinpress.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="kremlinpress.ru">
-	<target host="kremlinpress.ru" />
-	<target host="www.kremlinpress.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/kt.kz.xml b/src/chrome/content/rules/kt.kz.xml
deleted file mode 100644
index 6cbda0101350..000000000000
--- a/src/chrome/content/rules/kt.kz.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="kt.kz" platform="mixedcontent">
-	<target host="kt.kz" />
-	<target host="www.kt.kz" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ktxtr.com.xml b/src/chrome/content/rules/ktxtr.com.xml
new file mode 100644
index 000000000000..f748b8258834
--- /dev/null
+++ b/src/chrome/content/rules/ktxtr.com.xml
@@ -0,0 +1,28 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		www
+		a
+		officecdn.microsoft.comc
+		jenkins.int
+		jira.int
+		l
+
+	Timeout:
+		vpn.eu
+-->
+<ruleset name="ktxtr.com">
+
+	<target host="ktxtr.com" />
+	<target host="c.ktxtr.com" />
+		<test url="http://c.ktxtr.com/kx.js" />
+	<target host="s.ktxtr.com" />
+		<test url="http://s.ktxtr.com/kx.js" />
+	<target host="t.ktxtr.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/kuna.io.xml b/src/chrome/content/rules/kuna.io.xml
index b0dae1dba31f..321151ecc80d 100644
--- a/src/chrome/content/rules/kuna.io.xml
+++ b/src/chrome/content/rules/kuna.io.xml
@@ -11,7 +11,7 @@ investors.kuna.io different content
 ¹ mismatch
 ⁴ self signed
 -->
-<ruleset name="kuna.io" default_off='failed ruleset test'>
+<ruleset name="kuna.io" default_off="failed ruleset test">
 	<target host="kuna.io" />
 	<target host="buy.kuna.io" />
 	<target host="crowdsale.kuna.io" />
diff --git a/src/chrome/content/rules/kurs.expert.xml b/src/chrome/content/rules/kurs.expert.xml
index 7b43dea8969a..f18ed7dfef07 100644
--- a/src/chrome/content/rules/kurs.expert.xml
+++ b/src/chrome/content/rules/kurs.expert.xml
@@ -5,7 +5,7 @@ Fetch error: http://p2p.kurs.expert/ => https://p2p.kurs.expert/: (51, "SSL: no
 Fetch error: http://www.p2p.kurs.expert/ => https://www.p2p.kurs.expert/: (6, 'Could not resolve host: www.p2p.kurs.expert')
 
 -->
-<ruleset name="kurs.expert" default_off='failed ruleset test'>
+<ruleset name="kurs.expert" default_off="failed ruleset test">
 	<target host="kurs.expert" />
 	<target host="www.kurs.expert" />
 	<target host="p2p.kurs.expert" />
diff --git a/src/chrome/content/rules/kva.se.xml b/src/chrome/content/rules/kva.se.xml
index 6039413aa943..0e2d2ad7db35 100644
--- a/src/chrome/content/rules/kva.se.xml
+++ b/src/chrome/content/rules/kva.se.xml
@@ -5,7 +5,7 @@ Fetch error: http://kva.se/ => https://kva.se/: (51, "SSL: no alternative certif
 Fetch error: http://www.kva.se/ => https://www.kva.se/: (51, "SSL: no alternative certificate subject name matches target host name 'www.kva.se'")
 
 -->
-<ruleset name="kva" default_off='failed ruleset test'>
+<ruleset name="kva" default_off="failed ruleset test">
         <target host="kva.se" />
         <target host="www.kva.se" />
 
diff --git a/src/chrome/content/rules/kylie.com.xml b/src/chrome/content/rules/kylie.com.xml
deleted file mode 100644
index 7f7a8ebdac3d..000000000000
--- a/src/chrome/content/rules/kylie.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	Mixed content:
-
-		- css, from:
-
-			- fast.fonts.net ˢ
-			- $self ˢ
-
-		- Images from $self ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="Kylie.com" platform="mixedcontent">
-
-	<target host="kylie.com" />
-	<target host="www.kylie.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/l214.com.xml b/src/chrome/content/rules/l214.com.xml
deleted file mode 100644
index d18051b1ac3f..000000000000
--- a/src/chrome/content/rules/l214.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-<!--
-	Mismatched:
-		forum.lyon.l214.com
-
-	No known URL working:
-		videos.l214.com (403)
-		www.don.l214.com
-
-	Refused:
-		l214.com
-		visuel.l214.com
-
--->
-
-<ruleset name="L214">
-
-	<target host="l214.com" />
-	<target host="www.l214.com" />
-	<target host="adhesion.l214.com" />
-	<target host="animaux.l214.com" />
-	<target host="blog.l214.com" />
-	<target host="boutique.l214.com" />
-	<target host="don.l214.com" />
-	<target host="paris.l214.com" />
-	<target host="pour.l214.com" />
-	<target host="visuel.l214.com" />
-	<target host="visuels.l214.com" />
-
-	<rule from="^http://visuel\.l214\.com/"
-			to="https://visuels.l214.com/" />
-	<rule from="^http://l214\.com/"
-			to="https://www.l214.com/" />
-	<rule from="^http://paris\.l214\.com/"
-			to="https://www.l214.com/paris/" />
-	<rule from="^http:" 
-			to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/laiwang.com.xml b/src/chrome/content/rules/laiwang.com.xml
index 3e34863e3215..af927afaa35c 100644
--- a/src/chrome/content/rules/laiwang.com.xml
+++ b/src/chrome/content/rules/laiwang.com.xml
@@ -41,7 +41,7 @@ Fetch error: http://wukong.laiwang.com/ => https://wukong.laiwang.com/: (6, 'Cou
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Laiwang.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Laiwang.com (partial)" default_off="failed ruleset test">
 
 	<target host="laiwang.com" />
 	<target host="pp.laiwang.com" />
diff --git a/src/chrome/content/rules/lambeth.gov.uk.xml b/src/chrome/content/rules/lambeth.gov.uk.xml
index 844c132f8a56..27eb4e98aade 100644
--- a/src/chrome/content/rules/lambeth.gov.uk.xml
+++ b/src/chrome/content/rules/lambeth.gov.uk.xml
@@ -73,7 +73,7 @@ Non-2xx HTTP code: http://onlinepermits.lambeth.gov.uk/ (200) => https://onlinep
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Lambeth.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Lambeth.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/lancashire.gov.uk.xml b/src/chrome/content/rules/lancashire.gov.uk.xml
index 6e904fbd1e82..c848d5a40178 100644
--- a/src/chrome/content/rules/lancashire.gov.uk.xml
+++ b/src/chrome/content/rules/lancashire.gov.uk.xml
@@ -59,7 +59,7 @@ Fetch error: http://eforms.lancashire.gov.uk/ => https://eforms.lancashire.gov.u
 	ᵘ Unsecurable
 
 -->
-<ruleset name="Lancashire.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Lancashire.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="adultlearning.lancashire.gov.uk" />
 	<target host="bookyourpc.lancashire.gov.uk" />
diff --git a/src/chrome/content/rules/lancaster.gov.uk.xml b/src/chrome/content/rules/lancaster.gov.uk.xml
index 9c5a8c7bf33e..185ca63488e3 100644
--- a/src/chrome/content/rules/lancaster.gov.uk.xml
+++ b/src/chrome/content/rules/lancaster.gov.uk.xml
@@ -27,7 +27,7 @@ Non-2xx HTTP code: http://planning.lancaster.gov.uk/ (200) => https://planning.l
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Lancaster.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Lancaster.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="lancaster.gov.uk" />
 	<target host="committeeadmin.lancaster.gov.uk" />
diff --git a/src/chrome/content/rules/landalskilife.be.xml b/src/chrome/content/rules/landalskilife.be.xml
index 95a0651d8ecb..388bfd59a9c7 100644
--- a/src/chrome/content/rules/landalskilife.be.xml
+++ b/src/chrome/content/rules/landalskilife.be.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -9,9 +9,9 @@
 	<target host="landalskilife.be" />
 	<target host="www.landalskilife.be" />
 
-	<rule from="^http://landalskilife\.be/" 
+	<rule from="^http://landalskilife\.be/"
 			to="https://www.landalskilife.be/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/landalskilife.ch.xml b/src/chrome/content/rules/landalskilife.ch.xml
index 9547fb4e2ac7..61f63e322d3c 100644
--- a/src/chrome/content/rules/landalskilife.ch.xml
+++ b/src/chrome/content/rules/landalskilife.ch.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -9,9 +9,9 @@
 	<target host="landalskilife.ch" />
 	<target host="www.landalskilife.ch" />
 
-	<rule from="^http://landalskilife\.ch/" 
+	<rule from="^http://landalskilife\.ch/"
 			to="https://www.landalskilife.ch/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/landalskilife.com.xml b/src/chrome/content/rules/landalskilife.com.xml
index 5617ca731087..e527be15e08f 100644
--- a/src/chrome/content/rules/landalskilife.com.xml
+++ b/src/chrome/content/rules/landalskilife.com.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -12,6 +12,6 @@
 	<rule from="^http://landalskilife\.com/"
 			to="https://www.landalskilife.com/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/landalskilife.cz.xml b/src/chrome/content/rules/landalskilife.cz.xml
index bb8de25a9837..0eea9964f90f 100644
--- a/src/chrome/content/rules/landalskilife.cz.xml
+++ b/src/chrome/content/rules/landalskilife.cz.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -9,9 +9,9 @@
 	<target host="landalskilife.cz" />
 	<target host="www.landalskilife.cz" />
 
-	<rule from="^http://landalskilife\.cz/" 
+	<rule from="^http://landalskilife\.cz/"
 			to="https://www.landalskilife.cz/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/landalskilife.de.xml b/src/chrome/content/rules/landalskilife.de.xml
index 68a1073523b5..497e97e9d511 100644
--- a/src/chrome/content/rules/landalskilife.de.xml
+++ b/src/chrome/content/rules/landalskilife.de.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -12,6 +12,6 @@
 	<rule from="^http://landalskilife\.de/"
 			to="https://www.landalskilife.de/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/landalskilife.fr.xml b/src/chrome/content/rules/landalskilife.fr.xml
index d440fa564a7c..bd54d00601bf 100644
--- a/src/chrome/content/rules/landalskilife.fr.xml
+++ b/src/chrome/content/rules/landalskilife.fr.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -9,9 +9,9 @@
 	<target host="landalskilife.fr" />
 	<target host="www.landalskilife.fr" />
 
-	<rule from="^http://landalskilife\.fr/" 
+	<rule from="^http://landalskilife\.fr/"
 			to="https://www.landalskilife.fr/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/landalskilife.nl.xml b/src/chrome/content/rules/landalskilife.nl.xml
index 0df9fcf2d4e6..5d89cdb24672 100644
--- a/src/chrome/content/rules/landalskilife.nl.xml
+++ b/src/chrome/content/rules/landalskilife.nl.xml
@@ -1,5 +1,5 @@
 <!--
-	For other Wyndham related rulesets, see Wyndham.xml
+	For other Wyndham related rulesets, see WyndhamHotels.com.xml
 
 	Non-functional hosts
 		SSL peer certificate was not OK:
@@ -12,6 +12,6 @@
 	<rule from="^http://landalskilife\.nl/"
 			to="https://www.landalskilife.nl/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/lanta-net.ru.xml b/src/chrome/content/rules/lanta-net.ru.xml
deleted file mode 100644
index c6c111ebdb15..000000000000
--- a/src/chrome/content/rules/lanta-net.ru.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-lanta-net.ru mismatch
-www.lanta-net.ru mismatch
-lic6.lanta-net.ru timed out
-oss.lanta-net.ru mismatch
-tmbstat.lanta-net.ru self signed
--->
-<ruleset name="lanta-net.ru (partial)">
-	<target host="stat.lanta-net.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/lazyfoo.net.xml b/src/chrome/content/rules/lazyfoo.net.xml
new file mode 100644
index 000000000000..a8b1c7f9c7b1
--- /dev/null
+++ b/src/chrome/content/rules/lazyfoo.net.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.lazyfoo.net
+		ssh.lazyfoo.net
+		webmail.lazyfoo.net
+		www.webmail.lazyfoo.net
+
+	Refused:
+		mail.lazyfoo.net
+-->
+<ruleset name="lazyfoo.net">
+	<target host="lazyfoo.net" />
+	<target host="www.lazyfoo.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lczero.org.xml b/src/chrome/content/rules/lczero.org.xml
new file mode 100644
index 000000000000..f68f691194c3
--- /dev/null
+++ b/src/chrome/content/rules/lczero.org.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		https://play.lczero.org/
+-->
+<ruleset name="lczero.org">
+	<target host="lczero.org" />
+	<target host="www.lczero.org" />
+	<target host="blog.lczero.org" />
+	<target host="oldmain.lczero.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/learning.hccs.edu.xml b/src/chrome/content/rules/learning.hccs.edu.xml
new file mode 100644
index 000000000000..da41f86b9f90
--- /dev/null
+++ b/src/chrome/content/rules/learning.hccs.edu.xml
@@ -0,0 +1,9 @@
+<!--
+	Mismatched:
+		- m.learning.hccs.edu
+-->
+<ruleset name="learning.hccs.edu">
+	<target host="learning.hccs.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lekumo.jp.xml b/src/chrome/content/rules/lekumo.jp.xml
index e2f23c7a43f3..667b5ec8cb3e 100644
--- a/src/chrome/content/rules/lekumo.jp.xml
+++ b/src/chrome/content/rules/lekumo.jp.xml
@@ -17,4 +17,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/lend.me.xml b/src/chrome/content/rules/lend.me.xml
index 764c0113afda..57861bf51f62 100644
--- a/src/chrome/content/rules/lend.me.xml
+++ b/src/chrome/content/rules/lend.me.xml
@@ -5,7 +5,7 @@ Fetch error: http://lend.me/ => https://lend.me/: (35, 'Unknown SSL protocol err
 Fetch error: http://www.lend.me/ => https://www.lend.me/: (35, 'Unknown SSL protocol error in connection to www.lend.me:443 ')
 
 -->
-<ruleset name="Lend.me" default_off='failed ruleset test'>
+<ruleset name="Lend.me" default_off="failed ruleset test">
 
 	<target host="lend.me" />
 	<target host="www.lend.me" />
diff --git a/src/chrome/content/rules/lenta.ru.xml b/src/chrome/content/rules/lenta.ru.xml
index d954415875fc..3fb1de7dfec7 100644
--- a/src/chrome/content/rules/lenta.ru.xml
+++ b/src/chrome/content/rules/lenta.ru.xml
@@ -33,7 +33,7 @@ Fetch error: http://www.lenta.ru/ => https://www.lenta.ru/: (56, 'Malformed enco
 	ˢ Secured by us
 
 -->
-<ruleset name="Lenta.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="Lenta.ru (partial)" default_off="failed ruleset test">
 
 	<target host="lenta.ru" />
 	<target host="age.lenta.ru" />
diff --git a/src/chrome/content/rules/letvcdn.xml b/src/chrome/content/rules/letvcdn.xml
index 60282c6c28e7..bfdfff570906 100644
--- a/src/chrome/content/rules/letvcdn.xml
+++ b/src/chrome/content/rules/letvcdn.xml
@@ -16,7 +16,7 @@ Not exist:
 	<target host="css.letvcdn.com" />
 	<target host="js.letvcdn.com" />
 	<target host="player.letvcdn.com" />
-	
+
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/letvimg.xml b/src/chrome/content/rules/letvimg.xml
index df84ed6b6c33..f4aad273052d 100644
--- a/src/chrome/content/rules/letvimg.xml
+++ b/src/chrome/content/rules/letvimg.xml
@@ -12,7 +12,7 @@ Not exist:
 	<target host="i1.letvimg.com" />
 	<target host="i2.letvimg.com" />
 	<target host="i3.letvimg.com" />
-	
+
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/lewes.gov.uk.xml b/src/chrome/content/rules/lewes.gov.uk.xml
index e831273b87d3..d18c9ffa0f95 100644
--- a/src/chrome/content/rules/lewes.gov.uk.xml
+++ b/src/chrome/content/rules/lewes.gov.uk.xml
@@ -18,7 +18,7 @@
 	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="Lewes.gov.uk (partial)" default_off="missing certificate chain">
+<ruleset name="Lewes.gov.uk (partial)" default_off="cert-chain">
 
 	<target host="rbselfservice.lewes.gov.uk" />
 
diff --git a/src/chrome/content/rules/lezhin.com.xml b/src/chrome/content/rules/lezhin.com.xml
index e421257d9481..637e78f4c6f1 100644
--- a/src/chrome/content/rules/lezhin.com.xml
+++ b/src/chrome/content/rules/lezhin.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://ggtoon.lezhin.com/ => https://ggtoon.lezhin.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="lezhin.com" default_off='failed ruleset test'>
+<ruleset name="lezhin.com" default_off="failed ruleset test">
 	<!--
 	Certificate error:
 	help.lezhin.com
@@ -13,7 +13,7 @@ Fetch error: http://ggtoon.lezhin.com/ => https://ggtoon.lezhin.com/: (60, 'SSL
 	Refused by HTTP 403:
 	link.lezhin.com
 	-->
-	
+
 	<target host="lezhin.com" />
 	<target host="www.lezhin.com" />
 	<target host="m.lezhin.com" />
@@ -26,11 +26,11 @@ Fetch error: http://ggtoon.lezhin.com/ => https://ggtoon.lezhin.com/: (60, 'SSL
 
 	<!-- https://lezhin.com gets refused -->
 	<rule from="^http://lezhin\.com/" to="https://www.lezhin.com/" />
-	
+
 	<!-- multiple www.lezhin.com -->
 	<rule from="^http://(\d+)www\.lezhin\.com/" to="https://$1www.lezhin.com/" />
 	<test url="http://0www.lezhin.com/" />
 	<test url="http://2www.lezhin.com/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/lfeeder.com.xml b/src/chrome/content/rules/lfeeder.com.xml
new file mode 100644
index 000000000000..05afe8df3958
--- /dev/null
+++ b/src/chrome/content/rules/lfeeder.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="lfeeder.com">
+
+	<target host="sc.lfeeder.com" />
+	<target host="tr.lfeeder.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/libmng.com.xml b/src/chrome/content/rules/libmng.com.xml
new file mode 100644
index 000000000000..093e3c1f7589
--- /dev/null
+++ b/src/chrome/content/rules/libmng.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.libmng.com
+-->
+<ruleset name="libmng.com">
+	<target host="libmng.com" />
+	<target host="www.libmng.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/libuv.org.xml b/src/chrome/content/rules/libuv.org.xml
new file mode 100644
index 000000000000..cdd515be66a7
--- /dev/null
+++ b/src/chrome/content/rules/libuv.org.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		Couldn't connect to server:
+		- logs.libuv.org
+
+		SSL peer certificate was not OK:
+		- www.libuv.org
+		- docs.libuv.org
+-->
+<ruleset name="libuv.org">
+	<target host="libuv.org" />
+	<target host="www.libuv.org" />
+	<target host="dist.libuv.org" />
+
+	<rule from="^http://www\.libuv\.org/"
+		to="https://libuv.org/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lichfielddc.gov.uk.xml b/src/chrome/content/rules/lichfielddc.gov.uk.xml
index 78dcc1ff3170..18bbef23f234 100644
--- a/src/chrome/content/rules/lichfielddc.gov.uk.xml
+++ b/src/chrome/content/rules/lichfielddc.gov.uk.xml
@@ -24,7 +24,7 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- spending from www-prev.lichfielddc.gov.uk
 			- www2 from www.lichfielddc.gov.uk ˢ
 
diff --git a/src/chrome/content/rules/lidl.co.uk.xml b/src/chrome/content/rules/lidl.co.uk.xml
index 3cad509ef5c1..e2f2d4564ac0 100644
--- a/src/chrome/content/rules/lidl.co.uk.xml
+++ b/src/chrome/content/rules/lidl.co.uk.xml
@@ -39,7 +39,7 @@ Fetch error: http://specials.lidl.co.uk/ => https://specials.lidl.co.uk/: (6, 'C
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Lidl.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Lidl.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="specials.lidl.co.uk" />
 	<target host="ssl.lidl.co.uk" />
diff --git a/src/chrome/content/rules/lightreading.com.xml b/src/chrome/content/rules/lightreading.com.xml
index 94184d3b1c99..4984c8aee04f 100644
--- a/src/chrome/content/rules/lightreading.com.xml
+++ b/src/chrome/content/rules/lightreading.com.xml
@@ -68,12 +68,10 @@
 
 	<!--	darkreading/ data are also available in i.cmpnet.com/infoweek/security/darkreading/seo/
 					-->
-	<rule from="^http://img\.lightreading\.com/"
-		to="https://d2x7anl33w5mmo.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 		<test url="http://img.lightreading.com/images/spacer.gif" /><!--	49 -->
 
-	<rule from="^http:"
-		to="https:" />
+
 
 </ruleset>
diff --git a/src/chrome/content/rules/lightwidget.com.xml b/src/chrome/content/rules/lightwidget.com.xml
index 0261608c00d1..cbdaaad2b773 100644
--- a/src/chrome/content/rules/lightwidget.com.xml
+++ b/src/chrome/content/rules/lightwidget.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.lightwidget.com/ => https://www.lightwidget.com/: (51, "
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="LightWidget.com" default_off='failed ruleset test'>
+<ruleset name="LightWidget.com" default_off="failed ruleset test">
 
 	<target host="lightwidget.com" />
 	<target host="www.lightwidget.com" />
diff --git a/src/chrome/content/rules/lime-technology.com.xml b/src/chrome/content/rules/lime-technology.com.xml
index e9045af1435c..b8983e3250da 100644
--- a/src/chrome/content/rules/lime-technology.com.xml
+++ b/src/chrome/content/rules/lime-technology.com.xml
@@ -1,38 +1,15 @@
 <!--
-	Problematic hosts in *lime-technology.com:
-
-		- dnld ᵐ
-
-	ᵐ AmazonAWS / mismatched
-
-
-	Mixed content:
-
-		- css on ^ from fonts.googleapis.com ˢ
-		- Images on ^ from $self ˢ
-
-	ˢ Secured by us
-
+	Non-functional hosts:
+		Mismatched:
+		- dnld.lime-technology.com
 -->
 <ruleset name="Lime-Technology.com">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="lime-technology.com" />
 	<target host="www.lime-technology.com" />
 
-	<!--	Complications:
-				-->
-	<target host="dnld.lime-technology.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://dnld\.lime-technology\.com/"
-		to="https://s3.amazonaws.com/dnld.lime-technology.com/" />
+	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:"
-		to="https:" />
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/lingvo.org.xml b/src/chrome/content/rules/lingvo.org.xml
new file mode 100644
index 000000000000..8339bb1897f7
--- /dev/null
+++ b/src/chrome/content/rules/lingvo.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="lingvo.org">
+	<target host="lingvo.org" />
+	<target host="www.lingvo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linkline.ru.xml b/src/chrome/content/rules/linkline.ru.xml
deleted file mode 100644
index b64409b96cdf..000000000000
--- a/src/chrome/content/rules/linkline.ru.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!--
-linkline.ru self signed
-www.linkline.ru self signed
-speed.linkline.ru self signed
--->
-<ruleset name="linkline.ru (partial)">
-	<target host="stat.linkline.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/linux-notes.org.xml b/src/chrome/content/rules/linux-notes.org.xml
new file mode 100644
index 000000000000..3ce8e9200736
--- /dev/null
+++ b/src/chrome/content/rules/linux-notes.org.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		forum.linux-notes.org
+		www.forum.linux-notes.org
+		mail.linux-notes.org
+		new.linux-notes.org
+		support.linux-notes.org
+		www.support.linux-notes.org
+-->
+<ruleset name="linux-notes.org">
+	<target host="linux-notes.org" />
+	<target host="www.linux-notes.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linuxcenter.ru.xml b/src/chrome/content/rules/linuxcenter.ru.xml
new file mode 100644
index 000000000000..933060fb80f8
--- /dev/null
+++ b/src/chrome/content/rules/linuxcenter.ru.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		copter.linuxcenter.ru
+		geektv.linuxcenter.ru
+		ftp.linuxcenter.ru
+		kitezh-support.linuxcenter.ru
+		ftp.lightlang.linuxcenter.ru
+		mail.linuxcenter.ru
+		meego.linuxcenter.ru
+		meego-mirror1.linuxcenter.ru
+		rt.linuxcenter.ru
+		old.shop.linuxcenter.ru
+		wiki.linuxcenter.ru
+		yamail-b77dcde2ab2a.linuxcenter.ru
+
+	Time out:
+		imap.linuxcenter.ru
+		smtp.linuxcenter.ru
+		test.linuxcenter.ru
+-->
+<ruleset name="linuxcenter.ru">
+	<target host="linuxcenter.ru" />
+	<target host="www.linuxcenter.ru" />
+	<target host="github.linuxcenter.ru" />
+	<target host="shop.linuxcenter.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/linuxgizmos.com.xml b/src/chrome/content/rules/linuxgizmos.com.xml
deleted file mode 100644
index 34042cb5a96f..000000000000
--- a/src/chrome/content/rules/linuxgizmos.com.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-
-	Refused hosts in *linuxgizmos.com:
-
-		- files
-
--->
-<ruleset name="linuxgizmos.com" platform="mixedcontent">
-
-	<target host="linuxgizmos.com" />
-	<target host="www.linuxgizmos.com" />
-	<target host="archive.linuxgizmos.com" />
-	<target host="deviceguru.linuxgizmos.com" />
-	<target host="linuxdevices.linuxgizmos.com" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/linuxgraphic.org.xml b/src/chrome/content/rules/linuxgraphic.org.xml
index 78d6ca87f00e..375933834998 100644
--- a/src/chrome/content/rules/linuxgraphic.org.xml
+++ b/src/chrome/content/rules/linuxgraphic.org.xml
@@ -11,7 +11,7 @@
 		- css on www from $self ˢ
 
 		- Images, on:
-		
+
 			- www from synfig.org ⁴
 			- www from download.tuxfamily.org ˢ
 
diff --git a/src/chrome/content/rules/listentothe.cloud.xml b/src/chrome/content/rules/listentothe.cloud.xml
new file mode 100644
index 000000000000..59274c6decbb
--- /dev/null
+++ b/src/chrome/content/rules/listentothe.cloud.xml
@@ -0,0 +1,7 @@
+<ruleset name="listentothe.cloud">
+	<target host="listentothe.cloud" />
+	<target host="www.listentothe.cloud" />
+
+	<rule from="^http://www\.listentothe\.cloud/" to="https://listentothe.cloud/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/litresp.ru.xml b/src/chrome/content/rules/litresp.ru.xml
new file mode 100644
index 000000000000..6920e6c4e069
--- /dev/null
+++ b/src/chrome/content/rules/litresp.ru.xml
@@ -0,0 +1,10 @@
+<!--
+	Mismatched:
+		- mail
+-->
+<ruleset name="litresp.ru">
+	<target host="litresp.ru" />
+	<target host="www.litresp.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/livecomm.ru.xml b/src/chrome/content/rules/livecomm.ru.xml
index 1869c65fdc3d..37a6b5ccb2b9 100644
--- a/src/chrome/content/rules/livecomm.ru.xml
+++ b/src/chrome/content/rules/livecomm.ru.xml
@@ -5,7 +5,7 @@ Fetch error: http://livecomm.ru/ => https://livecomm.ru/: (60, 'SSL certificate
 Fetch error: http://www.livecomm.ru/ => https://www.livecomm.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="livecomm.ru" default_off='failed ruleset test'>
+<ruleset name="livecomm.ru" default_off="failed ruleset test">
 	<target host="livecomm.ru" />
 	<target host="www.livecomm.ru" />
 	<target host="noc.livecomm.ru" />
diff --git a/src/chrome/content/rules/lleo.me.xml b/src/chrome/content/rules/lleo.me.xml
new file mode 100644
index 000000000000..d38ef81c2e09
--- /dev/null
+++ b/src/chrome/content/rules/lleo.me.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		mail.lleo.me
+
+	Refused:
+		canada.lleo.me
+		spb.lleo.me
+		www.home.lleo.me
+
+	Time out:
+		_tcp.lleo.me
+		kz.lleo.me
+		zenon.lleo.me
+-->
+<ruleset name="lleo.me">
+	<target host="lleo.me" />
+	<target host="www.lleo.me" />
+	<target host="blog.lleo.me" />
+	<target host="home.lleo.me" />
+	<target host="mat.lleo.me" />
+	<target host="x.lleo.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lme.com.xml b/src/chrome/content/rules/lme.com.xml
new file mode 100644
index 000000000000..cbd2b75f0a85
--- /dev/null
+++ b/src/chrome/content/rules/lme.com.xml
@@ -0,0 +1,12 @@
+<!--
+	For other HKEX related rulesets, see hkex.com.hk.xml.
+-->
+<ruleset name="London Metal Exchange">
+	<target host="lme.com" />
+	<target host="www.lme.com" />
+	<target host="datalicensing.lme.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/locality.com.xml b/src/chrome/content/rules/locality.com.xml
deleted file mode 100644
index f99f54b1e9df..000000000000
--- a/src/chrome/content/rules/locality.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Locality.com">
-
-	<target host="locality.com" />
-	<target host="www.locality.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/localizejs.com.xml b/src/chrome/content/rules/localizejs.com.xml
deleted file mode 100644
index 981cc915884f..000000000000
--- a/src/chrome/content/rules/localizejs.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<ruleset name="Localizejs.com">
-
-	<target host="localizejs.com" />
-	<target host="blog.localizejs.com" />
-	<target host="cdn.localizejs.com" />
-	<target host="help.localizejs.com" />
-	<target host="www.localizejs.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/localmonero.co.xml b/src/chrome/content/rules/localmonero.co.xml
new file mode 100644
index 000000000000..06a0ca47f416
--- /dev/null
+++ b/src/chrome/content/rules/localmonero.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="localmonero.co">
+	<target host="localmonero.co" />
+	<target host="www.localmonero.co" />
+	<target host="meet.localmonero.co" />
+	<target host="forums.localmonero.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lockscalecompare.com.xml b/src/chrome/content/rules/lockscalecompare.com.xml
index 4b3f2936518b..3477c1d40432 100644
--- a/src/chrome/content/rules/lockscalecompare.com.xml
+++ b/src/chrome/content/rules/lockscalecompare.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://gets.lockscalecompare.com/ => https://gets.lockscalecompare.
 		- www.gets.lockscalecompare.com
 
 -->
-<ruleset name="lockscalecompare.com (partial)" default_off='failed ruleset test'>
+<ruleset name="lockscalecompare.com (partial)" default_off="failed ruleset test">
 
 	<target host="lockscalecompare.com" />
 	<target host="gets.lockscalecompare.com" />
diff --git a/src/chrome/content/rules/lofter.com.xml b/src/chrome/content/rules/lofter.com.xml
index e17a809c55f9..a3df3925a9e1 100644
--- a/src/chrome/content/rules/lofter.com.xml
+++ b/src/chrome/content/rules/lofter.com.xml
@@ -1,32 +1,21 @@
 <!--
-
-Mismatch:
-	^lofter.com
-
-MCB:
-	*.lofter.com	（every user get his own subdomain）
-
+	^lofter.com		Timeout: https://travis-ci.org/github/EFForg/https-everywhere/jobs/666370682#L339
+	*.lofter.com	( every user get his own subdomain )
 -->
+<ruleset name="lofter.com">
 
-<ruleset name="lofter.com (partial)">
+	<target host="lofter.com" />
+	<target host="*.lofter.com" />
 
-	<target host="www.lofter.com" />
-	<target host="passport.www.lofter.com" />
+	<test url="http://www.lofter.com/login?urschecked=true" />
+	<test url="http://www.lofter.com/explore?act=qbview_20130930_04" />
+	<test url="http://www.lofter.com/tag/%E5%91%A8%E5%8F%B6" />
+	<test url="http://www.lofter.com/wall" />
+	<test url="http://www.lofter.com/CreativeCommons" />
+	<test url="http://www.lofter.com/sale/catl00008" />
 
-	<!--	Mixed content	-->
-	<exclusion pattern="^http://www\.lofter\.com/(?!.+\.(gif|jpg|jpgx|png))" />
-		<test url="http://www.lofter.com/login?urschecked=true" />
-		<test url="http://www.lofter.com/explore?act=qbview_20130930_04" />
-		<test url="http://www.lofter.com/tag/%E5%91%A8%E5%8F%B6" />
-		<test url="http://www.lofter.com/wall" />
-		<test url="http://www.lofter.com/CreativeCommons" />
-		<test url="http://www.lofter.com/sale/catl00008" />
-		
-		<test url="http://www.lofter.com/UA-31007899-1/__utm.gif" />
-		<test url="http://www.lofter.com/rsc/img/loginopen/201406/blog-1.jpg" />
-		<test url="http://www.lofter.com/cap/regcaptcha.jpgx" />
-		<test url="http://www.lofter.com/statistic.png" />
+	<test url="http://renwuzaoxing.lofter.com/" />
 
+	<rule from="^http://lofter\.com/" to="https://www.lofter.com/" />
 	<rule from="^http:" to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/logicalincrements.com.xml b/src/chrome/content/rules/logicalincrements.com.xml
new file mode 100644
index 000000000000..65007777f178
--- /dev/null
+++ b/src/chrome/content/rules/logicalincrements.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		b.logicalincrements.com
+
+	Redirects to HTTP:
+		- ^ (fixed by this ruleset)
+
+	Refused:
+		blog.logicalincrements.com
+
+	Time out:
+		a.logicalincrements.com
+-->
+<ruleset name="logicalincrements.com">
+	<target host="logicalincrements.com" />
+	<target host="www.logicalincrements.com" />
+	<target host="backend.logicalincrements.com" />
+	<target host="backend2.logicalincrements.com" />
+	<target host="images.logicalincrements.com" />
+
+	<rule from="^http://logicalincrements\.com/" to="https://www.logicalincrements.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lorenzonuvoletta.com.xml b/src/chrome/content/rules/lorenzonuvoletta.com.xml
new file mode 100644
index 000000000000..2bba847cfde5
--- /dev/null
+++ b/src/chrome/content/rules/lorenzonuvoletta.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Redirect to HTTP:
+		lwhfb.lorenzonuvoletta.com
+		www.lwhfb.lorenzonuvoletta.com
+-->
+<ruleset name="lorenzonuvoletta.com">
+	<target host="lorenzonuvoletta.com" />
+	<target host="www.lorenzonuvoletta.com" />
+	<target host="autodiscover.lorenzonuvoletta.com" />
+	<target host="cpanel.lorenzonuvoletta.com" />
+	<target host="webdisk.lorenzonuvoletta.com" />
+	<target host="webmail.lorenzonuvoletta.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lostpic.net.xml b/src/chrome/content/rules/lostpic.net.xml
new file mode 100644
index 000000000000..b3714cc89895
--- /dev/null
+++ b/src/chrome/content/rules/lostpic.net.xml
@@ -0,0 +1,33 @@
+<!--
+	Invalid certificate:
+		img1.lostpic.net
+		img2.lostpic.net
+		img3.lostpic.net
+		img4.lostpic.net
+		img5.lostpic.net
+		img6.lostpic.net
+		new.lostpic.net
+		new1.lostpic.net
+		new2.lostpic.net
+
+	Non-2xx HTTP code:
+		s1.lostpic.net
+-->
+<ruleset name="lostpic.net">
+	<target host="lostpic.net" />
+	<target host="www.lostpic.net" />
+	<target host="1.lostpic.net" />
+	<target host="3.lostpic.net" />
+	<target host="hqclub.lostpic.net" />
+	<target host="img.lostpic.net" />
+	<target host="img10.lostpic.net" />
+	<target host="img11.lostpic.net" />
+	<target host="img12.lostpic.net" />
+	<target host="img14.lostpic.net" />
+	<target host="img15.lostpic.net" />
+	<target host="img16.lostpic.net" />
+	<target host="src-img10.lostpic.net" />
+	<target host="test.lostpic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/lotro.com.xml b/src/chrome/content/rules/lotro.com.xml
index 3d8f96415f85..2a25896e8af3 100644
--- a/src/chrome/content/rules/lotro.com.xml
+++ b/src/chrome/content/rules/lotro.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://signup.lotro.com/ => https://signup.lotro.com/: (60, 'SSL ce
 	² Cert mismatched for redirect destination
 
 -->
-<ruleset name="lotro.com (partial)" default_off='failed ruleset test'>
+<ruleset name="lotro.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/lprs1.fr.xml b/src/chrome/content/rules/lprs1.fr.xml
deleted file mode 100644
index 45b0364f75bd..000000000000
--- a/src/chrome/content/rules/lprs1.fr.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Invalid certificate:
-		lprs1.fr
-	
-	No working URL known:
-		www.lprs1.fr
-		s2.lprs1.fr
-
-	Broken redirection:
-		s4.lprs1.fr
-
--->
-<ruleset name="Le Parisien (CDN)">
-
-	<target host="s1.lprs1.fr" />
-		<test url="http://s1.lprs1.fr/images/2017/11/11/7386477_1_1000x625.JPG" />
-	<target host="s3.lprs1.fr" />
-		<test url="http://s3.lprs1.fr/images/2017/11/11/7386477_1_1000x625.JPG" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ltr-data.se.xml b/src/chrome/content/rules/ltr-data.se.xml
new file mode 100644
index 000000000000..1d60e86822f0
--- /dev/null
+++ b/src/chrome/content/rules/ltr-data.se.xml
@@ -0,0 +1,25 @@
+<!--
+	Invalid certificate:
+		webmail.ltr-data.se
+
+	Refused:
+		test.ltr-data.se
+		vtdep.ltr-data.se
+		ztest.ltr-data.se
+
+	Time out:
+		ftp.ltr-data.se
+		imap.ltr-data.se
+		mail.ltr-data.se
+		mail2.ltr-data.se
+		pop3.ltr-data.se
+		smtp.ltr-data.se
+-->
+<ruleset name="ltr-data.se">
+	<target host="ltr-data.se" />
+	<target host="www.ltr-data.se" />
+	<target host="app.ltr-data.se" />
+	<target host="www.app.ltr-data.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/luca-steeb.com.xml b/src/chrome/content/rules/luca-steeb.com.xml
deleted file mode 100644
index b866c9457358..000000000000
--- a/src/chrome/content/rules/luca-steeb.com.xml
+++ /dev/null
@@ -1,38 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://s.luca-steeb.com/css/style.css => https://s.luca-steeb.com/css/style.css: (6, 'Could not resolve host: s.luca-steeb.com')
-Fetch error: http://blog.luca-steeb.com/ => https://blog.luca-steeb.com/: (6, 'Could not resolve host: blog.luca-steeb.com')
-Fetch error: http://s.luca-steeb.com/ => https://s.luca-steeb.com/: (6, 'Could not resolve host: s.luca-steeb.com')
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- luca-steeb.com
-		- blog.luca-steeb.com
-		- www.luca-steeb.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Luca-Steeb.com" default_off='failed ruleset test'>
-
-	<target host="luca-steeb.com" />
-	<target host="blog.luca-steeb.com" />
-	<target host="s.luca-steeb.com" />
-	<target host="www.luca-steeb.com" />
-
-		<test url="http://s.luca-steeb.com/css/style.css" /><!--	18.33 -->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:blog\.|www\.)?luca-steeb\.com$" name="^sid$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid$|_ga|cf_clearance$)" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/luckyreferrals.com.xml b/src/chrome/content/rules/luckyreferrals.com.xml
index 6fe74aae39fc..b5584c5170f4 100644
--- a/src/chrome/content/rules/luckyreferrals.com.xml
+++ b/src/chrome/content/rules/luckyreferrals.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.luckyreferrals.com/ => https://www.luckyreferrals.com/:
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="LuckyReferrals.com" default_off='failed ruleset test'>
+<ruleset name="LuckyReferrals.com" default_off="failed ruleset test">
 
 	<target host="luckyreferrals.com" />
 	<target host="www.luckyreferrals.com" />
diff --git a/src/chrome/content/rules/luosimao.com.xml b/src/chrome/content/rules/luosimao.com.xml
index d8440c12b72c..23f440202103 100644
--- a/src/chrome/content/rules/luosimao.com.xml
+++ b/src/chrome/content/rules/luosimao.com.xml
@@ -5,25 +5,24 @@ Non-2xx HTTP code: http://my.luosimao.com/ (200) => https://my.luosimao.com/ (50
 <ruleset name="luosimao.com">
 
 	<target host="luosimao.com" />
-	
+
 	<target host="captcha.luosimao.com" />
 		<test url="http://captcha.luosimao.com/static/dist/api.js" />
-	
+
 	<target host="client.luosimao.com" />
 		<test url="http://client.luosimao.com/track/click/D7B6FA53-F273-156E-44AF-ADEA78CEF520/05-2264B997-DBD4-39C8-EC62-8D7B84E5C7B9/05-911BB485-FD13-FE55-BB27-730193069204" />
-	
+
 	<target host="i2-captcha.luosimao.com" />
-	
+
 	<target host="my.luosimao.com" />
 		<test url="http://my.luosimao.com/auth/register" />
 	<!--	For Travis check error:	-->
 	<exclusion pattern="^http://my\.luosimao\.com/$" />
-		<test url="http://my.luosimao.com/" />
-	
+
 	<target host="s.luosimao.com" />
 		<test url="http://s.luosimao.com/bower/asset/website.css?v=201608181443.css" />
 		<test url="http://s.luosimao.com/js/modernizr.js" />
-	
+
 	<target host="www.luosimao.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/luukku.com.xml b/src/chrome/content/rules/luukku.com.xml
index c97a8f9a934d..9202dc79ccc8 100644
--- a/src/chrome/content/rules/luukku.com.xml
+++ b/src/chrome/content/rules/luukku.com.xml
@@ -11,7 +11,7 @@
 		- Image on www from st.mtv.fi ˢ
 
 		- Bugs, on:
-		
+
 			- www from code.adtlgc.com
 			- www from eas3.emediate.se ˢ
 
diff --git a/src/chrome/content/rules/lwfinger.com.xml b/src/chrome/content/rules/lwfinger.com.xml
new file mode 100644
index 000000000000..55fe04a18795
--- /dev/null
+++ b/src/chrome/content/rules/lwfinger.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="lwfinger.com">
+	<target host="lwfinger.com" />
+	<target host="www.lwfinger.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/m2c.ru.xml b/src/chrome/content/rules/m2c.ru.xml
deleted file mode 100644
index 7a81d318b145..000000000000
--- a/src/chrome/content/rules/m2c.ru.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<!--
-company.m2c.ru mismatch
-forum.m2c.ru mismatch
-internet.m2c.ru mismatch
-tv.m2c.ru mismatch
-stat.m2c.ru timed out
--->
-<ruleset name="m2c.ru">
-	<target host="m2c.ru" />
-	<target host="www.m2c.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/m2ch.hk.xml b/src/chrome/content/rules/m2ch.hk.xml
deleted file mode 100644
index b646cb9cbfb8..000000000000
--- a/src/chrome/content/rules/m2ch.hk.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="m2ch.hk">
-
-	<target host="m2ch.hk" />
-	<target host="www.m2ch.hk" />
-
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/m2ch.xml b/src/chrome/content/rules/m2ch.xml
new file mode 100644
index 000000000000..594638467a6c
--- /dev/null
+++ b/src/chrome/content/rules/m2ch.xml
@@ -0,0 +1,19 @@
+<ruleset name="M.Dvach">	
+
+	<target host="m2ch.hk" />
+	<target host="www.m2ch.hk" />
+ 	<target host="m2ch.611.to" />
+	<target host="www.m2ch.611.to" />
+ 	<target host="m2ch.cf" />
+	<target host="www.m2ch.cf" />
+ 	<target host="m2ch.ga" />
+	<target host="www.m2ch.ga" />
+ 	<target host="m2ch.gq" />
+	<target host="www.m2ch.gq" />
+ 	<target host="m2ch.ml" />
+	<target host="www.m2ch.ml" />
+
+	<rule from="^http://(www\.)?([\w.]+)/"
+          to="https://$2/" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/madadsmedia.com.xml b/src/chrome/content/rules/madadsmedia.com.xml
index 28aae7256c67..be1342029ac3 100644
--- a/src/chrome/content/rules/madadsmedia.com.xml
+++ b/src/chrome/content/rules/madadsmedia.com.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.madadsmedia.com/ => https://www.madadsmedia.com/: Too ma
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="MadAds Media.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MadAds Media.com (partial)" default_off="failed ruleset test">
 
 	<target host="madadsmedia.com" />
 	<!--target host="ads-by.madadsmedia.com" /-->
diff --git a/src/chrome/content/rules/madgex.com.xml b/src/chrome/content/rules/madgex.com.xml
index 9919320276c2..88400d89a0ec 100644
--- a/src/chrome/content/rules/madgex.com.xml
+++ b/src/chrome/content/rules/madgex.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://support.madgex.com/ => https://madgex.zendesk.com/: Too many
 	ᵐ Mismatched
 
 -->
-<ruleset name="Madgex.com" default_off='failed ruleset test'>
+<ruleset name="Madgex.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/magnum-ci.com.xml b/src/chrome/content/rules/magnum-ci.com.xml
index df09dda5f374..c7205d0ebf2b 100644
--- a/src/chrome/content/rules/magnum-ci.com.xml
+++ b/src/chrome/content/rules/magnum-ci.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.magnum-ci.com/ => https://www.magnum-ci.com/: (7, 'Faile
 
 blog.magnum-ci.com mismatch
 -->
-<ruleset name="magnum-ci.com" default_off='failed ruleset test'>
+<ruleset name="magnum-ci.com" default_off="failed ruleset test">
 	<target host="magnum-ci.com" />
 	<target host="www.magnum-ci.com" />
 
diff --git a/src/chrome/content/rules/maist.jp.xml b/src/chrome/content/rules/maist.jp.xml
index 26043f11d92b..e7bfe411e2ee 100644
--- a/src/chrome/content/rules/maist.jp.xml
+++ b/src/chrome/content/rules/maist.jp.xml
@@ -19,4 +19,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/make-trivial-rule b/src/chrome/content/rules/make-trivial-rule
index 5eb61affc285..8a7d9c1a2ee8 100755
--- a/src/chrome/content/rules/make-trivial-rule
+++ b/src/chrome/content/rules/make-trivial-rule
@@ -51,7 +51,14 @@ fi
 
 cat > "$dest" <<END
 <!--
+Note to ruleset creator: if you are aware of any nonfunctional hosts relevant
+to this ruleset, please list them below, replacing the example.
+
+Alternatively, if you are unaware of any such hosts, please delete this comment
+in its entirety.
+
 	Nonfunctional hosts in *.$lower:
+		# Example: foobar.$lower (m)
 
 	h: http redirect
 	m: certificate mismatch
diff --git a/src/chrome/content/rules/maldon.gov.uk.xml b/src/chrome/content/rules/maldon.gov.uk.xml
index 9d04f2e30bee..ba31f18d2703 100644
--- a/src/chrome/content/rules/maldon.gov.uk.xml
+++ b/src/chrome/content/rules/maldon.gov.uk.xml
@@ -20,10 +20,10 @@
 	<target host="www.maldon.gov.uk" />
 	<target host="democracy.maldon.gov.uk" />
 	<target host="publicaccess.maldon.gov.uk" />
-	
-	<rule from="^http://maldon\.gov\.uk/" 
+
+	<rule from="^http://maldon\.gov\.uk/"
 		  	to="https://www.maldon.gov.uk/" />
-	
-	<rule from="^http:" 
+
+	<rule from="^http:"
 		  	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/mameworld.info.xml b/src/chrome/content/rules/mameworld.info.xml
new file mode 100644
index 000000000000..2fd2f9cc805b
--- /dev/null
+++ b/src/chrome/content/rules/mameworld.info.xml
@@ -0,0 +1,204 @@
+<!--
+	Invalid certificate:
+		emam.mameworld.info
+		guru.mameworld.info
+		pinloader.mameworld.info
+
+	Redirect to HTTP:
+		forum.mameworld.info
+		www.forum.mameworld.info
+		forums.mameworld.info
+		www.forums.mameworld.info
+		movies.mameworld.info
+		www.movies.mameworld.info
+		net.mameworld.info
+		www.net.mameworld.info
+		test.mameworld.info
+		www.test.mameworld.info
+		undumped.mameworld.info
+		www.undumped.mameworld.info
+
+	Refused:
+		ubbthreadswip.mameworld.info
+		www.ubbthreadswip.mameworld.info
+-->
+<ruleset name="mameworld.info">
+	<target host="mameworld.info" />
+	<target host="www.mameworld.info" />
+	<target host="3darcade.mameworld.info" />
+	<target host="www.3darcade.mameworld.info" />
+	<target host="agemame.mameworld.info" />
+	<target host="www.agemame.mameworld.info" />
+	<target host="ajg.mameworld.info" />
+	<target host="www.ajg.mameworld.info" />
+	<target host="andreas.mameworld.info" />
+	<target host="www.andreas.mameworld.info" />
+	<target host="arcade.mameworld.info" />
+	<target host="www.arcade.mameworld.info" />
+	<target host="arcadeenvy.mameworld.info" />
+	<target host="www.arcadeenvy.mameworld.info" />
+	<target host="arcadepc.mameworld.info" />
+	<target host="www.arcadepc.mameworld.info" />
+	<target host="arcadepic.mameworld.info" />
+	<target host="www.arcadepic.mameworld.info" />
+	<target host="ashura.mameworld.info" />
+	<target host="www.ashura.mameworld.info" />
+	<target host="benchmark.mameworld.info" />
+	<target host="www.benchmark.mameworld.info" />
+	<target host="catlist.mameworld.info" />
+	<target host="www.catlist.mameworld.info" />
+	<target host="cpanel.mameworld.info" />
+	<target host="crazy.mameworld.info" />
+	<target host="www.crazy.mameworld.info" />
+	<target host="decap.mameworld.info" />
+	<target host="www.decap.mameworld.info" />
+	<target host="derrick.mameworld.info" />
+	<target host="www.derrick.mameworld.info" />
+	<target host="discrete.mameworld.info" />
+	<target host="www.discrete.mameworld.info" />
+	<target host="dosmame.mameworld.info" />
+	<target host="www.dosmame.mameworld.info" />
+	<target host="dutchmamepage.mameworld.info" />
+	<target host="www.dutchmamepage.mameworld.info" />
+	<target host="easyemu.mameworld.info" />
+	<target host="www.easyemu.mameworld.info" />
+	<target host="easymame.mameworld.info" />
+	<target host="www.easymame.mameworld.info" />
+	<target host="easymamecab.mameworld.info" />
+	<target host="www.easymamecab.mameworld.info" />
+	<target host="easyrun.mameworld.info" />
+	<target host="www.easyrun.mameworld.info" />
+	<target host="emuloader.mameworld.info" />
+	<target host="www.emuloader.mameworld.info" />
+	<target host="filetransfer.mameworld.info" />
+	<target host="www.filetransfer.mameworld.info" />
+	<target host="gur.mameworld.info" />
+	<target host="www.gur.mameworld.info" />
+	<target host="highscore.mameworld.info" />
+	<target host="www.highscore.mameworld.info" />
+	<target host="hispamame.mameworld.info" />
+	<target host="www.hispamame.mameworld.info" />
+	<target host="hitf12.mameworld.info" />
+	<target host="www.hitf12.mameworld.info" />
+	<target host="hosting.mameworld.info" />
+	<target host="www.hosting.mameworld.info" />
+	<target host="hotrod.mameworld.info" />
+	<target host="www.hotrod.mameworld.info" />
+	<target host="icons.mameworld.info" />
+	<target host="www.icons.mameworld.info" />
+	<target host="imame.mameworld.info" />
+	<target host="www.imame.mameworld.info" />
+	<target host="indexicons.mameworld.info" />
+	<target host="www.indexicons.mameworld.info" />
+	<target host="lanzamame.mameworld.info" />
+	<target host="www.lanzamame.mameworld.info" />
+	<target host="logos.mameworld.info" />
+	<target host="www.logos.mameworld.info" />
+	<target host="loonybar.mameworld.info" />
+	<target host="www.loonybar.mameworld.info" />
+	<target host="madeinmame.mameworld.info" />
+	<target host="www.madeinmame.mameworld.info" />
+	<target host="mail.mameworld.info" />
+	<target host="mamecat32.mameworld.info" />
+	<target host="www.mamecat32.mameworld.info" />
+	<target host="mamece3.mameworld.info" />
+	<target host="www.mamece3.mameworld.info" />
+	<target host="mameclassic.mameworld.info" />
+	<target host="www.mameclassic.mameworld.info" />
+	<target host="mamedev.mameworld.info" />
+	<target host="www.mamedev.mameworld.info" />
+	<target host="mamefe.mameworld.info" />
+	<target host="www.mamefe.mameworld.info" />
+	<target host="mameinfo.mameworld.info" />
+	<target host="www.mameinfo.mameworld.info" />
+	<target host="mameload.mameworld.info" />
+	<target host="www.mameload.mameworld.info" />
+	<target host="mamemix.mameworld.info" />
+	<target host="www.mamemix.mameworld.info" />
+	<target host="mamewah.mameworld.info" />
+	<target host="www.mamewah.mameworld.info" />
+	<target host="mariuszw.mameworld.info" />
+	<target host="www.mariuszw.mameworld.info" />
+	<target host="massive.mameworld.info" />
+	<target host="www.massive.mameworld.info" />
+	<target host="maws.mameworld.info" />
+	<target host="www.maws.mameworld.info" />
+	<target host="mcm.mameworld.info" />
+	<target host="www.mcm.mameworld.info" />
+	<target host="misc.mameworld.info" />
+	<target host="www.misc.mameworld.info" />
+	<target host="misfitmame.mameworld.info" />
+	<target host="www.misfitmame.mameworld.info" />
+	<target host="money.mameworld.info" />
+	<target host="www.money.mameworld.info" />
+	<target host="mrdo.mameworld.info" />
+	<target host="www.mrdo.mameworld.info" />
+	<target host="nonmame.mameworld.info" />
+	<target host="www.nonmame.mameworld.info" />
+	<target host="ogoun.mameworld.info" />
+	<target host="www.ogoun.mameworld.info" />
+	<target host="orc.mameworld.info" />
+	<target host="www.orc.mameworld.info" />
+	<target host="pc2jamma.mameworld.info" />
+	<target host="www.pc2jamma.mameworld.info" />
+	<target host="philwip.mameworld.info" />
+	<target host="www.philwip.mameworld.info" />
+	<target host="phpbb3.mameworld.info" />
+	<target host="www.phpbb3.mameworld.info" />
+	<target host="pinmame.mameworld.info" />
+	<target host="www.pinmame.mameworld.info" />
+	<target host="progettosnaps.mameworld.info" />
+	<target host="www.progettosnaps.mameworld.info" />
+	<target host="random.mameworld.info" />
+	<target host="www.random.mameworld.info" />
+	<target host="ranger.mameworld.info" />
+	<target host="www.ranger.mameworld.info" />
+	<target host="rbelmont.mameworld.info" />
+	<target host="www.rbelmont.mameworld.info" />
+	<target host="reip.mameworld.info" />
+	<target host="www.reip.mameworld.info" />
+	<target host="retroview.mameworld.info" />
+	<target host="www.retroview.mameworld.info" />
+	<target host="robbie.mameworld.info" />
+	<target host="www.robbie.mameworld.info" />
+	<target host="samples.mameworld.info" />
+	<target host="www.samples.mameworld.info" />
+	<target host="search.mameworld.info" />
+	<target host="www.search.mameworld.info" />
+	<target host="setcleaner.mameworld.info" />
+	<target host="www.setcleaner.mameworld.info" />
+	<target host="smf.mameworld.info" />
+	<target host="www.smf.mameworld.info" />
+	<target host="smitdogg.mameworld.info" />
+	<target host="www.smitdogg.mameworld.info" />
+	<target host="teamjapump.mameworld.info" />
+	<target host="www.teamjapump.mameworld.info" />
+	<target host="temp.mameworld.info" />
+	<target host="www.temp.mameworld.info" />
+	<target host="testing.mameworld.info" />
+	<target host="www.testing.mameworld.info" />
+	<target host="tigerheli.mameworld.info" />
+	<target host="www.tigerheli.mameworld.info" />
+	<target host="tourniquet.mameworld.info" />
+	<target host="www.tourniquet.mameworld.info" />
+	<target host="transfer.mameworld.info" />
+	<target host="www.transfer.mameworld.info" />
+	<target host="turbomame.mameworld.info" />
+	<target host="www.turbomame.mameworld.info" />
+	<target host="ubbthreads.mameworld.info" />
+	<target host="www.ubbthreads.mameworld.info" />
+	<target host="ultrastyle.mameworld.info" />
+	<target host="www.ultrastyle.mameworld.info" />
+	<target host="unmamed.mameworld.info" />
+	<target host="www.unmamed.mameworld.info" />
+	<target host="vlinde.mameworld.info" />
+	<target host="www.vlinde.mameworld.info" />
+	<target host="vsynchmame.mameworld.info" />
+	<target host="www.vsynchmame.mameworld.info" />
+	<target host="webdisk.mameworld.info" />
+	<target host="webmail.mameworld.info" />
+	<target host="zmame.mameworld.info" />
+	<target host="www.zmame.mameworld.info" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mandrakewine.com.xml b/src/chrome/content/rules/mandrakewine.com.xml
new file mode 100644
index 000000000000..8c44b8e5c526
--- /dev/null
+++ b/src/chrome/content/rules/mandrakewine.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		autodiscover.mandrakewine.com
+		ftp.mandrakewine.com
+		imap.mandrakewine.com
+		pop.mandrakewine.com
+		smtp.mandrakewine.com
+
+	Refused:
+		localhost.mandrakewine.com
+-->
+<ruleset name="mandrakewine.com">
+	<target host="mandrakewine.com" />
+	<target host="www.mandrakewine.com" />
+	<target host="mail.mandrakewine.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/manning.com.xml b/src/chrome/content/rules/manning.com.xml
index 05550e6fb012..03b829bbd128 100644
--- a/src/chrome/content/rules/manning.com.xml
+++ b/src/chrome/content/rules/manning.com.xml
@@ -1,6 +1,5 @@
 <!--
 freecontent.manning.com/: (35, 'error:14077410:SSL routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake failure')
-enews.manning.com mismatch
 livebook.manning.com mismatch
 ycart.manning.com different content
 -->
@@ -8,6 +7,7 @@ ycart.manning.com different content
 	<target host="manning.com" />
 	<target host="www.manning.com" />
 	<target host="account.manning.com" />
+	<target host="enews.manning.com" />
 	<target host="forums.manning.com" />
 	<target host="login.manning.com" />
 
diff --git a/src/chrome/content/rules/marketingautomation-linz.de.xml b/src/chrome/content/rules/marketingautomation-linz.de.xml
new file mode 100644
index 000000000000..6428aff42295
--- /dev/null
+++ b/src/chrome/content/rules/marketingautomation-linz.de.xml
@@ -0,0 +1,46 @@
+<!--
+	Invalid certificate:
+		com.marketingautomation-linz.de
+		de.marketingautomation-linz.de
+		info.marketingautomation-linz.de
+		ligitec.marketingautomation-linz.de
+		www.ligitec.marketingautomation-linz.de
+-->
+<ruleset name="marketingautomation-linz.de">
+	<target host="marketingautomation-linz.de" />
+	<target host="www.marketingautomation-linz.de" />
+	<target host="ckom.marketingautomation-linz.de" />
+	<target host="www.ckom.marketingautomation-linz.de" />
+	<target host="equiartes.com.marketingautomation-linz.de" />
+	<target host="www.equiartes.com.marketingautomation-linz.de" />
+	<target host="cpanel.marketingautomation-linz.de" />
+	<target host="cpcalendars.marketingautomation-linz.de" />
+	<target host="cpcontacts.marketingautomation-linz.de" />
+	<target host="ckom.de.marketingautomation-linz.de" />
+	<target host="www.ckom.de.marketingautomation-linz.de" />
+	<target host="equinias.de.marketingautomation-linz.de" />
+	<target host="www.equinias.de.marketingautomation-linz.de" />
+	<target host="herrenmuehle-bleichheim.de.marketingautomation-linz.de" />
+	<target host="www.herrenmuehle-bleichheim.de.marketingautomation-linz.de" />
+	<target host="pferdehaarschmuck.de.marketingautomation-linz.de" />
+	<target host="www.pferdehaarschmuck.de.marketingautomation-linz.de" />
+	<target host="schmuck-aus-haar.de.marketingautomation-linz.de" />
+	<target host="www.schmuck-aus-haar.de.marketingautomation-linz.de" />
+	<target host="schmuck-aus-pferdehaar.de.marketingautomation-linz.de" />
+	<target host="www.schmuck-aus-pferdehaar.de.marketingautomation-linz.de" />
+	<target host="equiartes.info.marketingautomation-linz.de" />
+	<target host="www.equiartes.info.marketingautomation-linz.de" />
+	<target host="mein-tierhaarschmuck.de.marketingautomation-linz.de" />
+	<target host="www.mein-tierhaarschmuck.de.marketingautomation-linz.de" />
+	<target host="herrenmuehle-bleichheim.marketingautomation-linz.de" />
+	<target host="www.herrenmuehle-bleichheim.marketingautomation-linz.de" />
+	<target host="mail.marketingautomation-linz.de" />
+	<target host="resinia.marketingautomation-linz.de" />
+	<target host="www.resinia.marketingautomation-linz.de" />
+	<target host="resinia-shop.marketingautomation-linz.de" />
+	<target host="www.resinia-shop.marketingautomation-linz.de" />
+	<target host="webdisk.marketingautomation-linz.de" />
+	<target host="webmail.marketingautomation-linz.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/marketoracle.co.uk.xml b/src/chrome/content/rules/marketoracle.co.uk.xml
new file mode 100644
index 000000000000..4efa89d8f08d
--- /dev/null
+++ b/src/chrome/content/rules/marketoracle.co.uk.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		ftp.marketoracle.co.uk
+		gw.marketoracle.co.uk
+		mail.marketoracle.co.uk
+
+	Refused:
+		localhost.marketoracle.co.uk
+-->
+<ruleset name="marketoracle.co.uk">
+	<target host="marketoracle.co.uk" />
+	<target host="www.marketoracle.co.uk" />
+	<target host="lynx.marketoracle.co.uk" />
+	<target host="pixels.marketoracle.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/masterpasswordapp.com.xml b/src/chrome/content/rules/masterpasswordapp.com.xml
new file mode 100644
index 000000000000..6051335fabad
--- /dev/null
+++ b/src/chrome/content/rules/masterpasswordapp.com.xml
@@ -0,0 +1,13 @@
+ <!--
+	Wildcard DNS record, but no wildcard cert.
+-->
+<ruleset name="masterpasswordapp.com">
+	<target host="masterpasswordapp.com" />
+	<target host="help.masterpasswordapp.com" />
+	<target host="js.masterpasswordapp.com" />
+	<target host="ssl.masterpasswordapp.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mattermap.nl.xml b/src/chrome/content/rules/mattermap.nl.xml
deleted file mode 100644
index bc20ac80baea..000000000000
--- a/src/chrome/content/rules/mattermap.nl.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- mattermap.nl
-		- www.mattermap.nl
-
--->
-<ruleset name="Mattermap.nl">
-
-	<target host="mattermap.nl" />
-	<target host="www.mattermap.nl" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?mattermap\.nl$" name="^symphony$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/mattermark.com.xml b/src/chrome/content/rules/mattermark.com.xml
index 20c3578675b8..90fa1d3f19f0 100644
--- a/src/chrome/content/rules/mattermark.com.xml
+++ b/src/chrome/content/rules/mattermark.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://wordpress.mattermark.com/ => https://wordpress.mattermark.co
 		- support.mattermark.com
 
 -->
-<ruleset name="Mattermark.com" default_off='failed ruleset test'>
+<ruleset name="Mattermark.com" default_off="failed ruleset test">
 
 	<target host="mattermark.com" />
 	<target host="support.mattermark.com" />
diff --git a/src/chrome/content/rules/maxthon.cn.xml b/src/chrome/content/rules/maxthon.cn.xml
new file mode 100644
index 000000000000..11b8f692e47c
--- /dev/null
+++ b/src/chrome/content/rules/maxthon.cn.xml
@@ -0,0 +1,10 @@
+<ruleset name="maxthon.cn">
+	<target host="maxthon.cn" />
+	<target host="www.maxthon.cn" />
+	<target host="dl.maxthon.cn" />
+
+	<rule from="^http://maxthon\.cn/"
+			to="https://www.maxthon.cn/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mazesp.in.xml b/src/chrome/content/rules/mazesp.in.xml
new file mode 100644
index 000000000000..57e0d1c9d317
--- /dev/null
+++ b/src/chrome/content/rules/mazesp.in.xml
@@ -0,0 +1,7 @@
+<ruleset name="mazesp.in">
+	<target host="mazesp.in" />
+	<target host="www.mazesp.in" />
+
+	<rule from="^http://www\.mazesp\.in/" to="https://mazesp.in/" /> <!-- Invalid certificate -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mcc.gov.xml b/src/chrome/content/rules/mcc.gov.xml
index 0877a09272aa..dfd8379a9eed 100644
--- a/src/chrome/content/rules/mcc.gov.xml
+++ b/src/chrome/content/rules/mcc.gov.xml
@@ -7,7 +7,7 @@ Fetch error: http://data.mcc.gov/ => https://data.mcc.gov/: (35, 'Unknown SSL pr
 
 
 -->
-<ruleset name="MCC.gov" default_off='failed ruleset test'>
+<ruleset name="MCC.gov" default_off="failed ruleset test">
 
 	<target host="mcc.gov" />
 	<target host="assets.mcc.gov" />
diff --git a/src/chrome/content/rules/medicaid.gov.xml b/src/chrome/content/rules/medicaid.gov.xml
index c6ad4b3c62cb..64b90c32ca1c 100644
--- a/src/chrome/content/rules/medicaid.gov.xml
+++ b/src/chrome/content/rules/medicaid.gov.xml
@@ -36,7 +36,7 @@ Non-2xx HTTP code: http://questions.medicaid.gov/ (200) => https://questions.med
 			- public from ^medicaid.gov
 
 -->
-<ruleset name="Medicaid.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="Medicaid.gov (partial)" default_off="failed ruleset test">
 
 	<!--target host="medicaid.gov" />	needs clearnet testing -->
 	<target host="public.medicaid.gov" />
diff --git a/src/chrome/content/rules/medicare.gov.xml b/src/chrome/content/rules/medicare.gov.xml
index 8ee222c44e0b..42d77e9ca4c1 100644
--- a/src/chrome/content/rules/medicare.gov.xml
+++ b/src/chrome/content/rules/medicare.gov.xml
@@ -25,7 +25,7 @@ Fetch error: http://www4c.medicare.gov/ => https://www4c.medicare.gov/: (6, 'Cou
 
 
 	Insecure cookies are set for these hosts:
-	
+
 		- medicare.gov
 		- enrollmentcenter.medicare.gov
 		- es.medicare.gov
@@ -40,7 +40,7 @@ Fetch error: http://www4c.medicare.gov/ => https://www4c.medicare.gov/: (6, 'Cou
 	ˢ Secured by us
 
 -->
-<ruleset name="Medicare.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="Medicare.gov (partial)" default_off="failed ruleset test">
 
 	<target host="medicare.gov" />
 	<target host="enrollmentcenter.medicare.gov" />
diff --git a/src/chrome/content/rules/megaadventure.com.au.xml b/src/chrome/content/rules/megaadventure.com.au.xml
index 1cd5ff4dd42a..aacd62574223 100644
--- a/src/chrome/content/rules/megaadventure.com.au.xml
+++ b/src/chrome/content/rules/megaadventure.com.au.xml
@@ -9,7 +9,7 @@ Fetch error: http://tickets.megaadventure.com.au/ => https://tickets.megaadventu
 	Non-functional subdomain:
 		- (www)		(unknown protocol)
 -->
-<ruleset name="MegaAdventure.com.au (partial)" default_off='failed ruleset test'>
+<ruleset name="MegaAdventure.com.au (partial)" default_off="failed ruleset test">
 	<target host="tickets.megaadventure.com.au" />
 
 	<securecookie host="tickets\.megaadventure\.com\.au$" name=".+" />
diff --git a/src/chrome/content/rules/meldmerge.org.xml b/src/chrome/content/rules/meldmerge.org.xml
new file mode 100644
index 000000000000..1968e22e2eb6
--- /dev/null
+++ b/src/chrome/content/rules/meldmerge.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="meldmerge.org">
+  <target host="meldmerge.org" />
+  <target host="www.meldmerge.org" />
+
+  <rule from="^http://www\.meldmerge\.org/" to="https://meldmerge.org/" />
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/menulog.com.au.xml b/src/chrome/content/rules/menulog.com.au.xml
index d45369144011..5f50299ad6fb 100644
--- a/src/chrome/content/rules/menulog.com.au.xml
+++ b/src/chrome/content/rules/menulog.com.au.xml
@@ -9,7 +9,7 @@ Fetch error: http://menulog.com.au/ => https://menulog.com.au/: (51, "SSL: no al
 		- www.menulog.com.au
 
 -->
-<ruleset name="Menulog.com.au" default_off='failed ruleset test'>
+<ruleset name="Menulog.com.au" default_off="failed ruleset test">
 
 	<target host="menulog.com.au" />
 	<target host="www.menulog.com.au" />
diff --git a/src/chrome/content/rules/meraferesources.co.za.xml b/src/chrome/content/rules/meraferesources.co.za.xml
new file mode 100644
index 000000000000..772110b123f8
--- /dev/null
+++ b/src/chrome/content/rules/meraferesources.co.za.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		control.meraferesources.co.za
+		ftp.meraferesources.co.za
+		imap.meraferesources.co.za
+		lyncdiscover.meraferesources.co.za
+		mail.meraferesources.co.za
+		pop.meraferesources.co.za
+		relay.meraferesources.co.za
+		remote.meraferesources.co.za
+		smtp.meraferesources.co.za
+
+	Refused:
+		autodiscover.meraferesources.co.za
+-->
+<ruleset name="meraferesources.co.za" platform="mixedcontent">
+	<target host="meraferesources.co.za" />
+	<target host="www.meraferesources.co.za" />
+	<target host="cpanel.meraferesources.co.za" />
+	<target host="webdisk.meraferesources.co.za" />
+	<target host="webmail.meraferesources.co.za" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mercurius.space.xml b/src/chrome/content/rules/mercurius.space.xml
deleted file mode 100644
index 02ad7b8f95b8..000000000000
--- a/src/chrome/content/rules/mercurius.space.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="mercurius.space">
-	<target host="mercurius.space" />
-	<target host="www.mercurius.space" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/met.police.uk.xml b/src/chrome/content/rules/met.police.uk.xml
index b785653297ff..738bfb436b5c 100644
--- a/src/chrome/content/rules/met.police.uk.xml
+++ b/src/chrome/content/rules/met.police.uk.xml
@@ -35,7 +35,7 @@ Fetch error: http://secure.met.police.uk/ => https://secure.met.police.uk/: (35,
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Met.Police.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Met.Police.uk (partial)" default_off="failed ruleset test">
 
 	<target host="online.met.police.uk" />
 	<target host="secure.met.police.uk" />
diff --git a/src/chrome/content/rules/metafaq.com.xml b/src/chrome/content/rules/metafaq.com.xml
index 1335d5e4ac67..e182173655ae 100644
--- a/src/chrome/content/rules/metafaq.com.xml
+++ b/src/chrome/content/rules/metafaq.com.xml
@@ -10,7 +10,7 @@
 	Mixed content:
 
 		- Bug on tpr from logw309.ati-host.net ʳ
-	
+
 	ʳ Unsecurable <= refused
 
 -->
diff --git a/src/chrome/content/rules/mgmmirage.com.xml b/src/chrome/content/rules/mgmmirage.com.xml
index 936e2a017e28..d919c701995d 100644
--- a/src/chrome/content/rules/mgmmirage.com.xml
+++ b/src/chrome/content/rules/mgmmirage.com.xml
@@ -11,7 +11,7 @@ Non-2xx HTTP code: http://reservations.mgmmirage.com/ (200) => https://reservati
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="mgmmirage.com" default_off='failed ruleset test'>
+<ruleset name="mgmmirage.com" default_off="failed ruleset test">
 
 	<target host="reservations.mgmmirage.com" />
 
diff --git a/src/chrome/content/rules/mheducation.com-falsemixed.xml b/src/chrome/content/rules/mheducation.com-falsemixed.xml
index b38651ab4197..34b35b01f613 100644
--- a/src/chrome/content/rules/mheducation.com-falsemixed.xml
+++ b/src/chrome/content/rules/mheducation.com-falsemixed.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://info.mheducation.com/rs/mheducation/images/mcgrawhill-
 	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="MH Education.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="MH Education.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/mheducation.com.xml b/src/chrome/content/rules/mheducation.com.xml
index 9e1dd02d6872..3388b590e30f 100644
--- a/src/chrome/content/rules/mheducation.com.xml
+++ b/src/chrome/content/rules/mheducation.com.xml
@@ -1,10 +1,6 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://careers.mheducation.com/default.aspx => https://mhecareers.silkroad.com/default.aspx: (6, 'Could not resolve host: mhecareers.silkroad.com')
-Non-2xx HTTP code: http://info.mheducation.com/rs/mheducation/images/Power%20of%20Thanks%20Sample%20Chapter.pdf (200) => https://na-sj03.marketo.com/rs/mheducation/images/Power%20of%20Thanks%20Sample%20Chapter.pdf (403)
-Fetch error: http://status.mheducation.com/ => https://status.mheducation.com/: (51, "SSL: no alternative certificate subject name matches target host name 'status.mheducation.com'")
-Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/: (6, 'Could not resolve host: mhecareers.silkroad.com')
+
 
 	For rules causing false/broken MCB, see mheducation.com-falsemixed.xml.
 
@@ -54,7 +50,7 @@ Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/
 		- css on createwp.customer.mheducation.com from $self ˢ
 
 		- Images, on:
-		
+
 			- dev, pqa, www from $self ˢ
 			- paris from highered.mheducation.com ˢ
 			- shopdev from dev.mheducation.com ˢ
@@ -64,17 +60,16 @@ Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="MH Education.com (partial)" default_off='failed ruleset test'>
+<ruleset name="MH Education.com (partial)">
 
 	<!--	Direct rewrites:
 				-->
 	<target host="connect.mheducation.com" />
 	<target host="create.mheducation.com" />
-	<!--target host="createwp.customer.mheducation.com" /-->
+	<!-- <target host="createwp.customer.mheducation.com" /> -->
 	<target host="dev.mheducation.com" />
 	<target host="highered.mheducation.com" />
 	<target host="images-cf.mheducation.com" />
-	<target host="novellaqalive.mheducation.com" />
 	<target host="paris.mheducation.com" />
 	<target host="pqa.mheducation.com" />
 	<target host="shop.mheducation.com" />
@@ -82,10 +77,9 @@ Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/
 	<target host="shopqa.mheducation.com" />
 	<target host="status.mheducation.com" />
 	<target host="www.mheducation.com" />
+	<target host="careers.mheducation.com" />
 
-		<!--	Mixed css:
-					-->
-		<!--test url="http://createwp.customer.mheducation.com/wordpress-mu/success-academy/learnsmart-reports-3/" /-->
+		<!-- <test url="http://createwp.customer.mheducation.com/wordpress-mu/success-academy/learnsmart-reports-3/" /> -->
 
 		<test url="http://images-cf.mheducation.com/connect/prod/connectstatic/1607/gz/connectweb/branding/common/images/homepage/paddles.png" />
 
@@ -96,7 +90,6 @@ Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/
 	<!--	Complications:
 				-->
 	<target host="mheducation.com" />
-	<target host="careers.mheducation.com" />
 	<target host="info.mheducation.com" />
 
 		<!--exclusion pattern="^http://info\.mheducation\.com/(?!/*(?:$|\?|css/|images/|rs/))" /-->
@@ -137,10 +130,6 @@ Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/
 	<!--	Redirect keeps path and args,
 		but not forward slash:
 					-->
-	<rule from="^http://careers\.mheducation\.com/+"
-		to="https://mhecareers.silkroad.com/" />
-
-		<test url="http://careers.mheducation.com/default.aspx" />
 
 	<rule from="^http://info\.mheducation\.com/+(?:\?.*)?$"
 		to="https://www.mheducation.com/notfound.html" />
@@ -150,13 +139,9 @@ Fetch error: http://careers.mheducation.com/ => https://mhecareers.silkroad.com/
 	<rule from="^http://info\.mheducation\.com/"
 		to="https://na-sj03.marketo.com/" />
 
-		<!--
 		<test url="http://info.mheducation.com/css/mktLPSupport.css" />
-		-->
 		<test url="http://info.mheducation.com/rs/mheducation/images/Power%20of%20Thanks%20Sample%20Chapter.pdf" />
-		<!--
 		<test url="http://info.mheducation.com/rs/mheducation/images/mcgrawhill-logo.png" />
-		-->
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/mhfa.com.au.xml b/src/chrome/content/rules/mhfa.com.au.xml
new file mode 100644
index 000000000000..e5e001fe8265
--- /dev/null
+++ b/src/chrome/content/rules/mhfa.com.au.xml
@@ -0,0 +1,6 @@
+<ruleset name="mhfa.com.au">
+	<target host="mhfa.com.au" />
+	<target host="www.mhfa.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mhwz.de.xml b/src/chrome/content/rules/mhwz.de.xml
new file mode 100644
index 000000000000..fe9ac967a482
--- /dev/null
+++ b/src/chrome/content/rules/mhwz.de.xml
@@ -0,0 +1,15 @@
+<!--
+	See also:
+		- Hochwasserzentralen.de.xml
+		- Hochwasserzentralen.info.xml
+-->
+<ruleset name="mhwz.de">
+
+	<target host="mhwz.de" />
+	<target host="www.mhwz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/miaopai.com.xml b/src/chrome/content/rules/miaopai.com.xml
new file mode 100644
index 000000000000..130feffe819a
--- /dev/null
+++ b/src/chrome/content/rules/miaopai.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Expired:
+		^		equal to www.miaopai.com
+-->
+<ruleset name="miaopai.com">
+	<target host="miaopai.com" />
+	<target host="www.miaopai.com" />
+	<target host="m.miaopai.com" />
+
+	<rule from="^http://miaopai\.com/" to="https://www.miaopai.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/midkemiaonline.xml b/src/chrome/content/rules/midkemiaonline.xml
index a300d1cc674c..55a8a295f983 100644
--- a/src/chrome/content/rules/midkemiaonline.xml
+++ b/src/chrome/content/rules/midkemiaonline.xml
@@ -5,7 +5,7 @@ Fetch error: http://midkemiaonline.com/ => https://midkemiaonline.com/: (6, 'Cou
 Fetch error: http://www.midkemiaonline.com/ => https://www.midkemiaonline.com/: (6, 'Could not resolve host: www.midkemiaonline.com')
 
 -->
-<ruleset name="Midkemia online" default_off='failed ruleset test'>
+<ruleset name="Midkemia online" default_off="failed ruleset test">
     <target host="midkemiaonline.com" />
     <target host="www.midkemiaonline.com" />
     <rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/militarymaps.info.xml b/src/chrome/content/rules/militarymaps.info.xml
index 72183f7e5024..4c25166a11db 100644
--- a/src/chrome/content/rules/militarymaps.info.xml
+++ b/src/chrome/content/rules/militarymaps.info.xml
@@ -2,6 +2,6 @@
 	<target host="militarymaps.info" />
 	<target host="www.militarymaps.info" />
 	<target host="dev.militarymaps.info" />
-	
+
 	<rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/milk.com.xml b/src/chrome/content/rules/milk.com.xml
new file mode 100644
index 000000000000..7c8b47e7cb5c
--- /dev/null
+++ b/src/chrome/content/rules/milk.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		bb.milk.com
+		harvey.milk.com
+-->
+<ruleset name="milk.com">
+	<target host="milk.com" />
+	<target host="www.milk.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/minavardkontakter.se.xml b/src/chrome/content/rules/minavardkontakter.se.xml
new file mode 100644
index 000000000000..753793ba3f00
--- /dev/null
+++ b/src/chrome/content/rules/minavardkontakter.se.xml
@@ -0,0 +1,18 @@
+<!-- See also: 1177.se.xml 
+
+		Problematic subdomains:
+			
+			- cert error: 
+				- designverktyget.sob.minavardkontakter.se
+				- personal.designverktyget.sob.minavardkontakter.se
+-->
+
+<ruleset name="minavardkontakter.se">
+	<target host="minavardkontakter.se"/>
+	<target host="www.minavardkontakter.se"/>
+	<target host="personal.minavardkontakter.se"/>
+	<target host="personal-cert.minavardkontakter.se"/>
+	<target host="sob.minavardkontakter.se"/>
+	
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/minetrack.xml b/src/chrome/content/rules/minetrack.xml
index 927aa8a6d5d9..bb5c14b72a07 100644
--- a/src/chrome/content/rules/minetrack.xml
+++ b/src/chrome/content/rules/minetrack.xml
@@ -7,4 +7,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/mini-dweeb.org.xml b/src/chrome/content/rules/mini-dweeb.org.xml
new file mode 100644
index 000000000000..d28896484b8c
--- /dev/null
+++ b/src/chrome/content/rules/mini-dweeb.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="mini-dweeb.org">
+	<target host="debian.mini-dweeb.org" />
+	<target host="projects.mini-dweeb.org" />
+	<target host="www.mini-dweeb.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/minmyndighetspost.se.xml b/src/chrome/content/rules/minmyndighetspost.se.xml
new file mode 100644
index 000000000000..a344cf04af0c
--- /dev/null
+++ b/src/chrome/content/rules/minmyndighetspost.se.xml
@@ -0,0 +1,7 @@
+<ruleset name="minmyndighetspost.se">
+	<target host="minmyndighetspost.se" />
+	<target host="www.minmyndighetspost.se" />
+	<target host="test.minmyndighetspost.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mir-politika.ru.xml b/src/chrome/content/rules/mir-politika.ru.xml
index f377426e575c..518636d0b2e1 100644
--- a/src/chrome/content/rules/mir-politika.ru.xml
+++ b/src/chrome/content/rules/mir-politika.ru.xml
@@ -5,7 +5,7 @@ Fetch error: http://mir-politika.com/ => https://mir-politika.com/: (60, 'SSL ce
 Fetch error: http://www.mir-politika.com/ => https://mir-politika.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
  list. mismatcha
 www.mir-politika.com mismatch -->
-<ruleset name="mir-politika.ru" default_off='failed ruleset test'>
+<ruleset name="mir-politika.ru" default_off="failed ruleset test">
 	<target host="mir-politika.ru" />
 	<target host="www.mir-politika.ru" />
 	<target host="mir-politika.com" />
diff --git a/src/chrome/content/rules/mirtv33.ru.xml b/src/chrome/content/rules/mirtv33.ru.xml
index 9707f0109ab9..c05bf78342a9 100644
--- a/src/chrome/content/rules/mirtv33.ru.xml
+++ b/src/chrome/content/rules/mirtv33.ru.xml
@@ -5,7 +5,7 @@ Fetch error: http://mirtv33.ru/ => https://mirtv33.ru/: (7, 'Failed to connect t
 Fetch error: http://www.mirtv33.ru/ => https://www.mirtv33.ru/: (7, 'Failed to connect to www.mirtv33.ru port 443: Connection refused')
 
 -->
-<ruleset name="mirtv33.ru" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="mirtv33.ru" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="mirtv33.ru" />
 	<target host="www.mirtv33.ru" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/mk.co.kr.xml b/src/chrome/content/rules/mk.co.kr.xml
index 82cd48ec7380..3a3f84567a9c 100644
--- a/src/chrome/content/rules/mk.co.kr.xml
+++ b/src/chrome/content/rules/mk.co.kr.xml
@@ -2,14 +2,14 @@
 	Mixed content:
 
 		- css, on:
-		
-			- estate from $self ˢ 
-			- estate from common.mk.co.kr ˢ 
+
+			- estate from $self ˢ
+			- estate from common.mk.co.kr ˢ
 
 		- Images, on:
-		
-			- estate from file.mk.co.kr ˢ 
-			- estate from img.mk.co.kr ˢ 
+
+			- estate from file.mk.co.kr ˢ
+			- estate from img.mk.co.kr ˢ
 
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
diff --git a/src/chrome/content/rules/mkwrs.com.xml b/src/chrome/content/rules/mkwrs.com.xml
new file mode 100644
index 000000000000..162bd15ac2b0
--- /dev/null
+++ b/src/chrome/content/rules/mkwrs.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Host sends a HSTS header and has a wildcard DNS record, but no wildcard certificate. This breaks other subdomains.
+-->
+<ruleset name="MKWRs">
+        <target host="mkwrs.com" />
+        <target host="www.mkwrs.com" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mobileapptracking.com.xml b/src/chrome/content/rules/mobileapptracking.com.xml
deleted file mode 100644
index c2fb86710959..000000000000
--- a/src/chrome/content/rules/mobileapptracking.com.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	For other Tune coverage, see tune.com.xml.
-
--->
-<ruleset name="mobileapptracking.com">
-
-	<target host="mobileapptracking.com" />
-	<target host="login.mobileapptracking.com" />
-	<target host="www.mobileapptracking.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/mobilism.me.xml b/src/chrome/content/rules/mobilism.me.xml
index 3ce3c423981a..533537df7157 100644
--- a/src/chrome/content/rules/mobilism.me.xml
+++ b/src/chrome/content/rules/mobilism.me.xml
@@ -7,7 +7,7 @@ Fetch error: http://forum.mobilism.me/ => https://forum.mobilism.me/: Too many r
 Fetch error: http://images.mobilism.me/ => https://images.mobilism.me/: (28, 'Operation timed out after 30001 milliseconds with 0 bytes received')
 
 -->
-<ruleset name="mobilism.me" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="mobilism.me" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="mobilism.me" />
 	<target host="www.mobilism.me" />
 	<target host="forum.mobilism.me" />
diff --git a/src/chrome/content/rules/moderngov.co.uk.xml b/src/chrome/content/rules/moderngov.co.uk.xml
index 1b4b40ec42e7..9bd4f98bcc43 100644
--- a/src/chrome/content/rules/moderngov.co.uk.xml
+++ b/src/chrome/content/rules/moderngov.co.uk.xml
@@ -72,7 +72,7 @@ Fetch error: http://powys.moderngov.co.uk/ => https://powys.moderngov.co.uk/: To
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Moderngov.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Moderngov.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/modulus.com.xml b/src/chrome/content/rules/modulus.com.xml
new file mode 100644
index 000000000000..c381f6986b96
--- /dev/null
+++ b/src/chrome/content/rules/modulus.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="modulus.com">
+	<target host="modulus.com" />
+	<target host="www.modulus.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/molevalley.gov.uk.xml b/src/chrome/content/rules/molevalley.gov.uk.xml
index f851825fcf53..e9f2569b3a81 100644
--- a/src/chrome/content/rules/molevalley.gov.uk.xml
+++ b/src/chrome/content/rules/molevalley.gov.uk.xml
@@ -1,6 +1,6 @@
 <!--
 	Mole Valley District Council
-	
+
 	For other UK government coverage, see GOV.UK.xml.
 
 
diff --git a/src/chrome/content/rules/molodoi.net.xml b/src/chrome/content/rules/molodoi.net.xml
new file mode 100644
index 000000000000..64a3d7baf04c
--- /dev/null
+++ b/src/chrome/content/rules/molodoi.net.xml
@@ -0,0 +1,6 @@
+<ruleset name="molodoi.net">
+	<target host="molodoi.net" />
+	<target host="www.molodoi.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/molotro.ru.xml b/src/chrome/content/rules/molotro.ru.xml
deleted file mode 100644
index 9d95b84a9fe4..000000000000
--- a/src/chrome/content/rules/molotro.ru.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<!-- old. mismatch -->
-<ruleset name="molotro.ru">
-	<target host="molotro.ru" />
-	<target host="www.molotro.ru" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/moneropool.com.xml b/src/chrome/content/rules/moneropool.com.xml
deleted file mode 100644
index 6fac8b3d44e7..000000000000
--- a/src/chrome/content/rules/moneropool.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="MoneroPool.com">
-
-	<target host="moneropool.com" />
-	<target host="www.moneropool.com" />
-
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/monolith.zone.xml b/src/chrome/content/rules/monolith.zone.xml
new file mode 100644
index 000000000000..10a53419e97b
--- /dev/null
+++ b/src/chrome/content/rules/monolith.zone.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		webmail.monolith.zone
+
+	Refused:
+		blog.monolith.zone
+		discourse.monolith.zone
+		imap.monolith.zone
+		pop.monolith.zone
+		smtp.monolith.zone
+-->
+<ruleset name="monolith.zone">
+	<target host="monolith.zone" />
+	<target host="www.monolith.zone" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/moodlerooms.com-falsemixed.xml b/src/chrome/content/rules/moodlerooms.com-falsemixed.xml
deleted file mode 100644
index a01b07456682..000000000000
--- a/src/chrome/content/rules/moodlerooms.com-falsemixed.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see moodlerooms.com.xml.
-
-
-	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="MoodleRooms.com (false MCB)" platform="mixedcontent">
-
-	<target host="moodlerooms.com" />
-	<target host="train.moodlerooms.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/moodys.com.xml b/src/chrome/content/rules/moodys.com.xml
index 0d482c9e67c7..88aef9922b15 100644
--- a/src/chrome/content/rules/moodys.com.xml
+++ b/src/chrome/content/rules/moodys.com.xml
@@ -84,7 +84,7 @@ projectfinance-models.moodys.com different content
 ⁴ self signed
 ⁷ protocol error
 -->
-<ruleset name="moodys.com (partial)" default_off='failed ruleset test'>
+<ruleset name="moodys.com (partial)" default_off="failed ruleset test">
 	<target host="byod-amr.moodys.com" />
 	<target host="careers.moodys.com" />
 	<target host="credittrends.moodys.com" />
diff --git a/src/chrome/content/rules/moslenta.ru.xml b/src/chrome/content/rules/moslenta.ru.xml
index 17ca97cc1a34..8b89fa17aedb 100644
--- a/src/chrome/content/rules/moslenta.ru.xml
+++ b/src/chrome/content/rules/moslenta.ru.xml
@@ -3,7 +3,7 @@
 Disabled by https-everywhere-checker because:
 Fetch error: http://cdn.moslenta.ru/ => https://cdn.moslenta.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'cdn.moslenta.ru'")
 
-  Certificate mismatch: 
+  Certificate mismatch:
     dengoroda2016.moslenta.ru
     detmag.moslenta.ru
     mck.moslenta.ru
@@ -11,11 +11,11 @@ Fetch error: http://cdn.moslenta.ru/ => https://cdn.moslenta.ru/: (51, "SSL: no
     on.moslenta.ru
     sovety.moslenta.ru
 -->
-<ruleset name="moslenta.ru" default_off='failed ruleset test'>
+<ruleset name="moslenta.ru" default_off="failed ruleset test">
     <target host="moslenta.ru" />
     <target host="www.moslenta.ru" />
     <target host="cdn.moslenta.ru" />
     <target host="m.moslenta.ru" />
-  
+
     <rule from="^http:" to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/motive.com.xml b/src/chrome/content/rules/motive.com.xml
index 386111151cab..55c0e2cf785f 100644
--- a/src/chrome/content/rules/motive.com.xml
+++ b/src/chrome/content/rules/motive.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://pbttbcpn.bt.motive.com/ => https://pbttbcpn.bt.motive.com/:
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="motive.com (partial)" default_off='failed ruleset test'>
+<ruleset name="motive.com (partial)" default_off="failed ruleset test">
 
 	<target host="pbthdm.bt.motive.com" />
 	<target host="pbthdmw.bt.motive.com" />
diff --git a/src/chrome/content/rules/motoslave.net.xml b/src/chrome/content/rules/motoslave.net.xml
deleted file mode 100644
index 9cd038a84929..000000000000
--- a/src/chrome/content/rules/motoslave.net.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-Invalid certificate:
-	ftp.motoslave.net
-	mail.motoslave.net
--->
-<ruleset name="motoslave.net">
-	<target host="motoslave.net"/>
-	<target host="www.motoslave.net"/>
-	<target host="ftp.motoslave.net"/>
-	<target host="mail.motoslave.net"/>
-
-	<rule from="^http://(ftp|mail)\.motoslave\.net/" to="https://www.motoslave.net/"/>
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/mousejack.com.xml b/src/chrome/content/rules/mousejack.com.xml
index 4b0ce99211fd..01f2a43e67f7 100644
--- a/src/chrome/content/rules/mousejack.com.xml
+++ b/src/chrome/content/rules/mousejack.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://mousejack.com/ => https://www.mousejack.com/: Too many redir
 	ˢ Secured by us
 
 -->
-<ruleset name="MouseJack.com" default_off='failed ruleset test'>
+<ruleset name="MouseJack.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/mpg123.org.xml b/src/chrome/content/rules/mpg123.org.xml
new file mode 100644
index 000000000000..a1b12533052c
--- /dev/null
+++ b/src/chrome/content/rules/mpg123.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="mpg123.org">
+	<target host="mpg123.org" />
+	<target host="www.mpg123.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/msgme.com.xml b/src/chrome/content/rules/msgme.com.xml
index 5f5f6acd27e7..46c0e706cc24 100644
--- a/src/chrome/content/rules/msgme.com.xml
+++ b/src/chrome/content/rules/msgme.com.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.msgme.com/ => https://www.msgme.com/: (51, "SSL: no alte
 	For other Waterfall International coverage, see waterfall.com.xml.
 
 -->
-<ruleset name="Msgme.com" default_off='failed ruleset test'>
+<ruleset name="Msgme.com" default_off="failed ruleset test">
 
 	<target host="msgme.com" />
 	<target host="www.msgme.com" />
diff --git a/src/chrome/content/rules/msgsafe.io.xml b/src/chrome/content/rules/msgsafe.io.xml
new file mode 100644
index 000000000000..ef0ba0b80582
--- /dev/null
+++ b/src/chrome/content/rules/msgsafe.io.xml
@@ -0,0 +1,20 @@
+<!--
+	Timeout:
+		- msgsafe.io
+-->
+<ruleset name="msgsafe.io">
+	<target host="msgsafe.io" />
+	<target host="www.msgsafe.io" />
+	<target host="api.msgsafe.io" />
+	<target host="api1.msgsafe.io" />
+	<target host="api2.msgsafe.io" />
+	<target host="api3.msgsafe.io" />
+	<target host="api4.msgsafe.io" />
+	<target host="chat.msgsafe.io" />
+	<target host="chat-lb1-us.msgsafe.io" />
+	<target host="help.msgsafe.io" />
+	<target host="sapi.msgsafe.io" />
+
+	<rule from="^http://msgsafe\.io/" to="https://www.msgsafe.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mshcdn.com.xml b/src/chrome/content/rules/mshcdn.com.xml
index 5b7e0697c44c..b4cbd77dafa9 100644
--- a/src/chrome/content/rules/mshcdn.com.xml
+++ b/src/chrome/content/rules/mshcdn.com.xml
@@ -37,7 +37,7 @@
 		<test url="http://rack.2.mshcdn.com/media/" />
 	<target host="rack.3.mshcdn.com" />
 		<test url="http://rack.3.mshcdn.com/media/" />
-	
+
 	<target host="amz.mshcdn.com" />
 		<test url="http://amz.mshcdn.com/media/" />
 	<target host="a.amz.mshcdn.com" />
diff --git a/src/chrome/content/rules/msl24.de.xml b/src/chrome/content/rules/msl24.de.xml
new file mode 100644
index 000000000000..5d73ed37faf5
--- /dev/null
+++ b/src/chrome/content/rules/msl24.de.xml
@@ -0,0 +1,10 @@
+<ruleset name="msl24.de">
+
+	<target host="msl24.de" />
+	<target host="www.msl24.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/msu.edu.xml b/src/chrome/content/rules/msu.edu.xml
index f7e03ef3096d..9001693b7185 100644
--- a/src/chrome/content/rules/msu.edu.xml
+++ b/src/chrome/content/rules/msu.edu.xml
@@ -18,18 +18,18 @@
 	<target host="spartanspiritshop.msu.edu" />
 	<target host="techstore.msu.edu" />
 	<target host="shop.union.msu.edu" />
-	
-	<!-- 
+
+	<!--
 		several subdomains do not have a certificate or their certificates are
 			self-signed, so we have to exclude them from the ruleset.
-		
+
 		<exclusion pattern="^http://(?:grad|acadgov|trustees|president|provost|ur|rha)\." />
 		<exclusion pattern="^http://www\.(?:vprgs|vpfo|vps|canr)\." />
-		
+
 		Need to pull more exclusions from here:
-			https://www.msu.edu/about/thisismsu/board-admin/index.html 
+			https://www.msu.edu/about/thisismsu/board-admin/index.html
 	-->
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/mtel.ru.xml b/src/chrome/content/rules/mtel.ru.xml
index fbbd51c6c9b4..e415af40fb38 100644
--- a/src/chrome/content/rules/mtel.ru.xml
+++ b/src/chrome/content/rules/mtel.ru.xml
@@ -6,7 +6,7 @@ Fetch error: http://lk.mtel.ru/ => https://lk.mtel.ru/: (60, 'SSL certificate pr
 mtel.ru mismatch
 www.mtel.ru mismatch
 -->
-<ruleset name="mtel.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="mtel.ru (partial)" default_off="failed ruleset test">
 	<target host="lk.mtel.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/mtlbss.com.xml b/src/chrome/content/rules/mtlbss.com.xml
deleted file mode 100644
index 4b0c6a00be6e..000000000000
--- a/src/chrome/content/rules/mtlbss.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="mtlbss.com">
-	<target host="mtlbss.com" />
-	<target host="www.mtlbss.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/mts.ru.xml b/src/chrome/content/rules/mts.ru.xml
index c0ed1591ada1..fee4c5aea3cd 100644
--- a/src/chrome/content/rules/mts.ru.xml
+++ b/src/chrome/content/rules/mts.ru.xml
@@ -42,7 +42,7 @@
 	Mixed content:
 
 		- Image, on:
-		
+
 			- cloud from static.cloud.mts.ru.s3.amazonaws.com
 			- www from static.mts.ru
 
diff --git a/src/chrome/content/rules/mtswelding.co.uk.xml b/src/chrome/content/rules/mtswelding.co.uk.xml
index a818d8e786df..b0f7fbc1f3e6 100644
--- a/src/chrome/content/rules/mtswelding.co.uk.xml
+++ b/src/chrome/content/rules/mtswelding.co.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.mtswelding.co.uk/wp-content/plugins/sitemap/css/page-lis
 	www.mtswelding.co.uk: Mismatched
 
 -->
-<ruleset name="MTS Welding.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="MTS Welding.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/mtt.ru.xml b/src/chrome/content/rules/mtt.ru.xml
index faf7f42bad1b..35bbfec52e3d 100644
--- a/src/chrome/content/rules/mtt.ru.xml
+++ b/src/chrome/content/rules/mtt.ru.xml
@@ -12,7 +12,7 @@ uis.mtt.ru timed out
 mil.mtt.ru self signed
 magic.mtt.ru nonexist
 -->
-<ruleset name="mtt.ru" default_off='failed ruleset test'>
+<ruleset name="mtt.ru" default_off="failed ruleset test">
 	<target host="mtt.ru" />
 	<target host="www.mtt.ru" />
 	<target host="business.mtt.ru" />
diff --git a/src/chrome/content/rules/mtv.com.xml b/src/chrome/content/rules/mtv.com.xml
new file mode 100644
index 000000000000..14d3dc5c82be
--- /dev/null
+++ b/src/chrome/content/rules/mtv.com.xml
@@ -0,0 +1,378 @@
+<!--
+	Invalid certificate:
+		allaccess.mtv.com
+		relaunch.api.mtv.com
+		staging.relaunch.api.mtv.com
+		arianagrande.mtv.com
+		artbreaks.mtv.com
+		exodus.artists.mtv.com
+		connect.artists-community.mtv.com
+		at.mtv.com
+		awkward.mtv.com
+		bestnewartist.mtv.com
+		buzzworthy.mtv.com
+		connect.mtv.com
+		demilovato.mtv.com
+		ema-twittertracker.mtv.com
+		email.mtv.com
+		b.email.mtv.com
+		f.email.mtv.com
+		m.email.mtv.com
+		reg.email.mtv.com
+		exodus.mtv.com
+		hottest.mtv.com
+		images1.mtv.com
+		images3.mtv.com
+		images4.mtv.com
+		lyncdiscover.mtv.com
+		ma-twittertracker.mtv.com
+		miley.mtv.com
+		mtv2.mtv.com
+		music.mtv.com
+		news.mtv.com
+		ohlove.mtv.com
+		outin60.mtv.com
+		pioneers.mtv.com
+		plainjane.mtv.com
+		push.mtv.com
+		relaunch-search.mtv.com
+		ruleswitcher.mtv.com
+		safesext.mtv.com
+		sc.mtv.com
+		exodus.shop.mtv.com
+		sip.mtv.com
+		socialvote.mtv.com
+		songofsummer.mtv.com
+		strike.mtv.com
+		cdn.style.mtv.com
+		summertweets.mtv.com
+		topdeck.mtv.com
+		torikelly.mtv.com
+		townhall-twittertracker.mtv.com
+		tweettracker.mtv.com
+		twittertracker.mtv.com
+		topspin-stage.video.mtv.com
+		vmacreate-app.mtv.com
+		vmas.mtv.com
+		vmavote.mtv.com
+		worldstage.mtv.com
+
+	Redirect to HTTP:
+		articles.mtv.com
+		lgbt.mtv.com
+		mama.mtv.com
+		toyota.mtv.com
+		www.toyota.mtv.com
+		vmasweepstakes.mtv.com
+		whiteness.mtv.com
+		www.whiteness.mtv.com
+
+	Refused:
+		feeds.mtv.com
+
+	Time out:
+		origin.www.mtv.com
+		origin.api.mtv.com
+		origin.relaunch.api.mtv.com
+		artists.mtv.com
+		www.artists.mtv.com
+		artistsupport.mtv.com
+		amfam.mtv.com
+		auth.mtv.com
+		backstagepass.mtv.com
+		clutch.mtv.com
+		code.mtv.com
+		codysimpson.mtv.com
+		community.mtv.com
+		covermoment.mtv.com
+		dance.mtv.com
+		discovergreat.mtv.com
+		edonor.mtv.com
+		election.mtv.com
+		c.mx.email.mtv.com
+		d.mx.email.mtv.com
+		a.ns.email.mtv.com
+		b.ns.email.mtv.com
+		e.ns.email.mtv.com
+		f.ns.email.mtv.com
+		fanta.mtv.com
+		ffbonus.mtv.com
+		www.ffbonus.mtv.com
+		gamedrop.mtv.com
+		gamedropblog.mtv.com
+		geek.mtv.comom
+		geek-news.mtv.com
+		gorillaz.mtv.com
+		guycodeblog.mtv.com
+		hatsblog.mtv.com
+		headbangersblog.mtv.com
+		hollywoodcrush.mtv.com
+		jerseyshore.mtv.com
+		jp.mtv.com
+		labsblog.mtv.com
+		mail01.mtv.com
+		mail02.mtv.com
+		mail03.mtv.com
+		mail04.mtv.com
+		mail10.mtv.com
+		mail11.mtv.com
+		mailw.mtv.com
+		movies.mtv.com
+		www.movies.mtv.com
+		moviesblog.mtv.com
+		msg.mtv.com
+		mtvawards.mtv.com
+		mtvblog.mtv.com
+		mtvshop.mtv.com
+		multiplayerblog.mtv.c
+		newsroom.mtv.com
+		northpalmwrestling.mtv.com
+		o.mtv.com
+		posting.mtv.com
+		rapfix.mtv.com
+		remotecontrol.mtv.com
+		ridicbonus.mtv.com
+		www.ridicbonus.mtv.com
+		splashpage.mtv.com
+		store.mtv.com
+		style.mtv.com
+		suckerfreeblog.mtv.com
+		tld_jcpenney.mtv.com
+		think.mtv.com
+		tj.mtv.com
+		vmatimeline.mtv.com
+		webplex.mtv.com
+		www2.mtv.com
+		xbox.mtv.com
+		youarehereblog.mtv.com
+		your.mtv.com
+		yourhere.mtv.com
+		yourhereblog.mtv.com
+
+	Unreachable:
+		appqa.mtv.com
+		artists-community.mtv.com
+		qa.mtv.com
+		verticals.mtv.com
+-->
+<ruleset name="mtv.com">
+	<target host="mtv.com" />
+	<target host="www.mtv.com" />
+	<target host="16andpregnant.mtv.com" />
+	<target host="www.16andpregnant.mtv.com" />
+	<target host="16andrecovering.mtv.com" />
+	<target host="www.16andrecovering.mtv.com" />
+	<target host="2020code.mtv.com" />
+	<target host="www.2020code.mtv.com" />
+	<target host="act.mtv.com" />
+	<target host="staging.api.mtv.com" />
+	<target host="artistontherise-vote.mtv.com" />
+	<target host="artisttool.mtv.com" />
+	<target host="buckwild.mtv.com" />
+	<target host="www.buckwild.mtv.com" />
+	<target host="buschfamilybrewed.mtv.com" />
+	<target host="www.buschfamilybrewed.mtv.com" />
+	<target host="casting.mtv.com" />
+	<target host="www.casting.mtv.com" />
+	<target host="castingcalls.mtv.com" />
+	<target host="www.castingcalls.mtv.com" />
+	<target host="catfish.mtv.com" />
+	<target host="www.catfish.mtv.com" />
+	<target host="catfishthetvshow.mtv.com" />
+	<target host="www.catfishthetvshow.mtv.com" />
+	<target host="challenge.mtv.com" />
+	<target host="www.challenge.mtv.com" />
+	<target host="change.mtv.com" />
+	<target host="class.mtv.com" />
+	<target host="clubmtv.mtv.com" />
+	<target host="www.clubmtv.mtv.com" />
+	<target host="comingsoon.mtv.com" />
+	<target host="www.comingsoon.mtv.com" />
+	<target host="conversationsincontext.mtv.com" />
+	<target host="www.conversationsincontext.mtv.com" />
+	<target host="cosign.mtv.com" />
+	<target host="ctsgettingmarried.mtv.com" />
+	<target host="www.ctsgettingmarried.mtv.com" />
+	<target host="dancesfromthahood.mtv.com" />
+	<target host="decoded.mtv.com" />
+	<target host="www.decoded.mtv.com" />
+	<target host="deliciousness.mtv.com" />
+	<target host="www.deliciousness.mtv.com" />
+	<target host="doubleshot.mtv.com" />
+	<target host="www.doubleshot.mtv.com" />
+	<target host="doubleshotatlove.mtv.com" />
+	<target host="www.doubleshotatlove.mtv.com" />
+	<target host="dream.mtv.com" />
+	<target host="ednstest.mtv.com" />
+	<target host="ema.mtv.com" />
+	<target host="enough.mtv.com" />
+	<target host="exonthebeach.mtv.com" />
+	<target host="www.exonthebeach.mtv.com" />
+	<target host="extragum.mtv.com" />
+	<target host="familiesofthemafia.mtv.com" />
+	<target host="www.familiesofthemafia.mtv.com" />
+	<target host="family.mtv.com" />
+	<target host="familytofamily.mtv.com" />
+	<target host="files.mtv.com" />
+	  <test url="http://files.mtv.com/rules/Toyota_sweepstakes_rules_2019.pdf" />
+	<target host="firstdateout.mtv.com" />
+	<target host="floribamashore.mtv.com" />
+	<target host="www.floribamashore.mtv.com" />
+	<target host="gameofclones.mtv.com" />
+	<target host="www.gameofclones.mtv.com" />
+	<target host="ghosted.mtv.com" />
+	<target host="www.ghosted.mtv.com" />
+	<target host="ghostedcasting.mtv.com" />
+	<target host="www.ghostedcasting.mtv.com" />
+	<target host="ghostedlovegonemissing.mtv.com" />
+	<target host="www.ghostedlovegonemissing.mtv.com" />
+	<target host="guys.mtv.com" />
+	<target host="hangout.mtv.com" />
+	<target host="www.hangout.mtv.com" />
+	<target host="hangoutfest.mtv.com" />
+	<target host="www.hangoutfest.mtv.com" />
+	<target host="hangoutfestival.mtv.com" />
+	<target host="www.hangoutfestival.mtv.com" />
+	<target host="hero.mtv.com" />
+	<target host="howfaristattoofar.mtv.com" />
+	<target host="immigration.mtv.com" />
+	<target host="www.immigration.mtv.com" />
+	<target host="www.iwantmymusic.mtv.com" />
+	<target host="iwd.mtv.com" />
+	<target host="katyperry.pepsi.mtv.com" />
+	<target host="lgbtq.mtv.com" />
+	<target host="lindsaylohan.mtv.com" />
+	<target host="www.lindsaylohan.mtv.com" />
+	<target host="lindsaylohanbeachclub.mtv.com" />
+	<target host="www.lindsaylohanbeachclub.mtv.com" />
+	<target host="m.mtv.com" />
+	<target host="madeinstatenisland.mtv.com" />
+	<target host="www.madeinstatenisland.mtv.com" />
+	<target host="mb.mtv.com" />
+	<target host="metoo.mtv.com" />
+	<target host="mlk.mtv.com" />
+	<target host="mms.mtv.com" />
+	<target host="www.mms.mtv.com" />
+	<target host="mom.mtv.com" />
+	<target host="movieandtvawards.mtv.com" />
+	<target host="movieawards.mtv.com" />
+	<target host="movieoftheyear.mtv.com" />
+	<target host="movietvawards.mtv.com" />
+	<target host="mtva.mtv.com" />
+	<target host="mtvbingo.mtv.com" />
+	<target host="www.mtvbingo.mtv.com" />
+	<target host="mtvfloribamashore.mtv.com" />
+	<target host="www.mtvfloribamashore.mtv.com" />
+	<target host="mtvnewspresents.mtv.com" />
+	<target host="www.mtvnewspresents.mtv.com" />
+	<target host="mtvspecials.mtv.com" />
+	<target host="www.mtvspecials.mtv.com" />
+	<target host="mtvunplugged.mtv.com" />
+	<target host="www.mtvunplugged.mtv.com" />
+	<target host="mwvidcon.mtv.com" />
+	<target host="neda.mtv.com" />
+	<target host="newbeginnings.mtv.com" />
+	<target host="www.newbeginnings.mtv.com" />
+	<target host="onelovemanchester.mtv.com" />
+	<target host="pepsi.mtv.com" />
+	<target host="www.pepsi.mtv.com" />
+	<target host="pride.mtv.com" />
+	<target host="prize.mtv.com" />
+	<target host="www.prize.mtv.com" />
+	<target host="prom.mtv.com" />
+	<target host="race.mtv.com" />
+	<target host="realitycon.mtv.com" />
+	<target host="realworldrealissues.mtv.com" />
+	<target host="reeses.mtv.com" />
+	<target host="register.mtv.com" />
+	<target host="remix.mtv.com" />
+	<target host="revengeprank.mtv.com" />
+	<target host="www.revengeprank.mtv.com" />
+	<target host="ridiculousness.mtv.com" />
+	<target host="www.ridiculousness.mtv.com" />
+	<target host="saveourmom.mtv.com" />
+	<target host="saveourmoms.mtv.com" />
+	<target host="scan.mtv.com" />
+	<target host="scan2.mtv.com" />
+	<target host="shop.mtv.com" />
+	<target host="www.shop.mtv.com" />
+	<target host="shortcircuitz.mtv.com" />
+	<target host="simplemobile.mtv.com" />
+	<target host="www.simplemobile.mtv.com" />
+	<target host="simplemobilefancam.mtv.com" />
+	<target host="www.simplemobilefancam.mtv.com" />
+	<target host="simplemobilewatchparty.mtv.com" />
+	<target host="www.simplemobilewatchparty.mtv.com" />
+	<target host="socialradar.mtv.com" />
+	<target host="soundon.mtv.com" />
+	<target host="www.soundon.mtv.com" />
+	<target host="specials.mtv.com" />
+	<target host="www.specials.mtv.com" />
+	<target host="springbreak.mtv.com" />
+	<target host="www.springbreak.mtv.com" />
+	<target host="ssc.mtv.com" />
+	<target host="stlouissuperman.mtv.com" />
+	<target host="www.stlouissuperman.mtv.com" />
+	<target host="takecontrol.mtv.com" />
+	<target host="www.takecontrol.mtv.com" />
+	<target host="tattoofar.mtv.com" />
+	<target host="teenmom2.mtv.com" />
+	<target host="www.teenmom2.mtv.com" />
+	<target host="teenmomyoungandpregnant.mtv.com" />
+	<target host="www.teenmomyoungandpregnant.mtv.com" />
+	<target host="teenmomyoungmomsclub.mtv.com" />
+	<target host="www.teenmomyoungmomsclub.mtv.com" />
+	<target host="thebuschfamilybrewed.mtv.com" />
+	<target host="www.thebuschfamilybrewed.mtv.com" />
+	<target host="thechallenge.mtv.com" />
+	<target host="www.thechallenge.mtv.com" />
+	<target host="thehillsnewbeginnings.mtv.com" />
+	<target host="www.thehillsnewbeginnings.mtv.com" />
+	<target host="therealcost.mtv.com" />
+	<target host="www.therealcost.mtv.com" />
+	<target host="www.topdeck.mtv.com" />
+	<target host="trans.mtv.com" />
+	<target host="translifeline.mtv.com" />
+	<target host="trl.mtv.com" />
+	<target host="trltop10.mtv.com" />
+	<target host="truelifecrime.mtv.com" />
+	<target host="www.truelifecrime.mtv.com" />
+	<target host="truelifenow.mtv.com" />
+	<target host="www.truelifenow.mtv.com" />
+	<target host="truelifepresentsquarantinestories.mtv.com" />
+	<target host="www.truelifepresentsquarantinestories.mtv.com" />
+	<target host="truelifequarantinestories.mtv.com" />
+	<target host="www.truelifequarantinestories.mtv.com" />
+	<target host="truth.mtv.com" />
+	<target host="www.truth.mtv.com" />
+	<target host="twix.mtv.com" />
+	<target host="www.twix.mtv.com" />
+	<target host="unplugged.mtv.com" />
+	<target host="www.unplugged.mtv.com" />
+	<target host="vma-twittertracker.mtv.com" />
+	<target host="virtual.mtv.com" />
+	<target host="vmacreate.mtv.com" />
+	<target host="www.vmacreate.mtv.com" />
+	<target host="vote.mtv.com" />
+	<target host="wakeupcall.mtv.com" />
+	<target host="www.wakeupcall.mtv.com" />
+	<target host="wap.mtv.com" />
+	<target host="watchparty.mtv.com" />
+	<target host="www.watchparty.mtv.com" />
+	<target host="watchpartylive.mtv.com" />
+	<target host="www.watchpartylive.mtv.com" />
+	<target host="whitiwore.mtv.com" />
+	<target host="women.mtv.com" />
+	<target host="woodie.mtv.com" />
+	<target host="woodies.mtv.com" />
+	<target host="woodiescosign.mtv.com" />
+	<target host="woodiesfestival.mtv.com" />
+	<target host="worldaidsday.mtv.com" />
+	<target host="www.xbox.mtv.com" />
+	<target host="youngandpregnant.mtv.com" />
+	<target host="www.youngandpregnant.mtv.com" />
+	<target host="youngmomsclub.mtv.com" />
+	<target host="www.youngmomsclub.mtv.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mtv.fi.xml b/src/chrome/content/rules/mtv.fi.xml
index be080203d449..638f2c746ced 100644
--- a/src/chrome/content/rules/mtv.fi.xml
+++ b/src/chrome/content/rules/mtv.fi.xml
@@ -32,7 +32,7 @@ Fetch error: http://s.mtv.fi/ => https://s.mtv.fi/: (6, 'Could not resolve host:
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="MTV.fi (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="MTV.fi (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="mtv.fi" />
 	<!--target host="admp-tc.mtv.fi" /-->
diff --git a/src/chrome/content/rules/mucommander.com.xml b/src/chrome/content/rules/mucommander.com.xml
new file mode 100644
index 000000000000..daa38cdbf41f
--- /dev/null
+++ b/src/chrome/content/rules/mucommander.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Time out:
+		apt.mucommander.com
+		ivy.mucommander.com
+		staging.mucommander.com
+		svn.mucommander.com
+		trac.mucommander.com
+-->
+<ruleset name="mucommander.com">
+	<target host="mucommander.com" />
+	<target host="www.mucommander.com" />
+
+	<rule from="^http://mucommander\.com/" to="https://www.mucommander.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mupen64plus.org.xml b/src/chrome/content/rules/mupen64plus.org.xml
new file mode 100644
index 000000000000..1ea813fa849c
--- /dev/null
+++ b/src/chrome/content/rules/mupen64plus.org.xml
@@ -0,0 +1,13 @@
+<!--
+        Invalid certificate:
+                autodiscover.mupen64plus.org
+                cpanel.mupen64plus.org
+                webdisk.mupen64plus.org
+                webmail.mupen64plus.org
+-->
+<ruleset name="mupen64plus.org">
+  <target host="mupen64plus.org" />
+  <target host="www.mupen64plus.org" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/muscache.com.xml b/src/chrome/content/rules/muscache.com.xml
new file mode 100644
index 000000000000..6234ff85353b
--- /dev/null
+++ b/src/chrome/content/rules/muscache.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="muscache.com">
+
+	<target host="a0.muscache.com" />
+	<target host="a1.muscache.com" />
+	<target host="a2.muscache.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/mutts.com.xml b/src/chrome/content/rules/mutts.com.xml
index 0b2465ab84b8..adace1494e05 100644
--- a/src/chrome/content/rules/mutts.com.xml
+++ b/src/chrome/content/rules/mutts.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.mutts.com/sites/default/files/css/css_a7lQP2XcNT8OtrLuoo
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="mutts.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="mutts.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="mutts.com" />
 	<target host="staging.mutts.com" />
diff --git a/src/chrome/content/rules/mycelium.com.xml b/src/chrome/content/rules/mycelium.com.xml
index 1417b6fef6fc..79bea014b66e 100644
--- a/src/chrome/content/rules/mycelium.com.xml
+++ b/src/chrome/content/rules/mycelium.com.xml
@@ -23,7 +23,7 @@ support.mycelium.com ¹
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="mycelium.com" default_off='failed ruleset test'>
+<ruleset name="mycelium.com" default_off="failed ruleset test">
 	<target host="mycelium.com" />
 	<target host="www.mycelium.com" />
 	<target host="card.mycelium.com" />
diff --git a/src/chrome/content/rules/mydrivers.com.xml b/src/chrome/content/rules/mydrivers.com.xml
new file mode 100644
index 000000000000..2034060769e1
--- /dev/null
+++ b/src/chrome/content/rules/mydrivers.com.xml
@@ -0,0 +1,21 @@
+<ruleset name="mydrivers.com">
+	<target host="mydrivers.com" />
+	<target host="www.mydrivers.com" />
+	<target host="11.mydrivers.com" />
+	<target host="blog.mydrivers.com" />
+	<target host="comment8.mydrivers.com" />
+	<target host="count.mydrivers.com" />
+	<target host="drivers.mydrivers.com" />
+	<target host="dt.mydrivers.com" />
+	<target host="hardware.mydrivers.com" />
+	<target host="icons.mydrivers.com" />
+	<target host="img1.mydrivers.com" />
+	<target host="m.mydrivers.com" />
+	<target host="news.mydrivers.com" />
+	<target host="pad.mydrivers.com" />
+	<target host="passport.mydrivers.com" />
+	<target host="so.mydrivers.com" />
+	<target host="viewpoint.mydrivers.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myneighborsushicat.com.xml b/src/chrome/content/rules/myneighborsushicat.com.xml
new file mode 100644
index 000000000000..7c62d0fc7571
--- /dev/null
+++ b/src/chrome/content/rules/myneighborsushicat.com.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		ns1.myneighborsushicat.com
+		ns2.myneighborsushicat.com
+-->
+<ruleset name="myneighborsushicat.com">
+	<target host="myneighborsushicat.com" />
+	<target host="www.myneighborsushicat.com" />
+	<target host="ampache.myneighborsushicat.com" />
+	<target host="www.ampache.myneighborsushicat.com" />
+	<target host="cant-even-handle-the-club.myneighborsushicat.com" />
+	<target host="www.cant-even-handle-the-club.myneighborsushicat.com" />
+	<target host="danceswithkittens.myneighborsushicat.com" />
+	<target host="www.danceswithkittens.myneighborsushicat.com" />
+	<target host="mail.myneighborsushicat.com" />
+	<target host="quas-wex-quas-invoke.myneighborsushicat.com" />
+	<target host="www.quas-wex-quas-invoke.myneighborsushicat.com" />
+	<target host="server.myneighborsushicat.com" />
+	<target host="sushibin.myneighborsushicat.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/mystar.org.uk.xml b/src/chrome/content/rules/mystar.org.uk.xml
deleted file mode 100644
index 1db1ae8d74c6..000000000000
--- a/src/chrome/content/rules/mystar.org.uk.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For other NHS coverage, see NHS.xml.
-
-
-	^mystar.org.uk does not exist.
-
--->
-<ruleset name="My Star.org.uk">
-
-	<target host="www.mystar.org.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/mytalkdesk.com.xml b/src/chrome/content/rules/mytalkdesk.com.xml
deleted file mode 100644
index f8189d113d60..000000000000
--- a/src/chrome/content/rules/mytalkdesk.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="mytalkdesk.com">
-	<target host=    "mytalkdesk.com" />
-	<target host=  "*.mytalkdesk.com" />
-
-  	<securecookie host="^.*\.mytalkdesk\.com$" name=".+" />
-
-	<!-- could not resolve host -->
-	<rule from="^http://mytalkdesk\.com/"
-		to="https://www.mytalkdesk.com/" />
-
-	<rule from="^http:" 
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/mytrinity.com.ua.xml b/src/chrome/content/rules/mytrinity.com.ua.xml
deleted file mode 100644
index 381a151ff86a..000000000000
--- a/src/chrome/content/rules/mytrinity.com.ua.xml
+++ /dev/null
@@ -1,46 +0,0 @@
-<!--
-frontend.mytrinity.com.ua ⁵
-ftp.mytrinity.com.ua ³
-hls.mytrinity.com.ua ²
-hotspot.mytrinity.com.ua ³
-iptv-stats.mytrinity.com.ua ³
-mail.mytrinity.com.ua ³
-mx.mytrinity.com.ua ³
-ns00.mytrinity.com.ua ³
-ns01.mytrinity.com.ua ³
-payments.mytrinity.com.ua ⁴
-smart-tv.mytrinity.com.ua ³
-sp1.mytrinity.com.ua ³
-stb.mytrinity.com.ua non-2xx http code
-stream.mytrinity.com.ua ³
-stream2.mytrinity.com.ua ³
-tv.mytrinity.com.ua ³
-video.mytrinity.com.ua ³
-vod0.mytrinity.com.ua ³
-vod1.mytrinity.com.ua ³
-vod2.mytrinity.com.ua ³
-vod3.mytrinity.com.ua ³
-vod4.mytrinity.com.ua ³
-vod5.mytrinity.com.ua ³
-vod7.mytrinity.com.ua ³
-vod8.mytrinity.com.ua ¹
-vod9.mytrinity.com.ua ³
-
-
-¹ mismatch
-² refused
-³ timed out
-⁴ self signed
-⁵ expired
--->
-<ruleset name="mytrinity.com.ua">
-	<target host="mytrinity.com.ua" />
-	<target host="www.mytrinity.com.ua" />
-	<target host="cab.mytrinity.com.ua" />
-	<target host="cds.mytrinity.com.ua" />
-	<target host="git.mytrinity.com.ua" />
-	<target host="smarttv.mytrinity.com.ua" />
-	<target host="smile.mytrinity.com.ua" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/mywinamp.com.xml b/src/chrome/content/rules/mywinamp.com.xml
new file mode 100644
index 000000000000..2a4d19ddd981
--- /dev/null
+++ b/src/chrome/content/rules/mywinamp.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Refused:
+		autodiscover.mywinamp.com
+		ftp.mywinamp.com
+-->
+<ruleset name="mywinamp.com">
+	<target host="mywinamp.com" />
+	<target host="www.mywinamp.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/myzuka.fm.xml b/src/chrome/content/rules/myzuka.fm.xml
index fde6de4bdd4e..1e724d78d6b7 100644
--- a/src/chrome/content/rules/myzuka.fm.xml
+++ b/src/chrome/content/rules/myzuka.fm.xml
@@ -40,7 +40,7 @@ Fetch error: http://cs9.myzuka.fm/ => https://cs9.myzuka.fm/: (51, "SSL: no alte
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Myzuka.fm" default_off='failed ruleset test'>
+<ruleset name="Myzuka.fm" default_off="failed ruleset test">
 
 	<target host="myzuka.fm" />
 	<target host="cs0.myzuka.fm" />
diff --git a/src/chrome/content/rules/n-tv.de.xml b/src/chrome/content/rules/n-tv.de.xml
index d9267333ec54..aca33a93a751 100644
--- a/src/chrome/content/rules/n-tv.de.xml
+++ b/src/chrome/content/rules/n-tv.de.xml
@@ -1,20 +1,36 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://n-tv.de/ => https://n-tv.de/: (7, 'Failed to connect to n-tv.de port 443: Connection refused')
-Fetch error: http://www.n-tv.de/ => https://www.n-tv.de/: Too many redirects while fetching 'https://www.n-tv.de/'
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="n-tv.de (partial)">
 
-	Mismatch:
-		- bilder[1-4]
-		- tools
+	<target host="n-tv.de" />
+	<target host="www.n-tv.de" />
+	<target host="access.n-tv.de" />
+	<target host="amp.n-tv.de" />
+	<target host="ampi.n-tv.de" />
+	<target host="apps.n-tv.de" />
+	<target host="apps-cloud.n-tv.de" />
+	<target host="arkadiumgames.n-tv.de" />
+	<target host="bilder.n-tv.de" />
+	<target host="bilder1.n-tv.de" />
+	<target host="bilder2.n-tv.de" />
+	<target host="bilder3.n-tv.de" />
+	<target host="bilder4.n-tv.de" />
+	<target host="firmen.n-tv.de" />
+	<target host="hbbtv.n-tv.de" />
+	<target host="images.n-tv.de" />
+	<target host="kommunikation.n-tv.de" />
+	<target host="kursdaten.n-tv.de" />
+	<target host="m.n-tv.de" />
+	<target host="maps.n-tv.de" />
+	<target host="mobil.n-tv.de" />
+	<target host="mobile.n-tv.de" />
+	<target host="preisvergleich.n-tv.de" />
+	<target host="stream.n-tv.de" />
+	<target host="tools.n-tv.de" />
+	<target host="tools2.n-tv.de" />
+	<target host="video.n-tv.de" />
 
-	Expired:
-		- hbbtv
--->
-<ruleset name="n-tv.de (partial)" platform="mixedcontent" default_off='failed ruleset test'>
-	<target host="n-tv.de"/>
-	<target host="www.n-tv.de"/>
+	<rule from="^http:" to="https:"/>
 
-	<rule from="^http:"
-		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/n210adserv.com.xml b/src/chrome/content/rules/n210adserv.com.xml
index afd3f169c29a..ee96727ea7a6 100644
--- a/src/chrome/content/rules/n210adserv.com.xml
+++ b/src/chrome/content/rules/n210adserv.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://www.n210adserv.com/ => https://www.n210adserv.com/: (28, 'Co
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="n210adserv.com" default_off='failed ruleset test'>
+<ruleset name="n210adserv.com" default_off="failed ruleset test">
 
 	<target host="n210adserv.com" />
 	<target host="www.n210adserv.com" />
diff --git a/src/chrome/content/rules/namibgrens.com.xml b/src/chrome/content/rules/namibgrens.com.xml
new file mode 100644
index 000000000000..0c6bedecf52a
--- /dev/null
+++ b/src/chrome/content/rules/namibgrens.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		ftp.namibgrens.com
+		imap.namibgrens.com
+		mail.namibgrens.com
+		pop.namibgrens.com
+		relay.namibgrens.com
+		smtp.namibgrens.com
+-->
+<ruleset name="namibgrens.com">
+	<target host="namibgrens.com" />
+	<target host="www.namibgrens.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/narcity.xml b/src/chrome/content/rules/narcity.xml
new file mode 100644
index 000000000000..c8389e4d2b62
--- /dev/null
+++ b/src/chrome/content/rules/narcity.xml
@@ -0,0 +1,11 @@
+<ruleset name="narcity.com">
+	<target host="narcity.com" />
+	<target host="*.narcity.com" />
+
+	<test url="http://travel.narcity.com/hotels/results/?city_id=800056409" />
+	<test url="http://market.narcity.com/password" />
+  <test url="http://www.narcity.com/u/2019/07/29/7a89228413aec39e61fd7e425d92cd8b.png" />
+
+  <rule from="^http:"
+          to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nasdaqtrader.com.xml b/src/chrome/content/rules/nasdaqtrader.com.xml
new file mode 100644
index 000000000000..be4437ff86f9
--- /dev/null
+++ b/src/chrome/content/rules/nasdaqtrader.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Nonfunctional subdomains:
+
+	Certificate mismatch:
+
+	beta.nasdaqtrader.com
+	classic.nasdaqtrader.com
+	ftp.nasdaqtrader.com
+	m.nasdaqtrader.com
+	tickpilotappendixb.nasdaqtrader.com
+-->
+
+<ruleset name="nasdaqtrader.com">
+	<target host="nasdaqtrader.com" />
+	<target host="www.nasdaqtrader.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nationalinterest.org.xml b/src/chrome/content/rules/nationalinterest.org.xml
index 2ec29d60583d..8047ca7f4d41 100644
--- a/src/chrome/content/rules/nationalinterest.org.xml
+++ b/src/chrome/content/rules/nationalinterest.org.xml
@@ -11,7 +11,7 @@
 		- css from $self ˢ
 
 		- Images, from:
-		
+
 			- ^nationalinterest.org ˢ
 			- $self ˢ
 
diff --git a/src/chrome/content/rules/naturedestinations.ca.xml b/src/chrome/content/rules/naturedestinations.ca.xml
new file mode 100644
index 000000000000..b6edf272f2ea
--- /dev/null
+++ b/src/chrome/content/rules/naturedestinations.ca.xml
@@ -0,0 +1,6 @@
+<ruleset name="naturedestinations.ca">
+	<target host="naturedestinations.ca" />
+	<target host="www.naturedestinations.ca" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/naver.com.xml b/src/chrome/content/rules/naver.com.xml
new file mode 100644
index 000000000000..fd1929e7becf
--- /dev/null
+++ b/src/chrome/content/rules/naver.com.xml
@@ -0,0 +1,31 @@
+<!--
+	For other Naver Corporation coverage, see Naver_Corp.com.xml.
+-->
+<ruleset name="naver.com">
+
+	<target host="naver.com" />
+	<target host="*.naver.com" />
+	
+	<test url="http://blog.naver.com/naver_diary/222239075265"/>
+	<test url="http://vibe.naver.com/track/41684117"/>
+	<test url="http://tv.naver.com/v/12898082"/>
+	<test url="http://finance.naver.com/item/main.nhn?code=005930"/>
+	<test url="http://serieson.naver.com/movie/detail.nhn?productNo=5843892"/>
+	<test url="http://cafe.naver.com/googlesupport/18030"/>
+	<test url="http://book.naver.com/bookdb/book_detail.nhn?bid=6252900"/>
+	<test url="http://series.naver.com/comic/detail.nhn?productNo=3918155"/>
+	<test url="http://privacy.naver.com/policy_and_law/policy?menu=policy_personal_information_policy"/>
+	<test url="http://map.naver.com/v5/search/%EA%B2%BD%EB%B3%B5%EA%B6%81/place/11571707"/>
+	<test url="http://en.dict.naver.com/#/entry/enko/712e9f142f194808aad4ccb25c40532e"/>
+	<test url="http://post.naver.com/viewer/postView.nhn?volumeNo=22165249"/>
+	<test url="http://academic.naver.com/article.naver?doc_id=420959127"/>
+	<test url="http://developers.naver.com/docs/papago/"/>
+	<test url="http://d2.naver.com/helloworld/1469717"/>
+	<test url="http://datalab.naver.com/local/trend.naver"/>
+	<test url="http://www.naver.com/NOTICE/read/1100001014/10000000000030670899"/>
+	<test url="http://movie.naver.com/movie/bi/mi/basic.nhn?code=10684"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ncar.cc.xml b/src/chrome/content/rules/ncar.cc.xml
deleted file mode 100644
index a4401a882f56..000000000000
--- a/src/chrome/content/rules/ncar.cc.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	MCB:
-		bbs.ncar.cc
-		beiyong.ncar.cc
--->
-
-<ruleset name="ncar.cc">
-
-	<target host="bbs.ncar.cc" />
-	<target host="beiyong.ncar.cc" />
-	<exclusion pattern="^http://(bbs|beiyong)\.ncar\.cc/$" />
-	<exclusion pattern="^http://(bbs|beiyong)\.ncar\.cc/[\w/-]+\.(html|php)" />
-		<test url="http://bbs.ncar.cc/forum-oumeijuji-1.html" />
-		<test url="http://bbs.ncar.cc/api/connect/like.php" />
-		<test url="http://bbs.ncar.cc/forum.php" />
-		<test url="http://bbs.ncar.cc/home.php" />
-		<test url="http://beiyong.ncar.cc/forum-oumeijuji-1.html" />
-		<test url="http://beiyong.ncar.cc/api/connect/like.php" />
-		<test url="http://beiyong.ncar.cc/forum.php" />
-		<test url="http://beiyong.ncar.cc/home.php" />
-
-	<target host="ncar.cc" />
-	<target host="www.ncar.cc" />
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ncrypt.in.xml b/src/chrome/content/rules/ncrypt.in.xml
deleted file mode 100644
index f3e62ce75157..000000000000
--- a/src/chrome/content/rules/ncrypt.in.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ncrypt.in">
-	<target host="ncrypt.in" />
-	<target host="www.ncrypt.in" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/nerdbacon.com.xml b/src/chrome/content/rules/nerdbacon.com.xml
new file mode 100644
index 000000000000..a135b9e72424
--- /dev/null
+++ b/src/chrome/content/rules/nerdbacon.com.xml
@@ -0,0 +1,30 @@
+<!--
+	Invalid certificate:
+		autoconfig.nerdbacon.com
+		ftp.nerdbacon.com
+		autoconfig.chat.nerdbacon.com
+		autoconfig.shop.nerdbacon.com
+
+	Redirect to HTTP:
+		admintalk.nerdbacon.com
+		www.admintalk.nerdbacon.com
+		at.nerdbacon.com
+		www.at.nerdbacon.com
+		chat.nerdbacon.com
+		www.chat.nerdbacon.com
+-->
+<ruleset name="nerdbacon.com">
+	<target host="nerdbacon.com" />
+	<target host="www.nerdbacon.com" />
+	<target host="autodiscover.nerdbacon.com" />
+	<target host="butthole.nerdbacon.com" />
+	<target host="www.butthole.nerdbacon.com" />
+	<target host="cpanel.nerdbacon.com" />
+	<target host="mail.nerdbacon.com" />
+	<target host="shop.nerdbacon.com" />
+	<target host="www.shop.nerdbacon.com" />
+	<target host="webdisk.nerdbacon.com" />
+	<target host="webmail.nerdbacon.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nero.com.xml b/src/chrome/content/rules/nero.com.xml
new file mode 100644
index 000000000000..483e11a33535
--- /dev/null
+++ b/src/chrome/content/rules/nero.com.xml
@@ -0,0 +1,170 @@
+<!--
+	Invalid certificate:
+		ftp12.de.nero.com
+		ftp13.de.nero.com
+		gw2.de.nero.com
+		gw3.de.nero.com
+		gw5.de.nero.com
+		adv.deu.nero.com
+		ftp10.deu.nero.com
+		ftp12.deu.nero.com
+		ftp13.deu.nero.com
+		ftp14.deu.nero.com
+		ftp25.deu.nero.com
+		nmf.deu.nero.com
+		rss.deu.nero.com
+		www.dellsyncup.nero.com
+		portal.dellsyncup.nero.com
+		www.portal.dellsyncup.nero.com
+		img.firststart.nero.com
+		video.firststart.nero.com
+		forum.nero.com
+		fslink.nero.com
+		www.kwikmedia.nero.com
+		metrics.nero.com
+		www.mediajet.nero.com
+		downloads.mobilesync.nero.com
+		secure.nero.com
+		tracker.nero.com
+		ftp.us.nero.com
+		ftp19.us.nero.com
+		ftp20.us.nero.com
+		ftp21.us.nero.com
+		adv.usw.nero.com
+		ftp3.usw.nero.com
+		ftp4.usw.nero.com
+		nmf.usw.nero.com
+		rss.usw.nero.com
+
+	Redirect to HTTP:
+		my.nero.com
+		forum.my.nero.com
+		nominatim.my.nero.com
+		tiles.my.nero.com
+
+	Refused:
+		gw1.cn.nero.com
+		gw2.cn.nero.com
+		gw1.de.nero.com
+		ftp10.de.nero.com
+		log.nero.com
+		mail.nero.com
+		mail1.nero.com
+		mail2.nero.com
+		mail5.nero.com
+		mail6.nero.com
+		news.nero.com
+		mail.news.nero.com
+		partner.nero.com
+		partners.nero.com
+		de.post.nero.com
+		shop.nero.com
+		shop2.nero.com
+		shopping.nero.com
+		stat.nero.com
+		tfn.nero.com
+		web3.nero.com
+		web12.nero.com
+		webshop.nero.com
+
+	Time out:
+		marabu.cn.nero.com
+		sparrow.cn.nero.com
+		cprm.nero.com
+		langdl.de.nero.com
+		marabu.de.nero.com
+		push.internal.nero.com
+		audials.internal.nero.com
+		serialcheck.internal.nero.com
+		status.internal.nero.com
+		sxx.internal.nero.com
+		ittest.nero.com
+		gw1.jp.nero.com
+		marabu.jp.nero.com
+		latest.kms.nero.com
+		new.kms.nero.com
+		test.kms.nero.com
+		gw1.us.nero.com
+		gw2.us.nero.com
+		marabu.us.nero.com
+		stage1.services.nero.com
+		wombat.nero.com
+-->
+<ruleset name="nero.com">
+	<target host="nero.com" />
+	<target host="www.nero.com" />
+	<target host="activation.nero.com" />
+	<target host="activation2.nero.com" />
+	<target host="adv.nero.com" />
+	<target host="apps.nero.com" />
+	<target host="askdb.nero.com" />
+	<target host="autodiscover.nero.com" />
+	<target host="cat.nero.com" />
+	<target host="dellsyncup.nero.com" />
+	<target host="dl9.nero.com" />
+	<target host="dl13.nero.com" />
+	<target host="dl14.nero.com" />
+	<target host="dl19.nero.com" />
+	<target host="dl20.nero.com" />
+	<target host="dl21.nero.com" />
+	<target host="dl25.nero.com" />
+	<target host="dla.nero.com" />
+	<target host="dla3.nero.com" />
+	<target host="dle.nero.com" />
+	<target host="firststart.nero.com" />
+	<target host="ftp.nero.com" />
+	<target host="ftp6.nero.com" />
+	<target host="ftp9.nero.com" />
+	<target host="ftp22.nero.com" />
+	<target host="ftpit.nero.com" />
+	<target host="ftpit2.nero.com" />
+	<target host="geoff.nero.com" />
+	<target host="geosj.nero.com" />
+	<target host="germansupport.nero.com" />
+	<target host="i2am.nero.com" />
+	<target host="iam.nero.com" />
+	<target host="install.nero.com" />
+	<target host="install10.nero.com" />
+	<target host="bamboo.internal.nero.com" />
+	<target host="build.internal.nero.com" />
+	<target host="crowd.internal.nero.com" />
+	<target host="nbf.internal.nero.com" />
+	<target host="stash.internal.nero.com" />
+	<target host="t1.internal.nero.com" />
+	<target host="kwikmedia.nero.com" />
+	<target host="kwikmedia2.nero.com" />
+	<target host="login.nero.com" />
+	<target host="login11.nero.com" />
+	<target host="m.nero.com" />
+	<target host="marabu.nero.com" />
+	<target host="mediajet.nero.com" />
+	<target host="nerolinux.nero.com" />
+	<target host="nmf.nero.com" />
+	<target host="onlineshop.nero.com" />
+	<target host="pluto.nero.com" />
+	<target host="portal.nero.com" />
+	<target host="productstore.nero.com" />
+	<target host="productstore2.nero.com" />
+	<target host="register.nero.com" />
+	<target host="rocketsync.nero.com" />
+	<target host="rss.nero.com" />
+	<target host="service.nero.com" />
+	<target host="store.nero.com" />
+	<target host="support.nero.com" />
+	<target host="update.nero.com" />
+	<target host="web1.nero.com" />
+	<target host="web2.nero.com" />
+	<target host="web5.nero.com" />
+	<target host="web7.nero.com" />
+	<target host="web14.nero.com" />
+	<target host="webcl.nero.com" />
+	<target host="webstatic.nero.com" />
+	<target host="wt1.nero.com" />
+	<target host="wt3.nero.com" />
+	<target host="wttest.nero.com" />
+	<target host="ww2.nero.com" />
+	<target host="www2.nero.com" />
+	<target host="wwww.nero.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nervomusic.com.xml b/src/chrome/content/rules/nervomusic.com.xml
new file mode 100644
index 000000000000..1d5cc86c9643
--- /dev/null
+++ b/src/chrome/content/rules/nervomusic.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ftp.nervomusic.com
+
+	Time out:
+		mailhost.nervomusic.com
+-->
+<ruleset name="nervomusic.com">
+	<target host="nervomusic.com" />
+	<target host="www.nervomusic.com" />
+	<target host="staging.nervomusic.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/net.cn.xml b/src/chrome/content/rules/net.cn.xml
index 9eab71db5a9c..a8873a63a2d9 100644
--- a/src/chrome/content/rules/net.cn.xml
+++ b/src/chrome/content/rules/net.cn.xml
@@ -26,13 +26,13 @@ Fetch error: http://www.net.cn/mail/ => https://www.net.cn/mail/: (28, 'Connecti
 	Mixed content:
 
 		- css, on:
-		
+
 			- www from g.alicdn.com ˢ
 			- www from cdn.hichinaimg.com ᵐ
 			- www from $self ˢ
 
 		- Images, on:
-		
+
 			- www from gtms0[1-4].alicdn.com ˢ
 			- www from $self ˢ
 
@@ -40,7 +40,7 @@ Fetch error: http://www.net.cn/mail/ => https://www.net.cn/mail/: (28, 'Connecti
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="net.cn (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="net.cn (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/netis.ru.xml b/src/chrome/content/rules/netis.ru.xml
index 95c96b6ea71c..db16f2788888 100644
--- a/src/chrome/content/rules/netis.ru.xml
+++ b/src/chrome/content/rules/netis.ru.xml
@@ -6,11 +6,10 @@ forum.netis.ru mismatch
 	<target host="netis.ru" />
 	<target host="www.netis.ru" />
 	<target host="stat.netis.ru" />
-	
+
 	<rule from="^http://netis\.ru/"
 		to="https://www.netis.ru/" />
-	
-	<test url="http://netis.ru/" />
+
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/netn.fi.xml b/src/chrome/content/rules/netn.fi.xml
new file mode 100644
index 000000000000..4f72d7087bc4
--- /dev/null
+++ b/src/chrome/content/rules/netn.fi.xml
@@ -0,0 +1,29 @@
+<!--
+	Mismatched:
+		- autoconfig
+		- 0.dev
+		- autodiscover.dev
+		- webmail.dev
+		- autodiscover.files
+		- webmail.files
+		- ftp
+		- uusi
+		- dev.uusi
+		- whm
+-->
+<ruleset name="netn.fi">
+	<target host="netn.fi" />
+	<target host="www.netn.fi" />
+	<target host="autodiscover.netn.fi" />
+	<target host="cpanel.netn.fi" />
+	<target host="dev.netn.fi" />
+	<target host="www.dev.netn.fi" />
+	<target host="files.netn.fi" />
+	<target host="www.files.netn.fi" />
+	<target host="kauppa.netn.fi" />
+	<target host="mail.netn.fi" />
+	<target host="webdisk.netn.fi" />
+	<target host="webmail.netn.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/netorn.ru.xml b/src/chrome/content/rules/netorn.ru.xml
deleted file mode 100644
index 2a3f32f15b84..000000000000
--- a/src/chrome/content/rules/netorn.ru.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-netorn.ru timed out
-www.netorn.ru timed out
-colo.netorn.ru mismatch
-forum.netorn.ru timed out
-my.netorn.ru timed out
--->
-<ruleset name="netorn.ru (partial)">
-	<target host="userstat.netorn.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/netsalesnetwork.com.xml b/src/chrome/content/rules/netsalesnetwork.com.xml
deleted file mode 100644
index e7bbe33a069b..000000000000
--- a/src/chrome/content/rules/netsalesnetwork.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="netsalesnetwork.com">
-
-	<target host="tr.netsalesnetwork.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/network-tools.com.xml b/src/chrome/content/rules/network-tools.com.xml
index a6fc8a74f0c0..caecf5574b1b 100644
--- a/src/chrome/content/rules/network-tools.com.xml
+++ b/src/chrome/content/rules/network-tools.com.xml
@@ -5,7 +5,7 @@ network-tools.com
 <ruleset name="network-tools.com">
   <target host="network-tools.com" />
   <target host="www.network-tools.com" /> <!-- redirects to root domain -->
-  
+
   <rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/netzclub.xml b/src/chrome/content/rules/netzclub.xml
index d049a9bb9d36..281b96405a6f 100644
--- a/src/chrome/content/rules/netzclub.xml
+++ b/src/chrome/content/rules/netzclub.xml
@@ -5,4 +5,4 @@
 
   <rule from="^http://(?:www\.)?netzclub\.net/" to="https://www.netzclub.net/"/>
   <rule from="^http://profil\.netzclub\.net/" to="https://profil.netzclub.net/"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/newkaliningrad.ru.xml b/src/chrome/content/rules/newkaliningrad.ru.xml
deleted file mode 100644
index 1b53f5dd4d8d..000000000000
--- a/src/chrome/content/rules/newkaliningrad.ru.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://m.newkaliningrad.ru/ => https://m.newkaliningrad.ru/: (6, 'Could not resolve host: m.newkaliningrad.ru')
-
--->
-<ruleset name="newkaliningrad.ru" default_off='failed ruleset test'>
-	<target host="newkaliningrad.ru" />
-	<target host="www.newkaliningrad.ru" />
-	<target host="m.newkaliningrad.ru" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/newpiratebay.co.uk.xml b/src/chrome/content/rules/newpiratebay.co.uk.xml
deleted file mode 100644
index 3098b029b966..000000000000
--- a/src/chrome/content/rules/newpiratebay.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="newpiratebay.co.uk">
-	<target host="newpiratebay.co.uk" />
-	<target host="www.newpiratebay.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/newsela.com.xml b/src/chrome/content/rules/newsela.com.xml
index a9b65ed37179..1080d3a81f20 100644
--- a/src/chrome/content/rules/newsela.com.xml
+++ b/src/chrome/content/rules/newsela.com.xml
@@ -1,57 +1,13 @@
-<!--
-	CDN buckets:
-
-		- newsela-test-files-f331e.s3.amazonaws.com
-
-
-	Nonfunctional hosts in *newsela.com:
-
-		- support ʰ
-
-	ʰ Zendesk / redirects to http
-
-
-	Problematic hosts in *newsela.com:
-
-		- static ᵐ
-
-	ᵐ Cloudfront / mismatched
-
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .newsela.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Newsela.com (partial)">
-
-	<!--	Direct rewrites:
-				-->
+<ruleset name="Newsela.com">
 	<target host="newsela.com" />
+	<target host="www.newsela.com" />
 	<target host="blog.newsela.com" />
 	<target host="e.newsela.com" />
-	<target host="www.newsela.com" />
-
-	<!--	Complications:
-				-->
 	<target host="static.newsela.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.newsela\.com$" name="^sessionid_v2$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://static\.newsela\.com/"
-		to="https://newsela-test-files-f331e.s3.amazonaws.com/" />
-
 		<test url="http://static.newsela.com/teachers/Newsela%E2%80%99s%20Summer%20Reading%20Challenge.pdf" />
+	<target host="support.newsela.com" />
 
-	<rule from="^http:"
-		to="https:" />
+	<securecookie host=".+" name=".+" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/nexedi.com.xml b/src/chrome/content/rules/nexedi.com.xml
new file mode 100644
index 000000000000..7d561528ee78
--- /dev/null
+++ b/src/chrome/content/rules/nexedi.com.xml
@@ -0,0 +1,94 @@
+<!--
+	Invalid certificate:
+		chat.nexedi.com
+		jabber.nexedi.com
+		mail.nexedi.com
+
+	Redirect to HTTP:
+		8marta2013.glavbukh.ru
+		den.glavbukh.ru
+
+	Refused:
+		backup.nexedi.com
+		frontend5.nexedi.com
+		frontend15.nexedi.com
+		frontend16.nexedi.com
+		frontend25.nexedi.com
+		octopus.nexedi.com
+		vibox.nexedi.com
+		vpn.nexedi.com
+		www.fr.nexedi.com
+		_jabber._tcp.nexedi.com
+		_xmpp-client._tcp.nexedi.com
+		_xmpp-server._tcp.nexedi.com
+
+	Time out:
+		conference.nexedi.com
+		dedibox.nexedi.com
+		demo.nexedi.com
+		frontend2.nexedi.com
+		frontend13.nexedi.com
+		frontend23.nexedi.com
+		frontend24.nexedi.com
+		frontend28.nexedi.com
+		mail2.nexedi.com
+		ns.nexedi.com
+		oasis.nexedi.com
+		aubox.oasis.nexedi.com
+		dls.oasis.nexedi.com
+		erp5devel.oasis.nexedi.com
+		kotoba.oasis.nexedi.com
+		jebox.oasis.nexedi.com
+		nexedi.oasis.nexedi.com
+		newredd.oasis.nexedi.com
+		redd.oasis.nexedi.com
+		reddcore.oasis.nexedi.com
+		rentalinux.oasis.nexedi.com
+		robox.oasis.nexedi.com
+		sebox.oasis.nexedi.com
+		tinyleon.oasis.nexedi.com
+		tsx.oasis.nexedi.com
+		portal.nexedi.com
+		sd-3173.nexedi.com
+		sd-3174.nexedi.com
+		sd-948.nexedi.com
+		voice.nexedi.com
+		vpn.voice.nexedi.com
+-->
+<ruleset name="nexedi.com">
+	<target host="nexedi.com" />
+	<target host="www.nexedi.com" />
+	<target host="caucase.nexedi.com" />
+	<target host="cloudooo.nexedi.com" />
+	<target host="cribjs.nexedi.com" />
+	<target host="erp5.nexedi.com" />
+	<target host="frontend1.nexedi.com" />
+	<target host="frontend3.nexedi.com" />
+	<target host="frontend9.nexedi.com" />
+	<target host="frontend10.nexedi.com" />
+	<target host="frontend14.nexedi.com" />
+	<target host="frontend26.nexedi.com" />
+	<target host="frontend27.nexedi.com" />
+	<target host="frontend29.nexedi.com" />
+	<target host="frontend30.nexedi.com" />
+	<target host="ielo01.nexedi.com" />
+	<target host="jio.nexedi.com" />
+	<target host="lab.nexedi.com" />
+	<target host="nayuos.nexedi.com" />
+	<target host="neo.nexedi.com" />
+	<target host="officejs.nexedi.com" />
+	<target host="osoe-project.nexedi.com" />
+	<target host="re6st.nexedi.com" />
+	<target host="renderjs.nexedi.com" />
+	<target host="shacache.nexedi.com" />
+	<target host="slapos.nexedi.com" />
+	<target host="stack.nexedi.com" />
+	<target host="support.nexedi.com" />
+	<target host="test.nexedi.com" />
+	<target host="webrunner.nexedi.com" />
+	<target host="wendelin.nexedi.com" />
+	<target host="www2.nexedi.com" />
+	<target host="zabbix.nexedi.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ngs.ru.xml b/src/chrome/content/rules/ngs.ru.xml
index 4804a21db78c..3ce5f45ad862 100644
--- a/src/chrome/content/rules/ngs.ru.xml
+++ b/src/chrome/content/rules/ngs.ru.xml
@@ -7,7 +7,7 @@ Fetch error: http://homes.ngs.ru/ => https://homes.ngs.ru/: Too many redirects w
 pogoda. redirect
 love. redirect
 news. redirect-->
-<ruleset name="ngs.ru" default_off='failed ruleset test'>
+<ruleset name="ngs.ru" default_off="failed ruleset test">
 	<target host="ngs.ru" />
 	<target host="www.ngs.ru" />
 	<target host="maps.ngs.ru" />
diff --git a/src/chrome/content/rules/nibusinessinfo.co.uk.xml b/src/chrome/content/rules/nibusinessinfo.co.uk.xml
index e6bc46c7eb57..e2af927771c1 100644
--- a/src/chrome/content/rules/nibusinessinfo.co.uk.xml
+++ b/src/chrome/content/rules/nibusinessinfo.co.uk.xml
@@ -19,7 +19,7 @@ Fetch error: http://admin.events.nibusinessinfo.co.uk/ => https://admin.events.n
 	ᵈ Dropped; preemptable redirect
 
 -->
-<ruleset name="nibusinessinfo.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="nibusinessinfo.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/nicchile.xml b/src/chrome/content/rules/nicchile.xml
new file mode 100644
index 000000000000..1d8bd2c472fb
--- /dev/null
+++ b/src/chrome/content/rules/nicchile.xml
@@ -0,0 +1,18 @@
+<!--
+   Other nic.cl websites should not be added to HTTPs everywhere
+   until infrastructure changes and testing validations.
+
+   For example
+     - blog.nic.cl and status.nic.cl are hosted in third-party servers
+     - arbitrajes.nic.cl is under restructuration
+-->
+<ruleset name="NIC Chile">
+	<target host="nic.cl" />
+	<target host="www.nic.cl" />
+	<target host="clientes.nic.cl" />
+
+	<securecookie host="^(www\.|clientes\.)?nic\.cl$" name=".+" />
+
+	<rule from="^http:"
+	        to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nieman.de.xml b/src/chrome/content/rules/nieman.de.xml
index 5f616f2052ce..56881ffcb025 100644
--- a/src/chrome/content/rules/nieman.de.xml
+++ b/src/chrome/content/rules/nieman.de.xml
@@ -4,10 +4,10 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://nieman.de/ => https://nieman.de/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="nieman.de" default_off='failed ruleset test'>
+<ruleset name="nieman.de" default_off="failed ruleset test">
         <target host="nieman.de" />
         <target host="nginx.nieman.de" />
 
         <rule from="^http:"
                 to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/nix.ru.xml b/src/chrome/content/rules/nix.ru.xml
new file mode 100644
index 000000000000..90142756a83c
--- /dev/null
+++ b/src/chrome/content/rules/nix.ru.xml
@@ -0,0 +1,179 @@
+<!--
+	Invalid certificate:
+		www.eda.nix.ru
+		www.garant.nix.ru
+		www.job.nix.ru
+		www.lab.nix.ru
+		www.rabota.nix.ru
+		virtualwww2.nix.ru
+
+	Refused:
+		cam12.nix.ru
+		cam13.nix.ru
+		cam14.nix.ru
+		contests.nix.ru
+		green.nix.ru
+		mail-region.nix.ru
+		mailing.nix.ru
+		voip.nix.ru
+
+	Too many redirects:
+		secure.nix.ru
+
+	Unreachable:
+		contests2.nix.ru
+		download.nix.ru
+		ftp.nix.ru
+		ftp2.nix.ru
+		mailgw.nix.ru
+		netp.nix.ru
+		ns2.nix.ru
+-->
+<ruleset name="nix.ru">
+	<target host="nix.ru" />
+	<target host="www.nix.ru" />
+	<target host="arzamas.nix.ru" />
+	<target host="astrahan.nix.ru" />
+	<target host="balashiha.nix.ru" />
+	<target host="belgorod.nix.ru" />
+	<target host="berezniki.nix.ru" />
+	<target host="bryansk.nix.ru" />
+	<target host="budennovsk.nix.ru" />
+	<target host="bugulma.nix.ru" />
+	<target host="cheboksary.nix.ru" />
+	<target host="chel.nix.ru" />
+	<target host="chehov.nix.ru" />
+	<target host="cher.nix.ru" />
+	<target host="chita.nix.ru" />
+	<target host="daminov.nix.ru" />
+	<target host="dengi.nix.ru" />
+	<target host="derbent.nix.ru" />
+	<target host="dolgopa.nix.ru" />
+	<target host="dubna.nix.ru" />
+	<target host="e-burg.nix.ru" />
+	<target host="eda.nix.ru" />
+	<target host="elabuga.nix.ru" />
+	<target host="elets.nix.ru" />
+	<target host="elista.nix.ru" />
+	<target host="elpina.nix.ru" />
+	<target host="home.nix.ru" />
+	<target host="huchny.nix.ru" />
+	<target host="garant.nix.ru" />
+	<target host="grozny.nix.ru" />
+	<target host="irkutsk.nix.ru" />
+	<target host="ishim.nix.ru" />
+	<target host="ivanovo.nix.ru" />
+	<target host="izhevsk.nix.ru" />
+	<target host="job.nix.ru" />
+	<target host="kachkanar.nix.ru" />
+	<target host="kaliningrad.nix.ru" />
+	<target host="kaluga.nix.ru" />
+	<target host="kamchatka.nix.ru" />
+	<target host="kasumkent.nix.ru" />
+	<target host="kazan.nix.ru" />
+	<target host="kemerovo.nix.ru" />
+	<target host="kineshma.nix.ru" />
+	<target host="kizlyar.nix.ru" />
+	<target host="korolev.nix.ru" />
+	<target host="kostroma.nix.ru" />
+	<target host="krasnodar.nix.ru" />
+	<target host="krasnogorsk.nix.ru" />
+	<target host="krasnoyarsk.nix.ru" />
+	<target host="kurchatov.nix.ru" />
+	<target host="kurgan.nix.ru" />
+	<target host="kursk.nix.ru" />
+	<target host="lab.nix.ru" />
+	<target host="lesosibirsk.nix.ru" />
+	<target host="lipetsk.nix.ru" />
+	<target host="livny.nix.ru" />
+	<target host="lyubertsy.nix.ru" />
+	<target host="m.nix.ru" />
+	<target host="magaramkent.nix.ru" />
+	<target host="max.nix.ru" />
+	<target host="muravlenko.nix.ru" />
+	<target host="murmansk.nix.ru" />
+	<target host="mytishchi.nix.ru" />
+	<target host="nabchelny.nix.ru" />
+	<target host="nalchik.nix.ru" />
+	<target host="nazran.nix.ru" />
+	<target host="nn.nix.ru" />
+	<target host="novokuzneck.nix.ru" />
+	<target host="novomichurinsk.nix.ru" />
+	<target host="novosibirsk.nix.ru" />
+	<target host="novotroitsk.nix.ru" />
+	<target host="novouralsk.nix.ru" />
+	<target host="ntagil.nix.ru" />
+	<target host="nvartovsk.nix.ru" />
+	<target host="obninsk.nix.ru" />
+	<target host="odincovo.nix.ru" />
+	<target host="omsk.nix.ru" />
+	<target host="orel.nix.ru" />
+	<target host="orenburg.nix.ru" />
+	<target host="oskol.nix.ru" />
+	<target host="pechora.nix.ru" />
+	<target host="perm.nix.ru" />
+	<target host="pk.nix.ru" />
+	<target host="pnz.nix.ru" />
+	<target host="podolsk.nix.ru" />
+	<target host="polaris.nix.ru" />
+	<target host="private.nix.ru" />
+	<target host="probki.nix.ru" />
+	<target host="pz.nix.ru" />
+	<target host="q.nix.ru" />
+	<target host="qm.nix.ru" />
+	<target host="rabota.nix.ru" />
+	<target host="ramenskoe.nix.ru" />
+	<target host="ref.nix.ru" />
+	<target host="romchuk.nix.ru" />
+	<target host="rossosh.nix.ru" />
+	<target host="rostov-na-donu.nix.ru" />
+	<target host="rubaev.nix.ru" />
+	<target host="ryazan.nix.ru" />
+	<target host="rybinsk.nix.ru" />
+	<target host="rzhev.nix.ru" />
+	<target host="salda.nix.ru" />
+	<target host="samara.nix.ru" />
+	<target host="saransk.nix.ru" />
+	<target host="saratov.nix.ru" />
+	<target host="sarov.nix.ru" />
+	<target host="search.nix.ru" />
+	<target host="segezha.nix.ru" />
+	<target host="serov.nix.ru" />
+	<target host="sevastopol.nix.ru" />
+	<target host="shuya.nix.ru" />
+	<target host="skopin.nix.ru" />
+	<target host="sp.nix.ru" />
+	<target host="spb.nix.ru" />
+	<target host="sochi.nix.ru" />
+	<target host="static.nix.ru" />
+	<target host="stavropol.nix.ru" />
+	<target host="support.nix.ru" />
+	<target host="syktyvkar.nix.ru" />
+	<target host="taganrog.nix.ru" />
+	<target host="tambov.nix.ru" />
+	<target host="testd.nix.ru" />
+	<target host="tolyatti.nix.ru" />
+	<target host="tomsk.nix.ru" />
+	<target host="tula.nix.ru" />
+	<target host="tumen.nix.ru" />
+	<target host="tver.nix.ru" />
+	<target host="ufa.nix.ru" />
+	<target host="uglich.nix.ru" />
+	<target host="ukhta.nix.ru" />
+	<target host="ul.nix.ru" />
+	<target host="ulan-ude.nix.ru" />
+	<target host="viluchinsk.nix.ru" />
+	<target host="vladikavkaz.nix.ru" />
+	<target host="vladivostok.nix.ru" />
+	<target host="volgograd.nix.ru" />
+	<target host="vologda.nix.ru" />
+	<target host="volzhsky.nix.ru" />
+	<target host="voronezh.nix.ru" />
+	<target host="web-front.nix.ru" />
+	<target host="yar.nix.ru" />
+	<target host="yola.nix.ru" />
+	<target host="zheleznogorsk.nix.ru" />
+	<target host="zhukovsky.nix.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nllapps.xml b/src/chrome/content/rules/nllapps.xml
index 652daed98355..adb78300816a 100644
--- a/src/chrome/content/rules/nllapps.xml
+++ b/src/chrome/content/rules/nllapps.xml
@@ -2,7 +2,7 @@
 
 	<target host="nllapps.com"/>
 	<target host="www.nllapps.com"/>
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/nltk.org.xml b/src/chrome/content/rules/nltk.org.xml
new file mode 100644
index 000000000000..c8089f07918c
--- /dev/null
+++ b/src/chrome/content/rules/nltk.org.xml
@@ -0,0 +1,26 @@
+<!--
+	Problematic subdomains:
+		nltk.org (certificate mismatch)
+
+	Invalid certificate:
+		build.nltk.org
+		ftp.nltk.org
+		mobilemail.nltk.org
+		pda.nltk.org
+		webmail.nltk.org
+		wiki.nltk.org
+
+	Time out:
+		e.nltk.org
+		imap.nltk.org
+		mail.nltk.org
+		pop.nltk.org
+		smtp.nltk.org
+-->
+<ruleset name="nltk.org">
+	<target host="nltk.org" />
+	<target host="www.nltk.org" />
+
+	<rule from="^http://nltk\.org/" to="https://www.nltk.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nlx.org.xml b/src/chrome/content/rules/nlx.org.xml
index fad60d3d5831..161ea19cf42d 100644
--- a/src/chrome/content/rules/nlx.org.xml
+++ b/src/chrome/content/rules/nlx.org.xml
@@ -53,7 +53,7 @@
 		<test url="http://png.nlx.org/content_ms/files/facebook.png" />
 
 	<rule from="^http://de\.nlx\.org/"
-		to="https://s3.amazonaws.com/de.nlx.org/" />
+		to="https://de.nlx.org/" />
 
 		<test url="http://de.nlx.org/logos/nlx-de-tag.gif" />
 
diff --git a/src/chrome/content/rules/nodeny-plus.com.ua.xml b/src/chrome/content/rules/nodeny-plus.com.ua.xml
index 6779fe3943b9..3402e843e6a4 100644
--- a/src/chrome/content/rules/nodeny-plus.com.ua.xml
+++ b/src/chrome/content/rules/nodeny-plus.com.ua.xml
@@ -9,7 +9,7 @@ www.nodeny-plus.com.ua ⁵
 
 ⁵ expired
 -->
-<ruleset name="nodeny-plus.com.ua (partial)" default_off='failed ruleset test'>
+<ruleset name="nodeny-plus.com.ua (partial)" default_off="failed ruleset test">
 	<target host="app.nodeny-plus.com.ua" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/northamptonshire.gov.uk.xml b/src/chrome/content/rules/northamptonshire.gov.uk.xml
index ff1d886bcfbb..ee950571890e 100644
--- a/src/chrome/content/rules/northamptonshire.gov.uk.xml
+++ b/src/chrome/content/rules/northamptonshire.gov.uk.xml
@@ -53,7 +53,7 @@ Fetch error: http://librarycatalogue.northamptonshire.gov.uk/ => https://library
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Northamptonshire.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Northamptonshire.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml b/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml
index 5c078569cb35..ae762e6979f2 100644
--- a/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml
+++ b/src/chrome/content/rules/northlincs.gov.uk-falsemixed.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://leisure.northlincs.gov.uk/ (200) => https://leisure.no
 	For rules not causing false/broken MCB, see northlincs.gov.uk.xml.
 
 -->
-<ruleset name="North Lincs.gov.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="North Lincs.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="leisure.northlincs.gov.uk" />
 
diff --git a/src/chrome/content/rules/notalways.xml b/src/chrome/content/rules/notalways.xml
deleted file mode 100644
index 1531433d861c..000000000000
--- a/src/chrome/content/rules/notalways.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<ruleset name="Not Always">
-	<target host="notalwaysright.com" />
-	<target host="www.notalwaysright.com" />
-
-	<target host="notalwaysworking.com" />
-	<target host="www.notalwaysworking.com" />
-
-	<target host="notalwaysromantic.com" />
-	<target host="www.notalwaysromantic.com" />
-
-	<target host="notalwaysrelated.com" />
-	<target host="www.notalwaysrelated.com" />
-
-	<target host="notalwayslearning.com" />
-	<target host="www.notalwayslearning.com" />
-
-	<target host="notalwaysfriendly.com" />
-	<target host="www.notalwaysfriendly.com" />
-
-	<target host="notalwayshopeless.com" />
-	<target host="www.notalwayshopeless.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/nottsbusinesswatch.co.uk.xml b/src/chrome/content/rules/nottsbusinesswatch.co.uk.xml
deleted file mode 100644
index 55cb3da95420..000000000000
--- a/src/chrome/content/rules/nottsbusinesswatch.co.uk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Notts Business Watch.co.uk">
-
-	<target host="nottsbusinesswatch.co.uk" />
-	<target host="www.nottsbusinesswatch.co.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/nousrandom.net.xml b/src/chrome/content/rules/nousrandom.net.xml
index 22a5f54c229c..50e134d9f912 100644
--- a/src/chrome/content/rules/nousrandom.net.xml
+++ b/src/chrome/content/rules/nousrandom.net.xml
@@ -5,7 +5,7 @@ Fetch error: http://nousrandom.net/ => https://nousrandom.net/: (60, 'SSL certif
 Fetch error: http://www.nousrandom.net/ => https://www.nousrandom.net/: (60, 'SSL certificate problem: self signed certificate')
 
 -->
-<ruleset name="NousRandom.net" default_off='failed ruleset test'>
+<ruleset name="NousRandom.net" default_off="failed ruleset test">
 
 	<target host="nousrandom.net" />
 	<target host="www.nousrandom.net" />
diff --git a/src/chrome/content/rules/novayagazeta.ru.xml b/src/chrome/content/rules/novayagazeta.ru.xml
index 7d2a299b4cac..5fa7d181777f 100644
--- a/src/chrome/content/rules/novayagazeta.ru.xml
+++ b/src/chrome/content/rules/novayagazeta.ru.xml
@@ -27,7 +27,7 @@ ys.novayagazeta.ru different content
 ² refused
 ³ timed out
 -->
-<ruleset name="novayagazeta.ru" default_off='failed ruleset test'>
+<ruleset name="novayagazeta.ru" default_off="failed ruleset test">
 	<target host="novayagazeta.ru" />
 	<target host="www.novayagazeta.ru" />
 	<target host="admin.novayagazeta.ru" />
diff --git a/src/chrome/content/rules/novo-ordo.com.xml b/src/chrome/content/rules/novo-ordo.com.xml
new file mode 100644
index 000000000000..c9c2ca29a477
--- /dev/null
+++ b/src/chrome/content/rules/novo-ordo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="novo-ordo.com">
+	<target host="novo-ordo.com" />
+	<target host="www.novo-ordo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nowybip.pl.xml b/src/chrome/content/rules/nowybip.pl.xml
new file mode 100644
index 000000000000..6e9cb700337c
--- /dev/null
+++ b/src/chrome/content/rules/nowybip.pl.xml
@@ -0,0 +1,8 @@
+<ruleset name="nowybip.pl (partial)">
+	<target host="nowybip.pl" />
+	<target host="www.nowybip.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/noxa.de.xml b/src/chrome/content/rules/noxa.de.xml
index 808e8e05b4db..d0cec61be838 100644
--- a/src/chrome/content/rules/noxa.de.xml
+++ b/src/chrome/content/rules/noxa.de.xml
@@ -5,7 +5,7 @@ Fetch error: http://admin.noxa.de/ => https://admin.noxa.de/: (28, 'Connection t
 Fetch error: http://webmail.noxa.de/ => https://webmail.noxa.de/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="noxa.de" default_off='failed ruleset test'>
+<ruleset name="noxa.de" default_off="failed ruleset test">
   <target host="noxa.de" />
   <target host="admin.noxa.de" />
   <target host="webmail.noxa.de" />
diff --git a/src/chrome/content/rules/npp.org.hk.xml b/src/chrome/content/rules/npp.org.hk.xml
index f3cd38f427b1..94be2d09e724 100644
--- a/src/chrome/content/rules/npp.org.hk.xml
+++ b/src/chrome/content/rules/npp.org.hk.xml
@@ -1,9 +1,9 @@
 <ruleset name="New People's Party">
-	
+
 	<target host="www.npp.org.hk" />
 	<target host="npp.org.hk" />
 
 	<rule from="^http:"
 	to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/nra.org-resources.xml b/src/chrome/content/rules/nra.org-resources.xml
index a9c846f7132e..aedc6511d67f 100644
--- a/src/chrome/content/rules/nra.org-resources.xml
+++ b/src/chrome/content/rules/nra.org-resources.xml
@@ -12,7 +12,7 @@ Fetch error: http://training.nra.org/images/bg_gray.jpg => https://training.nra.
 	and no mixed content secured.
 
 -->
-<ruleset name="NRA.org (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NRA.org (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="careers.nra.org" />
 	<target host="clubs.nra.org" />
diff --git a/src/chrome/content/rules/nra.org.xml b/src/chrome/content/rules/nra.org.xml
index 928d8b64db53..671c53afdc47 100644
--- a/src/chrome/content/rules/nra.org.xml
+++ b/src/chrome/content/rules/nra.org.xml
@@ -1,4 +1,9 @@
 <!--
+The following targets have been disabled at 2020-10-14 22:38:12:
+
+Fetch error: http://nra.org/ => https://nra.org/: (52, 'Empty reply from server')
+Fetch error: http://joinnra.nra.org/ => https://joinnra.nra.org/: (52, 'Empty reply from server')
+
 	For rules covering resources which do not secure
 	mixed content, see nra.org-resources.xml.
 
@@ -15,7 +20,6 @@
 		- nradefensefund.org.xml
 		- nrahq.org.xml
 		- nramemberservices.org.xml
-		- nranews.com.xml
 		- nrapvf.org.xml
 		- nraringoffreedom.com.xml
 		- nrarofcochairs.com.xml
@@ -50,7 +54,7 @@
 -->
 <ruleset name="NRA.org (partial)">
 
-	<target host="nra.org" />
+	<!-- target host="nra.org" /-->
 	<target host="benefits.nra.org" />
 	<!--target host="careers.nra.org" /-->
 	<!--target host="clubs.nra.org" /-->
@@ -61,7 +65,7 @@
 	<target host="gunsmithing.nra.org" />
 	<target host="home.nra.org" />
 	<!--target host="hservices.nra.org" /-->
-	<target host="joinnra.nra.org" />
+	<!-- target host="joinnra.nra.org" /-->
 	<!--target host="le.nra.org" /-->
 	<!--target host="mqp.nra.org" /-->
 	<target host="nrahqrange.nra.org" />
diff --git a/src/chrome/content/rules/nrafamily.org.xml b/src/chrome/content/rules/nrafamily.org.xml
index 3a4a41fd389c..0ac46f1c66e2 100644
--- a/src/chrome/content/rules/nrafamily.org.xml
+++ b/src/chrome/content/rules/nrafamily.org.xml
@@ -18,7 +18,7 @@ Fetch error: http://wmp.nrafamily.org/ => https://wmp.nrafamily.org/: (60, 'SSL
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="NRA Family.org" default_off='failed ruleset test'>
+<ruleset name="NRA Family.org" default_off="failed ruleset test">
 
 	<target host="nrafamily.org" />
 	<target host="wmp.nrafamily.org" />
diff --git a/src/chrome/content/rules/nrahq.org.xml b/src/chrome/content/rules/nrahq.org.xml
index a66bd5ba0d07..6d474cf58437 100644
--- a/src/chrome/content/rules/nrahq.org.xml
+++ b/src/chrome/content/rules/nrahq.org.xml
@@ -8,7 +8,7 @@ Fetch error: http://www.nrahq.org.org/ => https://www.nrahq.org.org/: (6, 'Could
 	For other National Rifle Association coverage, see nra.org.xml.
 
 -->
-<ruleset name="NRA HQ.org" default_off='failed ruleset test'>
+<ruleset name="NRA HQ.org" default_off="failed ruleset test">
 
 	<target host="nrahq.org.org" />
 	<target host="membership.nrahq.org.org" />
diff --git a/src/chrome/content/rules/nranews.com.xml b/src/chrome/content/rules/nranews.com.xml
deleted file mode 100644
index 50818ff86cb9..000000000000
--- a/src/chrome/content/rules/nranews.com.xml
+++ /dev/null
@@ -1,33 +0,0 @@
-<!--
-	For other National Rifle Association coverage, see nra.org.xml.
-
-
-	STS header includes includeSubdomains.
-
--->
-<ruleset name="NRA News.com">
-
-	<target host="nranews.com" />
-	<target host="*.nranews.com" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="^http://(?:[^./]+\.){2,}nranews\.com/" />
-			
-			<!--	+ve:
-					-->
-			<test url="http://this.host.nranews.com/" />
-			<test url="http://exists.not.nranews.com/" />
-
-		<test url="http://acdn1.nranews.com/uploads/production/series/logo/7/optimized/Speeches-35.png" />
-		<test url="http://scdn.nranews.com/load/0.0.5-a229a400/img/close.png" />
-		<test url="http://www.nranews.com/" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/nrostatic.com.xml b/src/chrome/content/rules/nrostatic.com.xml
index 755f9b4e5fa6..c8ff41af7e80 100644
--- a/src/chrome/content/rules/nrostatic.com.xml
+++ b/src/chrome/content/rules/nrostatic.com.xml
@@ -21,7 +21,7 @@ Fetch error: http://c9.nrostatic.com/ => https://c9.nrostatic.com/: Too many red
 	and no mixed content secured.
 
 -->
-<ruleset name="NRostatic.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="NRostatic.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="c0.nrostatic.com" />
 	<target host="c1.nrostatic.com" />
diff --git a/src/chrome/content/rules/nsis.ro.xml b/src/chrome/content/rules/nsis.ro.xml
index cb465441458c..2cd6a16910c7 100644
--- a/src/chrome/content/rules/nsis.ro.xml
+++ b/src/chrome/content/rules/nsis.ro.xml
@@ -23,4 +23,4 @@
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/nso.ru.xml b/src/chrome/content/rules/nso.ru.xml
index 88aff12edd6c..e277f75e447f 100644
--- a/src/chrome/content/rules/nso.ru.xml
+++ b/src/chrome/content/rules/nso.ru.xml
@@ -134,7 +134,7 @@ wso2.nso.ru different content
 ³ timed out
 ⁴ self signed
 -->
-<ruleset name="nso.ru" default_off='failed ruleset test'>
+<ruleset name="nso.ru" default_off="failed ruleset test">
 	<target host="nso.ru" />
 	<target host="www.nso.ru" />
 	<target host="123.nso.ru" />
diff --git a/src/chrome/content/rules/nspublieksprijs.nl.xml b/src/chrome/content/rules/nspublieksprijs.nl.xml
index 85c148f5327d..ff5edab75c3b 100644
--- a/src/chrome/content/rules/nspublieksprijs.nl.xml
+++ b/src/chrome/content/rules/nspublieksprijs.nl.xml
@@ -8,7 +8,7 @@ Fetch error: http://api.nspublieksprijs.nl/ => https://api.nspublieksprijs.nl/:
 		- nspublieksprijs.nl
 
 -->
-<ruleset name="NS Publieksprijs.nl" default_off='failed ruleset test'>
+<ruleset name="NS Publieksprijs.nl" default_off="failed ruleset test">
 
 	<target host="nspublieksprijs.nl" />
 	<target host="api.nspublieksprijs.nl" />
diff --git a/src/chrome/content/rules/ntkstatic.org.xml b/src/chrome/content/rules/ntkstatic.org.xml
deleted file mode 100644
index bb7e44204dbc..000000000000
--- a/src/chrome/content/rules/ntkstatic.org.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	522:
-		s.ntkstatic.org
--->
-
-<ruleset name="ntkstatic.org">
-
-	<target host="t.ntkstatic.org" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/numenta.com.xml b/src/chrome/content/rules/numenta.com.xml
index ffea8db94c78..237027fdb4dd 100644
--- a/src/chrome/content/rules/numenta.com.xml
+++ b/src/chrome/content/rules/numenta.com.xml
@@ -2,7 +2,7 @@
     <target host="numenta.com"/>
     <target host="www.numenta.com"/>
     <target host="ci.numenta.com"/>
-    
+
     <rule from="^http://(www\.)?numenta\.com/" to="https://numenta.com/"/>
     <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/nvaccess.org.xml b/src/chrome/content/rules/nvaccess.org.xml
new file mode 100644
index 000000000000..37bb303d3408
--- /dev/null
+++ b/src/chrome/content/rules/nvaccess.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="nvaccess.org">
+	<target host="nvaccess.org" />
+	<target host="certification.nvaccess.org" />
+	<!-- mismatch <target host="testwww.nvaccess.org" />   -->
+	<target host="www.nvaccess.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nypf.org.uk.xml b/src/chrome/content/rules/nypf.org.uk.xml
index 54de98f4a9aa..201306fbee90 100644
--- a/src/chrome/content/rules/nypf.org.uk.xml
+++ b/src/chrome/content/rules/nypf.org.uk.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.nypf.org.uk/ => https://www.nypf.org.uk/: (60, 'SSL cert
 		- www.nypf.org.uk
 
 -->
-<ruleset name="NYPF.org.uk" default_off='failed ruleset test'>
+<ruleset name="NYPF.org.uk" default_off="failed ruleset test">
 
 	<target host="nypf.org.uk" />
 	<target host="www.nypf.org.uk" />
diff --git a/src/chrome/content/rules/nytimes3xbfgragh.onion.xml b/src/chrome/content/rules/nytimes3xbfgragh.onion.xml
new file mode 100644
index 000000000000..80b5165c10af
--- /dev/null
+++ b/src/chrome/content/rules/nytimes3xbfgragh.onion.xml
@@ -0,0 +1,31 @@
+<!--
+	For more NY Times ruleset, see NYTimes.xml
+
+	Still under construction:
+		myaccount.nytimes3xbfgragh.onion
+
+	Different content http/https:
+		samizdat-graphql.nytimes3xbfgragh.onion
+
+-->
+<ruleset name="nytimes3xbfgragh.onion">
+
+	<target host="nytimes3xbfgragh.onion" />
+	<target host="www.nytimes3xbfgragh.onion" />
+	<target host="a.nytimes3xbfgragh.onion" />
+		<test url="http://a.nytimes3xbfgragh.onion/svc/nyt/data-layer" />
+	<target host="*.blogs.nytimes3xbfgragh.onion" />
+		<test url="http://lens.blogs.nytimes3xbfgragh.onion/" />
+		<test url="http://afterdeadline.blogs.nytimes3xbfgragh.onion/" />
+		<test url="http://open.blogs.nytimes3xbfgragh.onion/" />
+	<target host="cn.nytimes3xbfgragh.onion" />
+	<target host="et.nytimes3xbfgragh.onion" />
+	<target host="global.nytimes3xbfgragh.onion" />
+	<target host="graphics.nytimes3xbfgragh.onion" />
+		<test url="http://graphics.nytimes3xbfgragh.onion/subscriptions/components/img/icons/icons_gift.png" />
+	<target host="mobile.nytimes3xbfgragh.onion" />
+	<target host="tagx.nytimes3xbfgragh.onion" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/nzbget.net.xml b/src/chrome/content/rules/nzbget.net.xml
new file mode 100644
index 000000000000..0a269898376c
--- /dev/null
+++ b/src/chrome/content/rules/nzbget.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="nzbget.net">
+	<target host="nzbget.net" />
+	<target host="www.nzbget.net" />
+	<target host="forum.nzbget.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nzbs.org.xml b/src/chrome/content/rules/nzbs.org.xml
deleted file mode 100644
index 2ccb331aca2e..000000000000
--- a/src/chrome/content/rules/nzbs.org.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="nzbs.org">
-	<target host="nzbs.org" />
-	<target host="www.nzbs.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/nzlweb.com.xml b/src/chrome/content/rules/nzlweb.com.xml
new file mode 100644
index 000000000000..5e9e275f6e04
--- /dev/null
+++ b/src/chrome/content/rules/nzlweb.com.xml
@@ -0,0 +1,38 @@
+<!--
+	Invalid certificate:
+		ftp.nzlweb.com
+		localhost.nzlweb.com
+		autodiscover.aaron.nzlweb.com
+		autodiscover.hotlipzkaraoke.nzlweb.com
+		autodiscover.lewynz.nzlweb.com
+		autodiscover.mensa.nzlweb.com
+		autodiscover.minecraft.nzlweb.com
+		webmail.aaron.nzlweb.com
+		webmail.hotlipzkaraoke.nzlweb.com
+		webmail.lewynz.nzlweb.com
+		webmail.mensa.nzlweb.com
+		webmail.minecraft.nzlweb.com
+-->
+<ruleset name="nzlweb.com">
+	<target host="nzlweb.com" />
+	<target host="www.nzlweb.com" />
+	<target host="aaron.nzlweb.com" />
+	<target host="www.aaron.nzlweb.com" />
+	<target host="autodiscover.nzlweb.com" />
+	<target host="cpanel.nzlweb.com" />
+	<target host="cpcalendars.nzlweb.com" />
+	<target host="cpcontacts.nzlweb.com" />
+	<target host="hotlipzkaraoke.nzlweb.com" />
+	<target host="www.hotlipzkaraoke.nzlweb.com" />
+	<target host="lewynz.nzlweb.com" />
+	<target host="www.lewynz.nzlweb.com" />
+	<target host="mail.nzlweb.com" />
+	<target host="mensa.nzlweb.com" />
+	<target host="www.mensa.nzlweb.com" />
+	<target host="minecraft.nzlweb.com" />
+	<target host="www.minecraft.nzlweb.com" />
+	<target host="webdisk.nzlweb.com" />
+	<target host="webmail.nzlweb.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/nzpug.org.xml b/src/chrome/content/rules/nzpug.org.xml
index 065d1134f738..626047b8a18d 100644
--- a/src/chrome/content/rules/nzpug.org.xml
+++ b/src/chrome/content/rules/nzpug.org.xml
@@ -5,13 +5,13 @@ Fetch error: http://register.nzpug.org/ => https://register.nzpug.org/: (60, 'SS
 
     New Zealand Python User Group
 -->
-<ruleset name="nzpug.org" default_off='failed ruleset test'>
+<ruleset name="nzpug.org" default_off="failed ruleset test">
 
         <target host="nzpug.org" />
         <target host="www.nzpug.org" />
-        
+
         <target host="register.nzpug.org" />
 
         <rule from="^http:"
                 to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/nzwinesociety.co.nz.xml b/src/chrome/content/rules/nzwinesociety.co.nz.xml
deleted file mode 100644
index cd1e3f9ed9da..000000000000
--- a/src/chrome/content/rules/nzwinesociety.co.nz.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For other Woolworths coverage, see Woolworths.com.au.xml
-
-
-	Nonfunctional subdomains:
-
-		- promo		(mismatch hostname, CN: *.azurewebsites.net)
-		- www.wine	(mismatch hostname, CN: *.nzwinesociety.co.nz)
-
--->
-<ruleset name="New Zealand Wine Society">
-
-	<target host="nzwinesociety.co.nz" />
-	<target host="www.nzwinesociety.co.nz" />
-	<target host="staging.nzwinesociety.co.nz" />
-	<target host="uat.nzwinesociety.co.nz" />
-	<target host="wine.nzwinesociety.co.nz" />
-
-	<securecookie host="^www\.nzwinesociety\.co\.nz$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/oaklands.ac.uk.xml b/src/chrome/content/rules/oaklands.ac.uk.xml
index 479dbb7a90a5..fc688c0f61b6 100644
--- a/src/chrome/content/rules/oaklands.ac.uk.xml
+++ b/src/chrome/content/rules/oaklands.ac.uk.xml
@@ -45,7 +45,7 @@ Fetch error: http://proportal.oaklands.ac.uk/ => https://portal.oaklands.ac.uk/d
 	* Not all paths redirect
 
 -->
-<ruleset name="Oaklands.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Oaklands.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
@@ -66,7 +66,7 @@ Fetch error: http://proportal.oaklands.ac.uk/ => https://portal.oaklands.ac.uk/d
 		<exclusion pattern="^http://proportal\.oaklands\.ac\.uk/(?!/*(?:$|\?))" />
 
 			<!--	See blow respective rule for negative cases.
-				
+
 				+ve:
 					-->
 			<test url="http://proportal.oaklands.ac.uk/default.aspx" />
diff --git a/src/chrome/content/rules/objective.co.uk.xml b/src/chrome/content/rules/objective.co.uk.xml
index 582fa1a6d2df..b58bbdd792bc 100644
--- a/src/chrome/content/rules/objective.co.uk.xml
+++ b/src/chrome/content/rules/objective.co.uk.xml
@@ -28,7 +28,7 @@ Fetch error: http://swdp.objective.co.uk/ => https://swdp.objective.co.uk/: (51,
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Objective.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Objective.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="arun.objective.co.uk" />
 	<target host="arun-consult.objective.co.uk" />
diff --git a/src/chrome/content/rules/ocado.com.xml b/src/chrome/content/rules/ocado.com.xml
new file mode 100644
index 000000000000..84f50873a901
--- /dev/null
+++ b/src/chrome/content/rules/ocado.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="Ocado.com">
+
+	<target host="ocado.com" />
+	<target host="www.ocado.com" />
+	<target host="accounts.ocado.com" />
+
+	<rule from="^http:"
+		to="https:" />
+
+	<securecookie host=".+" name=".+" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/odessa.tv.xml b/src/chrome/content/rules/odessa.tv.xml
index 0780675bd911..7c5d274011f8 100644
--- a/src/chrome/content/rules/odessa.tv.xml
+++ b/src/chrome/content/rules/odessa.tv.xml
@@ -11,7 +11,7 @@ www.sana.odessa.tv ¹
 ¹ mismatch
 ⁴ self signed
 -->
-<ruleset name="odessa.tv" default_off='failed ruleset test'>
+<ruleset name="odessa.tv" default_off="failed ruleset test">
 	<target host="odessa.tv" />
 	<target host="www.odessa.tv" />
 	<target host="billing.odessa.tv" />
diff --git a/src/chrome/content/rules/ofsted.gov.uk.xml b/src/chrome/content/rules/ofsted.gov.uk.xml
index 090269e8a6db..d89ae2e2498b 100644
--- a/src/chrome/content/rules/ofsted.gov.uk.xml
+++ b/src/chrome/content/rules/ofsted.gov.uk.xml
@@ -39,7 +39,7 @@ Fetch error: http://www.mobile.learnerview.ofsted.gov.uk/ => https://www.mobile.
 		- .reports.ofsted.gov.uk
 
 -->
-<ruleset name="Ofsted.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Ofsted.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/ogcio.gov.hk.xml b/src/chrome/content/rules/ogcio.gov.hk.xml
new file mode 100644
index 000000000000..f26b04d31ae6
--- /dev/null
+++ b/src/chrome/content/rules/ogcio.gov.hk.xml
@@ -0,0 +1,24 @@
+<!--
+	For other HK government coverage, see GovHK.xml
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- ogcio.gov.hk
+
+		SSL peer certificate was not OK:
+		- eapps1.ogcio.gov.hk
+		- eapps2.ogcio.gov.hk
+		- twdc.ogcio.gov.hk
+		- wcdc.ogcio.gov.hk
+-->
+<ruleset name="Office of the Government Chief Information Officer">
+	<target host="ogcio.gov.hk" />
+	<target host="www.ogcio.gov.hk" />
+	<target host="www.als.ogcio.gov.hk" />
+
+	<rule from="^http://ogcio\.gov\.hk/"
+			to="https://www.ogcio.gov.hk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ohnopodcast.com.xml b/src/chrome/content/rules/ohnopodcast.com.xml
new file mode 100644
index 000000000000..bb780ea7f1f6
--- /dev/null
+++ b/src/chrome/content/rules/ohnopodcast.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="ohnopodcast.com">
+
+	<target host="ohnopodcast.com" />
+	<target host="www.ohnopodcast.com" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/okligatv.com.xml b/src/chrome/content/rules/okligatv.com.xml
deleted file mode 100644
index b529c70f40c6..000000000000
--- a/src/chrome/content/rules/okligatv.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="OKLigaTV.com">
-
-	<target host="okligatv.com" />
-	<target host="www.okligatv.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/oldbayproxy.eu.xml b/src/chrome/content/rules/oldbayproxy.eu.xml
deleted file mode 100644
index 75627c0fb0d4..000000000000
--- a/src/chrome/content/rules/oldbayproxy.eu.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="oldbayproxy.eu">
-	<target host="oldbayproxy.eu" />
-	<target host="www.oldbayproxy.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/oload.info.xml b/src/chrome/content/rules/oload.info.xml
deleted file mode 100644
index ba1a4493045f..000000000000
--- a/src/chrome/content/rules/oload.info.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="oload.info">
-	<target host="oload.info" />
-	<target host="www.oload.info" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/omniweb.ru.xml b/src/chrome/content/rules/omniweb.ru.xml
index c5de834060c0..f20bbdb861fb 100644
--- a/src/chrome/content/rules/omniweb.ru.xml
+++ b/src/chrome/content/rules/omniweb.ru.xml
@@ -8,7 +8,7 @@ www.omniweb.ru mismatch
 stsl.omniweb.ru nonexist
 t5.omniweb.ru mismatch
 -->
-<ruleset name="omniweb.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="omniweb.ru (partial)" default_off="failed ruleset test">
 	<target host="konchura.omniweb.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/oneandone.net.xml b/src/chrome/content/rules/oneandone.net.xml
new file mode 100644
index 000000000000..f04342a8c471
--- /dev/null
+++ b/src/chrome/content/rules/oneandone.net.xml
@@ -0,0 +1,29 @@
+<!--
+	For other United Internet coverage, see United-Internet.xml.
+
+	Invalid certificate:
+		- gw-ma-vpn.bs.kae.de.oneandone.net
+		- mirror-eu.oneandone.net
+		- mirror-us.oneandone.net
+		- vpn-us.oneandone.net
+
+	Timeout:
+		- oneandone.net
+		- www.oneandone.net
+		- ae-10-0.bb-a.fra3.fra.de.oneandone.net
+		- et-0-79.gw-nat.bs.kae.de.oneandone.net
+		- ge-3-2.gw-of-b.hs.kae.de.oneandone.net
+		- ae-11.gw-distp-a.bap.rhr.de.oneandone.net
+		- ae-1.gw-prtr-r231-a.bap.rhr.de.oneandone.net
+		- ae-1.gw-prtr-a0110-a.kw.nbz.fr.oneandone.net
+-->
+<ruleset name="oneandone.net">
+
+	<target host="mirror.eu.oneandone.net" />
+	<target host="mirror.us.oneandone.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/oneclickdigital.eu.xml b/src/chrome/content/rules/oneclickdigital.eu.xml
deleted file mode 100644
index 78598c6788e9..000000000000
--- a/src/chrome/content/rules/oneclickdigital.eu.xml
+++ /dev/null
@@ -1,180 +0,0 @@
-<!--
-	www.oneclickdigital.eu: 503
-
--->
-<ruleset name="OneClickdigital.eu (partial)">
-
-	<target host="*.oneclickdigital.eu" />
-
-		<!--	Not observed => behavior unknown:
-							-->
-		<exclusion pattern="^http://(?:[^./]+\.[^./]+|www)\.oneclickdigital\.eu/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.oneclickdigital.eu/" />
-			<test url="http://exists.not.oneclickdigital.eu/" />
-			<test url="http://www.oneclickdigital.eu/" />
-			<test url="http://www.oneclickdigital.eu/OCDpage.css" />
-
-		<test url="http://adelaidehills.oneclickdigital.eu/" />
-		<test url="http://albany.oneclickdigital.eu/" />
-		<test url="http://alburycity.oneclickdigital.eu/" />
-		<test url="http://amrshire.oneclickdigital.eu/" />
-		<test url="http://angus.oneclickdigital.eu/" />
-		<test url="http://barnet.oneclickdigital.eu/" />
-		<test url="http://bathurst.oneclickdigital.eu/" />
-		<test url="http://bayside.oneclickdigital.eu/" />
-		<test url="http://bedfordshire.oneclickdigital.eu/" />
-		<test url="http://birminghamcentral.oneclickdigital.eu/" />
-		<test url="http://blaenau.oneclickdigital.eu/" />
-		<test url="http://bolton.oneclickdigital.eu/" />
-		<test url="http://botanybay.oneclickdigital.eu/" />
-		<test url="http://bournemouth.oneclickdigital.eu/" />
-		<test url="http://bracknell.oneclickdigital.eu/" />
-		<test url="http://bridgend.oneclickdigital.eu/" />
-		<test url="http://bridgetown.oneclickdigital.eu/" />
-		<test url="http://brisbane.oneclickdigital.eu/" />
-		<test url="http://broome.oneclickdigital.eu/" />
-		<test url="http://bury.oneclickdigital.eu/" />
-		<test url="http://busselton.oneclickdigital.eu/" />
-		<test url="http://cambridgeshire.oneclickdigital.eu/" />
-		<test url="http://camden.oneclickdigital.eu/" />
-		<test url="http://camdenau.oneclickdigital.eu/" />
-		<test url="http://campaspe.oneclickdigital.eu/" />
-		<test url="http://canning.oneclickdigital.eu/" />
-		<test url="http://cardiff.oneclickdigital.eu/" />
-		<test url="http://carlow.oneclickdigital.eu/" />
-		<test url="http://centralwest.oneclickdigital.eu/" />
-		<test url="http://cheshirecounty.oneclickdigital.eu/" />
-		<test url="http://cityoflondon.oneclickdigital.eu/" />
-		<test url="http://cityofmelville.oneclickdigital.eu/" />
-		<test url="http://cityofnedlands.oneclickdigital.eu/" />
-		<test url="http://cityofnewcastle.oneclickdigital.eu/" />
-		<test url="http://cityofsubiaco.oneclickdigital.eu/" />
-		<test url="http://cityofswan.oneclickdigital.eu/" />
-		<test url="http://cityofunley.oneclickdigital.eu/" />
-		<test url="http://clarence.oneclickdigital.eu/" />
-		<test url="http://cnrl.oneclickdigital.eu/" />
-		<test url="http://coffsharbour.oneclickdigital.eu/" />
-		<test url="http://conwy.oneclickdigital.eu/" />
-		<test url="http://cornwall.oneclickdigital.eu/" />
-		<test url="http://cumbria.oneclickdigital.eu/" />
-		<test url="http://darlington.oneclickdigital.eu/" />
-		<test url="http://denbighshire.oneclickdigital.eu/" />
-		<test url="http://derbyshire.oneclickdigital.eu/" />
-		<test url="http://donegal.oneclickdigital.eu/" />
-		<test url="http://dundee.oneclickdigital.eu/" />
-		<test url="http://eastlothian.oneclickdigital.eu/" />
-		<test url="http://edinburgh.oneclickdigital.eu/" />
-		<test url="http://falkirk.oneclickdigital.eu/" />
-		<test url="http://fingal.oneclickdigital.eu/" />
-		<test url="http://flintshire.oneclickdigital.eu/" />
-		<test url="http://fremantle.oneclickdigital.eu/" />
-		<test url="http://gannawarra.oneclickdigital.eu/" />
-		<test url="http://gateshead.oneclickdigital.eu/" />
-		<test url="http://gladstone.oneclickdigital.eu/" />
-		<test url="http://glasgow.oneclickdigital.eu/" />
-		<test url="http://gleneira.oneclickdigital.eu/" />
-		<test url="http://goldfields.oneclickdigital.eu/" />
-		<test url="http://halton.oneclickdigital.eu/" />
-		<test url="http://hammersmith.oneclickdigital.eu/" />
-		<test url="http://haringey.oneclickdigital.eu/" />
-		<test url="http://harrowlibraries.oneclickdigital.eu/" />
-		<test url="http://hartlepool.oneclickdigital.eu/" />
-		<test url="http://herefordshire.oneclickdigital.eu/" />
-		<test url="http://hertfordshire.oneclickdigital.eu/" />
-		<test url="http://highcountry.oneclickdigital.eu/" />
-		<test url="http://highland.oneclickdigital.eu/" />
-		<test url="http://hillingdon.oneclickdigital.eu/" />
-		<test url="http://hurstville.oneclickdigital.eu/" />
-		<test url="http://iow.oneclickdigital.eu/" />
-		<test url="http://jersey.oneclickdigital.eu/" />
-		<test url="http://joondalup.oneclickdigital.eu/" />
-		<test url="http://kalgoorlie.oneclickdigital.eu/" />
-		<test url="http://kogarah.oneclickdigital.eu/" />
-		<test url="http://lambeth.oneclickdigital.eu/" />
-		<test url="http://lincolnshire.oneclickdigital.eu/" />
-		<test url="http://liverpoolau.oneclickdigital.eu/" />
-		<test url="http://llc.oneclickdigital.eu/" />
-		<test url="http://louth.oneclickdigital.eu/" />
-		<test url="http://mackayregional.oneclickdigital.eu/" />
-		<test url="http://mandurah.oneclickdigital.eu/" />
-		<test url="http://melton.oneclickdigital.eu/" />
-		<test url="http://midlothian.oneclickdigital.eu/" />
-		<test url="http://midnorthcoast.oneclickdigital.eu/" />
-		<test url="http://mildura.oneclickdigital.eu/" />
-		<test url="http://miltonkeynes.oneclickdigital.eu/" />
-		<test url="http://monash.oneclickdigital.eu/" />
-		<test url="http://monmouthshire.oneclickdigital.eu/" />
-		<test url="http://mooneevalley.oneclickdigital.eu/" />
-		<test url="http://moray.oneclickdigital.eu/" />
-		<test url="http://murrindindi.oneclickdigital.eu/" />
-		<test url="http://newcastle.oneclickdigital.eu/" />
-		<test url="http://noosa.oneclickdigital.eu/" />
-		<test url="http://norfolk.oneclickdigital.eu/" />
-		<test url="http://northayrshire.oneclickdigital.eu/" />
-		<test url="http://northeastlincolnshire.oneclickdigital.eu/" />
-		<test url="http://northerntablelands.oneclickdigital.eu/" />
-		<test url="http://northtyneside.oneclickdigital.eu/" />
-		<test url="http://northumberland.oneclickdigital.eu/" />
-		<test url="http://northyorkshire.oneclickdigital.eu/" />
-		<test url="http://nottinghamshire.oneclickdigital.eu/" />
-		<test url="http://oxfordshire.oneclickdigital.eu/" />
-		<test url="http://pembrokeshire.oneclickdigital.eu/" />
-		<test url="http://perthandkinross.oneclickdigital.eu/" />
-		<test url="http://peterborough.oneclickdigital.eu/" />
-		<test url="http://pittwater.oneclickdigital.eu/" />
-		<test url="http://poole.oneclickdigital.eu/" />
-		<test url="http://porthedland.oneclickdigital.eu/" />
-		<test url="http://rathdown.oneclickdigital.eu/" />
-		<test url="http://rochdale.oneclickdigital.eu/" />
-		<test url="http://rockdale.oneclickdigital.eu/" />
-		<test url="http://rotherham.oneclickdigital.eu/" />
-		<test url="http://salford.oneclickdigital.eu/" />
-		<test url="http://sandwell.oneclickdigital.eu/" />
-		<test url="http://scenicrim.oneclickdigital.eu/" />
-		<test url="http://scottishborders.oneclickdigital.eu/" />
-		<test url="http://shireofpeppermintgrove.oneclickdigital.eu/" />
-		<test url="http://somerset.oneclickdigital.eu/" />
-		<test url="http://southampton.oneclickdigital.eu/" />
-		<test url="http://southerndowns.oneclickdigital.eu/" />
-		<test url="http://stirling.oneclickdigital.eu/" />
-		<test url="http://stlc.oneclickdigital.eu/" />
-		<test url="http://stockport.oneclickdigital.eu/" />
-		<test url="http://stockton.oneclickdigital.eu/" />
-		<test url="http://sunshinecoast.oneclickdigital.eu/" />
-		<test url="http://surrey.oneclickdigital.eu/" />
-		<test url="http://sutherlandshire.oneclickdigital.eu/" />
-		<test url="http://sutton.oneclickdigital.eu/" />
-		<test url="http://swanhill.oneclickdigital.eu/" />
-		<test url="http://swansea.oneclickdigital.eu/" />
-		<test url="http://tameside.oneclickdigital.eu/" />
-		<test url="http://townofcambridge.oneclickdigital.eu/" />
-		<test url="http://townofclaremont.oneclickdigital.eu/" />
-		<test url="http://townofnarrogin.oneclickdigital.eu/" />
-		<test url="http://trafford.oneclickdigital.eu/" />
-		<test url="http://upperhunter.oneclickdigital.eu/" />
-		<test url="http://wakefield.oneclickdigital.eu/" />
-		<test url="http://walsall.oneclickdigital.eu/" />
-		<test url="http://warwickshire.oneclickdigital.eu/" />
-		<test url="http://westdunbarton.oneclickdigital.eu/" />
-		<test url="http://westernisles.oneclickdigital.eu/" />
-		<test url="http://westgippsland.oneclickdigital.eu/" />
-		<test url="http://westlothian.oneclickdigital.eu/" />
-		<test url="http://westminster.oneclickdigital.eu/" />
-		<test url="http://westsussex.oneclickdigital.eu/" />
-		<test url="http://wirral.oneclickdigital.eu/" />
-		<test url="http://wokingham.oneclickdigital.eu/" />
-		<test url="http://wslg.oneclickdigital.eu/" />
-		<test url="http://wyong.oneclickdigital.eu/" />
-		<test url="http://yarracity.oneclickdigital.eu/" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/onepace.net.xml b/src/chrome/content/rules/onepace.net.xml
new file mode 100644
index 000000000000..f508ea7310da
--- /dev/null
+++ b/src/chrome/content/rules/onepace.net.xml
@@ -0,0 +1,7 @@
+<ruleset name="onepace.net">
+	<target host="onepace.net" />
+	<target host="www.onepace.net" />
+	<target host="api.onepace.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/onlineprospectus.net.xml b/src/chrome/content/rules/onlineprospectus.net.xml
new file mode 100644
index 000000000000..9e8e05c32206
--- /dev/null
+++ b/src/chrome/content/rules/onlineprospectus.net.xml
@@ -0,0 +1,10 @@
+<ruleset name="onlineprospectus.net">
+	<target host="onlineprospectus.net" />
+	<target host="*.onlineprospectus.net" />
+
+	<rule from="^http:" to="https:" />
+	
+	<test url="http://direxioninvestments.onlineprospectus.net/DirexionInvestments//SPDN/index.html?open=Summary%20Prospectus" />
+	<test url="http://nationwidefunds.onlineprospectus.net/nationwidefunds/TD2025Fund/" />
+	<test url="http://direxioninvestments.onlineprospectus.net/DirexionInvestments/regulatory-documents/" />
+</ruleset>
diff --git a/src/chrome/content/rules/open27.ru.xml b/src/chrome/content/rules/open27.ru.xml
index 4e8fb299237d..f6648a3ef6a4 100644
--- a/src/chrome/content/rules/open27.ru.xml
+++ b/src/chrome/content/rules/open27.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.open27.ru/ => https://www.open27.ru/: (51, "SSL: no alternative certificate subject name matches target host name 'www.open27.ru'")
 
 -->
-<ruleset name="open27.ru" default_off='failed ruleset test'>
+<ruleset name="open27.ru" default_off="failed ruleset test">
 	<target host="open27.ru" />
 	<target host="www.open27.ru" />
 
diff --git a/src/chrome/content/rules/openbank.ru.xml b/src/chrome/content/rules/openbank.ru.xml
index 57c0e583f536..7b38b36d08d0 100644
--- a/src/chrome/content/rules/openbank.ru.xml
+++ b/src/chrome/content/rules/openbank.ru.xml
@@ -16,7 +16,7 @@ otvet.openbank.ru ¹
 ¹ mismatch
 ⁶ redirect
 -->
-<ruleset name="openbank.ru" default_off='failed ruleset test'>
+<ruleset name="openbank.ru" default_off="failed ruleset test">
 	<target host="openbank.ru" />
 	<target host="www.openbank.ru" />
 	<target host="mobile.openbank.ru" />
diff --git a/src/chrome/content/rules/opencaching.de.xml b/src/chrome/content/rules/opencaching.de.xml
index 9b414938fe53..e1ce21e08368 100644
--- a/src/chrome/content/rules/opencaching.de.xml
+++ b/src/chrome/content/rules/opencaching.de.xml
@@ -1,9 +1,9 @@
 <!--
 	Main pages support https
 	Sub domains like forum / blog / wiki now do support https
-	
+
 	Last test date: 19.08.2017
-	
+
 	Development/testing pages, let them without for developer/tester:
 	test.opencaching.de (certificate match)
 -->
@@ -12,24 +12,24 @@
 	<target host="opencaching.de" />
 	<!-- Main page -->
 	<target host="www.opencaching.de" />
-	
+
 	<!-- Sub page - Blog -->
 	<target host="blog.opencaching.de" />
-	
+
 	<!-- Sub page - Forum -->
 	<target host="forum.opencaching.de" />
-	
+
 	<!-- Sub page - Wiki -->
 	<target host="wiki.opencaching.de" />
-	
+
 	<!-- Sub page - Dowloads -->
 	<target host="download.opencaching.de" />
-	
+
 	<!-- Development - Ticket system -->
 	<target host="redmine.opencaching.de" />
-	
+
 	<!-- Development - project page for responsive design -->
 	<target host="rwd.opencaching.de" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/opencaching.pl.xml b/src/chrome/content/rules/opencaching.pl.xml
index 7d0b68201510..84840df804c9 100644
--- a/src/chrome/content/rules/opencaching.pl.xml
+++ b/src/chrome/content/rules/opencaching.pl.xml
@@ -2,12 +2,12 @@
 	Main pages support https
 	Sub domains like blog / podsumowanie / testing do not support https or have
 	corrupted https or missing/wrong cert
-    
+
     Last test date: 19.08.2017
-    
+
     wrong certificate and wrong website served:
      - m.opencaching.pl
-    
+
     wrong certificate:
      - blog.opencaching.pl
 
@@ -16,15 +16,15 @@
 	<!-- Main page -->
 	<target host="opencaching.pl" />
 	<target host="www.opencaching.pl" />
-	
+
 	<!-- Disabled see header - Mobile main page -->
 	<!-- <target host="m.opencaching.pl" /> -->
-	
+
 	<!-- Forum -->
 	<target host="forum.opencaching.pl" />
-	
+
 	<!-- Wiki -->
 	<target host="wiki.opencaching.pl" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/opencaching.us.xml b/src/chrome/content/rules/opencaching.us.xml
index 6e9856c98d6d..acfd07581a42 100644
--- a/src/chrome/content/rules/opencaching.us.xml
+++ b/src/chrome/content/rules/opencaching.us.xml
@@ -1,7 +1,7 @@
 <!--
 	Opencaching US
 	Last test date: 06.11.2017
-  
+
   Development/testing pages, let them without for developer/tester:
 	 - test.opencaching.us
 -->
@@ -9,15 +9,15 @@
 	<!-- Main page -->
 	<target host="opencaching.us" />
 	<target host="www.opencaching.us" />
-	
+
 	<!-- Sub page - Blog -->
 	<target host="blog.opencaching.us" />
-	
+
 	<!-- Sub page - Forum -->
 	<target host="forum.opencaching.us" />
-	
+
 	<!-- Sub page - Wiki -->
 	<target host="wiki.opencaching.us" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/opendata.ch.xml b/src/chrome/content/rules/opendata.ch.xml
index d06c0da2e4f9..369bcc7ae04f 100644
--- a/src/chrome/content/rules/opendata.ch.xml
+++ b/src/chrome/content/rules/opendata.ch.xml
@@ -9,11 +9,11 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- ^, en, energy, finance, food, fr, glam, make from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- ^, en, energy, finance, food, fr, glam from $self ˢ
 			- ^ from fr.opendata.ch ˢ
 			- ^, fr from soda.camp ⁴
@@ -21,7 +21,7 @@
 			- finance from assets.okfn.org ˢ
 
 		- Bugs, on:
-		
+
 			- ^, en, food, fr, make from i.creativecommons.org ˢ
 			- ^ from licensebuttons.net ˢ
 
diff --git a/src/chrome/content/rules/openembedded.org.xml b/src/chrome/content/rules/openembedded.org.xml
new file mode 100644
index 000000000000..b9ca57cde805
--- /dev/null
+++ b/src/chrome/content/rules/openembedded.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="openembedded.org">
+	<target host="openembedded.org" />
+	<target host="cgit.openembedded.org" />
+	<target host="git.openembedded.org" />
+	<target host="layers.openembedded.org" />
+	<target host="lists.openembedded.org" />
+	<target host="patches.openembedded.org" />
+	<target host="www.openembedded.org" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/opengo.nl.xml b/src/chrome/content/rules/opengo.nl.xml
deleted file mode 100644
index 1a13500bfdd2..000000000000
--- a/src/chrome/content/rules/opengo.nl.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid Certificate:
-		opengo.nl
--->
-<ruleset name="opengo.nl">
-	<target host="opengo.nl" />
-	<target host="www.opengo.nl" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://opengo\.nl/" to="https://www.opengo.nl/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/openmsx.org.xml b/src/chrome/content/rules/openmsx.org.xml
new file mode 100644
index 000000000000..eb78b7dab104
--- /dev/null
+++ b/src/chrome/content/rules/openmsx.org.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		test.openmsx.org
+
+	Refused:
+		forum.openmsx.org
+-->
+<ruleset name="openmsx.org">
+	<target host="openmsx.org" />
+	<target host="www.openmsx.org" />
+	<target host="softfab.openmsx.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openra.net.xml b/src/chrome/content/rules/openra.net.xml
new file mode 100644
index 000000000000..32fcd2ea170e
--- /dev/null
+++ b/src/chrome/content/rules/openra.net.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		bugs.openra.net
+		stats.resource.openra.net
+		stats.master.openra.net
+-->
+<ruleset name="openra.net">
+	<target host="openra.net" />
+	<target host="www.openra.net" />
+	<target host="activity.openra.net" />
+	<target host="changelog.openra.net" />
+	<target host="discord.openra.net" />
+	<target host="forum.openra.net" />
+	<target host="logs.openra.net" />
+	<target host="master.openra.net" />
+	<target host="nagios.openra.net" />
+	<target host="resource.openra.net" />
+	<target host="wiki.openra.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openrct2.io.xml b/src/chrome/content/rules/openrct2.io.xml
new file mode 100644
index 000000000000..ca5ad9ec27d6
--- /dev/null
+++ b/src/chrome/content/rules/openrct2.io.xml
@@ -0,0 +1,9 @@
+<ruleset name="openrct2.io">
+	<target host="openrct2.io" />
+	<target host="www.openrct2.io" />
+	<target host="api.openrct2.io" />
+	<target host="servers.openrct2.io" />
+	<target host="ui.openrct2.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openrunet.org.xml b/src/chrome/content/rules/openrunet.org.xml
index 4a68f11df8e8..10a4f1bc6ac2 100644
--- a/src/chrome/content/rules/openrunet.org.xml
+++ b/src/chrome/content/rules/openrunet.org.xml
@@ -4,7 +4,7 @@ www.openrunet.org self signed
 <ruleset name="openrunet.org">
 	<target host="openrunet.org" />
 	<target host="www.openrunet.org" />
-	
+
 	<rule from="^http://www\.openrunet\.org/"
 		to="https://openrunet.org/" />
 
diff --git a/src/chrome/content/rules/openscad.org.xml b/src/chrome/content/rules/openscad.org.xml
new file mode 100644
index 000000000000..cdb466368c67
--- /dev/null
+++ b/src/chrome/content/rules/openscad.org.xml
@@ -0,0 +1,20 @@
+<!--
+	OpenSCAD
+	Open source 3D design tool
+
+	Refused:
+		openscad.org
+		forum.openscad.org - forum
+		files.openscad.org - downloads
+
+	Last test date: 13.08.2018
+-->
+<ruleset name="openscad.org (partial)">
+	<!-- host is just a redirect but without https so redirect directly to www. sub -->
+	<target host="openscad.org" />
+	<!-- main page -->
+	<target host="www.openscad.org" />
+
+	<rule from="^http://openscad\.org/" to="https://www.openscad.org/"/>
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/opensocietyfoundations.org.xml b/src/chrome/content/rules/opensocietyfoundations.org.xml
deleted file mode 100644
index aabaa3b5cc44..000000000000
--- a/src/chrome/content/rules/opensocietyfoundations.org.xml
+++ /dev/null
@@ -1,42 +0,0 @@
-<!--
-	For related hidden service rules, see osf22p3lmweopgho.onion.xml
-
-apps.opensocietyfoundations.org ³
-eucoloexch1.opensocietyfoundations.org ³
-eucoloexch2.opensocietyfoundations.org ³
-eulondexch1.opensocietyfoundations.org ³
-eulondexch2.opensocietyfoundations.org ³
-eulondras.opensocietyfoundations.org ³
-eupestexch1.opensocietyfoundations.org ³
-eupestexch2.opensocietyfoundations.org ³
-eupestras.opensocietyfoundations.org ³
-auth.gslb.opensocietyfoundations.org ¹
-mail.gslb.opensocietyfoundations.org ¹
-sendgrid.opensocietyfoundations.org ¹
-o1.sendgrid.opensocietyfoundations.org ³
-usargoexch1.opensocietyfoundations.org ³
-usargoexch2.opensocietyfoundations.org ³
-usargoras.opensocietyfoundations.org ³
-uscoloexch1.opensocietyfoundations.org ³
-uscoloexch2.opensocietyfoundations.org ³
-ttf.visualizingdata.opensocietyfoundations.org ¹
-webmail.opensocietyfoundations.org ³
-
-
-¹ mismatch
-³ timed out
--->
-<ruleset name="opensocietyfoundations.org">
-	<target host="opensocietyfoundations.org" />
-	<target host="www.opensocietyfoundations.org" />
-	<target host="auth.opensocietyfoundations.org" />
-	<target host="autheu.opensocietyfoundations.org" />
-	<target host="authus.opensocietyfoundations.org" />
-	<target host="autodiscover.opensocietyfoundations.org" />
-	<target host="eumail.opensocietyfoundations.org" />
-	<target host="mail.opensocietyfoundations.org" />
-	<target host="static.opensocietyfoundations.org" />
-	<target host="usmail.opensocietyfoundations.org" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/openwall.info.xml b/src/chrome/content/rules/openwall.info.xml
new file mode 100644
index 000000000000..1ad434cacd3b
--- /dev/null
+++ b/src/chrome/content/rules/openwall.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="openwall.info">
+	<target host="openwall.info" />
+	<target host="www.openwall.info" />  <!-- Certificate mismatch -->
+	<rule from="^http://www\.openwall\.info/" to="https://openwall.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/openwebrtc.org.xml b/src/chrome/content/rules/openwebrtc.org.xml
index 62f7fee56a85..bfe4c266c74c 100644
--- a/src/chrome/content/rules/openwebrtc.org.xml
+++ b/src/chrome/content/rules/openwebrtc.org.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://demo.openwebrtc.org/ => https://demo.openwebrtc.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="openwebrtc.org" default_off='failed ruleset test'>
+<ruleset name="openwebrtc.org" default_off="failed ruleset test">
 	<target host="openwebrtc.org" />
 	<target host="www.openwebrtc.org" />
 	<target host="demo.openwebrtc.org" />
diff --git a/src/chrome/content/rules/openxmarket.asia.xml b/src/chrome/content/rules/openxmarket.asia.xml
deleted file mode 100644
index a3547157e4d3..000000000000
--- a/src/chrome/content/rules/openxmarket.asia.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	For other OpenX coverage, see OpenX.xml.
-
-
-	^openxmarket.asia: differs from http
-	www.openxmarket.asia: Akamai / mismatched
-
--->
-<ruleset name="OpenXmarket.asia">
-
-	<target host="servedby.openxmarket.asia" />
-
-		<test url="http://servedby.openxmarket.asia/w/1.0/jstag" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/optimizely.com-resources.xml b/src/chrome/content/rules/optimizely.com-resources.xml
index 43b7e10ecafe..5012f819fd5f 100644
--- a/src/chrome/content/rules/optimizely.com-resources.xml
+++ b/src/chrome/content/rules/optimizely.com-resources.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://pages.optimizely.com/rs/361-GER-922/images/Share1.png
 	and no mixed content secured.
 
 -->
-<ruleset name="Optimizely.com (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Optimizely.com (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="pages.optimizely.com" />
 
diff --git a/src/chrome/content/rules/optum.com.xml b/src/chrome/content/rules/optum.com.xml
index accc79c209cf..9934f0a2ed95 100644
--- a/src/chrome/content/rules/optum.com.xml
+++ b/src/chrome/content/rules/optum.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://optum.com/ => https://optum.com/: (51, "SSL: no alternative certificate subject name matches target host name 'optum.com'")
 
 -->
-<ruleset name="Optum.com" default_off='failed ruleset test'>
+<ruleset name="Optum.com" default_off="failed ruleset test">
 
 	<target host="optum.com" />
 	<target host="www.optum.com" />
diff --git a/src/chrome/content/rules/oraclefox.com.xml b/src/chrome/content/rules/oraclefox.com.xml
new file mode 100644
index 000000000000..34694a6c7483
--- /dev/null
+++ b/src/chrome/content/rules/oraclefox.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		mail.oraclefox.com
+		webmail.oraclefox.com
+
+	Time out:
+		ftp.oraclefox.com
+-->
+<ruleset name="oraclefox.com">
+	<target host="oraclefox.com" />
+	<target host="www.oraclefox.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/orangeplant.co.uk.xml b/src/chrome/content/rules/orangeplant.co.uk.xml
index 47f8c7d9a2f6..b00b03abc69f 100644
--- a/src/chrome/content/rules/orangeplant.co.uk.xml
+++ b/src/chrome/content/rules/orangeplant.co.uk.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://www.orangeplant.co.uk/ (200) => https://orangeplant.co
 	www.orangeplant.co.uk: Mismatched
 
 -->
-<ruleset name="Orange Plant.co.uk" default_off='failed ruleset test'>
+<ruleset name="Orange Plant.co.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/oroboro.com.xml b/src/chrome/content/rules/oroboro.com.xml
index f389ae27326e..51e3bdb7f8a1 100644
--- a/src/chrome/content/rules/oroboro.com.xml
+++ b/src/chrome/content/rules/oroboro.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://img.oroboro.com/ => https://img.oroboro.com/: (35, 'error:14077458:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 unrecognized name')
 
 -->
-<ruleset name="oroboro.com" default_off='failed ruleset test'>
+<ruleset name="oroboro.com" default_off="failed ruleset test">
 
 	<target host="oroboro.com" />
 	<target host="img.oroboro.com" />
diff --git a/src/chrome/content/rules/orr.gov.uk.xml b/src/chrome/content/rules/orr.gov.uk.xml
index 72f9b1c965ab..cd0d57b73055 100644
--- a/src/chrome/content/rules/orr.gov.uk.xml
+++ b/src/chrome/content/rules/orr.gov.uk.xml
@@ -24,7 +24,7 @@ Fetch error: http://orrdat.orr.gov.uk/ => https://orrdat.orr.gov.uk/: (60, 'SSL
 		- .dataportal.orr.gov.uk
 
 -->
-<ruleset name="ORR.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="ORR.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--target host="dataportal.orr.gov.uk" /-->
 	<target host="orrdat.orr.gov.uk" />
diff --git a/src/chrome/content/rules/ortenau.freifunk.net.xml b/src/chrome/content/rules/ortenau.freifunk.net.xml
new file mode 100644
index 000000000000..8e24590d9403
--- /dev/null
+++ b/src/chrome/content/rules/ortenau.freifunk.net.xml
@@ -0,0 +1,18 @@
+<!--
+	For other rulesets covering freifunk.net, see: Freifunk.xml
+
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="Freifunk Ortenau">
+
+	<target host="ortenau.freifunk.net" />
+	<target host="forum.ortenau.freifunk.net" />
+	<target host="www.forum.ortenau.freifunk.net" />
+	<target host="lists.ortenau.freifunk.net" />
+	<target host="stats.ortenau.freifunk.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/osf22p3lmweopgho.onion.xml b/src/chrome/content/rules/osf22p3lmweopgho.onion.xml
index 21e49a4d8295..d84f66845634 100644
--- a/src/chrome/content/rules/osf22p3lmweopgho.onion.xml
+++ b/src/chrome/content/rules/osf22p3lmweopgho.onion.xml
@@ -1,5 +1,5 @@
 <!--
-	For related clearnet rules, see 
+	For related clearnet rules, see
 
 	Invalid certificate:
 		www.osf22p3lmweopgho.onion
diff --git a/src/chrome/content/rules/ostermiller.org.xml b/src/chrome/content/rules/ostermiller.org.xml
index da738f238842..a185c589c989 100644
--- a/src/chrome/content/rules/ostermiller.org.xml
+++ b/src/chrome/content/rules/ostermiller.org.xml
@@ -89,7 +89,7 @@ coinmill.deadsea.ostermiller.org ⁵
 ³ timed out
 ⁵ expired
 -->
-<ruleset name="ostermiller.org" default_off='failed ruleset test'>
+<ruleset name="ostermiller.org" default_off="failed ruleset test">
 	<target host="ostermiller.org" />
 	<target host="www.ostermiller.org" />
 	<target host="currency.ostermiller.org" />
diff --git a/src/chrome/content/rules/osufoundation.org.xml b/src/chrome/content/rules/osufoundation.org.xml
index da0557967e63..b3a70ddae013 100644
--- a/src/chrome/content/rules/osufoundation.org.xml
+++ b/src/chrome/content/rules/osufoundation.org.xml
@@ -1,11 +1,14 @@
 <!--
-	For other Oregon State University coverage, see 
+	For other Oregon State University coverage, see
 
 
-	^osufoundation.org: dropped
+        http://osufoundation.org redirects to http://www.osufoundation.org
+        redirects to https://www.osufoundation.org, so normal users don't see
+        the need for the complication. However, osufoundation.org does not
+        respond to https, so it is still needed.
 
 -->
-<ruleset name="OSU Foundation.org" default_off="mismatched">
+<ruleset name="OSU Foundation.org">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/osuosl.org.xml b/src/chrome/content/rules/osuosl.org.xml
index ee129dd3907d..e3fe0162468a 100644
--- a/src/chrome/content/rules/osuosl.org.xml
+++ b/src/chrome/content/rules/osuosl.org.xml
@@ -1,25 +1,260 @@
 <!--
-	For other Oregon State University coverage, see Oregon-State-University.xml.
+	HTTPS != HTTP:
+		internal-web1.osuosl.org
+		mon1.osuosl.org
 
+    Connection reset:
+        cppcheck1.osuosl.org:8000
 
-	Nonfunctional hosts in *osuosl.org:
+	Invalid certificate:
+		amahi.osuosl.org
+		bdale-gag.osuosl.org
+		busybox.osuosl.org
+		chat.civicrm.osuosl.org
+		java-prod.civicrm.osuosl.org
+		log.civicrm.osuosl.org
+		manage.civicrm.osuosl.org
+		www-cxn-2.civicrm.osuosl.org
+		www-demo.civicrm.osuosl.org
+		www-prod.civicrm.osuosl.org
+		dotkde.osuosl.org
+		ecf-builds.osuosl.org
+		elinux.osuosl.org
+		elgg2.osuosl.org
+		flossfoundations.osuosl.org
+		fosstranslation.osuosl.org
+		freedroid.osuosl.org
+		bellbird.gentoo.osuosl.org
+		bittern.gentoo.osuosl.org
+		brambling.gentoo.osuosl.org
+		dipper.gentoo.osuosl.org
+		meadowlark.gentoo.osuosl.org
+		vulture.gentoo.osuosl.org
+		x86dev.gentoo.osuosl.org
+		jenkins-edamame.osuosl.org
+		jenkins-lettuce.osuosl.org
+		inkscape1.osuosl.org
+		lb.osuosl.org
+		lf-openprinting.osuosl.org
+		linuxfund.osuosl.org
+		lug.osuosl.org
+		lyx1.osuosl.org
+		mageiavm.osuosl.org
+		mandrivausers2.osuosl.org
+		mf4-xiph.osuosl.org
+		midnightcommander.osuosl.org
+		mirror-sync.osuosl.org
+		gen.ntf.osuosl.org
+		ldap1.ntf.osuosl.org
+		mail.ntf.osuosl.org
+		puppet.ntf.osuosl.org
+		wiki.ntf.osuosl.org
+		openmrs1.osuosl.org
+		openvoting.osuosl.org
+		osgeo4.osgeo.osuosl.org
+		osgeo6.osgeo.osuosl.org
+		osgeo7.osgeo.osuosl.org
+		web.osgeo.osuosl.org
+		benzene.osm.osuosl.org
+		civicrm.osm.osuosl.org
+		stormfly-02.osm.osuosl.org
+		osmus.osm.osuosl.org
+		pyrene.osm.osuosl.org
+		stormfly-01.osm.osuosl.org
+		tile.osm.osuosl.org
+		a.tile.osm.osuosl.org
+		b.tile.osm.osuosl.org
+		c.tile.osm.osuosl.org
+		osu1php.osuosl.org
+		otest-controller.osuosl.org
+		pdxplumbers.osuosl.org
+		parrotvm.osuosl.org
+		virt-2ttcf4.psf.osuosl.org
+		virt-7tac5q.psf.osuosl.org
+		virt-7yvsjn.psf.osuosl.org
+		virt-82qt2a.psf.osuosl.org
+		virt-8joqck.psf.osuosl.org
+		virt-8pjlh8.psf.osuosl.org
+		virt-9f03qg.psf.osuosl.org
+		virt-ak9lsk.psf.osuosl.org
+		virt-byl2f7.psf.osuosl.org
+		virt-c2fg44.psf.osuosl.org
+		virt-et2yi0.psf.osuosl.org
+		virt-f3pu59.psf.osuosl.org
+		virt-flqzel.psf.osuosl.org
+		virt-gwhg4e.psf.osuosl.org
+		virt-h669vt.psf.osuosl.org
+		virt-nsz0jn.psf.osuosl.org
+		virt-k4b2sa.psf.osuosl.org
+		virt-kchn16.psf.osuosl.org
+		virt-l4es2w.psf.osuosl.org
+		virt-l99amx.psf.osuosl.org
+		virt-oku3tm.psf.osuosl.org
+		virt-ozvw2q.psf.osuosl.org
+		virt-pa4z19.psf.osuosl.org
+		virt-q0dzqq.psf.osuosl.org
+		virt-sae8wg.psf.osuosl.org
+		virt-ssqrj8.psf.osuosl.org
+		virt-sxw5uy.psf.osuosl.org
+		virt-tkd3sc.psf.osuosl.org
+		virt-vm43og.psf.osuosl.org
+		virt-wdiwcy.psf.osuosl.org
+		virt-wzmlmm.psf.osuosl.org
+		virt-y8pzvf.psf.osuosl.org
+		virt-yfae7i.psf.osuosl.org
+		virt-ys0nco.psf.osuosl.org
+		virt-znzn20.psf.osuosl.org
+		puredata.osuosl.org
+		rainmeter.osuosl.org
+		ros.osuosl.org
+		www.ros.osuosl.org
+		answers.ros.osuosl.org
+		answers2.ros.osuosl.org
+		docs.ros.osuosl.org
+		download.ros.osuosl.org
+		news.ros.osuosl.org
+		wiki.ros.osuosl.org
+		slides.osuosl.org
+		snowdrift-smtp.osuosl.org
+		swi-prolog.osuosl.org
+		tasktracer.osuosl.org
+		turtlebot.osuosl.org
+		web2.osuosl.org
+		web3.osuosl.org
+		catfish.xiph.osuosl.org
+		catfish-2.xiph.osuosl.org
+		gitlab.xiph.osuosl.org
+		mailfish.xiph.osuosl.org
+		hostfish.xiph.osuosl.org
 
-		- ftp-nyc*
-		- rsync *
+	Protocol error:		
+		finch.gentoo.osuosl.org
 
-	* Refused
+	Refused:
+		apereo1.osuosl.org
+		app3.osuosl.org
+		bonsai.osuosl.org
+		bro-try.osuosl.org
+		darcs.osuosl.org
+		darcsvm.osuosl.org
+		dogwood.osuosl.org
+		dir-xiph.osuosl.org
+		ppcports.freebsd.osuosl.org
+		bender.gentoo.osuosl.org
+		bogsucker.gentoo.osuosl.org
+		hppa.gentoo.osuosl.org
+		raq2.gentoo.osuosl.org
+		rooster.gentoo.osuosl.org
+		timberdoodle.gentoo.osuosl.org
+		inkscape.osuosl.org
+		linhes.osuosl.org
+		monkeyhttpd.osuosl.org
+		mozdev-prod.osuosl.org
+		mozdev-stats.osuosl.org
+		openhatch-ripcord.osuosl.org
+		backup.osgeo.osuosl.org
+		osdv-rails.osuosl.org
+		demo1.phpbb.osuosl.org
+		download1.phpbb.osuosl.org
+		polr.osuosl.org
+		qemu2.osuosl.org
+		sahana-pootle.osuosl.org
+		speed-python.osuosl.org
 
--->
-<ruleset name="OSU OSL.org (partial)">
+	Unreachable:
+		lf-bugs.osuosl.org
+		lf-lists.osuosl.org
+		lf-web1.osuosl.org
+		lf-web2.osuosl.org
+		mon2.osuosl.org
+		mozillazine1.osuosl.org
+		ntp.osuosl.org
+		panama.osuosl.org
+		parisc.osuosl.org
+		time.osuosl.org
+		webdav1.osuosl.org
 
+	Unsupported protocol:
+		console1.gentoo.osuosl.org
+-->
+<ruleset name="osuosl.org">
 	<target host="osuosl.org" />
-	<target host="gentoo.osuosl.org" />
 	<target host="www.osuosl.org" />
+	<target host="admin.osuosl.org" />
+	<target host="apache.osuosl.org" />
+	<target host="archive.osuosl.org" />
+	<target host="arklinux.osuosl.org" />
+	<target host="ash.osuosl.org" />
+	<target host="awstats.osuosl.org" />
+	<target host="caos.osuosl.org" />
+	<target host="centos.osuosl.org" />
+	<target host="chef.osuosl.org" />
+	<target host="chef1.osuosl.org" />
+	<target host="cherokee.osuosl.org" />
+	<target host="cs312.osuosl.org" />
+	<target host="cygwin.osuosl.org" />
+	<target host="debian.osuosl.org" />
+	<target host="deluge.osuosl.org" />
+	<target host="devopsbootcamp.osuosl.org" />
+	<target host="docs.osuosl.org" />
+	<target host="driverdev.osuosl.org" />
+	<target host="etherpad.osuosl.org" />
+	<target host="fedora.osuosl.org" />
+	<target host="ftp.osuosl.org" />
+	<target host="ftp-chi.osuosl.org" />
+	<target host="ftp-ext.osuosl.org" />
+	<target host="ftp-osl.osuosl.org" />
+	<target host="ftp-nyc.osuosl.org" />
+	<target host="ftpmap.osuosl.org" />
+	<target host="gentoo.osuosl.org" />
+	<target host="git.osuosl.org" />
+	<target host="gsoc-wiki.osuosl.org" />
+	<target host="haiku.osuosl.org" />
+	<target host="ibmz-ci.osuosl.org" />
+	<target host="imap.osuosl.org" />
+	<target host="jenkins.osuosl.org" />
+	<target host="kernel.osuosl.org" />
+	<target host="larch.osuosl.org" />
+	<target host="lb1.osuosl.org" />
+	<target host="lb2.osuosl.org" />
+	<target host="lfs.osuosl.org" />
+	<target host="lists.osuosl.org" />
+	<target host="mail.osuosl.org" />
+	<target host="mirrors.osuosl.org" />
+	<target host="monitor.osuosl.org" />
+	<target host="mozilla.osuosl.org" />
+	<target host="mozilla-chi.osuosl.org" />
+	<target host="mozilla-nyc.osuosl.org" />
+	<target host="mozilla-osl.osuosl.org" />
+	<target host="munin.osuosl.org" />
+	<target host="musicbrainz.osuosl.org" />
+	<target host="mysql.osuosl.org" />
+	<target host="nagios2.osuosl.org" />
+	<target host="netbeans.osuosl.org" />
+	<target host="netwinder.osuosl.org" />
+	<target host="openoffice.osuosl.org" />
+	<target host="openoffice-chi.osuosl.org" />
+	<target host="openpower-controller.osuosl.org" />
+	<target host="opensuse.osuosl.org" />
+	<target host="oprod-controller1.osuosl.org" />
+	<target host="adhoc.osgeo.osuosl.org" />
+	<target host="page.osuosl.org" />
+	<target host="pastebin.osuosl.org" />
+	<target host="pentoo.osuosl.org" />
+	<target host="phpmyadmin.osuosl.org" />
+	<target host="powerci.osuosl.org" />
+	<target host="powerci-jenkins.osuosl.org" />
+	<target host="rsync.osuosl.org" />
+	<target host="s390x-jenkins.osuosl.org" />
+	<target host="scm1.osuosl.org" />
+	<target host="slackware.osuosl.org" />
+	<target host="staff.osuosl.org" />
+	<target host="support.osuosl.org" />
+	<target host="tails.osuosl.org" />
+	<target host="ubuntu.osuosl.org" />
+	<target host="vectorlinux.osuosl.org" />
+	<target host="vip-lb1.osuosl.org" />
+	<target host="wiki.osuosl.org" />
 
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/osvehicle.com.xml b/src/chrome/content/rules/osvehicle.com.xml
deleted file mode 100644
index c46e58d1617b..000000000000
--- a/src/chrome/content/rules/osvehicle.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="OSVehicle.com">
-
-	<target host="osvehicle.com" />
-	<target host="www.osvehicle.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/otc-cta.gc.ca.xml b/src/chrome/content/rules/otc-cta.gc.ca.xml
new file mode 100644
index 000000000000..9303eef7021b
--- /dev/null
+++ b/src/chrome/content/rules/otc-cta.gc.ca.xml
@@ -0,0 +1,10 @@
+<ruleset name="otc-cta.gc.ca">
+	<target host="otc-cta.gc.ca" />
+	<target host="www.otc-cta.gc.ca" />
+	<target host="forums.otc-cta.gc.ca" />
+	<target host="services.otc-cta.gc.ca" />
+	<target host="services2.otc-cta.gc.ca" />
+	<target host="vpn2.otc-cta.gc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ots-net.ru.xml b/src/chrome/content/rules/ots-net.ru.xml
index ececefca3529..7e3173369c0f 100644
--- a/src/chrome/content/rules/ots-net.ru.xml
+++ b/src/chrome/content/rules/ots-net.ru.xml
@@ -8,7 +8,7 @@ forum.ots-net.ru mismatch
 moidom.ots-net.ru mismatch
 info.ots-net.ru mismatch
 -->
-<ruleset name="ots-net.ru" default_off='failed ruleset test'>
+<ruleset name="ots-net.ru" default_off="failed ruleset test">
 	<target host="ots-net.ru" />
 	<target host="www.ots-net.ru" />
 	<target host="promo.ots-net.ru" />
diff --git a/src/chrome/content/rules/ourskillsforce.co.uk.xml b/src/chrome/content/rules/ourskillsforce.co.uk.xml
index d120d8f45679..f30035a8bcc9 100644
--- a/src/chrome/content/rules/ourskillsforce.co.uk.xml
+++ b/src/chrome/content/rules/ourskillsforce.co.uk.xml
@@ -13,7 +13,7 @@ Fetch error: http://ourskillsforce.co.uk/ => https://ourskillsforce.co.uk/: (60,
 	ᵐ Mismatched
 
 -->
-<ruleset name="Our Skillsforce.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Our Skillsforce.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="ourskillsforce.co.uk" />
 	<target host="www.ourskillsforce.co.uk" />
diff --git a/src/chrome/content/rules/outnow.ch.xml b/src/chrome/content/rules/outnow.ch.xml
deleted file mode 100644
index 351dae3662f0..000000000000
--- a/src/chrome/content/rules/outnow.ch.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	Mismatch:
-		- so
-		- zol
--->
-<ruleset name="outnow.ch">
-	<target host="outnow.ch"/>
-	<target host="www.outnow.ch"/>
-
-	<rule from="^http:"
-		to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml b/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml
index 20a85aed6f91..89b27071ab1e 100644
--- a/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml
+++ b/src/chrome/content/rules/oxfordshire.gov.uk-falsemixed.xml
@@ -8,7 +8,7 @@ Non-2xx HTTP code: http://winter.oxfordshire.gov.uk/ (200) => https://winter.oxf
 	For rules not causing false/broken MCB, see oxfordshire.gov.uk.xml.
 
 -->
-<ruleset name="Oxfordshire.gov.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Oxfordshire.gov.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="insight.oxfordshire.gov.uk" />
 	<target host="schools.oxfordshire.gov.uk" />
diff --git a/src/chrome/content/rules/oxfordshire.gov.uk.xml b/src/chrome/content/rules/oxfordshire.gov.uk.xml
index 0a6484fc1345..9f9e6ce5713e 100644
--- a/src/chrome/content/rules/oxfordshire.gov.uk.xml
+++ b/src/chrome/content/rules/oxfordshire.gov.uk.xml
@@ -57,14 +57,14 @@ Non-2xx HTTP code: http://owls.oxfordshire.gov.uk/ (200) => https://owls.oxfords
 		- css on insight, schools, volunteering, winter from $self ˢ
 
 		- Images, on:
-		
+
 			- insight, schools, volunteering, winter from $self ˢ
 			- schools from www.oxfordshire.gov.uk ˢ
 
 	ˢ Secured by us; see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Oxfordshire.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Oxfordshire.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/oyoony.xml b/src/chrome/content/rules/oyoony.xml
deleted file mode 100644
index 4e2a094527fd..000000000000
--- a/src/chrome/content/rules/oyoony.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="oyoony">
-  <target host="oyoony.at" />
-  <target host="www.oyoony.at" />
-  <target host="oyoony.de" />
-  <target host="www.oyoony.de" />
-  <target host="oyoony.net" />
-  <target host="www.oyoony.net" />
-
-  <securecookie host="^(?:www\.)?oyoony\.(?:at|de|net)$" name=".+" />
-
-  <rule from="^http://(?:www\.)?oyoony\.(at|de|net)/" to="https://oyoony.de/" />
-</ruleset>
diff --git a/src/chrome/content/rules/pCloud.xml b/src/chrome/content/rules/pCloud.xml
index 219068d8a0ea..6a7a73a95374 100644
--- a/src/chrome/content/rules/pCloud.xml
+++ b/src/chrome/content/rules/pCloud.xml
@@ -8,7 +8,7 @@ Fetch error: http://pc.cd/ => https://pc.cd/: (60, 'SSL certificate problem: una
   pc.cd is the short link for share links.
 -->
 
-<ruleset name="pCloud" default_off='failed ruleset test'>
+<ruleset name="pCloud" default_off="failed ruleset test">
 
 	<target host="pc.cd" />
 		<test url="http://pc.cd/S8OctalK"/>
diff --git a/src/chrome/content/rules/packetflagon.is.xml b/src/chrome/content/rules/packetflagon.is.xml
deleted file mode 100644
index ba8f491d770f..000000000000
--- a/src/chrome/content/rules/packetflagon.is.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="packetflagon.is">
-	<target host=    "packetflagon.is" />
-	<target host="www.packetflagon.is" />
-
-  	<securecookie host="^.*\.packetflagon\.is$" name=".+" />
-
-	<rule from="^http:" 
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/panorama.am.xml b/src/chrome/content/rules/panorama.am.xml
index ee74a4631c22..a85a5c42ea11 100644
--- a/src/chrome/content/rules/panorama.am.xml
+++ b/src/chrome/content/rules/panorama.am.xml
@@ -7,7 +7,7 @@ Non-2xx HTTP code: http://life.panorama.am/ (200) => https://life.panorama.am/ (
 Non-2xx HTTP code: http://sport.panorama.am/ (200) => https://sport.panorama.am/ (521)
 
 -->
-<ruleset name="panorama.am" default_off='failed ruleset test'>
+<ruleset name="panorama.am" default_off="failed ruleset test">
 	<target host="panorama.am" />
 	<target host="www.panorama.am" />
 	<target host="life.panorama.am" />
diff --git a/src/chrome/content/rules/paralus.co.xml b/src/chrome/content/rules/paralus.co.xml
new file mode 100644
index 000000000000..c31b5bc2bc68
--- /dev/null
+++ b/src/chrome/content/rules/paralus.co.xml
@@ -0,0 +1,9 @@
+<ruleset name="paralus.co">
+	<target host="paralus.co" />
+	<target host="www.paralus.co" />
+	
+	<target host="pylos.co" />
+	<target host="www.pylos.co" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/paralympic.org.xml b/src/chrome/content/rules/paralympic.org.xml
index 2ed69161f4f0..316b13bf866e 100644
--- a/src/chrome/content/rules/paralympic.org.xml
+++ b/src/chrome/content/rules/paralympic.org.xml
@@ -8,7 +8,7 @@ paralympic.org ³
 	<target host="paralympic.org" />
 	<target host="www.paralympic.org" />
 	<target host="m.paralympic.org" />
-	
+
 	<rule from="^http://paralympic\.org/"
 		to="https://www.paralympic.org/" />
 
diff --git a/src/chrome/content/rules/parlmany.com.xml b/src/chrome/content/rules/parlmany.com.xml
index a56628cc11c1..e55a09558c3b 100644
--- a/src/chrome/content/rules/parlmany.com.xml
+++ b/src/chrome/content/rules/parlmany.com.xml
@@ -1,10 +1,10 @@
-<ruleset name="parlmany.com ">        
-	<target host="parlmany.com" />        
-	<target host="www.parlmany.com" />  
+<ruleset name="parlmany.com ">
+	<target host="parlmany.com" />
+	<target host="www.parlmany.com" />
 	<target host="desktop.parlmany.com" />
 	<target host="m.parlmany.com" />
-	
-	<securecookie host=".+" name=".+" />	
-	
+
+	<securecookie host=".+" name=".+" />
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/passwordsgenerator.net.xml b/src/chrome/content/rules/passwordsgenerator.net.xml
new file mode 100644
index 000000000000..d87711320358
--- /dev/null
+++ b/src/chrome/content/rules/passwordsgenerator.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="passwordsgenerator.net">
+	<target host="passwordsgenerator.net" />
+	<target host="www.passwordsgenerator.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/patronbase.com.xml b/src/chrome/content/rules/patronbase.com.xml
index 806ae647850a..3c61351f7d9f 100644
--- a/src/chrome/content/rules/patronbase.com.xml
+++ b/src/chrome/content/rules/patronbase.com.xml
@@ -22,7 +22,7 @@ Fetch error: http://patronbase.com/ => https://patronbase.com/: (28, 'Connection
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="PatronBase.com" default_off='failed ruleset test'>
+<ruleset name="PatronBase.com" default_off="failed ruleset test">
 
 	<target host="patronbase.com" />
 	<target host="au.patronbase.com" />
diff --git a/src/chrome/content/rules/paypalobjects.com.xml b/src/chrome/content/rules/paypalobjects.com.xml
deleted file mode 100644
index 74cc6e1efcc6..000000000000
--- a/src/chrome/content/rules/paypalobjects.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other PayPal coverage, see PayPal.xml.
-
-
-	Insecure cookies are set for these domains:
-
-		- .paypalobjects.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="PayPal objects.com">
-
-	<target host="www.paypalobjects.com" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://www.paypalobjects.com/en_US/i/scr/pixel.gif" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.paypalobjects\.com$" name="^PYPF$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pckeyboard.com.xml b/src/chrome/content/rules/pckeyboard.com.xml
index 613670e5b4a4..2acfa90a85de 100644
--- a/src/chrome/content/rules/pckeyboard.com.xml
+++ b/src/chrome/content/rules/pckeyboard.com.xml
@@ -3,7 +3,7 @@
 	<target host="www.pckeyboard.com" />
 	<target host="support.pckeyboard.com" />
 	<target host="survey.pckeyboard.com" />
-	
+
 	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/pcshannover.de.xml b/src/chrome/content/rules/pcshannover.de.xml
new file mode 100644
index 000000000000..10bafbd6965c
--- /dev/null
+++ b/src/chrome/content/rules/pcshannover.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="pchannovers.de">
+	<target host="pcshannover.de" />
+	<target host="www.pcshannover.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pdfforge.org.xml b/src/chrome/content/rules/pdfforge.org.xml
index 087aba9d1e58..b662e482ec35 100644
--- a/src/chrome/content/rules/pdfforge.org.xml
+++ b/src/chrome/content/rules/pdfforge.org.xml
@@ -11,27 +11,27 @@
 	<!-- Main page -->
 	<target host="pdfforge.org" />
 	<target host="www.pdfforge.org" />
-	
+
 	<!-- Languages -->
 	<target host="translate.pdfforge.org" />
 	<target host="de.pdfforge.org" />
-	
+
 	<!-- Forum -->
 	<target host="forums.pdfforge.org" />
-	
+
 	<!-- Documentation -->
 	<target host="docs.pdfforge.org" />
-	
+
 	<!-- Licensing -->
 	<target host="license.pdfforge.org" />
 	<target host="pricing2.pdfforge.org" />
-	
+
 	<!-- Other -->
 	<target host="go.pdfforge.org" />
-	
+
 	<!-- Not used? -->
 	<target host="pricing.pdfforge.org" />
 	<target host="update.pdfforge.org" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/pearsoncmg.com.xml b/src/chrome/content/rules/pearsoncmg.com.xml
new file mode 100644
index 000000000000..0c50d2257873
--- /dev/null
+++ b/src/chrome/content/rules/pearsoncmg.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="pearsoncmg.com">
+
+<!--
+Both of these subdomains are by default loaded over HTTP and do not redirect to HTTPS,
+However both of them can be loaded over HTTPS with no issues.
+-->
+
+	<target host="view.etext.home2.pearsoncmg.com" />
+	<target host="rumba.bookshelf.ebookplus.pearsoncmg.com" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/peercloud.io.xml b/src/chrome/content/rules/peercloud.io.xml
index 920a859f250b..8609dd9ddc98 100644
--- a/src/chrome/content/rules/peercloud.io.xml
+++ b/src/chrome/content/rules/peercloud.io.xml
@@ -5,7 +5,7 @@ Fetch error: http://peercloud.io/ => https://peercloud.io/: (60, 'SSL certificat
 Fetch error: http://www.peercloud.io/ => https://www.peercloud.io/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="peercloud.io" default_off='failed ruleset test'>
+<ruleset name="peercloud.io" default_off="failed ruleset test">
 	<target host="peercloud.io" />
 	<target host="www.peercloud.io" />
 
diff --git a/src/chrome/content/rules/pejs.net.xml b/src/chrome/content/rules/pejs.net.xml
deleted file mode 100644
index 63d9c80cc2fa..000000000000
--- a/src/chrome/content/rules/pejs.net.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="pejs.net">
-
-	<target host="pejs.net" />
-
-	<test url="http://pejs.net/pe.js" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/penzionspicak.cz.xml b/src/chrome/content/rules/penzionspicak.cz.xml
new file mode 100644
index 000000000000..d00e73824b43
--- /dev/null
+++ b/src/chrome/content/rules/penzionspicak.cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="penzionspicak.cz">
+	<target host="penzionspicak.cz" />
+	<target host="www.penzionspicak.cz" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pepperridgefarm.xml b/src/chrome/content/rules/pepperridgefarm.xml
new file mode 100644
index 000000000000..bc52dd6b431a
--- /dev/null
+++ b/src/chrome/content/rules/pepperridgefarm.xml
@@ -0,0 +1,7 @@
+<ruleset name="pepperridgefarm">
+	<target host="pepperidgefarm.com" />
+	<target host="www.pepperidgefarm.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/permkrai.ru.xml b/src/chrome/content/rules/permkrai.ru.xml
index f53d3670f557..7f69d7a664eb 100644
--- a/src/chrome/content/rules/permkrai.ru.xml
+++ b/src/chrome/content/rules/permkrai.ru.xml
@@ -169,7 +169,7 @@ opendata.permkrai.ru different content
 ⁶ redirect
 ⁷ protocol error
 -->
-<ruleset name="permkrai.ru" default_off='failed ruleset test'>
+<ruleset name="permkrai.ru" default_off="failed ruleset test">
 	<target host="permkrai.ru" />
 	<target host="www.permkrai.ru" />
 	<target host="agarh.permkrai.ru" />
diff --git a/src/chrome/content/rules/pharmgkb.org.xml b/src/chrome/content/rules/pharmgkb.org.xml
index 9e23cd4bf6fe..c7b27c9342cc 100644
--- a/src/chrome/content/rules/pharmgkb.org.xml
+++ b/src/chrome/content/rules/pharmgkb.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://pharmgkb.org/ => https://pharmgkb.org/: (28, 'Connection tim
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="PharmGKB.org" default_off='failed ruleset test'>
+<ruleset name="PharmGKB.org" default_off="failed ruleset test">
 
 	<target host="pharmgkb.org" />
 	<target host="*.pharmgkb.org" />
diff --git a/src/chrome/content/rules/phonehouse.de.xml b/src/chrome/content/rules/phonehouse.de.xml
deleted file mode 100644
index 9fd8cc63dfd4..000000000000
--- a/src/chrome/content/rules/phonehouse.de.xml
+++ /dev/null
@@ -1,32 +0,0 @@
-<!--
-	Invalid certificate:
-		affiliate.phonehouse.de
-		otos-bo.phonehouse.de
-		otos-ws.phonehouse.de
-
-	Timeout:
-		cwpos.phonehouse.de
-		foris.phonehouse.de
-		newsletter.phonehouse.de
-		primus.phonehouse.de
-		secundus.phonehouse.de
--->
-<ruleset name="phonehouse.de">
-
-	<target host="phonehouse.de" />
-	<target host="www.phonehouse.de" />
-	<target host="extranet.phonehouse.de" />
-	<target host="m.phonehouse.de" />
-	<target host="oase.phonehouse.de" />
-	<target host="otos.phonehouse.de" />
-	<target host="samsung.phonehouse.de" />
-	<target host="secure1.phonehouse.de" />
-	<target host="secure2.phonehouse.de" />
-	<target host="shop.phonehouse.de" />
-	<target host="test.phonehouse.de" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/phys.org.xml b/src/chrome/content/rules/phys.org.xml
index 78ef13276672..306d187eb27a 100644
--- a/src/chrome/content/rules/phys.org.xml
+++ b/src/chrome/content/rules/phys.org.xml
@@ -3,11 +3,13 @@
 	<target host="phys.org" />
 	<target host="m.phys.org" />
 	<target host="www.phys.org" />
-
+	<target host="physorg.com" />
 
 	<securecookie host="^\." name="^__qca" />
 	<securecookie host="^\w" name=".+" />
 
+	<rule from="^http://physorg\.com/"
+		to="https://phys.org/" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/pi-hole.net.xml b/src/chrome/content/rules/pi-hole.net.xml
index 0ddaa4506c2f..2e1143393231 100644
--- a/src/chrome/content/rules/pi-hole.net.xml
+++ b/src/chrome/content/rules/pi-hole.net.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Non-2xx HTTP code: http://www.pi-hole.net/ (200) => https://www.pi-hole.net/ (526)
 
 -->
-<ruleset name="pi-hole.net" default_off='failed ruleset test'>
+<ruleset name="pi-hole.net" default_off="failed ruleset test">
 
 	<target host="pi-hole.net" />
 	<target host="install.pi-hole.net" />
diff --git a/src/chrome/content/rules/piccy.info.xml b/src/chrome/content/rules/piccy.info.xml
new file mode 100644
index 000000000000..5ecc71a12532
--- /dev/null
+++ b/src/chrome/content/rules/piccy.info.xml
@@ -0,0 +1,20 @@
+<!--
+	Redirect to HTTP:
+		ns3.piccy.info
+
+	SSL protocol error:
+		ns5.piccy.info
+		piccy.piccy.info
+		wrld.piccy.info
+
+	Time out:
+		ns2.piccy.info
+-->
+<ruleset name="piccy.info">
+	<target host="piccy.info" />
+	<target host="www.piccy.info" />
+	<target host="i.piccy.info" />
+
+	<rule from="^http://www\.piccy\.info/" to="https://piccy.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pigtown.news.xml b/src/chrome/content/rules/pigtown.news.xml
deleted file mode 100644
index c763913f3528..000000000000
--- a/src/chrome/content/rules/pigtown.news.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid Certificate:
-		www.pigtown.news
--->
-<ruleset name="pigtown.news">
-	<target host="pigtown.news" />
-	<target host="www.pigtown.news" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.pigtown\.news/" to="https://pigtown.news/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pindropsecurity.com.xml b/src/chrome/content/rules/pindropsecurity.com.xml
index 66d9da853670..1b23efe20e7c 100644
--- a/src/chrome/content/rules/pindropsecurity.com.xml
+++ b/src/chrome/content/rules/pindropsecurity.com.xml
@@ -14,7 +14,7 @@ Non-2xx HTTP code: http://info.pindropsecurity.com/rs/pindropsecurity/images/Pin
 	ᵃ Marketo / Shows another domain
 
 -->
-<ruleset name="Pindrop Security.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Pindrop Security.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/piraattipuolue.fi.xml b/src/chrome/content/rules/piraattipuolue.fi.xml
index 6a01e3606926..43a472ab9889 100644
--- a/src/chrome/content/rules/piraattipuolue.fi.xml
+++ b/src/chrome/content/rules/piraattipuolue.fi.xml
@@ -36,7 +36,7 @@
 		- favicon on keskustelut from arkisto.piraattipuolue.fi ⁴
 
 		- Bug, on:
-		
+
 			- blogi from www.facebook.com ˢ
 			- blogi from apis.google.com ˢ
 			- blogi, keskustelut, wiki from stats.piraattipuolue.fi ᵉ
diff --git a/src/chrome/content/rules/pirata.cat.xml b/src/chrome/content/rules/pirata.cat.xml
deleted file mode 100644
index 1d84fefaf517..000000000000
--- a/src/chrome/content/rules/pirata.cat.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	(www.)?pirata.cat: 404
-
-
-	NB: server sends no certificate chain, see https://whatsmychaincert.com
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- xifrat.pirata.cat
-		- .xifrat.pirata.cat
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="pirata.cat (partial)" default_off="missing certificate chain">
-
-	<target host="xifrat.pirata.cat" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://xifrat.pirata.cat/forum/" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^xifrat\.pirata\.cat$" name="^(?:Vanilla|Vanilla-Volatile|vanilla_locale)$" /-->
-	<!--securecookie host="^\.xifrat\.pirata\.cat$" name="^SESS[\da-f]{32}$" /-->
-
-	<securecookie host="^(?!\.pirata\.cat$)." name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pirateaccess.xyz.xml b/src/chrome/content/rules/pirateaccess.xyz.xml
deleted file mode 100644
index aea4539a2952..000000000000
--- a/src/chrome/content/rules/pirateaccess.xyz.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="pirateaccess.xyz">
-	<target host="pirateaccess.xyz" />
-	<target host="www.pirateaccess.xyz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebay.click.xml b/src/chrome/content/rules/piratebay.click.xml
deleted file mode 100644
index da8c5209d185..000000000000
--- a/src/chrome/content/rules/piratebay.click.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="piratebay.click">
-	<target host="piratebay.click" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebay.website.xml b/src/chrome/content/rules/piratebay.website.xml
deleted file mode 100644
index fc2c739b0d09..000000000000
--- a/src/chrome/content/rules/piratebay.website.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	www doesn't exist.
--->
-
-<ruleset name="piratebay.website">
-	<target host="piratebay.website" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebayblocked.com.xml b/src/chrome/content/rules/piratebayblocked.com.xml
deleted file mode 100644
index f4bf518d80cf..000000000000
--- a/src/chrome/content/rules/piratebayblocked.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="piratebayblocked.com">
-	<target host="piratebayblocked.com" />
-	<target host="www.piratebayblocked.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebayfast.co.uk.xml b/src/chrome/content/rules/piratebayfast.co.uk.xml
deleted file mode 100644
index 8a719859d965..000000000000
--- a/src/chrome/content/rules/piratebayfast.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="piratebayfast.co.uk">
-	<target host="piratebayfast.co.uk" />
-	<target host="www.piratebayfast.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebayguru.com.xml b/src/chrome/content/rules/piratebayguru.com.xml
deleted file mode 100644
index c675ebeb7dd6..000000000000
--- a/src/chrome/content/rules/piratebayguru.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="piratebayguru.com">
-	<target host="piratebayguru.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebayportal.co.uk.xml b/src/chrome/content/rules/piratebayportal.co.uk.xml
deleted file mode 100644
index b377a0e3844f..000000000000
--- a/src/chrome/content/rules/piratebayportal.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="piratebayportal.co.uk">
-	<target host="piratebayportal.co.uk" />
-	<target host="www.piratebayportal.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebays.co.uk.xml b/src/chrome/content/rules/piratebays.co.uk.xml
deleted file mode 100644
index 623de0b15f37..000000000000
--- a/src/chrome/content/rules/piratebays.co.uk.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="piratebays.co.uk">
-	<target host="piratebays.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratebays.co.xml b/src/chrome/content/rules/piratebays.co.xml
deleted file mode 100644
index 29459e430ac2..000000000000
--- a/src/chrome/content/rules/piratebays.co.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="piratebays.co">
-	<target host="piratebays.co" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piraten.lu.xml b/src/chrome/content/rules/piraten.lu.xml
index e3ddf8173e9a..33369a20eeb1 100644
--- a/src/chrome/content/rules/piraten.lu.xml
+++ b/src/chrome/content/rules/piraten.lu.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.piraten.lu/ => https://www.piraten.lu/: (60, 'SSL certif
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Piraten.lu" default_off='failed ruleset test'>
+<ruleset name="Piraten.lu" default_off="failed ruleset test">
 
 	<target host="piraten.lu" />
 	<target host="pad.piraten.lu" />
diff --git a/src/chrome/content/rules/piratepartei.lu.xml b/src/chrome/content/rules/piratepartei.lu.xml
deleted file mode 100644
index 9f83a55626a0..000000000000
--- a/src/chrome/content/rules/piratepartei.lu.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Pirate Partei.lu">
-
-	<target host="piratepartei.lu" />
-	<target host="wiki.piratepartei.lu" />
-	<target host="www.piratepartei.lu" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.click.xml b/src/chrome/content/rules/pirateproxy.click.xml
deleted file mode 100644
index b4c6e26de22f..000000000000
--- a/src/chrome/content/rules/pirateproxy.click.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="pirateproxy.click">
-	<target host="pirateproxy.click" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.club.xml b/src/chrome/content/rules/pirateproxy.club.xml
deleted file mode 100644
index bd9de3c5c032..000000000000
--- a/src/chrome/content/rules/pirateproxy.club.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Mismatched:
-		- www (pirateproxy.club)
--->
-
-<ruleset name="pirateproxy.club">
-	<target host="pirateproxy.club" />
-	<target host="www.pirateproxy.club" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://www\.pirateproxy\.club/" to="https://pirateproxy.club/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.wf.xml b/src/chrome/content/rules/pirateproxy.wf.xml
deleted file mode 100644
index 2d5f654ec891..000000000000
--- a/src/chrome/content/rules/pirateproxy.wf.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="pirateproxy.wf">
-	<target host="pirateproxy.wf" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pirateproxy.yt.xml b/src/chrome/content/rules/pirateproxy.yt.xml
deleted file mode 100644
index c1e015ff315b..000000000000
--- a/src/chrome/content/rules/pirateproxy.yt.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="pirateproxy.yt">
-	<target host="pirateproxy.yt" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratesahoy.net.xml b/src/chrome/content/rules/piratesahoy.net.xml
new file mode 100644
index 000000000000..0511ba08b44c
--- /dev/null
+++ b/src/chrome/content/rules/piratesahoy.net.xml
@@ -0,0 +1,28 @@
+<!--
+	Invalid certificate:
+		ftp.piratesahoy.net
+		whm.piratesahoy.net
+
+	Refused:
+		localhost.piratesahoy.net
+
+	Redirect to HTTP:
+		cloud.piratesahoy.net
+		www.cloud.piratesahoy.net
+-->
+<ruleset name="piratesahoy.net">
+	<target host="piratesahoy.net" />
+	<target host="www.piratesahoy.net" />
+	<target host="cpanel.piratesahoy.net" />
+	<target host="cpcalendars.piratesahoy.net" />
+	<target host="cpcontacts.piratesahoy.net" />
+	<target host="mail.piratesahoy.net" />
+	<target host="pacloud.piratesahoy.net" />
+	<target host="www.pacloud.piratesahoy.net" />
+	<target host="sqldump.piratesahoy.net" />
+	<target host="www.sqldump.piratesahoy.net" />
+	<target host="webdisk.piratesahoy.net" />
+	<target host="webmail.piratesahoy.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pirateunblocked.xyz.xml b/src/chrome/content/rules/pirateunblocked.xyz.xml
deleted file mode 100644
index ceaa6ee91d1e..000000000000
--- a/src/chrome/content/rules/pirateunblocked.xyz.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="pirateunblocked.xyz">
-	<target host="pirateunblocked.xyz" />
-	<target host="www.pirateunblocked.xyz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/piratpartiet.dk.xml b/src/chrome/content/rules/piratpartiet.dk.xml
deleted file mode 100644
index 7bbddd868a88..000000000000
--- a/src/chrome/content/rules/piratpartiet.dk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="piratpartiet.dk">
-
-	<target host="piratpartiet.dk" />
-	<target host="www.piratpartiet.dk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pixhost.org.xml b/src/chrome/content/rules/pixhost.org.xml
deleted file mode 100644
index 5ec695d2cc51..000000000000
--- a/src/chrome/content/rules/pixhost.org.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-Invalid certificate:
-	dev.pixhost.org
-
-Refused:
-	backup.pixhost.org
--->
-<ruleset name="pixhost.org">
-	<target host="pixhost.org" />
-	<target host="www.pixhost.org" />
-	<target host="api.pixhost.org" />
-	<target host="img1.pixhost.org" />
-	<target host="img2.pixhost.org" />
-	<target host="img3.pixhost.org" />
-	<target host="img4.pixhost.org" />
-	<target host="img5.pixhost.org" />
-	<target host="img6.pixhost.org" />
-	<target host="img7.pixhost.org" />
-	<target host="img8.pixhost.org" />
-	<target host="t1.pixhost.org" />
-	<target host="t2.pixhost.org" />
-	<target host="t3.pixhost.org" />
-	<target host="t4.pixhost.org" />
-	<target host="t5.pixhost.org" />
-	<target host="t6.pixhost.org" />
-	<target host="t7.pixhost.org" />
-	<target host="t8.pixhost.org" />
-	
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pixxxels.org.xml b/src/chrome/content/rules/pixxxels.org.xml
deleted file mode 100644
index fcb342f1487f..000000000000
--- a/src/chrome/content/rules/pixxxels.org.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<ruleset name="pixxxels.org">
-
-	<target host="s9.pixxxels.org" />
-	<target host="s12.pixxxels.org" />
-	<target host="s14.pixxxels.org" />
-	<target host="s17.pixxxels.org" />
-	<target host="s27.pixxxels.org" />
-	<target host="s28.pixxxels.org" />
-	<target host="s29.pixxxels.org" />
-	<target host="s30.pixxxels.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pki.goog.xml b/src/chrome/content/rules/pki.goog.xml
new file mode 100644
index 000000000000..02ea3d24cdd3
--- /dev/null
+++ b/src/chrome/content/rules/pki.goog.xml
@@ -0,0 +1,27 @@
+<!--
+	For other Google related rulesets, see GoogleServices.xml.
+
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		- expired.*.pki.goog
+		- revoked.*.pki.goog
+
+	Unable to get local issuer certificate:
+		- good.r1demo.pki.goog
+		- good.r2demo.pki.goog
+		- good.r3demo.pki.goog
+		- good.r4demo.pki.goog
+-->
+<ruleset name="Google Trust Services">
+
+	<target host="pki.goog" />
+	<target host="crl.pki.goog" />
+	<target host="good.gsr2demo.pki.goog" />
+	<target host="good.gsr4demo.pki.goog" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/plainenglish.co.uk.xml b/src/chrome/content/rules/plainenglish.co.uk.xml
index 3fd6208a939b..935007b1668b 100644
--- a/src/chrome/content/rules/plainenglish.co.uk.xml
+++ b/src/chrome/content/rules/plainenglish.co.uk.xml
@@ -17,7 +17,7 @@ Fetch error: http://www.plainenglish.co.uk/ => https://www.plainenglish.co.uk/:
 	ˢ Secured by us
 
 -->
-<ruleset name="Plain English.co.uk" default_off='failed ruleset test'>
+<ruleset name="Plain English.co.uk" default_off="failed ruleset test">
 
 	<target host="plainenglish.co.uk" />
 	<target host="www.plainenglish.co.uk" />
diff --git a/src/chrome/content/rules/planetrulers.xml b/src/chrome/content/rules/planetrulers.xml
index 0eaa91a2186e..015db691dd04 100644
--- a/src/chrome/content/rules/planetrulers.xml
+++ b/src/chrome/content/rules/planetrulers.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.planetrulers.com/ => https://www.planetrulers.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.planetrulers.com'")
 
 -->
-<ruleset name="Planet Rulers" default_off='failed ruleset test'>
+<ruleset name="Planet Rulers" default_off="failed ruleset test">
 	<target host="planetrulers.com" />
 	<target host="www.planetrulers.com" />
 
diff --git a/src/chrome/content/rules/plasq.com.xml b/src/chrome/content/rules/plasq.com.xml
new file mode 100644
index 000000000000..b3e0cf040cfb
--- /dev/null
+++ b/src/chrome/content/rules/plasq.com.xml
@@ -0,0 +1,48 @@
+<!--
+	HTTPS != HHTP:
+		seqa.plasq.com
+
+	Invalid certificate:
+		media.plasq.com
+		nfs.plasq.com
+		starbuck.plasq.com
+		updater.plasq.com
+		downloads.plasq.com
+
+	Protocol error:
+		forum.plasq.com
+
+	Refused:
+		docs.plasq.com
+		video.plasq.com
+		vpn.plasq.com
+		webmail.plasq.com
+-->
+<ruleset name="plasq.com">
+	<target host="plasq.com" />
+	<target host="www.plasq.com" />
+	<target host="account.plasq.com" />
+	<target host="bugreports.plasq.com" />
+	<target host="comics.plasq.com" />
+	<target host="crashreports.plasq.com" />
+	<target host="forums.plasq.com" />
+	<target host="help.plasq.com" />
+	<target host="new.plasq.com" />
+	<target host="old.plasq.com" />
+	<target host="plasqsite.plasq.com" />
+	<target host="quincykit.plasq.com" />
+	<target host="quincykit3.plasq.com" />
+	<target host="r.plasq.com" />
+	<target host="secure.plasq.com" />
+	<target host="seq.plasq.com" />
+	<target host="support.plasq.com" />
+	<target host="todo.plasq.com" />
+	<target host="tools.plasq.com" />
+	<target host="update.plasq.com" />
+	<target host="upgrade.plasq.com" />
+	<target host="web.plasq.com" />
+	<target host="webdev.plasq.com" />
+	<target host="webservices.plasq.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/playground.ru.xml b/src/chrome/content/rules/playground.ru.xml
new file mode 100644
index 000000000000..59b5820d8965
--- /dev/null
+++ b/src/chrome/content/rules/playground.ru.xml
@@ -0,0 +1,68 @@
+<!--
+	Invalid certificate:
+		0-mail.playground.ru
+		archive.playground.ru
+		blackbone.playground.ru
+		cheathall.playground.ru
+		club.playground.ru
+		ftp.playground.ru
+		mail.playground.ru
+		pg-dl.playground.ru
+		ts.playground.ru
+		www2.playground.ru
+		www5.playground.ru
+		www6.playground.ru
+
+	Redirect to HTTP:
+		mobile.playground.ru
+
+	Refused:
+		dc.playground.ru
+		et.playground.ru
+		hl.playground.ru
+
+	Time out:
+		dev.playground.ru
+		dev2.playground.ru
+		dev-git.playground.ru
+		dl1.playground.ru
+		dl2.playground.ru
+		dl3.playground.ru
+		download.playground.ru
+		drugit.playground.ru
+		pg.playground.ru
+		q2.playground.ru
+		q3.playground.ru
+		q4.playground.ru
+		qw.playground.ru
+		ss.playground.ru
+		test.playground.ru
+		test2.playground.ru
+		video0.playground.ru
+		www1.playground.ru
+		www3.playground.ru
+		www4.playground.ru
+-->
+<ruleset name="playground.ru">
+	<target host="playground.ru" />
+	<target host="www.playground.ru" />
+	<target host="dl.playground.ru" />
+	<target host="forums.playground.ru" />
+	<target host="www.forums.playground.ru" />
+	<target host="frostbone.playground.ru" />
+	<target host="games.playground.ru" />
+	<target host="i.playground.ru" />
+	<target host="img.playground.ru" />
+	<target host="megaplan.playground.ru" />
+	<target host="news.playground.ru" />
+	<target host="www.news.playground.ru" />
+	<target host="pix.playground.ru" />
+	<target host="www.pix.playground.ru" />
+	<target host="system.playground.ru" />
+	<target host="users.playground.ru" />
+	<target host="www.users.playground.ru" />
+	<target host="video.playground.ru" />
+	<target host="video2.playground.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/playphrase.me.xml b/src/chrome/content/rules/playphrase.me.xml
new file mode 100644
index 000000000000..7eaa5cf22ef9
--- /dev/null
+++ b/src/chrome/content/rules/playphrase.me.xml
@@ -0,0 +1,6 @@
+<ruleset name="playphrase.me">
+	<target host="playphrase.me" />
+	<target host="www.playphrase.me" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/plymouth.gov.uk.xml b/src/chrome/content/rules/plymouth.gov.uk.xml
index 210239999d11..2108fa2f4246 100644
--- a/src/chrome/content/rules/plymouth.gov.uk.xml
+++ b/src/chrome/content/rules/plymouth.gov.uk.xml
@@ -24,7 +24,7 @@
 
 		- Images on democracy from go.m-gov.eu ⁴
 		- favicon on secure1 from www.plymouth.gov.uk ʳ
-	
+
 	⁴ Unsecurable <= 404
 	ʳ Unsecurable <= refused
 
diff --git a/src/chrome/content/rules/pmem.io.xml b/src/chrome/content/rules/pmem.io.xml
new file mode 100644
index 000000000000..43d589419249
--- /dev/null
+++ b/src/chrome/content/rules/pmem.io.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		www.pmem.io
+-->
+<ruleset name="pmem.io">
+	<target host="pmem.io" />
+	<target host="docs.pmem.io" />
+	<target host="kb.pmem.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pmf.gov.xml b/src/chrome/content/rules/pmf.gov.xml
deleted file mode 100644
index b46ddd2be046..000000000000
--- a/src/chrome/content/rules/pmf.gov.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Presidential Management Fellows Program
-
-
-
-	Insecure cookies are set for these hosts:
-
-		- pmf.gov
-		- www.pmf.gov
-
--->
-<ruleset name="PMF.gov">
-
-	<target host="pmf.gov" />
-	<target host="www.pmf.gov" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?pmf\.gov$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pocketmags.com.xml b/src/chrome/content/rules/pocketmags.com.xml
index cd0f22dc6117..ed7845296018 100644
--- a/src/chrome/content/rules/pocketmags.com.xml
+++ b/src/chrome/content/rules/pocketmags.com.xml
@@ -1,6 +1,6 @@
 <!--
 	CDN buckets:
-	
+
 		- mccovers.blob.core.windows.net
 
 
diff --git a/src/chrome/content/rules/pokerstars.com.xml b/src/chrome/content/rules/pokerstars.com.xml
index 0801da3fa99a..0d823dfc7fbe 100644
--- a/src/chrome/content/rules/pokerstars.com.xml
+++ b/src/chrome/content/rules/pokerstars.com.xml
@@ -1,7 +1,6 @@
 <!--
 	Other PokerStars rulesets:
 
-		- pokerstarsapps.com.xml
 
 
 	Insecure cookies are set for these domains:
diff --git a/src/chrome/content/rules/pokerstarsapps.com.xml b/src/chrome/content/rules/pokerstarsapps.com.xml
deleted file mode 100644
index 7b27624386f2..000000000000
--- a/src/chrome/content/rules/pokerstarsapps.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other PokerStars coverage, see pokerstars.com.xml.
-
--->
-<ruleset name="PokerStars apps.com">
-
-	<target host="pokerstarsapps.com" />
-	<target host="www.pokerstarsapps.com" />
-
-		<test url="http://pokerstarsapps.com/tutorial/" />
-
-
-	<securecookie host="^\." name="^__utm" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/pokerstarspartners.com.xml b/src/chrome/content/rules/pokerstarspartners.com.xml
index d381f9a8bffe..b831f1bfd90e 100644
--- a/src/chrome/content/rules/pokerstarspartners.com.xml
+++ b/src/chrome/content/rules/pokerstarspartners.com.xml
@@ -9,7 +9,7 @@
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="PokerStars Partners.com" default_off="missing certificate chain">
+<ruleset name="PokerStars Partners.com" default_off="cert-chain">
 
 	<target host="pokerstarspartners.com" />
 	<target host="www.pokerstarspartners.com" />
diff --git a/src/chrome/content/rules/polarcloud.com.xml b/src/chrome/content/rules/polarcloud.com.xml
new file mode 100644
index 000000000000..13d35bd06ade
--- /dev/null
+++ b/src/chrome/content/rules/polarcloud.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		dc-517cb9143db7.polarcloud.com
+-->
+<ruleset name="polarcloud.com">
+	<target host="polarcloud.com" />
+	<target host="www.polarcloud.com" />
+	<target host="mail.polarcloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/popcorntime.sh.xml b/src/chrome/content/rules/popcorntime.sh.xml
index 81fe731d5236..a6c2fb17ff24 100644
--- a/src/chrome/content/rules/popcorntime.sh.xml
+++ b/src/chrome/content/rules/popcorntime.sh.xml
@@ -16,7 +16,7 @@
 	<target host="ci.popcorntime.sh" />
 	<target host="get.popcorntime.sh" />
 	<target host="status.popcorntime.sh" />
-	
+
 	<!--Fork-->
 	<target host="popcorn-time.to" />
 	<target host="www.popcorn-time.to" />
@@ -24,15 +24,15 @@
 	<target host="cydia.popcorn-time.to" />
 	<target host="forum.popcorn-time.to" />
 	<target host="ios.popcorn-time.to" />
-	
+
 	<!--Fork-->
 	<target host="getpopcorntime.org" />
 	<target host="www.getpopcorntime.org" />
-	
+
 	<!--Fork-->
 	<target host="popcorntime-online.io" />
 	<target host="www.popcorntime-online.io" />
-	
+
 	<!--Fork-->
 	<target host="popcorntime.ws" />
 	<target host="www.popcorntime.ws" />
diff --git a/src/chrome/content/rules/pornolab.net.xml b/src/chrome/content/rules/pornolab.net.xml
index 63e13e478a60..f2f47a16415b 100644
--- a/src/chrome/content/rules/pornolab.net.xml
+++ b/src/chrome/content/rules/pornolab.net.xml
@@ -1,14 +1,14 @@
-<!-- 
-Certificate mismatch: 
+<!--
+Certificate mismatch:
 	bt.pornolab.net
 
 Refused:
 	robot.pornolab.net
 -->
-<ruleset name="Pornolab.net">       
-	<target host="pornolab.net" />       
-	<target host="www.pornolab.net" />    
+<ruleset name="Pornolab.net">
+	<target host="pornolab.net" />
+	<target host="www.pornolab.net" />
 	<target host="static.pornolab.net" />
- 
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/portablepython.com.xml b/src/chrome/content/rules/portablepython.com.xml
new file mode 100644
index 000000000000..a7c6d1911a92
--- /dev/null
+++ b/src/chrome/content/rules/portablepython.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="portablepython.com">
+	<target host="portablepython.com" />
+	<target host="www.portablepython.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/portalpiratebay.co.uk.xml b/src/chrome/content/rules/portalpiratebay.co.uk.xml
deleted file mode 100644
index ad893ce495f4..000000000000
--- a/src/chrome/content/rules/portalpiratebay.co.uk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="portalpiratebay.co.uk">
-	<target host="portalpiratebay.co.uk" />
-	<target host="www.portalpiratebay.co.uk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/postovoy.org.xml b/src/chrome/content/rules/postovoy.org.xml
deleted file mode 100644
index 0546f9e3267b..000000000000
--- a/src/chrome/content/rules/postovoy.org.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-	www.postovoy.org: Mismatched
-
--->
-<ruleset name="Postovoy.org">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="postovoy.org" />
-	<target host="cdn.postovoy.org" />
-
-	<!--	Complications:
-				-->
-	<target host="www.postovoy.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.postovoy\.org/"
-		to="https://postovoy.org/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/ppoi.org.xml b/src/chrome/content/rules/ppoi.org.xml
deleted file mode 100644
index c56452b2cf4c..000000000000
--- a/src/chrome/content/rules/ppoi.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="ppoi.org">
-	<target host="ppoi.org" />
-	<target host="www.ppoi.org" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pqube.co.uk.xml b/src/chrome/content/rules/pqube.co.uk.xml
new file mode 100644
index 000000000000..639b09e386cf
--- /dev/null
+++ b/src/chrome/content/rules/pqube.co.uk.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		ftp.pqube.co.uk
+		hostmaster.pqube.co.uk
+		img.newsletter.pqube.co.uk
+		r.newsletter.pqube.co.uk
+		vnc.pqube.co.uk
+		vnc2.pqube.co.uk
+		webmail.pqube.co.uk
+
+	Refused:
+		calendar.pqube.co.uk
+
+	Time out:
+		news.pqube.co.uk
+		newsletter.pqube.co.uk
+		spamgateway.pqube.co.uk
+		imap.pqube.co.uk
+		mail.pqube.co.uk
+		smtp.pqube.co.uk
+
+	Unreachable:
+		autodiscover.pqube.co.uk
+-->
+<ruleset name="pqube.co.uk">
+	<target host="pqube.co.uk" />
+	<target host="www.pqube.co.uk" />
+	<target host="infinite.pqube.co.uk" />
+	<target host="oqqypf.pqube.co.uk" />
+	<target host="sage.pqube.co.uk" />
+
+	<rule from="^http://www\.pqube\.co\.uk/" to="https://pqube.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/praktikpladsen.dk.xml b/src/chrome/content/rules/praktikpladsen.dk.xml
index 1a8115450c7d..43bb0c699d7a 100644
--- a/src/chrome/content/rules/praktikpladsen.dk.xml
+++ b/src/chrome/content/rules/praktikpladsen.dk.xml
@@ -1,6 +1,6 @@
 <ruleset name="Praktikpladsen">
 	<target host="praktikpladsen.dk" />
 	<target host="www.praktikpladsen.dk" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/pravdatyt.com.xml b/src/chrome/content/rules/pravdatyt.com.xml
deleted file mode 100644
index 575b9d294345..000000000000
--- a/src/chrome/content/rules/pravdatyt.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<!-- admin. mismatch -->
-<ruleset name="pravdatyt.com">
-	<target host="pravdatyt.com" />
-	<target host="www.pravdatyt.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pravobraz.ru.xml b/src/chrome/content/rules/pravobraz.ru.xml
index 10cc2a7abd34..bd51d1a28390 100644
--- a/src/chrome/content/rules/pravobraz.ru.xml
+++ b/src/chrome/content/rules/pravobraz.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cdn1.pravobraz.ru/ => https://cdn1.pravobraz.ru/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="pravobraz.ru" default_off='failed ruleset test'>
+<ruleset name="pravobraz.ru" default_off="failed ruleset test">
 	<target host="pravobraz.ru" />
 	<target host="www.pravobraz.ru" />
 	<target host="mroc.pravobraz.ru" />
diff --git a/src/chrome/content/rules/pretty52.com.xml b/src/chrome/content/rules/pretty52.com.xml
index 29dc72f416ed..8d592fef288b 100644
--- a/src/chrome/content/rules/pretty52.com.xml
+++ b/src/chrome/content/rules/pretty52.com.xml
@@ -15,7 +15,7 @@ Fetch error: http://www.pretty52.com/ => https://www.pretty52.com/: Too many red
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Pretty 52.com" default_off='failed ruleset test'>
+<ruleset name="Pretty 52.com" default_off="failed ruleset test">
 
 	<target host="pretty52.com" />
 	<target host="www.pretty52.com" />
diff --git a/src/chrome/content/rules/preuveneers.be.xml b/src/chrome/content/rules/preuveneers.be.xml
new file mode 100644
index 000000000000..761b3443211b
--- /dev/null
+++ b/src/chrome/content/rules/preuveneers.be.xml
@@ -0,0 +1,7 @@
+<ruleset name="preuveneers.be">
+	<target host="preuveneers.be" />
+	<target host="www.preuveneers.be" />
+	<target host="davy.preuveneers.be" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/prnt.sc.xml b/src/chrome/content/rules/prnt.sc.xml
index 0f2f8f010a2b..91d7fdfa3ec3 100644
--- a/src/chrome/content/rules/prnt.sc.xml
+++ b/src/chrome/content/rules/prnt.sc.xml
@@ -1,17 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Non-2xx HTTP code: http://www.prnt.sc/ (200) => https://www.prnt.sc/ (403)
-
+	HTTP ≠ HTTPS:
+		- www
 -->
-<ruleset name="prnt.sc" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="prnt.sc">
 	<target host="prnt.sc" />
 	<target host="www.prnt.sc" />
 	<target host="ads.prnt.sc" />
-		<test url="http://ads.prnt.sc/ads/adtrue/728x90/index.html" />
 	<target host="app.prnt.sc" />
 
 	<securecookie host=".+" name=".+" />
 
+	<rule from="^http://www\.prnt\.sc/" to="https://prnt.sc/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/pro.hostingas.lt.xml b/src/chrome/content/rules/pro.hostingas.lt.xml
index c72ffd9e7b75..433d0618429d 100644
--- a/src/chrome/content/rules/pro.hostingas.lt.xml
+++ b/src/chrome/content/rules/pro.hostingas.lt.xml
@@ -1,6 +1,6 @@
 <ruleset name="pro.hostingas.lt">
 	<target host="pro.hostingas.lt" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/proXPN.xml b/src/chrome/content/rules/proXPN.xml
index f9bb757aa05c..64b52d88ba37 100644
--- a/src/chrome/content/rules/proXPN.xml
+++ b/src/chrome/content/rules/proXPN.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://get.proxpn.com/ => https://get.proxpn.com/: (51, "SSL: no alternative certificate subject name matches target host name 'get.proxpn.com'")
 
 -->
-<ruleset name="proXPN" default_off='failed ruleset test'>
+<ruleset name="proXPN" default_off="failed ruleset test">
 	<target host=        "proxpn.com" />
 	<target host=   "blog.proxpn.com" />
 	<target host=    "get.proxpn.com" />
diff --git a/src/chrome/content/rules/projectable.me.xml b/src/chrome/content/rules/projectable.me.xml
new file mode 100644
index 000000000000..eb48d0e2f664
--- /dev/null
+++ b/src/chrome/content/rules/projectable.me.xml
@@ -0,0 +1,5 @@
+<ruleset name="projectable.me">
+	<target host="projectable.me" />
+	<target host="www.projectable.me" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/projectdev.org.xml b/src/chrome/content/rules/projectdev.org.xml
index a0ec39be2ac0..8bdf3968fea2 100644
--- a/src/chrome/content/rules/projectdev.org.xml
+++ b/src/chrome/content/rules/projectdev.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://wiki.projectdev.org/ => https://wiki.projectdev.org/: (6, 'C
 Fetch error: http://web.projectdev.org/ => https://web.projectdev.org/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="projectdev.org" default_off='failed ruleset test'>
+<ruleset name="projectdev.org" default_off="failed ruleset test">
 	<target host="projectdev.org" />
 	<target host="www.projectdev.org" />
 	<target host="wiki.projectdev.org" />
diff --git a/src/chrome/content/rules/prokopievsk.ru.xml b/src/chrome/content/rules/prokopievsk.ru.xml
index 60ae7be4a28d..4a5f90590fc3 100644
--- a/src/chrome/content/rules/prokopievsk.ru.xml
+++ b/src/chrome/content/rules/prokopievsk.ru.xml
@@ -27,7 +27,7 @@ webcam.prokopievsk.ru ⁴
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="prokopievsk.ru" default_off='failed ruleset test'>
+<ruleset name="prokopievsk.ru" default_off="failed ruleset test">
 	<target host="prokopievsk.ru" />
 	<target host="www.prokopievsk.ru" />
 	<target host="2gis.prokopievsk.ru" />
diff --git a/src/chrome/content/rules/pronoun.is.xml b/src/chrome/content/rules/pronoun.is.xml
new file mode 100644
index 000000000000..439d9722ba63
--- /dev/null
+++ b/src/chrome/content/rules/pronoun.is.xml
@@ -0,0 +1,23 @@
+<!--
+	Mismatch:
+		hubots.pronoun.is
+		my.pronoun.is
+		www.pronoun.is
+
+	Remark: *.pronoun.is has a wildcard DNS record.
+-->
+<ruleset name="pronoun.is">
+	<target host="hubots.pronoun.is" />
+	<target host="my.pronoun.is" />
+	<target host="www.pronoun.is" />
+
+	<target host="pronoun.is" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://hubots\.pronoun\.is/" to="https://pronoun.is/" />
+	<rule from="^http://my\.pronoun\.is/" to="https://pronoun.is/" />
+	<rule from="^http://www\.pronoun\.is/" to="https://pronoun.is/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/propub3r6espa33w.onion.xml b/src/chrome/content/rules/propub3r6espa33w.onion.xml
index a106cac48d36..524d5db88b18 100644
--- a/src/chrome/content/rules/propub3r6espa33w.onion.xml
+++ b/src/chrome/content/rules/propub3r6espa33w.onion.xml
@@ -1,16 +1,16 @@
 <!--
 	For related clearnet rules, see ProPublica.org.xml
 
-	See 
+	See
 	https://www.propublica.org/nerds/a-more-secure-and-anonymous-propublica-using-tor-hidden-services
 	for a discussion about ProPublica's .onion services.
-	In particular, this page links to 
-	https://gist.githubusercontent.com/mtigas/0d49b42fab6f9d2f7e69/raw/2-tor 
+	In particular, this page links to
+	https://gist.githubusercontent.com/mtigas/0d49b42fab6f9d2f7e69/raw/2-tor
 	which has a list of ProPublica .onion domains.
 
 	Invalid certificate:
 		ppasset42kropoy6.onion
-	
+
 	Refused:
 		pubapp7v22ykdou3.onion
 
diff --git a/src/chrome/content/rules/protvino.net.xml b/src/chrome/content/rules/protvino.net.xml
index 714b9ab95e57..6f6913180989 100644
--- a/src/chrome/content/rules/protvino.net.xml
+++ b/src/chrome/content/rules/protvino.net.xml
@@ -11,14 +11,14 @@ support.protvino.net mismatch
 hs.protvino.net mismatch
 uefa2016.protvino.net timed out
 -->
-<ruleset name="protvino.net (partial)" default_off='failed ruleset test'>
+<ruleset name="protvino.net (partial)" default_off="failed ruleset test">
 	<target host="protvino.net" />
 	<target host="www.protvino.net" />
 	<target host="mail.protvino.net" />
-	
+
 	<rule from="^http://www\.protvino\.net/"
 		to="https://protvino.net/" />
-	
+
 	<test url="http://www.protvino.net/" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/providercentral.org.uk.xml b/src/chrome/content/rules/providercentral.org.uk.xml
index 2e87d2bbd126..b8e65840a254 100644
--- a/src/chrome/content/rules/providercentral.org.uk.xml
+++ b/src/chrome/content/rules/providercentral.org.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://providercentral.org.uk/ => https://www.providercentral.org.u
 	^providercentral.org.uk: Handshake fails
 
 -->
-<ruleset name="Provider Central.org.uk" default_off='failed ruleset test'>
+<ruleset name="Provider Central.org.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/prox.press.xml b/src/chrome/content/rules/prox.press.xml
deleted file mode 100644
index fdb62f7d0a4f..000000000000
--- a/src/chrome/content/rules/prox.press.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	www doesn't exist.
--->
-
-<ruleset name="prox.press">
-	<target host="prox.press" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/proxybay.pl.xml b/src/chrome/content/rules/proxybay.pl.xml
deleted file mode 100644
index 8584aaf782a9..000000000000
--- a/src/chrome/content/rules/proxybay.pl.xml
+++ /dev/null
@@ -1,18 +0,0 @@
-<!--
-	Non-functional hosts
-		Timeout was reached:
-			 - thefastbay.com
-			 - www.thefastbay.com
-			 - www.fastpiratebay.eu
-
-		SSL peer certificate was not OK:
-			 - thepiratebay.de.com
-			 - piratebay1.com
-			 - www.piratebay1.com
--->
-<ruleset name="proxybay.pl">
-	<target host="proxybay.pl" />
-	<target host="www.proxybay.pl" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/proxyportal.org.xml b/src/chrome/content/rules/proxyportal.org.xml
index e83299f7a593..02d2ca681b76 100644
--- a/src/chrome/content/rules/proxyportal.org.xml
+++ b/src/chrome/content/rules/proxyportal.org.xml
@@ -38,7 +38,7 @@ Fetch error: http://thepiratebay.webypass.xyz/ => https://thepiratebay.webypass.
 pirateproxy.press non-2xx http code
 -->
 <!--The Pirate Bay proxies from proxyportal.org Main ruleset: ThePirateBay.xml-->
-<ruleset name="proxyportal.org" default_off='failed ruleset test'>
+<ruleset name="proxyportal.org" default_off="failed ruleset test">
 	<target host="piratebit.tech" />
 	<target host="www.piratebit.tech" />
 	<target host="www.pirateproxy.press" />
@@ -94,4 +94,4 @@ pirateproxy.press non-2xx http code
 	<target host="thepiratebay.webypass.xyz" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/proxyship.cf.xml b/src/chrome/content/rules/proxyship.cf.xml
deleted file mode 100644
index c10b37e4de75..000000000000
--- a/src/chrome/content/rules/proxyship.cf.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	www doesn't exist.
--->
-
-<ruleset name="proxyship.cf">
-	<target host="proxyship.cf" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/pspx.ru.xml b/src/chrome/content/rules/pspx.ru.xml
new file mode 100644
index 000000000000..1d868dda34c9
--- /dev/null
+++ b/src/chrome/content/rules/pspx.ru.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		ftp.pspx.ru
+-->
+<ruleset name="pspx.ru">
+	<target host="pspx.ru" />
+	<target host="www.pspx.ru" />
+	<target host="dress.pspx.ru" />
+	<target host="mag.pspx.ru" />
+	<target host="vast.pspx.ru" />
+	<target host="wiki.pspx.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/puphpet.com.xml b/src/chrome/content/rules/puphpet.com.xml
index 208e3445150a..e296fc76e54b 100644
--- a/src/chrome/content/rules/puphpet.com.xml
+++ b/src/chrome/content/rules/puphpet.com.xml
@@ -8,7 +8,7 @@ beta.puphpet.com ¹
 
 ¹ mismatch
 -->
-<ruleset name="puphpet.com" default_off='failed ruleset test'>
+<ruleset name="puphpet.com" default_off="failed ruleset test">
 	<target host="puphpet.com" />
 	<target host="www.puphpet.com" />
 	<target host="blog.puphpet.com" />
diff --git a/src/chrome/content/rules/pwntools.com.xml b/src/chrome/content/rules/pwntools.com.xml
new file mode 100644
index 000000000000..fcdf6d491512
--- /dev/null
+++ b/src/chrome/content/rules/pwntools.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		dc-53f34a447c48.pwntools.com
+-->
+<ruleset name="pwntools.com">
+	<target host="pwntools.com" />
+	<target host="www.pwntools.com" />
+	<target host="binutils.pwntools.com" />
+	<target host="demo.pwntools.com" />
+	<target host="docs.pwntools.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/pyeongchang2018.com.xml b/src/chrome/content/rules/pyeongchang2018.com.xml
index 5de4f3aa88ef..036928fc3c13 100644
--- a/src/chrome/content/rules/pyeongchang2018.com.xml
+++ b/src/chrome/content/rules/pyeongchang2018.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://missionrelay.pyeongchang2018.com/ => https://missionrelay.py
 
 newsletter.pyeongchang2018.com mismatch
 -->
-<ruleset name="pyeongchang2018.com" default_off='failed ruleset test'>
+<ruleset name="pyeongchang2018.com" default_off="failed ruleset test">
 	<target host="pyeongchang2018.com" />
 	<target host="www.pyeongchang2018.com" />
 	<target host="missionrelay.pyeongchang2018.com" />
diff --git a/src/chrome/content/rules/pytamy.pl.xml b/src/chrome/content/rules/pytamy.pl.xml
index a03dfd2f66b9..3d429f3d9436 100644
--- a/src/chrome/content/rules/pytamy.pl.xml
+++ b/src/chrome/content/rules/pytamy.pl.xml
@@ -7,7 +7,7 @@
 			- ^ from a.wpimg.pl ˢ
 
 		- Bugs, on:
-		
+
 			- ^ from trzyszopy.pl ʰ
 			- ^ from ticket.www.wp.pl ˢ
 
diff --git a/src/chrome/content/rules/q-assets.com.xml b/src/chrome/content/rules/q-assets.com.xml
deleted file mode 100644
index 4dc94dbaa713..000000000000
--- a/src/chrome/content/rules/q-assets.com.xml
+++ /dev/null
@@ -1,34 +0,0 @@
-<!--
-	For other Amazon coverage, see Amazon.xml.
-
--->
-<ruleset name="Q-assets.com">
-
-	<target host="beautybar.q-assets.com" />
-	<target host="c1.q-assets.com" />
-	<target host="c2.q-assets.com" />
-	<target host="c3.q-assets.com" />
-	<target host="c4.q-assets.com" />
-	<target host="casa.q-assets.com" />
-	<target host="soap.q-assets.com" />
-	<target host="wag.q-assets.com" />
-	<target host="yoyo.q-assets.com" />
-
-		<test url="http://beautybar.q-assets.com/Images/categoryTabShadowBg.gif" />
-		<test url="http://c1.q-assets.com/images/products/fbe/fbe-008_med2a.jpg" />
-		<test url="http://c2.q-assets.com/images/products/byt/byt-063_med2a.jpg" />
-		<test url="http://c3.q-assets.com/images/products/alq/alq-255_med2a.jpg" />
-		<test url="http://c4.q-assets.com/images/products/blo/blo-030_med2a.jpg" />
-		<test url="http://casa.q-assets.com/images/herobannermiddlebg.png" />
-		<test url="http://soap.q-assets.com/images/category/cat_skincaremakeupfragrance.jpg" />
-		<test url="http://wag.q-assets.com/images/banners/brand/tidycats_125x50.gif" />
-		<test url="http://yoyo.q-assets.com/images/wrapboxbg.gif" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/qdcdn.com.xml b/src/chrome/content/rules/qdcdn.com.xml
index 3ac878631d76..7cffcde8f14a 100644
--- a/src/chrome/content/rules/qdcdn.com.xml
+++ b/src/chrome/content/rules/qdcdn.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://ssl.qdcdn.com/ => https://ssl.qdcdn.com/: (7, 'Failed to con
 	Timeout:
 		- 2fs.qdcdn.com
 -->
-<ruleset name="qdcdn.com" default_off='failed ruleset test'>
+<ruleset name="qdcdn.com" default_off="failed ruleset test">
 	<target host="ssl.qdcdn.com" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/qf.org.qa.xml b/src/chrome/content/rules/qf.org.qa.xml
index 327fc50eea7d..ed43e88a041e 100644
--- a/src/chrome/content/rules/qf.org.qa.xml
+++ b/src/chrome/content/rules/qf.org.qa.xml
@@ -44,7 +44,7 @@ Timeout:
 Other:
 	fas.qf.org.qa
 -->
-<ruleset name="Qatar Foundation" default_off='failed ruleset test'>
+<ruleset name="Qatar Foundation" default_off="failed ruleset test">
 	<target host="qf.org.qa" />
 	<target host="www.qf.org.qa" />
 	<target host="autodiscover.qf.org.qa" />
diff --git a/src/chrome/content/rules/qira.me.xml b/src/chrome/content/rules/qira.me.xml
new file mode 100644
index 000000000000..ab00298ccfa8
--- /dev/null
+++ b/src/chrome/content/rules/qira.me.xml
@@ -0,0 +1,7 @@
+<ruleset name="qira.me">
+  <target host="qira.me" />
+  <target host="www.qira.me" />
+  <target host="mail.qira.me" />
+
+  <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/qiwi.me.xml b/src/chrome/content/rules/qiwi.me.xml
index 0828efa8cc37..827c2101b7f6 100644
--- a/src/chrome/content/rules/qiwi.me.xml
+++ b/src/chrome/content/rules/qiwi.me.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.qiwi.me/ => https://www.qiwi.me/: (51, "SSL: no alternative certificate subject name matches target host name 'www.qiwi.me'")
 
 -->
-<ruleset name="qiwi.me" default_off='failed ruleset test'>
+<ruleset name="qiwi.me" default_off="failed ruleset test">
 	<target host="qiwi.me" />
 	<target host="www.qiwi.me" />
 
diff --git a/src/chrome/content/rules/qiyukf.com.xml b/src/chrome/content/rules/qiyukf.com.xml
index f2b5f07c887a..25d03d1aa670 100644
--- a/src/chrome/content/rules/qiyukf.com.xml
+++ b/src/chrome/content/rules/qiyukf.com.xml
@@ -4,7 +4,7 @@
 	<target host="www.qiyukf.com" />
 	<target host="xxxx.qiyukf.com" />
 	<target host="zikao.qiyukf.com" />
-		
+
 	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/quakelive.com.xml b/src/chrome/content/rules/quakelive.com.xml
new file mode 100644
index 000000000000..08b504c0720d
--- /dev/null
+++ b/src/chrome/content/rules/quakelive.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="quakelive.com">
+	<target host="quakelive.com" />
+	<target host="www.quakelive.com" />
+	<target host="secure.quakelive.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/quickline.xml b/src/chrome/content/rules/quickline.xml
index 113b014e4f2f..62295c33392e 100644
--- a/src/chrome/content/rules/quickline.xml
+++ b/src/chrome/content/rules/quickline.xml
@@ -11,7 +11,7 @@ Fetch error: http://webmail.quickline.ch/ => https://webmail.quickline.ch/: (51,
 		- ndt.quickline.com
 		- speedtest.quickline.com
 -->
-<ruleset name="Quickline" default_off='failed ruleset test'>
+<ruleset name="Quickline" default_off="failed ruleset test">
 	<target host="quickline.com"/>
 	<target host="www.quickline.com"/>
 	<target host="cloud.quickline.com"/>
diff --git a/src/chrome/content/rules/quran-online.ru.xml b/src/chrome/content/rules/quran-online.ru.xml
index b6076be1c99e..e895bee2e181 100644
--- a/src/chrome/content/rules/quran-online.ru.xml
+++ b/src/chrome/content/rules/quran-online.ru.xml
@@ -1,5 +1,5 @@
 <ruleset name="quran-online.ru">
-      
+
         <target host="quran-online.ru" />
         <target host="www.quran-online.ru" />
 
diff --git a/src/chrome/content/rules/r46.ru.xml b/src/chrome/content/rules/r46.ru.xml
index 3816a628419f..e7cba5ecec74 100644
--- a/src/chrome/content/rules/r46.ru.xml
+++ b/src/chrome/content/rules/r46.ru.xml
@@ -10,7 +10,7 @@ games.r46.ru timed out
 kabinet-old.r46.ru mismatch
 webmail.r46.ru mismatch
 -->
-<ruleset name="r46.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="r46.ru (partial)" default_off="failed ruleset test">
 	<target host="kabinet.r46.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/radeon.ru.xml b/src/chrome/content/rules/radeon.ru.xml
new file mode 100644
index 000000000000..de51cb263a49
--- /dev/null
+++ b/src/chrome/content/rules/radeon.ru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		files.radeon.ru
+		release.radeon.ru
+		www.release.radeon.ru
+-->
+<ruleset name="radeon.ru">
+	<target host="radeon.ru" />
+	<target host="www.radeon.ru" />
+	<target host="forum.radeon.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/radio-browser.info.xml b/src/chrome/content/rules/radio-browser.info.xml
new file mode 100644
index 000000000000..17c987b4e26c
--- /dev/null
+++ b/src/chrome/content/rules/radio-browser.info.xml
@@ -0,0 +1,10 @@
+<ruleset name="radio-browser.info">
+	<target host="radio-browser.info" />
+	<target host="www.radio-browser.info" />
+	<target host="api.radio-browser.info" />
+	<target host="de1.api.radio-browser.info" />
+	<target host="nl1.api.radio-browser.info" />
+
+	<rule from="^http://radio-browser\.info/" to="https://www.radio-browser.info/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/radiokniga.com.xml b/src/chrome/content/rules/radiokniga.com.xml
index 767714f49f65..9bf5c7fed773 100644
--- a/src/chrome/content/rules/radiokniga.com.xml
+++ b/src/chrome/content/rules/radiokniga.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://radiokniga.com/ => https://radiokniga.com/: (60, 'SSL certif
 Fetch error: http://www.radiokniga.com/ => https://www.radiokniga.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Radio Kniga.com" default_off='failed ruleset test'>
+<ruleset name="Radio Kniga.com" default_off="failed ruleset test">
 
 	<target host="radiokniga.com" />
 	<target host="www.radiokniga.com" />
diff --git a/src/chrome/content/rules/raglan23.co.nz.xml b/src/chrome/content/rules/raglan23.co.nz.xml
index ece180c2535d..5e762cf06a25 100644
--- a/src/chrome/content/rules/raglan23.co.nz.xml
+++ b/src/chrome/content/rules/raglan23.co.nz.xml
@@ -4,7 +4,7 @@
 		- css from d1ycn9118ccflb.cloudfront.net ˢ
 
 		- Images, from:
-		
+
 			- d1ycn9118ccflb.cloudfront.net ˢ
 			- $self ˢ
 			- \d+.media.tumblr.com ˢ
diff --git a/src/chrome/content/rules/railyatri.in.xml b/src/chrome/content/rules/railyatri.in.xml
new file mode 100644
index 000000000000..0a4c5adde7f3
--- /dev/null
+++ b/src/chrome/content/rules/railyatri.in.xml
@@ -0,0 +1,48 @@
+<!--
+	Content mismatch:
+		refunds.railyatri.in
+
+	Invalid certificate:
+		events.railyatri.in
+
+	Not found:
+		www.api.railyatri.in
+		blogs.railyatri.in
+		origin-events.railyatri.in
+		ryapi.railyatri.in
+		stage.railyatri.in
+
+	Refused:
+		adminwisdom.railyatri.in
+		blog.railyatri.in
+		lnk.railyatri.in
+		m.railyatri.in
+		mobile.railyatri.in
+
+	Timeout:
+		images.railyatri.in
+		new.railyatri.in
+		newsletter.railyatri.in
+		origin-www.railyatri.in
+		railwisdom.railyatri.in
+		services.railyatri.in
+		www2.railyatri.in
+-->
+<ruleset name="RailYatri.in">
+
+	<target host="railyatri.in" />
+	<target host="www.railyatri.in" />
+	<target host="agents-stage.railyatri.in" />
+	<target host="api.railyatri.in" />
+	<target host="origin-search.railyatri.in" />
+	<target host="pnr.railyatri.in" />
+	<target host="pnrhtml.railyatri.in" />
+	<target host="railradar.railyatri.in" />
+	<target host="search.railyatri.in" />
+	<target host="test.railyatri.in" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/rainews.it.xml b/src/chrome/content/rules/rainews.it.xml
new file mode 100644
index 000000000000..aa79fd317949
--- /dev/null
+++ b/src/chrome/content/rules/rainews.it.xml
@@ -0,0 +1,58 @@
+<!--
+	Problematic subdomains:
+		rainews.it (certificate mismatch)
+
+	Invalid certificate:
+		blog.rainews.it
+		ascoltatoredilettante.blog.rainews.it
+		beautytribune.blog.rainews.it
+		cinaduepuntozero.blog.rainews.it
+		confini.blog.rainews.it
+		dallarete.blog.rainews.it
+		dailyplanet.blog.rainews.it
+		dentrolamusica.blog.rainews.it
+		dialogo.blog.rainews.it
+		diariodaebola.blog.rainews.it
+		domenica24lintervista.blog.rainews.it
+		consumi.blog.rainews.it
+		coniltempochecorre.blog.rainews.it
+		economia.blog.rainews.it
+		fattichiari.blog.rainews.it
+		fermoimmagine.blog.rainews.it
+		futuro24.blog.rainews.it
+		greenwords.blog.rainews.it
+		guerrainsiriadiariodiplomatico.blog.rainews.it
+		ilgrandegioco.blog.rainews.it
+		iltransatlantico.blog.rainews.it
+		ippocrate.blog.rainews.it
+		kurdistan.blog.rainews.it
+		labor.blog.rainews.it
+		labussola.blog.rainews.it
+		lanotapolitica.blog.rainews.it	
+		lasublimeportagirevole.blog.rainews.it
+		letteredadavos.blog.rainews.it
+		leuropeoerrante.blog.rainews.it
+		ludotech.blog.rainews.it
+		pilloledimercalli.blog.rainews.it
+		poesia.blog.rainews.it
+		punctum.blog.rainews.it
+		rainewsochi.blog.rainews.it
+		rivegauche.blog.rainews.it
+		rush.blog.rainews.it
+		sabato24.blog.rainews.it
+		storiastorie.blog.rainews.it
+		studio24.blog.rainews.it
+		televisionary.blog.rainews.it
+		thalassa.blog.rainews.it
+		viadellaconciliazione.blog.rainews.it
+		files24.rainews.it
+		www.files24.rainews.it
+		ls.rainews.it
+-->
+<ruleset name="rainews.it">
+	<target host="rainews.it" />
+	<target host="www.rainews.it" />
+
+	<rule from="^http://rainews\.it/" to="https://www.rainews.it/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rapidrar.com.xml b/src/chrome/content/rules/rapidrar.com.xml
index 3c57972f2db0..d59abfe87d6e 100644
--- a/src/chrome/content/rules/rapidrar.com.xml
+++ b/src/chrome/content/rules/rapidrar.com.xml
@@ -20,7 +20,7 @@ Fetch error: http://www.rapidrar.com/ => https://www.rapidrar.com/: (60, 'SSL ce
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="RapidRAR.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="RapidRAR.com" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="rapidrar.com" />
 	<target host="www.rapidrar.com" />
diff --git a/src/chrome/content/rules/raptrcdn.com.xml b/src/chrome/content/rules/raptrcdn.com.xml
deleted file mode 100644
index 8f322df2c090..000000000000
--- a/src/chrome/content/rules/raptrcdn.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Raptr coverage, see Raptr.com.xml.
-
-
-	CDN buckets:
-
-		- d1ut3nrduxpo26.cloudfront.net	← b[01]
-
-
-	Problematic hosts in *raptrcdn.com:
-
-		- b[01] ᵐ
-
-	ᵐ Cloudfront / mismatched
-
--->
-<ruleset name="Raptr CDN.com">
-
-	<!--	Complications::
-				-->
-	<target host="b0.raptrcdn.com" />
-	<target host="b1.raptrcdn.com" />
-
-
-	<rule from="^http://b\d\.raptrcdn\.com/"
-		to="https://d1ut3nrduxpo26.cloudfront.net/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/rascal999.co.uk.xml b/src/chrome/content/rules/rascal999.co.uk.xml
index b654257aa4c4..85079588e375 100644
--- a/src/chrome/content/rules/rascal999.co.uk.xml
+++ b/src/chrome/content/rules/rascal999.co.uk.xml
@@ -7,7 +7,7 @@ Fetch error: http://rascal999.co.uk/ => https://rascal999.co.uk/: (6, 'Could not
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="rascal999.co.uk" default_off='failed ruleset test'>
+<ruleset name="rascal999.co.uk" default_off="failed ruleset test">
 
 	<target host="rascal999.co.uk" />
 	<target host="*.rascal999.co.uk" />
diff --git a/src/chrome/content/rules/ravenjs.com.xml b/src/chrome/content/rules/ravenjs.com.xml
deleted file mode 100644
index 98917ab73ddf..000000000000
--- a/src/chrome/content/rules/ravenjs.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://cdn.ravenjs.com/ => https://cdn.ravenjs.com/: Redirect for 'https://cdn.ravenjs.com/' missing location header
-
--->
-<ruleset name="ravenjs.com" default_off='failed ruleset test'>
-
-	<target host="cdn.ravenjs.com" />
-
-		<test url="http://cdn.ravenjs.com/1.1.15/jquery,native/raven.min.js" /><!--	5868 -->
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/razor1911.com.xml b/src/chrome/content/rules/razor1911.com.xml
deleted file mode 100644
index 763c4700c4a3..000000000000
--- a/src/chrome/content/rules/razor1911.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="razor1911.com">
-	<target host="razor1911.com" />
-	<target host="www.razor1911.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/rb-hk.de.xml b/src/chrome/content/rules/rb-hk.de.xml
new file mode 100644
index 000000000000..66de65a1bf4b
--- /dev/null
+++ b/src/chrome/content/rules/rb-hk.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="rb-hk.de">
+	<target host="rb-hk.de" />
+	<target host="www.rb-hk.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rbfi.io.xml b/src/chrome/content/rules/rbfi.io.xml
deleted file mode 100644
index cc87195444b3..000000000000
--- a/src/chrome/content/rules/rbfi.io.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="rbfi">
-        <target host="rbfi.io" />
-        <target host="www.rbfi.io" />
-
-        <rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/rbth.com.xml b/src/chrome/content/rules/rbth.com.xml
index 80cdf1ce0391..41a4d89f2f24 100644
--- a/src/chrome/content/rules/rbth.com.xml
+++ b/src/chrome/content/rules/rbth.com.xml
@@ -34,7 +34,7 @@
 	Mixed content:
 
 		- Images, on:
-		
+
 			- ^, jp, mk, newsletter from nl.media.rbth.ru ˢ
 			- mk from static.rbth.com ˢ
 			- newsletter from ^rbth.com ˢ
diff --git a/src/chrome/content/rules/rbwm.gov.uk.xml b/src/chrome/content/rules/rbwm.gov.uk.xml
index 2a9c4322505c..1870e0c42d11 100644
--- a/src/chrome/content/rules/rbwm.gov.uk.xml
+++ b/src/chrome/content/rules/rbwm.gov.uk.xml
@@ -68,7 +68,7 @@ Fetch error: http://licensing.rbwm.gov.uk/ => https://licensing.rbwm.gov.uk/: (6
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="RBWM.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="RBWM.gov.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/rbwmcarshare.co.uk.xml b/src/chrome/content/rules/rbwmcarshare.co.uk.xml
deleted file mode 100644
index 8ee19b791956..000000000000
--- a/src/chrome/content/rules/rbwmcarshare.co.uk.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="RBWM Car Share.co.uk">
-
-	<target host="rbwmcarshare.co.uk" />
-	<target host="www.rbwmcarshare.co.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/rclone.org.xml b/src/chrome/content/rules/rclone.org.xml
new file mode 100644
index 000000000000..9cea70ea1ace
--- /dev/null
+++ b/src/chrome/content/rules/rclone.org.xml
@@ -0,0 +1,34 @@
+<!--
+	Timeout:
+		- mail2.rclone.org
+		- mail3.rclone.org
+
+	Redirects to localhost:
+		- oauth.rclone.org
+
+	SSL protocol error:
+		- www.rclone.org (fixed by this ruleset)
+		- hostmaster.rclone.org
+		- mta-sts.mail.rclone.org
+		- mta-sts.mail2.rclone.org
+		- mta-sts.mail3.rclone.org
+
+	Mismatched:
+		- mail.rclone.org
+-->
+<ruleset name="rclone.org">
+	<target host="rclone.org" />
+	<target host="www.rclone.org" />
+	<target host="apt.rclone.org" />
+	<target host="beta.apt.rclone.org" />
+	<target host="beta.rclone.org" />
+	<target host="downloads.rclone.org" />
+	<target host="forum.rclone.org" />
+	<target host="pub.rclone.org" />
+	<target host="slack-invite.rclone.org" />
+	<target host="test.rclone.org" />
+	<target host="tip.rclone.org" />
+
+	<rule from="^http://www\.rclone\.org/" to="https://rclone.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/re2c.org.xml b/src/chrome/content/rules/re2c.org.xml
new file mode 100644
index 000000000000..cfee422e6d31
--- /dev/null
+++ b/src/chrome/content/rules/re2c.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="re2c.org">
+	<target host="re2c.org" />
+	<target host="www.re2c.org" />
+
+	<rule from="^http://www\.re2c\.org/" to="https://re2c.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reCaptcha.net.xml b/src/chrome/content/rules/reCaptcha.net.xml
new file mode 100644
index 000000000000..5cab0cca5de2
--- /dev/null
+++ b/src/chrome/content/rules/reCaptcha.net.xml
@@ -0,0 +1,17 @@
+<!--
+	SSL_ERROR_SYSCALL:
+		- blog
+-->
+<ruleset name="reCaptcha.net">
+	<target host="recaptcha.net" />
+	<target host="www.recaptcha.net" />
+	<target host="admin.recaptcha.net" />
+	<target host="api.recaptcha.net" />
+	<target host="api-secure.recaptcha.net" />
+	<target host="api-verify.recaptcha.net" />
+	<target host="mailhide.recaptcha.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/realestate.com.au.xml b/src/chrome/content/rules/realestate.com.au.xml
new file mode 100644
index 000000000000..78bd2f68d155
--- /dev/null
+++ b/src/chrome/content/rules/realestate.com.au.xml
@@ -0,0 +1,189 @@
+<!--
+	Non-functional subdomains:
+		- next.address-service	(m)
+		- test.agentdesktop	(e)
+		- cls.calculators	(t)
+		- careers	(m)
+		- gia.careers	(t)
+		- connect	(m)
+		- staging.connect	(t)
+		- asia-quote-api.asia.corp	(t)
+		- asia-quote-api.asia-test.corp	(t)
+		- rattic.cowbell	(t)
+		- creative	(m)
+		- resi-ci-monitor.delivery	(t)
+		- rubygems.delivery	(t)
+		- developerpremiereprices	(m)
+		- developmenthub	(m)
+		- communication-settings.e2e	(t)
+		- ebrochure.e2e	(t)
+		- rpdata-spazzy.e2e	(t)
+		- sha-images.e2e	(m)
+		- api.staging.e2e	(m)
+		- www.api.staging.e2e	(m)
+		- origin-api.staging.e2e	(m)
+		- sha-images.staging.e2e	(m)
+		- campaign-api-prod.eventus-prod	(t)
+		- competitions.facebook	(t)
+		- hackday	(m)
+		- ad.homeground	(t)
+		- rea-reporting.infosys	(t)
+		- splunk.infosys	(t)
+		- investor	(m)
+		- jumppagesystem	(e)
+		- next.m	(t)
+		- media-staging	(m)
+		- mobile	(t)
+		- rattic-staging.muppets	(t)
+		- entitlement-api-prod.partner-platform	(t)
+		- entitlement-api-staging.partner-platform	(t)
+		- kong-prod-adminapi.partner-platform	(t)
+		- kong-staging-adminapi.partner-platform	(t)
+		- property-listings-web	(t)
+		- rea2-gyr	(m)
+		- reareports	(e)
+		- reaxml	(t)
+		- saved-search-api.resi-myrea-staging	(t)
+		- rpdata-spazzy	(m)
+		- corp-nessus-manager.sec-team	(t)
+		- sellingguide	(m)
+		- next.services	(t)
+		- static-origin	(t)
+		- techblog	(r)
+		- umlqa	(t)
+		- webmail	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="realestate.com.au">
+
+	<target host="realestate.com.au" />
+	<target host="www.realestate.com.au" />
+	<target host="about.realestate.com.au" />
+	<target host="account.realestate.com.au" />
+	<target host="address-service.realestate.com.au" />
+	<target host="adslot.realestate.com.au" />
+	<target host="advertorial-web-api.realestate.com.au" />
+	<target host="agent.realestate.com.au" />
+	<target host="www.agent.realestate.com.au" />
+	<target host="agent-contact.realestate.com.au" />
+	<target host="agent-elevate.realestate.com.au" />
+	<target host="agentadmin.realestate.com.au" />
+	<target host="agentdesktop.realestate.com.au" />
+	<target host="analytics.realestate.com.au" />
+	<target host="api.realestate.com.au" />
+	<target host="audience-selector.realestate.com.au" />
+	<target host="idp.auth.realestate.com.au" />
+	<target host="idp-ore.auth.realestate.com.au" />
+	<target host="idp-syd.auth.realestate.com.au" />
+	<target host="builderadmin.realestate.com.au" />
+	<target host="communication-settings.realestate.com.au" />
+	<target host="self-service-portal.corp.realestate.com.au" />
+	<target host="registry.cowbell.realestate.com.au" />
+	<target host="cp-gatekeeper.realestate.com.au" />
+	<target host="cxp-tools.realestate.com.au" />
+	<target host="privatar.delivery.realestate.com.au" />
+	<target host="www.e2e.realestate.com.au" />
+	<target host="account.e2e.realestate.com.au" />
+	<target host="agentadmin.e2e.realestate.com.au" />
+	<target host="analytics.e2e.realestate.com.au" />
+	<target host="api.e2e.realestate.com.au" />
+	<target host="cxp-tools.e2e.realestate.com.au" />
+	<target host="origin-invest.e2e.realestate.com.au" />
+	<target host="partner.e2e.realestate.com.au" />
+	<target host="saved-search-api.e2e.realestate.com.au" />
+	<target host="secure.e2e.realestate.com.au" />
+	<target host="widgets.staging.e2e.realestate.com.au" />
+	<target host="ebrochure.realestate.com.au" />
+	<target host="edm.realestate.com.au" />
+	<target host="eqx-oob.realestate.com.au" />
+	<target host="eqx-oob2.realestate.com.au" />
+	<target host="failover.realestate.com.au" />
+	<target host="fin-exp-dev.realestate.com.au" />
+	<target host="git.realestate.com.au" />
+	<target host="gp-xian.realestate.com.au" />
+	<target host="grants.realestate.com.au" />
+	<target host="gyr-oob.realestate.com.au" />
+	<target host="help.realestate.com.au" />
+	<target host="home-builders.realestate.com.au" />
+	<target host="homeloans.realestate.com.au" />
+	<target host="idp.realestate.com.au" />
+	<target host="consumer-prof.infosys.realestate.com.au" />
+	<target host="investor-api.realestate.com.au" />
+	<target host="investor-api-inactive.realestate.com.au" />
+	<target host="investor-cartodb.investor-prod.realestate.com.au" />
+	<target host="investor-cartodb.investor-staging.realestate.com.au" />
+	<target host="consumer-prof.is-qa.realestate.com.au" />
+	<target host="leads.realestate.com.au" />
+	<target host="staging.leads.realestate.com.au" />
+	<target host="lexa.realestate.com.au" />
+	<target host="secure.listings-prod.realestate.com.au" />
+	<target host="secure.listings-test.realestate.com.au" />
+	<target host="m.realestate.com.au" />
+	<target host="mad-ci.realestate.com.au" />
+	<target host="mad-searchapi.realestate.com.au" />
+	<target host="media.realestate.com.au" />
+	<target host="46430c-origin.media.realestate.com.au" />
+	<target host="mel-vpn.realestate.com.au" />
+	<target host="a.mobile.realestate.com.au" />
+	<target host="cdn.mobile.realestate.com.au" />
+	<target host="companion.mobile.realestate.com.au" />
+	<target host="i.mobile.realestate.com.au" />
+	<target host="s1.news-lifestyle.realestate.com.au" />
+	<target host="origin-invest.realestate.com.au" />
+	<target host="partner.realestate.com.au" />
+	<target host="kong-prod-public.partner-platform.realestate.com.au" />
+	<target host="kong-staging-public.partner-platform.realestate.com.au" />
+	<target host="snappass.partner-platform.realestate.com.au" />
+	<target host="pay.realestate.com.au" />
+	<target host="www.pay.realestate.com.au" />
+	<target host="pexa.realestate.com.au" />
+	<target host="pki.realestate.com.au" />
+	<target host="propertyplatform.realestate.com.au" />
+	<target host="propertyplatform-demo.realestate.com.au" />
+	<target host="app-news-wordpress.rca-prod.realestate.com.au" />
+	<target host="rca-news-ui.rca-prod.realestate.com.au" />
+	<target host="reporting-origin.realestate.com.au" />
+	<target host="resi-agent-api.realestate.com.au" />
+	<target host="agent-contact.resi-agent-failover.realestate.com.au" />
+	<target host="agent-contact.resi-agent-prod.realestate.com.au" />
+	<target host="resi-agent-web.realestate.com.au" />
+	<target host="saved-search-api.resi-myrea.realestate.com.au" />
+	<target host="audmax-ui.resi-product-prod-addons.realestate.com.au" />
+	<target host="audmax-ui.resi-product-staging-addons.realestate.com.au" />
+	<target host="neighbourhoods.resi-property.realestate.com.au" />
+	<target host="sasinator.realestate.com.au" />
+	<target host="saved-search-api.realestate.com.au" />
+	<target host="school-service.realestate.com.au" />
+	<target host="secure.realestate.com.au" />
+	<target host="selfservice.realestate.com.au" />
+	<target host="www.selfservice.realestate.com.au" />
+	<target host="sell.realestate.com.au" />
+	<target host="services.realestate.com.au" />
+	<target host="sha-images.realestate.com.au" />
+	<target host="smartline-dev.realestate.com.au" />
+	<target host="smetrics.realestate.com.au" />
+	<target host="spacely-news.spacely-production.realestate.com.au" />
+	<target host="spacely-news.spacely-staging.realestate.com.au" />
+	<target host="propertyplatform.staging.realestate.com.au" />
+	<target host="propertyplatform-e2e.staging.realestate.com.au" />
+	<target host="suggest.realestate.com.au" />
+	<target host="sym.realestate.com.au" />
+	<target host="text-to-image.realestate.com.au" />
+	<target host="upgrades.realestate.com.au" />
+	<target host="property.value.realestate.com.au" />
+	<target host="staging.property.value.realestate.com.au" />
+	<target host="webtools.realestate.com.au" />
+	<target host="widgets.realestate.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/recognified.net.xml b/src/chrome/content/rules/recognified.net.xml
new file mode 100644
index 000000000000..816ed2489cb2
--- /dev/null
+++ b/src/chrome/content/rules/recognified.net.xml
@@ -0,0 +1,16 @@
+<ruleset name="recognified.net">
+
+	<target host="recognified.net" />
+	<target host="www.recognified.net" />
+	<target host="cdn.recognified.net" />
+		<test url="http://cdn.recognified.net/rd.loader.php?pub_id=96" />
+	<target host="dyn.recognified.net" />
+	<target host="media.recognified.net" />
+	<target host="radn2.recognified.net" />
+	<target host="rads.recognified.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/recordedbooks.com.xml b/src/chrome/content/rules/recordedbooks.com.xml
index 3893d5708331..3f627357f348 100644
--- a/src/chrome/content/rules/recordedbooks.com.xml
+++ b/src/chrome/content/rules/recordedbooks.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://images.recordedbooks.com/publications/2011/ly5110g_FB_FindUs
 Fetch error: http://images.recordedbooks.com/ => https://images.recordedbooks.com/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Recorded Books.com" default_off='failed ruleset test'>
+<ruleset name="Recorded Books.com" default_off="failed ruleset test">
 
 	<target host="recordedbooks.com" />
 	<target host="images.recordedbooks.com" />
diff --git a/src/chrome/content/rules/redbtn.info.xml b/src/chrome/content/rules/redbtn.info.xml
deleted file mode 100644
index b8a5697eeff0..000000000000
--- a/src/chrome/content/rules/redbtn.info.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="redbtn.info">
-	<target host="redbtn.info" />
-	<target host="www.redbtn.info" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/redcare.com.xml b/src/chrome/content/rules/redcare.com.xml
index 6be227376c22..595a1d77dfc1 100644
--- a/src/chrome/content/rules/redcare.com.xml
+++ b/src/chrome/content/rules/redcare.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.redcare.com/ => https://www.redcare.com/: (7, 'Failed to
 		- redcare.com
 
 -->
-<ruleset name="Redcare.com" default_off='failed ruleset test'>
+<ruleset name="Redcare.com" default_off="failed ruleset test">
 
 	<target host="www.redcare.com" />
 
diff --git a/src/chrome/content/rules/redcom.ru.xml b/src/chrome/content/rules/redcom.ru.xml
index 17323a15fedf..34c2df5b4d9e 100644
--- a/src/chrome/content/rules/redcom.ru.xml
+++ b/src/chrome/content/rules/redcom.ru.xml
@@ -10,7 +10,7 @@ icepilots.redcom.ru mismatch
 files.redcom.ru protocol error
 genima.leased.redcom.ru timed out
 -->
-<ruleset name="redcom.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="redcom.ru (partial)" default_off="failed ruleset test">
 	<target host="abonent.redcom.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/redditbot.com.xml b/src/chrome/content/rules/redditbot.com.xml
deleted file mode 100644
index 242f8f20984d..000000000000
--- a/src/chrome/content/rules/redditbot.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Reddit Bot.com">
-
-	<target host="redditbot.com" />
-	<target host="www.redditbot.com" />
-
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/reflets.info.xml b/src/chrome/content/rules/reflets.info.xml
deleted file mode 100644
index 13014eac96a4..000000000000
--- a/src/chrome/content/rules/reflets.info.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="reflets.info">
-
-        <target host="reflets.info" />
-        <target host="www.reflets.info" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-        <rule from="^http:"
-                to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/regeringen.se.xml b/src/chrome/content/rules/regeringen.se.xml
new file mode 100644
index 000000000000..8d5996be77f1
--- /dev/null
+++ b/src/chrome/content/rules/regeringen.se.xml
@@ -0,0 +1,6 @@
+<ruleset name="regeringen.se">
+	<target host="regeringen.se" />
+	<target host="www.regeringen.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/regettingold.com.xml b/src/chrome/content/rules/regettingold.com.xml
new file mode 100644
index 000000000000..d4490af839a9
--- /dev/null
+++ b/src/chrome/content/rules/regettingold.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		dc-fa7ed9332c17.regettingold.com
+		direct.regettingold.com
+-->
+<ruleset name="regettingold.com">
+	<target host="regettingold.com" />
+	<target host="www.regettingold.com" />
+	<target host="you.regettingold.com" />
+	<target host="www.you.regettingold.com" />
+
+	<rule from="^http://www\.you\.regettingold\.com/" to="https://you.regettingold.com/" /> <!-- Redirect cause of unsupported protocol -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/reporo.net.xml b/src/chrome/content/rules/reporo.net.xml
index a9031d1d5b5e..6ef7ec33066d 100644
--- a/src/chrome/content/rules/reporo.net.xml
+++ b/src/chrome/content/rules/reporo.net.xml
@@ -12,7 +12,7 @@
 	Nonfunctional hosts in *reporo.net:
 
 		- netdna ⁴
-		
+
 	⁴ 404; mismatched, CN: *.netdna-ssl.com)
 
 
diff --git a/src/chrome/content/rules/requestb.in.xml b/src/chrome/content/rules/requestb.in.xml
deleted file mode 100644
index 4419d8537e42..000000000000
--- a/src/chrome/content/rules/requestb.in.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="requestb.in">
-	<target host="requestb.in" />
-	<target host="www.requestb.in" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/rescue.org-falsemixed.xml b/src/chrome/content/rules/rescue.org-falsemixed.xml
deleted file mode 100644
index 5622208543eb..000000000000
--- a/src/chrome/content/rules/rescue.org-falsemixed.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see rescue.org.xml.
-
--->
-<ruleset name="Rescue.org (false MCB)" platform="mixedcontent">
-
-	<target host="feature.rescue.org" />
-
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/rescue.org.xml b/src/chrome/content/rules/rescue.org.xml
index 21b7e773fbf8..dd0b4d970144 100644
--- a/src/chrome/content/rules/rescue.org.xml
+++ b/src/chrome/content/rules/rescue.org.xml
@@ -40,12 +40,12 @@ Non-2xx HTTP code: http://m.rescue.org/user (200) => https://m.rescue.org/user (
 
 	Mixed content:
 
-		- css on feature from $self 
-		- Images on feature from $self 
-		- favicon on feature from $self 
+		- css on feature from $self
+		- Images on feature from $self
+		- favicon on feature from $self
 
 -->
-<ruleset name="Rescue.org (partial)" default_off='failed ruleset test'>
+<ruleset name="Rescue.org (partial)" default_off="failed ruleset test">
 
 	<target host="rescue.org" />
 	<target host="diy.rescue.org" />
diff --git a/src/chrome/content/rules/researchonline.org.uk.xml b/src/chrome/content/rules/researchonline.org.uk.xml
deleted file mode 100644
index 24119304e30c..000000000000
--- a/src/chrome/content/rules/researchonline.org.uk.xml
+++ /dev/null
@@ -1,24 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts:
-
-		- researchonline.org.uk
-		- www.researchonline.org.uk
-
--->
-<ruleset name="Research Online.org.uk">
-
-	<target host="researchonline.org.uk" />
-	<target host="www.researchonline.org.uk" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^(?:www\.)?researchonline\.org\.uk$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/responsetek.com.xml b/src/chrome/content/rules/responsetek.com.xml
deleted file mode 100644
index 6fe92f439891..000000000000
--- a/src/chrome/content/rules/responsetek.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="Responsetek.com">
-
-	<target host="ecollector.responsetek.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/restic.net.xml b/src/chrome/content/rules/restic.net.xml
new file mode 100644
index 000000000000..8891333bd294
--- /dev/null
+++ b/src/chrome/content/rules/restic.net.xml
@@ -0,0 +1,12 @@
+<!--
+	SSL protocol error:
+		- glados.restic.net
+-->
+<ruleset name="restic.net">
+	<target host="restic.net" />
+	<target host="www.restic.net" />
+	<target host="beta.restic.net" />
+	<target host="forum.restic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/retroachievements.org.xml b/src/chrome/content/rules/retroachievements.org.xml
new file mode 100644
index 000000000000..f7b5e2caecda
--- /dev/null
+++ b/src/chrome/content/rules/retroachievements.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		i.retroachievements.org
+-->
+<ruleset name="retroachievements.org">
+	<target host="retroachievements.org" />
+	<target host="www.retroachievements.org" />
+	<target host="dev.retroachievements.org" />
+	<target host="dev-api.retroachievements.org" />
+	<target host="dev-static.retroachievements.org" />
+	<target host="docs.retroachievements.org" />
+	<target host="news.retroachievements.org" />
+	<target host="stats.retroachievements.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/retroarch.com.xml b/src/chrome/content/rules/retroarch.com.xml
new file mode 100644
index 000000000000..c6de8257cf18
--- /dev/null
+++ b/src/chrome/content/rules/retroarch.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="retroarch.com">
+	<target host="retroarch.com" />
+	<target host="www.retroarch.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rg.ru.xml b/src/chrome/content/rules/rg.ru.xml
index eef56fd310c5..9ac6f116b15a 100644
--- a/src/chrome/content/rules/rg.ru.xml
+++ b/src/chrome/content/rules/rg.ru.xml
@@ -57,7 +57,7 @@ worldcup2014.rg.ru different content
 ³ timed out
 ⁴ self signed
 -->
-<ruleset name="rg.ru" default_off='failed ruleset test'>
+<ruleset name="rg.ru" default_off="failed ruleset test">
 	<target host="rg.ru" />
 	<target host="www.rg.ru" />
 	<target host="25.rg.ru" />
diff --git a/src/chrome/content/rules/richmond.gov.uk.xml b/src/chrome/content/rules/richmond.gov.uk.xml
index cad793baba85..4210408efd29 100644
--- a/src/chrome/content/rules/richmond.gov.uk.xml
+++ b/src/chrome/content/rules/richmond.gov.uk.xml
@@ -3,7 +3,7 @@
 
 	For other UK government coverage, see GOV.UK.xml.
 
-	
+
 	Nonfunctional hosts in *richmond.gov.uk:
 
 		- gis ᵈ
diff --git a/src/chrome/content/rules/ridecompare.com.xml b/src/chrome/content/rules/ridecompare.com.xml
index 1ad36267b2ff..96681b67b85b 100644
--- a/src/chrome/content/rules/ridecompare.com.xml
+++ b/src/chrome/content/rules/ridecompare.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://ridecompare.com/ => https://ridecompare.com/: (28, 'Connecti
 Fetch error: http://www.ridecompare.com/ => https://www.ridecompare.com/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="Ride Compare.com" default_off='failed ruleset test'>
+<ruleset name="Ride Compare.com" default_off="failed ruleset test">
 
 	<target host="ridecompare.com" />
 	<target host="www.ridecompare.com" />
diff --git a/src/chrome/content/rules/riksdagen.se.xml b/src/chrome/content/rules/riksdagen.se.xml
new file mode 100644
index 000000000000..c009ac91d31c
--- /dev/null
+++ b/src/chrome/content/rules/riksdagen.se.xml
@@ -0,0 +1,9 @@
+<ruleset name="riksdagen.se">
+	<target host="riksdagen.se" />
+	<target host="www.riksdagen.se" />
+	<target host="data.riksdagen.se" />
+	<target host="eu.riksdagen.se" />
+	<target host="firademokratin.riksdagen.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rio2016.com.xml b/src/chrome/content/rules/rio2016.com.xml
index ca482e332f90..f7b6e8a60383 100644
--- a/src/chrome/content/rules/rio2016.com.xml
+++ b/src/chrome/content/rules/rio2016.com.xml
@@ -8,7 +8,7 @@ Fetch error: http://rioexchange.rio2016.com/ => https://rioexchange.rio2016.com/
 imprensa.rio2016.com mismatch
 portaldesuprimentos.rio2016.com mismatch
 -->
-<ruleset name="rio2016.com" default_off='failed ruleset test'>
+<ruleset name="rio2016.com" default_off="failed ruleset test">
 	<target host="rio2016.com" />
 	<target host="www.rio2016.com" />
 	<target host="ingressos.rio2016.com" />
diff --git a/src/chrome/content/rules/risctraining.org.xml b/src/chrome/content/rules/risctraining.org.xml
new file mode 100644
index 000000000000..ab38d594ce15
--- /dev/null
+++ b/src/chrome/content/rules/risctraining.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="risctraining.org">
+	<target host="risctraining.org" />
+	<target host="www.risctraining.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rkhd.in.xml b/src/chrome/content/rules/rkhd.in.xml
index ee0eb8a57293..76fe281780a4 100644
--- a/src/chrome/content/rules/rkhd.in.xml
+++ b/src/chrome/content/rules/rkhd.in.xml
@@ -19,7 +19,7 @@ Fetch error: http://www.rkhd.in/ => https://www.rkhd.in/: (60, 'SSL certificate
 	ʳ Refused
 
 -->
-<ruleset name="RKHD.in" default_off='failed ruleset test'>
+<ruleset name="RKHD.in" default_off="failed ruleset test">
 
 	<target host="rkhd.in" />
 	<target host="www.rkhd.in" />
diff --git a/src/chrome/content/rules/robinhood.xml b/src/chrome/content/rules/robinhood.xml
new file mode 100644
index 000000000000..a741e5f98f3d
--- /dev/null
+++ b/src/chrome/content/rules/robinhood.xml
@@ -0,0 +1,22 @@
+<ruleset name="Robbinghood">
+	<target host="api.robinhood.com" />
+	<target host="app.robinhood.com" />
+	<target host="blog.robinhood.com" />
+	<target host="cdn.robinhood.com" />
+	<target host="www.robinhood.com" />
+	<target host="overmy.robinhood.com" />
+	<target host="support.robinhood.com" />
+	<target host="referral.robinhood.com" />
+	<target host="dudecomedy.robinhood.com" />
+	<target host="careers.robinhood.com" />
+	<target host="signup.robinhood.com" />
+	<target host="share.robinhood.com" />
+	<target host="status.robinhood.com" />
+	<target host="news.robinhood.com" />
+	<target host="learn.robinhood.com" />
+	<target host="snacks.robinhood.com" />
+	<target host="join.robinhood.com" />
+	<target host="robinhood.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rocars.gov.hk.xml b/src/chrome/content/rules/rocars.gov.hk.xml
new file mode 100644
index 000000000000..40daac2c69be
--- /dev/null
+++ b/src/chrome/content/rules/rocars.gov.hk.xml
@@ -0,0 +1,8 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+-->
+<ruleset name="Hong Kong Customs and Excise Department - Road Cargo System">
+	<target host="www.rocars.gov.hk" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/rockfile.eu.xml b/src/chrome/content/rules/rockfile.eu.xml
deleted file mode 100644
index c2e2a64a43ca..000000000000
--- a/src/chrome/content/rules/rockfile.eu.xml
+++ /dev/null
@@ -1,51 +0,0 @@
-<!--
-	These altnames do not exist:
-
-		- www.secure.rockfile.eu
-	
-
-	Insecure cookies are set for these domains: ᶜ
-
-		- .rockfile.eu
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Rockfile.eu (partial)">
-
-	<target host="rockfile.eu" />
-	<target host="secure.rockfile.eu" />
-	<target host="www.rockfile.eu" />
-
-		<!--	$ 403s, so:
-					-->
-		<test url="http://secure.rockfile.eu/support/open.php" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.rockfile\.eu$" name="^secureLogin$" /-->
-
-	<securecookie host="^\." name="^(?:__cfduid|cf_clearance)$" />
-	<securecookie host="^\w" name=".+" />
-	
-	<!-- download pages redirect to http -->
-	<exclusion pattern="^http://(www\.)?rockfile\.eu/[A-z0-9]+\.html" />
-		<!-- no www -->
-		<test url="http://rockfile.eu/al3ehe8at0yx.html"/>
-		<test url="http://rockfile.eu/m2mrn5o6mbz9.html"/>
-		<test url="http://rockfile.eu/dvvn78y1qpe0.html"/>
-		<test url="http://rockfile.eu/w853k7uxbomm.html"/>
-		<test url="http://rockfile.eu/iwdgvqkbgqpb.html"/>
-		<!-- www -->
-		<test url="http://www.rockfile.eu/al3ehe8at0yx.html"/>
-		<test url="http://www.rockfile.eu/m2mrn5o6mbz9.html"/>
-		<test url="http://www.rockfile.eu/dvvn78y1qpe0.html"/>
-		<test url="http://www.rockfile.eu/w853k7uxbomm.html"/>
-		<test url="http://www.rockfile.eu/iwdgvqkbgqpb.html"/>
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/rocksbox.com.xml b/src/chrome/content/rules/rocksbox.com.xml
index e3cae202237b..1b406af20ca7 100644
--- a/src/chrome/content/rules/rocksbox.com.xml
+++ b/src/chrome/content/rules/rocksbox.com.xml
@@ -7,7 +7,7 @@
 	<!--	Direct rewrites:
 				-->
 	<target host="www.rocksbox.com" />
-	
+
 	<!--	Complications:
 				-->
 	<target host="rocksbox.com" />
diff --git a/src/chrome/content/rules/rodsbooks.com.xml b/src/chrome/content/rules/rodsbooks.com.xml
new file mode 100644
index 000000000000..a22f004ec116
--- /dev/null
+++ b/src/chrome/content/rules/rodsbooks.com.xml
@@ -0,0 +1,9 @@
+<ruleset name="rodsbooks.com">
+	<target host="rodsbooks.com" />
+	<target host="www.rodsbooks.com" />
+	<target host="mail.rodsbooks.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rootless.org.xml b/src/chrome/content/rules/rootless.org.xml
index 6800563fabbd..1ce27deee54b 100644
--- a/src/chrome/content/rules/rootless.org.xml
+++ b/src/chrome/content/rules/rootless.org.xml
@@ -10,7 +10,7 @@
 	NB: server sends no certificate chain, see https://whatsmychaincert.com
 
 -->
-<ruleset name="rootless.org (partial)" default_off="missing certificate chain">
+<ruleset name="rootless.org (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/rosamondgiffordzoo.org.xml b/src/chrome/content/rules/rosamondgiffordzoo.org.xml
new file mode 100644
index 000000000000..7af577edd225
--- /dev/null
+++ b/src/chrome/content/rules/rosamondgiffordzoo.org.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		ftp.rosamondgiffordzoo.org
+
+	Refused:
+		autodiscover.rosamondgiffordzoo.org
+		localhost.rosamondgiffordzoo.org
+
+	Time out:
+		mail.rosamondgiffordzoo.org
+		mx-24-39-246-227.rosamondgiffordzoo.org
+-->
+<ruleset name="rosamondgiffordzoo.org">
+	<target host="rosamondgiffordzoo.org" />
+	<target host="www.rosamondgiffordzoo.org" />
+	<target host="cpanel.rosamondgiffordzoo.org" />
+	<target host="reservations.rosamondgiffordzoo.org" />
+	<target host="webdisk.rosamondgiffordzoo.org" />
+	<target host="webmail.rosamondgiffordzoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/roskomzakon.ru.xml b/src/chrome/content/rules/roskomzakon.ru.xml
index 00a05e63e731..bb3034a6c34c 100644
--- a/src/chrome/content/rules/roskomzakon.ru.xml
+++ b/src/chrome/content/rules/roskomzakon.ru.xml
@@ -4,7 +4,7 @@ www.roskomzakon.ru self signed
 <ruleset name="roskomzakon.ru" platform="mixedcontent">
 	<target host="roskomzakon.ru" />
 	<target host="www.roskomzakon.ru" />
-	
+
 	<rule from="^http://www\.roskomzakon\.ru/"
 		to="https://roskomzakon.ru/" />
 
diff --git a/src/chrome/content/rules/rosminzdrav.ru.xml b/src/chrome/content/rules/rosminzdrav.ru.xml
index 526f07524bf5..eae48a994da3 100644
--- a/src/chrome/content/rules/rosminzdrav.ru.xml
+++ b/src/chrome/content/rules/rosminzdrav.ru.xml
@@ -95,7 +95,7 @@ hc.rosminzdrav.ru different content
 ⁵ expired
 ⁷ protocol error
 -->
-<ruleset name="rosminzdrav.ru" default_off='failed ruleset test'>
+<ruleset name="rosminzdrav.ru" default_off="failed ruleset test">
 	<target host="rosminzdrav.ru" />
 	<target host="www.rosminzdrav.ru" />
 	<target host="62.rosminzdrav.ru" />
diff --git a/src/chrome/content/rules/rostov.press.xml b/src/chrome/content/rules/rostov.press.xml
deleted file mode 100644
index 61c85b19d139..000000000000
--- a/src/chrome/content/rules/rostov.press.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="rostov.press">
-	<target host="rostov.press" />
-	<target host="www.rostov.press" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/routingpacketsisnotacrime.uk.xml b/src/chrome/content/rules/routingpacketsisnotacrime.uk.xml
deleted file mode 100644
index d2185f31f3bb..000000000000
--- a/src/chrome/content/rules/routingpacketsisnotacrime.uk.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="routingpacketsisnotacrime.uk">
-	<target host=    "routingpacketsisnotacrime.uk" />
-	<!-- expired cert 24/08/15 09:29
-	<target host="www.routingpacketsisnotacrime.uk" />
-  	<securecookie host="^.*\.routingpacketsisnotacrime\.uk$" name=".+" /-->
-
-  	<securecookie host="^routingpacketsisnotacrime\.uk$" name=".+" />
-
-	<rule from="^http:" 
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/royaldns.net.xml b/src/chrome/content/rules/royaldns.net.xml
index 923275b5b8d1..f93b1d68b4d9 100644
--- a/src/chrome/content/rules/royaldns.net.xml
+++ b/src/chrome/content/rules/royaldns.net.xml
@@ -2,9 +2,9 @@
 
 	<target host="royaldns.net" />
 	<target host="www.royaldns.net" />
- 
+
 	<securecookie host=".+" name=".+" />
- 
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml b/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml
index 7493d222e4d6..1c1987ad2683 100644
--- a/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml
+++ b/src/chrome/content/rules/royalvoluntaryservice.org.uk.xml
@@ -1,11 +1,21 @@
+
+<!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://grandfest.royalvoluntaryservice.org.uk/ => https://grandfest.royalvoluntaryservice.org.uk/: (35, 'OpenSSL SSL_connect: SSL_ERROR_SYSCALL in connection to grandfest.royalvoluntaryservice.org.uk:443 ')
+Fetch error: http://www.grandfest.royalvoluntaryservice.org.uk/ => https://www.grandfest.royalvoluntaryservice.org.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.grandfest.royalvoluntaryservice.org.uk'")
+
+  Connection refused:
+    - catalogue.royalvoluntaryservice.org.uk
+-->
+
 <ruleset name="Royal Voluntary Service.org.uk">
 
 	<target host="royalvoluntaryservice.org.uk" />
 	<target host="www.royalvoluntaryservice.org.uk" />
-	<target host="catalogue.royalvoluntaryservice.org.uk" />
-		<test url="http://catalogue.royalvoluntaryservice.org.uk/calmview/" />
-	<target host="grandfest.royalvoluntaryservice.org.uk" />
-	<target host="www.grandfest.royalvoluntaryservice.org.uk" />
+	<!-- <target host="catalogue.royalvoluntaryservice.org.uk" /> -->
+	<!-- target host="grandfest.royalvoluntaryservice.org.uk" /-->
+	<!-- target host="www.grandfest.royalvoluntaryservice.org.uk" /-->
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/roysac.com.xml b/src/chrome/content/rules/roysac.com.xml
deleted file mode 100644
index cf53ab8ef9e6..000000000000
--- a/src/chrome/content/rules/roysac.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="roysac.com">
-	<target host="roysac.com" />
-	<target host="www.roysac.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/rsbsrt.ru.xml b/src/chrome/content/rules/rsbsrt.ru.xml
new file mode 100644
index 000000000000..13b48c98b835
--- /dev/null
+++ b/src/chrome/content/rules/rsbsrt.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="rsbsrt.ru">
+	<target host="www.rsbsrt.ru" /> <!-- mismatch, wrong content -->
+	<rule from="^http://www\.rsbsrt\.ru/" to="https://rsbsrt.ru/" />
+
+	<target host="rsbsrt.ru" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rsdn.org.xml b/src/chrome/content/rules/rsdn.org.xml
index 1e4d38076bf7..ea7c0152ae20 100644
--- a/src/chrome/content/rules/rsdn.org.xml
+++ b/src/chrome/content/rules/rsdn.org.xml
@@ -1,21 +1,15 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://blogs.rsdn.org/ => https://blogs.rsdn.org/: (35, 'Unknown SSL protocol error in connection to blogs.rsdn.org:443 ')
-Fetch error: http://track.rsdn.org/ => https://track.rsdn.org/: (35, 'Unknown SSL protocol error in connection to track.rsdn.org:443 ')
-Fetch error: http://tc.rsdn.org/ => https://tc.rsdn.org/: (35, 'Unknown SSL protocol error in connection to tc.rsdn.org:443 ')
+	These URLs don't have HTTP support.
+		- tc.rsdn.org
 
-rsdn.org mixed content
-www.rsdn.org mixed content
-Example URLs that are broken from mixed content blocking:
-https://rsdn.org/?http://confluence.jetbrains.com/display/Nitra
-https://www.rsdn.org/?http://confluence.jetbrains.com/display/Nitra
+	These URLs return non 2xx status code while working correctly with HTTP.
+		- track.rsdn.org
 -->
-<ruleset name="rsdn.org (partial)" default_off='failed ruleset test'>
-	<target host="files.rsdn.org" />
+<ruleset name="rsdn.org">
+	<target host="rsdn.org" />
+	<target host="www.rsdn.org" />
 	<target host="blogs.rsdn.org" />
-	<target host="track.rsdn.org" />
-	<target host="tc.rsdn.org" />
+	<target host="files.rsdn.org" />
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/rsl.ru.xml b/src/chrome/content/rules/rsl.ru.xml
index eebdfcc2b163..5b3e85087c05 100644
--- a/src/chrome/content/rules/rsl.ru.xml
+++ b/src/chrome/content/rules/rsl.ru.xml
@@ -91,7 +91,7 @@ nebreader.rsl.ru mixed content
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="rsl.ru" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="rsl.ru" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="rsl.ru" />
 	<target host="www.rsl.ru" />
 	<target host="ap.rsl.ru" />
diff --git a/src/chrome/content/rules/rssowl.org.xml b/src/chrome/content/rules/rssowl.org.xml
new file mode 100644
index 000000000000..af0bbb4be314
--- /dev/null
+++ b/src/chrome/content/rules/rssowl.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		boreal.rssowl.org
+		mobile.rssowl.org
+		tutorial.rssowl.org
+		wiki.rssowl.org
+
+	Unreachable:
+		project.rssowl.org
+-->
+<ruleset name="rssowl.org">
+	<target host="rssowl.org" />
+	<target host="www.rssowl.org" />
+
+  <rule from="^http://rssowl\.org/" to="https://www.rssowl.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rtm.quebec.xml b/src/chrome/content/rules/rtm.quebec.xml
new file mode 100644
index 000000000000..2195221b128e
--- /dev/null
+++ b/src/chrome/content/rules/rtm.quebec.xml
@@ -0,0 +1,27 @@
+<!--
+        Nonfunctional hosts in *.rtm.quebec:
+                - abonnement.rtm.quebec t
+                - m.ledevoir.com m
+                - approvisionnement.rtm.quebec m
+                - www.employeur.rtm.quebec t
+                - www.webapp.rtm.quebec t
+
+        h: http redirect
+        m: certificate mismatch
+        r: connection refused
+        s: self-signed certificate
+        t: timeout on https
+-->
+
+<ruleset name="rtm.quebec">
+	<target host="rtm.quebec" />
+	<target host="www.rtm.quebec" />
+	<target host="autodiscover.rtm.quebec" />
+        <target host="chrono.rtm.quebec" />
+        <target host="cp4t.rtm.quebec" />
+        <target host="employeur.rtm.quebec" />
+        <target host="webapp.rtm.quebec" />
+	<rule from="^http:" to="https:" />
+
+        <securecookie host=".+" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/ru-board.com.xml b/src/chrome/content/rules/ru-board.com.xml
new file mode 100644
index 000000000000..e7d7ca26960e
--- /dev/null
+++ b/src/chrome/content/rules/ru-board.com.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		ru-board.com
+		www.ru-board.com
+		a.ru-board.com
+		chess.ru-board.com
+		forall.ru-board.com
+		forum2.ru-board.com
+		front1.ru-board.com
+		front2.ru-board.com
+		gal.ru-board.com
+		gallery.ru-board.com
+		gazeta.ru-board.com
+		host1.ru-board.com
+		host3.ru-board.com
+		i.ru-board.com
+		i2.ru-board.com
+		ib.ru-board.com
+		mail.ru-board.com
+		mail2.ru-board.com
+		mods.ru-board.com
+		mygui.ru-board.com
+		newhost.ru-board.com
+		ns1.ru-board.com
+		ns2.ru-board.com
+		rss.ru-board.com
+		shop.ru-board.com
+		smilies.ru-board.com
+		test.ru-board.com
+
+	Time out:
+		dc.ru-board.com
+		www.dc.ru-board.com
+		mail3.ru-board.com
+		tracker.ru-board.com
+-->
+<ruleset name="ru-board.com">
+	<target host="forum.ru-board.com" />
+	<target host="www.forum.ru-board.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ruanyifeng.com.xml b/src/chrome/content/rules/ruanyifeng.com.xml
new file mode 100644
index 000000000000..60e1d9f3b226
--- /dev/null
+++ b/src/chrome/content/rules/ruanyifeng.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="ruanyifeng.com">
+	<target host="ruanyifeng.com" />
+	<target host="www.ruanyifeng.com" />
+	<target host="es6.ruanyifeng.com" />
+	<target host="javascript.ruanyifeng.com" />
+	<target host="redux.ruanyifeng.com" />
+	<target host="road.ruanyifeng.com" />
+	<target host="survivor.ruanyifeng.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rudimental.co.uk.xml b/src/chrome/content/rules/rudimental.co.uk.xml
new file mode 100644
index 000000000000..85fd70632085
--- /dev/null
+++ b/src/chrome/content/rules/rudimental.co.uk.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		archive.rudimental.co.uk
+		ftp.rudimental.co.uk
+		google93c848faceaf772c.rudimental.co.uk
+		newsite.rudimental.co.uk
+-->
+<ruleset name="rudimental.co.uk">
+	<target host="rudimental.co.uk" />
+	<target host="www.rudimental.co.uk" />
+	<target host="earlyaccess.rudimental.co.uk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ruffle.rs.xml b/src/chrome/content/rules/ruffle.rs.xml
new file mode 100644
index 000000000000..0457b49f4d25
--- /dev/null
+++ b/src/chrome/content/rules/ruffle.rs.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		www.ruffle.rs
+-->
+<ruleset name="ruffle.rs">
+	<target host="ruffle.rs" />
+	<target host="www.ruffle.rs" />
+
+	<rule from="^http://www\.ruffle\.rs/" to="https://ruffle.rs/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rufus.ie.xml b/src/chrome/content/rules/rufus.ie.xml
new file mode 100644
index 000000000000..3ffbaacaabcd
--- /dev/null
+++ b/src/chrome/content/rules/rufus.ie.xml
@@ -0,0 +1,5 @@
+<ruleset name="rufus.ie">
+	<target host="rufus.ie" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ruguoapp.com.xml b/src/chrome/content/rules/ruguoapp.com.xml
deleted file mode 100644
index 85d7f111954d..000000000000
--- a/src/chrome/content/rules/ruguoapp.com.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	Invalid cert:
-		blog.ruguoapp.com
-		ph.in.ruguoapp.com
-		api.jike.ruguoapp.com
-		share.jike.ruguoapp.com
-		laosiji.ruguoapp.com
--->
-<ruleset name="ruguoapp.com">
-	<target host="ruguoapp.com"/>
-	<target host="www.ruguoapp.com"/>
-	<target host="2017.ruguoapp.com"/>
-	<target host="cdn.ruguoapp.com"/>
-	<target host="m.ruguoapp.com"/>
-	<target host="medium.ruguoapp.com"/>
-	<target host="post.ruguoapp.com"/>
-	<target host="ytdl.ruguoapp.com"/>
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/runpee.com.xml b/src/chrome/content/rules/runpee.com.xml
new file mode 100644
index 000000000000..f27e17e3c789
--- /dev/null
+++ b/src/chrome/content/rules/runpee.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="runpee.com">
+	<target host="runpee.com" />
+	<target host="www.runpee.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/russiain.space.xml b/src/chrome/content/rules/russiain.space.xml
deleted file mode 100644
index c707db0e6aab..000000000000
--- a/src/chrome/content/rules/russiain.space.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="russiain.space">
-        <target host="russiain.space" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/rustedlogic.net.xml b/src/chrome/content/rules/rustedlogic.net.xml
new file mode 100644
index 000000000000..9f9e456234d2
--- /dev/null
+++ b/src/chrome/content/rules/rustedlogic.net.xml
@@ -0,0 +1,168 @@
+<!--
+	Invalid certificate:
+		ftp.acmlm.rustedlogic.net
+		ssh.acmlm.rustedlogic.net
+		anya.rustedlogic.net
+		www.anya.rustedlogic.net
+		ftp.anya.rustedlogic.net
+		ssh.anya.rustedlogic.net
+		ballz.rustedlogic.net
+		www.ballz.rustedlogic.net
+		ftp.ballz.rustedlogic.net
+		ssh.ballz.rustedlogic.net
+		bloodstar.rustedlogic.net
+		www.bloodstar.rustedlogic.net
+		ftp.bloodstar.rustedlogic.net
+		ssh.bloodstar.rustedlogic.net
+		ftp.bmf.rustedlogic.net
+		ssh.bmf.rustedlogic.net
+		cirvante.rustedlogic.net
+		www.cirvante.rustedlogic.net
+		ftp.cirvante.rustedlogic.net
+		ssh.cirvante.rustedlogic.net
+		chineseodyssey.rustedlogic.net
+		www.chineseodyssey.rustedlogic.net
+		ftp.chineseodyssey.rustedlogic.net
+		ssh.chineseodyssey.rustedlogic.net
+		cpu13.rustedlogic.net
+		www.cpu13.rustedlogic.net
+		ftp.cpu13.rustedlogic.net
+		ssh.cpu13.rustedlogic.net
+		ftp.darkdata.rustedlogic.net
+		ssh.darkdata.rustedlogic.net
+		ftp.disgaea.rustedlogic.net
+		ssh.disgaea.rustedlogic.net
+		dotuser.rustedlogic.net
+		www.dotuser.rustedlogic.net
+		ftp.dotuser.rustedlogic.net
+		ssh.dotuser.rustedlogic.net
+		ftp.rustedlogic.net
+		hiryuu.rustedlogic.net
+		www.hiryuu.rustedlogic.net
+		ftp.hiryuu.rustedlogic.net
+		ssh.hiryuu.rustedlogic.net
+		hydrapheetz.rustedlogic.net
+		www.hydrapheetz.rustedlogic.net
+		ftp.hydrapheetz.rustedlogic.net
+		ssh.hydrapheetz.rustedlogic.net
+		inuyasha.rustedlogic.net
+		www.inuyasha.rustedlogic.net
+		ftp.inuyasha.rustedlogic.net
+		ssh.inuyasha.rustedlogic.net
+		ftp.jul.rustedlogic.net
+		ssh.jul.rustedlogic.net
+		ftp.lordbbh.rustedlogic.net
+		ssh.lordbbh.rustedlogic.net
+		ftp.lain.rustedlogic.net
+		ssh.lain.rustedlogic.net
+		luca.rustedlogic.net
+		www.luca.rustedlogic.net
+		ftp.luca.rustedlogic.net
+		ssh.luca.rustedlogic.net
+		minecraft.rustedlogic.net
+		www.minecraft.rustedlogic.net
+		ftp.minecraft.rustedlogic.net
+		ssh.minecraft.rustedlogic.net
+		ftp.ninetales.rustedlogic.net
+		ssh.ninetales.rustedlogic.net
+		peardian.rustedlogic.net
+		www.peardian.rustedlogic.net
+		ftp.peardian.rustedlogic.net
+		ssh.peardian.rustedlogic.net
+		ftp.petscop.rustedlogic.net
+		ssh.petscop.rustedlogic.net
+		qubedstudios.rustedlogic.net
+		www.qubedstudios.rustedlogic.net
+		ftp.qubedstudios.rustedlogic.net
+		ssh.qubedstudios.rustedlogic.net
+		rahan.rustedlogic.net
+		www.rahan.rustedlogic.net
+		ftp.rahan.rustedlogic.net
+		ssh.rahan.rustedlogic.net
+		ftp.retrodev.rustedlogic.net
+		ssh.retrodev.rustedlogic.net
+		ftp.sardoose.rustedlogic.net
+		ssh.sardoose.rustedlogic.net
+		ssh.rustedlogic.net
+		stats.rustedlogic.net
+		www.stats.rustedlogic.net
+		ftp.stats.rustedlogic.net
+		ssh.stats.rustedlogic.net
+		supakitsune.rustedlogic.net
+		www.supakitsune.rustedlogic.net
+		ftp.supakitsune.rustedlogic.net
+		ssh.supakitsune.rustedlogic.net
+		trs.rustedlogic.net
+		www.trs.rustedlogic.net
+		ftp.trs.rustedlogic.net
+		ssh.trs.rustedlogic.net
+		tyty.rustedlogic.net
+		www.tyty.rustedlogic.net
+		ftp.tyty.rustedlogic.net
+		ssh.tyty.rustedlogic.net
+		wiki.rustedlogic.net
+		www.wiki.rustedlogic.net
+		ftp.wiki.rustedlogic.net
+		ssh.wiki.rustedlogic.net
+		xkeeper.rustedlogic.net
+		www.xkeeper.rustedlogic.net
+		ftp.xkeeper.rustedlogic.net
+		ssh.xkeeper.rustedlogic.net
+		tas.xkeeper.rustedlogic.net
+		ftp.tas.xkeeper.rustedlogic.net
+		ssh.tas.xkeeper.rustedlogic.net
+		webmail.rustedlogic.net
+		www.webmail.rustedlogic.net
+
+	Refused:
+		mysql.chineseodyssey.rustedlogic.net
+		mysql.cpu13.rustedlogic.net
+		mysql.disgaea.rustedlogic.net
+		einherjar.rustedlogic.net
+		irc.rustedlogic.net
+		mail.rustedlogic.net
+		mysql.minecraft.rustedlogic.net
+		mysql.rustedlogic.net
+		mysql.ninetales.rustedlogic.net
+		mysql.petscop.rustedlogic.net
+		mysql.retrodev.rustedlogic.net
+		mysql.sardoose.rustedlogic.net
+		mysql.stats.rustedlogic.net
+		mysql.xkeeper.rustedlogic.net
+
+	Time out:
+		new.jul.rustedlogic.net
+		new.stats.rustedlogic.net
+		nextjen.rustedlogic.net
+-->
+<ruleset name="rustedlogic.net">
+	<target host="rustedlogic.net" />
+	<target host="www.rustedlogic.net" />
+	<target host="acmlm.rustedlogic.net" />
+	<target host="www.acmlm.rustedlogic.net" />
+	<target host="bmf.rustedlogic.net" />
+	<target host="www.bmf.rustedlogic.net" />
+	<target host="darkdata.rustedlogic.net" />
+	<target host="www.darkdata.rustedlogic.net" />
+	<target host="disgaea.rustedlogic.net" />
+	<target host="www.disgaea.rustedlogic.net" />
+	<target host="jul.rustedlogic.net" />
+	<target host="www.jul.rustedlogic.net" />
+	<target host="lain.rustedlogic.net" />
+	<target host="www.lain.rustedlogic.net" />
+	<target host="lordbbh.rustedlogic.net" />
+	<target host="www.lordbbh.rustedlogic.net" />
+	<target host="ninetales.rustedlogic.net" />
+	<target host="www.ninetales.rustedlogic.net" />
+	<target host="petscop.rustedlogic.net" />
+	<target host="www.petscop.rustedlogic.net" />
+	<target host="retrodev.rustedlogic.net" />
+	<target host="www.retrodev.rustedlogic.net" />
+	<target host="sanky.rustedlogic.net" />
+	<target host="sanqui.rustedlogic.net" />
+	<target host="sardoose.rustedlogic.net" />
+	<target host="www.sardoose.rustedlogic.net" />
+	<target host="treeki.rustedlogic.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/rutland.gov.uk.xml b/src/chrome/content/rules/rutland.gov.uk.xml
index 398fbfbff045..48e2e1e4da1e 100644
--- a/src/chrome/content/rules/rutland.gov.uk.xml
+++ b/src/chrome/content/rules/rutland.gov.uk.xml
@@ -26,7 +26,7 @@
 		- webpayments.rutland.gov.uk
 
 -->
-<ruleset name="Rutland.gov.uk (partial)" default_off="missing certificate chain">
+<ruleset name="Rutland.gov.uk (partial)" default_off="cert-chain">
 
 	<target host="webpayments.rutland.gov.uk" />
 
diff --git a/src/chrome/content/rules/rw-online.co.uk.xml b/src/chrome/content/rules/rw-online.co.uk.xml
index 626ed536cea8..616d0e0d0b57 100644
--- a/src/chrome/content/rules/rw-online.co.uk.xml
+++ b/src/chrome/content/rules/rw-online.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://rw-online.co.uk/ => https://rw-online.co.uk/: (60, 'SSL cert
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="RW-online.co.uk" default_off='failed ruleset test'>
+<ruleset name="RW-online.co.uk" default_off="failed ruleset test">
 
 	<target host="rw-online.co.uk" />
 	<target host="www.rw-online.co.uk" />
diff --git a/src/chrome/content/rules/rwe.de.xml b/src/chrome/content/rules/rwe.de.xml
index d372463e7c71..289a8ac31e0f 100644
--- a/src/chrome/content/rules/rwe.de.xml
+++ b/src/chrome/content/rules/rwe.de.xml
@@ -8,7 +8,7 @@ Fetch error: http://webmarket.rwe.de/ => https://webmarket.rwe.de/: (6, 'Could n
 	^rwe.de: Mismatched
 
 -->
-<ruleset name="RWE.de" default_off='failed ruleset test'>
+<ruleset name="RWE.de" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/s3arch.eu.xml b/src/chrome/content/rules/s3arch.eu.xml
deleted file mode 100644
index 43c7eea9fa61..000000000000
--- a/src/chrome/content/rules/s3arch.eu.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="s3arch.eu">
-	<target host="s3arch.eu" />
-	<target host="www.s3arch.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/s8bbs.com.xml b/src/chrome/content/rules/s8bbs.com.xml
deleted file mode 100644
index c365ab221ccc..000000000000
--- a/src/chrome/content/rules/s8bbs.com.xml
+++ /dev/null
@@ -1,21 +0,0 @@
-<!--
-	Invalid certificate:
-		^
-		www
-
-	Refused:
-		attach.s8bbs.com
-		content.s8bbs.com
--->
-<ruleset name="s8bbs.com">
-	<target host="adp.s8bbs.com" />
-		<test url="http://adp.s8bbs.com/g.php" />
-	<target host="adv.s8bbs.com" />
-		<test url="http://adv.s8bbs.com/adv_top.htm" />
-	<target host="hot.s8bbs.com" />
-		<test url="http://hot.s8bbs.com/g.php?id=3&amp;t=g" />
-	<target host="img.s8bbs.com" />
-		<test url="http://img.s8bbs.com/f739f32671ae7f8ef193987f7de5a8e9.png" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/saba.com.xml b/src/chrome/content/rules/saba.com.xml
index dec0575096b2..ed58885e062d 100644
--- a/src/chrome/content/rules/saba.com.xml
+++ b/src/chrome/content/rules/saba.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://help.saba.com/ => https://help.saba.com/: (7, 'Failed to con
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Saba.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Saba.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/safeornot.net.xml b/src/chrome/content/rules/safeornot.net.xml
index dc9d4c42cf72..edbae0cf99d1 100644
--- a/src/chrome/content/rules/safeornot.net.xml
+++ b/src/chrome/content/rules/safeornot.net.xml
@@ -11,11 +11,11 @@ Fetch error: http://safeornot.net/ => https://safeornot.net/: (60, 'SSL certific
 		- www 		(cert mismatch, CN: geo.cryptolayer.net)
 
 -->
-<ruleset name="SafeOrNot.net" default_off='failed ruleset test'>
+<ruleset name="SafeOrNot.net" default_off="failed ruleset test">
 	<target host="safeornot.net" />
 
   	<securecookie host="^safeornot\.net$" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/sahih-bukhari.com.xml b/src/chrome/content/rules/sahih-bukhari.com.xml
deleted file mode 100644
index 0019cc7a9bf3..000000000000
--- a/src/chrome/content/rules/sahih-bukhari.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="sahih-bukhari.com">
-	<target host="sahih-bukhari.com" />
-	<target host="www.sahih-bukhari.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/samaratoday.ru.xml b/src/chrome/content/rules/samaratoday.ru.xml
index 30d73725a479..46917becb367 100644
--- a/src/chrome/content/rules/samaratoday.ru.xml
+++ b/src/chrome/content/rules/samaratoday.ru.xml
@@ -12,7 +12,7 @@ news.samaratoday.ru mixed content
 
 ⁴ self signed
 -->
-<ruleset name="samaratoday.ru" default_off='failed ruleset test'>
+<ruleset name="samaratoday.ru" default_off="failed ruleset test">
 	<target host="samaratoday.ru" />
 	<target host="www.samaratoday.ru" />
 	<target host="gorodok.samaratoday.ru" />
diff --git a/src/chrome/content/rules/samlab.ws.xml b/src/chrome/content/rules/samlab.ws.xml
new file mode 100644
index 000000000000..a10ba660862d
--- /dev/null
+++ b/src/chrome/content/rules/samlab.ws.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.samlab.ws
+		ipv4.samlab.ws
+		mail.samlab.ws
+		webmail.samlab.ws
+
+	Unreachable:
+		ipv6.samlab.ws
+-->
+<ruleset name="samlab.ws">
+	<target host="samlab.ws" />
+	<target host="www.samlab.ws" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/samy.pl.xml b/src/chrome/content/rules/samy.pl.xml
index 0eb9b5d5b668..8dbd063bf12f 100644
--- a/src/chrome/content/rules/samy.pl.xml
+++ b/src/chrome/content/rules/samy.pl.xml
@@ -15,7 +15,7 @@ ww.samy.pl ¹
 
 ¹ mismatch
 -->
-<ruleset name="samy.pl" default_off='failed ruleset test'>
+<ruleset name="samy.pl" default_off="failed ruleset test">
 	<target host="samy.pl" />
 	<target host="www.samy.pl" />
 	<target host="188.165.140.80.ip.samy.pl" />
diff --git a/src/chrome/content/rules/sanghicement.com.xml b/src/chrome/content/rules/sanghicement.com.xml
new file mode 100644
index 000000000000..46b34f01797f
--- /dev/null
+++ b/src/chrome/content/rules/sanghicement.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Time out:
+		crm.sanghicement.com
+		mail.sanghicement.com
+		mail1.sanghicement.com
+		srm.sanghicement.com
+-->
+<ruleset name="sanghicement.com">
+	<target host="sanghicement.com" />
+	<target host="www.sanghicement.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/santafelinux.com.xml b/src/chrome/content/rules/santafelinux.com.xml
deleted file mode 100644
index e7da270651e4..000000000000
--- a/src/chrome/content/rules/santafelinux.com.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="santafelinux.com">
-	<target host="santafelinux.com" />
-	<target host="www.santafelinux.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/saskatooncarshare.xml b/src/chrome/content/rules/saskatooncarshare.xml
new file mode 100644
index 000000000000..6a1a527ebaac
--- /dev/null
+++ b/src/chrome/content/rules/saskatooncarshare.xml
@@ -0,0 +1,6 @@
+<ruleset name="saskatooncarshare">
+	<target host="saskatooncarshare.com" />
+	<target host="www.saskatooncarshare.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/saskcoop.xml b/src/chrome/content/rules/saskcoop.xml
new file mode 100644
index 000000000000..2d5e5f4ca0bc
--- /dev/null
+++ b/src/chrome/content/rules/saskcoop.xml
@@ -0,0 +1,5 @@
+<ruleset name="saskcoop">
+	<target host="sask.coop" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/satoshilabs.com-falsemixed.xml b/src/chrome/content/rules/satoshilabs.com-falsemixed.xml
deleted file mode 100644
index 35bf22403e6f..000000000000
--- a/src/chrome/content/rules/satoshilabs.com-falsemixed.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://stage.satoshilabs.com/ => https://stage.satoshilabs.com/: (6, 'Could not resolve host: stage.satoshilabs.com')
-
-	For rules not causing false/broken MCB, see satoshilabs.com.xml.
-
--->
-<ruleset name="SatoshiLabs.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
-
-	<target host="satoshilabs.com" />
-	<target host="stage.satoshilabs.com" />
-	<target host="www.satoshilabs.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/satoshilabs.com.xml b/src/chrome/content/rules/satoshilabs.com.xml
deleted file mode 100644
index 549b942fc1ed..000000000000
--- a/src/chrome/content/rules/satoshilabs.com.xml
+++ /dev/null
@@ -1,36 +0,0 @@
-<!--
-	For rules causing false/broken MCB, see satoshilabs.com-falsemixed.xml.
-
-	Other SatoshiLabs rulesets:
-
-		- bitcointrezor.com.xml
-		- BuyTREZOR.com.xml
-
-
-	Mixed content:
-
-		- css on ^, stage from ^satoshilabs.com ˢ
-
-		- Images, on:
-
-			- ^, stage from ^satoshilabs.com ˢ
-			- ^, stage from stage.satoshilabs.com ˢ
-
-	ˢ Secured by us
-
--->
-<ruleset name="SatoshiLabs.com (partial)">
-
-	<!--target host="satoshilabs.com" /-->
-	<target host="doc.satoshilabs.com" />
-	<!--target host="stage.satoshilabs.com" /-->
-	<!--target host="www.satoshilabs.com" /-->
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/saturn.de.xml b/src/chrome/content/rules/saturn.de.xml
index 5255f2582f6e..3cd2a600f65b 100644
--- a/src/chrome/content/rules/saturn.de.xml
+++ b/src/chrome/content/rules/saturn.de.xml
@@ -54,7 +54,7 @@ prospekt.saturn.de different content
 ⁶ redirect
 ⁷ protocol error
 -->
-<ruleset name="saturn.de" default_off='failed ruleset test'>
+<ruleset name="saturn.de" default_off="failed ruleset test">
 	<target host="saturn.de" />
 	<target host="www.saturn.de" />
 	<target host="adventskalender.saturn.de" />
diff --git a/src/chrome/content/rules/schema.org.xml b/src/chrome/content/rules/schema.org.xml
index 23f0feeff3fd..212f5511dbb4 100644
--- a/src/chrome/content/rules/schema.org.xml
+++ b/src/chrome/content/rules/schema.org.xml
@@ -1,16 +1,25 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.schema.org/ => https://www.schema.org/: Too many redirects while fetching 'https://www.schema.org/'
-
-	refused:
+	Refused:
 		- blog.schema.org
+
+	Timeout:
+		- www.schema.org
 -->
-<ruleset name="schema.org" default_off='failed ruleset test'>
-	<target host="schema.org"/>
-	<target host="www.schema.org"/>
-	<target host="bib.schema.org"/>
+<ruleset name="schema.org">
+
+	<target host="schema.org" />
+	<target host="attic.schema.org" />
+	<target host="auto.schema.org" />
+	<target host="bib.schema.org" />
+	<target host="fibo.schema.org" />
+	<target host="finance.schema.org" />
+	<target host="google.schema.org" />
+	<target host="health-lifesci.schema.org" />
+	<target host="iot.schema.org" />
+	<target host="legal.schema.org" />
+	<target host="meta.schema.org" />
+	<target host="pending.schema.org" />
+
+	<rule from="^http:" to="https:" />
 
-	<rule from="^http:"
-		to="https:"/>
 </ruleset>
diff --git a/src/chrome/content/rules/schlicht-moebel.de.xml b/src/chrome/content/rules/schlicht-moebel.de.xml
deleted file mode 100644
index 9b5befb93d30..000000000000
--- a/src/chrome/content/rules/schlicht-moebel.de.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="schlicht-moebel.de">
-        <target host="schlicht-moebel.de" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/sciencedirect.com.xml b/src/chrome/content/rules/sciencedirect.com.xml
index 0875ecf82d73..3f24d070b8c0 100644
--- a/src/chrome/content/rules/sciencedirect.com.xml
+++ b/src/chrome/content/rules/sciencedirect.com.xml
@@ -14,7 +14,7 @@
 		technology.sciencedirect.com
 
 	Refused connection:
-		help.sciencedirect.com 
+		help.sciencedirect.com
 			(website sometimes links to //help.sciencedirect.com even though it is not working)
 		info.sciencedirect.com
 		www.info.sciencedirect.com
@@ -40,7 +40,7 @@
 	<target host="holdings.sciencedirect.com" />
 	<target host="pdn.sciencedirect.com" />
 	<target host="rss.sciencedirect.com" />
-	
+
 	<target host="sdfestaticassets.sciencedirectassets.com" />
 		<test url="http://sdfestaticassets.sciencedirectassets.com/prod/9b58ca69938c5ab521a75fffc20b1f4d285d94a0/images/logo.png" />
 	<target host="sdfestaticassets-us-east-1.sciencedirectassets.com" />
diff --git a/src/chrome/content/rules/scmagazine.com.xml b/src/chrome/content/rules/scmagazine.com.xml
index ed2d41a37466..da18871b72a7 100644
--- a/src/chrome/content/rules/scmagazine.com.xml
+++ b/src/chrome/content/rules/scmagazine.com.xml
@@ -59,9 +59,6 @@
 	<rule from="^http://scmagazine\.com/"
 		to="https://www.scmagazine.com/" />
 
-	<rule from="^http://media\.scmagazine\.com/"
-		to="https://dw5yb2c18zulu.cloudfront.net/" />
-
 		<test url="http://media.scmagazine.com/images/2012/07/02/oba_advertising_15_271149_272924.png" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/scons.org.xml b/src/chrome/content/rules/scons.org.xml
new file mode 100644
index 000000000000..ed8cfc93bf84
--- /dev/null
+++ b/src/chrome/content/rules/scons.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="scons.org">
+	<target host="scons.org" />
+	<target host="www.scons.org" />
+	<!-- mismatch <target host="ftp.scons.org" /> -->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/scoreassured.com.xml b/src/chrome/content/rules/scoreassured.com.xml
index ad7431e8864b..d8527f6b9238 100644
--- a/src/chrome/content/rules/scoreassured.com.xml
+++ b/src/chrome/content/rules/scoreassured.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.scoreassured.com/ => https://www.scoreassured.com/: (60,
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Score Assured.com" default_off='failed ruleset test'>
+<ruleset name="Score Assured.com" default_off="failed ruleset test">
 
 	<target host="scoreassured.com" />
 	<target host="www.scoreassured.com" />
diff --git a/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml b/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml
index 20360fb34e6b..f45de0215389 100644
--- a/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml
+++ b/src/chrome/content/rules/scotland.police.uk-mixedcontent.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.scotland.police.uk/your-community/fife/ => https://www.s
 	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Scotland.Police.uk (MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Scotland.Police.uk (MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="www.scotland.police.uk" />
 
diff --git a/src/chrome/content/rules/scotland.police.uk.xml b/src/chrome/content/rules/scotland.police.uk.xml
index 45c25d3c6ad5..66f06e58b743 100644
--- a/src/chrome/content/rules/scotland.police.uk.xml
+++ b/src/chrome/content/rules/scotland.police.uk.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.askthe.scotland.police.uk/ => https://www.askthe.scotlan
 	Mixed content:
 
 		- css, on:
-		
+
 			- www from serverapi.arcgisonline.com ˢ
 			- www from live.policestatic.co.uk ʰ
 
@@ -28,7 +28,7 @@ Fetch error: http://www.askthe.scotland.police.uk/ => https://www.askthe.scotlan
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Scotland.Police.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Scotland.Police.uk (partial)" default_off="failed ruleset test">
 
 	<target host="www.askthe.scotland.police.uk" />
 	<target host="www.scotland.police.uk" />
diff --git a/src/chrome/content/rules/scrutinizer-ci.com.xml b/src/chrome/content/rules/scrutinizer-ci.com.xml
index 7874ca6eae8d..caf61ae4538d 100644
--- a/src/chrome/content/rules/scrutinizer-ci.com.xml
+++ b/src/chrome/content/rules/scrutinizer-ci.com.xml
@@ -48,7 +48,7 @@ wss.scrutinizer-ci.com different content
 ³ timed out
 ⁵ expired
 -->
-<ruleset name="scrutinizer-ci.com" default_off='failed ruleset test'>
+<ruleset name="scrutinizer-ci.com" default_off="failed ruleset test">
 	<target host="scrutinizer-ci.com" />
 	<target host="www.scrutinizer-ci.com" />
 	<target host="status.scrutinizer-ci.com" />
diff --git a/src/chrome/content/rules/sdk.cn.xml b/src/chrome/content/rules/sdk.cn.xml
deleted file mode 100644
index 3d18529b4f4c..000000000000
--- a/src/chrome/content/rules/sdk.cn.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SDK.cn">
-
-	<target host="sdk.cn" />
-	<target host="www.sdk.cn" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/sdkboy.com.xml b/src/chrome/content/rules/sdkboy.com.xml
new file mode 100644
index 000000000000..3cf4fa39046a
--- /dev/null
+++ b/src/chrome/content/rules/sdkboy.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="sdkboy.com">
+	<target host="sdkboy.com" />
+	<target host="www.sdkboy.com" />
+	<target host="autodiscover.sdkboy.com" />
+	<target host="cpanel.sdkboy.com" />
+	<target host="mail.sdkboy.com" />
+	<target host="webdisk.sdkboy.com" />
+	<target host="webmail.sdkboy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/searchteria.co.jp.xml b/src/chrome/content/rules/searchteria.co.jp.xml
index 547ee2fc1c0c..cd7824a8b941 100644
--- a/src/chrome/content/rules/searchteria.co.jp.xml
+++ b/src/chrome/content/rules/searchteria.co.jp.xml
@@ -17,4 +17,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/searx.com.au.xml b/src/chrome/content/rules/searx.com.au.xml
deleted file mode 100644
index 567c7b676ceb..000000000000
--- a/src/chrome/content/rules/searx.com.au.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="searx.com.au">
-	<target host="searx.com.au" />
-	<target host="www.searx.com.au" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/searx.dk.xml b/src/chrome/content/rules/searx.dk.xml
deleted file mode 100644
index 39786859f03d..000000000000
--- a/src/chrome/content/rules/searx.dk.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="searx.dk">
-	<target host="searx.dk" />
-	<target host="www.searx.dk" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/searx.pw.xml b/src/chrome/content/rules/searx.pw.xml
index 08ebb701a3b8..fdb877e85c08 100644
--- a/src/chrome/content/rules/searx.pw.xml
+++ b/src/chrome/content/rules/searx.pw.xml
@@ -1,8 +1,8 @@
 <ruleset name="searx.pw">
-	
+
 	<target host="searx.pw" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		  to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/secnews.ru.xml b/src/chrome/content/rules/secnews.ru.xml
new file mode 100644
index 000000000000..9330ffd06695
--- /dev/null
+++ b/src/chrome/content/rules/secnews.ru.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		ftp.secnews.ru
+		pop.secnews.ru
+		smtp.secnews.ru
+		test.secnews.ru
+
+	Refused:
+		mail.secnews.ru
+-->
+<ruleset name="secnews.ru">
+	<target host="secnews.ru" />
+	<target host="www.secnews.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/secouchermoinsbete.fr.xml b/src/chrome/content/rules/secouchermoinsbete.fr.xml
new file mode 100644
index 000000000000..1d26d293b6a8
--- /dev/null
+++ b/src/chrome/content/rules/secouchermoinsbete.fr.xml
@@ -0,0 +1,7 @@
+<ruleset name="secouchermoinsbete.fr">
+	<target host="secouchermoinsbete.fr" />
+	<target host="www.secouchermoinsbete.fr" />
+	<target host="mobile.secouchermoinsbete.fr" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/selfhtml.org.xml b/src/chrome/content/rules/selfhtml.org.xml
index 3d27739abafb..b7b2e904fb6e 100644
--- a/src/chrome/content/rules/selfhtml.org.xml
+++ b/src/chrome/content/rules/selfhtml.org.xml
@@ -1,11 +1,11 @@
 <!--
     Not covered:
 	community.de.selfhtml.org -> self-signed & is possibly changed/deleted in the near future
-		
+
     Mixed content:
 	wiki.selfhtml.org (from src.selfhtml.org)
 	blog.selfhtml.org (from blog.selfhtml.org)
-	
+
     Discussion:
 	https://forum.selfhtml.org/meta/2015/sep/9/https-bei-selfhtml/1649624 (DE)
 	https://forum.selfhtml.org/meta/2015/sep/8/https-fuer-forum-punkt-selfhtml-punkt-org/1649452 (DE)
diff --git a/src/chrome/content/rules/sepa.org.uk-falsemixed.xml b/src/chrome/content/rules/sepa.org.uk-falsemixed.xml
index 4a05db8c793c..6abd9af07df7 100644
--- a/src/chrome/content/rules/sepa.org.uk-falsemixed.xml
+++ b/src/chrome/content/rules/sepa.org.uk-falsemixed.xml
@@ -6,7 +6,7 @@ Non-2xx HTTP code: http://gis.sepa.org.uk/ (200) => https://gis.sepa.org.uk/ (40
 	For rules not causing false/broken MCB, see sepa.org.uk.xml.
 
 -->
-<ruleset name="SEPA.org.uk (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SEPA.org.uk (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="gis.sepa.org.uk" />
 	<target host="map.sepa.org.uk" />
diff --git a/src/chrome/content/rules/sepa.org.uk.xml b/src/chrome/content/rules/sepa.org.uk.xml
index 869ca47a28bc..ad5ee3d7afa7 100644
--- a/src/chrome/content/rules/sepa.org.uk.xml
+++ b/src/chrome/content/rules/sepa.org.uk.xml
@@ -45,7 +45,7 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- gis from serverapi.arcgisonline.com ˢ
 			- map from js.arcgisonline.com ˢ
 			- map from code.jquery.com ˢ
diff --git a/src/chrome/content/rules/serieb.tv.xml b/src/chrome/content/rules/serieb.tv.xml
deleted file mode 100644
index 5adb52437303..000000000000
--- a/src/chrome/content/rules/serieb.tv.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SerieB.tv">
-
-	<target host="serieb.tv" />
-	<target host="www.serieb.tv" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/serverbase.xml b/src/chrome/content/rules/serverbase.xml
index 2a756d1ef6e6..1daa63c1e5a4 100644
--- a/src/chrome/content/rules/serverbase.xml
+++ b/src/chrome/content/rules/serverbase.xml
@@ -10,7 +10,7 @@ Fetch error: http://support.serverbase.ch/ => https://support.serverbase.ch/: (2
 			- vm*
 		*serverbase-status.net
 -->
-<ruleset name="ServerBase" default_off='failed ruleset test'>
+<ruleset name="ServerBase" default_off="failed ruleset test">
 	<target host="serverbase.ch"/>
 	<target host="www.serverbase.ch"/>
 	<target host="my.serverbase.ch"/>
diff --git a/src/chrome/content/rules/servote.de.xml b/src/chrome/content/rules/servote.de.xml
new file mode 100644
index 000000000000..7a1e73864c2c
--- /dev/null
+++ b/src/chrome/content/rules/servote.de.xml
@@ -0,0 +1,15 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="servote.de">
+
+	<target host="servote.de" />
+	<target host="www.servote.de" />
+	<target host="vidapi.servote.de" />
+		<test url="http://vidapi.servote.de/images/gamepro/btcw6n1p8o_76475x76447.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/seven-sky.net.xml b/src/chrome/content/rules/seven-sky.net.xml
index cd373fa27996..9820116c7457 100644
--- a/src/chrome/content/rules/seven-sky.net.xml
+++ b/src/chrome/content/rules/seven-sky.net.xml
@@ -10,7 +10,7 @@ community.seven-sky.net mismatch
 podpiska.seven-sky.net mismatch
 reg.seven-sky.net mismatch
 -->
-<ruleset name="seven-sky.net (partial)" default_off='failed ruleset test'>
+<ruleset name="seven-sky.net (partial)" default_off="failed ruleset test">
 	<target host="lk.seven-sky.net" />
 	<target host="stat.seven-sky.net" />
 	<target host="webmail.seven-sky.net" />
diff --git a/src/chrome/content/rules/sex8.cc.xml b/src/chrome/content/rules/sex8.cc.xml
new file mode 100644
index 000000000000..931895938ed9
--- /dev/null
+++ b/src/chrome/content/rules/sex8.cc.xml
@@ -0,0 +1,8 @@
+<ruleset name="sex8.cc">
+	<target host="sex8.cc" />
+	<target host="www.sex8.cc" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sharetobuy.com.xml b/src/chrome/content/rules/sharetobuy.com.xml
index 02e8d0d8122a..096b44bd1f80 100644
--- a/src/chrome/content/rules/sharetobuy.com.xml
+++ b/src/chrome/content/rules/sharetobuy.com.xml
@@ -2,7 +2,7 @@
     <target host="sharetobuy.com" />
     <target host="*.sharetobuy.com" />
 
-    <securecookie host="^(?:.*\.)?sharetobuy\.com$" name=".+" />
+    <securecookie host=".+" name=".+"/>
 
     <rule from="^http://sharetobuy\.com/"
         to="https://www.sharetobuy.com/" />
diff --git a/src/chrome/content/rules/shields.io.xml b/src/chrome/content/rules/shields.io.xml
index 9ba825a80a6f..22bf19551c90 100644
--- a/src/chrome/content/rules/shields.io.xml
+++ b/src/chrome/content/rules/shields.io.xml
@@ -5,7 +5,7 @@ www.shields.io mismatch
 	<target host="shields.io" />
 	<target host="www.shields.io" />
 	<target host="img.shields.io" />
-	
+
 	<rule from="^http://www\.shields\.io/"
 		to="https://shields.io/" />
 
diff --git a/src/chrome/content/rules/shinystat.com.xml b/src/chrome/content/rules/shinystat.com.xml
index 894748739367..86ce284cd4fb 100644
--- a/src/chrome/content/rules/shinystat.com.xml
+++ b/src/chrome/content/rules/shinystat.com.xml
@@ -4,7 +4,7 @@
 		- css on (www.)? fonts.googleapis.com ˢ
 
 		- Bugs, on:
-		
+
 			- (www.)? from s[24].shinystat.com ˢ
 			- (www.)? from www.shinystat.com ˢ
 
diff --git a/src/chrome/content/rules/shitcoin.com.xml b/src/chrome/content/rules/shitcoin.com.xml
index 34be2251f452..62535fa1bd9d 100644
--- a/src/chrome/content/rules/shitcoin.com.xml
+++ b/src/chrome/content/rules/shitcoin.com.xml
@@ -4,7 +4,7 @@
 
 	<securecookie host=".+" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/shootingillustrated.com.xml b/src/chrome/content/rules/shootingillustrated.com.xml
index 258e2a56abb9..560da36df5cc 100644
--- a/src/chrome/content/rules/shootingillustrated.com.xml
+++ b/src/chrome/content/rules/shootingillustrated.com.xml
@@ -13,7 +13,7 @@ Fetch error: http://wmp.shootingillustrated.com/ => https://wmp.shootingillustra
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Shooting Illustrated.com" default_off='failed ruleset test'>
+<ruleset name="Shooting Illustrated.com" default_off="failed ruleset test">
 
 	<target host="shootingillustrated.com" />
 	<target host="assets.shootingillustrated.com" />
diff --git a/src/chrome/content/rules/shoporca.com.xml b/src/chrome/content/rules/shoporca.com.xml
index fed702e2d28e..df3f1bf10ed1 100644
--- a/src/chrome/content/rules/shoporca.com.xml
+++ b/src/chrome/content/rules/shoporca.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.shoporca.com/ => https://www.shoporca.com/: (28, 'Connec
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Shop Orca.com" default_off='failed ruleset test'>
+<ruleset name="Shop Orca.com" default_off="failed ruleset test">
 
 	<target host="shoporca.com" />
 	<target host="www.shoporca.com" />
diff --git a/src/chrome/content/rules/shopsite.com-falsemixed.xml b/src/chrome/content/rules/shopsite.com-falsemixed.xml
index f2d01a3ae619..378ad7c42a1f 100644
--- a/src/chrome/content/rules/shopsite.com-falsemixed.xml
+++ b/src/chrome/content/rules/shopsite.com-falsemixed.xml
@@ -14,7 +14,7 @@
 
 	<securecookie host="^\w" name=".+" />
 
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/shreksadventure.com.xml b/src/chrome/content/rules/shreksadventure.com.xml
index 9182bae3d8ff..5fcb1a532a4f 100644
--- a/src/chrome/content/rules/shreksadventure.com.xml
+++ b/src/chrome/content/rules/shreksadventure.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://secure.shreksadventure.com/ => https://secure.shreksadventur
 
 	For other Merlin Entertainments coverage, see Merlin-Entertainments.xml.
 -->
-<ruleset name="Shrek's Adventure" default_off='failed ruleset test'>
+<ruleset name="Shrek's Adventure" default_off="failed ruleset test">
 	<target host="shreksadventure.com" />
 	<target host="www.shreksadventure.com" />
 	<target host="secure.shreksadventure.com" />
diff --git a/src/chrome/content/rules/shrew.net.xml b/src/chrome/content/rules/shrew.net.xml
index 85a870e5f193..cad6a4c9796e 100644
--- a/src/chrome/content/rules/shrew.net.xml
+++ b/src/chrome/content/rules/shrew.net.xml
@@ -5,7 +5,7 @@
 
   	<securecookie host="^.*\.shrew\.net$" name=".+" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/shropshire.gov.uk.xml b/src/chrome/content/rules/shropshire.gov.uk.xml
index 2641f3bca867..f92a13f93cc3 100644
--- a/src/chrome/content/rules/shropshire.gov.uk.xml
+++ b/src/chrome/content/rules/shropshire.gov.uk.xml
@@ -23,6 +23,6 @@
 	<target host="www4.shropshire.gov.uk" />
 
 	<securecookie host=".+" name=".+" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/siamogeek.com.xml b/src/chrome/content/rules/siamogeek.com.xml
index af11bab27a0d..7de6c9cec428 100644
--- a/src/chrome/content/rules/siamogeek.com.xml
+++ b/src/chrome/content/rules/siamogeek.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.siamogeek.com/ => https://www.siamogeek.com/: (51, "SSL:
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="Siamo Geek.com" default_off='failed ruleset test'>
+<ruleset name="Siamo Geek.com" default_off="failed ruleset test">
 
 	<target host="siamogeek.com" />
 	<target host="*.siamogeek.com" />
diff --git a/src/chrome/content/rules/siberianet.ru.xml b/src/chrome/content/rules/siberianet.ru.xml
deleted file mode 100644
index f74de31558d8..000000000000
--- a/src/chrome/content/rules/siberianet.ru.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-siberianet.ru timed out
-www.siberianet.ru timed out
-games.siberianet.ru timed out
-kolenval.siberianet.ru timed out
-photoprint.siberianet.ru self signed
-sibmedia.siberianet.ru timed out
-forum.siberianet.ru timed out
-mail.siberianet.ru timed out
-warez.siberianet.ru timed out
--->
-<ruleset name="siberianet.ru (partial)">
-	<target host="cab.siberianet.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/sibinfo.su.xml b/src/chrome/content/rules/sibinfo.su.xml
index d0df4e90f15b..b1a7e7a04c85 100644
--- a/src/chrome/content/rules/sibinfo.su.xml
+++ b/src/chrome/content/rules/sibinfo.su.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://sibinfo.su/ (200) => https://sibinfo.su/ (521)
 Non-2xx HTTP code: http://www.sibinfo.su/ (200) => https://www.sibinfo.su/ (521)
 
 -->
-<ruleset name="sibinfo.su" default_off='failed ruleset test'>
+<ruleset name="sibinfo.su" default_off="failed ruleset test">
 	<target host="sibinfo.su" />
 	<target host="www.sibinfo.su" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/sibttk.ru.xml b/src/chrome/content/rules/sibttk.ru.xml
index 7f33dcdfe8f0..feb26aa1817a 100644
--- a/src/chrome/content/rules/sibttk.ru.xml
+++ b/src/chrome/content/rules/sibttk.ru.xml
@@ -6,11 +6,11 @@ Fetch error: http://bill.sibttk.ru/ => https://bill.sibttk.ru/: (51, "SSL: no al
 sibttk.ru mismatch
 www.sibttk.ru mismatch
 -->
-<ruleset name="sibttk.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="sibttk.ru (partial)" default_off="failed ruleset test">
 	<target host="bill.sibttk.ru" />
-	
+
 	<exclusion pattern="^http://bill\.sibttk\.ru:8080/" />
-	
+
 	<test url="http://bill.sibttk.ru:8080/speedcheck/SpeedCheck.php" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/sicurezzarete.com.xml b/src/chrome/content/rules/sicurezzarete.com.xml
index f6f8a9903e83..b5adfaba0d09 100644
--- a/src/chrome/content/rules/sicurezzarete.com.xml
+++ b/src/chrome/content/rules/sicurezzarete.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://voltalinux.sicurezzarete.com/ => https://voltalinux.sicurezzarete.com/: (51, "SSL: no alternative certificate subject name matches target host name 'voltalinux.sicurezzarete.com'")
 
 -->
-<ruleset name="sicurezzarete.com" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="sicurezzarete.com" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="voltalinux.sicurezzarete.com" />
 	<target host="sicurezzarete.com" />
 	<target host="www.sicurezzarete.com" />
diff --git a/src/chrome/content/rules/sierraclubbc.xml b/src/chrome/content/rules/sierraclubbc.xml
new file mode 100644
index 000000000000..6de7c2e61c1e
--- /dev/null
+++ b/src/chrome/content/rules/sierraclubbc.xml
@@ -0,0 +1,6 @@
+<ruleset name="sierraclubbc">
+	<target host="sierraclub.bc.ca" />
+	<target host="www.sierraclub.bc.ca" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/silego.com.xml b/src/chrome/content/rules/silego.com.xml
new file mode 100644
index 000000000000..ef3735ae339c
--- /dev/null
+++ b/src/chrome/content/rules/silego.com.xml
@@ -0,0 +1,31 @@
+<!--
+	Ruleset for Silego, the store for Dialog Semicondictor GreenPAK parts.
+-->
+<ruleset name="silego.com">
+	<target host="silego.com" />
+	<target host="www.silego.com" />
+	<target host="docs.silego.com" />
+	<target host="www.docs.silego.com" />
+	<target host="greenclk.silego.com" />
+	<target host="www.greenclk.silego.com" />
+	<target host="greenclk2.silego.com" />
+	<target host="www.greenclk2.silego.com" />
+	<target host="greenclk3.silego.com" />
+	<target host="www.greenclk3.silego.com" />
+	<target host="greenfet.silego.com" />
+	<target host="www.greenfet.silego.com" />
+	<target host="greenfet3.silego.com" />
+	<target host="www.greenfet3.silego.com" />
+	<target host="greenpak.silego.com" />
+	<target host="www.greenpak.silego.com" />
+	<target host="greenpak2.silego.com" />
+	<target host="www.greenpak2.silego.com" />
+	<target host="greenpak3.silego.com" />
+	<target host="www.greenpak3.silego.com" />
+	<target host="store.silego.com" />
+	<target host="www.store.silego.com" />
+	<target host="support.silego.com" />
+	<target host="www.support.silego.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/simpel.nl.xml b/src/chrome/content/rules/simpel.nl.xml
index 4a5a53873d4b..8d7358e1a2fc 100644
--- a/src/chrome/content/rules/simpel.nl.xml
+++ b/src/chrome/content/rules/simpel.nl.xml
@@ -5,15 +5,13 @@ Fetch error: http://mijnsimpel.nl/ => https://mijnsimpel.nl/: (7, 'Failed to con
 Fetch error: http://www.mijnsimpel.nl/ => https://www.mijnsimpel.nl/: (7, 'Failed to connect to www.mijnsimpel.nl port 443: Connection refused')
 
 -->
-<ruleset name="Simpel.nl" default_off='failed ruleset test'>
+<ruleset name="Simpel.nl" default_off="failed ruleset test">
 
 	<target host="simpel.nl"/>
 	<target host="www.simpel.nl"/>
 	<target host="mijnsimpel.nl"/>
 	<target host="www.mijnsimpel.nl"/>
-
-	<securecookie host="^(?:.*\.)?simpel.nl$" name=".+" />
-	<securecookie host="^(?:.*\.)?mijnsimpel.nl$" name=".+" />
+	<securecookie host=".+" name=".+"/>
 
 	<rule from="^http:" to="https:" />
 
diff --git a/src/chrome/content/rules/simplemachines.xml b/src/chrome/content/rules/simplemachines.xml
index c0b49bbcbf29..dd58d5ef0bc9 100644
--- a/src/chrome/content/rules/simplemachines.xml
+++ b/src/chrome/content/rules/simplemachines.xml
@@ -1,17 +1,17 @@
-<ruleset name="Simple Machines">
-	<target host="simplemachines.org"/>
-	<target host="www.simplemachines.org"/>
-	<target host="adsystem.simplemachines.org"/>
-	<target host="blogs.simplemachines.org"/>
-	<target host="custom.simplemachines.org"/>
-	<target host="dev.simplemachines.org"/>
-	<target host="download.simplemachines.org"/>
-	<target host="mods.simplemachines.org"/>
-	<target host="wiki.simplemachines.org"/>
-	<target host="support.simplemachines.org"/>
-	<target host="media.simplemachinesweb.com"/>
-		<test url="http://media.simplemachinesweb.com/smf/default/images/theme/backdrop.png"/>
-		<exclusion pattern="^http://media\.simplemachinesweb\.com/$" />  <!-- nothing here and it causes test to fail /-->
-	<securecookie host=".+" name=".+" />
-	<rule from="^http:" to="https:"/>
-</ruleset>
+<ruleset name="Simple Machines">
+	<target host="simplemachines.org"/>
+	<target host="www.simplemachines.org"/>
+	<target host="adsystem.simplemachines.org"/>
+	<target host="blogs.simplemachines.org"/>
+	<target host="custom.simplemachines.org"/>
+	<target host="dev.simplemachines.org"/>
+	<target host="download.simplemachines.org"/>
+	<target host="mods.simplemachines.org"/>
+	<target host="wiki.simplemachines.org"/>
+	<target host="support.simplemachines.org"/>
+	<target host="media.simplemachinesweb.com"/>
+		<test url="http://media.simplemachinesweb.com/smf/default/images/theme/backdrop.png"/>
+		<exclusion pattern="^http://media\.simplemachinesweb\.com/$" />  <!-- nothing here and it causes test to fail /-->
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/simplewebrtc.com.xml b/src/chrome/content/rules/simplewebrtc.com.xml
index 2cbdca877e2a..f3f00bd46579 100644
--- a/src/chrome/content/rules/simplewebrtc.com.xml
+++ b/src/chrome/content/rules/simplewebrtc.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://www.simplewebrtc.com/ => https://www.simplewebrtc.com/: (7,
 Fetch error: http://signaling.simplewebrtc.com/ => https://signaling.simplewebrtc.com/: (6, 'Could not resolve host: signaling.simplewebrtc.com')
 
 -->
-<ruleset name="simplewebrtc.com" default_off='failed ruleset test'>
+<ruleset name="simplewebrtc.com" default_off="failed ruleset test">
 	<target host="simplewebrtc.com" />
 	<target host="www.simplewebrtc.com" />
 	<target host="sandbox.simplewebrtc.com" />
diff --git a/src/chrome/content/rules/simplyaccessible.com.xml b/src/chrome/content/rules/simplyaccessible.com.xml
deleted file mode 100644
index 8aa6eb0557ba..000000000000
--- a/src/chrome/content/rules/simplyaccessible.com.xml
+++ /dev/null
@@ -1,26 +0,0 @@
-<!--
-
-	Mismatched hosts in *simplyaccessible.com:
-
-		- accessu
-		- codepalousa
-		- csun
-		- drupal
-		- examples
-		- nagw
-		- scheduler
-		- * (wildcard dns)
-
-	Expired hosts in *simplyaccessible.com:
-
-		- cx
-
--->
-<ruleset name="simplyaccessible.com">
-	<target host="simplyaccessible.com" />
-	<target host="www.simplyaccessible.com" />
-	<target host="reports.simplyaccessible.com" />
-	<target host="store.simplyaccessible.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/simtechdev.ru.xml b/src/chrome/content/rules/simtechdev.ru.xml
index 75aa75e17906..75fcac3a375b 100644
--- a/src/chrome/content/rules/simtechdev.ru.xml
+++ b/src/chrome/content/rules/simtechdev.ru.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.simtechdev.ru/ => https://www.simtechdev.ru/: (51, "SSL:
 
 
 -->
-<ruleset name="simtechdev.ru" default_off='failed ruleset test'>
+<ruleset name="simtechdev.ru" default_off="failed ruleset test">
 	<target host="simtechdev.ru" />
 	<target host="www.simtechdev.ru" />
 
diff --git a/src/chrome/content/rules/singyin.edu.hk.xml b/src/chrome/content/rules/singyin.edu.hk.xml
new file mode 100644
index 000000000000..3931fdded03c
--- /dev/null
+++ b/src/chrome/content/rules/singyin.edu.hk.xml
@@ -0,0 +1,37 @@
+<ruleset name="singyin.edu.hk">
+
+	<target host="www.singyin.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+	<target host="singyin.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+	<target host="www.syss.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+	<target host="syss.edu.hk" /> <!-- Though a loading spinner is on HTTP -->
+
+	<target host="eclass.singyin.edu.hk" />
+	<target host="lib.singyin.edu.hk" />
+	<target host="weather.singyin.edu.hk" />
+	<target host="judge.singyin.edu.hk" />
+	<target host="pastpaper2.singyin.edu.hk" />
+
+<!--
+	Incorrect config
+		www2.singyin.edu.hk (Redirects to judge.)
+
+	Unused subdomains:
+		o365.singyin.edu.hk (Redirects to judge. on HTTP. Invalid page on HTTPS)
+
+	No longer used subdomains:
+		parent.singyin.edu.hk
+		pastpaper.singyin.edu.hk
+
+	Already always redirects to HTTPS
+		loginhelper.singyin.edu.hk
+
+	Subdomains to G Suite, e.g.
+		mail.singyin.edu.hk
+		drive.singyin.edu.hk
+		calendar.singyin.edu.hk
+		syaa.singyin.edu.hk (G Sites subdomain)
+		student.singyin.edu.hk (Redirects to sites.google.com/* G Sites)
+-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sirsidynix.com-resources.xml b/src/chrome/content/rules/sirsidynix.com-resources.xml
index e2986ab8654d..e567b3b9ab2b 100644
--- a/src/chrome/content/rules/sirsidynix.com-resources.xml
+++ b/src/chrome/content/rules/sirsidynix.com-resources.xml
@@ -10,7 +10,7 @@ Non-2xx HTTP code: http://go.sirsidynix.com/rs/325-MEI-708/images/socialmedia-01
 	and no mixed content secured.
 
 -->
-<ruleset name="SirsiDynix.com (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="SirsiDynix.com (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/sirsidynix.com.xml b/src/chrome/content/rules/sirsidynix.com.xml
index 30dfa800949e..735e711262d1 100644
--- a/src/chrome/content/rules/sirsidynix.com.xml
+++ b/src/chrome/content/rules/sirsidynix.com.xml
@@ -25,7 +25,7 @@ Non-2xx HTTP code: http://go.sirsidynix.com/rs/sirsidynix1/images/STEMtoolkit.pd
 		- www.support.sirsidynix.com
 
 -->
-<ruleset name="SirsiDynix.com (partial)" default_off='failed ruleset test'>
+<ruleset name="SirsiDynix.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/sis001.xml b/src/chrome/content/rules/sis001.xml
new file mode 100644
index 000000000000..d2aa14f4ece2
--- /dev/null
+++ b/src/chrome/content/rules/sis001.xml
@@ -0,0 +1,14 @@
+<ruleset name="sis001">
+	<target host="sis001.com" />
+	<target host="www.sis001.com" />
+
+	<!--	mismatched	-->
+	<target host="sis001.us" />
+	<target host="www.sis001.us" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http://(www\.)?sis001\.us/" to="https://www.sis001.com/" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sitejam.com.xml b/src/chrome/content/rules/sitejam.com.xml
index 24dfd71116ab..ac4509fa738a 100644
--- a/src/chrome/content/rules/sitejam.com.xml
+++ b/src/chrome/content/rules/sitejam.com.xml
@@ -9,7 +9,7 @@
 	ᵐ Mismatched
 
 -->
-<ruleset name="sitejam.com" default_off="missing certificate chain">
+<ruleset name="sitejam.com" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/sitelabs.co.uk.xml b/src/chrome/content/rules/sitelabs.co.uk.xml
index 1a3f527888fa..45db467aa186 100644
--- a/src/chrome/content/rules/sitelabs.co.uk.xml
+++ b/src/chrome/content/rules/sitelabs.co.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.sitelabs.co.uk/ => https://www.sitelabs.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'www.sitelabs.co.uk'")
 
 -->
-<ruleset name="SiteLabs.co.uk" default_off='failed ruleset test'>
+<ruleset name="SiteLabs.co.uk" default_off="failed ruleset test">
 
 	<target host="sitelabs.co.uk" />
 	<target host="www.sitelabs.co.uk" />
diff --git a/src/chrome/content/rules/skbbank.ru.xml b/src/chrome/content/rules/skbbank.ru.xml
new file mode 100644
index 000000000000..dad384f4da21
--- /dev/null
+++ b/src/chrome/content/rules/skbbank.ru.xml
@@ -0,0 +1,7 @@
+<ruleset name="skbbank.ru">
+        <target host="skbbank.ru" />
+        <target host="ib.skbbank.ru" />
+
+        <rule from="^http:"
+                to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skifalls.com.au.xml b/src/chrome/content/rules/skifalls.com.au.xml
deleted file mode 100644
index 210f66b2deab..000000000000
--- a/src/chrome/content/rules/skifalls.com.au.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	Nonfunctional domain:
-		- (www)			(self-signed)
--->
-<ruleset name="Falls Creek Lift (partial)">
-	<target host="estore.skifalls.com.au" />
-
-	<securecookie host="estore\.skifalls\.com\.au$" name=".+" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/skift.com.xml b/src/chrome/content/rules/skift.com.xml
index 1bd1166556a2..aff69a33cfb5 100644
--- a/src/chrome/content/rules/skift.com.xml
+++ b/src/chrome/content/rules/skift.com.xml
@@ -24,7 +24,7 @@ Fetch error: http://www.skift.com/ => https://www.skift.com/: Too many redirects
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Skift.com" default_off='failed ruleset test'>
+<ruleset name="Skift.com" default_off="failed ruleset test">
 
 	<target host="skift.com" />
 	<target host="edu.skift.com" />
diff --git a/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml b/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml
index e5d9fd0da5b5..ef3693572b9e 100644
--- a/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml
+++ b/src/chrome/content/rules/skillsdevelopmentscotland.co.uk.xml
@@ -4,7 +4,7 @@
 		- apprenticeships.scot.xml
 		- myworldofwork.co.uk.xml
 		- ourskillsforce.co.uk.xml
-	
+
 
 	^skillsdevelopmentscotland.co.uk: Handshake fails
 
diff --git a/src/chrome/content/rules/sknt.ru.xml b/src/chrome/content/rules/sknt.ru.xml
index 330943807f52..99815139d010 100644
--- a/src/chrome/content/rules/sknt.ru.xml
+++ b/src/chrome/content/rules/sknt.ru.xml
@@ -77,7 +77,7 @@ amoris.sknt.ru:8000/: (35, 'Unknown SSL protocol error in connection to amoris.s
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="sknt.ru" default_off='failed ruleset test'>
+<ruleset name="sknt.ru" default_off="failed ruleset test">
 	<target host="sknt.ru" />
 	<target host="www.sknt.ru" />
 	<target host="abonent-auth.sknt.ru" />
diff --git a/src/chrome/content/rules/skrinshoter.ru.xml b/src/chrome/content/rules/skrinshoter.ru.xml
new file mode 100644
index 000000000000..cfd20f10324f
--- /dev/null
+++ b/src/chrome/content/rules/skrinshoter.ru.xml
@@ -0,0 +1,15 @@
+<!--
+	Could not resolve:
+		skrinshoter.ru
+
+	Invalid certificate:
+		c.skrinshoter.ru
+		localhost.skrinshoter.ru
+-->
+<ruleset name="skrinshoter.ru">
+	<target host="www.skrinshoter.ru" />
+	<target host="cdn.skrinshoter.ru" />
+	<target host="d0.skrinshoter.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/skytal.es.xml b/src/chrome/content/rules/skytal.es.xml
index 157ff19b51b5..94340f549634 100644
--- a/src/chrome/content/rules/skytal.es.xml
+++ b/src/chrome/content/rules/skytal.es.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://www.skytal.es/ => https://www.skytal.es/: (51, "SSL: no alternative certificate subject name matches target host name 'www.skytal.es'")
 
 -->
-<ruleset name="Skytal.es" default_off='failed ruleset test'>
+<ruleset name="Skytal.es" default_off="failed ruleset test">
 
 	<target host="skytal.es" />
 	<target host="www.skytal.es" />
diff --git a/src/chrome/content/rules/sledcom.ru.xml b/src/chrome/content/rules/sledcom.ru.xml
index 0b3e627c9c92..e761c6add506 100644
--- a/src/chrome/content/rules/sledcom.ru.xml
+++ b/src/chrome/content/rules/sledcom.ru.xml
@@ -57,7 +57,7 @@
         www.yaroslavl.sledcom.ru
         www.zabaykalye.sledcom.ru
         www.zapsib-sut.sledcom.ru
---> 
+-->
 <ruleset name="Sledcom.ru">
         <target host="sledcom.ru" />
         <target host="www.sledcom.ru" />
diff --git a/src/chrome/content/rules/smart-DSL.xml b/src/chrome/content/rules/smart-DSL.xml
index d457639d70ab..2be42cd08770 100644
--- a/src/chrome/content/rules/smart-DSL.xml
+++ b/src/chrome/content/rules/smart-DSL.xml
@@ -1,16 +1,11 @@
 <ruleset name="smart-DSL GmbH">
 
 <target host="smart-dsl.net"/>
-<target host="*.smart-dsl.net"/>
+<target host="www.smart-dsl.net" />
 <target host="smartone.de"/>
-<target host="*.smartone.de"/>
+<target host="www.smartone.de" />
 
 <rule from="^http://(www\.)?smart\-dsl\.net/" to="https://www.smartone.de/"/>
 <rule from="^http://(www\.)?smartone\.de/" to="https://www.smartone.de/"/>
 
-<test url="http://smart-dsl.net/" />
-<test url="http://www.smart-dsl.net/" />
-<test url="http://smartone.de/" />
-<test url="http://www.smartone.de/" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/smartdnsproxy.com.xml b/src/chrome/content/rules/smartdnsproxy.com.xml
new file mode 100644
index 000000000000..9eb4c2140c11
--- /dev/null
+++ b/src/chrome/content/rules/smartdnsproxy.com.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		cdn.smartdnsproxy.com
+		sdp-regapi.smartdnsproxy.com
+		dns-00-00.smartdnsproxy.com
+		dns-00-02.smartdnsproxy.com
+		try.smartdnsproxy.com
+
+	Refused:
+		mail.smartdnsproxy.com
+
+	Time out:
+		email.smartdnsproxy.com
+-->
+<ruleset name="smartdnsproxy.com">
+	<target host="smartdnsproxy.com" />
+	<target host="www.smartdnsproxy.com" />
+	<target host="cdn77.smartdnsproxy.com" />
+	<target host="css.smartdnsproxy.com" />
+	<target host="images.smartdnsproxy.com" />
+	<target host="lab.smartdnsproxy.com" />
+	<target host="lib.smartdnsproxy.com" />
+	<target host="support.smartdnsproxy.com" />
+	<target host="userdocs.smartdnsproxy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smartpiratebay.com.xml b/src/chrome/content/rules/smartpiratebay.com.xml
deleted file mode 100644
index 824ad70f5dd5..000000000000
--- a/src/chrome/content/rules/smartpiratebay.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="smartpiratebay.com">
-	<target host="smartpiratebay.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/smava.xml b/src/chrome/content/rules/smava.xml
index 1f0b41ca6a1b..30f0cf0e006c 100644
--- a/src/chrome/content/rules/smava.xml
+++ b/src/chrome/content/rules/smava.xml
@@ -2,4 +2,4 @@
   <target host="www.smava.de" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/smeserver.org.xml b/src/chrome/content/rules/smeserver.org.xml
index b198dec71a94..ae62f5c6a08e 100644
--- a/src/chrome/content/rules/smeserver.org.xml
+++ b/src/chrome/content/rules/smeserver.org.xml
@@ -2,9 +2,9 @@
 <ruleset name="smeserver.org">
 	<target host="smeserver.org" />
 	<target host="www.smeserver.org" />
-	
+
 	<rule from="^http://www\.smeserver\.org/"
 		to="https://smeserver.org/" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/smokefree.gov.xml b/src/chrome/content/rules/smokefree.gov.xml
deleted file mode 100644
index e316b8a4e0f1..000000000000
--- a/src/chrome/content/rules/smokefree.gov.xml
+++ /dev/null
@@ -1,37 +0,0 @@
-<!--
-
-
-	Nonfunctional hosts in *smokefree.gov:
-
-		- teen ᶠ
-		- women ʳ
-
-	ᶠ Handshake fails
-	ʳ Refused
-
-
-	Mixed content:
-
-		- css on ^ from fonts.googleapis.com ˢ
-		- Images on ^ from livehelp.cancer.gov ˢ
-		- Bug on ^ from wcdapps.hhs.gov ˢ
-
-	ˢ Secured by us
-
--->
-<ruleset name="Smokefree.gov (partial)">
-
-	<target host="smokefree.gov" />
-	<target host="espanol.smokefree.gov" />
-	<target host="www.espanol.smokefree.gov" />
-	<target host="www.smokefree.gov" />
-
-
-	<securecookie host="^\w" name=".+" />
-	<securecookie host="^\." name="^_gat?$" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/smokefree.hk.xml b/src/chrome/content/rules/smokefree.hk.xml
new file mode 100644
index 000000000000..57fe42c4e50a
--- /dev/null
+++ b/src/chrome/content/rules/smokefree.hk.xml
@@ -0,0 +1,20 @@
+<!--
+	Nonfunctional hosts in *.smokefree.hk:
+		- catering.smokefree.hk (r)
+		- quitters.smokefree.hk (r)
+		- smokefreefamily.smokefree.hk (r)
+
+	h: http redirect
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="Hong Kong Council on Smoking and Health">
+	<target host="exercise.smokefree.hk" />
+	<target host="smokefreeteens.smokefree.hk" />
+	<target host="smokefree.hk" />
+	<target host="www.smokefree.hk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/smspower.org.xml b/src/chrome/content/rules/smspower.org.xml
new file mode 100644
index 000000000000..cb96f358fa54
--- /dev/null
+++ b/src/chrome/content/rules/smspower.org.xml
@@ -0,0 +1,22 @@
+<!--
+	502：
+		^
+
+	Invalid certificate:
+		webmail.smspower.org
+
+	Refused:
+		radio.smspower.org
+		johnnyz.smspower.org
+		bto8.smspower.org
+		shellcore.smspower.org
+		gdri.smspower.org
+		blog.smspower.org
+-->
+<ruleset name="smspower.org">
+	<target host="smspower.org" />
+	<target host="www.smspower.org" />
+
+	<rule from="^http://smspower\.org/" to="https://www.smspower.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snap-ci.com.xml b/src/chrome/content/rules/snap-ci.com.xml
index f5ef18b04d38..6fe92c38a552 100644
--- a/src/chrome/content/rules/snap-ci.com.xml
+++ b/src/chrome/content/rules/snap-ci.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://production-website.snap-ci.com/ => https://production-website.snap-ci.com/: (6, 'Could not resolve host: production-website.snap-ci.com')
 
 -->
-<ruleset name="snap-ci.com" default_off='failed ruleset test'>
+<ruleset name="snap-ci.com" default_off="failed ruleset test">
 	<target host="snap-ci.com" />
 	<target host="www.snap-ci.com" />
 	<target host="blog.snap-ci.com" />
diff --git a/src/chrome/content/rules/snapraid.it.xml b/src/chrome/content/rules/snapraid.it.xml
new file mode 100644
index 000000000000..47bd72a936fe
--- /dev/null
+++ b/src/chrome/content/rules/snapraid.it.xml
@@ -0,0 +1,9 @@
+<!--
+	Invalid certificate:
+		beta.snapraid.it
+-->
+<ruleset name="snapraid.it">
+	<target host="www.snapraid.it" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml b/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml
index e0f7a57e0d60..45be05a21e42 100644
--- a/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml
+++ b/src/chrome/content/rules/sneakerfreaker.com-falsemixed.xml
@@ -9,7 +9,7 @@ Fetch error: http://archive.sneakerfreaker.com/ => https://archive.sneakerfreake
 	NB: See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Sneaker Freaker.com (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Sneaker Freaker.com (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="archive.sneakerfreaker.com" />
 	<target host="forum.sneakerfreaker.com" />
diff --git a/src/chrome/content/rules/sneakerfreaker.com.xml b/src/chrome/content/rules/sneakerfreaker.com.xml
index 107f88ed200f..165e966a6b76 100644
--- a/src/chrome/content/rules/sneakerfreaker.com.xml
+++ b/src/chrome/content/rules/sneakerfreaker.com.xml
@@ -13,17 +13,17 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- archive, forum from $self ˢ
 			- www from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- archive from from $self ˢ
 			- shop from cdn.shopify.com ˢ
 
 		- Ads, on:
-		
+
 			- archive from au.effectivemeasure.net ˢ
 			- archive from www.facebook.com ˢ
 			- archive from pixel.quantserve.com ˢ
diff --git a/src/chrome/content/rules/snipboard.io.xml b/src/chrome/content/rules/snipboard.io.xml
new file mode 100644
index 000000000000..68a00db40ea9
--- /dev/null
+++ b/src/chrome/content/rules/snipboard.io.xml
@@ -0,0 +1,14 @@
+<!--
+	Refused:
+		email.snipboard.io
+-->
+<ruleset name="snipboard.io">
+	<target host="snipboard.io" />
+	<target host="www.snipboard.io" />
+	<target host="dev.snipboard.io" />
+	<target host="i.snipboard.io" />
+	<target host="static.snipboard.io" />
+
+	<rule from="^http://www\.snipboard\.io/" to="https://snipboard.io/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/snmtc.edu.gh.xml b/src/chrome/content/rules/snmtc.edu.gh.xml
deleted file mode 100644
index 45eecb6dfec4..000000000000
--- a/src/chrome/content/rules/snmtc.edu.gh.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="snmtc.edu.gh">
-	<target host="snmtc.edu.gh" />
-	<target host="www.snmtc.edu.gh" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/sns.gov.uk.xml b/src/chrome/content/rules/sns.gov.uk.xml
index db0347f31c30..4784ffcee817 100644
--- a/src/chrome/content/rules/sns.gov.uk.xml
+++ b/src/chrome/content/rules/sns.gov.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.sns.gov.uk/ => https://admin.sns.gov.uk/: (6, 'Could not
 	www.sns.gov.uk: Mismatched
 
 -->
-<ruleset name="SNS.gov.uk" default_off='failed ruleset test'>
+<ruleset name="SNS.gov.uk" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/snyk.io.xml b/src/chrome/content/rules/snyk.io.xml
index fd4759a90609..efe2ef3f6a81 100644
--- a/src/chrome/content/rules/snyk.io.xml
+++ b/src/chrome/content/rules/snyk.io.xml
@@ -2,7 +2,7 @@
 	<target host="snyk.io" />
 	<target host="www.snyk.io" />
 	<target host="app.snyk.io" />
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/sobytiya.info.xml b/src/chrome/content/rules/sobytiya.info.xml
index 7a31e5ccb22b..236fc221f62b 100644
--- a/src/chrome/content/rules/sobytiya.info.xml
+++ b/src/chrome/content/rules/sobytiya.info.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://sobytiya.info/ (200) => https://sobytiya.info/ (521)
 Non-2xx HTTP code: http://www.sobytiya.info/ (200) => https://www.sobytiya.info/ (521)
  afisha. wrong content
 en. wrong content -->
-<ruleset name="sobytiya.info" default_off='failed ruleset test'>
+<ruleset name="sobytiya.info" default_off="failed ruleset test">
 	<target host="sobytiya.info" />
 	<target host="www.sobytiya.info" />
 	<target host="doska.sobytiya.info" />
diff --git a/src/chrome/content/rules/softforge.de.xml b/src/chrome/content/rules/softforge.de.xml
new file mode 100644
index 000000000000..e6f7fc2591ce
--- /dev/null
+++ b/src/chrome/content/rules/softforge.de.xml
@@ -0,0 +1,5 @@
+<ruleset name="softforge.de">
+	<target host="softforge.de" />
+	<target host="www.softforge.de" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/softwareok.com.xml b/src/chrome/content/rules/softwareok.com.xml
new file mode 100644
index 000000000000..bfb96739e5b8
--- /dev/null
+++ b/src/chrome/content/rules/softwareok.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		www.cc.softwareok.com
+		clk.softwareok.com
+		usa.softwareok.com
+
+	Refused:
+		autodiscover.softwareok.com
+		cc.softwareok.com
+		autodiscover.cc.softwareok.com
+		ftp.cc.softwareok.com
+		ftp.softwareok.com
+-->
+<ruleset name="softwareok.com">
+	<target host="softwareok.com" />
+	<target host="www.softwareok.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sol.no.xml b/src/chrome/content/rules/sol.no.xml
index cfbbc79b0e9d..419dbb2c0675 100644
--- a/src/chrome/content/rules/sol.no.xml
+++ b/src/chrome/content/rules/sol.no.xml
@@ -27,7 +27,7 @@ Fetch error: http://www.sol.no/ => https://www.sol.no/: Too many redirects while
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Sol.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Sol.no (partial)" default_off="failed ruleset test">
 
 	<target host="sol.no" />
 	<target host="guru.sol.no" />
diff --git a/src/chrome/content/rules/solanolabs.com.xml b/src/chrome/content/rules/solanolabs.com.xml
deleted file mode 100644
index f89811f72675..000000000000
--- a/src/chrome/content/rules/solanolabs.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-solanolabs.com timed out
-blog.solanolabs.com mismatch
-status.solanolabs.com mismatch
-cimemes.solanolabs.com self signed
--->
-<ruleset name="solanolabs.com">
-	<target host="www.solanolabs.com" />
-	<target host="ci.solanolabs.com" />
-	<target host="docs.solanolabs.com" />
-	<target host="support.solanolabs.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/solydxk.com.xml b/src/chrome/content/rules/solydxk.com.xml
index 9d3692adbac8..5b1f7399202c 100644
--- a/src/chrome/content/rules/solydxk.com.xml
+++ b/src/chrome/content/rules/solydxk.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://dev.solydxk.com/ => https://dev.solydxk.com/: (6, 'Could not
 downloads.solydxk.com refused
 repository.solydxk.com refused
 -->
-<ruleset name="solydxk.com" default_off='failed ruleset test'>
+<ruleset name="solydxk.com" default_off="failed ruleset test">
 	<target host="solydxk.com" />
 	<target host="www.solydxk.com" />
 	<target host="forums.solydxk.com" />
diff --git a/src/chrome/content/rules/songkick.com.xml b/src/chrome/content/rules/songkick.com.xml
index bae528539df8..a7da03a9967b 100644
--- a/src/chrome/content/rules/songkick.com.xml
+++ b/src/chrome/content/rules/songkick.com.xml
@@ -19,6 +19,6 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http://songkick\.com/" to="https://www.songkick.com/"/>
-	<rule from="^http:" to="https:"/>	
+	<rule from="^http:" to="https:"/>
 
 </ruleset>
diff --git a/src/chrome/content/rules/soobi.org.xml b/src/chrome/content/rules/soobi.org.xml
deleted file mode 100644
index 75cd1b016109..000000000000
--- a/src/chrome/content/rules/soobi.org.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="soobi.org">
-	<target host="soobi.org" />
-	<target host="www.soobi.org" />
-
-	<rule from="^http:"
-		to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/sotawiki.net.xml b/src/chrome/content/rules/sotawiki.net.xml
new file mode 100644
index 000000000000..0adecf306b4f
--- /dev/null
+++ b/src/chrome/content/rules/sotawiki.net.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		autodiscover.sotawiki.net
+		ftp.sotawiki.net
+		imap.sotawiki.net
+		pop.sotawiki.net
+		smtp.sotawiki.net
+
+	Refused:
+		localhost.sotawiki.net
+-->
+<ruleset name="sotawiki.net">
+	<target host="sotawiki.net" />
+	<target host="www.sotawiki.net" />
+	<target host="mail.sotawiki.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/soundbounce.org.xml b/src/chrome/content/rules/soundbounce.org.xml
new file mode 100644
index 000000000000..abe7fbe3872e
--- /dev/null
+++ b/src/chrome/content/rules/soundbounce.org.xml
@@ -0,0 +1,11 @@
+<!--
+	Time out:
+		app.soundbounce.org
+-->
+<ruleset name="soundbounce.org">
+	<target host="soundbounce.org" />
+	<target host="www.soundbounce.org" />
+	<target host="v2.soundbounce.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/south-wales.police.uk.xml b/src/chrome/content/rules/south-wales.police.uk.xml
index 4caf48f66f16..6f963409a0dd 100644
--- a/src/chrome/content/rules/south-wales.police.uk.xml
+++ b/src/chrome/content/rules/south-wales.police.uk.xml
@@ -44,7 +44,7 @@ Fetch error: http://sports.south-wales.police.uk/ => https://sports.south-wales.
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="South-Wales.Police.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="South-Wales.Police.uk (partial)" default_off="failed ruleset test">
 
 	<target host="eservices.south-wales.police.uk" />
 	<target host="sports.south-wales.police.uk" />
diff --git a/src/chrome/content/rules/southdowns.gov.uk.xml b/src/chrome/content/rules/southdowns.gov.uk.xml
index fbb33efa8ef3..4ebda4a18ef0 100644
--- a/src/chrome/content/rules/southdowns.gov.uk.xml
+++ b/src/chrome/content/rules/southdowns.gov.uk.xml
@@ -37,7 +37,7 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- learning from fast.fonts.net ˢ
 			- learning, learningmap, maps from fonts.googleapis.com ˢ
 			- learningmap from learning.southdowns.gov.uk * ˢ
diff --git a/src/chrome/content/rules/southend-on-the-move.org.uk.xml b/src/chrome/content/rules/southend-on-the-move.org.uk.xml
index 739765ce1c25..fb8031a08d6d 100644
--- a/src/chrome/content/rules/southend-on-the-move.org.uk.xml
+++ b/src/chrome/content/rules/southend-on-the-move.org.uk.xml
@@ -13,7 +13,7 @@ Fetch error: http://southend-on-the-move.org.uk/ => https://southend-on-the-move
 		- train.southend-on-the-move.org.uk
 
 -->
-<ruleset name="Southend-on-the-move.org.uk" default_off='failed ruleset test'>
+<ruleset name="Southend-on-the-move.org.uk" default_off="failed ruleset test">
 
 	<target host="southend-on-the-move.org.uk" />
 	<target host="test1.southend-on-the-move.org.uk" />
diff --git a/src/chrome/content/rules/sovcombank.ru.xml b/src/chrome/content/rules/sovcombank.ru.xml
index e48ba86db29c..8f66650e509c 100644
--- a/src/chrome/content/rules/sovcombank.ru.xml
+++ b/src/chrome/content/rules/sovcombank.ru.xml
@@ -7,7 +7,7 @@ lk.sovcombank.ru different content
 
 
 -->
-<ruleset name="sovcombank.ru" default_off='failed ruleset test'>
+<ruleset name="sovcombank.ru" default_off="failed ruleset test">
 	<target host="sovcombank.ru" />
 	<target host="www.sovcombank.ru" />
 	<target host="doktor.sovcombank.ru" />
diff --git a/src/chrome/content/rules/soverin.net.xml b/src/chrome/content/rules/soverin.net.xml
new file mode 100644
index 000000000000..d11d189b5ee1
--- /dev/null
+++ b/src/chrome/content/rules/soverin.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="soverin.net">
+	<target host="soverin.net" />
+	<target host="www.soverin.net" />
+	<target host="autodiscover.soverin.net" />
+	<target host="lb1.soverin.net" />
+	<target host="love.soverin.net" />
+	<target host="my.soverin.net" />
+	<target host="noc.soverin.net" />
+	<target host="status.soverin.net" />
+	<target host="support.soverin.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spacechase0.com.xml b/src/chrome/content/rules/spacechase0.com.xml
new file mode 100644
index 000000000000..7d1721d004d6
--- /dev/null
+++ b/src/chrome/content/rules/spacechase0.com.xml
@@ -0,0 +1,8 @@
+<!--
+	spacechase0.com has a wildcard DNS record but only spacechase0.com certificate exists
+-->
+<ruleset name="spacechase0.com">
+	<target host="spacechase0.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spacecraft.co.uk.xml b/src/chrome/content/rules/spacecraft.co.uk.xml
index 66729ce05724..a04c495651f1 100644
--- a/src/chrome/content/rules/spacecraft.co.uk.xml
+++ b/src/chrome/content/rules/spacecraft.co.uk.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://spacecraft.co.uk/ => https://spacecraft.co.uk/: (51, "SSL: no alternative certificate subject name matches target host name 'spacecraft.co.uk'")
 
 -->
-<ruleset name="Spacecraft.co.uk" default_off='failed ruleset test'>
+<ruleset name="Spacecraft.co.uk" default_off="failed ruleset test">
 
 	<target host="spacecraft.co.uk" />
 	<target host="www.spacecraft.co.uk" />
diff --git a/src/chrome/content/rules/spacenews.com.xml b/src/chrome/content/rules/spacenews.com.xml
index d5721f0ae0c4..7e06522643fd 100644
--- a/src/chrome/content/rules/spacenews.com.xml
+++ b/src/chrome/content/rules/spacenews.com.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.spacenews.com/ => https://www.spacenews.com/: Too many r
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="SpaceNews.com" default_off='failed ruleset test'>
+<ruleset name="SpaceNews.com" default_off="failed ruleset test">
 
 	<target host="spacenews.com" />
 	<target host="www.spacenews.com" />
diff --git a/src/chrome/content/rules/spacepools.org.xml b/src/chrome/content/rules/spacepools.org.xml
new file mode 100644
index 000000000000..27eb59979f8a
--- /dev/null
+++ b/src/chrome/content/rules/spacepools.org.xml
@@ -0,0 +1,28 @@
+
+<ruleset name="spacepools.org">
+
+	<target host="spacepools.org" />
+	<target host="dero.spacepools.org" />
+	<target host="api.dero.spacepools.org" />
+	<target host="etn.spacepools.org" />
+	<target host="api.etn.spacepools.org" />
+	<target host="graft.spacepools.org" />
+	<target host="api.graft.spacepools.org" />
+	<target host="intense.spacepools.org" />
+	<target host="api.intense.spacepools.org" />
+	<target host="ipbc.spacepools.org" />
+	<target host="api.ipbc.spacepools.org" />
+	<target host="masari.spacepools.org" />
+	<target host="api.masari.spacepools.org" />
+	<target host="monero.spacepools.org" />
+	<target host="api.monero.spacepools.org" />
+	<target host="sumo.spacepools.org" />
+	<target host="api.sumo.spacepools.org" />
+	<target host="turtle.spacepools.org" />
+	<target host="api.turtle.spacepools.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/spamcop.xml b/src/chrome/content/rules/spamcop.xml
index ae4a143809a7..739b6798c0d2 100644
--- a/src/chrome/content/rules/spamcop.xml
+++ b/src/chrome/content/rules/spamcop.xml
@@ -1,6 +1,6 @@
 <ruleset name="SpamCop">
     <target host="spamcop.net" />
     <target host="www.spamcop.net" />
-    
+
     <rule from="^http://(www\.)?spamcop\.net/" to="https://www.spamcop.net/" />
 </ruleset>
diff --git a/src/chrome/content/rules/sparebank1.no.xml b/src/chrome/content/rules/sparebank1.no.xml
index 420678cad114..04b6307d537e 100644
--- a/src/chrome/content/rules/sparebank1.no.xml
+++ b/src/chrome/content/rules/sparebank1.no.xml
@@ -40,7 +40,7 @@ Fetch error: http://statistikk.sparebank1.no/ => https://statistikk.sparebank1.n
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="SpareBank 1.no (partial)" default_off='failed ruleset test'>
+<ruleset name="SpareBank 1.no (partial)" default_off="failed ruleset test">
 
 	<target host="sparebank1.no" />
 	<target host="bolig.sparebank1.no" />
diff --git a/src/chrome/content/rules/spbelect.info.xml b/src/chrome/content/rules/spbelect.info.xml
new file mode 100644
index 000000000000..c133334d4612
--- /dev/null
+++ b/src/chrome/content/rules/spbelect.info.xml
@@ -0,0 +1,6 @@
+<ruleset name="spbelect.info">
+    <target host="spbelect.info" />
+    <target host="www.spbelect.info" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^(?:www\.|\.)?spbelect\.info$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/spbelect.org.xml b/src/chrome/content/rules/spbelect.org.xml
new file mode 100644
index 000000000000..d9a93d6db1ee
--- /dev/null
+++ b/src/chrome/content/rules/spbelect.org.xml
@@ -0,0 +1,6 @@
+<ruleset name="spbelect.org">
+    <target host="spbelect.org" />
+    <target host="www.spbelect.org" />
+    <rule from="^http:" to="https:" />
+    <securecookie host="^(?:www\.|\.)?spbelect\.org$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/spdb.com.cn.xml b/src/chrome/content/rules/spdb.com.cn.xml
index baca4bf372f9..5576c324918f 100644
--- a/src/chrome/content/rules/spdb.com.cn.xml
+++ b/src/chrome/content/rules/spdb.com.cn.xml
@@ -6,6 +6,6 @@
 	<target host="download.spdb.com.cn" />
 	<target host="ebank.spdb.com.cn" />
 	<target host="wap.spdb.com.cn" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/spectator.co.uk.xml b/src/chrome/content/rules/spectator.co.uk.xml
index 9c9e07ddf924..d571625656bb 100644
--- a/src/chrome/content/rules/spectator.co.uk.xml
+++ b/src/chrome/content/rules/spectator.co.uk.xml
@@ -1,4 +1,10 @@
 <!--
+
+2018:
+	CDN buckets no longer in use and this site is now setting redirects for content urls. We should allow that to occur
+
+
+2016
 	For rules causing MCB, see spectator.co.uk-mixedcontent.xml.
 
 	CDN buckets:
@@ -47,36 +53,11 @@
 
 	<!--	Direct rewrites:
 				-->
-	<!--target host="spectator.co.uk" /-->
+	<!-- <target host="spectator.co.uk" /> -->
 	<!--target host="blogs.spectator.co.uk" /-->
 	<target host="health.spectator.co.uk" />
-	<!--target host="www.spectator.co.uk" /-->
-
-	<!--	Complications:
-				-->
-	<target host="cdn.spectator.co.uk" />
-	<target host="cdn2.spectator.co.uk" />
-
-
-	<!--	s? for protocol-relative
-		inclusions on www:
-					-->
-	<rule from="^https?://cdn\.spectator\.co\.uk/"
-		to="https://d31orrwkxpucnl.cloudfront.net/" />
-
-		<test url="http://cdn.spectator.co.uk/content/uploads/2016/04/LIKE-The-Haystack-late-April-1844-William-Henry-Fox-Talbot-%E2%88%8F-National-Media-Museum-SSPL-395x261.jpg" />
-		<test url="https://cdn.spectator.co.uk/content/uploads/2016/04/TRA0880_v012-114x76.1025.jpg" />
-
-	<!--	s? for protocol-relative
-		inclusions on www:
-					-->
-	<rule from="^https?://cdn2\.spectator\.co\.uk/"
-		to="https://d35f2nn85hoamp.cloudfront.net/" />
-
-		<test url="http://cdn2.spectator.co.uk/files/2016/05/OP-114x76.jpg" />
-		<test url="https://cdn2.spectator.co.uk/files/2016/05/wat-114x76.jpg" />
+	<!-- <target host="www.spectator.co.uk" /> -->
 
 	<rule from="^http:"
 		to="https:" />
-
 </ruleset>
diff --git a/src/chrome/content/rules/speech.leseweb.dk.xml b/src/chrome/content/rules/speech.leseweb.dk.xml
index c7fb7a5d48d7..88e91a9c3664 100644
--- a/src/chrome/content/rules/speech.leseweb.dk.xml
+++ b/src/chrome/content/rules/speech.leseweb.dk.xml
@@ -2,4 +2,4 @@
   <target host="speech.leseweb.dk" />
 
   <rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/speedwellsoftware.com.xml b/src/chrome/content/rules/speedwellsoftware.com.xml
index 9b5ba4870e91..f52ef70765e5 100644
--- a/src/chrome/content/rules/speedwellsoftware.com.xml
+++ b/src/chrome/content/rules/speedwellsoftware.com.xml
@@ -1,7 +1,12 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://speedwellsoftware.com/ => https://speedwellsoftware.com/: (51, "SSL: no alternative certificate subject name matches target host name 'speedwellsoftware.com'")
+Fetch error: http://www2.speedwellsoftware.com/ => https://www2.speedwellsoftware.com/: (6, 'Could not resolve host: www2.speedwellsoftware.com')
+
 	Other Speedwell Software rulesets:
 
-		- surveyserver.net.xml
 
 
 	Mixed content:
@@ -14,9 +19,9 @@
 -->
 <ruleset name="Speedwell Software.com">
 
-	<target host="speedwellsoftware.com" />
+	<!-- target host="speedwellsoftware.com" /-->
 	<target host="www.speedwellsoftware.com" />
-	<target host="www2.speedwellsoftware.com" />
+	<!-- target host="www2.speedwellsoftware.com" /-->
 
 		<!--	Mixed image:
 					-->
diff --git a/src/chrome/content/rules/speedyline.ru.xml b/src/chrome/content/rules/speedyline.ru.xml
index 6b88e0c43f7e..87d8d1305ca1 100644
--- a/src/chrome/content/rules/speedyline.ru.xml
+++ b/src/chrome/content/rules/speedyline.ru.xml
@@ -8,7 +8,7 @@ www.speedyline.ru mismatch
 vidnoe.speedyline.ru mismatch
 artelamp.speedyline.ru mismatch
 -->
-<ruleset name="speedyline.ru" default_off='failed ruleset test'>
+<ruleset name="speedyline.ru" default_off="failed ruleset test">
 	<target host="web.speedyline.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/spelthorne.gov.uk.xml b/src/chrome/content/rules/spelthorne.gov.uk.xml
index ac52496dd4ef..8d760d5436b2 100644
--- a/src/chrome/content/rules/spelthorne.gov.uk.xml
+++ b/src/chrome/content/rules/spelthorne.gov.uk.xml
@@ -32,7 +32,7 @@ Fetch error: http://larissa.spelthorne.gov.uk/ => https://larissa.spelthorne.gov
 		- www.spelthorne.gov.uk
 
 -->
-<ruleset name="Spelthorne.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Spelthorne.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="spelthorne.gov.uk" />
 	<target host="democracy.spelthorne.gov.uk" />
diff --git a/src/chrome/content/rules/spendvision.com.xml b/src/chrome/content/rules/spendvision.com.xml
deleted file mode 100644
index 49110d392aa9..000000000000
--- a/src/chrome/content/rules/spendvision.com.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Fraedom coverage, see fraedom.com.xml.
-
-
-	^spendvision.com: Expired
-
--->
-<ruleset name="Spendvision.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.spendvision.com" />
-
-	<!--	Complications:
-				-->
-	<target host="spendvision.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://spendvision\.com/"
-		to="https://www.spendvision.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/spi-inc.org.xml b/src/chrome/content/rules/spi-inc.org.xml
new file mode 100644
index 000000000000..68381bca0a92
--- /dev/null
+++ b/src/chrome/content/rules/spi-inc.org.xml
@@ -0,0 +1,17 @@
+<!--
+	Mismatch:
+		oldwww.spi-inc.org
+	443 port closed:
+		lists.spi-inc.org
+-->
+<ruleset name="SPI Inc">
+	<target host="spi-inc.org" />
+	<target host="git.spi-inc.org" /> <!-- HTTP 302 -->
+	<target host="members.spi-inc.org" /> <!-- HSTS not preloaded -->
+	<target host="rt.spi-inc.org" /> <!-- HTTP 302 -->
+	<target host="www.spi-inc.org" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spkrb.de.xml b/src/chrome/content/rules/spkrb.de.xml
index 04e4002d869e..864dbc7caf8b 100644
--- a/src/chrome/content/rules/spkrb.de.xml
+++ b/src/chrome/content/rules/spkrb.de.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.spkrb.de/ => https://info.spkrb.de/: (6, 'Could not reso
 Fetch error: http://info.spkrb.de/ => https://info.spkrb.de/: (6, 'Could not resolve host: info.spkrb.de')
 
 -->
-<ruleset name="spkrb.de" default_off='failed ruleset test'>
+<ruleset name="spkrb.de" default_off="failed ruleset test">
 	<target host="spkrb.de" />
 	<target host="www.spkrb.de" />
 	<target host="info.spkrb.de" />
diff --git a/src/chrome/content/rules/splitsider.com.xml b/src/chrome/content/rules/splitsider.com.xml
new file mode 100644
index 000000000000..2fd8f03d0127
--- /dev/null
+++ b/src/chrome/content/rules/splitsider.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="splitsider.com">
+	<target host="splitsider.com" />
+	<target host="www.splitsider.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sport-express.ru.xml b/src/chrome/content/rules/sport-express.ru.xml
index d4e327890b03..ac258afe46ac 100644
--- a/src/chrome/content/rules/sport-express.ru.xml
+++ b/src/chrome/content/rules/sport-express.ru.xml
@@ -54,7 +54,7 @@ winter.sport-express.ru mixed content
 ⁴ self signed
 ⁶ redirect
 -->
-<ruleset name="sport-express.ru" default_off='failed ruleset test'>
+<ruleset name="sport-express.ru" default_off="failed ruleset test">
 	<target host="sport-express.ru" />
 	<target host="www.sport-express.ru" />
 	<target host="archive.sport-express.ru" />
diff --git a/src/chrome/content/rules/sport.de.xml b/src/chrome/content/rules/sport.de.xml
new file mode 100644
index 000000000000..882b8ba1c678
--- /dev/null
+++ b/src/chrome/content/rules/sport.de.xml
@@ -0,0 +1,53 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Connection closed:
+		- heimspiel
+		- track
+
+	Refused:
+		- 22www
+		- 22zdf
+		- (www.)?ard
+		- auto-motor-und
+		- autoimg
+		- www.bild
+		- damoh
+		- dewww
+		- euro
+		- fussballdaten
+		- injuredwww
+		- ivw
+		- kienbaum
+		- liveticker
+		- lux
+		- mobil
+		- partner
+		- www.ritter
+		- roto
+		- tv
+		- un
+		- ww
+		- xn-\-kln-sna
+		- (www.)?zdf
+-->
+<ruleset name="sport.de">
+
+	<target host="sport.de" />
+	<target host="www.sport.de" />
+	<target host="app.sport.de" />
+	<target host="ssl.1.damoh.sport.de" />
+	<target host="ssl.2.damoh.sport.de" />
+	<target host="ssl.3.damoh.sport.de" />
+	<target host="s.sport.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Connection refused on https://sport.de/,
+	http://sport.de/ redirects to https://www.sport.de/.-->
+	<rule from="^http://sport\.de/"
+		to="https://www.sport.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/sportbox.ru.xml b/src/chrome/content/rules/sportbox.ru.xml
index ab03dc2f2b19..2c1f6177e8d8 100644
--- a/src/chrome/content/rules/sportbox.ru.xml
+++ b/src/chrome/content/rules/sportbox.ru.xml
@@ -28,7 +28,7 @@ forum.sportbox.ru mixed content
 ² refused
 ³ timed out
 -->
-<ruleset name="sportbox.ru" default_off='failed ruleset test'>
+<ruleset name="sportbox.ru" default_off="failed ruleset test">
 	<target host="sportbox.ru" />
 	<target host="www.sportbox.ru" />
 	<target host="2.sportbox.ru" />
diff --git a/src/chrome/content/rules/sporx.com.xml b/src/chrome/content/rules/sporx.com.xml
index 2159a210d11a..2d5fc0dd2e4c 100644
--- a/src/chrome/content/rules/sporx.com.xml
+++ b/src/chrome/content/rules/sporx.com.xml
@@ -51,7 +51,7 @@ Fetch error: http://www.sporx.com/ => https://www.sporx.com/: (60, 'SSL certific
 	Mixed content:
 
 		- iframes, on:
-		
+
 			- euro2016 from www.sporx.com ˢ
 			- nba from tr.global.nba.com
 			- www from nba.sporx.com
@@ -76,7 +76,7 @@ Fetch error: http://www.sporx.com/ => https://www.sporx.com/: (60, 'SSL certific
 		- favicon on m from $self ˢ
 
 		- Ads / bugs, on:
-		
+
 			- euro2016 from widgets-script.broadagesports.com ˢ
 			- euro2016, nba, turkcell, www from b.scorecardresearch.com ˢ
 			- turkcell, www from gdetr.hit.gemius.pl ˢ
@@ -85,7 +85,7 @@ Fetch error: http://www.sporx.com/ => https://www.sporx.com/: (60, 'SSL certific
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Sporx.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Sporx.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/spotlight-media.xml b/src/chrome/content/rules/spotlight-media.xml
deleted file mode 100644
index 4d86e632b391..000000000000
--- a/src/chrome/content/rules/spotlight-media.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-
-	Problematic subdomains:
-
-		- next	(invalid cert)
-
--->
-<ruleset name="Spotlight">
-
-	<target host="spotlight-media.jp" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.at.xml b/src/chrome/content/rules/spreadshirt.at.xml
new file mode 100644
index 000000000000..e47eee937139
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.at.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.at
+-->
+<ruleset name="spreadshirt.at">
+	<target host="spreadshirt.at" />
+	<target host="forum.spreadshirt.at" />
+	<target host="shop.spreadshirt.at" />
+	<target host="wikileaks.spreadshirt.at" />
+	<target host="www.spreadshirt.at" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.be.xml b/src/chrome/content/rules/spreadshirt.be.xml
new file mode 100644
index 000000000000..8319fa6c94f7
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.be.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.be
+-->
+<ruleset name="spreadshirt.be">
+	<target host="spreadshirt.be" />
+	<target host="forum.spreadshirt.be" />
+	<target host="shop.spreadshirt.be" />
+	<target host="wikileaks.spreadshirt.be" />
+	<target host="www.spreadshirt.be" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.ch.xml b/src/chrome/content/rules/spreadshirt.ch.xml
new file mode 100644
index 000000000000..7573533f55af
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.ch.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.ch
+-->
+<ruleset name="spreadshirt.ch">
+	<target host="spreadshirt.ch" />
+	<target host="forum.spreadshirt.ch" />
+	<target host="shop.spreadshirt.ch" />
+	<target host="wikileaks.spreadshirt.ch" />
+	<target host="www.spreadshirt.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.co.uk.xml b/src/chrome/content/rules/spreadshirt.co.uk.xml
new file mode 100644
index 000000000000..6698096b37d4
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.co.uk.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.co.uk">
+	<target host="spreadshirt.co.uk" />
+	<target host="forum.spreadshirt.co.uk" />
+	<target host="shop.spreadshirt.co.uk" />
+	<target host="wikileaks.spreadshirt.co.uk" />
+	<target host="www.spreadshirt.co.uk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.com.au.xml b/src/chrome/content/rules/spreadshirt.com.au.xml
new file mode 100644
index 000000000000..d7e1b004d29f
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.com.au.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.com.au
+-->
+<ruleset name="spreadshirt.com.au">
+	<target host="spreadshirt.com.au" />
+	<target host="forum.spreadshirt.com.au" />
+	<target host="shop.spreadshirt.com.au" />
+	<target host="wikileaks.spreadshirt.com.au" />
+	<target host="www.spreadshirt.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.com.xml b/src/chrome/content/rules/spreadshirt.com.xml
new file mode 100644
index 000000000000..90e168c27950
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.com.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.com">
+	<target host="spreadshirt.com" />
+	<target host="forum.spreadshirt.com" />
+	<target host="shop.spreadshirt.com" />
+	<target host="wikileaks.spreadshirt.com" />
+	<target host="www.spreadshirt.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.de.xml b/src/chrome/content/rules/spreadshirt.de.xml
new file mode 100644
index 000000000000..072083f30333
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.de.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.de">
+	<target host="spreadshirt.de" />
+	<target host="forum.spreadshirt.de" />
+	<target host="shop.spreadshirt.de" />
+	<target host="wikileaks.spreadshirt.de" />
+	<target host="www.spreadshirt.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.dk.xml b/src/chrome/content/rules/spreadshirt.dk.xml
new file mode 100644
index 000000000000..6e7e235c33e3
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.dk.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.dk
+-->
+<ruleset name="spreadshirt.dk">
+	<target host="spreadshirt.dk" />
+	<target host="forum.spreadshirt.dk" />
+	<target host="shop.spreadshirt.dk" />
+	<target host="wikileaks.spreadshirt.dk" />
+	<target host="www.spreadshirt.dk" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.es.xml b/src/chrome/content/rules/spreadshirt.es.xml
new file mode 100644
index 000000000000..482a78412cfd
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.es.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.es
+-->
+<ruleset name="spreadshirt.es">
+	<target host="spreadshirt.es" />
+	<target host="forum.spreadshirt.es" />
+	<target host="shop.spreadshirt.es" />
+	<target host="wikileaks.spreadshirt.es" />
+	<target host="www.spreadshirt.es" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.fi.xml b/src/chrome/content/rules/spreadshirt.fi.xml
new file mode 100644
index 000000000000..a04e1011535e
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.fi.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.fi
+-->
+<ruleset name="spreadshirt.fi">
+	<target host="spreadshirt.fi" />
+	<target host="forum.spreadshirt.fi" />
+	<target host="shop.spreadshirt.fi" />
+	<target host="wikileaks.spreadshirt.fi" />
+	<target host="www.spreadshirt.fi" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.fr.xml b/src/chrome/content/rules/spreadshirt.fr.xml
new file mode 100644
index 000000000000..0fde6aac45a4
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.fr.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.fr">
+	<target host="spreadshirt.fr" />
+	<target host="forum.spreadshirt.fr" />
+	<target host="shop.spreadshirt.fr" />
+	<target host="wikileaks.spreadshirt.fr" />
+	<target host="www.spreadshirt.fr" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.ie.xml b/src/chrome/content/rules/spreadshirt.ie.xml
new file mode 100644
index 000000000000..1b5da91930f1
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.ie.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.ie
+-->
+<ruleset name="spreadshirt.ie">
+	<target host="spreadshirt.ie" />
+	<target host="forum.spreadshirt.ie" />
+	<target host="shop.spreadshirt.ie" />
+	<target host="wikileaks.spreadshirt.ie" />
+	<target host="www.spreadshirt.ie" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.it.xml b/src/chrome/content/rules/spreadshirt.it.xml
new file mode 100644
index 000000000000..717ea345a027
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.it.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.it
+-->
+<ruleset name="spreadshirt.it">
+	<target host="spreadshirt.it" />
+	<target host="forum.spreadshirt.it" />
+	<target host="shop.spreadshirt.it" />
+	<target host="wikileaks.spreadshirt.it" />
+	<target host="www.spreadshirt.it" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.net.xml b/src/chrome/content/rules/spreadshirt.net.xml
new file mode 100644
index 000000000000..00c0a372c9de
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="spreadshirt.net">
+	<target host="spreadshirt.net" />
+	<target host="forum.spreadshirt.net" />
+	<target host="mobile.spreadshirt.net" />
+	<target host="shop.spreadshirt.net" />
+	<target host="wikileaks.spreadshirt.net" />
+	<target host="www.spreadshirt.net" />
+	<target host="image.spreadshirtmedia.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.nl.xml b/src/chrome/content/rules/spreadshirt.nl.xml
new file mode 100644
index 000000000000..e182f30b6e28
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.nl.xml
@@ -0,0 +1,11 @@
+<ruleset name="spreadshirt.nl">
+	<target host="spreadshirt.nl" />
+	<target host="forum.spreadshirt.nl" />
+	<target host="shop.spreadshirt.nl" />
+	<target host="wikileaks.spreadshirt.nl" />
+	<target host="www.spreadshirt.nl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.no.xml b/src/chrome/content/rules/spreadshirt.no.xml
new file mode 100644
index 000000000000..312f6a61fed1
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.no.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.no
+-->
+<ruleset name="spreadshirt.no">
+	<target host="spreadshirt.no" />
+	<target host="forum.spreadshirt.no" />
+	<target host="shop.spreadshirt.no" />
+	<target host="wikileaks.spreadshirt.no" />
+	<target host="www.spreadshirt.no" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.pl.xml b/src/chrome/content/rules/spreadshirt.pl.xml
new file mode 100644
index 000000000000..8adf495240cb
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.pl.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.pl
+-->
+<ruleset name="spreadshirt.pl">
+	<target host="spreadshirt.pl" />
+	<target host="forum.spreadshirt.pl" />
+	<target host="shop.spreadshirt.pl" />
+	<target host="wikileaks.spreadshirt.pl" />
+	<target host="www.spreadshirt.pl" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spreadshirt.se.xml b/src/chrome/content/rules/spreadshirt.se.xml
new file mode 100644
index 000000000000..2d5b6f392e82
--- /dev/null
+++ b/src/chrome/content/rules/spreadshirt.se.xml
@@ -0,0 +1,16 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- www.forum.spreadshirt.se
+-->
+<ruleset name="spreadshirt.se">
+	<target host="spreadshirt.se" />
+	<target host="forum.spreadshirt.se" />
+	<target host="shop.spreadshirt.se" />
+	<target host="wikileaks.spreadshirt.se" />
+	<target host="www.spreadshirt.se" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sprinklecontent.com.xml b/src/chrome/content/rules/sprinklecontent.com.xml
new file mode 100644
index 000000000000..bf6e12e68e0d
--- /dev/null
+++ b/src/chrome/content/rules/sprinklecontent.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="sprinklecontent.com">
+		<target host="sprinklecontent.com" />
+		<target host="www.sprinklecontent.com" />
+		<target host="widgets.sprinklecontent.com" />
+
+		<!-- track.sprinklecontent.com is non-functional -->
+
+		<test url="http://widgets.sprinklecontent.com/v2/sprinkle.js" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/spydus.co.uk.xml b/src/chrome/content/rules/spydus.co.uk.xml
index 9a6f3560a221..9cdbd5029a0a 100644
--- a/src/chrome/content/rules/spydus.co.uk.xml
+++ b/src/chrome/content/rules/spydus.co.uk.xml
@@ -13,7 +13,7 @@
 	Mixed content:
 
 		- Images, on:
-		
+
 			- argyll-bute from www.argyll-bute.gov.uk
 			- rochdale from www.rochdale.gov.uk
 
diff --git a/src/chrome/content/rules/sql-join.com.xml b/src/chrome/content/rules/sql-join.com.xml
new file mode 100644
index 000000000000..cb016543e8a1
--- /dev/null
+++ b/src/chrome/content/rules/sql-join.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		email.sql-join.com
+		ftp.sql-join.com
+-->
+<ruleset name="sql-join.com">
+	<target host="sql-join.com" />
+	<target host="www.sql-join.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/squarefaction.ru.xml b/src/chrome/content/rules/squarefaction.ru.xml
new file mode 100644
index 000000000000..54b5eb8eca9a
--- /dev/null
+++ b/src/chrome/content/rules/squarefaction.ru.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+		www.squarefaction.ru
+		assets.squarefaction.ru
+		m.squarefaction.ru
+		mail.squarefaction.ru
+		staging.squarefaction.ru
+		trk.squarefaction.ru
+		wiki.squarefaction.ru
+-->
+<ruleset name="squarefaction.ru">
+	<target host="squarefaction.ru" />
+	<target host="www.squarefaction.ru" />
+
+	<rule from="^http://www\.squarefaction\.ru/" to="https://squarefaction.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/squat.gr.xml b/src/chrome/content/rules/squat.gr.xml
deleted file mode 100644
index 9aa8595df2c5..000000000000
--- a/src/chrome/content/rules/squat.gr.xml
+++ /dev/null
@@ -1,198 +0,0 @@
-<!--
-	Problematic hosts in *squat.gr:
-
-		- delta.blogs ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- flying.squat.gr
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- iframe on agrioskylo, antifakozanis, wxra from www.youtube.com ˢ
-
-		- Images, on:
-
-			- agrioskylo, anarxikoikavalas, antifasistikiartas, flaneurs, matsaggou, saspf, viaoutopiae from www.wpthemesarchive.com ⁴
-			- agropedia, anarxikoiaigaleo, anarxikoikavalas, anarxikospirinaspirea, antifasalonica, antifasistikiartas, antispe, antiviosi, autonomesologgi, autopoiesis, deathrockgreece, diskordia, ditiki, eldiarxeio, epf72, epieikwsflegon, erevos, ergaleioforos, eseioanninon, evagelismos, flying, huha, katalipsikeli, kiko, matsaggou, mewannadance, mpaksesmpaxes, namous, ntougrou, oktagwno, paapty, paliokylikeio, pararthma, pat61, pikpa, pikrodafni, propagandacollective, prwtovouliagriniou, radioguerilla, redblackplanet, realdemocracykavala, saspf, saxini3, sinelevsipolymorfikoy, solidarioszapatistas, stekiantipnoia, stekiedessas, viaoutopiae, villazografou, yabasta from $self ˢ
-			- anarxikoiaigaleo, antifakozanis, deathrockgreece, diskordia, realdemocracykavala from \d.bp.blogspot.com ˢ
-			- anarxikospirinaspireas from \d+.postimage.org ˢ
-			- antifakozanis from www.lifo.gr
-			- antifakozanis from www.newsit.gr ʳ
-			- antifakozanis, mewannadance, saxini3 from radio-i.org ʳ
-			- autopoiesis from upsidedownworld.org ᵐ
-			- baruti from parisvega.com ˢ
-			- delta from delta.blogs.squat.gr ᵐ
-			- diskordia from syneleysianarxikwnvolos.squat.gr ˢ
-			- diskordia from vividlife.me ʳ
-			- diskordia, mesaexo, pararthma from [^.]+.files.wordpress.com ˢ
-			- eldiarxeio from rf.resolvermaps.com ˢ
-			- epf72 from img\d+.imageshack.us ˢ
-			- eseioanninon, propagandacollective from xupolutotagma.squat.gr ˢ
-			- flaneurs from \d+.media.tumblr.com ˢ
-			- katalipsikeli from athens.indymedia.org ˢ
-			- kiko from www.larissablogs.gr
-			- mewannadance from 105fm.org
-			- mewannadance from www.1431am.org ˢ
-			- mewannadance from radiofragmata.espivblogs.net ˢ
-			- mewannadance from radio-revolt.net
-			- mewannadance from radioparasita.org ᵈ
-			- mewannadance from rebetiko.sealabs.net
-			- mpaxes from mpaksesmpaxes.squat.gr ˢ
-			- ntougrou from \d+.postimg.org ˢ
-			- paapty from sakana.espivblogs.net ˢ
-			- planet from \w+.squat.gr ˢ
-			- propagandacollective from www.autonomia.gr ⁴
-			- realdemocracykavala from t0.gstatic.com ˢ
-			- realdemocracykavala from www.k-tipos.gr ᵈ
-			- realdemocracykavala from www.kavalacity.net ᵖ
-			- realdemocracykavala from kourdistoportocali.com ᵐ
-			- stekiantipnoia from www.kinimatorama.net ˢ
-
-		- Ads / bugs, on:
-		
-			- anarxikoiaigaleo, apertus, ditiki, matsaggou from c.statcounter.com ˢ
-			- antifakozanis, fantasma from www.feedburner.com ˢ
-			- matsaggou, ntougrou from www.kinimatorama.net ˢ
-			- mewannadance from www.black-tracker.gr ⁴
-			- propagandacollective from i.creativecommons.org ˢ
-
-	⁴ Unsecurable <= 404
-	ᵈ Unsecurable <= dropped
-	ᵐ Not secured by us <= mismatched
-	ᵖ Unsecurable <= plaintext reply
-	ʳ Unsecurable <= refused
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="squat.gr (partial)">
-
-	<target host="squat.gr" />
-	<target host="*.squat.gr" />
-
-		<exclusion pattern="http://(?:[^./]+\.){2,}squat\.gr/" />
-
-			<test url="http://this.host.squat.gr/" />
-			<test url="http://exists.not.squat.gr/" />
-			<test url="http://delta.blogs.squat.gr/" />
-
-		<test url="http://adamasto.squat.gr/" />
-		<test url="http://agrioskylo.squat.gr/" />
-		<test url="http://agropedia.squat.gr/" />
-		<test url="http://agsofianorman.squat.gr/" />
-		<test url="http://akanthonas.squat.gr/" />
-		<test url="http://anarxikoiaigaleo.squat.gr/" />
-		<test url="http://anarxikoikavalas.squat.gr/" />
-		<test url="http://anarxikoilamias.squat.gr/" />
-		<test url="http://anarxikospirinaspirea.squat.gr/" />
-		<test url="http://anoixthsynelefsianarxikwn.squat.gr/" />
-		<test url="http://antiart.squat.gr/" />
-		<test url="http://antifakozanis.squat.gr/" />
-		<test url="http://antifasalonica.squat.gr/" />
-		<test url="http://antifasistikiartas.squat.gr/" />
-		<test url="http://antispe.squat.gr/" />
-		<test url="http://antiviosi.squat.gr/" />
-		<test url="http://apertus.squat.gr/" />
-		<test url="http://asisolidarity.squat.gr/" />
-		<test url="http://aspamak.squat.gr/" />
-		<test url="http://asta.squat.gr/" />
-		<test url="http://autonomesologgi.squat.gr/" />
-		<test url="http://autopoiesis.squat.gr/" />
-		<test url="http://baruti.squat.gr/" />
-		<test url="http://cumulonimbus.squat.gr/" />
-		<test url="http://deathrockgreece.squat.gr/" />
-		<test url="http://delta.squat.gr/" />
-		<test url="http://diskordia.squat.gr/" />
-		<test url="http://ditiki.squat.gr/" />
-		<test url="http://draka.squat.gr/" />
-		<test url="http://eaprokirikseis.squat.gr/" />
-		<test url="http://eldiarxeio.squat.gr/" />
-		<test url="http://epavlikouvelou.squat.gr/" />
-		<test url="http://epf72.squat.gr/" />
-		<test url="http://epieikwsflegon.squat.gr/" />
-		<test url="http://erevos.squat.gr/" />
-		<test url="http://ergaleioforos.squat.gr/" />
-		<test url="http://eseioanninon.squat.gr/" />
-		<test url="http://evagelismos.squat.gr/" />
-		<test url="http://fantasma.squat.gr/" />
-		<test url="http://flaneurs.squat.gr/" />
-		<test url="http://flying.squat.gr/" />
-		<test url="http://huha.squat.gr/" />
-		<test url="http://kakamantata.squat.gr/" />
-		<test url="http://kanaima.squat.gr/" />
-		<test url="http://karmaniola.squat.gr/" />
-		<test url="http://katalipsielaia.squat.gr/" />
-		<test url="http://katalipsikeli.squat.gr/" />
-		<test url="http://kiko.squat.gr/" />
-		<test url="http://klanification666.squat.gr/" />
-		<test url="http://koinostopos.squat.gr/" />
-		<test url="http://matsaggou.squat.gr/" />
-		<test url="http://mesaexo.squat.gr/" />
-		<test url="http://mewannadance.squat.gr/" />
-		<test url="http://mpaksesmpaxes.squat.gr/" />
-		<test url="http://mpaxes.squat.gr/" />
-		<test url="http://mplokonikaia.squat.gr/" />
-		<test url="http://mummrah.squat.gr/" />
-		<test url="http://mwvkafeneio.squat.gr/" />
-		<test url="http://namous.squat.gr/" />
-		<test url="http://nhma.squat.gr/" />
-		<test url="http://ntougrou.squat.gr/" />
-		<test url="http://oktagwno.squat.gr/" />
-		<test url="http://paapty.squat.gr/" />
-		<test url="http://paapty.squat.gr/" />
-		<test url="http://paliokylikeio.squat.gr/" />
-		<test url="http://pararthma.squat.gr/" />
-		<test url="http://paroksismos.squat.gr/" />
-		<test url="http://pat61.squat.gr/" />
-		<test url="http://pikpa.squat.gr/" />
-		<test url="http://pikrodafni.squat.gr/" />
-		<test url="http://planet.squat.gr/" />
-		<test url="http://propagandacollective.squat.gr/" />
-		<test url="http://prwtovouliagriniou.squat.gr/" />
-		<test url="http://radioguerilla.squat.gr/" />
-		<test url="http://radiourgia.squat.gr/" />
-		<test url="http://realdemocracykavala.squat.gr/" />
-		<test url="http://redblackplanet.squat.gr/" />
-		<test url="http://rosanera.squat.gr/" />
-		<test url="http://saspf.squat.gr/" />
-		<test url="http://saxini3.squat.gr/" />
-		<test url="http://senzaclassi.squat.gr/" />
-		<test url="http://sinelevsipolymorfikoy.squat.gr/" />
-		<test url="http://solidarioszapatistas.squat.gr/" />
-		<test url="http://spasmenogranazi.squat.gr/" />
-		<test url="http://stekiantipnoia.squat.gr/" />
-		<test url="http://stekiedessas.squat.gr/" />
-		<test url="http://stekiksanthis.squat.gr/" />
-		<test url="http://stekipolytexneiou.squat.gr/" />
-		<test url="http://stekistimodi.squat.gr/" />
-		<test url="http://studiofromthedown.squat.gr/" />
-		<test url="http://syneleysianarxikwnvolos.squat.gr/" />
-		<test url="http://syneleysikatoikwnvkp.squat.gr/" />
-		<test url="http://terraincognita.squat.gr/" />
-		<test url="http://theparabellum.squat.gr/" />
-		<test url="http://toubalibre.squat.gr/" />
-		<test url="http://viaoutopiae.squat.gr/" />
-		<test url="http://villazografou.squat.gr/" />
-		<test url="http://www.squat.gr/" />
-		<test url="http://wxra.squat.gr/" />
-		<test url="http://xupolutotagma.squat.gr/" />
-		<test url="http://yabasta.squat.gr/" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^flying\.squat\.gr$" name="^qtrans_front_language$" /-->
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/sr.ht.xml b/src/chrome/content/rules/sr.ht.xml
new file mode 100644
index 000000000000..3cb3bc925e55
--- /dev/null
+++ b/src/chrome/content/rules/sr.ht.xml
@@ -0,0 +1,47 @@
+<!--
+	Refused:
+		- cirno.sr.ht
+		- cirno1.sr.ht
+		- cirno2.sr.ht
+		- ns1.sr.ht
+		- ns2.sr.ht
+		- azusa.runners.sr.ht
+		- yui.runners.sr.ht
+
+	Mismatched:
+		- alice1.sr.ht
+		- mail.sr.ht
+		- graf.metrics.sr.ht
+		- static1.sr.ht
+
+	Expired:
+		- alice2.sr.ht
+		- alice3.sr.ht
+-->
+<ruleset name="sr.ht">
+	<target host="sr.ht" />
+	<target host="builds.sr.ht" />
+	<target host="dispatch.sr.ht" />
+	<target host="git.sr.ht" />
+	<target host="hg.sr.ht" />
+	<target host="hub.sr.ht" />
+	<target host="l.sr.ht" />
+	<target host="legacy.sr.ht" />
+	<target host="lists.sr.ht" />
+	<target host="mail-b.sr.ht" />
+	<target host="man.sr.ht" />
+	<target host="meta.sr.ht" />
+	<target host="metrics.sr.ht" />
+	<target host="aggr.metrics.sr.ht" />
+	<target host="prom.metrics.sr.ht" />
+	<target host="push.metrics.sr.ht" />
+	<target host="mirror.sr.ht" />
+	<target host="pasta.sr.ht" />
+	<target host="paste.sr.ht" />
+	<target host="patchouli.sr.ht" />
+	<target host="status.sr.ht" />
+	<target host="todo.sr.ht" />
+	<target host="yukari.sr.ht" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/srad.jp.xml b/src/chrome/content/rules/srad.jp.xml
index 0740685ed56d..8f2987ee3d94 100644
--- a/src/chrome/content/rules/srad.jp.xml
+++ b/src/chrome/content/rules/srad.jp.xml
@@ -25,7 +25,7 @@
 	<target host="images.srad.jp" />
 	<test url="http://images.srad.jp/topics/japan_64.png" />
 	<test url="http://images.srad.jp/topics/nasa_64.png" />
-	
+
 	<target host="index.srad.jp" />
 	<target host="interview.srad.jp" />
 	<target host="it.srad.jp" />
diff --git a/src/chrome/content/rules/ss-iptv.com.xml b/src/chrome/content/rules/ss-iptv.com.xml
new file mode 100644
index 000000000000..f7f2b7e5bb1f
--- /dev/null
+++ b/src/chrome/content/rules/ss-iptv.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="ss-iptv.com">
+	<target host="ss-iptv.com" />
+	<target host="www.ss-iptv.com" />
+	<target host="api.ss-iptv.com" />
+	<target host="app.ss-iptv.com" />
+	<target host="epg.ss-iptv.com" />
+	<target host="forum.ss-iptv.com" />
+	<target host="img.ss-iptv.com" />
+	<target host="lg.ss-iptv.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/st.uz.xml b/src/chrome/content/rules/st.uz.xml
index f4651b02f48a..7558c0337e09 100644
--- a/src/chrome/content/rules/st.uz.xml
+++ b/src/chrome/content/rules/st.uz.xml
@@ -22,7 +22,7 @@ ns2.st.uz ³
 ⁴ self signed
 ⁷ protocol error
 -->
-<ruleset name="st.uz" default_off='failed ruleset test'>
+<ruleset name="st.uz" default_off="failed ruleset test">
 	<target host="st.uz" />
 	<target host="www.st.uz" />
 	<target host="cabinet.st.uz" />
diff --git a/src/chrome/content/rules/st65.ru.xml b/src/chrome/content/rules/st65.ru.xml
index 61f009489a87..a746ea3a50cf 100644
--- a/src/chrome/content/rules/st65.ru.xml
+++ b/src/chrome/content/rules/st65.ru.xml
@@ -6,7 +6,7 @@ Fetch error: http://mail.st65.ru/ => https://mail.st65.ru/: (60, 'SSL certificat
 st65.ru expired
 www.st65.ru expired
 -->
-<ruleset name="st65.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="st65.ru (partial)" default_off="failed ruleset test">
 	<target host="stat.st65.ru" />
 	<target host="mail.st65.ru" />
 
diff --git a/src/chrome/content/rules/stackedit.io.xml b/src/chrome/content/rules/stackedit.io.xml
deleted file mode 100644
index 1c6de4cdeb80..000000000000
--- a/src/chrome/content/rules/stackedit.io.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="stackedit.io">
-	<target host="stackedit.io" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/stackpath.com.xml b/src/chrome/content/rules/stackpath.com.xml
deleted file mode 100644
index 4966aea9b0c0..000000000000
--- a/src/chrome/content/rules/stackpath.com.xml
+++ /dev/null
@@ -1,58 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://www.app.stackpath.com/ => https://www.app.stackpath.com/: (6, 'Could not resolve host: www.app.stackpath.com')
-
-	STS header includes includeSubdomains
-	for app
-
-
-	Insecure cookies are set for these hosts: ᶜ
-
-		- api.stackpath.com
-		- app.stackpath.com
-		- vault.stackpath.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="StackPath.com" default_off='failed ruleset test'>
-
-	<target host="stackpath.com" />
-	<target host="api.stackpath.com" />
-	<target host="app.stackpath.com" />
-	<target host="*.app.stackpath.com" />
-	<target host="blog.stackpath.com" />
-	<target host="status.stackpath.com" />
-	<target host="support.stackpath.com" />
-	<target host="vault.stackpath.com" />
-	<target host="www.stackpath.com" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="^http://(?:[^./]+\.){2}app\.stackpath\.com/" />
-
-			<!--	+ve:
-					-->
-			<test url="http://this.host.app.stackpath.com/" />
-			<test url="http://exists.not.app.stackpath.com/" />
-
-		<test url="http://www.app.stackpath.com/" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://vault.stackpath.com/nginx-whitepaper" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^ap[ip]\.stackpath\.com$" name="^PHPSESSID$" /-->
-	<!--securecookie host="^vault\.stackpath\.com$" name="^hs_ab_test_\d+$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/staffordbc.gov.uk.xml b/src/chrome/content/rules/staffordbc.gov.uk.xml
index e83257c10c46..c00ebeb15379 100644
--- a/src/chrome/content/rules/staffordbc.gov.uk.xml
+++ b/src/chrome/content/rules/staffordbc.gov.uk.xml
@@ -15,7 +15,7 @@
 
 
 	These altnames do not exist:
-		
+
 		- www.www12.staffordbc.gov.uk
 
 -->
diff --git a/src/chrome/content/rules/stat.fi.xml b/src/chrome/content/rules/stat.fi.xml
new file mode 100644
index 000000000000..ea9226613aa3
--- /dev/null
+++ b/src/chrome/content/rules/stat.fi.xml
@@ -0,0 +1,32 @@
+<ruleset name="stat.fi (partial)">
+	<target host="stat.fi" />
+	<target host="www.stat.fi" />
+	<target host="cinereus.stat.fi" />
+	<target host="digiremppa.stat.fi" />
+	<target host="guides.stat.fi" />
+	<target host="kaimaani.stat.fi" />
+	<target host="kototietokanta.stat.fi" />
+	<target host="laaturaportointi.stat.fi" />
+	<target host="mixed1.stat.fi" />
+	<target host="montanus.stat.fi" />
+	<target host="ombre.stat.fi" />
+	<target host="platypus.stat.fi" />
+	<target host="pxgraf2.stat.fi" />
+	<target host="pxhopea2.stat.fi" />
+	<target host="pxnet2.stat.fi" />
+	<target host="pxwebapi2.stat.fi" />
+	<target host="taika.stat.fi" />
+	<target host="tem-tilastopalvelu.stat.fi" />
+	<target host="tieliikenneonnettomuudet.stat.fi" />
+	<target host="tilastokoulu.stat.fi" />
+	<target host="trafi2.stat.fi" />
+	<target host="dev.verkko.stat.fi" />
+	<target host="vero2.stat.fi" />
+	<target host="vertinet2.stat.fi" />
+	<target host="visitfinland.stat.fi" />
+	<target host="webcollect2.stat.fi" />
+	<target host="webkeruu1.stat.fi" />
+	<target host="yritystietopalvelu2.stat.fi" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/static-chomikuj.pl.xml b/src/chrome/content/rules/static-chomikuj.pl.xml
new file mode 100644
index 000000000000..67af69e7f2a1
--- /dev/null
+++ b/src/chrome/content/rules/static-chomikuj.pl.xml
@@ -0,0 +1,17 @@
+<!--
+	For other Chomikuj coverage, see chomikuj.pl.xml.
+
+	Invalid certificate:
+		mail.static-chomikuj.pl
+-->
+<ruleset name="static-chomikuj.pl">
+	<target host="static-chomikuj.pl" />
+	<target host="profile.static-chomikuj.pl" />
+	<target host="x.static-chomikuj.pl" />
+	<target host="x1.static-chomikuj.pl" />
+	<target host="x2.static-chomikuj.pl" />
+	<target host="x3.static-chomikuj.pl" />
+	<target host="x4.static-chomikuj.pl" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/static-fra.de.xml b/src/chrome/content/rules/static-fra.de.xml
new file mode 100644
index 000000000000..0d7feba38eba
--- /dev/null
+++ b/src/chrome/content/rules/static-fra.de.xml
@@ -0,0 +1,25 @@
+<!--
+	Refused:
+		- static-fra.de
+		- www.static-fra.de
+		- a.static-fra.de
+		- ak.static-fra.de
+		- tts.ak.static-fra.de
+		- getautoimg.static-fra.de
+		- m.static-fra.de
+		- pms.static-fra.de
+		- www.pms.static-fra.de
+		- tts.static-fra.de
+-->
+<ruleset name="static-fra.de">
+
+	<target host="autoimg.static-fra.de" />
+	<target host="bilder.static-fra.de" />
+	<target host="cdn.static-fra.de" />
+		<test url="http://cdn.static-fra.de/lib/rtli/video-tracking/build/videotracking.min.js" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/status.io.xml b/src/chrome/content/rules/status.io.xml
index 5ddd7f63de1c..24bdeb9c6be8 100644
--- a/src/chrome/content/rules/status.io.xml
+++ b/src/chrome/content/rules/status.io.xml
@@ -1,26 +1,29 @@
+<ruleset name="status.io">
 
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://amimoto.status.io/ => https://amimoto.status.io/: (6, 'Could not resolve host: amimoto.status.io')
-
-developers.status.io ³
-whatsup.status.io ³
-some customers get their own subdomain, which are not secureable
-
-³ timed out
--->
-<ruleset name="status.io" default_off='failed ruleset test'>
 	<target host="status.io" />
 	<target host="www.status.io" />
+	<target host="api.status.io" />
 	<target host="app.status.io" />
 	<target host="blog.status.io" />
-	<target host="kb.status.io" />
-	<target host="status.status.io" />
-	<target host="letsencrypt.status.io" />
-	<target host="iplantcore.status.io" />
 	<target host="custdc.status.io" />
-	<target host="amimoto.status.io" />
 	<target host="dragonflybsd.status.io" />
+	<target host="drift.status.io" />
+	<target host="dynatrace.status.io" />
+	<target host="gopay.status.io" />
+	<target host="help.status.io" />
+	<target host="iplantcore.status.io" />
+	<target host="kb.status.io" />
+	<target host="letsencrypt.status.io" />
+	<target host="mbed.status.io" />
+	<target host="qualifio.status.io" />
+	<target host="retarus.status.io" />
+	<target host="sectigocertificatemanager.status.io" />
+	<target host="status.status.io" />
+	<target host="townnews.status.io" />
+	<target host="turnitin.status.io" />
+	<target host="upwork.status.io" />
+	<target host="whatsup.status.io" />
 
 	<rule from="^http:" to="https:" />
+
 </ruleset>
diff --git a/src/chrome/content/rules/stavklass.ru.xml b/src/chrome/content/rules/stavklass.ru.xml
index 493f79076aca..3edd776dcefd 100644
--- a/src/chrome/content/rules/stavklass.ru.xml
+++ b/src/chrome/content/rules/stavklass.ru.xml
@@ -1,7 +1,7 @@
 <ruleset name="stavklass.ru">
 	<target host="stavklass.ru"/>
 	<target host="www.stavklass.ru"/>
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
diff --git a/src/chrome/content/rules/stealthy.co.xml b/src/chrome/content/rules/stealthy.co.xml
index a47a70410daa..99c5b74f7ca0 100644
--- a/src/chrome/content/rules/stealthy.co.xml
+++ b/src/chrome/content/rules/stealthy.co.xml
@@ -8,11 +8,11 @@ stealthy.co ²
 
 ² refused
 -->
-<ruleset name="stealthy.co" default_off='failed ruleset test'>
+<ruleset name="stealthy.co" default_off="failed ruleset test">
 	<target host="stealthy.co" />
 	<target host="www.stealthy.co" />
 	<target host="webproxy.stealthy.co" />
-	
+
 	<rule from="^http://stealthy\.co/"
 		to="https://www.stealthy.co/" />
 
diff --git a/src/chrome/content/rules/steamstat.ru.xml b/src/chrome/content/rules/steamstat.ru.xml
index 34ff94fff85c..027b162f0930 100644
--- a/src/chrome/content/rules/steamstat.ru.xml
+++ b/src/chrome/content/rules/steamstat.ru.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.steamstat.ru/ => https://www.steamstat.ru/: (51, "SSL: n
 
 
 -->
-<ruleset name="steamstat.ru" default_off='failed ruleset test'>
+<ruleset name="steamstat.ru" default_off="failed ruleset test">
 	<target host="steamstat.ru" />
 	<target host="www.steamstat.ru" />
 
diff --git a/src/chrome/content/rules/steamstat.us.xml b/src/chrome/content/rules/steamstat.us.xml
deleted file mode 100644
index 1646e08514b4..000000000000
--- a/src/chrome/content/rules/steamstat.us.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="steamstat.us">
-	<target host="steamstat.us" />
-	<target host="www.steamstat.us" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/stelladotcdn.com.xml b/src/chrome/content/rules/stelladotcdn.com.xml
deleted file mode 100644
index 34a75da8a049..000000000000
--- a/src/chrome/content/rules/stelladotcdn.com.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For other Stella & Dot coverage, see Stella_and_Dot.xml.
-
-
-	CDN buckets:
-
-		- com.stelladot.static.s3.amazonaws.com
-		- wildcard.stelladotcdn.com.edgekey.net	← s3static
-
-
-	Problematic hosts in stelladotcdn.com:
-
-		- s3static ⁴
-
-	⁴ 404, equivalent to another domain
-
--->
-<ruleset name="Stella Dot CDN.com">
-
-	<!--	Complications:
-				-->
-	<target host="s3static.stelladotcdn.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http://s3static\.stelladotcdn\.com/"
-		to="https://s3.amazonaws.com/com.stelladot.static/" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/stellarium.org.xml b/src/chrome/content/rules/stellarium.org.xml
new file mode 100644
index 000000000000..561e4e5cda71
--- /dev/null
+++ b/src/chrome/content/rules/stellarium.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		addons.stellarium.org
+		dss.stellarium.org
+
+	Refused:
+		buildbot.stellarium.org
+-->
+<ruleset name="stellarium.org">
+	<target host="stellarium.org" />
+	<target host="www.stellarium.org" />
+	<target host="data.stellarium.org" />
+	<target host="freegeoip.stellarium.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/stinpriza.org.xml b/src/chrome/content/rules/stinpriza.org.xml
index 8b28eaac9980..dd8dda005243 100644
--- a/src/chrome/content/rules/stinpriza.org.xml
+++ b/src/chrome/content/rules/stinpriza.org.xml
@@ -1,6 +1,6 @@
-<!-- 
+<!--
 Self signed:
-intefix.stinpriza.org 
+intefix.stinpriza.org
 
 -->
 
diff --git a/src/chrome/content/rules/stockport.gov.uk.xml b/src/chrome/content/rules/stockport.gov.uk.xml
index 3c05f9ee3002..04948d1a664f 100644
--- a/src/chrome/content/rules/stockport.gov.uk.xml
+++ b/src/chrome/content/rules/stockport.gov.uk.xml
@@ -66,9 +66,9 @@
 	<target host="servicedesk.stockport.gov.uk" />
 	<target host="vpn.stockport.gov.uk" />
 
-	<rule from="^http://stockport\.gov\.uk/" 
+	<rule from="^http://stockport\.gov\.uk/"
 			to="https://www.stockport.gov.uk/" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 			to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/stoke.gov.uk.xml b/src/chrome/content/rules/stoke.gov.uk.xml
index 5f80038db5b7..f49589f391ee 100644
--- a/src/chrome/content/rules/stoke.gov.uk.xml
+++ b/src/chrome/content/rules/stoke.gov.uk.xml
@@ -28,7 +28,7 @@ Fetch error: http://planning.stoke.gov.uk/ => https://planning.stoke.gov.uk/: (6
 		- myaccount.stoke.gov.uk
 
 -->
-<ruleset name="Stoke.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Stoke.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="admissions.stoke.gov.uk" />
 	<target host="www.admissions.stoke.gov.uk" />
diff --git a/src/chrome/content/rules/store.twentyonepilots.com.xml b/src/chrome/content/rules/store.twentyonepilots.com.xml
new file mode 100644
index 000000000000..2ff06d82dabc
--- /dev/null
+++ b/src/chrome/content/rules/store.twentyonepilots.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid Certificate:
+	- twentyonepilots.com
+	- www.twentyonepilots.com
+	- yourplatform.twentyonepilots.com
+-->
+
+<ruleset name="Twentyonepilots Store">
+	<target host="store.twentyonepilots.com"/>
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/storehouse.co.xml b/src/chrome/content/rules/storehouse.co.xml
index c8b9c6d170f6..3743f6504f4f 100644
--- a/src/chrome/content/rules/storehouse.co.xml
+++ b/src/chrome/content/rules/storehouse.co.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.storehouse.co/ => https://www.storehouse.co/: (6, 'Could
 	³ 403
 
 -->
-<ruleset name="Storehouse.co (partial)" default_off='failed ruleset test'>
+<ruleset name="Storehouse.co (partial)" default_off="failed ruleset test">
 
 	<target host="storehouse.co" />
 	<target host="www.storehouse.co" />
diff --git a/src/chrome/content/rules/storm-chasers.de.xml b/src/chrome/content/rules/storm-chasers.de.xml
deleted file mode 100644
index 47d1e455e855..000000000000
--- a/src/chrome/content/rules/storm-chasers.de.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Invalid certificate:
-		server.storm-chasers.de
-
--->
-<ruleset name="storm-chasers.de">
-
-	<target host="storm-chasers.de" />
-	<target host="www.storm-chasers.de" />
-	<target host="dev.storm-chasers.de" />
-	<target host="piwik.storm-chasers.de" />
-	<target host="webmail.storm-chasers.de" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/strana.ua.xml b/src/chrome/content/rules/strana.ua.xml
index b3b0f9210226..135ea918d422 100644
--- a/src/chrome/content/rules/strana.ua.xml
+++ b/src/chrome/content/rules/strana.ua.xml
@@ -1,5 +1,5 @@
 <!--
-Invalid certificate: 
+Invalid certificate:
 	editor.strana.ua
 	i.strana.ua
 	longread.strana.ua
@@ -7,10 +7,10 @@ Invalid certificate:
 <ruleset name="Strana.ua">
 	<target host="strana.ua" />
 	<target host="www.strana.ua" />
-	<target host="amp.strana.ua" /> 
-	
+	<target host="amp.strana.ua" />
+
 	<securecookie host=".+" name=".+" />
-	
-	<rule from="^http://amp\.strana\.ua/" to="https://strana.ua/" />	
+
+	<rule from="^http://amp\.strana\.ua/" to="https://strana.ua/" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/strasbourgfestival.com.xml b/src/chrome/content/rules/strasbourgfestival.com.xml
new file mode 100644
index 000000000000..6d2254969080
--- /dev/null
+++ b/src/chrome/content/rules/strasbourgfestival.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="strasbourgfestival.com">
+	<target host="strasbourgfestival.com" />
+	<target host="www.strasbourgfestival.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/streamamg.com.xml b/src/chrome/content/rules/streamamg.com.xml
index 075245335628..1dc0fd3de8bd 100644
--- a/src/chrome/content/rules/streamamg.com.xml
+++ b/src/chrome/content/rules/streamamg.com.xml
@@ -17,7 +17,7 @@ Fetch error: http://devlegapallacanestro.streamamg.com/ => https://devlegapallac
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="StreamAMG.com" default_off='failed ruleset test'>
+<ruleset name="StreamAMG.com" default_off="failed ruleset test">
 
 	<target host="streamamg.com" />
 	<target host="devlegapallacanestro.streamamg.com" />
diff --git a/src/chrome/content/rules/streamuk.com.xml b/src/chrome/content/rules/streamuk.com.xml
index a947b1e1de1c..60a87e0e9d68 100644
--- a/src/chrome/content/rules/streamuk.com.xml
+++ b/src/chrome/content/rules/streamuk.com.xml
@@ -15,7 +15,7 @@
 
 		- (www.)? ᵉ ᵘ
 
-	ᵉ Expired 
+	ᵉ Expired
 	ᵘ Untrusted root
 
 
diff --git a/src/chrome/content/rules/stroeerdigitalgroup.de.xml b/src/chrome/content/rules/stroeerdigitalgroup.de.xml
new file mode 100644
index 000000000000..4bc30dfa9e1d
--- /dev/null
+++ b/src/chrome/content/rules/stroeerdigitalgroup.de.xml
@@ -0,0 +1,35 @@
+<!--
+	Invalid certificate:
+		lyncdiscover
+		meet
+		sip
+-->
+<ruleset name="stroeerdigitalgroup.de">
+
+	<target host="stroeerdigitalgroup.de" />
+	<target host="www.stroeerdigitalgroup.de" />
+	<target host="cdn.stroeerdigitalgroup.de" />
+		<test url="http://cdn.stroeerdigitalgroup.de/metatag/live/t-o-nachrichten/metaTag.min.js" />
+	<target host="consent.stroeerdigitalgroup.de" />
+	<target host="dev.iam.stroeerdigitalgroup.de" />
+	<target host="live.iam.stroeerdigitalgroup.de" />
+	<target host="manage.iam.stroeerdigitalgroup.de" />
+	<target host="staging.iam.stroeerdigitalgroup.de" />
+	<target host="newsletter.stroeerdigitalgroup.de" />
+	<target host="privacy.stroeerdigitalgroup.de" />
+	<target host="support.stroeerdigitalgroup.de" />
+	<target host="ticket.stroeerdigitalgroup.de" />
+	<target host="tr.stroeerdigitalgroup.de" />
+	<target host="uploadtool.stroeerdigitalgroup.de" />
+	<target host="uploadtool-s3.stroeerdigitalgroup.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<!-- Refused on https://stroeerdigitalgroup.de/,
+	http://stroeerdigitalgroup.de/ redirects to https://www.stroeer.de/. -->
+	<rule from="^http://stroeerdigitalgroup\.de/"
+		to="https://www.stroeer.de/" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/strongSwan.xml b/src/chrome/content/rules/strongSwan.xml
index e5e0a9fb0ac7..8f3580da2994 100644
--- a/src/chrome/content/rules/strongSwan.xml
+++ b/src/chrome/content/rules/strongSwan.xml
@@ -7,7 +7,7 @@
         - ^wiki
         - ^www
         -->
-    <securecookie host="^(?:.*\.)?strongswan\.org$" name=".+" />
+    <securecookie host=".+" name=".+" />
 
 
     <!--    Observed subdomains:
diff --git a/src/chrome/content/rules/stubhubstatic.com.xml b/src/chrome/content/rules/stubhubstatic.com.xml
new file mode 100644
index 000000000000..24637d929efb
--- /dev/null
+++ b/src/chrome/content/rules/stubhubstatic.com.xml
@@ -0,0 +1,48 @@
+<!--
+	Non-functional subdomains:
+
+		- www	(t)
+		- s	(t)
+		- slcq016-cache15	(t)
+		- slcq045-cache11	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="stubhubstatic.com">
+
+	<target host="3-cache1.stubhubstatic.com" />
+	<target host="3-cache11.stubhubstatic.com" />
+	<target host="3-cache12.stubhubstatic.com" />
+	<target host="3-cache13.stubhubstatic.com" />
+	<target host="3-cache14.stubhubstatic.com" />
+	<target host="3-cache15.stubhubstatic.com" />
+	<target host="31-cache1.stubhubstatic.com" />
+	<target host="31-cache11.stubhubstatic.com" />
+	<target host="31-cache12.stubhubstatic.com" />
+	<target host="31-cache13.stubhubstatic.com" />
+	<target host="31-cache14.stubhubstatic.com" />
+	<target host="cache1.stubhubstatic.com" />
+	<target host="cache11.stubhubstatic.com" />
+	<target host="cache12.stubhubstatic.com" />
+	<target host="cache13.stubhubstatic.com" />
+	<target host="cache14.stubhubstatic.com" />
+	<target host="cache15.stubhubstatic.com" />
+	<target host="cache2.stubhubstatic.com" />
+	<target host="cache21.stubhubstatic.com" />
+	<target host="cache22.stubhubstatic.com" />
+	<target host="cache23.stubhubstatic.com" />
+	<target host="cache3.stubhubstatic.com" />
+	<target host="cache31.stubhubstatic.com" />
+	<target host="cache32.stubhubstatic.com" />
+	<target host="cache33.stubhubstatic.com" />
+	<target host="origin-cache1.stubhubstatic.com" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/studyjamscn.com.xml b/src/chrome/content/rules/studyjamscn.com.xml
deleted file mode 100644
index cdb092f7ca9b..000000000000
--- a/src/chrome/content/rules/studyjamscn.com.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Refused:
-		^studyjamscn.com
--->
-
-<ruleset name="studyjamscn.com">
-	<target host="studyjamscn.com" />
-	<rule from="^http://studyjamscn\.com/" to="https://www.studyjamscn.com/" />
-
-	<target host="www.studyjamscn.com" />
-	<target host="docs.studyjamscn.com" />
-	<target host="static0.studyjamscn.com" />
-	<target host="ucenter.studyjamscn.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/sumatrapdfreader.org.xml b/src/chrome/content/rules/sumatrapdfreader.org.xml
index 4530265483a7..104563dbda5f 100644
--- a/src/chrome/content/rules/sumatrapdfreader.org.xml
+++ b/src/chrome/content/rules/sumatrapdfreader.org.xml
@@ -1,5 +1,5 @@
 <ruleset name="sumatrapdfreader.org">
-	
+
 	<target host="sumatrapdfreader.org" />
 	<target host="www.sumatrapdfreader.org" />
 
diff --git a/src/chrome/content/rules/sumo.com.xml b/src/chrome/content/rules/sumo.com.xml
index 6c4e1afdf58e..2cd868fc88a3 100644
--- a/src/chrome/content/rules/sumo.com.xml
+++ b/src/chrome/content/rules/sumo.com.xml
@@ -4,7 +4,7 @@
 		gtm.sumo.com
 		page.sumo.com
 
-		email1k.sumome.com	
+		email1k.sumome.com
 -->
 <ruleset name="sumo.com">
 	<target host="sumo.com" />
diff --git a/src/chrome/content/rules/sumtel.ru.xml b/src/chrome/content/rules/sumtel.ru.xml
index f323c57a5739..d2017636390b 100644
--- a/src/chrome/content/rules/sumtel.ru.xml
+++ b/src/chrome/content/rules/sumtel.ru.xml
@@ -80,7 +80,7 @@ wiki.sumtel.ru ⁴
 ⁴ self signed
 ⁷ protocol error
 -->
-<ruleset name="sumtel.ru" default_off='failed ruleset test'>
+<ruleset name="sumtel.ru" default_off="failed ruleset test">
 	<target host="sumtel.ru" />
 	<target host="cloud.sumtel.ru" />
 	<target host="dag.sumtel.ru" />
diff --git a/src/chrome/content/rules/sundance.tv.xml b/src/chrome/content/rules/sundance.tv.xml
index 90738bb34a5e..817d354f47f2 100644
--- a/src/chrome/content/rules/sundance.tv.xml
+++ b/src/chrome/content/rules/sundance.tv.xml
@@ -18,7 +18,7 @@
 		- css on www from $self ˢ
 
 		- Images, on:
-		
+
 			- www from $self
 			- www from images.amcnetworks.com ˢ
 
diff --git a/src/chrome/content/rules/sunmotors.co.uk.xml b/src/chrome/content/rules/sunmotors.co.uk.xml
index 4d113f0365d2..8a4d7042de75 100644
--- a/src/chrome/content/rules/sunmotors.co.uk.xml
+++ b/src/chrome/content/rules/sunmotors.co.uk.xml
@@ -29,7 +29,7 @@ Fetch error: http://www.sunmotors.co.uk/motors-cdn/images/icon_search.png => htt
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="sunmotors.co.uk" default_off='failed ruleset test'>
+<ruleset name="sunmotors.co.uk" default_off="failed ruleset test">
 
 	<target host="sunmotors.co.uk" />
 	<target host="www.sunmotors.co.uk" />
diff --git a/src/chrome/content/rules/sunxdcc.com.xml b/src/chrome/content/rules/sunxdcc.com.xml
new file mode 100644
index 000000000000..9eabda72c8da
--- /dev/null
+++ b/src/chrome/content/rules/sunxdcc.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Invalid certificate:
+		mail.sunxdcc.com
+-->
+<ruleset name="sunxdcc.com">
+	<target host="sunxdcc.com" />
+	<target host="www.sunxdcc.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/suomi.fi.xml b/src/chrome/content/rules/suomi.fi.xml
index 148ef5385d01..e440b340c768 100644
--- a/src/chrome/content/rules/suomi.fi.xml
+++ b/src/chrome/content/rules/suomi.fi.xml
@@ -3,13 +3,14 @@
 	<!-- Has a few subdomains which have cookies too -->
 
 	<target host="suomi.fi" />
-	<target host="*.suomi.fi" />
+	<target host="www.suomi.fi" />
+	<target host="asiointitili.suomi.fi" />
+	<target host="tunnistus.suomi.fi" />
 
 
 	<securecookie host="^[^@:/\.]+\.suomi\.fi" name=".+" />
 
 
-	<rule from="^http://((?:www|asiointitili|tunnistus)\.)?suomi\.fi/"
-		to="https://$1suomi.fi/" />
 
+	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/surina.net.xml b/src/chrome/content/rules/surina.net.xml
new file mode 100644
index 000000000000..92a52a98424b
--- /dev/null
+++ b/src/chrome/content/rules/surina.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="surina.net">
+	<target host="surina.net" />
+	<target host="www.surina.net" />
+	<target host="audioshift.surina.net" />
+	<target host="soundtouch.surina.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/surreycc.gov.xml b/src/chrome/content/rules/surreycc.gov.xml
index f47bebb7175f..7c6b8cb1a0dd 100644
--- a/src/chrome/content/rules/surreycc.gov.xml
+++ b/src/chrome/content/rules/surreycc.gov.xml
@@ -48,7 +48,7 @@ Fetch error: http://www2.surreycc.gov.uk/ => https://www2.surreycc.gov.uk/: (6,
 		- www2.surreycc.gov.uk
 
 -->
-<ruleset name="Surrey CC.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Surrey CC.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="surreycc.gov.uk" />
 	<target host="classic.surreycc.gov.uk" />
diff --git a/src/chrome/content/rules/surveyserver.net.xml b/src/chrome/content/rules/surveyserver.net.xml
deleted file mode 100644
index 5be9baef92f2..000000000000
--- a/src/chrome/content/rules/surveyserver.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	For other Speedwell Software coverage, see speedwellsoftware.com.xml.
-
--->
-<ruleset name="surveyserver.net">
-
-	<target host="surveyserver.net" />
-	<target host="www.surveyserver.net" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/suumo.com.xml b/src/chrome/content/rules/suumo.com.xml
index 41ffecc03d6a..b6394cb12536 100644
--- a/src/chrome/content/rules/suumo.com.xml
+++ b/src/chrome/content/rules/suumo.com.xml
@@ -17,4 +17,4 @@
 	<rule from="^http:"
 		to="https:" />
 
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/swissnode.ch.xml b/src/chrome/content/rules/swissnode.ch.xml
new file mode 100644
index 000000000000..fdebda1e7c66
--- /dev/null
+++ b/src/chrome/content/rules/swissnode.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="swissnode.ch">
+	<target host="swissnode.ch" />
+	<target host="www.swissnode.ch" />
+	<target host="hosting04.swissnode.ch" />
+	<target host="remote.swissnode.ch" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sydney.edu.au.xml b/src/chrome/content/rules/sydney.edu.au.xml
index 0814929d7b9f..7d050d097d56 100644
--- a/src/chrome/content/rules/sydney.edu.au.xml
+++ b/src/chrome/content/rules/sydney.edu.au.xml
@@ -54,7 +54,7 @@ Fetch error: http://www.sydney.edu.au/ => https://www.sydney.edu.au/: Too many r
 	ˢ Secured by us
 
 -->
-<ruleset name="Sydney.edu.au (partial)" default_off='failed ruleset test'>
+<ruleset name="Sydney.edu.au (partial)" default_off="failed ruleset test">
 
 	<target host="sydney.edu.au" />
 	<target host="staff.ask.sydney.edu.au" />
diff --git a/src/chrome/content/rules/symphonyos.com.xml b/src/chrome/content/rules/symphonyos.com.xml
deleted file mode 100644
index c1c3311bf4bf..000000000000
--- a/src/chrome/content/rules/symphonyos.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<!--apps. mismatch-->
-<ruleset name="symphonyos.com">
-	<target host="symphonyos.com" />
-	<target host="www.symphonyos.com" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/syncaccess.net.xml b/src/chrome/content/rules/syncaccess.net.xml
deleted file mode 100644
index 0246caec37c9..000000000000
--- a/src/chrome/content/rules/syncaccess.net.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="syncaccess.net">
-
-	<target host="syncaccess.net" />
-	<target host="www.syncaccess.net" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/synonymer.se.xml b/src/chrome/content/rules/synonymer.se.xml
new file mode 100644
index 000000000000..3f00d86134a0
--- /dev/null
+++ b/src/chrome/content/rules/synonymer.se.xml
@@ -0,0 +1,8 @@
+<ruleset name="synonymer.se">
+	<target host="synonymer.se" />
+	<target host="www.synonymer.se" />
+	<target host="api.synonymer.se" />
+	<target host="dev.synonymer.se" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/syrianmalware.com.xml b/src/chrome/content/rules/syrianmalware.com.xml
new file mode 100644
index 000000000000..2a7054d65962
--- /dev/null
+++ b/src/chrome/content/rules/syrianmalware.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="syrianmalware.com">
+	<target host="syrianmalware.com" />
+	<target host="www.syrianmalware.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/sysax.com.xml b/src/chrome/content/rules/sysax.com.xml
index ef8dde0d0d22..b5cea86661f6 100644
--- a/src/chrome/content/rules/sysax.com.xml
+++ b/src/chrome/content/rules/sysax.com.xml
@@ -13,7 +13,7 @@
 		- Images on (www.)? from www.sysax.com ˢ
 
 		- Bug, on:
-		
+
 			- (www.)? from static.getclicky.com ˢ
 			- (www.)? from www.sysax.com ˢ
 
diff --git a/src/chrome/content/rules/syscan360.org.xml b/src/chrome/content/rules/syscan360.org.xml
deleted file mode 100644
index f243f7c2a7c5..000000000000
--- a/src/chrome/content/rules/syscan360.org.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="SyScan360.org">
-
-	<target host="syscan360.org" />
-	<target host="www.syscan360.org" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/system-rescue-cd.org.xml b/src/chrome/content/rules/system-rescue-cd.org.xml
index 02d1611487e0..52f4e52b7d25 100644
--- a/src/chrome/content/rules/system-rescue-cd.org.xml
+++ b/src/chrome/content/rules/system-rescue-cd.org.xml
@@ -9,7 +9,7 @@ Fetch error: http://www.sysresccd.org/ => https://www.sysresccd.org/: Too many r
 beta.system-rescue-cd.org self signed
 beta.sysresccd.org broken because it redirects to https://beta.system-rescue-cd.org
 -->
-<ruleset name="System-Rescue-Cd.org" default_off='failed ruleset test'>
+<ruleset name="System-Rescue-Cd.org" default_off="failed ruleset test">
 
 	<target host="system-rescue-cd.org" />
 	<target host="www.system-rescue-cd.org" />
diff --git a/src/chrome/content/rules/systemd.io.xml b/src/chrome/content/rules/systemd.io.xml
new file mode 100644
index 000000000000..c7389ba5040f
--- /dev/null
+++ b/src/chrome/content/rules/systemd.io.xml
@@ -0,0 +1,15 @@
+<!--
+	Timeout:
+		cfp.systemd.io
+-->
+<ruleset name="systemd.io">
+
+	<target host="systemd.io" />
+	<target host="www.systemd.io" />
+	<target host="brand.systemd.io" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/t-mobilebankowe.pl.xml b/src/chrome/content/rules/t-mobilebankowe.pl.xml
index c8ccf4e4c078..a785514fdfb4 100644
--- a/src/chrome/content/rules/t-mobilebankowe.pl.xml
+++ b/src/chrome/content/rules/t-mobilebankowe.pl.xml
@@ -34,7 +34,7 @@ Non-2xx HTTP code: http://konto.t-mobilebankowe.pl/ (200) => https://www.t-mobil
 		- www.t-mobilebankowe.pl
 
 -->
-<ruleset name="T-mobilebankowe.pl (partial)" default_off='failed ruleset test'>
+<ruleset name="T-mobilebankowe.pl (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/t.me.xml b/src/chrome/content/rules/t.me.xml
new file mode 100644
index 000000000000..2aca98d8fc5f
--- /dev/null
+++ b/src/chrome/content/rules/t.me.xml
@@ -0,0 +1,11 @@
+<!--
+	For other Telegram coverage, see Telegram.me.xml.
+-->
+
+<ruleset name="t.me">
+		<target host="t.me" />
+		<target host="www.t.me" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/t3n.de.xml b/src/chrome/content/rules/t3n.de.xml
new file mode 100644
index 000000000000..b4b580822f19
--- /dev/null
+++ b/src/chrome/content/rules/t3n.de.xml
@@ -0,0 +1,22 @@
+<ruleset name="t3n.de">
+
+	<target host="t3n.de" />
+	<target host="www.t3n.de" />
+	<target host="amp.t3n.de" />
+	<target host="api.t3n.de" />
+	<target host="faq.t3n.de" />
+	<target host="go.t3n.de" />
+	<target host="media.t3n.de" />
+	<target host="api.stage.t3n.de" />
+	<target host="cc.stage.t3n.de" />
+	<target host="content-api.stage.t3n.de" />
+	<target host="next.stage.t3n.de" />
+	<target host="private-api.stage.t3n.de" />
+	<target host="wp.stage.t3n.de" />
+	<target host="storybook.t3n.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/tagesschau.de.xml b/src/chrome/content/rules/tagesschau.de.xml
index 19b3edb77e5c..bf23f764c3a5 100644
--- a/src/chrome/content/rules/tagesschau.de.xml
+++ b/src/chrome/content/rules/tagesschau.de.xml
@@ -1,53 +1,65 @@
 <!--
-	tageschau.de refuse https
-	
-	Non-functional subdomains:
-		atlas (connection refused)
-
-	Redirect to Flypsite.com
-		duell.live.tagesschau.de
-		
-	Redirect to tagesschau.de
-		tagesschau24.de
-		www.tagesschau24.de
+	Invalid Certificate:
+		enterpriseregistration.tagesschau.de
+		klima.tagesschau.de
+		www.klima.tagesschau.de
+		miss.tagesschau.de
+		origin.tagesschau.de
+		stat.tagesschau.de
+		rbb24.wahl.tagesschau.de
+		wahl-o-mat.tagesschau.de
+		wahlarchiv.tagesschau.de
+		wahlomat.tagesschau.de
 
 	Mixed content:
 		karten.tagesschau.de
 		wahl.tagesschau.de
-		
-	Invalid Certificate-Chain:
-		todo.tagesschau.de
 
-	Invalid Certificate:
-		blog.tagesschau.de
-		origin.blog.tagesschau.de
-		intern.tagesschau.de
-		korrespondenten.tagesschau.de
-		stat.tagesschau.de
-		rbb24.wahl.tagesschau.de
-		wahlarchiv.tagesschau.de
+	Refused:
+		atlas.tagesschau.de
+		chat.tagesschau.de
+		download.tagesschau.de
+		spiel.tagesschau.de
+		umfrage.tagesschau.de
+
+	SSL error:
+		forum.tagesschau.de
+		www.forum.tagesschau.de
 
+	Timeout:
+		admin.tagesschau.de
+		fbia.tagesschau.de
+		relaunch.tagesschau.de
+		test.tagesschau.de
+
+	Unable to get local issuer certificate:
+		prodforum.tagesschau.de
+		todo.tagesschau.de
+		wiki.tagesschau.de
 -->
 <ruleset name="tagesschau.de (partial)">
-	<target host="tagesschau.de"/>
-	<target host="www.tagesschau.de"/>
-	<target host="faktenfinder.tagesschau.de"/>
-	<target host="media.tagesschau.de"/>
-	<target host="download.media.tagesschau.de"/>
-	<target host="karten.tagesschau.de"/>
-	<target host="meta.tagesschau.de"/>
-	<target host="prodforum.tagesschau.de"/>
-	<target host="service.tagesschau.de"/>
-	<target host="wahl.tagesschau.de"/>
-	<target host="wetter.tagesschau.de"/>
-	<target host="programm.tagesschau24.de"/>
-
-	<securecookie host="^www\.tagesschau\.de$" name=".+" />
-
-	<rule from="^http://tagesschau\.de/"
-		to="https://www.tagesschau.de/"/>
-
-	<rule from="^http:" 
-		to="https:" />
+
+	<target host="tagesschau.de" />
+	<target host="www.tagesschau.de" />
+	<target host="autodiscover.tagesschau.de" />
+	<target host="blog.tagesschau.de" />
+	<target host="www.blog.tagesschau.de" />
+	<target host="faktenfinder.tagesschau.de" />
+	<target host="autodiscover.forum.tagesschau.de" />
+	<target host="intern.tagesschau.de" />
+	<target host="korrespondenten.tagesschau.de" />
+	<target host="media.tagesschau.de" />
+	<target host="download.media.tagesschau.de" />
+	<target host="meta.tagesschau.de" />
+	<target host="netzwerk.tagesschau.de" />
+	<target host="service.tagesschau.de" />
+	<target host="wahl.tagesschau.de" />
+	<target host="www.wahl.tagesschau.de" />
+	<target host="wetter.tagesschau.de" />
+	<target host="wetterstationen.tagesschau.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/tagilka.ru.xml b/src/chrome/content/rules/tagilka.ru.xml
deleted file mode 100644
index f8d3f898093e..000000000000
--- a/src/chrome/content/rules/tagilka.ru.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<!--www. wrong redirect
-70. mismatch-->
-<ruleset name="tagilka.ru">
-	<target host="tagilka.ru" />
-	<target host="www.tagilka.ru" />
-	<rule from="^http://www\.tagilka\.ru/"
-		to="https://tagilka.ru/" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/taihe.com.xml b/src/chrome/content/rules/taihe.com.xml
new file mode 100644
index 000000000000..ace1b06c7154
--- /dev/null
+++ b/src/chrome/content/rules/taihe.com.xml
@@ -0,0 +1,40 @@
+<!--
+	Mismatched:
+		mail.taihe.com
+		ob.taihe.com
+		obforest.taihe.com
+		touch.taihe.com
+		tr.taihe.com
+		
+	Refused:
+		about.taihe.com
+		cms2.taihe.com
+		imap.taihe.com
+		pop.taihe.com
+		smtp.taihe.com
+
+	Timeout:
+		cms.taihe.com
+		live.taihe.com
+		office.taihe.com
+		rs.taihe.com
+		v.taihe.com
+		video.taihe.com
+-->
+<ruleset name="taihe.com">
+	<target host="taihe.com" />
+	<target host="www.taihe.com" />
+	<target host="bar.taihe.com" />
+	<target host="c.taihe.com" />
+	<target host="embedmusic.taihe.com" />
+	<target host="feed.taihe.com" />
+	<target host="fm.taihe.com" />
+	<target host="lebo.taihe.com" />
+	<target host="music.taihe.com" />
+	<target host="musicapi.taihe.com" />
+	<target host="passport.taihe.com" />
+	<target host="play.taihe.com" />
+	<target host="y.taihe.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tameside.gov.uk-falsemixed.xml b/src/chrome/content/rules/tameside.gov.uk-falsemixed.xml
deleted file mode 100644
index aa2c3189a01c..000000000000
--- a/src/chrome/content/rules/tameside.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	For rules not causing MCB, see Tameside.gov.uk.xml.
-
--->
-<ruleset name="Tameside.gov.uk (MCB)" platform="mixedcontent">
-
-	<target host="web.tameside.gov.uk" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/tameside.gov.uk.xml b/src/chrome/content/rules/tameside.gov.uk.xml
index 54c6c96b9023..c742bda3e273 100644
--- a/src/chrome/content/rules/tameside.gov.uk.xml
+++ b/src/chrome/content/rules/tameside.gov.uk.xml
@@ -53,7 +53,7 @@ Fetch error: http://ecitizen.tameside.gov.uk/ => https://ecitizen.tameside.gov.u
 		- css on web from www.tameside.gov.uk ʳ
 
 		- Images, on:
-		
+
 			- web from public.tameside.gov.uk ᵈ
 			- web, whatson from www.tameside.gov.uk ʳ
 
@@ -61,7 +61,7 @@ Fetch error: http://ecitizen.tameside.gov.uk/ => https://ecitizen.tameside.gov.u
 	ʳ Unsecurable <= refused
 
 -->
-<ruleset name="Tameside.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Tameside.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="admission.tameside.gov.uk" />
 	<target host="adultportal.tameside.gov.uk" />
diff --git a/src/chrome/content/rules/tamworth.gov.uk.xml b/src/chrome/content/rules/tamworth.gov.uk.xml
index 0275552322af..ff4a702403ba 100644
--- a/src/chrome/content/rules/tamworth.gov.uk.xml
+++ b/src/chrome/content/rules/tamworth.gov.uk.xml
@@ -29,7 +29,7 @@ Fetch error: http://benefits.tamworth.gov.uk/ => https://benefits.tamworth.gov.u
 		- benefits.tamworth.gov.uk
 
 -->
-<ruleset name="Tamworth.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Tamworth.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="benefits.tamworth.gov.uk" />
 
diff --git a/src/chrome/content/rules/tanx.com.xml b/src/chrome/content/rules/tanx.com.xml
index 5fb90a760a07..bd1ae9b1281c 100644
--- a/src/chrome/content/rules/tanx.com.xml
+++ b/src/chrome/content/rules/tanx.com.xml
@@ -4,7 +4,7 @@
 		dmp
 		ex
 		monitor
-	
+
 	Redirect to http:
 		^
 		ade
@@ -31,19 +31,18 @@
 	<target host="ecpm.tanx.com" />
 		<test url="http://ecpm.tanx.com/ex?i=mm_12852562_1778064_9087844&amp;cb=jsonp_callback_993&amp;callback=&amp;userid=&amp;o=&amp;f=&amp;n=&amp;re=1366x768&amp;r=&amp;cah=728&amp;caw=1366&amp;ccd=32&amp;ctz=8&amp;chl=2&amp;cja=1&amp;cpl=36&amp;cmm=53&amp;cf=11.9&amp;cg=a496a6f368d8ef0cf220c9b9ceb21c2e&amp;pvid=af206bd6a226631bf9801c9ea3c62464&amp;ai=4&amp;ac=6354&amp;prq=88431394&amp;cas=prq&amp;cbh=2945&amp;cbw=1349&amp;dx=1&amp;u=http%3A%2F%2Fwww.taobao.com%2F&amp;k=&amp;tt=%E6%B7%98%E5%AE%9D%E7%BD%91%20-%20%E6%B7%98%EF%BC%81%E6%88%91%E5%96%9C%E6%AC%A2" />
 	<target host="ets.tanx.com" />
-	
+
 	<target host="mu.tanx.com" />
-		<test url="http://mu.tanx.com/" />
 	<!--	MCB:	-->
 	<exclusion pattern="^http://mu\.tanx\.com/index\.htm" />
 		<test url="http://mu.tanx.com/index.htm" />
-	
+
 	<target host="opehs.tanx.com" />
 		<test url="http://opehs.tanx.com/ex?i=mm_26632322_6858406_35046203&amp;cb=jsonp_callback_19009&amp;callback=&amp;userid=&amp;o=&amp;f=&amp;n=&amp;re=1680x1050&amp;r=1&amp;cah=976&amp;caw=1680&amp;ccd=24&amp;ctz=-4&amp;chl=1&amp;cja=1&amp;cpl=5&amp;cmm=32&amp;cf=-1&amp;cg=c384a7c6ec6c51aeedd1ce6ad0743f18&amp;pvid=aeaa80fbb507a52a5b89f9004514cf14&amp;pvid_1=f1fb97f07c4d2d4b59ade3ce3ff94093&amp;ai=0&amp;ac=6867&amp;prm=26246211&amp;cas=prm&amp;cbh=4603&amp;cbw=400&amp;dx=1&amp;u=https%3A%2F%2Fwww.hao123.com%2F&amp;k=&amp;tt=hao123_%E4%B8%8A%E7%BD%91%E4%BB%8E%E8%BF%99%E9%87%8C%E5%BC%80%E5%A7%8B" />
 	<target host="p.tanx.com" />
 		<test url="http://p.tanx.com/ex?i=mm_10054360_4228956_14384474" />
 	<target host="pass.tanx.com" />
-	
+
 	<target host="phs.tanx.com" />
 		<test url="http://phs.tanx.com/acbeacon4.html" />
 	<target host="rdstat.tanx.com" />
diff --git a/src/chrome/content/rules/taw.org.uk.xml b/src/chrome/content/rules/taw.org.uk.xml
deleted file mode 100644
index a1d12c706ce7..000000000000
--- a/src/chrome/content/rules/taw.org.uk.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="TAW.org.uk (partial)">
-
-	<target host="apleywoodprimary.taw.org.uk" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/tbz.ch.xml b/src/chrome/content/rules/tbz.ch.xml
new file mode 100644
index 000000000000..0ce7e55d2a42
--- /dev/null
+++ b/src/chrome/content/rules/tbz.ch.xml
@@ -0,0 +1,17 @@
+<!--
+	Invalid certificate:
+	- webmail.tbz.ch
+	- vpn.tbz.ch
+	- intranet.tbz.ch
+-->
+
+<ruleset name="tbz.ch">
+	<target host="tbz.ch"/>
+	<target host="www.tbz.ch"/>
+	<target host="bscw.tbz.ch"/>
+	<target host="orgweb.tbz.ch"/>
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/teacherspensions.co.uk.xml b/src/chrome/content/rules/teacherspensions.co.uk.xml
index 1cd9f9dbaabd..6eeedbe00d7f 100644
--- a/src/chrome/content/rules/teacherspensions.co.uk.xml
+++ b/src/chrome/content/rules/teacherspensions.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://teacherspensions.co.uk/ => https://www.www.teacherspensions.
 	ʳ Refused
 
 -->
-<ruleset name="Teachers Pensions.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Teachers Pensions.co.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/teamup.com.xml b/src/chrome/content/rules/teamup.com.xml
deleted file mode 100644
index bdfdefc0110d..000000000000
--- a/src/chrome/content/rules/teamup.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-apidocs.teamup.com mismatch
--->
-
-<ruleset name="teamup.com">
-	<target host="teamup.com" />
-	<target host="www.teamup.com" />
-	<target host="blog.teamup.com" />
-	<target host="calendar.teamup.com" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/technet-cz.xml b/src/chrome/content/rules/technet-cz.xml
new file mode 100644
index 000000000000..77ff185467c9
--- /dev/null
+++ b/src/chrome/content/rules/technet-cz.xml
@@ -0,0 +1,6 @@
+<ruleset name="iDNES.cz">
+	<target host="technet.cz" />
+	
+	<rule from="^http://technet\.cz/"
+		to="https://idnes.cz/technet/" />
+</ruleset>
diff --git a/src/chrome/content/rules/technical-service.net.xml b/src/chrome/content/rules/technical-service.net.xml
new file mode 100644
index 000000000000..9611c6facd3e
--- /dev/null
+++ b/src/chrome/content/rules/technical-service.net.xml
@@ -0,0 +1,19 @@
+<ruleset name="technical-service.net">
+
+	<target host="technical-service.net" />
+	<target host="www.technical-service.net" />
+	<target host="staging.technical-service.net" />
+	<target host="staging-www.technical-service.net" />
+	<target host="te.technical-service.net" />
+		<test url="http://te.technical-service.net/api?pa=17" />
+	<target host="te-staging.technical-service.net" />
+	<target host="te-test.technical-service.net" />
+	<target host="tr.technical-service.net" />
+	<target host="tr-staging.technical-service.net" />
+	<target host="tr-test.technical-service.net" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/techpowerup.org.xml b/src/chrome/content/rules/techpowerup.org.xml
new file mode 100644
index 000000000000..a9b4cfe17cd9
--- /dev/null
+++ b/src/chrome/content/rules/techpowerup.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="techpowerup.org">
+	<target host="techpowerup.org" />
+	<target host="www.techpowerup.org" />
+	<target host="img.techpowerup.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tehsausage.com.xml b/src/chrome/content/rules/tehsausage.com.xml
new file mode 100644
index 000000000000..706b0fe525ef
--- /dev/null
+++ b/src/chrome/content/rules/tehsausage.com.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		sausage.tehsausage.com
+
+	Time out:
+		git.tehsausage.com
+-->
+<ruleset name="tehsausage.com">
+	<target host="tehsausage.com" />
+	<target host="www.tehsausage.com" />
+	<target host="cache.tehsausage.com" />
+
+	<rule from="^http://www\.tehsausage\.com/" to="https://tehsausage.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tekram.com.xml b/src/chrome/content/rules/tekram.com.xml
new file mode 100644
index 000000000000..f72dfe0b953b
--- /dev/null
+++ b/src/chrome/content/rules/tekram.com.xml
@@ -0,0 +1,8 @@
+<ruleset name="tekram.com">
+	<target host="tekram.com" />
+	<target host="www.tekram.com" />
+
+	<rule from="^http:" to="https:" />
+
+	<securecookie host="^\.tekram\.com$" name=".+" />
+</ruleset>
diff --git a/src/chrome/content/rules/teleguide.info.xml b/src/chrome/content/rules/teleguide.info.xml
index 2b9ff676cc9e..bd9df621fce4 100644
--- a/src/chrome/content/rules/teleguide.info.xml
+++ b/src/chrome/content/rules/teleguide.info.xml
@@ -9,7 +9,7 @@ rt.teleguide.info ¹
 
 ¹ mismatch
 -->
-<ruleset name="teleguide.info" default_off='failed ruleset test'>
+<ruleset name="teleguide.info" default_off="failed ruleset test">
 	<target host="teleguide.info" />
 	<target host="www.teleguide.info" />
 	<target host="img.teleguide.info" />
diff --git a/src/chrome/content/rules/telenet.ru.xml b/src/chrome/content/rules/telenet.ru.xml
deleted file mode 100644
index 32b69582994f..000000000000
--- a/src/chrome/content/rules/telenet.ru.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-telenet.ru redirect
-www.telenet.ru redirect
-forum.telenet.ru non-2xx http code
-foto.telenet.ru timed out
-programmer.telenet.ru mismatch
-ixxi.telenet.ru timed out
-vipzone.telenet.ru timed out
-shop.telenet.ru redirect
-fishki.telenet.ru timed out
-blog.telenet.ru timed out
-orange.telenet.ru nonexist
-messiah.telenet.ru nonexist
-sly.telenet.ru nonexist
-gramozeka.telenet.ru nonexist
-noneed.telenet.ru mismatch
-black.telenet.ru timed out
-lexx.telenet.ru timed out
-pnr.telenet.ru nonexist
-korg.telenet.ru nonexist
-ytopia.telenet.ru timed out
-nrg66.telenet.ru timed out
--->
-<ruleset name="telenet.ru (partial)">
-	<target host="stat.telenet.ru" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/telesign.com.xml b/src/chrome/content/rules/telesign.com.xml
index d917e0b08c26..fe36a6f66cd3 100644
--- a/src/chrome/content/rules/telesign.com.xml
+++ b/src/chrome/content/rules/telesign.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.telesign.com/ => https://www.telesign.com/: (60, 'SSL ce
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="telesign.com" default_off='failed ruleset test'>
+<ruleset name="telesign.com" default_off="failed ruleset test">
 
 	<target host="telesign.com" />
 	<target host="developer.telesign.com" />
diff --git a/src/chrome/content/rules/termbin.com.xml b/src/chrome/content/rules/termbin.com.xml
new file mode 100644
index 000000000000..f392d7cd152a
--- /dev/null
+++ b/src/chrome/content/rules/termbin.com.xml
@@ -0,0 +1,11 @@
+<!--
+	SSL error:
+		- www.l
+-->
+<ruleset name="termbin.com">
+	<target host="termbin.com" />
+	<target host="www.termbin.com" />
+	<target host="l.termbin.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tersee.xml b/src/chrome/content/rules/tersee.xml
deleted file mode 100644
index 351bbbb65dc0..000000000000
--- a/src/chrome/content/rules/tersee.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://tersee.com/ => https://tersee.com/: (60, 'SSL certificate problem: certificate has expired')
-
--->
-<ruleset name="tersee" default_off='failed ruleset test'>
-	<target host="tersee.com"/>
-	<target host="*.tersee.com"/>
-	<rule from="^http://([^/:@]+\.)?tersee\.com/" to="https://$1tersee.com/"/>
-	<securecookie host="^(?:.+\.)?tersee\.com$" name=".+" />
-</ruleset>
diff --git a/src/chrome/content/rules/tesglobal.com.xml b/src/chrome/content/rules/tesglobal.com.xml
index ff26182151fd..e1f9313dad60 100644
--- a/src/chrome/content/rules/tesglobal.com.xml
+++ b/src/chrome/content/rules/tesglobal.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tesglobal.com/ => https://tesglobal.com/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="TES Global.com" default_off='failed ruleset test'>
+<ruleset name="TES Global.com" default_off="failed ruleset test">
 
 	<target host="tesglobal.com" />
 	<target host="www.tesglobal.com" />
diff --git a/src/chrome/content/rules/test-smoke.org.xml b/src/chrome/content/rules/test-smoke.org.xml
new file mode 100644
index 000000000000..bae453b6a435
--- /dev/null
+++ b/src/chrome/content/rules/test-smoke.org.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		test-smoke.org
+		www.test-smoke.org
+		diane.test-smoke.org
+		mail.test-smoke.org
+		w3.test-smoke.org
+
+	Non-2xx HTTP code:
+		jenkins.test-smoke.org
+
+	Time out:
+		fido.test-smoke.org
+		fidovcs.test-smoke.org
+		fidobackend.test-smoke.org
+-->
+<ruleset name="test-smoke.org">
+	<target host="keizum.test-smoke.org" />
+	<target host="perl5.test-smoke.org" />
+	<target host="source.test-smoke.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tested.com.xml b/src/chrome/content/rules/tested.com.xml
new file mode 100644
index 000000000000..548998dbbba6
--- /dev/null
+++ b/src/chrome/content/rules/tested.com.xml
@@ -0,0 +1,13 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- tested.com
+
+		4xx client error:
+		- files.tested.com
+-->
+<ruleset name="tested.com">
+	<target host="www.tested.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tgstation13.org.xml b/src/chrome/content/rules/tgstation13.org.xml
index e5f56b084832..cab054fe8a76 100644
--- a/src/chrome/content/rules/tgstation13.org.xml
+++ b/src/chrome/content/rules/tgstation13.org.xml
@@ -4,8 +4,6 @@
 	<target host="status.tgstation13.org" />
 
 	<rule from="^http:" to="https:" />
-		<test url="http://tgstation13.org/" />
 		<test url="http://tgstation13.org/phpBB/" />
 		<test url="http://tgstation13.org/wiki/" />
-		<test url="http://status.tgstation13.org/" />
 </ruleset>
diff --git a/src/chrome/content/rules/the-eye.eu.xml b/src/chrome/content/rules/the-eye.eu.xml
new file mode 100644
index 000000000000..9dde6a9b5d18
--- /dev/null
+++ b/src/chrome/content/rules/the-eye.eu.xml
@@ -0,0 +1,35 @@
+<!--
+	HTTPS != HTTP
+		- autodiscover
+
+	Connection refused:
+		- dash
+
+	Mismatched:
+		- rc
+
+	Expired:
+		- feed
+		- tt
+		- wsb
+-->
+<ruleset name="the-eye.eu">
+	<target host="the-eye.eu" />
+	<target host="www.the-eye.eu" />
+	<target host="beet.the-eye.eu" />
+	<target host="beta.the-eye.eu" />
+	<target host="cgs.the-eye.eu" />
+ 	<target host="exodos.the-eye.eu" />
+	<target host="fusker.the-eye.eu" />
+	<target host="irar.the-eye.eu" />
+	<target host="od-db.the-eye.eu" />
+	<target host="parazite.the-eye.eu" />
+	<target host="requests.the-eye.eu" />
+	<target host="rocketchat.the-eye.eu" />
+	<target host="s2.the-eye.eu" />
+ 	<target host="searchin.the-eye.eu" />
+	<target host="uptime.the-eye.eu" />
+	<target host="vv.the-eye.eu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thebay.tv.xml b/src/chrome/content/rules/thebay.tv.xml
deleted file mode 100644
index 3c1d43323693..000000000000
--- a/src/chrome/content/rules/thebay.tv.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="thebay.tv">
-	<target host="thebay.tv" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/thebodyshop.co.id.xml b/src/chrome/content/rules/thebodyshop.co.id.xml
index f9975ba15ff3..c2c93d657552 100644
--- a/src/chrome/content/rules/thebodyshop.co.id.xml
+++ b/src/chrome/content/rules/thebodyshop.co.id.xml
@@ -17,7 +17,7 @@ Fetch error: http://thebodyshop.co.id/ => https://thebodyshop.co.id/: (28, 'Conn
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="The Body Shop.id" default_off='failed ruleset test'>
+<ruleset name="The Body Shop.id" default_off="failed ruleset test">
 
 	<target host="thebodyshop.co.id" />
 	<target host="www.thebodyshop.co.id" />
diff --git a/src/chrome/content/rules/thecustomizewindows.net.xml b/src/chrome/content/rules/thecustomizewindows.net.xml
deleted file mode 100644
index cc61b4382a7e..000000000000
--- a/src/chrome/content/rules/thecustomizewindows.net.xml
+++ /dev/null
@@ -1,17 +0,0 @@
-<!--
-	Mismatch
-		- ^
-		- www
-
-	thecustomizewindows.com is preloaded
--->
-<ruleset name="TheCustomizeWindows.net">
-	<target host="thecustomizewindows.net" />
-	<target host="www.thecustomizewindows.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://(www\.)?thecustomizewindows\.net/"
-		to="https://thecustomizewindows.com/"/>
-</ruleset>
-
diff --git a/src/chrome/content/rules/thedarkmod.com.xml b/src/chrome/content/rules/thedarkmod.com.xml
new file mode 100644
index 000000000000..197a99fbbbcc
--- /dev/null
+++ b/src/chrome/content/rules/thedarkmod.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		forumsbeta.thedarkmod.com
+		ftp.thedarkmod.com
+		hg.thedarkmod.com
+		mirrors.thedarkmod.com
+		mysql.thedarkmod.com
+		webmail.thedarkmod.com
+-->
+<ruleset name="thedarkmod.com">
+	<target host="thedarkmod.com" />
+	<target host="www.thedarkmod.com" />
+	<target host="bugs.thedarkmod.com" />
+	<target host="forums.thedarkmod.com" />
+	<target host="mail.thedarkmod.com" />
+	<target host="missions.thedarkmod.com" />
+	<target host="update.thedarkmod.com" />
+	  <test url="http://update.thedarkmod.com/zipsync/tdm_installer.exe.zip" />
+	<target host="svn.thedarkmod.com" />
+	<target host="wiki.thedarkmod.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thedebrief.co.uk.xml b/src/chrome/content/rules/thedebrief.co.uk.xml
index 7aaefa89de9d..5ba7a69cd8d4 100644
--- a/src/chrome/content/rules/thedebrief.co.uk.xml
+++ b/src/chrome/content/rules/thedebrief.co.uk.xml
@@ -10,7 +10,7 @@ Fetch error: http://thedebrief.co.uk/ => https://thedebrief.co.uk/: (7, 'Failed
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="The Debrief.co.uk" default_off='failed ruleset test'>
+<ruleset name="The Debrief.co.uk" default_off="failed ruleset test">
 
 	<target host="thedebrief.co.uk" />
 	<target host="www.thedebrief.co.uk" />
diff --git a/src/chrome/content/rules/thediplomat.com-resources.xml b/src/chrome/content/rules/thediplomat.com-resources.xml
deleted file mode 100644
index 95549e47d5c5..000000000000
--- a/src/chrome/content/rules/thediplomat.com-resources.xml
+++ /dev/null
@@ -1,47 +0,0 @@
-<!--
-	For rules covering more than resources, see The-Diplomat.xml.
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
--->
-<ruleset name="The Diplomat.com (resources)" platform="mixedcontent">
-
-	<target host="thediplomat.com" />
-	<target host="www.thediplomat.com" />
-
-		<exclusion pattern="^http://(?:www\.)?thediplomat\.com/(?!/*(?:ads/|dpl-web/|favicon\.ico|wp-content/|wp-includes/))" />
-
-			<!--	+ve:
-					-->
-			<!--
-			<test url="http://thediplomat.com/2016/06/kashmir-is-slipping-away-from-india/" />
-			<test url="http://thediplomat.com/authors/prashanth-parameswaran/" />
-			<test url="http://thediplomat.com/category/blogs/" />
-			-->
-			<test url="http://thediplomat.com/category/photo-essays/" />
-			<test url="http://thediplomat.com/dipl_counter.php?p=&amp;t=" />
-			<test url="http://thediplomat.com/privacy-policy/" />
-			<test url="http://thediplomat.com/tag/ea-18g-growler-airborne-electronic-attack-aircraft-in-philippines/" />
-			<test url="http://thediplomat.com/the-diplomat/" />
-			<test url="http://thediplomat.com/topics/security/" />
-
-			<!--	-ve:
-					-->
-			<test url="http://thediplomat.com/ads/subscription/dpl_paywall_ad_300x300_v3.gif" />
-			<test url="http://thediplomat.com/dpl-web/build-1466471631759/css/dpl-web-overrides.css" />
-			<test url="http://thediplomat.com/favicon.ico" />
-			<test url="http://thediplomat.com/wp-content/plugins/bwp-minify/min/?f=wp-content/plugins/compact-wp-audio-player/css/flashblock.css,wp-content/plugins/compact-wp-audio-player/css/player.css,wp-content/plugins/captcha/css/style_wp_before_3.8.css,wp-content/plugins/contact-form-7/includes/css/styles.css,wp-content/plugins/wp-pro-quiz/css/wpProQuiz_front.min.css,wp-content/themes/the_diplomat_v2/css/diplomat_20150805_1800.css,wp-content/themes/the_diplomat_v2/css/td-ads.css,wp-content/themes/the_diplomat_v2/css/print.css" />
-			<test url="http://thediplomat.com/wp-content/themes/the_diplomat_v2/css/img/line-h.gif" />
-			<test url="http://thediplomat.com/wp-content/uploads/2013/09/207717_464772720245631_371482571_n-120x85.jpg" />
-			<test url="http://thediplomat.com/wp-includes/css/dashicons.min.css" />
-
-
-	<securecookie host="^\." name="^(?:_gat?$|_gat_|__cfduid$)" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/theeca.com.xml b/src/chrome/content/rules/theeca.com.xml
new file mode 100644
index 000000000000..bd753e06b928
--- /dev/null
+++ b/src/chrome/content/rules/theeca.com.xml
@@ -0,0 +1,20 @@
+<!--
+	Non-functional hosts
+		SSL peer certificate was not OK:
+		- theeca.com
+		- www.theeca.com
+		- action.theeca.com
+		- eee.theeca.com
+		- forums.theeca.com
+		- www.forums.theeca.com
+-->
+<ruleset name="theeca.com" default_off="cert-invalid">
+	<target host="theeca.com" />
+	<target host="www.theeca.com" />
+	<target host="action.theeca.com" />
+	<target host="eee.theeca.com" />
+	<target host="forums.theeca.com" />
+	<target host="www.forums.theeca.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thegeekblog.co.uk.xml b/src/chrome/content/rules/thegeekblog.co.uk.xml
new file mode 100644
index 000000000000..518337385473
--- /dev/null
+++ b/src/chrome/content/rules/thegeekblog.co.uk.xml
@@ -0,0 +1,11 @@
+<!--
+	Invalid certificate:
+		ftp.thegeekblog.co.uk
+-->
+<ruleset name="thegeekblog.co.uk">
+	<target host="thegeekblog.co.uk" />
+	<target host="www.thegeekblog.co.uk" />
+
+	<rule from="^http://thegeekblog\.co\.uk/" to="https://www.thegeekblog.co.uk/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thehiddenbay.xyz.xml b/src/chrome/content/rules/thehiddenbay.xyz.xml
deleted file mode 100644
index df55aa95b633..000000000000
--- a/src/chrome/content/rules/thehiddenbay.xyz.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="thehiddenbay.xyz">
-	<target host="thehiddenbay.xyz" />
-	<target host="www.thehiddenbay.xyz" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/theindigokitchen.com.xml b/src/chrome/content/rules/theindigokitchen.com.xml
new file mode 100644
index 000000000000..43847fa2cf60
--- /dev/null
+++ b/src/chrome/content/rules/theindigokitchen.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="theindigokitchen.com">
+	<target host="theindigokitchen.com" />
+	<target host="www.theindigokitchen.com" />
+	
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/theinquirer.net.xml b/src/chrome/content/rules/theinquirer.net.xml
index b9bcab0fab24..b89819bfa293 100644
--- a/src/chrome/content/rules/theinquirer.net.xml
+++ b/src/chrome/content/rules/theinquirer.net.xml
@@ -10,7 +10,7 @@ Invalid certificate:
 	research.theinquirer.net
 	tour.theinquirer.net
 -->
-<ruleset name="theinquirer.net" default_off='failed ruleset test'>
+<ruleset name="theinquirer.net" default_off="failed ruleset test">
 	<target host="theinquirer.net"/>
 	<target host="www.theinquirer.net"/>
 	<target host="assets.theinquirer.net"/>
diff --git a/src/chrome/content/rules/thekelleys.org.uk.xml b/src/chrome/content/rules/thekelleys.org.uk.xml
new file mode 100644
index 000000000000..bdb7967181a8
--- /dev/null
+++ b/src/chrome/content/rules/thekelleys.org.uk.xml
@@ -0,0 +1,6 @@
+<ruleset name="thekelleys.org.uk">
+	<target host="thekelleys.org.uk" />
+	<target host="www.thekelleys.org.uk" />
+	<target host="lists.thekelleys.org.uk" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thepbay.ga.xml b/src/chrome/content/rules/thepbay.ga.xml
deleted file mode 100644
index d8350cb2ca23..000000000000
--- a/src/chrome/content/rules/thepbay.ga.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	www doesn't exist.
--->
-
-<ruleset name="thepbay.ga">
-	<target host="thepbay.ga" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/thephoenixbay.com.xml b/src/chrome/content/rules/thephoenixbay.com.xml
deleted file mode 100644
index 0d31c6848e70..000000000000
--- a/src/chrome/content/rules/thephoenixbay.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<!--
-	For the main Pirate Bay ruleset, see ThePirateBay.xml.
--->
-
-<ruleset name="thephoenixbay.com">
-	<target host="thephoenixbay.com" />
-	<target host="www.thephoenixbay.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay-legacy.xml b/src/chrome/content/rules/thepiratebay-legacy.xml
index dc8b0043570e..8c1f11130f9d 100644
--- a/src/chrome/content/rules/thepiratebay-legacy.xml
+++ b/src/chrome/content/rules/thepiratebay-legacy.xml
@@ -54,7 +54,7 @@ www.thepiratebay.is mismatch
 	<target host="www.thepiratebay.gd" />
 	<target host="thepiratebay.is" />
 	<target host="www.thepiratebay.is" />
-	
+
 	<rule from="^http://(www\.)?piratebay\.se/" to="https://$1thepiratebay.org/"/>
 	<rule from="^http://(www\.)?thepiratebay\.(?:gl|sx|ac|pe|gy|gs|la|vg|am|mn|gd|is)/" to="https://$1thepiratebay.org/"/>
 </ruleset>
diff --git a/src/chrome/content/rules/thepiratebay-proxy.com.xml b/src/chrome/content/rules/thepiratebay-proxy.com.xml
deleted file mode 100644
index 309ae6d75f1b..000000000000
--- a/src/chrome/content/rules/thepiratebay-proxy.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="thepiratebay-proxy.com">
-	<target host="thepiratebay-proxy.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/thepiratebay24.ga.xml b/src/chrome/content/rules/thepiratebay24.ga.xml
deleted file mode 100644
index ffe00fced45d..000000000000
--- a/src/chrome/content/rules/thepiratebay24.ga.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	www doesn't exist.
--->
-
-<ruleset name="thepiratebay24.ga">
-	<target host="thepiratebay24.ga" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/thepirateproxy.gq.xml b/src/chrome/content/rules/thepirateproxy.gq.xml
deleted file mode 100644
index ff7a6af9011a..000000000000
--- a/src/chrome/content/rules/thepirateproxy.gq.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	www doesn't exist.
--->
-
-<ruleset name="thepirateproxy.gq">
-	<target host="thepirateproxy.gq" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/theses.fr.xml b/src/chrome/content/rules/theses.fr.xml
index 9db04dcc5267..824d33db4309 100644
--- a/src/chrome/content/rules/theses.fr.xml
+++ b/src/chrome/content/rules/theses.fr.xml
@@ -1,7 +1,7 @@
 <!--
 	Invalid certificate:
 		theses.fr
-		
+
 	No working URL known:
 		barracuda.theses.fr
 		imports.theses.fr (404)
@@ -19,7 +19,7 @@
 
 	<rule from="^http://theses\.fr/"
 		to="https://www.theses.fr/" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/thesyriacampaign.org.xml b/src/chrome/content/rules/thesyriacampaign.org.xml
index a64502fffbcf..6d15669001f0 100644
--- a/src/chrome/content/rules/thesyriacampaign.org.xml
+++ b/src/chrome/content/rules/thesyriacampaign.org.xml
@@ -11,7 +11,7 @@ Fetch error: http://www.thesyriacampaign.org/ => https://www.thesyriacampaign.or
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="The Syria Campaign.org" default_off='failed ruleset test'>
+<ruleset name="The Syria Campaign.org" default_off="failed ruleset test">
 
 	<target host="thesyriacampaign.org" />
 	<target host="act.thesyriacampaign.org" />
diff --git a/src/chrome/content/rules/thezoo.com.au.xml b/src/chrome/content/rules/thezoo.com.au.xml
new file mode 100644
index 000000000000..a9336e5b5470
--- /dev/null
+++ b/src/chrome/content/rules/thezoo.com.au.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		autodiscover.thezoo.com.au
+		dev.thezoo.com.au
+		www.dev.thezoo.com.au
+		autodiscover.dev.thezoo.com.au
+		webmail.dev.thezoo.com.au
+		ftp.thezoo.com.au
+		mail.thezoo.com.au
+		update.thezoo.com.au
+		www.update.thezoo.com.au
+		autodiscover.update.thezoo.com.au
+		webmail.update.thezoo.com.au
+		webmail.thezoo.com.au
+-->
+<ruleset name="thezoo.com.au">
+	<target host="thezoo.com.au" />
+	<target host="www.thezoo.com.au" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thom-designstudio.com.xml b/src/chrome/content/rules/thom-designstudio.com.xml
new file mode 100644
index 000000000000..e2c424b302ba
--- /dev/null
+++ b/src/chrome/content/rules/thom-designstudio.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="thom-designstudio.com">
+	<target host="thom-designstudio.com" />
+	<target host="www.thom-designstudio.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/thomashunter.name.xml b/src/chrome/content/rules/thomashunter.name.xml
index 9a99817d566e..31273ba3bff3 100644
--- a/src/chrome/content/rules/thomashunter.name.xml
+++ b/src/chrome/content/rules/thomashunter.name.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.thomashunter.name/ => https://www.thomashunter.name/: (5
 	STS header includes includeSubdomains
 
 -->
-<ruleset name="Thomas Hunter.name" default_off='failed ruleset test'>
+<ruleset name="Thomas Hunter.name" default_off="failed ruleset test">
 
 	<target host="thomashunter.name" />
 	<target host="*.thomashunter.name" />
diff --git a/src/chrome/content/rules/threatmatrix.com.xml b/src/chrome/content/rules/threatmatrix.com.xml
index 9f0ed1ae07c1..9fc227ce7a2c 100644
--- a/src/chrome/content/rules/threatmatrix.com.xml
+++ b/src/chrome/content/rules/threatmatrix.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.threatmatrix.com/ => https://www.threatmatrix.com/: (51,
 		- www.threatmatrix.com
 
 -->
-<ruleset name="ThreatMatrix.com" default_off='failed ruleset test'>
+<ruleset name="ThreatMatrix.com" default_off="failed ruleset test">
 
 	<target host="threatmatrix.com" />
 	<target host="ask.threatmatrix.com" />
diff --git a/src/chrome/content/rules/thrysoee.dk.xml b/src/chrome/content/rules/thrysoee.dk.xml
new file mode 100644
index 000000000000..e28e3e375268
--- /dev/null
+++ b/src/chrome/content/rules/thrysoee.dk.xml
@@ -0,0 +1,6 @@
+<ruleset name="thrysoee.dk">
+	<target host="thrysoee.dk" />
+	<target host="www.thrysoee.dk" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tianya.cn-mixedcontent.xml b/src/chrome/content/rules/tianya.cn-mixedcontent.xml
new file mode 100644
index 000000000000..ff11b8926c5f
--- /dev/null
+++ b/src/chrome/content/rules/tianya.cn-mixedcontent.xml
@@ -0,0 +1,10 @@
+<!--
+	Main rule: tianya.cn.xml
+-->
+<ruleset name="tianya.cn-mixedcontent" platform="mixedcontent">
+	<target host="help.tianya.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tianya.cn.xml b/src/chrome/content/rules/tianya.cn.xml
new file mode 100644
index 000000000000..e535c003852b
--- /dev/null
+++ b/src/chrome/content/rules/tianya.cn.xml
@@ -0,0 +1,20 @@
+<!--
+	Mixed Content:
+		tianya.cn-mixedcontent.xml
+
+	TLS1.0 and TLS1.1:
+		service.tianya.cn
+-->
+<ruleset name="tianya.cn">
+	<target host="tianya.cn" />
+	<target host="www.tianya.cn" />
+	<target host="bbs.tianya.cn" />
+	<target host="801.tianya.cn" />
+		<test url="http://801.tianya.cn/dolphin/tianya/2019/08/0_50.jpg" />
+	<target host="join.tianya.cn" />
+	<target host="passport.tianya.cn" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tibia.com.xml b/src/chrome/content/rules/tibia.com.xml
index b60d935adc9f..225ff004e73a 100644
--- a/src/chrome/content/rules/tibia.com.xml
+++ b/src/chrome/content/rules/tibia.com.xml
@@ -2,23 +2,25 @@
 	<target host="www.tibia.com" />
 	<target host="forum.tibia.com" />
 	<rule from="^http://forum\.tibia\.com/$"
-		to="https://secure.tibia.com/forum/" />
+		to="https://www.tibia.com/forum/" />
 	<rule from="^http://(www|forum)\.tibia\.com/"
-		to="https://secure.tibia.com/" />
+		to="https://www.tibia.com/" />
 	<test url="http://forum.tibia.com/forum/" />
 
 	<target host="www.test.tibia.com" />
 	<target host="forum.test.tibia.com" />
 	<rule from="^http://forum\.test\.tibia\.com/$"
-		to="https://secure.test.tibia.com/forum/" />
+		to="https://www.test.tibia.com/forum/" />
 	<rule from="^http://(www|forum)\.test\.tibia\.com/"
-		to="https://secure.test.tibia.com/" />
+		to="https://www.test.tibia.com/" />
 	<test url="http://forum.test.tibia.com/forum/" />
 
 	<target host="secure.tibia.com" />
 	<target host="secure.test.tibia.com" />
 
-	<securecookie host="^secure\.(test\.)?tibia\.com$" name=".+" />
+	<securecookie host="^(www|secure)\.(test\.)?tibia\.com$" name=".+" />
 
 	<rule from="^http:" to="https:" />
+	<test url="http://www.tibia.com/news/?subtopic=latestnews" />
+	<test url="http://www.test.tibia.com/news/?subtopic=latestnews" />
 </ruleset>
diff --git a/src/chrome/content/rules/ticket4u.xml b/src/chrome/content/rules/ticket4u.xml
index a4de61600159..aad469aa708e 100644
--- a/src/chrome/content/rules/ticket4u.xml
+++ b/src/chrome/content/rules/ticket4u.xml
@@ -5,7 +5,7 @@ Fetch error: http://ticket4u.com.my/ => https://ticket4u.com.my/: (7, 'Failed to
 Fetch error: http://www.ticket4u.com.my/ => https://www.ticket4u.com.my/: (7, 'Failed to connect to www.ticket4u.com.my port 443: No route to host')
 
 -->
-<ruleset name="ticket4u" default_off='failed ruleset test'>
+<ruleset name="ticket4u" default_off="failed ruleset test">
 	<target host=    "ticket4u.com.my" />
 	<target host="www.ticket4u.com.my" />
 
diff --git a/src/chrome/content/rules/tilda.cc.xml b/src/chrome/content/rules/tilda.cc.xml
new file mode 100644
index 000000000000..e2165720af03
--- /dev/null
+++ b/src/chrome/content/rules/tilda.cc.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		blog.tilda.cc
+		blog-en.tilda.cc
+		go.tilda.cc
+		help.tilda.cc
+		www.newsletter.tilda.cc
+		img.newsletter.tilda.cc
+		mail.newsletter.tilda.cc
+		r.newsletter.tilda.cc
+		newsletter-en.tilda.cc
+		newsletter-ru.tilda.cc
+		www.newsletter-ru.tilda.cc
+		webinars.tilda.cc
+		zero.tilda.cc
+
+	Time out:
+		newsletter.tilda.cc
+-->
+<ruleset name="tilda.cc">
+	<target host="tilda.cc" />
+	<target host="www.tilda.cc" />
+	<target host="answers.tilda.cc" />
+	<target host="crm.tilda.cc" />
+	<target host="experts.tilda.cc" />
+	<target host="feeds.tilda.cc" />
+	<target host="flows.tilda.cc" />
+	<target host="members.tilda.cc" />
+	<target host="store.tilda.cc" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tildeslash.com.xml b/src/chrome/content/rules/tildeslash.com.xml
new file mode 100644
index 000000000000..8f01cab617ff
--- /dev/null
+++ b/src/chrome/content/rules/tildeslash.com.xml
@@ -0,0 +1,14 @@
+<!--
+	Invalid certificate:
+		mail.tildeslash.com
+		tildeslash1n.tildeslash.com
+
+	Time out:
+		tildeslash2n.tildeslash.com
+-->
+<ruleset name="tildeslash.com">
+	<target host="tildeslash.com" />
+	<target host="www.tildeslash.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/timus.online.xml b/src/chrome/content/rules/timus.online.xml
new file mode 100644
index 000000000000..19514d920973
--- /dev/null
+++ b/src/chrome/content/rules/timus.online.xml
@@ -0,0 +1,12 @@
+<!--
+    Mismatched:
+        - www
+        - acm
+        - ftp
+        - mirror
+-->
+<ruleset name="timus.online">
+    <target host="timus.online" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tinkernut.com.xml b/src/chrome/content/rules/tinkernut.com.xml
index 86fb129d7eab..3464457202d5 100644
--- a/src/chrome/content/rules/tinkernut.com.xml
+++ b/src/chrome/content/rules/tinkernut.com.xml
@@ -1,4 +1,4 @@
-<!--  
+<!--
 clone.tinkernut.com mismatch
 -->
 
diff --git a/src/chrome/content/rules/tinyimg.io.xml b/src/chrome/content/rules/tinyimg.io.xml
new file mode 100644
index 000000000000..9ec0fb10c9ce
--- /dev/null
+++ b/src/chrome/content/rules/tinyimg.io.xml
@@ -0,0 +1,6 @@
+<ruleset name="tinyimg.io">
+	<target host="tinyimg.io" />
+	<target host="www.tinyimg.io" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tkgorod.ru.xml b/src/chrome/content/rules/tkgorod.ru.xml
index 243b289a988a..c95248dbe398 100644
--- a/src/chrome/content/rules/tkgorod.ru.xml
+++ b/src/chrome/content/rules/tkgorod.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tkgorod.ru/ => https://tkgorod.ru/: Too many redirects while fetching 'https://tkgorod.ru/'
 Fetch error: http://www.tkgorod.ru/ => https://tkgorod.ru/: Too many redirects while fetching 'https://tkgorod.ru/'
 www. to many redirects-->
-<ruleset name="tkgorod.ru" default_off='failed ruleset test'>
+<ruleset name="tkgorod.ru" default_off="failed ruleset test">
 	<target host="tkgorod.ru" />
 	<target host="www.tkgorod.ru" />
 	<rule from="^http://www\.tkgorod\.ru/"
diff --git a/src/chrome/content/rules/tldp.org.xml b/src/chrome/content/rules/tldp.org.xml
new file mode 100644
index 000000000000..aee7b806270c
--- /dev/null
+++ b/src/chrome/content/rules/tldp.org.xml
@@ -0,0 +1,29 @@
+<!--
+	Invalid certificate:
+		auth.tldp.org
+		es.tldp.org
+		portal.tldp.org
+		reload.tldp.org
+
+	Refused:
+		docs.tldp.org
+		lists.tldp.org
+		wiki.tldp.org
+		www.wiki.tldp.org
+
+	Time out:
+		email.sso.tldp.org
+-->
+<ruleset name="tldp.org">
+	<target host="tldp.org" />
+	<target host="www.tldp.org" />
+	<target host="community.tldp.org" />
+	<target host="drone.tldp.org" />
+	<target host="git.tldp.org" />
+	<target host="new.tldp.org" />
+	<target host="sso.tldp.org" />
+	<target host="stallman.tldp.org" />
+	<target host="test.tldp.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tldrio.xml b/src/chrome/content/rules/tldrio.xml
index 6f2de0b50c02..f7c567cff819 100644
--- a/src/chrome/content/rules/tldrio.xml
+++ b/src/chrome/content/rules/tldrio.xml
@@ -15,7 +15,7 @@
 		- www.api.tldr.io
 
 -->
-<ruleset name="tldr.io (partial)" default_off="missing certificate chain">
+<ruleset name="tldr.io (partial)" default_off="cert-chain">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/tmp.ninja.xml b/src/chrome/content/rules/tmp.ninja.xml
new file mode 100644
index 000000000000..8417a06d59c8
--- /dev/null
+++ b/src/chrome/content/rules/tmp.ninja.xml
@@ -0,0 +1,8 @@
+<!--
+	www doesn't exist.
+-->
+<ruleset name="tmp.ninja">
+	<target host="tmp.ninja" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tms-media.co.uk.xml b/src/chrome/content/rules/tms-media.co.uk.xml
index 7b69b7aab2d3..0a62325c5a4a 100644
--- a/src/chrome/content/rules/tms-media.co.uk.xml
+++ b/src/chrome/content/rules/tms-media.co.uk.xml
@@ -6,7 +6,7 @@ Fetch error: http://agilisys.tms-media.co.uk/ => https://agilisys.tms-media.co.u
 	(www.)?tms-media.co.uk: Mismatched
 
 -->
-<ruleset name="TMS-Media.co.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="TMS-Media.co.uk (partial)" default_off="failed ruleset test">
 
 	<target host="agilisys.tms-media.co.uk" />
 
diff --git a/src/chrome/content/rules/tms.pl.xml b/src/chrome/content/rules/tms.pl.xml
index 6e1c3808b853..f136c9d5933c 100644
--- a/src/chrome/content/rules/tms.pl.xml
+++ b/src/chrome/content/rules/tms.pl.xml
@@ -1,18 +1,15 @@
 <!--
 	TMS Brokers S.A.
 
-
-	Insecure cookies are set for these domains and hosts:
-
-		- .tms.pl
-		- lp.tms.pl
+	Non-functional hosts:
+		Expired:
+		- ct.tms.pl
 
 -->
 <ruleset name="TMS.pl">
 
 	<target host="tms.pl" />
 	<target host="connect.tms.pl" />
-	<target host="ct.tms.pl" />
 	<target host="instalacja.tms.pl" />
 	<target host="konkurs.tms.pl" />
 	<target host="lp.tms.pl" />
@@ -20,15 +17,7 @@
 	<target host="trader.tms.pl" />
 	<target host="www.tms.pl" />
 
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.tmps\.pl" name="^tmsc$" /-->
-	<!--securecookie host="^lp\.tmps\.pl" name="^PHPSESSID$" /-->
-
-	<securecookie host="^\." name="^_gat?$" />
-	<securecookie host="^\w" name="" />
-
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/tns-cs.net.xml b/src/chrome/content/rules/tns-cs.net.xml
index 154e6badc91e..e4d5dc3a9309 100644
--- a/src/chrome/content/rules/tns-cs.net.xml
+++ b/src/chrome/content/rules/tns-cs.net.xml
@@ -18,14 +18,10 @@
 
 	<!--	Direct rewrites:
 				-->
-	<target host="ssl-dagbladet.tns-cs.net" />
-	<target host="ssl-eniro.tns-cs.net" />
 	<target host="ssl-nrk.tns-cs.net" />
 
 	<!--	Complications:
 				-->
-	<target host="dagbladet.tns-cs.net" />
-	<target host="eniro.tns-cs.net" />
 	<target host="nrk.tns-cs.net" />
 
 
@@ -37,10 +33,9 @@
 	<securecookie host=".+" name=".+" />
 
 
-	<rule from="^http://(\w+)\.tns-cs\.net/"
-		to="https://ssl-$1.tns-cs.net/" />
+	<rule from="^http://nrk\.tns-cs\.net/"
+		to="https://ssl-nrk.tns-cs.net/" />
 
-		<test url="http://dagbladet.tns-cs.net/blank.gif" />
 		<test url="http://nrk.tns-cs.net/blank.gif" />
 
 	<rule from="^http:"
diff --git a/src/chrome/content/rules/tnstimes.org.xml b/src/chrome/content/rules/tnstimes.org.xml
deleted file mode 100644
index 28c937042a68..000000000000
--- a/src/chrome/content/rules/tnstimes.org.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="tnstimes">
-	<target host="tnstimes.org" />
-	<target host="www.tnstimes.org" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/toaruos.org.xml b/src/chrome/content/rules/toaruos.org.xml
new file mode 100644
index 000000000000..f2ba87427b88
--- /dev/null
+++ b/src/chrome/content/rules/toaruos.org.xml
@@ -0,0 +1,8 @@
+<ruleset name="toaruos.org">
+	<target host="toaruos.org" />
+	<target host="www.toaruos.org" />
+	<target host="git.toaruos.org" />
+	<target host="packages.toaruos.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tokyo2020.jp.xml b/src/chrome/content/rules/tokyo2020.jp.xml
index f944e995f5be..b4b5fe5de2e3 100644
--- a/src/chrome/content/rules/tokyo2020.jp.xml
+++ b/src/chrome/content/rules/tokyo2020.jp.xml
@@ -10,7 +10,7 @@ sorry.tokyo2020.jp mismatch
 	<target host="pregamestraining.tokyo2020.jp" />
 	<target host="id.tokyo2020.jp" />
 	<target host="trainingcamp.tokyo2020.jp" />
-	
+
 	<rule from="^http://www\.tokyo2020\.jp/"
 		to="https://tokyo2020.jp/" />
 
diff --git a/src/chrome/content/rules/topekazoo.org.xml b/src/chrome/content/rules/topekazoo.org.xml
new file mode 100644
index 000000000000..f31ec99b4125
--- /dev/null
+++ b/src/chrome/content/rules/topekazoo.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		email.topekazoo.org
+		imap.topekazoo.org
+		mail.topekazoo.org
+		pop.topekazoo.org
+		smtp.topekazoo.org
+		webmail.topekazoo.org
+-->
+<ruleset name="topekazoo.org">
+	<target host="topekazoo.org" />
+	<target host="www.topekazoo.org" />
+	<target host="store.topekazoo.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/topicbox.com.xml b/src/chrome/content/rules/topicbox.com.xml
index 100bdf72be3a..10da918a6f8c 100644
--- a/src/chrome/content/rules/topicbox.com.xml
+++ b/src/chrome/content/rules/topicbox.com.xml
@@ -1,7 +1,31 @@
+<!-- 
+	For other Fastmail coverage, see Fastmail.xml 
+
+	Invalid certificate:
+
+		- api.stage.topicbox.com 	CN mismatch
+-->
+
 <ruleset name="topicbox.com">
 	<target host="topicbox.com" />
 	<target host="www.topicbox.com" />
+
+	<target host="api.topicbox.com" />
+	<target host="carpentries.topicbox.com" />
+	<target host="fasterize.topicbox.com" />
+	<target host="gmgma.topicbox.com" />
+	<target host="hacklondon.topicbox.com" />
+	<target host="iapp.topicbox.com" />
 	<target host="illumos.topicbox.com" />
+	<target host="k4.topicbox.com" />
+	<target host="openzfs.topicbox.com" />
+	<target host="postmaster.topicbox.com" />
+	<target host="sea.topicbox.com" />
+	<target host="stage.topicbox.com" />
+	<target host="thunderbird.topicbox.com" />
+
+	<target host="topicbox.blog" />
+	<target host="www.topicbox.blog" />
 
 	<securecookie host=".+" name=".+" />
 
diff --git a/src/chrome/content/rules/topshop.com.xml b/src/chrome/content/rules/topshop.com.xml
index 98b6b7cce2fb..90ce694afb41 100644
--- a/src/chrome/content/rules/topshop.com.xml
+++ b/src/chrome/content/rules/topshop.com.xml
@@ -56,7 +56,7 @@ Non-2xx HTTP code: http://insideout.topshop.com/ (200) => https://www.topshop.co
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Topshop.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Topshop.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/tori.net.xml b/src/chrome/content/rules/tori.net.xml
index 4e38ca44ccf8..d2963c2aa886 100644
--- a/src/chrome/content/rules/tori.net.xml
+++ b/src/chrome/content/rules/tori.net.xml
@@ -6,7 +6,6 @@
 
 	CDN buckets:
 
-		- ??????????????.cloudfront.net	← media
 		- d38a5rkle4vfil.cloudfront.net	← static
 
 
@@ -16,7 +15,6 @@
 	Problematic hosts in *tori.net:
 
 		- cp ᶜ
-		- media ᵐ
 		- static ᵐ
 		- www2 ᵉ ᵘ
 
@@ -39,7 +37,7 @@
 		- Images on cp from www.tori.fi ᵈ
 
 		- Bugs, on:
-		
+
 			- cp from logc183.xiti.com ˢ
 			- www2 from tori.spring-tns.net ˢ
 
@@ -66,8 +64,7 @@
 	<securecookie host="^\w" name=".+" />
 
 
-	<rule from="^http://media\.tori\.net/"
-		to="https://d38a5rkle4vfil.cloudfront.net/" />
+	<rule from="^http:" to="https:" />
 
 		<test url="http://media.tori.net/image/images_150x100/42/4263752581.jpg" />
 
diff --git a/src/chrome/content/rules/torrentz.ht.xml b/src/chrome/content/rules/torrentz.ht.xml
deleted file mode 100644
index ec820e135b5e..000000000000
--- a/src/chrome/content/rules/torrentz.ht.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="torrentz.ht">
-	<target host="torrentz.ht" />
-	<target host="www.torrentz.ht" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/torrentz.site.xml b/src/chrome/content/rules/torrentz.site.xml
deleted file mode 100644
index 3221606a019c..000000000000
--- a/src/chrome/content/rules/torrentz.site.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="torrentz.site">
-	<target host="torrentz.site" />
-	<target host="www.torrentz.site" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/torrentz2.eu.xml b/src/chrome/content/rules/torrentz2.eu.xml
deleted file mode 100644
index 62869b25f8de..000000000000
--- a/src/chrome/content/rules/torrentz2.eu.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="torrentz2.eu">
-	<target host="torrentz2.me" />
-	<target host="www.torrentz2.me" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/tortall.net.xml b/src/chrome/content/rules/tortall.net.xml
new file mode 100644
index 000000000000..33874b754536
--- /dev/null
+++ b/src/chrome/content/rules/tortall.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="tortall.net">
+	<target host="tortall.net" />
+	<target host="www.tortall.net" />
+	<target host="cvs.tortall.net" />
+	<target host="yasm.tortall.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/toshiba-tec.com.cn.xml b/src/chrome/content/rules/toshiba-tec.com.cn.xml
deleted file mode 100644
index 12ed53df7914..000000000000
--- a/src/chrome/content/rules/toshiba-tec.com.cn.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="toshiba-tec.com.cn">
-	<!--	^toshiba-tec.com.cn does not exist.	-->
-	
-	<target host="kiss.toshiba-tec.com.cn"/>
-	<target host="www.toshiba-tec.com.cn"/>
-	
-	<rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/towelroot.xml b/src/chrome/content/rules/towelroot.xml
index 15930f56fec6..dec7d1e72850 100644
--- a/src/chrome/content/rules/towelroot.xml
+++ b/src/chrome/content/rules/towelroot.xml
@@ -1,6 +1,6 @@
 <ruleset name="towelroot">
 	<target host="towelroot.com" />
-	<target host="*.towelroot.com" />
+	<target host="www.towelroot.com" />
 
 	<rule from="^http://(?:www\.)?towelroot\.com/"
 		to="https://towelroot.com/" />
diff --git a/src/chrome/content/rules/toxstats.com.xml b/src/chrome/content/rules/toxstats.com.xml
deleted file mode 100644
index 6421531c5b32..000000000000
--- a/src/chrome/content/rules/toxstats.com.xml
+++ /dev/null
@@ -1,27 +0,0 @@
-<!--
-	STS header includes includeSubdomains
-	for ^, www
-
--->
-<ruleset name="Tox Stats.com">
-
-	<target host="toxstats.com" />
-	<target host="*.toxstats.com" />
-
-		<!--	includeSubdomains applies to one level only, so:
-									-->
-		<exclusion pattern="^http://(?:[^./]+\.){2,}toxstats\.com/" />
-
-			<test url="http://this.host.toxstats.com/" />
-			<test url="http://exists.not.toxstats.com/" />
-
-		<test url="http://www.toxstats.com/" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/tpb.dashitz.com.xml b/src/chrome/content/rules/tpb.dashitz.com.xml
deleted file mode 100644
index 7afbb000afe5..000000000000
--- a/src/chrome/content/rules/tpb.dashitz.com.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="tpb.dashitz.com">
-	<target host="tpb.dashitz.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/tpb.patatje.eu.xml b/src/chrome/content/rules/tpb.patatje.eu.xml
deleted file mode 100644
index f100de1feefd..000000000000
--- a/src/chrome/content/rules/tpb.patatje.eu.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="tpb.patatje.eu">
-	<target host="tpb.patatje.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/tpb.pm.xml b/src/chrome/content/rules/tpb.pm.xml
deleted file mode 100644
index 94b7a3091dce..000000000000
--- a/src/chrome/content/rules/tpb.pm.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="tpb.pm">
-	<target host="tpb.pm" />
-	<target host="www.tpb.pm" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/tpblist.xyz.xml b/src/chrome/content/rules/tpblist.xyz.xml
index 212661de4d89..2a435c79eaa3 100644
--- a/src/chrome/content/rules/tpblist.xyz.xml
+++ b/src/chrome/content/rules/tpblist.xyz.xml
@@ -29,7 +29,7 @@ tpb.proxyduck.net self signed
 www.pbp.rocks refused
 -->
 <!--The Pirate Bay proxies from tpblist.xyz Main ruleset: ThePirateBay.xml-->
-<ruleset name="tpblist.xyz" default_off='failed ruleset test'>
+<ruleset name="tpblist.xyz" default_off="failed ruleset test">
 	<target host="tpblist.xyz" />
 	<target host="www.tpblist.xyz" />
 	<target host="tpb.host" />
@@ -79,4 +79,4 @@ www.pbp.rocks refused
 	<target host="thepiratebay_org.unblocked.lol" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/tpbmirror.us.xml b/src/chrome/content/rules/tpbmirror.us.xml
deleted file mode 100644
index 578e7a7de4ce..000000000000
--- a/src/chrome/content/rules/tpbmirror.us.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="tpbmirror.us">
-	<target host="tpbmirror.us" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/transfermarkt.de.xml b/src/chrome/content/rules/transfermarkt.de.xml
index a8329b6ed4a3..b2c8d5257d91 100644
--- a/src/chrome/content/rules/transfermarkt.de.xml
+++ b/src/chrome/content/rules/transfermarkt.de.xml
@@ -1,7 +1,7 @@
 <!--
 		Wildcard DNS:
 		*.transfermarkt.de
-		
+
 		404:
 			transfermarkt.de
 -->
@@ -9,7 +9,7 @@
 
 	<target host="transfermarkt.de" />
 	<target host="www.transfermarkt.de" />
-	
+
 	<rule from="^http://transfermarkt\.de/"
 			to="https://www.transfermarkt.de/" />
 
diff --git a/src/chrome/content/rules/translations.com.xml b/src/chrome/content/rules/translations.com.xml
index f3dae53db7ed..a6f3f5dcef01 100644
--- a/src/chrome/content/rules/translations.com.xml
+++ b/src/chrome/content/rules/translations.com.xml
@@ -19,11 +19,11 @@ Fetch error: http://translations.com/ => https://www.translations.com/: (60, 'SS
 		- Images on www from cdn.transperfect.com ˡ
 		- Bug on www from a.analytics.yahoo.com *
 
-	ˡ Unsecurable <= redirect loop 
+	ˡ Unsecurable <= redirect loop
 	* See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Translations.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Translations.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/transperfect.com-problematic.xml b/src/chrome/content/rules/transperfect.com-problematic.xml
index de5370c5c1b7..6cb7011b3ef1 100644
--- a/src/chrome/content/rules/transperfect.com-problematic.xml
+++ b/src/chrome/content/rules/transperfect.com-problematic.xml
@@ -5,7 +5,7 @@
 	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="TransPerfect.com (missing certificate chain)" default_off="missing certificate chain">
+<ruleset name="TransPerfect.com (missing certificate chain)" default_off="cert-chain">
 
 	<target host="transperfect.com" />
 	<target host="www.transperfect.com" />
diff --git a/src/chrome/content/rules/travel-assets.com.xml b/src/chrome/content/rules/travel-assets.com.xml
index 9bc882c4d22a..25927f21aa5d 100644
--- a/src/chrome/content/rules/travel-assets.com.xml
+++ b/src/chrome/content/rules/travel-assets.com.xml
@@ -12,7 +12,7 @@
 	<target host="f.travel-assets.com" />
 	<target host="forever.travel-assets.com" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/trbo.com.xml b/src/chrome/content/rules/trbo.com.xml
new file mode 100644
index 000000000000..b7a998db644b
--- /dev/null
+++ b/src/chrome/content/rules/trbo.com.xml
@@ -0,0 +1,38 @@
+<!--
+	This domain contains a wildcard DNS record.
+
+	Invalid certificate:
+		charger
+		checkip.dyndns.orgtrack2
+
+	Non-2xx HTTP code:
+		uk
+-->
+<ruleset name="trbo.com">
+
+	<target host="trbo.com" />
+	<target host="www.trbo.com" />
+	<target host="api.trbo.com" />
+	<target host="api-v2.trbo.com" />
+	<target host="api-v3.trbo.com" />
+	<target host="api-v4.trbo.com" />
+	<target host="beta.trbo.com" />
+	<target host="charger-v2.trbo.com" />
+	<target host="collect.trbo.com" />
+	<target host="data.trbo.com" />
+	<target host="data-v2.trbo.com" />
+	<target host="newsletter-api.trbo.com" />
+	<target host="static.trbo.com" />
+	<target host="static-v2.trbo.com" />
+		<test url="http://static-v2.trbo.com/plugin/trbo_12950_e3e6429cafe91e81a7fbb224b1bacf9c.js" />
+	<target host="track.trbo.com" />
+	<target host="track2.trbo.com" />
+	<target host="v2.trbo.com" />
+	<target host="v4.trbo.com" />
+	<target host="xng.trbo.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/trezor.io.xml b/src/chrome/content/rules/trezor.io.xml
deleted file mode 100644
index 2e102803b28c..000000000000
--- a/src/chrome/content/rules/trezor.io.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://old-wallet.trezor.io/ => https://old-wallet.trezor.io/: (6, 'Could not resolve host: old-wallet.trezor.io')
-
--->
-<ruleset name="trezor.io" default_off='failed ruleset test'>
-	<target host="trezor.io" />
-	<target host="www.trezor.io" />
-	<target host="beta-wallet.trezor.io" />
-	<target host="bitcore1.trezor.io" />
-	<target host="bitcore3.trezor.io" />
-	<target host="blog.trezor.io" />
-	<target host="connect.trezor.io" />
-	<target host="old-wallet.trezor.io" />
-	<target host="shop.trezor.io" />
-	<target host="wallet.trezor.io" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/trimble.com.xml b/src/chrome/content/rules/trimble.com.xml
new file mode 100644
index 000000000000..95d6428a94b5
--- /dev/null
+++ b/src/chrome/content/rules/trimble.com.xml
@@ -0,0 +1,16 @@
+<ruleset name="trimble.com">
+
+  <target host="trimble.com" />
+  <target host="www.trimble.com" />
+  <target host="agriculture.trimble.com" />
+  <target host="construction.trimble.com" />
+  <target host="foundation.trimble.com" />
+  <target host="gc.trimble.com" />
+  <target host="geospatial.trimble.com" />
+  <target host="mep.trimble.com" />
+  <target host="positioningservices.trimble.com" />
+  
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/troid.ca.xml b/src/chrome/content/rules/troid.ca.xml
deleted file mode 100644
index 847c07f4c6bc..000000000000
--- a/src/chrome/content/rules/troid.ca.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	Invalid Certificate:
-			ftp.troid.ca
--->
-<ruleset name="troid.ca">
-	<target host="troid.ca"/>
-	<target host="www.troid.ca"/>
-	<target host="iap.troid.ca"/>
-	<target host="radio.troid.ca"/>
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/truebsd.pw.xml b/src/chrome/content/rules/truebsd.pw.xml
deleted file mode 100644
index 3bfbb2715d88..000000000000
--- a/src/chrome/content/rules/truebsd.pw.xml
+++ /dev/null
@@ -1,4 +0,0 @@
-<ruleset name="truebsd.pw">
-	<target host="truebsd.pw" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/trust.org.xml b/src/chrome/content/rules/trust.org.xml
new file mode 100644
index 000000000000..a6be33384f02
--- /dev/null
+++ b/src/chrome/content/rules/trust.org.xml
@@ -0,0 +1,17 @@
+<ruleset name="trust.org">
+	<target host="trust.org" />
+	<target host="news.trust.org" />
+	<target host="survey.trust.org" />
+	<target host="surveys.trust.org" />
+	<target host="www.trust.org" />
+	
+	<!--	Redirect keeps path and args:
+						-->
+	<rule from="^http://surveys\.trust\.org/s3/+"
+		to="https://surveys.trust.org/s3/" />
+	
+		<test url="http://surveys.trust.org/s3/Newsletter-Subscription" />
+		<test url="http://surveys.trust.org/s3/covid19-biggerpicture-submission" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/trvl-media.com.xml b/src/chrome/content/rules/trvl-media.com.xml
index 5a42186ed3b6..becb31c82828 100644
--- a/src/chrome/content/rules/trvl-media.com.xml
+++ b/src/chrome/content/rules/trvl-media.com.xml
@@ -9,6 +9,6 @@
 	<target host="thumbnails.int.trvl-media.com" />
 	<target host="thumbnails.trvl-media.com" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/trvl-px.com.xml b/src/chrome/content/rules/trvl-px.com.xml
index 64da1dc14e46..bee9a6e42da7 100644
--- a/src/chrome/content/rules/trvl-px.com.xml
+++ b/src/chrome/content/rules/trvl-px.com.xml
@@ -20,7 +20,7 @@
 
 	<target host="www.trvl-px.com" />
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/tset.de.xml b/src/chrome/content/rules/tset.de.xml
new file mode 100644
index 000000000000..8228128f73d6
--- /dev/null
+++ b/src/chrome/content/rules/tset.de.xml
@@ -0,0 +1,7 @@
+<ruleset name="tset.de" default_off="cert-chain">
+	<target host="tset.de" />
+	<target host="www.tset.de" />
+	<target host="hg.tset.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tsowell.xml b/src/chrome/content/rules/tsowell.xml
new file mode 100644
index 000000000000..e0856caa8aea
--- /dev/null
+++ b/src/chrome/content/rules/tsowell.xml
@@ -0,0 +1,6 @@
+<ruleset name="tsowell.com">
+	<target host="tsowell.com" />
+	<target host="www.tsowell.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ttk-chita.ru.xml b/src/chrome/content/rules/ttk-chita.ru.xml
index cfba28790d14..d41ded6477ca 100644
--- a/src/chrome/content/rules/ttk-chita.ru.xml
+++ b/src/chrome/content/rules/ttk-chita.ru.xml
@@ -9,7 +9,7 @@ kodar.ttk-chita.ru timed out
 ttk-chita.ru different content
 www.ttk-chita.ru different content
 -->
-<ruleset name="ttk-chita.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="ttk-chita.ru (partial)" default_off="failed ruleset test">
 	<target host="stat.ttk-chita.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/tugatech.com.pt.xml b/src/chrome/content/rules/tugatech.com.pt.xml
index a2bb714f6b21..876bb439cad2 100644
--- a/src/chrome/content/rules/tugatech.com.pt.xml
+++ b/src/chrome/content/rules/tugatech.com.pt.xml
@@ -13,5 +13,5 @@
 	<target host="webradio.tugatech.com.pt" />
 
 	<rule from="^http:" to="https:" />
-	
+
 </ruleset>
diff --git a/src/chrome/content/rules/tumba.ch.xml b/src/chrome/content/rules/tumba.ch.xml
index aae8e1f257d7..7021b2555083 100644
--- a/src/chrome/content/rules/tumba.ch.xml
+++ b/src/chrome/content/rules/tumba.ch.xml
@@ -6,7 +6,7 @@ Fetch error: http://les.tumba.ch/ => https://les.tumba.ch/: (51, "SSL: no altern
 Fetch error: http://u.tumba.ch/ => https://u.tumba.ch/: (51, "SSL: no alternative certificate subject name matches target host name 'u.tumba.ch'")
 
 -->
-<ruleset name="tumba.ch" default_off='failed ruleset test'>
+<ruleset name="tumba.ch" default_off="failed ruleset test">
         <target host="tumba.ch" />
         <target host="www.tumba.ch" />
         <target host="api.tumba.ch" />
diff --git a/src/chrome/content/rules/tunbridgewells.gov.uk.xml b/src/chrome/content/rules/tunbridgewells.gov.uk.xml
deleted file mode 100644
index dede68145523..000000000000
--- a/src/chrome/content/rules/tunbridgewells.gov.uk.xml
+++ /dev/null
@@ -1,20 +0,0 @@
-<!--
-	For other UK government coverage, see GOV.UK.xml.
-
-	Non-functional hosts
-		Timeout was reached:
-		- maps.tunbridgewells.gov.uk
-
-		SSL connect error:
-		- secure.tunbridgewells.gov.uk
-
-		SSL peer certificate was not OK:
-		- tunbridgewells.gov.uk
-		- consult.tunbridgewells.gov.uk
-		- www.tunbridgewells.gov.uk
--->
-<ruleset name="Tunbridge Wells.gov.uk (partial)">
-	<target host="democracy.tunbridgewells.gov.uk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/tune.com.xml b/src/chrome/content/rules/tune.com.xml
index 0a6e522342fa..ae8352a2009b 100644
--- a/src/chrome/content/rules/tune.com.xml
+++ b/src/chrome/content/rules/tune.com.xml
@@ -1,8 +1,14 @@
+
 <!--
+The following targets have been disabled at 2020-09-25 16:20:22:
+
+Fetch error: http://audience.tune.com/ => https://audience.tune.com/: (6, 'Could not resolve host: audience.tune.com')
+Fetch error: http://bi.tune.com/ => https://bi.tune.com/: (6, 'Could not resolve host: bi.tune.com')
+Fetch error: http://mc.tune.com/ => https://mc.tune.com/: (6, 'Could not resolve host: mc.tune.com')
+
 	Other Tune rulesets:
 
 		- HasOffers.xml
-		- mobileapptracking.com.xml
 
 
 	Problematic hosts in *tune.com:
@@ -40,11 +46,11 @@
 <ruleset name="Tune.com (partial)">
 
 	<target host="tune.com" />
-	<target host="audience.tune.com" />
-	<target host="bi.tune.com" />
+	<!-- target host="audience.tune.com" /-->
+	<!-- target host="bi.tune.com" /-->
 	<target host="help.tune.com" />
 	<target host="ma.tune.com" />
-	<target host="mc.tune.com" />
+	<!-- target host="mc.tune.com" /-->
 	<target host="partners.tune.com" />
 	<target host="www.tune.com" />
 
diff --git a/src/chrome/content/rules/turku.fi.xml b/src/chrome/content/rules/turku.fi.xml
index c322fc7d18ba..3653ba300ee7 100644
--- a/src/chrome/content/rules/turku.fi.xml
+++ b/src/chrome/content/rules/turku.fi.xml
@@ -9,7 +9,7 @@ Non-2xx HTTP code: http://www.bussit.turku.fi/ (200) => https://www.turku.fi/pub
 		- www.turku.fi/(ahtela|bussar|busses|bussit|paikalla|paplats|
 		ippe|nuorikulttuuri|sustainable-city|...)
 -->
-<ruleset name="Turku.fi" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Turku.fi" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="www.turku.fi" />
 	<target host="turku.fi" />
 	<target host="www.bussit.turku.fi" />
diff --git a/src/chrome/content/rules/tushuku.net.xml b/src/chrome/content/rules/tushuku.net.xml
deleted file mode 100644
index 569e91eb1480..000000000000
--- a/src/chrome/content/rules/tushuku.net.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="tushuku.net">
-	<target host="tushuku.net"/>
-	<target host="www.tushuku.net"/>
-
-	<rule from="^http:" to="https:"/>
-</ruleset>
diff --git a/src/chrome/content/rules/tuxfamily.org-falsemixed.xml b/src/chrome/content/rules/tuxfamily.org-falsemixed.xml
index 618dbb311be6..226bcdf1c83f 100644
--- a/src/chrome/content/rules/tuxfamily.org-falsemixed.xml
+++ b/src/chrome/content/rules/tuxfamily.org-falsemixed.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.gimpphoto.tuxfamily.org/ => https://gimpphoto.tuxfamily.
 	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="TuxFamily.org (false MCB)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="TuxFamily.org (false MCB)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/tvc.ru.xml b/src/chrome/content/rules/tvc.ru.xml
index 85d2e4e94dd8..0d05328c5c2a 100644
--- a/src/chrome/content/rules/tvc.ru.xml
+++ b/src/chrome/content/rules/tvc.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://cdn.tvc.ru/ => https://cdn.tvc.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="tvc.ru" default_off='failed ruleset test'>
+<ruleset name="tvc.ru" default_off="failed ruleset test">
 	<target host="cdn.tvc.ru" />
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/tvtv.de.xml b/src/chrome/content/rules/tvtv.de.xml
new file mode 100644
index 000000000000..1b6af9e0ec03
--- /dev/null
+++ b/src/chrome/content/rules/tvtv.de.xml
@@ -0,0 +1,26 @@
+<!--
+	Invalid certificate:
+		spiele.tvtv.de
+
+	Timeout:
+		beta.tvtv.de
+		m.beta.tvtv.de
+		jenkins.tvtv.de
+
+	Unable to get local issuer certificate:
+		test.tvtv.de
+		m.test.tvtv.de
+-->
+<ruleset name="tvtv.de">
+
+	<target host="tvtv.de" />
+	<target host="www.tvtv.de" />
+	<target host="images.tvtv.de" />
+	<target host="link.tvtv.de" />
+	<target host="m.tvtv.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/typescriptlang.org.xml b/src/chrome/content/rules/typescriptlang.org.xml
new file mode 100644
index 000000000000..9fa1e2e06e36
--- /dev/null
+++ b/src/chrome/content/rules/typescriptlang.org.xml
@@ -0,0 +1,13 @@
+<ruleset name="typescriptlang.org">
+		<target host="typescriptlang.org" />
+		<target host="www.typescriptlang.org" />
+
+
+		<!--
+			Just adding the target won't work here, since typescriptlang.org does not support https.
+			It needs to be redirected to https://www.typescriptlang.org/ explicitly.
+		-->
+		<rule from="^http://typescriptlang\.org/" to="https://www.typescriptlang.org/" />
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tyresales.com.au.xml b/src/chrome/content/rules/tyresales.com.au.xml
new file mode 100644
index 000000000000..2d3a0a113d1b
--- /dev/null
+++ b/src/chrome/content/rules/tyresales.com.au.xml
@@ -0,0 +1,26 @@
+<!--
+	Non-functional subdomains:
+		- login		(r)
+		- pre-uat	(t)
+		- staging1	(t)
+
+	e: expired certificate
+	h: http redirect
+	i: invalid certificate chain
+	m: certificate mismatch
+	r: connection refused
+	s: self-signed certificate
+	t: timeout on https
+-->
+<ruleset name="tyresales.com.au">
+
+	<target host="tyresales.com.au" />
+	<target host="www.tyresales.com.au" />
+	<target host="dealers.tyresales.com.au" />
+	<target host="racv-uat.tyresales.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/tyumedia.ru.xml b/src/chrome/content/rules/tyumedia.ru.xml
index 21a16c027c83..f45a9d2832ba 100644
--- a/src/chrome/content/rules/tyumedia.ru.xml
+++ b/src/chrome/content/rules/tyumedia.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://tyumedia.ru/ => https://tyumedia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 Fetch error: http://www.tyumedia.ru/ => https://tyumedia.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
  www. mismatch -->
-<ruleset name="tyumedia.ru" default_off='failed ruleset test'>
+<ruleset name="tyumedia.ru" default_off="failed ruleset test">
 	<target host="tyumedia.ru" />
 	<target host="www.tyumedia.ru" />
 	<rule from="^http://www\.tyumedia\.ru/"
diff --git a/src/chrome/content/rules/ubalt.edu.xml b/src/chrome/content/rules/ubalt.edu.xml
new file mode 100644
index 000000000000..542de6cf5b4f
--- /dev/null
+++ b/src/chrome/content/rules/ubalt.edu.xml
@@ -0,0 +1,149 @@
+<!--
+	Invalid certificate:
+		baltimoreauthors.ubalt.edu
+		bothandneither.ubalt.edu
+		cyberdiscovery.ubalt.edu
+		filemaker.ubalt.edu
+		www.law.ubalt.edu
+		www.noc.ubalt.edu
+		sip.ubalt.edu
+		scooby.ubalt.edu
+		mba.towson.ubalt.edu
+		wiki.ubalt.edu
+
+	Refused:
+		autodiscover.ubalt.edu
+		df.ubalt.edu
+		pesod-slma.ubalt.edu
+		rvaam.ubalt.edu
+		zimride.ubalt.edu
+
+	Time out:
+		accounting.ubalt.edu
+		ace.ubalt.edu
+		allan.ubalt.edu
+		auth.ubalt.edu
+		bambam.ubalt.edu
+		c3po.ubalt.edu
+		cow.ubalt.edu
+		crow.ubalt.edu
+		csilink.ubalt.edu
+		dctt.ubalt.edu
+		dilbert.ubalt.edu
+		dsr-ac.ubalt.edu
+		ed.ubalt.edu
+		eddie.ubalt.edu
+		edgar.ubalt.edu
+		eeyore.ubalt.edu
+		fm.ubalt.edu
+		george.ubalt.edu
+		gist.ubalt.edu
+		gumby.ubalt.edu
+		headroom.ubalt.edu
+		iat.ubalt.edu
+		idp.ubalt.edu
+		igor.ubalt.edu
+		iprint.ubalt.edu
+		jen.ubalt.edu
+		kenny.ubalt.edu
+		marci.ubalt.edu
+		mis.ubalt.edu
+		moof.ubalt.edu
+		mrfrench.ubalt.edu
+		mycallpilot.ubalt.edu
+		nigel.ubalt.edu
+		oraclep.ubalt.edu
+		peggy.ubalt.edu
+		peoplebooks.ubalt.edu
+		pesod-igw-pub.ubalt.edu
+		pesop-igw-pub.ubalt.edu
+		pesop-rpt-fn.ubalt.edu
+		pokey.ubalt.edu
+		portfolio.ubalt.edu
+		poster.ubalt.edu
+		region.ubalt.edu
+		rudy.ubalt.edu
+		sad.ubalt.edu
+		schroeder.ubalt.edu
+		sluggo.ubalt.edu
+		smart.ubalt.edu
+		tigger.ubalt.edu
+		ured.ubalt.edu
+		urlbaron.ubalt.edu
+		velma.ubalt.edu
+		wanderer.ubalt.edu
+		webmail.ubalt.edu
+		webteach2.ubalt.edu
+		wwwd.ubalt.edu
+		xserve1.ubalt.edu
+		yogi.ubalt.edu
+		ziggy.ubalt.edu
+-->
+<ruleset name="ubalt.edu">
+	<target host="ubalt.edu" />
+	<target host="www.ubalt.edu" />
+	<target host="archives.ubalt.edu" />
+	<target host="archivesspace.ubalt.edu" />
+	<target host="asa.ubalt.edu" />
+	<target host="beheardbaltimore.ubalt.edu" />
+	<target host="blogs.ubalt.edu" />
+	<target host="business.ubalt.edu" />
+	<target host="courses.ubalt.edu" />
+	<target host="crwportal.ubalt.edu" />
+	<target host="eprint.ubalt.edu" />
+	<target host="gots.ubalt.edu" />
+	<target host="home.ubalt.edu" />
+	<target host="housing.ubalt.edu" />
+	<target host="hybrid.ubalt.edu" />
+	<target host="iliad.ubalt.edu" />
+	<target host="illiad.ubalt.edu" />
+	<target host="internal.ubalt.edu" />
+	<target host="involvement.ubalt.edu" />
+	<target host="jitm.ubalt.edu" />
+	<target host="jitmreview.ubalt.edu" />
+	<target host="langsdale.ubalt.edu" />
+	<target host="law.ubalt.edu" />
+	<target host="library.ubalt.edu" />
+	<target host="listserv.ubalt.edu" />
+	<target host="logon.ubalt.edu" />
+	<target host="m.ubalt.edu" />
+	<target host="main.ubalt.edu" />
+	<target host="marylandcpm.ubalt.edu" />
+	<target host="meilp.ubalt.edu" />
+	<target host="myfiles.ubalt.edu" />
+	<target host="mypw.ubalt.edu" />
+	<target host="myub.ubalt.edu" />
+	<target host="myubtowsonmba.ubalt.edu" />
+	<target host="noc.ubalt.edu" />
+	<target host="oa.ubalt.edu" />
+	<target host="otsnet.ubalt.edu" />
+	<target host="pcounter.ubalt.edu" />
+	<target host="peso.ubalt.edu" />
+	<target host="pesod-tam.ubalt.edu" />
+	<target host="pesop-app.ubalt.edu" />
+	<target host="pesop-cs.ubalt.edu" />
+	<target host="pesop-hr.ubalt.edu" />
+	<target host="pesop-pa.ubalt.edu" />
+	<target host="pesop-pa-tmp.ubalt.edu" />
+	<target host="pesop-phire.ubalt.edu" />
+	<target host="pesop-rpt-cs.ubalt.edu" />
+	<target host="pesop-rpt-hr.ubalt.edu" />
+	<target host="pesop-tam.ubalt.edu" />
+	<target host="raven.ubalt.edu" />
+	<target host="scholarworks.law.ubalt.edu" />
+	<target host="scpp.ubalt.edu" />
+	<target host="spss.ubalt.edu" />
+	<target host="telecom.ubalt.edu" />
+	<target host="ubonline.ubalt.edu" />
+	<target host="ubpeso.ubalt.edu" />
+	<target host="ubwiki.ubalt.edu" />
+	<target host="umubdr.ubalt.edu" />
+	<target host="view.ubalt.edu" />
+	<target host="vpn.ubalt.edu" />
+	<target host="vpnmonj.ubalt.edu" />
+	<target host="wa.ubalt.edu" />
+	<target host="webnow.ubalt.edu" />
+	<target host="welter.ubalt.edu" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntu-fi.org.xml b/src/chrome/content/rules/ubuntu-fi.org.xml
new file mode 100644
index 000000000000..0cac0153a304
--- /dev/null
+++ b/src/chrome/content/rules/ubuntu-fi.org.xml
@@ -0,0 +1,10 @@
+<ruleset name="ubuntu-fi.org">
+		<target host="ubuntu-fi.org" />
+		<target host="www.ubuntu-fi.org" />
+		<target host="forum.ubuntu-fi.org" />
+		<target host="wiki.ubuntu-fi.org" />
+		<target host="blog.ubuntu-fi.org" />
+
+		<rule from="^http:"
+				to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntugeek.com.xml b/src/chrome/content/rules/ubuntugeek.com.xml
new file mode 100644
index 000000000000..c2911527b07e
--- /dev/null
+++ b/src/chrome/content/rules/ubuntugeek.com.xml
@@ -0,0 +1,23 @@
+<!--
+	Invalid certificate:
+		dc-b02638f16c24.ubuntugeek.com
+		e.ubuntugeek.com
+		mobilemail.ubuntugeek.com
+		pda.ubuntugeek.com
+		webmail.ubuntugeek.com
+
+	Time out:
+		imap.ubuntugeek.com
+		mail.ubuntugeek.com
+		pop.ubuntugeek.com
+		smtp.ubuntugeek.com
+-->
+<ruleset name="ubuntugeek.com">
+	<target host="ubuntugeek.com" />
+	<target host="www.ubuntugeek.com" />
+	<target host="email.ubuntugeek.com" />
+	<target host="forum.ubuntugeek.com" />
+	<target host="www2.ubuntugeek.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntupodcast.org.xml b/src/chrome/content/rules/ubuntupodcast.org.xml
new file mode 100644
index 000000000000..1de6a3fad8e0
--- /dev/null
+++ b/src/chrome/content/rules/ubuntupodcast.org.xml
@@ -0,0 +1,16 @@
+<!--
+	Refused:
+		feed.ubuntupodcast.org
+		feeds.ubuntupodcast.org
+		live.ubuntupodcast.org
+		mail.ubuntupodcast.org
+		mail2.ubuntupodcast.org
+		static.ubuntupodcast.org
+-->
+<ruleset name="ubuntupodcast.org">
+	<target host="ubuntupodcast.org" />
+	<target host="www.ubuntupodcast.org" />
+	<target host="stats.ubuntupodcast.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ubuntutheaterproject.com.xml b/src/chrome/content/rules/ubuntutheaterproject.com.xml
new file mode 100644
index 000000000000..d27468ea5d18
--- /dev/null
+++ b/src/chrome/content/rules/ubuntutheaterproject.com.xml
@@ -0,0 +1,10 @@
+<!--
+	Refused:
+		m.ubuntutheaterproject.com
+-->
+<ruleset name="ubuntutheaterproject.com">
+	<target host="ubuntutheaterproject.com" />
+	<target host="www.ubuntutheaterproject.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ucarp.org.xml b/src/chrome/content/rules/ucarp.org.xml
deleted file mode 100644
index 335c4b10f7ca..000000000000
--- a/src/chrome/content/rules/ucarp.org.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<!--
-    For other pureftpd.org subdomains, see PureFTPd.org.xml
--->
-<ruleset name="ucarp.org">
-	<target host="ucarp.org" />
-	<target host="www.ucarp.org" />
-
-	<rule from="^http://(www\.)?ucarp\.org/"
-		to="https://www.pureftpd.org/project/ucarp" />
-</ruleset>
diff --git a/src/chrome/content/rules/uclick.com.xml b/src/chrome/content/rules/uclick.com.xml
index 763ee7a1c0bc..758ccc775bea 100644
--- a/src/chrome/content/rules/uclick.com.xml
+++ b/src/chrome/content/rules/uclick.com.xml
@@ -2,7 +2,7 @@
 	These altnames do not exist:
 
 		- www.admin.uclick.com
-	
+
 
 	Mixed content:
 
diff --git a/src/chrome/content/rules/ufanet.ru.xml b/src/chrome/content/rules/ufanet.ru.xml
index 997563a26172..6edd67a7fb07 100644
--- a/src/chrome/content/rules/ufanet.ru.xml
+++ b/src/chrome/content/rules/ufanet.ru.xml
@@ -74,7 +74,7 @@ oren.ufanet.ru different content
 slv.ufanet.ru different content
 str.ufanet.ru different content
 -->
-<ruleset name="ufanet.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="ufanet.ru (partial)" default_off="failed ruleset test">
 	<target host="my.ufanet.ru" />
 	<target host="orsk.ufanet.ru" />
 	<target host="store.ufanet.ru" />
diff --git a/src/chrome/content/rules/uhrp.org.xml b/src/chrome/content/rules/uhrp.org.xml
new file mode 100644
index 000000000000..241187e7de16
--- /dev/null
+++ b/src/chrome/content/rules/uhrp.org.xml
@@ -0,0 +1,19 @@
+<!--
+Nonfunctional domains:
+
+Certificate mismatch:
+ - pressrelease.uhrp.org
+ - cn.uhrp.org
+ - ftp.uhrp.org
+ - chinese.uhrp.org
+-->
+
+<ruleset name="uhrp.org">
+	<target host="uhrp.org" />
+	<target host="docs.uhrp.org" />
+	<target host="weblog.uhrp.org" />
+	<target host="chineseblog.uhrp.org" />
+	<target host="www.uhrp.org" />
+  
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/uhulinux.hu.xml b/src/chrome/content/rules/uhulinux.hu.xml
deleted file mode 100644
index 803fec129fcf..000000000000
--- a/src/chrome/content/rules/uhulinux.hu.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<ruleset name="uhulinux.hu">
-	<target host="uhulinux.hu" />
-	<target host="www.uhulinux.hu" />
-	<target host="download.uhulinux.hu" />
-	<target host="svn.uhulinux.hu" />
-	<target host="lists.uhulinux.hu" />
-	<target host="wiki.uhulinux.hu" />
-	<target host="ftp.uhulinux.hu" />
-	<target host="rsync.uhulinux.hu" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ukpirate.click.xml b/src/chrome/content/rules/ukpirate.click.xml
deleted file mode 100644
index d3a493c9c6b1..000000000000
--- a/src/chrome/content/rules/ukpirate.click.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="ukpirate.click">
-	<target host="ukpirate.click" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/ukw.jp.xml b/src/chrome/content/rules/ukw.jp.xml
deleted file mode 100644
index f9a349807581..000000000000
--- a/src/chrome/content/rules/ukw.jp.xml
+++ /dev/null
@@ -1,10 +0,0 @@
-<ruleset name="ukw.jp">
-
-	<target host="llhprd.ukw.jp" />
-
-	<test url="http://llhprd.ukw.jp//ukan/ukwlg.js" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/ukxcam.co.uk.xml b/src/chrome/content/rules/ukxcam.co.uk.xml
index 8e03c0bf243a..4a755c17cbfa 100644
--- a/src/chrome/content/rules/ukxcam.co.uk.xml
+++ b/src/chrome/content/rules/ukxcam.co.uk.xml
@@ -18,7 +18,7 @@ Fetch error: http://www.ukxcam.co.uk/ => https://www.ukxcam.co.uk/: (51, "SSL: n
 	ˢ See https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="ukxcam.co.uk" default_off='failed ruleset test'>
+<ruleset name="ukxcam.co.uk" default_off="failed ruleset test">
 
 	<target host="ukxcam.co.uk" />
 	<target host="www.ukxcam.co.uk" />
diff --git a/src/chrome/content/rules/ultimateeditionoz.com.xml b/src/chrome/content/rules/ultimateeditionoz.com.xml
index ba1a1d509d4c..6e9e9ebca8e0 100644
--- a/src/chrome/content/rules/ultimateeditionoz.com.xml
+++ b/src/chrome/content/rules/ultimateeditionoz.com.xml
@@ -5,7 +5,7 @@ Fetch error: http://ultimateeditionoz.com/ => https://ultimateeditionoz.com/: (7
 Fetch error: http://www.ultimateeditionoz.com/ => https://www.ultimateeditionoz.com/: (7, 'Failed to connect to www.ultimateeditionoz.com port 443: Connection refused')
 
 -->
-<ruleset name="ultimateeditionoz.com" default_off='failed ruleset test'>
+<ruleset name="ultimateeditionoz.com" default_off="failed ruleset test">
 	<target host="ultimateeditionoz.com" />
 	<target host="www.ultimateeditionoz.com" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/umeng.xml b/src/chrome/content/rules/umeng.xml
index ac9754b0e54c..cffc747aac57 100644
--- a/src/chrome/content/rules/umeng.xml
+++ b/src/chrome/content/rules/umeng.xml
@@ -21,7 +21,7 @@ Fetch error: http://umeng.com/ => https://umeng.com/: (7, 'Failed to connect to
 	- huodong.umeng.com
 -->
 
-<ruleset name="umeng (partial)" default_off='failed ruleset test'>
+<ruleset name="umeng (partial)" default_off="failed ruleset test">
 	<target host="umeng.com" />
 	<target host="beta.umeng.com" />
 	<target host="dev.umeng.com" />
@@ -35,12 +35,12 @@ Fetch error: http://umeng.com/ => https://umeng.com/: (7, 'Failed to connect to
 	<target host="wsq.umeng.com" />
 	<target host="api.wsq.umeng.com" />
 	<target host="www.umeng.com" />
-	
+
 	<!--mixed content:-->
 	<exclusion pattern="^http://salon\.umeng\.com/(detail_\d+\.html)?$" />
 		<test url="http://salon.umeng.com/" />
 		<test url="http://salon.umeng.com/detail_31.html" />
-		
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/umgum.com.xml b/src/chrome/content/rules/umgum.com.xml
new file mode 100644
index 000000000000..bc150dfa1712
--- /dev/null
+++ b/src/chrome/content/rules/umgum.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		mx.umgum.com
+		ns.umgum.com
+
+	Refused:
+		ns2.umgum.com
+		static.umgum.com
+-->
+<ruleset name="umgum.com">
+	<target host="umgum.com" />
+	<target host="www.umgum.com" />
+	<target host="dir.umgum.com" />
+	<target host="mail.umgum.com" />
+	<target host="map.umgum.com" />
+	<target host="pma.umgum.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/umontpellier.fr.xml b/src/chrome/content/rules/umontpellier.fr.xml
index bb20f5d74e55..7ada006cfa15 100644
--- a/src/chrome/content/rules/umontpellier.fr.xml
+++ b/src/chrome/content/rules/umontpellier.fr.xml
@@ -34,7 +34,7 @@
 	<target host="vacens.umontpellier.fr" />
 	<target host="video.umontpellier.fr" />
 	<target host="wifi.umontpellier.fr" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/undraw.co.xml b/src/chrome/content/rules/undraw.co.xml
new file mode 100644
index 000000000000..7d0c8137537b
--- /dev/null
+++ b/src/chrome/content/rules/undraw.co.xml
@@ -0,0 +1,8 @@
+<ruleset name="Undraw.co">
+	<target host="undraw.co" />
+	<target host="evie.undraw.co" />
+	<target host="halloween.undraw.co" />
+
+	<securecookie host=".+" name=".+" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/unet.by.xml b/src/chrome/content/rules/unet.by.xml
index 1d94b8198dda..ce375a1eeab5 100644
--- a/src/chrome/content/rules/unet.by.xml
+++ b/src/chrome/content/rules/unet.by.xml
@@ -31,7 +31,7 @@ devmy.unet.by different content
 ⁴ self signed
 ⁵ expired
 -->
-<ruleset name="unet.by" default_off='failed ruleset test'>
+<ruleset name="unet.by" default_off="failed ruleset test">
 	<target host="unet.by" />
 	<target host="www.unet.by" />
 	<target host="admin.unet.by" />
diff --git a/src/chrome/content/rules/uni-mannheim.de.xml b/src/chrome/content/rules/uni-mannheim.de.xml
index 5140c30f04ff..bd0a71d1e5a2 100644
--- a/src/chrome/content/rules/uni-mannheim.de.xml
+++ b/src/chrome/content/rules/uni-mannheim.de.xml
@@ -35,8 +35,8 @@
 	<target host="www.mzes.uni-mannheim.de"/>
 	<target host="www.wim.uni-mannheim.de"/>
 	<target host="www.jdm.uni-mannheim.de"/>
-	
+
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:"/>
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/unimatrix.si-resources.xml b/src/chrome/content/rules/unimatrix.si-resources.xml
deleted file mode 100644
index a1c553603a02..000000000000
--- a/src/chrome/content/rules/unimatrix.si-resources.xml
+++ /dev/null
@@ -1,31 +0,0 @@
-<!--
-	For rules covering more than resources, see unimatrix.si.xml.
-
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
--->
-<ruleset name="Unimatrix.si (resources)" platform="mixedcontent">
-
-	<target host="hosting.unimatrix.si" />
-
-		<exclusion pattern="^http://hosting\.unimatrix\.si/(?!/*(?:asset|template)s/)" />
-
-			<!--	+ve:
-					-->
-			<test url="http://hosting.unimatrix.si/announcements.php" />
-			<test url="http://hosting.unimatrix.si/downloads.php" />
-			<test url="http://hosting.unimatrix.si/index.php" />
-			<test url="http://hosting.unimatrix.si/knowledgebase.php" />
-
-			<!--	-ve:
-					-->
-			<test url="http://hosting.unimatrix.si/assets/css/font-awesome.min.css" />
-			<test url="http://hosting.unimatrix.si/templates/six/css/custom.css" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/unionpacific.jobs.xml b/src/chrome/content/rules/unionpacific.jobs.xml
deleted file mode 100644
index 5d72220a91d1..000000000000
--- a/src/chrome/content/rules/unionpacific.jobs.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	For other Union Pacific Railroad Company coverage, see up.com.xml.
-
-
-	^unionpacific.jobs: refused
-
--->
-<ruleset name="Union Pacific.jobs">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="www.unionpacific.jobs" />
-
-	<!--	Complications:
-				-->
-	<target host="unionpacific.jobs" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://unionpacific\.jobs/"
-		to="https://www.unionpacific.jobs/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/unit4.com-resources.xml b/src/chrome/content/rules/unit4.com-resources.xml
index 303e54ede592..d7d068fbc5c5 100644
--- a/src/chrome/content/rules/unit4.com-resources.xml
+++ b/src/chrome/content/rules/unit4.com-resources.xml
@@ -11,7 +11,7 @@ Non-2xx HTTP code: http://info.unit4.com/rs/900-SZD-631/images/unit4-screen.css
 	and no mixed content secured.
 
 -->
-<ruleset name="Unit4.com (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Unit4.com (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<!--	Complications:
 				-->
diff --git a/src/chrome/content/rules/unit4.com.xml b/src/chrome/content/rules/unit4.com.xml
index 4ce3ce467069..b97bf2ac11b4 100644
--- a/src/chrome/content/rules/unit4.com.xml
+++ b/src/chrome/content/rules/unit4.com.xml
@@ -41,7 +41,7 @@ Non-2xx HTTP code: http://info.unit4.com/rs/900-SZD-631/images/U4-U4BW-WHO-CS-Ve
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Unit4.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Unit4.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/unterstuetzung-die-ankommt.de.xml b/src/chrome/content/rules/unterstuetzung-die-ankommt.de.xml
new file mode 100644
index 000000000000..97800c1191d5
--- /dev/null
+++ b/src/chrome/content/rules/unterstuetzung-die-ankommt.de.xml
@@ -0,0 +1,8 @@
+<ruleset name="unterstuetzung-die-ankommt.de">
+
+	<target host="unterstuetzung-die-ankommt.de" />
+	<target host="www.unterstuetzung-die-ankommt.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/unz.com.xml b/src/chrome/content/rules/unz.com.xml
new file mode 100644
index 000000000000..b1a394494ee8
--- /dev/null
+++ b/src/chrome/content/rules/unz.com.xml
@@ -0,0 +1,11 @@
+<!--
+	Mismatched:
+		- email
+-->
+<ruleset name="unz.com">
+	<target host="unz.com" />
+	<target host="www.unz.com" />
+	<target host="ftp.unz.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/up.com.xml b/src/chrome/content/rules/up.com.xml
index f959357a5ab2..f786e60be6e3 100644
--- a/src/chrome/content/rules/up.com.xml
+++ b/src/chrome/content/rules/up.com.xml
@@ -4,7 +4,6 @@
 	Other Union Pacific Railroad Company rulesets:
 
 		- streamline.com.xml
-		- unionpacific.jobs.xml
 		- up.jobs.xml
 		- upds.com.xml
 		- uprr.com.xml
diff --git a/src/chrome/content/rules/upc-cablecom.xml b/src/chrome/content/rules/upc-cablecom.xml
index 4bf386826464..13355ad45183 100644
--- a/src/chrome/content/rules/upc-cablecom.xml
+++ b/src/chrome/content/rules/upc-cablecom.xml
@@ -17,7 +17,7 @@ Fetch error: http://preprod.it.hispeed.ch/ => https://preprod.it.hispeed.ch/: (2
 Fetch error: http://preprod.en.hispeed.ch/ => https://preprod.en.hispeed.ch/: (28, 'Connection timed out after 20001 milliseconds')
 Fetch error: http://webmail.hispeed.ch/ => https://webmail.hispeed.ch/: (7, 'Failed to connect to webmail.hispeed.ch port 443: Connection refused')
 
-	CDN buckets: 
+	CDN buckets:
 
 		- www.orion.lgi.com.c.footprint.net
 
@@ -38,7 +38,7 @@ Fetch error: http://webmail.hispeed.ch/ => https://webmail.hispeed.ch/: (7, 'Fai
 		- static
 
 -->
-<ruleset name="UPC Cablecom" default_off='failed ruleset test'>
+<ruleset name="UPC Cablecom" default_off="failed ruleset test">
 	<target host="upc-cablecom.ch"/>
 	<target host="www.upc-cablecom.ch"/>
 	<target host="jira.upc-cablecom.ch"/>
diff --git a/src/chrome/content/rules/uprr.com-falsemixed.xml b/src/chrome/content/rules/uprr.com-falsemixed.xml
deleted file mode 100644
index 311255c91a03..000000000000
--- a/src/chrome/content/rules/uprr.com-falsemixed.xml
+++ /dev/null
@@ -1,19 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see uprr.com.xml.
-
-
-	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="UPrr.com (false MCB)" platform="mixedcontent">
-
-	<target host="dx01.my.uprr.com" />
-
-
-	<securecookie host=".+" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/uptimeinstitute.com.xml b/src/chrome/content/rules/uptimeinstitute.com.xml
index 9fd38c62837d..1f1c3c15e9cd 100644
--- a/src/chrome/content/rules/uptimeinstitute.com.xml
+++ b/src/chrome/content/rules/uptimeinstitute.com.xml
@@ -16,7 +16,7 @@ pt-forms.uptimeinstitute.com different content
 ¹ mismatch
 ⁴ self signed
 -->
-<ruleset name="uptimeinstitute.com" default_off='failed ruleset test'>
+<ruleset name="uptimeinstitute.com" default_off="failed ruleset test">
 	<target host="uptimeinstitute.com" />
 	<target host="www.uptimeinstitute.com" />
 	<target host="es.uptimeinstitute.com" />
diff --git a/src/chrome/content/rules/urbanproxy.eu.xml b/src/chrome/content/rules/urbanproxy.eu.xml
deleted file mode 100644
index 31a30f0f3fd1..000000000000
--- a/src/chrome/content/rules/urbanproxy.eu.xml
+++ /dev/null
@@ -1,7 +0,0 @@
-<ruleset name="urbanproxy.eu">
-	<target host="urbanproxy.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/url.cn.xml b/src/chrome/content/rules/url.cn.xml
index 5159a24e97f8..0a1bb201cbdc 100644
--- a/src/chrome/content/rules/url.cn.xml
+++ b/src/chrome/content/rules/url.cn.xml
@@ -1,6 +1,6 @@
 <!--
 	The Tencent's short url serve, just like t.co
-	
+
 	Mismatch:
 		^
 		www.
@@ -19,7 +19,7 @@
 	<target host="8.url.cn" />
 	<target host="9.url.cn" />
 	<target host="10.url.cn" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/urlQuery.net.xml b/src/chrome/content/rules/urlQuery.net.xml
deleted file mode 100644
index 6bbece917fe2..000000000000
--- a/src/chrome/content/rules/urlQuery.net.xml
+++ /dev/null
@@ -1,9 +0,0 @@
-<ruleset name="urlQuery.net">
-	<target host="urlquery.net" />
-	<target host="www.urlquery.net" />
-	<target host="dev.urlquery.net" />
-
-	<securecookie host=".+" name=".+" />
-	
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/usainteanne.xml b/src/chrome/content/rules/usainteanne.xml
index 95d5e98b2915..8ac5a3218c2a 100644
--- a/src/chrome/content/rules/usainteanne.xml
+++ b/src/chrome/content/rules/usainteanne.xml
@@ -5,7 +5,7 @@ Fetch error: http://webmail.usainteanne.ca/ => https://webmail.usainteanne.ca/:
 Fetch error: http://smtp.usainteanne.ca/ => https://smtp.usainteanne.ca/: (28, 'Connection timed out after 20001 milliseconds')
 
 -->
-<ruleset name="usainteanne" default_off='failed ruleset test'>
+<ruleset name="usainteanne" default_off="failed ruleset test">
   <target host="usainteanne.ca" />
   <target host="www.usainteanne.ca" />
   <target host="webmail.usainteanne.ca" />
diff --git a/src/chrome/content/rules/usatodayw7vu5egc.onion.xml b/src/chrome/content/rules/usatodayw7vu5egc.onion.xml
new file mode 100644
index 000000000000..c02c8e8a92fb
--- /dev/null
+++ b/src/chrome/content/rules/usatodayw7vu5egc.onion.xml
@@ -0,0 +1,8 @@
+<!--
+	For other Gannett Company coverage, see Gannett-Company.xml.
+-->
+<ruleset name="usatodayw7vu5egc.onion">
+	<target host="usatodayw7vu5egc.onion" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/usembassy.gov.xml b/src/chrome/content/rules/usembassy.gov.xml
index 4cfa3aad1809..8bf6fddbb8bb 100644
--- a/src/chrome/content/rules/usembassy.gov.xml
+++ b/src/chrome/content/rules/usembassy.gov.xml
@@ -110,7 +110,7 @@ Fetch error: http://suva.usembassy.gov/ => https://suva.usembassy.gov/: (6, 'Cou
 		- iframe on macedonia, tanzania from www.youtube.com ˢ
 
 		- Images, on:
-		
+
 			- abudhabi, arabic.algeria, french.algeria, algiers, angola, portuguese.angola, www.antananarivo, armenia, armenian.armenia, russian.ashgabat, turkmen.ashgabat, athens, austria, german.austria, azerbaijan, azeri.azerbaijan, bahrain, bangkok, thai.bangkok, bangui, banjul, barbados, belgium, dutch.belgium, french.belgium, belize, french.benin, bern, bishkek, kyrgyz.bishkek, russian.bishkek, bogota, spanish.bogota, bolivia, spanish.bolivia, botswana, brazzaville, french.brazzaville, brunei, bulgaria, bulgarian.bulgaria, french.burkinafaso, burma, burundi, canberra, caracas, spanish.caracas, french.chad, chile, spanish.chile, conakry, costarica, spanish.costarica, costarica, cotonou, dakar, french.dakar, damascus, denmark, dhaka, djibouti, dushanbe, russian.dushanbe, tajik.dushanbe, ecuador, spanish.ecuador, egypt, eritrea, estonia, estonian.estonia, russian.estonia, ethiopia, finland, freetown, georgetown, georgia, georgian.georgia, ghana, guatemala, spanish.guatemala, french.guinea, haiti, french.haiti, harare, havana, honduras, spanish.honduras, hungary, hungarian.hungary, iceland, iran, persian.iran, iraq, arabic.iraq, islamabad, israel, hebrew.israel, italy, italian.italy, jakarta, jordan, kabul, kazakhstan, kingston, kinshasa, kolonia, kuwait, laos, lebanon, libreville, libya, lilongwe, lima, luxembourg, macedonia, madrid, majuro, malabo, mali, malta, manila, maputo, maseru, mauritania, mauritius, minsk, moldova, mongolia, morocco, nairobi, nassau, ndjamena, nepal, newdelhi, niamey, nicaragua, nigeria, norway, oman, ouagadougou, palau, panama, paraguay, podgorica, portmoresby, portugal, praia, pristina, qatar, riga, latvian.riga, romania, rwanda, sansalvador, santodomingo, sarajevo, seoul, serbia, singapore, slovakia, slovenia, southsudan, srilanka, sudan, suriname, suva, swaziland, tanzania, thehague, tirana, togo, trinidad, tunisia, turkey, turkmenistan, ukraine, uruguay, uzbekistan, vilnius, windhoek, www, yaounde, yemen, zagreb from photos.state.gov ˢ
 			- www.antananarivo, athens, azeri.azerbaijan, belize, belgium, dutch.belgium, bogota, spanish.bogota, bolivia, spanish.bolivia, french.brazzaville, brunei, ghana, dushanbe, french.guinea, harare, honduras, luxembourg, majuro, minsk, moscow, newdelhi, srilanka, sudan, suriname, tanzania, thehague, turkey, vatican, windhoek, yemen from photos.america.gov ˢ
 			- azerbaijan, azeri.azerbaijan from s97095.gridserver.com ᵒ
@@ -143,7 +143,7 @@ Fetch error: http://suva.usembassy.gov/ => https://suva.usembassy.gov/: (6, 'Cou
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="US Embassy.gov (partial)" default_off='failed ruleset test'>
+<ruleset name="US Embassy.gov (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/usenetter.nl.xml b/src/chrome/content/rules/usenetter.nl.xml
index c6ee483df329..ea4e994d2cc8 100644
--- a/src/chrome/content/rules/usenetter.nl.xml
+++ b/src/chrome/content/rules/usenetter.nl.xml
@@ -7,7 +7,7 @@ Fetch error: http://usenetter.nl/ => https://www.usenetter.nl/: (60, 'SSL certif
 	^usenetter.nl: Mismatched
 
 -->
-<ruleset name="Usenetter.nl" default_off='failed ruleset test'>
+<ruleset name="Usenetter.nl" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/user.fm.xml b/src/chrome/content/rules/user.fm.xml
new file mode 100644
index 000000000000..6331ec87d9c6
--- /dev/null
+++ b/src/chrome/content/rules/user.fm.xml
@@ -0,0 +1,16 @@
+<!--
+	For other Fastmail coverage, see Fastmail.xml
+
+	user.fm: Fastmail user websites
+
+	- If www.example.com was hosted on Fastmail, it would also be available
+	  as http://www.example.com.user.fm/ and https://user.fm/www.example.com/
+
+	- Unfortunately rewriting *.user.fm to subdirectories would break many
+	  relative links in sites such as to '/css/style.css'.
+-->
+<ruleset name="user.fm">
+    <target host="user.fm" />
+
+    <rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/userstory.ru.xml b/src/chrome/content/rules/userstory.ru.xml
index 59c63769eddc..909b36709067 100644
--- a/src/chrome/content/rules/userstory.ru.xml
+++ b/src/chrome/content/rules/userstory.ru.xml
@@ -50,7 +50,7 @@ shop.demo1.loko.office.userstory.ru ¹
 ¹ mismatch
 ² refused
 -->
-<ruleset name="userstory.ru" default_off='failed ruleset test'>
+<ruleset name="userstory.ru" default_off="failed ruleset test">
 	<target host="userstory.ru" />
 	<target host="www.userstory.ru" />
 	<target host="blog.userstory.ru" />
diff --git a/src/chrome/content/rules/usyd.edu.au.xml b/src/chrome/content/rules/usyd.edu.au.xml
index 7eb54e8a1d39..6f30439a3aad 100644
--- a/src/chrome/content/rules/usyd.edu.au.xml
+++ b/src/chrome/content/rules/usyd.edu.au.xml
@@ -57,7 +57,7 @@ Fetch error: http://www.alumniandfriends.usyd.edu.au/ => https://www.alumniandfr
 	ˢ Secured by us
 
 -->
-<ruleset name="USyd.edu.au (partial)" default_off='failed ruleset test'>
+<ruleset name="USyd.edu.au (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/utf8everywhere.org.xml b/src/chrome/content/rules/utf8everywhere.org.xml
new file mode 100644
index 000000000000..97de1c703ff0
--- /dev/null
+++ b/src/chrome/content/rules/utf8everywhere.org.xml
@@ -0,0 +1,7 @@
+<ruleset name="utf8everywhere.org">
+	<target host="utf8everywhere.org" />
+	<target host="www.utf8everywhere.org" />
+
+	<rule from="^http://www\.utf8everywhere\.org/" to="https://utf8everywhere.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/valgrind.org.xml b/src/chrome/content/rules/valgrind.org.xml
new file mode 100644
index 000000000000..56fbdfe4574d
--- /dev/null
+++ b/src/chrome/content/rules/valgrind.org.xml
@@ -0,0 +1,11 @@
+<ruleset name="valgrind.org">
+	<target host="valgrind.org" />
+	<target host="www.valgrind.org" />
+	<!--
+	non-functional
+	<target host="svn.valgrind.org" />
+	<target host="njn.valgrind.org" />
+	-->
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/valuate.com.xml b/src/chrome/content/rules/valuate.com.xml
deleted file mode 100644
index a67a02ada1d5..000000000000
--- a/src/chrome/content/rules/valuate.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="Valuate.com">
-
-	<target host="valuate.com" />
-	<target host="www.valuate.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/vanguard.xml b/src/chrome/content/rules/vanguard.xml
index b1c6c6a2df19..b70b81c66463 100644
--- a/src/chrome/content/rules/vanguard.xml
+++ b/src/chrome/content/rules/vanguard.xml
@@ -4,9 +4,6 @@
   <target host="investor.vanguard.com" />
   <target host="personal.vanguard.com" />
 
-  <test url="http://vanguard.com/" />
-  <test url="http://investor.vanguard.com/" />
-  <test url="http://personal.vanguard.com/" />
 
   <rule from="^http:"
           to="https:" />
diff --git a/src/chrome/content/rules/veggiekarte.de.xml b/src/chrome/content/rules/veggiekarte.de.xml
index b3f847cebd91..f59f879e732a 100644
--- a/src/chrome/content/rules/veggiekarte.de.xml
+++ b/src/chrome/content/rules/veggiekarte.de.xml
@@ -5,4 +5,4 @@
 	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>  
+</ruleset>
diff --git a/src/chrome/content/rules/vendini.com.xml b/src/chrome/content/rules/vendini.com.xml
index 683a0a64ce58..59bedc328e2e 100644
--- a/src/chrome/content/rules/vendini.com.xml
+++ b/src/chrome/content/rules/vendini.com.xml
@@ -34,7 +34,7 @@ Non-2xx HTTP code: http://landing.vendini.com/rs/vendini/images/nav_bg.jpg (200)
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Vendini.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Vendini.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/verizon.net.xml b/src/chrome/content/rules/verizon.net.xml
index a4499b949ed2..fe76020dc102 100644
--- a/src/chrome/content/rules/verizon.net.xml
+++ b/src/chrome/content/rules/verizon.net.xml
@@ -26,7 +26,7 @@ Fetch error: http://static-business.verizon.net/ => https://static-business.veri
 		- care.verizon.net
 
 -->
-<ruleset name="Verizon.net (partial)" default_off='failed ruleset test'>
+<ruleset name="Verizon.net (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/verseone.com.xml b/src/chrome/content/rules/verseone.com.xml
index 665a6d5b40a7..e30550fa97b0 100644
--- a/src/chrome/content/rules/verseone.com.xml
+++ b/src/chrome/content/rules/verseone.com.xml
@@ -25,7 +25,7 @@ Fetch error: http://hc.verseone.com/ => https://www.howard-cottage.co.uk/: (60,
 	ᵐ Mismatched
 
 -->
-<ruleset name="VerseOne.com (partial)" default_off='failed ruleset test'>
+<ruleset name="VerseOne.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/vevent.com.xml b/src/chrome/content/rules/vevent.com.xml
index 061b984a8473..885fdff560dd 100644
--- a/src/chrome/content/rules/vevent.com.xml
+++ b/src/chrome/content/rules/vevent.com.xml
@@ -10,7 +10,7 @@ Fetch error: http://vevent.com/ => https://vevent.com/: (6, 'Could not resolve h
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="vevent.com" default_off='failed ruleset test'>
+<ruleset name="vevent.com" default_off="failed ruleset test">
 
 	<target host="vevent.com" />
 	<target host="engage.vevent.com" />
diff --git a/src/chrome/content/rules/vfl.ru.xml b/src/chrome/content/rules/vfl.ru.xml
new file mode 100644
index 000000000000..86313742e994
--- /dev/null
+++ b/src/chrome/content/rules/vfl.ru.xml
@@ -0,0 +1,32 @@
+<!--
+	Invalid certificate:
+		da.vfl.ru
+		storage02.vfl.ru
+		storage04.vfl.ru
+		wiki.vfl.ru
+		www.wiki.vfl.ru
+
+	Refused:
+		images01.vfl.ru
+		mx.vfl.ru
+		storage03.vfl.ru
+-->
+<ruleset name="vfl.ru">
+	<target host="vfl.ru" />
+	<target host="www.vfl.ru" />
+	<target host="forum.vfl.ru" />
+	<target host="fotohosting.vfl.ru" />
+	<target host="frontend.vfl.ru" />
+	<target host="images.vfl.ru" />
+	<target host="images06.vfl.ru" />
+	<target host="m.vfl.ru" />
+	<target host="pf.vfl.ru" />
+	<target host="storage.vfl.ru" />
+	<target host="storage05.vfl.ru" />
+	<target host="images02.vfl.ru" />
+	<target host="images03.vfl.ru" />
+	<target host="images04.vfl.ru" />
+	<target host="images07.vfl.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vi-serve.com.xml b/src/chrome/content/rules/vi-serve.com.xml
new file mode 100644
index 000000000000..1184366a06fe
--- /dev/null
+++ b/src/chrome/content/rules/vi-serve.com.xml
@@ -0,0 +1,17 @@
+<ruleset name="vi-serve.com">
+
+	<target host="c.vi-serve.com" />
+	<target host="nv.vi-serve.com" />
+	<target host="pb.vi-serve.com" />
+	<target host="pb0.vi-serve.com" />
+	<target host="s.vi-serve.com" />
+		<test url="http://s.vi-serve.com/tagLoader.js" />
+	<target host="s404-1.vi-serve.com" />
+	<target host="t.vi-serve.com" />
+	<target host="vis.vi-serve.com" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/victoriaforms.com.xml b/src/chrome/content/rules/victoriaforms.com.xml
index 7d2c2bcbec97..814def0f283b 100644
--- a/src/chrome/content/rules/victoriaforms.com.xml
+++ b/src/chrome/content/rules/victoriaforms.com.xml
@@ -5,7 +5,7 @@ Non-2xx HTTP code: http://victoriaforms.com/ (200) => https://victoriaforms.com/
 Non-2xx HTTP code: http://www.victoriaforms.com/ (200) => https://www.victoriaforms.com/ (403)
 
 -->
-<ruleset name="Victoria forms.com" default_off='failed ruleset test'>
+<ruleset name="Victoria forms.com" default_off="failed ruleset test">
 
 	<target host="victoriaforms.com" />
 	<target host="www.victoriaforms.com" />
diff --git a/src/chrome/content/rules/videoincloud.com.xml b/src/chrome/content/rules/videoincloud.com.xml
new file mode 100644
index 000000000000..dc44ff62c80c
--- /dev/null
+++ b/src/chrome/content/rules/videoincloud.com.xml
@@ -0,0 +1,18 @@
+<!--
+	Fail:
+		^
+		www.videoincloud.com
+
+ 	Mismatched:
+		ts.videoincloud.com
+-->
+<ruleset name="videoincloud.com">
+	<target host="click.videoincloud.com" />
+	<target host="live.videoincloud.com" />
+	<target host="player.videoincloud.com" />
+	<target host="static.videoincloud.com" />
+	<target host="v.videoincloud.com" />
+	<target host="vod.videoincloud.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/viewablemedia.net.xml b/src/chrome/content/rules/viewablemedia.net.xml
index a2d516f67c05..4f740680c8cd 100644
--- a/src/chrome/content/rules/viewablemedia.net.xml
+++ b/src/chrome/content/rules/viewablemedia.net.xml
@@ -7,7 +7,7 @@ Fetch error: http://www.viewablemedia.net/ => https://www.viewablemedia.net/: (7
 	For other Visible Measures coverage, see Visible-Measures.xml.
 
 -->
-<ruleset name="Viewable Media.net" default_off='failed ruleset test'>
+<ruleset name="Viewable Media.net" default_off="failed ruleset test">
 
 	<target host="viewablemedia.net" />
 	<target host="www.viewablemedia.net" />
diff --git a/src/chrome/content/rules/virtmo.com.xml b/src/chrome/content/rules/virtmo.com.xml
new file mode 100644
index 000000000000..3e6c5bb98303
--- /dev/null
+++ b/src/chrome/content/rules/virtmo.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="Virtmo.com (partial)">
+	<target host="virtmo.com" />
+	<target host="www.virtmo.com" />
+	<target host="my.virtmo.com" />
+  <securecookie host=".+" name=".+"/>
+  <rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/visma.no.xml b/src/chrome/content/rules/visma.no.xml
index 8bb294a0662c..73bad89510ca 100644
--- a/src/chrome/content/rules/visma.no.xml
+++ b/src/chrome/content/rules/visma.no.xml
@@ -30,7 +30,7 @@ Fetch error: http://reportingvsn.visma.no/ => https://reportingvsn.visma.no/: (7
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Visma.no (partial)" default_off='failed ruleset test'>
+<ruleset name="Visma.no (partial)" default_off="failed ruleset test">
 
 	<target host="community.visma.no" />
 	<target host="reportingvsn.visma.no" />
diff --git a/src/chrome/content/rules/viz-info.de.xml b/src/chrome/content/rules/viz-info.de.xml
deleted file mode 100644
index 855d9f00641a..000000000000
--- a/src/chrome/content/rules/viz-info.de.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="viz-info.de">
-
-	<target host="webstat.viz-info.de" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/vizzion.com.xml b/src/chrome/content/rules/vizzion.com.xml
new file mode 100644
index 000000000000..811b1ac09f02
--- /dev/null
+++ b/src/chrome/content/rules/vizzion.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="vizzion.com">
+	<target host="vizzion.com" />
+	<target host="www.vizzion.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/vkarpinsk.info.xml b/src/chrome/content/rules/vkarpinsk.info.xml
deleted file mode 100644
index 048e0f322c1a..000000000000
--- a/src/chrome/content/rules/vkarpinsk.info.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="vkarpinsk.info" platform="mixedcontent">
-	<target host="vkarpinsk.info" />
-	<target host="www.vkarpinsk.info" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/vm.de.xml b/src/chrome/content/rules/vm.de.xml
deleted file mode 100644
index 846a43cd4eb0..000000000000
--- a/src/chrome/content/rules/vm.de.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="vm.de">
-
-	<target host="piwik.vm.de" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/vnu.ru.xml b/src/chrome/content/rules/vnu.ru.xml
index 4460a12822b0..7da2ccd0bb6e 100644
--- a/src/chrome/content/rules/vnu.ru.xml
+++ b/src/chrome/content/rules/vnu.ru.xml
@@ -8,7 +8,7 @@ www.vnu.ru mismatch
 equil.vnu.ru mismatch
 mail.vnu.ru mismatch
 -->
-<ruleset name="vnu.ru (partial)" default_off='failed ruleset test'>
+<ruleset name="vnu.ru (partial)" default_off="failed ruleset test">
 	<target host="cash.vnu.ru" />
 
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/vodkamethod.com.xml b/src/chrome/content/rules/vodkamethod.com.xml
deleted file mode 100644
index 75d870dc64c8..000000000000
--- a/src/chrome/content/rules/vodkamethod.com.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="vodkamethod.com">
-        <target host="vodkamethod.com" />
-
-        <rule from="^http:"
-                to="https:" />
-</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/vogogo.com.xml b/src/chrome/content/rules/vogogo.com.xml
index aa880a72368e..cb66deccea6c 100644
--- a/src/chrome/content/rules/vogogo.com.xml
+++ b/src/chrome/content/rules/vogogo.com.xml
@@ -6,7 +6,7 @@ Fetch error: http://docs.vogogo.com/ => https://docs.vogogo.com/: (6, 'Could not
 Fetch error: http://interac.vogogo.com/ => https://interac.vogogo.com/: (6, 'Could not resolve host: interac.vogogo.com')
 
 -->
-<ruleset name="Vogogo" default_off='failed ruleset test'>
+<ruleset name="Vogogo" default_off="failed ruleset test">
 
 	<target host="vogogo.com" />
 	<target host="app.vogogo.com" />
@@ -14,7 +14,7 @@ Fetch error: http://interac.vogogo.com/ => https://interac.vogogo.com/: (6, 'Cou
 	<target host="interac.vogogo.com" />
 	<target host="www.vogogo.com" />
 
-	<securecookie host="^.*\.?vogogo\.com$" name=".+" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/voidlinux.eu.xml b/src/chrome/content/rules/voidlinux.eu.xml
deleted file mode 100644
index d6cc274b8f0c..000000000000
--- a/src/chrome/content/rules/voidlinux.eu.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<ruleset name="Void Linux.eu">
-	<target host="voidlinux.eu" />
-	<target host="www.voidlinux.eu" />
-	<target host="build.voidlinux.eu" />
-	<target host="forum.voidlinux.eu" />
-	<target host="repo.voidlinux.eu" />
-	<target host="repo2.voidlinux.eu" />
-	<target host="sources.voidlinux.eu" />
-	<target host="wiki.voidlinux.eu" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:"	to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/voidtools.com.xml b/src/chrome/content/rules/voidtools.com.xml
index 43337dea0c65..a4b26d77b73f 100644
--- a/src/chrome/content/rules/voidtools.com.xml
+++ b/src/chrome/content/rules/voidtools.com.xml
@@ -4,8 +4,7 @@
 
 	<target host="www.forum.voidtools.com"/>
 	<rule from="^http://www\.forum\.voidtools\.com/" to="https://www.voidtools.com/forum/" />
-		<test url="http://www.forum.voidtools.com/" />
-		
+
 	<!--	Directly	-->
 
 	<target host="voidtools.com"/>
diff --git a/src/chrome/content/rules/voipuserportal.co.uk.xml b/src/chrome/content/rules/voipuserportal.co.uk.xml
index 485d9a2dab96..7e274680621d 100644
--- a/src/chrome/content/rules/voipuserportal.co.uk.xml
+++ b/src/chrome/content/rules/voipuserportal.co.uk.xml
@@ -13,7 +13,7 @@
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="VOIP user portal.co.uk" default_off="missing certificate chain">
+<ruleset name="VOIP user portal.co.uk" default_off="cert-chain">
 
 	<target host="voipuserportal.co.uk" />
 	<target host="www.voipuserportal.co.uk" />
diff --git a/src/chrome/content/rules/vouchercloud.com.xml b/src/chrome/content/rules/vouchercloud.com.xml
index d70fd22e4eba..e9b9ef2e853a 100644
--- a/src/chrome/content/rules/vouchercloud.com.xml
+++ b/src/chrome/content/rules/vouchercloud.com.xml
@@ -27,7 +27,7 @@ Fetch error: http://media.vouchercloud.com/ => https://media.vouchercloud.com/:
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="VoucherCloud.com" default_off='failed ruleset test'>
+<ruleset name="VoucherCloud.com" default_off="failed ruleset test">
 
 	<target host="vouchercloud.com" />
 	<target host="a2-content.vouchercloud.com" />
diff --git a/src/chrome/content/rules/voxmedia.com-resources.xml b/src/chrome/content/rules/voxmedia.com-resources.xml
index b45fc79dbc5f..87f7d44b53b2 100644
--- a/src/chrome/content/rules/voxmedia.com-resources.xml
+++ b/src/chrome/content/rules/voxmedia.com-resources.xml
@@ -1,49 +1,22 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://providence.voxmedia.com/ => https://providence.voxmedia.com/: (7, 'Failed to connect to providence.voxmedia.com port 443: Connection timed out')
-
 	For rules covering more than resources, see Vox_Media.com.xml.
 
-	Note: platform is so as not to increase non-Tor
-	distinguishability, given that no pages are covered
-	and no mixed content secured.
-
+	Non-functional hosts:
+		Connection timeout:
+		- providence.voxmedia.com
 -->
-<ruleset name="Vox Media.com (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Vox Media.com (resources)">
 
-	<target host="voxmedia.com" />
 	<target host="ea-cdn.voxmedia.com" />
 	<target host="fonts.voxmedia.com" />
-	<target host="marketing.voxmedia.com" />
 	<target host="phonograph-static.voxmedia.com" />
 	<target host="phonograph2.voxmedia.com" />
-	<target host="product.voxmedia.com" />
-	<target host="providence.voxmedia.com" />
-	<target host="www.voxmedia.com" />
 
 		<test url="http://ea-cdn.voxmedia.com/production/voxmedia/images/about/chorus-e232d7e7.svg" />
 		<test url="http://fonts.voxmedia.com/unison/voxmedia/voxmedia.css" />
 		<test url="http://phonograph2.voxmedia.com/pickup.js" />
 		<test url="http://phonograph-static.voxmedia.com/beacon-min.js" />
 
-		<exclusion pattern="^http://(?:marketing|product|www)\.voxmedia\.com/(?!/*(?:favicon\.ico|styles/))" />
-
-			<!--	+ve:
-					-->
-			<test url="http://marketing.voxmedia.com/2015/10/14/9531041/vox-in-your-inbox-vox-sentences-gets-personal-with-email-marketing" />
-			<test url="http://product.voxmedia.com/2012/5/4/5426770/earn-while-working-from-home-keeping-a-close-knit-team-with-far-flung" />
-			<test url="http://www.voxmedia.com/2015/12/21/10641582/new-york-times-vox-media-adds-re-code-to-its-stable-of-websites" />
-
-			<!--	-ve:
-					-->
-			<test url="http://marketing.voxmedia.com/favicon.ico" />
-			<test url="http://product.voxmedia.com/favicon.ico" />
-			<test url="http://product.voxmedia.com/style/a4599c476fee06f907e34d73f5302974/chorus.css" />
-			<test url="http://www.voxmedia.com/favicon.ico" />
-			<test url="http://www.voxmedia.com/style/39ba52252694457a2ece9335b34f6733/chorus.css" />
-
-
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/vpn.ac.xml b/src/chrome/content/rules/vpn.ac.xml
index f8c8472bf7e1..5dc07e790c6e 100644
--- a/src/chrome/content/rules/vpn.ac.xml
+++ b/src/chrome/content/rules/vpn.ac.xml
@@ -28,6 +28,6 @@
 	<securecookie host="^vpnac\.com$" name=".+" />
 
 
-	<rule from="^http:" 
+	<rule from="^http:"
 		to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/vrijstellingoldtimer.nl.xml b/src/chrome/content/rules/vrijstellingoldtimer.nl.xml
index cfde44fb3920..7998ad9b6649 100644
--- a/src/chrome/content/rules/vrijstellingoldtimer.nl.xml
+++ b/src/chrome/content/rules/vrijstellingoldtimer.nl.xml
@@ -5,7 +5,7 @@ Fetch error: http://vrijstellingoldtimer.nl/ => https://vrijstellingoldtimer.nl/
 Fetch error: http://www.vrijstellingoldtimer.nl/ => https://www.vrijstellingoldtimer.nl/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Vrijstelling Oldtimer" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Vrijstelling Oldtimer" platform="mixedcontent" default_off="failed ruleset test">
   <target host="vrijstellingoldtimer.nl" />
   <target host="www.vrijstellingoldtimer.nl" />
 
diff --git a/src/chrome/content/rules/vtb24.ru.xml b/src/chrome/content/rules/vtb24.ru.xml
index 9a3843463269..a0e9d17362c0 100644
--- a/src/chrome/content/rules/vtb24.ru.xml
+++ b/src/chrome/content/rules/vtb24.ru.xml
@@ -12,7 +12,7 @@ gb.vtb24.ru mismatch
 trade.vtb24.ru expired
 career.vtb24.ru timed out
 -->
-<ruleset name="vtb24.ru" default_off='failed ruleset test'>
+<ruleset name="vtb24.ru" default_off="failed ruleset test">
 	<target host="vtb24.ru" />
 	<target host="www.vtb24.ru" />
 	<target host="bco.vtb24.ru" />
diff --git a/src/chrome/content/rules/vulture.com.xml b/src/chrome/content/rules/vulture.com.xml
new file mode 100644
index 000000000000..3dadca162ad3
--- /dev/null
+++ b/src/chrome/content/rules/vulture.com.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		e.vulture.com
+		b.e.vulture.com
+		f.e.vulture.com
+		m.e.vulture.com
+		horizon.vulture.com
+		instagram.vulture.com
+		vulture.com.112.2o7.net
+
+	Time out:
+		reg.e.vulture.com
+-->
+<ruleset name="vulture.com">
+	<target host="vulture.com" />
+	<target host="www.vulture.com" />
+	<target host="client.vulture.com" />
+	<target host="link.vulture.com" />
+	<target host="stats.vulture.com" />
+	<target host="video.vulture.com" />
+	<target host="videos.vulture.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/w3techs.com.xml b/src/chrome/content/rules/w3techs.com.xml
index fbbe74a2bc0e..f8c4e747a1ec 100644
--- a/src/chrome/content/rules/w3techs.com.xml
+++ b/src/chrome/content/rules/w3techs.com.xml
@@ -8,7 +8,7 @@ a.w3techs.com different content
 <ruleset name="w3techs.com">
 	<target host="w3techs.com" />
 	<target host="www.w3techs.com" />
-	
+
 	<rule from="^http://www\.w3techs\.com/"
 		to="https://w3techs.com/" />
 
diff --git a/src/chrome/content/rules/wadod.com.xml b/src/chrome/content/rules/wadod.com.xml
deleted file mode 100644
index 7e9b46ce0c38..000000000000
--- a/src/chrome/content/rules/wadod.com.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="wadod.com" platform="mixedcontent">
-	<target host="wadod.com" />
-	<target host="www.wadod.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/wadod.net.xml b/src/chrome/content/rules/wadod.net.xml
deleted file mode 100644
index 95c913510cda..000000000000
--- a/src/chrome/content/rules/wadod.net.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="wadod.net" platform="mixedcontent">
-	<target host="wadod.net" />
-	<target host="www.wadod.net" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/waidelotte.org.xml b/src/chrome/content/rules/waidelotte.org.xml
new file mode 100644
index 000000000000..71481014ac4a
--- /dev/null
+++ b/src/chrome/content/rules/waidelotte.org.xml
@@ -0,0 +1,18 @@
+<!--
+	Invalid certificate:
+		ftp.waidelotte.org
+		imap.waidelotte.org
+		mail.waidelotte.org
+		pop3.waidelotte.org
+		smtp.waidelotte.org
+
+	Refused:
+		autodiscover.waidelotte.org
+-->
+<ruleset name="waidelotte.org">
+	<target host="waidelotte.org" />
+	<target host="www.waidelotte.org" />
+
+	<rule from="^http://www\.waidelotte\.org/" to="https://waidelotte.org/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wakefield.gov.uk.xml b/src/chrome/content/rules/wakefield.gov.uk.xml
index 25d29aa34f22..1b7009d940ef 100644
--- a/src/chrome/content/rules/wakefield.gov.uk.xml
+++ b/src/chrome/content/rules/wakefield.gov.uk.xml
@@ -20,10 +20,11 @@
 
 		- aces *
 		- consult ᵐ
+		- eforms (timeout)
 		- mapping ᶜ
 		- observatory ᵐ
 
-	* ($|\?) 403s
+	* Refused
 	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
 	ᵐ Mismatched
 
@@ -42,7 +43,7 @@
 	Mixed content:
 
 		- Images, on:
-		
+
 			- eforms from www.wakefield.gov.uk ᵈ
 			- observatory from observatory.bradford.gov.uk ᵐ
 			- observatory from observatory.calderdale.gov.uk ᵐ
@@ -57,46 +58,14 @@
 -->
 <ruleset name="Wakefield.gov.uk (partial)">
 
-	<!--	Direct rewrites:
-				-->
-	<target host="eforms.wakefield.gov.uk" />
 	<target host="ieg4app.wakefield.gov.uk" />
 	<target host="libraries.wakefield.gov.uk" />
-	<!--target host="mapping.wakefield.gov.uk" /-->
 	<target host="planning.wakefield.gov.uk" />
 	<target host="portal.wakefield.gov.uk" />
 	<target host="spocc.wakefield.gov.uk" />
 	<target host="sports.wakefield.gov.uk" />
 
-	<!--	Complications:
-				-->
-	<target host="aces.wakefield.gov.uk" />
-	<target host="consult.wakefield.gov.uk" />
-
-		<!--	Sets cookies without Secure:
-							-->
-		<!--test url="http://ieg4app.wakefield.gov.uk/eGovHub/Viewer/Org/Production/Apps/HBNewClaim/Launch.aspx" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^observatory\.wakefield\.gov\.uk$" name="^(?:ASP\.NET_SessionId|ias\.Locale|ias\.PreferredItemCount)$" /-->
-	<!--securecookie host="^ieg4app\.wakefield\.gov\.uk$" name="^(?:\.ASPXAUTH|ASP\.NET_SessionId)$" /-->
-	<!--securecookie host="^portal\.wakefield\.gov\.uk$" name="^(?:ASPSESSIONID[A-Z]{8}|uniquesig[\dA-F]{64})$" /-->
-	<!--securecookie host="^(?:spocc|sports)\.wakefield\.gov\.uk$" name="^ASP\.NET_SessionId$" /-->
-
-	<securecookie host="^\w" name="" />
-
-
-	<!--	Redirect drops forward slash and args:
-							-->
-	<rule from="^http://aces\.wakefield\.gov\.uk/+(?:\?.*)?$"
-		to="https://aces.wakefield.gov.uk/WebSite/WACES/default.aspx" />
-
-		<test url="http://aces.wakefield.gov.uk/?" />
-
-	<rule from="^http://consult\.wakefield\.gov\.uk/"
-		to="https://wakefield-consult.objective.co.uk/" />
+	<securecookie host=".+" name=".+" />
 
 	<rule from="^http:"
 		to="https:" />
diff --git a/src/chrome/content/rules/walkit.xml b/src/chrome/content/rules/walkit.xml
deleted file mode 100644
index 8c476acb45fc..000000000000
--- a/src/chrome/content/rules/walkit.xml
+++ /dev/null
@@ -1,8 +0,0 @@
-<ruleset name="walkit.com" platform="mixedcontent">
-
-  <target host="walkit.com" />
-  <target host="www.walkit.com" />
-
-  <rule from="^http:" to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/walsall.gov.uk.xml b/src/chrome/content/rules/walsall.gov.uk.xml
index f3cd434b0fe3..5a2f8968a5dc 100644
--- a/src/chrome/content/rules/walsall.gov.uk.xml
+++ b/src/chrome/content/rules/walsall.gov.uk.xml
@@ -36,12 +36,12 @@
 	Mixed content:
 
 		- css, on:
-		
+
 			- www2 from cms.walsall.gov.uk ᵖ
 			- www2 from $self ᵖ
 
 		- Images, on:
-		
+
 			- cmispublic, www2, www4 from cms.walsall.gov.uk ᵖ
 			- www4 from www.walsall.gov.uk ᵖ
 
diff --git a/src/chrome/content/rules/wanderreitkarte.de.xml b/src/chrome/content/rules/wanderreitkarte.de.xml
new file mode 100644
index 000000000000..bb61567b42a1
--- /dev/null
+++ b/src/chrome/content/rules/wanderreitkarte.de.xml
@@ -0,0 +1,22 @@
+<!--
+	Invalid certificate:
+		bilder.wanderreitkarte.de
+		topo5.wanderreitkarte.de
+-->
+<ruleset name="wanderreitkarte.de">
+
+	<target host="wanderreitkarte.de" />
+	<target host="www.wanderreitkarte.de" />
+	<target host="abo.wanderreitkarte.de" />
+	<target host="radicale.wanderreitkarte.de" />
+	<target host="thor.wanderreitkarte.de" />
+	<target host="topo.wanderreitkarte.de" />
+	<target host="topo2.wanderreitkarte.de" />
+	<target host="topo3.wanderreitkarte.de" />
+	<target host="topo4.wanderreitkarte.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wao.gov.uk.xml b/src/chrome/content/rules/wao.gov.uk.xml
index 15f4be569462..72b82c50be67 100644
--- a/src/chrome/content/rules/wao.gov.uk.xml
+++ b/src/chrome/content/rules/wao.gov.uk.xml
@@ -21,7 +21,7 @@ Fetch error: http://email.wao.gov.uk/ => https://email.wao.gov.uk/: (28, 'Connec
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="WAO.gov.uk" default_off='failed ruleset test'>
+<ruleset name="WAO.gov.uk" default_off="failed ruleset test">
 
 	<target host="wao.gov.uk" />
 	<target host="email.wao.gov.uk" />
diff --git a/src/chrome/content/rules/warwickshire.gov.uk.xml b/src/chrome/content/rules/warwickshire.gov.uk.xml
index 3bec3c6bde03..bab7c1d23297 100644
--- a/src/chrome/content/rules/warwickshire.gov.uk.xml
+++ b/src/chrome/content/rules/warwickshire.gov.uk.xml
@@ -58,14 +58,14 @@
 	Mixed content:
 
 		- iframes, on:
-		
+
 			- countryparks from maps.google.com ˢ
 			- countryparks, news from www.youtube.com ˢ
 
 		- css on countryparks, news from fonts.googleapis.com ˢ
 
 		- Images, on:
-		
+
 			- (www.)?, apps, countryparks from www.warwickshire.gov.uk ˢ
 			- countryparks, heritage, hwb, invest, laf, news, printservices, publichealth, whittlefordpark, wwp from news.warwickshire.gov.uk ˢ
 			- invest, heritage from $self ᵐ
diff --git a/src/chrome/content/rules/wastereduction.gov.hk.xml b/src/chrome/content/rules/wastereduction.gov.hk.xml
new file mode 100644
index 000000000000..ff7506967753
--- /dev/null
+++ b/src/chrome/content/rules/wastereduction.gov.hk.xml
@@ -0,0 +1,18 @@
+<!--
+	For other HK government coverage, see GovHK.xml.
+
+	Non-functional hosts
+		Couldn't connect to server:
+		- wastereduction.gov.hk
+-->
+<ruleset name="Hong Kong Waste Reduction Website">
+	<target host="wastereduction.gov.hk" />
+	<target host="www.wastereduction.gov.hk" />
+	<target host="wasteexchange.wastereduction.gov.hk" />
+
+	<rule from="^http://wastereduction\.gov\.hk/"
+			to="https://www.wastereduction.gov.hk/" />
+
+	<rule from="^http:"
+			to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/watchcurbyourenthusiasm.com.xml b/src/chrome/content/rules/watchcurbyourenthusiasm.com.xml
new file mode 100644
index 000000000000..e95f39240aee
--- /dev/null
+++ b/src/chrome/content/rules/watchcurbyourenthusiasm.com.xml
@@ -0,0 +1,7 @@
+<ruleset name="watchcurbyourenthusiasm.com">
+
+	<target host="watchcurbyourenthusiasm.com" />
+	<target host="www.watchcurbyourenthusiasm.com" />
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/watford.gov.uk.xml b/src/chrome/content/rules/watford.gov.uk.xml
index b2d93d4f199e..69a0e1e1ab6f 100644
--- a/src/chrome/content/rules/watford.gov.uk.xml
+++ b/src/chrome/content/rules/watford.gov.uk.xml
@@ -7,7 +7,7 @@
 	Nonfunctional hosts in *watford.gov.uk:
 
 		- maps ᵈ
-	
+
 	ᵈ Dropped
 
 
diff --git a/src/chrome/content/rules/watson.de.xml b/src/chrome/content/rules/watson.de.xml
new file mode 100644
index 000000000000..1ecfb7c851fd
--- /dev/null
+++ b/src/chrome/content/rules/watson.de.xml
@@ -0,0 +1,20 @@
+<!--
+	This domain contains a wildcard DNS record.
+-->
+<ruleset name="watson.de">
+
+	<target host="watson.de" />
+	<target host="www.watson.de" />
+	<target host="ampivw.watson.de" />
+	<target host="beta.watson.de" />
+	<target host="cdn1.watson.de" />
+	<target host="cdn2.watson.de" />
+	<target host="go.watson.de" />
+	<target host="viral.watson.de" />
+	<target host="werbung.watson.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/waverly.gov.uk.xml b/src/chrome/content/rules/waverly.gov.uk.xml
index b6e28c42b7c1..abd90b6fde27 100644
--- a/src/chrome/content/rules/waverly.gov.uk.xml
+++ b/src/chrome/content/rules/waverly.gov.uk.xml
@@ -49,7 +49,7 @@ Fetch error: http://www.waverly.gov.uk/ => https://www.waverly.gov.uk/: (6, 'Cou
 	ᵐ Not secured by us <= mismatched
 
 -->
-<ruleset name="Waverly.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Waverly.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="modgov.waverly.gov.uk" />
 	<target host="pay.waverly.gov.uk" />
diff --git a/src/chrome/content/rules/way2allah.com.xml b/src/chrome/content/rules/way2allah.com.xml
deleted file mode 100644
index 5c5f4ec73f9e..000000000000
--- a/src/chrome/content/rules/way2allah.com.xml
+++ /dev/null
@@ -1,14 +0,0 @@
-<!--
-	401 Unauthorized
-		e3jaz.way2allah.com	
--->
-<ruleset name="way2allah.com" platform="mixedcontent">
-	<target host="way2allah.com" />
-	<target host="www.way2allah.com" />
-	<target host="forums.way2allah.com" />
-	<target host="montage.way2allah.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/waywire.com.xml b/src/chrome/content/rules/waywire.com.xml
deleted file mode 100644
index e079dfd3c8f2..000000000000
--- a/src/chrome/content/rules/waywire.com.xml
+++ /dev/null
@@ -1,12 +0,0 @@
-<ruleset name="waywire.com">
-
-	<target host="thumbnail.waywire.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/waz.de.xml b/src/chrome/content/rules/waz.de.xml
new file mode 100644
index 000000000000..34658e7b252f
--- /dev/null
+++ b/src/chrome/content/rules/waz.de.xml
@@ -0,0 +1,42 @@
+<!--
+	Invalid certificate:
+		cue.aws.waz.de
+
+	Redirect error:
+		interaktiv.waz.de
+
+	Refused:
+		ihre.waz.de
+		jobs.waz.de
+
+	Timeout:
+		dev[1-5].aws.waz.de
+		diashow.waz.de
+-->
+<ruleset name="waz.de">
+
+	<target host="waz.de" />
+	<target host="www.waz.de" />
+	<target host="70jahre.waz.de" />
+	<target host="angebote.waz.de" />
+	<target host="bochum70.waz.de" />
+	<target host="www.bochum70.waz.de" />
+	<target host="emag.waz.de" />
+	<target host="email.waz.de" />
+	<target host="extracontent.waz.de" />
+	<target host="files1.waz.de" />
+	<target host="img.waz.de" />
+	<target host="leserladen.waz.de" />
+	<target host="live.waz.de" />
+	<target host="reader.waz.de" />
+	<target host="secure.waz.de" />
+	<target host="service.waz.de" />
+	<target host="sportdaten.waz.de" />
+	<target host="sporttabellen.waz.de" />
+	<target host="tv.waz.de" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/wbond.xml b/src/chrome/content/rules/wbond.xml
index 676f851f4b4a..504667ddfe0a 100644
--- a/src/chrome/content/rules/wbond.xml
+++ b/src/chrome/content/rules/wbond.xml
@@ -2,4 +2,4 @@
 	<target host="sublime.wbond.net" />
 
 	<rule from="^http:" to="https:" />
-</ruleset>
\ No newline at end of file
+</ruleset>
diff --git a/src/chrome/content/rules/wclc.com.xml b/src/chrome/content/rules/wclc.com.xml
new file mode 100644
index 000000000000..e3d5c260a311
--- /dev/null
+++ b/src/chrome/content/rules/wclc.com.xml
@@ -0,0 +1,25 @@
+<ruleset name="wclc.com">
+	<target host="wclc.com" />
+	<target host="www.wclc.com" />
+	<target host="cashfrenzy.wclc.com" />
+	<target host="crossword.wclc.com" />
+	<target host="emeraldmine.wclc.com" />
+	<target host="files.wclc.com" />
+	<target host="holiday.wclc.com" />
+	<target host="moneybag.wclc.com" />
+	<target host="mvpservice.wclc.com" />
+	<target host="pickyourpresent.wclc.com" />
+	<target host="remote.wclc.com" />
+	<target host="repstaging.wclc.com" />
+	<target host="sportselect.wclc.com" />
+	<target host="www.sportselect.wclc.com" />
+	<target host="m.sportselect.wclc.com" />
+	<target host="stage-cashfrenzy.wclc.com" />
+	<target host="stage-holiday.wclc.com" />
+	<target host="stage-moneybag.wclc.com" />
+	<target host="superslots.wclc.com" />
+	<target host="ultimateroadtrip.wclc.com" />
+	
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/websetnet.com.xml b/src/chrome/content/rules/websetnet.com.xml
deleted file mode 100644
index 9a1526ceba0c..000000000000
--- a/src/chrome/content/rules/websetnet.com.xml
+++ /dev/null
@@ -1,39 +0,0 @@
-<!--
-	CDN buckets:
-
-		- websetnet.r.worldssl.net
-
-
-	www.websetnet.com: Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- websetnet.com
-
--->
-<ruleset name="WebSetNet.com">
-
-	<!--	Direct rewrites:
-				-->
-	<target host="websetnet.com" />
-
-	<!--	Complications:
-				-->
-	<target host="www.websetnet.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^websetnet\.com$" name="^(?:PHPSESSID|gadgetine_post_views_count_\d+)$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http://www\.websetnet\.com/"
-		to="https://websetnet.com/" />
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/weburg.me.xml b/src/chrome/content/rules/weburg.me.xml
index a5f754c22d6d..3dc350ab79f6 100644
--- a/src/chrome/content/rules/weburg.me.xml
+++ b/src/chrome/content/rules/weburg.me.xml
@@ -11,11 +11,10 @@ passport.weburg.net mismatch
 <ruleset name="weburg.me">
 	<target host="weburg.me" />
 	<target host="www.weburg.me" />
-	
+
 	<rule from="^http://www\.weburg\.me/"
 		to="https://weburg.me/" />
-	
-	<test url="http://www.weburg.me/" />
+
 
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/wellcome.ac.uk.xml b/src/chrome/content/rules/wellcome.ac.uk.xml
index 9a1df6fea8be..9ab0744cd64b 100644
--- a/src/chrome/content/rules/wellcome.ac.uk.xml
+++ b/src/chrome/content/rules/wellcome.ac.uk.xml
@@ -63,7 +63,7 @@ Fetch error: http://jobs.wellcome.ac.uk/ => https://jobs.wellcome.ac.uk/: (28, '
 		- Images on thecrunch from $self
 
 -->
-<ruleset name="Wellcome.ac.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Wellcome.ac.uk (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/welmers.net.xml b/src/chrome/content/rules/welmers.net.xml
new file mode 100644
index 000000000000..089a826fea54
--- /dev/null
+++ b/src/chrome/content/rules/welmers.net.xml
@@ -0,0 +1,18 @@
+<ruleset name="welmers.net">
+
+	<!--	Direct rewrites:
+				-->
+	<target host="welmers.net" />
+	<target host="www.welmers.net" />
+	<target host="www4.welmers.net" />
+	<target host="www6.welmers.net" />
+	<target host="users.welmers.net" />
+	<target host="gallery.welmers.net" />
+
+
+	<securecookie host="^(www.?|users|gallery)\.welmers\.net$" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/werkema.com.xml b/src/chrome/content/rules/werkema.com.xml
new file mode 100644
index 000000000000..6ff3537d35ad
--- /dev/null
+++ b/src/chrome/content/rules/werkema.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="werkema.com">
+	<target host="werkema.com" />
+	<target host="www.werkema.com" />
+	
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/westberks.gov.uk.xml b/src/chrome/content/rules/westberks.gov.uk.xml
index 118fd3264712..9b78ea1d7afd 100644
--- a/src/chrome/content/rules/westberks.gov.uk.xml
+++ b/src/chrome/content/rules/westberks.gov.uk.xml
@@ -86,7 +86,6 @@
 			<test url="http://westberks.gov.uk/index.aspx?articleid=30187" />
 			<test url="http://westberks.gov.uk/index.aspx?articleid=30263" />
 			<test url="http://westberks.gov.uk/index.aspx?articleid=31417" />
-			<test url="http://westberks.gov.uk/index.aspx?articleid=32455" />
 			<test url="http://westberks.gov.uk/newlogin" />
 
 			<!--	-ve:
@@ -104,7 +103,6 @@
 			<test url="http://westberks.gov.uk/index.aspx?articleid=29089" />
 			<test url="http://westberks.gov.uk/index.aspx?articleid=29609" />
 			<test url="http://westberks.gov.uk/index.aspx?articleid=31065" />
-			<test url="http://westberks.gov.uk/index.aspx?articleid=31065" />
 			<test url="http://westberks.gov.uk/index.aspx?articleid=32455" />
 			<test url="http://westberks.gov.uk/media/image/m/g/consumer_and_environmental_.png" />
 			<test url="http://westberks.gov.uk/service/assets/css/style.css" />
diff --git a/src/chrome/content/rules/westlancs.gov.uk-falsemixed.xml b/src/chrome/content/rules/westlancs.gov.uk-falsemixed.xml
deleted file mode 100644
index 06d1db6dc5b7..000000000000
--- a/src/chrome/content/rules/westlancs.gov.uk-falsemixed.xml
+++ /dev/null
@@ -1,23 +0,0 @@
-<!--
-	For rules not causing false/broken MCB, see westlancs.gov.uk.xml.
-
-
-	NB: see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="West Lancs.gov.uk (false MCB)" platform="mixedcontent">
-
-	<target host="maps.westlancs.gov.uk" />
-
-		<!--	$ shows default page, so:
-							-->
-		<test url="http://maps.westlancs.gov.uk/wlbclocalplan/" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/whatismyreferer.com.xml b/src/chrome/content/rules/whatismyreferer.com.xml
index 5d80d1d917f4..f590944f5bea 100644
--- a/src/chrome/content/rules/whatismyreferer.com.xml
+++ b/src/chrome/content/rules/whatismyreferer.com.xml
@@ -2,7 +2,7 @@
 
 	<target host="whatismyreferer.com" />
 	<target host="www.whatismyreferer.com" />
-	
+
 	<rule from="^http:" to="https:" />
 
 </ruleset>
diff --git a/src/chrome/content/rules/whatsappbrand.com.xml b/src/chrome/content/rules/whatsappbrand.com.xml
index e486d9e4e0c4..f2a5df792c65 100644
--- a/src/chrome/content/rules/whatsappbrand.com.xml
+++ b/src/chrome/content/rules/whatsappbrand.com.xml
@@ -1,7 +1,3 @@
-<!--
-	For other WhatsApp coverage, see WhatsApp.com.xml.
-
--->
 <ruleset name="WhatsApp Brand.com">
 
 	<target host="whatsappbrand.com" />
diff --git a/src/chrome/content/rules/whitehatters.academy.xml b/src/chrome/content/rules/whitehatters.academy.xml
index 8ce33613a031..e8f98f6f58c6 100644
--- a/src/chrome/content/rules/whitehatters.academy.xml
+++ b/src/chrome/content/rules/whitehatters.academy.xml
@@ -5,7 +5,7 @@ Fetch error: http://whitehatters.academy/ => https://whitehatters.academy/: (60,
 Fetch error: http://www.whitehatters.academy/ => https://www.whitehatters.academy/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="Whitehatters.Academy" default_off='failed ruleset test'>
+<ruleset name="Whitehatters.Academy" default_off="failed ruleset test">
 
 	<target host="whitehatters.academy" />
 	<target host="www.whitehatters.academy" />
diff --git a/src/chrome/content/rules/whoisds.xml b/src/chrome/content/rules/whoisds.xml
new file mode 100644
index 000000000000..d379c975ec8d
--- /dev/null
+++ b/src/chrome/content/rules/whoisds.xml
@@ -0,0 +1,6 @@
+<ruleset name="whoisds.com">
+	<target host="whoisds.com" />
+	<target host="www.whoisds.com" />
+	<target host="mail.whoisds.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/whyopencomputing.xml b/src/chrome/content/rules/whyopencomputing.xml
index 20fec293520d..f89b21fb44ad 100644
--- a/src/chrome/content/rules/whyopencomputing.xml
+++ b/src/chrome/content/rules/whyopencomputing.xml
@@ -5,7 +5,7 @@ Fetch error: http://why-opencomputing.com/ => https://why-opencomputing.com/: (5
 Fetch error: http://www.why-opencomputing.com/ => https://www.why-opencomputing.com/: (51, "SSL: no alternative certificate subject name matches target host name 'www.why-opencomputing.com'")
 
 -->
-<ruleset name="why! open computing" default_off='failed ruleset test'>
+<ruleset name="why! open computing" default_off="failed ruleset test">
 	<target host="why-opencomputing.com"/>
 	<target host="whyopencomputing.ch"/>
 	<target host="whyopencomputing.com"/>
diff --git a/src/chrome/content/rules/wiki.vg.xml b/src/chrome/content/rules/wiki.vg.xml
new file mode 100644
index 000000000000..f7b7b9c97ebf
--- /dev/null
+++ b/src/chrome/content/rules/wiki.vg.xml
@@ -0,0 +1,10 @@
+<!--
+	Connection refused:
+		- email
+-->
+<ruleset name="wiki.vg">
+	<target host="wiki.vg" />
+	<target host="www.wiki.vg" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wikiHow.com.xml b/src/chrome/content/rules/wikiHow.com.xml
deleted file mode 100644
index 43312f754e9d..000000000000
--- a/src/chrome/content/rules/wikiHow.com.xml
+++ /dev/null
@@ -1,22 +0,0 @@
-<!--
-	Mismatched:
-		- *.whstatic.com
-
-	wikiHow.com has both a wildcard DNS record and a wildcard SSL certificate.
--->
-
-<ruleset name="wikiHow.com">
-	<target host="wikihow.com" />
-	<target host="*.wikihow.com" />
-
-	<securecookie host=".+" name=".+" />
-
-	<rule from="^http://wikihow\.com/" to="https://wikihow.com/" />
-
-	<!-- Only redirect domains one level deep. -->
-	<rule from="^http://([a-zA-Z0-9-_]+)\.wikihow\.com/" to="https://$1.wikihow.com/" />
-
-	<test url="http://www.wikihow.com/" />
-	<test url="http://de.wikihow.com/" />
-	<test url="http://es.wikihow.com/" />
-</ruleset>
diff --git a/src/chrome/content/rules/wikidot.com.xml b/src/chrome/content/rules/wikidot.com.xml
new file mode 100644
index 000000000000..aec74e9bcdfd
--- /dev/null
+++ b/src/chrome/content/rules/wikidot.com.xml
@@ -0,0 +1,55 @@
+<!--
+	Redirect to HTTP:
+		101.wikidot.com
+		asen.wikidot.com
+		backupstorage.wikidot.com
+		bugs.wikidot.com
+		chatroom.wikidot.com
+		community.wikidot.com
+		community-playground.wikidot.com
+		convert.wikidot.com
+		csi.wikidot.com
+		css.wikidot.com
+		docpl.wikidot.com
+		faq.wikidot.com
+		feedback.wikidot.com
+		forum.wikidot.com
+		forum-template.wikidot.com
+		handbook.wikidot.com
+		incl.wikidot.com
+		irc.wikidot.com
+		irongiant.wikidot.com
+		liblivadia.wikidot.com
+		media.wikidot.com
+		news.wikidot.com
+		packages.wikidot.com
+		pogon.wikidot.com
+		projects.wikidot.com
+		psms.wikidot.com
+		roadmap.wikidot.com
+		as6.s.wikidot.com
+		sasana.wikidot.com
+		spambotdeathwall.wikidot.com
+		shop.wikidot.com
+		snippets.wikidot.com
+		spolecznosc.wikidot.com
+		tlug.wikidot.com
+		translate.wikidot.com
+		try.wikidot.com
+		uml.wikidot.com
+		user-gemeinschaft.wikidot.com
+		veritasbatheo.wikidot.com
+		viotikoskosmos.wikidot.com
+		wikirhye.wikidot.com
+-->
+<ruleset name="wikidot.com (partial)">
+	<target host="wikidot.com" />
+	<target host="www.wikidot.com" />
+	<target host="admindevelopement.wikidot.com" />
+	<target host="blog.wikidot.com" />
+	<target host="bootstrap-playground.wikidot.com" />
+	<target host="themes.wikidot.com" />
+	<target host="www-old.wikidot.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wikipediocracy.com.xml b/src/chrome/content/rules/wikipediocracy.com.xml
new file mode 100644
index 000000000000..7b01a93b8daa
--- /dev/null
+++ b/src/chrome/content/rules/wikipediocracy.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="wikipediocracy.comu">
+	<target host="wikipediocracy.com" />
+	<target host="www.wikipediocracy.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wiltshire.police.uk-resources.xml b/src/chrome/content/rules/wiltshire.police.uk-resources.xml
index 2e70ca4d9e94..d884e43e77d0 100644
--- a/src/chrome/content/rules/wiltshire.police.uk-resources.xml
+++ b/src/chrome/content/rules/wiltshire.police.uk-resources.xml
@@ -10,7 +10,7 @@ Fetch error: http://www.wiltshire.police.uk/cache/widgetkit/widgetkit-a8627bc1.c
 	and no mixed content secured.
 
 -->
-<ruleset name="Wiltshire.Police.uk (resources)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Wiltshire.Police.uk (resources)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="www.wiltshire.police.uk" />
 
diff --git a/src/chrome/content/rules/windows93.net.xml b/src/chrome/content/rules/windows93.net.xml
new file mode 100644
index 000000000000..e005f30b7f01
--- /dev/null
+++ b/src/chrome/content/rules/windows93.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="windows93.net">
+	<target host="windows93.net" />
+	<target host="www.windows93.net" />
+	<target host="myspace.windows93.net" />
+	<target host="radio.windows93.net" />
+	<target host="v0.windows93.net" />
+	<target host="v1.windows93.net" />
+	<target host="v2.windows93.net" />
+	<target host="v3.windows93.net" />
+
+	<rule from="^http://windows93\.net/" to="https://www.windows93.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/winehq.org.ru.xml b/src/chrome/content/rules/winehq.org.ru.xml
new file mode 100644
index 000000000000..8936d6851b41
--- /dev/null
+++ b/src/chrome/content/rules/winehq.org.ru.xml
@@ -0,0 +1,15 @@
+<!--
+	Problematic subdomains:
+		www.winehq.org.ru (certificate mismatch)
+
+	Invalid certificate:
+		appdb.winehq.org.ru
+		new.appdb.winehq.org.ru
+-->
+<ruleset name="winehq.org.ru">
+	<target host="winehq.org.ru" />
+	<target host="www.winehq.org.ru" />
+
+	<rule from="^http://www\.winehq\.org\.ru/" to="https://winehq.org.ru/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wipe.de.xml b/src/chrome/content/rules/wipe.de.xml
index 8ecebb3de6da..1fd96ce9a331 100644
--- a/src/chrome/content/rules/wipe.de.xml
+++ b/src/chrome/content/rules/wipe.de.xml
@@ -1,23 +1,23 @@
-<!-- 
-		
+<!--
+
 		No host:
 		- wipe.de
 		- www.wipe.de
-		
+
 		Mismatch:
 		- pub.oy1.oe.wipe.de
-		
+
 		Timeout:
 		- affiliate.oe.wipe.de
 		- adjump.gewusst-wo.wipe.de
 		- adjump.informiert.wipe.de
-		
+
 -->
 
 <ruleset name="wipe.de">
         <target host="wwa.wipe.de" />
         <target host="wa.wipe.de" />
-        <target host="wpt.wipe.de" />        
+        <target host="wpt.wipe.de" />
 
         <rule from="^http:"
                 to="https:" />
diff --git a/src/chrome/content/rules/wired.co.uk.xml b/src/chrome/content/rules/wired.co.uk.xml
index 32c56bf50cc3..60797809c4e7 100644
--- a/src/chrome/content/rules/wired.co.uk.xml
+++ b/src/chrome/content/rules/wired.co.uk.xml
@@ -28,7 +28,7 @@
 
 	<rule from="^http://cdni\.wired\.co\.uk/"
 		to="https://d2f0ban6dhfdsw.cloudfront.net/" />
-	
+
 	<rule from="^http:"
 		to="https:" />
 
diff --git a/src/chrome/content/rules/wisdomweb.ru.xml b/src/chrome/content/rules/wisdomweb.ru.xml
new file mode 100644
index 000000000000..14ee1633090e
--- /dev/null
+++ b/src/chrome/content/rules/wisdomweb.ru.xml
@@ -0,0 +1,31 @@
+<!--
+	Invalid certificate:
+		autoconfig.wisdomweb.ru
+		ftp.wisdomweb.ru
+		autodiscover.raybreaker.wisdomweb.ru
+		webmail.raybreaker.wisdomweb.ru
+		autodiscover.raytheme.wisdomweb.ru
+		webmail.raytheme.wisdomweb.ru
+		autodiscover.rumpire.wisdomweb.ru
+		webmail.rumpire.wisdomweb.ru
+
+	Refused:
+		localhost.wisdomweb.ru
+-->
+<ruleset name="wisdomweb.ru">
+	<target host="wisdomweb.ru" />
+	<target host="www.wisdomweb.ru" />
+	<target host="autodiscover.wisdomweb.ru" />
+	<target host="cpanel.wisdomweb.ru" />
+	<target host="mail.wisdomweb.ru" />
+	<target host="raybreaker.wisdomweb.ru" />
+	<target host="www.raybreaker.wisdomweb.ru" />
+	<target host="raytheme.wisdomweb.ru" />
+	<target host="www.raytheme.wisdomweb.ru" />
+	<target host="rumpire.wisdomweb.ru" />
+	<target host="www.rumpire.wisdomweb.ru" />
+	<target host="webdisk.wisdomweb.ru" />
+	<target host="webmail.wisdomweb.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wku.edu.xml b/src/chrome/content/rules/wku.edu.xml
index 74897377b5ab..62a2aa261f49 100644
--- a/src/chrome/content/rules/wku.edu.xml
+++ b/src/chrome/content/rules/wku.edu.xml
@@ -60,14 +60,14 @@ Fetch error: http://ecas-sso.wku.edu/ => https://ecas-sso.wku.edu/: (6, 'Could n
 		- Image on (www.)? from img.youtube.com ˢ
 
 		- Bugs, on:
-		
+
 			- alumni from www.facebook.com ˢ
 			- alumni from www.intagme.com ˢ
-		
+
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="WKU.edu (partial)" default_off='failed ruleset test'>
+<ruleset name="WKU.edu (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/wokingham.gov.uk.xml b/src/chrome/content/rules/wokingham.gov.uk.xml
index 83e9b721fad5..55222726ce53 100644
--- a/src/chrome/content/rules/wokingham.gov.uk.xml
+++ b/src/chrome/content/rules/wokingham.gov.uk.xml
@@ -42,7 +42,7 @@ Fetch error: http://www.wokingham.gov.uk/contacts/ => https://www.wokingham.gov.
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Wokingham.gov.uk (partial)" default_off='failed ruleset test'>
+<ruleset name="Wokingham.gov.uk (partial)" default_off="failed ruleset test">
 
 	<target host="wokingham.gov.uk" />
 	<target host="booking.wokingham.gov.uk" />
diff --git a/src/chrome/content/rules/wolfbeast.com.xml b/src/chrome/content/rules/wolfbeast.com.xml
new file mode 100644
index 000000000000..d5e433eba64a
--- /dev/null
+++ b/src/chrome/content/rules/wolfbeast.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Invalid certificate:
+		abws-server02.wolfbeast.com
+		postkantoor.wolfbeast.com
+		webmail.wolfbeast.com
+
+	Refused:
+		localhost.wolfbeast.com
+
+	Unreachable:
+		coh.wolfbeast.com
+-->
+<ruleset name="wolfbeast.com">
+	<target host="wolfbeast.com" />
+	<target host="www.wolfbeast.com" />
+
+	<rule from="^http://wolfbeast\.com/" to="https://www.wolfbeast.com/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wolfssl.com.xml b/src/chrome/content/rules/wolfssl.com.xml
new file mode 100644
index 000000000000..71b73f39af0b
--- /dev/null
+++ b/src/chrome/content/rules/wolfssl.com.xml
@@ -0,0 +1,5 @@
+<ruleset name="wolfssl.com">
+	<target host="wolfssl.com" />
+	<target host="www.wolfssl.com" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/word.camera.xml b/src/chrome/content/rules/word.camera.xml
index d331e77ee368..7ef0c50b4a3a 100644
--- a/src/chrome/content/rules/word.camera.xml
+++ b/src/chrome/content/rules/word.camera.xml
@@ -5,7 +5,7 @@ Fetch error: http://word.camera/ => https://word.camera/: (28, 'Connection timed
 Fetch error: http://www.word.camera/ => https://word.camera/: (28, 'Connection timed out after 20000 milliseconds')
 
 -->
-<ruleset name="word.camera" default_off='failed ruleset test'>
+<ruleset name="word.camera" default_off="failed ruleset test">
 	<target host=    "word.camera" />
 	<target host="www.word.camera" />
 
diff --git a/src/chrome/content/rules/wordreference.com.xml b/src/chrome/content/rules/wordreference.com.xml
new file mode 100644
index 000000000000..78f278e4c536
--- /dev/null
+++ b/src/chrome/content/rules/wordreference.com.xml
@@ -0,0 +1,19 @@
+<!--
+	Refused:
+		wordreference.com
+-->
+<ruleset name="wordreference.com">
+	<target host="wordreference.com" />
+	<target host="www.wordreference.com" />
+	<target host="www2.wordreference.com" />
+	<target host="cdn77f.wordreference.com" />
+	<target host="daily.wordreference.com" />
+	<target host="forum.wordreference.com" />
+	<target host="lists.wordreference.com" />
+
+	<rule from="^http://wordreference\.com/"
+		to="https://www.wordreference.com/" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/worldofplayers.de.xml b/src/chrome/content/rules/worldofplayers.de.xml
new file mode 100644
index 000000000000..c901c1eb0a31
--- /dev/null
+++ b/src/chrome/content/rules/worldofplayers.de.xml
@@ -0,0 +1,27 @@
+<!--
+	*.worldofplayers.de has a wildcard DNS Record
+
+	Invalid Certificate:
+	acropolis.worldofplayers.de
+	dlord.worldofplayers.de
+	dragonage.worldofplayers.de
+	farcry.worldofplayers.de
+	forenarchiv.worldofplayers.de
+	lego.worldofplayers.de
+	messiah.worldofplayers.de
+	rpb.worldofplayers.de
+	witcher.worldofplayers.de
+	wogen.worldofplayers.de
+	wotor.worldofplayers.de
+
+-->
+<ruleset name="World of Players (partial)">
+
+	<target host="worldofplayers.de" />
+	<target host="www.worldofplayers.de" />
+	<target host="forum.worldofplayers.de" />
+	<target host="upload.worldofplayers.de" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/worldofspectrum.org.xml b/src/chrome/content/rules/worldofspectrum.org.xml
new file mode 100644
index 000000000000..6d50695cef7e
--- /dev/null
+++ b/src/chrome/content/rules/worldofspectrum.org.xml
@@ -0,0 +1,21 @@
+<ruleset name="worldofspectrum.org">
+	<target host="worldofspectrum.org" />
+	<target host="www.worldofspectrum.org" />
+	<target host="agd.worldofspectrum.org" />
+	<target host="www.agd.worldofspectrum.org" />
+	<target host="cpanel.worldofspectrum.org" />
+	<target host="dev.worldofspectrum.org" />
+	<target host="www.dev.worldofspectrum.org" />
+	<target host="live.worldofspectrum.org" />
+	<target host="www.live.worldofspectrum.org" />
+	<target host="live2.worldofspectrum.org" />
+	<target host="www.live2.worldofspectrum.org" />
+	<target host="tipshop.worldofspectrum.org" />
+	<target host="www.tipshop.worldofspectrum.org" />
+	<target host="tipshop2.worldofspectrum.org" />
+	<target host="www.tipshop2.worldofspectrum.org" />
+	<target host="webdisk.worldofspectrum.org" />
+	<target host="webmail.worldofspectrum.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wpitchoune.net.xml b/src/chrome/content/rules/wpitchoune.net.xml
new file mode 100644
index 000000000000..1b420aaf9d17
--- /dev/null
+++ b/src/chrome/content/rules/wpitchoune.net.xml
@@ -0,0 +1,34 @@
+<!--
+	Invalid certificate:
+		cloud.wpitchoune.net
+		home.wpitchoune.net
+		kb.wpitchoune.net
+		lumosesport.wpitchoune.net
+		mail.wpitchoune.net
+		monitoring.wpitchoune.net
+		news.wpitchoune.net
+		news2.wpitchoune.net
+		photos-test.wpitchoune.net
+		photos-webdav.wpitchoune.net
+		radio.wpitchoune.net
+		webdav.wpitchoune.net
+		webmail.wpitchoune.net
+
+	Refused:
+		blog.wpitchoune.net
+		imap.wpitchoune.net
+		pop.wpitchoune.net
+		smtp.wpitchoune.net
+-->
+<ruleset name="wpitchoune.net">
+	<target host="wpitchoune.net" />
+	<target host="www.wpitchoune.net" />
+	<target host="bookmark.wpitchoune.net" />
+	<target host="git.wpitchoune.net" />
+	<target host="photos.wpitchoune.net" />
+	<target host="test.wpitchoune.net" />
+	<target host="vietvodao.wpitchoune.net" />
+
+	<rule from="^http://www\.wpitchoune\.net/" to="https://wpitchoune.net/" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wsj.com.xml b/src/chrome/content/rules/wsj.com.xml
deleted file mode 100644
index ac6798cb8ba1..000000000000
--- a/src/chrome/content/rules/wsj.com.xml
+++ /dev/null
@@ -1,152 +0,0 @@
-
-<!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://portfolio.wsj.com/ => https://portfolio.wsj.com/: (7, 'Failed to connect to portfolio.wsj.com port 443: Connection refused')
-
-	For other News Corporation coverage, see News-Corporation.xml.
-
-
-	CDN buckets:
-
-		- blogs.wsj.com.edgesuite.net
-		- fonts.wsj.com.edgesuite.net
-
-
-	Nonfunctional hosts in *wsj.com:
-
-		- blogs ʰ
-		- cfonetwork ʳ
-		- cionetwork ʳ
-		- converge ³
-		- deloitte ³
-		- dj ᵈ
-		- europesubs ⁴
-		- graphics ⁵
-		- graphicsweb ⁵
-		- guides ³
-		- help ʰ
-		- info ʳ
-		- jp ⁴
-		- midmarketsummit ³
-		- online ʰ
-		- peac ʳ
-		- professor ³
-		- projects ⁵
-		- quotes ³
-		- realtime ʰ
-		- (www.)?stepahead ⁴
-		- admin.stream ³
-		- student ³
-		- subscription ³
-		- synccontent
-		- womenin ʳ
-		- wsjdconference ᵈ
-		- wsjdlive ʳ
-
-	³ 503
-	⁴ 404
-	⁵ 504
-	ᵈ Dropped
-	ʰ Redirects to http
-	ʳ Refused
-
-
-	Problematic hosts in *wsj.com:
-
-		- classified ᶜ
-		- classifieds ᶜ
-		- cn ᵐ
-		- m.cn ᵐ
-		- djx ᶜ
-		- indo ᵐ
-		- m.jp ᵐ
-		- kr ᵐ
-		- live ᵐ
-		- m ᵐ
-		- now ᵐ
-		- projoin.origin ᵐ
-		- stream ᵐ
-		- www.subscribe ᵗ
-		- topics ᵐ
-		- uk ᵐ
-		- ore.www ᵐ
-		- vir.www ᵐ
-
-	ᶜ Server sends no certificate chain, see https://whatsmychaincert.com
-	ᵐ Mismatched
-	ᵗ Timeout
-
-
-	These altnames do not exist:
-
-		- ssl.wsj.com
-
-
-	Insecure cookies are set for these domains and hosts: ᶜ
-
-		- .wsj.com
-		- blue-store.wsj.com
-		- customercenter.wsj.com
-		- .customercenter.wsj.com
-		- services.wsj.com
-		- store.wsj.com
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
-
-	Mixed content:
-
-		- css on buy from fonts.wsj.net ˢ
-		- Image on customercenter from s2.wsj.net ˢ
-		- Bug on classified, classifieds from dowjones.122.2o7.net ˢ
-
-	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
-
--->
-<ruleset name="WSJ.com (partial)" default_off='failed ruleset test'>
-
-	<!--	Direct rewrites:
-				-->
-	<target host="wsj.com" />
-	<target host="www.wsj.com" />
-	<target host="blue-store.wsj.com" />
-	<target host="buy.wsj.com" />
-	<target host="cbuy.wsj.com" />
-	<target host="city.wsj.com" />
-	<!--target host="classified.wsj.com" /-->
-	<!--target host="classifieds.wsj.com" /-->
-	<target host="customercenter.wsj.com" />
-	<target host="id.wsj.com" />
-	<target host="portfolio.wsj.com" />
-	<target host="services.wsj.com" />
-	<target host="signin.wsj.com" />
-	<!--target host="www.ssl.wsj.com" /-->
-	<target host="store.wsj.com" />
-	<target host="subscribe.wsj.com" />
-	<!--target host="video-api.wsj.com" /-->
-	<target host="wn.wsj.com" />
-
-		<!--test url="http://video-api.wsj.com/api-video/player/v2/css/play_btn_50.png" /-->
-
-		<!--	Mixed css:
-					-->
-		<!--test url="http://buy.wsj.com/maywsjus/" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^\.wsj\.com$" name="^(?:LPLogin|djcs_route|wsjregion)$" /-->
-	<!--securecookie host="^(?:blue-)?store\.wsj\.com$" name="^AWSELB$" /-->
-	<!--securecookie host="^customercenter\.wsj\.com$" name="^(?:defaultLocale|slanguage|slocale)$" /-->
-	<!--securecookie host="^\.customercenter\.wsj\.com$" name="^djcs_int$" /-->
-	<!--securecookie host="^services\.wsj\.com$" name="^JSESSIONID$" /-->
-
-	<securecookie host="^\." name="^(?:_gat?$|_gat_|s_v)" />
-	<securecookie host="^\.customercenter\." name=".+" />
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-			to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/www.browserscope.org.xml b/src/chrome/content/rules/www.browserscope.org.xml
deleted file mode 100644
index b14ffd8a5da0..000000000000
--- a/src/chrome/content/rules/www.browserscope.org.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="www.browserscope.org">
-	<target host="www.browserscope.org" />
-	<rule from="^http:" to="https:" />
-	<securecookie host="^www\.browserscope\.org$" name=".+" />
-</ruleset>
diff --git a/src/chrome/content/rules/www.inet.no.xml b/src/chrome/content/rules/www.inet.no.xml
new file mode 100644
index 000000000000..de4eed1ddf2b
--- /dev/null
+++ b/src/chrome/content/rules/www.inet.no.xml
@@ -0,0 +1,8 @@
+<ruleset name="www.inet.no">
+	<target host="www.inet.no" />
+	<!-- non-functional
+	<target host="larsen.inet.no" />
+	<target host="tahi.inet.no" />
+	-->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/www.tecgraf.puc-rio.br.xml b/src/chrome/content/rules/www.tecgraf.puc-rio.br.xml
new file mode 100644
index 000000000000..fb696f136348
--- /dev/null
+++ b/src/chrome/content/rules/www.tecgraf.puc-rio.br.xml
@@ -0,0 +1,4 @@
+<ruleset name="www.tecgraf.puc-rio.br">
+	<target host="www.tecgraf.puc-rio.br" />
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/wz2100.net.xml b/src/chrome/content/rules/wz2100.net.xml
new file mode 100644
index 000000000000..195c20200343
--- /dev/null
+++ b/src/chrome/content/rules/wz2100.net.xml
@@ -0,0 +1,48 @@
+<!--
+	Invalid certificate:
+		2100www.wz2100.net
+		2www.wz2100.net
+		aaa.wz2100.net
+		account.wz2100.net
+		addon.wz2100.net
+		www.addon.wz2100.net
+		awww.wz2100.net
+		blog.wz2100.net
+		bwiki.wz2100.net
+		docs.wz2100.net
+		files.wz2100.net
+		forum.wz2100.net
+		guide.wz2100.net
+		lab.wz2100.net
+		mail.wz2100.net
+		site.wz2100.net
+		srvvm1.wz2100.net
+		stats.wz2100.net
+		trac.wz2100.net
+		wiki.wz2100.net
+		wzhost.wz2100.net
+
+	Unreachable:
+		warhost.wz2100.net
+-->
+<ruleset name="wz2100.net">
+	<target host="wz2100.net" />
+	<target host="www.wz2100.net" />
+	<target host="addons.wz2100.net" />
+	<target host="betaguide.wz2100.net" />
+	<target host="buildbot.wz2100.net" />
+	<target host="data.wz2100.net" />
+	<target host="developer.wz2100.net" />
+	<target host="donations.wz2100.net" />
+	<target host="down.wz2100.net" />
+	<target host="forums.wz2100.net" />
+	<target host="gamecheck.wz2100.net" />
+	<target host="lobby.wz2100.net" />
+	<target host="logsite.wz2100.net" />
+	<target host="phppgadmin.wz2100.net" />
+	<target host="static.wz2100.net" />
+	<target host="status.wz2100.net" />
+	<target host="translate.wz2100.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/x-pay.cc.xml b/src/chrome/content/rules/x-pay.cc.xml
deleted file mode 100644
index 4520c6d6bbba..000000000000
--- a/src/chrome/content/rules/x-pay.cc.xml
+++ /dev/null
@@ -1,15 +0,0 @@
-<!--
-www.x-pay.cc different content
-
-
--->
-<ruleset name="x-pay.cc">
-	<target host="x-pay.cc" />
-
-	<target host="www.x-pay.cc" />
-
-	<rule from="^http://www\.x-pay\.cc/"
-		to="https://x-pay.cc/" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/x-ways.net.xml b/src/chrome/content/rules/x-ways.net.xml
new file mode 100644
index 000000000000..cd0d645afc5d
--- /dev/null
+++ b/src/chrome/content/rules/x-ways.net.xml
@@ -0,0 +1,10 @@
+<!--
+	Time out:
+		ftp.x-ways.net
+-->
+<ruleset name="x-ways.net">
+	<target host="x-ways.net" />
+	<target host="www.x-ways.net" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/x360ce.com.xml b/src/chrome/content/rules/x360ce.com.xml
new file mode 100644
index 000000000000..32569540740b
--- /dev/null
+++ b/src/chrome/content/rules/x360ce.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="x360ce.com">
+	<target host="x360ce.com" />
+	<target host="www.x360ce.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xael.org.xml b/src/chrome/content/rules/xael.org.xml
new file mode 100644
index 000000000000..4d4237822b00
--- /dev/null
+++ b/src/chrome/content/rules/xael.org.xml
@@ -0,0 +1,24 @@
+<!--
+	Invalid certificate:
+		vps3temp.xael.org
+
+	Refused:
+		vps4.xael.org
+
+	Time out:
+		www.xael.org
+		maison.xael.org
+		reader.xael.org
+		seafile.xael.org
+		stats.xael.org
+		vps.xael.org
+		vps2.xael.org
+		wiki.xael.org
+-->
+<ruleset name="xael.org">
+	<target host="xael.org" />
+	<target host="photos.xael.org" />
+	<target host="vps3.xael.org" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/xcelab.net.xml b/src/chrome/content/rules/xcelab.net.xml
new file mode 100644
index 000000000000..624f8c156987
--- /dev/null
+++ b/src/chrome/content/rules/xcelab.net.xml
@@ -0,0 +1,8 @@
+<ruleset name="xcelab.net">
+
+	<target host="xcelab.net" />
+	<target host="www.xcelab.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/xchange.cc.xml b/src/chrome/content/rules/xchange.cc.xml
index 05a788f82c44..1c2afa60b4c2 100644
--- a/src/chrome/content/rules/xchange.cc.xml
+++ b/src/chrome/content/rules/xchange.cc.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.xchange.cc/ => https://www.xchange.cc/: (28, 'Operation
 Fetch error: http://support.xchange.cc/ => https://support.xchange.cc/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="xchange.cc" default_off='failed ruleset test'>
+<ruleset name="xchange.cc" default_off="failed ruleset test">
 	<target host="xchange.cc" />
 	<target host="www.xchange.cc" />
 	<target host="support.xchange.cc" />
diff --git a/src/chrome/content/rules/xchange.is.xml b/src/chrome/content/rules/xchange.is.xml
index 6b219601c4e8..a639a48bdd7f 100644
--- a/src/chrome/content/rules/xchange.is.xml
+++ b/src/chrome/content/rules/xchange.is.xml
@@ -5,7 +5,7 @@ Fetch error: http://xchange.is/ => https://xchange.is/: (60, 'SSL certificate pr
 Fetch error: http://www.xchange.is/ => https://www.xchange.is/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="xchange.is" default_off='failed ruleset test'>
+<ruleset name="xchange.is" default_off="failed ruleset test">
 	<target host="xchange.is" />
 	<target host="www.xchange.is" />
 
diff --git a/src/chrome/content/rules/xiala.net.xml b/src/chrome/content/rules/xiala.net.xml
index 270cc3bd1b12..1027a94997fa 100644
--- a/src/chrome/content/rules/xiala.net.xml
+++ b/src/chrome/content/rules/xiala.net.xml
@@ -6,7 +6,7 @@ Fetch error: http://piwik.xiala.net/ => https://piwik.xiala.net/: (60, 'SSL cert
 	(www.)?xiala.net: expired
 
 -->
-<ruleset name="xiala.net (partial)" default_off='failed ruleset test'>
+<ruleset name="xiala.net (partial)" default_off="failed ruleset test">
 
 	<target host="piwik.xiala.net" />
 	<target host="zimbra.xiala.net" />
diff --git a/src/chrome/content/rules/ximalaya.xml b/src/chrome/content/rules/ximalaya.xml
new file mode 100644
index 000000000000..e2bc836cd94a
--- /dev/null
+++ b/src/chrome/content/rules/ximalaya.xml
@@ -0,0 +1,17 @@
+<ruleset name="ximalaya">
+	<target host="ximalaya.com"/>
+	<target host="www.ximalaya.com"/>
+	<target host="adse.ximalaya.com"/>
+	<target host="m.ximalaya.com"/>
+	<target host="xdcs-collector.ximalaya.com"/>
+
+	<target host="www.xmcdn.com"/>
+		<test url="http://www.xmcdn.com/group52/M04/CE/5B/wKgLe1w2fDmAreolAC0NYmv-5MU988.m4a" />
+	<target host="audio.xmcdn.com"/>
+		<test url="http://audio.xmcdn.com/group52/M04/CE/5B/wKgLe1w2fDmAreolAC0NYmv-5MU988.m4a" />
+	<target host="fdfs.xmcdn.com"/>
+	<target host="imagev2.xmcdn.com"/>
+	<target host="s1.xmcdn.com"/>
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/xlove.com.xml b/src/chrome/content/rules/xlove.com.xml
index 4c19bf12dbc7..ca73f32e05d4 100644
--- a/src/chrome/content/rules/xlove.com.xml
+++ b/src/chrome/content/rules/xlove.com.xml
@@ -12,7 +12,7 @@ Fetch error: http://www.xlove.com/ => https://www.xlove.com/: (51, "SSL: no alte
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Xlove.com" default_off='failed ruleset test'>
+<ruleset name="Xlove.com" default_off="failed ruleset test">
 
 	<target host="xlove.com" />
 	<target host="www.xlove.com" />
diff --git a/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml b/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml
index 45dbf3b18782..990f470f1151 100644
--- a/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml
+++ b/src/chrome/content/rules/xn--90aijkdmaud0d.xn--p1ai.xml
@@ -1,4 +1,4 @@
-<ruleset name="мособлеирц.рф" default_off='failed ruleset test'>
+<ruleset name="мособлеирц.рф" default_off="failed ruleset test">
 	<target host="xn--90aijkdmaud0d.xn--p1ai" />
 	<target host="www.xn--90aijkdmaud0d.xn--p1ai" />
 	<target host="xn--b1aoke0e.xn--90aijkdmaud0d.xn--p1ai" />
diff --git a/src/chrome/content/rules/xpda.com.xml b/src/chrome/content/rules/xpda.com.xml
deleted file mode 100644
index 714e6e7b4c06..000000000000
--- a/src/chrome/content/rules/xpda.com.xml
+++ /dev/null
@@ -1,13 +0,0 @@
-<ruleset name="xpda.com">
-
-	<target host="xpda.com" />
-	<target host="www.xpda.com" />
-
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/xtremegunsandammo.com.xml b/src/chrome/content/rules/xtremegunsandammo.com.xml
index 11fd238f3073..f4f3747bd6ab 100644
--- a/src/chrome/content/rules/xtremegunsandammo.com.xml
+++ b/src/chrome/content/rules/xtremegunsandammo.com.xml
@@ -10,7 +10,7 @@
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="Xtreme Guns and Ammo.com" default_off="missing certificate chain">
+<ruleset name="Xtreme Guns and Ammo.com" default_off="cert-chain">
 
 	<target host="xtremegunsandammo.com" />
 	<target host="www.xtremegunsandammo.com" />
diff --git a/src/chrome/content/rules/xxxyours.com.xml b/src/chrome/content/rules/xxxyours.com.xml
index 138658e733f0..03a592f9c863 100644
--- a/src/chrome/content/rules/xxxyours.com.xml
+++ b/src/chrome/content/rules/xxxyours.com.xml
@@ -14,7 +14,7 @@ Fetch error: http://srv44c.xxxyours.com/ => https://srv44c.xxxyours.com/: (6, 'C
 	ᶜ See https://owasp.org/index.php/SecureFlag
 
 -->
-<ruleset name="xxxYours.com" default_off='failed ruleset test'>
+<ruleset name="xxxYours.com" default_off="failed ruleset test">
 
 	<target host="xxxyours.com" />
 	<target host="analytics.xxxyours.com" />
diff --git a/src/chrome/content/rules/yWorks.com.xml b/src/chrome/content/rules/yWorks.com.xml
index 90a6242fe090..4fd539e7f4da 100644
--- a/src/chrome/content/rules/yWorks.com.xml
+++ b/src/chrome/content/rules/yWorks.com.xml
@@ -1,8 +1,6 @@
 <ruleset name="yWorks.com">
-<target host="www.yworks.com" />
-<target     host="yworks.com" />
-<target host="www.yworks.de" />
-<target     host="yworks.de" />
-<rule from="^https?://(?:www\.)?yworks\.(?:com|de)/"
-         to="https://www.yworks.com/" />
+    <target host="www.yworks.com" />
+    <target     host="yworks.com" />
+
+    <rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/yadg.cc.xml b/src/chrome/content/rules/yadg.cc.xml
index 5537f660ac88..8031ac0738b4 100644
--- a/src/chrome/content/rules/yadg.cc.xml
+++ b/src/chrome/content/rules/yadg.cc.xml
@@ -1,6 +1,6 @@
 <ruleset name="YADG.cc">
   <target host="yadg.cc" />
   <target host="www.yadg.cc" />
-  
+
 <rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/yapx.ru.xml b/src/chrome/content/rules/yapx.ru.xml
new file mode 100644
index 000000000000..686a0e2a3df1
--- /dev/null
+++ b/src/chrome/content/rules/yapx.ru.xml
@@ -0,0 +1,13 @@
+<!--
+	Invalid certificate:
+		mail.yapx.ru
+		t.yapx.ru
+		test.yapx.ru
+-->
+<ruleset name="yapx.ru">
+	<target host="yapx.ru" />
+	<target host="www.yapx.ru" />
+	<target host="i.yapx.ru" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yartv.ru.xml b/src/chrome/content/rules/yartv.ru.xml
index f2c9b1d0a1cb..b0ffce84053c 100644
--- a/src/chrome/content/rules/yartv.ru.xml
+++ b/src/chrome/content/rules/yartv.ru.xml
@@ -6,7 +6,7 @@ Fetch error: http://www.yartv.ru/ => https://www.yartv.ru/: (60, 'SSL certificat
 Fetch error: http://cabinet.yartv.ru/ => https://cabinet.yartv.ru/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="yartv.ru" default_off='failed ruleset test'>
+<ruleset name="yartv.ru" default_off="failed ruleset test">
 	<target host="yartv.ru" />
 	<target host="www.yartv.ru" />
 	<target host="newcabinet.yartv.ru" />
diff --git a/src/chrome/content/rules/yash.osdn.jp.xml b/src/chrome/content/rules/yash.osdn.jp.xml
new file mode 100644
index 000000000000..b6a55b46b26d
--- /dev/null
+++ b/src/chrome/content/rules/yash.osdn.jp.xml
@@ -0,0 +1,5 @@
+<ruleset name="yash.osdn.jp">
+	<target host="yash.osdn.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/ycbi.org.xml b/src/chrome/content/rules/ycbi.org.xml
index 87e1cc897eec..150294cc2c82 100644
--- a/src/chrome/content/rules/ycbi.org.xml
+++ b/src/chrome/content/rules/ycbi.org.xml
@@ -6,7 +6,7 @@ Fetch error: http://ycbi.org/ => https://ycbi.org/: (60, 'SSL certificate proble
 	www.ycbi.org: Differs from http & ^ycbi.org
 
 -->
-<ruleset name="YC BI.com (partial)" default_off='failed ruleset test'>
+<ruleset name="YC BI.com (partial)" default_off="failed ruleset test">
 
 	<target host="ycbi.org" />
 
diff --git a/src/chrome/content/rules/yell.com.xml b/src/chrome/content/rules/yell.com.xml
index 00b89b904c1d..c483a99fa49d 100644
--- a/src/chrome/content/rules/yell.com.xml
+++ b/src/chrome/content/rules/yell.com.xml
@@ -29,7 +29,7 @@ Fetch error: http://st.yell.com/ => https://st.yell.com/: (6, 'Could not resolve
 	ˢ Secured by us
 
 -->
-<ruleset name="Yell.com (partial)" default_off='failed ruleset test'>
+<ruleset name="Yell.com (partial)" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/yerkramas.org.xml b/src/chrome/content/rules/yerkramas.org.xml
index 3d4c165ba85d..2dbb5be681aa 100644
--- a/src/chrome/content/rules/yerkramas.org.xml
+++ b/src/chrome/content/rules/yerkramas.org.xml
@@ -5,7 +5,7 @@ Fetch error: http://yerkramas.org/ => https://yerkramas.org/: (51, "SSL: no alte
 Fetch error: http://www.yerkramas.org/ => https://www.yerkramas.org/: (51, "SSL: no alternative certificate subject name matches target host name 'www.yerkramas.org'")
 
 -->
-<ruleset name="yerkramas.org" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="yerkramas.org" platform="mixedcontent" default_off="failed ruleset test">
 	<target host="yerkramas.org" />
 	<target host="www.yerkramas.org" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/yeungrealtors.com.xml b/src/chrome/content/rules/yeungrealtors.com.xml
new file mode 100644
index 000000000000..a3d91ae3897b
--- /dev/null
+++ b/src/chrome/content/rules/yeungrealtors.com.xml
@@ -0,0 +1,16 @@
+<!--
+	Invalid certificate:
+		autodiscover.yeungrealtors.com
+
+	Refused:
+		localhost.yeungrealtors.com
+-->
+<ruleset name="yeungrealtors.com">
+	<target host="yeungrealtors.com" />
+	<target host="www.yeungrealtors.com" />
+	<target host="cpanel.yeungrealtors.com" />
+	<target host="webdisk.yeungrealtors.com" />
+	<target host="webmail.yeungrealtors.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yfrog.xml b/src/chrome/content/rules/yfrog.xml
index cf015ae3e9f1..072380251a1c 100644
--- a/src/chrome/content/rules/yfrog.xml
+++ b/src/chrome/content/rules/yfrog.xml
@@ -14,7 +14,7 @@ Fetch error: http://www.yfrog.com/ => https://www.yfrog.com/: (28, 'Connection t
 	* Secured by us
 
 -->
-<ruleset name="yfrog.com" default_off='failed ruleset test'>
+<ruleset name="yfrog.com" default_off="failed ruleset test">
 
 	<!--	Direct rewrites:
 				-->
diff --git a/src/chrome/content/rules/yikeweiqi.com.xml b/src/chrome/content/rules/yikeweiqi.com.xml
new file mode 100644
index 000000000000..8b177ba86935
--- /dev/null
+++ b/src/chrome/content/rules/yikeweiqi.com.xml
@@ -0,0 +1,35 @@
+<!--
+	HTTP ≠ HTTPS:
+		go4go.yikeweiqi.com		https://go4go.yikeweiqi.com/thumbnail/52071.png
+
+	Mismatched:
+		res.yikeweiqi.com		get from https://baoming.yikeweiqi.com/
+
+		admin.golinksworld.com	get from https://portal.yikeweiqi.com/online/golive/livedetail?id=11105&hall=1&room=6638088
+		image.golinksworld.com
+-->
+<ruleset name="yikeweiqi.com">
+	<target host="yikeweiqi.com" />
+	<target host="www.yikeweiqi.com" />
+	<target host="apis.yikeweiqi.com" />
+	<target host="baoming.yikeweiqi.com" />
+	<target host="cdn.yikeweiqi.com" />
+	<target host="home.yikeweiqi.com" />
+	<target host="image.yikeweiqi.com" />
+	<target host="portal.yikeweiqi.com" />
+	<target host="rtgame.yikeweiqi.com" />
+	<target host="shaoer.yikeweiqi.com" />
+	<target host="share.yikeweiqi.com" />
+
+	<!-- Mismatched: -->
+	<target host="admin.golinksworld.com" />
+	<target host="image.golinksworld.com" />
+	<rule from="^http://(admin|image)\.golinksworld\.com/"
+			to="https://cdn.yikeweiqi.com/" />
+		<test url="http://admin.golinksworld.com/upload/gonews/635975449106261406.jpg" />
+		<test url="http://image.golinksworld.com/ueditor/20170323/636258791421487411.jpg" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yilan.io.xml b/src/chrome/content/rules/yilan.io.xml
deleted file mode 100644
index bcd9021ed9e6..000000000000
--- a/src/chrome/content/rules/yilan.io.xml
+++ /dev/null
@@ -1,11 +0,0 @@
-<!--
-	Invalid cert:
-		blog.yilan.io
--->
-
-<ruleset name="yilan.io">
-	<target host="yilan.io" />
-	<target host="www.yilan.io" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/yiwutaro.com.xml b/src/chrome/content/rules/yiwutaro.com.xml
new file mode 100644
index 000000000000..cf8a578927e5
--- /dev/null
+++ b/src/chrome/content/rules/yiwutaro.com.xml
@@ -0,0 +1,10 @@
+<ruleset name="yiwutaro.com">
+
+	<target host="yiwutaro.com" />
+	<target host="www.yiwutaro.com" />
+
+
+	<rule from="^http:"
+		to="https:" />
+
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/yoast.com.xml b/src/chrome/content/rules/yoast.com.xml
deleted file mode 100644
index 29496eee6f12..000000000000
--- a/src/chrome/content/rules/yoast.com.xml
+++ /dev/null
@@ -1,30 +0,0 @@
-<!--
-	Problematic hosts in *yoast.com:
-
-		- kb ᵐ
-
-	ᵐ Mismatched
-
-
-	Insecure cookies are set for these hosts:
-
-		- www.yoast.com
-
--->
-<ruleset name="Yoast.com (partial)">
-
-	<target host="yoast.com" />
-	<target host="www.yoast.com" />
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^www\.yoast\.com$" name="^X-Mapping-" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/yotuku.cn.xml b/src/chrome/content/rules/yotuku.cn.xml
deleted file mode 100644
index 077e15eb0c42..000000000000
--- a/src/chrome/content/rules/yotuku.cn.xml
+++ /dev/null
@@ -1,16 +0,0 @@
-<!--
-	Mismatch:
-		- www	(equal to ^)
--->
-
-<ruleset name="yotuku.cn">
-
-	<target host="yotuku.cn" />
-	<target host="www.yotuku.cn" />
-
-	<rule from="^http://(www\.)?yotuku\.cn/" to="https://yotuku.cn/" />
-
-		<test url="http://www.yotuku.cn/#" />
-		<test url="http://yotuku.cn/#!/uploads" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/yourcmc.ru.xml b/src/chrome/content/rules/yourcmc.ru.xml
new file mode 100644
index 000000000000..6aa837c20f3a
--- /dev/null
+++ b/src/chrome/content/rules/yourcmc.ru.xml
@@ -0,0 +1,15 @@
+<!--
+	Invalid certificate:
+		www.yourcmc.ru
+		gtwp.yourcmc.ru
+		svn.yourcmc.ru
+		www.svn.yourcmc.ru
+		vmx.yourcmc.ru
+		www.vmx.yourcmc.ru
+-->
+<ruleset name="yourcmc.ru">
+	<target host="yourcmc.ru" />
+		<test url="http://yourcmc.ru/wiki/Grive2" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yousuu.com.xml b/src/chrome/content/rules/yousuu.com.xml
index 58fef02408b4..36a6fd3a3cd2 100644
--- a/src/chrome/content/rules/yousuu.com.xml
+++ b/src/chrome/content/rules/yousuu.com.xml
@@ -1,20 +1,15 @@
 <!--
 	Mismatch:
 		^	( equal to www )
-		js	( equal to img )
+		js
 -->
 
-<ruleset name="yousuu.com" default_off="expired">
+<ruleset name="yousuu.com">
 	<target host="yousuu.com" />
 	<target host="www.yousuu.com" />
-
 	<target host="img.yousuu.com" />
-	<target host="js.yousuu.com" />
 
 	<rule from="^http://yousuu\.com/" to="https://www.yousuu.com/" />
 
-	<rule from="^http://js\.yousuu\.com/" to="https://img.yousuu.com/" />
-		<test url="http://js.yousuu.com/js/bootstrap-select.js" />
-
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/youth.cn.xml b/src/chrome/content/rules/youth.cn.xml
new file mode 100644
index 000000000000..e12f19652176
--- /dev/null
+++ b/src/chrome/content/rules/youth.cn.xml
@@ -0,0 +1,54 @@
+<!--
+	Mismatched:
+		bbs.youth.cn
+		sns.qnzs.youth.cn
+
+	Timeout:
+		^
+		book.youth.cn
+		en.youth.cn
+		fr.youth.cn
+		ftpd.youth.cn
+		jp.youth.cn
+		mail.youth.cn
+		news.youth.cn
+		t.m.youth.cn	https://t.m.youth.cn/transfer/toutiao/url/3g.youth.cn/rdzx/201809/t20180922_11735714.htm
+		v.youth.cn
+		vr.youth.cn
+		yq.youth.cn
+		zhijh.youth.cn
+-->
+<ruleset name="youth.cn">
+	<target host="www.youth.cn" />
+	<target host="3g.youth.cn" />
+	<target host="agzy.youth.cn" />
+	<target host="auto.youth.cn" />
+	<target host="cheers.youth.cn" />
+	<target host="cunguan.youth.cn" />
+	<target host="d.youth.cn" />
+	<target host="df.youth.cn" />
+	<target host="edu.youth.cn" />
+	<target host="finance.youth.cn" />
+	<target host="fun.youth.cn" />
+	<target host="g.youth.cn" />
+	<target host="gy.youth.cn" />
+	<target host="he.youth.cn" />
+	<target host="kandian.youth.cn" />
+	<target host="kr.youth.cn" />
+	<target host="picture.youth.cn" />
+	<target host="pinglun.youth.cn" />
+	<target host="qclz.youth.cn" />
+	<target host="qnzs.youth.cn" />
+	<target host="qnzz.youth.cn" />
+	<target host="ru.youth.cn" />
+	<target host="shuhua.youth.cn" />
+	<target host="sxx.youth.cn" />
+	<target host="m.youth.cn" />
+	<target host="tour.youth.cn" />
+	<target host="txs.youth.cn" />
+	<target host="wenhua.youth.cn" />
+	<target host="xibu.youth.cn" />
+	<target host="youxi.youth.cn" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yoyogames.com.xml b/src/chrome/content/rules/yoyogames.com.xml
index 81ff76cddc31..9e7f06fda7b8 100644
--- a/src/chrome/content/rules/yoyogames.com.xml
+++ b/src/chrome/content/rules/yoyogames.com.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://yoyogames.com/ => https://yoyogames.com/: (60, 'SSL certificate problem: unable to get local issuer certificate')
 
 -->
-<ruleset name="Yoyogames.com" default_off='failed ruleset test'>
+<ruleset name="Yoyogames.com" default_off="failed ruleset test">
   <target host="yoyogames.com" />
   <target host="www.yoyogames.com" />
 
diff --git a/src/chrome/content/rules/yp.ru.xml b/src/chrome/content/rules/yp.ru.xml
index 9b1838dc4cbf..82b3c31cb3d2 100644
--- a/src/chrome/content/rules/yp.ru.xml
+++ b/src/chrome/content/rules/yp.ru.xml
@@ -4,7 +4,7 @@ Disabled by https-everywhere-checker because:
 Fetch error: http://yp.ru/ => https://yp.ru/: (60, 'SSL certificate problem: certificate has expired')
 
 -->
-<ruleset name="yp.ru" default_off='failed ruleset test'>
+<ruleset name="yp.ru" default_off="failed ruleset test">
 	<target host="yp.ru" />
 	<target host="www.yp.ru" />
 	<rule from="^http:" to="https:" />
diff --git a/src/chrome/content/rules/yr.no.xml b/src/chrome/content/rules/yr.no.xml
index f2ef88885cd4..063a1d62dd0d 100644
--- a/src/chrome/content/rules/yr.no.xml
+++ b/src/chrome/content/rules/yr.no.xml
@@ -1,44 +1,38 @@
 
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://beta.yr.no/ => https://beta.yr.no/: (6, 'Could not resolve host: beta.yr.no')
-
 	Nonfunctional hosts in *yr.no:
 
+		- artikkel
 		- dev ʳ
 		- gfx ʳ
+		- om
 		- tillegg ʳ
 
 	ʳ Refused
 
-
 	Problematic hosts in *yr.no:
 
-		- api ᵐ
+		- vindpil
 
-	ᵐ Mismatched
+	Invalid certificate:
+		- api
 
 -->
-<ruleset name="yr.no (partial)" default_off='failed ruleset test'>
+<ruleset name="yr.no (partial)">
 
-	<!--	Direct rewrites:
-				-->
 	<target host="yr.no" />
 	<target host="beta.yr.no" />
 	<target host="m.yr.no" />
 	<target host="symbol.yr.no" />
 	<target host="www.yr.no" />
-
 		<test url="http://symbol.yr.no/grafikk/sym/b38/46.png" />
 
 	<!--	Complications:
-				-->
+						-->
 	<target host="api.yr.no" />
 
-
 	<securecookie host="^\w" name=".+" />
 
-
 	<rule from="^http://api\.yr\.no/"
 		to="https://api.met.no/" />
 
diff --git a/src/chrome/content/rules/yuga.ru.xml b/src/chrome/content/rules/yuga.ru.xml
index 76bf882d880b..a1a82fd8b4fd 100644
--- a/src/chrome/content/rules/yuga.ru.xml
+++ b/src/chrome/content/rules/yuga.ru.xml
@@ -9,7 +9,7 @@ biznes. mismatch
 iskra. mismatch
 fckuban. mismatch
 internet. mismatch-->
-<ruleset name="yuga.ru" default_off='failed ruleset test'>
+<ruleset name="yuga.ru" default_off="failed ruleset test">
 	<target host="yuga.ru" />
 	<target host="www.yuga.ru" />
 	<target host="bank.yuga.ru" />
diff --git a/src/chrome/content/rules/yuji.ne.jp.xml b/src/chrome/content/rules/yuji.ne.jp.xml
new file mode 100644
index 000000000000..9ccaf13c06e9
--- /dev/null
+++ b/src/chrome/content/rules/yuji.ne.jp.xml
@@ -0,0 +1,10 @@
+<!--
+	Ruleset for YUJI.NE.JP
+-->
+
+<ruleset name="yuji.ne.jp">
+	<target host="yuji.ne.jp" />
+	<target host="www.yuji.ne.jp" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yunaq.com.xml b/src/chrome/content/rules/yunaq.com.xml
index 72941933a1fc..703e6a0e3ec6 100644
--- a/src/chrome/content/rules/yunaq.com.xml
+++ b/src/chrome/content/rules/yunaq.com.xml
@@ -10,6 +10,6 @@
 	<target host="www.yunaq.com" />
 	<target host="sso.yunaq.com" />
 	<target host="static.yunaq.com" />
-	
+
 	<rule from="^http:" to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/yuzusushisanmateo.com.xml b/src/chrome/content/rules/yuzusushisanmateo.com.xml
new file mode 100644
index 000000000000..166ab3786514
--- /dev/null
+++ b/src/chrome/content/rules/yuzusushisanmateo.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="yuzusushisanmateo.com">
+	<target host="yuzusushisanmateo.com" />
+	<target host="www.yuzusushisanmateo.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/yvt.jp.xml b/src/chrome/content/rules/yvt.jp.xml
new file mode 100644
index 000000000000..bb9fa1f650af
--- /dev/null
+++ b/src/chrome/content/rules/yvt.jp.xml
@@ -0,0 +1,21 @@
+<!--
+	Invalid certificate:
+		celestia.yvt.jp
+-->
+<ruleset name="yvt.jp">
+	<target host="yvt.jp" />
+	<target host="www.yvt.jp" />
+	<target host="a.yvt.jp" />
+	<target host="codebin.yvt.jp" />
+	<target host="dlg.yvt.jp" />
+	<target host="gs.yvt.jp" />
+	<target host="ij.yvt.jp" />
+	<target host="img2text.yvt.jp" />
+	<target host="notes.yvt.jp" />
+	<target host="openspades.yvt.jp" />
+	<target host="openspadesmedia.yvt.jp" />
+	<target host="ylog.yvt.jp" />
+
+	<rule from="^http://www\.yvt\.jp/" to="https://yvt.jp/" /> <!-- Invalid certificate -->
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/z0r.de.xml b/src/chrome/content/rules/z0r.de.xml
new file mode 100644
index 000000000000..028193f1cdd6
--- /dev/null
+++ b/src/chrome/content/rules/z0r.de.xml
@@ -0,0 +1,12 @@
+<!--
+	Mismatched:
+		- index
+-->
+<ruleset name="z0r.de">
+	<target host="z0r.de" />
+	<target host="www.z0r.de" />
+	<target host="board.z0r.de" />
+	<target host="test.z0r.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zaobao.com.xml b/src/chrome/content/rules/zaobao.com.xml
new file mode 100644
index 000000000000..b843061ce498
--- /dev/null
+++ b/src/chrome/content/rules/zaobao.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="zaobao.com">
+	<target host="zaobao.com" />
+	<target host="www.zaobao.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zdf.xml b/src/chrome/content/rules/zdf.xml
index 76f46d5f1634..4e750895ba64 100644
--- a/src/chrome/content/rules/zdf.xml
+++ b/src/chrome/content/rules/zdf.xml
@@ -1,79 +1,76 @@
-
 <!--
-Disabled by https-everywhere-checker because:
-Fetch error: http://machtfaktorerde.zdf.de/ => https://machtfaktorerde.zdf.de/: (6, 'Could not resolve host: machtfaktorerde.zdf.de')
-Fetch error: http://mauerspecht.zdf.de/ => https://mauerspecht.zdf.de/: (6, 'Could not resolve host: mauerspecht.zdf.de')
-Fetch error: http://lobbyradar.de/ => https://lobbyradar.de/: (60, 'SSL certificate problem: certificate has expired')
-Fetch error: http://weihnachtsbaumspiel.tivi.de/ => https://weihnachtsbaumspiel.tivi.de/: (6, 'Could not resolve host: weihnachtsbaumspiel.tivi.de')
+	Invalid certificate:
+		- lobbyradar.de
+		- abenteuermako.tivi.de
+		- fehlersuche.spiel.tivi.de
 
 	Mismatch:
-		- (www.)neo-magazin-royale.de
-		- (www.)zdfinfo.de
-		- (www.)zdfkultur.de
-		- (www.)zdfneo.de
-		- cl.zdf.de
 		- cl.zdfsport.de
-		- m.heute.de
-		- m.zdf.de
-		- m.zdfsport.de
-		- podcast.heute.de
 		- quartett.tivi.de
 		- spiel.tivi.de
-		- tivi.zdf.de
-		- vr.tivi.de
-
-	Refused:
-		- kinderhilfe.zdf.de
 
 	No secure connection:
 		- wohin.heute.de
 -->
-<ruleset name="ZDF (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="ZDF (partial)">
+
 	<target host="zdf.de" />
 	<target host="www.zdf.de" />
 	<target host="1914.zdf.de" />
 	<target host="blog.zdf.de" />
+	<target host="cl.zdf.de" />
 	<target host="godscloud.zdf.de" />
+	<target host="kinderhilfe.zdf.de" />
 	<target host="ly.zdf.de" />
-	<target host="machtfaktorerde.zdf.de" />
-	<target host="mauerspecht.zdf.de" />
+	<target host="m.zdf.de" />
 	<target host="medienforschung.zdf.de" />
 	<target host="module.zdf.de" />
 	<target host="momentedergeschichte.zdf.de" />
 	<target host="presseportal.zdf.de" />
 	<target host="ticketservice.zdf.de" />
 	<target host="tippcenter.zdf.de" />
+	<target host="tivi.zdf.de" />
 	<target host="trailer.zdf.de" />
 	<target host="webapp.zdf.de" />
 	<target host="wisoreisen.zdf.de" />
 	<target host="wwwdyn.zdf.de" />
 
-	<target host="lobbyradar.de" />
-	<target host="www.lobbyradar.de" />
-
 	<target host="heute.de" />
 	<target host="www.heute.de" />
+	<target host="m.heute.de" />
+	<target host="podcast.heute.de" />
+
+	<target host="zdfinfo.de" />
+	<target host="www.zdfinfo.de" />
+
+	<target host="zdfneo.de" />
+	<target host="www.zdfneo.de" />
 
 	<target host="zdfsport.de" />
 	<target host="www.zdfsport.de" />
+	<target host="m.zdfsport.de" />
+
+	<target host="zdfkultur.de" />
+	<target host="www.zdfkultur.de" />
+
+	<target host="neo-magazin-royale.de" />
+	<target host="www.neo-magazin-royale.de" />
 
 	<target host="tivi.de" />
 	<target host="www.tivi.de" />
-	<target host="abenteuermako.tivi.de" />
 	<target host="blog.tivi.de" />
-	<target host="diewildenkerle.spiel.tivi.de" />
-	<target host="fehlersuche.spiel.tivi.de" />
-	<target host="karaoke.spiel.tivi.de" />
 	<target host="modul.tivi.de" />
 	<target host="quiz.tivi.de" />
 	<target host="typtest.tivi.de" />
-	<target host="weihnachtsbaumspiel.tivi.de" />
+	<target host="vr.tivi.de" />
+		<test url="http://vr.tivi.de/checkpoint/" />
 
 	<target host="heute-show.de" />
 	<target host="www.heute-show.de" />
 
-	<rule from="^http://zdfsport\.de/"
-		to="https://www.zdfsport.de/" />
-	<rule from="^http:"
-		to="https:" />
+	<!-- Invalid certificate on https://(www.)?heute-show.de/,
+	http://(www.)?heute-show.de/ redirects to https://www.zdf.de/comedy/heute-show/.-->
+	<rule from="^http://(www\.)?heute-show\.de/" to="https://www.zdf.de/comedy/heute-show/" />
+
+	<rule from="^http:"	to="https:" />
 </ruleset>
diff --git a/src/chrome/content/rules/zerogate.tk.xml b/src/chrome/content/rules/zerogate.tk.xml
deleted file mode 100644
index ab54f37f9ea5..000000000000
--- a/src/chrome/content/rules/zerogate.tk.xml
+++ /dev/null
@@ -1,6 +0,0 @@
-<ruleset name="zerogate.tk">
-	<target host="zerogate.tk" />
-	<target host="www.zerogate.tk" />
-
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/zeus-software.com.xml b/src/chrome/content/rules/zeus-software.com.xml
new file mode 100644
index 000000000000..ff4bcb42d939
--- /dev/null
+++ b/src/chrome/content/rules/zeus-software.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="zeus-software.com">
+	<target host="zeus-software.com" />
+	<target host="www.zeus-software.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zimuku.la.xml b/src/chrome/content/rules/zimuku.la.xml
new file mode 100644
index 000000000000..265143e934b5
--- /dev/null
+++ b/src/chrome/content/rules/zimuku.la.xml
@@ -0,0 +1,7 @@
+<ruleset name="zimuku.la">
+	<target host="zimuku.la" />
+	<target host="www.zimuku.la" />
+	<target host="static.zimuku.la" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zipPay.com.au.xml b/src/chrome/content/rules/zipPay.com.au.xml
new file mode 100644
index 000000000000..ab571c3d9aeb
--- /dev/null
+++ b/src/chrome/content/rules/zipPay.com.au.xml
@@ -0,0 +1,12 @@
+<ruleset name="zipPay.com.au">
+
+	<target host="zippay.com.au" />
+	<target host="www.zippay.com.au" />
+	<target host="promo.zippay.com.au" />
+	<target host="signup.zippay.com.au" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:"
+		to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zli.ch.xml b/src/chrome/content/rules/zli.ch.xml
new file mode 100644
index 000000000000..ec102234e2a4
--- /dev/null
+++ b/src/chrome/content/rules/zli.ch.xml
@@ -0,0 +1,8 @@
+<ruleset name="zli.ch">
+	<target host="zli.ch" />
+	<target host="www.zli.ch" />
+
+	<securecookie host=".+" name=".+" />
+
+	<rule from="^http:" to="https:"/>
+</ruleset>
diff --git a/src/chrome/content/rules/zlib.net.xml b/src/chrome/content/rules/zlib.net.xml
new file mode 100644
index 000000000000..7fdb2e50cd61
--- /dev/null
+++ b/src/chrome/content/rules/zlib.net.xml
@@ -0,0 +1,13 @@
+<ruleset name="zlib.net">
+
+	<target host="zlib.net" />
+	<target host="www.zlib.net" />
+	<target host="autodiscover.zlib.net" />
+	<target host="cpanel.zlib.net" />
+	<target host="mail.zlib.net" />
+	<target host="webdisk.zlib.net" />
+	<target host="webmail.zlib.net" />
+
+	<rule from="^http:" to="https:" />
+
+</ruleset>
diff --git a/src/chrome/content/rules/zongheng.com.xml b/src/chrome/content/rules/zongheng.com.xml
index 0c656a979d6d..25175dcc898e 100644
--- a/src/chrome/content/rules/zongheng.com.xml
+++ b/src/chrome/content/rules/zongheng.com.xml
@@ -38,7 +38,7 @@ Fetch error: http://www.zongheng.com/ => https://www.zongheng.com/: (35, 'error:
 	ˢ Secured by us, see https://www.paulirish.com/2010/the-protocol-relative-url/
 
 -->
-<ruleset name="Zongheng.com (partial)" platform="mixedcontent" default_off='failed ruleset test'>
+<ruleset name="Zongheng.com (partial)" platform="mixedcontent" default_off="failed ruleset test">
 
 	<target host="zongheng.com" />
 	<target host="passport.zongheng.com" />
diff --git a/src/chrome/content/rules/zoo-bordeaux-pessac.com.xml b/src/chrome/content/rules/zoo-bordeaux-pessac.com.xml
new file mode 100644
index 000000000000..79c7fe2bdae6
--- /dev/null
+++ b/src/chrome/content/rules/zoo-bordeaux-pessac.com.xml
@@ -0,0 +1,6 @@
+<ruleset name="zoo-bordeaux-pessac.com">
+	<target host="zoo-bordeaux-pessac.com" />
+	<target host="www.zoo-bordeaux-pessac.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zoo-frankfurt.de.xml b/src/chrome/content/rules/zoo-frankfurt.de.xml
new file mode 100644
index 000000000000..5df4d0d5dbe7
--- /dev/null
+++ b/src/chrome/content/rules/zoo-frankfurt.de.xml
@@ -0,0 +1,6 @@
+<ruleset name="zoo-frankfurt.de">
+	<target host="zoo-frankfurt.de" />
+	<target host="www.zoo-frankfurt.de" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zoocdn.com.xml b/src/chrome/content/rules/zoocdn.com.xml
index cfe42d288420..f327635e24a6 100644
--- a/src/chrome/content/rules/zoocdn.com.xml
+++ b/src/chrome/content/rules/zoocdn.com.xml
@@ -7,7 +7,7 @@
 <ruleset name="ZooCDN.com" platform="mixedcontent">
 
 	<target host="c.zoocdn.com" />
-		
+
 		<test url="http://c.zoocdn.com/static/1467204751/www/w/primelocation/css/modules/landing.css" />
 
 
diff --git a/src/chrome/content/rules/zoom.us.xml b/src/chrome/content/rules/zoom.us.xml
deleted file mode 100644
index a333bc168957..000000000000
--- a/src/chrome/content/rules/zoom.us.xml
+++ /dev/null
@@ -1,28 +0,0 @@
-<!--
-	Insecure cookies are set for these hosts: ᶜ
-
-		- transifex.zoom.us
-
-	ᶜ See https://owasp.org/index.php/SecureFlag
-
--->
-<ruleset name="Zoom.us">
-
-	<target host="transifex.zoom.us" />
-
-		<!--	Sets cookie without Secure:
-							-->
-		<!--test url="http://transifex.zoom.us/webinar/register/829b2b6c2f3021797c24e00bf0acd2b8" /-->
-
-
-	<!--	Not secured by server:
-					-->
-	<!--securecookie host="^transifex\.zoom\.us$" name="^cred$" /-->
-
-	<securecookie host="^\w" name=".+" />
-
-
-	<rule from="^http:"
-		to="https:" />
-
-</ruleset>
diff --git a/src/chrome/content/rules/zoonegaramalaysia.my.xml b/src/chrome/content/rules/zoonegaramalaysia.my.xml
new file mode 100644
index 000000000000..9fd668018c01
--- /dev/null
+++ b/src/chrome/content/rules/zoonegaramalaysia.my.xml
@@ -0,0 +1,27 @@
+<!--
+	Invalid certificate:
+		ftp.zoonegaramalaysia.my
+		webmail.jwg.zoonegaramalaysia.my
+		webmail.testing.zoonegaramalaysia.my
+		webmail.testingjoomla.zoonegaramalaysia.my
+
+	Refused:
+		localhost.zoonegaramalaysia.my
+		testing.zoonegaramalaysia.my
+		www.testing.zoonegaramalaysia.my
+		zoomail.zoonegaramalaysia.my
+-->
+<ruleset name="zoonegaramalaysia.my">
+	<target host="zoonegaramalaysia.my" />
+	<target host="www.zoonegaramalaysia.my" />
+	<target host="cpanel.zoonegaramalaysia.my" />
+	<target host="jwg.zoonegaramalaysia.my" />
+	<target host="www.jwg.zoonegaramalaysia.my" />
+	<target host="mail.zoonegaramalaysia.my" />
+	<target host="testingjoomla.zoonegaramalaysia.my" />
+	<target host="www.testingjoomla.zoonegaramalaysia.my" />
+	<target host="webdisk.zoonegaramalaysia.my" />
+	<target host="webmail.zoonegaramalaysia.my" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zrkuban.ru.xml b/src/chrome/content/rules/zrkuban.ru.xml
deleted file mode 100644
index 1853a08160b3..000000000000
--- a/src/chrome/content/rules/zrkuban.ru.xml
+++ /dev/null
@@ -1,5 +0,0 @@
-<ruleset name="zrkuban.ru">
-	<target host="zrkuban.ru" />
-	<target host="www.zrkuban.ru" />
-	<rule from="^http:" to="https:" />
-</ruleset>
diff --git a/src/chrome/content/rules/zsnes.com.xml b/src/chrome/content/rules/zsnes.com.xml
new file mode 100644
index 000000000000..7cef6001a3d7
--- /dev/null
+++ b/src/chrome/content/rules/zsnes.com.xml
@@ -0,0 +1,12 @@
+<ruleset name="zsnes.com">
+	<target host="zsnes.com" />
+	<target host="www.zsnes.com" />
+	<target host="board.zsnes.com" />
+	<target host="www.board.zsnes.com" />
+	<target host="merlin.zsnes.com" />
+	<target host="www.merlin.zsnes.com" />
+	<target host="mail.merlin.zsnes.com" />
+	<target host="svn.zsnes.com" />
+
+	<rule from="^http:" to="https:" />
+</ruleset>
diff --git a/src/chrome/content/rules/zufe.edu.cn.xml b/src/chrome/content/rules/zufe.edu.cn.xml
new file mode 100644
index 000000000000..bd1743c3e7ee
--- /dev/null
+++ b/src/chrome/content/rules/zufe.edu.cn.xml
@@ -0,0 +1,67 @@
+<!--
+	404 Not Found:
+		cjlc.zufe.edu.cn
+		jwxt.zufe.edu.cn
+		lib.zufe.edu.cn
+		tc.zufe.edu.cn
+		xsgl.zufe.edu.cn
+		xyw.zufe.edu.cn
+
+	Invalid certificate:
+		vpn.zufe.edu.cn (incomplete certificate chain, intrusted Symantec certificate)
+
+	Refused:
+		caiyun.zufe.edu.cn
+-->
+<ruleset name="zufe.edu.cn">
+	<target host="www.zufe.edu.cn" />
+	<target host="cafr.zufe.edu.cn" />
+	<target host="career.zufe.edu.cn" />
+	<target host="cas.zufe.edu.cn" />
+	<target host="cba.zufe.edu.cn" />
+	<target host="cce.zufe.edu.cn" />
+	<target host="coe.zufe.edu.cn" />
+	<target host="cyqn.zufe.edu.cn" />
+	<target host="cz.zufe.edu.cn" />
+	<target host="ds.zufe.edu.cn" />
+	<target host="e.zufe.edu.cn" />
+	<target host="ggxy.zufe.edu.cn" />
+	<target host="hq.zufe.edu.cn" />
+	<target host="jm.zufe.edu.cn" />
+	<target host="info.zufe.edu.cn" />
+	<target host="intl.zufe.edu.cn" />
+	<target host="irr.zufe.edu.cn" />
+	<target host="jrxy.zufe.edu.cn" />
+	<target host="it.zufe.edu.cn" />
+	<target host="jwc.zufe.edu.cn" />
+	<target host="kyc.zufe.edu.cn" />
+	<target host="law.zufe.edu.cn" />
+	<target host="mail.zufe.edu.cn" />
+	<target host="mba.zufe.edu.cn" />
+	<target host="mpa.zufe.edu.cn" />
+	<target host="mpacc.zufe.edu.cn" />
+	<target host="one.zufe.edu.cn" />
+	<target host="open.zufe.edu.cn" />
+	<target host="rsc.zufe.edu.cn" />
+	<target host="rwxy.zufe.edu.cn" />
+	<target host="sau.zufe.edu.cn" />
+	<target host="sslvpn.zufe.edu.cn" />
+	<target host="sie.zufe.edu.cn" />
+	<target host="szb.zufe.edu.cn" />
+	<target host="tsjy.zufe.edu.cn" />
+	<target host="tyb.zufe.edu.cn" />
+	<target host="wgy.zufe.edu.cn" />
+	<target host="wlkt.zufe.edu.cn" />
+	<target host="wx.zufe.edu.cn" />
+	<target host="ygw.zufe.edu.cn" />
+	<target host="xcb.zufe.edu.cn" />
+	<target host="xsc.zufe.edu.cn" />
+	<target host="yjsc.zufe.edu.cn" />
+	<target host="ys.zufe.edu.cn" />
+	<target host="zcdyy.zufe.edu.cn" />
+	<target host="zjacc.zufe.edu.cn" />
+	<target host="zs.zufe.edu.cn" />
+
+
+	<rule from="^http:" to="https:" />
+</ruleset>
\ No newline at end of file
diff --git a/src/chrome/content/rules/zyxel.ru.xml b/src/chrome/content/rules/zyxel.ru.xml
index 5906874baf8f..d65a9e48e081 100644
--- a/src/chrome/content/rules/zyxel.ru.xml
+++ b/src/chrome/content/rules/zyxel.ru.xml
@@ -16,7 +16,7 @@ support.zyxel.ru ⁴
 ¹ mismatch
 ⁴ self signed
 -->
-<ruleset name="zyxel.ru" default_off='failed ruleset test'>
+<ruleset name="zyxel.ru" default_off="failed ruleset test">
 	<target host="zyxel.ru" />
 	<target host="www.zyxel.ru" />
 	<target host="m.zyxel.ru" />
diff --git a/src/chrome/locale/en/https-everywhere.dtd b/src/chrome/locale/en/https-everywhere.dtd
index e8752886bdc4..cde60e0b4222 100644
--- a/src/chrome/locale/en/https-everywhere.dtd
+++ b/src/chrome/locale/en/https-everywhere.dtd
@@ -2,27 +2,69 @@
 <!ENTITY https-everywhere.about.ext_name "HTTPS Everywhere">
 <!ENTITY https-everywhere.about.ext_description "Encrypt the Web! Automatically use HTTPS security on many sites.">
 <!ENTITY https-everywhere.about.version "Version">
+<!ENTITY https-everywhere.about.rulesets_version "Rulesets version for">
 <!ENTITY https-everywhere.about.add_new_rule "Add New Rule">
 
 <!ENTITY https-everywhere.menu.donate_eff_imperative "Donate to EFF">
 <!ENTITY https-everywhere.menu.observatory "SSL Observatory Preferences">
-<!ENTITY https-everywhere.menu.globalEnable "Enable HTTPS Everywhere">
-<!ENTITY https-everywhere.menu.blockUnencryptedRequests "Block all unencrypted requests">
+<!ENTITY https-everywhere.menu.globalDisable "HTTPS Everywhere is OFF">
+<!ENTITY https-everywhere.menu.globalEnable "HTTPS Everywhere is ON">
+<!ENTITY https-everywhere.menu.encryptAllSitesEligibleOn "Encrypt All Sites Eligible is ON">
+<!ENTITY https-everywhere.menu.encryptAllSitesEligibleOff "Encrypt All Sites Eligible is OFF">
+<!ENTITY https-everywhere.menu.httpNoWhereExplainedBlocked "Unencrypted requests are currently blocked">
+<!ENTITY https-everywhere.menu.httpNoWhereExplainedAllowed "Unencrypted requests are currently allowed">
+<!ENTITY https-everywhere.menu.seeMore "See more">
+<!ENTITY https-everywhere.menu.seeLess "See less">
+<!ENTITY https-everywhere.menu.httpNoWhereMore "This mode blocks unencrypted content and requests">
 <!ENTITY https-everywhere.menu.showCounter "Show Counter">
 <!ENTITY https-everywhere.menu.viewAllRules "View All Rules">
 
+<!ENTITY https-everywhere.options.settings "Settings">
 <!ENTITY https-everywhere.options.generalSettings "General Settings">
-<!ENTITY https-everywhere.options.importSettings "Import Settings">
-<!ENTITY https-everywhere.options.import "Import">
-<!ENTITY https-everywhere.options.imported "Your settings have been imported.">
+<!ENTITY https-everywhere.options.advancedSettings "Advanced Settings">
+<!ENTITY https-everywhere.options.updateChannels "Update Channels">
+<!ENTITY https-everywhere.options.enableMixedRulesets "Enable mixed content rulesets">
+<!ENTITY https-everywhere.options.showDevtoolsTab "Show Devtools tab">
+<!ENTITY https-everywhere.options.autoUpdateRulesets "Auto-update rulesets">
+<!ENTITY https-everywhere.options.userRulesListed "HTTPS Everywhere User Rules">
+<!ENTITY https-everywhere.options.disabledUrlsListed "HTTPS Everywhere Sites Disabled">
+<!ENTITY https-everywhere.options.updateChannelsWarning "Warning: Adding update channels can cause attackers to hijack your browser. Only edit this section if you know what you're doing!">
+<!ENTITY https-everywhere.options.addDisabledSite "Add Disabled Site">
+<!ENTITY https-everywhere.options.enterDisabledSite "Enter disabled site">
+<!ENTITY https-everywhere.options.hostNotFormattedCorrectly "This host could not be added because it was not formatted correctly. Please check it and try again.">
+<!ENTITY https-everywhere.options.addUpdateChannel "Add Update Channel">
+<!ENTITY https-everywhere.options.enterUpdateChannelName "Enter update channel name">
+<!ENTITY https-everywhere.options.delete "Delete">
+<!ENTITY https-everywhere.options.update "Update">
+<!ENTITY https-everywhere.options.storedRulesetsVersion "Stored rulesets version: ">
+<!ENTITY https-everywhere.options.updatesLastChecked "Updates last checked: ">
+<!ENTITY https-everywhere.options.updatesLastCheckedNever "never">
+<!ENTITY https-everywhere.options.debuggingRulesets "Debugging Rulesets (advanced)">
 
 <!ENTITY https-everywhere.prefs.export_settings "Export Settings">
 <!ENTITY https-everywhere.prefs.reset_defaults "Reset to Defaults">
+<!ENTITY https-everywhere.prefs.reset_defaults_message "This will reset each ruleset to its default state. Continue?">
 
+<!ENTITY https-everywhere.cancel.he_blocking_explainer "HTTPS Everywhere noticed you were navigating to a non-HTTPS page, and tried to send you to the HTTPS version instead. The HTTPS version is unavailable. Most likely this site does not support HTTPS, but it is also possible that an attacker is blocking the HTTPS version. If you wish to view the unencrypted version of this page, you can still do so by disabling the 'Encrypt All Sites Eligible' (EASE) option in your HTTPS Everywhere extension. Be aware that disabling this option could make your browser vulnerable to network-based downgrade attacks on websites you visit.">
+<!ENTITY https-everywhere.cancel.he_blocking_network "network-based downgrade attacks">
+<!ENTITY https-everywhere.cancel.copy_url "Copy URL">
+<!ENTITY https-everywhere.cancel.copied_url "Copied to Clipboard">
+<!ENTITY https-everywhere.cancel.open_page "Disable on this site">
+<!ENTITY https-everywhere.cancel.http_once "Proceed anyway (unsafe)">
+
+<!ENTITY https-everywhere.onboarding.intro "Encrypt the Web! Automatically use HTTPS security on many sites.">
+<!ENTITY https-everywhere.onboarding.header "HTTPS Everywhere has been updated!">
+<!ENTITY https-everywhere.onboarding.footer "HTTPS Everywhere is an EFF project">
+
+<!ENTITY https-everywhere.chrome.settings_for_this_site_header "Settings for this site">
+<!ENTITY https-everywhere.chrome.settings_for_this_site_subheader "Change your preferences for encrypted connections">
+<!ENTITY https-everywhere.chrome.settings_for_this_site_explained "As you browse different websites, you can change your preferences for each website">
 <!ENTITY https-everywhere.chrome.stable_rules "Stable rules">
 <!ENTITY https-everywhere.chrome.stable_rules_description "Force encrypted connections to these websites:">
 <!ENTITY https-everywhere.chrome.experimental_rules "Experimental rules">
 <!ENTITY https-everywhere.chrome.experimental_rules_description "May cause warnings or breakage. Disabled by default.">
+<!ENTITY https-everywhere.chrome.disable_on_this_site "Disable on this site">
+<!ENTITY https-everywhere.chrome.enable_on_this_site "Enable on this site">
 <!ENTITY https-everywhere.chrome.add_rule "Add a rule for this site">
 <!ENTITY https-everywhere.chrome.add_new_rule "Add a new rule for this site">
 <!ENTITY https-everywhere.chrome.always_https_for_host "Always use https for this host">
@@ -33,3 +75,7 @@
 <!ENTITY https-everywhere.chrome.regex "Matching regex">
 <!ENTITY https-everywhere.chrome.redirect_to "Redirect to">
 <!ENTITY https-everywhere.chrome.status_cancel_button "Cancel">
+
+<!ENTITY https-everywhere.standalone.proxy_server_info_prefix "Proxy server running on">
+<!ENTITY https-everywhere.standalone.transparent_true "You must set up your firewall rules to forward packets to the specified host and port.">
+<!ENTITY https-everywhere.standalone.transparent_false "You must configure your applications to use an HTTP proxy on the specified host and port.">
diff --git a/src/chrome/locale/en/ssl-observatory.dtd b/src/chrome/locale/en/ssl-observatory.dtd
deleted file mode 100644
index a42567764f7f..000000000000
--- a/src/chrome/locale/en/ssl-observatory.dtd
+++ /dev/null
@@ -1,101 +0,0 @@
-<!-- Observatory popup window -->
-<!ENTITY ssl-observatory.popup.details "Details and Privacy Information">
-<!ENTITY ssl-observatory.popup.later "Ask Me Later">
-<!ENTITY ssl-observatory.popup.no "No">
-
-<!ENTITY ssl-observatory.popup.text "HTTPS Everywhere can detect attacks
-against your browser by sending the certificates you receive to the
-Observatory.  Turn this on?">
-
-<!--<!ENTITY ssl-observatory.popup.text 
-"EFF's SSL Observatory can detect attacks against HTTPS websites by collecting
-and auditing the certificates being presented to your browser. Would you like
-to turn it on?">-->
-
-<!ENTITY ssl-observatory.popup.title 
-"Should HTTPS Everywhere use the SSL Observatory?">
-
-<!ENTITY ssl-observatory.popup.yes "Yes">
-
-<!-- Observatory preferences dialog -->
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts1
-"It is safe to enable this, unless you use a very
-intrusive corporate network:">
-
-<!ENTITY ssl-observatory.prefs.adv_priv_opts2
-"Safe, unless you use a corporate network with secret intranet server names:">
-
-<!ENTITY ssl-observatory.prefs.alt_roots 
-"Submit and check certificates signed by non-standard root CAs">
-
-<!ENTITY ssl-observatory.prefs.alt_roots_tooltip 
-"It is safe (and a good idea) to enable this option, unless you use an intrusive corporate network or Kaspersky antivirus software that monitors your browsing with a TLS proxy and a private root Certificate Authority.  If enabled on such a network, this option might publish evidence of which https:// domains were being visited through that proxy, because of the unique certificates it would produce.  So we leave it off by default.">
-
-<!ENTITY ssl-observatory.prefs.anonymous "Check certificates using Tor for anonymity">
-<!ENTITY ssl-observatory.prefs.anonymous_unavailable 
-"Check certificates using Tor for anonymity (requires Tor)">
-<!ENTITY ssl-observatory.prefs.anonymous_tooltip 
-"This option requires Tor to be installed and running">
-
-<!ENTITY ssl-observatory.prefs.asn 
-'When you see a new certificate, tell the Observatory which ISP you are connected to'>
-
-<!ENTITY ssl-observatory.prefs.asn_tooltip
-'This will fetch and send the "Autonomous System number" of your network.  This will help us locate attacks against HTTPS, and to determine whether we have observations from networks in places like Iran and Syria where attacks are comparatively common.'>
-
-<!ENTITY ssl-observatory.prefs.show_cert_warning
-"Show a warning when the Observatory detects a revoked certificate not caught by your browser">
-
-<!ENTITY ssl-observatory.prefs.show_cert_warning_tooltip
-"This will check submitted certificates against known Certificate Revocation Lists. Unfortunately we cannot guarantee that we will flag every revoked certificate, but if you do see a warning there's a good chance something is wrong.">
-
-<!ENTITY ssl-observatory.prefs.done "Done">
-
-<!ENTITY ssl-observatory.prefs.explanation 
-"HTTPS Everywhere can use EFF's SSL Observatory.  This does two things: (1)
-sends copies of HTTPS certificates to the Observatory, to help us
-detect 'man in the middle' attacks and improve the Web's security; and (2)
-lets us warn you about insecure connections or attacks on your browser.">
-
-<!--<!ENTITY ssl-observatory.prefs.explanation2
-"When you visit https://www.example.com, the Observatory will learn that
-somebody visited that site, but will not know who or what page they looked at.
-Mouseover the options for further details:">-->
-
-<!ENTITY ssl-observatory.prefs.explanation2
-
-"For example, when you visit https://www.something.com, the certificate
-received by the Observatory will indicate that somebody visited
-www.something.com, but not who visited the site, or what specific page they
-looked at.  Mouseover the options for further details:">
-
-<!ENTITY ssl-observatory.prefs.hide "Hide advanced options">
-
-<!ENTITY ssl-observatory.prefs.nonanon 
-"Check certificates even if Tor is not available">
-
-<!ENTITY ssl-observatory.prefs.nonanon_tooltip
-"We will still try to keep the data anonymous, but this option is less secure">
-
-<!ENTITY ssl-observatory.prefs.priv_dns 
-"Submit and check certificates for non-public DNS names">
-
-<!ENTITY ssl-observatory.prefs.priv_dns_tooltip
-"Unless this option is checked, the Observatory will not record certificates for names that it cannot resolve through the DNS system.">
-
-<!ENTITY ssl-observatory.prefs.show "Show advanced options">
-
-<!ENTITY ssl-observatory.prefs.title "SSL Observatory Preferences">
-
-<!ENTITY ssl-observatory.prefs.use "Use the Observatory?">
-<!ENTITY ssl-observatory.warning.title "WARNING from EFF's SSL Observatory">
-<!ENTITY ssl-observatory.warning.showcert "Show the certificate chain">
-<!ENTITY ssl-observatory.warning.okay "I understand">
-<!ENTITY ssl-observatory.warning.text "EFF's SSL Observatory has issued a warning about the HTTPS certificiate(s) for this site:">
-<!ENTITY ssl-observatory.warning.defense 'If you are logged in to this site, it may be advisable to change your password once you have a safe connection. (These warnings can be disabled in the "SSL Observatory" tab of the HTTPS Everywhere preferences dialog.)'>
-
-<!ENTITY ssl-observatory.prefs.self_signed
-"Submit and check self-signed certificates">
-<!ENTITY ssl-observatory.prefs.self_signed_tooltip
-"This is recommended; cryptographic problems are especially common in self-signed embedded devices">
diff --git a/test/README.md b/test/README.md
index 2a2dd8709e21..5b4e2441ff27 100644
--- a/test/README.md
+++ b/test/README.md
@@ -1,64 +1,50 @@
-# Tests for HTTPS Everywhere
+# Automated Tests for HTTPS Everywhere
+
+## Running
 
-# Running
     bash test.sh
 
-# Requirements
+## Requirements for Selenium Testing
 
 - Python 3.6
 - Selenium
       - Install Selenium as a python package using ```pip3 install selenium```, or run install-dev-dependencies.sh and it will do the job
 - GeckoDriver
-      - Manually download GeckoDriver from https://github.com/mozilla/geckodriver/releases. Extract the executable to /usr/bin/, so that the pasted executable's full path becomes /usr/bin/geckodriver.
+      - Manually download GeckoDriver from [here](https://github.com/mozilla/geckodriver/releases). Extract the executable to `/usr/bin/`, so that the pasted executable's full path becomes `/usr/bin/geckodriver`.
 
-# Manual tests
+# List of Manual tests
 
-These are test cases to execute manually before a release, and we should
-implement them as automated tests:
+These are integrated into Travis for automated end-to-end testing within Firefox and Chrome/Chromium browsers
 
 # Firefox
-- Visit a site that triggers a ruleset (e.g., Reddit.com). Verify counter appears on HTTPS
-  Everywhere icon.
-- Click HTTPS Everywhere icon menu, click 'show counter'. Verify counter
-  disappears. Verify checkmark disappears from menu item.
-- Click HTTPS Everywhere icon, verify ruleset shows up in green.
-- Click ruleset.
-- Reopen HTTPS Everywhere icon menu, verify ruleset shows up in grey.
-- Reload HTTP version of the site, ensure it doesn't get rewritten now that the
-  ruleset is disabled.
+
+- Visit a site that triggers a ruleset (e.g., Reddit.com).
+- Click HTTPS Everywhere icon, verify ruleset shows up in blue.
+- Click 'show more' text and view ruleset and toggle off ruleset.
+- Reopen HTTPS Everywhere menu, verify ruleset shows up in grey.
+- Reload HTTP version of the site, ensure it doesn't get rewritten now that the ruleset is disabled.
 - Click HTTP Everywhere icon, click ruleset again.
-- Reopen HTTPS Everywhere icon menu, verify ruleset shows up in green.
-- Right-click on a rule, click 'View XML source.' Verify it opens up a dialog
-  box and shows the rule source.
-- Click HTTPS Everywhere icon menu, click 'Block all HTTP requests'. Verify icon
+- Click HTTPS Everywhere icon menu, click 'Encrypt All Sites Eligible'. Verify icon
   turns red.
-- Visit an HTTP site known to not have a rewrite rule. http://amazon.com is a
+- Visit an HTTP site known to not have a rewrite rule. http://http.badssl.com is a
   good example. Verify page does not load.
 - Visit an HTTPS site that contains passive mixed content that is not rewritten
   to HTTPS. https://jacob.hoffman-andrews.com/passive-mixed-content.html is a
   good example. Verify the passive mixed content (e.g., image) does not load.
-- Click icon menu, click 'About HTTPS Everywhere.' Verify dialog opens.
-- Click icon menu, click 'SSL Observatory Preferences.' Verify dialog opens.
-- Click icon menu, click 'Disable HTTPS Everywhere.' Verify icon turns grey.
-- Visit a site that would normally trigger a ruleset. Verify it is not rewritten
-  to HTTPS.
-- Click icon menu, click 'Enable HTTPS Everywhere.' Verify icon turns blue.
-  Verify page reloads and is rewritten to HTTPS.
-- Look at log output, look for errors. Make sure certificates are being
-submitted to SSL Observatory
-- Tools > Web Developer > Browser Toolbox > Console. Check for errors.
-- TODO: Test translations?
+- Click menu, click 'HTTPS Everywhere is ON' to 'HTTPS Everywhere is OFF' Verify icon turns grey.
+- Visit a site that would normally trigger a ruleset. Verify it is not rewritten to HTTPS.
+- Click menu, click 'Enable HTTPS Everywhere.' Verify icon turns blue. Verify page reloads and is rewritten to HTTPS.
+- Look at log output, look for errors.
+- Browser Menu > Web Developer > Web Console. Check for errors.
 
 # Chromium
 
 - Visit a site that triggers a ruleset (e.g., Reddit.com). Verify counter appears
-  on HTTPS Everywhere icon.
-- Click HTTPS Everywhere icon menu. Verify it contains appropriate ruleset.
+  within the HTTPS Everywhere menu under 'show more'.
+- Click HTTPS Everywhere menu. Verify it contains appropriate ruleset.
 - Disable ruleset.
-- Visit HTTP version of the site again. Verify it does not get redirected to
-  HTTPS.
+- Visit HTTP version of the site again. Verify it does not get redirected to HTTPS.
 - Re-enable ruleset.
 - Visit HTTP version of the site again. Verify it does get redirected.
-- Visit site that does not have a ruleset. From icon menu, click 'Add this
-  site', and complete site-adding process.
+- Visit site that does not have a ruleset. Under the 'show more' menu, click 'Add this site', and complete site-adding process.
 - Reload the site. Verify it gets redirected to HTTPS.
diff --git a/test/chromium.sh b/test/chromium.sh
index efc134dba48d..70f6c712a798 100755
--- a/test/chromium.sh
+++ b/test/chromium.sh
@@ -31,11 +31,11 @@ if [ "$1" == "--justrun" ]; then
 	which $BROWSER || BROWSER="chromium"
 	$BROWSER \
 		--user-data-dir="$PROFILE_DIRECTORY" \
-		--load-extension=pkg/crx/ \
+		--load-extension=pkg/crx-cws/ \
 		"$@"
 else
 	./make.sh
 	echo "running tests"
 	CRX_NAME="`ls -tr pkg/*.crx | tail -1`"
-	$XVFB_RUN python3.6 test/script.py Chrome $CRX_NAME
+	$XVFB_RUN python3 test/script.py Chrome $CRX_NAME
 fi
diff --git a/test/fetch.sh b/test/fetch.sh
index 68969e0359bc..6f08359e525b 100755
--- a/test/fetch.sh
+++ b/test/fetch.sh
@@ -19,7 +19,7 @@ if [ "$TO_BE_TESTED" ]; then
   # Do the actual test, using https-everywhere-checker.
   OUTPUT_FILE=`mktemp`
   trap 'rm "$OUTPUT_FILE"' EXIT
-  python3.6 $RULETESTFOLDER/src/https_everywhere_checker/check_rules.py $RULETESTFOLDER/http.checker.config $TO_BE_TESTED 2>&1 | tee $OUTPUT_FILE
+  python3 $RULETESTFOLDER/src/https_everywhere_checker/check_rules.py $RULETESTFOLDER/http.checker.config $TO_BE_TESTED 2>&1 | tee $OUTPUT_FILE
   # Unfortunately, no specific exit codes are available for connection
   # failures, so we catch those with grep.
   if [[ `cat $OUTPUT_FILE | grep ERROR | wc -l` -ge 1 ]]; then
diff --git a/test/firefox.sh b/test/firefox.sh
index a705aea97fcd..1e99239fdab2 100755
--- a/test/firefox.sh
+++ b/test/firefox.sh
@@ -17,7 +17,7 @@ source utils/mktemp.sh
 # We'll create a Firefox profile here and install HTTPS Everywhere into it.
 PROFILE_DIRECTORY="$(mktemp -d)"
 trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
-HTTPSE_INSTALL_DIRECTORY=$PROFILE_DIRECTORY/extensions/https-everywhere-eff@eff.org
+HTTPSE_INSTALL_FILE=$PROFILE_DIRECTORY/extensions/https-everywhere-eff@eff.org.xpi
 
 # Build the XPI to run all the validations in make.sh, and to ensure that
 # we test what is actually getting built.
@@ -28,14 +28,14 @@ XPI_NAME="`ls -tr pkg/https-everywhere-20*.xpi | tail -1`"
 # The skeleton contains a few files required to trick Firefox into thinking
 # that the extension was fully installed rather than just unpacked.
 cp -a test/firefox/test_profile_skeleton/* $PROFILE_DIRECTORY
-unzip -qd $HTTPSE_INSTALL_DIRECTORY $XPI_NAME
+cp $XPI_NAME $HTTPSE_INSTALL_FILE
 
 die() {
   echo "$@"
   exit 1
 }
 
-if [ ! -d "$HTTPSE_INSTALL_DIRECTORY" ]; then
+if [ ! -f "$HTTPSE_INSTALL_FILE" ]; then
   die "Firefox profile does not have HTTPS Everywhere installed"
 fi
 
@@ -58,8 +58,8 @@ else
 
   PATH=/home/user/geckodriver:$PATH
   if [ -n "$FIREFOX" ]; then
-    $XVFB_RUN python3.6 test/script.py Firefox "$PROFILE_DIRECTORY" $FIREFOX
+    $XVFB_RUN python3 test/script.py Firefox "$PROFILE_DIRECTORY" $FIREFOX
   else
-    $XVFB_RUN python3.6 test/script.py Firefox "$PROFILE_DIRECTORY"
+    $XVFB_RUN python3 test/script.py Firefox "$PROFILE_DIRECTORY"
   fi
 fi
diff --git a/test/firefox/test_profile_skeleton/extensions.json b/test/firefox/test_profile_skeleton/extensions.json
index 5ea29d6ab4dc..471c313bb25c 100644
--- a/test/firefox/test_profile_skeleton/extensions.json
+++ b/test/firefox/test_profile_skeleton/extensions.json
@@ -1,43 +1,48 @@
 {
     "addons": [
         {
-            "aboutURL": "chrome://https-everywhere/content/about.xul",
+            "aboutURL": null,
             "active": true,
             "appDisabled": false,
             "applyBackgroundUpdates": 1,
-            "bootstrap": false,
+            "blocklistState": 0,
+            "blocklistURL": null,
             "defaultLocale": {
-                "creator": "EFF Technologists",
+                "contributors": null,
+                "creator": "extension-devs@eff.org",
                 "description": "Encrypt the Web! Automatically use HTTPS security on many sites.",
+                "developers": null,
                 "homepageURL": "https://www.eff.org/https-everywhere",
-                "name": "HTTPS Everywhere"
+                "name": "HTTPS Everywhere",
+                "translators": null
             },
-            "descriptor": "/tmp/tmp.KvR5nzzEal/extensions/https-everywhere-eff@eff.org",
+            "dependencies": [],
             "foreignInstall": false,
-            "hasBinaryComponents": false,
-            "icon64URL": null,
-            "iconURL": "chrome://https-everywhere/skin/https-everywhere.png",
-            "icons": {},
+            "hidden": false,
+            "iconURL": null,
             "id": "https-everywhere-eff@eff.org",
-            "installDate": 1451269062000,
-            "internalName": null,
-            "locales": [],
+            "installDate": 1559865340000,
+            "installTelemetryInfo": {
+                "method": "link",
+                "source": "unknown"
+            },
+            "loader": null,
             "location": "app-profile",
-            "multiprocessCompatible": true,
-            "optionsType": null,
-            "optionsURL": "chrome://https-everywhere/content/observatory-preferences.xul",
+            "optionsBrowserStyle": true,
+            "optionsType": 5,
             "releaseNotesURI": null,
-            "signedState": 1,
-            "size": 9460335,
+            "seen": true,
+            "signedState": 2,
             "skinnable": false,
             "softDisabled": false,
-            "strictCompatibility": false,
-            "syncGUID": "L3vNFuFgQJ4m",
+            "sourceURI": "https://www.eff.org/files/https-everywhere-latest.xpi",
+            "startupData": null,
+            "strictCompatibility": true,
+            "targetPlatforms": [],
             "type": "extension",
-            "updateDate": 1451269062000,
+            "updateDate": 1559865340000,
             "userDisabled": false,
             "visible": true
         }
-    ],
-    "schemaVersion": 17
+    ]
 }
diff --git a/test/manual.sh b/test/manual.sh
index ccd17286e7ea..d16a977f178c 100755
--- a/test/manual.sh
+++ b/test/manual.sh
@@ -3,4 +3,4 @@
 # coverage for their rules, and performs a network "fetch" test to alert the
 # contributor of potential problems.
 
-exec python3.6 test/rules/src/https_everywhere_checker/check_rules.py test/rules/manual.checker.config "$@"
+exec python3 test/rules/src/https_everywhere_checker/check_rules.py test/rules/manual.checker.config "$@"
diff --git a/test/rules/checker.config.sample b/test/rules/checker.config.sample
index 79bf9191a9bd..d75bbf49f604 100644
--- a/test/rules/checker.config.sample
+++ b/test/rules/checker.config.sample
@@ -34,7 +34,9 @@ connect_timeout = 10
 read_timeout = 15
 redirect_depth = 10
 threads = 10
-#user_agent = Mozilla/5.0 (X11; Linux x86_64; rv:14.0) Gecko/20100101 Firefox/14.0.1
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+#user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
 #curl_verbose = true
 #ssl_version = TLSv1
 fetch_in_subprocess = true
diff --git a/test/rules/coverage.checker.config b/test/rules/coverage.checker.config
index 9979c664513a..8b73bf7cff06 100644
--- a/test/rules/coverage.checker.config
+++ b/test/rules/coverage.checker.config
@@ -8,14 +8,16 @@ check_target_validity = true
 check_nonmatch_groups = true
 check_test_formatting = true
 include_default_off = false
-skiplist = utils/ruleset-whitelist.csv
+skiplist = utils/ruleset-allowlist.csv
 skipfield = 1
 
 [certificates]
 basedir = test/rules/platform_certs
 
 [http]
-user_agent = Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
 # Don't bother doing HTTP, we are just checking coverage and want it to be fast.
 enabled = false
 connect_timeout = 20
diff --git a/test/rules/disable-broken-rulesets.checker.config b/test/rules/disable-broken-rulesets.checker.config
index 39a5c63bde66..f9156a3e4f62 100644
--- a/test/rules/disable-broken-rulesets.checker.config
+++ b/test/rules/disable-broken-rulesets.checker.config
@@ -18,6 +18,7 @@ read_timeout = 30
 redirect_depth = 10
 threads = 20
 fetch_in_subprocess = false
+ssl_version = TLSv1_2
 
 [log]
 logfile = -
diff --git a/test/rules/http.checker.config b/test/rules/http.checker.config
index 186b55281839..ecdd8e36d802 100644
--- a/test/rules/http.checker.config
+++ b/test/rules/http.checker.config
@@ -8,7 +8,7 @@ check_nonmatch_groups = false
 check_test_formatting = false
 auto_disable = false
 include_default_off = false
-skiplist = utils/ruleset-whitelist.csv
+skiplist = utils/ruleset-allowlist.csv
 skipfield = 2
 
 [certificates]
@@ -16,13 +16,16 @@ skipfield = 2
 basedir = test/rules/platform_certs
 
 [http]
-user_agent = Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
 enabled = true
 connect_timeout = 20
 read_timeout = 30
 redirect_depth = 10
 threads = 40
 fetch_in_subprocess = false
+ssl_version = TLSv1_2
 
 [log]
 logfile = -
diff --git a/test/rules/manual.checker.config b/test/rules/manual.checker.config
index a043c6269346..74066fc6ae43 100644
--- a/test/rules/manual.checker.config
+++ b/test/rules/manual.checker.config
@@ -13,7 +13,9 @@ check_target_validity = true
 basedir = test/rules/platform_certs
 
 [http]
-user_agent = Mozilla/5.0 (X11; Linux x86_64; rv:36.0) Gecko/20100101 Firefox/36.0
+# user_agent should be that of the latest ESR version on which TBB is based on.
+# https://blog.torproject.org/browser-fingerprinting-introduction-and-challenges-ahead
+user_agent = Mozilla/5.0 (Windows NT 10.0; rv:68.0) Gecko/20100101 Firefox/68.0
 enabled = true
 connect_timeout = 20
 read_timeout = 30
diff --git a/test/rules/platform_certs/default/00673b5b.0 b/test/rules/platform_certs/default/00673b5b.0
index 2089bf3e0005..302405f29057 120000
--- a/test/rules/platform_certs/default/00673b5b.0
+++ b/test/rules/platform_certs/default/00673b5b.0
@@ -1 +1 @@
-cert033.pem
\ No newline at end of file
+cert028.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/02265526.0 b/test/rules/platform_certs/default/02265526.0
index b07ab0a7620c..62f8be0348c9 120000
--- a/test/rules/platform_certs/default/02265526.0
+++ b/test/rules/platform_certs/default/02265526.0
@@ -1 +1 @@
-cert108.pem
\ No newline at end of file
+cert100.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/02756ea4.0 b/test/rules/platform_certs/default/02756ea4.0
deleted file mode 120000
index 09d377c2dbdf..000000000000
--- a/test/rules/platform_certs/default/02756ea4.0
+++ /dev/null
@@ -1 +0,0 @@
-cert118.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/03179a64.0 b/test/rules/platform_certs/default/03179a64.0
index 2d41f6757f8c..fecfe84b3ea3 120000
--- a/test/rules/platform_certs/default/03179a64.0
+++ b/test/rules/platform_certs/default/03179a64.0
@@ -1 +1 @@
-cert105.pem
\ No newline at end of file
+cert097.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/04f60c28.0 b/test/rules/platform_certs/default/04f60c28.0
index ecbee746f069..fe8b7f684bf0 120000
--- a/test/rules/platform_certs/default/04f60c28.0
+++ b/test/rules/platform_certs/default/04f60c28.0
@@ -1 +1 @@
-cert101.pem
\ No newline at end of file
+cert093.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/062cdee6.0 b/test/rules/platform_certs/default/062cdee6.0
index 0413f9be7825..07df9b5eca3e 120000
--- a/test/rules/platform_certs/default/062cdee6.0
+++ b/test/rules/platform_certs/default/062cdee6.0
@@ -1 +1 @@
-cert058.pem
\ No newline at end of file
+cert051.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/064e0aa9.0 b/test/rules/platform_certs/default/064e0aa9.0
index 4d799e74ef9e..b81347e699c8 120000
--- a/test/rules/platform_certs/default/064e0aa9.0
+++ b/test/rules/platform_certs/default/064e0aa9.0
@@ -1 +1 @@
-cert092.pem
\ No newline at end of file
+cert084.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/06dc52d5.0 b/test/rules/platform_certs/default/06dc52d5.0
index 2a40c649daa9..d358a74650d5 120000
--- a/test/rules/platform_certs/default/06dc52d5.0
+++ b/test/rules/platform_certs/default/06dc52d5.0
@@ -1 +1 @@
-cert137.pem
\ No newline at end of file
+cert122.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/080911ac.0 b/test/rules/platform_certs/default/080911ac.0
index 9d25f0e60cb0..d752b5b008b5 120000
--- a/test/rules/platform_certs/default/080911ac.0
+++ b/test/rules/platform_certs/default/080911ac.0
@@ -1 +1 @@
-cert013.pem
\ No newline at end of file
+cert012.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/09789157.0 b/test/rules/platform_certs/default/09789157.0
index 90c574c79ffc..0413f9be7825 120000
--- a/test/rules/platform_certs/default/09789157.0
+++ b/test/rules/platform_certs/default/09789157.0
@@ -1 +1 @@
-cert065.pem
\ No newline at end of file
+cert058.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0a775a30.0 b/test/rules/platform_certs/default/0a775a30.0
new file mode 120000
index 000000000000..158192fc7dde
--- /dev/null
+++ b/test/rules/platform_certs/default/0a775a30.0
@@ -0,0 +1 @@
+cert128.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0b1b94ef.0 b/test/rules/platform_certs/default/0b1b94ef.0
index 819e00043983..92d55d0abb91 120000
--- a/test/rules/platform_certs/default/0b1b94ef.0
+++ b/test/rules/platform_certs/default/0b1b94ef.0
@@ -1 +1 @@
-cert110.pem
\ No newline at end of file
+cert102.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0bf05006.0 b/test/rules/platform_certs/default/0bf05006.0
index 2707f01ae817..fbeb5ff12554 120000
--- a/test/rules/platform_certs/default/0bf05006.0
+++ b/test/rules/platform_certs/default/0bf05006.0
@@ -1 +1 @@
-cert136.pem
\ No newline at end of file
+cert121.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0c4c9b6c.0 b/test/rules/platform_certs/default/0c4c9b6c.0
index 089e357b6505..426310756475 120000
--- a/test/rules/platform_certs/default/0c4c9b6c.0
+++ b/test/rules/platform_certs/default/0c4c9b6c.0
@@ -1 +1 @@
-cert062.pem
\ No newline at end of file
+cert055.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0d5a4e1c.0 b/test/rules/platform_certs/default/0d5a4e1c.0
deleted file mode 120000
index f79cc53a1883..000000000000
--- a/test/rules/platform_certs/default/0d5a4e1c.0
+++ /dev/null
@@ -1 +0,0 @@
-cert111.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0d69c7e1.0 b/test/rules/platform_certs/default/0d69c7e1.0
index 92d55d0abb91..6d6bdec5e46b 120000
--- a/test/rules/platform_certs/default/0d69c7e1.0
+++ b/test/rules/platform_certs/default/0d69c7e1.0
@@ -1 +1 @@
-cert102.pem
\ No newline at end of file
+cert094.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0f5dc4f3.0 b/test/rules/platform_certs/default/0f5dc4f3.0
new file mode 120000
index 000000000000..68fd619a62a8
--- /dev/null
+++ b/test/rules/platform_certs/default/0f5dc4f3.0
@@ -0,0 +1 @@
+cert131.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/0f6fa695.0 b/test/rules/platform_certs/default/0f6fa695.0
index 68fd619a62a8..dc215b21fff3 120000
--- a/test/rules/platform_certs/default/0f6fa695.0
+++ b/test/rules/platform_certs/default/0f6fa695.0
@@ -1 +1 @@
-cert131.pem
\ No newline at end of file
+cert116.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1001acf7.0 b/test/rules/platform_certs/default/1001acf7.0
new file mode 120000
index 000000000000..4cb45c9ec0e0
--- /dev/null
+++ b/test/rules/platform_certs/default/1001acf7.0
@@ -0,0 +1 @@
+cert126.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/10531352.0 b/test/rules/platform_certs/default/10531352.0
index 90c574c79ffc..0413f9be7825 120000
--- a/test/rules/platform_certs/default/10531352.0
+++ b/test/rules/platform_certs/default/10531352.0
@@ -1 +1 @@
-cert065.pem
\ No newline at end of file
+cert058.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/106f3e4d.0 b/test/rules/platform_certs/default/106f3e4d.0
index b87664a35dce..ecbee746f069 120000
--- a/test/rules/platform_certs/default/106f3e4d.0
+++ b/test/rules/platform_certs/default/106f3e4d.0
@@ -1 +1 @@
-cert109.pem
\ No newline at end of file
+cert101.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/116bf586.0 b/test/rules/platform_certs/default/116bf586.0
index f8a471e0b6e2..cf064caaea2f 120000
--- a/test/rules/platform_certs/default/116bf586.0
+++ b/test/rules/platform_certs/default/116bf586.0
@@ -1 +1 @@
-cert050.pem
\ No newline at end of file
+cert043.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/128805a3.0 b/test/rules/platform_certs/default/128805a3.0
index 62897b262628..3cae6c5e8d73 120000
--- a/test/rules/platform_certs/default/128805a3.0
+++ b/test/rules/platform_certs/default/128805a3.0
@@ -1 +1 @@
-cert080.pem
\ No newline at end of file
+cert073.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/12d55845.0 b/test/rules/platform_certs/default/12d55845.0
index 302405f29057..bae4f779ba1e 120000
--- a/test/rules/platform_certs/default/12d55845.0
+++ b/test/rules/platform_certs/default/12d55845.0
@@ -1 +1 @@
-cert028.pem
\ No newline at end of file
+cert024.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/14bc7599.0 b/test/rules/platform_certs/default/14bc7599.0
new file mode 120000
index 000000000000..ac3fdcd6aae6
--- /dev/null
+++ b/test/rules/platform_certs/default/14bc7599.0
@@ -0,0 +1 @@
+cert134.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1636090b.0 b/test/rules/platform_certs/default/1636090b.0
index 924725c67632..fd0b85b2c438 120000
--- a/test/rules/platform_certs/default/1636090b.0
+++ b/test/rules/platform_certs/default/1636090b.0
@@ -1 +1 @@
-cert074.pem
\ No newline at end of file
+cert067.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/17b51fe6.0 b/test/rules/platform_certs/default/17b51fe6.0
deleted file mode 120000
index 184c078f7fc0..000000000000
--- a/test/rules/platform_certs/default/17b51fe6.0
+++ /dev/null
@@ -1 +0,0 @@
-cert027.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/18856ac4.0 b/test/rules/platform_certs/default/18856ac4.0
index 04e7d30f51b2..a569193e45b9 120000
--- a/test/rules/platform_certs/default/18856ac4.0
+++ b/test/rules/platform_certs/default/18856ac4.0
@@ -1 +1 @@
-cert056.pem
\ No newline at end of file
+cert049.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1d3472b9.0 b/test/rules/platform_certs/default/1d3472b9.0
index 412847d766b1..8e9e075e0404 120000
--- a/test/rules/platform_certs/default/1d3472b9.0
+++ b/test/rules/platform_certs/default/1d3472b9.0
@@ -1 +1 @@
-cert103.pem
\ No newline at end of file
+cert095.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1dac3003.0 b/test/rules/platform_certs/default/1dac3003.0
deleted file mode 120000
index b71513fe981a..000000000000
--- a/test/rules/platform_certs/default/1dac3003.0
+++ /dev/null
@@ -1 +0,0 @@
-cert029.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1dcd6f4c.0 b/test/rules/platform_certs/default/1dcd6f4c.0
index 5ba8f65d5e5e..73fc246f6c27 120000
--- a/test/rules/platform_certs/default/1dcd6f4c.0
+++ b/test/rules/platform_certs/default/1dcd6f4c.0
@@ -1 +1 @@
-cert023.pem
\ No newline at end of file
+cert020.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1df5a75f.0 b/test/rules/platform_certs/default/1df5a75f.0
index 68c876e8ea1b..924725c67632 120000
--- a/test/rules/platform_certs/default/1df5a75f.0
+++ b/test/rules/platform_certs/default/1df5a75f.0
@@ -1 +1 @@
-cert081.pem
\ No newline at end of file
+cert074.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e08bfd1.0 b/test/rules/platform_certs/default/1e08bfd1.0
index ee2dc90a4912..14cb25329686 120000
--- a/test/rules/platform_certs/default/1e08bfd1.0
+++ b/test/rules/platform_certs/default/1e08bfd1.0
@@ -1 +1 @@
-cert107.pem
\ No newline at end of file
+cert099.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e09d511.0 b/test/rules/platform_certs/default/1e09d511.0
index 125e20d7689f..68c876e8ea1b 120000
--- a/test/rules/platform_certs/default/1e09d511.0
+++ b/test/rules/platform_certs/default/1e09d511.0
@@ -1 +1 @@
-cert089.pem
\ No newline at end of file
+cert081.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e1eab7c.0 b/test/rules/platform_certs/default/1e1eab7c.0
index b4ef283ffd60..590f09763ca0 120000
--- a/test/rules/platform_certs/default/1e1eab7c.0
+++ b/test/rules/platform_certs/default/1e1eab7c.0
@@ -1 +1 @@
-cert079.pem
\ No newline at end of file
+cert072.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1e8e7201.0 b/test/rules/platform_certs/default/1e8e7201.0
index 0413f9be7825..07df9b5eca3e 120000
--- a/test/rules/platform_certs/default/1e8e7201.0
+++ b/test/rules/platform_certs/default/1e8e7201.0
@@ -1 +1 @@
-cert058.pem
\ No newline at end of file
+cert051.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1eb37bdf.0 b/test/rules/platform_certs/default/1eb37bdf.0
index 78c8c289bffe..14745ca2234d 120000
--- a/test/rules/platform_certs/default/1eb37bdf.0
+++ b/test/rules/platform_certs/default/1eb37bdf.0
@@ -1 +1 @@
-cert061.pem
\ No newline at end of file
+cert054.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/1f58a078.0 b/test/rules/platform_certs/default/1f58a078.0
index 4d799e74ef9e..b81347e699c8 120000
--- a/test/rules/platform_certs/default/1f58a078.0
+++ b/test/rules/platform_certs/default/1f58a078.0
@@ -1 +1 @@
-cert092.pem
\ No newline at end of file
+cert084.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/21855f49.0 b/test/rules/platform_certs/default/21855f49.0
deleted file mode 120000
index 5d47613f1135..000000000000
--- a/test/rules/platform_certs/default/21855f49.0
+++ /dev/null
@@ -1 +0,0 @@
-cert083.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/219d9499.0 b/test/rules/platform_certs/default/219d9499.0
index 1a4e06971594..a5914a9ae27a 120000
--- a/test/rules/platform_certs/default/219d9499.0
+++ b/test/rules/platform_certs/default/219d9499.0
@@ -1 +1 @@
-cert021.pem
\ No newline at end of file
+cert018.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/23f4c490.0 b/test/rules/platform_certs/default/23f4c490.0
index cb763a0db33c..6d3afc9f7b75 120000
--- a/test/rules/platform_certs/default/23f4c490.0
+++ b/test/rules/platform_certs/default/23f4c490.0
@@ -1 +1 @@
-cert022.pem
\ No newline at end of file
+cert019.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/244b5494.0 b/test/rules/platform_certs/default/244b5494.0
index 3b6c44b909cc..5ba8f65d5e5e 120000
--- a/test/rules/platform_certs/default/244b5494.0
+++ b/test/rules/platform_certs/default/244b5494.0
@@ -1 +1 @@
-cert026.pem
\ No newline at end of file
+cert023.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/27af790d.0 b/test/rules/platform_certs/default/27af790d.0
index f8a471e0b6e2..cf064caaea2f 120000
--- a/test/rules/platform_certs/default/27af790d.0
+++ b/test/rules/platform_certs/default/27af790d.0
@@ -1 +1 @@
-cert050.pem
\ No newline at end of file
+cert043.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2923b3f9.0 b/test/rules/platform_certs/default/2923b3f9.0
new file mode 120000
index 000000000000..fe08ce674247
--- /dev/null
+++ b/test/rules/platform_certs/default/2923b3f9.0
@@ -0,0 +1 @@
+cert133.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2add47b6.0 b/test/rules/platform_certs/default/2add47b6.0
index 412847d766b1..8e9e075e0404 120000
--- a/test/rules/platform_certs/default/2add47b6.0
+++ b/test/rules/platform_certs/default/2add47b6.0
@@ -1 +1 @@
-cert103.pem
\ No newline at end of file
+cert095.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2ae6433e.0 b/test/rules/platform_certs/default/2ae6433e.0
index b81347e699c8..dcfdea4695e9 120000
--- a/test/rules/platform_certs/default/2ae6433e.0
+++ b/test/rules/platform_certs/default/2ae6433e.0
@@ -1 +1 @@
-cert084.pem
\ No newline at end of file
+cert076.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2b349938.0 b/test/rules/platform_certs/default/2b349938.0
index 5b97615af165..fa7fca3f2ea3 120000
--- a/test/rules/platform_certs/default/2b349938.0
+++ b/test/rules/platform_certs/default/2b349938.0
@@ -1 +1 @@
-cert066.pem
\ No newline at end of file
+cert059.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2c11d503.0 b/test/rules/platform_certs/default/2c11d503.0
deleted file mode 120000
index d358a74650d5..000000000000
--- a/test/rules/platform_certs/default/2c11d503.0
+++ /dev/null
@@ -1 +0,0 @@
-cert122.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2d9dafe4.0 b/test/rules/platform_certs/default/2d9dafe4.0
index 6c367fd21202..234aa2b2c2cc 120000
--- a/test/rules/platform_certs/default/2d9dafe4.0
+++ b/test/rules/platform_certs/default/2d9dafe4.0
@@ -1 +1 @@
-cert078.pem
\ No newline at end of file
+cert071.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2e4eed3c.0 b/test/rules/platform_certs/default/2e4eed3c.0
index 2089bf3e0005..302405f29057 120000
--- a/test/rules/platform_certs/default/2e4eed3c.0
+++ b/test/rules/platform_certs/default/2e4eed3c.0
@@ -1 +1 @@
-cert033.pem
\ No newline at end of file
+cert028.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2e5ac55d.0 b/test/rules/platform_certs/default/2e5ac55d.0
index 302405f29057..bae4f779ba1e 120000
--- a/test/rules/platform_certs/default/2e5ac55d.0
+++ b/test/rules/platform_certs/default/2e5ac55d.0
@@ -1 +1 @@
-cert028.pem
\ No newline at end of file
+cert024.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/2fa87019.0 b/test/rules/platform_certs/default/2fa87019.0
index 00871c6d7da0..2089bf3e0005 120000
--- a/test/rules/platform_certs/default/2fa87019.0
+++ b/test/rules/platform_certs/default/2fa87019.0
@@ -1 +1 @@
-cert038.pem
\ No newline at end of file
+cert033.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/302904dd.0 b/test/rules/platform_certs/default/302904dd.0
new file mode 120000
index 000000000000..bbce6c435741
--- /dev/null
+++ b/test/rules/platform_certs/default/302904dd.0
@@ -0,0 +1 @@
+cert132.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/304d27c3.0 b/test/rules/platform_certs/default/304d27c3.0
new file mode 120000
index 000000000000..3b86526d9425
--- /dev/null
+++ b/test/rules/platform_certs/default/304d27c3.0
@@ -0,0 +1 @@
+cert130.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/31188b5e.0 b/test/rules/platform_certs/default/31188b5e.0
index 3b86526d9425..d3d34182b0b4 120000
--- a/test/rules/platform_certs/default/31188b5e.0
+++ b/test/rules/platform_certs/default/31188b5e.0
@@ -1 +1 @@
-cert130.pem
\ No newline at end of file
+cert115.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/32888f65.0 b/test/rules/platform_certs/default/32888f65.0
index dc215b21fff3..ad1a2c9e4e96 120000
--- a/test/rules/platform_certs/default/32888f65.0
+++ b/test/rules/platform_certs/default/32888f65.0
@@ -1 +1 @@
-cert116.pem
\ No newline at end of file
+cert106.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/33ee480d.0 b/test/rules/platform_certs/default/33ee480d.0
index c64998b14fa3..498662811fe8 120000
--- a/test/rules/platform_certs/default/33ee480d.0
+++ b/test/rules/platform_certs/default/33ee480d.0
@@ -1 +1 @@
-cert135.pem
\ No newline at end of file
+cert120.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/343eb6cb.0 b/test/rules/platform_certs/default/343eb6cb.0
index f70c743200ef..565938c977ad 120000
--- a/test/rules/platform_certs/default/343eb6cb.0
+++ b/test/rules/platform_certs/default/343eb6cb.0
@@ -1 +1 @@
-cert044.pem
\ No newline at end of file
+cert037.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/349f2832.0 b/test/rules/platform_certs/default/349f2832.0
index 3cae6c5e8d73..5b97615af165 120000
--- a/test/rules/platform_certs/default/349f2832.0
+++ b/test/rules/platform_certs/default/349f2832.0
@@ -1 +1 @@
-cert073.pem
\ No newline at end of file
+cert066.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/35105088.0 b/test/rules/platform_certs/default/35105088.0
index 62f8be0348c9..4d799e74ef9e 120000
--- a/test/rules/platform_certs/default/35105088.0
+++ b/test/rules/platform_certs/default/35105088.0
@@ -1 +1 @@
-cert100.pem
\ No newline at end of file
+cert092.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3513523f.0 b/test/rules/platform_certs/default/3513523f.0
index e71a9e353763..cb763a0db33c 120000
--- a/test/rules/platform_certs/default/3513523f.0
+++ b/test/rules/platform_certs/default/3513523f.0
@@ -1 +1 @@
-cert025.pem
\ No newline at end of file
+cert022.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3929ec9f.0 b/test/rules/platform_certs/default/3929ec9f.0
deleted file mode 120000
index fbeb5ff12554..000000000000
--- a/test/rules/platform_certs/default/3929ec9f.0
+++ /dev/null
@@ -1 +0,0 @@
-cert121.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/399e7759.0 b/test/rules/platform_certs/default/399e7759.0
index e71a9e353763..cb763a0db33c 120000
--- a/test/rules/platform_certs/default/399e7759.0
+++ b/test/rules/platform_certs/default/399e7759.0
@@ -1 +1 @@
-cert025.pem
\ No newline at end of file
+cert022.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3a3b02ce.0 b/test/rules/platform_certs/default/3a3b02ce.0
index 2f975bd5f8dc..dfc09b96e7a1 120000
--- a/test/rules/platform_certs/default/3a3b02ce.0
+++ b/test/rules/platform_certs/default/3a3b02ce.0
@@ -1 +1 @@
-cert041.pem
\ No newline at end of file
+cert035.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3bde41ac.0 b/test/rules/platform_certs/default/3bde41ac.0
index fa7fca3f2ea3..caeacfb82a92 120000
--- a/test/rules/platform_certs/default/3bde41ac.0
+++ b/test/rules/platform_certs/default/3bde41ac.0
@@ -1 +1 @@
-cert059.pem
\ No newline at end of file
+cert052.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c6676aa.0 b/test/rules/platform_certs/default/3c6676aa.0
index 2d41f6757f8c..fecfe84b3ea3 120000
--- a/test/rules/platform_certs/default/3c6676aa.0
+++ b/test/rules/platform_certs/default/3c6676aa.0
@@ -1 +1 @@
-cert105.pem
\ No newline at end of file
+cert097.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c860d51.0 b/test/rules/platform_certs/default/3c860d51.0
index 997960c9a6fd..e71a9e353763 120000
--- a/test/rules/platform_certs/default/3c860d51.0
+++ b/test/rules/platform_certs/default/3c860d51.0
@@ -1 +1 @@
-cert030.pem
\ No newline at end of file
+cert025.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c899c73.0 b/test/rules/platform_certs/default/3c899c73.0
new file mode 120000
index 000000000000..be63f53484ff
--- /dev/null
+++ b/test/rules/platform_certs/default/3c899c73.0
@@ -0,0 +1 @@
+cert125.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3c9a4d3b.0 b/test/rules/platform_certs/default/3c9a4d3b.0
index b03c490c2905..31b630c7c1ed 120000
--- a/test/rules/platform_certs/default/3c9a4d3b.0
+++ b/test/rules/platform_certs/default/3c9a4d3b.0
@@ -1 +1 @@
-cert085.pem
\ No newline at end of file
+cert077.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3d441de8.0 b/test/rules/platform_certs/default/3d441de8.0
index 14745ca2234d..91faf4e1386e 120000
--- a/test/rules/platform_certs/default/3d441de8.0
+++ b/test/rules/platform_certs/default/3d441de8.0
@@ -1 +1 @@
-cert054.pem
\ No newline at end of file
+cert047.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3e44d2f7.0 b/test/rules/platform_certs/default/3e44d2f7.0
index fe08ce674247..09d377c2dbdf 120000
--- a/test/rules/platform_certs/default/3e44d2f7.0
+++ b/test/rules/platform_certs/default/3e44d2f7.0
@@ -1 +1 @@
-cert133.pem
\ No newline at end of file
+cert118.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/3e45d192.0 b/test/rules/platform_certs/default/3e45d192.0
index 426310756475..48214313f446 120000
--- a/test/rules/platform_certs/default/3e45d192.0
+++ b/test/rules/platform_certs/default/3e45d192.0
@@ -1 +1 @@
-cert055.pem
\ No newline at end of file
+cert048.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/40193066.0 b/test/rules/platform_certs/default/40193066.0
index d3d34182b0b4..2d41f6757f8c 120000
--- a/test/rules/platform_certs/default/40193066.0
+++ b/test/rules/platform_certs/default/40193066.0
@@ -1 +1 @@
-cert115.pem
\ No newline at end of file
+cert105.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4042bcee.0 b/test/rules/platform_certs/default/4042bcee.0
index 8e03fa2ac01b..b07ab0a7620c 120000
--- a/test/rules/platform_certs/default/4042bcee.0
+++ b/test/rules/platform_certs/default/4042bcee.0
@@ -1 +1 @@
-cert123.pem
\ No newline at end of file
+cert108.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/40547a79.0 b/test/rules/platform_certs/default/40547a79.0
index 565938c977ad..94b886e2cf5d 120000
--- a/test/rules/platform_certs/default/40547a79.0
+++ b/test/rules/platform_certs/default/40547a79.0
@@ -1 +1 @@
-cert037.pem
\ No newline at end of file
+cert032.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/406c9bb1.0 b/test/rules/platform_certs/default/406c9bb1.0
new file mode 120000
index 000000000000..c64998b14fa3
--- /dev/null
+++ b/test/rules/platform_certs/default/406c9bb1.0
@@ -0,0 +1 @@
+cert135.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/40dc992e.0 b/test/rules/platform_certs/default/40dc992e.0
index 924725c67632..fd0b85b2c438 120000
--- a/test/rules/platform_certs/default/40dc992e.0
+++ b/test/rules/platform_certs/default/40dc992e.0
@@ -1 +1 @@
-cert074.pem
\ No newline at end of file
+cert067.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4304c5e5.0 b/test/rules/platform_certs/default/4304c5e5.0
index 00871c6d7da0..2089bf3e0005 120000
--- a/test/rules/platform_certs/default/4304c5e5.0
+++ b/test/rules/platform_certs/default/4304c5e5.0
@@ -1 +1 @@
-cert038.pem
\ No newline at end of file
+cert033.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/451b5485.0 b/test/rules/platform_certs/default/451b5485.0
deleted file mode 120000
index 5b20fc4c4385..000000000000
--- a/test/rules/platform_certs/default/451b5485.0
+++ /dev/null
@@ -1 +0,0 @@
-cert119.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/455f1b52.0 b/test/rules/platform_certs/default/455f1b52.0
index b07ab0a7620c..62f8be0348c9 120000
--- a/test/rules/platform_certs/default/455f1b52.0
+++ b/test/rules/platform_certs/default/455f1b52.0
@@ -1 +1 @@
-cert108.pem
\ No newline at end of file
+cert100.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/480720ec.0 b/test/rules/platform_certs/default/480720ec.0
index 94b886e2cf5d..184c078f7fc0 120000
--- a/test/rules/platform_certs/default/480720ec.0
+++ b/test/rules/platform_certs/default/480720ec.0
@@ -1 +1 @@
-cert032.pem
\ No newline at end of file
+cert027.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/48a195d8.0 b/test/rules/platform_certs/default/48a195d8.0
index d521e6e25fa9..4509178e43b6 120000
--- a/test/rules/platform_certs/default/48a195d8.0
+++ b/test/rules/platform_certs/default/48a195d8.0
@@ -1 +1 @@
-cert060.pem
\ No newline at end of file
+cert053.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/48bec511.0 b/test/rules/platform_certs/default/48bec511.0
index fd8f34d766f4..eec3208f5839 120000
--- a/test/rules/platform_certs/default/48bec511.0
+++ b/test/rules/platform_certs/default/48bec511.0
@@ -1 +1 @@
-cert070.pem
\ No newline at end of file
+cert063.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4b718d9b.0 b/test/rules/platform_certs/default/4b718d9b.0
new file mode 120000
index 000000000000..2707f01ae817
--- /dev/null
+++ b/test/rules/platform_certs/default/4b718d9b.0
@@ -0,0 +1 @@
+cert136.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4be590e0.0 b/test/rules/platform_certs/default/4be590e0.0
index ee2dc90a4912..14cb25329686 120000
--- a/test/rules/platform_certs/default/4be590e0.0
+++ b/test/rules/platform_certs/default/4be590e0.0
@@ -1 +1 @@
-cert107.pem
\ No newline at end of file
+cert099.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4bfab552.0 b/test/rules/platform_certs/default/4bfab552.0
index 3c31427efb37..07968211a11f 120000
--- a/test/rules/platform_certs/default/4bfab552.0
+++ b/test/rules/platform_certs/default/4bfab552.0
@@ -1 +1 @@
-cert064.pem
\ No newline at end of file
+cert057.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4e18c148.0 b/test/rules/platform_certs/default/4e18c148.0
deleted file mode 120000
index cf064caaea2f..000000000000
--- a/test/rules/platform_certs/default/4e18c148.0
+++ /dev/null
@@ -1 +0,0 @@
-cert043.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/4f316efb.0 b/test/rules/platform_certs/default/4f316efb.0
index 997960c9a6fd..e71a9e353763 120000
--- a/test/rules/platform_certs/default/4f316efb.0
+++ b/test/rules/platform_certs/default/4f316efb.0
@@ -1 +1 @@
-cert030.pem
\ No newline at end of file
+cert025.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5046c355.0 b/test/rules/platform_certs/default/5046c355.0
index 98e1e5456f37..3b6c44b909cc 120000
--- a/test/rules/platform_certs/default/5046c355.0
+++ b/test/rules/platform_certs/default/5046c355.0
@@ -1 +1 @@
-cert031.pem
\ No newline at end of file
+cert026.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/524d9b43.0 b/test/rules/platform_certs/default/524d9b43.0
index 07df9b5eca3e..f70c743200ef 120000
--- a/test/rules/platform_certs/default/524d9b43.0
+++ b/test/rules/platform_certs/default/524d9b43.0
@@ -1 +1 @@
-cert051.pem
\ No newline at end of file
+cert044.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5273a94c.0 b/test/rules/platform_certs/default/5273a94c.0
index 20b6b56b9c5f..62897b262628 120000
--- a/test/rules/platform_certs/default/5273a94c.0
+++ b/test/rules/platform_certs/default/5273a94c.0
@@ -1 +1 @@
-cert088.pem
\ No newline at end of file
+cert080.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/52b525c7.0 b/test/rules/platform_certs/default/52b525c7.0
index 3f93be5f29e1..5d47613f1135 120000
--- a/test/rules/platform_certs/default/52b525c7.0
+++ b/test/rules/platform_certs/default/52b525c7.0
@@ -1 +1 @@
-cert091.pem
\ No newline at end of file
+cert083.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5443e9e3.0 b/test/rules/platform_certs/default/5443e9e3.0
index b4ef283ffd60..590f09763ca0 120000
--- a/test/rules/platform_certs/default/5443e9e3.0
+++ b/test/rules/platform_certs/default/5443e9e3.0
@@ -1 +1 @@
-cert079.pem
\ No newline at end of file
+cert072.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/54657681.0 b/test/rules/platform_certs/default/54657681.0
index 31b630c7c1ed..fd8f34d766f4 120000
--- a/test/rules/platform_certs/default/54657681.0
+++ b/test/rules/platform_certs/default/54657681.0
@@ -1 +1 @@
-cert077.pem
\ No newline at end of file
+cert070.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/559f7c71.0 b/test/rules/platform_certs/default/559f7c71.0
deleted file mode 120000
index d358a74650d5..000000000000
--- a/test/rules/platform_certs/default/559f7c71.0
+++ /dev/null
@@ -1 +0,0 @@
-cert122.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/57bcb2da.0 b/test/rules/platform_certs/default/57bcb2da.0
index 98e1e5456f37..3b6c44b909cc 120000
--- a/test/rules/platform_certs/default/57bcb2da.0
+++ b/test/rules/platform_certs/default/57bcb2da.0
@@ -1 +1 @@
-cert031.pem
\ No newline at end of file
+cert026.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/583d0756.0 b/test/rules/platform_certs/default/583d0756.0
index 2a40c649daa9..d358a74650d5 120000
--- a/test/rules/platform_certs/default/583d0756.0
+++ b/test/rules/platform_certs/default/583d0756.0
@@ -1 +1 @@
-cert137.pem
\ No newline at end of file
+cert122.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5a250ea7.0 b/test/rules/platform_certs/default/5a250ea7.0
index d59e7b0ac35d..aa04b7c3f5bf 120000
--- a/test/rules/platform_certs/default/5a250ea7.0
+++ b/test/rules/platform_certs/default/5a250ea7.0
@@ -1 +1 @@
-cert104.pem
\ No newline at end of file
+cert096.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5a3f0ff8.0 b/test/rules/platform_certs/default/5a3f0ff8.0
index 565938c977ad..94b886e2cf5d 120000
--- a/test/rules/platform_certs/default/5a3f0ff8.0
+++ b/test/rules/platform_certs/default/5a3f0ff8.0
@@ -1 +1 @@
-cert037.pem
\ No newline at end of file
+cert032.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5a4d6896.0 b/test/rules/platform_certs/default/5a4d6896.0
index d59e7b0ac35d..aa04b7c3f5bf 120000
--- a/test/rules/platform_certs/default/5a4d6896.0
+++ b/test/rules/platform_certs/default/5a4d6896.0
@@ -1 +1 @@
-cert104.pem
\ No newline at end of file
+cert096.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5acf816d.0 b/test/rules/platform_certs/default/5acf816d.0
new file mode 120000
index 000000000000..b293d2f9656d
--- /dev/null
+++ b/test/rules/platform_certs/default/5acf816d.0
@@ -0,0 +1 @@
+cert129.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5c44d531.0 b/test/rules/platform_certs/default/5c44d531.0
index 14745ca2234d..91faf4e1386e 120000
--- a/test/rules/platform_certs/default/5c44d531.0
+++ b/test/rules/platform_certs/default/5c44d531.0
@@ -1 +1 @@
-cert054.pem
\ No newline at end of file
+cert047.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5cd81ad7.0 b/test/rules/platform_certs/default/5cd81ad7.0
index f43f71de09a2..b4ef283ffd60 120000
--- a/test/rules/platform_certs/default/5cd81ad7.0
+++ b/test/rules/platform_certs/default/5cd81ad7.0
@@ -1 +1 @@
-cert087.pem
\ No newline at end of file
+cert079.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5cf9d536.0 b/test/rules/platform_certs/default/5cf9d536.0
index 9d25f0e60cb0..d752b5b008b5 120000
--- a/test/rules/platform_certs/default/5cf9d536.0
+++ b/test/rules/platform_certs/default/5cf9d536.0
@@ -1 +1 @@
-cert013.pem
\ No newline at end of file
+cert012.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5d3033c5.0 b/test/rules/platform_certs/default/5d3033c5.0
index bbce6c435741..3f7d7d6c2ac4 120000
--- a/test/rules/platform_certs/default/5d3033c5.0
+++ b/test/rules/platform_certs/default/5d3033c5.0
@@ -1 +1 @@
-cert132.pem
\ No newline at end of file
+cert117.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5e4e69e7.0 b/test/rules/platform_certs/default/5e4e69e7.0
index caeacfb82a92..a151a41100d0 120000
--- a/test/rules/platform_certs/default/5e4e69e7.0
+++ b/test/rules/platform_certs/default/5e4e69e7.0
@@ -1 +1 @@
-cert052.pem
\ No newline at end of file
+cert045.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5e98733a.0 b/test/rules/platform_certs/default/5e98733a.0
new file mode 120000
index 000000000000..b02322a14ba4
--- /dev/null
+++ b/test/rules/platform_certs/default/5e98733a.0
@@ -0,0 +1 @@
+cert138.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5f15c80c.0 b/test/rules/platform_certs/default/5f15c80c.0
index e5bfdc4fd316..6c367fd21202 120000
--- a/test/rules/platform_certs/default/5f15c80c.0
+++ b/test/rules/platform_certs/default/5f15c80c.0
@@ -1 +1 @@
-cert086.pem
\ No newline at end of file
+cert078.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/5f47b495.0 b/test/rules/platform_certs/default/5f47b495.0
index b6fe338c1eae..cd5cecffb316 120000
--- a/test/rules/platform_certs/default/5f47b495.0
+++ b/test/rules/platform_certs/default/5f47b495.0
@@ -1 +1 @@
-cert075.pem
\ No newline at end of file
+cert068.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/607986c7.0 b/test/rules/platform_certs/default/607986c7.0
index aa04b7c3f5bf..20b6b56b9c5f 120000
--- a/test/rules/platform_certs/default/607986c7.0
+++ b/test/rules/platform_certs/default/607986c7.0
@@ -1 +1 @@
-cert096.pem
\ No newline at end of file
+cert088.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/608a55ad.0 b/test/rules/platform_certs/default/608a55ad.0
deleted file mode 120000
index fbeb5ff12554..000000000000
--- a/test/rules/platform_certs/default/608a55ad.0
+++ /dev/null
@@ -1 +0,0 @@
-cert121.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/60afe812.0 b/test/rules/platform_certs/default/60afe812.0
index 4509178e43b6..ad82a9029e39 120000
--- a/test/rules/platform_certs/default/60afe812.0
+++ b/test/rules/platform_certs/default/60afe812.0
@@ -1 +1 @@
-cert053.pem
\ No newline at end of file
+cert046.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6187b673.0 b/test/rules/platform_certs/default/6187b673.0
index 8e03fa2ac01b..b07ab0a7620c 120000
--- a/test/rules/platform_certs/default/6187b673.0
+++ b/test/rules/platform_certs/default/6187b673.0
@@ -1 +1 @@
-cert123.pem
\ No newline at end of file
+cert108.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/626dceaf.0 b/test/rules/platform_certs/default/626dceaf.0
new file mode 120000
index 000000000000..d5f16f42cfce
--- /dev/null
+++ b/test/rules/platform_certs/default/626dceaf.0
@@ -0,0 +1 @@
+cert127.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/63a2c897.0 b/test/rules/platform_certs/default/63a2c897.0
index f43f71de09a2..b4ef283ffd60 120000
--- a/test/rules/platform_certs/default/63a2c897.0
+++ b/test/rules/platform_certs/default/63a2c897.0
@@ -1 +1 @@
-cert087.pem
\ No newline at end of file
+cert079.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6410666e.0 b/test/rules/platform_certs/default/6410666e.0
index 5ba8f65d5e5e..73fc246f6c27 120000
--- a/test/rules/platform_certs/default/6410666e.0
+++ b/test/rules/platform_certs/default/6410666e.0
@@ -1 +1 @@
-cert023.pem
\ No newline at end of file
+cert020.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/67495436.0 b/test/rules/platform_certs/default/67495436.0
index a569193e45b9..214c9452624b 120000
--- a/test/rules/platform_certs/default/67495436.0
+++ b/test/rules/platform_certs/default/67495436.0
@@ -1 +1 @@
-cert049.pem
\ No newline at end of file
+cert042.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/68dd7389.0 b/test/rules/platform_certs/default/68dd7389.0
new file mode 120000
index 000000000000..2a40c649daa9
--- /dev/null
+++ b/test/rules/platform_certs/default/68dd7389.0
@@ -0,0 +1 @@
+cert137.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/69105f4f.0 b/test/rules/platform_certs/default/69105f4f.0
index bae4f779ba1e..1a4e06971594 120000
--- a/test/rules/platform_certs/default/69105f4f.0
+++ b/test/rules/platform_certs/default/69105f4f.0
@@ -1 +1 @@
-cert024.pem
\ No newline at end of file
+cert021.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6b03dec0.0 b/test/rules/platform_certs/default/6b03dec0.0
new file mode 120000
index 000000000000..158192fc7dde
--- /dev/null
+++ b/test/rules/platform_certs/default/6b03dec0.0
@@ -0,0 +1 @@
+cert128.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6d41d539.0 b/test/rules/platform_certs/default/6d41d539.0
index 4cb45c9ec0e0..f79cc53a1883 120000
--- a/test/rules/platform_certs/default/6d41d539.0
+++ b/test/rules/platform_certs/default/6d41d539.0
@@ -1 +1 @@
-cert126.pem
\ No newline at end of file
+cert111.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6fa5da56.0 b/test/rules/platform_certs/default/6fa5da56.0
index c64998b14fa3..498662811fe8 120000
--- a/test/rules/platform_certs/default/6fa5da56.0
+++ b/test/rules/platform_certs/default/6fa5da56.0
@@ -1 +1 @@
-cert135.pem
\ No newline at end of file
+cert120.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/6fcc125d.0 b/test/rules/platform_certs/default/6fcc125d.0
deleted file mode 120000
index f3d65f9515d0..000000000000
--- a/test/rules/platform_certs/default/6fcc125d.0
+++ /dev/null
@@ -1 +0,0 @@
-cert011.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/706f604c.0 b/test/rules/platform_certs/default/706f604c.0
index 73fc246f6c27..5717d782c0b8 120000
--- a/test/rules/platform_certs/default/706f604c.0
+++ b/test/rules/platform_certs/default/706f604c.0
@@ -1 +1 @@
-cert020.pem
\ No newline at end of file
+cert017.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/749e9e03.0 b/test/rules/platform_certs/default/749e9e03.0
index 3f93be5f29e1..5d47613f1135 120000
--- a/test/rules/platform_certs/default/749e9e03.0
+++ b/test/rules/platform_certs/default/749e9e03.0
@@ -1 +1 @@
-cert091.pem
\ No newline at end of file
+cert083.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/75680d2e.0 b/test/rules/platform_certs/default/75680d2e.0
index d752b5b008b5..f3d65f9515d0 120000
--- a/test/rules/platform_certs/default/75680d2e.0
+++ b/test/rules/platform_certs/default/75680d2e.0
@@ -1 +1 @@
-cert012.pem
\ No newline at end of file
+cert011.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/75d1b2ed.0 b/test/rules/platform_certs/default/75d1b2ed.0
index d30fd61516a0..5d5f80e33054 120000
--- a/test/rules/platform_certs/default/75d1b2ed.0
+++ b/test/rules/platform_certs/default/75d1b2ed.0
@@ -1 +1 @@
-cert098.pem
\ No newline at end of file
+cert090.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/76579174.0 b/test/rules/platform_certs/default/76579174.0
index 73fc246f6c27..5717d782c0b8 120000
--- a/test/rules/platform_certs/default/76579174.0
+++ b/test/rules/platform_certs/default/76579174.0
@@ -1 +1 @@
-cert020.pem
\ No newline at end of file
+cert017.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/76cb8f92.0 b/test/rules/platform_certs/default/76cb8f92.0
index f70c743200ef..565938c977ad 120000
--- a/test/rules/platform_certs/default/76cb8f92.0
+++ b/test/rules/platform_certs/default/76cb8f92.0
@@ -1 +1 @@
-cert044.pem
\ No newline at end of file
+cert037.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/76faf6c0.0 b/test/rules/platform_certs/default/76faf6c0.0
index 6b9e3cee1364..be14627b585c 120000
--- a/test/rules/platform_certs/default/76faf6c0.0
+++ b/test/rules/platform_certs/default/76faf6c0.0
@@ -1 +1 @@
-cert015.pem
\ No newline at end of file
+cert014.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7719f463.0 b/test/rules/platform_certs/default/7719f463.0
index 3f7d7d6c2ac4..ee2dc90a4912 120000
--- a/test/rules/platform_certs/default/7719f463.0
+++ b/test/rules/platform_certs/default/7719f463.0
@@ -1 +1 @@
-cert117.pem
\ No newline at end of file
+cert107.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/773e07ad.0 b/test/rules/platform_certs/default/773e07ad.0
new file mode 120000
index 000000000000..be63f53484ff
--- /dev/null
+++ b/test/rules/platform_certs/default/773e07ad.0
@@ -0,0 +1 @@
+cert125.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7892ad52.0 b/test/rules/platform_certs/default/7892ad52.0
index b02322a14ba4..8e03fa2ac01b 120000
--- a/test/rules/platform_certs/default/7892ad52.0
+++ b/test/rules/platform_certs/default/7892ad52.0
@@ -1 +1 @@
-cert138.pem
\ No newline at end of file
+cert123.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/790a7190.0 b/test/rules/platform_certs/default/790a7190.0
deleted file mode 120000
index b71513fe981a..000000000000
--- a/test/rules/platform_certs/default/790a7190.0
+++ /dev/null
@@ -1 +0,0 @@
-cert029.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7992b8bb.0 b/test/rules/platform_certs/default/7992b8bb.0
deleted file mode 120000
index f79cc53a1883..000000000000
--- a/test/rules/platform_certs/default/7992b8bb.0
+++ /dev/null
@@ -1 +0,0 @@
-cert111.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7a7c655d.0 b/test/rules/platform_certs/default/7a7c655d.0
index d5f16f42cfce..4e69bf016efd 120000
--- a/test/rules/platform_certs/default/7a7c655d.0
+++ b/test/rules/platform_certs/default/7a7c655d.0
@@ -1 +1 @@
-cert127.pem
\ No newline at end of file
+cert112.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7a819ef2.0 b/test/rules/platform_certs/default/7a819ef2.0
index be14627b585c..9d25f0e60cb0 120000
--- a/test/rules/platform_certs/default/7a819ef2.0
+++ b/test/rules/platform_certs/default/7a819ef2.0
@@ -1 +1 @@
-cert014.pem
\ No newline at end of file
+cert013.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7aaf71c0.0 b/test/rules/platform_certs/default/7aaf71c0.0
index ac3fdcd6aae6..5b20fc4c4385 120000
--- a/test/rules/platform_certs/default/7aaf71c0.0
+++ b/test/rules/platform_certs/default/7aaf71c0.0
@@ -1 +1 @@
-cert134.pem
\ No newline at end of file
+cert119.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7c302982.0 b/test/rules/platform_certs/default/7c302982.0
index bbce6c435741..3f7d7d6c2ac4 120000
--- a/test/rules/platform_certs/default/7c302982.0
+++ b/test/rules/platform_certs/default/7c302982.0
@@ -1 +1 @@
-cert132.pem
\ No newline at end of file
+cert117.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7d0b38bd.0 b/test/rules/platform_certs/default/7d0b38bd.0
index caeacfb82a92..a151a41100d0 120000
--- a/test/rules/platform_certs/default/7d0b38bd.0
+++ b/test/rules/platform_certs/default/7d0b38bd.0
@@ -1 +1 @@
-cert052.pem
\ No newline at end of file
+cert045.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/7f3d5d1d.0 b/test/rules/platform_certs/default/7f3d5d1d.0
index 8e9e075e0404..f43f71de09a2 120000
--- a/test/rules/platform_certs/default/7f3d5d1d.0
+++ b/test/rules/platform_certs/default/7f3d5d1d.0
@@ -1 +1 @@
-cert095.pem
\ No newline at end of file
+cert087.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/812e17de.0 b/test/rules/platform_certs/default/812e17de.0
deleted file mode 120000
index cf064caaea2f..000000000000
--- a/test/rules/platform_certs/default/812e17de.0
+++ /dev/null
@@ -1 +0,0 @@
-cert043.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8160b96c.0 b/test/rules/platform_certs/default/8160b96c.0
index 07968211a11f..f8a471e0b6e2 120000
--- a/test/rules/platform_certs/default/8160b96c.0
+++ b/test/rules/platform_certs/default/8160b96c.0
@@ -1 +1 @@
-cert057.pem
\ No newline at end of file
+cert050.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/81b9768f.0 b/test/rules/platform_certs/default/81b9768f.0
index 3b6c44b909cc..5ba8f65d5e5e 120000
--- a/test/rules/platform_certs/default/81b9768f.0
+++ b/test/rules/platform_certs/default/81b9768f.0
@@ -1 +1 @@
-cert026.pem
\ No newline at end of file
+cert023.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/82223c44.0 b/test/rules/platform_certs/default/82223c44.0
index 31b630c7c1ed..fd8f34d766f4 120000
--- a/test/rules/platform_certs/default/82223c44.0
+++ b/test/rules/platform_certs/default/82223c44.0
@@ -1 +1 @@
-cert077.pem
\ No newline at end of file
+cert070.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/85cde254.0 b/test/rules/platform_certs/default/85cde254.0
index 3c31427efb37..07968211a11f 120000
--- a/test/rules/platform_certs/default/85cde254.0
+++ b/test/rules/platform_certs/default/85cde254.0
@@ -1 +1 @@
-cert064.pem
\ No newline at end of file
+cert057.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/86212b19.0 b/test/rules/platform_certs/default/86212b19.0
index fd0b85b2c438..d521e6e25fa9 120000
--- a/test/rules/platform_certs/default/86212b19.0
+++ b/test/rules/platform_certs/default/86212b19.0
@@ -1 +1 @@
-cert067.pem
\ No newline at end of file
+cert060.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/869fbf79.0 b/test/rules/platform_certs/default/869fbf79.0
new file mode 120000
index 000000000000..2707f01ae817
--- /dev/null
+++ b/test/rules/platform_certs/default/869fbf79.0
@@ -0,0 +1 @@
+cert136.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/87229d21.0 b/test/rules/platform_certs/default/87229d21.0
deleted file mode 120000
index 498662811fe8..000000000000
--- a/test/rules/platform_certs/default/87229d21.0
+++ /dev/null
@@ -1 +0,0 @@
-cert120.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/882de061.0 b/test/rules/platform_certs/default/882de061.0
index ad82a9029e39..d0902e3730e9 120000
--- a/test/rules/platform_certs/default/882de061.0
+++ b/test/rules/platform_certs/default/882de061.0
@@ -1 +1 @@
-cert046.pem
\ No newline at end of file
+cert039.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/88950faa.0 b/test/rules/platform_certs/default/88950faa.0
index 2707f01ae817..fbeb5ff12554 120000
--- a/test/rules/platform_certs/default/88950faa.0
+++ b/test/rules/platform_certs/default/88950faa.0
@@ -1 +1 @@
-cert136.pem
\ No newline at end of file
+cert121.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/89c02a45.0 b/test/rules/platform_certs/default/89c02a45.0
index d0902e3730e9..cc53c2682802 120000
--- a/test/rules/platform_certs/default/89c02a45.0
+++ b/test/rules/platform_certs/default/89c02a45.0
@@ -1 +1 @@
-cert039.pem
\ No newline at end of file
+cert034.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8cb5ee0f.0 b/test/rules/platform_certs/default/8cb5ee0f.0
index d5f16f42cfce..4e69bf016efd 120000
--- a/test/rules/platform_certs/default/8cb5ee0f.0
+++ b/test/rules/platform_certs/default/8cb5ee0f.0
@@ -1 +1 @@
-cert127.pem
\ No newline at end of file
+cert112.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8d6437c3.0 b/test/rules/platform_certs/default/8d6437c3.0
index 6d6bdec5e46b..e5bfdc4fd316 120000
--- a/test/rules/platform_certs/default/8d6437c3.0
+++ b/test/rules/platform_certs/default/8d6437c3.0
@@ -1 +1 @@
-cert094.pem
\ No newline at end of file
+cert086.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/8d86cdd1.0 b/test/rules/platform_certs/default/8d86cdd1.0
index ad82a9029e39..d0902e3730e9 120000
--- a/test/rules/platform_certs/default/8d86cdd1.0
+++ b/test/rules/platform_certs/default/8d86cdd1.0
@@ -1 +1 @@
-cert046.pem
\ No newline at end of file
+cert039.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9007ae68.0 b/test/rules/platform_certs/default/9007ae68.0
deleted file mode 120000
index 5d47613f1135..000000000000
--- a/test/rules/platform_certs/default/9007ae68.0
+++ /dev/null
@@ -1 +0,0 @@
-cert083.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9168f543.0 b/test/rules/platform_certs/default/9168f543.0
deleted file mode 120000
index 09d377c2dbdf..000000000000
--- a/test/rules/platform_certs/default/9168f543.0
+++ /dev/null
@@ -1 +0,0 @@
-cert118.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/91739615.0 b/test/rules/platform_certs/default/91739615.0
index 62897b262628..3cae6c5e8d73 120000
--- a/test/rules/platform_certs/default/91739615.0
+++ b/test/rules/platform_certs/default/91739615.0
@@ -1 +1 @@
-cert080.pem
\ No newline at end of file
+cert073.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9282e51c.0 b/test/rules/platform_certs/default/9282e51c.0
index 819e00043983..92d55d0abb91 120000
--- a/test/rules/platform_certs/default/9282e51c.0
+++ b/test/rules/platform_certs/default/9282e51c.0
@@ -1 +1 @@
-cert110.pem
\ No newline at end of file
+cert102.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/930ac5d2.0 b/test/rules/platform_certs/default/930ac5d2.0
index b6fe338c1eae..cd5cecffb316 120000
--- a/test/rules/platform_certs/default/930ac5d2.0
+++ b/test/rules/platform_certs/default/930ac5d2.0
@@ -1 +1 @@
-cert075.pem
\ No newline at end of file
+cert068.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9339512a.0 b/test/rules/platform_certs/default/9339512a.0
index 6b9e3cee1364..be14627b585c 120000
--- a/test/rules/platform_certs/default/9339512a.0
+++ b/test/rules/platform_certs/default/9339512a.0
@@ -1 +1 @@
-cert015.pem
\ No newline at end of file
+cert014.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/93bc0acc.0 b/test/rules/platform_certs/default/93bc0acc.0
index fd0b85b2c438..d521e6e25fa9 120000
--- a/test/rules/platform_certs/default/93bc0acc.0
+++ b/test/rules/platform_certs/default/93bc0acc.0
@@ -1 +1 @@
-cert067.pem
\ No newline at end of file
+cert060.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9479c8c3.0 b/test/rules/platform_certs/default/9479c8c3.0
index 3f7d7d6c2ac4..ee2dc90a4912 120000
--- a/test/rules/platform_certs/default/9479c8c3.0
+++ b/test/rules/platform_certs/default/9479c8c3.0
@@ -1 +1 @@
-cert117.pem
\ No newline at end of file
+cert107.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9576d26b.0 b/test/rules/platform_certs/default/9576d26b.0
index b81347e699c8..dcfdea4695e9 120000
--- a/test/rules/platform_certs/default/9576d26b.0
+++ b/test/rules/platform_certs/default/9576d26b.0
@@ -1 +1 @@
-cert084.pem
\ No newline at end of file
+cert076.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/95aff9e3.0 b/test/rules/platform_certs/default/95aff9e3.0
index fd8f34d766f4..eec3208f5839 120000
--- a/test/rules/platform_certs/default/95aff9e3.0
+++ b/test/rules/platform_certs/default/95aff9e3.0
@@ -1 +1 @@
-cert070.pem
\ No newline at end of file
+cert063.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9685a493.0 b/test/rules/platform_certs/default/9685a493.0
index 426310756475..48214313f446 120000
--- a/test/rules/platform_certs/default/9685a493.0
+++ b/test/rules/platform_certs/default/9685a493.0
@@ -1 +1 @@
-cert055.pem
\ No newline at end of file
+cert048.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9772ca32.0 b/test/rules/platform_certs/default/9772ca32.0
index 94b886e2cf5d..184c078f7fc0 120000
--- a/test/rules/platform_certs/default/9772ca32.0
+++ b/test/rules/platform_certs/default/9772ca32.0
@@ -1 +1 @@
-cert032.pem
\ No newline at end of file
+cert027.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/985c1f52.0 b/test/rules/platform_certs/default/985c1f52.0
new file mode 120000
index 000000000000..4d3818fc7c3e
--- /dev/null
+++ b/test/rules/platform_certs/default/985c1f52.0
@@ -0,0 +1 @@
+cert124.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/988a38cb.0 b/test/rules/platform_certs/default/988a38cb.0
index 4509178e43b6..ad82a9029e39 120000
--- a/test/rules/platform_certs/default/988a38cb.0
+++ b/test/rules/platform_certs/default/988a38cb.0
@@ -1 +1 @@
-cert053.pem
\ No newline at end of file
+cert046.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9c2e7d30.0 b/test/rules/platform_certs/default/9c2e7d30.0
index 5717d782c0b8..80f821db43c6 120000
--- a/test/rules/platform_certs/default/9c2e7d30.0
+++ b/test/rules/platform_certs/default/9c2e7d30.0
@@ -1 +1 @@
-cert017.pem
\ No newline at end of file
+cert016.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9c3323d4.0 b/test/rules/platform_certs/default/9c3323d4.0
deleted file mode 120000
index 498662811fe8..000000000000
--- a/test/rules/platform_certs/default/9c3323d4.0
+++ /dev/null
@@ -1 +0,0 @@
-cert120.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9c8dfbd4.0 b/test/rules/platform_certs/default/9c8dfbd4.0
index 077461e29492..089e357b6505 120000
--- a/test/rules/platform_certs/default/9c8dfbd4.0
+++ b/test/rules/platform_certs/default/9c8dfbd4.0
@@ -1 +1 @@
-cert069.pem
\ No newline at end of file
+cert062.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9d04f354.0 b/test/rules/platform_certs/default/9d04f354.0
index 6d6bdec5e46b..e5bfdc4fd316 120000
--- a/test/rules/platform_certs/default/9d04f354.0
+++ b/test/rules/platform_certs/default/9d04f354.0
@@ -1 +1 @@
-cert094.pem
\ No newline at end of file
+cert086.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9d520b32.0 b/test/rules/platform_certs/default/9d520b32.0
deleted file mode 120000
index ae5698946b79..000000000000
--- a/test/rules/platform_certs/default/9d520b32.0
+++ /dev/null
@@ -1 +0,0 @@
-cert040.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9d6523ce.0 b/test/rules/platform_certs/default/9d6523ce.0
index a151a41100d0..00871c6d7da0 120000
--- a/test/rules/platform_certs/default/9d6523ce.0
+++ b/test/rules/platform_certs/default/9d6523ce.0
@@ -1 +1 @@
-cert045.pem
\ No newline at end of file
+cert038.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9dbefe7b.0 b/test/rules/platform_certs/default/9dbefe7b.0
deleted file mode 120000
index ae5698946b79..000000000000
--- a/test/rules/platform_certs/default/9dbefe7b.0
+++ /dev/null
@@ -1 +0,0 @@
-cert040.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9f0f5fd6.0 b/test/rules/platform_certs/default/9f0f5fd6.0
deleted file mode 120000
index 4e69bf016efd..000000000000
--- a/test/rules/platform_certs/default/9f0f5fd6.0
+++ /dev/null
@@ -1 +0,0 @@
-cert112.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/9f533518.0 b/test/rules/platform_certs/default/9f533518.0
index 089e357b6505..426310756475 120000
--- a/test/rules/platform_certs/default/9f533518.0
+++ b/test/rules/platform_certs/default/9f533518.0
@@ -1 +1 @@
-cert062.pem
\ No newline at end of file
+cert055.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a0bc6fbb.0 b/test/rules/platform_certs/default/a0bc6fbb.0
deleted file mode 120000
index 6d3afc9f7b75..000000000000
--- a/test/rules/platform_certs/default/a0bc6fbb.0
+++ /dev/null
@@ -1 +0,0 @@
-cert019.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a2c66da8.0 b/test/rules/platform_certs/default/a2c66da8.0
index d30fd61516a0..5d5f80e33054 120000
--- a/test/rules/platform_certs/default/a2c66da8.0
+++ b/test/rules/platform_certs/default/a2c66da8.0
@@ -1 +1 @@
-cert098.pem
\ No newline at end of file
+cert090.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a3418fda.0 b/test/rules/platform_certs/default/a3418fda.0
new file mode 120000
index 000000000000..b293d2f9656d
--- /dev/null
+++ b/test/rules/platform_certs/default/a3418fda.0
@@ -0,0 +1 @@
+cert129.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a3896b44.0 b/test/rules/platform_certs/default/a3896b44.0
index 80f821db43c6..6b9e3cee1364 120000
--- a/test/rules/platform_certs/default/a3896b44.0
+++ b/test/rules/platform_certs/default/a3896b44.0
@@ -1 +1 @@
-cert016.pem
\ No newline at end of file
+cert015.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a7605362.0 b/test/rules/platform_certs/default/a7605362.0
index 5717d782c0b8..80f821db43c6 120000
--- a/test/rules/platform_certs/default/a7605362.0
+++ b/test/rules/platform_certs/default/a7605362.0
@@ -1 +1 @@
-cert017.pem
\ No newline at end of file
+cert016.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a760e1bd.0 b/test/rules/platform_certs/default/a760e1bd.0
deleted file mode 120000
index f3d65f9515d0..000000000000
--- a/test/rules/platform_certs/default/a760e1bd.0
+++ /dev/null
@@ -1 +0,0 @@
-cert011.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a7d2cf64.0 b/test/rules/platform_certs/default/a7d2cf64.0
index 48214313f446..2f975bd5f8dc 120000
--- a/test/rules/platform_certs/default/a7d2cf64.0
+++ b/test/rules/platform_certs/default/a7d2cf64.0
@@ -1 +1 @@
-cert048.pem
\ No newline at end of file
+cert041.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a81e292b.0 b/test/rules/platform_certs/default/a81e292b.0
index 8270bf0a9083..d59e7b0ac35d 120000
--- a/test/rules/platform_certs/default/a81e292b.0
+++ b/test/rules/platform_certs/default/a81e292b.0
@@ -1 +1 @@
-cert114.pem
\ No newline at end of file
+cert104.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/a94d09e5.0 b/test/rules/platform_certs/default/a94d09e5.0
index b03c490c2905..31b630c7c1ed 120000
--- a/test/rules/platform_certs/default/a94d09e5.0
+++ b/test/rules/platform_certs/default/a94d09e5.0
@@ -1 +1 @@
-cert085.pem
\ No newline at end of file
+cert077.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ab5346f4.0 b/test/rules/platform_certs/default/ab5346f4.0
index 04e7d30f51b2..a569193e45b9 120000
--- a/test/rules/platform_certs/default/ab5346f4.0
+++ b/test/rules/platform_certs/default/ab5346f4.0
@@ -1 +1 @@
-cert056.pem
\ No newline at end of file
+cert049.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ab59055e.0 b/test/rules/platform_certs/default/ab59055e.0
index 68fd619a62a8..dc215b21fff3 120000
--- a/test/rules/platform_certs/default/ab59055e.0
+++ b/test/rules/platform_certs/default/ab59055e.0
@@ -1 +1 @@
-cert131.pem
\ No newline at end of file
+cert116.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/aeb67534.0 b/test/rules/platform_certs/default/aeb67534.0
index 3cae6c5e8d73..5b97615af165 120000
--- a/test/rules/platform_certs/default/aeb67534.0
+++ b/test/rules/platform_certs/default/aeb67534.0
@@ -1 +1 @@
-cert073.pem
\ No newline at end of file
+cert066.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b0e59380.0 b/test/rules/platform_certs/default/b0e59380.0
index 92d55d0abb91..6d6bdec5e46b 120000
--- a/test/rules/platform_certs/default/b0e59380.0
+++ b/test/rules/platform_certs/default/b0e59380.0
@@ -1 +1 @@
-cert102.pem
\ No newline at end of file
+cert094.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b0ed035a.0 b/test/rules/platform_certs/default/b0ed035a.0
index e5bfdc4fd316..6c367fd21202 120000
--- a/test/rules/platform_certs/default/b0ed035a.0
+++ b/test/rules/platform_certs/default/b0ed035a.0
@@ -1 +1 @@
-cert086.pem
\ No newline at end of file
+cert078.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b1159c4c.0 b/test/rules/platform_certs/default/b1159c4c.0
index bae4f779ba1e..1a4e06971594 120000
--- a/test/rules/platform_certs/default/b1159c4c.0
+++ b/test/rules/platform_certs/default/b1159c4c.0
@@ -1 +1 @@
-cert024.pem
\ No newline at end of file
+cert021.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b1b8a7f3.0 b/test/rules/platform_certs/default/b1b8a7f3.0
index 2f975bd5f8dc..dfc09b96e7a1 120000
--- a/test/rules/platform_certs/default/b1b8a7f3.0
+++ b/test/rules/platform_certs/default/b1b8a7f3.0
@@ -1 +1 @@
-cert041.pem
\ No newline at end of file
+cert035.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b204d74a.0 b/test/rules/platform_certs/default/b204d74a.0
index cc53c2682802..b71513fe981a 120000
--- a/test/rules/platform_certs/default/b204d74a.0
+++ b/test/rules/platform_certs/default/b204d74a.0
@@ -1 +1 @@
-cert034.pem
\ No newline at end of file
+cert029.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b3fb433b.0 b/test/rules/platform_certs/default/b3fb433b.0
index b87664a35dce..ecbee746f069 120000
--- a/test/rules/platform_certs/default/b3fb433b.0
+++ b/test/rules/platform_certs/default/b3fb433b.0
@@ -1 +1 @@
-cert109.pem
\ No newline at end of file
+cert101.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b66938e9.0 b/test/rules/platform_certs/default/b66938e9.0
index 80aa69139189..98e1e5456f37 120000
--- a/test/rules/platform_certs/default/b66938e9.0
+++ b/test/rules/platform_certs/default/b66938e9.0
@@ -1 +1 @@
-cert036.pem
\ No newline at end of file
+cert031.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b727005e.0 b/test/rules/platform_certs/default/b727005e.0
index cd5cecffb316..78c8c289bffe 120000
--- a/test/rules/platform_certs/default/b727005e.0
+++ b/test/rules/platform_certs/default/b727005e.0
@@ -1 +1 @@
-cert068.pem
\ No newline at end of file
+cert061.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b74d2bd5.0 b/test/rules/platform_certs/default/b74d2bd5.0
new file mode 120000
index 000000000000..ac3fdcd6aae6
--- /dev/null
+++ b/test/rules/platform_certs/default/b74d2bd5.0
@@ -0,0 +1 @@
+cert134.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b7a5b843.0 b/test/rules/platform_certs/default/b7a5b843.0
index 234aa2b2c2cc..3c31427efb37 120000
--- a/test/rules/platform_certs/default/b7a5b843.0
+++ b/test/rules/platform_certs/default/b7a5b843.0
@@ -1 +1 @@
-cert071.pem
\ No newline at end of file
+cert064.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b7db1890.0 b/test/rules/platform_certs/default/b7db1890.0
index 234aa2b2c2cc..3c31427efb37 120000
--- a/test/rules/platform_certs/default/b7db1890.0
+++ b/test/rules/platform_certs/default/b7db1890.0
@@ -1 +1 @@
-cert071.pem
\ No newline at end of file
+cert064.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b872f2b4.0 b/test/rules/platform_certs/default/b872f2b4.0
index 5d5f80e33054..ff9922e53b2d 120000
--- a/test/rules/platform_certs/default/b872f2b4.0
+++ b/test/rules/platform_certs/default/b872f2b4.0
@@ -1 +1 @@
-cert090.pem
\ No newline at end of file
+cert082.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/b936d1c6.0 b/test/rules/platform_certs/default/b936d1c6.0
index 4d3818fc7c3e..b87664a35dce 120000
--- a/test/rules/platform_certs/default/b936d1c6.0
+++ b/test/rules/platform_certs/default/b936d1c6.0
@@ -1 +1 @@
-cert124.pem
\ No newline at end of file
+cert109.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ba89ed3b.0 b/test/rules/platform_certs/default/ba89ed3b.0
index a569193e45b9..214c9452624b 120000
--- a/test/rules/platform_certs/default/ba89ed3b.0
+++ b/test/rules/platform_certs/default/ba89ed3b.0
@@ -1 +1 @@
-cert049.pem
\ No newline at end of file
+cert042.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bc3f2570.0 b/test/rules/platform_certs/default/bc3f2570.0
index eec3208f5839..04e7d30f51b2 120000
--- a/test/rules/platform_certs/default/bc3f2570.0
+++ b/test/rules/platform_certs/default/bc3f2570.0
@@ -1 +1 @@
-cert063.pem
\ No newline at end of file
+cert056.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bd43e1dd.0 b/test/rules/platform_certs/default/bd43e1dd.0
new file mode 120000
index 000000000000..2a40c649daa9
--- /dev/null
+++ b/test/rules/platform_certs/default/bd43e1dd.0
@@ -0,0 +1 @@
+cert137.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/bdacca6f.0 b/test/rules/platform_certs/default/bdacca6f.0
index 80aa69139189..98e1e5456f37 120000
--- a/test/rules/platform_certs/default/bdacca6f.0
+++ b/test/rules/platform_certs/default/bdacca6f.0
@@ -1 +1 @@
-cert036.pem
\ No newline at end of file
+cert031.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c01cdfa2.0 b/test/rules/platform_certs/default/c01cdfa2.0
index 07df9b5eca3e..f70c743200ef 120000
--- a/test/rules/platform_certs/default/c01cdfa2.0
+++ b/test/rules/platform_certs/default/c01cdfa2.0
@@ -1 +1 @@
-cert051.pem
\ No newline at end of file
+cert044.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c01eb047.0 b/test/rules/platform_certs/default/c01eb047.0
new file mode 120000
index 000000000000..3b86526d9425
--- /dev/null
+++ b/test/rules/platform_certs/default/c01eb047.0
@@ -0,0 +1 @@
+cert130.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c089bbbd.0 b/test/rules/platform_certs/default/c089bbbd.0
index 48214313f446..2f975bd5f8dc 120000
--- a/test/rules/platform_certs/default/c089bbbd.0
+++ b/test/rules/platform_certs/default/c089bbbd.0
@@ -1 +1 @@
-cert048.pem
\ No newline at end of file
+cert041.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c28a8a30.0 b/test/rules/platform_certs/default/c28a8a30.0
index 68c876e8ea1b..924725c67632 120000
--- a/test/rules/platform_certs/default/c28a8a30.0
+++ b/test/rules/platform_certs/default/c28a8a30.0
@@ -1 +1 @@
-cert081.pem
\ No newline at end of file
+cert074.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c2c1704e.0 b/test/rules/platform_certs/default/c2c1704e.0
index ac3fdcd6aae6..5b20fc4c4385 120000
--- a/test/rules/platform_certs/default/c2c1704e.0
+++ b/test/rules/platform_certs/default/c2c1704e.0
@@ -1 +1 @@
-cert134.pem
\ No newline at end of file
+cert119.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c47d9980.0 b/test/rules/platform_certs/default/c47d9980.0
index 78c8c289bffe..14745ca2234d 120000
--- a/test/rules/platform_certs/default/c47d9980.0
+++ b/test/rules/platform_certs/default/c47d9980.0
@@ -1 +1 @@
-cert061.pem
\ No newline at end of file
+cert054.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c491639e.0 b/test/rules/platform_certs/default/c491639e.0
index 8e9e075e0404..f43f71de09a2 120000
--- a/test/rules/platform_certs/default/c491639e.0
+++ b/test/rules/platform_certs/default/c491639e.0
@@ -1 +1 @@
-cert095.pem
\ No newline at end of file
+cert087.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c51c224c.0 b/test/rules/platform_certs/default/c51c224c.0
index dcfdea4695e9..077461e29492 120000
--- a/test/rules/platform_certs/default/c51c224c.0
+++ b/test/rules/platform_certs/default/c51c224c.0
@@ -1 +1 @@
-cert076.pem
\ No newline at end of file
+cert069.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c559d742.0 b/test/rules/platform_certs/default/c559d742.0
new file mode 120000
index 000000000000..d5f16f42cfce
--- /dev/null
+++ b/test/rules/platform_certs/default/c559d742.0
@@ -0,0 +1 @@
+cert127.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c7e2a638.0 b/test/rules/platform_certs/default/c7e2a638.0
index 91faf4e1386e..ae5698946b79 120000
--- a/test/rules/platform_certs/default/c7e2a638.0
+++ b/test/rules/platform_certs/default/c7e2a638.0
@@ -1 +1 @@
-cert047.pem
\ No newline at end of file
+cert040.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c907e29b.0 b/test/rules/platform_certs/default/c907e29b.0
index b293d2f9656d..8270bf0a9083 120000
--- a/test/rules/platform_certs/default/c907e29b.0
+++ b/test/rules/platform_certs/default/c907e29b.0
@@ -1 +1 @@
-cert129.pem
\ No newline at end of file
+cert114.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/c90bc37d.0 b/test/rules/platform_certs/default/c90bc37d.0
index aa04b7c3f5bf..20b6b56b9c5f 120000
--- a/test/rules/platform_certs/default/c90bc37d.0
+++ b/test/rules/platform_certs/default/c90bc37d.0
@@ -1 +1 @@
-cert096.pem
\ No newline at end of file
+cert088.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ca6e4ad9.0 b/test/rules/platform_certs/default/ca6e4ad9.0
index a151a41100d0..00871c6d7da0 120000
--- a/test/rules/platform_certs/default/ca6e4ad9.0
+++ b/test/rules/platform_certs/default/ca6e4ad9.0
@@ -1 +1 @@
-cert045.pem
\ No newline at end of file
+cert038.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cb156124.0 b/test/rules/platform_certs/default/cb156124.0
index 20b6b56b9c5f..62897b262628 120000
--- a/test/rules/platform_certs/default/cb156124.0
+++ b/test/rules/platform_certs/default/cb156124.0
@@ -1 +1 @@
-cert088.pem
\ No newline at end of file
+cert080.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cb1c3204.0 b/test/rules/platform_certs/default/cb1c3204.0
index d3d34182b0b4..2d41f6757f8c 120000
--- a/test/rules/platform_certs/default/cb1c3204.0
+++ b/test/rules/platform_certs/default/cb1c3204.0
@@ -1 +1 @@
-cert115.pem
\ No newline at end of file
+cert105.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cb59f961.0 b/test/rules/platform_certs/default/cb59f961.0
deleted file mode 120000
index 6d3afc9f7b75..000000000000
--- a/test/rules/platform_certs/default/cb59f961.0
+++ /dev/null
@@ -1 +0,0 @@
-cert019.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cbf06781.0 b/test/rules/platform_certs/default/cbf06781.0
index eec3208f5839..04e7d30f51b2 120000
--- a/test/rules/platform_certs/default/cbf06781.0
+++ b/test/rules/platform_certs/default/cbf06781.0
@@ -1 +1 @@
-cert063.pem
\ No newline at end of file
+cert056.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cc450945.0 b/test/rules/platform_certs/default/cc450945.0
index d521e6e25fa9..4509178e43b6 120000
--- a/test/rules/platform_certs/default/cc450945.0
+++ b/test/rules/platform_certs/default/cc450945.0
@@ -1 +1 @@
-cert060.pem
\ No newline at end of file
+cert053.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ccc52f49.0 b/test/rules/platform_certs/default/ccc52f49.0
index 077461e29492..089e357b6505 120000
--- a/test/rules/platform_certs/default/ccc52f49.0
+++ b/test/rules/platform_certs/default/ccc52f49.0
@@ -1 +1 @@
-cert069.pem
\ No newline at end of file
+cert062.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cd58d51e.0 b/test/rules/platform_certs/default/cd58d51e.0
index 590f09763ca0..90c574c79ffc 120000
--- a/test/rules/platform_certs/default/cd58d51e.0
+++ b/test/rules/platform_certs/default/cd58d51e.0
@@ -1 +1 @@
-cert072.pem
\ No newline at end of file
+cert065.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cd8c0d63.0 b/test/rules/platform_certs/default/cd8c0d63.0
index 4d3818fc7c3e..b87664a35dce 120000
--- a/test/rules/platform_certs/default/cd8c0d63.0
+++ b/test/rules/platform_certs/default/cd8c0d63.0
@@ -1 +1 @@
-cert124.pem
\ No newline at end of file
+cert109.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ce5e74ef.0 b/test/rules/platform_certs/default/ce5e74ef.0
index be63f53484ff..819e00043983 120000
--- a/test/rules/platform_certs/default/ce5e74ef.0
+++ b/test/rules/platform_certs/default/ce5e74ef.0
@@ -1 +1 @@
-cert125.pem
\ No newline at end of file
+cert110.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/cert011.pem b/test/rules/platform_certs/default/cert011.pem
index da2dc0ad9b78..4bf6108424c9 100644
--- a/test/rules/platform_certs/default/cert011.pem
+++ b/test/rules/platform_certs/default/cert011.pem
@@ -1,20 +1,22 @@
-Visa eCommerce Root
+Comodo AAA Services root
 -----BEGIN CERTIFICATE-----
-MIIDojCCAoqgAwIBAgIQE4Y1TR0/BvLB+WUF1ZAcYjANBgkqhkiG9w0BAQUFADBrMQswCQYDVQQG
-EwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMmVmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2Ug
-QXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNvbW1lcmNlIFJvb3QwHhcNMDIwNjI2MDIxODM2
-WhcNMjIwNjI0MDAxNjEyWjBrMQswCQYDVQQGEwJVUzENMAsGA1UEChMEVklTQTEvMC0GA1UECxMm
-VmlzYSBJbnRlcm5hdGlvbmFsIFNlcnZpY2UgQXNzb2NpYXRpb24xHDAaBgNVBAMTE1Zpc2EgZUNv
-bW1lcmNlIFJvb3QwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvV95WHm6h2mCxlCfL
-F9sHP4CFT8icttD0b0/Pmdjh28JIXDqsOTPHH2qLJj0rNfVIsZHBAk4ElpF7sDPwsRROEW+1QK8b
-RaVK7362rPKgH1g/EkZgPI2h4H3PVz4zHvtH8aoVlwdVZqW1LS7YgFmypw23RuwhY/81q6UCzyr0
-TP579ZRdhE2o8mCP2w4lPJ9zcc+U30rq299yOIzzlr3xF7zSujtFWsan9sYXiwGd/BmoKoMWuDpI
-/k4+oKsGGelT84ATB+0tvz8KPFUgOSwsAGl0lUq8ILKpeeUYiZGo3BxN77t+Nwtd/jmliFKMAGzs
-GHxBvfaLdXe6YJ2E5/4tAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEG
-MB0GA1UdDgQWBBQVOIMPPyw/cDMezUb+B4wg4NfDtzANBgkqhkiG9w0BAQUFAAOCAQEAX/FBfXxc
-CLkr4NWSR/pnXKUTwwMhmytMiUbPWU3J/qVAtmPN3XEolWcRzCSs00Rsca4BIGsDoo8Ytyk6feUW
-YFN4PMCvFYP3j1IzJL1kk5fui/fbGKhtcbP3LBfQdCVp9/5rPJS+TUtBjE7ic9DjkCJzQ83z7+pz
-zkWKsKZJ/0x9nXGIxHYdkFsd7v3M9+79YKWxehZx0RbQfBI8bGmX265fOZpwLwU8GUYEmSA20GBu
-YQa7FkKMcPcw++DbZqMAAb3mLNqRX6BGi01qnD093QVG/na/oAo85ADmJ7f/hC3euiInlhBx6yLt
-398znM/jra6O1I7mT1GvFpLgXPYHDw==
+MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
+R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
+TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
+MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
+c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
+BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
+C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
+i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
+Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
+Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
+Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
+BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
+cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
+LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
+7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
+Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
+8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
+12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert012.pem b/test/rules/platform_certs/default/cert012.pem
index 4bf6108424c9..80203eb2fe06 100644
--- a/test/rules/platform_certs/default/cert012.pem
+++ b/test/rules/platform_certs/default/cert012.pem
@@ -1,22 +1,30 @@
-Comodo AAA Services root
+QuoVadis Root CA
 -----BEGIN CERTIFICATE-----
-MIIEMjCCAxqgAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJHQjEbMBkGA1UECAwS
-R3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHDAdTYWxmb3JkMRowGAYDVQQKDBFDb21vZG8gQ0Eg
-TGltaXRlZDEhMB8GA1UEAwwYQUFBIENlcnRpZmljYXRlIFNlcnZpY2VzMB4XDTA0MDEwMTAwMDAw
-MFoXDTI4MTIzMTIzNTk1OVowezELMAkGA1UEBhMCR0IxGzAZBgNVBAgMEkdyZWF0ZXIgTWFuY2hl
-c3RlcjEQMA4GA1UEBwwHU2FsZm9yZDEaMBgGA1UECgwRQ29tb2RvIENBIExpbWl0ZWQxITAfBgNV
-BAMMGEFBQSBDZXJ0aWZpY2F0ZSBTZXJ2aWNlczCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBAL5AnfRu4ep2hxxNRUSOvkbIgwadwSr+GB+O5AL686tdUIoWMQuaBtDFcCLNSS1UY8y2bmhG
-C1Pqy0wkwLxyTurxFa70VJoSCsN6sjNg4tqJVfMiWPPe3M/vg4aijJRPn2jymJBGhCfHdr/jzDUs
-i14HZGWCwEiwqJH5YZ92IFCokcdmtet4YgNW8IoaE+oxox6gmf049vYnMlhvB/VruPsUK6+3qszW
-Y19zjNoFmag4qMsXeDZRrOme9Hg6jc8P2ULimAyrL58OAd7vn5lJ8S3frHRNG5i1R8XlKdH5kBjH
-Ypy+g8cmez6KJcfA3Z3mNWgQIJ2P2N7Sw4ScDV7oL8kCAwEAAaOBwDCBvTAdBgNVHQ4EFgQUoBEK
-Iz6W8Qfs4q8p74Klf9AwpLQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wewYDVR0f
-BHQwcjA4oDagNIYyaHR0cDovL2NybC5jb21vZG9jYS5jb20vQUFBQ2VydGlmaWNhdGVTZXJ2aWNl
-cy5jcmwwNqA0oDKGMGh0dHA6Ly9jcmwuY29tb2RvLm5ldC9BQUFDZXJ0aWZpY2F0ZVNlcnZpY2Vz
-LmNybDANBgkqhkiG9w0BAQUFAAOCAQEACFb8AvCb6P+k+tZ7xkSAzk/ExfYAWMymtrwUSWgEdujm
-7l3sAg9g1o1QGE8mTgHj5rCl7r+8dFRBv/38ErjHT1r0iWAFf2C3BUrz9vHCv8S5dIa2LX1rzNLz
-Rt0vxuBqw8M0Ayx9lt1awg6nCpnBBYurDC/zXDrPbDdVCYfeU0BsWO/8tqtlbgT2G9w84FoVxp7Z
-8VlIMCFlA2zs6SFz7JsDoeA3raAVGI/6ugLOpyypEBMs1OUIJqsil2D4kF501KKaU73yqWjgom7C
-12yxow+ev+to51byrvLjKzg6CYG1a4XXvi3tPxq3smPi9WIsgtRqAEFQ8TmDn5XpNpaYbg==
+MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE
+ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
+eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz
+MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
+cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD
+EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk
+J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL
+F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL
+YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen
+AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w
+PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
+ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7
+MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj
+YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
+ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
+Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW
+Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu
+BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw
+FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6
+tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo
+fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul
+LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x
+gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi
+5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi
+5nrQNiOKSnQ2+Q==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert013.pem b/test/rules/platform_certs/default/cert013.pem
index 80203eb2fe06..47f65009b98c 100644
--- a/test/rules/platform_certs/default/cert013.pem
+++ b/test/rules/platform_certs/default/cert013.pem
@@ -1,30 +1,29 @@
-QuoVadis Root CA
+QuoVadis Root CA 2
 -----BEGIN CERTIFICATE-----
-MIIF0DCCBLigAwIBAgIEOrZQizANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJCTTEZMBcGA1UE
-ChMQUXVvVmFkaXMgTGltaXRlZDElMCMGA1UECxMcUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0
-eTEuMCwGA1UEAxMlUXVvVmFkaXMgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wMTAz
-MTkxODMzMzNaFw0yMTAzMTcxODMzMzNaMH8xCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRp
-cyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MS4wLAYDVQQD
-EyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAv2G1lVO6V/z68mcLOhrfEYBklbTRvM16z/Ypli4kVEAkOPcahdxYTMuk
-J0KX0J+DisPkBgNbAKVRHnAEdOLB1Dqr1607BxgFjv2DrOpm2RgbaIr1VxqYuvXtdj182d6UajtL
-F8HVj71lODqV0D1VNk7feVcxKh7YWWVJWCCYfqtffp/p1k3sg3Spx2zY7ilKhSoGFPlU5tPaZQeL
-YzcS19Dsw3sgQUSj7cugF+FxZc4dZjH3dgEZyH0DWLaVSR2mEiboxgx24ONmy+pdpibu5cxfvWen
-AScOospUxbF6lR1xHkopigPcakXBpBlebzbNw6Kwt/5cOOJSvPhEQ+aQuwIDAQABo4ICUjCCAk4w
-PQYIKwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwczovL29jc3AucXVvdmFkaXNvZmZzaG9y
-ZS5jb20wDwYDVR0TAQH/BAUwAwEB/zCCARoGA1UdIASCAREwggENMIIBCQYJKwYBBAG+WAABMIH7
-MIHUBggrBgEFBQcCAjCBxxqBxFJlbGlhbmNlIG9uIHRoZSBRdW9WYWRpcyBSb290IENlcnRpZmlj
-YXRlIGJ5IGFueSBwYXJ0eSBhc3N1bWVzIGFjY2VwdGFuY2Ugb2YgdGhlIHRoZW4gYXBwbGljYWJs
-ZSBzdGFuZGFyZCB0ZXJtcyBhbmQgY29uZGl0aW9ucyBvZiB1c2UsIGNlcnRpZmljYXRpb24gcHJh
-Y3RpY2VzLCBhbmQgdGhlIFF1b1ZhZGlzIENlcnRpZmljYXRlIFBvbGljeS4wIgYIKwYBBQUHAgEW
-Fmh0dHA6Ly93d3cucXVvdmFkaXMuYm0wHQYDVR0OBBYEFItLbe3TKbkGGew5Oanwl4Rqy+/fMIGu
-BgNVHSMEgaYwgaOAFItLbe3TKbkGGew5Oanwl4Rqy+/foYGEpIGBMH8xCzAJBgNVBAYTAkJNMRkw
-FwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMSUwIwYDVQQLExxSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MS4wLAYDVQQDEyVRdW9WYWRpcyBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggQ6
-tlCLMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAitQUtf70mpKnGdSkfnIYj9lo
-fFIk3WdvOXrEql494liwTXCYhGHoG+NpGA7O+0dQoE7/8CQfvbLO9Sf87C9TqnN7Az10buYWnuul
-LsS/VidQK2K6vkscPFVcQR0kvoIgR13VRH56FmjffU1RcHhXHTMe/QKZnAzNCgVPx7uOpHX6Sm2x
-gI4JVrmcGmD+XcHXetwReNDWXcG31a0ymQM6isxUJTkxgXsTIlG6Rmyhu576BGxJJnSP0nPrzDCi
-5upZIof4l/UO/erMkqQWxFIY6iHOsfHmhIHluqmGKPJDWl0Snawe2ajlCmqnf6CHKc/yiU3U7MXi
-5nrQNiOKSnQ2+Q==
+MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
+ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
+XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
+lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
+lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
+lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
+66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
+wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
+D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
+BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
+J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
+DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
+a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
+ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
+Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
+UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
+VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
++JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
+IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
+WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
+f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
+4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
+VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert014.pem b/test/rules/platform_certs/default/cert014.pem
index 47f65009b98c..e5e47cf8150e 100644
--- a/test/rules/platform_certs/default/cert014.pem
+++ b/test/rules/platform_certs/default/cert014.pem
@@ -1,29 +1,33 @@
-QuoVadis Root CA 2
+QuoVadis Root CA 3
 -----BEGIN CERTIFICATE-----
-MIIFtzCCA5+gAwIBAgICBQkwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
-EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMjAeFw0wNjExMjQx
-ODI3MDBaFw0zMTExMjQxODIzMzNaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
-aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDIwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQCaGMpLlA0ALa8DKYrwD4HIrkwZhR0In6spRIXzL4GtMh6QRr+jhiYaHv5+HBg6
-XJxgFyo6dIMzMH1hVBHL7avg5tKifvVrbxi3Cgst/ek+7wrGsxDp3MJGF/hd/aTa/55JWpzmM+Yk
-lvc/ulsrHHo1wtZn/qtmUIttKGAr79dgw8eTvI02kfN/+NsRE8Scd3bBrrcCaoF6qUWD4gXmuVbB
-lDePSHFjIuwXZQeVikvfj8ZaCuWw419eaxGrDPmF60Tp+ARz8un+XJiM9XOva7R+zdRcAitMOeGy
-lZUtQofX1bOQQ7dsE/He3fbE+Ik/0XX1ksOR1YqI0JDs3G3eicJlcZaLDQP9nL9bFqyS2+r+eXyt
-66/3FsvbzSUr5R/7mp/iUcw6UwxI5g69ybR2BlLmEROFcmMDBOAENisgGQLodKcftslWZvB1Jdxn
-wQ5hYIizPtGo/KPaHbDRsSNU30R2be1B2MGyIrZTHN81Hdyhdyox5C315eXbyOD/5YDXC2Og/zOh
-D7osFRXql7PSorW+8oyWHhqPHWykYTe5hnMz15eWniN9gqRMgeKh0bpnX5UHoycR7hYQe7xFSkyy
-BNKr79X9DFHOUGoIMfmR2gyPZFwDwzqLID9ujWc9Otb+fVuIyV77zGHcizN300QyNQliBJIWENie
-J0f7OyHj+OsdWwIDAQABo4GwMIGtMA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1Ud
-DgQWBBQahGK8SEwzJQTU7tD2A8QZRtGUazBuBgNVHSMEZzBlgBQahGK8SEwzJQTU7tD2A8QZRtGU
-a6FJpEcwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMT
-ElF1b1ZhZGlzIFJvb3QgQ0EgMoICBQkwDQYJKoZIhvcNAQEFBQADggIBAD4KFk2fBluornFdLwUv
-Z+YTRYPENvbzwCYMDbVHZF34tHLJRqUDGCdViXh9duqWNIAXINzng/iN/Ae42l9NLmeyhP3ZRPx3
-UIHmfLTJDQtyU/h2BwdBR5YM++CCJpNVjP4iH2BlfF/nJrP3MpCYUNQ3cVX2kiF495V5+vgtJodm
-VjB3pjd4M1IQWK4/YY7yarHvGH5KWWPKjaJW1acvvFYfzznB4vsKqBUsfU16Y8Zsl0Q80m/DShcK
-+JDSV6IZUaUtl0HaB0+pUNqQjZRG4T7wlP0QADj1O+hA4bRuVhogzG9Yje0uRY/W6ZM/57Es3zrW
-IozchLsib9D45MY56QSIPMO661V6bYCZJPVsAfv4l7CUW+v90m/xd2gNNWQjrLhVoQPRTUIZ3Ph1
-WVaj+ahJefivDrkRoHy3au000LYmYjgahwz46P0u05B/B5EqHdZ+XIWDmbA4CD/pXvk1B+TJYm5X
-f6dQlfe6yJvmjqIBxdZmv3lh8zwc4bmCXF2gw+nYSL0ZohEUGW6yhhtoPkg3Goi3XZZenMfvJ2II
-4pEZXNLxId26F0KCl3GBUzGpn/Z9Yr9y4aOTHcyKJloJONDO1w2AFrR4pTqHTI2KpdVGl/IsELm8
-VCLAAVBpQ570su9t+Oza8eOx79+Rj1QqCyXBJhnEUhAFZdWCEOrCMc0u
+MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
+EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
+OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
+aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
+DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
+KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
+DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
+BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
+p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
+nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
+MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
+Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
+uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
+BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
+YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
+aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
+BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
+VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
+ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
+AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
+qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
+hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
+POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
+Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
+8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
+bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
+g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
+vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
+qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert015.pem b/test/rules/platform_certs/default/cert015.pem
index e5e47cf8150e..15b78a463515 100644
--- a/test/rules/platform_certs/default/cert015.pem
+++ b/test/rules/platform_certs/default/cert015.pem
@@ -1,33 +1,19 @@
-QuoVadis Root CA 3
+Security Communication Root CA
 -----BEGIN CERTIFICATE-----
-MIIGnTCCBIWgAwIBAgICBcYwDQYJKoZIhvcNAQEFBQAwRTELMAkGA1UEBhMCQk0xGTAXBgNVBAoT
-EFF1b1ZhZGlzIExpbWl0ZWQxGzAZBgNVBAMTElF1b1ZhZGlzIFJvb3QgQ0EgMzAeFw0wNjExMjQx
-OTExMjNaFw0zMTExMjQxOTA2NDRaMEUxCzAJBgNVBAYTAkJNMRkwFwYDVQQKExBRdW9WYWRpcyBM
-aW1pdGVkMRswGQYDVQQDExJRdW9WYWRpcyBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQDMV0IWVJzmmNPTTe7+7cefQzlKZbPoFog02w1ZkXTPkrgEQK0CSzGrvI2RaNgg
-DhoB4hp7Thdd4oq3P5kazethq8Jlph+3t723j/z9cI8LoGe+AaJZz3HmDyl2/7FWeUUrH556VOij
-KTVopAFPD6QuN+8bv+OPEKhyq1hX51SGyMnzW9os2l2ObjyjPtr7guXd8lyyBTNvijbO0BNO/79K
-DDRMpsMhvVAEVeuxu537RR5kFd5VAYwCdrXLoT9CabwvvWhDFlaJKjdhkf2mrk7AyxRllDdLkgbv
-BNDInIjbC3uBr7E9KsRlOni27tyAsdLTmZw67mtaa7ONt9XOnMK+pUsvFrGeaDsGb659n/je7Mwp
-p5ijJUMv7/FfJuGITfhebtfZFG4ZM2mnO4SJk8RTVROhUXhA+LjJou57ulJCg54U7QVSWllWp5f8
-nT8KKdjcT5EOE7zelaTfi5m+rJsziO+1ga8bxiJTyPbH7pcUsMV8eFLI8M5ud2CEpukqdiDtWAEX
-MJPpGovgc2PZapKUSU60rUqFxKMiMPwJ7Wgic6aIDFUhWMXhOp8q3crhkODZc6tsgLjoC2SToJyM
-Gf+z0gzskSaHirOi4XCPLArlzW1oUevaPwV/izLmE1xr/l9A4iLItLRkT9a6fUg+qGkM17uGcclz
-uD87nSVL2v9A6wIDAQABo4IBlTCCAZEwDwYDVR0TAQH/BAUwAwEB/zCB4QYDVR0gBIHZMIHWMIHT
-BgkrBgEEAb5YAAMwgcUwgZMGCCsGAQUFBwICMIGGGoGDQW55IHVzZSBvZiB0aGlzIENlcnRpZmlj
-YXRlIGNvbnN0aXR1dGVzIGFjY2VwdGFuY2Ugb2YgdGhlIFF1b1ZhZGlzIFJvb3QgQ0EgMyBDZXJ0
-aWZpY2F0ZSBQb2xpY3kgLyBDZXJ0aWZpY2F0aW9uIFByYWN0aWNlIFN0YXRlbWVudC4wLQYIKwYB
-BQUHAgEWIWh0dHA6Ly93d3cucXVvdmFkaXNnbG9iYWwuY29tL2NwczALBgNVHQ8EBAMCAQYwHQYD
-VR0OBBYEFPLAE+CCQz777i9nMpY1XNu4ywLQMG4GA1UdIwRnMGWAFPLAE+CCQz777i9nMpY1XNu4
-ywLQoUmkRzBFMQswCQYDVQQGEwJCTTEZMBcGA1UEChMQUXVvVmFkaXMgTGltaXRlZDEbMBkGA1UE
-AxMSUXVvVmFkaXMgUm9vdCBDQSAzggIFxjANBgkqhkiG9w0BAQUFAAOCAgEAT62gLEz6wPJv92ZV
-qyM07ucp2sNbtrCD2dDQ4iH782CnO11gUyeim/YIIirnv6By5ZwkajGxkHon24QRiSemd1o417+s
-hvzuXYO8BsbRd2sPbSQvS3pspweWyuOEn62Iix2rFo1bZhfZFvSLgNLd+LJ2w/w4E6oM3kJpK27z
-POuAJ9v1pkQNn1pVWQvVDVJIxa6f8i+AxeoyUDUSly7B4f/xI4hROJ/yZlZ25w9Rl6VSDE1JUZU2
-Pb+iSwwQHYaZTKrzchGT5Or2m9qoXadNt54CrnMAyNojA+j56hl0YgCUyyIgvpSnWbWCar6ZeXqp
-8kokUvd0/bpO5qgdAm6xDYBEwa7TIzdfu4V8K5Iu6H6li92Z4b8nby1dqnuH/grdS/yO9SbkbnBC
-bjPsMZ57k8HkyWkaPcBrTiJt7qtYTcbQQcEr6k8Sh17rRdhs9ZgC06DYVYoGmRmioHfRMJ6szHXu
-g/WwYjnPbFfiTNKRCw51KBuav/0aQ/HKd/s7j2G4aSgWQgRecCocIdiP4b0jWy10QJLZYxkNc91p
-vGJHvOB0K7Lrfb5BG7XARsWhIstfTsEokt4YutUqKLsRixeTmJlglFwjz1onl14LBQaTNx47aTbr
-qZ5hHY8y2o4M1nQ+ewkk2gF3R8Q7zTSMmfXK4SVhM7JZG+Ju1zdXtg2pEto=
+MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
+U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
+8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
+DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
+5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
+DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
+JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
+DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
+0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
+mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
+s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
+6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
+FL39vmwLAw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert016.pem b/test/rules/platform_certs/default/cert016.pem
index 15b78a463515..141e435e5842 100644
--- a/test/rules/platform_certs/default/cert016.pem
+++ b/test/rules/platform_certs/default/cert016.pem
@@ -1,19 +1,18 @@
-Security Communication Root CA
+Sonera Class 2 Root CA
 -----BEGIN CERTIFICATE-----
-MIIDWjCCAkKgAwIBAgIBADANBgkqhkiG9w0BAQUFADBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
-U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
-HhcNMDMwOTMwMDQyMDQ5WhcNMjMwOTMwMDQyMDQ5WjBQMQswCQYDVQQGEwJKUDEYMBYGA1UEChMP
-U0VDT00gVHJ1c3QubmV0MScwJQYDVQQLEx5TZWN1cml0eSBDb21tdW5pY2F0aW9uIFJvb3RDQTEw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzs/5/022x7xZ8V6UMbXaKL0u/ZPtM7orw
-8yl89f/uKuDp6bpbZCKamm8sOiZpUQWZJtzVHGpxxpp9Hp3dfGzGjGdnSj74cbAZJ6kJDKaVv0uM
-DPpVmDvY6CKhS3E4eayXkmmziX7qIWgGmBSWh9JhNrxtJ1aeV+7AwFb9Ms+k2Y7CI9eNqPPYJayX
-5HA49LY6tJ07lyZDo6G8SVlyTCMwhwFY9k6+HGhWZq/NQV3Is00qVUarH9oe4kA92819uZKAnDfd
-DJZkndwi92SL32HeFZRSFaB9UslLqCHJxrHty8OVYNEP8Ktw+N/LTX7s1vqr2b1/VPKl6Xn62dZ2
-JChzAgMBAAGjPzA9MB0GA1UdDgQWBBSgc0mZaNyFW2XjmygvV5+9M7wHSDALBgNVHQ8EBAMCAQYw
-DwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAaECpqLvkT115swW1F7NgE+vGkl3g
-0dNq/vu+m22/xwVtWSDEHPC32oRYAmP6SBbvT6UL90qY8j+eG61Ha2POCEfrUj94nK9NrvjVT8+a
-mCoQQTlSxN3Zmw7vkwGusi7KaEIkQmywszo+zenaSMQVy+n5Bw+SUEmK3TGXX8npN6o7WWWXlDLJ
-s58+OmJYxUmtYg5xpTKqL8aJdkNAExNnPaJUJRDL8Try2frbSVa7pv6nQTXD4IhhyYjH3zYQIphZ
-6rBK+1YWc26sTfcioU+tHXotRSflMMFe8toTyyVCUZVHA4xsIcx0Qu1T/zOLjw9XARYvz6buyXAi
-FL39vmwLAw==
+MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG
+U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw
+NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh
+IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3
+/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT
+dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG
+f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P
+tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH
+nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT
+XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt
+0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI
+cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph
+Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx
+EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
+llpwrN9M
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert017.pem b/test/rules/platform_certs/default/cert017.pem
index 141e435e5842..16d5486f7ec9 100644
--- a/test/rules/platform_certs/default/cert017.pem
+++ b/test/rules/platform_certs/default/cert017.pem
@@ -1,18 +1,22 @@
-Sonera Class 2 Root CA
+XRamp Global CA Root
 -----BEGIN CERTIFICATE-----
-MIIDIDCCAgigAwIBAgIBHTANBgkqhkiG9w0BAQUFADA5MQswCQYDVQQGEwJGSTEPMA0GA1UEChMG
-U29uZXJhMRkwFwYDVQQDExBTb25lcmEgQ2xhc3MyIENBMB4XDTAxMDQwNjA3Mjk0MFoXDTIxMDQw
-NjA3Mjk0MFowOTELMAkGA1UEBhMCRkkxDzANBgNVBAoTBlNvbmVyYTEZMBcGA1UEAxMQU29uZXJh
-IENsYXNzMiBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJAXSjWdyvANlsdE+hY3
-/Ei9vX+ALTU74W+oZ6m/AxxNjG8yR9VBaKQTBME1DJqEQ/xcHf+Js+gXGM2RX/uJ4+q/Tl18GybT
-dXnt5oTjV+WtKcT0OijnpXuENmmz/V52vaMtmdOQTiMofRhj8VQ7Jp12W5dCsv+u8E7s3TmVToMG
-f+dJQMjFAbJUWmYdPfz56TwKnoG4cPABi+QjVHzIrviQHgCWctRUz2EjvOr7nQKV0ba5cTppCD8P
-tOFCx4j1P5iop7oc4HFx71hXgVB6XGt0Rg6DA5jDjqhu8nYybieDwnPz3BjotJPqdURrBGAgcVeH
-nfO+oJAjPYok4doh28MCAwEAAaMzMDEwDwYDVR0TAQH/BAUwAwEB/zARBgNVHQ4ECgQISqCqWITT
-XjwwCwYDVR0PBAQDAgEGMA0GCSqGSIb3DQEBBQUAA4IBAQBazof5FnIVV0sd2ZvnoiYw7JNn39Yt
-0jSv9zilzqsWuasvfDXLrNAPtEwr/IDva4yRXzZ299uzGxnq9LIR/WFxRL8oszodv7ND6J+/3DEI
-cbCdjdY0RzKQxmUk96BKfARzjzlvF4xytb1LyHr4e4PDKE6cCepnP7JnBBvDFNr450kkkdAdavph
-Oe9r5yF1BgfYErQhIHBCcYHaPJo2vqZbDWpsmh+Re/n570K6Tk6ezAyNlNzZRZxe7EJQY670XcSx
-EtzKO6gunRRaBXW37Ndj4ro1tgQIkejanZz2ZrUYrAqmVCY0M9IbwdR/GjqOC6oybtv8TyWf2TLH
-llpwrN9M
+MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
+BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
+dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
+HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
+U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
+dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
+IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
+foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
+zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
+AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
+xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
+oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
+AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
+/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
+qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
+nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
+8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert018.pem b/test/rules/platform_certs/default/cert018.pem
index 24ba7e9f344c..7adada8b3ffd 100644
--- a/test/rules/platform_certs/default/cert018.pem
+++ b/test/rules/platform_certs/default/cert018.pem
@@ -1,25 +1,22 @@
-Camerfirma Chambers of Commerce Root
+Go Daddy Class 2 CA
 -----BEGIN CERTIFICATE-----
-MIIEvTCCA6WgAwIBAgIBADANBgkqhkiG9w0BAQUFADB/MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe
-QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i
-ZXJzaWduLm9yZzEiMCAGA1UEAxMZQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdDAeFw0wMzA5MzAx
-NjEzNDNaFw0zNzA5MzAxNjEzNDRaMH8xCzAJBgNVBAYTAkVVMScwJQYDVQQKEx5BQyBDYW1lcmZp
-cm1hIFNBIENJRiBBODI3NDMyODcxIzAhBgNVBAsTGmh0dHA6Ly93d3cuY2hhbWJlcnNpZ24ub3Jn
-MSIwIAYDVQQDExlDaGFtYmVycyBvZiBDb21tZXJjZSBSb290MIIBIDANBgkqhkiG9w0BAQEFAAOC
-AQ0AMIIBCAKCAQEAtzZV5aVdGDDg2olUkfzIx1L4L1DZ77F1c2VHfRtbunXF/KGIJPov7coISjlU
-xFF6tdpg6jg8gbLL8bvZkSM/SAFwdakFKq0fcfPJVD0dBmpAPrMMhe5cG3nCYsS4No41XQEMIwRH
-NaqbYE6gZj3LJgqcQKH0XZi/caulAGgq7YN6D6IUtdQis4CwPAxaUWktWBiP7Zme8a7ileb2R6jW
-DA+wWFjbw2Y3npuRVDM30pQcakjJyfKl2qUMI/cjDpwyVV5xnIQFUZot/eZOKjRa3spAN2cMVCFV
-d9oKDMyXroDclDZK9D7ONhMeU+SsTjoF7Nuucpw4i9A5O4kKPnf+dQIBA6OCAUQwggFAMBIGA1Ud
-EwEB/wQIMAYBAf8CAQwwPAYDVR0fBDUwMzAxoC+gLYYraHR0cDovL2NybC5jaGFtYmVyc2lnbi5v
-cmcvY2hhbWJlcnNyb290LmNybDAdBgNVHQ4EFgQU45T1sU3p26EpW1eLTXYGduHRooowDgYDVR0P
-AQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzAnBgNVHREEIDAegRxjaGFtYmVyc3Jvb3RAY2hh
-bWJlcnNpZ24ub3JnMCcGA1UdEgQgMB6BHGNoYW1iZXJzcm9vdEBjaGFtYmVyc2lnbi5vcmcwWAYD
-VR0gBFEwTzBNBgsrBgEEAYGHLgoDATA+MDwGCCsGAQUFBwIBFjBodHRwOi8vY3BzLmNoYW1iZXJz
-aWduLm9yZy9jcHMvY2hhbWJlcnNyb290Lmh0bWwwDQYJKoZIhvcNAQEFBQADggEBAAxBl8IahsAi
-fJ/7kPMa0QOx7xP5IV8EnNrJpY0nbJaHkb5BkAFyk+cefV/2icZdp0AJPaxJRUXcLo0waLIJuvvD
-L8y6C98/d3tGfToSJI6WjzwFCm/SlCgdbQzALogi1djPHRPH8EjX1wWnz8dHnjs8NMiAT9QUu/wN
-UPf6s+xCX6ndbcj0dc97wXImsQEcXCz9ek60AcUFV7nnPKoF2YjpB0ZBzu9Bga5Y34OirsrXdx/n
-ADydb47kMgkdTXg0eDQ8lJsm7U9xxhl6vSAiSFr+S30Dt+dYvsYyTnQeaN2oaFuzPu5ifdmA6Ap1
-erfutGWaIZDgqtCYvDi1czyL+Nw=
+MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
+VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
+A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
+RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
+ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
+2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
+qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
+YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
+vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
+BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
+atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
+MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
+A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
+PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
+I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
+HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
+Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
+vZ8=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert019.pem b/test/rules/platform_certs/default/cert019.pem
index 7ad8b3396d49..52679e74119b 100644
--- a/test/rules/platform_certs/default/cert019.pem
+++ b/test/rules/platform_certs/default/cert019.pem
@@ -1,25 +1,22 @@
-Camerfirma Global Chambersign Root
+Starfield Class 2 CA
 -----BEGIN CERTIFICATE-----
-MIIExTCCA62gAwIBAgIBADANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMe
-QUMgQ2FtZXJmaXJtYSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1i
-ZXJzaWduLm9yZzEgMB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwHhcNMDMwOTMwMTYx
-NDE4WhcNMzcwOTMwMTYxNDE4WjB9MQswCQYDVQQGEwJFVTEnMCUGA1UEChMeQUMgQ2FtZXJmaXJt
-YSBTQSBDSUYgQTgyNzQzMjg3MSMwIQYDVQQLExpodHRwOi8vd3d3LmNoYW1iZXJzaWduLm9yZzEg
-MB4GA1UEAxMXR2xvYmFsIENoYW1iZXJzaWduIFJvb3QwggEgMA0GCSqGSIb3DQEBAQUAA4IBDQAw
-ggEIAoIBAQCicKLQn0KuWxfH2H3PFIP8T8mhtxOviteePgQKkotgVvq0Mi+ITaFgCPS3CU6gSS9J
-1tPfnZdan5QEcOw/Wdm3zGaLmFIoCQLfxS+EjXqXd7/sQJ0lcqu1PzKY+7e3/HKE5TWH+VX6ox8O
-by4o3Wmg2UIQxvi1RMLQQ3/bvOSiPGpVeAp3qdjqGTK3L/5cPxvusZjsyq16aUXjlg9V9ubtdepl
-6DJWk0aJqCWKZQbua795B9Dxt6/tLE2Su8CoX6dnfQTyFQhwrJLWfQTSM/tMtgsL+xrJxI0DqX5c
-8lCrEqWhz0hQpe/SyBoT+rB/sYIcd2oPX9wLlY/vQ37mRQklAgEDo4IBUDCCAUwwEgYDVR0TAQH/
-BAgwBgEB/wIBDDA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY3JsLmNoYW1iZXJzaWduLm9yZy9j
-aGFtYmVyc2lnbnJvb3QuY3JsMB0GA1UdDgQWBBRDnDafsJ4wTcbOX60Qq+UDpfqpFDAOBgNVHQ8B
-Af8EBAMCAQYwEQYJYIZIAYb4QgEBBAQDAgAHMCoGA1UdEQQjMCGBH2NoYW1iZXJzaWducm9vdEBj
-aGFtYmVyc2lnbi5vcmcwKgYDVR0SBCMwIYEfY2hhbWJlcnNpZ25yb290QGNoYW1iZXJzaWduLm9y
-ZzBbBgNVHSAEVDBSMFAGCysGAQQBgYcuCgEBMEEwPwYIKwYBBQUHAgEWM2h0dHA6Ly9jcHMuY2hh
-bWJlcnNpZ24ub3JnL2Nwcy9jaGFtYmVyc2lnbnJvb3QuaHRtbDANBgkqhkiG9w0BAQUFAAOCAQEA
-PDtwkfkEVCeR4e3t/mh/YV3lQWVPMvEYBZRqHN4fcNs+ezICNLUMbKGKfKX0j//U2K0X1S0E0T9Y
-gOKBWYi+wONGkyT+kL0mojAt6JcmVzWJdJYY9hXiryQZVgICsroPFOrGimbBhkVVi76SvpykBMdJ
-PJ7oKXqJ1/6v/2j1pReQvayZzKWGVwlnRtvWFsJG8eSpUPWP0ZIV018+xgBJOm5YstHRJw0lyDL4
-IBHNfTIzSJRUTN3cecQwn+uOuFW114hcxWokPbLTBQNRxgfvzBRydD1ucs4YKIxKoHflCStFREes
-t2d/AYoFWpO+ocH/+OcOZ6RHSXZddZAa9SaP8A==
+MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
+U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
+Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
+MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
+A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
+SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
+bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
+JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
+epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
+F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
+MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
+hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
+bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
+QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
+afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
+PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
+xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
+KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
+QBFGmh95DmK/D5fs4C8fF5Q=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert020.pem b/test/rules/platform_certs/default/cert020.pem
index 16d5486f7ec9..b81665fff7f8 100644
--- a/test/rules/platform_certs/default/cert020.pem
+++ b/test/rules/platform_certs/default/cert020.pem
@@ -1,22 +1,28 @@
-XRamp Global CA Root
+Taiwan GRCA
 -----BEGIN CERTIFICATE-----
-MIIEMDCCAxigAwIBAgIQUJRs7Bjq1ZxN1ZfvdY+grTANBgkqhkiG9w0BAQUFADCBgjELMAkGA1UE
-BhMCVVMxHjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2Vj
-dXJpdHkgU2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwHhcNMDQxMTAxMTcxNDA0WhcNMzUwMTAxMDUzNzE5WjCBgjELMAkGA1UEBhMCVVMx
-HjAcBgNVBAsTFXd3dy54cmFtcHNlY3VyaXR5LmNvbTEkMCIGA1UEChMbWFJhbXAgU2VjdXJpdHkg
-U2VydmljZXMgSW5jMS0wKwYDVQQDEyRYUmFtcCBHbG9iYWwgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
-dHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCYJB69FbS638eMpSe2OAtp87ZOqCwu
-IR1cRN8hXX4jdP5efrRKt6atH67gBhbim1vZZ3RrXYCPKZ2GG9mcDZhtdhAoWORlsH9KmHmf4MMx
-foArtYzAQDsRhtDLooY2YKTVMIJt2W7QDxIEM5dfT2Fa8OT5kavnHTu86M/0ay00fOJIYRyO82FE
-zG+gSqmUsE3a56k0enI4qEHMPJQRfevIpoy3hsvKMzvZPTeL+3o+hiznc9cKV6xkmxnr9A8ECIqs
-AxcZZPRaJSKNNCyy9mgdEm3Tih4U2sSPpuIjhdV6Db1q4Ons7Be7QhtnqiXtRYMh/MHJfNViPvry
-xS3T/dRlAgMBAAGjgZ8wgZwwEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
-EwEB/wQFMAMBAf8wHQYDVR0OBBYEFMZPoj0GY4QJnM5i5ASsjVy16bYbMDYGA1UdHwQvMC0wK6Ap
-oCeGJWh0dHA6Ly9jcmwueHJhbXBzZWN1cml0eS5jb20vWEdDQS5jcmwwEAYJKwYBBAGCNxUBBAMC
-AQEwDQYJKoZIhvcNAQEFBQADggEBAJEVOQMBG2f7Shz5CmBbodpNl2L5JFMn14JkTpAuw0kbK5rc
-/Kh4ZzXxHfARvbdI4xD2Dd8/0sm2qlWkSLoC295ZLhVbO50WfUfXN+pfTXYSNrsf16GBBEYgoyxt
-qZ4Bfj8pzgCT3/3JknOJiWSe5yvkHJEs0rnOfc5vMZnT5r7SHpDwCRR5XCOrTdLaIR9NmXmd4c8n
-nxCbHIgNsIpkQTG4DmyQJKSbXHGPurt+HBvbaoAPIbzp26a3QPSyi6mx5O+aGtA9aZnuqCij4Tyz
-8LIRnM98QObd50N9otg6tamN8jSZxNQQ4Qb9CYQQO+7ETPTsJ3xCwnR8gooJybQDJbw=
+MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG
+EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
+DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv
+dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN
+w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5
+BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O
+1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO
+htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov
+J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7
+Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t
+B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB
+O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8
+lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV
+HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2
+09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
+TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj
+Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2
+Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU
+D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz
+DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk
+Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk
+7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ
+CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy
++fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert021.pem b/test/rules/platform_certs/default/cert021.pem
index 7adada8b3ffd..95f5124c7c93 100644
--- a/test/rules/platform_certs/default/cert021.pem
+++ b/test/rules/platform_certs/default/cert021.pem
@@ -1,22 +1,20 @@
-Go Daddy Class 2 CA
+DigiCert Assured ID Root CA
 -----BEGIN CERTIFICATE-----
-MIIEADCCAuigAwIBAgIBADANBgkqhkiG9w0BAQUFADBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMY
-VGhlIEdvIERhZGR5IEdyb3VwLCBJbmMuMTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5MB4XDTA0MDYyOTE3MDYyMFoXDTM0MDYyOTE3MDYyMFowYzELMAkG
-A1UEBhMCVVMxITAfBgNVBAoTGFRoZSBHbyBEYWRkeSBHcm91cCwgSW5jLjExMC8GA1UECxMoR28g
-RGFkZHkgQ2xhc3MgMiBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCASAwDQYJKoZIhvcNAQEBBQAD
-ggENADCCAQgCggEBAN6d1+pXGEmhW+vXX0iG6r7d/+TvZxz0ZWizV3GgXne77ZtJ6XCAPVYYYwhv
-2vLM0D9/AlQiVBDYsoHUwHU9S3/Hd8M+eKsaA7Ugay9qK7HFiH7Eux6wwdhFJ2+qN1j3hybX2C32
-qRe3H3I2TqYXP2WYktsqbl2i/ojgC95/5Y0V4evLOtXiEqITLdiOr18SPaAIBQi2XKVlOARFmR6j
-YGB0xUGlcmIbYsUfb18aQr4CUWWoriMYavx4A6lNf4DD+qta/KFApMoZFv6yyO9ecw3ud72a9nmY
-vLEHZ6IVDd2gWMZEewo+YihfukEHU1jPEX44dMX4/7VpkI+EdOqXG68CAQOjgcAwgb0wHQYDVR0O
-BBYEFNLEsNKR1EwRcbNhyz2h/t2oatTjMIGNBgNVHSMEgYUwgYKAFNLEsNKR1EwRcbNhyz2h/t2o
-atTjoWekZTBjMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYVGhlIEdvIERhZGR5IEdyb3VwLCBJbmMu
-MTEwLwYDVQQLEyhHbyBEYWRkeSBDbGFzcyAyIENlcnRpZmljYXRpb24gQXV0aG9yaXR5ggEAMAwG
-A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBADJL87LKPpH8EsahB4yOd6AzBhRckB4Y9wim
-PQoZ+YeAEW5p5JYXMP80kWNyOO7MHAGjHZQopDH2esRU1/blMVgDoszOYtuURXO1v0XJJLXVggKt
-I3lpjbi2Tc7PTMozI+gciKqdi0FuFskg5YmezTvacPd+mSYgFFQlq25zheabIZ0KbIIOqPjCDPoQ
-HmyW74cNxA9hi63ugyuV+I6ShHI56yDqg+2DzZduCLzrTia2cyvk0/ZM/iZx4mERdEr/VxqHD3VI
-Ls9RaRegAhJhldXRQLIQTO7ErBBDpqWeCtWVYpoNz4iCxTIM5CufReYNnyicsbkqWletNw+vHX/b
-vZ8=
+MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
+MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
+9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
+UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
+/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
+oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
+GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
+66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
+hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
+EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
+SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
+8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
++o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert022.pem b/test/rules/platform_certs/default/cert022.pem
index 52679e74119b..838107962066 100644
--- a/test/rules/platform_certs/default/cert022.pem
+++ b/test/rules/platform_certs/default/cert022.pem
@@ -1,22 +1,20 @@
-Starfield Class 2 CA
+DigiCert Global Root CA
 -----BEGIN CERTIFICATE-----
-MIIEDzCCAvegAwIBAgIBADANBgkqhkiG9w0BAQUFADBoMQswCQYDVQQGEwJVUzElMCMGA1UEChMc
-U3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAGA1UECxMpU3RhcmZpZWxkIENsYXNzIDIg
-Q2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMDQwNjI5MTczOTE2WhcNMzQwNjI5MTczOTE2WjBo
-MQswCQYDVQQGEwJVUzElMCMGA1UEChMcU3RhcmZpZWxkIFRlY2hub2xvZ2llcywgSW5jLjEyMDAG
-A1UECxMpU3RhcmZpZWxkIENsYXNzIDIgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEgMA0GCSqG
-SIb3DQEBAQUAA4IBDQAwggEIAoIBAQC3Msj+6XGmBIWtDBFk385N78gDGIc/oav7PKaf8MOh2tTY
-bitTkPskpD6E8J7oX+zlJ0T1KKY/e97gKvDIr1MvnsoFAZMej2YcOadN+lq2cwQlZut3f+dZxkqZ
-JRRU6ybH838Z1TBwj6+wRir/resp7defqgSHo9T5iaU0X9tDkYI22WY8sbi5gv2cOj4QyDvvBmVm
-epsZGD3/cVE8MC5fvj13c7JdBmzDI1aaK4UmkhynArPkPw2vCHmCuDY96pzTNbO8acr1zJ3o/WSN
-F4Azbl5KXZnJHoe0nRrA1W4TNSNe35tfPe/W93bC6j67eA0cQmdrBNj41tpvi/JEoAGrAgEDo4HF
-MIHCMB0GA1UdDgQWBBS/X7fRzt0fhvRbVazc1xDCDqmI5zCBkgYDVR0jBIGKMIGHgBS/X7fRzt0f
-hvRbVazc1xDCDqmI56FspGowaDELMAkGA1UEBhMCVVMxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNo
-bm9sb2dpZXMsIEluYy4xMjAwBgNVBAsTKVN0YXJmaWVsZCBDbGFzcyAyIENlcnRpZmljYXRpb24g
-QXV0aG9yaXR5ggEAMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAAWdP4id0ckaVaGs
-afPzWdqbAYcaT1epoXkJKtv3L7IezMdeatiDh6GX70k1PncGQVhiv45YuApnP+yz3SFmH8lU+nLM
-PUxA2IGvd56Deruix/U0F47ZEUD0/CwqTRV/p2JdLiXTAAsgGh1o+Re49L2L7ShZ3U0WixeDyLJl
-xy16paq8U4Zt3VekyvggQQto8PT7dL5WXXp59fkdheMtlb71cZBDzI0fmgAKhynpVSJYACPq4xJD
-KVtHCN2MQWplBqjlIapBtJUhlbl90TSrE9atvNziPTnNvT51cKEYWQPJIrSPnNVeKtelttQKbfi3
-QBFGmh95DmK/D5fs4C8fF5Q=
+MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
+MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
+TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
+BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
+4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
+7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
+o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
+8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
+BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
+EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
+tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
+UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
+CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert023.pem b/test/rules/platform_certs/default/cert023.pem
index b81665fff7f8..f3b42554e677 100644
--- a/test/rules/platform_certs/default/cert023.pem
+++ b/test/rules/platform_certs/default/cert023.pem
@@ -1,28 +1,20 @@
-Taiwan GRCA
+DigiCert High Assurance EV Root CA
 -----BEGIN CERTIFICATE-----
-MIIFcjCCA1qgAwIBAgIQH51ZWtcvwgZEpYAIaeNe9jANBgkqhkiG9w0BAQUFADA/MQswCQYDVQQG
-EwJUVzEwMC4GA1UECgwnR292ZXJubWVudCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4X
-DTAyMTIwNTEzMjMzM1oXDTMyMTIwNTEzMjMzM1owPzELMAkGA1UEBhMCVFcxMDAuBgNVBAoMJ0dv
-dmVybm1lbnQgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAJoluOzMonWoe/fOW1mKydGGEghU7Jzy50b2iPN86aXfTEc2pBsBHH8eV4qN
-w8XRIePaJD9IK/ufLqGU5ywck9G/GwGHU5nOp/UKIXZ3/6m3xnOUT0b3EEk3+qhZSV1qgQdW8or5
-BtD3cCJNtLdBuTK4sfCxw5w/cP1T3YGq2GN49thTbqGsaoQkclSGxtKyyhwOeYHWtXBiCAEuTk8O
-1RGvqa/lmr/czIdtJuTJV6L7lvnM4T9TjGxMfptTCAtsF/tnyMKtsc2AtJfcdgEWFelq16TheEfO
-htX7MfP6Mb40qij7cEwdScevLJ1tZqa2jWR+tSBqnTuBto9AAGdLiYa4zGX+FVPpBMHWXx1E1wov
-J5pGfaENda1UhhXcSTvxls4Pm6Dso3pdvtUqdULle96ltqqvKKyskKw4t9VoNSZ63Pc78/1Fm9G7
-Q3hub/FCVGqY8A2tl+lSXunVanLeavcbYBT0peS2cWeqH+riTcFCQP5nRhc4L0c/cZyu5SHKYS1t
-B6iEfC3uUSXxY5Ce/eFXiGvviiNtsea9P63RPZYLhY3Naye7twWb7LuRqQoHEgKXTiCQ8P8NHuJB
-O9NAOueNXdpm5AKwB1KYXA6OM5zCppX7VRluTI6uSw+9wThNXo+EHWbNxWCWtFJaBYmOlXqYwZE8
-lSOyDvR5tMl8wUohAgMBAAGjajBoMB0GA1UdDgQWBBTMzO/MKWCkO7GStjz6MmKPrCUVOzAMBgNV
-HRMEBTADAQH/MDkGBGcqBwAEMTAvMC0CAQAwCQYFKw4DAhoFADAHBgVnKgMAAAQUA5vwIhP/lSg2
-09yewDL7MTqKUWUwDQYJKoZIhvcNAQEFBQADggIBAECASvomyc5eMN1PhnR2WPWus4MzeKR6dBcZ
-TulStbngCnRiqmjKeKBMmo4sIy7VahIkv9Ro04rQ2JyftB8M3jh+Vzj8jeJPXgyfqzvS/3WXy6Tj
-Zwj/5cAWtUgBfen5Cv8b5Wppv3ghqMKnI6mGq3ZW6A4M9hPdKmaKZEk9GhiHkASfQlK3T8v+R0F2
-Ne//AHY2RTKbxkaFXeIksB7jSJaYV0eUVXoPQbFEJPPB/hprv4j9wabak2BegUqZIJxIZhm1AHlU
-D7gsL0u8qV1bYH+Mh6XgUmMqvtg7hUAV/h62ZT/FS9p+tXo1KaMuephgIqP0fSdOLeq0dDzpD6Qz
-DxARvBMB1uUO07+1EqLhRSPAzAhuYbeJq4PjJB7mXQfnHyA+z2fI56wwbSdLaG5LKlwCCDTb+Hbk
-Z6MmnD+iMsJKxYEYMRBWqoTvLQr/uB930r+lWKBi5NdLkXWNiYCYfm3LU05er/ayl4WXudpVBrkk
-7tfGOB5jGxI7leFYrPLfhNVfmS8NVVvmONsuP3LpSIXLuykTjx44VbnzssQwmSNOXfJIoRIM3BKQ
-CZBUkQM8R+XVyWXgt0t97EfTsws+rZ7QdAAO671RrcDeLMDDav7v3Aun+kbfYNucpllQdSNpc5Oy
-+fwC00fmcc4QAu4njIT/rEUNE1yDMuAlpYYsfPQS
+MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
+KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
+MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
+MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
+Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
+Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
+OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
+MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
+NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
+h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
+Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
+JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
+V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
+myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
+mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
+vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert024.pem b/test/rules/platform_certs/default/cert024.pem
index 95f5124c7c93..1063f5be6ac1 100644
--- a/test/rules/platform_certs/default/cert024.pem
+++ b/test/rules/platform_certs/default/cert024.pem
@@ -1,20 +1,18 @@
-DigiCert Assured ID Root CA
+DST Root CA X3
 -----BEGIN CERTIFICATE-----
-MIIDtzCCAp+gAwIBAgIQDOfg5RfYRv6P5WD8G/AwOTANBgkqhkiG9w0BAQUFADBlMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
-IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0EwHhcNMDYxMTEwMDAwMDAwWhcNMzEx
-MTEwMDAwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
-ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgQ0Ew
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCtDhXO5EOAXLGH87dg+XESpa7cJpSIqvTO
-9SA5KFhgDPiA2qkVlTJhPLWxKISKityfCgyDF3qPkKyK53lTXDGEKvYPmDI2dsze3Tyoou9q+yHy
-UmHfnyDXH+Kx2f4YZNISW1/5WBg1vEfNoTb5a3/UsDg+wRvDjDPZ2C8Y/igPs6eD1sNuRMBhNZYW
-/lmci3Zt1/GiSw0r/wty2p5g0I6QNcZ4VYcgoc/lbQrISXwxmDNsIumH0DJaoroTghHtORedmTpy
-oeb6pNnVFzF1roV9Iq4/AUaG9ih5yLHa5FcXxH4cDrC0kqZWs72yl+2qp/C3xag/lRbQ/6GW6whf
-GHdPAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRF
-66Kv9JLLgjEtUYunpyGd823IDzAfBgNVHSMEGDAWgBRF66Kv9JLLgjEtUYunpyGd823IDzANBgkq
-hkiG9w0BAQUFAAOCAQEAog683+Lt8ONyc3pklL/3cmbYMuRCdWKuh+vy1dneVrOfzM4UKLkNl2Bc
-EkxY5NM9g0lFWJc1aRqoR+pWxnmrEthngYTffwk8lOa4JiwgvT2zKIn3X/8i4peEH+ll74fg38Fn
-SbNd67IJKusm7Xi+fT8r87cmNW1fiQG2SVufAQWbqz0lwcy2f8Lxb4bG+mRo64EtlOtCt/qMHt1i
-8b5QZ7dsvfPxH2sMNgcWfzd8qVttevESRmCD1ycEvkvOl77DZypoEd+A5wwzZr8TDRRu838fYxAe
-+o0bJW1sj6W3YQGx0qMmoRBxna3iw/nDmVG3KwcIzi7mULKn+gpFL6Lw8g==
+MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
+ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
+DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
+cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
+ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
+rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
+UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
+xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
+utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
+MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
+dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
+GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
+RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
+fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert025.pem b/test/rules/platform_certs/default/cert025.pem
index 838107962066..4bd1dc0739c4 100644
--- a/test/rules/platform_certs/default/cert025.pem
+++ b/test/rules/platform_certs/default/cert025.pem
@@ -1,20 +1,29 @@
-DigiCert Global Root CA
+SwissSign Gold CA - G2
 -----BEGIN CERTIFICATE-----
-MIIDrzCCApegAwIBAgIQCDvgVpBCRrGhdWrJWZHHSjANBgkqhkiG9w0BAQUFADBhMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
-HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTExMTAw
-MDAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
-dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IENBMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA4jvhEXLeqKTTo1eqUKKPC3eQyaKl7hLOllsBCSDMAZOn
-TjC3U/dDxGkAV53ijSLdhwZAAIEJzs4bg7/fzTtxRuLWZscFs3YnFo97nh6Vfe63SKMI2tavegw5
-BmV/Sl0fvBf4q77uKNd0f3p4mVmFaG5cIzJLv07A6Fpt43C/dxC//AH2hdmoRBBYMql1GNXRor5H
-4idq9Joz+EkIYIvUX7Q6hL+hqkpMfT7PT19sdl6gSzeRntwi5m3OFBqOasv+zbMUZBfHWymeMr/y
-7vrTC0LUq7dBMtoM1O/4gdW7jVg/tRvoSSiicNoxBN33shbyTApOB6jtSj1etX+jkMOvJwIDAQAB
-o2MwYTAOBgNVHQ8BAf8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUA95QNVbRTLtm
-8KPiGxvDl7I90VUwHwYDVR0jBBgwFoAUA95QNVbRTLtm8KPiGxvDl7I90VUwDQYJKoZIhvcNAQEF
-BQADggEBAMucN6pIExIK+t1EnE9SsPTfrgT1eXkIoyQY/EsrhMAtudXH/vTBH1jLuG2cenTnmCmr
-EbXjcKChzUyImZOMkXDiqw8cvpOp/2PV5Adg06O/nVsJ8dWO41P0jmP6P6fbtGbfYmbW0W5BjfIt
-tep3Sp+dWOIrWcBAI+0tKIJFPnlUkiaY4IBIqDfv8NZ5YBberOgOzW6sRBc4L0na4UU+Krk2U886
-UAb3LujEV0lsYSEY1QSteDwsOoBrp+uvFRTp2InBuThs4pFsiv9kuXclVzDAGySj4dzp30d8tbQk
-CAUw7C29C79Fv1C5qfPrmAESrciIxpg0X40KPMbp1ZWVbd4=
+MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
+EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
+MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
+c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
+t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
+jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
+vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
+ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
+AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
+jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
+peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
+7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
+GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
+OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
+L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
+5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
+44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
+Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
+Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
+mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
+vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
+KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
+NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
+viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert026.pem b/test/rules/platform_certs/default/cert026.pem
index f3b42554e677..62ab3c87b99b 100644
--- a/test/rules/platform_certs/default/cert026.pem
+++ b/test/rules/platform_certs/default/cert026.pem
@@ -1,20 +1,29 @@
-DigiCert High Assurance EV Root CA
+SwissSign Silver CA - G2
 -----BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIQAqxcJmoLQJuPC3nyrkYldzANBgkqhkiG9w0BAQUFADBsMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSsw
-KQYDVQQDEyJEaWdpQ2VydCBIaWdoIEFzc3VyYW5jZSBFViBSb290IENBMB4XDTA2MTExMDAwMDAw
-MFoXDTMxMTExMDAwMDAwMFowbDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZ
-MBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTErMCkGA1UEAxMiRGlnaUNlcnQgSGlnaCBBc3N1cmFu
-Y2UgRVYgUm9vdCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMbM5XPm+9S75S0t
-Mqbf5YE/yc0lSbZxKsPVlDRnogocsF9ppkCxxLeyj9CYpKlBWTrT3JTWPNt0OKRKzE0lgvdKpVMS
-OO7zSW1xkX5jtqumX8OkhPhPYlG++MXs2ziS4wblCJEMxChBVfvLWokVfnHoNb9Ncgk9vjo4UFt3
-MRuNs8ckRZqnrG0AFFoEt7oT61EKmEFBIk5lYYeBQVCmeVyJ3hlKV9Uu5l0cUyx+mM0aBhakaHPQ
-NAQTXKFx01p8VdteZOE3hzBWBOURtCmAEvF5OYiiAhF8J2a3iLd48soKqDirCmTCv2ZdlYTBoSUe
-h10aUAsgEsxBu24LUTi4S8sCAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFLE+w2kD+L9HAdSYJhoIAu9jZCvDMB8GA1UdIwQYMBaAFLE+w2kD+L9HAdSY
-JhoIAu9jZCvDMA0GCSqGSIb3DQEBBQUAA4IBAQAcGgaX3NecnzyIZgYIVyHbIUf4KmeqvxgydkAQ
-V8GK83rZEWWONfqe/EW1ntlMMUu4kehDLI6zeM7b41N5cdblIZQB2lWHmiRk9opmzN6cN82oNLFp
-myPInngiK3BD41VHMWEZ71jFhS9OMPagMRYjyOfiZRYzy78aG6A9+MpeizGLYAiJLQwGXFK3xPkK
-mNEVX58Svnw2Yzi9RKR/5CYrCsSXaQ3pjOLAEFe4yHYSkVXySGnYvCoCWw9E1CAx2/S6cCZdkGCe
-vEsXCS+0yx5DaMkHJ8HSXPfqIbloEpw8nL+e/IBcm2PN7EeqJSdnoDfzAIJ9VNep+OkuE6N36B9K
+MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
+BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
+DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
+aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
+9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
+N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
++/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
+6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
+MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
+qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
+FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
+ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
+celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
+CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
+tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
+cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
+4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
+kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
+3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
+/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
+DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
+e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
+WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
+DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
+DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert027.pem b/test/rules/platform_certs/default/cert027.pem
index 35bae69047ad..c9bb1af7e170 100644
--- a/test/rules/platform_certs/default/cert027.pem
+++ b/test/rules/platform_certs/default/cert027.pem
@@ -1,20 +1,19 @@
-Certplus Class 2 Primary CA
+GeoTrust Primary Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIDkjCCAnqgAwIBAgIRAIW9S/PY2uNp9pTXX8OlRCMwDQYJKoZIhvcNAQEFBQAwPTELMAkGA1UE
-BhMCRlIxETAPBgNVBAoTCENlcnRwbHVzMRswGQYDVQQDExJDbGFzcyAyIFByaW1hcnkgQ0EwHhcN
-OTkwNzA3MTcwNTAwWhcNMTkwNzA2MjM1OTU5WjA9MQswCQYDVQQGEwJGUjERMA8GA1UEChMIQ2Vy
-dHBsdXMxGzAZBgNVBAMTEkNsYXNzIDIgUHJpbWFyeSBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEP
-ADCCAQoCggEBANxQltAS+DXSCHh6tlJw/W/uz7kRy1134ezpfgSN1sxvc0NXYKwzCkTsA18cgCSR
-5aiRVhKC9+Ar9NuuYS6JEI1rbLqzAr3VNsVINyPi8Fo3UjMXEuLRYE2+L0ER4/YXJQyLkcAbmXuZ
-Vg2v7tK8R1fjeUl7NIknJITesezpWE7+Tt9avkGtrAjFGA7v0lPubNCdEgETjdyAYveVqUSISnFO
-YFWe2yMZeVYHDD9jC1yw4r5+FfyUM1hBOHTE4Y+L3yasH7WLO7dDWWuwJKZtkIvEcupdM5i3y95e
-e++U8Rs+yskhwcWYAqqi9lt3m/V+llU0HGdpwPFC40es/CgcZlUCAwEAAaOBjDCBiTAPBgNVHRME
-CDAGAQH/AgEKMAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQU43Mt38sOKAze3bOkynm4jrvoMIkwEQYJ
-YIZIAYb4QgEBBAQDAgEGMDcGA1UdHwQwMC4wLKAqoCiGJmh0dHA6Ly93d3cuY2VydHBsdXMuY29t
-L0NSTC9jbGFzczIuY3JsMA0GCSqGSIb3DQEBBQUAA4IBAQCnVM+IRBnL39R/AN9WM2K191EBkOvD
-P9GIROkkXe/nFL0gt5o8AP5tn9uQ3Nf0YtaLcF3n5QRIqWh8yfFC82x/xXp8HVGIutIKPidd3i1R
-TtMTZGnkLuPT55sJmabglZvOGtd/vjzOUrMRFcEPF80Du5wlFbqidon8BvEY0JNLDnyCt6X09l/+
-7UCmnYR0ObncHoUW2ikbhiMAybuJfm6AiB4vFLQDJKgybwOaRywwvlbGp0ICcBvqQNi6BQNwB6SW
-//1IMwrh3KWBkJtN3X3n57LNXMhqlfil9o3EXXgIvnsG1knPGTZQIy4I5p4FTUcY1Rbpsda2ENW7
-l7+ijrRU
+MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
+EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
+CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
+cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
+CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
+b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
+nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
+RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
+tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
+hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
+Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
+NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
+Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
+1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert028.pem b/test/rules/platform_certs/default/cert028.pem
index 1063f5be6ac1..6549fc986a66 100644
--- a/test/rules/platform_certs/default/cert028.pem
+++ b/test/rules/platform_certs/default/cert028.pem
@@ -1,18 +1,22 @@
-DST Root CA X3
+thawte Primary Root CA
 -----BEGIN CERTIFICATE-----
-MIIDSjCCAjKgAwIBAgIQRK+wgNajJ7qJMDmGLvhAazANBgkqhkiG9w0BAQUFADA/MSQwIgYDVQQK
-ExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMTDkRTVCBSb290IENBIFgzMB4X
-DTAwMDkzMDIxMTIxOVoXDTIxMDkzMDE0MDExNVowPzEkMCIGA1UEChMbRGlnaXRhbCBTaWduYXR1
-cmUgVHJ1c3QgQ28uMRcwFQYDVQQDEw5EU1QgUm9vdCBDQSBYMzCCASIwDQYJKoZIhvcNAQEBBQAD
-ggEPADCCAQoCggEBAN+v6ZdQCINXtMxiZfaQguzH0yxrMMpb7NnDfcdAwRgUi+DoM3ZJKuM/IUmT
-rE4Orz5Iy2Xu/NMhD2XSKtkyj4zl93ewEnu1lcCJo6m67XMuegwGMoOifooUMM0RoOEqOLl5CjH9
-UL2AZd+3UWODyOKIYepLYYHsUmu5ouJLGiifSKOeDNoJjj4XLh7dIN9bxiqKqy69cK3FCxolkHRy
-xXtqqzTWMIn/5WgTe1QLyNau7Fqckh49ZLOMxt+/yUFw7BZy1SbsOFU5Q9D8/RhcQPGX69Wam40d
-utolucbY38EVAjqr2m7xPi71XAicPNaDaeQQmxkqtilX4+U9m5/wAl0CAwEAAaNCMEAwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMSnsaR7LHH62+FLkHX/xBVghYkQ
-MA0GCSqGSIb3DQEBBQUAA4IBAQCjGiybFwBcqR7uKGY3Or+Dxz9LwwmglSBd49lZRNI+DT69ikug
-dB/OEIKcdBodfpga3csTS7MgROSR6cz8faXbauX+5v3gTt23ADq1cEmv8uXrAvHRAosZy5Q6XkjE
-GB5YGV8eAlrwDPGxrancWYaLbumR9YbK+rlmM6pZW87ipxZzR8srzJmwN0jP41ZL9c8PDHIyh8bw
-RLtTcm1D9SZImlJnt1ir/md2cXjbDaJWFBM5JDGFoqgCWjBH4d1QB7wCCZAA62RjYJsWvIjJEubS
-fZGL+T0yjWW06XyxV3bqxbYoOb8VZRzI9neWagqNdwvYkQsEjgfbKbYK7p2CNTUQ
+MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
+BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
+aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
+MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
+SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
+KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
+FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
+oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
+1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
+q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
+aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
+afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
+VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
+AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
+uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
+xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
+jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
+z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert029.pem b/test/rules/platform_certs/default/cert029.pem
index 8c32d9568da7..dab832fb884d 100644
--- a/test/rules/platform_certs/default/cert029.pem
+++ b/test/rules/platform_certs/default/cert029.pem
@@ -1,22 +1,25 @@
-DST ACES CA X6
+VeriSign Class 3 Public Primary Certification Authority - G5
 -----BEGIN CERTIFICATE-----
-MIIECTCCAvGgAwIBAgIQDV6ZCtadt3js2AdWO4YV2TANBgkqhkiG9w0BAQUFADBbMQswCQYDVQQG
-EwJVUzEgMB4GA1UEChMXRGlnaXRhbCBTaWduYXR1cmUgVHJ1c3QxETAPBgNVBAsTCERTVCBBQ0VT
-MRcwFQYDVQQDEw5EU1QgQUNFUyBDQSBYNjAeFw0wMzExMjAyMTE5NThaFw0xNzExMjAyMTE5NTha
-MFsxCzAJBgNVBAYTAlVTMSAwHgYDVQQKExdEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdDERMA8GA1UE
-CxMIRFNUIEFDRVMxFzAVBgNVBAMTDkRTVCBBQ0VTIENBIFg2MIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEAuT31LMmU3HWKlV1j6IR3dma5WZFcRt2SPp/5DgO0PWGSvSMmtWPuktKe1jzI
-DZBfZIGxqAgNTNj50wUoUrQBJcWVHAx+PhCEdc/BGZFjz+iokYi5Q1K7gLFViYsx+tC3dr5BPTCa
-pCIlF3PoHuLTrCq9Wzgh1SpL11V94zpVvddtawJXa+ZHfAjIgrrep4c9oW24MFbCswKBXy314pow
-GCi4ZtPLAZZv6opFVdbgnf9nKxcCpk4aahELfrd755jWjHZvwTvbUJN+5dCOHze4vbrGn2zpfDPy
-MjwmR/onJALJfh1biEITajV8fTXpLmaRcpPVMibEdPVTo7NdmvYJywIDAQABo4HIMIHFMA8GA1Ud
-EwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgHGMB8GA1UdEQQYMBaBFHBraS1vcHNAdHJ1c3Rkc3Qu
-Y29tMGIGA1UdIARbMFkwVwYKYIZIAWUDAgEBATBJMEcGCCsGAQUFBwIBFjtodHRwOi8vd3d3LnRy
-dXN0ZHN0LmNvbS9jZXJ0aWZpY2F0ZXMvcG9saWN5L0FDRVMtaW5kZXguaHRtbDAdBgNVHQ4EFgQU
-CXIGThhDD+XWzMNqizF7eI+og7gwDQYJKoZIhvcNAQEFBQADggEBAKPYjtay284F5zLNAdMEA+V2
-5FYrnJmQ6AgwbN99Pe7lv7UkQIRJ4dEorsTCOlMwiPH1d25Ryvr/ma8kXxug/fKshMrfqfBfBC6t
-Fr8hlxCBPeP/h40y3JTlR4peahPJlJU90u7INJXQgNStMgiAVDzgvVJT11J8smk/f3rPanTK+gQq
-nExaBqXpIK1FZg9p8d2/6eMyi/rgwYZNcjwu2JN4Cir42NInPRmJX1p7ijvMDNpRrscL9yuwNwXs
-vFcj4jjSm2jzVhKIT0J8uDHEtdvkyCE06UgRNe76x5JXxZ805Mf29w4LTJxoeHtxMcfrHuBnQfO3
-oKfN5XozNmr6mis=
+MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
+BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
+IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
+ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
+yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
+biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
+dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
+YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
+ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
+j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
+Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
+Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
+fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
+BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
+Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
+aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
+SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
+X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
+KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
+Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
+ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert030.pem b/test/rules/platform_certs/default/cert030.pem
index 4bd1dc0739c4..eebada208adf 100644
--- a/test/rules/platform_certs/default/cert030.pem
+++ b/test/rules/platform_certs/default/cert030.pem
@@ -1,29 +1,20 @@
-SwissSign Gold CA - G2
+SecureTrust CA
 -----BEGIN CERTIFICATE-----
-MIIFujCCA6KgAwIBAgIJALtAHEP1Xk+wMA0GCSqGSIb3DQEBBQUAMEUxCzAJBgNVBAYTAkNIMRUw
-EwYDVQQKEwxTd2lzc1NpZ24gQUcxHzAdBgNVBAMTFlN3aXNzU2lnbiBHb2xkIENBIC0gRzIwHhcN
-MDYxMDI1MDgzMDM1WhcNMzYxMDI1MDgzMDM1WjBFMQswCQYDVQQGEwJDSDEVMBMGA1UEChMMU3dp
-c3NTaWduIEFHMR8wHQYDVQQDExZTd2lzc1NpZ24gR29sZCBDQSAtIEcyMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEAr+TufoskDhJuqVAtFkQ7kpJcyrhdhJJCEyq8ZVeCQD5XJM1QiyUq
-t2/876LQwB8CJEoTlo8jE+YoWACjR8cGp4QjK7u9lit/VcyLwVcfDmJlD909Vopz2q5+bbqBHH5C
-jCA12UNNhPqE21Is8w4ndwtrvxEvcnifLtg+5hg3Wipy+dpikJKVyh+c6bM8K8vzARO/Ws/BtQpg
-vd21mWRTuKCWs2/iJneRjOBiEAKfNA+k1ZIzUd6+jbqEemA8atufK+ze3gE/bk3lUIbLtK/tREDF
-ylqM2tIrfKjuvqblCqoOpd8FUrdVxyJdMmqXl2MT28nbeTZ7hTpKxVKJ+STnnXepgv9VHKVxaSvR
-AiTysybUa9oEVeXBCsdtMDeQKuSeFDNeFhdVxVu1yzSJkvGdJo+hB9TGsnhQ2wwMC3wLjEHXuend
-jIj3o02yMszYF9rNt85mndT9Xv+9lz4pded+p2JYryU0pUHHPbwNUMoDAw8IWh+Vc3hiv69yFGkO
-peUDDniOJihC8AcLYiAQZzlG+qkDzAQ4embvIIO1jEpWjpEA/I5cgt6IoMPiaG59je883WX0XaxR
-7ySArqpWl2/5rX3aYT+YdzylkbYcjCbaZaIJbcHiVOO5ykxMgI93e2CaHt+28kgeDrpOVG2Y4OGi
-GqJ3UM/EY5LsRxmd6+ZrzsECAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUWyV7lqRlUX64OfPAeGZe6Drn8O4wHwYDVR0jBBgwFoAUWyV7lqRlUX64
-OfPAeGZe6Drn8O4wRgYDVR0gBD8wPTA7BglghXQBWQECAQEwLjAsBggrBgEFBQcCARYgaHR0cDov
-L3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBACe645R88a7A3hfm
-5djV9VSwg/S7zV4Fe0+fdWavPOhWfvxyeDgD2StiGwC5+OlgzczOUYrHUDFu4Up+GC9pWbY9ZIEr
-44OE5iKHjn3g7gKZYbge9LgriBIWhMIxkziWMaa5O1M/wySTVltpkuzFwbs4AOPsF6m43Md8AYOf
-Mke6UiI0HTJ6CVanfCU2qT1L2sCCbwq7EsiHSycR+R4tx5M/nttfJmtS2S6K8RTGRI0Vqbe/vd6m
-Gu6uLftIdxf+u+yvGPUqUfA5hJeVbG4bwyvEdGB5JbAKJ9/fXtI5z0V9QkvfsywexcZdylU6oJxp
-mo/a77KwPJ+HbBIrZXAVUjEaJM9vMSNQH4xPjyPDdEFjHFWoFN0+4FFQz/EbMFYOkrCChdiDyyJk
-vC24JdVUorgG6q2SpCSgwYa1ShNqR88uC1aVVMvOmttqtKay20EIhid392qgQmwLOM7XdVAyksLf
-KzAiSNDVQTglXaTpXZ/GlHXQRf0wl0OPkKsKx4ZzYEppLd6leNcG2mqeSz53OiATIgHQv2ieY2Br
-NU0LbbqhPcCT4H8js1WtciVORvnSFu+wZMEBnunKoGqYDs/YYPIvSbjkQuE4NRb0yG5P94FW6Lqj
-viOvrv1vA+ACOzB2+httQc8Bsem4yWb02ybzOqR08kkkW8mw0FfB+j564ZfJ
+MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
+dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
+BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
+ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
+OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
+DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
+GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
+01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
+ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
+BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
+aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
+SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
+mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
+nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
+3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert031.pem b/test/rules/platform_certs/default/cert031.pem
index 62ab3c87b99b..5d24e1f3b233 100644
--- a/test/rules/platform_certs/default/cert031.pem
+++ b/test/rules/platform_certs/default/cert031.pem
@@ -1,29 +1,20 @@
-SwissSign Silver CA - G2
+Secure Global CA
 -----BEGIN CERTIFICATE-----
-MIIFvTCCA6WgAwIBAgIITxvUL1S7L0swDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCQ0gxFTAT
-BgNVBAoTDFN3aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMB4X
-DTA2MTAyNTA4MzI0NloXDTM2MTAyNTA4MzI0NlowRzELMAkGA1UEBhMCQ0gxFTATBgNVBAoTDFN3
-aXNzU2lnbiBBRzEhMB8GA1UEAxMYU3dpc3NTaWduIFNpbHZlciBDQSAtIEcyMIICIjANBgkqhkiG
-9w0BAQEFAAOCAg8AMIICCgKCAgEAxPGHf9N4Mfc4yfjDmUO8x/e8N+dOcbpLj6VzHVxumK4DV644
-N0MvFz0fyM5oEMF4rhkDKxD6LHmD9ui5aLlV8gREpzn5/ASLHvGiTSf5YXu6t+WiE7brYT7QbNHm
-+/pe7R20nqA1W6GSy/BJkv6FCgU+5tkL4k+73JU3/JHpMjUi0R86TieFnbAVlDLaYQ1HTWBCrpJH
-6INaUFjpiou5XaHc3ZlKHzZnu0jkg7Y360g6rw9njxcH6ATK72oxh9TAtvmUcXtnZLi2kUpCe2Uu
-MGoM9ZDulebyzYLs2aFK7PayS+VFheZteJMELpyCbTapxDFkH4aDCyr0NQp4yVXPQbBH6TCfmb5h
-qAaEuSh6XzjZG6k4sIN/c8HDO0gqgg8hm7jMqDXDhBuDsz6+pJVpATqJAHgE2cn0mRmrVn5bi4Y5
-FZGkECwJMoBgs5PAKrYYC51+jUnyEEp/+dVGLxmSo5mnJqy7jDzmDrxHB9xzUfFwZC8I+bRHHTBs
-ROopN4WSaGa8gzj+ezku01DwH/teYLappvonQfGbGHLy9YR0SslnxFSuSGTfjNFusB3hB48IHpmc
-celM2KX3RxIfdNFRnobzwqIjQAtz20um53MGjMGg6cFZrEb65i/4z3GcRm25xBWNOHkDRUjvxF3X
-CO6HOSKGsg0PWEP3calILv3q1h8CAwEAAaOBrDCBqTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/
-BAUwAwEB/zAdBgNVHQ4EFgQUF6DNweRBtjpbO8tFnb0cwpj6hlgwHwYDVR0jBBgwFoAUF6DNweRB
-tjpbO8tFnb0cwpj6hlgwRgYDVR0gBD8wPTA7BglghXQBWQEDAQEwLjAsBggrBgEFBQcCARYgaHR0
-cDovL3JlcG9zaXRvcnkuc3dpc3NzaWduLmNvbS8wDQYJKoZIhvcNAQEFBQADggIBAHPGgeAn0i0P
-4JUw4ppBf1AsX19iYamGamkYDHRJ1l2E6kFSGG9YrVBWIGrGvShpWJHckRE1qTodvBqlYJ7YH39F
-kWnZfrt4csEGDyrOj4VwYaygzQu4OSlWhDJOhrs9xCrZ1x9y7v5RoSJBsXECYxqCsGKrXlcSH9/L
-3XWgwF15kIwb4FDm3jH+mHtwX6WQ2K34ArZv02DdQEsixT2tOnqfGhpHkXkzuoLcMmkDlm4fS/Bx
-/uNncqCxv1yL5PqZIseEuRuNI5c/7SXgz2W79WEE790eslpBIlqhn10s6FvJbakMDHiqYMZWjwFa
-DGi8aRl5xB9+lwW/xekkUV7U1UtT7dkjWjYDZaPBA61BMPNGG4WQr2W11bHkFlt4dR2Xem1ZqSqP
-e97Dh4kQmUlzeMg9vVE1dCrV8X5pGyq7O70luJpaPXJhkGaH7gzWTdQRdAtq/gsD/KNVV4n+Ssuu
-WxcFyPKNIzFTONItaj+CuY0IavdeQXRuwxF+B6wpYJE/OMpXEA29MC/HpeZBoNquBYeaoKRlbEwJ
-DIm6uNO5wJOKMPqN5ZprFQFOZ6raYlY+hAhm0sQ2fac+EPyI4NSA5QC9qvNOBqN6avlicuMJT+ub
-DgEj8Z+7fNzcbBGXJbLytGMU0gYqZ4yD9c7qB9iaah7s5Aq7KkzrCWA5zspi2C5u
+MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
+EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
+bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
+MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
+Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
+YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
+bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
+8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
+HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
+0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
+EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
+oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
+MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
+OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
+CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
+3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
+f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert032.pem b/test/rules/platform_certs/default/cert032.pem
index c9bb1af7e170..993c2b76ecae 100644
--- a/test/rules/platform_certs/default/cert032.pem
+++ b/test/rules/platform_certs/default/cert032.pem
@@ -1,19 +1,22 @@
-GeoTrust Primary Certification Authority
+COMODO Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIDfDCCAmSgAwIBAgIQGKy1av1pthU6Y2yv2vrEoTANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQG
-EwJVUzEWMBQGA1UEChMNR2VvVHJ1c3QgSW5jLjExMC8GA1UEAxMoR2VvVHJ1c3QgUHJpbWFyeSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNjExMjcwMDAwMDBaFw0zNjA3MTYyMzU5NTlaMFgx
-CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTEwLwYDVQQDEyhHZW9UcnVzdCBQ
-cmltYXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEAvrgVe//UfH1nrYNke8hCUy3f9oQIIGHWAVlqnEQRr+92/ZV+zmEwu3qDXwK9AWbK7hWN
-b6EwnL2hhZ6UOvNWiAAxz9juapYC2e0DjPt1befquFUWBRaa9OBesYjAZIVcFU2Ix7e64HXprQU9
-nceJSOC7KMgD4TCTZF5SwFlwIjVXiIrxlQqD17wxcwE07e9GceBrAqg1cmuXm2bgyxx5X9gaBGge
-RwLmnWDiNpcB3841kt++Z8dtd1k7j53WkBWUvEI0EME5+bEnPn7WinXFsq+W06Lem+SYvn3h6YGt
-tm/81w7a4DSwDRp35+MImO9Y+pyEtzavwt+s0vQQBnBxNQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQULNVQQZcVi/CPNmFbSvtr2ZnJM5IwDQYJKoZI
-hvcNAQEFBQADggEBAFpwfyzdtzRP9YZRqSa+S7iq8XEN3GHHoOo0Hnp3DwQ16CePbJC/kRYkRj5K
-Ts4rFtULUh38H2eiAkUxT87z+gOneZ1TatnaYzr4gNfTmeGl4b7UVXGYNTq+k+qurUKykG/g/CFN
-NWMziUnWm07Kx+dOCQD32sfvmWKZd7aVIl6KoKv0uHiYyjgZmclynnjNS6yvGaBzEi38wkG6gZHa
-Floxt/m0cYASSJlyc1pZU8FjUjPtp8nSOQJw+uCxQmYpqptR7TBUIhRf2asdweSU8Pj1K/fqynhG
-1riR/aYNKxoUAT6A8EKglQdebc3MS6RFjasS6LPeWuWgfOgPIh1a6Vk=
+MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
+MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
+T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
++7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
+xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
+4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
+1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
+rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
+b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
+AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
+OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
+RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
+IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
++8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert033.pem b/test/rules/platform_certs/default/cert033.pem
index 6549fc986a66..632f1e71301d 100644
--- a/test/rules/platform_certs/default/cert033.pem
+++ b/test/rules/platform_certs/default/cert033.pem
@@ -1,22 +1,21 @@
-thawte Primary Root CA
+Network Solutions Certificate Authority
 -----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIQNE7VVyDV7exJ9C/ON9srbTANBgkqhkiG9w0BAQUFADCBqTELMAkGA1UE
-BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
-aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMTFnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwHhcNMDYxMTE3
-MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCBqTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwg
-SW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMv
-KGMpIDIwMDYgdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxHzAdBgNVBAMT
-FnRoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCs
-oPD7gFnUnMekz52hWXMJEEUMDSxuaPFsW0hoSVk3/AszGcJ3f8wQLZU0HObrTQmnHNK4yZc2AreJ
-1CRfBsDMRJSUjQJib+ta3RGNKJpchJAQeg29dGYvajig4tVUROsdB58Hum/u6f1OCyn1PoSgAfGc
-q/gcfomk6KHYcWUNo1F77rzSImANuVud37r8UVsLr5iy6S7pBOhih94ryNdOwUxkHt3Ph1i6Sk/K
-aAcdHJ1KxtUvkcx8cXIcxcBn6zL9yZJclNqFwJu/U30rCfSMnZEfl2pSy94JNqR32HuHUETVPm4p
-afs5SSYeCaWAe0At6+gnhcn+Yf1+5nyXHdWdAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYD
-VR0PAQH/BAQDAgEGMB0GA1UdDgQWBBR7W0XPr87Lev0xkhpqtvNG61dIUDANBgkqhkiG9w0BAQUF
-AAOCAQEAeRHAS7ORtvzw6WfUDW5FvlXok9LOAz/t2iWwHVfLHjp2oEzsUHboZHIMpKnxuIvW1oeE
-uzLlQRHAd9mzYJ3rG9XRbkREqaYB7FViHXe4XI5ISXycO1cRrK1zN44veFyQaEfZYGDm/Ac9IiAX
-xPcW6cTYcvnIc3zfFi8VqT79aie2oetaupgf1eNNZAqdE8hhuvU5HIe6uL17In/2/qxAeeWsEG89
-jxt5dovEN7MhGITlNgDrYyCZuen+MwS7QcjBAvlEYyCegc5C09Y/LHbTY5xZ3Y+m4Q6gLkH3LpVH
-z7z9M/P2C2F+fpErgUfCJzDupxBdN49cOSvkBPB7jVaMaA==
+MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG
+EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr
+IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx
+MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
+MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
+CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx
+jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT
+aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT
+crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc
+/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB
+AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv
+bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA
+A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q
+4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/
+GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
+wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD
+ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert034.pem b/test/rules/platform_certs/default/cert034.pem
index dab832fb884d..32011efbc364 100644
--- a/test/rules/platform_certs/default/cert034.pem
+++ b/test/rules/platform_certs/default/cert034.pem
@@ -1,25 +1,15 @@
-VeriSign Class 3 Public Primary Certification Authority - G5
+COMODO ECC Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIE0zCCA7ugAwIBAgIQGNrRniZ96LtKIVjNzGs7SjANBgkqhkiG9w0BAQUFADCByjELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRp
-ZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwHhcNMDYxMTA4MDAwMDAwWhcNMzYwNzE2MjM1OTU5WjCB
-yjELMAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2ln
-biBUcnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNiBWZXJpU2lnbiwgSW5jLiAtIEZvciBh
-dXRob3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmlt
-YXJ5IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAw
-ggEKAoIBAQCvJAgIKXo1nmAMqudLO07cfLw8RRy7K+D+KQL5VwijZIUVJ/XxrcgxiV0i6CqqpkKz
-j/i5Vbext0uz/o9+B1fs70PbZmIVYc9gDaTY3vjgw2IIPVQT60nKWVSFJuUrjxuf6/WhkcIzSdhD
-Y2pSS9KP6HBRTdGJaXvHcPaz3BJ023tdS1bTlr8Vd6Gw9KIl8q8ckmcY5fQGBO+QueQA5N06tRn/
-Arr0PO7gi+s3i+z016zy9vA9r911kTMZHRxAy3QkGSGT2RT+rCpSx4/VBEnkjWNHiDxpg8v+R70r
-fk/Fla4OndTRQ8Bnc+MUCH7lP59zuDMKz10/NIeWiu5T6CUVAgMBAAGjgbIwga8wDwYDVR0TAQH/
-BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2Uv
-Z2lmMCEwHzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVy
-aXNpZ24uY29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFH/TZafC3ey78DAJ80M5+gKvMzEzMA0GCSqG
-SIb3DQEBBQUAA4IBAQCTJEowX2LP2BqYLz3q3JktvXf2pXkiOOzEp6B4Eq1iDkVwZMXnl2YtmAl+
-X6/WzChl8gGqCBpH3vn5fJJaCGkgDdk+bW48DW7Y5gaRQBi5+MHt39tBquCWIMnNZBU4gcmU7qKE
-KQsTb47bDN0lAtukixlE0kF6BWlKWE9gyn6CagsCqiUXObXbf+eEZSqVir2G3l6BFoMtEMze/aiC
-Km0oHw0LxOXnGiYZ4fQRbxC1lfznQgUy286dUV4otp6F01vvpX1FQHKOtw5rDgb7MzVIcbidJ4vE
-ZV8NhnacRHr2lVz2XTIIM6RUthg/aFzyQkqFOFSDX9HoLPKsEdao7WNq
+MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
+GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
+Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
+4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
+wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
+BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
+FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
+U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert035.pem b/test/rules/platform_certs/default/cert035.pem
index eebada208adf..9ba70f2b4b50 100644
--- a/test/rules/platform_certs/default/cert035.pem
+++ b/test/rules/platform_certs/default/cert035.pem
@@ -1,20 +1,21 @@
-SecureTrust CA
+OISTE WISeKey Global Root GA CA
 -----BEGIN CERTIFICATE-----
-MIIDuDCCAqCgAwIBAgIQDPCOXAgWpa1Cf/DrJxhZ0DANBgkqhkiG9w0BAQUFADBIMQswCQYDVQQG
-EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xFzAVBgNVBAMTDlNlY3VyZVRy
-dXN0IENBMB4XDTA2MTEwNzE5MzExOFoXDTI5MTIzMTE5NDA1NVowSDELMAkGA1UEBhMCVVMxIDAe
-BgNVBAoTF1NlY3VyZVRydXN0IENvcnBvcmF0aW9uMRcwFQYDVQQDEw5TZWN1cmVUcnVzdCBDQTCC
-ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKukgeWVzfX2FI7CT8rU4niVWJxB4Q2ZQCQX
-OZEzZum+4YOvYlyJ0fwkW2Gz4BERQRwdbvC4u/jep4G6pkjGnx29vo6pQT64lO0pGtSO0gMdA+9t
-DWccV9cGrcrI9f4Or2YlSASWC12juhbDCE/RRvgUXPLIXgGZbf2IzIaowW8xQmxSPmjL8xk037uH
-GFaAJsTQ3MBv396gwpEWoGQRS0S8Hvbn+mPeZqx2pHGj7DaUaHp3pLHnDi+BeuK1cobvomuL8A/b
-01k/unK8RCSc43Oz969XL0Imnal0ugBS8kvNU3xHCzaFDmapCJcWNFfBZveA4+1wVMeT4C4oFVmH
-ursCAwEAAaOBnTCBmjATBgkrBgEEAYI3FAIEBh4EAEMAQTALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/
-BAUwAwEB/zAdBgNVHQ4EFgQUQjK2FvoE/f5dS3rD/fdMQB1aQ68wNAYDVR0fBC0wKzApoCegJYYj
-aHR0cDovL2NybC5zZWN1cmV0cnVzdC5jb20vU1RDQS5jcmwwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
-KoZIhvcNAQEFBQADggEBADDtT0rhWDpSclu1pqNlGKa7UTt36Z3q059c4EVlew3KW+JwULKUBRSu
-SceNQQcSc5R+DCMh/bwQf2AQWnL1mA6s7Ll/3XpvXdMc9P+IBWlCqQVxyLesJugutIxq/3HcuLHf
-mbx8IVQr5Fiiu1cprp6poxkmD5kuCLDv/WnPmRoJjeOnnyvJNjR7JLN4TJUXpAYmHrZkUjZfYGfZ
-nMUFdAvnZyPSCPyI6a6Lf+Ew9Dd+/cYy2i2eRDAwbO4H3tI0/NL/QPZL9GZGBlSm8jIKYyYwa5vR
-3ItHuuG51WLQoqD0ZwV4KWMabwTW+MZMo5qxN7SN5ShLHZ4swrhovO0C7jE=
+MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE
+BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG
+A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH
+bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD
+VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw
+IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5
+IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9
+Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg
+Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD
+d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ
+/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R
+LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
+AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
+KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm
+MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4
++vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
+hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY
+okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert036.pem b/test/rules/platform_certs/default/cert036.pem
index 5d24e1f3b233..0a6a0cd53972 100644
--- a/test/rules/platform_certs/default/cert036.pem
+++ b/test/rules/platform_certs/default/cert036.pem
@@ -1,20 +1,20 @@
-Secure Global CA
+Certigna
 -----BEGIN CERTIFICATE-----
-MIIDvDCCAqSgAwIBAgIQB1YipOjUiolN9BPI8PjqpTANBgkqhkiG9w0BAQUFADBKMQswCQYDVQQG
-EwJVUzEgMB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBH
-bG9iYWwgQ0EwHhcNMDYxMTA3MTk0MjI4WhcNMjkxMjMxMTk1MjA2WjBKMQswCQYDVQQGEwJVUzEg
-MB4GA1UEChMXU2VjdXJlVHJ1c3QgQ29ycG9yYXRpb24xGTAXBgNVBAMTEFNlY3VyZSBHbG9iYWwg
-Q0EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCvNS7YrGxVaQZx5RNoJLNP2MwhR/jx
-YDiJiQPpvepeRlMJ3Fz1Wuj3RSoC6zFh1ykzTM7HfAo3fg+6MpjhHZevj8fcyTiW89sa/FHtaMbQ
-bqR8JNGuQsiWUGMu4P51/pinX0kuleM5M2SOHqRfkNJnPLLZ/kG5VacJjnIFHovdRIWCQtBJwB1g
-8NEXLJXr9qXBkqPFwqcIYA1gBBCWeZ4WNOaptvolRTnIHmX5k/Wq8VLcmZg9pYYaDDUz+kulBAYV
-HDGA76oYa8J719rO+TMg1fW9ajMtgQT7sFzUnKPiXB3jqUJ1XnvUd+85VLrJChgbEplJL4hL/VBi
-0XPnj3pDAgMBAAGjgZ0wgZowEwYJKwYBBAGCNxQCBAYeBABDAEEwCwYDVR0PBAQDAgGGMA8GA1Ud
-EwEB/wQFMAMBAf8wHQYDVR0OBBYEFK9EBMJBfkiD2045AuzshHrmzsmkMDQGA1UdHwQtMCswKaAn
-oCWGI2h0dHA6Ly9jcmwuc2VjdXJldHJ1c3QuY29tL1NHQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA
-MA0GCSqGSIb3DQEBBQUAA4IBAQBjGghAfaReUw132HquHw0LURYD7xh8yOOvaliTFGCRsoTciE6+
-OYo68+aCiV0BN7OrJKQVDpI1WkpEXk5X+nXOH0jOZvQ8QCaSmGwb7iRGDBezUqXbpZGRzzfTb+cn
-CDpOGR86p1hcF895P4vkp9MmI50mD1hp/Ed+stCNi5O/KU9DaXR2Z0vPB4zmAve14bRDtUstFJ/5
-3CYNv6ZHdAbYiNE6KTCEztI5gGIbqMdXSbxqVVFnFUq+NQfk1XWYN3kwFNspnWzFacxHVaIw98xc
-f8LDmBxrThaA63p4ZUWiABqvDA1VZDRIuJK58bRQKfJPIx/abKwfROHdI3hRW8cW
+MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
+EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
+MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
+Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
+XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
+GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
+ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
+DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
+Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
+tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
+BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
+SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
+hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
+ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
+PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
+1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
+WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert037.pem b/test/rules/platform_certs/default/cert037.pem
index 993c2b76ecae..d14681661ead 100644
--- a/test/rules/platform_certs/default/cert037.pem
+++ b/test/rules/platform_certs/default/cert037.pem
@@ -1,22 +1,20 @@
-COMODO Certification Authority
+Cybertrust Global Root
 -----BEGIN CERTIFICATE-----
-MIIEHTCCAwWgAwIBAgIQToEtioJl4AsC7j41AkblPTANBgkqhkiG9w0BAQUFADCBgTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxJzAlBgNVBAMTHkNPTU9ETyBDZXJ0aWZpY2F0aW9uIEF1
-dGhvcml0eTAeFw0wNjEyMDEwMDAwMDBaFw0yOTEyMzEyMzU5NTlaMIGBMQswCQYDVQQGEwJHQjEb
-MBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxmb3JkMRowGAYDVQQKExFD
-T01PRE8gQ0EgTGltaXRlZDEnMCUGA1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0ECLi3LjkRv3UcEbVASY06m/weaKXTuH
-+7uIzg3jLz8GlvCiKVCZrts7oVewdFFxze1CkU1B/qnI2GqGd0S7WWaXUF601CxwRM/aN5VCaTww
-xHGzUvAhTaHYujl8HJ6jJJ3ygxaYqhZ8Q5sVW7euNJH+1GImGEaaP+vB+fGQV+useg2L23IwambV
-4EajcNxo2f8ESIl33rXp+2dtQem8Ob0y2WIC8bGoPW43nOIv4tOiJovGuFVDiOEjPqXSJDlqR6sA
-1KGzqSX+DT+nHbrTUcELpNqsOO9VUCQFZUaTNE8tja3G1CEZ0o7KBWFxB3NH5YoZEr0ETc5OnKVI
-rLsm9wIDAQABo4GOMIGLMB0GA1UdDgQWBBQLWOWLxkwVN6RAqTCpIb5HNlpW/zAOBgNVHQ8BAf8E
-BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zBJBgNVHR8EQjBAMD6gPKA6hjhodHRwOi8vY3JsLmNvbW9k
-b2NhLmNvbS9DT01PRE9DZXJ0aWZpY2F0aW9uQXV0aG9yaXR5LmNybDANBgkqhkiG9w0BAQUFAAOC
-AQEAPpiem/Yb6dc5t3iuHXIYSdOH5EOC6z/JqvWote9VfCFSZfnVDeFs9D6Mk3ORLgLETgdxb8CP
-OGEIqB6BCsAvIC9Bi5HcSEW88cbeunZrM8gALTFGTO3nnc+IlP8zwFboJIYmuNg4ON8qa90SzMc/
-RxdMosIGlgnW2/4/PEZB31jiVg88O8EckzXZOFKs7sjsLjBOlDW0JB9LeGna8gI4zJVSk/BwJVmc
-IGfE7vmLV2H0knZ9P4SNVbfo5azV8fUZVqZa+5Acr5Pr5RzUZ5ddBA6+C4OmF4O5MBKgxTMVBbkN
-+8cFduPYSo38NBejxiEovjBFMR7HeL5YYTisO+IBZQ==
+MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li
+ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4
+MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD
+ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
++Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW
+0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL
+AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin
+89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT
+8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP
+BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2
+MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G
+A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO
+lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi
+5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2
+hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T
+X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
+WL1WMRJOEcgh4LMRkWXbtKaIOM5V
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert038.pem b/test/rules/platform_certs/default/cert038.pem
index 632f1e71301d..cf2d1496d727 100644
--- a/test/rules/platform_certs/default/cert038.pem
+++ b/test/rules/platform_certs/default/cert038.pem
@@ -1,21 +1,29 @@
-Network Solutions Certificate Authority
+ePKI Root Certification Authority
 -----BEGIN CERTIFICATE-----
-MIID5jCCAs6gAwIBAgIQV8szb8JcFuZHFhfjkDFo4DANBgkqhkiG9w0BAQUFADBiMQswCQYDVQQG
-EwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMuMTAwLgYDVQQDEydOZXR3b3Jr
-IFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMDYxMjAxMDAwMDAwWhcNMjkxMjMx
-MjM1OTU5WjBiMQswCQYDVQQGEwJVUzEhMB8GA1UEChMYTmV0d29yayBTb2x1dGlvbnMgTC5MLkMu
-MTAwLgYDVQQDEydOZXR3b3JrIFNvbHV0aW9ucyBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwggEiMA0G
-CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDkvH6SMG3G2I4rC7xGzuAnlt7e+foS0zwzc7MEL7xx
-jOWftiJgPl9dzgn/ggwbmlFQGiaJ3dVhXRncEg8tCqJDXRfQNJIg6nPPOCwGJgl6cvf6UDL4wpPT
-aaIjzkGxzOTVHzbRijr4jGPiFFlp7Q3Tf2vouAPlT2rlmGNpSAW+Lv8ztumXWWn4Zxmuk2GWRBXT
-crA/vGp97Eh/jcOrqnErU2lBUzS1sLnFBgrEsEX1QV1uiUV7PTsmjHTC5dLRfbIR1PtYMiKagMnc
-/Qzpf14Dl847ABSHJ3A4qY5usyd2mFHgBeMhqxrVhSI8KbWaFsWAqPS7azCPL0YCorEMIuDTAgMB
-AAGjgZcwgZQwHQYDVR0OBBYEFCEwyfsA106Y2oeqKtCnLrFAMadMMA4GA1UdDwEB/wQEAwIBBjAP
-BgNVHRMBAf8EBTADAQH/MFIGA1UdHwRLMEkwR6BFoEOGQWh0dHA6Ly9jcmwubmV0c29sc3NsLmNv
-bS9OZXR3b3JrU29sdXRpb25zQ2VydGlmaWNhdGVBdXRob3JpdHkuY3JsMA0GCSqGSIb3DQEBBQUA
-A4IBAQC7rkvnt1frf6ott3NHhWrB5KUd5Oc86fRZZXe1eltajSU24HqXLjjAV2CDmAaDn7l2em5Q
-4LqILPxFzBiwmZVRDuwduIj/h1AcgsLj4DKAv6ALR8jDMe+ZZzKATxcheQxpXN5eNK4CtSbqUN9/
-GGUsyfJj4akH/nxxH2szJGoeBfcFaMBqEssuXmHLrijTfsK0ZpEmXzwuJF/LWA/rKOyvEZbz3Htv
-wKeI8lN3s2Berq4o2jUsbzRF0ybh3uxbTydrFny9RAQYgrOJeRcQcT16ohZO9QHNpGxlaKFJdlxD
-ydi8NmdspZS11My5vWo1ViHe2MPr+8ukYEywVaCge1ey
+MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
+EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
+Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
+MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
+MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
+IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
+lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
+qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
+12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
+WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
+ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
+lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
+vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
+Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
+MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
+ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
+1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
+KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
+xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
+NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
+GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
+xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
+gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
+sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
+BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert039.pem b/test/rules/platform_certs/default/cert039.pem
index 32011efbc364..3f3078052e62 100644
--- a/test/rules/platform_certs/default/cert039.pem
+++ b/test/rules/platform_certs/default/cert039.pem
@@ -1,15 +1,18 @@
-COMODO ECC Certification Authority
+certSIGN ROOT CA
 -----BEGIN CERTIFICATE-----
-MIICiTCCAg+gAwIBAgIQH0evqmIAcFBUTAGem2OZKjAKBggqhkjOPQQDAzCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwHhcNMDgwMzA2MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMCR0Ix
-GzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UEChMR
-Q09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBFQ0MgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDR3svdcmCFYX7deSRFtSrYpn1PlILBs5BAH+X
-4QokPB0BBO490o0JlwzgdeT6+3eKKvUDYEs2ixYjFq0JcfRK9ChQtP6IHG4/bC8vCVlbpVsLM5ni
-wz2J+Wos77LTBumjQjBAMB0GA1UdDgQWBBR1cacZSBm8nZ3qQUfflMRId5nTeTAOBgNVHQ8BAf8E
-BAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjEA7wNbeqy3eApyt4jf/7VG
-FAkK+qDmfQjGGoe9GKhzvSbKYAydzpmfz1wPMOG+FDHqAjAU9JM8SaczepBGR7NjfRObTrdvGDeA
-U/7dIOA1mjbRxwG55tzd8/8dLDoWV9mSOdY=
+MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
+VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
+Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
+CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
+JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
+rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
+ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
+0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
+AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
+Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
+AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
+SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
+x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
+vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
+TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert040.pem b/test/rules/platform_certs/default/cert040.pem
index f783ed12cf2c..1c0ff0054c29 100644
--- a/test/rules/platform_certs/default/cert040.pem
+++ b/test/rules/platform_certs/default/cert040.pem
@@ -1,19 +1,21 @@
-Security Communication EV RootCA1
+GeoTrust Primary Certification Authority - G3
 -----BEGIN CERTIFICATE-----
-MIIDfTCCAmWgAwIBAgIBADANBgkqhkiG9w0BAQUFADBgMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
-U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEqMCgGA1UECxMhU2VjdXJpdHkgQ29tbXVuaWNh
-dGlvbiBFViBSb290Q0ExMB4XDTA3MDYwNjAyMTIzMloXDTM3MDYwNjAyMTIzMlowYDELMAkGA1UE
-BhMCSlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xKjAoBgNVBAsTIVNl
-Y3VyaXR5IENvbW11bmljYXRpb24gRVYgUm9vdENBMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBALx/7FebJOD+nLpCeamIivqA4PUHKUPqjgo0No0c+qe1OXj/l3X3L+SqawSERMqm4miO
-/VVQYg+kcQ7OBzgtQoVQrTyWb4vVog7P3kmJPdZkLjjlHmy1V4qe70gOzXppFodEtZDkBp2uoQSX
-WHnvIEqCa4wiv+wfD+mEce3xDuS4GBPMVjZd0ZoeUWs5bmB2iDQL87PRsJ3KYeJkHcFGB7hj3R4z
-ZbOOCVVSPbW9/wfrrWFVGCypaZhKqkDFMxRldAD5kd6vA0jFQFTcD4SQaCDFkpbcLuUCRarAX1T4
-bepJz11sS6/vmsJWXMY1VkJqMF/Cq/biPT+zyRGPMUzXn0kCAwEAAaNCMEAwHQYDVR0OBBYEFDVK
-9U2vP9eCOKyrcWUXdYydVZPmMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqG
-SIb3DQEBBQUAA4IBAQCoh+ns+EBnXcPBZsdAS5f8hxOQWsTvoMpfi7ent/HWtWS3irO4G8za+6xm
-iEHO6Pzk2x6Ipu0nUBsCMCRGef4Eh3CXQHPRwMFXGZpppSeZq51ihPZRwSzJIxXYKLerJRO1RuGG
-Av8mjMSIkh1W/hln8lXkgKNrnKt34VFxDSDbEJrbvXZ5B3eZKK2aXtqxT0QsNY6llsf9g/BYxnnW
-mHyojf6GPgcWkuF75x3sM3Z+Qi5KhfmRiWiEA4Glm5q+4zfFVKtWOxgtQaQM+ELbmaDgcm+7XeEW
-T1MKZPlO9L9OVL14bIjqv5wTJMJwaaJ/D8g8rQjJsJhAoyrniIPtd490
+MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
+BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
+IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
+eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
+NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
+YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
+LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
+K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
+c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
+IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
+dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
+2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
+cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
+Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
+AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
+t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert041.pem b/test/rules/platform_certs/default/cert041.pem
index 9ba70f2b4b50..35274749ac64 100644
--- a/test/rules/platform_certs/default/cert041.pem
+++ b/test/rules/platform_certs/default/cert041.pem
@@ -1,21 +1,15 @@
-OISTE WISeKey Global Root GA CA
+thawte Primary Root CA - G2
 -----BEGIN CERTIFICATE-----
-MIID8TCCAtmgAwIBAgIQQT1yx/RrH4FDffHSKFTfmjANBgkqhkiG9w0BAQUFADCBijELMAkGA1UE
-BhMCQ0gxEDAOBgNVBAoTB1dJU2VLZXkxGzAZBgNVBAsTEkNvcHlyaWdodCAoYykgMjAwNTEiMCAG
-A1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBH
-bG9iYWwgUm9vdCBHQSBDQTAeFw0wNTEyMTExNjAzNDRaFw0zNzEyMTExNjA5NTFaMIGKMQswCQYD
-VQQGEwJDSDEQMA4GA1UEChMHV0lTZUtleTEbMBkGA1UECxMSQ29weXJpZ2h0IChjKSAyMDA1MSIw
-IAYDVQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5
-IEdsb2JhbCBSb290IEdBIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAy0+zAJs9
-Nt350UlqaxBJH+zYK7LG+DKBKUOVTJoZIyEVRd7jyBxRVVuuk+g3/ytr6dTqvirdqFEr12bDYVxg
-Asj1znJ7O7jyTmUIms2kahnBAbtzptf2w93NvKSLtZlhuAGio9RN1AU9ka34tAhxZK9w8RxrfvbD
-d50kc3vkDIzh2TbhmYsFmQvtRTEJysIA2/dyoJaqlYfQjse2YXMNdmaM3Bu0Y6Kff5MTMPGhJ9vZ
-/yxViJGg4E8HsChWjBgbl0SOid3gF27nKu+POQoxhILYQBRJLnpB5Kf+42TMwVlxSywhp1t94B3R
-LoGbw9ho972WG6xwsRYUC9tguSYBBQIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUswN+rja8sHnR3JQmthG+IbJphpQwEAYJKwYBBAGCNxUBBAMCAQAwDQYJ
-KoZIhvcNAQEFBQADggEBAEuh/wuHbrP5wUOxSPMowB0uyQlB+pQAHKSkq0lPjz0e701vvbyk9vIm
-MMkQyh2I+3QZH4VFvbBsUfk2ftv1TDI6QU9bR8/oCy22xBmddMVHxjtqD6wU2zz0c5ypBd8A3HR4
-+vg1YFkCExh8vPtNsCBtQ7tgMHpnM1zFmdH4LTlSc/uMqpclXHLZCB6rTjzjgTGfA6b7wP4piFXa
-hNVQA7bihKOmNqoROgHhGEvWRGizPflTdISzRpFGlgC3gCy24eMQ4tui5yiPAZZiFj4A4xylNoEY
-okxSdsARo27mHbrjWr42U8U+dY+GaSlYU7Wcu2+fXMUY7N0v4ZjJ/L7fCg0=
+MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
+VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
+IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
+Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
+MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
+b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
+IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
+LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
+8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
+mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
+G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
+rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert042.pem b/test/rules/platform_certs/default/cert042.pem
index 0a6a0cd53972..c47e14ae28ea 100644
--- a/test/rules/platform_certs/default/cert042.pem
+++ b/test/rules/platform_certs/default/cert042.pem
@@ -1,20 +1,22 @@
-Certigna
+thawte Primary Root CA - G3
 -----BEGIN CERTIFICATE-----
-MIIDqDCCApCgAwIBAgIJAP7c4wEPyUj/MA0GCSqGSIb3DQEBBQUAMDQxCzAJBgNVBAYTAkZSMRIw
-EAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hMB4XDTA3MDYyOTE1MTMwNVoXDTI3
-MDYyOTE1MTMwNVowNDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczERMA8GA1UEAwwI
-Q2VydGlnbmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDIaPHJ1tazNHUmgh7stL7q
-XOEm7RFHYeGifBZ4QCHkYJ5ayGPhxLGWkv8YbWkj4Sti993iNi+RB7lIzw7sebYs5zRLcAglozyH
-GxnygQcPOJAZ0xH+hrTy0V4eHpbNgGzOOzGTtvKg0KmVEn2lmsxryIRWijOp5yIVUxbwzBfsV1/p
-ogqYCd7jX5xv3EjjhQsVWqa6n6xI4wmy9/Qy3l40vhx4XUJbzg4ij02Q130yGLMLLGq/jj8UEYkg
-DncUtT2UCIf3JR7VsmAA7G8qKCVuKj4YYxclPz5EIBb2JsglrgVKtOdjLPOMFlN+XPsRGgjBRmKf
-Irjxwo1p3Po6WAbfAgMBAAGjgbwwgbkwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUGu3+QTmQ
-tCRZvgHyUtVF9lo53BEwZAYDVR0jBF0wW4AUGu3+QTmQtCRZvgHyUtVF9lo53BGhOKQ2MDQxCzAJ
-BgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxETAPBgNVBAMMCENlcnRpZ25hggkA/tzjAQ/J
-SP8wDgYDVR0PAQH/BAQDAgEGMBEGCWCGSAGG+EIBAQQEAwIABzANBgkqhkiG9w0BAQUFAAOCAQEA
-hQMeknH2Qq/ho2Ge6/PAD/Kl1NqV5ta+aDY9fm4fTIrv0Q8hbV6lUmPOEvjvKtpv6zf+EwLHyzs+
-ImvaYS5/1HI93TDhHkxAGYwP15zRgzB7mFncfca5DClMoTOi62c6ZYTTluLtdkVwj7Ur3vkj1klu
-PBS1xp81HlDQwY9qcEQCYsuuHWhBp6pX6FOqB9IG9tUUBguRA3UsbHK1YZWaDYu5Def131TN3ubY
-1gkIl2PlwS6wt0QmwCbAr1UwnjvVNioZBPRcHv/PLLf/0P2HQBHVESO7SMAhqaQoLf0V+LBOK/Qw
-WyH8EZE0vkHve52Xdf+XlcCWWC/qu0bXu+TZLg==
+MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
+BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
+aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
+ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
+d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
+VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
+A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
+P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
++BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
+7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
+vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
+KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
+A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
+t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
+8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
+er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert043.pem b/test/rules/platform_certs/default/cert043.pem
index e004ddc3613a..15754c10f138 100644
--- a/test/rules/platform_certs/default/cert043.pem
+++ b/test/rules/platform_certs/default/cert043.pem
@@ -1,20 +1,16 @@
-Deutsche Telekom Root CA 2
+GeoTrust Primary Certification Authority - G2
 -----BEGIN CERTIFICATE-----
-MIIDnzCCAoegAwIBAgIBJjANBgkqhkiG9w0BAQUFADBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMT
-RGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0GA1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEG
-A1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBSb290IENBIDIwHhcNOTkwNzA5MTIxMTAwWhcNMTkwNzA5
-MjM1OTAwWjBxMQswCQYDVQQGEwJERTEcMBoGA1UEChMTRGV1dHNjaGUgVGVsZWtvbSBBRzEfMB0G
-A1UECxMWVC1UZWxlU2VjIFRydXN0IENlbnRlcjEjMCEGA1UEAxMaRGV1dHNjaGUgVGVsZWtvbSBS
-b290IENBIDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCrC6M14IspFLEUha88EOQ5
-bzVdSq7d6mGNlUn0b2SjGmBmpKlAIoTZ1KXleJMOaAGtuU1cOs7TuKhCQN/Po7qCWWqSG6wcmtoI
-KyUn+WkjR/Hg6yx6m/UTAtB+NHzCnjwAWav12gz1MjwrrFDa1sPeg5TKqAyZMg4ISFZbavva4VhY
-AUlfckE8FQYBjl2tqriTtM2e66foai1SNNs671x1Udrb8zH57nGYMsRUFUQM+ZtV7a3fGAigo4aK
-Se5TBY8ZTNXeWHmb0mocQqvF1afPaA+W5OFhmHZhyJF81j4A4pFQh+GdCuatl9Idxjp9y7zaAzTV
-jlsB9WoHtxa2bkp/AgMBAAGjQjBAMB0GA1UdDgQWBBQxw3kbuvVT1xfgiXotF2wKsyudMzAPBgNV
-HRMECDAGAQH/AgEFMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQUFAAOCAQEAlGRZrTlk5ynr
-E/5aw4sTV8gEJPB0d8Bg42f76Ymmg7+Wgnxu1MM9756AbrsptJh6sTtU6zkXR34ajgv8HzFZMQSy
-zhfzLMdiNlXiItiJVbSYSKpk+tYcNthEeFpaIzpXl/V6ME+un2pMSyuOoAPjPuCp1NJ70rOo4nI8
-rZ7/gFnkm0W09juwzTkZmDLl6iFhkOQxIY40sfcvNUqFENrnijchvllj4PKFiDFT1FQUhXB59C4G
-dyd1Lx+4ivn+xbrYNuSD7Odlt79jWvNGr4GUN9RBjNYj1h7P9WgbRGOiWrqnNVmh5XAFmw4jV5mU
-Cm26OWMohpLzGITY+9HPBVZkVw==
+MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
+VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
+Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
+ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
+OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
+MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
+b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
+BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
+KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
+EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
+ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
+npaqBA+K
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert044.pem b/test/rules/platform_certs/default/cert044.pem
index d14681661ead..570338d6a7ba 100644
--- a/test/rules/platform_certs/default/cert044.pem
+++ b/test/rules/platform_certs/default/cert044.pem
@@ -1,20 +1,25 @@
-Cybertrust Global Root
+VeriSign Universal Root Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIDoTCCAomgAwIBAgILBAAAAAABD4WqLUgwDQYJKoZIhvcNAQEFBQAwOzEYMBYGA1UEChMPQ3li
-ZXJ0cnVzdCwgSW5jMR8wHQYDVQQDExZDeWJlcnRydXN0IEdsb2JhbCBSb290MB4XDTA2MTIxNTA4
-MDAwMFoXDTIxMTIxNTA4MDAwMFowOzEYMBYGA1UEChMPQ3liZXJ0cnVzdCwgSW5jMR8wHQYDVQQD
-ExZDeWJlcnRydXN0IEdsb2JhbCBSb290MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
-+Mi8vRRQZhP/8NN57CPytxrHjoXxEnOmGaoQ25yiZXRadz5RfVb23CO21O1fWLE3TdVJDm71aofW
-0ozSJ8bi/zafmGWgE07GKmSb1ZASzxQG9Dvj1Ci+6A74q05IlG2OlTEQXO2iLb3VOm2yHLtgwEZL
-AfVJrn5GitB0jaEMAs7u/OePuGtm839EAL9mJRQr3RAwHQeWP032a7iPt3sMpTjr3kfb1V05/Iin
-89cqdPHoWqI7n1C6poxFNcJQZZXcY4Lv3b93TZxiyWNzFtApD0mpSPCzqrdsxacwOUBdrsTiXSZT
-8M4cIwhhqJQZugRiQOwfOHB3EgZxpzAYXSUnpQIDAQABo4GlMIGiMA4GA1UdDwEB/wQEAwIBBjAP
-BgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBS2CHsNesysIEyGVjJez6tuhS1wVzA/BgNVHR8EODA2
-MDSgMqAwhi5odHRwOi8vd3d3Mi5wdWJsaWMtdHJ1c3QuY29tL2NybC9jdC9jdHJvb3QuY3JsMB8G
-A1UdIwQYMBaAFLYIew16zKwgTIZWMl7Pq26FLXBXMA0GCSqGSIb3DQEBBQUAA4IBAQBW7wojoFRO
-lZfJ+InaRcHUowAl9B8Tq7ejhVhpwjCt2BWKLePJzYFa+HMjWqd8BfP9IjsO0QbE2zZMcwSO5bAi
-5MXzLqXZI+O4Tkogp24CJJ8iYGd7ix1yCcUxXOl5n4BHPa2hCwcUPUf/A2kaDAtE52Mlp3+yybh2
-hO0j9n0Hq0V+09+zv+mKts2oomcrUtW3ZfA5TGOgkXmTUg9U3YO7n9GPp1Nzw8v/MOx8BLjYRB+T
-X3EJIrduPuocA06dGiBh+4E37F78CkWr1+cXVdCg6mCbpvbjjFspwgZgFJ0tl0ypkxWdYcQBX0jW
-WL1WMRJOEcgh4LMRkWXbtKaIOM5V
+MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
+BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
+ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
+IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
+IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
+UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
+cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
+IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
+aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
+1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
+MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
+9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
+AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
+tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
+CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
+a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
+DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
+Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
+Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
+P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
+wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
+mJO37M2CYfE45k+XmCpajQ==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert045.pem b/test/rules/platform_certs/default/cert045.pem
index cf2d1496d727..426a600f809d 100644
--- a/test/rules/platform_certs/default/cert045.pem
+++ b/test/rules/platform_certs/default/cert045.pem
@@ -1,29 +1,19 @@
-ePKI Root Certification Authority
+VeriSign Class 3 Public Primary Certification Authority - G4
 -----BEGIN CERTIFICATE-----
-MIIFsDCCA5igAwIBAgIQFci9ZUdcr7iXAF7kBtK8nTANBgkqhkiG9w0BAQUFADBeMQswCQYDVQQG
-EwJUVzEjMCEGA1UECgwaQ2h1bmdod2EgVGVsZWNvbSBDby4sIEx0ZC4xKjAoBgNVBAsMIWVQS0kg
-Um9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTAeFw0wNDEyMjAwMjMxMjdaFw0zNDEyMjAwMjMx
-MjdaMF4xCzAJBgNVBAYTAlRXMSMwIQYDVQQKDBpDaHVuZ2h3YSBUZWxlY29tIENvLiwgTHRkLjEq
-MCgGA1UECwwhZVBLSSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEA4SUP7o3biDN1Z82tH306Tm2d0y8U82N0ywEhajfqhFAHSyZbCUNs
-IZ5qyNUD9WBpj8zwIuQf5/dqIjG3LBXy4P4AakP/h2XGtRrBp0xtInAhijHyl3SJCRImHJ7K2RKi
-lTza6We/CKBk49ZCt0Xvl/T29de1ShUCWH2YWEtgvM3XDZoTM1PRYfl61dd4s5oz9wCGzh1NlDiv
-qOx4UXCKXBCDUSH3ET00hl7lSM2XgYI1TBnsZfZrxQWh7kcT1rMhJ5QQCtkkO7q+RBNGMD+XPNjX
-12ruOzjjK9SXDrkb5wdJfzcq+Xd4z1TtW0ado4AOkUPB1ltfFLqfpo0kR0BZv3I4sjZsN/+Z0V0O
-WQqraffAsgRFelQArr5T9rXn4fg8ozHSqf4hUmTFpmfwdQcGlBSBVcYn5AGPF8Fqcde+S/uUWH1+
-ETOxQvdibBjWzwloPn9s9h6PYq2lY9sJpx8iQkEeb5mKPtf5P0B6ebClAZLSnT0IFaUQAS2zMnao
-lQ2zepr7BxB4EW/hj8e6DyUadCrlHJhBmd8hh+iVBmoKs2pHdmX2Os+PYhcZewoozRrSgx4hxyy/
-vv9haLdnG7t4TY3OZ+XkwY63I2binZB1NJipNiuKmpS5nezMirH4JYlcWrYvjB9teSSnUmjDhDXi
-Zo1jDiVN1Rmy5nk3pyKdVDECAwEAAaNqMGgwHQYDVR0OBBYEFB4M97Zn8uGSJglFwFU5Lnc/Qkqi
-MAwGA1UdEwQFMAMBAf8wOQYEZyoHAAQxMC8wLQIBADAJBgUrDgMCGgUAMAcGBWcqAwAABBRFsMLH
-ClZ87lt4DJX5GFPBphzYEDANBgkqhkiG9w0BAQUFAAOCAgEACbODU1kBPpVJufGBuvl2ICO1J2B0
-1GqZNF5sAFPZn/KmsSQHRGoqxqWOeBLoR9lYGxMqXnmbnwoqZ6YlPwZpVnPDimZI+ymBV3QGypzq
-KOg4ZyYr8dW1P2WT+DZdjo2NQCCHGervJ8A9tDkPJXtoUHRVnAxZfVo9QZQlUgjgRywVMRnVvwdV
-xrsStZf0X4OFunHB2WyBEXYKCrC/gpf36j36+uwtqSiUO1bd0lEursC9CBWMd1I0ltabrNMdjmEP
-NXubrjlpC2JgQCA2j6/7Nu4tCEoduL+bXPjqpRugc6bY+G7gMwRfaKonh+3ZwZCc7b3jajWvY9+r
-GNm65ulK6lCKD2GTHuItGeIwlDWSXQ62B68ZgI9HkFFLLk3dheLSClIKF5r8GrBQAuUBo2M3IUxE
-xJtRmREOc5wGj1QupyheRDmHVi03vYVElOEMSyycw5KFNGHLD7ibSkNS/jQ6fbjpKdx2qcgw+BRx
-gMYeNkh0IkFch4LoGHGLQYlE535YW6i4jRPpp2zDR+2zGp1iro2C6pSe3VkQw63d4k3jMdXH7Ojy
-sP6SHhYKGvzZ8/gntsm+HbRsZJB/9OTEW9c3rkIO3aQab3yIVMUWbuF6aC74Or8NpDyJO3inTmOD
-BCEIZ43ygknQW/2xzQ+DhNQ+IIX3Sj0rnP0qCglN6oH4EZw=
+MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
+VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
+b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
+ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
+YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
+MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
+cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
+b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
+IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
+Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
+rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
+HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
+Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
+A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
+AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert046.pem b/test/rules/platform_certs/default/cert046.pem
index 3f3078052e62..6333238ed5d0 100644
--- a/test/rules/platform_certs/default/cert046.pem
+++ b/test/rules/platform_certs/default/cert046.pem
@@ -1,18 +1,22 @@
-certSIGN ROOT CA
+NetLock Arany (Class Gold) Főtanúsítvány
 -----BEGIN CERTIFICATE-----
-MIIDODCCAiCgAwIBAgIGIAYFFnACMA0GCSqGSIb3DQEBBQUAMDsxCzAJBgNVBAYTAlJPMREwDwYD
-VQQKEwhjZXJ0U0lHTjEZMBcGA1UECxMQY2VydFNJR04gUk9PVCBDQTAeFw0wNjA3MDQxNzIwMDRa
-Fw0zMTA3MDQxNzIwMDRaMDsxCzAJBgNVBAYTAlJPMREwDwYDVQQKEwhjZXJ0U0lHTjEZMBcGA1UE
-CxMQY2VydFNJR04gUk9PVCBDQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBALczuX7I
-JUqOtdu0KBuqV5Do0SLTZLrTk+jUrIZhQGpgV2hUhE28alQCBf/fm5oqrl0Hj0rDKH/v+yv6efHH
-rfAQUySQi2bJqIirr1qjAOm+ukbuW3N7LBeCgV5iLKECZbO9xSsAfsT8AzNXDe3i+s5dRdY4zTW2
-ssHQnIFKquSyAVwdj1+ZxLGt24gh65AIgoDzMKND5pCCrlUoSe1b16kQOA7+j0xbm0bqQfWwCHTD
-0IgztnzXdN/chNFDDnU5oSVAKOp4yw4sLjmdjItuFhwvJoIQ4uNllAoEwF73XVv4EOLQunpL+943
-AAAaWyjj0pxzPjKHmKHJUS/X3qwzs08CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8B
-Af8EBAMCAcYwHQYDVR0OBBYEFOCMm9slSbPxfIbWskKHC9BroNnkMA0GCSqGSIb3DQEBBQUAA4IB
-AQA+0hyJLjX8+HXd5n9liPRyTMks1zJO890ZeUe9jjtbkw9QSSQTaxQGcu8J06Gh40CEyecYMnQ8
-SG4Pn0vU9x7Tk4ZkVJdjclDVVc/6IJMCopvDI5NOFlV2oHB5bc0hH88vLbwZ44gx+FkagQnIl6Z0
-x2DEW8xXjrJ1/RsCCdtZb3KTafcxQdaIOL+Hsr0Wefmq5L6IJd1hJyMctTEHBDa0GpC9oHRxUIlt
-vBTjD4au8as+x6AJzKNI0eDbZOeStc+vckNwi/nDhDwTqn6Sm1dTk/pwwpEOMfmbZ13pljheX7Nz
-TogVZ96edhBiIL5VaZVDADlN9u6wWk5JRFRYX0KD
+MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
+A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
+dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
+cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
+MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
+ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
+biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
+c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
+0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
+/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
+H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
+fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
+neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
+BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
+qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
+YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
+bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
+NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
+dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert047.pem b/test/rules/platform_certs/default/cert047.pem
index 1c0ff0054c29..a87baf6a45c8 100644
--- a/test/rules/platform_certs/default/cert047.pem
+++ b/test/rules/platform_certs/default/cert047.pem
@@ -1,21 +1,30 @@
-GeoTrust Primary Certification Authority - G3
+Staat der Nederlanden Root CA - G2
 -----BEGIN CERTIFICATE-----
-MIID/jCCAuagAwIBAgIQFaxulBmyeUtB9iepwxgPHzANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UE
-BhMCVVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA4IEdlb1RydXN0
-IEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFy
-eSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEczMB4XDTA4MDQwMjAwMDAwMFoXDTM3MTIwMTIz
-NTk1OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAo
-YykgMjAwOCBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMT
-LUdlb1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMzCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBANziXmJYHTNXOTIz+uvLh4yn1ErdBojqZI4xmKU4kB6Yzy5j
-K/BGvESyiaHAKAxJcCGVn2TAppMSAmUmhsalifD614SgcK9PGpc/BkTVyetyEH3kMSj7HGHmKAdE
-c5IiaacDiGydY8hS2pgn5whMcD60yRLBxWeDXTPzAxHsatBT4tG6NmCUgLthY2xbF37fQJQeqw3C
-IShwiP/WJmxsYAQlTlV+fe+/lEjetx3dcI0FX4ilm/LC7urRQEFtYjgdVgbFA0dRIBn8exALDmKu
-dlW/X3e+PkkBUz2YJQN2JFodtNuJ6nnltrM7P7pMKEF/BqxqjsHQ9gUdfeZChuOl1UcCAwEAAaNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFMR5yo6hTgMdHNxr
-2zFblD4/MH8tMA0GCSqGSIb3DQEBCwUAA4IBAQAtxRPPVoB7eni9n64smefv2t+UXglpp+duaIy9
-cr5HqQ6XErhK8WTTOd8lNNTBzU6B8A8ExCSzNJbGpqow32hhc9f5joWJ7w5elShKKiePEI4ufIbE
-Ap7aDHdlDkQNkv39sxY2+hENHYwOB4lqKVb3cvTdFZx3NWZXqxNT2I7BQMXXExZacse3aQHEerGD
-AWh9jUGhlBjBJVz88P6DAod8DQ3PLghcSkANPuyBYeYk28rgDi0Hsj5W3I31QYUHSJsMC8tJP33s
-t/3LjWeJGqvtux6jAAgIFyqCXDFdRootD4abdNlF+9RAsXqqaC2Gspki4cErx5z481+oghLrGREt
+MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
+CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC
+TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
+ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ
+5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn
+vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj
+CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil
+e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR
+OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI
+CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65
+48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi
+trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737
+qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB
+AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC
+ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
+HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA
+A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz
++51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj
+f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN
+kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk
+CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF
+URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb
+CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h
+oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV
+IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm
+66+KAQ==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert048.pem b/test/rules/platform_certs/default/cert048.pem
index 35274749ac64..7e3c8df25c1a 100644
--- a/test/rules/platform_certs/default/cert048.pem
+++ b/test/rules/platform_certs/default/cert048.pem
@@ -1,15 +1,18 @@
-thawte Primary Root CA - G2
+Hongkong Post Root CA 1
 -----BEGIN CERTIFICATE-----
-MIICiDCCAg2gAwIBAgIQNfwmXNmET8k9Jj1Xm67XVjAKBggqhkjOPQQDAzCBhDELMAkGA1UEBhMC
-VVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjE4MDYGA1UECxMvKGMpIDIwMDcgdGhhd3RlLCBJbmMu
-IC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3Qg
-Q0EgLSBHMjAeFw0wNzExMDUwMDAwMDBaFw0zODAxMTgyMzU5NTlaMIGEMQswCQYDVQQGEwJVUzEV
-MBMGA1UEChMMdGhhd3RlLCBJbmMuMTgwNgYDVQQLEy8oYykgMjAwNyB0aGF3dGUsIEluYy4gLSBG
-b3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIGA1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAt
-IEcyMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAEotWcgnuVnfFSeIf+iha/BebfowJPDQfGAFG6DAJS
-LSKkQjnE/o/qycG+1E3/n3qe4rF8mq2nhglzh9HnmuN6papu+7qzcMBniKI11KOasf2twu8x+qi5
-8/sIxpHR+ymVo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU
-mtgAMADna3+FGO6Lts6KDPgR4bswCgYIKoZIzj0EAwMDaQAwZgIxAN344FdHW6fmCsO99YCKlzUN
-G4k8VIZ3KMqh9HneteY4sPBlcIx/AlTCv//YoT7ZzwIxAMSNlPzcU9LcnXgWHxUzI1NS41oxXZ3K
-rr0TKUQNJ1uo52icEvdYPy5yAlejj6EULg==
+MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
+DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
+NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
+IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
+ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
+auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
+qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
+V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
+HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
+h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
+l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
+IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
+T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
+c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert049.pem b/test/rules/platform_certs/default/cert049.pem
index c47e14ae28ea..6bea4b13da3d 100644
--- a/test/rules/platform_certs/default/cert049.pem
+++ b/test/rules/platform_certs/default/cert049.pem
@@ -1,22 +1,19 @@
-thawte Primary Root CA - G3
+SecureSign RootCA11
 -----BEGIN CERTIFICATE-----
-MIIEKjCCAxKgAwIBAgIQYAGXt0an6rS0mtZLL/eQ+zANBgkqhkiG9w0BAQsFADCBrjELMAkGA1UE
-BhMCVVMxFTATBgNVBAoTDHRoYXd0ZSwgSW5jLjEoMCYGA1UECxMfQ2VydGlmaWNhdGlvbiBTZXJ2
-aWNlcyBEaXZpc2lvbjE4MDYGA1UECxMvKGMpIDIwMDggdGhhd3RlLCBJbmMuIC0gRm9yIGF1dGhv
-cml6ZWQgdXNlIG9ubHkxJDAiBgNVBAMTG3RoYXd0ZSBQcmltYXJ5IFJvb3QgQ0EgLSBHMzAeFw0w
-ODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIGuMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMdGhh
-d3RlLCBJbmMuMSgwJgYDVQQLEx9DZXJ0aWZpY2F0aW9uIFNlcnZpY2VzIERpdmlzaW9uMTgwNgYD
-VQQLEy8oYykgMjAwOCB0aGF3dGUsIEluYy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTEkMCIG
-A1UEAxMbdGhhd3RlIFByaW1hcnkgUm9vdCBDQSAtIEczMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAsr8nLPvb2FvdeHsbnndmgcs+vHyu86YnmjSjaDFxODNi5PNxZnmxqWWjpYvVj2At
-P0LMqmsywCPLLEHd5N/8YZzic7IilRFDGF/Eth9XbAoFWCLINkw6fKXRz4aviKdEAhN0cXMKQlkC
-+BsUa0Lfb1+6a4KinVvnSr0eAXLbS3ToO39/fR8EtCab4LRarEc9VbjXsCZSKAExQGbY2SS99irY
-7CFJXJv2eul/VTV+lmuNk5Mny5K76qxAwJ/C+IDPXfRa3M50hqY+bAtTyr2SzhkGcuYMXDhpxwTW
-vGzOW/b3aJzcJRVIiKHpqfiYnODz1TEoYRFsZ5aNOZnLwkUkOQIDAQABo0IwQDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUrWyqlGCc7eT/+j4KdCtjA/e2Wb8wDQYJ
-KoZIhvcNAQELBQADggEBABpA2JVlrAmSicY59BDlqQ5mU1143vokkbvnRFHfxhY0Cu9qRFHqKweK
-A3rD6z8KLFIWoCtDuSWQP3CpMyVtRRooOyfPqsMpQhvfO0zAMzRbQYi/aytlryjvsvXDqmbOe1bu
-t8jLZ8HJnBoYuMTDSQPxYA5QzUbF83d597YV4Djbxy8ooAw/dyZ02SUS2jHaGh7cKUGRIjxpp7sC
-8rZcJwOJ9Abqm+RyguOhCcHpABnTPtRwa7pxpqpYrvS76Wy274fMm7v/OeZWYdMKp8RcTGB7BXcm
-er/YB1IsYvdwY9k5vG8cwnncdimvzsUsZAReiDZuMdRAGmI0Nj81Aa6sY6A=
+MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
+SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
+b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
+KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
+cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
+TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
+wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
+g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
+O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
+bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
+t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
+OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
+bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
+Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
+y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
+lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert050.pem b/test/rules/platform_certs/default/cert050.pem
index 15754c10f138..23de03568974 100644
--- a/test/rules/platform_certs/default/cert050.pem
+++ b/test/rules/platform_certs/default/cert050.pem
@@ -1,16 +1,22 @@
-GeoTrust Primary Certification Authority - G2
+Microsec e-Szigno Root CA 2009
 -----BEGIN CERTIFICATE-----
-MIICrjCCAjWgAwIBAgIQPLL0SAoA4v7rJDteYD7DazAKBggqhkjOPQQDAzCBmDELMAkGA1UEBhMC
-VVMxFjAUBgNVBAoTDUdlb1RydXN0IEluYy4xOTA3BgNVBAsTMChjKSAyMDA3IEdlb1RydXN0IElu
-Yy4gLSBGb3IgYXV0aG9yaXplZCB1c2Ugb25seTE2MDQGA1UEAxMtR2VvVHJ1c3QgUHJpbWFyeSBD
-ZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEcyMB4XDTA3MTEwNTAwMDAwMFoXDTM4MDExODIzNTk1
-OVowgZgxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMTkwNwYDVQQLEzAoYykg
-MjAwNyBHZW9UcnVzdCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNlIG9ubHkxNjA0BgNVBAMTLUdl
-b1RydXN0IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjB2MBAGByqGSM49AgEG
-BSuBBAAiA2IABBWx6P0DFUPlrOuHNxFi79KDNlJ9RVcLSo17VDs6bl8VAsBQps8lL33KSLjHUGMc
-KiEIfJo22Av+0SbFWDEwKCXzXV2juLaltJLtbCyf691DiaI8S0iRHVDsJt/WYC69IaNCMEAwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBVfNVdRVfslsq0DafwBo/q+
-EVXVMAoGCCqGSM49BAMDA2cAMGQCMGSWWaboCd6LuvpaiIjwH5HTRqjySkwCY/tsXzjbLkGTqQ7m
-ndwxHLKgpxgceeHHNgIwOlavmnRs9vuD4DPTCF+hnMJbn0bWtsuRBmOiBuczrD6ogRLQy7rQkgu2
-npaqBA+K
+MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
+MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
+c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
+dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
+BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
+U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
+fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
+0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
+pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
+1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
+AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
+QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
+FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
+lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
+I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
+tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
+yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
+LXpUq3DDfSJlgnCW
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert051.pem b/test/rules/platform_certs/default/cert051.pem
index 570338d6a7ba..7917400e8383 100644
--- a/test/rules/platform_certs/default/cert051.pem
+++ b/test/rules/platform_certs/default/cert051.pem
@@ -1,25 +1,19 @@
-VeriSign Universal Root Certification Authority
+GlobalSign Root CA - R3
 -----BEGIN CERTIFICATE-----
-MIIEuTCCA6GgAwIBAgIQQBrEZCGzEyEDDrvkEhrFHTANBgkqhkiG9w0BAQsFADCBvTELMAkGA1UE
-BhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBO
-ZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwOCBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVk
-IHVzZSBvbmx5MTgwNgYDVQQDEy9WZXJpU2lnbiBVbml2ZXJzYWwgUm9vdCBDZXJ0aWZpY2F0aW9u
-IEF1dGhvcml0eTAeFw0wODA0MDIwMDAwMDBaFw0zNzEyMDEyMzU5NTlaMIG9MQswCQYDVQQGEwJV
-UzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xHzAdBgNVBAsTFlZlcmlTaWduIFRydXN0IE5ldHdv
-cmsxOjA4BgNVBAsTMShjKSAyMDA4IFZlcmlTaWduLCBJbmMuIC0gRm9yIGF1dGhvcml6ZWQgdXNl
-IG9ubHkxODA2BgNVBAMTL1ZlcmlTaWduIFVuaXZlcnNhbCBSb290IENlcnRpZmljYXRpb24gQXV0
-aG9yaXR5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx2E3XrEBNNti1xWb/1hajCMj
-1mCOkdeQmIN65lgZOIzF9uVkhbSicfvtvbnazU0AtMgtc6XHaXGVHzk8skQHnOgO+k1KxCHfKWGP
-MiJhgsWHH26MfF8WIFFE0XBPV+rjHOPMee5Y2A7Cs0WTwCznmhcrewA3ekEzeOEz4vMQGn+HLL72
-9fdC4uW/h2KJXwBL38Xd5HVEMkE6HnFuacsLdUYI0crSK5XQz/u5QGtkjFdN/BMReYTtXlT2NJ8I
-AfMQJQYXStrxHXpma5hgZqTZ79IugvHw7wnqRMkVauIDbjPTrJ9VAMf2CGqUuV/c4DPxhGD5WycR
-tPwW8rtWaoAljQIDAQABo4GyMIGvMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMG0G
-CCsGAQUFBwEMBGEwX6FdoFswWTBXMFUWCWltYWdlL2dpZjAhMB8wBwYFKw4DAhoEFI/l0xqGrI2O
-a8PPgGrUSBgsexkuMCUWI2h0dHA6Ly9sb2dvLnZlcmlzaWduLmNvbS92c2xvZ28uZ2lmMB0GA1Ud
-DgQWBBS2d/ppSEefUxLVwuoHMnYH0ZcHGTANBgkqhkiG9w0BAQsFAAOCAQEASvj4sAPmLGd75JR3
-Y8xuTPl9Dg3cyLk1uXBPY/ok+myDjEedO2Pzmvl2MpWRsXe8rJq+seQxIcaBlVZaDrHC1LGmWazx
-Y8u4TB1ZkErvkBYoH1quEPuBUDgMbMzxPcP1Y+Oz4yHJJDnp/RVmRvQbEdBNc6N9Rvk97ahfYtTx
-P/jgdFcrGJ2BtMQo2pSXpXDrrB2+BxHw1dvd5Yzw1TKwg+ZX4o+/vqGqvz0dtdQ46tewXDpPaj+P
-wGZsY6rp2aQW9IHRlRQOfc2VNNnSj3BzgXucfr2YYdhFh5iQxeuGMMY1v/D/w1WIg0vvBZIGcfK4
-mJO37M2CYfE45k+XmCpajQ==
+MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
+YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
+bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
+aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
+bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
+iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
+0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
+rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
+OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
+xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
+lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
+EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
+bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
+YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
+kpeDMdmztcpHWD9f
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert052.pem b/test/rules/platform_certs/default/cert052.pem
index 426a600f809d..751d1d493329 100644
--- a/test/rules/platform_certs/default/cert052.pem
+++ b/test/rules/platform_certs/default/cert052.pem
@@ -1,19 +1,31 @@
-VeriSign Class 3 Public Primary Certification Authority - G4
+Autoridad de Certificacion Firmaprofesional CIF A62634068
 -----BEGIN CERTIFICATE-----
-MIIDhDCCAwqgAwIBAgIQL4D+I4wOIg9IZxIokYesszAKBggqhkjOPQQDAzCByjELMAkGA1UEBhMC
-VVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBUcnVzdCBOZXR3
-b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRob3JpemVkIHVz
-ZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5IENlcnRpZmlj
-YXRpb24gQXV0aG9yaXR5IC0gRzQwHhcNMDcxMTA1MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCByjEL
-MAkGA1UEBhMCVVMxFzAVBgNVBAoTDlZlcmlTaWduLCBJbmMuMR8wHQYDVQQLExZWZXJpU2lnbiBU
-cnVzdCBOZXR3b3JrMTowOAYDVQQLEzEoYykgMjAwNyBWZXJpU2lnbiwgSW5jLiAtIEZvciBhdXRo
-b3JpemVkIHVzZSBvbmx5MUUwQwYDVQQDEzxWZXJpU2lnbiBDbGFzcyAzIFB1YmxpYyBQcmltYXJ5
-IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzQwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAASnVnp8
-Utpkmw4tXNherJI9/gHmGUo9FANL+mAnINmDiWn6VMaaGF5VKmTeBvaNSjutEDxlPZCIBIngMGGz
-rl0Bp3vefLK+ymVhAIau2o970ImtTR1ZmkGxvEeA3J5iw/mjgbIwga8wDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAQYwbQYIKwYBBQUHAQwEYTBfoV2gWzBZMFcwVRYJaW1hZ2UvZ2lmMCEw
-HzAHBgUrDgMCGgQUj+XTGoasjY5rw8+AatRIGCx7GS4wJRYjaHR0cDovL2xvZ28udmVyaXNpZ24u
-Y29tL3ZzbG9nby5naWYwHQYDVR0OBBYEFLMWkf3upm7ktS5Jj4d4gYDs5bG1MAoGCCqGSM49BAMD
-A2gAMGUCMGYhDBgmYFo4e1ZC4Kf8NoRRkSAsdk1DPcQdhCPQrNZ8NQbOzWm9kA3bbEhCHQ6qQgIx
-AJw9SDkjOVgaFRJZap7v1VmyHVIsmXHNxynfGyphe3HR3vPA5Q06Sqotp9iGKt0uEA==
+MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
+BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
+MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
+QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
+NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
+Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
+B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
+7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
+ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
+plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
+MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
+LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
+bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
+vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
+EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
+DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
+cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
+bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
+ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
+51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
+R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
+T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
+Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
+osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
+crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
+saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
+KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
+6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert053.pem b/test/rules/platform_certs/default/cert053.pem
index 6333238ed5d0..52e7459c17f3 100644
--- a/test/rules/platform_certs/default/cert053.pem
+++ b/test/rules/platform_certs/default/cert053.pem
@@ -1,22 +1,30 @@
-NetLock Arany (Class Gold) Főtanúsítvány
+Izenpe.com
 -----BEGIN CERTIFICATE-----
-MIIEFTCCAv2gAwIBAgIGSUEs5AAQMA0GCSqGSIb3DQEBCwUAMIGnMQswCQYDVQQGEwJIVTERMA8G
-A1UEBwwIQnVkYXBlc3QxFTATBgNVBAoMDE5ldExvY2sgS2Z0LjE3MDUGA1UECwwuVGFuw7pzw610
-dsOhbnlraWFkw7NrIChDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzKTE1MDMGA1UEAwwsTmV0TG9jayBB
-cmFueSAoQ2xhc3MgR29sZCkgRsWRdGFuw7pzw610dsOhbnkwHhcNMDgxMjExMTUwODIxWhcNMjgx
-MjA2MTUwODIxWjCBpzELMAkGA1UEBhMCSFUxETAPBgNVBAcMCEJ1ZGFwZXN0MRUwEwYDVQQKDAxO
-ZXRMb2NrIEtmdC4xNzA1BgNVBAsMLlRhbsO6c8OtdHbDoW55a2lhZMOzayAoQ2VydGlmaWNhdGlv
-biBTZXJ2aWNlcykxNTAzBgNVBAMMLE5ldExvY2sgQXJhbnkgKENsYXNzIEdvbGQpIEbFkXRhbsO6
-c8OtdHbDoW55MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxCRec75LbRTDofTjl5Bu
-0jBFHjzuZ9lk4BqKf8owyoPjIMHj9DrTlF8afFttvzBPhCf2nx9JvMaZCpDyD/V/Q4Q3Y1GLeqVw
-/HpYzY6b7cNGbIRwXdrzAZAj/E4wqX7hJ2Pn7WQ8oLjJM2P+FpD/sLj916jAwJRDC7bVWaaeVtAk
-H3B5r9s5VA1lddkVQZQBr17s9o3x/61k/iCa11zr/qYfCGSji3ZVrR47KGAuhyXoqq8fxmRGILdw
-fzzeSNuWU7c5d+Qa4scWhHaXWy+7GRWF+GmF9ZmnqfI0p6m2pgP8b4Y9VHx2BJtr+UBdADTHLpl1
-neWIA6pN+APSQnbAGwIDAKiLo0UwQzASBgNVHRMBAf8ECDAGAQH/AgEEMA4GA1UdDwEB/wQEAwIB
-BjAdBgNVHQ4EFgQUzPpnk/C2uNClwB7zU/2MU9+D15YwDQYJKoZIhvcNAQELBQADggEBAKt/7hwW
-qZw8UQCgwBEIBaeZ5m8BiFRhbvG5GK1Krf6BQCOUL/t1fC8oS2IkgYIL9WHxHG64YTjrgfpioTta
-YtOUZcTh5m2C+C8lcLIhJsFyUR+MLMOEkMNaj7rP9KdlpeuY0fsFskZ1FSNqb4VjMIDw1Z4fKRzC
-bLBQWV2QWzuoDTDPv31/zvGdg73JRm4gpvlhUbohL3u+pRVjodSVh/GeufOJ8z2FuLjbvrW5Kfna
-NwUASZQDhETnv0Mxz3WLJdH0pmT1kvarBes96aULNmLazAZfNou2XjG4Kvte9nHfRCaexOYNkbQu
-dZWAUWpLMKawYqGT8ZvYzsRjdT9ZR7E=
+MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
+EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
+MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
+QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
+03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
+ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
++zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
+PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
+OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
+F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
+0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
+0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
+leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
+AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
+SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
+NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
+MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
+Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
+kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
+hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
+g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
+aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
+nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
+ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
+Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
+WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert054.pem b/test/rules/platform_certs/default/cert054.pem
index a87baf6a45c8..ba9343141530 100644
--- a/test/rules/platform_certs/default/cert054.pem
+++ b/test/rules/platform_certs/default/cert054.pem
@@ -1,30 +1,36 @@
-Staat der Nederlanden Root CA - G2
+Chambers of Commerce Root - 2008
 -----BEGIN CERTIFICATE-----
-MIIFyjCCA7KgAwIBAgIEAJiWjDANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
-CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
-Um9vdCBDQSAtIEcyMB4XDTA4MDMyNjExMTgxN1oXDTIwMDMyNTExMDMxMFowWjELMAkGA1UEBhMC
-TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
-ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMVZ
-5291qj5LnLW4rJ4L5PnZyqtdj7U5EILXr1HgO+EASGrP2uEGQxGZqhQlEq0i6ABtQ8SpuOUfiUtn
-vWFI7/3S4GCI5bkYYCjDdyutsDeqN95kWSpGV+RLufg3fNU254DBtvPUZ5uW6M7XxgpT0GtJlvOj
-CwV3SPcl5XCsMBQgJeN/dVrlSPhOewMHBPqCYYdu8DvEpMfQ9XQ+pV0aCPKbJdL2rAQmPlU6Yiil
-e7Iwr/g3wtG61jj99O9JMDeZJiFIhQGp5Rbn3JBV3w/oOM2ZNyFPXfUib2rFEhZgF1XyZWampzCR
-OME4HYYEhLoaJXhena/MUGDWE4dS7WMfbWV9whUYdMrhfmQpjHLYFhN9C0lK8SgbIHRrxT3dsKpI
-CT0ugpTNGmXZK4iambwYfp/ufWZ8Pr2UuIHOzZgweMFvZ9C+X+Bo7d7iscksWXiSqt8rYGPy5V65
-48r6f1CGPqI0GAwJaCgRHOThuVw+R7oyPxjMW4T182t0xHJ04eOLoEq9jWYv6q012iDTiIJh8BIi
-trzQ1aTsr1SIJSQ8p22xcik/Plemf1WvbibG/ufMQFxRRIEKeN5KzlW/HdXZt1bv8Hb/C3m1r737
-qWmRRpdogBQ2HbN/uymYNqUg+oJgYjOk7Na6B6duxc8UpufWkjTYgfX8HV2qXB72o007uPc5AgMB
-AAGjgZcwgZQwDwYDVR0TAQH/BAUwAwEB/zBSBgNVHSAESzBJMEcGBFUdIAAwPzA9BggrBgEFBQcC
-ARYxaHR0cDovL3d3dy5wa2lvdmVyaGVpZC5ubC9wb2xpY2llcy9yb290LXBvbGljeS1HMjAOBgNV
-HQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJFoMocVHYnitfGsNig0jQt8YojrMA0GCSqGSIb3DQEBCwUA
-A4ICAQCoQUpnKpKBglBu4dfYszk78wIVCVBR7y29JHuIhjv5tLySCZa59sCrI2AGeYwRTlHSeYAz
-+51IvuxBQ4EffkdAHOV6CMqqi3WtFMTC6GY8ggen5ieCWxjmD27ZUD6KQhgpxrRW/FYQoAUXvQwj
-f/ST7ZwaUb7dRUG/kSS0H4zpX897IZmflZ85OkYcbPnNe5yQzSipx6lVu6xiNGI1E0sUOlWDuYaN
-kqbG9AclVMwWVxJKgnjIFNkXgiYtXSAfea7+1HAWFpWD2DU5/1JddRwWxRNVz0fMdWVSSt7wsKfk
-CpYL+63C4iWEst3kvX5ZbJvw8NjnyvLplzh+ib7M+zkXYT9y2zqR2GUBGR2tUKRXCnxLvJxxcypF
-URmFzI79R6d0lR2o0a9OF7FpJsKqeFdbxU2n5Z4FF5TKsl+gSRiNNOkmbEgeqmiSBeGCc1qb3Adb
-CG19ndeNIdn8FCCqwkXfP+cAslHkwvgFuXkajDTznlvkN1trSt8sV4pAWja63XVECDdCcAz+3F4h
-oKOKwJCcaNpQ5kUQR3i2TtJlycM33+FCY7BXN0Ute4qcvwXqZVUz9zkQxSgqIXobisQk+T8VyJoV
-IPVVYpbtbZNQvOSqeK3Zywplh6ZmwcSBo3c6WB4L7oOLnR7SUqTMHW+wmG2UMbX4cQrcufx9MmDm
-66+KAQ==
+MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
+MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
+bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
+QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
+Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
+ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
+EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
+cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
+AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
+XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
+h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
+ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
+NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
+D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
+lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
+0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
+ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
+EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
+G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
+BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
+bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
+bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
+CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
+AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
+wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
+3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
+RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
+M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
+YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
+9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
+zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
+nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
+OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert055.pem b/test/rules/platform_certs/default/cert055.pem
index 7e3c8df25c1a..45aa496004c0 100644
--- a/test/rules/platform_certs/default/cert055.pem
+++ b/test/rules/platform_certs/default/cert055.pem
@@ -1,18 +1,36 @@
-Hongkong Post Root CA 1
+Global Chambersign Root - 2008
 -----BEGIN CERTIFICATE-----
-MIIDMDCCAhigAwIBAgICA+gwDQYJKoZIhvcNAQEFBQAwRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoT
-DUhvbmdrb25nIFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMB4XDTAzMDUx
-NTA1MTMxNFoXDTIzMDUxNTA0NTIyOVowRzELMAkGA1UEBhMCSEsxFjAUBgNVBAoTDUhvbmdrb25n
-IFBvc3QxIDAeBgNVBAMTF0hvbmdrb25nIFBvc3QgUm9vdCBDQSAxMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEArP84tulmAknjorThkPlAj3n54r15/gK97iSSHSL22oVyaf7XPwnU3ZG1
-ApzQjVrhVcNQhrkpJsLj2aDxaQMoIIBFIi1WpztUlVYiWR8o3x8gPW2iNr4joLFutbEnPzlTCeqr
-auh0ssJlXI6/fMN4hM2eFvz1Lk8gKgifd/PFHsSaUmYeSF7jEAaPIpjhZY4bXSNmO7ilMlHIhqqh
-qZ5/dpTCpmy3QfDVyAY45tQM4vM7TG1QjMSDJ8EThFk9nnV0ttgCXjqQesBCNnLsak3c78QA3xMY
-V18meMjWCnl3v/evt3a5pQuEF10Q6m/hq5URX208o1xNg1vysxmKgIsLhwIDAQABoyYwJDASBgNV
-HRMBAf8ECDAGAQH/AgEDMA4GA1UdDwEB/wQEAwIBxjANBgkqhkiG9w0BAQUFAAOCAQEADkbVPK7i
-h9legYsCmEEIjEy82tvuJxuC52pF7BaLT4Wg87JwvVqWuspube5Gi27nKi6Wsxkz67SfqLI37pio
-l7Yutmcn1KZJ/RyTZXaeQi/cImyaT/JaFTmxcdcrUehtHJjA2Sr0oYJ71clBoiMBdDhViw+5Lmei
-IAQ32pwL0xch4I+XeTRvhEgCIDMb5jREn5Fw9IBehEPCKdJsEhTkYY2sEJCehFC78JZvRZ+K88ps
-T/oROhUVRsPNH4NbLUES7VBnQRM9IauUiqpOfMGx+6fWtScvl6tu4B3i0RwsH0Ti/L6RoZz71ilT
-c4afU9hDDl3WY4JxHYB0yvbiAmvZWg==
+MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
+MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
+bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
+QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
+NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
+Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
+QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
+aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
+VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
+XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
+ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
+/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
+TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
+H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
+Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
+HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
+wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
+AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
+BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
+BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
+aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
+aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
+1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
+dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
+/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
+ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
+dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
+9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
+foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
+qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
+P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
+c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
+09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert056.pem b/test/rules/platform_certs/default/cert056.pem
index 6bea4b13da3d..f95b11bf2c15 100644
--- a/test/rules/platform_certs/default/cert056.pem
+++ b/test/rules/platform_certs/default/cert056.pem
@@ -1,19 +1,20 @@
-SecureSign RootCA11
+Go Daddy Root Certificate Authority - G2
 -----BEGIN CERTIFICATE-----
-MIIDbTCCAlWgAwIBAgIBATANBgkqhkiG9w0BAQUFADBYMQswCQYDVQQGEwJKUDErMCkGA1UEChMi
-SmFwYW4gQ2VydGlmaWNhdGlvbiBTZXJ2aWNlcywgSW5jLjEcMBoGA1UEAxMTU2VjdXJlU2lnbiBS
-b290Q0ExMTAeFw0wOTA0MDgwNDU2NDdaFw0yOTA0MDgwNDU2NDdaMFgxCzAJBgNVBAYTAkpQMSsw
-KQYDVQQKEyJKYXBhbiBDZXJ0aWZpY2F0aW9uIFNlcnZpY2VzLCBJbmMuMRwwGgYDVQQDExNTZWN1
-cmVTaWduIFJvb3RDQTExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA/XeqpRyQBTvL
-TJszi1oURaTnkBbR31fSIRCkF/3frNYfp+TbfPfs37gD2pRY/V1yfIw/XwFndBWW4wI8h9uuywGO
-wvNmxoVF9ALGOrVisq/6nL+k5tSAMJjzDbaTj6nU2DbysPyKyiyhFTOVMdrAG/LuYpmGYz+/3ZMq
-g6h2uRMft85OQoWPIucuGvKVCbIFtUROd6EgvanyTgp9UK31BQ1FT0Zx/Sg+U/sE2C3XZR1KG/rP
-O7AxmjVuyIsG0wCR8pQIZUyxNAYAeoni8McDWc/V1uinMrPmmECGxc0nEovMe863ETxiYAcjPitA
-bpSACW22s293bzUIUPsCh8U+iQIDAQABo0IwQDAdBgNVHQ4EFgQUW/hNT7KlhtQ60vFjmqC+CfZX
-t94wDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKCh
-OBZmLqdWHyGcBvod7bkixTgm2E5P7KN/ed5GIaGHd48HCJqypMWvDzKYC3xmKbabfSVSSUOrTC4r
-bnpwrxYO4wJs+0LmGJ1F2FXI6Dvd5+H0LgscNFxsWEr7jIhQX5Ucv+2rIrVls4W6ng+4reV6G4pQ
-Oh29Dbx7VFALuUKvVaAYga1lme++5Jy/xIWrQbJUb9wlze144o4MjQlJ3WN7WmmWAiGovVJZ6X01
-y8hSyn+B/tlr0/cR7SXf+Of5pPpyl4RTDaXQMhhRdlkUbA/r7F+AjHVDg8OFmP9Mni0N5HeDk061
-lgeLKBObjBmNQSdJQO7e5iNEOdyhIta6A/I=
+MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
+MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
+MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
+b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
+A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
+hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
+9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
++qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
+fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
+NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
+BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
+vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
+5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
+N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
+LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert057.pem b/test/rules/platform_certs/default/cert057.pem
index 23de03568974..7d2fb3afa6a5 100644
--- a/test/rules/platform_certs/default/cert057.pem
+++ b/test/rules/platform_certs/default/cert057.pem
@@ -1,22 +1,21 @@
-Microsec e-Szigno Root CA 2009
+Starfield Root Certificate Authority - G2
 -----BEGIN CERTIFICATE-----
-MIIECjCCAvKgAwIBAgIJAMJ+QwRORz8ZMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYDVQQGEwJIVTER
-MA8GA1UEBwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jv
-c2VjIGUtU3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5o
-dTAeFw0wOTA2MTYxMTMwMThaFw0yOTEyMzAxMTMwMThaMIGCMQswCQYDVQQGEwJIVTERMA8GA1UE
-BwwIQnVkYXBlc3QxFjAUBgNVBAoMDU1pY3Jvc2VjIEx0ZC4xJzAlBgNVBAMMHk1pY3Jvc2VjIGUt
-U3ppZ25vIFJvb3QgQ0EgMjAwOTEfMB0GCSqGSIb3DQEJARYQaW5mb0BlLXN6aWduby5odTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOn4j/NjrdqG2KfgQvvPkd6mJviZpWNwrZuuyjNA
-fW2WbqEORO7hE52UQlKavXWFdCyoDh2Tthi3jCyoz/tccbna7P7ofo/kLx2yqHWH2Leh5TvPmUpG
-0IMZfcChEhyVbUr02MelTTMuhTlAdX4UfIASmFDHQWe4oIBhVKZsTh/gnQ4H6cm6M+f+wFUoLAKA
-pxn1ntxVUwOXewdI/5n7N4okxFnMUBBjjqqpGrCEGob5X7uxUG6k0QrM1XF+H6cbfPVTbiJfyyvm
-1HxdrtbCxkzlBQHZ7Vf8wSN5/PrIJIOV87VqUQHQd9bpEqH5GoP7ghu5sJf0dgYzQ0mg/wu1+rUC
-AwEAAaOBgDB+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBTLD8bf
-QkPMPcu1SCOhGnqmKrs0aDAfBgNVHSMEGDAWgBTLD8bfQkPMPcu1SCOhGnqmKrs0aDAbBgNVHREE
-FDASgRBpbmZvQGUtc3ppZ25vLmh1MA0GCSqGSIb3DQEBCwUAA4IBAQDJ0Q5eLtXMs3w+y/w9/w0o
-lZMEyL/azXm4Q5DwpL7v8u8hmLzU1F0G9u5C7DBsoKqpyvGvivo/C3NqPuouQH4frlRheesuCDfX
-I/OMn74dseGkddug4lQUsbocKaQY9hK6ohQU4zE1yED/t+AFdlfBHFny+L/k7SViXITwfn4fs775
-tyERzAMBVnCnEJIeGzSBHq2cGsMEPO0CYdYeBvNfOofyK/FFh+U9rNHHV4S9a67c2Pm2G2JwCz02
-yULyMtd6YebS2z3PyKnJm9zbWETXbzivf3jTo60adbocwTZ8jx5tHMN1Rq41Bab2XD0h7lbwyYIi
-LXpUq3DDfSJlgnCW
+MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
+eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
+DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
+VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
+dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
+W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
+bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
+N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
+ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
+JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
+TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
+4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
+F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
+pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
+c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert058.pem b/test/rules/platform_certs/default/cert058.pem
index 7917400e8383..a575ff262332 100644
--- a/test/rules/platform_certs/default/cert058.pem
+++ b/test/rules/platform_certs/default/cert058.pem
@@ -1,19 +1,21 @@
-GlobalSign Root CA - R3
+Starfield Services Root Certificate Authority - G2
 -----BEGIN CERTIFICATE-----
-MIIDXzCCAkegAwIBAgILBAAAAAABIVhTCKIwDQYJKoZIhvcNAQELBQAwTDEgMB4GA1UECxMXR2xv
-YmFsU2lnbiBSb290IENBIC0gUjMxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkdsb2Jh
-bFNpZ24wHhcNMDkwMzE4MTAwMDAwWhcNMjkwMzE4MTAwMDAwWjBMMSAwHgYDVQQLExdHbG9iYWxT
-aWduIFJvb3QgQ0EgLSBSMzETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFsU2ln
-bjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMwldpB5BngiFvXAg7aEyiie/QV2EcWt
-iHL8RgJDx7KKnQRfJMsuS+FggkbhUqsMgUdwbN1k0ev1LKMPgj0MK66X17YUhhB5uzsTgHeMCOFJ
-0mpiLx9e+pZo34knlTifBtc+ycsmWQ1z3rDI6SYOgxXG71uL0gRgykmmKPZpO/bLyCiR5Z2KYVc3
-rHQU3HTgOu5yLy6c+9C7v/U9AOEGM+iCK65TpjoWc4zdQQ4gOsC0p6Hpsk+QLjJg6VfLuQSSaGjl
-OCZgdbKfd/+RFO+uIEn8rUAVSNECMWEZXriX7613t2Saer9fwRPvm2L7DWzgVGkWqQPabumDk3F2
-xmmFghcCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
-FI/wS3+oLkUkrk1Q+mOai97i3Ru8MA0GCSqGSIb3DQEBCwUAA4IBAQBLQNvAUKr+yAzv95ZURUm7
-lgAJQayzE4aGKAczymvmdLm6AC2upArT9fHxD4q/c2dKg8dEe3jgr25sbwMpjjM5RcOO5LlXbKr8
-EpbsU8Yt5CRsuZRj+9xTaGdWPoO4zzUhw8lo/s7awlOqzJCK6fBdRoyV3XpYKBovHd7NADdBj+1E
-bddTKJd+82cEHhXXipa0095MJ6RMG3NzdvQXmcIfeg7jLQitChws/zyrVQ4PkX4268NXSb7hLi18
-YIvDQVETI53O9zJrlAGomecsMx86OyXShkDOOyyGeMlhLxS67ttVb9+E7gUJTb0o2HLO02JQZR7r
-kpeDMdmztcpHWD9f
+MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
+B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
+b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
+IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
+BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
+dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
+Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
+AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
+h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
+hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
+LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
+rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
+AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
+SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
+E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
+xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
+iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
+YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert059.pem b/test/rules/platform_certs/default/cert059.pem
index 751d1d493329..0ea335ce36a7 100644
--- a/test/rules/platform_certs/default/cert059.pem
+++ b/test/rules/platform_certs/default/cert059.pem
@@ -1,31 +1,18 @@
-Autoridad de Certificacion Firmaprofesional CIF A62634068
+AffirmTrust Commercial
 -----BEGIN CERTIFICATE-----
-MIIGFDCCA/ygAwIBAgIIU+w77vuySF8wDQYJKoZIhvcNAQEFBQAwUTELMAkGA1UEBhMCRVMxQjBA
-BgNVBAMMOUF1dG9yaWRhZCBkZSBDZXJ0aWZpY2FjaW9uIEZpcm1hcHJvZmVzaW9uYWwgQ0lGIEE2
-MjYzNDA2ODAeFw0wOTA1MjAwODM4MTVaFw0zMDEyMzEwODM4MTVaMFExCzAJBgNVBAYTAkVTMUIw
-QAYDVQQDDDlBdXRvcmlkYWQgZGUgQ2VydGlmaWNhY2lvbiBGaXJtYXByb2Zlc2lvbmFsIENJRiBB
-NjI2MzQwNjgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDKlmuO6vj78aI14H9M2uDD
-Utd9thDIAl6zQyrET2qyyhxdKJp4ERppWVevtSBC5IsP5t9bpgOSL/UR5GLXMnE42QQMcas9UX4P
-B99jBVzpv5RvwSmCwLTaUbDBPLutN0pcyvFLNg4kq7/DhHf9qFD0sefGL9ItWY16Ck6WaVICqjaY
-7Pz6FIMMNx/Jkjd/14Et5cS54D40/mf0PmbR0/RAz15iNA9wBj4gGFrO93IbJWyTdBSTo3OxDqqH
-ECNZXyAFGUftaI6SEspd/NYrspI8IM/hX68gvqB2f3bl7BqGYTM+53u0P6APjqK5am+5hyZvQWyI
-plD9amML9ZMWGxmPsu2bm8mQ9QEM3xk9Dz44I8kvjwzRAv4bVdZO0I08r0+k8/6vKtMFnXkIoctX
-MbScyJCyZ/QYFpM6/EfY0XiWMR+6KwxfXZmtY4laJCB22N/9q06mIqqdXuYnin1oKaPnirjaEbsX
-LZmdEyRG98Xi2J+Of8ePdG1asuhy9azuJBCtLxTa/y2aRnFHvkLfuwHb9H/TKI8xWVvTyQKmtFLK
-bpf7Q8UIJm+K9Lv9nyiqDdVF8xM6HdjAeI9BZzwelGSuewvF6NkBiDkal4ZkQdU7hwxu+g/GvUgU
-vzlN1J5Bto+WHWOWk9mVBngxaJ43BjuAiUVhOSPHG0SjFeUc+JIwuwIDAQABo4HvMIHsMBIGA1Ud
-EwEB/wQIMAYBAf8CAQEwDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRlzeurNR4APn7VdMActHNH
-DhpkLzCBpgYDVR0gBIGeMIGbMIGYBgRVHSAAMIGPMC8GCCsGAQUFBwIBFiNodHRwOi8vd3d3LmZp
-cm1hcHJvZmVzaW9uYWwuY29tL2NwczBcBggrBgEFBQcCAjBQHk4AUABhAHMAZQBvACAAZABlACAA
-bABhACAAQgBvAG4AYQBuAG8AdgBhACAANAA3ACAAQgBhAHIAYwBlAGwAbwBuAGEAIAAwADgAMAAx
-ADcwDQYJKoZIhvcNAQEFBQADggIBABd9oPm03cXF661LJLWhAqvdpYhKsg9VSytXjDvlMd3+xDLx
-51tkljYyGOylMnfX40S2wBEqgLk9am58m9Ot/MPWo+ZkKXzR4Tgegiv/J2Wv+xYVxC5xhOW1//qk
-R71kMrv2JYSiJ0L1ILDCExARzRAVukKQKtJE4ZYm6zFIEv0q2skGz3QeqUvVhyj5eTSSPi5E6PaP
-T481PyWzOdxjKpBrIF/EUhJOlywqrJ2X3kjyo2bbwtKDlaZmp54lD+kLM5FlClrD2VQS3a/DTg4f
-Jl4N3LON7NWBcN7STyQF82xO9UxJZo3R/9ILJUFI/lGExkKvgATP0H5kSeTy36LssUzAKh3ntLFl
-osS88Zj0qnAHY7S42jtM+kAiMFsRpvAFDsYCA0irhpuF3dvd6qJ2gHN99ZwExEWN57kci57q13XR
-crHedUTnQn3iV2t93Jm8PYMo6oCTjcVMZcFwgbg4/EMxsvYDNEeyrPsiBsse3RdHHF9mudMaotoR
-saS8I8nkvof/uZS2+F0gStRf571oe2XyFR7SOqkt6dhrJKyXWERHrVkY8SFlcN7ONGCoQPHzPKTD
-KCOM/iczQ0CgFzzr6juwcqajuUpLXhZI9LK8yIySxZ2frHI2vDSANGupi5LAuBft7HZT9SQBjLMi
-6Et8Vcad+qMUu2WFbm5PEn4KPJ2V
+MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
+MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
+DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
+C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
+BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
+MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
+HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
+hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
+qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
+0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
+sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert060.pem b/test/rules/platform_certs/default/cert060.pem
index 52e7459c17f3..d19d4d329d30 100644
--- a/test/rules/platform_certs/default/cert060.pem
+++ b/test/rules/platform_certs/default/cert060.pem
@@ -1,30 +1,18 @@
-Izenpe.com
+AffirmTrust Networking
 -----BEGIN CERTIFICATE-----
-MIIF8TCCA9mgAwIBAgIQALC3WhZIX7/hy/WL1xnmfTANBgkqhkiG9w0BAQsFADA4MQswCQYDVQQG
-EwJFUzEUMBIGA1UECgwLSVpFTlBFIFMuQS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wHhcNMDcxMjEz
-MTMwODI4WhcNMzcxMjEzMDgyNzI1WjA4MQswCQYDVQQGEwJFUzEUMBIGA1UECgwLSVpFTlBFIFMu
-QS4xEzARBgNVBAMMCkl6ZW5wZS5jb20wggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDJ
-03rKDx6sp4boFmVqscIbRTJxldn+EFvMr+eleQGPicPK8lVx93e+d5TzcqQsRNiekpsUOqHnJJAK
-ClaOxdgmlOHZSOEtPtoKct2jmRXagaKH9HtuJneJWK3W6wyyQXpzbm3benhB6QiIEn6HLmYRY2xU
-+zydcsC8Lv/Ct90NduM61/e0aL6i9eOBbsFGb12N4E3GVFWJGjMxCrFXuaOKmMPsOzTFlUFpfnXC
-PCDFYbpRR6AgkJOhkEvzTnyFRVSa0QUmQbC1TR0zvsQDyCV8wXDbO/QJLVQnSKwv4cSsPsjLkkxT
-OTcj7NMB+eAJRE1NZMDhDVqHIrytG6P+JrUV86f8hBnp7KGItERphIPzidF0BqnMC9bC3ieFUCbK
-F7jJeodWLBoBHmy+E60QrLUk9TiRodZL2vG70t5HtfG8gfZZa88ZU+mNFctKy6lvROUbQc/hhqfK
-0GqfvEyNBjNaooXlkDWgYlwWTvDjovoDGrQscbNYLN57C9saD+veIR8GdwYDsMnvmfzAuU8Lhij+
-0rnq49qlw0dpEuDb8PYZi+17cNcC1u2HGCgsBCRMd+RIihrGO5rUD8r6ddIBQFqNeb+Lz0vPqhbB
-leStTIo+F5HUsWLlguWABKQDfo2/2n+iD5dPDNMN+9fR5XJ+HMh3/1uaD7euBUbl8agW7EekFwID
-AQABo4H2MIHzMIGwBgNVHREEgagwgaWBD2luZm9AaXplbnBlLmNvbaSBkTCBjjFHMEUGA1UECgw+
-SVpFTlBFIFMuQS4gLSBDSUYgQTAxMzM3MjYwLVJNZXJjLlZpdG9yaWEtR2FzdGVpeiBUMTA1NSBG
-NjIgUzgxQzBBBgNVBAkMOkF2ZGEgZGVsIE1lZGl0ZXJyYW5lbyBFdG9yYmlkZWEgMTQgLSAwMTAx
-MCBWaXRvcmlhLUdhc3RlaXowDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
-BBYEFB0cZQ6o8iV7tJHP5LGx5r1VdGwFMA0GCSqGSIb3DQEBCwUAA4ICAQB4pgwWSp9MiDrAyw6l
-Fn2fuUhfGI8NYjb2zRlrrKvV9pF9rnHzP7MOeIWblaQnIUdCSnxIOvVFfLMMjlF4rJUT3sb9fbga
-kEyrkgPH7UIBzg/YsfqikuFgba56awmqxinuaElnMIAkejEWOVt+8Rwu3WwJrfIxwYJOubv5vr8q
-hT/AQKM6WfxZSzwoJNu0FXWuDYi6LnPAvViH5ULy617uHjAimcs30cQhbIHsvm0m5hzkQiCeR7Cs
-g1lwLDXWrzY0tM07+DKo7+N4ifuNRSzanLh+QBxh5z6ikixL8s36mLYp//Pye6kfLqCTVyvehQP5
-aTfLnnhqBbTFMXiJ7HqnheG5ezzevh55hM6fcA5ZwjUukCox2eRFekGkLhObNA5me0mrZJfQRsN5
-nXJQY6aYWwa9SG3YOYNw6DXwBdGqvOPbyALqfP2C2sJbUjWumDqtujWTI6cfSN01RpiyEGjkpTHC
-ClguGYEQyVB1/OpaFs4R1+7vUIgtYf8/QnMFlEPVjjxOAToZpR9GTnfQXeWBIiGH/pR9hNiTrdZo
-Q0iy2+tzJOeRf1SktoA+naM8THLCV8Sg1Mw4J87VBp6iSNnpn86CcDaTmjvfliHjWbcM2pE38P1Z
-WrOZyGlsQyYBNWNgVYkDOnXYukrZVP/u3oDYLdE41V4tC5h9Pmzb/CaIxw==
+MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
+MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
+bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
+Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
+dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
+/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
+h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
+HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
+UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
+12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
+WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
+/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert061.pem b/test/rules/platform_certs/default/cert061.pem
index ba9343141530..be39ab5951bd 100644
--- a/test/rules/platform_certs/default/cert061.pem
+++ b/test/rules/platform_certs/default/cert061.pem
@@ -1,36 +1,27 @@
-Chambers of Commerce Root - 2008
+AffirmTrust Premium
 -----BEGIN CERTIFICATE-----
-MIIHTzCCBTegAwIBAgIJAKPaQn6ksa7aMA0GCSqGSIb3DQEBBQUAMIGuMQswCQYDVQQGEwJFVTFD
-MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
-bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
-QS4xKTAnBgNVBAMTIENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4MB4XDTA4MDgwMTEy
-Mjk1MFoXDTM4MDczMTEyMjk1MFowga4xCzAJBgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNl
-ZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNhbWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQF
-EwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENhbWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJl
-cnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDgwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoIC
-AQCvAMtwNyuAWko6bHiUfaN/Gh/2NdW928sNRHI+JrKQUrpjOyhYb6WzbZSm891kDFX29ufyIiKA
-XuFixrYp4YFs8r/lfTJqVKAyGVn+H4vXPWCGhSRv4xGzdz4gljUha7MI2XAuZPeEklPWDrCQiorj
-h40G072QDuKZoRuGDtqaCrsLYVAGUvGef3bsyw/QHg3PmTA9HMRFEFis1tPo1+XqxQEHd9ZR5gN/
-ikilTWh1uem8nk4ZcfUyS5xtYBkL+8ydddy/Js2Pk3g5eXNeJQ7KXOt3EgfLZEFHcpOrUMPrCXZk
-NNI5t3YRCQ12RcSprj1qr7V9ZS+UWBDsXHyvfuK2GNnQm05aSd+pZgvMPMZ4fKecHePOjlO+Bd5g
-D2vlGts/4+EhySnB8esHnFIbAURRPHsl18TlUlRdJQfKFiC4reRB7noI/plvg6aRArBsNlVq5331
-lubKgdaX8ZSD6e2wsWsSaR6s+12pxZjptFtYer49okQ6Y1nUCyXeG0+95QGezdIp1Z8XGQpvvwyQ
-0wlf2eOKNcx5Wk0ZN5K3xMGtr/R5JJqyAQuxr1yW84Ay+1w9mPGgP0revq+ULtlVmhduYJ1jbLhj
-ya6BXBg14JC7vjxPNyK5fuvPnnchpj04gftI2jE9K+OJ9dC1vX7gUMQSibMjmhAxhduub+84Mxh2
-EQIDAQABo4IBbDCCAWgwEgYDVR0TAQH/BAgwBgEB/wIBDDAdBgNVHQ4EFgQU+SSsD7K1+HnA+mCI
-G8TZTQKeFxkwgeMGA1UdIwSB2zCB2IAU+SSsD7K1+HnA+mCIG8TZTQKeFxmhgbSkgbEwga4xCzAJ
-BgNVBAYTAkVVMUMwQQYDVQQHEzpNYWRyaWQgKHNlZSBjdXJyZW50IGFkZHJlc3MgYXQgd3d3LmNh
-bWVyZmlybWEuY29tL2FkZHJlc3MpMRIwEAYDVQQFEwlBODI3NDMyODcxGzAZBgNVBAoTEkFDIENh
-bWVyZmlybWEgUy5BLjEpMCcGA1UEAxMgQ2hhbWJlcnMgb2YgQ29tbWVyY2UgUm9vdCAtIDIwMDiC
-CQCj2kJ+pLGu2jAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUH
-AgEWHGh0dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAJASryI1
-wqM58C7e6bXpeHxIvj99RZJe6dqxGfwWPJ+0W2aeaufDuV2I6A+tzyMP3iU6XsxPpcG1Lawk0lgH
-3qLPaYRgM+gQDROpI9CF5Y57pp49chNyM/WqfcZjHwj0/gF/JM8rLFQJ3uIrbZLGOU8W6jx+ekbU
-RWpGqOt1glanq6B8aBMz9p0w8G8nOSQjKpD9kCk18pPfNKXG9/jvjA9iSnyu0/VU+I22mlaHFoI6
-M6taIgj3grrqLuBHmrS1RaMFO9ncLkVAO+rcf+g769HsJtg1pDDFOqxXnrN2pSB7+R5KBWIBpih1
-YJeSDW4+TTdDDZIVnBgizVGZoCkaPF+KMjNbMMeJL0eYD6MDxvbxrN8y8NmBGuScvfaAFPDRLLmF
-9dijscilIeUcE5fuDr3fKanvNFNb0+RqE4QGtjICxFKuItLcsiFCGtpA8CnJ7AoMXOLQusxI0zcK
-zBIKinmwPQN/aUv0NCB9szTqjktk9T79syNnFQ0EuPAtwQlRPLJsFfClI9eDdOTlLsn+mCdCxqvG
-nrDQWzilm1DefhiYtUU79nm06PcaewaD+9CL2rvHvRirCG88gGtAPxkZumWK5r7VXNM21+9AUiRg
-OGcEMeyP84LG3rlV8zsxkVrctQgVrXYlCg17LofiDKYGvCYQbTed7N14jHyAxfDZd0jQ
+MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
+BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
+OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
+dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
+BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
+5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
++7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
+GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
+p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
+S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
+6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
+/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
++Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
+/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
+MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
+Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
+6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
+L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
++4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
+BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
+IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
+g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
+zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert062.pem b/test/rules/platform_certs/default/cert062.pem
index 45aa496004c0..10562b05e1e0 100644
--- a/test/rules/platform_certs/default/cert062.pem
+++ b/test/rules/platform_certs/default/cert062.pem
@@ -1,36 +1,13 @@
-Global Chambersign Root - 2008
+AffirmTrust Premium ECC
 -----BEGIN CERTIFICATE-----
-MIIHSTCCBTGgAwIBAgIJAMnN0+nVfSPOMA0GCSqGSIb3DQEBBQUAMIGsMQswCQYDVQQGEwJFVTFD
-MEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNv
-bS9hZGRyZXNzKTESMBAGA1UEBRMJQTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMu
-QS4xJzAlBgNVBAMTHkdsb2JhbCBDaGFtYmVyc2lnbiBSb290IC0gMjAwODAeFw0wODA4MDExMjMx
-NDBaFw0zODA3MzExMjMxNDBaMIGsMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUg
-Y3VycmVudCBhZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ
-QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xJzAlBgNVBAMTHkdsb2JhbCBD
-aGFtYmVyc2lnbiBSb290IC0gMjAwODCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMDf
-VtPkOpt2RbQT2//BthmLN0EYlVJH6xedKYiONWwGMi5HYvNJBL99RDaxccy9Wglz1dmFRP+RVyXf
-XjaOcNFccUMd2drvXNL7G706tcuto8xEpw2uIRU/uXpbknXYpBI4iRmKt4DS4jJvVpyR1ogQC7N0
-ZJJ0YPP2zxhPYLIj0Mc7zmFLmY/CDNBAspjcDahOo7kKrmCgrUVSY7pmvWjg+b4aqIG7HkF4ddPB
-/gBVsIdU6CeQNR1MM62X/JcumIS/LMmjv9GYERTtY/jKmIhYF5ntRQOXfjyGHoiMvvKRhI9lNNgA
-TH23MRdaKXoKGCQwoze1eqkBfSbW+Q6OWfH9GzO1KTsXO0G2Id3UwD2ln58fQ1DJu7xsepeY7s2M
-H/ucUa6LcL0nn3HAa6x9kGbo1106DbDVwo3VyJ2dwW3Q0L9R5OP4wzg2rtandeavhENdk5IMagfe
-Ox2YItaswTXbo6Al/3K1dh3ebeksZixShNBFks4c5eUzHdwHU1SjqoI7mjcv3N2gZOnm3b2u/GSF
-HTynyQbehP9r6GsaPMWis0L7iwk+XwhSx2LE1AVxv8Rk5Pihg+g+EpuoHtQ2TS9x9o0o9oOpE9Jh
-wZG7SMA0j0GMS0zbaRL/UJScIINZc+18ofLx/d33SdNDWKBWY8o9PeU1VlnpDsogzCtLkykPAgMB
-AAGjggFqMIIBZjASBgNVHRMBAf8ECDAGAQH/AgEMMB0GA1UdDgQWBBS5CcqcHtvTbDprru1U8VuT
-BjUuXjCB4QYDVR0jBIHZMIHWgBS5CcqcHtvTbDprru1U8VuTBjUuXqGBsqSBrzCBrDELMAkGA1UE
-BhMCRVUxQzBBBgNVBAcTOk1hZHJpZCAoc2VlIGN1cnJlbnQgYWRkcmVzcyBhdCB3d3cuY2FtZXJm
-aXJtYS5jb20vYWRkcmVzcykxEjAQBgNVBAUTCUE4Mjc0MzI4NzEbMBkGA1UEChMSQUMgQ2FtZXJm
-aXJtYSBTLkEuMScwJQYDVQQDEx5HbG9iYWwgQ2hhbWJlcnNpZ24gUm9vdCAtIDIwMDiCCQDJzdPp
-1X0jzjAOBgNVHQ8BAf8EBAMCAQYwPQYDVR0gBDYwNDAyBgRVHSAAMCowKAYIKwYBBQUHAgEWHGh0
-dHA6Ly9wb2xpY3kuY2FtZXJmaXJtYS5jb20wDQYJKoZIhvcNAQEFBQADggIBAICIf3DekijZBZRG
-/5BXqfEv3xoNa/p8DhxJJHkn2EaqbylZUohwEurdPfWbU1Rv4WCiqAm57OtZfMY18dwY6fFn5a+6
-ReAJ3spED8IXDneRRXozX1+WLGiLwUePmJs9wOzL9dWCkoQ10b42OFZyMVtHLaoXpGNR6woBrX/s
-dZ7LoR/xfxKxueRkf2fWIyr0uDldmOghp+G9PUIadJpwr2hsUF1Jz//7Dl3mLEfXgTpZALVza2Mg
-9jFFCDkO9HB+QHBaP9BrQql0PSgvAm11cpUJjUhjxsYjV5KTXjXBjfkK9yydYhz2rXzdpjEetrHH
-foUm+qRqtdpjMNHvkzeyZi99Bffnt0uYlDXA2TopwZ2yUDMdSqlapskD7+3056huirRXhOukP9Du
-qqqHW2Pok+JrqNS4cnhrG+055F3Lm6qH1U9OAP7Zap88MQ8oAgF9mOinsKJknnn4SPIVqczmyETr
-P3iZ8ntxPjzxmKfFGBI/5rsoM0LpRQp8bfKGeS/Fghl9CYl8slR2iK7ewfPM4W7bMdaTrpmg7yVq
-c5iJWzouE4gev8CSlDQb4ye3ix5vQv/n6TebUB0tovkC7stYWDpxvGjjqsGvHCgfotwjZT+B6q6Z
-09gwzxMNTxXJhLynSC34MCN32EZLeW32jO06f2ARePTpm67VVMB0gNELQp/B
+MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
+BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
+MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
+cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
+IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
+N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
+BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
+BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
+57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
+eQ==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert063.pem b/test/rules/platform_certs/default/cert063.pem
index f95b11bf2c15..35cdfeebd2f9 100644
--- a/test/rules/platform_certs/default/cert063.pem
+++ b/test/rules/platform_certs/default/cert063.pem
@@ -1,20 +1,20 @@
-Go Daddy Root Certificate Authority - G2
+Certum Trusted Network CA
 -----BEGIN CERTIFICATE-----
-MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoTEUdvRGFkZHkuY29tLCBJbmMu
-MTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5
-MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6
-b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8G
-A1UEAxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZI
-hvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKDE6bFIEMBO4Tx5oVJnyfq
-9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH/PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD
-+qK+ihVqf94Lw7YZFAXK6sOoBJQ7RnwyDfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutd
-fMh8+7ArU6SSYmlRJQVhGkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMl
-NAJWJwGRtDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEAAaNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFDqahQcQZyi27/a9
-BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmXWWcDYfF+OwYxdS2hII5PZYe096ac
-vNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r
-5N9ss4UXnT3ZJE95kTXWXwTrgIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYV
-N8Gb5DKj7Tjo2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO
-LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI4uJEvlz36hz1
+MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
+ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
+MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
+ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
+AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
+l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
+J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
+fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
+cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
+Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
+DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
+jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
+mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
+Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
+03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert064.pem b/test/rules/platform_certs/default/cert064.pem
index 7d2fb3afa6a5..cc44be1d013d 100644
--- a/test/rules/platform_certs/default/cert064.pem
+++ b/test/rules/platform_certs/default/cert064.pem
@@ -1,21 +1,19 @@
-Starfield Root Certificate Authority - G2
+TWCA Root Certification Authority
 -----BEGIN CERTIFICATE-----
-MIID3TCCAsWgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBjzELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
-b2dpZXMsIEluYy4xMjAwBgNVBAMTKVN0YXJmaWVsZCBSb290IENlcnRpZmljYXRlIEF1dGhvcml0
-eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgY8xCzAJBgNVBAYTAlVTMRAw
-DgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxTdGFyZmllbGQg
-VGVjaG5vbG9naWVzLCBJbmMuMTIwMAYDVQQDEylTdGFyZmllbGQgUm9vdCBDZXJ0aWZpY2F0ZSBB
-dXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL3twQP89o/8ArFv
-W59I2Z154qK3A2FWGMNHttfKPTUuiUP3oWmb3ooa/RMgnLRJdzIpVv257IzdIvpy3Cdhl+72WoTs
-bhm5iSzchFvVdPtrX8WJpRBSiUZV9Lh1HOZ/5FSuS/hVclcCGfgXcVnrHigHdMWdSL5stPSksPNk
-N3mSwOxGXn/hbVNMYq/NHwtjuzqd+/x5AJhhdM8mgkBj87JyahkNmcrUDnXMN/uLicFZ8WJ/X7Nf
-ZTD4p7dNdloedl40wOiWVpmKs/B/pM293DIxfJHP4F8R+GuqSVzRmZTRouNjWwl2tVZi4Ut0HZbU
-JtQIBFnQmA4O5t78w+wfkPECAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwHQYDVR0OBBYEFHwMMh+n2TB/xH1oo2Kooc6rB1snMA0GCSqGSIb3DQEBCwUAA4IBAQARWfol
-TwNvlJk7mh+ChTnUdgWUXuEok21iXQnCoKjUsHU48TRqneSfioYmUeYs0cYtbpUgSpIB7LiKZ3sx
-4mcujJUDJi5DnUox9g61DLu34jd/IroAow57UvtruzvE03lRTs2Q9GcHGcg8RnoNAX3FWOdt5oUw
-F5okxBDgBPfg8n/Uqgr/Qh037ZTlZFkSIHc40zI+OIF1lnP6aI+xy84fxez6nH7PfrHxBy22/L/K
-pL/QlwVKvOoYKAKQvVR4CSFx09F9HdkWsKlhPdAKACL8x3vLCWRFCztAgfd9fDL1mMpYjn0q7pBZ
-c2T5NnReJaH1ZgUufzkVqSr7UIuOhWn0
+MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
+VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
+EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
+IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
+QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
+oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
+4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
+y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
+BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
+9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
+mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
+QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
+T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
+Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert065.pem b/test/rules/platform_certs/default/cert065.pem
index a575ff262332..b2a190c2cd1a 100644
--- a/test/rules/platform_certs/default/cert065.pem
+++ b/test/rules/platform_certs/default/cert065.pem
@@ -1,21 +1,19 @@
-Starfield Services Root Certificate Authority - G2
+Security Communication RootCA2
 -----BEGIN CERTIFICATE-----
-MIID7zCCAtegAwIBAgIBADANBgkqhkiG9w0BAQsFADCBmDELMAkGA1UEBhMCVVMxEDAOBgNVBAgT
-B0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxJTAjBgNVBAoTHFN0YXJmaWVsZCBUZWNobm9s
-b2dpZXMsIEluYy4xOzA5BgNVBAMTMlN0YXJmaWVsZCBTZXJ2aWNlcyBSb290IENlcnRpZmljYXRl
-IEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIzNTk1OVowgZgxCzAJBgNV
-BAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQHEwpTY290dHNkYWxlMSUwIwYDVQQKExxT
-dGFyZmllbGQgVGVjaG5vbG9naWVzLCBJbmMuMTswOQYDVQQDEzJTdGFyZmllbGQgU2VydmljZXMg
-Um9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
-AQoCggEBANUMOsQq+U7i9b4Zl1+OiFOxHz/Lz58gE20pOsgPfTz3a3Y4Y9k2YKibXlwAgLIvWX/2
-h/klQ4bnaRtSmpDhcePYLQ1Ob/bISdm28xpWriu2dBTrz/sm4xq6HZYuajtYlIlHVv8loJNwU4Pa
-hHQUw2eeBGg6345AWh1KTs9DkTvnVtYAcMtS7nt9rjrnvDH5RfbCYM8TWQIrgMw0R9+53pBlbQLP
-LJGmpufehRhJfGZOozptqbXuNC66DQO4M99H67FrjSXZm86B0UVGMpZwh94CDklDhbZsc7tk6mFB
-rMnUVN+HL8cisibMn1lUaJ/8viovxFUcdUBgF4UCVTmLfwUCAwEAAaNCMEAwDwYDVR0TAQH/BAUw
-AwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJxfAN+qAdcwKziIorhtSpzyEZGDMA0GCSqG
-SIb3DQEBCwUAA4IBAQBLNqaEd2ndOxmfZyMIbw5hyf2E3F/YNoHN2BtBLZ9g3ccaaNnRbobhiCPP
-E95Dz+I0swSdHynVv/heyNXBve6SbzJ08pGCL72CQnqtKrcgfU28elUSwhXqvfdqlS5sdJ/PHLTy
-xQGjhdByPq1zqwubdQxtRbeOlKyWN7Wg0I8VRw7j6IPdj/3vQQF3zCepYoUz8jcI73HPdwbeyBkd
-iEDPfUYd/x7H4c7/I9vG+o1VTqkC50cRRj70/b17KSa7qWFiNyi2LSr2EIZkyXCn0q23KXB56jza
-YyWf/Wi3MOxw+3WKt21gZ7IeyLnp2KhvAotnDU0mV3HaIPzBSlCNsSi6
+MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
+U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
+dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
+SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
+aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
++T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
+3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
+spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
+EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
+QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
+CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
+u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
+3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
+tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
+mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert066.pem b/test/rules/platform_certs/default/cert066.pem
index 0ea335ce36a7..3b91dfb65701 100644
--- a/test/rules/platform_certs/default/cert066.pem
+++ b/test/rules/platform_certs/default/cert066.pem
@@ -1,18 +1,28 @@
-AffirmTrust Commercial
+EC-ACC
 -----BEGIN CERTIFICATE-----
-MIIDTDCCAjSgAwIBAgIId3cGJyapsXwwDQYJKoZIhvcNAQELBQAwRDELMAkGA1UEBhMCVVMxFDAS
-BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMB4XDTEw
-MDEyOTE0MDYwNloXDTMwMTIzMTE0MDYwNlowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
-bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBDb21tZXJjaWFsMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEA9htPZwcroRX1BiLLHwGy43NFBkRJLLtJJRTWzsO3qyxPxkEylFf6Eqdb
-DuKPHx6GGaeqtS25Xw2Kwq+FNXkyLbscYjfysVtKPcrNcV/pQr6U6Mje+SJIZMblq8Yrba0F8PrV
-C8+a5fBQpIs7R6UjW3p6+DM/uO+Zl+MgwdYoic+U+7lF7eNAFxHUdPALMeIrJmqbTFeurCA+ukV6
-BfO9m2kVrn1OIGPENXY6BwLJN/3HR+7o8XYdcxXyl6S1yHp52UKqK39c/s4mT6NmgTWvRLpUHhww
-MmWd5jyTXlBOeuM61G7MGvv50jeuJCqrVwMiKA1JdX+3KNp1v47j3A55MQIDAQABo0IwQDAdBgNV
-HQ4EFgQUnZPGU4teyq8/nx4P5ZmVvCT2lI8wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwDQYJKoZIhvcNAQELBQADggEBAFis9AQOzcAN/wr91LoWXym9e2iZWEnStB03TX8nfUYGXUPG
-hi4+c7ImfU+TqbbEKpqrIZcUsd6M06uJFdhrJNTxFq7YpFzUf1GO7RgBsZNjvbz4YYCanrHOQnDi
-qX0GJX0nof5v7LMeJNrjS1UaADs1tDvZ110w/YETifLCBivtZ8SOyUOyXGsViQK8YvxO8rUzqrJv
-0wqiUOP2O+guRMLbZjipM1ZI8W0bM40NjD9gN53Tym1+NH4Nn3J2ixufcv1SNUFFApYvHLKac0kh
-sUlHRUe072o0EclNmsxZt9YCnlpOZbWUrhvfKbAW8b8Angc6F2S1BLUjIZkKlTuXfO8=
+MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE
+BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w
+ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
+VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE
+CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT
+BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7
+MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt
+SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl
+Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh
+cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK
+w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT
+ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4
+HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a
+E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw
+0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
+BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD
+VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0
+Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l
+dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ
+lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa
+Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe
+l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2
+E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D
+5EI=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert067.pem b/test/rules/platform_certs/default/cert067.pem
index d19d4d329d30..2ac1e6674f16 100644
--- a/test/rules/platform_certs/default/cert067.pem
+++ b/test/rules/platform_certs/default/cert067.pem
@@ -1,18 +1,22 @@
-AffirmTrust Networking
+Hellenic Academic and Research Institutions RootCA 2011
 -----BEGIN CERTIFICATE-----
-MIIDTDCCAjSgAwIBAgIIfE8EORzUmS0wDQYJKoZIhvcNAQEFBQAwRDELMAkGA1UEBhMCVVMxFDAS
-BgNVBAoMC0FmZmlybVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMB4XDTEw
-MDEyOTE0MDgyNFoXDTMwMTIzMTE0MDgyNFowRDELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmly
-bVRydXN0MR8wHQYDVQQDDBZBZmZpcm1UcnVzdCBOZXR3b3JraW5nMIIBIjANBgkqhkiG9w0BAQEF
-AAOCAQ8AMIIBCgKCAQEAtITMMxcua5Rsa2FSoOujz3mUTOWUgJnLVWREZY9nZOIG41w3SfYvm4SE
-Hi3yYJ0wTsyEheIszx6e/jarM3c1RNg1lho9Nuh6DtjVR6FqaYvZ/Ls6rnla1fTWcbuakCNrmreI
-dIcMHl+5ni36q1Mr3Lt2PpNMCAiMHqIjHNRqrSK6mQEubWXLviRmVSRLQESxG9fhwoXA3hA/Pe24
-/PHxI1Pcv2WXb9n5QHGNfb2V1M6+oF4nI979ptAmDgAp6zxG8D1gvz9Q0twmQVGeFDdCBKNwV6gb
-h+0t+nvujArjqWaJGctB+d1ENmHP4ndGyH329JKBNv3bNPFyfvMMFr20FQIDAQABo0IwQDAdBgNV
-HQ4EFgQUBx/S55zawm6iQLSwelAQUHTEyL0wDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AQYwDQYJKoZIhvcNAQEFBQADggEBAIlXshZ6qML91tmbmzTCnLQyFE2npN/svqe++EPbkTfOtDIu
-UFUaNU52Q3Eg75N3ThVwLofDwR1t3Mu1J9QsVtFSUzpE0nPIxBsFZVpikpzuQY0x2+c06lkh1QF6
-12S4ZDnNye2v7UsDSKegmQGA3GWjNq5lWUhPgkvIZfFXHeVZLgo/bNjR9eUJtGxUAArgFU2HdW23
-WJZa3W3SAKD0m0i+wzekujbgfIeFlxoVot4uolu9rxj5kFDNcFn4J2dHy8egBzp90SxdbBk6ZrV9
-/ZFvgrG+CJPbFEfxojfHRZ48x3evZKiT3/Zpg4Jg8klCNO1aAFSFHBY2kgxc+qatv9s=
+MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT
+O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
+aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
+IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT
+AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
+IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo
+IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
+AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI
+1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa
+71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u
+8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH
+3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/
+MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8
+MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu
+b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt
+XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
+TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD
+/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N
+7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert068.pem b/test/rules/platform_certs/default/cert068.pem
index be39ab5951bd..c3f1c959e3f4 100644
--- a/test/rules/platform_certs/default/cert068.pem
+++ b/test/rules/platform_certs/default/cert068.pem
@@ -1,27 +1,29 @@
-AffirmTrust Premium
+Actalis Authentication Root CA
 -----BEGIN CERTIFICATE-----
-MIIFRjCCAy6gAwIBAgIIbYwURrGmCu4wDQYJKoZIhvcNAQEMBQAwQTELMAkGA1UEBhMCVVMxFDAS
-BgNVBAoMC0FmZmlybVRydXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMB4XDTEwMDEy
-OTE0MTAzNloXDTQwMTIzMTE0MTAzNlowQTELMAkGA1UEBhMCVVMxFDASBgNVBAoMC0FmZmlybVRy
-dXN0MRwwGgYDVQQDDBNBZmZpcm1UcnVzdCBQcmVtaXVtMIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
-MIICCgKCAgEAxBLfqV/+Qd3d9Z+K4/as4Tx4mrzY8H96oDMq3I0gW64tb+eT2TZwamjPjlGjhVtn
-BKAQJG9dKILBl1fYSCkTtuG+kU3fhQxTGJoeJKJPj/CihQvL9Cl/0qRY7iZNyaqoe5rZ+jjeRFcV
-5fiMyNlI4g0WJx0eyIOFJbe6qlVBzAMiSy2RjYvmia9mx+n/K+k8rNrSs8PhaJyJ+HoAVt70VZVs
-+7pk3WKL3wt3MutizCaam7uqYoNMtAZ6MMgpv+0GTZe5HMQxK9VfvFMSF5yZVylmd2EhMQcuJUmd
-GPLu8ytxjLW6OQdJd/zvLpKQBY0tL3d770O/Nbua2Plzpyzy0FfuKE4mX4+QaAkvuPjcBukumj5R
-p9EixAqnOEhss/n/fauGV+O61oV4d7pD6kh/9ti+I20ev9E2bFhc8e6kGVQa9QPSdubhjL08s9NI
-S+LI+H+SqHZGnEJlPqQewQcDWkYtuJfzt9WyVSHvutxMAJf7FJUnM7/oQ0dG0giZFmA7mn7S5u04
-6uwBHjxIVkkJx0w3AJ6IDsBz4W9m6XJHMD4Q5QsDyZpCAGzFlH5hxIrff4IaC1nEWTJ3s7xgaVY5
-/bQGeyzWZDbZvUjthB9+pSKPKrhC9IK31FOQeE4tGv2Bb0TXOwF0lkLgAOIua+rF7nKsu7/+6qqo
-+Nz2snmKtmcCAwEAAaNCMEAwHQYDVR0OBBYEFJ3AZ6YMItkm9UWrpmVSESfYRaxjMA8GA1UdEwEB
-/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBDAUAA4ICAQCzV00QYk465KzquByv
-MiPIs0laUZx2KI15qldGF9X1Uva3ROgIRL8YhNILgM3FEv0AVQVhh0HctSSePMTYyPtwni94loMg
-Nt58D2kTiKV1NpgIpsbfrM7jWNa3Pt668+s0QNiigfV4Py/VpfzZotReBA4Xrf5B8OWycvpEgjNC
-6C1Y91aMYj+6QrCcDFx+LmUmXFNPALJ4fqENmS2NuB2OosSw/WDQMKSOyARiqcTtNd56l+0OOF6S
-L5Nwpamcb6d9Ex1+xghIsV5n61EIJenmJWtSKZGc0jlzCFfemQa0W50QBuHCAKi4HEoCChTQwUHK
-+4w1IX2COPKpVJEZNZOUbWo6xbLQu4mGk+ibyQ86p3q4ofB4Rvr8Ny/lioTz3/4E2aFooC8k4gmV
-BtWVyuEklut89pMFu+1z6S3RdTnX5yTb2E5fQ4+e0BQ5v1VwSJlXMbSc7kqYA5YwH2AG7hsj/oFg
-IxpHYoWlzBk0gG+zrBrjn/B7SK3VAdlntqlyk+otZrWyuOQ9PLLvTIzq6we/qzWaVYa8GKa1qF60
-g2xraUDTn9zxw2lrueFtCfTxqlB2Cnp9ehehVZZCmTEJ3WARjQUwfuaORtGdFNrHF+QFlozEJLUb
-zxQHskD4o55BhrwE0GuWyCqANP2/7waj3VjFhT0+j/6eKeC2uAloGRwYQw==
+MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
+BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
+AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
+MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
+IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
+IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
+wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
+by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
+zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
+YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
+oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
+EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
+hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
+EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
+jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
+iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
+ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
+WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
+JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
+K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
+Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
+4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
+2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
+lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
+OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
+vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert069.pem b/test/rules/platform_certs/default/cert069.pem
index 10562b05e1e0..9c0aaeb7709f 100644
--- a/test/rules/platform_certs/default/cert069.pem
+++ b/test/rules/platform_certs/default/cert069.pem
@@ -1,13 +1,19 @@
-AffirmTrust Premium ECC
+Trustis FPS Root CA
 -----BEGIN CERTIFICATE-----
-MIIB/jCCAYWgAwIBAgIIdJclisc/elQwCgYIKoZIzj0EAwMwRTELMAkGA1UEBhMCVVMxFDASBgNV
-BAoMC0FmZmlybVRydXN0MSAwHgYDVQQDDBdBZmZpcm1UcnVzdCBQcmVtaXVtIEVDQzAeFw0xMDAx
-MjkxNDIwMjRaFw00MDEyMzExNDIwMjRaMEUxCzAJBgNVBAYTAlVTMRQwEgYDVQQKDAtBZmZpcm1U
-cnVzdDEgMB4GA1UEAwwXQWZmaXJtVHJ1c3QgUHJlbWl1bSBFQ0MwdjAQBgcqhkjOPQIBBgUrgQQA
-IgNiAAQNMF4bFZ0D0KF5Nbc6PJJ6yhUczWLznCZcBz3lVPqj1swS6vQUX+iOGasvLkjmrBhDeKzQ
-N8O9ss0s5kfiGuZjuD0uL3jET9v0D6RoTFVya5UdThhClXjMNzyR4ptlKymjQjBAMB0GA1UdDgQW
-BBSaryl6wBE1NSZRMADDav5A1a7WPDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAK
-BggqhkjOPQQDAwNnADBkAjAXCfOHiFBar8jAQr9HX/VsaobgxCd05DhT1wV/GzTjxi+zygk8N53X
-57hG8f2h4nECMEJZh0PUUd+60wkyWs6Iflc9nF9Ca/UHLbXwgpP5WW+uZPpY5Yse42O+tYHNbwKM
-eQ==
+MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG
+EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290
+IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV
+BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ
+KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ
+RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk
+H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa
+cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt
+o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA
+AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd
+BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c
+GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC
+yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P
+8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV
+l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl
+iB6XzCGcKQENZetX2fNXlrtIzYE=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert070.pem b/test/rules/platform_certs/default/cert070.pem
index 35cdfeebd2f9..2edc96f284d6 100644
--- a/test/rules/platform_certs/default/cert070.pem
+++ b/test/rules/platform_certs/default/cert070.pem
@@ -1,20 +1,28 @@
-Certum Trusted Network CA
+Buypass Class 2 Root CA
 -----BEGIN CERTIFICATE-----
-MIIDuzCCAqOgAwIBAgIDBETAMA0GCSqGSIb3DQEBBQUAMH4xCzAJBgNVBAYTAlBMMSIwIAYDVQQK
-ExlVbml6ZXRvIFRlY2hub2xvZ2llcyBTLkEuMScwJQYDVQQLEx5DZXJ0dW0gQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkxIjAgBgNVBAMTGUNlcnR1bSBUcnVzdGVkIE5ldHdvcmsgQ0EwHhcNMDgxMDIy
-MTIwNzM3WhcNMjkxMjMxMTIwNzM3WjB+MQswCQYDVQQGEwJQTDEiMCAGA1UEChMZVW5pemV0byBU
-ZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-MSIwIAYDVQQDExlDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENBMIIBIjANBgkqhkiG9w0BAQEFAAOC
-AQ8AMIIBCgKCAQEA4/t9o3K6wvDJFIf1awFO4W5AB7ptJ11/91sts1rHUV+rpDKmYYe2bg+G0jAC
-l/jXaVehGDldamR5xgFZrDwxSjh80gTSSyjoIF87B6LMTXPb865Px1bVWqeWifrzq2jUI4ZZJ88J
-J7ysbnKDHDBy3+Ci6dLhdHUZvSqeexVUBBvXQzmtVSjF4hq79MDkrjhJM8x2hZ85RdKknvISjFH4
-fOQtf/WsX+sWn7Et0brMkUJ3TCXJkDhv2/DM+44el1k+1WBO5gUo7Ul5E0u6SNsv+XLTOcr+H9g0
-cvW0QM8xAcPs3hEtF10fuFDRXhmnad4HMyjKUJX5p1TLVIZQRan5SQIDAQABo0IwQDAPBgNVHRMB
-Af8EBTADAQH/MB0GA1UdDgQWBBQIds3LB/8k9sXN7buQvOKEN0Z19zAOBgNVHQ8BAf8EBAMCAQYw
-DQYJKoZIhvcNAQEFBQADggEBAKaorSLOAT2mo/9i0Eidi15ysHhE49wcrwn9I0j6vSrEuVUEtRCj
-jSfeC4Jj0O7eDDd5QVsisrCaQVymcODU0HfLI9MA4GxWL+FpDQ3Zqr8hgVDZBqWo/5U30Kr+4rP1
-mS1FhIrlQgnXdAIv94nYmem8J9RHjboNRhx3zxSkHLmkMcScKHQDNP8zGSal6Q10tz6XxnboJ5aj
-Zt3hrvJBW8qYVoNzcOSGGtIxQbovvi0TWnZvTuhOgQ4/WwMioBK+ZlgRSssDxLQqKi2WF+A5VLxI
-03YnnZotBqbJ7DnSq9ufmgsnAjUpsUCV5/nonFWIGUbWtzT1fs45mtk48VH3Tyw=
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
+DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
+g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
+9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
+/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
+CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
+awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
+zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
+Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
+Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
+M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
+A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
+osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
+aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
+DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
+LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
+oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
+wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
+CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
+rJgWVqA=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert071.pem b/test/rules/platform_certs/default/cert071.pem
index cc44be1d013d..694db28238e0 100644
--- a/test/rules/platform_certs/default/cert071.pem
+++ b/test/rules/platform_certs/default/cert071.pem
@@ -1,19 +1,28 @@
-TWCA Root Certification Authority
+Buypass Class 3 Root CA
 -----BEGIN CERTIFICATE-----
-MIIDezCCAmOgAwIBAgIBATANBgkqhkiG9w0BAQUFADBfMQswCQYDVQQGEwJUVzESMBAGA1UECgwJ
-VEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NBIFJvb3QgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwHhcNMDgwODI4MDcyNDMzWhcNMzAxMjMxMTU1OTU5WjBfMQswCQYDVQQG
-EwJUVzESMBAGA1UECgwJVEFJV0FOLUNBMRAwDgYDVQQLDAdSb290IENBMSowKAYDVQQDDCFUV0NB
-IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
-AoIBAQCwfnK4pAOU5qfeCTiRShFAh6d8WWQUe7UREN3+v9XAu1bihSX0NXIP+FPQQeFEAcK0HMMx
-QhZHhTMidrIKbw/lJVBPhYa+v5guEGcevhEFhgWQxFnQfHgQsIBct+HHK3XLfJ+utdGdIzdjp9xC
-oi2SBBtQwXu4PhvJVgSLL1KbralW6cH/ralYhzC2gfeXRfwZVzsrb+RH9JlF/h3x+JejiB03HFyP
-4HYlmlD4oFT/RJB2I9IyxsOrBr/8+7/zrX2SYgJbKdM1o5OaQ2RgXbL6Mv87BK9NQGr5x+PvI/1r
-y+UPizgN7gr8/g+YnzAx3WxSZfmLgb4i4RxYA7qRG4kHAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIB
-BjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqOFsmjd6LWvJPelSDGRjjCDWmujANBgkqhkiG
-9w0BAQUFAAOCAQEAPNV3PdrfibqHDAhUaiBQkr6wQT25JmSDCi/oQMCXKCeCMErJk/9q56YAf4lC
-mtYR5VPOL8zy2gXE/uJQxDqGfczafhAJO5I1KlOy/usrBdlsXebQ79NqZp4VKIV66IIArB6nCWlW
-QtNoURi+VJq/REG6Sb4gumlc7rh3zc5sH62Dlhh9DrUUOYTxKOkto557HnpyWoOzeW/vtPzQCqVY
-T0bf+215WfKEIlKuD8z7fDvnaspHYcN6+NOSBB+4IIThNlQWx0DeO4pz3N/GCUzf7Nr/1FNCocny
-Yh0igzyXxfkZYiesZSLX0zzG5Y6yU8xJzrww/nsOM5D77dIUkR8Hrw==
+MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
+QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
+DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
+eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
+DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
+sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
+5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
+7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
+ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
+2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
+/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
+RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
+Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
+j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
+VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
+AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
+cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
+uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
+Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
+ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
+KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
+6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
+UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
+eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
+Cp/HuZc=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert072.pem b/test/rules/platform_certs/default/cert072.pem
index b2a190c2cd1a..e2232c988acd 100644
--- a/test/rules/platform_certs/default/cert072.pem
+++ b/test/rules/platform_certs/default/cert072.pem
@@ -1,19 +1,20 @@
-Security Communication RootCA2
+T-TeleSec GlobalRoot Class 3
 -----BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIBADANBgkqhkiG9w0BAQsFADBdMQswCQYDVQQGEwJKUDElMCMGA1UEChMc
-U0VDT00gVHJ1c3QgU3lzdGVtcyBDTy4sTFRELjEnMCUGA1UECxMeU2VjdXJpdHkgQ29tbXVuaWNh
-dGlvbiBSb290Q0EyMB4XDTA5MDUyOTA1MDAzOVoXDTI5MDUyOTA1MDAzOVowXTELMAkGA1UEBhMC
-SlAxJTAjBgNVBAoTHFNFQ09NIFRydXN0IFN5c3RlbXMgQ08uLExURC4xJzAlBgNVBAsTHlNlY3Vy
-aXR5IENvbW11bmljYXRpb24gUm9vdENBMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-ANAVOVKxUrO6xVmCxF1SrjpDZYBLx/KWvNs2l9amZIyoXvDjChz335c9S672XewhtUGrzbl+dp++
-+T42NKA7wfYxEUV0kz1XgMX5iZnK5atq1LXaQZAQwdbWQonCv/Q4EpVMVAX3NuRFg3sUZdbcDE3R
-3n4MqzvEFb46VqZab3ZpUql6ucjrappdUtAtCms1FgkQhNBqyjoGADdH5H5XTz+L62e4iKrFvlNV
-spHEfbmwhRkGeC7bYRr6hfVKkaHnFtWOojnflLhwHyg/i/xAXmODPIMqGplrz95Zajv8bxbXH/1K
-EOtOghY6rCcMU/Gt1SSwawNQwS08Ft1ENCcadfsCAwEAAaNCMEAwHQYDVR0OBBYEFAqFqXdlBZh8
-QIH4D5csOPEK7DzPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEB
-CwUAA4IBAQBMOqNErLlFsceTfsgLCkLfZOoc7llsCLqJX2rKSpWeeo8HxdpFcoJxDjrSzG+ntKEj
-u/Ykn8sX/oymzsLS28yN/HH8AynBbF0zX2S2ZTuJbxh2ePXcokgfGT+Ok+vx+hfuzU7jBBJV1uXk
-3fs+BXziHV7Gp7yXT2g69ekuCkO2r1dcYmh8t/2jioSgrGK+KwmHNPBqAbubKVY8/gA3zyNs8U6q
-tnRGEmyR7jTV7JqR50S+kDFy1UkC9gLl9B/rfNmWVan/7Ir5mUf/NVoCqgTLiluHcSmRvaS0eg29
-mvVXIwAHIRc/SjnRBUkLp7Y3gaVdjKozXoEofKd9J+sAro03
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
+MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
+9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
+NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
+iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
+0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
+AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
+fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
+ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
+P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
+e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert073.pem b/test/rules/platform_certs/default/cert073.pem
index 3b91dfb65701..b8f77e06a077 100644
--- a/test/rules/platform_certs/default/cert073.pem
+++ b/test/rules/platform_certs/default/cert073.pem
@@ -1,28 +1,22 @@
-EC-ACC
+EE Certification Centre Root CA
 -----BEGIN CERTIFICATE-----
-MIIFVjCCBD6gAwIBAgIQ7is969Qh3hSoYqwE893EATANBgkqhkiG9w0BAQUFADCB8zELMAkGA1UE
-BhMCRVMxOzA5BgNVBAoTMkFnZW5jaWEgQ2F0YWxhbmEgZGUgQ2VydGlmaWNhY2lvIChOSUYgUS0w
-ODAxMTc2LUkpMSgwJgYDVQQLEx9TZXJ2ZWlzIFB1YmxpY3MgZGUgQ2VydGlmaWNhY2lvMTUwMwYD
-VQQLEyxWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5ldC92ZXJhcnJlbCAoYykwMzE1MDMGA1UE
-CxMsSmVyYXJxdWlhIEVudGl0YXRzIGRlIENlcnRpZmljYWNpbyBDYXRhbGFuZXMxDzANBgNVBAMT
-BkVDLUFDQzAeFw0wMzAxMDcyMzAwMDBaFw0zMTAxMDcyMjU5NTlaMIHzMQswCQYDVQQGEwJFUzE7
-MDkGA1UEChMyQWdlbmNpYSBDYXRhbGFuYSBkZSBDZXJ0aWZpY2FjaW8gKE5JRiBRLTA4MDExNzYt
-SSkxKDAmBgNVBAsTH1NlcnZlaXMgUHVibGljcyBkZSBDZXJ0aWZpY2FjaW8xNTAzBgNVBAsTLFZl
-Z2V1IGh0dHBzOi8vd3d3LmNhdGNlcnQubmV0L3ZlcmFycmVsIChjKTAzMTUwMwYDVQQLEyxKZXJh
-cnF1aWEgRW50aXRhdHMgZGUgQ2VydGlmaWNhY2lvIENhdGFsYW5lczEPMA0GA1UEAxMGRUMtQUND
-MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAsyLHT+KXQpWIR4NA9h0X84NzJB5R85iK
-w5K4/0CQBXCHYMkAqbWUZRkiFRfCQ2xmRJoNBD45b6VLeqpjt4pEndljkYRm4CgPukLjbo73FCeT
-ae6RDqNfDrHrZqJyTxIThmV6PttPB/SnCWDaOkKZx7J/sxaVHMf5NLWUhdWZXqBIoH7nF2W4onW4
-HvPlQn2v7fOKSGRdghST2MDk/7NQcvJ29rNdQlB50JQ+awwAvthrDk4q7D7SzIKiGGUzE3eeml0a
-E9jD2z3Il3rucO2n5nzbcc8tlGLfbdb1OL4/pYUKGbio2Al1QnDE6u/LDsg0qBIimAy4E5S2S+zw
-0JDnJwIDAQABo4HjMIHgMB0GA1UdEQQWMBSBEmVjX2FjY0BjYXRjZXJ0Lm5ldDAPBgNVHRMBAf8E
-BTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUoMOLRKo3pUW/l4Ba0fF4opvpXY0wfwYD
-VR0gBHgwdjB0BgsrBgEEAfV4AQMBCjBlMCwGCCsGAQUFBwIBFiBodHRwczovL3d3dy5jYXRjZXJ0
-Lm5ldC92ZXJhcnJlbDA1BggrBgEFBQcCAjApGidWZWdldSBodHRwczovL3d3dy5jYXRjZXJ0Lm5l
-dC92ZXJhcnJlbCAwDQYJKoZIhvcNAQEFBQADggEBAKBIW4IB9k1IuDlVNZyAelOZ1Vr/sXE7zDkJ
-lF7W2u++AVtd0x7Y/X1PzaBB4DSTv8vihpw3kpBWHNzrKQXlxJ7HNd+KDM3FIUPpqojlNcAZQmNa
-Al6kSBg6hW/cnbw/nZzBh7h6YQjpdwt/cKt63dmXLGQehb+8dJahw3oS7AwaboMMPOhyRp/7SNVe
-l+axofjk70YllJyJ22k4vuxcDlbHZVHlUIiIv0LVKz3l+bqeLrPK9HOSAgu+TGbrIP65y7WZf+a2
-E/rKS03Z7lNGBjvGTq2TWoF+bCpLagVFjPIhpDGQh2xlnJ2lYJU6Un/10asIbvPuW/mIPX64b24D
-5EI=
+MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG
+EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
+dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw
+MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB
+UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy
+ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
+DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM
+TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2
+rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw
+93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN
+P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ
+MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF
+BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj
+xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM
+lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
+uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU
+3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM
+dcGWxZ0=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert074.pem b/test/rules/platform_certs/default/cert074.pem
index 2ac1e6674f16..90d38315809e 100644
--- a/test/rules/platform_certs/default/cert074.pem
+++ b/test/rules/platform_certs/default/cert074.pem
@@ -1,22 +1,22 @@
-Hellenic Academic and Research Institutions RootCA 2011
+D-TRUST Root Class 3 CA 2 2009
 -----BEGIN CERTIFICATE-----
-MIIEMTCCAxmgAwIBAgIBADANBgkqhkiG9w0BAQUFADCBlTELMAkGA1UEBhMCR1IxRDBCBgNVBAoT
-O0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9y
-aXR5MUAwPgYDVQQDEzdIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
-IFJvb3RDQSAyMDExMB4XDTExMTIwNjEzNDk1MloXDTMxMTIwMTEzNDk1MlowgZUxCzAJBgNVBAYT
-AkdSMUQwQgYDVQQKEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25z
-IENlcnQuIEF1dGhvcml0eTFAMD4GA1UEAxM3SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNo
-IEluc3RpdHV0aW9ucyBSb290Q0EgMjAxMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
-AKlTAOMupvaO+mDYLZU++CwqVE7NuYRhlFhPjz2L5EPzdYmNUeTDN9KKiE15HrcS3UN4SoqS5tdI
-1Q+kOilENbgH9mgdVc04UfCMJDGFr4PJfel3r+0ae50X+bOdOFAPplp5kYCvN66m0zH7tSYJnTxa
-71HFK9+WXesyHgLacEnsbgzImjeN9/E2YEsmLIKe0HjzDQ9jpFEw4fkrJxIH2Oq9GGKYsFk3fb7u
-8yBRQlqD75O6aRXxYp2fmTmCobd0LovUxQt7L/DICto9eQqakxylKHJzkUOap9FNhYS5qXSPFEDH
-3N6sQWRstBmbAmNtJGSPRLIl6s5ddAxjMlyNh+UCAwEAAaOBiTCBhjAPBgNVHRMBAf8EBTADAQH/
-MAsGA1UdDwQEAwIBBjAdBgNVHQ4EFgQUppFC/RNhSiOeCKQp5dgTBCPuQSUwRwYDVR0eBEAwPqA8
-MAWCAy5ncjAFggMuZXUwBoIELmVkdTAGggQub3JnMAWBAy5ncjAFgQMuZXUwBoEELmVkdTAGgQQu
-b3JnMA0GCSqGSIb3DQEBBQUAA4IBAQAf73lB4XtuP7KMhjdCSk4cNx6NZrokgclPEg8hwAOXhiVt
-XdMiKahsog2p6z0GW5k6x8zDmjR/qw7IThzh+uTczQ2+vyT+bOdrwg3IBp5OjWEopmr95fZi6hg8
-TqBTnbI6nOulnJEWtk2C4AwFSKls9cz4y51JtPACpf1wA+2KIaWuE4ZJwzNzvoc7dIsXRSZMFpGD
-/md9zU1jZ/rzAxKWeAaNsWftjj++n08C9bMJL/NMh98qy5V8AcysNnq/onN694/BtZqhFLKPM58N
-7yLcZnuEvUUXBj08yrl3NI/K6s8/MT7jiOOASSXIl7WdmplNsDz4SgCbZN2fOUvRJ9e4
+MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
+Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
+LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
+DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
+ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
+BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
+KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
+p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
+AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
+4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
+eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
+MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
+PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
+OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
+2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
+o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
+dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
+X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert075.pem b/test/rules/platform_certs/default/cert075.pem
index c3f1c959e3f4..cd874b93b2b9 100644
--- a/test/rules/platform_certs/default/cert075.pem
+++ b/test/rules/platform_certs/default/cert075.pem
@@ -1,29 +1,23 @@
-Actalis Authentication Root CA
+D-TRUST Root Class 3 CA 2 EV 2009
 -----BEGIN CERTIFICATE-----
-MIIFuzCCA6OgAwIBAgIIVwoRl0LE48wwDQYJKoZIhvcNAQELBQAwazELMAkGA1UEBhMCSVQxDjAM
-BgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlzIFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UE
-AwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290IENBMB4XDTExMDkyMjExMjIwMloXDTMwMDky
-MjExMjIwMlowazELMAkGA1UEBhMCSVQxDjAMBgNVBAcMBU1pbGFuMSMwIQYDVQQKDBpBY3RhbGlz
-IFMucC5BLi8wMzM1ODUyMDk2NzEnMCUGA1UEAwweQWN0YWxpcyBBdXRoZW50aWNhdGlvbiBSb290
-IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAp8bEpSmkLO/lGMWwUKNvUTufClrJ
-wkg4CsIcoBh/kbWHuUA/3R1oHwiD1S0eiKD4j1aPbZkCkpAW1V8IbInX4ay8IMKx4INRimlNAJZa
-by/ARH6jDuSRzVju3PvHHkVH3Se5CAGfpiEd9UEtL0z9KK3giq0itFZljoZUj5NDKd45RnijMCO6
-zfB9E1fAXdKDa0hMxKufgFpbOr3JpyI/gCczWw63igxdBzcIy2zSekciRDXFzMwujt0q7bd9Zg1f
-YVEiVRvjRuPjPdA1YprbrxTIW6HMiRvhMCb8oJsfgadHHwTrozmSBp+Z07/T6k9QnBn+locePGX2
-oxgkg4YQ51Q+qDp2JE+BIcXjDwL4k5RHILv+1A7TaLndxHqEguNTVHnd25zS8gebLra8Pu2Fbe8l
-EfKXGkJh90qX6IuxEAf6ZYGyojnP9zz/GPvG8VqLWeICrHuS0E4UT1lF9gxeKF+w6D9Fz8+vm2/7
-hNN3WpVvrJSEnu68wEqPSpP4RCHiMUVhUE4Q2OM1fEwZtN4Fv6MGn8i1zeQf1xcGDXqVdFUNaBr8
-EBtiZJ1t4JWgw5QHVw0U5r0F+7if5t+L4sbnfpb2U8WANFAoWPASUHEXMLrmeGO89LKtmyuy/uE5
-jF66CyCU3nuDuP/jVo23Eek7jPKxwV2dpAtMK9myGPW1n0sCAwEAAaNjMGEwHQYDVR0OBBYEFFLY
-iDrIn3hm7YnzezhwlMkCAjbQMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUUtiIOsifeGbt
-ifN7OHCUyQICNtAwDgYDVR0PAQH/BAQDAgEGMA0GCSqGSIb3DQEBCwUAA4ICAQALe3KHwGCmSUyI
-WOYdiPcUZEim2FgKDk8TNd81HdTtBjHIgT5q1d07GjLukD0R0i70jsNjLiNmsGe+b7bAEzlgqqI0
-JZN1Ut6nna0Oh4lScWoWPBkdg/iaKWW+9D+a2fDzWochcYBNy+A4mz+7+uAwTc+G02UQGRjRlwKx
-K3JCaKygvU5a2hi/a5iB0P2avl4VSM0RFbnAKVy06Ij3Pjaut2L9HmLecHgQHEhb2rykOLpn7VU+
-Xlff1ANATIGk0k9jpwlCCRT8AKnCgHNPLsBA2RF7SOp6AsDT6ygBJlh0wcBzIm2Tlf05fbsq4/aC
-4yyXX04fkZT6/iyj2HYauE2yOE+b+h1IYHkm4vP9qdCa6HCPSXrW5b0KDtst842/6+OkfcvHlXHo
-2qN8xcL4dJIEG4aspCJTQLas/kx2z/uUMsA1n3Y/buWQbqCmJqK4LL7RK4X9p2jIugErsWx0Hbhz
-lefut8cl8ABMALJ+tguLHPPAUJ4lueAI3jZm/zel0btUZCzJJ7VLkn5l/9Mt4blOvH+kQSGQQXem
-OR/qnuOf0GZvBeyqdn6/axag67XH/JJULysRJyU3eExRarDzzFhdFPFqSBX/wge2sY0PjlxQRrM9
-vwGYT7JZVEc+NHt4bVaTLnPqZih4zR0Uv6CPLy64Lo7yFIrM6bV8+2ydDKXhlg==
+MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
+DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
+OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
+egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
+zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
+7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
+sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
+11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
+cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
+ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
+MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
+b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
+c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
+PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
+nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
+ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
+NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
+w9y4AyHqnxbxLFS1
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert076.pem b/test/rules/platform_certs/default/cert076.pem
index 9c0aaeb7709f..e1336960f501 100644
--- a/test/rules/platform_certs/default/cert076.pem
+++ b/test/rules/platform_certs/default/cert076.pem
@@ -1,19 +1,28 @@
-Trustis FPS Root CA
+CA Disig Root R2
 -----BEGIN CERTIFICATE-----
-MIIDZzCCAk+gAwIBAgIQGx+ttiD5JNM2a/fH8YygWTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQG
-EwJHQjEYMBYGA1UEChMPVHJ1c3RpcyBMaW1pdGVkMRwwGgYDVQQLExNUcnVzdGlzIEZQUyBSb290
-IENBMB4XDTAzMTIyMzEyMTQwNloXDTI0MDEyMTExMzY1NFowRTELMAkGA1UEBhMCR0IxGDAWBgNV
-BAoTD1RydXN0aXMgTGltaXRlZDEcMBoGA1UECxMTVHJ1c3RpcyBGUFMgUm9vdCBDQTCCASIwDQYJ
-KoZIhvcNAQEBBQADggEPADCCAQoCggEBAMVQe547NdDfxIzNjpvto8A2mfRC6qc+gIMPpqdZh8mQ
-RUN+AOqGeSoDvT03mYlmt+WKVoaTnGhLaASMk5MCPjDSNzoiYYkchU59j9WvezX2fihHiTHcDnlk
-H5nSW7r+f2C/revnPDgpai/lkQtV/+xvWNUtyd5MZnGPDNcE2gfmHhjjvSkCqPoc4Vu5g6hBSLwa
-cY3nYuUtsuvffM/bq1rKMfFMIvMFE/eC+XN5DL7XSxzA0RU8k0Fk0ea+IxciAIleH2ulrG6nS4zt
-o3Lmr2NNL4XSFDWaLk6M6jKYKIahkQlBOrTh4/L68MkKokHdqeMDx4gVOxzUGpTXn2RZEm0CAwEA
-AaNTMFEwDwYDVR0TAQH/BAUwAwEB/zAfBgNVHSMEGDAWgBS6+nEleYtXQSUhhgtx67JkDoshZzAd
-BgNVHQ4EFgQUuvpxJXmLV0ElIYYLceuyZA6LIWcwDQYJKoZIhvcNAQEFBQADggEBAH5Y//01GX2c
-GE+esCu8jowU/yyg2kdbw++BLa8F6nRIW/M+TgfHbcWzk88iNVy2P3UnXwmWzaD+vkAMXBJV+JOC
-yinpXj9WV4s4NvdFGkwozZ5BuO1WTISkQMi4sKUraXAEasP41BIy+Q7DsdwyhEQsb8tGD+pmQQ9P
-8Vilpg0ND2HepZ5dfWWhPBfnqFVO76DH7cZEf1T1o+CP8HxVIo8ptoGj4W1OLBuAZ+ytIJ8MYmHV
-l/9D7S3B2l0pKoU/rGXuhg8FjZBf3+6f9L/uHfuY5H+QK4R4EA5sSVPvFVtlRkpdr7r7OnIdzfYl
-iB6XzCGcKQENZetX2fNXlrtIzYE=
+MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw
+EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
+ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx
+EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
+c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC
+w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia
+xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7
+A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S
+GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV
+g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa
+5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE
+koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A
+Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i
+Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV
+HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u
+Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
+tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV
+sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je
+dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8
+1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx
+mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01
+utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0
+sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg
+UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV
+7+ZtsH8tZ/3zbBt1RqPlShfppNcL
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert077.pem b/test/rules/platform_certs/default/cert077.pem
index 2edc96f284d6..b261207dbfe6 100644
--- a/test/rules/platform_certs/default/cert077.pem
+++ b/test/rules/platform_certs/default/cert077.pem
@@ -1,28 +1,39 @@
-Buypass Class 2 Root CA
+ACCVRAIZ1
 -----BEGIN CERTIFICATE-----
-MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
-QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMiBSb290IENBMB4X
-DTEwMTAyNjA4MzgwM1oXDTQwMTAyNjA4MzgwM1owTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
-eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDIgUm9vdCBDQTCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANfHXvfBB9R3+0Mh9PT1aeTuMgHbo4Yf5FkNuud1
-g1Lr6hxhFUi7HQfKjK6w3Jad6sNgkoaCKHOcVgb/S2TwDCo3SbXlzwx87vFKu3MwZfPVL4O2fuPn
-9Z6rYPnT8Z2SdIrkHJasW4DptfQxh6NR/Md+oW+OU3fUl8FVM5I+GC911K2GScuVr1QGbNgGE41b
-/+EmGVnAJLqBcXmQRFBoJJRfuLMR8SlBYaNByyM21cHxMlAQTn/0hpPshNOOvEu/XAFOBz3cFIqU
-CqTqc/sLUegTBxj6DvEr0VQVfTzh97QZQmdiXnfgolXsttlpF9U6r0TtSsWe5HonfOV116rLJeff
-awrbD02TTqigzXsu8lkBarcNuAeBfos4GzjmCleZPe4h6KP1DBbdi+w0jpwqHAAVF41og9JwnxgI
-zRFo1clrUs3ERo/ctfPYV3Me6ZQ5BL/T3jjetFPsaRyifsSP5BtwrfKi+fv3FmRmaZ9JUaLiFRhn
-Bkp/1Wy1TbMz4GHrXb7pmA8y1x1LPC5aAVKRCfLf6o3YBkBjqhHk/sM3nhRSP/TizPJhk9H9Z2vX
-Uq6/aKtAQ6BXNVN48FP4YUIHZMbXb5tMOA1jrGKvNouicwoN9SG9dKpN6nIDSdvHXx1iY8f93ZHs
-M+71bbRuMGjeyNYmsHVee7QHIJihdjK4TWxPAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFMmAd+BikoL1RpzzuvdMw964o605MA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
-AAOCAgEAU18h9bqwOlI5LJKwbADJ784g7wbylp7ppHR/ehb8t/W2+xUbP6umwHJdELFx7rxP462s
-A20ucS6vxOOto70MEae0/0qyexAQH6dXQbLArvQsWdZHEIjzIVEpMMpghq9Gqx3tOluwlN5E40EI
-osHsHdb9T7bWR9AUC8rmyrV7d35BH16Dx7aMOZawP5aBQW9gkOLo+fsicdl9sz1Gv7SEr5AcD48S
-aq/v7h56rgJKihcrdv6sVIkkLE8/trKnToyokZf7KcZ7XC25y2a2t6hbElGFtQl+Ynhw/qlqYLYd
-DnkM/crqJIByw5c/8nerQyIKx+u2DISCLIBrQYoIwOula9+ZEsuK1V6ADJHgJgg2SMX6OBE1/yWD
-LfJ6v9r9jv6ly0UsH8SIU653DtmadsWOLB2jutXsMq7Aqqz30XpN69QH4kj3Io6wpJ9qzo6ysmD0
-oyLQI+uUWnpp3Q+/QFesa1lQ2aOZ4W7+jQF5JyMV3pKdewlNWudLSDBaGOYKbeaP4NK75t98biGC
-wWg5TbSYWGZizEqQXsP6JwSxeRV0mcy+rSDeJmAc61ZRpqPq5KM/p/9h3PFaTWwyI0PurKju7koS
-CTxdccK+efrCh2gdC/1cacwG0Jp9VJkqyTkaGa9LKkPzY11aWOIv4x3kqdbQCtCev9eBCfHJxyYN
-rJgWVqA=
+MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB
+SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1
+MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH
+UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM
+jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0
+RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD
+aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ
+0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG
+WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7
+8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
+5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J
+9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK
+Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw
+Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu
+Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
+VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM
+Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA
+QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh
+AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA
+YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj
+AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA
+IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk
+aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0
+dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2
+MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI
+hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E
+R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN
+YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
+nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ
+TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3
+sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
+I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg
+Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd
+3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p
+EfbRD0tVNEYqi4Y7
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert078.pem b/test/rules/platform_certs/default/cert078.pem
index 694db28238e0..7c69ef53587c 100644
--- a/test/rules/platform_certs/default/cert078.pem
+++ b/test/rules/platform_certs/default/cert078.pem
@@ -1,28 +1,27 @@
-Buypass Class 3 Root CA
+TWCA Global Root CA
 -----BEGIN CERTIFICATE-----
-MIIFWTCCA0GgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBOMQswCQYDVQQGEwJOTzEdMBsGA1UECgwU
-QnV5cGFzcyBBUy05ODMxNjMzMjcxIDAeBgNVBAMMF0J1eXBhc3MgQ2xhc3MgMyBSb290IENBMB4X
-DTEwMTAyNjA4Mjg1OFoXDTQwMTAyNjA4Mjg1OFowTjELMAkGA1UEBhMCTk8xHTAbBgNVBAoMFEJ1
-eXBhc3MgQVMtOTgzMTYzMzI3MSAwHgYDVQQDDBdCdXlwYXNzIENsYXNzIDMgUm9vdCBDQTCCAiIw
-DQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAKXaCpUWUOOV8l6ddjEGMnqb8RB2uACatVI2zSRH
-sJ8YZLya9vrVediQYkwiL944PdbgqOkcLNt4EemOaFEVcsfzM4fkoF0LXOBXByow9c3EN3coTRiR
-5r/VUv1xLXA+58bEiuPwKAv0dpihi4dVsjoT/Lc+JzeOIuOoTyrvYLs9tznDDgFHmV0ST9tD+leh
-7fmdvhFHJlsTmKtdFoqwNxxXnUX/iJY2v7vKB3tvh2PX0DJq1l1sDPGzbjniazEuOQAnFN44wOwZ
-ZoYS6J1yFhNkUsepNxz9gjDthBgd9K5c/3ATAOux9TN6S9ZV+AWNS2mw9bMoNlwUxFFzTWsL8TQH
-2xc519woe2v1n/MuwU8XKhDzzMro6/1rqy6any2CbgTUUgGTLT2G/H783+9CHaZr77kgxve9oKeV
-/afmiSTYzIw0bOIjL9kSGiG5VZFvC5F5GQytQIgLcOJ60g7YaEi7ghM5EFjp2CoHxhLbWNvSO1UQ
-RwUVZ2J+GGOmRj8JDlQyXr8NYnon74Do29lLBlo3WiXQCBJ31G8JUJc9yB3D34xFMFbG02SrZvPA
-Xpacw8Tvw3xrizp5f7NJzz3iiZ+gMEuFuZyUJHmPfWupRWgPK9Dx2hzLabjKSWJtyNBjYt1gD1iq
-j6G8BaVmos8bdrKEZLFMOVLAMLrwjEsCsLa3AgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wHQYD
-VR0OBBYEFEe4zf/lb+74suwvTg75JbCOPGvDMA4GA1UdDwEB/wQEAwIBBjANBgkqhkiG9w0BAQsF
-AAOCAgEAACAjQTUEkMJAYmDv4jVM1z+s4jSQuKFvdvoWFqRINyzpkMLyPPgKn9iB5btb2iUspKdV
-cSQy9sgL8rxq+JOssgfCX5/bzMiKqr5qb+FJEMwx14C7u8jYog5kV+qi9cKpMRXSIGrs/CIBKM+G
-uIAeqcwRpTzyFrNHnfzSgCHEy9BHcEGhyoMZCCxt8l13nIoUE9Q2HJLw5QY33KbmkJs4j1xrG0aG
-Q0JfPgEHU1RdZX33inOhmlRaHylDFCfChQ+1iHsaO5S3HWCntZznKWlXWpuTekMwGwPXYshApqr8
-ZORK15FTAaggiG6cX0S5y2CBNOxv033aSF/rtJC8LakcC6wc1aJoIIAE1vyxjy+7SjENSoYc6+I2
-KSb12tjE8nVhz36udmNKekBlk4f4HoCMhuWG1o8O/FMsYOgWYRqiPkN7zTlgVGr18okmAWiDSKIz
-6MkEkbIRNBE+6tBDGR8Dk5AM/1E9V/RBbuHLoL7ryWPNbczk+DaqaJ3tvV2XcEQNtg413OEMXbug
-UZTLfhbrES+jkkXITHHZvMmZUldGL1DPvTVp9D0VzgalLA8+9oG6lLvDu79leNKGef9JOxqDDPDe
-eOzI8k1MGt6CKfjBWtrt7uYnXuhF0J0cUahoq0Tj0Itq4/g7u9xN12TyUb7mqqta6THuBrxzvxNi
-Cp/HuZc=
+MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT
+CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD
+QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK
+EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg
+Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C
+nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV
+r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR
+Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV
+tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W
+KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99
+sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p
+yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn
+kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI
+zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
+cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
+LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M
+8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg
+/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg
+lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP
+A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m
+i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8
+EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3
+zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert079.pem b/test/rules/platform_certs/default/cert079.pem
index e2232c988acd..f5bd27acb7c2 100644
--- a/test/rules/platform_certs/default/cert079.pem
+++ b/test/rules/platform_certs/default/cert079.pem
@@ -1,20 +1,27 @@
-T-TeleSec GlobalRoot Class 3
+TeliaSonera Root CA v1
 -----BEGIN CERTIFICATE-----
-MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
-IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
-cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwHhcNMDgx
-MDAxMTAyOTU2WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
-dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
-ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDMwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQC9dZPwYiJvJK7genasfb3ZJNW4t/zN8ELg63iIVl6bmlQdTQyK
-9tPPcPRStdiTBONGhnFBSivwKixVA9ZIw+A5OO3yXDw/RLyTPWGrTs0NvvAgJ1gORH8EGoel15YU
-NpDQSXuhdfsaa3Ox+M6pCSzyU9XDFES4hqX2iys52qMzVNn6chr3IhUciJFrf2blw2qAsCTz34ZF
-iP0Zf3WHHx+xGwpzJFu5ZeAsVMhg02YXP+HMVDNzkQI6pn97djmiH5a2OK61yJN0HZ65tOVgnS9W
-0eDrXltMEnAMbEQgqxHY9Bn20pxSN+f6tsIxO0rUFJmtxxr1XV/6B7h8DR/Wgx6zAgMBAAGjQjBA
-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS1A/d2O2GCahKqGFPr
-AyGUv/7OyjANBgkqhkiG9w0BAQsFAAOCAQEAVj3vlNW92nOyWL6ukK2YJ5f+AbGwUgC4TeQbIXQb
-fsDuXmkqJa9c1h3a0nnJ85cp4IaH3gRZD/FZ1GSFS5mvJQQeyUapl96Cshtwn5z2r3Ex3XsFpSzT
-ucpH9sry9uetuUg/vBa3wW306gmv7PO15wWeph6KU1HWk4HMdJP2udqmJQV0eVp+QD6CSyYRMG7h
-P0HHRwA11fXT91Q+gT3aSWqas+8QPebrb9HIIkfLzM8BMZLZGOMivgkeGj5asuRrDFR6fUNOuIml
-e9eiPZaGzPImNC1qkp2aGtAw4l1OBLBfiyB+d8E9lYLRRpo7PHi4b6HQDWSieB4pTpPDpFQUWw==
+MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE
+CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4
+MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW
+VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+
+6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA
+3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k
+B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn
+Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH
+oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3
+F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ
+oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7
+gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc
+TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB
+AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW
+DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm
+zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
+0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW
+pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV
+G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc
+c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT
+JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2
+qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6
+Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems
+WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert080.pem b/test/rules/platform_certs/default/cert080.pem
index b8f77e06a077..d2dbf23e5cde 100644
--- a/test/rules/platform_certs/default/cert080.pem
+++ b/test/rules/platform_certs/default/cert080.pem
@@ -1,22 +1,32 @@
-EE Certification Centre Root CA
+E-Tugra Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIEAzCCAuugAwIBAgIQVID5oHPtPwBMyonY43HmSjANBgkqhkiG9w0BAQUFADB1MQswCQYDVQQG
-EwJFRTEiMCAGA1UECgwZQVMgU2VydGlmaXRzZWVyaW1pc2tlc2t1czEoMCYGA1UEAwwfRUUgQ2Vy
-dGlmaWNhdGlvbiBDZW50cmUgUm9vdCBDQTEYMBYGCSqGSIb3DQEJARYJcGtpQHNrLmVlMCIYDzIw
-MTAxMDMwMTAxMDMwWhgPMjAzMDEyMTcyMzU5NTlaMHUxCzAJBgNVBAYTAkVFMSIwIAYDVQQKDBlB
-UyBTZXJ0aWZpdHNlZXJpbWlza2Vza3VzMSgwJgYDVQQDDB9FRSBDZXJ0aWZpY2F0aW9uIENlbnRy
-ZSBSb290IENBMRgwFgYJKoZIhvcNAQkBFglwa2lAc2suZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IB
-DwAwggEKAoIBAQDIIMDs4MVLqwd4lfNE7vsLDP90jmG7sWLqI9iroWUyeuuOF0+W2Ap7kaJjbMeM
-TC55v6kF/GlclY1i+blw7cNRfdCT5mzrMEvhvH2/UpvObntl8jixwKIy72KyaOBhU8E2lf/slLo2
-rpwcpzIP5Xy0xm90/XsY6KxX7QYgSzIwWFv9zajmofxwvI6Sc9uXp3whrj3B9UiHbCe9nyV0gVWw
-93X2PaRka9ZP585ArQ/dMtO8ihJTmMmJ+xAdTX7Nfh9WDSFwhfYggx/2uh8Ej+p3iDXE/+pOoYtN
-P2MbRMNE1CV2yreN1x5KZmTNXMWcg+HCCIia7E6j8T4cLNlsHaFLAgMBAAGjgYowgYcwDwYDVR0T
-AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFBLyWj7qVhy/zQas8fElyalL1BSZ
-MEUGA1UdJQQ+MDwGCCsGAQUFBwMCBggrBgEFBQcDAQYIKwYBBQUHAwMGCCsGAQUFBwMEBggrBgEF
-BQcDCAYIKwYBBQUHAwkwDQYJKoZIhvcNAQEFBQADggEBAHv25MANqhlHt01Xo/6tu7Fq1Q+e2+Rj
-xY6hUFaTlrg4wCQiZrxTFGGVv9DHKpY5P30osxBAIWrEr7BSdxjhlthWXePdNl4dp1BUoMUq5KqM
-lIpPnTX/dqQGE5Gion0ARD9V04I8GtVbvFZMIi5GQ4okQC3zErg7cBqklrkar4dBGmoYDQZPxz5u
-uSlNDUmJEYcyW+ZLBMjkXOZ0c5RdFpgTlf7727FE5TpwrDdr5rMzcijJs1eg9gIWiAYLtqZLICjU
-3j2LrTcFU3T+bsy8QxdxXvnFzBqpYe73dgzzcvRyrc9yAjYHR8/vGVCJYMzpJJUPwssd8m92kMfM
-dcGWxZ0=
+MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w
+DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls
+ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
+ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw
+NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx
+QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl
+cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD
+DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd
+hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K
+CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g
+ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ
+BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0
+E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz
+rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq
+jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
+rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5
+dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB
+/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG
+MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK
+kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO
+XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807
+VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo
+a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc
+dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV
+KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT
+Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0
+8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G
+C7TbO6Orb1wdtn7os4I07QZcJA==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert081.pem b/test/rules/platform_certs/default/cert081.pem
index 90d38315809e..71499a1bed01 100644
--- a/test/rules/platform_certs/default/cert081.pem
+++ b/test/rules/platform_certs/default/cert081.pem
@@ -1,22 +1,20 @@
-D-TRUST Root Class 3 CA 2 2009
+T-TeleSec GlobalRoot Class 2
 -----BEGIN CERTIFICATE-----
-MIIEMzCCAxugAwIBAgIDCYPzMA0GCSqGSIb3DQEBCwUAME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQK
-DAxELVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTAe
-Fw0wOTExMDUwODM1NThaFw0yOTExMDUwODM1NThaME0xCzAJBgNVBAYTAkRFMRUwEwYDVQQKDAxE
-LVRydXN0IEdtYkgxJzAlBgNVBAMMHkQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgMjAwOTCCASIw
-DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANOySs96R+91myP6Oi/WUEWJNTrGa9v+2wBoqOAD
-ER03UAifTUpolDWzU9GUY6cgVq/eUXjsKj3zSEhQPgrfRlWLJ23DEE0NkVJD2IfgXU42tSHKXzlA
-BF9bfsyjxiupQB7ZNoTWSPOSHjRGICTBpFGOShrvUD9pXRl/RcPHAY9RySPocq60vFYJfxLLHLGv
-KZAKyVXMD9O0Gu1HNVpK7ZxzBCHQqr0ME7UAyiZsxGsMlFqVlNpQmvH/pStmMaTJOKDfHR+4CS7z
-p+hnUquVH+BGPtikw8paxTGA6Eian5Rp/hnd2HN8gcqW3o7tszIFZYQ05ub9VxC1X3a/L7AQDcUC
-AwEAAaOCARowggEWMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFP3aFMSfMN4hvR5COfyrYyNJ
-4PGEMA4GA1UdDwEB/wQEAwIBBjCB0wYDVR0fBIHLMIHIMIGAoH6gfIZ6bGRhcDovL2RpcmVjdG9y
-eS5kLXRydXN0Lm5ldC9DTj1ELVRSVVNUJTIwUm9vdCUyMENsYXNzJTIwMyUyMENBJTIwMiUyMDIw
-MDksTz1ELVRydXN0JTIwR21iSCxDPURFP2NlcnRpZmljYXRlcmV2b2NhdGlvbmxpc3QwQ6BBoD+G
-PWh0dHA6Ly93d3cuZC10cnVzdC5uZXQvY3JsL2QtdHJ1c3Rfcm9vdF9jbGFzc18zX2NhXzJfMjAw
-OS5jcmwwDQYJKoZIhvcNAQELBQADggEBAH+X2zDI36ScfSF6gHDOFBJpiBSVYEQBrLLpME+bUMJm
-2H6NMLVwMeniacfzcNsgFYbQDfC+rAF1hM5+n02/t2A7nPPKHeJeaNijnZflQGDSNiH+0LS4F9p0
-o3/U37CYAqxva2ssJSRyoWXuJVrl5jLn8t+rSfrzkGkj2wTZ51xY/GXUl77M/C4KzCUqNQT4YJEV
-dT1B/yMfGchs64JTBKbkTCJNjYy6zltz7GRUUG3RnFX7acM2w4y8PIWmawomDeCTmGCufsYkl4ph
-X5GOZpIJhzbNi5stPvZR1FDUWSi9g/LMKHtThm3YJohw1+qRzT65ysCQblrGXnRl11z+o+I=
+MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
+IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
+cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx
+MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
+dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
+ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3
+DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ
+SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F
+vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970
+2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV
+WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
+YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4
+r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf
+vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR
+3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
+9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert082.pem b/test/rules/platform_certs/default/cert082.pem
index cd874b93b2b9..2a9b5689940f 100644
--- a/test/rules/platform_certs/default/cert082.pem
+++ b/test/rules/platform_certs/default/cert082.pem
@@ -1,23 +1,19 @@
-D-TRUST Root Class 3 CA 2 EV 2009
+Atos TrustedRoot 2011
 -----BEGIN CERTIFICATE-----
-MIIEQzCCAyugAwIBAgIDCYP0MA0GCSqGSIb3DQEBCwUAMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
-DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
-OTAeFw0wOTExMDUwODUwNDZaFw0yOTExMDUwODUwNDZaMFAxCzAJBgNVBAYTAkRFMRUwEwYDVQQK
-DAxELVRydXN0IEdtYkgxKjAoBgNVBAMMIUQtVFJVU1QgUm9vdCBDbGFzcyAzIENBIDIgRVYgMjAw
-OTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAJnxhDRwui+3MKCOvXwEz75ivJn9gpfS
-egpnljgJ9hBOlSJzmY3aFS3nBfwZcyK3jpgAvDw9rKFs+9Z5JUut8Mxk2og+KbgPCdM03TP1YtHh
-zRnp7hhPTFiu4h7WDFsVWtg6uMQYZB7jM7K1iXdODL/ZlGsTl28So/6ZqQTMFexgaDbtCHu39b+T
-7WYxg4zGcTSHThfqr4uRjRxWQa4iN1438h3Z0S0NL2lRp75mpoo6Kr3HGrHhFPC+Oh25z1uxav60
-sUYgovseO3Dvk5h9jHOW8sXvhXCtKSb8HgQ+HKDYD8tSg2J87otTlZCpV6LqYQXY+U3EJ/pure35
-11H3a6UCAwEAAaOCASQwggEgMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNOUikxiEyoZLsyv
-cop9NteaHNxnMA4GA1UdDwEB/wQEAwIBBjCB3QYDVR0fBIHVMIHSMIGHoIGEoIGBhn9sZGFwOi8v
-ZGlyZWN0b3J5LmQtdHJ1c3QubmV0L0NOPUQtVFJVU1QlMjBSb290JTIwQ2xhc3MlMjAzJTIwQ0El
-MjAyJTIwRVYlMjAyMDA5LE89RC1UcnVzdCUyMEdtYkgsQz1ERT9jZXJ0aWZpY2F0ZXJldm9jYXRp
-b25saXN0MEagRKBChkBodHRwOi8vd3d3LmQtdHJ1c3QubmV0L2NybC9kLXRydXN0X3Jvb3RfY2xh
-c3NfM19jYV8yX2V2XzIwMDkuY3JsMA0GCSqGSIb3DQEBCwUAA4IBAQA07XtaPKSUiO8aEXUHL7P+
-PPoeUSbrh/Yp3uDx1MYkCenBz1UbtDDZzhr+BlGmFaQt77JLvyAoJUnRpjZ3NOhk31KxEcdzes05
-nsKtjHEh8lprr988TlWvsoRlFIm5d8sqMb7Po23Pb0iUMkZv53GMoKaEGTcH8gNFCSuGdXzfX2lX
-ANtu2KZyIktQ1HWYVt+3GP9DQ1CuekR78HlR10M9p9OB0/DJT7naxpeG0ILD5EJt/rDiZE4OJudA
-NCa1CInXCGNjOCd1HjPqbqjdn5lPdE2BiYBL3ZqXKVwvvoFBuYz/6n1gBp7N1z3TLqMVvKjmJuVv
-w9y4AyHqnxbxLFS1
+MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU
+cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4
+MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG
+A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV
+hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr
+54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+
+DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320
+HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR
+z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R
+l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ
+bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
+CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h
+k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh
+TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9
+61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G
+3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert083.pem b/test/rules/platform_certs/default/cert083.pem
index c9f58bac9252..dd4d451ac717 100644
--- a/test/rules/platform_certs/default/cert083.pem
+++ b/test/rules/platform_certs/default/cert083.pem
@@ -1,28 +1,28 @@
-CA Disig Root R1
+QuoVadis Root CA 1 G3
 -----BEGIN CERTIFICATE-----
-MIIFaTCCA1GgAwIBAgIJAMMDmu5QkG4oMA0GCSqGSIb3DQEBBQUAMFIxCzAJBgNVBAYTAlNLMRMw
-EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
-ZyBSb290IFIxMB4XDTEyMDcxOTA5MDY1NloXDTQyMDcxOTA5MDY1NlowUjELMAkGA1UEBhMCU0sx
-EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
-c2lnIFJvb3QgUjEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCqw3j33Jijp1pedxiy
-3QRkD2P9m5YJgNXoqqXinCaUOuiZc4yd39ffg/N4T0Dhf9Kn0uXKE5Pn7cZ3Xza1lK/oOI7bm+V8
-u8yN63Vz4STN5qctGS7Y1oprFOsIYgrY3LMATcMjfF9DCCMyEtztDK3AfQ+lekLZWnDZv6fXARz2
-m6uOt0qGeKAeVjGu74IKgEH3G8muqzIm1Cxr7X1r5OJeIgpFy4QxTaz+29FHuvlglzmxZcfe+5nk
-CiKxLU3lSCZpq+Kq8/v8kiky6bM+TR8noc2OuRf7JT7JbvN32g0S9l3HuzYQ1VTW8+DiR0jm3hTa
-YVKvJrT1cU/J19IG32PK/yHoWQbgCNWEFVP3Q+V8xaCJmGtzxmjOZd69fwX3se72V6FglcXM6pM6
-vpmumwKjrckWtc7dXpl4fho5frLABaTAgqWjR56M6ly2vGfb5ipN0gTco65F97yLnByn1tUD3AjL
-LhbKXEAz6GfDLuemROoRRRw1ZS0eRWEkG4IupZ0zXWX4Qfkuy5Q/H6MMMSRE7cderVC6xkGbrPAX
-ZcD4XW9boAo0PO7X6oifmPmvTiT6l7Jkdtqr9O3jw2Dv1fkCyC2fg69naQanMVXVz0tv/wQFx1is
-XxYb5dKj6zHbHzMVTdDypVP1y+E9Tmgt2BLdqvLmTZtJ5cUoobqwWsagtQIDAQABo0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUiQq0OJMa5qvum5EY+fU8PjXQ
-04IwDQYJKoZIhvcNAQEFBQADggIBADKL9p1Kyb4U5YysOMo6CdQbzoaz3evUuii+Eq5FLAR0rBNR
-xVgYZk2C2tXck8An4b58n1KeElb21Zyp9HWc+jcSjxyT7Ff+Bw+r1RL3D65hXlaASfX8MPWbTx9B
-LxyE04nH4toCdu0Jz2zBuByDHBb6lM19oMgY0sidbvW9adRtPTXoHqJPYNcHKfyyo6SdbhWSVhlM
-CrDpfNIZTUJG7L399ldb3Zh+pE3McgODWF3vkzpBemOqfDqo9ayk0d2iLbYq/J8BjuIQscTK5Gfb
-VSUZP/3oNn6z4eGBrxEWi1CXYBmCAMBrTXO40RMHPuq2MU/wQppt4hF05ZSsjYSVPCGvxdpHyN85
-YmLLW1AL14FABZyb7bq2ix4Eb5YgOe2kfSnbSM6C3NQCjR0EMVrHS/BsYVLXtFHCgWzN4funodKS
-ds+xDzdYpPJScWc/DIh4gInByLUfkmO+p3qKViwaqKactV2zY9ATIKHrkWzQjX2v3wvkF7mGnjix
-lAxYjOBVqjtjbZqJYLhkKpLGN/R+Q0O3c+gB53+XD9fyexn9GtePyfqFa3qdnom2piiZk4hA9z7N
-UaPK6u95RyG1/jLix8NRb76AdPCkwzryT+lf3xkK8jsTQ6wxpLPn6/wY1gGp8yqPNg7rtLG8t0zJ
-a7+h89n07eLw4+1knj0vllJPgFOL
+MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE
+PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm
+PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6
+Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN
+ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l
+g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV
+7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX
+9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f
+iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg
+t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI
+hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
+MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3
+GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct
+Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP
++V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh
+3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa
+wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6
+O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0
+FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV
+hMJKzRwuJIczYOXD
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert084.pem b/test/rules/platform_certs/default/cert084.pem
index e1336960f501..95a5c8c60e12 100644
--- a/test/rules/platform_certs/default/cert084.pem
+++ b/test/rules/platform_certs/default/cert084.pem
@@ -1,28 +1,28 @@
-CA Disig Root R2
+QuoVadis Root CA 2 G3
 -----BEGIN CERTIFICATE-----
-MIIFaTCCA1GgAwIBAgIJAJK4iNuwisFjMA0GCSqGSIb3DQEBCwUAMFIxCzAJBgNVBAYTAlNLMRMw
-EQYDVQQHEwpCcmF0aXNsYXZhMRMwEQYDVQQKEwpEaXNpZyBhLnMuMRkwFwYDVQQDExBDQSBEaXNp
-ZyBSb290IFIyMB4XDTEyMDcxOTA5MTUzMFoXDTQyMDcxOTA5MTUzMFowUjELMAkGA1UEBhMCU0sx
-EzARBgNVBAcTCkJyYXRpc2xhdmExEzARBgNVBAoTCkRpc2lnIGEucy4xGTAXBgNVBAMTEENBIERp
-c2lnIFJvb3QgUjIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCio8QACdaFXS1tFPbC
-w3OeNcJxVX6B+6tGUODBfEl45qt5WDza/3wcn9iXAng+a0EE6UG9vgMsRfYvZNSrXaNHPWSb6Wia
-xswbP7q+sos0Ai6YVRn8jG+qX9pMzk0DIaPY0jSTVpbLTAwAFjxfGs3Ix2ymrdMxp7zo5eFm1tL7
-A7RBZckQrg4FY8aAamkw/dLukO8NJ9+flXP04SXabBbeQTg06ov80egEFGEtQX6sx3dOy1FU+16S
-GBsEWmjGycT6txOgmLcRK7fWV8x8nhfRyyX+hk4kLlYMeE2eARKmK6cBZW58Yh2EhN/qwGu1pSqV
-g8NTEQxzHQuyRpDRQjrOQG6Vrf/GlK1ul4SOfW+eioANSW1z4nuSHsPzwfPrLgVv2RvPN3YEyLRa
-5Beny912H9AZdugsBbPWnDTYltxhh5EF5EQIM8HauQhl1K6yNg3ruji6DOWbnuuNZt2Zz9aJQfYE
-koopKW1rOhzndX0CcQ7zwOe9yxndnWCywmZgtrEE7snmhrmaZkCo5xHtgUUDi/ZnWejBBhG93c+A
-Ak9lQHhcR1DIm+YfgXvkRKhbhZri3lrVx/k6RGZL5DJUfORsnLMOPReisjQS1n6yqEm70XooQL6i
-Fh/f5DcfEXP7kAplQ6INfPgGAVUzfbANuPT1rqVCV3w2EYx7XsQDnYx5nQIDAQABo0IwQDAPBgNV
-HRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUtZn4r7CU9eMg1gqtzk5WpC5u
-Qu0wDQYJKoZIhvcNAQELBQADggIBACYGXnDnZTPIgm7ZnBc6G3pmsgH2eDtpXi/q/075KMOYKmFM
-tCQSin1tERT3nLXK5ryeJ45MGcipvXrA1zYObYVybqjGom32+nNjf7xueQgcnYqfGopTpti72TVV
-sRHFqQOzVju5hJMiXn7B9hJSi+osZ7z+Nkz1uM/Rs0mSO9MpDpkblvdhuDvEK7Z4bLQjb/D907Je
-dR+Zlais9trhxTF7+9FGs9K8Z7RiVLoJ92Owk6Ka+elSLotgEqv89WBW7xBci8QaQtyDW2QOy7W8
-1k/BfDxujRNt+3vrMNDcTa/F1balTFtxyegxvug4BkihGuLq0t4SOVga/4AOgnXmt8kHbA7v/zjx
-mHHEt38OFdAlab0inSvtBfZGR6ztwPDUO+Ls7pZbkBNOHlY667DvlruWIxG68kOGdGSVyCh13x01
-utI3gzhTODY7z2zp+WsO0PsE6E9312UBeIYMej4hYvF/Y3EMyZ9E26gnonW+boE+18DrG5gPcFw0
-sorMwIUY6256s/daoQe/qUKS82Ail+QUoQebTnbAjn39pCXHR+3/H3OszMOl6W8KjptlwlCFtaOg
-UxLMVYdh84GuEEZhvUQhuMI9dM9+JDX6HAcOmz0iyu8xL4ysEr3vQCj8KWefshNPZiTEUxnpHikV
-7+ZtsH8tZ/3zbBt1RqPlShfppNcL
+MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
+ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY
+NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t
+oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o
+MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l
+V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo
+L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ
+sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD
+6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh
+lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI
+hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
+AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K
+pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9
+x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz
+dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X
+U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw
+mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD
+zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
+JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr
+O3jtZsSOeWmD3n+M
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert085.pem b/test/rules/platform_certs/default/cert085.pem
index b261207dbfe6..cd999ae3da64 100644
--- a/test/rules/platform_certs/default/cert085.pem
+++ b/test/rules/platform_certs/default/cert085.pem
@@ -1,39 +1,28 @@
-ACCVRAIZ1
+QuoVadis Root CA 3 G3
 -----BEGIN CERTIFICATE-----
-MIIH0zCCBbugAwIBAgIIXsO3pkN/pOAwDQYJKoZIhvcNAQEFBQAwQjESMBAGA1UEAwwJQUNDVlJB
-SVoxMRAwDgYDVQQLDAdQS0lBQ0NWMQ0wCwYDVQQKDARBQ0NWMQswCQYDVQQGEwJFUzAeFw0xMTA1
-MDUwOTM3MzdaFw0zMDEyMzEwOTM3MzdaMEIxEjAQBgNVBAMMCUFDQ1ZSQUlaMTEQMA4GA1UECwwH
-UEtJQUNDVjENMAsGA1UECgwEQUNDVjELMAkGA1UEBhMCRVMwggIiMA0GCSqGSIb3DQEBAQUAA4IC
-DwAwggIKAoICAQCbqau/YUqXry+XZpp0X9DZlv3P4uRm7x8fRzPCRKPfmt4ftVTdFXxpNRFvu8gM
-jmoYHtiP2Ra8EEg2XPBjs5BaXCQ316PWywlxufEBcoSwfdtNgM3802/J+Nq2DoLSRYWoG2ioPej0
-RGy9ocLLA76MPhMAhN9KSMDjIgro6TenGEyxCQ0jVn8ETdkXhBilyNpAlHPrzg5XPAOBOp0KoVdD
-aaxXbXmQeOW1tDvYvEyNKKGno6e6Ak4l0Squ7a4DIrhrIA8wKFSVf+DuzgpmndFALW4ir50awQUZ
-0m/A8p/4e7MCQvtQqR0tkw8jq8bBD5L/0KIV9VMJcRz/RROE5iZe+OCIHAr8Fraocwa48GOEAqDG
-WuzndN9wrqODJerWx5eHk6fGioozl2A3ED6XPm4pFdahD9GILBKfb6qkxkLrQaLjlUPTAYVtjrs7
-8yM2x/474KElB0iryYl0/wiPgL/AlmXz7uxLaL2diMMxs0Dx6M/2OLuc5NF/1OVYm3z61PMOm3WR
-5LpSLhl+0fXNWhn8ugb2+1KoS5kE3fj5tItQo05iifCHJPqDQsGH+tUtKSpacXpkatcnYGMN285J
-9Y0fkIkyF/hzQ7jSWpOGYdbhdQrqeWZ2iE9x6wQl1gpaepPluUsXQA+xtrn13k/c4LOsOxFwYIRK
-Q26ZIMApcQrAZQIDAQABo4ICyzCCAscwfQYIKwYBBQUHAQEEcTBvMEwGCCsGAQUFBzAChkBodHRw
-Oi8vd3d3LmFjY3YuZXMvZmlsZWFkbWluL0FyY2hpdm9zL2NlcnRpZmljYWRvcy9yYWl6YWNjdjEu
-Y3J0MB8GCCsGAQUFBzABhhNodHRwOi8vb2NzcC5hY2N2LmVzMB0GA1UdDgQWBBTSh7Tj3zcnk1X2
-VuqB5TbMjB4/vTAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFNKHtOPfNyeTVfZW6oHlNsyM
-Hj+9MIIBcwYDVR0gBIIBajCCAWYwggFiBgRVHSAAMIIBWDCCASIGCCsGAQUFBwICMIIBFB6CARAA
-QQB1AHQAbwByAGkAZABhAGQAIABkAGUAIABDAGUAcgB0AGkAZgBpAGMAYQBjAGkA8wBuACAAUgBh
-AO0AegAgAGQAZQAgAGwAYQAgAEEAQwBDAFYAIAAoAEEAZwBlAG4AYwBpAGEAIABkAGUAIABUAGUA
-YwBuAG8AbABvAGcA7QBhACAAeQAgAEMAZQByAHQAaQBmAGkAYwBhAGMAaQDzAG4AIABFAGwAZQBj
-AHQAcgDzAG4AaQBjAGEALAAgAEMASQBGACAAUQA0ADYAMAAxADEANQA2AEUAKQAuACAAQwBQAFMA
-IABlAG4AIABoAHQAdABwADoALwAvAHcAdwB3AC4AYQBjAGMAdgAuAGUAczAwBggrBgEFBQcCARYk
-aHR0cDovL3d3dy5hY2N2LmVzL2xlZ2lzbGFjaW9uX2MuaHRtMFUGA1UdHwROMEwwSqBIoEaGRGh0
-dHA6Ly93d3cuYWNjdi5lcy9maWxlYWRtaW4vQXJjaGl2b3MvY2VydGlmaWNhZG9zL3JhaXphY2N2
-MV9kZXIuY3JsMA4GA1UdDwEB/wQEAwIBBjAXBgNVHREEEDAOgQxhY2N2QGFjY3YuZXMwDQYJKoZI
-hvcNAQEFBQADggIBAJcxAp/n/UNnSEQU5CmH7UwoZtCPNdpNYbdKl02125DgBS4OxnnQ8pdpD70E
-R9m+27Up2pvZrqmZ1dM8MJP1jaGo/AaNRPTKFpV8M9xii6g3+CfYCS0b78gUJyCpZET/LtZ1qmxN
-YEAZSUNUY9rizLpm5U9EelvZaoErQNV/+QEnWCzI7UiRfD+mAM/EKXMRNt6GGT6d7hmKG9Ww7Y49
-nCrADdg9ZuM8Db3VlFzi4qc1GwQA9j9ajepDvV+JHanBsMyZ4k0ACtrJJ1vnE5Bc5PUzolVt3OAJ
-TS+xJlsndQAJxGJ3KQhfnlmstn6tn1QwIgPBHnFk/vk4CpYY3QIUrCPLBhwepH2NDd4nQeit2hW3
-sCPdK6jT2iWH7ehVRE2I9DZ+hJp4rPcOVkkO1jMl1oRQQmwgEh0q1b688nCBpHBgvgW1m54ERL5h
-I6zppSSMEYCUWqKiuUnSwdzRp+0xESyeGabu4VXhwOrPDYTkF7eifKXeVSUG7szAh1xA2syVP1Xg
-Nce4hL60Xc16gwFy7ofmXx2utYXGJt/mwZrpHgJHnyqobalbz+xFd3+YJ5oyXSrjhO7FmGYvliAd
-3djDJ9ew+f7Zfc3Qn48LFFhRny+Lwzgt3uiP1o2HpPVWQxaZLPSkVrQ0uGE3ycJYgBugl6H8WY3p
-EfbRD0tVNEYqi4Y7
+MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
+A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
+b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN
+MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg
+RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286
+IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL
+Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe
+6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3
+I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U
+VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7
+5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi
+Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM
+dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt
+rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI
+hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
+KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS
+t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ
+TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
+DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib
+Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD
+hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX
+0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW
+dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2
+PpxxVJkES/1Y+Zj0
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert086.pem b/test/rules/platform_certs/default/cert086.pem
index 7c69ef53587c..0ed774566a19 100644
--- a/test/rules/platform_certs/default/cert086.pem
+++ b/test/rules/platform_certs/default/cert086.pem
@@ -1,27 +1,20 @@
-TWCA Global Root CA
+DigiCert Assured ID Root G2
 -----BEGIN CERTIFICATE-----
-MIIFQTCCAymgAwIBAgICDL4wDQYJKoZIhvcNAQELBQAwUTELMAkGA1UEBhMCVFcxEjAQBgNVBAoT
-CVRBSVdBTi1DQTEQMA4GA1UECxMHUm9vdCBDQTEcMBoGA1UEAxMTVFdDQSBHbG9iYWwgUm9vdCBD
-QTAeFw0xMjA2MjcwNjI4MzNaFw0zMDEyMzExNTU5NTlaMFExCzAJBgNVBAYTAlRXMRIwEAYDVQQK
-EwlUQUlXQU4tQ0ExEDAOBgNVBAsTB1Jvb3QgQ0ExHDAaBgNVBAMTE1RXQ0EgR2xvYmFsIFJvb3Qg
-Q0EwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCwBdvI64zEbooh745NnHEKH1Jw7W2C
-nJfF10xORUnLQEK1EjRsGcJ0pDFfhQKX7EMzClPSnIyOt7h52yvVavKOZsTuKwEHktSz0ALfUPZV
-r2YOy+BHYC8rMjk1Ujoog/h7FsYYuGLWRyWRzvAZEk2tY/XTP3VfKfChMBwqoJimFb3u/Rk28OKR
-Q4/6ytYQJ0lM793B8YVwm8rqqFpD/G2Gb3PpN0Wp8DbHzIh1HrtsBv+baz4X7GGqcXzGHaL3SekV
-tTzWoWH1EfcFbx39Eb7QMAfCKbAJTibc46KokWofwpFFiFzlmLhxpRUZyXx1EcxwdE8tmx2RRP1W
-KKD+u4ZqyPpcC1jcxkt2yKsi2XMPpfRaAok/T54igu6idFMqPVMnaR1sjjIsZAAmY2E2TqNGtz99
-sy2sbZCilaLOz9qC5wc0GZbpuCGqKX6mOL6OKUohZnkfs8O1CWfe1tQHRvMq2uYiN2DLgbYPoA/p
-yJV/v1WRBXrPPRXAb94JlAGD1zQbzECl8LibZ9WYkTunhHiVJqRaCPgrdLQABDzfuBSO6N+pjWxn
-kjMdwLfS7JLIvgm/LCkFbwJrnu+8vyq8W8BQj0FwcYeyTbcEqYSjMq+u7msXi7Kx/mzhkIyIqJdI
-zshNy/MGz19qCkKxHh53L46g5pIOBvwFItIm4TFRfTLcDwIDAQABoyMwITAOBgNVHQ8BAf8EBAMC
-AQYwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAgEAXzSBdu+WHdXltdkCY4QWwa6g
-cFGn90xHNcgL1yg9iXHZqjNB6hQbbCEAwGxCGX6faVsgQt+i0trEfJdLjbDorMjupWkEmQqSpqsn
-LhpNgb+E1HAerUf+/UqdM+DyucRFCCEK2mlpc3INvjT+lIutwx4116KD7+U4x6WFH6vPNOw/KP4M
-8VeGTslV9xzU2KV9Bnpv1d8Q34FOIWWxtuEXeZVFBs5fzNxGiWNoRI2T9GRwoD2dKAXDOXC4Ynsg
-/eTb6QihuJ49CcdP+yz4k3ZB3lLg4VfSnQO8d57+nile98FRYB/e2guyLXW3Q0iT5/Z5xoRdgFlg
-lPx4mI88k1HtQJAH32RjJMtOcQWh15QaiDLxInQirqWm2BJpTGCjAu4r7NRjkgtevi92a6O2JryP
-A9gK8kxkRr05YuWW6zRjESjMlfGt7+/cgFhI6Uu46mWs6fyAtbXIRfmswZ/ZuepiiI7E8UuDEq3m
-i4TWnsLrgxifarsbJGAzcMzs9zLzXNl5fe+epP7JI8Mk7hWSsT2RTyaGvWZzJBPqpK5jwa19hAM8
-EHiGG3njxPPyBJUgriOCxLM6AGK/5jYk4Ve6xx6QddVfP5VhK8E7zeWzaGHQRiapIVJpLesux+t3
-zqY6tQMzT3bR51xUAV3LePTJDL/PEo4XLSNolOer/qmyKwbQBM0=
+MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
+IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw
+MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
+ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw
+ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
+35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq
+bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw
+VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP
+YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn
+lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO
+w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv
+0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz
+d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW
+hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M
+jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
+IhNzbM8m9Yop5w==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert087.pem b/test/rules/platform_certs/default/cert087.pem
index f5bd27acb7c2..5f893978490b 100644
--- a/test/rules/platform_certs/default/cert087.pem
+++ b/test/rules/platform_certs/default/cert087.pem
@@ -1,27 +1,14 @@
-TeliaSonera Root CA v1
+DigiCert Assured ID Root G3
 -----BEGIN CERTIFICATE-----
-MIIFODCCAyCgAwIBAgIRAJW+FqD3LkbxezmCcvqLzZYwDQYJKoZIhvcNAQEFBQAwNzEUMBIGA1UE
-CgwLVGVsaWFTb25lcmExHzAdBgNVBAMMFlRlbGlhU29uZXJhIFJvb3QgQ0EgdjEwHhcNMDcxMDE4
-MTIwMDUwWhcNMzIxMDE4MTIwMDUwWjA3MRQwEgYDVQQKDAtUZWxpYVNvbmVyYTEfMB0GA1UEAwwW
-VGVsaWFTb25lcmEgUm9vdCBDQSB2MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMK+
-6yfwIaPzaSZVfp3FVRaRXP3vIb9TgHot0pGMYzHw7CTww6XScnwQbfQ3t+XmfHnqjLWCi65ItqwA
-3GV17CpNX8GH9SBlK4GoRz6JI5UwFpB/6FcHSOcZrr9FZ7E3GwYq/t75rH2D+1665I+XZ75Ljo1k
-B1c4VWk0Nj0TSO9P4tNmHqTPGrdeNjPUtAa9GAH9d4RQAEX1jF3oI7x+/jXh7VB7qTCNGdMJjmhn
-Xb88lxhTuylixcpecsHHltTbLaC0H2kD7OriUPEMPPCs81Mt8Bz17Ww5OXOAFshSsCPN4D7c3TxH
-oLs1iuKYaIu+5b9y7tL6pe0S7fyYGKkmdtwoSxAgHNN/Fnct7W+A90m7UwW7XWjH1Mh1Fj+JWov3
-F0fUTPHSiXk+TT2YqGHeOh7S+F4D4MHJHIzTjU3TlTazN19jY5szFPAtJmtTfImMMsJu7D0hADnJ
-oWjiUIMusDor8zagrC/kb2HCUQk5PotTubtn2txTuXZZNp1D5SDgPTJghSJRt8czu90VL6R4pgd7
-gUY2BIbdeTXHlSw7sKMXNeVzH7RcWe/a6hBle3rQf5+ztCo3O3CLm1u5K7fsslESl1MpWtTwEhDc
-TwK7EpIvYtQ/aUN8Ddb8WHUBiJ1YFkveupD/RwGJBmr2X7KQarMCpgKIv7NHfirZ1fpoeDVNAgMB
-AAGjPzA9MA8GA1UdEwEB/wQFMAMBAf8wCwYDVR0PBAQDAgEGMB0GA1UdDgQWBBTwj1k4ALP1j5qW
-DNXr+nuqF+gTEjANBgkqhkiG9w0BAQUFAAOCAgEAvuRcYk4k9AwI//DTDGjkk0kiP0Qnb7tt3oNm
-zqjMDfz1mgbldxSR651Be5kqhOX//CHBXfDkH1e3damhXwIm/9fH907eT/j3HEbAek9ALCI18Bmx
-0GtnLLCo4MBANzX2hFxc469CeP6nyQ1Q6g2EdvZR74NTxnr/DlZJLo961gzmJ1TjTQpgcmLNkQfW
-pb/ImWvtxBnmq0wROMVvMeJuScg/doAmAyYp4Db29iBT4xdwNBedY2gea+zDTYa4EzAvXUYNR0PV
-G6pZDrlcjQZIrXSHX8f8MVRBE+LHIQ6e4B4N4cB7Q4WQxYpYxmUKeFfyxiMPAdkgS94P+5KFdSpc
-c41teyWRyu5FrgZLAMzTsVlQ2jqIOylDRl6XK1TOU2+NSueW+r9xDkKLfP0ooNBIytrEgUy7onOT
-JsjrDNYmiLbAJM+7vVvrdX3pCI6GMyx5dwlppYn8s3CQh3aP0yK7Qs69cwsgJirQmz1wHiRszYd2
-qReWt88NkvuOGKmYSdGe/mBEciG5Ge3C9THxOUiIkCR1VBatzvT4aRRkOfujuLpwQMcnHL/EVlP6
-Y2XQ8xwOFvVrhlhNGNTkDY6lnVuR3HYkUD/GKvvZt5y11ubQ2egZixVxSK236thZiNSQvxaz2ems
-WWFUyBy6ysHK4bkgTI86k4mloMy/0/Z1pHWWbVY=
+MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
+VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ
+BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb
+RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs
+KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF
+UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy
+YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy
+1vUhZscv6pZjamVFkpUBtA==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert088.pem b/test/rules/platform_certs/default/cert088.pem
index d2dbf23e5cde..4715cc06e81b 100644
--- a/test/rules/platform_certs/default/cert088.pem
+++ b/test/rules/platform_certs/default/cert088.pem
@@ -1,32 +1,20 @@
-E-Tugra Certification Authority
+DigiCert Global Root G2
 -----BEGIN CERTIFICATE-----
-MIIGSzCCBDOgAwIBAgIIamg+nFGby1MwDQYJKoZIhvcNAQELBQAwgbIxCzAJBgNVBAYTAlRSMQ8w
-DQYDVQQHDAZBbmthcmExQDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamls
-ZXJpIHZlIEhpem1ldGxlcmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBN
-ZXJrZXppMSgwJgYDVQQDDB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MB4XDTEzMDMw
-NTEyMDk0OFoXDTIzMDMwMzEyMDk0OFowgbIxCzAJBgNVBAYTAlRSMQ8wDQYDVQQHDAZBbmthcmEx
-QDA+BgNVBAoMN0UtVHXEn3JhIEVCRyBCaWxpxZ9pbSBUZWtub2xvamlsZXJpIHZlIEhpem1ldGxl
-cmkgQS7Fni4xJjAkBgNVBAsMHUUtVHVncmEgU2VydGlmaWthc3lvbiBNZXJrZXppMSgwJgYDVQQD
-DB9FLVR1Z3JhIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
-MIICCgKCAgEA4vU/kwVRHoViVF56C/UYB4Oufq9899SKa6VjQzm5S/fDxmSJPZQuVIBSOTkHS0vd
-hQd2h8y/L5VMzH2nPbxHD5hw+IyFHnSOkm0bQNGZDbt1bsipa5rAhDGvykPL6ys06I+XawGb1Q5K
-CKpbknSFQ9OArqGIW66z6l7LFpp3RMih9lRozt6Plyu6W0ACDGQXwLWTzeHxE2bODHnv0ZEoq1+g
-ElIwcxmOj+GMB6LDu0rw6h8VqO4lzKRG+Bsi77MOQ7osJLjFLFzUHPhdZL3Dk14opz8n8Y4e0ypQ
-BaNV2cvnOVPAmJ6MVGKLJrD3fY185MaeZkJVgkfnsliNZvcHfC425lAcP9tDJMW/hkd5s3kc91r0
-E+xs+D/iWR+V7kI+ua2oMoVJl0b+SzGPWsutdEcf6ZG33ygEIqDUD13ieU/qbIWGvaimzuT6w+Gz
-rt48Ue7LE3wBf4QOXVGUnhMMti6lTPk5cDZvlsouDERVxcr6XQKj39ZkjFqzAQqptQpHF//vkUAq
-jqFGOjGY5RH8zLtJVor8udBhmm9lbObDyz51Sf6Pp+KJxWfXnUYTTjF2OySznhFlhqt/7x3U+Lzn
-rFpct1pHXFXOVbQicVtbC/DP3KBhZOqp12gKY6fgDT+gr9Oq0n7vUaDmUStVkhUXU8u3Zg5mTPj5
-dUyQ5xJwx0UCAwEAAaNjMGEwHQYDVR0OBBYEFC7j27JJ0JxUeVz6Jyr+zE7S6E5UMA8GA1UdEwEB
-/wQFMAMBAf8wHwYDVR0jBBgwFoAULuPbsknQnFR5XPonKv7MTtLoTlQwDgYDVR0PAQH/BAQDAgEG
-MA0GCSqGSIb3DQEBCwUAA4ICAQAFNzr0TbdF4kV1JI+2d1LoHNgQk2Xz8lkGpD4eKexd0dCrfOAK
-kEh47U6YA5n+KGCRHTAduGN8qOY1tfrTYXbm1gdLymmasoR6d5NFFxWfJNCYExL/u6Au/U5Mh/jO
-XKqYGwXgAEZKgoClM4so3O0409/lPun++1ndYYRP0lSWE2ETPo+Aab6TR7U1Q9Jauz1c77NCR807
-VRMGsAnb/WP2OogKmW9+4c4bU2pEZiNRCHu8W1Ki/QY3OEBhj0qWuJA3+GbHeJAAFS6LrVE1Uweo
-a2iu+U48BybNCAVwzDk/dr2l02cmAYamU9JgO3xDf1WKvJUawSg5TB9D0pH0clmKuVb8P7Sd2nCc
-dlqMQ1DujjByTd//SffGqWfZbawCEeI6FiWnWAjLb1NBnEg4R2gz0dfHj9R0IdTDBZB6/86WiLEV
-KV0jq9BgoRJP3vQXzTLlyb/IQ639Lo7xr+L0mPoSHyDYwKcMhcWQ9DstliaxLL5Mq+ux0orJ23gT
-Dx4JnW2PAJ8C2sH6H3p6CcRK5ogql5+Ji/03X186zjhZhkuvcQu02PJwT58yE+Owp1fl2tpDy4Q0
-8ijE6m30Ku/Ba3ba+367hTzSU8JNvnHhRdH9I2cNE3X7z2VnIp2usAnRCf8dNL/+I5c30jn6PQ0G
-C7TbO6Orb1wdtn7os4I07QZcJA==
+MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
+HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx
+MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
+dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq
+hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ
+kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO
+3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV
+BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
+UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB
+o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu
+5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr
+F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U
+WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH
+QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/
+iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
+MrY=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert089.pem b/test/rules/platform_certs/default/cert089.pem
index 71499a1bed01..a01d9ffcf46a 100644
--- a/test/rules/platform_certs/default/cert089.pem
+++ b/test/rules/platform_certs/default/cert089.pem
@@ -1,20 +1,14 @@
-T-TeleSec GlobalRoot Class 2
+DigiCert Global Root G3
 -----BEGIN CERTIFICATE-----
-MIIDwzCCAqugAwIBAgIBATANBgkqhkiG9w0BAQsFADCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoM
-IlQtU3lzdGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBU
-cnVzdCBDZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwHhcNMDgx
-MDAxMTA0MDE0WhcNMzMxMDAxMjM1OTU5WjCBgjELMAkGA1UEBhMCREUxKzApBgNVBAoMIlQtU3lz
-dGVtcyBFbnRlcnByaXNlIFNlcnZpY2VzIEdtYkgxHzAdBgNVBAsMFlQtU3lzdGVtcyBUcnVzdCBD
-ZW50ZXIxJTAjBgNVBAMMHFQtVGVsZVNlYyBHbG9iYWxSb290IENsYXNzIDIwggEiMA0GCSqGSIb3
-DQEBAQUAA4IBDwAwggEKAoIBAQCqX9obX+hzkeXaXPSi5kfl82hVYAUdAqSzm1nzHoqvNK38DcLZ
-SBnuaY/JIPwhqgcZ7bBcrGXHX+0CfHt8LRvWurmAwhiCFoT6ZrAIxlQjgeTNuUk/9k9uN0goOA/F
-vudocP05l03Sx5iRUKrERLMjfTlH6VJi1hKTXrcxlkIF+3anHqP1wvzpesVsqXFP6st4vGCvx970
-2cu+fjOlbpSD8DT6IavqjnKgP6TeMFvvhk1qlVtDRKgQFRzlAVfFmPHmBiiRqiDFt1MmUUOyCxGV
-WOHAD3bZwI18gfNycJ5v/hqO2V81xrJvNHy+SE/iWjnX2J14np+GPgNeGYtEotXHAgMBAAGjQjBA
-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBS/WSA2AHmgoCJrjNXy
-YdK4LMuCSjANBgkqhkiG9w0BAQsFAAOCAQEAMQOiYQsfdOhyNsZt+U2e+iKo4YFWz827n+qrkRk4
-r6p8FU3ztqONpfSO9kSpp+ghla0+AGIWiPACuvxhI+YzmzB6azZie60EI4RYZeLbK4rnJVM3YlNf
-vNoBYimipidx5joifsFvHZVwIEoHNN/q/xWA5brXethbdXwFeilHfkCoMRN3zUA7tFFHei4R40cR
-3p1m0IvVVGb6g1XqfMIpiRvpb7PO4gWEyS8+eIVibslfwXhjdFjASBgMmTnrpMwatXlajRWc2BQN
-9noHV8cigwUtPJslJj0Ys6lDfMjIq2SPDqO/nBudMNva0Bkuqjzx+zOAduTNrRlPBSeOE6Fuwg==
+MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV
+UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD
+VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw
+MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k
+aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C
+AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
+YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP
+BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
+Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y
+3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34
+VOKa5Vt8sycX
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert090.pem b/test/rules/platform_certs/default/cert090.pem
index 2a9b5689940f..4b7b355f12ee 100644
--- a/test/rules/platform_certs/default/cert090.pem
+++ b/test/rules/platform_certs/default/cert090.pem
@@ -1,19 +1,29 @@
-Atos TrustedRoot 2011
+DigiCert Trusted Root G4
 -----BEGIN CERTIFICATE-----
-MIIDdzCCAl+gAwIBAgIIXDPLYixfszIwDQYJKoZIhvcNAQELBQAwPDEeMBwGA1UEAwwVQXRvcyBU
-cnVzdGVkUm9vdCAyMDExMQ0wCwYDVQQKDARBdG9zMQswCQYDVQQGEwJERTAeFw0xMTA3MDcxNDU4
-MzBaFw0zMDEyMzEyMzU5NTlaMDwxHjAcBgNVBAMMFUF0b3MgVHJ1c3RlZFJvb3QgMjAxMTENMAsG
-A1UECgwEQXRvczELMAkGA1UEBhMCREUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCV
-hTuXbyo7LjvPpvMpNb7PGKw+qtn4TaA+Gke5vJrf8v7MPkfoepbCJI419KkM/IL9bcFyYie96mvr
-54rMVD6QUM+A1JX76LWC1BTFtqlVJVfbsVD2sGBkWXppzwO3bw2+yj5vdHLqqjAqc2K+SZFhyBH+
-DgMq92og3AIVDV4VavzjgsG1xZ1kCWyjWZgHJ8cblithdHFsQ/H3NYkQ4J7sVaE3IqKHBAUsR320
-HLliKWYoyrfhk/WklAOZuXCFteZI6o1Q/NnezG8HDt0Lcp2AMBYHlT8oDv3FdU9T1nSatCQujgKR
-z3bFmx5VdJx4IbHwLfELn8LVlhgf8FQieowHAgMBAAGjfTB7MB0GA1UdDgQWBBSnpQaxLKYJYO7R
-l+lwrrw7GWzbITAPBgNVHRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFKelBrEspglg7tGX6XCuvDsZ
-bNshMBgGA1UdIAQRMA8wDQYLKwYBBAGwLQMEAQEwDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEB
-CwUAA4IBAQAmdzTblEiGKkGdLD4GkGDEjKwLVLgfuXvTBznk+j57sj1O7Z8jvZfza1zv7v1Apt+h
-k6EKhqzvINB5Ab149xnYJDE0BAGmuhWawyfc2E8PzBhj/5kPDpFrdRbhIfzYJsdHt6bPWHJxfrrh
-TZVHO8mvbaG0weyJ9rQPOLXiZNwlz6bb65pcmaHFCN795trV1lpFDMS3wrUU77QR/w4VtfX128a9
-61qn8FYiqTxlVMYVqL2Gns2Dlmh6cYGJ4Qvh6hEbaAjMaZ7snkGeRDImeuKHCnE96+RapNLbxc3G
-3mB/ufNPRJLvKrcYPqcZ2Qt9sTdBQrC6YB3y/gkRsPCHe6ed
+MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG
+EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw
+HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
+MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
+d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G
+CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp
+pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o
+k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
+vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY
+QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6
+MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm
+mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7
+f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH
+dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8
+oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
+DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
+ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY
+ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr
+yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy
+7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah
+ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN
+5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb
+/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa
+5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK
+G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
+82Z+
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert091.pem b/test/rules/platform_certs/default/cert091.pem
index dd4d451ac717..88b9cd8335db 100644
--- a/test/rules/platform_certs/default/cert091.pem
+++ b/test/rules/platform_certs/default/cert091.pem
@@ -1,28 +1,30 @@
-QuoVadis Root CA 1 G3
+COMODO RSA Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIFYDCCA0igAwIBAgIUeFhfLq0sGUvjNwc1NBMotZbUZZMwDQYJKoZIhvcNAQELBQAwSDELMAkG
-A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
-b3QgQ0EgMSBHMzAeFw0xMjAxMTIxNzI3NDRaFw00MjAxMTIxNzI3NDRaMEgxCzAJBgNVBAYTAkJN
-MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDEg
-RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCgvlAQjunybEC0BJyFuTHK3C3kEakE
-PBtVwedYMB0ktMPvhd6MLOHBPd+C5k+tR4ds7FtJwUrVu4/sh6x/gpqG7D0DmVIB0jWerNrwU8lm
-PNSsAgHaJNM7qAJGr6Qc4/hzWHa39g6QDbXwz8z6+cZM5cOGMAqNF34168Xfuw6cwI2H44g4hWf6
-Pser4BOcBRiYz5P1sZK0/CPTz9XEJ0ngnjybCKOLXSoh4Pw5qlPafX7PGglTvF0FBM+hSo+LdoIN
-ofjSxxR3W5A2B4GbPgb6Ul5jxaYA/qXpUhtStZI5cgMJYr2wYBZupt0lwgNm3fME0UDiTouG9G/l
-g6AnhF4EwfWQvTA9xO+oabw4m6SkltFi2mnAAZauy8RRNOoMqv8hjlmPSlzkYZqn0ukqeI1RPToV
-7qJZjqlc3sX5kCLliEVx3ZGZbHqfPT2YfF72vhZooF6uCyP8Wg+qInYtyaEQHeTTRCOQiJ/GKubX
-9ZqzWB4vMIkIG1SitZgj7Ah3HJVdYdHLiZxfokqRmu8hqkkWCKi9YSgxyXSthfbZxbGL0eUQMk1f
-iyA6PEkfM4VZDdvLCXVDaXP7a3F98N/ETH3Goy7IlXnLc6KOTk0k+17kBL5yG6YnLUlamXrXXAkg
-t3+UuU/xDRxeiEIbEbfnkduebPRq34wGmAOtzCjvpUfzUwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUo5fW816iEOGrRZ88F2Q87gFwnMwwDQYJKoZI
-hvcNAQELBQADggIBABj6W3X8PnrHX3fHyt/PX8MSxEBd1DKquGrX1RUVRpgjpeaQWxiZTOOtQqOC
-MTaIzen7xASWSIsBx40Bz1szBpZGZnQdT+3Btrm0DWHMY37XLneMlhwqI2hrhVd2cDMT/uFPpiN3
-GPoajOi9ZcnPP/TJF9zrx7zABC4tRi9pZsMbj/7sPtPKlL92CiUNqXsCHKnQO18LwIE6PWThv6ct
-Tr1NxNgpxiIY0MWscgKCP6o6ojoilzHdCGPDdRS5YCgtW2jgFqlmgiNR9etT2DGbe+m3nUvriBbP
-+V04ikkwj+3x6xn0dxoxGE1nVGwvb2X52z3sIexe9PSLymBlVNFxZPT5pqOBMzYzcfCkeF9OrYMh
-3jRJjehZrJ3ydlo28hP0r+AJx2EqbPfgna67hkooby7utHnNkDPDs3b69fBsnQGQ+p6Q9pxyz0fa
-wx/kNSBT8lTR32GDpgLiJTjehTItXnOQUl1CxM49S+H5GYQd1aJQzEH7QRTDvdbJWqNjZgKAvQU6
-O0ec7AAmTPWIUb+oI38YB7AL7YsmoWTTYUrrXJ/es69nA7Mf3W1daWhpq1467HxpvMc7hU6eFbm0
-FU/DlXpY18ls6Wy58yljXrQs8C097Vpl4KlbQMJImYFtnh8GKjwStIsPm6Ik8KaN1nrgS7ZklmOV
-hMJKzRwuJIczYOXD
+MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
+BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
+A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
+R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
+ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
+dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
+dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
+FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
+5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
+x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
+2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
+OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
+sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
+GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
+WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
+FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
+DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
+rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
+nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
+tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
+sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
+pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
+zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
+ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
+7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
+LaZRfyHBNVOFBkpdn627G190
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert092.pem b/test/rules/platform_certs/default/cert092.pem
index 95a5c8c60e12..f3ebdf4ee8e3 100644
--- a/test/rules/platform_certs/default/cert092.pem
+++ b/test/rules/platform_certs/default/cert092.pem
@@ -1,28 +1,30 @@
-QuoVadis Root CA 2 G3
+USERTrust RSA Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIFYDCCA0igAwIBAgIURFc0JFuBiZs18s64KztbpybwdSgwDQYJKoZIhvcNAQELBQAwSDELMAkG
-A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
-b3QgQ0EgMiBHMzAeFw0xMjAxMTIxODU5MzJaFw00MjAxMTIxODU5MzJaMEgxCzAJBgNVBAYTAkJN
-MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDIg
-RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQChriWyARjcV4g/Ruv5r+LrI3HimtFh
-ZiFfqq8nUeVuGxbULX1QsFN3vXg6YOJkApt8hpvWGo6t/x8Vf9WVHhLL5hSEBMHfNrMWn4rjyduY
-NM7YMxcoRvynyfDStNVNCXJJ+fKH46nafaF9a7I6JaltUkSs+L5u+9ymc5GQYaYDFCDy54ejiK2t
-oIz/pgslUiXnFgHVy7g1gQyjO/Dh4fxaXc6AcW34Sas+O7q414AB+6XrW7PFXmAqMaCvN+ggOp+o
-MiwMzAkd056OXbxMmO7FGmh77FOm6RQ1o9/NgJ8MSPsc9PG/Srj61YxxSscfrf5BmrODXfKEVu+l
-V0POKa2Mq1W/xPtbAd0jIaFYAI7D0GoT7RPjEiuA3GfmlbLNHiJuKvhB1PLKFAeNilUSxmn1uIZo
-L1NesNKqIcGY5jDjZ1XHm26sGahVpkUG0CM62+tlXSoREfA7T8pt9DTEceT/AFr2XK4jYIVz8eQQ
-sSWu1ZK7E8EM4DnatDlXtas1qnIhO4M15zHfeiFuuDIIfR0ykRVKYnLP43ehvNURG3YBZwjgQQvD
-6xVu+KQZ2aKrr+InUlYrAoosFCT5v0ICvybIxo/gbjh9Uy3l7ZizlWNof/k19N+IxWA1ksB8aRxh
-lRbQ694Lrz4EEEVlWFA4r0jyWbYW8jwNkALGcC4BrTwV1wIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQU7edvdlq/YOxJW8ald7tyFnGbxD0wDQYJKoZI
-hvcNAQELBQADggIBAJHfgD9DCX5xwvfrs4iP4VGyvD11+ShdyLyZm3tdquXK4Qr36LLTn91nMX66
-AarHakE7kNQIXLJgapDwyM4DYvmL7ftuKtwGTTwpD4kWilhMSA/ohGHqPHKmd+RCroijQ1h5fq7K
-pVMNqT1wvSAZYaRsOPxDMuHBR//47PERIjKWnML2W2mWeyAMQ0GaW/ZZGYjeVYg3UQt4XAoeo0L9
-x52ID8DyeAIkVJOviYeIyUqAHerQbj5hLja7NQ4nlv1mNDthcnPxFlxHBlRJAHpYErAK74X9sbgz
-dWqTHBLmYF5vHX/JHyPLhGGfHoJE+V+tYlUkmlKY7VHnoX6XOuYvHxHaU4AshZ6rNRDbIl9qxV6X
-U/IyAgkwo1jwDQHVcsaxfGl7w/U2Rcxhbl5MlMVerugOXou/983g7aEOGzPuVBj+D77vfoRrQ+Nw
-mNtddbINWQeFFSM51vHfqSYP1kjHs6Yi9TM3WpVHn3u6GBVv/9YUZINJ0gpnIdsPNWNgKCLjsZWD
-zYWm3S8P52dSbrsvhXz1SnPnxT7AvSESBT/8twNJAlvIJebiVDj1eYeMHVOyToV7BjjHLPj4sHKN
-JeV3UvQDHEimUF+IIDBu8oJDqz2XhOdT+yHBTw8imoa4WSr2Rz0ZiC3oheGe7IUIarFsNMkd7Egr
-O3jtZsSOeWmD3n+M
+MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE
+BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
+ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
+dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz
+0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j
+Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn
+RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O
++T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq
+/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE
+Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM
+lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8
+yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+
+eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
+BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
+MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW
+FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ
+7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ
+Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM
+8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi
+FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi
+yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c
+J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw
+sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx
+Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert093.pem b/test/rules/platform_certs/default/cert093.pem
index cd999ae3da64..ce0daaec8095 100644
--- a/test/rules/platform_certs/default/cert093.pem
+++ b/test/rules/platform_certs/default/cert093.pem
@@ -1,28 +1,15 @@
-QuoVadis Root CA 3 G3
+USERTrust ECC Certification Authority
 -----BEGIN CERTIFICATE-----
-MIIFYDCCA0igAwIBAgIULvWbAiin23r/1aOp7r0DoM8Sah0wDQYJKoZIhvcNAQELBQAwSDELMAkG
-A1UEBhMCQk0xGTAXBgNVBAoTEFF1b1ZhZGlzIExpbWl0ZWQxHjAcBgNVBAMTFVF1b1ZhZGlzIFJv
-b3QgQ0EgMyBHMzAeFw0xMjAxMTIyMDI2MzJaFw00MjAxMTIyMDI2MzJaMEgxCzAJBgNVBAYTAkJN
-MRkwFwYDVQQKExBRdW9WYWRpcyBMaW1pdGVkMR4wHAYDVQQDExVRdW9WYWRpcyBSb290IENBIDMg
-RzMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCzyw4QZ47qFJenMioKVjZ/aEzHs286
-IxSR/xl/pcqs7rN2nXrpixurazHb+gtTTK/FpRp5PIpM/6zfJd5O2YIyC0TeytuMrKNuFoM7pmRL
-Mon7FhY4futD4tN0SsJiCnMK3UmzV9KwCoWdcTzeo8vAMvMBOSBDGzXRU7Ox7sWTaYI+FrUoRqHe
-6okJ7UO4BUaKhvVZR74bbwEhELn9qdIoyhA5CcoTNs+cra1AdHkrAj80//ogaX3T7mH1urPnMNA3
-I4ZyYUUpSFlob3emLoG+B01vr87ERRORFHAGjx+f+IdpsQ7vw4kZ6+ocYfx6bIrc1gMLnia6Et3U
-VDmrJqMz6nWB2i3ND0/kA9HvFZcba5DFApCTZgIhsUfei5pKgLlVj7WiL8DWM2fafsSntARE60f7
-5li59wzweyuxwHApw0BiLTtIadwjPEjrewl5qW3aqDCYz4ByA4imW0aucnl8CAMhZa634RylsSqi
-Md5mBPfAdOhx3v89WcyWJhKLhZVXGqtrdQtEPREoPHtht+KPZ0/l7DxMYIBpVzgeAVuNVejH38DM
-dyM0SXV89pgR6y3e7UEuFAUCf+D+IOs15xGsIs5XPd7JMG0QA4XN8f+MFrXBsj6IbGB/kE+V9/Yt
-rQE5BwT6dYB9v0lQ7e/JxHwc64B+27bQ3RP+ydOc17KXqQIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUxhfQvKjqAkPyGwaZXSuQILnXnOQwDQYJKoZI
-hvcNAQELBQADggIBADRh2Va1EodVTd2jNTFGu6QHcrxfYWLopfsLN7E8trP6KZ1/AvWkyaiTt3px
-KGmPc+FSkNrVvjrlt3ZqVoAh313m6Tqe5T72omnHKgqwGEfcIHB9UqM+WXzBusnIFUBhynLWcKzS
-t/Ac5IYp8M7vaGPQtSCKFWGafoaYtMnCdvvMujAWzKNhxnQT5WvvoxXqA/4Ti2Tk08HS6IT7SdEQ
-TXlm66r99I0xHnAUrdzeZxNMgRVhvLfZkXdxGYFgu/BYpbWcC/ePIlUnwEsBbTuZDdQdm2NnL9Du
-DcpmvJRPpq3t/O5jrFc/ZSXPsoaP0Aj/uHYUbt7lJ+yreLVTubY/6CD50qi+YUbKh4yE8/nxoGib
-Ih6BJpsQBJFxwAYf3KDTuVan45gtf4Od34wrnDKOMpTwATwiKp9Dwi7DmDkHOHv8XgBCH/MyJnmD
-hPbl8MFREsALHgQjDFSlTC9JxUrRtm5gDWv8a4uFJGS3iQ6rJUdbPM9+Sb3H6QrG2vd+DhcI00iX
-0HGS8A85PjRqHH3Y8iKuu2n0M7SmSFXRDw4m6Oy2Cy2nhTXN/VnIn9HNPlopNLk9hM6xZdRZkZFW
-dSHBd575euFgndOtBBj0fOtek49TSiIp+EgrPk2GrFt/ywaZWWDYWGWVjUTR939+J399roD1B0y2
-PpxxVJkES/1Y+Zj0
+MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC
+VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
+aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
+biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2
+0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez
+nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV
+HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB
+HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu
+9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert094.pem b/test/rules/platform_certs/default/cert094.pem
index 0ed774566a19..b05ff11c8649 100644
--- a/test/rules/platform_certs/default/cert094.pem
+++ b/test/rules/platform_certs/default/cert094.pem
@@ -1,20 +1,12 @@
-DigiCert Assured ID Root G2
+GlobalSign ECC Root CA - R4
 -----BEGIN CERTIFICATE-----
-MIIDljCCAn6gAwIBAgIQC5McOtY5Z+pnI7/Dr5r0SzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQw
-IgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIwHhcNMTMwODAxMTIwMDAwWhcNMzgw
-MTE1MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQL
-ExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzIw
-ggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDZ5ygvUj82ckmIkzTz+GoeMVSAn61UQbVH
-35ao1K+ALbkKz3X9iaV9JPrjIgwrvJUXCzO/GU1BBpAAvQxNEP4HteccbiJVMWWXvdMX0h5i89vq
-bFCMP4QMls+3ywPgym2hFEwbid3tALBSfK+RbLE4E9HpEgjAALAcKxHad3A2m67OeYfcgnDmCXRw
-VWmvo2ifv922ebPynXApVfSr/5Vh88lAbx3RvpO704gqu52/clpWcTs/1PPRCv4o76Pu2ZmvA9OP
-YLfykqGxvYmJHzDNw6YuYjOuFgJ3RFrngQo8p0Quebg/BLxcoIfhG69Rjs3sLPr4/m3wOnyqi+Rn
-lTGNAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTO
-w0q5mVXyuNtgv6l+vVa1lzan1jANBgkqhkiG9w0BAQsFAAOCAQEAyqVVjOPIQW5pJ6d1Ee88hjZv
-0p3GeDgdaZaikmkuOGybfQTUiaWxMTeKySHMq2zNixya1r9I0jJmwYrA8y8678Dj1JGG0VDjA9tz
-d29KOVPt3ibHtX2vK0LRdWLjSisCx1BL4GnilmwORGYQRI+tBev4eaymG+g3NJ1TyWGqolKvSnAW
-hsI6yLETcDbYz+70CjTVW0z9B5yiutkBclzzTcHdDrEcDcRjvq30FPuJ7KJBDkzMyFdA0G4Dqs0M
-jomZmWzwPDCvON9vvKO+KSAnq3T/EyJ43pdSVR6DtVQgA+6uwE9W3jfMw3+qBCe703e4YtsXfJwo
-IhNzbM8m9Yop5w==
+MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprl
+OQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0P
+AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TV
+MAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iF
+JzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert095.pem b/test/rules/platform_certs/default/cert095.pem
index 5f893978490b..d6cef1e9cb2c 100644
--- a/test/rules/platform_certs/default/cert095.pem
+++ b/test/rules/platform_certs/default/cert095.pem
@@ -1,14 +1,13 @@
-DigiCert Assured ID Root G3
+GlobalSign ECC Root CA - R5
 -----BEGIN CERTIFICATE-----
-MIICRjCCAc2gAwIBAgIQC6Fa+h3foLVJRK/NJKBs7DAKBggqhkjOPQQDAzBlMQswCQYDVQQGEwJV
-UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYD
-VQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
-MTIwMDAwWjBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2VydCBBc3N1cmVkIElEIFJvb3QgRzMwdjAQ
-BgcqhkjOPQIBBgUrgQQAIgNiAAQZ57ysRGXtzbg/WPuNsVepRC0FFfLvC/8QdJ+1YlJfZn4f5dwb
-RXkLzMZTCp2NXQLZqVneAlr2lSoOjThKiknGvMYDOAdfVdp+CW7if17QRSAPWXYQ1qAk8C3eNvJs
-KTmjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBTL0L2p4ZgF
-UaFNN6KDec6NHSrkhDAKBggqhkjOPQQDAwNnADBkAjAlpIFFAmsSS3V0T8gj43DydXLefInwz5Fy
-YZ5eEJJZVrmDxxDnOOlYJjZ91eQ0hjkCMHw2U/Aw5WJjOpnitqM7mzT6HtoQknFekROn3aRukswy
-1vUhZscv6pZjamVFkpUBtA==
+MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
+R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
+EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
+SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS
+h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx
+uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
+yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert096.pem b/test/rules/platform_certs/default/cert096.pem
index 4715cc06e81b..34e8c0665ecb 100644
--- a/test/rules/platform_certs/default/cert096.pem
+++ b/test/rules/platform_certs/default/cert096.pem
@@ -1,20 +1,28 @@
-DigiCert Global Root G2
+Staat der Nederlanden Root CA - G3
 -----BEGIN CERTIFICATE-----
-MIIDjjCCAnagAwIBAgIQAzrx5qcRqaC7KGSxHQn65TANBgkqhkiG9w0BAQsFADBhMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAw
-HgYDVQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMjAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUx
-MjAwMDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3
-dy5kaWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEcyMIIBIjANBgkq
-hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuzfNNNx7a8myaJCtSnX/RrohCgiN9RlUyfuI2/Ou8jqJ
-kTx65qsGGmvPrC3oXgkkRLpimn7Wo6h+4FR1IAWsULecYxpsMNzaHxmx1x7e/dfgy5SDN67sH0NO
-3Xss0r0upS/kqbitOtSZpLYl6ZtrAGCSYP9PIUkY92eQq2EGnI/yuum06ZIya7XzV+hdG82MHauV
-BJVJ8zUtluNJbd134/tJS7SsVQepj5WztCO7TG1F8PapspUwtP1MVYwnSlcUfIKdzXOS0xZKBgyM
-UNGPHgm+F6HmIcr9g+UQvIOlCsRnKPZzFBQ9RnbDhxSJITRNrw9FDKZJobq7nMWxM4MphQIDAQAB
-o0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUTiJUIBiV5uNu
-5g/6+rkS7QYXjzkwDQYJKoZIhvcNAQELBQADggEBAGBnKJRvDkhj6zHd6mcY1Yl9PMWLSn/pvtsr
-F9+wX3N3KjITOYFnQoQj8kVnNeyIv/iPsGEMNKSuIEyExtv4NeF22d+mQrvHRAiGfzZ0JFrabA0U
-WTW98kndth/Jsw1HKj2ZL7tcu7XUIOGZX1NGFdtom/DzMNU+MeKNhJ7jitralj41E6Vf8PlwUHBH
-QRFXGU7Aj64GxJUTFy8bJZ918rGOmaFvE7FBcf6IKshPECBV1/MUReXgRPTqh5Uykw7+U0b6LJ3/
-iyK5S9kJRaTepLiaWN0bfVKfjllDiIGknibVb63dDcY3fe0Dkhvld1927jyNxF1WW6LZZm6zNTfl
-MrY=
+MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
+CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC
+TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
+ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y
+olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t
+x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy
+EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K
+Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur
+mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5
+1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp
+07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo
+FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE
+41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB
+AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu
+yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
+U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq
+KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1
+v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA
+8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b
+8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r
+mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq
+1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI
+JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV
+tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert097.pem b/test/rules/platform_certs/default/cert097.pem
index a01d9ffcf46a..32293c551d92 100644
--- a/test/rules/platform_certs/default/cert097.pem
+++ b/test/rules/platform_certs/default/cert097.pem
@@ -1,14 +1,28 @@
-DigiCert Global Root G3
+Staat der Nederlanden EV Root CA
 -----BEGIN CERTIFICATE-----
-MIICPzCCAcWgAwIBAgIQBVVWvPJepDU1w6QP1atFcjAKBggqhkjOPQQDAzBhMQswCQYDVQQGEwJV
-UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSAwHgYD
-VQQDExdEaWdpQ2VydCBHbG9iYWwgUm9vdCBHMzAeFw0xMzA4MDExMjAwMDBaFw0zODAxMTUxMjAw
-MDBaMGExCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5k
-aWdpY2VydC5jb20xIDAeBgNVBAMTF0RpZ2lDZXJ0IEdsb2JhbCBSb290IEczMHYwEAYHKoZIzj0C
-AQYFK4EEACIDYgAE3afZu4q4C/sLfyHS8L6+c/MzXRq8NOrexpu80JX28MzQC7phW1FGfp4tn+6O
-YwwX7Adw9c+ELkCDnOg/QW07rdOkFFk2eJ0DQ+4QE2xy3q6Ip6FrtUPOZ9wj/wMco+I+o0IwQDAP
-BgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjAdBgNVHQ4EFgQUs9tIpPmhxdiuNkHMEWNp
-Yim8S8YwCgYIKoZIzj0EAwMDaAAwZQIxAK288mw/EkrRLTnDCgmXc/SINoyIJ7vmiI1Qhadj+Z4y
-3maTD/HMsQmP3Wyr+mt/oAIwOWZbwmSNuJ5Q3KjVSaLtx9zRSX8XAbjIho9OjIgrqJqpisXRAL34
-VOKa5Vt8sycX
+MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE
+CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
+RVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0yMjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5M
+MR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRl
+cmxhbmRlbiBFViBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkk
+SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW
+O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r
+0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46prfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8
+Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13lpJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gV
+XJrm0w912fxBmJc+qiXbj5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr
+08C+eKxCKFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS/ZbV
+0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0XcgOPvZuM5l5Tnrmd
+74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH1vI4gnPah1vlPNOePqc7nvQDs/nx
+fRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrPpx9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNC
+MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwa
+ivsnuL8wbqg7MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI
+eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u2dfOWBfoqSmu
+c0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHSv4ilf0X8rLiltTMMgsT7B/Zq
+5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTCwPTxGfARKbalGAKb12NMcIxHowNDXLldRqAN
+b/9Zjr7dn3LDWyvfjFvO5QxGbJKyCqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tN
+f1zuacpzEPuKqf2evTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi
+5Dp6Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIaGl6I6lD4
+WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeLeG9QgkRQP2YGiqtDhFZK
+DyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGy
+eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert098.pem b/test/rules/platform_certs/default/cert098.pem
index 4b7b355f12ee..d14ca1f12bc8 100644
--- a/test/rules/platform_certs/default/cert098.pem
+++ b/test/rules/platform_certs/default/cert098.pem
@@ -1,29 +1,28 @@
-DigiCert Trusted Root G4
+IdenTrust Commercial Root CA 1
 -----BEGIN CERTIFICATE-----
-MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBiMQswCQYDVQQG
-EwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSEw
-HwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1
-MTIwMDAwWjBiMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3
-d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0G
-CSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3yithZwuEp
-pz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1Ifxp4VpX6+n6lXFllVcq9o
-k3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDVySAdYyktzuxeTsiT+CFhmzTrBcZe7Fsa
-vOvJz82sNEBfsXpm7nfISKhmV1efVFiODCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGY
-QJB5w3jHtrHEtWoYOAMQjdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6
-MUSaM0C/CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCiEhtm
-mnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADMfRyVw4/3IbKyEbe7
-f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QYuKZ3AeEPlAwhHbJUKSWJbOUOUlFH
-dL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXKchYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8
-oR7FwI+isX4KJpn15GkvmB0t9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1Ud
-DwEB/wQEAwIBhjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD
-ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2SV1EY+CtnJYY
-ZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd+SeuMIW59mdNOj6PWTkiU0Tr
-yF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWcfFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy
-7zBZLq7gcfJW5GqXb5JQbZaNaHqasjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iah
-ixTXTBmyUEFxPT9NcCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN
-5r5N0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie4u1Ki7wb
-/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mIr/OSmbaz5mEP0oUA51Aa
-5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1/YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tK
-G48BtieVU+i2iW1bvGjUI+iLUaJW+fCmgKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP
-82Z+
+MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
+b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES
+MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB
+IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld
+hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/
+mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi
+1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C
+XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl
+3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy
+NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV
+WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg
+xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix
+uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI
+hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
+6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg
+ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt
+ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV
+YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
+feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro
+kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe
+2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz
+Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R
+cGzM7vRX+Bi6hG6H
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert099.pem b/test/rules/platform_certs/default/cert099.pem
index 88b9cd8335db..294e36711366 100644
--- a/test/rules/platform_certs/default/cert099.pem
+++ b/test/rules/platform_certs/default/cert099.pem
@@ -1,30 +1,28 @@
-COMODO RSA Certification Authority
+IdenTrust Public Sector Root CA 1
 -----BEGIN CERTIFICATE-----
-MIIF2DCCA8CgAwIBAgIQTKr5yttjb+Af907YWwOGnTANBgkqhkiG9w0BAQwFADCBhTELMAkGA1UE
-BhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgG
-A1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTAwMTE5MDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBhTELMAkGA1UEBhMC
-R0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4GA1UEBxMHU2FsZm9yZDEaMBgGA1UE
-ChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNVBAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBB
-dXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCR6FSS0gpWsawNJN3Fz0Rn
-dJkrN6N9I3AAcbxT38T6KhKPS38QVr2fcHK3YX/JSw8Xpz3jsARh7v8Rl8f0hj4K+j5c+ZPmNHrZ
-FGvnnLOFoIJ6dq9xkNfs/Q36nGz637CC9BR++b7Epi9Pf5l/tfxnQ3K9DADWietrLNPtj5gcFKt+
-5eNu/Nio5JIk2kNrYrhV/erBvGy2i/MOjZrkm2xpmfh4SDBF1a3hDTxFYPwyllEnvGfDyi62a+pG
-x8cgoLEfZd5ICLqkTqnyg0Y3hOvozIFIQ2dOciqbXL1MGyiKXCJ7tKuY2e7gUYPDCUZObT6Z+pUX
-2nwzV0E8jVHtC7ZcryxjGt9XyD+86V3Em69FmeKjWiS0uqlWPc9vqv9JWL7wqP/0uK3pN/u6uPQL
-OvnoQ0IeidiEyxPx2bvhiWC4jChWrBQdnArncevPDt09qZahSL0896+1DSJMwBGB7FY79tOi4lu3
-sgQiUpWAk2nojkxl8ZEDLXB0AuqLZxUpaVICu9ffUGpVRr+goyhhf3DQw6KqLCGqR84onAZFdr+C
-GCe01a60y1Dma/RMhnEw6abfFobg2P9A3fvQQoh/ozM6LlweQRGBY84YcWsr7KaKtzFcOmpH4MN5
-WdYgGq/yapiqcrxXStJLnbsQ/LBMQeXtHT1eKJ2czL+zUdqnR+WEUwIDAQABo0IwQDAdBgNVHQ4E
-FgQUu69+Aj36pvE8hI6t7jiY7NkyMtQwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8w
-DQYJKoZIhvcNAQEMBQADggIBAArx1UaEt65Ru2yyTUEUAJNMnMvlwFTPoCWOAvn9sKIN9SCYPBMt
-rFaisNZ+EZLpLrqeLppysb0ZRGxhNaKatBYSaVqM4dc+pBroLwP0rmEdEBsqpIt6xf4FpuHA1sj+
-nq6PK7o9mfjYcwlYRm6mnPTXJ9OV2jeDchzTc+CiR5kDOF3VSXkAKRzH7JsgHAckaVd4sjn8OoSg
-tZx8jb8uk2IntznaFxiuvTwJaP+EmzzV1gsD41eeFPfR60/IvYcjt7ZJQ3mFXLrrkguhxuhoqEwW
-sRqZCuhTLJK7oQkYdQxlqHvLI7cawiiFwxv/0Cti76R7CZGYZ4wUAc1oBmpjIXUDgIiKboHGhfKp
-pC3n9KUkEEeDys30jXlYsQab5xoq2Z0B15R97QNKyvDb6KkBPvVWmckejkk9u+UJueBPSZI9FoJA
-zMxZxuY67RIuaTxslbH9qh17f4a+Hg4yRvv7E491f0yLS0Zj/gA0QHDBw7mh3aZw4gSzQbzpgJHq
-ZJx64SIDqZxubw5lT2yHh17zbqD5daWbQOhTsiedSrnAdyGN/4fy3ryM7xfft0kL0fJuMAsaDk52
-7RH89elWsn2/x20Kk4yl0MC2Hb46TpSi125sC8KKfPog88Tk5c0NqMuRkrF8hey1FGlmDoLnzc7I
-LaZRfyHBNVOFBkpdn627G190
+MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
+EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv
+ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV
+UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS
+b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy
+P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6
+Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI
+rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf
+qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS
+mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
+ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh
+LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
+iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL
+4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B
+Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw
+DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
+t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A
+mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt
+GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt
+m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx
+NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4
+Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI
+ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC
+ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ
+3Wl9af0AVqW3rLatt8o+Ae+c
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert100.pem b/test/rules/platform_certs/default/cert100.pem
index f3ebdf4ee8e3..af749d22d793 100644
--- a/test/rules/platform_certs/default/cert100.pem
+++ b/test/rules/platform_certs/default/cert100.pem
@@ -1,30 +1,23 @@
-USERTrust RSA Certification Authority
+Entrust Root Certification Authority - G2
 -----BEGIN CERTIFICATE-----
-MIIF3jCCA8agAwIBAgIQAf1tMPyjylGoG7xkDjUDLTANBgkqhkiG9w0BAQwFADCBiDELMAkGA1UE
-BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
-ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UE
-BhMCVVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQK
-ExVUaGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBSU0EgQ2VydGlmaWNh
-dGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCAEmUXNg7D2wiz
-0KxXDXbtzSfTTK1Qg2HiqiBNCS1kCdzOiZ/MPans9s/B3PHTsdZ7NygRK0faOca8Ohm0X6a9fZ2j
-Y0K2dvKpOyuR+OJv0OwWIJAJPuLodMkYtJHUYmTbf6MG8YgYapAiPLz+E/CHFHv25B+O1ORRxhFn
-RghRy4YUVD+8M/5+bJz/Fp0YvVGONaanZshyZ9shZrHUm3gDwFA66Mzw3LyeTP6vBZY1H1dat//O
-+T23LLb2VN3I5xI6Ta5MirdcmrS3ID3KfyI0rn47aGYBROcBTkZTmzNg95S+UzeQc0PzMsNT79uq
-/nROacdrjGCT3sTHDN/hMq7MkztReJVni+49Vv4M0GkPGw/zJSZrM233bkf6c0Plfg6lZrEpfDKE
-Y1WJxA3Bk1QwGROs0303p+tdOmw1XNtB1xLaqUkL39iAigmTYo61Zs8liM2EuLE/pDkP2QKe6xJM
-lXzzawWpXhaDzLhn4ugTncxbgtNMs+1b/97lc6wjOy0AvzVVdAlJ2ElYGn+SNuZRkg7zJn0cTRe8
-yexDJtC/QV9AqURE9JnnV4eeUB9XVKg+/XRjL7FQZQnmWEIuQxpMtPAlR1n6BB6T1CZGSlCBst6+
-eLf8ZxXhyVeEHg9j1uliutZfVS7qXMYoCAQlObgOK6nyTJccBz8NUvXt7y+CDwIDAQABo0IwQDAd
-BgNVHQ4EFgQUU3m/WqorSs9UgOHYm8Cd8rIDZsswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQF
-MAMBAf8wDQYJKoZIhvcNAQEMBQADggIBAFzUfA3P9wF9QZllDHPFUp/L+M+ZBn8b2kMVn54CVVeW
-FPFSPCeHlCjtHzoBN6J2/FNQwISbxmtOuowhT6KOVWKR82kV2LyI48SqC/3vqOlLVSoGIG1VeCkZ
-7l8wXEskEVX/JJpuXior7gtNn3/3ATiUFJVDBwn7YKnuHKsSjKCaXqeYalltiz8I+8jRRa8YFWSQ
-Eg9zKC7F4iRO/Fjs8PRF/iKz6y+O0tlFYQXBl2+odnKPi4w2r78NBc5xjeambx9spnFixdjQg3IM
-8WcRiQycE0xyNN+81XHfqnHd4blsjDwSXWXavVcStkNr/+XeTWYRUc+ZruwXtuhxkYzeSf7dNXGi
-FSeUHM9h4ya7b6NnJSFd5t0dCy5oGzuCr+yDZ4XUmFF0sbmZgIn/f3gZXHlKYC6SQK5MNyosycdi
-yA5d9zZbyuAlJQG03RoHnHcAP9Dc1ew91Pq7P8yF1m9/qS3fuQL39ZeatTXaw2ewh0qpKJ4jjv9c
-J2vhsE/zB+4ALtRZh8tSQZXq9EfX7mRBVXyNWQKV3WKdwrnuWih0hKWbt5DHDAff9Yk2dDLWKMGw
-sAvgnEzDHNb842m1R0aBL6KCq9NjRHDEjf8tM7qtj3u1cIiuPhnPQCjY/MiQu12ZIvVS5ljFH4gx
-Q+6IHdfGjjxDah2nGN59PRbxYvnKkKj9
+MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV
+BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy
+bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug
+b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw
+HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
+DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx
+OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
+eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi
+MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP
+/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz
+HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU
+s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y
+TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx
+AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6
+0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z
+iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
+Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi
+nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+
+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO
+e4pIb4tF9g==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert101.pem b/test/rules/platform_certs/default/cert101.pem
index ce0daaec8095..706aa90b130e 100644
--- a/test/rules/platform_certs/default/cert101.pem
+++ b/test/rules/platform_certs/default/cert101.pem
@@ -1,15 +1,17 @@
-USERTrust ECC Certification Authority
+Entrust Root Certification Authority - EC1
 -----BEGIN CERTIFICATE-----
-MIICjzCCAhWgAwIBAgIQXIuZxVqUxdJxVt7NiYDMJjAKBggqhkjOPQQDAzCBiDELMAkGA1UEBhMC
-VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
-aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwHhcNMTAwMjAxMDAwMDAwWhcNMzgwMTE4MjM1OTU5WjCBiDELMAkGA1UEBhMC
-VVMxEzARBgNVBAgTCk5ldyBKZXJzZXkxFDASBgNVBAcTC0plcnNleSBDaXR5MR4wHAYDVQQKExVU
-aGUgVVNFUlRSVVNUIE5ldHdvcmsxLjAsBgNVBAMTJVVTRVJUcnVzdCBFQ0MgQ2VydGlmaWNhdGlv
-biBBdXRob3JpdHkwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQarFRaqfloI+d61SRvU8Za2EurxtW2
-0eZzca7dnNYMYf3boIkDuAUU7FfO7l0/4iGzzvfUinngo4N+LZfQYcTxmdwlkWOrfzCjtHDix6Ez
-nPO/LlxTsV+zfTJ/ijTjeXmjQjBAMB0GA1UdDgQWBBQ64QmG1M8ZwpZ2dEl23OA1xmNjmjAOBgNV
-HQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNoADBlAjA2Z6EWCNzklwBB
-HU6+4WMBzzuqQhFkoJ2UOQIReVx7Hfpkue4WQrO/isIJxOzksU0CMQDpKmFHjFJKS04YcPbWRNZu
-9YO6bVi9JNlWSOrvxKJGgYhqOkbRqZtNyWHa0V1Xahg=
+MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx
+FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn
+YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl
+ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
+IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw
+FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs
+LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
+dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
+IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy
+AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef
+9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
+FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h
+vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8
+kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert102.pem b/test/rules/platform_certs/default/cert102.pem
index b05ff11c8649..b3a47b9738e2 100644
--- a/test/rules/platform_certs/default/cert102.pem
+++ b/test/rules/platform_certs/default/cert102.pem
@@ -1,12 +1,28 @@
-GlobalSign ECC Root CA - R4
+CFCA EV ROOT
 -----BEGIN CERTIFICATE-----
-MIIB4TCCAYegAwIBAgIRKjikHJYKBN5CsiilC+g0mAIwCgYIKoZIzj0EAwIwUDEkMCIGA1UECxMb
-R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
-EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
-R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI0MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
-EwpHbG9iYWxTaWduMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEuMZ5049sJQ6fLjkZHAOkrprl
-OQcJFspjsbmG+IpXwVfOQvpzofdlQv8ewQCybnMO/8ch5RikqtlxP6jUuc6MHaNCMEAwDgYDVR0P
-AQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFFSwe61FuOJAf/sKbvu+M8k8o4TV
-MAoGCCqGSM49BAMCA0gAMEUCIQDckqGgE6bPA7DmxCGXkPoUVy0D7O48027KqGx2vKLeuwIgJ6iF
-JzWbVsaj8kfSt24bAgAXqmemFZHe+pTsewv4n4Q=
+MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE
+CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB
+IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw
+MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD
+DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV
+BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD
+7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN
+uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW
+ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7
+xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f
+py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K
+gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol
+hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ
+tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf
+BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
+/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
+ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q
+ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua
+4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG
+E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX
+BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn
+aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy
+PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX
+kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C
+ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert103.pem b/test/rules/platform_certs/default/cert103.pem
index d6cef1e9cb2c..8bd0e06bfcad 100644
--- a/test/rules/platform_certs/default/cert103.pem
+++ b/test/rules/platform_certs/default/cert103.pem
@@ -1,13 +1,20 @@
-GlobalSign ECC Root CA - R5
+OISTE WISeKey Global Root GB CA
 -----BEGIN CERTIFICATE-----
-MIICHjCCAaSgAwIBAgIRYFlJ4CYuu1X5CneKcflK2GwwCgYIKoZIzj0EAwMwUDEkMCIGA1UECxMb
-R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
-EwpHbG9iYWxTaWduMB4XDTEyMTExMzAwMDAwMFoXDTM4MDExOTAzMTQwN1owUDEkMCIGA1UECxMb
-R2xvYmFsU2lnbiBFQ0MgUm9vdCBDQSAtIFI1MRMwEQYDVQQKEwpHbG9iYWxTaWduMRMwEQYDVQQD
-EwpHbG9iYWxTaWduMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAER0UOlvt9Xb/pOdEh+J8LttV7HpI6
-SFkc8GIxLcB6KP4ap1yztsyX50XUWPrRd21DosCHZTQKH3rd6zwzocWdTaRvQZU4f8kehOvRnkmS
-h5SHDDqFSmafnVmTTZdhBoZKo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
-BgNVHQ4EFgQUPeYpSJvqB8ohREom3m7e0oPQn1kwCgYIKoZIzj0EAwMDaAAwZQIxAOVpEslu28Yx
-uglB4Zf4+/2a4n0Sye18ZNPLBSWLVtmg515dTguDnFt2KaAJJiFqYgIwcdK1j1zqO+F4CYWodZI7
-yFz9SO8NdCKoCOJuxUnOxwy8p2Fp8fc74SrL+SvzZpA3
+MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG
+EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
+ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw
+MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD
+VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds
+b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX
+scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP
+rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk
+9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o
+Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg
+GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
+/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
+hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD
+dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0
+VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui
+HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
+Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert104.pem b/test/rules/platform_certs/default/cert104.pem
index 34e8c0665ecb..e6857a0e56b5 100644
--- a/test/rules/platform_certs/default/cert104.pem
+++ b/test/rules/platform_certs/default/cert104.pem
@@ -1,28 +1,19 @@
-Staat der Nederlanden Root CA - G3
+SZAFIR ROOT CA2
 -----BEGIN CERTIFICATE-----
-MIIFdDCCA1ygAwIBAgIEAJiiOTANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJOTDEeMBwGA1UE
-CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSswKQYDVQQDDCJTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
-Um9vdCBDQSAtIEczMB4XDTEzMTExNDExMjg0MloXDTI4MTExMzIzMDAwMFowWjELMAkGA1UEBhMC
-TkwxHjAcBgNVBAoMFVN0YWF0IGRlciBOZWRlcmxhbmRlbjErMCkGA1UEAwwiU3RhYXQgZGVyIE5l
-ZGVybGFuZGVuIFJvb3QgQ0EgLSBHMzCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAL4y
-olQPcPssXFnrbMSkUeiFKrPMSjTysF/zDsccPVMeiAho2G89rcKezIJnByeHaHE6n3WWIkYFsO2t
-x1ueKt6c/DrGlaf1F2cY5y9JCAxcz+bMNO14+1Cx3Gsy8KL+tjzk7FqXxz8ecAgwoNzFs21v0IJy
-EavSgWhZghe3eJJg+szeP4TrjTgzkApyI/o1zCZxMdFyKJLZWyNtZrVtB0LrpjPOktvA9mxjeM3K
-Tj215VKb8b475lRgsGYeCasH/lSJEULR9yS6YHgamPfJEf0WwTUaVHXvQ9Plrk7O53vDxk5hUUur
-mkVLoR9BvUhTFXFkC4az5S6+zqQbwSmEorXLCCN2QyIkHxcE1G6cxvx/K2Ya7Irl1s9N9WMJtxU5
-1nus6+N86U78dULI7ViVDAZCopz35HCz33JvWjdAidiFpNfxC95DGdRKWCyMijmev4SH8RY7Ngzp
-07TKbBlBUgmhHbBqv4LvcFEhMtwFdozL92TkA1CvjJFnq8Xy7ljY3r735zHPbMk7ccHViLVlvMDo
-FxcHErVc0qsgk7TmgoNwNsXNo42ti+yjwUOH5kPiNL6VizXtBznaqB16nzaeErAMZRKQFWDZJkBE
-41ZgpRDUajz9QdwOWke275dhdU/Z/seyHdTtXUmzqWrLZoQT1Vyg3N9udwbRcXXIV2+vD3dbAgMB
-AAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgEGMB0GA1UdDgQWBBRUrfrHkleu
-yjWcLhL75LpdINyUVzANBgkqhkiG9w0BAQsFAAOCAgEAMJmdBTLIXg47mAE6iqTnB/d6+Oea31BD
-U5cqPco8R5gu4RV78ZLzYdqQJRZlwJ9UXQ4DO1t3ApyEtg2YXzTdO2PCwyiBwpwpLiniyMMB8jPq
-KqrMCQj3ZWfGzd/TtiunvczRDnBfuCPRy5FOCvTIeuXZYzbB1N/8Ipf3YF3qKS9Ysr1YvY2WTxB1
-v0h7PVGHoTx0IsL8B3+A3MSs/mrBcDCw6Y5p4ixpgZQJut3+TcCDjJRYwEYgr5wfAvg1VUkvRtTA
-8KCWAg8zxXHzniN9lLf9OtMJgwYh/WA9rjLA0u6NpvDntIJ8CsxwyXmA+P5M9zWEGYox+wrZ13+b
-8KKaa8MFSu1BYBQw0aoRQm7TIwIEC8Zl3d1Sd9qBa7Ko+gE4uZbqKmxnl4mUnrzhVNXkanjvSr0r
-mj1AfsbAddJu+2gw7OyLnflJNZoaLNmzlTnVHpL3prllL+U9bTpITAjc5CgSKL59NVzq4BZ+Extq
-1z7XnvwtdbLBFNUjA9tbbws+eC8N3jONFrdI54OagQ97wUNNVQQXOEpR1VmiiXTTn74eS9fGbbeI
-JG9gkaSChVtWQbzQRKtqE77RLFi3EjNYsjdj3BP1lB0/QFH1T/U67cjF68IeHRaVesd+QnGTbksV
-tzDfqu1XhUisHWrdOWnk4Xl4vs4Fv6EM94B7IWcnMFk=
+MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
+A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
+BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
+BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
+VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
+qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
+DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
+2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
+ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
+ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
+AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
+AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
+O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
+oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
+4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
++/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert105.pem b/test/rules/platform_certs/default/cert105.pem
index 32293c551d92..7634cab47ebd 100644
--- a/test/rules/platform_certs/default/cert105.pem
+++ b/test/rules/platform_certs/default/cert105.pem
@@ -1,28 +1,30 @@
-Staat der Nederlanden EV Root CA
+Certum Trusted Network CA 2
 -----BEGIN CERTIFICATE-----
-MIIFcDCCA1igAwIBAgIEAJiWjTANBgkqhkiG9w0BAQsFADBYMQswCQYDVQQGEwJOTDEeMBwGA1UE
-CgwVU3RhYXQgZGVyIE5lZGVybGFuZGVuMSkwJwYDVQQDDCBTdGFhdCBkZXIgTmVkZXJsYW5kZW4g
-RVYgUm9vdCBDQTAeFw0xMDEyMDgxMTE5MjlaFw0yMjEyMDgxMTEwMjhaMFgxCzAJBgNVBAYTAk5M
-MR4wHAYDVQQKDBVTdGFhdCBkZXIgTmVkZXJsYW5kZW4xKTAnBgNVBAMMIFN0YWF0IGRlciBOZWRl
-cmxhbmRlbiBFViBSb290IENBMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA48d+ifkk
-SzrSM4M1LGns3Amk41GoJSt5uAg94JG6hIXGhaTK5skuU6TJJB79VWZxXSzFYGgEt9nCUiY4iKTW
-O0Cmws0/zZiTs1QUWJZV1VD+hq2kY39ch/aO5ieSZxeSAgMs3NZmdO3dZ//BYY1jTw+bbRcwJu+r
-0h8QoPnFfxZpgQNH7R5ojXKhTbImxrpsX23Wr9GxE46prfNeaXUmGD5BKyF/7otdBwadQ8QpCiv8
-Kj6GyzyDOvnJDdrFmeK8eEEzduG/L13lpJhQDBXd4Pqcfzho0LKmeqfRMb1+ilgnQ7O6M5HTp5gV
-XJrm0w912fxBmJc+qiXbj5IusHsMX/FjqTf5m3VpTCgmJdrV8hJwRVXj33NeN/UhbJCONVrJ0yPr
-08C+eKxCKFhmpUZtcALXEPlLVPxdhkqHz3/KRawRWrUgUY0viEeXOcDPusBCAUCZSCELa6fS/ZbV
-0b5GnUngC6agIk440ME8MLxwjyx1zNDFjFE7PZQIZCZhfbnDZY8UnCHQqv0XcgOPvZuM5l5Tnrmd
-74K74bzickFbIZTTRTeU0d8JOV3nI6qaHcptqAqGhYqCvkIH1vI4gnPah1vlPNOePqc7nvQDs/nx
-fRN0Av+7oeX6AHkcpmZBiFxgV6YuCcS6/ZrPpx9Aw7vMWgpVSzs4dlG4Y4uElBbmVvMCAwEAAaNC
-MEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFP6rAJCYniT8qcwa
-ivsnuL8wbqg7MA0GCSqGSIb3DQEBCwUAA4ICAQDPdyxuVr5Os7aEAJSrR8kN0nbHhp8dB9O2tLsI
-eK9p0gtJ3jPFrK3CiAJ9Brc1AsFgyb/E6JTe1NOpEyVa/m6irn0F3H3zbPB+po3u2dfOWBfoqSmu
-c0iH55vKbimhZF8ZE/euBhD/UcabTVUlT5OZEAFTdfETzsemQUHSv4ilf0X8rLiltTMMgsT7B/Zq
-5SWEXwbKwYY5EdtYzXc7LMJMD16a4/CrPmEbUCTCwPTxGfARKbalGAKb12NMcIxHowNDXLldRqAN
-b/9Zjr7dn3LDWyvfjFvO5QxGbJKyCqNMVEIYFRIYvdr8unRu/8G2oGTYqV9Vrp9canaW2HNnh/tN
-f1zuacpzEPuKqf2evTY4SUmH9A4U8OmHuD+nT3pajnnUk+S7aFKErGzp85hwVXIy+TSrK0m1zSBi
-5Dp6Z2Orltxtrpfs/J92VoguZs9btsmksNcFuuEnL5O7Jiqik7Ab846+HUCjuTaPPoIaGl6I6lD4
-WeKDRikL40Rc4ZW2aZCaFG+XroHPaO+Zmr615+F/+PoTRxZMzG0IQOeLeG9QgkRQP2YGiqtDhFZK
-DyAthg710tvSeopLzaXoTvFeJiUBWSOgftL2fiFX1ye8FVdMpEbB4IMeDExNH08GGeL5qPQ6gqGy
-eUN51q1veieQA6TqJIc/2b3Z6fJfUEkc7uzXLg==
+MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
+BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
+bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
+ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
+TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
+cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
+IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
+7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
+CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
+Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
+uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
+GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
+9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
+Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
+hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
+BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
+hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
+Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
+L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
+clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
+pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
+w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
+J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
+ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
+is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
+zAYspsbiDrW5viSP
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert106.pem b/test/rules/platform_certs/default/cert106.pem
index d14ca1f12bc8..d982ddd9c97c 100644
--- a/test/rules/platform_certs/default/cert106.pem
+++ b/test/rules/platform_certs/default/cert106.pem
@@ -1,28 +1,31 @@
-IdenTrust Commercial Root CA 1
+Hellenic Academic and Research Institutions RootCA 2015
 -----BEGIN CERTIFICATE-----
-MIIFYDCCA0igAwIBAgIQCgFCgAAAAUUjyES1AAAAAjANBgkqhkiG9w0BAQsFADBKMQswCQYDVQQG
-EwJVUzESMBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBS
-b290IENBIDEwHhcNMTQwMTE2MTgxMjIzWhcNMzQwMTE2MTgxMjIzWjBKMQswCQYDVQQGEwJVUzES
-MBAGA1UEChMJSWRlblRydXN0MScwJQYDVQQDEx5JZGVuVHJ1c3QgQ29tbWVyY2lhbCBSb290IENB
-IDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnUBneP5k91DNG8W9RYYKyqU+PZ4ld
-hNlT3Qwo2dfw/66VQ3KZ+bVdfIrBQuExUHTRgQ18zZshq0PirK1ehm7zCYofWjK9ouuU+ehcCuz/
-mNKvcbO0U59Oh++SvL3sTzIwiEsXXlfEU8L2ApeN2WIrvyQfYo3fw7gpS0l4PJNgiCL8mdo2yMKi
-1CxUAGc1bnO/AljwpN3lsKImesrgNqUZFvX9t++uP0D1bVoE/c40yiTcdCMbXTMTEl3EASX2MN0C
-XZ/g1Ue9tOsbobtJSdifWwLziuQkkORiT0/Br4sOdBeo0XKIanoBScy0RnnGF7HamB4HWfp1IYVl
-3ZBWzvurpWCdxJ35UrCLvYf5jysjCiN2O/cz4ckA82n5S6LgTrx+kzmEB/dEcH7+B1rlsazRGMzy
-NeVJSQjKVsk9+w8YfYs7wRPCTY/JTw436R+hDmrfYi7LNQZReSzIJTj0+kuniVyc0uMNOYZKdHzV
-WYfCP04MXFL0PfdSgvHqo6z9STQaKPNBiDoT7uje/5kdX7rL6B7yuVBgwDHTc+XvvqDtMwt0viAg
-xGds8AgDelWAf0ZOlqf0Hj7h9tgJ4TNkK2PXMl6f+cB7D3hvl7yTmvmcEpB4eoCHFddydJxVdHix
-uuFucAS6T6C6aMN7/zHwcz09lCqxC0EOoP5NiGVreTO01wIDAQABo0IwQDAOBgNVHQ8BAf8EBAMC
-AQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU7UQZwNPwBovupHu+QucmVMiONnYwDQYJKoZI
-hvcNAQELBQADggIBAA2ukDL2pkt8RHYZYR4nKM1eVO8lvOMIkPkp165oCOGUAFjvLi5+U1KMtlwH
-6oi6mYtQlNeCgN9hCQCTrQ0U5s7B8jeUeLBfnLOic7iPBZM4zY0+sLj7wM+x8uwtLRvM7Kqas6pg
-ghstO8OEPVeKlh6cdbjTMM1gCIOQ045U8U1mwF10A0Cj7oV+wh93nAbowacYXVKV7cndJZ5t+qnt
-ozo00Fl72u1Q8zW/7esUTTHHYPTa8Yec4kjixsU3+wYQ+nVZZjFHKdp2mhzpgq7vmrlR94gjmmmV
-YjzlVYA211QC//G5Xc7UI2/YRYRKW2XviQzdFKcgyxilJbQN+QHwotL0AMh0jqEqSI5l2xPE4iUX
-feu+h1sXIFRRk0pTAwvsXcoz7WL9RccvW9xYoIA55vrX/hMUpu09lEpCdNTDd1lzzY9GvlU47/ro
-kTLql1gEIt44w8y8bckzOmoKaT+gyOpyj4xjhiO9bTyWnpXgSUyqorkqG5w2gXjtw+hG4iZZRHUe
-2XWJUc0QhJ1hYMtd+ZciTY6Y5uN/9lu7rs3KSoFrXgvzUeF0K+l+J6fZmUlO+KWA2yUPHGNiiskz
-Z2s8EIPGrd6ozRaOjfAHN3Gf8qv8QfXBi+wAN10J5U6A7/qxXDgGpRtK4dw4LTzcqx+QGtVKnO7R
-cGzM7vRX+Bi6hG6H
+MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
+BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
+aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
+YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
+MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
+QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
+BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
+MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
+bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
+iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
+6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
+FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
+i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
+GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
+fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
+iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
+Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
+AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
+hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
+D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
+d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
+d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
+82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
+davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
+Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
+J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
+JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
+p/UsQu0yrbYhnr68
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert107.pem b/test/rules/platform_certs/default/cert107.pem
index 294e36711366..d0602cca4eea 100644
--- a/test/rules/platform_certs/default/cert107.pem
+++ b/test/rules/platform_certs/default/cert107.pem
@@ -1,28 +1,16 @@
-IdenTrust Public Sector Root CA 1
+Hellenic Academic and Research Institutions ECC RootCA 2015
 -----BEGIN CERTIFICATE-----
-MIIFZjCCA06gAwIBAgIQCgFCgAAAAUUjz0Z8AAAAAjANBgkqhkiG9w0BAQsFADBNMQswCQYDVQQG
-EwJVUzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3Rv
-ciBSb290IENBIDEwHhcNMTQwMTE2MTc1MzMyWhcNMzQwMTE2MTc1MzMyWjBNMQswCQYDVQQGEwJV
-UzESMBAGA1UEChMJSWRlblRydXN0MSowKAYDVQQDEyFJZGVuVHJ1c3QgUHVibGljIFNlY3RvciBS
-b290IENBIDEwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2IpT8pEiv6EdrCvsnduTy
-P4o7ekosMSqMjbCpwzFrqHd2hCa2rIFCDQjrVVi7evi8ZX3yoG2LqEfpYnYeEe4IFNGyRBb06tD6
-Hi9e28tzQa68ALBKK0CyrOE7S8ItneShm+waOh7wCLPQ5CQ1B5+ctMlSbdsHyo+1W/CD80/HLaXI
-rcuVIKQxKFdYWuSNG5qrng0M8gozOSI5Cpcu81N3uURF/YTLNiCBWS2ab21ISGHKTN9T0a9SvESf
-qy9rg3LvdYDaBjMbXcjaY8ZNzaxmMc3R3j6HEDbhuaR672BQssvKplbgN6+rNBM5Jeg5ZuSYeqoS
-mJxZZoY+rfGwyj4GD3vwEUs3oERte8uojHH01bWRNszwFcYr3lEXsZdMUD2xlVl8BX0tIdUAvwFn
-ol57plzy9yLxkA2T26pEUWbMfXYD62qoKjgZl3YNa4ph+bz27nb9cCvdKTz4Ch5bQhyLVi9VGxyh
-LrXHFub4qjySjmm2AcG1hp2JDws4lFTo6tyePSW8Uybt1as5qsVATFSrsrTZ2fjXctscvG29ZV/v
-iDUqZi/u9rNl8DONfJhBaUYPQxxp+pu10GFqzcpL2UyQRqsVWaFHVCkugyhfHMKiq3IXAAaOReyL
-4jM9f9oZRORicsPfIsbyVtTdX5Vy7W1f90gDW/3FKqD2cyOEEBsB5wIDAQABo0IwQDAOBgNVHQ8B
-Af8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU43HgntinQtnbcZFrlJPrw6PRFKMw
-DQYJKoZIhvcNAQELBQADggIBAEf63QqwEZE4rU1d9+UOl1QZgkiHVIyqZJnYWv6IAcVYpZmxI1Qj
-t2odIFflAWJBF9MJ23XLblSQdf4an4EKwt3X9wnQW3IV5B4Jaj0z8yGa5hV+rVHVDRDtfULAj+7A
-mgjVQdZcDiFpboBhDhXAuM/FSRJSzL46zNQuOAXeNf0fb7iAaJg9TaDKQGXSc3z1i9kKlT/YPyNt
-GtEqJBnZhbMX73huqVjRI9PHE+1yJX9dsXNw0H8GlwmEKYBhHfpe/3OsoOOJuBxxFcbeMX8S3OFt
-m6/n6J91eEyrRjuazr8FGF1NFTwWmhlQBJqymm9li1JfPFgEKCXAZmExfrngdbkaqIHWchezxQMx
-NRF4eKLg6TCMf4DfWN88uieW4oA0beOY02QnrEh+KHdcxiVhJfiFDGX6xDIvpZgF5PgLZxYWxoK4
-Mhn5+bl53B/N66+rDt0b20XkeucC4pVd/GnwU2lhlXV5C15V5jgclKlZM57IcXR5f1GJtshquDDI
-ajjDbp7hNxbqBWJMWxJH7ae0s1hWx0nzfxJoCTFx8G34Tkf71oXuxVhAGaQdp/lLQzfcaFpPz+vC
-ZHTetBXZ9FRUGi8c15dxVJCO2SCdUyt/q4/i6jC8UDfv8Ue1fXwsBOxonbRJRBD0ckscZOf85muQ
-3Wl9af0AVqW3rLatt8o+Ae+c
+MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
+aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
+cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
+aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
+MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
+IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
+VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
+Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
+dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
+Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
+BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
+GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
+dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert108.pem b/test/rules/platform_certs/default/cert108.pem
index af749d22d793..1ce7bf748394 100644
--- a/test/rules/platform_certs/default/cert108.pem
+++ b/test/rules/platform_certs/default/cert108.pem
@@ -1,23 +1,28 @@
-Entrust Root Certification Authority - G2
+ISRG Root X1
 -----BEGIN CERTIFICATE-----
-MIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMCVVMxFjAUBgNV
-BAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVy
-bXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ug
-b25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIw
-HhcNMDkwNzA3MTcyNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoT
-DUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMx
-OTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25s
-eTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwggEi
-MA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP
-/vaCeb9zYQYKpSfYs1/TRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXz
-HHfV1IWNcCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hWwcKU
-s/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1U1+cPvQXLOZprE4y
-TGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0jaWvYkxN4FisZDQSA/i2jZRjJKRx
-AgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ6
-0B7vfec7aVHUbI2fkBJmqzANBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5Z
-iXMRrEPR9RP/jTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ
-Rkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v1fN2D807iDgi
-nWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4RnAuknZoh8/CbCzB428Hch0P+
-vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmHVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xO
-e4pIb4tF9g==
+MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE
+BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD
+EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG
+EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT
+DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r
+Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1
+3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K
+b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN
+Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ
+4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf
+1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu
+hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH
+usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r
+OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G
+A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY
+9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV
+0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt
+hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw
+TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx
+e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA
+JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD
+YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n
+JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ
+m+kXQ99b21/+jh5Xos1AnX5iItreGCc=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert109.pem b/test/rules/platform_certs/default/cert109.pem
index 706aa90b130e..a0a7df1fbdc5 100644
--- a/test/rules/platform_certs/default/cert109.pem
+++ b/test/rules/platform_certs/default/cert109.pem
@@ -1,17 +1,28 @@
-Entrust Root Certification Authority - EC1
+AC RAIZ FNMT-RCM
 -----BEGIN CERTIFICATE-----
-MIIC+TCCAoCgAwIBAgINAKaLeSkAAAAAUNCR+TAKBggqhkjOPQQDAzCBvzELMAkGA1UEBhMCVVMx
-FjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVn
-YWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXpl
-ZCB1c2Ugb25seTEzMDEGA1UEAxMqRW50cnVzdCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5
-IC0gRUMxMB4XDTEyMTIxODE1MjUzNloXDTM3MTIxODE1NTUzNlowgb8xCzAJBgNVBAYTAlVTMRYw
-FAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0L2xlZ2Fs
-LXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhvcml6ZWQg
-dXNlIG9ubHkxMzAxBgNVBAMTKkVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAt
-IEVDMTB2MBAGByqGSM49AgEGBSuBBAAiA2IABIQTydC6bUF74mzQ61VfZgIaJPRbiWlH47jCffHy
-AsWfoPZb1YsGGYZPUxBtByQnoaD41UcZYUx9ypMn6nQM72+WCf5j7HBdNq1nd67JnXxVRDqiY1Ef
-9eNi1KlHBz7MIKNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE
-FLdj5xrdjekIplWDpOBqUEFlEUJJMAoGCCqGSM49BAMDA2cAMGQCMGF52OVCR98crlOZF7ZvHH3h
-vxGU0QOIdeSNiaSKd0bebWHvAvX7td/M/k7//qnmpwIwW5nXhTcGtXsI/esni0qU+eH6p44mCOh8
-kmhtc9hvJqwhAriZtyZBWyVgrtBIGu4G
+MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT
+AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw
+MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD
+TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf
+qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr
+btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL
+j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou
+08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw
+WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT
+tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ
+47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC
+ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa
+i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
+FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o
+dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
+nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s
+D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ
+j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT
+Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW
++YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7
+Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d
+8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm
+5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG
+rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert110.pem b/test/rules/platform_certs/default/cert110.pem
index b3a47b9738e2..1a2778910e94 100644
--- a/test/rules/platform_certs/default/cert110.pem
+++ b/test/rules/platform_certs/default/cert110.pem
@@ -1,28 +1,18 @@
-CFCA EV ROOT
+Amazon Root CA 1
 -----BEGIN CERTIFICATE-----
-MIIFjTCCA3WgAwIBAgIEGErM1jANBgkqhkiG9w0BAQsFADBWMQswCQYDVQQGEwJDTjEwMC4GA1UE
-CgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQDDAxDRkNB
-IEVWIFJPT1QwHhcNMTIwODA4MDMwNzAxWhcNMjkxMjMxMDMwNzAxWjBWMQswCQYDVQQGEwJDTjEw
-MC4GA1UECgwnQ2hpbmEgRmluYW5jaWFsIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MRUwEwYDVQQD
-DAxDRkNBIEVWIFJPT1QwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDXXWvNED8fBVnV
-BU03sQ7smCuOFR36k0sXgiFxEFLXUWRwFsJVaU2OFW2fvwwbwuCjZ9YMrM8irq93VCpLTIpTUnrD
-7i7es3ElweldPe6hL6P3KjzJIx1qqx2hp/Hz7KDVRM8Vz3IvHWOX6Jn5/ZOkVIBMUtRSqy5J35DN
-uF++P96hyk0g1CXohClTt7GIH//62pCfCqktQT+x8Rgp7hZZLDRJGqgG16iI0gNyejLi6mhNbiyW
-ZXvKWfry4t3uMCz7zEasxGPrb382KzRzEpR/38wmnvFyXVBlWY9ps4deMm/DGIq1lY+wejfeWkU7
-xzbh72fROdOXW3NiGUgthxwG+3SYIElz8AXSG7Ggo7cbcNOIabla1jj0Ytwli3i/+Oh+uFzJlU9f
-py25IGvPa931DfSCt/SyZi4QKPaXWnuWFo8BGS1sbn85WAZkgwGDg8NNkt0yxoekN+kWzqotaK8K
-gWU6cMGbrU1tVMoqLUuFG7OA5nBFDWteNfB/O7ic5ARwiRIlk9oKmSJgamNgTnYGmE69g60dWIol
-hdLHZR4tjsbftsbhf4oEIRUpdPA+nJCdDC7xij5aqgwJHsfVPKPtl8MeNPo4+QgO48BdK4PRVmrJ
-tqhUUy54Mmc9gn900PvhtgVguXDbjgv5E1hvcWAQUhC5wUEJ73IfZzF4/5YFjQIDAQABo2MwYTAf
-BgNVHSMEGDAWgBTj/i39KNALtbq2osS/BqoFjJP7LzAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB
-/wQEAwIBBjAdBgNVHQ4EFgQU4/4t/SjQC7W6tqLEvwaqBYyT+y8wDQYJKoZIhvcNAQELBQADggIB
-ACXGumvrh8vegjmWPfBEp2uEcwPenStPuiB/vHiyz5ewG5zz13ku9Ui20vsXiObTej/tUxPQ4i9q
-ecsAIyjmHjdXNYmEwnZPNDatZ8POQQaIxffu2Bq41gt/UP+TqhdLjOztUmCypAbqTuv0axn96/Ua
-4CUqmtzHQTb3yHQFhDmVOdYLO6Qn+gjYXB74BGBSESgoA//vU2YApUo0FmZ8/Qmkrp5nGm9BC2sG
-E5uPhnEFtC+NiWYzKXZUmhH4J/qyP5Hgzg0b8zAarb8iXRvTvyUFTeGSGn+ZnzxEk8rUQElsgIfX
-BDrDMlI1Dlb4pd19xIsNER9Tyx6yF7Zod1rg1MvIB671Oi6ON7fQAUtDKXeMOZePglr4UeWJoBjn
-aH9dCi77o0cOPaYjesYBx4/IXr9tgFa+iiS6M+qf4TIRnvHST4D2G0CvOJ4RUHlzEhLN5mydLIhy
-PDCBBpEi6lmt2hkuIsKNuYyH4Ga8cyNfIWRjgEj1oDwYPZTISEEdQLpe/v5WOaHIz16eGWRGENoX
-kbcFgKyLmZJ956LYBws2J+dIeWCKw9cTXPhyQN9Ky8+ZAAoACxGV2lZFA4gKn2fQ1XmxqI1AbQ3C
-ekD6819kR5LLU7m7Wc5P/dAVUwHY3+vZ5nbv0CO7O6l5s9UCKc2Jo5YPSjXnTkLAdc0Hz+Ys63su
+MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1
+MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
+ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH
+FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ
+gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t
+dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce
+VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
+/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3
+DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM
+CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy
+8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa
+2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2
+xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert111.pem b/test/rules/platform_certs/default/cert111.pem
index 244ddd45efe7..449d424d86b1 100644
--- a/test/rules/platform_certs/default/cert111.pem
+++ b/test/rules/platform_certs/default/cert111.pem
@@ -1,22 +1,27 @@
-TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H5
+Amazon Root CA 2
 -----BEGIN CERTIFICATE-----
-MIIEJzCCAw+gAwIBAgIHAI4X/iQggTANBgkqhkiG9w0BAQsFADCBsTELMAkGA1UEBhMCVFIxDzAN
-BgNVBAcMBkFua2FyYTFNMEsGA1UECgxEVMOcUktUUlVTVCBCaWxnaSDEsGxldGnFn2ltIHZlIEJp
-bGnFn2ltIEfDvHZlbmxpxJ9pIEhpem1ldGxlcmkgQS7Fni4xQjBABgNVBAMMOVTDnFJLVFJVU1Qg
-RWxla3Ryb25payBTZXJ0aWZpa2EgSGl6bWV0IFNhxJ9sYXnEsWPEsXPEsSBINTAeFw0xMzA0MzAw
-ODA3MDFaFw0yMzA0MjgwODA3MDFaMIGxMQswCQYDVQQGEwJUUjEPMA0GA1UEBwwGQW5rYXJhMU0w
-SwYDVQQKDERUw5xSS1RSVVNUIEJpbGdpIMSwbGV0acWfaW0gdmUgQmlsacWfaW0gR8O8dmVubGnE
-n2kgSGl6bWV0bGVyaSBBLsWeLjFCMEAGA1UEAww5VMOcUktUUlVTVCBFbGVrdHJvbmlrIFNlcnRp
-ZmlrYSBIaXptZXQgU2HEn2xhecSxY8Sxc8SxIEg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB
-CgKCAQEApCUZ4WWe60ghUEoI5RHwWrom/4NZzkQqL/7hzmAD/I0Dpe3/a6i6zDQGn1k19uwsu537
-jVJp45wnEFPzpALFp/kRGml1bsMdi9GYjZOHp3GXDSHHmflS0yxjXVW86B8BSLlg/kJK9siArs1m
-ep5Fimh34khon6La8eHBEJ/rPCmBp+EyCNSgBbGM+42WAA4+Jd9ThiI7/PS98wl+d+yG6w8z5UNP
-9FR1bSmZLmZaQ9/LXMrI5Tjxfjs1nQ/0xVqhzPMggCTTV+wVunUlm+hkS7M0hO8EuPbJbKoCPrZV
-4jI3X/xml1/N1p7HIL9Nxqw/dV8c7TKcfGkAaZHjIxhT6QIDAQABo0IwQDAdBgNVHQ4EFgQUVpkH
-HtOsDGlktAxQR95DLL4gwPswDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZI
-hvcNAQELBQADggEBAJ5FdnsXSDLyOIspve6WSk6BGLFRRyDN0GSxDsnZAdkJzsiZ3GglE9Rc8qPo
-BP5yCccLqh0lVX6Wmle3usURehnmp349hQ71+S4pL+f5bFgWV1Al9j4uPqrtd3GqqpmWRgqujuwq
-URawXs3qZwQcWDD1YIq9pr1N5Za0/EKJAWv2cMhQOQwt1WbZyNKzMrcbGW3LM/nfpeYVhDfwwvJl
-lpKQd/Ct9JDpEXjXk4nAPQu6KfTomZ1yju2dL+6SfaHx/126M2CFYv4HAqGEVka+lgqaE9chTLd8
-B59OTj+RdPsnnRHM3eaxynFNExc5JsUpISuTKWqW+qtB4Uu2NQvAmxU=
+MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD
+VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1
+MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
+bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
+ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4
+kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp
+N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9
+AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd
+fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx
+kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS
+btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0
+Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN
+c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+
+3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw
+DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA
+A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
++gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE
+YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW
+xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ
+gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW
+aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV
+Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3
+KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi
+JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert112.pem b/test/rules/platform_certs/default/cert112.pem
index 747ea12b63d4..1254c66d4b3a 100644
--- a/test/rules/platform_certs/default/cert112.pem
+++ b/test/rules/platform_certs/default/cert112.pem
@@ -1,29 +1,11 @@
-Certinomis - Root CA
+Amazon Root CA 3
 -----BEGIN CERTIFICATE-----
-MIIFkjCCA3qgAwIBAgIBATANBgkqhkiG9w0BAQsFADBaMQswCQYDVQQGEwJGUjETMBEGA1UEChMK
-Q2VydGlub21pczEXMBUGA1UECxMOMDAwMiA0MzM5OTg5MDMxHTAbBgNVBAMTFENlcnRpbm9taXMg
-LSBSb290IENBMB4XDTEzMTAyMTA5MTcxOFoXDTMzMTAyMTA5MTcxOFowWjELMAkGA1UEBhMCRlIx
-EzARBgNVBAoTCkNlcnRpbm9taXMxFzAVBgNVBAsTDjAwMDIgNDMzOTk4OTAzMR0wGwYDVQQDExRD
-ZXJ0aW5vbWlzIC0gUm9vdCBDQTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANTMCQos
-P5L2fxSeC5yaah1AMGT9qt8OHgZbn1CF6s2Nq0Nn3rD6foCWnoR4kkjW4znuzuRZWJflLieY6pOo
-d5tK8O90gC3rMB+12ceAnGInkYjwSond3IjmFPnVAy//ldu9n+ws+hQVWZUKxkd8aRi5pwP5ynap
-z8dvtF4F/u7BUrJ1Mofs7SlmO/NKFoL21prbcpjp3vDFTKWrteoB4owuZH9kb/2jJZOLyKIOSY00
-8B/sWEUuNKqEUL3nskoTuLAPrjhdsKkb5nPJWqHZZkCqqU2mNAKthH6yI8H7KsZn9DS2sJVqM09x
-RLWtwHkziOC/7aOgFLScCbAK42C++PhmiM1b8XcF4LVzbsF9Ri6OSyemzTUK/eVNfaoqoynHWmgE
-6OXWk6RiwsXm9E/G+Z8ajYJJGYrKWUM66A0ywfRMEwNvbqY/kXPLynNvEiCL7sCCeN5LLsJJwx3t
-FvYk9CcbXFcx3FXuqB5vbKziRcxXV4p1VxngtViZSTYxPDMBbRZKzbgqg4SGm/lg0h9tkQPTYKbV
-PZrdd5A9NaSfD171UkRpucC63M9933zZxKyGIjK8e2uR73r4F2iw4lNVYC2vPsKD2NkJK/DAZNuH
-i5HMkesE/Xa0lZrmFAYb1TQdvtj/dBxThZngWVJKYe2InmtJiUZ+IFrZ50rlau7SZRFDAgMBAAGj
-YzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTvkUz1pcMw6C8I
-6tNxIqSSaHh02TAfBgNVHSMEGDAWgBTvkUz1pcMw6C8I6tNxIqSSaHh02TANBgkqhkiG9w0BAQsF
-AAOCAgEAfj1U2iJdGlg+O1QnurrMyOMaauo++RLrVl89UM7g6kgmJs95Vn6RHJk/0KGRHCwPT5iV
-WVO90CLYiF2cN/z7ZMF4jIuaYAnq1fohX9B0ZedQxb8uuQsLrbWwF6YSjNRieOpWauwK0kDDPAUw
-Pk2Ut59KA9N9J0u2/kTO+hkzGm2kQtHdzMjI1xZSg081lLMSVX3l4kLr5JyTCcBMWwerx20RoFAX
-lCOotQqSD7J6wWAsOMwaplv/8gzjqh8c3LigkyfeY+N/IZ865Z764BNqdeuWXGKRlI5nU7aJ+BIJ
-y29SWwNyhlCVCNSNh4YVH5Uk2KRvms6knZtt0rJ2BobGVgjF6wnaNsIbW0G+YSrjcOa4pvi2WsS9
-Iff/ql+hbHY5ZtbqTFXhADObE5hjyW/QASAJN1LnDE8+zbz1X5YnpyACleAu6AdBBR8Vbtaw5Bng
-DwKTACdyxYvRVB9dSsNAl35VpnzBMwQUAR1JIGkLGZOdblgi90AMRgwjY/M50n92Uaf0yKHxDHYi
-I0ZSKS3io0EHVmmY0gUJvGnHWmHNj4FgFU2A3ZDifcRQ8ow7bkrHxuaAKzyBvBGAFhAn1/DNP3nM
-cyrDflOR1m749fPH0FFNjkulW+YZFzvWgQncItzujrnEj1PhZ7szuIgVRs/taTX/dQ1G885x4cVr
-hkIGuUE=
+MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB
+f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr
+Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43
+rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc
+eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert113.pem b/test/rules/platform_certs/default/cert113.pem
index 8bd0e06bfcad..5473fcd441b4 100644
--- a/test/rules/platform_certs/default/cert113.pem
+++ b/test/rules/platform_certs/default/cert113.pem
@@ -1,20 +1,12 @@
-OISTE WISeKey Global Root GB CA
+Amazon Root CA 4
 -----BEGIN CERTIFICATE-----
-MIIDtTCCAp2gAwIBAgIQdrEgUnTwhYdGs/gjGvbCwDANBgkqhkiG9w0BAQsFADBtMQswCQYDVQQG
-EwJDSDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNl
-ZDEoMCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQiBDQTAeFw0xNDEyMDExNTAw
-MzJaFw0zOTEyMDExNTEwMzFaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYD
-VQQLExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEds
-b2JhbCBSb290IEdCIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2Be3HEokKtaX
-scriHvt9OO+Y9bI5mE4nuBFde9IllIiCFSZqGzG7qFshISvYD06fWvGxWuR51jIjK+FTzJlFXHtP
-rby/h0oLS5daqPZI7H17Dc0hBt+eFf1Biki3IPShehtX1F1Q/7pn2COZH8g/497/b1t3sWtuuMlk
-9+HKQUYOKXHQuSP8yYFfTvdv37+ErXNku7dCjmn21HYdfp2nuFeKUWdy19SouJVUQHMD9ur06/4o
-Qnc/nSMbsrY9gBQHTC5P99UKFg29ZkM3fiNDecNAhvVMKdqOmq0NpQSHiB6F4+lT1ZvIiwNjeOvg
-GUpuuy9rM2RYk61pv48b74JIxwIDAQABo1EwTzALBgNVHQ8EBAMCAYYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUNQ/INmNe4qPs+TtmFc5RUuORmj0wEAYJKwYBBAGCNxUBBAMCAQAwDQYJKoZI
-hvcNAQELBQADggEBAEBM+4eymYGQfp3FsLAmzYh7KzKNbrghcViXfa43FK8+5/ea4n32cZiZBKpD
-dHij40lhPnOMTZTg+XHEthYOU3gf1qKHLwI5gSk8rxWYITD+KJAAjNHhy/peyP34EEY7onhCkRd0
-VQreUGdNZtGn//3ZwLWoo4rOZvUPQ82nK1d7Y0Zqqi5S2PTt4W2tKZB4SLrhI6qjiey1q5bAtEui
-HZeeevJuQHHfaPFlTc58Bd9TZaml8LGXBHAVRgOY1NK/VLSgWH1Sb9pWJmLU2NuJMW8c8CLC02Ic
-Nc1MaRVUGpCY3useX8p3x8uOPUNpnJpY0CQ73xtAln41rYHHTnG6iBM=
+MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG
+EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy
+NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
+MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN
+/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri
+83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
+HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA
+MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1
+AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert114.pem b/test/rules/platform_certs/default/cert114.pem
index e6857a0e56b5..95096f8043a7 100644
--- a/test/rules/platform_certs/default/cert114.pem
+++ b/test/rules/platform_certs/default/cert114.pem
@@ -1,19 +1,29 @@
-SZAFIR ROOT CA2
+LuxTrust Global Root 2
 -----BEGIN CERTIFICATE-----
-MIIDcjCCAlqgAwIBAgIUPopdB+xV0jLVt+O2XwHrLdzk1uQwDQYJKoZIhvcNAQELBQAwUTELMAkG
-A1UEBhMCUEwxKDAmBgNVBAoMH0tyYWpvd2EgSXpiYSBSb3psaWN6ZW5pb3dhIFMuQS4xGDAWBgNV
-BAMMD1NaQUZJUiBST09UIENBMjAeFw0xNTEwMTkwNzQzMzBaFw0zNTEwMTkwNzQzMzBaMFExCzAJ
-BgNVBAYTAlBMMSgwJgYDVQQKDB9LcmFqb3dhIEl6YmEgUm96bGljemVuaW93YSBTLkEuMRgwFgYD
-VQQDDA9TWkFGSVIgUk9PVCBDQTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQC3vD5Q
-qEvNQLXOYeeWyrSh2gwisPq1e3YAd4wLz32ohswmUeQgPYUM1ljj5/QqGJ3a0a4m7utT3PSQ1hNK
-DJA8w/Ta0o4NkjrcsbH/ON7Dui1fgLkCvUqdGw+0w8LBZwPd3BucPbOw3gAeqDRHu5rr/gsUvTaE
-2g0gv/pby6kWIK05YO4vdbbnl5z5Pv1+TW9NL++IDWr63fE9biCloBK0TXC5ztdyO4mTp4CEHCdJ
-ckm1/zuVnsHMyAHs6A6KCpbns6aH5db5BSsNl0BwPLqsdVqc1U2dAgrSS5tmS0YHF2Wtn2yIANwi
-ieDhZNRnvDF5YTy7ykHNXGoAyDw4jlivAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0P
-AQH/BAQDAgEGMB0GA1UdDgQWBBQuFqlKGLXLzPVvUPMjX/hd56zwyDANBgkqhkiG9w0BAQsFAAOC
-AQEAtXP4A9xZWx126aMqe5Aosk3AM0+qmrHUuOQn/6mWmc5G4G18TKI4pAZw8PRBEew/R40/cof5
-O/2kbytTAOD/OblqBw7rHRz2onKQy4I9EYKL0rufKq8h5mOGnXkZ7/e7DDWQw4rtTw/1zBLZpD67
-oPwglV9PJi8RI4NOdQcPv5vRtB3pEAT+ymCPoky4rc/hkA/NrgrHXXu3UNLUYfrVFdvXn4dRVOul
-4+vJhaAlIDf7js4MNIThPIGyd05DpYhfhmehPea0XGG2Ptv+tyjFogeutcrKjSoS75ftwjCkySp6
-+/NNIxuZMzSgLvWpCz/UXeHPhJ/iGcJfitYgHuNztw==
+MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQELBQAwRjELMAkG
+A1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNVBAMMFkx1eFRydXN0IEdsb2Jh
+bCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUwMzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEW
+MBQGA1UECgwNTHV4VHJ1c3QgUy5BLjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCC
+AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wm
+Kb3FibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTemhfY7RBi2
+xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1EMShduxq3sVs35a0VkBC
+wGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsnXpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm
+1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkm
+FRseTJIpgp7VkoGSQXAZ96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niF
+wpN6cj5mj5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4gDEa/
+a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+8kPREd8vZS9kzl8U
+ubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2jX5t/Lax5Gw5CMZdjpPuKadUiDTSQ
+MC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmHhFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB
+/zBCBgNVHSAEOzA5MDcGByuBKwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5
+Lmx1eHRydXN0Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT
++Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQELBQADggIBAGoZ
+FO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9BzZAcg4atmpZ1gDlaCDdLnIN
+H2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTOjFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW
+7MM3LGVYvlcAGvI1+ut7MV3CwRI9loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIu
+ZY+kt9J/Z93I055cqqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWA
+VWe+2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/JEAdemrR
+TxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKrezrnK+T+Tb/mjuuqlPpmt
+/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQfLSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc
+7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31I
+iyBMz2TWuJdGsE7RKlY6oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert115.pem b/test/rules/platform_certs/default/cert115.pem
index 7634cab47ebd..94a5b2da68f3 100644
--- a/test/rules/platform_certs/default/cert115.pem
+++ b/test/rules/platform_certs/default/cert115.pem
@@ -1,30 +1,23 @@
-Certum Trusted Network CA 2
+TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
 -----BEGIN CERTIFICATE-----
-MIIF0jCCA7qgAwIBAgIQIdbQSk8lD8kyN/yqXhKN6TANBgkqhkiG9w0BAQ0FADCBgDELMAkGA1UE
-BhMCUEwxIjAgBgNVBAoTGVVuaXpldG8gVGVjaG5vbG9naWVzIFMuQS4xJzAlBgNVBAsTHkNlcnR1
-bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEkMCIGA1UEAxMbQ2VydHVtIFRydXN0ZWQgTmV0d29y
-ayBDQSAyMCIYDzIwMTExMDA2MDgzOTU2WhgPMjA0NjEwMDYwODM5NTZaMIGAMQswCQYDVQQGEwJQ
-TDEiMCAGA1UEChMZVW5pemV0byBUZWNobm9sb2dpZXMgUy5BLjEnMCUGA1UECxMeQ2VydHVtIENl
-cnRpZmljYXRpb24gQXV0aG9yaXR5MSQwIgYDVQQDExtDZXJ0dW0gVHJ1c3RlZCBOZXR3b3JrIENB
-IDIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC9+Xj45tWADGSdhhuWZGc/IjoedQF9
-7/tcZ4zJzFxrqZHmuULlIEub2pt7uZld2ZuAS9eEQCsn0+i6MLs+CRqnSZXvK0AkwpfHp+6bJe+o
-CgCXhVqqndwpyeI1B+twTUrWwbNWuKFBOJvR+zF/j+Bf4bE/D44WSWDXBo0Y+aomEKsq09DRZ40b
-Rr5HMNUuctHFY9rnY3lEfktjJImGLjQ/KUxSiyqnwOKRKIm5wFv5HdnnJ63/mgKXwcZQkpsCLL2p
-uTRZCr+ESv/f/rOf69me4Jgj7KZrdxYq28ytOxykh9xGc14ZYmhFV+SQgkK7QtbwYeDBoz1mo130
-GO6IyY0XRSmZMnUCMe4pJshrAua1YkV/NxVaI2iJ1D7eTiew8EAMvE0Xy02isx7QBlrd9pPPV3WZ
-9fqGGmd4s7+W/jTcvedSVuWz5XV710GRBdxdaeOVDUO5/IOWOZV7bIBaTxNyxtd9KXpEulKkKtVB
-Rgkg/iKgtlswjbyJDNXXcPiHUv3a76xRLgezTv7QCdpw75j6VuZt27VXS9zlLCUVyJ4ueE742pye
-hizKV/Ma5ciSixqClnrDvFASadgOWkaLOusm+iPJtrCBvkIApPjW/jAux9JG9uWOdf3yzLnQh1vM
-BhBgu4M1t15n3kfsmUjxpKEV/q2MYo45VU85FrmxY53/twIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MB0GA1UdDgQWBBS2oVQ5AsOgP46KvPrU+Bym0ToO/TAOBgNVHQ8BAf8EBAMCAQYwDQYJKoZI
-hvcNAQENBQADggIBAHGlDs7k6b8/ONWJWsQCYftMxRQXLYtPU2sQF/xlhMcQSZDe28cmk4gmb3DW
-Al45oPePq5a1pRNcgRRtDoGCERuKTsZPpd1iHkTfCVn0W3cLN+mLIMb4Ck4uWBzrM9DPhmDJ2vuA
-L55MYIR4PSFk1vtBHxgP58l1cb29XN40hz5BsA72udY/CROWFC/emh1auVbONTqwX3BNXuMp8SMo
-clm2q8KMZiYcdywmdjWLKKdpoPk79SPdhRB0yZADVpHnr7pH1BKXESLjokmUbOe3lEu6LaTaM4tM
-pkT/WjzGHWTYtTHkpjx6qFcL2+1hGsvxznN3Y6SHb0xRONbkX8eftoEq5IVIeVheO/jbAoJnwTnb
-w3RLPTYe+SmTiGhbqEQZIfCn6IENLOiTNrQ3ssqwGyZ6miUfmpqAnksqP/ujmv5zMnHCnsZy4Ypo
-J/HkD7TETKVhk/iXEAcqMCWpuchxuO9ozC1+9eB+D4Kob7a6bINDd82Kkhehnlt4Fj1F4jNy3eFm
-ypnTycUm/Q1oBEauttmbjL4ZvrHG8hnjXALKLNhvSgfZyTXaQHXyxKcZb55CEJh15pWLYLztxRLX
-is7VmFxWlgPF7ncGNf/P5O4/E2Hu29othfDNrp2yGAlFw5Khchf8R7agCyzxxN5DaAhqXzvwdmP7
-zAYspsbiDrW5viSP
+MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT
+D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr
+IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g
+TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp
+ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD
+VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt
+c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth
+bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11
+IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8
+6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc
+wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0
+3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9
+WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU
+ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
+KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
+AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc
+lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
+e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
+q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert116.pem b/test/rules/platform_certs/default/cert116.pem
index d982ddd9c97c..ecb51c9a3077 100644
--- a/test/rules/platform_certs/default/cert116.pem
+++ b/test/rules/platform_certs/default/cert116.pem
@@ -1,31 +1,28 @@
-Hellenic Academic and Research Institutions RootCA 2015
+GDCA TrustAUTH R5 ROOT
 -----BEGIN CERTIFICATE-----
-MIIGCzCCA/OgAwIBAgIBADANBgkqhkiG9w0BAQsFADCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcT
-BkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0
-aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNVBAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNl
-YXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIwMTUwHhcNMTUwNzA3MTAxMTIxWhcNNDAwNjMwMTAx
-MTIxWjCBpjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0aGVuczFEMEIGA1UEChM7SGVsbGVuaWMg
-QWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9ucyBDZXJ0LiBBdXRob3JpdHkxQDA+BgNV
-BAMTN0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgUm9vdENBIDIw
-MTUwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDC+Kk/G4n8PDwEXT2QNrCROnk8Zlrv
-bTkBSRq0t89/TSNTt5AA4xMqKKYx8ZEA4yjsriFBzh/a/X0SWwGDD7mwX5nh8hKDgE0GPt+sr+eh
-iGsxr/CL0BgzuNtFajT0AoAkKAoCFZVedioNmToUW/bLy1O8E00BiDeUJRtCvCLYjqOWXjrZMts+
-6PAQZe104S+nfK8nNLspfZu2zwnI5dMK/IhlZXQK3HMcXM1AsRzUtoSMTFDPaI6oWa7CJ06CojXd
-FPQf/7J31Ycvqm59JCfnxssm5uX+Zwdj2EUN3TpZZTlYepKZcj2chF6IIbjV9Cz82XBST3i4vTwr
-i5WY9bPRaM8gFH5MXF/ni+X1NYEZN9cRCLdmvtNKzoNXADrDgfgXy5I2XdGj2HUb4Ysn6npIQf1F
-GQatJ5lOwXBH3bWfgVMS5bGMSF0xQxfjjMZ6Y5ZLKTBOhE5iGV48zpeQpX8B653g+IuJ3SWYPZK2
-fu/Z8VFRfS0myGlZYeCsargqNhEEelC9MoS+L9xy1dcdFkfkR2YgP/SWxa+OAXqlD3pk9Q0Yh9mu
-iNX6hME6wGkoLfINaFGq46V3xqSQDqE3izEjR8EJCOtu93ib14L8hCCZSRm2Ekax+0VVFqmjZayc
-Bw/qa9wfLgZy7IaIEuQt218FL+TwA9MmM+eAws1CoRc0CwIDAQABo0IwQDAPBgNVHRMBAf8EBTAD
-AQH/MA4GA1UdDwEB/wQEAwIBBjAdBgNVHQ4EFgQUcRVnyMjJvXVdctA4GGqd83EkVAswDQYJKoZI
-hvcNAQELBQADggIBAHW7bVRLqhBYRjTyYtcWNl0IXtVsyIe9tC5G8jH4fOpCtZMWVdyhDBKg2mF+
-D1hYc2Ryx+hFjtyp8iY/xnmMsVMIM4GwVhO+5lFc2JsKT0ucVlMC6U/2DWDqTUJV6HwbISHTGzrM
-d/K4kPFox/la/vot9L/J9UUbzjgQKjeKeaO04wlshYaT/4mWJ3iBj2fjRnRUjtkNaeJK9E10A/+y
-d+2VZ5fkscWrv2oj6NSU4kQoYsRL4vDY4ilrGnB+JGGTe08DMiUNRSQrlrRGar9KC/eaj8GsGsVn
-82800vpzY4zvFrCopEYq+OsS7HK07/grfoxSwIuEVPkvPuNVqNxmsdnhX9izjFk0WaSrT2y7Hxjb
-davYy5LNlDhhDgcGH0tGEPEVvo2FXDtKK4F5D7Rpn0lQl033DlZdwJVqwjbDG2jJ9SrcR5q+ss7F
-Jej6A7na+RZukYT1HCjI/CbM1xyQVqdfbzoEvM14iQuODy+jqk+iGxI9FghAD/FGTNeqewjBCvVt
-J94Cj8rDtSvK6evIIVM4pcw72Hc3MKJP2W/R8kCtQXoXxdZKNYm3QdV8hn9VTYNKpXMgwDqvkPGa
-JI7ZjnHKe7iG2rKPmT4dEw0SEe7Uq/DpFXYC5ODfqiAeW2GFZECpkJcNrVPSWh2HagCXZWK0vm9q
-p/UsQu0yrbYhnr68
+MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
+BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
+DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
+YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
+IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
+AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
+OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
+pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
+9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
+xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
+R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
+D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
+oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
+9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
+MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
+p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
+H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
+6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
++PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
+HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
+F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
+8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
+/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
+aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert117.pem b/test/rules/platform_certs/default/cert117.pem
index d0602cca4eea..20b597bbe847 100644
--- a/test/rules/platform_certs/default/cert117.pem
+++ b/test/rules/platform_certs/default/cert117.pem
@@ -1,16 +1,22 @@
-Hellenic Academic and Research Institutions ECC RootCA 2015
+TrustCor RootCert CA-1
 -----BEGIN CERTIFICATE-----
-MIICwzCCAkqgAwIBAgIBADAKBggqhkjOPQQDAjCBqjELMAkGA1UEBhMCR1IxDzANBgNVBAcTBkF0
-aGVuczFEMEIGA1UEChM7SGVsbGVuaWMgQWNhZGVtaWMgYW5kIFJlc2VhcmNoIEluc3RpdHV0aW9u
-cyBDZXJ0LiBBdXRob3JpdHkxRDBCBgNVBAMTO0hlbGxlbmljIEFjYWRlbWljIGFuZCBSZXNlYXJj
-aCBJbnN0aXR1dGlvbnMgRUNDIFJvb3RDQSAyMDE1MB4XDTE1MDcwNzEwMzcxMloXDTQwMDYzMDEw
-MzcxMlowgaoxCzAJBgNVBAYTAkdSMQ8wDQYDVQQHEwZBdGhlbnMxRDBCBgNVBAoTO0hlbGxlbmlj
-IEFjYWRlbWljIGFuZCBSZXNlYXJjaCBJbnN0aXR1dGlvbnMgQ2VydC4gQXV0aG9yaXR5MUQwQgYD
-VQQDEztIZWxsZW5pYyBBY2FkZW1pYyBhbmQgUmVzZWFyY2ggSW5zdGl0dXRpb25zIEVDQyBSb290
-Q0EgMjAxNTB2MBAGByqGSM49AgEGBSuBBAAiA2IABJKgQehLgoRc4vgxEZmGZE4JJS+dQS8KrjVP
-dJWyUWRrjWvmP3CV8AVER6ZyOFB2lQJajq4onvktTpnvLEhvTCUp6NFxW98dwXU3tNf6e3pCnGoK
-Vlp8aQuqgAkkbH7BRqNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0O
-BBYEFLQiC4KZJAEOnLvkDv2/+5cgk5kqMAoGCCqGSM49BAMCA2cAMGQCMGfOFmI4oqxiRaeplSTA
-GiecMjvAwNW6qef4BENThe5SId6d9SWDPp5YSy/XZxMOIQIwBeF1Ad5o7SofTUwJCA3sS61kFyjn
-dc5FZXIhF8siQQ6ME5g4mlRtm8rifOoCWCKR
+MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP
+MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
+U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx
+MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu
+YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe
+VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy
+dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq
+jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4
+pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0
+JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h
+gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw
+/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j
+BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
+AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5
+mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf
+ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C
+qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P
+3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert118.pem b/test/rules/platform_certs/default/cert118.pem
index 22334e4362d7..8bf6d29369df 100644
--- a/test/rules/platform_certs/default/cert118.pem
+++ b/test/rules/platform_certs/default/cert118.pem
@@ -1,28 +1,31 @@
-Certplus Root CA G1
+TrustCor RootCert CA-2
 -----BEGIN CERTIFICATE-----
-MIIFazCCA1OgAwIBAgISESBVg+QtPlRWhS2DN7cs3EYRMA0GCSqGSIb3DQEBDQUAMD4xCzAJBgNV
-BAYTAkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTAe
-Fw0xNDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhD
-ZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMTCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBANpQh7bauKk+nWT6VjOaVj0W5QOVsjQcmm1iBdTYj+eJZJ+622SLZOZ5KmHN
-r49aiZFluVj8tANfkT8tEBXgfs+8/H9DZ6itXjYj2JizTfNDnjl8KvzsiNWI7nC9hRYt6kuJPKNx
-Qv4c/dMcLRC4hlTqQ7jbxofaqK6AJc96Jh2qkbBIb6613p7Y1/oA/caP0FG7Yn2ksYyy/yARujVj
-BYZHYEMzkPZHogNPlk2dT8Hq6pyi/jQu3rfKG3akt62f6ajUeD94/vI4CTYd0hYCyOwqaK/1jpTv
-LRN6HkJKHRUxrgwEV/xhc/MxVoYxgKDEEW4wduOU8F8ExKyHcomYxZ3MVwia9Az8fXoFOvpHgDm2
-z4QTd28n6v+WZxcIbekN1iNQMLAVdBM+5S//Ds3EC0pd8NgAM0lm66EYfFkuPSi5YXHLtaW6uOrc
-4nBvCGrch2c0798wct3zyT8j/zXhviEpIDCB5BmlIOklynMxdCm+4kLV87ImZsdo/Rmz5yCTmehd
-4F6H50boJZwKKSTUzViGUkAksnsPmBIgJPaQbEfIDbsYIC7Z/fyL8inqh3SV4EJQeIQEQWGw9CEj
-jy3LKCHyamz0GqbFFLQ3ZU+V/YDI+HLlJWvEYLF7bY5KinPOWftwenMGE9nTdDckQQoRb5fc5+R+
-ob0V8rqHDz1oihYHAgMBAAGjYzBhMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0G
-A1UdDgQWBBSowcCbkahDFXxdBie0KlHYlwuBsTAfBgNVHSMEGDAWgBSowcCbkahDFXxdBie0KlHY
-lwuBsTANBgkqhkiG9w0BAQ0FAAOCAgEAnFZvAX7RvUz1isbwJh/k4DgYzDLDKTudQSk0YcbX8ACh
-66Ryj5QXvBMsdbRX7gp8CXrc1cqh0DQT+Hern+X+2B50ioUHj3/MeXrKls3N/U/7/SMNkPX0XtPG
-YX2eEeAC7gkE2Qfdpoq3DIMku4NQkv5gdRE+2J2winq14J2by5BSS7CTKtQ+FjPlnsZlFT5kOwQ/
-2wyPX1wdaR+v8+khjPPvl/aatxm2hHSco1S1cE5j2FddUyGbQJJD+tZ3VTNPZNX70Cxqjm0lpu+F
-6ALEUz65noe8zDUa3qHpimOHZR4RKttjd5cUvpoUmRGywO6wT/gUITJDT5+rosuoD6o7BlXGEilX
-CNQ314cnrUlZp5GrRHpejXDbl85IULFzk/bwg2D5zfHhMf1bfHEhYxQUqq/F3pN+aLHsIqKqkHWe
-tUNy6mSjhEv9DKgma3GX7lZjZuhCVPnHHd/Qj1vfyDBviP4NxDMcU6ij/UgQ8uQKTuEVV/xuZDDC
-VRHc6qnNSlSsKWNEz0pAoNZoWRsz+e86i9sgktxChL8Bq4fA1SCC28a5g4VCXA9DO2pJNdWY9BW/
-+mGBDAkgGNLQFwzLSABQ6XaCjGTXOqAHVcweMcDvOrRl++O/QmueD6i9a5jc2NvLi6Td11n0bt3+
-qsOR0C5CB8AMTVPNJLFMWx5R9N/pkvo=
+MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w
+DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT
+eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0
+eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy
+MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
+bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U
+cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0
+IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb
+ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk
+RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1
+oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb
+XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1
+/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q
+jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP
+eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg
+rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh
+8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU
+2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD
+VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h
+Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp
+kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv
+2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3
+S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
+PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv
+DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU
+RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE
+xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX
+RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert119.pem b/test/rules/platform_certs/default/cert119.pem
index 2a7eaed94fff..ca5310bb3093 100644
--- a/test/rules/platform_certs/default/cert119.pem
+++ b/test/rules/platform_certs/default/cert119.pem
@@ -1,13 +1,22 @@
-Certplus Root CA G2
+TrustCor ECA-1
 -----BEGIN CERTIFICATE-----
-MIICHDCCAaKgAwIBAgISESDZkc6uo+jF5//pAq/Pc7xVMAoGCCqGSM49BAMDMD4xCzAJBgNVBAYT
-AkZSMREwDwYDVQQKDAhDZXJ0cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjAeFw0x
-NDA1MjYwMDAwMDBaFw0zODAxMTUwMDAwMDBaMD4xCzAJBgNVBAYTAkZSMREwDwYDVQQKDAhDZXJ0
-cGx1czEcMBoGA1UEAwwTQ2VydHBsdXMgUm9vdCBDQSBHMjB2MBAGByqGSM49AgEGBSuBBAAiA2IA
-BM0PW1aC3/BFGtat93nwHcmsltaeTpwftEIRyoa/bfuFo8XlGVzX7qY/aWfYeOKmycTbLXku54uN
-Am8xIk0G42ByRZ0OQneezs/lf4WbGOT8zC5y0xaTTsqZY1yhBSpsBqNjMGEwDgYDVR0PAQH/BAQD
-AgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMB8GA1Ud
-IwQYMBaAFNqDYwJ5jtpMxjwjFNiPwyCrKGBZMAoGCCqGSM49BAMDA2gAMGUCMHD+sAvZ94OX7PNV
-HdTcswYO/jOYnYs5kGuUIe22113WTNchp+e/IQ8rzfcq3IUHnQIxAIYUFuXcsGXCwI4Un78kFmjl
-vPl5adytRSv3tjFzzAalU5ORGpOucGpnutee5WEaXw==
+MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP
+MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
+U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
+dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw
+N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5
+MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
+IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG
+SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR
+MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23
+xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc
+p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+
+fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj
+YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL
+f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
+AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u
+/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F
+hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs
+J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC
+jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert120.pem b/test/rules/platform_certs/default/cert120.pem
index 04f3557fd994..333c225c5d8e 100644
--- a/test/rules/platform_certs/default/cert120.pem
+++ b/test/rules/platform_certs/default/cert120.pem
@@ -1,28 +1,30 @@
-OpenTrust Root CA G1
+SSL.com Root Certification Authority RSA
 -----BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgISESCzkFU5fX82bWTCp59rY45nMA0GCSqGSIb3DQEBCwUAMEAxCzAJBgNV
-BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcx
-MB4XDTE0MDUyNjA4NDU1MFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM
-CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzEwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQD4eUbalsUwXopxAy1wpLuwxQjczeY1wICkES3d5oeuXT2R0odsN7fa
-Yp6bwiTXj/HbpqbfRm9RpnHLPhsxZ2L3EVs0J9V5ToybWL0iEA1cJwzdMOWo010hOHQX/uMftk87
-ay3bfWAfjH1MBcLrARYVmBSO0ZB3Ij/swjm4eTrwSSTilZHcYTSSjFR077F9jAHiOH3BX2pfJLKO
-YheteSCtqx234LSWSE9mQxAGFiQD4eCcjsZGT44ameGPuY4zbGneWK2gDqdkVBFpRGZPTBKnjix9
-xNRbxQA0MMHZmf4yzgeEtE7NCv82TWLxp2NX5Ntqp66/K7nJ5rInieV+mhxNaMbBGN4zK1FGSxyO
-9z0M+Yo0FMT7MzUj8czxKselu7Cizv5Ta01BG2Yospb6p64KTrk5M0ScdMGTHPjgniQlQ/GbI4Kq
-3ywgsNw2TgOzfALU5nsaqocTvz6hdLubDuHAk5/XpGbKuxs74zD0M1mKB3IDVedzagMxbm+WG+Oi
-n6+Sx+31QrclTDsTBM8clq8cIqPQqwWyTBIjUtz9GVsnnB47ev1CI9sjgBPwvFEVVJSmdz7QdFG9
-URQIOTfLHzSpMJ1ShC5VkLG631UAC9hWLbFJSXKAqWLXwPYYEQRVzXR7z2FwefR7LFxckvzluFqr
-TJOVoSfupb7PcSNCupt2LQIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUl0YhVyE12jZVx/PxN3DlCPaTKbYwHwYDVR0jBBgwFoAUl0YhVyE12jZVx/Px
-N3DlCPaTKbYwDQYJKoZIhvcNAQELBQADggIBAB3dAmB84DWn5ph76kTOZ0BP8pNuZtQ5iSas000E
-PLuHIT839HEl2ku6q5aCgZG27dmxpGWX4m9kWaSW7mDKHyP7Rbr/jyTwyqkxf3kfgLMtMrpkZ2Cv
-uVnN35pJ06iCsfmYlIrM4LvgBBuZYLFGZdwIorJGnkSI6pN+VxbSFXJfLkur1J1juONI5f6ELlgK
-n0Md/rcYkoZDSw6cMoYsYPXpSOqV7XAp8dUv/TW0V8/bhUiZucJvbI/NeJWsZCj9VrDDb8O+WVLh
-X4SPgPL0DTatdrOjteFkdjpY3H1PXlZs5VVZV6Xf8YpmMIzUUmI4d7S+KNfKNsSbBfD4Fdvb8e80
-nR14SohWZ25g/4/Ii+GOvUKpMwpZQhISKvqxnUOOBZuZ2mKtVzazHbYNeS2WuOvyDEsMpZTGMKcm
-GS3tTAZQMPH9WD25SxdfGbRqhFS0OE85og2WaMMolP3tLR9Ka0OWLpABEPs4poEL0L9109S5zvE/
-bw4cHjdx5RiHdRk/ULlepEU0rbDK5uUTdg8xFKmOLZTW1YVNcxVPS/KyPu1svf0OnWZzsD2097+o
-4BGkxK51CUpjAEggpsadCwmKtODmzj7HPiY46SvepghJAwSQiumPv+i2tCqjI40cHLI5kqiPAlxA
-OXXUc0ECd97N4EOH1uS6SsNsEn/+KuYj1oxx
+MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
+BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
+MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
+MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
+LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
+ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
+Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
+P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
+oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
+k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
+fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
+gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
+UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
+1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
+bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
+HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
+AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
+dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
+ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
+u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
+erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
+MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
+vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
+Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
+wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
+WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert121.pem b/test/rules/platform_certs/default/cert121.pem
index 71f43a59c75a..682d48f6dca1 100644
--- a/test/rules/platform_certs/default/cert121.pem
+++ b/test/rules/platform_certs/default/cert121.pem
@@ -1,28 +1,15 @@
-OpenTrust Root CA G2
+SSL.com Root Certification Authority ECC
 -----BEGIN CERTIFICATE-----
-MIIFbzCCA1egAwIBAgISESChaRu/vbm9UpaPI+hIvyYRMA0GCSqGSIb3DQEBDQUAMEAxCzAJBgNV
-BAYTAkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEcy
-MB4XDTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoM
-CU9wZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzIwggIiMA0GCSqGSIb3DQEB
-AQUAA4ICDwAwggIKAoICAQDMtlelM5QQgTJT32F+D3Y5z1zCU3UdSXqWON2ic2rxb95eolq5cSG+
-Ntmh/LzubKh8NBpxGuga2F8ORAbtp+Dz0mEL4DKiltE48MLaARf85KxP6O6JHnSrT78eCbY2albz
-4e6WiWYkBuTNQjpK3eCasMSCRbP+yatcfD7J6xcvDH1urqWPyKwlCm/61UWY0jUJ9gNDlP7ZvyCV
-eYCYitmJNbtRG6Q3ffyZO6v/v6wNj0OxmXsWEH4db0fEFY8ElggGQgT4hNYdvJGmQr5J1WqIP7wt
-UdGejeBSzFfdNTVY27SPJIjki9/ca1TSgSuyzpJLHB9G+h3Ykst2Z7UJmQnlrBcUVXDGPKBWCgOz
-3GIZ38i1MH/1PCZ1Eb3XG7OHngevZXHloM8apwkQHZOJZlvoPGIytbU6bumFAYueQ4xncyhZW+vj
-3CzMpSZyYhK05pyDRPZRpOLAeiRXyg6lPzq1O4vldu5w5pLeFlwoW5cZJ5L+epJUzpM5ChaHvGOz
-9bGTXOBut9Dq+WIyiET7vycotjCVXRIouZW+j1MY5aIYFuJWpLIsEPUdN6b4t/bQWVyJ98LVtZR0
-0dX+G7bw5tYee9I8y6jj9RjzIR9u701oBnstXW5DiabA+aC/gh7PU3+06yzbXfZqfUAkBXKJOAGT
-y3HCOV0GEfZvePg3DTmEJwIDAQABo2MwYTAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB
-/zAdBgNVHQ4EFgQUajn6QiL35okATV59M4PLuG53hq8wHwYDVR0jBBgwFoAUajn6QiL35okATV59
-M4PLuG53hq8wDQYJKoZIhvcNAQENBQADggIBAJjLq0A85TMCl38th6aP1F5Kr7ge57tx+4BkJamz
-Gj5oXScmp7oq4fBXgwpkTx4idBvpkF/wrM//T2h6OKQQbA2xx6R3gBi2oihEdqc0nXGEL8pZ0keI
-mUEiyTCYYW49qKgFbdEfwFFEVn8nNQLdXpgKQuswv42hm1GqO+qTRmTFAHneIWv2V6CG1wZy7HBG
-S4tz3aAhdT7cHcCP009zHIXZ/n9iyJVvttN7jLpTwm+bREx50B1ws9efAvSyB7DH5fitIw6mVskp
-EndI2S9G/Tvw/HRwkqWOOAgfZDC2t0v7NqwQjqBSM2OdAzVWxWm9xiNaJ5T2pBL4LTM8oValX9YZ
-6e18CL13zSdkzJTaTkZQh+D5wVOAHrut+0dSixv9ovneDiK3PTNZbNTe9ZUGMg1RGUFcPk8G97kr
-gCf2o6p6fAbhQ8MTOWIaNr3gKC6UAuQpLmBVrkA9sHSSXvAgZJY/X0VdiLWK2gKgW0VU3jg9CcCo
-SmVGFvyqv1ROTVu+OEO3KMqLM6oaJbolXCkvW0pujOotnCr2BXbgd5eAiN1nE28daCSLT7d0geX0
-YJ96Vdc+N9oWaz53rK4YcJUIeSkDiv7BO7M/Gg+kO14fWKGVyasvc0rQLW6aWQ9VGHgtPFGml4vm
-u7JwqkwR3v98KzfUetF3NI/n+UL3PIEMS1IK
+MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
+BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
+MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
+BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
+bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
+BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
+8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
+hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
+jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
+e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
+5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert122.pem b/test/rules/platform_certs/default/cert122.pem
index 47719b2f2c9a..7ca1878bdb7e 100644
--- a/test/rules/platform_certs/default/cert122.pem
+++ b/test/rules/platform_certs/default/cert122.pem
@@ -1,13 +1,30 @@
-OpenTrust Root CA G3
+SSL.com EV Root Certification Authority RSA R2
 -----BEGIN CERTIFICATE-----
-MIICITCCAaagAwIBAgISESDm+Ez8JLC+BUCs2oMbNGA/MAoGCCqGSM49BAMDMEAxCzAJBgNVBAYT
-AkZSMRIwEAYDVQQKDAlPcGVuVHJ1c3QxHTAbBgNVBAMMFE9wZW5UcnVzdCBSb290IENBIEczMB4X
-DTE0MDUyNjAwMDAwMFoXDTM4MDExNTAwMDAwMFowQDELMAkGA1UEBhMCRlIxEjAQBgNVBAoMCU9w
-ZW5UcnVzdDEdMBsGA1UEAwwUT3BlblRydXN0IFJvb3QgQ0EgRzMwdjAQBgcqhkjOPQIBBgUrgQQA
-IgNiAARK7liuTcpm3gY6oxH84Bjwbhy6LTAMidnW7ptzg6kjFYwvWYpa3RTqnVkrQ7cG7DK2uu5B
-ta1doYXM6h0UZqNnfkbilPPntlahFVmhTzeXuSIevRHr9LIfXsMUmuXZl5mjYzBhMA4GA1UdDwEB
-/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAf
-BgNVHSMEGDAWgBRHd8MUi2I5DMlv4VBN0BBY3JWIbTAKBggqhkjOPQQDAwNpADBmAjEAj6jcnboM
-BBf6Fek9LykBl7+BFjNAk2z8+e2AcG+qj9uEwov1NcoG3GRvaBbhj5G5AjEA2Euly8LQCGzpGPta
-3U1fJAuwACEl74+nBCZx4nxp5V2a+EEfOzmTk51V6s2N8fvB
+MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
+DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
+MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
+MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
+DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
+VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
+BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
+hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
+cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
+Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
+B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
+CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
+9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
+RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
+JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
++qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
+HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
+qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
+++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
+Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
+guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
+OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
+CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
+lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
+rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
+hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
+9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert123.pem b/test/rules/platform_certs/default/cert123.pem
index 1ce7bf748394..d6148cd711c0 100644
--- a/test/rules/platform_certs/default/cert123.pem
+++ b/test/rules/platform_certs/default/cert123.pem
@@ -1,28 +1,15 @@
-ISRG Root X1
+SSL.com EV Root Certification Authority ECC
 -----BEGIN CERTIFICATE-----
-MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAwTzELMAkGA1UE
-BhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2VhcmNoIEdyb3VwMRUwEwYDVQQD
-EwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQG
-EwJVUzEpMCcGA1UEChMgSW50ZXJuZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMT
-DElTUkcgUm9vdCBYMTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54r
-Vygch77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+0TM8ukj1
-3Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6UA5/TR5d8mUgjU+g4rk8K
-b4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sWT8KOEUt+zwvo/7V3LvSye0rgTBIlDHCN
-Aymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyHB5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ
-4Q7e2RCOFvu396j3x+UCB5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf
-1b0SHzUvKBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWnOlFu
-hjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTnjh8BCNAw1FtxNrQH
-usEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbwqHyGO0aoSCqI3Haadr8faqU9GY/r
-OPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CIrU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4G
-A1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY
-9umbbjANBgkqhkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
-ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ3BebYhtF8GaV
-0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KKNFtY2PwByVS5uCbMiogziUwt
-hDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJw
-TdwJx4nLCgdNbOhdjsnvzqvHu7UrTkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nx
-e5AW0wdeRlN8NwdCjNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZA
-JzVcoyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq4RgqsahD
-YVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPAmRGunUHBcnWEvgJBQl9n
-JEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57demyPxgcYxn/eR44/KJ4EBs+lVDR3veyJ
-m+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
+BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
+BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
+MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
+EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
+LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
+BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
+3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
+BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
+5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
+N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
+m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert124.pem b/test/rules/platform_certs/default/cert124.pem
index a0a7df1fbdc5..d35f07211e31 100644
--- a/test/rules/platform_certs/default/cert124.pem
+++ b/test/rules/platform_certs/default/cert124.pem
@@ -1,28 +1,28 @@
-AC RAIZ FNMT-RCM
+GlobalSign Root CA - R6
 -----BEGIN CERTIFICATE-----
-MIIFgzCCA2ugAwIBAgIPXZONMGc2yAYdGsdUhGkHMA0GCSqGSIb3DQEBCwUAMDsxCzAJBgNVBAYT
-AkVTMREwDwYDVQQKDAhGTk1ULVJDTTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTAeFw0wODEw
-MjkxNTU5NTZaFw0zMDAxMDEwMDAwMDBaMDsxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJD
-TTEZMBcGA1UECwwQQUMgUkFJWiBGTk1ULVJDTTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBALpxgHpMhm5/yBNtwMZ9HACXjywMI7sQmkCpGreHiPibVmr75nuOi5KOpyVdWRHbNi63URcf
-qQgfBBckWKo3Shjf5TnUV/3XwSyRAZHiItQDwFj8d0fsjz50Q7qsNI1NOHZnjrDIbzAzWHFctPVr
-btQBULgTfmxKo0nRIBnuvMApGGWn3v7v3QqQIecaZ5JCEJhfTzC8PhxFtBDXaEAUwED653cXeuYL
-j2VbPNmaUtu1vZ5Gzz3rkQUCwJaydkxNEJY7kvqcfw+Z374jNUUeAlz+taibmSXaXvMiwzn15Cou
-08YfxGyqxRxqAQVKL9LFwag0Jl1mpdICIfkYtwb1TplvqKtMUejPUBjFd8g5CSxJkjKZqLsXF3mw
-WsXmo8RZZUc1g16p6DULmbvkzSDGm0oGObVo/CK67lWMK07q87Hj/LaZmtVC+nFNCM+HHmpxffnT
-tOmlcYF7wk5HlqX2doWjKI/pgG6BU6VtX7hI+cL5NqYuSf+4lsKMB7ObiFj86xsc3i1w4peSMKGJ
-47xVqCfWS+2QrYv6YyVZLag13cqXM7zlzced0ezvXg5KkAYmY6252TUtB7p2ZSysV4999AeU14EC
-ll2jB0nVetBX+RvnU0Z1qrB5QstocQjpYL05ac70r8NWQMetUqIJ5G+GR4of6ygnXYMgrwTJbFaa
-i0b1AgMBAAGjgYMwgYAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE
-FPd9xf3E6Jobd2Sn9R2gzL+HYJptMD4GA1UdIAQ3MDUwMwYEVR0gADArMCkGCCsGAQUFBwIBFh1o
-dHRwOi8vd3d3LmNlcnQuZm5tdC5lcy9kcGNzLzANBgkqhkiG9w0BAQsFAAOCAgEAB5BK3/MjTvDD
-nFFlm5wioooMhfNzKWtN/gHiqQxjAb8EZ6WdmF/9ARP67Jpi6Yb+tmLSbkyU+8B1RXxlDPiyN8+s
-D8+Nb/kZ94/sHvJwnvDKuO+3/3Y3dlv2bojzr2IyIpMNOmqOFGYMLVN0V2Ue1bLdI4E7pWYjJ2cJ
-j+F3qkPNZVEI7VFY/uY5+ctHhKQV8Xa7pO6kO8Rf77IzlhEYt8llvhjho6Tc+hj507wTmzl6NLrT
-Qfv6MooqtyuGC2mDOL7Nii4LcK2NJpLuHvUBKwrZ1pebbuCoGRw6IYsMHkCtA+fdZn71uSANA+iW
-+YJF1DngoABd15jmfZ5nc8OaKveri6E6FO80vFIOiZiaBECEHX5FaZNXzuvO+FB8TxxuBEOb+dY7
-Ixjp6o7RTUaN8Tvkasq6+yO3m/qZASlaWFot4/nUbQ4mrcFuNLwy+AwF+mWj2zs3gyLp1txyM/1d
-8iC9djwj2ij3+RvrWWTV3F9yfiD8zYm1kGdNYno/Tq0dwzn+evQoFt9B9kiABdcPUXmsEKvU7ANm
-5mqwujGSQkBqvjrTcuFqN1W8rB2Vt2lh8kORdOag0wokRqEIr9baRRmW1FMdW4R58MD3R++Lj8UG
-rp1MYp3/RgT408m2ECVAdf4WqslKYIYvuu8wd+RU4riEmViAqhOLUTpPSPaLtrM=
+MIIFgzCCA2ugAwIBAgIORea7A4Mzw4VlSOb/RVEwDQYJKoZIhvcNAQEMBQAwTDEgMB4GA1UECxMX
+R2xvYmFsU2lnbiBSb290IENBIC0gUjYxEzARBgNVBAoTCkdsb2JhbFNpZ24xEzARBgNVBAMTCkds
+b2JhbFNpZ24wHhcNMTQxMjEwMDAwMDAwWhcNMzQxMjEwMDAwMDAwWjBMMSAwHgYDVQQLExdHbG9i
+YWxTaWduIFJvb3QgQ0EgLSBSNjETMBEGA1UEChMKR2xvYmFsU2lnbjETMBEGA1UEAxMKR2xvYmFs
+U2lnbjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAJUH6HPKZvnsFMp7PPcNCPG0RQss
+grRIxutbPK6DuEGSMxSkb3/pKszGsIhrxbaJ0cay/xTOURQh7ErdG1rG1ofuTToVBu1kZguSgMpE
+3nOUTvOniX9PeGMIyBJQbUJmL025eShNUhqKGoC3GYEOfsSKvGRMIRxDaNc9PIrFsmbVkJq3MQbF
+vuJtMgamHvm566qjuL++gmNQ0PAYid/kD3n16qIfKtJwLnvnvJO7bVPiSHyMEAc4/2ayd2F+4OqM
+PKq0pPbzlUoSB239jLKJz9CgYXfIWHSw1CM69106yqLbnQneXUQtkPGBzVeS+n68UARjNN9rkxi+
+azayOeSsJDa38O+2HBNXk7besvjihbdzorg1qkXy4J02oW9UivFyVm4uiMVRQkQVlO6jxTiWm05O
+WgtH8wY2SXcwvHE35absIQh1/OZhFj931dmRl4QKbNQCTXTAFO39OfuD8l4UoQSwC+n+7o/hbguy
+CLNhZglqsQY6ZZZZwPA1/cnaKI0aEYdwgQqomnUdnjqGBQCe24DWJfncBZ4nWUx2OVvq+aWh2IMP
+0f/fMBH5hc8zSPXKbWQULHpYT9NLCEnFlWQaYw55PfWzjMpYrZxCRXluDocZXFSxZba/jJvcE+kN
+b7gu3GduyYsRtYQUigAZcIN5kZeR1BonvzceMgfYFGM8KEyvAgMBAAGjYzBhMA4GA1UdDwEB/wQE
+AwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSubAWjkxPioufi1xzWx/B/yGdToDAfBgNV
+HSMEGDAWgBSubAWjkxPioufi1xzWx/B/yGdToDANBgkqhkiG9w0BAQwFAAOCAgEAgyXt6NH9lVLN
+nsAEoJFp5lzQhN7craJP6Ed41mWYqVuoPId8AorRbrcWc+ZfwFSY1XS+wc3iEZGtIxg93eFyRJa0
+lV7Ae46ZeBZDE1ZXs6KzO7V33EByrKPrmzU+sQghoefEQzd5Mr6155wsTLxDKZmOMNOsIeDjHfrY
+BzN2VAAiKrlNIC5waNrlU/yDXNOd8v9EDERm8tLjvUYAGm0CuiVdjaExUd1URhxN25mW7xocBFym
+Fe944Hn+Xds+qkxV/ZoVqW/hpvvfcDDpw+5CRu3CkwWJ+n1jez/QcYF8AOiYrg54NMMl+68KnyBr
+3TsTjxKM4kEaSHpzoHdpx7Zcf4LIHv5YGygrqGytXm3ABdJ7t+uA/iU3/gKbaKxCXcPu9czc8FB1
+0jZpnOZ7BN9uBmm23goJSFmH63sUYHpkqmlD75HHTOwY3WzvUy2MmeFe8nI+z1TIvWfspA9MRf/T
+uTAjB0yPEL+GltmZWrSZVxykzLsViVO6LAUP5MSeGbEYNNVMnbrt9x+vJJUEeKgDu+6B5dpffItK
+oZB0JaezPkvILFa9x8jvOOJckvB595yEunQtYQEgfn7R8k8HWV+LLUNS60YMlOH1Zkd5d9VUWx+t
+JDfLRVpOoERIyNiwmcUVhAn21klJwGW45hpxbqCo8YLoRT5s1gLXCmeDBVrJpBA=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert125.pem b/test/rules/platform_certs/default/cert125.pem
index 1a2778910e94..53e930be20ca 100644
--- a/test/rules/platform_certs/default/cert125.pem
+++ b/test/rules/platform_certs/default/cert125.pem
@@ -1,18 +1,14 @@
-Amazon Root CA 1
+OISTE WISeKey Global Root GC CA
 -----BEGIN CERTIFICATE-----
-MIIDQTCCAimgAwIBAgITBmyfz5m/jAo54vB4ikPmljZbyjANBgkqhkiG9w0BAQsFADA5MQswCQYD
-VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAxMB4XDTE1
-MDUyNjAwMDAwMFoXDTM4MDExNzAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
-bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
-ggEBALJ4gHHKeNXjca9HgFB0fW7Y14h29Jlo91ghYPl0hAEvrAIthtOgQ3pOsqTQNroBvo3bSMgH
-FzZM9O6II8c+6zf1tRn4SWiw3te5djgdYZ6k/oI2peVKVuRF4fn9tBb6dNqcmzU5L/qwIFAGbHrQ
-gLKm+a/sRxmPUDgH3KKHOVj4utWp+UhnMJbulHheb4mjUcAwhmahRWa6VOujw5H5SNz/0egwLX0t
-dHA114gk957EWW67c4cX8jJGKLhD+rcdqsq08p8kDi1L93FcXmn/6pUCyziKrlA4b9v7LWIbxcce
-VOF34GfID5yHI9Y/QCB/IIDEgEw+OyQmjgSubJrIqg0CAwEAAaNCMEAwDwYDVR0TAQH/BAUwAwEB
-/zAOBgNVHQ8BAf8EBAMCAYYwHQYDVR0OBBYEFIQYzIU07LwMlJQuCFmcx7IQTgoIMA0GCSqGSIb3
-DQEBCwUAA4IBAQCY8jdaQZChGsV2USggNiMOruYou6r4lK5IpDB/G/wkjUu0yKGX9rbxenDIU5PM
-CCjjmCXPI6T53iHTfIUJrU6adTrCC2qJeHZERxhlbI1Bjjt/msv0tadQ1wUsN+gDS63pYaACbvXy
-8MWy7Vu33PqUXHeeE6V/Uq2V8viTO96LXFvKWlJbYK8U90vvo/ufQJVtMVT8QtPHRh8jrdkPSHCa
-2XV4cdFyQzR1bldZwgJcJmApzyMZFo6IQ6XU5MsI+yMRQ+hDKXJioaldXgjUkK642M4UwtBV8ob2
-xJNDd2ZhwLnoQdeXeGADbkpyrqXRfboQnoZsG4q5WTP468SQvvG5
+MIICaTCCAe+gAwIBAgIQISpWDK7aDKtARb8roi066jAKBggqhkjOPQQDAzBtMQswCQYDVQQGEwJD
+SDEQMA4GA1UEChMHV0lTZUtleTEiMCAGA1UECxMZT0lTVEUgRm91bmRhdGlvbiBFbmRvcnNlZDEo
+MCYGA1UEAxMfT0lTVEUgV0lTZUtleSBHbG9iYWwgUm9vdCBHQyBDQTAeFw0xNzA1MDkwOTQ4MzRa
+Fw00MjA1MDkwOTU4MzNaMG0xCzAJBgNVBAYTAkNIMRAwDgYDVQQKEwdXSVNlS2V5MSIwIAYDVQQL
+ExlPSVNURSBGb3VuZGF0aW9uIEVuZG9yc2VkMSgwJgYDVQQDEx9PSVNURSBXSVNlS2V5IEdsb2Jh
+bCBSb290IEdDIENBMHYwEAYHKoZIzj0CAQYFK4EEACIDYgAETOlQwMYPchi82PG6s4nieUqjFqdr
+VCTbUf/q9Akkwwsin8tqJ4KBDdLArzHkdIJuyiXZjHWd8dvQmqJLIX4Wp2OQ0jnUsYd4XxiWD1Ab
+NTcPasbc2RNNpI6QN+a9WzGRo1QwUjAOBgNVHQ8BAf8EBAMCAQYwDwYDVR0TAQH/BAUwAwEB/zAd
+BgNVHQ4EFgQUSIcUrOPDnpBgOtfKie7TrYy0UGYwEAYJKwYBBAGCNxUBBAMCAQAwCgYIKoZIzj0E
+AwMDaAAwZQIwJsdpW9zV57LnyAyMjMPdeYwbY9XJUpROTYJKcx6ygISpJcBMWm1JKWB4E+J+SOtk
+AjEA2zQgMgj/mkkCtojeFK9dbJlxjRo/i9fgojaGHAeCOnZT/cKi7e97sIBPWA9LUzm9
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert126.pem b/test/rules/platform_certs/default/cert126.pem
index 449d424d86b1..e3bdabc17ee2 100644
--- a/test/rules/platform_certs/default/cert126.pem
+++ b/test/rules/platform_certs/default/cert126.pem
@@ -1,27 +1,28 @@
-Amazon Root CA 2
+GTS Root R1
 -----BEGIN CERTIFICATE-----
-MIIFQTCCAymgAwIBAgITBmyf0pY1hp8KD+WGePhbJruKNzANBgkqhkiG9w0BAQwFADA5MQswCQYD
-VQQGEwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAyMB4XDTE1
-MDUyNjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpv
-bjEZMBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMjCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoC
-ggIBAK2Wny2cSkxKgXlRmeyKy2tgURO8TW0G/LAIjd0ZEGrHJgw12MBvIITplLGbhQPDW9tK6Mj4
-kHbZW0/jTOgGNk3Mmqw9DJArktQGGWCsN0R5hYGCrVo34A3MnaZMUnbqQ523BNFQ9lXg1dKmSYXp
-N+nKfq5clU1Imj+uIFptiJXZNLhSGkOQsL9sBbm2eLfq0OQ6PBJTYv9K8nu+NQWpEjTj82R0Yiw9
-AElaKP4yRLuH3WUnAnE72kr3H9rN9yFVkE8P7K6C4Z9r2UXTu/Bfh+08LDmG2j/e7HJV63mjrdvd
-fLC6HM783k81ds8P+HgfajZRRidhW+mez/CiVX18JYpvL7TFz4QuK/0NURBs+18bvBt+xa47mAEx
-kv8LV/SasrlX6avvDXbR8O70zoan4G7ptGmh32n2M8ZpLpcTnqWHsFcQgTfJU7O7f/aS0ZzQGPSS
-btqDT6ZjmUyl+17vIWR6IF9sZIUVyzfpYgwLKhbcAS4y2j5L9Z469hdAlO+ekQiG+r5jqFoz7Mt0
-Q5X5bGlSNscpb/xVA1wf+5+9R+vnSUeVC06JIglJ4PVhHvG/LopyboBZ/1c6+XUyo05f7O0oYtlN
-c/LMgRdg7c3r3NunysV+Ar3yVAhU/bQtCSwXVEqY0VThUWcI0u1ufm8/0i2BWSlmy5A5lREedCf+
-3euvAgMBAAGjQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSw
-DPBMMPQFWAJI/TPlUq9LhONmUjANBgkqhkiG9w0BAQwFAAOCAgEAqqiAjw54o+Ci1M3m9Zh6O+oA
-A7CXDpO8Wqj2LIxyh6mx/H9z/WNxeKWHWc8w4Q0QshNabYL1auaAn6AFC2jkR2vHat+2/XcycuUY
-+gn0oJMsXdKMdYV2ZZAMA3m3MSNjrXiDCYZohMr/+c8mmpJ5581LxedhpxfL86kSk5Nrp+gvU5LE
-YFiwzAJRGFuFjWJZY7attN6a+yb3ACfAXVU3dJnJUH/jWS5E4ywl7uxMMne0nxrpS10gxdr9HIcW
-xkPo1LsmmkVwXqkLN1PiRnsn/eBG8om3zEK2yygmbtmlyTrIQRNg91CMFa6ybRoVGld45pIq2WWQ
-gj9sAq+uEjonljYE1x2igGOpm/HlurR8FLBOybEfdF849lHqm/osohHUqS0nGkWxr7JOcQ3AWEbW
-aQbLU8uz/mtBzUF+fUwPfHJ5elnNXkoOrJupmHN5fLT0zLm4BwyydFy4x2+IoZCn9Kr5v2c69BoV
-Yh63n749sSmvZ6ES8lgQGVMDMBu4Gon2nL2XA46jCfMdiyHxtN/kHNGfZQIG6lzWE7OE76KlXIx3
-KadowGuuQNKotOrN8I1LOJwZmhsoVLiJkO/KdYE+HvJkJMcYr07/R54H9jVlpNMKVv/1F2Rs76gi
-JUmTtt8AF9pYfl3uxRuw0dFfIRDH+fO6AgonB8Xx1sfT4PsJYGw=
+MIIFWjCCA0KgAwIBAgIQbkepxUtHDA3sM9CJuRz04TANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG
+EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv
+b3QgUjEwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG
+A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjEwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQC2EQKLHuOhd5s73L+UPreVp0A8of2C+X0yBoJx
+9vaMf/vo27xqLpeXo4xL+Sv2sfnOhB2x+cWX3u+58qPpvBKJXqeqUqv4IyfLpLGcY9vXmX7wCl7r
+aKb0xlpHDU0QM+NOsROjyBhsS+z8CZDfnWQpJSMHobTSPS5g4M/SCYe7zUjwTcLCeoiKu7rPWRnW
+r4+wB7CeMfGCwcDfLqZtbBkOtdh+JhpFAz2weaSUKK0PfyblqAj+lug8aJRT7oM6iCsVlgmy4HqM
+LnXWnOunVmSPlk9orj2XwoSPwLxAwAtcvfaHszVsrBhQf4TgTM2S0yDpM7xSma8ytSmzJSq0SPly
+4cpk9+aCEI3oncKKiPo4Zor8Y/kB+Xj9e1x3+naH+uzfsQ55lVe0vSbv1gHR6xYKu44LtcXFilWr
+06zqkUspzBmkMiVOKvFlRNACzqrOSbTqn3yDsEB750Orp2yjj32JgfpMpf/VjsPOS+C12LOORc92
+wO1AK/1TD7Cn1TsNsYqiA94xrcx36m97PtbfkSIS5r762DL8EGMUUXLeXdYWk70paDPvOmbsB4om
+3xPXV2V4J95eSRQAogB/mqghtqmxlbCluQ0WEdrHbEg8QOB+DVrNVjzRlwW5y0vtOUucxD/SVRNu
+JLDWcfr0wbrM7Rv1/oFB2ACYPTrIrnqYNxgFlQIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQU5K8rJnEaK0gnhS9SZizv8IkTcT4wDQYJKoZIhvcNAQEM
+BQADggIBADiWCu49tJYeX++dnAsznyvgyv3SjgofQXSlfKqE1OXyHuY3UjKcC9FhHb8owbZEKTV1
+d5iyfNm9dKyKaOOpMQkpAWBz40d8U6iQSifvS9efk+eCNs6aaAyC58/UEBZvXw6ZXPYfcX3v73sv
+fuo21pdwCxXu11xWajOl40k4DLh9+42FpLFZXvRq4d2h9mREruZRgyFmxhE+885H7pwoHyXa/6xm
+ld01D1zvICxi/ZG6qcz8WpyTgYMpl0p8WnK0OdC3d8t5/Wk6kjftbjhlRn7pYL15iJdfOBL07q9b
+gsiG1eGZbYwE8na6SfZu6W0eX6DvJ4J2QPim01hcDyxC2kLGe4g0x8HYRZvBPsVhHdljUEn2NIVq
+4BjFbkerQUIpm/ZgDdIx02OYI5NaAIFItO/Nis3Jz5nu2Z6qNuFoS3FJFDYoOj0dzpqPJeaAcWEr
+tXvM+SUWgeExX6GjfhaknBZqlxi9dnKlC54dNuYvoS++cJEPqOba+MSSQGwlfnuzCdyyF62ARPBo
+pY+Udf90WuioAnwMCeKpSwughQtiue+hMZL77/ZRBIls6Kl0obsXs7X9SQ98POyDGCBDTtWTurQ0
+sR8WNh8M5mQ5Fkzc4P4dyKliPUDqysU0ArSuiYgzNdwsE3PYJ/HQcu51OyLemGhmW/HGY0dVHLql
+CFF1pkgl
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert127.pem b/test/rules/platform_certs/default/cert127.pem
index 1254c66d4b3a..ee03650a975a 100644
--- a/test/rules/platform_certs/default/cert127.pem
+++ b/test/rules/platform_certs/default/cert127.pem
@@ -1,11 +1,28 @@
-Amazon Root CA 3
+GTS Root R2
 -----BEGIN CERTIFICATE-----
-MIIBtjCCAVugAwIBAgITBmyf1XSXNmY/Owua2eiedgPySjAKBggqhkjOPQQDAjA5MQswCQYDVQQG
-EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSAzMB4XDTE1MDUy
-NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
-MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgMzBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABCmXp8ZB
-f8ANm+gBG1bG8lKlui2yEujSLtf6ycXYqm0fc4E7O5hrOXwzpcVOho6AF2hiRVd9RFgdszflZwjr
-Zt6jQjBAMA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMB0GA1UdDgQWBBSrttvXBp43
-rDCGB5Fwx5zEGbF4wDAKBggqhkjOPQQDAgNJADBGAiEA4IWSoxe3jfkrBqWTrBqYaGFy+uGh0Psc
-eGCmQ5nFuMQCIQCcAu/xlJyzlvnrxir4tiz+OpAUFteMYyRIHN8wfdVoOw==
+MIIFWjCCA0KgAwIBAgIQbkepxlqz5yDFMJo/aFLybzANBgkqhkiG9w0BAQwFADBHMQswCQYDVQQG
+EwJVUzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJv
+b3QgUjIwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAG
+A1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjIwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQDO3v2m++zsFDQ8BwZabFn3GTXd98GdVarTzTuk
+k3LvCvptnfbwhYBboUhSnznFt+4orO/LdmgUud+tAWyZH8QiHZ/+cnfgLFuv5AS/T3KgGjSY6Dlo
+7JUle3ah5mm5hRm9iYz+re026nO8/4Piy33B0s5Ks40FnotJk9/BW9BuXvAuMC6C/Pq8tBcKSOWI
+m8Wba96wyrQD8Nr0kLhlZPdcTK3ofmZemde4wj7I0BOdre7kRXuJVfeKH2JShBKzwkCX44ofR5Gm
+dFrS+LFjKBC4swm4VndAoiaYecb+3yXuPuWgf9RhD1FLPD+M2uFwdNjCaKH5wQzpoeJ/u1U8dgbu
+ak7MkogwTZq9TwtImoS1mKPV+3PBV2HdKFZ1E66HjucMUQkQdYhMvI35ezzUIkgfKtzra7tEscsz
+cTJGr61K8YzodDqs5xoic4DSMPclQsciOzsSrZYuxsN2B6ogtzVJV+mSSeh2FnIxZyuWfoqjx5RW
+Ir9qS34BIbIjMt/kmkRtWVtd9QCgHJvGeJeNkP+byKq0rxFROV7Z+2et1VsRnTKaG73Vululycsl
+aVNVJ1zgyjbLiGH7HrfQy+4W+9OmTN6SpdTi3/UGVN4unUu0kzCqgc7dGtxRcw1PcOnlthYhGXmy
+5okLdWTK1au8CcEYof/UVKGFPP0UJAOyh9OktwIDAQABo0IwQDAOBgNVHQ8BAf8EBAMCAQYwDwYD
+VR0TAQH/BAUwAwEB/zAdBgNVHQ4EFgQUu//KjiOfT5nK2+JopqUVJxce2Q4wDQYJKoZIhvcNAQEM
+BQADggIBALZp8KZ3/p7uC4Gt4cCpx/k1HUCCq+YEtN/L9x0Pg/B+E02NjO7jMyLDOfxA325BS0JT
+vhaI8dI4XsRomRyYUpOM52jtG2pzegVATX9lO9ZY8c6DR2Dj/5epnGB3GFW1fgiTz9D2PGcDFWEJ
++YF59exTpJ/JjwGLc8R3dtyDovUMSRqodt6Sm2T4syzFJ9MHwAiApJiS4wGWAqoC7o87xdFtCjMw
+c3i5T1QWvwsHoaRc5svJXISPD+AVdyx+Jn7axEvbpxZ3B7DNdehyQtaVhJ2Gg/LkkM0JR9SLA3Da
+WsYDQvTtN6LwG1BUSw7YhN4ZKJmBR64JGz9I0cNv4rBgF/XuIwKl2gBbbZCr7qLpGzvpx0QnRY5r
+n/WkhLx3+WuXrD5RRaIRpsyF7gpo8j5QOHokYh4XIDdtak23CZvJ/KRY9bb7nE4Yu5UC56Gtmwfu
+Nmsk0jmGwZODUNKBRqhfYlcsu2xkiAhu7xNUX90txGdj08+JN7+dIPT7eoOboB6BAFDC5AwiWVIQ
+7UNWhwD4FFKnHYuTjKJNRn8nxnGbJN7k2oaLDX5rIMHAnuFl2GqjpuiFizoHCBy69Y9Vmhh1fuXs
+gWbRIXOhNUQLgD1bnF5vKheW0YMjiGZt5obicDIvUiLnyOd/xCxgXS/Dr55FBcOEArf9LAhST4Ld
+o/DUhgkC
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert128.pem b/test/rules/platform_certs/default/cert128.pem
index 5473fcd441b4..41e3202bf72c 100644
--- a/test/rules/platform_certs/default/cert128.pem
+++ b/test/rules/platform_certs/default/cert128.pem
@@ -1,12 +1,13 @@
-Amazon Root CA 4
+GTS Root R3
 -----BEGIN CERTIFICATE-----
-MIIB8jCCAXigAwIBAgITBmyf18G7EEwpQ+Vxe3ssyBrBDjAKBggqhkjOPQQDAzA5MQswCQYDVQQG
-EwJVUzEPMA0GA1UEChMGQW1hem9uMRkwFwYDVQQDExBBbWF6b24gUm9vdCBDQSA0MB4XDTE1MDUy
-NjAwMDAwMFoXDTQwMDUyNjAwMDAwMFowOTELMAkGA1UEBhMCVVMxDzANBgNVBAoTBkFtYXpvbjEZ
-MBcGA1UEAxMQQW1hem9uIFJvb3QgQ0EgNDB2MBAGByqGSM49AgEGBSuBBAAiA2IABNKrijdPo1MN
-/sGKe0uoe0ZLY7Bi9i0b2whxIdIA6GO9mif78DluXeo9pcmBqqNbIJhFXRbb/egQbeOc4OO9X4Ri
-83BkM6DLJC9wuoihKqB1+IGuYgbEgds5bimwHvouXKNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNV
-HQ8BAf8EBAMCAYYwHQYDVR0OBBYEFNPsxzplbszh2naaVvuc84ZtV+WBMAoGCCqGSM49BAMDA2gA
-MGUCMDqLIfG9fhGt0O9Yli/W651+kI0rz2ZVwyzjKKlwCkcO8DdZEv8tmZQoTipPNU0zWgIxAOp1
-AE47xDqUEpHJWEadIRNyp4iciuRMStuW1KyLa2tJElMzrdfkviT8tQp21KW8EA==
+MIICDDCCAZGgAwIBAgIQbkepx2ypcyRAiQ8DVd2NHTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjMwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjMwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAAQfTzOHMymKoYTey8chWEGJ6ladK0uFxh1MJ7x/JlFyb+Kf1qPKzEUU
+Rout736GjOyxfi//qXGdGIRFBEFVbivqJn+7kAHjSxm65FSWRQmx1WyRRK2EE46ajA2ADDL24Cej
+QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBTB8Sa6oC2uhYHP
+0/EqEr24Cmf9vDAKBggqhkjOPQQDAwNpADBmAjEAgFukfCPAlaUs3L6JbyO5o91lAFJekazInXJ0
+glMLfalAvWhgxeG4VDvBNhcl2MG9AjEAnjWSdIUlUfUk7GRSJFClH9voy8l27OyCbvWFGFPouOOa
+KaqW04MjyaR7YbPMAuhd
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert129.pem b/test/rules/platform_certs/default/cert129.pem
index 95096f8043a7..18d2d1950a27 100644
--- a/test/rules/platform_certs/default/cert129.pem
+++ b/test/rules/platform_certs/default/cert129.pem
@@ -1,29 +1,13 @@
-LuxTrust Global Root 2
+GTS Root R4
 -----BEGIN CERTIFICATE-----
-MIIFwzCCA6ugAwIBAgIUCn6m30tEntpqJIWe5rgV0xZ/u7EwDQYJKoZIhvcNAQELBQAwRjELMAkG
-A1UEBhMCTFUxFjAUBgNVBAoMDUx1eFRydXN0IFMuQS4xHzAdBgNVBAMMFkx1eFRydXN0IEdsb2Jh
-bCBSb290IDIwHhcNMTUwMzA1MTMyMTU3WhcNMzUwMzA1MTMyMTU3WjBGMQswCQYDVQQGEwJMVTEW
-MBQGA1UECgwNTHV4VHJ1c3QgUy5BLjEfMB0GA1UEAwwWTHV4VHJ1c3QgR2xvYmFsIFJvb3QgMjCC
-AiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBANeFl78RmOnwYoNMPIf5U2o3C/IPPIfOb9wm
-Kb3FibrJgz337spbxm1Jc7TJRqMbNBM/wYlFV/TZsfs2ZUv7COJIcRHIbjuend+JZTemhfY7RBi2
-xjcwYkSSl2l9QjAk5A0MiWtj3sXh306pFGxT4GHO9hcvHTy95iJMHZP1EMShduxq3sVs35a0VkBC
-wGKSMKEtFZSg0iAGCW5qbeXrt77U8PEVfIvmTroTzEsnXpk8F12PgX8zPU/TPxvsXD/wPEx1bvKm
-1Z3aLQdjAsZy6ZS8TEmVT4hSyNvoaYL4zDRbIvCGp4m9SAptZoFtyMhk+wHh9OHe2Z7d21vUKpkm
-FRseTJIpgp7VkoGSQXAZ96Tlk0u8d2cx3Rz9MXANF5kM+Qw5GSoXtTBxVdUPrljhPS80m8+f9niF
-wpN6cj5mj5wWEWCPnolvZ77gR1o7DJpni89Gxq44o/KnvObWhWszJHAiS8sIm7vI+AIpHb4gDEa/
-a4ebsypmQjVGbKq6rfmYe+lQVRQxv7HaLe2ArWgk+2mr2HETMOZns4dA/Yl+8kPREd8vZS9kzl8U
-ubG/Mb2HeFpZZYiq/FkySIbWTLkpS5XTdvN3JW1CHDiDTf2jX5t/Lax5Gw5CMZdjpPuKadUiDTSQ
-MC6otOBttpSsvItO13D8xTiOZCXhTTmQzsmHhFhxAgMBAAGjgagwgaUwDwYDVR0TAQH/BAUwAwEB
-/zBCBgNVHSAEOzA5MDcGByuBKwEBAQowLDAqBggrBgEFBQcCARYeaHR0cHM6Ly9yZXBvc2l0b3J5
-Lmx1eHRydXN0Lmx1MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBT/GCh2+UgFLKGu8SsbK7JT
-+Et8szAdBgNVHQ4EFgQU/xgodvlIBSyhrvErGyuyU/hLfLMwDQYJKoZIhvcNAQELBQADggIBAGoZ
-FO1uecEsh9QNcH7X9njJCwROxLHOk3D+sFTAMs2ZMGQXvw/l4jP9BzZAcg4atmpZ1gDlaCDdLnIN
-H2pkMSCEfUmmWjfrRcmF9dTHF5kH5ptV5AzoqbTOjFu1EVzPig4N1qx3gf4ynCSecs5U89BvolbW
-7MM3LGVYvlcAGvI1+ut7MV3CwRI9loGIlonBWVx65n9wNOeD4rHh4bhY79SV5GCc8JaXcozrhAIu
-ZY+kt9J/Z93I055cqqmkoCUUBpvsT34tC38ddfEz2O3OuHVtPlu5mB0xDVbYQw8wkbIEa91WvpWA
-VWe+2M2D2RjuLg+GLZKecBPs3lHJQ3gCpU3I+V/EkVhGFndadKpAvAefMLmx9xIX3eP/JEAdemrR
-TxgKqpAd60Ae36EeRJIQmvKN4dFLRp7oRUKX6kWZ8+xm1QL68qZKJKrezrnK+T+Tb/mjuuqlPpmt
-/f97mfVl7vBZKGfXkJWkE4SphMHozs51k2MavDzq1WQfLSoSOcbDWjLtR5EWDrw4wVDej8oqkDQc
-7kGUnF4ZLvhFSZl0kbAEb+MEWrGrKqv+x9CWttrhSmQGbmBNvUJO/3jaJMobtNeWOWyu8Q6qp31I
-iyBMz2TWuJdGsE7RKlY6oJO9r4Ak4Ap+58rVyuiFVdw2KuGUaJPHZnJED4AhMmwlxyOAgwrr
+MIICCjCCAZGgAwIBAgIQbkepyIuUtui7OyrYorLBmTAKBggqhkjOPQQDAzBHMQswCQYDVQQGEwJV
+UzEiMCAGA1UEChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3Qg
+UjQwHhcNMTYwNjIyMDAwMDAwWhcNMzYwNjIyMDAwMDAwWjBHMQswCQYDVQQGEwJVUzEiMCAGA1UE
+ChMZR29vZ2xlIFRydXN0IFNlcnZpY2VzIExMQzEUMBIGA1UEAxMLR1RTIFJvb3QgUjQwdjAQBgcq
+hkjOPQIBBgUrgQQAIgNiAATzdHOnaItgrkO4NcWBMHtLSZ37wWHO5t5GvWvVYRg1rkDdc/eJkTBa
+6zzuhXyiQHY7qca4R9gq55KRanPpsXI5nymfopjTX15YhmUPoYRlBtHci8nHc8iMai/lxKvRHYqj
+QjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBSATNbrdP9JNqPV
+2Py1PsVq8JQdjDAKBggqhkjOPQQDAwNnADBkAjBqUFJ0CMRw3J5QdCHojXohw0+WbhXRIjVhLfoI
+N+4Zba3bssx9BzT1YBkstTTZbyACMANxsbqjYAuG7ZoIapVon+Kz4ZNkfF6Tpt95LY2F45TPI11x
+zPKwTdb+mciUqXWi4w==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert130.pem b/test/rules/platform_certs/default/cert130.pem
index 94a5b2da68f3..0dacc520e53a 100644
--- a/test/rules/platform_certs/default/cert130.pem
+++ b/test/rules/platform_certs/default/cert130.pem
@@ -1,23 +1,27 @@
-TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
+UCA Global G2 Root
 -----BEGIN CERTIFICATE-----
-MIIEYzCCA0ugAwIBAgIBATANBgkqhkiG9w0BAQsFADCB0jELMAkGA1UEBhMCVFIxGDAWBgNVBAcT
-D0dlYnplIC0gS29jYWVsaTFCMEAGA1UEChM5VHVya2l5ZSBCaWxpbXNlbCB2ZSBUZWtub2xvamlr
-IEFyYXN0aXJtYSBLdXJ1bXUgLSBUVUJJVEFLMS0wKwYDVQQLEyRLYW11IFNlcnRpZmlrYXN5b24g
-TWVya2V6aSAtIEthbXUgU00xNjA0BgNVBAMTLVRVQklUQUsgS2FtdSBTTSBTU0wgS29rIFNlcnRp
-ZmlrYXNpIC0gU3VydW0gMTAeFw0xMzExMjUwODI1NTVaFw00MzEwMjUwODI1NTVaMIHSMQswCQYD
-VQQGEwJUUjEYMBYGA1UEBxMPR2ViemUgLSBLb2NhZWxpMUIwQAYDVQQKEzlUdXJraXllIEJpbGlt
-c2VsIHZlIFRla25vbG9qaWsgQXJhc3Rpcm1hIEt1cnVtdSAtIFRVQklUQUsxLTArBgNVBAsTJEth
-bXUgU2VydGlmaWthc3lvbiBNZXJrZXppIC0gS2FtdSBTTTE2MDQGA1UEAxMtVFVCSVRBSyBLYW11
-IFNNIFNTTCBLb2sgU2VydGlmaWthc2kgLSBTdXJ1bSAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
-MIIBCgKCAQEAr3UwM6q7a9OZLBI3hNmNe5eA027n/5tQlT6QlVZC1xl8JoSNkvoBHToP4mQ4t4y8
-6Ij5iySrLqP1N+RAjhgleYN1Hzv/bKjFxlb4tO2KRKOrbEz8HdDc72i9z+SqzvBV96I01INrN3wc
-wv61A+xXzry0tcXtAA9TNypN9E8Mg/uGz8v+jE69h/mniyFXnHrfA2eJLJ2XYacQuFWQfw4tJzh0
-3+f92k4S400VIgLI4OD8D62K18lUUMw7D8oWgITQUVbDjlZ/iSIzL+aFCr2lqBs23tPcLG07xxO9
-WSMs5uWk99gL7eqQQESolbuT1dCANLZGeA4fAJNG4e7p+exPFwIDAQABo0IwQDAdBgNVHQ4EFgQU
-ZT/HiobGPN08VFw1+DrtUgxHV8gwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJ
-KoZIhvcNAQELBQADggEBACo/4fEyjq7hmFxLXs9rHmoJ0iKpEsdeV31zVmSAhHqT5Am5EM2fKifh
-AHe+SMg1qIGf5LgsyX8OsNJLN13qudULXjS99HMpw+0mFZx+CFOKWI3QSyjfwbPfIPP54+M638yc
-lNhOT8NrF7f3cuitZjO1JVOr4PhMqZ398g26rrnZqsZr+ZO7rqu4lzwDGrpDxpa5RXI4s6ehlj2R
-e37AIVNMh+3yC1SVUZPVIqUNivGTDj5UDrDYyU7c8jEyVupk+eq1nRZmQnLzf9OxMUP8pI4X8W0j
-q5Rm+K37DwhuJi1/FwcJsoz7UMCflo3Ptv0AnVoUmr8CRPXBwp8iXqIPoeM=
+MIIFRjCCAy6gAwIBAgIQXd+x2lqj7V2+WmUgZQOQ7zANBgkqhkiG9w0BAQsFADA9MQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxGzAZBgNVBAMMElVDQSBHbG9iYWwgRzIgUm9vdDAeFw0x
+NjAzMTEwMDAwMDBaFw00MDEyMzEwMDAwMDBaMD0xCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlU
+cnVzdDEbMBkGA1UEAwwSVUNBIEdsb2JhbCBHMiBSb290MIICIjANBgkqhkiG9w0BAQEFAAOCAg8A
+MIICCgKCAgEAxeYrb3zvJgUno4Ek2m/LAfmZmqkywiKHYUGRO8vDaBsGxUypK8FnFyIdK+35KYmT
+oni9kmugow2ifsqTs6bRjDXVdfkX9s9FxeV67HeToI8jrg4aA3++1NDtLnurRiNb/yzmVHqUwCoV
+8MmNsHo7JOHXaOIxPAYzRrZUEaalLyJUKlgNAQLx+hVRZ2zA+te2G3/RVogvGjqNO7uCEeBHANBS
+h6v7hn4PJGtAnTRnvI3HLYZveT6OqTwXS3+wmeOwcWDcC/Vkw85DvG1xudLeJ1uK6NjGruFZfc8o
+LTW4lVYa8bJYS7cSN8h8s+1LgOGN+jIjtm+3SJUIsUROhYw6AlQgL9+/V087OpAh18EmNVQg7Mc/
+R+zvWr9LesGtOxdQXGLYD0tK3Cv6brxzks3sx1DoQZbXqX5t2Okdj4q1uViSukqSKwxW/YDrCPBe
+KW4bHAyvj5OJrdu9o54hyokZ7N+1wxrrFv54NkzWbtA+FxyQF2smuvt6L78RHBgOLXMDj6DlNaBa
+4kx1HXHhOThTeEDMg5PXCp6dW4+K5OXgSORIskfNTip1KnvyIvbJvgmRlld6iIis7nCs+dwp4wwc
+OxJORNanTrAmyPPZGpeRaOrvjUYG0lZFWJo8DA+DuAUlwznPO6Q0ibd5Ei9Hxeepl2n8pndntd97
+8XplFeRhVmUCAwEAAaNCMEAwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0O
+BBYEFIHEjMz15DD/pQwIX4wVZyF0Ad/fMA0GCSqGSIb3DQEBCwUAA4ICAQATZSL1jiutROTL/7lo
+5sOASD0Ee/ojL3rtNtqyzm325p7lX1iPyzcyochltq44PTUbPrw7tgTQvPlJ9Zv3hcU2tsu8+Mg5
+1eRfB70VVJd0ysrtT7q6ZHafgbiERUlMjW+i67HM0cOU2kTC5uLqGOiiHycFutfl1qnN3e92mI0A
+Ds0b+gO3joBYDic/UvuUospeZcnWhNq5NXHzJsBPd+aBJ9J3O5oUb3n09tDh05S60FdRvScFDcH9
+yBIw7m+NESsIndTUv4BFFJqIRNow6rSn4+7vW4LVPtateJLbXDzz2K36uGt/xDYotgIVilQsnLAX
+c47QN6MUPJiVAAwpBVueSUmxX8fjy88nZY41F7dXyDDZQVu5FLbowg+UMaeUmMxq67XhJ/UQqAHo
+jhJi6IjMtX9Gl8CbEGY4GjZGXyJoPd/JxhMnq1MGrKI8hgZlb7F+sSlEmqO6SWkoaY/X5V+tBIZk
+bxqgDMUIYs6Ao9Dz7GjevjPHF1t/gMRMTLGmhIrDO7gJzRSBuhjjVFc2/tsvfEehOjPI+Vg7RE+x
+ygKJBJYoaMVLuCaJu9YzL1DV/pqJuhgyklTGW+Cd+V7lDSKb9triyCGyYiGqhkCyLmTTX8jjfhFn
+RR8F/uOi77Oos/N9j/gMHyIfLXC0uAE0djAA5SN4p1bXUB+K+wb1whnw0A==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert131.pem b/test/rules/platform_certs/default/cert131.pem
index ecb51c9a3077..b9ffb5d67f20 100644
--- a/test/rules/platform_certs/default/cert131.pem
+++ b/test/rules/platform_certs/default/cert131.pem
@@ -1,28 +1,28 @@
-GDCA TrustAUTH R5 ROOT
+UCA Extended Validation Root
 -----BEGIN CERTIFICATE-----
-MIIFiDCCA3CgAwIBAgIIfQmX/vBH6nowDQYJKoZIhvcNAQELBQAwYjELMAkGA1UEBhMCQ04xMjAw
-BgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZIENPLixMVEQuMR8wHQYDVQQD
-DBZHRENBIFRydXN0QVVUSCBSNSBST09UMB4XDTE0MTEyNjA1MTMxNVoXDTQwMTIzMTE1NTk1OVow
-YjELMAkGA1UEBhMCQ04xMjAwBgNVBAoMKUdVQU5HIERPTkcgQ0VSVElGSUNBVEUgQVVUSE9SSVRZ
-IENPLixMVEQuMR8wHQYDVQQDDBZHRENBIFRydXN0QVVUSCBSNSBST09UMIICIjANBgkqhkiG9w0B
-AQEFAAOCAg8AMIICCgKCAgEA2aMW8Mh0dHeb7zMNOwZ+Vfy1YI92hhJCfVZmPoiC7XJjDp6L3TQs
-AlFRwxn9WVSEyfFrs0yw6ehGXTjGoqcuEVe6ghWinI9tsJlKCvLriXBjTnnEt1u9ol2x8kECK62p
-OqPseQrsXzrj/e+APK00mxqriCZ7VqKChh/rNYmDf1+uKU49tm7srsHwJ5uu4/Ts765/94Y9cnrr
-pftZTqfrlYwiOXnhLQiPzLyRuEH3FMEjqcOtmkVEs7LXLM3GKeJQEK5cy4KOFxg2fZfmiJqwTTQJ
-9Cy5WmYqsBebnh52nUpmMUHfP/vFBu8btn4aRjb3ZGM74zkYI+dndRTVdVeSN72+ahsmUPI2JgaQ
-xXABZG12ZuGR224HwGGALrIuL4xwp9E7PLOR5G62xDtw8mySlwnNR30YwPO7ng/Wi64HtloPzgsM
-R6flPri9fcebNaBhlzpBdRfMK5Z3KpIhHtmVdiBnaM8Nvd/WHwlqmuLMc3GkL30SgLdTMEZeS1SZ
-D2fJpcjyIMGC7J0R38IC+xo70e0gmu9lZJIQDSri3nDxGGeCjGHeuLzRL5z7D9Ar7Rt2ueQ5Vfj4
-oR24qoAATILnsn8JuLwwoC8N9VKejveSswoAHQBUlwbgsQfZxw9cZX08bVlX5O2ljelAU58VS6Bx
-9hoh49pwBiFYFIeFd3mqgnkCAwEAAaNCMEAwHQYDVR0OBBYEFOLJQJ9NzuiaoXzPDj9lxSmIahlR
-MA8GA1UdEwEB/wQFMAMBAf8wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQDRSVfg
-p8xoWLoBDysZzY2wYUWsEe1jUGn4H3++Fo/9nesLqjJHdtJnJO29fDMylyrHBYZmDRd9FBUb1Ov9
-H5r2XpdptxolpAqzkT9fNqyL7FeoPueBihhXOYV0GkLH6VsTX4/5COmSdI31R9KrO9b7eGZONn35
-6ZLpBN79SWP8bfsUcZNnL0dKt7n/HipzcEYwv1ryL3ml4Y0M2fmyYzeMN2WFcGpcWwlyua1jPLHd
-+PwyvzeG5LuOmCd+uh8W4XAR8gPfJWIyJyYYMoSf/wA6E7qaTfRPuBRwIrHKK5DOKcFw9C+df/KQ
-HtZa37dG/OaG+svgIHZ6uqbL9XzeYqWxi+7egmaKTjowHz+Ay60nugxe19CxVsp3cbK1daFQqUBD
-F8Io2c9Si1vIY9RCPqAzekYu9wogRlR+ak8x8YF+QnQ4ZXMn7sZ8uI7XpTrXmKGcjBBV09tL7ECQ
-8s1uV9JiDnxXk7Gnbc2dg7sq5+W2O3FYrf3RRbxake5TFW/TRQl1brqQXR4EzzffHqhmsYzmIGrv
-/EhOdJhCrylvLmrH+33RZjEizIYAfmaDDEL0vTSSwxrqT8p+ck0LcIymSLumoRT2+1hEmRSuqguT
-aaApJUqlyyvdimYHFngVV3Eb7PVHhPOeMTd61X8kreS8/f3MboPoDKi3QWwH3b08hpcv0g==
+MIIFWjCCA0KgAwIBAgIQT9Irj/VkyDOeTzRYZiNwYDANBgkqhkiG9w0BAQsFADBHMQswCQYDVQQG
+EwJDTjERMA8GA1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9u
+IFJvb3QwHhcNMTUwMzEzMDAwMDAwWhcNMzgxMjMxMDAwMDAwWjBHMQswCQYDVQQGEwJDTjERMA8G
+A1UECgwIVW5pVHJ1c3QxJTAjBgNVBAMMHFVDQSBFeHRlbmRlZCBWYWxpZGF0aW9uIFJvb3QwggIi
+MA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCpCQcoEwKwmeBkqh5DFnpzsZGgdT6o+uM4AHrs
+iWogD4vFsJszA1qGxliG1cGFu0/GnEBNyr7uaZa4rYEwmnySBesFK5pI0Lh2PpbIILvSsPGP2KxF
+Rv+qZ2C0d35qHzwaUnoEPQc8hQ2E0B92CvdqFN9y4zR8V05WAT558aopO2z6+I9tTcg1367r3CTu
+eUWnhbYFiN6IXSV8l2RnCdm/WhUFhvMJHuxYMjMR83dksHYf5BA1FxvyDrFspCqjc/wJHx4yGVMR
+59mzLC52LqGj3n5qiAno8geK+LLNEOfic0CTuwjRP+H8C5SzJe98ptfRr5//lpr1kXuYC3fUfugH
+0mK1lTnj8/FtDw5lhIpjVMWAtuCeS31HJqcBCF3RiJ7XwzJE+oJKCmhUfzhTA8ykADNkUVkLo4KR
+el7sFsLzKuZi2irbWWIQJUoqgQtHB0MGcIfS+pMRKXpITeuUx3BNr2fVUbGAIAEBtHoIppB/TuDv
+B0GHr2qlXov7z1CymlSvw4m6WC31MJixNnI5fkkE/SmnTHnkBVfblLkWU41Gsx2VYVdWf6/wFlth
+WG82UBEL2KwrlRYaDh8IzTY0ZRBiZtWAXxQgXy0MoHgKaNYs1+lvK9JKBZP8nm9rZ/+I8U6laUpS
+NwXqxhaN0sSZ0YIrO7o1dfdRUVjzyAfd5LQDfwIDAQABo0IwQDAdBgNVHQ4EFgQU2XQ65DA9DfcS
+3H5aBZ8eNJr34RQwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQEL
+BQADggIBADaNl8xCFWQpN5smLNb7rhVpLGsaGvdftvkHTFnq88nIua7Mui563MD1sC3AO6+fcAUR
+ap8lTwEpcOPlDOHqWnzcSbvBHiqB9RZLcpHIojG5qtr8nR/zXUACE/xOHAbKsxSQVBcZEhrxH9cM
+aVr2cXj0lH2RC47skFSOvG+hTKv8dGT9cZr4QQehzZHkPJrgmzI5c6sq1WnIeJEmMX3ixzDx/BR4
+dxIOE/TdFpS/S2d7cFOFyrC78zhNLJA5wA3CXWvp4uXViI3WLL+rG761KIcSF3Ru/H38j9CHJrAb
++7lsq+KePRXBOy5nAliRn+/4Qh8st2j1da3Ptfb/EX3C8CSlrdP6oDyp+l3cpaDvRKS+1ujl5BOW
+F3sGPjLtx7dCvHaj2GU4Kzg1USEODm8uNBNA4StnDG1KQTAYI1oyVZnJF+A83vbsea0rWBmirSwi
+GpWOvpaQXUJXxPkUAzUrHC1RVwinOt4/5Mi0A3PCwSaAuwtCH60NryZy2sy+s6ODWA2CxR9GUeOc
+GMyNm43sSet1UNWMKFnKdDTajAshqx7qG+XH/RU+wBeq+yNuJkbL+vmxcmtpzyKEC2IPrNkZAJSi
+djzULZrtBJ4tBmIQN1IchXIbJ+XMxjHsN+xjWZsLHXbMfjKaiJUINlK73nZfdklJrX+9ZSCyycEr
+dhh2n1ax
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert132.pem b/test/rules/platform_certs/default/cert132.pem
index 20b597bbe847..fcfc4e9327b0 100644
--- a/test/rules/platform_certs/default/cert132.pem
+++ b/test/rules/platform_certs/default/cert132.pem
@@ -1,22 +1,32 @@
-TrustCor RootCert CA-1
+Certigna Root CA
 -----BEGIN CERTIFICATE-----
-MIIEMDCCAxigAwIBAgIJANqb7HHzA7AZMA0GCSqGSIb3DQEBCwUAMIGkMQswCQYDVQQGEwJQQTEP
-MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
-U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
-dHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0IENBLTEwHhcNMTYwMjA0MTIzMjE2WhcNMjkx
-MjMxMTcyMzE2WjCBpDELMAkGA1UEBhMCUEExDzANBgNVBAgMBlBhbmFtYTEUMBIGA1UEBwwLUGFu
-YW1hIENpdHkxJDAiBgNVBAoMG1RydXN0Q29yIFN5c3RlbXMgUy4gZGUgUi5MLjEnMCUGA1UECwwe
-VHJ1c3RDb3IgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MR8wHQYDVQQDDBZUcnVzdENvciBSb290Q2Vy
-dCBDQS0xMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAv463leLCJhJrMxnHQFgKq1mq
-jQCj/IDHUHuO1CAmujIS2CNUSSUQIpidRtLByZ5OGy4sDjjzGiVoHKZaBeYei0i/mJZ0PmnK6bV4
-pQa81QBeCQryJ3pS/C3Vseq0iWEk8xoT26nPUu0MJLq5nux+AHT6k61sKZKuUbS701e/s/OojZz0
-JEsq1pme9J7+wH5COucLlVPat2gOkEz7cD+PSiyU8ybdY2mplNgQTsVHCJCZGxdNuWxu72CVEY4h
-gLW9oHPY0LJ3xEXqWib7ZnZ2+AYfYW0PVcWDtxBWcgYHpfOxGgMFZA6dWorWhnAbJN7+KIor0Gqw
-/Hqi3LJ5DotlDwIDAQABo2MwYTAdBgNVHQ4EFgQU7mtJPHo/DeOxCbeKyKsZn3MzUOcwHwYDVR0j
-BBgwFoAU7mtJPHo/DeOxCbeKyKsZn3MzUOcwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMC
-AYYwDQYJKoZIhvcNAQELBQADggEBACUY1JGPE+6PHh0RU9otRCkZoB5rMZ5NDp6tPVxBb5UrJKF5
-mDo4Nvu7Zp5I/5CQ7z3UuJu0h3U/IJvOcs+hVcFNZKIZBqEHMwwLKeXx6quj7LUKdJDHfXLy11yf
-ke+Ri7fc7Waiz45mO7yfOgLgJ90WmMCV1Aqk5IGadZQ1nJBfiDcGrVmVCrDRZ9MZyonnMlo2HD6C
-qFqTvsbQZJG2z9m2GM/bftJlo6bEjhcxwft+dtvTheNYsnd6djtsL1Ac59v2Z3kf9YKVmgenFK+P
-3CghZwnS1k1aHBkcjndcw5QkPTJrS37UeJSDvjdNzl/HHk484IkzlQsPpTLWPFp5LBk=
+MIIGWzCCBEOgAwIBAgIRAMrpG4nxVQMNo+ZBbcTjpuEwDQYJKoZIhvcNAQELBQAwWjELMAkGA1UE
+BhMCRlIxEjAQBgNVBAoMCURoaW15b3RpczEcMBoGA1UECwwTMDAwMiA0ODE0NjMwODEwMDAzNjEZ
+MBcGA1UEAwwQQ2VydGlnbmEgUm9vdCBDQTAeFw0xMzEwMDEwODMyMjdaFw0zMzEwMDEwODMyMjda
+MFoxCzAJBgNVBAYTAkZSMRIwEAYDVQQKDAlEaGlteW90aXMxHDAaBgNVBAsMEzAwMDIgNDgxNDYz
+MDgxMDAwMzYxGTAXBgNVBAMMEENlcnRpZ25hIFJvb3QgQ0EwggIiMA0GCSqGSIb3DQEBAQUAA4IC
+DwAwggIKAoICAQDNGDllGlmx6mQWDoyUJJV8g9PFOSbcDO8WV43X2KyjQn+Cyu3NW9sOty3tRQgX
+stmzy9YXUnIo245Onoq2C/mehJpNdt4iKVzSs9IGPjA5qXSjklYcoW9MCiBtnyN6tMbaLOQdLNyz
+KNAT8kxOAkmhVECe5uUFoC2EyP+YbNDrihqECB63aCPuI9Vwzm1RaRDuoXrC0SIxwoKF0vJVdlB8
+JXrJhFwLrN1CTivngqIkicuQstDuI7pmTLtipPlTWmR7fJj6o0ieD5Wupxj0auwuA0Wv8HT4Ks16
+XdG+RCYyKfHx9WzMfgIhC59vpD++nVPiz32pLHxYGpfhPTc3GGYo0kDFUYqMwy3OU4gkWGQwFsWq
+4NYKpkDfePb1BHxpE4S80dGnBs8B92jAqFe7OmGtBIyT46388NtEbVncSVmurJqZNjBBe3YzIoej
+wpKGbvlw7q6Hh5UbxHq9MfPU0uWZ/75I7HX1eBYdpnDBfzwboZL7z8g81sWTCo/1VTp2lc5ZmIoJ
+lXcymoO6LAQ6l73UL77XbJuiyn1tJslV1c/DeVIICZkHJC1kJWumIWmbat10TWuXekG9qxf5kBdI
+jzb5LdXF2+6qhUVB+s06RbFo5jZMm5BX7CO5hwjCxAnxl4YqKE3idMDaxIzb3+KhF1nOJFl0Mdp/
+/TBt2dzhauH8XwIDAQABo4IBGjCCARYwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+HQYDVR0OBBYEFBiHVuBud+4kNTxOc5of1uHieX4rMB8GA1UdIwQYMBaAFBiHVuBud+4kNTxOc5of
+1uHieX4rMEQGA1UdIAQ9MDswOQYEVR0gADAxMC8GCCsGAQUFBwIBFiNodHRwczovL3d3d3cuY2Vy
+dGlnbmEuZnIvYXV0b3JpdGVzLzBtBgNVHR8EZjBkMC+gLaArhilodHRwOi8vY3JsLmNlcnRpZ25h
+LmZyL2NlcnRpZ25hcm9vdGNhLmNybDAxoC+gLYYraHR0cDovL2NybC5kaGlteW90aXMuY29tL2Nl
+cnRpZ25hcm9vdGNhLmNybDANBgkqhkiG9w0BAQsFAAOCAgEAlLieT/DjlQgi581oQfccVdV8AOIt
+OoldaDgvUSILSo3L6btdPrtcPbEo/uRTVRPPoZAbAh1fZkYJMyjhDSSXcNMQH+pkV5a7XdrnxIxP
+TGRGHVyH41neQtGbqH6mid2PHMkwgu07nM3A6RngatgCdTer9zQoKJHyBApPNeNgJgH60BGM+RFq
+7q89w1DTj18zeTyGqHNFkIwgtnJzFyO+B2XleJINugHA64wcZr+shncBlA2c5uk5jR+mUYyZDDl3
+4bSb+hxnV29qao6pK0xXeXpXIs/NX2NGjVxZOob4Mkdio2cNGJHc+6Zr9UhhcyNZjgKnvETq9Emd
+8VRY+WCv2hikLyhF3HqgiIZd8zvn/yk1gPxkQ5Tm4xxvvq0OKmOZK8l+hfZx6AYDlf7ej0gcWtSS
+6Cvu5zHbugRqh5jnxV/vfaci9wHYTfmJ0A6aBVmknpjZbyvKcL5kwlWj9Omvw5Ip3IgWJJk8jSaY
+tlu3zM63Nwf9JtmYhST/WSMDmu2dnajkXjjO11INb9I/bbEFa0nOipFGc/T2L/Coc3cOZayhjWZS
+aX5LaAzHHjcng6WMxwLkFM1JAbBzs/3GkDpv0mztO+7skb6iQ12LAEpmJURw3kAP+HwV96LOPNde
+E4yBFxgX0b3xdxA61GU5wSesVywlVP+i2k+KYTlerj1KjL0=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert133.pem b/test/rules/platform_certs/default/cert133.pem
index 8bf6d29369df..056b4b067423 100644
--- a/test/rules/platform_certs/default/cert133.pem
+++ b/test/rules/platform_certs/default/cert133.pem
@@ -1,31 +1,20 @@
-TrustCor RootCert CA-2
+emSign Root CA - G1
 -----BEGIN CERTIFICATE-----
-MIIGLzCCBBegAwIBAgIIJaHfyjPLWQIwDQYJKoZIhvcNAQELBQAwgaQxCzAJBgNVBAYTAlBBMQ8w
-DQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5MSQwIgYDVQQKDBtUcnVzdENvciBT
-eXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29yIENlcnRpZmljYXRlIEF1dGhvcml0
-eTEfMB0GA1UEAwwWVHJ1c3RDb3IgUm9vdENlcnQgQ0EtMjAeFw0xNjAyMDQxMjMyMjNaFw0zNDEy
-MzExNzI2MzlaMIGkMQswCQYDVQQGEwJQQTEPMA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5h
-bWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3IgU3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5U
-cnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxHzAdBgNVBAMMFlRydXN0Q29yIFJvb3RDZXJ0
-IENBLTIwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCnIG7CKqJiJJWQdsg4foDSq8Gb
-ZQWU9MEKENUCrO2fk8eHyLAnK0IMPQo+QVqedd2NyuCb7GgypGmSaIwLgQ5WoD4a3SwlFIIvl9Nk
-RvRUqdw6VC0xK5mC8tkq1+9xALgxpL56JAfDQiDyitSSBBtlVkxs1Pu2YVpHI7TYabS3OtB0PAx1
-oYxOdqHp2yqlO/rOsP9+aij9JxzIsekp8VduZLTQwRVtDr4uDkbIXvRR/u8OYzo7cbrPb1nKDOOb
-XUm4TOJXsZiKQlecdu/vvdFoqNL0Cbt3Nb4lggjEFixEIFapRBF37120Hapeaz6LMvYHL1cEksr1
-/p3C6eizjkxLAjHZ5DxIgif3GIJ2SDpxsROhOdUuxTTCHWKF3wP+TfSvPd9cW436cOGlfifHhi5q
-jxLGhF5DUVCcGZt45vz27Ud+ez1m7xMTiF88oWP7+ayHNZ/zgp6kPwqcMWmLmaSISo5uZk3vFsQP
-eSghYA2FFn3XVDjxklb9tTNMg9zXEJ9L/cb4Qr26fHMC4P99zVvh1Kxhe1fVSntb1IVYJ12/+Ctg
-rKAmrhQhJ8Z3mjOAPF5GP/fDsaOGM8boXg25NSyqRsGFAnWAoOsk+xWq5Gd/bnc/9ASKL3x74xdh
-8N0JqSDIvgmk0H5Ew7IwSjiqqewYmgeCK9u4nBit2uBGF6zPXQIDAQABo2MwYTAdBgNVHQ4EFgQU
-2f4hQG6UnrybPZx9mCAZ5YwwYrIwHwYDVR0jBBgwFoAU2f4hQG6UnrybPZx9mCAZ5YwwYrIwDwYD
-VR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAYYwDQYJKoZIhvcNAQELBQADggIBAJ5Fngw7tu/h
-Osh80QA9z+LqBrWyOrsGS2h60COXdKcs8AjYeVrXWoSK2BKaG9l9XE1wxaX5q+WjiYndAfrs3fnp
-kpfbsEZC89NiqpX+MWcUaViQCqoL7jcjx1BRtPV+nuN79+TMQjItSQzL/0kMmx40/W5ulop5A7Zv
-2wnL/V9lFDfhOPXzYRZY5LVtDQsEGz9QLX+zx3oaFoBg+Iof6Rsqxvm6ARppv9JYx1RXCI/hOWB3
-S6xZhBqI8d3LT3jX5+EzLfzuQfogsL7L9ziUwOHQhQ+77Sxzq+3+knYaZH9bDTMJBzN7Bj8RpFxw
-PIXAz+OQqIN3+tvmxYxoZxBnpVIt8MSZj3+/0WvitUfW2dCFmU2Umw9Lje4AWkcdEQOsQRivh7dv
-DDqPys/cA8GiCcjl/YBeyGBCARsaU1q7N6a3vLqE6R5sGtRk2tRD/pOLS/IseRYQ1JMLiI+h2IYU
-RpFHmygk71dSTlxCnKr3Sewn6EAes6aJInKc9Q0ztFijMDvd1GpUk74aTfOTlPf8hAs/hCBcNANE
-xdqtvArBAs8e5ZTZ845b2EzwnexhF7sUMlQMAimTHpKG9n/v55IFDlndmQguLvqcAFLTxWYp5KeX
-RKQOKIETNcX2b2TmQcTVL8w0RSXPQQCWPUouwpaYT05KnJe32x+SMsj/D1Fu1uwJ
+MIIDlDCCAnygAwIBAgIKMfXkYgxsWO3W2DANBgkqhkiG9w0BAQsFADBnMQswCQYDVQQGEwJJTjET
+MBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRl
+ZDEcMBoGA1UEAxMTZW1TaWduIFJvb3QgQ0EgLSBHMTAeFw0xODAyMTgxODMwMDBaFw00MzAyMTgx
+ODMwMDBaMGcxCzAJBgNVBAYTAklOMRMwEQYDVQQLEwplbVNpZ24gUEtJMSUwIwYDVQQKExxlTXVk
+aHJhIFRlY2hub2xvZ2llcyBMaW1pdGVkMRwwGgYDVQQDExNlbVNpZ24gUm9vdCBDQSAtIEcxMIIB
+IjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAk0u76WaK7p1b1TST0Bsew+eeuGQzf2N4aLTN
+LnF115sgxk0pvLZoYIr3IZpWNVrzdr3YzZr/k1ZLpVkGoZM0Kd0WNHVO8oG0x5ZOrRkVUkr+PHB1
+cM2vK6sVmjM8qrOLqs1D/fXqcP/tzxE7lM5OMhbTI0Aqd7OvPAEsbO2ZLIvZTmmYsvePQbAyeGHW
+DV/D+qJAkh1cF+ZwPjXnorfCYuKrpDhMtTk1b+oDafo6VGiFbdbyL0NVHpENDtjVaqSW0RM8LHhQ
+6DqS0hdW5TUaQBw+jSztOd9C4INBdN+jzcKGYEho42kLVACL5HZpIQ15TjQIXhTCzLG3rdd8cIrH
+hQIDAQABo0IwQDAdBgNVHQ4EFgQU++8Nhp6w492pufEhF38+/PB3KxowDgYDVR0PAQH/BAQDAgEG
+MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFn/8oz1h31xPaOfG1vR2vjTnGs2
+vZupYeveFix0PZ7mddrXuqe8QhfnPZHr5X3dPpzxz5KsbEjMwiI/aTvFthUvozXGaCocV685743Q
+NcMYDHsAVhzNixl03r4PEuDQqqE/AjSxcM6dGNYIAwlG7mDgfrbESQRRfXBgvKqy/3lyeqYdPV8q
++Mri/Tm3R7nrft8EI6/6nAYH6ftjk4BAtcZsCjEozgyfz7MjNYBBjWzEN3uBL4ChQEKF6dk4jeih
+U80Bv2noWgbyRQuQ+q7hv53yrlc8pa6yVvSLZUDp/TGBLPQ5Cdjua6e0ph0VpZj3AYHYhX3zUVxx
+iN66zB+Afko=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert134.pem b/test/rules/platform_certs/default/cert134.pem
index ca5310bb3093..c43a67b50c25 100644
--- a/test/rules/platform_certs/default/cert134.pem
+++ b/test/rules/platform_certs/default/cert134.pem
@@ -1,22 +1,14 @@
-TrustCor ECA-1
+emSign ECC Root CA - G3
 -----BEGIN CERTIFICATE-----
-MIIEIDCCAwigAwIBAgIJAISCLF8cYtBAMA0GCSqGSIb3DQEBCwUAMIGcMQswCQYDVQQGEwJQQTEP
-MA0GA1UECAwGUGFuYW1hMRQwEgYDVQQHDAtQYW5hbWEgQ2l0eTEkMCIGA1UECgwbVHJ1c3RDb3Ig
-U3lzdGVtcyBTLiBkZSBSLkwuMScwJQYDVQQLDB5UcnVzdENvciBDZXJ0aWZpY2F0ZSBBdXRob3Jp
-dHkxFzAVBgNVBAMMDlRydXN0Q29yIEVDQS0xMB4XDTE2MDIwNDEyMzIzM1oXDTI5MTIzMTE3Mjgw
-N1owgZwxCzAJBgNVBAYTAlBBMQ8wDQYDVQQIDAZQYW5hbWExFDASBgNVBAcMC1BhbmFtYSBDaXR5
-MSQwIgYDVQQKDBtUcnVzdENvciBTeXN0ZW1zIFMuIGRlIFIuTC4xJzAlBgNVBAsMHlRydXN0Q29y
-IENlcnRpZmljYXRlIEF1dGhvcml0eTEXMBUGA1UEAwwOVHJ1c3RDb3IgRUNBLTEwggEiMA0GCSqG
-SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDPj+ARtZ+odnbb3w9U73NjKYKtR8aja+3+XzP4Q1HpGjOR
-MRegdMTUpwHmspI+ap3tDvl0mEDTPwOABoJA6LHip1GnHYMma6ve+heRK9jGrB6xnhkB1Zem6g23
-xFUfJ3zSCNV2HykVh0A53ThFEXXQmqc04L/NyFIduUd+Dbi7xgz2c1cWWn5DkR9VOsZtRASqnKmc
-p0yJF4OuowReUoCLHhIlERnXDH19MURB6tuvsBzvgdAsxZohmz3tQjtQJvLsznFhBmIhVE5/wZ0+
-fyCMgMsq2JdiyIMzkX2woloPV+g7zPIlstR8L+xNxqE6FXrntl019fZISjZFZtS6mFjBAgMBAAGj
-YzBhMB0GA1UdDgQWBBREnkj1zG1I1KBLf/5ZJC+Dl5mahjAfBgNVHSMEGDAWgBREnkj1zG1I1KBL
-f/5ZJC+Dl5mahjAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBhjANBgkqhkiG9w0BAQsF
-AAOCAQEABT41XBVwm8nHc2FvcivUwo/yQ10CzsSUuZQRg2dd4mdsdXa/uwyqNsatR5Nj3B5+1t4u
-/ukZMjgDfxT2AHMsWbEhBuH7rBiVDKP/mZb3Kyeb1STMHd3BOuCYRLDE5D53sXOpZCz2HAF8P11F
-hcCF5yWPldwX8zyfGm6wyuMdKulMY/okYWLW2n62HGz1Ah3UKt1VkOsqEUc8Ll50soIipX1TH0Xs
-J5F95yIW6MBoNtjG8U+ARDL54dHRHareqKucBK+tIA5kmE2la8BIWJZpTdwHjFGTot+fDz2LYLSC
-jaoITmJF4PkL0uDgPFveXHEnJcLmA4GLEFPjx1WitJ/X5g==
+MIICTjCCAdOgAwIBAgIKPPYHqWhwDtqLhDAKBggqhkjOPQQDAzBrMQswCQYDVQQGEwJJTjETMBEG
+A1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEg
+MB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gRzMwHhcNMTgwMjE4MTgzMDAwWhcNNDMwMjE4
+MTgzMDAwWjBrMQswCQYDVQQGEwJJTjETMBEGA1UECxMKZW1TaWduIFBLSTElMCMGA1UEChMcZU11
+ZGhyYSBUZWNobm9sb2dpZXMgTGltaXRlZDEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0g
+RzMwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQjpQy4LRL1KPOxst3iAhKAnjlfSU2fySU0WXTsuwYc
+58Byr+iuL+FBVIcUqEqy6HyC5ltqtdyzdc6LBtCGI79G1Y4PPwT01xySfvalY8L1X44uT6EYGQIr
+MgqCZH0Wk9GjQjBAMB0GA1UdDgQWBBR8XQKEE9TMipuBzhccLikenEhjQjAOBgNVHQ8BAf8EBAMC
+AQYwDwYDVR0TAQH/BAUwAwEB/zAKBggqhkjOPQQDAwNpADBmAjEAvvNhzwIQHWSVB7gYboiFBS+D
+CBeQyh+KTOgNG3qxrdWBCUfvO6wIBHxcmbHtRwfSAjEAnbpV/KlK6O3t5nYBQnvI+GDZjVGLVTv7
+jHvrZQnD+JbNR6iC8hZVdyR+EhCVBCyj
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert135.pem b/test/rules/platform_certs/default/cert135.pem
index 333c225c5d8e..04179a44bf1f 100644
--- a/test/rules/platform_certs/default/cert135.pem
+++ b/test/rules/platform_certs/default/cert135.pem
@@ -1,30 +1,19 @@
-SSL.com Root Certification Authority RSA
+emSign Root CA - C1
 -----BEGIN CERTIFICATE-----
-MIIF3TCCA8WgAwIBAgIIeyyb0xaAMpkwDQYJKoZIhvcNAQELBQAwfDELMAkGA1UEBhMCVVMxDjAM
-BgNVBAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24x
-MTAvBgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBSU0EwHhcNMTYw
-MjEyMTczOTM5WhcNNDEwMjEyMTczOTM5WjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
-EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NM
-LmNvbSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFJTQTCCAiIwDQYJKoZIhvcNAQEBBQAD
-ggIPADCCAgoCggIBAPkP3aMrfcvQKv7sZ4Wm5y4bunfh4/WvpOz6Sl2RxFdHaxh3a3by/ZPkPQ/C
-Fp4LZsNWlJ4Xg4XOVu/yFv0AYvUiCVToZRdOQbngT0aXqhvIuG5iXmmxX9sqAn78bMrzQdjt0Oj8
-P2FI7bADFB0QDksZ4LtO7IZl/zbzXmcCC52GVWH9ejjt/uIZALdvoVBidXQ8oPrIJZK0bnoix/ge
-oeOy3ZExqysdBP+lSgQ36YWkMyv94tZVNHwZpEpox7Ko07fKoZOI68GXvIz5HdkihCR0xwQ9aqkp
-k8zruFvh/l8lqjRYyMEjVJ0bmBHDOJx+PYZspQ9AhnwC9FwCTyjLrnGfDzrIM/4RJTXq/LrFYD3Z
-fBjVsqnTdXgDciLKOsMf7yzlLqn6niy2UUb9rwPW6mBo6oUWNmuF6R7As93EJNyAKoFBbZQ+yODJ
-gUEAnl6/f8UImKIYLEJAs/lvOCdLToD0PYFH4Ih86hzOtXVcUS4cK38acijnALXRdMbX5J+tB5O2
-UzU1/Dfkw/ZdFr4hc96SCvigY2q8lpJqPvi8ZVWb3vUNiSYE/CUapiVpy8JtynziWV+XrOvvLsi8
-1xtZPCvM8hnIk2snYxnP/Okm+Mpxm3+T/jRnhE6Z6/yzeAkzcLpmpnbtG3PrGqUNxCITIJRWCk4s
-bE6x/c+cCbqiM+2HAgMBAAGjYzBhMB0GA1UdDgQWBBTdBAkHovV6fVJTEpKV7jiAJQ2mWTAPBgNV
-HRMBAf8EBTADAQH/MB8GA1UdIwQYMBaAFN0ECQei9Xp9UlMSkpXuOIAlDaZZMA4GA1UdDwEB/wQE
-AwIBhjANBgkqhkiG9w0BAQsFAAOCAgEAIBgRlCn7Jp0cHh5wYfGVcpNxJK1ok1iOMq8bs3AD/CUr
-dIWQPXhq9LmLpZc7tRiRux6n+UBbkflVma8eEdBcHadm47GUBwwyOabqG7B52B2ccETjit3E+ZUf
-ijhDPwGFpUenPUayvOUiaPd7nNgsPgohyC0zrL/FgZkxdMF1ccW+sfAjRfSda/wZY52jvATGGAsl
-u1OJD7OAUN5F7kR/q5R4ZJjT9ijdh9hwZXT7DrkT66cPYakylszeu+1jTBi7qUD3oFRuIIhxdRjq
-erQ0cuAjJ3dctpDqhiVAq+8zD8ufgr6iIPv2tS0a5sKFsXQP+8hlAqRSAUfdSSLBv9jra6x+3uxj
-MxW3IwiPxg+NQVrdjsW5j+VFP3jbutIbQLH+cU0/4IGiul607BXgk90IH37hVZkLId6Tngr75qNJ
-vTYw/ud3sqB1l7UtgYgXZSD32pAAn8lSzDLKNXz1PQ/YK9f1JmzJBjSWFupwWRoyeXkLtoh/D1JI
-Pb9s2KJELtFOt3JY04kTlf5Eq/jXixtunLwsoFvVagCvXzfh1foQC5ichucmj87w7G6KVwuA406y
-wKBjYZC6VWg3dGq2ktufoYYitmUnDuy2n0Jg5GfCtdpBC8TTi2EbvPofkSvXRAdeuims2cXp71NI
-WuuA8ShYIc2wBlX7Jz9TkHCpBB5XJ7k=
+MIIDczCCAlugAwIBAgILAK7PALrEzzL4Q7IwDQYJKoZIhvcNAQELBQAwVjELMAkGA1UEBhMCVVMx
+EzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQDExNlbVNp
+Z24gUm9vdCBDQSAtIEMxMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowVjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMRwwGgYDVQQD
+ExNlbVNpZ24gUm9vdCBDQSAtIEMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAz+up
+ufGZBczYKCFK83M0UYRWEPWgTywS4/oTmifQz/l5GnRfHXk5/Fv4cI7gklL35CX5VIPZHdPIWoU/
+Xse2B+4+wM6ar6xWQio5JXDWv7V7Nq2s9nPczdcdioOl+yuQFTdrHCZH3DspVpNqs8FqOp099cGX
+OFgFixwR4+S0uF2FHYP+eF8LRWgYSKVGczQ7/g/IdrvHGPMF0Ybzhe3nudkyrVWIzqa2kbBPrH4V
+I5b2P/AgNBbeCsbEBEV5f6f9vtKppa+cxSMq9zwhbL2vj07FOrLzNBL834AaSaTUqZX3noleooms
+lMuoaJuvimUnzYnu3Yy1aylwQ6BpC+S5DwIDAQABo0IwQDAdBgNVHQ4EFgQU/qHgcB4qAzlSWkK+
+XJGFehiqTbUwDgYDVR0PAQH/BAQDAgEGMA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQAD
+ggEBAMJKVvoVIXsoounlHfv4LcQ5lkFMOycsxGwYFYDGrK9HWS8mC+M2sO87/kOXSTKZEhVb3xEp
+/6tT+LvBeA+snFOvV71ojD1pM/CjoCNjO2RnIkSt1XHLVip4kqNPEjE2NuLe/gDEo2APJ62gsIq1
+NnpSob0n9CAnYuhNlCQT5AoE6TyrLshDCUrGYQTlSTR+08TI9Q/Aqum6VF7zYytPT1DU/rl7mYw9
+wC68AivTxEDkigcxHpvOJpkT+xHqmiIMERnHXhuBUDDIlhJu58tBf5E7oke3VIAb3ADMmpDqw8NQ
+BmIMMMAVSKeoWXzhriKi4gp6D/piq1JM4fHfyr6DDUI=
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert136.pem b/test/rules/platform_certs/default/cert136.pem
index 682d48f6dca1..5d185a78a22c 100644
--- a/test/rules/platform_certs/default/cert136.pem
+++ b/test/rules/platform_certs/default/cert136.pem
@@ -1,15 +1,13 @@
-SSL.com Root Certification Authority ECC
+emSign ECC Root CA - C3
 -----BEGIN CERTIFICATE-----
-MIICjTCCAhSgAwIBAgIIdebfy8FoW6gwCgYIKoZIzj0EAwIwfDELMAkGA1UEBhMCVVMxDjAMBgNV
-BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xMTAv
-BgNVBAMMKFNTTC5jb20gUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYwMjEy
-MTgxNDAzWhcNNDEwMjEyMTgxNDAzWjB8MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMxEDAO
-BgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjExMC8GA1UEAwwoU1NMLmNv
-bSBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuBBAAiA2IA
-BEVuqVDEpiM2nl8ojRfLliJkP9x6jh3MCLOicSS6jkm5BBtHllirLZXI7Z4INcgn64mMU1jrYor+
-8FsPazFSY0E7ic3s7LaNGdM0B9y7xgZ/wkWV7Mt/qCPgCemB+vNH06NjMGEwHQYDVR0OBBYEFILR
-hXMw5zUE044CkvvlpNHEIejNMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUgtGFczDnNQTT
-jgKS++Wk0cQh6M0wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2cAMGQCMG/n61kRpGDPYbCW
-e+0F+S8Tkdzt5fxQaxFGRrMcIQBiu77D5+jNB5n5DQtdcj7EqgIwH7y6C+IwJPt8bYBVCpk+gA0z
-5Wajs6O7pdWLjwkspl1+4vAHCGht0nxpbl/f5Wpl
+MIICKzCCAbGgAwIBAgIKe3G2gla4EnycqDAKBggqhkjOPQQDAzBaMQswCQYDVQQGEwJVUzETMBEG
+A1UECxMKZW1TaWduIFBLSTEUMBIGA1UEChMLZU11ZGhyYSBJbmMxIDAeBgNVBAMTF2VtU2lnbiBF
+Q0MgUm9vdCBDQSAtIEMzMB4XDTE4MDIxODE4MzAwMFoXDTQzMDIxODE4MzAwMFowWjELMAkGA1UE
+BhMCVVMxEzARBgNVBAsTCmVtU2lnbiBQS0kxFDASBgNVBAoTC2VNdWRocmEgSW5jMSAwHgYDVQQD
+ExdlbVNpZ24gRUNDIFJvb3QgQ0EgLSBDMzB2MBAGByqGSM49AgEGBSuBBAAiA2IABP2lYa57JhAd
+6bciMK4G9IGzsUJxlTm801Ljr6/58pc1kjZGDoeVjbk5Wum739D+yAdBPLtVb4OjavtisIGJAnB9
+SMVK4+kiVCJNk7tCDK93nCOmfddhEc5lx/h//vXyqaNCMEAwHQYDVR0OBBYEFPtaSNCAIEDyqOkA
+B2kZd6fmw/TPMA4GA1UdDwEB/wQEAwIBBjAPBgNVHRMBAf8EBTADAQH/MAoGCCqGSM49BAMDA2gA
+MGUCMQC02C8Cif22TGK6Q04ThHK1rt0c3ta13FaPWEBaLd4gTCKDypOofu4SQMfWh0/434UCMBwU
+ZOR8loMRnLDRWmFLpg9J0wD8ofzkpf9/rdcw0Md3f76BB1UwUCAU9Vc4CqgxUQ==
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert137.pem b/test/rules/platform_certs/default/cert137.pem
index 7ca1878bdb7e..e2132d1d4b14 100644
--- a/test/rules/platform_certs/default/cert137.pem
+++ b/test/rules/platform_certs/default/cert137.pem
@@ -1,30 +1,30 @@
-SSL.com EV Root Certification Authority RSA R2
+Hongkong Post Root CA 3
 -----BEGIN CERTIFICATE-----
-MIIF6zCCA9OgAwIBAgIIVrYpzTS8ePYwDQYJKoZIhvcNAQELBQAwgYIxCzAJBgNVBAYTAlVTMQ4w
-DAYDVQQIDAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9u
-MTcwNQYDVQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIy
-MB4XDTE3MDUzMTE4MTQzN1oXDTQyMDUzMDE4MTQzN1owgYIxCzAJBgNVBAYTAlVTMQ4wDAYDVQQI
-DAVUZXhhczEQMA4GA1UEBwwHSG91c3RvbjEYMBYGA1UECgwPU1NMIENvcnBvcmF0aW9uMTcwNQYD
-VQQDDC5TU0wuY29tIEVWIFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgUlNBIFIyMIICIjAN
-BgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAjzZlQOHWTcDXtOlG2mvqM0fNTPl9fb69LT3w23jh
-hqXZuglXaO1XPqDQCEGD5yhBJB/jchXQARr7XnAjssufOePPxU7Gkm0mxnu7s9onnQqG6YE3Bf7w
-cXHswxzpY6IXFJ3vG2fThVUCAtZJycxa4bH3bzKfydQ7iEGonL3Lq9ttewkfokxykNorCPzPPFTO
-Zw+oz12WGQvE43LrrdF9HSfvkusQv1vrO6/PgN3B0pYEW3p+pKk8OHakYo6gOV7qd89dAFmPZiw+
-B6KjBSYRaZfqhbcPlgtLyEDhULouisv3D5oi53+aNxPN8k0TayHRwMwi8qFG9kRpnMphNQcAb9Zh
-CBHqurj26bNg5U257J8UZslXWNvNh2n4ioYSA0e/ZhN2rHd9NCSFg83XqpyQGp8hLH94t2S42Oim
-9HizVcuE0jLEeK6jj2HdzghTreyI/BXkmg3mnxp3zkyPuBQVPWKchjgGAGYS5Fl2WlPAApiiECto
-RHuOec4zSnaqW4EWG7WK2NAAe15itAnWhmMOpgWVSbooi4iTsjQc2KRVbrcc0N6ZVTsj9CLg+Slm
-JuwgUHfbSguPvuUCYHBBXtSuUDkiFCbLsjtzdFVHB3mBOagwE0TlBIqulhMlQg+5U8Sb/M3kHN48
-+qvWBkofZ6aYMBzdLNvcGJVXZsb/XItW9XcCAwEAAaNjMGEwDwYDVR0TAQH/BAUwAwEB/zAfBgNV
-HSMEGDAWgBT5YLvU49U09rj1BoAlp3PbRmmonjAdBgNVHQ4EFgQU+WC71OPVNPa49QaAJadz20Zp
-qJ4wDgYDVR0PAQH/BAQDAgGGMA0GCSqGSIb3DQEBCwUAA4ICAQBWs47LCp1Jjr+kxJG7ZhcFUZh1
-++VQLHqe8RT6q9OKPv+RKY9ji9i0qVQBDb6Thi/5Sm3HXvVX+cpVHBK+Rw82xd9qt9t1wkclf7nx
-Y/hoLVUE0fKNsKTPvDxeH3jnpaAgcLAExbf3cqfeIg29MyVGjGSSJuM+LmOW2puMPfgYCdcDzH2G
-guDKBAdRUNf/ktUM79qGn5nX67evaOI5JpS6aLe/g9Pqemc9YmeuJeVy6OLk7K4S9ksrPJ/psEDz
-OFSz/bdoyNrGj1E8svuR3Bznm53htw1yj+KkxKl4+esUrMZDBcJlOSgYAsOCsp0FvmXtll9ldDz7
-CTUue5wT/RsPXcdtgTpWD8w74a8CLyKsRspGPKAcTNZEtF4uXBVmCeEmKf7GUmG6sXP/wwyc5Wxq
-lD8UykAWlYTzWamsX0xhk23RO8yilQwipmdnRC652dKKQbNmC1r7fSOl8hqw/96bg5Qu0T/fkreR
-rwU7ZcegbLHNYhLDkBvjJc40vG93drEQw/cFGsDWr3RiSBd3kmmQYRzelYB0VI8YHMPzA9C/pEN1
-hlMYegouCRw2n5H9gooiS9EOUCXdywMMF8mDAAhONU2Ki+3wApRmLER/y5UnlhetCTCstnEXbosX
-9hwJ1C07mKVx01QT2WDz9UtmT/rx7iASjbSsV7FFY6GsdqnC+w==
+MIIFzzCCA7egAwIBAgIUCBZfikyl7ADJk0DfxMauI7gcWqQwDQYJKoZIhvcNAQELBQAwbzELMAkG
+A1UEBhMCSEsxEjAQBgNVBAgTCUhvbmcgS29uZzESMBAGA1UEBxMJSG9uZyBLb25nMRYwFAYDVQQK
+Ew1Ib25na29uZyBQb3N0MSAwHgYDVQQDExdIb25na29uZyBQb3N0IFJvb3QgQ0EgMzAeFw0xNzA2
+MDMwMjI5NDZaFw00MjA2MDMwMjI5NDZaMG8xCzAJBgNVBAYTAkhLMRIwEAYDVQQIEwlIb25nIEtv
+bmcxEjAQBgNVBAcTCUhvbmcgS29uZzEWMBQGA1UEChMNSG9uZ2tvbmcgUG9zdDEgMB4GA1UEAxMX
+SG9uZ2tvbmcgUG9zdCBSb290IENBIDMwggIiMA0GCSqGSIb3DQEBAQUAA4ICDwAwggIKAoICAQCz
+iNfqzg8gTr7m1gNt7ln8wlffKWihgw4+aMdoWJwcYEuJQwy51BWy7sFOdem1p+/l6TWZ5Mwc50tf
+jTMwIDNT2aa71T4Tjukfh0mtUC1Qyhi+AViiE3CWu4mIVoBc+L0sPOFMV4i707mV78vH9toxdCim
+5lSJ9UExyuUmGs2C4HDaOym71QP1mbpV9WTRYA6ziUm4ii8F0oRFKHyPaFASePwLtVPLwpgchKOe
+sL4jpNrcyCse2m5FHomY2vkALgbpDDtw1VAliJnLzXNg99X/NWfFobxeq81KuEXryGgeDQ0URhLj
+0mRiikKYvLTGCAj4/ahMZJx2Ab0vqWwzD9g/KLg8aQFChn5pwckGyuV6RmXpwtZQQS4/t+TtbNe/
+JgERohYpSms0BpDsE9K2+2p20jzt8NYt3eEV7KObLyzJPivkaTv/ciWxNoZbx39ri1UbSsUgYT2u
+y1DhCDq+sI9jQVMwCFk8mB13umOResoQUGC/8Ne8lYePl8X+l2oBlKN8W4UdKjk60FSh0Tlxnf0h
++bV78OLgAo9uliQlLKAeLKjEiafv7ZkGL7YKTE/bosw3Gq9HhS2KX8Q0NEwA/RiTZxPRN+ZItIsG
+xVd7GYYKecsAyVKvQv83j+GjHno9UKtjBucVtT+2RTeUN7F+8kjDf8V1/peNRY8apxpyKBpADwID
+AQABo2MwYTAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIBBjAfBgNVHSMEGDAWgBQXnc0e
+i9Y5K3DTXNSguB+wAPzFYTAdBgNVHQ4EFgQUF53NHovWOStw01zUoLgfsAD8xWEwDQYJKoZIhvcN
+AQELBQADggIBAFbVe27mIgHSQpsY1Q7XZiNc4/6gx5LS6ZStS6LG7BJ8dNVI0lkUmcDrudHr9Egw
+W62nV3OZqdPlt9EuWSRY3GguLmLYauRwCy0gUCCkMpXRAJi70/33MvJJrsZ64Ee+bs7Lo3I6LWld
+y8joRTnU+kLBEUx3XZL7av9YROXrgZ6voJmtvqkBZss4HTzfQx/0TW60uhdG/H39h4F5ag0zD/ov
++BS5gLNdTaqX4fnkGMX41TiMJjz98iji7lpJiCzfeT2OnpA8vUFKOt1b9pq0zj8lMH8yfaIDlNDc
+eqFS3m6TjRgm/VWsvY+b0s+v54Ysyx8Jb6NvqYTUc79NoXQbTiNg8swOqn+knEwlqLJmOzj/2ZQw
+9nKEvmhVEA/GcywWaZMH/rFF7buiVWqw2rVKAiUnhde3t4ZEFolsgCs+l6mc1X5VTMbeRRAc6uk7
+nwNT7u56AQIWeNTowr5GdogTPyK7SBIdUgC0An4hGh6cJfTzPV4e0hz5sy229zdcxsshTrD3mUcY
+hcErulWuBurQB7Lcq9CClnXO0lD+mefPL5/ndtFhKvshuzHQqp9HpLIiyhY6UFfEW0NnxWViA0kB
+60PZ2Pierc+xYw5F9KBaLJstxabArahH9CdMOA0uG0k7UvToiIMrVCjU8jVStDKDYmlkDJGcn5fq
+dBb9HxEGmpv0
 -----END CERTIFICATE-----
diff --git a/test/rules/platform_certs/default/cert138.pem b/test/rules/platform_certs/default/cert138.pem
index c5e3f68f3043..85ace10ff735 100644
--- a/test/rules/platform_certs/default/cert138.pem
+++ b/test/rules/platform_certs/default/cert138.pem
@@ -1,16 +1,33 @@
-SSL.com EV Root Certification Authority ECC
+Entrust Root Certification Authority - G4
 -----BEGIN CERTIFICATE-----
-MIIClDCCAhqgAwIBAgIILCmcWxbtBZUwCgYIKoZIzj0EAwIwfzELMAkGA1UEBhMCVVMxDjAMBgNV
-BAgMBVRleGFzMRAwDgYDVQQHDAdIb3VzdG9uMRgwFgYDVQQKDA9TU0wgQ29ycG9yYXRpb24xNDAy
-BgNVBAMMK1NTTC5jb20gRVYgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSBFQ0MwHhcNMTYw
-MjEyMTgxNTIzWhcNNDEwMjEyMTgxNTIzWjB/MQswCQYDVQQGEwJVUzEOMAwGA1UECAwFVGV4YXMx
-EDAOBgNVBAcMB0hvdXN0b24xGDAWBgNVBAoMD1NTTCBDb3Jwb3JhdGlvbjE0MDIGA1UEAwwrU1NM
-LmNvbSBFViBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IEVDQzB2MBAGByqGSM49AgEGBSuB
-BAAiA2IABKoSR5CYG/vvw0AHgyBO8TCCogbR8pKGYfL2IWjKAMTH6kMAVIbc/R/fALhBYlzccBYy
-3h+Z1MzFB8gIH2EWB1E9fVwHU+M1OIzfzZ/ZLg1KthkuWnBaBu2+8KGwytAJKaNjMGEwHQYDVR0O
-BBYEFFvKXuXe0oGqzagtZFG22XKbl+ZPMA8GA1UdEwEB/wQFMAMBAf8wHwYDVR0jBBgwFoAUW8pe
-5d7SgarNqC1kUbbZcpuX5k8wDgYDVR0PAQH/BAQDAgGGMAoGCCqGSM49BAMCA2gAMGUCMQCK5kCJ
-N+vp1RPZytRrJPOwPYdGWBrssd9v+1a6cGvHOMzosYxPD/fxZ3YOg9AeUY8CMD32IygmTMZgh5Mm
-m7I1HrrW9zzRHM76JTymGoEVW/MSD2zuZYrJh6j5B+BimoxcSg==
+MIIGSzCCBDOgAwIBAgIRANm1Q3+vqTkPAAAAAFVlrVgwDQYJKoZIhvcNAQELBQAwgb4xCzAJBgNV
+BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
+bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
+dGhvcml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1
+dGhvcml0eSAtIEc0MB4XDTE1MDUyNzExMTExNloXDTM3MTIyNzExNDExNlowgb4xCzAJBgNVBAYT
+AlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3QubmV0
+L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxNSBFbnRydXN0LCBJbmMuIC0gZm9yIGF1dGhv
+cml6ZWQgdXNlIG9ubHkxMjAwBgNVBAMTKUVudHJ1c3QgUm9vdCBDZXJ0aWZpY2F0aW9uIEF1dGhv
+cml0eSAtIEc0MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAsewsQu7i0TD/pZJH4i3D
+umSXbcr3DbVZwbPLqGgZ2K+EbTBwXX7zLtJTmeH+H17ZSK9dE43b/2MzTdMAArzE+NEGCJR5WIoV
+3imz/f3ET+iq4qA7ec2/a0My3dl0ELn39GjUu9CH1apLiipvKgS1sqbHoHrmSKvS0VnM1n4j5pds
+8ELl3FFLFUHtSUrJ3hCX1nbB76W1NhSXNdh4IjVS70O92yfbYVaCNNzLiGAMC1rlLAHGVK/XqsEQ
+e9IFWrhAnoanw5CGAlZSCXqc0ieCU0plUmr1POeo8pyvi73TDtTUXm6Hnmo9RR3RXRv06QqsYJn7
+ibT/mCzPfB3pAqoEmh643IhuJbNsZvc8kPNXwbMv9W3y+8qh+CmdRouzavbmZwe+LGcKKh9asj5X
+xNMhIWNlUpEbsZmOeX7m640A2Vqq6nPopIICR5b+W45UYaPrL0swsIsjdXJ8ITzI9vF01Bx7owVV
+7rtNOzK+mndmnqxpkCIHH2E6lr7lmk/MBTwoWdPBDFSoWWG9yHJM6Nyfh3+9nEg2XpWjDrk4JFX8
+dWbrAuMINClKxuMrLzOg2qOGpRKX/YAr2hRC45K9PvJdXmd0LhyIRyk0X+IyqJwlN4y6mACXi0mW
+Hv0liqzc2thddG5msP9E36EYxr5ILzeUePiVSj9/E15dWf10hkNjc0kCAwEAAaNCMEAwDwYDVR0T
+AQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYEFJ84xFYjwznooHFs6FRM5Og6sb9n
+MA0GCSqGSIb3DQEBCwUAA4ICAQAS5UKme4sPDORGpbZgQIeMJX6tuGguW8ZAdjwD+MlZ9POrYs4Q
+jbRaZIxowLByQzTSGwv2LFPSypBLhmb8qoMi9IsabyZIrHZ3CL/FmFz0Jomee8O5ZDIBf9PD3Vht
+7LGrhFV0d4QEJ1JrhkzO3bll/9bGXp+aEJlLdWr+aumXIOTkdnrG0CSqkM0gkLpHZPt/B7NTeLUK
+YvJzQ85BK4FqLoUWlFPUa19yIqtRLULVAJyZv967lDtX/Zr1hstWO1uIAeV8KEsD+UmDfLJ/fOPt
+jqF/YFOOVZ1QNBIPt5d7bIdKROf1beyAN/BYGW5KaHbwH5Lk6rWS02FREAutp9lfx1/cH6NcjKF+
+m7ee01ZvZl4HliDtC3T7Zk6LERXpgUl+b7DUUH8i119lAg2m9IUe2K4GS0qn0jFmwvjO5QimpAKW
+RGhXxNUzzxkvFMSUHHuk2fCfDrGA4tGeEWSpiBE6doLlYsKA2KSD7ZPvfC+QsDJMlhVoSFLUmQjA
+JOgc47OlIQ6SwJAfzyBfyjs4x7dtOvPmRLgOMWuIjnDrnBdSqEGULoe256YSxXXfW8AKbnuk5F6G
++TaU33fD6Q3AOfF5u0aOq0NZJ7cguyPpVkAh7DE9ZapD8j3fcEThuk0mEDuYn/PIjhs4ViFqUZPT
+kcpG2om3PVODLAgfi49T3f+sHw==
 -----END CERTIFICATE-----
 
diff --git a/test/rules/platform_certs/default/cf701eeb.0 b/test/rules/platform_certs/default/cf701eeb.0
index dfc09b96e7a1..997960c9a6fd 120000
--- a/test/rules/platform_certs/default/cf701eeb.0
+++ b/test/rules/platform_certs/default/cf701eeb.0
@@ -1 +1 @@
-cert035.pem
\ No newline at end of file
+cert030.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d06393bb.0 b/test/rules/platform_certs/default/d06393bb.0
index 125e20d7689f..68c876e8ea1b 120000
--- a/test/rules/platform_certs/default/d06393bb.0
+++ b/test/rules/platform_certs/default/d06393bb.0
@@ -1 +1 @@
-cert089.pem
\ No newline at end of file
+cert081.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d0cddf45.0 b/test/rules/platform_certs/default/d0cddf45.0
index fe08ce674247..09d377c2dbdf 120000
--- a/test/rules/platform_certs/default/d0cddf45.0
+++ b/test/rules/platform_certs/default/d0cddf45.0
@@ -1 +1 @@
-cert133.pem
\ No newline at end of file
+cert118.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d16a5865.0 b/test/rules/platform_certs/default/d16a5865.0
index fa7fca3f2ea3..caeacfb82a92 120000
--- a/test/rules/platform_certs/default/d16a5865.0
+++ b/test/rules/platform_certs/default/d16a5865.0
@@ -1 +1 @@
-cert059.pem
\ No newline at end of file
+cert052.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d18e9066.0 b/test/rules/platform_certs/default/d18e9066.0
index ad1a2c9e4e96..d30fd61516a0 120000
--- a/test/rules/platform_certs/default/d18e9066.0
+++ b/test/rules/platform_certs/default/d18e9066.0
@@ -1 +1 @@
-cert106.pem
\ No newline at end of file
+cert098.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d41b5e2a.0 b/test/rules/platform_certs/default/d41b5e2a.0
index 158192fc7dde..e6f2f7d1094b 120000
--- a/test/rules/platform_certs/default/d41b5e2a.0
+++ b/test/rules/platform_certs/default/d41b5e2a.0
@@ -1 +1 @@
-cert128.pem
\ No newline at end of file
+cert113.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d4c339cb.0 b/test/rules/platform_certs/default/d4c339cb.0
index 14cb25329686..3f93be5f29e1 120000
--- a/test/rules/platform_certs/default/d4c339cb.0
+++ b/test/rules/platform_certs/default/d4c339cb.0
@@ -1 +1 @@
-cert099.pem
\ No newline at end of file
+cert091.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d4dae3dd.0 b/test/rules/platform_certs/default/d4dae3dd.0
index ff9922e53b2d..b6fe338c1eae 120000
--- a/test/rules/platform_certs/default/d4dae3dd.0
+++ b/test/rules/platform_certs/default/d4dae3dd.0
@@ -1 +1 @@
-cert082.pem
\ No newline at end of file
+cert075.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d59297b8.0 b/test/rules/platform_certs/default/d59297b8.0
index 590f09763ca0..90c574c79ffc 120000
--- a/test/rules/platform_certs/default/d59297b8.0
+++ b/test/rules/platform_certs/default/d59297b8.0
@@ -1 +1 @@
-cert072.pem
\ No newline at end of file
+cert065.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d6325660.0 b/test/rules/platform_certs/default/d6325660.0
index 14cb25329686..3f93be5f29e1 120000
--- a/test/rules/platform_certs/default/d6325660.0
+++ b/test/rules/platform_certs/default/d6325660.0
@@ -1 +1 @@
-cert099.pem
\ No newline at end of file
+cert091.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d6e6eab9.0 b/test/rules/platform_certs/default/d6e6eab9.0
deleted file mode 120000
index 4e69bf016efd..000000000000
--- a/test/rules/platform_certs/default/d6e6eab9.0
+++ /dev/null
@@ -1 +0,0 @@
-cert112.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d7746a63.0 b/test/rules/platform_certs/default/d7746a63.0
index ff9922e53b2d..b6fe338c1eae 120000
--- a/test/rules/platform_certs/default/d7746a63.0
+++ b/test/rules/platform_certs/default/d7746a63.0
@@ -1 +1 @@
-cert082.pem
\ No newline at end of file
+cert075.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d7e8dc79.0 b/test/rules/platform_certs/default/d7e8dc79.0
index be14627b585c..9d25f0e60cb0 120000
--- a/test/rules/platform_certs/default/d7e8dc79.0
+++ b/test/rules/platform_certs/default/d7e8dc79.0
@@ -1 +1 @@
-cert014.pem
\ No newline at end of file
+cert013.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d8317ada.0 b/test/rules/platform_certs/default/d8317ada.0
deleted file mode 120000
index 5b20fc4c4385..000000000000
--- a/test/rules/platform_certs/default/d8317ada.0
+++ /dev/null
@@ -1 +0,0 @@
-cert119.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/d853d49e.0 b/test/rules/platform_certs/default/d853d49e.0
index dcfdea4695e9..077461e29492 120000
--- a/test/rules/platform_certs/default/d853d49e.0
+++ b/test/rules/platform_certs/default/d853d49e.0
@@ -1 +1 @@
-cert076.pem
\ No newline at end of file
+cert069.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/da7377f6.0 b/test/rules/platform_certs/default/da7377f6.0
new file mode 120000
index 000000000000..68fd619a62a8
--- /dev/null
+++ b/test/rules/platform_certs/default/da7377f6.0
@@ -0,0 +1 @@
+cert131.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dbc54cab.0 b/test/rules/platform_certs/default/dbc54cab.0
index cd5cecffb316..78c8c289bffe 120000
--- a/test/rules/platform_certs/default/dbc54cab.0
+++ b/test/rules/platform_certs/default/dbc54cab.0
@@ -1 +1 @@
-cert068.pem
\ No newline at end of file
+cert061.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dbff3a01.0 b/test/rules/platform_certs/default/dbff3a01.0
new file mode 120000
index 000000000000..c64998b14fa3
--- /dev/null
+++ b/test/rules/platform_certs/default/dbff3a01.0
@@ -0,0 +1 @@
+cert135.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dc4d6a89.0 b/test/rules/platform_certs/default/dc4d6a89.0
new file mode 120000
index 000000000000..4d3818fc7c3e
--- /dev/null
+++ b/test/rules/platform_certs/default/dc4d6a89.0
@@ -0,0 +1 @@
+cert124.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dc99f41e.0 b/test/rules/platform_certs/default/dc99f41e.0
index dc215b21fff3..ad1a2c9e4e96 120000
--- a/test/rules/platform_certs/default/dc99f41e.0
+++ b/test/rules/platform_certs/default/dc99f41e.0
@@ -1 +1 @@
-cert116.pem
\ No newline at end of file
+cert106.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dd8e9d41.0 b/test/rules/platform_certs/default/dd8e9d41.0
index fecfe84b3ea3..125e20d7689f 120000
--- a/test/rules/platform_certs/default/dd8e9d41.0
+++ b/test/rules/platform_certs/default/dd8e9d41.0
@@ -1 +1 @@
-cert097.pem
\ No newline at end of file
+cert089.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/de6d66f3.0 b/test/rules/platform_certs/default/de6d66f3.0
index 158192fc7dde..e6f2f7d1094b 120000
--- a/test/rules/platform_certs/default/de6d66f3.0
+++ b/test/rules/platform_certs/default/de6d66f3.0
@@ -1 +1 @@
-cert128.pem
\ No newline at end of file
+cert113.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/def36a68.0 b/test/rules/platform_certs/default/def36a68.0
index b293d2f9656d..8270bf0a9083 120000
--- a/test/rules/platform_certs/default/def36a68.0
+++ b/test/rules/platform_certs/default/def36a68.0
@@ -1 +1 @@
-cert129.pem
\ No newline at end of file
+cert114.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/dfc0fe80.0 b/test/rules/platform_certs/default/dfc0fe80.0
index e6f2f7d1094b..412847d766b1 120000
--- a/test/rules/platform_certs/default/dfc0fe80.0
+++ b/test/rules/platform_certs/default/dfc0fe80.0
@@ -1 +1 @@
-cert113.pem
\ No newline at end of file
+cert103.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e113c810.0 b/test/rules/platform_certs/default/e113c810.0
index 214c9452624b..80aa69139189 120000
--- a/test/rules/platform_certs/default/e113c810.0
+++ b/test/rules/platform_certs/default/e113c810.0
@@ -1 +1 @@
-cert042.pem
\ No newline at end of file
+cert036.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e18bfb83.0 b/test/rules/platform_certs/default/e18bfb83.0
index fe8b7f684bf0..b03c490c2905 120000
--- a/test/rules/platform_certs/default/e18bfb83.0
+++ b/test/rules/platform_certs/default/e18bfb83.0
@@ -1 +1 @@
-cert093.pem
\ No newline at end of file
+cert085.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e2799e36.0 b/test/rules/platform_certs/default/e2799e36.0
index 91faf4e1386e..ae5698946b79 120000
--- a/test/rules/platform_certs/default/e2799e36.0
+++ b/test/rules/platform_certs/default/e2799e36.0
@@ -1 +1 @@
-cert047.pem
\ No newline at end of file
+cert040.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e36a6752.0 b/test/rules/platform_certs/default/e36a6752.0
index 5d5f80e33054..ff9922e53b2d 120000
--- a/test/rules/platform_certs/default/e36a6752.0
+++ b/test/rules/platform_certs/default/e36a6752.0
@@ -1 +1 @@
-cert090.pem
\ No newline at end of file
+cert082.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e442e424.0 b/test/rules/platform_certs/default/e442e424.0
index fe8b7f684bf0..b03c490c2905 120000
--- a/test/rules/platform_certs/default/e442e424.0
+++ b/test/rules/platform_certs/default/e442e424.0
@@ -1 +1 @@
-cert093.pem
\ No newline at end of file
+cert085.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e48193cf.0 b/test/rules/platform_certs/default/e48193cf.0
index 5b97615af165..fa7fca3f2ea3 120000
--- a/test/rules/platform_certs/default/e48193cf.0
+++ b/test/rules/platform_certs/default/e48193cf.0
@@ -1 +1 @@
-cert066.pem
\ No newline at end of file
+cert059.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e73d606e.0 b/test/rules/platform_certs/default/e73d606e.0
index e6f2f7d1094b..412847d766b1 120000
--- a/test/rules/platform_certs/default/e73d606e.0
+++ b/test/rules/platform_certs/default/e73d606e.0
@@ -1 +1 @@
-cert113.pem
\ No newline at end of file
+cert103.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e8651083.0 b/test/rules/platform_certs/default/e8651083.0
index 07968211a11f..f8a471e0b6e2 120000
--- a/test/rules/platform_certs/default/e8651083.0
+++ b/test/rules/platform_certs/default/e8651083.0
@@ -1 +1 @@
-cert057.pem
\ No newline at end of file
+cert050.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/e8de2f56.0 b/test/rules/platform_certs/default/e8de2f56.0
index 6c367fd21202..234aa2b2c2cc 120000
--- a/test/rules/platform_certs/default/e8de2f56.0
+++ b/test/rules/platform_certs/default/e8de2f56.0
@@ -1 +1 @@
-cert078.pem
\ No newline at end of file
+cert071.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ed39abd0.0 b/test/rules/platform_certs/default/ed39abd0.0
index fecfe84b3ea3..125e20d7689f 120000
--- a/test/rules/platform_certs/default/ed39abd0.0
+++ b/test/rules/platform_certs/default/ed39abd0.0
@@ -1 +1 @@
-cert097.pem
\ No newline at end of file
+cert089.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ee64a828.0 b/test/rules/platform_certs/default/ee64a828.0
index d752b5b008b5..f3d65f9515d0 120000
--- a/test/rules/platform_certs/default/ee64a828.0
+++ b/test/rules/platform_certs/default/ee64a828.0
@@ -1 +1 @@
-cert012.pem
\ No newline at end of file
+cert011.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ee7cd6fb.0 b/test/rules/platform_certs/default/ee7cd6fb.0
deleted file mode 120000
index a5914a9ae27a..000000000000
--- a/test/rules/platform_certs/default/ee7cd6fb.0
+++ /dev/null
@@ -1 +0,0 @@
-cert018.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/eed8c118.0 b/test/rules/platform_certs/default/eed8c118.0
index d0902e3730e9..cc53c2682802 120000
--- a/test/rules/platform_certs/default/eed8c118.0
+++ b/test/rules/platform_certs/default/eed8c118.0
@@ -1 +1 @@
-cert039.pem
\ No newline at end of file
+cert034.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ef954a4e.0 b/test/rules/platform_certs/default/ef954a4e.0
index ad1a2c9e4e96..d30fd61516a0 120000
--- a/test/rules/platform_certs/default/ef954a4e.0
+++ b/test/rules/platform_certs/default/ef954a4e.0
@@ -1 +1 @@
-cert106.pem
\ No newline at end of file
+cert098.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f013ecaf.0 b/test/rules/platform_certs/default/f013ecaf.0
new file mode 120000
index 000000000000..4cb45c9ec0e0
--- /dev/null
+++ b/test/rules/platform_certs/default/f013ecaf.0
@@ -0,0 +1 @@
+cert126.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f060240e.0 b/test/rules/platform_certs/default/f060240e.0
deleted file mode 120000
index 184c078f7fc0..000000000000
--- a/test/rules/platform_certs/default/f060240e.0
+++ /dev/null
@@ -1 +0,0 @@
-cert027.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f081611a.0 b/test/rules/platform_certs/default/f081611a.0
index 1a4e06971594..a5914a9ae27a 120000
--- a/test/rules/platform_certs/default/f081611a.0
+++ b/test/rules/platform_certs/default/f081611a.0
@@ -1 +1 @@
-cert021.pem
\ No newline at end of file
+cert018.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f0c70a8d.0 b/test/rules/platform_certs/default/f0c70a8d.0
index b02322a14ba4..8e03fa2ac01b 120000
--- a/test/rules/platform_certs/default/f0c70a8d.0
+++ b/test/rules/platform_certs/default/f0c70a8d.0
@@ -1 +1 @@
-cert138.pem
\ No newline at end of file
+cert123.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f0cd152c.0 b/test/rules/platform_certs/default/f0cd152c.0
new file mode 120000
index 000000000000..b02322a14ba4
--- /dev/null
+++ b/test/rules/platform_certs/default/f0cd152c.0
@@ -0,0 +1 @@
+cert138.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f30dd6ad.0 b/test/rules/platform_certs/default/f30dd6ad.0
index ecbee746f069..fe8b7f684bf0 120000
--- a/test/rules/platform_certs/default/f30dd6ad.0
+++ b/test/rules/platform_certs/default/f30dd6ad.0
@@ -1 +1 @@
-cert101.pem
\ No newline at end of file
+cert093.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f3377b1b.0 b/test/rules/platform_certs/default/f3377b1b.0
index 80f821db43c6..6b9e3cee1364 120000
--- a/test/rules/platform_certs/default/f3377b1b.0
+++ b/test/rules/platform_certs/default/f3377b1b.0
@@ -1 +1 @@
-cert016.pem
\ No newline at end of file
+cert015.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f387163d.0 b/test/rules/platform_certs/default/f387163d.0
index cb763a0db33c..6d3afc9f7b75 120000
--- a/test/rules/platform_certs/default/f387163d.0
+++ b/test/rules/platform_certs/default/f387163d.0
@@ -1 +1 @@
-cert022.pem
\ No newline at end of file
+cert019.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f39fc864.0 b/test/rules/platform_certs/default/f39fc864.0
index dfc09b96e7a1..997960c9a6fd 120000
--- a/test/rules/platform_certs/default/f39fc864.0
+++ b/test/rules/platform_certs/default/f39fc864.0
@@ -1 +1 @@
-cert035.pem
\ No newline at end of file
+cert030.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f459871d.0 b/test/rules/platform_certs/default/f459871d.0
new file mode 120000
index 000000000000..fe08ce674247
--- /dev/null
+++ b/test/rules/platform_certs/default/f459871d.0
@@ -0,0 +1 @@
+cert133.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f51bb24c.0 b/test/rules/platform_certs/default/f51bb24c.0
new file mode 120000
index 000000000000..bbce6c435741
--- /dev/null
+++ b/test/rules/platform_certs/default/f51bb24c.0
@@ -0,0 +1 @@
+cert132.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/f90208f7.0 b/test/rules/platform_certs/default/f90208f7.0
deleted file mode 120000
index a5914a9ae27a..000000000000
--- a/test/rules/platform_certs/default/f90208f7.0
+++ /dev/null
@@ -1 +0,0 @@
-cert018.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/facacbc6.0 b/test/rules/platform_certs/default/facacbc6.0
index cc53c2682802..b71513fe981a 120000
--- a/test/rules/platform_certs/default/facacbc6.0
+++ b/test/rules/platform_certs/default/facacbc6.0
@@ -1 +1 @@
-cert034.pem
\ No newline at end of file
+cert029.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fb5fa911.0 b/test/rules/platform_certs/default/fb5fa911.0
index 4cb45c9ec0e0..f79cc53a1883 120000
--- a/test/rules/platform_certs/default/fb5fa911.0
+++ b/test/rules/platform_certs/default/fb5fa911.0
@@ -1 +1 @@
-cert126.pem
\ No newline at end of file
+cert111.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fc5a8f99.0 b/test/rules/platform_certs/default/fc5a8f99.0
index 62f8be0348c9..4d799e74ef9e 120000
--- a/test/rules/platform_certs/default/fc5a8f99.0
+++ b/test/rules/platform_certs/default/fc5a8f99.0
@@ -1 +1 @@
-cert100.pem
\ No newline at end of file
+cert092.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fd08c599.0 b/test/rules/platform_certs/default/fd08c599.0
index be63f53484ff..819e00043983 120000
--- a/test/rules/platform_certs/default/fd08c599.0
+++ b/test/rules/platform_certs/default/fd08c599.0
@@ -1 +1 @@
-cert125.pem
\ No newline at end of file
+cert110.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fde84897.0 b/test/rules/platform_certs/default/fde84897.0
index 214c9452624b..80aa69139189 120000
--- a/test/rules/platform_certs/default/fde84897.0
+++ b/test/rules/platform_certs/default/fde84897.0
@@ -1 +1 @@
-cert042.pem
\ No newline at end of file
+cert036.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/fe8a2cd8.0 b/test/rules/platform_certs/default/fe8a2cd8.0
index 8270bf0a9083..d59e7b0ac35d 120000
--- a/test/rules/platform_certs/default/fe8a2cd8.0
+++ b/test/rules/platform_certs/default/fe8a2cd8.0
@@ -1 +1 @@
-cert114.pem
\ No newline at end of file
+cert104.pem
\ No newline at end of file
diff --git a/test/rules/platform_certs/default/ff34af3f.0 b/test/rules/platform_certs/default/ff34af3f.0
index 3b86526d9425..d3d34182b0b4 120000
--- a/test/rules/platform_certs/default/ff34af3f.0
+++ b/test/rules/platform_certs/default/ff34af3f.0
@@ -1 +1 @@
-cert130.pem
\ No newline at end of file
+cert115.pem
\ No newline at end of file
diff --git a/test/rules/src/https_everywhere_checker/check_rules.py b/test/rules/src/https_everywhere_checker/check_rules.py
index f942034123d1..f3d5baf00152 100644
--- a/test/rules/src/https_everywhere_checker/check_rules.py
+++ b/test/rules/src/https_everywhere_checker/check_rules.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 
 import binascii
 import argparse
@@ -14,15 +14,18 @@
 import threading
 import time
 
-from configparser import SafeConfigParser
+from configparser import ConfigParser
 
 from lxml import etree
 
 import http_client
 import metrics
+import urllib.parse
 from rules import Ruleset
 from rule_trie import RuleTrie
+from datetime import datetime
 
+timestamp = datetime.now().replace(microsecond=0)
 
 def convertLoglevel(levelString):
     """Converts string 'debug', 'info', etc. into corresponding
@@ -99,13 +102,14 @@ def processTask(self, task):
         problems = []
         for url in task.urls:
             result = self.processUrl(url, task)
-            if result:
+            if result[0]:
                 problems.append(result)
         if problems:
             for problem in problems:
-                logging.error("{}: {}".format(task.ruleFname, problem))
+                logging.error("{}: {}".format(task.ruleFname, problem[0]))
             if self.autoDisable:
-                disableRuleset(task.ruleset, problems)
+                urlCount = len(task.urls)
+                disableRuleset(task.ruleset, problems, urlCount)
 
     def queue_result(self, result, details, fname, url, https_url=None):
         """
@@ -141,7 +145,7 @@ def fetchUrl(self, plainUrl, transformedUrl, fetcherPlain, fetcherRewriting, rul
         except Exception as e:
             errno, message = e.args
             if errno == 6:
-                message = "Fetch error: {} => {}: {}".format(
+                message = "Time: {}\n Fetch error: {} => {}: {}".format(timestamp,
                     plainUrl, transformedUrl, e)
                 self.queue_result("error", "fetch-error {}".format(e),
                                   ruleFname, plainUrl, https_url=transformedUrl)
@@ -209,17 +213,32 @@ def processUrl(self, plainUrl, task):
         logging.info("Finished comparing {} -> {}. Rulefile: {}.".format(
                     plainUrl, transformedUrl, ruleFname))
 
-        return message
+        return [message, plainUrl]
 
 
-def disableRuleset(ruleset, problems):
-    logging.info("Disabling ruleset {}".format(ruleset.filename))
+def disableRuleset(ruleset, problemRules, urlCount):
+    problems = [problem[0] for problem in problemRules]
+    rules = [problem[1] for problem in problemRules]
     contents = open(ruleset.filename).read()
+
     # Don't bother to disable rulesets that are already disabled
     if re.search("\bdefault_off=", contents):
         return
-    contents = re.sub("(<ruleset [^>]*)>",
-                      "\\1 default_off='failed ruleset test'>", contents)
+
+    # Go ahead and disable rulset if all targets are problematic
+    if urlCount == len(problemRules):
+        logging.info("Disabling ruleset {}".format(ruleset.filename))
+        disableMessage = "Entire ruleset disabled at {}\n".format(timestamp)
+        contents = re.sub("(<ruleset [^>]*)>",
+            "\\1 default_off=\"failed ruleset test\">", contents);
+    # If not all targets, just the target
+    else:
+        for rule in rules:
+            disableMessage = "The following targets have been disabled at {}:\n".format(timestamp)
+            host = urllib.parse.urlparse(rule)
+            logging.info("Disabling target {}".format(host.netloc))
+            contents = re.sub('<[ \n]*target[ \n]+host[ \n]*=[ \n]*"{}"[ \n]*/?[ \n]*>'.format(host.netloc),
+                '<!-- target host="{}" /-->'.format(host.netloc), contents);
 
     # Since the problems are going to be inserted into an XML comment, they cannot
     # contain "--", or they will generate a parse error. Split up all "--" with a
@@ -230,9 +249,9 @@ def disableRuleset(ruleset, problems):
         contents = "<!--\n-->\n" + contents
     problemStatement = ("""
 <!--
-Disabled by https-everywhere-checker because:
 {}
-""".format("\n".join(problems)))
+{}
+""".format(disableMessage, "\n".join(problems)))
     contents = re.sub("^<!--", problemStatement, contents)
     with open(ruleset.filename, "w") as f:
         f.write(contents)
@@ -247,7 +266,8 @@ def disableRuleset(ruleset, problems):
 
 def skipFile(filename):
     hasher = hashlib.new('sha256')
-    hasher.update(open(filename, 'rb').read())
+    with open(filename, 'rb') as f:
+        hasher.update(f.read())
     if hasher.digest() in skipdict:
         return True
     else:
@@ -293,7 +313,7 @@ def cli():
                         help='write results in json file')
     args = parser.parse_args()
 
-    config = SafeConfigParser()
+    config = ConfigParser()
     config.read(args.checker_config)
 
     logfile = config.get("log", "logfile")
@@ -351,14 +371,6 @@ def cli():
     metricClass = getMetricClass(metricName)
     metric = metricClass()
 
-    # Debugging options, graphviz dump
-    dumpGraphvizTrie = False
-    if config.has_option("debug", "dump_graphviz_trie"):
-        dumpGraphvizTrie = config.getboolean("debug", "dump_graphviz_trie")
-    if dumpGraphvizTrie:
-        graphvizFile = config.get("debug", "graphviz_file")
-        exitAfterDump = config.getboolean("debug", "exit_after_dump")
-
     if args.rule_files:
         xmlFnames = args.rule_files
     else:
@@ -377,7 +389,8 @@ def cli():
                 "Skipping rule file '{}', matches skiplist.".format(xmlFname))
             continue
 
-        ruleset = Ruleset(etree.parse(open(xmlFname, "rb")).getroot(), xmlFname)
+        with open(xmlFname, "rb") as f:
+            ruleset = Ruleset(etree.parse(f).getroot(), xmlFname)
         if ruleset.defaultOff and not includeDefaultOff:
             logging.debug("Skipping rule '{}', reason: {}".format(
                           ruleset.name, ruleset.defaultOff))
@@ -410,17 +423,6 @@ def cli():
         trie.addRuleset(ruleset)
         rulesets.append(ruleset)
 
-    # Trie is built now, dump it if it's set in config
-    if dumpGraphvizTrie:
-        logging.debug("Dumping graphviz ruleset trie")
-        graph = trie.generateGraphizGraph()
-        if graphvizFile == "-":
-            graph.dot()
-        else:
-            with open(graphvizFile, "w") as gvFd:
-                graph.dot(gvFd)
-        if exitAfterDump:
-            sys.exit(0)
     fetchOptions = http_client.FetchOptions(config)
     fetchers = list()
 
@@ -446,7 +448,6 @@ def cli():
         resQueue = queue.Queue()
         startTime = time.time()
         testedUrlPairCount = 0
-        config.getboolean("debug", "exit_after_dump")
 
         for i in range(threadCount):
             t = UrlComparisonThread(
diff --git a/test/rules/src/https_everywhere_checker/gvgen.py b/test/rules/src/https_everywhere_checker/gvgen.py
deleted file mode 100644
index 29f2c8d469a2..000000000000
--- a/test/rules/src/https_everywhere_checker/gvgen.py
+++ /dev/null
@@ -1,449 +0,0 @@
-#!/usr/bin/env python3.6
-# -*- coding: utf-8 -*-
-# $Id: gvgen.py 10440 2007-10-23 15:17:33Z toady $
-"""
-GvGen - Generate dot file to be processed by graphviz
-Copyright (c) 2007 INL
-Written by Sebastien Tricaud <sebastien.tricaud@inl.fr>
-
-This program is free software; you can redistribute it and/or modify
-it under the terms of the GNU General Public License as published by
-the Free Software Foundation, version 2 of the License.
-
-This program is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-GNU General Public License for more details.
-
-You should have received a copy of the GNU General Public License
-along with this program; if not, write to the Free Software
-Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
-
-2007/11/17: cleaned a bit and retabbed to match gentoo's portage code
-guidelines. This gvgen.py comes from gvgen-0.6.
-Ondrej Mikle
-
-"""
-
-from sys import stdout
-
-debug = 0
-
-
-class GvGen:
-    """
-    Graphviz dot language Generation Class
-    For example of usage, please see the __main__ function
-    """
-    __id = 0
-    __edges = []
-    __browse_level = 0					# Stupid depth level for self.browse
-    __opened_braces = []				# We count opened clusters
-    fd = stdout							# File descriptor to output dot
-    padding_str = "	"					# Left padding to make children and parent look nice
-    __styles = {}
-    __default_style = []
-    options = None
-
-    def __init__(self, options=None):
-        self.max_line_width = 10
-        self.max_arrow_width = 2
-        self.line_factor = 1
-        self.arrow_factor = 0.5
-
-        self.options = options
-
-    def __edge_new(self, name, parent=None, distinct=None):
-        """
-        Create a new edge in the data structure
-        @name: Name of the edge, that will be the graphviz label
-        @parent: The edge parent id
-        @distinct: if true, will not create and edge that has the same name
-
-        Returns: The edge id created
-        """
-
-        # We first check for distincts
-        if distinct:
-            if self.__edges:
-                for e in self.__edges:
-                    props = e['properties']
-                    if props['label'] == name:
-                        # We found the label name matching, we return -1
-                        return -1
-
-        # We now insert into gvgen datastructure
-        self.__id += 1
-        edge = {'id': self.__id,		# Internal ID
-                'lock': 0,				# When the edge is written, it is locked to avoid further references
-                'parent': parent,		# Edge parent for easy graphviz clusters
-                'to': [],				# Every node where this node points to
-                'style': None,			# Style that GvGen allow you to create
-                'properties': {			# Custom graphviz properties you can add, which will overide previously defined styles
-                    'label': name
-                }
-                }
-
-        self.__edges.append(edge)
-        return self.__id
-
-    def __has_children(self, eid):
-        """
-        Find children to a given parent id
-        Returns the children list
-        """
-        children_list = []
-        for e in self.__edges:
-            if e['parent'] == eid:
-                children_list.append(e['id'])
-
-        return children_list
-
-    def getEdge(self, eid):
-        """
-        Returns the edge data
-        """
-        for e in self.__edges:
-            if e['id'] == eid:
-                return e
-
-    def newItem(self, name, parent=None, distinct=None):
-        edge = self.__edge_new(name, parent, distinct)
-
-        return edge
-
-    def newLink(self, src, dst, label=None):
-        """
-        Link two existing edges with each other
-        """
-        try:
-            s = self.getEdge(src)
-            try:
-                d = self.getEdge(dst)
-                s['to'].append(d['id'])
-            except:
-                print("/* (newLink): Cannot get the destination edge */")
-
-        except:
-            print("/* (newLink): Cannot get the source edge */")
-
-    def debug(self):
-        for e in self.__edges:
-            print("element = " + str(e))
-
-    def collectLeaves(self, parentid):
-        """
-        Collect every leaf sharing the same parent
-        """
-        cl = []
-        for e in self.__edges:
-            if e['parent'] == parentid:
-                cl.append(e['id'])
-
-        return cl
-
-    def collectUnlockedLeaves(self, parentid):
-        """
-        Collect every leaf sharing the same parent
-        unless it is locked
-        """
-        cl = []
-        for e in self.__edges:
-            if e['parent'] == parentid:
-                if not e['lock']:
-                    cl.append(e['id'])
-
-        return cl
-
-    def lockEdge(self, eid):
-        e = self.getEdge(eid)
-        e['lock'] = 1
-
-    #
-    # Start: styles management
-    #
-    def styleAppend(self, stylename, key, val):
-        if stylename not in self.__styles:
-            self.__styles[stylename] = []
-
-        self.__styles[stylename].append([key, val])
-
-    def styleApply(self, stylename, eid):
-        e = self.getEdge(eid)
-        e['style'] = stylename
-
-    def styleDefaultAppend(self, key, val):
-        self.__default_style.append([key, val])
-
-    #
-    # End: styles management
-    #
-
-    #
-    # Start: properties management
-    #
-    def propertiesAsStringGet(self, eid, props):
-        """
-        Get the properties string according to parent/children
-        props is the properties dictionnary
-        """
-
-        properties = ""
-        applied_style = 0
-
-        #
-        # Default style come first, they can then be overriden
-        #
-        if self.__default_style:
-            e = self.getEdge(eid)
-            if self.__has_children(eid):
-                for s in self.__default_style:
-                    properties += "{}=\"{}\";\n".format(str(s[0]), str(s[1]))
-            else:
-                # Build the properties string for edge
-                applied_style = 1
-                properties = "["
-                for s in self.__default_style:
-                    properties += "{}=\"{}\",".format(str(s[0]), str(s[1]))
-                if not props:
-                    properties = properties[:-1]
-                    properties += "]"
-
-        #
-        # First, we build the styles
-        #
-        e = self.getEdge(eid)
-        if e['style']:
-            stylename = e['style']
-
-            if self.__has_children(eid):
-                for s in self.__styles[stylename]:
-                    properties += "{}=\"{}\";\n".format(str(s[0]), str(s[1]))
-            else:
-                # Build the properties string for edge
-                applied_style = 1
-                properties = "["
-                for s in self.__styles[stylename]:
-                    properties += "{}=\"{}\",".format(str(s[0]), str(s[1]))
-                if not props:
-                    properties = properties[:-1]
-                    properties += "]"
-
-        #
-        # Now we build the properties:
-        # remember they override styles
-        #
-        if self.__has_children(eid):
-            if props:
-                for k in props.keys():
-                    val = props[k]
-                    properties += "{}=\"{}\";\n".format(str(k), str(val))
-        else:
-            # Build the properties string for edge
-            if props:
-                if not applied_style:
-                    properties = "["
-                for k in props.keys():
-                    val = props[k]
-                    properties += "{}=\"{}\",".format(str(k), str(val))
-                # We delete the last ','
-                properties = properties[:-1]
-                properties += "]"
-
-        return properties
-
-    def propertyAppend(self, eid, key, val):
-        """
-        Append a property to the wanted edge
-        myedge = newItem(\"blah\")
-        Ex. propertyAppend(myedge, \"color\", \"red\")
-        """
-        e = self.getEdge(eid)
-        props = e['properties']
-        props[key] = val
-
-    #
-    # End: Properties management
-    #
-
-    def tree_debug(self, level, eid, children):
-        if children:
-            print("(level:{}) Eid:{} has children ({})".format(
-                level, eid, str(children)))
-        else:
-            print("Eid:"+str(eid)+" has no children")
-
-    def tree(self, level, eid, children):
-        """
-        Core function to output dot which sorts out parents and children
-        and do it in the right order
-        """
-        e = self.getEdge(eid)
-        if debug:
-            print("/* Grabed edge = {}*/".format(str(e)))
-
-        if e['lock'] == 1:			  # The edge is locked, nothing should be printed
-            return
-
-        props = e['properties']
-
-        e['lock'] = 1
-
-        if children:
-            self.fd.write(level * self.padding_str)
-            self.fd.write(self.padding_str + "subgraph cluster{} {\n".format(eid))
-            properties = self.propertiesAsStringGet(eid, props)
-            self.fd.write(level * self.padding_str)
-            self.fd.write(self.padding_str + "{}".format(properties))
-            self.__opened_braces.append([eid, level])
-        else:
-
-            # We grab appropriate properties
-            properties = self.propertiesAsStringGet(eid, props)
-
-            # We get the latest opened elements
-            if self.__opened_braces:
-                last_cluster, last_level = self.__opened_braces[-1]
-            else:
-                last_cluster = 0
-                last_level = 0
-
-            if debug:
-                print("/* e[parent] = {}, last_cluster = {}, last_level = {}, opened_braces: {} */".format(
-                    str(e['parent']), last_cluster, last_level, str(self.__opened_braces)))
-
-            # Write children/parent with properties
-            if e['parent']:
-                if e['parent'] != last_cluster:
-                    while e['parent'] < last_cluster:
-                        last_cluster, last_level = self.__opened_braces[-1]
-                        if e['parent'] == last_cluster:
-                            last_level += 1
-                            # We browse any property to build a string
-                            self.fd.write(last_level * self.padding_str)
-                            self.fd.write(self.padding_str +
-                                          "edge{} {};\n".format(eid, properties))
-                        else:
-                            self.fd.write(last_level * self.padding_str)
-                            self.fd.write(self.padding_str + "}\n")
-                            self.__opened_braces.pop()
-                else:
-                    self.fd.write(level * self.padding_str)
-                    self.fd.write(self.padding_str + "edge{} {};\n".format(eid, properties))
-                    cl = self.collectUnlockedLeaves(e['parent'])
-                    for leaf in cl:
-                        l = self.getEdge(leaf)
-                        props = l['properties']
-                        properties = self.propertiesAsStringGet(leaf, props)
-                        self.fd.write(last_level * self.padding_str)
-                        self.fd.write(
-                            self.padding_str + self.padding_str + "edge{} {};\n".format(leaf, properties))
-                        self.lockEdge(leaf)
-
-                    self.fd.write(level * self.padding_str + "}\n")
-                    self.__opened_braces.pop()
-            else:
-                self.fd.write(self.padding_str + "edge{} {};\n".format(eid, properties))
-
-    def browse(self, eid, cb):
-        """
-        Browse edges in a tree and calls cb providing edge parameters
-        """
-        children = self.__has_children(eid)
-        if children:
-            cb(self.__browse_level, eid, str(children))
-            for c in children:
-                self.__browse_level += 1
-                self.browse(c, cb)
-
-        else:
-            cb(self.__browse_level, eid, None)
-            self.__browse_level = 0
-
-    # We write the links between nodes
-    def dotLinks(self, eid):
-
-        e = self.getEdge(eid)
-
-        for to in e['to']:
-            # We cannot link from a cluster
-            children = self.__has_children(eid)
-            if children:
-                raise Exception("Cannot link from a parent")
-
-            children = self.__has_children(to)
-            if children:
-                raise Exception("Cannot link to a parent")
-            self.fd.write("edge{}->edge{};\n".format(eid, to))
-
-    def dot(self, fd=stdout):
-        """
-        Translates the datastructure into dot
-        """
-        try:
-            self.fd = fd
-
-            self.fd.write("digraph G {\n")
-
-            if self.options:
-                self.fd.write(self.options+"\n")
-
-            # We write parents and children in order
-            for e in self.__edges:
-                self.browse(e['id'], self.tree)
-
-            # We write the connection between nodes
-            for e in self.__edges:
-                self.dotLinks(e['id'])
-
-            # We put all the nodes belonging to the parent
-            self.fd.write("}\n")
-        finally:
-            # Remove our reference to file descriptor
-            self.fd = None
-
-    #
-    # Begin: Backward API compatibility (with gvglue)
-    #
-    def properties_style_add(self, stylename, key, val):
-        print("/* Warning, use of deprecated function (properties_style_add). Please use 'styleAppend' now */")
-        self.styleAppend(stylename, key, val)
-
-    def properties_style_apply(self, stylename, eid):
-        print("/* Warning, use of deprecated function (properties_style_apply). Please use 'styleApply' now */")
-        self.styleApply(stylename, eid)
-
-    def finish(self, fd=stdout):
-        print("/* Warning, use of deprecated function (finish). Please use 'dot' now */")
-        self.dot(fd)
-
-
-if __name__ == "__main__":
-    graph = GvGen()
-
-    graph.styleDefaultAppend("color", "blue")
-
-    parents = graph.newItem("Parents")
-    father = graph.newItem("Bob", parents)
-    mother = graph.newItem("Alice", parents)
-    children = graph.newItem("Children")
-    child1 = graph.newItem("Carol", children)
-    child2 = graph.newItem("Eve", children)
-    child3 = graph.newItem("Isaac", children)
-    postman = graph.newItem("Postman")
-    graph.newLink(father, child1)
-    graph.newLink(father, child2)
-    graph.newLink(mother, child2)
-    graph.newLink(mother, child1)
-    graph.newLink(mother, child3)
-    graph.newLink(postman, child3)
-
-    graph.propertyAppend(postman, "color", "red")
-    graph.propertyAppend(postman, "fontcolor", "white")
-
-    graph.styleAppend("Post", "color", "blue")
-    graph.styleAppend("Post", "style", "filled")
-    graph.styleAppend("Post", "shape", "rectangle")
-    graph.styleApply("Post", postman)
-
-    graph.dot()
diff --git a/test/rules/src/https_everywhere_checker/http_client.py b/test/rules/src/https_everywhere_checker/http_client.py
index eea534c8ec73..7cd0f5178dd3 100644
--- a/test/rules/src/https_everywhere_checker/http_client.py
+++ b/test/rules/src/https_everywhere_checker/http_client.py
@@ -46,7 +46,9 @@ def getCAPath(self, platform):
 class FetchOptions(object):
     """HTTP fetcher options like timeouts."""
 
-    # The default list of cipher suites that ships with Firefox 51.0.1
+    # The default list of cipher suites that are supported in Firefox ESR, Chrome
+    # These naming formats are from OpenSSL
+    # This list is crosschecked with https://wiki.mozilla.org/Security/Cipher_Suites and https://clienttest.ssllabs.com
     _DEFAULT_CIPHERLIST = "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:AES128-SHA:AES256-SHA:DES-CBC3-SHA"
 
     def __init__(self, config):
@@ -346,7 +348,7 @@ def staticFetch(url, options, platformPath):
             c.perform()
 
             bufValue = buf.getvalue()
-            headerStr = headerBuf.getvalue().decode('utf-8')
+            headerStr = headerBuf.getvalue().decode('utf-8', 'ignore')
             httpCode = c.getinfo(pycurl.HTTP_CODE)
         finally:
             buf.close()
diff --git a/test/rules/src/https_everywhere_checker/rule_trie.py b/test/rules/src/https_everywhere_checker/rule_trie.py
index 5ef47cbbbb31..a2cb2e1e123f 100644
--- a/test/rules/src/https_everywhere_checker/rule_trie.py
+++ b/test/rules/src/https_everywhere_checker/rule_trie.py
@@ -1,11 +1,10 @@
 import urllib.parse
 import os.path
-from gvgen import GvGen
 
 # Rule trie
 #
 # Rule trie is a suffix tree that resolves which rulesets should apply for a
-# given FDQN. FQDN is first tranformed from potential IDN form into punycode
+# given FDQN. FQDN is first transformed from potential IDN form into punycode
 # ASCII. Every node in the tree has a list of rulesets that maps the part of
 # FQDN between dots to list/set of rulesets.
 #
@@ -62,7 +61,6 @@ def __init__(self, subDomain, rulesets, depth):
         self.subDomain = subDomain
         self.rulesets = rulesets
         self.children = {}  # map of subdomain to instance of DomainNode
-        self.gvNode = None  # node for graphing with graphviz
         self.depth = depth  # depth in tree, root is at depth 0
 
     def addChild(self, subNode):
@@ -122,39 +120,6 @@ def prettyPrint(self, offset=0):
         for child in self.children.values():
             child.prettyPrint(offset+3)
 
-    def makeSubdomainEdge(self, graph, parent, child):
-        """Make edge in graph of parent domain to child subdomain.
-        GvGen nodes are created if not yet existing.
-
-        @param graph: gvgen.GvGen object
-        @param parent: parent DomainNode
-        @param child: child DomainNode
-        """
-        if not child.gvNode:
-            child.gvNode = graph.newItem(child.subDomain)
-            graph.propertyAppend(child.gvNode, "shape", "octagon")
-        if not parent.gvNode:
-            # the "or" part so that root has some name
-            parent.gvNode = graph.newItem(parent.subDomain or "<root>")
-            graph.propertyAppend(parent.gvNode, "shape", "octagon")
-
-        graph.newLink(parent.gvNode, child.gvNode)
-
-    def generateGraphizGraph(self, graph):
-        """Return tree as a GvGen object that can be output to dot file.
-
-        @param graph: gvgen.GvGen object
-        """
-        for child in self.children.values():
-            self.makeSubdomainEdge(graph, self, child)
-            child.generateGraphizGraph(graph)
-
-        for ruleset in self.rulesets:
-            rulesetGvNode = graph.newItem(os.path.basename(ruleset.filename))
-            graph.propertyAppend(rulesetGvNode, "shape", "rectangle")
-            graph.propertyAppend(rulesetGvNode, "color", "green")
-            graph.newLink(self.gvNode, rulesetGvNode)
-
     def __str__(self):
         return "<DomainNode for '{}', rulesets: {}>".format(self.subDomain, self.rulesets)
 
@@ -225,7 +190,7 @@ def transformUrl(self, url):
         ruleset matched, resulting RuleMatch object will have None set
         as the matching ruleset.
 
-        @returns: RuleMatch with tranformed URL and ruleset that applied
+        @returns: RuleMatch with transformed URL and ruleset that applied
         @throws: RuleTransformError if scheme is wrong (e.g. file:///)
         """
         parsed = urllib.parse.urlparse(url)
@@ -241,14 +206,5 @@ def transformUrl(self, url):
                 return RuleMatch(newUrl, ruleset)
         return RuleMatch(url, None)
 
-    def generateGraphizGraph(self):
-        """Return graphviz graph of this trie.
-
-        @return: gvgen.GvGen object
-        """
-        graph = GvGen()
-        self.root.generateGraphizGraph(graph)
-        return graph
-
     def prettyPrint(self):
         self.root.prettyPrint()
diff --git a/test/rules/src/https_everywhere_checker/rules.py b/test/rules/src/https_everywhere_checker/rules.py
index 83ef41a17b0e..431819677216 100644
--- a/test/rules/src/https_everywhere_checker/rules.py
+++ b/test/rules/src/https_everywhere_checker/rules.py
@@ -80,6 +80,11 @@ def __init__(self, url):
         """
         self.url = url
 
+    def __eq__(test1, test2):
+        return test1.url == test2.url
+
+    def __hash__(self):
+        return self.url.__hash__()
 
 class Ruleset(object):
     """Represents one XML ruleset file."""
@@ -176,6 +181,14 @@ def _determineTestApplication(self):
                  off that rule or exclusion.  Return any coverage problems."""
         if not self.determine_test_application_run:
             self.test_application_problems = []
+
+            # check for duplicated test urls
+            if len(self.tests) != len(set(self.tests)):
+                for test in set(self.tests):
+                    if self.tests.count(test) > 1:
+                        self.test_application_problems.append("%s: Duplicated test URL found %s" % (
+                            self.filename, test.url))
+
             for test in self.tests:
                 applies = self.whatApplies(test.url)
                 if applies:
@@ -304,14 +317,14 @@ def getCoverageProblems(self):
             if target.endswith(".*"):
                 needed_count = 10
 
-            # non-wildcard target always have a implicit test url, if is it not excluded
+            # non-wildcard target always have an implicit test url, if is it not excluded
             if not "*" in target and not self.excludes(("http://{}/".format(target))):
                 continue
 
             # According to the logic in rules.js available at
             # EFForg/https-everywhere/blob/07fe9bd51456cc963c2d99e327f3183e032374ee/chromium/rules.js#L404
             #
-            pattern = target.replace('.', '\.')  # .replace('*', '.+')
+            pattern = target.replace('.', r'\.')  # .replace('*', '.+')
 
             # `*.example.com` matches `bar.example.com` and `foo.bar.example.com` etc.
             if pattern[0] == '*':
@@ -319,10 +332,10 @@ def getCoverageProblems(self):
 
             # however, `example.*` match `example.com` but not `example.co.uk`
             if pattern[-1] == '*':
-                pattern = pattern.replace('*', '[^\.]+')
+                pattern = pattern.replace('*', '[^.]+')
 
             # `www.*.example.com` match `www.image.example.com` but not `www.ssl.image.example.com`
-            pattern = pattern.replace('*', '[^\.]+')
+            pattern = pattern.replace('*', '[^.]+')
 
             pattern = '^' + pattern + '$'
 
@@ -343,15 +356,15 @@ def getCoverageProblems(self):
             # Don't treat the question mark in non-capturing and lookahead groups as increasing the
             # number of required tests.
             needed_count = needed_count - \
-                len(regex.findall("\(\?:", rule.fromPattern))
+                len(regex.findall(r"\(\?:", rule.fromPattern))
             needed_count = needed_count - \
-                len(regex.findall("\(\?!", rule.fromPattern))
+                len(regex.findall(r"\(\?!", rule.fromPattern))
             needed_count = needed_count - \
-                len(regex.findall("\(\?=", rule.fromPattern))
+                len(regex.findall(r"\(\?=", rule.fromPattern))
             # Don't treat escaped questions marks as increasing the number of required
             # tests.
             needed_count = needed_count - \
-                len(regex.findall("\\?", rule.fromPattern))
+                len(regex.findall(r"\?", rule.fromPattern))
             actual_count = len(rule.tests)
             if actual_count < needed_count:
                 problems.append("{}: Not enough tests ({} vs {}) for {}".format(
@@ -361,9 +374,9 @@ def getCoverageProblems(self):
             needed_count = 1 + \
                 len(regex.findall("[+*?|]", exclusion.exclusionPattern))
             needed_count = needed_count - \
-                len(regex.findall("\(\?:", exclusion.exclusionPattern))
+                len(regex.findall(r"\(\?:", exclusion.exclusionPattern))
             needed_count = needed_count - \
-                len(regex.findall("\\?", rule.fromPattern))
+                len(regex.findall(r"\?", rule.fromPattern))
             actual_count = len(exclusion.tests)
             if actual_count < needed_count:
                 problems.append("{}: Not enough tests ({} vs {}) for {}".format(
diff --git a/test/run_travis.sh b/test/run_travis.sh
index 5f01cca66a56..9d2c7758c3a4 100755
--- a/test/run_travis.sh
+++ b/test/run_travis.sh
@@ -26,7 +26,7 @@ function run_unittests {
 }
 
 function run_selenium {
-  ENABLE_XVFB=1 py.test -v --capture=no ${testdir} # autodiscover and run the tests
+  ENABLE_XVFB=1 pytest -v --capture=no ${testdir} # autodiscover and run the tests
 }
 
 if [ "$TEST" == "lint" ]; then
@@ -79,8 +79,8 @@ elif [ "$TEST" == "validations" ] || [ "$TEST" == "fetch" ] || [ "$TEST" == "pre
 
     if [ "$TEST" == "fetch" ]; then
       echo >&2 "Testing test URLs in all changed rulesets."
-      # --privileged is required here for miredo to create a network tunnel
-      docker run --rm -ti -v $(pwd):/opt -e RULESETS_CHANGED="$RULESETS_CHANGED" --privileged httpse bash -c "service miredo start && service tor start && test/fetch.sh"
+      # NET_ADMIN capability is required here for miredo to create a network tunnel
+      docker run --rm -ti -v $(pwd):/opt -e RULESETS_CHANGED="$RULESETS_CHANGED" --sysctl net.ipv6.conf.all.disable_ipv6=0 --cap-add NET_ADMIN --cap-add MKNOD httpse bash -c "mkdir -p /dev/net && mknod /dev/net/tun c 10 200 && service miredo start && service tor start && test/fetch.sh"
     fi
 
     if [ "$TEST" == "preloaded" ]; then
diff --git a/test/script.py b/test/script.py
index 3fd5993e30c1..f2f671a1b26e 100644
--- a/test/script.py
+++ b/test/script.py
@@ -1,8 +1,8 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 #
 # Run Selenium tests for HTTPS Everywhere
 #
-# This script may be executed as `python3.6 script.py [directory of CRX]`
+# This script may be executed as `python3 script.py [directory of CRX]`
 #
 # The script is compatible with Python 3.6.
 # Selenium, WebDriver and Google Chrome (or Chromium) must be installed
@@ -16,14 +16,9 @@
 from selenium.webdriver.firefox.firefox_binary import FirefoxBinary
 
 class bcolors:
-    HEADER = '\033[95m'
-    OKBLUE = '\033[94m'
     OKGREEN = '\033[92m'
-    WARNING = '\033[93m'
     FAIL = '\033[91m'
     ENDC = '\033[0m'
-    BOLD = '\033[1m'
-    UNDERLINE = '\033[4m'
 
 
 if sys.argv[1] == "Chrome":
@@ -46,7 +41,7 @@ class bcolors:
 
     try:
         # First argument is optional, if not specified will search path.
-        driver = webdriver.Chrome(chromedriver_path, chrome_options=chromeOps)
+        driver = webdriver.Chrome(chromedriver_path, options=chromeOps)
     except WebDriverException as e:
         error = e.__str__()
 
@@ -57,15 +52,18 @@ class bcolors:
             sys.exit(2)
         else:
             raise e
+    
+    # Allow the extension time to load
+    time.sleep(1)
 
 if sys.argv[1] == "Firefox":
     fp = webdriver.FirefoxProfile(sys.argv[2])
     try:
         if len(sys.argv) == 4:
             binary = FirefoxBinary(sys.argv[3])
-            driver = webdriver.Firefox(fp, firefox_binary=binary, log_path=os.devnull)
+            driver = webdriver.Firefox(fp, firefox_binary=binary, service_log_path=os.devnull)
         else:
-            driver = webdriver.Firefox(fp, log_path=os.devnull)
+            driver = webdriver.Firefox(fp, service_log_path=os.devnull)
     except WebDriverException as e:
         error = e.__str__()
 
diff --git a/test/selenium/requirements.txt b/test/selenium/requirements.txt
index 8f3610e8519b..518a89e7698a 100644
--- a/test/selenium/requirements.txt
+++ b/test/selenium/requirements.txt
@@ -1,4 +1,4 @@
 selenium
-xvfbwrapper 
-pytest
+xvfbwrapper
+pytest>=3
 lxml
diff --git a/test/selenium/shim.py b/test/selenium/shim.py
index 9c8461f251fb..b75612294278 100644
--- a/test/selenium/shim.py
+++ b/test/selenium/shim.py
@@ -3,13 +3,14 @@
 from collections import namedtuple
 import subprocess
 import time
+import shutil
 
 from selenium import webdriver
 from selenium.webdriver import DesiredCapabilities
 from selenium.webdriver.chrome.options import Options
 
 firefox_info = {'extension_id': 'https-everywhere-eff@eff.org', 'uuid': 'd56a5b99-51b6-4e83-ab23-796216679614'}
-chrome_info = {'extension_id': 'nmleinhehnmmepmdbjddclicgpfhbdjo'}
+chrome_info = {'extension_id': 'kofalhllfompobhklifpbealgeckijek'}
 
 
 BROWSER_TYPES = ['chrome', 'firefox']
@@ -52,13 +53,22 @@ def get_browser_name(string):
 
 def build_crx():
     '''Builds the .crx file for Chrome and returns the path to it'''
-    cmd = [os.path.join(get_git_root(), 'make.sh')]
-    return os.path.join(get_git_root(), run_shell_command(cmd).split()[-1])
+    cmd = [os.path.join(get_git_root(), 'make.sh'), '--remove-update-channels']
+    run_shell_command(cmd)
+
+    # Since this is an unpacked extension we're loading, the extension ID is
+    # determined by the below `crx_dir` path alone. Don't alter it without
+    # changing the corresponding ID at the top of this file.
+
+    crx_dir = os.path.join(os.sep, 'tmp','https-everywhere-test')
+    shutil.rmtree(crx_dir, True)
+    shutil.copytree(os.path.join(get_git_root(), 'pkg', 'crx-cws'), crx_dir)
+    return crx_dir
 
 
 def build_xpi():
-    cmd = [os.path.join(get_git_root(), 'make.sh')]
-    return os.path.join(get_git_root(), run_shell_command(cmd).split()[-3])
+    cmd = [os.path.join(get_git_root(), 'make.sh'), '--remove-update-channels']
+    return os.path.join(get_git_root(), run_shell_command(cmd).split()[-5])
 
 
 def install_ext_on_ff(driver, extension_path):
@@ -149,13 +159,13 @@ def chrome_manager(self):
         opts = Options()
         if self.on_travis:  # github.com/travis-ci/travis-ci/issues/938
             opts.add_argument("--no-sandbox")
-        opts.add_extension(self.extension_path)
+        opts.add_argument("--load-extension=" + self.extension_path)
         opts.binary_location = self.browser_path
         opts.add_experimental_option("prefs", {"profile.block_third_party_cookies": False})
 
         caps = DesiredCapabilities.CHROME.copy()
 
-        driver = webdriver.Chrome(chrome_options=opts, desired_capabilities=caps)
+        driver = webdriver.Chrome(options=opts, desired_capabilities=caps)
         try:
             yield driver
         finally:
diff --git a/test/selenium/test_navigation.py b/test/selenium/test_navigation.py
index fb225ac7b504..ccc403fc56fb 100644
--- a/test/selenium/test_navigation.py
+++ b/test/selenium/test_navigation.py
@@ -1,4 +1,5 @@
 import unittest
+from time import sleep
 
 from util import ExtensionTestCase
 
@@ -6,9 +7,9 @@
 
 http_url = 'http://http.badssl.com/'
 
-
 class TestNavigation(ExtensionTestCase):
     def test_redirect(self):
+        sleep(3)
         self.driver.get(kittens_url)
         self.assertTrue(self.driver.current_url.startswith('https'))
 
@@ -18,11 +19,11 @@ def test_no_redirect_when_disabled(self):
         self.assertEqual(self.driver.current_url, kittens_url)  # not https
 
     def test_httpnowhere_blocks(self):
-        if self.shim.browser_type == 'firefox':
-            raise unittest.SkipTest('broken on firefox')
+        # if self.shim.browser_type == 'firefox':
+        #     raise unittest.SkipTest('broken on firefox')
         href_script = 'return window.location.href;'
-        self.toggle_http_nowhere()
         self.driver.get(http_url)
+        self.toggle_http_nowhere()
         self.assertFalse(http_url == self.driver.execute_script(href_script))
 
     def test_http_site_not_blocked(self):
diff --git a/test/selenium/test_options.py b/test/selenium/test_options.py
index 48cb71359741..eeb301285f8b 100644
--- a/test/selenium/test_options.py
+++ b/test/selenium/test_options.py
@@ -1,3 +1,5 @@
+import unittest
+from time import sleep
 from util import ExtensionTestCase
 
 class OptionsTest(ExtensionTestCase):
@@ -7,21 +9,3 @@ def load_options(self):
     def test_options(self):
         self.load_options()
         self.assertEqual(self.driver.current_url, self.shim.options_url)
-
-    def test_show_counter(self):
-        selector = '#showCounter'
-        self.load_options()
-        el = self.query_selector(selector)
-        self.assertTrue(el.is_selected())
-        el.click()
-
-        self.driver.refresh()
-
-        self.load_options()
-        el = self.query_selector(selector)
-        self.assertFalse(el.is_selected())
-        el.click()
-
-        self.driver.refresh()
-        el = self.query_selector(selector)
-        self.assertTrue(el.is_selected())
diff --git a/test/selenium/test_popup.py b/test/selenium/test_popup.py
index a1f758cda7b0..b25c19725011 100644
--- a/test/selenium/test_popup.py
+++ b/test/selenium/test_popup.py
@@ -1,3 +1,4 @@
+import unittest
 from util import ExtensionTestCase
 
 
@@ -5,45 +6,59 @@ class TestPopup(ExtensionTestCase):
     def test_rule_shown(self):
         url = 'http://freerangekitten.com'
         with self.load_popup_for(url):
-            el = self.query_selector('#StableRules > div > label > span')
-            self.assertTrue(el.text.lower() in url)
+            #Open Rule Management section
+            see_more_prompt = self.query_selector('#RuleManagement__see_more--prompt')
+            see_more_prompt.click()
+
+            #Check to see if stable rule is checked
+            checkbox_el = self.driver.find_element_by_id('stable_ruleset_1')
+            self.assertTrue(checkbox_el.is_selected())
 
     def test_disable_enable(self):
-        selector = '#onoffswitch'
+        selector = '#onoffswitch__label'
+        checkbox = 'onoffswitch'
         var_name = 'background.state.isExtensionEnabled'
 
         # disable https everywhere
         with self.load_popup_for():
             el = self.query_selector(selector)
-            self.assertTrue(el.is_selected())
+            # Using query_selector does not work here if element isn't "plainly" visible on page, fails on Chrome
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertTrue(checkbox_el.is_selected())
             el.click() # disable
 
         with self.load_popup_for():
             el = self.query_selector(selector)
-            self.assertFalse(el.is_selected())
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertFalse(checkbox_el.is_selected())
             el.click()
 
         with self.load_popup_for():
             el = self.query_selector(selector)
-            self.assertTrue(el.is_selected())
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertTrue(checkbox_el.is_selected())
 
     def test_http_nowhere(self):
-        selector = '#http-nowhere-checkbox'
+        selector = '#http-nowhere-checkbox_label'
+        checkbox = 'http-nowhere-checkbox'
         var_name = 'background.state.httpNowhereOn'
 
         # check default state and enable
         with self.load_popup_for():
             el = self.query_selector(selector)
-            self.assertFalse(el.is_selected())
+            # Using query_selector does not work here if element isn't "plainly" visible on page, fails on Chrome
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertFalse(checkbox_el.is_selected())
             el.click()
 
         # check it is enabled, and disable
         with self.load_popup_for():
             el = self.query_selector(selector)
-            self.assertTrue(el.is_selected())
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertTrue(checkbox_el.is_selected())
             el.click() # disable
 
         # check disabled
         with self.load_popup_for():
-            el = self.query_selector(selector)
-            self.assertFalse(el.is_selected()) # default state
+            checkbox_el = self.driver.find_element_by_id(checkbox)
+            self.assertFalse(checkbox_el.is_selected()) # default state
diff --git a/test/selenium/util.py b/test/selenium/util.py
index 4d80e319d645..d0a8e59b2c5a 100644
--- a/test/selenium/util.py
+++ b/test/selenium/util.py
@@ -12,7 +12,7 @@
 
 import shim
 
-SEL_DEFAULT_WAIT_TIMEOUT = 10
+SEL_DEFAULT_WAIT_TIMEOUT = 20
 
 parse_stdout = lambda res: res.strip().decode('utf-8')
 
@@ -113,14 +113,14 @@ def load_popup_for(self, url='about:blank'):
         self.driver.switch_to.window(bg)
 
     def toggle_disabled(self):
-        selector = '#onoffswitch'
+        selector = '#onoffswitch__label'
         with self.load_popup_for():
             el = self.query_selector(selector)
             el.click()
             time.sleep(0.25)
 
     def toggle_http_nowhere(self):
-        selector = '#http-nowhere-checkbox'
+        selector = '#http-nowhere-checkbox_label'
         with self.load_popup_for():
             el = self.query_selector(selector)
             el.click()
diff --git a/test/setup_travis.sh b/test/setup_travis.sh
index da5e73ffb10c..859df38a4474 100755
--- a/test/setup_travis.sh
+++ b/test/setup_travis.sh
@@ -3,26 +3,30 @@ set -x
 toplevel=$(git rev-parse --show-toplevel)
 
 function setup_chrome {
-    # Install the latest version of the chromedriver
-    version=$(wget https://chromedriver.storage.googleapis.com/LATEST_RELEASE -q -O -)
-    url="https://chromedriver.storage.googleapis.com/${version}/chromedriver_linux64.zip"
-    wget -O /tmp/chromedriver.zip ${url}
+    # install the appropriate chromedriver version (for chrome stable & beta)
+    chrome_version=$("${BROWSER}" --product-version | cut -d . -f 1-3)
+    chromedriver_version_url=https://chromedriver.storage.googleapis.com/LATEST_RELEASE_"${chrome_version}"
+    chromedriver_version=$(wget "${chromedriver_version_url}" -q -O -)
+    chromedriver_url=https://chromedriver.storage.googleapis.com/"${chromedriver_version}"/chromedriver_linux64.zip
+
+    echo "Setting up chromedriver ${chromedriver_version} for ${1} ${chrome_version}"
+
+    wget -O /tmp/chromedriver.zip ${chromedriver_url}
     sudo unzip /tmp/chromedriver.zip chromedriver -d /usr/local/bin/
     sudo chmod a+x /usr/local/bin/chromedriver
 }
 
 function setup_firefox {
-    #version=$(curl -s https://api.github.com/repos/mozilla/geckodriver/releases/latest | grep tag_name | cut -d '"' -f 4)
-    # versions >= 0.18.0 are broken for esr, versions <= 0.17.0 have driver.set_timeouts broken
-    version="v0.17.0"
-    url="https://github.com/mozilla/geckodriver/releases/download/${version}/geckodriver-${version}-linux64.tar.gz"
-    wget -O /tmp/geckodriver.tar.gz ${url}
+    # install the latest version of geckodriver
+    firefox_version=$("${BROWSER}" -version)
+    geckodriver_version=$(curl -sI https://github.com/mozilla/geckodriver/releases/latest | grep -i "^Location: " | sed 's/.*\///' | tr -d '\r')
+    geckodriver_url="https://github.com/mozilla/geckodriver/releases/download/${geckodriver_version}/geckodriver-${geckodriver_version}-linux64.tar.gz"
+
+    echo "Setting up geckodriver ${geckodriver_version} for ${firefox_version}"
+
+    wget -O /tmp/geckodriver.tar.gz ${geckodriver_url}
     sudo tar -xvf /tmp/geckodriver.tar.gz -C /usr/local/bin/
     sudo chmod a+x /usr/local/bin/geckodriver
-
-    # ./make.sh requires xmllint
-    sudo apt-get -qq update
-    sudo apt-get install -y libxml2-utils
 }
 
 function browser_setup {
@@ -48,7 +52,7 @@ function setup_docker {
 
 case $TEST in
   *chrome*)
-    setup_chrome
+    setup_chrome "$TEST"
     browser_setup
     ;;
   *firefox*) # Install the latest version of geckodriver
diff --git a/test/tor-browser.sh b/test/tor-browser.sh
index a35c598a3a49..c789c50b7849 100755
--- a/test/tor-browser.sh
+++ b/test/tor-browser.sh
@@ -5,14 +5,13 @@
 
 if [ -n "$GIT_DIR" ]
 then
-    # $GIT_DIR is set, so we're running as a hook.
-    cd $GIT_DIR
+  # $GIT_DIR is set, so we're running as a hook.
+  cd $GIT_DIR
 else
-    # Git command exists? Cool, let's CD to the right place.
-    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+  # Git command exists? Cool, let's CD to the right place.
+  git rev-parse && cd "$(git rev-parse --show-toplevel)"
 fi
 
-
 source utils/mktemp.sh
 
 die() {
@@ -32,11 +31,16 @@ trap 'rm -r "$PROFILE_DIRECTORY"' EXIT
 tar -Jxvf $1 -C $PROFILE_DIRECTORY > /dev/null
 TBB_LOCALIZED_DIRECTORY=`find $PROFILE_DIRECTORY -maxdepth 1 -mindepth 1 -type d`
 HTTPSE_INSTALL_XPI=$TBB_LOCALIZED_DIRECTORY/Browser/TorBrowser/Data/Browser/profile.default/extensions/https-everywhere-eff@eff.org.xpi
-echo 'pref("extensions.https_everywhere.log_to_stdout", true);' >> $TBB_LOCALIZED_DIRECTORY/Browser/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js
-echo 'pref("extensions.https_everywhere.LogLevel", 0);' >> $TBB_LOCALIZED_DIRECTORY/Browser/TorBrowser/Data/Browser/profile.default/preferences/extension-overrides.js
 # Remove the prebundled HTTPSE
 rm -rf $HTTPSE_INSTALL_XPI
 
+# Allow unsigned extensions
+echo '
+user_pref("xpinstall.signatures.required", false);
+user_pref("devtools.chrome.enabled", true);
+user_pref("devtools.debugger.remote-enabled", true);
+' >> $TBB_LOCALIZED_DIRECTORY/Browser/TorBrowser/Data/Browser/profile.default/user.js
+
 # Build the XPI to run all the validations in make.sh, and to ensure that
 # we test what is actually getting built.
 ./make.sh
@@ -49,8 +53,8 @@ if [ ! -f "$HTTPSE_INSTALL_XPI" ]; then
   die "Tor Browser does not have HTTPS Everywhere installed"
 fi
 
-echo "running tor browser"
+echo "Running Tor Browser"
 $TBB_LOCALIZED_DIRECTORY/Browser/start-tor-browser --verbose ${@:2}
 
-shasum=$(openssl sha -sha256 "$XPI_NAME")
+shasum=$(openssl dgst -sha256 "$XPI_NAME")
 echo -e "Git commit `git rev-parse HEAD`\n$shasum"
diff --git a/test/validations.sh b/test/validations.sh
index 50d328a6155c..bdd18834dcc0 100755
--- a/test/validations.sh
+++ b/test/validations.sh
@@ -4,7 +4,7 @@
 utils/remove-obsolete-references.sh
 test/validations/path/run.sh
 test/validations/test-coverage/run.sh
-python3.6 test/validations/securecookie/run.py
-python3.6 test/validations/filename/run.py
-python3.6 test/validations/relaxng/run.py
-python3.6 test/validations/special/run.py --quiet
+python3 test/validations/securecookie/run.py
+python3 test/validations/filename/run.py
+python3 test/validations/relaxng/run.py
+python3 test/validations/special/run.py --quiet
diff --git a/test/validations/filename/run.py b/test/validations/filename/run.py
index 37c0bdaedd3c..e0adf6c886ad 100755
--- a/test/validations/filename/run.py
+++ b/test/validations/filename/run.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 #
 # Validates and provides a generator for ruleset filenames
 #
@@ -24,7 +24,7 @@ def validate_filenames():
 
     for fi in filenames:
         basename = fi.split(os.path.sep)[-1]
-        if basename == '00README' or basename == 'make-trivial-rule' or basename == 'default.rulesets':
+        if basename == '00README' or basename == 'make-trivial-rule' or basename == 'default.rulesets' or basename == 'default.rulesets.json':
             continue
 
         if " " in fi:
diff --git a/test/validations/relaxng/run.py b/test/validations/relaxng/run.py
index 97e730934c35..aa9395bb9015 100644
--- a/test/validations/relaxng/run.py
+++ b/test/validations/relaxng/run.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 # -*- encoding: utf-8 -*-
 
 import argparse
diff --git a/test/validations/relaxng/schema.xml b/test/validations/relaxng/schema.xml
index d04ad6e825b2..c2232903f1c9 100644
--- a/test/validations/relaxng/schema.xml
+++ b/test/validations/relaxng/schema.xml
@@ -29,7 +29,7 @@
       <element name="target">
         <attribute name="host">
           <data type="string">
-            <param name="pattern">(([a-z0-9äö_-]+|\*)\.)*([a-z0-9äö-]+|\*)</param>
+            <param name="pattern">(\*\.)?([a-z0-9_-]+\.)+([a-z0-9-]+|\*)</param>
           </data>
         </attribute>
       </element>
@@ -60,7 +60,7 @@
                  the hostname), and at least one other slash (terminating the
                  hostname, and possible beginning a path). Alternatively it can be
                  the literal string "^http:". -->
-            <param name="pattern">(\^.*//.*/.*|\^http:)</param>
+            <param name="pattern">(\^http://.*/.*|\^http:)</param>
           </data>
         </attribute>
         <attribute name="to">
diff --git a/test/validations/securecookie/run.py b/test/validations/securecookie/run.py
index da315dd52428..76738dea8b31 100644
--- a/test/validations/securecookie/run.py
+++ b/test/validations/securecookie/run.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 
 # This python utility check for wildcard securecookies which
 # can be normalized, warn and exit with non-zero when such
diff --git a/test/validations/special/duplicate-allowlist-cleanup.sh b/test/validations/special/duplicate-allowlist-cleanup.sh
new file mode 100755
index 000000000000..38f58c759b5d
--- /dev/null
+++ b/test/validations/special/duplicate-allowlist-cleanup.sh
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+TMPFILE=`mktemp /tmp/buffer.XXXXXXXX`
+trap 'rm "$TMPFILE"' EXIT
+
+for host in `cat test/validations/special/duplicate-allowlist.txt`; do
+    REGEX_ESCAPED_HOST=`python3 -c "import re; print(re.escape('$host'))"`
+    REPEATS=`egrep -l "<target\s+host=\s*\"$REGEX_ESCAPED_HOST\"\s*/>" src/chrome/content/rules/*.xml | wc -l`
+    if [ $REPEATS -gt 1 ]; then
+        echo $host
+    fi
+done > $TMPFILE
+
+cp --force $TMPFILE test/validations/special/duplicate-allowlist.txt
diff --git a/test/validations/special/duplicate-allowlist.txt b/test/validations/special/duplicate-allowlist.txt
new file mode 100644
index 000000000000..7d3a62a9b3fc
--- /dev/null
+++ b/test/validations/special/duplicate-allowlist.txt
@@ -0,0 +1,113 @@
+mailing.channel4.com
+training.citrix.com
+drownedinsound.com
+now.eloqua.com
+foxydeal.com
+foxydeal.de
+www.gfi.com
+forum.girlsoutwest.com
+forums.girlsoutwest.com
+gsu.edu
+hostoople.com
+ieeexplore.ieee.org
+infinet.com.au
+ivegotkids.com
+ideas.joomla.org
+jrrt.org.uk
+esat.kuleuven.be
+www.esat.kuleuven.be
+latimes.com
+liberalamerica.org
+liftdna.com
+fundusze-emerytalne.money.pl
+fundusze-inwestycyjne.money.pl
+karty-kredytowe.money.pl
+kredyty-gotowkowe.money.pl
+kredyty-mieszkaniowe.money.pl
+kredyty-samochodowe.money.pl
+lokaty-bankowe.money.pl
+npmawesome.com
+webmail.nyi.net
+nykeurope.com
+careers.peopleclick.com
+www.rackspace.com
+redbullmobile.at
+reddpics.com
+www.cits.ruhr-uni-bochum.de
+www.ruhr-uni-bochum.de
+www2.scribblelive.com
+sparxtrading.com
+thompsonhotels.com
+togevi.com
+blog.trendmicro.com
+countermeasures.trendmicro.eu
+flow.typo3.org
+ul.ie
+businessforums.verizon.net
+digitalcommons.wustl.edu
+openscholarship.wustl.edu
+tpsnews.ca
+www.tpsnews.ca
+pygmyboats.com
+www.pygmyboats.com
+petitions.moveon.org
+email.bild.de
+direct.asda.com
+info.mheducation.com
+www.wiltshire.police.uk
+www.coochey.net
+www.zdv.uni-mainz.de
+go.sirsidynix.com
+amazingcareers.firstdirect.com
+www.amazingcareers.firstdirect.com
+info.unit4.com
+licensing.ofcom.org.uk
+styles.ofcom.org.uk
+www.autotrader.co.uk
+autotrader.co.uk
+nitroflare.com
+www.nitroflare.com
+www.scotland.police.uk
+councilmeetings.lewisham.gov.uk
+files.conferencemanager.dk
+huuto.net
+salattu.huuto.net
+www.huuto.net
+www.thebureauinvestigates.com
+www.upi.com
+blog.sigfig.com
+www.pumo.com.tw
+www.hkyantoyan.com
+www.888173.net
+www.ratfishoil.com
+www.tum.de
+www.filmlinc.com
+shop.look.co.uk
+blog.vungle.com
+www.vungle.com
+www.jeffnabers.com
+www.suppliesfordreams.org
+www.sparxtrading.com
+landing.lyris.com
+www.ebuyer.com
+blog.ebuyer.com
+wiki.sequanux.org
+www.opensrs.com
+www.redbullmobile.at
+k.ilius.net
+stda.ilius.net
+wp-poc.details.com
+www.jrrt.org.uk
+www.ul.ie
+www.hostoople.com
+hostooplecms.hostooplecom.netdna-cdn.com
+www.gsu.edu
+thumbs.dreamstime.com
+support.arpnetworks.com
+jobs.datacenterknowledge.com
+cdn.nejm.org
+guides.thenextweb.com
+jobs.thenextweb.com
+www.liberalamerica.org
+www.latimes.com
+www.thompsonhotels.com
diff --git a/test/validations/special/duplicate-whitelist-cleanup.sh b/test/validations/special/duplicate-whitelist-cleanup.sh
deleted file mode 100755
index 22dbb7081c74..000000000000
--- a/test/validations/special/duplicate-whitelist-cleanup.sh
+++ /dev/null
@@ -1,14 +0,0 @@
-#!/bin/sh
-
-TMPFILE=`mktemp /tmp/buffer.XXXXXXXX`
-trap 'rm "$TMPFILE"' EXIT
-
-for host in `cat test/validations/special/duplicate-whitelist.txt`; do
-    REGEX_ESCAPED_HOST=`python3.6 -c "import re; print(re.escape('$host'))"`
-    REPEATS=`egrep -l "<target\s+host=\s*\"$REGEX_ESCAPED_HOST\"\s*/>" src/chrome/content/rules/*.xml | wc -l`
-    if [ $REPEATS -gt 1 ]; then
-        echo $host
-    fi
-done > $TMPFILE
-
-cp --force $TMPFILE test/validations/special/duplicate-whitelist.txt
diff --git a/test/validations/special/duplicate-whitelist.txt b/test/validations/special/duplicate-whitelist.txt
deleted file mode 100644
index b9c619d1dc52..000000000000
--- a/test/validations/special/duplicate-whitelist.txt
+++ /dev/null
@@ -1,152 +0,0 @@
-portuguese.101domain.com
-spanish.101domain.com
-a.abcnews.com
-abcnews.go.com
-feedback.adroll.com
-adyadvantage.com
-aftenposten.no
-www1.arun.gov.uk
-mailing.channel4.com
-training.citrix.com
-consumerreports.org
-dell.com
-www.dell.com
-investors.demandware.com
-dice.com
-www.dice.com
-drownedinsound.com
-now.eloqua.com
-*.eveonline.com
-eveonline.com
-foxydeal.com
-foxydeal.de
-freeporngif.com
-www.freeporngif.com
-g33kinfo.com
-www.g33kinfo.com
-geocaching.com
-www.geocaching.com
-www.gfi.com
-forum.girlsoutwest.com
-forums.girlsoutwest.com
-a.abcnews.go.com
-gsu.edu
-code.highcharts.com
-hostoople.com
-ieeexplore.ieee.org
-inc.com
-inductionsolutions.com
-infinet.com.au
-ivegotkids.com
-ideas.joomla.org
-jrrt.org.uk
-esat.kuleuven.be
-www.esat.kuleuven.be
-latimes.com
-liberalamerica.org
-liftdna.com
-linbit.com
-server.iad.liveperson.net
-mediciglobal.com
-fundusze-emerytalne.money.pl
-fundusze-inwestycyjne.money.pl
-karty-kredytowe.money.pl
-kredyty-gotowkowe.money.pl
-kredyty-mieszkaniowe.money.pl
-kredyty-samochodowe.money.pl
-lokaty-bankowe.money.pl
-nelonen.fi
-www.nelonen.fi
-npmawesome.com
-nydailynews.com
-webmail.nyi.net
-nykeurope.com
-careers.peopleclick.com
-pdu.edu
-www.rackspace.com
-redbullmobile.at
-reddpics.com
-www.cits.ruhr-uni-bochum.de
-www.ruhr-uni-bochum.de
-savethechildren.org.uk
-www2.scribblelive.com
-sparxtrading.com
-suppliesfordreams.org
-www.techrepublic.com
-thefederalistpapers.org
-thompsonhotels.com
-ti.com
-www.ti.com
-togevi.com
-www.toplist.cz
-blog.trendmicro.com
-countermeasures.trendmicro.eu
-tripwire.com
-www.tripwire.com
-flow.typo3.org
-ul.ie
-unm.edu
-businessforums.verizon.net
-help.walmart.com
-members.webs.com
-digitalcommons.wustl.edu
-openscholarship.wustl.edu
-www.blogsmithmedia.com
-www.hostingcatalog.com
-zylon.net
-www.zylon.net
-www.lduhtrp.net
-tpsnews.ca
-www.tpsnews.ca
-pygmyboats.com
-www.pygmyboats.com
-hosting.unimatrix.si
-www.mediciglobal.com
-bbc.co.uk
-www.bbc.co.uk
-www.linbit.com
-petitions.moveon.org
-about.fundinfo.com
-email.bild.de
-direct.asda.com
-event.kmd.dk
-static.naukri.com
-info.mheducation.com
-www.wiltshire.police.uk
-www.coochey.net
-editions.thing.net
-www.zdv.uni-mainz.de
-www.cherwell.gov.uk
-go.sirsidynix.com
-amazingcareers.firstdirect.com
-www.amazingcareers.firstdirect.com
-info.unit4.com
-licensing.ofcom.org.uk
-styles.ofcom.org.uk
-www.autotrader.co.uk
-autotrader.co.uk
-datafile.com
-www.datafile.com
-nitroflare.com
-www.nitroflare.com
-www.scotland.police.uk
-*.espivblogs.net
-www.20min.ch
-m.20min.ch
-www.adyadvantage.com
-reverb.echo.nasa.gov
-thediplomat.com
-www.thediplomat.com
-www.thefederalistpapers.org
-voxmedia.com
-marketing.voxmedia.com
-product.voxmedia.com
-www.voxmedia.com
-councilmeetings.lewisham.gov.uk
-files.conferencemanager.dk
-music.cbc.ca
-huuto.net
-salattu.huuto.net
-www.huuto.net
-www.thebureauinvestigates.com
-www.upi.com
diff --git a/test/validations/special/run.py b/test/validations/special/run.py
index 143d6a40c71e..14b0ed6ff9ec 100755
--- a/test/validations/special/run.py
+++ b/test/validations/special/run.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 
 import glob
 import argparse
@@ -32,9 +32,9 @@ def fail(s):
 xpath_cookie_host_pattern = etree.XPath("/ruleset/securecookie/@host")
 xpath_cookie_name_pattern = etree.XPath("/ruleset/securecookie/@name")
 
-# Load lists of ruleset names whitelisted for duplicate rules
+# Load lists of ruleset names allowlisted for duplicate rules
 thispath = os.path.dirname(os.path.realpath(__file__))
-with open(thispath + '/duplicate-whitelist.txt') as duplicate_fh:
+with open(thispath + '/duplicate-allowlist.txt') as duplicate_fh:
     duplicate_allowed_list = [x.rstrip('\n') for x in duplicate_fh.readlines()]
 
 filenames = glob.glob(thispath + '/../../../src/chrome/content/rules/*')
@@ -157,7 +157,7 @@ def nomes_all(where=sys.argv[1:]):
     xml_parser = etree.XMLParser(remove_blank_text=True)
 
     basename = filename.split(os.path.sep)[-1]
-    if basename == '00README' or basename == 'make-trivial-rule' or basename == 'default.rulesets':
+    if basename == '00README' or basename == 'make-trivial-rule' or basename == 'default.rulesets' or basename == 'default.rulesets.json':
         continue
 
     try:
@@ -188,7 +188,7 @@ def nomes_all(where=sys.argv[1:]):
 for host, count in host_counter.most_common():
     if count > 1:
         if host in duplicate_allowed_list:
-            warn("Whitelisted hostname %s shows up in %d different rulesets." % (host, count))
+            warn("Allowlisted hostname %s shows up in %d different rulesets." % (host, count))
         else:
             failure = 1
             fail("Hostname %s shows up in %d different rulesets." % (host, count))
diff --git a/test/validations/test-coverage/run.sh b/test/validations/test-coverage/run.sh
index ba1867722f52..953f6008da77 100755
--- a/test/validations/test-coverage/run.sh
+++ b/test/validations/test-coverage/run.sh
@@ -24,10 +24,10 @@ if ! [ -d test/rules ] ; then
   exit 1
 fi
 if [ $# -gt 0 ] ; then
-  exec python3.6 test/rules/src/https_everywhere_checker/check_rules.py \
+  exec python3 test/rules/src/https_everywhere_checker/check_rules.py \
     test/rules/coverage.checker.config "$@"
 fi
-if ! python3.6 test/rules/src/https_everywhere_checker/check_rules.py \
+if ! python3 test/rules/src/https_everywhere_checker/check_rules.py \
       test/rules/coverage.checker.config; then
   echo '
 Ruleset test coverage was insufficient.
diff --git a/translations b/translations
index 4aa0f8863454..5885a200bb15 160000
--- a/translations
+++ b/translations
@@ -1 +1 @@
-Subproject commit 4aa0f8863454d828119acfdf405069f529a75c5b
+Subproject commit 5885a200bb15b5d7320e8f53293ff067a9943629
diff --git a/utils/android-push.sh b/utils/android-push.sh
index 5a0421326a35..6e09b50c70c4 100755
--- a/utils/android-push.sh
+++ b/utils/android-push.sh
@@ -11,15 +11,32 @@ fi
 
 # Push to Android Firefox if device is connected
 # XXX on some systems, adb may require sudo...
-if type adb > /dev/null 2>/dev/null && adb devices >/dev/null 2>/dev/null ; then
-  ADB_FOUND=`adb devices | grep -v 'offline$' | tail -2 | head -1 | cut -f 1 | sed 's/ *$//g'`
-  if [ "$ADB_FOUND" != "List of devices attached" ]; then
-    echo Pushing "$XPI_NAME" to /sdcard/"$XPI_NAME"
-    adb push "../$XPI_NAME" /sdcard/"$XPI_NAME"
-    adb shell am start -a android.intent.action.VIEW \
-                       -c android.intent.category.DEFAULT \
-                       -d file:///mnt/sdcard/pkg/ \
-                       -n $ANDROID_APP_ID/.App
+if type adb > /dev/null 2>/dev/null ; then
+  #running `adb devices` below will start adb server/daemon if it wasn't running already
+  #we start it and make note if it's us that started it or not, so we can stop it afterwards
+  if adb start-server 2>&1 |grep -qF 'daemon not running' ; then
+    we_started_adb_daemon=1
+  else
+    we_started_adb_daemon=0
+  fi
+  on_exit() {
+    if test "$we_started_adb_daemon" == "1"; then
+      #if we started it we kill it, to avoid constant dmesg PME# spam, see issue 18103
+      adb kill-server
+    fi
+  }
+  trap on_exit EXIT SIGINT
+
+  if adb devices >/dev/null 2>/dev/null ; then
+    ADB_FOUND=`adb devices | grep -v 'offline$' | tail -2 | head -1 | cut -f 1 | sed 's/ *$//g'`
+    if [ "$ADB_FOUND" != "List of devices attached" ]; then
+      echo Pushing "$XPI_NAME" to /sdcard/"$XPI_NAME"
+      adb push "../$XPI_NAME" /sdcard/"$XPI_NAME"
+      adb shell am start -a android.intent.action.VIEW \
+                         -c android.intent.category.DEFAULT \
+                         -d file:///mnt/sdcard/pkg/ \
+                         -n $ANDROID_APP_ID/.App
+    fi
   fi
 fi
 
diff --git a/utils/chromium-translations.py b/utils/chromium-translations.py
index 14ab20c52ff9..a9d7318efc13 100644
--- a/utils/chromium-translations.py
+++ b/utils/chromium-translations.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 """
 Given two directories, copy Firefox-style https-everywhere.dtd translations from
 the first directory into appropriately-named Chromium-style messages.json
@@ -15,23 +15,25 @@
 message_regex = re.compile("<!ENTITY https-everywhere\.([\w.-]+) \"(.*?)\">")
 
 def convert(locale):
-  target_messages = {}
-  with open(os.path.join(source_dir, locale, "https-everywhere.dtd"), 'r', encoding='utf-8') as f:
-    for line in f:
-      m = message_regex.search(line)
-      if m:
-        message_name = m.group(1)
-        message_value = m.group(2)
-        message_name = re.sub("[.-]", "_", message_name)
-        target_messages[message_name] = {
-          "message": message_value
-        }
-  target_dir = os.path.join(dest_dir, locale)
-  if not os.path.isdir(target_dir):
-    os.mkdir(target_dir)
-  with open(os.path.join(target_dir, "messages.json"), "w") as out_file:
-    out_file.write(json.dumps(target_messages, sort_keys=True, indent=4))
+  translation_file = os.path.join(source_dir, locale, "https-everywhere.dtd")
+  if os.path.isfile(translation_file):
+    target_messages = {}
+    with open(translation_file, 'r', encoding='utf-8') as f:
+      for line in f:
+        m = message_regex.search(line)
+        if m:
+          message_name = m.group(1)
+          message_value = m.group(2)
+          message_name = re.sub("[.-]", "_", message_name)
+          target_messages[message_name] = {
+            "message": message_value
+          }
+    target_dir = os.path.join(dest_dir, locale)
+    if not os.path.isdir(target_dir):
+      os.mkdir(target_dir)
+    with open(os.path.join(target_dir, "messages.json"), "w") as out_file:
+      out_file.write(json.dumps(target_messages, sort_keys=True, indent=4))
 
 for locale in os.listdir(source_dir):
   if not "." in locale:
-      convert(locale)
+    convert(locale)
diff --git a/utils/create-platform-certs/SHA256SUMS b/utils/create-platform-certs/SHA256SUMS
index c787bdb795c2..59c7f8083fe0 100644
--- a/utils/create-platform-certs/SHA256SUMS
+++ b/utils/create-platform-certs/SHA256SUMS
@@ -1,5 +1,5 @@
 # Use `curl -I 'https://download.mozilla.org/?product=firefox-latest&os=linux64&lang=en_US'` to determine the latest stable version, and replace the tag in the URL below.
-# https://hg.mozilla.org/releases/mozilla-release/raw-file/FIREFOX_58_0_2_RELEASE/security/nss/lib/ckfw/builtins/certdata.txt
-a3ac15b98179dd2f3c5de076d10b1d53048754372f7207c2f327510cdd78fbd8  certdata.txt
-# https://raw.githubusercontent.com/curl/curl/curl-7_58_0/lib/mk-ca-bundle.pl
-a285d9f5475e04c006f1f092e7e93ec97899bee4a5f35a143da1d0829a0ff551  mk-ca-bundle.pl
+# https://hg.mozilla.org/releases/mozilla-release/raw-file/FIREFOX_73_0_1_RELEASE/security/nss/lib/ckfw/builtins/certdata.txt
+f3bdcd74612952da8476a9d4147f50b29ad0710b7dd95b4c8690500209986d70  certdata.txt
+# https://raw.githubusercontent.com/curl/curl/curl-7_69_0/lib/mk-ca-bundle.pl
+9d828d97053868907ce6229d132132f0f26772393405dadd037b6f85a5c5b219  mk-ca-bundle.pl
diff --git a/utils/create-platform-certs/create_platform_certs.sh b/utils/create-platform-certs/create_platform_certs.sh
index d2c900fe4740..8b2b1739c668 100755
--- a/utils/create-platform-certs/create_platform_certs.sh
+++ b/utils/create-platform-certs/create_platform_certs.sh
@@ -17,7 +17,7 @@ git rm -r -f -q "${SPLIT_CERT_DIR}"
 
 perl "${MK_CA_BUNDLE_PL_EXEC}" -n "${COMBINED_CERT_FILE}"
 
-python3.6 "${SPLIT_COMBINED_CERT_FILE_EXEC}" "${COMBINED_CERT_FILE}" "${SPLIT_CERT_DIR}"
+python3 "${SPLIT_COMBINED_CERT_FILE_EXEC}" "${COMBINED_CERT_FILE}" "${SPLIT_CERT_DIR}"
 
 c_rehash "${SPLIT_CERT_DIR}" > /dev/null
 
diff --git a/utils/create-platform-certs/split_combined_cert_file.py b/utils/create-platform-certs/split_combined_cert_file.py
index e7e2f428195b..783d54ebf105 100755
--- a/utils/create-platform-certs/split_combined_cert_file.py
+++ b/utils/create-platform-certs/split_combined_cert_file.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 import argparse
 import codecs
 import os
diff --git a/utils/create_zip.py b/utils/create_zip.py
index e4187ade2da2..d8af693fa17b 100755
--- a/utils/create_zip.py
+++ b/utils/create_zip.py
@@ -1,10 +1,10 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 
 # Uses the Python zip implementation to create deterministic zip's
 # Author: Yan Zhu, yan@mit.edu
 
 """
-Usage: python3.6 create_zip.py -x <exclusions> -n <name of zipped file> <directory>
+Usage: python3 create_zip.py -x <exclusions> -n <name of zipped file> <directory>
 """
 
 import argparse
diff --git a/utils/eslint/package-lock.json b/utils/eslint/package-lock.json
new file mode 100644
index 000000000000..066503c6a00e
--- /dev/null
+++ b/utils/eslint/package-lock.json
@@ -0,0 +1,897 @@
+{
+  "requires": true,
+  "lockfileVersion": 1,
+  "dependencies": {
+    "@babel/code-frame": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/code-frame/-/code-frame-7.10.4.tgz",
+      "integrity": "sha512-vG6SvB6oYEhvgisZNFRmRCUkLz11c7rp+tbNTynGqc6mS1d5ATd/sGyV6W0KZZnXRKMTzZDRgQT3Ou9jhpAfUg==",
+      "dev": true,
+      "requires": {
+        "@babel/highlight": "^7.10.4"
+      }
+    },
+    "@babel/helper-validator-identifier": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/helper-validator-identifier/-/helper-validator-identifier-7.10.4.tgz",
+      "integrity": "sha512-3U9y+43hz7ZM+rzG24Qe2mufW5KhvFg/NhnNph+i9mgCtdTCtMJuI1TMkrIUiK7Ix4PYlRF9I5dhqaLYA/ADXw==",
+      "dev": true
+    },
+    "@babel/highlight": {
+      "version": "7.10.4",
+      "resolved": "https://registry.npmjs.org/@babel/highlight/-/highlight-7.10.4.tgz",
+      "integrity": "sha512-i6rgnR/YgPEQzZZnbTHHuZdlE8qyoBNalD6F+q4vAFlcMEcqmkoG+mPqJYJCo63qPf74+Y1UZsl3l6f7/RIkmA==",
+      "dev": true,
+      "requires": {
+        "@babel/helper-validator-identifier": "^7.10.4",
+        "chalk": "^2.0.0",
+        "js-tokens": "^4.0.0"
+      },
+      "dependencies": {
+        "chalk": {
+          "version": "2.4.2",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+          "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^3.2.1",
+            "escape-string-regexp": "^1.0.5",
+            "supports-color": "^5.3.0"
+          }
+        }
+      }
+    },
+    "@eslint/eslintrc": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/@eslint/eslintrc/-/eslintrc-0.1.0.tgz",
+      "integrity": "sha512-bfL5365QSCmH6cPeFT7Ywclj8C7LiF7sO6mUGzZhtAMV7iID1Euq6740u/SRi4C80NOnVz/CEfK8/HO+nCAPJg==",
+      "dev": true,
+      "requires": {
+        "ajv": "^6.12.4",
+        "debug": "^4.1.1",
+        "import-fresh": "^3.2.1",
+        "strip-json-comments": "^3.1.1"
+      }
+    },
+    "@types/color-name": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/@types/color-name/-/color-name-1.1.1.tgz",
+      "integrity": "sha512-rr+OQyAjxze7GgWrSaJwydHStIhHq2lvY3BOC2Mj7KnzI7XK0Uw1TOOdI9lDoajEbSWLiYgoo4f1R51erQfhPQ==",
+      "dev": true
+    },
+    "acorn": {
+      "version": "7.4.0",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-7.4.0.tgz",
+      "integrity": "sha512-+G7P8jJmCHr+S+cLfQxygbWhXy+8YTVGzAkpEbcLo2mLoL7tij/VG41QSHACSf5QgYRhMZYHuNc6drJaO0Da+w==",
+      "dev": true
+    },
+    "acorn-jsx": {
+      "version": "5.2.0",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-5.2.0.tgz",
+      "integrity": "sha512-HiUX/+K2YpkpJ+SzBffkM/AQ2YE03S0U1kjTLVpoJdhZMOWy8qvXVN9JdLqv2QsaQ6MPYQIuNmwD8zOiYUofLQ==",
+      "dev": true
+    },
+    "ajv": {
+      "version": "6.12.4",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.4.tgz",
+      "integrity": "sha512-eienB2c9qVQs2KWexhkrdMLVDoIQCz5KSeLxwg9Lzk4DOfBtIK9PQwwufcsn1jjGuf9WZmqPMbGxOzfcuphJCQ==",
+      "dev": true,
+      "requires": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      }
+    },
+    "ansi-colors": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-colors/-/ansi-colors-4.1.1.tgz",
+      "integrity": "sha512-JoX0apGbHaUJBNl6yF+p6JAFYZ666/hhCGKN5t9QFjbJQKUU/g8MNbFDbvfrgKXvI1QpZplPOnwIo99lX/AAmA==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-5.0.1.tgz",
+      "integrity": "sha512-quJQXlTSUGL2LH9SUXo8VwsY4soanhgo6LNSm84E1LBcE8s3O0wpdiRzyR9z/ZZJMlMWv37qOOb9pdJlMUEKFQ==",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "astral-regex": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/astral-regex/-/astral-regex-1.0.0.tgz",
+      "integrity": "sha512-+Ryf6g3BKoRc7jfp7ad8tM4TtMiaWvbF/1/sQcZPkkS7ag3D5nMBCe2UfOTONtAkaG0tO0ij3C5Lwmf1EiyjHg==",
+      "dev": true
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
+      "dev": true
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "callsites": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-3.1.0.tgz",
+      "integrity": "sha512-P8BjAsXvZS+VIDUI11hHCQEv74YT67YUi5JJFNWIqL235sBmjX4+qx9Muvls5ivyNENctx46xQLQ3aTuE7ssaQ==",
+      "dev": true
+    },
+    "chalk": {
+      "version": "4.1.0",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-4.1.0.tgz",
+      "integrity": "sha512-qwx12AxXe2Q5xQ43Ac//I6v5aXTipYrSESdOgzrN+9XjgEpyjpKuvSGaN4qE93f7TQTlerQQ8S+EQ0EyDoVL1A==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^4.1.0",
+        "supports-color": "^7.1.0"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "4.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-4.2.1.tgz",
+          "integrity": "sha512-9VGjrMsG1vePxcSweQsN20KY/c4zN0h9fLjqAbwbPfahM3t+NL+M9HC8xeXG2I8pX5NoamTGNuomEUFI7fcUjA==",
+          "dev": true,
+          "requires": {
+            "@types/color-name": "^1.1.1",
+            "color-convert": "^2.0.1"
+          }
+        },
+        "color-convert": {
+          "version": "2.0.1",
+          "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-2.0.1.tgz",
+          "integrity": "sha512-RRECPsj7iu/xb5oKYcsFHSppFNnsj/52OVTRKb4zP5onXwVF3zVmmToNcOfGC+CRDpfK/U584fMg38ZHCaElKQ==",
+          "dev": true,
+          "requires": {
+            "color-name": "~1.1.4"
+          }
+        },
+        "color-name": {
+          "version": "1.1.4",
+          "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.4.tgz",
+          "integrity": "sha512-dOy+3AuW3a2wNbZHIuMZpTcgjGuLU/uBL/ubcZF9OXbDo8ff4O8yVp5Bf0efS8uEoYo5q4Fx7dY9OgQGXgAsQA==",
+          "dev": true
+        },
+        "has-flag": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-4.0.0.tgz",
+          "integrity": "sha512-EykJT/Q1KjTWctppgIAgfSO0tKVuZUjhgMr17kqTumMl6Afv3EISleU7qZUzoXDFTAHTDC4NOoG/ZxU3EvlMPQ==",
+          "dev": true
+        },
+        "supports-color": {
+          "version": "7.2.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-7.2.0.tgz",
+          "integrity": "sha512-qpCAvRl9stuOHveKsn7HncJRvv501qIacKzQlO/+Lwxc9+0q2wLyv4Dfvt80/DPn2pqOBsJdDiogXGR9+OvwRw==",
+          "dev": true,
+          "requires": {
+            "has-flag": "^4.0.0"
+          }
+        }
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
+    },
+    "cross-spawn": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-7.0.3.tgz",
+      "integrity": "sha512-iRDPJKUPVEND7dHPO8rkbOnPpyDygcDFtWjpeWNCgy8WP2rXcxXL8TskReQl6OrB2G7+UJrags1q15Fudc7G6w==",
+      "dev": true,
+      "requires": {
+        "path-key": "^3.1.0",
+        "shebang-command": "^2.0.0",
+        "which": "^2.0.1"
+      }
+    },
+    "debug": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-4.1.1.tgz",
+      "integrity": "sha512-pYAIzeRo8J6KPEaJ0VWOh5Pzkbw/RetuzehGM7QRRX5he4fPHx2rdKMB256ehJCkX+XRQm16eZLqLNS8RSZXZw==",
+      "dev": true,
+      "requires": {
+        "ms": "^2.1.1"
+      }
+    },
+    "deep-is": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
+      "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
+      "dev": true
+    },
+    "doctrine": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-3.0.0.tgz",
+      "integrity": "sha512-yS+Q5i3hBf7GBkd4KG8a7eBNNWNGLTaEwwYWUijIYM7zrlYDM0BFXHjjPWlWZ1Rg7UaddZeIDmi9jF3HmqiQ2w==",
+      "dev": true,
+      "requires": {
+        "esutils": "^2.0.2"
+      }
+    },
+    "emoji-regex": {
+      "version": "7.0.3",
+      "resolved": "https://registry.npmjs.org/emoji-regex/-/emoji-regex-7.0.3.tgz",
+      "integrity": "sha512-CwBLREIQ7LvYFB0WyRvwhq5N5qPhc6PMjD6bYggFlI5YyDgl+0vxq5VHbMOFqLg7hfWzmu8T5Z1QofhmTIhItA==",
+      "dev": true
+    },
+    "enquirer": {
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/enquirer/-/enquirer-2.3.6.tgz",
+      "integrity": "sha512-yjNnPr315/FjS4zIsUxYguYUPP2e1NK4d7E7ZOLiyYCcbFBiTMyID+2wvm2w6+pZ/odMA7cRkjhsPbltwBOrLg==",
+      "dev": true,
+      "requires": {
+        "ansi-colors": "^4.1.1"
+      }
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "eslint": {
+      "version": "7.8.0",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-7.8.0.tgz",
+      "integrity": "sha512-qgtVyLZqKd2ZXWnLQA4NtVbOyH56zivOAdBFWE54RFkSZjokzNrcP4Z0eVWsZ+84ByXv+jL9k/wE1ENYe8xRFw==",
+      "dev": true,
+      "requires": {
+        "@babel/code-frame": "^7.0.0",
+        "@eslint/eslintrc": "^0.1.0",
+        "ajv": "^6.10.0",
+        "chalk": "^4.0.0",
+        "cross-spawn": "^7.0.2",
+        "debug": "^4.0.1",
+        "doctrine": "^3.0.0",
+        "enquirer": "^2.3.5",
+        "eslint-scope": "^5.1.0",
+        "eslint-utils": "^2.1.0",
+        "eslint-visitor-keys": "^1.3.0",
+        "espree": "^7.3.0",
+        "esquery": "^1.2.0",
+        "esutils": "^2.0.2",
+        "file-entry-cache": "^5.0.1",
+        "functional-red-black-tree": "^1.0.1",
+        "glob-parent": "^5.0.0",
+        "globals": "^12.1.0",
+        "ignore": "^4.0.6",
+        "import-fresh": "^3.0.0",
+        "imurmurhash": "^0.1.4",
+        "is-glob": "^4.0.0",
+        "js-yaml": "^3.13.1",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "levn": "^0.4.1",
+        "lodash": "^4.17.19",
+        "minimatch": "^3.0.4",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.9.1",
+        "progress": "^2.0.0",
+        "regexpp": "^3.1.0",
+        "semver": "^7.2.1",
+        "strip-ansi": "^6.0.0",
+        "strip-json-comments": "^3.1.0",
+        "table": "^5.2.3",
+        "text-table": "^0.2.0",
+        "v8-compile-cache": "^2.0.3"
+      }
+    },
+    "eslint-scope": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-5.1.0.tgz",
+      "integrity": "sha512-iiGRvtxWqgtx5m8EyQUJihBloE4EnYeGE/bz1wSPwJE6tZuJUtHlhqDM4Xj2ukE8Dyy1+HCZ4hE0fzIVMzb58w==",
+      "dev": true,
+      "requires": {
+        "esrecurse": "^4.1.0",
+        "estraverse": "^4.1.1"
+      }
+    },
+    "eslint-utils": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/eslint-utils/-/eslint-utils-2.1.0.tgz",
+      "integrity": "sha512-w94dQYoauyvlDc43XnGB8lU3Zt713vNChgt4EWwhXAP2XkBvndfxF0AgIqKOOasjPIPzj9JqgwkwbCYD0/V3Zg==",
+      "dev": true,
+      "requires": {
+        "eslint-visitor-keys": "^1.1.0"
+      }
+    },
+    "eslint-visitor-keys": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.3.0.tgz",
+      "integrity": "sha512-6J72N8UNa462wa/KFODt/PJ3IU60SDpC3QXC1Hjc1BXXpfL2C9R5+AU7jhe0F6GREqVMh4Juu+NY7xn+6dipUQ==",
+      "dev": true
+    },
+    "espree": {
+      "version": "7.3.0",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-7.3.0.tgz",
+      "integrity": "sha512-dksIWsvKCixn1yrEXO8UosNSxaDoSYpq9reEjZSbHLpT5hpaCAKTLBwq0RHtLrIr+c0ByiYzWT8KTMRzoRCNlw==",
+      "dev": true,
+      "requires": {
+        "acorn": "^7.4.0",
+        "acorn-jsx": "^5.2.0",
+        "eslint-visitor-keys": "^1.3.0"
+      }
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "esquery": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.3.1.tgz",
+      "integrity": "sha512-olpvt9QG0vniUBZspVRN6lwB7hOZoTRtT+jzR+tS4ffYx2mzbw+z0XCOk44aaLYKApNX5nMm+E+P6o25ip/DHQ==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^5.1.0"
+      },
+      "dependencies": {
+        "estraverse": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.2.0.tgz",
+          "integrity": "sha512-BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ==",
+          "dev": true
+        }
+      }
+    },
+    "esrecurse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.3.0.tgz",
+      "integrity": "sha512-KmfKL3b6G+RXvP8N1vr3Tq1kL/oCFgn2NYXEtqP8/L3pKapUA4G8cFVaoF3SU323CD4XypR/ffioHmkti6/Tag==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^5.2.0"
+      },
+      "dependencies": {
+        "estraverse": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-5.2.0.tgz",
+          "integrity": "sha512-BxbNGGNm0RyRYvUdHpIwv9IWzeM9XClbOxwoATuFdOE7ZE6wHL+HQ5T8hoPM+zHvmKzzsEqhgy0GrQ5X13afiQ==",
+          "dev": true
+        }
+      }
+    },
+    "estraverse": {
+      "version": "4.3.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.3.0.tgz",
+      "integrity": "sha512-39nnKffWz8xN1BU/2c79n9nB9HDzo0niYUqx6xyqUnyoAnQyyWpOTdZEeiCch8BBu515t4wp9ZmgVfVhn9EBpw==",
+      "dev": true
+    },
+    "esutils": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.3.tgz",
+      "integrity": "sha512-kVscqXk4OCp68SZ0dkgEKVi6/8ij300KBWTJq32P/dYeWTSwK41WyTxalN1eRmA5Z9UU/LX9D7FWSmV9SAYx6g==",
+      "dev": true
+    },
+    "fast-deep-equal": {
+      "version": "3.1.3",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+      "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q==",
+      "dev": true
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.1.0.tgz",
+      "integrity": "sha512-lhd/wF+Lk98HZoTCtlVraHtfh5XYijIjalXck7saUtuanSDyLMxnHhSXEDJqHxD7msR8D0uCmqlkwjCV8xvwHw==",
+      "dev": true
+    },
+    "fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
+      "dev": true
+    },
+    "file-entry-cache": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-5.0.1.tgz",
+      "integrity": "sha512-bCg29ictuBaKUwwArK4ouCaqDgLZcysCFLmM/Yn/FDoqndh/9vNuQfXRDvTuXKLxfD/JtZQGKFT8MGcJBK644g==",
+      "dev": true,
+      "requires": {
+        "flat-cache": "^2.0.1"
+      }
+    },
+    "flat-cache": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-2.0.1.tgz",
+      "integrity": "sha512-LoQe6yDuUMDzQAEH8sgmh4Md6oZnc/7PjtwjNFSzveXqSHt6ka9fPBuso7IGf9Rz4uqnSnWiFH2B/zj24a5ReA==",
+      "dev": true,
+      "requires": {
+        "flatted": "^2.0.0",
+        "rimraf": "2.6.3",
+        "write": "1.0.3"
+      }
+    },
+    "flatted": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/flatted/-/flatted-2.0.2.tgz",
+      "integrity": "sha512-r5wGx7YeOwNWNlCA0wQ86zKyDLMQr+/RB8xy74M4hTphfmjlijTSSXGuH8rnvKZnfT9i+75zmd8jcKdMR4O6jA==",
+      "dev": true
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+      "dev": true
+    },
+    "functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
+      "dev": true
+    },
+    "glob": {
+      "version": "7.1.6",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.6.tgz",
+      "integrity": "sha512-LwaxwyZ72Lk7vZINtNNrywX0ZuLyStrdDtabefZKAY5ZGJhVtgdznluResxNmPitE0SAO+O26sWTHeKSI2wMBA==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "glob-parent": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/glob-parent/-/glob-parent-5.1.2.tgz",
+      "integrity": "sha512-AOIgSQCepiJYwP3ARnGx+5VnTu2HBYdzbGP45eLw1vr3zB3vZLeyed1sC9hnbcOc9/SrMyM5RPQrkGz4aS9Zow==",
+      "dev": true,
+      "requires": {
+        "is-glob": "^4.0.1"
+      }
+    },
+    "globals": {
+      "version": "12.4.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-12.4.0.tgz",
+      "integrity": "sha512-BWICuzzDvDoH54NHKCseDanAhE3CeDorgDL5MT6LMXXj2WCnd9UC2szdk4AWLfjdgNBCXLUanXYcpBBKOSWGwg==",
+      "dev": true,
+      "requires": {
+        "type-fest": "^0.8.1"
+      }
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+      "dev": true
+    },
+    "ignore": {
+      "version": "4.0.6",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-4.0.6.tgz",
+      "integrity": "sha512-cyFDKrqc/YdcWFniJhzI42+AzS+gNwmUzOSFcRCQYwySuBBBy/KjuxWLZ/FHEH6Moq1NizMOBWyTcv8O4OZIMg==",
+      "dev": true
+    },
+    "import-fresh": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/import-fresh/-/import-fresh-3.2.1.tgz",
+      "integrity": "sha512-6e1q1cnWP2RXD9/keSkxHScg508CdXqXWgWBaETNhyuBFz+kUZlKboh+ISK+bU++DmbHimVBrOz/zzPe0sZ3sQ==",
+      "dev": true,
+      "requires": {
+        "parent-module": "^1.0.0",
+        "resolve-from": "^4.0.0"
+      }
+    },
+    "imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
+      "dev": true
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.4.tgz",
+      "integrity": "sha512-k/vGaX4/Yla3WzyMCvTQOXYeIHvqOKtnqBduzTHpzpQZzAskKMhZ2K+EnBiSM9zGSoIFeMpXKxa4dYeZIQqewQ==",
+      "dev": true
+    },
+    "is-extglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/is-extglob/-/is-extglob-2.1.1.tgz",
+      "integrity": "sha1-qIwCU1eR8C7TfHahueqXc8gz+MI=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
+      "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
+      "dev": true
+    },
+    "is-glob": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/is-glob/-/is-glob-4.0.1.tgz",
+      "integrity": "sha512-5G0tKtBTFImOqDnLB2hG6Bp2qcKEFduo4tZu9MT/H6NQv/ghhy30o55ufafxJ/LdH79LLs2Kfrn85TLKyA7BUg==",
+      "dev": true,
+      "requires": {
+        "is-extglob": "^2.1.1"
+      }
+    },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
+    "js-tokens": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-4.0.0.tgz",
+      "integrity": "sha512-RdJUflcE3cUzKiMqQgsCu06FPu9UdIJO0beYbPhHN4k6apgJtifcoCtT9bcxOpYBtpD2kCM6Sbzg4CausW/PKQ==",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.14.0",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.14.0.tgz",
+      "integrity": "sha512-/4IbIeHcD9VMHFqDR/gQ7EdZdLimOvW2DdcxFjdyyZ9NsbS+ccrXqVWDtab/lRl5AlUqmpBx8EhPaWR+OtY17A==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "json-schema-traverse": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+      "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg==",
+      "dev": true
+    },
+    "json-stable-stringify-without-jsonify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
+      "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=",
+      "dev": true
+    },
+    "levn": {
+      "version": "0.4.1",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.4.1.tgz",
+      "integrity": "sha512-+bT2uH4E5LGE7h/n3evcS/sQlJXCpIp6ym8OWJ5eV6+67Dsql/LaaT7qJBAt2rzfoa/5QBGBhxDix1dMt2kQKQ==",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "^1.2.1",
+        "type-check": "~0.4.0"
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
+      "dev": true
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "ms": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
+      "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
+      "dev": true
+    },
+    "natural-compare": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
+      "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=",
+      "dev": true
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dev": true,
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "optionator": {
+      "version": "0.9.1",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.9.1.tgz",
+      "integrity": "sha512-74RlY5FCnhq4jRxVUPKDaRwrVNXMqsGsiW6AJw4XK8hmtm10wC0ypZBLw5IIp85NZMr91+qd1RvvENwg7jjRFw==",
+      "dev": true,
+      "requires": {
+        "deep-is": "^0.1.3",
+        "fast-levenshtein": "^2.0.6",
+        "levn": "^0.4.1",
+        "prelude-ls": "^1.2.1",
+        "type-check": "^0.4.0",
+        "word-wrap": "^1.2.3"
+      }
+    },
+    "parent-module": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parent-module/-/parent-module-1.0.1.tgz",
+      "integrity": "sha512-GQ2EWRpQV8/o+Aw8YqtfZZPfNRWZYkbidE9k5rpl/hC3vtHHBfGm2Ifi6qWV+coDGkrUKZAxE3Lot5kcsRlh+g==",
+      "dev": true,
+      "requires": {
+        "callsites": "^3.0.0"
+      }
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "dev": true
+    },
+    "path-key": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/path-key/-/path-key-3.1.1.tgz",
+      "integrity": "sha512-ojmeN0qd+y0jszEtoY48r0Peq5dwMEkIlCOu6Q5f41lfkswXuKtYrhgoTpLnyIcHm24Uhqx+5Tqm2InSwLhE6Q==",
+      "dev": true
+    },
+    "prelude-ls": {
+      "version": "1.2.1",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.2.1.tgz",
+      "integrity": "sha512-vkcDPrRZo1QZLbn5RLGPpg/WmIQ65qoWWhcGKf/b5eplkkarX0m9z8ppCat4mlOqUsWpyNuYgO3VRyrYHSzX5g==",
+      "dev": true
+    },
+    "progress": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.3.tgz",
+      "integrity": "sha512-7PiHtLll5LdnKIMw100I+8xJXR5gW2QwWYkT6iJva0bXitZKa/XMrSbdmg3r2Xnaidz9Qumd0VPaMrZlF9V9sA==",
+      "dev": true
+    },
+    "punycode": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A==",
+      "dev": true
+    },
+    "regexpp": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/regexpp/-/regexpp-3.1.0.tgz",
+      "integrity": "sha512-ZOIzd8yVsQQA7j8GCSlPGXwg5PfmA1mrq0JP4nGhh54LaKN3xdai/vHUDu74pKwV8OxseMS65u2NImosQcSD0Q==",
+      "dev": true
+    },
+    "resolve-from": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-4.0.0.tgz",
+      "integrity": "sha512-pb/MYmXstAkysRFx8piNI1tGFNQIFA3vkE3Gq4EuA1dF6gHp/+vgZqsCGJapvy8N3Q+4o7FwvquPJcnZ7RYy4g==",
+      "dev": true
+    },
+    "rimraf": {
+      "version": "2.6.3",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.3.tgz",
+      "integrity": "sha512-mwqeW5XsA2qAejG46gYdENaxXjx9onRNCfn7L0duuP4hCuTIi/QO7PDK07KJfp1d+izWPrzEJDcSqBa0OZQriA==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.1.3"
+      }
+    },
+    "semver": {
+      "version": "7.3.2",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-7.3.2.tgz",
+      "integrity": "sha512-OrOb32TeeambH6UrhtShmF7CRDqhL6/5XpPNp2DuRH6+9QLw/orhp72j87v8Qa1ScDkvrrBNpZcDejAirJmfXQ==",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-2.0.0.tgz",
+      "integrity": "sha512-kHxr2zZpYtdmrN1qDjrrX/Z1rR1kG8Dx+gkpK1G4eXmvXswmcE1hTWBWYUzlraYw1/yZp6YuDY77YtvbN0dmDA==",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "^3.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-3.0.0.tgz",
+      "integrity": "sha512-7++dFhtcx3353uBaq8DDR4NuxBetBzC7ZQOhmTQInHEd6bSrXdiEyzCvG07Z44UYdLShWUyXt5M/yhz8ekcb1A==",
+      "dev": true
+    },
+    "slice-ansi": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-2.1.0.tgz",
+      "integrity": "sha512-Qu+VC3EwYLldKa1fCxuuvULvSJOKEgk9pi8dZeCVK7TqBfUNTH4sFkk4joj8afVSfAYgJoSOetjx9QWOJ5mYoQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.0",
+        "astral-regex": "^1.0.0",
+        "is-fullwidth-code-point": "^2.0.0"
+      }
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "string-width": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-3.1.0.tgz",
+      "integrity": "sha512-vafcv6KjVZKSgz06oM/H6GDBrAtz8vdhQakGjFIvNrHA6y3HCF1CInLy+QLq8dTJPQ1b+KDUqDFctkdRW44e1w==",
+      "dev": true,
+      "requires": {
+        "emoji-regex": "^7.0.1",
+        "is-fullwidth-code-point": "^2.0.0",
+        "strip-ansi": "^5.1.0"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "4.1.1",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-4.1.1.tgz",
+          "integrity": "sha512-ILlv4k/3f6vfQ4OoP2AGvirOktlQ98ZEL1k9FaQjxa3L1abBgbuTDAdPOpvbGncC0BTVQrl+OM8xZGK6tWXt7g==",
+          "dev": true
+        },
+        "strip-ansi": {
+          "version": "5.2.0",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-5.2.0.tgz",
+          "integrity": "sha512-DuRs1gKbBqsMKIZlrffwlug8MHkcnpjs5VPmL1PAh+mA30U0DTotfDZ0d2UUsXpPmPmMMJ6W773MaA3J+lbiWA==",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^4.1.0"
+          }
+        }
+      }
+    },
+    "strip-ansi": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.0.tgz",
+      "integrity": "sha512-AuvKTrTfQNYNIctbR1K/YGTR1756GycPsg7b9bdV9Duqur4gv6aKqHXah67Z8ImS7WEz5QVcOtlfW2rZEugt6w==",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^5.0.0"
+      }
+    },
+    "strip-json-comments": {
+      "version": "3.1.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-3.1.1.tgz",
+      "integrity": "sha512-6fPc+R4ihwqP6N/aIv2f1gMH8lOVtWQHoqC4yK6oSDVVocumAsfCqjkXnqiYMhmMwS/mEHLp7Vehlt3ql6lEig==",
+      "dev": true
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "table": {
+      "version": "5.4.6",
+      "resolved": "https://registry.npmjs.org/table/-/table-5.4.6.tgz",
+      "integrity": "sha512-wmEc8m4fjnob4gt5riFRtTu/6+4rSe12TpAELNSqHMfF3IqnA+CH37USM6/YR3qRZv7e56kAEAtd6nKZaxe0Ug==",
+      "dev": true,
+      "requires": {
+        "ajv": "^6.10.2",
+        "lodash": "^4.17.14",
+        "slice-ansi": "^2.1.0",
+        "string-width": "^3.0.0"
+      }
+    },
+    "text-table": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
+      "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
+      "dev": true
+    },
+    "type-check": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.4.0.tgz",
+      "integrity": "sha512-XleUoc9uwGXqjWwXaUTZAmzMcFZ5858QA2vvx1Ur5xIcixXIP+8LnFDgRplU30us6teqdlskFfu+ae4K79Ooew==",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "^1.2.1"
+      }
+    },
+    "type-fest": {
+      "version": "0.8.1",
+      "resolved": "https://registry.npmjs.org/type-fest/-/type-fest-0.8.1.tgz",
+      "integrity": "sha512-4dbzIzqvjtgiM5rw1k5rEHtBANKmdudhGyBEajN01fEyhaAIhsoKNy6y7+IN93IfpFtwY9iqi7kD+xwKhQsNJA==",
+      "dev": true
+    },
+    "uri-js": {
+      "version": "4.4.0",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.0.tgz",
+      "integrity": "sha512-B0yRTzYdUCCn9n+F4+Gh4yIDtMQcaJsmYBDsTSG8g/OejKBodLQ2IHfN3bM7jUsRXndopT7OIXWdYqc1fjmV6g==",
+      "dev": true,
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "v8-compile-cache": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/v8-compile-cache/-/v8-compile-cache-2.1.1.tgz",
+      "integrity": "sha512-8OQ9CL+VWyt3JStj7HX7/ciTL2V3Rl1Wf5OL+SNTm0yK1KvtReVulksyeRnCANHHuUxHlQig+JJDlUhBt1NQDQ==",
+      "dev": true
+    },
+    "which": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/which/-/which-2.0.2.tgz",
+      "integrity": "sha512-BLI3Tl1TW3Pvl70l3yq3Y64i+awpwXqsGBYWkkqMtnbXgrMD+yj7rhW0kuEDxzJaYXGjEW5ogapKNMEKNMjibA==",
+      "dev": true,
+      "requires": {
+        "isexe": "^2.0.0"
+      }
+    },
+    "word-wrap": {
+      "version": "1.2.3",
+      "resolved": "https://registry.npmjs.org/word-wrap/-/word-wrap-1.2.3.tgz",
+      "integrity": "sha512-Hz/mrNwitNRh/HUAtM/VT/5VH+ygD6DV7mYKZAtHOrbs8U7lvPS6xf7EJKMF0uW1KJCl0H701g3ZGus+muE5vQ==",
+      "dev": true
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
+      "dev": true
+    },
+    "write": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/write/-/write-1.0.3.tgz",
+      "integrity": "sha512-/lg70HAjtkUgWPVZhZcm+T4hkL8Zbtp1nFNOn3lRrxnlv50SRBv7cR7RqR+GMsd3hUXy9hWBo4CHTbFTcOYwig==",
+      "dev": true,
+      "requires": {
+        "mkdirp": "^0.5.1"
+      }
+    }
+  }
+}
diff --git a/utils/eslint/package.json b/utils/eslint/package.json
index 8533c5c3b1db..918b95da0ea8 100644
--- a/utils/eslint/package.json
+++ b/utils/eslint/package.json
@@ -1,5 +1,5 @@
 {
   "devDependencies": {
-    "eslint": "^4.1.1"
+    "eslint": "^7.8.0"
   }
 }
diff --git a/utils/hsts-prune/index.js b/utils/hsts-prune/index.js
index c2583b29387e..882aa05c43e6 100644
--- a/utils/hsts-prune/index.js
+++ b/utils/hsts-prune/index.js
@@ -145,7 +145,7 @@ const check_header_directives = (check_domain, cb) => {
         max_age = Number(max_age_match[1]);
       }
       cb(null,
-        preload && include_subdomains && max_age >= 10886400);
+        preload && include_subdomains && max_age >= 31536000);
       sent_callback = true;
     } else {
       cb(null, false);
@@ -182,7 +182,6 @@ const check_https_redirection_and_header_directives = (check_domain, cb) => {
 // Here we begin parsing the XML files and modifying the targets
 
 function remove_target_from_xml(source, target) {
-  let pos;
   // escape the regexp for targets that have a *
   target = escape_string_regexp(target);
 
@@ -314,7 +313,7 @@ async.parallel({
           });
         }
 
-        // After building the additonal checks in the form of the
+        // After building the additional checks in the form of the
         // checks array of functions, run the checks in parallel and
         // perform the appropriate actions based on the results.
 
diff --git a/utils/hsts-prune/package-lock.json b/utils/hsts-prune/package-lock.json
index 29ab5a1d176a..d9a47270e0e6 100644
--- a/utils/hsts-prune/package-lock.json
+++ b/utils/hsts-prune/package-lock.json
@@ -2,26 +2,60 @@
   "name": "hsts-prune",
   "version": "1.0.0",
   "lockfileVersion": 1,
+  "requires": true,
   "dependencies": {
+    "JSONStream": {
+      "version": "1.3.4",
+      "resolved": "https://registry.npmjs.org/JSONStream/-/JSONStream-1.3.4.tgz",
+      "integrity": "sha512-Y7vfi3I5oMOYIr+WxV8NZxDSwcbNgzdKYsTNInmycOq9bUYwGg9ryu57Wg5NLmCjqdFPNUmpMBo3kSJN9tCbXg==",
+      "requires": {
+        "jsonparse": "^1.2.0",
+        "through": ">=2.2.7 <3"
+      }
+    },
     "ajv": {
-      "version": "4.11.8",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-4.11.8.tgz",
-      "integrity": "sha1-gv+wKynmYq5TvcIK8VlHcGc5xTY="
+      "version": "6.12.6",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.6.tgz",
+      "integrity": "sha512-j3fVLgvTo527anyYyJOGTYJbG+vnnQYvE0m5mmkc1TK+nxAppkCLMIL0aZ4dblVCNoGShhm+kzE4ZUykBoMg4g==",
+      "requires": {
+        "fast-deep-equal": "^3.1.1",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.4.1",
+        "uri-js": "^4.2.2"
+      },
+      "dependencies": {
+        "fast-deep-equal": {
+          "version": "3.1.3",
+          "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+          "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
+        },
+        "json-schema-traverse": {
+          "version": "0.4.1",
+          "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+          "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
+        }
+      }
     },
     "asn1": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
     },
     "assert-plus": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-0.2.0.tgz",
-      "integrity": "sha1-104bh+ev/A24qttwIfP+SBAasjQ="
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
     },
     "async": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/async/-/async-2.5.0.tgz",
-      "integrity": "sha512-e+lJAJeNWuPCNyxZKOBdaJGyLGHugXVQtrAwtuAe2vhxTYxFTKE73p8JuTmdH0qdQZtDvI4dhJwjZc5zsfIsYw=="
+      "version": "2.6.4",
+      "resolved": "https://registry.npmjs.org/async/-/async-2.6.4.tgz",
+      "integrity": "sha512-mzo5dfJYwAn29PeiJ0zvwTo04zj8HDJj0Mn8TD7sno7q12prdbnasKJHhkm2c1LgrhlJ0teaea8860oxi51mGA==",
+      "requires": {
+        "lodash": "^4.17.14"
+      }
     },
     "asynckit": {
       "version": "0.4.0",
@@ -29,66 +63,56 @@
       "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
     },
     "aws-sign2": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.6.0.tgz",
-      "integrity": "sha1-FDQt0428yU0OW4fXY81jYSwOeU8="
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg="
     },
     "aws4": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz",
-      "integrity": "sha1-g+9cqGCysy5KDe7e6MdxudtXRx4="
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.8.0.tgz",
+      "integrity": "sha512-ReZxvNHIOv88FlT7rxcXIIC0fPt4KZqZbOlivyWtXLt8ESx84zd3kMC6iK5jVeS2qt+g7ftS7ye4fi06X5rtRQ=="
     },
     "base64-stream": {
       "version": "0.1.3",
       "resolved": "https://registry.npmjs.org/base64-stream/-/base64-stream-0.1.3.tgz",
-      "integrity": "sha1-drA3C3ebuBbRL9QXZKa4Vz61/sM="
+      "integrity": "sha1-drA3C3ebuBbRL9QXZKa4Vz61/sM=",
+      "requires": {
+        "readable-stream": "^2.0.2"
+      }
     },
     "bcrypt-pbkdf": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz",
-      "integrity": "sha1-Y7xdy2EzG5K8Bf1SiVPDNGKgb40=",
-      "optional": true
-    },
-    "boom": {
-      "version": "2.10.1",
-      "resolved": "https://registry.npmjs.org/boom/-/boom-2.10.1.tgz",
-      "integrity": "sha1-OciRjO/1eZ+D+UkqhI9iWt0Mdm8="
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "optional": true,
+      "requires": {
+        "tweetnacl": "^0.14.3"
+      }
     },
     "caseless": {
       "version": "0.12.0",
       "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
       "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
     },
-    "co": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
-      "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ="
-    },
     "combined-stream": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.5.tgz",
-      "integrity": "sha1-k4NwpXtKUd6ix3wV1cX9+JUWQAk="
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz",
+      "integrity": "sha1-cj599ugBrFYTETp+RFqbactjKBg=",
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
     },
     "core-util-is": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
       "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
     },
-    "cryptiles": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-2.0.5.tgz",
-      "integrity": "sha1-O9/s3GCBR8HGcgL6KR59ylnqo7g="
-    },
     "dashdash": {
       "version": "1.14.1",
       "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
       "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-        }
+      "requires": {
+        "assert-plus": "^1.0.0"
       }
     },
     "delayed-stream": {
@@ -97,10 +121,14 @@
       "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
     },
     "ecc-jsbn": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz",
-      "integrity": "sha1-D8c6ntXw1Tw4GTOYUj735UN3dQU=",
-      "optional": true
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "optional": true,
+      "requires": {
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
+      }
     },
     "escape-string-regexp": {
       "version": "1.0.5",
@@ -108,66 +136,74 @@
       "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
     },
     "extend": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz",
-      "integrity": "sha1-p1Xqe8Gt/MWjHOfnYtuq3F5jZEQ="
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
     },
     "extsprintf": {
       "version": "1.3.0",
       "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
       "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU="
     },
+    "fast-json-stable-stringify": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
+      "integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I="
+    },
     "forever-agent": {
       "version": "0.6.1",
       "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
       "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE="
     },
     "form-data": {
-      "version": "2.1.4",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.1.4.tgz",
-      "integrity": "sha1-M8GDrPGTJ27KqYFDpp6Uv+4XUNE="
+      "version": "2.3.2",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz",
+      "integrity": "sha1-SXBJi+YEwgwAXU9cI67NIda0kJk=",
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "1.0.6",
+        "mime-types": "^2.1.12"
+      }
     },
     "getpass": {
       "version": "0.1.7",
       "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
       "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-        }
+      "requires": {
+        "assert-plus": "^1.0.0"
       }
     },
     "har-schema": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-1.0.5.tgz",
-      "integrity": "sha1-0mMTX0MwfALGAq/I/pWXDAFRNp4="
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI="
     },
     "har-validator": {
-      "version": "4.2.1",
-      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-4.2.1.tgz",
-      "integrity": "sha1-M0gdDxu/9gDdID11gSpqX7oALio="
-    },
-    "hawk": {
-      "version": "3.1.3",
-      "resolved": "https://registry.npmjs.org/hawk/-/hawk-3.1.3.tgz",
-      "integrity": "sha1-B4REvXwWQLD+VA0sm3PVlnjo4cQ="
+      "version": "5.1.5",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.5.tgz",
+      "integrity": "sha512-nmT2T0lljbxdQZfspsno9hgrG3Uir6Ks5afism62poxqBM6sDnMEuPmzTq8XN0OEwqKLLdh1jQI3qyE66Nzb3w==",
+      "requires": {
+        "ajv": "^6.12.3",
+        "har-schema": "^2.0.0"
+      }
     },
     "highland": {
-      "version": "2.11.1",
-      "resolved": "https://registry.npmjs.org/highland/-/highland-2.11.1.tgz",
-      "integrity": "sha1-ObTZKZtuB9o9FeeveypvEnUirK8="
-    },
-    "hoek": {
-      "version": "2.16.3",
-      "resolved": "https://registry.npmjs.org/hoek/-/hoek-2.16.3.tgz",
-      "integrity": "sha1-ILt0A9POo5jpHcRxCo/xuCdKJe0="
+      "version": "2.13.0",
+      "resolved": "https://registry.npmjs.org/highland/-/highland-2.13.0.tgz",
+      "integrity": "sha512-zGZBcgAHPY2Zf9VG9S5IrlcC7CH9ELioXVtp9T5bU2a4fP2zIsA+Y8pV/n/h2lMwbWMHTX0I0xN0ODJ3Pd3aBQ==",
+      "requires": {
+        "util-deprecate": "^1.0.2"
+      }
     },
     "http-signature": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.1.1.tgz",
-      "integrity": "sha1-33LiZwZs0Kxn+3at+OE0qPvPkb8="
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "jsprim": "^1.2.2",
+        "sshpk": "^1.7.0"
+      }
     },
     "inherits": {
       "version": "2.0.3",
@@ -200,144 +236,176 @@
       "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz",
       "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM="
     },
-    "json-stable-stringify": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/json-stable-stringify/-/json-stable-stringify-1.0.1.tgz",
-      "integrity": "sha1-mnWdOcXy/1A/1TAGRu1EX4jE+a8="
-    },
     "json-stringify-safe": {
       "version": "5.0.1",
       "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
       "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
     },
-    "jsonify": {
-      "version": "0.0.0",
-      "resolved": "https://registry.npmjs.org/jsonify/-/jsonify-0.0.0.tgz",
-      "integrity": "sha1-LHS27kHZPKUbe1qu6PUDYx0lKnM="
-    },
     "jsonparse": {
       "version": "1.3.1",
       "resolved": "https://registry.npmjs.org/jsonparse/-/jsonparse-1.3.1.tgz",
       "integrity": "sha1-P02uSpH6wxX3EGL4UhzCOfE2YoA="
     },
-    "JSONStream": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/JSONStream/-/JSONStream-1.3.1.tgz",
-      "integrity": "sha1-cH92HgHa6eFvG8+TcDt4xwlmV5o="
-    },
     "jsprim": {
       "version": "1.4.1",
       "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
       "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=",
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-        }
+      "requires": {
+        "assert-plus": "1.0.0",
+        "extsprintf": "1.3.0",
+        "json-schema": "0.2.3",
+        "verror": "1.10.0"
       }
     },
     "lodash": {
-      "version": "4.17.4",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.4.tgz",
-      "integrity": "sha1-eCA6TRwyiuHYbcpkYONptX9AVa4="
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg=="
     },
     "mime-db": {
-      "version": "1.29.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.29.0.tgz",
-      "integrity": "sha1-SNJtI1WJZRcErFkWygYAGRQmaHg="
+      "version": "1.35.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.35.0.tgz",
+      "integrity": "sha512-JWT/IcCTsB0Io3AhWUMjRqucrHSPsSf2xKLaRldJVULioggvkJvggZ3VXNNSRkCddE6D+BUI4HEIZIA2OjwIvg=="
     },
     "mime-types": {
-      "version": "2.1.16",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.16.tgz",
-      "integrity": "sha1-K4WKUuXs1RbbiXrCvodIeDBpjiM="
+      "version": "2.1.19",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.19.tgz",
+      "integrity": "sha512-P1tKYHVSZ6uFo26mtnve4HQFE3koh1UWVkp8YUC+ESBHe945xWSoXuHHiGarDqcEZ+whpCDnlNw5LON0kLo+sw==",
+      "requires": {
+        "mime-db": "~1.35.0"
+      }
     },
     "oauth-sign": {
-      "version": "0.8.2",
-      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz",
-      "integrity": "sha1-Rqarfwrq2N6unsBWV4C31O/rnUM="
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="
     },
     "performance-now": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-0.2.0.tgz",
-      "integrity": "sha1-M+8wxcd9TqIcWlOGnZG1bY8lVeU="
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns="
     },
     "process-nextick-args": {
-      "version": "1.0.7",
-      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz",
-      "integrity": "sha1-FQ4gt1ZZCtP5EJPyWk8q2L/zC6M="
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
+      "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw=="
     },
     "progress": {
       "version": "1.1.8",
       "resolved": "https://registry.npmjs.org/progress/-/progress-1.1.8.tgz",
       "integrity": "sha1-4mDHj2Fhzdmw5WzD4Khd4Xx6V74="
     },
+    "psl": {
+      "version": "1.1.29",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.1.29.tgz",
+      "integrity": "sha512-AeUmQ0oLN02flVHXWh9sSJF7mcdFq0ppid/JkErufc3hGIV/AMa8Fo9VgDo/cT2jFdOWoFvHp90qqBH54W+gjQ=="
+    },
     "punycode": {
       "version": "1.4.1",
       "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
       "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4="
     },
     "qs": {
-      "version": "6.4.0",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.4.0.tgz",
-      "integrity": "sha1-E+JtKK1rD/qpExLNO/cI7TUecjM="
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="
     },
     "readable-stream": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.3.tgz",
-      "integrity": "sha512-m+qzzcn7KUxEmd1gMbchF+Y2eIUbieUaxkWtptyHywrX0rE8QEYqPC07Vuy4Wm32/xE16NcdBctb8S0Xe/5IeQ=="
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+      "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+      "requires": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
     },
     "request": {
-      "version": "2.81.0",
-      "resolved": "https://registry.npmjs.org/request/-/request-2.81.0.tgz",
-      "integrity": "sha1-xpKJRqDgbF+Nb4qTM0af/aRimKA="
+      "version": "2.88.0",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.0.tgz",
+      "integrity": "sha512-NAqBSrijGLZdM0WZNsInLJpkJokL72XYjUpnB0iwsRgxh7dB6COrHnTBNwN0E+lHDAJzu7kLAkDeY08z2/A0hg==",
+      "requires": {
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
+        "caseless": "~0.12.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
+        "forever-agent": "~0.6.1",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.0",
+        "http-signature": "~1.2.0",
+        "is-typedarray": "~1.0.0",
+        "isstream": "~0.1.2",
+        "json-stringify-safe": "~5.0.1",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.4.3",
+        "tunnel-agent": "^0.6.0",
+        "uuid": "^3.3.2"
+      }
     },
     "safe-buffer": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
-      "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
     },
     "sax": {
       "version": "1.2.4",
       "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
       "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
     },
-    "sntp": {
-      "version": "1.0.9",
-      "resolved": "https://registry.npmjs.org/sntp/-/sntp-1.0.9.tgz",
-      "integrity": "sha1-ZUEYTMkK7qbG57NeJlkIJEPGYZg="
-    },
     "split": {
       "version": "1.0.1",
       "resolved": "https://registry.npmjs.org/split/-/split-1.0.1.tgz",
-      "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg=="
+      "integrity": "sha512-mTyOoPbrivtXnwnIxZRFYRrPNtEFKlpB2fvjSnCQUiAA6qAZzqwna5envK4uk6OIeP17CsdF3rSBGYVBsU0Tkg==",
+      "requires": {
+        "through": "2"
+      }
     },
     "sshpk": {
-      "version": "1.13.1",
-      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz",
-      "integrity": "sha1-US322mKHFEMW3EwY/hzx2UBzm+M=",
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-        }
+      "version": "1.14.2",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.14.2.tgz",
+      "integrity": "sha1-xvxhZIo9nE52T9P8306hBeSSupg=",
+      "requires": {
+        "asn1": "~0.2.3",
+        "assert-plus": "^1.0.0",
+        "bcrypt-pbkdf": "^1.0.0",
+        "dashdash": "^1.12.0",
+        "ecc-jsbn": "~0.1.1",
+        "getpass": "^0.1.1",
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
+        "tweetnacl": "~0.14.0"
       }
     },
     "stream-filter": {
       "version": "2.1.0",
       "resolved": "https://registry.npmjs.org/stream-filter/-/stream-filter-2.1.0.tgz",
-      "integrity": "sha1-vf9O7jzeTBUl4Ct43ek9gh/lKb0="
+      "integrity": "sha1-vf9O7jzeTBUl4Ct43ek9gh/lKb0=",
+      "requires": {
+        "through2": "^2.0.1",
+        "xtend": "^4.0.1"
+      }
     },
     "string_decoder": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz",
-      "integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ=="
-    },
-    "stringstream": {
-      "version": "0.0.5",
-      "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz",
-      "integrity": "sha1-TkhM1N5aC7vuGORjB3EKioFiGHg="
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "requires": {
+        "safe-buffer": "~5.1.0"
+      }
     },
     "through": {
       "version": "2.3.8",
@@ -347,17 +415,28 @@
     "through2": {
       "version": "2.0.3",
       "resolved": "https://registry.npmjs.org/through2/-/through2-2.0.3.tgz",
-      "integrity": "sha1-AARWmzfHx0ujnEPzzteNGtlBQL4="
+      "integrity": "sha1-AARWmzfHx0ujnEPzzteNGtlBQL4=",
+      "requires": {
+        "readable-stream": "^2.1.5",
+        "xtend": "~4.0.1"
+      }
     },
     "tough-cookie": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.2.tgz",
-      "integrity": "sha1-8IH3bkyFcg5sN6X6ztc3FQ2EByo="
+      "version": "2.4.3",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.4.3.tgz",
+      "integrity": "sha512-Q5srk/4vDM54WJsJio3XNn6K2sCG+CQ8G5Wz6bZhRZoAe/+TxjWB/GlFAnYEbkYVlON9FMk/fE3h2RLpPXo4lQ==",
+      "requires": {
+        "psl": "^1.1.24",
+        "punycode": "^1.4.1"
+      }
     },
     "tunnel-agent": {
       "version": "0.6.0",
       "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0="
+      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
     },
     "tweetnacl": {
       "version": "0.14.5",
@@ -365,37 +444,54 @@
       "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
       "optional": true
     },
+    "uri-js": {
+      "version": "4.4.1",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.4.1.tgz",
+      "integrity": "sha512-7rKUyy33Q1yc98pQ1DAmLtwX109F7TIfWlW1Ydo8Wl1ii1SeHieeh0HHfPeL2fMXK6z0s8ecKs9frCuLJvndBg==",
+      "requires": {
+        "punycode": "^2.1.0"
+      },
+      "dependencies": {
+        "punycode": {
+          "version": "2.1.1",
+          "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+          "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
+        }
+      }
+    },
     "util-deprecate": {
       "version": "1.0.2",
       "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
       "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
     },
     "uuid": {
-      "version": "3.1.0",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.1.0.tgz",
-      "integrity": "sha512-DIWtzUkw04M4k3bf1IcpS2tngXEL26YUD2M0tMDUpnUrz2hgzUBlD55a4FjdLGPvfHxS6uluGWvaVEqgBcVa+g=="
+      "version": "3.3.2",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.3.2.tgz",
+      "integrity": "sha512-yXJmeNaw3DnnKAOKJE51sL/ZaYfWJRl1pK9dr19YFCu0ObS231AB1/LbqTKRAQ5kw8A90rA6fr4riOUpTZvQZA=="
     },
     "verror": {
       "version": "1.10.0",
       "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
       "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
-      "dependencies": {
-        "assert-plus": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-          "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-        }
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
       }
     },
     "xml2js": {
       "version": "0.4.19",
       "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz",
-      "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q=="
+      "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==",
+      "requires": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~9.0.1"
+      }
     },
     "xmlbuilder": {
-      "version": "9.0.4",
-      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.4.tgz",
-      "integrity": "sha1-UZy0ymhtAFqEINNJbz8MruzKWA8="
+      "version": "9.0.7",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz",
+      "integrity": "sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0="
     },
     "xtend": {
       "version": "4.0.1",
diff --git a/utils/hsts-prune/package.json b/utils/hsts-prune/package.json
index fb8efdf32678..fcd6741cb985 100644
--- a/utils/hsts-prune/package.json
+++ b/utils/hsts-prune/package.json
@@ -10,7 +10,7 @@
   "license": "GPL-3.0",
   "dependencies": {
     "JSONStream": "^1.3.0",
-    "async": "^2.1.4",
+    "async": "^2.6.4",
     "base64-stream": "^0.1.3",
     "escape-string-regexp": "^1.0.5",
     "highland": "^2.10.1",
diff --git a/utils/issue-format-bot/.env.example b/utils/issue-format-bot/.env.example
deleted file mode 100644
index c619b9daedb5..000000000000
--- a/utils/issue-format-bot/.env.example
+++ /dev/null
@@ -1,5 +0,0 @@
-# The ID of your GitHub integration
-APP_ID=
-WEBHOOK_SECRET=development
-# This is the default:
-LOG_LEVEL=info
diff --git a/utils/issue-format-bot/.eslintrc.json b/utils/issue-format-bot/.eslintrc.json
deleted file mode 100644
index da3ef079033a..000000000000
--- a/utils/issue-format-bot/.eslintrc.json
+++ /dev/null
@@ -1,165 +0,0 @@
-{
-    "parserOptions": {
-        "ecmaVersion": 2017
-    },
-    "env": {
-        "es6": true,
-        "node": true
-    },
-    "extends": [
-        "eslint:recommended"
-    ],
-    "rules": {
-        "array-callback-return": "error",
-        "array-element-newline": "off",
-        "arrow-parens": [
-            "error",
-            "as-needed"
-        ],
-        "arrow-spacing": [
-            "error",
-            {
-                "after": true,
-                "before": true
-            }
-        ],
-        "block-spacing": "error",
-        "brace-style": [
-            "error",
-            "1tbs"
-        ],
-        "callback-return": "error",
-        "camelcase": "error",
-        "capitalized-comments": "off",
-        "comma-dangle": "error",
-        "comma-spacing": [
-            "error",
-            {
-                "after": true,
-                "before": false
-            }
-        ],
-        "comma-style": [
-            "error",
-            "last"
-        ],
-        "complexity": "error",
-        "consistent-return": "off",
-        "curly": "off",
-        "default-case": "off",
-        "dot-notation": "error",
-        "eol-last": "error",
-        "eqeqeq": "error",
-        "func-call-spacing": "error",
-        "func-names": "off",
-        "func-style": [
-            "error",
-            "declaration"
-        ],
-        "handle-callback-err": "error",
-        "indent": [2, 2],
-        "key-spacing": "error",
-        "keyword-spacing": [
-            "error",
-            {
-                "after": true,
-                "before": true
-            }
-        ],
-        "linebreak-style": [
-            "error",
-            "unix"
-        ],
-        "lines-around-comment": "error",
-        "no-await-in-loop": "error",
-        "no-bitwise": "error",
-        "no-buffer-constructor": "error",
-        "no-caller": "error",
-        "no-confusing-arrow": "error",
-        "no-continue": "error",
-        "no-eq-null": "error",
-        "no-eval": "error",
-        "no-extend-native": "error",
-        "no-extra-bind": "error",
-        "no-floating-decimal": "error",
-        "no-implied-eval": "error",
-        "no-invalid-this": "error",
-        "no-label-var": "error",
-        "no-labels": "error",
-        "no-lonely-if": "error",
-        "no-loop-func": "error",
-        "no-mixed-operators": "error",
-        "no-mixed-requires": "off",
-        "no-mixed-spaces-and-tabs": "error",
-        "no-multi-spaces": "error",
-        "no-negated-in-lhs": "error",
-        "no-nested-ternary": "error",
-        "no-new": "error",
-        "no-new-func": "error",
-        "no-new-object": "error",
-        "no-new-require": "error",
-        "no-new-wrappers": "error",
-        "no-path-concat": "error",
-        "no-return-await": "error",
-        "no-self-compare": "error",
-        "no-sequences": "error",
-        "no-spaced-func": "error",
-        "no-sync": "error",
-        "no-throw-literal": "error",
-        "no-trailing-spaces": "error",
-        "no-undef-init": "error",
-        "no-unused-expressions": "error",
-        "no-use-before-define": "error",
-        "no-useless-call": "error",
-        "no-useless-concat": "error",
-        "no-var": "error",
-        "no-warning-comments": "off",
-        "no-whitespace-before-property": "error",
-        "nonblock-statement-body-position": "error",
-        "object-curly-spacing": [
-            "error",
-            "never"
-        ],
-        "object-property-newline": "error",
-        "one-var": "off",
-        "one-var-declaration-per-line": "error",
-        "prefer-arrow-callback": "error",
-        "prefer-const": "error",
-        "prefer-promise-reject-errors": "error",
-        "quotes": [
-            "error",
-            "single"
-        ],
-        "require-await": "error",
-        "rest-spread-spacing": "error",
-        "semi": [
-            "error",
-            "always"
-        ],
-        "semi-spacing": "error",
-        "semi-style": [
-            "error",
-            "last"
-        ],
-        "space-before-blocks": "error",
-        "space-in-parens": [
-            "error",
-            "never"
-        ],
-        "space-infix-ops": "error",
-        "spaced-comment": [
-            "error",
-            "always"
-        ],
-        "strict": "error",
-        "unicode-bom": [
-            "error",
-            "never"
-        ],
-        "vars-on-top": "error",
-        "yoda": [
-            "error",
-            "never"
-        ]
-    }
-}
diff --git a/utils/issue-format-bot/.gitignore b/utils/issue-format-bot/.gitignore
deleted file mode 100644
index cfd0495528c5..000000000000
--- a/utils/issue-format-bot/.gitignore
+++ /dev/null
@@ -1,60 +0,0 @@
-# Logs
-logs
-*.log
-npm-debug.log*
-yarn-debug.log*
-yarn-error.log*
-
-# Runtime data
-pids
-*.pid
-*.seed
-*.pid.lock
-
-# Directory for instrumented libs generated by jscoverage/JSCover
-lib-cov
-
-# Coverage directory used by tools like istanbul
-coverage
-
-# nyc test coverage
-.nyc_output
-
-# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
-.grunt
-
-# Bower dependency directory (https://bower.io/)
-bower_components
-
-# node-waf configuration
-.lock-wscript
-
-# Compiled binary addons (http://nodejs.org/api/addons.html)
-build/Release
-
-# Dependency directories
-node_modules/
-jspm_packages/
-
-# Typescript v1 declaration files
-typings/
-
-# Optional npm cache directory
-.npm
-
-# Optional eslint cache
-.eslintcache
-
-# Optional REPL history
-.node_repl_history
-
-# Output of 'npm pack'
-*.tgz
-
-# Yarn Integrity file
-.yarn-integrity
-
-# dotenv environment variables file
-.env
-
-*.pem
diff --git a/utils/issue-format-bot/LICENSE b/utils/issue-format-bot/LICENSE
deleted file mode 100644
index dba13ed2ddf7..000000000000
--- a/utils/issue-format-bot/LICENSE
+++ /dev/null
@@ -1,661 +0,0 @@
-                    GNU AFFERO GENERAL PUBLIC LICENSE
-                       Version 3, 19 November 2007
-
- Copyright (C) 2007 Free Software Foundation, Inc. <http://fsf.org/>
- Everyone is permitted to copy and distribute verbatim copies
- of this license document, but changing it is not allowed.
-
-                            Preamble
-
-  The GNU Affero General Public License is a free, copyleft license for
-software and other kinds of works, specifically designed to ensure
-cooperation with the community in the case of network server software.
-
-  The licenses for most software and other practical works are designed
-to take away your freedom to share and change the works.  By contrast,
-our General Public Licenses are intended to guarantee your freedom to
-share and change all versions of a program--to make sure it remains free
-software for all its users.
-
-  When we speak of free software, we are referring to freedom, not
-price.  Our General Public Licenses are designed to make sure that you
-have the freedom to distribute copies of free software (and charge for
-them if you wish), that you receive source code or can get it if you
-want it, that you can change the software or use pieces of it in new
-free programs, and that you know you can do these things.
-
-  Developers that use our General Public Licenses protect your rights
-with two steps: (1) assert copyright on the software, and (2) offer
-you this License which gives you legal permission to copy, distribute
-and/or modify the software.
-
-  A secondary benefit of defending all users' freedom is that
-improvements made in alternate versions of the program, if they
-receive widespread use, become available for other developers to
-incorporate.  Many developers of free software are heartened and
-encouraged by the resulting cooperation.  However, in the case of
-software used on network servers, this result may fail to come about.
-The GNU General Public License permits making a modified version and
-letting the public access it on a server without ever releasing its
-source code to the public.
-
-  The GNU Affero General Public License is designed specifically to
-ensure that, in such cases, the modified source code becomes available
-to the community.  It requires the operator of a network server to
-provide the source code of the modified version running there to the
-users of that server.  Therefore, public use of a modified version, on
-a publicly accessible server, gives the public access to the source
-code of the modified version.
-
-  An older license, called the Affero General Public License and
-published by Affero, was designed to accomplish similar goals.  This is
-a different license, not a version of the Affero GPL, but Affero has
-released a new version of the Affero GPL which permits relicensing under
-this license.
-
-  The precise terms and conditions for copying, distribution and
-modification follow.
-
-                       TERMS AND CONDITIONS
-
-  0. Definitions.
-
-  "This License" refers to version 3 of the GNU Affero General Public License.
-
-  "Copyright" also means copyright-like laws that apply to other kinds of
-works, such as semiconductor masks.
-
-  "The Program" refers to any copyrightable work licensed under this
-License.  Each licensee is addressed as "you".  "Licensees" and
-"recipients" may be individuals or organizations.
-
-  To "modify" a work means to copy from or adapt all or part of the work
-in a fashion requiring copyright permission, other than the making of an
-exact copy.  The resulting work is called a "modified version" of the
-earlier work or a work "based on" the earlier work.
-
-  A "covered work" means either the unmodified Program or a work based
-on the Program.
-
-  To "propagate" a work means to do anything with it that, without
-permission, would make you directly or secondarily liable for
-infringement under applicable copyright law, except executing it on a
-computer or modifying a private copy.  Propagation includes copying,
-distribution (with or without modification), making available to the
-public, and in some countries other activities as well.
-
-  To "convey" a work means any kind of propagation that enables other
-parties to make or receive copies.  Mere interaction with a user through
-a computer network, with no transfer of a copy, is not conveying.
-
-  An interactive user interface displays "Appropriate Legal Notices"
-to the extent that it includes a convenient and prominently visible
-feature that (1) displays an appropriate copyright notice, and (2)
-tells the user that there is no warranty for the work (except to the
-extent that warranties are provided), that licensees may convey the
-work under this License, and how to view a copy of this License.  If
-the interface presents a list of user commands or options, such as a
-menu, a prominent item in the list meets this criterion.
-
-  1. Source Code.
-
-  The "source code" for a work means the preferred form of the work
-for making modifications to it.  "Object code" means any non-source
-form of a work.
-
-  A "Standard Interface" means an interface that either is an official
-standard defined by a recognized standards body, or, in the case of
-interfaces specified for a particular programming language, one that
-is widely used among developers working in that language.
-
-  The "System Libraries" of an executable work include anything, other
-than the work as a whole, that (a) is included in the normal form of
-packaging a Major Component, but which is not part of that Major
-Component, and (b) serves only to enable use of the work with that
-Major Component, or to implement a Standard Interface for which an
-implementation is available to the public in source code form.  A
-"Major Component", in this context, means a major essential component
-(kernel, window system, and so on) of the specific operating system
-(if any) on which the executable work runs, or a compiler used to
-produce the work, or an object code interpreter used to run it.
-
-  The "Corresponding Source" for a work in object code form means all
-the source code needed to generate, install, and (for an executable
-work) run the object code and to modify the work, including scripts to
-control those activities.  However, it does not include the work's
-System Libraries, or general-purpose tools or generally available free
-programs which are used unmodified in performing those activities but
-which are not part of the work.  For example, Corresponding Source
-includes interface definition files associated with source files for
-the work, and the source code for shared libraries and dynamically
-linked subprograms that the work is specifically designed to require,
-such as by intimate data communication or control flow between those
-subprograms and other parts of the work.
-
-  The Corresponding Source need not include anything that users
-can regenerate automatically from other parts of the Corresponding
-Source.
-
-  The Corresponding Source for a work in source code form is that
-same work.
-
-  2. Basic Permissions.
-
-  All rights granted under this License are granted for the term of
-copyright on the Program, and are irrevocable provided the stated
-conditions are met.  This License explicitly affirms your unlimited
-permission to run the unmodified Program.  The output from running a
-covered work is covered by this License only if the output, given its
-content, constitutes a covered work.  This License acknowledges your
-rights of fair use or other equivalent, as provided by copyright law.
-
-  You may make, run and propagate covered works that you do not
-convey, without conditions so long as your license otherwise remains
-in force.  You may convey covered works to others for the sole purpose
-of having them make modifications exclusively for you, or provide you
-with facilities for running those works, provided that you comply with
-the terms of this License in conveying all material for which you do
-not control copyright.  Those thus making or running the covered works
-for you must do so exclusively on your behalf, under your direction
-and control, on terms that prohibit them from making any copies of
-your copyrighted material outside their relationship with you.
-
-  Conveying under any other circumstances is permitted solely under
-the conditions stated below.  Sublicensing is not allowed; section 10
-makes it unnecessary.
-
-  3. Protecting Users' Legal Rights From Anti-Circumvention Law.
-
-  No covered work shall be deemed part of an effective technological
-measure under any applicable law fulfilling obligations under article
-11 of the WIPO copyright treaty adopted on 20 December 1996, or
-similar laws prohibiting or restricting circumvention of such
-measures.
-
-  When you convey a covered work, you waive any legal power to forbid
-circumvention of technological measures to the extent such circumvention
-is effected by exercising rights under this License with respect to
-the covered work, and you disclaim any intention to limit operation or
-modification of the work as a means of enforcing, against the work's
-users, your or third parties' legal rights to forbid circumvention of
-technological measures.
-
-  4. Conveying Verbatim Copies.
-
-  You may convey verbatim copies of the Program's source code as you
-receive it, in any medium, provided that you conspicuously and
-appropriately publish on each copy an appropriate copyright notice;
-keep intact all notices stating that this License and any
-non-permissive terms added in accord with section 7 apply to the code;
-keep intact all notices of the absence of any warranty; and give all
-recipients a copy of this License along with the Program.
-
-  You may charge any price or no price for each copy that you convey,
-and you may offer support or warranty protection for a fee.
-
-  5. Conveying Modified Source Versions.
-
-  You may convey a work based on the Program, or the modifications to
-produce it from the Program, in the form of source code under the
-terms of section 4, provided that you also meet all of these conditions:
-
-    a) The work must carry prominent notices stating that you modified
-    it, and giving a relevant date.
-
-    b) The work must carry prominent notices stating that it is
-    released under this License and any conditions added under section
-    7.  This requirement modifies the requirement in section 4 to
-    "keep intact all notices".
-
-    c) You must license the entire work, as a whole, under this
-    License to anyone who comes into possession of a copy.  This
-    License will therefore apply, along with any applicable section 7
-    additional terms, to the whole of the work, and all its parts,
-    regardless of how they are packaged.  This License gives no
-    permission to license the work in any other way, but it does not
-    invalidate such permission if you have separately received it.
-
-    d) If the work has interactive user interfaces, each must display
-    Appropriate Legal Notices; however, if the Program has interactive
-    interfaces that do not display Appropriate Legal Notices, your
-    work need not make them do so.
-
-  A compilation of a covered work with other separate and independent
-works, which are not by their nature extensions of the covered work,
-and which are not combined with it such as to form a larger program,
-in or on a volume of a storage or distribution medium, is called an
-"aggregate" if the compilation and its resulting copyright are not
-used to limit the access or legal rights of the compilation's users
-beyond what the individual works permit.  Inclusion of a covered work
-in an aggregate does not cause this License to apply to the other
-parts of the aggregate.
-
-  6. Conveying Non-Source Forms.
-
-  You may convey a covered work in object code form under the terms
-of sections 4 and 5, provided that you also convey the
-machine-readable Corresponding Source under the terms of this License,
-in one of these ways:
-
-    a) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by the
-    Corresponding Source fixed on a durable physical medium
-    customarily used for software interchange.
-
-    b) Convey the object code in, or embodied in, a physical product
-    (including a physical distribution medium), accompanied by a
-    written offer, valid for at least three years and valid for as
-    long as you offer spare parts or customer support for that product
-    model, to give anyone who possesses the object code either (1) a
-    copy of the Corresponding Source for all the software in the
-    product that is covered by this License, on a durable physical
-    medium customarily used for software interchange, for a price no
-    more than your reasonable cost of physically performing this
-    conveying of source, or (2) access to copy the
-    Corresponding Source from a network server at no charge.
-
-    c) Convey individual copies of the object code with a copy of the
-    written offer to provide the Corresponding Source.  This
-    alternative is allowed only occasionally and noncommercially, and
-    only if you received the object code with such an offer, in accord
-    with subsection 6b.
-
-    d) Convey the object code by offering access from a designated
-    place (gratis or for a charge), and offer equivalent access to the
-    Corresponding Source in the same way through the same place at no
-    further charge.  You need not require recipients to copy the
-    Corresponding Source along with the object code.  If the place to
-    copy the object code is a network server, the Corresponding Source
-    may be on a different server (operated by you or a third party)
-    that supports equivalent copying facilities, provided you maintain
-    clear directions next to the object code saying where to find the
-    Corresponding Source.  Regardless of what server hosts the
-    Corresponding Source, you remain obligated to ensure that it is
-    available for as long as needed to satisfy these requirements.
-
-    e) Convey the object code using peer-to-peer transmission, provided
-    you inform other peers where the object code and Corresponding
-    Source of the work are being offered to the general public at no
-    charge under subsection 6d.
-
-  A separable portion of the object code, whose source code is excluded
-from the Corresponding Source as a System Library, need not be
-included in conveying the object code work.
-
-  A "User Product" is either (1) a "consumer product", which means any
-tangible personal property which is normally used for personal, family,
-or household purposes, or (2) anything designed or sold for incorporation
-into a dwelling.  In determining whether a product is a consumer product,
-doubtful cases shall be resolved in favor of coverage.  For a particular
-product received by a particular user, "normally used" refers to a
-typical or common use of that class of product, regardless of the status
-of the particular user or of the way in which the particular user
-actually uses, or expects or is expected to use, the product.  A product
-is a consumer product regardless of whether the product has substantial
-commercial, industrial or non-consumer uses, unless such uses represent
-the only significant mode of use of the product.
-
-  "Installation Information" for a User Product means any methods,
-procedures, authorization keys, or other information required to install
-and execute modified versions of a covered work in that User Product from
-a modified version of its Corresponding Source.  The information must
-suffice to ensure that the continued functioning of the modified object
-code is in no case prevented or interfered with solely because
-modification has been made.
-
-  If you convey an object code work under this section in, or with, or
-specifically for use in, a User Product, and the conveying occurs as
-part of a transaction in which the right of possession and use of the
-User Product is transferred to the recipient in perpetuity or for a
-fixed term (regardless of how the transaction is characterized), the
-Corresponding Source conveyed under this section must be accompanied
-by the Installation Information.  But this requirement does not apply
-if neither you nor any third party retains the ability to install
-modified object code on the User Product (for example, the work has
-been installed in ROM).
-
-  The requirement to provide Installation Information does not include a
-requirement to continue to provide support service, warranty, or updates
-for a work that has been modified or installed by the recipient, or for
-the User Product in which it has been modified or installed.  Access to a
-network may be denied when the modification itself materially and
-adversely affects the operation of the network or violates the rules and
-protocols for communication across the network.
-
-  Corresponding Source conveyed, and Installation Information provided,
-in accord with this section must be in a format that is publicly
-documented (and with an implementation available to the public in
-source code form), and must require no special password or key for
-unpacking, reading or copying.
-
-  7. Additional Terms.
-
-  "Additional permissions" are terms that supplement the terms of this
-License by making exceptions from one or more of its conditions.
-Additional permissions that are applicable to the entire Program shall
-be treated as though they were included in this License, to the extent
-that they are valid under applicable law.  If additional permissions
-apply only to part of the Program, that part may be used separately
-under those permissions, but the entire Program remains governed by
-this License without regard to the additional permissions.
-
-  When you convey a copy of a covered work, you may at your option
-remove any additional permissions from that copy, or from any part of
-it.  (Additional permissions may be written to require their own
-removal in certain cases when you modify the work.)  You may place
-additional permissions on material, added by you to a covered work,
-for which you have or can give appropriate copyright permission.
-
-  Notwithstanding any other provision of this License, for material you
-add to a covered work, you may (if authorized by the copyright holders of
-that material) supplement the terms of this License with terms:
-
-    a) Disclaiming warranty or limiting liability differently from the
-    terms of sections 15 and 16 of this License; or
-
-    b) Requiring preservation of specified reasonable legal notices or
-    author attributions in that material or in the Appropriate Legal
-    Notices displayed by works containing it; or
-
-    c) Prohibiting misrepresentation of the origin of that material, or
-    requiring that modified versions of such material be marked in
-    reasonable ways as different from the original version; or
-
-    d) Limiting the use for publicity purposes of names of licensors or
-    authors of the material; or
-
-    e) Declining to grant rights under trademark law for use of some
-    trade names, trademarks, or service marks; or
-
-    f) Requiring indemnification of licensors and authors of that
-    material by anyone who conveys the material (or modified versions of
-    it) with contractual assumptions of liability to the recipient, for
-    any liability that these contractual assumptions directly impose on
-    those licensors and authors.
-
-  All other non-permissive additional terms are considered "further
-restrictions" within the meaning of section 10.  If the Program as you
-received it, or any part of it, contains a notice stating that it is
-governed by this License along with a term that is a further
-restriction, you may remove that term.  If a license document contains
-a further restriction but permits relicensing or conveying under this
-License, you may add to a covered work material governed by the terms
-of that license document, provided that the further restriction does
-not survive such relicensing or conveying.
-
-  If you add terms to a covered work in accord with this section, you
-must place, in the relevant source files, a statement of the
-additional terms that apply to those files, or a notice indicating
-where to find the applicable terms.
-
-  Additional terms, permissive or non-permissive, may be stated in the
-form of a separately written license, or stated as exceptions;
-the above requirements apply either way.
-
-  8. Termination.
-
-  You may not propagate or modify a covered work except as expressly
-provided under this License.  Any attempt otherwise to propagate or
-modify it is void, and will automatically terminate your rights under
-this License (including any patent licenses granted under the third
-paragraph of section 11).
-
-  However, if you cease all violation of this License, then your
-license from a particular copyright holder is reinstated (a)
-provisionally, unless and until the copyright holder explicitly and
-finally terminates your license, and (b) permanently, if the copyright
-holder fails to notify you of the violation by some reasonable means
-prior to 60 days after the cessation.
-
-  Moreover, your license from a particular copyright holder is
-reinstated permanently if the copyright holder notifies you of the
-violation by some reasonable means, this is the first time you have
-received notice of violation of this License (for any work) from that
-copyright holder, and you cure the violation prior to 30 days after
-your receipt of the notice.
-
-  Termination of your rights under this section does not terminate the
-licenses of parties who have received copies or rights from you under
-this License.  If your rights have been terminated and not permanently
-reinstated, you do not qualify to receive new licenses for the same
-material under section 10.
-
-  9. Acceptance Not Required for Having Copies.
-
-  You are not required to accept this License in order to receive or
-run a copy of the Program.  Ancillary propagation of a covered work
-occurring solely as a consequence of using peer-to-peer transmission
-to receive a copy likewise does not require acceptance.  However,
-nothing other than this License grants you permission to propagate or
-modify any covered work.  These actions infringe copyright if you do
-not accept this License.  Therefore, by modifying or propagating a
-covered work, you indicate your acceptance of this License to do so.
-
-  10. Automatic Licensing of Downstream Recipients.
-
-  Each time you convey a covered work, the recipient automatically
-receives a license from the original licensors, to run, modify and
-propagate that work, subject to this License.  You are not responsible
-for enforcing compliance by third parties with this License.
-
-  An "entity transaction" is a transaction transferring control of an
-organization, or substantially all assets of one, or subdividing an
-organization, or merging organizations.  If propagation of a covered
-work results from an entity transaction, each party to that
-transaction who receives a copy of the work also receives whatever
-licenses to the work the party's predecessor in interest had or could
-give under the previous paragraph, plus a right to possession of the
-Corresponding Source of the work from the predecessor in interest, if
-the predecessor has it or can get it with reasonable efforts.
-
-  You may not impose any further restrictions on the exercise of the
-rights granted or affirmed under this License.  For example, you may
-not impose a license fee, royalty, or other charge for exercise of
-rights granted under this License, and you may not initiate litigation
-(including a cross-claim or counterclaim in a lawsuit) alleging that
-any patent claim is infringed by making, using, selling, offering for
-sale, or importing the Program or any portion of it.
-
-  11. Patents.
-
-  A "contributor" is a copyright holder who authorizes use under this
-License of the Program or a work on which the Program is based.  The
-work thus licensed is called the contributor's "contributor version".
-
-  A contributor's "essential patent claims" are all patent claims
-owned or controlled by the contributor, whether already acquired or
-hereafter acquired, that would be infringed by some manner, permitted
-by this License, of making, using, or selling its contributor version,
-but do not include claims that would be infringed only as a
-consequence of further modification of the contributor version.  For
-purposes of this definition, "control" includes the right to grant
-patent sublicenses in a manner consistent with the requirements of
-this License.
-
-  Each contributor grants you a non-exclusive, worldwide, royalty-free
-patent license under the contributor's essential patent claims, to
-make, use, sell, offer for sale, import and otherwise run, modify and
-propagate the contents of its contributor version.
-
-  In the following three paragraphs, a "patent license" is any express
-agreement or commitment, however denominated, not to enforce a patent
-(such as an express permission to practice a patent or covenant not to
-sue for patent infringement).  To "grant" such a patent license to a
-party means to make such an agreement or commitment not to enforce a
-patent against the party.
-
-  If you convey a covered work, knowingly relying on a patent license,
-and the Corresponding Source of the work is not available for anyone
-to copy, free of charge and under the terms of this License, through a
-publicly available network server or other readily accessible means,
-then you must either (1) cause the Corresponding Source to be so
-available, or (2) arrange to deprive yourself of the benefit of the
-patent license for this particular work, or (3) arrange, in a manner
-consistent with the requirements of this License, to extend the patent
-license to downstream recipients.  "Knowingly relying" means you have
-actual knowledge that, but for the patent license, your conveying the
-covered work in a country, or your recipient's use of the covered work
-in a country, would infringe one or more identifiable patents in that
-country that you have reason to believe are valid.
-
-  If, pursuant to or in connection with a single transaction or
-arrangement, you convey, or propagate by procuring conveyance of, a
-covered work, and grant a patent license to some of the parties
-receiving the covered work authorizing them to use, propagate, modify
-or convey a specific copy of the covered work, then the patent license
-you grant is automatically extended to all recipients of the covered
-work and works based on it.
-
-  A patent license is "discriminatory" if it does not include within
-the scope of its coverage, prohibits the exercise of, or is
-conditioned on the non-exercise of one or more of the rights that are
-specifically granted under this License.  You may not convey a covered
-work if you are a party to an arrangement with a third party that is
-in the business of distributing software, under which you make payment
-to the third party based on the extent of your activity of conveying
-the work, and under which the third party grants, to any of the
-parties who would receive the covered work from you, a discriminatory
-patent license (a) in connection with copies of the covered work
-conveyed by you (or copies made from those copies), or (b) primarily
-for and in connection with specific products or compilations that
-contain the covered work, unless you entered into that arrangement,
-or that patent license was granted, prior to 28 March 2007.
-
-  Nothing in this License shall be construed as excluding or limiting
-any implied license or other defenses to infringement that may
-otherwise be available to you under applicable patent law.
-
-  12. No Surrender of Others' Freedom.
-
-  If conditions are imposed on you (whether by court order, agreement or
-otherwise) that contradict the conditions of this License, they do not
-excuse you from the conditions of this License.  If you cannot convey a
-covered work so as to satisfy simultaneously your obligations under this
-License and any other pertinent obligations, then as a consequence you may
-not convey it at all.  For example, if you agree to terms that obligate you
-to collect a royalty for further conveying from those to whom you convey
-the Program, the only way you could satisfy both those terms and this
-License would be to refrain entirely from conveying the Program.
-
-  13. Remote Network Interaction; Use with the GNU General Public License.
-
-  Notwithstanding any other provision of this License, if you modify the
-Program, your modified version must prominently offer all users
-interacting with it remotely through a computer network (if your version
-supports such interaction) an opportunity to receive the Corresponding
-Source of your version by providing access to the Corresponding Source
-from a network server at no charge, through some standard or customary
-means of facilitating copying of software.  This Corresponding Source
-shall include the Corresponding Source for any work covered by version 3
-of the GNU General Public License that is incorporated pursuant to the
-following paragraph.
-
-  Notwithstanding any other provision of this License, you have
-permission to link or combine any covered work with a work licensed
-under version 3 of the GNU General Public License into a single
-combined work, and to convey the resulting work.  The terms of this
-License will continue to apply to the part which is the covered work,
-but the work with which it is combined will remain governed by version
-3 of the GNU General Public License.
-
-  14. Revised Versions of this License.
-
-  The Free Software Foundation may publish revised and/or new versions of
-the GNU Affero General Public License from time to time.  Such new versions
-will be similar in spirit to the present version, but may differ in detail to
-address new problems or concerns.
-
-  Each version is given a distinguishing version number.  If the
-Program specifies that a certain numbered version of the GNU Affero General
-Public License "or any later version" applies to it, you have the
-option of following the terms and conditions either of that numbered
-version or of any later version published by the Free Software
-Foundation.  If the Program does not specify a version number of the
-GNU Affero General Public License, you may choose any version ever published
-by the Free Software Foundation.
-
-  If the Program specifies that a proxy can decide which future
-versions of the GNU Affero General Public License can be used, that proxy's
-public statement of acceptance of a version permanently authorizes you
-to choose that version for the Program.
-
-  Later license versions may give you additional or different
-permissions.  However, no additional obligations are imposed on any
-author or copyright holder as a result of your choosing to follow a
-later version.
-
-  15. Disclaimer of Warranty.
-
-  THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
-APPLICABLE LAW.  EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
-HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
-OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
-THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE.  THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
-IS WITH YOU.  SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
-ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
-
-  16. Limitation of Liability.
-
-  IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
-WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
-THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
-GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
-USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
-DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
-PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
-EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGES.
-
-  17. Interpretation of Sections 15 and 16.
-
-  If the disclaimer of warranty and limitation of liability provided
-above cannot be given local legal effect according to their terms,
-reviewing courts shall apply local law that most closely approximates
-an absolute waiver of all civil liability in connection with the
-Program, unless a warranty or assumption of liability accompanies a
-copy of the Program in return for a fee.
-
-                     END OF TERMS AND CONDITIONS
-
-            How to Apply These Terms to Your New Programs
-
-  If you develop a new program, and you want it to be of the greatest
-possible use to the public, the best way to achieve this is to make it
-free software which everyone can redistribute and change under these terms.
-
-  To do so, attach the following notices to the program.  It is safest
-to attach them to the start of each source file to most effectively
-state the exclusion of warranty; and each file should have at least
-the "copyright" line and a pointer to where the full notice is found.
-
-    <one line to give the program's name and a brief idea of what it does.>
-    Copyright (C) <year>  <name of author>
-
-    This program is free software: you can redistribute it and/or modify
-    it under the terms of the GNU Affero General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    This program is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU Affero General Public License for more details.
-
-    You should have received a copy of the GNU Affero General Public License
-    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-Also add information on how to contact you by electronic and paper mail.
-
-  If your software can interact with users remotely through a computer
-network, you should also make sure that it provides a way for users to
-get its source.  For example, if your program is a web application, its
-interface could display a "Source" link that leads users to an archive
-of the code.  There are many ways you could offer source, and different
-solutions will be better for different programs; see section 13 for the
-specific requirements.
-
-  You should also get your employer (if you work as a programmer) or school,
-if any, to sign a "copyright disclaimer" for the program, if necessary.
-For more information on this, and how to apply and follow the GNU AGPL, see
-<http://www.gnu.org/licenses/>.
diff --git a/utils/issue-format-bot/README.md b/utils/issue-format-bot/README.md
deleted file mode 100644
index 5f87c5a578a9..000000000000
--- a/utils/issue-format-bot/README.md
+++ /dev/null
@@ -1,23 +0,0 @@
-# issue-format-bot
-
-> a GitHub Integration built with [probot](https://github.com/probot/probot) that parses incoming HTTPS Everywhere ruleset bugs
-
-## About
-
-This bot enforces consistency in HTTPS Everywhere issues. All issues are required to have a "type", and for ruleset bugs and new rulesets, the bot also requires issues to have a machine-readable domain.
-
-It then uses this information to label the issue appropriately (e.g. with `top-100`, `top-1k`, etc.).
-
-All the fields are set up in the issue template, so users shouldn't have any trouble if they just follow the instructions they're presented when filing a new issue. That being said, if the bot encounters an error, it will post a comment telling the user what the error was and suggesting they edit their issue. Once the issue is edited, the bot will recognize this and will reparse the issue, posting any followup comments as necessary (in case it encounters more problems).
-
-## Setup
-
-```
-# Install dependencies
-npm install
-
-# Run the bot
-npm start
-```
-
-See [docs/deploy.md](docs/deploy.md) if you would like to run your own instance of this plugin.
diff --git a/utils/issue-format-bot/app.json b/utils/issue-format-bot/app.json
deleted file mode 100644
index b1e40c304624..000000000000
--- a/utils/issue-format-bot/app.json
+++ /dev/null
@@ -1,13 +0,0 @@
-{
-  "env": {
-    "PRIVATE_KEY": {
-      "description": "the private key you downloaded when creating the GitHub Integration"
-    },
-    "INTEGRATION_ID": {
-      "description": "the ID of your GitHub Integration"
-    },
-    "WEBHOOK_SECRET": {
-      "description": "the secret configured for your GitHub Integration"
-    }
-  }
-}
diff --git a/utils/issue-format-bot/docs/deploy.md b/utils/issue-format-bot/docs/deploy.md
deleted file mode 100644
index b9205bd114e0..000000000000
--- a/utils/issue-format-bot/docs/deploy.md
+++ /dev/null
@@ -1,7 +0,0 @@
-# Deploying
-
-If you would like to run your own instance of this plugin, see the [docs for deploying plugins](https://github.com/probot/probot/blob/master/docs/deployment.md).
-
-This plugin requires these **Permissions & events** for the GitHub Integration:
-
-> **TODO**: List permissions required for deployment here. See [probot/stale](https://github.com/probot/stale/blob/master/docs/deploy.md) for an example.
diff --git a/utils/issue-format-bot/docs/development.md b/utils/issue-format-bot/docs/development.md
deleted file mode 100644
index b6084508f29c..000000000000
--- a/utils/issue-format-bot/docs/development.md
+++ /dev/null
@@ -1,4 +0,0 @@
-# Development
-
-To get the bot running against GitHub, see
-https://github.com/probot/probot/blob/master/docs/development.md#configure-a-github-app.
diff --git a/utils/issue-format-bot/index.js b/utils/issue-format-bot/index.js
deleted file mode 100644
index fb5ddce6970e..000000000000
--- a/utils/issue-format-bot/index.js
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const alexa = require('./lib/alexa'),
-  newissue = require('./lib/newissue'),
-  issueedit = require('./lib/issueedit');
-
-module.exports = robot => {
-  robot.log('HTTPS Everywhere ruleset parser started.');
-
-  alexa(robot.log, (err, domains) => {
-    if (err) throw err;
-
-    robot.on('issues.opened', newissue(robot, domains));
-    robot.on('issues.edited', issueedit(robot, domains));
-
-    robot.log('Listening for new issues and issue edits.');
-  });
-};
diff --git a/utils/issue-format-bot/lib/alexa.js b/utils/issue-format-bot/lib/alexa.js
deleted file mode 100644
index 1c1d4af2bbe3..000000000000
--- a/utils/issue-format-bot/lib/alexa.js
+++ /dev/null
@@ -1,82 +0,0 @@
-// Copyright 2016 William Budington
-// Copyright 2017 AJ Jordan
-// AGPLv3+
-
-'use strict';
-
-const request = require('request'),
-  unzip = require('unzip');
-
-// (Heavily) modified from code by @Hainish in utils/labeller. Thanks, @Hainish!
-
-// TODO make this return Promises
-// TODO test this file
-
-const DAY = 1000 * 60 * 60 * 24,
-  obj = {data: null};
-
-function retrieveAlexa(cb) {
-
-  const alexa = [];
-  const csvRegex = /^[0-9]+,(.+)/;
-
-  request.get('https://s3.amazonaws.com/alexa-static/top-1m.csv.zip')
-    .on('error', err => {
-      cb(err);
-    })
-  // Dumb ESLint. It's not my fault this person named it like that!?
-    .pipe(unzip.Parse()) // eslint-disable-line new-cap
-    .on('entry', entry => {
-      // TODO this use of readline is super confusing??
-      const lineReader = require('readline').createInterface({
-        input: entry
-      });
-
-      lineReader.on('line', line => {
-        const domain = line.match(csvRegex)[1];
-        alexa.push(domain);
-      });
-
-      lineReader.on('close', () => {
-        cb(null, alexa);
-      });
-    });
-}
-
-module.exports = function getAlexa(log, cb) {
-  // If the data has already been retrieved, just return it
-  if (obj.data) {
-    cb(null, obj);
-    return;
-  }
-
-  // If it hasn't, invoke the retrieval function and schedule
-  // refreshes if we don't run into problems
-  retrieveAlexa((err, data) => {
-    if (err) {
-      cb(err, null);
-      return;
-    }
-
-    log('Retrieved Alexa rankings.');
-
-    // We return an object so that setInterval can change the Array
-    // the `data` property points to
-    obj.data = data;
-
-    setInterval(retrieveAlexa, DAY, (_err, _data) => {
-      // This is the callback function passed to retrieveAlexa()
-
-      if (_err) {
-        cb(_err, null);
-        return;
-      }
-
-      obj.data = _data;
-
-      log('Refreshed Alexa rankings.');
-    });
-
-    cb(null, obj);
-  });
-};
diff --git a/utils/issue-format-bot/lib/issueedit.js b/utils/issue-format-bot/lib/issueedit.js
deleted file mode 100644
index 7ab4d8e39161..000000000000
--- a/utils/issue-format-bot/lib/issueedit.js
+++ /dev/null
@@ -1,103 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const parse = require('./parse'),
-  validate = require('./validate'),
-  labeler = require('./labeler'),
-  _ = require('lodash');
-
-// We do this outside the event handler to avoid setting up and tearing down this object each time a hook is received
-const botStartDate = new Date('2017-09-25');
-
-// TODO make this share more with newissue.js?
-
-module.exports = function(robot, alexa) {
-  return async context => {
-    robot.log('Issue #' + context.payload.issue.number + ' edited; responding.');
-
-    // Check if the "issue" is really a PR
-    // I can't really tell if GitHub will ever send us something like this, honestly... but bettter safe than sorry.
-    if (_.has(context.payload.issue, 'pull_request')) {
-      robot.log('Issue is a Pull Request; aborting.');
-      return;
-    }
-
-    const createdAt = new Date(context.payload.issue.created_at);
-    if (createdAt <= botStartDate) {
-      robot.log('Ignoring event for a legacy, pre-bot issue.');
-      return;
-    }
-
-    const data = parse(context.payload.issue.body);
-
-    // Check if the data is problematic
-    if (data instanceof Error) {
-      // Dumb `switch` statement cases aren't technically blocks so saying `const params` in both of them causes redeclaration errors
-      let params;
-      switch (data.message) {
-      case 'invalid type':
-        params = context.issue({body: 'Sorry, I still couldn\'t understand the type of issue you specified. Did you look at the issue template?\n\nPlease try again.'});
-        return context.github.issues.createComment(params);
-      case 'multiple types':
-        params = context.issue({body: 'Sorry, but I\'m still seeing more than one type. Can you edit your issue and delete all but one of the types in your issue?'});
-        return context.github.issues.createComment(params);
-      case 'no type':
-        params = context.issue({body: 'I still don\'t see the type of issue in your description. Can you edit your issue to add this (perhaps referring to the [issue template](https://github.com/EFForg/https-everywhere/blob/master/.github/ISSUE_TEMPLATE.md)?)'});
-        return context.github.issues.createComment(params);
-      case 'null description':
-        params = context.issue({body: 'I still don\'t see any text in your description - please edit it to use the issue template. Thank you!'});
-        return context.github.issues.createComment(params);
-      default:
-        throw data;
-      }
-    }
-
-    const problems = validate(data);
-
-    if (problems.length === 0) {
-      // User submission is OK
-
-      let commentedBefore = false;
-
-      // This won't work if the bot comments success past 100 comments
-      // but since this will probably never happen, who cares. Also,
-      // the bot was originally put into production late September, so
-      // only ask for comments after then.
-      //
-      // XXX handle the user screwing up, then fixing it (and getting
-      // the success comment), then screwing up again
-      const _allComments = await context.github.issues.getComments(context.issue({
-        per_page: 100, // eslint-disable-line camelcase
-        since: '2017-09-25'
-      }));
-      const allComments = _allComments.data;
-
-      allComments.forEach(comment => {
-        // 'Your edit helped me out' is here to match legacy comments
-        // before this conditional was put in place
-        if (comment.body.includes('HELPED_COMMENT_POSTED')
-            || comment.body.includes('Your edit helped me out')) {
-          commentedBefore = true;
-        }
-      });
-
-      if (commentedBefore) return;
-
-      const params = context.issue({body: 'Thanks! Your edit helped me out. I\'ll take it from here now. <!-- HELPED_COMMENT_POSTED -->'});
-      await context.github.issues.createComment(params);
-
-      return labeler(context, data, alexa);
-    } else {
-      // Submit a comment telling them what the issues were
-      let comment = 'Thanks for editing!\n\n';
-      comment += 'I\'m sorry, but I still couldn\'t understand your submission. ';
-      comment += 'Here are the problems I ran into this time:\n\n';
-      problems.forEach(problem => comment += ` * ${problem}\n`);
-      comment += '\nIf you edit your issue again, I\'ll try again and report back if I have problems again.';
-      const params = context.issue({body: comment});
-      return context.github.issues.createComment(params);
-
-    }
-  };
-};
diff --git a/utils/issue-format-bot/lib/labeler.js b/utils/issue-format-bot/lib/labeler.js
deleted file mode 100644
index f82a8d64cd3f..000000000000
--- a/utils/issue-format-bot/lib/labeler.js
+++ /dev/null
@@ -1,43 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const alexaLabels = ['top-100', 'top-1k', 'top-10k', 'top-100k', 'top-1m'];
-
-module.exports = function label(context, data, alexa) {
-  const alexaPosition = alexa.data.indexOf(data.domain);
-  const labels = [];
-
-  // TODO remove existing labels in case of edits
-
-  if (alexaPosition === -1) {
-    return;
-  } else if (alexaPosition < 100) {
-    labels.push('top-100');
-  } else if (alexaPosition < 1000) {
-    labels.push('top-1k');
-  } else if (alexaPosition < 10000) {
-    labels.push('top-10k');
-  } else if (alexaPosition < 100000) {
-    labels.push('top-100k');
-  } else if (alexaPosition < 1000000) {
-    labels.push('top-1m');
-  }
-
-  // Every Alexa label *except* our new one
-  const toRemove = alexaLabels.filter(label => label !== labels[0]);
-  toRemove.forEach(label => {
-    const removalParams = context.issue({name: label});
-    // This is racy with addLabels() but honestly who cares
-    context.github.issues.removeLabel(removalParams).catch(err => {
-      // GitHub returns 404 if the label doesn't exist on the issue, so we just swallow those errors
-      // XXX should we query labels and do a diff?
-      if (err.code === 404) return;
-
-      throw err;
-    });
-  });
-
-  const params = context.issue({labels});
-  return context.github.issues.addLabels(params);
-};
diff --git a/utils/issue-format-bot/lib/newissue.js b/utils/issue-format-bot/lib/newissue.js
deleted file mode 100644
index 7e57d69ed98a..000000000000
--- a/utils/issue-format-bot/lib/newissue.js
+++ /dev/null
@@ -1,63 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const parse = require('./parse'),
-  validate = require('./validate'),
-  labeler = require('./labeler'),
-  _ = require('lodash');
-
-module.exports = function(robot, alexa) {
-  return context => {
-    robot.log('Issue #' + context.payload.issue.number + ' created; responding.');
-
-    // Check if the "issue" is really a PR
-    // I can't really tell if GitHub will ever send us something like this, honestly... but bettter safe than sorry.
-    if (_.has(context.payload.issue, 'pull_request')) {
-      robot.log('Issue is a Pull Request; aborting.');
-      return;
-    }
-
-    const data = parse(context.payload.issue.body);
-
-    // Check if the data is problematic
-    if (data instanceof Error) {
-      // Dumb `switch` statement cases aren't technically blocks so saying `const params` in both of them causes redeclaration errors
-      let params;
-      switch (data.message) {
-      case 'invalid type':
-        params = context.issue({body: 'Hey there, I didn\'t understand the type of issue you specified. Please edit it and try again.'});
-        return context.github.issues.createComment(params);
-      case 'multiple types':
-        params = context.issue({body: 'Hello! You seem to have specified more than one type. Can you edit your issue and delete all but one of the types in your issue?'});
-        return context.github.issues.createComment(params);
-      case 'no type':
-        params = context.issue({body: 'Hey, I couldn\'t find the type of issue in your description. Can you edit your issue to add this (perhaps referring to the [issue template](https://github.com/EFForg/https-everywhere/blob/master/.github/ISSUE_TEMPLATE.md)?)'});
-        return context.github.issues.createComment(params);
-      case 'null description':
-        params = context.issue({body: 'Hi! I can\'t find any text in your description - please edit it to use the issue template.'});
-        return context.github.issues.createComment(params);
-      default:
-        throw data;
-      }
-    }
-
-    const problems = validate(data);
-
-    if (problems.length === 0) {
-      // User submission is OK
-
-      return labeler(context, data, alexa);
-    } else {
-      // Submit a comment telling them what the issues were
-      let comment = 'Thanks for your contribution to HTTPS Everywhere! ';
-      comment += 'Unfortunately, I wasn\'t able to understand your submission. ';
-      comment += 'Here are the problems I ran into:\n\n';
-      problems.forEach(problem => comment += ` * ${problem}\n`);
-      comment += '\nIf you edit your issue, I\'ll try again and report back if I have problems again.';
-      const params = context.issue({body: comment});
-      return context.github.issues.createComment(params);
-
-    }
-  };
-};
diff --git a/utils/issue-format-bot/lib/parse.js b/utils/issue-format-bot/lib/parse.js
deleted file mode 100644
index b4b52b157960..000000000000
--- a/utils/issue-format-bot/lib/parse.js
+++ /dev/null
@@ -1,52 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-// Takes in an issue body and parses it into key-value pairs, normalizes it, and returns an Object
-
-'use strict';
-
-const strip = require('strip-markdown'),
-  remark = require('remark'),
-  processor = remark().use(strip),
-  _ = require('lodash'),
-  domainFromPartialUrl = require('domain-from-partial-url'),
-  Entities = require('html-entities').AllHtmlEntities,
-  decode = (new Entities()).decode;
-
-// XXX should type validation be moved to the validator module?
-const validTypes = ['ruleset issue', 'new ruleset', 'code issue', 'feature request', 'other'];
-
-// XXX the Error API in this module is pretty funky and could use a better design
-
-module.exports = function parseDescription(body) {
-  const plaintext = String(processor.processSync(body)); // eslint-disable-line no-sync
-
-  // Check if there's no description at all
-  if (plaintext.trim().length === 0) return new Error('null description');
-
-  // Split by newlines, filter blanks, split into trimmed key-value and lowercase everything
-  const lines = plaintext.split('\n')
-    .filter(line => _.compact(line).length !== 0)
-    .map(line => line.split(':').map(key => key.trim()))
-    .map(line => [line[0].toLowerCase(), line[1]]);
-
-  const types = lines.filter(line => line[0] === 'type');
-
-  // XXX should we check for duplicates of *all* keys?
-  if (types.length === 0) return new Error('no type');
-  if (types.length > 1) return new Error('multiple types');
-
-  // `types` looks like [ [ 'Type', 'ruleset issue' ] ]
-  const type = types[0][1];
-
-  if (!validTypes.includes(type)) return new Error('invalid type');
-
-  // Convert to object
-  const normalized = _.fromPairs(lines);
-
-  // Markdown mangles full URLs into HTML entities
-  // (e.g. `http&#x3A;//example.com/` instead of
-  // `http://example.com/`). So we decode them again.
-  if (normalized.domain) normalized.domain = domainFromPartialUrl(decode(normalized.domain));
-
-  return normalized;
-};
diff --git a/utils/issue-format-bot/lib/validate.js b/utils/issue-format-bot/lib/validate.js
deleted file mode 100644
index 8806cdf9380c..000000000000
--- a/utils/issue-format-bot/lib/validate.js
+++ /dev/null
@@ -1,19 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-module.exports = function validate(data) {
-  const problems = [];
-
-  // Validate that the user submitted all necessary data based on submission type
-  switch (data.type) {
-  case 'new ruleset':
-    if (!data.domain) problems.push('Submission is missing domain information');
-    break;
-  case 'ruleset issue':
-    if (!data.domain) problems.push('Submission is missing domain information');
-    break;
-  }
-
-  return problems;
-};
diff --git a/utils/issue-format-bot/package-lock.json b/utils/issue-format-bot/package-lock.json
deleted file mode 100644
index fab94f6ca930..000000000000
--- a/utils/issue-format-bot/package-lock.json
+++ /dev/null
@@ -1,5678 +0,0 @@
-{
-  "name": "issue-format-bot",
-  "version": "1.0.0",
-  "lockfileVersion": 1,
-  "requires": true,
-  "dependencies": {
-    "@sinonjs/formatio": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/@sinonjs/formatio/-/formatio-2.0.0.tgz",
-      "integrity": "sha512-ls6CAMA6/5gG+O/IdsBcblvnd8qcO/l1TYoNeAzp3wcISOxlPXQEus0mLcdwazEkWjaBdaJ3TaxmNgCLWwvWzg==",
-      "dev": true,
-      "requires": {
-        "samsam": "1.3.0"
-      }
-    },
-    "accepts": {
-      "version": "1.3.4",
-      "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.4.tgz",
-      "integrity": "sha1-hiRnWMfdbSGmR0/whKR0DsBesh8=",
-      "requires": {
-        "mime-types": "2.1.17",
-        "negotiator": "0.6.1"
-      }
-    },
-    "acorn": {
-      "version": "5.4.1",
-      "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.4.1.tgz",
-      "integrity": "sha512-XLmq3H/BVvW6/GbxKryGxWORz1ebilSsUDlyC27bXhWGWAZWkGwS6FLHjOlwFXNFoWFQEO/Df4u0YYd0K3BQgQ==",
-      "dev": true
-    },
-    "acorn-jsx": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-3.0.1.tgz",
-      "integrity": "sha1-r9+UiPsezvyDSPb7IvRk4ypYs2s=",
-      "dev": true,
-      "requires": {
-        "acorn": "3.3.0"
-      },
-      "dependencies": {
-        "acorn": {
-          "version": "3.3.0",
-          "resolved": "https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz",
-          "integrity": "sha1-ReN/s56No/JbruP/U2niu18iAXo=",
-          "dev": true
-        }
-      }
-    },
-    "agent-base": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/agent-base/-/agent-base-4.2.0.tgz",
-      "integrity": "sha512-c+R/U5X+2zz2+UCrCFv6odQzJdoqI+YecuhnAJLa1zYaMc13zPfwMwZrr91Pd1DYNo/yPRbiM4WVf9whgwFsIg==",
-      "requires": {
-        "es6-promisify": "5.0.0"
-      }
-    },
-    "ajv": {
-      "version": "5.5.2",
-      "resolved": "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz",
-      "integrity": "sha1-c7Xuyj+rZT49P5Qis0GtQiBdyWU=",
-      "requires": {
-        "co": "4.6.0",
-        "fast-deep-equal": "1.0.0",
-        "fast-json-stable-stringify": "2.0.0",
-        "json-schema-traverse": "0.3.1"
-      }
-    },
-    "ajv-keywords": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-2.1.1.tgz",
-      "integrity": "sha1-YXmX/F9gV2iUxDX5QNgZ4TW4B2I=",
-      "dev": true
-    },
-    "align-text": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/align-text/-/align-text-0.1.4.tgz",
-      "integrity": "sha1-DNkKVhCT810KmSVsIrcGlDP60Rc=",
-      "requires": {
-        "kind-of": "3.2.2",
-        "longest": "1.0.1",
-        "repeat-string": "1.6.1"
-      }
-    },
-    "amdefine": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/amdefine/-/amdefine-1.0.1.tgz",
-      "integrity": "sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU="
-    },
-    "ansi-escapes": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.0.0.tgz",
-      "integrity": "sha512-O/klc27mWNUigtv0F8NJWbLF00OcegQalkqKURWdosW08YZKi4m6CnSUSvIZG1otNJbTWhN01Hhz389DW7mvDQ==",
-      "dev": true
-    },
-    "ansi-regex": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
-      "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8="
-    },
-    "ansi-styles": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz",
-      "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=",
-      "dev": true
-    },
-    "ansicolors": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/ansicolors/-/ansicolors-0.2.1.tgz",
-      "integrity": "sha1-vgiVmQl7dKXJxKhKDNvNtivYeu8="
-    },
-    "ansistyles": {
-      "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/ansistyles/-/ansistyles-0.1.3.tgz",
-      "integrity": "sha1-XeYEFb2gcbs3EnhUyGT0GyMlRTk="
-    },
-    "argparse": {
-      "version": "1.0.9",
-      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.9.tgz",
-      "integrity": "sha1-c9g7wmP4bpf4zE9rrhsOkKfSLIY=",
-      "requires": {
-        "sprintf-js": "1.0.3"
-      }
-    },
-    "array-flatten": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
-      "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
-    },
-    "array-iterate": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/array-iterate/-/array-iterate-1.1.1.tgz",
-      "integrity": "sha1-hlv3+K851rCYLGCQKRSsdrwBCPY="
-    },
-    "array-union": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
-      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
-      "dev": true,
-      "requires": {
-        "array-uniq": "1.0.3"
-      }
-    },
-    "array-uniq": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
-      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
-      "dev": true
-    },
-    "arrify": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz",
-      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=",
-      "dev": true
-    },
-    "asn1": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.3.tgz",
-      "integrity": "sha1-2sh4dxPJlmhJ/IGAd36+nB3fO4Y="
-    },
-    "assert-plus": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
-      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
-    },
-    "async": {
-      "version": "2.6.0",
-      "resolved": "https://registry.npmjs.org/async/-/async-2.6.0.tgz",
-      "integrity": "sha512-xAfGg1/NTLBBKlHFmnd7PlmUW9KhVQIUuSrYem9xzFUZy13ScvtyGGejaae9iAVRiRq9+Cx7DPFaAAhCpyxyPw==",
-      "dev": true,
-      "requires": {
-        "lodash": "4.17.5"
-      }
-    },
-    "asynckit": {
-      "version": "0.4.0",
-      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
-      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
-    },
-    "aws-sign2": {
-      "version": "0.7.0",
-      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
-      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg="
-    },
-    "aws4": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.6.0.tgz",
-      "integrity": "sha1-g+9cqGCysy5KDe7e6MdxudtXRx4="
-    },
-    "babel-code-frame": {
-      "version": "6.26.0",
-      "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.26.0.tgz",
-      "integrity": "sha1-Y/1D99weO7fONZR9uP42mj9Yx0s=",
-      "dev": true,
-      "requires": {
-        "chalk": "1.1.3",
-        "esutils": "2.0.2",
-        "js-tokens": "3.0.2"
-      },
-      "dependencies": {
-        "chalk": {
-          "version": "1.1.3",
-          "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
-          "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
-          "dev": true,
-          "requires": {
-            "ansi-styles": "2.2.1",
-            "escape-string-regexp": "1.0.5",
-            "has-ansi": "2.0.0",
-            "strip-ansi": "3.0.1",
-            "supports-color": "2.0.0"
-          }
-        }
-      }
-    },
-    "bail": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.1.tgz",
-      "integrity": "sha1-kSV53os5Gq3zxf30zSoPwiXfO8I="
-    },
-    "balanced-match": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
-      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c="
-    },
-    "base64url": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/base64url/-/base64url-2.0.0.tgz",
-      "integrity": "sha1-6sFuA+oUOO/5Qj1puqNiYu0fcLs="
-    },
-    "basic-auth": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/basic-auth/-/basic-auth-2.0.0.tgz",
-      "integrity": "sha1-AV2z81PgLlY3d1X5YnQuiYHnu7o=",
-      "dev": true,
-      "requires": {
-        "safe-buffer": "5.1.1"
-      }
-    },
-    "bcrypt-pbkdf": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.1.tgz",
-      "integrity": "sha1-Y7xdy2EzG5K8Bf1SiVPDNGKgb40=",
-      "optional": true,
-      "requires": {
-        "tweetnacl": "0.14.5"
-      }
-    },
-    "binary": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/binary/-/binary-0.3.0.tgz",
-      "integrity": "sha1-n2BVO8XOjDOG87VTz/R0Yq3sqnk=",
-      "requires": {
-        "buffers": "0.1.1",
-        "chainsaw": "0.1.0"
-      }
-    },
-    "bl": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/bl/-/bl-1.1.2.tgz",
-      "integrity": "sha1-/cqHGplxOqANGeO7ukHER4emU5g=",
-      "requires": {
-        "readable-stream": "2.0.6"
-      },
-      "dependencies": {
-        "readable-stream": {
-          "version": "2.0.6",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.0.6.tgz",
-          "integrity": "sha1-j5A0HmilPMySh4jaz80Rs265t44=",
-          "requires": {
-            "core-util-is": "1.0.2",
-            "inherits": "2.0.3",
-            "isarray": "1.0.0",
-            "process-nextick-args": "1.0.7",
-            "string_decoder": "0.10.31",
-            "util-deprecate": "1.0.2"
-          },
-          "dependencies": {
-            "process-nextick-args": {
-              "version": "1.0.7",
-              "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-1.0.7.tgz",
-              "integrity": "sha1-FQ4gt1ZZCtP5EJPyWk8q2L/zC6M="
-            }
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
-      }
-    },
-    "body-parser": {
-      "version": "1.18.2",
-      "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.18.2.tgz",
-      "integrity": "sha1-h2eKGdhLR9hZuDGZvVm84iKxBFQ=",
-      "requires": {
-        "bytes": "3.0.0",
-        "content-type": "1.0.4",
-        "debug": "2.6.9",
-        "depd": "1.1.2",
-        "http-errors": "1.6.2",
-        "iconv-lite": "0.4.19",
-        "on-finished": "2.3.0",
-        "qs": "6.5.1",
-        "raw-body": "2.3.2",
-        "type-is": "1.6.15"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "2.6.9",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "boom": {
-      "version": "4.3.1",
-      "resolved": "https://registry.npmjs.org/boom/-/boom-4.3.1.tgz",
-      "integrity": "sha1-T4owBctKfjiJ90kDD9JbluAdLjE=",
-      "requires": {
-        "hoek": "4.2.0"
-      }
-    },
-    "bottleneck": {
-      "version": "1.16.0",
-      "resolved": "https://registry.npmjs.org/bottleneck/-/bottleneck-1.16.0.tgz",
-      "integrity": "sha1-1s4TgIUnr8gLaQkvFWBmVeWyHxo="
-    },
-    "brace-expansion": {
-      "version": "1.1.11",
-      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
-      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
-      "requires": {
-        "balanced-match": "1.0.0",
-        "concat-map": "0.0.1"
-      }
-    },
-    "buffer-equal-constant-time": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz",
-      "integrity": "sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk="
-    },
-    "buffers": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/buffers/-/buffers-0.1.1.tgz",
-      "integrity": "sha1-skV5w77U1tOWru5tmorn9Ugqt7s="
-    },
-    "builtin-modules": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz",
-      "integrity": "sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8="
-    },
-    "bunyan": {
-      "version": "1.8.12",
-      "resolved": "https://registry.npmjs.org/bunyan/-/bunyan-1.8.12.tgz",
-      "integrity": "sha1-8VDw9nSKvdcq6uhPBEA74u8RN5c=",
-      "requires": {
-        "dtrace-provider": "0.8.6",
-        "moment": "2.20.1",
-        "mv": "2.1.1",
-        "safe-json-stringify": "1.0.4"
-      }
-    },
-    "bunyan-format": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/bunyan-format/-/bunyan-format-0.2.1.tgz",
-      "integrity": "sha1-pLOw2ABwqGUnlBcmnj8A/wL7y0c=",
-      "requires": {
-        "ansicolors": "0.2.1",
-        "ansistyles": "0.1.3",
-        "xtend": "2.1.2"
-      },
-      "dependencies": {
-        "object-keys": {
-          "version": "0.4.0",
-          "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-0.4.0.tgz",
-          "integrity": "sha1-KKaq50KN0sOpLz2V8hM13SBOAzY="
-        },
-        "xtend": {
-          "version": "2.1.2",
-          "resolved": "https://registry.npmjs.org/xtend/-/xtend-2.1.2.tgz",
-          "integrity": "sha1-bv7MKk2tjmlixJAbM3znuoe10os=",
-          "requires": {
-            "object-keys": "0.4.0"
-          }
-        }
-      }
-    },
-    "bunyan-sentry-stream": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/bunyan-sentry-stream/-/bunyan-sentry-stream-1.2.1.tgz",
-      "integrity": "sha1-/dn0L6dYefKiEFeb3CcS+Chc0Ss=",
-      "requires": {
-        "lodash.omit": "4.5.0"
-      }
-    },
-    "bytes": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.0.0.tgz",
-      "integrity": "sha1-0ygVQE1olpn4Wk6k+odV3ROpYEg="
-    },
-    "cache-manager": {
-      "version": "2.7.0",
-      "resolved": "https://registry.npmjs.org/cache-manager/-/cache-manager-2.7.0.tgz",
-      "integrity": "sha1-hHeALQole+oNNrkkIKyJmORgsJ0=",
-      "requires": {
-        "async": "1.5.2",
-        "lru-cache": "4.0.0"
-      },
-      "dependencies": {
-        "async": {
-          "version": "1.5.2",
-          "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
-          "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
-        },
-        "lru-cache": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.0.0.tgz",
-          "integrity": "sha1-tcvwFVbBaWb+vlTO7A+03JDfbCg=",
-          "requires": {
-            "pseudomap": "1.0.2",
-            "yallist": "2.1.2"
-          }
-        }
-      }
-    },
-    "caller-path": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/caller-path/-/caller-path-0.1.0.tgz",
-      "integrity": "sha1-lAhe9jWB7NPaqSREqP6U6CV3dR8=",
-      "dev": true,
-      "requires": {
-        "callsites": "0.2.0"
-      }
-    },
-    "callsites": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
-      "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
-      "dev": true
-    },
-    "camelcase": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-1.2.1.tgz",
-      "integrity": "sha1-m7UwTS4LVmmLLHWLCKPqqdqlijk=",
-      "optional": true
-    },
-    "caseless": {
-      "version": "0.12.0",
-      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
-      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
-    },
-    "ccount": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/ccount/-/ccount-1.0.1.tgz",
-      "integrity": "sha1-ZlaHlFFowhjsd/9hpBVa4AInqWw="
-    },
-    "center-align": {
-      "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/center-align/-/center-align-0.1.3.tgz",
-      "integrity": "sha1-qg0yYptu6XIgBBHL1EYckHvCt60=",
-      "optional": true,
-      "requires": {
-        "align-text": "0.1.4",
-        "lazy-cache": "1.0.4"
-      }
-    },
-    "chainsaw": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/chainsaw/-/chainsaw-0.1.0.tgz",
-      "integrity": "sha1-XqtQsor+WAdNDVgpE4iCi15fvJg=",
-      "requires": {
-        "traverse": "0.3.9"
-      }
-    },
-    "chalk": {
-      "version": "2.3.1",
-      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.3.1.tgz",
-      "integrity": "sha512-QUU4ofkDoMIVO7hcx1iPTISs88wsO8jA92RQIm4JAwZvFGGAV2hSAA1NX7oVj2Ej2Q6NDTcRDjPTFrMCRZoJ6g==",
-      "dev": true,
-      "requires": {
-        "ansi-styles": "3.2.0",
-        "escape-string-regexp": "1.0.5",
-        "supports-color": "5.2.0"
-      },
-      "dependencies": {
-        "ansi-styles": {
-          "version": "3.2.0",
-          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.0.tgz",
-          "integrity": "sha512-NnSOmMEYtVR2JVMIGTzynRkkaxtiq1xnFBcdQD/DnNCYPoEPsVJhM98BDyaoNOQIi7p4okdi3E27eN7GQbsUug==",
-          "dev": true,
-          "requires": {
-            "color-convert": "1.9.1"
-          }
-        },
-        "supports-color": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.2.0.tgz",
-          "integrity": "sha512-F39vS48la4YvTZUPVeTqsjsFNrvcMwrV3RLZINsmHo+7djCvuUzSIeXOnZ5hmjef4bajL1dNccN+tg5XAliO5Q==",
-          "dev": true,
-          "requires": {
-            "has-flag": "3.0.0"
-          }
-        }
-      }
-    },
-    "character-entities": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/character-entities/-/character-entities-1.2.0.tgz",
-      "integrity": "sha1-poPiz3Xb6LFxljUxNk5Y4YobFV8="
-    },
-    "character-entities-html4": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/character-entities-html4/-/character-entities-html4-1.1.0.tgz",
-      "integrity": "sha1-GrCFUdPOH6HfCNAPucod77FHoGw="
-    },
-    "character-entities-legacy": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/character-entities-legacy/-/character-entities-legacy-1.1.0.tgz",
-      "integrity": "sha1-sYqtmPa3vMZGweTIH58ZVjdqVho="
-    },
-    "character-reference-invalid": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/character-reference-invalid/-/character-reference-invalid-1.1.0.tgz",
-      "integrity": "sha1-3smtHfufjQa0/NqircPE/ZevHmg="
-    },
-    "chardet": {
-      "version": "0.4.2",
-      "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.4.2.tgz",
-      "integrity": "sha1-tUc7M9yXxCTl2Y3IfVXU2KKci/I=",
-      "dev": true
-    },
-    "charenc": {
-      "version": "0.0.2",
-      "resolved": "https://registry.npmjs.org/charenc/-/charenc-0.0.2.tgz",
-      "integrity": "sha1-wKHS86cJLgN3S/qD8UwPxXkKhmc="
-    },
-    "circular-json": {
-      "version": "0.3.3",
-      "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
-      "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
-      "dev": true
-    },
-    "cli-cursor": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-2.1.0.tgz",
-      "integrity": "sha1-s12sN2R5+sw+lHR9QdDQ9SOP/LU=",
-      "dev": true,
-      "requires": {
-        "restore-cursor": "2.0.0"
-      }
-    },
-    "cli-width": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-2.2.0.tgz",
-      "integrity": "sha1-/xnt6Kml5XkyQUewwR8PvLq+1jk=",
-      "dev": true
-    },
-    "cliui": {
-      "version": "3.2.0",
-      "resolved": "https://registry.npmjs.org/cliui/-/cliui-3.2.0.tgz",
-      "integrity": "sha1-EgYBU3qRbSmUD5NNo7SNWFo5IT0=",
-      "requires": {
-        "string-width": "1.0.2",
-        "strip-ansi": "3.0.1",
-        "wrap-ansi": "2.1.0"
-      }
-    },
-    "co": {
-      "version": "4.6.0",
-      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
-      "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ="
-    },
-    "code-point-at": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/code-point-at/-/code-point-at-1.1.0.tgz",
-      "integrity": "sha1-DQcLTQQ6W+ozovGkDi7bPZpMz3c="
-    },
-    "coffee-script": {
-      "version": "1.12.7",
-      "resolved": "https://registry.npmjs.org/coffee-script/-/coffee-script-1.12.7.tgz",
-      "integrity": "sha512-fLeEhqwymYat/MpTPUjSKHVYYl0ec2mOyALEMLmzr5i1isuG+6jfI2j2d5oBO3VIzgUXgBVIcOT9uH1TFxBckw=="
-    },
-    "collapse-white-space": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/collapse-white-space/-/collapse-white-space-1.0.3.tgz",
-      "integrity": "sha1-S5BvZw5aljqHt2sOFolkM0G2Ajw="
-    },
-    "color-convert": {
-      "version": "1.9.1",
-      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.1.tgz",
-      "integrity": "sha512-mjGanIiwQJskCC18rPR6OmrZ6fm2Lc7PeGFYwCmy5J34wC6F1PzdGL6xeMfmgicfYcNLGuVFA3WzXtIDCQSZxQ==",
-      "dev": true,
-      "requires": {
-        "color-name": "1.1.3"
-      }
-    },
-    "color-name": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
-      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
-      "dev": true
-    },
-    "combined-stream": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.6.tgz",
-      "integrity": "sha1-cj599ugBrFYTETp+RFqbactjKBg=",
-      "requires": {
-        "delayed-stream": "1.0.0"
-      }
-    },
-    "commander": {
-      "version": "2.14.1",
-      "resolved": "https://registry.npmjs.org/commander/-/commander-2.14.1.tgz",
-      "integrity": "sha512-+YR16o3rK53SmWHU3rEM3tPAh2rwb1yPcQX5irVn7mb0gXbwuCCrnkbV5+PBfETdfg1vui07nM6PCG1zndcjQw=="
-    },
-    "component-emitter": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.2.1.tgz",
-      "integrity": "sha1-E3kY1teCg/ffemt8WmPhQOaUJeY=",
-      "dev": true
-    },
-    "concat-map": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
-      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s="
-    },
-    "concat-stream": {
-      "version": "1.6.0",
-      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.0.tgz",
-      "integrity": "sha1-CqxmL9Ur54lk1VMvaUeE5wEQrPc=",
-      "dev": true,
-      "requires": {
-        "inherits": "2.0.3",
-        "readable-stream": "2.3.4",
-        "typedarray": "0.0.6"
-      }
-    },
-    "content-disposition": {
-      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.2.tgz",
-      "integrity": "sha1-DPaLud318r55YcOoUXjLhdunjLQ="
-    },
-    "content-type": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
-      "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
-    },
-    "cookie": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.3.1.tgz",
-      "integrity": "sha1-5+Ch+e9DtMi6klxcWpboBtFoc7s="
-    },
-    "cookie-signature": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
-      "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
-    },
-    "cookiejar": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.1.tgz",
-      "integrity": "sha1-Qa1XsbVVlR7BcUEqgZQrHoIA00o=",
-      "dev": true
-    },
-    "core-util-is": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
-      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
-    },
-    "cross-spawn": {
-      "version": "5.1.0",
-      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz",
-      "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=",
-      "dev": true,
-      "requires": {
-        "lru-cache": "4.1.1",
-        "shebang-command": "1.2.0",
-        "which": "1.3.0"
-      }
-    },
-    "crypt": {
-      "version": "0.0.2",
-      "resolved": "https://registry.npmjs.org/crypt/-/crypt-0.0.2.tgz",
-      "integrity": "sha1-iNf/fsDfuG9xPch7u0LQRNPmxBs="
-    },
-    "cryptiles": {
-      "version": "3.1.2",
-      "resolved": "https://registry.npmjs.org/cryptiles/-/cryptiles-3.1.2.tgz",
-      "integrity": "sha1-qJ+7Ig9c4l7FboxKqKT9e1sNKf4=",
-      "requires": {
-        "boom": "5.2.0"
-      },
-      "dependencies": {
-        "boom": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/boom/-/boom-5.2.0.tgz",
-          "integrity": "sha512-Z5BTk6ZRe4tXXQlkqftmsAUANpXmuwlsF5Oov8ThoMbQRzdGTA1ngYRW160GexgOgjsFOKJz0LYhoNi+2AMBUw==",
-          "requires": {
-            "hoek": "4.2.0"
-          }
-        }
-      }
-    },
-    "dashdash": {
-      "version": "1.14.1",
-      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
-      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
-      "requires": {
-        "assert-plus": "1.0.0"
-      }
-    },
-    "debug": {
-      "version": "2.6.8",
-      "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.8.tgz",
-      "integrity": "sha1-5zFTHKLt4n0YgiJCfaF4IdaP9Pw=",
-      "requires": {
-        "ms": "2.0.0"
-      }
-    },
-    "decamelize": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/decamelize/-/decamelize-1.2.0.tgz",
-      "integrity": "sha1-9lNNFRSCabIDUue+4m9QH5oZEpA="
-    },
-    "deep-is": {
-      "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
-      "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
-      "dev": true
-    },
-    "define-properties": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.2.tgz",
-      "integrity": "sha1-g6c/L+pWmJj7c3GTyPhzyvbUXJQ=",
-      "dev": true,
-      "requires": {
-        "foreach": "2.0.5",
-        "object-keys": "1.0.11"
-      }
-    },
-    "del": {
-      "version": "2.2.2",
-      "resolved": "https://registry.npmjs.org/del/-/del-2.2.2.tgz",
-      "integrity": "sha1-wSyYHQZ4RshLyvhiz/kw2Qf/0ag=",
-      "dev": true,
-      "requires": {
-        "globby": "5.0.0",
-        "is-path-cwd": "1.0.0",
-        "is-path-in-cwd": "1.0.0",
-        "object-assign": "4.1.1",
-        "pify": "2.3.0",
-        "pinkie-promise": "2.0.1",
-        "rimraf": "2.6.1"
-      }
-    },
-    "delayed-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
-      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
-    },
-    "depd": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
-      "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
-    },
-    "destroy": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
-      "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
-    },
-    "diff": {
-      "version": "3.4.0",
-      "resolved": "https://registry.npmjs.org/diff/-/diff-3.4.0.tgz",
-      "integrity": "sha512-QpVuMTEoJMF7cKzi6bvWhRulU1fZqZnvyVQgNhPaxxuTYwyjn/j1v9falseQ/uXWwPnO56RBfwtg4h/EQXmucA==",
-      "dev": true
-    },
-    "doctrine": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
-      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
-      "dev": true,
-      "requires": {
-        "esutils": "2.0.2"
-      }
-    },
-    "domain-from-partial-url": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/domain-from-partial-url/-/domain-from-partial-url-1.0.0.tgz",
-      "integrity": "sha512-l3qOjBAqPnHxZZeH/H4Oege3y91p1RfePB7h6iEIrK4YIrVxKKfrQYdkpepUJ3Zx3tgRzdXy7RmRc/4knCZ49A==",
-      "requires": {
-        "perjury": "0.4.3"
-      },
-      "dependencies": {
-        "async": {
-          "version": "2.5.0",
-          "resolved": "https://registry.npmjs.org/async/-/async-2.5.0.tgz",
-          "integrity": "sha512-e+lJAJeNWuPCNyxZKOBdaJGyLGHugXVQtrAwtuAe2vhxTYxFTKE73p8JuTmdH0qdQZtDvI4dhJwjZc5zsfIsYw==",
-          "requires": {
-            "lodash": "4.17.5"
-          }
-        },
-        "camelcase": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-3.0.0.tgz",
-          "integrity": "sha1-MvxLn82vhF/N9+c7uXysImHwqwo="
-        },
-        "perjury": {
-          "version": "0.4.3",
-          "resolved": "https://registry.npmjs.org/perjury/-/perjury-0.4.3.tgz",
-          "integrity": "sha1-DX1rxAH7LtULWISudckYwmZtQEw=",
-          "requires": {
-            "async": "2.5.0",
-            "coffee-script": "1.12.7",
-            "debug": "2.6.8",
-            "lodash": "4.17.5",
-            "yargs": "5.0.0"
-          }
-        },
-        "which-module": {
-          "version": "1.0.0",
-          "resolved": "https://registry.npmjs.org/which-module/-/which-module-1.0.0.tgz",
-          "integrity": "sha1-u6Y8qGGUiZT/MHc2CJ47lgJsKk8="
-        },
-        "window-size": {
-          "version": "0.2.0",
-          "resolved": "https://registry.npmjs.org/window-size/-/window-size-0.2.0.tgz",
-          "integrity": "sha1-tDFbtCFKPXBY6+7okuE/ok2YsHU="
-        },
-        "yargs": {
-          "version": "5.0.0",
-          "resolved": "https://registry.npmjs.org/yargs/-/yargs-5.0.0.tgz",
-          "integrity": "sha1-M1UUSXfQV1fbuG1uOOwFYSOzpm4=",
-          "requires": {
-            "cliui": "3.2.0",
-            "decamelize": "1.2.0",
-            "get-caller-file": "1.0.2",
-            "lodash.assign": "4.2.0",
-            "os-locale": "1.4.0",
-            "read-pkg-up": "1.0.1",
-            "require-directory": "2.1.1",
-            "require-main-filename": "1.0.1",
-            "set-blocking": "2.0.0",
-            "string-width": "1.0.2",
-            "which-module": "1.0.0",
-            "window-size": "0.2.0",
-            "y18n": "3.2.1",
-            "yargs-parser": "3.2.0"
-          }
-        },
-        "yargs-parser": {
-          "version": "3.2.0",
-          "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-3.2.0.tgz",
-          "integrity": "sha1-UIE1XRnZ0MjF2BrakIy05tGGZk8=",
-          "requires": {
-            "camelcase": "3.0.0",
-            "lodash.assign": "4.2.0"
-          }
-        }
-      }
-    },
-    "dotenv": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/dotenv/-/dotenv-4.0.0.tgz",
-      "integrity": "sha1-hk7xN5rO1Vzm+V3r7NzhefegzR0="
-    },
-    "dtrace-provider": {
-      "version": "0.8.6",
-      "resolved": "https://registry.npmjs.org/dtrace-provider/-/dtrace-provider-0.8.6.tgz",
-      "integrity": "sha1-QooiOv4DQl0s1tY0f99AxmkDVj0=",
-      "optional": true,
-      "requires": {
-        "nan": "2.8.0"
-      }
-    },
-    "ecc-jsbn": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.1.tgz",
-      "integrity": "sha1-D8c6ntXw1Tw4GTOYUj735UN3dQU=",
-      "optional": true,
-      "requires": {
-        "jsbn": "0.1.1"
-      }
-    },
-    "ecdsa-sig-formatter": {
-      "version": "1.0.9",
-      "resolved": "https://registry.npmjs.org/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.9.tgz",
-      "integrity": "sha1-S8kmJ07Dtau1AW5+HWCSGsJisqE=",
-      "requires": {
-        "base64url": "2.0.0",
-        "safe-buffer": "5.1.1"
-      }
-    },
-    "ee-first": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
-      "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
-    },
-    "encodeurl": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
-      "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
-    },
-    "error-ex": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.1.tgz",
-      "integrity": "sha1-+FWobOYa3E6GIcPNoh56dhLDqNw=",
-      "requires": {
-        "is-arrayish": "0.2.1"
-      }
-    },
-    "es-abstract": {
-      "version": "1.7.0",
-      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.7.0.tgz",
-      "integrity": "sha1-363ndOAb/Nl/lhgCmMRJyGI/uUw=",
-      "dev": true,
-      "requires": {
-        "es-to-primitive": "1.1.1",
-        "function-bind": "1.1.0",
-        "is-callable": "1.1.3",
-        "is-regex": "1.0.4"
-      }
-    },
-    "es-to-primitive": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.1.1.tgz",
-      "integrity": "sha1-RTVSSKiJeQNLZ5Lhm7gfK3l13Q0=",
-      "dev": true,
-      "requires": {
-        "is-callable": "1.1.3",
-        "is-date-object": "1.0.1",
-        "is-symbol": "1.0.1"
-      }
-    },
-    "es6-promise": {
-      "version": "4.2.4",
-      "resolved": "https://registry.npmjs.org/es6-promise/-/es6-promise-4.2.4.tgz",
-      "integrity": "sha512-/NdNZVJg+uZgtm9eS3O6lrOLYmQag2DjdEXuPaHlZ6RuVqgqaVZfgYCepEIKsLqwdQArOPtC3XzRLqGGfT8KQQ=="
-    },
-    "es6-promisify": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/es6-promisify/-/es6-promisify-5.0.0.tgz",
-      "integrity": "sha1-UQnWLz5W6pZ8S2NQWu8IKRyKUgM=",
-      "requires": {
-        "es6-promise": "4.2.4"
-      }
-    },
-    "escape-html": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
-      "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
-    },
-    "escape-string-regexp": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
-      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
-      "dev": true
-    },
-    "eslint": {
-      "version": "4.17.0",
-      "resolved": "https://registry.npmjs.org/eslint/-/eslint-4.17.0.tgz",
-      "integrity": "sha512-AyxBUCANU/o/xC0ijGMKavo5Ls3oK6xykiOITlMdjFjrKOsqLrA7Nf5cnrDgcKrHzBirclAZt63XO7YZlVUPwA==",
-      "dev": true,
-      "requires": {
-        "ajv": "5.5.2",
-        "babel-code-frame": "6.26.0",
-        "chalk": "2.3.1",
-        "concat-stream": "1.6.0",
-        "cross-spawn": "5.1.0",
-        "debug": "3.1.0",
-        "doctrine": "2.1.0",
-        "eslint-scope": "3.7.1",
-        "eslint-visitor-keys": "1.0.0",
-        "espree": "3.5.3",
-        "esquery": "1.0.0",
-        "esutils": "2.0.2",
-        "file-entry-cache": "2.0.0",
-        "functional-red-black-tree": "1.0.1",
-        "glob": "7.1.2",
-        "globals": "11.3.0",
-        "ignore": "3.3.7",
-        "imurmurhash": "0.1.4",
-        "inquirer": "3.3.0",
-        "is-resolvable": "1.1.0",
-        "js-yaml": "3.10.0",
-        "json-stable-stringify-without-jsonify": "1.0.1",
-        "levn": "0.3.0",
-        "lodash": "4.17.5",
-        "minimatch": "3.0.4",
-        "mkdirp": "0.5.1",
-        "natural-compare": "1.4.0",
-        "optionator": "0.8.2",
-        "path-is-inside": "1.0.2",
-        "pluralize": "7.0.0",
-        "progress": "2.0.0",
-        "require-uncached": "1.0.3",
-        "semver": "5.5.0",
-        "strip-ansi": "4.0.0",
-        "strip-json-comments": "2.0.1",
-        "table": "4.0.2",
-        "text-table": "0.2.0"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "debug": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-          "dev": true,
-          "requires": {
-            "ms": "2.0.0"
-          }
-        },
-        "glob": {
-          "version": "7.1.2",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
-          "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
-          "dev": true,
-          "requires": {
-            "fs.realpath": "1.0.0",
-            "inflight": "1.0.6",
-            "inherits": "2.0.3",
-            "minimatch": "3.0.4",
-            "once": "1.4.0",
-            "path-is-absolute": "1.0.1"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "3.0.0"
-          }
-        }
-      }
-    },
-    "eslint-scope": {
-      "version": "3.7.1",
-      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-3.7.1.tgz",
-      "integrity": "sha1-PWPD7f2gLgbgGkUq2IyqzHzctug=",
-      "dev": true,
-      "requires": {
-        "esrecurse": "4.2.0",
-        "estraverse": "4.2.0"
-      }
-    },
-    "eslint-visitor-keys": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
-      "integrity": "sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==",
-      "dev": true
-    },
-    "espree": {
-      "version": "3.5.3",
-      "resolved": "https://registry.npmjs.org/espree/-/espree-3.5.3.tgz",
-      "integrity": "sha512-Zy3tAJDORxQZLl2baguiRU1syPERAIg0L+JB2MWorORgTu/CplzvxS9WWA7Xh4+Q+eOQihNs/1o1Xep8cvCxWQ==",
-      "dev": true,
-      "requires": {
-        "acorn": "5.4.1",
-        "acorn-jsx": "3.0.1"
-      }
-    },
-    "esprima": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.0.tgz",
-      "integrity": "sha512-oftTcaMu/EGrEIu904mWteKIv8vMuOgGYo7EhVJJN00R/EED9DCua/xxHRdYnKtcECzVg7xOWhflvJMnqcFZjw=="
-    },
-    "esquery": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.0.0.tgz",
-      "integrity": "sha1-z7qLV9f7qT8XKYqKAGoEzaE9gPo=",
-      "dev": true,
-      "requires": {
-        "estraverse": "4.2.0"
-      }
-    },
-    "esrecurse": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.2.0.tgz",
-      "integrity": "sha1-+pVo2Y04I/mkHZHpAtyrnqblsWM=",
-      "dev": true,
-      "requires": {
-        "estraverse": "4.2.0",
-        "object-assign": "4.1.1"
-      }
-    },
-    "estraverse": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.2.0.tgz",
-      "integrity": "sha1-De4/7TH81GlhjOc0IJn8GvoL2xM=",
-      "dev": true
-    },
-    "esutils": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz",
-      "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
-      "dev": true
-    },
-    "etag": {
-      "version": "1.8.1",
-      "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
-      "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
-    },
-    "eventsource": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/eventsource/-/eventsource-1.0.5.tgz",
-      "integrity": "sha512-IzjLaND9GBK3+fBPhmvG/Yq3FhSDGHnucJCDWhNsneLlN+HX5jeaSpl3Folr2PipGmyUsd/T2Vrua+s6I2aTgQ==",
-      "dev": true,
-      "requires": {
-        "original": "1.0.0"
-      }
-    },
-    "execa": {
-      "version": "0.7.0",
-      "resolved": "https://registry.npmjs.org/execa/-/execa-0.7.0.tgz",
-      "integrity": "sha1-lEvs00zEHuMqY6n68nrVpl/Fl3c=",
-      "dev": true,
-      "requires": {
-        "cross-spawn": "5.1.0",
-        "get-stream": "3.0.0",
-        "is-stream": "1.1.0",
-        "npm-run-path": "2.0.2",
-        "p-finally": "1.0.0",
-        "signal-exit": "3.0.2",
-        "strip-eof": "1.0.0"
-      }
-    },
-    "expect": {
-      "version": "1.20.2",
-      "resolved": "https://registry.npmjs.org/expect/-/expect-1.20.2.tgz",
-      "integrity": "sha1-1Fj+TFYAQDa64yMkFqP2Nh8E+WU=",
-      "dev": true,
-      "requires": {
-        "define-properties": "1.1.2",
-        "has": "1.0.1",
-        "is-equal": "1.5.5",
-        "is-regex": "1.0.4",
-        "object-inspect": "1.2.2",
-        "object-keys": "1.0.11",
-        "tmatch": "2.0.1"
-      }
-    },
-    "express": {
-      "version": "4.16.2",
-      "resolved": "https://registry.npmjs.org/express/-/express-4.16.2.tgz",
-      "integrity": "sha1-41xt/i1kt9ygpc1PIXgb4ymeB2w=",
-      "requires": {
-        "accepts": "1.3.4",
-        "array-flatten": "1.1.1",
-        "body-parser": "1.18.2",
-        "content-disposition": "0.5.2",
-        "content-type": "1.0.4",
-        "cookie": "0.3.1",
-        "cookie-signature": "1.0.6",
-        "debug": "2.6.9",
-        "depd": "1.1.2",
-        "encodeurl": "1.0.2",
-        "escape-html": "1.0.3",
-        "etag": "1.8.1",
-        "finalhandler": "1.1.0",
-        "fresh": "0.5.2",
-        "merge-descriptors": "1.0.1",
-        "methods": "1.1.2",
-        "on-finished": "2.3.0",
-        "parseurl": "1.3.2",
-        "path-to-regexp": "0.1.7",
-        "proxy-addr": "2.0.2",
-        "qs": "6.5.1",
-        "range-parser": "1.2.0",
-        "safe-buffer": "5.1.1",
-        "send": "0.16.1",
-        "serve-static": "1.13.1",
-        "setprototypeof": "1.1.0",
-        "statuses": "1.3.1",
-        "type-is": "1.6.15",
-        "utils-merge": "1.0.1",
-        "vary": "1.1.2"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "2.6.9",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "express-async-errors": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/express-async-errors/-/express-async-errors-2.1.0.tgz",
-      "integrity": "sha512-l32SdF88BOZ3+kpQYERtL9mMHZNFI5flBp+qJeGT6Jt+bz2Ch6qhqQsc1QPTvup9u0+5KmcOjZuBxLROLt49Vg==",
-      "requires": {
-        "express": "4.16.2"
-      }
-    },
-    "extend": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.1.tgz",
-      "integrity": "sha1-p1Xqe8Gt/MWjHOfnYtuq3F5jZEQ="
-    },
-    "external-editor": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.1.0.tgz",
-      "integrity": "sha512-E44iT5QVOUJBKij4IIV3uvxuNlbKS38Tw1HiupxEIHPv9qtC2PrDYohbXV5U+1jnfIXttny8gUhj+oZvflFlzA==",
-      "dev": true,
-      "requires": {
-        "chardet": "0.4.2",
-        "iconv-lite": "0.4.19",
-        "tmp": "0.0.33"
-      }
-    },
-    "extsprintf": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
-      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU="
-    },
-    "fast-deep-equal": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.0.0.tgz",
-      "integrity": "sha1-liVqO8l1WV6zbYLpkp0GDYk0Of8="
-    },
-    "fast-json-stable-stringify": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
-      "integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I="
-    },
-    "fast-levenshtein": {
-      "version": "2.0.6",
-      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
-      "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
-      "dev": true
-    },
-    "figures": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/figures/-/figures-2.0.0.tgz",
-      "integrity": "sha1-OrGi0qYsi/tDGgyUy3l6L84nyWI=",
-      "dev": true,
-      "requires": {
-        "escape-string-regexp": "1.0.5"
-      }
-    },
-    "file-entry-cache": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-2.0.0.tgz",
-      "integrity": "sha1-w5KZDD5oR4PYOLjISkXYoEhFg2E=",
-      "dev": true,
-      "requires": {
-        "flat-cache": "1.3.0",
-        "object-assign": "4.1.1"
-      }
-    },
-    "finalhandler": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.0.tgz",
-      "integrity": "sha1-zgtoVbRYU+eRsvzGgARtiCU91/U=",
-      "requires": {
-        "debug": "2.6.9",
-        "encodeurl": "1.0.2",
-        "escape-html": "1.0.3",
-        "on-finished": "2.3.0",
-        "parseurl": "1.3.2",
-        "statuses": "1.3.1",
-        "unpipe": "1.0.0"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "2.6.9",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "find-up": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
-      "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
-      "requires": {
-        "locate-path": "2.0.0"
-      }
-    },
-    "flat-cache": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-1.3.0.tgz",
-      "integrity": "sha1-0wMLMrOBVPTjt+nHCfSQ9++XxIE=",
-      "dev": true,
-      "requires": {
-        "circular-json": "0.3.3",
-        "del": "2.2.2",
-        "graceful-fs": "4.1.11",
-        "write": "0.2.1"
-      }
-    },
-    "follow-redirects": {
-      "version": "1.2.6",
-      "resolved": "https://registry.npmjs.org/follow-redirects/-/follow-redirects-1.2.6.tgz",
-      "integrity": "sha512-FrMqZ/FONtHnbqO651UPpfRUVukIEwJhXMfdr/JWAmrDbeYBu773b1J6gdWDyRIj4hvvzQEHoEOTrdR8o6KLYA==",
-      "requires": {
-        "debug": "3.1.0"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "foreach": {
-      "version": "2.0.5",
-      "resolved": "https://registry.npmjs.org/foreach/-/foreach-2.0.5.tgz",
-      "integrity": "sha1-C+4AUBiusmDQo6865ljdATbsG5k=",
-      "dev": true
-    },
-    "foreachasync": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/foreachasync/-/foreachasync-3.0.0.tgz",
-      "integrity": "sha1-VQKYfchxS+M5IJfzLgBxyd7gfPY="
-    },
-    "forever-agent": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
-      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE="
-    },
-    "form-data": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.2.tgz",
-      "integrity": "sha1-SXBJi+YEwgwAXU9cI67NIda0kJk=",
-      "requires": {
-        "asynckit": "0.4.0",
-        "combined-stream": "1.0.6",
-        "mime-types": "2.1.17"
-      }
-    },
-    "formidable": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.1.1.tgz",
-      "integrity": "sha1-lriIb3w8NQi5Mta9cMTTqI818ak=",
-      "dev": true
-    },
-    "forwarded": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
-      "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
-    },
-    "fresh": {
-      "version": "0.5.2",
-      "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
-      "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
-    },
-    "fs.realpath": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
-      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8="
-    },
-    "fstream": {
-      "version": "0.1.31",
-      "resolved": "https://registry.npmjs.org/fstream/-/fstream-0.1.31.tgz",
-      "integrity": "sha1-czfwWPu7vvqMn1YaKMqwhJICyYg=",
-      "requires": {
-        "graceful-fs": "3.0.11",
-        "inherits": "2.0.3",
-        "mkdirp": "0.5.1",
-        "rimraf": "2.6.1"
-      },
-      "dependencies": {
-        "graceful-fs": {
-          "version": "3.0.11",
-          "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-3.0.11.tgz",
-          "integrity": "sha1-dhPHeKGv6mLyXGMKCG1/Osu92Bg=",
-          "requires": {
-            "natives": "1.1.0"
-          }
-        }
-      }
-    },
-    "function-bind": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.0.tgz",
-      "integrity": "sha1-FhdnFMgBeY5Ojyz391KUZ7tKV3E="
-    },
-    "functional-red-black-tree": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
-      "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
-      "dev": true
-    },
-    "get-caller-file": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/get-caller-file/-/get-caller-file-1.0.2.tgz",
-      "integrity": "sha1-9wLmMSfn4jHBYKgMFVSstw1QR+U="
-    },
-    "get-stream": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/get-stream/-/get-stream-3.0.0.tgz",
-      "integrity": "sha1-jpQ9E1jcN1VQVOy+LtsFqhdO3hQ=",
-      "dev": true
-    },
-    "getpass": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
-      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
-      "requires": {
-        "assert-plus": "1.0.0"
-      }
-    },
-    "github": {
-      "version": "12.1.0",
-      "resolved": "https://registry.npmjs.org/github/-/github-12.1.0.tgz",
-      "integrity": "sha512-HhWjhd/OATC4Hjj7xfGjGRtwWzo/fzTc55EkvsRatI9G6Vp47mVcdBIt1lQ56A9Qit/yVQRX1+M9jbWlcJvgug==",
-      "requires": {
-        "dotenv": "4.0.0",
-        "follow-redirects": "1.2.6",
-        "https-proxy-agent": "2.1.1",
-        "lodash": "4.17.5",
-        "mime": "2.2.0",
-        "netrc": "0.1.4"
-      },
-      "dependencies": {
-        "mime": {
-          "version": "2.2.0",
-          "resolved": "https://registry.npmjs.org/mime/-/mime-2.2.0.tgz",
-          "integrity": "sha512-0Qz9uF1ATtl8RKJG4VRfOymh7PyEor6NbrI/61lRfuRe4vx9SNATrvAeTj2EWVRKjEQGskrzWkJBBY5NbaVHIA=="
-        }
-      }
-    },
-    "github-webhook-handler": {
-      "version": "0.7.1",
-      "resolved": "https://registry.npmjs.org/github-webhook-handler/-/github-webhook-handler-0.7.1.tgz",
-      "integrity": "sha512-MbNHzZ4CjMOIzhR2PN0G54nANYcgHZNcpDADIOj2xSEzwyKx7N+Rg6fhBHfSnw1Sw3/xLhr2ufZjLXGcHqHcvg==",
-      "requires": {
-        "bl": "1.1.2",
-        "buffer-equal-constant-time": "1.0.1"
-      }
-    },
-    "glob": {
-      "version": "7.1.1",
-      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.1.tgz",
-      "integrity": "sha1-gFIR3wT6rxxjo2ADBs31reULLsg=",
-      "requires": {
-        "fs.realpath": "1.0.0",
-        "inflight": "1.0.6",
-        "inherits": "2.0.3",
-        "minimatch": "3.0.4",
-        "once": "1.4.0",
-        "path-is-absolute": "1.0.1"
-      }
-    },
-    "globals": {
-      "version": "11.3.0",
-      "resolved": "https://registry.npmjs.org/globals/-/globals-11.3.0.tgz",
-      "integrity": "sha512-kkpcKNlmQan9Z5ZmgqKH/SMbSmjxQ7QjyNqfXVc8VJcoBV2UEg+sxQD15GQofGRh2hfpwUb70VC31DR7Rq5Hdw==",
-      "dev": true
-    },
-    "globby": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/globby/-/globby-5.0.0.tgz",
-      "integrity": "sha1-69hGZ8oNuzMLmbz8aOrCvFQ3Dg0=",
-      "dev": true,
-      "requires": {
-        "array-union": "1.0.2",
-        "arrify": "1.0.1",
-        "glob": "7.1.1",
-        "object-assign": "4.1.1",
-        "pify": "2.3.0",
-        "pinkie-promise": "2.0.1"
-      }
-    },
-    "graceful-fs": {
-      "version": "4.1.11",
-      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.11.tgz",
-      "integrity": "sha1-Dovf5NHduIVNZOBOp8AOKgJuVlg="
-    },
-    "handlebars": {
-      "version": "4.0.5",
-      "resolved": "https://registry.npmjs.org/handlebars/-/handlebars-4.0.5.tgz",
-      "integrity": "sha1-ksbta7FkEQxQ1NjQ+93HCAbG+Oc=",
-      "requires": {
-        "async": "1.5.2",
-        "optimist": "0.6.1",
-        "source-map": "0.4.4",
-        "uglify-js": "2.8.29"
-      },
-      "dependencies": {
-        "async": {
-          "version": "1.5.2",
-          "resolved": "https://registry.npmjs.org/async/-/async-1.5.2.tgz",
-          "integrity": "sha1-7GphrlZIDAw8skHJVhjiCJL5Zyo="
-        }
-      }
-    },
-    "har-schema": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
-      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI="
-    },
-    "har-validator": {
-      "version": "5.0.3",
-      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.0.3.tgz",
-      "integrity": "sha1-ukAsJmGU8VlW7xXg/PJCmT9qff0=",
-      "requires": {
-        "ajv": "5.5.2",
-        "har-schema": "2.0.0"
-      }
-    },
-    "has": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/has/-/has-1.0.1.tgz",
-      "integrity": "sha1-hGFzP1OLCDfJNh45qauelwTcLyg=",
-      "requires": {
-        "function-bind": "1.1.0"
-      }
-    },
-    "has-ansi": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz",
-      "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=",
-      "dev": true,
-      "requires": {
-        "ansi-regex": "2.1.1"
-      }
-    },
-    "has-flag": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
-      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
-      "dev": true
-    },
-    "hawk": {
-      "version": "6.0.2",
-      "resolved": "https://registry.npmjs.org/hawk/-/hawk-6.0.2.tgz",
-      "integrity": "sha512-miowhl2+U7Qle4vdLqDdPt9m09K6yZhkLDTWGoUiUzrQCn+mHHSmfJgAyGaLRZbPmTqfFFjRV1QWCW0VWUJBbQ==",
-      "requires": {
-        "boom": "4.3.1",
-        "cryptiles": "3.1.2",
-        "hoek": "4.2.0",
-        "sntp": "2.1.0"
-      }
-    },
-    "hbs": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/hbs/-/hbs-4.0.1.tgz",
-      "integrity": "sha1-S/2YZQ3IydrESzyprfnAmOi8M7Y=",
-      "requires": {
-        "handlebars": "4.0.5",
-        "walk": "2.3.9"
-      }
-    },
-    "hoek": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/hoek/-/hoek-4.2.0.tgz",
-      "integrity": "sha512-v0XCLxICi9nPfYrS9RL8HbYnXi9obYAeLbSP00BmnZwCK9+Ih9WOjoZ8YoHCoav2csqn4FOz4Orldsy2dmDwmQ=="
-    },
-    "hosted-git-info": {
-      "version": "2.5.0",
-      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.5.0.tgz",
-      "integrity": "sha512-pNgbURSuab90KbTqvRPsseaTxOJCZBD0a7t+haSN33piP9cCM4l0CqdzAif2hUqm716UovKB2ROmiabGAKVXyg=="
-    },
-    "html-entities": {
-      "version": "1.2.1",
-      "resolved": "https://registry.npmjs.org/html-entities/-/html-entities-1.2.1.tgz",
-      "integrity": "sha1-DfKTUfByEWNRXfueVUPl9u7VFi8="
-    },
-    "http-errors": {
-      "version": "1.6.2",
-      "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.6.2.tgz",
-      "integrity": "sha1-CgAsyFcHGSp+eUbO7cERVfYOxzY=",
-      "requires": {
-        "depd": "1.1.1",
-        "inherits": "2.0.3",
-        "setprototypeof": "1.0.3",
-        "statuses": "1.3.1"
-      },
-      "dependencies": {
-        "depd": {
-          "version": "1.1.1",
-          "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.1.tgz",
-          "integrity": "sha1-V4O04cRZ8G+lyif5kfPQbnoxA1k="
-        },
-        "setprototypeof": {
-          "version": "1.0.3",
-          "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.0.3.tgz",
-          "integrity": "sha1-ZlZ+NwQ+608E2RvWWMDL77VbjgQ="
-        }
-      }
-    },
-    "http-signature": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
-      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
-      "requires": {
-        "assert-plus": "1.0.0",
-        "jsprim": "1.4.1",
-        "sshpk": "1.13.1"
-      }
-    },
-    "https-proxy-agent": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/https-proxy-agent/-/https-proxy-agent-2.1.1.tgz",
-      "integrity": "sha512-LK6tQUR/VOkTI6ygAfWUKKP95I+e6M1h7N3PncGu1CATHCnex+CAv9ttR0lbHu1Uk2PXm/WoAHFo6JCGwMjVMw==",
-      "requires": {
-        "agent-base": "4.2.0",
-        "debug": "3.1.0"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "iconv-lite": {
-      "version": "0.4.19",
-      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.19.tgz",
-      "integrity": "sha512-oTZqweIP51xaGPI4uPa56/Pri/480R+mo7SeU+YETByQNhDG55ycFyNLIgta9vXhILrxXDmF7ZGhqZIcuN0gJQ=="
-    },
-    "ignore": {
-      "version": "3.3.7",
-      "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.7.tgz",
-      "integrity": "sha512-YGG3ejvBNHRqu0559EOxxNFihD0AjpvHlC/pdGKd3X3ofe+CoJkYazwNJYTNebqpPKN+VVQbh4ZFn1DivMNuHA==",
-      "dev": true
-    },
-    "imurmurhash": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
-      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
-      "dev": true
-    },
-    "inflight": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
-      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
-      "requires": {
-        "once": "1.4.0",
-        "wrappy": "1.0.2"
-      }
-    },
-    "inherits": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
-      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
-    },
-    "inquirer": {
-      "version": "3.3.0",
-      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-3.3.0.tgz",
-      "integrity": "sha512-h+xtnyk4EwKvFWHrUYsWErEVR+igKtLdchu+o0Z1RL7VU/jVMFbYir2bp6bAj8efFNxWqHX0dIss6fJQ+/+qeQ==",
-      "dev": true,
-      "requires": {
-        "ansi-escapes": "3.0.0",
-        "chalk": "2.3.1",
-        "cli-cursor": "2.1.0",
-        "cli-width": "2.2.0",
-        "external-editor": "2.1.0",
-        "figures": "2.0.0",
-        "lodash": "4.17.5",
-        "mute-stream": "0.0.7",
-        "run-async": "2.3.0",
-        "rx-lite": "4.0.8",
-        "rx-lite-aggregates": "4.0.8",
-        "string-width": "2.1.1",
-        "strip-ansi": "4.0.0",
-        "through": "2.3.8"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
-          "dev": true
-        },
-        "string-width": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
-          "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
-          "dev": true,
-          "requires": {
-            "is-fullwidth-code-point": "2.0.0",
-            "strip-ansi": "4.0.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "3.0.0"
-          }
-        }
-      }
-    },
-    "invert-kv": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/invert-kv/-/invert-kv-1.0.0.tgz",
-      "integrity": "sha1-EEqOSqym09jNFXqO+L+rLXo//bY="
-    },
-    "ipaddr.js": {
-      "version": "1.5.2",
-      "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.5.2.tgz",
-      "integrity": "sha1-1LUFvemUaYfM8PxY2QEP+WB+P6A="
-    },
-    "is-alphabetical": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-alphabetical/-/is-alphabetical-1.0.0.tgz",
-      "integrity": "sha1-4lRMEwWCVfIUTLdXBmzTNCocjEY="
-    },
-    "is-alphanumeric": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-alphanumeric/-/is-alphanumeric-1.0.0.tgz",
-      "integrity": "sha1-Spzvcdr0wAHB2B1j0UDPU/1oifQ="
-    },
-    "is-alphanumerical": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-alphanumerical/-/is-alphanumerical-1.0.0.tgz",
-      "integrity": "sha1-4GSS5xnBvxXewjnk8a9fZ7TW578=",
-      "requires": {
-        "is-alphabetical": "1.0.0",
-        "is-decimal": "1.0.0"
-      }
-    },
-    "is-arrayish": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
-      "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0="
-    },
-    "is-arrow-function": {
-      "version": "2.0.3",
-      "resolved": "https://registry.npmjs.org/is-arrow-function/-/is-arrow-function-2.0.3.tgz",
-      "integrity": "sha1-Kb4sLY2UUIUri7r7Y1unuNjofsI=",
-      "dev": true,
-      "requires": {
-        "is-callable": "1.1.3"
-      }
-    },
-    "is-boolean-object": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-boolean-object/-/is-boolean-object-1.0.0.tgz",
-      "integrity": "sha1-mPiygDBoQhmpXzdc+9iM40Bd/5M=",
-      "dev": true
-    },
-    "is-buffer": {
-      "version": "1.1.5",
-      "resolved": "https://registry.npmjs.org/is-buffer/-/is-buffer-1.1.5.tgz",
-      "integrity": "sha1-Hzsm72E7IUuIy8ojzGwB2Hlh7sw="
-    },
-    "is-builtin-module": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz",
-      "integrity": "sha1-VAVy0096wxGfj3bDDLwbHgN6/74=",
-      "requires": {
-        "builtin-modules": "1.1.1"
-      }
-    },
-    "is-callable": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.1.3.tgz",
-      "integrity": "sha1-hut1OSgF3cM69xySoO7fdO52BLI=",
-      "dev": true
-    },
-    "is-date-object": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.1.tgz",
-      "integrity": "sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY=",
-      "dev": true
-    },
-    "is-decimal": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-decimal/-/is-decimal-1.0.0.tgz",
-      "integrity": "sha1-lAV5tupjxigICmnmK9qIyEcLT+A="
-    },
-    "is-equal": {
-      "version": "1.5.5",
-      "resolved": "https://registry.npmjs.org/is-equal/-/is-equal-1.5.5.tgz",
-      "integrity": "sha1-XoXxlX4FKIMkf+s4aWWju6Ffuz0=",
-      "dev": true,
-      "requires": {
-        "has": "1.0.1",
-        "is-arrow-function": "2.0.3",
-        "is-boolean-object": "1.0.0",
-        "is-callable": "1.1.3",
-        "is-date-object": "1.0.1",
-        "is-generator-function": "1.0.6",
-        "is-number-object": "1.0.3",
-        "is-regex": "1.0.4",
-        "is-string": "1.0.4",
-        "is-symbol": "1.0.1",
-        "object.entries": "1.0.4"
-      }
-    },
-    "is-fullwidth-code-point": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-1.0.0.tgz",
-      "integrity": "sha1-754xOG8DGn8NZDr4L95QxFfvAMs=",
-      "requires": {
-        "number-is-nan": "1.0.1"
-      }
-    },
-    "is-generator-function": {
-      "version": "1.0.6",
-      "resolved": "https://registry.npmjs.org/is-generator-function/-/is-generator-function-1.0.6.tgz",
-      "integrity": "sha1-nnFlPNFf/zQcecQVFGChMdMen8Q=",
-      "dev": true
-    },
-    "is-hexadecimal": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-hexadecimal/-/is-hexadecimal-1.0.0.tgz",
-      "integrity": "sha1-XEWXcdKvmi45Ungf1U/LG8/kETw="
-    },
-    "is-number-object": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/is-number-object/-/is-number-object-1.0.3.tgz",
-      "integrity": "sha1-8mWrian0RQNO9q/xWo8AsA9VF5k=",
-      "dev": true
-    },
-    "is-path-cwd": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-1.0.0.tgz",
-      "integrity": "sha1-0iXsIxMuie3Tj9p2dHLmLmXxEG0=",
-      "dev": true
-    },
-    "is-path-in-cwd": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-path-in-cwd/-/is-path-in-cwd-1.0.0.tgz",
-      "integrity": "sha1-ZHdYK4IU1gI0YJRWcAO+ip6sBNw=",
-      "dev": true,
-      "requires": {
-        "is-path-inside": "1.0.1"
-      }
-    },
-    "is-path-inside": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-1.0.1.tgz",
-      "integrity": "sha1-jvW33lBDej/cprToZe96pVy0gDY=",
-      "dev": true,
-      "requires": {
-        "path-is-inside": "1.0.2"
-      }
-    },
-    "is-plain-obj": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-plain-obj/-/is-plain-obj-1.1.0.tgz",
-      "integrity": "sha1-caUMhCnfync8kqOQpKA7OfzVHT4="
-    },
-    "is-promise": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.1.0.tgz",
-      "integrity": "sha1-eaKp7OfwlugPNtKy87wWwf9L8/o=",
-      "dev": true
-    },
-    "is-regex": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.0.4.tgz",
-      "integrity": "sha1-VRdIm1RwkbCTDglWVM7SXul+lJE=",
-      "dev": true,
-      "requires": {
-        "has": "1.0.1"
-      }
-    },
-    "is-resolvable": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-resolvable/-/is-resolvable-1.1.0.tgz",
-      "integrity": "sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==",
-      "dev": true
-    },
-    "is-stream": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz",
-      "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=",
-      "dev": true
-    },
-    "is-string": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/is-string/-/is-string-1.0.4.tgz",
-      "integrity": "sha1-zDqbaYV9Yh6WNyWiTK7shzuCbmQ=",
-      "dev": true
-    },
-    "is-symbol": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.1.tgz",
-      "integrity": "sha1-PMWfAAJRlLarLjjbrmaJJWtmBXI=",
-      "dev": true
-    },
-    "is-typedarray": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
-      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo="
-    },
-    "is-utf8": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/is-utf8/-/is-utf8-0.2.1.tgz",
-      "integrity": "sha1-Sw2hRCEE0bM2NA6AeX6GXPOffXI="
-    },
-    "is-whitespace-character": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-whitespace-character/-/is-whitespace-character-1.0.0.tgz",
-      "integrity": "sha1-u/SoN2Tq0NRRvsKlUhjpGWGtwnU="
-    },
-    "is-word-character": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/is-word-character/-/is-word-character-1.0.0.tgz",
-      "integrity": "sha1-o6nl3a1wxcLuNvSpz8mlP0RTUkc="
-    },
-    "isarray": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
-      "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
-    },
-    "isexe": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
-      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
-      "dev": true
-    },
-    "isstream": {
-      "version": "0.1.2",
-      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
-      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo="
-    },
-    "js-tokens": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
-      "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
-      "dev": true
-    },
-    "js-yaml": {
-      "version": "3.10.0",
-      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.10.0.tgz",
-      "integrity": "sha512-O2v52ffjLa9VeM43J4XocZE//WT9N0IiwDa3KSHH7Tu8CtH+1qM8SIZvnsTh6v+4yFy5KUY3BHUVwjpfAWsjIA==",
-      "requires": {
-        "argparse": "1.0.9",
-        "esprima": "4.0.0"
-      }
-    },
-    "jsbn": {
-      "version": "0.1.1",
-      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
-      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM=",
-      "optional": true
-    },
-    "json-parse-better-errors": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.1.tgz",
-      "integrity": "sha512-xyQpxeWWMKyJps9CuGJYeng6ssI5bpqS9ltQpdVQ90t4ql6NdnxFKh95JcRt2cun/DjMVNrdjniLPuMA69xmCw=="
-    },
-    "json-schema": {
-      "version": "0.2.3",
-      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.2.3.tgz",
-      "integrity": "sha1-tIDIkuWaLwWVTOcnvT8qTogvnhM="
-    },
-    "json-schema-traverse": {
-      "version": "0.3.1",
-      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",
-      "integrity": "sha1-NJptRMU6Ud6JtAgFxdXlm0F9M0A="
-    },
-    "json-stable-stringify-without-jsonify": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
-      "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=",
-      "dev": true
-    },
-    "json-stringify-safe": {
-      "version": "5.0.1",
-      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
-      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
-    },
-    "jsonwebtoken": {
-      "version": "8.1.1",
-      "resolved": "https://registry.npmjs.org/jsonwebtoken/-/jsonwebtoken-8.1.1.tgz",
-      "integrity": "sha512-+ijVOtfLMlCII8LJkvabaKX3+8tGrGjiCTfzoed2D1b/ebKTO1hIYBQUJHbd9dJ9Fa4kH+dhYEd1qDwyzDLUUw==",
-      "requires": {
-        "jws": "3.1.4",
-        "lodash.includes": "4.3.0",
-        "lodash.isboolean": "3.0.3",
-        "lodash.isinteger": "4.0.4",
-        "lodash.isnumber": "3.0.3",
-        "lodash.isplainobject": "4.0.6",
-        "lodash.isstring": "4.0.1",
-        "lodash.once": "4.1.1",
-        "ms": "2.1.1",
-        "xtend": "4.0.1"
-      },
-      "dependencies": {
-        "ms": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
-          "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
-        }
-      }
-    },
-    "jsprim": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.1.tgz",
-      "integrity": "sha1-MT5mvB5cwG5Di8G3SZwuXFastqI=",
-      "requires": {
-        "assert-plus": "1.0.0",
-        "extsprintf": "1.3.0",
-        "json-schema": "0.2.3",
-        "verror": "1.10.0"
-      }
-    },
-    "just-extend": {
-      "version": "1.1.27",
-      "resolved": "https://registry.npmjs.org/just-extend/-/just-extend-1.1.27.tgz",
-      "integrity": "sha512-mJVp13Ix6gFo3SBAy9U/kL+oeZqzlYYYLQBwXVBlVzIsZwBqGREnOro24oC/8s8aox+rJhtZ2DiQof++IrkA+g==",
-      "dev": true
-    },
-    "jwa": {
-      "version": "1.1.5",
-      "resolved": "https://registry.npmjs.org/jwa/-/jwa-1.1.5.tgz",
-      "integrity": "sha1-oFUs4CIHQs1S4VN3SjKQXDDnVuU=",
-      "requires": {
-        "base64url": "2.0.0",
-        "buffer-equal-constant-time": "1.0.1",
-        "ecdsa-sig-formatter": "1.0.9",
-        "safe-buffer": "5.1.1"
-      }
-    },
-    "jws": {
-      "version": "3.1.4",
-      "resolved": "https://registry.npmjs.org/jws/-/jws-3.1.4.tgz",
-      "integrity": "sha1-+ei5M46KhHJ31kRLFGT2GIDgUKI=",
-      "requires": {
-        "base64url": "2.0.0",
-        "jwa": "1.1.5",
-        "safe-buffer": "5.1.1"
-      }
-    },
-    "kind-of": {
-      "version": "3.2.2",
-      "resolved": "https://registry.npmjs.org/kind-of/-/kind-of-3.2.2.tgz",
-      "integrity": "sha1-MeohpzS6ubuw8yRm2JOupR5KPGQ=",
-      "requires": {
-        "is-buffer": "1.1.5"
-      }
-    },
-    "lazy-cache": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/lazy-cache/-/lazy-cache-1.0.4.tgz",
-      "integrity": "sha1-odePw6UEdMuAhF07O24dpJpEbo4=",
-      "optional": true
-    },
-    "lcid": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/lcid/-/lcid-1.0.0.tgz",
-      "integrity": "sha1-MIrMr6C8SDo4Z7S28rlQYlHRuDU=",
-      "requires": {
-        "invert-kv": "1.0.0"
-      }
-    },
-    "levn": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
-      "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=",
-      "dev": true,
-      "requires": {
-        "prelude-ls": "1.1.2",
-        "type-check": "0.3.2"
-      }
-    },
-    "load-json-file": {
-      "version": "4.0.0",
-      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-4.0.0.tgz",
-      "integrity": "sha1-L19Fq5HjMhYjT9U62rZo607AmTs=",
-      "requires": {
-        "graceful-fs": "4.1.11",
-        "parse-json": "4.0.0",
-        "pify": "3.0.0",
-        "strip-bom": "3.0.0"
-      },
-      "dependencies": {
-        "parse-json": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
-          "integrity": "sha1-vjX1Qlvh9/bHRxhPmKeIy5lHfuA=",
-          "requires": {
-            "error-ex": "1.3.1",
-            "json-parse-better-errors": "1.0.1"
-          }
-        },
-        "pify": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
-          "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY="
-        },
-        "strip-bom": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
-          "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM="
-        }
-      }
-    },
-    "locate-path": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz",
-      "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=",
-      "requires": {
-        "p-locate": "2.0.0",
-        "path-exists": "3.0.0"
-      }
-    },
-    "lodash": {
-      "version": "4.17.5",
-      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.5.tgz",
-      "integrity": "sha512-svL3uiZf1RwhH+cWrfZn3A4+U58wbP0tGVTLQPbjplZxZ8ROD9VLuNgsRniTlLe7OlSqR79RUehXgpBW/s0IQw=="
-    },
-    "lodash.assign": {
-      "version": "4.2.0",
-      "resolved": "https://registry.npmjs.org/lodash.assign/-/lodash.assign-4.2.0.tgz",
-      "integrity": "sha1-DZnzzNem0mHRm9rrkkUAXShYCOc="
-    },
-    "lodash.get": {
-      "version": "4.4.2",
-      "resolved": "https://registry.npmjs.org/lodash.get/-/lodash.get-4.4.2.tgz",
-      "integrity": "sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=",
-      "dev": true
-    },
-    "lodash.includes": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/lodash.includes/-/lodash.includes-4.3.0.tgz",
-      "integrity": "sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8="
-    },
-    "lodash.isboolean": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz",
-      "integrity": "sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY="
-    },
-    "lodash.isinteger": {
-      "version": "4.0.4",
-      "resolved": "https://registry.npmjs.org/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz",
-      "integrity": "sha1-YZwK89A/iwTDH1iChAt3sRzWg0M="
-    },
-    "lodash.isnumber": {
-      "version": "3.0.3",
-      "resolved": "https://registry.npmjs.org/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz",
-      "integrity": "sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w="
-    },
-    "lodash.isplainobject": {
-      "version": "4.0.6",
-      "resolved": "https://registry.npmjs.org/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz",
-      "integrity": "sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs="
-    },
-    "lodash.isstring": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/lodash.isstring/-/lodash.isstring-4.0.1.tgz",
-      "integrity": "sha1-1SfftUVuynzJu5XV2ur4i6VKVFE="
-    },
-    "lodash.omit": {
-      "version": "4.5.0",
-      "resolved": "https://registry.npmjs.org/lodash.omit/-/lodash.omit-4.5.0.tgz",
-      "integrity": "sha1-brGa5aHuHdnfC5aeZs4Lf6MLXmA="
-    },
-    "lodash.once": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/lodash.once/-/lodash.once-4.1.1.tgz",
-      "integrity": "sha1-DdOXEhPHxW34gJd9UEyI+0cal6w="
-    },
-    "lolex": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/lolex/-/lolex-2.3.2.tgz",
-      "integrity": "sha512-A5pN2tkFj7H0dGIAM6MFvHKMJcPnjZsOMvR7ujCjfgW5TbV6H9vb1PgxLtHvjqNZTHsUolz+6/WEO0N1xNx2ng==",
-      "dev": true
-    },
-    "longest": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/longest/-/longest-1.0.1.tgz",
-      "integrity": "sha1-MKCy2jj3N3DoKUoNIuZiXtd9AJc="
-    },
-    "longest-streak": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/longest-streak/-/longest-streak-2.0.1.tgz",
-      "integrity": "sha1-QtKRtUEeQDZcAOYxk0l+IkcxbjU="
-    },
-    "lru-cache": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.1.tgz",
-      "integrity": "sha512-q4spe4KTfsAS1SUHLO0wz8Qiyf1+vMIAgpRYioFYDMNqKfHQbg+AVDH3i4fvpl71/P1L0dBl+fQi+P37UYf0ew==",
-      "dev": true,
-      "requires": {
-        "pseudomap": "1.0.2",
-        "yallist": "2.1.2"
-      }
-    },
-    "markdown-escapes": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/markdown-escapes/-/markdown-escapes-1.0.0.tgz",
-      "integrity": "sha1-yMoZ8dlNaCRZ4Kk8htsnp+9xayM="
-    },
-    "markdown-table": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/markdown-table/-/markdown-table-1.1.0.tgz",
-      "integrity": "sha1-H1rmFlnO2ICNiCVUwy6LPzjdEUM="
-    },
-    "match-stream": {
-      "version": "0.0.2",
-      "resolved": "https://registry.npmjs.org/match-stream/-/match-stream-0.0.2.tgz",
-      "integrity": "sha1-mesFAJOzTf+t5CG5rAtBCpz6F88=",
-      "requires": {
-        "buffers": "0.1.1",
-        "readable-stream": "1.0.34"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-        },
-        "readable-stream": {
-          "version": "1.0.34",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
-          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-          "requires": {
-            "core-util-is": "1.0.2",
-            "inherits": "2.0.3",
-            "isarray": "0.0.1",
-            "string_decoder": "0.10.31"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
-      }
-    },
-    "md5": {
-      "version": "2.2.1",
-      "resolved": "https://registry.npmjs.org/md5/-/md5-2.2.1.tgz",
-      "integrity": "sha1-U6s41f48iJG6RlMp6iP6wFQBJvk=",
-      "requires": {
-        "charenc": "0.0.2",
-        "crypt": "0.0.2",
-        "is-buffer": "1.1.5"
-      }
-    },
-    "mdast-util-compact": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/mdast-util-compact/-/mdast-util-compact-1.0.1.tgz",
-      "integrity": "sha1-zbX4TitqLTEU3zO9BdnLMuPECDo=",
-      "requires": {
-        "unist-util-modify-children": "1.1.1",
-        "unist-util-visit": "1.1.3"
-      }
-    },
-    "media-typer": {
-      "version": "0.3.0",
-      "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
-      "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
-    },
-    "mem": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/mem/-/mem-1.1.0.tgz",
-      "integrity": "sha1-Xt1StIXKHZAP5kiVUFOZoN+kX3Y=",
-      "dev": true,
-      "requires": {
-        "mimic-fn": "1.2.0"
-      }
-    },
-    "merge-descriptors": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
-      "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
-    },
-    "methods": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
-      "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
-    },
-    "mime": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/mime/-/mime-1.4.1.tgz",
-      "integrity": "sha512-KI1+qOZu5DcW6wayYHSzR/tXKCDC5Om4s1z2QJjDULzLcmf3DvzS7oluY4HCTrc+9FiKmWUgeNLg7W3uIQvxtQ=="
-    },
-    "mime-db": {
-      "version": "1.30.0",
-      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.30.0.tgz",
-      "integrity": "sha1-dMZD2i3Z1qRTmZY0ZbJtXKfXHwE="
-    },
-    "mime-types": {
-      "version": "2.1.17",
-      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.17.tgz",
-      "integrity": "sha1-Cdejk/A+mVp5+K+Fe3Cp4KsWVXo=",
-      "requires": {
-        "mime-db": "1.30.0"
-      }
-    },
-    "mimic-fn": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz",
-      "integrity": "sha512-jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ==",
-      "dev": true
-    },
-    "minimatch": {
-      "version": "3.0.4",
-      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
-      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
-      "requires": {
-        "brace-expansion": "1.1.11"
-      }
-    },
-    "minimist": {
-      "version": "0.0.8",
-      "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
-      "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0="
-    },
-    "mkdirp": {
-      "version": "0.5.1",
-      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
-      "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
-      "requires": {
-        "minimist": "0.0.8"
-      }
-    },
-    "moment": {
-      "version": "2.20.1",
-      "resolved": "https://registry.npmjs.org/moment/-/moment-2.20.1.tgz",
-      "integrity": "sha512-Yh9y73JRljxW5QxN08Fner68eFLxM5ynNOAw2LbIB1YAGeQzZT8QFSUvkAz609Zf+IHhhaUxqZK8dG3W/+HEvg==",
-      "optional": true
-    },
-    "morgan": {
-      "version": "1.9.0",
-      "resolved": "https://registry.npmjs.org/morgan/-/morgan-1.9.0.tgz",
-      "integrity": "sha1-0B+mxlhZt2/PMbPLU6OCGjEdgFE=",
-      "dev": true,
-      "requires": {
-        "basic-auth": "2.0.0",
-        "debug": "2.6.9",
-        "depd": "1.1.2",
-        "on-finished": "2.3.0",
-        "on-headers": "1.0.1"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "2.6.9",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-          "dev": true,
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "ms": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
-      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
-    },
-    "mute-stream": {
-      "version": "0.0.7",
-      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
-      "integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s=",
-      "dev": true
-    },
-    "mv": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/mv/-/mv-2.1.1.tgz",
-      "integrity": "sha1-rmzg1vbV4KT32JN5jQPB6pVZtqI=",
-      "optional": true,
-      "requires": {
-        "mkdirp": "0.5.1",
-        "ncp": "2.0.0",
-        "rimraf": "2.4.5"
-      },
-      "dependencies": {
-        "glob": {
-          "version": "6.0.4",
-          "resolved": "https://registry.npmjs.org/glob/-/glob-6.0.4.tgz",
-          "integrity": "sha1-DwiGD2oVUSey+t1PnOJLGqtuTSI=",
-          "optional": true,
-          "requires": {
-            "inflight": "1.0.6",
-            "inherits": "2.0.3",
-            "minimatch": "3.0.4",
-            "once": "1.4.0",
-            "path-is-absolute": "1.0.1"
-          }
-        },
-        "rimraf": {
-          "version": "2.4.5",
-          "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.4.5.tgz",
-          "integrity": "sha1-7nEM5dk6j9uFb7Xqj/Di11k0sto=",
-          "optional": true,
-          "requires": {
-            "glob": "6.0.4"
-          }
-        }
-      }
-    },
-    "nan": {
-      "version": "2.8.0",
-      "resolved": "https://registry.npmjs.org/nan/-/nan-2.8.0.tgz",
-      "integrity": "sha1-7XFfP+neArV6XmJS2QqWZ14fCFo=",
-      "optional": true
-    },
-    "natives": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/natives/-/natives-1.1.0.tgz",
-      "integrity": "sha1-6f+EFBimsux6SV6TmYT3jxY+bjE="
-    },
-    "natural-compare": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
-      "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=",
-      "dev": true
-    },
-    "ncp": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/ncp/-/ncp-2.0.0.tgz",
-      "integrity": "sha1-GVoh1sRuNh0vsSgbo4uR6d9727M=",
-      "optional": true
-    },
-    "negotiator": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.1.tgz",
-      "integrity": "sha1-KzJxhOiZIQEXeyhWP7XnECrNDKk="
-    },
-    "netrc": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/netrc/-/netrc-0.1.4.tgz",
-      "integrity": "sha1-a+lPysqNd63gqWcNxGCRTJRHJEQ="
-    },
-    "nise": {
-      "version": "1.2.5",
-      "resolved": "https://registry.npmjs.org/nise/-/nise-1.2.5.tgz",
-      "integrity": "sha512-Es4hGuq3lpip5PckrB+Qpuma282M0UJANJ+jxAgI+0wWTL9X6MtNv+M385JgqsAE8hv6NvD3lv8CQtXgEnvlpQ==",
-      "dev": true,
-      "requires": {
-        "@sinonjs/formatio": "2.0.0",
-        "just-extend": "1.1.27",
-        "lolex": "2.3.2",
-        "path-to-regexp": "1.7.0",
-        "text-encoding": "0.6.4"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8=",
-          "dev": true
-        },
-        "path-to-regexp": {
-          "version": "1.7.0",
-          "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-1.7.0.tgz",
-          "integrity": "sha1-Wf3g9DW62suhA6hOnTvGTpa5k30=",
-          "dev": true,
-          "requires": {
-            "isarray": "0.0.1"
-          }
-        }
-      }
-    },
-    "normalize-package-data": {
-      "version": "2.4.0",
-      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz",
-      "integrity": "sha512-9jjUFbTPfEy3R/ad/2oNbKtW9Hgovl5O1FvFWKkKblNXoN/Oou6+9+KKohPK13Yc3/TyunyWhJp6gvRNR/PPAw==",
-      "requires": {
-        "hosted-git-info": "2.5.0",
-        "is-builtin-module": "1.0.0",
-        "semver": "5.5.0",
-        "validate-npm-package-license": "3.0.1"
-      }
-    },
-    "npm-run-path": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/npm-run-path/-/npm-run-path-2.0.2.tgz",
-      "integrity": "sha1-NakjLfo11wZ7TLLd8jV7GHFTbF8=",
-      "dev": true,
-      "requires": {
-        "path-key": "2.0.1"
-      }
-    },
-    "number-is-nan": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/number-is-nan/-/number-is-nan-1.0.1.tgz",
-      "integrity": "sha1-CXtgK1NCKlIsGvuHkDGDNpQaAR0="
-    },
-    "nyc": {
-      "version": "11.4.1",
-      "resolved": "https://registry.npmjs.org/nyc/-/nyc-11.4.1.tgz",
-      "integrity": "sha512-5eCZpvaksFVjP2rt1r60cfXmt3MUtsQDw8bAzNqNEr4WLvUMLgiVENMf/B9bE9YAX0mGVvaGA3v9IS9ekNqB1Q==",
-      "dev": true,
-      "requires": {
-        "archy": "1.0.0",
-        "arrify": "1.0.1",
-        "caching-transform": "1.0.1",
-        "convert-source-map": "1.5.1",
-        "debug-log": "1.0.1",
-        "default-require-extensions": "1.0.0",
-        "find-cache-dir": "0.1.1",
-        "find-up": "2.1.0",
-        "foreground-child": "1.5.6",
-        "glob": "7.1.2",
-        "istanbul-lib-coverage": "1.1.1",
-        "istanbul-lib-hook": "1.1.0",
-        "istanbul-lib-instrument": "1.9.1",
-        "istanbul-lib-report": "1.1.2",
-        "istanbul-lib-source-maps": "1.2.2",
-        "istanbul-reports": "1.1.3",
-        "md5-hex": "1.3.0",
-        "merge-source-map": "1.0.4",
-        "micromatch": "2.3.11",
-        "mkdirp": "0.5.1",
-        "resolve-from": "2.0.0",
-        "rimraf": "2.6.2",
-        "signal-exit": "3.0.2",
-        "spawn-wrap": "1.4.2",
-        "test-exclude": "4.1.1",
-        "yargs": "10.0.3",
-        "yargs-parser": "8.0.0"
-      },
-      "dependencies": {
-        "align-text": {
-          "version": "0.1.4",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "kind-of": "3.2.2",
-            "longest": "1.0.1",
-            "repeat-string": "1.6.1"
-          }
-        },
-        "amdefine": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "ansi-regex": {
-          "version": "2.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "ansi-styles": {
-          "version": "2.2.1",
-          "bundled": true,
-          "dev": true
-        },
-        "append-transform": {
-          "version": "0.4.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "default-require-extensions": "1.0.0"
-          }
-        },
-        "archy": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "arr-diff": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "arr-flatten": "1.1.0"
-          }
-        },
-        "arr-flatten": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true
-        },
-        "array-unique": {
-          "version": "0.2.1",
-          "bundled": true,
-          "dev": true
-        },
-        "arrify": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "async": {
-          "version": "1.5.2",
-          "bundled": true,
-          "dev": true
-        },
-        "babel-code-frame": {
-          "version": "6.26.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "chalk": "1.1.3",
-            "esutils": "2.0.2",
-            "js-tokens": "3.0.2"
-          }
-        },
-        "babel-generator": {
-          "version": "6.26.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "babel-messages": "6.23.0",
-            "babel-runtime": "6.26.0",
-            "babel-types": "6.26.0",
-            "detect-indent": "4.0.0",
-            "jsesc": "1.3.0",
-            "lodash": "4.17.4",
-            "source-map": "0.5.7",
-            "trim-right": "1.0.1"
-          }
-        },
-        "babel-messages": {
-          "version": "6.23.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "babel-runtime": "6.26.0"
-          }
-        },
-        "babel-runtime": {
-          "version": "6.26.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "core-js": "2.5.3",
-            "regenerator-runtime": "0.11.1"
-          }
-        },
-        "babel-template": {
-          "version": "6.26.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "babel-runtime": "6.26.0",
-            "babel-traverse": "6.26.0",
-            "babel-types": "6.26.0",
-            "babylon": "6.18.0",
-            "lodash": "4.17.4"
-          }
-        },
-        "babel-traverse": {
-          "version": "6.26.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "babel-code-frame": "6.26.0",
-            "babel-messages": "6.23.0",
-            "babel-runtime": "6.26.0",
-            "babel-types": "6.26.0",
-            "babylon": "6.18.0",
-            "debug": "2.6.9",
-            "globals": "9.18.0",
-            "invariant": "2.2.2",
-            "lodash": "4.17.4"
-          }
-        },
-        "babel-types": {
-          "version": "6.26.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "babel-runtime": "6.26.0",
-            "esutils": "2.0.2",
-            "lodash": "4.17.4",
-            "to-fast-properties": "1.0.3"
-          }
-        },
-        "babylon": {
-          "version": "6.18.0",
-          "bundled": true,
-          "dev": true
-        },
-        "balanced-match": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "brace-expansion": {
-          "version": "1.1.8",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "balanced-match": "1.0.0",
-            "concat-map": "0.0.1"
-          }
-        },
-        "braces": {
-          "version": "1.8.5",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "expand-range": "1.8.2",
-            "preserve": "0.2.0",
-            "repeat-element": "1.1.2"
-          }
-        },
-        "builtin-modules": {
-          "version": "1.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "caching-transform": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "md5-hex": "1.3.0",
-            "mkdirp": "0.5.1",
-            "write-file-atomic": "1.3.4"
-          }
-        },
-        "camelcase": {
-          "version": "1.2.1",
-          "bundled": true,
-          "dev": true,
-          "optional": true
-        },
-        "center-align": {
-          "version": "0.1.3",
-          "bundled": true,
-          "dev": true,
-          "optional": true,
-          "requires": {
-            "align-text": "0.1.4",
-            "lazy-cache": "1.0.4"
-          }
-        },
-        "chalk": {
-          "version": "1.1.3",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "ansi-styles": "2.2.1",
-            "escape-string-regexp": "1.0.5",
-            "has-ansi": "2.0.0",
-            "strip-ansi": "3.0.1",
-            "supports-color": "2.0.0"
-          }
-        },
-        "cliui": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "optional": true,
-          "requires": {
-            "center-align": "0.1.3",
-            "right-align": "0.1.3",
-            "wordwrap": "0.0.2"
-          },
-          "dependencies": {
-            "wordwrap": {
-              "version": "0.0.2",
-              "bundled": true,
-              "dev": true,
-              "optional": true
-            }
-          }
-        },
-        "code-point-at": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true
-        },
-        "commondir": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "concat-map": {
-          "version": "0.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "convert-source-map": {
-          "version": "1.5.1",
-          "bundled": true,
-          "dev": true
-        },
-        "core-js": {
-          "version": "2.5.3",
-          "bundled": true,
-          "dev": true
-        },
-        "cross-spawn": {
-          "version": "4.0.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "lru-cache": "4.1.1",
-            "which": "1.3.0"
-          }
-        },
-        "debug": {
-          "version": "2.6.9",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "ms": "2.0.0"
-          }
-        },
-        "debug-log": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "decamelize": {
-          "version": "1.2.0",
-          "bundled": true,
-          "dev": true
-        },
-        "default-require-extensions": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "strip-bom": "2.0.0"
-          }
-        },
-        "detect-indent": {
-          "version": "4.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "repeating": "2.0.1"
-          }
-        },
-        "error-ex": {
-          "version": "1.3.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-arrayish": "0.2.1"
-          }
-        },
-        "escape-string-regexp": {
-          "version": "1.0.5",
-          "bundled": true,
-          "dev": true
-        },
-        "esutils": {
-          "version": "2.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "execa": {
-          "version": "0.7.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "cross-spawn": "5.1.0",
-            "get-stream": "3.0.0",
-            "is-stream": "1.1.0",
-            "npm-run-path": "2.0.2",
-            "p-finally": "1.0.0",
-            "signal-exit": "3.0.2",
-            "strip-eof": "1.0.0"
-          },
-          "dependencies": {
-            "cross-spawn": {
-              "version": "5.1.0",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "lru-cache": "4.1.1",
-                "shebang-command": "1.2.0",
-                "which": "1.3.0"
-              }
-            }
-          }
-        },
-        "expand-brackets": {
-          "version": "0.1.5",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-posix-bracket": "0.1.1"
-          }
-        },
-        "expand-range": {
-          "version": "1.8.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "fill-range": "2.2.3"
-          }
-        },
-        "extglob": {
-          "version": "0.3.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-extglob": "1.0.0"
-          }
-        },
-        "filename-regex": {
-          "version": "2.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "fill-range": {
-          "version": "2.2.3",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-number": "2.1.0",
-            "isobject": "2.1.0",
-            "randomatic": "1.1.7",
-            "repeat-element": "1.1.2",
-            "repeat-string": "1.6.1"
-          }
-        },
-        "find-cache-dir": {
-          "version": "0.1.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "commondir": "1.0.1",
-            "mkdirp": "0.5.1",
-            "pkg-dir": "1.0.0"
-          }
-        },
-        "find-up": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "locate-path": "2.0.0"
-          }
-        },
-        "for-in": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "for-own": {
-          "version": "0.1.5",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "for-in": "1.0.2"
-          }
-        },
-        "foreground-child": {
-          "version": "1.5.6",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "cross-spawn": "4.0.2",
-            "signal-exit": "3.0.2"
-          }
-        },
-        "fs.realpath": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "get-caller-file": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "get-stream": {
-          "version": "3.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "glob": {
-          "version": "7.1.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "fs.realpath": "1.0.0",
-            "inflight": "1.0.6",
-            "inherits": "2.0.3",
-            "minimatch": "3.0.4",
-            "once": "1.4.0",
-            "path-is-absolute": "1.0.1"
-          }
-        },
-        "glob-base": {
-          "version": "0.3.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "glob-parent": "2.0.0",
-            "is-glob": "2.0.1"
-          }
-        },
-        "glob-parent": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-glob": "2.0.1"
-          }
-        },
-        "globals": {
-          "version": "9.18.0",
-          "bundled": true,
-          "dev": true
-        },
-        "graceful-fs": {
-          "version": "4.1.11",
-          "bundled": true,
-          "dev": true
-        },
-        "handlebars": {
-          "version": "4.0.11",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "async": "1.5.2",
-            "optimist": "0.6.1",
-            "source-map": "0.4.4",
-            "uglify-js": "2.8.29"
-          },
-          "dependencies": {
-            "source-map": {
-              "version": "0.4.4",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "amdefine": "1.0.1"
-              }
-            }
-          }
-        },
-        "has-ansi": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "ansi-regex": "2.1.1"
-          }
-        },
-        "has-flag": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "hosted-git-info": {
-          "version": "2.5.0",
-          "bundled": true,
-          "dev": true
-        },
-        "imurmurhash": {
-          "version": "0.1.4",
-          "bundled": true,
-          "dev": true
-        },
-        "inflight": {
-          "version": "1.0.6",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "once": "1.4.0",
-            "wrappy": "1.0.2"
-          }
-        },
-        "inherits": {
-          "version": "2.0.3",
-          "bundled": true,
-          "dev": true
-        },
-        "invariant": {
-          "version": "2.2.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "loose-envify": "1.3.1"
-          }
-        },
-        "invert-kv": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "is-arrayish": {
-          "version": "0.2.1",
-          "bundled": true,
-          "dev": true
-        },
-        "is-buffer": {
-          "version": "1.1.6",
-          "bundled": true,
-          "dev": true
-        },
-        "is-builtin-module": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "builtin-modules": "1.1.1"
-          }
-        },
-        "is-dotfile": {
-          "version": "1.0.3",
-          "bundled": true,
-          "dev": true
-        },
-        "is-equal-shallow": {
-          "version": "0.1.3",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-primitive": "2.0.0"
-          }
-        },
-        "is-extendable": {
-          "version": "0.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "is-extglob": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "is-finite": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "number-is-nan": "1.0.1"
-          }
-        },
-        "is-fullwidth-code-point": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "number-is-nan": "1.0.1"
-          }
-        },
-        "is-glob": {
-          "version": "2.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-extglob": "1.0.0"
-          }
-        },
-        "is-number": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "kind-of": "3.2.2"
-          }
-        },
-        "is-posix-bracket": {
-          "version": "0.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "is-primitive": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "is-stream": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true
-        },
-        "is-utf8": {
-          "version": "0.2.1",
-          "bundled": true,
-          "dev": true
-        },
-        "isarray": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "isexe": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "isobject": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "isarray": "1.0.0"
-          }
-        },
-        "istanbul-lib-coverage": {
-          "version": "1.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "istanbul-lib-hook": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "append-transform": "0.4.0"
-          }
-        },
-        "istanbul-lib-instrument": {
-          "version": "1.9.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "babel-generator": "6.26.0",
-            "babel-template": "6.26.0",
-            "babel-traverse": "6.26.0",
-            "babel-types": "6.26.0",
-            "babylon": "6.18.0",
-            "istanbul-lib-coverage": "1.1.1",
-            "semver": "5.4.1"
-          }
-        },
-        "istanbul-lib-report": {
-          "version": "1.1.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "istanbul-lib-coverage": "1.1.1",
-            "mkdirp": "0.5.1",
-            "path-parse": "1.0.5",
-            "supports-color": "3.2.3"
-          },
-          "dependencies": {
-            "supports-color": {
-              "version": "3.2.3",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "has-flag": "1.0.0"
-              }
-            }
-          }
-        },
-        "istanbul-lib-source-maps": {
-          "version": "1.2.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "debug": "3.1.0",
-            "istanbul-lib-coverage": "1.1.1",
-            "mkdirp": "0.5.1",
-            "rimraf": "2.6.2",
-            "source-map": "0.5.7"
-          },
-          "dependencies": {
-            "debug": {
-              "version": "3.1.0",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "ms": "2.0.0"
-              }
-            }
-          }
-        },
-        "istanbul-reports": {
-          "version": "1.1.3",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "handlebars": "4.0.11"
-          }
-        },
-        "js-tokens": {
-          "version": "3.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "jsesc": {
-          "version": "1.3.0",
-          "bundled": true,
-          "dev": true
-        },
-        "kind-of": {
-          "version": "3.2.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-buffer": "1.1.6"
-          }
-        },
-        "lazy-cache": {
-          "version": "1.0.4",
-          "bundled": true,
-          "dev": true,
-          "optional": true
-        },
-        "lcid": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "invert-kv": "1.0.0"
-          }
-        },
-        "load-json-file": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "graceful-fs": "4.1.11",
-            "parse-json": "2.2.0",
-            "pify": "2.3.0",
-            "pinkie-promise": "2.0.1",
-            "strip-bom": "2.0.0"
-          }
-        },
-        "locate-path": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "p-locate": "2.0.0",
-            "path-exists": "3.0.0"
-          },
-          "dependencies": {
-            "path-exists": {
-              "version": "3.0.0",
-              "bundled": true,
-              "dev": true
-            }
-          }
-        },
-        "lodash": {
-          "version": "4.17.4",
-          "bundled": true,
-          "dev": true
-        },
-        "longest": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "loose-envify": {
-          "version": "1.3.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "js-tokens": "3.0.2"
-          }
-        },
-        "lru-cache": {
-          "version": "4.1.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "pseudomap": "1.0.2",
-            "yallist": "2.1.2"
-          }
-        },
-        "md5-hex": {
-          "version": "1.3.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "md5-o-matic": "0.1.1"
-          }
-        },
-        "md5-o-matic": {
-          "version": "0.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "mem": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "mimic-fn": "1.1.0"
-          }
-        },
-        "merge-source-map": {
-          "version": "1.0.4",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "source-map": "0.5.7"
-          }
-        },
-        "micromatch": {
-          "version": "2.3.11",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "arr-diff": "2.0.0",
-            "array-unique": "0.2.1",
-            "braces": "1.8.5",
-            "expand-brackets": "0.1.5",
-            "extglob": "0.3.2",
-            "filename-regex": "2.0.1",
-            "is-extglob": "1.0.0",
-            "is-glob": "2.0.1",
-            "kind-of": "3.2.2",
-            "normalize-path": "2.1.1",
-            "object.omit": "2.0.1",
-            "parse-glob": "3.0.4",
-            "regex-cache": "0.4.4"
-          }
-        },
-        "mimic-fn": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true
-        },
-        "minimatch": {
-          "version": "3.0.4",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "brace-expansion": "1.1.8"
-          }
-        },
-        "minimist": {
-          "version": "0.0.8",
-          "bundled": true,
-          "dev": true
-        },
-        "mkdirp": {
-          "version": "0.5.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "minimist": "0.0.8"
-          }
-        },
-        "ms": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "normalize-package-data": {
-          "version": "2.4.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "hosted-git-info": "2.5.0",
-            "is-builtin-module": "1.0.0",
-            "semver": "5.4.1",
-            "validate-npm-package-license": "3.0.1"
-          }
-        },
-        "normalize-path": {
-          "version": "2.1.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "remove-trailing-separator": "1.1.0"
-          }
-        },
-        "npm-run-path": {
-          "version": "2.0.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "path-key": "2.0.1"
-          }
-        },
-        "number-is-nan": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "object-assign": {
-          "version": "4.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "object.omit": {
-          "version": "2.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "for-own": "0.1.5",
-            "is-extendable": "0.1.1"
-          }
-        },
-        "once": {
-          "version": "1.4.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "wrappy": "1.0.2"
-          }
-        },
-        "optimist": {
-          "version": "0.6.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "minimist": "0.0.8",
-            "wordwrap": "0.0.3"
-          }
-        },
-        "os-homedir": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "os-locale": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "execa": "0.7.0",
-            "lcid": "1.0.0",
-            "mem": "1.1.0"
-          }
-        },
-        "p-finally": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "p-limit": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true
-        },
-        "p-locate": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "p-limit": "1.1.0"
-          }
-        },
-        "parse-glob": {
-          "version": "3.0.4",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "glob-base": "0.3.0",
-            "is-dotfile": "1.0.3",
-            "is-extglob": "1.0.0",
-            "is-glob": "2.0.1"
-          }
-        },
-        "parse-json": {
-          "version": "2.2.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "error-ex": "1.3.1"
-          }
-        },
-        "path-exists": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "pinkie-promise": "2.0.1"
-          }
-        },
-        "path-is-absolute": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "path-key": {
-          "version": "2.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "path-parse": {
-          "version": "1.0.5",
-          "bundled": true,
-          "dev": true
-        },
-        "path-type": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "graceful-fs": "4.1.11",
-            "pify": "2.3.0",
-            "pinkie-promise": "2.0.1"
-          }
-        },
-        "pify": {
-          "version": "2.3.0",
-          "bundled": true,
-          "dev": true
-        },
-        "pinkie": {
-          "version": "2.0.4",
-          "bundled": true,
-          "dev": true
-        },
-        "pinkie-promise": {
-          "version": "2.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "pinkie": "2.0.4"
-          }
-        },
-        "pkg-dir": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "find-up": "1.1.2"
-          },
-          "dependencies": {
-            "find-up": {
-              "version": "1.1.2",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "path-exists": "2.1.0",
-                "pinkie-promise": "2.0.1"
-              }
-            }
-          }
-        },
-        "preserve": {
-          "version": "0.2.0",
-          "bundled": true,
-          "dev": true
-        },
-        "pseudomap": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "randomatic": {
-          "version": "1.1.7",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-number": "3.0.0",
-            "kind-of": "4.0.0"
-          },
-          "dependencies": {
-            "is-number": {
-              "version": "3.0.0",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "kind-of": "3.2.2"
-              },
-              "dependencies": {
-                "kind-of": {
-                  "version": "3.2.2",
-                  "bundled": true,
-                  "dev": true,
-                  "requires": {
-                    "is-buffer": "1.1.6"
-                  }
-                }
-              }
-            },
-            "kind-of": {
-              "version": "4.0.0",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "is-buffer": "1.1.6"
-              }
-            }
-          }
-        },
-        "read-pkg": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "load-json-file": "1.1.0",
-            "normalize-package-data": "2.4.0",
-            "path-type": "1.1.0"
-          }
-        },
-        "read-pkg-up": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "find-up": "1.1.2",
-            "read-pkg": "1.1.0"
-          },
-          "dependencies": {
-            "find-up": {
-              "version": "1.1.2",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "path-exists": "2.1.0",
-                "pinkie-promise": "2.0.1"
-              }
-            }
-          }
-        },
-        "regenerator-runtime": {
-          "version": "0.11.1",
-          "bundled": true,
-          "dev": true
-        },
-        "regex-cache": {
-          "version": "0.4.4",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-equal-shallow": "0.1.3"
-          }
-        },
-        "remove-trailing-separator": {
-          "version": "1.1.0",
-          "bundled": true,
-          "dev": true
-        },
-        "repeat-element": {
-          "version": "1.1.2",
-          "bundled": true,
-          "dev": true
-        },
-        "repeat-string": {
-          "version": "1.6.1",
-          "bundled": true,
-          "dev": true
-        },
-        "repeating": {
-          "version": "2.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-finite": "1.0.2"
-          }
-        },
-        "require-directory": {
-          "version": "2.1.1",
-          "bundled": true,
-          "dev": true
-        },
-        "require-main-filename": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "resolve-from": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "right-align": {
-          "version": "0.1.3",
-          "bundled": true,
-          "dev": true,
-          "optional": true,
-          "requires": {
-            "align-text": "0.1.4"
-          }
-        },
-        "rimraf": {
-          "version": "2.6.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "glob": "7.1.2"
-          }
-        },
-        "semver": {
-          "version": "5.4.1",
-          "bundled": true,
-          "dev": true
-        },
-        "set-blocking": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "shebang-command": {
-          "version": "1.2.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "shebang-regex": "1.0.0"
-          }
-        },
-        "shebang-regex": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "signal-exit": {
-          "version": "3.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "slide": {
-          "version": "1.1.6",
-          "bundled": true,
-          "dev": true
-        },
-        "source-map": {
-          "version": "0.5.7",
-          "bundled": true,
-          "dev": true
-        },
-        "spawn-wrap": {
-          "version": "1.4.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "foreground-child": "1.5.6",
-            "mkdirp": "0.5.1",
-            "os-homedir": "1.0.2",
-            "rimraf": "2.6.2",
-            "signal-exit": "3.0.2",
-            "which": "1.3.0"
-          }
-        },
-        "spdx-correct": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "spdx-license-ids": "1.2.2"
-          }
-        },
-        "spdx-expression-parse": {
-          "version": "1.0.4",
-          "bundled": true,
-          "dev": true
-        },
-        "spdx-license-ids": {
-          "version": "1.2.2",
-          "bundled": true,
-          "dev": true
-        },
-        "string-width": {
-          "version": "2.1.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-fullwidth-code-point": "2.0.0",
-            "strip-ansi": "4.0.0"
-          },
-          "dependencies": {
-            "ansi-regex": {
-              "version": "3.0.0",
-              "bundled": true,
-              "dev": true
-            },
-            "is-fullwidth-code-point": {
-              "version": "2.0.0",
-              "bundled": true,
-              "dev": true
-            },
-            "strip-ansi": {
-              "version": "4.0.0",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "ansi-regex": "3.0.0"
-              }
-            }
-          }
-        },
-        "strip-ansi": {
-          "version": "3.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "ansi-regex": "2.1.1"
-          }
-        },
-        "strip-bom": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "is-utf8": "0.2.1"
-          }
-        },
-        "strip-eof": {
-          "version": "1.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "supports-color": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "test-exclude": {
-          "version": "4.1.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "arrify": "1.0.1",
-            "micromatch": "2.3.11",
-            "object-assign": "4.1.1",
-            "read-pkg-up": "1.0.1",
-            "require-main-filename": "1.0.1"
-          }
-        },
-        "to-fast-properties": {
-          "version": "1.0.3",
-          "bundled": true,
-          "dev": true
-        },
-        "trim-right": {
-          "version": "1.0.1",
-          "bundled": true,
-          "dev": true
-        },
-        "uglify-js": {
-          "version": "2.8.29",
-          "bundled": true,
-          "dev": true,
-          "optional": true,
-          "requires": {
-            "source-map": "0.5.7",
-            "uglify-to-browserify": "1.0.2",
-            "yargs": "3.10.0"
-          },
-          "dependencies": {
-            "yargs": {
-              "version": "3.10.0",
-              "bundled": true,
-              "dev": true,
-              "optional": true,
-              "requires": {
-                "camelcase": "1.2.1",
-                "cliui": "2.1.0",
-                "decamelize": "1.2.0",
-                "window-size": "0.1.0"
-              }
-            }
-          }
-        },
-        "uglify-to-browserify": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true,
-          "optional": true
-        },
-        "validate-npm-package-license": {
-          "version": "3.0.1",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "spdx-correct": "1.0.2",
-            "spdx-expression-parse": "1.0.4"
-          }
-        },
-        "which": {
-          "version": "1.3.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "isexe": "2.0.0"
-          }
-        },
-        "which-module": {
-          "version": "2.0.0",
-          "bundled": true,
-          "dev": true
-        },
-        "window-size": {
-          "version": "0.1.0",
-          "bundled": true,
-          "dev": true,
-          "optional": true
-        },
-        "wordwrap": {
-          "version": "0.0.3",
-          "bundled": true,
-          "dev": true
-        },
-        "wrap-ansi": {
-          "version": "2.1.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "string-width": "1.0.2",
-            "strip-ansi": "3.0.1"
-          },
-          "dependencies": {
-            "string-width": {
-              "version": "1.0.2",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "code-point-at": "1.1.0",
-                "is-fullwidth-code-point": "1.0.0",
-                "strip-ansi": "3.0.1"
-              }
-            }
-          }
-        },
-        "wrappy": {
-          "version": "1.0.2",
-          "bundled": true,
-          "dev": true
-        },
-        "write-file-atomic": {
-          "version": "1.3.4",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "graceful-fs": "4.1.11",
-            "imurmurhash": "0.1.4",
-            "slide": "1.1.6"
-          }
-        },
-        "y18n": {
-          "version": "3.2.1",
-          "bundled": true,
-          "dev": true
-        },
-        "yallist": {
-          "version": "2.1.2",
-          "bundled": true,
-          "dev": true
-        },
-        "yargs": {
-          "version": "10.0.3",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "cliui": "3.2.0",
-            "decamelize": "1.2.0",
-            "find-up": "2.1.0",
-            "get-caller-file": "1.0.2",
-            "os-locale": "2.1.0",
-            "require-directory": "2.1.1",
-            "require-main-filename": "1.0.1",
-            "set-blocking": "2.0.0",
-            "string-width": "2.1.1",
-            "which-module": "2.0.0",
-            "y18n": "3.2.1",
-            "yargs-parser": "8.0.0"
-          },
-          "dependencies": {
-            "cliui": {
-              "version": "3.2.0",
-              "bundled": true,
-              "dev": true,
-              "requires": {
-                "string-width": "1.0.2",
-                "strip-ansi": "3.0.1",
-                "wrap-ansi": "2.1.0"
-              },
-              "dependencies": {
-                "string-width": {
-                  "version": "1.0.2",
-                  "bundled": true,
-                  "dev": true,
-                  "requires": {
-                    "code-point-at": "1.1.0",
-                    "is-fullwidth-code-point": "1.0.0",
-                    "strip-ansi": "3.0.1"
-                  }
-                }
-              }
-            }
-          }
-        },
-        "yargs-parser": {
-          "version": "8.0.0",
-          "bundled": true,
-          "dev": true,
-          "requires": {
-            "camelcase": "4.1.0"
-          },
-          "dependencies": {
-            "camelcase": {
-              "version": "4.1.0",
-              "bundled": true,
-              "dev": true
-            }
-          }
-        }
-      }
-    },
-    "oauth-sign": {
-      "version": "0.8.2",
-      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.8.2.tgz",
-      "integrity": "sha1-Rqarfwrq2N6unsBWV4C31O/rnUM="
-    },
-    "object-assign": {
-      "version": "4.1.1",
-      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
-      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=",
-      "dev": true
-    },
-    "object-inspect": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/object-inspect/-/object-inspect-1.2.2.tgz",
-      "integrity": "sha1-yCEV5PzIiK6hTWTCLk8X9qcNXlo=",
-      "dev": true
-    },
-    "object-keys": {
-      "version": "1.0.11",
-      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.0.11.tgz",
-      "integrity": "sha1-xUYBd4rVYPEULODgG8yotW0TQm0=",
-      "dev": true
-    },
-    "object.entries": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/object.entries/-/object.entries-1.0.4.tgz",
-      "integrity": "sha1-G/mk3SKI9bM/Opk9JXZh8F0WGl8=",
-      "dev": true,
-      "requires": {
-        "define-properties": "1.1.2",
-        "es-abstract": "1.7.0",
-        "function-bind": "1.1.0",
-        "has": "1.0.1"
-      }
-    },
-    "on-finished": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
-      "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
-      "requires": {
-        "ee-first": "1.1.1"
-      }
-    },
-    "on-headers": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/on-headers/-/on-headers-1.0.1.tgz",
-      "integrity": "sha1-ko9dD0cNSTQmUepnlLCFfBAGk/c=",
-      "dev": true
-    },
-    "once": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
-      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
-      "requires": {
-        "wrappy": "1.0.2"
-      }
-    },
-    "onetime": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/onetime/-/onetime-2.0.1.tgz",
-      "integrity": "sha1-BnQoIw/WdEOyeUsiu6UotoZ5YtQ=",
-      "dev": true,
-      "requires": {
-        "mimic-fn": "1.2.0"
-      }
-    },
-    "optimist": {
-      "version": "0.6.1",
-      "resolved": "https://registry.npmjs.org/optimist/-/optimist-0.6.1.tgz",
-      "integrity": "sha1-2j6nRob6IaGaERwybpDrFaAZZoY=",
-      "requires": {
-        "minimist": "0.0.8",
-        "wordwrap": "0.0.3"
-      },
-      "dependencies": {
-        "wordwrap": {
-          "version": "0.0.3",
-          "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.3.tgz",
-          "integrity": "sha1-o9XabNXAvAAI03I0u68b7WMFkQc="
-        }
-      }
-    },
-    "optionator": {
-      "version": "0.8.2",
-      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz",
-      "integrity": "sha1-NkxeQJ0/TWMB1sC0wFu6UBgK62Q=",
-      "dev": true,
-      "requires": {
-        "deep-is": "0.1.3",
-        "fast-levenshtein": "2.0.6",
-        "levn": "0.3.0",
-        "prelude-ls": "1.1.2",
-        "type-check": "0.3.2",
-        "wordwrap": "1.0.0"
-      }
-    },
-    "original": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/original/-/original-1.0.0.tgz",
-      "integrity": "sha1-kUf5P6FpbQS+YeAb1QuurKZWvTs=",
-      "dev": true,
-      "requires": {
-        "url-parse": "1.0.5"
-      }
-    },
-    "os-locale": {
-      "version": "1.4.0",
-      "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-1.4.0.tgz",
-      "integrity": "sha1-IPnxeuKe00XoveWDsT0gCYA8FNk=",
-      "requires": {
-        "lcid": "1.0.0"
-      }
-    },
-    "os-tmpdir": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
-      "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
-      "dev": true
-    },
-    "over": {
-      "version": "0.0.5",
-      "resolved": "https://registry.npmjs.org/over/-/over-0.0.5.tgz",
-      "integrity": "sha1-8phS5w/X4l82DgE6jsRMgq7bVwg="
-    },
-    "p-finally": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/p-finally/-/p-finally-1.0.0.tgz",
-      "integrity": "sha1-P7z7FbiZpEEjs0ttzBi3JDNqLK4=",
-      "dev": true
-    },
-    "p-limit": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.2.0.tgz",
-      "integrity": "sha512-Y/OtIaXtUPr4/YpMv1pCL5L5ed0rumAaAeBSj12F+bSlMdys7i8oQF/GUJmfpTS/QoaRrS/k6pma29haJpsMng==",
-      "requires": {
-        "p-try": "1.0.0"
-      }
-    },
-    "p-locate": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz",
-      "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=",
-      "requires": {
-        "p-limit": "1.2.0"
-      }
-    },
-    "p-try": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz",
-      "integrity": "sha1-y8ec26+P1CKOE/Yh8rGiN8GyB7M="
-    },
-    "parse-entities": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/parse-entities/-/parse-entities-1.1.1.tgz",
-      "integrity": "sha1-gRLYhHExnyerrk1klksSL+ThuJA=",
-      "requires": {
-        "character-entities": "1.2.0",
-        "character-entities-legacy": "1.1.0",
-        "character-reference-invalid": "1.1.0",
-        "is-alphanumerical": "1.0.0",
-        "is-decimal": "1.0.0",
-        "is-hexadecimal": "1.0.0"
-      }
-    },
-    "parse-json": {
-      "version": "2.2.0",
-      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz",
-      "integrity": "sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=",
-      "requires": {
-        "error-ex": "1.3.1"
-      }
-    },
-    "parseurl": {
-      "version": "1.3.2",
-      "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.2.tgz",
-      "integrity": "sha1-/CidTtiZMRlGDBViUyYs3I3mW/M="
-    },
-    "path-exists": {
-      "version": "3.0.0",
-      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
-      "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU="
-    },
-    "path-is-absolute": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
-      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18="
-    },
-    "path-is-inside": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz",
-      "integrity": "sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM=",
-      "dev": true
-    },
-    "path-key": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/path-key/-/path-key-2.0.1.tgz",
-      "integrity": "sha1-QRyttXTFoUDTpLGRDUDYDMn0C0A=",
-      "dev": true
-    },
-    "path-parse": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.5.tgz",
-      "integrity": "sha1-PBrfhx6pzWyUMbbqK9dKD/BVxME="
-    },
-    "path-to-regexp": {
-      "version": "0.1.7",
-      "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
-      "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
-    },
-    "path-type": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/path-type/-/path-type-1.1.0.tgz",
-      "integrity": "sha1-WcRPfuSR2nBNpBXaWkBwuk+P5EE=",
-      "requires": {
-        "graceful-fs": "4.1.11",
-        "pify": "2.3.0",
-        "pinkie-promise": "2.0.1"
-      }
-    },
-    "performance-now": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
-      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns="
-    },
-    "perjury": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/perjury/-/perjury-1.1.1.tgz",
-      "integrity": "sha512-ajpb3Cf1tQtnLKNB1YDLCpo1zEWCV/JMlWBNOlxK1VNtLikhJkf/FCtA+wVaxtn2Js1Bi/wT+lFDFIZkFnbYNQ==",
-      "dev": true,
-      "requires": {
-        "async": "2.6.0",
-        "coffeescript": "1.12.7",
-        "debug": "3.1.0",
-        "lodash": "4.17.5",
-        "yargs": "11.0.0"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "cliui": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/cliui/-/cliui-4.0.0.tgz",
-          "integrity": "sha512-nY3W5Gu2racvdDk//ELReY+dHjb9PlIcVDFXP72nVIhq2Gy3LuVXYwJoPVudwQnv1shtohpgkdCKT2YaKY0CKw==",
-          "dev": true,
-          "requires": {
-            "string-width": "2.1.1",
-            "strip-ansi": "4.0.0",
-            "wrap-ansi": "2.1.0"
-          }
-        },
-        "coffeescript": {
-          "version": "1.12.7",
-          "resolved": "https://registry.npmjs.org/coffeescript/-/coffeescript-1.12.7.tgz",
-          "integrity": "sha512-pLXHFxQMPklVoEekowk8b3erNynC+DVJzChxS/LCBBgR6/8AJkHivkm//zbowcfc7BTCAjryuhx6gPqPRfsFoA==",
-          "dev": true
-        },
-        "debug": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-          "dev": true,
-          "requires": {
-            "ms": "2.0.0"
-          }
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
-          "dev": true
-        },
-        "os-locale": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/os-locale/-/os-locale-2.1.0.tgz",
-          "integrity": "sha512-3sslG3zJbEYcaC4YVAvDorjGxc7tv6KVATnLPZONiljsUncvihe9BQoVCEs0RZ1kmf4Hk9OBqlZfJZWI4GanKA==",
-          "dev": true,
-          "requires": {
-            "execa": "0.7.0",
-            "lcid": "1.0.0",
-            "mem": "1.1.0"
-          }
-        },
-        "string-width": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
-          "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
-          "dev": true,
-          "requires": {
-            "is-fullwidth-code-point": "2.0.0",
-            "strip-ansi": "4.0.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "3.0.0"
-          }
-        },
-        "yargs": {
-          "version": "11.0.0",
-          "resolved": "https://registry.npmjs.org/yargs/-/yargs-11.0.0.tgz",
-          "integrity": "sha512-Rjp+lMYQOWtgqojx1dEWorjCofi1YN7AoFvYV7b1gx/7dAAeuI4kN5SZiEvr0ZmsZTOpDRcCqrpI10L31tFkBw==",
-          "dev": true,
-          "requires": {
-            "cliui": "4.0.0",
-            "decamelize": "1.2.0",
-            "find-up": "2.1.0",
-            "get-caller-file": "1.0.2",
-            "os-locale": "2.1.0",
-            "require-directory": "2.1.1",
-            "require-main-filename": "1.0.1",
-            "set-blocking": "2.0.0",
-            "string-width": "2.1.1",
-            "which-module": "2.0.0",
-            "y18n": "3.2.1",
-            "yargs-parser": "9.0.2"
-          }
-        }
-      }
-    },
-    "pify": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
-      "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw="
-    },
-    "pinkie": {
-      "version": "2.0.4",
-      "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz",
-      "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA="
-    },
-    "pinkie-promise": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
-      "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=",
-      "requires": {
-        "pinkie": "2.0.4"
-      }
-    },
-    "pkg-conf": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/pkg-conf/-/pkg-conf-2.1.0.tgz",
-      "integrity": "sha1-ISZRTKbyq/69FoWW3xi6V4Z/AFg=",
-      "requires": {
-        "find-up": "2.1.0",
-        "load-json-file": "4.0.0"
-      }
-    },
-    "pluralize": {
-      "version": "7.0.0",
-      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
-      "integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow==",
-      "dev": true
-    },
-    "prelude-ls": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
-      "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=",
-      "dev": true
-    },
-    "probot": {
-      "version": "5.0.0",
-      "resolved": "https://registry.npmjs.org/probot/-/probot-5.0.0.tgz",
-      "integrity": "sha512-/idAAkDJguZWoW2G5lgo9Q2632eG/2wjGcbauqpECAfv9Iyng7qDhfb94PjOYR4w86xE6gOineUJ07TQHIZwpA==",
-      "requires": {
-        "bottleneck": "1.16.0",
-        "bunyan": "1.8.12",
-        "bunyan-format": "0.2.1",
-        "bunyan-sentry-stream": "1.2.1",
-        "cache-manager": "2.7.0",
-        "commander": "2.14.1",
-        "dotenv": "4.0.0",
-        "express": "4.16.2",
-        "express-async-errors": "2.1.0",
-        "github": "12.1.0",
-        "github-webhook-handler": "0.7.1",
-        "hbs": "4.0.1",
-        "js-yaml": "3.10.0",
-        "jsonwebtoken": "8.1.1",
-        "pkg-conf": "2.1.0",
-        "promise-events": "0.1.4",
-        "raven": "2.4.1",
-        "resolve": "1.5.0",
-        "semver": "5.5.0"
-      }
-    },
-    "process-nextick-args": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
-      "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw==",
-      "dev": true
-    },
-    "progress": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.0.tgz",
-      "integrity": "sha1-ihvjZr+Pwj2yvSPxDG/pILQ4nR8=",
-      "dev": true
-    },
-    "promise-events": {
-      "version": "0.1.4",
-      "resolved": "https://registry.npmjs.org/promise-events/-/promise-events-0.1.4.tgz",
-      "integrity": "sha1-PIj66X5EjaaPf88Z1O4wjW5DLVs="
-    },
-    "proxy-addr": {
-      "version": "2.0.2",
-      "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.2.tgz",
-      "integrity": "sha1-ZXFQT0e7mI7IGAJT+F3X4UlSvew=",
-      "requires": {
-        "forwarded": "0.1.2",
-        "ipaddr.js": "1.5.2"
-      }
-    },
-    "pseudomap": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz",
-      "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM="
-    },
-    "pullstream": {
-      "version": "0.4.1",
-      "resolved": "https://registry.npmjs.org/pullstream/-/pullstream-0.4.1.tgz",
-      "integrity": "sha1-1vs79a7Wl+gxFQ6xACwlo/iuExQ=",
-      "requires": {
-        "over": "0.0.5",
-        "readable-stream": "1.0.34",
-        "setimmediate": "1.0.5",
-        "slice-stream": "1.0.0"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-        },
-        "readable-stream": {
-          "version": "1.0.34",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
-          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-          "requires": {
-            "core-util-is": "1.0.2",
-            "inherits": "2.0.3",
-            "isarray": "0.0.1",
-            "string_decoder": "0.10.31"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
-      }
-    },
-    "punycode": {
-      "version": "1.4.1",
-      "resolved": "https://registry.npmjs.org/punycode/-/punycode-1.4.1.tgz",
-      "integrity": "sha1-wNWmOycYgArY4esPpSachN1BhF4="
-    },
-    "qs": {
-      "version": "6.5.1",
-      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.1.tgz",
-      "integrity": "sha512-eRzhrN1WSINYCDCbrz796z37LOe3m5tmW7RQf6oBntukAG1nmovJvhnwHHRMAfeoItc1m2Hk02WER2aQ/iqs+A=="
-    },
-    "querystringify": {
-      "version": "0.0.4",
-      "resolved": "https://registry.npmjs.org/querystringify/-/querystringify-0.0.4.tgz",
-      "integrity": "sha1-DPf4T5Rj/wrlHExLFC2VvjdyTZw=",
-      "dev": true
-    },
-    "range-parser": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.0.tgz",
-      "integrity": "sha1-9JvmtIeJTdxA3MlKMi9hEJLgDV4="
-    },
-    "raven": {
-      "version": "2.4.1",
-      "resolved": "https://registry.npmjs.org/raven/-/raven-2.4.1.tgz",
-      "integrity": "sha512-LLLS8bOJC1q33qszBsLaEtEg7X8G8hYLGcKO4s6EifAce2BN6cTRdBXNvwVNv4kNk82YUZYrj53yEbL4kCmjjw==",
-      "requires": {
-        "cookie": "0.3.1",
-        "md5": "2.2.1",
-        "stack-trace": "0.0.9",
-        "timed-out": "4.0.1",
-        "uuid": "3.0.0"
-      },
-      "dependencies": {
-        "uuid": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.0.0.tgz",
-          "integrity": "sha1-Zyj8BFnEUNeWqZwxg3VpvfZy1yg="
-        }
-      }
-    },
-    "raw-body": {
-      "version": "2.3.2",
-      "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.3.2.tgz",
-      "integrity": "sha1-vNYMd9Prk83gBQKVw/N5OJvIj4k=",
-      "requires": {
-        "bytes": "3.0.0",
-        "http-errors": "1.6.2",
-        "iconv-lite": "0.4.19",
-        "unpipe": "1.0.0"
-      }
-    },
-    "read-pkg": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-1.1.0.tgz",
-      "integrity": "sha1-9f+qXs0pyzHAR0vKfXVra7KePyg=",
-      "requires": {
-        "load-json-file": "1.1.0",
-        "normalize-package-data": "2.4.0",
-        "path-type": "1.1.0"
-      },
-      "dependencies": {
-        "load-json-file": {
-          "version": "1.1.0",
-          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-1.1.0.tgz",
-          "integrity": "sha1-lWkFcI1YtLq0wiYbBPWfMcmTdMA=",
-          "requires": {
-            "graceful-fs": "4.1.11",
-            "parse-json": "2.2.0",
-            "pify": "2.3.0",
-            "pinkie-promise": "2.0.1",
-            "strip-bom": "2.0.0"
-          }
-        },
-        "strip-bom": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-2.0.0.tgz",
-          "integrity": "sha1-YhmoVhZSBJHzV4i9vxRHqZx+aw4=",
-          "requires": {
-            "is-utf8": "0.2.1"
-          }
-        }
-      }
-    },
-    "read-pkg-up": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-1.0.1.tgz",
-      "integrity": "sha1-nWPBMnbAZZGNV/ACpX9AobZD+wI=",
-      "requires": {
-        "find-up": "1.1.2",
-        "read-pkg": "1.1.0"
-      },
-      "dependencies": {
-        "find-up": {
-          "version": "1.1.2",
-          "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz",
-          "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=",
-          "requires": {
-            "path-exists": "2.1.0",
-            "pinkie-promise": "2.0.1"
-          }
-        },
-        "path-exists": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz",
-          "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=",
-          "requires": {
-            "pinkie-promise": "2.0.1"
-          }
-        }
-      }
-    },
-    "readable-stream": {
-      "version": "2.3.4",
-      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.4.tgz",
-      "integrity": "sha512-vuYxeWYM+fde14+rajzqgeohAI7YoJcHE7kXDAc4Nk0EbuKnJfqtY9YtRkLo/tqkuF7MsBQRhPnPeyjYITp3ZQ==",
-      "dev": true,
-      "requires": {
-        "core-util-is": "1.0.2",
-        "inherits": "2.0.3",
-        "isarray": "1.0.0",
-        "process-nextick-args": "2.0.0",
-        "safe-buffer": "5.1.1",
-        "string_decoder": "1.0.3",
-        "util-deprecate": "1.0.2"
-      }
-    },
-    "remark": {
-      "version": "7.0.1",
-      "resolved": "https://registry.npmjs.org/remark/-/remark-7.0.1.tgz",
-      "integrity": "sha1-pd5NrPq/D2CkmCbvJMR5gH+QS/s=",
-      "requires": {
-        "remark-parse": "3.0.1",
-        "remark-stringify": "3.0.1",
-        "unified": "6.1.5"
-      }
-    },
-    "remark-parse": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/remark-parse/-/remark-parse-3.0.1.tgz",
-      "integrity": "sha1-G5+EGkTY9PvyJGhQJlRZpOs1TIA=",
-      "requires": {
-        "collapse-white-space": "1.0.3",
-        "has": "1.0.1",
-        "is-alphabetical": "1.0.0",
-        "is-decimal": "1.0.0",
-        "is-whitespace-character": "1.0.0",
-        "is-word-character": "1.0.0",
-        "markdown-escapes": "1.0.0",
-        "parse-entities": "1.1.1",
-        "repeat-string": "1.6.1",
-        "state-toggle": "1.0.0",
-        "trim": "0.0.1",
-        "trim-trailing-lines": "1.1.0",
-        "unherit": "1.1.0",
-        "unist-util-remove-position": "1.1.1",
-        "vfile-location": "2.0.1",
-        "xtend": "4.0.1"
-      }
-    },
-    "remark-stringify": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/remark-stringify/-/remark-stringify-3.0.1.tgz",
-      "integrity": "sha1-eSQr6+CnUggbWAlRb6DAbt7Aac8=",
-      "requires": {
-        "ccount": "1.0.1",
-        "is-alphanumeric": "1.0.0",
-        "is-decimal": "1.0.0",
-        "is-whitespace-character": "1.0.0",
-        "longest-streak": "2.0.1",
-        "markdown-escapes": "1.0.0",
-        "markdown-table": "1.1.0",
-        "mdast-util-compact": "1.0.1",
-        "parse-entities": "1.1.1",
-        "repeat-string": "1.6.1",
-        "state-toggle": "1.0.0",
-        "stringify-entities": "1.3.1",
-        "unherit": "1.1.0",
-        "xtend": "4.0.1"
-      }
-    },
-    "repeat-string": {
-      "version": "1.6.1",
-      "resolved": "https://registry.npmjs.org/repeat-string/-/repeat-string-1.6.1.tgz",
-      "integrity": "sha1-jcrkcOHIirwtYA//Sndihtp15jc="
-    },
-    "replace-ext": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/replace-ext/-/replace-ext-1.0.0.tgz",
-      "integrity": "sha1-3mMSg3P8v3w8z6TeWkgMRaZ5WOs="
-    },
-    "request": {
-      "version": "2.83.0",
-      "resolved": "https://registry.npmjs.org/request/-/request-2.83.0.tgz",
-      "integrity": "sha512-lR3gD69osqm6EYLk9wB/G1W/laGWjzH90t1vEa2xuxHD5KUrSzp9pUSfTm+YC5Nxt2T8nMPEvKlhbQayU7bgFw==",
-      "requires": {
-        "aws-sign2": "0.7.0",
-        "aws4": "1.6.0",
-        "caseless": "0.12.0",
-        "combined-stream": "1.0.6",
-        "extend": "3.0.1",
-        "forever-agent": "0.6.1",
-        "form-data": "2.3.2",
-        "har-validator": "5.0.3",
-        "hawk": "6.0.2",
-        "http-signature": "1.2.0",
-        "is-typedarray": "1.0.0",
-        "isstream": "0.1.2",
-        "json-stringify-safe": "5.0.1",
-        "mime-types": "2.1.17",
-        "oauth-sign": "0.8.2",
-        "performance-now": "2.1.0",
-        "qs": "6.5.1",
-        "safe-buffer": "5.1.1",
-        "stringstream": "0.0.5",
-        "tough-cookie": "2.3.3",
-        "tunnel-agent": "0.6.0",
-        "uuid": "3.2.1"
-      }
-    },
-    "require-directory": {
-      "version": "2.1.1",
-      "resolved": "https://registry.npmjs.org/require-directory/-/require-directory-2.1.1.tgz",
-      "integrity": "sha1-jGStX9MNqxyXbiNE/+f3kqam30I="
-    },
-    "require-main-filename": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/require-main-filename/-/require-main-filename-1.0.1.tgz",
-      "integrity": "sha1-l/cXtp1IeE9fUmpsWqj/3aBVpNE="
-    },
-    "require-uncached": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
-      "integrity": "sha1-Tg1W1slmL9MeQwEcS5WqSZVUIdM=",
-      "dev": true,
-      "requires": {
-        "caller-path": "0.1.0",
-        "resolve-from": "1.0.1"
-      }
-    },
-    "requires-port": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/requires-port/-/requires-port-1.0.0.tgz",
-      "integrity": "sha1-kl0mAdOaxIXgkc8NpcbmlNw9yv8=",
-      "dev": true
-    },
-    "resolve": {
-      "version": "1.5.0",
-      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.5.0.tgz",
-      "integrity": "sha512-hgoSGrc3pjzAPHNBg+KnFcK2HwlHTs/YrAGUr6qgTVUZmXv1UEXXl0bZNBKMA9fud6lRYFdPGz0xXxycPzmmiw==",
-      "requires": {
-        "path-parse": "1.0.5"
-      }
-    },
-    "resolve-from": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-1.0.1.tgz",
-      "integrity": "sha1-Jsv+k10a7uq7Kbw/5a6wHpPUQiY=",
-      "dev": true
-    },
-    "restore-cursor": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-2.0.0.tgz",
-      "integrity": "sha1-n37ih/gv0ybU/RYpI9YhKe7g368=",
-      "dev": true,
-      "requires": {
-        "onetime": "2.0.1",
-        "signal-exit": "3.0.2"
-      }
-    },
-    "right-align": {
-      "version": "0.1.3",
-      "resolved": "https://registry.npmjs.org/right-align/-/right-align-0.1.3.tgz",
-      "integrity": "sha1-YTObci/mo1FWiSENJOFMlhSGE+8=",
-      "optional": true,
-      "requires": {
-        "align-text": "0.1.4"
-      }
-    },
-    "rimraf": {
-      "version": "2.6.1",
-      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.1.tgz",
-      "integrity": "sha1-wjOOxkPfeht/5cVPqG9XQopV8z0=",
-      "requires": {
-        "glob": "7.1.1"
-      }
-    },
-    "run-async": {
-      "version": "2.3.0",
-      "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.3.0.tgz",
-      "integrity": "sha1-A3GrSuC91yDUFm19/aZP96RFpsA=",
-      "dev": true,
-      "requires": {
-        "is-promise": "2.1.0"
-      }
-    },
-    "rx-lite": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-4.0.8.tgz",
-      "integrity": "sha1-Cx4Rr4vESDbwSmQH6S2kJGe3lEQ=",
-      "dev": true
-    },
-    "rx-lite-aggregates": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/rx-lite-aggregates/-/rx-lite-aggregates-4.0.8.tgz",
-      "integrity": "sha1-dTuHqJoRyVRnxKwWJsTvxOBcZ74=",
-      "dev": true,
-      "requires": {
-        "rx-lite": "4.0.8"
-      }
-    },
-    "safe-buffer": {
-      "version": "5.1.1",
-      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.1.tgz",
-      "integrity": "sha512-kKvNJn6Mm93gAczWVJg7wH+wGYWNrDHdWvpUmHyEsgCtIwwo3bqPtV4tR5tuPaUhTOo/kvhVwd8XwwOllGYkbg=="
-    },
-    "safe-json-stringify": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/safe-json-stringify/-/safe-json-stringify-1.0.4.tgz",
-      "integrity": "sha1-gaCY9Efku8P/MxKiQ1IbwGDvWRE=",
-      "optional": true
-    },
-    "samsam": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/samsam/-/samsam-1.3.0.tgz",
-      "integrity": "sha512-1HwIYD/8UlOtFS3QO3w7ey+SdSDFE4HRNLZoZRYVQefrOY3l17epswImeB1ijgJFQJodIaHcwkp3r/myBjFVbg==",
-      "dev": true
-    },
-    "semver": {
-      "version": "5.5.0",
-      "resolved": "https://registry.npmjs.org/semver/-/semver-5.5.0.tgz",
-      "integrity": "sha512-4SJ3dm0WAwWy/NVeioZh5AntkdJoWKxHxcmyP622fOkgHa4z3R0TdBJICINyaSDE6uNwVc8gZr+ZinwZAH4xIA=="
-    },
-    "send": {
-      "version": "0.16.1",
-      "resolved": "https://registry.npmjs.org/send/-/send-0.16.1.tgz",
-      "integrity": "sha512-ElCLJdJIKPk6ux/Hocwhk7NFHpI3pVm/IZOYWqUmoxcgeyM+MpxHHKhb8QmlJDX1pU6WrgaHBkVNm73Sv7uc2A==",
-      "requires": {
-        "debug": "2.6.9",
-        "depd": "1.1.2",
-        "destroy": "1.0.4",
-        "encodeurl": "1.0.2",
-        "escape-html": "1.0.3",
-        "etag": "1.8.1",
-        "fresh": "0.5.2",
-        "http-errors": "1.6.2",
-        "mime": "1.4.1",
-        "ms": "2.0.0",
-        "on-finished": "2.3.0",
-        "range-parser": "1.2.0",
-        "statuses": "1.3.1"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "2.6.9",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
-          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "serve-static": {
-      "version": "1.13.1",
-      "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.13.1.tgz",
-      "integrity": "sha512-hSMUZrsPa/I09VYFJwa627JJkNs0NrfL1Uzuup+GqHfToR2KcsXFymXSV90hoyw3M+msjFuQly+YzIH/q0MGlQ==",
-      "requires": {
-        "encodeurl": "1.0.2",
-        "escape-html": "1.0.3",
-        "parseurl": "1.3.2",
-        "send": "0.16.1"
-      }
-    },
-    "set-blocking": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/set-blocking/-/set-blocking-2.0.0.tgz",
-      "integrity": "sha1-BF+XgtARrppoA93TgrJDkrPYkPc="
-    },
-    "setimmediate": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/setimmediate/-/setimmediate-1.0.5.tgz",
-      "integrity": "sha1-KQy7Iy4waULX1+qbg3Mqt4VvgoU="
-    },
-    "setprototypeof": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.0.tgz",
-      "integrity": "sha512-BvE/TwpZX4FXExxOxZyRGQQv651MSwmWKZGqvmPcRIjDqWub67kTKuIMx43cZZrS/cBBzwBcNDWoFxt2XEFIpQ=="
-    },
-    "shebang-command": {
-      "version": "1.2.0",
-      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz",
-      "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=",
-      "dev": true,
-      "requires": {
-        "shebang-regex": "1.0.0"
-      }
-    },
-    "shebang-regex": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz",
-      "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=",
-      "dev": true
-    },
-    "signal-exit": {
-      "version": "3.0.2",
-      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz",
-      "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=",
-      "dev": true
-    },
-    "sinon": {
-      "version": "4.3.0",
-      "resolved": "https://registry.npmjs.org/sinon/-/sinon-4.3.0.tgz",
-      "integrity": "sha512-pmf05hFgEZUS52AGJcsVjOjqAyJW2yo14cOwVYvzCyw7+inv06YXkLyW75WG6X6p951lzkoKh51L2sNbR9CDvw==",
-      "dev": true,
-      "requires": {
-        "@sinonjs/formatio": "2.0.0",
-        "diff": "3.4.0",
-        "lodash.get": "4.4.2",
-        "lolex": "2.3.2",
-        "nise": "1.2.5",
-        "supports-color": "5.2.0",
-        "type-detect": "4.0.8"
-      },
-      "dependencies": {
-        "supports-color": {
-          "version": "5.2.0",
-          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.2.0.tgz",
-          "integrity": "sha512-F39vS48la4YvTZUPVeTqsjsFNrvcMwrV3RLZINsmHo+7djCvuUzSIeXOnZ5hmjef4bajL1dNccN+tg5XAliO5Q==",
-          "dev": true,
-          "requires": {
-            "has-flag": "3.0.0"
-          }
-        }
-      }
-    },
-    "slice-ansi": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-1.0.0.tgz",
-      "integrity": "sha512-POqxBK6Lb3q6s047D/XsDVNPnF9Dl8JSaqe9h9lURl0OdNqy/ujDrOiIHtsqXMGbWWTIomRzAMaTyawAU//Reg==",
-      "dev": true,
-      "requires": {
-        "is-fullwidth-code-point": "2.0.0"
-      },
-      "dependencies": {
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
-          "dev": true
-        }
-      }
-    },
-    "slice-stream": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/slice-stream/-/slice-stream-1.0.0.tgz",
-      "integrity": "sha1-WzO9ZvATsaf4ZGCwPUY97DmtPqA=",
-      "requires": {
-        "readable-stream": "1.0.34"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-        },
-        "readable-stream": {
-          "version": "1.0.34",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
-          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-          "requires": {
-            "core-util-is": "1.0.2",
-            "inherits": "2.0.3",
-            "isarray": "0.0.1",
-            "string_decoder": "0.10.31"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
-      }
-    },
-    "smee-client": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/smee-client/-/smee-client-1.0.1.tgz",
-      "integrity": "sha512-porkZGtw7sHPuS5w6LW5FX7JY3JQuR52Y1cZoXHMmCzz3JKlFPkFZ3db6sXU+5iTTvexcUZ3U/bGWOMZECev/w==",
-      "dev": true,
-      "requires": {
-        "commander": "2.14.1",
-        "eventsource": "1.0.5",
-        "morgan": "1.9.0",
-        "superagent": "3.8.2"
-      }
-    },
-    "sntp": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/sntp/-/sntp-2.1.0.tgz",
-      "integrity": "sha512-FL1b58BDrqS3A11lJ0zEdnJ3UOKqVxawAkF3k7F0CVN7VQ34aZrV+G8BZ1WC9ZL7NyrwsW0oviwsWDgRuVYtJg==",
-      "requires": {
-        "hoek": "4.2.0"
-      }
-    },
-    "source-map": {
-      "version": "0.4.4",
-      "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.4.4.tgz",
-      "integrity": "sha1-66T12pwNyZneaAMti092FzZSA2s=",
-      "requires": {
-        "amdefine": "1.0.1"
-      }
-    },
-    "spdx-correct": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-1.0.2.tgz",
-      "integrity": "sha1-SzBz2TP/UfORLwOsVRlJikFQ20A=",
-      "requires": {
-        "spdx-license-ids": "1.2.2"
-      }
-    },
-    "spdx-expression-parse": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-1.0.4.tgz",
-      "integrity": "sha1-m98vIOH0DtRH++JzJmGR/O1RYmw="
-    },
-    "spdx-license-ids": {
-      "version": "1.2.2",
-      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-1.2.2.tgz",
-      "integrity": "sha1-yd96NCRZSt5r0RkA1ZZpbcBrrFc="
-    },
-    "sprintf-js": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
-      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw="
-    },
-    "sshpk": {
-      "version": "1.13.1",
-      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.13.1.tgz",
-      "integrity": "sha1-US322mKHFEMW3EwY/hzx2UBzm+M=",
-      "requires": {
-        "asn1": "0.2.3",
-        "assert-plus": "1.0.0",
-        "bcrypt-pbkdf": "1.0.1",
-        "dashdash": "1.14.1",
-        "ecc-jsbn": "0.1.1",
-        "getpass": "0.1.7",
-        "jsbn": "0.1.1",
-        "tweetnacl": "0.14.5"
-      }
-    },
-    "stack-trace": {
-      "version": "0.0.9",
-      "resolved": "https://registry.npmjs.org/stack-trace/-/stack-trace-0.0.9.tgz",
-      "integrity": "sha1-qPbq7KkGdMMz58Q5U/J1tFFRBpU="
-    },
-    "state-toggle": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/state-toggle/-/state-toggle-1.0.0.tgz",
-      "integrity": "sha1-0g+aYWu08MO5i5GSLSW2QKorxCU="
-    },
-    "statuses": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.3.1.tgz",
-      "integrity": "sha1-+vUbnrdKrvOzrPStX2Gr8ky3uT4="
-    },
-    "string-width": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/string-width/-/string-width-1.0.2.tgz",
-      "integrity": "sha1-EYvfW4zcUaKn5w0hHgfisLmxB9M=",
-      "requires": {
-        "code-point-at": "1.1.0",
-        "is-fullwidth-code-point": "1.0.0",
-        "strip-ansi": "3.0.1"
-      }
-    },
-    "string_decoder": {
-      "version": "1.0.3",
-      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.0.3.tgz",
-      "integrity": "sha512-4AH6Z5fzNNBcH+6XDMfA/BTt87skxqJlO0lAh3Dker5zThcAxG6mKz+iGu308UKoPPQ8Dcqx/4JhujzltRa+hQ==",
-      "dev": true,
-      "requires": {
-        "safe-buffer": "5.1.1"
-      }
-    },
-    "stringify-entities": {
-      "version": "1.3.1",
-      "resolved": "https://registry.npmjs.org/stringify-entities/-/stringify-entities-1.3.1.tgz",
-      "integrity": "sha1-sVDsLXKsTBtfMktR+2soyc3/BYw=",
-      "requires": {
-        "character-entities-html4": "1.1.0",
-        "character-entities-legacy": "1.1.0",
-        "is-alphanumerical": "1.0.0",
-        "is-hexadecimal": "1.0.0"
-      }
-    },
-    "stringstream": {
-      "version": "0.0.5",
-      "resolved": "https://registry.npmjs.org/stringstream/-/stringstream-0.0.5.tgz",
-      "integrity": "sha1-TkhM1N5aC7vuGORjB3EKioFiGHg="
-    },
-    "strip-ansi": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
-      "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
-      "requires": {
-        "ansi-regex": "2.1.1"
-      }
-    },
-    "strip-eof": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/strip-eof/-/strip-eof-1.0.0.tgz",
-      "integrity": "sha1-u0P/VZim6wXYm1n80SnJgzE2Br8=",
-      "dev": true
-    },
-    "strip-json-comments": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
-      "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=",
-      "dev": true
-    },
-    "strip-markdown": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/strip-markdown/-/strip-markdown-3.0.1.tgz",
-      "integrity": "sha512-fvTgE4bDtZoA/NDHldeAyMEbF7d5SLwi9qJAVSCF45zyQPW7d0lINPjrEvNGgQ8dgwJx1eAxvicK+IDiWohuig=="
-    },
-    "superagent": {
-      "version": "3.8.2",
-      "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.2.tgz",
-      "integrity": "sha512-gVH4QfYHcY3P0f/BZzavLreHW3T1v7hG9B+hpMQotGQqurOvhv87GcMCd6LWySmBuf+BDR44TQd0aISjVHLeNQ==",
-      "dev": true,
-      "requires": {
-        "component-emitter": "1.2.1",
-        "cookiejar": "2.1.1",
-        "debug": "3.1.0",
-        "extend": "3.0.1",
-        "form-data": "2.3.2",
-        "formidable": "1.1.1",
-        "methods": "1.1.2",
-        "mime": "1.4.1",
-        "qs": "6.5.1",
-        "readable-stream": "2.3.4"
-      },
-      "dependencies": {
-        "debug": {
-          "version": "3.1.0",
-          "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
-          "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
-          "dev": true,
-          "requires": {
-            "ms": "2.0.0"
-          }
-        }
-      }
-    },
-    "supports-color": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz",
-      "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=",
-      "dev": true
-    },
-    "table": {
-      "version": "4.0.2",
-      "resolved": "https://registry.npmjs.org/table/-/table-4.0.2.tgz",
-      "integrity": "sha512-UUkEAPdSGxtRpiV9ozJ5cMTtYiqz7Ni1OGqLXRCynrvzdtR1p+cfOWe2RJLwvUG8hNanaSRjecIqwOjqeatDsA==",
-      "dev": true,
-      "requires": {
-        "ajv": "5.5.2",
-        "ajv-keywords": "2.1.1",
-        "chalk": "2.3.1",
-        "lodash": "4.17.5",
-        "slice-ansi": "1.0.0",
-        "string-width": "2.1.1"
-      },
-      "dependencies": {
-        "ansi-regex": {
-          "version": "3.0.0",
-          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
-          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
-          "dev": true
-        },
-        "is-fullwidth-code-point": {
-          "version": "2.0.0",
-          "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
-          "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
-          "dev": true
-        },
-        "string-width": {
-          "version": "2.1.1",
-          "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
-          "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
-          "dev": true,
-          "requires": {
-            "is-fullwidth-code-point": "2.0.0",
-            "strip-ansi": "4.0.0"
-          }
-        },
-        "strip-ansi": {
-          "version": "4.0.0",
-          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
-          "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
-          "dev": true,
-          "requires": {
-            "ansi-regex": "3.0.0"
-          }
-        }
-      }
-    },
-    "text-encoding": {
-      "version": "0.6.4",
-      "resolved": "https://registry.npmjs.org/text-encoding/-/text-encoding-0.6.4.tgz",
-      "integrity": "sha1-45mpgiV6J22uQou5KEXLcb3CbRk=",
-      "dev": true
-    },
-    "text-table": {
-      "version": "0.2.0",
-      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
-      "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
-      "dev": true
-    },
-    "through": {
-      "version": "2.3.8",
-      "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
-      "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=",
-      "dev": true
-    },
-    "timed-out": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/timed-out/-/timed-out-4.0.1.tgz",
-      "integrity": "sha1-8y6srFoXW+ol1/q1Zas+2HQe9W8="
-    },
-    "tmatch": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/tmatch/-/tmatch-2.0.1.tgz",
-      "integrity": "sha1-DFYkbzPzDaG409colauvFmYPOM8=",
-      "dev": true
-    },
-    "tmp": {
-      "version": "0.0.33",
-      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
-      "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
-      "dev": true,
-      "requires": {
-        "os-tmpdir": "1.0.2"
-      }
-    },
-    "tough-cookie": {
-      "version": "2.3.3",
-      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.3.3.tgz",
-      "integrity": "sha1-C2GKVWW23qkL80JdBNVe3EdadWE=",
-      "requires": {
-        "punycode": "1.4.1"
-      }
-    },
-    "traverse": {
-      "version": "0.3.9",
-      "resolved": "https://registry.npmjs.org/traverse/-/traverse-0.3.9.tgz",
-      "integrity": "sha1-cXuPIgzAu3tE5AUUwisui7xw2Lk="
-    },
-    "trim": {
-      "version": "0.0.1",
-      "resolved": "https://registry.npmjs.org/trim/-/trim-0.0.1.tgz",
-      "integrity": "sha1-WFhUf2spB1fulczMZm+1AITEYN0="
-    },
-    "trim-trailing-lines": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/trim-trailing-lines/-/trim-trailing-lines-1.1.0.tgz",
-      "integrity": "sha1-eu+7eAjfnWafbaLkOMrIxGradoQ="
-    },
-    "trough": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/trough/-/trough-1.0.0.tgz",
-      "integrity": "sha1-a97f5/KqSabzxDIldodVWVfzQv0="
-    },
-    "tunnel-agent": {
-      "version": "0.6.0",
-      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
-      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
-      "requires": {
-        "safe-buffer": "5.1.1"
-      }
-    },
-    "tweetnacl": {
-      "version": "0.14.5",
-      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
-      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q=",
-      "optional": true
-    },
-    "type-check": {
-      "version": "0.3.2",
-      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
-      "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=",
-      "dev": true,
-      "requires": {
-        "prelude-ls": "1.1.2"
-      }
-    },
-    "type-detect": {
-      "version": "4.0.8",
-      "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
-      "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
-      "dev": true
-    },
-    "type-is": {
-      "version": "1.6.15",
-      "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.15.tgz",
-      "integrity": "sha1-yrEPtJCeRByChC6v4a1kbIGARBA=",
-      "requires": {
-        "media-typer": "0.3.0",
-        "mime-types": "2.1.17"
-      }
-    },
-    "typedarray": {
-      "version": "0.0.6",
-      "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
-      "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c=",
-      "dev": true
-    },
-    "uglify-js": {
-      "version": "2.8.29",
-      "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-2.8.29.tgz",
-      "integrity": "sha1-KcVzMUgFe7Th913zW3qcty5qWd0=",
-      "optional": true,
-      "requires": {
-        "source-map": "0.5.7",
-        "uglify-to-browserify": "1.0.2",
-        "yargs": "3.10.0"
-      },
-      "dependencies": {
-        "cliui": {
-          "version": "2.1.0",
-          "resolved": "https://registry.npmjs.org/cliui/-/cliui-2.1.0.tgz",
-          "integrity": "sha1-S0dXYP+AJkx2LDoXGQMukcf+oNE=",
-          "optional": true,
-          "requires": {
-            "center-align": "0.1.3",
-            "right-align": "0.1.3",
-            "wordwrap": "0.0.2"
-          }
-        },
-        "source-map": {
-          "version": "0.5.7",
-          "resolved": "https://registry.npmjs.org/source-map/-/source-map-0.5.7.tgz",
-          "integrity": "sha1-igOdLRAh0i0eoUyA2OpGi6LvP8w=",
-          "optional": true
-        },
-        "window-size": {
-          "version": "0.1.0",
-          "resolved": "https://registry.npmjs.org/window-size/-/window-size-0.1.0.tgz",
-          "integrity": "sha1-VDjNLqk7IC76Ohn+iIeu58lPnJ0=",
-          "optional": true
-        },
-        "wordwrap": {
-          "version": "0.0.2",
-          "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-0.0.2.tgz",
-          "integrity": "sha1-t5Zpu0LstAn4PVg8rVLKF+qhZD8=",
-          "optional": true
-        },
-        "yargs": {
-          "version": "3.10.0",
-          "resolved": "https://registry.npmjs.org/yargs/-/yargs-3.10.0.tgz",
-          "integrity": "sha1-9+572FfdfB0tOMDnTvvWgdFDH9E=",
-          "optional": true,
-          "requires": {
-            "camelcase": "1.2.1",
-            "cliui": "2.1.0",
-            "decamelize": "1.2.0",
-            "window-size": "0.1.0"
-          }
-        }
-      }
-    },
-    "uglify-to-browserify": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/uglify-to-browserify/-/uglify-to-browserify-1.0.2.tgz",
-      "integrity": "sha1-bgkk1r2mta/jSeOabWMoUKD4grc=",
-      "optional": true
-    },
-    "unherit": {
-      "version": "1.1.0",
-      "resolved": "https://registry.npmjs.org/unherit/-/unherit-1.1.0.tgz",
-      "integrity": "sha1-a5qu379z3xdWrZ4xbdmBiFhAzX0=",
-      "requires": {
-        "inherits": "2.0.3",
-        "xtend": "4.0.1"
-      }
-    },
-    "unified": {
-      "version": "6.1.5",
-      "resolved": "https://registry.npmjs.org/unified/-/unified-6.1.5.tgz",
-      "integrity": "sha1-cWk3hyYhpjE15iztLzrGoGPG+4c=",
-      "requires": {
-        "bail": "1.0.1",
-        "extend": "3.0.1",
-        "is-plain-obj": "1.1.0",
-        "trough": "1.0.0",
-        "vfile": "2.1.0",
-        "x-is-function": "1.0.4",
-        "x-is-string": "0.1.0"
-      }
-    },
-    "unist-util-modify-children": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/unist-util-modify-children/-/unist-util-modify-children-1.1.1.tgz",
-      "integrity": "sha1-ZtfmpEnm9nIguXarPLi166w55R0=",
-      "requires": {
-        "array-iterate": "1.1.1"
-      }
-    },
-    "unist-util-remove-position": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/unist-util-remove-position/-/unist-util-remove-position-1.1.1.tgz",
-      "integrity": "sha1-WoXBVV/BugwQG4ZwfRXlD6TIcbs=",
-      "requires": {
-        "unist-util-visit": "1.1.3"
-      }
-    },
-    "unist-util-stringify-position": {
-      "version": "1.1.1",
-      "resolved": "https://registry.npmjs.org/unist-util-stringify-position/-/unist-util-stringify-position-1.1.1.tgz",
-      "integrity": "sha1-PMvcU2ee7W7PN3fdf14yKcG2qjw="
-    },
-    "unist-util-visit": {
-      "version": "1.1.3",
-      "resolved": "https://registry.npmjs.org/unist-util-visit/-/unist-util-visit-1.1.3.tgz",
-      "integrity": "sha1-7CaOcxudJ3p5pbWqBkOZDkBdYAs="
-    },
-    "unpipe": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
-      "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
-    },
-    "unzip": {
-      "version": "0.1.11",
-      "resolved": "https://registry.npmjs.org/unzip/-/unzip-0.1.11.tgz",
-      "integrity": "sha1-iXScY7BY19kNYZ+GuYqhU107l/A=",
-      "requires": {
-        "binary": "0.3.0",
-        "fstream": "0.1.31",
-        "match-stream": "0.0.2",
-        "pullstream": "0.4.1",
-        "readable-stream": "1.0.34",
-        "setimmediate": "1.0.5"
-      },
-      "dependencies": {
-        "isarray": {
-          "version": "0.0.1",
-          "resolved": "https://registry.npmjs.org/isarray/-/isarray-0.0.1.tgz",
-          "integrity": "sha1-ihis/Kmo9Bd+Cav8YDiTmwXR7t8="
-        },
-        "readable-stream": {
-          "version": "1.0.34",
-          "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-1.0.34.tgz",
-          "integrity": "sha1-Elgg40vIQtLyqq+v5MKRbuMsFXw=",
-          "requires": {
-            "core-util-is": "1.0.2",
-            "inherits": "2.0.3",
-            "isarray": "0.0.1",
-            "string_decoder": "0.10.31"
-          }
-        },
-        "string_decoder": {
-          "version": "0.10.31",
-          "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-0.10.31.tgz",
-          "integrity": "sha1-YuIDvEF2bGwoyfyEMB2rHFMQ+pQ="
-        }
-      }
-    },
-    "url-parse": {
-      "version": "1.0.5",
-      "resolved": "https://registry.npmjs.org/url-parse/-/url-parse-1.0.5.tgz",
-      "integrity": "sha1-CFSGBCKv3P7+tsllxmLUgAFpkns=",
-      "dev": true,
-      "requires": {
-        "querystringify": "0.0.4",
-        "requires-port": "1.0.0"
-      }
-    },
-    "util-deprecate": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
-      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
-    },
-    "utils-merge": {
-      "version": "1.0.1",
-      "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
-      "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
-    },
-    "uuid": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.2.1.tgz",
-      "integrity": "sha512-jZnMwlb9Iku/O3smGWvZhauCf6cvvpKi4BKRiliS3cxnI+Gz9j5MEpTz2UFuXiKPJocb7gnsLHwiS05ige5BEA=="
-    },
-    "validate-npm-package-license": {
-      "version": "3.0.1",
-      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.1.tgz",
-      "integrity": "sha1-KAS6vnEq0zeUWaz74kdGqywwP7w=",
-      "requires": {
-        "spdx-correct": "1.0.2",
-        "spdx-expression-parse": "1.0.4"
-      }
-    },
-    "vary": {
-      "version": "1.1.2",
-      "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
-      "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
-    },
-    "verror": {
-      "version": "1.10.0",
-      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
-      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
-      "requires": {
-        "assert-plus": "1.0.0",
-        "core-util-is": "1.0.2",
-        "extsprintf": "1.3.0"
-      }
-    },
-    "vfile": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/vfile/-/vfile-2.1.0.tgz",
-      "integrity": "sha1-086Lgl57jVO4lhZDQSczgZNvAr0=",
-      "requires": {
-        "is-buffer": "1.1.5",
-        "replace-ext": "1.0.0",
-        "unist-util-stringify-position": "1.1.1"
-      }
-    },
-    "vfile-location": {
-      "version": "2.0.1",
-      "resolved": "https://registry.npmjs.org/vfile-location/-/vfile-location-2.0.1.tgz",
-      "integrity": "sha1-C/iBb3MrD4vZAqVv2kxiyOk13FI="
-    },
-    "walk": {
-      "version": "2.3.9",
-      "resolved": "https://registry.npmjs.org/walk/-/walk-2.3.9.tgz",
-      "integrity": "sha1-MbTbZnjyrgHDnqn7hyWpAx5Vins=",
-      "requires": {
-        "foreachasync": "3.0.0"
-      }
-    },
-    "which": {
-      "version": "1.3.0",
-      "resolved": "https://registry.npmjs.org/which/-/which-1.3.0.tgz",
-      "integrity": "sha512-xcJpopdamTuY5duC/KnTTNBraPK54YwpenP4lzxU8H91GudWpFv38u0CKjclE1Wi2EH2EDz5LRcHcKbCIzqGyg==",
-      "dev": true,
-      "requires": {
-        "isexe": "2.0.0"
-      }
-    },
-    "which-module": {
-      "version": "2.0.0",
-      "resolved": "https://registry.npmjs.org/which-module/-/which-module-2.0.0.tgz",
-      "integrity": "sha1-2e8H3Od7mQK4o6j6SzHD4/fm6Ho=",
-      "dev": true
-    },
-    "wordwrap": {
-      "version": "1.0.0",
-      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
-      "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=",
-      "dev": true
-    },
-    "wrap-ansi": {
-      "version": "2.1.0",
-      "resolved": "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-2.1.0.tgz",
-      "integrity": "sha1-2Pw9KE3QV5T+hJc8rs3Rz4JP3YU=",
-      "requires": {
-        "string-width": "1.0.2",
-        "strip-ansi": "3.0.1"
-      }
-    },
-    "wrappy": {
-      "version": "1.0.2",
-      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
-      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8="
-    },
-    "write": {
-      "version": "0.2.1",
-      "resolved": "https://registry.npmjs.org/write/-/write-0.2.1.tgz",
-      "integrity": "sha1-X8A4KOJkzqP+kUVUdvejxWbLB1c=",
-      "dev": true,
-      "requires": {
-        "mkdirp": "0.5.1"
-      }
-    },
-    "x-is-function": {
-      "version": "1.0.4",
-      "resolved": "https://registry.npmjs.org/x-is-function/-/x-is-function-1.0.4.tgz",
-      "integrity": "sha1-XSlNw9Joy90GJYDgxd93o5HR+h4="
-    },
-    "x-is-string": {
-      "version": "0.1.0",
-      "resolved": "https://registry.npmjs.org/x-is-string/-/x-is-string-0.1.0.tgz",
-      "integrity": "sha1-R0tQhlrzpJqcRlfwWs0UVFj3fYI="
-    },
-    "xtend": {
-      "version": "4.0.1",
-      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz",
-      "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68="
-    },
-    "y18n": {
-      "version": "3.2.1",
-      "resolved": "https://registry.npmjs.org/y18n/-/y18n-3.2.1.tgz",
-      "integrity": "sha1-bRX7qITAhnnA136I53WegR4H+kE="
-    },
-    "yallist": {
-      "version": "2.1.2",
-      "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz",
-      "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI="
-    },
-    "yargs-parser": {
-      "version": "9.0.2",
-      "resolved": "https://registry.npmjs.org/yargs-parser/-/yargs-parser-9.0.2.tgz",
-      "integrity": "sha1-nM9qQ0YP5O1Aqbto9I1DuKaMwHc=",
-      "dev": true,
-      "requires": {
-        "camelcase": "4.1.0"
-      },
-      "dependencies": {
-        "camelcase": {
-          "version": "4.1.0",
-          "resolved": "https://registry.npmjs.org/camelcase/-/camelcase-4.1.0.tgz",
-          "integrity": "sha1-1UVjW+HjPFQmScaRc+Xeas+uNN0=",
-          "dev": true
-        }
-      }
-    }
-  }
-}
diff --git a/utils/issue-format-bot/package.json b/utils/issue-format-bot/package.json
deleted file mode 100644
index b262eed2a885..000000000000
--- a/utils/issue-format-bot/package.json
+++ /dev/null
@@ -1,43 +0,0 @@
-{
-  "name": "issue-format-bot",
-  "version": "1.0.0",
-  "description": "GitHub bot to parse ruleset issues",
-  "author": "AJ Jordan <alex@strugee.net>",
-  "main": "index.js",
-  "license": "AGPL-3.0+",
-  "repository": {
-    "type": "git",
-    "url": "git+https://github.com/EFForg/HTTPS-Everywhere.git"
-  },
-  "scripts": {
-    "lint": "eslint index.js test lib",
-    "start": "probot run ./index.js",
-    "test": "npm run lint && nyc perjury test/*-test.js"
-  },
-  "bugs": {
-    "url": "https://github.com/EFForg/HTTPS-Everywhere/issues"
-  },
-  "homepage": "https://github.com/EFForg/HTTPS-Everywhere#readme",
-  "devDependencies": {
-    "eslint": "^4.17.0",
-    "expect": "^1.20.2",
-    "nyc": "^11.4.1",
-    "perjury": "^1.1.1",
-    "sinon": "^4.3.0",
-    "smee-client": "^1.0.1"
-  },
-  "engines": {
-    "node": ">= 7.7.0",
-    "npm": ">= 4.0.0"
-  },
-  "dependencies": {
-    "domain-from-partial-url": "^1.0.0",
-    "html-entities": "^1.2.1",
-    "lodash": "^4.17.5",
-    "probot": "^5.0.0",
-    "remark": "^7.0.1",
-    "request": "^2.83.0",
-    "strip-markdown": "^3.0.1",
-    "unzip": "^0.1.11"
-  }
-}
diff --git a/utils/issue-format-bot/test/.eslintrc b/utils/issue-format-bot/test/.eslintrc
deleted file mode 100644
index 5d02eba7e4da..000000000000
--- a/utils/issue-format-bot/test/.eslintrc
+++ /dev/null
@@ -1,5 +0,0 @@
-{
-  "rules": {
-    "handle-callback-err": "off"
-  }
-}
diff --git a/utils/issue-format-bot/test/alexa-mock-test.js b/utils/issue-format-bot/test/alexa-mock-test.js
deleted file mode 100644
index 9d1647b98316..000000000000
--- a/utils/issue-format-bot/test/alexa-mock-test.js
+++ /dev/null
@@ -1,83 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert;
-
-vows.describe('alexa mock array').addBatch({
-  'When we require the module': {
-    topic: function() {
-      return require('./mocks/alexa');
-    },
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it\'s an object with an array property': function(err, obj) {
-      assert.isObject(obj);
-      assert.isArray(obj.data);
-    },
-    'and we examine just the data property': {
-      topic: function(obj) {
-        return obj.data;
-      },
-      'its length is 1000': function(err, alexa) {
-        assert.equal(alexa.length, 1000);
-      },
-      'its 999th element has the right text': function(err, alexa) {
-        assert.equal(alexa[999], 'domain1000.com');
-      },
-      'its 1000th element is undefined': function(err, alexa) {
-        assert.isUndefined(alexa[1000]);
-      },
-      'and we get a nonexistant property': function(err, alexa) {
-        assert.isUndefined(alexa.foobar);
-      },
-      'and we assign a property': {
-        topic: function(alexa) {
-          alexa.someProp = 'Hello world!';
-          return alexa;
-        },
-        'it works': function(err) {
-          assert.ifError(err);
-        },
-        'the property is there': function(err, alexa) {
-          assert.equal(alexa.someProp, 'Hello world!');
-        }
-      },
-      'and we call Array#indexOf with a domain in the array': {
-        topic: function(alexa) {
-          return alexa.indexOf('domain1000.com');
-        },
-        'it works': function(err) {
-          assert.ifError(err);
-        },
-        'it returns the right position': function(err, index) {
-          assert.equal(index, 999);
-        }
-      },
-      'and we call Array#indexOf with a domain not in the array': {
-        topic: function(alexa) {
-          return alexa.indexOf('domain1000000000.com');
-        },
-        'it works': function(err) {
-          assert.ifError(err);
-        },
-        'it returns no match': function(err, index) {
-          assert.equal(index, -1);
-        }
-      },
-      'and we call Array#indexOf with something not a domain at all': {
-        topic: function(alexa) {
-          return alexa.indexOf('foobar!');
-        },
-        'it works': function(err) {
-          assert.ifError(err);
-        },
-        'it returns no match': function(err, index) {
-          assert.equal(index, -1);
-        }
-      }
-    }
-  }
-}).export(module);
diff --git a/utils/issue-format-bot/test/context-mock-test.js b/utils/issue-format-bot/test/context-mock-test.js
deleted file mode 100644
index 996cc7caf8ee..000000000000
--- a/utils/issue-format-bot/test/context-mock-test.js
+++ /dev/null
@@ -1,71 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert,
-  _ = require('lodash');
-
-function assertProp(prop, asserter) {
-  return function(err, context) {
-    assert.isTrue(_.has(context, prop));
-    asserter(_.get(context, prop));
-  };
-}
-
-function assertSinonSpy(prop) {
-  return function(err, context) {
-    assert.isFunction(_.get(context, prop));
-    assert.isDefined(_.get(context, prop).called);
-  };
-}
-
-vows.describe('context mock object').addBatch({
-  'When we require the module': {
-    topic: function() {
-      return require('./mocks/context');
-    },
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it\'s an object': function(err, makeContext) {
-      assert.isObject(makeContext);
-    },
-    'it has an issue() factory function': function(err, makeContext) {
-      assert.isFunction(makeContext.issue);
-    },
-    // TODO test that issue numbers aren't the same
-    'and we call makeContext.issue()': {
-      topic: function(makeContext) {
-        return makeContext.issue('Hello world');
-      },
-      'it works': function(err) {
-        assert.ifError(err);
-      },
-      'it returns an object': function(err, context) {
-        assert.isObject(context);
-      },
-      'context.payload.issue is an object': assertProp('payload.issue', assert.isObject),
-      'context.payload.issue.number is a number': assertProp('payload.issue.number', assert.isNumber),
-      'context.payload.issue.body is a string': assertProp('payload.issue.body', assert.isString),
-      'context.github is an object': assertProp('github', assert.isObject),
-      'context.github.issues is an object': assertProp('github.issues', assert.isObject),
-      'context.github.issues.createComment is a Sinon spy': assertSinonSpy('github.issues.createComment'),
-      'context.github.issues.addLabels is a Sinon spy': assertSinonSpy('github.issues.addLabels'),
-      'context.github.issues.removeLabel returns a Promise': function(err, context) {
-        const promise = context.github.issues.removeLabel();
-        assert.isFunction(promise.then);
-      },
-      'context.github.issues.removeLabel is a Sinon spy': assertSinonSpy('github.issues.removeLabel'),
-      'context.issue is a Sinon spy': assertSinonSpy('issue'),
-      'and we call context.issue()': {
-        topic: function(context) {
-          return context.issue('Wheeee!');
-        },
-        'it returns whatever we passed': function(context, val) {
-          assert.equal(val, 'Wheeee!');
-        }
-      }
-    }
-  }
-}).export(module);
diff --git a/utils/issue-format-bot/test/issueedit-handler-test.js b/utils/issue-format-bot/test/issueedit-handler-test.js
deleted file mode 100644
index 688d2ae14526..000000000000
--- a/utils/issue-format-bot/test/issueedit-handler-test.js
+++ /dev/null
@@ -1,20 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  handlerutil = require('./lib/handlerutil');
-
-// TODO make this test that the bot doesn't post >1 "you fixed it" comments
-
-vows.describe('issue edit handler').addBatch(
-  handlerutil.setup('../../lib/issueedit', {
-    'and we pass it the context of an issue edit with a null body': handlerutil.nullBody('don\'t see any text'),
-    'and we pass it the context of a issue edit with a bad type': handlerutil.badType('type of issue'),
-    'and we pass it the context of a issue edit with a type of "new ruleset" and a correct body': handlerutil.correctNewRuleset('Type: new ruleset\nDomain: domain10.com', 'take it from here', 'take it from here'),
-    'and we pass it the context of a issue edit with a type of "new ruleset" and a problematic body': handlerutil.problematicNewRuleset('missing domain information'),
-    'and we pass it the context of a new issue with multiple types': handlerutil.multipleTypes('more than one type'),
-    'and we pass it the context of a new issue with no type': handlerutil.noType('see the type of issue')
-  })
-
-).export(module);
diff --git a/utils/issue-format-bot/test/labeler-test.js b/utils/issue-format-bot/test/labeler-test.js
deleted file mode 100644
index 5f494f517d14..000000000000
--- a/utils/issue-format-bot/test/labeler-test.js
+++ /dev/null
@@ -1,92 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert,
-  makeContext = require('./mocks/context'),
-  alexa = require('./mocks/alexa');
-
-// Note: we only test top 100 and top 1000 because the Alexa mock supports only 1000 items
-// (Or in other words, `new Array(1000000)` hung my Node REPL process when I tried it.)
-
-// We have to do this funky thing so the tests run in serial
-// If they run in parallel, Sinon spies don't reset deterministically and one of the assertions will fail because the spy's been called more than once from another suite
-function setup(name, obj) {
-  const ret = {
-    'When we require the module': {
-      topic: function() {
-        return require('../lib/labeler');
-      },
-      'it works': function(err) {
-        assert.ifError(err);
-      },
-      'it\'s a function': function(err, labeler) {
-        assert.isFunction(labeler);
-      }
-    }
-  };
-
-  ret['When we require the module'][name] = obj;
-
-  return ret;
-}
-
-function resetSpies(context) {
-  return context.github.issues.addLabels.reset();
-}
-
-function addLabelsCalledOnce(err, context) {
-  assert.isTrue(context.github.issues.addLabels.calledOnce);
-}
-
-function assertWhichLabel(label) {
-  return function(err, context) {
-    const args = context.github.issues.addLabels.args[0];
-
-    assert.isObject(args[0]);
-    assert.isArray(args[0].labels);
-    assert.deepEqual(args[0].labels, [label]);
-  };
-}
-
-function assertOtherLabelsRemoved(labels) {
-  return function(err, context) {
-    const calledLabels = context.github.issues.removeLabel.args.map(args => args[0].name);
-    assert.deepEqual(calledLabels, labels);
-  };
-}
-
-vows.describe('issue labeler module').addBatch(setup(
-  'and we pass it an issue in the top 100 domains', {
-    topic: function(labeler) {
-      const context = makeContext.issue();
-      // XXX should we test on the boundaries of different labels instead of in the middle?
-      labeler(context, {domain: 'domain10.com'}, alexa);
-      return context;
-    },
-    teardown: resetSpies,
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it adds labels to the issue only once': addLabelsCalledOnce,
-    'the label was the top-100 label': assertWhichLabel('top-100'),
-    'all other labels were removed': assertOtherLabelsRemoved(['top-1k', 'top-10k', 'top-100k', 'top-1m'])
-  }
-)).addBatch(setup(
-  'and we pass it an issue in the top 1,000 domains', {
-    topic: function(labeler) {
-      const context = makeContext.issue();
-      // XXX should we test on the boundaries of different labels instead of in the middle?
-      labeler(context, {domain: 'domain500.com'}, alexa);
-      return context;
-    },
-    teardown: resetSpies,
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it adds labels to the issue only once': addLabelsCalledOnce,
-    'the label was the top-1k label': assertWhichLabel('top-1k'),
-    'all other labels were removed': assertOtherLabelsRemoved(['top-100', 'top-10k', 'top-100k', 'top-1m'])
-  }
-)).export(module);
diff --git a/utils/issue-format-bot/test/lib/handlerutil.js b/utils/issue-format-bot/test/lib/handlerutil.js
deleted file mode 100644
index 3cee354bc473..000000000000
--- a/utils/issue-format-bot/test/lib/handlerutil.js
+++ /dev/null
@@ -1,184 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert,
-  robot = require('../mocks/robot'),
-  alexa = require('../mocks/alexa'),
-  makeContext = require('../mocks/context'),
-  _ = require('lodash');
-
-// TODO tests for this file
-
-// INTERNAL UTILITY FUNCTIONS
-
-function itWorks(err) {
-  assert.ifError(err);
-}
-
-function createsOneComment(err, context) {
-  assert.isTrue(context.github.issues.createComment.calledOnce);
-}
-
-function createsCommentWithMessage(text) {
-  return function(err, context) {
-    // args[0] is first call arguments, second [0] is first arg
-    assert.isObject(context.github.issues.createComment.args[0][0]);
-    // TODO try to find a more decoupled way than matching text
-    assert.isTrue(context.github.issues.createComment.args[0][0].body.includes(text));
-  };
-}
-
-// EXPORTS
-
-function setup(path, obj) {
-  return {
-    'When we require the module': {
-      topic: function() {
-        return require(path);
-      },
-      'it works': itWorks,
-      'it\'s a function': function(err, newissue) {
-        assert.isFunction(newissue);
-      },
-      // We insert the provided object here
-      'and we initialize it with a robot': _.assign({
-        topic: function(newissue) {
-          return newissue(robot, alexa);
-        },
-        'it works': function(err) {
-          assert.ifError(err);
-        },
-        'it returns a function': function(err, handler) {
-          assert.isFunction(handler);
-        }
-      }, obj)
-    }
-  };
-}
-
-function nullBody(text) {
-  return {
-    topic: function(handler) {
-      const context = makeContext.issue('');
-
-      handler(context);
-
-      return context;
-    },
-    'it works': itWorks,
-    'it only creates one comment': createsOneComment,
-    'it creates a comment with the right message': createsCommentWithMessage(text)
-  };
-}
-
-function badType(text) {
-  return {
-    topic: function(handler) {
-      const context = makeContext.issue('Type: invalid');
-
-      handler(context);
-
-      return context;
-    },
-    'it works': itWorks,
-    'it only creates one comment': createsOneComment,
-    'it creates a comment with the right message': createsCommentWithMessage(text)
-  };
-}
-
-function multipleTypes(text) {
-  return {
-    topic: function(handler) {
-      const context = makeContext.issue('Type: new ruleset\nType: ruleset issue');
-
-      handler(context);
-
-      return context;
-    },
-    'it works': itWorks,
-    'it only creates one comment': createsOneComment,
-    'it creates a comment with the right message': createsCommentWithMessage(text)
-  };
-}
-
-function noType(text) {
-  return {
-    topic: function(handler) {
-      const context = makeContext.issue('I didn\'t read instructions but I DID find a ruleset issue');
-
-      handler(context);
-
-      return context;
-    },
-    'it works': itWorks,
-    'it only creates one comment': createsOneComment,
-    'it creates a comment with the right message': createsCommentWithMessage(text)
-  };
-}
-
-function correctNewRuleset(issueText, text) {
-  const obj = {
-    topic: function(handler) {
-      const context = makeContext.issue(issueText);
-
-      const result = handler(context);
-
-      // Edit handler is an AsyncFunction, new issue handler is a Function
-      if (result && result.then) {
-        // Perjury doesn't support promises, so we manually invoke the callback
-        result.then(() => {
-          this.callback(null, context);
-        });
-      } else {
-        return context;
-      }
-    },
-    'it works': itWorks,
-    'it labels the issue appropriately': function(err, context) {
-      assert.isTrue(context.github.issues.addLabels.calledOnce);
-
-      const args = context.github.issues.addLabels.args[0];
-
-      assert.isObject(args[0]);
-      assert.isArray(args[0].labels);
-      assert.deepEqual(args[0].labels, ['top-100']);
-    }
-  };
-
-  if (text) {
-    obj['it only creates one comment'] = createsOneComment;
-
-    obj['it says the user fixed it'] = createsCommentWithMessage(text);
-  } else {
-    obj['it doesn\'t comment'] = function(err, context) {
-      assert.isTrue(context.github.issues.createComment.notCalled);
-    };
-  }
-
-  return obj;
-}
-
-function problematicNewRuleset(text) {
-  return {
-    topic: function(handler) {
-      const context = makeContext.issue('Type: new ruleset');
-
-      handler(context);
-
-      return context;
-    },
-    'it works': itWorks,
-    'it only creates one comment': createsOneComment,
-    'it includes the problem': createsCommentWithMessage(text)
-  };
-}
-
-module.exports.setup = setup;
-module.exports.nullBody = nullBody;
-module.exports.badType = badType;
-module.exports.multipleTypes = multipleTypes;
-module.exports.noType = noType;
-module.exports.correctNewRuleset = correctNewRuleset;
-module.exports.problematicNewRuleset = problematicNewRuleset;
diff --git a/utils/issue-format-bot/test/mocks/alexa.js b/utils/issue-format-bot/test/mocks/alexa.js
deleted file mode 100644
index aafacd9bb160..000000000000
--- a/utils/issue-format-bot/test/mocks/alexa.js
+++ /dev/null
@@ -1,49 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const SIZE = 1000;
-
-const regex = /^domain(\d+).com$/;
-
-function indexOf(str) {
-  const match = regex.exec(str);
-
-  if (match && Number(match[1]) <= SIZE) {
-    return Number(match[1]) - 1;
-  } else {
-
-    /*
-      ESLint is too dumb to realize that this always has a
-      bound `this` from the Proxy, so it's not invalid;
-      that Function#apply is clearer here than using
-      Reflect.apply and isn't the usual overly verbose
-      syntax people use; and that using `arguments` is
-      clearer than using spread syntax (and is one of the
-      rare cases where there isn't really a significant
-      advantage to spread syntax). So we disable it for
-      this line.
-
-      TODO: report this upstream
-    */
-
-    /* eslint-disable */
-    return Array.prototype.indexOf.apply(this, arguments);
-    /* eslint-enable */
-  }
-}
-
-const arr = new Proxy(new Array(SIZE), {
-  get: function(target, name) {
-    // Override Array#indexOf
-    if (name === 'indexOf') {
-      return indexOf.bind(target);
-    }
-
-    // Node REPL uses symbols apparently, which throw TypeErrors when isNaN coerces them, so do those first
-    if (typeof name === 'symbol' || isNaN(name) || name >= SIZE) return target[name];
-    return `domain${Number(name) + 1}.com`;
-  }
-});
-
-module.exports = {data: arr};
diff --git a/utils/issue-format-bot/test/mocks/context.js b/utils/issue-format-bot/test/mocks/context.js
deleted file mode 100644
index a2ceb488f71b..000000000000
--- a/utils/issue-format-bot/test/mocks/context.js
+++ /dev/null
@@ -1,39 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const sinon = require('sinon');
-
-let issueNumber = 1;
-
-function noop() {}
-
-module.exports = {
-  // Note: this is NOT the `context.issue` you see in-source
-  // This is used to create `context` itself; `context.issue` is the Sinon spy you see below
-  issue(body) {
-    return {
-      payload: {
-        issue: {
-          number: issueNumber++,
-          body
-        }
-      },
-      github: {
-        issues: {
-          createComment: sinon.spy(),
-          // TODO actually make this keep track of data
-          getComments: function() {
-            return {
-              data: []
-            };
-          },
-          addLabels: sinon.spy(),
-          removeLabel: sinon.spy(() => new Promise(noop))
-        }
-      },
-      // Blindly pass through the first argument as the return value
-      issue: sinon.spy(arg => arg)
-    };
-  }
-};
diff --git a/utils/issue-format-bot/test/mocks/robot.js b/utils/issue-format-bot/test/mocks/robot.js
deleted file mode 100644
index f9f72ec6797a..000000000000
--- a/utils/issue-format-bot/test/mocks/robot.js
+++ /dev/null
@@ -1,9 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-function noop() {}
-
-module.exports = {
-  log: noop
-};
diff --git a/utils/issue-format-bot/test/newissue-handler-test.js b/utils/issue-format-bot/test/newissue-handler-test.js
deleted file mode 100644
index 211ff8ba60cf..000000000000
--- a/utils/issue-format-bot/test/newissue-handler-test.js
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  handlerutil = require('./lib/handlerutil');
-
-vows.describe('new issue handler').addBatch(
-  handlerutil.setup('../../lib/newissue', {
-    'and we pass it the context of a new issue with a null body': handlerutil.nullBody('can\'t find any text'),
-    'and we pass it the context of a new issue with a bad type': handlerutil.badType('type of issue'),
-    'and we pass it the context of a new issue with a type of "new ruleset" and a correct body': handlerutil.correctNewRuleset('Type: new ruleset\nDomain: domain10.com'),
-    'and we pass it the context of a new issue with a type of "new ruleset" and a problematic body': handlerutil.problematicNewRuleset('missing domain information'),
-    'and we pass it the context of a new issue with multiple types': handlerutil.multipleTypes('more than one type'),
-    'and we pass it the context of a new issue with no type': handlerutil.noType('find the type of issue')
-  })
-).export(module);
diff --git a/utils/issue-format-bot/test/parse-test.js b/utils/issue-format-bot/test/parse-test.js
deleted file mode 100644
index e2ea603c4e3d..000000000000
--- a/utils/issue-format-bot/test/parse-test.js
+++ /dev/null
@@ -1,169 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert,
-  _ = require('lodash');
-
-function assertCorrectBody(text) {
-  return {
-    topic: function(parse) {
-      return parse(text);
-    },
-    'it returns an object': function(err, obj) {
-      assert.ifError(err);
-      assert.isObject(obj);
-    },
-    'the object has the right data': function(err, obj) {
-      assert.includes(obj, 'domain');
-      assert.equal(obj.domain, 'example.com');
-    }
-  };
-}
-
-function assertTypeSucceeds(type) {
-  return {
-    topic: function(parse) {
-      return parse('Type: ' + type);
-    },
-    'it returns an object': function(err, obj) {
-      assert.ifError(err);
-      assert.isObject(obj);
-    },
-    'the object is normal data': function(err, obj) {
-      assert.equal(obj.type, type);
-    }
-  };
-}
-
-vows.describe('issue parser module').addBatch({
-  'When we require the module': {
-    topic: function() {
-      return require('../lib/parse');
-    },
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it\'s a function': function(err, parse) {
-      assert.isFunction(parse);
-    },
-    'and we pass it a body that\'s a ruleset issue': assertCorrectBody('Type: ruleset issue\nDomain: example.com'),
-    'and we pass it a body with funky capitalization': {
-      topic: function(parse) {
-        return parse('tyPe: ruleset issue\nDoMaIn: example.com');
-      },
-      'it returns an object': function(err, obj) {
-        assert.ifError(err);
-        assert.isObject(obj);
-      },
-      'the capitalization didn\'t matter': function(err, obj) {
-        assert.includes(obj, 'domain');
-        assert.equal(obj.domain, 'example.com');
-      }
-    },
-    'and we pass it a body with out-of-order data': assertCorrectBody('Domain: example.com\nType: ruleset issue'),
-    'and we pass it a body with lots of whitespace': {
-      topic: function(parse) {
-        return parse('Type:  ruleset issue         \nDomain:  \t\t   example.com   \t');
-      },
-      'it returns an object': function(err, obj) {
-        assert.ifError(err);
-        assert.isObject(obj);
-      },
-      'the whitespace was trimmed': function(err, obj) {
-        assert.includes(obj, 'domain');
-        assert.equal(obj.domain, 'example.com');
-      }
-    },
-    'and we pass it a body with many newlines': {
-      topic: function(parse) {
-        return parse('\n\nType: ruleset issue\n\n\n\nDomain: example.com\n\n');
-      },
-      'it returns an object': function(err, obj) {
-        assert.ifError(err);
-        assert.isObject(obj);
-      },
-      'the newlines were ignored': function(err, obj) {
-        assert.equal(_.size(obj), 2);
-      }
-    },
-    'and we pass it a body with some Markdown comments': {
-      topic: function(parse) {
-        // TODO this should test for comments on the same line too, but see wooorm/strip-markdown#14
-        return parse('<!-- comment -->\nType: ruleset issue\n<!-- comment after newline -->\nDomain: example.com');
-      },
-      'it returns an object': function(err, obj) {
-        assert.ifError(err);
-        assert.isObject(obj);
-      },
-      'the object has the right data': function(err, obj) {
-        assert.includes(obj, 'domain');
-        assert.equal(obj.domain, 'example.com');
-      },
-      'the object doesn\'t have a bunch of extra keys': function(err, obj) {
-        assert.equal(_.size(obj), 2);
-      }
-    },
-    'and we pass it a body that has a full URL in the domain': {
-      topic: function(parse) {
-        return parse('Type: ruleset issue\nDomain: http://example.com/index.html');
-      },
-      'it returns an object': function(err, obj) {
-        assert.ifError(err);
-        assert.isObject(obj);
-      },
-      'the URL was converted into a bare domain': function(err, obj) {
-        assert.includes(obj, 'domain');
-        assert.equal(obj.domain, 'example.com');
-      }
-    },
-    'and we pass it a body that has a freeform comment': assertCorrectBody('Type: new ruleset\nDomain: example.com\nAnd let me say, what a great GitHub bot HTTPS Everywhere has!'),
-    'and we pass it a body that has a freeform comment with a Markdown link': assertCorrectBody('Type: new ruleset\nDomain: example.com\nPlease add [example.com][].\n\n [example.com]: http://example.com.'),
-    'and we pass it a body that has a freeform comment with colons': assertCorrectBody('Type: new ruleset\nDomain: example.com\nHere\'s a secret: I like colons.'),
-    'and we pass it a body that has a freeform comment with multiple colons': assertCorrectBody('Type: new ruleset\nDomain: example.com\nHere\'s a secret: I like colons. Another secret: I like them a lot.'),
-    'and we pass it a code issue without any other data': assertTypeSucceeds('code issue'),
-    'and we pass it a feature request without any other data': assertTypeSucceeds('feature request'),
-    'and we pass it an issue labeled "other" without any other data': assertTypeSucceeds('other'),
-    'and we pass it a body that isn\'t a valid issue type': {
-      topic: function(parse) {
-        return parse('Type: something else\nDomain: example.com');
-      },
-      'it returns the right error': function(err, obj) {
-        assert.ifError(err);
-        assert.instanceOf(obj, Error);
-        assert.equal(obj.message, 'invalid type');
-      }
-    },
-    'and we pass it a body with more than one type': {
-      topic: function(parse) {
-        return parse('Type: new ruleset\nType: ruleset issue');
-      },
-      'it returns the right error': function(err, obj) {
-        assert.ifError(err);
-        assert.instanceOf(obj, Error);
-        assert.equal(obj.message, 'multiple types');
-      }
-    },
-    'and we pass it a body with no type': {
-      topic: function(parse) {
-        return parse('I tried turning it off and on again and it still doesn\'t work');
-      },
-      'it returns the right error': function(err, obj) {
-        assert.ifError(err);
-        assert.instanceOf(obj, Error);
-        assert.equal(obj.message, 'no type');
-      }
-    },
-    'and we pass it a null body': {
-      topic: function(parse) {
-        return parse('');
-      },
-      'it returns the right error': function(err, obj) {
-        assert.ifError(err);
-        assert.instanceOf(obj, Error);
-        assert.equal(obj.message, 'null description');
-      }
-    }
-  }
-}).export(module);
diff --git a/utils/issue-format-bot/test/robot-mock-test.js b/utils/issue-format-bot/test/robot-mock-test.js
deleted file mode 100644
index f0c488466764..000000000000
--- a/utils/issue-format-bot/test/robot-mock-test.js
+++ /dev/null
@@ -1,23 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert;
-
-vows.describe('robot mock object').addBatch({
-  'When we require the module': {
-    topic: function() {
-      return require('./mocks/robot');
-    },
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it\'s an object': function(err, robot) {
-      assert.isObject(robot);
-    },
-    'we can call log() on it': function(err, robot) {
-      return robot.log('Hello, world!');
-    }
-  }
-}).export(module);
diff --git a/utils/issue-format-bot/test/validate-test.js b/utils/issue-format-bot/test/validate-test.js
deleted file mode 100644
index a3821aac7e5b..000000000000
--- a/utils/issue-format-bot/test/validate-test.js
+++ /dev/null
@@ -1,62 +0,0 @@
-// Copyright 2017 AJ Jordan, AGPLv3+
-
-'use strict';
-
-const vows = require('perjury'),
-  assert = vows.assert;
-
-function missingRequiredDomain(type) {
-  return 	{
-    topic: function(validate) {
-      return validate({
-        type
-      });
-    },
-    'it returns an array': function(err, problems) {
-      assert.ifError(err);
-      assert.isArray(problems);
-    },
-    'the array has only one problem': function(err, problems) {
-      assert.equal(problems.length, 1);
-    },
-    'the array has a missing domain problem': function(err, problems) {
-      assert.isTrue(problems[0].includes('missing domain'));
-    }
-  };
-}
-
-function hasRequiredDomain(type) {
-  return 	{
-    topic: function(validate) {
-      return validate({
-        type,
-        domain: 'example.com'
-      });
-    },
-    'it returns an array': function(err, problems) {
-      assert.ifError(err);
-      assert.isArray(problems);
-    },
-    'the array has no problems': function(err, problems) {
-      assert.equal(problems.length, 0);
-    }
-  };
-}
-
-vows.describe('data validator module').addBatch({
-  'When we require the module': {
-    topic: function() {
-      return require('../lib/validate');
-    },
-    'it works': function(err) {
-      assert.ifError(err);
-    },
-    'it\'s a function': function(err, validate) {
-      assert.isFunction(validate);
-    },
-    'and we pass it a new ruleset without a domain': missingRequiredDomain('new ruleset'),
-    'and we pass it a ruleset issue without a domain': missingRequiredDomain('ruleset issue'),
-    'and we pass it a new ruleset with a domain': hasRequiredDomain('new ruleset'),
-    'and we pass it a ruleset issue with a domain': hasRequiredDomain('ruleset issue')
-  }
-}).export(module);
diff --git a/utils/labeller/.gitignore b/utils/labeller/.gitignore
deleted file mode 100644
index cd13ae6717b9..000000000000
--- a/utils/labeller/.gitignore
+++ /dev/null
@@ -1,3 +0,0 @@
-config.json
-node_modules
-*.swp
diff --git a/utils/labeller/Dockerfile b/utils/labeller/Dockerfile
deleted file mode 100644
index 138b73e12480..000000000000
--- a/utils/labeller/Dockerfile
+++ /dev/null
@@ -1,12 +0,0 @@
-FROM node
-MAINTAINER William Budington <bill@eff.org>
-
-WORKDIR /opt
-
-COPY package.json .
-RUN npm install
-COPY index.js .
-COPY config.json.example .
-RUN mv config.json.example config.json
-
-CMD ["node", "index.js"]
diff --git a/utils/labeller/README.md b/utils/labeller/README.md
deleted file mode 100644
index 4d979e3ecb08..000000000000
--- a/utils/labeller/README.md
+++ /dev/null
@@ -1,38 +0,0 @@
-# HTTPS Everywhere Labeller
-
-This compares the open PR requests that have ruleset changes to the Alexa top 1M sites, and adds labels corresponding to how they place within Alexa.  Current labels are:
-
-1. `top-100`
-2. `top-1k`
-3. `top-10k`
-4. `top-100k`
-5. `top-1m`
-
-This will work for admins of HTTPS Everywhere that generate a [GitHub token](https://github.com/settings/tokens).
-
-## Setup
-
-### With Docker
-
-    docker build -t labeller .
-
-### Without Docker
-
-Download and install `node` and `npm`, then
-
-    npm install
-    cp config.json.example config.json
-
-Enter your GitHub token info into `config.json`.
-
-## Running
-
-### With Docker
-
-Set your `$GITHUB_TOKEN`, and run
-
-    docker run -it -v $(pwd)/state_dir:/opt/state_dir -e GITHUB_TOKEN=$GITHUB_TOKEN labeller
-
-### Without Docker
-
-    node index.js
diff --git a/utils/labeller/config.json.example b/utils/labeller/config.json.example
deleted file mode 100644
index 8cad030bc425..000000000000
--- a/utils/labeller/config.json.example
+++ /dev/null
@@ -1,6 +0,0 @@
-{
-  "github_token": "",
-  "github_user": "efforg",
-  "github_repo": "https-everywhere",
-  "state_file": "state_dir/most_recent_pr_checked.state"
-}
diff --git a/utils/labeller/index.js b/utils/labeller/index.js
deleted file mode 100644
index 99da8f848df6..000000000000
--- a/utils/labeller/index.js
+++ /dev/null
@@ -1,216 +0,0 @@
-"use strict";
-
-var fs = require('fs');
-var readline = require('readline');
-
-var GitHubApi = require('github');
-var _ = require('lodash');
-var parseXML = require('xml2js').parseString;
-var async = require('async');
-var request = require('request');
-var unzip = require('unzip');
-var ProgressBar = require('progress');
-
-var config = require('./config');
-
-// Fetch the Alexa top 1M sites and push it to an array `alexa` via streams
-function get_alexa(alexa_cb){
-
-  var alexa = []
-  var csv_regex = /^[0-9]+,(.+)/
-
-  request.get('https://s3.amazonaws.com/alexa-static/top-1m.csv.zip')
-    .on('error', function(err) {
-      alexa_cb(err);
-    })
-    .pipe(unzip.Parse())
-    .on('entry', function (entry) {
-
-      var bar = new ProgressBar('Processing Alexa Top 1M [:bar] :percent :etas', {
-        total: 100
-      });
-
-      var lineReader = require('readline').createInterface({
-        input: entry
-      });
-
-      var x = 0;
-      lineReader.on('line', function (line) {
-        var domain = line.match(csv_regex)[1]
-        alexa.push(domain);
-
-        if(x % 10000 == 0) bar.tick();
-        x++;
-      });
-
-      lineReader.on('close', function(){
-        alexa_cb(null, alexa);
-      });
-
-    });
-};
-
-function get_most_recent_pr(alexa, recent_cb){
-  fs.readFile(config.state_file, function(err, data){
-    if(err){
-      fs.writeFile(config.state_file, '0', function(err){
-        if(err) return recent_cb(err);
-        recent_cb(null, [alexa, 0]);
-      });
-    } else {
-      recent_cb(null, [alexa, Number(data)]);
-    }
-  });
-}
-
-function github_process_prs(res, pr_cb){
-  var alexa = res[0],
-    most_recent_pr_checked = res[1];
-
-  var github = new GitHubApi();
-  var wildcard_www_regex = /^(www|\*)\.(.+)/
-
-  var httpse = {
-    user: config.github_user,
-    repo: config.github_repo
-  }
-
-  github.authenticate({
-    type: "oauth",
-    token: config.github_token || process.env.GITHUB_TOKEN
-  })
-
-  // Label all PRs which meet the criteria for labelling
-  function github_process_pr_page(first_page){
-    return function(err, pull_requests){
-      if(first_page){
-        fs.writeFile(config.state_file, pull_requests[0].number, function(err){
-          if(err) return pr_cb(err);
-        });
-      }
-
-      _.each(pull_requests, function(pull_request){
-
-        if(pull_request.number > most_recent_pr_checked){
-          github.pullRequests.getFiles(_.extend(httpse, {
-            number: pull_request.number
-          }), function(err, files){
-            if(err) return pr_cb(err);
-
-            // Rank a list of target hosts, returning the minimum alexa placing
-            function rank_targets(targets){
-              var minimum_placing = 9999999;
-
-              _.each(targets, function(host){
-                if(host.match(wildcard_www_regex)){
-                  host = host.match(wildcard_www_regex)[2];
-                }
-
-                var alexa_placing = alexa.indexOf(host);
-                if(~alexa_placing && alexa_placing < minimum_placing){
-                  minimum_placing = alexa_placing;
-                }
-              });
-
-              if(minimum_placing != 9999999){
-                return minimum_placing;
-              }
-            }
-
-            // Given the url of an HTTPSE ruleset, return a list of targets to fetch_cb
-            function fetch_url_and_parse_targets(url, fetch_cb){
-              request({url: url}, function(err, res, body){
-                if(err) return fetch_cb(err);
-
-                parseXML(body, function(err, root){
-                  if(err) return fetch_cb(err);
-
-                  fetch_cb(null, _.map(root.ruleset.target, function(target){
-                    return target.$.host;
-                  }));
-                });
-              });
-            }
-
-            var file_fetches = [];
-
-            // Out of the list of files for this PR, figure out the minimum Alexa ranking for each
-            _.each(files, function(file){
-              if(file.filename.match(/^src\/chrome\/content\/rules\//)){
-                file_fetches.push(function(file_cb){
-                  fetch_url_and_parse_targets(file.raw_url, function(err, targets){
-                    if(err) return file_cb(err);
-
-                    console.log("Processing PR: " + pull_request.number + ", file: " + file.filename);
-
-                    var ranking = rank_targets(targets);
-                    if(ranking){
-                      return file_cb(null, {
-                        alexa_placing: ranking,
-                        pr_number: pull_request.number
-                      });
-                    } else {
-                      return file_cb();
-                    }
-                  });
-                });
-              }
-            });
-
-            async.parallel(file_fetches, function(err, res){
-              if(err) pr_cb(err);
-
-              var reduced_pr_ranking =  _.reduce(_.filter(res),
-                function(minimum_file_res, file_res){
-                  if(file_res.alexa_placing < minimum_file_res.alexa_placing){
-                    return file_res;
-                  }
-                  return minimum_file_res;
-                });
-
-              if(reduced_pr_ranking){
-                let label;
-                if(reduced_pr_ranking.alexa_placing < 100){
-                  label = "top-100";
-                } else if(reduced_pr_ranking.alexa_placing < 1000){
-                  label = "top-1k";
-                } else if(reduced_pr_ranking.alexa_placing < 10000){
-                  label = "top-10k";
-                } else if(reduced_pr_ranking.alexa_placing < 100000){
-                  label = "top-100k";
-                } else {
-                  label = "top-1m";
-                }
-                console.log("Applying label `" + label + "` to PR: " + reduced_pr_ranking.pr_number);
-
-                github.issues.addLabels(_.extend(httpse, {
-                  number: reduced_pr_ranking.pr_number,
-                  body: [label]
-                }), function(err, res){
-                  if(err) console.log(err);
-                });
-              }
-            });
-          });
-        }
-      });
-
-      if(github.hasNextPage(pull_requests)){
-        github.getNextPage(pull_requests, github_process_pr_page(false));
-      }
-    }
-  }
-
-  github.pullRequests.getAll(_.extend(httpse, {
-    state: "open",
-    per_page: 100
-  }), github_process_pr_page(true));
-}
-
-async.waterfall([
-  get_alexa,
-  get_most_recent_pr,
-  github_process_prs
-], function(err, result){
-  if(err) console.log(err);
-});
diff --git a/utils/labeller/package.json b/utils/labeller/package.json
deleted file mode 100644
index 98e9ca416c5a..000000000000
--- a/utils/labeller/package.json
+++ /dev/null
@@ -1,20 +0,0 @@
-{
-  "name": "https-everywhere-labeller",
-  "version": "1.0.0",
-  "description": "",
-  "main": "index.js",
-  "scripts": {
-    "test": "echo \"Error: no test specified\" && exit 1"
-  },
-  "author": "William Budington",
-  "license": "GPL-3.0",
-  "dependencies": {
-    "async": "^2.0.1",
-    "github": "^2.5.1",
-    "lodash": "^4.15.0",
-    "progress": "^1.1.8",
-    "request": "^2.74.0",
-    "unzip": "^0.1.11",
-    "xml2js": "^0.4.17"
-  }
-}
diff --git a/utils/labeller/state_dir/.gitignore b/utils/labeller/state_dir/.gitignore
deleted file mode 100644
index 12a93b415c3e..000000000000
--- a/utils/labeller/state_dir/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-most_recent_pr_checked.state
diff --git a/utils/memusage.js b/utils/memusage.js
new file mode 100644
index 000000000000..7db7faaa1189
--- /dev/null
+++ b/utils/memusage.js
@@ -0,0 +1,50 @@
+/* eslint-env es6, node */
+/* globals gc */
+
+'use strict';
+
+if (typeof gc !== 'function') {
+	throw new Error('Please re-run with `node --expose-gc utils/memusage.js`');
+}
+
+const { RuleSets } = require('../chromium/background-scripts/rules');
+const { readFileSync } = require('fs');
+const json = JSON.parse(readFileSync(`${__dirname}/../rules/default.rulesets`, 'utf-8'));
+
+function memUsage() {
+	gc(); // don't measure garbage
+	return process.memoryUsage().heapUsed;
+}
+
+function memToString(before, after) {
+	return (Math.round((after - before) / (1 << 20) * 10) / 10).toLocaleString() + ' MB';
+}
+
+const start = memUsage();
+let middle, end;
+
+{
+	const ruleSets = new RuleSets(Object.create(null));
+	ruleSets.addFromJson(json);
+	middle = memUsage();
+}
+
+{
+	const oldRegExp = RegExp;
+
+	global.RegExp = function (...args) {
+		let r = new oldRegExp(...args);
+		r.test(''); // force engine to compile RegExp
+		return r;
+	};
+
+	const ruleSets = new RuleSets(Object.create(null));
+	ruleSets.addFromJson(json);
+	end = memUsage();
+}
+
+// rulesets loaded but regexps are not compiled
+console.log('Initial usage:', memToString(start, middle));
+
+// with all regexps compiled
+console.log('Maximum usage:', memToString(middle, end));
diff --git a/utils/merge-rulesets.py b/utils/merge-rulesets.py
index fb9b0f980fcd..efd62cbaf8d8 100644
--- a/utils/merge-rulesets.py
+++ b/utils/merge-rulesets.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 
 # Merge all the .xml rulesets into a single "default.rulesets" file -- this
 # prevents inodes from wasting disk space, but more importantly, this works
@@ -15,12 +15,12 @@
 import xml.etree.ElementTree
 
 def normalize(f):
-	"""
-	OSX and Linux filesystems encode composite characters differently in
-	filenames. We should normalize to NFC: http://unicode.org/reports/tr15/
-	"""
-	f = unicodedata.normalize("NFC", f)
-	return f
+    """
+    OSX and Linux filesystems encode composite characters differently in
+    filenames. We should normalize to NFC: http://unicode.org/reports/tr15/
+    """
+    f = unicodedata.normalize("NFC", f)
+    return f
 
 # commandline arguments parsing (nobody use it, though)
 parser = argparse.ArgumentParser(description="Merge rulesets")
@@ -30,13 +30,16 @@ def normalize(f):
 
 # output filename, pointed to the merged ruleset
 ofn = os.path.join(args.source_dir, "default.rulesets")
+ojson = os.path.join(args.source_dir, "default.rulesets.json")
 
 # XML Ruleset Files
 files = map(normalize, glob.glob(os.path.join(args.source_dir, "*.xml")))
 
 # Under git bash, sed -i issues errors and sets the file "read-only".
 if os.path.isfile(ofn):
-	os.system("chmod u+w " + ofn)
+    os.system("chmod u+w " + ofn)
+if os.path.isfile(ojson):
+    os.system("chmod u+w " + ojson)
 
 # Library (JSON Object)
 library = []
@@ -44,48 +47,68 @@ def normalize(f):
 # Parse XML ruleset and construct JSON library
 print(" * Parsing XML ruleset and constructing JSON library...")
 for filename in sorted(files):
-	tree = xml.etree.ElementTree.parse(filename)
-	root = tree.getroot()
-
-	ruleset = {}
-
-	for attr in root.attrib:
-		ruleset[attr] = root.attrib[attr]
-
-	for child in root:
-		if child.tag in ["target", "rule", "securecookie", "exclusion"]:
-			if child.tag not in ruleset:
-				ruleset[child.tag] = []
-		else:
-			continue
-
-		if child.tag == "target":
-			ruleset["target"].append(child.attrib["host"])
-
-		elif child.tag == "rule":
-			ru = {}
-			ru["from"] = child.attrib["from"]
-			ru["to"] = child.attrib["to"]
-
-			ruleset["rule"].append(ru)
-
-		elif child.tag == "securecookie":
-			sc = {}
-			sc["host"] = child.attrib["host"]
-			sc["name"] = child.attrib["name"]
-
-			ruleset["securecookie"].append(sc)
-
-		elif child.tag == "exclusion":
-			ruleset["exclusion"].append(child.attrib["pattern"])
-
-	library.append(ruleset);
+    tree = xml.etree.ElementTree.parse(filename)
+    root = tree.getroot()
+
+    ruleset = {}
+    trivialNameSecureCookie = None
+
+    for attr in root.attrib:
+        ruleset[attr] = root.attrib[attr]
+
+    for child in root:
+        if child.tag in ["target", "rule", "securecookie", "exclusion"]:
+            if child.tag not in ruleset:
+                ruleset[child.tag] = []
+        else:
+            continue
+
+        if child.tag == "target":
+            ruleset["target"].append(child.attrib["host"])
+
+        elif child.tag == "rule":
+            ru = {}
+            ru["from"] = child.attrib["from"]
+            ru["to"] = child.attrib["to"]
+
+            ruleset["rule"].append(ru)
+
+        elif child.tag == "securecookie":
+            if child.attrib["name"] == ".+":
+                if not trivialNameSecureCookie:
+                    trivialNameSecureCookie = {}
+                    trivialNameSecureCookie["host"] = child.attrib["host"]
+                    trivialNameSecureCookie["name"] = ".+"
+                else:
+                    trivialNameSecureCookie["host"] = (trivialNameSecureCookie["host"] + "|" + child.attrib["host"])
+            else:
+                sc = {}
+                sc["host"] = child.attrib["host"]
+                sc["name"] = child.attrib["name"]
+
+                ruleset["securecookie"].append(sc)
+
+        elif child.tag == "exclusion":
+            if len(ruleset["exclusion"]) == 0:
+                ruleset["exclusion"].append(child.attrib["pattern"])
+            else:
+                ruleset["exclusion"][0] = (ruleset["exclusion"][0] + "|" + child.attrib["pattern"])
+
+    if trivialNameSecureCookie:
+        ruleset["securecookie"].insert(0, trivialNameSecureCookie)
+
+    library.append(ruleset);
 
 # Write to default.rulesets
-print(" * Writing JSON library to %s" % ofn)
+print(" * Writing JSON library to %s and %s"% (ofn, ojson) )
 outfile = open(ofn, "w")
-outfile.write(json.dumps(library))
+jsonout = open(ojson, "w")
+
+outfile.write(json.dumps(library, separators=(",", ":")))
+jsonout.write(json.dumps(library, separators=(",", ":")))
+
 outfile.close()
+jsonout.close()
 
 # Everything is okay.
 print(" * Everything is okay.")
diff --git a/utils/mk-client-whitelist/dbconnect.py b/utils/mk-client-whitelist/dbconnect.py
deleted file mode 100644
index e3b9032e20f1..000000000000
--- a/utils/mk-client-whitelist/dbconnect.py
+++ /dev/null
@@ -1,24 +0,0 @@
-#!/usr/bin/env python3.6
-import MySQLdb
-
-try:    from db_private import DB_USER
-except: DB_USER = "root"  # customise for your install
-
-try:    from db_private import DB_PASS
-except: DB_PASS = "root"  # customise
-
-try:    from db_private import DB_NAME
-except: DB_NAME = "observatory_api"
-
-TEST_DB_NAME = "tmp_TESTDB1"
-
-def dbconnect():
-  db = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=DB_NAME)
-  dbc = db.cursor()
-  return db,dbc
-
-def dbconnecttest():
-  db = MySQLdb.connect(user=DB_USER, passwd=DB_PASS, db=TEST_DB_NAME)
-  dbc = db.cursor()
-  return db,dbc
-
diff --git a/utils/mk-client-whitelist/run.py b/utils/mk-client-whitelist/run.py
deleted file mode 100755
index 43837d75e80a..000000000000
--- a/utils/mk-client-whitelist/run.py
+++ /dev/null
@@ -1,51 +0,0 @@
-#!/usr/bin/env python3.6
-
-# Make a list of the current top 1,000 certs to whitelist from the
-# Decentralized SSL Observatory's client submissions, to live in
-# https-everywhere/src/chrome/content/code/X509ChainWhitelist.js
-
-import dbconnect
-import sys
-
-db, dbc = dbconnect.dbconnect()
-
-import time
-few_days_ago = time.gmtime(time.time() - 3600 * 24 * 3)
-cutoff = time.strftime("%Y-%m-%d", few_days_ago)
-
-# This currently runs on the decentralized observatory server, but will also
-# run on the published datasets and read-only SQL servers too...
-
-q = """
-SELECT hex(reports.chain_fp), count, `Validity:Not After`, Subject
-FROM reports JOIN chains       ON reports.chain_fp = chains.chain_fp
-             JOIN new_parsed_certs ON reports.cert_fp  = new_parsed_certs.cert_fp
-WHERE count > 1000 AND
-      `Validity:Not After` > "{}"
-GROUP BY reports.chain_fp
-ORDER BY count DESC
-LIMIT 1000
-""".format(cutoff)
-
-dbc.execute(q)
-results = dbc.fetchmany(1000)
-
-sys.stderr.write("TOP 1000:\n")
-for n in range(1000):
-    sys.stderr.write(repr(results[n][1:4]) + results[n][0][:4]+ '\n')
-
-header = """
-// These are SHA256 fingerprints for the most common chains observed by the
-// Decentralized SSL Observatory.  These should not be resubmitted.
-// This file is automatically generated by utils/mk_client_whitelist.py
-
-const X509ChainWhitelist = {"""
-
-print(header)
-for chain_fp in sorted([row[0] for row in results]):
-  print("  '{}' : true,".format(chain_fp))
-
-footer = "} ;"
-print(footer)
-
-
diff --git a/utils/rewriter/package.json b/utils/rewriter/package.json
index 154cf45a3426..a62493ad2762 100644
--- a/utils/rewriter/package.json
+++ b/utils/rewriter/package.json
@@ -3,8 +3,8 @@
   "version": "1.0.0",
   "dependencies": {
     "event-stream": "3.0.20",
-    "readdirp": "0.3.2",
-    "urijs": "^1.18.1",
+    "readdirp": "2.0.1",
+    "urijs": "^1.19.1",
     "xmldom": "0.1.17"
   }
 }
diff --git a/utils/rewriter/rewriter.js b/utils/rewriter/rewriter.js
index 5cb8ea412a31..5a25d5cdfafe 100644
--- a/utils/rewriter/rewriter.js
+++ b/utils/rewriter/rewriter.js
@@ -14,13 +14,16 @@
 //  cd ~/path/to/my/webapp
 //  git diff
 
+global.self = global;
+require("../../lib-wasm/pkg/https_everywhere_lib_wasm.js");
+
 var path = require("path"),
   fs = require("fs"),
   DOMParser = require('xmldom').DOMParser,
   readdirp = require('readdirp'),
   es = require('event-stream'),
 
-  rules = require("../chromium/rules"),
+  rules = require("../../chromium/background-scripts/rules"),
 
   URI = require("urijs");
 
@@ -34,15 +37,15 @@ var ruleSets = null;
 function processDir(dir) {
   var stream = readdirp({
     root: dir,
-    fileFilter: ['*.html', '*.js', '*.rb', '*.erb', '*.mustache', 
+    fileFilter: ['*.html', '*.js', '*.rb', '*.erb', '*.mustache',
       '*.scala', '*.c', '*.cc', '*.cpp', '*.cxx',
       '*.java', '*.go', '*.php', '*.css', '*.pl', '*.py',
       '*.rhtml', '*.sh', '*.yaml']
   });
 
   stream
-    .on('warn', function (err) { 
-      console.error('non-fatal error', err); 
+    .on('warn', function (err) {
+      console.error('non-fatal error', err);
     // Optionally call stream.destroy() here in order to abort and cause 'close' to be emitted
     })
     .on('error', function (err) { console.error('fatal error', err); })
@@ -94,7 +97,7 @@ function processFile(filename) {
  */
 function loadRuleSets() {
   console.log("Loading rules...");
-  var fileContents = fs.readFileSync(path.join(__dirname, '../pkg/crx/rules/default.rulesets'), 'utf8');
+  var fileContents = fs.readFileSync(path.join(__dirname, '../../pkg/crx-eff/rules/default.rulesets'), 'utf8');
   ruleSets = new rules.RuleSets({});
   ruleSets.addFromJson(JSON.parse(fileContents));
 }
diff --git a/utils/ruleset-allowlist-cleanup.sh b/utils/ruleset-allowlist-cleanup.sh
new file mode 100755
index 000000000000..1975665b41bf
--- /dev/null
+++ b/utils/ruleset-allowlist-cleanup.sh
@@ -0,0 +1,42 @@
+#!/bin/bash
+# Remove from ruleset allowlist the filenames of files that
+# no longer exist or have no matching hash sums.
+
+# Change directory to git root; taken from ../test/test.sh
+if [ -n "$GIT_DIR" ]
+then
+    # $GIT_DIR is set, so we're running as a hook.
+    cd $GIT_DIR
+else
+    # Git command exists? Cool, let's CD to the right place.
+    git rev-parse && cd "$(git rev-parse --show-toplevel)"
+fi
+
+# Run from ruleset folder to simplify sha256sum output
+cd src/chrome/content/rules
+WLIST=../../../../utils/ruleset-allowlist.csv
+DELIM=","
+
+(read; while IFS=$DELIM read listed_hash coverage_flag fetch_flag file; do
+  display_hash=$(echo $listed_hash | cut -c-7)
+  # Remove those that no longer exist
+  if [ ! -f $file ]; then
+    sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
+    echo >&2 "Removed $file ($display_hash): file no longer exists"
+  elif [ "$coverage_flag" == "0" -a "$fetch_flag" == "0" ]; then
+    sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
+    echo >&2 "Removed $file ($display_hash): obsolete, all flags set to false"
+  else
+    actual_hash=$(sha256sum $file | cut -c-64)
+    # Remove those whose hashes do not match
+    if [ "$listed_hash" != "$actual_hash" ]; then
+      sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
+      echo >&2 "Removed $file ($display_hash): listed hash does not match actual hash"
+    fi
+  fi
+done) < "$WLIST"
+
+# Sorting by the 4th column (ruleset name)
+TMPFILE=`mktemp`
+(head -n1 "$WLIST" && tail -n +2 "$WLIST" | LC_ALL=C sort -t"," -b -u -k4) > "$TMPFILE"
+mv "$TMPFILE" "$WLIST"
diff --git a/utils/ruleset-allowlist.csv b/utils/ruleset-allowlist.csv
new file mode 100644
index 000000000000..2e3e1c481b91
--- /dev/null
+++ b/utils/ruleset-allowlist.csv
@@ -0,0 +1,2222 @@
+hash,auto-pass coverage test,auto-pass fetch test,filename
+fbb2d56d33f886b53c314eac3446eed8bad7916660ad0709367936fe8335d987,0,1,112_Cafe.com.xml
+5b650e2b6084539440a1b66b5b45f5825a2d61db7812c7521e1a1e0860c4b6a3,1,1,16163.com.xml
+b5c96ae391a5b0971fb2438e3afd37ec7ce439e7dbb271276cf7bbeb0eb61450,1,1,16personalities.com.xml
+55b1ea082e1da07a13ef7bca833f779a23335658d345294a35e4944b90c5c136,0,1,1TW.org.xml
+4d7ea51ecce8ef52d7f14fe3d2196e7647c347ae491a8c51ff84555426f4c05b,0,1,1phads.com.xml
+4209813635498e7b1f9c944d648173507b41e0e3260e16b3fdb6f3f945ffc28a,1,1,24-7-Media.xml
+feb478f3b2f281637dc660c70688a7002af3e4c8643f49bc2a45dc451a2fe450,1,0,2K.com.xml
+106d40535445ceb77ef877d7cd43e68522ee15426bb20391be72da7ee7ed0319,1,0,33Across.xml
+2754710db32540a9e4fc610476d2da4ced0e742af02f5db582aacc553436a822,0,1,37Signals.xml
+0b112de7f3114b9432277ced9283996b39d7d7a9f5f3471fb98545630f674d8f,1,1,3M.com.xml
+3cd9cc0b3921f83d5bea3d5e948e0b95223f24dde3afa2bea2c346aba084eeb7,1,1,3dglassesfree.com.xml
+41753915c41cfe07253511c84b34de0e41983d64ca36ca0dac6922c325573249,0,1,3g2upl4pq6kufc4m.onion.xml
+c82fc176343c2425fb39f152c4819a3c68802a973835817b8fc2ab9cf2462db2,1,1,4gamer.net.xml
+8223ab030d3a507686a55a6d13875fea38888ee6e1aefcb086e0ff99d83116f4,1,1,888173.net.xml
+53ad3f31c9603c3fa9ef4e1737d60c314a2033b5646398e64986f1952d11bb2a,1,1,972mag.com.xml
+7a25ea9f7d589947b91e6c4d54f91fadb6727107093a0154936119eac027ff8b,1,1,A1WebStats.com.xml
+471b1cb8ca62bde3a1c77076ded432fee9ad7a31911abbdb70d99bd5a6c22f0f,0,1,AA.net.uk.xml
+a77b292e0258a8a9a81a8e05fa342741e226a1e024978fe7c6677c7c65150ae3,0,1,AAMC.org.xml
+f97657791892c8df7bdc53f8d0207d699859a190444fbf975e98861d4cf53650,0,1,ABIS-studien.se.xml
+b46e53a6f571bb484c20bd6d6506fdd6616e344cbd8c4ee987994878ba6f28b7,0,1,ACLU-of-Louisiana.xml
+ebb612af087df8278b2f48f19db43fb3cac73d6a4e9b4e1e58e37e1738164c7e,0,1,ACLU-of-Texas.xml
+9dd2d07280b679205432600769a989ace5a9feebe2ab2e5288b509719325be90,0,1,ADP_Screening_and_Selection_Services.xml
+276a2773697e1f02e05064c9caafa4958b2dbab8110457e719a14e3d15db499b,0,1,AEUP.eu.xml
+bde27e017263a64c388195a0091c24f9dffb1c23ce90deb3c63919c75bb5598f,0,1,AFCEA.xml
+9fcb7423caa4b2db65448eea1b798f7a4fa939e5f50cf55d934f37a8a5ea67e7,1,1,AGU.org.xml
+f8154916d6f3d0255e6589d3f054caa5644cf7a8a744c2aae37522463d78d7f0,0,1,ALSOActebis.xml
+a4e558ea2da104b30ed669a14016d712364b596f25b49a9cefc3a339622acd46,0,1,AMMEC.de.xml
+fdb40ffd6a457474b8b7ce3e12667c6fde61187460b7ad9e4cc2f1dc04b89205,1,1,AMetSoc.org.xml
+e0a596183d10f82f7039179e8031bf5d27f2afb43efc173da4c38862d7827142,0,1,AOptix.xml
+264085253948aa5b59a18c70206b9eece60a5099a73c6f8db8cb7fd6ac0c9c99,1,0,APO_Box.com.xml
+1d1610c5c021fe4971a3c73f2a7a718989786ce202bb464ba5e9b226436fd59a,1,0,ARPNetworks.com.xml
+12a54fdd75f8a200b6da25d78514f8ed3e3a3bc516307e3729b9220792921514,1,1,ARRL.xml
+dec3921e5bb388e22d0ecde04515a7263b9df10ecf6107700c79cc618d3a88cc,0,1,ATNAME.xml
+2b730c5435e15989ce7cd5f714b20fe9bc36f3ca56b78c1e4d85b4ba01bd3222,0,1,ATrpms.net.xml
+3e632fd55a29b917584ac35e60d0bdba0adc9d707aba3d7c541c79db1bd81da8,1,1,AVG.com.xml
+406d709a4fd37483cfbd763d8d6a17a98f3ecfede0fcee4a9a7405093b5dce6b,1,1,AXA_Winterthur.xml
+a60c7c65acc781e40afc32649894a7aff53c245970ca91c85743ae9df637539e,1,1,Aart_de_Vos.xml
+0010505a729eaac27f576a7f3f1b3648a21f0847103d8c00d9aa511b4758eae9,0,1,Abercrombie.xml
+dfde2866b7ef90b4edd3ff9e03fa9f1d4ba62b14864a901eecb7e8246de39024,1,1,Academy-of-Model-Aeronautics.xml
+3ace3b65a3c533db55345e50ccdb151b967e0d65a029286b8a9951fa9273646f,1,1,Accessorize.xml
+e870aa56bf0a79c94302665c8deb5aaf19aef59a030513d4bcfcb2741be474ad,1,0,Accordance_Bible.com.xml
+e3a863c01dd5fdfa2b204b371f9a16ce8fcc136e0a65241a9bf0f41ac3454b60,1,1,Account_Online.com.xml
+c058b6077ff1338a785e3e7bfd003eaaf0eda151b28e81cb76e4bacd3d25e116,1,1,Accountservergroup.com.xml
+299017a21aa2f2d62f8a3e289cb80398b46a3a649ccdad3b34b2c0660e68c3ac,1,1,Ace_Hotel.com.xml
+b3dfd66a48d1e541fee3ed314b832e2b039e191c04e5563fce8ee3ab71054925,1,1,Acenet.xml
+f377ffea5847776bd076e6e8fa38cd0e4153de88f0e331ed9836465441efb0f1,1,0,Acessoseguro.net.xml
+5306a00bbba97f3edf93cd3bfe9f2231ba896ddf81fda180d35b3d7d44ebcd89,1,1,Acro-Media.xml
+456fd4d09e6c35ce998d9bc48a14678c06ca3daeb0c273e23232d8736b734e18,1,0,Act-On-Software.xml
+15a0856f0603c5730add28e9a2e6a36acc432c7704a7bb007517f496cd35fc65,1,1,ActionKit.com.xml
+7d7739709de4be107d5f32d7bb0c84ece7761f864e6d9b434b3c239db0b247c9,1,0,Active-Events.xml
+c60221ccd829ab0724101819b906f5c4ccd5b873d62b7bcdd15c5bd0003d6ef1,1,0,Active.com.xml
+8f3e75367b17bc3d389eacda994ed6cd57fd7334cb2c82a30d58d44c2051710e,1,0,Active_Melody.xml
+d35917ccc23128fe80d44bcd2ad4bdddf8487d216e51525f54e75977ec52e1d2,1,1,Active_Network.com.xml
+fc7c90d849f4bb81243211a9562b2c2b9a56cd5bbbdfe376a1c891c0c3fce0e2,1,1,Activision_Blizzard.com.xml
+e87c8a23db52372be00ffa86181ccc6e32cea7ff5f646f884a452187c543f2d3,0,1,AdJuggler-problematic.xml
+5dffa6059f25b1934cbcb4b3c3cadfc7f0c45711cf7a3940141fe366c1dc632a,1,1,AdJuggler.xml
+c781e81a341599aecb674a36f114512b59f5f7930fc309097a456c71e28db902,1,1,Adaptavist.com.xml
+41cb473fd48fd1426473a4b354e411f72cbd21f785e70587407d0d76eb4b1439,1,0,Adbooth.net.xml
+92c3d1535f321874ed0ae5dc36c44342c32dbe4fd19e1d86d8bc5b1c9887204e,1,1,Addison.com.hk.xml
+fb4bb543e6864dac40ac3c6bd5bd334eafeb53da00be2cd0100eb00f4cded31b,1,0,Addison_Lee.xml
+e0ff242fb2ed135c25e1a448a2daca9cf95a16e57c989bfdfeed1bd97b32667e,0,1,Adelaide.edu.au.xml
+a739830eca763ae9a818d8ab8919a0fc8c20a857877dab194e0424ee0644cc1b,0,1,Adestra.xml
+f5baecc41e25a8692ba863429d14c3bf84e8dc68684d8ca4c4fde749996e3c31,0,1,Adkontekst.pl-problematic.xml
+ce56c65406df4436852f26458e9264c88c627758762ab195945b3e30a19353d4,1,1,Adobe_login.com.xml
+55617aacb1813b061771e4f721507b7bd5b63d25478c1725256e12085e03b36a,1,0,Adpay.com.xml
+f914b14018606153a7c24280dff27d29e752c1d4219f548fda58fb25becd3a77,1,0,Adult_Webmaster_Empire.xml
+7cb2786a2b879652734cbb50bbd97b194bdb20a9ee61e7bcad4f2c8f4e0e081f,1,1,AdvertServe.com.xml
+00bc0f8d49ed0c18f7f093f5a131fd8a2c0272abc61fadf67390f165850902e3,1,1,Adverticum.xml
+2e68f7aa2b6c7621049ae1fdb584c4a851715e61e1756605f9fef462365e1e9f,1,1,Adverts.ie.xml
+d739ae917fa93939b84610ee6f929652200a550db28565e5ab38e60f7e82163a,0,1,Advisor_Mailout.com.xml
+94cd248d16402173c247f14ae927f72c16737f5d59fdbe8e789a543bc9c92dac,1,0,AeXp-static.com.xml
+448b66df63589e61859860a7af43ec4fdc1f5e80ef85755b137b966cec8df262,0,1,Aereo.com-problematic.xml
+004141042389a227021f73c7e33b69086d8202034e4e2b387670f82769d6a411,1,1,Affili.net.xml
+d7080434a9f73a06d758696e4ec5e7b3c60968c0c1a4271e70e32cdf4ac1a170,0,1,Afford.com.xml
+0d3d535b12985b71c14e04ad635d3ae2ae6c5b1a869f3b9a2a664dae9492767a,1,0,Agari.xml
+1893f4cc7fcce53078404d3fc8962e0012bf30b9788af805942b6f07a2fb36c4,1,1,Agri_Supply.com.xml
+af6ba8f96429ea0d649275a6cada17a2d691e8d3fb35f37f498f9a11ce1f91f0,1,0,Ahm.com.au.xml
+7cc75135ed0cd3b81ef62e24de4ca2da433caeb54b12aca1bd0d4efdc01f31db,1,0,Akamai.xml
+5e1cdb7d9af34842a8c2b7c7f414caa8b84bafe4072bb7d883f7084dd5edcdfb,0,1,Akban.org.xml
+eb52feaec70c7afe2368ad23be6728e6828280b983a39991d2e31fe51ae6ec17,0,1,Akinator.com.xml
+699895da3cfb27a96f1d6a46ed31aaa29c34653a511057a9ead4861a3722db7f,1,0,Aktion-Deutschland-Hilft.de.xml
+187e9c128e4b4237887a14de2f1efeb6fdf647e2549b0abb4f2fc09112879a59,1,1,Alcatel-Lucent.com.xml
+1a75f296456093e211748b9d5dc4f8c2460d36d5ea29f0a72872e00ccaa93a94,1,1,Aleavia.xml
+a275d12398d9e55d91c2b48ac3733fcbdb64251ff7098b39fc28c2996de573f4,1,1,Alert_Investor_Relations.xml
+691e2338225111a1b09f19c600acdbeb09e900d0ef7595d6a5588fb54c3e37eb,0,1,Alibaba.xml
+e5c67d653dde583fa8a8f5e0afcdbde59247ccdaac71972115bd27b769e469dd,0,1,Allianz_fur_Cyber-Sicherheit.xml
+32f4695b029c352f7dff4eb59d4b5e19a648e8feb3b737878b772bc2a9609176,1,0,AlliedMods.xml
+3ceec0f2763c711f5f4b5b43c4dcb2c58e4e94ddea1fdca51018d4f5b03b4d4f,0,1,Ally_Financial-problematic.xml
+51262d5e1bb4a313c8ac7a866f4b31d429585df60e66a630771066099d190716,1,1,Altera.com.xml
+5d30fe7992767abd2f1648d0508b16d78a0333eda4a987917db02ef25941175e,1,1,Alticore.xml
+50a3d1c2bc7e498fe0d89321f53d144e668803742d1c19b0e3e4d2007621ef6f,1,1,AlumFX.com.xml
+83aae8644fbd60dda604ede8c58cd14dc739f87281bba346cead0c5989ab41df,1,1,Alzforum.org.xml
+4127fbcd8c7aebf2b075ae24d003bd16ecda40badc5e10a43692c51ae9902fdd,1,1,Alzheimers_Association.xml
+b026e083c80c6f98518189b67d38b2e7bddf53fd115db0e144e8bc3ed2c8e933,1,0,Alzheimers_Society.xml
+fd44fb9d85d3ea27ebcf317f6c0529d2dc6862604f82f1f48a03fac77bad06e8,1,1,Amber_Swann_Publishing.xml
+70ac36559fc444a01a91bb411bcbd38d4418bda22a84084bf81b316c42aad7b7,1,0,Amd.co.at.xml
+65f0082277fdcc1873158996ca405d0fb8f7db9a4633b2142ae014a826066f9f,0,1,American-Postal-Workers-Union.xml
+5365603eba6a90d384eef5b01bf8985b659093cca2ddba066b78d06d87ea0ca8,1,0,American_Academy_of_Neurology.xml
+f58f2cd4524af0b47bee314b416ba5ef4be1213d7db98f2a18fdac91492c6e48,1,1,American_Ancestors.org.xml
+92e9a46b0c218161a6977d43f3ad0e2c2e175caa825d293044f5a8f2b00cb13d,1,1,American_Bar_Association.xml
+df85d394f005f959e805ee526de3801708f5c61a2379604202d22c6dcd4742e9,1,0,American_College_of_Radiology.xml
+79271c5ed9f153da84ab9914b1e98622bc8d3b51c30fba7bf0f7047863831247,1,1,American_Heart.org.xml
+f2c64f5833815703ac02cbd11efd4c4e48132a3c81a6196692fb4734580c20b8,1,1,Amiando.xml
+dd70debfd991bb22af84defbd2e2e138ffcb6833abc14c2306ca8a74884adc69,1,1,Analytics.edgesuite.net.xml
+b5ae6c5519ee1727036dbfbaed594fec60654b0e534350c2799ddde2b1259472,0,1,Anders.com.xml
+0d5ae660c24c66e5c6521950658bbf3130fd5b3803ef7caf0523b80519580e58,1,1,Animoto.com.xml
+97a0818a118c603fb45f76723e857af28aeabe0b668b7ec35e4c554ff9660975,1,0,AnnualCreditReport.com.xml
+160285b816e182481868f37c9b2bc23013ad94a5749227eb6e34be710ec7c57d,0,1,Anonymizer.xml
+af2eac7a517c666c869e80a72d8e077915069bce3435d7d465b60393ed94b4f1,0,1,Antifa.cz.xml
+187ce6d87d040f1cf02412e81bf7864a3981614318d9b91a8b59c39828772b37,0,1,AppThemes.com.xml
+9f93c63514ef6ca29521cf00a0a3c8504c12c8be7dbdaffe3d19a7a837fb28a6,0,1,Applebees.xml
+f6df9862c3d4f316ad29a953c74defc81d73ddcedeb0d88f48ced3d45e7910b6,0,1,Applicom.xml
+d4c84528d88d91dd63d1f67c6fb47e38fbaf8e5a22c2b1c362ffd68c52d449e2,1,0,Aquent.xml
+df29ec4c06bdc5c8adf99c1ac94e4c583a09c800aa6a5befde1dbba03a92694b,1,0,Aquiss.xml
+1b55285393adb6253ffe5d1b8eae0e7ec7a2f09dcc0a10f18cf2c2beb489784b,0,1,Architects_Journal.xml
+420a2671c39d5d7ef278de619e17ed6f0f9530656d2200e35186d8050337e0d0,0,1,Archomedia.xml
+a2afbfa23bd03a416c6835d25abaa56f08f1b958f49b1af5f539d1d805929c98,1,0,Argonne-National-Laboratory.xml
+b7da8eb71bac9196944afa62279d4f6c1143b87a1ba2090b301c1f760164bead,0,1,Arizona_State_University-problematic.xml
+35b8bcb9a8c7ca87094f12b24aba2343a5087db4abc52cf267ca2303b36c2af8,0,1,ArmyTimes.com.xml
+cda60d257787e7061e709192d5cf0a94a4984b46985afa9f3b0cfd0dcef90cee,0,1,Armyoutlet.de.xml
+deaf1f8eefa9c210569f9f4f765b65abc1dfdae41d569ce26661ecc62329ab26,0,1,ArtChristina.xml
+7a27bf5aa36474cdb4f6be7c8acba249c5f15b44c4343b8dbafa8733792b587f,1,1,Art_Lebedev.ru.xml
+9ab5584b55ec935924daf83d9f2ede2f2cebc76604d5465536225d1cd3db786b,1,0,Asahi_Shimbun.xml
+f9990d6c03425415964794d370821ab71b241c42ecb3ca3470f4f68a91c6b753,1,1,Ashford.com.xml
+9df71aa013165efa180c520096902f74771dc83d900cb04ed8c7cb5b82025b8b,0,1,Ask_a_Patient.xml
+c7a5b3c8f14fc542deadaa515a2c62cd7837363313997853f1bcca5c8841ddd9,0,1,Asknet.xml
+ee30c86b81fee828b7b66094087dad1ceada6a09b8846c76e1323017614a41ae,0,1,Asmc.de.xml
+d262fbf653e06eae187698c0fde725bd7227fb6ae69b0f8ed0a579d28ec582d9,0,1,Asnetworks.com.xml
+a1a402d40a355131bf1e37b4c0a6b8c8e084191cd61fe56af0ed34936e72e61b,1,0,Aspen.com.xml
+1d869ec0561b6315e5a76adb6647f320420368539419435c266a2d5fcea3e1e2,1,0,Aspsys.com.xml
+757f6d69b3b210524c02e9568327d146094fea887b981abd5cde8bfc0be27fe9,1,1,Assayassured.co.uk.xml
+ac0e2ffaed6bfd83b89d6afbfc399d307ed3cec22127daf150363ebf87bd19b8,0,1,Assembla-mismatches.xml
+59ed37f0dd3e4eccecd52a1d9870385931f4232c8c206bf38fd5be09ac71c69b,1,0,Assembla.xml
+a5863f348dec427d596329290881cb9c98ae69b9750e221c6671f4d8f71db317,1,1,Association_for_Learning_Technology.xml
+69d39068d71ebbbe56a4f4c895624727b18fd4078a9ca49b5fa171faadbc243a,1,1,Asterisk_Exchange.xml
+3d5ed7f1111c25632f3b7292512a4a9e264500c02ceba089033607e8885f5a87,1,0,Atlantic.net.xml
+895e39745fbfc4d380f4420f1cf25cf081d509a3769b92d74b51ecf096f88d3f,1,0,Atrativa.com.br.xml
+cd59b21753dc080061d890781f4f8b140208a2cbccfbab0f050eb31dbcfc6a21,1,0,Attracta.xml
+a5fdb3bb0c29355ff44f0bf35678043d85d2c9fe07316744efb753c2ceb955a6,1,0,Audible.de.xml
+95bb51781fa963035cd1a58058b9bfdfc9abfbc3ffb4f8d7e21ac08f3339e504,1,1,Audience_IQ.com.xml
+e93b07e0b6cc742be0b8402e08c42fad688a33ab622fc34541ff95d78ab98c84,0,1,AutoTrack.nl.xml
+5c3a3f5275c8e00d18aa36f50a1e4feaf8fe8e703eabc2bb2110c803b7004207,0,1,Automotive-Industries.xml
+8faac2dc54797656378a0a9ae829bb67ee8a653695ad946842dc0e80a9879779,1,0,Avangate.xml
+7f5b9cdfe9276bf67d2a4bbbd009f9f3d2fad527198a2e5f8ce1b8cdc2d3235d,1,0,Avaya.xml
+7e32f6880a2dee58ee25136d1d36244edae86abaa00015db534b174ac543d77f,1,0,Avinc.com.xml
+08bbac27f594c550b305154cc02cc5988b7cc1c6976c6bd6ffddb0fac17bb590,0,1,Avtrade.xml
+9b72647c715ae4fef53f22ce772e79a5dc5853ab6e8dec175bbcdebd769e5c07,0,1,Avue_Digital_Services.xml
+74d92b32d3809a7a7971171faadf4515df67bb8a33af80353a53826a45326e82,1,1,Axantum.com.xml
+aa3e6486761566210c9bfa7fbe3d495a5d7273bfe0632ac3efe0a1793a585671,1,1,Axel-Springer.xml
+f6468f106fec675cba71920bfd2243936771900e9d15bc40349e5d5bbcf0e3c9,1,1,BASE.xml
+bbbfd3e4a82e15d4d89dad020b350321c0fca4e5e8b89075201cc8861f1a7fdc,1,0,BCGolf.com-mismatches.xml
+5a01a4ef9e0b0e572a6d075091320139a3748bb339b996271e71fde911ab68d1,0,1,BHosting.ru.xml
+6844b64d58c80eff8e30edee7d55d176d295fe2294b5220be007c536f929eda7,0,1,BIKT.xml
+a5c928606e0d561e5d440f462785ac080a8573075ecb058ca61d7467dbe1118f,1,1,BLOX.xml
+2f97c8acb30a49ebee76c6baffea70625f0fe101f79860965816b3416940f04e,1,0,BMC.com.xml
+f220626aac6f6f1da031f3bd445bef227d59da713beb06685215af440614d8aa,0,1,BTH.se.xml
+f02719e41dfc1e6cf086314cb5d1b4fdf6495ca9e012de645a3e62bb9fafae95,0,1,BTR_CDN.com.xml
+1f8a223fef58d2230c7688901cd5a2b66dfce9d34b6ebff320e54fa2ca1e9482,0,1,BTR_static.com.xml
+d6eb4f47bb565d059dbdf0ab826d37a817a8e460b4311d411a870bfe8a1d1fa6,1,1,BabyMed.com.xml
+5227426403d71b31d56748097f18c23e1d5a998e3affb1392b16594c57fc9126,1,0,Backcountry.com.xml
+35c9ec0e0c41b6699ae89b448b17ccd757f53a3fcc28c44258f2ac512f44a3b4,0,1,Bahn-BKK.xml
+afe0cb9f879460f9754e11ead8b76e9e36684548dc1f3ba9721da1806ba94ae3,1,0,BalaBit.com.xml
+193bdef49c71f93c783fcc8600a835156cfe321b00943b81cc1c9f4dc048c87d,0,1,Balkongshoppen.se.xml
+ffe89a541e79d166ab51bb9585db0ccad767e29203521e306764c7f0b80cf5e2,1,1,Balsamiq.xml
+4d64f5fbdeb952a226359e530e592e1675a9b5447cf754cb586c11dfffd2611d,0,1,Bangor-University-self-signed.xml
+c0572421747129369f8219d06a95b1e5ba601619dc79095bb4b459458f30850d,1,1,BankofScotland.de.xml
+811e7555f76a87ebeded357e918a1fd67d34f72bd9b7d3dfd6b61f6cc97ae335,1,0,Banque_CIC.xml
+3cfecf241423076e62d74a2ea4fe98ac038526a14652dc28d053e64390218d5f,1,1,Bardwil_Home.xml
+b60d916c30d712566b0fd5b697b4a754a4d7fb05597485109a1c9d92f721dbd4,1,1,BarnesandNoble.xml
+3671a9a071ce22b0d7ebffd007a6164eb32681c72692e4ae734895f4e3592691,0,1,Bartleby.com.xml
+06d7ddc36e464c176e85127f3364705691b70fec942e9163fb78fe4dca6e6ccc,1,1,Battelle.xml
+e53b66541d1bc87544993925566d303fcf2dc85f6fdb84a831b5e548ab65ad22,1,0,Battle.net.xml
+7cf5aadbcf3f8af1e874d034d45865b41f7dd57449aa653220901edcfd4880c7,1,0,Bauhaus-University_Weimar.xml
+8c5c56a3ae46e7b0e0dff2f9c0109cdea46cb5aa1332746944a2fee27c8f993d,0,1,Bayan.ir-expired.xml
+1ca67dd8c8e778bde03249a0ef9d97a48259a2d8261222df72e54d3ad1c63d21,1,1,Bbsey.es.xml
+c34685ecb3fb87f6100e138ac70635fe33ece2a7d6a636ece3d702a2494a45c6,1,1,BeCoquin.com.xml
+2c3ef75bae006356ec0462053c32b3dd70e0486cdb889243746fcd64074d3a3c,1,0,BeNaughty.com.xml
+12129b04f6dd2125cfb4b15ef93ff8bd2d6224ed9430565825912e54a0522176,0,1,BeastNode-problematic.xml
+f538f44371178d2f1c7c9b2956fb6fcf9c453aa7a05700f9c63cd56caf09e196,1,0,Beaverbrooks.co.uk.xml
+72f0100b35813d1d23dd13e8cd8a9b707db6323a37c5528fbba66ac557f3077b,1,0,BeenVerified.xml
+d69ef30208a20afc98cca9bcc5fc6af1b67a7328f3773ddb9f47665539183228,1,1,Belkin.xml
+774ce0054a322ac1ac0ec628ac8fd5905f72750d3c618790d14aff98474fd3f1,0,1,Belly_Button_Biodiversity.xml
+4fa3697cf81af513b6a90b5cedbb048caebd70f8035f36ac80b193d040e0f173,1,1,Belnet.be.xml
+d1cc057906222afeaad9143a7a19f12da584f2301f648e424e38c19394bf0705,1,0,Bennetts.xml
+f8a9517520b6042b8d0106a36de5e62b23ca5f353a9e02558cf495d86b466bb9,1,1,Benzinga.com.xml
+0dc9ce63ba5308df05d72ddd5e472216806bb7c13248cf3ffdaa9c4b66b331b7,0,1,Berliner-Energietisch.xml
+2809c2e484297fa0bc3ec2c02d1e646b272d8f2b9db0af829e6bdac955efc1c2,1,0,Bestcovery.com.xml
+10862e3c350ba15fe9258295149a8f688c3a6669527ba1ddc003efd50b0db2d5,0,1,Better_Sales.se.xml
+85369d0cd3eaa85d5426e92adefe7af4f9f814d1e0e15576cb81373454683ca3,0,1,Biciperros.org.xml
+d68ee3cc47157f440dacfb19f654c89b597cfb31cc7bde24504adfe61ee50c05,1,1,BigCommerce.xml
+ed5df40362cb3e1124a4a48ac5a4c876987e58beeea367a46a912ac59c7288c8,1,1,Big_Concerts.xml
+bc1dce36b45b3964aa4ad44bac9f4f21f9ae6c58f7c538f56ac592aec5e9c56c,0,1,Bild.de-mixed.xml
+dc5adf6c19510d6c30641e13b570ae53d2b027a52bf710efcb332650b99b11b7,1,0,Billiger.de.xml
+66039ca34034afbc98fb093623ea40b2ba4f8fe8f733763a593ba204f4731453,0,1,Binary-Biz.xml
+113777f338466bc6512680297e9af75a0ec7d94855ec4e652710551dfa5be09a,1,1,Binero.se.xml
+59d72a6ec8f9c18c9d47abbb9999d6dba95204101d8492d4d921599bfda7a9fc,1,0,Biotrim_Labs.com.xml
+a0134fe6daf1357222392652186d939db2bff2d536c66f04be36c9cc4d40d016,1,1,Birthday_in_a_Box.xml
+573cba521c4d30634c5a52f669401e6fa01062c2ac6862f3a084d43b566d34e7,1,1,Bishop_Interactive.xml
+0e7aa1032567406b6d90062e0aea70739d396e8df454174215feffc75583274c,0,1,Bitcoin_Plus.xml
+d8ee4c87b0620b6042c91603f08487127062a0a139d668e8c750d02a08fb2a77,0,1,Bitsontherun.com.xml
+08fef6e8d57b0a993adafca479dc40f171557bd674f61c1de7347fe97871ea63,0,1,BlackDiamondEquipment.com.xml
+6601feab3dbc022ef37296d161f15fa92f5d1235d8aebfe882f0e6e447e18775,1,1,BlackTonic.com.xml
+0e454d16adbcb95ee565d998a6275a57e98d6f89d3e261a31ef9b7a006a9f692,1,0,BlackVPN.xml
+488fd6c9aaf93eddc2eb9d2bda98d612269a42d022db8d847eb51910ab0a1595,0,1,Black_Box.co.uk.xml
+3b4d5afa29fc1c08ba4f9bba3efa9c6864ef88073269865673fa63074e5a6ec5,1,0,Black_Duck_Software.com.xml
+26d68e684c4b831a43fedd18972f20da578d54bcd88cefa69adab09d570ffcaa,1,0,Blau.de.xml
+8197a554073f79c50efa6b58339f3d3908a786c5041c7e446e3f94d2e41fe190,0,1,Blaze.com.xml
+d081389526c163f91d221dc4e3f6581207b863cd53970e1880ce0c72f335f5bd,1,0,Blazonco.com.xml
+878916341a96e0461e4eaa31ff855f8bcdcfe3df38c204200f5a4ee26c0ed2c1,0,1,BlimpMe.com.xml
+c532f455966d1864042489e42a050a7d2f7c59dcb18deb69de94d6a18599565b,0,1,BlockScript.xml
+5f627234aca463926eac998ef133407e322eb94921136ef0dcd5acb73423d1c0,0,1,BlockitPocket.com.xml
+f74faa732db51e1226ecbb603ed1bcea00ddb67a6d5ffe2e1b922471ea33a107,0,1,Blog.ir.xml
+1f133fbee8bcb5a78a7b039865a38c14c1e6435f48d93a61a9125ccc4d83f90c,1,1,BlogTalkRadio.xml
+0345c0f4ef1e2c9b07dd7af1ef177809cb3437ca02fe2d6e4eeff5bc45d8c2b9,1,1,Blogg.se.xml
+3958f7571262401df5596dc64eb26c150ccc8e8cb412301000e4c13d5561b13e,0,1,Blottr.xml
+b3fa84409abf942170fa0a73032e4a05a134968155340466e8a776a7b0a7cc77,1,0,BlueSSL.xml
+35530c1de082fe8c03754f797d1dfc1696c62ccde7587877e11be615397e8f50,0,1,BlueZ.xml
+fec60c661c82f9e6973e837a53a3604a7bd2dd503dd1d31b7a6802a84f4db6ca,0,1,Bluegiga.com.xml
+3a9ea6977bb0bec960b933eb5fe45b15527fd66b114e2fcc16db7aac0b0fe105,1,1,Bluehosting.pl.xml
+a9a5d4fddac6d697f375624eaf93768c3830b8f4a02ab875bef448a248632fec,1,0,Bluemix.net.xml
+049d52950b84b0ad4a13c8d019b8a1c0431dcb8134a602dce2de09747b89fed4,0,1,Blutmagie.de.xml
+c9a373826a1033dcb91fe698e08565a239407f4dbe6b4b9e665763369fcf482d,1,1,Boerse_Frankfurt.xml
+42244265357ba444d6ae9d1307d6e2e52b442206eabe091dd84d109cab1c04b9,0,1,Bolagsverket.se.xml
+a553123cfce927b1c373d5ce2380bf609f9d6dca9a8e61d51ecffcc5edece1d3,1,1,Booking.com.xml
+7a7a503d185e2edfd16ea359cf98ccab897c35723e5fabef91c8e3ad9f62ee26,1,0,Boots.com.xml
+45421bcab88efc09f590ba1deb06a30f8ebbfa1178d7061f2c06def617407790,0,1,Boots.ie.xml
+33fdd006644fc9144ab8e95658080cc6a7a02dbd974d3ef819a370534b3af584,1,1,Bosch-Sensortec.com.xml
+cd5d99534f588512306421c08f2731bd2e8f7bf28d34a8ff58ccc0ce90db9d0c,0,1,Bosch.com.xml
+82bd19dea8f72137448543133b8f92a4d5a51ba51ffa09ebb42ff5bbfac4a787,1,1,BoxOffice.xml
+7c899ec80cc19d4ae8e2999849a3624f6891c104df4058edd230652897815e28,0,1,BrainBench.xml
+8d94c07043530873917a955ddc49f56d1004c0fb4c1ff72b6f9d94eca9aa5b03,1,0,Brainshark.xml
+fbf85e04eab9c52f529decf30cd53a57da2d70650241c0116447e78e3f8077ad,1,0,Brainsonic.xml
+3fbe3fba810c1999458523eb42e7066bcacb7f5f134e0b86ea220ab111fc5a73,1,1,Brainstorage.me.xml
+bb99bc99df1c831b11f24c7b67956dc23df65fd60e912ffdcc34ae62d34b5845,0,1,BreNet-mismatches.xml
+c868592f7203fe56cfaf6f91a4c8982cd132e3e09617de3c7d4134a85eb39568,1,1,Breuninger.xml
+0e2a8dc117d3acd6fb19e37f88bfe2027d3f5b253b3a1c1331fcb8a4058db82a,1,1,Briggs_and_Riley.xml
+5fe89f289d284cd7126a18158e7c3fa5d2a7a288112d158836291a8383e0886a,0,1,BrightTag-problematic.xml
+9fbbf43514333a5a4dc5cc25f26f3687485fd24d043af068d148f808a76a894f,1,0,Brightcove.xml
+9450fdcdde9f469e30ea3b62c725b33adc64bd353f99ff52a38c70e42e8cb58f,1,0,Brighton.xml
+07b6e7331097c6a623202e7c864131d2bf7a686411c6f6435e350f50d7ddd29c,0,1,BriteObjects.xml
+087639bc23c5c1d881eb705e36827a4dcaa30a6009a986b030a7b2cae0183aff,1,1,British_National_Formulary.xml
+a511d6d05a4c679cf818c0eb369fd0038cce2736bee09f45e8a018948a3a8b73,1,0,British_Red_Cross.xml
+32b9248b21536ba2f3543da40e005493be51e230f39f5728920e45a5d5afa9f5,1,1,Bronto_Software.xml
+b8a7549d679696fcac931a3b47b361c08b2c57690fa83635ea9ab16907a4c895,1,1,Brown-Paper-Tickets.xml
+4325d39e0e10a221fef89c4c06e91596114b3a730107e98de7d66f473cc3a759,0,1,Browser_Addon.com.xml
+08ccc26490b9f326c737e8ebb878ce2f46f8131fc47bebf0b68051adfc09fbb7,0,1,BruCON.org.xml
+15045b256d3c25cb833b608efdb944f2dbe76c4e7dd2e666e3fe975ca5534e04,0,1,Bruno-Postle.xml
+51249e771817637e82f106f9105c78ae51b0d4f9ea6690ecfccdad8d997f1619,0,1,Bruteforce.gr.xml
+cdfc30bffe359836ae3497140988a0e232b84ec88b89e1173bc7cb0bb0b3bcd4,1,1,BucketListly.com.xml
+8e7f67c2c91f31f555d547b8c28b2fda823f60ac8cbf7343bcf63b2b3279db12,1,1,BuddyPress.org.xml
+dd371551522c75ec9295ca5f17700e00b4ce5487edc6512957a9e66a5329a476,1,1,Budgetkredit.ch.xml
+42207f5a81e9c20cfeffbda745d6b910f88f06740f8d21e3252abfb9ce7fac35,1,1,Bulletproof_Exec.com.xml
+b868f832ff3636c59aa9c3c764058525b955fd7160f2885afa2e1a2a4ab4d1af,1,1,Bundeskanzlerin.xml
+4a993016b9d3017b227427c90e48cd8373fd6134897945f279849307d9f40a77,1,1,Bundespolizei.xml
+729e6bac190e385ebcdcaff9a55511b012dc9487b95fb2db92126227a459d14a,0,1,Bundesverband_IT-Mittelstand.xml
+7a65a358848726715fb7e1ff742b7dc41fd1078f94ffdc4a4963ceae9abbf330,0,1,Burstnet.com.xml
+a7275bcfe771b298e64447d2124dc4b1025079638ada3663ff20283d3e264bb3,1,1,Business_2_Community.xml
+1828776117613179b01abfeeb5c873f8198051e1a751002ee4bc516169072d90,0,1,Business_Catalyst.com.xml
+f84dc3b861bdd8e0606b938940f1acc036781645b2abf5db29d86a81897ba279,1,0,BuySellAds.xml
+7a7763a7ff5ea2984706824337edf735a0b89de74fc26db49e859ecbc4ff0661,1,1,Buy_Veteran.xml
+b538310cfbe7f06f481c733d23a8b41facd488c3a91f0613142b44155369e6db,0,1,BuzzFocus.xml
+97d0a30dada7f04c8cb3429a1048b8ac805bfd37e57920737e76e97124366f38,1,1,Byteark.com.xml
+59445b251d79594d7aa1407e55b9567d488c9dfaf69a539fc55557e142a84ffb,1,0,CAREpackage.xml
+815b13c84f20fa674c550256fd7f0faff27092abe79bb7f6994d68604d6219d3,0,1,CARI.net-self-signed.xml
+cb89627369982908c0f26a2057bfc12a61b87dc3859a7524a6fb20f638d07db2,1,0,CBSIstatic.net.xml
+a753690fd77b86bf61011ed27f054c2415145c25276bde90dfc628846af112d8,0,1,CDN77.com-problematic.xml
+91cd42e26c618a6f255052b9e8f5e45427b3b9a22e5f9fafd9ac51369f9bdf3e,1,1,CDN77.com.xml
+cf5327ce99f02ed18d5249e6578f78a7584c6f43c05d2cd4ddf8a1aef16a1223,0,1,CDWG.xml
+4e62d9366810238d6a5c6c158302001663b2614a37f9ab6051adb058057f5264,1,0,CD_Universe.xml
+d6a8f71386d93781c880b1b2a5745306b956ce7a6e9054a32c8180e1d5882de3,0,1,CED-Magazine.xml
+3ed7d88f741d017d81079b08092a0b75a1bd408adac37b7fb215109394c72deb,1,0,CERT-Bund.xml
+e0bc56896fb53e6613aa9a3f3763ad2d52d4e33cd6df56902ec986f73533f469,1,0,CERT-Verbund.xml
+93dc55d6a222b5dd2fd74e0f6ab9461b388709001769611fda746eaf6cee2f87,1,0,CERT.at.xml
+ba6674337fbbf9905f5cb4804d367cae792ece098bf42cc5d6b97c311edc4ccb,1,1,CEntrance.xml
+fe1cb1da747d4c59487f8561bd5d048a746a615428080805d68bd12f5a45d764,1,0,CHIP-Kiosk.de.xml
+fc08fadbc356c1c170c2e48c51fd76cf1e6238e5c6d1eb71e76f0b9c4def968d,0,1,CHIP-Online-mismatches.xml
+ceec987f3e67e3e7b1f4cec6c706fc9e0dcf3bb51ef908f6a7122b195a9f3e13,0,1,CHL.it.xml
+dbc46881deffd783f88ddcd087523d767b4fbbe2c73a1266479dd4e46670b5d2,1,1,CIBC.xml
+4a3251f6ef0a80747dc6d59dd8975adb0d07942f4babd0fc8ea79048f2be6f24,0,1,CICLOPS.xml
+bbeac73bb5a9ae8cbe2b25f35490c13cabf5cc706ebcd3c7cc334c852bc754b7,1,0,CIO.com.xml
+dac42200d1d949890405596afc238f175edbeaf06a39176b40e16234f5b8ebe9,0,1,CLIC-study.xml
+96a1e4d8a7a151bf30f2ce5bdbcb762f5322add6297e6a17c1d26ede3953146a,1,1,COSMOS_magazine.xml
+7ad4d3c27fac03a257936dd9c380abec312479338110714cb22eb95085035d35,0,1,CTOvision.com.xml
+df7e93723ac3330c2859e73e2c28a08791e41be17d4586f5bb3a610ece41c7a9,1,1,Cabal_WS.xml
+496e7c05fe03d3ef39378a01c47ab48dd3cce74f05ee486588bc569e1a230c29,0,1,CableTV.com.xml
+0cf99299088ed1e5c7b0392b22233d2fae9545c038c78270c6fb8def0df55c32,1,1,CacheFly.xml
+2b9ec7a31a1ef2ecfd802b57c36056e193b665f99ff11b3e612cd7adbd47e056,1,1,Cadence-Design-Systems.xml
+04a9f7119bd93b943ec37555c866274a2f8af7239be84e78388b0ec6fa56eb0c,1,1,Cadw.xml
+e55fdb3ed55be22fc13d061d3ad8574dcb11a1f33a5cbd00f06e08919a187b10,1,1,CainTV.xml
+12623ec61a5d5503db22f3e44b0593f77e1d37e42a5b7223da9649fc4c43a26a,1,0,Calendars.com.xml
+54b9ec4e58489329294ea814503b75b685a861fa36329912f7c5508107aad516,1,1,Caller.com.xml
+213b44c9505b03054a9590a41dd3995d718801ddc16553e2c3e35596e3f301f2,0,1,Campina-mismatches.xml
+528b6476090e1c81a1576d377aa8826d779a297d92403f52bafb36a1b943a5cc,1,1,CanadaHelps.xml
+7361432018d08c1eb212a2c9d1cdb6901fad4a8a2486a3bbc5985dc410d0fcb4,1,1,CanadaPost.xml
+5d08dda7d1b74303183590208bbf76c0a0ea1df76df2b3497beaad6d8f332054,1,1,Canadian_Press.xml
+aa84ff00fbeb0f753bb8fe1414ccdf017caf54f3df9c4ed98bd4c51b34974fd2,1,1,CandH_Lures.com.xml
+90eff7965a6d548ff46af2a7b4047fc367be453a1c2570c6bd022de54509c796,0,1,Capistrano.xml
+8d34adc4fc479c3b59361d7f5e438717feca76f7dca3490ecf92af5dcc75ded1,1,0,Cargo.xml
+b0646f0d9bf56655517ee0319fa8db5608f3c1ef08469771ee6578cf4184709e,1,0,Carl_Zeiss.xml
+3852082463af19e77d7399ccbdb262aadec30307485ede3196168b1ab6c8c05c,1,0,Carleton.ca.xml
+c047260fe241591aff0d21678c993c268a8e8e26a0a9a2bed56c4fc93d6a9d2d,0,1,CarltonBale.com.xml
+141ea88067d92c50d1a74818556a91d19f24ee41f0104520f795975cd83391af,1,0,Carnegie-Mellon-University.xml
+cb7405d2c2753f150dbe71bc0859cfbfabaff2a13093a8408e93bc1c5f5770e2,0,1,Caseking.biz.xml
+8d20c6d30851429f971fef3d1209f0352f9b1bcd5fbe6e3d9c17ab4b4f5b5115,1,1,Cases_Ladder.xml
+811c33d7ad9dde56ad15954e3460969dab20d0f9fa930584443266e21feff865,1,1,Casro.xml
+f20f66759481152d644ac6d66b0beb2c0c6294a7f5c3931b3ddab5c43aa95551,0,1,Cdngeek.net.xml
+e3d1fbf663250b13e6cec1485aa7fe068e14180f6883b42fa9681f007004852f,1,1,Cdnme.se.xml
+b09ee57848b20dc5f0edde7dff31b6dd704d171d7494f0b4e566b62c8587cded,1,1,CeBIT.de.xml
+ff8d40bf74ef03e97bb141833608fd1af15eadf315b3d4375b2f343a6ffe8043,0,1,Center-for-Documentation-of-Violations-in-Syria.xml
+7d22b530e3d76f27ad05eb2b78c570d62bcaf8ae57582777e110f1a5d5c58ae3,1,0,Centre_for_the_Protection_of_National_Infrastructure.xml
+5bd8e0e2fd30fc0a28fd33d451a35b60e7275837c4fd405dfce8bc81af27ead1,1,0,Cfapps.io.xml
+657c3fc76a95e653075c9146e79384f35deb6602ff616d54387921bbab2c83a3,1,1,Chakas_Mmm.com.xml
+a9462ddd5256f9df0f92ac9e68dee69860bc04afeda1ad4ca62d125ba046e723,1,0,ChampionCasino.net.xml
+5af512985fa4e71798ebbb40592cb7de443d76a65e66ac2b270853590d4ec0f0,1,0,Change.org.xml
+b59e3733248b31c4fb739059009c4ecc1cebbaa907e505f9999e0f23b0207b05,0,1,Chapman.edu.xml
+749013b2fc545464572701ed1335b9f6a5592b6a0af3474d9703994874179830,1,0,Chartbeat.net.xml
+f1432b9c958b7d77317856b509738eea679ae9483f0bd86a27b70c5c9b644313,1,1,ChatMe.im.xml
+ae8377ac78832a22be16f277f28a52ef84b854bea59e84c67a206835a35b5b11,1,1,Check24.de.xml
+a661d52f01a655aca11ad14b59ebd2b1dc43fe4ec22803909f5cc80f9f2c7972,1,1,Checkmarx.com.xml
+c35f7c9558325a1c388b1a71d37aa032cbbd2189084eb366243641ba716a9ebc,0,1,Cheema.com.xml
+10fa5a17c9fc13e685fe8cf8b8a631768e81152d63045308597137c3d5f44be0,1,1,ChessBase-shop.com.xml
+a486b3a9a8fdfb5af7161460ce10f22575e2dfbbc388f9e39473a09f526f89f0,1,1,ChipIn.xml
+a55226a41482b55b64ea5dd690a09fe19d0999ccb8131b436b690784d6cf4e0e,1,1,Chlomo.org.xml
+69576d9694982fc30c67473122078602be85d16838123c7ced7cc7bba8715f83,0,1,Christian_Heilmann.xml
+635611ba0802ed40b2ee5b905ce99d4880a24e557dac0278a893e36ff9b3f88a,0,1,Chtah.net.xml
+cfdfa99b1e7ddec951fc52f57172762a09c9666866168b24a750f1f232debd3c,0,1,Church-of-the-SubGenius.xml
+636172dcc21bd3193f15e29b0748bdb46eb069477d946d5c6ff640509c270093,1,1,Church_Hill_Classics.xml
+90dc83350ae58f9b37967bfe33406f3cfbbd9de47f797d5691ae0c64b9dd573a,1,1,Ciao.xml
+47e5ba3bdc841cea4d8839bd57ece724b8fa99abd3d3100bc1f64d9d978b3b18,0,1,CinCHouse.com.xml
+de19403594b073d50fc83ab38402f494cbbbf9920f2d6281eb1865d7096f1e12,0,1,CinemaCon.com.xml
+887f6dedc09d6436d8cb9aebc7ab7f71603ab89ee3a25784273b275fb8f81a60,1,1,Citadium.com.xml
+22f77342cf73bf250f617eef28d1de55cc9d90afa8f099f88ad62444121ca5f5,0,1,Citi_Alumni_Network.xml
+324aa263ab69f494cbd37fe69d6716c07bcd7b46853ae25a5f7377722146afd2,1,1,City-of-Sedona.xml
+f0fdee87d984d3e109fd469af66fea523facd0c39bee4db87ab1bea1f8131570,0,1,City_University_of_New_York-problematic.xml
+88da9400d16c491db6e3d8ec956cc78ecb20de9aae1521da6cc70af4b3918ab6,0,1,Ciuvo.com.xml
+e249278f416d20f664c2601ce481854bc0181db54ee5ec4fc35e1f647bc2cacb,1,0,CivicScience.xml
+b3158d31c71457363975019cab7d54e2a1df3c4704e8ec39284edb1a7599ed71,0,1,Ckom.xml
+e239c746877388cbb5e8bdda31133b3d1bbf51631ba8974d6c07ced5016a01f0,0,1,Clasohlson.se.xml
+11f8b0f6e4735f79afb373f2c312f8f38c01cedf75703145b65f1d4d0ee82933,1,1,Clear-link.com.xml
+3bb97c7edc6c521bfb2d37b3110814bf4e8c754e494817f319fbe8276e46aad3,1,1,ClickBank.xml
+62783dfa5b3b4bddfd71f4d15fcdf1fc88f23205c834446cdb3c76b15d78ffa5,1,0,CloudSwitch.xml
+18667621076275ec475015222a4a65bb0ecd59b5d07234cacc92d5d2e1c2fa89,0,1,CloudWorks.nu.xml
+c954c0e37df82e9c356ad3611313c5aebca46fe4c2ad4291b1fff6ff2c90d3e4,1,1,Cloudforce.com.xml
+5ffb20d9923257da6e73e1909a6d8cf7d68be914c8e160458e60e2914bd758c6,1,1,Cloudimage.io.xml
+299cb39fec29918dea7265b547b0b58d83d9b27c9a8ccf46f35e15369acbf137,0,1,Cloudset.net.xml
+ebe8861f8b01a594f2009032190e254730320f03a4381474c1f43796ab9fe25d,1,1,Cluster_Connection.com.xml
+5df01438ac79becb6644b3dec650a57c8c40b84ecf6939e91896504548a7ccfc,1,0,Codecoop.org.xml
+42ca47ccb9e98d900b89def6bfeae2fcdd7866441c42f053afae64e4885a17c3,1,0,CollabNet.xml
+0338333878edb6a0f6c006f0fc18d49805899c908f920c7e612ac5496c034271,1,1,College-of-Nurses-of-Ontario.xml
+01e3cce2c68b60c53bd29c022fab016da33cfea386c371fe6bd47a6eef0ae66c,0,1,CollegeHumor-mismatches.xml
+339bc36fa7e42abc1eeed143a5bc24c08ce6bcb11d33db4313da65d6eaa08007,0,1,CollegeHumor.xml
+6347c91fce42e33944bf4e68147dded6b142f3f8ab49dd7f90c014502fc0704e,1,1,Colorado_College.edu.xml
+5d2d4e55901909af90f1fd161eee4af4421326bcba3a564b60140a27d843ebc3,1,1,Columbia_University.xml
+ed1a6a91ec23f12636e85fcab140be7b53ce9ead8bcd48f7173655f06843308a,1,1,CommLink.org.xml
+3af3263a9dff6b5035200ebb25481b147aff9690c0599db533b199790dda6708,1,1,CommScope.com.xml
+f4dff27943c317c1cb2a502eff51cf6436170f4688ea0d3a554d16895ded6cf5,1,0,Commission_Junction.xml
+5259790909abd7c2980520d48f3f158799be1f5cc478b835cdb44ad1d6b0e970,1,1,Common-Short-Code-Administration.xml
+0beb4f7db8e69085f900b08bd02e29436a366662c70152be72eb205ae61ab9ee,1,0,Common_Criteria_Portal.xml
+99330baf93c8ae708130f47714837655c0c21bc656cd4d61a4c8ac61f1a60956,0,1,Communicator_Corporation.xml
+a0270496346c1a4d130f64cbf829e15e696d488001d9ead97bb1be95707f088d,1,0,Comparis.xml
+2312684f5e6a7b373e8dc2893216c8f9eade472012cfd4bbca6d9e5e990bd08e,0,1,Competitive_Enterprise_Institute-problematic.xml
+bb4335a9690793a7035cbbb5025258304be703efbb97fb0071f617996808fcdc,0,1,Computer-Steroids.xml
+36639069762c5623cb782a792b17088694f3242fa84db5e8686b431d36d74f07,0,1,Computer_Lab_Solutions.xml
+53750f61d79098ab338a56cff7ac2567092601c8d9861be25e79cebacc73d197,1,1,Computeruniverse.xml
+4f25e864b2b2c8023c72a18c4645f2bc659b9f3efdad9b5a8623fd3becf08780,0,1,Comviq.se.xml
+a718eb8d43a995d416edb0bcdc23ab00e6d92287e72954db9ce67d642b0f9247,0,1,Conde_Nast_Traveler-problematic.xml
+2f7e378568ff6f03f3cc9b31fd1f9528ab7cae735de71354eaebb079bcd85cff,1,1,Conduit-data.com.xml
+02b3153c54aaade0387d2be93976bcd83cec356da2217dfd19b1d5f5bce58703,1,1,Confused.com.xml
+4e4afd9324120965f69988b05d3a414e70fc93ae07c352cd628b10921a166680,0,1,Confuzzled.xml
+c77f628b580660dfba342b2bbfa4a0e22744a48321539828dee5403c32470e4e,0,1,ConnectMyPhone.com.xml
+a79534ae1059876bc76c072c81fee31b3ee5572980bfbe2f87943f023829d2c3,1,1,ConsCallHome.com.xml
+2ceb9721bb2044c6d2d9ec83baea99106fee843c6eda1b90e5d0971dd569593c,0,1,Construx.xml
+436c49a3cd92b2d701c90db91f96cf8ebf3a3bdccf609537f23d6cad31bdd6be,1,1,ContactUs.com.xml
+710d5a714c74db826cade92c25b332038409f800ef616a03360634fac19fbc1c,0,1,Conversions_Box.com.xml
+07aec2b14f80428ac276fa287ea846bfba851a6d46b0f39e4640e6fddbc10a65,0,1,Coochey.net-falsemixed.xml
+650b5d9a73344bcff3834fd3851ffa14e7f810949a518eb27ce679bd4a5704eb,1,1,Coochey.net.xml
+97b344fb4914430115bd4efd7606438c43a7c6370726da90bd5a01f0192d836b,0,1,CoreCommerce.xml
+ff29267634f306a1256ce5fa90a5ad9d7a1f7999b38e535f04492bea224057c6,1,0,Corporate-ir.net.xml
+d1698155b22b3b7f5f0ca643cea078451d79ab6779f6f261d8ca54805b3db3e9,0,1,Costco.xml
+e0c331c927da606cf727ad4d21bdd9cee77632ae77ca1ad11e1f9114b27745be,1,0,Cotera.xml
+80eef43f077304055293c67afa215fccefe31871fe3a6712dd42fcc35c20857e,1,0,Couchbase.xml
+f69f84b0ca4c5b78ea0d15e83d62fd911beacd537eaa929fdf3780ed4b690a7e,1,0,Council_on_Foreign_Relations.xml
+491a52cea147014a5240c15914dfd2ef4040c6038f0b415df00c1a685841dcf3,1,1,CounterPunch.org.xml
+84384d174882086aa3fe03231d81ff90fcf806ea661d48da1c021a02f5c26bfa,0,1,Cox-Digital-Solutions-problematic.xml
+2a5aff5228b1ed8caf97f860b986a5e857043e46610b15cb1dd48f07d1a2a4df,1,0,Cox_Communications.xml
+c22b52fab2d5c0ae1ffb9f2f497672b1680a2a71c5abac5b9e3b11282594d51c,1,1,Cpaptalk.com.xml
+8a95bf245a528fdecd67ee9b2d3703a129581211501d34fa29afaef005287aad,1,0,Craigslist.ca.xml
+08f3749268ecd600f52dc3ed7ee35741b72088fc2b84ff1dcd24aae5d8609410,1,0,Craigslist.co.uk.xml
+7cab090cc110a6382eb16a0807adf568b1fa09d7ddb12325302a3e9480a7c978,0,1,Crain-Communications-mismatches.xml
+45b4b172795ddb3831140e93fc9a820127db515609f13cffb67557d53048f1e2,0,1,Crakpass.xml
+04f0d43bd1ab894b64d8ca6fb5e81b0213a4905c1bbd19bf92700ccada4fc0e4,1,1,Criminal_Justice_Inspectorates.xml
+1cd80467b55158721959b770308681c9e59a37977c7a4581996bb359e14bcd8d,1,1,Croscill.com.xml
+530481264817641a16714b2a38e392549ba9310d3689d7c8b7eaa494b1c73761,0,1,Cross-Pixel-Media-problematic.xml
+e82ff9c3312c6fc9f6904252577429fb985c41637c71dd8f33d25bbce57ebbeb,1,0,Crowd-Science.xml
+cb23a1bd35b86d242a4028ed7f0d6fa55a1b01d620b22f552c54ab3e8aa64562,0,1,CrySyS-Lab.xml
+80ff66109e0038eecb6e67362f210c6d389b69ab1044cf621d1ea28f7b624f19,1,1,Cryout_Creations.eu.xml
+734c847c64dd4746922d7dfd8874f2de5aeb8db469d6165352965bfc43a7d564,1,0,Cryptomonkeys.com.xml
+4c82fb71dd76ecce008a283a688f468dc95758a8b164fd4daac98b747eb1a7a8,0,1,Ctt.xml
+1458bcaba2c8a2abacdb39524deb5de8016181e03ae8030d8933478fb054ee1b,0,1,Cultura.no.xml
+8619973ac3fe5c8a8e4ddd2d2ba0c23acc05568d7ddb6921b33a04ee6cd05cdc,1,1,Cumulus_Networks.xml
+be67733780d14d90de81e3278a87fb4860cb0bbc38b58855980b323a8871b7c2,1,0,Cupid.xml
+a1375ad5b72a20bf94ccf118cc4d2386590687196810774dbd35f29de8b058fd,1,0,Curbed.com.xml
+dccfba7ca231bf88053a8a2e1064bb4d20db77854e80e0bbb0493d4523476062,1,1,CustomWheelConnection.com.xml
+ecb6609b54104e170eccfb8b213b46ef8571ed159691b69cd4e38ef28887120b,1,1,Cyando.xml
+c5f1993198ebf0755d6d2b884f09cca076a78cd635c91810e60e6d0c36938638,1,1,Cyber-Security-Challenge.xml
+62f9443ccedff68a2edfe57cbd28c734eaaa8a90177ec3ef972c51a0a7441715,0,1,CyberAgent.xml
+5c228b42ff2de9fd9ebea0fb810d2775625238e119a70c142cc80385c2aa2e54,1,0,CyberGhost.xml
+760cd650faf849e6b19245755eefd6460eb401ad4e174983e7dc5a28a50cffef,0,1,Cybermill.xml
+1562d48551eb9a11540bf840e1d6029b7332c0b7cfd7f423d305aeecd6f28fef,1,0,Cyberstreetwise.xml
+bc5f40825e2152d2725cd095f0af778875bc307c14701f874a651b3572adab65,0,1,Cybertip.ca.xml
+94ad8baa2a8b8607e45229fe2d5c8c43fdc7b53965d519bf47e075878096f230,0,1,Cyberwar.nl.xml
+514030beaf41176db4804a7febd2de28af67e58ed8bdee64ab5ba3214fa5b9c2,0,1,Cykloteket.se.xml
+33d4a5f51d4ac7bcd520f05e294995d9968d6b68bc8401289bcc9ecb0a94ab5f,0,1,Cyphdbyhiddenbhs.onion.xml
+9beab50432900f8782d6720032b6262671d1a04f960e530d7906e866ee798365,1,1,DE-CIX.xml
+5a3b022a658985b87a1a497348ecdca4dc3c29499681e1371f2793b0ab58bafa,1,1,DFiles.eu.xml
+d014e7330debe4f838f895d1ad269f9f67bf5691aa460a86e070c72357b87e82,1,1,DKB.de.xml
+cab182473bd2a1f12288fbf267de9e6bd6d249ba3f7d561186cc3b9eaca719e3,0,1,DMX-Austria.xml
+fbbe70181d1fe5c14edeb58820cc187697663b7ff1d6330318b52242cad50df7,1,1,DVIDS_Hub.net.xml
+4cd351e987026f37e854bf3ecbfc84ad5838db73d9b06f59ad58d07dac65ce85,1,0,DaWanda.xml
+0b1a6de4023a402b4d79c12a9d2b45c4c7d2d309203536bef8ae9dddb5113e19,1,1,Dabs.xml
+39a0ec5f2284937cc5b8e0cf5d1199fcdc3738146fc296224a8d14e20e4f5a33,0,1,Daft_Media.xml
+48068ffeea3bac8f6607d8b7ef042097a830f1ed5141b71a6b03fd73e2322076,0,1,Daily.xml
+73d5451a0140fc08b3eff45aa5ca92daf2bc964b24eb1e130d457035e85ca92b,0,1,Daily_Mail_and_General_Trust.xml
+607ae42d3906148f643091e3d42025c9ffc9997b3064de7de892580adfbee5dc,0,1,Dakko.us.xml
+0d3faf3da32111974235f26aaa4eb8ddc0f33c008708c891bc5cd95e29172e8c,0,1,Damn_Small_Linux.org.xml
+3d69ae3ebb3046ad3f64e32725de287e186478ede815092da1f5d3b7f43c04a0,1,1,DandB.xml
+9a3a5a84f0e2705bf60fb61037f6fa1f0fb38060008cf271575487aba5f4731f,1,1,Darmstadt_University_of_Applied_Sciences.xml
+2d7db66046578cb426ac52ffa00a0fc9091ea3c478a40f085fbfb2105f24d2ae,1,1,Dartmouth_College.xml
+3403f1624cd1350a9d7db9ccc20fe13619099815c6c6641ef55f4d3160338c78,0,1,Dasource.xml
+1cbda5f0a6ccf9c3000588ec54f6b1df0ba73b6ec3dd96caa6cb03da743d0b54,1,1,Dassault_Systemes.xml
+3313bd09107db392a871be91a9de6944cb93895ae79e67fef855166adef81c96,1,1,DatStat.xml
+1e3a6e9548c4695e497f2c70b8e140a688d130c1aa832f6ee57dc3d40db76f01,0,1,DataSphere.com.xml
+8cc5ce1e1d308f17e685fdf197fad2de85a59a1392d4e9b9097857cc31171c56,1,1,Data_Center_World.com.xml
+949b15687d157c91c170a0b91d4f0e1026caa5c7ddb979926a0464885157d9d7,0,1,Data_Informed.xml
+887c98b7b9913c7fdb123653bfb86245f5c77fe664dcbfbeb5dfe31e1cefd6c8,0,1,Database.com-problematic.xml
+a7d3313bd27112e3b58470d617fa23e5c45dad2250b0d024125b68fba7a5dd36,0,1,Database.com.xml
+1708197efa6250816a0daa89684b23abd5b6ec10424c0e588c4f79759269be34,1,1,Datamonitor.xml
+3c5b4f63385fe6f06d57c28f8318249835ea86a015594291a1208657c8cb87dc,0,1,Datamonitor_Healthcare.xml
+2f44a28ecb1cf5909c3f35c13216ebc02c9e1a66ebf5a48c970e1c3c6f9f4f69,0,1,David_Gold.xml
+a9f30668ad595cffb3d3b98571ccc614175c6c2863828db49ff61c5a35f3a07e,1,0,Davis_Instruments.xml
+a57ae2eea0e68d85ded9207e3de25e2e19bb21187e9ffa2ef3c0c4e1f2e95727,1,1,Davpack.co.uk.xml
+78c92cd9b90932227687233bc92ad00e35daf7021423f88e5d6c6fbf686d3666,0,1,Deater.Net.xml
+a00fc19e2917a733c02ce54c7121d6762fafe902c4501f07bda904ba1f5bcf95,1,0,Debuggable.xml
+99448264eb68a506c083d15fcfeb1d01c1649f8ac86e0631a3f79bea64e530de,0,1,DecisionKey.xml
+8e2fb9b334a1504d2a79b1d59bb0b8aac0c51bb9088960524a6f42af8dbe24ae,0,1,Delaware_Technical_Community_College.xml
+45795b36ce0a095278fa9b311648ccb7f94051ed1f755235fb6e378a766c5e26,1,1,Delaware_Today.com.xml
+4686fb4dd00fdb9a389a6b9da295ceeb432f9c119fd2a14f2f1f327d2d41fafd,0,1,Delico.se.xml
+d29e0712614544a2551a71e3e838262562f66639c28b491deebcda8f0c9e9c1f,1,0,Demdex.net.xml
+4a1ace170db113bed5a1c50a465a331a6a6f0d81e62327e320bc2372d55dc5e3,0,1,DepartmentofEmployment.xml
+df8c580f3fa4016df06bc402e23ba34c57171ad3b4b029d327115effc7be03b3,0,1,Dephormation.org.uk.xml
+ce07c0999500f19ce748e5038f1d502022455155d53ba17d506c6a71c6200f38,1,0,Deposit-Files.xml
+481a8ee74a06cd3978b3bfa1638b10f1a2798dcec48f905fd713f25e2cf5d884,1,0,Details.xml
+27f638b7d6ed66f2545782839032081245ea4c84a2cae5f79c7140249165b200,1,1,DevZing.com.xml
+d3ac7da52f675d22b7fc910eb3ed3c950ac43a8ada57c767bdf2ff42bfac8ce4,1,0,Devever.net.xml
+86a1f9c349c7266714c5d4a26bf9e6674443fae524e040bad4cdf0951f73a988,0,1,DevsBuild.It.xml
+24e1a5389bc35d553f48e0b8f0fecc7168ff63096b9115f3e48184e62f22072b,0,1,Dgl.cx.xml
+8f2ff5fe50e0b8edbb175166a44e2877df47e5951510d8650d18960527196904,0,1,DiaGrid.xml
+450f88fd960579ffa22b42f6e3ce2348be724fb59ce00353d742d078e4996bac,1,0,Dial_Direct.xml
+f58a0d9c1c02012ca40bc00fc4a07a08702af0924e7d8e5055551b57c16e4908,0,1,Digilinux.ru.xml
+3449a7d7da46522205fec252bc4bd787e9dfac2f15e635750d9cfafcc825f3a0,1,1,Digital_Photography_Review.xml
+1ae5023d7b4801aa93edc7b86c769faba82f98f393f917df3f9175b5bc594855,1,0,Digital_River_content.net.xml
+6db802e9310e1d721b92abde951d806fb9c9a2e99182795213ea3e4432e495d5,1,0,Digium.xml
+8f24d6a49faf7ac63a5a48b5dfea5d55a076865183dd5319b9cee2f6e6de8cfb,1,1,DigiumEnterprise.com.xml
+ca8710d2eb4a66d458863fcf716191ef82ed5a669710d97cf69c8573e7893be5,1,1,Dignity_in_Dying.org.uk.xml
+05a99eccf708bca913786f423daaca68b711001bffc0af52e173b0f31a38af30,0,1,Direct123.fi.xml
+65f1777abf53781ec3bebfc418b72e91032db63fd973a751ae810e04d7297016,0,1,Discover.com.xml
+ec9525132f84415de401293436c276fa6cdf29948edde5416665e10270bd8456,0,1,Discover_Card.com.xml
+3344bcc1244a1a002611a746364efee114e9347a0a7303600b89410b381b2475,0,1,Discover_Network.com.xml
+cbdb894eb5bae94156db1210de8033c32d42a877330b14af87c4d2abe5f58e81,1,1,Discshop.se.xml
+283b1ea012e127b576f1a2c847cd342c0e984455f87c5b7811f7c5cc2e8a1dc2,1,0,Divide.xml
+f0ac70f0936b229f6b6748635f259cc1ebb6bbd0c924baf792a792af86295fe3,0,1,DjangoEurope.com-problematic.xml
+ced8f070eeb91948e919fc5b49e98b171ead833df49b97ace89db1a5fa124a1a,1,1,Dmri-library.com.xml
+0c2d0599f841a470c303b8f4bcfffe014c25e51080b8ffa4c794350144ab4fd9,0,1,Docusign.net.xml
+50cdc237ad687503006bdeb50c714cccdf0d0f4d2a710d278a51be0a2a94bd84,1,1,Dolimg.com.xml
+76266350e22043e4d07c4a1389165d1f888e7034121235b75d208d58bfd9a8d3,0,1,DomainTools.xml
+cd9c9d875b77202d9bb64e526dd1ae2ad6b5bafc9d4d6ec0806d6be463f5f53a,1,1,Domaintank.xml
+b24f4ad17b97e8bfa9b40fe9399e2f5623d687f5c9c427b312c206b3c2f17031,0,1,Dominios.xml
+93ede45e0e0378015e32bf7e031f23b7a69174c9fe0023fe462549284e8362e0,1,1,Doncaster_College.xml
+555b32877b269226bbd508537205e4891362f82953796a44980ce54fd36b7dfb,1,0,DotCOM-host.xml
+bf7cc0c7b23f6d7fe047d15bd73388dd41815f6f1f4a922e46ab388b96552af7,1,0,DotMailer.xml
+d51edb2655670ea1a910c1f79a85696274ce6f066ae67700baa6207d60727448,1,1,Dotster.xml
+4c32fb438443d2547b3a3347d3b59eaabcbc53f9250ca6735be7dc6b22b47cf8,1,0,Dozuki.xml
+948fe6c1816bb404b4f3fbc4e1d21dd253cdaf065726cc41a7173f1055edb520,0,1,Dr-qubit.org.xml
+d6f6539911e50377e9ea5612c191b82977ea7723730c19d45293b3769b10abb0,0,1,Dream_News.jp.xml
+1699a3fbc0f1c9f54d828666cdb17e2eb6256e59bb3d752cad54207b3c16fef8,0,1,Dreamstime-problematic.xml
+f85cc97315b7e1d8d7cd5a8df8c238edd9e9303ebeb0f84f0dd57da3be87cf87,1,0,Dreamstime.xml
+4b67855f68d07aa5dd62c7b1470af02d953732516e530646752c5aae632d9baf,1,0,Drinkaware.xml
+6dce143c0bfb94e705a21f78d14dd5898868d1a649224c096ededd8910616adb,0,1,Drowned_In_Sound.com-problematic.xml
+c729946041e980450f9238a1177dbd53bd2d7f6d904444a27ff14817e5a8916b,1,1,Drowned_In_Sound.com.xml
+45c19d94eb666e445b664135d6c6c309c77f37517894e24684d63191cb22669b,0,1,Drug_Forum-problematic.xml
+916ea616d827dc5553528be9b879ed28d91007337b9fccfb593c4e624574feac,1,0,Drugstore.com.xml
+cb19a58271da26e0eb7c687c7d6a412de76bccd82dab5ea43c1adf2d4e9a790e,0,1,Dueling_Aanalogs.com.xml
+d4ed3a03f0dcc445f49c298bded76f72b676629578a5a01bc25d3743aea9c8c6,1,0,Dundee_City.gov.uk.xml
+4b6114f50a7b63eaca3c4072be4f8c98e013bb9e4fe8108b47dbda9a99ce8bad,0,1,Duodecim.fi.xml
+d1d3e7884fb59f03c02efe683d1ab6cd77b8d2fb507b4dca01645071c995b359,1,1,DuraSpace.org.xml
+8496afee88e5b9a35c67bf855d5aa960d9557295c3de825652c49d7666beb252,1,1,Dutch_Data_Protection_Authority.xml
+c97bcab9e6309fdd7047f8506ee40280dca5163ddd1e7e7eafa6ac4d2318360a,1,1,Dwarf_Fortress_Wiki.org.xml
+d0699296c13b7423272e4ae5ee1491a8449e6c95b7e1a769008f06d46fc7586f,0,1,E-Plus-problematic.xml
+80532b82c72bbe46287e9506f392e5378023e6766326380c5f276182502af47e,1,0,E-boks.dk.xml
+30b6cd8e0fb7a044f69d7f54ddc8c2c0739afe862e58f483fcf9e61211c4b27a,1,0,E-prawnik.pl.xml
+a236b2041b6696a94edf8eb10f21f2c384c1fdd022e6f93a2a6e97e0cb1d4bff,1,1,EBSCOhost.xml
+5d9191656ca3651a591a01916031d3f755252d09d09a846ac962918f14ee370a,1,0,EBlastEngine.com.xml
+27d5271339b66f984ea5bca4be574e9faed8825be522c825f5ee4a20e4d74d77,0,1,ECrime_Research.org.xml
+38acc77f3a1684db15405c335ffc2053bbb6959ebded1e53a76102e3972473d1,1,1,EMC.xml
+b82763e9cf1ccf4bfcf7ce931d4971bbd5f5d767431cbe015043bdf2e307f181,0,1,EPA.ie.xml
+21af6451e5293d3c590dba9f14d347d022d8ce5d7a06b8d1960a2d7dffbf76b6,0,1,ERNW.de.xml
+771c90d6313b15fb4d41a8c89ac03ef0029394521c105655c3d1aed1a8f44db4,1,1,EReceptionist.co.uk.xml
+1d0cf4aab6228ae65f34ff4ac5313082087f547d0b773e9403eb9ec40c19e30e,1,0,ESET_static.com.xml
+71d7ddf2c70bffe2c22311b10ac6ccbbcb82d057f298a71285e6e14da667b3c5,0,1,ESF-Works.com.xml
+e14997fcd1b49623692ba6542a019182b6f66628abd718680fbe20fec3725e7b,0,1,ETegro.xml
+9cb060c5bd472740cb08ecfa934b189e19567c4dbd35002501a01ec373dda1e7,1,0,EUKhosting.xml
+88f84319acd57ece012e2e66cc7447a8db701037146b74a839c89a1ddd685432,1,0,EUserv.de.xml
+97898e32a15c85d1f70bb1b15f7201cc03c1ebe0b624949fcd4e27ef48619c89,1,1,EVoice.co.uk.xml
+480256c07545a3dd139fde94d8b794e8f8c8374a48c9f8c02d00b2c6aa5efaf8,0,1,EXiled.xml
+c52705978d36a80cea351d25f4b1131be10c653ee5f7aef9fe661b0de448924c,0,1,Eagle_Rock_Reservation.xml
+f81ba5e26253661e9cd0406b4b538625b6cd39bfd2ce8977a526b67b44b908b8,0,1,Eastbay-problematic.xml
+1c87354f2f51c188db3313c9c68460147571ed92296962e148563e5def8ed4e3,1,1,Eastmon.com.au.xml
+332200909ab116588d0483ac47e1877ead9fcceb221724a8d3fa50251bcf1694,1,1,Easy2coach.net.xml
+0b8829a889f400ac3171d5602ff812f5bbd6559db9d6a3d3b835ed6694ef3e60,0,1,Easyspace-expired.xml
+9248288366ee2fc081c11be98b63d9d79069a3f8000c284e6ece22c53fa383de,1,0,Easyspace.xml
+421ade575e2e1e0e75d6c7bc746c9615bd7fe023bac2e3a21401cc6c61c2ee3e,1,1,Ebi.ac.uk.xml
+3d7ebd12328dce8238e333e2d00f53f314ea41fc6cb532d5f48682229e8ee622,1,1,Ebuyer.com-falsemixed.xml
+9a88de16ac51e357ce386b479d2c3a0d2b1e18a1df431478f16e01acdb1b90f0,0,1,Eclipso.ch.xml
+e831540685d0eb166dbf1cc602fd28389713d447549b60997066e3b2a125203e,1,0,Economic-Policy-Institute.xml
+f9f75c9eeb2e7da3b367c19fc86af398fb052e94c251bc9a22a3d3b8f565b39f,1,0,EdWeek.org.xml
+792f8df60f756ad2505db27b3aedb9034fffc3b05cf532fa9474de3284aa16d5,1,1,Eddie_Izzard.xml
+20aa540654afe4e46d8706423b1bc4b2cae3c3498e1ff6cc63ca93ca6957d59f,1,0,Editmysite.com.xml
+772fc66915c575b5e3c2b9330453da903a06e156fcb452206f0b0db4330ee367,1,1,Efax.co.uk.xml
+9346d6aa681d8272cbe2d56d6ba227156205d162fe3aa1ec83db7cd50ea1a8f3,1,0,Egnyte.xml
+0231502d992426f6dc6c8b6488cfb220c50aa5d5a624b854e956ca7f66269366,1,1,Ehosting.ca.xml
+d3812b45da73e759d3fd7d65bc13e9fc5f75d97bb15dbb0a53c4e9e11e9c7f97,1,1,Eimg.com.tw.xml
+822984ee7464450befd847ba351e2609b8b6b34ce8116ab38c54ddcffede5b5b,1,1,Electronic-Arts-Intermix.xml
+33d19feabaf5d7650acfd2dea5a837a763a632626c755caed1bceeb42ffbb6e9,0,1,Elijah-Laboratories.xml
+8c4ce2e6485d6a92b35ebdf64cfb826516669a9ca8b3ec20c32ea7f2ef0bd679,1,0,Elite_Casting_Network.com.xml
+92b5a0f2765dc0209ee35f20bfbab7f44970126ff686c803d592213acac588f8,0,1,Elitepartner.de.xml
+2ccd031d0b13fdad6fb4ab25d9dec34593ab18cc5f62208dfdb64c6152f654a3,1,1,Elizabeth_Smart_Foundation.xml
+03f6035a0d5cd3824fbc733aee7c1dd0d9a48cca2e3b612a7c2dccbd7920b6f7,1,1,Elle.com.xml
+995c937ddd871c8b758697457a5b14ca6c04d0911197fadd29b617391e49a16a,1,1,Emailsrvr.com.xml
+1d5f53d890008891065d1172327c971c2aac7a7e965e9ffdc3feabbe2d037492,0,1,Emily.St.xml
+13abe2167fec64e991b8e89e9efedca61be565e9d4f3b9802f500be922b9cf08,0,1,Emory_University.xml
+661bd6f53d1accd50024f22541da44cd49f15b58aab9e52418aeadd2bb3b2a22,1,0,Emsisoft.com.xml
+db21ed9907ecd72397a925f1a47e5c99e3d84024370ffb30b87b1b5142880bdb,0,1,Encyclopedia-Astronautica.xml
+431fedb9cd9b68a915890080f1eb4996aa3a6edd00e91b6cbcd6749178cf26cf,0,1,Enecto.com.xml
+6418b8410785f9fade87c96494372065791223e8bc6dbf60a3a6db6717d827fa,1,1,Eniro.xml
+80ef1d15e2f1ed5a951dd080ea0f482e68dbdf69d2d26f37c4db7508e5a6f2ec,1,1,EntroPay.xml
+09a7159cbece935f73ae3747c2c83a12d6852f1820ba99d791f6d6a97515c6ce,1,1,Envato-static.com.xml
+2ca4fd68486c7ed9b2229b029b17f898ba1c99c23e7132da7c15e5d62b8de32a,0,1,Envato.com-problematic.xml
+03342be1f13fcbbb19d8de98a172c33e0ef92b8322766df0743b05820413d7dd,1,1,Envato.com.xml
+d6bcf352b17998cd3dd749252c04696198281490324bcf4223fda56d223960e2,0,1,Eole-Water.xml
+1f7601e66f03a3d82babd1dc7a1d477eb37a567383073864f89ed39a28d0639b,1,1,Epartnershub.com.xml
+52a6b9dc4e013008f58b53424d04e899dbf6110a1d6ce7b5d8eef35a8a399a5f,1,0,Epic_Games.xml
+6b9e08f376753aad2163601f78b5051a819c4f2c54c54be0c231f0d44d20cb26,1,0,Equip.org.xml
+5acbeae1638df64a1e8ab2a261d2b3f810300c376824e2865970d0a1932cf595,0,1,Ergon.ch.xml
+40d2bb3f9270e7cf99f2bf2a446888d4c7162b079f5a196e0fd306ca7ae6c810,1,1,Erowid.xml
+b4ebbea0286d44564b7e8984bfe2fe38ce080b1390a0d6d37315d0993dbedd5d,1,0,Etarget_net.com.xml
+8d9add38a1725f7660e8bc03f9f6181886dfce418c3a726cef21f6672eee6955,0,1,Etipos.sk.xml
+4db319b5a12d2ba768b16e2ffcb6405c1ac8960c7f052decd7ff5c547a334c2c,0,1,Etrade.com.xml
+ae016ec38dd372b50f679c03442479c2df1eee65fa59a7173a1548e4b289409d,1,1,Ettus.com.xml
+b91a2bb082396988a0d23bf4de0e9e620d647828cd7b1abf9ad5d1d522d8fbba,1,0,Eurex_Repo.com.xml
+dd2ca763bc144f188f0dc08bff984e6c5f950860d9fa64ad3840af10bcb40832,1,0,EuroFlorist.no.xml
+eb2c414ae4ec2c034261b3cd828b87ba62ea8fdf6208052149c7cf7fe882bbbf,0,1,EuroPriSe.xml
+c3ce6b72a929adc8d7e227f86884c300979feb2a571c85cc44db4262eaa6881a,0,1,EuroSmartz.xml
+6d3e2a1d8568935ff376e011fa835b0a9c78a06c40eeaf5b9732abbdf0a27808,1,1,Eurodiet.xml
+2469df0235c8a578f6a3574825d70473517e612574f5e517174cd8ef453c46d1,0,1,Euroforum-problematic.xml
+9f07a1cd07e17aaef37455a8e6927200da4633d51836089d790ca00caa2a16a3,1,1,European-Southern-Observatory.xml
+c7d1a78c0d09e8db961d0d711d81b4967193f1692e7a23198a996e9dc8dbfd29,1,0,Eventbrite.co.uk.xml
+1213b9bcc58aef69599cda534a1140050ba6a542bafdadd27e62d1e88b6e3b56,1,0,Everest_Technology.xml
+de69b2a8fe3a9790c9aa7ce6435db3ad238567356e1a46ca1d374aa7944cbe31,0,1,Everyone_is_Gay.com.xml
+946a4fc3e8ca86971f8824a4576d947fc40b7fb4d50852f9604278a3d0f97ec1,1,1,Evo.com.xml
+bb9a0e1c85c28f8f09687aad733547dc640569557197fdb9be79b85d9ce4931c,1,1,Ex_Libris.xml
+83bc5eb214726e5221f5161cde0d085ac4d9c225d08c4611b6b6adebe8ca3c9a,0,1,Exaccess.ru.xml
+6841328fb4f2cbf6061dad6d4e8891fe0cbc9ff71db8155d4a10e3cb15ce1195,0,1,Executive_Interviews.biz.xml
+b164ef892520be08098945612a434b74349844dba5c7fe618b2e9e0b06fe70ca,1,0,Exinda.xml
+53d157231d09238b4b86f5d623b23cafe9e649f542c15ca65c93e4c03da3198d,0,1,ExploitHub.com.xml
+03b6227bca68fc7f7a99a9500fedf38d07361ea41dbf5e823158eda5e600f00f,0,1,Extract_Widget.com.xml
+d08eb1b730ce427a740e4b6366d314802a3b25eaa1ce165588d8df0cbf21fc80,1,0,EzineArticles.xml
+76e1a443721c7c57e7976241d045defbd2218dee42cbdef6a13472e13d9ff63b,1,1,F-CDN.com.xml
+dbcecf1c78f18bfa326267e0ca37f8f94debb98236913d73092883b39df4f204,1,1,F3images.com.xml
+03aee00629e0916b9627f907484ae885e2b9e783dd789c7b928dff3dee8da925,0,1,F9-Distribution.xml
+6635f4155c42dd8f694a85079f66436a3cdd466391b4814ff640259a9a9bd698,0,1,FAPMC.xml
+15e11d918a3d88dbfdd81e7faba1cfa99c5aea57b821c35cf269744465990066,0,1,FC2.com.xml
+b18bfe335ab271a0aa72bbe6836acf7b4a9fa299cf03b54bdca37aa90842ef16,0,1,FIFE.xml
+32dbe7b9807abb304f2779ad2ca7e6d939200e54e61607df80c8cf553ded77a4,1,0,FIGUE.com.xml
+4def65d5306408980eddf9267615a711b000ad48c4e177c6cea446ec6f822a41,0,1,FLOSSManuals.xml
+ea855265939a7763f890048183a4e9b27a37379adaca4db01df723287905e954,0,1,FOM_Networks.com.xml
+d78b9c027b108b40f4020703d1bc5b49e10ad84b7d1feaaa88e6a33d76666cb3,1,1,FORA.tv.xml
+64d7895f2f69cc720e9d958fb3a212eeb0ca68716d33b408daa6721f8ffafcaa,0,1,FOSS.IN.xml
+acf8d20b89b6d86853af14f1e154f2250fea106c13de2229bc831a897513f402,1,0,FOSSBazaar.org.xml
+2becbcde3ded8d4be896e314ef4d27afeb6d4db55cc8e8e2fda9625f47f64d78,0,1,FSU.edu.xml
+b2085754d0d68fe106aebadb88e72508f4e20b666d9e0ce2cdf408ca9e9b2609,0,1,FacebookCoreWWWi.onion.xml
+8767c03d704f5c34d0add741e10a7faca4c8f782e4c1c4e56f154acfc6b1b745,1,1,Faith_in_Motion.com.au.xml
+ab23648bd49cfe3cd9e3192b309fb18e60a64b3e908ea3299ba56583f0f52834,0,1,Falcon-UAV.com.xml
+6e006939a395f81dc649d4340231a869144a3720162e9fb3fadcefe86cbb3509,1,0,Fanatics.xml
+9c51c5f3685da502281c46d976f7ae3bb8b9b2ac9799e41eaf7253c170fecc15,0,1,FastSoft.xml
+e4333c0ffe626bd8aa67b64f9330a2857ad0392362849823d2804fb736b8c1d6,0,1,Fast_and_the_Furious.xml
+cba56bcb5b38b490a1ab63f0244c457a86793a8794c5e7ae60aaf2782c302334,1,0,FatCow-Web-Hosting.xml
+3b9a47db267c9a3cdcbd5b4e803ceac9d44fc713e99b99169b6876e8a5ccb0af,1,1,Fdworlds.net.xml
+1fe4b4c61b741995024b05158f8b082a8da905b3578624c82154a54ec6f692db,1,1,Federal_Emergency_Management_Agency.xml
+8dd2fc317fa4af0eb6299a4d9fa1ae2d4349e162258277903e16e5ccfac8d571,1,0,Federation-of-Small-Businesses.xml
+19c52d9111010e02b10a06aa009124959357ae9508639bb225e3a73989600d3a,1,1,Feedjit.xml
+120bf2c17ec6d85fee4a5bc1857fbe29f7d40ec9243c4da31c47bdcb59d9e96c,0,1,Feefo.xml
+274d8250863f1353526859ae21132138f2b7c29652d8c7e6c2b698a2504ad9f4,0,1,Fenland.gov.uk.xml
+e86d5e3ca3a837e961b2ca3031e5cdf8d15a4297ea12fda82280db4205b00c67,1,0,Feral_Hosting.com.xml
+1b5920ef6d56c0c4eb59282a72ded66e32afb565efe04e5f417a2b3c1acacad9,0,1,Ferris_State_University-problematic.xml
+7000307b3415118c4d10f8b5a68d875b64b0ba75042bc1cdba066376be025eee,1,0,Ferris_State_University.xml
+b415e81d1a66aef7b49d2569612f1ca6eb70cf80ed84d2dfb6137889d95d5a5e,1,1,Fibank.xml
+6c5fc7be0086b16f85edf4e13d77f5bb86d0ff940e14524e7cda87bfd30a7bbd,0,1,FiercePharma.xml
+03cac8045c0788bdb20a69714ad5af1627ecb48ba8e82a9d67ca83e7c1a3fa85,0,1,FilesCrunch.xml
+db02c441a91bd19ec19af65177aa0b1ecc68cecd2b6d10c8c362c6a335ffa284,1,0,FilmTrack.xml
+4b11026e46676ad595688a56f829cd5c7a1c4c1d167d542a02e48452246f919f,1,1,Filmdates.co.uk.xml
+d07188d89e618288aca51dcaffc90b6ed1630596512f0def5d73cf3049bae44c,1,1,Filter.xml
+20ade5eec380ab16ee4861c6086b39ec5beee7c33575e8f1978e5d9e3e8090ce,1,1,Financial_Post.com.xml
+85bcf7d5f5b5493ceae0271fe97f22164c904a463c4f10935274615544b5e4aa,0,1,Financialtrans.com.xml
+efcb4402229ed43863e8ac8eefcfcc9f73cfea6ae53352269795b1760d0e0a90,0,1,Financnahitparada.sk.xml
+e74290fbd951caf49445188e6d7d3d1a5e4f0880f0355ebb3f5461266fcaed5a,1,1,Find-a-Babysitter.xml
+ea59a590e5d74dc8cbc7c6a92cc0ae74cf6e0f509ed0b458580792958410e339,1,1,Finka.pl.xml
+552bd8ab83e0e59b4196d9ae48bbc364136198778d83a89bbc07c068d58618a0,1,1,Finn.xml
+c2a6e87647595dd9487c3959ff5cc3b598bcf08ccbd358f24f90b988c478d8be,1,1,Firedrive.com.xml
+265ad3eacbfd50c7c49f935afb3673fa55071a44114e1ee782e21f8f25a29f84,1,0,First-Central-State-Bank.xml
+711d4855340b3dcaad02671121099aa096bea856730eebec67c4231c89ed2a2f,0,1,Firstfloor-Electronix.xml
+c365305889b7baee90f2f7e899440b24b8c5b3cb994b44c00530cfc22ed52468,1,1,Fitness_Market.xml
+d2e39a36b53ec8c0d0923f33bc1d08dd2c530cb5f8c44ea496ba54c78580dd6b,1,0,Flightglobal.xml
+6522d1c1e1b9929b26a29d9b2ee2d1640b7e2a95d7a1e651e00904212a929095,1,0,Flinto.com.xml
+8ea7a8f22b03f1b163013b35d0ec7061ecf92eeddcaea9df4196738906859924,0,1,Floating_Hospital.org.xml
+b2b785c62c6cc9f4ed815d08e4e8d92e9349e72d303e9ffdcca16b74b380b0ac,1,0,FlokiNET.is.xml
+cb0a3d716d8f22654d96a8efeb32590ddd38adcd3ba9ae62bed7491c5e5486af,1,1,Fluctis_Hosting.com.xml
+3962fca2fa36bc16a4000801f7f7abd4d2ab6f5445da67e238a58fcbe23801b4,1,1,Fluendo.xml
+daa09a73d487052e243c63b74efb4e69273117f17917c6c7c15b8797d2cac930,1,1,Fnac.xml
+67380bbdadbe0ceb6daba1a7b93df6aaf590634e21be8c6162c07e2ce6ba834f,1,1,FoeBuD.xml
+7558cde03eaf45908c8378ed2f8ee64f34b9c3b69f267f128f75cf7e54be4c56,1,1,FogBugz.com.xml
+2c86bb4df074f731101dc6d4c65a35e0e26f30484aa4ade5a0645eb4b3c98715,0,1,Fomori.org.xml
+b50cb36cfc409474b96f6198d97d5229a1392b250965bd62553b174ae393b555,1,1,Fontspring.xml
+8def6206ee5b7f9f38db5c672cf6a64ad53a1217101909377e2fccaff4fc3d61,1,1,Food_Protection_Task_Force.com.xml
+bdeb72219338c7525ff16255af8d59fe4b6e246b5c8f2fce08f927a1b3d343a9,1,1,Football_Fanatics.xml
+a8ef5c027115c72025f427f939fa975f347e05e75001dcebe886fb8e76a5771b,1,1,Footholds.net.xml
+2656476357b57487509d522bdea0c4ad5d18edd3c9c9f2009be8b7e59e5b15c7,0,1,Forbes.com.xml
+ff3b2c2c74f4bae0b08249a9f3f0ba9ef3f45145f13adee065b179af0c366185,1,1,Ford.xml
+983c37c96f4294151ce45eb1842e69f2bf77a7ac3bd869db4c8c5d5983fe673f,1,0,Forensic_Institute.nl.xml
+7e195fc75d5b0faaf7a9fdfa19d0098ca2480cfd7716e492fe87b693279250a1,1,0,ForexCT.xml
+c67682b0fcfb5b328722d84fe8c192e393451f15d3deac0324c37c193edfe68e,1,1,Forgifs.com.xml
+5e8fc987828220c55b34c788b14e05218dd72014343d7d968aa77361601bc7b5,1,1,Forocoches.com.xml
+b6fc958980c2540d31f01eb6ede8ecf78e1430e81c407db0f84972ba310630d3,1,1,Forrester.xml
+863eb0975b9e8a5f88d3c76f5e7a371f31da838afaa684d1ec341add947060df,1,0,Fotki.xml
+1a248675d605c04901e6a2e6ba54332eeacca5a8eadb46a6d405d4a0ea1dadb2,1,1,Fotocommunity.de.xml
+f0fcfab8df8d22bc08e6ee92df4f201538ace2bf944be743223cf251d26c3c46,0,1,Founding_Fathers.xml
+23338597645b4a3ab4ff7b8841fc3efea480fe8444de694630a0462795c8f746,0,1,Fraternal-Order-of-Locksport.xml
+1a364af118ce9c0abcfbaa7635c1e0fba64baeea937b98e2cd06c80447faf42a,0,1,Free_TV_Online.com.xml
+0d48c14e2a05d9f90f4134baff79e48ca1778868b0491e7c7dc3043585d73ae7,1,1,Freedom-from-Religion-Foundation.xml
+dfec799168fd8446708a1540518f2829c0d71890a380ae775ed4b73ef262b88d,0,1,Freedom-to-Connect.xml
+d12551660a3ca3f4980666deff3758cc065dcfd4afa22807e598ead97a27a859,1,0,Freelancer.xml
+d0da63b8cfb124503218f5d2fc8e2f6de394eec88e65d7f44dc5b9e346f235ae,1,1,Freelansim.ru.xml
+5eb2f3c83b0135ef3f3022b665f265cc4c63b9d243d992fb4de5320a1c4a3026,0,1,Freestyle-Capital.xml
+1bc4e86cbfde644d76b06a2d42e53d2d3ad77aa44357b51fc3cda52cc13398f2,0,1,FriBID.se.xml
+74573855013be34cb1230aa388418d4134921cd8cff3db47111c1ec2fd3a386a,1,1,Frontiers.xml
+2ddf3d7696afa689b74e12c2dfa48ef10271c57cf8b52696ee584a5bdb09f03a,0,1,Fukuchi.org.xml
+b21f0fb6b215d5268425723bc75a19b326df831ea863d5a922c93c2edb08f1b8,1,1,FullTraffic.xml
+13a95ea4410e4b787d109639ceb3da60ebe59216893d7531fc6b6d35f2d1e1e1,1,0,FundRazr.com.xml
+0bf864d504b62b444ba798f46ae53acd1fe189b12bffc4c4a3bd9e4d144fb61b,1,1,FundaGeek.xml
+362fe4f58f36e45d49519cf808a46332a95af9c4cc9dd53a40054fe7989e92a6,1,1,Fused.xml
+f8a0422cad5ad0b4a9f2a4836d9b2354bfb7edc7aee9bbdaeda92dc36db5a6c0,0,1,Future-Publishing-mismatches.xml
+f30174c08a98d016d113a5730a45f4bb74099691dd3ef1d1d209d4f6fb7012b9,1,1,Fwdcdn.com.xml
+8426250d81f5cf4ac0d7d28b3c6506aae55186217010e055b523c7dc48639353,0,1,GAME.se.xml
+2da66d8b6b9143da5aa3de021865c3a1bd02324eab8038002e48a2ab8af86185,1,1,GCM_Asia.com.xml
+f7bdaf4a797376040d08fb18652d7cf0eedb8ba7906904146eb43b8a358aa5d5,0,1,GIMP-foo.xml
+8ece7b9a55dcc63fa7784890ada48016392aca3f34f12086284dc2dbbdd0e50f,0,1,GND-Tech.com.xml
+ab1451b0683e0014737f9f57f3e9f414f215dbff35b08fa8cf126e8d83c836c8,1,1,GNOME.xml
+9f9228d01a61c6c36749f43229b861d54f380cbfbf025469bced8cbdc2e08e55,1,0,GOV.UK.xml
+b1eb04822cc82a87c012a5b68622ca2804ddfa57f90165ab739d30d11afae09c,1,1,GO_Transit.xml
+6637d47a74a578146d45ff4f7aa375670d1aea3d1e41ed9a5e90284da437812d,0,1,GSU.edu-falsemixed.xml
+ca4b0f161ae75041c459ce29e5d2966ec73c220edf13d44cd43105509be11b84,1,0,GSU.edu.xml
+2658ea2070b54f5a51b5fed1141337e3b434ac2f1565884145c41b83c8ac6d15,1,1,GUADEC.org.xml
+943674e305df6b496953a700700d1e3301602f43f60cc1cc5c4b75f3d68d4ac3,1,1,GVNTube.com.xml
+37d6faf5ddc13f30dcaddab73cf89f5ade20495ba8ccabacd2a5f421c21a5990,1,1,Gallup.xml
+fbd7a51b3a90aa1e07e2061cece575928087594dbc159fb455b21f690775cd49,1,0,Game-Link.xml
+5d2394c351034dbe321e2c1fc675bd412c945a96aaf98744da20df4db5da97b3,0,1,Game.co.uk.xml
+34f8f5a92ee97baf0e3c14603fa42b65b89edb99a8e71c61877a933811035f4b,1,1,GameDev.net.xml
+51b99e7a6ab7cb4d9587ef4dcc9fd043d88924f3ea6dfc4268711dac06786606,1,0,Gameological_Society.xml
+5e479c67a14059e5d1d97d5c0dfa59efd46a91a731b7fa156731be0b1f9b06ab,0,1,Gamersfirst.com.xml
+3d51538a88733634e8692d273367853c40373ff980e6e63d35b98f1711854c5f,0,1,Gamestar.de.xml
+086c57cd99754d4786c53464fb9d076de23fc5af2127c7c9d534aa9f364b8635,0,1,Gameswelt.de.xml
+e031196f8fb6b2a3483248b387d37371ac587bfa8bf365a6f13ec2aa7c0b0732,1,1,Gamezebo.xml
+f639c545ed1cf318fe0e2bb27a8fff4e7253d59e9f83b06a8364ce5eee77abaf,0,1,Gamona.de.xml
+7a776fb081a9777f2314af66dfdeb753ac52a3124f9c46b7a400de6683ecc2a6,1,1,Gandi.xml
+035809e9f5bd95475a0a9b411c7401dc0cb02d0343ae1da2b72635a1f64ff652,1,0,Garcinia_Cambogia_VitalMend.com.xml
+cb1de2017a67592099d5d9c954c7c56e2e98bf32c7f265b9be519fbf869d98d5,0,1,Garfield.com.xml
+380a8d1eb10fe5a945578e4b2e76ca99abe4e00fde55ff1ba6937f8936dd35ef,1,1,Gasngrills.com.xml
+d282173eebd744c9e5761a975e9b6b5086e86ea8cf51c7803bc78ce8eec8f0c2,0,1,Gate-Crashing-Org.xml
+932651701c5fd6b9c5b272299aac182c260f3d005d9cdd624538ac5055bcd8af,1,0,Gateway-State-Bank.xml
+77d0072c08ac8a2b284de4354a9d9da5d9e3fbd2dd97532fa85c51680c813d5c,1,1,Gatwick_Airport.xml
+c325bbe3f25bde17054d2c65f66528221f834628788ba7c6f8275260b5294347,0,1,Gearhog.xml
+080439aaba8674d999ddba8845e23fa69c525446f11c7005c2bee848774cacc1,0,1,Gearman.xml
+9257553ea02a0d51787652f8f4144143fa4bf995632caca3a620f37e8f422552,0,1,Geekheim.de.xml
+6b70c3919be0ccfa44e991ff4e084fc38f51e4de86c8ce7e70d4e2007089f087,1,0,Gemius.xml
+82a575bfdd7c91f460c75b2c61c90f9b145af743bb17a462df5388d6ff93a9d9,0,1,Gentooexperimental.org.xml
+96c69b44fb2a6ff797e5ee08ae801303f2b36ab16fbd93f5d64a97f4162bde59,1,0,George-Washington-University.xml
+055d3a6e5f8d3e036c6c9f0a2e52b87fb76fdaded2e6768467e5a12f346eacd3,1,1,GetHarvest.com.xml
+10a621bf9199c08e61706800651e79887f7d9ab2eff080fe2c6cb96b6f18d664,1,1,GetResponse.com.xml
+ab59869864ab49f92b5999cf790130235959fe09824d4eb99e217acf4d93c856,1,0,Get_Safe_Online.xml
+682fb5bd1da5ede92efb99ab0044896bfdeed95c4a03ad363f48344f6c992f52,0,1,Gif_Gratis.net.xml
+fd005c94136bf38d49cb6c2e54e2d1eb3a1dcc47b14839e428c31a4e8fee16ad,1,1,Giganews.xml
+1d63e25cc0439afe39fbd853309091e58c612ef16c19421df703557c98780207,1,0,Gigaserver.xml
+f5298b32c824990297a18e92474c36a5d1b344ce7951b529a48dd0d6c2a9e620,0,1,GigeNET_Cloud.com.xml
+51e006dcc0faf9e3d034d633d244bbf7fb278b7f49388c9303bebb5d64d206b5,1,1,Givex.xml
+1d543c058797c2143e84af0016b439cef391b95b81a938a27400534400e3fc5e,0,1,GivingComfort.org.xml
+ed076293b391e63d4e03d8e9d6de8bc45e2e968273c10131468eacee40f1d08e,1,1,Glerups.xml
+745c86661e057217d3f6d9001632956d24085b474525744996044b02aaecade4,1,1,GlitterBank.xml
+9ca0b92729a85ee245177e7a30e4ab554cf09245017b322eb486667b90d30d2a,0,1,Global-Footprint-Network.xml
+bbf4d95e8b1cc5c2a5b862ff0bcae50fd87a7f055d1a085ee68a9f9196b445b3,1,0,Global_Human_Rights.org.xml
+28d1e935698d7bf9cdb4828b3fd4e933daa8cdf6934fe4e06bfc2820be0e81be,0,1,Global_Promote.xml
+2048765e5d20395f03f87f9fab3ec0691426edc106b94970fe052f1a7cb74e9a,1,1,Globaloneteam.com.xml
+5ddfa3a482674b780d4e0cd81e3ba0264703fe2b42c797a132127a132df0f974,0,1,Gnumeric.org.xml
+a274061c2d10fe93f56a7434e7f541897c64f1749bf842bb7d167eed03b32155,1,0,GoGetSSL.com.xml
+b4741f899272079753bb0118f166d0130bbedf31d16434e9b8127821fcc41f50,1,0,GoWork.pl.xml
+8035e4afba24967890b6a797e732159e2a135c28742d91b63f4ee5760fc980dc,1,1,GogoTraining.com.xml
+1857fb8f5f73fff134e4fdda43db8c16d0c9c22dcf0ac20fcf3ee2a846a022b5,1,1,Golden_Charter.xml
+9224e11b4b259be1d60b4d65c3903a9b2fe7403753ce0b1a540bc526cdb8e21c,0,1,Golf_Course_Industry.xml
+7fc9cf927c9b92789e3d57fde87b70aaf938b68e6b71adf4319411e2af1c67f5,1,1,Goodsearch.xml
+29c9afd965ed16539ae8450e714cef305ac462c4e59e30c4d12d85e63ca058f8,1,0,Google.tld_Subdomains.xml
+25c3f0f876658542a6ba1aa3b085d847ca547e3f03f0ece8b6b11ae4e08dcffa,1,0,Google_App_Engine.xml
+fc2c55f71e70b59c18712e3ce183d824f45432bc691882aa9a2990d64c8c0f92,1,1,Gotmerchant.com.xml
+8c2e217fca6c4f32665fceb124225f04edc9b8c01a403aedafd871a33c9d79ce,1,1,Gotraffic.net.xml
+2e29082cb5f6eac2d4995011751e0bef076bd568f46b022684a05e13edd48c7c,1,0,GourmetGiftBaskets.com.xml
+38ea979b7f650765d00622f7919e2589f093c8f0df62b005e1ee37f97e821289,1,1,Government-Security-News.xml
+adce25fe2ad3aaf12d9c15ea4ea6d9cdc060c1c52203c24c4a119f5c27e8c1f7,1,1,Gran-Turismo.com.xml
+7acff386a3f3713706f4533875c469e978d785fa9a072b750d010fe74ee2279f,1,1,Grand_Haven_Tribune.xml
+a86f4c61b5cbb47cfeaf651f2afd0fa4ea39f82dd2e73c927622cedad59f86a8,0,1,Gravatar.xml
+b7d75abaa69773098bd0b108a48aa4cbde2c00a211bacca52b107728f4230fcd,1,1,Grays-of-Westminster.xml
+6320c8a92fc89f7e04d91bd84a2570081ff7ac69ed87e0b5d3ce0055c3361b3c,0,1,Greasy_Fork.org.xml
+e4b6f7597186eff47f30a38f678dfc3d78db9dc04515fd3ee31e8831e0a743d5,1,0,GreenSky_Credit.com.xml
+054ef9c8b5459c29b97998aba9220474e3af78bb8af72316267560fea5174ef3,1,1,Greenmangaming.com.xml
+4988b2fe799481ffac172ac384a3951b46cf89ceda1461bf82522f468dcf566e,1,1,Grenet.fr.xml
+fc54f1280cad1fec94aa76e4bb91b14123e5f45ee89eacc58b0036334fd2d4cc,1,0,Griffith-University.xml
+c7a62209b05fc531978d48bfc38e9e0957dba51b78426f846743ecfe403723cd,0,1,Grok.org.uk.xml
+9fa1fec5b01de3f893162bb05593529fc9b9f40bdf02f4b00b6ffaf7a0d385dc,0,1,Groupon.com.xml
+bd99858b4f66b9655911910da919d75513c6be1606c9164b386c4df7e29819e6,1,1,Growery.xml
+7478de441d512f4f0f07602b17efda7bc4badbf0eee160a17e12c0492e1d6f10,0,1,Gsfn.us.xml
+a7f7e0bd7f195a558edb2fd3065eca2849c73dd757bbbf4f840482bc19781fc3,1,0,GumGum.xml
+f10393a60f224ac6a9127c33276d931066f78669a28786c577f068ac64b77b0c,1,1,Gust.xml
+4b4b09de35ac29ae3cb87642e66c4ae08593682c7847394a93c8d378766b5b41,1,0,Gustavus.edu.xml
+0ecd9594e7b04bdb9476ff3489d64735901f9230617b1d0bc8cbf0b0743ae62c,0,1,HH.se.xml
+6a011c27d3d1eaa622e81bac1766aefa2ef91699ef6e2c335df418719e2b168b,0,1,HIS.se.xml
+b7c742427b63875bf405b4617943b5e508ccf8ff4761279452ce909a2aad22cb,0,1,HKK.de.xml
+d09bb4ef7ae7ddb86f27ef0523b00a1e399bdc19cdaea4c3cb0dd86c6e6afdce,1,1,HK_Yanto_Yan.com.xml
+b1b43be7076c4ec828a14a45a16b5d0ac9427622b8899a87870920e1758b6532,1,0,HMV_Japan.xml
+805072ec20886e155a2c5688d1ed727a1f3f331fb607c2af876e2a5a0950821c,0,1,HSLDA.xml
+335c9d1e25fa8c3299bc8c25a3b21214cee62a69f8d1427fe405ffaaef5e8e90,0,1,HTWG-Konstanz.xml
+160cf059aeeb642add9c979040f1b60282a01c9ee49234f64bd25ed4611583aa,0,1,HUK.de.xml
+d97fb94656263a08627931829f3707297aaad16a2780d7efbc08d9a0e240af5f,0,1,Habbo.fi.xml
+2861461aaf5d9e64c74085dd5b9d240404207f44222cb49f8ba2cb1f0e3c5789,1,0,Hackerschool.xml
+922b403278bc9ae839f646bd231dd9ab11950ec5744da127a5e185b3eb1c20c6,1,1,Hackpad.xml
+51b17752c74062183224769643033cc2727e3263c0af2d83072f8f4fe3d30d51,1,0,Hafner-ips.com.xml
+36f8eada3ef9157fd9135fb2507307fc0a40d90e3f2b9727e1e483301180b35f,1,0,Hammacher-Schlemmer.xml
+c4c6765b82c3995fe1018d07d514748b3b1dc77463bd7f9745d4f81c89729b7f,1,1,Handmade_Kultur.de.xml
+a8183b3aee9c2ef8f331f6d2b4a65f99819fec523ff1df7d10cb69ed6fd7c746,0,1,Handsome_Code.com.xml
+0b7c9ea36c20bcc97958b4e3d5f6937282a35e3029bea14e6dc4fb95b3c17e25,0,1,Hardcore_Teen_Girls.xml
+e6f358268ccbfa9123abd3a38088ea30874f0fc2f7d577d6729117981c403c3b,0,1,Hardwarebug.xml
+33be37ec857b9b80c74e0ee3a9ad566bba7cdf793e076c4103427d1e5413f761,0,1,Hartware.de.xml
+1fcec52d0a6f3e89d64966ba878969749e4df9718a6500d911f5d86169e3beab,1,0,Harvard-University.xml
+db16d5037c30da9f3b7dcdc63eae06752d0a06a2f0cb2d1c16100e634db2a5b7,1,1,HasGeek.xml
+60daf8c2e3d24d7c737cd3ce182129c92f83bb25df7a66564b97abd5e2bced90,1,0,Hatena.xml
+8f3ad2dc6d52fe31fa281ff5c01e682f9275987572f2843458b7fc5dcb0979a2,1,0,Hawaii.gov.xml
+d23e1458e9cf3368a9340b486e4ed69d17fc5adce0d9d1839e7894ca3e5350e7,0,1,Hawk_Host.com.xml
+591930da4df33140beeaa02531b0b95e5f5dd8dd20879f314626f0eb2b187eae,1,1,Healths.Biz.xml
+04b1d51b64b57d6f1e5e899277205f72008d30b2db3cb6e69d40f7e334496bf0,0,1,Healthy_for_Kids.xml
+3edc0a640e42edae30c61c2af5a8e5b77455186e1d04c99b01235e248e320a5a,1,0,Heanet.ie.xml
+e6bd96b0e0f28e843af136c5fcfe7c0242778ff4aebe391eb57b29f2058a4511,0,1,Hearst-Corporation-self-signed.xml
+5a7c989104fae6ba6f4ee2a80242fab2e700357e5136b4e2f3bb235c6455faf5,0,1,Heartbleed.com.xml
+96303816b6d137a8ff22001e5a124d294fca5f073d184f8765d5fdb83f751f1e,0,1,Heimdal_Security.com.xml
+580d999997747a4097f5114244ceb0ed663803d141aa434b26b978c932efd3a1,1,0,Helpdocsonline.com.xml
+d242b4846eb0d61eb9e9d0e22ccb607616353391445d8f19e729ba9fe142a20e,1,1,Helsingin-Sanomat.xml
+820014421008b3ca657f912ac23f3adbdad002254ff6c94d5004483405ae083f,1,1,Hemmingway-Marketing.xml
+8291b5a137d3ec0d772b70f8d45a726e19b73dcc871494c813b61d0440886a7e,1,1,Herdict.xml
+25d4cb3f8b97c04d2b175c9f3d8e42df52bfc92fce67e743f57b5fdb37e86471,0,1,Heritage.org.xml
+69c3d0cdb2cedd4d13e8e4147bf4659509c178c0939ff2d6e9f41f621b55433b,1,0,Hesecure.com.xml
+95365d0076da114c98b41049f775b4e36a52bf8297842da9d533802ef3317761,1,1,Heteml.jp.xml
+93a85fe7954fb1d3f5226dd1ff4a98ba918d5a5f028d76ad0b519796e19ec8fe,1,0,Hetzner-Online.xml
+f335a4751adf7c6786b7521e5a699c6670cc3af8848778a442c82d764f118c7f,1,1,Hexonet.xml
+406fd610e2e705adefb26d72ada5b00607b27dfe683c2256efecea7ba1ed2e21,0,1,Hi-eg.xml
+7d15b6ecaf6ddcc637969553f0be451889bf2e45df35bfcca50aa3be43afc63e,1,1,Hi.nl.xml
+4307221f40a691dd191221761ecca21f6ef5956badce47258674d0cc030e453a,0,1,HideMe.ru.xml
+bc67427308208352d8a5a1fd4410b16fa545f7b9a6925155b05c146708a143b2,1,0,Hidemyass.xml
+f7af86a5eca73af32fc8ee59537226bf655617bc2db7bddc234ec7f3cae47254,1,0,Higher_Education_Academy.xml
+137fdd1f35698ccd261aec56e9aff59539e25dbb1d19b78819c3cc899097468a,0,1,Himediadx.com.xml
+1654debbc84e77392addfff21481c7d0908bb592c819a281a1d59b242d618e9b,0,1,Hitfarm.xml
+9adfaca1c0c2fa22166e4ac6749d4cfa121293e9945cc576b4530ea2d11a6578,1,1,Hobsons-EMT.xml
+8b5a732d5ccf78d73a0256acb161bf426b82ece7d1c75d77cd7b162db7eaedd9,1,1,HomeBello.xml
+2490e07912567101b6b4e07fe81d9ef66dc72ca97e1a8d3653f0cf32e43bf667,0,1,Home_Depot.com-problematic.xml
+7b460dff8a2b02d81df02b9d9ed829deb2dbd3d850c4536babea038ef2968ec4,1,1,Home_Depot.com.xml
+ac2f39b160910dfceaec540d188711e609245b31953c4a7740b9ddc2e7e7bc46,0,1,Home_Depot_Foundation.org.xml
+2d8e92f61fa2c3db92ca33b37933c4c6d7c9f3deaf712dbd4a9a31c4c4a94f51,1,0,Hosting2GO.nl.xml
+f9324749f745dd11d192d3e1b9664f2ca11636d60a9fc0ec77e1f821f39b432b,1,1,Hostmonster.xml
+caa78015c31b2b090cfbf9889caeb1402166faa48b75fd458874a52dbc06fbbd,0,1,Hostname.sk.xml
+d92eaeca0ceba278ae0843bb88be513630b35575dbfca641218c1115fc4651b7,1,0,Hostoople.com.xml
+95fa1eedf4dd91a07eff39c19a55e9ee97fd25a7b0fffb216c4508df91750aa5,1,1,Hotspot_Shield.xml
+e981fb89c3532e8d634681500de73da305cf7da937febc2a2346ce347fe14167,1,1,HousingWire.com.xml
+6c4a837e76f1df70409a02545ca923c1bef94e7a594fbdbb2a7e417e30d97426,1,0,Houston_Chronicle.xml
+79b67385e5095c34090fccb7de8b28850d1a081a776f5aa319318bd9a7c52d7d,1,1,Howard-Hughes-Medical-Institute.xml
+51a4120fc58d65fb2592da7322ae24629f9de9d2f7296ba2492771e06f062f8c,1,1,Hudson_Valley_Host.xml
+ffa9a50df3e8b93b0681cd903f99fceba361d148f82059e0368c5a98a688dad8,1,1,Human_Rights_First.org.xml
+7c965cb2a413ccd64e7ed9dd9044fe709db367844c8a60a4068a5051f7d5f684,0,1,HumanityPlus.xml
+cdf1b44b1b634ef96a8047c2c063237f457522acc532d4512d652ab469e52f32,1,0,Hush-Hush.xml
+0698b9892d4f3615f359bd0de6822c313b88a06ce3e15723d9e213eaf203ce73,1,0,Hwcdn.net.xml
+dbb782ebee6eff8bdb35faa1bf5ed396d62ff117785f233ff4f9a43fe8e82f93,1,1,Hyperspin.xml
+18c086c4defd26a9dd8a3fabcc666503c4ea63b34e95dfae104088cfc9a46347,0,1,I-kiz.de.xml
+5c03066e85c3aaf26417fe02f012ace3c4a4a650cd9c2463a4adad11f3f22f50,1,1,IAmplify.xml
+efe61764f8dfb9aaa617c1e56fcfef173f66aa12328bb32d162bef6d65f12348,0,1,IAnonym.com.xml
+b7cc4fc999d2a76591c5022d7bd3eec8ccb5425dc9312584de2f5cf1f5b4caf8,0,1,ICANN.org-falsemixed.xml
+eed3b45ec6eaadfb8fb4cbac10ee2dd946026c1bb45ab6e9fcc561c11ac565f8,1,0,ICANN.xml
+e158dbc2b1b6f24c03e24e1418e3c388738c260ff02efc428b534caf1185fae1,1,1,ICIMS.com.xml
+f18922a305bc3be951a93339bd0045ab5ca5b9741009636154eea681291cfcee,1,1,ICommons.xml
+211f626e770a4edd6e49ffa0449a7a34f3013a28e2da645b7297e471ff22460d,1,0,IET.xml
+5d1b07df986b4173849427f9c2d1e6a733f7027140bf3b9aaf4696115b704d50,1,0,IGrasp.xml
+eb4940331c51de8d5bea8ff74cf37cb4eed6371c5c5145dc58deb822690e151e,1,1,IHG_PLC.com.xml
+80113e93b37b37a4b5677a3b5f4468ab96198f2e4f1bb6fe82350d086e21e554,1,1,IJReview.com.xml
+612862cba9dcba8f259b40677fbb0dc0c970577a2ec8248d7b4b264723701570,0,1,IKK-Suedwest.xml
+756deaa5ee5b4d4c35a91db9c5e5f8173617434b69dac01f1017b5f33e5e4f74,1,1,ING.xml
+cf27f352065312c50689b9ef199fdaed72ec399f015a5a27984aae4f6eff48dc,1,1,IPCdigital.co.uk.xml
+4cac21996f65a1e7193902b0a88dcce06b2eca129343e5110933dc22fbd12066,1,1,IPXE.org.xml
+a87eccdb4a57249445db1771438e401dbc678d346083aaf5987566f384e5c05d,1,1,IP_check.xml
+8a66c900d13231321bea6872c759548b1dca37b059c7a1e729c7d15613ab0b82,1,1,IPage.xml
+4cab7ad0efb9a81786846b6c973ea525e4bd99e95bca78435ffa6eccac0f3fec,0,1,IRF.se.xml
+533d5759cfdb30ab6272db8f425bf1d563926f1eb157ae717742dc441b3b3d88,0,1,IT-Cube_Systems.xml
+48ea9aa1ebbed6fb580546fdae5f7641f1f6a3694f028f742631ea1213f166da,1,0,ITPC.xml
+3e4b1b3df1d0421acc6e09a8e2535e9d06a2ad1396cc753bb7d868acc64d439f,1,0,ITU.xml
+024f274cd2fb232792acb65a2c2c2b67fe893b6eebefec9da21f017262033102,1,1,ITV.com.xml
+3b48a035ae7e50023f531d8a79f7f41f7b3289b9a214d72ad9191edc5d596e02,1,1,IUPUI.edu.xml
+dfc01c229e85fc0afad8f20207e8aa59ce2ebc362cccd9258859d4c40e7dd75d,1,0,Ibiza-Rocks.xml
+047c2947f163b74bcfa7c71e4cbaf7b19e2c4fb951dc2bf975446720dd35fb3d,0,1,Ideas_on_board.com.xml
+06fa0e873e4bdea3ae9ca0d8ac78f1b8ee1c7785206d7b4cbe4f2b1dabd47abb,1,1,Ignite_Realtime.org.xml
+19a10f5af3e7219c9888aaa8159acd278ec023e7570d6369264dd4ac99b05bcc,0,1,Igolder.com.xml
+df7acefc4fc64903e803b27bb4d75cb6e9923d329711a4f14e2251e82b85f57d,0,1,Ihug.xml
+d3f0a875d56edbc43be1a9550784c2d199a6809baf1ce23c663030c246aa7419,1,0,Imag.fr.xml
+ded349d0e0b6957b6ecb94f4e85ab1dfe7fa03b1a0ed16ba7531ff3b9cda9322,0,1,ImgDino.xml
+f8f1473f26523608f91aefa8d1b68855201582099478a6177deedd9f2fc8bf44,0,1,ImpAct.xml
+2c56a55203e19f8757d1bd3ac5758338c21eb571a322466ddd48a27f99d3ab30,0,1,Improper-Bostonian.xml
+8e6cf93eeb46bce877ab9685359feeb109ad022109bbbf91a21b941519a3006f,1,1,Independent_News.xml
+08fdfcc35d415a8993d8bcba68b0216bb1343e148d736fbedbf61d6de08ff781,1,1,Independent_Voter_Network.xml
+0e11558aa800c2b2eaf87fff2fcaa7801f5bcf2b287180b9ddb86cc5df6cd7c9,0,1,Indian_Express.com.xml
+76196600f67cde4e2a5a69869eae23ded468e8c8ad6837e111b44ce8104cbff1,1,1,Indiegogo.xml
+69f67c7a6a357cbe15b8e565e6d2afc6b8fc2ba6cd3cfd393c4491b3861fa503,1,1,Infinet.com.au-falsemixed.xml
+d885a05161cc68f32429419ba4b53b0936456a6743206734896c8345467193ef,1,0,Infinet.com.au.xml
+3c43448b0f0cb113e11bd417ce99292ae25d977fd5191687aed8be931bb3550e,0,1,Infinity_Tracking.xml
+ff0dd4bb477d5c2b96ce3ca9edc86f4f449b5ad0688c3961ec8fe048f4c7f832,1,1,InfoQ.xml
+39b2c70087da6a223a686f168f6ce3703d48a89dd0d877c4bb175b5facfe0660,1,0,Infolinks.xml
+f4c83a13d0fd8f8e1248e83706d7426b8d5d39543fc0bab2f054bee91240fe66,1,1,Infomaniak-Network.xml
+9872dc9d2e174cbd02c79c23eb0c9c872c10ae2265835cd1cd6f3ab05a8a77f4,1,1,Infosec-Island.xml
+e8686224d76f240dfa05d6cec4525948de3ddbef03b1d39f83908e935f9ada69,0,1,Infused-Systems-mismatches.xml
+c45efd084b0b44e025939e768470d1ad22530fe4be95fd21e94fb53257671f41,1,0,Infused-Systems.xml
+f17275b6e9f48b06e9f1db362a27de41baf0eec5fe34f484f7c141e9266baae2,1,1,Ingentaconnect.xml
+54e572fdfcc270309db864e7098ba422d1eeb909daa2fc7237d77649dfc4f057,0,1,InkFrog.com-problematic.xml
+abf2bf8030eb7da4165548443a622f0f8504acc1c1e6c06821be88d9889ef1b1,1,1,Innovate_UK.org.xml
+f10ba13a6c5177bddaa25ef0a0bd9520f21fe2985c58603ad6938b5350d5ee37,1,1,Innovation-Interactive.xml
+c241d995f6e6793b43f3ae50cc1832289b1de058e929249ac5b3a8418806f8e7,0,1,Innovative_Food_Concepts.xml
+8f7914e006046e349b25fb919f40317c87fdd9ce249931917c24e48ab12247fb,0,1,InsideUniversal.xml
+449ba10b60382b828cd2a22be490c649e442925595d8081dc5f4affb480d3a1e,1,1,Insight.xml
+4858b9af0edd798ddc138ce6c02ddf6674e9be1574cc775864f1eb2da92fc85a,0,1,Institut_fur_Internet-Sicherheit.xml
+340838024acfc70d6deabe9ee17b085b055d4bc9a80120afc800318808c7fe29,1,1,Int_Gov_Forum.org.xml
+b19c12335d9ab9d9597fbd0f61c3445320de83618fd982a461ef2e42400286c9,1,1,Intelli-direct.com.xml
+f8ccce593fb95122a95fe00918c297e77ce818f5d344510362a3a99417f8141a,0,1,Intelligence.org.xml
+405674d9b11e8e289b645154f2352a4401d377c62570898515365300f4a3208a,0,1,Intense_School.xml
+424764bfede4c1ea62a389e05ba765b1a4e36dd7efd03cc193cb8010cc22ffaa,1,0,Interactive_Data_Corporation.xml
+5564ccb4d32a36d5d2c879378d9f261947d8dda7515702dd761615f6fb399fee,1,0,International-Business-Times.xml
+84e7f285a45629181dd08c4280bfa1293bfa38c3565b837ff7fd262a45c3bd35,0,1,International-Finance-Corporation-mismatches.xml
+127ddf485368851d2dc1f1eb1f64bb100f9397b2fbc05b401f2c53bbb0bce88d,0,1,International-Free-and-Open-Source-Software-Law-Review.xml
+0992d1e0fc55d6fe819499e798e99207e0ce9aeecab77981087ba963581e8149,1,0,International_SOS.xml
+7266fc84a1e6e39f0b812bf791d0b4c8f3705a3070bf41196385d46762dc2ca6,1,0,Internet-Archive.xml
+81b3be4036e221a597bf01d58395099db4a6791814c05bfdb666f9dcc2a8088e,0,1,Internet-Governance-Project.xml
+cab358f32e9a489eaa69ccfdefe364cb36fcb5ba3346874889de9fc875050d59,0,1,Internet_Coup.org.xml
+dc6ff49076759df04ad979467bf83cbb0678098f8162268e128a4a1f9b4a93f2,0,1,Internet_Week.jp.xml
+733c0f0956527491bf6a01d35e097c6df6b84c46e102332096a4fb81973f7f9e,1,1,Introversion-Software.xml
+b00472fc653c5118dcba1528fa24b826ac7a3c90f1724d7966bb4c34b237f936,1,1,Introweb.xml
+463310fdb182747ebb4fc15ab8c38a5f573b10b276ab7c3775acd3708408caca,1,1,Intuitiv.xml
+b8b926a42cd2792106cbee833c76f516fe15c33d7b2af468e29ef66a8694a465,1,1,InvestSMART.xml
+4f8f87e94bf9f3220dbf10f449349fcd2b1eb3a5dfcefcf4c64bf1b7fbae73bd,1,0,Invincea.com.xml
+6b83c7249532eaa85681d638f079f8c090c10b2e099714e498d70930e3a2f867,1,1,Invoca.com.xml
+b2ece42a9c773d4376618d1d3848eb747deba70a2de12185f51e1dc9136dbf93,1,0,Invodo.xml
+848e94d75fdc0df47147da78e0fd4d4c6ac21cbd9c9299ad3114f7944d655505,1,0,IoMTT.com.xml
+7e80592d8efa073fe201542cef44704110abe65a2b0132e1a7bbece9e8936f22,1,0,Iplay.com.xml
+333e71526ec644126315f77e20029f262ecd0746c68ff9a2cfbdfcc16b003066,0,1,Ironwhale.com.xml
+d3976d61894e1f8464f930466936d18aac9056ca9b23f7fc23d97382692b81b9,1,1,Isle.jp.xml
+1661e0be935e93fe17283133e908f52a3d73a05c2110ebb4a95d56343122a1ee,1,1,IsyVmon.xml
+36d12ffb1d7bfed62d6ccd2358a9ab1b004782d42a70f8e76255497e56e1ae48,1,1,Iv.lt.xml
+c94cc0f445874d3f294be079e1c4775fefad5e6bb8d6dec007efbfd060276163,1,0,Ivacy.xml
+dc52614b3a33ffebbf5763c7c2a25158699d866af7ceb86ec83fe1750ba742d4,1,1,Ive_Got_Kids.com-falsemixed.xml
+ef2b06228e963b94bc9c0848ac490cd4516d52f2c525f74812dcfdcac93acefe,1,1,Ive_Got_Kids.com.xml
+370755dacb3bb54bef963a118b65067bb321e839d51f337bdbf0448944708cd5,1,1,Ivwbox.de.xml
+2058d895da75a404225168a25a20ed36618333427509d7252de4bb28563c3b70,0,1,Izquierda-unida.es.xml
+20df0251075e227bd026718d531f83021987ee9c14a1438f3cd7e6f9ac12014c,0,1,JF-Shea-Co.xml
+ce1f1dfa4ffbe1de9185c4d5bf81e07ffa6afd0c0b3c16bceaadaa8194659a77,0,1,JSConf.us.xml
+ea862774de9cabd815710f212b32d626a515601e3bcabab24545c2cc190d1650,1,1,Jacobin_Mag.com.xml
+443e8c4948a9bd307012a1b725a0bc64e97ee68ec77972dec6bb036cf4700856,0,1,Jacqueline_Gold.xml
+d2130738c6e895702f300033327d5e273f6564c43c7f71006f8c288f83cc1b9b,0,1,Jansbrug.xml
+62d30f32c383b9005b247851e85115fd358c8ee752b97edc0d020b0ee1bcec88,1,1,Jarian_Gibson.com-falsemixed.xml
+7d850c502197ea8b2e13688d1f2b34c9b7a44ba657c92faa3b3ed2030dfaca66,0,1,Java.xml
+f895874ee61887214f675b5344b3a35cbe34590a6d27c4c9e33b348f590aa2ce,1,0,JavaScriptMVC.xml
+ba3e53a6684fe796317caf126f87f3e326812dbd09a838bade611ee313da196b,1,0,Jawbone.com.xml
+26c1c6b5233bfe9bcaafb3505cc40fe716ffac3309ff08136944f0608c825d1e,0,1,Jba.io.xml
+b77b4b9c609e0f61ab406d1aa62c5d046514aa6581f420374ef0fc4b7a112def,1,1,Jeff_Nabers.com.xml
+c1df2d5758953f29c992ec2598c94e7e73d5aa6c91d2f8eb4d62e0fdf0322a07,1,1,Jinx.com.xml
+aababc62c4dfc22dc8a9e12adc4364b9a0befe9ec0939060924b587747b8bc7b,0,1,Jitscale.com.xml
+80eed726a6c96bd4f97361b7ee9d2fe2e954fb74437a4e800500399676778e61,1,1,JobMatch.xml
+f1a84ec3b3e0e934ce0ee5517ea0b31cb7ba152de5278eb0895bb07023c6628d,1,1,Jobbik.xml
+33d8bda4d79682eae0ad704c6f834650e7054ab4a71d1b64cf62becfabdf42e9,1,0,Jobsgopublic.com.xml
+ff5eb876669cf155eb33966d0cdda8a88942ccf55c814b14addbe51e52db761d,0,1,Jobware.de.xml
+5d2c47c29c532a62ebdc816bdc6dfcbe1e573c4b5e2ad7a35f2288ee3d58c3ae,0,1,JodoHost.xml
+c13076995d5856791ee7814d103be8fb0afc12db160318575e4e35097fe599ba,1,0,JoomlArt.com.xml
+49e14eb4dbfb8cdd922261721b0b57280076bda7b75b59396dcd0a4b67914955,0,1,JoomlaCode.org.xml
+c979cb8a361e3ed2bf5032f85b8aea715a1bcaea1a278635048ec26d4e59240e,1,1,Joseph-Rowntree-Reform-Trust.xml
+101fd87908eecba0acf9700f26880592677e52c7d8edc8638dabd72dc06476c2,0,1,Journal-News.net.xml
+c621d4ba25d54b2ac74584129f4234f43b52d2bb00a11b49ef04dc15848169d7,1,1,Journal-of-Neurosurgery.xml
+878f0efcd4fda30f3821e5362986a41446a368b644fffa970eaadde331595bfa,0,1,Jubii.dk-problematic.xml
+139643e1ab4ac096871a49767ed0ea197a72a6dad80556b93ff55de39a577bf4,1,0,Jubii.dk.xml
+fa67059e40c7d86b9f448f529446594ec9f24e9293365e478a6a9e4a18c0cd29,0,1,Jugendschutzprogramm.de.xml
+21937f0fd2a36647290096e83c0db7202e391611c11760e4cd68edb237a4f7b5,1,1,Jumptap.xml
+4b35e98b981f9df97de267679053b07d243573d98a3b6c6ccb0cd6398c50fd35,0,1,Jusek.se.xml
+4f66a213e609f141d907611e755bf0e4379e737428775635060e8cb0bd91ef8c,0,1,Jussieu.fr-problematic.xml
+fb593e8ddf88bcb1d1508da06196adc76706e4a163a0e8ceabace9e8a5bbf42c,0,1,K2s.cc.xml
+a6a776e8e5901bd6be4af8ae581f0f74106f78b5b05b1b4e1521ff7df28c7fd5,1,1,KAU.se.xml
+7e5171a47befa926139743e6067915bae25cc403dbf0f588f7864ab606739b62,0,1,KKH.se.xml
+a6450ff330b90c225cc405c8f5c623dca8d7a80a0c16a3e58be546feb7ae886f,0,1,KMH.se.xml
+c998b1cafdda9cf06478f163ec72ba97ce710090b671180ceed391173d43a574,0,1,KOP11.com.xml
+c862e0e1a6711961135955912f1b1644c5e9dc31eb2966415367ebd39f434774,0,1,KPN-expired.xml
+18bd1f18f953302be45bf882bd9b3b8f6a738d8f6e1f844dab416d95b018b248,0,1,Kable_Packaging_and_Fulfillment_Services.xml
+f021b6ae3956e22e93e03da6a5ac8de94048821b7a588bde2b55940c9a8e5d17,1,1,Kaiser_Systeme.xml
+6fa233a4df630fb7dcb886a508843290392db8506e73a1a7da94954db2affa58,1,1,Kampyle.xml
+911f9f57dd80af37a918d5c5029a1b4d156298e48a029e7aa9497beeda774ccd,1,1,Kaneva.xml
+0d020e8196630cf58db7acdcfaf794b8eaed3ff489057148c718c3937d8fe03f,0,1,Kantar-Worldpanel.xml
+4d40f0740ed2f847fd8c22c07325ae9fc4a83b1a17668dd707ca61a2bb37af8f,0,1,Kaos.theory.xml
+aa9386df75242bb212ece0a1276439722214b066f3a533f48cd1c9ef722f5f7d,0,1,Kapsobor.de.xml
+cf193dd0623511229492237f7c7a1d06bb27fe241d5bb641cae8994407a54668,1,0,Kariera.gr.xml
+6ad5cc64325504eb05b4d56be62b0a8a17f98847e7f12784b18b75a2326b2393,0,1,Kasimp3.xml
+2533dd6d42cb718667d11a29e50393d300b659dac2e9c62a5954b17aeb915c71,0,1,Kathrein.xml
+8c3308c7790fec725f31e846d418fb1fda636beb525f9631be1cf2c9261f4672,0,1,KatzPorn.xml
+2086ed81e93368551d121b0508a0ae28a1d71f294f1ec7b58fb5d1d21b9380c6,0,1,Kayak.xml
+679dd719d00e4edf268f1937eca8d034fdaeaa5c0a744882e2435f342656a19a,1,0,Kayako-clients.xml
+a18f5ebe00ba0edd8322f6c5bfcb1b9db11fc1a04fa28ef93e2c91fd12bb04cb,1,0,Kayako.xml
+68709a34f51a5fd997ec08d97e2c0aa2330b4ea1134bcc5e11326893c82c9913,0,1,Kdoes.nl.xml
+acd59b926980f2e6a1edc1bd896e12121eb5ddbb7b91328e6ab7dec96b887c3b,1,1,Kei.pl.xml
+b67160a2bcb46424224f756e56dfb804323c2446e2161554d1d1015b64ab32d9,1,1,Kenai.com.xml
+cc4ede67cbb2b5809ac7bb84b1a3e4364ad98f9f3fc139ac38683c67256750a5,1,0,KernelOrg.xml
+911d17e381f38a6bc6ef545f5ca260fc0954922ed63bf05e2f7ca0e6035f4535,1,1,Keymile.com.xml
+5fb3e2cc1c993880a2f59cf36840a623d0d7f329e31b725c711619d78031845b,1,1,Khronos.xml
+12ae40cfc95aaaae2573664fd2fea40b4aa90e5adb75d013953225121bd38361,1,1,King.com.xml
+4b71dc7dbecc49f2b48f869a78b2cea026dc9eab9ee6627a49581d58bbf936a4,1,1,KingHost.xml
+22da148d8b0d0314b3d843781fd3c72bd14fbfa68fe38c808faa9e57f7a56aa3,1,0,Kirjoitusalusta.xml
+c945235a8c454c4c16e6974e30e93b93424b69da591daa36bb76e7fe25157cb5,1,0,Kirkus_Reviews.com.xml
+aac83590b0080a78a0b254d8cef88f132b0d609d2be69b2744903b627e000951,1,1,Kite_Packaging.co.uk.xml
+bd7d290a024a52feeea17c0687d34ed0412dd25138985aeb137ee451ff253b44,1,1,Kmart.com.xml
+8d12f9d79c207c30d5319a01f740f4a73681b5c5b5973fc74c6817ae87f76534,0,1,Knopper.net.xml
+52d6def38db07b96638bcde23b5b25c7872a170f91e482c676b5fd95d92be4ea,1,1,Kobo.xml
+60795a9ecf4a07f3a1a334fb06b698d5019c69bb24c1f395932ba5c6322ff747,1,0,Koding.xml
+900b42c2f9d1ce487f4de696a98cea74e452b7f9cf848de6eb9c8d8254784e64,0,1,Kommunal.se.xml
+7b7771e336e05a84d249ba6c7a5693e82edd32524986654d9f221d8813f93ac1,0,1,Komplett.xml
+796f232394138ee9298ed061fe587c009ab2a399f9d4db5fb77a07baa51c390e,0,1,Konami.com.xml
+d417f481fdbe9c2100592bf164c92feed9e2a9f8c989a8267012fb2bb4a294a1,0,1,Konstfack.se.xml
+c61197b469d6020a7cf8f4aacf5ff2c2af8a4903f35207fdae2fe0f81a370d85,0,1,Kraxel.org.xml
+70ea6a47d4bc8e3031576360df6556486307c552f6262b899f7f5b57dec7fa27,0,1,Kryo.se.xml
+3896c91714231d5364509bb35080579f7e57d4e79635b73e98987a83c0130e0e,1,0,Kryptronic.xml
+318a844861fe3efe2d779a4ebe1fa76f5dd22aa13aa7593b4ca05cd381f4d258,1,0,Kununu.xml
+53f972ce676848f11352f5c892d485ce971910da0814445e0a42662963eff652,0,1,Kuther.net.xml
+a62b1619581ed52ae2af7e41fa9207f1f557d26dad30077504608f30962785eb,0,1,Kvack.org.xml
+885092e6b3fa8f6489a89df450f876ad0eea51159c22f216e787e31b9e8a9ec5,1,1,Kyani.net.xml
+1e8699cf15dba86d69e26fb49441767a96265e2bc93408c5e0a5807e788ddb46,1,0,LF_Hair.com.xml
+c6af0bb28a0493ce2106970a3acdeadfcf1dba65e1f56a3244cc30daa5093c50,1,0,LG.com.xml
+e4115499b76cbc58fd655c147fc8ac7d5f4df58d2d83d0b9e754f04bcae2cc31,0,1,LKD.org.tr.xml
+f180daf50f99e6d294efe3cfa3782b3038ec3c34a48667dc72884554e2d2011a,1,1,LONAP.xml
+6e1614a42fb6bf41f161fb271e2cf441359eefea66a5de92ae60039337adf443,1,1,LPO.org.uk.xml
+7fd1c24a4f4664d94bd4dcbb1b3adf923768304192d282339008431d1e86d086,1,1,LSE.ac.uk.xml
+48d0e26e10e9650974898fbaee4e55861b58e585a8791e91472fc1733ee15d15,1,0,LTER.xml
+d83b6ba8eb9854f82349c1cb570e50cba577fb736a3ac89ef55868ee18f76463,0,1,LTRADIO.com.xml
+d3689ecf97752c8573fd559c68beae3b96bf66cc7a7e045a03f0d1050e6d3b48,1,1,LU.se.xml
+cebe40f289abe5d6a7ba31addbc3a99eee1003e22b2431d7ecaa4a7f2290f151,1,0,LaCaixa.xml
+440e3c3ec61a216fd7754eb08d64a06e73366ddb91e20c952543667a86473e31,1,1,Labels_by_the_Sheet.com.xml
+9cfd769231672625b8576733968b9cdccd500feac77f6f1510f30ed7f70959f2,0,1,Lagen.nu.xml
+82729f42964fb00d0a64961bed6138a79ae1222b15d76cebfc875163b1dee39a,1,1,Language_Perfect.xml
+8fbfb34c2994d782ce1ade635b78401d5a869fce79d309a6a5993640f8e2d552,1,1,Lanistaads.com.xml
+c01f9d5e0f0ef9ec2db156bf19729febd55117a48db33e144075f98a9e96debe,0,1,Lantmateriet.se.xml
+dd011e0f5fe4e3c951182b87f42d4c8da475b71bda1266177397782766a60a3e,1,1,LastPass.com.xml
+1fae5026b085ff0376c53284b2b7536230bd781b79f4be08506d04bdc7ef1286,1,1,LaunchRock.xml
+91ce0132d8fa941a30990cd98fd6a038a48e77a6a0c39d678bcf3823361f9625,1,0,Launchpad.xml
+bf3030ded18c245aa1d051c849660ef9807cbd9259da24dbbd0a5c12cefa65a9,1,1,Lautre.net.xml
+88c874136115bab5c0c463dc21b28c2aec420648b71c12ba9af82c4f86919cb2,1,0,Law_School_Admission_Council.xml
+329b80614b84565bba78c4cf3ebd40f2caf60cf648372f1deda76b93564693c8,0,1,Lawn_and_Landscape.xml
+f649aae090d1c7cb5e6329286ca40bc52e4085fd4d43d022ac986523a689f268,1,1,LboroAcUk.xml
+a6a354b175f07f96a7c2cd4ce4a00e26cde800c6f6176f660a59ae918cb56d91,1,1,LeadLander.xml
+e300d073903c53373ec3c3a839d324681cb79d4032894084c81bc40644863fbf,1,1,Leadwerks.com.xml
+acab086b0a34bf5d315b8292d4bdc886c9c30f77f9009c19417f85feb96438b3,0,1,League_of_Legends.com-problematic.xml
+e6045aab54c1eac855a6ffb4d28436677e5ce1f20039adcfac9475984867a8a8,0,1,LearnShare.com.xml
+e400c587a600d3ea1d156ae3063bc8aba863be12423441d42d9f56bc1c2b0516,0,1,Least_Fixed.com.xml
+9f95173fc7274e64f6258a7fb7e27acc4cf781d5f78efd28ae81ce97465672a6,0,1,Leia_Jung.org.xml
+44da4c65f5edbb2ed09326db6bbfe7bb0dd769545bf2f34f7eb8071d0d78ba3a,1,0,Leiden_Univ.nl.xml
+a3ef9c0d822a74a1fff679e554ac079db0976b0c53fd85a2362de2cf6012812d,1,0,Lelo.com.xml
+eedbe4c1b73b659f65c1b47b6b0a0b08e5e4ce32c8c96b82fa8b6e4ad2f5ead5,1,0,LibCal.com.xml
+6496d6df922c6b28f13e369f2925655f9c927c171bf09ecf6ab284ab28690b75,1,0,Libdems.org.uk.xml
+82d91c9bfd424f34898c9435240f08ba68083edf2a2f14eeaab224ebf245a606,0,1,Libdrc.org.xml
+4da6941625e8c737ccf9de80aadd671b78aab17d09bb0830557256dd8f3a6ca3,1,1,Liberal_America.org.xml
+e4ee080f90c4502d02852289bf7ba13986f2a06816f581dee48cc61cd03a4724,0,1,Libre_Graphics_World.org.xml
+993b07ba4b30101d7b4d133239b7a03ddc0d914cde338040b53d7871bedf04b1,1,1,Life-in-the-Fast-Lane.xml
+ec89dad60d6ad5181f1516398c0f565bca357a82f3e05270eb1f43dfd8283c11,0,1,Liftdna.com-problematic.xml
+91fc0e64deed78bdc5e964c46ad97765ae536dfc279fd42b8828f66653a1157b,1,1,Liftdna.com.xml
+3ff02692d6dee89e9579eee5d73a0e4cdad3e9e7a75ad9d0509b8abcd2fe9f5c,1,1,Limited_2_Art.com.xml
+a8f163ff8c42d612e5f6246df52033522d0264a77b677f2cf6c94219e5822f8c,0,1,Lindy.com.xml
+3058c9207313b250a6cd06db40b80815b52ba3ce969915bf1d4d19e70a5e84d6,1,1,Linn_Records.com.xml
+abed76a1e5201dde504d6396473b2961c66f1362ed13dd21c4805178430d208e,0,1,Linux-Counter-Trac.xml
+7aa31325bf3afc674fef9ff7fd6a022945a077e10cdb903ca73ca0227b01861c,1,1,Linux-Magazine.xml
+8704f5a37ed8b963c85260397289542d0d55eefbe1bf6855bfadf0aef5db1c16,0,1,Linux-New-Media.xml
+b116fbda85f0cb005d48ce4950f6f1c0cf9d1bc136bcc23d488a308c70e6737b,0,1,Linuxpl.com.xml
+ec41d249213aad2809c091e338ddb5eb2d3b97b335598082e618aa5814ce168d,1,0,List.ru.xml
+22ac503a66245c7042a817c200fc8c2a4e63d9e3287eb6d050fcda8623e65eb5,1,0,Listonic.xml
+935c7b3c73fefb6f6980cbfdbc828f2d89cfd8c8f8a51e1de48fcf78822e1316,1,0,ListrakBI.com.xml
+3558ab8db745d3b527d28ab5fc0dce1559dbe191d449b27d09223519354bc135,1,1,LiteSpeed-Technologies.xml
+9797c1484a96176ae9397050a435c54f9d0409368785d4355f14e6d506fe144f,1,1,Litter.com.xml
+36f0e15f0557defe9ac96dfe9ea3853af828688300ff6c438228f0ef4554b97d,0,1,Little_CMS.com.xml
+fe52803da1f703cfe9990e08d740aaba64f6d59c459653376356b5ecce922a7e,0,1,Littlesvr.ca.xml
+9c64457952ecd791e6df609d14cbd6861f04be1850e16fc064b86eb5042d8a75,1,0,Liv.ac.uk.xml
+0d6cb0837aabdd3ca8fbc4de6d3c8b1e60092939708186f1ecc9ca3e38ea0acf,1,0,Live.xml
+fbeaf8dbd06fc62fb6217d020e5d4401df8539e62b29c3d1af073ff07d52ae00,1,0,LiveAgent.xml
+e3d7781eb8af6d39d6b9ce237e46688f6615aec94f65cb2a54a87e167b0c2236,1,0,LiveJasmin.xml
+b39a16b01956252b32328acfd50d93cd04a0a33ea761eec5d5fb9df24a7d56fe,1,0,LivePerson.net.xml
+4df0e6a98068a7e8df85af4cb7248c048fbe6b5fd0bcbffadc7d155d8ce52610,1,0,Live_filestore.com.xml
+627f36782b5c58008a53cd2d0a4161d517705f45ecf809ebcca7aa06a6510fca,1,0,Livestream.xml
+6cf957e7613bc938177a082c0f9ce6b5773892518127b119b3444955c853d542,0,1,Liwenhaosuper.com.xml
+b250fbb7e12444692db8db24a0d8e51c9c16147a0bc0aa62599c05e6730f2c9e,0,1,LockerDome.com.xml
+44259251bea98f85ceb968382de8eca6ae98b9b9f6e42624d084cc06eb06af5b,0,1,Logilab.fr.xml
+097184d64f94a5c2eab91aeafdfc13f46bf7ccfc9d08f93e2524e20cd27bcfe2,1,0,Logitech.com.xml
+fd7e40226e930ab0f0ca06b65135ae1934840ed6077517bc1e3500503d680c78,0,1,Lokus.no.xml
+310690f227575180b1c3d8106079e906ac8c7d09b3301ef20de06c6ef723dde5,1,1,London-School-of-Economics.xml
+e47e410bcc64b4fbf107fcbac795a208e8fef9de4bbb8cfba3021b6a48e973e2,1,0,London_City_Airport.xml
+d7be9fab34a3d4a4aa00274545cedba1d569fd9344b46ecc8c5becb72d65d510,1,1,London_Hackspace.xml
+1952a95014630e2577fe966477723b32b1fe9004fd5ef2614f3717e5f6e5acc9,1,0,London_Review_of_Books.xml
+fdf67ed29757f0b2cc46d0c5beb73423f370f575c3a0192f8521e304f515750a,1,0,Londonist.com.xml
+3a16eb66437b66ca8fcc39076fa6f076e16ac3cb266af78debf75821a00aae3f,1,1,Long_Now.org.xml
+b2995ca65fcee921a0ec6e98a46d58772ef94f15817612627be142ecfd955c22,1,0,Look.co.uk.xml
+57516f8bb0c3c1af21b87b8b56b90f73ba952233ebf84d7dc5b4c697c21d1441,0,1,Look_Dumbass.xml
+eb71a3d0e0dcdf8f11f913ea38de4dbabe6924867384a0e08880c7466ba719da,1,0,Loopia.xml
+050bdb8522be2fed28033b318f7565def40681e0fa6de20d5175f41beaedf4ad,1,1,Loopia_secure.com.xml
+371f6fceb21caebfec3db3964b27141b5e00853315f431211d364301a45318df,0,1,Lords-of-the-Blog.xml
+62696a22e184c3f9a00d284aae7b2d249d58924957d0e8530041d66e0663bdea,1,1,Louhi.net.xml
+b9cf422f24dbcf3ce37fd654d260225348718ebf0ccc95d5060c4548e78e53af,1,0,Louisiana_State_University.xml
+d9d7001e11d2f9b2efc903ec39a8e0f0305f92a906c8f14db83627553e2fd718,1,0,Lovemoney.xml
+eddfa38063cb367bac3f2aebb2046bf5da400a0aef9cabedb9f7c6a4efdece8c,0,1,Lucky2u.net.xml
+fd8b6a9765c43949419ebab9dd91b8ba4dd6e350e7d4e1630edb8fae846fee26,1,0,Lulea_University_of_Technology.xml
+341fdca4778460bf1d7065884806c47c687fa52cc1c0e340eb3e0a53a3a6350c,1,0,Lulu.xml
+2d76724c1ff69dc9e9991ed1fdad701efd342e25431e0ab1689ecf981c350c35,1,1,Lumension.com.xml
+ad8ea5a90b1261249a8fa2448c3ff8165a8f13d73c357d610f16b2887e1df7fc,1,1,LuminoWorld.com.xml
+14531f584541639ca40d261d437c4659136bdb5772123a2527153919ace57ca7,1,0,Lumosity.xml
+bc8d53a934a8e46ead8ace467acdf5066d86d92d2f6f96c50f4cf4fae6d08f0e,0,1,LxCenter.xml
+a1db82defa904faec2c657e6ea22941e1b148f1e81cf35a58c40803424b6b01a,0,1,Lyft.xml
+551b122a2c152e388af55527367654016d5ba842ab144283c167b58436adb58e,0,1,Lynxtech.xml
+a111d5e3f1ad0f13c289431dcfe0282e42a9c88407cacdeca47577730a6a52dc,1,0,M-pathy.xml
+0543d58e7108adf6fe77cb43048db92c7284bed3903d22b30f3eac8c0654bcb4,0,1,M86security.xml
+c3e5082c4e57ed4c21107f5c05ef72a1fb33337c52b189b8360e41d57a8d268c,1,0,MAGIX-Online.com.xml
+377b1c7c98eb1ce1620a59edc315979347cc122ae5db49eaad58682c75f05edd,1,0,MAGIX.xml
+d46b3cb7383190722524604ced70583d6f4b42eaa79759186178b801e97cd05c,0,1,MAH.se.xml
+5cc8e9306a41a8e604a989ddfe777d9a560def287d8d4bd52b66df140610b5e5,1,1,MAPS.xml
+37dcf422788ed62d64197cc94af1c3d370c5936012db3caaee096c660a13bf93,0,1,MASSPIRG.xml
+3735faea1cb252d9a861985d3e2bd384e966b23f262e35d71175a878eac75593,0,1,MASSPIRG_Education_Fund.xml
+f2397e312d6ca68064f4b41df875ac7b7d1119332b020b4dacb6b8791a31bbb4,0,1,MASSPIRG_Students.xml
+a06c502a3fcac95756c576331f195baec2aec53014846bc08ca6f371eabf4d3c,1,0,MAXROAM.xml
+fd45d0e8767e26313781989617a3a068a35913d046a20ae46d47bae9cf5e4078,1,1,MCM_Electronics.com.xml
+e18e7618918c0fbc433386a096fad69825d0d259adb9acccba7661d5214b5221,0,1,MDGx.com.xml
+4ad79cf1cfd79bc4125c5cb83523560dc2c807adc28c3c6eeeae02a263f336a8,0,1,MDH.se.xml
+598f57a1cb07bb40a706984bcd19a35251f2df3b353a3c959d16c5eccd2f043d,1,1,MDNX.xml
+68d5134dd8eead364ed06ef6cc93d0b5177554f68d434f5fc628a3940454bb00,1,0,MGID.com.xml
+09cb67edc92fabdfd6ce3ad9ed0a50a6fe0176b9a963ac378e71b5e28c8eba71,1,1,MIRC.xml
+29fcdaf098e9079dbf7d1962edc0c29be9fcb714083e40a5019e7e6aaaec6320,1,1,MIT_Press_Journals.org.xml
+c4c92a7376681ef0c76224dce112d5b4aa7f3e765e1d94c5065839d75e7066a6,0,1,MIUN.se.xml
+ddc3203f686051186b20b88e459820135eaaf3aa50e5c4816c456d6445eb152a,1,1,MLP_Forums.xml
+03b6f29831d19024dee4e4cb3ac615574e779fae1b58a1c6d24acb91fbe4a850,1,1,MLive.com.xml
+3f5c7ddd043ad508aac3e6159c76e8bd41fcd37abdaa141cda95d8a685e20cbb,1,1,MND_CDN.com.xml
+976d52fd450f842cd7b01a773c0dc0cbfdfccc344170c16f62e8b06fd60b6dc9,1,1,MODX.xml
+16b17f054165cde5317da14eabc04cf40ed40f40f187a46a39a7107e46877ffb,1,1,MOOC-List.com-falsemixed.xml
+d5fd944719061d5c68cad846b8b479a3010bdd26ea072f677c0e77b09ce61746,1,1,MOOC-List.com.xml
+a142071929daf836814bbd8993688ea5e23a307b416df19553b09cf2c0a605b2,1,1,MPI_web.org.xml
+444b4dffc566a507319f9943d574f27c301f9d5a6af47ee6b85c9907886188d7,0,1,MPNewMedia.xml
+9f8863196cae74202e26c3d6ab1e50b57571f3c2ff4c6f8e5f82638ffce63007,1,0,MSN.xml
+15819092534ea0d06610f93be60d08860f430b49dba04ba701dd2ae56358a227,0,1,MTNA.xml
+7378e66420ddee33fe3189f9e9a7d611bc9e15edca5d8ca05c615a4cec99c992,1,1,MXGuarddog.xml
+9d231e863545aa6ab658902eec4a64ef6340e10f2fb03959c1108aab863f0d3f,1,1,MaaS360.com.xml
+342172ba363f805e1ff97d22dbd3b19a94fb46633f0d119ed9c353b5d2c9ebb4,0,1,Mach_Comedy_Fest.co.uk.xml
+c3367a69fe543bb4508508bf1032147b95bfad9809cbacb6f3ad3230024336b5,0,1,Macmillan_Dictionary.com.xml
+5a5895594dc8b6a1eb3ffb163f2949bbf5dd4e4a4608ed0b3fe343888ace6b58,0,1,Madstein.at.xml
+2853bd2dc0ad3ee1682f673571e0f9858829a8503f84673355950412524eb295,1,1,Magento_Go_images.xml
+60989fd88c2086073515182374adc54df5468d6e52b9a4074d0a5458e64b8c1a,0,1,Magictouch.com.xml
+2a0aafbaf384dd862dac3ddd0a7d9f0556cbdf5d5d9261a4a1c2edf12cdddf6d,1,1,Mahomet_Citizen.xml
+a7211ec19cd45b14cc36786884e3f5be9868dd63c1f1d9f2939c44d9a989e4a0,1,1,Mail.ru.xml
+0632beb9d9a8352ccf4e5abf6f4d129079e6be6a8fd030b89b240b9e3e5002ca,1,0,MailChimp.xml
+0574f873d084aeaadad6583735edea0b218b81a37d5205d2139a44ceacb21554,1,1,Majestic-12.xml
+eeb77187de3efc6c07b20bfb15ea4ffb65e95a906590f64bb4e2d85d3841a52d,1,1,Makerble.xml
+b7aef7f65c4126ab478fcc112a410721f9b52c70411e7e3ae239e275a22bc45c,0,1,Malcontents_Gambit.com.xml
+9e5f0fe1c8a73005f1bd9cfe7afa55e8e26908217555a15258c7ee8b389029ef,0,1,ManISec.xml
+3b2860a4494f8922f5b894c16b5c4fb0117cd9d79a785e836ec6683c02e08a93,1,0,Man_Group.xml
+f39f688438cd966643bab96109eb5b3e9d09649cd2913114ddef762b8caa9acf,0,1,Manasource.org.xml
+78acea4433a1367a7a99b78a26aabffb4433a766249b1eb32980e00566bd349a,1,1,Manhattanville_College.xml
+c8f65ca4abddc8b724b21e1aebb0d86f05aafd81c069e4cd368b3742d6b2a59b,1,1,ManuFrog-Webbhotell.xml
+68b4aec318e2003b40efb7bb11ac3dc92a9863d0c3b69a951d7f539a04ade8b2,0,1,MapQuest.xml
+bb36e083bd6761afcf4680ae0c9732d527f76a56e4845282ab8ae582a4024632,1,1,Mapraider.com.xml
+9f234dcd1e04c8b71b11dbfde4ff22c7ddf2e6eaabc3246bea8fc88403c4f1ad,0,1,Marcan.st.xml
+1e46e7c62c3c77d880aee1ddca06b25ec74c1c254f6e60c859a775829b679c50,1,1,Marie-Stopes-Intl-Australia.xml
+ae8efb072ebb5512ceb7e10c26d0b77612b368f5e20fddc50e59b8981fe10fcd,1,1,Marie_Claire.co.uk.xml
+f4c7dfe45cb0e35365300ce654feec069c5f0d57bc74d8f9b3d1941deb81bb17,0,1,Marin_Software-problematic.xml
+38c0e8fefcb929a1f8d50056c8ed0f84d7d885ef51529ad3af864bd78dc50935,1,0,Marine_Depot.com.xml
+72758fe8adfba1c718c27136cec21c089ac97a42aeb402bf9c53299668c72bb7,0,1,MarkMail.xml
+f8d9d668bf042c8eb63d92d924fa41f1b32d844414fdcecaa99a4e1c32fcff2c,1,0,MarkRuler.xml
+122a211832b9a5584f9367eb69489c8ee7323ba094af5a6a9b180971aabe7869,0,1,Mars_One.xml
+1eb3974a972e513bc37156dcd2d9c7e1a5605e957b196e753b5d58125896018c,1,0,Martha-Stewart.xml
+9774fbbc10a1e454d34b8dd2ad71ce16e15b489aae9472cf7c3330bdeb2ad483,1,1,Matalan.co.uk.xml
+4d52d23f40bd3606c43a447009e70e8cc92fb90e447f90988b9e742cbc4eaf62,0,1,Mathias-Kettner.de.xml
+886fdf64e35fbd1865f527901a8f71de87deb8bbfad48644c941b0faeeef73e2,1,1,Matrix_Group.xml
+def0843b236e6cbb3c41ce1e965479cf0c047278de38066a0ddb521e2e0d9490,1,1,Matrox.xml
+3956202a31b39b54bb350eb7c1c8fb2fe4421fa8e9fba93086c592e3727fba26,1,1,Matthews_Marking.com.xml
+2f36b825e79c48a62ca8b028588f001db53ea1c7e5bdeecf33846d6250fd8db0,1,1,MauivaAirCruise.com.xml
+9ebc3ea0b4f8a11d654190593216f2dbc2c849d75bd5d8769ce94ccb904b8032,1,0,McAfee-MX-Logic.xml
+21a0b0ab411510fb0d7f258ff953a606ab9b6cc190ec220254d0093d01a774e2,0,1,McGrhill-Warez.xml
+9f22004e6f050351ce543abd73bf9db38c4bcb4f3f691bc452d9f56362db44f4,0,1,McWhirter.com.au.xml
+54c5176a7393706ba64638cd6640cd03d970cdfe886fb1c292ab5567f5e01372,1,0,Mci.edu.xml
+0a2c162bca04cffbbb71b72948bdf6ea13d25f94c711e7cd851e3e743632476d,1,0,Mci4me.at.xml
+169f5d7a71d2a565c3db9bf616e59ab2c87ba135adcfe1617afdd6ba70db5c26,1,1,Mdgms.com.xml
+5c3f9e9594fd2136e76be06b682e4dcf281c5b4153eaab76026fd527212be1b5,0,1,Mechon-Mamre.org.xml
+cea6114526cc90715d8174513f29d6b7ea23c8a4787b35af2e4b59e41684b60c,0,1,Media-Proweb.de.xml
+2206b712d3da7e0b72ae87eaa7ca8e2c011c0285df551334334b6e6748c9f533,1,1,MediaHub.xml
+b35ab67041d795e2260b394b27c747f3226fe8c571e5a75f32526834f5f63620,1,1,Medialinx-Academy.de.xml
+dfb0575cda4b5cb197cc01897e864d2ed67d34dec1b9289895e7769ca3aacce8,0,1,MeetMe_Corp.xml
+a4aed7603a88fc03be501913cbf43136d92eee09e05a11b14cefe17e6172b515,1,0,Meetrics.xml
+d3b4dcb6411b0768f63f82ae89e15b07f5884e72f0b49398318e885b1bda1c38,0,1,Mega.com-problematic.xml
+0660211f8fcb506370363c91068a9a402402d4b809bd2c2bc61bf456b31c9469,1,0,Mega.xml
+e7034b4d62408593651f88f6fea5b58f9d7ac86cf01b03f8e56adf9ca757a9dc,1,1,MegaFon.xml
+4821002c2dbbe557f459c6cc0cee428616bd727f65f5a071002405e2cb370d7e,0,1,MeinVZ.xml
+b5541e596d343de6ac7f39223a9fc7c06ce47c438d9defe9116ba674062af063,1,1,Mellanox.xml
+eaef01e50024132334d995f459f0f3fcc9e56637833c501e91dcbd8dfec3073b,1,1,MemberClicks.net.xml
+8e0ca904341babe60e7080dd25ed1505f401f65f411e3d2092ff224e89cbeaaf,1,0,Memset.xml
+2271075dae8c3cde242f9bd187beb4e3874b1e3ed1ba167c70316ea7c881ae43,0,1,Mephi.ru.xml
+e036d076a66acf5d8e573b652b5e6ff6639d9ae0972240aae7676cf90e06181b,1,1,Merchant_City_Music.xml
+3e01012f7f40ac9c65f818ec9b1b3436bdaa18caa6c035be148c0630fa78a7ef,1,0,Merchantquest.net.xml
+30a1773b432db408705a3a3b1a5aec86d29006d7dfe739785beecee7b32a5c55,1,0,Merlinbreaks.co.uk.xml
+09478a2ec96acd68be1fe48e5dab2a4efe07075bc2415135c6b53cf64490c562,1,0,MetaPress.com.xml
+fc7e04f2a722f87b5dba20f6a548c1d26df7facfa98be2e09962d0b86506f34b,0,1,Metrotransit.org.xml
+02d77df85e09523445e0e86b04f0bb16c67bf3362b2e30bc29cba2af23ce2a0c,1,1,Miamire.com.xml
+7a9bc6518b843c943c645a850b84955939e8526e622f417732e751f6a6b50edf,0,1,Michigan_Campus_Compact.xml
+7b100b62a23d14a4e21a5f4775ce4f523326901c2464aeb6299fde517c42e32e,0,1,MicroSTER.pl.xml
+2c0230f2cff2ab22e873fccddd77ef7eb067a5af8b1ea6ead19eb11a7fe17e11,0,1,Microchip.com.xml
+575e8ecdacdfef4516413c432243e7a300b6cd70ed2a28fb17cdc28178946f92,1,1,Microchip_Direct.com.xml
+b195c75b64f391be38bc74da007cb9a59fd8a1049291c5f949b5847b16097641,1,1,Micron.xml
+206bb3a607259fe71f807da8d8d846aef174f1b18c220ac4871c6cf75022c4d2,1,1,Microsec.xml
+cc116d939b4a7d55452b99fb630fc82b7551bdea86eb7af4489a004738e16383,1,1,Microtech.xml
+b8f227cec9b319b4ebcc533515996788f2c7b780d487555edc3ac4e0433110b2,1,1,Microtronix.xml
+581745a360a493ced8c8bfa3a0c7a254f8849914d044284b63dd6400ed6f1e53,1,1,Miles-and-more.xml
+ea215ed16accf736366b380b06667a98ae300a6624277cc4c0b00ef82b87d316,0,1,MilkAndMore.xml
+6028c542090a205e31ad2cc71d109b7fa9f689e1d15064565afffa289860de6d,0,1,Millward-Brown.xml
+835ad6f02f0eea1e5a30f1bee9bd82f033b98f98c3e00dccae023635bc45ec84,1,1,Milonic.xml
+add16d917823cae95cb8fd37fa16fc8a30fb8abcb40d7d20317ef40115edaf2a,1,0,Minnesota-Public-Radio.xml
+9a6e79f0a137ef90758d5c9a6f4895963394f6841aee72f9b07fc458f89af5a9,1,0,Minted.xml
+aefdba42206c35b8b4c727e5174beca2cc9054e71405dc1fb04e58935e610c22,1,0,Miranda-IM.xml
+1c912cdd8a192d284723cd6aa022312be9af7d9d0f153ebd9332012212f7edd0,0,1,Miretail.com.xml
+05bdaa40888fb732b2dc4381eaec841becaa28c3a7ce521d309e31d46a5fe535,1,1,Mirror_Image_Internet.xml
+2fab3b5ae13f2fa84cac1b55ad4db417d235bb8c5b29182ba71fed019e20fe3e,0,1,Mirror_Reader_Offers.co.uk.xml
+b9b028b50744e726c2e0c1bba9b6d802bee0564067ab79a12f9f78db5a228efc,1,0,Misco.co.uk.xml
+e554b7787400fbb24420ffbaf18e8720e2711d0d7d5b01d57a6bc870d734678e,1,1,Mises.org.xml
+ef78bc469ee9ca1c5c6b5b7c55101de1b9f2e9bc5cb7635f55f72600da08a9c4,0,1,Mitsubishi.com.xml
+1083e6774f86f72f52db8ee1e5af98ac18d3badfa29f14c9210828dcaac4ffdc,1,0,Mixi.xml
+9445dcde76ee2f34507e683a0d830c835f5bdfa09605a3aa3acb4c5fb20e03eb,1,0,Mktoresp.com.xml
+e275fb63878dce4b9c0f53f39a068de38150abe580c9a232dcd84ead64a5e7f5,1,1,Moana_Surfrider.xml
+8f55bcfefb95327bb770495d7ed62175cffdf74e0a3f0ccd94b4dd42a1f64cdc,1,0,Moat_ads.com.xml
+0fc2d07c9cf4aa5580639fcc5ee5036b64df0422493aec017902367b6f7e10a7,1,0,MobStac.xml
+c7d6720b5f52ce6dbe90284cc5959d66c703a8db5ca33b998dd5821c131ca0c2,0,1,Mobile_Asia_Expo.xml
+089e42772722545c5013f3a48f05429db2991825eadaf29c1b80ccd769f4621a,1,1,Mochimedia.xml
+2aeed5b7608ed2cd5fbf95b9d233412e2b384dcb179cd0cd0b4be180f3a7b1c4,1,1,ModCloth.com.xml
+b0345c7f91042137a6196fc88f878d90cbc0e0621cb180f170e4b740d0230d82,0,1,Model_Mayhem-problematic.xml
+4148c9b370612b0072de8612e1795ff902efa5b5df42e1210c2f55bb0cd1d1f1,0,1,Modernus.xml
+b1e394fc6288df5f9d71a5795a3cfa2d868caf9a2d390259efb4f9a10aaa9e55,1,1,Moevideo.xml
+ffbf6ec6cfeef71b445211a87e4abe5ef1794e3d4fadb7d684ac90ac68533790,1,1,Money_Advice_Service_UK.xml
+4bdaf1c97ff84b0efb5970546093f4f4db2eff4b179667e41f78c050ee8a7f8e,1,1,Money_Saving_Expert.com.xml
+6c048760a7ae095bfd1d6f9fc51c634fb1a957e74f12f507135657c892090544,1,1,Mongabay.com.xml
+5480c8f1066022ccbd76c4cb65300e8f17f92e78c9468941e602eefc9911049f,1,0,Monsoon.xml
+238ba4857662f3a517f6702615d82e0a1789818c3f8e46200e18fbcb940206a9,1,1,Moon-ray.com.xml
+4098104d988c1e099f8131293582ffa74b214c84a0a6993f0dcb47dfdc166957,1,1,Morningstar.co.uk.xml
+06558325d916258454668fd676d1b26c4d0fd1de1413eb5256ef48a1956982bf,0,1,Morrisons-Corporate.com.xml
+e53b3dc48c8ebd8f953aa97db6e25331e51bb2781deac42f66180111e86274c9,1,1,Mosaic_Science.com.xml
+9ff01f7451d40691041ce184f700a74a77d67f31caafb8c3ca51d2afb9c7dc34,0,1,Motherless-media.xml
+6b4d8b8bbca99cd49c35ed81feea4d6f9d114213c670b2fbe7a947c8a7402dcd,1,1,Motherless.xml
+28a1b8fece126fb6620710ba56206bdeaffaa183d651c6c1c73a01a905de9059,0,1,Motigo.xml
+9a396c4dfe639ec6a63950420ebc1efeea0db0b034a9aba8c17a1af27b398352,0,1,Mount_Sinai.org.xml
+a1fa4d3ec8a62b93ed15cb141d7695f212f3dea2ddf0d4bce8654007987fd390,0,1,Mountain_Reservations.xml
+ad4b1e8c1f59d04a31d7c7b38de53205afb93bd575bee9e5353faf1e50cbcbc0,1,0,Mozdev-mismatches.xml
+743d8a5b68767e40138a06b7b5c3a1818337da7cea2ac37a282648b50974d04d,0,1,Mpx.xml
+ec70fa255895ba360493d2626c45911c22b80a49c5df9cb2f8f137846ceb0423,1,1,Msecnd.net.xml
+7976850527330f739448b947975b090d96b2bd01231b0376850a91033b941263,0,1,Muenchen.de.xml
+92c56ceb1370a552004ddf10ce50549f1d2099bbb296a6a414b2c9189cb1628d,0,1,MujBiz.cz.xml
+24a9a73f549eac48c4bd59bf8b2073bbba79cca79d84e3f8740e92c12e109413,0,1,Mullet.se.xml
+d2739263216b14436f55796854cf692ca03d4a305dc16dbe076a0ab077025e27,1,1,MultiSoft.xml
+5bef5c96def6636cfa60ba4bf92f25f9c182090f32130652dc0cbdc42fd505f3,1,1,Muni.cz.xml
+1a7511feb844171b7d853bc0273709cdf66649de2c2534ab1da21d6f5edf4cae,0,1,Museter.com-problematic.xml
+595e5a64455b0b23e67eb68b4e2cea4a6dbf424a07ab0fdb0231ded129adf7c0,1,0,Musicmetric.xml
+f42b8995cf8e8f8bed79d16d7155dea2522c8ba86dbdf63d5d82f88dd55fd614,0,1,Musikerforbundet.se.xml
+58a0fe0af15bd31fe5ec464807b08e208942049af861bb5440dfbba113271ccd,0,1,Mutantbrains.com.xml
+f89912846dc35b7b76c3ffce935c027fc0cfc569f75fd3c46270c260be6c5257,1,0,MyBuys.xml
+858230326c95e8f2e929b75459cc15aa2c7835928ed9db020e30f8f098bff621,1,1,MyTextGraphics.com.xml
+24d8bde990098ee1fed9b972e657433a4c1bf758a46d4063a668d58a2195abe2,1,1,My_Sullivan_News.com.xml
+4b89388d8b0e5f2c3f1114e50a5448bf371c53ea1a0b3bffcc968537df955ee0,0,1,Myhappyoffice.com.xml
+3102bccb45e89458c7d87c9004dd4a8f72ae88d3b01cd06a4ea6180a55036e9d,1,0,Myjobscotland.gov.uk.xml
+6524177cc322ec5eb14b8d9f5dcb0533874470422c2eb6160bbce281b3389fe3,1,0,Myregisteredsite.com.xml
+d9d037ffaa0d96eadc704dcfe9933c34961a4f1df39c800f496cba49c7174775,0,1,Mythical_Creatures_List.xml
+5fe0e1985e02f37e759a7388016c1343216120569d7254393d814adaa23d4f56,0,1,NAB.org.xml
+6b3df5ce283c7db4d6befd6a3c453a717cc7afd37a8737143325fce125e7ce59,1,0,NASA.gov.xml
+c30973dec56755f1de9304259af19b8145a0a571d6f7310a3b11195da023277f,0,1,NAVTEQ-problematic.xml
+83764b0e29046566cd51a6bcb9db58f8f7f8ceb45c59aed3e06e0367402fa2de,1,1,NCRIC.xml
+ef7d0c3649a77dde9f58d11fb9e77a0bce840e89177a6d853a3a50f37d138e78,0,1,NCTA.com.xml
+7f9b052555e00b4547eba435df9b0ada941b3b92146ea4bf7c4f8327179ef236,1,0,NEC_Display.com.xml
+4af8504478403141e13018b68dda2ca244cb990aac167268c0b51b3cbaaf649d,0,1,NIC.ad.jp.xml
+265295ed36d711a85ed56ee0a9984023a73ed3eb8bf449e3b270eda766fc56df,0,1,NIC.br.xml
+4aacfd1dff2d8f973a210019ccddd21d8e41afee921f582573ec8bdece14f27e,0,1,NICTA.xml
+98d863aa4168e437d6e0789f3b254cf5ce81c7bcbfc8df10581a03b33aa934b0,1,1,NJIT.edu.xml
+aeb084ed7d88d7b9e5f5adb3e28ef7b99206c53f4492d6d1b2cfbbd434e8657a,0,1,NJ_Edge.Net.xml
+b8a8048fa9d78e8f49ad9eb38a05c4dd88ad22df91e48f65496580938fde7370,1,1,NPO.nl.xml
+99a479c07d49448c6cd8f8e92d29c3c6ffaef57c428719b97c5fb1abe9ae4e16,1,1,NRAO.edu.xml
+f3161aaef5e1b8c8ff003407b46075792e538cba3c966cb04eae44220d606e5c,1,1,NTI.org.xml
+82b8c6fdce49f6cfec8a5af5a439ab933d6db04d1a96dd8bd79b398fde7ed662,0,1,NTU.xml
+6d5cbfcc8c9be0f7aed82f53f645a4a1aa507fd4bbe1e200a57f541ed33f5951,1,1,NYK_Europe.com.xml
+e839742e70b958a9ba7c9c64e2c25a3ea8b5a8d2acac5ede9eebf815505261dc,0,1,NZ_Herald.co.nz-problematic.xml
+e567c9f23505545a46c3f2094019189ec0bb0753d4042e09b9c3e4e4305ab2fe,1,1,Nandos.com.xml
+87d7cec32a9c98d029b8a7748f45f03a4c405f4b10af0c7dbf63a655a2f2501e,1,1,Nasuni.com.xml
+2025891cb707c5cb4bca8f7cfda7411a3b7c03084986c794c01d9966646ce307,1,1,National-Defense-Industrial-Association.xml
+b403cfeb4dba33d69d8496bb0afcb0815d8c611efce1f202f48a522aa6a258ad,1,0,National-Express.xml
+89e0c10cfdb60707da37a41b1bf06aa0f9db7c9ff759a4cbb8e94d772ca0bf75,1,0,National-Rail-Enquiries.xml
+77df8cd849c8f7755860365c3cb10c51ed391f95ad21327a88546086eb5a29f9,1,0,National-Science-Foundation.xml
+12eaba9bec7055b45b10dbdc36cfee93e480124f3cec55814ebc49fad23ff395,0,1,National-University-of-Ireland-mismatches.xml
+1fdbf03f38170dbf7fcc2e857edff149d2fc104f1cfe992e3346a6eaea3d9801,0,1,National_Priorities.org.xml
+0faca68701fed7d481ef2d407adb2988bb09737e4256fc13d94de4d50be29dcb,0,1,Nationale-IT-Security-Monitor.nl.xml
+c7a70c28854efe3443f37272478b64dc380b698ed063523ca0ae1afb3f3e9e1f,1,1,Nature_Shop.xml
+5fa991b9e337ffa71bfe80e49dcb48b46deac649f5bc33ea192903e0b44e7ca5,0,1,Naturvardsverket.se.xml
+1ce6aeb3e8c850b840ca30e2cc528f96fecf148fcdfcbbf4a0f6a633bb80c139,1,1,Navigant_Research.com.xml
+f1f93c4e6980e6ab9b58509fc5d1798975dc15bbeca4e33e5b90b19b304b8eb2,0,1,NeedMoreHits.com.xml
+53753f70998bf7ad4a70d4bca054a29485a0287e724015af709a44c638f36a3e,1,1,Nelonenmedia.fi.xml
+076624231a6913176a0296ea2fe8a98784d1331620d5cf7ec74230ce6d0ef229,1,1,Neobits.xml
+fe9a3b6a1ac58f6ed1d45edd7cd8aeb302d6a2f11d4db3d7b093b0e24c90c586,1,1,Neobookings.xml
+fb32bb1ec593963f579fc3218ced702def3c8820d295959e6791c1bb63837079,1,1,Nestle.xml
+58abadc12a0456ae8c4b9aed73cc326c59a0deb6cc9149476a1e44258cf308ff,1,1,Nestle_Scholler.xml
+dfb0e98c4fb750595bab6bc5a906c3f761003182e48d125371b2abb097d7377e,1,0,Net-Applications.xml
+3c93eb0d86d7235cf74032dd20892ef50387432c6d0a04bc0c5b2638efbf55d6,0,1,Net-Results.xml
+06a292203f1fb162f9eb6f48a60f5c5cf2fd82e2141c3be9b382da5a1a9580f2,1,1,NetLock.xml
+1d82d222efef097970af2ddde784abc4a54e9f0d7c72273efdd5a365eaadb215,1,1,Netcraft.com.xml
+424e493955331bd50889c4502677e64c6740246f98a855d6c499e2b8a576bd47,0,1,Netdialog.se.xml
+8da4a8d34c363318d78948b6d198a61b8b371b1eceb28751a2abe6a12904f4f0,1,0,Netflix.xml
+5bc65fba1edbd23a2c1127a5c66a01bc20ffc899e4abb0e6f1b4d05a639dd9c1,0,1,NetflixCanada.xml
+a27dc054f220c4e805fa21edb4a88bacd93be2033e19e33559d95a33df0ad418,1,1,Netguava.xml
+9479b1110a9b8792a5adf6e615bf3163bb867be0b95702bc1750af4ea2d6612b,0,1,Netswarm.net.xml
+090825ece5ea8c028837cbad251e6d80c0ab2612a3c5d4a6fdd4e651e24d4e17,1,0,Network-Depot.xml
+856a5e62ba2039659dfd6a0c341644c7cc94edbfcda039c0bbf2934c2fa6e490,0,1,Network-Redux.xml
+e39fb5c2ac9f1e495df9e58f17d8a4d761fe13825842ce000695d72bd0fec453,1,1,Network-Solutions.xml
+f1fcbae55c19d23c37bb4aede7c4f4beb0e2679890986b4e27ff088629f72bb1,1,0,NetworkedBlogs.xml
+dacbd937f1ec4f670a6b0f8e96831e58a65d461d22e0af250d92f241aac97059,1,0,New-York-University.xml
+f1fe546e322fc153e0c39bed532de0adde5d347f9b0785bdbb0212f60735af1d,0,1,New-nations.net.xml
+d47c31823f5affb8112f9b876508ea8cbe9c5c8888dd62fce6e94a49fc97ae7a,0,1,New_England_Journal_of_Medicine-problematic.xml
+f6af7fa84ba50b9a6fa5f194ca8b7eef1d4daeaf336129c15e63e126e516d9bb,1,0,New_England_Journal_of_Medicine.xml
+c726927c171b0ef46e22776ef84b862d65b67640d6bf0c04236116037f7f4658,1,1,New_Look.xml
+0460e9ed532d3f86f91064c6351cdf3910283bf26129ff8b9c0058ff5158759e,1,0,NewsCred.com.xml
+46cd5693a88f0c256c5ac5c5a02a6c0132b2f41f9997f6d98819d7d273b86c10,1,1,News_Funnel.xml
+a441436f47337705595460deaf9fcc0940b86b7e36ebda3cf9d947e0034c458e,1,1,Newsnet5.com.xml
+062c7a379d68a9a26d9445a86c7445b28d7f0c6d37a00280e9a6227855935654,1,1,Next-Update.xml
+3c57c2411ec4710cf0f5d9cf22ba0ce485a6a937aef4636b2fc5d60952aeb49b,0,1,NextRegister.com.xml
+ba5164f38a24d39d86f53ca602a4f7dd6588321e91dd31f3a41900e8235bfd1a,1,1,Nextgen-Gallery.com.xml
+3827f1f331ee1cfd087a75708156fe6dd1d78bf73689aa0e3f05e769f9ae7599,1,1,Nextgen_Auto_Parts.com.xml
+e4c1681bae2ceccfdfaaaffc32bdbedc097bd0b4ce9e484269bc7a8205ac5077,0,1,NiKec_Solutions.xml
+f97765db8ea0f75e2d5ce711e6454cd9b692e372e5e1ef99be2d15f2e44ec290,0,1,Nic.ir.xml
+346f439850c55caca5a78b5fc94710c205fbfdb3058553be31a46f6d12cf57aa,1,1,NiceKicks.com.xml
+5204e3581002355bd1567fa463b03daf14441600b888f345e1bd90bc0bd6644b,1,0,Niden.net.xml
+18ea11350b57bb0d7255c935b1f98fd8e0d7cad093cc814332920b14bd6e26da,0,1,Nightmarish-Dream.ru.xml
+ec01a5ee8630f2b83f7cd7bad3f4f4facf7fc17e717948751dbbf3e5563d3aa5,1,0,Nimbus_Hosting.xml
+a0f578f005779d8470ae10f1de0613020df1cbc8fe7fc5e8631a9fbf80512b1a,1,0,Nimenhuuto.com.xml
+19783adc449fb3c8149fc04770bab48e746409509239b2b416df034b4c5ec8a6,1,0,No_Starch_Press.xml
+debf94c52eec0428247d415d13cd14dbe048783d7ade4dd8ec829dcebbf97b47,0,1,Node_Security.io.xml
+8696b3d48a2371a343e0d10fb94f0310dd4d3e7884a7709d44843cf989d1bb15,1,0,Nokia_Siemens_Networks.xml
+d293276c96add15789fd139b6fb190bd50daf5959c426ddd1f65683c3fddec70,1,1,Non_Profit_Soapbox.com.xml
+8e7d3d54f3b3fcec404bce21849e00674a9584c262546e559d5a5844e6e3e82e,0,1,NordicHardware-mismatches.xml
+aa1619c02d07a8ad0e6e70d89453c9a7ad9b584cbe9f8ddfaea876ab46a59e44,0,1,Nordnet.se.xml
+fa6721f746512e5e4a8c64511e6726f1f815515a40851600355c0cf2cf4d41a7,0,1,Nordu.net.xml
+9c28e75e4e9e205b0480ab3255a05302a1faa57199f1541fe977bb077adb5b45,1,0,Northern_Tool.com.xml
+3c50d2e792ad7f86dfda1549fd4439d310b29f24094476e31666decfe77d9246,1,0,Northwestern_University.xml
+ea5981b9239016c61c8e430bc78234472035d90d5a111c75b5e9c19673d0684d,1,1,Norwalk_Reflector.xml
+ad056a6b989f162bc636a3de58b8064b41555bd6822b91bc47c0fde6a77dd24d,0,1,Novartisart.com.xml
+005d6ae4ecf390a96f0cabfa24bf3542de3358ed187c7d3fb6a9ceae451436c0,1,1,Npmawesome.com.xml
+86f390fef8e11c744e2b29a3ece207146ab8aa3d7d9520bbf034b9eccda38b7e,1,1,Npower.xml
+968ecdfba1b77f1e7d9ad0883bea2141a1bed5e8e66cc17f596f494904f959bc,0,1,Nttxstore.xml
+4389ff81399428de5835dcde6360c9355bd8bb30deca633fdcb442ed80e8279a,1,1,Ntwk45.xml
+8709dffade12885b49fe17396188fea66efa63feec67b4bd6450471210bcf54c,1,1,Nu_Image_Medical.xml
+74ee38c39c1732564c41660c16c36683c46aafc6785922df598dbf2c7d57057c,1,1,Nuclear-Blast.xml
+d16090d0d492da8b08cbedeef767e7654cdd46ac59ea36e79ec69d96672d33c5,1,1,Numato.com.xml
+cc50a9830d7a6ff8d19a2bb287d16061d1c06460547e7751ce3e44db8e3ca24a,0,1,Numergy.com.xml
+3549eafd309d3b4297a5c35cf3a6d5c49609a2369e6b86ec8329e62e9d7e5c18,0,1,Numsys.eu.xml
+d58912467627d4166913d3dcc6dbc6cdeff23bc192ddcde160f7284bc486fc57,0,1,OECD_iLibrary.xml
+604247fbc7405879ce5a0826368eef0b4799ac85361c5fa7ee0f10f961746b8f,1,1,ONEhelp.xml
+9a26195dc6d04b530cd64200f8298b482310e35b4a3186da8fe3b9ec6da3e510,0,1,ONEnews.xml
+c72d15ad574f5ad66d6458b440ecc89bf91f2004f4cc1452e2ebad2cc88ebde0,0,1,ONEweb.xml
+728de152c63f2b49cb0589754e38e8b4871fa8e61d9a6c3232d79574ca4c7241,0,1,OODA.com.xml
+f3b1426c891d64e2e32774be6acd55bc97c1a05d82b1ae8cdb4dfe2100275db0,0,1,OODA_Loop.com.xml
+4d183bce74e88eaa5bb7c8d5a64c015ccb1e76ea1a6737c03f209017aba39a13,1,0,OVPN.xml
+e79232198ecd818d2c8984bcb40357ff099f8916aee9743b4ab5cd29856f0b30,0,1,Obermassing.at.xml
+7a6389ef271a9d5a4dd6cc58ca95d36ee4fd49f8166edb672462ea728bee070d,0,1,Object_Security.xml
+74bd810666ffdb4fb2893f61b6ec93bac1fb8d2bdad9562cde970cece038f8e6,0,1,Ocron_USA.net.xml
+9f666a13d6dedffd0bd201d9a652bbea8f91f6d041de1302d6ebecc12e39cee9,0,1,Odevzdej.cz.xml
+ee9c9295fb3a208cc0b9796284238ad0f8fe79bde323ddb10029757a43887bf2,1,0,Odnoklassniki.ru.xml
+9ee2f486b20494ec87d2a1a4d7a436cb9c9fa66a792615927db08fc465e66923,0,1,Oe24.xml
+df2add100cd65ade870829bb1bca5dc06439fe3f15a4175bf92dc91418442725,1,0,Ofcom.org.uk.xml
+f1b954f78d24f7feeb7e04dac5fcdc774536df6891966380a0a1b2b497f95a92,1,0,Office.net.xml
+513d049368e3e03cb55f62920d316fd1658ff0886d1c98e27d0827055945a5dd,1,1,Office_Depot.xml
+a5b1318588cdcee1f4bdc1f20f342fb7e1e35521d34cd932f1176a1f188e6412,1,0,Officer_Down_Memorial_Page.xml
+5b55ee39e40189e984150ee57a844755de14b0927b9db79c61141d9fd9b1b574,0,1,Officersforbundet.se.xml
+eace07c9f40c8d1d737e1b1bf7ed811a6b93db64bcf35173c0db7463c02177a8,1,1,OmNovia-Technologies.xml
+543885653524b4a430d6bc05d5f0a915f8d2044b4a68210f400556475b617177,0,1,Omar_and_Will.com.xml
+497e4ef7981352ec9ab7c69c941e8dc50397ea32e225ad167258f3394047074d,1,1,Omaze.com.xml
+337868f3fa4ea5f7e775c58846ee41725e2bd31593b02a28804608ae479f4b32,1,1,Omaze.info.xml
+8eb315d424c1f4c13d69aef362350cc4f875291e6999d20d681ff77897022afb,1,0,Omeda.xml
+1d30f88270fece51ca75bad3af5f518d43b171b14e21ccd1166091b75c32bc12,0,1,Omniture.com.xml
+a75d4a62d470552e6ef9bcfecdd60e98f64930d84abca3e881cb3bc45e3f4518,1,0,Omtrdc.net.xml
+b4c5be316c8e413132d05640a58ba95e417021edfc0d625ac68ab4ca83c980bf,1,1,On-web.fr.xml
+1aa14c17aa4ef45659e1c0074208010389305aa5082249d6a70e108b55eb6bce,1,1,OnSugar.xml
+b62ddde7fe33d20f642cf8c4e03631afd45115f0cb94b9cbb7fa935c6cdf7d0e,1,1,One2Buy.xml
+fd71abc09391e0ebe4bbddd07f0e125e4e7d5fa442699c8180d350a0f04f4369,1,0,OneExchange.xml
+6dc92cee48556d89af4e82ce71e74ac9f797208689b7f351b93f2925f1a6529c,1,1,OneTaste.us.xml
+9d8246d0d33f52be5c89b398480ebadc3dc02f64e777daa066468c90a3906f84,1,0,One_Eyed_Man.net.xml
+0fc75f45ec3cbe2a8aae5bfd4d8f7fed37c17715033f2e9fbb3313fa8cfc2dce,0,1,One_in_3_Campaign.xml
+85ec8a42fc22df80efb738d7412c23f20c4270050280b12b13bb675eadedd42c,1,1,Onepager.xml
+02db8653ddfd7b04c789b65fadb6a8f65a56512f0e66a17925d9fc123bdf1c45,0,1,Onion.to.xml
+9200b7fda3c5624a030596856bac74a8aec47aa637d3c572738e3d7cca4556db,1,1,Online-convert.com.xml
+090726845bf1a7336dcf4b17cc5fd367393dc83cd61cb47480c05e9443fa6053,0,1,Onlinecreditcenter6.com.xml
+3ab0f58022ec25cfb953faee2bc9221c0a8440f250efc15d461033ccff06e042,0,1,Onlychange.com.xml
+78bac39af92a9662e70e310bac91bd8199e6836d0d1525f6030ca955bff3b38b,0,1,Onlyoffice.com.xml
+4451bf75cf6c947ca73f64b8deffb43eeea5f8f6bad4de32b40947b6acb816ed,1,1,Onstream_secure.com.xml
+dd51b1a05bce8252c471fe1e9ccc7ad3d295ab21d3f59485bfd45fb9392e1510,0,1,Ontario-Lung-Assoc.xml
+acafd275568454c22d4e6503b39246589eaabbfee280841d01b981a06e280fd6,1,1,Ooshirts.com.xml
+01ebddd2e42156535f850bd17d2855ea4d5cfcee2ac2d2c578e72385980f0182,1,1,OpenAdultDirectory.com.xml
+1dab5d9a056a6da15ef84d7a1cca305a4983a764da763c16c5f100c698f58c95,1,0,OpenCCC.xml
+cde322a388021fd678242253e1553602e42ca30238c48f4c0ae454c292fbe92e,0,1,OpenDZ.xml
+cfb20b50100cb3882d14da48ac922d0c7676fa21a9fa253934642b5cdfe0993d,1,0,OpenSRS.com.xml
+844a36d59938c66a965aa67a15d31a2376a10ff96420716e5c17b03e344822fa,1,1,OpenText.xml
+79b6f8f68eb3378456d604d32e2e10715d3aadf7e63bc6aed8bfe10533de3ff5,1,0,Open_Badges.xml
+52350bbf1f39b4f68721565615079a474494c0e285de5cc9ea08d414c11e3ea0,1,1,Openbaar_Ministerie.xml
+2013ceb768b7fb2e6ae7f5b25d5367595d6e665101205f208b092c0d4280b715,0,1,Opscode.com.xml
+2219f813d8e5729e90465151e21fec4c4983e78603af8a034b308bd1202643c1,0,1,Opsmate.xml
+e679e81cba89cfa6fe912e2750e9b2d63c212e8cfca50d110cad41576febf413,1,0,Optimizely.xml
+0d4d289bd08afe7cf3746463b1583ecbe548148093efba3b9d0c6b284b3d7adf,1,1,Oracle_outsourcing.com.xml
+056eb34319c7780b742ac8b8d770b2d059abdb70c2426b70a7ef35036d71b50b,1,1,Oregon_Live.com.xml
+295f868cf31e0503aa4895b15b142c28ec12e8b41a43dcbc4d22748af91def7a,1,0,Osmo.xml
+9a1ed180ddfce3019a6fe50d73e329c7ea2b0e3496ee5d9970aaae538c11ef17,0,1,Our_Tesco.com.xml
+71e57056b2bb6b821f6d15d459b9e1dab4127b457ef251b5c5e90aa39c09a533,1,1,Out-Law.com.xml
+c50eaa29c08c79598b85124d8472c939cbb08abcd36df7a21512bb92606cb600,1,1,Outernet.is.xml
+ff199168eef28407f5f4ec85c4a28f7c4bb363a2b1902a775788789754cde2e4,0,1,Oversee-mismatches.xml
+54aacde8fa49999c42572bac76d792ea3b489037f2d5b39d010dcad5a198eed1,1,0,Overstock.com.xml
+5e7c404505b85db849540392423e02d918afac5c262a77d56b9c54455c5d3020,0,1,Ovh-mismatches.xml
+b41b819bf65541edbc0cb4992fbf183ebe9a74e28d2eace3e0b7597b9b782dc5,0,1,Ovid.xml
+a2a23af5c2ae4a75d2bc089e535640eeeecc2dc198cd238a388b41feb8da12bb,0,1,Oyunhizmetleri.com.xml
+933469a7c612ed85c345b6b85e40ddc0869c4af696fe8fd142568624b55d602b,0,1,P-tano.com.xml
+ab6e11c74e0a8ed13d35553f3c8de56b8f5d9e134ddf5e600c9d9ccf29d202fc,1,1,PAL_cdn.com.xml
+3754825b11533fbebbb1f5555b448bad53f94dbb64c192d50d991717e48e4f1e,0,1,PANGAEA.xml
+04aa3907bd8de99537bde8f2f79aeb002ba7887efaebee3f1f3a615d4893b320,1,0,PBworks.xml
+57852e0864d16be6b308ff132e6c5d7a81b60be2ce25eefbe8daf25f7b33a7c7,0,1,PET-Portal.eu.xml
+dbd90f2c99bc31ae808344a6087f970e33788e1c8cde66d1768711db380133ff,1,1,PGi.xml
+2801efe212e1b86bd6c0f60c0b6aa71a13e10b92d1b1b35d41c24c8de8bc4fec,1,1,PHP_magazin.xml
+a64aadfc5703638d06d42fb40b03ed571d3553b67c5b8ef1c2ccbb3ca41ed3fc,1,1,PIERS.xml
+e003a3a5770e69050c1accb50e3688d18332e9afc5709c67d6ed37b21143d042,1,1,PJM.com.xml
+10733d148895545263de6b0d9b06e117bfbcc51765f53ce07718badd8ca9932c,1,0,PKWARE.com.xml
+78b114e3756ec21b948939f187308f695fccbaf94f4cc8f588f262d84d44acf5,0,1,PLYmedia.com.xml
+c4e5e8c4a2597b41871e044bfed5428d959056ee54b7e13374e61dd4447e74ba,1,0,POS_Portal.com.xml
+7728e9fa911551ac1d6f4a1e5c915bf7794c3036d4c85a809b2ddbe7b402ccdb,1,1,PPCoin.xml
+05c868c1c858abd8e57044f301b234c281562fb4e81b4b95d3102e61e9eae0da,1,1,PRWeb.xml
+42245e71c26f7b89f3877f043be47ebd89ba171ef04916472adcfd8466b7b5b7,0,1,PS3Crunch.xml
+fca579bef6575b699d2f3239f2aa31a80efc1c780a771e3eabdbd3b67d87d594,1,1,PSZAF.xml
+7bdaad22def9753b5c864b140690cfdb16095e8aa6ace2342abab2bd7847b6ab,1,1,Pabo.xml
+57aed24e9b9918af2c3000fc9dad59aad8643cfa4f4dd7fbd4d1a7ce8bff2ad7,1,1,Pace.com.xml
+eddd4d652f2dee5873d15813e51565a53671c97a859b85ca9b0e15a5fc2e48a8,1,1,Pace2Race.xml
+71054b6da4f4cadf2c038d4b31bb68e148084e4ffa94ee3980f98d6f97a8493c,0,1,Packt_Publishing-problematic.xml
+993dc3f9d1e08eb3a27b37543742ceb167bf5ac80930af48325e4284b0858397,0,1,Paket_de.xml
+e89d28ccda24a3b1cc9b37d3d269747a51d052aad6911ca7870a1b8a85212c3a,0,1,Palgrave.com.xml
+e557b6f440d476e55abb4d57ecc833bd70b1d43508f88aa2a7188c8b517ca1ff,0,1,PamConsult-mismatches.xml
+0e122fc15bd797982d15495539527f1952384f9f0e1d9a4f58ed9121aeccc471,0,1,PamConsult.xml
+2c02f527aac3a3b6ed1c50ccb0cc60f3071cdece9fb572a42d504f1f8507a27b,0,1,Panstwomiasto.xml
+66fd01bbbea23106a839b1b18364ed9781c70ab62c2b2c90fe21e27c02059daf,1,0,Pantheon.xml
+3d66d95fcc8eaff8c7fe025a95dc9990b8682f63e90359a2dce7f7d99117dd31,1,1,Paper_Mart.com.xml
+09cef0ecb2ffb1cb24d69ad9dfe80691d9d4ed827a8bd5256f1fb755ee71e1fc,0,1,Paradysz.xml
+2f11118b0aef6afd296fb8da24c425d5a3cf9142abdb8d48e51173074563d33d,1,1,Parallax.com.xml
+081de7e48c0be2a33abea11175c4af99f366194f21a664648fbd4e196b307f19,0,1,Paramount-Pictures.xml
+34d03a76bac9becd0ff8d0b1731df9311e583642f0e6cd4703b548021f4ac3c5,0,1,Pardot-mismatches.xml
+fdaf728f0d1645316bcb99336155adde2f724bad59b80e1518b30aba749e3ee5,0,1,Pardus.org.tr.xml
+8248f3806e6f85c5e29de65e505f6a5a4ab232d37173b9317ac6ef9fd4a944d5,0,1,Parker_Soft.co.uk.xml
+605051aad6959d5abacd3ea353c7176b9c5d7ae0d17e5792e944bb2948862375,0,1,Parrot.xml
+95355ec4cadb259b3053a38718cc8377c7fedb4b836845d8c3fcbc377a388b9f,1,1,Parse.ly.xml
+733577a614581c6c478432a6ebf5d60213d26161fd6bef61dcbfe441947c7c55,1,1,PassageBank.xml
+4627a7d8ff44d737bfb4c58d14430e8b141ecc16773a5728f4ae45ccf949deb7,1,1,Passion-Radio.com.xml
+7a7079f1bf3bcbaeb2c4d8a2c59f77d25956e4cd3aebab78ab1bc67f3f3df7ab,0,1,Passwd.hu.xml
+54bd67e965c51bf2587b2fc9952c21cb6de9fadf10e2b9554dcbe9da50b06779,1,1,Patexia.xml
+ed6cfba3387faae39123d9d8bcdca58ce96ca56fa36d4e78a0d87de9ebdfd664,1,0,PatientsLikeMe.com.xml
+935e0d2a2d60b5c793084c7a8345d04c58f4522bf9f620b1bcd410b454f23da7,1,0,Patreon.com.xml
+f9b23a9e9264d7f43f499ca056d36506c1c77eb873f333d6b2fd51adaab46c0f,1,1,Paxton_Record.xml
+f5ea970abc9b98f05c5d2d938d268b5f7ee2ffe08896b2732d2873eeaae7920c,1,0,PayGarden.com.xml
+8a4688c9225f39cdbd0bdf2461b215687a6e52fb158187d9cd52f0a794ae3995,1,1,Paymentech.com.xml
+cafaa354707ae4551d9e4cb2418f7693aae919a2b64cb9fd74668ba93ae62471,0,1,Pdadb.net.xml
+b734d20b4fa8db4e550c2063fe1f7571aa9255d4fba08668b7607e9075f9183f,1,1,Peace_Center_for_the_Performing_Arts.xml
+7ace65d7a07d3b5a62cdf6ea0e4d7aaa66e35a4cc4aa08dd49b9cb6410404a06,0,1,Peacefire.org.xml
+7906a49f15a7f530524ab186dccb29610399fda324d86a5e79806978facdfe9a,0,1,Pearson_Computing.net.xml
+caa27cb47eded0e0a39c74eafdd4e7c03be9a837ffebc3ea450bda58327668db,1,0,Pebble.xml
+1eb02087c60fb6dba349d89674f8fa25ac18106e527f762be774f5a3a56e0a6d,1,1,Peepd.xml
+426d215a62ea00ec4b4a5d36dd506982854831af3ee1dda5dac04acf588f886b,0,1,Peerius.com-problematic.xml
+da6ba14b9cc80cecf84262cd3e6035386578d6d27ae3061bf5cae3216eea3959,1,1,Peerius.com.xml
+a130c2186838ac25cf952bcc67cca009371321b3acbe4fc721309b72aad7027c,0,1,Pegelf.de.xml
+5ce21d515b34843606f42926f22d007948926b66c7cecc29c72c4a2753a71e1b,1,0,Pennsylvania-State-University.xml
+540cd8a82fb1de07061e983359475b2cbf144af5a1b98ef4b981f87982f3a7f9,0,1,Pensionsmyndigheten.se.xml
+96ac5d215f1b378cba2ae89c100c0f5c6c3a3ff562a31e622bc2dc04d49a5c69,1,0,Peoples_Choice_Awards.xml
+fb65b454d3712cdee0a55cde951214ff2906d1eecaf62927fc9baf552fe2a25f,0,1,Perfect_Market.com-problematic.xml
+a5c12d8025be3318d62d91387f841317857f79bb9aab652f91d65c755e8e47dc,0,1,Perfect_Sense_Digital.xml
+715bd34f865b02b1fd27059e7e4f542d3fc90d8f50d8bff1bac8666f2197e728,1,0,Personforce.xml
+bfed1f967eb05dabbd243cb0d4d1aa66de3bcb8ac299dfdb7a2d69b385b2a4e1,0,1,Pfizer_pro.com.xml
+aaf2de240b5d11f6a9714d588bbf7638e296302ae88da0d3f838097315d52f86,0,1,Pheedcontent.com.xml
+10c216db9072d4143dfe8c2573933753ef48295f0919f6baf00ca7358984521c,1,1,Philosophers_Guild.com.xml
+45dec8d1365b75a84a445c92227162ccff6526198d3af9b30e06c8c5b7a51e8a,1,1,Photobucket.xml
+016eb2664abc5fd82f5c2b38a525d838a57f2fce95ba0bb099a593c3e38665d0,1,0,PhpBB.xml
+444c82f47f7eac33666d99279e34013195eac91a77c5c4374dd870daa2ef425d,1,0,Phparchitect.xml
+b72e4e9f7d21bbce5b9e2a9ddd1a3b4455b44f2ad25ffc29e34ea737004745f6,1,1,Piatt_County_Journal-Republican.xml
+571e8129bb73ac64284c6a7cd6e8aba1cd9515297417c5d446e4b3f0f8de0f90,1,1,Pickaweb.xml
+cf7b1bd5b721d925da006f39ba1871955f031865f0671ceacc1682158090e92e,0,1,Pictomania.xml
+73228b03209d957e30c9949ed6f98aea5cb7625806c66b5b57d43d5cefe23273,1,1,Pimg.net.xml
+ab2c00ab831d35a95f6146fbb79857b64e431b16a55141848a9c8328c89cc30b,1,1,Pinescharter.net.xml
+351933a4ca393d784a3e0255666cdba8645c9e2d8f56ea3231467b53937a7460,0,1,Ping-Fast.com.xml
+590ab5ee7e510ba33049d5acfa6f332bd51388f0426e3959aace2e6ca7624e5a,1,1,Pingless.xml
+3c5a6453f20a2462fedce8629a68e47c615c8717e7f5934f3271d71bbf3980ee,1,1,Pinme.ru.xml
+662023093afa853230351a22ad3a03d92674583751f67b1c77db57439da389b0,0,1,Pipping.org.xml
+3b0b0f3ce5116f05fed6dc7b33bcff46821f1d46cc867891fc8df9895f83a2df,1,0,Piriform.xml
+44323e2b5b6caf12d77c2d59ec395f05871254633110d9445cfde16de26083d3,1,0,PixelX.de.xml
+0b633c07416948983bdcc4654fc98e5dc569e47c5f8faabf6a37f46efad6c582,1,0,Pixnet.net.xml
+c5c0d23e54473a42d466785be61c4ad691e44f62e710a2a6c9248a694b6cb084,0,1,Planet3dnow.de.xml
+3ea9dd12e12f7ee6c175c6196aefaf9dc366b0b46db96bbc6874afc901c1d2d5,0,1,Plantronics.xml
+89b0a11dabbebe35d43aaae8dc9610c937b3f47dfd4fb47d82777d740bcd65a2,0,1,Plati.ru.xml
+1094a99b5e8a0abb9fb46b17654826e1a8387207caa3278f89949c8b6d0f2ead,1,1,Platinum_Skin_Care.com.xml
+f17442d3412d38817ddf3cdd8ec7f104b45f54d6175505b0a315d5d655d05be6,1,1,Player.FM.xml
+f8eb1c5b920d861d39f2f49cc5b1b5b781034d05a5c5970492e2ca678feefb37,0,1,Playlists.net.xml
+8e4f71f2c21971751b4669d02db149088429c727002101104ba57365f5804531,0,1,PlentyOfFish.xml
+32e4746d265b44c1f5940e78b1102d817e382b19508a7c49699943f6f121a108,1,0,Pogo.xml
+43155ad40eeded32a53d8aa78bdd55503fa6bcb3088a29d92492d07b0ddcdbd4,1,0,Point.im.xml
+82900ee0fbe5e8da617b95011724372fdc7d1a9e68376b6e0b46d6128fc0419c,1,1,Pokemon.com.xml
+b18aaa63b24e4333450a6523704e29e485506972e8fc4be497e890e79ecef4bf,1,0,PoliceUK.xml
+e03dfabf9213efffd81e97ac515e6455cbbe46cff31ded39b41ea0fd787bd7a5,1,0,Police_Mutual.xml
+ed360bd7adf7254dcf2698e30ca35858cbf4cb1e37d305ed814aa2b0781de9c7,0,1,Polisforbundet.se.xml
+a0d5f094a2dfb958545b6baa8ac1a7d52733b10790028f9cfac80ca7766ce209,0,1,Political_Wire.com.xml
+fd7bac449610576bf5a1d87e2277ca130fc15ad1f557c6eb5679ca615b5ccc30,1,1,Polldaddy.xml
+62ba89768f63d01a33108d6612b1439a9dc7e1ebace2ce5c57ec7d72d5f7d562,1,1,PopSugar-assets.com.xml
+b9aeb8140b8c5ae9e60adc1f3189a4fcb72bb245869ab5b17b13eb2f42343f4c,1,1,PopSugar.com.xml
+37875c27e806135f0ac32c517079c7bb99f00e22dc3c2ad828ef0e8455b5d04a,0,1,Popular_Mechanics.com-problematic.xml
+2dff8eae8eb79b0ee7d7d9d03b678d18ab0e80c4f8c642f076169ba45ebde7d8,1,0,Popular_Photography.xml
+9d9f29b0e53a626445a096648cce8a40e721bfaf0c3e45b3066f19e78ae9fdf1,0,1,PortMorgan.com.xml
+4acb2c18ff46d235876ac28da274a69fdbf34c411da8503f46594d59b3f88d6d,0,1,Porteus-Kiosk.org.xml
+6b0d7ddf3bdd5ad91f34402c6d3f7f7d0386490d94b03dd8f129412f4e514d20,0,1,Portner_Press.com.au.xml
+4e5dbe5aef10968d09652fdebf8630baf5f78e41edbdf230238a6a0166985d6e,1,1,Post_Office.xml
+dc3f1b194ab37a2e2ac738b5fbcad32e24454912aafae49f7ac1510b8a2e8db7,1,1,Postlapsaria.xml
+2d4efa164c7dd27c982d9c131018cdbe5d7ffa3fc51b4d819e379a721ac329ff,1,1,Potager.org.xml
+d82fa518dafd334d1106c883a691314a2e188b467209396c7dc32e12db7ace88,1,0,PowerShell_Gallery.com.xml
+e699af2a0de904179a543e2cef6b7f805e123404341dbe5e8d78dac3708fc644,0,1,Powerbuy.co.th.xml
+b689ab0bf3c4612108106e20d8ee8afc95b2459b255b5bafbd243e152e9c0622,1,1,Powerhouse_Museum.com.xml
+b0d4020ae98c0a8792a14d61af286d8da58bdf81adbd1d1e19afc749ef600bc7,0,1,Prad.de.xml
+810fe9624db6579cb589bc5bf86447dc0bba88983b89c993152fd78554898224,0,1,Pressflex-mismatches.xml
+306c91a332845a079f5f867072dee43054fac522e9b377fa3a28dedc5505a88b,1,0,PriceRunner.xml
+302da6e9ef8981e7c9fc640d28274768775d2dcf4e6db959d02538d6b7d061ef,1,1,Priceonomics.com.xml
+a1023dd10e11b82db899a2b1cadad54c2f6ac3e51a4e056c58afc1efb67047d7,1,0,Printfection.com.xml
+44b5f33ecdb9f0c492366882955ceb80db6fab8976dcb2946ab853e344c73062,1,0,Prisma-IT.com.xml
+4aa8187315321bcfae808afacb259caea5d5023b7c2a8203a63daa89fcd25955,1,0,Pritunl.com.xml
+e0519f9b99fd87886edb3fc154d3fc1bb145333aa536966d417433030cd82eda,0,1,Privacy_Not_Prism.org.xml
+9335d8279c8e6c864c1c38fc7e140fa58be572a28ca0841aa83971d4c3a67260,0,1,Privacyscore.com.xml
+311f5788fc38e8633b10d3864ec787d33d6c7bf84e9a9917c01a78cb48ddcfc5,1,1,Pro_Bike_Kit.xml
+7bf89b1d0564666fba76d66df0b0fc2237dc1b92a27c52ace0c1cdd705bd4675,1,0,Prolexic.xml
+ed81e7fc8de7196452e9e9c0821196ba5de17d7274df4054ff5bd95800fe2523,0,1,Prolific.com.tw.xml
+e3ca25a923e2ba846cd50819fc928c44bab543f1f8380b3789c8552933068304,0,1,Prometheus_Global-problematic.xml
+6f67d36a686a32ecee265b2914c9e3145ec7b641e8a2640511a5c2488b510c2d,1,0,Proofpoint.xml
+632de51c809f29f705d7997d3f2b7674ea97aea38bb0678b1de48f0c6cc58bb8,1,1,PropertyInvesting.com.xml
+3a42b5c2052afced4f34ad117e2782af9088b53ebff090ea60bf3aac79562e74,0,1,Protonirockerxow.onion.xml
+cc1db5c4a0f3adeb96bd761fdc1491a0d213d37336cc4fa3301ba9c3ea69ba66,0,1,Proven_Credible.xml
+00e348922788c6e644d51801e5887325fc38759395bdbfe9f9782d6bdb737400,0,1,PrudentBear.xml
+2cb55093e265bb1a2c345613e293ba44500cc31603bd713c6dbe301fde49654b,0,1,Pss.sk.xml
+1c59135a4c622ee99ac387ff84d671258f9556c7ba525b89db979466180d1a46,1,1,PubNub.xml
+83055ef9b302a95dab4a512ce4db64ff78e36c9eceb2902a9fdd1ccf209295a5,0,1,Public-Knowledge.xml
+d9044daa3fa3513400d2990aedc735eceeb815c896b70a96f95d4d79b1c846fd,1,1,Pumo.com.tw.xml
+b2e2a5f8ed45c939a47777f82b4f45f9e6f29434abcd942895047a2926718560,1,1,Purdue_University.xml
+3559850f77b0bc7b063de923ddadd129a1c31e704e27f3318f4dcbb7eeb2d623,1,0,PutLocker.xml
+0c9b2d18c06cc6a3cdf9e3eda7c17efd3932f0a8a10e733cb1e3639b5b367dfc,1,1,QIP.xml
+610d9ca4c64e1044ed49151a455e132dedc6cb288f14f86223b4bfc84d58a368,1,0,Quattroplay.com.xml
+11670da974bdbd3ad8f36d0905cdb3b0a259181f1c2a7082c85c2ba432a1b21b,1,1,Queens_University_Belfast.xml
+9eb9fccf0ae3ad48a892df0a03e6970a5b311b263111bee6f629887307300add,1,0,Queer.de.xml
+3a871414f31ff7c5d2a08897c0f6209ebbfbd6e8e0887f825932d45dc6d26399,1,0,QuizAction.de.xml
+eebcbcbff68650421932b86e64a78ddf9bf0d55c33df14d1b2bda4b5923b3f16,1,0,RAND.xml
+f8be2a2667f90decacf4019ad460037617c4a39be2c437395df2448987ca49c9,0,1,RCA.org.xml
+07e6cd400a7d03ad2aed4557bbde4ef9e1f96248ad05aca16f22375ec65b6a8c,1,0,RE.is.xml
+b91a1ce21dbc933f96a58068120bdda50bd0a150db11f1d8be42f6ea85ec0812,1,1,RF_Parts.com.xml
+bdb3b3e81945ab7499b5313e73595f148c91413e7b947bd3fe699d03a0391c13,1,0,RHUL.ac.uk.xml
+21643040fe18563efb75dae1348aab27c6d7bcafd9d86669b454959072350177,1,1,RH_Cloud.com.xml
+f18741e03f4946bc8a2cc98ae60a581ede581ef9e454c6f0c24d09316b6d853d,1,0,RIKEN.jp.xml
+bf59bcd24750fce1e1b920a8626d7ff5fb298dcb0a958e7397f9068f35214f6b,0,1,RISCOS.com.xml
+e320c9532ea87d88cc1f29dfd2ded7ef50f88897f6fe1c5cb53144af11b7469b,1,0,RNW.nl.xml
+38e182d9a20d3e1d7e7f4e8229a209b0d4c73c76a11d8dc8afc53ce2584a73d5,1,1,RSM_secure.com.xml
+fc8f9a4458d71bfc071d9d7a289693bf39a34d4c48c513b40f8baf719b417370,1,0,RSVP.xml
+3b265196f1568487f91bc203fcea005f88de381527e88a4fcc0d73e927c16d33,0,1,RTK.xml
+43e2885073158c994a17bf0144cf97de1ac45a5f2a412f2d402475d7ae1e84f8,0,1,RU-Golos.xml
+a528fade4ec3280b09242df1f18bf8cf465255be7640d16222810d16da8ca8ff,1,1,RackCDN.com.xml
+b6b80b8e6effda900873a33d7f0c6865be96761af04446b036a54a44ca6376dc,1,1,Rackspace.com-falsemixed.xml
+d33a01659d482e190a861accaf706b98c369e189547a8ad101db63a85fe18e68,1,0,Rackspace_Cloud.com.xml
+53fa3192655dd12fe95df6e4054378b1aa4cee016141ea5b55ff62a0516a3af1,1,1,Radioleaks.xml
+be7e41eeb775ed3a092eb6caa67dece5052bae12be23f72922421af695d2892c,0,1,RailsConf.com.xml
+a8eac7a3ad4bed42d518579dfeddc1ea079e0bf08897a8b890ded2c4911f01c4,1,1,Rantoul_Press.xml
+46fd3ecefccc0ee271b35fdea5f695b5a7a8b821ab9bdbea090ab07e49f49e9a,0,1,RapidBuyr-problematic.xml
+825ab0b71141f945032d9eb9f2d107635184db4b244ab605bda6338a7c83f711,1,0,RapidBuyr.xml
+c141b46bc6e8bb32c9eb0beb311cff1ff66e003fef23f11d8ae1e23e1a308cb8,1,1,RatfishOil.com.xml
+922398c3843dea87e31afabf326f9cd2447344f6aed0f93514f2c98dbe69c9c8,0,1,Rawnet.com.xml
+96d6931dc7ddc1dfae37303fdb58cd0f855ba02abf08cb981aa1e0823513e9f3,0,1,Rayner-Software.xml
+e2125c4ff7f8379155ae1cbe641d8d42fc62ede1add7edc1abf0d519b28b231d,1,1,Razoo.xml
+f4f7f990d573489563d003524c724fac1479711483a0fd0b2a0e62614886a5c1,1,0,Razor_Servers.xml
+79757f97f7b60f450d8440be0d4280a576539dfc57f392ed11818a03876d208d,0,1,ReachLocal.com.xml
+0c7a2b9d81e562263408261a8d2c2132482cce04765bb9bb2dcf2db80bf37d77,1,0,ReactOS.org.xml
+41653b528d317761c5c16423c2e4d33ea37646cec0801764b40f21cd8d7e7d0c,1,1,ReadRobReid.com.xml
+08f10251ac36c100bf8ae7da9eabd18f65b25466f132d6e60138fe800bc19934,1,0,ReadTheDocs.xml
+65002fb8676849739c54b0dd684aae2e36792c16ab5144b1cde089a6561d2f52,0,1,Realtech_VR.xml
+d02d0ef8d9228fb73ed248df5c49f8e5f4ef408e4cd0442057337d7cc00c8537,1,1,Realtime.co.xml
+175a2519105c6a213529364cc7d07291395b1990d6972eda7a6114333639b0f2,1,1,Rec-log.xml
+3d81ab3a1e068cc3e433fb67054d899bfb0de1806dd6a4a04c6960c400ee2403,0,1,Reco.se.xml
+be04e4a5c75ce1b4a49738d3a5e13dd52e2b054f0049b56ae3dc5a96cf3e0bf3,1,1,Record-Store-Day.xml
+f53f48cc8819321f46aed9c297b688b9993d6a9de165e8763d0f37c8ebb26381,1,1,Red-Pill.eu.xml
+3eb21961867734b2a94ad5cf657258520891193e0d3067bb0fb624a4b1a68a18,1,1,RedIRIS.es.xml
+744461d0f9721427cfde87ec8eb72bb0b4af4c61eb03ccc359db7e80eef80e04,1,1,RedState.xml
+b436dee831b87aa69cb3b905bcf593cd7e47ed08820189f8974d4a3e00d98bcf,0,1,Red_Bean_Software.xml
+560d674192e89441ca7d23ecb5fb627f67f2e0ea32ca9a9b78f3b4af11f438c6,0,1,Red_Bull_Media_House.xml
+054b8501acbe0bc72dcc54d95df75e1d0175ade0c306d347daf0e54aa3fbcf15,1,0,Red_Bull_Mobile-falsemixed.xml
+def99e9c52843ab97071e7c51143321c1bc97dc6b2395b2619b4f9ff7d197f2e,1,1,Red_Cross.org.xml
+39eff1aef0a36525f9f373d24e20fa4850fff65d2acb945dae316680b84ed334,0,1,Redbox.xml
+460e113cb4ca654705691e100424c875fecb6c0499791cffccc734ac7f42c46d,0,1,Reebok.ca.xml
+49f413717d683b1902cdc262e5a77d4ac119e9b2c2bd4f19b0139c0298fe0c40,1,1,Reed-Exhibitions.xml
+1bc93887c36392e422e57cf7b8352bd344b1d034cbd78d09da67704520b5ee37,0,1,Reed_Business_Information.xml
+705ec8dbee1342fe705abee9ac8c3156529fc043e439e3ba01087b9c70ca0a9f,1,0,Reef_Builders.xml
+a384778aecfb187e57b08dd0a236b215c892c6ad4ea8053d1aab6307d65b58c9,1,1,ReelSEO.com.xml
+8817ad2ea935c94410c88e741c82b765efd59ae2b929e5adb3e3989fd4ee4351,1,1,ReelVidz.com.xml
+2e8b726961855461d27af664aa198af4386e9a61ea1b25ea9e3f97f1618645c2,0,1,RefinedLabs.xml
+0dca7f8db4e1a34403795e066f569135f7b6a690847e640627fbd4cb613d71c4,0,1,Reflex.cz.xml
+c1eea1a6dd94fbda613525ebeedaafcadf64b579f0a07e74f5585c47fee1041e,1,1,Reformal.xml
+ba5433cc440b527b0ac40a27ca63efa96122103a9bb85d2f90b1bb28c582de62,1,1,Rega.xml
+c1c45efb4372b9f3c19a93e582c93d068d6f86411177f976b1b30fb69f749305,0,1,Reimanpub.com.xml
+c2f8c90c2a61453cf72e9375c5892e7fae5092010e2cf0db37791e2a2b1fd1ac,1,0,Relcom.host.xml
+bedd10752a7feaf458f36cc9139a80e547ffc5cb86cacb4b45f3380b3ea28bc7,1,1,Religion_News.com.xml
+f5fa27df851da300199657c4ddd684050bb637a6a097e6514103fdca757165fc,1,0,Reno_Gazette-Journal.xml
+c71b26997cc7f392de406f1f5ed5f472755a3a42cdc30ab7680c3e7d81967d9c,1,0,Rent_the_Runway.xml
+bc848cf6d199b17cd1490d8ebb34d3cd247a9f7d400583b8e4fdbf3499def618,1,1,ReportLab.xml
+5cb0ade0d5d1dc7e4dd1ccc665dfb4c266ada546964c320112cfa58311fadcde,0,1,Repozitar.cz.xml
+e53aeaa878e3dfdc1fbf1b50f6d16c8951aa396e8023bfa9d521dc9bdb45b3de,1,1,Represent.Us.xml
+88e398ec4597fcd0126db82a9cb9efad999c17cda7de00490943b9ff12551771,1,1,Reputation.com.xml
+97c227a9339f8d2100116d0f78f3795404ff88c9b2af12ba755db9919347253e,0,1,Research-Blogging.xml
+6c3d96b7e739b4b9a319e64168eb7600a742f34a313821c44808c1ac1707f414,1,0,ResellerRatings.xml
+99c54146351ebc37702c69036a7969daf602f88a46a6659feed01e378049e8ee,1,1,Reservation_Counter.xml
+1fa6eb86f60348d8030e0e38d7dda49565e349900dab0bf903d26c35807773c0,1,0,Responsys.xml
+a67a18b5bfaa7dba51643416054612adaee639d425a8edf44b58eda19a4427f9,0,1,Retailhosting.fi.xml
+00acf51b8e95fb8568e1bd246a9339f38f1f950d5b043f1fa28e14ed065ae5a6,1,1,Rfecom.com.xml
+6da80a723a1d1077b1e7a27e1b7cf81d6dc7bd9da2161e9d63fe0c896ae0acb4,1,0,Rfihub.com.xml
+9aa7137976390aa76a522394805ce510e4202c6bb51f3bc80a7c8d84114ecded,1,1,Rhizome.xml
+ec0851667677ff8540dd4ea8454573e8d97df70843756980d2f1d6db93586f8b,0,1,RingtoneMatcher.com.xml
+d27f1b348e71e8e016f36a21025afb61c044ff05ca5b138551ed5218fd33d474,1,0,River_Island.xml
+6b1cbf8f7c764869e3bb58c50ca22966d48a7b7b8f653ced6110336bedce2541,1,1,Rock_Creek_Outfitters.xml
+a3f1aab489ec09b4b991b1a42dfd46871d9372f1a529bef1103a6c8717d1673a,0,1,RockstarGames.xml
+633a5865ee1e5db740e5ead4afef23585998006ac347bdb7a901cdf29a1e4db7,0,1,Roeck-us.net.xml
+5bcfb04034d3fd0eb17aaff546732ddda271ff01aa972f065d149b4db23e78f9,1,0,Roku.com.xml
+47d01b691df5218a1da827d4d17fa384cb3d577b1d8e577d9dae0f3a6ab21e34,1,0,Rolling_Stone.com.xml
+4783a0472b26a08c80e17722e5cafd5c18e160518f72d97c3354cd39fd2d5bcc,0,1,RootBSD.net.xml
+ccbabba764819bd13ef73fc6ffdffdbce63afa730066863a098b3c355bdbf548,1,0,Rother.gov.uk.xml
+22f670057d19b9f795990786abfd398fa7d9731920a97620deb989914fb6e642,1,0,Royal_Mail.xml
+56f318ca6b8f5c51699fba8b627ba828470db3e6b712d3b0aa9d4d1cd284b31d,1,1,Rsync.net.xml
+1f87be8d9de10ec8ee2b9e7fcd42f90979adce40fe8997a80f34313423cf3989,1,1,Rsys.net.xml
+e43729a767c12b46a514cfe5daa294e236ea9768010d72d82e254c32e601f590,0,1,Rue_La_La.com.xml
+a144e99c2ef329b7cf98af652bde5bd6153cb84602d3cce46f95d3a4685cb901,1,0,RugStudio.xml
+148588675e66210914e28a86d10c5f27b71a78517d06a70c423cbdab87bcd083,1,1,Rutgers_University.xml
+018fd6c1ea9077a236d9bb1f7fc10af3b335b662de27731d5d2432ce47859d3b,0,1,S-pankki.xml
+8ea654177b45b0907f63613a7f7a7ff5beea606fb948cbf52b0c513195bb051e,0,1,SAIC.com.xml
+26c41f1beb070887277febb9c002eec5f1824184016b8096316aa592b2d2cae2,0,1,SC.edu.xml
+fd71c353d28fceb8b115719e83bc37fc7f717fa194e03d48d2cabacc00fdcd29,1,1,SDSU.edu.xml
+afb0053160baf8df65cddef2e6252d980f0ae631ddee646810b0c57fcd384402,1,0,SEScoops.xml
+90e39924d85b911e9ab7c92ec676692a6f3cc4253ed1c5cd48ac62b788bd4d08,0,1,SF.se.xml
+e441e43ceff7d30a52ccc2002be68156248c0b3228cb3cf1f3f241567ff8def2,1,0,SFM-Group.xml
+b1ddc8eafc9185d502e8c25fa3239d0ece0bf86bf9dcf471af0dd11ffb792f4a,1,1,SGNO.org.xml
+17d8e1cd7f7e79152b5482c90e28f14bb732d4e3b6e09240171fb7fa0c47c5cd,0,1,SH.se.xml
+0ebfb123ecc0a797ffba53b2ed5e7a7a9def6cefd840ab6e9cadf49d77199d6c,1,1,SHld.net.xml
+ec5ec3032ad870e33ed2aee54e56fc4ddf43e6c2d0842f5b29530fd378212056,0,1,SI.se.xml
+acafdedb2df04d3278f3058d9be43aec8127024a12e89b7cc1d03f54b0b19f95,0,1,SICS.se.xml
+5d608db523d07b5fe5b23fccd9bc91b8c630f5c15ab83910c4a440441068e3fb,1,1,SIL-International.xml
+6846a45bb80c31778df50470a813f4360f4259103d29c032c0fad0dc86ca2e73,0,1,SIL_International-problematic.xml
+5e7ac697dcd343072fbf1e626ae8493b93fb809bc95e882eec2fd50ba4da66ce,1,0,SNCB.xml
+de4e0aad788b737f30398cc734dc7e93a178dffe24c0b73abe4fedd6a42e2015,1,0,SPEC.org.xml
+0541366178a7279745ea561f059b404fe3e0938cf75afa1c0d3c21f89a17a141,1,1,SYW_CDN.net.xml
+d801e51a50153a2119eedcdced489f520458e20b870d160379489582320da934,0,1,Sac.se.xml
+eb4b298e2328c9d3af283306b797b4e07e194584efce78f97c84b249f9339c8f,0,1,Sacred_Crystal_Singing_Bowls.net.xml
+8ca380dd32c44814c1f0d696c3efebf9657bbc01b5a1ee9b5e616c389eb239f4,1,0,Saga-Group.xml
+31910514d896bb6b9c90d691ce06da20594ba849e325fca5513329fe9ab57088,1,0,Sage.xml
+a67b67cba419c9c60f5af4693ade3ab0f4dcb71c0447e14eeccf5d9f8ccce305,1,1,Salesforce.com.xml
+70625d04b2bfb69c56b1dc93d19eed236e18e861c8d0134b164f8a348ade9116,1,1,Salesforce_Live_Agent.com.xml
+223be5286839874afef4638f6b87c51f4cb2d2ecc551bf4e994ba0a022b78fd1,1,1,Salsa-Labs.xml
+4fe8a655c2e05111677d094899b626987d18679aad18ffd1e17ea5447c3818fe,1,1,Sam_Harris.org.xml
+a7cdcfef95e0c16a840a8c72942fcf23944eab6aa4db5f3c02fc89679bdbd241,0,1,San_Francisco_Marathon.xml
+4888cb498299850bc240910cc61c5848296567d65037d0c150565779950679f9,0,1,Sanalika.xml
+045eda1307862552713004aa03d4b9681499d9af2bc7abcadda4a00237734eda,0,1,Santa_Clara_University-problematic.xml
+d6d63b4167f0c17262f7eae3dd84693b68a3caa00feb09bdcd547af74bce75da,1,1,Santa_Clara_University.xml
+e528e24518c3a4fdd013118b9388faf754c8ff65ddb0ff972871d046065998b2,1,1,Sapato.xml
+10dddb4466cc962eaca360f047e7c9b153d4ceaec7caa21507f9327a4d6e94c2,1,1,Sape.xml
+252603fc0bee7ddd0001cd5227b894007ecb583163499a47e384084251fd3e91,0,1,Saurik.xml
+e54714d568b3dc29507fb27dd4934a5192b8c1e397cb97009435a049cb103fc7,1,1,Scanadu.com.xml
+3921f7457145f30994e3e5edb393abe93434cb4cc158b6b77ac30ecc9692bbe9,1,0,Scania.xml
+38fcd3c77ef8529bfa24f39ca1a3031094574f86ec150997c16494f79bec85b2,0,1,Sceper.xml
+d4b3e1cd81bbf83fb126391a949fc64451f079d3c6c71683fac08b3972b86311,0,1,Schneider-Kreuznach-mismatches.xml
+eec14fa49b2eb3ca3cba02c29f921c816f1c59ec37ad0fcf64a2a03c1a79c219,0,1,SchoolLoop.xml
+b820ef0ca9ed892e54ecba43ca9744e3eaa8828238b13d527438029e749de50a,0,1,Schulte.org.xml
+25933077b070dbd4c7fda6d88421b3982c3457ea5b5f008aba6043900f07ca1b,0,1,Schwab_Plan.com.xml
+a7eb0ac9d79d8b16e404ad3a6206a9f19f51294e69b08cccbf4094148ededc22,1,0,Scoop.it.xml
+648bca2cf9de8921e93ab3cdc73e3b84fbd962af85e0c9f0547cf790dc625759,0,1,Scottlinux.com.xml
+78be6deb276806cd5ebb6953953297c789a83e254fef202137f493dc8bb93ae1,0,1,Screen-It.xml
+c95e7e25412c5fbcb4809458f4513a0b6e22552e282fd557a0aea34166e86e25,0,1,Screen_International.xml
+bd4374a901260cd4a63f44d11b6f1048ad380d5925d92b90a7eaaa83337a22dd,1,1,Scribit.xml
+83a8bbc82794caf87711ab36df2c8d9c6dd6bf8a90d4b627370eefc53fcb0882,1,1,ScriptSource.xml
+3ac88c2b6ef1fbebdc4efec463de28b51d4b0891dae3f3337d2142de265d8687,1,1,Scubbly.xml
+17a481d6a4f50aa56d025131da16786066d328c7f11ab915f6d57b39dd4bda23,1,0,Sculpteo.com.xml
+32e7fe0659f10a07ddd9e79c4451377d2794f8c90d679e5e12771ce7f39a24f1,0,1,Sdlcdn.com.xml
+b47e3b0004ed2b922443aa48b3dca1012843ed67610e4f15f881dc0b5d8494a3,1,0,SeaShepherd.org.xml
+47ab71ea32a7522b3aa11275a3fb25467963e52f52cbbd28fbc1e4290c9edbea,0,1,Sealed_Abstract.com.xml
+6835368660d2c2932d163024a8da85984bcaf646184f5eacd658c0fb52a62c5c,1,1,Seattle_Technical_Books.com.xml
+0e8e772f5af7e798a343bc7ffc07367d78688f53fc2b361b9b6f574c3f9bf55f,0,1,Secret-Maryo-Chronicles.xml
+a60519a17ed9b6f9752ad6bbc6a463d50f6640643958d6e615478c9a4a57fa77,1,0,Secunet.xml
+cc8342bcc4c3c676b7bd0cc012b441d3d9c4a7fabfab9b25a8d8146963b4a738,1,1,Secunia.xml
+33814228cd58cf773562cb2b4cca1385b282847778045dec33b0469b1f1ef33b,1,0,Secure-donor.com.xml
+fb80a2a8a1de294899f5a0615851aa20d733698590215f4fa5306b9786ecebe9,1,1,Secure-payment-processing.com.xml
+ef4aa3c48224f9ebd3f7d1957eafe93f20690e4111e7f2bc802943da7b762ee6,1,1,Secure-secure.co.uk.xml
+695d69a740be24d4ed56b02926d38131360b363e580859219aa87843dacf5b1a,1,1,Secure-zone.net.xml
+f7fcc791da39508c7c2f62ccd71aac9c7e345b35bb825469e3bf31fc51fb1fcb,0,1,Secure_in_the_Circle.xml
+2118b0c04b2f228827d360c8c22c50033954206dca3837833c615bf47d8bcdc2,1,0,Securepicssl.com.xml
+6b20be37aeafe97b9c0449d7815f06e73d80c685be3fad2d6d6a97ef625f3727,1,0,Secusmart.xml
+28bdc6b9c0d2041fc5fca0b87c6c88e524efc63ecf62bb07c9433ee7fca42194,1,1,See-Group.xml
+99b22782fcf7be5163da772801b440ea850cc78d175816238aaafa0b018b7c40,1,1,Seguros_Universales.xml
+1b9f7a18950ecc433514f5008b5331d4f139ce0db817e521c01640ec80e8f997,0,1,SendPepper.com.xml
+58cef17a92f366b7e1cde56909c647d27ff2ee35518214d71701a8d109673e17,0,1,Seonet-Multimedia.xml
+853dd75e3e890244ab5c4b515f84235930a5547df1efdda71304300a261a4b31,1,1,Server314.com.xml
+51c74b507fc022bac4558cf0303b02576e0834d66f42bb99c3b93c343ce146d5,1,1,Sferra.xml
+1813cb1da6645470c2e8d31aa8674d7d870457c6d266e17c779adc3beb496215,0,1,ShareThis.xml
+5ef4aa2f5d4f1d0045ff46b16bf66cb827ce05554693a23e46548a584871f44b,1,0,SharpSpring.xml
+52619008e0a398517bd3ed4b130df71beda4b92d61fc2261ebbcb4a4d9489a83,1,0,Shaw.ca.xml
+0d2c3ddd439373407efc3cbc24b6fd7ec6da6563499498590e742b02d87a3fbf,1,1,SheVibe.com.xml
+5a68196b57ecab58d93ad0d0a4e3b7de40fbe516b74708037237d2ad1583fd1a,1,0,Sheet-Music-Plus.xml
+de01005b2439ff85c10a569a5bc9f09b86631fd60af698b3929ffc1a57ce78ab,1,1,Shipto.com.xml
+529faf77dc8341243f94c02e7dcf5dc80f0e558ce630008f7b8a263c8930d80f,1,0,Shmoop.com.xml
+c971c8081e7157bb581cc54157b6169d600b84b01e2e64e7cea95cced39fcdc6,1,0,ShopCo.com.xml
+d651e9791352d0487ad06bac798a6665a3148331d2404a6dc37366e44e92af87,1,1,ShopMania.xml
+278c389123acf69565e494a9910ec501d4c6f9ec22efce8aae9b8b5972359de3,1,1,Shop_Your_Way.com.xml
+faf5c3a2ef00844a11a4fcae50f0b1c010bef569cd59f6458c17223b0306297f,1,1,Shopinfo.net.xml
+cb82ed89532cfe1510504e3f9c48624106a9d0047b71e3470960047b541e577f,1,0,Shoptiques.com.xml
+b76a5cfaaf82a320c34fa385a3226b8a8a4a6a838b84e2ccb701f315b0f3368d,1,0,Shorty_Awards.com.xml
+3184281fdf234480385384607083c2d89814a072d666cb5a27c15c132e4dc56b,1,0,ShowMeCon.com.xml
+e288931dca09be06dde50e2e7e88361e0b3f3a3fd70882d39142d93104d1dd4e,1,1,Shurgard.xml
+9c9167d6a433c5c4c16b5b968040168b122215635d360c94bc5ccce867d8638c,1,1,Shutterfly.xml
+893a6bf3dcbf71cf5e4f1ae4288f7303f13681b9812f5055a788e7acb879f173,1,1,Shutterstock.xml
+c2bdeaa9210ade411015be525d562ea16bedd70da5897af9d239278aa0ca8ae7,0,1,Sickbits.net.xml
+991b526f8347cc2655f4b38ab4579c1ceab9708768f98fb8bfcd68361001b7c1,0,1,Sieciovo.pl.xml
+9b5e1216c793e3384ca0e6d8dd68761986d3613af12b81d640922b982c1179d1,1,0,SigFig.xml
+c6231d1db4ffe805ac881cf622bc409747a3a6be51cf6effdc071baf5b6324aa,0,1,Silicon-Labs.xml
+d15d322b8717f52b79e0b14e43f7ab97ebc53a729183386817f29358a5a8f77d,0,1,Silverflint.xml
+7a69a21a35e8e9851f97fae04e3c2839a53d54cf7a74475af7ebca460b514cf1,0,1,Sim-technik.de.xml
+a49bac6e453d1a6b8658c5d09eb247a7201c2faf23ea278ff090f32c54f237ae,1,1,Sim_City.com.xml
+9c6b97f93cdda86aa2d39ebd6fe5db76c601aba1050ed094c4c8a940e753f3c7,0,1,Simmtester.com.xml
+9194c3e6f904add76fb734e02736c2301f3c218bb8cbdd30ae8a385aecc027bc,1,0,Simosnap.com.xml
+38efd0e81710a352219d2237161c5d0ed645f65fe77fc3cfea190557233de483,1,0,Simplekb.com.xml
+68aa39cfd4b062c20ea2e1bfba9fd71f4fffc47e1ae934649137626e113e2014,1,1,Simply-Stamps.xml
+12389eac2a2319caa3288d448b704e7306cd6aa0908efee8967c8f74e2088600,1,1,Singularity_Hub.xml
+b05ab2299cf4a3552b415ad2bc8898d5e257d28a0e9e38a13402447f5de540ac,0,1,Sinoptik.ua.xml
+d004407eb0d68f3471383f7ecb0506c506135731e203586cb1b04ab24ee9a51b,1,1,Sirportly.xml
+18fca85374104c3c57f5c8d3a82fe19eb00812b410016d9b5c73a8ee8c0e9063,1,1,Site5.xml
+239511aea016e2100b8b88f9afc63f52439c61aac67295ce2055c4945505a27e,1,1,Sitefinity.com.xml
+49cb9933bfe48be26b4838aabacb7026024ee2fa0ed28f3484ed76a96622ce99,1,1,Sitemason.xml
+e7d1ee6d42c793f1ffbf240274c7d7b096831967b41b575bce6593757c287b0c,1,1,Sitemeter.xml
+0a48115cb03ef57a2671772bb06ca76cce108021771e60f0a43e2fbb22a1dc3e,0,1,Skandia.se.xml
+d972951be8af16d4e250056f05a7f4a6e7f123ed0a06b56e879234a2be8a991a,0,1,Skatteministeriet.xml
+20765e85d2fd18909d94526931d694b90b3bc05c6fbc5f5aed8f60ba92192366,0,1,Skillclub.com.xml
+176505bc694962eb998f1de1ba452dbc98547266a6cfdd3e8d32c7e43bd08c55,1,1,Skreened.com.xml
+b6e69a65826e62e9a1cbaa20cd6ffb07fbadb650c80b03b1ef0ae768e2f628b7,0,1,Sky_News.Au.xml
+25157ef56d915eaaefa9f17ad1029535a8613503384273b5d65958dc73d126cb,1,1,Skydsl.eu.xml
+6fdaef17af1ea6490386e9a69d35056586c989cc0efb6ead360199c827556678,0,1,Slac.com.xml
+1613036e5a0687ff4af8fb97b3636dc47fe9cce73cc1e4fc8ac1de9d72c5e182,0,1,Sleviste.cz.xml
+f09f4e1fa797d89d9fded19d8860ca5657f9db89f488eb37b22aa65d09108f05,0,1,SlipFire.xml
+1ff601d9c6793cfd0173c3c5d3c070cf48ad8e661ea28e18658c35214f8a0bc5,1,1,Sloan_Consortium.xml
+8b5991e95bfde9024ae6045f915d2b5d081583abc5876d51c11efe8184570090,1,1,SlovenskaSporitelna.xml
+4be3f8e4caf2704e57b939bd74385ddda2f0fb979fb5af89634bdd72509beb4d,1,1,SmartRecruiters.com.xml
+410889ed15ac9076ccc7d2c95a80e3c71b12fb441d3c2909b41ca6ca149ca9d3,0,1,Smartling-problematic.xml
+b239281baeb1443860e1700cae78069bbe4ec5977f4368787125e5d5a4f0d7a4,1,0,Smartling.xml
+07737e4c4fe88850df4babad790e1d82ee39a0d3055511782be89bb54c85ebd7,0,1,Smith_Monitoring.com.xml
+0bcf0fbf67721c2842b061aa1fe6c94338394637e726ba0268acd5e7690b6a70,0,1,Smjg.xml
+a4b5b9da62123113eecf4398a533bd139de421a9f110e9c5b6d48ed5325bf140,1,0,Snagajob.xml
+f427d8fbc6b8bf77dc8605104bdf8e27ee06eede543ced548f23f22aae1441de,1,1,Snapdeal.com.xml
+b34278b513f81f664edd8653f1bb73fb84209a9625949fcf84364b1dfc0ae9f9,1,1,Snatchly.xml
+3b7f69aaa1c762b112ba9fd30146ba841bd92a50dc25a3849a17a3bb5c9ad048,0,1,Snow_Magazine.xml
+04a8295ed75474c2bac8649b4ed73955e07c6c228000c4539297c32473463223,0,1,SoCal_Linux_Expo.org.xml
+5bf36d6e7610b62e0d338fb24373da34fb83d0882ca9eb1aca333ed563a3c82a,0,1,SoccerWave_UK.com.xml
+8676533486e8956f0db8c6403eb63d4d11dbcdb1aab11b65facc883b596b3834,1,0,Socialbakers.xml
+1704dd273006545bd23e5c0a4a1f7f0cdd4b8ac4aae59268afd81190441f74a3,0,1,Society-of-Light-and-Lighting.xml
+dbfbc5e95c59ca8f5a6817ed26888960e39498fb14738f2ac049c176a530c2d3,0,1,SockShare.com-problematic.xml
+8ffc435a5ee2c8e3df71d5505314b49366e1bc038ffb3ceb5bdb626c0578853c,0,1,SoftLayer-mismatches.xml
+93fa0d5b997eda4d4f1016cbb8a14cc8134ee0f609ce4080dcc13307e7d412f1,1,1,Solid_Cactus.xml
+81582b8a8f659af0e041168acd9fda4d96c18f33acf41defb4bc714f80fd94e3,1,0,Sonatype.com.xml
+5f6ca1d9b19870ad93a58f44dc9ff37c84c4cd7cca95a9859b6af8b5d5ea96e9,0,1,SongColeta.com.xml
+bf0300e1945b14a33128707161ddd15d8744caac395131caebb69d6388005502,1,1,Sonos.com.xml
+f6596e850c1c453085e611473b2611a58f4146e6b34cc4264189a66a0e373e18,1,1,SotT.net.xml
+59cfd7776a8d4bce0bd6e2645e2c76d072a8ff62b965aa2999fea197c839f393,0,1,SoundViz.com.xml
+f141656339ca12f96352ed3819bbbbb35311d5bd2e0d452076254e352d9ff7b3,0,1,Sound_on_Sight.org.xml
+255e5f901544e078566776a84f40d488b808704d36fe4d045d1df074eb3340f9,1,0,Sounds-True.xml
+ed172433b5dd6d87853ced72c67bd31f58eb967d49cf152457fc80dc659c15de,1,1,SourceCoast.xml
+2f8e9d7d6aca7de5ec1b5688166de01b60e3ecafcd0bc3d73fe9dbc984df7dd1,0,1,SourceFed.xml
+49a79924cc9483c9d8b326a1493ea9604d7dd7101e58811cdde9465fd6a9ab7f,1,0,SourceForge.net.xml
+ee75312d7a227efc1996e38f741324c0223b6cd8228f18796f92a93808376065,0,1,Southwest-Research-Institute.xml
+749014fb456fade94fe8410d634d2c35faaa2ac81a812a1743cb742e7fd1ef41,1,1,Sozialdemokratische_Partei_Deutschlands.xml
+180cbbca38aafa09c9781486d20f8e8683c2dceeb2e0418217360acd01e3f7b8,1,1,Space2u.xml
+e962efd4e859976b3ad130f332a2da31aabdae922174ff4cff7dee7360a0484d,0,1,Space_Launch_Report.com.xml
+6b81a9de20423f8a2888e56ce73a7d92a425602713d857ce4e70d72a073ddd7a,1,1,Sparx_Trading.com.xml
+1e5fe1d6ac3f05b8ab1d7bac935cdec1e6aa7214cb1025010f29703a5b9bdb53,0,1,SpatialBuzz.com.xml
+28a4a3b9c096d4d94cf6e2b84461b16ad0da6411132504a02bbdbbc9289b2be4,1,1,Specialized_Products_Company.xml
+b6d12867f7d8012b03d30e3836cd3f71fccc19cdd0bceda42c3b8e3870481d0e,0,1,SpeedCrunch.org.xml
+916dc2183dbbf307a1e01713575b05b2831ece425195929b577b6221ff376ce9,0,1,Spin.de.xml
+4ba75720e6c03c8ab4f8bc95a8657e4b0d67fb91cdb319933829d95517329e60,0,1,SpiritAirlines.xml
+5aa4d692eb37aee5eaa407f998e26c6734bb23e3eda58e1621c549e5fa1a2251,1,1,Spoki.xml
+b440d89b9eed86cd745d0ff23333b7e12af88f7539a35833ee5b6ed2a77b0023,1,1,Sportifik.xml
+2a59ab0331fb5c8c9fcf6d5ea984db8ec59bbcfc92577aac1f79ecca8ccd9cbd,0,1,SpotXchange.com.xml
+ae6cb5584260120ff8f7595d678cef5dea152409c61ec7536200c68a285077c9,1,1,Spylog.com.xml
+1498e2530912c8e73b9cbf1c5284031b51f6e4fa7e37cbad0deb6d6eb290b3b9,1,0,Sqsp.com.xml
+b7c2aa4ee6285d36c77c5e564d09a69f25ec0e2f1c64a041b65a4059555490d0,0,1,SsbKyh.com.xml
+7ec67466391d0bc44bd5a233169801a3d8b68c34118ee890afefa17aa1aead19,1,1,Sslcert35.com.xml
+e7debf41fbb565a05a7830ae950f9bc8c3b24b1ba66090a894fa3db808e8177f,1,0,Ssldomain.com.xml
+554f6e5135b895544437fc3b23f9f06bf5e512318b24b8d13548b8282203e55d,0,1,Stadt-Zuerich.ch.xml
+8026ad04f83be259d2177775e0f798b96ab522511fe1fab28ab64a20387c5738,1,1,StarKist.xml
+1a88c6ce0c2b9a6fea7c476a92a7da09086ac913707d6b938ab618ec6b685f1c,1,0,Starbucks.com.xml
+384e89e4321c54fa7be3b75f19d06b7c029277463bf8cd2f8e0b3bac1cade42f,1,1,State_of_Alaska.xml
+de7a70a735ebdc462b94252b551593be99376fcb2b620ee900a245ed84e9e616,1,1,State_of_Oregon.xml
+cf6c0866d343514b97918cd62089f4191898d1c7c45d993b807f5d7ce291e172,1,1,Statesman_Journal.xml
+5c9829129baf195a9dbfac286a509c36e0e41bb8adafa18e9162034a65c19904,1,1,StaticWars.com.xml
+47c9f0e41ce3c056edcb0554a27d3a8a648782f976f6710cac42f10b6f7cfe8c,0,1,Steaknshake.com.xml
+8329d69c91eb46f21fb87da7033940a740293719013b549b2a04a465178b9c3c,1,1,Stevens.xml
+fcac83bfdb0b66dbe7ee339ad13cbb3784c2b1e9e6129bb33e9123ef6ec50686,1,0,Stirling.gov.uk.xml
+d808f99ff65f220d3830af04647f691f475ce411d11b80e49c43cef26d1d73db,1,1,Stockton_College.xml
+d64ce19ebfba74d32cafef6a02305b8aa5f95e7b4711d7dc988d46b5e2d217a4,1,1,StoreSecured.com.xml
+2f4835be761a19b7ecc69d772d7c194ac2ef0b064e0fcba4d2889f87334ce6b9,0,1,Storebrand.no.xml
+d5f7875b8bee79dfd4adac71fae7bf9d76c8fa8a64d22c110d2c1dbaf8ce4bcb,1,1,Storenvy.xml
+39c3c86ad9f644fd4fbeffc69a4098826e00813ce35787b1d55e4e02ff2ced30,1,1,Storywrite.xml
+3005bfd332932fb4fc56c276038ed76f182d90313ebcdd6ac02fe83589ade0d1,0,1,Stratum_0.xml
+899003a40e7472561a54bc1dd43e28edcea0121392eccad57d8db3f3d52a40d1,0,1,Stroeerdigitalmedia.xml
+b6d669821c47252e7ca26474737e7a99764a62314908a40b4303024e88e5a3d1,1,1,StrongLoop.com.xml
+b0ac2e6a5978ce833c84f82322e462375f44861de28f391b9fac57c75abf272f,0,1,StrongVPN.xml
+9ce00d1019a493c4f78331cd99076362c4233cc11920477c5e416697a6e7351d,0,1,StudiVZ.xml
+f46f2516e99adca54ddd6e9c756b3236597ebc0c14df0cded8b3aad507b93f76,0,1,SubDownloader.net.xml
+1a0921d175cad22ca99421e5d7b116251aeea7157be570e7beec3db83063f13e,0,1,SubPLY.com.xml
+d92a0a64fa96c98af6b520e133f9becfd9c7b105aca69c8a6b9559ff8b90406c,1,1,Subimage.xml
+55b2ac5b82c27a1407e454f90e7fec8950caeec6fd405bd62db2d8b3187a9e6e,1,1,SuccessFactors.xml
+4353ab81e240d88c9a212ec5ecc87fb3c36fe14968a5fa1bba7d26b117ccd9ab,0,1,Suddeutsche_Zeitung_Tickets.xml
+39ee1d4592c1dccceea5d80aa83500d03685d67985cca30f3c17069ef4b11b41,1,1,Sugester.xml
+7493cc3ffce2c67f7fa42f32e1e2408c84f9ebe3bfec0fd23e8c14b853e22d67,0,1,Sukimashita.xml
+34e524cb36278e49dd7e5a8d0a8deb009549cf988ec992a5a5afeb233d94f9c9,0,1,SunGuard-Higher-Education.xml
+ecca6c75485a2e76cabe9b3c426de37bf3550cf0605ad7a2763fc78292832c3d,1,1,Suntec.net.xml
+715dd9ee76e76e36924367d72de96365fb971aa9249de53407a7f80a91523da0,0,1,Super_Hexagon.com.xml
+24eb0ee48fa0e0e523fd9bd0b40ab944a581fc249f21c1ce876352fa21ac56de,0,1,Super_Lawyers.xml
+bbd4fb2f9b45366a2539533ccf4a4886c69022a7064c641de203f1a81b29d94a,0,1,Superstart.se.xml
+d9954e1099bf2f9157ffffeef5dad30cd7bb4f1295a8b47a49459e8f95a2992f,0,1,Supportion.org.xml
+7111b5e56fc1582bf7303824b586b80f95538d9954ed557d9a72dcfbe12a6ae5,1,0,Surfeasy.com.xml
+c364bfc1cc7f038bee4de11860562a5430e9f6e50f4304292877e5852682f36d,0,1,Surprisingly-Free.xml
+1a101eb73dc1657e33f8e9345675e37e389518d109592e299c8d9e6724cf08c9,0,1,SurveyMonkey.xml
+ba6e4c5379bf8c4de10621f7fe7b3df817d4658f9da9f162855fe903858416f4,0,1,Susy_Radio.com.xml
+0fd5d3870f9c3db62e5c4f6a72c986708fc02dd4f79ab555ba603706055e6f43,0,1,SverigesRadio.se.xml
+e503bd2eff7757f37cd05f11b904e0aa7f674a7897657278f0ee5fd2ff6db491,0,1,SweetsLyrics.com.xml
+3ff6f9659519c614788253eca3db799c20989ae2f87676105f096a6e5152d963,1,0,Swtor.com.xml
+b4a26c51885a323376d80c7fc81bd546a674b360d0d6a4f52c9bd1e775ea295b,0,1,Synacor.xml
+801c20d5ad81a56de838fa123adde660b159ae4af5e590107b911431ab7d366c,1,1,Synergy-FOSS.org.xml
+99e0a5b986eda1bcdc23434210e28403c55ed2605888c303241cd8ef83d912dc,1,0,Synopsys.xml
+9dc087e90745d0ea8953d26f82dbf9047cb610d088d94b9a25bd56e093d31a79,1,1,Systembolaget.se.xml
+1bcde0c8645fb6f4f858c9dae6da9a419f2a187914e0d5ea61cf6094bfca9a6b,0,1,TDRevolution.xml
+1de15a8e66a5c09e6729c20185fb9546d5a977f297659a1ac93f1115aa5f7f2e,1,0,TIBCO.com.xml
+77c7317f7b179d59b8c705df9b7962909ab665b313ef95c0b73763e909a80533,1,0,TPG-Capital.xml
+cbc81abedcaee320114fd5e4176a22df18d4f064aec016a1a5d63427f7b54138,0,1,TSMC.com.xml
+8c34838c49630b9434a0c38e5fb83e5f670a928d200746df255b9de2fbbf50f8,0,1,TUHH.de.xml
+08d6b767eb413eeb84fdf85ac2566e4571855734297213911cba0f44ac0bbb1e,1,0,TVNewsCheck.com.xml
+0b6df260724836c32c32d403eb7c8e3b21ebe80f68e4d1dc17c2ab806e9f226a,0,1,Taboolasyndication.com.xml
+07f333e0409ae4f5f9e2d09d26835d0a47da5bf52c535038344c40b71dbad8b0,0,1,Tahina.priv.at.xml
+3ce7dc41c4bc9b6d2e938d273bc5b661865520ab9d08a051ccf09efb1514c203,1,1,Tal.de.xml
+efab25b7fc246b2cde333d8f051380cd133eb4a7f0166145127a27ca555328c7,1,1,TalentSmart.com.xml
+988512d330564df476c731a89222b3e1b6dc5ad89c41132ea73ab78d27081f3c,1,0,Taleo.net.xml
+9a22153dffdb22ee7d1cdc7a9f9e4e292333b7b081d1707128f53aa397863177,0,1,Talk-Active-mismatches.xml
+0a01fbe6d6acec74d0ccd7aef778e02e8c7ac424d57e8e9d42d9729d56001f6a,0,1,Talkoclock.com.xml
+19f7c72edff92f8dcbb0b5c379aa1c9acff032256393f29b902d4e9c4ed08cc0,0,1,Tallinn-University-of-Technology.xml
+b14da75d358e6ae804086aa49d830c8fd9bcf3c257756297a5d1eb8199788a2c,1,1,Tampa_Bay.com.xml
+1640039109c8c2f9643d9d88c5de2572634fa496aa78cb664ef10ce34d04232f,1,1,Tampa_Bay_Sod.com.xml
+5b323dd6373330fb4fd7171ff18c09225a4ce52614e347489a3b08f58279d305,1,1,Tarasic.com.tw.xml
+0e6ce89f0541412c0ae5576d1962471a403777ef0a83778557ed87af872db0b6,0,1,Target.com.au.xml
+a8687053c02430a7161492d975a61c779c42f21172db6d16edca34d5a32fa4fe,1,1,Target.xml
+cfb76e4e7478c507dc48b61f51bdc71ed2176927fed165af863dfdba2d2dd270,0,1,Tau_Day.com.xml
+2239d41720f1c8fd08f8210ca202d9649e5fc4d4ff215f22be7a2be0108a082a,0,1,Tcodevelopment.com.xml
+d66c1d07ddf8eef1a809b0c40b83815ea832bd0e3b6a6fa99c0af49d71b32e47,1,1,Teachers_Assurance.xml
+686d302ec551ffe043988a5eda96e4bf5973b23ebdaf401c40d0ee46c476964e,0,1,TechOnline.com.xml
+872fa19600d84d669e883f58643d21eaa1aa79fffd73cc63f12eb1deca6de7c9,0,1,TechTarget-mismatches.xml
+c925b7818c3b2f8a2440e999deb5c1f156d488ef1d55d6e0564b77517b74af1c,1,1,TechVerse.xml
+0e34171c067993cc756f58f6073b767435fa61d1241b1fc40b4c531f8ff6bc41,0,1,Technical-University-of-Lisbon-Darkstar.xml
+041058b2cfa30630ce7863b511cac60ad6f12bffb7db7c064158d4463cf2bf40,1,1,Technische_Universitat_Berlin.xml
+fa340bfec44c43f86207ca9f60d2b470bd94c4b4b2eb8886e58fd20688f4eea8,0,1,TelVue.com.xml
+70b6adaf6c9bc160045df08164e8d160004bb31280d0e4b0397dc15581feea08,1,1,Tele-TASK.xml
+6d505dbdf780e9107561308221f5e592f1f457e9621b12ead11663533432d2c7,0,1,Tele2.se.xml
+5ddaeea1faff6f9fd577f7f16afc0186ca3620e153194008d51ab695ee84e55c,0,1,Telefonica-mismatches.xml
+cc4942ad4838d473ab3298a049bff85bdefabb58edd758b987111430c44d669e,0,1,Telegr.am.xml
+795a585b4772b8f4457901c8fcd0be1e27340d6e20d899b4eb7b4f8816688d59,1,0,Telegram.com.xml
+e1fc5bdc13beff7ff34e11b741f3a19c1c0d0d78e820291f2fda05897ac569c0,1,1,Telerik.com.xml
+7a1160cec6b54c012ab881841c30849660bbd7b05a827610c7fa4ef686698eb7,1,0,Telfort.nl.xml
+24d43ee30f2b4a41cff1884988065cf8896acb3272a41a97ec13b5c33e43ac34,1,0,Template_Monster.com.xml
+90d8cb4c77769dae735da60d72e3b84f57a93ab7aa48e7a01fe8c56c6edd7451,1,1,Tengient.xml
+8112be0dc26553e6fbf96b5fc8f649635c92a3c7fc30ebd158d447383797b596,0,1,Teracom-Consulting.xml
+068c6ab7bad10838f3256658455b0c882ee2d2cf27415bf6c64b2843c88011ce,0,1,Terveysportti.fi.xml
+1a0f294d147c61084bca26e4d51d13c0f5abe9ae3065b7940718a9a07c9e1b01,1,1,Tesco.com-falsemixed.xml
+80a2b0d54ed1eabf4ff9c4d5b2d7955a37a11eb7ea64736afefe5df15052f142,0,1,Tesco_Bank.com.xml
+0bdd9de6f132176da1797d3ef1d413079dd56859ceb2941d363e9b312ac79103,1,1,Texaco.com.xml
+0cab264afca5779881276b98ce5a5d0adb580cea04d2edc9a00023371a45eaec,0,1,Texas-Instruments.xml
+7852e498386c57ca064423bd91ac2c061cdc69b0d5220b4475cebc0220ee7052,1,1,Texas_A_and_M_University.xml
+501cf24c20b5944e72cdf9ca2922847f3b93a3690cc5a7e5e01be7bd0439f228,1,0,The-Art-Institutes.xml
+773a5b373f466ee72a5c552e6100c3a2a76dcd52853a8fc8aac33f9e03292629,1,1,The-Business-Journals.xml
+f1585d8c49cb634f499a564a2d05e17de79d20e60239838ef2908a0af3e96af4,0,1,The-Event-Diva.xml
+80d1ae41a278db7b4ff0ebc18f7767ff62bb0889bcd3b36f25d20e6adeb2bb24,1,1,The-Great-Courses.xml
+1d80b3f9223fc97c7ac1831cc522b5612049fd50584cc274563a3bdbeb1fd9a5,0,1,The-Lean-Startup.xml
+78316b9c51671aef4a4627a944b7214c571f32b32ccdc03f14972a435820553d,1,0,The-Next-Web.xml
+4c2b9a510b95f4dd85d039e37f92106befbc4313769107941058c4e0172e018a,0,1,The-Vault-Bar.xml
+9b57af0e82c0bb2e67e245c66dad276b711ac193b4e2de95c104d72b380bdd8c,0,1,TheBookPeople.xml
+fb9227ecb093d793a458ff52bfe79a76b3d8005f50dd173bbba33792b780aa16,1,1,TheHut.com.xml
+e3637d3a583d10b55e00af82ce877ace90d2723cb82aa3a9a17df8dc2c0582c5,0,1,ThePirateBay.xml
+398707f5013376b20a3ea329e82ee6e7a476ab7f07f00dc79456c805f0237858,1,0,TheResumator.com.xml
+eef2e6549dad53d5a1b299bac1fca6444fd7760c83753854193c64ecbb342d2f,0,1,The_Bureau_Investigates.com-falsemixed.xml
+9cfc917aed6ae985c5ba1ae46ae05f69bfe557915de4b3fd6464e635aedf118d,1,1,The_Bureau_Investigates.com.xml
+739e66b04c9a5af038011293d8007d404e72821820a1e79f3663a68b7cbffdb0,0,1,The_Center_for_Rights.org.xml
+ac7281798c66f642d911a05d2d0e2f01f254451e85a20f45a63816cc59ee9c97,1,1,The_Daily_Beast.xml
+11319e7025f205267ab92752cf95740a51b58cb9ae6b392d46fba9fc6cf448a8,1,1,The_Drom.com.xml
+6e6dc2a6166f6dcea7828592d5dd1e9c3ac319b0f83f20b90ee01e8cf921cf23,1,0,The_Gazette.xml
+cb6933673ccc5114fd706e250a9198c8581ebffd405f0fe839537110e03d43ff,1,1,The_Grommet.com.xml
+d3cad14d26c563280c4e79db4b0cf3861e3f31b33ca0eeaa23247d90c54d1599,0,1,The_Information.com.xml
+93302fad4ac7439faaeede5bf618c16d5f4b566da61c55fa8333a0a7230f9e27,0,1,The_Next_Web-problematic.xml
+b1cdc01ef33fd2f12c0e05959597fc420da308b364e03ab877ce6d85ca9678cc,1,1,The_Stranger.com.xml
+8c22882ab50988affb25c043bedf30891600e9b01147c502f680981cf767ea39,0,1,The_Theme_Foundry.com.xml
+192c7a558c80f5de13deb92fb4e194cf46e435a55413f27016131a33259fc2ca,0,1,The_Work_Dept.com.xml
+3b89f9f5c32b514122d49ceab4814e47ef0c97aaa9aff40b468aa9387ab4b672,0,1,Thingsquare.xml
+326ede1e13d0a578ad89ace621366155e7f89f408b79ac44b06649be18ad6393,0,1,ThirdPresence.com.xml
+90c675ebf5b3bafe827e2c5d8c63e5b6d2ce67964f4275c74caeef2b879355dc,1,0,Thumbshots.xml
+5c7384430e2a8498ee7650c8045cb2ced1f24318f6fafb4aa5795efd075615e4,1,1,Ticketnet.fr.xml
+df293463db93d5dc463389a7df8fa0780fbce66adf464f1c1a0c60b428469662,0,1,Ticketportal.sk.xml
+62bb7b01e3201ee67e66039114e8c24171c75ad40137c91f5a18e1d28cc72292,1,0,Tictail.com.xml
+298330bca9f99c55c045c6aaacc513f9435fd9b0080ffed0e11618cf2fb8325f,0,1,Tid.al.xml
+196e8b886586ee852fe896324643157d3c48009254fa4351eebad927a6985160,0,1,Timbro.se.xml
+a3bc46589d19e9d694f9bea35551cc18428ce2f98841482a332c2312dd67470a,0,1,TimesofMoney.xml
+9db7d3bda86ebaf938f4cfa084d270d03c123066e59f8572763f02fb7030322a,0,1,Tinder_Foundation.org.xml
+380b22a2edf379e5c07fd2ad78a08eec59587685ed3d0af1462e9dba0bb8bbb5,1,1,Tinkerforge.com.xml
+b7175de4d05adab926380c808c500136163bf0c5a254404e8ff21ff0c820168a,1,1,TinyChat.xml
+2924ac1a948e6361c2623f35a730c8a7bd6b6192a0cc3867cf2e653d654a34cd,1,0,Tjoos.xml
+1531eaa1067b3d3963d8e50104e17514d3379f4dd0c56b01ab934a74c7f57f41,1,1,Tlsfun.de.xml
+5c1a30c2008fc80c0aefdcc559777cdccdaca7d8f3c4c95e5e2d0e238c8a56b2,0,1,To_BTR.com.xml
+736eeb9e5e84ba51627e18d1fc4772582f48cae72c1f1869902e98c8c66808dc,1,1,Toad_Fly.xml
+e092dbaae7609c030309c6b4fa8e509833fa522fa39660e7e1ec1fabaeac8dfc,1,1,Toga_Hotels.xml
+b52667e2e9eba427ac0aa836b4742dcd8b393dc3c84a9c6a33295d44f521943b,0,1,Tokyotosho.xml
+06292948f6ffaada00246a0c636a0518391fbb988861bdfad633af27925787d8,0,1,Tompkins-CortlandCC.xml
+49e3cd62a362f46bf5ec9f889455c88efb9f9d5f854a96c476ce86f258e1022e,1,1,TonerGiant.xml
+22be09653a0cfacd2ab9fc4ba5cc359eb30e5232e0e67023221953ea2b4b30ae,1,1,TopOption.com.xml
+b75b3fb34aa93de7753e90173373e56eb02eaa3df6ca46adfc97e08b035accb5,1,1,TorreyCommerce.xml
+1ea0854c281793e41aeb16fb2951eb5c24d10a497311613b489e45271b4f4f4d,0,1,Torus_Knot.com.xml
+53edb1f24b82e87bfe6dbf9725ea58c151d56d01c93b6ccf402238ddf6dcdc6f,1,1,Toshiba.co.jp.xml
+9925bba044436e099ef9a17c05c3a9dd980c74652aeb939ac34c94ea63b7df57,1,1,Total_Choice_Hosting.xml
+564de255a2fe5b5ef4255de2e2dff1bae6284b29469b7c17d00380d21b9289be,0,1,Totse2.xml
+24758ddd0781ba99a1a9a29e03011c29687c1b5f67dd207daa8d811ea75a4615,1,1,TownNews.com.xml
+7259305af6c4290ae46de7c834ca0762784aab4962d66ab98641d750a83ed803,0,1,TracFone.com.xml
+eb283cec83d4235adac15a53986ce71e8770d0cde0f91ba7279e6b6cb5fab379,1,1,Trackalyzer.xml
+ab5cc8a1755685297bc40b4037f1277d7482417e04e5c520deed1d12e353c4d4,1,1,TrackingPoint.xml
+721009e195644d5540c59a6f42ab2716e35722aabfd718b4dbf487a5f52601c0,0,1,TradeKing.com.xml
+3f6e8ab2b5f0ed70138432ba3f0bfb91451404f1d1c361fcc625d070e4ac4f9b,0,1,Tradelab-problematic.xml
+8ce8022cf79d4e12ff69b3bd4ad3d9cefc94a750bc774c6666dccd1ef6ae7975,1,1,Trademarkia.com.xml
+33fe34b8b34cfe39278bbf256306a09c27ae0943883a0a037b6fe9dd92121893,0,1,Transact_Auto.xml
+8e3bf949537422735fb6201093ec7a14842e44819fa0740fe1fa626eaa61df0f,0,1,Transformationmadeeasy.com.xml
+00dd816c4f9e0a041f07ebf13af88e9eaa4c7c44adc9df183c7807a249bbd35e,0,1,Transformative_Works.org-problematic.xml
+9130f100904f6c25762b32d755c566fe6aa588b19feb0defa4d3473687abbc06,0,1,Transifex.net.xml
+bb06dd6b10f827e1ac23da17549badf7f17b97300d993618cc2e608e66328a1b,0,1,Transportstyrelsen.se.xml
+86a98debc03d6f499891066d33f90a70bd855eacfbbd4d0c90f9a42e2a911b54,1,0,TravelBlog.xml
+7740589641805a971f42b11b01a902297d1a6aac93f7f1ac546422fed26e739e,1,1,Tremor_Video.com.xml
+bfb604fae38480027943a3037882c5528b368486efcdcff8ffb0f9ecb7cb42d0,1,0,TrialPay.xml
+92ab3b2599243d5061be0b6ed2314323d516a7428db0b9d626c9d72ad81472fc,1,0,Tribune.xml
+a3906adccfc4301efbc4cea0a097d22264fa09498b92e9ab18dbe4deb4f9e3e6,0,1,Trinity_Home.org.xml
+2438a19009f61439104d77dce8c63f118c538313647589307aa3496d977ceeb4,1,0,TripAdvisor.xml
+9d1f2028d622611c85867fdb9cce067898baf1b0c8b1cdf76382a435006dee85,1,1,Tripbod.com.xml
+de005b963aa64c38345c6e74999e37867e4acf480ba1ca78a9817391e645eeaa,1,0,Tripodo.de.xml
+583fe8b250539316209b382249de834765d3336b789e278a0290906946a33230,0,1,Troopers.de.xml
+9f13abc038bc4708796c8149ab7a1ed9a3ad9ad1de438b1ee50addeabf4b1645,1,0,TrueLife.com.xml
+cc353d51b4fa9b6eb6e627384ca618e2739233019f262bed49a4e88829a5b8e7,0,1,TrueVault.com.xml
+d068f81127f1484bb4b0c190d455ee641f01a8fddbb6d3303992cc6e6b5339e3,1,1,Trusted_Reviews.xml
+49cbf04c22069b4867cf2dc0c8045ffe051ec0d58d4d1999fc2fc97d1074cd9b,1,1,Tufts.edu.xml
+de7344c2c6d972a368180b62f10774c317ddc037946309fae83d650d4ff4a538,0,1,Tufts_Giving.org.xml
+ed6c9a0705f39a6116bb5846e82ff40a083eb3ce58530524fa2c53c34fa73b2b,0,1,Tufts_Medical_Center.org.xml
+62a29c0411070865d40935c23e4b49d617647b4a7996250d5a97409a69ec3107,1,0,Tugg.com.xml
+5f6902d3fa2b7788a4027df3ebeb27e3970287829ea006dcfe0274ff4b8c557f,1,0,TurboSquid.xml
+bf1654baf8cb84aae5a32734e7779a06756a2e29cf28d765759e21ee1c5675c8,1,0,TutsPlus.com.xml
+910dc09ec17c26a12b275fe2d1282e94a82fbf0163282fe5a5ac496ff9ecbe3a,0,1,Tv-Release.xml
+b35b35365733082ecebdf86f03de9cd93bd738bd52a0239bb07d4507ad792b5d,0,1,Twilight-Laboratories.xml
+deae2b1c6be69bae7b6ec4895e585099a2f5374b53776ed4f075d45f4c1cfa6c,1,1,Typepad.xml
+1da05f6062123d8b368d700a96b0fbb2dc7baa69f14ba72716e3c937a49fdbe7,0,1,Typesafe.com.xml
+9d3134a5ead87b0c73882c2fb945b4ab92ca869e86ea2d8e5b93fe8529eb22df,1,0,Typography.com.xml
+7a670737c4553654c86e065057ee25d27b90472c143fecc08410c0014d408b79,0,1,U-Tokyo.ac.jp-problematic.xml
+ac05de6e9b0cf70e70cd6217887eeae3bb4ccc15153f931d34342766fa116bbe,0,1,U-Tokyo.ac.jp.xml
+d135385bdce6daba2dfa309bc31c7c871832ebfaff81f2c70d4e6fb4bc5e3081,0,1,UA.edu-problematic.xml
+a7fed2aaf25d78080b3ec0d40308a403283fecde51eb4a85208fce48ccefa882,1,1,UA.edu.xml
+27e5f54b8a4bf41f5fa918be6f7d9c4b78d52704aa6b1f7391d75f566760a76b,0,1,UCAR.edu.xml
+49c96678bc86a99b01c12892885c4fcf38f81dd5ff32f582af605567f64fd5b8,1,1,UCLA.edu.xml
+995aa7cdbe60994801ee5330b1ed5f89e56b12fa300fdd71deacc89cb1e21d51,1,1,UCM.es.xml
+080fc622ff8332704b958560b9d0d692594c26964918c2bf3c496602568e761b,1,1,UCalgary.ca.xml
+ea8f9bf69a5d5029ab1c217760e6e27c3b5a4e9672ace704a2f9f7d8332bb497,1,1,UD_Media.de.xml
+609b7137afc6337f00bbaf79031480a007ca9f78079a6f2e4a81e1bca8173090,1,1,UFies.org.xml
+dea8b7526b42b85e25f40701a5b312661473a090bee7bebb61f49ee99a3ee654,0,1,UK-Web-Solutions-Direct.xml
+1c2718eddf3aad2784493ace750680876d5388690df4bc5bb12461bdd2e2b867,0,1,UKLINUX.xml
+96961aa668492fd95b7a45e568a5388a77a045d1a965504e3f4c5cac64f72426,1,1,UK_online_centres.com.xml
+1ee8e426a02b2815dd6a3bacc4e8634e75b799bb770257db43e675ae1bfb1aea,1,1,UOregon.xml
+907266beed4a1d669f500978ddd09c3766b1680e654181dad0525c38e5cbea78,0,1,URLParser.com.xml
+4346e6ad0202aa001cf66c5efaf1326a85c87d9bd396cd1a4c80eac520510db8,0,1,US-military.xml
+7b056903a4f7fcdc8d3d1ed3a57395ada26cfa168d1a9e54829caa29df18a670,1,1,USB.org.xml
+e8405ab7de7e35328c149fde0221a4b584545b98daf10f5cfb5f971a53459403,0,1,USENIX.xml
+e4586a7c8a445349c9c401dfa92b39442b9f192a4b41ef5282bc0021a82e3483,1,0,USF_CA.edu.xml
+8c8a8154bc356f1026c6e659f9ba7a03ed3f31e50db20467d006bddc01827de1,1,1,USFreeads.xml
+37eb6c467058dd4c92fc635e6daa2c37fa7ef6c2d7c24996fafbde8fe43071e6,0,1,USNI.org-problematic.xml
+676d7b6466eddd7c4b84147c9035810f041067ca01a8014b6213dbc78b23b864,1,1,USNI.org.xml
+440f3a2d9cd10cac52a1f6f4b1772df23314784496ca885e1036f6e4c319f48f,1,0,US_Nautic.xml
+7eb29ac9b32f64670a1383ddf5af47ab5c0a520778a95a691f1c0aafcc629eb9,1,0,US_Patent_and_Trademark_Office.xml
+5729da227cb793cab2e8d6e8ae8959f7fe9331a3232249de3150f8dcc9da657e,1,0,UTSanDiego.com.xml
+977266102db9309a7d4170b34745445bc2847c67f8193af518c396ccd96eba71,0,1,UT_Dallas.edu-problematic.xml
+ff2aed5082fa7812f6c0249393b7ef2d75b9b97fff27ee0f75315c7a458a7adb,1,1,UTwente.nl.xml
+356a280f3948c07b7b730b87675e84c63439e43696f295a63f1a89e2ed5aa44b,1,0,UVic.ca.xml
+0c8e6b3534cb476f07b87f282cef2ac6b42a3faed84185a85603d04c6631ff8e,1,1,UWinnipeg.ca.xml
+db0b22a14e4f5c66f02f963504cdcaa35e78ed7f39f42e209b3e0a9b9ba1a593,1,1,Uberspace.xml
+83ef1c74e728e31f46d7c92a9987fb03960c81e1056291d01b6f4cd57f9367fe,1,1,Uhhospitals.org.xml
+254e23a8560db790d5da875d282c4364d6b9004388e55cfb8448ebc4fa3aef8d,0,1,Ukr.net.xml
+dae919c3f6ca4e00376c16f03704d0da1b907a19cf963af16a00b2a813c96c38,1,1,Uline.com.xml
+1fb81f92216ff932aa6f19d86d881e1787d534499a3de722e4422a269e346e35,1,0,Umbel.com.xml
+abde55d39d54436f83a19a822428de73e001bc42b5bf7a6846ecf331b8786696,0,1,Underwear_Expert.xml
+bd135ffdb815d31e79e5509bda7a2a677a86628cc655ca65c214de1b20bb4627,1,1,Uni-Kl.de-falsemixed.xml
+dacf0d738a537ef348d793f0cae29cb8a6767c63e4d352034c73b1ad503936dc,1,1,Uni-Kl.de.xml
+30d8208caf67565a05fffc16600350660f0a51f6d95f84a040b00a9dfbf35370,1,0,Uni-Saarland.de.xml
+bf4cfa2104d71e0ec0e3e930c0d1e9129a08bce034bb8eeaab0d7d12fa1d52e3,1,1,Unimi.it.xml
+a937024d9043a23d94d3d72c6882f07b3961be52ee04344cc3c63f26056138f4,0,1,Unique-Filer.xml
+1293236f4ba0c9ee7f91d8c5818ce140add73b0a4b3bf5b0905e02e8064b3e3b,0,1,Unisys.com.xml
+57f029555c472032caeea71fd0eb7cf643449d1dfbbff331875b4f10222ec2f9,1,0,United-States-Department-of-Energy.xml
+44cc911a17c526d1a8c74161d9d8a8104bd9e4fc2a2626d35a85739c0b7b880c,0,1,UnitedDomains.xml
+c765a715e75a8238ab6e70d332c7f4a2e714adf1164caf136b66b5f6e754e2a4,1,1,United_Republic.xml
+2f42e894be064592af7da170cd603d831acf2d10b0ed05d618b606f1cda08c80,0,1,Univ-Brest.fr.xml
+eac00803dc242cd3e843b8c8af41a0124c77d59a1287ac6a729d4716ec540585,0,1,University-of-Bern-expired.xml
+930135e45407a24b1740c05dc8bbdc963991d4da2ec3acc022b3987bdd097fba,0,1,University-of-California-mismatches.xml
+8c7c2ced844de3b70117b7f7c122c869a969beb3b271c7d5e2090bc1c531079e,1,1,University-of-California.xml
+7fd3d874bc7fcbe51137ef2294ddd5be26f4263b66effb0be5d36e80f947ad79,1,0,University-of-Colorado-at-Boulder.xml
+f89bc86351a2ada00395b41e4b0da61afc5fc5173d7bde7ffff24f463818b909,1,1,University-of-Delaware.xml
+a51b15e6ba94249ba53093ba41ced19ef790ba037bd92e71576e8a8398db2a22,0,1,University-of-Florida-expired.xml
+2f5ac83c903640138b112d1d93ebcb07fdeb3ec4accedd5713575aacee7cb0b5,1,0,University-of-Groningen.xml
+91de4dbc5f2a243b953901c0fa838f4f6887c7710d744e80cae9457e8ef0d115,1,0,University-of-Helsinki.xml
+1d9da1c02f10316311989f868fb5a6a1aadd7e986a2e9eed25b4d061627c492b,1,1,University-of-Hertfordshire.xml
+fb45af1fb5699cab6007d287aa55ed1977fc6ed96e508ed1b9fdb424662d90cb,0,1,University-of-Kansas.xml
+963d8f6c9de69041ea1358f02dab0a26d8da98bb414d1a8d23eeb1dfe16ed004,0,1,University-of-Manitoba.xml
+96dd94cc310e936db76b39b334266d0d30a1679ddd1454f8a839edd3a74c701a,0,1,University-of-Minho-mismatches.xml
+c2f53734fbb96b512f068f719a8a3ef75bfd817273ee5b6f47ad97d34e28ac19,1,1,University-of-North-Texas.xml
+631131e5eb30ce8652a864956ccb34accba494d9848e5cab91ab8a64d054ba45,1,0,University-of-Pennsylvania.xml
+0ab02841a6ead3924af19e98e079cc70a542e0c5c2b22a652846babbc9126383,1,1,University-of-Strasbourg.xml
+71d54122dedd8ad1d74e9ef5180aedf5e6cb470fc77ea84f6b5a61f095665b44,1,1,University-of-Texas-Southwestern-Medical-Center.xml
+f9eb2c0b78dce339b2999b544ae922ba97cc5144da81cc56e2e0f9e746cd8e01,1,1,University-of-Texas-at-Austin.xml
+7b3bd50f223a278de2b4e84cff987ba5ea36aa9a3b3df1d4d97fafaa20791049,1,0,University-of-Virginia.xml
+ed415b19e0e0588a60d6dc04924c1d9e38d3ef0b5f99cf749235132684e9092c,1,1,University_of_Arizona.xml
+e7685c1277c2f651539b00195e143bc7fc60979f5eb7f7c293e1caf9d4e58eec,1,1,University_of_Bath.xml
+63aaa16ef17c9cbf4781fbe89e5072b7f26e6baef4407383f2b715f68422c100,1,0,University_of_Cincinatti.xml
+bd8a650134717d6663fbacda4e3d6566448a7d8559997bc4250cde0b97c37d95,0,1,University_of_Derby-problematic.xml
+1268c589e9541f96345a70e088f7de08a8bfb822b6bea715218f5d06705c35d5,0,1,University_of_Grenada.xml
+6642506b348a157b2fc8b05fec0c40a6c21de1b6f82fdef38eaa1a4e79eb2588,1,1,University_of_Iowa.xml
+3fb888e05ab2904735bac34b2a01c4f80092692bc035c4198dd12055f53cb817,1,1,University_of_Louisville.xml
+ce6883479c26297a48c2cdea26cb8c3c73fd972b03dffa98ae58bd65bd63f221,1,1,University_of_Maine.xml
+7348f47d6e380a9db30b1db471ad9789f8626873de30027ddc17de72d022fb11,0,1,University_of_Maine_System-problematic.xml
+bffcbe68aafccead956b6c6632afd2de03feeb9c08d6b468ddca372bb77abe38,1,1,University_of_Maine_System.xml
+e1515eab7c49ca3ee3c60e48cd94dce063981c37da4ae5b5b5f70229365249db,1,1,University_of_Manchester.xml
+1fb1f0084da48e4529081b175449d4f1538dd7414e453c9d01ea3c70ef0aa662,1,1,University_of_North_Carolina_at_Greensboro.xml
+e53026669dbd17f842a6d23486aa11dbc6e30295e682e5120f8d579007b6d7ec,1,1,University_of_Passau.xml
+261b66202486f2496e38b246af0d33207bd6cc84831026e840ad13abf364b9b5,0,1,University_of_Rostock.xml
+a8c9e1461af5df7c9c40941920372e0bc35028e41dd7d8a00d9a1d927bbd9ebe,0,1,University_of_Salford.xml
+bd8ac3d00a5c2dad7c95051d88787288e4da87f7060a07667fd02ad3e657f482,0,1,University_of_Toronto-problematic.xml
+322408b567a94f9851873cc21f1a44703dc8c15136d9d50f383797a4f1909d27,1,1,University_of_Toronto.xml
+7700fdecad6ee5f90f9a7c20864cedff85fe76ae2fc41752f1fb1c7d3d7a876a,0,1,University_of_Tuebingen-problematic.xml
+a0b9cee829cb6f80e1019c93d840453ab45963bcf91037932c7b08efc680c549,1,0,University_of_Waikato.xml
+b3f88f94bde324c4229ee0cb6b41471a5ab30115bc84e145ee94e5e80edb9d46,1,0,University_of_Warwick.xml
+7fb37f17b8488e80198cde05724e9d3d6da3607d8aa6be2f81a8a7156d28d65d,1,0,Univie.ac.at.xml
+04f4e0a5aa2958d5f9d095cc0148d118aeede6fe8b452d0ce04deb2d05b6ac38,1,0,Unix4lyfe.org.xml
+576febcb2526052cf69c26013f26d075d466d8c57ac8e34d5aa5c60a74f3d1b5,1,0,Up0.net.xml
+82d9a9e33fdc00692b3f32910877b27fce81ce6acc6b01ae16e21dd70a29af12,1,1,UrbanTerror.info.xml
+0459389c2f8fa05a34ad3dc433d7cd0581dd707c79e49429d5ac0aa437f2e7e4,1,1,Us_Magazine.com.xml
+647434d2e73a8e2487a70f4119136be4b5b89886e76e40454907674bddd27130,1,1,Usenet.nl.xml
+37253ac964c42bb2b910621759ce273f910ae0f63f7497db27d5c900555d2a54,0,1,User-agents.org.xml
+624acce46170f956a165171c63c53ceed4292bc051035065d8f5c5b803cbd96d,1,0,UserEcho.com.xml
+572e6c6c3fe2566a715dec30b294a7f34c2e2a9d54a5102f280d5e7b640288c3,1,1,User_Local.xml
+737b235408a8cec2956ac513e3fb5555052b8998d8d48a1ffa90f230bcee8e64,0,1,Utica.xml
+ca9050e78347c6536655c413199565617815b1041ffd409a5a7b80c35a34e6a4,1,1,UvA.nl.xml
+99a979f836e3af45cbded60128ef9c83ca449dcd3ac13695cd75390c1748877a,1,1,UvCDN.com.xml
+afba8b9c6e64ef1168b1715b57188e6c89cc6c9e1873a0b30736c7d46830d4f1,1,1,V3.co.uk.xml
+194a500967109f3650e5c9ba755773ad1cee13caaa0cbefef550290d22cfac10,1,1,VBSEO.xml
+1281de78bff0eacf94857ee21a0721fbd26d8cb2f0faa190c9a5a2d813d3c29e,1,1,VCE.com.xml
+02f195e0534b84f901ed70ae7a9d857a25a6b97dc1c97dd159131c9caa8298c7,1,0,VG-WORT.xml
+248224aa6eae82843e074512ebf52e4bb7134b14410768fdfff5cfc3c684e52e,0,1,VIPserv.org.xml
+f83f5c1c242a7f0c265585689c1c625d357346762617ed2b19a96d108a4dc1c1,1,1,VSCo.co.xml
+51ab02160086d1d0ea7a8f03e7d7f2e1fbfca841b48c29c23a1f956547ddbd0e,0,1,Vantiv.com.xml
+86dac465019aa272c1d7231c6db0e96c17a64e805265e25cb7b4690236103e51,1,0,Vara.nl.xml
+4bcf9831e9ead34160a0f5081787288097fc34a7731e5079d485783f9a2b806d,0,1,Vayabe.com.xml
+4c9ec656775f15d9d294e51708d89c998cc0747d426effffdab33b2cf18cd442,0,1,Ve_Interactive.xml
+25f9fb9ad931eb2633dbf62a790dbef671003bedf05ce0c67a776b430eff60e3,1,1,VehBidz.xml
+28e082d445b8d7a2958d5302733cad7fcbf9f471cb6e8a3ee3a218cfe945add0,1,0,Velaro.xml
+03142920bcbd18f915c755c8a6feb9026a44156731240b30534a05b95fa051c5,0,1,Venuscafem.com.xml
+e12b6d5c3eb3e1115119c50070ef4410f6a1e1bc3dbfc9791bb77cb6d82fc52f,1,1,Verio.xml
+10eaee1c4dfe5667a67587aed27addad4dc47b3433137ba1a04e50087e367b2c,1,0,Verivox.xml
+2789e066bf6ff7755a8656f6d0a5d14fb16a35b40b59a9ce5502398b87ca32d1,1,0,Verizon-Wireless.xml
+eecd0f86d3976af4bc45b163839875219eae631d4620da357e43ff7e62f9a8bf,0,1,Verkkouutiset.fi.xml
+cc4ff6781b3b651943c483800500389937ea92a16b00110f6d5c9f45c44ae100,1,0,Versus-Technologies.xml
+0b2034c782d1f7de7c5c6e8416834dd312d437a0aa984e67fb21399667ebdee8,1,1,Vertical_Response.com.xml
+e99551855f8ef5ad0f4f728e46fb5a4503349c443b6a065609328d7c06fd1cbc,0,1,Vianet-Group.xml
+99311ff381a3405c395ef2792129e07ae1d9b90ad58d6b4e2f4a08c53358fe66,1,1,Vida_y_Salud.com.xml
+dc3cd4d884d6b0380ea5542f768e901c7a5f33e953ba11f49f3c5ba65844134e,0,1,Vidarholen.net.xml
+b9a96bb1e88431f6f508e49e1d99303ad56fb2e9beae2b798f019de7ad65239b,1,1,Viddler.com.xml
+0a02a181ce944e64fe86ee04f13404247e58d11ea4ecd8dc34767110033fa3d6,0,1,Video_Interchange.xml
+3915ca53eeab6ddd05064ddb9138d88de0e7739f67fdf66a67125b9d5830a20d,1,0,Vienna_University_of_Technology.xml
+6c277f1037e46a2a059a8225c98a2f813e5230cc48477cc5b2a1d345db77eb27,0,1,Vindico.com.xml
+4a290a60e295a9a2875c62b516f4417bc6c889a3a50be878acbe5a4f064769b1,1,0,VirginMobile.xml
+f684638888b331ae7388ef7261ca4558d1cfa293cb6df9c0dc71b4dcbd3ccb98,1,1,VirtualTourist.xml
+dbe019114063e2c60b5b435f84d09fec9eaa2780607cf1e0f36a339e7cfbb414,1,1,VisaHQ.xml
+5e9fc0c2fa0ca21f0859501a1e3745231351c916b9357d7e4d5544a9c3c98314,1,0,VisiStat.com.xml
+67cc534b0e9d0609197c2b306df791155c4fec3d7883bf170e5c972417a94f36,1,1,Vision_Art_Forum.com.xml
+00e3f5a241f93c1e5360b76113469ca7da9b076d49b3a1ddaeda9974935886b9,1,0,VisualWebsiteOptimizer.xml
+795e03ffcc375b164646923c72ea5afbf313792e2fd583095a0292d3e4962925,0,1,Visual_Revenue.xml
+75241e3d48e2578f64e46c1f39f4f412ddc4842f0990303c345b99085c18e16d,1,1,VitalMend.com.xml
+17f1c78d50c87022ca1f5898c00fb9e43c7c14237916d34135694a41f7906c2a,0,1,Vital_Gamers.com.xml
+c6920ad0394ef6eb3d8cd9b9d0a5e7cabbb1105a6112acf5f9bae60e97bbe2bb,0,1,Vivaciti.xml
+d8652363747589e0cc4a5b880150b22dee3297bb2f869e7b29a63460845fa6ed,0,1,Vliegtickets.nl.xml
+636420e195fd3296d6a0fbf1aa2af10402c50fd22d6c5070e95b87aa62784f08,1,1,Voices.com.xml
+dbaabb4bf10ca0694445404fa95fa7cd83ab885d560430dc702cf06bb4413113,0,1,Volatile_Systems.com-problematic.xml
+a0332f0bf80ee5d4c420c7e4dd1cfb3b0c509a510caae1711dfee040206be5c2,0,1,Volotea.com.xml
+ec9397d0213499cbc4dae60b3de338b64aa03aeae205a111d2442b7b88498db0,0,1,Volunteer_Centers_of_Michigan.xml
+e8ab747c2c48c350e01e548b2347aa6d96d2c6f4ffad2547a20af7f69075ff8c,0,1,Vonage.xml
+a117ac9f7b8795646b325f5eb086f08c07fc84618a85fe91af96a9527d964301,1,0,Vox_Media.com.xml
+dc251a155c574082098226745187bf67f565df6e3454c56d1cfeb3849c895b53,1,0,Voxer.xml
+08c7f617fb35b113d467230c0090583584709376901b026e6775840dec8c93bd,1,0,Vsexshop.ru.xml
+c4ba9f0a62d433fb9c96fa59cb49227da94382bfe1a0824c59acb53df7e8cefe,1,1,Vueling.xml
+ad403876ea5fa23b4f671bc9e3bfbcb1874b6333780a98c1a4e1cfc0eb960cec,0,1,Vungle.com-falsemixed.xml
+712e9c11fa537727065fc17317b376dbff0841191976892fbf193cb53956d898,1,1,Vungle.xml
+f1651a48bdaad9f31cc77e80136abe27ffcb9ed903a322fc915815f524c140a4,0,1,WD2go.com.xml
+f4f8368d94081e80d2dddbd1f5e8da02883d0a6656d7d23b17e09df9a234295a,1,1,WDWS.xml
+72a7669b29bef1809261b2b6b98b8398424646be1d1b67b956d1503a3fd03562,1,1,WHMS-FM.xml
+ed22ad03a82abe2247c198290494e6b90c1b93eefa050d66ed0b5e1759fa27db,0,1,WHO.int.xml
+5065006d5171a62cff4f927cbf17959479e9a88d39bb4604dfc31bc0f0265318,0,1,WOW_Analytics.co.uk.xml
+9dd9a5720a1895710d5794a11c762e4fc16b0deeaa43a806962bb6c8c39f7fc5,0,1,WP-Engine.xml
+c5112a2a9d8b7eae6e30545b6ee7e9d0a30f9c087bc7b761451e81d9916fc57a,1,1,WSO2.com.xml
+0601000b056c8d7de6c0cb80720f2ea5f7cab0a1011c94bf864532c51a148bd6,1,0,WSWS.xml
+686d52b9e887359a9fb2a3f6eede8bd81fbbba5a1b3d89935e85c4350883fca0,0,1,Wagner.xml
+27404357c723335a40fff088677c65479e073c10b4998506d2e74387d370b113,1,1,Waitrose.com.xml
+f207fc4292023db15237b03f8f5995f5c9584e455d788dcbcd657f9a07fe934d,1,0,Waitrose_Direct.com.xml
+683d274e1fa8a18fd73448d94c4477050828c653cbf8c5196bf212046bcb6943,0,1,Walder_Wyss.com.xml
+8a08efd9f436918f1558eea82c41cfa715b27a7ebc99c8e49c07542a92132620,1,0,Walgreens.xml
+5ea94d4f904b6afb84767bcf3a34ee6f91013b673284cf424d67eb09216a7b58,0,1,Wandoujia.xml
+490f37f964fb9bd7058bb7e2f52ac06bbd076a10428097654ea263efca37f629,0,1,Warner-Artists.xml
+1e26f33749735e34741aeb8c24b83694092d38f61bd183b7b901cbc4b7aa8385,0,1,Washington-Post-Company-mismatches.xml
+2720b91d15f91e446cc3db1e764a500531fa358673a978d012fe96f766757951,1,1,Water-Challenge.com.xml
+71bd62a4e628d4b7c81a282740fbd4a583cb768f21d7d78a815308bba9ec6c03,1,0,Water.org.xml
+345b6b2fae63c61a265a9f34a768f81133caa068af17f61b0a82066f02da1777,0,1,Watsi.org.xml
+1a1e4cb2d91932e0f0cffd605685ef4832d6799eff8507dd97541f2002001df2,0,1,Watson_Institute.org.xml
+52d9cdba31649b9d41912d38370925a9e4c794f6728f436279628fa9246facf6,0,1,Wazapp.xml
+0b818b88c798284cf79298c509cb9c22b7bfbbb1a9a2f8168214c272781633f2,1,1,Weather_Decision_Technologies.xml
+cb4cfbf5a7dd4dbee227dbe806a6b44b7cb7939a5f41c45e5fbacd7cbdfe5117,1,0,Weatherzone.xml
+af5d3235f7f19281f16e236425ecf793d15ae89d5278a12f02a3135bd93f338a,1,0,Web-servers.com.au.xml
+9bee3822b846148f1ab13645d332e7d528edba99136159c599f6c91c077caa78,0,1,Web.com-expired.xml
+af9750e35db542ad03022e8ae5b73065aef4db2aa1a6282597a86180aa3276d4,1,1,Web4U.xml
+7d614409e9e5c1a7376193e7aeb5950c05b532cfcbe43798148117dd94d4c5d0,0,1,WebFaction.xml
+72226cda0dc9050fa7c87ac0b8f99ffec01dc23f4a661d9bfa7c5193701be267,0,1,WebKite.com.xml
+08e726c154569add23e4cb12e8cd8a50626356f91f2a314e5ea30b1f740db4a1,1,1,WebProspector.xml
+fdcb633ebadb7b41aea3f5de3d3b0953dda6fb82a6a8dad164b026e93481d39f,1,1,WebShopRevolution.com.xml
+0b8acf849766096236f7876cf987e5da402f504ffa1eac70d416b07406b3fde8,1,1,WebSocial.ly.xml
+d85201be8c2aa6a431cc5b414d7d51d61497ede18d3fbd1dac4c2da2321be983,1,0,Web_Hosting_Pad.xml
+8e1b8e2644fbc5ea473acc74abe12256d8d73f48272ea58a092eedbb55c64e21,0,1,WebhostOne.xml
+5476efa330deb653c29a6a507a11c146301f583daad0a8346c880b96673b27af,1,1,Webmagazin.de.xml
+0163c1d1541570a0fb9502e3bace76baff044e8ccfade9fdd4a32a469d6cbf7b,1,0,Webroot.com.xml
+dbcc578640c655bb0c695ed4716f13a9fe86cc90b044caff1a3ea7ed0dd7dbbf,0,1,Webropolsurveys.com.xml
+2a440880c552f3116b2f466d4e831d12c295b8cd8defcb4a42e56324cc839936,1,1,Webshopapp.com.xml
+118ee8f7c8e74a35296fd66559a67800ac3e8bea5aba895b70813741955b5204,0,1,Webspace4All.xml
+bc4f58da915f1ffe725f80933f85e072c95b43b0841c879e0db9fc2e3773c4eb,1,1,Webspace4Clans.de.xml
+e1db152bba8aafd77e0943f58ad90ac2f8f8434c46db0f875ce8b67e70509180,1,0,WebtraffIQ.com.xml
+3b00d11eb23e281b78d953139aa17e5cda9e6e581be328d2f477795bbd85582c,0,1,Webtranslateit.xml
+cbbbdc6fb132f2cce52e3bd5d7010ac0c6c59a5c8e1f002542b76530aa712ba6,0,1,Wego_Health.com-problematic.xml
+8edb6acdbf3d70453a1082ad9cbb2b3301dd7a4a0e8aeb391fe10aaee498545e,1,1,Weizmann-Institute-of-Science.xml
+5521b2ce5f7e898bd3ea0d41fdf92bdc76c7af51509e957e7a588c6b8caafb06,0,1,Welk.sc.xml
+14de83ba384dd63e8dd89f465424d81fc6bfe8f69962f348a5d456aa9d713e8a,0,1,West_Orange_History.xml
+4ae3197a0f427caf0222250d811f751f5020e591719b63f3bc5e3e385af14c57,0,1,Westlotto.xml
+ae329e6dccdf72e9be85e53412a7f7a5a53fd44ae853a3e77a20bfeb506b7ea8,1,0,Westoxon.gov.uk.xml
+a8ee7b73785bf6447ac322a7af90fba115d2e75bd6a0ef6e7a90e387727b3035,0,1,Whamcat.xml
+6752c99fd0b439b67c13d1ee1063aad8dcf1eeab6e963e406d5a7d6f60af26ab,0,1,Whatbox.ca.xml
+d7537f7e21858dae64562a4f7e64eb14ad7608c4cd25e133a867f51bfd3a0ac9,1,1,Which.xml
+29211dc5f2d57c9bc61b7b06716d49200976da7aa5bdd47278557c373dce7f6b,1,1,White_Hot_Hair.co.uk.xml
+f5fa1d6e12185fb0d704ada571dcea48bc08869fa2164ecdc5f5ab846888d88c,1,0,Whole_Earth_Lectronic_Link.xml
+ce809b7bfb8a875feace606a959feb0c461732114e07338c99e258968c591b4a,1,1,Wholesale_Labels.com.xml
+230a483aa987f21dbc5a05091cf8551abc09c10b1c540ca8413061dd68578719,0,1,WhosOn.com.xml
+10f17a912f9e030ca1c9c9348ca6335939d638f0e14331165def15e6b14bea48,1,0,Wiggle.xml
+eed9dabd0f3c94d3672ef8638a276da0ef70bdd31c3a170075a161984f711e7a,1,0,Wikispooks.xml
+abacb82abb4afdf07777ea5f54f6ed6bc53e344a39d61dd7c2223eb41a00d636,1,1,Wiley.xml
+28d055e416728d3e566d13dda33e65237ecf5f262d2c6c62c4a59ee11ff83a57,0,1,Willamette_Week.xml
+2a13f6f7f6baa4dfa85c46ddb205c5b4dd5c9f20b736d016668dcc4c9caa7414,1,1,Windows_Secrets.com.xml
+a02a9ba57f217affd4ac0d4c5f2e5173a605af78d0bc5cb8d2e0e62e9b3ea26c,1,1,Windstream_Communications.xml
+32f6f0cc30b35c8976e18ca4ddcce03605753a93b528a5c2a1ca2d30a472d5b3,0,1,Wingolog.org.xml
+3f710d3b7e4222e65768e846825a278130b3648d785354f2cd900cf8aa4c3909,1,0,Winner.com.xml
+0c730c529f3cd69f7b467d504ff460ca46301660b1dcdd88ba8300d4ab7f1d6e,1,0,Withknown.com.xml
+e22b3d745136b4a31c7b3f3a8f65c77a8721c1afe5e2729c6cf848fa07ff8687,1,0,Wolrdssl.net.xml
+c0db25ec810ba107b136de619afd22b9a0ce8d5019e08be5247501fa7d3cedca,1,1,Womens_Health_Specialists.xml
+69427086023cb8659815526a6188f67b519e979df97998a8ef78e590491da187,1,0,WooConf.com.xml
+072d4bc8ac964f1db9fc4b3d1113dbe48d854b975c89839f3d5395226fee2b33,1,1,Woobox.com.xml
+9500afb5ea51aa0371714903801089c740a7955bd157c8bd6001ee5a3b2fcd3e,1,1,Worcester-Polytechnic-Institute.xml
+92fd7c961a4c484497a8ed726fdb7fd9a41968ef735746fd08457c37560bcb75,1,0,Workable.com.xml
+ee8ad00200a94e47b5c9f1552f83a87c7322a0632d7c29ec2c6cdf42edad6475,0,1,WorldOfGames.xml
+86a2e82a42eb0e970bafcb75d441c6fdc7d4dfe2f194f3f5f09a63afee0718ca,0,1,World_e-ID_Congress.xml
+6b2fcdbb1c045a0c1e4ab93e7732fb9b845d97763b4633bc836c46d0fa68ff49,1,0,Wrapadviser.co.uk.xml
+a2668cebf91bd8dde11b73e669c66f440f700c42243f6208ecdf3debcceac65d,1,1,Wservices.ch.xml
+1ed6357a0bb2153b9502ce2da5335e3d0d33a158a40570fc7bd40b6da0e54c5d,1,1,Wtop.com.xml
+6c1a71abc06b206b2553313564a62d2e4f0bc6a5754a6aabcece7ef4748227e2,1,0,Wufoo.xml
+07be9292aa9ca08d70d90978165e5cb8b2c05989adefb5415f8f42b8a93bf799,1,1,Wush.Net.xml
+35b9f9fea8edf91132dec2e801b084b173a58c519fba894e5968418d6e35fbab,1,1,WyzAnt.xml
+26ceb3ed2032542f2075db396734c4cb25ae58347dc7c780364bb100d198c2fd,1,1,Xetum.com.xml
+4d1c9f4983b197a9641abc19de6504d18016dd24ac9175dca499a9e0f8918348,1,1,Xg4ken.com.xml
+645bbf60775e6f22ed51012989302f79d66c599b6b17871b883e33861f497a4d,1,1,Xing.xml
+b925930748b05e603d05bbad9b35c9ada0a990bfe8e44c680ef5838f5f56de9b,1,1,Xperia_Studio.xml
+007ed995d2a01b0b3e02ea8ea01cb085ced95ddad059370171eb6def4f584df0,1,1,Xserver.xml
+a0a5dc3a7228f73e31ff237e89d46f6d9024a162fe2ac4c04d60968f11d0504b,1,1,Xtenit.xml
+033bde8d86b20991608db24d1854b95a54fcc5d4b072c26a0c3e78877283ac43,1,1,YMCMB_Official_Merch.xml
+877bfd008b92154e0bf7b5147d1f41fec35b98f8035ccb91b263c2bf12d4b06f,1,1,Yahoo.net.xml
+da2fd160f5803ed73336a0fcd8df659b18857c624b22cd38b286edef13e6c73e,1,1,Yahoo.xml
+0ae6d35db343a943f6c54011416bbe796435a13c894b5a719d1adc0dd29666e4,1,1,Yandex.st.xml
+60b992138d369e31e85ae939ae0b8c646799f15004d51d8a9b0cee042e6f01ee,0,1,Yard_Digital.com.xml
+4684c5eb2b3e908ba1df47e631a05893af0eede30bc216a2b8dea46d2a78d509,0,1,YellowPages.ca-problematic.xml
+b79a6f7942d60a42026d304ecc887e0471b7c96b27698c0a815f5892e697316d,1,0,Yimg.jp.xml
+e30ef33bc99dda8ab603adee29b3d8e5c06a4f03e54ca5945c4756191fea41b2,1,1,Yottaa.net.xml
+4df0da0257fcf4446e697afc9a01d46babf709f62d1bf6ebf2c099392acd7b69,0,1,Yottaa.xml
+e5702add6d485cbf6b018ea01bbd171656a5cb624d2ac685d7e189a373ab8812,1,1,Yourhosting.xml
+60cb1e358b417c0f4f6836240fbf7ab8356563060e09707ed5c5492b91e9243d,1,1,Zacks_Investment_Research.xml
+58d2ae044a28eabd58e291233ae948d32e97c42c8cf892aeb2deefe4b4e2a21d,1,1,Zappos.xml
+972b3ee4c16a24aab20cca8dfa8399b9353b8a2e5ae04388a24ea4398a10aa9d,1,1,Zendesk.com-clients.xml
+7c12b054111110d274fd3955b238c3c544d8add3805aec8b854d02de700868a2,1,0,Zerista.xml
+1a9195d25a90cc91b40b8849807f44232c624957f6e2f7558f0b2a8bf0732dc5,0,1,ZeroC.com.xml
+1555227474489fb63697ca75177e3558119df8b600b1409d57e3b577ebbf9c16,0,1,Zhaw.ch.xml
+26f56ed3495ccc23c923a63027caa34baef30311b4ddc96994297734293a4e9d,1,0,Zissousecure.com.xml
+1bd3ea0ac5d7e83747e15c8f53558ec863a930f53467de80e6fb2c8318ccbf51,0,1,Zlavy.odpadnes.sk.xml
+9cd38fa17f1cd6833d79cf92cd572c624c70f933e6fc881e52c92f486137b270,0,1,Zocalopublicsquare.xml
+618c143055176140e5517088535d1ca18e01aa1132adc3f546cf5f28d4f1f655,1,0,Zoho.xml
+647ab116fc936ea3096d11681a6105832fc48cbddddb8e105d2a319eefceb71a,1,0,Zoho_static.com.xml
+54f30ba3843ce2be5355b1259c28f6ffe7b3c9feddcbe0de95025bc506e913cf,1,0,Zulius.com.xml
+1e1a3eee124780dc325850e37cbe518f2ddb7fe35d245f00ef4e11a4abdaa67e,1,1,allAfrica.xml
+37c5f0433330fe4c2820d535944f85b15cb868cf41789490373ab03548516068,1,0,autotrader.co.uk.xml
+788abebdab63cc22f25ae5355e414c59ba172eb8398c4cb4068a984b993891a8,0,1,b-linked.bbyo.org.xml
+91bd48e097061265ae45976d057a045d7a8cad9056e27863cf2a9f83a8538128,1,0,bbci.co.uk.xml
+9759911a6cefdae952ef0a3dc425e6f6c5983a783bcb287f9c21631810442357,1,0,bbcimg.co.uk.xml
+c65218c1ca967f9407d41e68d3c1c678985e2e566e4c67fe407ee052c499abf8,1,0,bcebos.com.xml
+bd0efbba30261e92f11877fedb766e52efd5a9c7940b8db5db84c9096bb2ddcc,0,1,benj.cloud.xml
+f065925420ec63800dcfb7b402f1de343c87c37cba1c7dfd20ee956aad8d0dab,1,0,blindseeker.com.xml
+a914aedae4c3ef477c7d49a2d8657d51f774f4a43f9c32b98bf0a23245f9d894,0,1,blockchainbdgpzk.onion.xml
+fb3197e4ecf4999eb193dfaad46f0bc7dd2cce63d703ef7023b773e566af9310,1,0,bury.gov.uk.xml
+318dbfe8f4b7b7a37f1b28eec7d63c4c5be3c7821720a0832651c119bfac1b31,1,0,careplace.org.uk.xml
+7955a0d3d6af6b18aca473a36e0f62d93db444b63e032c8022673c2dae949c0a,1,0,ccczh.ch.xml
+d46688286a01470ae72a7494f809e4f5e3f1aebe8c1106fb90cf66225857e4fd,1,1,ch.ch.xml
+377f6ae7d5e69279a716acf1fa0da1587f111db733037671915e2f140d83ab60,0,1,coinpaymtstgtibr.onion.xml
+4d9de0cd9d5c53dc2e304a882eac29d39dc8ca80b885b56fdda99c3cb261fab1,0,1,comdirect.xml
+d5008a99ca26ac771eae43451d1a3f388ea560836b48126ed51e332c61ef850c,1,0,copyninja.info.xml
+9fe88b19037e7cb59d028c3fd40d30afb5e4db3e3f8b75299d9301245275542d,1,0,craigsmith.net.xml
+ecc5224bdf13e70d53652f6f917ddaf3525b293a3b014583a7e366f04851145c,1,0,cwrap.org.xml
+9a0e82fa2c84784bd866c0cdfcb15b4fde531d057cd5b0b2c2ae287fdb5479b5,1,0,dditservices.com.xml
+1191303496688bd47f3c42d5b9b20e188264588d02657e602a5e6beeaea448eb,0,1,direxion.xml
+115fd43e8f2968793726c7d1e0be246a5da55d02facef89e889c7c4b8106a052,0,1,dns4torpnlfs2ifuz2s2yf3fc7rdmsbhm6rw75euj35pac6ap25zgqad.onion.xml
+69543b744db80de441dc597c4edba83ba4ae47aab02eae703ed5782b59a46796,1,1,eBid.net.xml
+61b46e4fd28004ddfae160ab1527475fa290ebeaf0f756673c86609a431bade5,1,0,eastsussex1space.co.uk.xml
+d365f54ba88e9ee4e13bcfc5e40fee7822bbe84a1b6efce59d4270a6b889f28b,1,0,ehsanakhgari.org.xml
+dfc9384b551dd838583376c78fee9d0f89b5b1c1f4d51166555a7deb12174cc9,1,0,ellislab.com.xml
+3793098713d9b3a938d3f649c355ba4c73571d8206b1fefaac8403766c7053e7,1,0,eriklundblad.com.xml
+fff0a81810a4742d4a22da1c61e87ff21b4ab86f0f104a6d20acdb3c792aa209,1,0,faiumoni.de.xml
+b99040b9b2c0eb7d89f6e06d25fdad08ccf4f807268983bc00e418aa9d8e62c6,1,1,garmin.xml
+c1011922497c8cc64be64ec9a76a83ae794c36dfbe34dab0ef94b0bc3966c2a3,0,1,graylady3jvrrxbe.onion.xml
+7c0db8c41c1dbc742d88dd7432e190afdce29bc241ea958e0e9bb56e318a0040,1,0,hackint.org.xml
+24078831679588ac29d6189a8ce41cd4fd173dabec012d899c84da6ccf896721,1,0,huuto.net.xml
+fbb6f639b5195a93959082581d01bed9f3a7f267a8a19c346d366fef030212bd,1,0,iapc.utwente.nl.xml
+8da5f2bb9c147020134f872bf90cd9012bc6ab274e6c01ccdf3e529412599144,1,1,iway.ch.xml
+ee71a6176b5f92a9c5be034da928fc78ac61ae1948a2b7ebf0b0e65e170e4b63,1,0,lesershop24.de.xml
+f61044e54b7503f5fde78e5d6ca78ff31d5dc8d19a2f78a7fb27ac05d3e6edbb,1,0,letvcdn.xml
+2f66c9ecc06f5e9d323069143ec7b47c7138a47aaf2139866394b3dcca7c6e23,1,0,linuxpenguins.xyz.xml
+4cbc4ab621120f80ed37c2a18c50e6ec3696f80a11f345a8851de3bca3a7ec42,1,0,lukasa.co.uk.xml
+85a9f72b93eb5f52db8da9a4d375b4634d5ad80905a3e95ff143bedfd3b64123,0,1,luosimao.com.xml
+a707f9c2c70c9f5a5bf277f252d22c4253a5dba6988ceace7fd0400fd8f6812e,0,1,m3connect.xml
+c82d167ba8e98b856ae24b467a8695b544fe2d2110ed269675c6b9b5e8a18de5,1,0,myaffiliateprogram.com.xml
+ac2d93e3a82d7cdc5a6643eec162bc3f28d13e242e6038bb03d266cf5bcef17b,0,1,netzclub.xml
+fb92df7c56875eeaba042d251910aa25c63f4b5be19a988ad757d2c1cadd728d,1,0,norsk-tipping.no.xml
+2cf8f8dfbda7e8586efd5437951997d4d46e1f201396e49c7cd40371b19beca7,0,1,nytimes3xbfgragh.onion.xml
+6bd14bb9b62f275c92067c94a821910a1aee22e45e0ce229a5eafb03de195d7d,0,1,nyttips4bmquxfzw.onion.xml
+318ce4a2b8037d291b8eb484d043f90ea831af92859c92c6e2190dafe56c4cda,0,1,osf22p3lmweopgho.onion.xml
+d008a6ff2c3b16c6fbe4d134d1c1aa6b7f333d343d9e3fab3f88f9cd69599cca,1,0,plarium.com.xml
+287e64d55238846fb01707c87d7d0b7620816da9059a63b0eae64cf45e7a0428,1,0,plasso.co.xml
+dd309ed575e2ecbc07475735c3c4f7809acaf572582657ac7537aa116ca38a91,1,0,polyvore.com.xml
+bfc3c3c917777780e10a197d260a120acc3614a32577402968a480fd5b42c106,1,0,privacyintyqcroe.onion.xml
+f55d12ba30d05c9ba088ec96236232acaf987158f1803c65ca82028f8a71de64,0,1,profesia.sk.xml
+f94e3d01b52fe014422bb4d816910528c58234c96b39ebb582a92515c29e16b0,0,1,propub3r6espa33w.onion.xml
+19ff2b0b8ddf39a805465bf40819f9da9068dbae2932e8bd54a4c5a7a7a5a622,1,0,provisu.ch.xml
+f632d8275a444842292dccb0f595343a6ccfe660b36b20735a54fc6c18ce956a,1,0,puhtml.com.xml
+44142aac4ef5dd6b468e630fc477057ccdd3d8d4a5ff029c9ed0bdf85255c47e,1,0,rarbg.xml
+cb8b94399027893807adc9cefd84a64463afce56865fbe8a7cc757ceff822488,1,0,rns.online.xml
+eae3fbc7bf04ad2098b7d4f58372692b54f160c5903a53404535707844706b02,0,1,ruag.xml
+e071d5e6d188b0477ac02337403602d68e6b548c5f0173c6a1687748169e1cca,1,0,ruptureit.com.xml
+48ab8cda95a96123caac4761f3330eae482905dcf00bf964117fccc6f76a9389,1,0,saintcon.org.xml
+c2b375a2419b0bc0c1270e171d832ba53db5212308bc7680b5ee074f1a6b9515,1,0,sharetobuy.com.xml
+444c21385a86d34daa2b74872456cfa5914e7a7f3833bd5ce212611f068c117e,1,0,so36.net.xml
+ae5b536db2ffdf2df62111cb8494384f296eb2f9fb7421e78d623775cf61e64c,1,0,strongSwan.xml
+7a9da5e66bb52c47cedf57033ebd9aecfe74c3b97a8ef687113ff2be4ef8ff49,1,0,sustrans.org.uk.xml
+057b142ca3d2f84f2620bd70122ca28024124fef589ee328145f265a2064ec18,1,1,sysprovide.xml
+8598fa811ec5aad9d12066a3bbd72cc50d31a31ab552fc81406e4f5a980e6afd,0,1,tanx.com.xml
+d0d7cd27a1fad7c507c011633c1ded2d76779f270a18be9a1a600f34bc19f8ac,0,1,tomritterbassljd.onion.xml
+add909870db94aa5bd754824fd291da12cf5a35ef2dc039887e8fbfcf9559504,1,0,trafficjunky.com.xml
+6babe63d9649dc80201a730918427d18fc983abf0ae6aa64ebc751040d874711,1,0,trakt.xml
+6a22ef0685a22c0d02467d71bf60150171f2d9b2ea164bdc7cce9677255d836e,0,1,usatodayw7vu5egc.onion.xml
+dca681ef703ae025e986f1bef45575452df62543baa7a0bde381d6bf9a8ae56b,1,1,v.gd.xml
+b9b0396960be487e61ab263e7341e1fde512be9ce069f219bdfde8c363b7ab60,1,0,vauva.fi.xml
+22a722ad1e155e3bee71bdb1b9a3ae90235e9687c48bd387489dfb3ecb58bc8f,0,1,visitsealife.com.xml
+51cc6deb02fb6a815619bf535d299f9e24f81ab1451428ee479203126090fc4b,1,0,vogogo.com.xml
+7ed531500221bdf06b719c9fc59447357de77faeb9082ee7fac65da7df701332,0,1,wpa_supplicant.xml
+5cdcff57455137ed99e5dbee098da64da25450e307aec99e1edb70ae75f43c24,1,0,yottos.com.xml
diff --git a/utils/ruleset-whitelist-cleanup.sh b/utils/ruleset-whitelist-cleanup.sh
deleted file mode 100755
index 6804d9622765..000000000000
--- a/utils/ruleset-whitelist-cleanup.sh
+++ /dev/null
@@ -1,42 +0,0 @@
-#!/bin/bash
-# Remove from ruleset whitelist the filenames of files that
-# no longer exist or have no matching hash sums.
-
-# Change directory to git root; taken from ../test/test.sh
-if [ -n "$GIT_DIR" ]
-then
-    # $GIT_DIR is set, so we're running as a hook.
-    cd $GIT_DIR
-else
-    # Git command exists? Cool, let's CD to the right place.
-    git rev-parse && cd "$(git rev-parse --show-toplevel)"
-fi
-
-# Run from ruleset folder to simplify sha256sum output
-cd src/chrome/content/rules
-WLIST=../../../../utils/ruleset-whitelist.csv
-DELIM=","
-
-(read; while IFS=$DELIM read listed_hash coverage_flag fetch_flag file; do
-  display_hash=$(echo $listed_hash | cut -c-7)
-  # Remove those that no longer exist
-  if [ ! -f $file ]; then
-    sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
-    echo >&2 "Removed $file ($display_hash): file no longer exists"
-  elif [ "$coverage_flag" == "0" -a "$fetch_flag" == "0" ]; then
-    sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
-    echo >&2 "Removed $file ($display_hash): obsolete, all flags set to false"
-  else
-    actual_hash=$(sha256sum $file | cut -c-64)
-    # Remove those whose hashes do not match
-    if [ "$listed_hash" != "$actual_hash" ]; then
-      sed -i "/$listed_hash$DELIM$coverage_flag$DELIM$fetch_flag$DELIM$file/d" $WLIST
-      echo >&2 "Removed $file ($display_hash): listed hash does not match actual hash"
-    fi
-  fi
-done) < "$WLIST"
-
-# Sorting by the 4th column (ruleset name)
-TMPFILE=`mktemp`
-(head -n1 "$WLIST" && tail -n +2 "$WLIST" | sort -t"," -b -u -k4) > "$TMPFILE"
-mv "$TMPFILE" "$WLIST"
diff --git a/utils/ruleset-whitelist.csv b/utils/ruleset-whitelist.csv
deleted file mode 100644
index 6ed1f1bbc184..000000000000
--- a/utils/ruleset-whitelist.csv
+++ /dev/null
@@ -1,3781 +0,0 @@
-hash,auto-pass coverage test,auto-pass fetch test,filename
-fbb2d56d33f886b53c314eac3446eed8bad7916660ad0709367936fe8335d987,0,1,112_Cafe.com.xml
-43a7a917b89600c8dd3495359879ad1dfe468d9a478e63d5bbc6430a31cc41c2,1,1,123-reg.xml
-5b650e2b6084539440a1b66b5b45f5825a2d61db7812c7521e1a1e0860c4b6a3,1,1,16163.com.xml
-880345f59a163743e49c06d4c3b66d508b7d59e75b060052218368c23d604593,1,1,168qiquan.com.xml
-b5c96ae391a5b0971fb2438e3afd37ec7ce439e7dbb271276cf7bbeb0eb61450,1,1,16personalities.com.xml
-b6bdbab95a01ef36c81f06cc64afc02bdaeb2e3eda1a7bb5d08e75723b18d58c,1,1,1c-bitrix.ru.xml
-41003b900cf58a494e7fd80ce52ad63458c5d7b1ca7ef00ca013345bc3897dfb,0,1,1nsk.ru-problematic.xml
-4d7ea51ecce8ef52d7f14fe3d2196e7647c347ae491a8c51ff84555426f4c05b,0,1,1phads.com.xml
-55b1ea082e1da07a13ef7bca833f779a23335658d345294a35e4944b90c5c136,0,1,1TW.org.xml
-d5e0185eea0bec011afe6fbe1b9db732939209a70d73a6bbe38e6b12311282cc,0,1,24-7_Customer.xml
-4209813635498e7b1f9c944d648173507b41e0e3260e16b3fdb6f3f945ffc28a,1,1,24-7-Media.xml
-a17a8a5bd129ea9a79f7c6d799d48fdd65cd41a3d68f588851130e5dab380c89,1,1,2GIS.ru.xml
-feb478f3b2f281637dc660c70688a7002af3e4c8643f49bc2a45dc451a2fe450,1,0,2K.com.xml
-499b05dc40b7451e3ad52d6bb7e8c33a0359e35747772e71cbd40d0762495a1c,1,1,32Red_Online_Casino.xml
-a7d9ec08bb6294184d95da57900409f22eaf2ef1a49b66ea4c9e33cb77829167,1,1,33Across.xml
-7fe27a3812a67c0645171e96582c54e60bf00bc1462eca19b78ae0fe04c70869,1,1,360Cities.xml
-c14bb3f3b4743737ccb198bbbdc8d6e616222da753c44a83ff446a48c4e4e17f,1,1,365_Tickets_Global.com.xml
-2754710db32540a9e4fc610476d2da4ced0e742af02f5db582aacc553436a822,0,1,37Signals.xml
-3cd9cc0b3921f83d5bea3d5e948e0b95223f24dde3afa2bea2c346aba084eeb7,1,1,3dglassesfree.com.xml
-0b112de7f3114b9432277ced9283996b39d7d7a9f5f3471fb98545630f674d8f,1,1,3M.com.xml
-db0bf27bf0163ea780c63c9aae7d1ae5ffd171dd58565648e3b900ac45c4eb6c,1,1,4D.com.xml
-428d486aae24b16281337cccebc6ac6856907362020df20b0179d353b45aee06,1,1,4gamer.net.xml
-32dd0dc5f7e614da1c25863d4d536e64fb98295be76e0cbb5e7986c2dcd29be4,1,0,500px.org.xml
-d73d05ee2e9267666c0ce2efb63b7ea6fb381bef08a0df118e6c1fa5a028d70b,1,1,80s_Purple.com.xml
-ad597f5f278809ecc2bec2dbac2d47ff4937418c90dbb564836cfdb742e7f6bb,1,1,888173.net-falsemixed.xml
-8223ab030d3a507686a55a6d13875fea38888ee6e1aefcb086e0ff99d83116f4,1,1,888173.net.xml
-53ad3f31c9603c3fa9ef4e1737d60c314a2033b5646398e64986f1952d11bb2a,1,1,972mag.com.xml
-d96c5f2244dd8cb35a2293e1420cbe315444a06c0090673f142863f70c2dd55c,1,0,A_1000_Words.com.xml
-7a25ea9f7d589947b91e6c4d54f91fadb6727107093a0154936119eac027ff8b,1,1,A1WebStats.com.xml
-cd8fd181965e5c622afa28c8b6e4ea0a6717ffdff1ab9c55303500f718ccaaae,0,1,A4uexpo.com.xml
-a77b292e0258a8a9a81a8e05fa342741e226a1e024978fe7c6677c7c65150ae3,0,1,AAMC.org.xml
-dd5cc03269cd87827e03b1f87e7af9786948b5373e1e54583e88eef812c9124d,1,1,AA.net.uk.xml
-120510f02eff7ac4388836b4d9547be6e427664b1a2ff124a2d51a3ce225cd73,1,1,Aart_de_Vos.xml
-5951c130bb380082d7bd13a37a99cd0866398fa7bde7d493c63d5dc26dc9f672,1,1,ABC-Online.xml
-f97657791892c8df7bdc53f8d0207d699859a190444fbf975e98861d4cf53650,0,1,ABIS-studien.se.xml
-a3db3682f950ebb592501ae3cc665a1d6b7bede688f6684dc21f08c1f027cfce,0,1,AboutUs-problematic.xml
-178491e2c3fb87be402571e4a6fe685bf054df360389e0f814c48a5f5876414c,0,1,AboutUs.xml
-050cf213164daa2f546888921c9e5c84de00e6cf11075ca0f62033fae0d4b2f2,0,1,Academia-Press.xml
-dfde2866b7ef90b4edd3ff9e03fa9f1d4ba62b14864a901eecb7e8246de39024,1,1,Academy-of-Model-Aeronautics.xml
-8928d54036d7d987c6da6672c12b7a70f74e1304619327e79dd89f1dbccac853,0,1,Accenture.com.xml
-2de3c612cfdf2f4511d5f3d7389f2f87f1ae77f3c0f6ef93a730f858e1020e36,1,1,Accessorize.xml
-81b89878fc3685f7c80dee0152833803561c01b52df32fb3dd7b6dbdd5a9b8a7,1,1,Accordance_Bible.com.xml
-c124a9be102885f879380ad4d50f97c436d7fc47b0e26ad4e75011eb4655ee18,1,1,Account_Online.com.xml
-7861558b369255be4c424cbcf9755adcbf53898951530280e1f853e56380bbd0,1,1,Accountservergroup.com.xml
-299017a21aa2f2d62f8a3e289cb80398b46a3a649ccdad3b34b2c0660e68c3ac,1,1,Ace_Hotel.com.xml
-ed98e82af585f9f326da1304604f69a878becd5307c6a43d812dedfda202ed89,1,1,Acenet.xml
-e016613d3ffb8370988f2a6130e187e527f650f7ecb9c072c2dceba118415d87,1,1,Acessoseguro.net.xml
-b46e53a6f571bb484c20bd6d6506fdd6616e344cbd8c4ee987994878ba6f28b7,0,1,ACLU-of-Louisiana.xml
-011cf245e9f062e7f525989ef2f74fcfa800ca80843a6f752de5237ad2205399,0,1,ACLU-of-Texas.xml
-5306a00bbba97f3edf93cd3bfe9f2231ba896ddf81fda180d35b3d7d44ebcd89,1,1,Acro-Media.xml
-afac00a30771d97a500c173ab56c5b4173bbfe270b792979faddc7f21a41a1b2,1,1,Acronis.com.xml
-034160de8a9bec353b9d019c9a483d5a75c6af5fdb98485df3d67ee8613987d0,1,1,ActBlue.xml
-15a0856f0603c5730add28e9a2e6a36acc432c7704a7bb007517f496cd35fc65,1,1,ActionKit.com.xml
-36f4696ba37079dc47a8aa131a923aa8f4f1647f88320ac16424d61753747390,1,1,Active.com.xml
-8f563f104d1f8ca36dbd4f162e6749d61cddb8a0cc3ed0cced20a0198a5df7a1,1,1,Active-Events.xml
-8f3e75367b17bc3d389eacda994ed6cd57fd7334cb2c82a30d58d44c2051710e,1,0,Active_Melody.xml
-41ceace9d8d7e0b5415d705b5aed152a387bbb2e3e2f121a6e4c98a7a8a0af3d,1,1,Active_Network.com.xml
-881098f72636035033bd336f49a78c043be02647edb3ab3f0b036c4ef5bab188,1,1,ActiveState-Software.xml
-fc7c90d849f4bb81243211a9562b2c2b9a56cd5bbbdfe376a1c891c0c3fce0e2,1,1,Activision_Blizzard.com.xml
-4c2db37d2cbc8d5ae0b47f210c0a2e8f7e6feb0a8f8d6e9c6a7a818c190fe201,1,1,Act-On-Software.xml
-07f5d75d4bb24e06bad963d545c2685ba90ed6b75bbb747d15734146fbc71666,1,1,Ad4Game.xml
-fb0ca273f18259e6a3a5fa830d5935ac5031be61d471a2cc0c6aeecdaea13698,1,1,Adallom.com.xml
-c781e81a341599aecb674a36f114512b59f5f7930fc309097a456c71e28db902,1,1,Adaptavist.com.xml
-79ecbb418c39e3d0dd20ddb11402b52c352a8a4285754d2decdabe3d9239e8fe,1,1,Adbooth.net.xml
-95314fb83ab85e7efb844d3c5b8fe1b85e30b6d827ee6c58845c8eb6b0e55632,0,1,Adbusters.org.xml
-58bab8c45b010c8e4f1b26a3752150319cc93fba598aeb28997ea551164b68e5,1,1,AdButler.xml
-6c704e7633a84752e7d46297f9077c027c9507dfc3ccdbcdd65612c44fdbfcaf,1,1,Addison.com.hk.xml
-7e07fe570f87f45fad1782566e2b13d2990371f8e62d275445705160b998007a,1,1,Addison_Lee.xml
-3cc9ae403b734dc71977ed8ac1f0dd5834918e23868ea196f713283e1c35d9af,1,1,Adelaide.edu.au.xml
-f2cc426fffedd8471262e93aefab650e78e99dc891e47331d45cfbddc8c8c083,0,1,Adestra.xml
-f955c3a0b2957325ada0ce3a857f05c47269d1442a47301c438310a88f3d1e88,0,1,AdExtent.com-problematic.xml
-1564ad6d65baf7742b82aa1d37e57713779da9121d29e4e0db25d66de821b1a6,1,1,AdExtent.com.xml
-8cbbef2c983926ade2910afe291b3718ace41f5d2346612ae1a4f10450719a26,1,1,Adigital.xml
-e87c8a23db52372be00ffa86181ccc6e32cea7ff5f646f884a452187c543f2d3,0,1,AdJuggler-problematic.xml
-5dffa6059f25b1934cbcb4b3c3cadfc7f0c45711cf7a3940141fe366c1dc632a,1,1,AdJuggler.xml
-ad273c17a4272904192c101b9e916e64e8240f604ddee81c1815fda8eaae6256,1,1,Ad-Juster.xml
-59cc2418711440f263b64cf22e74ec08e468f0ae6de3d416baa876f2c2428281,1,1,Adknowledge.xml
-4d1793c09e8a9352a5fa37c834283c51292621120a3f6971f1b612bd8bb7c0ff,0,1,Adkontekst.pl-problematic.xml
-2120b965fbf664a8c9867dc86450029429847392509c410e4518755167e6d9c4,1,1,Adkontekst.pl.xml
-e4477c817d62fa801ebf864f6915ecf10d55aa4ab5fb04ef6ff56fff4b192f93,0,1,Admized.xml
-ce56c65406df4436852f26458e9264c88c627758762ab195945b3e30a19353d4,1,1,Adobe_login.com.xml
-a94c387a1cc8dac116cea1b38e7c24228bf581b3b7ec896c95341ebbc6b0f342,0,1,Adobe-mismatches.xml
-f7c8ef4d7ab6be61e2e18cff902320d25555ece065e991ccf54837a8bbb9adb6,1,0,Adobe.xml
-8b22f1183bf7b4280462551fa192a49e564c169a57a12283426ffed37e2604a7,0,1,Adoyacademy.se.xml
-ef929d8b8e7c668eb8ffc79194639b6e3283d885ee97da5a311ef5f2a6652349,1,1,Adpay.com.xml
-9dd2d07280b679205432600769a989ace5a9feebe2ab2e5288b509719325be90,0,1,ADP_Screening_and_Selection_Services.xml
-0ce36ec76ead790e4c2ec1723a8d5edd8eddedb784497d2a319ff3217dc3bc62,0,1,AdRoll-problematic.xml
-f2b49748607885b9a719b3302763cb5aff743d59bb9d3fe289b5d39ce6c14e1c,0,1,Adseekmedia.xml
-9bcf20ddf58d4853d75b536e82a5b188eb9322a78c2660adc45cf9ed94abfe48,1,1,Adserver01.de.xml
-5514a8bcdc709b386c8ec7b573fb3c03c4f1cd29aa7756877dfc38af086c56df,0,1,Adspdbl.com.xml
-1c0cd7ed2fce20b30da6a7427338c07b544ed8d36f933b7121af72a4537eb154,1,1,Adsrvmedia.com.xml
-87c72f674f27d72d20c7af4c375a804142a48bb10f6089082c199c8c08806cca,1,1,Adtarget.me.xml
-6ae8fc3fcef08cb519f00f685963170d30fade668e47adf81d90df8d23f16caf,1,1,Adtraxx.de.xml
-de7a8a93300f46f919aafc9b2f6962e873e652999304b3e024dc3ffd42abab40,1,1,Adult-Ad-World.xml
-f914b14018606153a7c24280dff27d29e752c1d4219f548fda58fb25becd3a77,1,0,Adult_Webmaster_Empire.xml
-b200dd0d56b09c13b00e907634b3a640946dffc1c2bf8af3e5319ce3f9d88f1b,0,1,Advel.xml
-00bc0f8d49ed0c18f7f093f5a131fd8a2c0272abc61fadf67390f165850902e3,1,1,Adverticum.xml
-2fcd7b4005d206ba767f53c6574cecf4a80560d5dd55e893be60ba745ffcb781,1,1,Advertise.com.xml
-fb596a2c33f507ea76068607562780dcb1a89b86659a3dfe32db305a97ada71e,1,0,Advertising.com.xml
-7cb2786a2b879652734cbb50bbd97b194bdb20a9ee61e7bcad4f2c8f4e0e081f,1,1,AdvertServe.com.xml
-647f17a6552fca35d3f6adcaba796255783f8359bb04e2df772dda1d3bb9e9b7,1,1,Adverts.ie.xml
-21a29c7ad37f2a6859026e8a95f6ddaa54a0880f194d0921801ab9c68aa89da7,1,1,Advert_Stream.xml
-d739ae917fa93939b84610ee6f929652200a550db28565e5ab38e60f7e82163a,0,1,Advisor_Mailout.com.xml
-aeb3aaa75d0f75ddc959ff6d7fa7cdde1a427225fbba8c75f61ddf4b9d020589,1,1,Advocates_for_Youth.xml
-69c1959f487518867ceec94512b46a8f04bb6e284ca29b3fc8a81930bb9eda54,1,1,Advolution.de.xml
-1b02687ac0376030b5cb96f3d9388028a25e67ecab6b507eb80dd327037c6ad1,1,1,Ady_Advantage.com.xml
-914f8b6f0f6a3ecf7b147d7bd91b2919acd02b3d4b43d06f5058983fe692c1a1,0,1,Aea.se.xml
-3435dd3cef40d48473de29a21a80db92f5eefc9339a402eaeca131bf6a888a05,0,1,Aereo.com-problematic.xml
-2bba736076144c6e074447935696b487b2457699ad13c4c0da5036f27408e7a5,1,1,Aeriagames.xml
-276a2773697e1f02e05064c9caafa4958b2dbab8110457e719a14e3d15db499b,0,1,AEUP.eu.xml
-94cd248d16402173c247f14ae927f72c16737f5d59fdbe8e789a543bc9c92dac,1,0,AeXp-static.com.xml
-bde27e017263a64c388195a0091c24f9dffb1c23ce90deb3c63919c75bb5598f,0,1,AFCEA.xml
-4923e5cd7cf41510d3f973470e90f1efb7093453eaea5107392c141781773775,1,1,Affili.net.xml
-d7080434a9f73a06d758696e4ec5e7b3c60968c0c1a4271e70e32cdf4ac1a170,0,1,Afford.com.xml
-a3ba3f02f73ba24665efe468450c2a35de28396ed37b92c0a9528b63d2ed598b,1,1,African-Network-Information-Center.xml
-1a9ad13bfc81df909453c311adf38dd10aaba3caf4c21caacee8d4489ad8f554,1,1,Aftenposten.no-falsemixed.xml
-7e80b6e07f7f5710aebd5148cee70e1784758bf514135d89dc53ba0d6bcc7d7d,1,1,Aftenposten.xml
-9e7924cf6848f1b4a327944ec8f0847966a5b55a63cc6a3c728ae83b72519f3c,1,1,Agari.xml
-31d96df38792a74447a5cfa73761b450e0f56d1f9885dbdd94d11179075bda79,1,1,Agri_Supply.com.xml
-9fcb7423caa4b2db65448eea1b798f7a4fa939e5f50cf55d934f37a8a5ea67e7,1,1,AGU.org.xml
-c12201b83fae7f617d9ae225a59d6b5b6e35b93166c23bce4eaba3b876cde201,1,0,ahcdn.com.xml
-bcbb52268a9bd3b28943b7e1cfe41e7cf506bb0b2a278e52f14074a8ab050da3,1,1,Ahm.com.au.xml
-522e025d2985538ada978fc3207c1ab5e1b2babd2672c5bf7826e242d2a21bae,0,1,Ahnlab.com.xml
-aee8c092d43b19e5d72ec8c69b30072bb2412d73215775a488833c922a9aaaf4,1,1,AIA-Surety.xml
-3795b077a9e02ed07bc05bac637c61549dcd7d90a84a1248bb52fc82a31e5f94,1,1,Airtricity.xml
-034ff7106c791ad8f0fa08fb6d9a415dd04f5fc3a4836accba2e91dc899e54b9,1,1,AkademikerForsakring.se.xml
-a545c25b0283cf517189ce36a6dddce5df2929e18e6ecec11e7d392ded07c12f,1,1,AkademiskaHus.se.xml
-7cc75135ed0cd3b81ef62e24de4ca2da433caeb54b12aca1bd0d4efdc01f31db,1,0,Akamai.xml
-5e1cdb7d9af34842a8c2b7c7f414caa8b84bafe4072bb7d883f7084dd5edcdfb,0,1,Akban.org.xml
-a51944a1bddd9a16f65544770d110e4f3d8db4a39a341d9bdd907a38a5b4d98d,1,1,Aktion-Deutschland-Hilft.de.xml
-4be7e0c8c19b3bc7ce6a228c7f867f4ca8fa474671c4c1a2fa1186e31f0fed06,1,1,AlaskaAirlines.xml
-187e9c128e4b4237887a14de2f1efeb6fdf647e2549b0abb4f2fc09112879a59,1,1,Alcatel-Lucent.com.xml
-1a75f296456093e211748b9d5dc4f8c2460d36d5ea29f0a72872e00ccaa93a94,1,1,Aleavia.xml
-66d40fad37903ccbf81d50fff39b8ecdfae22977877eca18b263ab645462c167,1,1,Alert_Investor_Relations.xml
-2ae6012e55c69725a70ed2c58eefd1c3e572c28fa546dc0dbba2a254d11b6b39,1,1,AlienVault.xml
-db6ae9c06d4334affab2b17ebff06089701359316e8a01796179cecf56e6af3f,1,1,Alivenotdead.com.xml
-1e1a3eee124780dc325850e37cbe518f2ddb7fe35d245f00ef4e11a4abdaa67e,1,1,allAfrica.xml
-6827360f5b76bf1f5c3c862ef052db2452817f026dce69f608d34aded6973ead,0,1,Allegro.xml
-44203d13b19cfdc0327538af844761f8b751d0dd7ccd532df64d5d141ca80db5,0,1,AllianceBernstein.xml
-1e3849dd66ad705c0195117340c17670db0ee819b655850db2ee1d2a7413c0df,0,1,Allianz_fur_Cyber-Sicherheit.xml
-7d754b99dccf2efa202155cbb5d05539eb1de2d13044cf981078eb2f2552d22b,1,1,Allied_Media.org.xml
-65a56ac78693bcdfaaffda41497a02352ed985a9412a8b8f42749aaee081437e,1,1,AlliedMods.xml
-9598c551f4c6adaf8d6ee9c936d2b9c3a07150f6de188ab4bf8da07f9535885a,1,1,AllPlayers.com.xml
-8301f6814674c19485621cb8cdf4f730b6faff112273ebacc1010a1416925279,1,1,AllSeen_Alliance.org.xml
-b125f385993611b00d091c986d7a2502bf486be872598a07e3cdbbe0011826f6,1,1,Alluremedia.xml
-e863f62a6952371b6db38f5add68bc14fe01af002dda37351e1f744c736c138a,0,1,Ally_Financial-problematic.xml
-749daffb5e9c484c524bc2f266612f1bf001e50757fe34b5e03cb326beffeb6d,1,1,All_You_Can_Arcade.com.xml
-03e6e531ec407c355e7658710b5046c418c7268a34be793d6b8ff8866854c059,0,1,Alonetone.xml
-f8154916d6f3d0255e6589d3f054caa5644cf7a8a744c2aae37522463d78d7f0,0,1,ALSOActebis.xml
-f4b1975dc6c0cc76d40a13198af3f6e0c55ade83c2fc0c0fd4ade1c28301c070,1,1,Alta_Ski_Area.xml
-8662563b129fadb5f1c138f5ae357fb4b079659dd729055146780cc37e90feb1,1,1,Altera.com.xml
-5d30fe7992767abd2f1648d0508b16d78a0333eda4a987917db02ef25941175e,1,1,Alticore.xml
-b2b22a603da5fae9c69dba087e64ff715099d1dadc267f06b18d255b6d9c8239,1,1,Altimate_Wellness.xml
-09bea1ea178d71a5ca9e1dbf010d5dcfb52d1040ec035b13b9b3f0224a184766,1,1,AlumFX.com.xml
-83aae8644fbd60dda604ede8c58cd14dc739f87281bba346cead0c5989ab41df,1,1,Alzforum.org.xml
-158c3c93a52e4012afdb9db300a0eb3e2384d666292d478c3f4b8c86077b7474,1,1,Alzheimers_Association.xml
-43da61ca7c1315ad777e6b31da04f79abac68f4305e43112ff45371ce9f06e0e,1,1,Alzheimers_Society.xml
-3c08535791b2507c36a6c02506e8554d4954840c5997dabb6d8d500178e7e41f,1,1,Amber_Swann_Publishing.xml
-745518e102d29ae0f1d16d2601f00f4c64cc0378f34dd891de07b93e8a1b7861,1,1,Amd.co.at.xml
-d5da30ddd6f57e9983db9004f94cef37e0bded49ed095e8b2243d28b85c2d8ca,1,1,American_Academy_of_Neurology.xml
-f58f2cd4524af0b47bee314b416ba5ef4be1213d7db98f2a18fdac91492c6e48,1,1,American_Ancestors.org.xml
-92e9a46b0c218161a6977d43f3ad0e2c2e175caa825d293044f5a8f2b00cb13d,1,1,American_Bar_Association.xml
-0f244153eac85509cc365215b685d204050df6b0d7eab16f9386710dd55efef4,1,1,American_Center_for_Law_and_Justice.xml
-fe4db784ead854b87428ee3ce40e1e5480d89a82139fe2c07521db1b7d3cba79,1,1,American_College_of_Radiology.xml
-79271c5ed9f153da84ab9914b1e98622bc8d3b51c30fba7bf0f7047863831247,1,1,American_Heart.org.xml
-65f0082277fdcc1873158996ca405d0fb8f7db9a4633b2142ae014a826066f9f,0,1,American-Postal-Workers-Union.xml
-73d4b8032eb96f7564c8d0d2979c1adafdf8f192afd01903b104215da432659d,1,1,American_Scientist.org.xml
-82ccc6b9ab73fe9cf556c1513e259d71ff4f15d659a54d013a4dfc33541b9443,1,1,American-University.xml
-fdb40ffd6a457474b8b7ce3e12667c6fde61187460b7ad9e4cc2f1dc04b89205,1,1,AMetSoc.org.xml
-f2c64f5833815703ac02cbd11efd4c4e48132a3c81a6196692fb4734580c20b8,1,1,Amiando.xml
-a4e558ea2da104b30ed669a14016d712364b596f25b49a9cefc3a339622acd46,0,1,AMMEC.de.xml
-a813cbbf5d96b456a1031c12cdf202a72c2bef44fd2200c9d48ead1035a95166,0,1,Analyst_One.com.xml
-dd70debfd991bb22af84defbd2e2e138ffcb6833abc14c2306ca8a74884adc69,1,1,Analytics.edgesuite.net.xml
-6898ae63a1da2d450af8dc14782bd5ffb6df891e574c584666d5ec951a78d8fb,1,1,ANB.xml
-b5ae6c5519ee1727036dbfbaed594fec60654b0e534350c2799ddde2b1259472,0,1,Anders.com.xml
-8047472a9ae9e601ced04246658471d4c4ea46765bdc88d7b6419dad8a95a5f5,1,1,Andyet.com.xml
-b4f10f135c5050b4309695c53b017646cbe49e4f5c938410144017196d1854d7,1,1,Anglomedia.net.xml
-0d5ae660c24c66e5c6521950658bbf3130fd5b3803ef7caf0523b80519580e58,1,1,Animoto.com.xml
-f227d404b5d2d8cf54d3aa5d8feb8fb94ab752756d7b212577b481c328bd5c13,1,1,AnnualCreditReport.com.xml
-a8c38a66afe09dd783fa23ab1e55d0c8aa19c238c1b11b4e35c1cddc20c004bb,0,1,Anonymizer.xml
-af2eac7a517c666c869e80a72d8e077915069bce3435d7d465b60393ed94b4f1,0,1,Antifa.cz.xml
-3745f49e1046863710aa1dcce54d018fe0feebb722a7189433d834809bafc357,1,1,Anti-Phishing_Working_Group.xml
-0d9ea3f9cf9367f2501d165fa0ac48204766ca4b077c9245ae8505a692ca9edb,1,1,Anyoption.com.xml
-1784b67966984894748fefbe7c4d192375a1c1c9214d78a2c9775fd4c87e175e,1,1,AOE.com.xml
-e0a596183d10f82f7039179e8031bf5d27f2afb43efc173da4c38862d7827142,0,1,AOptix.xml
-9ecf7aa1efa116f959087f7a7275c56931e8acdc3814fab130ac37f07abb8eda,0,1,Apache.org-falsemixed.xml
-9548b2b602791d6574d139cf2800ec0e9dafd354ac22fd3eaea748b5f54e1367,1,1,Apica.xml
-66690f71429d584138c832138be145db4f7e649c75bdd889e8f3b3f2f8b001f5,1,1,APO_Box.com.xml
-bf7a2d984c3cd611d185e59b161467d6180116c0f6916f0fb77ed210d61727bb,0,1,Apoteket.se.xml
-5b6fc98b82c39a6ba90614ea5f1e6985107d652372a395e1d4c8adfa90fdcd61,0,1,Applebees.xml
-85678d55a2afe70de801b24433be6a6e8cd0d7c9424181d8dad79d7937002552,1,0,Apple.com.xml
-f6df9862c3d4f316ad29a953c74defc81d73ddcedeb0d88f48ced3d45e7910b6,0,1,Applicom.xml
-1aed229f3420f2d8648fbf65e98fdab75787f2aca9881617052ddb7d94be0daf,1,1,Apply2Jobs.com.xml
-a6301c97b9096aaae77b0214687fef9787a2ed42d3621ae712fe0b56e4b4731c,0,1,Appsec_USA.xml
-bd5750aded57c6b7644711c3c960363e1bd87f028409ab8109947027d2db5f01,0,1,Appsites.com.xml
-187ce6d87d040f1cf02412e81bf7864a3981614318d9b91a8b59c39828772b37,0,1,AppThemes.com.xml
-c521eba4154a31093201ab0b32b32af18b956ff2f097e06d442a3ada9e9d18b5,1,0,AppVault.xml
-28bfd668cc09cd960709f272dad339505739f1cb716cf74bad8b26311f88c89e,1,1,Aquent.xml
-6f75b1e1607f814f39d6543355470ba1cda9285e457297cae27de532bc58f5bb,1,1,Aquiss.xml
-54456b2cf74178980551f6b89ee851a934323dc87592f1c9b4c8a8818247094a,0,1,ArchBang.org.xml
-29dac30e3114f9baab337f6f95a87cba0e868345ade30884e244c23d1e09d1d8,0,1,Architects_Journal.xml
-56b6dcb7ba81fb258e78a7915c3d4e5496f1fc1b4154b24c8d4bd4199333aab7,0,1,Archomedia.xml
-10af3339eea574e0d47b453bfbf797e2de7df61645c6cb254835e1bfc222a830,1,1,ArcorCentralLogin.xml
-2f773ad61103b3b6d059cd1c40933c551262e643f94cbbda4f449541a064faa2,1,1,Ardour.xml
-b071f240dfc145e70278586d55743c6b8ba94f22ead67d2adc986cd82fe7217c,1,1,Argonne-National-Laboratory.xml
-f6c53cd3f54486a90435c53481b8e53539b71475f7d202dcd5dd8b8afb525502,1,1,Argus_Leader.xml
-d8e76464d628f155de649ab36ed52ab3cefcfc493c3873271a9cdf661b6f522a,1,1,Ariejan.net.xml
-b7da8eb71bac9196944afa62279d4f6c1143b87a1ba2090b301c1f760164bead,0,1,Arizona_State_University-problematic.xml
-007251111fd27a7b448f1cb45893cba99e144e7f9014020b1f41d0c65009df3c,1,1,ARM.xml
-cda60d257787e7061e709192d5cf0a94a4984b46985afa9f3b0cfd0dcef90cee,0,1,Armyoutlet.de.xml
-35b8bcb9a8c7ca87094f12b24aba2343a5087db4abc52cf267ca2303b36c2af8,0,1,ArmyTimes.com.xml
-7882aeef7076ea7fb22daabb09500f52d3b89a68d9694c5d1254c7052768e218,1,1,ARPNetworks.com.xml
-8a49cb29d21a368156693ed53b1980f3da2d23f43b5aca1311b92173d3a23810,0,1,Array.is.xml
-12a54fdd75f8a200b6da25d78514f8ed3e3a3bc516307e3729b9220792921514,1,1,ARRL.xml
-af7cc41fbc6105dbbea5b7df053b21431732e64dd0488534a17cd4dfaf828c0c,0,1,ArtChristina.xml
-d98c3afdac5c0cd8de2aed70c17412d3a9453a301feb5dc04e3134e9a77ffb80,1,1,Artfiles_New_Media.xml
-7a27bf5aa36474cdb4f6be7c8acba249c5f15b44c4343b8dbafa8733792b587f,1,1,Art_Lebedev.ru.xml
-cf0babaf0fd8b4dab4da7fda0059116383dcbc97eb50e35f2ef14e052ee5f563,1,1,Arvixe.xml
-4f49a773f2f5ee1e8e66f7c0a39fd01257351b3fde133581e5b173a706d91e70,1,0,ASADA.xml
-61153fb39b8695a25ba7fd3665f491a44c172ed00776bf9e43fc6362070f4f67,1,1,Asahi_Shimbun.xml
-8def583c3ce1bf10c4f99489dfe970aa4329389b26b9a891f5f1366e7acff96a,1,1,AsbestosSafetyandEradicationAgency.xml
-078b934a7613b1f341bdbebbccd3bbb21e15a9198401d089e6394d3199b18fd0,1,0,Asbury_Park_Press.xml
-e41f33c4e79d2c48b0f708bc57c40baa9580c4861870a7ba6af31817c9bb8073,1,0,Asheville_Citizen-Times.xml
-f9990d6c03425415964794d370821ab71b241c42ecb3ca3470f4f68a91c6b753,1,1,Ashford.com.xml
-390512a7764e5445fe7e41098f947203abe722f89620b0eef4a81dfec90c4df2,1,1,ASIC.xml
-9df71aa013165efa180c520096902f74771dc83d900cb04ed8c7cb5b82025b8b,0,1,Ask_a_Patient.xml
-703eac8c842595fc3835a886513cdf71f75049c3b2437236c9d5547c97e94eb6,0,1,Asknet.xml
-ee30c86b81fee828b7b66094087dad1ceada6a09b8846c76e1323017614a41ae,0,1,Asmc.de.xml
-b504c286855250f8f7bbfc14bfb070f4a3a23126c84ed024fc44e84e14ea9051,0,1,Asnetworks.com.xml
-71fd1b63870f6dc056cff4aa33f6e613f2b3e8bd71d0f02fc233fbb14a337ebb,1,1,Aspen.com.xml
-1d869ec0561b6315e5a76adb6647f320420368539419435c266a2d5fcea3e1e2,1,0,Aspsys.com.xml
-7d9e3268d85a9d31d02dbd90403db96712cb0aae9d780c1dcf3e0891b0c14368,1,1,Assayassured.co.uk.xml
-754839829cb4a5ac11b1b10e6249d63473ad763cfce3b7ff9a900bd327aae739,1,1,AsSeenOnTV.com.xml
-5ffdf237bda94882eff2928c40c5520b1fa6653616d25b8f589517985b14389d,0,1,Assembla-mismatches.xml
-961612d01bd36a91b308b7b0f8c4140d32c7fbd32380748985cb7e89229f2804,1,1,Assembla.xml
-38a37045524b715447b3a42a16bd590a7e93dfed0f77448268081ee8e86033ef,1,1,Assembly.com.xml
-00ae81f5653d38ac003dc5f553d9bb8403188e31c51e31a3cef5210ae665557e,0,1,Associated_Press.xml
-c18170b65925b17bcf0c15b4fca81314a208d8626eaba72efa4d2428a0d9b2c8,1,1,Association_for_Learning_Technology.xml
-b7ada52df16ccca038ecc463aa54e0fcce05fc798805cd2babfa0b36bba90325,1,1,Association_of_National_Advertisers.xml
-04a438f4f810655982b4a6c5bb974b0320ea5ea00a02574829cc81327d3d34be,1,1,Asterisk_Exchange.xml
-ad363158e17c58965ddb34609fb859789bc8f6a49ae9dd7380376f044578140f,1,1,ATandT.xml
-d5a8e7314df63bd5e8864a2956c21f792ebfa3ef6b969e398f98c8215383e3b4,1,1,AtariAge.xml
-47849a15006089e082e0568edac0d3b0be633e4dae443fba442ddf54167fa363,1,1,ATG_Web_Commerce.xml
-ac5a54b2ad0e2ef5b7e15c485b7b55e0c6f39db0c92f5786ca8a565e32e243b5,1,1,Atipso.com.xml
-9306e9e08bee07af69b076ebc4f8f3e79c73433fe43734800db41716959b8894,1,1,Atlantic.net.xml
-1c4a668517afeab5af2dcd413c022e0f5651f4daca8f320679cc10c184ddf053,0,1,ATNAME.xml
-222ff7fbdfb781f3ca1853286935bfacae935873462c81165500ecd9604fb476,1,1,Atos.net.xml
-25352655cbb4ae63a91a4708f6dc6a906edd51d4d8d64e8a84cce6543bea79e9,1,1,Atrativa.com.br.xml
-b55717bc37ee20155b475aa7b894c1f0d94913990f90d78845f67e7d7e36cb35,0,1,ATrpms.net.xml
-7daeec92cfabfe03ea028f3a505424a98e5d2839917e297d7ef0ebc87a03e713,1,1,Attorney-GeneralsDepartment.xml
-7e1bd356281faac59994835afd58be5ccda705aabdba47270324bc345f251d8c,1,1,Attracta.xml
-4fc77210623751086453fe0a5d228673843cf6c03d6428b69dddf5b04b37f032,1,0,Audemars_Piguet.com.xml
-9958965c85c1e2203fa9c29932aba3627a4c783c532451f5e361d6eaef334d4c,1,1,Audible.de.xml
-f1e1d94408e9b68398d42e729019d1813b0a87bd4ddde260b6bcab12e5044edc,0,1,Audience_Amplify.com.xml
-95bb51781fa963035cd1a58058b9bfdfc9abfbc3ffb4f8d7e21ac08f3339e504,1,1,Audience_IQ.com.xml
-9849ad86048fd4c9bd8d6d1a1a91dbd18cbeed5bc3d1d73f42adf83a7f8a7def,0,1,Aulani.jobs.xml
-5607a74fe2ce6bd81e188efc8ea2c9f583daac39126630f2f0c1e35e44d08ddc,1,1,Austiners.com.xml
-65a3071e5ca64b4736d413eb6806dc8a7eff765efca653a7ec9eb65921fa1c69,1,1,Austrade.xml
-925eaa0d92ce9fce1f81e14eeb54aee2bc86575f44eea0d8c70ea781c00e9ef4,1,0,AustralianAntarcticDataCentre.xml
-053e7e489750507e59cbea15242d86094b80574b3a013d4020221378d9c94c90,1,1,AustralianBusinessRegister.xml
-89a23a7485cbfa943ea3939c6ec5497517496cf152d696adfebf0b9e88805541,1,1,AustralianClinicalTrials.xml
-46d64c4f78b0907fb96a59f2628115f7107b51b3f1860ee6aceedd10496c19bb,1,1,AustralianCompetitionandConsumerCommission.xml
-3dbe8d16c684d21dd6867e85faee034ca7123625e6099a712179a3415376e128,1,1,AustralianEarlyDevelopmentCensus.xml
-43449f244f6fa424f35e3e6bbae8573b9c46852fbe4e9d8f92bfc8ea44472544,1,1,AustralianEnergyRegulator.xml
-eebcda134e8983488725adac8b59f709930fd6d11ffaff37f18e78a53563842f,1,1,AustralianExportAwards.xml
-0a346c96033bc31f2ed60841ea5793bc19a11e31006fa259afa525d54698078d,1,1,AustralianFinancialSecurityAuthority.xml
-afa22faab446a6430b4ed75de71992ac9e83b72a243f2e46dc508856263676b2,1,1,AustralianGovernmentBoards.xml
-a51140eac588626b028c6d02deca32813249732b41e8fcd988bb9c82704c0011,1,1,AustralianHealthPractitionerRegulationAgency.xml
-9409a519863814c25d04adc6626a55ee559f859d6edced395b2077d1887b14fe,1,1,AustralianHumanRightsCommission.xml
-43000e42607640f9e629c45eff53ffc5b0e728de3110e45af51fd373a72be334,1,1,AustralianLawReformCommission.xml
-6200fd74167c652c5ea687d4e6177170efef75b2edd95be9c074030c2fbd6505,1,1,AustralianMaritimeSafetyAuthority.xml
-64415238e7e59d6731e51410e4d037921547c013716055e0a050b96ca58613a8,1,1,AustralianPassportOffice.xml
-1bf51e3ef550abd0c59d8f80ac7df11966b9af47168872ea5276f1a28408f85b,1,1,AustralianPlantsBotanyandHorticulture.xml
-c983c0862bf5602903b54e280ca8d3f853ac9c9d122bf45fa75b217dc2bfe4e2,1,1,AustralianStrategicPolicyInstitute.xml
-9df077addcfaf82cd685b51c416149a5ad9fd31ff986ad295b3176ceabf1a518,1,1,AustralianTaxationOffice.xml
-c5469dcedc055dfcc9cd2d40d9cbf4336f39510423466b1de26720440b827d58,1,1,AustralianTransportSafetyBureau.xml
-621a2542fe34dd74b2a96f3e6affc0726d164fb0e635f725aa96af563cc933cd,1,0,AustralianWarMemorial.xml
-86a7e2b1df97e9a7acbf7c758f41ea5914d4d9875e5a3224b597dc44e78c11fe,1,1,Authorize.net.xml
-3a729d65dddc8acdfb4059db3ec763fbbe6f4fc96a245592c50b0fcc0f2381e2,0,1,AutoHits.vn.xml
-f83f035a1590a4decc7b11811aff0547a5218aeee50bab0369df90cd83600c50,1,1,Automatic_Data_Processing.xml
-5c3a3f5275c8e00d18aa36f50a1e4feaf8fe8e703eabc2bb2110c803b7004207,0,1,Automotive-Industries.xml
-e93b07e0b6cc742be0b8402e08c42fad688a33ab622fc34541ff95d78ab98c84,0,1,AutoTrack.nl.xml
-fbb41a88b92502a9b8358e141723ef2bf80c2cd23eccf75c0e3d3c171ba51f0b,1,1,AutoTrader.com.xml
-9e2802f1addb0417fc949133180f8381f05600cdbcd29e88976ee845f9297783,1,0,autotrader.co.uk.xml
-bd801f4c9d577c5240b3b01c316623c6aaf168ee3f095aa91d1142d9cd03f95c,1,1,Avangate.xml
-d3c2485ff5968b974797b67e9a030150abebc2dd5e9b903cf1a4bf61845ababe,1,1,Avaya.xml
-7d0245447b6610aa8ee28b70bb13938639693122b0bb4477e7fae3ca86b89568,1,1,Avectra.com.xml
-3e632fd55a29b917584ac35e60d0bdba0adc9d707aba3d7c541c79db1bd81da8,1,1,AVG.com.xml
-52032e7d504c975616a158e71767d5ac8b2cd7208541671797ba3a6660bda036,1,1,Avinc.com.xml
-7fe2c8189b922ca399161ab33c7b90dcacb2ec23e7afde2b28a11a99d372109b,1,1,Avisservices.com.xml
-08bbac27f594c550b305154cc02cc5988b7cc1c6976c6bd6ffddb0fac17bb590,0,1,Avtrade.xml
-9b72647c715ae4fef53f22ce772e79a5dc5853ab6e8dec175bbcdebd769e5c07,0,1,Avue_Digital_Services.xml
-3d2c4746ec441e4eb264c799f0d41e3be998f7790ebc7061d42630dcfb38a333,0,1,AWcloud.net.xml
-04f791d59d4a1acc70c12dda51df330c7683e7fbff5930d899988e95d70726d2,1,1,AWeber.xml
-74d92b32d3809a7a7971171faadf4515df67bb8a33af80353a53826a45326e82,1,1,Axantum.com.xml
-406d709a4fd37483cfbd763d8d6a17a98f3ecfede0fcee4a9a7405093b5dce6b,1,1,AXA_Winterthur.xml
-aa3e6486761566210c9bfa7fbe3d495a5d7273bfe0632ac3efe0a1793a585671,1,1,Axel-Springer.xml
-8643e039b2a27b284c2c44481b7d3514a6fe5010c03269bb5199016039ba5114,1,1,Axis_Bank.xml
-f5d5d7d166569596c72b9e5c8f2c14ae725f4524b504cc0119b1399132f3739c,1,1,BabyMed.com.xml
-040df94b7fa868e85acd8ad3dc51ddbea735e060408e7492e1623e0ab741337e,1,1,Backcountry.com.xml
-2b95fed0050444e42b004245f8d679487274de5d4bac642133fd71ad278df239,0,1,Badgeville.com-problematic.xml
-8e1542c2c82ba0618ce927ed228577d58fe7da017848f5273c059b40eab2ea04,0,1,Badgeville.com.xml
-35c9ec0e0c41b6699ae89b448b17ccd757f53a3fcc28c44258f2ac512f44a3b4,0,1,Bahn-BKK.xml
-afe0cb9f879460f9754e11ead8b76e9e36684548dc1f3ba9721da1806ba94ae3,1,0,BalaBit.com.xml
-193bdef49c71f93c783fcc8600a835156cfe321b00943b81cc1c9f4dc048c87d,0,1,Balkongshoppen.se.xml
-e4610edfe6ffc7101dc20fb7e4933c5752b8b07087096d7174350b85d0c5f15e,1,1,Ballou.xml
-ffe89a541e79d166ab51bb9585db0ccad767e29203521e306764c7f0b80cf5e2,1,1,Balsamiq.xml
-e863f16aeb1d8145d02347a1e3db12adf0b4b3ae5ce2caba184ebc82a5fc2633,1,1,Bangor_Daily_News.xml
-4d64f5fbdeb952a226359e530e592e1675a9b5447cf754cb586c11dfffd2611d,0,1,Bangor-University-self-signed.xml
-0108c4ebfef9ce55ce03afe117fd03c746e56bbbf72033477ce270abcf92029e,1,1,Bangor-University.xml
-c0572421747129369f8219d06a95b1e5ba601619dc79095bb4b459458f30850d,1,1,BankofScotland.de.xml
-e2c6268d7decd2aa0fb7f95a19742c0dc3acef17982e0fd6758cf998d6e86be4,1,1,BannerSnack.com.xml
-4a77f2239ce4d5ec3cdb36fe84620bfb908fb2060e293761df9003e61f4d32ca,1,1,Banque_Cantonale_du_Valais.xml
-6c40038fcccf28a838a7b3c6c4a7e00a3bf68059ea59d7937820661f96fe66d8,1,1,Banque_CIC.xml
-9ab0613fb9ab8ead3eeffad649fd0c091196351c21ff811b8bd9885bfab043ee,1,1,Banu.com.xml
-db116155fe8e1eed410bedd10b9db57847c5b19924012a744c58178bfe383f61,1,1,Bardwil_Home.xml
-749fcce7d89a360728039bbd9c1b7bf3d66d8f9d3ae74ef1b8a19316212391d9,1,1,BareMetal.xml
-b60d916c30d712566b0fd5b697b4a754a4d7fb05597485109a1c9d92f721dbd4,1,1,BarnesandNoble.xml
-3671a9a071ce22b0d7ebffd007a6164eb32681c72692e4ae734895f4e3592691,0,1,Bartleby.com.xml
-f6468f106fec675cba71920bfd2243936771900e9d15bc40349e5d5bbcf0e3c9,1,1,BASE.xml
-bec6f65a19505ee8e6403ff432718f921668b5a3b14eb7fadea5f81eb2caf57f,1,1,Battelle.xml
-ff17d1990795a846a93d09e3f91ffd13d01902677ac23858cbeb002cb3ecb7f1,1,0,Battle_Creek_Enquirer.xml
-b2f414ba6a3ae96322754420aa619271e9cad75ab612252062118f52787f0a3c,1,1,Battle.net.xml
-20ddc9f438015ac2350e6b48cfd8a16e5af96cea36392233f6699be8d5326921,1,1,Bauhaus-University_Weimar.xml
-8ec96d22b16075721e73ff4c7ca18a83abc4f541ddb40b6f3d19645f558e0360,1,0,Baxter_Bulletin.xml
-8c5c56a3ae46e7b0e0dff2f9c0109cdea46cb5aa1332746944a2fee27c8f993d,0,1,Bayan.ir-expired.xml
-aaad51c2a0c8081f059d5983c03823cd8361c012edc1abb59491654ced18c271,1,1,Baylor.edu.xml
-2bf534ad323bfd412be24cdbb1af720fe02b07bbfb3a9f65374e347f7db1c440,1,1,BazzApp.xml
-d51e319be54ebd4d0927e337e1e99397b02394b50227865fce90101e84fa0b18,1,1,BBC.com-falsemixed.xml
-07e968c407197f81426e7c5bf9786241600d4ad9039ee6593e7797d5fbf42cd3,1,0,bbc.co.uk-resources.xml
-91bd48e097061265ae45976d057a045d7a8cad9056e27863cf2a9f83a8538128,1,0,bbci.co.uk.xml
-9759911a6cefdae952ef0a3dc425e6f6c5983a783bcb287f9c21631810442357,1,0,bbcimg.co.uk.xml
-1ca67dd8c8e778bde03249a0ef9d97a48259a2d8261222df72e54d3ad1c63d21,1,1,Bbsey.es.xml
-c65218c1ca967f9407d41e68d3c1c678985e2e566e4c67fe407ee052c499abf8,1,0,bcebos.com.xml
-695b04585db450ff2e4247938210c07a5c39a004e26f99b0a6269e78a8bf910f,1,0,Bdimg.com.xml
-38b24d1672c8f1b7bac6c5019320bebc0519455350844fdab04a10c8c346c7ed,0,1,Beanstock_Media.xml
-12129b04f6dd2125cfb4b15ef93ff8bd2d6224ed9430565825912e54a0522176,0,1,BeastNode-problematic.xml
-719bae99bbf770b99cba1e43a1b688064f96a8dba30a95170bd1d88c9f2f4527,0,1,Beatport.xml
-8e57b60335fd240c6e38c5e2c6aed9f22a6c602db94a1770ee8d650d009dc29b,1,1,Beaverbrooks.co.uk.xml
-c34685ecb3fb87f6100e138ac70635fe33ece2a7d6a636ece3d702a2494a45c6,1,1,BeCoquin.com.xml
-3d78540a88f99cb8a4aede9bda44366bb9abe15a131f4ef94590545f9df464fb,1,1,BeenVerified.xml
-b4d0ca22494e3738d7e205e1e85efd94601776581ed679d3e0f04c48826437a7,1,1,Beetailer.com.xml
-ede819d271af62e829883d80654d5b964200903bda09098a583d9347437138c0,1,1,Behance.xml
-b00bec67e5e3b8c1ae652dfd383407cff1782edfdcd2c635dae39e7197bfa4d2,1,1,Belkin.xml
-86a5252d6bb39543468329b7e012b7752c0dbf17d43027f8360cb5a54f3303fc,1,1,Bellingham_School_District.xml
-774ce0054a322ac1ac0ec628ac8fd5905f72750d3c618790d14aff98474fd3f1,0,1,Belly_Button_Biodiversity.xml
-4fa3697cf81af513b6a90b5cedbb048caebd70f8035f36ac80b193d040e0f173,1,1,Belnet.be.xml
-d861cba5305fbbb465ecc64388ac98a5c4e0b60edfc42475976d48c3fb09a460,1,1,BeNaughty.com.xml
-5a718e75134be6920e13977848a7c9588ebcb5b37eb0e6b617cd15ead37bb031,1,1,BendigoBank.xml
-0e99e63fce4f1293743d01177926d23152963267916175b9737d2803f0478c68,1,0,Benefitsweb.com.xml
-bfcd485c7c6d3391c51e9dce0c730c3881ffbeebe0d47bf25a0d032bc0987da4,1,1,Bennetts.xml
-8bf6913061f07c611a3b7d1088d2b4bfd0a7d7d2e8acb4485130323481795915,1,1,Bentley_University.xml
-f8a9517520b6042b8d0106a36de5e62b23ca5f353a9e02558cf495d86b466bb9,1,1,Benzinga.com.xml
-0367b2ab159ee00969f4318bdf4eb1d55756ba4dcc5d634b9f0534b0689d6fc6,1,1,BE_One_Spark.com.xml
-0dc9ce63ba5308df05d72ddd5e472216806bb7c13248cf3ffdaa9c4b66b331b7,0,1,Berliner-Energietisch.xml
-25e6eaad191ef2c92a1c0375b42bfd2debf88f2457ab889db5ebce27f4e044b9,1,1,B_E_Smith.xml
-ab2caba1568f7b1af63f44f6a84fa1aefc457d1ad155e9a545ecf78034ad8d85,1,1,Best-Buy.xml
-a431b9a38d469ba6429708286562f55c3c396fae15555a0c6cb565cdde151a1c,1,1,Bestcovery.com.xml
-a7f7d7192c8464173c2833fe11a57e2bcee17b349a4e2b60cdfd5f367ce55d46,0,1,Better_Sales.se.xml
-db17a63fba99edd0c8bd9ea88606152ffc260b70a7248cc87c80fccadd879397,1,1,BGPmon.net.xml
-5011d20ba242c270ade1a17b4c0903a8736ca2e71b0e2c24582b0cc387676c71,0,1,Bhiab.se.xml
-dd84a877da499eaa0246cdf0cbe7473182e68191e8e96062f093515f11b5bae8,1,1,BHosted.nl.xml
-88d9168d7c35682e80336e70c63d79bdbec8fcb703067a386082ec59de9bde80,0,1,BHosting.ru.xml
-85369d0cd3eaa85d5426e92adefe7af4f9f814d1e0e15576cb81373454683ca3,0,1,Biciperros.org.xml
-f8da96534024f4b9bb6212efb1244f1f30cd3fe3403a1dbd661247dfe0a4f817,1,1,Big_Brother_Watch.xml
-d68ee3cc47157f440dacfb19f654c89b597cfb31cc7bde24504adfe61ee50c05,1,1,BigCommerce.xml
-ed5df40362cb3e1124a4a48ac5a4c876987e58beeea367a46a912ac59c7288c8,1,1,Big_Concerts.xml
-ffbbc3807331985248685ba1f74b23ac9b7956664f7342569dd05885563fe91f,1,1,BigHugeLabs.xml
-3c63a7c9c797cde29ddb574a27cc85837819111a247ac705ef72e9eab5d40784,1,1,Bigmir.net-falsemixed.xml
-d281385100cbf2c7b36aa5cbfcbcb806dfd9eea74fd0fce297b8227c13e09e2e,0,1,BIKT.xml
-bc1dce36b45b3964aa4ad44bac9f4f21f9ae6c58f7c538f56ac592aec5e9c56c,0,1,Bild.de-mixed.xml
-8cd9a60fda734c59abdb7e677057381c8c7579dbd74cb593a02656a39c151692,1,1,Billiger.de.xml
-66039ca34034afbc98fb093623ea40b2ba4f8fe8f733763a593ba204f4731453,0,1,Binary-Biz.xml
-113777f338466bc6512680297e9af75a0ec7d94855ec4e652710551dfa5be09a,1,1,Binero.se.xml
-c1794e04d3ff8f95075fc73f0fb3a6d04cb3f367a7f83f27ad0d546020ebcb2a,1,1,Bin-Store.com.xml
-59d72a6ec8f9c18c9d47abbb9999d6dba95204101d8492d4d921599bfda7a9fc,1,0,Biotrim_Labs.com.xml
-a0134fe6daf1357222392652186d939db2bff2d536c66f04be36c9cc4d40d016,1,1,Birthday_in_a_Box.xml
-573cba521c4d30634c5a52f669401e6fa01062c2ac6862f3a084d43b566d34e7,1,1,Bishop_Interactive.xml
-e29b32e9560890e842dd89122e52f12751e6f6be8ddfac5601950df7f2c16ad6,0,1,Bitcoin_Plus.xml
-508f2ce6714df34a9face9de0832e7813b20a88420b2012fef6d682bef057712,1,1,Bitlove.xml
-ead579ecc51f0ed18fd51f7bfe97ac49cebc054c64a91b9df10500a027e23894,0,1,Bitly_branded_short_domains.xml
-89060e710c9b7da93c51d49146db2b363b1026b3688f74575e8f41b91452e515,0,1,BitRock-mismatches.xml
-d8ee4c87b0620b6042c91603f08487127062a0a139d668e8c750d02a08fb2a77,0,1,Bitsontherun.com.xml
-488fd6c9aaf93eddc2eb9d2bda98d612269a42d022db8d847eb51910ab0a1595,0,1,Black_Box.co.uk.xml
-da7e4b08208ded1c4b767d150ecea18f78b5249f88487de30912e85c607229df,1,1,Black_Duck_Software.com.xml
-88bf35e32fab806cd20aec94ab13e5880ee52e59d5f7bd2a4d9854eaa9a988b9,1,1,BlackMesh.com.xml
-7cf5b0fa7f2aaf5efbef42df44175127c8c1796df9ee10fc970ab86d12f76c62,1,1,Blacknight-Internet-Solutions.xml
-37ba7ccdfba6cbb38f070020e589511eb268bffd0b56eb1a4419bc8944a1323f,1,1,BlackTonic.com.xml
-5587909ff2cecf5dbdfcd2f2e8729ff27a6b8e3218a94a6a2f7edfd440ecd41c,1,1,BlackVPN.xml
-e7d0eb1c5390cf57597a831c2e19b9a57c2eed3f909b501f84db33008c59ca21,1,1,Blau.de.xml
-8197a554073f79c50efa6b58339f3d3908a786c5041c7e446e3f94d2e41fe190,0,1,Blaze.com.xml
-ccc2061f0e821f79ec44d9ee4b85c86173fc8bada051f52e89d0d2de217b76eb,1,1,Blazonco.com.xml
-878916341a96e0461e4eaa31ff855f8bcdcfe3df38c204200f5a4ee26c0ed2c1,0,1,BlimpMe.com.xml
-f065925420ec63800dcfb7b402f1de343c87c37cba1c7dfd20ee956aad8d0dab,1,0,blindseeker.com.xml
-788abebdab63cc22f25ae5355e414c59ba172eb8398c4cb4068a984b993891a8,0,1,b-linked.bbyo.org.xml
-7bf106fda2215a49f9d271828ef890f54a626ee351a4b3e571c790b857741822,0,1,Blinkeye.ch.xml
-5f627234aca463926eac998ef133407e322eb94921136ef0dcd5acb73423d1c0,0,1,BlockitPocket.com.xml
-d7b0b266fc0b07b1774fbf9769816525d742692f7bf3ce8d88c5b41abf79eed5,1,0,Blockr.io.xml
-c532f455966d1864042489e42a050a7d2f7c59dcb18deb69de94d6a18599565b,0,1,BlockScript.xml
-1f156e7ffe3c3a4cd612b99433221f8138dd8f2789dc983bcdcb0d7a373c899e,1,1,BlogCatalog.xml
-0345c0f4ef1e2c9b07dd7af1ef177809cb3437ca02fe2d6e4eeff5bc45d8c2b9,1,1,Blogg.se.xml
-8fbcb0293f6b69cccc5ee005717d13b0c07bdcadeb8d4956cc07ee4ebd189f6f,1,1,Blogo.xml
-1f133fbee8bcb5a78a7b039865a38c14c1e6435f48d93a61a9125ccc4d83f90c,1,1,BlogTalkRadio.xml
-3958f7571262401df5596dc64eb26c150ccc8e8cb412301000e4c13d5561b13e,0,1,Blottr.xml
-7f8d5059120ac4bc4b0db885a258acbf9264b9d9c90e64dd3d029ce789fbf078,1,1,BLOX.xml
-dcac29673b164c353d780e5f410be5b5f95f22c352b66ab3de8abcfea2ab287b,1,1,Bluefly.xml
-fec60c661c82f9e6973e837a53a3604a7bd2dd503dd1d31b7a6802a84f4db6ca,0,1,Bluegiga.com.xml
-8688641ddd3db08b9a452029a89b12b858c2456a55c1abeb9f6b2349633dfabc,1,1,Bluehosting.pl.xml
-af811f2a60dbc47f350419078d14c459f937bfba54b7c06a103e15623cb93b04,0,1,BlueKrypt.com.xml
-4ad9f75a22611b4ab5e4ef795b9cf12ca03612d9660ba568e643d036cf97ac8c,1,1,Blue_Man_Ticketing.xml
-a9a5d4fddac6d697f375624eaf93768c3830b8f4a02ab875bef448a248632fec,1,0,Bluemix.net.xml
-b3fa84409abf942170fa0a73032e4a05a134968155340466e8a776a7b0a7cc77,1,0,BlueSSL.xml
-35530c1de082fe8c03754f797d1dfc1696c62ccde7587877e11be615397e8f50,0,1,BlueZ.xml
-cd2fcfbae17073af9078bdb65c85ca7a30c2a9f374dee412d13b88f4fbee3e9a,0,1,Blutmagie.de.xml
-fc757f17d83b594bd2fa2964ab128fc9cda228727fb99e25e67130bc558d6187,1,1,BMC.com.xml
-17477c85c7e67e6a14ff8808cb3e67e3a559079be361af13e394baf8153645c4,1,1,Bmmetrix.com.xml
-bd609d4d6e7d303576887e9d3bc7d86c62e65ed77a70e0c5c0373c11825f2b5c,1,1,BOALT.xml
-6aa8675bae3564c6040d1ee54ee7c6eaa95712ca262cc029f76d35e68c6458a1,0,1,Boards.ie.xml
-f68b970012f85d3fb946f1c8fc28e49641abab46dee63f0a38ded2274e84a880,1,1,BodyBuilding.com.xml
-c9a373826a1033dcb91fe698e08565a239407f4dbe6b4b9e665763369fcf482d,1,1,Boerse_Frankfurt.xml
-42244265357ba444d6ae9d1307d6e2e52b442206eabe091dd84d109cab1c04b9,0,1,Bolagsverket.se.xml
-78197c8a2e67a77706a1986e51953f3de7037b78e86c34de278bffb6681827e7,1,1,Bonneville_Power_Administration.xml
-a553123cfce927b1c373d5ce2380bf609f9d6dca9a8e61d51ecffcc5edece1d3,1,1,Booking.com.xml
-753512d3829e9b9e62dcc389f9d99420918516ba56781b87afd7c7be8938309e,1,1,Booklooker.de.xml
-a7a91664c2f3f4cfa346c95f19188fe5a6fe0760cd45097b011b60729481cde1,0,1,BoordatWork.com.xml
-f296eecd2c233879e94ee233421ee94c619b7d9f30d8c58257bf831d409151a9,1,1,Boots.com.xml
-45421bcab88efc09f590ba1deb06a30f8ebbfa1178d7061f2c06def617407790,0,1,Boots.ie.xml
-f68cbe5a7566d885e719495209b6492cdd2d7f5e9a22cd09912a08a5b9ec6865,1,1,Boots.no.xml
-8d036acb8f3ea77fc6d0de3b31bad87d03a27e89431525640703a170168f68e9,1,1,Booz_Allen.com.xml
-d217680bd681c4891a8a378e8d0cf86ddbb1248ffb73cc4b63499cc5177dd4fd,1,1,Born_This_Way_Foundation.xml
-cd5d99534f588512306421c08f2731bd2e8f7bf28d34a8ff58ccc0ce90db9d0c,0,1,Bosch.com.xml
-33fdd006644fc9144ab8e95658080cc6a7a02dbd974d3ef819a370534b3af584,1,1,Bosch-Sensortec.com.xml
-309241ac7c972b6682c8ada9ee98789e395848d7ea1a1f3b6b97eb309be1ac07,1,1,BoxOffice.xml
-7c899ec80cc19d4ae8e2999849a3624f6891c104df4058edd230652897815e28,0,1,BrainBench.xml
-1d53d0a63f2280c5e360c716028d5e3cc3cc47fd94ad17573feed81e5ee2d13a,1,1,Brainshark.xml
-14392c3133833624c5c2aa9b8526be87616bf60db67261dbf03ef4266fb9c066,1,1,Brainsonic.xml
-3fbe3fba810c1999458523eb42e7066bcacb7f5f134e0b86ea220ab111fc5a73,1,1,Brainstorage.me.xml
-62a1ff2660e90d0dcd68205e5755343612031522d32c97ab421b67daaa96c544,1,1,Brand_Embassy.xml
-f27f3262eb1c10688637350e72a736ab929c73f2261f70fca86773051f511cfd,1,1,Branson_Zipline.xml
-bb99bc99df1c831b11f24c7b67956dc23df65fd60e912ffdcc34ae62d34b5845,0,1,BreNet-mismatches.xml
-a27dbef90110010d10e0f93cfa4c2adcf1e1c634ddcb217245a4f4a3d22537fb,1,0,BreNet.xml
-c868592f7203fe56cfaf6f91a4c8982cd132e3e09617de3c7d4134a85eb39568,1,1,Breuninger.xml
-0e2a8dc117d3acd6fb19e37f88bfe2027d3f5b253b3a1c1331fcb8a4058db82a,1,1,Briggs_and_Riley.xml
-9fbbf43514333a5a4dc5cc25f26f3687485fd24d043af068d148f808a76a894f,1,0,Brightcove.xml
-06f864e3d0c6a973238f29dedb5664caea33fd6328547204bcf932a526fecccb,1,1,Brighton.xml
-bbd4b455ba05130f07710e4f11bae4ffffb6a14a2e53d18ab813a9fd1f5b3bfd,0,1,BrightTag-problematic.xml
-3d443a23f560e68a1bb76c5c7f0d19c9a8f60a6037694cbcca8f6d459b66dc44,1,1,Brinkster.com.xml
-48ecf46a4668cf486d0438d95ffa46b614a20b7ffdfe6dd52178ff582b9cd7dc,1,1,Britannica.com.xml
-6b73d0fa74627c65a26aa706658e1cf8dff117006096ca17da297a99c97ee81b,0,1,BriteObjects.xml
-9f2597ff085f3a8b2ee08c90f6c9b46ab1b50a82c8e90cc0349d5687e9c157b6,1,1,British_Airline_Pilots_Association.xml
-90a1e5ea8c14756b091326e1266b7289980ea204f75c2fdf4f474caa4c906a9a,1,1,British_National_Formulary.xml
-b26f2658831b6ff506c560fcb9e8f6f24bb7eb67543a66f647d639de6d5ab8aa,1,1,British_Red_Cross.xml
-d52daee164b0903a9f8789f6965f1db3f02b0f644782ec8247b27645f5cfce1f,0,1,Broadbandchoices.co.uk.xml
-6db9dbcf1e1a9fea5cd3d364216434ebf9b58b709c455021cb34e6e074a1b714,1,1,Broad-Institute.xml
-bbe59d2f766e67a5424a4d77d610322e490c57ef049b835a25d2c7dba5602f94,1,1,Bromley.gov.uk.xml
-566d6b2aa94f016b3acf4842196102e0be36c43d522d19f66d676a771cb879ff,1,1,Bronto_Software.xml
-ce4ed14cd48805aa20f74978e16a4f8096a89c32e172a5e8cc29ba6015e9c98b,1,1,Brown-Paper-Tickets.xml
-4325d39e0e10a221fef89c4c06e91596114b3a730107e98de7d66f473cc3a759,0,1,Browser_Addon.com.xml
-08ccc26490b9f326c737e8ebb878ce2f46f8131fc47bebf0b68051adfc09fbb7,0,1,BruCON.org.xml
-15045b256d3c25cb833b608efdb944f2dbe76c4e7dd2e666e3fe975ca5534e04,0,1,Bruno-Postle.xml
-51249e771817637e82f106f9105c78ae51b0d4f9ea6690ecfccdad8d997f1619,0,1,Bruteforce.gr.xml
-5d3598c7b438001cae822bb1a29df81be12e6c8c239bdd6ba71c68d18953b616,1,1,BTDigg.xml
-9ac4438613bdfa3f8d619731c234b07a2b34659bf4f590ae48328ec71ee73ec6,1,1,BTGuard.com.xml
-f220626aac6f6f1da031f3bd445bef227d59da713beb06685215af440614d8aa,0,1,BTH.se.xml
-f02719e41dfc1e6cf086314cb5d1b4fdf6495ca9e012de645a3e62bb9fafae95,0,1,BTR_CDN.com.xml
-1f8a223fef58d2230c7688901cd5a2b66dfce9d34b6ebff320e54fa2ca1e9482,0,1,BTR_static.com.xml
-0aee3f2f500bafc6e69595947c0826f3bceefbbaf7f34526534b18fc43b678b1,1,1,BT_Wi-fi.xml
-3a248c5939ec368379c6395aba5e0c2f2c755dc94b536df34a66bbca7e8b8321,1,1,Bucket_Explorer.com.xml
-cdfc30bffe359836ae3497140988a0e232b84ec88b89e1173bc7cb0bb0b3bcd4,1,1,BucketListly.com.xml
-a89318bc86466b0829364c742411ad11099ecfa130f4ad651bcdc41aa6f16f35,1,0,Bucyrus_Telegraph_Forum.xml
-8e7f67c2c91f31f555d547b8c28b2fda823f60ac8cbf7343bcf63b2b3279db12,1,1,BuddyPress.org.xml
-28af491a51c5dadccdb59f42e48ae1730be2105d11c838b8c0760bbffbb54c2e,1,1,Budgetkredit.ch.xml
-ad03eaf3f9b975f78ac8b6f3dcfd6f553b47675e27acbcfcf2a0553b239ade5e,0,1,BulkSMS.xml
-4457ac8d24e5fe710f7e52abdf2801b6ca4b33db2b1834da39b104dfb2e7b572,1,1,Bulletin_Messenger.net.xml
-42207f5a81e9c20cfeffbda745d6b910f88f06740f8d21e3252abfb9ce7fac35,1,1,Bulletproof_Exec.com.xml
-b868f832ff3636c59aa9c3c764058525b955fd7160f2885afa2e1a2a4ab4d1af,1,1,Bundeskanzlerin.xml
-4a993016b9d3017b227427c90e48cd8373fd6134897945f279849307d9f40a77,1,1,Bundespolizei.xml
-5bec6c2d467c00384afd762ed482f0809625b471f660521fa6a245e133ba2d30,0,1,Bundesverband_IT-Mittelstand.xml
-6c1748912929e8ac03f059fd54685e44735c7042ec6bad9348aefaaeea188c90,1,1,BureauofInfrastructureTransportandRegionalEconomics.xml
-b26fadd76b5f460cf884b95baa691f59eb3e46b5389b634cd16f8e391fb5ec1c,1,0,Burlington_Free_Press.xml
-fc39c7090cf6ae83d72e9f99d1a229a0ac5002afc76d96e0d4fdcae754fb9352,1,1,Burstnet.com.xml
-c33cea36533235c6c927eec028ea2efde81358f3e8e02d22b65bd3678996d998,0,1,Burt.xml
-fb3197e4ecf4999eb193dfaad46f0bc7dd2cce63d703ef7023b773e566af9310,1,0,bury.gov.uk.xml
-c1abaf345d18d8bb9e8cb2fd125f601177d32d8341f9182c2d276c6b05370f1f,1,1,Business_2_Community.xml
-7393401e7dfd747e876ce15c4fc3b16d6b7da1dc41695903d278c28d097429d2,1,1,BusinessAU.xml
-feef6f5b69ab3cd7c45316fc1aa56978059547bfb188b1efe1410f5aae7e935a,0,1,Business_Catalyst.com-problematic.xml
-1828776117613179b01abfeeb5c873f8198051e1a751002ee4bc516169072d90,0,1,Business_Catalyst.com.xml
-db58ee6861fb737987b143ce6adba2f64f4882c248b49310b3b338040cfab037,1,1,Butterfly_Labs.com.xml
-2562bebc1989b77cb7c8b1d6adc0cbf1652eb1a5cd59324fbe1cdfafb1f85d7f,1,1,BuySellAds.xml
-04cf84a7b713a034133dcfdcc83b5ac527735a654505463ec68591a5b71f8208,1,1,Buy_Veteran.xml
-c427ffdf9436bd51bd0b0c6dc90e4c2892e3fe246e2066682cd6124b3c2d2e0a,1,1,Buzzdock.xml
-b538310cfbe7f06f481c733d23a8b41facd488c3a91f0613142b44155369e6db,0,1,BuzzFocus.xml
-97d0a30dada7f04c8cb3429a1048b8ac805bfd37e57920737e76e97124366f38,1,1,Byteark.com.xml
-13681cfdfec8b977dd61f60dd3b60eeca91129657c6d53be304dfecc8f1dddce,1,1,Cabal_WS.xml
-b971ac80afc454400fb6b63d8cafa6c0e5592acf4c5b1e6919086911b3dda4f5,1,1,Cables.com.xml
-496e7c05fe03d3ef39378a01c47ab48dd3cce74f05ee486588bc569e1a230c29,0,1,CableTV.com.xml
-0cf99299088ed1e5c7b0392b22233d2fae9545c038c78270c6fb8def0df55c32,1,1,CacheFly.xml
-2b9ec7a31a1ef2ecfd802b57c36056e193b665f99ff11b3e612cd7adbd47e056,1,1,Cadence-Design-Systems.xml
-459fe1f8b04ecbb1a5229dbf89c6cea1f2352bfa33303b853688030152f7e37c,1,1,CadSoft.xml
-04a9f7119bd93b943ec37555c866274a2f8af7239be84e78388b0ec6fa56eb0c,1,1,Cadw.xml
-43587ecba7b34b06312fd938651880bd985d3bf058c4d83bbe7a7be9ee4ef3da,1,1,CAGW.org.xml
-d47f7d3a5d91d6d708e424d66a99d709724edcd2ebedc8d4a0cc0f864e714592,1,1,CainTV.xml
-8508bde339e4f9f34f0714309b44c282c41ec30981d2a5be6b520c3ca6a28046,1,0,Calendars.com.xml
-a53839eeb7c5c5c70ec1a7717b0d2736dc7c2ea8627dc48ac79a29a6f4a2fb16,1,1,California_Polytechnic_State_University_Ponoma.xml
-2e3b0741fa907c730d4618c3be0358aea7e9b902cc7d57fb011bf6725a9c1fd1,1,1,California-State-University.xml
-54b9ec4e58489329294ea814503b75b685a861fa36329912f7c5508107aad516,1,1,Caller.com.xml
-b9e4e75c2b53202fbe4ade7add5bf8e42155f0b1de06a85e1c6dc204dd947af7,1,1,Cambridge-University-Press.xml
-970ce1a3226d07a9c9e49bd6240ffbae8eb89fe5247214161a7ac5dc70a51060,1,1,Campaigner.xml
-213b44c9505b03054a9590a41dd3995d718801ddc16553e2c3e35596e3f301f2,0,1,Campina-mismatches.xml
-da60ddf6de25a6c971e013d595396fdd134c7287acef6900c4124f47087b1764,1,1,Camp_Staff_USA.xml
-cee40e08bee1b60dc042a63a2f9eb299b77b9b6e1679d067c5f8a16f64803037,1,1,CanadaHelps.xml
-7361432018d08c1eb212a2c9d1cdb6901fad4a8a2486a3bbc5985dc410d0fcb4,1,1,CanadaPost.xml
-37e7a3d4dc8537d9eba2f6a460ae2cdd3c82388d96102f9edbfd819d69f88603,1,1,Canadian_Broadcasting_Corporation.xml
-5d08dda7d1b74303183590208bbf76c0a0ea1df76df2b3497beaad6d8f332054,1,1,Canadian_Press.xml
-a67a179fce16d36044ed0085846aa4c0473713c03e7e3c554b1e554666bd9707,1,1,Canadian_Security_Intelligence_Service.xml
-da0a056ab56804c9a3bac0d03fe82a66d33d3fae339ca1011083d85f600a1656,1,1,C-and-a.com.xml
-aa84ff00fbeb0f753bb8fe1414ccdf017caf54f3df9c4ed98bd4c51b34974fd2,1,1,CandH_Lures.com.xml
-8c6336cbbb46ed2fc93abeedafbbcee2e6d92674f583d63d16ab1cfd93c434f7,1,1,CanSecWest.xml
-90eff7965a6d548ff46af2a7b4047fc367be453a1c2570c6bd022de54509c796,0,1,Capistrano.xml
-152cba7f043b7103d9f5e7790726caa2e19aee3ba4f2a27c1743b5ff294ee4db,1,1,Captura-Group.xml
-2ad7b8fada5e55c37ccf909ad869d2a25be2ebb22876f85f6adf258f3367b177,1,1,CareerPerfect.xml
-33e6dfff597abff0ac105150b25f2cfaccdb96b8ec030409f47dc46a3fb94ef1,1,1,CAREpackage.xml
-318dbfe8f4b7b7a37f1b28eec7d63c4c5be3c7821720a0832651c119bfac1b31,1,0,careplace.org.uk.xml
-de976e830c778167c1e154b7a2617e0bd1c08431d99c37b516e0e3c57d7dc84d,1,1,Carestream.com.xml
-fbed29456b04f8c636e55a4733cc819f2270bbed8cb8fe3badff7d700c22509b,1,1,Cargo.xml
-815b13c84f20fa674c550256fd7f0faff27092abe79bb7f6994d68604d6219d3,0,1,CARI.net-self-signed.xml
-70d5f18099ed772fde86fb8ddda405cd55112f107922d29f22cef25c7db4f849,1,1,Carleton.ca.xml
-1dc9df8ba5114e4f75aec8f4843d2bf5d7a0598089b3e21cacff834ab3c5aba0,1,1,Carleton_College.xml
-c047260fe241591aff0d21678c993c268a8e8e26a0a9a2bed56c4fc93d6a9d2d,0,1,CarltonBale.com.xml
-b99da0557fefb5908fec709a958aded1b162eca1a262474909bd02b6a6ab20e1,1,1,Carl_Zeiss.xml
-2b58c69b2c2492e4b93afb1c9bbce7493bf8d6ed35940008b005f9e37d318af2,1,1,Carnegie-Mellon-University.xml
-17caeb4c5121ef1b3d80aff4dd32fb0bd1c9c6506e3b8a5b5f7c9f329c005ba9,1,1,CarProMods.com.xml
-cb7405d2c2753f150dbe71bc0859cfbfabaff2a13093a8408e93bc1c5f5770e2,0,1,Caseking.biz.xml
-828d2dbc106378004fcf07a416e73032ef785645efe2fa901d1726f086781a28,1,1,Caseking.de.xml
-02b835adf3271019ab81b1c292ad031f85a01616b4739be3a73d3a3b6ec5c899,1,1,Cases_Ladder.xml
-d2b47ea2675a8e8e5d0b078ad900b23f21f47d90f58b6a1be679c36a9fb814c1,0,1,Case_Western_Reserve_University.xml
-e7e6de259ae2bf37d6c58972538d00e6800146d4aadec503ec1096b562f2ba1f,0,1,Cash_for_Contracts.xml
-811c33d7ad9dde56ad15954e3460969dab20d0f9fa930584443266e21feff865,1,1,Casro.xml
-7fddb9451db47ab6222ff191001fb1904c4ad0b66a8c514d00c049aa91159416,1,1,Castel-Bayart.xml
-0c92ea4b62f6625531d7ede533dfe504353dc616d37b665607cf85923e93e4bd,1,0,Catalog-of-Domestic-Federal-Assistance.xml
-c02c10e83e9544bb3104e6f1485c4a55a2f4706448156f35932caa6318a2d95f,1,1,Catalyst_Host.com.xml
-f57a8aceb54e732b6b3c8fd1648b923d7061e7f2a4e740fa769fe264cf0f317f,1,1,CatN.com.xml
-cb89627369982908c0f26a2057bfc12a61b87dc3859a7524a6fb20f638d07db2,1,1,CBSIstatic.net.xml
-fc23e2bcd6c3abd0e6d5304c0a11e8c3812a60b34809ed8b7b2bb2240b811368,0,1,CBS-Sports-Network.xml
-dce47057289512712f6a81473c0392ebeec435bede445e2418949d20001d4c5b,1,1,CBS_Store.xml
-fa4b5cc10eda4105a919a14355ee198140034cf659b4de8d84c4db1b2e0d0647,1,1,CBS.xml
-30013485574b054268bdaee6655f649027c836449bbea345526fde438960fe73,1,1,CCAvenue.xml
-dded44f856c5b22d92e7be6fc15b90dce78ce9a0c565ef54ba0fe815e78cdbcf,1,1,CC.com.xml
-7955a0d3d6af6b18aca473a36e0f62d93db444b63e032c8022673c2dae949c0a,1,0,ccczh.ch.xml
-1c4096e30615c3d13b6ecac18f42304e15922a35c07ef669ec8f3dc245701606,0,1,Cchtml.com.xml
-db451c15ae5f229be88b4de367c9a6a0589742ddf7a26b1eacd518efc87527d4,1,1,CCH.xml
-395743d4266969cafec28bb5a7d0ea3df0f409f417bbd5198dac7407dbb6b08e,0,1,CDN77.com-problematic.xml
-dadc27805296e0616502f8dab61f19e1101e29bceeb58be4d7628fffe56f0a8d,1,1,CDN77.com.xml
-12021169f7500a9698c21fb42390772f04504964944dfc3a2e7d709980879cee,1,0,cdngc.net.xml
-f20f66759481152d644ac6d66b0beb2c0c6294a7f5c3931b3ddab5c43aa95551,0,1,Cdngeek.net.xml
-e3d1fbf663250b13e6cec1485aa7fe068e14180f6883b42fa9681f007004852f,1,1,Cdnme.se.xml
-c2c8b3ebec631dda1317ae648abdb8820843f2008bfb084ddd40867f5942ee35,1,1,CD_Universe.xml
-cf5327ce99f02ed18d5249e6578f78a7584c6f43c05d2cd4ddf8a1aef16a1223,0,1,CDWG.xml
-b09ee57848b20dc5f0edde7dff31b6dd704d171d7494f0b4e566b62c8587cded,1,1,CeBIT.de.xml
-d6a8f71386d93781c880b1b2a5745306b956ce7a6e9054a32c8180e1d5882de3,0,1,CED-Magazine.xml
-08808ea372f1539dbd840591d1adcfdc422bd1b94619e0551fc7cd4f6be484bd,1,1,CeeJay.net.xml
-ff8d40bf74ef03e97bb141833608fd1af15eadf315b3d4375b2f343a6ffe8043,0,1,Center-for-Documentation-of-Violations-in-Syria.xml
-82abab3b4d77995ea39c6a15825d1ac07d0bb03b074f33ae2de20beecafb466e,0,1,Center_for_Land_Use_Interpretation.xml
-8f258fcd95eeb1dee7520a913d54058f13c58eeb187a5f645bd5ef5313658612,1,1,Center-for-Responsive-Politics.xml
-c83379f445fb8f6413686fc0baf7277cefe62eaa3cb2b220bda737675f5c2cda,1,1,CEntrance.xml
-559cc265802aa764ca4e6e05095ba3b2a9cc782e530fcfeff985833279481a05,1,1,Centre_for_the_Protection_of_National_Infrastructure.xml
-590f799c40da3367a91fdba74ef668755f1f6adc00ec8f63a3d601e3ce683b58,0,1,Ceonex.xml
-2ff7637db101bf266c1273e53a85942c10749e6c7da8a13a297d94ab59a204ea,1,1,CERT.at.xml
-5da4b105382e5d0f14ceb6d0df18911d7b18e56047a02be0a804aafd9d900ca9,1,1,CERT-Bund.xml
-750616ddd0ac444afc83069ecdc28a0925767fab767e7bdef1f604c573d8c8ce,1,1,Certified_Secure.com.xml
-61452ba857551759e77d5b513a6490e4c4abc0a88b6c36e32307a0c4fd6ba720,1,1,CERT-UK.xml
-089ad02b4a5def81013ff4c7c638b99eee0fab6ed4e76d99170f1a0d769d088e,1,0,CERT-Verbund.xml
-2bdce0201a1573c28fac0377554b793331d5e242c1dae39ac1879603811f4236,1,1,CETIC.be.xml
-5bd8e0e2fd30fc0a28fd33d451a35b60e7275837c4fd405dfce8bc81af27ead1,1,0,Cfapps.io.xml
-657c3fc76a95e653075c9146e79384f35deb6602ff616d54387921bbab2c83a3,1,1,Chakas_Mmm.com.xml
-6f590753ae8cd04bc98291decbcfd6ec6ea47549166af85cdaa10ef1e818226c,1,1,Chalmers.se.xml
-15cb94615e0109eba10078f5957a09f1928212efd7e6b6fe45f0d5a697c549c2,1,1,Chambal.xml
-ff87ce869010679c515851e36ea32a465192690bc683dd743900d54b38f61374,1,1,ChampionCasino.net.xml
-9cdd926bdd6a036fd0f4c777aa9960f723dee343cf1328e1a7b19ccf1d1fdd61,1,1,Champs_Sports.xml
-b9d0903b811d2fb31c9a37f791cb10e6db214250062ee925367786ed616e8ec3,1,1,Change.org.xml
-dcc49a44fd24bca36885c090e4d53fd2c1f403cc569769e7ea3624c84309dbf9,1,1,ChannelIntelligence.com.xml
-32ed9892ffb10bf2476a20c52bca26c0697bc473e9f07a74e96fa989a70dfae9,1,1,Channelme.tv.xml
-1d429113302dff4c3b08ed76741b98f4a4a8aac62de47bd55c2df5761f2def04,0,1,Chaos-Reigns.xml
-b59e3733248b31c4fb739059009c4ecc1cebbaa907e505f9999e0f23b0207b05,0,1,Chapman.edu.xml
-b4756a81d6fd42b2949d1f110962a6cad39da842d2c322783aa61d1b2e0dcdeb,1,1,CharityWeb.xml
-749013b2fc545464572701ed1335b9f6a5592b6a0af3474d9703994874179830,1,0,Chartbeat.net.xml
-7606270cd555ad7826233b4645f480873fee83602319fcb826d731e8873a9017,1,1,Chatango.com.xml
-f1432b9c958b7d77317856b509738eea679ae9483f0bd86a27b70c5c9b644313,1,1,ChatMe.im.xml
-e05d77b78aef21dd0a8646ef41c248e8c20619e13a951f2419ef7ee9808c2b53,1,1,Chatter.xml
-d46688286a01470ae72a7494f809e4f5e3f1aebe8c1106fb90cf66225857e4fd,1,1,ch.ch.xml
-2a63e3290e8b7a3df8030c54b4a0cde17f935b45c2bc77e8bdb4652e5ed5f0b2,1,0,chcoc.gov.xml
-e4363ff3c9c95bc14779143fc3b9634737158df58162c751d815e79d22a45440,0,1,Cheapass_Fiction.com.xml
-ae8ab9138d1f643d504ce92a7bdb32a25040fb5891eba6e83ceb5825d4fa0300,1,1,Check24.de.xml
-0461c1fa37a51ab04a664f608a0b764ebee6bdb87c9213c7b4935ba63033976f,1,1,CheckM8.xml
-894acd2dc7705d1cf89e082dbdb2e22929fa076885cb12c5839beeea29c47c40,0,1,Checkmarx.com-problematic.xml
-a661d52f01a655aca11ad14b59ebd2b1dc43fe4ec22803909f5cc80f9f2c7972,1,1,Checkmarx.com.xml
-c35f7c9558325a1c388b1a71d37aa032cbbd2189084eb366243641ba716a9ebc,0,1,Cheema.com.xml
-874c0ca58d248cca11347c7709090b7642349d67a5d974b7715f83cf112ef009,1,1,CheetahMail.xml
-830f65a383d7db9aa636b7edb97f0b68dd20836134773d72e567c5814b336945,1,1,Chemical_Abstracts_Service.xml
-5a3386790b6cce0cd8d88a347a1ef83fbc723f44ea336f955ec645ac178f2b4c,1,1,Cherenkov_Telescope_Array.xml
-10fa5a17c9fc13e685fe8cf8b8a631768e81152d63045308597137c3d5f44be0,1,1,ChessBase-shop.com.xml
-aef5145874dd4b4847a2ca76c06993964264c6a392c76c50742a19e2327850f5,1,0,Chillicothe_Gazette.xml
-a486b3a9a8fdfb5af7161460ce10f22575e2dfbbc388f9e39473a09f526f89f0,1,1,ChipIn.xml
-fe1cb1da747d4c59487f8561bd5d048a746a615428080805d68bd12f5a45d764,1,0,CHIP-Kiosk.de.xml
-fc08fadbc356c1c170c2e48c51fd76cf1e6238e5c6d1eb71e76f0b9c4def968d,0,1,CHIP-Online-mismatches.xml
-a7fa8f7491c9051f153f6d88c3b814485b380c83f5d973e5f01dd1325fd1f054,1,1,Chistes_Cortos_Buenos.com.xml
-64f97bfe11304bd506fd36f251d1b3e1500a6471706b7b1244005dbe17633396,1,1,Chitika.net.xml
-ee3a5eba1f9ad709c1faa43e65590b84a77729dc3078a90ee79ff08a5a559e80,1,1,Chitika.xml
-ceec987f3e67e3e7b1f4cec6c706fc9e0dcf3bb51ef908f6a7122b195a9f3e13,0,1,CHL.it.xml
-a55226a41482b55b64ea5dd690a09fe19d0999ccb8131b436b690784d6cf4e0e,1,1,Chlomo.org.xml
-9c34cb141dfb485ac7469918b141086d6382aa0a559d35d52680f73c725b2bb5,1,1,Chrisanthemums.xml
-69576d9694982fc30c67473122078602be85d16838123c7ced7cc7bba8715f83,0,1,Christian_Heilmann.xml
-e96c2a0ef175b7fbcf74f0254fc93a12751c397f36783d2fd0bfc05f3e290f4e,1,1,Chrome_Data.xml
-bc2e4da10ff3031e7c33b25dffdb3092b3cc96c2ae77636c84f55e5fea2e90db,0,1,Chrome_Status.com.xml
-635611ba0802ed40b2ee5b905ce99d4880a24e557dac0278a893e36ff9b3f88a,0,1,Chtah.net.xml
-a2b3aceeb1593746dab6ebf9ea2eb07b7104505e91e610e6df35769399c21b16,1,1,Church_Hill_Classics.xml
-cfdfa99b1e7ddec951fc52f57172762a09c9666866168b24a750f1f232debd3c,0,1,Church-of-the-SubGenius.xml
-90dc83350ae58f9b37967bfe33406f3cfbbd9de47f797d5691ae0c64b9dd573a,1,1,Ciao.xml
-dbc46881deffd783f88ddcd087523d767b4fbbe2c73a1266479dd4e46670b5d2,1,1,CIBC.xml
-4a3251f6ef0a80747dc6d59dd8975adb0d07942f4babd0fc8ea79048f2be6f24,0,1,CICLOPS.xml
-06585660c1b9b9ab503d70c8f9f3d42e020426e91cf49a1e1576cc7273f711f5,0,1,CinCHouse.com.xml
-de19403594b073d50fc83ab38402f494cbbbf9920f2d6281eb1865d7096f1e12,0,1,CinemaCon.com.xml
-5af114e6be10d6fd0a1aaa5b2710a714fd971041a06ea0d64f223e35cc1542d9,1,1,CinemaNow.xml
-4198bc72c0160da3e334943ec412c321de5816400e6afe0cb78239f147e67b8e,1,1,CIO.com.xml
-dc0992a5994c243bf9b18642c9aa62e6d917b8085d300a17eb2c06dff2bfbd80,1,1,Circle_of_Moms.xml
-4acb5a4b23c7741ba5e90fccb7c5fd11eee4edc412da48b012017ceb150adfc3,1,1,Circular_Hub.xml
-f21f4446f17f30b69feb3250d3b29c8b78fd83cfd3ee68842327f2cc9666d0f1,1,1,Citadium.com.xml
-ec0ef6511fc8ac56cade3fc79d5ee556146c78803e5483c3a4c035ee42a1fbf5,0,1,Citi_Alumni_Network.xml
-50528500b771e1f1bd280131b8716d6c7bdd5f860cb235a5193f62df416b3680,1,1,City-Mail.xml
-dc4537168d9525f51022415e645d6e4b73724c9a8e437d33c21b8a5560192207,1,1,City-of-Chicago.xml
-8c337b75ca9d7a8f1ee1a7e41f3b28b1246455da4315b8bb57923f6c1f73f4b3,1,1,City_of_Seattle.xml
-324aa263ab69f494cbd37fe69d6716c07bcd7b46853ae25a5f7377722146afd2,1,1,City-of-Sedona.xml
-63cd65cb442626c55dfd31b5b4d94d346dfa90654eb59fc6fd9bc2ae77b5875c,0,1,Citypaketet.xml
-71784dd9bb7126dd9498a338e25f8bed0189c0799f0fa396793d77ecc3f930ea,0,1,City_University_of_New_York-problematic.xml
-88da9400d16c491db6e3d8ec956cc78ecb20de9aae1521da6cc70af4b3918ab6,0,1,Ciuvo.com.xml
-f1941a4f4eed89d559552d80627858aaf5ce0931a3743c396f8c83c4d6e6b91a,1,1,CivicScience.xml
-b3158d31c71457363975019cab7d54e2a1df3c4704e8ec39284edb1a7599ed71,0,1,Ckom.xml
-9f7ef86f1422fae63e98ff03ec7f5db69e56e9afd5089b95fc71ddb28218c3be,1,0,Clarion-Ledger.xml
-e239c746877388cbb5e8bdda31133b3d1bbf51631ba8974d6c07ced5016a01f0,0,1,Clasohlson.se.xml
-efa035032a8adea946c46ec13d38ae6490099edcb3372778098489a72b0fd465,1,1,CleanEnergyFinanceCorporation.xml
-11f8b0f6e4735f79afb373f2c312f8f38c01cedf75703145b65f1d4d0ee82933,1,1,Clear-link.com.xml
-3bb97c7edc6c521bfb2d37b3110814bf4e8c754e494817f319fbe8276e46aad3,1,1,ClickBank.xml
-4258d5f4b5f7f226cc8e85c2f9a1a73d311e9adc8bc9503998be3c4c2e638f52,1,1,Clicksor.com.xml
-0e6030faa7bd3a535ba16407b701fb5ed96fcfbea25027b86346781aa266abb1,1,1,ClickTale.xml
-c45cf815f97aa9466ea33031ca53e8a92b2a418113ab2d2f1ddc785ec1e8ac92,0,1,CLIC-study.xml
-df851c281b54812ece8405960ab7920e649aa2e9c3941b7696ef4cef6fff0aeb,1,0,clippings.com.xml
-ab257c10ba938df508e131e28c826c94323e85a97d95d4900fcf90399458b6e1,1,1,Cl.ly.xml
-c954c0e37df82e9c356ad3611313c5aebca46fe4c2ad4291b1fff6ff2c90d3e4,1,1,Cloudforce.com.xml
-39fcbaa2a2d5928ab7c8432633965289e06ebb11ebfee5d0d53b4daf9ef4f4d7,1,1,Cloudhexa_Network.xml
-5ffb20d9923257da6e73e1909a6d8cf7d68be914c8e160458e60e2914bd758c6,1,1,Cloudimage.io.xml
-9a3f101243166162958333bd87ca842670c62a2e426ad6ff5c87aa096340360b,0,1,Cloud-Privacy.xml
-299cb39fec29918dea7265b547b0b58d83d9b27c9a8ccf46f35e15369acbf137,0,1,Cloudset.net.xml
-18667621076275ec475015222a4a65bb0ecd59b5d07234cacc92d5d2e1c2fa89,0,1,CloudWorks.nu.xml
-ebe8861f8b01a594f2009032190e254730320f03a4381474c1f43796ab9fe25d,1,1,Cluster_Connection.com.xml
-a5bffa7d7c1a73f9251ab1f7509bd4736925898c6f99b74ea8f3896e5cc09c79,1,1,Clusters.de.xml
-8e944aa7a044e930a694b080696d4c54f28b409d61d04f8125dd5e61c1a2651f,1,0,Cmtt.ru.xml
-3784a183168c22a1a724dd67210129dbcdb35290b9d6d09f2a18f1aa4210c360,1,1,Co3_Sys.com.xml
-5df01438ac79becb6644b3dec650a57c8c40b84ecf6939e91896504548a7ccfc,1,0,Codecoop.org.xml
-e201304121c055892773138ac3235899485bd00ccfa94712d8d872f701901927,1,1,Cognesia.net.xml
-d68ff1b58eab380189c11039120248d45c10926bfd08362be2e3d66ef2d17dd6,1,1,CollabNet.xml
-c72480bf5ff11ba1f7d5466f6ad793fa99e51452150a43d109da8748723ab054,1,1,CollegeBoundfund.xml
-01e3cce2c68b60c53bd29c022fab016da33cfea386c371fe6bd47a6eef0ae66c,0,1,CollegeHumor-mismatches.xml
-339bc36fa7e42abc1eeed143a5bc24c08ce6bcb11d33db4313da65d6eaa08007,0,1,CollegeHumor.xml
-0338333878edb6a0f6c006f0fc18d49805899c908f920c7e612ac5496c034271,1,1,College-of-Nurses-of-Ontario.xml
-bc6a00e617c9db49b07c33c4a774775c1544dc9e002d75dd1709e2253ef33b03,1,0,Coloradoan.xml
-6347c91fce42e33944bf4e68147dded6b142f3f8ab49dd7f90c014502fc0704e,1,1,Colorado_College.edu.xml
-9eda287348de654d0985f0631415a46011e0d266cf27dca8d63b3f552e639dec,1,1,Columbia_University.xml
-4d9de0cd9d5c53dc2e304a882eac29d39dc8ca80b885b56fdda99c3cb261fab1,0,1,comdirect.xml
-f4dff27943c317c1cb2a502eff51cf6436170f4688ea0d3a554d16895ded6cf5,1,0,Commission_Junction.xml
-ed1a6a91ec23f12636e85fcab140be7b53ce9ead8bcd48f7173655f06843308a,1,1,CommLink.org.xml
-62c49960652d3e3117d23116a8d544af8d0bc43780cfc963c9704a5d44ed897a,1,0,Common_Criteria_Portal.xml
-5259790909abd7c2980520d48f3f158799be1f5cc478b835cdb44ad1d6b0e970,1,1,Common-Short-Code-Administration.xml
-20da5e6482b3b3be5ed22f4994ad41162a8e2d3e8e6fb81bcb86cfc8966bd64b,1,1,CommonwealthCourtsPortal.xml
-ecd0baaca43fe666a3d384e1fec2a928291378c6f55f6d2a31e9b9873a0cd053,1,1,CommonwealthGrantsCommission.xml
-5dce6c98248d4c5f20c791069b2fad0e0660b5a16a3bffaa270949a92a0cfb0d,1,1,CommonwealthSuperannuationCorporation.xml
-d9678bb694d8e6a00b167f6ba25edeae50f3e143532f4ad5100a818603097a16,1,1,CommScope.com.xml
-99330baf93c8ae708130f47714837655c0c21bc656cd4d61a4c8ac61f1a60956,0,1,Communicator_Corporation.xml
-382e374bed7b8010c07406799fb9f5689f72f60bdaf85e5df9ea6f2aaa3cf232,1,1,CommuniGate.xml
-c4d1e044911fd46c2431ea7167259cfd00dbc48662b1193ad5dc88219f1b43ed,1,1,CommuniGator.co.uk.xml
-c2b3c7d25fc0833e8cad973b30e40d8491ab163fc1d955776100fdd03c0d3274,1,1,Comodo.xml
-50a6c2f20cd09628fa54bcf02403ff8df776e39aa3209172196d821911c157cf,0,1,Compaq.com.xml
-55a6d8b4c3458f1436f516dc128d65941ce8e9deb4e65298d021a128cc208fba,1,1,Comparis.xml
-3a7a3210ef2a6304bc708f0e3ae32ac3795e0cc88a2b8971127bb2d98aebb733,1,0,Compasscard.ca.xml
-312d660ad3756ddc1d8e6e7d329ffc95dd96664ab13533e300fd1f64712c7c5c,1,1,Compendium.xml
-13b7302ab918891c2df88dcd9c929fd32b865828bc7ef07a74d01f5c9542d47e,0,1,Competitive_Enterprise_Institute-problematic.xml
-f15ebe51bbc7e65a292be0191506b39c915e370f344f8d60ea9ae31fe9eb106e,0,1,CompEx.xml
-de35c6263d5168fea6a5c9df899f60d8bfddf708af2110475853f3ae77f2b5df,0,1,Compiz.xml
-502e65e088a01360707e03ffb91f5e96459016af819c164b02bdd59c99eb0bf1,1,1,ComplianceSigns.com.xml
-a1333d20fa847ea8be6f8bde7d218263a5555cd9e9b86cc2c3a138a69a3de71d,1,1,CompraNoExterior.com.br.xml
-36639069762c5623cb782a792b17088694f3242fa84db5e8686b431d36d74f07,0,1,Computer_Lab_Solutions.xml
-bb4335a9690793a7035cbbb5025258304be703efbb97fb0071f617996808fcdc,0,1,Computer-Steroids.xml
-53750f61d79098ab338a56cff7ac2567092601c8d9861be25e79cebacc73d197,1,1,Computeruniverse.xml
-5a428833392820bbe321cfcf8fb2fde2748130d078e0f3f48229d35b6a5f617f,1,1,ComSuper.xml
-4f25e864b2b2c8023c72a18c4645f2bc659b9f3efdad9b5a8623fd3becf08780,0,1,Comviq.se.xml
-9af8592b4c27261897b6cd7deee5f974361b9831a26cef0bb7973f5db0729d61,1,1,Concur.com.xml
-ba07862597c14cbe93a15f25f88819b96a0aa1265d58e078b54ecc0fd208881f,0,1,Conde_Nast_Traveler-problematic.xml
-584074d4e890000c0c180afb290a22138ff376db5118161842c4e5d78bce67ef,1,1,Conde_Nast_Traveler.xml
-a1702eb596ce0c2db770d6553cbc38a621bdb6f795032b4d3e109eea7c7f5e1b,1,1,Conduit-data.com.xml
-87b80ce3f32ffdf19157d20003e9b0455629a9596081bf1351d2da42f56f4477,1,1,Confirmit.xml
-02b3153c54aaade0387d2be93976bcd83cec356da2217dfd19b1d5f5bce58703,1,1,Confused.com.xml
-4e4afd9324120965f69988b05d3a414e70fc93ae07c352cd628b10921a166680,0,1,Confuzzled.xml
-4806cc37a6d166ccc247a5cf2ce5f776e69ac36043d56bb5e2fef406f9ccfea5,0,1,ConnectMyPhone.com.xml
-a79534ae1059876bc76c072c81fee31b3ee5572980bfbe2f87943f023829d2c3,1,1,ConsCallHome.com.xml
-2ceb9721bb2044c6d2d9ec83baea99106fee843c6eda1b90e5d0971dd569593c,0,1,Construx.xml
-971d95639a217ced3de0aa1929e049957c9a897116a85786e403cf71943df656,1,1,Consumer_Reports.com-falsemixed.xml
-4655407c663c2f1c511e2c4bd111edde8000a54a16e3e2ad2aae566769956484,1,1,ConsumerReports.xml
-b0b44d9546df79eec8d67847c7a7719f0c597467cf94fce3585ceb0990649626,1,1,Consumers_Union.org.xml
-2431f9c01be0053096ff548c0c7545cf015bbb68c00d1645e5894a53c26f4a5a,1,1,Contactual.xml
-436c49a3cd92b2d701c90db91f96cf8ebf3a3bdccf609537f23d6cad31bdd6be,1,1,ContactUs.com.xml
-c09155445f0f22805fe2d2894f1f9d0d89cb5d283a0b147412cb4b6c2ed4a1ca,1,1,Content.ad.xml
-62c92737e9ae019baf69a7b8c673c7c9377bf810761f0216cb8d90f4bf53f81c,1,1,ControlScan.com.xml
-710d5a714c74db826cade92c25b332038409f800ef616a03360634fac19fbc1c,0,1,Conversions_Box.com.xml
-07aec2b14f80428ac276fa287ea846bfba851a6d46b0f39e4640e6fddbc10a65,0,1,Coochey.net-falsemixed.xml
-650b5d9a73344bcff3834fd3851ffa14e7f810949a518eb27ce679bd4a5704eb,1,1,Coochey.net.xml
-e89ea7fdf355e007338030ec2084857d7903831a21c76d666113b3cc3068d4b4,1,1,Co-operative-bank.xml
-240dcf8868b04c0cac4e396a54bb5da086a984ed3f3cbead72e67b6d4200c778,1,1,Copernic.com.xml
-3563a8b1e77346e627440c9054303a707a7fe3e6a253708af6fed75051c1256f,1,1,Copy.com.xml
-d5008a99ca26ac771eae43451d1a3f388ea560836b48126ed51e332c61ef850c,1,0,copyninja.info.xml
-ef05036cb7d38b14c929227053805750a7edfe003398e0f4c70e5e8d2f70334a,1,1,CoreCommerce.xml
-d7baeaa6bec397bdc80535854950e1df5da6e87e37f1d852df3fab12c5764f42,1,1,CoreMotives.com.xml
-2da557485b91db2cd8fd822d4f0c1d8c9d260f035f75827b8721576abb34bf18,1,1,Corporate-ir.net.xml
-71251e0392f89cae88afb7ade08bb4679832258a9110d272f04cb4aadd3be46b,1,1,Corporation_Service_Company.xml
-96a1e4d8a7a151bf30f2ce5bdbcb762f5322add6297e6a17c1d26ede3953146a,1,1,COSMOS_magazine.xml
-d1698155b22b3b7f5f0ca643cea078451d79ab6779f6f261d8ca54805b3db3e9,0,1,Costco.xml
-2468f6840c6141631608ec3bf75e9fb94e1704cfd757a0f331ef2d89376cf59e,1,1,Cotera.xml
-14f57a9f712732f4a7d072faea9dd8debb34ac651083459dadd90d2f7b611d3f,1,1,Couchbase.xml
-51e4dfd5e80d3187c34dbae64ea978a12df199da807108618c0db357d608742f,1,1,CouncilofAustralianGovernments.xml
-f66c96d6bf5531963d61883ead19002adca60f493e55c25a7636cba436b79918,1,1,Council_of_Europe.xml
-559b645ee0a32f92fa47772553993a3e839dba0b30267610ac4dd967c96d0fa1,1,1,Council_on_Foreign_Relations.xml
-491a52cea147014a5240c15914dfd2ef4040c6038f0b415df00c1a685841dcf3,1,1,CounterPunch.org.xml
-eab2f29237fae42f6e1b89c197463fc44ff379d43ba735071e74a934a7c73233,1,1,County_Star.xml
-5add301a46b63b39f38c55e680dca3b606b865f52021f0731f6a48367bc5013e,1,1,Coupons-Inc.xml
-6b6befc9f4b41cc1e70a24fdfec110c687dd1a26df822608cc4d662ab3ec31d9,1,1,Covisint.xml
-da9a0a0c9b638547a35e0c9efd4014cb097ef12b7ce99e9013504b0f156ffb01,1,1,Cox_Communications.xml
-47739d2c279c0ef2ee8d961a232b7448176f77f876456a41c30dc157f0034258,0,1,Cox-Digital-Solutions-problematic.xml
-c22b52fab2d5c0ae1ffb9f2f497672b1680a2a71c5abac5b9e3b11282594d51c,1,1,Cpaptalk.com.xml
-efb916c1aa3fb9d918a1417dca8d0b58b3ed0ec7d542fca086b50dec6f3f57f1,1,1,CPSC.xml
-ded355a88fe5073f3e717f77edb9653c6d370ef9447c687269dd7f1e881c3a21,1,1,CraftBanter.xml
-8a95bf245a528fdecd67ee9b2d3703a129581211501d34fa29afaef005287aad,1,0,Craigslist.ca.xml
-08f3749268ecd600f52dc3ed7ee35741b72088fc2b84ff1dcd24aae5d8609410,1,0,Craigslist.co.uk.xml
-9fe88b19037e7cb59d028c3fd40d30afb5e4db3e3f8b75299d9301245275542d,1,0,craigsmith.net.xml
-7cab090cc110a6382eb16a0807adf568b1fa09d7ddb12325302a3e9480a7c978,0,1,Crain-Communications-mismatches.xml
-b326680f30a9e718cfab124855675c6b1d30fd7dc77ce1bcee1994aeb7747451,0,1,Crakpass.xml
-a558785d006e95550a34d309e23f47f79ab251a2b90085a06ef290f9c2a06120,1,1,Crash-Space.xml
-93b54b704f90bf8ffe8721327f19c3ed432124b6ca8c789553ce07022158b91e,1,1,Creative_Little_Readers.com-falsemixed.xml
-6ee9eab4d6c93aeb2754c6b34e841dc18fd6a0a2c8d59f7d546e6db23bb56c52,1,1,CreativePartnershipsAustralia.xml
-04f0d43bd1ab894b64d8ca6fb5e81b0213a4905c1bbd19bf92700ccada4fc0e4,1,1,Criminal_Justice_Inspectorates.xml
-defee8b0ae60e03f8bf6c53e0d3bd312c5daa7d5cde511a0528266d2561a0c99,1,1,Crimtan.xml
-b79d2673063115a953fdbc430f120a2798a09c573c1adfb592b23f0bf05bc411,1,1,Crittercism.com.xml
-1cd80467b55158721959b770308681c9e59a37977c7a4581996bb359e14bcd8d,1,1,Croscill.com.xml
-6d62cfeac329c56785a2de8ed1378f036aa820828ef36c0a94ddbc2f591cb1d5,0,1,Cross-Pixel-Media-problematic.xml
-8b9817171a2f4284abfa8220e171d15c012a0a7e0fbf0167ccf4cf7e305e66ee,1,1,Cross-Pixel-Media.xml
-221dcf657c72d6e40f1a51a91d5ecd09044d123c12802befb0c64e122824d1a3,1,1,Crowd-Science.xml
-81ccb350c19e3026251587982cc7e5d5ca0b369a2b4ad7430bfae069146c13a9,1,1,CrowdTangle.xml
-c027ff29586919b8f684e70f870491c7465d14a49c4d7f4b3d9a891959d006eb,1,0,CruisersForum.com.xml
-f8652acfddf3457e9e0e85b2bd132a38ff68b381f932ddd3b5a21969b2dcee6c,1,1,Cru.org.xml
-80ff66109e0038eecb6e67362f210c6d389b69ab1044cf621d1ea28f7b624f19,1,1,Cryout_Creations.eu.xml
-5c03af15958cb4c8708e01cba17343bc6ff5960e3e4ea5f8b079e6198ecd4080,0,1,Cryptalloy.de-problematic.xml
-734c847c64dd4746922d7dfd8874f2de5aeb8db469d6165352965bfc43a7d564,1,0,Cryptomonkeys.com.xml
-cb23a1bd35b86d242a4028ed7f0d6fa55a1b01d620b22f552c54ab3e8aa64562,0,1,CrySyS-Lab.xml
-372abfbdb2705be196421bfc03d1c8b87e4bd0fda032ac674fbbaed328278fa8,1,1,CSC.xml
-c5c09f646294a95e637a5f083cf0a011f0bdca6a4603d1d102973457588acd74,0,1,CSDb.dk.xml
-27a6af8836f65d1739e68b58c32ab2feb9d4567c111f0ecaf5c95d20e6442040,1,1,CSIS.org.xml
-cbd89ebf0dda04e2e724d28aa789e60106497b41b01593359e833372e862e31d,1,0,CTEP-EBP.com.xml
-7ad4d3c27fac03a257936dd9c380abec312479338110714cb22eb95085035d35,0,1,CTOvision.com.xml
-c176d8858c1e88f8d843269a3f3f99ad7350b4633a7af01212c959df51ac0673,1,1,Ctrl_Alt_Del.xml
-4c82fb71dd76ecce008a283a688f468dc95758a8b164fd4daac98b747eb1a7a8,0,1,Ctt.xml
-417001159887bb430ea3c8e00dc43c7e3b6b1b895e889674a4869c467d6ca0f7,0,1,CUFP.org.xml
-1458bcaba2c8a2abacdb39524deb5de8016181e03ae8030d8933478fb054ee1b,0,1,Cultura.no.xml
-8619973ac3fe5c8a8e4ddd2d2ba0c23acc05568d7ddb6921b33a04ee6cd05cdc,1,1,Cumulus_Networks.xml
-258af092eaa3233c9892e3567c50f656c87ac8d57750c326c01bc6b8417c7d82,1,1,Cupid_plc.com.xml
-075ebb3dfb5aa302007e743e7d34d4a2ada1db88aa6b7875a2e14361eae60ed8,1,1,Cupid.xml
-a1375ad5b72a20bf94ccf118cc4d2386590687196810774dbd35f29de8b058fd,1,0,Curbed.com.xml
-5631d37146e3333b9b113ff5ff7dd6cadfac322d6dd31d5f82a625a911363658,1,1,Curso_de_Italiano.xml
-80d1cbbb7d54bb952be8a2b8316ab8cb80377de2225d9013c390c71185d7cb4d,1,1,Customersaas.com.xml
-94d9f71dfa4e323b8aa8420abd459c4e11a852fc300dae5da00b91af9c61eb36,1,1,CustomWheelConnection.com.xml
-ecc5224bdf13e70d53652f6f917ddaf3525b293a3b014583a7e366f04851145c,1,0,cwrap.org.xml
-b17c5b6f92f191120aa22ec936beae3a2e3d78e5da93467bff6013eba2ad8f25,1,1,Cxt.ms.xml
-ecb6609b54104e170eccfb8b213b46ef8571ed159691b69cd4e38ef28887120b,1,1,Cyando.xml
-62f9443ccedff68a2edfe57cbd28c734eaaa8a90177ec3ef972c51a0a7441715,0,1,CyberAgent.xml
-f31a224781a44616ce4b02e2f73ae07661d790019f81c90b1a0dcba209a1de37,1,1,CyberGhost.xml
-760cd650faf849e6b19245755eefd6460eb401ad4e174983e7dc5a28a50cffef,0,1,Cybermill.xml
-c5f1993198ebf0755d6d2b884f09cca076a78cd635c91810e60e6d0c36938638,1,1,Cyber-Security-Challenge.xml
-0cc7adbb68a40372d01e20b96c40cf03f2f7b4f42c9a42bc08754c5b8b7e6065,1,1,Cyberstreetwise.xml
-bc5f40825e2152d2725cd095f0af778875bc307c14701f874a651b3572adab65,0,1,Cybertip.ca.xml
-94ad8baa2a8b8607e45229fe2d5c8c43fdc7b53965d519bf47e075878096f230,0,1,Cyberwar.nl.xml
-514030beaf41176db4804a7febd2de28af67e58ed8bdee64ab5ba3214fa5b9c2,0,1,Cykloteket.se.xml
-11fbef400109b58c7398e550987a2f5295c4e332df7b32537a5faa80a5d18d49,1,1,Czech-Technical-University-in-Prague.xml
-7635fba229d6993cf9187411c43861a7619dbb2565874ae66dc5767b59aa7533,1,1,D4design_Studios.com.xml
-0b1a6de4023a402b4d79c12a9d2b45c4c7d2d309203536bef8ae9dddb5113e19,1,1,Dabs.xml
-a1049a56c5c2a1cce92f352b76f5c0d5d249dae33f22227864783a80a265606b,0,1,Daft_Media.xml
-fda707e8dada58291ee3866612e09eb478bb59cec4e118d8a3e1322fd624f194,0,1,Daily_Mail_and_General_Trust.xml
-5d520ded6145524b30bb81f0ea3e533faee576e33bc34df3420663a5460eeb39,0,1,Daily_Mail-problematic.xml
-48068ffeea3bac8f6607d8b7ef042097a830f1ed5141b71a6b03fd73e2322076,0,1,Daily.xml
-607ae42d3906148f643091e3d42025c9ffc9997b3064de7de892580adfbee5dc,0,1,Dakko.us.xml
-0d3faf3da32111974235f26aaa4eb8ddc0f33c008708c891bc5cd95e29172e8c,0,1,Damn_Small_Linux.org.xml
-f93e9da945b15136beb53eeabcb53d9d5bf1f31abe20c877ffb727cba27a2f00,1,1,DandB.xml
-d34d3a77ed0a2a71ab5a995bc8bd73f2fdc28bf55c1b78033d5b4dfa546b8cae,1,1,DANTE.net.xml
-fa6bf5ecbf93413bbfdfc339db3977600f5056a2837d15df74fbbb5dfcdcc1b6,1,1,Darmstadt_University_of_Applied_Sciences.xml
-2d7db66046578cb426ac52ffa00a0fc9091ea3c478a40f085fbfb2105f24d2ae,1,1,Dartmouth_College.xml
-3403f1624cd1350a9d7db9ccc20fe13619099815c6c6641ef55f4d3160338c78,0,1,Dasource.xml
-37e58b8592a8107db9688e01f4bb1a6db82fe0f0acdf6c3c1d5ad2f2c83cc99b,1,1,Dassault_Falcon.xml
-9f7e268b3ea25d3e127359a899d7f52149b714c7be091c7c4032933bf7b2aba6,1,1,Dassault_Systemes.xml
-87d166eecc99ba2e4a64419967462f1541253ef4b2778758d1f1b319bb3d1ab8,0,1,Dastelefonbuch.de.xml
-887c98b7b9913c7fdb123653bfb86245f5c77fe664dcbfbeb5dfe31e1cefd6c8,0,1,Database.com-problematic.xml
-a7d3313bd27112e3b58470d617fa23e5c45dad2250b0d024125b68fba7a5dd36,0,1,Database.com.xml
-bc17361035a720b9576f23deebf1796a2e5de6fe1d2f071e12f6f9fc9bd6c7d3,1,1,DataCamp.com.xml
-f601a504e65f5aa8578d007285a8666375288cb1430bba957245b4af3e63b2ce,1,1,Datacard.com.xml
-950dbd13dbd61b89e6072251f1dc0330d8d940503beec8592fb63a1b8c8e7a8f,1,1,DataCell.xml
-8cc5ce1e1d308f17e685fdf197fad2de85a59a1392d4e9b9097857cc31171c56,1,1,Data_Center_World.com.xml
-5686ded37e0b6efacddebf55e0c5d943d2e4dcbe671fe25e6f9622a574e12ed9,1,1,Data.com.xml
-c938b7f96b109a0488d5408bf9ff59dd325df519710ce2a786cc712cb86d951f,1,0,datafile.com-resources.xml
-03b1ba19fc1ef40bae4ed54157546d0a2579da89765a47f4aa7b0112a9a8eddb,1,0,datafile.com.xml
-55aceae12dc21dbe66e294b3e12dd302e841c213ede240122100878003203e7c,0,1,Data_Informed.xml
-5699685d2061d654ee7b7d885cf7e24450d64a375b5d99f70979b5a3d6f65cda,1,1,Datamind.ru.xml
-89488167a1bdaecffde75c48135b59f0f3f4f784e8cfa2a44235efd0c0ca344d,1,1,DataMineLab.com.xml
-3c5b4f63385fe6f06d57c28f8318249835ea86a015594291a1208657c8cb87dc,0,1,Datamonitor_Healthcare.xml
-1708197efa6250816a0daa89684b23abd5b6ec10424c0e588c4f79759269be34,1,1,Datamonitor.xml
-1e3a6e9548c4695e497f2c70b8e140a688d130c1aa832f6ee57dc3d40db76f01,0,1,DataSphere.com.xml
-3313bd09107db392a871be91a9de6944cb93895ae79e67fef855166adef81c96,1,1,DatStat.xml
-61b1cee10b27a9b8e031b2b4ad79ff61d242091833f4dacba9ff9595cf7636b2,0,1,David_Gold.xml
-12910fbfa21be2b1e6c8d237c720fb5b8b6ff1adcee00d90cc7922cccaae0f82,1,1,Davis_Instruments.xml
-a57ae2eea0e68d85ded9207e3de25e2e19bb21187e9ffa2ef3c0c4e1f2e95727,1,1,Davpack.co.uk.xml
-7b9a385cac34756530787bef70a0eb04727c5cdb270609c2e487ffc181f07e2b,1,1,DaWanda.xml
-5c275b107cc2a36516a811b22fa11b25e6436b5dddbea6c8860bb6925964f6e4,0,1,DC_Comics.com.xml
-9a0e82fa2c84784bd866c0cdfcb15b4fde531d057cd5b0b2c2ae287fdb5479b5,1,0,dditservices.com.xml
-91d8f3ac049e23f0bd25000d8113675ea2f41a1a4664c29c008d90178b8f797a,1,0,De17a.com.xml
-e595f6d1b173463543d789b5ae8b3b89220f549321b5c0fbbc439059956b3457,1,1,DealerRater.com.xml
-c4fbe0562ae997ec2fc23fe2f71b63006180071fc88ac126993c9d6c4191cf3a,0,1,DealerTrend.com.xml
-95d539e0b4c808750d82714c8d338dcdacbb8a3896c1884b04db4388a20922d9,1,1,DealExtreme.xml
-78c92cd9b90932227687233bc92ad00e35daf7021423f88e5d6c6fbf686d3666,0,1,Deater.Net.xml
-7616894d0d525e0366ba31271b6947f6e960300ecf2a2b2df6c92d708e710b2b,1,1,Debuggable.xml
-5fc1bb020310df9e528ce80b1199ca050ef0013df776312cd173c8180f2e894c,1,1,Decipher_Inc.com.xml
-6761945842a5270cd2527669b0be5d0f895f99d544f4001c075bbca3b1fe8a7f,1,1,DecisionBriefs.xml
-99448264eb68a506c083d15fcfeb1d01c1649f8ac86e0631a3f79bea64e530de,0,1,DecisionKey.xml
-9beab50432900f8782d6720032b6262671d1a04f960e530d7906e866ee798365,1,1,DE-CIX.xml
-fa2f565bc4d9bed10990aaf12987f1ea6d4cda986c03ab69005c3d0106d86e15,1,1,De_Correspondent.nl.xml
-4135405716e5afa0d5020b47fc28f47d40d248d953c681853f852054053778e2,1,0,DEF_CON_Groups.org.xml
-a500306d72637bae78a1d0b371b9a8f10da6859172ac4827c61b76729cee86f4,1,0,Delaware_Online.xml
-8e2fb9b334a1504d2a79b1d59bb0b8aac0c51bb9088960524a6f42af8dbe24ae,0,1,Delaware_Technical_Community_College.xml
-45795b36ce0a095278fa9b311648ccb7f94051ed1f755235fb6e378a766c5e26,1,1,Delaware_Today.com.xml
-4686fb4dd00fdb9a389a6b9da295ceeb432f9c119fd2a14f2f1f327d2d41fafd,0,1,Delico.se.xml
-891c7562e59b43178bbc09fbe6af5da6175df8e9d5806280f639e1e04fcb4fc6,0,1,Dell.com-falsemixed.xml
-fcba2d58f6859eecc6cc3080160f3838c47e1aa35e768e8f2a919808d6296584,1,0,Dell.xml
-875695dc9d32681fe988b14271f2cf6ef76cec70f4da0f81e13e8d6572b3a0cf,1,0,Demdex.net.xml
-4d76501ee8caee0a5161167058233598eb9fcb502a19f4a492f944e5f042a616,1,1,Democrat_and_Chronicle.xml
-ac394cda45cfe2f76348a565b822a97b95a5aa3b9a9d8183e14388fc44ed86d2,1,1,Denh.am.xml
-611b6385ba2d856e584eeb80d43b70382a9d706ebdbbafb4c8c89a66722f0111,1,1,DepartmentofEducation.xml
-221fa687299221e09b24cb860931141157176f51855450427c065a9aaf6b5645,0,1,DepartmentofEmployment.xml
-7af88ee7a0e2ca327f894f5dc934e17c1c3ac2d4db7220f76edb5839162e9952,1,1,DepartmentofInfrastructureandRegionalDevelopment.xml
-206871eb7e871c35c77af7f7c754a4fee6aa11846a3f18e623110bf7cd1ec706,0,1,Dephormation.org.uk.xml
-1dfe58efe0535612259f322adcdafc6d0384a6f265a528d9916f815c68e35553,1,1,Deposit-Files.xml
-b0cd711464ff673f4b086c2911ab8af7ed3fb5a2c8bdc904cd44c91ba6d153ec,1,1,Derwesten.de.xml
-9dd139c97c93d9025c5588adacc5cdc8bc82a2837957f4f1e055bab121edcf83,1,1,Desert_News.xml
-f96207dbef9f186192e42047c313a1e3926c8f0262c4d5da9984526ff225d598,1,1,Desire2learn.com.xml
-f7ac41f01652f32d4053e7a4b47997e97f8f1aa08c12a01dd72f27276a476fc2,1,1,Desura.xml
-8e0c8d279c34bcd0e90d9c35f1bf31b7f1df755020ffa9341f6155a57fbe59ca,1,1,Details.xml
-97be3b5188364d96f05fa5c7aec1494f7d0ebac7e9639d8c09cdeb9dbf3b566a,1,1,Deutscher_Bundestag.xml
-d3ac7da52f675d22b7fc910eb3ed3c950ac43a8ada57c767bdf2ff42bfac8ce4,1,0,Devever.net.xml
-86a1f9c349c7266714c5d4a26bf9e6674443fae524e040bad4cdf0951f73a988,0,1,DevsBuild.It.xml
-fe8912569f087a1973bb0d9035dc00ab630eefed150c06a51cd6756243af917e,1,1,DevZing.com.xml
-5a3b022a658985b87a1a497348ecdca4dc3c29499681e1371f2793b0ab58bafa,1,1,DFiles.eu.xml
-24e1a5389bc35d553f48e0b8f0fecc7168ff63096b9115f3e48184e62f22072b,0,1,Dgl.cx.xml
-8f2ff5fe50e0b8edbb175166a44e2877df47e5951510d8650d18960527196904,0,1,DiaGrid.xml
-450f88fd960579ffa22b42f6e3ce2348be724fb59ce00353d742d078e4996bac,1,0,Dial_Direct.xml
-3305d9df13dc034d25ba99a814c637f0935a9801f551e418983d7fbf70bbdb63,0,1,Difference_Between.xml
-86d1db5cd3c8d7b3b6193ee894cb23a7ab7d2d5143453fad7947f2a83e15df10,1,1,Digg.xml
-72099e236e3d90ddc3029f251a6bb77bd29d4f63715c940a7953d1a124181c67,0,1,Digilinux.ru.xml
-3449a7d7da46522205fec252bc4bd787e9dfac2f15e635750d9cfafcc825f3a0,1,1,Digital_Photography_Review.xml
-1ae5023d7b4801aa93edc7b86c769faba82f98f393f917df3f9175b5bc594855,1,0,Digital_River_content.net.xml
-e310e63ef6342c335d5e5b08228adcd3af2f0ccdcb966e42cffeb07cfa76a0dc,1,0,Digital-River.xml
-81e06d0984af4aa05d175c084ce819c1859ecbf2bf5717a2336d92f2e26b6450,1,1,Digitaria.xml
-8f24d6a49faf7ac63a5a48b5dfea5d55a076865183dd5319b9cee2f6e6de8cfb,1,1,DigiumEnterprise.com.xml
-c92f784016627bcb6be1548ceefee4680d0a955a0ed387a43ac4df11053d6cbd,1,1,Digium.xml
-21360af8ca2e9b2ca3865b243746eb8a357911741b3ed852a5a85b9bd2e4f7fb,0,1,Digiweb-self-signed.xml
-ca8710d2eb4a66d458863fcf716191ef82ed5a669710d97cf69c8573e7893be5,1,1,Dignity_in_Dying.org.uk.xml
-05a99eccf708bca913786f423daaca68b711001bffc0af52e173b0f31a38af30,0,1,Direct123.fi.xml
-29be7c781f8b8f1abf997430807e02b08c9e9569afcbcb8ec6c8ce05f4593871,1,1,Dirxion.xml
-dd9c9f906d5eb25f5fe364643e0a294cbcc483237b20d765a8c550c2373ee970,0,1,DiscountTheatre.xml
-ec9525132f84415de401293436c276fa6cdf29948edde5416665e10270bd8456,0,1,Discover_Card.com.xml
-65f1777abf53781ec3bebfc418b72e91032db63fd973a751ae810e04d7297016,0,1,Discover.com.xml
-3344bcc1244a1a002611a746364efee114e9347a0a7303600b89410b381b2475,0,1,Discover_Network.com.xml
-cbdb894eb5bae94156db1210de8033c32d42a877330b14af87c4d2abe5f58e81,1,1,Discshop.se.xml
-7966250976cc1f42f14d4d6313179ddcda2f0f277c1a410c2f53eca1b3bdab88,0,1,Diskusjon.xml
-b2d668729a2456115d4b50ec8d011a081e5bb4c285d6ab5396f863801fca2e0f,0,1,Disney_International.com.xml
-e727d1adab1f0aa86e858ee68a4a980686b68a3fef49391b1ca1a03974ca9c11,1,1,Displaymarketplace.com.xml
-e9064e2b477b0b316354b1453c37a477fce1ecb6406e7629b95e388f1026eaf3,1,1,Divide.xml
-bad2483863057b0e50392fb50e8c73710e73abf0a46b947dbad947b8d9493807,1,1,Divshot.xml
-a97ee617ba3cd2e545edd6f11eb667425559acb60bab4cd0fefc060741609420,0,1,Diwi.org.xml
-f0ac70f0936b229f6b6748635f259cc1ebb6bbd0c924baf792a792af86295fe3,0,1,DjangoEurope.com-problematic.xml
-d014e7330debe4f838f895d1ad269f9f67bf5691aa460a86e070c72357b87e82,1,1,DKB.de.xml
-c1e3d22d2772fb3a45e39e36c2e0ca1078fbeed4bde190d21ac187c0fe34c5ce,0,1,Dlisted.com.xml
-8cbcc57225d5b6247f0c0201c325d8b26352295194bed8f69f20b3bab556fac8,1,1,DMCA_Services.xml
-6a73c97f88494ebfa14a1a17162df7e102994241e4a040fae5c5d0ae2e983048,1,1,Dmg_media.xml
-19a1fcb9d48789c17f465155d43b87e4e2655b8fd40defc3e42ba6e42ee70966,1,1,Dmri-library.com.xml
-1ff11bbb2cf7ffa3df6a24e92d5410025131180e1d57acf73299776fa752b687,0,1,DMS-Sweden.com.xml
-e0b18a93cb80b6b7ca26d92cd2ac710b761ce43f663cca0245e3e4f2d60b5306,1,1,DM_tracker.com.xml
-9f9c974327c2bddc9872a54faa945bdf30cb9de895d09dcb8fff62944ae169a0,1,1,DMU.xml
-cab182473bd2a1f12288fbf267de9e6bd6d249ba3f7d561186cc3b9eaca719e3,0,1,DMX-Austria.xml
-e0fdb47b4fe70d449a5936c1e49641e45bba7420d75a229368b820c27ec2a451,0,1,DNTrck.com.xml
-4b40d3fa1bc9cea039b1c056b1b57b0855d958960f06cd8b95924fa830516788,1,1,DNTX.com.xml
-b67718c7d39fa0155577dfedaabcb8f72d069298c5e7257f97b2624e8c016c3e,0,1,Docelu.pl-problematic.xml
-1d34678bb2fa3ee025f7d22e124669984e3cb25f56678c80906333de94ea7b93,1,1,DOCLIX.xml
-377a525a401137d1aaa59693ba7b61e34bb2bb38552a40240cfa0882fef9cccf,1,1,Docstoc.xml
-0623b7bec2930baa151f31cb182bd7e3ab3c7be4a9eaca4bde26f00ff9253dda,1,1,DocumentCloud.xml
-0c2d0599f841a470c303b8f4bcfffe014c25e51080b8ffa4c794350144ab4fd9,0,1,Docusign.net.xml
-28bf2d61e921bf887cc238eb70334a021e74b2b0a838389a9ac7fd30a77ca958,1,0,Dods_People.com.xml
-eac0b528231b34e19f80dd6e12aaf86d9d98092ecfe00e8c89ea59d8f1b19ae4,1,1,Dolimg.com.xml
-4c71f21fd8e201c92293d88d8162ce04dbabbd355ad4c6a2e1dca2704b129be3,1,1,Dolphin-emu.org.xml
-3bc36800ffea953400f0614cc4197c7f05485ba8eb8fb09ab24897a8454375e1,1,1,Domainbox.com.xml
-ab2e39196385d32ba4a9e22a424c627b311c49793e4a1e7027d19d29622e49ad,1,1,Domain.com.xml
-b327b95dd24b4cdae9d002fd5c39eafc73ba00a4d8a76dcc61c9fd189c0051f0,1,1,DomainSponsor.xml
-cd9c9d875b77202d9bb64e526dd1ae2ad6b5bafc9d4d6ec0806d6be463f5f53a,1,1,Domaintank.xml
-b4575808e4836f6bedcf6ca9541730adfa92585b28818a180376e5d8be6ee930,0,1,DomainTools.xml
-b24f4ad17b97e8bfa9b40fe9399e2f5623d687f5c9c427b312c206b3c2f17031,0,1,Dominios.xml
-f1df4015000247c42b9be46c989b59dd51ec2a6d2e7865a3fc7c6ecede114b05,1,1,Doncaster_College.xml
-36d041d4d69a225d35b12544499fe3ba3f53a861fccd2e6271483669e34d94d2,1,1,DoNotCallRegister.xml
-3c447bfc4ba8601142ff1caaa8b79fd8ab02970eb414108e5ef6edcff194c3cb,1,1,Dot429.xml
-73264e0180e021f87aa5b7150f02c3a74c8afca25179be5ee4306802c8f1570e,1,1,Dot5Hosting.xml
-cae36a66501f89c0165313a29e259f2cf36004175cde8a171a0c350bb65a25c4,1,1,DotCOM-host.xml
-687227146330d33670b19929f22fa13bd091a6c8b2aa9e1f25a265ac18247566,1,1,DotMailer.xml
-d51edb2655670ea1a910c1f79a85696274ce6f066ae67700baa6207d60727448,1,1,Dotster.xml
-2551702a656c30adee8da7a255387c0edc0534ac866faf1fde8964939853486c,0,1,Downloadbox.xml
-4c32fb438443d2547b3a3347d3b59eaabcbc53f9250ca6735be7dc6b22b47cf8,1,0,Dozuki.xml
-d6f6539911e50377e9ea5612c191b82977ea7723730c19d45293b3769b10abb0,0,1,Dream_News.jp.xml
-df5c6189185c156286a6de30149293ee2b3900120f2bcb2c7894c8bd0a6aef6a,0,1,Dreamstime-problematic.xml
-8c344d6d4d86bbae7bd97156567bd20fef3e934cbf3f4aed40956e62ec30c5c9,1,0,Dreamstime.xml
-4b67855f68d07aa5dd62c7b1470af02d953732516e530646752c5aae632d9baf,1,0,Drinkaware.xml
-6dce143c0bfb94e705a21f78d14dd5898868d1a649224c096ededd8910616adb,0,1,Drowned_In_Sound.com-problematic.xml
-c729946041e980450f9238a1177dbd53bd2d7f6d904444a27ff14817e5a8916b,1,1,Drowned_In_Sound.com.xml
-948fe6c1816bb404b4f3fbc4e1d21dd253cdaf065726cc41a7173f1055edb520,0,1,Dr-qubit.org.xml
-0240958a5ee854cb671e0f7dd960901e1fdf7284c1d8b0ffa34416a09fdaadf6,0,1,Drug_Forum-problematic.xml
-8a5da91c7d08a6107339674a48075a9cb0983ec7806a02b479d345598380b046,1,1,Drugstore.com.xml
-cad45c7a43cb9bfa7d8a08f92455bea3596f84ca4e3cb7218c4ab6a448448ad3,0,1,DualShockers.com.xml
-773340e22498c15fc86c69c271e1cece77c97ce19e9c4637ff83daf0b875a73a,0,1,Dueling_Aanalogs.com.xml
-d4ed3a03f0dcc445f49c298bded76f72b676629578a5a01bc25d3743aea9c8c6,1,0,Dundee_City.gov.uk.xml
-4b6114f50a7b63eaca3c4072be4f8c98e013bb9e4fe8108b47dbda9a99ce8bad,0,1,Duodecim.fi.xml
-669d76a745ea60b07aa27f159c3238d2b37f8957b30cbf99362f26821edba370,1,1,Duo-Security.xml
-d17805e7a9b4510e4c32168a16a588bd94d7114431a3610e42ef14d7016a5884,1,1,Duracell_Cloud.com.xml
-d1d3e7884fb59f03c02efe683d1ab6cd77b8d2fb507b4dca01645071c995b359,1,1,DuraSpace.org.xml
-8496afee88e5b9a35c67bf855d5aa960d9557295c3de825652c49d7666beb252,1,1,Dutch_Data_Protection_Authority.xml
-fbbe70181d1fe5c14edeb58820cc187697663b7ff1d6330318b52242cad50df7,1,1,DVIDS_Hub.net.xml
-c97bcab9e6309fdd7047f8506ee40280dca5163ddd1e7e7eafa6ac4d2318360a,1,1,Dwarf_Fortress_Wiki.org.xml
-d4930c453a7b73dc9960d7cb990a478dc509b7fa5ba1cbc5c7481b1f7cd3ff3d,0,1,DWheeler.xml
-d2583dfcf899fb4703b6fb048f03528a41c3987cd20ce5fd36595b58aeeac119,0,1,Dynamite-Data-mismatches.xml
-a4c3e69e91d4cf1c315c2a9642509a5effe61c1deb34efb00048759d287ef2c0,1,1,Dynamite-Data.xml
-182a0f534676e66e0bee294637d21c86d4319ff7e22f76205ef04a3e25dbd59c,1,1,E2ma.net.xml
-585eb2c789ad22c3f1aec8f901f4cf97df2f153bf8f979ea5db066e8a3dd0794,1,1,Eager.io.xml
-55717dece8f1f8dd0fdc62b0bf156e07f1d80a578c4b520740316ec4d3e0c073,0,1,Eagle_Rock_Reservation.xml
-517ad60fa0cfaf8b6892c72f664a4911a47a0d8f2b2219572202c2c3b16b9413,1,1,Easily.co.uk.xml
-001600a56e02f6bc26a3d000364b7b9f73c8503aaf1387b7e4ff494bdc79ca90,0,1,Eastbay-problematic.xml
-2385fbc82fc014dc18a066fa66b03595c75b2ec3005ba9d2c2c2ea8828023bf1,1,1,Eastbay.xml
-1c87354f2f51c188db3313c9c68460147571ed92296962e148563e5def8ed4e3,1,1,Eastmon.com.au.xml
-61b46e4fd28004ddfae160ab1527475fa290ebeaf0f756673c86609a431bade5,1,0,eastsussex1space.co.uk.xml
-332200909ab116588d0483ac47e1877ead9fcceb221724a8d3fa50251bcf1694,1,1,Easy2coach.net.xml
-ed4d3f6dffa7d460928531572c4eef1f58a85681ef475721ee5677407ece8f71,0,1,EasyNews.xml
-0b8829a889f400ac3171d5602ff812f5bbd6559db9d6a3d3b835ed6694ef3e60,0,1,Easyspace-expired.xml
-2cae44c9bad27b188bbf6f16bce3b3307d7640b282fac959b5427a800242cee4,1,1,Easyspace.xml
-daeafd482fbd37b61bbba2a8c9c19cb05ff2cbf1422971c4d1132d93a31c2d95,0,1,EasyVoiceBiometrics.xml
-421ade575e2e1e0e75d6c7bc746c9615bd7fe023bac2e3a21401cc6c61c2ee3e,1,1,Ebi.ac.uk.xml
-69543b744db80de441dc597c4edba83ba4ae47aab02eae703ed5782b59a46796,1,1,eBid.net.xml
-c2767020a45a762c9d5b799a7b20f5ea6a1d9e73cc4d4601491870c90cf24360,1,1,E-boks.dk.xml
-a236b2041b6696a94edf8eb10f21f2c384c1fdd022e6f93a2a6e97e0cb1d4bff,1,1,EBSCOhost.xml
-3d7ebd12328dce8238e333e2d00f53f314ea41fc6cb532d5f48682229e8ee622,1,1,Ebuyer.com-falsemixed.xml
-9a88de16ac51e357ce386b479d2c3a0d2b1e18a1df431478f16e01acdb1b90f0,0,1,Eclipso.ch.xml
-d925a3325215118a9689693a8044370e2be4b7e8e0e0a82c80262b6482a18d14,1,1,Economic-Policy-Institute.xml
-8583cd04927bd625a3a729aa8e87b900c34f5eeaf7e2ba0f534600102e6be16e,1,1,ECosCentric.com.xml
-27d5271339b66f984ea5bca4be574e9faed8825be522c825f5ee4a20e4d74d77,0,1,ECrime_Research.org.xml
-fa10b7e1c4419b8a29e8a06c051be882e02d5831c1390ad67e5f814bfbd7447c,1,1,Ecwid.xml
-792f8df60f756ad2505db27b3aedb9034fffc3b05cf532fa9474de3284aa16d5,1,1,Eddie_Izzard.xml
-7a47cd722a2b786301e7dfb9f3f1b1b98e9b990b7db4a515e208bdb341d4fe06,1,1,EDF_Energy.xml
-0fd8b8e00dca36f004c9859eea7c6ea7f89e9c52b5d2787d7da45422a390ae51,1,1,EDI-Health-Group.xml
-b22d6d466e1ec67bc4e26697a8a7832805a3a77e535b228d7761b3e2892e48e1,1,1,Editmysite.com.xml
-a5b0a947f2d00f9695d765c856b547a5c70fce6467f891cbcb0f5d0c374b0bce,1,1,Edublogs.xml
-9cfc2b1590091c32d4f070013b9eff9ee1ea82c6670dbd3e131f58452dc8cb1b,0,1,Education-Next.xml
-468c2afebcd7f360b6366069e6f9f1ff38d3d5289dae2e6a1a628f7cc939d232,1,1,EdWeek.org.xml
-dc82b0c09907f59b1b4951ca409c86aeaa787a206e90aa5e0c437709c2e6ce37,1,1,Eerdmans.com.xml
-772fc66915c575b5e3c2b9330453da903a06e156fcb452206f0b0db4330ee367,1,1,Efax.co.uk.xml
-94e1c564477de76f8aff933faefb566f48715eab8ac5240687d3f2b55cbe5189,1,1,Egg.xml
-36afd0e2b1b50b3355206dc9de254dee4270b7a11d32ba931bcdb9f634040fd6,1,1,Egnyte.xml
-7f2e5e24ced98a20694c8041b07fef96dec1c95f1a1318d9ad77fe2cfd337489,0,1,E-Hentai-Forums.xml
-0231502d992426f6dc6c8b6488cfb220c50aa5d5a624b854e956ca7f66269366,1,1,Ehosting.ca.xml
-a0a7221c1fc66a4102653f74628ce9466583170be080e90469bce515c6d3fc10,1,1,eHow.xml
-0c6fa2d103cc751bbaf39716f8b66ca63684ad1865e79a5736cb526094ead69a,0,1,Ehrensenf.xml
-d365f54ba88e9ee4e13bcfc5e40fee7822bbe84a1b6efce59d4270a6b889f28b,1,0,ehsanakhgari.org.xml
-d3812b45da73e759d3fd7d65bc13e9fc5f75d97bb15dbb0a53c4e9e11e9c7f97,1,1,Eimg.com.tw.xml
-5d5182ee2bf378935e1ca445fe4ae0e66814b9240c28cbf09cbeb842fb1fe04c,1,1,E-junkie.xml
-c851bd0b57e40b94562556a24ed0e8dc16271a0daa395b6007fd064fc748f665,1,1,Ekiga.xml
-822984ee7464450befd847ba351e2609b8b6b34ce8116ab38c54ddcffede5b5b,1,1,Electronic-Arts-Intermix.xml
-dcf1909c9a17902e9562ade0df2e832586acb62e78c714c1778215d0fe043194,1,1,Electronic-Arts.xml
-f106d27639eaf5408a3e9743c4e244ec06a28550d8484f31afbf0090f50897d7,1,1,ElevenPaths.xml
-33d19feabaf5d7650acfd2dea5a837a763a632626c755caed1bceeb42ffbb6e9,0,1,Elijah-Laboratories.xml
-9f6fdd52b76097eacb8c275e74b6e8b4013e25c7971106a229bb3524b614de7c,1,1,Elite_Casting_Network.com.xml
-92b5a0f2765dc0209ee35f20bfbab7f44970126ff686c803d592213acac588f8,0,1,Elitepartner.de.xml
-d6f781131a211360db82ee552f0436ef3008e909b6cdbd9175e60f03ffa56a4a,1,1,Elizabeth_Smart_Foundation.xml
-03f6035a0d5cd3824fbc733aee7c1dd0d9a48cca2e3b612a7c2dccbd7920b6f7,1,1,Elle.com.xml
-dfc9384b551dd838583376c78fee9d0f89b5b1c1f4d51166555a7deb12174cc9,1,0,ellislab.com.xml
-51e806eb424c2a1b930fb7d2f4a05d99d3542c3132395a6d472af21d0988165b,1,1,ELTE.hu.xml
-995c937ddd871c8b758697457a5b14ca6c04d0911197fadd29b617391e49a16a,1,1,Emailsrvr.com.xml
-38acc77f3a1684db15405c335ffc2053bbb6959ebded1e53a76102e3972473d1,1,1,EMC.xml
-1d5f53d890008891065d1172327c971c2aac7a7e965e9ffdc3feabbe2d037492,0,1,Emily.St.xml
-13abe2167fec64e991b8e89e9efedca61be565e9d4f3b9802f500be922b9cf08,0,1,Emory_University.xml
-10adde51388de4b242da1c1b230b141ee9c99df8cb5700a268d6848aeb34769a,1,1,Emsisoft.com.xml
-db21ed9907ecd72397a925f1a47e5c99e3d84024370ffb30b87b1b5142880bdb,0,1,Encyclopedia-Astronautica.xml
-fdc6f35613ca403c67fd77e11e53de8f785438778f401276c80ed5293f37a5b9,1,1,Endace.xml
-431fedb9cd9b68a915890080f1eb4996aa3a6edd00e91b6cbcd6749178cf26cf,0,1,Enecto.com.xml
-f0de518cf0f0eb2e7bd3bc0e7509804840f8bce6126de38ec4210f5602675b57,0,1,Energy_Live_News.com.xml
-1ff6ed01db6ea788c98c9cf3714e01be738e93a7f88a11659cbd8da702bd31b6,1,1,EnergyMadeEasy.xml
-fced7732808ff54602eebf5afa0d78600effd4bcf27494067116c488b28736f9,1,1,Engineering.com.xml
-6418b8410785f9fade87c96494372065791223e8bc6dbf60a3a6db6717d827fa,1,1,Eniro.xml
-1aa1649082f82d7c748a59a29545356dbe9e111f925946cb4fdf5c40cb47c437,1,1,ENomCentral.xml
-f3e10d17d0d05e043b5e1077e372812e787f4b83ea8d7f1aee577163de67b0c7,1,1,Ensighten.xml
-31b251f10e07bc3159c86791dd343f857ffcbc67d3695423c5c5afb8a95023da,0,1,Enterprise_CIO_Forum.com.xml
-1768b65f338ba24a98f9b7bba8b7faef74f031d06b7540529374741f180326c0,1,1,Entertainment-Consumers-Association.xml
-c96dc247749b710dc0ff64ee7c60b721685ccc4272edec7d4f8afdcea9e124b4,0,1,Entertainment_Weekly.xml
-80ef1d15e2f1ed5a951dd080ea0f482e68dbdf69d2d26f37c4db7508e5a6f2ec,1,1,EntroPay.xml
-2ca4fd68486c7ed9b2229b029b17f898ba1c99c23e7132da7c15e5d62b8de32a,0,1,Envato.com-problematic.xml
-03342be1f13fcbbb19d8de98a172c33e0ef92b8322766df0743b05820413d7dd,1,1,Envato.com.xml
-09a7159cbece935f73ae3747c2c83a12d6852f1820ba99d791f6d6a97515c6ce,1,1,Envato-static.com.xml
-a22a72ce5c72dbfa218f9c19758ae903dd5e535bc43527a08d1b1b9b555b6703,0,1,Envirotrend-mismatches.xml
-d6bcf352b17998cd3dd749252c04696198281490324bcf4223fda56d223960e2,0,1,Eole-Water.xml
-679f6ae3966a79efa8f039ddb547c7acfba050eca8a54bea93201fcf268973e2,0,1,E-onlinedata.com.xml
-b82763e9cf1ccf4bfcf7ce931d4971bbd5f5d767431cbe015043bdf2e307f181,0,1,EPA.ie.xml
-05fb77d8a496e98fe1075d4917dc0711291c05f7c72c459a37ab13c193858fb5,1,1,Epartnershub.com.xml
-550a8a98ae139b24fbbee295ece882cc9d0fe46ac017093728e3dc1ef33402cd,1,1,EPB.xml
-bbc9379f3de6ff09603547ccfb9a2db3010598de0ffa419b5a75d696ce451ab1,1,1,EPEAT.xml
-20dd382c301bf79bb6358a31b02140bc49ea783847600c61ab6440c15525823f,1,1,EPFL.xml
-52a6b9dc4e013008f58b53424d04e899dbf6110a1d6ce7b5d8eef35a8a399a5f,1,0,Epic_Games.xml
-7b8ae8c613a3a8af91a71295c4ab70980384910c901ad3418114f71d56e70db3,1,1,Epic-Systems.xml
-dc0702e7cfe81c1f0eb6a0294602a0787e49cd0dab79da2fc7f012a1821a9860,0,1,E-Plus-problematic.xml
-1c6ba142e803510fcc4451fa2ef8a709e1a63176524d82ea851101333e190e8a,0,1,Epoch_Times.xml
-e2f2d077589a9a3ba447a8dfc979933810d9490c5db9fe1d4aff1775114c0714,1,1,E-prawnik.pl.xml
-6534287a0e888534a87b000596d98aba7fce20436b1d87bd32dae355c5c7e76c,1,1,Eprncdn.com.xml
-80e0ac321f52fae12e7289974aaab08e19e64b23680086d9c360ab0f000076c4,1,1,Equip.org.xml
-771c90d6313b15fb4d41a8c89ac03ef0029394521c105655c3d1aed1a8f44db4,1,1,EReceptionist.co.uk.xml
-5acbeae1638df64a1e8ab2a261d2b3f810300c376824e2865970d0a1932cf595,0,1,Ergon.ch.xml
-3793098713d9b3a938d3f649c355ba4c73571d8206b1fefaac8403766c7053e7,1,0,eriklundblad.com.xml
-4c8f9f8e74ca65cf55a0f8fde1c977b2c99f258045a95420add5243cb5ffe8c3,1,1,Ernst-and-Young.xml
-21af6451e5293d3c590dba9f14d347d022d8ce5d7a06b8d1960a2d7dffbf76b6,0,1,ERNW.de.xml
-40d2bb3f9270e7cf99f2bf2a446888d4c7162b079f5a196e0fd306ca7ae6c810,1,1,Erowid.xml
-1d0cf4aab6228ae65f34ff4ac5313082087f547d0b773e9403eb9ec40c19e30e,1,0,ESET_static.com.xml
-d23e25ca118556ffed2201bfe3df6bc1c7469563e1b683f82f65af65b0f738ce,0,1,ESF-Works.com.xml
-8d75ee8e4570e2908b5bcbaaeabb74d36ef0c022034f86565792ac558783c61e,1,1,ESI.xml
-ee65149b865e4f703d13430f142007992a518ed6b41211180268f09bbd5468c1,0,1,E-Sports_Entertainment.xml
-ec6859a3f65afc49a2741962c980c00d5aea61f0f584d527579ff4e4bc1547de,1,1,Esri.xml
-b4ebbea0286d44564b7e8984bfe2fe38ce080b1390a0d6d37315d0993dbedd5d,1,0,Etarget_net.com.xml
-e14997fcd1b49623692ba6542a019182b6f66628abd718680fbe20fec3725e7b,0,1,ETegro.xml
-1bd67e0a0c612c7d6cec4b3e9dae388f7fb4b4b7437030889e7af76a0cecf27c,1,1,Ethn.io.xml
-8d9add38a1725f7660e8bc03f9f6181886dfce418c3a726cef21f6672eee6955,0,1,Etipos.sk.xml
-4db319b5a12d2ba768b16e2ffcb6405c1ac8960c7f052decd7ff5c547a334c2c,0,1,Etrade.com.xml
-4ca176b8da733a7ca42a057b1611a7cbd1aa5d217bd645828cca28a160b12f52,1,1,ETS.xml
-ae016ec38dd372b50f679c03442479c2df1eee65fa59a7173a1548e4b289409d,1,1,Ettus.com.xml
-a09d7487f8ee35e17798818da7d1638ea49a417b28b17ab4fa4d7f48a27d653d,1,1,EUKhosting.xml
-50966d742f6bf11f91d21b8693bb7040c204c0a24c6f4a4ec2e490cd65eaf46a,1,1,Eurexchange.com.xml
-a9dbe1ad67594b75dc7993c7e982d50f8cb7b2a57ec68f5f42fe0aa685152c47,1,1,Eurex_Repo.com.xml
-6d3e2a1d8568935ff376e011fa835b0a9c78a06c40eeaf5b9732abbdf0a27808,1,1,Eurodiet.xml
-42e2dbe48aa84598729db8c890ba39a3840216c87e5e6f467b71dc5ff6f58173,1,1,EuroFlorist.no.xml
-4f002776c4d981ff1f1ecf7c7d24ce1b803258872209f871ef25c0e58cf203c6,0,1,Euroforum-problematic.xml
-c600bb6969b1e2f1ea27f7e6870f47efe67a46c935216b63fd02a5eb03f5e7b3,1,1,Euroforum.xml
-c9efe1af0aefad3c1958f279beaf0aa6eb707bc60bf8172bf57ee2e97c25063e,1,1,European_Energy_Exchange.xml
-9f07a1cd07e17aaef37455a8e6927200da4633d51836089d790ca00caa2a16a3,1,1,European-Southern-Observatory.xml
-fe4a516d3f0f9fe2a5b9b5fb91d194c548e2ba9c241c7a6ff22062229dd6433a,1,1,EuropeanSSL.xml
-1010344043596531b3010f05e41728fbf666944b16f1a0916ab3a7fc1635dce1,0,1,Europe_Miniatures.xml
-eb2c414ae4ec2c034261b3cd828b87ba62ea8fdf6208052149c7cf7fe882bbbf,0,1,EuroPriSe.xml
-c3ce6b72a929adc8d7e227f86884c300979feb2a571c85cc44db4262eaa6881a,0,1,EuroSmartz.xml
-37d22280f426eba13e6ab26c326c626ed45229c4743065d529956265887b4415,1,1,EUSecWest.xml
-ba895fc1fee78f637b19286b6836b2faa3c965363e4f93c02b3c3e4e098d8248,1,1,EUserv.de.xml
-c7d1a78c0d09e8db961d0d711d81b4967193f1692e7a23198a996e9dc8dbfd29,1,0,Eventbrite.co.uk.xml
-7ddbf472286dea4067fe4c1a3725df3c096d6b0144fe01f43fb8df5db7cf19b0,1,1,eveonline.com.xml
-cd93ab59fa23cbcc434b5a873d291fee6a7f759dabdbf480ee4f6fcebc2c26d6,1,1,EVE_Online.com.xml
-1213b9bcc58aef69599cda534a1140050ba6a542bafdadd27e62d1e88b6e3b56,1,0,Everest_Technology.xml
-d48118988ae9b34e8c0fc3f099cf85308fc8e07127992dc9ec238cea5889ad66,0,1,Everyone_is_Gay.com.xml
-27fc0491cb9c69aa88cb6ef0bf003371c819439f42f957a61091d63168f51139,1,1,Everything_Everywhere.xml
-946a4fc3e8ca86971f8824a4576d947fc40b7fb4d50852f9604278a3d0f97ec1,1,1,Evo.com.xml
-97898e32a15c85d1f70bb1b15f7201cc03c1ebe0b624949fcd4e27ef48619c89,1,1,EVoice.co.uk.xml
-fe922c312e1391c18fdd640a006a0e56d96bee6e5701e0dabb780b3486ef98b5,0,1,Exaccess.ru.xml
-ac7e22f23510bf325b16d279b82208eab1976f2e435c2682562d600384234ae7,1,1,ExactTarget.xml
-1d3186bff2492e46d6ff1324cedec5440076462c9869bdc1eb768bfd23bf9b65,1,1,Excelsior-USA.com.xml
-6841328fb4f2cbf6061dad6d4e8891fe0cbc9ff71db8155d4a10e3cb15ce1195,0,1,Executive_Interviews.biz.xml
-7e58c72f6a66efc1691253ad38821e1e8be96d028e6692d2af8efdb7d5238d81,0,1,Exhale.xml
-8491f4394a13238d21bff945729a1b2853569bf290eaf728ec22aa9045cd2cef,0,1,EXiled.xml
-52c1616395123a53a9cf2873a5e6a9e39b276d552b83a6532ed7b81ecefe28c3,1,1,Exinda.xml
-e1c24f2f143548c3511c57c92626474aece78bfda4b736ef5c912ed1bb7c6bf3,1,1,Ex_Libris.xml
-0a3786f6330146b7315557dd414440c6fd94ad57829627a69c2e3a8201634f42,1,1,Experian.xml
-53d157231d09238b4b86f5d623b23cafe9e649f542c15ca65c93e4c03da3198d,0,1,ExploitHub.com.xml
-3daf6786c230dc5c0c06606b5b009a1fed1ec11c615ed5ef0a212fdd3f6c0c84,0,1,Extabit.xml
-03b6227bca68fc7f7a99a9500fedf38d07361ea41dbf5e823158eda5e600f00f,0,1,Extract_Widget.com.xml
-ba491f922d7f7708c316a6f990fcd9a5182b43ba50bc345390131c93e38d921e,1,1,Extra_Lunch_Money.xml
-2c178f3f33ea32c51ca6e0436e8aa995db80e8648fd9f756bb8a12628734cd68,1,1,Extreme-Dm.com.xml
-eaf38f05e497f0de0bcffe812f663d61fac0de0f17e7a6dc47bd080308c2c72d,0,1,Extreme-Light-Infrastructure.xml
-189373f44fa59efa0ad0bfde91b432b0b0a190d280a82a4ef9712d903a0c12cf,0,1,EXXile.net.xml
-b985a1711868147214c9661f88cc7109f83913c6a81a668a18135b08a570e3af,1,1,EyeReturn_Marketing.com.xml
-e8e7a354cd00f2da91924a2a1dc6bdf3be5cbb231ee46a3e7565b8f6620e5361,1,1,Ezaxess.com.xml
-c3187433dbd4e12c9601d6e430156eeea8288466cb27eff31b4505881707bded,1,1,EzineArticles.xml
-92aa78d6448556122ff7bc0dd0cc005eb9045522e190e1a4148561e72bba79f6,1,1,EZOSHosting.xml
-dbcecf1c78f18bfa326267e0ca37f8f94debb98236913d73092883b39df4f204,1,1,F3images.com.xml
-03aee00629e0916b9627f907484ae885e2b9e783dd789c7b928dff3dee8da925,0,1,F9-Distribution.xml
-b775d1948ffe06ecc74d13e8d848fcf29e33f2acfb5d8c799f86fb300196a02a,1,1,Factory_Expo_Home_Centers.xml
-cba3793bd310eece3add728dc772c0c7f787935f717bd45cde44971041dc88b5,1,1,Fairfax_Public_Access.xml
-40df368dc0fe51e760a55b921447ddf863c15c59432124f7871688c0b713239d,1,1,FairWorkCommission.xml
-2720b3927f1899938a11c2ed29befd009d6de512bc85a56b924a91df4778b087,1,1,FairWorkOmbudsman.xml
-8767c03d704f5c34d0add741e10a7faca4c8f782e4c1c4e56f154acfc6b1b745,1,1,Faith_in_Motion.com.au.xml
-fff0a81810a4742d4a22da1c61e87ff21b4ab86f0f104a6d20acdb3c792aa209,1,0,faiumoni.de.xml
-256c0deb96901b3d608ee6814d74975e4e5372b0e20862f76dc0e06114b4b8d0,0,1,Falcon-UAV.com.xml
-bab2a9213692f4d6eae97d27fe7fcb990418aa78751b5666157e744f391734f7,1,1,Fanatics.xml
-6635f4155c42dd8f694a85079f66436a3cdd466391b4814ff640259a9a9bd698,0,1,FAPMC.xml
-c092efaf47353f6eaa1d433b2fc56eac6e8a7d59829fcc9882e1fb777c79b54e,0,1,Fass.se.xml
-391dc7eb6e57eb9a1d3867979fdd3d15cc6a59a605a9523de89750c21f877c72,0,1,Fast_and_the_Furious.xml
-be9a331d03034ba8a740ba7b54b20d6ccb3b852bef352cad65509db3c1e49ed6,1,1,Fasthosts.xml
-9c51c5f3685da502281c46d976f7ae3bb8b9b2ac9799e41eaf7253c170fecc15,0,1,FastSoft.xml
-bc7bc4ce9b7b91da77c0f98905fb9d863d8a97bcb16f1bece114db0fc4b4fe3c,1,1,FatCow-Web-Hosting.xml
-1ab60453a8f85bd25292f19e45deab01a16482933e681f6f43bf43e1287d2f62,1,1,FC2.com.xml
-76e1a443721c7c57e7976241d045defbd2218dee42cbdef6a13472e13d9ff63b,1,1,F-CDN.com.xml
-3b9a47db267c9a3cdcbd5b4e803ceac9d44fc713e99b99169b6876e8a5ccb0af,1,1,Fdworlds.net.xml
-627ffb81ba3f3cd4a9222cf2080e4bf932ff48fea5389704ef267df76aed50b7,1,0,Federal_Business_Opportunities.xml
-6fe541e9fd33bd5062d8428c29e7cd90f9646b54e42ff23bc4b18686804826a8,1,1,Federal-Communications-Commission.xml
-1fe4b4c61b741995024b05158f8b082a8da905b3578624c82154a54ec6f692db,1,1,Federal_Emergency_Management_Agency.xml
-29bd5deeea4e21609ad5ff9955c0b13fd7c22c8e91544b18bf2bc9df30c8d3cc,1,1,Federation-of-Small-Businesses.xml
-4b9913b6e81a1fb71efbdc0bb444bb4d89c7946161191c493c68e2233d018bc6,0,1,FedEx.com-problematic.xml
-4b6b7255ffd9d15030ec0e49ee0e4514641c6c3cf78d1dee3a476216c0f9dcda,1,1,FedEx.com.xml
-4f2bad24caac0aa2a45fa8d8a547c63d07fea7183dbab60d18425389e1600782,1,1,FeedBlitz.xml
-712b5353e478054578fa7c0039cf93e6d946a1188d94215c0bac43df6c957be8,1,1,Feedjit.xml
-120bf2c17ec6d85fee4a5bc1857fbe29f7d40ec9243c4da31c47bdcb59d9e96c,0,1,Feefo.xml
-c0fa3a3a0e5df3a6f3776b5d75dcce98af2458b4caba0e2f10f6f8ae41b205c5,0,1,Fender.com-problematic.xml
-68973e7c4a203cb4b69a924b9701da71a4f7e96dd4624d0a1e6c5db6c65d56a9,1,1,Fender.com.xml
-e86d5e3ca3a837e961b2ca3031e5cdf8d15a4297ea12fda82280db4205b00c67,1,0,Feral_Hosting.com.xml
-548de6901dcd1cb2fa257066a98ba5c36f0c51aed72230d44ec6543e5e3c9c6a,1,1,FernUni-Hagen.de.xml
-c1fb7ec02e6689363f8d40d2cc81a25eb53e3c936f18a74c6131ebbf3e90581e,0,1,Ferris_State_University-problematic.xml
-70b8a27208019d2aaee4bdef4f33f21c8b2795f723dd79dc5e1c3090f6491a0c,1,1,Ferris_State_University.xml
-387ecea2d464c5de4043428433276de40b08f1d4c2f674c20082c60a1e52bb83,1,1,FetShop.co.uk.xml
-b415e81d1a66aef7b49d2569612f1ca6eb70cf80ed84d2dfb6137889d95d5a5e,1,1,Fibank.xml
-695f2cbb45552fb9b20b3dd59d70843ee1a2ec102625b330d8900d3d149ad8dc,1,1,Fidelity.com.xml
-4fe40f6560c89da3fdcd511a681c9bfab0089ae3e7d791e6150f0314c57845d2,1,1,FierceMarkets.xml
-6c5fc7be0086b16f85edf4e13d77f5bb86d0ff940e14524e7cda87bfd30a7bbd,0,1,FiercePharma.xml
-b18bfe335ab271a0aa72bbe6836acf7b4a9fa299cf03b54bdca37aa90842ef16,0,1,FIFE.xml
-03880d4b9139e6707bcf197915a4fb951af11692b30d0be2875ff60889f45e70,0,1,Fifi.Org.xml
-e661de8e8c435b87060736f94073950e28e5c1757b94e3f5f49ff53fc7b2c15e,0,1,Fight-for-the-Future-mismatches.xml
-684ecab5e0c791e19b1ea95403cf7fa2afd65f3085defd36ace614969daeb338,1,1,FIGUE.com.xml
-03cac8045c0788bdb20a69714ad5af1627ecb48ba8e82a9d67ca83e7c1a3fa85,0,1,FilesCrunch.xml
-3f6387693b8ce15350c75c5e2d9e1e699c7b527f63bad5215b80a466f16a771b,1,1,Filmdates.co.uk.xml
-f76376df115bc0956118c964be3da7e297cbaa87c35bd528f71b283c775cd770,1,1,Film_Linc.com-falsemixed.xml
-59611b24cba1317d9df766af54fb7ec86f7e74e785d7e55aaae75334a59de760,1,1,FilmTrack.xml
-c26d01d28e436054f8013c406a500abe9d928391e09c1795153872f0ca70ee30,1,1,Filter.xml
-e706952754f78c18b405a09848870df80990cf7519c594c69560c200e29c0639,1,1,Final-Score.xml
-20ade5eec380ab16ee4861c6086b39ec5beee7c33575e8f1978e5d9e3e8090ce,1,1,Financial_Post.com.xml
-47b1f8306d27e6bddea226d1bd80cbfe3425d8e5b48d4c4fbc7d1127842135aa,0,1,Financialtrans.com.xml
-efcb4402229ed43863e8ac8eefcfcc9f73cfea6ae53352269795b1760d0e0a90,0,1,Financnahitparada.sk.xml
-4091f876516cee6dd65456d65fc8852ee7d13b81638ac038b35a799cee08dafd,1,1,Finanzberatung_Max_Herbst.xml
-e74290fbd951caf49445188e6d7d3d1a5e4f0880f0355ebb3f5461266fcaed5a,1,1,Find-a-Babysitter.xml
-8945b83b4f5a1585e6c400315aefffa1d1432c3900cfd81e9d838c5a28e3aa05,1,1,Find_a_Grave.xml
-ea59a590e5d74dc8cbc7c6a92cc0ae74cf6e0f509ed0b458580792958410e339,1,1,Finka.pl.xml
-552bd8ab83e0e59b4196d9ae48bbc364136198778d83a89bbc07c068d58618a0,1,1,Finn.xml
-c2a6e87647595dd9487c3959ff5cc3b598bcf08ccbd358f24f90b988c478d8be,1,1,Firedrive.com.xml
-03e5723aabe6c8aaf1cd4f50bfd7796d1434c774178cd04e445714ca33c448d2,1,1,FireEye.xml
-265ad3eacbfd50c7c49f935afb3673fa55071a44114e1ee782e21f8f25a29f84,1,0,First-Central-State-Bank.xml
-711d4855340b3dcaad02671121099aa096bea856730eebec67c4231c89ed2a2f,0,1,Firstfloor-Electronix.xml
-875a6bee375333a5648a79ae88a5850bc492a276a55fe8d7d13cef47a90784db,1,1,Fitness_Market.xml
-698d76438e1237c5c6c2e2645d5ef1ed3872510a0856110e4576123d8375113a,1,1,Flashtalking.xml
-d70fd53f82da347a3ce16ffe036fd12a6f32ab6b186e14eb6975359d24c5d0bb,1,1,Flightglobal.xml
-ec9d02d41957b37a86d5d2fe66f099b956d084f4f616f2baa74cac3b040d7495,1,1,Flinto.com.xml
-08209bebe2a624ee9c807208227376a322cd6ed48db90991b4b5ad6301e4cc83,1,1,Flite.xml
-8ea7a8f22b03f1b163013b35d0ec7061ecf92eeddcaea9df4196738906859924,0,1,Floating_Hospital.org.xml
-3de483cf9eacbccfaef3a558edb6df3c60ebd7d167cbb9c7744da089487651c4,1,1,Floek.net.xml
-b2b785c62c6cc9f4ed815d08e4e8d92e9349e72d303e9ffdcca16b74b380b0ac,1,0,FlokiNET.is.xml
-4def65d5306408980eddf9267615a711b000ad48c4e177c6cea446ec6f822a41,0,1,FLOSSManuals.xml
-cb0a3d716d8f22654d96a8efeb32590ddd38adcd3ba9ae62bed7491c5e5486af,1,1,Fluctis_Hosting.com.xml
-3962fca2fa36bc16a4000801f7f7abd4d2ab6f5445da67e238a58fcbe23801b4,1,1,Fluendo.xml
-fd60fa35d5377fd82b0c3eea6e25949f63b3cb3ff37721a75fdd89a9181c77a7,1,1,FlutterToday.com.xml
-bb76186780d8d90c0bcec3715e197a685e576f9dc18649a8e7c518698274fe8f,1,1,Flyasite.com.xml
-f8b053f507e3e3c0801356c9285d53bb736caa5a9c78e07514d501c8c07e06be,1,1,Flying_Meat.xml
-3c3c06bc7874b0329a9992798512978930bddbe3bd2fba2c935c8c1d851aa429,1,1,FMyLife.com.xml
-daa09a73d487052e243c63b74efb4e69273117f17917c6c7c15b8797d2cac930,1,1,Fnac.xml
-d72e8aa6782b02db113490d1de8331ed84be8acbb5bfce8bf0f7eea8f44df19b,0,1,FN_Mag.co.xml
-67380bbdadbe0ceb6daba1a7b93df6aaf590634e21be8c6162c07e2ce6ba834f,1,1,FoeBuD.xml
-d5760439b01dce5d6f1b9ed5826fbdd38f6d48fec3e5802c79da627d85a4089a,1,1,FogBugz.com.xml
-6ada6acc4a35d68450a5ad7efcec79e1128dc0491a6e517809217656d16b5a92,0,1,Folksam.se.xml
-92fb7403bf44f0f00f9ec6f04bb16b342e1b8eadf577157595b4dbe7b4a34e77,0,1,FOM_Networks.com.xml
-2c86bb4df074f731101dc6d4c65a35e0e26f30484aa4ade5a0645eb4b3c98715,0,1,Fomori.org.xml
-b50cb36cfc409474b96f6198d97d5229a1392b250965bd62553b174ae393b555,1,1,Fontspring.xml
-53c36aff76d03bc81d48f1d931230ec64bfd21cc1f5e5ac1dd7943ef38bdd2da,1,1,Foodl.org.xml
-53b8be8ed78fd92885df14e5918a7ec2398bb0361e9eface0bbcae3291503198,1,1,Food_Protection_Task_Force.com.xml
-112c78adb523ea5cbeda706d4a5c1f24cf680df7d98fcb85f28e856ac37545ff,1,1,Footaction_USA.xml
-86f0437af80dcbea036078deb4e385792844e1f98493e6600e0ccf8960de1165,1,1,Football_Fanatics.xml
-2f4403eaee67b987bdf91412cc3735edf3990acb8d5443a6b31ed00764ee37fd,1,1,Footholds.net.xml
-9ce5cf4dcf915fc82200c9af860c2f36936b25ac868b19641b3fa80465962a78,1,1,Foot_Locker_Canada.xml
-8dbbd3850eb17caa99123d6f3d9cea15c2b674519f1c6411ec43501ef62d4cd7,1,1,Foot_Locker_Europe.xml
-64f6608fb3a49ed97cc3c98014a60c459d99bd0efe8b7a8c8c9b011deb70c74c,0,1,Foot_Locker_Inc.xml
-d78b9c027b108b40f4020703d1bc5b49e10ad84b7d1feaaa88e6a33d76666cb3,1,1,FORA.tv.xml
-2656476357b57487509d522bdea0c4ad5d18edd3c9c9f2009be8b7e59e5b15c7,0,1,Forbes.com.xml
-8dbdb8d0c33359eca2d3b91a028131ee6f9cb22f6b9e8ae7c6c3fa557418137a,1,1,Ford.xml
-983c37c96f4294151ce45eb1842e69f2bf77a7ac3bd869db4c8c5d5983fe673f,1,0,Forensic_Institute.nl.xml
-477e679288537c878c798c1ab78c81fe0a188e245faf781c5e854edefd9db231,1,1,ForeSee_Results.com.xml
-dd60cb79dca408a6626badb165eae7d91c1c19a529db97cfd40cfdabee2a6c81,1,1,Foresight.org.xml
-3729a2d772256b27c3db2e66decbc91f69abc6f63b619c23b63357475be39f70,1,1,ForexCT.xml
-eaf480051df64d3f3ebc9565092385dede2300b12ccc58d65e53a851b5eddd1e,0,1,ForgeFields.com-problematic.xml
-c67682b0fcfb5b328722d84fe8c192e393451f15d3deac0324c37c193edfe68e,1,1,Forgifs.com.xml
-c95ff5709f173fc8a598a15c85281a04e9be21ddf5917b5683159dc821369808,1,1,ForgottenLands.eu.xml
-5e8fc987828220c55b34c788b14e05218dd72014343d7d968aa77361601bc7b5,1,1,Forocoches.com.xml
-b6fc958980c2540d31f01eb6ede8ecf78e1430e81c407db0f84972ba310630d3,1,1,Forrester.xml
-82301cb8f43959aff28e1754ba6c78856657ca3131b69590a0685b9e81e4913c,1,1,Forums_fur_Naturfotografen.xml
-264f33da785d9e39958caa7f1bf804da75141f518af062069fc1b2c076e7d8a5,1,0,FOSSBazaar.org.xml
-64d7895f2f69cc720e9d958fb3a212eeb0ca68716d33b408daa6721f8ffafcaa,0,1,FOSS.IN.xml
-8cb75710f6b600c1f0538e848002787e88fd11bc32273c2732437c6b51b9503e,1,0,Fotki.xml
-1a248675d605c04901e6a2e6ba54332eeacca5a8eadb46a6d405d4a0ea1dadb2,1,1,Fotocommunity.de.xml
-7266ee61f66b23b99f90aa55949f4a1bce5e9c0b459d10f0dad9ebf218e6d266,1,1,Foundation-Source.xml
-f0fcfab8df8d22bc08e6ee92df4f201538ace2bf944be743223cf251d26c3c46,0,1,Founding_Fathers.xml
-cd2bda2d38e524acf1511b0118c743cd822f7282adf50b18545d5308f2bca617,0,1,FOX-Toolkit.xml
-75d0aaf013542cfe0b5752884c6f03e3c8462920eb045ca6a52b790a27f60d9f,1,1,FoxyCart.com.xml
-86837c3789a29dad59fe1334a80c374a588b9620a0c16e0f783476c87f4a03a4,1,1,Franken.de.xml
-ae74ef43038d642c2f74200ec484b36aff955a03e75315853845ca01bdaeafb6,1,1,Frank_Timis.xml
-23338597645b4a3ab4ff7b8841fc3efea480fe8444de694630a0462795c8f746,0,1,Fraternal-Order-of-Locksport.xml
-bd571d2eabfd6f3604739be824871f11966b43a49812230fb887034c5ca95d8b,1,1,Freedom-from-Religion-Foundation.xml
-dfec799168fd8446708a1540518f2829c0d71890a380ae775ed4b73ef262b88d,0,1,Freedom-to-Connect.xml
-06289ce6c6965c19db4ea384ce01dab040154235213580c51a09ebd7d6513ca2,1,1,Freelancer.xml
-d0da63b8cfb124503218f5d2fc8e2f6de394eec88e65d7f44dc5b9e346f235ae,1,1,Freelansim.ru.xml
-44a4c4d7426d25595b11e3c87bcb86943862cd7fe37c1e05da3951f4377f337a,1,0,Free_Porn_Gif.com.xml
-5eb2f3c83b0135ef3f3022b665f265cc4c63b9d243d992fb4de5320a1c4a3026,0,1,Freestyle-Capital.xml
-1a364af118ce9c0abcfbaa7635c1e0fba64baeea937b98e2cd06c80447faf42a,0,1,Free_TV_Online.com.xml
-cf851867f58cb76f64fdcdc2204f3c7d25f19485183165c810abe31a5ed0e77d,0,1,FreeWheel-problematic.xml
-ca17252eb72c6f0b2056e8e4af0f2adfa73302c3c21aa229200a7abc19b14e35,0,1,Freight_Calculator_Australia.xml
-66d7ab2943eba6c35563a87d17ad66b850b5ca1c7fc354f3df7271d33eecaade,1,1,FreshBooks.xml
-be60c615333e182ce3979e404ab1fe04d9f73a1c60259c59f1daed9cf520dec0,1,1,Freshdesk.xml
-261de79a38338955d2dc593db32764dd61a0b73fd196a3255b89239fa4b569c6,0,1,Freshmilk.de.xml
-b4b923a800b65263a42c953b35b397142e56767dcd84a89a77b2888ac9845053,1,1,Freshmilk.tv.xml
-1bc4e86cbfde644d76b06a2d42e53d2d3ad77aa44357b51fc3cda52cc13398f2,0,1,FriBID.se.xml
-bff947bed72b757afc04cb00721c711a372ed80a005a06146b865dfe0d3db6b3,1,1,Friesland_Bank.nl.xml
-620873621a11c978d24c3a235dd4001a00816baae437632dd14241661f4b9eec,0,1,Frim.nl.xml
-9e65acb551896b99f50fa5cae92b91f30b6ffacb5b5015a4b8d8b22dfdba4c01,1,1,Frontier.co.uk.xml
-74573855013be34cb1230aa388418d4134921cd8cff3db47111c1ec2fd3a386a,1,1,Frontiers.xml
-441b6daf576624389ef1cabfbb3976345111cb4b10a3f63dd90d82c06dc6795b,0,1,FrostWire.xml
-27a1731abec65c4698caee9511324775f70970382a765b5291b1109cf7ee85fb,1,1,Frys.xml
-5da2e7d384561f026710141bdf85ad78caffb625e054d256e104c811b6630ae7,1,1,FSU.edu.xml
-f9410ad9a3bce7ee4416570f0a95641a9aada55c9b553a732744fe64b5e63cf5,1,1,Fujitsu.xml
-78277c5cae43ce4e7ffe27da0cb6e63bc37fc870751d9d5a7d2cd93a84ee9651,0,1,Fukuchi.org.xml
-a4593622babf9334e3005225ebb80955096badbd2184f87e41a6b5ae09b73af8,1,1,Fullerton.edu.xml
-64c526b0e44900f94b42bfd26d2897319ae5881af9e3edcf11db3f7e1f7cdf56,0,1,Full_Signal.xml
-078944b9e1caaf39bcf1748985f81dabe7f11302797852adc891bd3f9cc53c81,1,1,FullTraffic.xml
-0bf864d504b62b444ba798f46ae53acd1fe189b12bffc4c4a3bd9e4d144fb61b,1,1,FundaGeek.xml
-d84e4e70ec493529a30ca443c02cafb76dbfd5d10a03075268c1c0077ba6f35a,1,1,Fundinfo.com.xml
-1ae38bb06302287f4ea2d7c3185e3b2e3d90e202b49f71097c127705f22fc252,1,1,FundRazr.com.xml
-c4e192e5675420c4f0cd23969265b5a4475624a0a1c25bb292d59321c9149d3d,1,1,Furaffinity.xml
-b4e68830f0c9c55b103df47a11c2065a13c302e81e48b7f31da839f0594da0ec,1,1,Further.xml
-362fe4f58f36e45d49519cf808a46332a95af9c4cc9dd53a40054fe7989e92a6,1,1,Fused.xml
-f8a0422cad5ad0b4a9f2a4836d9b2354bfb7edc7aee9bbdaeda92dc36db5a6c0,0,1,Future-Publishing-mismatches.xml
-4e39a8adeaa2417bab0a9f79756e980e0330b6e2c8fd9b0c983f153869861a2c,1,1,Future-Publishing.xml
-f30174c08a98d016d113a5730a45f4bb74099691dd3ef1d1d209d4f6fb7012b9,1,1,Fwdcdn.com.xml
-ebb15ce0e092277453532fa99e2d3180532e4d70076e64e0d79809a0136a886d,1,1,Fxguide.com.xml
-6fa34c84a6c25188815792b833b426bfa62d852b07a980a2edfb1768bb051bbe,1,1,GAIA_Host_Collective.xml
-37d6faf5ddc13f30dcaddab73cf89f5ade20495ba8ccabacd2a5f421c21a5990,1,1,Gallup.xml
-5d2394c351034dbe321e2c1fc675bd412c945a96aaf98744da20df4db5da97b3,0,1,Game.co.uk.xml
-7158c5bcacd6950697d7ec03547f7999be952c2c78930ba8fddeded77b21dd41,1,1,Gamedesire.net.xml
-34f8f5a92ee97baf0e3c14603fa42b65b89edb99a8e71c61877a933811035f4b,1,1,GameDev.net.xml
-50b51796c6055164842ac1fa529a7b14639706c79e2584105d9a92a67b1909cc,1,1,Gamefactory.jp.xml
-5a2974ac3dc84a75ac73ae293a3b2fed397e86f2e10ebac2232dbf7f8d6cefa6,1,1,Game-Link.xml
-7c239da3e17615d3847684526a666c43ecc45d00ec0d922fd8c276e75485cb3a,1,1,Gameological_Society.xml
-5e479c67a14059e5d1d97d5c0dfa59efd46a91a731b7fa156731be0b1f9b06ab,0,1,Gamersfirst.com.xml
-8426250d81f5cf4ac0d7d28b3c6506aae55186217010e055b523c7dc48639353,0,1,GAME.se.xml
-6f6cf432642fe736b53e82043cd39e73b357ebfc0c1e56f25f6dc5bdb8cd1c2d,1,1,GameSports.net.xml
-3d51538a88733634e8692d273367853c40373ff980e6e63d35b98f1711854c5f,0,1,Gamestar.de.xml
-e0b42ca86b5ce5b047eafad5b2a5ede003807cbd4ce714d4fcfd6e726a137cb7,1,1,Gamestar_Mechanic.xml
-c02c42b79ed4d63ca5d6494fb7de947e1b752d40ffeb9b1cbe23fda9f45dac18,0,1,Gameswelt.de.xml
-2e4e279474f5425e00e989364664bb0065d82f8572c7aab925af6acb81598124,1,1,Gamezebo.xml
-e91e9cd10f51ebf135ffe4a90daf5d4852d40563f7b74c35ff8b59bc066e7838,1,0,Gaminator.xml
-144f6fd0feafac80e8f5909a2969f4596bd91962ab8ac100039251aa7958800c,1,1,GammaE.com.xml
-1eb278798f56604f692dea5fbe8917b81ab01689aa20ab5fb1e11a023133a7bd,0,1,Gamma-Group.xml
-f639c545ed1cf318fe0e2bb27a8fff4e7253d59e9f83b06a8364ce5eee77abaf,0,1,Gamona.de.xml
-7a776fb081a9777f2314af66dfdeb753ac52a3124f9c46b7a400de6683ecc2a6,1,1,Gandi.xml
-93bc359d6f9d0478d67854100f77ebe978ea0cd1d999bbd6f92909ae5c1be985,1,1,GannettLocal.xml
-23187a364fc5ff792f8230919ea4465bf81bad7ce4853d3763ca3409f84c0a40,1,1,Ganz_eStore.com.xml
-e9f2e38ec1fb1d6f1b8a54859224c133f1894191f2cfabff31bee6d291015f7b,1,1,Garcinia_Cambogia_VitalMend.com.xml
-582d363d86dd082f505cd33e48adb4388a272dcb551214561cb2ffc7e5e019dd,0,1,Garfield.com.xml
-b99040b9b2c0eb7d89f6e06d25fdad08ccf4f807268983bc00e418aa9d8e62c6,1,1,garmin.xml
-b9ebf0a146004ac18c81f619f24d6b3f454cd13df58b06d4f7550b7db640da5b,1,1,Gasngrills.com.xml
-d282173eebd744c9e5761a975e9b6b5086e86ea8cf51c7803bc78ce8eec8f0c2,0,1,Gate-Crashing-Org.xml
-932651701c5fd6b9c5b272299aac182c260f3d005d9cdd624538ac5055bcd8af,1,0,Gateway-State-Bank.xml
-77d0072c08ac8a2b284de4354a9d9da5d9e3fbd2dd97532fa85c51680c813d5c,1,1,Gatwick_Airport.xml
-01dd4393224a66543bacb8f0726ab93591766c1ed3f4921fed6d765eae2cf957,1,1,GCM_Asia.com.xml
-65b83419032ba39a2c89877111185565f097815b77f52f268053e37202f5e1bb,1,1,GCM_Computers.com.xml
-c325bbe3f25bde17054d2c65f66528221f834628788ba7c6f8275260b5294347,0,1,Gearhog.xml
-080439aaba8674d999ddba8845e23fa69c525446f11c7005c2bee848774cacc1,0,1,Gearman.xml
-b52f87c135f6aecb6dd543bd3212b3d94e8614a06209342bff2a106be6d2de39,0,1,Geekheim.de.xml
-6b70c3919be0ccfa44e991ff4e084fc38f51e4de86c8ce7e70d4e2007089f087,1,0,Gemius.xml
-ef42dcaec37676c59c30cdec3be63707681e45be25541e713cd6e97f789b4110,1,1,General-Electric.xml
-82a575bfdd7c91f460c75b2c61c90f9b145af743bb17a462df5388d6ff93a9d9,0,1,Gentooexperimental.org.xml
-4f82c7ea2dc085db47b62695edaf3959e187bd14a5ddb17ee55d7eae045bafa8,1,1,George-Washington-University.xml
-4d79304666585147b312bcf93055bc3ead6be951fa764d4a8cc7133ea8ea23a3,1,1,GeoTrust.net.xml
-01c4e4e7cac20786d6c0766a316f697d99264d8970118841c77b3795d91d03e7,1,1,Geotrust.xml
-902dd3bf0a3c6f3f594fac3abc660020512b61b0264a9766edb6701cb0d593dc,1,0,German-Academic-Exchange-Service.xml
-5832e8eb6587f76dab2b5c1757c83dd84685b6abbbda41e2908c18b0ece70541,1,1,GetChute.xml
-c0f3f31c0b90e1f5915a5700a29f250f34cb67060b0c8a32ca50c2f5c23c30d8,1,1,Getclicky.xml
-4cbecbcb6231060cbbb5c37e41e69291b60e45a245e6813cb5f5894de780af11,1,1,GetGlue.xml
-94366f38ea5c1910166134df0df239e157918cbfd3c116aae7466e0d14d0af6a,1,1,GetHarvest.com.xml
-60f24d3087fa3342353b77b0c57ee7af994613a5847772ee5047821942d71867,1,1,Get.It.xml
-10a621bf9199c08e61706800651e79887f7d9ab2eff080fe2c6cb96b6f18d664,1,1,GetResponse.com.xml
-ab59869864ab49f92b5999cf790130235959fe09824d4eb99e217acf4d93c856,1,0,Get_Safe_Online.xml
-e4598f2d48c999eb9654f64f816dd4fdbd3d8d3d34c5d19ec9a1ec4cc38547d6,1,1,Getty.edu.xml
-bdfe5126712817e915a1648668266d57fa4dc5398a83afd94a19a455b249945e,1,0,GIAC.org.xml
-0cbce2a2dbac106dd1a14e59d66718302f84ad11e31984fac40b868dc6e0e3cb,1,1,Giant_Bomb.com.xml
-682fb5bd1da5ede92efb99ab0044896bfdeed95c4a03ad363f48344f6c992f52,0,1,Gif_Gratis.net.xml
-fd005c94136bf38d49cb6c2e54e2d1eb3a1dcc47b14839e428c31a4e8fee16ad,1,1,Giganews.xml
-abb03feb83a53a9a55e398c11742e2a5d06a3ea599a82d7ec5b50f54dd2a75b1,1,1,Gigaserver.xml
-f5298b32c824990297a18e92474c36a5d1b344ce7951b529a48dd0d6c2a9e620,0,1,GigeNET_Cloud.com.xml
-f7bdaf4a797376040d08fb18652d7cf0eedb8ba7906904146eb43b8a358aa5d5,0,1,GIMP-foo.xml
-f95cfc85dc3b53b7a6d7b57d5cd9edd4c8d182f6cad0e01ab11852c9a00eab12,1,1,Girl_Scouts.xml
-ffd0b0d71cf481ed1ae6a00d3f7d8a6a40e39dbc6a3fb22d7728cbda325f5d00,1,0,Gittigidiyor.xml
-34bb65e5d23c5f437a4b9a09e1b68de6c4f8594ff790bdc3da3aa5824fc3c7c3,1,1,Givex.xml
-1d543c058797c2143e84af0016b439cef391b95b81a938a27400534400e3fc5e,0,1,GivingComfort.org.xml
-256aec87f8aae80c6de962f21fa4b537b2476fec22cedb041638ab7bc5abc7f7,1,1,Gizmodo.com.xml
-ed076293b391e63d4e03d8e9d6de8bc45e2e968273c10131468eacee40f1d08e,1,1,Glerups.xml
-745c86661e057217d3f6d9001632956d24085b474525744996044b02aaecade4,1,1,GlitterBank.xml
-9ca0b92729a85ee245177e7a30e4ab554cf09245017b322eb486667b90d30d2a,0,1,Global-Footprint-Network.xml
-bbf4d95e8b1cc5c2a5b862ff0bcae50fd87a7f055d1a085ee68a9f9196b445b3,1,0,Global_Human_Rights.org.xml
-2048765e5d20395f03f87f9fab3ec0691426edc106b94970fe052f1a7cb74e9a,1,1,Globaloneteam.com.xml
-be8c815a9a7c2029433fc542255094e8083842c1ee37ab849f2a399393506241,0,1,Global_Promote.xml
-9748c65731f2a7d743857a8aca5c1cc2b32d6b0f7f32e8878b0cf3cd1a14f88e,1,1,Global_Voices_Online.org.xml
-0715fbd6c0bf73916c3e5775a10ac61749d164731c8f3d940589f7a5d643463e,1,1,Global-Witness.xml
-f22df2b55cad5bffc0391a605da14db77761721e70442486d6f5824c68d15583,1,1,Globat.xml
-a7560b209af91022474e97ccb8ce8778b611953fd744957f67c8a39339b21d6b,1,1,Gmedianetworks.com.xml
-d89bda534f62eb8d0f44b067500d045c285f41a5c350a4e8e408b557fb6f4a05,1,0,GMO_Internet.xml
-06dbc3577073e0c75700c48d78f46df7f433aae53f2923c96f209393384a849d,0,1,GND-Tech.com-problematic.xml
-8ece7b9a55dcc63fa7784890ada48016392aca3f34f12086284dc2dbbdd0e50f,0,1,GND-Tech.com.xml
-f2dd726fcddd931e373745c28ddd66625748b26773ff8a2dae8b22d683a943f2,1,1,Gngr.info.xml
-cb7a292994a2fc87f1440d181779f6301b3483c21e5df5c3d7e9ffaaff78770c,1,1,GNOME.xml
-5ddfa3a482674b780d4e0cd81e3ba0264703fe2b42c797a132127a132df0f974,0,1,Gnumeric.org.xml
-25d4ef946d891943dc472eedd8411e05c4ba679047a1b058f9aac1c2611d0cd9,0,1,GoAruna.com.xml
-d71b4a621557b40535fbc3c3d25ac92b0529a901b82e9ae46bcd939451ba9f97,1,1,GO.com.xml
-660db2609d3abb3b65508b3a1be7cbb60fc2a1d82309709e5da013a0b009d278,1,0,GoDaddy.xml
-a274061c2d10fe93f56a7434e7f541897c64f1749bf842bb7d167eed03b32155,1,0,GoGetSSL.com.xml
-8035e4afba24967890b6a797e732159e2a135c28742d91b63f4ee5760fc980dc,1,1,GogoTraining.com.xml
-4340d4bdff3b3f5c967e99c6fba0f0af2ae0bba97a64fa1c679b32212e9a2ea0,1,1,Golden_Charter.xml
-93c3b6f14b69a930a2832e96f694fbfae9974bbbad6cfc5a84b6b1bbd8acfbf4,1,1,Goldstar.xml
-9224e11b4b259be1d60b4d65c3903a9b2fe7403753ce0b1a540bc526cdb8e21c,0,1,Golf_Course_Industry.xml
-ae0c17b4f9b2118b92c083f5b024f659a2b5bed3501b6fcfecc889f139b07c95,1,0,GolfLink.com.xml
-7fc9cf927c9b92789e3d57fde87b70aaf938b68e6b71adf4319411e2af1c67f5,1,1,Goodsearch.xml
-894a38a1bfa54c3a04c42e941902cca0f0710f90f7775aef31e5c27ea9fac6fc,1,0,Google_App_Engine.xml
-0c725c221c4a8e11d3bce46b3913dcc855ff0d8155a559d7dedcb06179079d4b,1,0,Google.tld_Subdomains.xml
-b6f212028d6d4c769e74c2a583a04e9387edf79312d44599a8e9a699554f6f20,1,1,Gotmerchant.com.xml
-8c2e217fca6c4f32665fceb124225f04edc9b8c01a403aedafd871a33c9d79ce,1,1,Gotraffic.net.xml
-dbc8f2862e1855fd07a89a7d842b4ff03b2a93340d912a1f321e8a2c9a0840a8,1,1,GO_Transit.xml
-73cc7eb8fa700154372dbc586aaa1adc8d0c0b86d17f2efcc14b7e9843a09004,1,1,Got_Vape.net.xml
-b2ee2374e3bdc3d03f5d60bd4b00bec95592a38b54a32a8b3097d1ec6cf1c86b,1,1,GourmetGiftBaskets.com.xml
-38ea979b7f650765d00622f7919e2589f093c8f0df62b005e1ee37f97e821289,1,1,Government-Security-News.xml
-4fb6c41a0baf5d2a91ab39618b57d963f6a8052b57c6cd91ffb2585133da7fec,1,0,GOV.UK.xml
-b4741f899272079753bb0118f166d0130bbedf31d16434e9b8127821fcc41f50,1,0,GoWork.pl.xml
-0ee8f20c7adbecd195a0b332aaeb6fa49a1b97192c94840236733f0a29dd5d75,1,0,GQ-magazine.co.uk.xml
-b4936c9408ab836adc37b0b41551860a35d85bd2adb24c2df60cc8fc04084e55,0,1,Grab_Media.xml
-678744c40c10d6ec38ac024bf0192ace16031aadd1ae00c7211b7849dc5f347e,1,1,GrainsResearchandDevelopmentCorporation.xml
-62d6fd8c8d78b6e35e64bb8b0ddd88c5f0b6035ba1e85cd8eaa5453f3fdac189,1,1,Grand_Haven_Tribune.xml
-822586bd2ce770c946eca830521b34e8ce3f2849f7bc8de0138a6452e6c635bc,1,1,Grand-Rapids-Community-Media-Center.xml
-adce25fe2ad3aaf12d9c15ea4ea6d9cdc060c1c52203c24c4a119f5c27e8c1f7,1,1,Gran-Turismo.com.xml
-a86f4c61b5cbb47cfeaf651f2afd0fa4ea39f82dd2e73c927622cedad59f86a8,0,1,Gravatar.xml
-b7d75abaa69773098bd0b108a48aa4cbde2c00a211bacca52b107728f4230fcd,1,1,Grays-of-Westminster.xml
-6320c8a92fc89f7e04d91bd84a2570081ff7ac69ed87e0b5d3ce0055c3361b3c,0,1,Greasy_Fork.org.xml
-b962dc0fc4cdd3b37477649364d935e4b85b585d2ef57e2cbc5ddb88747d430b,1,1,Greek-gov.xml
-79328049f78c86f84bec1ba0d5a332afb45bcdb6dceed202d6edc1d462705dc2,1,0,Greek-travel.xml
-4704688d2ca0cc44223acee755d34638495c889ca6c50e3098929a8c6f43bba4,1,1,Green_Coffee_Bean_Extract.xml
-4dbffe95dbe3bcac36a1f92d4c558b5cb27df8bb6829b5adf9e88243c37dff03,1,1,Greenhouse.io.xml
-054ef9c8b5459c29b97998aba9220474e3af78bb8af72316267560fea5174ef3,1,1,Greenmangaming.com.xml
-82b3a86e904a8ceaf5bae610a3aa874bdaccc10c41fddc17ba98b149ba5b81b6,1,1,GreenSky_Credit.com.xml
-a9e10490d967e86ac3379e2d723ad74c92c56837d53b17ff8f3fce95fbedb54a,1,1,GreenVehicleGuide.xml
-6b5ab215946ae8cb2f2fa182b91e0b1047ab72a8407238510cc75e1afdb11517,1,0,GreenvilleOnline.com.xml
-4988b2fe799481ffac172ac384a3951b46cf89ceda1461bf82522f468dcf566e,1,1,Grenet.fr.xml
-8e5ac9f85e472256086de913fe76439daf56ebcdf56418b5b6d8e5013a8ffff4,0,1,Greystripe.com.xml
-d4175595dc00218a8048ff58a11207b773ac952be4f83ecfc2a71c4f271f4449,0,1,Gridz_Direct.com-falsemixed.xml
-2a4efe96a45f04ce05d27a2049063357d12b358ecdca18eefdeba19caf3381c8,1,1,Griffith-University.xml
-27c88630b6d62594c136ef9f63a2143cd45bdc4ea31ea8f01123f8c228095076,1,1,Grinnell_College.xml
-71f3030e11d49c8922e89dea8d5a86e94e94c45203a8e8017120588f415653bb,1,1,Grocery_Server.com.xml
-c7a62209b05fc531978d48bfc38e9e0957dba51b78426f846743ecfe403723cd,0,1,Grok.org.uk.xml
-9fa1fec5b01de3f893162bb05593529fc9b9f40bdf02f4b00b6ffaf7a0d385dc,0,1,Groupon.com.xml
-37102eaee8fe084f69ddb6c5e2c752055312bdbdc57c4a68e12f0d7be7dd2007,1,1,Growery.xml
-a06c8510285353ee578bd10abfa9d0972ed9a2fe1f7932226a8a15a9b16a148e,0,1,Gsfacket.se.xml
-29ce8f2ba724f8ce41e8c4316e1e9cc5437b25cebc95dd82b9667fade11f988b,0,1,Gsfn.us.xml
-c62d6371f4dc10505beb0234bc024183b8456e967f25891142a4530355aba060,1,1,GS-media.de.xml
-6637d47a74a578146d45ff4f7aa375670d1aea3d1e41ed9a5e90284da437812d,0,1,GSU.edu-falsemixed.xml
-b9f0211b9e4197c02fe47ee764b9b4974a5521bda177a11ad18e7735147d74eb,1,1,GSU.edu.xml
-2658ea2070b54f5a51b5fed1141337e3b434ac2f1565884145c41b83c8ac6d15,1,1,GUADEC.org.xml
-6a3b251fdf1a2490d919bcf5f7cfca9f1e6209377d4b80a465ce522aaf3d4924,1,1,Guild-Wars-2.xml
-84ad063edceb9a5b03e75e51cadb61d4d44818e08c2e0f967f69f21ef00ccfb1,1,1,gulli.com.xml
-5f934b80b6285199332c225529e178243ce8f42b686e6ad724e16d4e48e8a737,1,1,GumGum.xml
-40529df786129410215b79b65aa06ca2e9d73f511230e2061a9c62171b3cc828,1,1,GU.se.xml
-4b4b09de35ac29ae3cb87642e66c4ae08593682c7847394a93c8d378766b5b41,1,0,Gustavus.edu.xml
-da0a114db426909ff41443bd33c9bb16928a81fc773ee7ccf055ad2a35c4f289,1,1,Gust.xml
-2579a80a76f7bcd81412382600f607c79f01e579431ba58125b6ce135442a5ed,1,0,Gutenberg.org.xml
-d90184f044c53a3c1af300fc8dc5c916c34442f92018d8d39b12d633dd11ac95,1,1,GVNTube.com.xml
-d97fb94656263a08627931829f3707297aaad16a2780d7efbc08d9a0e240af5f,0,1,Habbo.fi.xml
-1e3bbcfbb5865e5adaa1bd73e8a07fb72d10b21744cf4413ea84f39c8f2d9bc4,1,1,Haber-Vision.xml
-6c38593560b08fe0ee6bf22c12b01f5045a15d5eba46b8c3e0901255b2dc13d9,1,0,HackerRank.com.xml
-9159bd4d1797515b1cc59d7541c144c2cb9d6b5b4fe15a975cd3316f0df75fb2,1,1,Hackerschool.xml
-7c0db8c41c1dbc742d88dd7432e190afdce29bc241ea958e0e9bb56e318a0040,1,0,hackint.org.xml
-922b403278bc9ae839f646bd231dd9ab11950ec5744da127a5e185b3eb1c20c6,1,1,Hackpad.xml
-51b17752c74062183224769643033cc2727e3263c0af2d83072f8f4fe3d30d51,1,0,Hafner-ips.com.xml
-7e463880670a9bd41e514199bc309e477beb8cd3771cbf8010fe76abacfd1dc5,1,1,Hail_Storm_Products.xml
-7d8606707ee04231db6b0d4851ab973945fabaa28907734507adcacff32f6095,0,1,Halebop.se.xml
-dac5301bebe14f1ee9837b4c5a6625f8cac9103160009bb80208d40085a88c16,1,1,Halifax.xml
-f6db5eb6d184772ca7b3555d4e88f0a3432ec670229ff8901d31ea9fd4ec977d,1,1,Hammacher-Schlemmer.xml
-c4c6765b82c3995fe1018d07d514748b3b1dc77463bd7f9745d4f81c89729b7f,1,1,Handmade_Kultur.de.xml
-a8183b3aee9c2ef8f331f6d2b4a65f99819fec523ff1df7d10cb69ed6fd7c746,0,1,Handsome_Code.com.xml
-971d2e3a417a2054d72f3c1fc7282cde9352fc682a4d49a41928eb88e1467e4f,1,1,Handy.de.xml
-753c5f07724c79eba8674a18275bf2d6f1a1fdbde5a71f865a7a80645d499116,1,1,Happy_Herbivore.xml
-8441e121fa0b1a4dfa04637d171576101ded23f18b74fc11a216f0c01de33396,1,1,HappyKnowledge.com.xml
-debedb50a821f682f91abdac63c0447b6305961e155d72cc7561e619edc6d631,1,1,Harakahdaily.xml
-0b7c9ea36c20bcc97958b4e3d5f6937282a35e3029bea14e6dc4fb95b3c17e25,0,1,Hardcore_Teen_Girls.xml
-e6f358268ccbfa9123abd3a38088ea30874f0fc2f7d577d6729117981c403c3b,0,1,Hardwarebug.xml
-b0521ede04b3bf030717540eeaf92d05c2703e7827b4e6c13ad3bb1bc9a8e6ee,0,1,Harrenmedianetwork.com.xml
-3d5842731a487972a519115c3260dc2b4838f09cd953ee97f3d9dab894d43dcb,1,1,Harris_Computer.com.xml
-33be37ec857b9b80c74e0ee3a9ad566bba7cdf793e076c4103427d1e5413f761,0,1,Hartware.de.xml
-1fcec52d0a6f3e89d64966ba878969749e4df9718a6500d911f5d86169e3beab,1,0,Harvard-University.xml
-db16d5037c30da9f3b7dcdc63eae06752d0a06a2f0cb2d1c16100e634db2a5b7,1,1,HasGeek.xml
-677a1f137cbdb70fa32b83ca65b999f9929d5401dfa18e5e0f57c289c449ca38,0,1,Haskell_on_Heroku.com.xml
-d2511be1cda9cbf6be4203a788894e4a93801db76e92258e934e735e33ea9321,1,1,HawaiianAirlines.xml
-94f56f0adcdb0437f486e311033927f8128063b2cbe202c4defa9333737078b1,1,1,Hawaii.gov.xml
-37deaa55d5be92cf8e3f10a97c37edcf40589a9594ce3a31421ff3c64b3935b4,1,1,Hawk_Host.com.xml
-d02b9ca4b8f807d3f24f0eceae12d51666e54d27aec59634d864e8688ff2a3b7,0,1,Haymarket-problematic.xml
-a3b27d8217b63ddaa932bb77a6132f96519a3a92048e7486330111c2d0aac76d,1,1,Haymarket.xml
-e01dc2b5f4d3693d2b5ec33bdf24ab3a7add5d8d62d2341abdde9e708f5ce184,1,1,HBAnet.org.xml
-9456c5769b41740b51d29d79ec0b1e582a23ecc327232bbee0086f254aea028f,1,1,HBR.org.xml
-f005b3dc25d33b4f6e9f81663009e2a3a5f8e8c16e11628324086505e21f3df0,1,1,HD.se.xml
-1749f4a98057b2e57d28d985e48fe72cd45b44843ce3758aab64d8280bfd18af,1,1,HealthdirectAustralia.xml
-591930da4df33140beeaa02531b0b95e5f5dd8dd20879f314626f0eb2b187eae,1,1,Healths.Biz.xml
-027a9751e649f8410d3ed6a10f065f47566cc15ac1b3cf41915f722fb96baaca,0,1,Healthy_for_Kids.xml
-3edc0a640e42edae30c61c2af5a8e5b77455186e1d04c99b01235e248e320a5a,1,0,Heanet.ie.xml
-e6bd96b0e0f28e843af136c5fcfe7c0242778ff4aebe391eb57b29f2058a4511,0,1,Hearst-Corporation-self-signed.xml
-5a7c989104fae6ba6f4ee2a80242fab2e700357e5136b4e2f3bb235c6455faf5,0,1,Heartbleed.com.xml
-c1cc9b6e62885034af2391d2c9fd1ae947c8df96feb07b5d0d012eb831aa51c7,1,1,Heart.org.xml
-026cd04456aea4af34b367acf735ad02d1e082aac1b4331c7d36f39414e04816,1,1,Heckrath.net.xml
-e30b40a4583d3ff634b1e242b3b81796878d5004302f63504b634201276effb7,1,1,Hegerys.com.xml
-96303816b6d137a8ff22001e5a124d294fca5f073d184f8765d5fdb83f751f1e,0,1,Heimdal_Security.com.xml
-580d999997747a4097f5114244ceb0ed663803d141aa434b26b978c932efd3a1,1,0,Helpdocsonline.com.xml
-d242b4846eb0d61eb9e9d0e22ccb607616353391445d8f19e729ba9fe142a20e,1,1,Helsingin-Sanomat.xml
-820014421008b3ca657f912ac23f3adbdad002254ff6c94d5004483405ae083f,1,1,Hemmingway-Marketing.xml
-8291b5a137d3ec0d772b70f8d45a726e19b73dcc871494c813b61d0440886a7e,1,1,Herdict.xml
-25d4cb3f8b97c04d2b175c9f3d8e42df52bfc92fce67e743f57b5fdb37e86471,0,1,Heritage.org.xml
-176b9d11a836aa1b104cbe634bc39bf5811b2dbdc744b0087f63e1dd12f2d59a,1,1,Hesecure.com.xml
-95365d0076da114c98b41049f775b4e36a52bf8297842da9d533802ef3317761,1,1,Heteml.jp.xml
-93a85fe7954fb1d3f5226dd1ff4a98ba918d5a5f028d76ad0b519796e19ec8fe,1,0,Hetzner-Online.xml
-06b2349b5143a8ccdb78b8aab23ca394d673ac71c011f3125393bb4cdf0043db,0,1,Hewlett-Packard.xml
-f8c20c76eb24ec2b01bc17da6b72127d6814087d7935290b9744802b6622c490,1,1,Hexonet.xml
-0ecd9594e7b04bdb9476ff3489d64735901f9230617b1d0bc8cbf0b0743ae62c,0,1,HH.se.xml
-87d4a09cda0461698482ef8c7ca7d5fd56427dad34c3e5064e2fd8273ad76444,1,1,Hideman.net.xml
-4307221f40a691dd191221761ecca21f6ef5956badce47258674d0cc030e453a,0,1,HideMe.ru.xml
-bc901fe2f644b61113fcfd562f63822e2d7028165ce857013c23eaf94661a6f8,1,1,Hidemyass.xml
-406fd610e2e705adefb26d72ada5b00607b27dfe683c2256efecea7ba1ed2e21,0,1,Hi-eg.xml
-bcf66d61bb11422f0313f5c0e907ed5eb13c1795a7ddc1e5b45d9f37c650d987,1,1,HiFX.xml
-0f6d80b71bdb6b5ba97ef737fcebdc8b3563c098949d42580308d141f2f8c8ee,1,1,Higher_Education_Academy.xml
-a4c0e90901e40365b963c4bd9f9564adfc8fbdeca4ca93f800e432425650a798,0,1,HighQ_Solutions.xml
-4ad8e5f237288fc4d5a78feb97decdf3eb8183a4c0e99447ff3ec0867f6baf0a,0,1,Himediadx.com.xml
-96c3819b222981bab9612a1959fdf9b0a1437b3362046464cec121bfe80bf3f7,1,1,Hi.nl.xml
-54a8154d1276f56854a0c82402b1b10fae0ef6e711b29e3cba368aeef84845d7,1,1,Hipmunk.com-falsemixed.xml
-6a011c27d3d1eaa622e81bac1766aefa2ef91699ef6e2c335df418719e2b168b,0,1,HIS.se.xml
-36ceba5acc08a983db89a339799ad552d122b296fad56a5c824148a451afac96,1,1,Hitbox.com.xml
-abd24a4a46df8400758c30c1b945c917c290a2b390655e2904955e30bd202fb4,1,1,HitBTC.com.xml
-1654debbc84e77392addfff21481c7d0908bb592c819a281a1d59b242d618e9b,0,1,Hitfarm.xml
-4c48152afafc43474f068a272b78229d1f68611d17adf496ee5e501913d9e5b9,1,1,HJR-Verlag.de.xml
-b7c742427b63875bf405b4617943b5e508ccf8ff4761279452ce909a2aad22cb,0,1,HKK.de.xml
-3c6aa822dc67f0ffe05acfe4cb0adf96d40482f1f0f1a77e5a92b4d51587b401,1,1,HK_Yanto_Yan.com-falsemixed.xml
-d09bb4ef7ae7ddb86f27ef0523b00a1e399bdc19cdaea4c3cb0dd86c6e6afdce,1,1,HK_Yanto_Yan.com.xml
-e4008a97cf78027ed767496be5bd7d90e264f985f040b3b0066d03eed6cb6795,0,1,HM.com.xml
-290ae39513b4c7e08e040aed3509085f3a64ce1bd767324d0812dc0ceab53c44,1,1,HMV_Japan.xml
-9adfaca1c0c2fa22166e4ac6749d4cfa121293e9945cc576b4530ea2d11a6578,1,1,Hobsons-EMT.xml
-f6b2d8963d38550c2dbaf89a83f410d46d2e8a2550e7c10bb6e935323775dda5,1,1,Hochschule-Trier.de.xml
-4687215abfb9bc6c7453e403aa1b1a4eeeda7d7c9e82c03588f7581879f01451,1,1,HomeBello.xml
-84adef685acf6a090177b9d6d465eb2631327c0dd77ee0af9f8b7b203f8cd592,0,1,Home_Depot.com-problematic.xml
-7b460dff8a2b02d81df02b9d9ed829deb2dbd3d850c4536babea038ef2968ec4,1,1,Home_Depot.com.xml
-338e8194a619447d5b6188ffe7ec92abe2edfdb81aaa618a04cb38f9f63635ac,0,1,Home_Depot_Foundation.org.xml
-578f4bb8f6049f8a710575d2cd6745abacdd758fdb9898236fdec1de1eb8435e,1,1,Homeless_Veterans.co.uk-falsemixed.xml
-bb05f17daee3073ec173b76d03df68b328b8f2e002052788c00f83e7d1e25001,1,1,Home.pl.xml
-a259a3473fffa759dda3cebf532eece1bd5c6f0aaa9779ddbc946eff7955f5bc,1,1,Honest.com.xml
-2a0ae89908e8f949c6d795d70f1c330db51e91027ed35620c29c343d7067ffc6,0,1,Hoover_Institution.xml
-8424d16e90d4f392b330a853e9dbba7677c71be3a173955f5f1d593fd5d5afa6,0,1,Hoovers.xml
-a3e17fe9079e5521346a4a3a865c9b5a7944f64e04b8d859e9721211b1f7a24d,1,1,Host1Plus.xml
-2d8e92f61fa2c3db92ca33b37933c4c6d7c9f3deaf712dbd4a9a31c4c4a94f51,1,0,Hosting2GO.nl.xml
-a7d318cbb441e2384b33258ece2d59873ff32386decf70e7eb8fb4ac40a89582,1,1,Hosting_Catalog.com.xml
-f9324749f745dd11d192d3e1b9664f2ca11636d60a9fc0ec77e1f821f39b432b,1,1,Hostmonster.xml
-2e4cb405f959ac23593b4e74d9cb27896899f247ababaec1ab5323c650b6672e,1,1,Hostname.sk.xml
-36d5ba333745b2e704da19cee47aef04a75f6ffc6d869b094ab9ea9de788882f,1,1,Hostoople.com-falsemixed.xml
-dc77c34327b9b7f4f9025979118a7649a7d358c097fe0735f150c7fc10731150,1,1,Hostoople.com.xml
-59fa747d9b4e4193ed6c71b6d587080b6f58f4f358dbbc8441b8b8e12f306441,1,1,Hostpoint.xml
-dd7ca93d6e9bd777586b13f43b20d837677ceee67a53fdd3bcedc29992e4d69e,1,1,Hotels.com.xml
-31db6be8a12a136641f805a8a2bb38d6a4bc82b9af87de00e4ff627841726132,1,1,Hotspot_Shield.xml
-e4a46639d7beec7cf0fc2e372e4bb6286cb79834070624677c3434e08ec078eb,1,1,Hotwire.xml
-923d1f3fa8f532d8228ddbf2ac64704a3bb0d1b08c4431fbf571d5f82f5d638d,1,1,HousingWire.com.xml
-d98c0ee29a753a02120dbdd28356de3914c2c8f3992923f88ca1394ed4c5f334,1,1,Houston_Chronicle.xml
-79b67385e5095c34090fccb7de8b28850d1a081a776f5aa319318bd9a7c52d7d,1,1,Howard-Hughes-Medical-Institute.xml
-f427a838c4a1bbe72c4071e9eda0131670ae90bda5c95b80ba6db7505f8006fe,1,1,HRsmart.xml
-4c5e2eba3bedd089bb299e83c0f11327b85e5451f2a07bfa71c4db0eecf5a6f9,0,1,HSLDA.xml
-8da16eb1d1244028746f9024263468233b176619f7978a7462f9ac6c0434c911,0,1,HTWG-Konstanz.xml
-7675be92f18029bde9ffa5c6455abe5fb26b26d724c706900c67fe3e4f5addf3,1,1,Hudson_Valley_Host.xml
-160cf059aeeb642add9c979040f1b60282a01c9ee49234f64bd25ed4611583aa,0,1,HUK.de.xml
-02c47b91875530c35cdf6a3ae4ec6ec7e564d4c42a07d56a2858bbaa584cbadc,1,1,Human_Brain_Project.eu.xml
-705887bb125e1d3169f3af3c21c199a7d457e5a565cf07d84c8548a004de775c,0,1,HumanityPlus.xml
-ffa9a50df3e8b93b0681cd903f99fceba361d148f82059e0368c5a98a688dad8,1,1,Human_Rights_First.org.xml
-9aad6b65738ba739b982d72c304a22fcc0e8254bcbce14ab856661d924cb71d6,1,1,HurricaneElectric.xml
-3b6e1a51595333472ec9d3d73c050d2ce31132e0b4d77408a77c6ccde64b54d6,1,1,Hush-Hush.xml
-688b5cc17040049d7ee16e5c91fc52540ab48515272bdf4b3fcb06ee884afa21,1,0,huuto.net.xml
-d83b73a4f1df2cf8b81e8c222d8d39221478c28110af0842594d334255fbe89d,1,1,Hwbot.org.xml
-0698b9892d4f3615f359bd0de6822c313b88a06ce3e15723d9e213eaf203ce73,1,0,Hwcdn.net.xml
-b3fb86457543caab9db45f0263c9bd50f8de87f2a9421dd719bfc721945af8de,0,1,HypeMachine.xml
-dbb782ebee6eff8bdb35faa1bf5ed396d62ff117785f233ff4f9a43fe8e82f93,1,1,Hyperspin.xml
-f5cd0db37b8df2fd918472d4fb92858ef4c965d10d7b0b64bfa39964a84ec477,0,1,Hypovereinsbank.de.xml
-f386a523e2c4090d14277e5294549f0102bd2472fd1e3bd5f41e58f0da419044,1,1,I3D.net.xml
-10e86406fd84b296bf96444a468a014069123807a581d9bc92024399217a2c5a,1,1,Iamnoone-solutions.net.xml
-5c03066e85c3aaf26417fe02f012ace3c4a4a650cd9c2463a4adad11f3f22f50,1,1,IAmplify.xml
-efe61764f8dfb9aaa617c1e56fcfef173f66aa12328bb32d162bef6d65f12348,0,1,IAnonym.com.xml
-fbb6f639b5195a93959082581d01bed9f3a7f267a8a19c346d366fef030212bd,1,0,iapc.utwente.nl.xml
-28e92d0f1eb8f22fe94358c90cddc63ab32477d3f78417bd8b00044c1fb6ee2c,1,1,Iberdrola.xml
-b7cc4fc999d2a76591c5022d7bd3eec8ccb5425dc9312584de2f5cf1f5b4caf8,0,1,ICANN.org-falsemixed.xml
-9bfeb0f4626ecc145fff2cd4a6d53ca946f9dce504f7b35536dfd309452ff059,1,1,ICANN.xml
-b8d9ced232caa9d566ece3108bcbb4e5c6301a0d51bc5866808654daa97cec7d,0,1,ICA.se.xml
-e158dbc2b1b6f24c03e24e1418e3c388738c260ff02efc428b534caf1185fae1,1,1,ICIMS.com.xml
-1c97967b381276b238871d3eb2c8319319846a14bc511b78fe847122460b2fb7,1,1,Icinga.xml
-d44de59e34457e8ca6ea85aef7ac9db366d5bf1f0f174e5089aad9fb97ef6407,1,1,IClick_Interactive.xml
-0874c6fcbfbd986ae122b4156e7fc703bc6355e124debe35361da13211a6e5ac,1,1,Ic-live.com.xml
-827a6db7e98321d0d3138c28defabb914f53e4992681735b6cda4f11ac487edc,1,1,ICMail.xml
-f18922a305bc3be951a93339bd0045ab5ca5b9741009636154eea681291cfcee,1,1,ICommons.xml
-459c2616c37ab24f3cb76f67f308f3e275f69c7f57af5d4d277720641f62c078,1,1,Icsdelivery.com.xml
-01ce71e4cc4fb37d2563eb033d05b04889e3c8838cb8acc1e9c464bfaf632235,1,1,IDC.xml
-047c2947f163b74bcfa7c71e4cbaf7b19e2c4fb951dc2bf975446720dd35fb3d,0,1,Ideas_on_board.com.xml
-201db5adb55514cb0d85c5312456f1e1aae6e433e9831a3ef712d9dd524186f5,1,1,IDG.com.au.xml
-068471ee0af35f0b5f19a2fbce1c23d98772d18b84d8c2f3ca2de29249535c68,0,1,I-Do-Foundation.xml
-9186c7a3d33d3e8c9b84ef577fdaebbb7036679efd20a6f499c1bb54f1c870c2,1,1,iEntry.xml
-cb088854b0d354c353d1a9d42563206b86ae3f1bfe59fc44bf13a6d1bfcd11aa,1,1,IET.xml
-6881743a8428767ade8fc317663de00eeae5a905bfd84594e5bf0f4d5241986a,1,1,IFriends.xml
-bd86bda4c45c1b4e02662210240b5a7aef0b4461be87168e8788aa8e0e00ae9e,0,1,Igalia-self-signed.xml
-82295f0f37667d5dbc790d8b5a0bee3f00924ef47cd50d271a122a363aec0299,0,1,IGaming-mismatches.xml
-e10e32c1563d58a09039d5791af232a81ba0e8274b0e02662bbf3034a4b2cd7b,1,1,IGaming.xml
-cc39f5caaf462c4141e27247c63b3a0684d4d0cd9441251fb7b1518c33671a07,1,1,IgHome.com.xml
-06fa0e873e4bdea3ae9ca0d8ac78f1b8ee1c7785206d7b4cbe4f2b1dabd47abb,1,1,Ignite_Realtime.org.xml
-e661e8e3425302863a2ff1dd7df7e88ac787d0c5a965cac6676095b40a25c9e4,0,1,IGN-problematic.xml
-78b3f2c3b9ef06aa38e6bb81bf7d3dc39d939c9867b337910fe9128ae6cfd261,1,1,IGoDigital.com.xml
-19a10f5af3e7219c9888aaa8159acd278ec023e7570d6369264dd4ac99b05bcc,0,1,Igolder.com.xml
-6cfaee980fe03658863de2bbdf930efbcd465989f5a1ee7f18cba58b70d08cb5,1,1,IGrasp.xml
-6774ad8f24a5832d8817201ecc506d7d7f408240b32e33df9aa347abc5c0fd43,1,1,IHeart.com.xml
-320e3e6dcd6288115acadbe27e811f9cb7acf7e55980fdea21670d81eef77c7f,1,1,IHG_Merlin.com.xml
-eb4940331c51de8d5bea8ff74cf37cb4eed6371c5c5145dc58deb822690e151e,1,1,IHG_PLC.com.xml
-d551e70ed83e94f2b613016237978dcfeacb473f32cb4910f52a3a1474bcd8da,0,1,iHub_-Nairobi.xml
-df7acefc4fc64903e803b27bb4d75cb6e9923d329711a4f14e2251e82b85f57d,0,1,Ihug.xml
-33f9b407bc2c2091c62ccb04a9eea01a09f4944124458fb00c299863545b2584,1,1,IiNet.net.au.xml
-b4bd3fac40e22f2ccdfa1dc53580558319724a3dcb4f7900de372df7cf166ed6,1,1,IISP.org.xml
-0f2fa11910da62cff20887412e60da43b9783f3232f5165975279d0c8164028d,1,1,IJM_Freedom_Maker.xml
-804e2810b1654261f05dcf2ea76703b9d25a9fcc8ec5f079e7bc5e33a49bfddd,1,1,IJReview.com-falsemixed.xml
-80113e93b37b37a4b5677a3b5f4468ab96198f2e4f1bb6fe82350d086e21e554,1,1,IJReview.com.xml
-18c086c4defd26a9dd8a3fabcc666503c4ea63b34e95dfae104088cfc9a46347,0,1,I-kiz.de.xml
-612862cba9dcba8f259b40677fbb0dc0c970577a2ec8248d7b4b264723701570,0,1,IKK-Suedwest.xml
-305defdaeaa1aeb9ce051ed44aa41c881340f8e1774fe491a4d37027a055c844,1,1,Illuminated_Pots.xml
-57701c65a4e54e3947700aa9326b7305c81bc60f028ebe63acf0e3d337d58c06,1,1,ImagesBN.com.xml
-4d457c3fd0cfb53e3d9a1079bbaf815dab5490d75536dbaee729b3dc6f4339fe,1,1,Imag.fr.xml
-ded349d0e0b6957b6ecb94f4e85ab1dfe7fa03b1a0ed16ba7531ff3b9cda9322,0,1,ImgDino.xml
-aa7a719029440b57ae3a2fd4be68f59f2ca9902cf9f3febec8b7a11c818720cb,1,1,Imgflip.com.xml
-0c27d12b989107700856764b1fffb8ef0992363f2b56d119d82268f894fc1631,1,1,ImpAct.xml
-d63109c1bda717546892ddf2e5b7b43230f77a743589f6003cf2eca75b704f87,1,1,Imperative_Ideas.com.xml
-2c56a55203e19f8757d1bd3ac5758338c21eb571a322466ddd48a27f99d3ab30,0,1,Improper-Bostonian.xml
-7c4e3f65b1a1e58939f785bdba4bb2487bfa92c5170529d0fefa377d2ce45779,1,1,Inburke.com.xml
-034e99986704d76d7c6fd2ae501a2b425217dff50e15198a4b104177ab674c51,0,1,Inc.com-falsemixed.xml
-ee5d005e74a1dbe3fd0401d33e9c45e14eeb64eb544ba268659c58d5fa88183c,1,1,Inc.com.xml
-4f07793724f22d51354cf995ac9f58512230808fbdcfbd964ed035443fd297a4,1,1,Indaba_Music.com.xml
-006659bbdcfec962cb0dfd03975d3c2fdb44e8040f54b2a4d4761cde87fec5a9,1,1,Independent_News.xml
-08fdfcc35d415a8993d8bcba68b0216bb1343e148d736fbedbf61d6de08ff781,1,1,Independent_Voter_Network.xml
-eee5c5f88e318b3229556d8238bfa8045c1ea90aea6e29ac6f28a9e7c2007205,1,1,IndiaMART.xml
-c6bb0755884827f0d4922e9721c56eeb37aaa515ba1aafc1ab435e75c5921b3b,0,1,Indianapolis_Star.xml
-f7be09e50039754ab05a181f2ad5b773554692b297b5b92027c9494b92e725c4,1,1,Indiana_State_University.xml
-0e11558aa800c2b2eaf87fff2fcaa7801f5bcf2b287180b9ddb86cc5df6cd7c9,0,1,Indian_Express.com.xml
-76196600f67cde4e2a5a69869eae23ded468e8c8ad6837e111b44ce8104cbff1,1,1,Indiegogo.xml
-c52fdbd3af9fbb35bba313c6057070eb43dbb148646763f82bbfffe9fe643211,1,1,IndieMerch.xml
-8f065e04d6bf03937cb8af0c1e8ca08925d3ef8f1b1fb681688cc3d5983cd356,1,1,Induction_Solutions.com-falsemixed.xml
-0d4727dd514988748b9ce48c4b407c7b52ca4cf4aaca1d13f867067eae1de9a2,1,1,Induction_Solutions.com.xml
-6943e0bf9fc5a32b2be598a64a25b6a4d8ee059154c859dd15d2da7b3c9889cc,1,0,Indymedia.xml
-69f67c7a6a357cbe15b8e565e6d2afc6b8fc2ba6cd3cfd393c4491b3861fa503,1,1,Infinet.com.au-falsemixed.xml
-d351705e0117a8e33adc3e40e369f3a6e85d99b78bc1e1486fe5694a271ecfc2,1,1,Infinet.com.au.xml
-cad2b10fe0161e74f2301a13c05b8d772df9cf00cb27e9a79ee57252ac2d644e,0,1,Infinity_Tracking.xml
-6938e47eaedda9b1548fb6fc8efffbb1069f8c9a229b2bd61a97d7da4f5a3804,1,1,InfluAds.xml
-80cec67f64924c4aa283209f631550d6181bc868b8762c22b13dd0a9a1aaf5ef,1,1,InfoJobs.net.xml
-b9f548ee8e7918ad26faf3926404d6aa68e13dfd092ab8435127ab975dee2f28,1,1,Infolinks.xml
-f4c83a13d0fd8f8e1248e83706d7426b8d5d39543fc0bab2f054bee91240fe66,1,1,Infomaniak-Network.xml
-f1c3666f04ae859c18c7bde24a595c493cee78f72121a2985a4d81a862b0fb83,1,1,Infopaginas.xml
-ff0dd4bb477d5c2b96ce3ca9edc86f4f449b5ad0688c3961ec8fe048f4c7f832,1,1,InfoQ.xml
-25891dc59b340e346a4a2e2e4a23e78b43ea8eaa67eda1c232173700188989d7,1,1,InformIT.xml
-9872dc9d2e174cbd02c79c23eb0c9c872c10ae2265835cd1cd6f3ab05a8a77f4,1,1,Infosec-Island.xml
-e8686224d76f240dfa05d6cec4525948de3ddbef03b1d39f83908e935f9ada69,0,1,Infused-Systems-mismatches.xml
-90de72a369527e8905105747fff3653c94e3e708fda69f1fd70aad8b7c940ea7,1,1,Infused-Systems.xml
-f17275b6e9f48b06e9f1db362a27de41baf0eec5fe34f484f7c141e9266baae2,1,1,Ingentaconnect.xml
-9d256f22c646c9cf9f4a5fa5c9d055d3c07ed937025bb19d659da8d5595c1496,1,1,Ingenuity_Hosting.xml
-756deaa5ee5b4d4c35a91db9c5e5f8173617434b69dac01f1017b5f33e5e4f74,1,1,ING.xml
-54e572fdfcc270309db864e7098ba422d1eeb909daa2fc7237d77649dfc4f057,0,1,InkFrog.com-problematic.xml
-b0674aba431f6f84a1712c31e7d36a881470fe0a99682fd24229399252192f13,1,1,InkFrog.com.xml
-abf2bf8030eb7da4165548443a622f0f8504acc1c1e6c06821be88d9889ef1b1,1,1,Innovate_UK.org.xml
-f10ba13a6c5177bddaa25ef0a0bd9520f21fe2985c58603ad6938b5350d5ee37,1,1,Innovation-Interactive.xml
-c241d995f6e6793b43f3ae50cc1832289b1de058e929249ac5b3a8418806f8e7,0,1,Innovative_Food_Concepts.xml
-58c664b5ec717524f57a805ba2b423e0c583d9c94790029ea85c3a95138d3853,0,1,Inphi.xml
-494365c0b35d941cbaf840b921de5804bb2ee88034120ed208b667ba42f246d1,0,1,Inpros.net.xml
-449ba10b60382b828cd2a22be490c649e442925595d8081dc5f4affb480d3a1e,1,1,Insight.xml
-3db6c007feed4eef242703bbb8c70c6a243aa6f7506fe28374fad1164fd7732c,0,1,Instaemail.net.xml
-3a03187d574c9fe24331701f80708d8147ebf6a27cf267cf0fdf56089a616b92,1,1,Instart_Logic.com.xml
-1baf2e625f3311d8b200e79db4e4cfb5bbdab56df4285363e0d62826e90ab2bb,1,1,Instella_Platform.xml
-60f96117bac88d3bb5266f939904e1cde7fe10a4916c497d52dde1dab8ff57dd,0,1,Institut_fur_Internet-Sicherheit.xml
-703b4eb285554ac4a7e183ae77ad699b8ff9a62556247c0adeebea8b1d78c348,0,1,Integral-Marketing.com.xml
-2bb7983307be40cb4a5ca7e5d5529b3340e7d47029a8746c7f7efb4f43874ca9,1,1,Intel.co.uk.xml
-8f38ef172cf9cab85abb4a5a08fe5d04dbdd83984c4450911f539ff89dfb4f39,1,1,Intelli-direct.com.xml
-f8ccce593fb95122a95fe00918c297e77ce818f5d344510362a3a99417f8141a,0,1,Intelligence.org.xml
-a2935104eeec79044ee7c456a5a86422d95f7df2c84328b097f07605e5b49683,1,1,Intelliworks_Chat.com.xml
-be276a4a23f73ee611e562b8dcb27311a8ece7c3868a76c47460fdf8eb08c8ba,1,0,Intel.xml
-405674d9b11e8e289b645154f2352a4401d377c62570898515365300f4a3208a,0,1,Intense_School.xml
-06883949df82e37533d58f8dd286eaafafe833eb20c063807312fc6bf4ee779a,1,1,Interactive_Data_Corporation.xml
-0219e661837e8a5fa7cfe309f9ad82fce9b1ed9266884e2068ca3d9a5b720e16,1,1,Interactive_Online.xml
-6cb9b826d0dcd0221d18fc0d787cbdfc243c280c51fdf4d8d64114b2e62be95a,1,1,International-Business-Times.xml
-d35125abddfa06c2e8d5b27927b2295b4eca89fedc189825d08015be71e3e49e,1,1,International-Components-for-Unicode.xml
-84e7f285a45629181dd08c4280bfa1293bfa38c3565b837ff7fd262a45c3bd35,0,1,International-Finance-Corporation-mismatches.xml
-127ddf485368851d2dc1f1eb1f64bb100f9397b2fbc05b401f2c53bbb0bce88d,0,1,International-Free-and-Open-Source-Software-Law-Review.xml
-0992d1e0fc55d6fe819499e798e99207e0ce9aeecab77981087ba963581e8149,1,0,International_SOS.xml
-7266fc84a1e6e39f0b812bf791d0b4c8f3705a3070bf41196385d46762dc2ca6,1,0,Internet-Archive.xml
-a0c3cfd823c709fe004ca38155708cd2ac9a21d7ad93be993a7c6f9464613c9b,1,1,Internet_Brands.xml
-664ae47fc3b398908ca534aee5d9fe34be83c9cc3f4b480c41a79a767f5fa49b,1,1,Internet.bs.xml
-cab358f32e9a489eaa69ccfdefe364cb36fcb5ba3346874889de9fc875050d59,0,1,Internet_Coup.org.xml
-81b3be4036e221a597bf01d58395099db4a6791814c05bfdb666f9dcc2a8088e,0,1,Internet-Governance-Project.xml
-3cefe2aca575fe4b14a4d0ae67ac6298463405b6f5514e0f95e0c3f2cdb7007b,0,1,Internet_Video_Archive.com.xml
-dc6ff49076759df04ad979467bf83cbb0678098f8162268e128a4a1f9b4a93f2,0,1,Internet_Week.jp.xml
-e6ca399f916312a92f2ccce14a32e982e49cae08a6ff48889a3e31297ddce53a,1,1,InterNetworX.xml
-340838024acfc70d6deabe9ee17b085b055d4bc9a80120afc800318808c7fe29,1,1,Int_Gov_Forum.org.xml
-733c0f0956527491bf6a01d35e097c6df6b84c46e102332096a4fb81973f7f9e,1,1,Introversion-Software.xml
-b00472fc653c5118dcba1528fa24b826ac7a3c90f1724d7966bb4c34b237f936,1,1,Introweb.xml
-c4773cdd0de0de2a990f3a7cbf574661da1e3c493e451b122ec2b1690d9154e3,1,1,Intuitive_Password.com.xml
-463310fdb182747ebb4fc15ab8c38a5f573b10b276ab7c3775acd3708408caca,1,1,Intuitiv.xml
-25975eeed6ce6e43517091794c5bdef087ecbbd76d1c2a039db67f6e30580f40,0,1,Intuit-problematic.xml
-17da245bf7911e07d9084e78490fa63191f406d7ce3c80f1355c8e58339f6ea8,1,1,Investing-Channel.xml
-b8b926a42cd2792106cbee833c76f516fe15c33d7b2af468e29ef66a8694a465,1,1,InvestSMART.xml
-3ebb442ec50843a304373e65a510d15fc576c54cb6b978fd86163eecaa6037c8,1,1,Invincea.com.xml
-991eb3720ab9da46c16c4b7b6cf83c0e7b071ef94e46111466e8a8b533b7cf71,1,0,invincealabs.com.xml
-2cef6443a46e25e2a577b7f671c5ac7118e0ac946d1344c36ab0570a54d09e05,1,1,Invitel.xml
-eadb5a61f34eb39970c0bb4c3754caae00fbd74671073ae8b4823e675a114c01,1,1,Invite_Media.xml
-6b83c7249532eaa85681d638f079f8c090c10b2e099714e498d70930e3a2f867,1,1,Invoca.com.xml
-0728b84ff919181262a365a363cd4e287be13bebf0c60e86ab74874d79a8418c,1,1,Invoca.net.xml
-dd1426ca3f72068c95e13c9f408c7a528f5dfcff829707f3bae398b7e98c669c,1,1,Invodo.xml
-0ef3df0ecd4ba16179db2b0be8075006eb68c43cc12e3a0859365ad8bb4030f0,0,1,IOCCC.org.xml
-99434a574dd224c386513e2ca4e72a9cae93fbf45ec511c4ad8acb80d499e3e2,1,1,IoMTT.com.xml
-509153f087cceff4ff6515158dc7433b329863e3820103b361d5ee92206da1ab,1,1,ION-Audio.xml
-8a66c900d13231321bea6872c759548b1dca37b059c7a1e729c7d15613ab0b82,1,1,IPage.xml
-93a3e92e0c71bd5f275730c91594b9d376221d33e2b18b16800d142fe6a5a638,1,1,IPCdigital.co.uk.xml
-98f538b907ef6e97fe0c479b1d7a75eb7c586807658f58ed57899aba56ea3479,1,1,IP_check.xml
-8b8f247af30a7f3dfbc9c1dacb53733f86a161b3c88beb69b43a8078dd19325b,1,1,Iplay.com.xml
-e2ec18a444e45c297a850fcde370401808f82a6183edb3750963f46f38365281,1,1,IPXE.org.xml
-4cab7ad0efb9a81786846b6c973ea525e4bd99e95bca78435ffa6eccac0f3fec,0,1,IRF.se.xml
-ef823b5bbb7fb55775a4d1d1f07ebbe73247b0e6bf88f7b38dd40a8a0d604313,1,1,Ironwhale.com.xml
-d3976d61894e1f8464f930466936d18aac9056ca9b23f7fc23d97382692b81b9,1,1,Isle.jp.xml
-e8e870aa2f1aef2264b5f4c2a02ebfa701b49355957dd1425fe4d2751f165b21,0,1,Isorno.com.xml
-25311515967c690251425b45e19fd0952f87a56714aac8d249e10c2e91bec453,1,1,IsyVmon.xml
-9a3d20d51558662095b984f95252e8d9efd995b5ad19df125290e26d72177be8,0,1,IT-Cube_Systems.xml
-764508623d243afc9149bf564450909e3f48fee5a51e40221fe9c7a43640495e,1,1,Itex.xml
-8a630c86ec28d5f7c1c289c2470e843c30781cba6d81c12adcec6f925c971b5e,1,1,ITPC.xml
-ac43b9af8ced88db4ff0bb0c3603ac8a3f7a9542b9e087ee8a6c6c33a1aa327f,1,1,ItsAnHonour.xml
-81c8d9fead672ff52549aa53b8306ba03eb208607c9e65e2a186182ca6693c7f,1,1,IT_Toolbox.com.xml
-dafc7bbece1bee56d94c8660d05f9d015319ad221ec2f56682b00a1a0d26dcc9,1,1,IT-University-of-Copenhagen.xml
-e2165b1edeb24280f7d97d06d1d92c4fc582a0f814d7c38c2116090c7e7f5f7d,1,1,ITU.xml
-024f274cd2fb232792acb65a2c2c2b67fe893b6eebefec9da21f017262033102,1,1,ITV.com.xml
-30fdc0bbded9c8027b90c01f25e0c69bd106ff85533a3d6ab57a451e85b23314,0,1,IUCNredlist.org.xml
-3b48a035ae7e50023f531d8a79f7f41f7b3289b9a214d72ad9191edc5d596e02,1,1,IUPUI.edu.xml
-4aa279ddd137572939877944efb5a83bc521d1f8e83cc6250fec7f9150b55043,1,0,ius.io.xml
-c94cc0f445874d3f294be079e1c4775fefad5e6bb8d6dec007efbfd060276163,1,0,Ivacy.xml
-dc52614b3a33ffebbf5763c7c2a25158699d866af7ceb86ec83fe1750ba742d4,1,1,Ive_Got_Kids.com-falsemixed.xml
-ef2b06228e963b94bc9c0848ac490cd4516d52f2c525f74812dcfdcac93acefe,1,1,Ive_Got_Kids.com.xml
-2de2eccdeca2c24e616299050f3aca9ea8681114502166db1e5fd88a83b08eb8,1,1,Iv.lt.xml
-72d5a938721e66ba26e62c852e8a6f46fede3b30c5340cdb79debd18b8dbc856,1,1,Ivwbox.de.xml
-8da5f2bb9c147020134f872bf90cd9012bc6ab274e6c01ccdf3e529412599144,1,1,iway.ch.xml
-2263f261442b3b22981e232a1de6e33f81358b3b3482400f0fadf5ee89d20763,1,1,IWebReader.xml
-2058d895da75a404225168a25a20ed36618333427509d7252de4bb28563c3b70,0,1,Izquierda-unida.es.xml
-f23044af3f74a7dfb084dd7dd217b138db5a4e66f859b0575345d364a1fb14ea,1,1,Jack_Imaging.com.xml
-ba819463f4dbf2557d7812f7a8358bdf87a57b9532ca6a05176f4ffb833f7274,1,0,Jackson_Sun.xml
-24e0fa0948d392408855de200e7a99c76b078055a0474cdccd491d8fea8b7d0f,1,1,Jacksonville.com.xml
-ea862774de9cabd815710f212b32d626a515601e3bcabab24545c2cc190d1650,1,1,Jacobin_Mag.com.xml
-b47a736395c65ea89d9753b7ee9ab5f755255b762d556e9113209ed034fc27c8,0,1,Jacqueline_Gold.xml
-d57c8c4e76a1ec4b5e8e38d8c6926e563a12b4f14ccc77eb69ba031d9eeb025b,1,1,JAMA-Network.xml
-10cb0af4bf6e24534d3a29773b5ee04776b93e8cb098ba9f1f80ba715329446c,0,1,Jamendo.xml
-ff9ec4d4ef3a1b3bce5e071c90838d8ffed730fc68e2f67b160984cf5759830e,1,1,Janalta.com.xml
-1485a52f719f2d27837c6be64889c7d9aab1ca439b32d3ad0f9b0953031c1750,1,1,JANET.xml
-8f17280f7430b1eb693559fda1ddca0a950a1fa35ee40610a67589d2860adedd,1,1,JanRain.xml
-d2130738c6e895702f300033327d5e273f6564c43c7f71006f8c288f83cc1b9b,0,1,Jansbrug.xml
-b11452e21255ea71512405b587dbd976452139b101003f4a10cf8b928005f3c6,0,1,JapanAirlines.xml
-62d30f32c383b9005b247851e85115fd358c8ee752b97edc0d020b0ee1bcec88,1,1,Jarian_Gibson.com-falsemixed.xml
-022c9c4086d6343d3fcd40c03a32097127dc93e706d6fa1c86ea0aced6541537,1,1,JavaScriptMVC.xml
-7d850c502197ea8b2e13688d1f2b34c9b7a44ba657c92faa3b3ed2030dfaca66,0,1,Java.xml
-8a7eeb71c6b48d0f19f91fbf3bcc845d29d94cd19e62672faa47548ccee7fc96,1,1,Javelin_Strategy.com.xml
-d85b36c7e5f7e55d3ffcdf72e91172f450349bcfa61385e2d97633ddd49b1780,1,1,Jawbone.com.xml
-26c1c6b5233bfe9bcaafb3505cc40fe716ffac3309ff08136944f0608c825d1e,0,1,Jba.io.xml
-7f6cd4f2e205b70be904505666dcc5ed6d32064fd765306addc44050e9f42d81,1,1,Jeena.net.xml
-36a6e1369155457e9635e5550744e2c1c13bcf2be9e8eab0fe4bfeea9ca471b9,1,1,Jeff_Nabers.com-falsemixed.xml
-b77b4b9c609e0f61ab406d1aa62c5d046514aa6581f420374ef0fc4b7a112def,1,1,Jeff_Nabers.com.xml
-20df0251075e227bd026718d531f83021987ee9c14a1438f3cd7e6f9ac12014c,0,1,JF-Shea-Co.xml
-fc360bc4c51c542d702e0cf9e1b9dc0dac71c9f6dbac2502eee7e4f382db5214,1,1,Jigsaw.xml
-c1df2d5758953f29c992ec2598c94e7e73d5aa6c91d2f8eb4d62e0fdf0322a07,1,1,Jinx.com.xml
-36aa494d6b1aadbb11d28e5f2733e4713688279504b61da9fa6e8e33c2129aca,0,1,Jitscale.com.xml
-f1a84ec3b3e0e934ce0ee5517ea0b31cb7ba152de5278eb0895bb07023c6628d,1,1,Jobbik.xml
-80eed726a6c96bd4f97361b7ee9d2fe2e954fb74437a4e800500399676778e61,1,1,JobMatch.xml
-64fc460060a393b978731d56d9f0e88902ca46fff05a9ea7bf778c7e0dd6b53a,1,0,jobs.ch.xml
-717e4a4f64aaad464e54a20dcdc4230ead9ca7cfb70b862703a039714cdc53f2,1,1,Jobsgopublic.com.xml
-ff5eb876669cf155eb33966d0cdda8a88942ccf55c814b14addbe51e52db761d,0,1,Jobware.de.xml
-944f796f90772d6565585be75ad9816a221c0c79c96e10bf0b2a41002fc0b0d8,1,1,JodoHost.xml
-c4b2113774001111b1f55f866cb7af429b19f4ac9e7a78dcfc985766de58305b,1,1,Joomag.com.xml
-7dd138cef7ffe127cd6fdbcb63cc7d3f0836b4b118cfd9773d5d3b2e1d681de0,0,1,JoomlaCode.org.xml
-5e6433cbef1434f17f2acba5cf2a74be3bce1861e88539b729f3827729ac597c,0,1,Joomlancers.com.xml
-c8894784a81d8e8acef0d34262fd1721fec1d497829fb2a165a0310c5cf8d22c,1,1,JoomlArt.com.xml
-c979cb8a361e3ed2bf5032f85b8aea715a1bcaea1a278635048ec26d4e59240e,1,1,Joseph-Rowntree-Reform-Trust.xml
-3a2cee590643793464daa4b4023de6bfb6ab8ef1b0bfde93a6bb29cfd8ac5691,1,1,JotForm.xml
-62027605d5213769d6815e6644e5e9d2c45a71dc2db060935e91f44e93efbbbc,0,1,Journal-News.net-problematic.xml
-101fd87908eecba0acf9700f26880592677e52c7d8edc8638dabd72dc06476c2,0,1,Journal-News.net.xml
-034d3eb71d4ee7fe858c1d07f27de44c75498f70699d0cea1ff8a24f7c94a50c,0,1,Journal_of_Affective_Disorders.xml
-c621d4ba25d54b2ac74584129f4234f43b52d2bb00a11b49ef04dc15848169d7,1,1,Journal-of-Neurosurgery.xml
-ce1f1dfa4ffbe1de9185c4d5bf81e07ffa6afd0c0b3c16bceaadaa8194659a77,0,1,JSConf.us.xml
-878f0efcd4fda30f3821e5362986a41446a368b644fffa970eaadde331595bfa,0,1,Jubii.dk-problematic.xml
-65d10d09f2078c9271d6437eae33d9e7d6ecae9a2b2364670ad60d98d0279f83,1,1,Jubii.dk.xml
-71b79ae041f784ef340990b3a3a1a16a07f041a87b95f9d6f235eedb89a75a08,0,1,Jugendschutzprogramm.de.xml
-b31ea973c4bb7c2d240cb7dff9a5a13174e7e473cee758844d9cf827dfafad13,1,1,Jugger.ru.xml
-21937f0fd2a36647290096e83c0db7202e391611c11760e4cd68edb237a4f7b5,1,1,Jumptap.xml
-65013129a4da8f42ff367111b3f7813b706c8e37023236e8536ba2dda8957fe2,1,1,JunoDownload.xml
-a6ca9f9ad95e7e241678458d14169a02757c470fbb891504853b72a2ce450cb7,1,1,JunoRecords.xml
-4b35e98b981f9df97de267679053b07d243573d98a3b6c6ccb0cd6398c50fd35,0,1,Jusek.se.xml
-4f66a213e609f141d907611e755bf0e4379e737428775635060e8cb0bd91ef8c,0,1,Jussieu.fr-problematic.xml
-8e25f54e02aadf3128841a9ea2f14f2096a975a4cb6578297be4bb2d78e4d9a1,1,1,Justia.xml
-fb593e8ddf88bcb1d1508da06196adc76706e4a163a0e8ceabace9e8a5bbf42c,0,1,K2s.cc.xml
-18bd1f18f953302be45bf882bd9b3b8f6a738d8f6e1f844dab416d95b018b248,0,1,Kable_Packaging_and_Fulfillment_Services.xml
-8f18453e3c720bfbebfb1708243a5a25fb7434df4e016246e8ea288eca398952,1,1,Kaiser_Systeme.xml
-6fa233a4df630fb7dcb886a508843290392db8506e73a1a7da94954db2affa58,1,1,Kampyle.xml
-911f9f57dd80af37a918d5c5029a1b4d156298e48a029e7aa9497beeda774ccd,1,1,Kaneva.xml
-0d020e8196630cf58db7acdcfaf794b8eaed3ff489057148c718c3937d8fe03f,0,1,Kantar-Worldpanel.xml
-4d40f0740ed2f847fd8c22c07325ae9fc4a83b1a17668dd707ca61a2bb37af8f,0,1,Kaos.theory.xml
-aa9386df75242bb212ece0a1276439722214b066f3a533f48cd1c9ef722f5f7d,0,1,Kapsobor.de.xml
-77a004132ec7407b90b185625d1a4610a071d6dfa8d9d607d3a63bbc76ae876a,1,1,Kariera.gr.xml
-d9cea3e0f991e145ab25ca5b1ceecb16bdbea19a6e13bfaa3f7d8aa6a7a043cd,0,1,Kasimp3.xml
-2533dd6d42cb718667d11a29e50393d300b659dac2e9c62a5954b17aeb915c71,0,1,Kathrein.xml
-8c3308c7790fec725f31e846d418fb1fda636beb525f9631be1cf2c9261f4672,0,1,KatzPorn.xml
-3841a0cb434fad889b90822e10a5a9c583a405751ba0c83798a22a12fd35be4f,0,1,KAU.se-problematic.xml
-a6a776e8e5901bd6be4af8ae581f0f74106f78b5b05b1b4e1521ff7df28c7fd5,1,1,KAU.se.xml
-10c58bdfcba0984977230b7e1f4b7b735e1a4886eec5ad9c0797437718d4fee2,1,1,Kayako.xml
-2086ed81e93368551d121b0508a0ae28a1d71f294f1ec7b58fb5d1d21b9380c6,0,1,Kayak.xml
-68709a34f51a5fd997ec08d97e2c0aa2330b4ea1134bcc5e11326893c82c9913,0,1,Kdoes.nl.xml
-acd59b926980f2e6a1edc1bd896e12121eb5ddbb7b91328e6ab7dec96b887c3b,1,1,Kei.pl.xml
-b67160a2bcb46424224f756e56dfb804323c2446e2161554d1d1015b64ab32d9,1,1,Kenai.com.xml
-cc4ede67cbb2b5809ac7bb84b1a3e4364ad98f9f3fc139ac38683c67256750a5,1,0,KernelOrg.xml
-499d9c70a8be988de7982c15bb9281ed6e9f1076f26f255574f0f958b3739537,1,1,Ketchum.com.xml
-911d17e381f38a6bc6ef545f5ca260fc0954922ed63bf05e2f7ca0e6035f4535,1,1,Keymile.com.xml
-c61b499fb7ce7de7eb4bc86bb6c047a202cbb60c30b6c78110b36e0e0ccec9d4,1,1,KHN.nl.xml
-5fb3e2cc1c993880a2f59cf36840a623d0d7f329e31b725c711619d78031845b,1,1,Khronos.xml
-e71f0286187bd70833f0c421f31b4c23780d670da9ba33e8487b66ae4229a629,1,1,Kids_Foot_Locker.xml
-12ae40cfc95aaaae2573664fd2fea40b4aa90e5adb75d013953225121bd38361,1,1,King.com.xml
-4b71dc7dbecc49f2b48f869a78b2cea026dc9eab9ee6627a49581d58bbf936a4,1,1,KingHost.xml
-01c0a3410f1b8f8fdb8a81ca937b4fa59a074300e02076422a033046087436dc,1,1,Kings_Road_Merch.xml
-50a1bfcd49aea8cf2afe04bcce6707b612e0429a3e5a16f1cb98cfc567603682,1,1,Kintera-Network.xml
-3e76458a93fcb8f50402743736e5f6916231f558b33c9c37bbe4dcda9f8c05f9,1,0,Kirjoitusalusta.xml
-c945235a8c454c4c16e6974e30e93b93424b69da591daa36bb76e7fe25157cb5,1,0,Kirkus_Reviews.com.xml
-aac83590b0080a78a0b254d8cef88f132b0d609d2be69b2744903b627e000951,1,1,Kite_Packaging.co.uk.xml
-3574082b8db6a3c2f542c57d0331d7afb46c1a93edd6b3856b447bcab2d0ad8e,1,1,KIXEYE.xml
-7e5171a47befa926139743e6067915bae25cc403dbf0f588f7864ab606739b62,0,1,KKH.se.xml
-bd7d290a024a52feeea17c0687d34ed0412dd25138985aeb137ee451ff253b44,1,1,Kmart.com.xml
-a6450ff330b90c225cc405c8f5c623dca8d7a80a0c16a3e58be546feb7ae886f,0,1,KMH.se.xml
-34acadabac69f1b030653f41e147c1baac9ed50038fd4d241b1cbf73e085bb5b,0,1,Kneon.com-problematic.xml
-8d12f9d79c207c30d5319a01f740f4a73681b5c5b5973fc74c6817ae87f76534,0,1,Knopper.net.xml
-a5358a29ca8a284d6821ad4bbdf89644562bc632a9704dc698ba5b954f1e298d,1,1,Kobo.xml
-6e1e8a06a97847e7a33147d96c3b62c45a7afadf7c76dd4cebe302059a7c6bfe,1,1,Koding.xml
-900b42c2f9d1ce487f4de696a98cea74e452b7f9cf848de6eb9c8d8254784e64,0,1,Kommunal.se.xml
-7b7771e336e05a84d249ba6c7a5693e82edd32524986654d9f221d8813f93ac1,0,1,Komplett.xml
-796f232394138ee9298ed061fe587c009ab2a399f9d4db5fb77a07baa51c390e,0,1,Konami.com.xml
-d417f481fdbe9c2100592bf164c92feed9e2a9f8c989a8267012fb2bb4a294a1,0,1,Konstfack.se.xml
-c998b1cafdda9cf06478f163ec72ba97ce710090b671180ceed391173d43a574,0,1,KOP11.com.xml
-107594077e634f421f2ba1f553e1a3504bcdf06c2f2470d5ee6a362c0a9c584f,1,1,Kopiosto.xml
-c3a61d031c07fa780173a1aa2a7c1c9272eeee8ca43da6848ca80775ab1887a2,1,1,KPN.com.xml
-c862e0e1a6711961135955912f1b1644c5e9dc31eb2966415367ebd39f434774,0,1,KPN-expired.xml
-d16ac097dcebab4087ec6f9bdb4bc0077ddd598d58299bdaf99a538e491ae85c,0,1,KPT.ch.xml
-c61197b469d6020a7cf8f4aacf5ff2c2af8a4903f35207fdae2fe0f81a370d85,0,1,Kraxel.org.xml
-6ab41a14718447df02b8c045716eb7adcabf5af5e48a7e76680f7ff2f1ca1ed8,0,1,Kriminalvarden.se.xml
-70ea6a47d4bc8e3031576360df6556486307c552f6262b899f7f5b57dec7fa27,0,1,Kryo.se.xml
-3ae3c3f965df54365567effeabe4ce328c7f31b9e4cb31009167fbb52fb793f1,1,1,Kryptronic.xml
-93904c0d10667169302962673004c767a5771c73c1918644c02a55dacf0ee33e,1,1,KSL.xml
-3d448b9e0ba2764d10230a6f260149dd3417ea3d92b4879013c4fd4505aa1192,1,1,Kununu.xml
-19bea2ed759325c97ae924c94404176e90f5621cb27805a2a1b51de8895d0e93,0,1,Kursbuero.de.xml
-5c1a6004ad48bd3390f16c7fdbead17ceb2c1a81e0c6454a304111d33a3d6c59,0,1,Kuruc.info.xml
-53f972ce676848f11352f5c892d485ce971910da0814445e0a42662963eff652,0,1,Kuther.net.xml
-4abf335db60c53d57b3601fbf32a77fb3fee97723ff0841f3bef1b4556880872,0,1,Kvack.org.xml
-a658ddc8846508fa73546b9b15f07e6d146d50826591eefd1a4235b65d059d93,1,1,Kyani.net.xml
-440e3c3ec61a216fd7754eb08d64a06e73366ddb91e20c952543667a86473e31,1,1,Labels_by_the_Sheet.com.xml
-20b19fd39640726a8449a52c8b6be51dccb571c5daef707a0b27da31b0d86b99,1,1,LaCaixa.xml
-9ebf6098aa72ec0fbe266bee38c2cf864855a3a43e95d50d086fba124afe74df,1,1,Lady_Foot_Locker.xml
-9cfd769231672625b8576733968b9cdccd500feac77f6f1510f30ed7f70959f2,0,1,Lagen.nu.xml
-1adff119276f79344cddcd84d7b6f5719baf21515f657c08ed38afaebe12334d,1,1,Language_Perfect.xml
-8fbfb34c2994d782ce1ade635b78401d5a869fce79d309a6a5993640f8e2d552,1,1,Lanistaads.com.xml
-0a40620d4ea61a892d580fc446a4e37d5a586834722d4993ce7e58ed4e08295d,0,1,LANsquared.xml
-c01f9d5e0f0ef9ec2db156bf19729febd55117a48db33e144075f98a9e96debe,0,1,Lantmateriet.se.xml
-4df842d254e1cc740e7b97bc6d828dc1474f0db76929eaa6b94998280180b752,1,1,Lanyrd.xml
-dd011e0f5fe4e3c951182b87f42d4c8da475b71bda1266177397782766a60a3e,1,1,LastPass.com.xml
-039059c27353ecb1cf62261e3235a7a84dc14e83e40391f19559f70a9c8960ce,1,0,Launchpad.xml
-1fae5026b085ff0376c53284b2b7536230bd781b79f4be08506d04bdc7ef1286,1,1,LaunchRock.xml
-bf3030ded18c245aa1d051c849660ef9807cbd9259da24dbbd0a5c12cefa65a9,1,1,Lautre.net.xml
-7098e2aa85525682fcab29572d0e6389dc4f3f869a192b4b9b3f4ea292cfed3a,1,1,Laverna.xml
-8c502c0ac28620fa9c8085df27334248b1c141a4448a9193fe9e17dc1258e0d9,0,1,Law_Business_Research_CDN.xml
-329b80614b84565bba78c4cf3ebd40f2caf60cf648372f1deda76b93564693c8,0,1,Lawn_and_Landscape.xml
-f649aae090d1c7cb5e6329286ca40bc52e4085fd4d43d022ac986523a689f268,1,1,LboroAcUk.xml
-93aae2db3d2e73312ed4250f95b9291ebe956e90fd2ba447cf665c751d93293c,1,1,Leader.xml
-a6a354b175f07f96a7c2cd4ce4a00e26cde800c6f6176f660a59ae918cb56d91,1,1,LeadLander.xml
-aa7a5898b6ee0435abc8a2325c8d26e1e7e45375c7707911d8651a1d4bcdedbb,1,1,Leadwerks.com.xml
-acab086b0a34bf5d315b8292d4bdc886c9c30f77f9009c19417f85feb96438b3,0,1,League_of_Legends.com-problematic.xml
-24851fbc627fd1e1910448fa382bdd31744479e3a3018e5acacfd363e338c140,1,1,Leanpub.com.xml
-e400c587a600d3ea1d156ae3063bc8aba863be12423441d42d9f56bc1c2b0516,0,1,Least_Fixed.com.xml
-93487386bd9cf5af49555cdcec23409fcad92e770785bf4b3e91d44805b75f03,0,1,Lef.org.xml
-efa43c344ca7034b8aa477d8a545cc618ba0b193ecde88f68cc54b605c903585,1,1,Legolas-Media.xml
-90a6479744e53e950b50a5618374c41aaea9b48c8808815cd181f6ccf7f4452c,0,1,Leia_Jung.org.xml
-da17170681a3bd56795ccebed4692911af60a64bbcbcebc201e15fe5d3c99329,1,1,Leiden_Univ.nl.xml
-a3ef9c0d822a74a1fff679e554ac079db0976b0c53fd85a2362de2cf6012812d,1,0,Lelo.com.xml
-c654e688d0010234dc5bb91f672333455c7ca1235884add140d3d4f9d17f3173,1,1,Lendo.se.xml
-0db5c093f93156a5764c5d52f71bf860cfee58c6bb7be818f235a9061ac8801b,1,1,Leroy_Farmer_City_Press.xml
-ee71a6176b5f92a9c5be034da928fc78ac61ae1948a2b7ebf0b0e65e170e4b63,1,0,lesershop24.de.xml
-5f40aad7f0e3df3f88bc274955f3bcf58402003b751c2afda19c418e44ba78d4,0,1,LesFurets.com.xml
-39642f205be4ffeabd15f24667759913eecedab67cfad0724f101565cac7dcac,0,1,LessThan3.xml
-7a1bfc739351f99895900ce0516234da64b65c93204a5ae3de8b247d64d86f63,1,0,letvcdn.xml
-a68ae22f6144a808a21f54d1483174f49482b23ca66fd63899ba9b4e8e0e77e4,1,1,LExpress.fr.xml
-b250c290c3d7b18c9f1ebd437cbf511bacfb023999b8931ba5fad91da27a1946,1,1,LF_Hair.com.xml
-c6af0bb28a0493ce2106970a3acdeadfcf1dba65e1f56a3244cc30daa5093c50,1,0,LG.com.xml
-eedbe4c1b73b659f65c1b47b6b0a0b08e5e4ce32c8c96b82fa8b6e4ad2f5ead5,1,0,LibCal.com.xml
-874dc6ae083039030d5a7f604921e9e914368e4748f0c62ffbc1ebff9500dc3b,1,1,Libdems.org.uk.xml
-82d91c9bfd424f34898c9435240f08ba68083edf2a2f14eeaab224ebf245a606,0,1,Libdrc.org.xml
-ca3651e464527f1cda0d1059fdc27e8bc7ec56c6cc326d8ba5be30aa145a3751,1,1,Liberal_America.org-falsemixed.xml
-4da6941625e8c737ccf9de80aadd671b78aab17d09bb0830557256dd8f3a6ca3,1,1,Liberal_America.org.xml
-2024f5bf8b3fc81e834b022b2c34f31669e1dd151a163c304d135218ac2fb74a,0,1,Libre_Graphics_World.org.xml
-feb248073503e6b89a199631eeb2f81de397fbe8033003f7c16aa4219b3d4663,1,1,Libri.de.xml
-993b07ba4b30101d7b4d133239b7a03ddc0d914cde338040b53d7871bedf04b1,1,1,Life-in-the-Fast-Lane.xml
-9f97b658b03e53823ffe3d24b38c30fb95796b04381506571cc2e179795bb8c7,0,1,Lift-conference.xml
-72fbe1881d78b24fb19fb901ec9921826c040eb78be5fbecb1eb2a54302d7393,0,1,Liftdna.com-problematic.xml
-91fc0e64deed78bdc5e964c46ad97765ae536dfc279fd42b8828f66653a1157b,1,1,Liftdna.com.xml
-45220faf6deafa7ec3e94a2117116c46efe13829982abc1343ef2839b8bace5a,1,1,Lift_Security.io.xml
-1549a4c4ddc5b672182806fdc65a451b26a62f21bca0fbb9b2dc023109b2e6dd,0,1,Light_the_Night.org.xml
-48c01e2f0374af16870b407630c136624e52c60d4a5706f5d33427a6d4fa2326,1,1,Likes.xml
-6caec6c16c8be5429cc654964d31f3d2a2990e0592b6402b994232621eb3c0d8,1,1,LiLux.lu.xml
-422032715cbce1794ee2f55f9bf167382377dfe69ee9056150227870c39d08c1,1,1,Limelight-Networks.xml
-6407a4a785f0eae1a43553d7d66ff1e4b15c06f54178294df3f832a9e65f4fa1,1,1,Limited_2_Art.com.xml
-c30be63bb86f2df95e80aa3c9e44123e42903fe609d1a1f184a249b07dd12f9a,1,1,LINBIT.xml
-65246edbb55b7f559bd4179548795ee732dcbc4cbd487d6e2d22609d2bf8e274,0,1,Lindy.com.xml
-a3179f5b1209fb9d30b10fc5fd8c7f0c9ce63f4fe2b87acf503c9df4312827a4,1,1,Linear.com.xml
-4a2fc0b779342d0c2d637197cac377d2f4f63c057426bdd6ad89db396579087f,1,1,Linerunner.xml
-e1606d594c70f4772ad90387bb7fbefb7e95f0e6a25c0cae0ab2957ae91e988d,1,1,Linkbucks.xml
-acdaaba99ef19c3f731ecfe8d04a19d7c62640ed18b3049f9149173e4d03f739,1,1,Linn_Records.com.xml
-a476e2dba22601391ac2096fae96ee94279b2cf203437e354b16f0aa8d51bcc0,0,1,Linuxaudio.org.xml
-abed76a1e5201dde504d6396473b2961c66f1362ed13dd21c4805178430d208e,0,1,Linux-Counter-Trac.xml
-7d1927f332504cdabc27f72275e37d352cf089a1db33f8739a2db002eb16e4a0,1,1,Linux.lu.xml
-7aa31325bf3afc674fef9ff7fd6a022945a077e10cdb903ca73ca0227b01861c,1,1,Linux-Magazine.xml
-53cf30c2c9ea211f8de47c6261d61a26d647cf394988339a5a9f1ff97bebdce6,1,1,Linux-New-Media.xml
-2f66c9ecc06f5e9d323069143ec7b47c7138a47aaf2139866394b3dcca7c6e23,1,0,linuxpenguins.xyz.xml
-a71ab050c710bfd47b7eccb18fd7d8424887e9ecc866ac04e2d00be0d779b029,1,1,Linuxpl.com.xml
-8902b915d4af12ec2c7859275ed6c3b5d60f224efbf7472033ad11e994d62824,1,1,LinuxQuestions.xml
-8df9f56194e2055e0b615a3cc7cc471d6231250d7c1bc7d7858e2ec1b1ff8db0,1,1,Lippincott_Williams_and_Wilkins.xml
-fd66ffe9d36bf4eb6da6930a5d7a4f647aa492e25111acecb037c54669d7f042,1,1,Liquid-Web.xml
-88381b0c6fb222168e09344b22387cf75ffb53d4e9ec8efe1affbefbb9d386d2,1,1,Listonic.xml
-64cb5698f01ea133be093f245d645f3845fd50c41f2eaa00c28f6726f8ac6a2e,1,1,ListrakBI.com.xml
-ec41d249213aad2809c091e338ddb5eb2d3b97b335598082e618aa5814ce168d,1,0,List.ru.xml
-462bdf73b53950b24e70bf000e5ea02bd8807aab7420b6914d87170c18893be1,0,1,LiteSpeed-Technologies-mismatches.xml
-3558ab8db745d3b527d28ab5fc0dce1559dbe191d449b27d09223519354bc135,1,1,LiteSpeed-Technologies.xml
-51bf5b2255960e679a19cbde576deb19b76428e52af65f87832df323b34789ca,1,1,LitHive.com.xml
-1f30497a466a8216630a5b5a2818521394d6cf178b8db54382480e0645d85c94,1,1,Litter.com.xml
-0cbe29f915f493df49e068f6287eb8759e6433cf42cbb2cefb203c8d3d8af634,0,1,Little_CMS.com.xml
-fe52803da1f703cfe9990e08d740aaba64f6d59c459653376356b5ecce922a7e,0,1,Littlesvr.ca.xml
-50d1020d66cf6e6fde0f34c4ed117ed2ee0f79676b779a5a7affa216de3abe55,1,1,Liv.ac.uk.xml
-fbeaf8dbd06fc62fb6217d020e5d4401df8539e62b29c3d1af073ff07d52ae00,1,0,LiveAgent.xml
-4df0e6a98068a7e8df85af4cb7248c048fbe6b5fd0bcbffadc7d155d8ce52610,1,0,Live_filestore.com.xml
-e3d7781eb8af6d39d6b9ce237e46688f6615aec94f65cb2a54a87e167b0c2236,1,0,LiveJasmin.xml
-657622e6f0195b2dfe3210112b7ab0e1e31a00717ffb3d40d8659fa04b74d5b0,0,1,Livermores-Centennial-Light-Live-Cam.xml
-70ffd66c918dddc6e24325ef9851aab98064bc9054887498b0b1ee96ee1c57c6,1,1,Livestatserver.com.xml
-42955f3e20090e82cebb057f5b3834f31c28d0a05cea87cb1ebd75cac55e7d32,1,0,Livestream.xml
-0d6cb0837aabdd3ca8fbc4de6d3c8b1e60092939708186f1ecc9ca3e38ea0acf,1,0,Live.xml
-6cf957e7613bc938177a082c0f9ce6b5773892518127b119b3444955c853d542,0,1,Liwenhaosuper.com.xml
-e4115499b76cbc58fd655c147fc8ac7d5f4df58d2d83d0b9e754f04bcae2cc31,0,1,LKD.org.tr.xml
-988f051e3c35548f5f6606b7d89433aacc683cbff4e87298fe4148496caa2cd1,1,0,Lloydsbank.com.xml
-e794213f13ad4f699ae02ea5fbe2e58eb1626983ea722ba3391d4ee3ab059a9a,1,1,Loan_Science.xml
-ca014caa8ef288a36307bf7b12e0fadefadcd7ef1e2194b8f67426ab622c96a6,1,1,LocalEdge.xml
-b250fbb7e12444692db8db24a0d8e51c9c16147a0bc0aa62599c05e6730f2c9e,0,1,LockerDome.com.xml
-cf76a87a558fbdddf2957a265d8139135c74bc5f0edff05648870f6d4b97a876,1,1,LogicBox_Software.xml
-9b0a0112349ef2f150eb1de92abe9c839528a05d55b3ca16a4af9fc84dd3f0a3,1,1,Logitech.com.xml
-6deda1ab7e95f5c5cabdc5d3adb376b1e7092973ff36965d47b7f5dfa9fd8d77,1,1,Lohud.com.xml
-7a3d8f03db190439c6f191d3f8878dc98ba3cf0e33297e1ebc537f49a4f55073,0,1,Lokus.no.xml
-305dcaeec81ae8e2872c0b18311bbcd20a1b5641373762c273cb84108dee4c41,1,1,Lokus.se.xml
-f180daf50f99e6d294efe3cfa3782b3038ec3c34a48667dc72884554e2d2011a,1,1,LONAP.xml
-5f1345067ca3653c26e9212d2b42a2afc42ccaeb0afc2d48bce1170d430618aa,1,1,London_City_Airport.xml
-d7be9fab34a3d4a4aa00274545cedba1d569fd9344b46ecc8c5becb72d65d510,1,1,London_Hackspace.xml
-a0d83b08c193b773273d200ff0d57cd582f21c6be981c08af4be54cf897a109f,1,1,Londonist.com.xml
-75ab8da3db1a0f6b262b1b786c199a861aee0bc84b5e0f1042460816881a43b4,0,1,London-Nano.com.xml
-1ff33f43e6de573dc4f1dfa3ceb046e97ae6e8fd6eb063984bc1bb42beb0f234,1,1,London_Review_of_Books.xml
-310690f227575180b1c3d8106079e906ac8c7d09b3301ef20de06c6ef723dde5,1,1,London-School-of-Economics.xml
-3a16eb66437b66ca8fcc39076fa6f076e16ac3cb266af78debf75821a00aae3f,1,1,Long_Now.org.xml
-c29a217770ac145e47759e1ab82324ca64df25044d4101151e76ed94317168c6,1,1,Look.co.uk.xml
-355836c860ec876fbed29a5a9279df80239a4e299228dc0de7809ddfd9b5be43,0,1,Look_Dumbass.xml
-050bdb8522be2fed28033b318f7565def40681e0fa6de20d5175f41beaedf4ad,1,1,Loopia_secure.com.xml
-c8167eed0704567afe03129c8f520733afe29916e6be584119b1311cbfad431e,1,1,Loopia.xml
-371f6fceb21caebfec3db3964b27141b5e00853315f431211d364301a45318df,0,1,Lords-of-the-Blog.xml
-869cc6be96443dc2b9b8321d6714bef81a254bc8a244f9ee09e55ba6141f2e7a,1,1,Los_Angeles_Times.xml
-59551041618f1d126bdd5fc15d2d35d372b41e8876daa1e6f4be5365da3f0475,0,1,Louder_Than_War.com.xml
-b801cd50beb9a47c8ab0f24b1edba458f886679322efb69e9babb30a544623b6,1,1,Louhi.net.xml
-1f01f25bda4f1789a1f4ab02aeba5b9eb966b9a5ca627f5744c06b5de09c4c5f,1,1,Louisiana_State_University.xml
-214c9459b53619d48be2f0f57bd4ef4465e22265b3642436b8aa746d487aec9f,1,1,LoveHoney.xml
-40dd4d714fcf83eb7fd375a823fb0706c3156c270350bfcc624fc3799d64033c,1,1,Lovemoney.xml
-6e1614a42fb6bf41f161fb271e2cf441359eefea66a5de92ae60039337adf443,1,1,LPO.org.uk.xml
-7fd1c24a4f4664d94bd4dcbb1b3adf923768304192d282339008431d1e86d086,1,1,LSE.ac.uk.xml
-da5fdd9d6a699effa230e866fc65358766ebf58c0810894f0308cdc47c1bed47,1,1,LTER.xml
-f658183981b04e371b234df5e21f9f2a92039ed4243d6084956ed82b5718c812,0,1,LTRADIO.com.xml
-b500bb1c4a87c4413bbe8680a36ed3249eb62ed0c8848b02877d287e67ceb517,1,1,LTTng_Project.xml
-8294fabf3dacdbe9dd045d04f49b312ae7299ce985995ea10fbde1d4e970209f,0,1,Lucky2u.net.xml
-4cbc4ab621120f80ed37c2a18c50e6ec3696f80a11f345a8851de3bca3a7ec42,1,0,lukasa.co.uk.xml
-e87fdd018e7d16e13d4ec9f6c5ab6fd7ba7302b44b9ed081aa06a0d67c257ccb,1,1,Lulea_University_of_Technology.xml
-743e2d966f98d25ee6df9e10236138341a27e9e63106a8c629b26ce53d41b3b8,1,1,Lulu.xml
-2d76724c1ff69dc9e9991ed1fdad701efd342e25431e0ab1689ecf981c350c35,1,1,Lumension.com.xml
-f3cbc85de356243ff65885250d8b80c5b5d0b5d3667e602287c009e26d289fe7,1,1,LuminoWorld.com.xml
-708a610e442b2f4088d699b384afbb24dc05dd13d0bcef2afdaaef8d3a93b387,1,1,Lumosity.xml
-d3689ecf97752c8573fd559c68beae3b96bf66cc7a7e045a03f0d1050e6d3b48,1,1,LU.se.xml
-c23ac8c12c30952a7c7245142352b841c4ab69c73825477b198de20e0cbd6a25,0,1,LUV.asn.au.xml
-bc8d53a934a8e46ead8ace467acdf5066d86d92d2f6f96c50f4cf4fae6d08f0e,0,1,LxCenter.xml
-a1db82defa904faec2c657e6ea22941e1b148f1e81cf35a58c40803424b6b01a,0,1,Lyft.xml
-551b122a2c152e388af55527367654016d5ba842ab144283c167b58436adb58e,0,1,Lynxtech.xml
-7a79a8db4e9722be79a45338c6d8683d263af712c3c45c1401930489ea51314c,1,1,Lyrk.de.xml
-69a66bfa688b75501e36d3ae7dff90d3511846689a28d3757aab2b290821439e,1,1,M01.eu.xml
-7d19eb00dbdee30aac81a088c9fac36ac6683bed08617800e01ec52bb96c0cd2,1,1,M2pub.com.xml
-a707f9c2c70c9f5a5bf277f252d22c4253a5dba6988ceace7fd0400fd8f6812e,0,1,m3connect.xml
-0543d58e7108adf6fe77cb43048db92c7284bed3903d22b30f3eac8c0654bcb4,0,1,M86security.xml
-9d231e863545aa6ab658902eec4a64ef6340e10f2fb03959c1108aab863f0d3f,1,1,MaaS360.com.xml
-20823e5e3e39d1711d7d3e497af580311915aeb144811168d32f76cd959a2b10,1,0,Macfarlane_Packaging.com.xml
-342172ba363f805e1ff97d22dbd3b19a94fb46633f0d119ed9c353b5d2c9ebb4,0,1,Mach_Comedy_Fest.co.uk.xml
-c3367a69fe543bb4508508bf1032147b95bfad9809cbacb6f3ad3230024336b5,0,1,Macmillan_Dictionary.com.xml
-3c431c443fc150f08132c0e1c4b571f85b6a1ccc75f4d95b1fb9d56db0102992,1,1,Madison-Logic.xml
-0adbdfc84201e88870ec14e19807ed1b98dd4d6acf6cd57a2b4a2ef5e499be74,1,1,Mad_Mimi.com.xml
-5a5895594dc8b6a1eb3ffb163f2949bbf5dd4e4a4608ed0b3fe343888ace6b58,0,1,Madstein.at.xml
-e03e360aef39d86fde3123cde69e5bd5648d1db6f2f040f49a530539f34aa36a,1,1,Magento_Go_images.xml
-60989fd88c2086073515182374adc54df5468d6e52b9a4074d0a5458e64b8c1a,0,1,Magictouch.com.xml
-c3e5082c4e57ed4c21107f5c05ef72a1fb33337c52b189b8360e41d57a8d268c,1,0,MAGIX-Online.com.xml
-377b1c7c98eb1ce1620a59edc315979347cc122ae5db49eaad58682c75f05edd,1,0,MAGIX.xml
-cb8b26661745c578a303c3a1ca8b6914a557bf051b16097d49e2f716c00616a5,1,1,Magnatune.xml
-f6f2de6998253677b226bc645050c46027dab02da53e3d24628a1d5847ec904f,1,1,Magserv.com.xml
-cda6279b1a0e24c543371d806f5ab537d8aef68a7bc8b6222ebffe86a4789b7e,1,1,Mahomet_Citizen.xml
-d46b3cb7383190722524604ced70583d6f4b42eaa79759186178b801e97cd05c,0,1,MAH.se.xml
-04a4a2f8ef61c049e466473d0c78414c97511eb5c244089ef20e750447016611,1,0,MailChimp.xml
-a7211ec19cd45b14cc36786884e3f5be9868dd63c1f1d9f2939c44d9a989e4a0,1,1,Mail.ru.xml
-dda469d5096a493c56a1e85663ffaa5b77b6a75df79abd44acc5edbe9d1f7b09,1,1,Mailstation.de.xml
-0574f873d084aeaadad6583735edea0b218b81a37d5205d2139a44ceacb21554,1,1,Majestic-12.xml
-2e200f25fb2be8994964167b2584db302e43a9261093f035bcab3fbe1921da4f,1,1,MakeMyTrip.xml
-eeb77187de3efc6c07b20bfb15ea4ffb65e95a906590f64bb4e2d85d3841a52d,1,1,Makerble.xml
-622c233a65089f420260b03de125a2446577be65dee4a203ff665364d3641aaf,1,1,Makerbot.xml
-e7649318375434c924601e2a5a85c3a14283669c07d5b9ed3fa83672ea3140ea,1,1,MakeUseOf.xml
-b7aef7f65c4126ab478fcc112a410721f9b52c70411e7e3ae239e275a22bc45c,0,1,Malcontents_Gambit.com.xml
-6a208a46a48e2e35f981bb13dc52c80ef32b213e4b961d795ece62dac8c5e8ce,1,1,Malware_Tracker.com.xml
-f39f688438cd966643bab96109eb5b3e9d09649cd2913114ddef762b8caa9acf,0,1,Manasource.org.xml
-98f88c611a69e2f367885323fca14d81e93a2cc45e1561d76b7af758e20bd7a0,1,1,MandS.xml
-462e6ebb21ef66442067fd68f872d0452ad48d7d36d0ae995b4405a64b36ccb0,1,1,M-and-T_Bank.xml
-48c6594a17bd3f925b65a1907339d25c506241b80e9c39572cb150b7d1e472f3,1,1,Mango.xml
-05cd7c117b65d0376e7f6274f686d544317159d63337b9b1e88185d142a14c72,1,1,Man_Group.xml
-c3f94737ab062a69d0440878fddb581b018f5c706219fe996cca6d375791bf87,1,1,Manhattanville_College.xml
-9e5f0fe1c8a73005f1bd9cfe7afa55e8e26908217555a15258c7ee8b389029ef,0,1,ManISec.xml
-49770bea4facaffc3223f5b925e5951cd5934cb932956923de356d544702d50a,1,1,Manitu.de.xml
-e7c7fe5c3205f716a0b60b6ad0c88ae9ba5c0a08e3d70fad2c0afca28bf69386,1,1,Manticore.xml
-c8f65ca4abddc8b724b21e1aebb0d86f05aafd81c069e4cd368b3742d6b2a59b,1,1,ManuFrog-Webbhotell.xml
-68b4aec318e2003b40efb7bb11ac3dc92a9863d0c3b69a951d7f539a04ade8b2,0,1,MapQuest.xml
-bb36e083bd6761afcf4680ae0c9732d527f76a56e4845282ab8ae582a4024632,1,1,Mapraider.com.xml
-5cc8e9306a41a8e604a989ddfe777d9a560def287d8d4bd52b66df140610b5e5,1,1,MAPS.xml
-00b7672052625447a20fe86cc3662d4fb83703b86f39a8739c74e01061b9da44,1,1,Marathon_Bet.com.xml
-9f234dcd1e04c8b71b11dbfde4ff22c7ddf2e6eaabc3246bea8fc88403c4f1ad,0,1,Marcan.st.xml
-064f0cdc7c6fc4fbf48825501a4380592a4b33d4378c27a342c513e614cb4a1d,1,1,March_for_Babies.org.xml
-c8b5c7b186921b43f6f217b4537a5e34274c01f4cba224f5f8445caa0ff49848,1,1,Marhab.xml
-35238a009a14694b40953379153a7035d2be06b2b8872143b984448d1ca0fe8f,1,1,Maricopa-Community-Colleges.xml
-65c226fdfa499b85417d89b4bf57ccec0be7d3a7390086e189e393d67b672ab7,1,1,Marie_Claire.co.uk.xml
-1e46e7c62c3c77d880aee1ddca06b25ec74c1c254f6e60c859a775829b679c50,1,1,Marie-Stopes-Intl-Australia.xml
-2658bf7f38a46434eeef112a4b9328865c836fedc7fc259a64b32be55fffc76f,1,1,Marine_Depot.com.xml
-f4c7dfe45cb0e35365300ce654feec069c5f0d57bc74d8f9b3d1941deb81bb17,0,1,Marin_Software-problematic.xml
-436092e1ffa47dad3268c7eb947182f310a5a508ca1cee26ae21bbba3d5b9b53,1,0,Marion_Star.xml
-97435eabdafcf77b3bcd2029cd54c28639f180acf84a9467028ad76cabd18a85,0,1,Marketing_Research.org.xml
-64b6ab2fb92685c4fbdea5730dbef5157ace91ff93b8245409e165d4782e7774,1,1,Marketplace_Used.xml
-c966c24740e3028c38630b589d743614fa07ea77e00b5a7d89f32e986300f570,1,1,Markit_On_Demand.xml
-c5dbfd25c948f08f782ca4e9f6122fa389c6648c836933e17b32275d95a7b10e,1,1,Markit.xml
-dc2d529ddeeda9cf9a007f2ffaac310105626c1af7c1e72455cbf4f75436054b,0,1,MarkMail.xml
-2ae425c78980cfd9132d6589c13a154bea8cf0b44036d78a1e61c301a2049ea3,1,1,Mark-Monitor.xml
-bf7cbed17ad5c7fbf32749386ebf39fd4a33dd4a049ebd991f17beea5da040bf,1,1,MarkRuler.xml
-122a211832b9a5584f9367eb69489c8ee7323ba094af5a6a9b180971aabe7869,0,1,Mars_One.xml
-6a87d0a4f45f3df6dbeadd66865e6a5493419079f1f9c73c69f607eb9e1a123d,0,1,Marsupi.org.xml
-3808030ee7f2c64ec5a0e3ab47b44c3895bdc3555f223357127614a0e1373877,0,1,Martha-Stewart-mismatches.xml
-1cc2f26786d6abe9ba489bce8fabd3892852373125e04f5866e20bcd67b9ccdc,1,1,Martha-Stewart.xml
-f9e847272113d7bfa60d8586f775224646a00ba06774a30839c593aa560696c1,1,1,Marvel_Heroes.com.xml
-2fc584cde07ef3c0d98aa14462e45efbd6029fdadb6148864ba6ce0504f9bbc4,1,1,Marvell.xml
-a88f1f117d08242472b485c257849d5aad3c979025f7e4076a675b91840aaf6c,0,1,MASSPIRG_Education_Fund.xml
-fad1e9456277753a46db2b67fc5d40b19184cffbfcbd358329cccb0a4c405f8c,0,1,MASSPIRG_Students.xml
-ea61200c48a6a1c14bc3982023c6cb008c8d6da025ff04da161cd4100d4396a6,0,1,MASSPIRG.xml
-1723ef3cabdc0053e8c43935870345801f1e7a394402aee29efb2939596afae3,1,1,Mass_Relevance.xml
-9774fbbc10a1e454d34b8dd2ad71ce16e15b489aae9472cf7c3330bdeb2ad483,1,1,Matalan.co.uk.xml
-4d52d23f40bd3606c43a447009e70e8cc92fb90e447f90988b9e742cbc4eaf62,0,1,Mathias-Kettner.de.xml
-6d04bb07541498ec67175fe7e43d0d4cb844e28517e4676127e992f3be342756,1,1,Matomy_Market.xml
-9b9632b20358c6d8f81e3f52001b26d75789c8cf5d6e14f513e48b6f3131b0dc,0,1,Matomy-Media.xml
-45179df1cde238ae36a71879f7303efb5d0cedf80977d8d192fd27d06a803982,1,1,Matrix_Group.xml
-4e1a21e32516e0deccef6719c5b8c727b6ff242b3635c6cad7edb4d94100e376,1,1,Matrox.xml
-3956202a31b39b54bb350eb7c1c8fb2fe4421fa8e9fba93086c592e3727fba26,1,1,Matthews_Marking.com.xml
-deb159cf55ae50055c8d8f69ba99cff5cbf35e49066ca55d32f4c122697b87e5,1,1,MauivaAirCruise.com.xml
-f76d439b99fdba6dbce1cf23c8a505d5a615dd39f3ebae455c04ebb15a201acf,0,1,Max-Planck-Institute-for-Software-Systems.xml
-b65dd89cf3648324c4f06b6b8342d6aa4546ccaade7ebecf435e62af3ca25f3b,1,1,MAXROAM.xml
-5cbdc6e67bad56cd587dfb13e05490386384d6ca8dd977c2091e5926de935608,1,0,Mbl.is.xml
-578a245189bd6c31652cc2097e80cec15625f3fbb84eec75ef275f2c84f667be,1,1,MBSportsWeb.xml
-9ebc3ea0b4f8a11d654190593216f2dbc2c849d75bd5d8769ce94ccb904b8032,1,0,McAfee-MX-Logic.xml
-21a0b0ab411510fb0d7f258ff953a606ab9b6cc190ec220254d0093d01a774e2,0,1,McGrhill-Warez.xml
-0a2c162bca04cffbbb71b72948bdf6ea13d25f94c711e7cd851e3e743632476d,1,0,Mci4me.at.xml
-54c5176a7393706ba64638cd6640cd03d970cdfe886fb1c292ab5567f5e01372,1,0,Mci.edu.xml
-8b75b95117b75f47d69e396a5e201cb0b857a57778404db2b56305b43ce6b565,1,1,MCM_Electronics.com.xml
-9f22004e6f050351ce543abd73bf9db38c4bcb4f3f691bc452d9f56362db44f4,0,1,McWhirter.com.au.xml
-169f5d7a71d2a565c3db9bf616e59ab2c87ba135adcfe1617afdd6ba70db5c26,1,1,Mdgms.com.xml
-e18e7618918c0fbc433386a096fad69825d0d259adb9acccba7661d5214b5221,0,1,MDGx.com.xml
-4ad79cf1cfd79bc4125c5cb83523560dc2c807adc28c3c6eeeae02a263f336a8,0,1,MDH.se.xml
-598f57a1cb07bb40a706984bcd19a35251f2df3b353a3c959d16c5eccd2f043d,1,1,MDNX.xml
-9fcf975a9d4381ccaa7ec46373ee44478d1bf60af363e5323ec3093f41bf0130,1,1,MeatandLivestockAustralia.xml
-5c3f9e9594fd2136e76be06b682e4dcf281c5b4153eaab76026fd527212be1b5,0,1,Mechon-Mamre.org.xml
-b2066dd1bd47ff8a7a6259d3a4059070156b77a661991127cf21001b109551c5,1,1,Media6degrees.xml
-a3b6aeef083db1241e1b5239cc11c3c70a3990a2d409b93c85726bde3a266f42,1,1,Media_Factory.xml
-2206b712d3da7e0b72ae87eaa7ca8e2c011c0285df551334334b6e6748c9f533,1,1,MediaHub.xml
-b35ab67041d795e2260b394b27c747f3226fe8c571e5a75f32526834f5f63620,1,1,Medialinx-Academy.de.xml
-16df074dd91eba1e388ee4cd5452f790bc68dcefa11e471e90f3be62c5a91fab,1,1,MediaMatters.org.xml
-fa0cde033e24e44be649f80463f985138e11a00759e33d35de6bc5087b340a77,1,1,MediaMind.xml
-f38f5fe8efdfba7942c6fa3b8ed22d343afc0724d6e38be81636ed96a8a3a0ea,1,1,Media.net.xml
-7e8cd0fef72f1bb5972a779936adc763921cf5217a3dfc91d1f1062c34c80170,1,1,MediaPost.xml
-cea6114526cc90715d8174513f29d6b7ea23c8a4787b35af2e4b59e41684b60c,0,1,Media-Proweb.de.xml
-60c9e32c0146ed82c87bbf283217fe42f404096edba91ef1956a91111b23296b,1,1,Media-Storehouse.xml
-5736e8f375e41f54c191847f1710da2a6de24cedbc2e4da90f40f9df6767ab2f,0,1,MediaTakeOut.com.xml
-c5d0870a4d83044988f3c3af47c75b8426331527ebf751558c6bc1b2ce727c99,1,1,MedibankHealthSolutions.xml
-4e15cd343d166cdc0e7dad5577646f29611e10d19bfa10f04ed589f908384b99,1,0,Medical_Treatments_Management.xml
-9efc0a08fbf61eb312d49a952a8dcbe26c844315ed708749c8ff7cfc4eafdf4f,1,1,Medscape.xml
-be7930d5a9381f9779306bd4abfa902055e5493794a7a2c3009edab45f568804,0,1,Meetic-problematic.xml
-85ccf33e1f9c7ccba62d5c31f22ac1a4e2f5e6065626088021fb606095cde46a,0,1,MeetMe_Corp.xml
-b2320f22433256d2906f8c2e90cdbb2b21162bdfb5b54867968b657e8ee86baa,1,0,Meetrics.xml
-d3b4dcb6411b0768f63f82ae89e15b07f5884e72f0b49398318e885b1bda1c38,0,1,Mega.com-problematic.xml
-e7034b4d62408593651f88f6fea5b58f9d7ac86cf01b03f8e56adf9ca757a9dc,1,1,MegaFon.xml
-0660211f8fcb506370363c91068a9a402402d4b809bd2c2bc61bf456b31c9469,1,0,Mega.xml
-4821002c2dbbe557f459c6cc0cee428616bd727f65f5a071002405e2cb370d7e,0,1,MeinVZ.xml
-74b5070caf233a0bf2f96418a8500663c7c40bd21da665d673642fb212de08f0,1,1,MeiTuan.com.xml
-b5541e596d343de6ac7f39223a9fc7c06ce47c438d9defe9116ba674062af063,1,1,Mellanox.xml
-eaef01e50024132334d995f459f0f3fcc9e56637833c501e91dcbd8dfec3073b,1,1,MemberClicks.net.xml
-e47e56fc2167bb71faaff4eaf4662649906521bd26184dcb825797080cda7f60,1,1,Meme_Center.xml
-a7b15f22f33f9e813d7f180f35ff06455b5e6e0edeeef8c25afe80d49275ddf6,1,0,Memset.xml
-83b98fb018f5e976e289dfcefce50a3c9760aa54f0559c78e653a3091594d38d,1,1,Mentalhealth.asn.au.xml
-d9d780181e6b685923ce463960f139165dd4b6a6abb333a07572740b8eb10ef7,1,1,MentalHealthServicesinAustralia.xml
-b6ac17c4eb8e7ef94bfc420b28afa15310ad85f56084302c595ebdd204b039be,1,1,Mentor-Graphics.xml
-1c68d8e52e630e6191f64a996760ac08bb1b930793b0bcde74dea65442456168,1,1,Mephi.ru.xml
-e036d076a66acf5d8e573b652b5e6ff6639d9ae0972240aae7676cf90e06181b,1,1,Merchant_City_Music.xml
-877fcbeb87d8752e0984aa73905b050c69cbf5faa500f100474a7036869f5df3,1,1,Merchantquest.net.xml
-d7fe742bef816c1f59e0dc28fb8ec39b08763d1dbe56f438fb36337f475c8523,1,1,Meritrust_CU.org.xml
-30a1773b432db408705a3a3b1a5aec86d29006d7dfe739785beecee7b32a5c55,1,0,Merlinbreaks.co.uk.xml
-0b56c064295b03dec2f3dc1af92546c87ea03a06b6c5e753299e85472284ca71,0,1,Merlinux.xml
-0b8ca11675436a12840843509bb920731eebb1cf9966122143c0423e93c5e209,1,1,Mesh-Internet.xml
-7c1cdd78f922226f062a491726c2899cff4d9cb136293cae3f70adfaea4e1ee0,1,1,Messagingengine.com.xml
-46f31409aa718eb62a9d2d208bbd65bb5e6419929c17b15f2fdc33c4afb82c4a,1,1,MetaPress.com.xml
-fc7e04f2a722f87b5dba20f6a548c1d26df7facfa98be2e09962d0b86506f34b,0,1,Metrotransit.org.xml
-b8a15f5d604708c21a54d044df0a1a5ee65bda391dd5e5735eb7d92a01ab1830,0,1,Metro.xml
-aa95afb8c908b99e7c357547b29a1f19f3a93bd37683c2f68049f39ba6d9df48,1,1,MGID.com.xml
-02d77df85e09523445e0e86b04f0bb16c67bf3362b2e30bc29cba2af23ce2a0c,1,1,Miamire.com.xml
-6553c866a3a71f279bb47db3e534b087b632e066c667803ff7109186d146ec25,1,1,MIC-Gadget.xml
-5da974eba7d7838e07957ab4c9f72058e303025137f837907f1491e0f47d5ba0,1,1,Michelle-Bridges-12-Week-Body-Transformation.xml
-205f20658715836d564c522da3c9c42cb547bce9bda250653c498c414a02ea0b,0,1,Michigan_Campus_Compact.xml
-53433d7e1702b0941bd5125a116ec281041d9ee92618f306c103d832de51dea4,1,1,Michigan_Nonprofit_Association.xml
-2c0230f2cff2ab22e873fccddd77ef7eb067a5af8b1ea6ead19eb11a7fe17e11,0,1,Microchip.com.xml
-575e8ecdacdfef4516413c432243e7a300b6cd70ed2a28fb17cdc28178946f92,1,1,Microchip_Direct.com.xml
-b195c75b64f391be38bc74da007cb9a59fd8a1049291c5f949b5847b16097641,1,1,Micron.xml
-206bb3a607259fe71f807da8d8d846aef174f1b18c220ac4871c6cf75022c4d2,1,1,Microsec.xml
-61a08db1e2d9a9f6fee6d55625614ee1fcc76f3add39fb2a350a70d2971fac6e,1,0,Microsoft_Store.xml
-25b79bea559bf54ad4546a28b11974228fed40fe7affb6127e28bb9e20cc57f8,1,0,Microsoft.xml
-7b100b62a23d14a4e21a5f4775ce4f523326901c2464aeb6299fde517c42e32e,0,1,MicroSTER.pl.xml
-932d417bf9aed6efd5b4080c9c8f7e62b7199abd4c943b07084833fc763af1aa,1,1,Microtech.xml
-fb9361e5f9e26090b2ca7030c712c7ea214e7a531c650819ad8d7769a2538e0e,1,1,Microtronix.xml
-cdf7d74ca7ea2e828d716f9762ed2310bcddb76841f0d99e451bbaf039987e4f,1,1,Mietek.io.xml
-581745a360a493ced8c8bfa3a0c7a254f8849914d044284b63dd6400ed6f1e53,1,1,Miles-and-more.xml
-201682a0f3417cb1a03e22e0fff8bd95f5eee3fbd4f91d305149f69ec3103858,1,1,MilitarySuper.xml
-ea215ed16accf736366b380b06667a98ae300a6624277cc4c0b00ef82b87d316,0,1,MilkAndMore.xml
-e4b8ae811aedc4e4e389b6b173e370b7981160efa506affe23d0d3c424007843,1,1,Millennium_Seating.xml
-6028c542090a205e31ad2cc71d109b7fa9f689e1d15064565afffa289860de6d,0,1,Millward-Brown.xml
-835ad6f02f0eea1e5a30f1bee9bd82f033b98f98c3e00dccae023635bc45ec84,1,1,Milonic.xml
-647b632484bffafe1511b446ba5ba4cea8cea793bca7ba324612bcad00520e73,0,1,Minalyzer.com.xml
-7fa83c532ebdbd2a1ce3359dd51bde4e957d0d673fb2f96b9a25f750da9c5b8d,1,1,Mindhealthconnect.xml
-6cab69315be3b7f7e6693df20e4640474b93ac96f52a9c84553f237661f97434,0,1,Minix3.org.xml
-f3a697540aaef0be6325b039f1a9ba7dc726832ee3eb7f859294443cebc119f0,1,1,Minnesota-Public-Radio.xml
-8cbc58bf98c78566cb40523279933230c7fce27400613090fa2a02476ef60301,1,1,Minted.xml
-2d95c01c2dba90c6e4e2c7294d36d63fb8c410645c9baf905737268445494ef6,0,1,Mint.xml
-46490c5c8559b7f9935f08f0a20b7efd343bd76579416bc98e7af749e673743f,1,1,Miranda-IM.xml
-6c223b9ce65007f261214b35fcf2159a01f0f18dce768bf330106f9a954a07db,1,1,Mirantis.com.xml
-09cb67edc92fabdfd6ce3ad9ed0a50a6fe0176b9a963ac378e71b5e28c8eba71,1,1,MIRC.xml
-1c912cdd8a192d284723cd6aa022312be9af7d9d0f153ebd9332012212f7edd0,0,1,Miretail.com.xml
-9d8fab8adee46ed120024adf277f77a07f8b7e20949e017f80f9697faee06667,1,1,Mirror_Image_Internet.xml
-2fab3b5ae13f2fa84cac1b55ad4db417d235bb8c5b29182ba71fed019e20fe3e,0,1,Mirror_Reader_Offers.co.uk.xml
-2ff3585db12a09dcc7ce2218ddb43eba82e33b365d5f9071f14ca094566b0f6a,1,1,Misco.co.uk.xml
-e554b7787400fbb24420ffbaf18e8720e2711d0d7d5b01d57a6bc870d734678e,1,1,Mises.org.xml
-29fcdaf098e9079dbf7d1962edc0c29be9fcb714083e40a5019e7e6aaaec6320,1,1,MIT_Press_Journals.org.xml
-ef78bc469ee9ca1c5c6b5b7c55101de1b9f2e9bc5cb7635f55f72600da08a9c4,0,1,Mitsubishi.com.xml
-c4c92a7376681ef0c76224dce112d5b4aa7f3e765e1d94c5065839d75e7066a6,0,1,MIUN.se.xml
-76d41aa2beb0e3913754d27e3ef4e21e3c585b31fe36dffeba8dd340621e276c,1,1,Mixi.xml
-5a4eb33fa51c3ba4f64d634403848627ba898f024f0cbf4c19b166d0e5d1a235,1,1,Mktoresp.com.xml
-03b6f29831d19024dee4e4cb3ac615574e779fae1b58a1c6d24acb91fbe4a850,1,1,MLive.com.xml
-ddc3203f686051186b20b88e459820135eaaf3aa50e5c4816c456d6445eb152a,1,1,MLP_Forums.xml
-62e11962e97bd26df73d38491e0bd3cba32f9a80f6d367b2e9566eb0df735548,1,1,MMAHQ.xml
-a98f3b935a1d51aa8298b5a80e4caacf1b00888e0a75089f6f3db0bdd4e738ef,1,1,MMOGA.xml
-3f5c7ddd043ad508aac3e6159c76e8bd41fcd37abdaa141cda95d8a685e20cbb,1,1,MND_CDN.com.xml
-18343449d95db648bfa46a15c08f85c4932f5492977307f2437d1a58faf006dc,1,1,Moana_Surfrider.xml
-574400b2fd7e2050dd2171c8ace92ba75b77ae7d9b28c311d6799026ec6b2126,1,0,Moat_ads.com.xml
-f7aa20d5eb594ad6714f0aecedf5b55b6d9b6cf8be092160dc89d631b1ca89ac,0,1,Mobile_Asia_Expo.xml
-13a518ff8ae813aa66e2eb9ec67f34ecc7aead4a78e95046d18eddf8d039795f,0,1,Mobile_Enterprise_360.com.xml
-c50a74b47e0a1ffe551d97307b99d692a4d15c4f6d6eb27fc150f54b660ad90d,1,1,Mobile_Nations.xml
-ee597a30968e3fcc5470ceeef5b7ab18cdac35b691c708119fc085e555c39d7c,1,1,MOBIUS_Catalog.xml
-6740d71dc20cb018a8808cf1fdff3032705b1fd79b467a42f4489233e0fed651,1,1,MobStac.xml
-089e42772722545c5013f3a48f05429db2991825eadaf29c1b80ccd769f4621a,1,1,Mochimedia.xml
-2aeed5b7608ed2cd5fbf95b9d233412e2b384dcb179cd0cd0b4be180f3a7b1c4,1,1,ModCloth.com.xml
-92ade4bf454341ea607fc18eda3f160e13336fa1303c20d35e270b4624e40036,1,1,Mod_DB.com.xml
-c3214ec163aa9df0dd6712d7d99aaa8b60ace6ccf4ee9cf6a18dc8d5f030a6a7,0,1,Model_Mayhem-problematic.xml
-85220eca1233070b88064de78be2824584bd455896a606944ce325d89bff9bfc,1,1,Model_Mayhem.xml
-0793455bd3ba8b593cba9ee56c0a879f77b05bb7b8215f1bf959ae28379f7d3a,1,0,Modern_Giver.xml
-3d42a6bf70f67cb35c65572c88cda75ce36688b8e54d46910eb6b64a18d93c3b,0,1,Modernus.xml
-976d52fd450f842cd7b01a773c0dc0cbfdfccc344170c16f62e8b06fd60b6dc9,1,1,MODX.xml
-b1e394fc6288df5f9d71a5795a3cfa2d868caf9a2d390259efb4f9a10aaa9e55,1,1,Moevideo.xml
-5719e7ed8ea7aaa4f6c252a07860fb7fa0750f3fa47c52596721331852b215b6,1,1,Mofobian.com.xml
-4decd848d6ead12ebc698302e49ca1bb187ff1a6f1894ac4c46e6c9903432125,1,1,Mommys_Little_Sunshine.com.xml
-0461d301d68302af16379e815c6fb5de2b4caacf79ffaa20aba851753b388ff2,1,1,Monetate.xml
-ffbf6ec6cfeef71b445211a87e4abe5ef1794e3d4fadb7d684ac90ac68533790,1,1,Money_Advice_Service_UK.xml
-617ca8a16ef9c021485cfd02e955e5bc0c3e0f71ae01a9028c3045bc17becaa5,1,1,Moneybookers.xml
-273e682828872867f92a2d55ad5b000fa076476731cc087f220bf003816625b9,1,1,Money_Saving_Expert.com.xml
-36b5b18cec1c6053b839b2494fe6a9cc04677550a912ae7c47a8798e061720df,1,1,Mongabay.com.xml
-5815a878524ef05df0e2e12eac100fdbb8ed34fde5bb861c2cd87813d647d42c,1,1,Monoprice.xml
-aae2b974d06ff8cada6f693625e967c89ed2c4dbfcac0885da285be6b1f2a4b5,1,1,Monsoon.xml
-16b17f054165cde5317da14eabc04cf40ed40f40f187a46a39a7107e46877ffb,1,1,MOOC-List.com-falsemixed.xml
-d5fd944719061d5c68cad846b8b479a3010bdd26ea072f677c0e77b09ce61746,1,1,MOOC-List.com.xml
-d81ecd8589db295fffab19937fe47ed705feaee2204af4290985b544c6f36cf4,1,1,Moonfruit.com.xml
-238ba4857662f3a517f6702615d82e0a1789818c3f8e46200e18fbcb940206a9,1,1,Moon-ray.com.xml
-ba26e7795767013528cc1125b6156b270e1ef4e425ccd4b7b20f10da339c45f2,1,1,Mooshi.com.au.xml
-012a310f74cef0d3cf2d8670ba22d9fa800b99881a8e3f9509003bce5f7e7bbc,1,1,Moot.it.xml
-99fe0b38d28ebb79cfe8d3888f28334dcdca278aa8a45fcb3a9a397c95708509,1,1,Moovweb.xml
-b5945e6598755cc7fdfb240bd5db03c4db2255b7ce9f7c214febf94f4f5c13bf,1,1,Moreover-Technologies.xml
-4098104d988c1e099f8131293582ffa74b214c84a0a6993f0dcb47dfdc166957,1,1,Morningstar.co.uk.xml
-06558325d916258454668fd676d1b26c4d0fd1de1413eb5256ef48a1956982bf,0,1,Morrisons-Corporate.com.xml
-7f9c532f1e7717d4f19719fef2a3c541c6ce15cecc5ece2b5ff81ec48d07d55e,1,1,Morrisons.xml
-e53b3dc48c8ebd8f953aa97db6e25331e51bb2781deac42f66180111e86274c9,1,1,Mosaic_Science.com.xml
-ee288ed07a36d6c17d809e2591baafe858ef2b23ab7e56858879a37ad619d2e6,1,1,MotherJones.com.xml
-9ff01f7451d40691041ce184f700a74a77d67f31caafb8c3ca51d2afb9c7dc34,0,1,Motherless-media.xml
-6b4d8b8bbca99cd49c35ed81feea4d6f9d114213c670b2fbe7a947c8a7402dcd,1,1,Motherless.xml
-28a1b8fece126fb6620710ba56206bdeaffaa183d651c6c1c73a01a905de9059,0,1,Motigo.xml
-a1fa4d3ec8a62b93ed15cb141d7695f212f3dea2ddf0d4bce8654007987fd390,0,1,Mountain_Reservations.xml
-bd3a39ce9e5a7fb31ee47d855f36ae946d9d5b113b5ea350c06fde10c670d27b,1,1,Mount_Sinai.org.xml
-df311b887c2c65e850add51b2982b95756f8fc94a387f649cc42fdcbba52c557,1,0,MoveOn.org-falsemixed.xml
-3dd9d23169efedd2951c904390b77b6a927282737d4a7a7918f7bd44cf3a8e2f,1,1,MovieTH.com.xml
-bf92f91a29f1233ad7de9d82343a31399b0e448c76c6c9bfb7d4ac5a2645a4c0,1,1,Mozdev_Group.com.xml
-20079f5b48d92ad4a1814d88cf89b1455e4f1f9c1aee39a76aa2655d23dd1dc5,1,1,Mozilla-Russia.org.xml
-486132cff3ff4030623747d692d77310df3fcf8ac494edd8d735d87a60af69c7,1,1,M-pathy.xml
-a142071929daf836814bbd8993688ea5e23a307b416df19553b09cf2c0a605b2,1,1,MPI_web.org.xml
-444b4dffc566a507319f9943d574f27c301f9d5a6af47ee6b85c9907886188d7,0,1,MPNewMedia.xml
-d312ff3b4882a3d3cd9d90cb2048e06cf8212a73f8512337ecd11d21ca3fbd7e,1,1,M-privacy.xml
-743d8a5b68767e40138a06b7b5c3a1818337da7cea2ac37a282648b50974d04d,0,1,Mpx.xml
-ec70fa255895ba360493d2626c45911c22b80a49c5df9cb2f8f137846ceb0423,1,1,Msecnd.net.xml
-61a664cfbfde67d011b2d89090d5f653cfc303633f10a938cd2640cf4dcc5c7a,1,0,MSN.xml
-87ff406c6b33ebe5d35f3a06f6021c850baa6d4213079c76289b17c467c1ad13,1,0,MTAC.xml
-15819092534ea0d06610f93be60d08860f430b49dba04ba701dd2ae56358a227,0,1,MTNA.xml
-7976850527330f739448b947975b090d96b2bd01231b0376850a91033b941263,0,1,Muenchen.de.xml
-1412a1bdf9c4cad6758e44c6d3bc30db0cb31d47c471aaafc86e53fbc539201a,0,1,MujBiz.cz.xml
-24a9a73f549eac48c4bd59bf8b2073bbba79cca79d84e3f8740e92c12e109413,0,1,Mullet.se.xml
-8f659a5f020643a95f497c317d70dffe3c1085456659c8852641169423677997,1,1,MultiSoft.xml
-cae69694a0462be465484bb959ca0f4154bbc5abb9d0666da3cc9da777142bfb,1,0,Mumzworld.com.xml
-8f1f380d1c8e4873b031a62de7a1fa17e2e1e79940cff1863075fa097b1bd2f3,1,1,Muni.cz.xml
-1a7511feb844171b7d853bc0273709cdf66649de2c2534ab1da21d6f5edf4cae,0,1,Museter.com-problematic.xml
-edd7abe5934e45e58d30278955e07deb2f6876e86b6554a2aec782f86e6bf134,1,1,Musicnotes.xml
-f42b8995cf8e8f8bed79d16d7155dea2522c8ba86dbdf63d5d82f88dd55fd614,0,1,Musikerforbundet.se.xml
-58a0fe0af15bd31fe5ec464807b08e208942049af861bb5440dfbba113271ccd,0,1,Mutantbrains.com.xml
-79c31135f565720f20ee06fd013d3d7cf6d5c1bae58fcec294f31978abe1f21d,1,1,MVG-mobil.de.xml
-a8acbcf986630e56ad99d3109909ed9dee8e0f5f59a3ec701b7f2636e414cb76,1,1,Mwave.xml
-7378e66420ddee33fe3189f9e9a7d611bc9e15edca5d8ca05c615a4cec99c992,1,1,MXGuarddog.xml
-c82d167ba8e98b856ae24b467a8695b544fe2d2110ed269675c6b9b5e8a18de5,1,0,myaffiliateprogram.com.xml
-ea72f3def37242b5bc428988bec9b0cdfec40c244aebaad1a852d2bee897a864,1,1,My_Aloe_Cleanse.com.xml
-f12f85ad980c55abd2b90de5179b44d8b8b2c8fbb5e5d6059197772225ccd701,1,1,MyBuys.xml
-9e11b6c72dbccadae998b9fdf1060261e924cb5c79d3feb8beb3ebe60c399ae8,0,1,MyCalendar.xml
-f6888bc491b4d47632b596404111b60304432c3fdebdd396bdbc31ba6b6a8b39,1,1,MyChart.xml
-6537c184cc2e52884ba673b1185e8f64a2f41edd030ebc01a7a13c1f34014729,1,1,MyComputer.com.xml
-0094ef73a6696418c9a0ea52eb29426222d2a64d8cd64ba9224dbdc676f9f832,1,1,Mydrive.xml
-d11a91908efe163ed8f7dc3d6a99ec8fbfe0e9ca75eadf18ad1602291a1984b6,0,1,MyFreeCopyright.com-problematic.xml
-cc88b41661c869975a35a7af8b045c82199f2ccc487165fff368523fbcf09dd0,0,1,MyFreeCopyright.com.xml
-9feda71a258878a709043575247de979591811963f7390f7654774021e2d1479,0,1,Myftp.utechsoft.com.xml
-4b89388d8b0e5f2c3f1114e50a5448bf371c53ea1a0b3bffcc968537df955ee0,0,1,Myhappyoffice.com.xml
-80b320c6f12e507e8698c067c13bf68374db62c7e5547f066af0e321fb466088,1,1,My_Healthcare_Contacts.xml
-49975169395b70634d47f96fd0d6677edbf07c3bc360a2916e23f6e1d789f02d,1,1,My_InMon.com.xml
-3102bccb45e89458c7d87c9004dd4a8f72ae88d3b01cd06a4ea6180a55036e9d,1,0,Myjobscotland.gov.uk.xml
-b3dc3da4b0b353f094678552e0f8cbcc05c69441269c041cbed4789ff47d67e3,1,1,MyLeague.xml
-a4a4dce3306b45f0e6763f4f8ab14a3af545aea5c1b68ece9e51af9170b4350f,1,1,Myregisteredsite.com.xml
-63b6503ce3552c3905c6d65270d50d66a99a226b53dcec2a0ab8197f1ef38a4a,1,0,MyStockOptions.com.xml
-24d8bde990098ee1fed9b972e657433a4c1bf758a46d4063a668d58a2195abe2,1,1,My_Sullivan_News.com.xml
-f51808872e4046d42a80693cc74331e1533a48c8b74ce198626b0140b7ede4c5,1,1,mytalkdesk.com.xml
-d616a9d05e8a5cc6f7994b9a4ce02521e006de2138695c1fb9881ab0504b0b9c,1,1,MyTextGraphics.com.xml
-d9d037ffaa0d96eadc704dcfe9933c34961a4f1df39c800f496cba49c7174775,0,1,Mythical_Creatures_List.xml
-b913e55dc6bfbc9c01edc498bcc25103959427038f9fc37e934e0277146ae617,0,1,NAB.org.xml
-e48ccb0c3c859a8f8e5da027cbe4fb8ff796b9df830eefd2bc522c187857ea6a,1,0,NADAguides.xml
-7e5dcacd8b9a9510641a366d85b5a9b5e751db6e8f2997cfad3d6392a1ed5778,1,1,Nagra.com.xml
-b2e1614a26dac3ab47eac3a6dbd3805451790c9cc1ed2047d68bbbfb61de9663,1,1,NameMedia.xml
-e567c9f23505545a46c3f2094019189ec0bb0753d4042e09b9c3e4e4305ab2fe,1,1,Nandos.com.xml
-d92c53fd75de88d409d1be6a18c1ae9f05cbbe380e8bb8b9443249c9768453f4,1,0,NASA.gov-falsemixed.xml
-8b0e9837bb092fba613041ee2cc273782833a14db5e27a3c629d07af2d60eae3,1,1,NASDAQ.xml
-87d7cec32a9c98d029b8a7748f45f03a4c405f4b10af0c7dbf63a655a2f2501e,1,1,Nasuni.com.xml
-611a187fc26079b456f29744b2310f6cc461c01572b0056ab59a95cff0d7eae4,1,1,National-Academies.xml
-28d8e299d8e8d33ce97bb491934ffbf5d64acdb80543135f009bd43f4ad4c66b,0,1,National_Academy_of_Engineering.xml
-0c7a3d152e2a0809e1d00da01c544f68c2a1b7fd5e5457ed7fef0255b1c8b33d,1,1,NationalCapitalAuthority.xml
-2025891cb707c5cb4bca8f7cfda7411a3b7c03084986c794c01d9966646ce307,1,1,National-Defense-Industrial-Association.xml
-b8317133e03efaee48297bdb5c09b95e33a56f9c20cd60e6edac0a1a4d86661a,1,1,NationalE-HealthTransitionAuthority.xml
-0faca68701fed7d481ef2d407adb2988bb09737e4256fc13d94de4d50be29dcb,0,1,Nationale-IT-Security-Monitor.nl.xml
-9bf2816c0496a7066972ea5e7225f77e2646848ad425e3082748636dfe26f41c,1,1,National-Express.xml
-0adab8b5195c92dd558b96a6d77403d62b64dee59bfdd95a01838d8684e32da1,1,1,NationalHealthandMedicalResearchCouncil.xml
-4f3d0dc561b1d5aa8256a5c6b3836f1d624a29142b47bb7d9229916c2abc6aed,1,1,NationalLibraryofAustralia.xml
-1fdbf03f38170dbf7fcc2e857edff149d2fc104f1cfe992e3346a6eaea3d9801,0,1,National_Priorities.org.xml
-3eeda47a0d58e2fa12af871efccefb70709c9aa4a94f25da447e491a58e6f231,1,1,National-Rail-Enquiries.xml
-3b4c993ab92a9348d921b5254f31e9fce7eb923bdafa5cf3a994e03099578a87,1,1,National-Renewable-Energy-Laboratory.xml
-77df8cd849c8f7755860365c3cb10c51ed391f95ad21327a88546086eb5a29f9,1,0,National-Science-Foundation.xml
-12eaba9bec7055b45b10dbdc36cfee93e480124f3cec55814ebc49fad23ff395,0,1,National-University-of-Ireland-mismatches.xml
-ebcc8d760dad213f091f650b11dbd48341e8039af99e39d0e1ea98115899e204,0,1,NatMonitor.com.xml
-d6c033cb1812b3eb35f78584497ebc3e7ba242d128036064f93cb32fbd54c5d9,1,1,Nature_Shop.xml
-5fa991b9e337ffa71bfe80e49dcb48b46deac649f5bc33ea192903e0b44e7ca5,0,1,Naturvardsverket.se.xml
-92305d7d6923ab049957e8eda6b1a3145f480f0f7c1a26f25e40df7ec06cbb0a,1,1,Nautil.us.xml
-6f7d7a37ac11fcb1be6e29f4d1b0f049754ea7e64beec41ada9c54ef6dd6c939,1,1,Naver.com.xml
-cca9679d08747b3a6f8f2ba6a4075140929b47237347a3c6703c51e22846f71c,1,1,Naver.net.xml
-a06696fc40595b3cde47899254b84ec14c5e2a2209a07205aaafee889961886f,1,1,Navigant_Research.com.xml
-bceb342f096bc915324ab7926b62ae2039efebd5f1655264a42e5499bfa890dc,0,1,NAVTEQ-problematic.xml
-a3d13f121877abb34ed48dcec8fe9ea59e7ae9e78ae8f7358ad45fe3bbbe3931,1,0,ncar.cc.xml
-66f0388e44e97d0c5975fc8abd57d7013078e37e14b34e5a6046e4d6d2a68488,1,1,NCRIC.xml
-ef7d0c3649a77dde9f58d11fb9e77a0bce840e89177a6d853a3a50f37d138e78,0,1,NCTA.com.xml
-e0829fc2c9fb85755c4629310398373a852a49f9ec43b1bc36a49c8853a37eec,1,1,NDCHost.com.xml
-a165bf80ecefdded1625bea8feca7f701dad131dca4397ad3ed84ae9117bac61,1,1,NDI.org.xml
-21b9c0692a5feacebae65169aad071113d4e9bc961c8f43176bd928e517ff480,0,1,NDN_media_services.com.xml
-63d21f2608464533de4ad58940f7c773a7b6be67d11f7a50b58fbacf45148485,1,1,NeatoShop.xml
-14cc64ef3bdf4c87251ebf375e569781b15e8c8bb1703f789c72c57608546227,1,1,NEC_Display.com.xml
-aae1dd28949eb63e1518412b3063cd8db7fb5d1e2fcd31af51b4d9a7e28582ec,1,1,Necuhb.xml
-47b8afcf1806ab5c8cdaac1b92d0c335bdd3bbb0f39bab049d17fa39230c7d21,0,1,NedLinux.com.xml
-4b39488723281f877212d4e81540a4e52eb4a713db6fc8599e8022b11d720381,0,1,NeedMoreHits.com.xml
-d422448b645008deecee31292384b1779d0b472035926333edf3ee7b98d51d35,1,1,Nelonenmedia.fi.xml
-076624231a6913176a0296ea2fe8a98784d1331620d5cf7ec74230ce6d0ef229,1,1,Neobits.xml
-fe9a3b6a1ac58f6ed1d45edd7cd8aeb302d6a2f11d4db3d7b093b0e24c90c586,1,1,Neobookings.xml
-af1e542c1ea14c9dbe26ce321998cb9be7c96f88529088bd44771735c585c088,1,1,NeonMob.com.xml
-98d5cc127fd21d56427af9318d74a4324bf673e7b9d15ee33f27e6281edae825,1,1,NeoSmart.com.xml
-58abadc12a0456ae8c4b9aed73cc326c59a0deb6cc9149476a1e44258cf308ff,1,1,Nestle_Scholler.xml
-fb32bb1ec593963f579fc3218ced702def3c8820d295959e6791c1bb63837079,1,1,Nestle.xml
-1d82d222efef097970af2ddde784abc4a54e9f0d7c72273efdd5a365eaadb215,1,1,Netcraft.com.xml
-dabaddf8009499437a20746961eed8aed99136385bbd85df42500cc0e8f7fd07,0,1,Netdialog.se.xml
-67eb38023a08fec2e55c37dbc7882eb1facd6cbe24bfad8d680d49fd4e3283d9,1,1,Netfirms.xml
-5bc65fba1edbd23a2c1127a5c66a01bc20ffc899e4abb0e6f1b4d05a639dd9c1,0,1,NetflixCanada.xml
-8da4a8d34c363318d78948b6d198a61b8b371b1eceb28751a2abe6a12904f4f0,1,0,Netflix.xml
-a95094078fd0cc6f72a082b156e813374c9dc87a138755d752a4b9ea66773850,1,1,Netguava.xml
-05ba937904b0635e9a5a4ad5afb6f044026bb673c12eeb989146d9a2ab4dce2f,0,1,Net_Index.xml
-f4e958dc0f835a536048412ddc2724200f00c0e93cbe1672d10fdce9dbd77cec,1,1,Netline.com.xml
-06a292203f1fb162f9eb6f48a60f5c5cf2fd82e2141c3be9b382da5a1a9580f2,1,1,NetLock.xml
-8ffdd2456c30dafce460c2ac55f69982ab0e8776a7dcdb2d3b6d955080cc9ffa,1,1,Netmarble.xml
-806784f5df0f188a432397f11c65b89fc7e4b5c0fb00e08c766280743fcb9713,1,1,Netnod.se.xml
-05ef41699e7db4706bfa024c7a337ea730a9c22cc2eac8f8ce35f5181a19bb06,1,1,Net-Results.xml
-b34cfa24a5d99c53cb889604a566fcb954fcf2edba8fe603a27b047c537b36f9,1,1,NetSeer.xml
-47fcbd21bb94ba1037778af9ea7c2e8a21ad1a57759e8caadbc97f7c2d553837,0,1,Netswarm.net.xml
-44363372269bbf2df2c23d28f206b728ec20d7dd27493ea1e2c1ddb49c1e4820,0,1,Network_Computing.xml
-b92200943566111cfe625c992f069402f97fd97337fc836e8f1aab8caaf93ddb,1,1,Network-Depot.xml
-ada451184c4c1e9443d9b548f760725d0bdd50de0d1c5daf97294f4e60d41c69,1,1,NetworkedBlogs.xml
-1046eb858f3bd6d3cfd736bda77b14238d08ac9faab95f854e90106de0fce7ee,0,1,Networkhm.com.xml
-856a5e62ba2039659dfd6a0c341644c7cc94edbfcda039c0bbf2934c2fa6e490,0,1,Network-Redux.xml
-1665687899c59f8d350320538710d50189f98c510f2a3a15d70d094aacf36150,1,0,NetWorks_Group.com.xml
-e39fb5c2ac9f1e495df9e58f17d8a4d761fe13825842ce000695d72bd0fec453,1,1,Network-Solutions.xml
-d9e483a264abb9bf1922d75c3b5417d10f4cb06f37fac341ad809eb66652c8c4,0,1,netzclub.xml
-37f2e0e19946edd55166e52ca91554e9482b18037fd0df2e6177b68af1be5b54,1,1,Netzguerilla.net.xml
-d47c31823f5affb8112f9b876508ea8cbe9c5c8888dd62fce6e94a49fc97ae7a,0,1,New_England_Journal_of_Medicine-problematic.xml
-ade523b4cb15ed350b10463b931b77cf0d98fb8dfeeff46f8ae12bafb519e8bf,1,1,New_England_Journal_of_Medicine.xml
-c726927c171b0ef46e22776ef84b862d65b67640d6bf0c04236116037f7f4658,1,1,New_Look.xml
-f1fe546e322fc153e0c39bed532de0adde5d347f9b0785bdbb0212f60735af1d,0,1,New-nations.net.xml
-17888394abba29aa8aa30d79c30cd4e08159dc8baca993e10abde6b6f6a7b5da,1,1,NewsCred.com.xml
-3494b3975033ab3683385dbdc1fceb067d9af08c054f9d5db857ac14678d2a39,1,1,Newsday.com.xml
-f4b6043442410054e68bad0ebf7106e2cc7147b2c0f9e9d484406aa292344f5e,1,1,News_Funnel.xml
-33e0ef33f129b4bf61f87001d1bdc46d186cd05e3a95c7ee8e6c3d0cde5a1340,1,1,News-Gazette.xml
-5c27173b7d7afa1b073f275eb2ad36e0834ea09a371f69377443379723a891b7,1,1,NewsLook.xml
-a441436f47337705595460deaf9fcc0940b86b7e36ebda3cf9d947e0034c458e,1,1,Newsnet5.com.xml
-d778b682dc606f5a46dfb17fc9887c165e6aacdcca215bd7dad3ad16d9757401,1,1,New-York-University.xml
-4125362bf733c54e5b36ab62a6355215cf05593529ad90d1f864127871552ee4,1,1,Nexaway.xml
-3827f1f331ee1cfd087a75708156fe6dd1d78bf73689aa0e3f05e769f9ae7599,1,1,Nextgen_Auto_Parts.com.xml
-ba5164f38a24d39d86f53ca602a4f7dd6588321e91dd31f3a41900e8235bfd1a,1,1,Nextgen-Gallery.com.xml
-878678bb92243d6117ca6b9852399304d42d5f29f5db90d58186bab9f7999130,0,1,NextRegister.com.xml
-062c7a379d68a9a26d9445a86c7445b28d7f0c6d37a00280e9a6227855935654,1,1,Next-Update.xml
-40707c074f1604a6e59072a96bcea4eea833a8140187abdc12b8e4a02b5af23e,1,1,NGP_VAN.xml
-b96be1768c31667d57cfe63b816da5694252eeaef0c8f6bb9a8a682c2ab677a9,1,1,NIBC_Direct.nl.xml
-4af8504478403141e13018b68dda2ca244cb990aac167268c0b51b3cbaaf649d,0,1,NIC.ad.jp.xml
-d736b4403c08de43b1380fb0bb896d84478ff2254f2c4e12c579e5d175c60552,1,1,NIC.br.xml
-346f439850c55caca5a78b5fc94710c205fbfdb3058553be31a46f6d12cf57aa,1,1,NiceKicks.com.xml
-61a9f6011715fc48d87a94067f3fe5cdc9c02640e9bdab07fdd2ea4311d7c121,1,1,Nicholas_Ranallo.xml
-6d06d1aa85b280082752fb7db909cbd17a8af89885ee11c7a44a2171667d5a58,1,1,Nicky_Hager.xml
-4aacfd1dff2d8f973a210019ccddd21d8e41afee921f582573ec8bdece14f27e,0,1,NICTA.xml
-5204e3581002355bd1567fa463b03daf14441600b888f345e1bd90bc0bd6644b,1,0,Niden.net.xml
-288576142560c33bdaf2b96181fe28dbc85187f23bb504d2958eba24e227fe60,0,1,NIFTY.xml
-44b84456a3c3fc5557e72977cf9ce16026b8e0af2962ec95d2f3cc49f60e4f0c,1,1,Nijyuyon-Bimuunzu.xml
-51f9018faee4b5f25dad5c45d9d8df8a7787758c25d2251ca366c3f08f0e9120,0,1,NiKec_Solutions.xml
-de1c97a6ba1ece72e2b39d5bda73f089c9ae9e6e375e7b1e4370865d4ee29b31,1,1,Nimbus_Hosting.xml
-a0f578f005779d8470ae10f1de0613020df1cbc8fe7fc5e8631a9fbf80512b1a,1,0,Nimenhuuto.com.xml
-ec7461b5fefdbc43198d8930f6decae4c9bcc93d2473eaef2a528d1affffb111,0,1,NJ_Edge.Net.xml
-a326164b9ad2dd7ad25a529f70cb78f363ffb0e58a2f59ea413248aade1be980,1,1,NJIT.edu.xml
-fb9bea6dae32ac882a6da54f728aeb39babc12fdb1939dcac84bc3536733e69f,1,1,NMU.xml
-73d593bc40d8180d71f00994e3736e917129f868ecfdddbeb5bc4e0775769b12,1,1,Nocdirect.com.xml
-debf94c52eec0428247d415d13cd14dbe048783d7ade4dd8ec829dcebbf97b47,0,1,Node_Security.io.xml
-43a70191727669db16c25ec225fa95130168fefdf70c4a256681e235b724b02d,1,1,Nokia_Siemens_Networks.xml
-3836f63808d07a7d2fac347ce4d1b6b936a66ec55a0bf5263b98077b65ed1361,1,1,Nomadesk.xml
-57c82e25267e839ecaef720073776fa50c2fa424d0186817cc21af93356b2651,1,1,Nonexiste.net.xml
-d293276c96add15789fd139b6fb190bd50daf5959c426ddd1f65683c3fddec70,1,1,Non_Profit_Soapbox.com.xml
-8e7d3d54f3b3fcec404bce21849e00674a9584c262546e559d5a5844e6e3e82e,0,1,NordicHardware-mismatches.xml
-aa1619c02d07a8ad0e6e70d89453c9a7ad9b584cbe9f8ddfaea876ab46a59e44,0,1,Nordnet.se.xml
-fa6721f746512e5e4a8c64511e6726f1f815515a40851600355c0cf2cf4d41a7,0,1,Nordu.net.xml
-47d1a59e4a5bc7f49dc15f74073e44df0b352aaa188b8b2c98cdea00d826266f,1,1,Norid.no.xml
-bb16c2bcbadb4544c85460c9389829d2b7aad4d7b3963dc246c25f59ffafd360,1,1,Noris.org.xml
-1abdc9682defa48ce60ed8b8676ddaaf7243890d23ff2c5829e2a1846129b4ae,1,1,Norrgruppen.se.xml
-fb92df7c56875eeaba042d251910aa25c63f4b5be19a988ad757d2c1cadd728d,1,0,norsk-tipping.no.xml
-6d1fb00a3de83ff2fd0b8ff200d191bb37b269eadb0570c50f4c57c637ea09e6,1,0,NorthClicks.xml
-8de08df9643eef3febf2af8ce2f91d34e166a642b43ceb2bddf266e335a0cd84,1,1,Northern_Tool.com.xml
-c4a531ac4df8aae49d972831bbd8ea349b8e413c750c18b15fd55a98ad422603,1,1,Northwestern_University.xml
-e5e9c8fba237ed6d57e7648a12033fda436f40959a5876ec4fed7b1fe419f112,0,1,Northwest_Swim_Shop.xml
-d88941553216a375019bef623617831cfed119f7e9a45de9c09e31cf9259c4ca,1,1,Norton_Online_Backup.xml
-208eea5047faaae533aa5050a7401770c5aa48183eb4835ec2d044898c666123,1,1,Norwalk_Reflector.xml
-70ff96450eacf3dc60037726f4a4fb075c8227e7d102758ec4d3860dc3fde0a1,1,1,No_Starch_Press.xml
-0c6c06f058c319c6c3d20b95c033c01e344f10179b032110a16706bc2333d3a1,0,1,Novartisart.com.xml
-65f54df3f15bdf0f223df2a16aee88e2f7c86595a22855e25e02f5bfd8fe209a,0,1,Nowy_BIP.xml
-6c9a823e3a18a17c3ecc62249c7849fb7205d4a3914bd90a63a55d388f44b207,1,1,NPario.xml
-dd6b12c407efb9469efb6c2428ba486570a3468515291282c02b52f6a9d8eb4a,1,1,NPD_Group.xml
-005d6ae4ecf390a96f0cabfa24bf3542de3358ed187c7d3fb6a9ceae451436c0,1,1,Npmawesome.com.xml
-b8a8048fa9d78e8f49ad9eb38a05c4dd88ad22df91e48f65496580938fde7370,1,1,NPO.nl.xml
-93abbbfe95c5f2789122bf430613904b390913856f75d7d1ef193233b5dc40d4,1,1,Npower.xml
-5d4444592b404ba94813e1d8cf9e708f3ad212fce590b1c1e86f65db9cc72c86,1,1,NPR.org.xml
-99a479c07d49448c6cd8f8e92d29c3c6ffaef57c428719b97c5fb1abe9ae4e16,1,1,NRAO.edu.xml
-9639623e2600862914a9fb119f73d7508c6e062cafd70f4e5cb8873c0ae266d1,1,1,Nrelate.xml
-f3161aaef5e1b8c8ff003407b46075792e538cba3c966cb04eae44220d606e5c,1,1,NTI.org.xml
-968ecdfba1b77f1e7d9ad0883bea2141a1bed5e8e66cc17f596f494904f959bc,0,1,Nttxstore.xml
-82b8c6fdce49f6cfec8a5af5a439ab933d6db04d1a96dd8bd79b398fde7ed662,0,1,NTU.xml
-4389ff81399428de5835dcde6360c9355bd8bb30deca633fdcb442ed80e8279a,1,1,Ntwk45.xml
-74ee38c39c1732564c41660c16c36683c46aafc6785922df598dbf2c7d57057c,1,1,Nuclear-Blast.xml
-7328e524a9f2fd1921fd2af6072701475390df737de382f10470a108df06d252,0,1,Nudevista.com.xml
-0749f8a0080a8e3e25f93d805c9b506ec3a519c7756757e9c3d5b0743d0c1db6,1,1,Nu_Image_Medical.xml
-769b97bce11210d969f4d10ab4639bfef1b69b4ec1cffd3d0e954ad77c8749bd,1,1,Nulab-Inc.com.xml
-d16090d0d492da8b08cbedeef767e7654cdd46ac59ea36e79ec69d96672d33c5,1,1,Numato.com.xml
-cc50a9830d7a6ff8d19a2bb287d16061d1c06460547e7751ce3e44db8e3ca24a,0,1,Numergy.com.xml
-3549eafd309d3b4297a5c35cf3a6d5c49609a2369e6b86ec8329e62e9d7e5c18,0,1,Numsys.eu.xml
-abdf7c3d9a2a343830e5249d3df8cedeb901479020f51d82dd4b814d2d309f08,1,1,NYDailyNews.xml
-6d5cbfcc8c9be0f7aed82f53f645a4a1aa507fd4bbe1e200a57f541ed33f5951,1,1,NYK_Europe.com.xml
-5c89823371187d2f4ce51cd50e123987b1ef5759c98b3696c3e6634fbcf9a373,1,1,NZBMatrix.xml
-de36e0b17ee514a0df985867ae86c2d541221b07758c981e8cb0531f6f05fc5a,0,1,NZ_Herald.co.nz-problematic.xml
-e1a3d986985d25415f778a47600e667ad8e9bd40fc84210cf071cc8402d01060,1,1,O2_online.de.xml
-e79232198ecd818d2c8984bcb40357ff099f8916aee9743b4ab5cd29856f0b30,0,1,Obermassing.at.xml
-7a6389ef271a9d5a4dd6cc58ca95d36ee4fd49f8166edb672462ea728bee070d,0,1,Object_Security.xml
-74bd810666ffdb4fb2893f61b6ec93bac1fb8d2bdad9562cde970cece038f8e6,0,1,Ocron_USA.net.xml
-6d1f0a2604285d2dce5c3b74a90dcbf026e0f0d9762ff8e273c989f4c2012d4a,1,1,Oculu.com.xml
-9f666a13d6dedffd0bd201d9a652bbea8f91f6d041de1302d6ebecc12e39cee9,0,1,Odevzdej.cz.xml
-ee9c9295fb3a208cc0b9796284238ad0f8fe79bde323ddb10029757a43887bf2,1,0,Odnoklassniki.ru.xml
-9ee2f486b20494ec87d2a1a4d7a436cb9c9fa66a792615927db08fc465e66923,0,1,Oe24.xml
-d58912467627d4166913d3dcc6dbc6cdeff23bc192ddcde160f7284bc486fc57,0,1,OECD_iLibrary.xml
-df2add100cd65ade870829bb1bca5dc06439fe3f15a4175bf92dc91418442725,1,0,Ofcom.org.uk.xml
-45d99e8a02a0e2e8b6fadc671ec6fc9defef235fcbdbef400c5e5f6059b803f8,1,1,Offers_CDN.net.xml
-f2266e1bf3c4072508e918b98d2698af89f9e70bbafb738158b17f861d5049eb,1,1,Office_Depot.xml
-f1b954f78d24f7feeb7e04dac5fcdc774536df6891966380a0a1b2b497f95a92,1,0,Office.net.xml
-a7d75aec8e21ecf112e479ba71608e304ce069f7ad65780423fe6f6e3a882245,1,0,OfficeofNationalAssessments.xml
-c6325fdb39f3806727a88efb1c81e7245e545d76d22550261f220dcf7e312210,1,1,OfficeoftheMigrationAgentsRegistrationAuthority.xml
-7bd7472b864382c42a9f3801de953047d3789a93f17f117f9d8b246f89a46318,1,1,Officer_Down_Memorial_Page.xml
-5b55ee39e40189e984150ee57a844755de14b0927b9db79c61141d9fd9b1b574,0,1,Officersforbundet.se.xml
-25dcde901d9747daba2772ee4cb554d1246804ff52d34d003ad64b56df4fafb9,1,1,OHeffernan.xml
-28f5e6e876dae0659adffc120b0a68303c4d6f09a78cee0be7f61551bcb5e271,1,1,Ohloh.xml
-d153eb0f3b7524d4f4c67272e63a5427237f47277866092e9fbc72186aaf5653,1,1,OKPAY.com.xml
-fc2297b2e6b8c26a7c28893a30d9b79ae7e46d662d08f888bd40104166634c81,0,1,Ology.com-problematic.xml
-c986cde89bee26ebcdf729bc707f57a426b23e537c9833ac3b2b1d6604c3a171,0,1,Ology.com.xml
-543885653524b4a430d6bc05d5f0a915f8d2044b4a68210f400556475b617177,0,1,Omar_and_Will.com.xml
-497e4ef7981352ec9ab7c69c941e8dc50397ea32e225ad167258f3394047074d,1,1,Omaze.com.xml
-337868f3fa4ea5f7e775c58846ee41725e2bd31593b02a28804608ae479f4b32,1,1,Omaze.info.xml
-ded3ddf6a16ed5efd94edbcc6481468106bb1d5b2fc8a059873813f181bb2848,1,1,Omeda.xml
-56a510c39541171f7b06d9e5142c7c58974a7c3e5dbd4933acd2b78380d54369,1,1,OmniUpdate.com.xml
-eace07c9f40c8d1d737e1b1bf7ed811a6b93db64bcf35173c0db7463c02177a8,1,1,OmNovia-Technologies.xml
-0a5c5ef21136aec6f45e299d2bb76f6f3b291b2973c4ac27391a779221078902,1,0,Omtrdc.net.xml
-3f6416373d690a4ae3684ccbd983903c201ca6c64da36bad3b682e808637301d,1,1,ON24.xml
-1972d6c5905736d5cc17e3723d36bbafb0f8424f655c05a760b036726a9cdc20,1,1,Onamae.com.xml
-da177a5a62f5b28245ec5ae8feb54d6784053304cc353685b5e97c71142d6e52,1,1,One2Buy.xml
-38f608b4181bbcd0e2ef43bd34fb19ab09145bac5ac63c9a9b53c28199b23b12,1,0,OneExchange.xml
-9d8246d0d33f52be5c89b398480ebadc3dc02f64e777daa066468c90a3906f84,1,0,One_Eyed_Man.net.xml
-11c59e652dbeb5c89673a0bf1c14c96d925d032b9f838a8c3e1825706e5992f6,1,1,ONEhelp.xml
-f633eda70bf6a833c1b0f34d615bac9af7dde4e6611be3256dddf73293ad073b,0,1,One_in_3_Campaign.xml
-878eeaf89383b2d78eeae460acabcc26346fbf04e3f4cc9950a95597dddb5b76,0,1,ONEnews.xml
-2113833f401561eca9a76e4b866132bacc3b798521c30ce0af42c4a70d7f5854,1,1,ONE.org.xml
-7a86e66aa354558aa5ac3ca347ee08212e9edffc6adabc52fecea2a43d39ecec,1,1,Onepager.xml
-d6085737afde36c4be842c941f607237028ef8aa700604a9d19425e6f4b1d5a5,1,1,ONEsite.xml
-6dc92cee48556d89af4e82ce71e74ac9f797208689b7f351b93f2925f1a6529c,1,1,OneTaste.us.xml
-0a3d44381e241385148df130a14beeb2b5bf3363441a7fb3f7edd82e4b313915,0,1,ONEweb.xml
-20c6fcb2955fbc55f711d50ac5e82b05b6103e0adc66ed06d2c981b5d6997765,0,1,Onion.to.xml
-2788b4c9876a9915dbd3ac3f42d6ff8b87f8d874118c22806a6051a093187c18,1,1,Online-convert.com.xml
-090726845bf1a7336dcf4b17cc5fd367393dc83cd61cb47480c05e9443fa6053,0,1,Onlinecreditcenter6.com.xml
-eba9cf6de0668533759ecd0c36f82a6c449930302e3fb4e801ea327b491f3362,1,1,Online.nl.xml
-4fa2e7411d1c81beac34235e3fc37f2d67820e87f2b362680c5f2024fdb64090,0,1,Onlychange.com.xml
-e82460278082d6dd45d68e33b70bbca8e6bfe3798d9dd81b621e220e90df8d49,1,1,OnSecure.xml
-4451bf75cf6c947ca73f64b8deffb43eeea5f8f6bad4de32b40947b6acb816ed,1,1,Onstream_secure.com.xml
-1aa14c17aa4ef45659e1c0074208010389305aa5082249d6a70e108b55eb6bce,1,1,OnSugar.xml
-fc272ddb7df80aa257e5ca875c84d9229fea7d8355ac2a4fc8ed8943bff73694,1,1,Onswipe.xml
-dd51b1a05bce8252c471fe1e9ccc7ad3d295ab21d3f59485bfd45fb9392e1510,0,1,Ontario-Lung-Assoc.xml
-fbaf204007a81363eaaa94c37bc15ab4199113aa8b2eaa0716748f2d3d3b90f1,1,1,On-web.fr.xml
-80c93942c09bd0fc6bdc7a745fadde44ad620aafbbdbe3eec6187a6f211ab638,0,1,OODA.com.xml
-54099f634ae421e4359d5f5b6cbdcafe9668f66f2e6eb3a55f5084a21579ac24,0,1,OODA_Loop.com.xml
-acafd275568454c22d4e6503b39246589eaabbfee280841d01b981a06e280fd6,1,1,Ooshirts.com.xml
-44c2f4b20d087566d810f2abb555d682470754c52a4150254fa07f9124d3b8ef,1,1,OpenAdultDirectory.com.xml
-f28e83160c984f6ff05bc0df04ba6a174084eabf65407155967e6d040006b732,1,1,Openbaar_Ministerie.xml
-e4a39f7fb4896d07ce86d9a6db8a169943bc9bed2d1ee021c6df3e1215b0ebf5,0,1,OpenBSDEurope.com.xml
-97b2e736ade074beaeb62dd42fb1fe9672cfc13f4867f2f40ba03053683f78f4,1,0,OpenCCC.xml
-cde322a388021fd678242253e1553602e42ca30238c48f4c0ae454c292fbe92e,0,1,OpenDZ.xml
-90874a039013b1b29192288e6adfb66974cb6b5a2b1d725476540b45c256e725,1,1,OpenF2.org.xml
-23cfc517ee6ca72edf14bb84eea7ac61561a7b4350b58e293607b6d27f713d95,1,1,OpenSRS.com.xml
-844a36d59938c66a965aa67a15d31a2376a10ff96420716e5c17b03e344822fa,1,1,OpenText.xml
-eedd01238a5abf30c938d81a49922b5649a3a094393fe0e507920fa094f65d2c,1,1,OpenTTD.xml
-9463fc3e7893128c1b827bc2b8dca47a65679342f09db55a5f8cfadac96cae90,1,0,OpenX_Enterprise.com.xml
-604fe7231f1c25ddf6e9800bfcd98f75742214f5577db7d180515bf2faaab196,1,1,Opinionmeter.xml
-7c80b0633a59b7e17d4626e0c70daddb55ab24bd056de01d8c526dc482222af4,0,1,OPML.xml
-2013ceb768b7fb2e6ae7f5b25d5367595d6e665101205f208b092c0d4280b715,0,1,Opscode.com.xml
-2219f813d8e5729e90465151e21fec4c4983e78603af8a034b308bd1202643c1,0,1,Opsmate.xml
-e679e81cba89cfa6fe912e2750e9b2d63c212e8cfca50d110cad41576febf413,1,0,Optimizely.xml
-a0f2899f9469ea740ed8c77f5b23bd3714e4eaf6e351ffff4c9533a8597aaab4,1,1,Optimost.xml
-a5676729731514a16aeb134e6988d1e6bbbc14f748020d3de623bf8358feac57,1,1,Optorb.com.xml
-0d4d289bd08afe7cf3746463b1583ecbe548148093efba3b9d0c6b284b3d7adf,1,1,Oracle_outsourcing.com.xml
-056eb34319c7780b742ac8b8d770b2d059abdb70c2426b70a7ef35036d71b50b,1,1,Oregon_Live.com.xml
-59f3e0d2f845ba355058ea169801f53e02ccda46b1ef93dc43b207a41e34dfbd,0,1,OReilly-Media-mismatches.xml
-e0db41e1e47fc6247b7f8626f1f03bb2faf03e004051c8c6052bfa3ea5cb0709,1,1,OReilly-Media.xml
-e5357c1ffc74896189b011f0a42a965aa17e2380d43948c51fa3f1cbc4bfd34b,1,1,Organization_of_American_States.xml
-cecaf6ce7d12344ef5d11cea214e4e35a5830d63ebb2c06196d809186beea2dd,1,1,Orion_Magazine.org.xml
-d401c7f7f5c1176c51af573b2a7682fed96347dd92441fd17310f7862899da44,0,1,Orion.xml
-c82a64b885d2aa50ad002489c3b176f01daa34468fae4faf020096c5a998359b,1,0,OSGeo.org.xml
-8179beb66e449859d77703cdbfd13118c0486e1838bc34014eca63c16facb6fb,0,1,Ostel.co.xml
-20863b5a1eef280a516f941549c3fa23fd4677b761c598b34df09d9711807461,1,1,OSVDB.org.xml
-94dd37fc173d12370132dffa8f69db887cdb8ceda32a887bd09f68e45f0b1476,1,1,Otsuka-shokai.co.jp.xml
-1fae3240ae5ca7a9a6aec496dd35dca2c08790c7d20049fe1a7f103c46efa94c,1,1,OU.edu.xml
-9a1ed180ddfce3019a6fe50d73e329c7ea2b0e3496ee5d9970aaae538c11ef17,0,1,Our_Tesco.com.xml
-b6f59d89974e8d4dc8e7975ab5c8b9fd552f2678054747da8edfd0f61c7ce96c,1,1,Outernet.is.xml
-71e57056b2bb6b821f6d15d459b9e1dab4127b457ef251b5c5e90aa39c09a533,1,1,Out-Law.com.xml
-de1e27eb47786a3bf894fd5a8763bdb40aef0ea4e18148cc72682d2afa0327ee,1,1,OutWit.com.xml
-96eed2b53e5e3c9e71f961cf70b87da6a609b4f611bd7cfd5bdc1b35e526c2bf,1,1,OUYA.xml
-92fc52d7bb490975b655af9bea6487d3450afa1de920dcb2d3e129a2710362f7,1,1,OvercastFM.xml
-d8dfd4daa157d444dcfe0fcba5b88427f1188d5d086da3a7296700100eaedfa1,0,1,Overclockers.com.xml
-bdd3f592ecd63b5901777ec0167288e71dba360e36f5f838e8b637ff4a6a8707,0,1,Overclock.net-problematic.xml
-d036d978d59b2c6b627a707f62492e3914b334f5b8a47011c0c3b7522952bd11,0,1,Overclock.net.xml
-c82c5d7795a29482c59e69e8008da2dd1b9e7169397a140f15bbf490c8f65283,1,1,Overlake-Hospital.xml
-ff199168eef28407f5f4ec85c4a28f7c4bb363a2b1902a775788789754cde2e4,0,1,Oversee-mismatches.xml
-2996ca6e33df7a1c79b34fb4d22f94b102e5203184fee44a139fdc6d245469b8,1,1,Overstock.com.xml
-5e7c404505b85db849540392423e02d918afac5c262a77d56b9c54455c5d3020,0,1,Ovh-mismatches.xml
-ec9f53ceaec2456fb948c8a5eb1457115b6493829f0c3924f3c8b9191462efcb,1,1,Ovi.com.xml
-abd84a1bd03337f09f42247bb9513e11cd227c36a62e212ffcf035388923e208,0,1,Ovid.xml
-3ef27ffb6b59429f3141e44fa25d541563857b34023b5af2a3f1c54676b1181b,1,1,OVPN.xml
-b3811d1dffe75b829ae7b3e3502df1a9e74bf01a4f58bc96f863e6ff5a7c5a78,0,1,Ow.ly.xml
-85829651a7aac63d0796f06fce34bc598e0db69ee307923c0dd4a4a0988b83e0,0,1,oyoony.xml
-a2a23af5c2ae4a75d2bc089e535640eeeecc2dc198cd238a388b41feb8da12bb,0,1,Oyunhizmetleri.com.xml
-166b9a29d094400dd90a8a552efdcd6e3b3c658b621d14949def9970d42c9661,1,1,Pabo.xml
-8ee04de0f957a1a7ef55bc97217988dbd46188d93422333933badbdc3c421d44,1,1,Pace2Race.xml
-57aed24e9b9918af2c3000fc9dad59aad8643cfa4f4dd7fbd4d1a7ce8bff2ad7,1,1,Pace.com.xml
-5a7edf49dea118f92b324829c0a372bd62cbc80e1cac4b4687acaa902b08e0df,0,1,Packt_Publishing-problematic.xml
-0f719310c45ca090e2e9a64db0fd93eb7c422307b95c10ff81f2a3cd55085165,1,1,Packt_Publishing.xml
-2942c293649a231016bdaf6d94a045f8053ecb1754c56e9360c0db8a69d22a35,1,1,Pair-Networks.xml
-993dc3f9d1e08eb3a27b37543742ceb167bf5ac80930af48325e4284b0858397,0,1,Paket_de.xml
-15cd68db5c4a3915cd30994308964c68800643eec33f9faacaad09390b3977dc,1,1,Palbin.com.xml
-ab6e11c74e0a8ed13d35553f3c8de56b8f5d9e134ddf5e600c9d9ccf29d202fc,1,1,PAL_cdn.com.xml
-e89d28ccda24a3b1cc9b37d3d269747a51d052aad6911ca7870a1b8a85212c3a,0,1,Palgrave.com.xml
-e557b6f440d476e55abb4d57ecc833bd70b1d43508f88aa2a7188c8b517ca1ff,0,1,PamConsult-mismatches.xml
-0e122fc15bd797982d15495539527f1952384f9f0e1d9a4f58ed9121aeccc471,0,1,PamConsult.xml
-0c07953d9067779a3afb141662a89ffe6712fe0a8ed080815cd3b7d515ff2964,1,1,Panasonic.com.xml
-3754825b11533fbebbb1f5555b448bad53f94dbb64c192d50d991717e48e4f1e,0,1,PANGAEA.xml
-2c02f527aac3a3b6ed1c50ccb0cc60f3071cdece9fb572a42d504f1f8507a27b,0,1,Panstwomiasto.xml
-66fd01bbbea23106a839b1b18364ed9781c70ab62c2b2c90fe21e27c02059daf,1,0,Pantheon.xml
-3d66d95fcc8eaff8c7fe025a95dc9990b8682f63e90359a2dce7f7d99117dd31,1,1,Paper_Mart.com.xml
-64436422939f25d69a11657a209e6448090f41f78c76a534ef7b29fda740fe67,1,1,Paradysz.xml
-2f11118b0aef6afd296fb8da24c425d5a3cf9142abdb8d48e51173074563d33d,1,1,Parallax.com.xml
-081de7e48c0be2a33abea11175c4af99f366194f21a664648fbd4e196b307f19,0,1,Paramount-Pictures.xml
-0849261d180bf5007e6904f9dedbef66c86b810331e023a436c861a45eb9b1ba,1,1,Parcelforce.xml
-34d03a76bac9becd0ff8d0b1731df9311e583642f0e6cd4703b548021f4ac3c5,0,1,Pardot-mismatches.xml
-fdaf728f0d1645316bcb99336155adde2f724bad59b80e1518b30aba749e3ee5,0,1,Pardus.org.tr.xml
-8248f3806e6f85c5e29de65e505f6a5a4ab232d37173b9317ac6ef9fd4a944d5,0,1,Parker_Soft.co.uk.xml
-bf9dab15a6423695a11bb8cfe9c4c544e6b94733b6b9059f152489bc396cdd5d,1,1,Parrable.com.xml
-2f7f5f9e4e3d9e8cdee57872ad5ed329a74729aa1da99eae8b09b9f0405a9520,0,1,Parrot.xml
-95355ec4cadb259b3053a38718cc8377c7fedb4b836845d8c3fcbc377a388b9f,1,1,Parse.ly.xml
-711047b87476094652dc5cfc13c671233df723abefe56d8d0985964be3cf1ef0,1,1,Partypoker.com.xml
-bd77d8f6ae3b12a11e511c42eb1334c5b6ed2ce407a4ab7ffb987d3aaabbefcd,1,1,PassageBank.xml
-4627a7d8ff44d737bfb4c58d14430e8b141ecc16773a5728f4ae45ccf949deb7,1,1,Passion-Radio.com.xml
-75a025fdf82ffe68b0374b63078929152bf48ac57d054441e0159befbfef8a8b,0,1,Passwd.hu.xml
-54bd67e965c51bf2587b2fc9952c21cb6de9fadf10e2b9554dcbe9da50b06779,1,1,Patexia.xml
-0b5ce15002341f0db27efdb5ecd92be9831b315c94d0e13fa1a0f40feb366041,1,0,Path_of_Exile.com.xml
-4bfbc60b942980ff3bc84cc72b58e923d53c44ac8545f4dd49a805be4abb3e85,1,1,PatientsLikeMe.com.xml
-febf08e54b5ffa88d16aac719b71fbe7f63848d993f5c4a2c9595f6ec7bae477,1,1,Patreon.com.xml
-98b8a9258598a273055f0ec78eb8de613f8dd0d9551ccecfdf8b94019cc4d53c,0,1,Patriotsuperbowl.us.xml
-4118c49b435dffa12fcd46cfabe3003d5fe4f800cff164ced1fc5613328f6680,1,1,Paxton_Record.xml
-8a4688c9225f39cdbd0bdf2461b215687a6e52fb158187d9cd52f0a794ae3995,1,1,Paymentech.com.xml
-f57d5ca4919b3d58dbe5a864ea0feecbb99e330bea27b1aa204af72223c9a014,0,1,PaymentsSource.com.xml
-264085f330d2586114a4df09c28816ae62d1983cc4641f960c140367bf8d6a7e,1,1,Paysafecard.com.xml
-592b9c9cf654a401553f5aaf1093c2ed115e9ebd1d5583e2b6fb121ca249bd98,1,1,Payson.xml
-ef17044a8b78f51176d9b7505143648c8b23fb317b03cb15409a80d3400f3016,1,1,Payza.xml
-9602ed3addac75485c0ceea57c20a84d4a827c6d365762d3811f5666b6523b32,1,1,PBase.xml
-d97442855190363a210925b4af5c69eb7279ee85fbc38a2926f0ea8290c6e55a,1,1,PBS.xml
-06db9841f3c63227883eae4e5c4bc63477f1666d4a9ddcc3e6b754c98af4eeaf,1,1,PBwiki.xml
-8a1b127e8f05e0f2eec350c40c6a8fb03b4471e340cb20cb6b73eb79253edeb9,1,1,PBworks.xml
-cd261c31586178eb701aaa6bfdcf87175167cf04a5ee3f713646b349be74f608,1,1,PC_Booster.xml
-cafaa354707ae4551d9e4cb2418f7693aae919a2b64cb9fd74668ba93ae62471,0,1,Pdadb.net.xml
-9c31ea91bf0665d863307a542568b94e24b338bc12cb9bf1ece43b585c8fd393,1,1,Peace_Center_for_the_Performing_Arts.xml
-7ace65d7a07d3b5a62cdf6ea0e4d7aaa66e35a4cc4aa08dd49b9cb6410404a06,0,1,Peacefire.org.xml
-7906a49f15a7f530524ab186dccb29610399fda324d86a5e79806978facdfe9a,0,1,Pearson_Computing.net.xml
-eaa0b56f0d798eb856140dddec98c9e8cefeaf3d28704e57d7e14eeeca2a9bee,1,1,Pearson.xml
-842e549d619b0380eeb17b1efcfec6e7549e441523a844b09c96dbe09b405593,1,1,Pebble.xml
-1eb02087c60fb6dba349d89674f8fa25ac18106e527f762be774f5a3a56e0a6d,1,1,Peepd.xml
-9758dc26bfd158498a12c009b879a638ea94cc3924cccd0f0dc8fa4d84ec53da,1,1,Peer1.ca.xml
-64c4c6f9c393cc844503446036d366ab4de78bb4741c80a09d300d9f594c4615,0,1,Peerius.com-problematic.xml
-64a7ed454d800a12208277f538434e1e0b2c6ac9d315c87b208c0c00b72a1fdb,1,1,Peerius.com.xml
-271945f92399adf841cebf957bdb08cc89874f91442eb2544ea96f9fd5fed9f7,1,1,Pega.xml
-a130c2186838ac25cf952bcc67cca009371321b3acbe4fc721309b72aad7027c,0,1,Pegelf.de.xml
-5a52d53e9ffeb92c8b6362d7aa244eda1cf7464f87eaba6e7c4fcd95315e53bb,1,1,Pennsylvania-State-University.xml
-540cd8a82fb1de07061e983359475b2cbf144af5a1b98ef4b981f87982f3a7f9,0,1,Pensionsmyndigheten.se.xml
-d32196850dffa1814571345636359745e555a8ccd3ca87b50a1ef380380292ed,1,0,Penton_Media.xml
-c701f76f6f266e844c32dc5290854d98e913ea2c5006495b203d27a915336213,0,1,People.com-problematic.xml
-166164dcf3c3d6d1e3762fbb94fecde448c60817a32fbda5dcea58510bab18a5,1,1,Peoples_Choice_Awards.xml
-4f739239b0b8c6773946ca4faf240e443e09ac76ea98e300f81e45be2d32bbee,1,1,PepperJam_Exchange.xml
-0bfcf99110e28c27fac8359fa56d2d15eb9a6bc51b7f19c801f48d848eaff667,0,1,Perfect_Market.com-problematic.xml
-7b78550930456bd1f52a35ff060fcf4bd5600361784386ac7b055825567697d1,0,1,Perfect_Sense_Digital.xml
-900c3a50d140a65f8eeffd335f0dfa3a879cda47460d82d990a5e3f2c74d9e2c,1,1,Performance-Horizon-Group.xml
-f0b6d7c9e50a64809b5eaf88b7b4d7dce6e87dc879278206a8aab29b18c5f8d7,1,1,Perl.org.xml
-a1da8d050501f472ff514b7c95a98a842e5c44be10267004c30e596b5ad1ba04,1,1,Personal_Data_Ecosystem_Consortium.xml
-5da6f392c8c9d1934378d6c298a208df2a58294ac300696a84f5d7bd547757ea,1,1,Personforce.xml
-4fb878e36f15569bb8694cc8779748db363c8f11ad0e6b134fec28c19d2518bd,0,1,PET-Portal.eu.xml
-e99ec492c45d9f36374209f65aa64728ab835eaebba4922de1d940a0a9946394,0,1,Petridish.xml
-f4c10865e40293cb75f67a03a2e5e63ca730b698b6cf48fe2d0a9c32ed35050f,1,1,Petteri-Raty.xml
-1ade8367471ea44282c77b6f43bab43cbc8a08af4bb0d26e855c46605f2d909e,0,1,PGi-problematic.xml
-dbd90f2c99bc31ae808344a6087f970e33788e1c8cde66d1768711db380133ff,1,1,PGi.xml
-af476a463bc44c5c542011579e55ccf8a7e325700b91a1a70e1ddb333f6dc3ae,0,1,Pheedcontent.com.xml
-1c3c79bd15ea38a9fc9fce5b15e750591f5947684bc7d09ffe2fd842ab55973f,1,1,Pheedo.com.xml
-10c216db9072d4143dfe8c2573933753ef48295f0919f6baf00ca7358984521c,1,1,Philosophers_Guild.com.xml
-f7ab888270798948dd057e5883a6f5c955abaf3808fb756524e1fc1d86a0b5ed,1,1,Phoenix.edu.xml
-d61d04f65a6fd2d43073d79cdc7beed25f611fff7e88332b8996bef471ba9113,1,1,Photobucket.xml
-53c7d5a4a7c980d606e95998d9ebb2bac6595fd8ca882341ac9c15747387ffd5,1,1,Photoprintit.com.xml
-2bd8e53696537c5812bd23b9c6628a3d0af06be72233ef810040f3b23c8588ad,1,1,PhotoShelter.xml
-674a0b637afbdaa73b2bfdfcab99c5b3d71a384787d9e031a134f792f3fe1613,1,1,PhotoSugar.com.xml
-f9670b9d0e9d920a70d4ec7b2dc8179a84dc5990178b6b342a670d15fd172d3f,1,1,Phparchitect.xml
-3af24510a340798c94b74d84d83b8d97c908a99c176285f01e01b9233257c6eb,1,1,PhpBB.xml
-d207479c61bae758355d66740cccc5b8933c177ed185600cfd2383ca44b07048,1,1,PHP_magazin.xml
-2b45bb4e70e3004d0fcf9b51b953876fe7fd98e5b0d739600cc8c69a90899014,1,1,Piatt_County_Journal-Republican.xml
-70a3d36ac63cc90318f72a656baf1d5dac0def5b77a5bf6057985fedde3c9bf1,1,1,Pickaweb.xml
-cf7b1bd5b721d925da006f39ba1871955f031865f0671ceacc1682158090e92e,0,1,Pictomania.xml
-a64aadfc5703638d06d42fb40b03ed571d3553b67c5b8ef1c2ccbb3ca41ed3fc,1,1,PIERS.xml
-73228b03209d957e30c9949ed6f98aea5cb7625806c66b5b57d43d5cefe23273,1,1,Pimg.net.xml
-5c642d04588720a0e664a199e104302b390ea9164d5f94679eb3071cc419e6d7,1,1,Pinescharter.net.xml
-351933a4ca393d784a3e0255666cdba8645c9e2d8f56ea3231467b53937a7460,0,1,Ping-Fast.com.xml
-6febccf9fd5fedb160b70b5cf4e5d7e19082b4e6fcdc034cd95799ff16389bad,1,1,Ping_Identity.xml
-afedb6420fe0dc9246a1e3704d1b06967e04611e72032e5103d6937ad97798de,1,1,Pingless.xml
-3c5a6453f20a2462fedce8629a68e47c615c8717e7f5934f3271d71bbf3980ee,1,1,Pinme.ru.xml
-662023093afa853230351a22ad3a03d92674583751f67b1c77db57439da389b0,0,1,Pipping.org.xml
-ad561bda1b21a7cd37292fe6517ed7450fb842455e660f2900652724949f6f2b,1,1,Piriform.xml
-dcae5488ec16f197e07694590aa54be513815984fa0b5d5ea1bc08ab3557ed5e,1,1,Pivotal_Labs.xml
-44323e2b5b6caf12d77c2d59ec395f05871254633110d9445cfde16de26083d3,1,0,PixelX.de.xml
-ad971bf2c77b4ec56dff4b1ebd768b42d166804aa93c19a70dcba398a4045a3b,1,1,PixFuture.xml
-92ad78a298b8f4be0d0b4aff2d5f19fb6c7c82f5d6f8567694da3e0c68edd3e4,1,1,PIXinsight.com.tw.xml
-f271d90bb31a2cb8dc0f62f9df2f17b575beea0dd022090c0960f28a92ad8ad6,1,1,Pixiq.xml
-0994464e966ec0d215837bc39c1acb79ac32b8467aa507afe6b562eab05a44d4,1,1,Pixlr.xml
-78052284fbb334289d9e752193c08b0c8ff5c8fc92a3b39307337c8ba09d2c55,1,1,Pixnet.cc.xml
-b84ada13e6f5cf133253dbdcc57309d22aca26b01618f3a9595216affc6ecdca,1,1,Pixnet.net.xml
-e003a3a5770e69050c1accb50e3688d18332e9afc5709c67d6ed37b21143d042,1,1,PJM.com.xml
-31dd3078d2a271e9a9168331e24039ca47fcd957172cb2b1ba0c51e17fe9ae67,1,1,PJTV.com.xml
-2045d71578ef2f543876076c1cb5ded21813374804dabe5658b6d948243abdf6,1,1,PKWARE.com.xml
-c5c0d23e54473a42d466785be61c4ad691e44f62e710a2a6c9248a694b6cb084,0,1,Planet3dnow.de.xml
-56c3e1cac4182da64d08f8022f8c7a23d5c7b289bd16d8121a188b07e140df46,0,1,Planet_Emu.net.xml
-17825c9a9cd2db7a5d13875ea74970ece1ddae9a9a557ce3c3630c583be0e8d1,0,1,Planet_Minecraft.com-problematic.xml
-3ea9dd12e12f7ee6c175c6196aefaf9dc366b0b46db96bbc6874afc901c1d2d5,0,1,Plantronics.xml
-d008a6ff2c3b16c6fbe4d134d1c1aa6b7f333d343d9e3fab3f88f9cd69599cca,1,0,plarium.com.xml
-287e64d55238846fb01707c87d7d0b7620816da9059a63b0eae64cf45e7a0428,1,0,plasso.co.xml
-1094a99b5e8a0abb9fb46b17654826e1a8387207caa3278f89949c8b6d0f2ead,1,1,Platinum_Skin_Care.com.xml
-41ffeb380bd1fb5d7972c790667fa5c0d2ccd2afda7a269651a65372b52cfe04,0,1,Plati.ru.xml
-f17442d3412d38817ddf3cdd8ec7f104b45f54d6175505b0a315d5d655d05be6,1,1,Player.FM.xml
-f8eb1c5b920d861d39f2f49cc5b1b5b781034d05a5c5970492e2ca678feefb37,0,1,Playlists.net.xml
-5ad21240dc02ce7be71f92e97e1f63262e6e839d605135c4b82ca69d20115d56,1,1,Please_Ignore.com.xml
-8e4f71f2c21971751b4669d02db149088429c727002101104ba57365f5804531,0,1,PlentyOfFish.xml
-5ce86ee0da32f6c5981cb7475e0a8380312600efe02838ba40dc8dbfdff5afed,1,1,Plimus.com.xml
-276a6de950c7d1e713a52f2dfbaf55d94c612fee0ce7f69d5ba868c1d48ae719,1,1,Plone.org.xml
-b24301ccfdb27055ea2218f9e9ebfbfad89e7b0293b3f4ef1ec8175e7f32c945,1,1,Plus.xml
-78b114e3756ec21b948939f187308f695fccbaf94f4cc8f588f262d84d44acf5,0,1,PLYmedia.com.xml
-3d08fca17433ab0e7184bb76c5f404e164a09d77c2cb1f2093f7b3d9c6cf823d,1,1,PNC.xml
-ca77e2b2c075769fb2c776c97327a8a6c831244e01334d877779d6f34e0c6df4,0,1,PocketMatrix.com.xml
-de183d823652107d6817148ef14f0624ab67e95e1440808e1f12a41e1d52c324,1,1,Pogo.xml
-865ac521a7afec106bd224887358f9e23d61c993285ec52b7b79a8a58565171a,1,0,Point.im.xml
-82900ee0fbe5e8da617b95011724372fdc7d1a9e68376b6e0b46d6128fc0419c,1,1,Pokemon.com.xml
-5e4613a8d4934b780820038bd26d9e3632dff93efb90d248dcace0ea4bf72d74,1,1,Police_Mutual.xml
-b18aaa63b24e4333450a6523704e29e485506972e8fc4be497e890e79ecef4bf,1,0,PoliceUK.xml
-ed360bd7adf7254dcf2698e30ca35858cbf4cb1e37d305ed814aa2b0781de9c7,0,1,Polisforbundet.se.xml
-8a694f9c1bef8cd1ce70799ac5df18b9394b1745015d1e1158f6dc8a723a7e46,0,1,Political_Wire.com.xml
-43181b1b84a18736b971fd4cf9fbca2035adf94aee0ae9653867e767aa753f82,1,1,PolitiFact.xml
-fd7bac449610576bf5a1d87e2277ca130fc15ad1f557c6eb5679ca615b5ccc30,1,1,Polldaddy.xml
-848cbae8bb8a671970b1bd5597d466ef0342bfa39ab0ebe89e31527cda1eb383,1,1,Polytechnic-University-of-Catalonia.xml
-dd309ed575e2ecbc07475735c3c4f7809acaf572582657ac7537aa116ca38a91,1,0,polyvore.com.xml
-b46978f0c40602b94013fc4a0c72aacf4cb3d7af3c47ea54e3dd4b563634f914,0,1,PopCrunch.com.xml
-62ba89768f63d01a33108d6612b1439a9dc7e1ebace2ce5c57ec7d72d5f7d562,1,1,PopSugar-assets.com.xml
-b9aeb8140b8c5ae9e60adc1f3189a4fcb72bb245869ab5b17b13eb2f42343f4c,1,1,PopSugar.com.xml
-39b3fb002be2f0c21eedeb789fefdd1c97156871429ac6565235eb9132373fe2,0,1,Popular.com.tw.xml
-37875c27e806135f0ac32c517079c7bb99f00e22dc3c2ad828ef0e8455b5d04a,0,1,Popular_Mechanics.com-problematic.xml
-1ca3755dac15857a47afeb3ac8234d1bf0e8095c43772a5151a5c9641ce3ca69,1,1,Popular_Photography.xml
-194c1c4951fa6df2bd486ece185ee8106c0319cc7355fdfe365bee8bd286fe98,1,1,Populis_Engage.com.xml
-e80eec223937d00477f33bea225ad1396cc725ba489e205a3cc07aaeeeced790,0,1,Porlaputa.com.xml
-4acb2c18ff46d235876ac28da274a69fdbf34c411da8503f46594d59b3f88d6d,0,1,Porteus-Kiosk.org.xml
-1f51c92f408edb3aafc43d5be80a659c5df57ef10b9a02f96649458ecdc25f2f,1,1,PortForward.com.xml
-4a41e0b110b0169599c19812065cb38f34e8fb0ab2aacf0937089d1ff9f662c4,1,1,Portland_Mercury.com.xml
-a9497c487231592a8acc567050cf06845efd8df27df3744d693335fb25ae803b,1,1,Portland_State_University.xml
-9d9f29b0e53a626445a096648cce8a40e721bfaf0c3e45b3066f19e78ae9fdf1,0,1,PortMorgan.com.xml
-6b0d7ddf3bdd5ad91f34402c6d3f7f7d0386490d94b03dd8f129412f4e514d20,0,1,Portner_Press.com.au.xml
-a3e9889f1fab89464f2a4ef9b23b21eb9b2a6aeed3b4f6ab8558529e4741a0e5,1,1,POS_Portal.com.xml
-19d456c372cae14406899cbba5abba4c69579ab946d75d80912d6ff588c45182,1,1,PostgreSQL.xml
-291f134543859ee92992b451afa2071cc6380c39e54f763bab95948f81d48090,0,1,Posthaven.com-problematic.xml
-2b0380c97fe0ac0c2108d328fac3d9f3bc16c3f397edda9b1e5e8c49a8e77bd1,1,1,Postlapsaria.xml
-4e5dbe5aef10968d09652fdebf8630baf5f78e41edbdf230238a6a0166985d6e,1,1,Post_Office.xml
-e35657f0aa0e705372342c6752ec5e6066031b10738c8f518a73babdfae1bfe1,1,1,Potager.org.xml
-e699af2a0de904179a543e2cef6b7f805e123404341dbe5e8d78dac3708fc644,0,1,Powerbuy.co.th.xml
-6a46cc87c3f3402eb83b4e1cbef69cebd0aefc4750fbd15d5b07586c56ce9f3b,1,1,Powerhosting.dk.xml
-b689ab0bf3c4612108106e20d8ee8afc95b2459b255b5bafbd243e152e9c0622,1,1,Powerhouse_Museum.com.xml
-d82fa518dafd334d1106c883a691314a2e188b467209396c7dc32e12db7ace88,1,0,PowerShell_Gallery.com.xml
-2a30f5e260bff8373ffe5d690009e39ff598593f90911bf842b7c1973b1502a9,1,0,Power_Speaking.com.xml
-5af0d3449d3939e8524205c2452115b5fb24c3d8a60e44f166539afdd1629fa0,1,1,PowWeb.xml
-e168b54c858e4cec5e942a544bf7028f787812923143341bba305f08f256c7fa,1,1,PPCoin.xml
-b0d4020ae98c0a8792a14d61af286d8da58bdf81adbd1d1e19afc749ef600bc7,0,1,Prad.de.xml
-f18bc789e6e2be483cf21a6e3d87792904f8bf4ddbc6ef59bd608ed84438cc19,1,1,Pragmatic_Marketing.com.xml
-2b40b4e8450bec409fdb41f54f635e7e70f9ade4e37971cb92487b2aeae72499,1,1,PreCharge.net.xml
-810fe9624db6579cb589bc5bf86447dc0bba88983b89c993152fd78554898224,0,1,Pressflex-mismatches.xml
-26ec6458d0c71bf9419469a4ebe2762e81ca89eca106acd1f4a0d9bacfdf0111,1,1,PressPlus.xml
-302da6e9ef8981e7c9fc640d28274768775d2dcf4e6db959d02538d6b7d061ef,1,1,Priceonomics.com.xml
-65f6f65113526347d5525105773a7579d9301a6d87adf13fa18499373b18db13,1,1,PriceRunner.xml
-a1023dd10e11b82db899a2b1cadad54c2f6ac3e51a4e056c58afc1efb67047d7,1,0,Printfection.com.xml
-44b5f33ecdb9f0c492366882955ceb80db6fab8976dcb2946ab853e344c73062,1,0,Prisma-IT.com.xml
-bfc3c3c917777780e10a197d260a120acc3614a32577402968a480fd5b42c106,1,0,privacyintyqcroe.onion.xml
-e0519f9b99fd87886edb3fc154d3fc1bb145333aa536966d417433030cd82eda,0,1,Privacy_Not_Prism.org.xml
-9335d8279c8e6c864c1c38fc7e140fa58be572a28ca0841aa83971d4c3a67260,0,1,Privacyscore.com.xml
-311f5788fc38e8633b10d3864ec787d33d6c7bf84e9a9917c01a78cb48ddcfc5,1,1,Pro_Bike_Kit.xml
-10d5ac3edf7cc569773b8371ceaeeb01c4542035eebda8b9081b42b47e0e7af4,1,1,Process-One.net.xml
-431af17050e405d37c9019bb57c2e8f09692adcab9a1f2d3893cc2567dfd8b52,1,1,Product_Safety.gov.au.xml
-65363f76c540fc9b7840db82c23f305190d9717d9ab3635647e72a9f8e0c3529,1,1,ProductSafetyRecallsAustralia.xml
-f55d12ba30d05c9ba088ec96236232acaf987158f1803c65ca82028f8a71de64,0,1,profesia.sk.xml
-7d0bb1e445127b3cb363d2c68fed4fc72b02ec0b62d2a42a4ea07d00479584c8,1,1,Prolexic.xml
-ed81e7fc8de7196452e9e9c0821196ba5de17d7274df4054ff5bd95800fe2523,0,1,Prolific.com.tw.xml
-f55011e0710b45f52baf018585014c8aa7ee3e0b1b57153b7f85f8082a8a8ece,0,1,Prometheus_Global-problematic.xml
-246a93f2f00b5aefc746d0e660c9d24ed00e877579176df74b4bf35d0f61214f,1,1,Proofpoint.xml
-632de51c809f29f705d7997d3f2b7674ea97aea38bb0678b1de48f0c6cc58bb8,1,1,PropertyInvesting.com.xml
-71f8f356d4fd12cb9d96e54d17f0024a34d8b3a2420045f5a8fa66976ef86572,1,1,ProPublica.org.xml
-34825b9e2d9746c75d16c7309e4313f84a65bf12a2cf2b33e091c74d09248ef8,1,1,Prosystemfx.com.xml
-9160453c23cbeb770466903a505a29052420b516cbb19a4246f079a10e77d731,1,1,Provantage.xml
-1cb843c4e551e1fa8ebdc15a2b493d0153e987fb85724bb426e5bde21ad44634,0,1,Proven_Credible.xml
-ff6cfba26a607be1269e2823c57e5fb5e5c4735d85954762fa935239600e8aed,1,1,ProVenue.net.xml
-19ff2b0b8ddf39a805465bf40819f9da9068dbae2932e8bd54a4c5a7a7a5a622,1,0,provisu.ch.xml
-00e348922788c6e644d51801e5887325fc38759395bdbfe9f9782d6bdb737400,0,1,PrudentBear.xml
-50adf025049aca05b11b491f2b307bf1ecb7a4beaffbf9022f4bdfd30cbe7b2b,0,1,PRV.se.xml
-05c868c1c858abd8e57044f301b234c281562fb4e81b4b95d3102e61e9eae0da,1,1,PRWeb.xml
-f5a7ecd99e9368048750e1de2badf731fd32eb5b21fd471651dd12d33c400e34,1,1,PRX.xml
-7529864ddad3be2820b1392717c117aac200b5cbc51f3233089a2d53cd46e498,0,1,PS3Crunch.xml
-2cb55093e265bb1a2c345613e293ba44500cc31603bd713c6dbe301fde49654b,0,1,Pss.sk.xml
-4165710cf8b6760a43eb078fd0356fe1ef7285687e1c23205c829ab8c0eb8ed0,0,1,PSX-Extreme.xml
-fca579bef6575b699d2f3239f2aa31a80efc1c780a771e3eabdbd3b67d87d594,1,1,PSZAF.xml
-933469a7c612ed85c345b6b85e40ddc0869c4af696fe8fd142568624b55d602b,0,1,P-tano.com.xml
-cfc805519f9d0fdd5d11d39b342c75d6e42a900cc286328efb02b358bbbc8c3a,1,1,Ptpimg.me.xml
-d7154776e888ffc460ac2b6ca7dd308983bdd3a0cd65ad5b84320624acd6e145,1,1,Pubdirecte.com.xml
-810833bdb010d1707fedd1f43e0ba19c69971c8e9d4392bb396e3f757f0e45ee,1,1,PublicCitizen.xml
-83055ef9b302a95dab4a512ce4db64ff78e36c9eceb2902a9fdd1ccf209295a5,0,1,Public-Knowledge.xml
-852468fe12db8c0e0c8e3fdd229d180bd4489a4447e8fe43de6e8cad0bd09c46,1,1,PublicSectorSuperannuationAccumulationPlan.xml
-23a44647cf11328fc8ec23513bdfa9ec5b4f1b9decd9a81450815c7f28ec8e78,1,1,PublicSectorSuperannuationScheme.xml
-2caa8440433b504450c68818dc369cfde301056780069cefc9626beb1afaee23,1,1,Publiekeomroep.nl.xml
-60a22ba8003d4e7d3bf1a9c0dc45895ee4288e30b0e2a6e3e56b09f29a9248b3,1,1,PubNub.xml
-f7e6aec7d24758aea2fab342b5c55455874ed2bf6684a972c6c10033a0a42f70,1,1,Puhkaeestis.ee.xml
-f632d8275a444842292dccb0f595343a6ccfe660b36b20735a54fc6c18ce956a,1,0,puhtml.com.xml
-6587098fca3427a565525e04cd45ce14229ce1b566449f425f9e52b078cb3f07,1,1,Pumo.com.tw-falsemixed.xml
-d9044daa3fa3513400d2990aedc735eceeb815c896b70a96f95d4d79b1c846fd,1,1,Pumo.com.tw.xml
-acd28dcb80d57ad032fa2e32b4154408acff51b7c1e05dab11ca64ec95cb11b8,1,1,Purdue_University.xml
-b6057520488d6305bdb6398f415267cf8feba6274d26eea30399d35a52e778c4,0,1,Pusher.com.xml
-2317a054e72ed73a054c0d1e5c505c7c97ae00d25e29d21227133c03009fa96b,1,1,Pusher.xml
-3c9d06d9ffd5caf007fd991a4ca268b1926234e5dea0ef57ead2e7659476c1ab,1,1,PutLocker.xml
-0c9b2d18c06cc6a3cdf9e3eda7c17efd3932f0a8a10e733cb1e3639b5b367dfc,1,1,QIP.xml
-78ee275f600fe0cc6ca08bde49676513aed08a6f12a2fcf54d052c869ad16e4c,1,1,Qoo10.cn.xml
-79f1b222e500c7165dd88c82e66606279d4408c77dbb1ea93a8ba80ed67f13d3,1,1,Qoo10.com.xml
-de96109bb8138c3932d1def5e147223642ddeff5063f85352049f89b8dbe0d07,1,0,Qrobe.it.xml
-d504299fce0101a535923de9eb5d3f07457141683d375bfb12bf5f7fe0884a61,1,1,Quattroplay.com.xml
-11670da974bdbd3ad8f36d0905cdb3b0a259181f1c2a7082c85c2ba432a1b21b,1,1,Queens_University_Belfast.xml
-2ae041292bca7ebd5b5676a257408e8a2939fe02f95f73acd9d06efdfec45480,1,0,Queer.de.xml
-5058b2dd73026b5888467dc6f0cdcf7e8024d92ddc8d685351be4b1d6ec61559,1,1,QuizAction.de.xml
-4d0a6169323a0ec0a1c485935648058dfacae4fa77af279c293153a83a520b3f,0,1,Quizsnack.com.xml
-b967b81ca4a1fc41bc902c58021ea8f529562d532b2347dfd0470315fdde97bb,1,1,Quora.xml
-78134572161adfaecbfcba6b4bf05bbcf24d0ad58ec347b99f9526dd94032a7e,1,1,R01.xml
-a528fade4ec3280b09242df1f18bf8cf465255be7640d16222810d16da8ca8ff,1,1,RackCDN.com.xml
-d33a01659d482e190a861accaf706b98c369e189547a8ad101db63a85fe18e68,1,0,Rackspace_Cloud.com.xml
-b6b80b8e6effda900873a33d7f0c6865be96761af04446b036a54a44ca6376dc,1,1,Rackspace.com-falsemixed.xml
-2de96c7071367eacdc5e8080355b4ed90690feb25878286f20ebbc18e524a624,1,1,Radical_Designs.xml
-e408f97c754819fa64101412feb9718b316520a601ffa448d5abd67c8a59fbcb,1,1,Radikal.com.tr.xml
-53fa3192655dd12fe95df6e4054378b1aa4cee016141ea5b55ff62a0516a3af1,1,1,Radioleaks.xml
-62cfb3725049ab3b681e9224924540fb6ec9b50600bbe7a5322150895e4ab29f,1,1,Radiological_Society_of_North_America.xml
-38e57a4f0a709af70a0501e083bedc8f72d5b148dab4a3742cfe8ca0f43230c4,1,1,Radio_Woodstock.com.xml
-be7e41eeb775ed3a092eb6caa67dece5052bae12be23f72922421af695d2892c,0,1,RailsConf.com.xml
-55f4964baf295795b80f42cefa274988cb22da02a9760a06a78d6107ab393de2,1,1,RAINN.org.xml
-7a68ddc00697bc7d0b4422a68146bbcca499badafa24994a54de1b6eb906888e,1,1,RaKdigital.xml
-5b516f82635c029d35e6b0a3aec6b385b41d572e5987f9b91aa880f578afaa48,1,1,RamNode.com.xml
-39770eee73097be9257c52d47336b260bfc65aa25d2fbb5919ffbb579b40c664,1,1,RAND.xml
-479d1186013787d5ad5824cdc9301533cb83e4f3c5c43fcaeaf337803bb39d09,1,1,Rantoul_Press.xml
-6820ab945ffd54ae99020d3062ba48f678bdfc42242e90d26cab37120ad201ca,0,1,RapidBuyr-problematic.xml
-b3cb715eac83bcbb6afb997b6c18efe760bc90aef242f1d57a403d457bef9864,1,1,RapidBuyr.xml
-9aac5d3270231d33c21bc9959aad7f193dfc44b9c36e643c45396829531ef2c0,1,0,Rapidgator.net.xml
-44142aac4ef5dd6b468e630fc477057ccdd3d8d4a5ff029c9ed0bdf85255c47e,1,0,rarbg.xml
-b28c129edcb211f427fb481fb7ea2d1984f834dd5a41d7b035c41490c04cdd25,1,1,RatfishOil.com-falsemixed.xml
-c141b46bc6e8bb32c9eb0beb311cff1ff66e003fef23f11d8ae1e23e1a308cb8,1,1,RatfishOil.com.xml
-5c5fb50995421b0bb87a4f58d9c8ffd66a5ea62694117f12aac728f970c3a536,1,1,RaumZeitLabor.de.xml
-a5f312197dfaebed7e4ba8ccf0b32d481943f1f01a13b3050dc70cccad69133e,0,1,Raven_Software.xml
-922398c3843dea87e31afabf326f9cd2447344f6aed0f93514f2c98dbe69c9c8,0,1,Rawnet.com.xml
-96d6931dc7ddc1dfae37303fdb58cd0f855ba02abf08cb981aa1e0823513e9f3,0,1,Rayner-Software.xml
-e2125c4ff7f8379155ae1cbe641d8d42fc62ede1add7edc1abf0d519b28b231d,1,1,Razoo.xml
-1f625b9e5210e4cdaeb0374adefc086916f2485e59f4b862a1c4be2490652773,1,1,Razor_Servers.xml
-f8be2a2667f90decacf4019ad460037617c4a39be2c437395df2448987ca49c9,0,1,RCA.org.xml
-79757f97f7b60f450d8440be0d4280a576539dfc57f392ed11818a03876d208d,0,1,ReachLocal.com.xml
-26f7ebee5d1496c39f57930c112e3e28dd99088d89c265e52efb5a4cc1dfd0fd,1,1,ReactOS.org.xml
-13efbd657c5c64ecbdbee93b603d0bb76368716dff6e66366bc86e60c82235e6,1,1,Readability.com.xml
-e113693a7093f79a8d7f790d4c5f5f7f957e467aeef8a6894f6a67b07f796d72,1,1,Readers_Digest.com.xml
-41653b528d317761c5c16423c2e4d33ea37646cec0801764b40f21cd8d7e7d0c,1,1,ReadRobReid.com.xml
-acf5a59353875766b55b4fff82786b045afce50cd102aecd40a6c45a7813a153,1,0,ReadTheDocs.xml
-3062eef28b7e7c5139893d742c58e9f5311e82b6d822d49da082db570374f0b5,1,1,ReadyHosting.com.xml
-8505d26fe4d69ad974a9ef7d0220858a70a0353a998a8f103389b0dac8f6a721,0,1,RealClearPolitics.com.xml
-65002fb8676849739c54b0dd684aae2e36792c16ab5144b1cde089a6561d2f52,0,1,Realtech_VR.xml
-d02d0ef8d9228fb73ed248df5c49f8e5f4ef408e4cd0442057337d7cc00c8537,1,1,Realtime.co.xml
-175a2519105c6a213529364cc7d07291395b1990d6972eda7a6114333639b0f2,1,1,Rec-log.xml
-be04e4a5c75ce1b4a49738d3a5e13dd52e2b054f0049b56ae3dc5a96cf3e0bf3,1,1,Record-Store-Day.xml
-3d81ab3a1e068cc3e433fb67054d899bfb0de1806dd6a4a04c6960c400ee2403,0,1,Reco.se.xml
-e9fb62effa61feb3005f0865f352c6f471bb6ca0318c690e1fb91c6983e5214e,1,1,RECRegistry.xml
-b436dee831b87aa69cb3b905bcf593cd7e47ed08820189f8974d4a3e00d98bcf,0,1,Red_Bean_Software.xml
-39eff1aef0a36525f9f373d24e20fa4850fff65d2acb945dae316680b84ed334,0,1,Redbox.xml
-60738cb7402596b4df80fcb816ccd0b7201ddfe28519ea5eac14032d977020f0,1,1,Red_Bull_Content_Pool.xml
-358a803e6694670ce113cbe84d04335e6323f745631712ee5c92a2b27b3011c4,1,1,Red_Bull_Media_House.xml
-f5f4e5770ef84894d68b4743033e33f2907eef674a04342f07a6b1e2a6c1cb5f,1,1,Red_Bull_Mobile-falsemixed.xml
-0cf1955ace195c6b0ddc0b5bffed0f41bc193291ea29da0f979575ea65eaf195,1,1,Red_Bull_TV.xml
-d782a5646c87d8158dcba9e72345ff2d288306d579cabd36d16ff1ba3385584a,1,1,Redcats.xml
-def99e9c52843ab97071e7c51143321c1bc97dc6b2395b2619b4f9ff7d197f2e,1,1,Red_Cross.org.xml
-8a9ce238b75007715b95538b35b88e0d8169d1475b57b620e773b70eb86be3c3,0,1,Red.es.xml
-5131e656638f11fb4593a02bb49c601f5bced0eae41d40fa23204eb04587c50d,1,1,Red_Ferret.xml
-3eb21961867734b2a94ad5cf657258520891193e0d3067bb0fb624a4b1a68a18,1,1,RedIRIS.es.xml
-520f55fa37450f41727427b048bfe020b5a1da2fee5f4123e3279c77806aafa8,0,1,Rednerd.com.xml
-f53f48cc8819321f46aed9c297b688b9993d6a9de165e8763d0f37c8ebb26381,1,1,Red-Pill.eu.xml
-022f64e1fd961e6dddd0b67103a9bfb71b2750a20f5f80cdc08c5f3c40d386ad,1,1,RedState.xml
-1bc93887c36392e422e57cf7b8352bd344b1d034cbd78d09da67704520b5ee37,0,1,Reed_Business_Information.xml
-49f413717d683b1902cdc262e5a77d4ac119e9b2c2bd4f19b0139c0298fe0c40,1,1,Reed-Exhibitions.xml
-9367d9ee8b8400372e7835f87118ef96688a260d514b8f8a520517d7eb83f792,1,1,Reef_Builders.xml
-b5b101eca488fc7adebe10a24464658ad959ecb4abeab89e78f1301ae07bd338,1,1,ReelSEO.com.xml
-f67b6b6fb72b8f527e63914337cfb4af1ca315cc6c3000de73b72663e0257c0a,1,1,ReelVidz.com.xml
-0fde1b026ce9f57fe5f54946d80e89bbf4b6493f09229decc85fbfb2430fc674,1,1,Reethi_Beach.com.xml
-2e8b726961855461d27af664aa198af4386e9a61ea1b25ea9e3f97f1618645c2,0,1,RefinedLabs.xml
-0dca7f8db4e1a34403795e066f569135f7b6a690847e640627fbd4cb613d71c4,0,1,Reflex.cz.xml
-ed697b644563bc08f7a64bcb2d4b2d64353594ee7dbb57727ac8ae94403b5dee,1,1,Reformal.xml
-ba5433cc440b527b0ac40a27ca63efa96122103a9bb85d2f90b1bb28c582de62,1,1,Rega.xml
-c74512d5ad6cb05e8d017ffa2610ef5f62f3a5aff3630c7100c0cdf66a7c75a4,1,1,Reg.ru.xml
-5e83188980d3c2b83146dcb31b2d9ae630cf2eb06ef26bd1697234ddb7101112,0,1,Reifman.org.xml
-5d23454687669a3d598689f9418756c861eb66b5cbb714a30247a8fb9f4836a9,1,1,Reimanpub.com.xml
-888ad874942b60996a054e52ce5277cece76bd84e05af6d197f19dc3004870ab,1,1,RE.is.xml
-c3043eb5c205e1fd21c28f12f4069dcd7fad8f3d130f25a52f90be3e6abaefa0,1,0,Relcom.host.xml
-4b05c5b070f01fdc1f28d3a4c0a35e23aa9df4fb04ee079240a766db5db1ce3e,1,1,Religion_News.com.xml
-0d62ce91032aa0e22743e303909eb3373413706cded1921272fd64960c979b52,1,1,RememberTheMilk.xml
-9f6215580d0f68d5a791503d13f1a5de3e4253f8ed4a29cad1cf1d1c7912a6b8,1,1,Reno_Gazette-Journal.xml
-08478a26158e294caed24907e5709a73b5047c7e02a233c59ba375cd81e06608,1,1,Rent_the_Runway.xml
-4694a9c81d65b951a54741e724dcbf6ae71e205fad3f2a1ccf028916a8801eb6,1,1,ReportLab.xml
-5cb0ade0d5d1dc7e4dd1ccc665dfb4c266ada546964c320112cfa58311fadcde,0,1,Repozitar.cz.xml
-df6a1cd7bd092eab928286a2ea29b97e9e2d85f9fc6388079ee843d43b1da80c,1,1,Represent.Us.xml
-88e398ec4597fcd0126db82a9cb9efad999c17cda7de00490943b9ff12551771,1,1,Reputation.com.xml
-97c227a9339f8d2100116d0f78f3795404ff88c9b2af12ba755db9919347253e,0,1,Research-Blogging.xml
-d922f4c00cf45c0402b3cd984a423ae4c8d6ef7dbb9ce8df071542923929f42a,1,1,ResellerRatings.xml
-99c54146351ebc37702c69036a7969daf602f88a46a6659feed01e378049e8ee,1,1,Reservation_Counter.xml
-a9c53c0ba950280c63d2d6998471101d1958e391a7f09492303906f91efb4b88,1,1,Reservation-Desk.com.xml
-1fa6eb86f60348d8030e0e38d7dda49565e349900dab0bf903d26c35807773c0,1,0,Responsys.xml
-a67a18b5bfaa7dba51643416054612adaee639d425a8edf44b58eda19a4427f9,0,1,Retailhosting.fi.xml
-672a32774503073c3a3f1285df5bd70708a580f4d2c28a0251c0d710f23664ce,1,1,Retail-Link.gr.xml
-f3ae0d8caa7ef6fc7eedd81112ae2aced0abb9849739b0f32ad9cfea8b90a8d3,1,1,Revision3.xml
-00acf51b8e95fb8568e1bd246a9339f38f1f950d5b043f1fa28e14ed065ae5a6,1,1,Rfecom.com.xml
-6da80a723a1d1077b1e7a27e1b7cf81d6dc7bd9da2161e9d63fe0c896ae0acb4,1,0,Rfihub.com.xml
-b91a1ce21dbc933f96a58068120bdda50bd0a150db11f1d8be42f6ea85ec0812,1,1,RF_Parts.com.xml
-21643040fe18563efb75dae1348aab27c6d7bcafd9d86669b454959072350177,1,1,RH_Cloud.com.xml
-458526dd2d66909f6257f8880513e449f963626bf7a8ac59850c5f5661194aad,1,1,Rhizome.xml
-ac063b2055bee50d03408a58042831dbed04f36cfe06e464a9ab053b262db8a2,1,1,RHUL.ac.uk.xml
-25155b462d893b369645ad541a0c3da4ac5b6c4052fc36002b54919fd1607808,1,0,RIA.ua.xml
-9e9125cf9d8f5ff4f94224047b66493c65feed4cca9d091b2b419e671e66baaf,0,1,Richard_Dawkins_Foundation-problematic.xml
-715f8d339dd77745daf37065dce3cb3d430573d7b6f1bcbc30b96675fc6ca9b2,1,1,RightScale.com.xml
-ee3295274e717ecaaf0d99b9b99610049b00df35e27bbd1d91b219c65a5be2e9,0,1,Riksgalden.se.xml
-ec0851667677ff8540dd4ea8454573e8d97df70843756980d2f1d6db93586f8b,0,1,RingtoneMatcher.com.xml
-bf59bcd24750fce1e1b920a8626d7ff5fb298dcb0a958e7397f9068f35214f6b,0,1,RISCOS.com.xml
-6e88581ddeba07d75b4981e54492a29299b1f8156fd7ba4e99081b05d53288ff,1,1,River_Island.xml
-cb8b94399027893807adc9cefd84a64463afce56865fbe8a7cc757ceff822488,1,0,rns.online.xml
-1c4ecd5ee6961bc004080667e3b8d84872a002463135edc292ff5bd8faf7d6dd,1,1,RNW.nl.xml
-133294ce743bd36c7b3904c485a88dd7007ceff186ea8b1ade553710a39c0fe4,1,1,Robin_Rabard.xml
-482450f4055a5f8619a8ef1691e4b5ec5b92512f33c7b5e8afd8a616d685df54,1,0,Roblox.xml
-1978095d76ebb339233bac9451b1aca7f3255aaa0ec1eda3a8ea9daf0a80e0fc,1,1,Rock_Creek_Outfitters.xml
-a3f1aab489ec09b4b991b1a42dfd46871d9372f1a529bef1103a6c8717d1673a,0,1,RockstarGames.xml
-130f616ac2efbb8cba01914448ce223537e604cf673fc37e1d2a09cf1d8d7241,1,1,Roe.ch.xml
-393e61fb89e40c646ec71da37210de51852eb2752a1ec8209e70fb6a91b0b2a5,0,1,Roeck-us.net.xml
-435a81f1ab7f49f5a49a16bfab4d5b1f43c4ec9e817e01c308bf5e25633e8cd2,1,1,Roem.ru.xml
-e5deac478ea7e83ca7a4c7b845dd564c9251dd746cd7971279cc1a7f8b3dfe3a,1,1,ROI.ru.xml
-4f5311686f84bb8b3e0a5a9d3ba754641d54e55e83b23f80d371e7da702271d4,1,1,Roku.com.xml
-15fd22478b3ddd570748276ccce4c5a9e76a61ce6d87144c32ac0698d74fa016,1,1,Rolling_Stone.com.xml
-d1b515fa4493b56aa98bc7fda6e2bfcff690ed8d16d9093a80f2be053fd8f860,1,1,Rolling_Stone_Subscriptions.com.xml
-d301808d796f362d956ded340a0b7ad0f0aa188f4d80a7c9f2fa6f86ab4a6644,1,1,Roloil.xml
-5c826733e1a5cf68d3ba88e93c9f33495e92703368a613e87bc714fdeb5de955,1,1,RootBSD.net.xml
-c87744af4d5def5fef8ab80355bb8d7c4cc8133ec9f7aa2a624772c3a73997cc,0,1,Roster-Teeth.xml
-ccbabba764819bd13ef73fc6ffdffdbce63afa730066863a098b3c355bdbf548,1,0,Rother.gov.uk.xml
-f5e35863be73c99b72d562cc0e45705722fc3c6b18a8e3ec0b67e9c16a4ea941,0,1,Roundhouse.xml
-a6f07b425c4a7c8ba2f45dfeaf4255fa8f2265a53a53696445dbba9c6752d8a0,1,1,Royal_Mail_Group.xml
-13e779dd2e174bd59c5618b852074ec9b052d94eb96acd1f767ff2bad95c8b26,1,1,Royal_Mail.xml
-c55d356dc2d403ce15812dd99f885b445f03cad42d0b83778c0dfe75f254495e,0,1,Royal-Society-of-Chemistry-mismatches.xml
-d3ce65bab0d7793ce9fc93156bd88def3be554f17c7a782c9d7b037648c6dd37,1,1,Royal-Society-of-Chemistry.xml
-7c2d3622febefeb76fff99f0bb065042a9900bc2470c7b3353f0869e624914b4,1,1,RRTS.com.xml
-bc80489023f922c3e5bb0a352200e46301242afd3c3c9366f1fb87e218e28fb8,1,1,RSA.xml
-38e182d9a20d3e1d7e7f4e8229a209b0d4c73c76a11d8dc8afc53ce2584a73d5,1,1,RSM_secure.com.xml
-cae95a19f94841750a3ed9dc99916ec18692ec4ee42322135c74775a25f30c6e,0,1,RSSing.com.xml
-f2167cc23e9d326313100d016ebb168ceed861e8a6b07f8a4b86ae3ad66961b7,1,1,RSVP.xml
-56f318ca6b8f5c51699fba8b627ba828470db3e6b712d3b0aa9d4d1cd284b31d,1,1,Rsync.net.xml
-1f87be8d9de10ec8ee2b9e7fcd42f90979adce40fe8997a80f34313423cf3989,1,1,Rsys.net.xml
-2101e5c6efed4ff0ba17ad362d92bc6063140b16c5824a7c947a44378093fea1,1,0,RTEMS.xml
-3b265196f1568487f91bc203fcea005f88de381527e88a4fcc0d73e927c16d33,0,1,RTK.xml
-394c7ab363fe3bf75f17a3c9c601b05ac92d9ea15479149b6a00b0bbf3a43795,1,0,RTP.vc.xml
-eae3fbc7bf04ad2098b7d4f58372692b54f160c5903a53404535707844706b02,0,1,ruag.xml
-64e4602b0f4e073c32a0e831ca509066a33948d7ff879a84e640b88b86b829ef,1,1,RUDI.net.xml
-2321ecc3aded3835fcba2f4229ea020963e1b4aa5ad813e1219d670cb923e69d,0,1,Rue_La_La.com.xml
-135a7460acbb6f1402ff7a60ef7c1602e91a2ba838d16daeef62b558845c8230,0,1,RU-Golos.xml
-baa1f252920fe202d06adf87a756621b3c98bfc56cad2bfb6ce10c7af796a9a8,1,1,RugStudio.xml
-e071d5e6d188b0477ac02337403602d68e6b548c5f0173c6a1687748169e1cca,1,0,ruptureit.com.xml
-268d863dd6ffa69f7bb31169fdd2c1e5f30b100c2272b8b572ce5e32392a8449,1,1,Russia.ru.xml
-148588675e66210914e28a86d10c5f27b71a78517d06a70c423cbdab87bcd083,1,1,Rutgers_University.xml
-8d13b2ab9a579065e2dcb65201ac8e2985f1c7733f45d612b80a0401e553d4a9,1,1,Ryanair.com.xml
-65bf378e57ce4f358c039824abb7a7fa26b1022a74ff9eafb7567274d4334c68,1,0,Sabnzbd.xml
-eb4b298e2328c9d3af283306b797b4e07e194584efce78f97c84b249f9339c8f,0,1,Sacred_Crystal_Singing_Bowls.net.xml
-d801e51a50153a2119eedcdced489f520458e20b870d160379489582320da934,0,1,Sac.se.xml
-10f98eee68097e6dc070f54588fb589bf4297dbb844e29f9b538977ef278887c,1,1,Saga-Group.xml
-bc98665967f7c0e25a2565abe90d863d8c33275c5d8f4068f7280d8415930a65,1,1,Sage.xml
-8ea654177b45b0907f63613a7f7a7ff5beea606fb948cbf52b0c513195bb051e,0,1,SAIC.com.xml
-f63a6ea74e32500fa23e7e6c33d5b88cf6e5055f226cf73fae995bb6ca13f268,1,1,SailfishOS.org.xml
-3e283d9ffab44db4b1e454079b16b0106309794cedef15c988884f436e6e3bd3,1,1,Sailthru-Horizon.xml
-48ab8cda95a96123caac4761f3330eae482905dcf00bf964117fccc6f76a9389,1,0,saintcon.org.xml
-9753141c4b315466fcf1676d6596c79059901e009633b0ed59b2241cc6a3cba4,1,1,SaleCycle.xml
-a67b67cba419c9c60f5af4693ade3ab0f4dcb71c0447e14eeccf5d9f8ccce305,1,1,Salesforce.com.xml
-70625d04b2bfb69c56b1dc93d19eed236e18e861c8d0134b164f8a348ade9116,1,1,Salesforce_Live_Agent.com.xml
-223be5286839874afef4638f6b87c51f4cb2d2ecc551bf4e994ba0a022b78fd1,1,1,Salsa-Labs.xml
-75108b7344354283a053208b4b002cfb64ca61e7a0fa3ac8932dae09d438e700,1,1,SAMBA.xml
-4fe8a655c2e05111677d094899b626987d18679aad18ffd1e17ea5447c3818fe,1,1,Sam_Harris.org.xml
-01dba19f9f9788ae453c69f33547f44f9ce790306025dca03d3a164d40a62dd6,1,0,Sam_Whited.com.xml
-483717975adf1fd493dfac11a3e80e12decb594dfb2f9eae941c55ba1264baaf,1,1,Sanalika.xml
-14b6b1c17986ddec66b196acfb515220845321dc72e60fac397b930ceb964917,1,1,San_Francisco_Marathon.xml
-d7f1369b6839df22fbb3576e521a3ec88864a035b188488731f4f1a1c5607a0a,1,1,Sankaty_Advisors.xml
-68289a8f6aa333ed77cd20e6c71c249aae478b04581bd9b94d07572257287bdb,0,1,Santa_Clara_University-problematic.xml
-d6d63b4167f0c17262f7eae3dd84693b68a3caa00feb09bdcd547af74bce75da,1,1,Santa_Clara_University.xml
-1daafae19033dae9cba707a24a15543422ab28ca5271ab1ca7ac17fb9874a6f6,1,0,Santander_BillPayment.co.uk.xml
-e528e24518c3a4fdd013118b9388faf754c8ff65ddb0ff972871d046065998b2,1,1,Sapato.xml
-10dddb4466cc962eaca360f047e7c9b153d4ceaec7caa21507f9327a4d6e94c2,1,1,Sape.xml
-1d4010dfa8dd5170542627798099f6ec4cb72d00bcf97f44fbeaeab4ebae1fde,1,1,Sarenza.xml
-b52b0ddba9698cb1e97744d5ef0dfb71ea5119b8986d1ae92fb430afbc3d3b42,0,1,Saurik.xml
-e52ec5b1932e746c036fe7a72538a8954be45621d516444cf4958671d1b7d805,0,1,Save_the_Children.org.uk-falsemixed.xml
-5a0c30080e411f8991edd2676b22684c6da570733fa7d81940b6c13a0b41b2ba,1,1,Save_the_Children.org.uk.xml
-5bfb16c2cce8680768c1e2d4499f24736825e0ba573cfba364b327748d133744,0,1,SB-Innovation.de.xml
-7387ea4c591d310a85c46831a13948c324f3026eb223185f34593b68359f03f0,1,1,Scanadu.com.xml
-da820e29c3c3739b63680876d982384c0e0bfaf46951c319b2e26806cb55be3b,1,1,Scania.xml
-26c41f1beb070887277febb9c002eec5f1824184016b8096316aa592b2d2cae2,0,1,SC.edu.xml
-38fcd3c77ef8529bfa24f39ca1a3031094574f86ec150997c16494f79bec85b2,0,1,Sceper.xml
-b7953290b4b5d45f612798a07c12362d172fbe10c7dcdd5c76318faabe9f81d9,1,1,Sched.org.xml
-8d31291b938ff81cd0e8f7ca0e8dd487ae4c224fee199cb922802fba33880d67,1,1,Schetu.net.xml
-aeb87d5cbf77f76e1e013b3f5a7ebd0809f26fa074080f5eac5a66127a7d13e0,1,1,Schibsted.xml
-979e440e028b0f6784865012f67f4fa6d947abbd1d1501e74d30a1fdc1ec8c69,1,1,Schlossberg_Store.xml
-26869a9d99c74c39e56b00301496099ec561255b0b69c49662e33fbf0b348b0a,1,1,Schneider-Electric.com.xml
-d4b3e1cd81bbf83fb126391a949fc64451f079d3c6c71683fac08b3972b86311,0,1,Schneider-Kreuznach-mismatches.xml
-eec14fa49b2eb3ca3cba02c29f921c816f1c59ec37ad0fcf64a2a03c1a79c219,0,1,SchoolLoop.xml
-b820ef0ca9ed892e54ecba43ca9744e3eaa8828238b13d527438029e749de50a,0,1,Schulte.org.xml
-25933077b070dbd4c7fda6d88421b3982c3457ea5b5f008aba6043900f07ca1b,0,1,Schwab_Plan.com.xml
-1003ef16bddb7ae96152b0fcb50ec0dd943917ec265fc5191f12b0c3c2fc37dc,1,1,Scoop.it.xml
-648bca2cf9de8921e93ab3cdc73e3b84fbd962af85e0c9f0547cf790dc625759,0,1,Scottlinux.com.xml
-69e1437f87a72fb32ac0583f1109659ab8ffd8795fb2d2e5880523d4c25930f0,0,1,Screen_International.xml
-78be6deb276806cd5ebb6953953297c789a83e254fef202137f493dc8bb93ae1,0,1,Screen-It.xml
-d06c01b8882b8f674d8cc10791d7b535ccf61c67091e253b3df40dcb03c872fa,1,1,Scribd.com.xml
-bd4374a901260cd4a63f44d11b6f1048ad380d5925d92b90a7eaaa83337a22dd,1,1,Scribit.xml
-793c02ae066b179d7011e2dce5579d2b6a5269ab7937925a7c94b92090fad50c,1,1,Scribol.xml
-908dead9cb9b4e421cf9a97d75b732af29814249060e0f1749c52742b732029d,0,1,Scripting-News.xml
-a1db6659789650d6aaea4817d02852a738dc46925e02c225db6306765ddd257d,1,1,ScriptSource.xml
-fb0037642b36cfc3cf0a9262ad622d08b497f5837f2bb2d4514eb4241214e62e,0,1,Scsstatic.ch.xml
-bfe859693482c899676018d969664e82a033df4eb41f6ac81534dbae7d5096cc,1,1,Scubbly.xml
-f9d6bcf44dbcc10b354910f43ace3fb992ad105f9743b1db2855084e40ffaf1a,1,1,Sculpteo.com.xml
-32e7fe0659f10a07ddd9e79c4451377d2794f8c90d679e5e12771ce7f39a24f1,0,1,Sdlcdn.com.xml
-fd71c353d28fceb8b115719e83bc37fc7f717fa194e03d48d2cabacc00fdcd29,1,1,SDSU.edu.xml
-2006782a2d8e1e624b4bb2de5dd7b71127a36079937f0225de4ca18017d3c6f6,0,1,Sealed_Abstract.com.xml
-a72eadb29ac48aacf0a5061a3796f94df5f1b7f5a2663a192baccdde97ef757e,1,1,Searchmarketing.com.xml
-54ddc0c71bfceb9e4d8b41198da88bf0cdd4dbf92bfe8635c398204f8c188847,1,1,Sears.com.xml
-b47e3b0004ed2b922443aa48b3dca1012843ed67610e4f15f881dc0b5d8494a3,1,0,SeaShepherd.org.xml
-6835368660d2c2932d163024a8da85984bcaf646184f5eacd658c0fb52a62c5c,1,1,Seattle_Technical_Books.com.xml
-0e8e772f5af7e798a343bc7ffc07367d78688f53fc2b361b9b6f574c3f9bf55f,0,1,Secret-Maryo-Chronicles.xml
-31907b29c65f95dd9b5c236415e2871f016ad5406d1b0ccac0eaaa02c03d0793,1,1,Secunet.xml
-cc8342bcc4c3c676b7bd0cc012b441d3d9c4a7fabfab9b25a8d8146963b4a738,1,1,Secunia.xml
-33814228cd58cf773562cb2b4cca1385b282847778045dec33b0469b1f1ef33b,1,0,Secure-donor.com.xml
-f7fcc791da39508c7c2f62ccd71aac9c7e345b35bb825469e3bf31fc51fb1fcb,0,1,Secure_in_the_Circle.xml
-fb80a2a8a1de294899f5a0615851aa20d733698590215f4fa5306b9786ecebe9,1,1,Secure-payment-processing.com.xml
-9525a6188a7e9f5b3c1c275dd102918e5bf2e0be9561ce805c76515560e3686b,1,1,Securepicssl.com.xml
-e90bb893efdea1ec9c5bb9495ee3f16b99b88f068d8ebbe8577bb184967d07aa,1,1,Secure-secure.co.uk.xml
-5168a7a30822faffc7e43d14f7f2914acefdd418f2e49375600c5efe60117cb9,1,1,Secure-zone.net.xml
-6b20be37aeafe97b9c0449d7815f06e73d80c685be3fad2d6d6a97ef625f3727,1,0,Secusmart.xml
-28bdc6b9c0d2041fc5fca0b87c6c88e524efc63ecf62bb07c9433ee7fca42194,1,1,See-Group.xml
-016140d2cd3e7f46335c1e8c10c52d963c71a2c4cfcf2c5de0773d0304ee8b84,1,1,Seguros_Universales.xml
-3499fe01409a66db98d6762ccf5048da5b2f2b00f05309cba4dd609665103886,1,1,Selfhost.de.xml
-ac1ed464f262ef1a7c52301ab0d83ee2ca7d7679c0b13bc74d22998f76370845,1,1,SemiAccurate.xml
-1b9f7a18950ecc433514f5008b5331d4f139ce0db817e521c01640ec80e8f997,0,1,SendPepper.com.xml
-58cef17a92f366b7e1cde56909c647d27ff2ee35518214d71701a8d109673e17,0,1,Seonet-Multimedia.xml
-d871287827ed10bf530370fb95f6e2cc1c4a83f33207d1c7cf0c5a7b6a1e32d0,0,1,Sequanux.org.xml
-36ba74f8a65f050fcebd3bbbbbbc98e68a75a411b050d1e81edcf201edf4ccb6,1,1,Serato.com.xml
-cd05db84988daea1c881dee30b0b7740466add73e1bf1be3dd44496cdb2a48fe,1,0,Serienjunkies.de.xml
-80c5c466f3a3270fdd5ba6db7c396b72da465108aecb6df2287271ced2e64e96,1,1,Server314.com.xml
-812db0b2551534929fc4781c2c823d559047c287e7f840ac2e71bad9b7abe1fe,1,1,ServerCrate.com.xml
-e6ef39254b78f986f8a493f1193e680946b392769ca04089330fbdbc01eab49d,1,1,ServerExpress.co.il.xml
-a2ba3422fb880b78a61c81716398b2797cabd5f6f65bc83d4450238081bc6aa0,1,1,Server_Express.xml
-61ec565235a014eb7654f46b6ecfb587d8860b2cd2887b24c493836f6247484d,1,1,ServiceTick.com.xml
-fc3deb7ca3952c3742f2df096a9fae08831c7795b64d08f4f8e529983ad12581,1,0,SEScoops.xml
-26f40a260a0fba7f9b4581f77eae1a63a5bca7792d7a5e578ebe2ae9a64cdbf0,0,1,SEstatic.fi.xml
-d81422829b52421b14bfca59b79fb365db842a0b397034e091479e98b3b20992,1,1,Sferra.xml
-918a1e0571e6f44defc2bf02af57fbf8810a3d199b9c410689c99fad66b3f10b,1,1,SFM-Group.xml
-90e39924d85b911e9ab7c92ec676692a6f3cc4253ed1c5cd48ac62b788bd4d08,0,1,SF.se.xml
-b1ddc8eafc9185d502e8c25fa3239d0ece0bf86bf9dcf471af0dd11ffb792f4a,1,1,SGNO.org.xml
-c63ba028a20f75448202f03fb3e41640315b2ed13e1688c1d3de758805546912,1,1,sharetobuy.com.xml
-52619008e0a398517bd3ed4b130df71beda4b92d61fc2261ebbcb4a4d9489a83,1,0,Shaw.ca.xml
-7da57b9006c6ffa8d0b351327d1fe45ebf7c956d087d4428afe41f92f6525389,1,1,Sheet-Music-Plus.xml
-0d2c3ddd439373407efc3cbc24b6fd7ec6da6563499498590e742b02d87a3fbf,1,1,SheVibe.com.xml
-e09cb7f8a0963b23e365c3866d3955ff243c34f81b4333e67b5b574833b4a0c7,1,1,Shipto.com.xml
-0ebfb123ecc0a797ffba53b2ed5e7a7a9def6cefd840ab6e9cadf49d77199d6c,1,1,SHld.net.xml
-29da94b661c0ec149cc098fc4f9c75c98bff787cf4b996d572c6321f7e2114d8,1,1,Shmoop.com.xml
-70c2e8ce0b946c9232e77e2bb98a3d51f882260294be0a2f2354c687fd6f7dd2,1,1,Shock_Media.nl.xml
-be10ed26c4dd7232d2380a060e9c232e43fb567bf291f524c4e581b4925da5f3,1,1,ShopCo.com.xml
-faf5c3a2ef00844a11a4fcae50f0b1c010bef569cd59f6458c17223b0306297f,1,1,Shopinfo.net.xml
-d4503d3f06952327bd9c9552907ef2313bc6d29c108b6253a7a08bf1fef1b3ab,1,1,ShopLocal.xml
-d651e9791352d0487ad06bac798a6665a3148331d2404a6dc37366e44e92af87,1,1,ShopMania.xml
-be7b8010946b7507599c364d23a08acc86e603da4edebb7170bc0f355e719c90,1,1,Shopping.com.xml
-7f43dba8179391649e4b3e8121372e07d1035d29e2fa636f238b0c3470cda162,0,1,Shoppingshadow.com.xml
-d872ed802d9b549e860aab8bb78c8b54f3d1b801090cb77fcdec3e3100f092ae,1,1,Shoptiques.com.xml
-0dc10520e0aa53e2960a1efa33c61abd0e7dec6d72e7bcabefc5c0ff7376e807,1,1,Shopware.de.xml
-f30aca861916483333aee8f04079946c2d04e333081088438b4079d39736e621,1,1,ShopWiki.xml
-278c389123acf69565e494a9910ec501d4c6f9ec22efce8aae9b8b5972359de3,1,1,Shop_Your_Way.com.xml
-5e77585db1f9cc625d221191bebd1a5529553804a196f0ce02cb4c0491ecf57b,1,1,Shorty_Awards.com.xml
-6392a77acaf6437e67b6a383c750a729226e61fd0d2ac2713ba968ab0cf0524d,0,1,Showcase.ca-problematic.xml
-7d59c151c428de88652c9856b90d200a107f942999539370bdd1b9f77bcfbf37,1,1,Showing_Cloud.com.xml
-bff8c34d08e21b8eac44b98294a00fe95b54fa4a06104172f6c4931ec7e13627,1,1,ShowMeCon.com.xml
-b9746912eda090240cae1148d66f3a8fbe40ccb0feb0831a868e5b20a7481378,1,0,Shpock.xml
-17d8e1cd7f7e79152b5482c90e28f14bb732d4e3b6e09240171fb7fa0c47c5cd,0,1,SH.se.xml
-e288931dca09be06dde50e2e7e88361e0b3f3a3fd70882d39142d93104d1dd4e,1,1,Shurgard.xml
-9c9167d6a433c5c4c16b5b968040168b122215635d360c94bc5ccce867d8638c,1,1,Shutterfly.xml
-893a6bf3dcbf71cf5e4f1ae4288f7303f13681b9812f5055a788e7acb879f173,1,1,Shutterstock.xml
-c2bdeaa9210ade411015be525d562ea16bedd70da5897af9d239278aa0ca8ae7,0,1,Sickbits.net.xml
-acafdedb2df04d3278f3058d9be43aec8127024a12e89b7cc1d03f54b0b19f95,0,1,SICS.se.xml
-4b189e0297eca742379d06edfd7c888b4dbe2e61ab4382ee551273f56789fd1d,0,1,Sidearm_Sports-problematic.xml
-669f2a6082ea886ed609297ae811da92a2644d3005d22301b01c388515fe9c32,1,1,SideReel.xml
-991b526f8347cc2655f4b38ab4579c1ceab9708768f98fb8bfcd68361001b7c1,0,1,Sieciovo.pl.xml
-a9836e0d2c8ff7572aa8d363270cad70924ac622587ce84f202943f3d647a4e3,0,1,SIFF.xml
-644bb5b151de6fc4b15572be1988b7a7e01356e4969423d79c44c4e6737d78fe,1,1,SigFig.xml
-986bff28cf20c7a981f4f7cbccbd178b9cf3500d1b86dfd46726f50ac739243c,0,1,Siggraph.org.xml
-fe356405a24e79d3823307bc7518ceca3a65b4b0a9f94f00e4fc0a2d1e040e63,1,1,Signals.xml
-c6231d1db4ffe805ac881cf622bc409747a3a6be51cf6effdc071baf5b6324aa,0,1,Silicon-Labs.xml
-d2125a37bed62edb1f8834b4f89c3c735007b7b870595115c0a44a2c2bfccdbf,0,1,SIL_International-problematic.xml
-11386ae96a8d6499f2c55fa8307ef60e8b9b1e77976aca74f1f746de55d9b083,1,1,SIL-International.xml
-8b970f7899654c140d3614f8986b53ad4ccaa767df5fbef89ff59a31e07429ab,1,1,Silkroad_WS.xml
-e6fe519fb7cfb9e096c6fd81d6b248a401d3bc05e87054a63e10848e60d71ca2,1,1,Silobreaker.xml
-b3a7c4808e8e908fdc88b83b785434221414dd3d77ed4b0983647f3684647803,0,1,Silverflint.xml
-a49bac6e453d1a6b8658c5d09eb247a7201c2faf23ea278ff090f32c54f237ae,1,1,Sim_City.com.xml
-d7dbe998551244001c5fa297a7ce58839135045a3ca8288f7eb21e696cfa296c,1,1,SimFlight.xml
-9c6b97f93cdda86aa2d39ebd6fe5db76c601aba1050ed094c4c8a940e753f3c7,0,1,Simmtester.com.xml
-f0bb3a7abc4a6cd556969d6a151e19d22c3c36cbd391ae059e2ac162fcbae68e,1,1,Simosnap.com.xml
-38efd0e81710a352219d2237161c5d0ed645f65fe77fc3cfea190557233de483,1,0,Simplekb.com.xml
-2adaaaa6f35e60652acc4c341f34ff8e7c9e1875d2a8114dba48a64932acf34c,1,1,SimpleReach.com.xml
-68aa39cfd4b062c20ea2e1bfba9fd71f4fffc47e1ae934649137626e113e2014,1,1,Simply-Stamps.xml
-942113027bde669125efea9cf0af192443b885277a43ee9f90e9e091d1f92031,0,1,Sim-technik.de.xml
-1be06f2f09df6998fcb50fe266e0b7d879c54044a7a0dcebdb21aed05d1a251d,1,1,Simyo.xml
-afab1e82bc1c116a61d6c7f40b47b4cc1043ebc2ce969d1a3ea70cb673da5597,1,1,Sinefa.com.xml
-771bad8f3383d191bb74b2a525477e78420b8b19b17850a3a51b1a24973302ef,1,1,Singlefeed.xml
-4831d72c4a1921ba81961a3a46e7464bd14d1c94346549abd74d897cbb0a37a8,1,1,Singularity_Hub.xml
-e98874923aaf25fe0de0e60028227e91eeab0edd00d0aedd5b83327c2d50c31f,1,1,Sinica.edu.tw.xml
-b05ab2299cf4a3552b415ad2bc8898d5e257d28a0e9e38a13402447f5de540ac,0,1,Sinoptik.ua.xml
-2f477e70c52c5626a19d5e6fe1edaf4f4708a9c4068bac811cb6b68c34ad4e21,1,1,Sirportly.xml
-ec5ec3032ad870e33ed2aee54e56fc4ddf43e6c2d0842f5b29530fd378212056,0,1,SI.se.xml
-18fca85374104c3c57f5c8d3a82fe19eb00812b410016d9b5c73a8ee8c0e9063,1,1,Site5.xml
-438ffbfcffbe33803fe8586c0df414fda6a95e54b3b0a5c7a11f3c4d7881b426,1,1,Site_Blindado.xml
-239511aea016e2100b8b88f9afc63f52439c61aac67295ce2055c4945505a27e,1,1,Sitefinity.com.xml
-49cb9933bfe48be26b4838aabacb7026024ee2fa0ed28f3484ed76a96622ce99,1,1,Sitemason.xml
-e7d1ee6d42c793f1ffbf240274c7d7b096831967b41b575bce6593757c287b0c,1,1,Sitemeter.xml
-1f1e6c361c6ad504b740df7437665827bfa88e9464b4dc1ab0ec9a2acd8d376f,1,1,Siteor.xml
-0d95e0a127a7b1b2b0d12711535af57a7dfda8becd7ea102cfd4c91ed58aa66f,1,1,SitePen.com.xml
-6c947fcbc29609bdf91af629852af3dae2317fd23aa7941c65f4ad36b985e3de,1,1,SJ.se.xml
-0a48115cb03ef57a2671772bb06ca76cce108021771e60f0a43e2fbb22a1dc3e,0,1,Skandia.se.xml
-947bbb082ae9c5e81c647914275acedd8ed8fc609716d4ee44119e53e160160d,1,1,SkateMall.xml
-d972951be8af16d4e250056f05a7f4a6e7f123ed0a06b56e879234a2be8a991a,0,1,Skatteministeriet.xml
-befca524a909c8e7e9dcd2f75207590d63474b0865489ceaedb792a4419bc18a,0,1,Skch.me.xml
-20765e85d2fd18909d94526931d694b90b3bc05c6fbc5f5aed8f60ba92192366,0,1,Skillclub.com.xml
-4bb6314e9db02ff92aea2ef82727681c4bb079a4b9c29a8eff82b93e15866106,1,1,Skitch.xml
-b18695709bb1eee1cd6c29b924c9367351e4033f9f70b829b58820f7971d762a,1,1,SKNVibes.xml
-176505bc694962eb998f1de1ba452dbc98547266a6cfdd3e8d32c7e43bd08c55,1,1,Skreened.com.xml
-33508243de3dc70539bd595467320f01abf4dd5aa4261ed323fac06ae7c07ae5,1,1,Skroutz.gr.xml
-25157ef56d915eaaefa9f17ad1029535a8613503384273b5d65958dc73d126cb,1,1,Skydsl.eu.xml
-b6e69a65826e62e9a1cbaa20cd6ffb07fbadb650c80b03b1ef0ae768e2f628b7,0,1,Sky_News.Au.xml
-6fdaef17af1ea6490386e9a69d35056586c989cc0efb6ead360199c827556678,0,1,Slac.com.xml
-1613036e5a0687ff4af8fb97b3636dc47fe9cce73cc1e4fc8ac1de9d72c5e182,0,1,Sleviste.cz.xml
-7203257ff65c870f2699be86502bd2fa626bb190219dea6f9b2341f18b86e133,1,1,Slickdeals.xml
-f09f4e1fa797d89d9fded19d8860ca5657f9db89f488eb37b22aa65d09108f05,0,1,SlipFire.xml
-cd71aea85aa03c0248d8d701f65addf30f688b6b6db34571b13a7a02d50b022b,0,1,SliTaz.org.xml
-1ff601d9c6793cfd0173c3c5d3c070cf48ad8e661ea28e18658c35214f8a0bc5,1,1,Sloan_Consortium.xml
-7694aae9b96d3499bd5a004bcdb36287cf90773cf7ffd2f9a653576c28ab3417,1,1,SLOOH.xml
-8b5991e95bfde9024ae6045f915d2b5d081583abc5876d51c11efe8184570090,1,1,SlovenskaSporitelna.xml
-c39e9beea53bf1895ee161b25b0823f6b832200e1102f9064a0678835d6ff805,1,0,smart-DSL.xml
-410889ed15ac9076ccc7d2c95a80e3c71b12fb441d3c2909b41ca6ca149ca9d3,0,1,Smartling-problematic.xml
-b31dd4575b41f628862708e9c5a768247f6feab15645af1269bda5fc2e5817b9,1,1,Smartling.xml
-7f663ac26ff264199574abc4829da5786a5e97d828ebe1bab77b818ff6a00199,1,1,Smartphone_Experts.xml
-4be3f8e4caf2704e57b939bd74385ddda2f0fb979fb5af89634bdd72509beb4d,1,1,SmartRecruiters.com.xml
-e078c3024d3b5529f4c294f0e39ad9d4ba97cfb5229c0101d6107900d6ffc349,0,1,Smdg.ca.xml
-569936ce41440e853be11ecde95efbdbf9c9f7dbaf90181ee859f74970c5c322,1,1,SMF_for_Free.xml
-07737e4c4fe88850df4babad790e1d82ee39a0d3055511782be89bb54c85ebd7,0,1,Smith_Monitoring.com.xml
-0bcf0fbf67721c2842b061aa1fe6c94338394637e726ba0268acd5e7690b6a70,0,1,Smjg.xml
-7c3c25c9b51eefd062d159e28cfe427e98af331ab05fdc4d46ffb1169e45375d,1,1,Smowtion.xml
-a68e51f185e02cab3123b408b3ad7b4849ff4a2e0db98c8c0194d352c725c55b,0,1,SnackTools.com.xml
-368d7e67d2755bd816d3d9a15930fed3a5445200577effa10f2a1e12dd9e5237,1,1,Snagajob.xml
-f427d8fbc6b8bf77dc8605104bdf8e27ee06eede543ced548f23f22aae1441de,1,1,Snapdeal.com.xml
-b34278b513f81f664edd8653f1bb73fb84209a9625949fcf84364b1dfc0ae9f9,1,1,Snatchly.xml
-24b42f8ce479698fbd81d426abbea3be8b5913ccd9ff53b61660f0c49bb66c7e,1,1,SNCB.xml
-3b7f69aaa1c762b112ba9fd30146ba841bd92a50dc25a3849a17a3bb5c9ad048,0,1,Snow_Magazine.xml
-444c21385a86d34daa2b74872456cfa5914e7a7f3833bd5ce212611f068c117e,1,0,so36.net.xml
-7bfa8ba2d7daded6d4e0055295e3931b0d226f507238fb1ace2be11611936ca0,1,1,SoCal_Linux_Expo.org.xml
-5bf36d6e7610b62e0d338fb24373da34fb83d0882ca9eb1aca333ed563a3c82a,0,1,SoccerWave_UK.com.xml
-6247ade57de33a90ef47bd3f3700f4579946fd7ec77f63cd5191d8d2b72e4431,1,1,Socialbakers.xml
-591ee3bfe6b2d0c5c3cf6363267329c82a8838ce5cae5f470214191b865d3431,0,1,Society-for-Technical-Communication.xml
-1704dd273006545bd23e5c0a4a1f7f0cdd4b8ac4aae59268afd81190441f74a3,0,1,Society-of-Light-and-Lighting.xml
-dbfbc5e95c59ca8f5a6817ed26888960e39498fb14738f2ac049c176a530c2d3,0,1,SockShare.com-problematic.xml
-49210ac2c7f23d1ec5bdff953d0b1d716568c2c5b26f78b9385dfa830f0cd91f,0,1,SoftLayer-mismatches.xml
-55a4d4cf5f34e4628304df22b8bb098a52f3828e43b2ad6efed87c95d76bfa01,0,1,Software-in-the-Public-Interest.xml
-24f2f18c8774e7336eb85a921d919a8fb4cfa53eb88f19aeecaadac46b8be159,0,1,SoFurry.xml
-ad360d4d5b2044dcbb786ca8fa222a8afa781a62f25db20a5f15fe4fa27a60b0,1,1,Solarbotics.com.xml
-bd537b9721c863fed02d90b71128900946f448013e0d1810e1c57d495f466f55,1,1,SolarCity.xml
-4558772a9ec991bbc170faa5c1653494329c3bbc55539c8c467049646b3b5733,1,1,Solid_Cactus.xml
-81582b8a8f659af0e041168acd9fda4d96c18f33acf41defb4bc714f80fd94e3,1,0,Sonatype.com.xml
-ea23e5837831b8e22bf6fd56db158686abcc8d13df4a37f020b30966205a9048,0,1,SongColeta.com.xml
-341c81c94739a10d3f04db7a1e9772379e51888a11353fdc3cabd0d04cfeb476,1,1,Songsterr.com.xml
-b5fef9d252b9d468bb4a06cb784eb0689306edb43caf7f52fa0924fb9124a51c,1,1,Sonic.net.xml
-230faec861b0025bce390a56187b04f3f5ef65394a69cdd069cf9a12679ec3df,1,1,SonicWALL.xml
-6766c32a439f111909c94b0b5163ba1e366876e90ce629e2df21a22cd9fcf582,1,1,Sonnet_Tech.com.xml
-bf0300e1945b14a33128707161ddd15d8744caac395131caebb69d6388005502,1,1,Sonos.com.xml
-f6596e850c1c453085e611473b2611a58f4146e6b34cc4264189a66a0e373e18,1,1,SotT.net.xml
-f141656339ca12f96352ed3819bbbbb35311d5bd2e0d452076254e352d9ff7b3,0,1,Sound_on_Sight.org.xml
-332bd57c7b60f5d23b775ce135ca931d9d5c37508ac7295cc655e0f90f5b0f37,1,1,Sounds-True.xml
-59cfd7776a8d4bce0bd6e2645e2c76d072a8ff62b965aa2999fea197c839f393,0,1,SoundViz.com.xml
-b92e96074327a0dcca5d00643ed1fd4a4e5cc464d810283d4c9e9295a3eb5190,1,1,SourceCoast.xml
-2f8e9d7d6aca7de5ec1b5688166de01b60e3ecafcd0bc3d73fe9dbc984df7dd1,0,1,SourceFed.xml
-49a79924cc9483c9d8b326a1493ea9604d7dd7101e58811cdde9465fd6a9ab7f,1,0,SourceForge.net.xml
-ee75312d7a227efc1996e38f741324c0223b6cd8228f18796f92a93808376065,0,1,Southwest-Research-Institute.xml
-749014fb456fade94fe8410d634d2c35faaa2ac81a812a1743cb742e7fd1ef41,1,1,Sozialdemokratische_Partei_Deutschlands.xml
-8f78212ef19628124bb5ad477f507ed626f454854b499a189e8efb0187912c4a,1,1,Space2u.xml
-e962efd4e859976b3ad130f332a2da31aabdae922174ff4cff7dee7360a0484d,0,1,Space_Launch_Report.com.xml
-4f5afd28fc7b6c403dda9c120786dcc43c37fab22b1c9c9c36edeba5b15b5704,0,1,SPajIT.xml
-018fd6c1ea9077a236d9bb1f7fc10af3b335b662de27731d5d2432ce47859d3b,0,1,S-pankki.xml
-0246b709c13f24606600678c52b51ff35c7a73d78bb08e3edfb248a76d863a27,1,1,Sparx_Trading.com-falsemixed.xml
-6b81a9de20423f8a2888e56ce73a7d92a425602713d857ce4e70d72a073ddd7a,1,1,Sparx_Trading.com.xml
-d2a6a9cd4875bfe1265795c63f0c0c9144571c1debe74ba0bf76f4a1151bcfe1,1,1,SpatialBuzz.com.xml
-27dd7d2747a44908e31a333cd79a06d9824e99c5b9cdb239f6073da104e30b41,1,1,SpeakyChat.com.xml
-28a4a3b9c096d4d94cf6e2b84461b16ad0da6411132504a02bbdbbc9289b2be4,1,1,Specialized_Products_Company.xml
-3064aa268e87aa6d1e3cb4835582cb4d4aff1ef2063e411e98be68091854ca1a,0,1,Specific-Media-mismatches.xml
-de4e0aad788b737f30398cc734dc7e93a178dffe24c0b73abe4fedd6a42e2015,1,0,SPEC.org.xml
-b6d12867f7d8012b03d30e3836cd3f71fccc19cdd0bceda42c3b8e3870481d0e,0,1,SpeedCrunch.org.xml
-7c8589237e407b7751c1d2ffa43036657cbc5cfbaf47ad26936b6a7f31c13753,0,1,Spench.net.xml
-916dc2183dbbf307a1e01713575b05b2831ece425195929b577b6221ff376ce9,0,1,Spin.de.xml
-c3e07335bd1b82f18bdbde816e5c585021d5bcbc372eded55ec982c12e85059d,0,1,SpiritAirlines.xml
-5aa4d692eb37aee5eaa407f998e26c6734bb23e3eda58e1621c549e5fa1a2251,1,1,Spoki.xml
-b440d89b9eed86cd745d0ff23333b7e12af88f7539a35833ee5b6ed2a77b0023,1,1,Sportifik.xml
-2a59ab0331fb5c8c9fcf6d5ea984db8ec59bbcfc92577aac1f79ecca8ccd9cbd,0,1,SpotXchange.com.xml
-92237fe3d6d3c3df0171c873b6b24123441cb54f5f84a5df5da39699afffe685,1,1,Sprint.com.xml
-253556ba3da235ccae4816b5cbd370cf73caaf49b9c5b2f43d99d915c2b86a91,1,0,Spriza.com.xml
-26c56acd3375b007eeddac9957b0ee0ea8e4b5e98b298cbfd7d7cf7a37e49bd6,1,1,SP_Times.com.xml
-b7a7b9f22aeb326e6b248f75737fc12c991167149fa21745a3906868ee8a1ee1,1,1,Spylog.com.xml
-1498e2530912c8e73b9cbf1c5284031b51f6e4fa7e37cbad0deb6d6eb290b3b9,1,0,Sqsp.com.xml
-3065941486049e23107d2dfa67d90123e019bf6620e1ef73ad062e93127cae62,0,1,SsbKyh.com.xml
-5b2ae8372ee680924f485171855f912baab88452cab3e87b63bc97e0c74f3477,1,1,Sslcert35.com.xml
-30c468e73931001c0f71231bbbd291991dc454a378b2bd2c371b8a5d91c61ce0,1,1,Ssldomain.com.xml
-c9ad023f61c9cd1d3706e52cc669f633d12053fa22c25c9701e36c06d5fc5cdf,1,1,SSSup.it.xml
-554f6e5135b895544437fc3b23f9f06bf5e512318b24b8d13548b8282203e55d,0,1,Stadt-Zuerich.ch.xml
-8eb71df98a37614be3236f2aec4609cb758615cff4e90ab829b3788a54250c03,1,1,St-Andrews.ac.uk.xml
-7fd7d42fe5e4995046763502a683cc64de0f0ad3a28e7cc679173f829085bb98,1,0,Staples.com.xml
-39dda4283cb40d94908fb128dd404e8fb0d4dfa2d144a24ff4d2426f42a1cb7d,1,1,Starbucks.com.xml
-8026ad04f83be259d2177775e0f798b96ab522511fe1fab28ab64a20387c5738,1,1,StarKist.xml
-4a47876ffa751efbad85a86c2d0d727c1734f56b1631423fc965d5688df0168b,1,1,StarMoney.de.xml
-381196de76f2d06ac7750a54a67955f6a9c21f42684821726b416cafbe9523e9,1,1,StarNet.com.xml
-3b5efcc0655b092166135f0d8a73a056e123f866749e1f0906706cb39a477d51,1,1,Star_Search_Casting.com.xml
-8480112d641417373b992fc7826912df693685423668683e9f2dc4d9dbc5dfa1,1,1,Starwood-Hotels-and-Resorts.xml
-384e89e4321c54fa7be3b75f19d06b7c029277463bf8cd2f8e0b3bac1cade42f,1,1,State_of_Alaska.xml
-cbb59c8fb32a2a5ea0cf3b3fd7d70b6add8a46094a11757de3c678d5e61aeb3d,1,1,State_of_Oregon.xml
-cf6c0866d343514b97918cd62089f4191898d1c7c45d993b807f5d7ce291e172,1,1,Statesman_Journal.xml
-7500f592127c32a25e139992a6e1e067e488031164d9d8ba29173471e81d26e1,1,1,Static_Site_Generators.net.xml
-5c9829129baf195a9dbfac286a509c36e0e41bb8adafa18e9162034a65c19904,1,1,StaticWars.com.xml
-345a6c93371fa2331f18898d3b61c6f8ea3b9a66af9653bedc4cdbf85d888777,1,1,Stayfriends.xml
-745937303fa58c940d29358280eb28ec941dd676d6ffaf9d27b6f9a2f353b943,1,0,StaySmartOnline.xml
-47c9f0e41ce3c056edcb0554a27d3a8a648782f976f6710cac42f10b6f7cfe8c,0,1,Steaknshake.com.xml
-3078153e01d7a43f3cee88d6213dff492f1e5a7dd0bc3ba3898aacea56fd386b,1,1,Steganos.com.xml
-8329d69c91eb46f21fb87da7033940a740293719013b549b2a04a465178b9c3c,1,1,Stevens.xml
-fcac83bfdb0b66dbe7ee339ad13cbb3784c2b1e9e6129bb33e9123ef6ec50686,1,0,Stirling.gov.uk.xml
-d0927c5a374e77c75d1dc3dddbf424cac62c0bc8036cc9301b2540e9fb6ad9f0,1,1,STLinux.com.xml
-0710fa36fe1a462a08964813d48f6b1d399ec3b7a721414956f7b99c87b6e165,1,1,Stockton_College.xml
-c7758f9f247af4a807809da7c975ba1113dd999e47fd382f67ca993672d549e7,1,1,StockTwits.xml
-af088ec57a0a58dcc709653e7bc7c388fb2ec11901bdaddf44b6a9eb56cfc09c,1,1,Storage-Bin.com.xml
-2f4835be761a19b7ecc69d772d7c194ac2ef0b064e0fcba4d2889f87334ce6b9,0,1,Storebrand.no.xml
-b3ae4b6850a307c9433da62f014e0867e66069ff2f3884f4aae6b16ed3ca8747,1,1,Storenvy.xml
-d64ce19ebfba74d32cafef6a02305b8aa5f95e7b4711d7dc988d46b5e2d217a4,1,1,StoreSecured.com.xml
-7403a5757527d035874e48069484b155e1c23a5d8087481ce356b2ff7ddc8666,1,1,Storywrite.xml
-12588f5afc97dd86b5084a913cfedb08bcca50fbb06428f5a21f2d1f45353f87,0,1,Stratum_0.xml
-796a57d9c1b84c656d28bf399cfb683c83437ec69fdd2eee0c2f83712755d53c,0,1,Stroeerdigitalmedia.xml
-b6d669821c47252e7ca26474737e7a99764a62314908a40b4303024e88e5a3d1,1,1,StrongLoop.com.xml
-07af8a3bf04feafc187b94867929fc2a1fa28c2d9c627bb9af41b8bc403df181,1,1,strongSwan.xml
-b0ac2e6a5978ce833c84f82322e462375f44861de28f391b9fac57c75abf272f,0,1,StrongVPN.xml
-d2302191ae1a8f125183b63e27520d15a645d1386f1c5c1f28958179f28941a2,0,1,STSDB.com.xml
-93988c7f0ff008e7ef5108c730894d4e105b47db481c2e8c3f148842946f5136,1,1,Student_Aid_Calculator.com.xml
-9ce00d1019a493c4f78331cd99076362c4233cc11920477c5e416697a6e7351d,0,1,StudiVZ.xml
-178c493fb5c612d7752155e414931a6fa954aae70c5e06b164e18856083d2004,1,1,StudyinAustralia.xml
-011d96bc9ab9a8cfea82d26bffe4a01598c8d65d074172966bfc40f197883bb7,0,1,SubDownloader.net.xml
-d92a0a64fa96c98af6b520e133f9becfd9c7b105aca69c8a6b9559ff8b90406c,1,1,Subimage.xml
-b320316c624d6dd638692140b4fbabc3882b3379d6a0a5dbeb4bc1d8a0952ef6,0,1,SublimeGit.net.xml
-1a0921d175cad22ca99421e5d7b116251aeea7157be570e7beec3db83063f13e,0,1,SubPLY.com.xml
-17ffed1ff7f81deb84f970b016cc3f707b748dcfda273a6e07f8540665ee221a,1,1,SuccessFactors.xml
-ce8a1e19ec87649974633ae2554d98d9e219359e9144bb59dbbc37c68f52450f,1,1,Sudbury_Neutrino_Observatory_Institute.xml
-8d351ea640bfb631540f409cdd9920eaee4b16167229a9ff127e7f5955b1ff8d,0,1,Suddeutsche_Zeitung-problematic.xml
-4353ab81e240d88c9a212ec5ecc87fb3c36fe14968a5fa1bba7d26b117ccd9ab,0,1,Suddeutsche_Zeitung_Tickets.xml
-39ee1d4592c1dccceea5d80aa83500d03685d67985cca30f3c17069ef4b11b41,1,1,Sugester.xml
-7493cc3ffce2c67f7fa42f32e1e2408c84f9ebe3bfec0fd23e8c14b853e22d67,0,1,Sukimashita.xml
-a718bdd3790b64a8c009cf4f3357e3b2254d3c577d64d37727eab8860affdfc3,0,1,SummitPost.xml
-34e524cb36278e49dd7e5a8d0a8deb009549cf988ec992a5a5afeb233d94f9c9,0,1,SunGuard-Higher-Education.xml
-14bede590218ee03241a00abe20fa3bb8f0f700da444b4c3c87691a91ed5a88f,1,1,Sunrise.xml
-a0bb91556168f0e98a0cccca8d2a6f1fd1cdc431f5c638c7e0bb609cb5bf394e,1,1,Suntec.net.xml
-c3085f8ae3518ec1b9c1336416c2c56c3cb38d4419c4bc0c012b03337adb07ae,1,1,SunTrust.xml
-cc283c50627b185ede55a22178b07b119401c1bb33681efb74f3c84a18d3a5f6,1,1,suomi.fi.xml
-cee503c087181433e78fc7a633a0ea13e071e35ff01247a73fdcb4e56a5cd2e3,1,1,SupaDupa.xml
-fc7fea4b9413421e1d068183f889dee6db63ffab1d49d7b357ff1b649e18c5da,1,1,SuperannuationComplaintsTribunal.xml
-715dd9ee76e76e36924367d72de96365fb971aa9249de53407a7f80a91523da0,0,1,Super_Hexagon.com.xml
-24eb0ee48fa0e0e523fd9bd0b40ab944a581fc249f21c1ce876352fa21ac56de,0,1,Super_Lawyers.xml
-d52211b33aba177689b636040670e9673139a3ae675f621ec98e5226f6662b87,0,1,Super_Pet_USA.com.xml
-bbd4fb2f9b45366a2539533ccf4a4886c69022a7064c641de203f1a81b29d94a,0,1,Superstart.se.xml
-45cbe2d0bc74d07effc9f86d955fdfc0b57fd320f15b0fdf37d13ed31836a4bb,1,1,SuperStats.com.xml
-278667426f721deeca09a629b703857edbbc9e6b5203fffc6eef77c7cf9c1201,1,1,Supplies_for_Dreams.org-falsemixed.xml
-f57b822a7d90c0045f7154b767dfaa622bb10b5d356c373b274ec269ab77dcbd,1,1,Supplies_for_Dreams.org.xml
-87fe4de9ab80a4e0a4d3f7e9348cd944198e2070144b65cd096f18f8e64cd38a,0,1,Supportion.org.xml
-607a14e523d4eb67d2e0470af4a11351e618235cf31197773d466373e9a3e4b3,1,1,SureSupport.xml
-c364bfc1cc7f038bee4de11860562a5430e9f6e50f4304292877e5852682f36d,0,1,Surprisingly-Free.xml
-1db721c32254a0f6cc5fa01d09570b574ea1aa05e031b63484c204705489266f,1,1,SurveyGizmo.com.xml
-1a101eb73dc1657e33f8e9345675e37e389518d109592e299c8d9e6724cf08c9,0,1,SurveyMonkey.xml
-7a9da5e66bb52c47cedf57033ebd9aecfe74c3b97a8ef687113ff2be4ef8ff49,1,0,sustrans.org.uk.xml
-ba6e4c5379bf8c4de10621f7fe7b3df817d4658f9da9f162855fe903858416f4,0,1,Susy_Radio.com.xml
-e1591b4d88ea0eb3485157d9832b975937e8c9a5208259ef3268d3f61119b2d7,0,1,Svenskakyrkan.se.xml
-10dbae31205437166ee6a42e3bf15e68a6c67d2901100bd86647780f09f78fea,1,1,Svenskaspel.se.xml
-0fd5d3870f9c3db62e5c4f6a72c986708fc02dd4f79ab555ba603706055e6f43,0,1,SverigesRadio.se.xml
-7592bd6d42bef1d6c458ce973aaac4a651cabd709c57c80b03ac37008f308308,0,1,Swapspace.net.xml
-e503bd2eff7757f37cd05f11b904e0aa7f674a7897657278f0ee5fd2ff6db491,0,1,SweetsLyrics.com.xml
-d40dbdface540ac54e9294701124dfe11fe73756383e3532be4426e6907faa0d,1,1,SwetsWise.xml
-841f596ca9d82b008cb1ef633402bf36289814a8bdcf2b50a24273ffd9d40784,1,1,Swin.edu.au.xml
-afaea307d6e731d22dc922a3068dee4ee008047207deacb123eb43f9beb4ba7f,1,1,Switchplus.ch.xml
-990a0708e1c15ff5dd64f56851007141150234700afb723ace3d4c802c19bd39,1,1,SWT.com.xml
-1dcaacd80b958fe4f931ee5e4659e02192f09cd5340f02820d03ca9755a5cadf,1,1,Swtor.com.xml
-0617c3149707ed6e38daaea5b27352082f326ab63f295a829ca49f19b179afd2,0,1,Synacor.xml
-40dafb3f220b08075e139b863e7ec589677a218a7f6fa0d83ac90e82046137d9,1,1,SyncBoss.xml
-801c20d5ad81a56de838fa123adde660b159ae4af5e590107b911431ab7d366c,1,1,Synergy-FOSS.org.xml
-6cc895d5acc0f42fc2422d99fd5c7c330fc898da1b36d815d38baf9c071e9ce1,1,1,Synopsys.xml
-39e34220f1747228c89f65bf85e1341261dd9bf9fa7103a6f05f7b5cf7c0ddf1,0,1,Synthetix.info.xml
-057b142ca3d2f84f2620bd70122ca28024124fef589ee328145f265a2064ec18,1,1,sysprovide.xml
-9dc087e90745d0ea8953d26f82dbf9047cb610d088d94b9a25bd56e093d31a79,1,1,Systembolaget.se.xml
-13c55abfa115cdf89adbb92f03e79b91b3bbc08919f6c023c799c5dfcc880b7f,1,1,SysWard.com.xml
-0541366178a7279745ea561f059b404fe3e0938cf75afa1c0d3c21f89a17a141,1,1,SYW_CDN.net.xml
-d2b1e6a3516a331655c9634cebe11092ddf2b0d2b513b04760fa10c2ea5598af,0,1,T3Blog.com.xml
-0b6df260724836c32c32d403eb7c8e3b21ebe80f68e4d1dc17c2ab806e9f226a,0,1,Taboolasyndication.com.xml
-41fddb51756b20157843356a7ee2decaa552a5c8859d0e10d52eb83dd42e5373,1,1,TaDst.com.xml
-07f333e0409ae4f5f9e2d09d26835d0a47da5bf52c535038344c40b71dbad8b0,0,1,Tahina.priv.at.xml
-3ce7dc41c4bc9b6d2e938d273bc5b661865520ab9d08a051ccf09efb1514c203,1,1,Tal.de.xml
-efab25b7fc246b2cde333d8f051380cd133eb4a7f0166145127a27ca555328c7,1,1,TalentSmart.com.xml
-988512d330564df476c731a89222b3e1b6dc5ad89c41132ea73ab78d27081f3c,1,0,Taleo.net.xml
-9a22153dffdb22ee7d1cdc7a9f9e4e292333b7b081d1707128f53aa397863177,0,1,Talk-Active-mismatches.xml
-3f39a0ede32fc9c7b9ea2e81a147362ded59f0939ca9803db7fc3b7be695331d,1,1,Talk-Active.xml
-b746223f8060cbb1f6cdf08f5b7adfd6bf0aef960614695746d58290b49c5800,0,1,Talking_Points_Memo.com.xml
-0a01fbe6d6acec74d0ccd7aef778e02e8c7ac424d57e8e9d42d9729d56001f6a,0,1,Talkoclock.com.xml
-19f7c72edff92f8dcbb0b5c379aa1c9acff032256393f29b902d4e9c4ed08cc0,0,1,Tallinn-University-of-Technology.xml
-b14da75d358e6ae804086aa49d830c8fd9bcf3c257756297a5d1eb8199788a2c,1,1,Tampa_Bay.com.xml
-1640039109c8c2f9643d9d88c5de2572634fa496aa78cb664ef10ce34d04232f,1,1,Tampa_Bay_Sod.com.xml
-1bc78da98c0a9dd3deef3d253bace5b2f67371d3aeb7d34181ec3fc516bac37d,1,1,Tarasic.com.tw.xml
-6944277ec988e47878a9e1a7cc8a7f6436496b66e16f6c35235ec00c973900f3,1,1,Target_Performance.xml
-a8687053c02430a7161492d975a61c779c42f21172db6d16edca34d5a32fa4fe,1,1,Target.xml
-e4d80cc754656ada5ba1f98779688c87f5fb61a08791f713ceea95d6cb84b2d9,1,1,TAU.ac.il.xml
-cfb76e4e7478c507dc48b61f51bdc71ed2176927fed165af863dfdba2d2dd270,0,1,Tau_Day.com.xml
-2239d41720f1c8fd08f8210ca202d9649e5fc4d4ff215f22be7a2be0108a082a,0,1,Tcodevelopment.com.xml
-1bcde0c8645fb6f4f858c9dae6da9a419f2a187914e0d5ea61cf6094bfca9a6b,0,1,TDRevolution.xml
-80cda9034d8a00e18d2a3ec378fd95fea0c4fcb0abdd052208d10f433b9621e9,1,1,Teachers_Assurance.xml
-044c8f6f62258a7ad63256b776f7390d63ba1777531821f3cdcacffc26bc7a89,1,1,Techendo.com.xml
-0e34171c067993cc756f58f6073b767435fa61d1241b1fc40b4c531f8ff6bc41,0,1,Technical-University-of-Lisbon-Darkstar.xml
-97fcbaf5577c88218e445c6a64314951b53dc48269897f9e64f6317b4b9e775d,1,1,Technische_Universitat_Berlin.xml
-686d302ec551ffe043988a5eda96e4bf5973b23ebdaf401c40d0ee46c476964e,0,1,TechOnline.com.xml
-2e40b58c77233713b2739af1ecb63ac0b98a69885ce54e4e3e53aff88d0296a0,1,1,Techopedia.com.xml
-872fa19600d84d669e883f58643d21eaa1aa79fffd73cc63f12eb1deca6de7c9,0,1,TechTarget-mismatches.xml
-ad2b580f1b685ae4da97e09f4cb918ba9c991eaf3198f58ec7551e5d6cf73d0c,1,1,TechVerse.xml
-8979f123bf494887cf5839268426018ef6d601541e9c675c24dce1a98ba29f77,0,1,Teen_Revenue.com.xml
-6d505dbdf780e9107561308221f5e592f1f457e9621b12ead11663533432d2c7,0,1,Tele2.se.xml
-5ddaeea1faff6f9fd577f7f16afc0186ca3620e153194008d51ab695ee84e55c,0,1,Telefonica-mismatches.xml
-12f6643c8dfe320400138e5c29a9c04ef46fc6860f5e1649d665ebaa1a60dfe0,1,1,Telegram.com.xml
-a657c4abf2697000def80e5c9b26c70b9c5315a1a34a6ed8b21f197a5cfd4e06,1,1,Telegr.am.xml
-954837d7349122208fd7a070285f1c255bb47bc922e5fbd9b371666720929085,1,1,Telemetry.xml
-32b38e97307552cbc942d5d4b47024f66842b715dadec3868879317c7b066871,1,1,Telerik.com.xml
-29dd308967fb0a8ed3bbc3eb9cae036fbad5ae7ba501ba89a27a6cab0197476d,1,1,Tele-TASK.xml
-1aa65afe0a962f7a7bd626ac702673a51fc6f55ed21d1700e45e5e5a640070b0,1,1,Telfort.nl.xml
-47c4d924cba640f836148343df0c9bd6b0ab764e9c4ea521ed6d37dd0f1fb5ae,1,1,Telia.se.xml
-fa340bfec44c43f86207ca9f60d2b470bd94c4b4b2eb8886e58fd20688f4eea8,0,1,TelVue.com.xml
-4e16750265f2c9d5bc7bf41760be8f2c4bc672e92398a6d635c4bc69ebe5e4e7,1,1,Template_Monster.com.xml
-90d8cb4c77769dae735da60d72e3b84f57a93ab7aa48e7a01fe8c56c6edd7451,1,1,Tengient.xml
-8112be0dc26553e6fbf96b5fc8f649635c92a3c7fc30ebd158d447383797b596,0,1,Teracom-Consulting.xml
-570e72df57965e83919c4deb86edaec58101c64b5bfd1e407b57365d95673904,1,1,Terres_Oubliees.com.xml
-068c6ab7bad10838f3256658455b0c882ee2d2cf27415bf6c64b2843c88011ce,0,1,Terveysportti.fi.xml
-80a2b0d54ed1eabf4ff9c4d5b2d7955a37a11eb7ea64736afefe5df15052f142,0,1,Tesco_Bank.com.xml
-1a0f294d147c61084bca26e4d51d13c0f5abe9ae3065b7940718a9a07c9e1b01,1,1,Tesco.com-falsemixed.xml
-0bdd9de6f132176da1797d3ef1d413079dd56859ceb2941d363e9b312ac79103,1,1,Texaco.com.xml
-33075ff0e10375dbb062e8d90fd798a3f81191feb017bbfb5528f1b7187da08e,1,1,Texas_A_and_M_University.xml
-1b947bc4c20e6b67ba9c208a49aa0e2fbeaafa70ed3000d9c30e43f07ee54eca,1,1,Texas-Association-of-School-Boards.xml
-262e6cb6ef646356d5c6c57e854eacfc0f22e63e990780b26f8310c490cc089f,1,1,Texas-State-Library-and-Archives-Commission.xml
-173d372e6a46e7c85336e34d91346e9061affc5bfd1760bb6aba49186caa09e4,1,1,Texas_Tribune.org.xml
-f0a9bcf00ac545e20fdfb5bef2d5f29197d95b6f8ca97c696a5b3d57e324a4ce,1,1,Textbooks.com.xml
-1e4218f40674c65cb64d74d7823c45fea8ceb1071a2b58243ce1b8626eda5f0e,1,1,The-Art-Institutes.xml
-506962b48cc81ba9fd9b78cbb56252315201bb710cb7eff070b294891c748af6,0,1,TheBookPeople.xml
-eef2e6549dad53d5a1b299bac1fca6444fd7760c83753854193c64ecbb342d2f,0,1,The_Bureau_Investigates.com-falsemixed.xml
-9cfc917aed6ae985c5ba1ae46ae05f69bfe557915de4b3fd6464e635aedf118d,1,1,The_Bureau_Investigates.com.xml
-6197f3d72a71901267ef26b5a0109ac64fd257baf72aa2f3583d0690bd1aad02,1,1,The-Business-Journals.xml
-739e66b04c9a5af038011293d8007d404e72821820a1e79f3663a68b7cbffdb0,0,1,The_Center_for_Rights.org.xml
-ac7281798c66f642d911a05d2d0e2f01f254451e85a20f45a63816cc59ee9c97,1,1,The_Daily_Beast.xml
-1e09998b77998a3f2fcb4fd74272df20935f2693cd1aa0e2b5a7d84aeceac408,1,0,thediplomat.com-resources.xml
-bf4dbec048a54caed039c4b34e5f8ee581ffac5a2cac1ce0125e682531b38f18,1,0,The-Diplomat.xml
-11319e7025f205267ab92752cf95740a51b58cb9ae6b392d46fba9fc6cf448a8,1,1,The_Drom.com.xml
-f1585d8c49cb634f499a564a2d05e17de79d20e60239838ef2908a0af3e96af4,0,1,The-Event-Diva.xml
-6e6dc2a6166f6dcea7828592d5dd1e9c3ac319b0f83f20b90ee01e8cf921cf23,1,0,The_Gazette.xml
-80d1ae41a278db7b4ff0ebc18f7767ff62bb0889bcd3b36f25d20e6adeb2bb24,1,1,The-Great-Courses.xml
-cb6933673ccc5114fd706e250a9198c8581ebffd405f0fe839537110e03d43ff,1,1,The_Grommet.com.xml
-fb9227ecb093d793a458ff52bfe79a76b3d8005f50dd173bbba33792b780aa16,1,1,TheHut.com.xml
-d3cad14d26c563280c4e79db4b0cf3861e3f31b33ca0eeaa23247d90c54d1599,0,1,The_Information.com.xml
-bc559f7f7fe275293bdc42f77ec7dba0a0b75fdd72e4b83b608dbe459d214730,0,1,The-Inspiration-Room.xml
-1d80b3f9223fc97c7ac1831cc522b5612049fd50584cc274563a3bdbeb1fd9a5,0,1,The-Lean-Startup.xml
-4f158ff1af963a5d9ed0faa1f3aa8f8468024a10fc64fb7abf96745f5e827fec,1,1,Themes_and_Co.com.xml
-9159da5c56b45fa828245a576a31dea754f4c4ef4e3948635da41a8aa6faa259,0,1,The_Next_Web-problematic.xml
-0eaa13eb00dfa89e920c20033aac3643c377713df15945b2afaef3b4fb13d8e4,1,1,The-Next-Web.xml
-983716987e3f3cb0412ca136d09307bc387c9580e59488401f9d78dd6906ef83,1,1,The-Open-Group.xml
-6ce3ac8cd6caa5c805e60c651cb1b5c5b00eca8e306e9731b6929a39f26e06d5,1,1,The_Patriot_Post.xml
-47a59b2dd91d2cfdf21e5a9dc3e4d41cf42a9b52c99dba572e95b1f39c1d3a34,0,1,The-Public-Index.xml
-74543ac90a7b3e191da32cd7f530d15156c29648ac63f8d327ea72726dacb6cd,1,1,The-Republic.xml
-b25179d086cd6a6c48f103b9c4c193475fa0a01aeeb863dc74df7e662c1467ce,1,1,TheResumator.com.xml
-f9638be0d1a2a1db5b98ab2f49f22351bde30a6e6b79b12c660266ba0522c858,0,1,The_Satanic_Temple.com.xml
-954be849d06f47930f52059ecbb4936af3374b9918df17dd7a833b62e679951b,0,1,The_Security_Practice.com.xml
-87f87974eae4c8be63d24bc12dc2fd9009669d3d060a0743887bc4eb890dc0ef,0,1,Thesn.net.xml
-b1cdc01ef33fd2f12c0e05959597fc420da308b364e03ab877ce6d85ca9678cc,1,1,The_Stranger.com.xml
-8c22882ab50988affb25c043bedf30891600e9b01147c502f680981cf767ea39,0,1,The_Theme_Foundry.com.xml
-4c2b9a510b95f4dd85d039e37f92106befbc4313769107941058c4e0172e018a,0,1,The-Vault-Bar.xml
-1e997761983dcf6997b046c5bf9493f25422bfdbbd5b693560808da05f441d76,0,1,The-Washington-Examiner.xml
-45c734084bac83b8336e3bf8061aac11ca6981f7602889d5ec0cd6e81c37d95b,1,1,The_Watershed.xml
-192c7a558c80f5de13deb92fb4e194cf46e435a55413f27016131a33259fc2ca,0,1,The_Work_Dept.com.xml
-db18010d3ca83f79d1da1c4c2a9116e1daa3edf759a3d5577a331408ff530253,1,1,The_World_According_to_Nouns.xml
-ce6f22b9ed24c147da5f48267f937fba3c0bb3f14968eab75678d2ec9faed984,1,0,The-Wrap.xml
-1de271ad79954cdd301eee7bf7e1ac0c5f0938fecb5c8aae0391c7ab3e4f8778,0,1,Thing.net.xml
-3b89f9f5c32b514122d49ceab4814e47ef0c97aaa9aff40b468aa9387ab4b672,0,1,Thingsquare.xml
-5b749d138506b4643584035985a91b9b4f5a552603235113574d6d47d6ebe8a9,1,1,ThinkGeek.xml
-a9de1d33f1d38bbc31b35dc0963ce198eb843d292d2ee9fa9f6341d54b993f8b,1,1,Thinking_Christian.xml
-7ebfe09e0a8949490a8587707a0432e4c9ecc6b38305d3f11014c757c302672c,0,1,ThirdPresence.com.xml
-67e41bce1db89ec4e09f46c662ca6a2c7b126f6d57052abfebdd25316a9282c1,1,1,Thomas-Krenn.com.xml
-eb2a659b523e5b8dc3ed7f51cce652abac536d52c86bfc6aa421408330b64963,0,1,Thp.io.xml
-ed8e09d2aa2ec5b033c3c629ff5848b8ccaf666077a033ff24db674a987c002d,1,0,Thumbshots.xml
-c572a5c33cd5817863bcea276085297977e5d272aec438c1c73c00d1c85efc35,1,1,TIBCO.com.xml
-1691cb662b5c92e39543967f4ac52f86fc7b12c3172eea43a64100e699ffc7a4,1,1,TickerTech.com.xml
-5c7384430e2a8498ee7650c8045cb2ced1f24318f6fafb4aa5795efd075615e4,1,1,Ticketnet.fr.xml
-df293463db93d5dc463389a7df8fa0780fbce66adf464f1c1a0c60b428469662,0,1,Ticketportal.sk.xml
-22c5dc554eff33120154420db28400e7a9175540628808fcab68127ceaa53846,1,1,Tickets.com.xml
-712dddaccf05631bfed526e1399aef6f227c79d7a1119e96b541a8011da420a9,1,1,Tictail.com.xml
-41988eca7e169dae42c7fccbbd264d521110b7614836be80ddbd275ee14b39c1,1,1,Tidal_HiFi.com.xml
-298330bca9f99c55c045c6aaacc513f9435fd9b0080ffed0e11618cf2fb8325f,0,1,Tid.al.xml
-f04cf9c56366906e30a204e2341fa70b05f62b3e574680255d82571ec98d8384,0,1,Tidningsnatet.se.xml
-070cfd36e966dcbc299d6c7d3e4ba8e379d29a0a6aff7ebeb84c86618d638b68,1,1,Tieto.com.xml
-6cbf926c454fac45ccc753b40326e634ace92275c4d7996f9341ff7a5e8afceb,1,0,Tilt.com.xml
-196e8b886586ee852fe896324643157d3c48009254fa4351eebad927a6985160,0,1,Timbro.se.xml
-c586112a934e1ef6f587d2316e13cb55a85f4d574f0684e6cf3ed636a8ddb4bc,0,1,TimesofMoney.xml
-2b3408a8f89589faac295e5b1dc0a601d01e1ac73f50e1449b04767930bfedbf,1,1,Times_Record_News.xml
-9dc9221fe34a8c545ba4dea34f0708f5866bcc311121a9db998c9052846ff99c,0,1,Tim_Minchin.com.xml
-9db7d3bda86ebaf938f4cfa084d270d03c123066e59f8572763f02fb7030322a,0,1,Tinder_Foundation.org.xml
-85b8494673adc5c9e891bbd25e7c5cd4811f32ab63c983fe90dc3bda9a5c0f89,1,1,Ting.com.xml
-38a2a7782d9995cb1e7876f8da2c1e5ef501780bab6bf2f46421e90534c3030a,1,1,Tinkerforge.com.xml
-a407efadf8c8bfb21c17958f5f652b9cb5411bbc15fbe70baaaed6954ae29b9a,1,1,TinyChat.xml
-d4cbd7eb4aa005be2400ad4737c5843fc9d8a2643965f0f265c11f4a8cc4f3a8,1,1,Tinypass.com-falsemixed.xml
-7733cc60835882b3bbc58eba042035e3883ccd9a100903c2081fe12b9967dd00,1,1,Tinypass.com.xml
-25afd3e07a9f15f6fa54c339945304d271543551b8260f2a0da34e636bb3b84c,1,1,Tjoos.xml
-1531eaa1067b3d3963d8e50104e17514d3379f4dd0c56b01ab934a74c7f57f41,1,1,Tlsfun.de.xml
-23b9c63df64d2b2cdd537f8b37898f1b804ce4609e22d55edaef4b6df837ade0,1,1,TMP.xml
-6a99040539c10ec98df1183e1f8e9c05b1b5260a83054891477939a63e66f33b,1,1,TNNet.xml
-62916b98805af0abbe50e636012ec27558205fbc6815e8450bd5d7d03a80ac1c,1,1,Toad_Fly.xml
-5c1a30c2008fc80c0aefdcc559777cdccdaca7d8f3c4c95e5e2d0e238c8a56b2,0,1,To_BTR.com.xml
-e4bc5dcae265ed51b716b9b2b1efd571adb056a59812d122bca82e7b2d780d44,0,1,Todoly.xml
-b95fb934bfc621da8d176b0c91ec765f6f7d67e0c5275aed5ec3f85c42a5fed4,1,1,Toga_Hotels.xml
-e14a4862724980b67d442efe8ef5b7f430e088387580c43053c8b848df81ca68,0,1,Tokyo-Linux-Users-Group.xml
-b52667e2e9eba427ac0aa836b4742dcd8b393dc3c84a9c6a33295d44f521943b,0,1,Tokyotosho.xml
-06292948f6ffaada00246a0c636a0518391fbb988861bdfad633af27925787d8,0,1,Tompkins-CortlandCC.xml
-fb58cd9be4869f8b8ae49ce4318039d17605071cc8c2d30d303c8702ae6cfcb8,1,1,TonerGiant.xml
-2a1ab23b0f35df2faa362e2939a2b5e696220bf1cf274ab16ad190ed3c8b94d7,1,1,TopOption.com.xml
-7ad44939a8ea5bcd0d4fafc588effdede3cad62252fd2b97dda63d9277aca3b7,0,1,Tornado_Web.org.xml
-b75b3fb34aa93de7753e90173373e56eb02eaa3df6ca46adfc97e08b035accb5,1,1,TorreyCommerce.xml
-c9bd9b74399ec69382386ba54a8d04866e6120cbbddea2d7f46adf56bb13ea4d,0,1,Torus_Knot.com.xml
-a81d9a77c859f37c8f6530d57c0e782524fcebb38d9e986f8c18fb555a046ef6,1,1,Toshiba.co.jp.xml
-9925bba044436e099ef9a17c05c3a9dd980c74652aeb939ac34c94ea63b7df57,1,1,Total_Choice_Hosting.xml
-5bf3e44d7370894cf0d2c45a95172e3d25a007c4018b5ea8d71eab69acc9512d,1,1,Total_Investor.xml
-564de255a2fe5b5ef4255de2e2dff1bae6284b29469b7c17d00380d21b9289be,0,1,Totse2.xml
-d87cdcb3d834b578712903370180da19f04204d5362c9a8164b772b55a18037b,1,1,TouchCommerce.xml
-2eaa64ff59a989726785d161525d3e175bdaee01ccdc10086578716e4c7bb8fe,1,1,towelroot.xml
-24758ddd0781ba99a1a9a29e03011c29687c1b5f67dd207daa8d811ea75a4615,1,1,TownNews.com.xml
-32aec643ca2d71d6f9b43c8ba58b37481cd2a55c76968565a60f8c6621fdc5fe,1,0,toxstats.com.xml
-f6d6a14f6e730ee446729955986056e9a930783180f0dec99991bc4109622951,1,1,Toys_R_Us.com.xml
-2917eb742e4f7f15db7b7566a266e73ba37df2d9e6a64de292ebbfa4ee904707,1,1,TPG-Capital.xml
-7259305af6c4290ae46de7c834ca0762784aab4962d66ab98641d750a83ed803,0,1,TracFone.com.xml
-087f60834326225dc58d57d93e7c6bf7227792865bdecd91cb5b2a6ea8a2ede2,0,1,Trachtenshop24.de.xml
-eb283cec83d4235adac15a53986ce71e8770d0cde0f91ba7279e6b6cb5fab379,1,1,Trackalyzer.xml
-ab5cc8a1755685297bc40b4037f1277d7482417e04e5c520deed1d12e353c4d4,1,1,TrackingPoint.xml
-7673cbf09b22e7a38503a783d546a3ba3f19e5b9c67aff9d90d0daf9c5f0c346,1,1,Traction-Digital.com.xml
-721009e195644d5540c59a6f42ab2716e35722aabfd718b4dbf487a5f52601c0,0,1,TradeKing.com.xml
-3f6e8ab2b5f0ed70138432ba3f0bfb91451404f1d1c361fcc625d070e4ac4f9b,0,1,Tradelab-problematic.xml
-8ce8022cf79d4e12ff69b3bd4ad3d9cefc94a750bc774c6666dccd1ef6ae7975,1,1,Trademarkia.com.xml
-add909870db94aa5bd754824fd291da12cf5a35ef2dc039887e8fbfcf9559504,1,0,trafficjunky.com.xml
-6babe63d9649dc80201a730918427d18fc983abf0ae6aa64ebc751040d874711,1,0,trakt.xml
-33fe34b8b34cfe39278bbf256306a09c27ae0943883a0a037b6fe9dd92121893,0,1,Transact_Auto.xml
-67fd8d9314a487120d3522c34835214140da57158a1bb42ab2326a7c793aff1c,0,1,Transformationmadeeasy.com.xml
-00dd816c4f9e0a041f07ebf13af88e9eaa4c7c44adc9df183c7807a249bbd35e,0,1,Transformative_Works.org-problematic.xml
-9130f100904f6c25762b32d755c566fe6aa588b19feb0defa4d3473687abbc06,0,1,Transifex.net.xml
-777f11b4f28a54995931f58c3cb671d7296d74e65426869d388c85faed8c4515,1,0,Translink.xml
-bb06dd6b10f827e1ac23da17549badf7f17b97300d993618cc2e608e66328a1b,0,1,Transportstyrelsen.se.xml
-e146c7bca657938ee542242397d6ba4457b7451ddb4fc64f0f8b12cd6cbba2af,1,1,Trauer.de.xml
-33d321574ba20c37ee80ba79c6ee1bd2c28ca890cc82599a1799072cc2e3b47d,1,1,TravelDoctor.xml
-f29c66a5f213e6258665d3ecfbcd498dbac77cd5137244c85589a8b85ea02ec5,1,1,Travelingnuker.com.xml
-c7c57b65cd13e5ed94238a546ff86f9af27333129ec503e4d00067eb5444a4c0,1,1,Travelzoo.com.xml
-a40a21c802bc8c74243e4a5b17bf171b8a9de5be9ea9d04bba0aaae7097c90c2,1,1,Trefis.xml
-a15f218ce90ba990333edd6061220b58b4bb4d762e26e307fa0e5d583ea93fce,1,1,Trekaroo.xml
-bcfd7bce8a3d673291b87c3c62f821290d4ff89c2e1da623e08109eb8c8449f8,1,1,Tremor_Video.com.xml
-315c8baf521d9edb49a5a49a91630711255a5f86162562bfc5e31a56198a1176,1,1,TrialPay.xml
-6f858769c48e6e19db4faf2b056420773d9e9c936e6a28322c04e068a115cfc6,1,0,Tribune.xml
-a3906adccfc4301efbc4cea0a097d22264fa09498b92e9ab18dbe4deb4f9e3e6,0,1,Trinity_Home.org.xml
-2438a19009f61439104d77dce8c63f118c538313647589307aa3496d977ceeb4,1,0,TripAdvisor.xml
-9d1f2028d622611c85867fdb9cce067898baf1b0c8b1cdf76382a435006dee85,1,1,Tripbod.com.xml
-659f54d49c0a1bc37385587c4594dff783cfeb3dae3463d6d9d48e95b14fe1d4,1,1,TripIt.com.xml
-9f80f4c773e05e5db20f7513412915c567bdf50c721475bb389bce9376a923ae,1,1,Tripodo.de.xml
-95f16dded418621ad47b6a14df059990d2ad3ee3e541ab18302119286c416dfe,1,1,Trkclk.net.xml
-583fe8b250539316209b382249de834765d3336b789e278a0290906946a33230,0,1,Troopers.de.xml
-5c5ea0a5d52a71e0d7cd988d3a6d77c836f498d8ec6683da96890eba5bba1665,1,1,TrueCrypt.ch.xml
-9f13abc038bc4708796c8149ab7a1ed9a3ad9ad1de438b1ee50addeabf4b1645,1,0,TrueLife.com.xml
-cc353d51b4fa9b6eb6e627384ca618e2739233019f262bed49a4e88829a5b8e7,0,1,TrueVault.com.xml
-88e8486dab5c9ed14e91e57247a0e53a17a334d00c34825f710f942157ca28cb,0,1,Trust_Dale.com.xml
-d068f81127f1484bb4b0c190d455ee641f01a8fddbb6d3303992cc6e6b5339e3,1,1,Trusted_Reviews.xml
-515209532db991dbc23f669a73b6d3038e7a91fef1a2e5149ca310c24b2ae27a,1,1,Tsgstatic.com.xml
-cbc81abedcaee320114fd5e4176a22df18d4f064aec016a1a5d63427f7b54138,0,1,TSMC.com.xml
-1ecbe1da69a1a1aa49979faaf3c97bee997651c4b0e9e33f7f23c61d14ac7f7d,0,1,TT.se.xml
-075aef1c9852855dc15b59f6f2eaf4f8bc106a7c822d7197794d05262618007a,1,1,TU-Chemnitz.de.xml
-160d9378e69345661bba9146be715619c926f9e42473146b07d8dcdc1473d772,1,1,TU-Darmstadt.de.xml
-0d46f84abc248fe7b3d684098a6e460a96a51180be156f15686b5ae6018f4c2f,1,1,Tufts.edu.xml
-de7344c2c6d972a368180b62f10774c317ddc037946309fae83d650d4ff4a538,0,1,Tufts_Giving.org.xml
-ed6c9a0705f39a6116bb5846e82ff40a083eb3ce58530524fa2c53c34fa73b2b,0,1,Tufts_Medical_Center.org.xml
-695f190bc96a78e91af3de7108e3a22bba1d1121c39b6ff01d00dfd94f100b8b,1,1,Tugg.com.xml
-21937f94bc991fadf00aef8c9ed502c53352946bf0f2e251098b8e7b39461d3f,0,1,TUHH.de.xml
-7437c1971594aa265eb53fa94c228ce212257cb485c529ca827783fe23e05afe,1,1,TU-Ilmenau.de.xml
-076f75e0cec1e5ee6f4c1b4bfba86da4123cfe0cd911148ee9a2de0b23e9c0bc,1,1,Tunespeak.com.xml
-327ec385173956e4fa7b6204764c2a58eee10c8090e1779b533ca1a82264a2ca,1,1,TurboSquid.xml
-ccbcdfbfe69533254836bf4d2e39ddbc984fb6533ea86fc7d641840140ecadcc,1,1,TUT.fi.xml
-009541f9142f0e8f7a467b8d9d9e5011b7a317f34acc6243d7c3b6bd672426cd,1,1,TutsPlus.com.xml
-51ea91a129109ca65e344037ce0b32acecb58ec90aecd8e2a9e9be59efea8837,0,1,TVBrowser.org.xml
-d4e0cb9416ccb4d5be104989ae950dc51fbc53f08dbb903a9b457d09c83415de,1,1,TVLinks.xml
-0c003aedc335a6535515697f9b8d5339d490581d357a0afaab7f8a578c830944,1,1,TVNewsCheck.com.xml
-910dc09ec17c26a12b275fe2d1282e94a82fbf0163282fe5a5ac496ff9ecbe3a,0,1,Tv-Release.xml
-e1f76e0ccf48b6a764b85cb52644e4f2f569d08b74ea01ff28e0eb4d99111b19,0,1,TV_Tropes.xml
-f7a7f84964606d6b282ed6ab65426dfa6346cfb73485ac1eaf47e4225014932e,1,0,Tweakers.net.xml
-b35b35365733082ecebdf86f03de9cd93bd738bd52a0239bb07d4507ad792b5d,0,1,Twilight-Laboratories.xml
-7b77852a18ebceedc2978095db85af92d28db9913d71634ba4d68a5f64802c08,1,1,Two_Roads.xml
-b6e20e58a85db551dc6b49cef5e67546f73246773c61d31d86c69986ef9a489a,1,1,Tyndall.ie.xml
-deae2b1c6be69bae7b6ec4895e585099a2f5374b53776ed4f075d45f4c1cfa6c,1,1,Typepad.xml
-1da05f6062123d8b368d700a96b0fbb2dc7baa69f14ba72716e3c937a49fdbe7,0,1,Typesafe.com.xml
-217e0a47c79b13bcf8a182ff48275e6d041cde28d82aac6157bc99c1d60493e7,1,1,Typography.com.xml
-d135385bdce6daba2dfa309bc31c7c871832ebfaff81f2c70d4e6fb4bc5e3081,0,1,UA.edu-problematic.xml
-a7fed2aaf25d78080b3ec0d40308a403283fecde51eb4a85208fce48ccefa882,1,1,UA.edu.xml
-db0b22a14e4f5c66f02f963504cdcaa35e78ed7f39f42e209b3e0a9b9ba1a593,1,1,Uberspace.xml
-d34257489620d9704f3ec14ff12a39809baeb7c02949733582eb599f0de93e07,0,1,UberTags.xml
-080fc622ff8332704b958560b9d0d692594c26964918c2bf3c496602568e761b,1,1,UCalgary.ca.xml
-0b1b418c73486bc0dadc747306a39b269d9cda91ef3292cc4149aab30e0f43b1,1,1,UCAR.edu.xml
-49c96678bc86a99b01c12892885c4fcf38f81dd5ff32f582af605567f64fd5b8,1,1,UCLA.edu.xml
-995aa7cdbe60994801ee5330b1ed5f89e56b12fa300fdd71deacc89cb1e21d51,1,1,UCM.es.xml
-ea8f9bf69a5d5029ab1c217760e6e27c3b5a4e9672ace704a2f9f7d8332bb497,1,1,UD_Media.de.xml
-de858af31abe4402e1eaa36359f7c8b42140cd93c64fe782cff904c0d017796e,1,1,UFies.org.xml
-eb6933d91ead523edc38dbd9150d966f34dec36a99de379f08e2df51f1e94139,0,1,Ugandan-government.xml
-4a7f864a3f854fe826e6a3dc007063a9ece15703ee80ae969882a1b8ccccc97f,1,1,Uhhospitals.org.xml
-f2b63947f9470794e4a28d994af0b354ecc071f5af85945d25045c72109a1928,1,1,UImserv.net.xml
-1c2718eddf3aad2784493ace750680876d5388690df4bc5bb12461bdd2e2b867,0,1,UKLINUX.xml
-b1fa590a3d235ea98e687c16eb278312a6ebdbace39393517a0bb26cc3767b59,1,1,UK_Ministry_of_Defence.xml
-96961aa668492fd95b7a45e568a5388a77a045d1a965504e3f4c5cac64f72426,1,1,UK_online_centres.com.xml
-254e23a8560db790d5da875d282c4364d6b9004388e55cfb8448ebc4fa3aef8d,0,1,Ukr.net.xml
-0b44ce46a58cfaebca7e63776807e71e756a15a477888271bf96d1bcb2db4d30,1,1,Uksrv.co.uk.xml
-dea8b7526b42b85e25f40701a5b312661473a090bee7bebb61f49ee99a3ee654,0,1,UK-Web-Solutions-Direct.xml
-c3e80e630bb200fc2c1ab0e7f3c3e3358531cab8aef87f657c79dc12fcf4cdcd,0,1,ULAKBIM.gov.tr.xml
-dae919c3f6ca4e00376c16f03704d0da1b907a19cf963af16a00b2a813c96c38,1,1,Uline.com.xml
-d4aebf02f3bc14f99eb5edd840295f9a9ea83a9da8590405750ad92cd27a399b,1,1,Uma.es.xml
-43bedfb524907eff167ef1568f7c8032cb2d63d2281b865befeaa3a1e2049eb6,1,1,UMBC.edu.xml
-1fb81f92216ff932aa6f19d86d881e1787d534499a3de722e4422a269e346e35,1,0,Umbel.com.xml
-d0c3484003d83f62d4d3a818a40dcc0d92ab8c1ccc926cb54c42bd7270d80cd7,1,1,Umea_University.xml
-5b2e32e00cef0ba0a625b106e51304e2f1432b8eec6915189e2c20ff889b4210,1,1,UMonitor.xml
-828127811d074dc9ef16975754dad838fa0174cc97ebcbdbd4dad31574e584f7,1,1,UNC.edu.xml
-abde55d39d54436f83a19a822428de73e001bc42b5bf7a6846ecf331b8786696,0,1,Underwear_Expert.xml
-3980ab0dcdb98b47939dfb35d9b10c9b1ed6266f4a7f93aedb305004afb8e550,0,1,Uniblue.xml
-ab746cbd444c8485fab5294c21bac38c403d0a694040c95732260829bc2c3a3a,1,1,Unigine.xml
-bd135ffdb815d31e79e5509bda7a2a677a86628cc655ca65c214de1b20bb4627,1,1,Uni-Kl.de-falsemixed.xml
-dacf0d738a537ef348d793f0cae29cb8a6767c63e4d352034c73b1ad503936dc,1,1,Uni-Kl.de.xml
-2b76ca2f6ddc6c96299e6dc5ecfda3b24949bd7e2a6fdb7c826506d455743da6,1,1,Uni.Lu.xml
-bf4cfa2104d71e0ec0e3e930c0d1e9129a08bce034bb8eeaab0d7d12fa1d52e3,1,1,Unimi.it.xml
-a937024d9043a23d94d3d72c6882f07b3961be52ee04344cc3c63f26056138f4,0,1,Unique-Filer.xml
-36b4425eb2b57da6c91f6ad1591de700d09741a417d589899f68fc99cf5b4bb4,1,1,Unique_Vintage.xml
-9e94b61af5a0fb8bab661dcdfd4a5aeecfb7389ba484b07f8ee0c2736af3b5e4,1,1,Uni-Saarland.de.xml
-65b7eb7c22e45c48ae0a322d87971966cac604fac7b7350f8165d49c87556572,0,1,Unister.xml
-50528247279d89e79ae139a869b96c7274b1d6b3a324745992c9fc3d9490307a,1,1,Unisys.com.xml
-44cc911a17c526d1a8c74161d9d8a8104bd9e4fc2a2626d35a85739c0b7b880c,0,1,UnitedDomains.xml
-5e429b727ca2318f54fb23303a5f3a3819a70ce22afd33c7829771ff1ce6dd46,1,1,United_Republic.xml
-a54f076011544a5b6dbf25864d034eec0868cd7a969d8f5b847c0f899b723169,1,1,United-San-Antonio-Fed-Credit-Union.xml
-9cd634c84b94dfc1e800e51326c04a4286ad760338cf337b704a316ff74cfbdc,1,1,United-States-Department-of-Energy.xml
-c5fbbe636496cb6f91e2cd50b9bfff0d708bd992beb718f6133fb44c2ff44e51,1,1,United_Stationers.xml
-2f42e894be064592af7da170cd603d831acf2d10b0ed05d618b606f1cda08c80,0,1,Univ-Brest.fr.xml
-03d526949445b07094448c452d80c8cf2df4c3103f874f7aedfaf3f7a612fb3f,1,1,Universite_catholique_de_Louvain.xml
-1b63de944b3dc6cfdcfff47840c4151bd742825eaca36dfd0385e151f396ae94,1,1,University_of_Applied_Sciences_Kiel.xml
-49843f351b754288574de5cb73a2473a5542ef67e3897eb216c61e9f97c1b8bc,1,1,University-of-Applied-Sciences-Rapperswil.xml
-ed415b19e0e0588a60d6dc04924c1d9e38d3ef0b5f99cf749235132684e9092c,1,1,University_of_Arizona.xml
-0ac8ec3397382662ddbf64902f9624855b252c9576998a73380c0c914f6f1bda,1,1,University_of_Bath.xml
-eac00803dc242cd3e843b8c8af41a0124c77d59a1287ac6a729d4716ec540585,0,1,University-of-Bern-expired.xml
-c0189f896165a111a06c5095aceb5c0ad42dd0d6706a7d1778eb14fae61e0ae9,1,1,University-of-Bern.xml
-5c04aa6f34bbde72ebdc5146ce783f31bb9eb4da7525abec541c527f722a766d,1,1,University_of_Bristol.xml
-930135e45407a24b1740c05dc8bbdc963991d4da2ec3acc022b3987bdd097fba,0,1,University-of-California-mismatches.xml
-40ef91002ef5179a4499618eafbb0ea6d063ff7ea503869acfd32eac9438fa17,0,1,University_of_California_San_Francisco-problematic.xml
-c2dac718151331da92c798abb24423fbbdc99c292e9cf2fca58166a22e429288,1,1,University_of_California_San_Francisco.xml
-0d8c654ff8c103639408a7666814cd3aa6670ded256ce28fbedcdba9a96900cb,0,1,University_of_California_Santa_Cruz-problematic.xml
-8c7c2ced844de3b70117b7f7c122c869a969beb3b271c7d5e2090bc1c531079e,1,1,University-of-California.xml
-9cf40f9716994fa5ce46c2f61060e3a26a12548e8e7135fe2b60659831e06ef5,1,1,University_of_Cincinatti.xml
-8a596b813df7ce8c33efa16d18d91bbd0ec416a1eed9449c8187f41ccc242431,1,1,University-of-Colorado-at-Boulder.xml
-9c79f3954325411a593b4431ad9a91850f63d21f41bcf993c9aaa8325069145c,1,1,University-of-Delaware.xml
-bd8a650134717d6663fbacda4e3d6566448a7d8559997bc4250cde0b97c37d95,0,1,University_of_Derby-problematic.xml
-17c4e3c658e8a6d4d64c2233f55627ebd82eddb7a5a6bd31f2c90145c3f9eabd,1,1,University_of_Derby.xml
-cc0fff29bc6a07633bd7ccb70628ef7bcf9763c09eecf7be5ba961a3fb2111ed,1,0,University-of-Exeter.xml
-a51b15e6ba94249ba53093ba41ced19ef790ba037bd92e71576e8a8398db2a22,0,1,University-of-Florida-expired.xml
-04a7e6fd8cb3f35e53a258ff9ef6364156096f79f89a6bbfc3ab4a562c7cabae,1,1,University_of_Greifswald.xml
-43ad4ec0941692425b76936f5d10f1e866849052ac5f6b537d796e4beb0b3bdb,1,1,University_of_Grenada.xml
-b575e760bd6ba5050468054cf07c4ecfb955e4671bc898d8e0ae781edfcf6ee5,1,1,University-of-Groningen.xml
-54816021249161dd67c1e063f262f60bdb650932a82e351028717bb50347c9a9,1,1,University-of-Helsinki.xml
-1d9da1c02f10316311989f868fb5a6a1aadd7e986a2e9eed25b4d061627c492b,1,1,University-of-Hertfordshire.xml
-0151d50e71cd4f0c608fd5d6ccff49862cbd3c9da6e910cba7d5bc7b136edf1a,1,1,University_of_Houston.xml
-6642506b348a157b2fc8b05fec0c40a6c21de1b6f82fdef38eaa1a4e79eb2588,1,1,University_of_Iowa.xml
-fb45af1fb5699cab6007d287aa55ed1977fc6ed96e508ed1b9fdb424662d90cb,0,1,University-of-Kansas.xml
-cbeda63cbc139d567c3968e82e57cdfa0f4ada356e844f2e9c96793eed1d7665,1,1,University_of_Leicester.xml
-3fb888e05ab2904735bac34b2a01c4f80092692bc035c4198dd12055f53cb817,1,1,University_of_Louisville.xml
-7348f47d6e380a9db30b1db471ad9789f8626873de30027ddc17de72d022fb11,0,1,University_of_Maine_System-problematic.xml
-bffcbe68aafccead956b6c6632afd2de03feeb9c08d6b468ddca372bb77abe38,1,1,University_of_Maine_System.xml
-ce6883479c26297a48c2cdea26cb8c3c73fd972b03dffa98ae58bd65bd63f221,1,1,University_of_Maine.xml
-e1515eab7c49ca3ee3c60e48cd94dce063981c37da4ae5b5b5f70229365249db,1,1,University_of_Manchester.xml
-026b7f74d856185d5d794296c4fb768463bc197c78434bd1137b57468a9c1fde,0,1,University-of-Manitoba.xml
-879f2555db5876717333c179bbb7e96a702c4daabcb42cd50cf45f916803faa8,1,1,University-of-Massachusetts-Amherst.xml
-96dd94cc310e936db76b39b334266d0d30a1679ddd1454f8a839edd3a74c701a,0,1,University-of-Minho-mismatches.xml
-f593cb0581c01e5ce42694956e88944412789b720c6a8921184183c3522ec110,1,1,University_of_North_Carolina_at_Greensboro.xml
-c2f53734fbb96b512f068f719a8a3ef75bfd817273ee5b6f47ad97d34e28ac19,1,1,University-of-North-Texas.xml
-d509521a3c1738dc49e0a3ce7c886a42703544a89019b1c8b37bd10e0a4e5662,1,1,University_of_Passau.xml
-7611ad10b797bdca195db4227d555d26e83df42183ef7e4acb1a3b6fcb13ffbe,1,1,University-of-Pennsylvania.xml
-484808a58abb59322bc7b7356e703f9a5e15ccd8114d038d439e39d2a356986a,1,1,University_of_Pittsburgh.xml
-5b27e3b98b43a7f49b1d48c729c9e1ce0d96eafe1d633f559a3993e3cd8b2965,1,1,University_of_Rostock.xml
-b86be48cbba40d49e2a4a11c5cc8645f58573bc57ee7286cb4261e98ca0a9cd5,1,1,University_of_Salford.xml
-a2c417f59890cee4ef34f1988379f010489bb2aecea4acec123336e98d409172,1,1,University_of_Sheffield.xml
-9284dd0302537c6d05bc76bef1eae1a57e3cd1dfa56ed498ba91eef1d9a3c577,1,0,University-of-Southampton.xml
-d81ab6e36bc204f9bb4fb99fe02d12e007595791ff05af8d7c681eba9dad8c42,0,1,University-of-South-Florida-mismatches.xml
-0ab02841a6ead3924af19e98e079cc70a542e0c5c2b22a652846babbc9126383,1,1,University-of-Strasbourg.xml
-15a0a423022f67dc61d0566c74e5c9ac88a9550bdc0b76f0af473ff839ba9b34,1,1,University_of_Tampa.xml
-8dd3fe0367f6eca6fb2f7323bd4298e08b7dea54b2217889d02a1dedefd011a1,1,1,University_of_Tennessee_System.xml
-db0928eec5b4a635be138187bc8de4356c5e0761ff8288d4c2cbf8354df1200c,0,1,University-of-Texas-at-Austin-mismatches.xml
-f9eb2c0b78dce339b2999b544ae922ba97cc5144da81cc56e2e0f9e746cd8e01,1,1,University-of-Texas-at-Austin.xml
-2d7e488b3e4a90a34b5f5181e6268c777769b5f52d9bb2ee98586ee0619106b2,1,1,University-of-Texas-at-Dallas.xml
-71d54122dedd8ad1d74e9ef5180aedf5e6cb470fc77ea84f6b5a61f095665b44,1,1,University-of-Texas-Southwestern-Medical-Center.xml
-bd8ac3d00a5c2dad7c95051d88787288e4da87f7060a07667fd02ad3e657f482,0,1,University_of_Toronto-problematic.xml
-322408b567a94f9851873cc21f1a44703dc8c15136d9d50f383797a4f1909d27,1,1,University_of_Toronto.xml
-050eae4257fadecddc7ff779e88ce596400e9eb49d9b61c8393620e5d07a073f,0,1,University_of_Tuebingen-problematic.xml
-30da65cf0fab77298ff7de648a318a979257d48dddf7e1e388cd1a330dd3c84b,1,1,University_of_Tuebingen.xml
-5271bdc47d196a50d523472c3ba3697315cc4c4b479292a05633ea7220861395,1,1,University-of-Virginia.xml
-6e8e81f563f6c50e976dd1ae1db5b503c26104a75885e97918201b45854dcd52,1,1,University_of_Waikato.xml
-02408ea5408aaa7adf7869ff7c78bac86d09985ee8a0213155a69b386037fe25,1,1,University_of_Warwick.xml
-6d3ec302fd6822f515d5cd489c4c5cea3f6da3e437e4d5760b30558c0e9fb055,1,1,Univie.ac.at.xml
-187c1e105e934ff0a29bb9c458fdd622e27178e97e11d2d4d7ae9566342284c9,1,1,Uni-Wuerzburg.de.xml
-04f4e0a5aa2958d5f9d095cc0148d118aeede6fe8b452d0ce04deb2d05b6ac38,1,0,Unix4lyfe.org.xml
-4f67e8e759cc42d720be78fd43a371f8dc9b31e1cfc85c6fda9868ab6420819e,0,1,UNM.edu-falsemixed.xml
-b06cabbae0f74749486d8544b4d72fed988b03e0e75b52db4090e6419fa5b4d5,0,1,UNM.edu-problematic.xml
-fd1cb2c416147864863495c30b4145bfc3f79cf52df275cd0c7557bd26e2d441,1,1,UN_Multimedia.org.xml
-78883fd089717176950d088e72542402b9e44a55a6019bc7ed8149ef3253cf76,1,1,UNM.xml
-585574c84903b25c25dc8e125b8221e69f1bfb10b063bd5cc76ee06fc20391f6,1,1,UnoEuro.com.xml
-8b36ed5e4f3113f750b1ff0929bd2c08f4bede76606e629e394abaea7bf4d265,0,1,Unvanquished.net.xml
-d417d78e437661c9259bfbe32547faaaf287ae000924de8748d7eb9be3b679b4,1,1,UOregon.xml
-576febcb2526052cf69c26013f26d075d466d8c57ac8e34d5aa5c60a74f3d1b5,1,0,Up0.net.xml
-1e7afb2d07a0fe5df0bcd6714c690bc64c65aba0a312c0f229d7bc2fd91eb702,1,1,Upic.me.xml
-b2652fb3b6a3a5c4e03de6e5664c7d55e4121e4776e9eb005cb5dd5f94cdc372,0,1,UpsideOut.com.xml
-d3e479ef9630aac9aec35c14a8096015fc3e647819741c43cc11e1d2f1c3f478,1,1,Upstart.xml
-1b3b0accece6234eefb92d4632d6d10abf6df83bf13b92c30ba732540a087bc1,1,1,Uptilo.xml
-7a8af06077ef6a8685b605edd0960eb6918591aeed504b275f00a52b17ce8743,0,1,Upxth.com.xml
-82d9a9e33fdc00692b3f32910877b27fce81ce6acc6b01ae16e21dd70a29af12,1,1,UrbanTerror.info.xml
-907266beed4a1d669f500978ddd09c3766b1680e654181dad0525c38e5cbea78,0,1,URLParser.com.xml
-33ab26a088d63978966e38721dd24779df0e72a6fa927c56b1ef9c8fe606849b,1,1,USBank.xml
-7b056903a4f7fcdc8d3d1ed3a57395ada26cfa168d1a9e54829caa29df18a670,1,1,USB.org.xml
-0119c6af7375f199b2abe6be9120a24e34e92f152065cca868f1bf2423f9b0bc,1,1,US_Citizenship_and_Immigration_Services.xml
-0c69356202bfd59745aa70de4633d7f8d9718fc6d322676b6c8c068cf038b799,1,1,USConstitution.net.xml
-647434d2e73a8e2487a70f4119136be4b5b89886e76e40454907674bddd27130,1,1,Usenet.nl.xml
-fb7ce621ebf160185b59dc717d05f7593714e3010dbd34bf5e8033da1c28a73e,1,1,UsenetServer.xml
-e8405ab7de7e35328c149fde0221a4b584545b98daf10f5cfb5f971a53459403,0,1,USENIX.xml
-37253ac964c42bb2b910621759ce273f910ae0f63f7497db27d5c900555d2a54,0,1,User-agents.org.xml
-624acce46170f956a165171c63c53ceed4292bc051035065d8f5c5b803cbd96d,1,0,UserEcho.com.xml
-572e6c6c3fe2566a715dec30b294a7f34c2e2a9d54a5102f280d5e7b640288c3,1,1,User_Local.xml
-8b9757d610171917073c32268fe0d7bc7631fcd4761316ed92b54dfd74745172,1,1,USF_CA.edu.xml
-95ef65e8f7f8431c9ae9dd2559d1b8c7885adcd11940c6f0136c7b1c83660bc2,1,1,USFreeads.xml
-0459389c2f8fa05a34ad3dc433d7cd0581dd707c79e49429d5ac0aa437f2e7e4,1,1,Us_Magazine.com.xml
-4346e6ad0202aa001cf66c5efaf1326a85c87d9bd396cd1a4c80eac520510db8,0,1,US-military.xml
-f2618d5b46589e1746a59effbf739199baa32d0664a676bcfc167b580f51633e,1,1,US_Nautic.xml
-37eb6c467058dd4c92fc635e6daa2c37fa7ef6c2d7c24996fafbde8fe43071e6,0,1,USNI.org-problematic.xml
-676d7b6466eddd7c4b84147c9035810f041067ca01a8014b6213dbc78b23b864,1,1,USNI.org.xml
-7117752a2c7d1607ec5f301ee4727caa857502b7e5f40939a9a34aaa2698a7d8,1,1,US_Patent_and_Trademark_Office.xml
-9d520a1203c22dbdf80ac93b50a27e29dcfe41ac276cf4c24653b145620aaf1c,1,1,USPS.xml
-6ab570d720487086e1a4fb4c35ba8e83ac78224aabaedeb775d563a64fec4413,0,1,UsrJoy.xml
-7c6d86624be6982826202f069e40c5a9c7992de1a1f5fb59172b7b189de759a0,1,1,USRowing.xml
-a2167040bff3e730b2f6a598f15f30e67a28d023d57d3054367faaba4c6413b1,0,1,USTC.edu.cn.xml
-e0196dc5cfda4c44d00ccc948be4625928702a756f853982d6f30cea49c299ee,0,1,Us_Weekly_subscriptions.com.xml
-977266102db9309a7d4170b34745445bc2847c67f8193af518c396ccd96eba71,0,1,UT_Dallas.edu-problematic.xml
-737b235408a8cec2956ac513e3fb5555052b8998d8d48a1ffa90f230bcee8e64,0,1,Utica.xml
-7a670737c4553654c86e065057ee25d27b90472c143fecc08410c0014d408b79,0,1,U-Tokyo.ac.jp-problematic.xml
-9930b44adf309fe470f7236b05c0214ffa54b766b220153cc20c6efbc73bad04,1,1,U-Tokyo.ac.jp.xml
-7e3668c85a13398c1e069e3af4a15b183ea5e25893919d05c9db98c7cdf76bed,1,1,UTSanDiego.com.xml
-ff2aed5082fa7812f6c0249393b7ef2d75b9b97fff27ee0f75315c7a458a7adb,1,1,UTwente.nl.xml
-64e8196b342796d56261c72b9f1bdd3490a6e752cbae1d28121a7c94681f4569,1,1,UU.nl.xml
-ca9050e78347c6536655c413199565617815b1041ffd409a5a7b80c35a34e6a4,1,1,UvA.nl.xml
-99a979f836e3af45cbded60128ef9c83ca449dcd3ac13695cd75390c1748877a,1,1,UvCDN.com.xml
-fe5d16ef6cbe84e3d548ff490cc33a18e29fc54aab9808654bd8fc214838ec70,1,1,UVic.ca.xml
-0c8e6b3534cb476f07b87f282cef2ac6b42a3faed84185a85603d04c6631ff8e,1,1,UWinnipeg.ca.xml
-028839a97af7c9fab87ab0d04ad22a5b1c97cfeac28db5e1c420d0aefe23b836,1,1,V2-Cigs.xml
-9e79e53b9d27933407e25b6ae48564d41c019cf08df1fd18b7c1ac3ef857efcf,1,1,V3.co.uk.xml
-d3f445382899ca09c99404bce4c0dc739768f0dc907d78284b8034baabde4256,1,1,Vacenza.com.xml
-cfdc69c8d2f893965541cb488516d85a43ee5b586763e49a22328f70b5dca311,0,1,ValueClick-mismatches.xml
-d070a6afe739d131285eb87df1c11305e469cd1a3d8bfe9a57e223b4b76b9830,1,1,Valued_Opinions.xml
-7bc889588443078f59821e9233c63c1334358fef4969ad55f578fe0809548e27,1,1,Vanilla-Forums.xml
-4531034e48f47841a5b548ec7e196b850d8fb1d87b7cdd691f035dadfb2b8c15,1,1,Vanity-Fair.xml
-51ab02160086d1d0ea7a8f03e7d7f2e1fbfca841b48c29c23a1f956547ddbd0e,0,1,Vantiv.com.xml
-541f99103984b2d16a34d46579e10aabe0ea10f4d140bfe8366add23b98d39e4,1,1,Vara.nl.xml
-b9b0396960be487e61ab263e7341e1fde512be9ce069f219bdfde8c363b7ab60,1,0,vauva.fi.xml
-9b71ab6abe5802fb80f50cbfa9f44e41447ff19cd5acc611b5e951a99164dacc,0,1,Vayabe.com.xml
-3245df25fb7f2b5a07f1885682e18b5c92d8f9512d1500cfb30c49b351418d20,1,1,VBSEO.xml
-be315490f478856932d6d7e0dcc69137ae0a39411a18ede9e9b96119cb4b591a,1,1,VCE.com.xml
-0437b4009022008b56e58c10d08f7ace43d83d3ca946e7592c55962e70a8d941,1,1,Vcommerce.xml
-25f9fb9ad931eb2633dbf62a790dbef671003bedf05ce0c67a776b430eff60e3,1,1,VehBidz.xml
-c27f0cfa9d553de3e65fa2f7249aa87b923ea51d078f6604d02e00930928bfcf,1,1,Ve_Interactive.xml
-a8b3a0ea0666e7d56893363da090fc2ad0c3b5ca37698babb2889307a80b1c0d,1,1,Velleman-Group.xml
-1a36f007f5be12089abe81f6a3f5c8963497f8d467f45b9cf126c514fd3c330f,0,1,Velmedia.net.xml
-d7d49d47fe10386c6886db6cb4b3ef8167c923100033c5cafdd8078dc36e1eeb,0,1,Velox-Project.eu.xml
-861008dc67204d83a6834d4044ed097df201351924b424cff5de57bd7575ea8d,0,1,Velvet_Cache.org.xml
-a2678d219a759ab4e9acd04c0325e691f559c7ef55a4f2339d8138274d95d586,1,1,Vendetta-Online.xml
-03142920bcbd18f915c755c8a6feb9026a44156731240b30534a05b95fa051c5,0,1,Venuscafem.com.xml
-2c6ef10eb55db8e24789d312206e9912c7ef86db24585146659860398002b639,0,1,Verbraucher-Sicher-Online.xml
-6dcce26da889c8a152970f62daa73d12b350cdc9940a7df4a7afdf7f73808d3a,0,1,Verdad_Media.xml
-e12b6d5c3eb3e1115119c50070ef4410f6a1e1bc3dbfc9791bb77cb6d82fc52f,1,1,Verio.xml
-4ba3afa6e1e3e9f6e447986b6da4ce1ae8ffcba7c34c6bcf25e7b9ada2396f48,1,1,Verivox.xml
-a321163ecff3304c427ebd7c7e1bf7ea5e0cd763fd1a90ce92f5a09cf236c2ea,1,1,Verizon_Enterprise.xml
-c203bd812b538ac7a93a711f6fc1ee663f78ccb6320db05cbcde811059abd45c,1,1,Verizon_Wireless.xml
-eecd0f86d3976af4bc45b163839875219eae631d4620da357e43ff7e62f9a8bf,0,1,Verkkouutiset.fi.xml
-a67f146e96321ef2c2c1134df0c15776173421d74192c292e81b0c21fbac8a4a,1,1,Versus-Technologies.xml
-0b2034c782d1f7de7c5c6e8416834dd312d437a0aa984e67fb21399667ebdee8,1,1,Vertical_Response.com.xml
-5ab4e8817d97cc42dc1ad1bedaed85bf7143017835e140f10151e222aad74b58,1,1,Vertical-Web-Media.xml
-16e0ed171068f77addf104b14307dcf01fee8cebc1e31e7ede7fda53788d7b12,0,1,Veruta.com.xml
-dca681ef703ae025e986f1bef45575452df62543baa7a0bde381d6bf9a8ae56b,1,1,v.gd.xml
-02f195e0534b84f901ed70ae7a9d857a25a6b97dc1c97dd159131c9caa8298c7,1,0,VG-WORT.xml
-e99551855f8ef5ad0f4f728e46fb5a4503349c443b6a065609328d7c06fd1cbc,0,1,Vianet-Group.xml
-f3815e08088545447609c202403cc423f67885387fa9bc503aff7792e87f1156,0,1,Vidarholen.net.xml
-49337b9ff4af1c53f5837dc436d4f0ae9cae829c0683776836f6d85371376ecc,1,1,Vida_y_Salud.com.xml
-b9a96bb1e88431f6f508e49e1d99303ad56fb2e9beae2b798f019de7ad65239b,1,1,Viddler.com.xml
-eb34c8200f181b33896dc0505a73648eb61692cff8c8b4a6d6db5bb9c4b88e70,0,1,Video_Interchange.xml
-2639ce1da9c9d0ce487df98d01e9e103f32f9adc5d04af04969d5359f3a9aff5,1,1,Vid.ly.xml
-df92a6c088421e80ef1512cc4e07a73d50fb36826406200f4e0a156ea08164bb,0,1,Vidplay.net.xml
-2a88d6ede0612b9738f6c40819e7de2a2513c5f569ddf8f0f5931419868f7e8b,1,1,Vienna_University_of_Technology.xml
-6c277f1037e46a2a059a8225c98a2f813e5230cc48477cc5b2a1d345db77eb27,0,1,Vindico.com.xml
-18f68240c337af3d25a31fdd762e61ce4f5ccbc38e704cbfcd8979340f0c58a9,1,1,Violet_Indigo.xml
-c65c279bfb304e80050f2d823e3c75e5dfcfb8e91f4c6d14ef3ae8c6dfcd6a39,1,1,Vippy.co.xml
-248224aa6eae82843e074512ebf52e4bb7134b14410768fdfff5cfc3c684e52e,0,1,VIPserv.org.xml
-ba2110c8479f41bafaa987c96e313d2a36236847dc7524ae40f8eedaae8aea68,1,1,VirginAustralia.xml
-d31795f6dc7b602c6fa54849c5b2bed28fc4086fba5a737802c43318720ab947,1,1,VirginMobile.xml
-3d01d5a53f3e1e8077b0062f55b9431b2d3639128902e2c355a60e78395cb7d4,1,1,Virool.com.xml
-f684638888b331ae7388ef7261ca4558d1cfa293cb6df9c0dc71b4dcbd3ccb98,1,1,VirtualTourist.xml
-fb197d01a624c439a7398370623d75cc17a09b9d588146e730a9b68eb14fed89,1,1,Visa_Buxx.com.xml
-dbe019114063e2c60b5b435f84d09fec9eaa2780607cf1e0f36a339e7cfbb414,1,1,VisaHQ.xml
-64e823b83cab4914e4e1c9da47f565ad861233091b293f0296a71b8ac7c2d98c,1,1,Visalia_Times-Delta.xml
-bfbf5bb3ba5a0109b83aeaeeb253024d75278ba85e0da3dd1b36c1f0f597e231,1,1,VisibleGains.com.xml
-2bec628efc102efc2825893a3f92ca575a26973904c89a73868defae85303139,1,1,Vision_Art_Forum.com.xml
-001cc8e606c1c655ae640884f9229e7aef96ac5e70c0632f15d55fef59299230,1,1,VisiStat.com.xml
-b79f622abeb5a8754d580adbf3606aa28a8691e24b777bfddef95be0ed06bde7,1,1,Visitestonia.com.xml
-22a722ad1e155e3bee71bdb1b9a3ae90235e9687c48bd387489dfb3ecb58bc8f,0,1,visitsealife.com.xml
-e8b64c820d09e77cb97d2250a529daedf6369536382561b86a348cf771d306c5,1,0,Vistech-Communications.xml
-3e2928ef78292707c878d9f864868e03bcc28d1a69d5c4edebb850c2546e3215,1,1,Visual_Revenue.xml
-a91841a6d81a0937c3bcf3c15585f20a224fb70c17ced32225a35c2033dc90b7,1,1,VisualWebsiteOptimizer.xml
-17f1c78d50c87022ca1f5898c00fb9e43c7c14237916d34135694a41f7906c2a,0,1,Vital_Gamers.com.xml
-75241e3d48e2578f64e46c1f39f4f412ddc4842f0990303c345b99085c18e16d,1,1,VitalMend.com.xml
-e8b46e57d859720a333bde3f21e0e4e36f8cb867c6686a4362c23ea4406ce6eb,1,1,Vitalwerks.xml
-1a4329d51b72f9ccf5f12e8c839f4dc9f744fa6a15dbf4a9fa183b2de95d4410,1,1,Vitamin_Shoppe.xml
-c6920ad0394ef6eb3d8cd9b9d0a5e7cabbb1105a6112acf5f9bae60e97bbe2bb,0,1,Vivaciti.xml
-def6557f41d619f8602d97c4fce68e182ccb0c83481d6fecb7a2a42730640906,1,1,VK.se.xml
-d8652363747589e0cc4a5b880150b22dee3297bb2f869e7b29a63460845fa6ed,0,1,Vliegtickets.nl.xml
-1fbd0ddcea01b9288b9e8463e41972935388ea7e301ff2e33dfe5b229ef3ba2e,1,1,Vogel.de.xml
-e9a5887debbf054a3ef705efba7b795befe0936487d3ddc7ec0f99f53feac955,1,1,VoiceFive.xml
-636420e195fd3296d6a0fbf1aa2af10402c50fd22d6c5070e95b87aa62784f08,1,1,Voices.com.xml
-048d38ae60595630ea75d34041ee63a13d29c206889610516255abcb03fc3d73,0,1,Volatile_Systems.com-problematic.xml
-371824af717de2b303cf2bb11abeb2f875647d007f8c185a6eade9d8b7f129a5,1,1,VolkswagenBank.xml
-60dbeac15d3d6eda2af921da74fad8574b00638eb24d625c3a0102116e59a2ce,1,1,Volotea.com.xml
-26d45e71e55a0f19a90163b240a658d92fd4763f71c0543b938ac9e49610c13f,1,1,Volunteer2.xml
-799b335fc4486d44b5a2aca9e49c56ab08b59d481ad628d2e35031e3aa35c563,0,1,Volunteer_Centers_of_Michigan.xml
-a3272a5c7db777b4e3636ee2b04c43aba5c642ba0b35cc2c00a1855240c9b475,1,1,Volusion.xml
-e8ab747c2c48c350e01e548b2347aa6d96d2c6f4ffad2547a20af7f69075ff8c,0,1,Vonage.xml
-82f403ce2aa0ef95af059c8f8c1fb6356d899cc3d1fb8f945c92a4876b4be4f6,1,1,Voodoo.com.xml
-98c991785d9dafd952609edadb85f69b2e0c5c50bd078d8d363909b6991e26ed,0,1,Voxel.xml
-9fce590c2181d4d42d766e871b4888dd8a9d495dfc4af419c061990f7e973570,1,1,Voxer.xml
-a117ac9f7b8795646b325f5eb086f08c07fc84618a85fe91af96a9527d964301,1,0,Vox_Media.com.xml
-fbb2fcfdc39c784e914f554977d3a26db00fa1e6ff968ba934d080098cee8295,1,1,Vpnbook.com.xml
-5c2cdab9ad0027eae3e6ed5e3a3d7d86a452c9b88943141dc80f2318aef7ce43,1,1,VSCo.co.xml
-3543ad7fed39e1c7d9c1b73cf31abdf033da4b81176b2e6065249b4b1c7f7d19,1,1,Vsexshop.ru.xml
-702dcdfd0555f771183b4881039deb392716e34e15d5bb1eed7f4242d5867ec4,1,1,VTLUUG.org.xml
-6ab17f304050bf833d996cd4dfaca231efc3e2425ded3fa81a2f7d1e0a988593,1,1,Vueling.xml
-43471ca065dd71d70737df3a6ece1cef751fa1e46b1aabae2b6c729e08e06cfd,1,1,Vulture.com.xml
-5e6ee0075ce408d3737133ae80b81cb99ae90f227f711824fcec6178247a60ff,1,1,Vungle.com-falsemixed.xml
-712e9c11fa537727065fc17317b376dbff0841191976892fbf193cb53956d898,1,1,Vungle.xml
-fa9a39660d76b6fd8ba5715b15f43fd9fb1a2ef4be04d03a2fb98d7f7654b0ed,1,1,Waeckerlin.org.xml
-686d52b9e887359a9fb2a3f6eede8bd81fbbba5a1b3d89935e85c4350883fca0,0,1,Wagner.xml
-27404357c723335a40fff088677c65479e073c10b4998506d2e74387d370b113,1,1,Waitrose.com.xml
-ba1593452425105c70c808ddffae73fc41bfc86e0709d962e65157bd81608498,1,1,Waitrose_Direct.com.xml
-683d274e1fa8a18fd73448d94c4477050828c653cbf8c5196bf212046bcb6943,0,1,Walder_Wyss.com.xml
-1e725fb2b88399ecd5321418db119a913147f532bac20834f9c5380fe6b3d230,1,1,Walgreens.xml
-934aea98a94884c94202660e696cd7be14d2e0ee87a4d378c05d87d485c9c0e0,1,1,Walking_Men.xml
-30c1aefedf43c09d94978750bb47fbcd58852e9a878b1e78f4f3a6b30e218f9c,0,1,WaPo_Labs.com.xml
-7c94dfabc1a022237d22c9a38e763f561592b7553acecd8b5aafe7717e3a7669,0,1,WAPY.xml
-490f37f964fb9bd7058bb7e2f52ac06bbd076a10428097654ea263efca37f629,0,1,Warner-Artists.xml
-1e26f33749735e34741aeb8c24b83694092d38f61bd183b7b901cbc4b7aa8385,0,1,Washington-Post-Company-mismatches.xml
-b52e61298887f1a7e837d0cc6e48edd14de0d6ed0983477debb5020ce32c646a,1,1,Water-Challenge.com.xml
-855ec707726db8e3579c25eaede7119ebd757579fe32a139ab7bfd60818a0380,1,1,Water.org.xml
-345b6b2fae63c61a265a9f34a768f81133caa068af17f61b0a82066f02da1777,0,1,Watsi.org.xml
-23f434ff5a7809ed8d594dd950cc7c6c1277c7b8d314949f66e10fb649c5f838,0,1,Watson_Institute.org.xml
-52d9cdba31649b9d41912d38370925a9e4c794f6728f436279628fa9246facf6,0,1,Wazapp.xml
-f1651a48bdaad9f31cc77e80136abe27ffcb9ed903a322fc915815f524c140a4,0,1,WD2go.com.xml
-3666082fafc12b33eaf9ce626f9f90c8a9a240fe12c4e0d04d8b70deaf6abdc5,1,1,WDWS.xml
-0b818b88c798284cf79298c509cb9c22b7bfbbb1a9a2f8168214c272781633f2,1,1,Weather_Decision_Technologies.xml
-87ab309e0c850f1c2e13b04ecaecfafbd1a36a3bed68c65848916a856165906e,0,1,Weather-Underground.xml
-8adf76997622bf023f5962d510eed3723a9fd06e573f76f63de6c7d90759475d,1,1,Weatherzone.xml
-af9750e35db542ad03022e8ae5b73065aef4db2aa1a6282597a86180aa3276d4,1,1,Web4U.xml
-6a724458c5e87ecd10c347e083283ca4e52829c337b4b153587cc9459055d16f,0,1,WebChuck_hosting.com.xml
-9bee3822b846148f1ab13645d332e7d528edba99136159c599f6c91c077caa78,0,1,Web.com-expired.xml
-a49b0578f415ba010c6768174e7afb7d9366d8fcbb7f03aca3f75b66c9bcf3c5,1,1,Web.com.xml
-43ee8656c3c9a8dc1b81d85e29e08c8e63aa584449617f3e4fd44b47c689b988,1,1,Webcontrolcenter.com.xml
-f225dba1046880c1a5c8af9b187020345a85b45515f5f1e7e7bf7be3d01a68fb,1,1,WebD.AM.xml
-f00d35e0cf73278bddebc4394e187439c7d0ea39b15ca69d7d388ac5f9947e48,1,1,WebEx-Communications.xml
-7d614409e9e5c1a7376193e7aeb5950c05b532cfcbe43798148117dd94d4c5d0,0,1,WebFaction.xml
-ae2bd71a4770853110661947b509383266595ac5f97812c8c508b52fd8d25436,1,1,Web_Hosting_Geeks.com.xml
-bc92646bf8aa3728d12304c9eb2881dd885c1d16ba9a282d5062fd72f61162d1,1,1,Web_Hosting_Pad.xml
-8e1b8e2644fbc5ea473acc74abe12256d8d73f48272ea58a092eedbb55c64e21,0,1,WebhostOne.xml
-44fe73be51a061f9dcf30e620cf15781f1877f196f976c601a1127fb9910f942,1,1,WebKite.com.xml
-5476efa330deb653c29a6a507a11c146301f583daad0a8346c880b96673b27af,1,1,Webmagazin.de.xml
-bfe2947fa6ab729061147e9434ba6180a107604fb21bea83859f881216c556c4,1,1,WebMD_Health_Services.xml
-f6ed6586e201c975e17b11fa03740c7c62396674f98f8658941c55f3f50acd1e,1,1,WebMD_Health.xml
-3a027fcaefdfe8d30b38cac405d2ea12596fb81d20d332625986ede4abdc5cfd,1,1,WebMD.xml
-886c705a0f37bd5c15f25de8e488c192ec8dbc40e69a6e0233b324882e338a68,0,1,WebMediaBrands.xml
-f1edbaf6bedf99890c4874b611f74c7c52cc13f881604fbf47512278b22235a6,1,1,Web_of_Knowledge.xml
-b4d326aa97154c16f32e9f4d0153706b2d86e02d1582b93ed46bbfc4b9a6652c,1,1,WebProspector.xml
-2d8f080362c974c4499bea98f697b453570605594629a18c507e4220b0bb3c1d,1,1,Webroot.com.xml
-dbcc578640c655bb0c695ed4716f13a9fe86cc90b044caff1a3ea7ed0dd7dbbf,0,1,Webropolsurveys.com.xml
-6b9beff410e23f4a51edf8752eb83a964188180f19f31aeeb94b6a2ac5e985b7,1,1,Web-servers.com.au.xml
-2a440880c552f3116b2f466d4e831d12c295b8cd8defcb4a42e56324cc839936,1,1,Webshopapp.com.xml
-9555dd551da9c352bd8fecb285654af767f26c8b4af8d374c21b3633a4f25990,1,1,WebShopRevolution.com.xml
-468aeb536e3361358da17effce6b01df3368bb7525a2887d525090baaf76fab6,1,1,Website-start.de.xml
-0f41d0c349d361784937ddd7bf8606350f90f334333ec012d1aa71ffce930c40,1,1,WebSocial.ly.xml
-8099e76e7198496cd1570b4476ea4a7c3a76fc0848410bdc511be3aefa499652,0,1,Webspace4All.xml
-2493d70899767787da29629a688d99fdfbe49ff0256bbc83358728c79a5bb267,1,1,Webspace4Clans.de.xml
-39473a2d6d9c9c2de2c83463787611072e5f3d043021edbf4d60641a6800390d,1,1,WebSpectator.com.xml
-823ec8b7eadf76010137d26fb1947ef171d76fd906ab726890646c2c0f138884,1,1,WebStarts.xml
-cacf30b765ad68c61fa84ffd3e6db0c636f668d9254c900bbcb46de15d6e21ae,1,1,Webstat.com.xml
-e0962fe4bfd0ae833241c4bc9a66106920ceb9e8756cc70167e591707bf39775,1,1,Web-Stat.net.xml
-3d80a69e9d91fc2f37c66f7889675712cb9888dacab9283f99f727033181f32a,1,1,WebtraffIQ.com.xml
-3b00d11eb23e281b78d953139aa17e5cda9e6e581be328d2f477795bbd85582c,0,1,Webtranslateit.xml
-7b39cdcde2f5b3492cb97b2c0f9131fd5f70139f0ce9724681623b7f1f786dae,0,1,WebUrbanist.com.xml
-cbbbdc6fb132f2cce52e3bd5d7010ac0c6c59a5c8e1f002542b76530aa712ba6,0,1,Wego_Health.com-problematic.xml
-1e44ed825125907d6cae44ff8a80367225031b54bd0149694db611e930f54ac3,1,1,Weiss-Research.xml
-8edb6acdbf3d70453a1082ad9cbb2b3301dd7a4a0e8aeb391fe10aaee498545e,1,1,Weizmann-Institute-of-Science.xml
-28a3153777a4465a34523baf6cca4b3b128b2f4b5e41ae3e502f47db6ad8a805,0,1,Welcome_to_MetLife.com.xml
-5521b2ce5f7e898bd3ea0d41fdf92bdc76c7af51509e957e7a588c6b8caafb06,0,1,Welk.sc.xml
-0ed29acd687b02e649ba4e94cdf7aa43f7cb401efc0eda560c4c73f576b48fee,1,1,Wennect.info.xml
-3653a4785c28b361d04ce12c88e0811350bd50b94e6a361494f64761aad5efe6,1,1,WePay.xml
-8ef5a712c94fcf3c7c94ecf7ac46a0865b9cc73306d6f0791f6075a592a5da1f,1,1,Westconsin_Credit_Union.xml
-7ab5d760eb782800a94d7868d79b6f3c7f5621b0aeb88c7e5a8553b7db109471,1,1,WestJet.xml
-4ae3197a0f427caf0222250d811f751f5020e591719b63f3bc5e3e385af14c57,0,1,Westlotto.xml
-7c46e3c1ed2a02cc97133e546feb32b729001242e893e3345ccdefd7db720c57,0,1,West_Orange_History.xml
-ae329e6dccdf72e9be85e53412a7f7a5a53fd44ae853a3e77a20bfeb506b7ea8,1,0,Westoxon.gov.uk.xml
-4db4898402f91818bd0be4b49ceb3f4dc465bde9a2357852c6f47dac0cf178e3,0,1,West_Virginia_University-problematic.xml
-f6818c41df99bdc8cb6885f67c27d91672a516cc1a15610b5c301a9d6ac62bbd,1,1,Wg_cdn.net.xml
-a8ee7b73785bf6447ac322a7af90fba115d2e75bd6a0ef6e7a90e387727b3035,0,1,Whamcat.xml
-6752c99fd0b439b67c13d1ee1063aad8dcf1eeab6e963e406d5a7d6f60af26ab,0,1,Whatbox.ca.xml
-d7537f7e21858dae64562a4f7e64eb14ad7608c4cd25e133a867f51bfd3a0ac9,1,1,Which.xml
-50c7f973e9fcfc2ac8b4f4e7a496a4219b21d97805a22d7fa46f978271a45de5,1,1,WhippleHill.xml
-4e1e48a6d64b79dbafb4bc50032a7e7cd1d71d8782f4c67baa2c1000f2ad0a54,1,1,Whisper-Gifts.xml
-77afcd6e8f15f2b6ade0164b29785cfcd7f94fe60ca8526ad54e24268e01a7b3,1,1,WhiteFence.com.xml
-29211dc5f2d57c9bc61b7b06716d49200976da7aa5bdd47278557c373dce7f6b,1,1,White_Hot_Hair.co.uk.xml
-ec1f9a810ffe14b674903c235952fd9df05dfb0d65b4120bd101b10e33862711,1,1,WHMS-FM.xml
-ed22ad03a82abe2247c198290494e6b90c1b93eefa050d66ed0b5e1759fa27db,0,1,WHO.int.xml
-de49320aa2a935c29d7f90ff0f792ec51a875b448e3cb6828b33c0f37027bf78,1,1,Whole_Earth_Lectronic_Link.xml
-ce809b7bfb8a875feace606a959feb0c461732114e07338c99e258968c591b4a,1,1,Wholesale_Labels.com.xml
-230a483aa987f21dbc5a05091cf8551abc09c10b1c540ca8413061dd68578719,0,1,WhosOn.com.xml
-902704e9faef436127566d05680cb008bee54cbb8d1bbd14382154c336382fb9,1,1,WHYY.org.xml
-5cb01803034a302feddb724d1de7010b34fa9800c902750a827d09992bf86d43,1,1,Wiggle.xml
-4c02cc6ab1440cb13b9205d0962960237508dcaf8ee69df4d12ca1eb6cd4439f,1,1,Wikidot.xml
-c1856a2322d96ad7886aac15a5b3208374cf14605bcde5e575b29a58e3c378dc,1,1,WikiFur.xml
-8a7e65d32bbe8207b80c2f044d4eb72da60b050f414a3af814d9629b61003482,1,1,Wikinvest.xml
-991032b4bf2e8bb26a7ba5c74594c44c83cae224aba49e6eb5633315a687cd09,1,1,Wikispooks.xml
-6b389a045eb70ccb96292b8dccc757b0b6b580dc6f25217f64a96b4e0de100f2,1,1,Wild_Apricot.org.xml
-abacb82abb4afdf07777ea5f54f6ed6bc53e344a39d61dd7c2223eb41a00d636,1,1,Wiley.xml
-823c9bbe863794ade57f6cbf53ccde300deaff8dd3750ccb4d8871c8378f1043,0,1,Willamette_Week.xml
-202a31b211e1fa86534fdfafd80c26659137ecbd6d339ad48afffa62caef66f2,1,1,WIMM.com.xml
-3ce142deff512761b20f1763091c30db82f829e2fed0cf0536788da292634d20,1,1,WiMP_Music.com.xml
-0685ef4a293e73be70fafc4c148235057f90b2c647810ed1dc0edea3d04051b7,1,1,Windows_IT_Pro.xml
-2a13f6f7f6baa4dfa85c46ddb205c5b4dd5c9f20b736d016668dcc4c9caa7414,1,1,Windows_Secrets.com.xml
-c67337bfabda36b7b539abd15c565dd410a20d741dfc2f8eaf379b3038019fa7,1,1,Windstream_Communications.xml
-cbab69014af2a02afb1bbfea64dd5b7ffb8e8759be2095d6e47579ede6041c96,1,1,WineAustraliaCorporation.xml
-32f6f0cc30b35c8976e18ca4ddcce03605753a93b528a5c2a1ca2d30a472d5b3,0,1,Wingolog.org.xml
-4d0fb71c488ef77a627fec50cb67c5cd70738d0c2b044599b6b84891bd76c692,1,1,Winner.com.xml
-b859ff3f78e0cc95b3eaf81ec38153ffd631b75974902b50e181c2b9a73b08f5,1,1,WinSuperSite.com.xml
-5c7c1decb343a51e56b6509b45f8a1cbfd832ba22565e9203fbafd50ffa58aac,1,1,WiredMinds.xml
-0812bcf9185f25ab18b3a7f034f332203cdd4f3de385ab2b5e2737e83e9d969c,1,1,Wishabi.xml
-0c730c529f3cd69f7b467d504ff460ca46301660b1dcdd88ba8300d4ab7f1d6e,1,0,Withknown.com.xml
-83ef353b9aab96e56973c3d8150c1f1e3b6cff4f68cad34cd754f3e2de999108,1,1,WiTopia.net.xml
-107b0e53285b3cd5b876c03108d666cba1dfac53af5a62e0190c990cb08c4cc8,1,1,Wizard-Internet-Services.xml
-e22b3d745136b4a31c7b3f3a8f65c77a8721c1afe5e2729c6cf848fa07ff8687,1,0,Wolrdssl.net.xml
-e237009069a1f7e25b8d4d83fb77aa2f273405abbeafa0f3d9f70110cc08c309,1,1,Womens_Health_Specialists.xml
-f7999de568e74fdd703ef7c2aaa057ce2dc1a418d112ea5cc64aa6d29e57915f,1,1,Wonderlandmovies.xml
-072d4bc8ac964f1db9fc4b3d1113dbe48d854b975c89839f3d5395226fee2b33,1,1,Woobox.com.xml
-69427086023cb8659815526a6188f67b519e979df97998a8ef78e590491da187,1,0,WooConf.com.xml
-ff4541825f047117ea740aace764bdbde39b51a83d23cdb600daeea7bbcd7acc,1,1,Wood_Green.org.uk.xml
-01357c1a2236bf8664e3b8a3ed041831b4058127f0131bb71a33838848aeaf63,1,1,Wood_Green_Shop.org.uk.xml
-d02bc8e6c4c0698add8f02b5c424af3519429f251ccbb2f0c8ec34adf2b08ed4,1,1,Wooga.xml
-9500afb5ea51aa0371714903801089c740a7955bd157c8bd6001ee5a3b2fcd3e,1,1,Worcester-Polytechnic-Institute.xml
-1351c796282373c4a1beba3a91c865b02dd2eaf726604288521e93305137d326,1,1,Word_Pro.xml
-92fd7c961a4c484497a8ed726fdb7fd9a41968ef735746fd08457c37560bcb75,1,0,Workable.com.xml
-a591bae4c365ae63ff66b71537267c743185306bd4a99df5b85e3f014566f332,1,0,WorkplaceGenderEqualityAgency.xml
-078235defd32e86110f2907ad23d7587ac05fc64016db23653018aa86af59233,0,1,World_e-ID_Congress.xml
-dd94cdda2877f852dadfc3a6f2a4d2ef0a464b068a74f6e897a3ab1a15f3865a,1,1,WorldMate.com.xml
-ee8ad00200a94e47b5c9f1552f83a87c7322a0632d7c29ec2c6cdf42edad6475,0,1,WorldOfGames.xml
-229f57810d6333fe8c71989bcc5f5a53950f0fe8234f8b36dbe6a8d71e938292,1,1,WorldRemit.com.xml
-7d767b7fdebe50158bc48e64f5ba12b728876f3ef525c3048ea8ab811b80ba4f,1,1,World_Television.xml
-5065006d5171a62cff4f927cbf17959479e9a88d39bb4604dfc31bc0f0265318,0,1,WOW_Analytics.co.uk.xml
-7ed531500221bdf06b719c9fc59447357de77faeb9082ee7fac65da7df701332,0,1,wpa_supplicant.xml
-b47cc604491e9ea5abf27d66cf994aa808b9d54f3fd47c3ceb552ebe91e60d84,1,1,WP_digital.net.xml
-33bc269186d151c347c4f00a203fe49573bc7cdde3759cccaea2d68e9d78b148,1,1,WP_VulnDB.com.xml
-c50baba02efe0851746b13be4652c164eff3a697417dfbeaf2bc377333074e7e,1,1,Wrapadviser.co.uk.xml
-b4ec6518bb54a6735c38a417b5f75bedeafbcdc73af0a31b33d3b9dbd84f99e0,1,1,Wservices.ch.xml
-839e3b1b48265738219453a6d10596ac6fb455ae2eb1694461875764dbfd67e6,1,1,WSO2.com.xml
-0601000b056c8d7de6c0cb80720f2ea5f7cab0a1011c94bf864532c51a148bd6,1,0,WSWS.xml
-1ed6357a0bb2153b9502ce2da5335e3d0d33a158a40570fc7bd40b6da0e54c5d,1,1,Wtop.com.xml
-b94784e7eb00715fd3fe87ab49dac824b3782b11c5430040d043fbac74a51ac3,1,1,Wuala.xml
-6c1a71abc06b206b2553313564a62d2e4f0bc6a5754a6aabcece7ef4748227e2,1,0,Wufoo.xml
-07be9292aa9ca08d70d90978165e5cb8b2c05989adefb5415f8f42b8a93bf799,1,1,Wush.Net.xml
-35b9f9fea8edf91132dec2e801b084b173a58c519fba894e5968418d6e35fbab,1,1,WyzAnt.xml
-1c84c0dd4bb4e7fa73acb226531ebe3b49147e20552a8806d9a1e4f9b62b61d6,1,1,Xeno_Gamers.org.xml
-26ceb3ed2032542f2075db396734c4cb25ae58347dc7c780364bb100d198c2fd,1,1,Xetum.com.xml
-156219abcab5a2f7d540931ee48a5dfd590aacd92c99cf3170ac9e983f4d8451,1,1,Xg4ken.com.xml
-645bbf60775e6f22ed51012989302f79d66c599b6b17871b883e33861f497a4d,1,1,Xing.xml
-b925930748b05e603d05bbad9b35c9ada0a990bfe8e44c680ef5838f5f56de9b,1,1,Xperia_Studio.xml
-e19344f07aaff2b8ae094fc1a4996f194f1141ba0971c691fe22fa78925e7062,1,1,Xserver.xml
-c3b7364fc8fc89d5336f32aa6707c94f727abe4f7ea809a785263b41e1d5d7a3,0,1,Xtendmedia.com.xml
-e77d44925373ab7fc4744dae5d3f9c240e80b1499b102f134f47bd73cc65ed6c,1,1,Xtenit.xml
-b8313e7119852559552d512337a53de37e7afc059bb67c1ede004c3d91ee39c6,1,0,Xxxbunker.com.xml
-877bfd008b92154e0bf7b5147d1f41fec35b98f8035ccb91b263c2bf12d4b06f,1,1,Yahoo.net.xml
-da2fd160f5803ed73336a0fcd8df659b18857c624b22cd38b286edef13e6c73e,1,1,Yahoo.xml
-0ae6d35db343a943f6c54011416bbe796435a13c894b5a719d1adc0dd29666e4,1,1,Yandex.st.xml
-06806c1c50dd7729426a2faf63f7fde5b63b8cedea2e9006d1bb6cdca2245826,1,1,Yandex.xml
-28a370e112f80d74aa3bfd8e462ad2d09cea7042d7acbcd02b884ce87e236485,0,1,Yard_Digital.com.xml
-4684c5eb2b3e908ba1df47e631a05893af0eede30bc216a2b8dea46d2a78d509,0,1,YellowPages.ca-problematic.xml
-e0aa84f8ba58a339cabda74594b507c6427a9856a57b1ee3232c7f38ab80751a,1,1,Yimg.com.xml
-b79a6f7942d60a42026d304ecc887e0471b7c96b27698c0a815f5892e697316d,1,0,Yimg.jp.xml
-033bde8d86b20991608db24d1854b95a54fcc5d4b072c26a0c3e78877283ac43,1,1,YMCMB_Official_Merch.xml
-e0e4f7684c12fe25d34855d2767e08ed7bda64933f68aaaad8011ad1adb7db31,1,1,Yocto_Project.org.xml
-e30ef33bc99dda8ab603adee29b3d8e5c06a4f03e54ca5945c4756191fea41b2,1,1,Yottaa.net.xml
-f4db2125b4fc951f0971e8aa055a6b211e5099c191befe5855d63ca4a48095aa,1,1,Yottaa.xml
-5cdcff57455137ed99e5dbee098da64da25450e307aec99e1edb70ae75f43c24,1,0,yottos.com.xml
-05499c6ac75a23be8dedec97f6de344fe3f4ae8814d5c9cfa658b52d55eab758,1,1,Younited.com.xml
-cfbde187e30d48e3cba35b483b695821fb55f832be575ab8ac58a5c061fcaefa,1,1,Yourfone.de.xml
-e5702add6d485cbf6b018ea01bbd171656a5cb624d2ac685d7e189a373ab8812,1,1,Yourhosting.xml
-56e89e377a8cc26456aeaf380a689621afd18dd2e445399865874768f48943e1,0,1,Your-Mailing-List-Provider.xml
-ccf17e77a962a90d0134a342bbf02a2c48fceaa22672205030959e5eabbb54d1,1,1,YouVersion.xml
-e00e5d9fc4fe720adbeb30a8beada5e4f8828e8f52f7fdf1d823069c3a7045a8,1,1,YP_bot.net.xml
-da23893ad1085a663c483066192fb377681b2da58672faf6140b5e253641a45c,1,1,Yuku.xml
-95c9dd36a1b9d28f39272c9da9349eed53f7a3b8a1504e8f6729f67a0ab2a03a,0,1,yWorks.com.xml
-888ff125026e53553f9582f1f91112d5582cc1a8d8f6556521e3b9c6c68241a3,1,1,Zacks_Investment_Research.xml
-dafaa75542876c11f864cee777e3c27eca10e0a06a329e87dbc1a245eb195877,0,1,Zagony.ru.xml
-58d2ae044a28eabd58e291233ae948d32e97c42c8cf892aeb2deefe4b4e2a21d,1,1,Zappos.xml
-f2259f9e04795b50d29c0020d8584709289d8be4127d3d160eea3b249e99e245,1,1,Zapunited.xml
-972b3ee4c16a24aab20cca8dfa8399b9353b8a2e5ae04388a24ea4398a10aa9d,1,1,Zendesk.com-clients.xml
-7c12b054111110d274fd3955b238c3c544d8add3805aec8b854d02de700868a2,1,0,Zerista.xml
-1a9195d25a90cc91b40b8849807f44232c624957f6e2f7558f0b2a8bf0732dc5,0,1,ZeroC.com.xml
-d4d130ec1722ad45b9e5a1a8333eb19808d9670167bab5a87363514eeccbfae6,0,1,Ziff-Davis-mismatches.xml
-79057e37af586028932d412ea020851a94189c112d4a48c9a07152fd46dd2cd2,1,1,Zimbra.xml
-f76e810891c9301354123b801ace36ba307fff5ae323fb9bb608d8c2757efb36,1,0,Zissousecure.com.xml
-1bd3ea0ac5d7e83747e15c8f53558ec863a930f53467de80e6fb2c8318ccbf51,0,1,Zlavy.odpadnes.sk.xml
-9cd38fa17f1cd6833d79cf92cd572c624c70f933e6fc881e52c92f486137b270,0,1,Zocalopublicsquare.xml
-647ab116fc936ea3096d11681a6105832fc48cbddddb8e105d2a319eefceb71a,1,0,Zoho_static.com.xml
-618c143055176140e5517088535d1ca18e01aa1132adc3f546cf5f28d4f1f655,1,0,Zoho.xml
-298d6a10c5dd2b45a9b73221ad69566c8110e36acbca3a7ce0404433e7f4a636,1,0,ZONZA.tv.xml
-5e6c30a2931bd2bf241ebcbe957a2b200f6d4526b26321e77bc41c405d90c59a,0,1,Zopa.xml
-0a43f73ea001dcef9e970232e3d8d3123f0a4eb163e1d69b23498bff60a735c9,1,1,Zopim.xml
-6750e29d302751af08e3cbe82647eb8a652fba4be1efbed4bb63473ec6ed40c2,1,1,Zorpia.xml
-54f30ba3843ce2be5355b1259c28f6ffe7b3c9feddcbe0de95025bc506e913cf,1,0,Zulius.com.xml
diff --git a/utils/setversion.py b/utils/setversion.py
index 62239c756ce7..2ade838ac523 100755
--- a/utils/setversion.py
+++ b/utils/setversion.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 from datetime import date
 import json
 
diff --git a/utils/sign-bloom/add_timestamp.py b/utils/sign-bloom/add_timestamp.py
new file mode 100755
index 000000000000..1a45eeaab142
--- /dev/null
+++ b/utils/sign-bloom/add_timestamp.py
@@ -0,0 +1,21 @@
+#!/bin/env python3
+import json
+import sys
+
+def usage_and_exit():
+    print("Usage: " + sys.argv[0] + " TIMESTAMP")
+    sys.exit(1)
+
+if len(sys.argv) != 2:
+    usage_and_exit()
+
+try:
+    timestamp = int(sys.argv[1])
+except:
+    usage_and_exit()
+
+
+for line in sys.stdin:
+    json_line = json.loads(line)
+    json_line['timestamp'] = timestamp
+    print(json.dumps(json_line))
diff --git a/utils/sign-bloom/async-airgap.sh b/utils/sign-bloom/async-airgap.sh
new file mode 120000
index 000000000000..70899e99e837
--- /dev/null
+++ b/utils/sign-bloom/async-airgap.sh
@@ -0,0 +1 @@
+../sign-rulesets/async-airgap.sh
\ No newline at end of file
diff --git a/utils/sign-bloom/async-request.sh b/utils/sign-bloom/async-request.sh
new file mode 100755
index 000000000000..201ec13bee15
--- /dev/null
+++ b/utils/sign-bloom/async-request.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+# Used to sign bloom filters created with https://crates.io/crates/create-bloom-filter
+
+set -e
+
+if [ $# -ne 3 ]; then
+  echo "Usage: $0 bloom_file public_key_file output_path"
+  exit
+fi
+
+
+SIGNED_SHA256SUM_BASE64=`mktemp /tmp/bloom-signature.sha256.base64.XXXXXXXX`
+trap 'rm $SIGNED_SHA256SUM_BASE64' EXIT
+
+mkdir -p $3
+TIMESTAMP=`date +%s`
+cp $1 $3/bloom.$TIMESTAMP.bin
+cat $1.json | $(dirname $0)/add_timestamp.py $TIMESTAMP > $3/bloom-metadata.$TIMESTAMP.json
+
+echo 'Hash for signing: '
+sha256sum $3/bloom-metadata.$TIMESTAMP.json | cut -f1 -d' '
+echo metahash for confirmation only $(sha256sum $3/bloom-metadata.$TIMESTAMP.json | cut -f1 -d' ' | tr -d '\n' | sha256sum | cut -c1-6) ...
+
+echo 'Paste in the data from the QR code, then type Ctrl-D:'
+cat | tr -d '\n' > $SIGNED_SHA256SUM_BASE64
+
+base64 -d $SIGNED_SHA256SUM_BASE64 > $3/bloom-signature.$TIMESTAMP.sha256
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $2 -signature $3/bloom-signature.$TIMESTAMP.sha256 $3/bloom-metadata.$TIMESTAMP.json
+
+echo $TIMESTAMP > $3/latest-bloom-timestamp
diff --git a/utils/sign-bloom/ddgse b/utils/sign-bloom/ddgse
new file mode 100644
index 000000000000..3b7927ec5c38
Binary files /dev/null and b/utils/sign-bloom/ddgse differ
diff --git a/utils/sign-bloom/ddgse.json b/utils/sign-bloom/ddgse.json
new file mode 100644
index 000000000000..1d490c6e64ee
--- /dev/null
+++ b/utils/sign-bloom/ddgse.json
@@ -0,0 +1 @@
+{"bitmap_bits":11364392,"k_num":24,"sha256sum":"371bfb628062de163947c1226d99a5f3823e6fe1bc0838d24e0deffad1c96ee2","sip_keys":[["4746789603923246281","9835731802354323261"],["11277193235900924841","7296056854142719726"]]}
\ No newline at end of file
diff --git a/utils/sign-bloom/standalone.sh b/utils/sign-bloom/standalone.sh
new file mode 100755
index 000000000000..a4c614071ed2
--- /dev/null
+++ b/utils/sign-bloom/standalone.sh
@@ -0,0 +1,19 @@
+#!/bin/bash
+# Used to sign bloom filters created with https://crates.io/crates/create-bloom-filter
+
+set -e
+
+if [ $# -ne 3 ]; then
+  echo "Usage: $0 bloom_file private_key_file output_path"
+  exit
+fi
+
+
+mkdir -p $3
+TIMESTAMP=`date +%s`
+cp $1 $3/bloom.$TIMESTAMP.bin
+cat $1.json | $(dirname $0)/add_timestamp.py $TIMESTAMP > $3/bloom-metadata.$TIMESTAMP.json
+
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -sign $2 -out $3/bloom-signature.$TIMESTAMP.sha256 $3/bloom-metadata.$TIMESTAMP.json
+
+echo $TIMESTAMP > $3/latest-bloom-timestamp
diff --git a/utils/sign-rulesets/async-airgap.sh b/utils/sign-rulesets/async-airgap.sh
new file mode 100755
index 000000000000..41ec90876c2e
--- /dev/null
+++ b/utils/sign-rulesets/async-airgap.sh
@@ -0,0 +1,23 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 private_key_file sha256_hash"
+  exit
+fi
+
+
+echo metahash for confirmation only $(echo -n $2 | sha256sum | cut -c1-6) ...
+read -p "(press enter to continue)"
+
+SIGNED_SHA256SUM=`mktemp /tmp/signature.sha256.XXXXXXXX`
+trap 'rm $SIGNED_SHA256SUM' EXIT
+SIGNED_SHA256SUM_BASE64_QR=`mktemp /tmp/signature.sha256.base64.XXXXXXXX.png`
+trap 'rm $SIGNED_SHA256SUM_BASE64_QR' EXIT
+
+echo $2 | xxd -r -p | openssl pkeyutl -sign -inkey $1 -pkeyopt digest:sha256 -pkeyopt rsa_padding_mode:pss -pkeyopt rsa_pss_saltlen:32 -out $SIGNED_SHA256SUM
+
+cat $SIGNED_SHA256SUM | base64
+cat $SIGNED_SHA256SUM | base64 | qrencode -o $SIGNED_SHA256SUM_BASE64_QR
+eog $SIGNED_SHA256SUM_BASE64_QR 2>/dev/null
diff --git a/utils/sign-rulesets/async-request.sh b/utils/sign-rulesets/async-request.sh
new file mode 100755
index 000000000000..e63571da3469
--- /dev/null
+++ b/utils/sign-rulesets/async-request.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 public_key_file output_path"
+  exit
+fi
+
+
+RULESETS_FILE=rules/default.rulesets
+
+SIGNED_SHA256SUM_BASE64=`mktemp /tmp/ruleset-signature.sha256.base64.XXXXXXXX`
+trap 'rm $SIGNED_SHA256SUM_BASE64' EXIT
+
+mkdir -p $2
+TIMESTAMP=`date +%s`
+REFERENCE=`git rev-parse HEAD`
+echo "{ \"timestamp\": $TIMESTAMP, \"reference\": \"$REFERENCE\", \"rulesets\":" "`cat $RULESETS_FILE`" "}" | tr -d '\n' | gzip -nc > $2/default.rulesets.$TIMESTAMP.gz
+
+echo 'Hash for signing: '
+sha256sum $2/default.rulesets.$TIMESTAMP.gz | cut -f1 -d' '
+echo metahash for confirmation only $(sha256sum $2/default.rulesets.$TIMESTAMP.gz | cut -f1 -d' ' | tr -d '\n' | sha256sum | cut -c1-6) ...
+
+echo 'Paste in the data from the QR code, then type Ctrl-D:'
+cat | tr -d '\n' > $SIGNED_SHA256SUM_BASE64
+
+base64 -d $SIGNED_SHA256SUM_BASE64 > $2/rulesets-signature.$TIMESTAMP.sha256
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -verify $1 -signature $2/rulesets-signature.$TIMESTAMP.sha256 $2/default.rulesets.$TIMESTAMP.gz
+
+echo $TIMESTAMP > $2/latest-rulesets-timestamp
diff --git a/utils/sign-rulesets/standalone.sh b/utils/sign-rulesets/standalone.sh
new file mode 100755
index 000000000000..97e835dfb2a4
--- /dev/null
+++ b/utils/sign-rulesets/standalone.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+set -e
+
+if [ $# -ne 2 ]; then
+  echo "Usage: $0 private_key_file output_path"
+  exit
+fi
+
+
+RULESETS_FILE=rules/default.rulesets
+
+mkdir -p $2
+TIMESTAMP=`date +%s`
+REFERENCE=`git rev-parse HEAD`
+echo "{ \"timestamp\": $TIMESTAMP, \"reference\": \"$REFERENCE\", \"rulesets\":" "`cat $RULESETS_FILE`" "}" | tr -d '\n' | gzip -nc > $2/default.rulesets.$TIMESTAMP.gz
+
+openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 -sign $1 -out $2/rulesets-signature.$TIMESTAMP.sha256 $2/default.rulesets.$TIMESTAMP.gz
+
+echo $TIMESTAMP > $2/latest-rulesets-timestamp
diff --git a/utils/standalone-translations.py b/utils/standalone-translations.py
new file mode 100644
index 000000000000..48624c0363c4
--- /dev/null
+++ b/utils/standalone-translations.py
@@ -0,0 +1,56 @@
+#!/usr/bin/env python3
+"""
+Generate a messages.json translations file for HTTPS Everywhere Standalone
+"""
+import re
+import sys
+import os
+import json
+
+source_dir = sys.argv[1]
+dest_dir = sys.argv[2]
+
+message_regex = re.compile("<!ENTITY https-everywhere\.([\w.-]+) \"(.*?)\">")
+strings_needed = [
+  "about.version",
+  "about.rulesets_version",
+  "menu.globalDisable",
+  "menu.globalEnable",
+  "menu.encryptAllSitesEligibleOn",
+  "menu.encryptAllSitesEligibleOff",
+  "options.enterDisabledSite",
+  "options.addDisabledSite",
+  "options.hostNotFormattedCorrectly",
+  "options.disabledUrlsListed",
+  "menu.httpNoWhereExplainedBlocked",
+  "menu.httpNoWhereExplainedAllowed",
+  "standalone.proxy_server_info_prefix",
+  "standalone.transparent_true",
+  "standalone.transparent_false",
+]
+
+def convert(locale):
+  translation_file = os.path.join(source_dir, locale, "https-everywhere.dtd")
+  if os.path.isfile(translation_file):
+    target_messages = {}
+    with open(translation_file, 'r', encoding='utf-8') as f:
+      for line in f:
+        m = message_regex.search(line)
+        if m:
+          message_name = m.group(1)
+          if message_name in strings_needed:
+            message_value = m.group(2)
+            message_name = re.sub("[.-]", "_", message_name)
+            target_messages[message_name] = message_value
+    return target_messages
+  else:
+    return False
+
+with open(os.path.join(dest_dir, "messages.json"), "w") as out_file:
+  all_target_messages = {}
+  for locale in os.listdir(source_dir):
+    if not "." in locale:
+      target_messages = convert(locale)
+      if target_messages:
+        all_target_messages[locale] = target_messages
+  out_file.write(json.dumps(all_target_messages, sort_keys=True, indent=4))
diff --git a/utils/trivialize-cdn-rules/.gitignore b/utils/trivialize-cdn-rules/.gitignore
new file mode 100644
index 000000000000..ad46b30886fa
--- /dev/null
+++ b/utils/trivialize-cdn-rules/.gitignore
@@ -0,0 +1,61 @@
+# Logs
+logs
+*.log
+npm-debug.log*
+yarn-debug.log*
+yarn-error.log*
+
+# Runtime data
+pids
+*.pid
+*.seed
+*.pid.lock
+
+# Directory for instrumented libs generated by jscoverage/JSCover
+lib-cov
+
+# Coverage directory used by tools like istanbul
+coverage
+
+# nyc test coverage
+.nyc_output
+
+# Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
+.grunt
+
+# Bower dependency directory (https://bower.io/)
+bower_components
+
+# node-waf configuration
+.lock-wscript
+
+# Compiled binary addons (https://nodejs.org/api/addons.html)
+build/Release
+
+# Dependency directories
+node_modules/
+jspm_packages/
+
+# TypeScript v1 declaration files
+typings/
+
+# Optional npm cache directory
+.npm
+
+# Optional eslint cache
+.eslintcache
+
+# Optional REPL history
+.node_repl_history
+
+# Output of 'npm pack'
+*.tgz
+
+# Yarn Integrity file
+.yarn-integrity
+
+# dotenv environment variables file
+.env
+
+# next.js build output
+.next
diff --git a/utils/trivialize-cdn-rules/index.js b/utils/trivialize-cdn-rules/index.js
new file mode 100644
index 000000000000..4f8116dd84be
--- /dev/null
+++ b/utils/trivialize-cdn-rules/index.js
@@ -0,0 +1,161 @@
+'use strict'
+
+const util = require('util')
+const path = require('path')
+
+const fs = require('graceful-fs')
+const xml2js = require('xml2js')
+const request = require('sync-request')
+const chalk = require('chalk')
+
+const readdir = util.promisify(fs.readdir)
+const readFile = util.promisify(fs.readFile)
+const parseXML = util.promisify(xml2js.parseString)
+
+const rulesDir = 'src/chrome/content/rules/'
+
+const log = (level, filename, message) => {
+  switch (level) {
+    case 'WARN':
+      console.warn(chalk.yellow(`[${level}] ${chalk.bold(filename)}: ${message}`))
+      break
+    case 'INFO':
+      console.info(chalk.green(`[${level}] ${chalk.bold(filename)}: ${message}`))
+      break
+    case 'FAIL':
+    default:
+      console.error(chalk.red(`[${level}] ${chalk.bold(filename)}: ${message}`))
+      break
+  }
+}
+
+const supportedCDNsRegexs = [
+  { // Cloudfront.net
+    fromRe: /^\^http(?:s\?)?:\/\/((([\\a-z0-9_-]+)\.)*([\\a-z0-9-]+))\/$/,
+    toRe: /^https:\/\/\w+\.cloudfront\.net\/$/
+  },
+  { // 2o7.net
+    fromRe: /^\^http(?:s\?)?:\/\/((([\\a-z0-9_-]+)\.)*([\\a-z0-9-]+))\/$/,
+    toRe: /^https:\/\/[\w-]+\.1[12]2\.2o7\.net\/$/
+  },
+  { // amazonaws.com
+    fromRe: /^\^http(?:s\?)?:\/\/((([\\a-z0-9_-]+)\.)*([\\a-z0-9-]+))\/$/,
+    toRe: /^https:\/\/s3\.amazonaws\.com\//
+  }
+]
+
+const escapeRegExp = (str) => {
+  return str.replace(/[\-\[\]\/\{\}\(\)\*\+\?\.\\\^\$\|]/g, '\\$&') // eslint-disable-line
+}
+
+const isSecureConnectionOkay = (host) => {
+  // FIXME: terrible performance...
+  let response = request('GET', `https://${host}/`, {
+    headers: {
+      'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:10.0) Gecko/20100101 Firefox/10.0'
+    },
+    timeout: 3000,
+    socketTimeout: 3000,
+    maxRedirects: 5
+  })
+  if (response) {
+    return true
+  } else {
+    return false
+  }
+}
+
+const trivializeGenericRewrites = async (fstat, content, rules) => {
+  return new Promise((resolve, reject) => {
+    let rewrittenAtLeastOnce = false
+    let originalContent = content
+
+    for (const rule of rules) {
+      for (const supportedCDNsRegex of supportedCDNsRegexs) {
+        if (supportedCDNsRegex.fromRe.test(rule.from) && supportedCDNsRegex.toRe.test(rule.to)) {
+          let host = rule.from.replace(supportedCDNsRegex.fromRe, '$1').replace(/\\\./g, '.')
+
+          if (host !== null && isSecureConnectionOkay(host)) {
+            // TODO: replace rule here...
+            const ruleRe = `\n([\t ]*)<rule\\s*from=\\s*"${escapeRegExp(rule.from)}"(\\s*)to=\\s*"${escapeRegExp(rule.to)}"\\s*?/>[\t ]*\n`
+            const ruleRegex = new RegExp(ruleRe, 'g')
+
+            if (ruleRegex.test(originalContent)) {
+              content = content.replace(ruleRegex, `\n$1<rule from="^http://${host.replace(/\./g, '\\.')}/"$2to="https://${host}/" />\n`)
+              if (originalContent !== content) {
+                rewrittenAtLeastOnce = true
+              }
+            } else {
+              log('WARN', fstat.filename, `Warning: cannot construct RegExp which match rule ${JSON.stringify(rule)}`)
+            }
+            break
+          }
+        }
+      }
+    }
+
+    if (rewrittenAtLeastOnce) {
+      try {
+        fs.writeFileSync(fstat.fullname, content, { encoding: 'utf8' })
+        resolve(rewrittenAtLeastOnce)
+      } catch (error) {
+        reject(error)
+      }
+    } else {
+      resolve(rewrittenAtLeastOnce)
+    }
+  })
+}
+
+const trivializeCDNRewrites = async (fstat) => {
+  return new Promise((resolve, reject) => {
+    (async () => { // async wrapper for await keyword...
+      let content = await readFile(fstat.fullname, { encoding: 'utf8' }).catch(error => reject(error))
+      let $ = await parseXML(content).catch(error => reject(error))
+      let rules = $.ruleset.rule.map(rule => rule.$)
+      let rewrittenAtLeastOnce = false
+
+      await trivializeGenericRewrites(fstat, content, rules)
+        .then(rewritten => {
+          if (rewritten) {
+            rewrittenAtLeastOnce = true
+          }
+        })
+        .catch(error => {
+          reject(error)
+        })
+
+      // TODO: Add support for more CDNs
+      resolve(rewrittenAtLeastOnce)
+    })()
+  })
+}
+
+(async () => {
+  await readdir(rulesDir)
+    .then(filenames => {
+      return filenames.filter(filename => filename.endsWith('.xml'))
+    })
+    .then(filenames => {
+      return filenames.map(filename => ({
+        fullname: path.join(rulesDir, filename),
+        filename
+      }))
+    })
+    .then(async (fstats) => {
+      return Promise.all(fstats.map(fstat => {
+        return trivializeCDNRewrites(fstat)
+          .then(rewritten => {
+            if (rewritten) {
+              log('INFO', fstat.filename, 'trivialized')
+            }
+          })
+          .catch(error => {
+            log('FAIL', fstat.filename, error)
+          })
+      }))
+    })
+    .catch(error => {
+      log('FAIL', '::Promise.all::', error)
+    })
+})()
diff --git a/utils/trivialize-cdn-rules/package-lock.json b/utils/trivialize-cdn-rules/package-lock.json
new file mode 100644
index 000000000000..423379f97406
--- /dev/null
+++ b/utils/trivialize-cdn-rules/package-lock.json
@@ -0,0 +1,2221 @@
+{
+  "name": "trivialize-cdn-rules",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "@types/concat-stream": {
+      "version": "1.6.0",
+      "resolved": "https://registry.npmjs.org/@types/concat-stream/-/concat-stream-1.6.0.tgz",
+      "integrity": "sha1-OU2+C7X+5Gs42JZzXoto7yOQ0A0=",
+      "requires": {
+        "@types/node": "*"
+      }
+    },
+    "@types/form-data": {
+      "version": "0.0.33",
+      "resolved": "https://registry.npmjs.org/@types/form-data/-/form-data-0.0.33.tgz",
+      "integrity": "sha1-yayFsqX9GENbjIXZ7LUObWyJP/g=",
+      "requires": {
+        "@types/node": "*"
+      }
+    },
+    "@types/node": {
+      "version": "10.17.26",
+      "resolved": "https://registry.npmjs.org/@types/node/-/node-10.17.26.tgz",
+      "integrity": "sha512-myMwkO2Cr82kirHY8uknNRHEVtn0wV3DTQfkrjx17jmkstDRZ24gNUdl8AHXVyVclTYI/bNjgTPTAWvWLqXqkw=="
+    },
+    "@types/qs": {
+      "version": "6.9.3",
+      "resolved": "https://registry.npmjs.org/@types/qs/-/qs-6.9.3.tgz",
+      "integrity": "sha512-7s9EQWupR1fTc2pSMtXRQ9w9gLOcrJn+h7HOXw4evxyvVqMi4f+q7d2tnFe3ng3SNHjtK+0EzGMGFUQX4/AQRA=="
+    },
+    "acorn": {
+      "version": "5.7.4",
+      "resolved": "https://registry.npmjs.org/acorn/-/acorn-5.7.4.tgz",
+      "integrity": "sha512-1D++VG7BhrtvQpNbBzovKNc1FLGGEE/oGe7b9xJm/RFHMBeUaUGpluV9RLjZa47YFdPcDAenEYuq9pQPcMdLJg==",
+      "dev": true
+    },
+    "acorn-jsx": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/acorn-jsx/-/acorn-jsx-3.0.1.tgz",
+      "integrity": "sha1-r9+UiPsezvyDSPb7IvRk4ypYs2s=",
+      "dev": true,
+      "requires": {
+        "acorn": "^3.0.4"
+      },
+      "dependencies": {
+        "acorn": {
+          "version": "3.3.0",
+          "resolved": "https://registry.npmjs.org/acorn/-/acorn-3.3.0.tgz",
+          "integrity": "sha1-ReN/s56No/JbruP/U2niu18iAXo=",
+          "dev": true
+        }
+      }
+    },
+    "ajv": {
+      "version": "5.5.2",
+      "resolved": "https://registry.npmjs.org/ajv/-/ajv-5.5.2.tgz",
+      "integrity": "sha1-c7Xuyj+rZT49P5Qis0GtQiBdyWU=",
+      "dev": true,
+      "requires": {
+        "co": "^4.6.0",
+        "fast-deep-equal": "^1.0.0",
+        "fast-json-stable-stringify": "^2.0.0",
+        "json-schema-traverse": "^0.3.0"
+      }
+    },
+    "ajv-keywords": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ajv-keywords/-/ajv-keywords-2.1.1.tgz",
+      "integrity": "sha1-YXmX/F9gV2iUxDX5QNgZ4TW4B2I=",
+      "dev": true
+    },
+    "ansi-escapes": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/ansi-escapes/-/ansi-escapes-3.1.0.tgz",
+      "integrity": "sha512-UgAb8H9D41AQnu/PbWlCofQVcnV4Gs2bBJi9eZPxfU/hgglFh3SMDMENRIqdr7H6XFnXdoknctFByVsCOotTVw==",
+      "dev": true
+    },
+    "ansi-regex": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-2.1.1.tgz",
+      "integrity": "sha1-w7M6te42DYbg5ijwRorn7yfWVN8=",
+      "dev": true
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "dev": true,
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "argparse": {
+      "version": "1.0.10",
+      "resolved": "https://registry.npmjs.org/argparse/-/argparse-1.0.10.tgz",
+      "integrity": "sha512-o5Roy6tNG4SL/FOkCAN6RzjiakZS25RLYFrcMttJqbdd8BWrnA+fGz57iN5Pb06pvBGvl5gQ0B48dJlslXvoTg==",
+      "dev": true,
+      "requires": {
+        "sprintf-js": "~1.0.2"
+      }
+    },
+    "array-includes": {
+      "version": "3.0.3",
+      "resolved": "https://registry.npmjs.org/array-includes/-/array-includes-3.0.3.tgz",
+      "integrity": "sha1-GEtI9i2S10UrsxsyMWXH+L0CJm0=",
+      "dev": true,
+      "requires": {
+        "define-properties": "^1.1.2",
+        "es-abstract": "^1.7.0"
+      }
+    },
+    "array-union": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/array-union/-/array-union-1.0.2.tgz",
+      "integrity": "sha1-mjRBDk9OPaI96jdb5b5w8kd47Dk=",
+      "dev": true,
+      "requires": {
+        "array-uniq": "^1.0.1"
+      }
+    },
+    "array-uniq": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/array-uniq/-/array-uniq-1.0.3.tgz",
+      "integrity": "sha1-r2rId6Jcx/dOBYiUdThY39sk/bY=",
+      "dev": true
+    },
+    "arrify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/arrify/-/arrify-1.0.1.tgz",
+      "integrity": "sha1-iYUI2iIm84DfkEcoRWhJwVAaSw0=",
+      "dev": true
+    },
+    "asap": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/asap/-/asap-2.0.6.tgz",
+      "integrity": "sha1-5QNHYR1+aQlDIIu9r+vLwvuGbUY="
+    },
+    "asn1": {
+      "version": "0.2.4",
+      "resolved": "https://registry.npmjs.org/asn1/-/asn1-0.2.4.tgz",
+      "integrity": "sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==",
+      "requires": {
+        "safer-buffer": "~2.1.0"
+      }
+    },
+    "assert-plus": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/assert-plus/-/assert-plus-1.0.0.tgz",
+      "integrity": "sha1-8S4PPF13sLHN2RRpQuTpbB5N1SU="
+    },
+    "asynckit": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
+      "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k="
+    },
+    "aws-sign2": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/aws-sign2/-/aws-sign2-0.7.0.tgz",
+      "integrity": "sha1-tG6JCTSpWR8tL2+G1+ap8bP+dqg="
+    },
+    "aws4": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/aws4/-/aws4-1.10.0.tgz",
+      "integrity": "sha512-3YDiu347mtVtjpyV3u5kVqQLP242c06zwDOgpeRnybmXlYYsLbtTrUBUm8i8srONt+FWobl5aibnU1030PeeuA=="
+    },
+    "babel-code-frame": {
+      "version": "6.26.0",
+      "resolved": "https://registry.npmjs.org/babel-code-frame/-/babel-code-frame-6.26.0.tgz",
+      "integrity": "sha1-Y/1D99weO7fONZR9uP42mj9Yx0s=",
+      "dev": true,
+      "requires": {
+        "chalk": "^1.1.3",
+        "esutils": "^2.0.2",
+        "js-tokens": "^3.0.2"
+      },
+      "dependencies": {
+        "ansi-styles": {
+          "version": "2.2.1",
+          "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-2.2.1.tgz",
+          "integrity": "sha1-tDLdM1i2NM914eRmQ2gkBTPB3b4=",
+          "dev": true
+        },
+        "chalk": {
+          "version": "1.1.3",
+          "resolved": "https://registry.npmjs.org/chalk/-/chalk-1.1.3.tgz",
+          "integrity": "sha1-qBFcVeSnAv5NFQq9OHKCKn4J/Jg=",
+          "dev": true,
+          "requires": {
+            "ansi-styles": "^2.2.1",
+            "escape-string-regexp": "^1.0.2",
+            "has-ansi": "^2.0.0",
+            "strip-ansi": "^3.0.0",
+            "supports-color": "^2.0.0"
+          }
+        },
+        "strip-ansi": {
+          "version": "3.0.1",
+          "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-3.0.1.tgz",
+          "integrity": "sha1-ajhfuIU9lS1f8F0Oiq+UJ43GPc8=",
+          "dev": true,
+          "requires": {
+            "ansi-regex": "^2.0.0"
+          }
+        },
+        "supports-color": {
+          "version": "2.0.0",
+          "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-2.0.0.tgz",
+          "integrity": "sha1-U10EXOa2Nj+kARcIRimZXp3zJMc=",
+          "dev": true
+        }
+      }
+    },
+    "balanced-match": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
+      "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
+      "dev": true
+    },
+    "bcrypt-pbkdf": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/bcrypt-pbkdf/-/bcrypt-pbkdf-1.0.2.tgz",
+      "integrity": "sha1-pDAdOJtqQ/m2f/PKEaP2Y342Dp4=",
+      "requires": {
+        "tweetnacl": "^0.14.3"
+      }
+    },
+    "brace-expansion": {
+      "version": "1.1.11",
+      "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
+      "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
+      "dev": true,
+      "requires": {
+        "balanced-match": "^1.0.0",
+        "concat-map": "0.0.1"
+      }
+    },
+    "buffer-from": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/buffer-from/-/buffer-from-1.1.1.tgz",
+      "integrity": "sha512-MQcXEUbCKtEo7bhqEs6560Hyd4XaovZlO/k9V3hjVUF/zwW7KBVdSK4gIt/bzwS9MbR5qob+F5jusZsb0YQK2A=="
+    },
+    "builtin-modules": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/builtin-modules/-/builtin-modules-1.1.1.tgz",
+      "integrity": "sha1-Jw8HbFpywC9bZaR9+Uxf46J4iS8=",
+      "dev": true
+    },
+    "caller-path": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/caller-path/-/caller-path-0.1.0.tgz",
+      "integrity": "sha1-lAhe9jWB7NPaqSREqP6U6CV3dR8=",
+      "dev": true,
+      "requires": {
+        "callsites": "^0.2.0"
+      }
+    },
+    "callsites": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/callsites/-/callsites-0.2.0.tgz",
+      "integrity": "sha1-r6uWJikQp/M8GaV3WCXGnzTjUMo=",
+      "dev": true
+    },
+    "caseless": {
+      "version": "0.12.0",
+      "resolved": "https://registry.npmjs.org/caseless/-/caseless-0.12.0.tgz",
+      "integrity": "sha1-G2gcIf+EAzyCZUMJBolCDRhxUdw="
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "dev": true,
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      }
+    },
+    "chardet": {
+      "version": "0.4.2",
+      "resolved": "https://registry.npmjs.org/chardet/-/chardet-0.4.2.tgz",
+      "integrity": "sha1-tUc7M9yXxCTl2Y3IfVXU2KKci/I=",
+      "dev": true
+    },
+    "circular-json": {
+      "version": "0.3.3",
+      "resolved": "https://registry.npmjs.org/circular-json/-/circular-json-0.3.3.tgz",
+      "integrity": "sha512-UZK3NBx2Mca+b5LsG7bY183pHWt5Y1xts4P3Pz7ENTwGVnJOUWbRb3ocjvX7hx9tq/yTAdclXm9sZ38gNuem4A==",
+      "dev": true
+    },
+    "cli-cursor": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/cli-cursor/-/cli-cursor-2.1.0.tgz",
+      "integrity": "sha1-s12sN2R5+sw+lHR9QdDQ9SOP/LU=",
+      "dev": true,
+      "requires": {
+        "restore-cursor": "^2.0.0"
+      }
+    },
+    "cli-width": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/cli-width/-/cli-width-2.2.0.tgz",
+      "integrity": "sha1-/xnt6Kml5XkyQUewwR8PvLq+1jk=",
+      "dev": true
+    },
+    "co": {
+      "version": "4.6.0",
+      "resolved": "https://registry.npmjs.org/co/-/co-4.6.0.tgz",
+      "integrity": "sha1-bqa989hTrlTMuOR7+gvz+QMfsYQ=",
+      "dev": true
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "dev": true,
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU=",
+      "dev": true
+    },
+    "combined-stream": {
+      "version": "1.0.8",
+      "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
+      "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
+      "requires": {
+        "delayed-stream": "~1.0.0"
+      }
+    },
+    "concat-map": {
+      "version": "0.0.1",
+      "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
+      "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
+      "dev": true
+    },
+    "concat-stream": {
+      "version": "1.6.2",
+      "resolved": "https://registry.npmjs.org/concat-stream/-/concat-stream-1.6.2.tgz",
+      "integrity": "sha512-27HBghJxjiZtIk3Ycvn/4kbJk/1uZuJFfuPEns6LaEvpvG1f0hTea8lilrouyo9mVc2GWdcEZ8OLoGmSADlrCw==",
+      "requires": {
+        "buffer-from": "^1.0.0",
+        "inherits": "^2.0.3",
+        "readable-stream": "^2.2.2",
+        "typedarray": "^0.0.6"
+      }
+    },
+    "contains-path": {
+      "version": "0.1.0",
+      "resolved": "https://registry.npmjs.org/contains-path/-/contains-path-0.1.0.tgz",
+      "integrity": "sha1-/ozxhP9mcLa67wGp1IYaXL7EEgo=",
+      "dev": true
+    },
+    "core-util-is": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
+      "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac="
+    },
+    "cross-spawn": {
+      "version": "5.1.0",
+      "resolved": "https://registry.npmjs.org/cross-spawn/-/cross-spawn-5.1.0.tgz",
+      "integrity": "sha1-6L0O/uWPz/b4+UUQoKVUu/ojVEk=",
+      "dev": true,
+      "requires": {
+        "lru-cache": "^4.0.1",
+        "shebang-command": "^1.2.0",
+        "which": "^1.2.9"
+      }
+    },
+    "dashdash": {
+      "version": "1.14.1",
+      "resolved": "https://registry.npmjs.org/dashdash/-/dashdash-1.14.1.tgz",
+      "integrity": "sha1-hTz6D3y+L+1d4gMmuN1YEDX24vA=",
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "debug": {
+      "version": "3.1.0",
+      "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
+      "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
+      "dev": true,
+      "requires": {
+        "ms": "2.0.0"
+      }
+    },
+    "debug-log": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/debug-log/-/debug-log-1.0.1.tgz",
+      "integrity": "sha1-IwdjLUwEOCuN+KMvcLiVBG1SdF8=",
+      "dev": true
+    },
+    "deep-is": {
+      "version": "0.1.3",
+      "resolved": "https://registry.npmjs.org/deep-is/-/deep-is-0.1.3.tgz",
+      "integrity": "sha1-s2nW+128E+7PUk+RsHD+7cNXzzQ=",
+      "dev": true
+    },
+    "define-properties": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/define-properties/-/define-properties-1.1.3.tgz",
+      "integrity": "sha512-3MqfYKj2lLzdMSf8ZIZE/V+Zuy+BgD6f164e8K2w7dgnpKArBDerGYpM46IYYcjnkdPNMjPk9A6VFB8+3SKlXQ==",
+      "dev": true,
+      "requires": {
+        "object-keys": "^1.0.12"
+      }
+    },
+    "deglob": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/deglob/-/deglob-2.1.1.tgz",
+      "integrity": "sha512-2kjwuGGonL7gWE1XU4Fv79+vVzpoQCl0V+boMwWtOQJV2AGDabCwez++nB1Nli/8BabAfZQ/UuHPlp6AymKdWw==",
+      "dev": true,
+      "requires": {
+        "find-root": "^1.0.0",
+        "glob": "^7.0.5",
+        "ignore": "^3.0.9",
+        "pkg-config": "^1.1.0",
+        "run-parallel": "^1.1.2",
+        "uniq": "^1.0.1"
+      }
+    },
+    "del": {
+      "version": "2.2.2",
+      "resolved": "https://registry.npmjs.org/del/-/del-2.2.2.tgz",
+      "integrity": "sha1-wSyYHQZ4RshLyvhiz/kw2Qf/0ag=",
+      "dev": true,
+      "requires": {
+        "globby": "^5.0.0",
+        "is-path-cwd": "^1.0.0",
+        "is-path-in-cwd": "^1.0.0",
+        "object-assign": "^4.0.1",
+        "pify": "^2.0.0",
+        "pinkie-promise": "^2.0.0",
+        "rimraf": "^2.2.8"
+      }
+    },
+    "delayed-stream": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
+      "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk="
+    },
+    "doctrine": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-2.1.0.tgz",
+      "integrity": "sha512-35mSku4ZXK0vfCuHEDAwt55dg2jNajHZ1odvF+8SSr82EsZY4QmXfuWso8oEd8zRhVObSN18aM0CjSdoBX7zIw==",
+      "dev": true,
+      "requires": {
+        "esutils": "^2.0.2"
+      }
+    },
+    "ecc-jsbn": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/ecc-jsbn/-/ecc-jsbn-0.1.2.tgz",
+      "integrity": "sha1-OoOpBOVDUyh4dMVkt1SThoSamMk=",
+      "requires": {
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.1.0"
+      }
+    },
+    "error-ex": {
+      "version": "1.3.2",
+      "resolved": "https://registry.npmjs.org/error-ex/-/error-ex-1.3.2.tgz",
+      "integrity": "sha512-7dFHNmqeFSEt2ZBsCriorKnn3Z2pj+fd9kmI6QoWw4//DL+icEBfc0U7qJCisqrTsKTjw4fNFy2pW9OqStD84g==",
+      "dev": true,
+      "requires": {
+        "is-arrayish": "^0.2.1"
+      }
+    },
+    "es-abstract": {
+      "version": "1.12.0",
+      "resolved": "https://registry.npmjs.org/es-abstract/-/es-abstract-1.12.0.tgz",
+      "integrity": "sha512-C8Fx/0jFmV5IPoMOFPA9P9G5NtqW+4cOPit3MIuvR2t7Ag2K15EJTpxnHAYTzL+aYQJIESYeXZmDBfOBE1HcpA==",
+      "dev": true,
+      "requires": {
+        "es-to-primitive": "^1.1.1",
+        "function-bind": "^1.1.1",
+        "has": "^1.0.1",
+        "is-callable": "^1.1.3",
+        "is-regex": "^1.0.4"
+      }
+    },
+    "es-to-primitive": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/es-to-primitive/-/es-to-primitive-1.1.1.tgz",
+      "integrity": "sha1-RTVSSKiJeQNLZ5Lhm7gfK3l13Q0=",
+      "dev": true,
+      "requires": {
+        "is-callable": "^1.1.1",
+        "is-date-object": "^1.0.1",
+        "is-symbol": "^1.0.1"
+      }
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
+      "dev": true
+    },
+    "eslint": {
+      "version": "4.18.2",
+      "resolved": "https://registry.npmjs.org/eslint/-/eslint-4.18.2.tgz",
+      "integrity": "sha512-qy4i3wODqKMYfz9LUI8N2qYDkHkoieTbiHpMrYUI/WbjhXJQr7lI4VngixTgaG+yHX+NBCv7nW4hA0ShbvaNKw==",
+      "dev": true,
+      "requires": {
+        "ajv": "^5.3.0",
+        "babel-code-frame": "^6.22.0",
+        "chalk": "^2.1.0",
+        "concat-stream": "^1.6.0",
+        "cross-spawn": "^5.1.0",
+        "debug": "^3.1.0",
+        "doctrine": "^2.1.0",
+        "eslint-scope": "^3.7.1",
+        "eslint-visitor-keys": "^1.0.0",
+        "espree": "^3.5.2",
+        "esquery": "^1.0.0",
+        "esutils": "^2.0.2",
+        "file-entry-cache": "^2.0.0",
+        "functional-red-black-tree": "^1.0.1",
+        "glob": "^7.1.2",
+        "globals": "^11.0.1",
+        "ignore": "^3.3.3",
+        "imurmurhash": "^0.1.4",
+        "inquirer": "^3.0.6",
+        "is-resolvable": "^1.0.0",
+        "js-yaml": "^3.9.1",
+        "json-stable-stringify-without-jsonify": "^1.0.1",
+        "levn": "^0.3.0",
+        "lodash": "^4.17.4",
+        "minimatch": "^3.0.2",
+        "mkdirp": "^0.5.1",
+        "natural-compare": "^1.4.0",
+        "optionator": "^0.8.2",
+        "path-is-inside": "^1.0.2",
+        "pluralize": "^7.0.0",
+        "progress": "^2.0.0",
+        "require-uncached": "^1.0.3",
+        "semver": "^5.3.0",
+        "strip-ansi": "^4.0.0",
+        "strip-json-comments": "~2.0.1",
+        "table": "4.0.2",
+        "text-table": "~0.2.0"
+      }
+    },
+    "eslint-config-standard": {
+      "version": "11.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-standard/-/eslint-config-standard-11.0.0.tgz",
+      "integrity": "sha512-oDdENzpViEe5fwuRCWla7AXQd++/oyIp8zP+iP9jiUPG6NBj3SHgdgtl/kTn00AjeN+1HNvavTKmYbMo+xMOlw==",
+      "dev": true
+    },
+    "eslint-config-standard-jsx": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-config-standard-jsx/-/eslint-config-standard-jsx-5.0.0.tgz",
+      "integrity": "sha512-rLToPAEqLMPBfWnYTu6xRhm2OWziS2n40QFqJ8jAM8NSVzeVKTa3nclhsU4DpPJQRY60F34Oo1wi/71PN/eITg==",
+      "dev": true
+    },
+    "eslint-import-resolver-node": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/eslint-import-resolver-node/-/eslint-import-resolver-node-0.3.2.tgz",
+      "integrity": "sha512-sfmTqJfPSizWu4aymbPr4Iidp5yKm8yDkHp+Ir3YiTHiiDfxh69mOUsmiqW6RZ9zRXFaF64GtYmN7e+8GHBv6Q==",
+      "dev": true,
+      "requires": {
+        "debug": "^2.6.9",
+        "resolve": "^1.5.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        }
+      }
+    },
+    "eslint-module-utils": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/eslint-module-utils/-/eslint-module-utils-2.2.0.tgz",
+      "integrity": "sha1-snA2LNiLGkitMIl2zn+lTphBF0Y=",
+      "dev": true,
+      "requires": {
+        "debug": "^2.6.8",
+        "pkg-dir": "^1.0.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        }
+      }
+    },
+    "eslint-plugin-import": {
+      "version": "2.9.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-import/-/eslint-plugin-import-2.9.0.tgz",
+      "integrity": "sha1-JgAu+/ylmJtyiKwEdQi9JPIXsWk=",
+      "dev": true,
+      "requires": {
+        "builtin-modules": "^1.1.1",
+        "contains-path": "^0.1.0",
+        "debug": "^2.6.8",
+        "doctrine": "1.5.0",
+        "eslint-import-resolver-node": "^0.3.1",
+        "eslint-module-utils": "^2.1.1",
+        "has": "^1.0.1",
+        "lodash": "^4.17.4",
+        "minimatch": "^3.0.3",
+        "read-pkg-up": "^2.0.0"
+      },
+      "dependencies": {
+        "debug": {
+          "version": "2.6.9",
+          "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
+          "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
+          "dev": true,
+          "requires": {
+            "ms": "2.0.0"
+          }
+        },
+        "doctrine": {
+          "version": "1.5.0",
+          "resolved": "https://registry.npmjs.org/doctrine/-/doctrine-1.5.0.tgz",
+          "integrity": "sha1-N53Ocw9hZvds76TmcHoVmwLFpvo=",
+          "dev": true,
+          "requires": {
+            "esutils": "^2.0.2",
+            "isarray": "^1.0.0"
+          }
+        }
+      }
+    },
+    "eslint-plugin-node": {
+      "version": "6.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-node/-/eslint-plugin-node-6.0.1.tgz",
+      "integrity": "sha512-Q/Cc2sW1OAISDS+Ji6lZS2KV4b7ueA/WydVWd1BECTQwVvfQy5JAi3glhINoKzoMnfnuRgNP+ZWKrGAbp3QDxw==",
+      "dev": true,
+      "requires": {
+        "ignore": "^3.3.6",
+        "minimatch": "^3.0.4",
+        "resolve": "^1.3.3",
+        "semver": "^5.4.1"
+      }
+    },
+    "eslint-plugin-promise": {
+      "version": "3.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-promise/-/eslint-plugin-promise-3.7.0.tgz",
+      "integrity": "sha512-2WO+ZFh7vxUKRfR0cOIMrWgYKdR6S1AlOezw6pC52B6oYpd5WFghN+QHxvrRdZMtbo8h3dfUZ2o1rWb0UPbKtg==",
+      "dev": true
+    },
+    "eslint-plugin-react": {
+      "version": "7.7.0",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-react/-/eslint-plugin-react-7.7.0.tgz",
+      "integrity": "sha512-KC7Snr4YsWZD5flu6A5c0AcIZidzW3Exbqp7OT67OaD2AppJtlBr/GuPrW/vaQM/yfZotEvKAdrxrO+v8vwYJA==",
+      "dev": true,
+      "requires": {
+        "doctrine": "^2.0.2",
+        "has": "^1.0.1",
+        "jsx-ast-utils": "^2.0.1",
+        "prop-types": "^15.6.0"
+      }
+    },
+    "eslint-plugin-standard": {
+      "version": "3.0.1",
+      "resolved": "https://registry.npmjs.org/eslint-plugin-standard/-/eslint-plugin-standard-3.0.1.tgz",
+      "integrity": "sha1-NNDJFbRe3G8BA5PH7vOCOwhWXPI=",
+      "dev": true
+    },
+    "eslint-scope": {
+      "version": "3.7.3",
+      "resolved": "https://registry.npmjs.org/eslint-scope/-/eslint-scope-3.7.3.tgz",
+      "integrity": "sha512-W+B0SvF4gamyCTmUc+uITPY0989iXVfKvhwtmJocTaYoc/3khEHmEmvfY/Gn9HA9VV75jrQECsHizkNw1b68FA==",
+      "dev": true,
+      "requires": {
+        "esrecurse": "^4.1.0",
+        "estraverse": "^4.1.1"
+      }
+    },
+    "eslint-visitor-keys": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/eslint-visitor-keys/-/eslint-visitor-keys-1.0.0.tgz",
+      "integrity": "sha512-qzm/XxIbxm/FHyH341ZrbnMUpe+5Bocte9xkmFMzPMjRaZMcXww+MpBptFvtU+79L362nqiLhekCxCxDPaUMBQ==",
+      "dev": true
+    },
+    "espree": {
+      "version": "3.5.4",
+      "resolved": "https://registry.npmjs.org/espree/-/espree-3.5.4.tgz",
+      "integrity": "sha512-yAcIQxtmMiB/jL32dzEp2enBeidsB7xWPLNiw3IIkpVds1P+h7qF9YwJq1yUNzp2OKXgAprs4F61ih66UsoD1A==",
+      "dev": true,
+      "requires": {
+        "acorn": "^5.5.0",
+        "acorn-jsx": "^3.0.0"
+      }
+    },
+    "esprima": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/esprima/-/esprima-4.0.1.tgz",
+      "integrity": "sha512-eGuFFw7Upda+g4p+QHvnW0RyTX/SVeJBDM/gCtMARO0cLuT2HcEKnTPvhjV6aGeqrCB/sbNop0Kszm0jsaWU4A==",
+      "dev": true
+    },
+    "esquery": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/esquery/-/esquery-1.0.1.tgz",
+      "integrity": "sha512-SmiyZ5zIWH9VM+SRUReLS5Q8a7GxtRdxEBVZpm98rJM7Sb+A9DVCndXfkeFUd3byderg+EbDkfnevfCwynWaNA==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^4.0.0"
+      }
+    },
+    "esrecurse": {
+      "version": "4.2.1",
+      "resolved": "https://registry.npmjs.org/esrecurse/-/esrecurse-4.2.1.tgz",
+      "integrity": "sha512-64RBB++fIOAXPw3P9cy89qfMlvZEXZkqqJkjqqXIvzP5ezRZjW+lPWjw35UX/3EhUPFYbg5ER4JYgDw4007/DQ==",
+      "dev": true,
+      "requires": {
+        "estraverse": "^4.1.0"
+      }
+    },
+    "estraverse": {
+      "version": "4.2.0",
+      "resolved": "https://registry.npmjs.org/estraverse/-/estraverse-4.2.0.tgz",
+      "integrity": "sha1-De4/7TH81GlhjOc0IJn8GvoL2xM=",
+      "dev": true
+    },
+    "esutils": {
+      "version": "2.0.2",
+      "resolved": "https://registry.npmjs.org/esutils/-/esutils-2.0.2.tgz",
+      "integrity": "sha1-Cr9PHKpbyx96nYrMbepPqqBLrJs=",
+      "dev": true
+    },
+    "extend": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
+      "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g=="
+    },
+    "external-editor": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/external-editor/-/external-editor-2.2.0.tgz",
+      "integrity": "sha512-bSn6gvGxKt+b7+6TKEv1ZycHleA7aHhRHyAqJyp5pbUFuYYNIzpZnQDk7AsYckyWdEnTeAnay0aCy2aV6iTk9A==",
+      "dev": true,
+      "requires": {
+        "chardet": "^0.4.0",
+        "iconv-lite": "^0.4.17",
+        "tmp": "^0.0.33"
+      }
+    },
+    "extsprintf": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/extsprintf/-/extsprintf-1.3.0.tgz",
+      "integrity": "sha1-lpGEQOMEGnpBT4xS48V06zw+HgU="
+    },
+    "fast-deep-equal": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-1.1.0.tgz",
+      "integrity": "sha1-wFNHeBfIa1HaqFPIHgWbcz0CNhQ=",
+      "dev": true
+    },
+    "fast-json-stable-stringify": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/fast-json-stable-stringify/-/fast-json-stable-stringify-2.0.0.tgz",
+      "integrity": "sha1-1RQsDK7msRifh9OnYREGT4bIu/I="
+    },
+    "fast-levenshtein": {
+      "version": "2.0.6",
+      "resolved": "https://registry.npmjs.org/fast-levenshtein/-/fast-levenshtein-2.0.6.tgz",
+      "integrity": "sha1-PYpcZog6FqMMqGQ+hR8Zuqd5eRc=",
+      "dev": true
+    },
+    "figures": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/figures/-/figures-2.0.0.tgz",
+      "integrity": "sha1-OrGi0qYsi/tDGgyUy3l6L84nyWI=",
+      "dev": true,
+      "requires": {
+        "escape-string-regexp": "^1.0.5"
+      }
+    },
+    "file-entry-cache": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/file-entry-cache/-/file-entry-cache-2.0.0.tgz",
+      "integrity": "sha1-w5KZDD5oR4PYOLjISkXYoEhFg2E=",
+      "dev": true,
+      "requires": {
+        "flat-cache": "^1.2.1",
+        "object-assign": "^4.0.1"
+      }
+    },
+    "find-root": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/find-root/-/find-root-1.1.0.tgz",
+      "integrity": "sha512-NKfW6bec6GfKc0SGx1e07QZY9PE99u0Bft/0rzSD5k3sO/vwkVUpDUKVm5Gpp5Ue3YfShPFTX2070tDs5kB9Ng==",
+      "dev": true
+    },
+    "find-up": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/find-up/-/find-up-1.1.2.tgz",
+      "integrity": "sha1-ay6YIrGizgpgq2TWEOzK1TyyTQ8=",
+      "dev": true,
+      "requires": {
+        "path-exists": "^2.0.0",
+        "pinkie-promise": "^2.0.0"
+      }
+    },
+    "flat-cache": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/flat-cache/-/flat-cache-1.3.0.tgz",
+      "integrity": "sha1-0wMLMrOBVPTjt+nHCfSQ9++XxIE=",
+      "dev": true,
+      "requires": {
+        "circular-json": "^0.3.1",
+        "del": "^2.0.2",
+        "graceful-fs": "^4.1.2",
+        "write": "^0.2.1"
+      }
+    },
+    "forever-agent": {
+      "version": "0.6.1",
+      "resolved": "https://registry.npmjs.org/forever-agent/-/forever-agent-0.6.1.tgz",
+      "integrity": "sha1-+8cfDEGt6zf5bFd60e1C2P2sypE="
+    },
+    "form-data": {
+      "version": "2.3.3",
+      "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.3.3.tgz",
+      "integrity": "sha512-1lLKB2Mu3aGP1Q/2eCOx0fNbRMe7XdwktwOruhfqqd0rIJWwN4Dh+E3hrPSlDCXnSR7UtZ1N38rVXm+6+MEhJQ==",
+      "requires": {
+        "asynckit": "^0.4.0",
+        "combined-stream": "^1.0.6",
+        "mime-types": "^2.1.12"
+      }
+    },
+    "fs.realpath": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
+      "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
+      "dev": true
+    },
+    "function-bind": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/function-bind/-/function-bind-1.1.1.tgz",
+      "integrity": "sha512-yIovAzMX49sF8Yl58fSCWJ5svSLuaibPxXQJFLmBObTuCr0Mf1KiPopGM9NiFjiYBCbfaa2Fh6breQ6ANVTI0A==",
+      "dev": true
+    },
+    "functional-red-black-tree": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/functional-red-black-tree/-/functional-red-black-tree-1.0.1.tgz",
+      "integrity": "sha1-GwqzvVU7Kg1jmdKcDj6gslIHgyc=",
+      "dev": true
+    },
+    "get-port": {
+      "version": "3.2.0",
+      "resolved": "https://registry.npmjs.org/get-port/-/get-port-3.2.0.tgz",
+      "integrity": "sha1-3Xzn3hh8Bsi/NTeWrHHgmfCYDrw="
+    },
+    "get-stdin": {
+      "version": "6.0.0",
+      "resolved": "https://registry.npmjs.org/get-stdin/-/get-stdin-6.0.0.tgz",
+      "integrity": "sha512-jp4tHawyV7+fkkSKyvjuLZswblUtz+SQKzSWnBbii16BuZksJlU1wuBYXY75r+duh/llF1ur6oNwi+2ZzjKZ7g==",
+      "dev": true
+    },
+    "getpass": {
+      "version": "0.1.7",
+      "resolved": "https://registry.npmjs.org/getpass/-/getpass-0.1.7.tgz",
+      "integrity": "sha1-Xv+OPmhNVprkyysSgmBOi6YhSfo=",
+      "requires": {
+        "assert-plus": "^1.0.0"
+      }
+    },
+    "glob": {
+      "version": "7.1.2",
+      "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
+      "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
+      "dev": true,
+      "requires": {
+        "fs.realpath": "^1.0.0",
+        "inflight": "^1.0.4",
+        "inherits": "2",
+        "minimatch": "^3.0.4",
+        "once": "^1.3.0",
+        "path-is-absolute": "^1.0.0"
+      }
+    },
+    "globals": {
+      "version": "11.7.0",
+      "resolved": "https://registry.npmjs.org/globals/-/globals-11.7.0.tgz",
+      "integrity": "sha512-K8BNSPySfeShBQXsahYB/AbbWruVOTyVpgoIDnl8odPpeSfP2J5QO2oLFFdl2j7GfDCtZj2bMKar2T49itTPCg==",
+      "dev": true
+    },
+    "globby": {
+      "version": "5.0.0",
+      "resolved": "https://registry.npmjs.org/globby/-/globby-5.0.0.tgz",
+      "integrity": "sha1-69hGZ8oNuzMLmbz8aOrCvFQ3Dg0=",
+      "dev": true,
+      "requires": {
+        "array-union": "^1.0.1",
+        "arrify": "^1.0.0",
+        "glob": "^7.0.3",
+        "object-assign": "^4.0.1",
+        "pify": "^2.0.0",
+        "pinkie-promise": "^2.0.0"
+      }
+    },
+    "graceful-fs": {
+      "version": "4.2.4",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.4.tgz",
+      "integrity": "sha512-WjKPNJF79dtJAVniUlGGWHYGz2jWxT6VhN/4m1NdkbZ2nOsEF+cI1Edgql5zCRhs/VsQYRvrXctxktVXZUkixw=="
+    },
+    "har-schema": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/har-schema/-/har-schema-2.0.0.tgz",
+      "integrity": "sha1-qUwiJOvKwEeCoNkDVSHyRzW37JI="
+    },
+    "har-validator": {
+      "version": "5.1.3",
+      "resolved": "https://registry.npmjs.org/har-validator/-/har-validator-5.1.3.tgz",
+      "integrity": "sha512-sNvOCzEQNr/qrvJgc3UG/kD4QtlHycrzwS+6mfTrrSq97BvaYcPZZI1ZSqGSPR73Cxn4LKTD4PttRwfU7jWq5g==",
+      "requires": {
+        "ajv": "^6.5.5",
+        "har-schema": "^2.0.0"
+      },
+      "dependencies": {
+        "ajv": {
+          "version": "6.12.3",
+          "resolved": "https://registry.npmjs.org/ajv/-/ajv-6.12.3.tgz",
+          "integrity": "sha512-4K0cK3L1hsqk9xIb2z9vs/XU+PGJZ9PNpJRDS9YLzmNdX6jmVPfamLvTJr0aDAusnHyCHO6MjzlkAsgtqp9teA==",
+          "requires": {
+            "fast-deep-equal": "^3.1.1",
+            "fast-json-stable-stringify": "^2.0.0",
+            "json-schema-traverse": "^0.4.1",
+            "uri-js": "^4.2.2"
+          }
+        },
+        "fast-deep-equal": {
+          "version": "3.1.3",
+          "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
+          "integrity": "sha512-f3qQ9oQy9j2AhBe/H9VC91wLmKBCCU/gDOnKNAYG5hswO7BLKj09Hc5HYNz9cGI++xlpDCIgDaitVs03ATR84Q=="
+        },
+        "json-schema-traverse": {
+          "version": "0.4.1",
+          "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.4.1.tgz",
+          "integrity": "sha512-xbbCH5dCYU5T8LcEhhuh7HJ88HXuW3qsI3Y0zOZFKfZEHcpWiHU/Jxzk629Brsab/mMiHQti9wMP+845RPe3Vg=="
+        }
+      }
+    },
+    "has": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/has/-/has-1.0.3.tgz",
+      "integrity": "sha512-f2dvO0VU6Oej7RkWJGrehjbzMAjFp5/VKPp5tTpWIV4JHHZK1/BxbFRtf/siA2SWTe09caDmVtYYzWEIbBS4zw==",
+      "dev": true,
+      "requires": {
+        "function-bind": "^1.1.1"
+      }
+    },
+    "has-ansi": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/has-ansi/-/has-ansi-2.0.0.tgz",
+      "integrity": "sha1-NPUEnOHs3ysGSa8+8k5F7TVBbZE=",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^2.0.0"
+      }
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
+      "dev": true
+    },
+    "hosted-git-info": {
+      "version": "2.8.9",
+      "resolved": "https://registry.npmjs.org/hosted-git-info/-/hosted-git-info-2.8.9.tgz",
+      "integrity": "sha512-mxIDAb9Lsm6DoOJ7xH+5+X4y1LU/4Hi50L9C5sIswK3JzULS4bwk1FvjdBgvYR4bzT4tuUQiC15FE2f5HbLvYw==",
+      "dev": true
+    },
+    "http-basic": {
+      "version": "8.1.3",
+      "resolved": "https://registry.npmjs.org/http-basic/-/http-basic-8.1.3.tgz",
+      "integrity": "sha512-/EcDMwJZh3mABI2NhGfHOGOeOZITqfkEO4p/xK+l3NpyncIHUQBoMvCSF/b5GqvKtySC2srL/GGG3+EtlqlmCw==",
+      "requires": {
+        "caseless": "^0.12.0",
+        "concat-stream": "^1.6.2",
+        "http-response-object": "^3.0.1",
+        "parse-cache-control": "^1.0.1"
+      }
+    },
+    "http-response-object": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/http-response-object/-/http-response-object-3.0.2.tgz",
+      "integrity": "sha512-bqX0XTF6fnXSQcEJ2Iuyr75yVakyjIDCqroJQ/aHfSdlM743Cwqoi2nDYMzLGWUcuTWGWy8AAvOKXTfiv6q9RA==",
+      "requires": {
+        "@types/node": "^10.0.3"
+      }
+    },
+    "http-signature": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/http-signature/-/http-signature-1.2.0.tgz",
+      "integrity": "sha1-muzZJRFHcvPZW2WmCruPfBj7rOE=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "jsprim": "^1.2.2",
+        "sshpk": "^1.7.0"
+      }
+    },
+    "iconv-lite": {
+      "version": "0.4.23",
+      "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.23.tgz",
+      "integrity": "sha512-neyTUVFtahjf0mB3dZT77u+8O0QB89jFdnBkd5P1JgYPbPaia3gXXOVL2fq8VyU2gMMD7SaN7QukTB/pmXYvDA==",
+      "dev": true,
+      "requires": {
+        "safer-buffer": ">= 2.1.2 < 3"
+      }
+    },
+    "ignore": {
+      "version": "3.3.10",
+      "resolved": "https://registry.npmjs.org/ignore/-/ignore-3.3.10.tgz",
+      "integrity": "sha512-Pgs951kaMm5GXP7MOvxERINe3gsaVjUWFm+UZPSq9xYriQAksyhg0csnS0KXSNRD5NmNdapXEpjxG49+AKh/ug==",
+      "dev": true
+    },
+    "imurmurhash": {
+      "version": "0.1.4",
+      "resolved": "https://registry.npmjs.org/imurmurhash/-/imurmurhash-0.1.4.tgz",
+      "integrity": "sha1-khi5srkoojixPcT7a21XbyMUU+o=",
+      "dev": true
+    },
+    "inflight": {
+      "version": "1.0.6",
+      "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
+      "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
+      "dev": true,
+      "requires": {
+        "once": "^1.3.0",
+        "wrappy": "1"
+      }
+    },
+    "inherits": {
+      "version": "2.0.3",
+      "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
+      "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
+    },
+    "inquirer": {
+      "version": "3.3.0",
+      "resolved": "https://registry.npmjs.org/inquirer/-/inquirer-3.3.0.tgz",
+      "integrity": "sha512-h+xtnyk4EwKvFWHrUYsWErEVR+igKtLdchu+o0Z1RL7VU/jVMFbYir2bp6bAj8efFNxWqHX0dIss6fJQ+/+qeQ==",
+      "dev": true,
+      "requires": {
+        "ansi-escapes": "^3.0.0",
+        "chalk": "^2.0.0",
+        "cli-cursor": "^2.1.0",
+        "cli-width": "^2.0.0",
+        "external-editor": "^2.0.4",
+        "figures": "^2.0.0",
+        "lodash": "^4.3.0",
+        "mute-stream": "0.0.7",
+        "run-async": "^2.2.0",
+        "rx-lite": "^4.0.8",
+        "rx-lite-aggregates": "^4.0.8",
+        "string-width": "^2.1.0",
+        "strip-ansi": "^4.0.0",
+        "through": "^2.3.6"
+      }
+    },
+    "is-arrayish": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/is-arrayish/-/is-arrayish-0.2.1.tgz",
+      "integrity": "sha1-d8mYQFJ6qOyxqLppe4BkWnqSap0=",
+      "dev": true
+    },
+    "is-builtin-module": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-builtin-module/-/is-builtin-module-1.0.0.tgz",
+      "integrity": "sha1-VAVy0096wxGfj3bDDLwbHgN6/74=",
+      "dev": true,
+      "requires": {
+        "builtin-modules": "^1.0.0"
+      }
+    },
+    "is-callable": {
+      "version": "1.1.4",
+      "resolved": "https://registry.npmjs.org/is-callable/-/is-callable-1.1.4.tgz",
+      "integrity": "sha512-r5p9sxJjYnArLjObpjA4xu5EKI3CuKHkJXMhT7kwbpUyIFD1n5PMAsoPvWnvtZiNz7LjkYDRZhd7FlI0eMijEA==",
+      "dev": true
+    },
+    "is-date-object": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-date-object/-/is-date-object-1.0.1.tgz",
+      "integrity": "sha1-mqIOtq7rv/d/vTPnTKAbM1gdOhY=",
+      "dev": true
+    },
+    "is-fullwidth-code-point": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/is-fullwidth-code-point/-/is-fullwidth-code-point-2.0.0.tgz",
+      "integrity": "sha1-o7MKXE8ZkYMWeqq5O+764937ZU8=",
+      "dev": true
+    },
+    "is-path-cwd": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-path-cwd/-/is-path-cwd-1.0.0.tgz",
+      "integrity": "sha1-0iXsIxMuie3Tj9p2dHLmLmXxEG0=",
+      "dev": true
+    },
+    "is-path-in-cwd": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-path-in-cwd/-/is-path-in-cwd-1.0.1.tgz",
+      "integrity": "sha512-FjV1RTW48E7CWM7eE/J2NJvAEEVektecDBVBE5Hh3nM1Jd0kvhHtX68Pr3xsDf857xt3Y4AkwVULK1Vku62aaQ==",
+      "dev": true,
+      "requires": {
+        "is-path-inside": "^1.0.0"
+      }
+    },
+    "is-path-inside": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-path-inside/-/is-path-inside-1.0.1.tgz",
+      "integrity": "sha1-jvW33lBDej/cprToZe96pVy0gDY=",
+      "dev": true,
+      "requires": {
+        "path-is-inside": "^1.0.1"
+      }
+    },
+    "is-promise": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/is-promise/-/is-promise-2.1.0.tgz",
+      "integrity": "sha1-eaKp7OfwlugPNtKy87wWwf9L8/o=",
+      "dev": true
+    },
+    "is-regex": {
+      "version": "1.0.4",
+      "resolved": "https://registry.npmjs.org/is-regex/-/is-regex-1.0.4.tgz",
+      "integrity": "sha1-VRdIm1RwkbCTDglWVM7SXul+lJE=",
+      "dev": true,
+      "requires": {
+        "has": "^1.0.1"
+      }
+    },
+    "is-resolvable": {
+      "version": "1.1.0",
+      "resolved": "https://registry.npmjs.org/is-resolvable/-/is-resolvable-1.1.0.tgz",
+      "integrity": "sha512-qgDYXFSR5WvEfuS5dMj6oTMEbrrSaM0CrFk2Yiq/gXnBvD9pMa2jGXxyhGLfvhZpuMZe18CJpFxAt3CRs42NMg==",
+      "dev": true
+    },
+    "is-symbol": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/is-symbol/-/is-symbol-1.0.1.tgz",
+      "integrity": "sha1-PMWfAAJRlLarLjjbrmaJJWtmBXI=",
+      "dev": true
+    },
+    "is-typedarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/is-typedarray/-/is-typedarray-1.0.0.tgz",
+      "integrity": "sha1-5HnICFjfDBsR3dppQPlgEfzaSpo="
+    },
+    "isarray": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
+      "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE="
+    },
+    "isexe": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/isexe/-/isexe-2.0.0.tgz",
+      "integrity": "sha1-6PvzdNxVb/iUehDcsFctYz8s+hA=",
+      "dev": true
+    },
+    "isstream": {
+      "version": "0.1.2",
+      "resolved": "https://registry.npmjs.org/isstream/-/isstream-0.1.2.tgz",
+      "integrity": "sha1-R+Y/evVa+m+S4VAOaQ64uFKcCZo="
+    },
+    "js-tokens": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/js-tokens/-/js-tokens-3.0.2.tgz",
+      "integrity": "sha1-mGbfOVECEw449/mWvOtlRDIJwls=",
+      "dev": true
+    },
+    "js-yaml": {
+      "version": "3.13.1",
+      "resolved": "https://registry.npmjs.org/js-yaml/-/js-yaml-3.13.1.tgz",
+      "integrity": "sha512-YfbcO7jXDdyj0DGxYVSlSeQNHbD7XPWvrVWeVUujrQEoZzWJIRrCPoyk6kL6IAjAG2IolMK4T0hNUe0HOUs5Jw==",
+      "dev": true,
+      "requires": {
+        "argparse": "^1.0.7",
+        "esprima": "^4.0.0"
+      }
+    },
+    "jsbn": {
+      "version": "0.1.1",
+      "resolved": "https://registry.npmjs.org/jsbn/-/jsbn-0.1.1.tgz",
+      "integrity": "sha1-peZUwuWi3rXyAdls77yoDA7y9RM="
+    },
+    "json-parse-better-errors": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/json-parse-better-errors/-/json-parse-better-errors-1.0.2.tgz",
+      "integrity": "sha512-mrqyZKfX5EhL7hvqcV6WG1yYjnjeuYDzDhhcAAUrq8Po85NBQBJP+ZDUT75qZQ98IkUoBqdkExkukOU7Ts2wrw==",
+      "dev": true
+    },
+    "json-schema": {
+      "version": "0.4.0",
+      "resolved": "https://registry.npmjs.org/json-schema/-/json-schema-0.4.0.tgz",
+      "integrity": "sha512-es94M3nTIfsEPisRafak+HDLfHXnKBhV3vU5eqPcS3flIWqcxJWgXHXiey3YrpaNsanY5ei1VoYEbOzijuq9BA=="
+    },
+    "json-schema-traverse": {
+      "version": "0.3.1",
+      "resolved": "https://registry.npmjs.org/json-schema-traverse/-/json-schema-traverse-0.3.1.tgz",
+      "integrity": "sha1-NJptRMU6Ud6JtAgFxdXlm0F9M0A=",
+      "dev": true
+    },
+    "json-stable-stringify-without-jsonify": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/json-stable-stringify-without-jsonify/-/json-stable-stringify-without-jsonify-1.0.1.tgz",
+      "integrity": "sha1-nbe1lJatPzz+8wp1FC0tkwrXJlE=",
+      "dev": true
+    },
+    "json-stringify-safe": {
+      "version": "5.0.1",
+      "resolved": "https://registry.npmjs.org/json-stringify-safe/-/json-stringify-safe-5.0.1.tgz",
+      "integrity": "sha1-Epai1Y/UXxmg9s4B1lcB4sc1tus="
+    },
+    "jsprim": {
+      "version": "1.4.2",
+      "resolved": "https://registry.npmjs.org/jsprim/-/jsprim-1.4.2.tgz",
+      "integrity": "sha512-P2bSOMAc/ciLz6DzgjVlGJP9+BrJWu5UDGK70C2iweC5QBIeFf0ZXRvGjEj2uYgrY2MkAAhsSWHDWlFtEroZWw==",
+      "requires": {
+        "assert-plus": "1.0.0",
+        "extsprintf": "1.3.0",
+        "json-schema": "0.4.0",
+        "verror": "1.10.0"
+      }
+    },
+    "jsx-ast-utils": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/jsx-ast-utils/-/jsx-ast-utils-2.0.1.tgz",
+      "integrity": "sha1-6AGxs5mF4g//yHtA43SAgOLcrH8=",
+      "dev": true,
+      "requires": {
+        "array-includes": "^3.0.3"
+      }
+    },
+    "levn": {
+      "version": "0.3.0",
+      "resolved": "https://registry.npmjs.org/levn/-/levn-0.3.0.tgz",
+      "integrity": "sha1-OwmSTt+fCDwEkP3UwLxEIeBHZO4=",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2"
+      }
+    },
+    "load-json-file": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-2.0.0.tgz",
+      "integrity": "sha1-eUfkIUmvgNaWy/eXvKq8/h/inKg=",
+      "dev": true,
+      "requires": {
+        "graceful-fs": "^4.1.2",
+        "parse-json": "^2.2.0",
+        "pify": "^2.0.0",
+        "strip-bom": "^3.0.0"
+      }
+    },
+    "locate-path": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/locate-path/-/locate-path-2.0.0.tgz",
+      "integrity": "sha1-K1aLJl7slExtnA3pw9u7ygNUzY4=",
+      "dev": true,
+      "requires": {
+        "p-locate": "^2.0.0",
+        "path-exists": "^3.0.0"
+      },
+      "dependencies": {
+        "path-exists": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-3.0.0.tgz",
+          "integrity": "sha1-zg6+ql94yxiSXqfYENe1mwEP1RU=",
+          "dev": true
+        }
+      }
+    },
+    "lodash": {
+      "version": "4.17.21",
+      "resolved": "https://registry.npmjs.org/lodash/-/lodash-4.17.21.tgz",
+      "integrity": "sha512-v2kDEe57lecTulaDIuNTPy3Ry4gLGJ6Z1O3vE1krgXZNrsQ+LFTGHVxVjcXPs17LhbZVGedAJv8XZ1tvj5FvSg==",
+      "dev": true
+    },
+    "loose-envify": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/loose-envify/-/loose-envify-1.4.0.tgz",
+      "integrity": "sha512-lyuxPGr/Wfhrlem2CL/UcnUc1zcqKAImBDzukY7Y5F/yQiNdko6+fRLevlw1HgMySw7f611UIY408EtxRSoK3Q==",
+      "dev": true,
+      "requires": {
+        "js-tokens": "^3.0.0 || ^4.0.0"
+      }
+    },
+    "lru-cache": {
+      "version": "4.1.3",
+      "resolved": "https://registry.npmjs.org/lru-cache/-/lru-cache-4.1.3.tgz",
+      "integrity": "sha512-fFEhvcgzuIoJVUF8fYr5KR0YqxD238zgObTps31YdADwPPAp82a4M8TrckkWyx7ekNlf9aBcVn81cFwwXngrJA==",
+      "dev": true,
+      "requires": {
+        "pseudomap": "^1.0.2",
+        "yallist": "^2.1.2"
+      }
+    },
+    "mime-db": {
+      "version": "1.44.0",
+      "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.44.0.tgz",
+      "integrity": "sha512-/NOTfLrsPBVeH7YtFPgsVWveuL+4SjjYxaQ1xtM1KMFj7HdxlBlxeyNLzhyJVx7r4rZGJAZ/6lkKCitSc/Nmpg=="
+    },
+    "mime-types": {
+      "version": "2.1.27",
+      "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.27.tgz",
+      "integrity": "sha512-JIhqnCasI9yD+SsmkquHBxTSEuZdQX5BuQnS2Vc7puQQQ+8yiP5AY5uWhpdv4YL4VM5c6iliiYWPgJ/nJQLp7w==",
+      "requires": {
+        "mime-db": "1.44.0"
+      }
+    },
+    "mimic-fn": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/mimic-fn/-/mimic-fn-1.2.0.tgz",
+      "integrity": "sha512-jf84uxzwiuiIVKiOLpfYk7N46TSy8ubTonmneY9vrpHNAnp0QBt2BxWV9dO3/j+BoVAb+a5G6YDPW3M5HOdMWQ==",
+      "dev": true
+    },
+    "minimatch": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
+      "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
+      "dev": true,
+      "requires": {
+        "brace-expansion": "^1.1.7"
+      }
+    },
+    "minimist": {
+      "version": "1.2.6",
+      "resolved": "https://registry.npmjs.org/minimist/-/minimist-1.2.6.tgz",
+      "integrity": "sha512-Jsjnk4bw3YJqYzbdyBiNsPWHPfO++UGG749Cxs6peCu5Xg4nrena6OVxOYxrQTqww0Jmwt+Ref8rggumkTLz9Q==",
+      "dev": true
+    },
+    "mkdirp": {
+      "version": "0.5.5",
+      "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.5.tgz",
+      "integrity": "sha512-NKmAlESf6jMGym1++R0Ra7wvhV+wFW63FaSOFPwRahvea0gMUcGUhVeAg/0BC0wiv9ih5NYPB1Wn1UEI1/L+xQ==",
+      "dev": true,
+      "requires": {
+        "minimist": "^1.2.5"
+      }
+    },
+    "ms": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
+      "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g=",
+      "dev": true
+    },
+    "mute-stream": {
+      "version": "0.0.7",
+      "resolved": "https://registry.npmjs.org/mute-stream/-/mute-stream-0.0.7.tgz",
+      "integrity": "sha1-MHXOk7whuPq0PhvE2n6BFe0ee6s=",
+      "dev": true
+    },
+    "natural-compare": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/natural-compare/-/natural-compare-1.4.0.tgz",
+      "integrity": "sha1-Sr6/7tdUHywnrPspvbvRXI1bpPc=",
+      "dev": true
+    },
+    "normalize-package-data": {
+      "version": "2.4.0",
+      "resolved": "https://registry.npmjs.org/normalize-package-data/-/normalize-package-data-2.4.0.tgz",
+      "integrity": "sha512-9jjUFbTPfEy3R/ad/2oNbKtW9Hgovl5O1FvFWKkKblNXoN/Oou6+9+KKohPK13Yc3/TyunyWhJp6gvRNR/PPAw==",
+      "dev": true,
+      "requires": {
+        "hosted-git-info": "^2.1.4",
+        "is-builtin-module": "^1.0.0",
+        "semver": "2 || 3 || 4 || 5",
+        "validate-npm-package-license": "^3.0.1"
+      }
+    },
+    "oauth-sign": {
+      "version": "0.9.0",
+      "resolved": "https://registry.npmjs.org/oauth-sign/-/oauth-sign-0.9.0.tgz",
+      "integrity": "sha512-fexhUFFPTGV8ybAtSIGbV6gOkSv8UtRbDBnAyLQw4QPKkgNlsH2ByPGtMUqdWkos6YCRmAqViwgZrJc/mRDzZQ=="
+    },
+    "object-assign": {
+      "version": "4.1.1",
+      "resolved": "https://registry.npmjs.org/object-assign/-/object-assign-4.1.1.tgz",
+      "integrity": "sha1-IQmtx5ZYh8/AXLvUQsrIv7s2CGM=",
+      "dev": true
+    },
+    "object-keys": {
+      "version": "1.0.12",
+      "resolved": "https://registry.npmjs.org/object-keys/-/object-keys-1.0.12.tgz",
+      "integrity": "sha512-FTMyFUm2wBcGHnH2eXmz7tC6IwlqQZ6mVZ+6dm6vZ4IQIHjs6FdNsQBuKGPuUUUY6NfJw2PshC08Tn6LzLDOag==",
+      "dev": true
+    },
+    "once": {
+      "version": "1.4.0",
+      "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
+      "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
+      "dev": true,
+      "requires": {
+        "wrappy": "1"
+      }
+    },
+    "onetime": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/onetime/-/onetime-2.0.1.tgz",
+      "integrity": "sha1-BnQoIw/WdEOyeUsiu6UotoZ5YtQ=",
+      "dev": true,
+      "requires": {
+        "mimic-fn": "^1.0.0"
+      }
+    },
+    "optionator": {
+      "version": "0.8.2",
+      "resolved": "https://registry.npmjs.org/optionator/-/optionator-0.8.2.tgz",
+      "integrity": "sha1-NkxeQJ0/TWMB1sC0wFu6UBgK62Q=",
+      "dev": true,
+      "requires": {
+        "deep-is": "~0.1.3",
+        "fast-levenshtein": "~2.0.4",
+        "levn": "~0.3.0",
+        "prelude-ls": "~1.1.2",
+        "type-check": "~0.3.2",
+        "wordwrap": "~1.0.0"
+      }
+    },
+    "os-tmpdir": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/os-tmpdir/-/os-tmpdir-1.0.2.tgz",
+      "integrity": "sha1-u+Z0BseaqFxc/sdm/lc0VV36EnQ=",
+      "dev": true
+    },
+    "p-limit": {
+      "version": "1.3.0",
+      "resolved": "https://registry.npmjs.org/p-limit/-/p-limit-1.3.0.tgz",
+      "integrity": "sha512-vvcXsLAJ9Dr5rQOPk7toZQZJApBl2K4J6dANSsEuh6QI41JYcsS/qhTGa9ErIUUgK3WNQoJYvylxvjqmiqEA9Q==",
+      "dev": true,
+      "requires": {
+        "p-try": "^1.0.0"
+      }
+    },
+    "p-locate": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/p-locate/-/p-locate-2.0.0.tgz",
+      "integrity": "sha1-IKAQOyIqcMj9OcwuWAaA893l7EM=",
+      "dev": true,
+      "requires": {
+        "p-limit": "^1.1.0"
+      }
+    },
+    "p-try": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/p-try/-/p-try-1.0.0.tgz",
+      "integrity": "sha1-y8ec26+P1CKOE/Yh8rGiN8GyB7M=",
+      "dev": true
+    },
+    "parse-cache-control": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/parse-cache-control/-/parse-cache-control-1.0.1.tgz",
+      "integrity": "sha1-juqz5U+laSD+Fro493+iGqzC104="
+    },
+    "parse-json": {
+      "version": "2.2.0",
+      "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-2.2.0.tgz",
+      "integrity": "sha1-9ID0BDTvgHQfhGkJn43qGPVaTck=",
+      "dev": true,
+      "requires": {
+        "error-ex": "^1.2.0"
+      }
+    },
+    "path-exists": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/path-exists/-/path-exists-2.1.0.tgz",
+      "integrity": "sha1-D+tsZPD8UY2adU3V77YscCJ2H0s=",
+      "dev": true,
+      "requires": {
+        "pinkie-promise": "^2.0.0"
+      }
+    },
+    "path-is-absolute": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
+      "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
+      "dev": true
+    },
+    "path-is-inside": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/path-is-inside/-/path-is-inside-1.0.2.tgz",
+      "integrity": "sha1-NlQX3t5EQw0cEa9hAn+s8HS9/FM=",
+      "dev": true
+    },
+    "path-parse": {
+      "version": "1.0.7",
+      "resolved": "https://registry.npmjs.org/path-parse/-/path-parse-1.0.7.tgz",
+      "integrity": "sha512-LDJzPVEEEPR+y48z93A0Ed0yXb8pAByGWo/k5YYdYgpY2/2EsOsksJrq7lOHxryrVOn1ejG6oAp8ahvOIQD8sw==",
+      "dev": true
+    },
+    "path-type": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/path-type/-/path-type-2.0.0.tgz",
+      "integrity": "sha1-8BLMuEFbcJb8LaoQVMPXI4lZTHM=",
+      "dev": true,
+      "requires": {
+        "pify": "^2.0.0"
+      }
+    },
+    "performance-now": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/performance-now/-/performance-now-2.1.0.tgz",
+      "integrity": "sha1-Ywn04OX6kT7BxpMHrjZLSzd8nns="
+    },
+    "pify": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/pify/-/pify-2.3.0.tgz",
+      "integrity": "sha1-7RQaasBDqEnqWISY59yosVMw6Qw=",
+      "dev": true
+    },
+    "pinkie": {
+      "version": "2.0.4",
+      "resolved": "https://registry.npmjs.org/pinkie/-/pinkie-2.0.4.tgz",
+      "integrity": "sha1-clVrgM+g1IqXToDnckjoDtT3+HA=",
+      "dev": true
+    },
+    "pinkie-promise": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/pinkie-promise/-/pinkie-promise-2.0.1.tgz",
+      "integrity": "sha1-ITXW36ejWMBprJsXh3YogihFD/o=",
+      "dev": true,
+      "requires": {
+        "pinkie": "^2.0.0"
+      }
+    },
+    "pkg-conf": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/pkg-conf/-/pkg-conf-2.1.0.tgz",
+      "integrity": "sha1-ISZRTKbyq/69FoWW3xi6V4Z/AFg=",
+      "dev": true,
+      "requires": {
+        "find-up": "^2.0.0",
+        "load-json-file": "^4.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
+          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
+          "dev": true,
+          "requires": {
+            "locate-path": "^2.0.0"
+          }
+        },
+        "load-json-file": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/load-json-file/-/load-json-file-4.0.0.tgz",
+          "integrity": "sha1-L19Fq5HjMhYjT9U62rZo607AmTs=",
+          "dev": true,
+          "requires": {
+            "graceful-fs": "^4.1.2",
+            "parse-json": "^4.0.0",
+            "pify": "^3.0.0",
+            "strip-bom": "^3.0.0"
+          }
+        },
+        "parse-json": {
+          "version": "4.0.0",
+          "resolved": "https://registry.npmjs.org/parse-json/-/parse-json-4.0.0.tgz",
+          "integrity": "sha1-vjX1Qlvh9/bHRxhPmKeIy5lHfuA=",
+          "dev": true,
+          "requires": {
+            "error-ex": "^1.3.1",
+            "json-parse-better-errors": "^1.0.1"
+          }
+        },
+        "pify": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/pify/-/pify-3.0.0.tgz",
+          "integrity": "sha1-5aSs0sEB/fPZpNB/DbxNtJ3SgXY=",
+          "dev": true
+        }
+      }
+    },
+    "pkg-config": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/pkg-config/-/pkg-config-1.1.1.tgz",
+      "integrity": "sha1-VX7yLXPaPIg3EHdmxS6tq94pj+Q=",
+      "dev": true,
+      "requires": {
+        "debug-log": "^1.0.0",
+        "find-root": "^1.0.0",
+        "xtend": "^4.0.1"
+      }
+    },
+    "pkg-dir": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/pkg-dir/-/pkg-dir-1.0.0.tgz",
+      "integrity": "sha1-ektQio1bstYp1EcFb/TpyTFM89Q=",
+      "dev": true,
+      "requires": {
+        "find-up": "^1.0.0"
+      }
+    },
+    "pluralize": {
+      "version": "7.0.0",
+      "resolved": "https://registry.npmjs.org/pluralize/-/pluralize-7.0.0.tgz",
+      "integrity": "sha512-ARhBOdzS3e41FbkW/XWrTEtukqqLoK5+Z/4UeDaLuSW+39JPeFgs4gCGqsrJHVZX0fUrx//4OF0K1CUGwlIFow==",
+      "dev": true
+    },
+    "prelude-ls": {
+      "version": "1.1.2",
+      "resolved": "https://registry.npmjs.org/prelude-ls/-/prelude-ls-1.1.2.tgz",
+      "integrity": "sha1-IZMqVJ9eUv/ZqCf1cOBL5iqX2lQ=",
+      "dev": true
+    },
+    "process-nextick-args": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.0.tgz",
+      "integrity": "sha512-MtEC1TqN0EU5nephaJ4rAtThHtC86dNN9qCuEhtshvpVBkAW5ZO7BASN9REnF9eoXGcRub+pFuKEpOHE+HbEMw=="
+    },
+    "progress": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/progress/-/progress-2.0.0.tgz",
+      "integrity": "sha1-ihvjZr+Pwj2yvSPxDG/pILQ4nR8=",
+      "dev": true
+    },
+    "promise": {
+      "version": "8.1.0",
+      "resolved": "https://registry.npmjs.org/promise/-/promise-8.1.0.tgz",
+      "integrity": "sha512-W04AqnILOL/sPRXziNicCjSNRruLAuIHEOVBazepu0545DDNGYHz7ar9ZgZ1fMU8/MA4mVxp5rkBWRi6OXIy3Q==",
+      "requires": {
+        "asap": "~2.0.6"
+      }
+    },
+    "prop-types": {
+      "version": "15.6.2",
+      "resolved": "https://registry.npmjs.org/prop-types/-/prop-types-15.6.2.tgz",
+      "integrity": "sha512-3pboPvLiWD7dkI3qf3KbUe6hKFKa52w+AE0VCqECtf+QHAKgOL37tTaNCnuX1nAAQ4ZhyP+kYVKf8rLmJ/feDQ==",
+      "dev": true,
+      "requires": {
+        "loose-envify": "^1.3.1",
+        "object-assign": "^4.1.1"
+      }
+    },
+    "pseudomap": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/pseudomap/-/pseudomap-1.0.2.tgz",
+      "integrity": "sha1-8FKijacOYYkX7wqKw0wa5aaChrM=",
+      "dev": true
+    },
+    "psl": {
+      "version": "1.8.0",
+      "resolved": "https://registry.npmjs.org/psl/-/psl-1.8.0.tgz",
+      "integrity": "sha512-RIdOzyoavK+hA18OGGWDqUTsCLhtA7IcZ/6NCs4fFJaHBDab+pDDmDIByWFRQJq2Cd7r1OoQxBGKOaztq+hjIQ=="
+    },
+    "punycode": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/punycode/-/punycode-2.1.1.tgz",
+      "integrity": "sha512-XRsRjdf+j5ml+y/6GKHPZbrF/8p2Yga0JPtdqTIY2Xe5ohJPD9saDJJLPvp9+NSBprVvevdXZybnj2cv8OEd0A=="
+    },
+    "qs": {
+      "version": "6.5.2",
+      "resolved": "https://registry.npmjs.org/qs/-/qs-6.5.2.tgz",
+      "integrity": "sha512-N5ZAX4/LxJmF+7wN74pUD6qAh9/wnvdQcjq9TZjevvXzSUo7bfmw91saqMjzGS2xq91/odN2dW/WOl7qQHNDGA=="
+    },
+    "read-pkg": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg/-/read-pkg-2.0.0.tgz",
+      "integrity": "sha1-jvHAYjxqbbDcZxPEv6xGMysjaPg=",
+      "dev": true,
+      "requires": {
+        "load-json-file": "^2.0.0",
+        "normalize-package-data": "^2.3.2",
+        "path-type": "^2.0.0"
+      }
+    },
+    "read-pkg-up": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/read-pkg-up/-/read-pkg-up-2.0.0.tgz",
+      "integrity": "sha1-a3KoBImE4MQeeVEP1en6mbO1Sb4=",
+      "dev": true,
+      "requires": {
+        "find-up": "^2.0.0",
+        "read-pkg": "^2.0.0"
+      },
+      "dependencies": {
+        "find-up": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/find-up/-/find-up-2.1.0.tgz",
+          "integrity": "sha1-RdG35QbHF93UgndaK3eSCjwMV6c=",
+          "dev": true,
+          "requires": {
+            "locate-path": "^2.0.0"
+          }
+        }
+      }
+    },
+    "readable-stream": {
+      "version": "2.3.6",
+      "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
+      "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
+      "requires": {
+        "core-util-is": "~1.0.0",
+        "inherits": "~2.0.3",
+        "isarray": "~1.0.0",
+        "process-nextick-args": "~2.0.0",
+        "safe-buffer": "~5.1.1",
+        "string_decoder": "~1.1.1",
+        "util-deprecate": "~1.0.1"
+      }
+    },
+    "request": {
+      "version": "2.88.2",
+      "resolved": "https://registry.npmjs.org/request/-/request-2.88.2.tgz",
+      "integrity": "sha512-MsvtOrfG9ZcrOwAW+Qi+F6HbD0CWXEh9ou77uOb7FM2WPhwT7smM833PzanhJLsgXjN89Ir6V2PczXNnMpwKhw==",
+      "requires": {
+        "aws-sign2": "~0.7.0",
+        "aws4": "^1.8.0",
+        "caseless": "~0.12.0",
+        "combined-stream": "~1.0.6",
+        "extend": "~3.0.2",
+        "forever-agent": "~0.6.1",
+        "form-data": "~2.3.2",
+        "har-validator": "~5.1.3",
+        "http-signature": "~1.2.0",
+        "is-typedarray": "~1.0.0",
+        "isstream": "~0.1.2",
+        "json-stringify-safe": "~5.0.1",
+        "mime-types": "~2.1.19",
+        "oauth-sign": "~0.9.0",
+        "performance-now": "^2.1.0",
+        "qs": "~6.5.2",
+        "safe-buffer": "^5.1.2",
+        "tough-cookie": "~2.5.0",
+        "tunnel-agent": "^0.6.0",
+        "uuid": "^3.3.2"
+      }
+    },
+    "require-uncached": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/require-uncached/-/require-uncached-1.0.3.tgz",
+      "integrity": "sha1-Tg1W1slmL9MeQwEcS5WqSZVUIdM=",
+      "dev": true,
+      "requires": {
+        "caller-path": "^0.1.0",
+        "resolve-from": "^1.0.0"
+      }
+    },
+    "resolve": {
+      "version": "1.8.1",
+      "resolved": "https://registry.npmjs.org/resolve/-/resolve-1.8.1.tgz",
+      "integrity": "sha512-AicPrAC7Qu1JxPCZ9ZgCZlY35QgFnNqc+0LtbRNxnVw4TXvjQ72wnuL9JQcEBgXkI9JM8MsT9kaQoHcpCRJOYA==",
+      "dev": true,
+      "requires": {
+        "path-parse": "^1.0.5"
+      }
+    },
+    "resolve-from": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/resolve-from/-/resolve-from-1.0.1.tgz",
+      "integrity": "sha1-Jsv+k10a7uq7Kbw/5a6wHpPUQiY=",
+      "dev": true
+    },
+    "restore-cursor": {
+      "version": "2.0.0",
+      "resolved": "https://registry.npmjs.org/restore-cursor/-/restore-cursor-2.0.0.tgz",
+      "integrity": "sha1-n37ih/gv0ybU/RYpI9YhKe7g368=",
+      "dev": true,
+      "requires": {
+        "onetime": "^2.0.0",
+        "signal-exit": "^3.0.2"
+      }
+    },
+    "rimraf": {
+      "version": "2.6.2",
+      "resolved": "https://registry.npmjs.org/rimraf/-/rimraf-2.6.2.tgz",
+      "integrity": "sha512-lreewLK/BlghmxtfH36YYVg1i8IAce4TI7oao75I1g245+6BctqTVQiBP3YUJ9C6DQOXJmkYR9X9fCLtCOJc5w==",
+      "dev": true,
+      "requires": {
+        "glob": "^7.0.5"
+      }
+    },
+    "run-async": {
+      "version": "2.3.0",
+      "resolved": "https://registry.npmjs.org/run-async/-/run-async-2.3.0.tgz",
+      "integrity": "sha1-A3GrSuC91yDUFm19/aZP96RFpsA=",
+      "dev": true,
+      "requires": {
+        "is-promise": "^2.1.0"
+      }
+    },
+    "run-parallel": {
+      "version": "1.1.9",
+      "resolved": "https://registry.npmjs.org/run-parallel/-/run-parallel-1.1.9.tgz",
+      "integrity": "sha512-DEqnSRTDw/Tc3FXf49zedI638Z9onwUotBMiUFKmrO2sdFKIbXamXGQ3Axd4qgphxKB4kw/qP1w5kTxnfU1B9Q==",
+      "dev": true
+    },
+    "rx-lite": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/rx-lite/-/rx-lite-4.0.8.tgz",
+      "integrity": "sha1-Cx4Rr4vESDbwSmQH6S2kJGe3lEQ=",
+      "dev": true
+    },
+    "rx-lite-aggregates": {
+      "version": "4.0.8",
+      "resolved": "https://registry.npmjs.org/rx-lite-aggregates/-/rx-lite-aggregates-4.0.8.tgz",
+      "integrity": "sha1-dTuHqJoRyVRnxKwWJsTvxOBcZ74=",
+      "dev": true,
+      "requires": {
+        "rx-lite": "*"
+      }
+    },
+    "safe-buffer": {
+      "version": "5.1.2",
+      "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
+      "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
+    },
+    "safer-buffer": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
+      "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
+    },
+    "sax": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
+      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
+    },
+    "semver": {
+      "version": "5.5.1",
+      "resolved": "https://registry.npmjs.org/semver/-/semver-5.5.1.tgz",
+      "integrity": "sha512-PqpAxfrEhlSUWge8dwIp4tZnQ25DIOthpiaHNIthsjEFQD6EvqUKUDM7L8O2rShkFccYo1VjJR0coWfNkCubRw==",
+      "dev": true
+    },
+    "shebang-command": {
+      "version": "1.2.0",
+      "resolved": "https://registry.npmjs.org/shebang-command/-/shebang-command-1.2.0.tgz",
+      "integrity": "sha1-RKrGW2lbAzmJaMOfNj/uXer98eo=",
+      "dev": true,
+      "requires": {
+        "shebang-regex": "^1.0.0"
+      }
+    },
+    "shebang-regex": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/shebang-regex/-/shebang-regex-1.0.0.tgz",
+      "integrity": "sha1-2kL0l0DAtC2yypcoVxyxkMmO/qM=",
+      "dev": true
+    },
+    "signal-exit": {
+      "version": "3.0.2",
+      "resolved": "https://registry.npmjs.org/signal-exit/-/signal-exit-3.0.2.tgz",
+      "integrity": "sha1-tf3AjxKH6hF4Yo5BXiUTK3NkbG0=",
+      "dev": true
+    },
+    "slice-ansi": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/slice-ansi/-/slice-ansi-1.0.0.tgz",
+      "integrity": "sha512-POqxBK6Lb3q6s047D/XsDVNPnF9Dl8JSaqe9h9lURl0OdNqy/ujDrOiIHtsqXMGbWWTIomRzAMaTyawAU//Reg==",
+      "dev": true,
+      "requires": {
+        "is-fullwidth-code-point": "^2.0.0"
+      }
+    },
+    "spdx-correct": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-correct/-/spdx-correct-3.0.0.tgz",
+      "integrity": "sha512-N19o9z5cEyc8yQQPukRCZ9EUmb4HUpnrmaL/fxS2pBo2jbfcFRVuFZ/oFC+vZz0MNNk0h80iMn5/S6qGZOL5+g==",
+      "dev": true,
+      "requires": {
+        "spdx-expression-parse": "^3.0.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-exceptions": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/spdx-exceptions/-/spdx-exceptions-2.1.0.tgz",
+      "integrity": "sha512-4K1NsmrlCU1JJgUrtgEeTVyfx8VaYea9J9LvARxhbHtVtohPs/gFGG5yy49beySjlIMhhXZ4QqujIZEfS4l6Cg==",
+      "dev": true
+    },
+    "spdx-expression-parse": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-expression-parse/-/spdx-expression-parse-3.0.0.tgz",
+      "integrity": "sha512-Yg6D3XpRD4kkOmTpdgbUiEJFKghJH03fiC1OPll5h/0sO6neh2jqRDVHOQ4o/LMea0tgCkbMgea5ip/e+MkWyg==",
+      "dev": true,
+      "requires": {
+        "spdx-exceptions": "^2.1.0",
+        "spdx-license-ids": "^3.0.0"
+      }
+    },
+    "spdx-license-ids": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/spdx-license-ids/-/spdx-license-ids-3.0.0.tgz",
+      "integrity": "sha512-2+EPwgbnmOIl8HjGBXXMd9NAu02vLjOO1nWw4kmeRDFyHn+M/ETfHxQUK0oXg8ctgVnl9t3rosNVsZ1jG61nDA==",
+      "dev": true
+    },
+    "sprintf-js": {
+      "version": "1.0.3",
+      "resolved": "https://registry.npmjs.org/sprintf-js/-/sprintf-js-1.0.3.tgz",
+      "integrity": "sha1-BOaSb2YolTVPPdAVIDYzuFcpfiw=",
+      "dev": true
+    },
+    "sshpk": {
+      "version": "1.16.1",
+      "resolved": "https://registry.npmjs.org/sshpk/-/sshpk-1.16.1.tgz",
+      "integrity": "sha512-HXXqVUq7+pcKeLqqZj6mHFUMvXtOJt1uoUx09pFW6011inTMxqI8BA8PM95myrIyyKwdnzjdFjLiE6KBPVtJIg==",
+      "requires": {
+        "asn1": "~0.2.3",
+        "assert-plus": "^1.0.0",
+        "bcrypt-pbkdf": "^1.0.0",
+        "dashdash": "^1.12.0",
+        "ecc-jsbn": "~0.1.1",
+        "getpass": "^0.1.1",
+        "jsbn": "~0.1.0",
+        "safer-buffer": "^2.0.2",
+        "tweetnacl": "~0.14.0"
+      }
+    },
+    "standard": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/standard/-/standard-11.0.1.tgz",
+      "integrity": "sha512-nu0jAcHiSc8H+gJCXeiziMVZNDYi8MuqrYJKxTgjP4xKXZMKm311boqQIzDrYI/ktosltxt2CbDjYQs9ANC8IA==",
+      "dev": true,
+      "requires": {
+        "eslint": "~4.18.0",
+        "eslint-config-standard": "11.0.0",
+        "eslint-config-standard-jsx": "5.0.0",
+        "eslint-plugin-import": "~2.9.0",
+        "eslint-plugin-node": "~6.0.0",
+        "eslint-plugin-promise": "~3.7.0",
+        "eslint-plugin-react": "~7.7.0",
+        "eslint-plugin-standard": "~3.0.1",
+        "standard-engine": "~8.0.0"
+      }
+    },
+    "standard-engine": {
+      "version": "8.0.1",
+      "resolved": "https://registry.npmjs.org/standard-engine/-/standard-engine-8.0.1.tgz",
+      "integrity": "sha512-LA531C3+nljom/XRvdW/hGPXwmilRkaRkENhO3FAGF1Vtq/WtCXzgmnc5S6vUHHsgv534MRy02C1ikMwZXC+tw==",
+      "dev": true,
+      "requires": {
+        "deglob": "^2.1.0",
+        "get-stdin": "^6.0.0",
+        "minimist": "^1.1.0",
+        "pkg-conf": "^2.0.0"
+      }
+    },
+    "string-width": {
+      "version": "2.1.1",
+      "resolved": "https://registry.npmjs.org/string-width/-/string-width-2.1.1.tgz",
+      "integrity": "sha512-nOqH59deCq9SRHlxq1Aw85Jnt4w6KvLKqWVik6oA9ZklXLNIOlqg4F2yrT1MVaTjAqvVwdfeZ7w7aCvJD7ugkw==",
+      "dev": true,
+      "requires": {
+        "is-fullwidth-code-point": "^2.0.0",
+        "strip-ansi": "^4.0.0"
+      }
+    },
+    "string_decoder": {
+      "version": "1.1.1",
+      "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
+      "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
+      "requires": {
+        "safe-buffer": "~5.1.0"
+      }
+    },
+    "strip-ansi": {
+      "version": "4.0.0",
+      "resolved": "https://registry.npmjs.org/strip-ansi/-/strip-ansi-4.0.0.tgz",
+      "integrity": "sha1-qEeQIusaw2iocTibY1JixQXuNo8=",
+      "dev": true,
+      "requires": {
+        "ansi-regex": "^3.0.0"
+      },
+      "dependencies": {
+        "ansi-regex": {
+          "version": "3.0.0",
+          "resolved": "https://registry.npmjs.org/ansi-regex/-/ansi-regex-3.0.0.tgz",
+          "integrity": "sha1-7QMXwyIGT3lGbAKWa922Bas32Zg=",
+          "dev": true
+        }
+      }
+    },
+    "strip-bom": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/strip-bom/-/strip-bom-3.0.0.tgz",
+      "integrity": "sha1-IzTBjpx1n3vdVv3vfprj1YjmjtM=",
+      "dev": true
+    },
+    "strip-json-comments": {
+      "version": "2.0.1",
+      "resolved": "https://registry.npmjs.org/strip-json-comments/-/strip-json-comments-2.0.1.tgz",
+      "integrity": "sha1-PFMZQukIwml8DsNEhYwobHygpgo=",
+      "dev": true
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "dev": true,
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "sync-request": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/sync-request/-/sync-request-6.1.0.tgz",
+      "integrity": "sha512-8fjNkrNlNCrVc/av+Jn+xxqfCjYaBoHqCsDz6mt030UMxJGr+GSfCV1dQt2gRtlL63+VPidwDVLr7V2OcTSdRw==",
+      "requires": {
+        "http-response-object": "^3.0.1",
+        "sync-rpc": "^1.2.1",
+        "then-request": "^6.0.0"
+      }
+    },
+    "sync-rpc": {
+      "version": "1.3.6",
+      "resolved": "https://registry.npmjs.org/sync-rpc/-/sync-rpc-1.3.6.tgz",
+      "integrity": "sha512-J8jTXuZzRlvU7HemDgHi3pGnh/rkoqR/OZSjhTyyZrEkkYQbk7Z33AXp37mkPfPpfdOuj7Ex3H/TJM1z48uPQw==",
+      "requires": {
+        "get-port": "^3.1.0"
+      }
+    },
+    "table": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/table/-/table-4.0.2.tgz",
+      "integrity": "sha512-UUkEAPdSGxtRpiV9ozJ5cMTtYiqz7Ni1OGqLXRCynrvzdtR1p+cfOWe2RJLwvUG8hNanaSRjecIqwOjqeatDsA==",
+      "dev": true,
+      "requires": {
+        "ajv": "^5.2.3",
+        "ajv-keywords": "^2.1.0",
+        "chalk": "^2.1.0",
+        "lodash": "^4.17.4",
+        "slice-ansi": "1.0.0",
+        "string-width": "^2.1.1"
+      }
+    },
+    "text-table": {
+      "version": "0.2.0",
+      "resolved": "https://registry.npmjs.org/text-table/-/text-table-0.2.0.tgz",
+      "integrity": "sha1-f17oI66AUgfACvLfSoTsP8+lcLQ=",
+      "dev": true
+    },
+    "then-request": {
+      "version": "6.0.2",
+      "resolved": "https://registry.npmjs.org/then-request/-/then-request-6.0.2.tgz",
+      "integrity": "sha512-3ZBiG7JvP3wbDzA9iNY5zJQcHL4jn/0BWtXIkagfz7QgOL/LqjCEOBQuJNZfu0XYnv5JhKh+cDxCPM4ILrqruA==",
+      "requires": {
+        "@types/concat-stream": "^1.6.0",
+        "@types/form-data": "0.0.33",
+        "@types/node": "^8.0.0",
+        "@types/qs": "^6.2.31",
+        "caseless": "~0.12.0",
+        "concat-stream": "^1.6.0",
+        "form-data": "^2.2.0",
+        "http-basic": "^8.1.1",
+        "http-response-object": "^3.0.1",
+        "promise": "^8.0.0",
+        "qs": "^6.4.0"
+      },
+      "dependencies": {
+        "@types/node": {
+          "version": "8.10.61",
+          "resolved": "https://registry.npmjs.org/@types/node/-/node-8.10.61.tgz",
+          "integrity": "sha512-l+zSbvT8TPRaCxL1l9cwHCb0tSqGAGcjPJFItGGYat5oCTiq1uQQKYg5m7AF1mgnEBzFXGLJ2LRmNjtreRX76Q=="
+        }
+      }
+    },
+    "through": {
+      "version": "2.3.8",
+      "resolved": "https://registry.npmjs.org/through/-/through-2.3.8.tgz",
+      "integrity": "sha1-DdTJ/6q8NXlgsbckEV1+Doai4fU=",
+      "dev": true
+    },
+    "tmp": {
+      "version": "0.0.33",
+      "resolved": "https://registry.npmjs.org/tmp/-/tmp-0.0.33.tgz",
+      "integrity": "sha512-jRCJlojKnZ3addtTOjdIqoRuPEKBvNXcGYqzO6zWZX8KfKEpnGY5jfggJQ3EjKuu8D4bJRr0y+cYJFmYbImXGw==",
+      "dev": true,
+      "requires": {
+        "os-tmpdir": "~1.0.2"
+      }
+    },
+    "tough-cookie": {
+      "version": "2.5.0",
+      "resolved": "https://registry.npmjs.org/tough-cookie/-/tough-cookie-2.5.0.tgz",
+      "integrity": "sha512-nlLsUzgm1kfLXSXfRZMc1KLAugd4hqJHDTvc2hDIwS3mZAfMEuMbc03SujMF+GEcpaX/qboeycw6iO8JwVv2+g==",
+      "requires": {
+        "psl": "^1.1.28",
+        "punycode": "^2.1.1"
+      }
+    },
+    "tunnel-agent": {
+      "version": "0.6.0",
+      "resolved": "https://registry.npmjs.org/tunnel-agent/-/tunnel-agent-0.6.0.tgz",
+      "integrity": "sha1-J6XeoGs2sEoKmWZ3SykIaPD8QP0=",
+      "requires": {
+        "safe-buffer": "^5.0.1"
+      }
+    },
+    "tweetnacl": {
+      "version": "0.14.5",
+      "resolved": "https://registry.npmjs.org/tweetnacl/-/tweetnacl-0.14.5.tgz",
+      "integrity": "sha1-WuaBd/GS1EViadEIr6k/+HQ/T2Q="
+    },
+    "type-check": {
+      "version": "0.3.2",
+      "resolved": "https://registry.npmjs.org/type-check/-/type-check-0.3.2.tgz",
+      "integrity": "sha1-WITKtRLPHTVeP7eE8wgEsrUg23I=",
+      "dev": true,
+      "requires": {
+        "prelude-ls": "~1.1.2"
+      }
+    },
+    "typedarray": {
+      "version": "0.0.6",
+      "resolved": "https://registry.npmjs.org/typedarray/-/typedarray-0.0.6.tgz",
+      "integrity": "sha1-hnrHTjhkGHsdPUfZlqeOxciDB3c="
+    },
+    "uniq": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/uniq/-/uniq-1.0.1.tgz",
+      "integrity": "sha1-sxxa6CVIRKOoKBVBzisEuGWnNP8=",
+      "dev": true
+    },
+    "uri-js": {
+      "version": "4.2.2",
+      "resolved": "https://registry.npmjs.org/uri-js/-/uri-js-4.2.2.tgz",
+      "integrity": "sha512-KY9Frmirql91X2Qgjry0Wd4Y+YTdrdZheS8TFwvkbLWf/G5KNJDCh6pKL5OZctEW4+0Baa5idK2ZQuELRwPznQ==",
+      "requires": {
+        "punycode": "^2.1.0"
+      }
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+    },
+    "uuid": {
+      "version": "3.4.0",
+      "resolved": "https://registry.npmjs.org/uuid/-/uuid-3.4.0.tgz",
+      "integrity": "sha512-HjSDRw6gZE5JMggctHBcjVak08+KEVhSIiDzFnT9S9aegmp85S/bReBVTb4QTFaRNptJ9kuYaNhnbNEOkbKb/A=="
+    },
+    "validate-npm-package-license": {
+      "version": "3.0.4",
+      "resolved": "https://registry.npmjs.org/validate-npm-package-license/-/validate-npm-package-license-3.0.4.tgz",
+      "integrity": "sha512-DpKm2Ui/xN7/HQKCtpZxoRWBhZ9Z0kqtygG8XCgNQ8ZlDnxuQmWhj566j8fN4Cu3/JmbhsDo7fcAJq4s9h27Ew==",
+      "dev": true,
+      "requires": {
+        "spdx-correct": "^3.0.0",
+        "spdx-expression-parse": "^3.0.0"
+      }
+    },
+    "verror": {
+      "version": "1.10.0",
+      "resolved": "https://registry.npmjs.org/verror/-/verror-1.10.0.tgz",
+      "integrity": "sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=",
+      "requires": {
+        "assert-plus": "^1.0.0",
+        "core-util-is": "1.0.2",
+        "extsprintf": "^1.2.0"
+      }
+    },
+    "which": {
+      "version": "1.3.1",
+      "resolved": "https://registry.npmjs.org/which/-/which-1.3.1.tgz",
+      "integrity": "sha512-HxJdYWq1MTIQbJ3nw0cqssHoTNU267KlrDuGZ1WYlxDStUtKUhOaJmh112/TZmHxxUfuJqPXSOm7tDyas0OSIQ==",
+      "dev": true,
+      "requires": {
+        "isexe": "^2.0.0"
+      }
+    },
+    "wordwrap": {
+      "version": "1.0.0",
+      "resolved": "https://registry.npmjs.org/wordwrap/-/wordwrap-1.0.0.tgz",
+      "integrity": "sha1-J1hIEIkUVqQXHI0CJkQa3pDLyus=",
+      "dev": true
+    },
+    "wrappy": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
+      "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
+      "dev": true
+    },
+    "write": {
+      "version": "0.2.1",
+      "resolved": "https://registry.npmjs.org/write/-/write-0.2.1.tgz",
+      "integrity": "sha1-X8A4KOJkzqP+kUVUdvejxWbLB1c=",
+      "dev": true,
+      "requires": {
+        "mkdirp": "^0.5.1"
+      }
+    },
+    "xml2js": {
+      "version": "0.4.23",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.23.tgz",
+      "integrity": "sha512-ySPiMjM0+pLDftHgXY4By0uswI3SPKLDw/i3UXbnO8M/p28zqexCUoPmQFrYD+/1BzhGJSs2i1ERWKJAtiLrug==",
+      "requires": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~11.0.0"
+      }
+    },
+    "xmlbuilder": {
+      "version": "11.0.1",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-11.0.1.tgz",
+      "integrity": "sha512-fDlsI/kFEx7gLvbecc0/ohLG50fugQp8ryHzMTuW9vSa1GJ0XYWKnhsUx7oie3G98+r56aTQIUB4kht42R3JvA=="
+    },
+    "xtend": {
+      "version": "4.0.1",
+      "resolved": "https://registry.npmjs.org/xtend/-/xtend-4.0.1.tgz",
+      "integrity": "sha1-pcbVMr5lbiPbgg77lDofBJmNY68=",
+      "dev": true
+    },
+    "yallist": {
+      "version": "2.1.2",
+      "resolved": "https://registry.npmjs.org/yallist/-/yallist-2.1.2.tgz",
+      "integrity": "sha1-HBH5IY8HYImkfdUS+TxmmaaoHVI=",
+      "dev": true
+    }
+  }
+}
diff --git a/utils/trivialize-cdn-rules/package.json b/utils/trivialize-cdn-rules/package.json
new file mode 100644
index 000000000000..c21b01694f84
--- /dev/null
+++ b/utils/trivialize-cdn-rules/package.json
@@ -0,0 +1,22 @@
+{
+  "name": "trivialize-cdn-rules",
+  "version": "1.0.0",
+  "main": "index.js",
+  "dependencies": {
+    "graceful-fs": "^4.2.0",
+    "request": "^2.87.0",
+    "sync-request": "^6.1.0",
+    "xml2js": "^0.4.19"
+  },
+  "devDependencies": {
+    "chalk": "^2.4.2",
+    "standard": "^11.0.1"
+  },
+  "scripts": {
+    "start": "node index.js",
+    "lint": "standard --fix index.js"
+  },
+  "keywords": [],
+  "author": "Chan Chak Shing",
+  "description": ""
+}
diff --git a/utils/trivialize-rules/explode-regexp.js b/utils/trivialize-rules/explode-regexp.js
index 0aa3c7477c8d..c034f195a837 100644
--- a/utils/trivialize-rules/explode-regexp.js
+++ b/utils/trivialize-rules/explode-regexp.js
@@ -14,13 +14,12 @@ function explodeRegExp(re, callback) {
     let [first, ...rest] = items;
 
     if (first.repeat) {
-      let repeat = first.repeat;
+      let { repeat, ...firstSub } = first;
       if (repeat.max !== 1) throw new UnsupportedRegExp(first.raw);
-      delete first.repeat;
       if (repeat.min === 0) {
         buildUrls(str, rest);
       }
-      return buildUrls(str, items);
+      return buildUrls(str, [ firstSub, ...rest ]);
     }
 
     switch (first.type) {
diff --git a/utils/trivialize-rules/package-lock.json b/utils/trivialize-rules/package-lock.json
new file mode 100644
index 000000000000..3bccfafbef51
--- /dev/null
+++ b/utils/trivialize-rules/package-lock.json
@@ -0,0 +1,112 @@
+{
+  "name": "trivialize-rules",
+  "version": "1.0.0",
+  "lockfileVersion": 1,
+  "requires": true,
+  "dependencies": {
+    "amdefine": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/amdefine/-/amdefine-1.0.1.tgz",
+      "integrity": "sha1-SlKCrBZHKek2Gbz9OtFR+BfOkfU="
+    },
+    "ansi-styles": {
+      "version": "3.2.1",
+      "resolved": "https://registry.npmjs.org/ansi-styles/-/ansi-styles-3.2.1.tgz",
+      "integrity": "sha512-VT0ZI6kZRdTh8YyJw3SMbYm/u+NqfsAxEpWO0Pf9sq8/e94WxxOpPKx9FR1FlyCtOVDNOQ+8ntlqFxiRc+r5qA==",
+      "requires": {
+        "color-convert": "^1.9.0"
+      }
+    },
+    "chalk": {
+      "version": "2.4.2",
+      "resolved": "https://registry.npmjs.org/chalk/-/chalk-2.4.2.tgz",
+      "integrity": "sha512-Mti+f9lpJNcwF4tWV8/OrTTtF1gZi+f8FqlyAdouralcFWFQWF2+NgCHShjkCb+IFBLq9buZwE1xckQU4peSuQ==",
+      "requires": {
+        "ansi-styles": "^3.2.1",
+        "escape-string-regexp": "^1.0.5",
+        "supports-color": "^5.3.0"
+      }
+    },
+    "color-convert": {
+      "version": "1.9.3",
+      "resolved": "https://registry.npmjs.org/color-convert/-/color-convert-1.9.3.tgz",
+      "integrity": "sha512-QfAUtd+vFdAtFQcC8CCyYt1fYWxSqAiK2cSD6zDB8N3cpsEBAvRxp9zOGg6G/SHHJYAT88/az/IuDGALsNVbGg==",
+      "requires": {
+        "color-name": "1.1.3"
+      }
+    },
+    "color-name": {
+      "version": "1.1.3",
+      "resolved": "https://registry.npmjs.org/color-name/-/color-name-1.1.3.tgz",
+      "integrity": "sha1-p9BVi9icQveV3UIyj3QIMcpTvCU="
+    },
+    "escape-string-regexp": {
+      "version": "1.0.5",
+      "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
+      "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ="
+    },
+    "graceful-fs": {
+      "version": "4.1.15",
+      "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.1.15.tgz",
+      "integrity": "sha512-6uHUhOPEBgQ24HM+r6b/QwWfZq+yiFcipKFrOFiBEnWdy5sdzYoi+pJeQaPI5qOLRFqWmAXUPQNsielzdLoecA=="
+    },
+    "has-flag": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
+      "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0="
+    },
+    "highland": {
+      "version": "2.13.4",
+      "resolved": "https://registry.npmjs.org/highland/-/highland-2.13.4.tgz",
+      "integrity": "sha512-r+YlbnBhCTcrcVzBpzPcrvB0llVjeDWKuXSZVuNBe5WgQJtN2xGUUMZC9WzHCntNIx0rskVernxLoFJUCkmb/Q==",
+      "requires": {
+        "util-deprecate": "^1.0.2"
+      }
+    },
+    "regulex": {
+      "version": "0.0.2",
+      "resolved": "https://registry.npmjs.org/regulex/-/regulex-0.0.2.tgz",
+      "integrity": "sha1-e7oj5R8JnIJiE5ZEbYDeQVm9Ksc=",
+      "requires": {
+        "amdefine": "~1.0.0"
+      }
+    },
+    "sax": {
+      "version": "1.2.4",
+      "resolved": "https://registry.npmjs.org/sax/-/sax-1.2.4.tgz",
+      "integrity": "sha512-NqVDv9TpANUjFm0N8uM5GxL36UgKi9/atZw+x7YFnQ8ckwFGKrl4xX4yWtrey3UJm5nP1kUbnYgLopqWNSRhWw=="
+    },
+    "supports-color": {
+      "version": "5.5.0",
+      "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.5.0.tgz",
+      "integrity": "sha512-QjVjwdXIt408MIiAqCX4oUKsgU2EqAGzs2Ppkm4aQYbjm+ZEWEcW4SfFNTr4uMNZma0ey4f5lgLrkB0aX0QMow==",
+      "requires": {
+        "has-flag": "^3.0.0"
+      }
+    },
+    "util-deprecate": {
+      "version": "1.0.2",
+      "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
+      "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8="
+    },
+    "valid-url": {
+      "version": "1.0.9",
+      "resolved": "https://registry.npmjs.org/valid-url/-/valid-url-1.0.9.tgz",
+      "integrity": "sha1-HBRHm0DxOXp1eC8RXkCGRHQzogA="
+    },
+    "xml2js": {
+      "version": "0.4.19",
+      "resolved": "https://registry.npmjs.org/xml2js/-/xml2js-0.4.19.tgz",
+      "integrity": "sha512-esZnJZJOiJR9wWKMyuvSE1y6Dq5LCuJanqhxslH2bxM6duahNZ+HMpCLhBQGZkbX6xRf8x1Y2eJlgt2q3qo49Q==",
+      "requires": {
+        "sax": ">=0.6.0",
+        "xmlbuilder": "~9.0.1"
+      }
+    },
+    "xmlbuilder": {
+      "version": "9.0.7",
+      "resolved": "https://registry.npmjs.org/xmlbuilder/-/xmlbuilder-9.0.7.tgz",
+      "integrity": "sha1-Ey7mPS7FVlxVfiD0wi35rKaGsQ0="
+    }
+  }
+}
diff --git a/utils/trivialize-rules/package.json b/utils/trivialize-rules/package.json
index 651f40ba51df..bae4431180c8 100644
--- a/utils/trivialize-rules/package.json
+++ b/utils/trivialize-rules/package.json
@@ -4,8 +4,11 @@
   "main": "trivialize-rules.js",
   "dependencies": {
     "chalk": "^2.1.0",
+    "escape-string-regexp": "^1.0.5",
+    "graceful-fs": "^4.1.11",
     "highland": "^2.7.1",
     "regulex": "0.0.2",
+    "valid-url": "^1.0.9",
     "xml2js": "^0.4.16"
   },
   "devDependencies": {},
diff --git a/utils/trivialize-rules/trivialize-cookie-rules.js b/utils/trivialize-rules/trivialize-cookie-rules.js
new file mode 100644
index 000000000000..3b8f5f17c68f
--- /dev/null
+++ b/utils/trivialize-rules/trivialize-cookie-rules.js
@@ -0,0 +1,142 @@
+"use strict";
+
+/**
+ * For future contributors, this script was written to trivialize a special
+ * form of securecookie rules which is equal to trivial securecookie rule
+ * under the current HTTPSe implementation. This allows trivialize-rules.js to
+ * simplify rulesets otherwise impossible due to the lack of support of
+ * unbounded wildcard RegExps in explode-regexp.js (by design).
+ *
+ * As stated in trivialize-rules.js, a securecookie rule works if there is an
+ * existing rule covering the exact same domain.
+ *
+ * In particular, <securecookie host=".*example.com" .../> covers all
+ * subdomains in cookie.host given at least one working rule cover
+ * the same subdomains.
+ *
+ * If there is at least one such rule, for e.g. www.example.com, the mentioned
+ * securecookie rules can be reduced to
+ *     <securecookie host="^\.?www\.example\.com$" .../>
+ * Else, the securecookie rule do not take into effect and thus can be ignored
+ * during the runtime.
+ *
+ * So, regardless of the existence of any rule, for all targets listed in a
+ * ruleset, the securecookie rule can be interpreted as
+ *     <securecookie host=".+" .../>
+ *
+ * For simplicity, this implementation require securecookie#host includes a
+ * tailing $
+ */
+
+let util = require("util");
+let path = require("path");
+let xml2js = require("xml2js");
+
+let fs = require("graceful-fs");
+let readdir = util.promisify(fs.readdir);
+let readFile = util.promisify(fs.readFile);
+let parseString = util.promisify(xml2js.parseString);
+
+let rulesDir = "src/chrome/content/rules";
+
+let trivialSecureCookieLiteral = `\n$1<securecookie host=".+"$3name=".+"/>\n`;
+let secureCookieRegExp = new RegExp(
+  `\n([\t ]*)<securecookie\\s*host=\\s*"([^"]+)"(\\s*)name=\\s*"([^"]+)"\\s*?/>[\t ]*\n`
+);
+
+let isTrivial = securecookie => {
+  return securecookie.host === ".+" && securecookie.name === ".+";
+};
+
+(async () => {
+  let filenames = (await readdir(rulesDir)).filter(fn => fn.endsWith(".xml"));
+  let filePromises = filenames.map(async filename => {
+    let content = await readFile(path.join(rulesDir, filename), "utf8");
+    let { ruleset } = await parseString(content);
+
+    let targets = ruleset.target.map(target => target.$.host);
+    let securecookies = ruleset.securecookie
+      ? ruleset.securecookie.map(sc => sc.$)
+      : [];
+
+    // make sure there is at least one non-trivial securecookie
+    if (!securecookies.length || securecookies.some(isTrivial)) {
+      return;
+    }
+
+    for (let securecookie of securecookies) {
+      if (securecookie.name !== ".+") {
+        return;
+      }
+
+      if (
+        !securecookie.host.startsWith("^.+") &&
+        !securecookie.host.startsWith("^.*") &&
+        !securecookie.host.startsWith(".+") &&
+        !securecookie.host.startsWith(".*") &&
+        !securecookie.host.startsWith("(?:.*\\.)?") &&
+        !securecookie.host.startsWith("(?:.+\\.)?") &&
+        !securecookie.host.startsWith("^(?:.*\\.)?") &&
+        !securecookie.host.startsWith("^(?:.+\\.)?")
+      ) {
+        return;
+      }
+    }
+
+    // make sure each domains and its subdomains are covered by at least
+    // one securecookie rule
+    let securedDomains = new Map();
+    for (let target of targets) {
+      // we cannot handle the right-wildcards based on the argument above
+      if (target.includes(".*")) {
+        return;
+      }
+      // replace left-wildcard with www is an implementation detail
+      // see https://github.com/EFForg/https-everywhere/blob/
+      // 260cd8d402fb8069c55cda311e1be7a60db7339d/chromium/background-scripts/background.js#L595
+      if (target.includes("*.")) {
+        target = target.replace("*.", "www.");
+      }
+      securedDomains.set(target, false);
+      securedDomains.set("." + target, false);
+    }
+
+    for (let securecookie of securecookies) {
+      let pattern = new RegExp(securecookie.host);
+      securedDomains.forEach((val, key, map) => {
+        if (pattern.test(key)) {
+          map.set(key, true);
+        }
+      });
+    }
+
+    // If any value of ${securedDomains} is false, return.
+    if (![...securedDomains.values()].every(secured => secured)) {
+      return;
+    }
+
+    // remove the securecookie tag except the last one
+    // replace the last securecookie tag with a trivial one
+    for (let occurrence = securecookies.length; occurrence; --occurrence) {
+      content = content.replace(
+        secureCookieRegExp,
+        occurrence == 1 ? trivialSecureCookieLiteral : ""
+      );
+    }
+
+    return new Promise((resolve, reject) => {
+      fs.writeFile(path.join(rulesDir, filename), content, "utf8", (err) => {
+        if (err) {
+          reject(err);
+        }
+        resolve();
+      });
+    })
+  });
+
+
+  // use for-loop to await too many file opened error
+  for (let fp of filePromises) {
+    await fp.catch(error => console.log(error));
+  }
+})();
diff --git a/utils/trivialize-rules/trivialize-rules.js b/utils/trivialize-rules/trivialize-rules.js
index 1689378c10fc..663ecb60978c 100644
--- a/utils/trivialize-rules/trivialize-rules.js
+++ b/utils/trivialize-rules/trivialize-rules.js
@@ -9,6 +9,7 @@ const readFile = _.wrapCallback(fs.readFile);
 const writeFile = _.wrapCallback(fs.writeFile);
 const parseXML = _.wrapCallback(require('xml2js').parseString);
 const { explodeRegExp, UnsupportedRegExp } = require('./explode-regexp');
+const escapeStringRegexp = require('escape-string-regexp');
 const chalk = require('chalk');
 
 const rulesDir = `${__dirname}/../../src/chrome/content/rules`;
@@ -99,6 +100,7 @@ files.fork().zipAll([ sources.fork(), rules ]).map(([name, source, ruleset]) =>
   const fail = createTag('FAIL', chalk.red, console.error);
 
   let targets = ruleset.target.map(target => target.$.host);
+  let securecookies = ruleset.securecookie ? ruleset.securecookie.map(sc => sc.$) : new Array();
   let rules = ruleset.rule.map(rule => rule.$);
 
   if (rules.length === 1 && isTrivial(rules[0])) {
@@ -181,9 +183,97 @@ files.fork().zipAll([ sources.fork(), rules ]).map(([name, source, ruleset]) =>
 
   domains = Array.from(domains);
 
+  // It is assumed that if all securecookies are static,
+  // they can be safely ignored.
+  //
+  // A securecookie is called to be static either it is a trivial securecookie
+  // or ALL of the following conditions are satisfied:
+  //
+  // 1. securecookie.host match cookie.host from the beginning ^ to the end $.
+  // Otherwise, it might match subdomains/ partial patterns, thus a non-trivial
+  // securecookie.
+  //
+  // 2. securecookie.host will not throw an error when passed to explodeRegExp().
+  // Otherwise, it might match patterns too complicated for our interests.
+  //
+  // 3. Each exploded securecookie.host should be included in ruleset.target/
+  // exploded target. Otherwise, this ruleset is likely problematic itself. It
+  // is dangerous for a rewrite.
+  function isStaticCookie(securecookie) {
+    if (securecookie.host === '.+' && securecookie.name === '.+') {
+      return [true, false];
+    }
+
+    if (!securecookie.host.startsWith('^') || !securecookie.host.endsWith('$')) {
+      return [false, false];
+    }
+
+    let localDomains = new Set();
+    let unsupportedDomains = new Set();
+
+    try {
+      explodeRegExp(securecookie.host, domain => {
+        if (domain.startsWith('.')) {
+          domain = domain.slice(1);
+        }
+        localDomains.add(domain);
+      });
+    } catch (e) {
+      if (!(e instanceof UnsupportedRegExp)) {
+        throw e;
+      }
+      warn`Unsupported regexp part ${e.message} while traversing securecookie : ${JSON.stringify(securecookie)}`;
+      return [false, false];
+    }
+
+    for (const domain of localDomains) {
+      if (domains.indexOf(domain) === -1) {
+        warn`Ruleset does not cover target ${domain} for securecookie : ${JSON.stringify(securecookie)}`;
+        unsupportedDomains.add(domain);
+      }
+    }
+
+    // For cookies to be covered, there must be at least one rule covering the
+    // same domain. This is guaranteed by safeToSecureCookie(cookie) in rules.js
+    //
+    // Since securecookie.host will only match cookie.domain if there there is
+    // a rule covers cookie.domain. Given the target are trivial, cookie.domain
+    // cannot be anything other than domain.example.com and .domain.example.com
+    // (possibly with more leading dots) for a securecookie rule ever to take
+    // place.
+    //
+    // With condition (1) effective, securecookie.host should explode to either
+    // one of the aforementioned patterns. Otherwise, the securecookie rules
+    // will never be applied. Such dangling securecookie rules can be removed
+    // safely.
+    if (unsupportedDomains.size > 0) {
+      if (unsupportedDomains.size === localDomains.size) {
+        return [true, true];
+      }
+      fail`Tag securecookie ${JSON.stringify(securecookie)} matches ${unsupportedDomains} which are not in targets ${targets}`;
+    }
+    return [true, false];
+  }
+
   if (domains.slice().sort().join('\n') !== targets.sort().join('\n')) {
-    if (ruleset.securecookie) {
-      return;
+    // For each securecookie rule, check if it is a static securecookie.
+    // If it is non-static, we do not trivialize the ruleset; Otherwise,
+    // we remove the securecookie if it contain only unsupported hosts.
+    // This removal is better done one by one to avoid side effects.
+    // Else if ALL securecookie rules are static, trivialize the targets.
+    for (const securecookie of securecookies) {
+      let [isStatic, shouldRemove] = isStaticCookie(securecookie);
+
+      if (isStatic) {
+        if (shouldRemove) {
+          let scReSrc = `\n([\t ]*)<securecookie\\s*host=\\s*"${escapeStringRegexp(securecookie.host)}"(\\s*)name=\\s*"${escapeStringRegexp(securecookie.name)}"\\s*?/>[\t ]*\n`;
+          let scRe = new RegExp(scReSrc);
+          source = source.replace(scRe, '');
+        }
+      } else {
+        // Skip this ruleset as it contain non-static securecookies
+        return;
+      }
     }
 
     source = replaceXML(source, 'target', domains.map(domain => `<target host="${domain}" />`));
@@ -194,7 +284,6 @@ files.fork().zipAll([ sources.fork(), rules ]).map(([name, source, ruleset]) =>
   info`trivialized`;
 
   return writeFile(`${rulesDir}/${name}`, source);
-
 })
   .filter(Boolean)
   .parallel(10)
diff --git a/utils/trivialize-rules/trivialize-targets.js b/utils/trivialize-rules/trivialize-targets.js
new file mode 100644
index 000000000000..474c9a6a43b4
--- /dev/null
+++ b/utils/trivialize-rules/trivialize-targets.js
@@ -0,0 +1,270 @@
+'use strict';
+
+const util = require('util');
+const path = require('path');
+const xml2js = require('xml2js');
+
+const fs = require('graceful-fs');
+const readdir = util.promisify(fs.readdir);
+const readFile = util.promisify(fs.readFile);
+const parseString = util.promisify(xml2js.parseString);
+
+const chalk = require('chalk');
+const validUrl = require('valid-url');
+const escapeStringRegexp = require('escape-string-regexp');
+const { explodeRegExp, UnsupportedRegExp } = require('./explode-regexp');
+
+const rulesDir = `${__dirname}/../../src/chrome/content/rules`;
+
+(async () => {
+  const filenames = (await readdir(rulesDir)).filter(fn => fn.endsWith('.xml'));
+  const filePromises = filenames.map(async filename => {
+    const createTag = (tagName, colour, print) => {
+      return (strings, ...values) => {
+        let result = `[${tagName}] ${chalk.bold(filename)}: ${strings[0]}`;
+        for (let i = 1; i < strings.length; i++) {
+          let value = values[i - 1];
+          if (value instanceof Set) {
+            value = Array.from(value);
+          }
+          value = Array.isArray(value) ? value.join(', ') : value.toString();
+          result += chalk.blue(value) + strings[i];
+        }
+        print(colour(result));
+      };
+    };
+
+    const warn = createTag('WARN', chalk.yellow, console.warn);
+    const info = createTag('INFO', chalk.green, console.info);
+    const fail = createTag('FAIL', chalk.red, console.error);
+
+    let content = await readFile(path.join(rulesDir, filename), 'utf8');
+    const { ruleset } = await parseString(content);
+
+    const rules = ruleset.rule.map(rule => rule.$);
+    const targets = ruleset.target.map(target => target.$.host);
+
+    // make sure ruleset contains at least one left wildcard targets
+    if (!targets.some(target => target.startsWith('*.'))) {
+      return;
+    }
+
+    // but does not contain right widcard targets
+    if (targets.some(target => target.endsWith('.*'))) {
+      return;
+    }
+
+    // should not contain trivial rules
+    if (rules.some(rule => rule.from === '^http:' && rule.to === 'https:')) {
+      return;
+    }
+
+    const ruleToIsSimpleMap = new Map();
+    const ruleToIsSnappingMap = new Map();
+
+    const targetToSupportedExplodedDomainsMap = new Map();
+
+    const explodedDomains = new Set();
+    const unsupportedExplodedDomains = new Set();
+    const unusedTargets = new Set();
+
+    // (1) We check if all rules can be exploded to valid urls
+    //     (a) if true, continue to (2)
+    //     (b) if we cannot trivialize targets for this ruleset, skip
+    const isExplosiveRewrite = rule => {
+      const explodedUrls = [];
+
+      try {
+        explodeRegExp(rule.from, url => explodedUrls.push(url));
+      } catch (e) {
+        // we are getting into runtime error, log and exit
+        if (!(e instanceof UnsupportedRegExp)) {
+          fail(e.message);
+          process.exit(1);
+        }
+        return false;
+      }
+
+      // make sure each exploded URL is valid
+      if (!explodedUrls.every(url => validUrl.isUri(url))) {
+        return false;
+      }
+
+      let isSimpleToAllExplodedUrls = true;
+      let isSnappingToSomeExplodedUrls = false;
+
+      for (const url of explodedUrls) {
+        const { protocol, hostname, pathname } = new URL(url);
+
+        // if a rule do not rewrite all path for any URL, it is not a simple rule
+        // i.e. a rule is simple only if it rewrite all path for all URLs
+        if (!(protocol === 'http:' && pathname === '/*')) {
+          isSimpleToAllExplodedUrls = false;
+        }
+
+        // if a rule is snapping to any URL, it is a snapping rule
+        // where a rule is snapping to a URL if it change the domain
+        // e.g. <rule from="^https://www\.example\.com/" to="https://example.com/" />
+        if (
+          url.replace(new RegExp(rule.from), rule.to) !==
+          url.replace(/^http:/, 'https:')
+        ) {
+          isSnappingToSomeExplodedUrls = true;
+        }
+
+        // store a collection of exploded domains globally
+        explodedDomains.add(hostname);
+      }
+
+      ruleToIsSimpleMap.set(rule, isSimpleToAllExplodedUrls);
+      ruleToIsSnappingMap.set(rule, isSnappingToSomeExplodedUrls);
+      return true;
+    };
+
+    if (!rules.every(isExplosiveRewrite)) {
+      return;
+    }
+
+    // (2) We check if all the exploded domains are covered by the targets
+    //     (a) if true, continue to (3)
+    //     (b) some exploded domains are not covered by the targets,
+    //         it is not safe to rewrite ruleset to include the
+    //         exploded domains. skipping
+    const isSupported = domain => {
+      if (targets.includes(domain)) {
+        // do not map non-wildcard targets to exploded domains
+        // otherwise, it will introduce unnecessary rewrites
+        targetToSupportedExplodedDomainsMap.delete(domain);
+        return true;
+      }
+
+      // this part follows the implementation in rules.js
+      const segments = domain.split('.');
+      for (let i = 1; i <= segments.length - 2; ++i) {
+        const tmp = '*.' + segments.slice(i, segments.length).join('.');
+        if (targets.includes(tmp)) {
+          targetToSupportedExplodedDomainsMap.get(tmp).push(domain);
+          return true;
+        }
+      }
+      unsupportedExplodedDomains.add(domain);
+      return false;
+    };
+
+    // initially, assume each target doesn't support any exploded domain
+    for (const target of targets) {
+      targetToSupportedExplodedDomainsMap.set(target, []);
+    }
+
+    if (![...explodedDomains].every(domain => isSupported(domain))) {
+      warn`ruleset rewrites domains ${[
+        ...unsupportedExplodedDomains
+      ]} unsupported by ${targets}`;
+      return;
+    }
+
+    // (3) We check to make sure all targets are covered by rewrites
+    //     (a) if true, continue to (4)
+    //     (b) if some targets are not covered by any rewrites, this
+    //         doesn't affect our works trivializing the targets, but
+    //         we should give a warning and then proceed to (4)
+    for (const target of targets) {
+      const supportedExplodedDomains = targetToSupportedExplodedDomainsMap.get(target);
+      if (supportedExplodedDomains && supportedExplodedDomains.length === 0) {
+        // prepare the warning message here
+        unusedTargets.add(target);
+        // make sure we don't remove these targets when performing rewrites
+        targetToSupportedExplodedDomainsMap.delete(target);
+      }
+    }
+
+    if (unusedTargets.size > 0) {
+      warn`ruleset contains targets ${[
+        ...unusedTargets
+      ]} not applied to any rewrites`;
+    }
+
+    // (4) Replace non-trivial targets with exploded domains
+    let indent = null;
+
+    for (const [key, value] of targetToSupportedExplodedDomainsMap) {
+      const escapedKey = escapeStringRegexp(key);
+      const regexSource = `\n([\t ]*)<target\\s*host=\\s*"${escapedKey}"\\s*?/>[\t ]*\n`;
+      const regex = new RegExp(regexSource);
+
+      const matches = content.match(regex);
+      if (!matches) {
+        // should be unreachable.
+        warn`unexpected regular expression error`;
+        process.exit(1);
+      }
+
+      [, indent] = matches;
+      const sub =
+        value.map(v => `\n${indent}<target host=\"${v}\" />`).join('') + '\n';
+      content = content.replace(regex, sub);
+    }
+
+    // (5) Check if we can trivialize the rules. Need to satisfy all below conditions:
+    //     i)   there is no unused target, i.e. unusedTargets.size == 0
+    //     ii)  every rule is "simple" as in ruleToIsSimpleMap
+    //     iii) at least one rule is a non-snapping rule
+    //
+    //     (a) if all of the conditions are met, append a trivial rule after all
+    //         existing rules; and remove the non-snapping rules.
+    //     (b) otherwise, do not trivialize the rules
+    const condition1 = unusedTargets.size === 0;
+    const condition2 = [...ruleToIsSimpleMap.entries()].every(([, value]) => value);
+    const condition3 = [...ruleToIsSnappingMap.entries()].some(([, value]) => !value);
+
+    if (condition1 && condition2 && condition3) {
+      // append trivial rule to the end of current ruleset
+      if ((content.match(/\n<\/ruleset>/) || []).length !== 1) {
+        fail`ruleset contains zero or more than one </ruleset> tag`;
+        return;
+      } else {
+        content = content.replace(
+          /\n<\/ruleset>/,
+          `\n${indent}<rule from="^http:" to="https:" />\n</ruleset>`
+        );
+      }
+
+      // remove all non-snapping rules
+      const nonSnappingRules = [...ruleToIsSnappingMap.entries()]
+        .filter(([, value]) => value === false)
+        .map(([key]) => key);
+
+      for (const rule of nonSnappingRules) {
+        const escapedRuleFrom = escapeStringRegexp(rule.from);
+        const escapedRuleTo = escapeStringRegexp(rule.to);
+
+        const regexSource = `\n([\t ]*)<rule\\s*from=\\s*"${escapedRuleFrom}"(\\s*)to=\\s*"${escapedRuleTo}"\\s*?/>[\t ]*\n`;
+        const regex = new RegExp(regexSource);
+
+        const matches = content.match(regex);
+        if (!matches) {
+          // should be unreachable.
+          warn`unexpected regular expression error`;
+          process.exit(1);
+        }
+
+        [, indent] = matches;
+        content = content.replace(regex, '\n');
+      }
+    }
+
+    return new Promise((resolve, reject) => {
+      fs.writeFile(path.join(rulesDir, filename), content, 'utf8', err => {
+        if (err) {
+          reject(err);
+        }
+        resolve();
+      });
+    });
+  });
+
+  // use for-loop to await too many file opened error
+  for (const fp of filePromises) {
+    await fp.catch(error => console.log(error));
+  }
+})();
diff --git a/utils/zipfile_deterministic.py b/utils/zipfile_deterministic.py
index 89d3fe09124b..5c931f3b6a47 100644
--- a/utils/zipfile_deterministic.py
+++ b/utils/zipfile_deterministic.py
@@ -1,4 +1,4 @@
-#!/usr/bin/env python3.6
+#!/usr/bin/env python3
 """
 A fork of the Python 3.6 zipfile module, modified to remove sources of entropy
 and ensure bit-by-bit determinism for the output file.
@@ -11,10 +11,8 @@
 """
 import io
 import os
-import re
 import importlib.util
 import sys
-import time
 import stat
 import shutil
 import struct
@@ -77,7 +75,7 @@ class LargeZipFile(Exception):
 # we recognize (but not necessarily support) all features up to that version
 MAX_EXTRACT_VERSION = 63
 
-DEFAULT_DATE = (1980,1,1,0,0,0)  # hard-coded timestamp
+DEFAULT_DATE = (2013,12,1,0,0,0)  # hard-coded timestamp
 
 # Below are some formats and associated data for reading/writing headers using
 # the struct module.  The names and structures of headers/records are those used